1 diff -urNp linux-2.4.37.7/arch/alpha/config.in linux-2.4.37.7/arch/alpha/config.in
2 --- linux-2.4.37.7/arch/alpha/config.in 2009-11-07 11:52:20.000000000 -0500
3 +++ linux-2.4.37.7/arch/alpha/config.in 2009-11-10 19:30:27.000000000 -0500
4 @@ -468,3 +468,12 @@ endmenu
6 source crypto/Config.in
9 +mainmenu_option next_comment
11 +bool 'Grsecurity' CONFIG_GRKERNSEC
12 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
13 + source grsecurity/Config.in
17 diff -urNp linux-2.4.37.7/arch/alpha/kernel/osf_sys.c linux-2.4.37.7/arch/alpha/kernel/osf_sys.c
18 --- linux-2.4.37.7/arch/alpha/kernel/osf_sys.c 2009-11-07 11:52:20.000000000 -0500
19 +++ linux-2.4.37.7/arch/alpha/kernel/osf_sys.c 2009-11-10 19:30:27.000000000 -0500
20 @@ -1357,6 +1357,10 @@ arch_get_unmapped_area(struct file *filp
21 merely specific addresses, but regions of memory -- perhaps
22 this feature should be incorporated into all ports? */
24 +#ifdef CONFIG_PAX_RANDMMAP
25 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
29 addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
31 @@ -1364,8 +1368,15 @@ arch_get_unmapped_area(struct file *filp
34 /* Next, try allocating at TASK_UNMAPPED_BASE. */
35 - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
38 + addr = TASK_UNMAPPED_BASE;
40 +#ifdef CONFIG_PAX_RANDMMAP
41 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
42 + addr += current->mm->delta_mmap;
45 + addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
49 diff -urNp linux-2.4.37.7/arch/alpha/kernel/ptrace.c linux-2.4.37.7/arch/alpha/kernel/ptrace.c
50 --- linux-2.4.37.7/arch/alpha/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
51 +++ linux-2.4.37.7/arch/alpha/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
53 #include <linux/ptrace.h>
54 #include <linux/user.h>
55 #include <linux/slab.h>
56 +#include <linux/grsecurity.h>
58 #include <asm/uaccess.h>
59 #include <asm/pgtable.h>
60 @@ -275,6 +276,10 @@ sys_ptrace(long request, long pid, long
61 read_unlock(&tasklist_lock);
65 + if(gr_handle_ptrace(child, request))
68 if (request == PTRACE_ATTACH) {
69 ret = ptrace_attach(child);
71 diff -urNp linux-2.4.37.7/arch/alpha/kernel/setup.c linux-2.4.37.7/arch/alpha/kernel/setup.c
72 --- linux-2.4.37.7/arch/alpha/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
73 +++ linux-2.4.37.7/arch/alpha/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
74 @@ -1208,7 +1208,7 @@ c_stop(struct seq_file *f, void *v)
78 -struct seq_operations cpuinfo_op = {
79 +const struct seq_operations cpuinfo_op = {
83 diff -urNp linux-2.4.37.7/arch/alpha/mm/fault.c linux-2.4.37.7/arch/alpha/mm/fault.c
84 --- linux-2.4.37.7/arch/alpha/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
85 +++ linux-2.4.37.7/arch/alpha/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
86 @@ -53,6 +53,123 @@ __load_new_mm_context(struct mm_struct *
87 __reload_thread(¤t->thread);
90 +#ifdef CONFIG_PAX_PAGEEXEC
92 + * PaX: decide what to do with offenders (regs->pc = fault address)
94 + * returns 1 when task should be killed
95 + * 2 when patched PLT trampoline was detected
96 + * 3 when unpatched PLT trampoline was detected
98 +static int pax_handle_fetch_fault(struct pt_regs *regs)
102 +#ifdef CONFIG_PAX_EMUPLT
103 + do { /* PaX: patched PLT emulation #1 */
104 + unsigned int ldah, ldq, jmp;
106 + err = get_user(ldah, (unsigned int *)regs->pc);
107 + err |= get_user(ldq, (unsigned int *)(regs->pc+4));
108 + err |= get_user(jmp, (unsigned int *)(regs->pc+8));
113 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
114 + (ldq & 0xFFFF0000U) == 0xA77B0000U &&
115 + jmp == 0x6BFB0000U)
117 + unsigned long r27, addr;
118 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
119 + unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
121 + addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
122 + err = get_user(r27, (unsigned long*)addr);
132 + do { /* PaX: patched PLT emulation #2 */
133 + unsigned int ldah, lda, br;
135 + err = get_user(ldah, (unsigned int *)regs->pc);
136 + err |= get_user(lda, (unsigned int *)(regs->pc+4));
137 + err |= get_user(br, (unsigned int *)(regs->pc+8));
142 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
143 + (lda & 0xFFFF0000U) == 0xA77B0000U &&
144 + (br & 0xFFE00000U) == 0xC3E00000U)
146 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
147 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
148 + unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
150 + regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
151 + regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
156 + do { /* PaX: unpatched PLT emulation */
159 + err = get_user(br, (unsigned int *)regs->pc);
161 + if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
162 + unsigned int br2, ldq, nop, jmp;
163 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
165 + addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
166 + err = get_user(br2, (unsigned int *)addr);
167 + err |= get_user(ldq, (unsigned int *)(addr+4));
168 + err |= get_user(nop, (unsigned int *)(addr+8));
169 + err |= get_user(jmp, (unsigned int *)(addr+12));
170 + err |= get_user(resolver, (unsigned long *)(addr+16));
175 + if (br2 == 0xC3600000U &&
176 + ldq == 0xA77B000CU &&
177 + nop == 0x47FF041FU &&
178 + jmp == 0x6B7B0000U)
180 + regs->r28 = regs->pc+4;
181 + regs->r27 = addr+16;
182 + regs->pc = resolver;
192 +void pax_report_insns(void *pc, void *sp)
196 + printk(KERN_ERR "PAX: bytes at PC: ");
197 + for (i = 0; i < 5; i++) {
199 + if (get_user(c, (unsigned int*)pc+i))
200 + printk("???????? ");
202 + printk("%08x ", c);
209 * This routine handles page faults. It determines the address,
210 @@ -133,8 +250,29 @@ do_page_fault(unsigned long address, uns
212 info.si_code = SEGV_ACCERR;
214 - if (!(vma->vm_flags & VM_EXEC))
215 + if (!(vma->vm_flags & VM_EXEC)) {
217 +#ifdef CONFIG_PAX_PAGEEXEC
218 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
221 + up_read(&mm->mmap_sem);
222 + switch(pax_handle_fetch_fault(regs)) {
224 +#ifdef CONFIG_PAX_EMUPLT
231 + pax_report_fault(regs, (void*)regs->pc, (void*)rdusp());
239 /* Allow reads even for write-only mappings */
240 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
241 diff -urNp linux-2.4.37.7/arch/arm/config.in linux-2.4.37.7/arch/arm/config.in
242 --- linux-2.4.37.7/arch/arm/config.in 2009-11-07 11:52:20.000000000 -0500
243 +++ linux-2.4.37.7/arch/arm/config.in 2009-11-10 19:30:27.000000000 -0500
244 @@ -736,3 +736,11 @@ endmenu
246 source crypto/Config.in
249 +mainmenu_option next_comment
250 +comment 'Grsecurity'
251 +bool 'Grsecurity' CONFIG_GRKERNSEC
252 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
253 + source grsecurity/Config.in
256 diff -urNp linux-2.4.37.7/arch/arm/kernel/setup.c linux-2.4.37.7/arch/arm/kernel/setup.c
257 --- linux-2.4.37.7/arch/arm/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
258 +++ linux-2.4.37.7/arch/arm/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
259 @@ -611,7 +611,7 @@ static void c_stop(struct seq_file *m, v
263 -struct seq_operations cpuinfo_op = {
264 +const struct seq_operations cpuinfo_op = {
268 diff -urNp linux-2.4.37.7/arch/cris/config.in linux-2.4.37.7/arch/cris/config.in
269 --- linux-2.4.37.7/arch/cris/config.in 2009-11-07 11:52:20.000000000 -0500
270 +++ linux-2.4.37.7/arch/cris/config.in 2009-11-10 19:30:27.000000000 -0500
271 @@ -276,3 +276,12 @@ int 'Kernel messages buffer length shift
272 source crypto/Config.in
276 +mainmenu_option next_comment
277 +comment 'Grsecurity'
278 +bool 'Grsecurity' CONFIG_GRKERNSEC
279 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
280 + source grsecurity/Config.in
284 diff -urNp linux-2.4.37.7/arch/cris/drivers/ds1302.c linux-2.4.37.7/arch/cris/drivers/ds1302.c
285 --- linux-2.4.37.7/arch/cris/drivers/ds1302.c 2009-11-07 11:52:20.000000000 -0500
286 +++ linux-2.4.37.7/arch/cris/drivers/ds1302.c 2009-11-10 19:30:27.000000000 -0500
287 @@ -473,7 +473,7 @@ print_rtc_status(void)
289 /* The various file operations we support. */
291 -static struct file_operations rtc_fops = {
292 +static const struct file_operations rtc_fops = {
296 diff -urNp linux-2.4.37.7/arch/cris/drivers/examples/kiobuftest.c linux-2.4.37.7/arch/cris/drivers/examples/kiobuftest.c
297 --- linux-2.4.37.7/arch/cris/drivers/examples/kiobuftest.c 2009-11-07 11:52:20.000000000 -0500
298 +++ linux-2.4.37.7/arch/cris/drivers/examples/kiobuftest.c 2009-11-10 19:30:27.000000000 -0500
299 @@ -78,7 +78,7 @@ kiobuf_read(struct file *filp, char *buf
303 -static struct file_operations kiobuf_fops = {
304 +static const struct file_operations kiobuf_fops = {
308 diff -urNp linux-2.4.37.7/arch/cris/drivers/gpio.c linux-2.4.37.7/arch/cris/drivers/gpio.c
309 --- linux-2.4.37.7/arch/cris/drivers/gpio.c 2009-11-07 11:52:20.000000000 -0500
310 +++ linux-2.4.37.7/arch/cris/drivers/gpio.c 2009-11-10 19:30:27.000000000 -0500
311 @@ -779,7 +779,7 @@ gpio_leds_ioctl(unsigned int cmd, unsign
315 -struct file_operations gpio_fops = {
316 +const struct file_operations gpio_fops = {
320 diff -urNp linux-2.4.37.7/arch/cris/drivers/i2c.c linux-2.4.37.7/arch/cris/drivers/i2c.c
321 --- linux-2.4.37.7/arch/cris/drivers/i2c.c 2009-11-07 11:52:20.000000000 -0500
322 +++ linux-2.4.37.7/arch/cris/drivers/i2c.c 2009-11-10 19:30:27.000000000 -0500
323 @@ -681,7 +681,7 @@ i2c_ioctl(struct inode *inode, struct fi
327 -static struct file_operations i2c_fops = {
328 +static const struct file_operations i2c_fops = {
332 diff -urNp linux-2.4.37.7/arch/cris/drivers/pcf8563.c linux-2.4.37.7/arch/cris/drivers/pcf8563.c
333 --- linux-2.4.37.7/arch/cris/drivers/pcf8563.c 2009-11-07 11:52:20.000000000 -0500
334 +++ linux-2.4.37.7/arch/cris/drivers/pcf8563.c 2009-11-10 19:30:27.000000000 -0500
335 @@ -51,7 +51,7 @@ int pcf8563_ioctl(struct inode *, struct
336 int pcf8563_open(struct inode *, struct file *);
337 int pcf8563_release(struct inode *, struct file *);
339 -static struct file_operations pcf8563_fops = {
340 +static const struct file_operations pcf8563_fops = {
342 ioctl: pcf8563_ioctl,
344 diff -urNp linux-2.4.37.7/arch/cris/drivers/sync_serial.c linux-2.4.37.7/arch/cris/drivers/sync_serial.c
345 --- linux-2.4.37.7/arch/cris/drivers/sync_serial.c 2009-11-07 11:52:20.000000000 -0500
346 +++ linux-2.4.37.7/arch/cris/drivers/sync_serial.c 2009-11-10 19:30:27.000000000 -0500
347 @@ -214,7 +214,7 @@ static unsigned gen_config_ii_shadow = 0
349 #define NUMBER_OF_PORTS (sizeof(ports)/sizeof(sync_port))
351 -static struct file_operations sync_serial_fops = {
352 +static const struct file_operations sync_serial_fops = {
353 .owner = THIS_MODULE,
354 .write = sync_serial_write,
355 .read = sync_serial_read,
356 diff -urNp linux-2.4.37.7/arch/cris/drivers/virtex.c linux-2.4.37.7/arch/cris/drivers/virtex.c
357 --- linux-2.4.37.7/arch/cris/drivers/virtex.c 2009-11-07 11:52:20.000000000 -0500
358 +++ linux-2.4.37.7/arch/cris/drivers/virtex.c 2009-11-10 19:30:27.000000000 -0500
359 @@ -372,7 +372,7 @@ virtex_ioctl(struct inode *inode, struct
363 -static struct file_operations virtex_fops = {
364 +static const struct file_operations virtex_fops = {
368 diff -urNp linux-2.4.37.7/arch/cris/kernel/setup.c linux-2.4.37.7/arch/cris/kernel/setup.c
369 --- linux-2.4.37.7/arch/cris/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
370 +++ linux-2.4.37.7/arch/cris/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
371 @@ -283,7 +283,7 @@ static void c_stop(struct seq_file *m, v
375 -struct seq_operations cpuinfo_op = {
376 +const struct seq_operations cpuinfo_op = {
380 diff -urNp linux-2.4.37.7/arch/i386/boot/bootsect.S linux-2.4.37.7/arch/i386/boot/bootsect.S
381 --- linux-2.4.37.7/arch/i386/boot/bootsect.S 2009-11-07 11:52:20.000000000 -0500
382 +++ linux-2.4.37.7/arch/i386/boot/bootsect.S 2009-11-10 19:30:27.000000000 -0500
383 @@ -237,7 +237,7 @@ rp_read:
384 #ifdef __BIG_KERNEL__
385 # look in setup.S for bootsect_kludge
386 bootsect_kludge = 0x220 # 0x200 + 0x20 which is the size of the
387 - lcall bootsect_kludge # bootsector + bootsect_kludge offset
388 + lcall *bootsect_kludge # bootsector + bootsect_kludge offset
392 diff -urNp linux-2.4.37.7/arch/i386/boot/compressed/head.S linux-2.4.37.7/arch/i386/boot/compressed/head.S
393 --- linux-2.4.37.7/arch/i386/boot/compressed/head.S 2009-11-07 11:52:20.000000000 -0500
394 +++ linux-2.4.37.7/arch/i386/boot/compressed/head.S 2009-11-10 19:30:27.000000000 -0500
395 @@ -38,11 +38,13 @@ startup_32:
398 lss SYMBOL_NAME(stack_start),%esp
401 1: incl %eax # check that A20 really IS enabled
402 movl %eax,0x000000 # loop forever if it isn't
408 * Initialize eflags. Some BIOS's leave bits like NT set. This would
409 diff -urNp linux-2.4.37.7/arch/i386/boot/setup.S linux-2.4.37.7/arch/i386/boot/setup.S
410 --- linux-2.4.37.7/arch/i386/boot/setup.S 2009-11-07 11:52:20.000000000 -0500
411 +++ linux-2.4.37.7/arch/i386/boot/setup.S 2009-11-10 19:30:27.000000000 -0500
412 @@ -637,7 +637,7 @@ edd_done:
413 cmpw $0, %cs:realmode_swtch
416 - lcall %cs:realmode_swtch
417 + lcall *%cs:realmode_swtch
421 diff -urNp linux-2.4.37.7/arch/i386/config.in linux-2.4.37.7/arch/i386/config.in
422 --- linux-2.4.37.7/arch/i386/config.in 2009-11-07 11:52:20.000000000 -0500
423 +++ linux-2.4.37.7/arch/i386/config.in 2009-11-10 19:30:27.000000000 -0500
424 @@ -103,6 +103,7 @@ if [ "$CONFIG_M586MMX" = "y" ]; then
426 if [ "$CONFIG_M686" = "y" ]; then
427 define_int CONFIG_X86_L1_CACHE_SHIFT 5
428 + define_bool CONFIG_X86_ALIGNMENT_16 y
429 define_bool CONFIG_X86_HAS_TSC y
430 define_bool CONFIG_X86_GOOD_APIC y
431 bool 'PGE extensions (not for Cyrix/Transmeta)' CONFIG_X86_PGE
432 @@ -112,6 +113,7 @@ if [ "$CONFIG_M686" = "y" ]; then
434 if [ "$CONFIG_MPENTIUMIII" = "y" ]; then
435 define_int CONFIG_X86_L1_CACHE_SHIFT 5
436 + define_bool CONFIG_X86_ALIGNMENT_16 y
437 define_bool CONFIG_X86_HAS_TSC y
438 define_bool CONFIG_X86_GOOD_APIC y
439 define_bool CONFIG_X86_PGE y
440 @@ -120,6 +122,7 @@ if [ "$CONFIG_MPENTIUMIII" = "y" ]; then
442 if [ "$CONFIG_MPENTIUM4" = "y" ]; then
443 define_int CONFIG_X86_L1_CACHE_SHIFT 7
444 + define_bool CONFIG_X86_ALIGNMENT_16 y
445 define_bool CONFIG_X86_HAS_TSC y
446 define_bool CONFIG_X86_GOOD_APIC y
447 define_bool CONFIG_X86_PGE y
448 @@ -139,6 +142,7 @@ if [ "$CONFIG_MK8" = "y" ]; then
450 if [ "$CONFIG_MK7" = "y" ]; then
451 define_int CONFIG_X86_L1_CACHE_SHIFT 6
452 + define_bool CONFIG_X86_ALIGNMENT_16 y
453 define_bool CONFIG_X86_HAS_TSC y
454 define_bool CONFIG_X86_GOOD_APIC y
455 define_bool CONFIG_X86_USE_3DNOW y
456 @@ -505,3 +509,11 @@ endmenu
458 source crypto/Config.in
461 +mainmenu_option next_comment
462 +comment 'Grsecurity'
463 +bool 'Grsecurity' CONFIG_GRKERNSEC
464 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
465 + source grsecurity/Config.in
468 diff -urNp linux-2.4.37.7/arch/i386/kernel/acpi.c linux-2.4.37.7/arch/i386/kernel/acpi.c
469 --- linux-2.4.37.7/arch/i386/kernel/acpi.c 2009-11-07 11:52:20.000000000 -0500
470 +++ linux-2.4.37.7/arch/i386/kernel/acpi.c 2009-11-10 19:30:27.000000000 -0500
471 @@ -370,7 +370,7 @@ acpi_scan_rsdp (
474 for (offset = 0; offset < length; offset += 16) {
475 - if (strncmp((char *) (start + offset), "RSD PTR ", sig_len))
476 + if (strncmp((char *) (phys_to_virt(start) + offset), "RSD PTR ", sig_len))
478 return (start + offset);
480 @@ -708,7 +708,7 @@ static void acpi_create_identity_pmd (vo
483 /* set the new one */
484 - set_pmd(pmd, __pmd(_PAGE_TABLE + __pa(ptep)));
485 + set_pmd(pmd, __pmd(_KERNPG_TABLE + __pa(ptep)));
489 diff -urNp linux-2.4.37.7/arch/i386/kernel/apm.c linux-2.4.37.7/arch/i386/kernel/apm.c
490 --- linux-2.4.37.7/arch/i386/kernel/apm.c 2009-11-07 11:52:20.000000000 -0500
491 +++ linux-2.4.37.7/arch/i386/kernel/apm.c 2009-11-10 19:30:27.000000000 -0500
493 #include <linux/sysrq.h>
495 extern unsigned long get_cmos_time(void);
496 -extern void machine_real_restart(unsigned char *, int);
497 +extern void machine_real_restart(const unsigned char *, unsigned int);
499 #if defined(CONFIG_APM_DISPLAY_BLANK) && defined(CONFIG_VT)
500 extern int (*console_blank_hook)(int);
501 @@ -614,7 +614,7 @@ static u8 apm_bios_call(u32 func, u32 eb
502 __asm__ __volatile__(APM_DO_ZERO_SEGS
505 - "lcall %%cs:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
506 + "lcall *%%ss:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
510 @@ -666,7 +666,7 @@ static u8 apm_bios_call_simple(u32 func,
511 __asm__ __volatile__(APM_DO_ZERO_SEGS
514 - "lcall %%cs:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
515 + "lcall *%%ss:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
519 @@ -924,7 +924,7 @@ recalc:
521 static void apm_power_off(void)
523 - unsigned char po_bios_call[] = {
524 + const unsigned char po_bios_call[] = {
525 0xb8, 0x00, 0x10, /* movw $0x1000,ax */
526 0x8e, 0xd0, /* movw ax,ss */
527 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */
528 @@ -1883,7 +1883,7 @@ static int __init apm_setup(char *str)
529 __setup("apm=", apm_setup);
532 -static struct file_operations apm_bios_fops = {
533 +static const struct file_operations apm_bios_fops = {
537 @@ -1985,6 +1985,12 @@ static int __init apm_init(void)
538 __va((unsigned long)0x40 << 4));
539 _set_limit((char *)&gdt[APM_40 >> 3], 4095 - (0x40 << 4));
541 +#ifdef CONFIG_PAX_SEGMEXEC
542 + set_base(gdt2[APM_40 >> 3],
543 + __va((unsigned long)0x40 << 4));
544 + _set_limit((char *)&gdt2[APM_40 >> 3], 4095 - (0x40 << 4));
547 apm_bios_entry.offset = apm_info.bios.offset;
548 apm_bios_entry.segment = APM_CS;
549 set_base(gdt[APM_CS >> 3],
550 @@ -1993,6 +1999,16 @@ static int __init apm_init(void)
551 __va((unsigned long)apm_info.bios.cseg_16 << 4));
552 set_base(gdt[APM_DS >> 3],
553 __va((unsigned long)apm_info.bios.dseg << 4));
555 +#ifdef CONFIG_PAX_SEGMEXEC
556 + set_base(gdt2[APM_CS >> 3],
557 + __va((unsigned long)apm_info.bios.cseg << 4));
558 + set_base(gdt2[APM_CS_16 >> 3],
559 + __va((unsigned long)apm_info.bios.cseg_16 << 4));
560 + set_base(gdt2[APM_DS >> 3],
561 + __va((unsigned long)apm_info.bios.dseg << 4));
564 #ifndef APM_RELAX_SEGMENTS
565 if (apm_info.bios.version == 0x100) {
567 @@ -2002,6 +2018,13 @@ static int __init apm_init(void)
568 _set_limit((char *)&gdt[APM_CS_16 >> 3], 64 * 1024 - 1);
569 /* For the DEC Hinote Ultra CT475 (and others?) */
570 _set_limit((char *)&gdt[APM_DS >> 3], 64 * 1024 - 1);
572 +#ifdef CONFIG_PAX_SEGMEXEC
573 + _set_limit((char *)&gdt2[APM_CS >> 3], 64 * 1024 - 1);
574 + _set_limit((char *)&gdt2[APM_CS_16 >> 3], 64 * 1024 - 1);
575 + _set_limit((char *)&gdt2[APM_DS >> 3], 64 * 1024 - 1);
578 #ifndef APM_RELAX_SEGMENTS
580 _set_limit((char *)&gdt[APM_CS >> 3],
581 @@ -2010,6 +2033,16 @@ static int __init apm_init(void)
582 (apm_info.bios.cseg_16_len - 1) & 0xffff);
583 _set_limit((char *)&gdt[APM_DS >> 3],
584 (apm_info.bios.dseg_len - 1) & 0xffff);
586 +#ifdef CONFIG_PAX_SEGMEXEC
587 + _set_limit((char *)&gdt2[APM_CS >> 3],
588 + (apm_info.bios.cseg_len - 1) & 0xffff);
589 + _set_limit((char *)&gdt2[APM_CS_16 >> 3],
590 + (apm_info.bios.cseg_16_len - 1) & 0xffff);
591 + _set_limit((char *)&gdt2[APM_DS >> 3],
592 + (apm_info.bios.dseg_len - 1) & 0xffff);
598 diff -urNp linux-2.4.37.7/arch/i386/kernel/cpuid.c linux-2.4.37.7/arch/i386/kernel/cpuid.c
599 --- linux-2.4.37.7/arch/i386/kernel/cpuid.c 2009-11-07 11:52:20.000000000 -0500
600 +++ linux-2.4.37.7/arch/i386/kernel/cpuid.c 2009-11-10 19:30:27.000000000 -0500
601 @@ -133,7 +133,7 @@ static int cpuid_open(struct inode *inod
603 * File operations we support
605 -static struct file_operations cpuid_fops = {
606 +static const struct file_operations cpuid_fops = {
610 diff -urNp linux-2.4.37.7/arch/i386/kernel/entry.S linux-2.4.37.7/arch/i386/kernel/entry.S
611 --- linux-2.4.37.7/arch/i386/kernel/entry.S 2009-11-07 11:52:20.000000000 -0500
612 +++ linux-2.4.37.7/arch/i386/kernel/entry.S 2009-11-10 19:30:27.000000000 -0500
613 @@ -84,7 +84,7 @@ processor = 52
618 +#define __SAVE_ALL \
622 @@ -99,6 +99,18 @@ ENOSYS = 38
626 +#ifdef CONFIG_PAX_KERNEXEC
631 + orl $0x10000,%edx; \
635 +#define SAVE_ALL __SAVE_ALL
638 #define RESTORE_ALL \
641 @@ -209,6 +221,17 @@ ENTRY(system_call)
643 call *SYMBOL_NAME(sys_call_table)(,%eax,4)
644 movl %eax,EAX(%esp) # save the return value
646 +#ifdef CONFIG_PAX_RANDKSTACK
647 + cli # need_resched and signals atomic test
648 + cmpl $0,need_resched(%ebx)
650 + cmpl $0,sigpending(%ebx)
652 + call SYMBOL_NAME(pax_randomize_kstack)
656 ENTRY(ret_from_sys_call)
657 cli # need_resched and signals atomic test
658 cmpl $0,need_resched(%ebx)
659 @@ -260,6 +283,13 @@ ret_from_exception:
661 testl $(VM_MASK | 3),%eax # return to VM86 mode or non-supervisor?
662 jne ret_from_sys_call
664 +#ifdef CONFIG_PAX_KERNEXEC
673 @@ -283,6 +313,15 @@ error_code:
678 +#ifdef CONFIG_PAX_KERNEXEC
687 movl ORIG_EAX(%esp), %esi # get the error code
688 movl ES(%esp), %edi # get the function address
689 @@ -337,6 +376,13 @@ ENTRY(nmi)
691 call SYMBOL_NAME(do_nmi)
694 +#ifdef CONFIG_PAX_KERNEXEC
703 @@ -389,8 +435,77 @@ ENTRY(alignment_check)
707 +#ifdef CONFIG_PAX_PAGEEXEC
709 + pushl $ SYMBOL_NAME(pax_do_page_fault)
711 pushl $ SYMBOL_NAME(do_page_fault)
714 +#ifndef CONFIG_PAX_EMUTRAMP
724 + decl %eax # eax = -1
729 +#ifdef CONFIG_PAX_KERNEXEC
738 + movl ORIG_EAX(%esp), %esi # get the error code
739 + movl ES(%esp), %edi # get the function address
740 + movl %eax, ORIG_EAX(%esp)
741 + movl %ecx, ES(%esp)
743 + pushl %esi # push the error code
744 + pushl %edx # push the pt_regs pointer
745 + movl $(__KERNEL_DS),%edx
752 + jnz ret_from_exception
766 +.section .fixup,"ax";
772 +.section __ex_table,"a";
781 @@ -402,7 +517,7 @@ ENTRY(spurious_interrupt_bug)
782 pushl $ SYMBOL_NAME(do_spurious_interrupt_bug)
786 +.section .rodata,"a",@progbits
787 ENTRY(sys_call_table)
788 .long SYMBOL_NAME(sys_ni_syscall) /* 0 - old "setup()" system call*/
789 .long SYMBOL_NAME(sys_exit)
790 diff -urNp linux-2.4.37.7/arch/i386/kernel/head.S linux-2.4.37.7/arch/i386/kernel/head.S
791 --- linux-2.4.37.7/arch/i386/kernel/head.S 2009-11-07 11:52:20.000000000 -0500
792 +++ linux-2.4.37.7/arch/i386/kernel/head.S 2009-11-10 19:30:27.000000000 -0500
794 #define X86_CAPABILITY CPU_PARAMS+12
795 #define X86_VENDOR_ID CPU_PARAMS+36 /* tied to NCAPINTS in cpufeature.h */
797 +#ifdef CONFIG_PAX_KERNEXEC
798 +/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
803 + * Real beginning of normal "text" segment
809 * swapper_pg_dir is the main page directory, address 0x00101000
811 * On entry, %esi points to the real-mode code as a 32-bit pointer.
816 * Set segments to known values
817 @@ -51,9 +63,88 @@ startup_32:
829 +#ifdef CONFIG_PAX_MEMORY_UDEREF
830 + /* check for VMware */
831 + movl $0x564d5868,%eax
836 + cmpl $0x564d5868,%ebx
839 + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),%eax
840 + movl %eax,(SYMBOL_NAME(gdt_table) - __PAGE_OFFSET + __KERNEL_DS + 4)
842 +#ifdef CONFIG_PAX_SEGMEXEC
843 + movl %eax,(SYMBOL_NAME(gdt_table2) - __PAGE_OFFSET + __KERNEL_DS + 4)
849 +#ifdef CONFIG_PAX_KERNEXEC
850 + movl $__KERNEL_TEXT_OFFSET,%eax
851 + movw %ax,(SYMBOL_NAME(gdt_table) + __KERNEL_CS + 2 - __PAGE_OFFSET)
853 + movb %al,(SYMBOL_NAME(gdt_table) + __KERNEL_CS + 4 - __PAGE_OFFSET)
854 + movb %ah,(SYMBOL_NAME(gdt_table) + __KERNEL_CS + 7 - __PAGE_OFFSET)
856 +#ifdef CONFIG_PAX_SEGMEXEC
857 + movb %al,(SYMBOL_NAME(gdt_table2) + __KERNEL_CS + 4 - __PAGE_OFFSET)
858 + movb %ah,(SYMBOL_NAME(gdt_table2) + __KERNEL_CS + 7 - __PAGE_OFFSET)
860 + movw %ax,(SYMBOL_NAME(gdt_table2) + __KERNEL_CS + 2 - __PAGE_OFFSET)
866 + * Clear BSS first so that there are no surprises...
867 + * No need to cld as DF is already clear from cld above...
870 + movl $ SYMBOL_NAME(__bss_start) - __PAGE_OFFSET,%edi
871 + movl $ SYMBOL_NAME(__bss_end) - __PAGE_OFFSET,%ecx
876 + * Copy bootup parameters out of the way. First 2kB of
877 + * _empty_zero_page is for boot parameters, second 2kB
878 + * is for the command line.
880 + * Note: %esi still has the pointer to the real-mode data.
882 + movl $ SYMBOL_NAME(empty_zero_page) - __PAGE_OFFSET,%edi
891 + movl SYMBOL_NAME(empty_zero_page) - __PAGE_OFFSET + NEW_CL_POINTER,%esi
893 + jnz 2f # New command line protocol
894 + cmpw $(OLD_CL_MAGIC),OLD_CL_MAGIC_ADDR
896 + movzwl OLD_CL_OFFSET,%esi
897 + addl $(OLD_CL_BASE_ADDR),%esi
899 + movl $ SYMBOL_NAME(empty_zero_page) - __PAGE_OFFSET + 2048,%edi
906 * New page tables may be in 4Mbyte page mode and may
907 @@ -71,22 +162,28 @@ startup_32:
909 #define cr4_bits mmu_cr4_features-__PAGE_OFFSET
913 movl %cr4,%eax # Turn on paging options (PSE,PAE,..)
925 * Initialize page tables
927 movl $pg0-__PAGE_OFFSET,%edi /* initialize page tables */
928 - movl $007,%eax /* "007" doesn't mean with right to kill, but
930 + movl $0x63,%eax /* "0x63" is PRESENT+RW+ACCESSED+DIRTY */
932 +#ifdef CONFIG_X86_PAE
936 - cmp $empty_zero_page-__PAGE_OFFSET,%edi
937 + cmp $0x01000063,%eax
941 @@ -100,37 +197,16 @@ startup_32:
942 movl %eax,%cr0 /* ..and set paging (PG) bit */
943 jmp 1f /* flush the prefetch-queue */
946 - jmp *%eax /* make sure eip is relocated */
949 + ljmp $__KERNEL_CS,$1f
950 +1: movl $(__KERNEL_DS),%eax # reload all the segment registers
951 + movl %eax,%ds # after changing gdt.
955 /* Set up the stack pointer */
960 - jz 1f /* Initial CPU cleans BSS */
965 -#endif /* CONFIG_SMP */
968 - * Clear BSS first so that there are no surprises...
969 - * No need to cld as DF is already clear from cld above...
972 - movl $ SYMBOL_NAME(__bss_start),%edi
973 - movl $ SYMBOL_NAME(_end),%ecx
979 - * start system 32-bit setup. We need to re-do some of the things done
980 - * in 16-bit mode for the "real" operations.
984 * Initialize eflags. Some BIOS's leave bits like NT set. This would
985 * confuse the debugger if this code is traced.
986 @@ -138,35 +214,18 @@ startup_32:
994 +#endif /* CONFIG_SMP */
997 - * Copy bootup parameters out of the way. First 2kB of
998 - * _empty_zero_page is for boot parameters, second 2kB
999 - * is for the command line.
1001 - * Note: %esi still has the pointer to the real-mode data.
1002 + * start system 32-bit setup. We need to re-do some of the things done
1003 + * in 16-bit mode for the "real" operations.
1005 - movl $ SYMBOL_NAME(empty_zero_page),%edi
1014 - movl SYMBOL_NAME(empty_zero_page)+NEW_CL_POINTER,%esi
1016 - jnz 2f # New command line protocol
1017 - cmpw $(OLD_CL_MAGIC),OLD_CL_MAGIC_ADDR
1019 - movzwl OLD_CL_OFFSET,%esi
1020 - addl $(OLD_CL_BASE_ADDR),%esi
1022 - movl $ SYMBOL_NAME(empty_zero_page)+2048,%edi
1031 movl $-1,X86_CPUID # -1 for no CPUID initially
1032 @@ -241,20 +300,7 @@ is386: pushl %ecx # restore original EF
1038 - ljmp $(__KERNEL_CS),$1f
1039 -1: movl $(__KERNEL_DS),%eax # reload all the segment registers
1040 - movl %eax,%ds # after changing gdt.
1045 - movl $(__KERNEL_DS), %eax
1046 - movl %eax,%ss # Reload the stack pointer (segment only)
1048 - lss stack_start,%esp # Load processor stack
1052 cld # gcc2 wants the direction flag cleared at all times
1053 @@ -272,8 +318,6 @@ L6:
1054 jmp L6 # main should never return here, but
1055 # just in case, we know what happens.
1060 * We depend on ET to be correct. This checks for 287/387.
1062 @@ -319,13 +363,6 @@ rp_sidt:
1067 - .long SYMBOL_NAME(init_task_union)+8192
1070 -/* This is the default interrupt "handler" :-) */
1072 - .asciz "Unknown interrupt, stack: %p %p %p %p\n"
1076 @@ -341,6 +378,18 @@ ignore_int:
1084 + .long SYMBOL_NAME(init_task_union)+8192-8
1087 +.section .rodata,"a"
1088 +/* This is the default interrupt "handler" :-) */
1090 + .asciz "Unknown interrupt, stack: %p %p %p %p\n"
1093 * The interrupt descriptor table has room for 256 idt's,
1094 * the global descriptor table is dependent on the number
1095 @@ -360,60 +409,134 @@ idt_descr:
1097 .long SYMBOL_NAME(idt_table)
1099 +.globl SYMBOL_NAME(boot_gdt_table)
1101 + .fill __KERNEL_CS,1,0
1102 + .quad 0x00cf9b000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
1103 + .quad 0x00cf93000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
1107 .word GDT_ENTRIES*8-1
1109 .long SYMBOL_NAME(gdt_table)
1111 +#ifdef CONFIG_PAX_SEGMEXEC
1112 +.globl SYMBOL_NAME(gdt2)
1115 + .word GDT_ENTRIES*8-1
1117 + .long SYMBOL_NAME(gdt_table2)
1121 - * This is initialized to create an identity-mapping at 0-8M (for bootup
1122 - * purposes) and another mapping of the 0-8M area at virtual address
1123 + * This is initialized to create an identity-mapping at 0-16M (for bootup
1124 + * purposes) and another mapping of the 0-16M area at virtual address
1128 +.section .swapper_pg_dir,"a",@progbits
1129 ENTRY(swapper_pg_dir)
1132 - .fill BOOT_USER_PGD_PTRS-2,4,0
1133 - /* default: 766 entries */
1136 - /* default: 254 entries */
1137 - .fill BOOT_KERNEL_PGD_PTRS-2,4,0
1138 +#ifdef CONFIG_X86_PAE
1139 + .long swapper_pm_dir-__PAGE_OFFSET+1
1141 + .long swapper_pm_dir+512*8-__PAGE_OFFSET+1
1143 + .long swapper_pm_dir+512*16-__PAGE_OFFSET+1
1145 + .long swapper_pm_dir+512*24-__PAGE_OFFSET+1
1148 + .long pg0-__PAGE_OFFSET+63
1149 + .long pg0+1024*4-__PAGE_OFFSET+63
1150 + .long pg0+1024*8-__PAGE_OFFSET+63
1151 + .long pg0+1024*12-__PAGE_OFFSET+63
1152 + .fill BOOT_USER_PGD_PTRS-4,4,0
1153 + /* default: 764 entries */
1154 + .long pg0-__PAGE_OFFSET+67
1155 + .long pg0+1024*4-__PAGE_OFFSET+63
1156 + .long pg0+1024*8-__PAGE_OFFSET+63
1157 + .long pg0+1024*12-__PAGE_OFFSET+63
1158 + /* default: 252 entries */
1159 + .fill BOOT_KERNEL_PGD_PTRS-4,4,0
1162 +#ifdef CONFIG_X86_PAE
1163 +.section .swapper_pm_dir,"a",@progbits
1164 +ENTRY(swapper_pm_dir)
1165 + .long pg0-__PAGE_OFFSET+63
1167 + .long pg0+512*8-__PAGE_OFFSET+63
1169 + .long pg0+512*16-__PAGE_OFFSET+63
1171 + .long pg0+512*24-__PAGE_OFFSET+63
1173 + .long pg0+512*32-__PAGE_OFFSET+63
1175 + .long pg0+512*40-__PAGE_OFFSET+63
1177 + .long pg0+512*48-__PAGE_OFFSET+63
1179 + .long pg0+512*56-__PAGE_OFFSET+63
1181 + .fill BOOT_USER_PMD_PTRS-8,8,0
1182 + /* default: 1024+512-4 entries */
1183 + .long pg0-__PAGE_OFFSET+67
1185 + .long pg0+512*8-__PAGE_OFFSET+63
1187 + .long pg0+512*16-__PAGE_OFFSET+63
1189 + .long pg0+512*24-__PAGE_OFFSET+63
1191 + .long pg0+512*32-__PAGE_OFFSET+63
1193 + .long pg0+512*40-__PAGE_OFFSET+63
1195 + .long pg0+512*48-__PAGE_OFFSET+63
1197 + .long pg0+512*56-__PAGE_OFFSET+63
1199 + /* default: 512-4 entries */
1200 + .fill BOOT_KERNEL_PMD_PTRS-8,8,0
1204 - * The page tables are initialized to only 8MB here - the final page
1205 + * The page tables are initialized to only 16MB here - the final page
1206 * tables are set up later depending on memory size.
1209 +.section .pg0,"a",@progbits
1215 +#ifdef CONFIG_X86_PAE
1220 * empty_zero_page must immediately follow the page tables ! (The
1221 * initialization loop counts until empty_zero_page)
1225 +.section .empty_zero_page,"a",@progbits
1226 ENTRY(empty_zero_page)
1232 - * Real beginning of normal "text" segment
1233 + * The IDT has to be page-aligned to simplify the Pentium
1234 + * F0 0F bug workaround.. We have a special link segment
1239 +.section .idt,"a",@progbits
1244 * This starts the data section. Note that the above is all
1245 * in the text section because it has alignment requirements
1246 * that we cannot fulfill any other way.
1249 +.section .rodata,"a",@progbits
1253 @@ -425,18 +548,39 @@ ALIGN
1255 .quad 0x0000000000000000 /* NULL descriptor */
1256 .quad 0x0000000000000000 /* not used */
1257 - .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
1258 - .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
1259 - .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */
1260 - .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */
1261 - .quad 0x0000000000000000 /* not used */
1262 + .quad 0x00cf9b000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
1263 + .quad 0x00cf93000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
1264 + .quad 0x00cffb000000ffff /* 0x23 user 4GB code at 0x00000000 */
1265 + .quad 0x00cff3000000ffff /* 0x2b user 4GB data at 0x00000000 */
1266 + .quad 0x0000000000000000 /* PCIBIOS_CS */
1267 + .quad 0x0000000000000000 /* PCIBIOS_DS */
1269 + * The APM segments have byte granularity and their bases
1270 + * and limits are set at run time.
1272 + .quad 0x0040930000000000 /* 0x40 APM set up for bad BIOS's */
1273 + .quad 0x00409b0000000000 /* 0x48 APM CS code */
1274 + .quad 0x00009b0000000000 /* 0x50 APM CS 16 code (16 bit) */
1275 + .quad 0x0040930000000000 /* 0x58 APM DS data */
1276 + .fill NR_CPUS*4,8,0 /* space for TSS's and LDT's */
1278 +#ifdef CONFIG_PAX_SEGMEXEC
1280 + .quad 0x0000000000000000 /* NULL descriptor */
1281 .quad 0x0000000000000000 /* not used */
1282 + .quad 0x00cf9b000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
1283 + .quad 0x00cf93000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
1284 + .quad 0x60c5fb000000ffff /* 0x23 user 1.5GB code at 0x60000000 */
1285 + .quad 0x00cff3000000ffff /* 0x2b user 4GB data at 0x00000000 */
1286 + .quad 0x0000000000000000 /* PCIBIOS_CS */
1287 + .quad 0x0000000000000000 /* PCIBIOS_DS */
1289 * The APM segments have byte granularity and their bases
1290 * and limits are set at run time.
1292 - .quad 0x0040920000000000 /* 0x40 APM set up for bad BIOS's */
1293 - .quad 0x00409a0000000000 /* 0x48 APM CS code */
1294 - .quad 0x00009a0000000000 /* 0x50 APM CS 16 code (16 bit) */
1295 - .quad 0x0040920000000000 /* 0x58 APM DS data */
1296 + .quad 0x0040930000000000 /* 0x40 APM set up for bad BIOS's */
1297 + .quad 0x00409b0000000000 /* 0x48 APM CS code */
1298 + .quad 0x00009b0000000000 /* 0x50 APM CS 16 code (16 bit) */
1299 + .quad 0x0040930000000000 /* 0x58 APM DS data */
1300 .fill NR_CPUS*4,8,0 /* space for TSS's and LDT's */
1302 diff -urNp linux-2.4.37.7/arch/i386/kernel/i386_ksyms.c linux-2.4.37.7/arch/i386/kernel/i386_ksyms.c
1303 --- linux-2.4.37.7/arch/i386/kernel/i386_ksyms.c 2009-11-07 11:52:20.000000000 -0500
1304 +++ linux-2.4.37.7/arch/i386/kernel/i386_ksyms.c 2009-11-10 19:30:27.000000000 -0500
1305 @@ -34,7 +34,7 @@ extern void dump_thread(struct pt_regs *
1306 extern spinlock_t rtc_lock;
1308 #if defined(CONFIG_APM) || defined(CONFIG_APM_MODULE)
1309 -extern void machine_real_restart(unsigned char *, int);
1310 +extern void machine_real_restart(const unsigned char *, unsigned int);
1311 EXPORT_SYMBOL(machine_real_restart);
1312 extern void default_idle(void);
1313 EXPORT_SYMBOL(default_idle);
1314 @@ -74,6 +74,11 @@ EXPORT_SYMBOL(pm_power_off);
1315 EXPORT_SYMBOL(get_cmos_time);
1316 EXPORT_SYMBOL(apm_info);
1319 +#ifdef CONFIG_PAX_SEGMEXEC
1320 +EXPORT_SYMBOL(gdt2);
1323 EXPORT_SYMBOL(empty_zero_page);
1325 #ifdef CONFIG_DEBUG_IOVIRT
1326 @@ -86,6 +91,8 @@ EXPORT_SYMBOL_NOVERS(__down_failed_trylo
1327 EXPORT_SYMBOL_NOVERS(__up_wakeup);
1328 /* Networking helper routines. */
1329 EXPORT_SYMBOL(csum_partial_copy_generic);
1330 +EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
1331 +EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
1333 EXPORT_SYMBOL(__ndelay);
1334 EXPORT_SYMBOL(__udelay);
1335 diff -urNp linux-2.4.37.7/arch/i386/kernel/i8259.c linux-2.4.37.7/arch/i386/kernel/i8259.c
1336 --- linux-2.4.37.7/arch/i386/kernel/i8259.c 2009-11-07 11:52:20.000000000 -0500
1337 +++ linux-2.4.37.7/arch/i386/kernel/i8259.c 2009-11-10 19:30:27.000000000 -0500
1338 @@ -107,7 +107,8 @@ BUILD_SMP_INTERRUPT(spurious_interrupt,S
1339 IRQ(x,8), IRQ(x,9), IRQ(x,a), IRQ(x,b), \
1340 IRQ(x,c), IRQ(x,d), IRQ(x,e), IRQ(x,f)
1342 -void (*interrupt[NR_IRQS])(void) = {
1343 +typedef void (*interrupt_t)(void);
1344 +const interrupt_t interrupt[NR_IRQS] = {
1347 #ifdef CONFIG_X86_IO_APIC
1348 diff -urNp linux-2.4.37.7/arch/i386/kernel/init_task.c linux-2.4.37.7/arch/i386/kernel/init_task.c
1349 --- linux-2.4.37.7/arch/i386/kernel/init_task.c 2009-11-07 11:52:20.000000000 -0500
1350 +++ linux-2.4.37.7/arch/i386/kernel/init_task.c 2009-11-10 19:30:27.000000000 -0500
1351 @@ -29,5 +29,9 @@ union task_union init_task_union
1352 * section. Since TSS's are completely CPU-local, we want them
1353 * on exact cacheline boundaries, to eliminate cacheline ping-pong.
1355 -struct tss_struct init_tss[NR_CPUS] __cacheline_aligned = { [0 ... NR_CPUS-1] = INIT_TSS };
1357 +#ifdef CONFIG_PAX_KERNEXEC
1358 +struct tss_struct init_tss[NR_CPUS] __attribute__((__aligned__(SMP_CACHE_BYTES), __section__(".rodata"))) = { [0 ... NR_CPUS-1] = INIT_TSS };
1360 +struct tss_struct init_tss[NR_CPUS] __cacheline_aligned = { [0 ... NR_CPUS-1] = INIT_TSS };
1362 diff -urNp linux-2.4.37.7/arch/i386/kernel/io_apic.c linux-2.4.37.7/arch/i386/kernel/io_apic.c
1363 --- linux-2.4.37.7/arch/i386/kernel/io_apic.c 2009-11-07 11:52:20.000000000 -0500
1364 +++ linux-2.4.37.7/arch/i386/kernel/io_apic.c 2009-11-10 19:30:27.000000000 -0500
1365 @@ -620,7 +620,8 @@ next:
1366 return current_vector;
1369 -extern void (*interrupt[NR_IRQS])(void);
1370 +typedef void (*interrupt_t)(void);
1371 +extern const interrupt_t interrupt[NR_IRQS];
1372 static struct hw_interrupt_type ioapic_level_irq_type;
1373 static struct hw_interrupt_type ioapic_edge_irq_type;
1375 diff -urNp linux-2.4.37.7/arch/i386/kernel/ioport.c linux-2.4.37.7/arch/i386/kernel/ioport.c
1376 --- linux-2.4.37.7/arch/i386/kernel/ioport.c 2009-11-07 11:52:20.000000000 -0500
1377 +++ linux-2.4.37.7/arch/i386/kernel/ioport.c 2009-11-10 19:30:27.000000000 -0500
1379 #include <linux/smp.h>
1380 #include <linux/smp_lock.h>
1381 #include <linux/stddef.h>
1382 +#include <linux/grsecurity.h>
1383 +#include <asm/desc.h>
1385 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
1386 static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
1387 @@ -57,10 +59,22 @@ asmlinkage int sys_ioperm(unsigned long
1388 struct thread_struct * t = ¤t->thread;
1389 struct tss_struct * tss = init_tss + smp_processor_id();
1391 +#ifdef CONFIG_PAX_KERNEXEC
1392 + unsigned long cr0;
1395 if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
1397 +#ifdef CONFIG_GRKERNSEC_IO
1399 + gr_handle_ioperm();
1401 if (turn_on && !capable(CAP_SYS_RAWIO))
1404 +#ifdef CONFIG_GRKERNSEC_IO
1408 * If it's the first ioperm() call in this thread's lifetime, set the
1409 * IO bitmap up. ioperm() is much less timing critical than clone(),
1410 @@ -78,6 +92,11 @@ asmlinkage int sys_ioperm(unsigned long
1411 * do it in the per-thread copy and in the TSS ...
1413 set_bitmap(t->io_bitmap, from, num, !turn_on);
1415 +#ifdef CONFIG_PAX_KERNEXEC
1416 + pax_open_kernel(cr0);
1419 if (tss->bitmap == IO_BITMAP_OFFSET) { /* already active? */
1420 set_bitmap(tss->io_bitmap, from, num, !turn_on);
1422 @@ -85,6 +104,10 @@ asmlinkage int sys_ioperm(unsigned long
1423 tss->bitmap = IO_BITMAP_OFFSET; /* Activate it in the TSS */
1426 +#ifdef CONFIG_PAX_KERNEXEC
1427 + pax_close_kernel(cr0);
1433 @@ -109,8 +132,13 @@ asmlinkage int sys_iopl(unsigned long un
1435 /* Trying to gain more privileges? */
1437 +#ifdef CONFIG_GRKERNSEC_IO
1441 if (!capable(CAP_SYS_RAWIO))
1445 regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
1447 diff -urNp linux-2.4.37.7/arch/i386/kernel/ldt.c linux-2.4.37.7/arch/i386/kernel/ldt.c
1448 --- linux-2.4.37.7/arch/i386/kernel/ldt.c 2009-11-07 11:52:20.000000000 -0500
1449 +++ linux-2.4.37.7/arch/i386/kernel/ldt.c 2009-11-10 19:30:27.000000000 -0500
1450 @@ -151,7 +151,7 @@ static int read_default_ldt(void * ptr,
1455 + const void *address;
1458 address = &default_ldt[0];
1459 @@ -214,6 +214,13 @@ static int write_ldt(void * ptr, unsigne
1463 +#ifdef CONFIG_PAX_SEGMEXEC
1464 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & 2)) {
1470 entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
1471 (ldt_info.limit & 0x0ffff);
1472 entry_2 = (ldt_info.base_addr & 0xff000000) |
1473 @@ -224,7 +231,7 @@ static int write_ldt(void * ptr, unsigne
1474 ((ldt_info.seg_not_present ^ 1) << 15) |
1475 (ldt_info.seg_32bit << 22) |
1476 (ldt_info.limit_in_pages << 23) |
1480 entry_2 |= (ldt_info.useable << 20);
1482 diff -urNp linux-2.4.37.7/arch/i386/kernel/microcode.c linux-2.4.37.7/arch/i386/kernel/microcode.c
1483 --- linux-2.4.37.7/arch/i386/kernel/microcode.c 2009-11-07 11:52:20.000000000 -0500
1484 +++ linux-2.4.37.7/arch/i386/kernel/microcode.c 2009-11-10 19:30:27.000000000 -0500
1485 @@ -474,7 +474,7 @@ static int microcode_ioctl (struct inode
1488 /* shared between misc device and devfs regular file */
1489 -static struct file_operations microcode_fops = {
1490 +static const struct file_operations microcode_fops = {
1491 .owner = THIS_MODULE,
1492 .write = microcode_write,
1493 .ioctl = microcode_ioctl,
1494 diff -urNp linux-2.4.37.7/arch/i386/kernel/mpparse.c linux-2.4.37.7/arch/i386/kernel/mpparse.c
1495 --- linux-2.4.37.7/arch/i386/kernel/mpparse.c 2009-11-07 11:52:20.000000000 -0500
1496 +++ linux-2.4.37.7/arch/i386/kernel/mpparse.c 2009-11-10 19:30:27.000000000 -0500
1497 @@ -833,7 +833,7 @@ void __init get_smp_config (void)
1498 * Read the physical hardware table. Anything here will
1499 * override the defaults.
1501 - if (!smp_read_mpc((void *)mpf->mpf_physptr)) {
1502 + if (!smp_read_mpc(phys_to_virt(mpf->mpf_physptr))) {
1503 smp_found_config = 0;
1504 printk(KERN_ERR "BIOS bug, MP table errors detected!...\n");
1505 printk(KERN_ERR "... disabling SMP support. (tell your hw vendor)\n");
1506 diff -urNp linux-2.4.37.7/arch/i386/kernel/msr.c linux-2.4.37.7/arch/i386/kernel/msr.c
1507 --- linux-2.4.37.7/arch/i386/kernel/msr.c 2009-11-07 11:52:20.000000000 -0500
1508 +++ linux-2.4.37.7/arch/i386/kernel/msr.c 2009-11-10 19:30:27.000000000 -0500
1509 @@ -240,7 +240,7 @@ static int msr_open(struct inode *inode,
1511 * File operations we support
1513 -static struct file_operations msr_fops = {
1514 +static const struct file_operations msr_fops = {
1518 diff -urNp linux-2.4.37.7/arch/i386/kernel/mtrr.c linux-2.4.37.7/arch/i386/kernel/mtrr.c
1519 --- linux-2.4.37.7/arch/i386/kernel/mtrr.c 2009-11-07 11:52:20.000000000 -0500
1520 +++ linux-2.4.37.7/arch/i386/kernel/mtrr.c 2009-11-10 19:30:27.000000000 -0500
1521 @@ -1675,7 +1675,7 @@ static ssize_t mtrr_write (struct file *
1522 char line[LINE_SIZE];
1524 if (!len) return -EINVAL;
1525 - if ( !suser () ) return -EPERM;
1526 + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM;
1527 /* Can't seek (pwrite) on this device */
1528 if (ppos != &file->f_pos) return -ESPIPE;
1529 memset (line, 0, LINE_SIZE);
1530 diff -urNp linux-2.4.37.7/arch/i386/kernel/pci-pc.c linux-2.4.37.7/arch/i386/kernel/pci-pc.c
1531 --- linux-2.4.37.7/arch/i386/kernel/pci-pc.c 2009-11-07 11:52:20.000000000 -0500
1532 +++ linux-2.4.37.7/arch/i386/kernel/pci-pc.c 2009-11-10 19:30:27.000000000 -0500
1535 #include <asm/smp.h>
1536 #include <asm/smpboot.h>
1537 +#include <asm/desc.h>
1539 #include "pci-i386.h"
1541 @@ -575,11 +576,10 @@ union bios32 {
1542 * we'll make pcibios_present() take a memory start parameter and store
1547 unsigned long address;
1548 unsigned short segment;
1549 -} bios32_indirect = { 0, __KERNEL_CS };
1550 +} bios32_indirect = { 0, __PCIBIOS_CS };
1553 * Returns the entry point for the given service, NULL on error
1554 @@ -593,34 +593,122 @@ static unsigned long bios32_service(unsi
1555 unsigned long entry; /* %edx */
1556 unsigned long flags;
1558 +#ifdef CONFIG_PAX_KERNEXEC
1559 + unsigned long cr0;
1562 __save_flags(flags); __cli();
1563 - __asm__("lcall (%%edi); cld"
1565 +#ifdef CONFIG_PAX_KERNEXEC
1566 + pax_open_kernel(cr0);
1569 + gdt_table[6].a = 0x0000FFFFUL;
1570 + gdt_table[6].b = 0x00CF9B00UL;
1571 + gdt_table[7].a = 0x0000FFFFUL;
1572 + gdt_table[7].b = 0x00CF9300UL;
1574 +#ifdef CONFIG_PAX_SEGMEXEC
1575 + gdt_table2[6].a = 0x0000FFFFUL;
1576 + gdt_table2[6].b = 0x00CF9B00UL;
1577 + gdt_table2[7].a = 0x0000FFFFUL;
1578 + gdt_table2[7].b = 0x00CF9300UL;
1581 +#ifdef CONFIG_PAX_KERNEXEC
1582 + pax_close_kernel(cr0);
1585 + __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
1586 : "=a" (return_code),
1592 - "D" (&bios32_indirect));
1593 + "D" (&bios32_indirect),
1594 + "r" (__PCIBIOS_DS)
1597 +#ifdef CONFIG_PAX_KERNEXEC
1598 + pax_open_kernel(cr0);
1601 + gdt_table[6].a = 0;
1602 + gdt_table[6].b = 0;
1603 + gdt_table[7].a = 0;
1604 + gdt_table[7].b = 0;
1606 +#ifdef CONFIG_PAX_SEGMEXEC
1607 + gdt_table2[6].a = 0;
1608 + gdt_table2[6].b = 0;
1609 + gdt_table2[7].a = 0;
1610 + gdt_table2[7].b = 0;
1613 +#ifdef CONFIG_PAX_KERNEXEC
1614 + pax_close_kernel(cr0);
1617 __restore_flags(flags);
1619 switch (return_code) {
1621 - return address + entry;
1622 - case 0x80: /* Not present */
1623 - printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
1625 - default: /* Shouldn't happen */
1626 - printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
1627 - service, return_code);
1629 + unsigned long a, b1, b2;
1630 + unsigned char flags;
1632 + printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
1633 + if (address >= 0xFFFF0 || length >= 0xFFFF0 - address || length <= entry) {
1634 + printk(KERN_WARNING "bios32_service: not valid\n");
1637 + address = address + PAGE_OFFSET;
1638 + length += 16UL; /* some BIOSs underreport this... */
1640 + if (length >= 64*1024*1024) {
1641 + length >>= PAGE_SHIFT;
1644 + a = (length & 0xFFFFUL) | ((address & 0xFFFFUL) << 16);
1645 + b1 = (address & 0xFF000000UL) | ((address & 0x00FF0000UL) >> 16) | (length & 0xF0000UL) | (flags << 20) | 0x9B00UL;
1646 + b2 = (address & 0xFF000000UL) | ((address & 0x00FF0000UL) >> 16) | (length & 0xF0000UL) | (flags << 20) | 0x9300UL;
1648 +#ifdef CONFIG_PAX_KERNEXEC
1649 + pax_open_kernel(cr0);
1652 + gdt_table[6].a = a;
1653 + gdt_table[6].b = b1;
1654 + gdt_table[7].a = a;
1655 + gdt_table[7].b = b2;
1657 +#ifdef CONFIG_PAX_SEGMEXEC
1658 + gdt_table2[6].a = a;
1659 + gdt_table2[6].b = b1;
1660 + gdt_table2[7].a = a;
1661 + gdt_table2[7].b = b2;
1664 +#ifdef CONFIG_PAX_KERNEXEC
1665 + pax_close_kernel(cr0);
1670 + case 0x80: /* Not present */
1671 + printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
1673 + default: /* Shouldn't happen */
1674 + printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
1675 + service, return_code);
1681 unsigned long address;
1682 unsigned short segment;
1683 -} pci_indirect = { 0, __KERNEL_CS };
1684 +} pci_indirect = { 0, __PCIBIOS_CS };
1686 static int pci_bios_present;
1688 @@ -631,11 +719,13 @@ static int __devinit check_pcibios(void)
1689 unsigned long flags, pcibios_entry;
1691 if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
1692 - pci_indirect.address = pcibios_entry + PAGE_OFFSET;
1693 + pci_indirect.address = pcibios_entry;
1695 __save_flags(flags); __cli();
1697 - "lcall (%%edi); cld\n\t"
1698 + __asm__("movw %w6, %%ds\n\t"
1699 + "lcall *%%ss:(%%edi); cld\n\t"
1705 @@ -644,7 +734,8 @@ static int __devinit check_pcibios(void)
1708 : "1" (PCIBIOS_PCI_BIOS_PRESENT),
1709 - "D" (&pci_indirect)
1710 + "D" (&pci_indirect),
1711 + "r" (__PCIBIOS_DS)
1713 __restore_flags(flags);
1715 @@ -680,7 +771,10 @@ static int __devinit pci_bios_find_devic
1719 - __asm__("lcall (%%edi); cld\n\t"
1720 + __asm__("movw %w7, %%ds\n\t"
1721 + "lcall *%%ss:(%%edi); cld\n\t"
1727 @@ -690,7 +784,8 @@ static int __devinit pci_bios_find_devic
1731 - "D" (&pci_indirect));
1732 + "D" (&pci_indirect),
1733 + "r" (__PCIBIOS_DS));
1734 *bus = (bx >> 8) & 0xff;
1735 *device_fn = bx & 0xff;
1736 return (int) (ret & 0xff00) >> 8;
1737 @@ -709,7 +804,10 @@ static int pci_bios_read (int seg, int b
1741 - __asm__("lcall (%%esi); cld\n\t"
1742 + __asm__("movw %w6, %%ds\n\t"
1743 + "lcall *%%ss:(%%esi); cld\n\t"
1749 @@ -718,10 +816,14 @@ static int pci_bios_read (int seg, int b
1750 : "1" (PCIBIOS_READ_CONFIG_BYTE),
1753 - "S" (&pci_indirect));
1754 + "S" (&pci_indirect),
1755 + "r" (__PCIBIOS_DS));
1758 - __asm__("lcall (%%esi); cld\n\t"
1759 + __asm__("movw %w6, %%ds\n\t"
1760 + "lcall *%%ss:(%%esi); cld\n\t"
1766 @@ -730,10 +832,14 @@ static int pci_bios_read (int seg, int b
1767 : "1" (PCIBIOS_READ_CONFIG_WORD),
1770 - "S" (&pci_indirect));
1771 + "S" (&pci_indirect),
1772 + "r" (__PCIBIOS_DS));
1775 - __asm__("lcall (%%esi); cld\n\t"
1776 + __asm__("movw %w6, %%ds\n\t"
1777 + "lcall *%%ss:(%%esi); cld\n\t"
1783 @@ -742,7 +848,8 @@ static int pci_bios_read (int seg, int b
1784 : "1" (PCIBIOS_READ_CONFIG_DWORD),
1787 - "S" (&pci_indirect));
1788 + "S" (&pci_indirect),
1789 + "r" (__PCIBIOS_DS));
1793 @@ -764,7 +871,10 @@ static int pci_bios_write (int seg, int
1797 - __asm__("lcall (%%esi); cld\n\t"
1798 + __asm__("movw %w6, %%ds\n\t"
1799 + "lcall *%%ss:(%%esi); cld\n\t"
1805 @@ -773,10 +883,14 @@ static int pci_bios_write (int seg, int
1809 - "S" (&pci_indirect));
1810 + "S" (&pci_indirect),
1811 + "r" (__PCIBIOS_DS));
1814 - __asm__("lcall (%%esi); cld\n\t"
1815 + __asm__("movw %w6, %%ds\n\t"
1816 + "lcall *%%ss:(%%esi); cld\n\t"
1822 @@ -785,10 +899,14 @@ static int pci_bios_write (int seg, int
1826 - "S" (&pci_indirect));
1827 + "S" (&pci_indirect),
1828 + "r" (__PCIBIOS_DS));
1831 - __asm__("lcall (%%esi); cld\n\t"
1832 + __asm__("movw %w6, %%ds\n\t"
1833 + "lcall *%%ss:(%%esi); cld\n\t"
1839 @@ -797,7 +915,8 @@ static int pci_bios_write (int seg, int
1843 - "S" (&pci_indirect));
1844 + "S" (&pci_indirect),
1845 + "r" (__PCIBIOS_DS));
1849 @@ -1009,10 +1128,13 @@ struct irq_routing_table * __devinit pci
1851 DBG("PCI: Fetching IRQ routing table... ");
1852 __asm__("push %%es\n\t"
1853 + "movw %w8, %%ds\n\t"
1856 - "lcall (%%esi); cld\n\t"
1857 + "lcall *%%ss:(%%esi); cld\n\t"
1864 @@ -1023,7 +1145,8 @@ struct irq_routing_table * __devinit pci
1867 "S" (&pci_indirect),
1870 + "r" (__PCIBIOS_DS)
1872 DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map);
1874 @@ -1047,7 +1170,10 @@ int pcibios_set_irq_routing(struct pci_d
1878 - __asm__("lcall (%%esi); cld\n\t"
1879 + __asm__("movw %w5, %%ds\n\t"
1880 + "lcall *%%ss:(%%esi); cld\n\t"
1886 @@ -1055,7 +1181,8 @@ int pcibios_set_irq_routing(struct pci_d
1887 : "0" (PCIBIOS_SET_PCI_HW_INT),
1888 "b" ((dev->bus->number << 8) | dev->devfn),
1889 "c" ((irq << 8) | (pin + 10)),
1890 - "S" (&pci_indirect));
1891 + "S" (&pci_indirect),
1892 + "r" (__PCIBIOS_DS));
1893 return !(ret & 0xff00);
1896 diff -urNp linux-2.4.37.7/arch/i386/kernel/process.c linux-2.4.37.7/arch/i386/kernel/process.c
1897 --- linux-2.4.37.7/arch/i386/kernel/process.c 2009-11-07 11:52:20.000000000 -0500
1898 +++ linux-2.4.37.7/arch/i386/kernel/process.c 2009-11-10 19:30:27.000000000 -0500
1899 @@ -153,7 +153,7 @@ static int __init idle_setup (char *str)
1901 __setup("idle=", idle_setup);
1903 -static int reboot_mode;
1904 +static unsigned short reboot_mode;
1905 int reboot_thru_bios;
1908 @@ -209,18 +209,18 @@ __setup("reboot=", reboot_setup);
1909 doesn't work with at least one type of 486 motherboard. It is easy
1910 to stop this code working; hence the copious comments. */
1912 -static unsigned long long
1913 +static const unsigned long long
1914 real_mode_gdt_entries [3] =
1916 0x0000000000000000ULL, /* Null descriptor */
1917 - 0x00009a000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */
1918 - 0x000092000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */
1919 + 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */
1920 + 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */
1924 +static const struct
1926 unsigned short size __attribute__ ((packed));
1927 - unsigned long long * base __attribute__ ((packed));
1928 + const unsigned long long * base __attribute__ ((packed));
1930 real_mode_gdt = { sizeof (real_mode_gdt_entries) - 1, real_mode_gdt_entries },
1931 real_mode_idt = { 0x3ff, 0 },
1932 @@ -245,7 +245,7 @@ no_idt = { 0, 0 };
1933 More could be done here to set up the registers as if a CPU reset had
1934 occurred; hopefully real BIOSs don't assume much. */
1936 -static unsigned char real_mode_switch [] =
1937 +static const unsigned char real_mode_switch [] =
1939 0x66, 0x0f, 0x20, 0xc0, /* movl %cr0,%eax */
1940 0x66, 0x83, 0xe0, 0x11, /* andl $0x00000011,%eax */
1941 @@ -259,7 +259,7 @@ static unsigned char real_mode_switch []
1942 0x24, 0x10, /* f: andb $0x10,al */
1943 0x66, 0x0f, 0x22, 0xc0 /* movl %eax,%cr0 */
1945 -static unsigned char jump_to_bios [] =
1946 +static const unsigned char jump_to_bios [] =
1948 0xea, 0x00, 0x00, 0xff, 0xff /* ljmp $0xffff,$0x0000 */
1950 @@ -278,10 +278,14 @@ static inline void kb_wait(void)
1951 * specified by the code and length parameters.
1952 * We assume that length will aways be less that 100!
1954 -void machine_real_restart(unsigned char *code, int length)
1955 +void machine_real_restart(const unsigned char *code, unsigned int length)
1957 unsigned long flags;
1959 +#ifdef CONFIG_PAX_KERNEXEC
1960 + unsigned long cr0;
1965 /* Write zero to CMOS register number 0x0f, which the BIOS POST
1966 @@ -302,9 +306,17 @@ void machine_real_restart(unsigned char
1967 from the kernel segment. This assumes the kernel segment starts at
1968 virtual address PAGE_OFFSET. */
1970 +#ifdef CONFIG_PAX_KERNEXEC
1971 + pax_open_kernel(cr0);
1974 memcpy (swapper_pg_dir, swapper_pg_dir + USER_PGD_PTRS,
1975 sizeof (swapper_pg_dir [0]) * KERNEL_PGD_PTRS);
1977 +#ifdef CONFIG_PAX_KERNEXEC
1978 + pax_close_kernel(cr0);
1981 /* Make sure the first page is mapped to the start of physical memory.
1982 It is normally not mapped, to trap kernel NULL pointer dereferences. */
1984 @@ -321,7 +333,7 @@ void machine_real_restart(unsigned char
1985 REBOOT.COM programs, and the previous reset routine did this
1988 - *((unsigned short *)0x472) = reboot_mode;
1989 + __put_user(reboot_mode, (unsigned short *)0x472);
1991 /* For the switch to real mode, copy some code to low memory. It has
1992 to be in the first 64k because it is running in 16-bit mode, and it
1993 @@ -329,9 +341,9 @@ void machine_real_restart(unsigned char
1994 off paging. Copy it near the end of the first page, out of the way
1995 of BIOS variables. */
1997 - memcpy ((void *) (0x1000 - sizeof (real_mode_switch) - 100),
1998 + __copy_to_user ((void *) (0x1000 - sizeof (real_mode_switch) - 100),
1999 real_mode_switch, sizeof (real_mode_switch));
2000 - memcpy ((void *) (0x1000 - 100), code, length);
2001 + __copy_to_user ((void *) (0x1000 - 100), code, length);
2003 /* Set up the IDT for real mode. */
2005 @@ -414,7 +426,7 @@ void machine_restart(char * __unused)
2007 if(!reboot_thru_bios) {
2008 /* rebooting needs to touch the page at absolute addr 0 */
2009 - *((unsigned short *)__va(0x472)) = reboot_mode;
2010 + __put_user(reboot_mode, (unsigned short *)0x472);
2013 for (i=0; i<100; i++) {
2014 @@ -552,7 +564,7 @@ int copy_thread(int nr, unsigned long cl
2016 struct pt_regs * childregs;
2018 - childregs = ((struct pt_regs *) (THREAD_SIZE + (unsigned long) p)) - 1;
2019 + childregs = ((struct pt_regs *) (THREAD_SIZE + (unsigned long) p - sizeof(unsigned long))) - 1;
2020 struct_cpy(childregs, regs);
2022 childregs->esp = esp;
2023 @@ -613,6 +625,19 @@ void dump_thread(struct pt_regs * regs,
2024 dump->u_fpvalid = dump_fpu (regs, &dump->i387);
2027 +#ifdef CONFIG_PAX_SEGMEXEC
2028 +void pax_switch_segments(struct task_struct * tsk)
2033 + if (tsk->mm->pax_flags & MF_PAX_SEGMEXEC)
2034 + __asm__ __volatile__("lgdt %0": "=m" (gdt_descr2));
2036 + __asm__ __volatile__("lgdt %0": "=m" (gdt_descr));
2041 * This special macro can be used to load a debugging register
2043 @@ -650,12 +675,15 @@ void fastcall __switch_to(struct task_st
2044 *next = &next_p->thread;
2045 struct tss_struct *tss = init_tss + smp_processor_id();
2047 +#ifdef CONFIG_PAX_KERNEXEC
2048 + unsigned long cr0;
2054 - * Reload esp0, LDT and the page table pointer:
2056 - tss->esp0 = next->esp0;
2057 +#ifdef CONFIG_PAX_SEGMEXEC
2058 + pax_switch_segments(next_p);
2062 * Save away %fs and %gs. No need to save %es and %ds, as
2063 @@ -683,6 +711,15 @@ void fastcall __switch_to(struct task_st
2067 +#ifdef CONFIG_PAX_KERNEXEC
2068 + pax_open_kernel(cr0);
2072 + * Reload esp0, LDT and the page table pointer:
2074 + tss->esp0 = next->esp0;
2076 if (prev->ioperm || next->ioperm) {
2079 @@ -705,6 +742,11 @@ void fastcall __switch_to(struct task_st
2081 tss->bitmap = INVALID_IO_BITMAP_OFFSET;
2084 +#ifdef CONFIG_PAX_KERNEXEC
2085 + pax_close_kernel(cr0);
2090 asmlinkage int sys_fork(struct pt_regs regs)
2091 @@ -792,3 +834,44 @@ unsigned long get_wchan(struct task_stru
2096 +#ifdef CONFIG_PAX_RANDKSTACK
2097 +asmlinkage void pax_randomize_kstack(void)
2099 + struct tss_struct *tss;
2100 + unsigned long time;
2102 +#ifdef CONFIG_PAX_KERNEXEC
2103 + unsigned long cr0;
2106 +#ifdef CONFIG_PAX_SOFTMODE
2111 + tss = init_tss + smp_processor_id();
2114 + /* P4 seems to return a 0 LSB, ignore it */
2115 +#ifdef CONFIG_MPENTIUM4
2123 +#ifdef CONFIG_PAX_KERNEXEC
2124 + pax_open_kernel(cr0);
2127 + tss->esp0 ^= time;
2128 + current->thread.esp0 = tss->esp0;
2130 +#ifdef CONFIG_PAX_KERNEXEC
2131 + pax_close_kernel(cr0);
2136 diff -urNp linux-2.4.37.7/arch/i386/kernel/ptrace.c linux-2.4.37.7/arch/i386/kernel/ptrace.c
2137 --- linux-2.4.37.7/arch/i386/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
2138 +++ linux-2.4.37.7/arch/i386/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
2140 #include <linux/errno.h>
2141 #include <linux/ptrace.h>
2142 #include <linux/user.h>
2143 +#include <linux/grsecurity.h>
2145 #include <asm/uaccess.h>
2146 #include <asm/pgtable.h>
2147 @@ -177,6 +178,9 @@ asmlinkage int sys_ptrace(long request,
2148 if (pid == 1) /* you may not mess with init */
2151 + if(gr_handle_ptrace(child, request))
2154 if (request == PTRACE_ATTACH) {
2155 ret = ptrace_attach(child);
2157 @@ -256,6 +260,17 @@ asmlinkage int sys_ptrace(long request,
2158 if(addr < (long) &dummy->u_debugreg[4] &&
2159 ((unsigned long) data) >= TASK_SIZE-3) break;
2161 +#ifdef CONFIG_GRKERNSEC
2162 + if(addr >= (long) &dummy->u_debugreg[0] &&
2163 + addr <= (long) &dummy->u_debugreg[3]){
2164 + long reg = (addr - (long) &dummy->u_debugreg[0]) >> 2;
2165 + long type = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 4*reg)) & 3;
2166 + long align = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 2 + 4*reg)) & 3;
2167 + if((type & 1) && (data & align))
2172 if(addr == (long) &dummy->u_debugreg[7]) {
2173 data &= ~DR_CONTROL_RESERVED;
2175 diff -urNp linux-2.4.37.7/arch/i386/kernel/setup.c linux-2.4.37.7/arch/i386/kernel/setup.c
2176 --- linux-2.4.37.7/arch/i386/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
2177 +++ linux-2.4.37.7/arch/i386/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
2178 @@ -129,7 +129,11 @@
2179 char ignore_irq13; /* set if exception 16 works */
2180 struct cpuinfo_x86 boot_cpu_data = { 0, 0, 0, 0, -1, 1, 0, 0, -1 };
2182 +#ifdef CONFIG_X86_PAE
2183 +unsigned long mmu_cr4_features = X86_CR4_PAE;
2185 unsigned long mmu_cr4_features;
2187 EXPORT_SYMBOL(mmu_cr4_features);
2190 @@ -170,7 +174,7 @@ unsigned char aux_device_present;
2191 extern void mcheck_init(struct cpuinfo_x86 *c);
2192 extern void dmi_scan_machine(void);
2193 extern int root_mountflags;
2194 -extern char _text, _etext, _edata, _end;
2195 +extern char _text, _etext, _data, _edata, _end;
2197 static int have_cpuid_p(void) __init;
2199 @@ -1209,14 +1213,14 @@ void __init setup_arch(char **cmdline_p)
2201 if (!MOUNT_ROOT_RDONLY)
2202 root_mountflags &= ~MS_RDONLY;
2203 - init_mm.start_code = (unsigned long) &_text;
2204 - init_mm.end_code = (unsigned long) &_etext;
2205 + init_mm.start_code = (unsigned long) &_text + __KERNEL_TEXT_OFFSET;
2206 + init_mm.end_code = (unsigned long) &_etext + __KERNEL_TEXT_OFFSET;
2207 init_mm.end_data = (unsigned long) &_edata;
2208 init_mm.brk = (unsigned long) &_end;
2210 - code_resource.start = virt_to_bus(&_text);
2211 - code_resource.end = virt_to_bus(&_etext)-1;
2212 - data_resource.start = virt_to_bus(&_etext);
2213 + code_resource.start = virt_to_bus(&_text + __KERNEL_TEXT_OFFSET);
2214 + code_resource.end = virt_to_bus(&_etext + __KERNEL_TEXT_OFFSET)-1;
2215 + data_resource.start = virt_to_bus(&_data);
2216 data_resource.end = virt_to_bus(&_edata)-1;
2218 parse_cmdline_early(cmdline_p);
2219 @@ -3164,7 +3168,7 @@ static void *c_next(struct seq_file *m,
2220 static void c_stop(struct seq_file *m, void *v)
2223 -struct seq_operations cpuinfo_op = {
2224 +const struct seq_operations cpuinfo_op = {
2228 @@ -3184,6 +3188,10 @@ void __init cpu_init (void)
2229 int nr = smp_processor_id();
2230 struct tss_struct * t = &init_tss[nr];
2232 +#ifdef CONFIG_PAX_KERNEXEC
2233 + unsigned long cr0;
2236 if (test_and_set_bit(nr, &cpu_initialized)) {
2237 printk(KERN_WARNING "CPU#%d already initialized!\n", nr);
2239 @@ -3218,10 +3226,19 @@ void __init cpu_init (void)
2241 enter_lazy_tlb(&init_mm, current, nr);
2243 - t->esp0 = current->thread.esp0;
2245 - gdt_table[__TSS(nr)].b &= 0xfffffdff;
2247 +#ifdef CONFIG_PAX_KERNEXEC
2248 + pax_open_kernel(cr0);
2251 + t->esp0 = current->thread.esp0;
2254 +#ifdef CONFIG_PAX_KERNEXEC
2255 + pax_close_kernel(cr0);
2258 load_LDT(&init_mm.context);
2261 @@ -3288,7 +3305,53 @@ int __init ppro_with_ram_bug(void)
2262 printk(KERN_INFO "Your Pentium Pro seems ok.\n");
2267 +static int current_ypos = 25, current_xpos;
2268 +#define VGABASE (0xb8000)
2269 +#define VGAXY(x, y) (VGABASE + 2 * (x + y * SCREEN_INFO.orig_video_cols))
2271 +static void early_vga_write(const char *str, int n)
2276 + while ((c = *str++) != '\0' && n-- > 0) {
2277 + if (current_ypos >= SCREEN_INFO.orig_video_lines) {
2278 + /* scroll 1 line up */
2279 + for (k = 1, j = 0; k < SCREEN_INFO.orig_video_lines; k++, j++) {
2280 + for (i = 0; i < SCREEN_INFO.orig_video_cols; i++) {
2281 + isa_writew(isa_readw(VGAXY(i, k)), VGAXY(i, j));
2284 + for (i = 0; i < SCREEN_INFO.orig_video_cols; i++)
2285 + isa_writew(0x720, VGAXY(i, j));
2286 + current_ypos = SCREEN_INFO.orig_video_lines-1;
2291 + } else if (c != '\r') {
2292 + isa_writew((0x700 | (unsigned short) c), VGAXY(current_xpos, current_ypos));
2293 + if (++current_xpos >= SCREEN_INFO.orig_video_cols) {
2301 +asmlinkage void __init early_printk(const char *fmt, ...)
2307 + va_start(ap, fmt);
2308 + n = vsnprintf(buf, 512, fmt, ap);
2309 + early_vga_write(buf, n);
2316 diff -urNp linux-2.4.37.7/arch/i386/kernel/sys_i386.c linux-2.4.37.7/arch/i386/kernel/sys_i386.c
2317 --- linux-2.4.37.7/arch/i386/kernel/sys_i386.c 2009-11-07 11:52:20.000000000 -0500
2318 +++ linux-2.4.37.7/arch/i386/kernel/sys_i386.c 2009-11-10 19:30:27.000000000 -0500
2319 @@ -48,6 +48,11 @@ static inline long do_mmap2(
2321 struct file * file = NULL;
2323 +#ifdef CONFIG_PAX_SEGMEXEC
2324 + if (flags & MAP_MIRROR)
2328 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
2329 if (!(flags & MAP_ANONYMOUS)) {
2331 diff -urNp linux-2.4.37.7/arch/i386/kernel/trampoline.S linux-2.4.37.7/arch/i386/kernel/trampoline.S
2332 --- linux-2.4.37.7/arch/i386/kernel/trampoline.S 2009-11-07 11:52:20.000000000 -0500
2333 +++ linux-2.4.37.7/arch/i386/kernel/trampoline.S 2009-11-10 19:30:27.000000000 -0500
2334 @@ -54,7 +54,7 @@ r_base = .
2335 lmsw %ax # into protected mode
2338 - ljmpl $__KERNEL_CS, $0x00100000
2339 + ljmpl $__KERNEL_CS, $SYMBOL_NAME(startup_32) + __KERNEL_TEXT_OFFSET - __PAGE_OFFSET
2340 # jump to startup_32 in arch/i386/kernel/head.S
2343 @@ -62,8 +62,8 @@ idt_48:
2344 .word 0, 0 # idt base = 0L
2347 - .word 0x0800 # gdt limit = 2048, 256 GDT entries
2348 - .long gdt_table-__PAGE_OFFSET # gdt base = gdt (first SMP CPU)
2349 + .word __KERNEL_DS+7 # gdt limit = just the minimum
2350 + .long boot_gdt_table-__PAGE_OFFSET # gdt base = boot_gdt (first SMP CPU)
2352 .globl SYMBOL_NAME(trampoline_end)
2353 SYMBOL_NAME_LABEL(trampoline_end)
2354 diff -urNp linux-2.4.37.7/arch/i386/kernel/traps.c linux-2.4.37.7/arch/i386/kernel/traps.c
2355 --- linux-2.4.37.7/arch/i386/kernel/traps.c 2009-11-07 11:52:20.000000000 -0500
2356 +++ linux-2.4.37.7/arch/i386/kernel/traps.c 2009-11-10 19:30:27.000000000 -0500
2357 @@ -54,15 +54,10 @@ asmlinkage int system_call(void);
2358 asmlinkage void lcall7(void);
2359 asmlinkage void lcall27(void);
2361 -struct desc_struct default_ldt[] = { { 0, 0 }, { 0, 0 }, { 0, 0 },
2362 +const struct desc_struct default_ldt[] = { { 0, 0 }, { 0, 0 }, { 0, 0 },
2363 { 0, 0 }, { 0, 0 } };
2366 - * The IDT has to be page-aligned to simplify the Pentium
2367 - * F0 0F bug workaround.. We have a special link segment
2370 -struct desc_struct idt_table[256] __attribute__((__section__(".data.idt"))) = { {0, 0}, };
2371 +extern struct desc_struct idt_table[256];
2373 asmlinkage void divide_error(void);
2374 asmlinkage void debug(void);
2375 @@ -87,6 +82,7 @@ asmlinkage void machine_check(void);
2377 int kstack_depth_to_print = 24;
2379 +extern char _text, _sinittext, _einittext;
2382 * If the address is either in the .text section of the
2383 @@ -104,6 +100,10 @@ static inline int kernel_text_address(un
2387 + if (addr >= (unsigned long) &_sinittext &&
2388 + addr <= (unsigned long) &_einittext)
2391 if (addr >= (unsigned long) &_stext &&
2392 addr <= (unsigned long) &_etext)
2394 @@ -125,8 +125,15 @@ static inline int kernel_text_address(un
2396 static inline int kernel_text_address(unsigned long addr)
2398 - return (addr >= (unsigned long) &_stext &&
2399 - addr <= (unsigned long) &_etext);
2400 + if (addr >= (unsigned long) &_sinittext &&
2401 + addr <= (unsigned long) &_einittext)
2404 + if (addr >= (unsigned long) &_stext &&
2405 + addr <= (unsigned long) &_etext)
2412 @@ -228,13 +235,13 @@ void show_registers(struct pt_regs *regs
2413 show_stack((unsigned long*)esp);
2416 - if(regs->eip < PAGE_OFFSET)
2417 + if(regs->eip + __KERNEL_TEXT_OFFSET < PAGE_OFFSET)
2423 - if(__get_user(c, &((unsigned char*)regs->eip)[i])) {
2424 + if(__get_user(c, &((unsigned char*)regs->eip)[i+__KERNEL_TEXT_OFFSET])) {
2426 printk(" Bad EIP value.");
2428 @@ -256,7 +263,7 @@ static void handle_BUG(struct pt_regs *r
2430 goto no_bug; /* Not in kernel */
2433 + eip = regs->eip + __KERNEL_TEXT_OFFSET;
2435 if (eip < PAGE_OFFSET)
2437 @@ -264,10 +271,11 @@ static void handle_BUG(struct pt_regs *r
2441 - if (__get_user(line, (unsigned short *)(eip + 2)))
2442 + if (__get_user(line, (unsigned short *)(eip + 7)))
2444 - if (__get_user(file, (char **)(eip + 4)) ||
2445 - (unsigned long)file < PAGE_OFFSET || __get_user(c, file))
2446 + if (__get_user(file, (char **)(eip + 3)) || file < &_text + __KERNEL_TEXT_OFFSET)
2448 + if (__get_user(c, file))
2449 file = "<bad filename>";
2451 printk("kernel BUG at %s:%d!\n", file, line);
2452 @@ -422,6 +430,13 @@ gp_in_kernel:
2457 +#ifdef CONFIG_PAX_KERNEXEC
2458 + if ((regs->xcs & 0xFFFF) == __KERNEL_CS)
2459 + die("PAX: suspicious general protection fault", regs, error_code);
2463 die("general protection fault", regs, error_code);
2466 @@ -527,13 +542,12 @@ asmlinkage void do_debug(struct pt_regs
2468 unsigned int condition;
2469 struct task_struct *tsk = current;
2470 - unsigned long eip = regs->eip;
2473 __asm__ __volatile__("movl %%db6,%0" : "=r" (condition));
2475 /* If the user set TF, it's simplest to clear it right away. */
2476 - if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
2477 + if (!(regs->xcs & 3) && (regs->eflags & TF_MASK) && !(regs->eflags & VM_MASK))
2480 /* Mask out spurious debug traps due to lazy DR7 setting */
2481 @@ -778,6 +792,8 @@ asmlinkage void math_emulate(long arg)
2482 #ifndef CONFIG_X86_F00F_WORKS_OK
2483 void __init trap_init_f00f_bug(void)
2486 +#ifndef CONFIG_PAX_KERNEXEC
2488 * "idt" is magic - it overlaps the idt_descr
2489 * variable so that updating idt will automatically
2490 @@ -787,12 +803,17 @@ void __init trap_init_f00f_bug(void)
2491 idt = (struct desc_struct *)__fix_to_virt(FIX_F00F);
2493 __asm__ __volatile__("lidt %0": "=m" (idt_descr));
2499 +#ifdef CONFIG_PAX_KERNEXEC
2500 #define _set_gate(gate_addr,type,dpl,addr) \
2503 + unsigned long cr0; \
2504 + pax_open_kernel(cr0); \
2505 __asm__ __volatile__ ("movw %%dx,%%ax\n\t" \
2506 "movw %4,%%dx\n\t" \
2507 "movl %%eax,%0\n\t" \
2508 @@ -801,8 +822,22 @@ do { \
2509 "=m" (*(1+(long *) (gate_addr))), "=&a" (__d0), "=&d" (__d1) \
2510 :"i" ((short) (0x8000+(dpl<<13)+(type<<8))), \
2511 "3" ((char *) (addr)),"2" (__KERNEL_CS << 16)); \
2512 + pax_close_kernel(cr0); \
2516 +#define _set_gate(gate_addr,type,dpl,addr) \
2519 + __asm__ __volatile__ ("movw %%dx,%%ax\n\t" \
2520 + "movw %4,%%dx\n\t" \
2521 + "movl %%eax,%0\n\t" \
2523 + :"=m" (*((long *) (gate_addr))), \
2524 + "=m" (*(1+(long *) (gate_addr))), "=&a" (__d0), "=&d" (__d1) \
2525 + :"i" ((short) (0x8000+(dpl<<13)+(type<<8))), \
2526 + "3" ((char *) (addr)),"2" (__KERNEL_CS << 16)); \
2531 * This needs to use 'idt_table' rather than 'idt', and
2532 @@ -810,26 +845,42 @@ do { \
2533 * Pentium F0 0F bugfix can have resulted in the mapped
2534 * IDT being write-protected.
2536 -void set_intr_gate(unsigned int n, void *addr)
2537 +void set_intr_gate(unsigned int n, const void *addr)
2539 _set_gate(idt_table+n,14,0,addr);
2542 -static void __init set_trap_gate(unsigned int n, void *addr)
2543 +static void __init set_trap_gate(unsigned int n, const void *addr)
2545 _set_gate(idt_table+n,15,0,addr);
2548 -static void __init set_system_gate(unsigned int n, void *addr)
2549 +static void __init set_system_gate(unsigned int n, const void *addr)
2551 _set_gate(idt_table+n,15,3,addr);
2554 -static void __init set_call_gate(void *a, void *addr)
2555 +static void __init set_call_gate(const void *a, const void *addr)
2557 _set_gate(a,12,3,addr);
2560 +#ifdef CONFIG_PAX_KERNEXEC
2561 +#define _set_seg_desc(gate_addr,type,dpl,base,limit) \
2563 + unsigned long cr0; \
2564 + pax_open_kernel(cr0); \
2565 + *((gate_addr)+1) = ((base) & 0xff000000) | \
2566 + (((base) & 0x00ff0000)>>16) | \
2567 + ((limit) & 0xf0000) | \
2571 + *(gate_addr) = (((base) & 0x0000ffff)<<16) | \
2572 + ((limit) & 0x0ffff); \
2573 + pax_close_kernel(cr0); \
2576 #define _set_seg_desc(gate_addr,type,dpl,base,limit) {\
2577 *((gate_addr)+1) = ((base) & 0xff000000) | \
2578 (((base) & 0x00ff0000)>>16) | \
2579 @@ -839,7 +890,25 @@ static void __init set_call_gate(void *a
2581 *(gate_addr) = (((base) & 0x0000ffff)<<16) | \
2582 ((limit) & 0x0ffff); }
2585 +#ifdef CONFIG_PAX_KERNEXEC
2586 +#define _set_tssldt_desc(n,addr,limit,type) \
2588 + unsigned long cr0; \
2589 + pax_open_kernel(cr0); \
2590 + __asm__ __volatile__ ("movw %w3,0(%2)\n\t" \
2591 + "movw %%ax,2(%2)\n\t" \
2592 + "rorl $16,%%eax\n\t" \
2593 + "movb %%al,4(%2)\n\t" \
2594 + "movb %4,5(%2)\n\t" \
2595 + "movb $0,6(%2)\n\t" \
2596 + "movb %%ah,7(%2)\n\t" \
2597 + "rorl $16,%%eax" \
2598 + : "=m"(*(n)) : "a" (addr), "r"(n), "ir"(limit), "i"(type)); \
2599 + pax_close_kernel(cr0); \
2602 #define _set_tssldt_desc(n,addr,limit,type) \
2603 __asm__ __volatile__ ("movw %w3,0(%2)\n\t" \
2604 "movw %%ax,2(%2)\n\t" \
2605 @@ -850,15 +919,26 @@ __asm__ __volatile__ ("movw %w3,0(%2)\n\
2606 "movb %%ah,7(%2)\n\t" \
2608 : "=m"(*(n)) : "a" (addr), "r"(n), "ir"(limit), "i"(type))
2611 -void set_tss_desc(unsigned int n, void *addr)
2612 +void set_tss_desc(unsigned int n, const void *addr)
2614 _set_tssldt_desc(gdt_table+__TSS(n), (int)addr, 235, 0x89);
2616 +#ifdef CONFIG_PAX_SEGMEXEC
2617 + _set_tssldt_desc(gdt_table2+__TSS(n), (int)addr, 235, 0x89);
2622 -void set_ldt_desc(unsigned int n, void *addr, unsigned int size)
2623 +void set_ldt_desc(unsigned int n, const void *addr, unsigned int size)
2625 _set_tssldt_desc(gdt_table+__LDT(n), (int)addr, ((size << 3)-1), 0x82);
2627 +#ifdef CONFIG_PAX_SEGMEXEC
2628 + _set_tssldt_desc(gdt_table2+__LDT(n), (int)addr, ((size << 3)-1), 0x82);
2633 #ifdef CONFIG_X86_VISWS_APIC
2634 diff -urNp linux-2.4.37.7/arch/i386/kernel/vm86.c linux-2.4.37.7/arch/i386/kernel/vm86.c
2635 --- linux-2.4.37.7/arch/i386/kernel/vm86.c 2009-11-07 11:52:20.000000000 -0500
2636 +++ linux-2.4.37.7/arch/i386/kernel/vm86.c 2009-11-10 19:30:27.000000000 -0500
2638 #include <asm/pgalloc.h>
2640 #include <asm/irq.h>
2641 +#include <asm/desc.h>
2645 @@ -97,6 +98,10 @@ struct pt_regs * fastcall save_v86_state
2646 struct pt_regs *ret;
2649 +#ifdef CONFIG_PAX_KERNEXEC
2650 + unsigned long cr0;
2653 if (!current->thread.vm86_info) {
2654 printk("no vm86_info: BAD\n");
2656 @@ -111,7 +116,17 @@ struct pt_regs * fastcall save_v86_state
2659 tss = init_tss + smp_processor_id();
2661 +#ifdef CONFIG_PAX_KERNEXEC
2662 + pax_open_kernel(cr0);
2665 tss->esp0 = current->thread.esp0 = current->thread.saved_esp0;
2667 +#ifdef CONFIG_PAX_KERNEXEC
2668 + pax_close_kernel(cr0);
2671 current->thread.saved_esp0 = 0;
2672 ret = KVM86->regs32;
2674 @@ -237,6 +252,11 @@ out:
2675 static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk)
2677 struct tss_struct *tss;
2679 +#ifdef CONFIG_PAX_KERNEXEC
2680 + unsigned long cr3;
2684 * make sure the vm86() system call doesn't try to do anything silly
2686 @@ -278,8 +298,17 @@ static void do_sys_vm86(struct kernel_vm
2687 info->regs32->eax = 0;
2688 tsk->thread.saved_esp0 = tsk->thread.esp0;
2689 tss = init_tss + smp_processor_id();
2691 +#ifdef CONFIG_PAX_KERNEXEC
2692 + pax_open_kernel(cr3);
2695 tss->esp0 = tsk->thread.esp0 = (unsigned long) &info->VM86_TSS_ESP0;
2697 +#ifdef CONFIG_PAX_KERNEXEC
2698 + pax_close_kernel(cr3);
2701 tsk->thread.screen_bitmap = info->screen_bitmap;
2702 if (info->flags & VM86_SCREEN_BITMAP)
2703 mark_screen_rdonly(tsk);
2704 diff -urNp linux-2.4.37.7/arch/i386/lib/checksum.S linux-2.4.37.7/arch/i386/lib/checksum.S
2705 --- linux-2.4.37.7/arch/i386/lib/checksum.S 2009-11-07 11:52:20.000000000 -0500
2706 +++ linux-2.4.37.7/arch/i386/lib/checksum.S 2009-11-10 19:30:27.000000000 -0500
2709 #include <linux/config.h>
2710 #include <asm/errno.h>
2712 +#include <asm/segment.h>
2715 * computes a partial checksum, e.g. for TCP/UDP fragments
2717 @@ -281,12 +282,23 @@ unsigned int csum_partial_copy_generic (
2720 .globl csum_partial_copy_generic
2722 +.globl csum_partial_copy_generic_to_user
2723 +.globl csum_partial_copy_generic_from_user
2725 #ifndef CONFIG_X86_USE_PPRO_CHECKSUM
2731 +csum_partial_copy_generic_to_user:
2732 + pushl $(__USER_DS)
2734 + jmp csum_partial_copy_generic
2736 +csum_partial_copy_generic_from_user:
2737 + pushl $(__USER_DS)
2740 csum_partial_copy_generic:
2743 @@ -305,7 +317,7 @@ csum_partial_copy_generic:
2745 SRC(1: movw (%esi), %bx )
2747 -DST( movw %bx, (%edi) )
2748 +DST( movw %bx, %es:(%edi) )
2752 @@ -317,30 +329,30 @@ DST( movw %bx, (%edi) )
2753 SRC(1: movl (%esi), %ebx )
2754 SRC( movl 4(%esi), %edx )
2756 -DST( movl %ebx, (%edi) )
2757 +DST( movl %ebx, %es:(%edi) )
2759 -DST( movl %edx, 4(%edi) )
2760 +DST( movl %edx, %es:4(%edi) )
2762 SRC( movl 8(%esi), %ebx )
2763 SRC( movl 12(%esi), %edx )
2765 -DST( movl %ebx, 8(%edi) )
2766 +DST( movl %ebx, %es:8(%edi) )
2768 -DST( movl %edx, 12(%edi) )
2769 +DST( movl %edx, %es:12(%edi) )
2771 SRC( movl 16(%esi), %ebx )
2772 SRC( movl 20(%esi), %edx )
2774 -DST( movl %ebx, 16(%edi) )
2775 +DST( movl %ebx, %es:16(%edi) )
2777 -DST( movl %edx, 20(%edi) )
2778 +DST( movl %edx, %es:20(%edi) )
2780 SRC( movl 24(%esi), %ebx )
2781 SRC( movl 28(%esi), %edx )
2783 -DST( movl %ebx, 24(%edi) )
2784 +DST( movl %ebx, %es:24(%edi) )
2786 -DST( movl %edx, 28(%edi) )
2787 +DST( movl %edx, %es:28(%edi) )
2791 @@ -354,7 +366,7 @@ DST( movl %edx, 28(%edi) )
2792 shrl $2, %edx # This clears CF
2793 SRC(3: movl (%esi), %ebx )
2795 -DST( movl %ebx, (%edi) )
2796 +DST( movl %ebx, %es:(%edi) )
2800 @@ -366,12 +378,12 @@ DST( movl %ebx, (%edi) )
2802 SRC( movw (%esi), %cx )
2804 -DST( movw %cx, (%edi) )
2805 +DST( movw %cx, %es:(%edi) )
2809 SRC(5: movb (%esi), %cl )
2810 -DST( movb %cl, (%edi) )
2811 +DST( movb %cl, %es:(%edi) )
2815 @@ -382,7 +394,7 @@ DST( movb %cl, (%edi) )
2818 movl ARGBASE+20(%esp), %ebx # src_err_ptr
2819 - movl $-EFAULT, (%ebx)
2820 + movl $-EFAULT, %ss:(%ebx)
2822 # zero the complete destination - computing the rest
2824 @@ -395,11 +407,15 @@ DST( movb %cl, (%edi) )
2827 movl ARGBASE+24(%esp), %ebx # dst_err_ptr
2828 - movl $-EFAULT,(%ebx)
2829 + movl $-EFAULT,%ss:(%ebx)
2841 @@ -411,17 +427,28 @@ DST( movb %cl, (%edi) )
2842 /* Version for PentiumII/PPro */
2846 SRC(movl x(%esi), %ebx ) ; \
2848 - DST(movl %ebx, x(%edi) ) ;
2849 + DST(movl %ebx, %es:x(%edi));
2853 SRC(movl x(%esi), %ebx ) ; \
2855 - DST(movl %ebx, x(%edi) ) ;
2856 + DST(movl %ebx, %es:x(%edi));
2861 +csum_partial_copy_generic_to_user:
2862 + pushl $(__USER_DS)
2864 + jmp csum_partial_copy_generic
2866 +csum_partial_copy_generic_from_user:
2867 + pushl $(__USER_DS)
2870 csum_partial_copy_generic:
2873 @@ -440,7 +467,7 @@ csum_partial_copy_generic:
2877 - lea 3f(%ebx,%ebx), %ebx
2878 + lea 3f(%ebx,%ebx,2), %ebx
2882 @@ -461,19 +488,19 @@ csum_partial_copy_generic:
2884 SRC( movw (%esi), %dx )
2886 -DST( movw %dx, (%edi) )
2887 +DST( movw %dx, %es:(%edi) )
2892 SRC( movb (%esi), %dl )
2893 -DST( movb %dl, (%edi) )
2894 +DST( movb %dl, %es:(%edi) )
2898 .section .fixup, "ax"
2899 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr
2900 - movl $-EFAULT, (%ebx)
2901 + movl $-EFAULT, %ss:(%ebx)
2902 # zero the complete destination (computing the rest is too much work)
2903 movl ARGBASE+8(%esp),%edi # dst
2904 movl ARGBASE+12(%esp),%ecx # len
2905 @@ -481,10 +508,14 @@ DST( movb %dl, (%edi) )
2908 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr
2909 - movl $-EFAULT, (%ebx)
2910 + movl $-EFAULT, %ss:(%ebx)
2921 diff -urNp linux-2.4.37.7/arch/i386/lib/getuser.S linux-2.4.37.7/arch/i386/lib/getuser.S
2922 --- linux-2.4.37.7/arch/i386/lib/getuser.S 2009-11-07 11:52:20.000000000 -0500
2923 +++ linux-2.4.37.7/arch/i386/lib/getuser.S 2009-11-10 19:30:27.000000000 -0500
2928 +#include <asm/segment.h>
2933 @@ -31,7 +33,11 @@ __get_user_1:
2934 andl $0xffffe000,%edx
2935 cmpl addr_limit(%edx),%eax
2937 + pushl $(__USER_DS)
2939 1: movzbl (%eax),%edx
2945 @@ -44,7 +50,11 @@ __get_user_2:
2946 andl $0xffffe000,%edx
2947 cmpl addr_limit(%edx),%eax
2949 + pushl $(__USER_DS)
2951 2: movzwl -1(%eax),%edx
2957 @@ -57,11 +67,17 @@ __get_user_4:
2958 andl $0xffffe000,%edx
2959 cmpl addr_limit(%edx),%eax
2961 + pushl $(__USER_DS)
2963 3: movl -3(%eax),%edx
2975 diff -urNp linux-2.4.37.7/arch/i386/lib/mmx.c linux-2.4.37.7/arch/i386/lib/mmx.c
2976 --- linux-2.4.37.7/arch/i386/lib/mmx.c 2009-11-07 11:52:20.000000000 -0500
2977 +++ linux-2.4.37.7/arch/i386/lib/mmx.c 2009-11-10 19:30:27.000000000 -0500
2978 @@ -30,6 +30,7 @@ void *_mmx_memcpy(void *to, const void *
2982 + unsigned long cr0;
2985 return __memcpy(to, from, len);
2986 @@ -40,52 +41,80 @@ void *_mmx_memcpy(void *to, const void *
2989 __asm__ __volatile__ (
2990 - "1: prefetch (%0)\n" /* This set is 28 bytes */
2991 - " prefetch 64(%0)\n"
2992 - " prefetch 128(%0)\n"
2993 - " prefetch 192(%0)\n"
2994 - " prefetch 256(%0)\n"
2995 + "1: prefetch (%1)\n" /* This set is 28 bytes */
2996 + " prefetch 64(%1)\n"
2997 + " prefetch 128(%1)\n"
2998 + " prefetch 192(%1)\n"
2999 + " prefetch 256(%1)\n"
3001 ".section .fixup, \"ax\"\n"
3002 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
3005 +#ifdef CONFIG_PAX_KERNEXEC
3006 + " movl %%cr0, %0\n"
3007 + " movl %0, %%eax\n"
3008 + " andl $0xFFFEFFFF, %%eax\n"
3009 + " movl %%eax, %%cr0\n"
3012 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
3014 +#ifdef CONFIG_PAX_KERNEXEC
3015 + " movl %0, %%cr0\n"
3020 ".section __ex_table,\"a\"\n"
3025 + : "=&r" (cr0) : "r" (from) : "ax");
3030 __asm__ __volatile__ (
3031 - "1: prefetch 320(%0)\n"
3032 - "2: movq (%0), %%mm0\n"
3033 - " movq 8(%0), %%mm1\n"
3034 - " movq 16(%0), %%mm2\n"
3035 - " movq 24(%0), %%mm3\n"
3036 - " movq %%mm0, (%1)\n"
3037 - " movq %%mm1, 8(%1)\n"
3038 - " movq %%mm2, 16(%1)\n"
3039 - " movq %%mm3, 24(%1)\n"
3040 - " movq 32(%0), %%mm0\n"
3041 - " movq 40(%0), %%mm1\n"
3042 - " movq 48(%0), %%mm2\n"
3043 - " movq 56(%0), %%mm3\n"
3044 - " movq %%mm0, 32(%1)\n"
3045 - " movq %%mm1, 40(%1)\n"
3046 - " movq %%mm2, 48(%1)\n"
3047 - " movq %%mm3, 56(%1)\n"
3048 + "1: prefetch 320(%1)\n"
3049 + "2: movq (%1), %%mm0\n"
3050 + " movq 8(%1), %%mm1\n"
3051 + " movq 16(%1), %%mm2\n"
3052 + " movq 24(%1), %%mm3\n"
3053 + " movq %%mm0, (%2)\n"
3054 + " movq %%mm1, 8(%2)\n"
3055 + " movq %%mm2, 16(%2)\n"
3056 + " movq %%mm3, 24(%2)\n"
3057 + " movq 32(%1), %%mm0\n"
3058 + " movq 40(%1), %%mm1\n"
3059 + " movq 48(%1), %%mm2\n"
3060 + " movq 56(%1), %%mm3\n"
3061 + " movq %%mm0, 32(%2)\n"
3062 + " movq %%mm1, 40(%2)\n"
3063 + " movq %%mm2, 48(%2)\n"
3064 + " movq %%mm3, 56(%2)\n"
3065 ".section .fixup, \"ax\"\n"
3066 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
3069 +#ifdef CONFIG_PAX_KERNEXEC
3070 + " movl %%cr0, %0\n"
3071 + " movl %0, %%eax\n"
3072 + " andl $0xFFFEFFFF, %%eax\n"
3073 + " movl %%eax, %%cr0\n"
3076 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
3078 +#ifdef CONFIG_PAX_KERNEXEC
3079 + " movl %0, %%cr0\n"
3084 ".section __ex_table,\"a\"\n"
3088 - : : "r" (from), "r" (to) : "memory");
3089 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
3093 @@ -164,6 +193,7 @@ static void fast_clear_page(void *page)
3094 static void fast_copy_page(void *to, void *from)
3097 + unsigned long cr0;
3101 @@ -171,51 +201,79 @@ static void fast_copy_page(void *to, voi
3102 * but that is for later. -AV
3104 __asm__ __volatile__ (
3105 - "1: prefetch (%0)\n"
3106 - " prefetch 64(%0)\n"
3107 - " prefetch 128(%0)\n"
3108 - " prefetch 192(%0)\n"
3109 - " prefetch 256(%0)\n"
3110 + "1: prefetch (%1)\n"
3111 + " prefetch 64(%1)\n"
3112 + " prefetch 128(%1)\n"
3113 + " prefetch 192(%1)\n"
3114 + " prefetch 256(%1)\n"
3116 ".section .fixup, \"ax\"\n"
3117 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
3120 +#ifdef CONFIG_PAX_KERNEXEC
3121 + " movl %%cr0, %0\n"
3122 + " movl %0, %%eax\n"
3123 + " andl $0xFFFEFFFF, %%eax\n"
3124 + " movl %%eax, %%cr0\n"
3127 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
3129 +#ifdef CONFIG_PAX_KERNEXEC
3130 + " movl %0, %%cr0\n"
3135 ".section __ex_table,\"a\"\n"
3140 + : "=&r" (cr0) : "r" (from) : "ax");
3142 for(i=0; i<(4096-320)/64; i++)
3144 __asm__ __volatile__ (
3145 - "1: prefetch 320(%0)\n"
3146 - "2: movq (%0), %%mm0\n"
3147 - " movntq %%mm0, (%1)\n"
3148 - " movq 8(%0), %%mm1\n"
3149 - " movntq %%mm1, 8(%1)\n"
3150 - " movq 16(%0), %%mm2\n"
3151 - " movntq %%mm2, 16(%1)\n"
3152 - " movq 24(%0), %%mm3\n"
3153 - " movntq %%mm3, 24(%1)\n"
3154 - " movq 32(%0), %%mm4\n"
3155 - " movntq %%mm4, 32(%1)\n"
3156 - " movq 40(%0), %%mm5\n"
3157 - " movntq %%mm5, 40(%1)\n"
3158 - " movq 48(%0), %%mm6\n"
3159 - " movntq %%mm6, 48(%1)\n"
3160 - " movq 56(%0), %%mm7\n"
3161 - " movntq %%mm7, 56(%1)\n"
3162 + "1: prefetch 320(%1)\n"
3163 + "2: movq (%1), %%mm0\n"
3164 + " movntq %%mm0, (%2)\n"
3165 + " movq 8(%1), %%mm1\n"
3166 + " movntq %%mm1, 8(%2)\n"
3167 + " movq 16(%1), %%mm2\n"
3168 + " movntq %%mm2, 16(%2)\n"
3169 + " movq 24(%1), %%mm3\n"
3170 + " movntq %%mm3, 24(%2)\n"
3171 + " movq 32(%1), %%mm4\n"
3172 + " movntq %%mm4, 32(%2)\n"
3173 + " movq 40(%1), %%mm5\n"
3174 + " movntq %%mm5, 40(%2)\n"
3175 + " movq 48(%1), %%mm6\n"
3176 + " movntq %%mm6, 48(%2)\n"
3177 + " movq 56(%1), %%mm7\n"
3178 + " movntq %%mm7, 56(%2)\n"
3179 ".section .fixup, \"ax\"\n"
3180 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
3183 +#ifdef CONFIG_PAX_KERNEXEC
3184 + " movl %%cr0, %0\n"
3185 + " movl %0, %%eax\n"
3186 + " andl $0xFFFEFFFF, %%eax\n"
3187 + " movl %%eax, %%cr0\n"
3190 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
3192 +#ifdef CONFIG_PAX_KERNEXEC
3193 + " movl %0, %%cr0\n"
3198 ".section __ex_table,\"a\"\n"
3202 - : : "r" (from), "r" (to) : "memory");
3203 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
3207 @@ -296,56 +354,84 @@ static void fast_clear_page(void *page)
3208 static void fast_copy_page(void *to, void *from)
3213 + unsigned long cr0;
3217 __asm__ __volatile__ (
3218 - "1: prefetch (%0)\n"
3219 - " prefetch 64(%0)\n"
3220 - " prefetch 128(%0)\n"
3221 - " prefetch 192(%0)\n"
3222 - " prefetch 256(%0)\n"
3223 + "1: prefetch (%1)\n"
3224 + " prefetch 64(%1)\n"
3225 + " prefetch 128(%1)\n"
3226 + " prefetch 192(%1)\n"
3227 + " prefetch 256(%1)\n"
3229 ".section .fixup, \"ax\"\n"
3230 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
3233 +#ifdef CONFIG_PAX_KERNEXEC
3234 + " movl %%cr0, %0\n"
3235 + " movl %0, %%eax\n"
3236 + " andl $0xFFFEFFFF, %%eax\n"
3237 + " movl %%eax, %%cr0\n"
3240 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
3242 +#ifdef CONFIG_PAX_KERNEXEC
3243 + " movl %0, %%cr0\n"
3248 ".section __ex_table,\"a\"\n"
3253 + : "=&r" (cr0) : "r" (from) : "ax");
3255 for(i=0; i<4096/64; i++)
3257 __asm__ __volatile__ (
3258 - "1: prefetch 320(%0)\n"
3259 - "2: movq (%0), %%mm0\n"
3260 - " movq 8(%0), %%mm1\n"
3261 - " movq 16(%0), %%mm2\n"
3262 - " movq 24(%0), %%mm3\n"
3263 - " movq %%mm0, (%1)\n"
3264 - " movq %%mm1, 8(%1)\n"
3265 - " movq %%mm2, 16(%1)\n"
3266 - " movq %%mm3, 24(%1)\n"
3267 - " movq 32(%0), %%mm0\n"
3268 - " movq 40(%0), %%mm1\n"
3269 - " movq 48(%0), %%mm2\n"
3270 - " movq 56(%0), %%mm3\n"
3271 - " movq %%mm0, 32(%1)\n"
3272 - " movq %%mm1, 40(%1)\n"
3273 - " movq %%mm2, 48(%1)\n"
3274 - " movq %%mm3, 56(%1)\n"
3275 + "1: prefetch 320(%1)\n"
3276 + "2: movq (%1), %%mm0\n"
3277 + " movq 8(%1), %%mm1\n"
3278 + " movq 16(%1), %%mm2\n"
3279 + " movq 24(%1), %%mm3\n"
3280 + " movq %%mm0, (%2)\n"
3281 + " movq %%mm1, 8(%2)\n"
3282 + " movq %%mm2, 16(%2)\n"
3283 + " movq %%mm3, 24(%2)\n"
3284 + " movq 32(%1), %%mm0\n"
3285 + " movq 40(%1), %%mm1\n"
3286 + " movq 48(%1), %%mm2\n"
3287 + " movq 56(%1), %%mm3\n"
3288 + " movq %%mm0, 32(%2)\n"
3289 + " movq %%mm1, 40(%2)\n"
3290 + " movq %%mm2, 48(%2)\n"
3291 + " movq %%mm3, 56(%2)\n"
3292 ".section .fixup, \"ax\"\n"
3293 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
3296 +#ifdef CONFIG_PAX_KERNEXEC
3297 + " movl %%cr0, %0\n"
3298 + " movl %0, %%eax\n"
3299 + " andl $0xFFFEFFFF, %%eax\n"
3300 + " movl %%eax, %%cr0\n"
3303 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
3305 +#ifdef CONFIG_PAX_KERNEXEC
3306 + " movl %0, %%cr0\n"
3311 ".section __ex_table,\"a\"\n"
3315 - : : "r" (from), "r" (to) : "memory");
3316 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
3320 diff -urNp linux-2.4.37.7/arch/i386/lib/usercopy.c linux-2.4.37.7/arch/i386/lib/usercopy.c
3321 --- linux-2.4.37.7/arch/i386/lib/usercopy.c 2009-11-07 11:52:20.000000000 -0500
3322 +++ linux-2.4.37.7/arch/i386/lib/usercopy.c 2009-11-10 19:30:27.000000000 -0500
3324 #include <linux/config.h>
3325 #include <asm/uaccess.h>
3326 #include <asm/mmx.h>
3327 +#include <asm/segment.h>
3329 #ifdef CONFIG_X86_USE_3DNOW_AND_WORKS
3331 @@ -75,6 +76,11 @@ __generic_copy_from_user(void *to, const
3333 int __d0, __d1, __d2; \
3334 __asm__ __volatile__( \
3335 + " movw %w0,%%ds\n" \
3337 + : "r"(__USER_DS) \
3339 + __asm__ __volatile__( \
3343 @@ -85,6 +91,8 @@ do { \
3349 ".section .fixup,\"ax\"\n" \
3352 @@ -163,10 +171,13 @@ strncpy_from_user(char *dst, const char
3355 __asm__ __volatile__( \
3356 + " movw %w6,%%es\n" \
3363 ".section .fixup,\"ax\"\n" \
3364 "3: lea 0(%2,%0,4),%0\n" \
3366 @@ -177,7 +188,8 @@ do { \
3369 : "=&c"(size), "=&D" (__d0) \
3370 - : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \
3371 + : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0), \
3372 + "r"(__USER_DS)); \
3376 @@ -233,6 +245,7 @@ long strnlen_user(const char *s, long n)
3377 unsigned long res, tmp;
3379 __asm__ __volatile__(
3380 + " movw %w8,%%es\n"
3384 @@ -241,6 +254,8 @@ long strnlen_user(const char *s, long n)
3390 ".section .fixup,\"ax\"\n"
3391 "2: xorl %%eax,%%eax\n"
3393 @@ -252,7 +267,7 @@ long strnlen_user(const char *s, long n)
3396 :"=r" (n), "=D" (s), "=a" (res), "=c" (tmp)
3397 - :"0" (n), "1" (s), "2" (0), "3" (mask)
3398 + :"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS)
3402 diff -urNp linux-2.4.37.7/arch/i386/Makefile linux-2.4.37.7/arch/i386/Makefile
3403 --- linux-2.4.37.7/arch/i386/Makefile 2009-11-07 11:52:20.000000000 -0500
3404 +++ linux-2.4.37.7/arch/i386/Makefile 2009-11-10 19:30:27.000000000 -0500
3405 @@ -123,6 +123,9 @@ arch/i386/mm: dummy
3407 MAKEBOOT = $(MAKE) -C arch/$(ARCH)/boot
3409 +arch/i386/vmlinux.lds: arch/i386/vmlinux.lds.S FORCE
3410 + $(CPP) -C -P -I$(HPATH) -D__KERNEL__ -imacros $(HPATH)/linux/config.h -imacros $(HPATH)/asm-i386/segment.h -imacros $(HPATH)/asm-i386/page.h -Ui386 arch/i386/vmlinux.lds.S >arch/i386/vmlinux.lds
3412 vmlinux: arch/i386/vmlinux.lds
3415 @@ -159,6 +162,7 @@ archclean:
3419 + rm -f arch/i386/vmlinux.lds
3423 diff -urNp linux-2.4.37.7/arch/i386/mm/fault.c linux-2.4.37.7/arch/i386/mm/fault.c
3424 --- linux-2.4.37.7/arch/i386/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
3425 +++ linux-2.4.37.7/arch/i386/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
3427 #include <linux/init.h>
3428 #include <linux/tty.h>
3429 #include <linux/vt_kern.h> /* For unblank_screen() */
3430 +#include <linux/unistd.h>
3431 +#include <linux/compiler.h>
3433 #include <asm/system.h>
3434 #include <asm/uaccess.h>
3435 @@ -78,6 +80,12 @@ good_area:
3437 if (!(vma->vm_flags & VM_GROWSDOWN))
3440 +#ifdef CONFIG_PAX_SEGMEXEC
3441 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < start - SEGMEXEC_TASK_SIZE - 1)
3445 if (expand_stack(vma, start) == 0)
3448 @@ -125,7 +133,10 @@ void bust_spinlocks(int yes)
3451 asmlinkage void do_invalid_op(struct pt_regs *, unsigned long);
3452 -extern unsigned long idt;
3454 +#ifdef CONFIG_PAX_EMUTRAMP
3455 +static int pax_handle_fetch_fault(struct pt_regs *regs);
3459 * This routine handles page faults. It determines the address,
3460 @@ -137,23 +148,31 @@ extern unsigned long idt;
3461 * bit 1 == 0 means read, 1 means write
3462 * bit 2 == 0 means kernel, 1 means user-mode
3464 -asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
3466 +#ifdef CONFIG_PAX_PAGEEXEC
3467 +static int do_page_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address)
3469 +asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long error_code)
3472 struct task_struct *tsk;
3473 struct mm_struct *mm;
3474 struct vm_area_struct * vma;
3475 +#ifndef CONFIG_PAX_PAGEEXEC
3476 unsigned long address;
3477 - unsigned long page;
3479 unsigned long fixup;
3483 +#ifndef CONFIG_PAX_PAGEEXEC
3484 /* get the address */
3485 __asm__("movl %%cr2,%0":"=r" (address));
3487 /* It's safe to allow irq's after cr2 has been saved */
3488 if (regs->eflags & X86_EFLAGS_IF)
3494 @@ -202,6 +221,12 @@ asmlinkage void do_page_fault(struct pt_
3495 if (address + 32 < regs->esp)
3499 +#ifdef CONFIG_PAX_SEGMEXEC
3500 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)
3504 if (expand_stack(vma, address))
3507 @@ -258,7 +283,7 @@ good_area:
3508 tsk->thread.screen_bitmap |= 1 << bit;
3510 up_read(&mm->mmap_sem);
3515 * Something tried to access memory that isn't in our memory map..
3516 @@ -267,6 +292,38 @@ good_area:
3518 up_read(&mm->mmap_sem);
3520 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
3521 + if ((error_code & 4) && !(regs->eflags & X86_EFLAGS_VM)) {
3523 +#ifdef CONFIG_PAX_PAGEEXEC
3524 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(error_code & 3) && (regs->eip == address)) {
3525 + pax_report_fault(regs, (void*)regs->eip, (void*)regs->esp);
3530 +#ifdef CONFIG_PAX_SEGMEXEC
3531 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & 3) && (regs->eip + SEGMEXEC_TASK_SIZE == address)) {
3533 +#ifdef CONFIG_PAX_EMUTRAMP
3534 + switch (pax_handle_fetch_fault(regs)) {
3544 + pax_report_fault(regs, (void*)regs->eip, (void*)regs->esp);
3552 /* User mode accesses just cause a SIGSEGV */
3553 if (error_code & 4) {
3554 tsk->thread.cr2 = address;
3555 @@ -278,7 +335,7 @@ bad_area:
3556 /* info.si_code has been set above */
3557 info.si_addr = (void *)address;
3558 force_sig_info(SIGSEGV, &info, tsk);
3564 @@ -287,11 +344,11 @@ bad_area:
3565 if (boot_cpu_data.f00f_bug) {
3568 - nr = (address - idt) >> 3;
3569 + nr = (address - (unsigned long)idt) >> 3;
3572 do_invalid_op(regs, 0);
3578 @@ -299,7 +356,7 @@ no_context:
3579 /* Are we prepared to handle this kernel fault? */
3580 if ((fixup = search_exception_table(regs->eip)) != 0) {
3587 @@ -311,19 +368,41 @@ no_context:
3589 if (address < PAGE_SIZE)
3590 printk(KERN_ALERT "Unable to handle kernel NULL pointer dereference");
3592 +#ifdef CONFIG_PAX_KERNEXEC
3593 + else if (init_mm.start_code <= address && address < init_mm.end_code) {
3595 + printk(KERN_ERR "PAX: From %u.%u.%u.%u: %s:%d, uid/euid: %u/%u, attempted to modify kernel code",
3596 + NIPQUAD(tsk->curr_ip), tsk->comm, tsk->pid, tsk->uid, tsk->euid);
3598 + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code",
3599 + tsk->comm, tsk->pid, tsk->uid, tsk->euid);
3604 printk(KERN_ALERT "Unable to handle kernel paging request");
3605 printk(" at virtual address %08lx\n",address);
3606 printk(" printing eip:\n");
3607 printk("%08lx\n", regs->eip);
3608 - asm("movl %%cr3,%0":"=r" (page));
3609 - page = ((unsigned long *) __va(page))[address >> 22];
3610 - printk(KERN_ALERT "*pde = %08lx\n", page);
3612 - page &= PAGE_MASK;
3613 - address &= 0x003ff000;
3614 - page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT];
3615 - printk(KERN_ALERT "*pte = %08lx\n", page);
3617 + unsigned long index = pgd_index(address);
3618 + unsigned long pgd_paddr;
3623 + asm("movl %%cr3,%0":"=r" (pgd_paddr));
3624 + pgd = index + (pgd_t *)__va(pgd_paddr);
3625 + printk(KERN_ALERT "*pgd = %*llx\n", sizeof(*pgd), (unsigned long long)pgd_val(*pgd));
3626 + if (pgd_present(*pgd)) {
3627 + pmd = pmd_offset(pgd, address);
3628 + printk(KERN_ALERT "*pmd = %*llx\n", sizeof(*pmd), (unsigned long long)pmd_val(*pmd));
3629 + if (pmd_present(*pmd) && !(pmd_val(*pmd) & _PAGE_PSE)) {
3630 + pte = pte_offset(pmd, address);
3631 + printk(KERN_ALERT "*pte = %*llx\n", sizeof(*pte), (unsigned long long)pte_val(*pte));
3635 die("Oops", regs, error_code);
3637 @@ -363,7 +442,7 @@ do_sigbus:
3638 /* Kernel mode? Handle exceptions or die */
3639 if (!(error_code & 4))
3646 @@ -396,6 +475,333 @@ vmalloc_fault:
3647 pte_k = pte_offset(pmd_k, address);
3648 if (!pte_present(*pte_k))
3655 +#ifdef CONFIG_PAX_PAGEEXEC
3656 +/* PaX: called with the page_table_lock spinlock held */
3657 +static inline pte_t * pax_get_pte(struct mm_struct *mm, unsigned long address)
3662 + pgd = pgd_offset(mm, address);
3663 + if (!pgd_present(*pgd))
3665 + pmd = pmd_offset(pgd, address);
3666 + if (!pmd_present(*pmd))
3668 + return pte_offset(pmd, address);
3672 +#ifdef CONFIG_PAX_EMUTRAMP
3674 + * PaX: decide what to do with offenders (regs->eip = fault address)
3676 + * returns 1 when task should be killed
3677 + * 2 when sigreturn trampoline was detected
3678 + * 3 when rt_sigreturn trampoline was detected
3679 + * 4 when gcc trampoline was detected
3681 +static int pax_handle_fetch_fault(struct pt_regs *regs)
3683 + static const unsigned char trans[8] = {
3684 + offsetof(struct pt_regs, eax) / 4,
3685 + offsetof(struct pt_regs, ecx) / 4,
3686 + offsetof(struct pt_regs, edx) / 4,
3687 + offsetof(struct pt_regs, ebx) / 4,
3688 + offsetof(struct pt_regs, esp) / 4,
3689 + offsetof(struct pt_regs, ebp) / 4,
3690 + offsetof(struct pt_regs, esi) / 4,
3691 + offsetof(struct pt_regs, edi) / 4,
3695 + if (regs->eflags & X86_EFLAGS_VM)
3698 +#ifndef CONFIG_PAX_EMUSIGRT
3699 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
3703 + do { /* PaX: sigreturn emulation */
3704 + unsigned char pop, mov;
3705 + unsigned short sys;
3708 + err = get_user(pop, (unsigned char *)(regs->eip));
3709 + err |= get_user(mov, (unsigned char *)(regs->eip + 1));
3710 + err |= get_user(nr, (unsigned long *)(regs->eip + 2));
3711 + err |= get_user(sys, (unsigned short *)(regs->eip + 6));
3716 + if (pop == 0x58 &&
3718 + nr == __NR_sigreturn &&
3722 +#ifdef CONFIG_PAX_EMUSIGRT
3724 + struct k_sigaction *ka;
3725 + __sighandler_t handler;
3727 + if (get_user(sig, (int *)regs->esp))
3729 + if (sig < 1 || sig > _NSIG || sig == SIGKILL || sig == SIGSTOP)
3731 + spin_lock_irq(¤t->sigmask_lock);
3732 + ka = ¤t->sig->action[sig-1];
3733 + handler = ka->sa.sa_handler;
3734 + if (handler == SIG_DFL || handler == SIG_IGN) {
3735 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
3737 + } else if (ka->sa.sa_flags & SA_SIGINFO)
3739 + spin_unlock_irq(¤t->sigmask_lock);
3751 + do { /* PaX: rt_sigreturn emulation */
3752 + unsigned char mov;
3753 + unsigned short sys;
3756 + err = get_user(mov, (unsigned char *)(regs->eip));
3757 + err |= get_user(nr, (unsigned long *)(regs->eip + 1));
3758 + err |= get_user(sys, (unsigned short *)(regs->eip + 5));
3763 + if (mov == 0xb8 &&
3764 + nr == __NR_rt_sigreturn &&
3768 +#ifdef CONFIG_PAX_EMUSIGRT
3770 + struct k_sigaction *ka;
3771 + __sighandler_t handler;
3773 + if (get_user(sig, (int *)regs->esp))
3775 + if (sig < 1 || sig > _NSIG || sig == SIGKILL || sig == SIGSTOP)
3777 + spin_lock_irq(¤t->sigmask_lock);
3778 + ka = ¤t->sig->action[sig-1];
3779 + handler = ka->sa.sa_handler;
3780 + if (handler == SIG_DFL || handler == SIG_IGN) {
3781 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
3783 + } else if (!(ka->sa.sa_flags & SA_SIGINFO))
3785 + spin_unlock_irq(¤t->sigmask_lock);
3796 +#ifdef CONFIG_PAX_EMUSIGRT
3797 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
3801 + do { /* PaX: gcc trampoline emulation #1 */
3802 + unsigned char mov1, mov2;
3803 + unsigned short jmp;
3804 + unsigned long addr1, addr2;
3806 + err = get_user(mov1, (unsigned char *)regs->eip);
3807 + err |= get_user(addr1, (unsigned long *)(regs->eip + 1));
3808 + err |= get_user(mov2, (unsigned char *)(regs->eip + 5));
3809 + err |= get_user(addr2, (unsigned long *)(regs->eip + 6));
3810 + err |= get_user(jmp, (unsigned short *)(regs->eip + 10));
3815 + if ((mov1 & 0xF8) == 0xB8 &&
3816 + (mov2 & 0xF8) == 0xB8 &&
3817 + (mov1 & 0x07) != (mov2 & 0x07) &&
3818 + (jmp & 0xF8FF) == 0xE0FF &&
3819 + (mov2 & 0x07) == ((jmp>>8) & 0x07))
3821 + ((unsigned long *)regs)[trans[mov1 & 0x07]] = addr1;
3822 + ((unsigned long *)regs)[trans[mov2 & 0x07]] = addr2;
3823 + regs->eip = addr2;
3828 + do { /* PaX: gcc trampoline emulation #2 */
3829 + unsigned char mov, jmp;
3830 + unsigned long addr1, addr2;
3832 + err = get_user(mov, (unsigned char *)regs->eip);
3833 + err |= get_user(addr1, (unsigned long *)(regs->eip + 1));
3834 + err |= get_user(jmp, (unsigned char *)(regs->eip + 5));
3835 + err |= get_user(addr2, (unsigned long *)(regs->eip + 6));
3840 + if ((mov & 0xF8) == 0xB8 &&
3843 + ((unsigned long *)regs)[trans[mov & 0x07]] = addr1;
3844 + regs->eip += addr2 + 10;
3849 + return 1; /* PaX in action */
3853 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
3854 +void pax_report_insns(void *pc, void *sp)
3858 + printk(KERN_ERR "PAX: bytes at PC: ");
3859 + for (i = 0; i < 20; i++) {
3861 + if (get_user(c, (unsigned char*)pc+i))
3864 + printk("%02x ", c);
3868 + printk(KERN_ERR "PAX: bytes at SP-4: ");
3869 + for (i = -1; i < 20; i++) {
3871 + if (get_user(c, (unsigned long*)sp+i))
3872 + printk("???????? ");
3874 + printk("%08lx ", c);
3880 +#ifdef CONFIG_PAX_PAGEEXEC
3882 + * PaX: handle the extra page faults or pass it down to the original handler
3884 + * returns 0 when nothing special was detected
3885 + * 1 when sigreturn trampoline (syscall) has to be emulated
3887 +asmlinkage int pax_do_page_fault(struct pt_regs *regs, unsigned long error_code)
3889 + struct mm_struct *mm = current->mm;
3890 + unsigned long address;
3892 + unsigned char pte_mask;
3894 + __asm__("movl %%cr2,%0":"=r" (address));
3896 + /* It's safe to allow irq's after cr2 has been saved */
3897 + if (likely(regs->eflags & X86_EFLAGS_IF))
3898 + local_irq_enable();
3900 + if (unlikely((error_code & 5) != 5 ||
3901 + address >= TASK_SIZE ||
3902 + (regs->eflags & X86_EFLAGS_VM) ||
3903 + !mm || !(mm->pax_flags & MF_PAX_PAGEEXEC)))
3904 + return do_page_fault(regs, error_code, address);
3906 + /* PaX: it's our fault, let's handle it if we can */
3908 + /* PaX: take a look at read faults before acquiring any locks */
3909 + if (unlikely(!(error_code & 2) && (regs->eip == address))) {
3910 + /* instruction fetch attempt from a protected page in user mode */
3912 +#ifdef CONFIG_PAX_EMUTRAMP
3913 + switch (pax_handle_fetch_fault(regs)) {
3923 + pax_report_fault(regs, (void*)regs->eip, (void*)regs->esp);
3927 + pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & 2) << (_PAGE_BIT_DIRTY-1));
3929 + spin_lock(&mm->page_table_lock);
3930 + pte = pax_get_pte(mm, address);
3931 + if (unlikely(!pte || !(pte_val(*pte) & _PAGE_PRESENT) || pte_exec(*pte))) {
3932 + spin_unlock(&mm->page_table_lock);
3933 + do_page_fault(regs, error_code, address);
3937 + if (unlikely((error_code & 2) && !pte_write(*pte))) {
3938 + /* write attempt to a protected page in user mode */
3939 + spin_unlock(&mm->page_table_lock);
3940 + do_page_fault(regs, error_code, address);
3945 + * PaX: fill DTLB with user rights and retry
3947 + __asm__ __volatile__ (
3948 +#ifdef CONFIG_PAX_MEMORY_UDEREF
3952 +#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
3954 + * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
3955 + * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
3956 + * page fault when examined during a TLB load attempt. this is true not only
3957 + * for PTEs holding a non-present entry but also present entries that will
3958 + * raise a page fault (such as those set up by PaX, or the copy-on-write
3959 + * mechanism). in effect it means that we do *not* need to flush the TLBs
3960 + * for our target pages since their PTEs are simply not in the TLBs at all.
3962 + * the best thing in omitting it is that we gain around 15-20% speed in the
3963 + * fast path of the page fault handler and can get rid of tracing since we
3964 + * can no longer flush unintended entries.
3968 + "testb $0,%%es:(%0)\n"
3970 +#ifdef CONFIG_PAX_MEMORY_UDEREF
3975 + : "q" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS)
3976 + : "memory", "cc");
3977 + spin_unlock(&mm->page_table_lock);
3981 diff -urNp linux-2.4.37.7/arch/i386/mm/init.c linux-2.4.37.7/arch/i386/mm/init.c
3982 --- linux-2.4.37.7/arch/i386/mm/init.c 2009-11-07 11:52:20.000000000 -0500
3983 +++ linux-2.4.37.7/arch/i386/mm/init.c 2009-11-10 19:30:27.000000000 -0500
3985 #include <asm/e820.h>
3986 #include <asm/apic.h>
3987 #include <asm/tlb.h>
3988 +#include <asm/desc.h>
3990 mmu_gather_t mmu_gathers[NR_CPUS];
3991 unsigned long highstart_pfn, highend_pfn;
3992 @@ -122,7 +123,7 @@ void show_mem(void)
3994 /* References to section boundaries */
3996 -extern char _text, _etext, _edata, __bss_start, _end;
3997 +extern char _text, _etext, _data, _edata, __bss_start, _end;
3998 extern char __init_begin, __init_end;
4000 static inline void set_pte_phys (unsigned long vaddr,
4001 @@ -178,17 +179,7 @@ static void __init fixrange_init (unsign
4004 for ( ; (i < PTRS_PER_PGD) && (vaddr != end); pgd++, i++) {
4006 - if (pgd_none(*pgd)) {
4007 - pmd = (pmd_t *) alloc_bootmem_low_pages(PAGE_SIZE);
4008 - set_pgd(pgd, __pgd(__pa(pmd) + 0x1));
4009 - if (pmd != pmd_offset(pgd, 0))
4010 - printk("PAE BUG #02!\n");
4012 pmd = pmd_offset(pgd, vaddr);
4014 - pmd = (pmd_t *)pgd;
4016 for (; (j < PTRS_PER_PMD) && (vaddr != end); pmd++, j++) {
4017 if (pmd_none(*pmd)) {
4018 pte = (pte_t *) alloc_bootmem_low_pages(PAGE_SIZE);
4019 @@ -217,25 +208,22 @@ static void __init pagetable_init (void)
4020 end = (unsigned long)__va(max_low_pfn*PAGE_SIZE);
4022 pgd_base = swapper_pg_dir;
4024 - for (i = 0; i < PTRS_PER_PGD; i++)
4025 - set_pgd(pgd_base + i, __pgd(1 + __pa(empty_zero_page)));
4027 i = __pgd_offset(PAGE_OFFSET);
4030 + if (cpu_has_pse) {
4031 + set_in_cr4(X86_CR4_PSE);
4032 + boot_cpu_data.wp_works_ok = 1;
4035 + set_in_cr4(X86_CR4_PGE);
4038 for (; i < PTRS_PER_PGD; pgd++, i++) {
4039 vaddr = i*PGDIR_SIZE;
4040 if (end && (vaddr >= end))
4043 - pmd = (pmd_t *) alloc_bootmem_low_pages(PAGE_SIZE);
4044 - set_pgd(pgd, __pgd(__pa(pmd) + 0x1));
4046 - pmd = (pmd_t *)pgd;
4048 - if (pmd != pmd_offset(pgd, 0))
4050 + pmd = pmd_offset(pgd, PAGE_OFFSET);
4051 for (j = 0; j < PTRS_PER_PMD; pmd++, j++) {
4052 vaddr = i*PGDIR_SIZE + j*PMD_SIZE;
4053 if (end && (vaddr >= end))
4054 @@ -243,14 +231,16 @@ static void __init pagetable_init (void)
4058 - set_in_cr4(X86_CR4_PSE);
4059 - boot_cpu_data.wp_works_ok = 1;
4060 __pe = _KERNPG_TABLE + _PAGE_PSE + __pa(vaddr);
4061 /* Make it "global" too if supported */
4062 - if (cpu_has_pge) {
4063 - set_in_cr4(X86_CR4_PGE);
4065 __pe += _PAGE_GLOBAL;
4068 +#ifdef CONFIG_PAX_KERNEXEC
4069 + if (__KERNEL_TEXT_OFFSET <= vaddr && vaddr < (unsigned long)&_data)
4070 + __pe &= ~_PAGE_RW;
4073 set_pmd(pmd, __pmd(__pe));
4076 @@ -263,6 +253,13 @@ static void __init pagetable_init (void)
4078 *pte = mk_pte_phys(__pa(vaddr), PAGE_KERNEL);
4081 +#ifdef CONFIG_PAX_KERNEXEC
4082 + if (__KERNEL_TEXT_OFFSET <= vaddr && vaddr < (unsigned long)&_data)
4083 + set_pmd(pmd, __pmd((_KERNPG_TABLE & ~_PAGE_RW) + __pa(pte_base)));
4087 set_pmd(pmd, __pmd(_KERNPG_TABLE + __pa(pte_base)));
4088 if (pte_base != pte_offset(pmd, 0))
4090 @@ -289,17 +286,6 @@ static void __init pagetable_init (void)
4091 pte = pte_offset(pmd, vaddr);
4092 pkmap_page_table = pte;
4097 - * Add low memory identity-mappings - SMP needs it when
4098 - * starting up on an AP from real-mode. In the non-PAE
4099 - * case we already have these mappings through head.S.
4100 - * All user-space mappings are explicitly cleared after
4103 - pgd_base[0] = pgd_base[USER_PTRS_PER_PGD];
4107 void __init zap_low_mappings (void)
4108 @@ -312,7 +298,7 @@ void __init zap_low_mappings (void)
4109 * us, because pgd_clear() is a no-op on i386.
4111 for (i = 0; i < USER_PTRS_PER_PGD; i++)
4113 +#ifdef CONFIG_X86_PAE
4114 set_pgd(swapper_pg_dir+i, __pgd(1 + __pa(empty_zero_page)));
4116 set_pgd(swapper_pg_dir+i, __pgd(0));
4117 @@ -353,16 +339,6 @@ void __init paging_init(void)
4120 load_cr3(swapper_pg_dir);
4124 - * We will bail out later - printk doesn't work right now so
4125 - * the user would just see a hanging kernel.
4128 - set_in_cr4(X86_CR4_PAE);
4133 #ifdef CONFIG_HIGHMEM
4134 @@ -508,6 +484,10 @@ void __init mem_init(void)
4136 int codesize, reservedpages, datasize, initsize;
4138 +#ifdef CONFIG_PAX_KERNEXEC
4139 + unsigned long cr0;
4144 #ifdef CONFIG_HIGHMEM
4145 @@ -524,12 +504,21 @@ void __init mem_init(void)
4146 high_memory = (void *) __va(max_low_pfn * PAGE_SIZE);
4148 /* clear the zero-page */
4150 +#ifdef CONFIG_PAX_KERNEXEC
4151 + pax_open_kernel(cr0);
4154 memset(empty_zero_page, 0, PAGE_SIZE);
4156 +#ifdef CONFIG_PAX_KERNEXEC
4157 + pax_close_kernel(cr0);
4160 reservedpages = free_pages_init();
4162 codesize = (unsigned long) &_etext - (unsigned long) &_text;
4163 - datasize = (unsigned long) &_edata - (unsigned long) &_etext;
4164 + datasize = (unsigned long) &_edata - (unsigned long) &_data;
4165 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
4167 printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, %dk reserved, %dk data, %dk init, %ldk highmem)\n",
4168 @@ -542,10 +531,6 @@ void __init mem_init(void)
4169 (unsigned long) (totalhigh_pages << (PAGE_SHIFT-10))
4174 - panic("cannot execute a PAE-enabled kernel on a PAE-less CPU!");
4176 if (boot_cpu_data.wp_works_ok < 0)
4179 @@ -589,6 +574,26 @@ void free_initmem(void)
4183 +#ifdef CONFIG_PAX_KERNEXEC
4184 + /* PaX: limit KERNEL_CS to actual size */
4185 + unsigned long limit, cr0;
4187 + limit = (unsigned long)&_etext >> PAGE_SHIFT;
4189 + pax_open_kernel(cr0);
4191 + gdt_table[2].a = (gdt_table[2].a & 0xFFFF0000UL) | (limit & 0x0FFFFUL);
4192 + gdt_table[2].b = (gdt_table[2].b & 0xFFF0FFFFUL) | (limit & 0xF0000UL);
4194 +#ifdef CONFIG_PAX_SEGMEXEC
4195 + gdt_table2[2].a = (gdt_table2[2].a & 0xFFFF0000UL) | (limit & 0x0FFFFUL);
4196 + gdt_table2[2].b = (gdt_table2[2].b & 0xFFF0FFFFUL) | (limit & 0xF0000UL);
4199 + pax_close_kernel(cr0);
4202 + memset(&__init_begin, 0, &__init_end - &__init_begin);
4203 addr = (unsigned long)(&__init_begin);
4204 for (; addr < (unsigned long)(&__init_end); addr += PAGE_SIZE) {
4205 ClearPageReserved(virt_to_page(addr));
4206 diff -urNp linux-2.4.37.7/arch/i386/mm/ioremap.c linux-2.4.37.7/arch/i386/mm/ioremap.c
4207 --- linux-2.4.37.7/arch/i386/mm/ioremap.c 2009-11-07 11:52:20.000000000 -0500
4208 +++ linux-2.4.37.7/arch/i386/mm/ioremap.c 2009-11-10 19:30:27.000000000 -0500
4209 @@ -49,7 +49,7 @@ static inline int remap_area_pmd(pmd_t *
4213 - pte_t * pte = pte_alloc(&init_mm, pmd, address);
4214 + pte_t * pte = pte_alloc_kernel(&init_mm, pmd, address);
4217 remap_area_pte(pte, address, end - address, address + phys_addr, flags);
4218 diff -urNp linux-2.4.37.7/arch/i386/mm/pageattr.c linux-2.4.37.7/arch/i386/mm/pageattr.c
4219 --- linux-2.4.37.7/arch/i386/mm/pageattr.c 2009-11-07 11:52:20.000000000 -0500
4220 +++ linux-2.4.37.7/arch/i386/mm/pageattr.c 2009-11-10 19:30:27.000000000 -0500
4222 #include <linux/module.h>
4223 #include <asm/uaccess.h>
4224 #include <asm/processor.h>
4225 +#include <asm/desc.h>
4227 /* Should move most of this stuff into the appropiate includes */
4228 #define LARGE_PAGE_MASK (~(LARGE_PAGE_SIZE-1))
4229 @@ -63,7 +64,19 @@ static void flush_kernel_map(void * addr
4231 static void set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
4234 +#ifdef CONFIG_PAX_KERNEXEC
4235 + unsigned long cr0;
4237 + pax_open_kernel(cr0);
4240 set_pte_atomic(kpte, pte); /* change init_mm */
4242 +#ifdef CONFIG_PAX_KERNEXEC
4243 + pax_close_kernel(cr0);
4246 #ifndef CONFIG_X86_PAE
4248 struct list_head *l;
4249 diff -urNp linux-2.4.37.7/arch/i386/vmlinux.lds linux-2.4.37.7/arch/i386/vmlinux.lds
4250 --- linux-2.4.37.7/arch/i386/vmlinux.lds 2009-11-07 11:52:20.000000000 -0500
4251 +++ linux-2.4.37.7/arch/i386/vmlinux.lds 1969-12-31 19:00:00.000000000 -0500
4253 -/* ld script to make i386 Linux kernel
4254 - * Written by Martin Mares <mj@atrey.karlin.mff.cuni.cz>;
4256 -OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
4261 - . = 0xC0000000 + 0x100000;
4262 - _text = .; /* Text and read-only data */
4269 - _etext = .; /* End of text section */
4271 - .rodata : { *(.rodata) *(.rodata.*) }
4272 - .kstrtab : { *(.kstrtab) }
4274 - . = ALIGN(16); /* Exception table */
4275 - __start___ex_table = .;
4276 - __ex_table : { *(__ex_table) }
4277 - __stop___ex_table = .;
4279 - __start___ksymtab = .; /* Kernel symbol table */
4280 - __ksymtab : { *(__ksymtab) }
4281 - __stop___ksymtab = .;
4283 - .data : { /* Data */
4288 - _edata = .; /* End of data section */
4290 - . = ALIGN(8192); /* init_task */
4291 - .data.init_task : { *(.data.init_task) }
4293 - . = ALIGN(4096); /* Init code and data */
4295 - .text.init : { *(.text.init) }
4296 - .data.init : { *(.data.init) }
4298 - __setup_start = .;
4299 - .setup.init : { *(.setup.init) }
4301 - __initcall_start = .;
4302 - .initcall.init : { *(.initcall.init) }
4303 - __initcall_end = .;
4308 - .data.page_aligned : { *(.data.idt) }
4311 - .data.cacheline_aligned : { *(.data.cacheline_aligned) }
4313 - __bss_start = .; /* BSS */
4319 - /* Sections to be discarded */
4326 - /* Stabs debugging sections. */
4327 - .stab 0 : { *(.stab) }
4328 - .stabstr 0 : { *(.stabstr) }
4329 - .stab.excl 0 : { *(.stab.excl) }
4330 - .stab.exclstr 0 : { *(.stab.exclstr) }
4331 - .stab.index 0 : { *(.stab.index) }
4332 - .stab.indexstr 0 : { *(.stab.indexstr) }
4333 - .comment 0 : { *(.comment) }
4335 diff -urNp linux-2.4.37.7/arch/i386/vmlinux.lds.S linux-2.4.37.7/arch/i386/vmlinux.lds.S
4336 --- linux-2.4.37.7/arch/i386/vmlinux.lds.S 1969-12-31 19:00:00.000000000 -0500
4337 +++ linux-2.4.37.7/arch/i386/vmlinux.lds.S 2009-11-10 19:30:27.000000000 -0500
4339 +/* ld script to make i386 Linux kernel
4340 + * Written by Martin Mares <mj@atrey.karlin.mff.cuni.cz>;
4342 +OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
4347 + initdata PT_LOAD FLAGS(6); /* RW_ */
4348 + inittext PT_LOAD FLAGS(5); /* R_E */
4349 + text PT_LOAD FLAGS(5); /* R_E */
4350 + rodata PT_LOAD FLAGS(4); /* R__ */
4351 + data PT_LOAD FLAGS(6); /* RW_ */
4355 + . = __PAGE_OFFSET + 0x100000;
4357 + BYTE(0xEA) /* jmp far */
4358 + LONG(startup_32 + __KERNEL_TEXT_OFFSET - __PAGE_OFFSET)
4359 + SHORT(__KERNEL_CS)
4362 + . = ALIGN(4096); /* Init code and data */
4364 + .data.init : { *(.data.init) }
4366 + __setup_start = .;
4367 + .setup.init : { *(.setup.init) }
4369 + __initcall_start = .;
4370 + .initcall.init : { *(.initcall.init) }
4371 + __initcall_end = .;
4373 + _sinittext = . - __KERNEL_TEXT_OFFSET;
4375 +#ifdef CONFIG_PAX_KERNEXEC
4376 + .text.init (. - __KERNEL_TEXT_OFFSET) : AT (_sinittext + __KERNEL_TEXT_OFFSET) {
4379 + . = ALIGN(4*1024*1024) - 1;
4382 + __init_end = . + __KERNEL_TEXT_OFFSET;
4385 + * PaX: this must be kept in synch with the KERNEL_CS base
4386 + * in the GDTs in arch/i386/kernel/head.S
4388 + _text = .; /* Text and read-only data */
4389 + .text : AT (. + __KERNEL_TEXT_OFFSET) {
4391 + .text.init : { *(.text.init) } :inittext
4395 + _text = .; /* Text and read-only data */
4404 + _etext = .; /* End of text section */
4407 + . += __KERNEL_TEXT_OFFSET;
4408 + .rodata.page_aligned : {
4409 + *(.empty_zero_page)
4412 +#ifdef CONFIG_X86_PAE
4413 + *(.swapper_pm_dir)
4416 + *(.swapper_pg_dir)
4419 + .rodata : { *(.rodata) *(.rodata.*) }
4420 + .kstrtab : { *(.kstrtab) }
4422 + . = ALIGN(16); /* Exception table */
4423 + __start___ex_table = .;
4424 + __ex_table : { *(__ex_table) }
4425 + __stop___ex_table = .;
4427 + __start___ksymtab = .; /* Kernel symbol table */
4428 + __ksymtab : { *(__ksymtab) }
4429 + __stop___ksymtab = .;
4431 +#ifdef CONFIG_PAX_KERNEXEC
4432 + . = ALIGN(4*1024*1024);
4438 + .data : { /* Data */
4444 + .data.cacheline_aligned : { *(.data.cacheline_aligned) }
4447 + .data.init_task : { *(.data.init_task) }
4450 + .data.page_aligned : {
4453 + _edata = .; /* End of data section */
4455 + __bss_start = .; /* BSS */
4463 + /* Sections to be discarded */
4470 + /* Stabs debugging sections. */
4471 + .stab 0 : { *(.stab) }
4472 + .stabstr 0 : { *(.stabstr) }
4473 + .stab.excl 0 : { *(.stab.excl) }
4474 + .stab.exclstr 0 : { *(.stab.exclstr) }
4475 + .stab.index 0 : { *(.stab.index) }
4476 + .stab.indexstr 0 : { *(.stab.indexstr) }
4477 + .comment 0 : { *(.comment) }
4479 diff -urNp linux-2.4.37.7/arch/ia64/config.in linux-2.4.37.7/arch/ia64/config.in
4480 --- linux-2.4.37.7/arch/ia64/config.in 2009-11-07 11:52:20.000000000 -0500
4481 +++ linux-2.4.37.7/arch/ia64/config.in 2009-11-10 19:30:27.000000000 -0500
4482 @@ -319,3 +319,12 @@ fi
4483 int 'Kernel messages buffer length shift (0 = default)' CONFIG_LOG_BUF_SHIFT 0
4487 +mainmenu_option next_comment
4488 +comment 'Grsecurity'
4489 +bool 'Grsecurity' CONFIG_GRKERNSEC
4490 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
4491 + source grsecurity/Config.in
4495 diff -urNp linux-2.4.37.7/arch/ia64/hp/common/sba_iommu.c linux-2.4.37.7/arch/ia64/hp/common/sba_iommu.c
4496 --- linux-2.4.37.7/arch/ia64/hp/common/sba_iommu.c 2009-11-07 11:52:20.000000000 -0500
4497 +++ linux-2.4.37.7/arch/ia64/hp/common/sba_iommu.c 2009-11-10 19:30:27.000000000 -0500
4498 @@ -1704,7 +1704,7 @@ ioc_show(struct seq_file *s, void *v)
4502 -static struct seq_operations ioc_seq_ops = {
4503 +static const struct seq_operations ioc_seq_ops = {
4507 @@ -1717,7 +1717,7 @@ ioc_open(struct inode *inode, struct fil
4508 return seq_open(file, &ioc_seq_ops);
4511 -static struct file_operations ioc_fops = {
4512 +static const struct file_operations ioc_fops = {
4515 .llseek = seq_lseek,
4516 diff -urNp linux-2.4.37.7/arch/ia64/ia32/binfmt_elf32.c linux-2.4.37.7/arch/ia64/ia32/binfmt_elf32.c
4517 --- linux-2.4.37.7/arch/ia64/ia32/binfmt_elf32.c 2009-11-07 11:52:20.000000000 -0500
4518 +++ linux-2.4.37.7/arch/ia64/ia32/binfmt_elf32.c 2009-11-10 19:30:27.000000000 -0500
4519 @@ -53,6 +53,13 @@ static void elf32_set_personality (void)
4520 #undef SET_PERSONALITY
4521 #define SET_PERSONALITY(ex, ibcs2) elf32_set_personality()
4523 +#ifdef CONFIG_PAX_ASLR
4524 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
4526 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 43 - IA32_PAGE_SHIFT)
4527 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 43 - IA32_PAGE_SHIFT)
4530 /* Ugly but avoids duplication */
4531 #include "../../../fs/binfmt_elf.c"
4533 @@ -68,7 +75,7 @@ ia32_install_shared_page (struct vm_area
4537 -static struct vm_operations_struct ia32_shared_page_vm_ops = {
4538 +static const struct vm_operations_struct ia32_shared_page_vm_ops = {
4539 .nopage =ia32_install_shared_page
4542 @@ -190,8 +197,15 @@ ia32_setup_arg_pages (struct linux_binpr
4543 mpnt->vm_mm = current->mm;
4544 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
4545 mpnt->vm_end = IA32_STACK_TOP;
4546 - mpnt->vm_page_prot = PAGE_COPY;
4547 mpnt->vm_flags = VM_STACK_FLAGS;
4549 +#ifdef CONFIG_PAX_PAGEEXEC
4550 + if (!(current->mm->pax_flags & MF_PAX_PAGEEXEC))
4551 + mpnt->vm_page_prot = protection_map[(VM_STACK_FLAGS | VM_EXEC) & 0x7];
4555 + mpnt->vm_page_prot = protection_map[VM_STACK_FLAGS & 0x7];
4556 mpnt->vm_ops = NULL;
4558 mpnt->vm_file = NULL;
4559 diff -urNp linux-2.4.37.7/arch/ia64/ia32/sys_ia32.c linux-2.4.37.7/arch/ia64/ia32/sys_ia32.c
4560 --- linux-2.4.37.7/arch/ia64/ia32/sys_ia32.c 2009-11-07 11:52:20.000000000 -0500
4561 +++ linux-2.4.37.7/arch/ia64/ia32/sys_ia32.c 2009-11-10 19:30:27.000000000 -0500
4562 @@ -538,7 +538,6 @@ sys32_mmap (struct mmap_arg_struct *arg)
4567 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
4568 if (!(flags & MAP_ANONYMOUS)) {
4570 diff -urNp linux-2.4.37.7/arch/ia64/kernel/efivars.c linux-2.4.37.7/arch/ia64/kernel/efivars.c
4571 --- linux-2.4.37.7/arch/ia64/kernel/efivars.c 2009-11-07 11:52:20.000000000 -0500
4572 +++ linux-2.4.37.7/arch/ia64/kernel/efivars.c 2009-11-10 19:30:27.000000000 -0500
4573 @@ -412,7 +412,7 @@ out:
4576 static struct proc_dir_entry *efi_systab_entry;
4577 -static struct file_operations efi_systab_fops = {
4578 +static const struct file_operations efi_systab_fops = {
4579 .read = efi_systab_read,
4582 diff -urNp linux-2.4.37.7/arch/ia64/kernel/perfmon.c linux-2.4.37.7/arch/ia64/kernel/perfmon.c
4583 --- linux-2.4.37.7/arch/ia64/kernel/perfmon.c 2009-11-07 11:52:20.000000000 -0500
4584 +++ linux-2.4.37.7/arch/ia64/kernel/perfmon.c 2009-11-10 19:30:27.000000000 -0500
4585 @@ -3261,7 +3261,7 @@ pfm_proc_show(struct seq_file *m, void *
4589 -struct seq_operations pfm_seq_ops = {
4590 +const struct seq_operations pfm_seq_ops = {
4591 .start = pfm_proc_start,
4592 .next = pfm_proc_next,
4593 .stop = pfm_proc_stop,
4594 @@ -4500,7 +4500,7 @@ pfm_remove_alternate_syswide_subsystem(p
4598 -static struct file_operations pfm_proc_fops = {
4599 +static const struct file_operations pfm_proc_fops = {
4600 .open = pfm_proc_open,
4602 .llseek = seq_lseek,
4603 diff -urNp linux-2.4.37.7/arch/ia64/kernel/ptrace.c linux-2.4.37.7/arch/ia64/kernel/ptrace.c
4604 --- linux-2.4.37.7/arch/ia64/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
4605 +++ linux-2.4.37.7/arch/ia64/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
4607 #include <linux/ptrace.h>
4608 #include <linux/smp_lock.h>
4609 #include <linux/user.h>
4610 +#include <linux/grsecurity.h>
4612 #include <asm/pgtable.h>
4613 #include <asm/processor.h>
4614 @@ -1299,6 +1300,9 @@ sys_ptrace (long request, pid_t pid, uns
4615 if (pid == 1) /* no messing around with init! */
4618 + if (gr_handle_ptrace(child, request))
4621 if (request == PTRACE_ATTACH) {
4622 ret = ptrace_attach(child);
4624 diff -urNp linux-2.4.37.7/arch/ia64/kernel/salinfo.c linux-2.4.37.7/arch/ia64/kernel/salinfo.c
4625 --- linux-2.4.37.7/arch/ia64/kernel/salinfo.c 2009-11-07 11:52:20.000000000 -0500
4626 +++ linux-2.4.37.7/arch/ia64/kernel/salinfo.c 2009-11-10 19:30:27.000000000 -0500
4627 @@ -338,7 +338,7 @@ retry:
4631 -static struct file_operations salinfo_event_fops = {
4632 +static const struct file_operations salinfo_event_fops = {
4633 .open = salinfo_event_open,
4634 .read = salinfo_event_read,
4636 @@ -558,7 +558,7 @@ salinfo_log_write(struct file *file, con
4640 -static struct file_operations salinfo_data_fops = {
4641 +static const struct file_operations salinfo_data_fops = {
4642 .open = salinfo_log_open,
4643 .release = salinfo_log_release,
4644 .read = salinfo_log_read,
4645 diff -urNp linux-2.4.37.7/arch/ia64/kernel/setup.c linux-2.4.37.7/arch/ia64/kernel/setup.c
4646 --- linux-2.4.37.7/arch/ia64/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
4647 +++ linux-2.4.37.7/arch/ia64/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
4648 @@ -566,7 +566,7 @@ c_stop (struct seq_file *m, void *v)
4652 -struct seq_operations cpuinfo_op = {
4653 +const struct seq_operations cpuinfo_op = {
4657 diff -urNp linux-2.4.37.7/arch/ia64/kernel/sys_ia64.c linux-2.4.37.7/arch/ia64/kernel/sys_ia64.c
4658 --- linux-2.4.37.7/arch/ia64/kernel/sys_ia64.c 2009-11-07 11:52:20.000000000 -0500
4659 +++ linux-2.4.37.7/arch/ia64/kernel/sys_ia64.c 2009-11-10 19:30:27.000000000 -0500
4660 @@ -34,6 +34,13 @@ arch_get_unmapped_area (struct file *fil
4661 if (rgn_index(addr)==REGION_HPAGE)
4665 +#ifdef CONFIG_PAX_RANDMMAP
4666 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
4667 + addr = TASK_UNMAPPED_BASE + current->mm->delta_mmap;
4672 addr = TASK_UNMAPPED_BASE;
4674 diff -urNp linux-2.4.37.7/arch/ia64/mm/fault.c linux-2.4.37.7/arch/ia64/mm/fault.c
4675 --- linux-2.4.37.7/arch/ia64/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
4676 +++ linux-2.4.37.7/arch/ia64/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
4677 @@ -36,6 +36,10 @@ expand_backing_store (struct vm_area_str
4678 if (address - vma->vm_start > current->rlim[RLIMIT_STACK].rlim_cur
4679 || (((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur))
4681 + if ((vma->vm_flags & VM_LOCKED) &&
4682 + ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_MEMLOCK].rlim_cur &&
4683 + !capable(CAP_IPC_LOCK))
4685 vma->vm_end += PAGE_SIZE;
4686 vma->vm_mm->total_vm += grow;
4687 if (vma->vm_flags & VM_LOCKED)
4688 @@ -70,6 +74,23 @@ mapped_kernel_page_is_present (unsigned
4689 return pte_present(pte);
4692 +#ifdef CONFIG_PAX_PAGEEXEC
4693 +void pax_report_insns(void *pc, void *sp)
4697 + printk(KERN_ERR "PAX: bytes at PC: ");
4698 + for (i = 0; i < 8; i++) {
4700 + if (get_user(c, (unsigned int*)pc+i))
4701 + printk("???????? ");
4703 + printk("%08x ", c);
4710 ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
4712 @@ -122,9 +143,23 @@ ia64_do_page_fault (unsigned long addres
4713 | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT)
4714 | (((isr >> IA64_ISR_R_BIT) & 1UL) << VM_READ_BIT));
4716 - if ((vma->vm_flags & mask) != mask)
4717 + if ((vma->vm_flags & mask) != mask) {
4719 +#ifdef CONFIG_PAX_PAGEEXEC
4720 + if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
4721 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
4724 + up_read(&mm->mmap_sem);
4725 + pax_report_fault(regs, (void*)regs->cr_iip, (void*)regs->r12);
4736 * If for any reason at all we couldn't handle the fault, make
4737 diff -urNp linux-2.4.37.7/arch/ia64/mm/hugetlbpage.c linux-2.4.37.7/arch/ia64/mm/hugetlbpage.c
4738 --- linux-2.4.37.7/arch/ia64/mm/hugetlbpage.c 2009-11-07 11:52:20.000000000 -0500
4739 +++ linux-2.4.37.7/arch/ia64/mm/hugetlbpage.c 2009-11-10 19:30:27.000000000 -0500
4740 @@ -24,7 +24,7 @@ static long htlbpagemem;
4742 static long htlbzone_pages;
4744 -struct vm_operations_struct hugetlb_vm_ops;
4745 +const struct vm_operations_struct hugetlb_vm_ops;
4746 static LIST_HEAD(htlbpage_freelist);
4747 static spinlock_t htlbpage_lock = SPIN_LOCK_UNLOCKED;
4749 @@ -512,6 +512,6 @@ static struct page *hugetlb_nopage(struc
4753 -struct vm_operations_struct hugetlb_vm_ops = {
4754 +const struct vm_operations_struct hugetlb_vm_ops = {
4755 .nopage = hugetlb_nopage,
4757 diff -urNp linux-2.4.37.7/arch/ia64/mm/init.c linux-2.4.37.7/arch/ia64/mm/init.c
4758 --- linux-2.4.37.7/arch/ia64/mm/init.c 2009-11-07 11:52:20.000000000 -0500
4759 +++ linux-2.4.37.7/arch/ia64/mm/init.c 2009-11-10 19:30:27.000000000 -0500
4760 @@ -73,7 +73,7 @@ ia64_set_rbs_bot (void)
4762 if (stack_size > MAX_USER_STACK_SIZE)
4763 stack_size = MAX_USER_STACK_SIZE;
4764 - current->thread.rbs_bot = STACK_TOP - stack_size;
4765 + current->thread.rbs_bot = PAGE_ALIGN(current->mm->start_stack - stack_size);
4769 @@ -105,6 +105,7 @@ ia64_init_addr_space (void)
4771 vma->vm_file = NULL;
4772 vma->vm_private_data = NULL;
4773 + vma->vm_mirror = 0;
4774 down_write(¤t->mm->mmap_sem);
4775 if (insert_vm_struct(current->mm, vma)) {
4776 up_write(¤t->mm->mmap_sem);
4777 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/drivers/ifconfig_net.c linux-2.4.37.7/arch/ia64/sn/io/drivers/ifconfig_net.c
4778 --- linux-2.4.37.7/arch/ia64/sn/io/drivers/ifconfig_net.c 2009-11-07 11:52:20.000000000 -0500
4779 +++ linux-2.4.37.7/arch/ia64/sn/io/drivers/ifconfig_net.c 2009-11-10 19:30:27.000000000 -0500
4780 @@ -277,7 +277,7 @@ static int ifconfig_net_ioctl(struct ino
4784 -struct file_operations ifconfig_net_fops = {
4785 +const struct file_operations ifconfig_net_fops = {
4786 ioctl:ifconfig_net_ioctl, /* ioctl */
4787 open:ifconfig_net_open, /* open */
4788 release:ifconfig_net_close /* release */
4789 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/drivers/ioconfig_bus.c linux-2.4.37.7/arch/ia64/sn/io/drivers/ioconfig_bus.c
4790 --- linux-2.4.37.7/arch/ia64/sn/io/drivers/ioconfig_bus.c 2009-11-07 11:52:20.000000000 -0500
4791 +++ linux-2.4.37.7/arch/ia64/sn/io/drivers/ioconfig_bus.c 2009-11-10 19:30:27.000000000 -0500
4792 @@ -359,7 +359,7 @@ static int ioconfig_bus_close(struct ino
4796 -struct file_operations ioconfig_bus_fops = {
4797 +const struct file_operations ioconfig_bus_fops = {
4798 ioctl:ioconfig_bus_ioctl,
4799 open:ioconfig_bus_open, /* open */
4800 release:ioconfig_bus_close /* release */
4801 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/drivers/pciba.c linux-2.4.37.7/arch/ia64/sn/io/drivers/pciba.c
4802 --- linux-2.4.37.7/arch/ia64/sn/io/drivers/pciba.c 2009-11-07 11:52:20.000000000 -0500
4803 +++ linux-2.4.37.7/arch/ia64/sn/io/drivers/pciba.c 2009-11-10 19:30:27.000000000 -0500
4804 @@ -211,7 +211,7 @@ static void dump_allocations(struct list
4807 /* file operations for each type of node */
4808 -static struct file_operations rom_fops = {
4809 +static const struct file_operations rom_fops = {
4813 @@ -219,20 +219,20 @@ static struct file_operations rom_fops =
4817 -static struct file_operations base_fops = {
4818 +static const struct file_operations base_fops = {
4825 -static struct file_operations config_fops = {
4826 +static const struct file_operations config_fops = {
4828 ioctl: config_ioctl,
4832 -static struct file_operations dma_fops = {
4833 +static const struct file_operations dma_fops = {
4837 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/hwgdfs/hcl.c linux-2.4.37.7/arch/ia64/sn/io/hwgdfs/hcl.c
4838 --- linux-2.4.37.7/arch/ia64/sn/io/hwgdfs/hcl.c 2009-11-07 11:52:20.000000000 -0500
4839 +++ linux-2.4.37.7/arch/ia64/sn/io/hwgdfs/hcl.c 2009-11-10 19:30:27.000000000 -0500
4840 @@ -106,7 +106,7 @@ static int hcl_ioctl(struct inode * inod
4844 -struct file_operations hcl_fops = {
4845 +const struct file_operations hcl_fops = {
4847 NULL, /* lseek - default */
4848 NULL, /* read - general block-dev read */
4849 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/hwgfs/hcl.c linux-2.4.37.7/arch/ia64/sn/io/hwgfs/hcl.c
4850 --- linux-2.4.37.7/arch/ia64/sn/io/hwgfs/hcl.c 2009-11-07 11:52:20.000000000 -0500
4851 +++ linux-2.4.37.7/arch/ia64/sn/io/hwgfs/hcl.c 2009-11-10 19:30:27.000000000 -0500
4852 @@ -108,7 +108,7 @@ static int hcl_ioctl(struct inode * inod
4856 -struct file_operations hcl_fops = {
4857 +const struct file_operations hcl_fops = {
4859 NULL, /* lseek - default */
4860 NULL, /* read - general block-dev read */
4861 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/hwgfs/ramfs.c linux-2.4.37.7/arch/ia64/sn/io/hwgfs/ramfs.c
4862 --- linux-2.4.37.7/arch/ia64/sn/io/hwgfs/ramfs.c 2009-11-07 11:52:20.000000000 -0500
4863 +++ linux-2.4.37.7/arch/ia64/sn/io/hwgfs/ramfs.c 2009-11-10 19:30:27.000000000 -0500
4865 /* some random number */
4866 #define HWGFS_MAGIC 0x12061983
4868 -static struct super_operations hwgfs_ops;
4869 -static struct address_space_operations hwgfs_aops;
4870 -static struct file_operations hwgfs_file_operations;
4871 -static struct inode_operations hwgfs_dir_inode_operations;
4872 +static const struct super_operations hwgfs_ops;
4873 +static const struct address_space_operations hwgfs_aops;
4874 +static const struct file_operations hwgfs_file_operations;
4875 +static const struct inode_operations hwgfs_dir_inode_operations;
4877 static int hwgfs_statfs(struct super_block *sb, struct statfs *buf)
4879 @@ -247,21 +247,21 @@ static int hwgfs_sync_file(struct file *
4883 -static struct address_space_operations hwgfs_aops = {
4884 +static const struct address_space_operations hwgfs_aops = {
4885 .readpage = hwgfs_readpage,
4886 .writepage = fail_writepage,
4887 .prepare_write = hwgfs_prepare_write,
4888 .commit_write = hwgfs_commit_write
4891 -static struct file_operations hwgfs_file_operations = {
4892 +static const struct file_operations hwgfs_file_operations = {
4893 .read = generic_file_read,
4894 .write = generic_file_write,
4895 .mmap = generic_file_mmap,
4896 .fsync = hwgfs_sync_file,
4899 -static struct inode_operations hwgfs_dir_inode_operations = {
4900 +static const struct inode_operations hwgfs_dir_inode_operations = {
4901 .create = hwgfs_create,
4902 .lookup = hwgfs_lookup,
4904 @@ -273,7 +273,7 @@ static struct inode_operations hwgfs_dir
4905 .rename = hwgfs_rename,
4908 -static struct super_operations hwgfs_ops = {
4909 +static const struct super_operations hwgfs_ops = {
4910 .statfs = hwgfs_statfs,
4911 .put_inode = force_delete,
4913 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/sn2/pcibr/pcibr_dvr.c linux-2.4.37.7/arch/ia64/sn/io/sn2/pcibr/pcibr_dvr.c
4914 --- linux-2.4.37.7/arch/ia64/sn/io/sn2/pcibr/pcibr_dvr.c 2009-11-07 11:52:20.000000000 -0500
4915 +++ linux-2.4.37.7/arch/ia64/sn/io/sn2/pcibr/pcibr_dvr.c 2009-11-10 19:30:27.000000000 -0500
4916 @@ -577,7 +577,7 @@ pcibr_mmap(struct file * file, struct vm
4917 * appropriate function name below.
4919 static int pcibr_mmap(struct file * file, struct vm_area_struct * vma);
4920 -struct file_operations pcibr_fops = {
4921 +const struct file_operations pcibr_fops = {
4922 .owner = THIS_MODULE,
4925 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/sn2/shub.c linux-2.4.37.7/arch/ia64/sn/io/sn2/shub.c
4926 --- linux-2.4.37.7/arch/ia64/sn/io/sn2/shub.c 2009-11-07 11:52:20.000000000 -0500
4927 +++ linux-2.4.37.7/arch/ia64/sn/io/sn2/shub.c 2009-11-10 19:30:27.000000000 -0500
4928 @@ -223,7 +223,7 @@ shubstats_ioctl(struct inode *inode, str
4932 -struct file_operations shub_mon_fops = {
4933 +const struct file_operations shub_mon_fops = {
4934 ioctl: shubstats_ioctl,
4937 diff -urNp linux-2.4.37.7/arch/ia64/sn/io/sn2/xbow.c linux-2.4.37.7/arch/ia64/sn/io/sn2/xbow.c
4938 --- linux-2.4.37.7/arch/ia64/sn/io/sn2/xbow.c 2009-11-07 11:52:20.000000000 -0500
4939 +++ linux-2.4.37.7/arch/ia64/sn/io/sn2/xbow.c 2009-11-10 19:30:27.000000000 -0500
4940 @@ -141,7 +141,7 @@ xbow_mmap(struct file * file, struct vm_
4941 * As each of the functions are implemented, put the
4942 * appropriate function name below.
4944 -struct file_operations xbow_fops = {
4945 +const struct file_operations xbow_fops = {
4946 .owner = THIS_MODULE,
4949 diff -urNp linux-2.4.37.7/arch/m68k/atari/joystick.c linux-2.4.37.7/arch/m68k/atari/joystick.c
4950 --- linux-2.4.37.7/arch/m68k/atari/joystick.c 2009-11-07 11:52:20.000000000 -0500
4951 +++ linux-2.4.37.7/arch/m68k/atari/joystick.c 2009-11-10 19:30:27.000000000 -0500
4952 @@ -121,7 +121,7 @@ static unsigned int joystick_poll(struct
4956 -struct file_operations atari_joystick_fops = {
4957 +const struct file_operations atari_joystick_fops = {
4958 read: read_joystick,
4959 write: write_joystick,
4960 poll: joystick_poll,
4961 diff -urNp linux-2.4.37.7/arch/m68k/bvme6000/rtc.c linux-2.4.37.7/arch/m68k/bvme6000/rtc.c
4962 --- linux-2.4.37.7/arch/m68k/bvme6000/rtc.c 2009-11-07 11:52:20.000000000 -0500
4963 +++ linux-2.4.37.7/arch/m68k/bvme6000/rtc.c 2009-11-10 19:30:27.000000000 -0500
4964 @@ -161,7 +161,7 @@ static int rtc_release(struct inode *ino
4965 * The various file operations we support.
4968 -static struct file_operations rtc_fops = {
4969 +static const struct file_operations rtc_fops = {
4972 release: rtc_release,
4973 diff -urNp linux-2.4.37.7/arch/m68k/config.in linux-2.4.37.7/arch/m68k/config.in
4974 --- linux-2.4.37.7/arch/m68k/config.in 2009-11-07 11:52:20.000000000 -0500
4975 +++ linux-2.4.37.7/arch/m68k/config.in 2009-11-10 19:30:27.000000000 -0500
4976 @@ -558,3 +558,11 @@ endmenu
4978 source crypto/Config.in
4979 source lib/Config.in
4981 +mainmenu_option next_comment
4982 +comment 'Grsecurity'
4983 +bool 'Grsecurity' CONFIG_GRKERNSEC
4984 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
4985 + source grsecurity/Config.in
4988 diff -urNp linux-2.4.37.7/arch/m68k/kernel/setup.c linux-2.4.37.7/arch/m68k/kernel/setup.c
4989 --- linux-2.4.37.7/arch/m68k/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
4990 +++ linux-2.4.37.7/arch/m68k/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
4991 @@ -531,7 +531,7 @@ static void *c_next(struct seq_file *m,
4992 static void c_stop(struct seq_file *m, void *v)
4995 -struct seq_operations cpuinfo_op = {
4996 +const struct seq_operations cpuinfo_op = {
5000 diff -urNp linux-2.4.37.7/arch/m68k/mvme16x/rtc.c linux-2.4.37.7/arch/m68k/mvme16x/rtc.c
5001 --- linux-2.4.37.7/arch/m68k/mvme16x/rtc.c 2009-11-07 11:52:20.000000000 -0500
5002 +++ linux-2.4.37.7/arch/m68k/mvme16x/rtc.c 2009-11-10 19:30:27.000000000 -0500
5003 @@ -150,7 +150,7 @@ static int rtc_release(struct inode *ino
5004 * The various file operations we support.
5007 -static struct file_operations rtc_fops = {
5008 +static const struct file_operations rtc_fops = {
5011 release: rtc_release,
5012 diff -urNp linux-2.4.37.7/arch/mips/config.in linux-2.4.37.7/arch/mips/config.in
5013 --- linux-2.4.37.7/arch/mips/config.in 2009-11-07 11:52:20.000000000 -0500
5014 +++ linux-2.4.37.7/arch/mips/config.in 2009-11-10 19:30:27.000000000 -0500
5015 @@ -7,3 +7,11 @@ define_bool CONFIG_MIPS32 y
5016 define_bool CONFIG_MIPS64 n
5018 source arch/mips/config-shared.in
5020 +mainmenu_option next_comment
5021 +comment 'Grsecurity'
5022 +bool 'Grsecurity' CONFIG_GRKERNSEC
5023 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
5024 + source grsecurity/Config.in
5027 diff -urNp linux-2.4.37.7/arch/mips/kernel/proc.c linux-2.4.37.7/arch/mips/kernel/proc.c
5028 --- linux-2.4.37.7/arch/mips/kernel/proc.c 2009-11-07 11:52:20.000000000 -0500
5029 +++ linux-2.4.37.7/arch/mips/kernel/proc.c 2009-11-10 19:30:27.000000000 -0500
5030 @@ -143,7 +143,7 @@ static void c_stop(struct seq_file *m, v
5034 -struct seq_operations cpuinfo_op = {
5035 +const struct seq_operations cpuinfo_op = {
5039 diff -urNp linux-2.4.37.7/arch/mips/kernel/syscall.c linux-2.4.37.7/arch/mips/kernel/syscall.c
5040 --- linux-2.4.37.7/arch/mips/kernel/syscall.c 2009-11-07 11:52:20.000000000 -0500
5041 +++ linux-2.4.37.7/arch/mips/kernel/syscall.c 2009-11-10 19:30:27.000000000 -0500
5042 @@ -82,6 +82,11 @@ unsigned long arch_get_unmapped_area(str
5044 if (filp || (flags & MAP_SHARED))
5047 +#ifdef CONFIG_PAX_RANDMMAP
5048 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
5053 addr = COLOUR_ALIGN(addr, pgoff);
5054 @@ -92,6 +97,13 @@ unsigned long arch_get_unmapped_area(str
5055 (!vmm || addr + len <= vmm->vm_start))
5059 +#ifdef CONFIG_PAX_RANDMMAP
5060 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
5061 + addr = TASK_UNMAPPED_BASE + current->mm->delta_mmap;
5065 addr = TASK_UNMAPPED_BASE;
5067 addr = COLOUR_ALIGN(addr, pgoff);
5068 diff -urNp linux-2.4.37.7/arch/mips/mm/fault.c linux-2.4.37.7/arch/mips/mm/fault.c
5069 --- linux-2.4.37.7/arch/mips/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
5070 +++ linux-2.4.37.7/arch/mips/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
5071 @@ -69,6 +69,23 @@ void bust_spinlocks(int yes)
5075 +#ifdef CONFIG_PAX_PAGEEXEC
5076 +void pax_report_insns(void *pc, void *sp)
5080 + printk(KERN_ERR "PAX: bytes at PC: ");
5081 + for (i = 0; i < 5; i++) {
5083 + if (get_user(c, (unsigned int*)pc+i))
5084 + printk("???????? ");
5086 + printk("%08x ", c);
5093 * This routine handles page faults. It determines the address,
5094 * and the problem, and then passes it off to one of the appropriate
5095 diff -urNp linux-2.4.37.7/arch/mips/sibyte/sb1250/bcm1250_tbprof.c linux-2.4.37.7/arch/mips/sibyte/sb1250/bcm1250_tbprof.c
5096 --- linux-2.4.37.7/arch/mips/sibyte/sb1250/bcm1250_tbprof.c 2009-11-07 11:52:20.000000000 -0500
5097 +++ linux-2.4.37.7/arch/mips/sibyte/sb1250/bcm1250_tbprof.c 2009-11-10 19:30:27.000000000 -0500
5098 @@ -356,7 +356,7 @@ static int sbprof_tb_ioctl(struct inode
5102 -static struct file_operations sbprof_tb_fops = {
5103 +static const struct file_operations sbprof_tb_fops = {
5104 .owner = THIS_MODULE,
5105 .open = sbprof_tb_open,
5106 .release = sbprof_tb_release,
5107 diff -urNp linux-2.4.37.7/arch/mips64/config.in linux-2.4.37.7/arch/mips64/config.in
5108 --- linux-2.4.37.7/arch/mips64/config.in 2009-11-07 11:52:20.000000000 -0500
5109 +++ linux-2.4.37.7/arch/mips64/config.in 2009-11-10 19:30:27.000000000 -0500
5110 @@ -7,3 +7,11 @@ define_bool CONFIG_MIPS32 n
5111 define_bool CONFIG_MIPS64 y
5113 source arch/mips/config-shared.in
5115 +mainmenu_option next_comment
5116 +comment 'Grsecurity'
5117 +bool 'Grsecurity' CONFIG_GRKERNSEC
5118 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
5119 + source grsecurity/Config.in
5122 diff -urNp linux-2.4.37.7/arch/mips64/kernel/binfmt_elfn32.c linux-2.4.37.7/arch/mips64/kernel/binfmt_elfn32.c
5123 --- linux-2.4.37.7/arch/mips64/kernel/binfmt_elfn32.c 2009-11-07 11:52:20.000000000 -0500
5124 +++ linux-2.4.37.7/arch/mips64/kernel/binfmt_elfn32.c 2009-11-10 19:30:27.000000000 -0500
5125 @@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
5126 #undef ELF_ET_DYN_BASE
5127 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
5129 +#ifdef CONFIG_PAX_ASLR
5130 +#define PAX_ELF_ET_DYN_BASE ((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
5132 +#define PAX_DELTA_MMAP_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
5133 +#define PAX_DELTA_STACK_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
5136 #include <asm/processor.h>
5137 #include <linux/module.h>
5138 #include <linux/config.h>
5139 diff -urNp linux-2.4.37.7/arch/mips64/kernel/binfmt_elfo32.c linux-2.4.37.7/arch/mips64/kernel/binfmt_elfo32.c
5140 --- linux-2.4.37.7/arch/mips64/kernel/binfmt_elfo32.c 2009-11-07 11:52:20.000000000 -0500
5141 +++ linux-2.4.37.7/arch/mips64/kernel/binfmt_elfo32.c 2009-11-10 19:30:27.000000000 -0500
5142 @@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
5143 #undef ELF_ET_DYN_BASE
5144 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
5146 +#ifdef CONFIG_PAX_ASLR
5147 +#define PAX_ELF_ET_DYN_BASE ((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
5149 +#define PAX_DELTA_MMAP_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
5150 +#define PAX_DELTA_STACK_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
5153 #include <asm/processor.h>
5154 #include <linux/module.h>
5155 #include <linux/config.h>
5156 diff -urNp linux-2.4.37.7/arch/mips64/kernel/proc.c linux-2.4.37.7/arch/mips64/kernel/proc.c
5157 --- linux-2.4.37.7/arch/mips64/kernel/proc.c 2009-11-07 11:52:20.000000000 -0500
5158 +++ linux-2.4.37.7/arch/mips64/kernel/proc.c 2009-11-10 19:30:27.000000000 -0500
5159 @@ -143,7 +143,7 @@ static void c_stop(struct seq_file *m, v
5163 -struct seq_operations cpuinfo_op = {
5164 +const struct seq_operations cpuinfo_op = {
5168 diff -urNp linux-2.4.37.7/arch/mips64/kernel/syscall.c linux-2.4.37.7/arch/mips64/kernel/syscall.c
5169 --- linux-2.4.37.7/arch/mips64/kernel/syscall.c 2009-11-07 11:52:20.000000000 -0500
5170 +++ linux-2.4.37.7/arch/mips64/kernel/syscall.c 2009-11-10 19:30:27.000000000 -0500
5171 @@ -80,6 +80,11 @@ unsigned long arch_get_unmapped_area(str
5173 if (filp || (flags & MAP_SHARED))
5176 +#ifdef CONFIG_PAX_RANDMMAP
5177 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
5182 addr = COLOUR_ALIGN(addr, pgoff);
5183 @@ -90,6 +95,13 @@ unsigned long arch_get_unmapped_area(str
5184 (!vmm || addr + len <= vmm->vm_start))
5188 +#ifdef CONFIG_PAX_RANDMMAP
5189 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
5190 + addr = TASK_UNMAPPED_BASE + current->mm->delta_mmap;
5194 addr = TASK_UNMAPPED_BASE;
5196 addr = COLOUR_ALIGN(addr, pgoff);
5197 diff -urNp linux-2.4.37.7/arch/mips64/mm/fault.c linux-2.4.37.7/arch/mips64/mm/fault.c
5198 --- linux-2.4.37.7/arch/mips64/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
5199 +++ linux-2.4.37.7/arch/mips64/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
5200 @@ -90,6 +90,24 @@ void bust_spinlocks(int yes)
5204 +#ifdef CONFIG_PAX_PAGEEXEC
5205 +void pax_report_insns(void *pc, void *sp)
5209 + printk(KERN_ERR "PAX: bytes at PC: ");
5210 + for (i = 0; i < 5; i++) {
5212 + if (get_user(c, (unsigned int*)pc+i)) {
5213 + printk("<invalid address>.");
5216 + printk("%08x ", c);
5223 * This routine handles page faults. It determines the address,
5224 * and the problem, and then passes it off to one of the appropriate
5225 diff -urNp linux-2.4.37.7/arch/parisc/config.in linux-2.4.37.7/arch/parisc/config.in
5226 --- linux-2.4.37.7/arch/parisc/config.in 2009-11-07 11:52:20.000000000 -0500
5227 +++ linux-2.4.37.7/arch/parisc/config.in 2009-11-10 19:30:27.000000000 -0500
5228 @@ -204,3 +204,11 @@ endmenu
5230 source crypto/Config.in
5231 source lib/Config.in
5233 +mainmenu_option next_comment
5234 +comment 'Grsecurity'
5235 +bool 'Grsecurity' CONFIG_GRKERNSEC
5236 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
5237 + source grsecurity/Config.in
5240 diff -urNp linux-2.4.37.7/arch/parisc/kernel/ioctl32.c linux-2.4.37.7/arch/parisc/kernel/ioctl32.c
5241 --- linux-2.4.37.7/arch/parisc/kernel/ioctl32.c 2009-11-07 11:52:20.000000000 -0500
5242 +++ linux-2.4.37.7/arch/parisc/kernel/ioctl32.c 2009-11-10 19:30:27.000000000 -0500
5243 @@ -1435,7 +1435,11 @@ static int vt_check(struct file *file)
5244 * To have permissions to do most of the vt ioctls, we either have
5245 * to be the owner of the tty, or super-user.
5247 +#ifdef CONFIG_GRKERNSEC
5248 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
5250 if (current->tty == tty || suser())
5255 diff -urNp linux-2.4.37.7/arch/parisc/kernel/perf.c linux-2.4.37.7/arch/parisc/kernel/perf.c
5256 --- linux-2.4.37.7/arch/parisc/kernel/perf.c 2009-11-07 11:52:20.000000000 -0500
5257 +++ linux-2.4.37.7/arch/parisc/kernel/perf.c 2009-11-10 19:30:27.000000000 -0500
5258 @@ -479,7 +479,7 @@ static int perf_ioctl(struct inode *inod
5262 -static struct file_operations perf_fops = {
5263 +static const struct file_operations perf_fops = {
5267 diff -urNp linux-2.4.37.7/arch/parisc/kernel/ptrace.c linux-2.4.37.7/arch/parisc/kernel/ptrace.c
5268 --- linux-2.4.37.7/arch/parisc/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
5269 +++ linux-2.4.37.7/arch/parisc/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
5271 #include <linux/ptrace.h>
5272 #include <linux/user.h>
5273 #include <linux/personality.h>
5275 +#include <linux/grsecurity.h>
5276 #include <asm/uaccess.h>
5277 #include <asm/pgtable.h>
5278 #include <asm/system.h>
5279 @@ -119,6 +119,9 @@ long sys_ptrace(long request, pid_t pid,
5280 if (pid == 1) /* no messing around with init! */
5283 + if (gr_handle_ptrace(child, request))
5286 if (request == PTRACE_ATTACH) {
5287 ret = ptrace_attach(child);
5289 diff -urNp linux-2.4.37.7/arch/parisc/kernel/setup.c linux-2.4.37.7/arch/parisc/kernel/setup.c
5290 --- linux-2.4.37.7/arch/parisc/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
5291 +++ linux-2.4.37.7/arch/parisc/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
5292 @@ -180,7 +180,7 @@ c_stop (struct seq_file *m, void *v)
5296 -struct seq_operations cpuinfo_op = {
5297 +const struct seq_operations cpuinfo_op = {
5301 diff -urNp linux-2.4.37.7/arch/parisc/kernel/sys_parisc32.c linux-2.4.37.7/arch/parisc/kernel/sys_parisc32.c
5302 --- linux-2.4.37.7/arch/parisc/kernel/sys_parisc32.c 2009-11-07 11:52:20.000000000 -0500
5303 +++ linux-2.4.37.7/arch/parisc/kernel/sys_parisc32.c 2009-11-10 19:30:27.000000000 -0500
5305 #include <linux/highmem.h>
5306 #include <linux/highuid.h>
5307 #include <linux/mman.h>
5308 +#include <linux/grsecurity.h>
5310 #include <asm/types.h>
5311 #include <asm/uaccess.h>
5312 @@ -177,6 +178,11 @@ do_execve32(char * filename, u32 * argv,
5316 +#ifdef CONFIG_GRKERNSEC
5317 + struct file *old_exec_file;
5318 + struct acl_subject_label *old_acl;
5319 + struct rlimit old_rlim[RLIM_NLIMITS];
5322 file = open_exec(filename);
5324 @@ -184,7 +190,26 @@ do_execve32(char * filename, u32 * argv,
5328 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes), 1);
5330 + if (gr_handle_nproc()) {
5331 + allow_write_access(file);
5336 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
5337 + allow_write_access(file);
5342 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
5344 +#ifdef CONFIG_PAX_RANDUSTACK
5345 + bprm.p -= (net_random() & ~(sizeof(void *)-1)) & ~PAGE_MASK;
5348 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
5350 DBG(("do_execve32(%s, %p, %p, %p)\n", filename, argv, envp, regs));
5351 @@ -209,11 +234,24 @@ do_execve32(char * filename, u32 * argv,
5355 + if (!gr_tpe_allow(file)) {
5360 + if (gr_check_crash_exec(file)) {
5365 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
5371 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
5373 retval = copy_strings32(bprm.envc, envp, &bprm);
5376 @@ -222,11 +260,32 @@ do_execve32(char * filename, u32 * argv,
5380 +#ifdef CONFIG_GRKERNSEC
5381 + old_acl = current->acl;
5382 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
5383 + old_exec_file = current->exec_file;
5385 + current->exec_file = file;
5388 + gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
5390 retval = search_binary_handler(&bprm,regs);
5392 + if (retval >= 0) {
5393 +#ifdef CONFIG_GRKERNSEC
5394 + if (old_exec_file)
5395 + fput(old_exec_file);
5397 /* execve success */
5401 +#ifdef CONFIG_GRKERNSEC
5402 + current->acl = old_acl;
5403 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
5404 + fput(current->exec_file);
5405 + current->exec_file = old_exec_file;
5408 /* Something went wrong, return the inode and free the argument pages*/
5409 allow_write_access(bprm.file);
5410 diff -urNp linux-2.4.37.7/arch/parisc/kernel/sys_parisc.c linux-2.4.37.7/arch/parisc/kernel/sys_parisc.c
5411 --- linux-2.4.37.7/arch/parisc/kernel/sys_parisc.c 2009-11-07 11:52:20.000000000 -0500
5412 +++ linux-2.4.37.7/arch/parisc/kernel/sys_parisc.c 2009-11-10 19:30:27.000000000 -0500
5413 @@ -90,6 +90,11 @@ unsigned long arch_get_unmapped_area(str
5414 inode = filp->f_dentry->d_inode;
5417 +#ifdef CONFIG_PAX_RANDMMAP
5418 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
5419 + addr = TASK_UNMAPPED_BASE + current->mm->delta_mmap;
5422 if (inode && (flags & MAP_SHARED) && (inode->i_mapping->i_mmap_shared)) {
5423 addr = get_shared_area(inode, addr, len, pgoff);
5425 @@ -104,6 +109,7 @@ static unsigned long do_mmap2(unsigned l
5427 struct file * file = NULL;
5428 unsigned long error = -EBADF;
5430 if (!(flags & MAP_ANONYMOUS)) {
5433 diff -urNp linux-2.4.37.7/arch/parisc/kernel/traps.c linux-2.4.37.7/arch/parisc/kernel/traps.c
5434 --- linux-2.4.37.7/arch/parisc/kernel/traps.c 2009-11-07 11:52:20.000000000 -0500
5435 +++ linux-2.4.37.7/arch/parisc/kernel/traps.c 2009-11-10 19:30:27.000000000 -0500
5436 @@ -637,9 +637,7 @@ void handle_interruption(int code, struc
5438 down_read(¤t->mm->mmap_sem);
5439 vma = find_vma(current->mm,regs->iaoq[0]);
5440 - if (vma && (regs->iaoq[0] >= vma->vm_start)
5441 - && (vma->vm_flags & VM_EXEC)) {
5443 + if (vma && (regs->iaoq[0] >= vma->vm_start)) {
5444 fault_address = regs->iaoq[0];
5445 fault_space = regs->iasq[0];
5447 diff -urNp linux-2.4.37.7/arch/parisc/mm/fault.c linux-2.4.37.7/arch/parisc/mm/fault.c
5448 --- linux-2.4.37.7/arch/parisc/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
5449 +++ linux-2.4.37.7/arch/parisc/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
5451 #include <linux/ptrace.h>
5452 #include <linux/sched.h>
5453 #include <linux/interrupt.h>
5454 +#include <linux/unistd.h>
5456 #include <asm/uaccess.h>
5457 #include <asm/traps.h>
5459 static unsigned long
5460 parisc_acctyp(unsigned long code, unsigned int inst)
5462 - if (code == 6 || code == 16)
5463 + if (code == 6 || code == 7 || code == 16)
5466 switch (inst & 0xf0000000) {
5467 @@ -139,6 +140,115 @@ parisc_acctyp(unsigned long code, unsign
5471 +#ifdef CONFIG_PAX_PAGEEXEC
5473 + * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
5475 + * returns 1 when task should be killed
5476 + * 2 when rt_sigreturn trampoline was detected
5477 + * 3 when unpatched PLT trampoline was detected
5479 +static int pax_handle_fetch_fault(struct pt_regs *regs)
5483 +#ifdef CONFIG_PAX_EMUPLT
5484 + do { /* PaX: unpatched PLT emulation */
5485 + unsigned int bl, depwi;
5487 + err = get_user(bl, (unsigned int*)instruction_pointer(regs));
5488 + err |= get_user(depwi, (unsigned int*)(instruction_pointer(regs)+4));
5493 + if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
5494 + unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
5496 + err = get_user(ldw, (unsigned int*)addr);
5497 + err |= get_user(bv, (unsigned int*)(addr+4));
5498 + err |= get_user(ldw2, (unsigned int*)(addr+8));
5503 + if (ldw == 0x0E801096U &&
5504 + bv == 0xEAC0C000U &&
5505 + ldw2 == 0x0E881095U)
5507 + unsigned int resolver, map;
5509 + err = get_user(resolver, (unsigned int*)(instruction_pointer(regs)+8));
5510 + err |= get_user(map, (unsigned int*)(instruction_pointer(regs)+12));
5514 + regs->gr[20] = instruction_pointer(regs)+8;
5515 + regs->gr[21] = map;
5516 + regs->gr[22] = resolver;
5517 + regs->iaoq[0] = resolver | 3UL;
5518 + regs->iaoq[1] = regs->iaoq[0] + 4;
5525 +#ifdef CONFIG_PAX_EMUTRAMP
5527 +#ifndef CONFIG_PAX_EMUSIGRT
5528 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
5532 + do { /* PaX: rt_sigreturn emulation */
5533 + unsigned int ldi1, ldi2, bel, nop;
5535 + err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
5536 + err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
5537 + err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
5538 + err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
5543 + if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
5544 + ldi2 == 0x3414015AU &&
5545 + bel == 0xE4008200U &&
5546 + nop == 0x08000240U)
5548 + regs->gr[25] = (ldi1 & 2) >> 1;
5549 + regs->gr[20] = __NR_rt_sigreturn;
5550 + regs->gr[31] = regs->iaoq[1] + 16;
5551 + regs->sr[0] = regs->iasq[1];
5552 + regs->iaoq[0] = 0x100UL;
5553 + regs->iaoq[1] = regs->iaoq[0] + 4;
5554 + regs->iasq[0] = regs->sr[2];
5555 + regs->iasq[1] = regs->sr[2];
5564 +void pax_report_insns(void *pc, void *sp)
5568 + printk(KERN_ERR "PAX: bytes at PC: ");
5569 + for (i = 0; i < 5; i++) {
5571 + if (get_user(c, (unsigned int*)pc+i))
5572 + printk("???????? ");
5574 + printk("%08x ", c);
5580 void do_page_fault(struct pt_regs *regs, unsigned long code,
5581 unsigned long address)
5583 @@ -164,8 +274,33 @@ good_area:
5585 acc_type = parisc_acctyp(code,regs->iir);
5587 - if ((vma->vm_flags & acc_type) != acc_type)
5588 + if ((vma->vm_flags & acc_type) != acc_type) {
5590 +#ifdef CONFIG_PAX_PAGEEXEC
5591 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
5592 + (address & ~3UL) == instruction_pointer(regs))
5594 + up_read(&mm->mmap_sem);
5595 + switch(pax_handle_fetch_fault(regs)) {
5597 +#ifdef CONFIG_PAX_EMUPLT
5602 +#ifdef CONFIG_PAX_EMUTRAMP
5608 + pax_report_fault(regs, (void*)instruction_pointer(regs), (void*)regs->gr[30]);
5617 * If for any reason at all we couldn't handle the fault, make
5618 diff -urNp linux-2.4.37.7/arch/ppc/config.in linux-2.4.37.7/arch/ppc/config.in
5619 --- linux-2.4.37.7/arch/ppc/config.in 2009-11-07 11:52:20.000000000 -0500
5620 +++ linux-2.4.37.7/arch/ppc/config.in 2009-11-10 19:30:27.000000000 -0500
5621 @@ -666,3 +666,12 @@ fi
5622 int 'Kernel messages buffer length shift (0 = default)' CONFIG_LOG_BUF_SHIFT 0
5626 +mainmenu_option next_comment
5627 +comment 'Grsecurity'
5628 +bool 'Grsecurity' CONFIG_GRKERNSEC
5629 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
5630 + source grsecurity/Config.in
5634 diff -urNp linux-2.4.37.7/arch/ppc/kernel/head_4xx.S linux-2.4.37.7/arch/ppc/kernel/head_4xx.S
5635 --- linux-2.4.37.7/arch/ppc/kernel/head_4xx.S 2009-11-07 11:52:20.000000000 -0500
5636 +++ linux-2.4.37.7/arch/ppc/kernel/head_4xx.S 2009-11-10 19:30:27.000000000 -0500
5637 @@ -296,15 +296,12 @@ label:
5639 /* Most of the Linux PTE is ready to load into the TLB LO.
5640 * We set ZSEL, where only the LS-bit determines user access.
5641 - * We set execute, because we don't have the granularity to
5642 - * properly set this at the page level (Linux problem).
5643 * If shared is set, we cause a zero PID->TID load.
5644 * Many of these bits are software only. Bits we don't set
5645 * here we (properly should) assume have the appropriate value.
5648 andc r21, r21, r22 /* Make sure 20, 21 are zero */
5649 - ori r21, r21, _PAGE_HWEXEC /* make it executable */
5651 /* find the TLB index that caused the fault. It has to be here.
5653 @@ -783,7 +780,6 @@ finish_tlb_load:
5654 stw r23, tlb_4xx_index@l(0)
5657 - ori r21, r21, _PAGE_HWEXEC /* make it executable */
5658 tlbwe r21, r23, TLB_DATA /* Load TLB LO */
5660 /* Create EPN. This is the faulting address plus a static
5661 diff -urNp linux-2.4.37.7/arch/ppc/kernel/ppc_htab.c linux-2.4.37.7/arch/ppc/kernel/ppc_htab.c
5662 --- linux-2.4.37.7/arch/ppc/kernel/ppc_htab.c 2009-11-07 11:52:20.000000000 -0500
5663 +++ linux-2.4.37.7/arch/ppc/kernel/ppc_htab.c 2009-11-10 19:30:27.000000000 -0500
5664 @@ -61,7 +61,7 @@ extern unsigned int htab_hash_searches;
5668 -struct file_operations ppc_htab_operations = {
5669 +const struct file_operations ppc_htab_operations = {
5670 llseek: ppc_htab_lseek,
5671 read: ppc_htab_read,
5672 write: ppc_htab_write,
5673 diff -urNp linux-2.4.37.7/arch/ppc/kernel/ptrace.c linux-2.4.37.7/arch/ppc/kernel/ptrace.c
5674 --- linux-2.4.37.7/arch/ppc/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
5675 +++ linux-2.4.37.7/arch/ppc/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
5677 #include <linux/errno.h>
5678 #include <linux/ptrace.h>
5679 #include <linux/user.h>
5680 +#include <linux/grsecurity.h>
5682 #include <asm/uaccess.h>
5683 #include <asm/page.h>
5684 @@ -195,6 +196,9 @@ int sys_ptrace(long request, long pid, l
5685 if (pid == 1) /* you may not mess with init */
5688 + if (gr_handle_ptrace(child, request))
5691 if (request == PTRACE_ATTACH) {
5692 ret = ptrace_attach(child);
5694 diff -urNp linux-2.4.37.7/arch/ppc/kernel/setup.c linux-2.4.37.7/arch/ppc/kernel/setup.c
5695 --- linux-2.4.37.7/arch/ppc/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
5696 +++ linux-2.4.37.7/arch/ppc/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
5697 @@ -238,7 +238,7 @@ static void c_stop(struct seq_file *m, v
5701 -struct seq_operations cpuinfo_op = {
5702 +const struct seq_operations cpuinfo_op = {
5706 diff -urNp linux-2.4.37.7/arch/ppc/mm/fault.c linux-2.4.37.7/arch/ppc/mm/fault.c
5707 --- linux-2.4.37.7/arch/ppc/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
5708 +++ linux-2.4.37.7/arch/ppc/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
5710 #include <linux/mman.h>
5711 #include <linux/mm.h>
5712 #include <linux/interrupt.h>
5713 +#include <linux/slab.h>
5714 +#include <linux/pagemap.h>
5715 +#include <linux/compiler.h>
5717 #include <asm/page.h>
5718 #include <asm/pgtable.h>
5719 @@ -52,6 +55,359 @@ extern void die_if_kernel(char *, struct
5720 void bad_page_fault(struct pt_regs *, unsigned long, int sig);
5721 void do_page_fault(struct pt_regs *, unsigned long, unsigned long);
5723 +#ifdef CONFIG_PAX_EMUSIGRT
5724 +void pax_syscall_close(struct vm_area_struct * vma)
5726 + vma->vm_mm->call_syscall = 0UL;
5729 +static struct page* pax_syscall_nopage(struct vm_area_struct *vma, unsigned long address, int write_access)
5731 + struct page* page;
5732 + unsigned int *kaddr;
5734 + page = alloc_page(GFP_HIGHUSER);
5738 + kaddr = kmap(page);
5739 + memset(kaddr, 0, PAGE_SIZE);
5740 + kaddr[0] = 0x44000002U; /* sc */
5741 + __flush_dcache_icache(kaddr);
5746 +static const struct vm_operations_struct pax_vm_ops = {
5747 + .close = pax_syscall_close,
5748 + .nopage = pax_syscall_nopage,
5751 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
5755 + memset(vma, 0, sizeof(*vma));
5756 + vma->vm_mm = current->mm;
5757 + vma->vm_start = addr;
5758 + vma->vm_end = addr + PAGE_SIZE;
5759 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
5760 + vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];
5761 + vma->vm_ops = &pax_vm_ops;
5763 + ret = insert_vm_struct(current->mm, vma);
5767 + ++current->mm->total_vm;
5772 +#ifdef CONFIG_PAX_PAGEEXEC
5774 + * PaX: decide what to do with offenders (regs->nip = fault address)
5776 + * returns 1 when task should be killed
5777 + * 2 when patched GOT trampoline was detected
5778 + * 3 when patched PLT trampoline was detected
5779 + * 4 when unpatched PLT trampoline was detected
5780 + * 5 when sigreturn trampoline was detected
5781 + * 6 when rt_sigreturn trampoline was detected
5783 +static int pax_handle_fetch_fault(struct pt_regs *regs)
5787 +#ifdef CONFIG_PAX_EMUPLT
5788 + do { /* PaX: patched GOT emulation */
5789 + unsigned int blrl;
5791 + err = get_user(blrl, (unsigned int*)regs->nip);
5793 + if (!err && blrl == 0x4E800021U) {
5794 + unsigned long temp = regs->nip;
5796 + regs->nip = regs->link & 0xFFFFFFFCUL;
5797 + regs->link = temp + 4UL;
5802 + do { /* PaX: patched PLT emulation #1 */
5805 + err = get_user(b, (unsigned int *)regs->nip);
5807 + if (!err && (b & 0xFC000003U) == 0x48000000U) {
5808 + regs->nip += (((b | 0xFC000000UL) ^ 0x02000000UL) + 0x02000000UL);
5813 + do { /* PaX: unpatched PLT emulation #1 */
5814 + unsigned int li, b;
5816 + err = get_user(li, (unsigned int *)regs->nip);
5817 + err |= get_user(b, (unsigned int *)(regs->nip+4));
5819 + if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) {
5820 + unsigned int rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr;
5821 + unsigned long addr = b | 0xFC000000UL;
5823 + addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL);
5824 + err = get_user(rlwinm, (unsigned int*)addr);
5825 + err |= get_user(add, (unsigned int*)(addr+4));
5826 + err |= get_user(li2, (unsigned int*)(addr+8));
5827 + err |= get_user(addis2, (unsigned int*)(addr+12));
5828 + err |= get_user(mtctr, (unsigned int*)(addr+16));
5829 + err |= get_user(li3, (unsigned int*)(addr+20));
5830 + err |= get_user(addis3, (unsigned int*)(addr+24));
5831 + err |= get_user(bctr, (unsigned int*)(addr+28));
5836 + if (rlwinm == 0x556C083CU &&
5837 + add == 0x7D6C5A14U &&
5838 + (li2 & 0xFFFF0000U) == 0x39800000U &&
5839 + (addis2 & 0xFFFF0000U) == 0x3D8C0000U &&
5840 + mtctr == 0x7D8903A6U &&
5841 + (li3 & 0xFFFF0000U) == 0x39800000U &&
5842 + (addis3 & 0xFFFF0000U) == 0x3D8C0000U &&
5843 + bctr == 0x4E800420U)
5845 + regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5846 + regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5847 + regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16;
5848 + regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5849 + regs->ctr += (addis2 & 0xFFFFU) << 16;
5850 + regs->nip = regs->ctr;
5857 + do { /* PaX: unpatched PLT emulation #2 */
5858 + unsigned int lis, lwzu, b, bctr;
5860 + err = get_user(lis, (unsigned int *)regs->nip);
5861 + err |= get_user(lwzu, (unsigned int *)(regs->nip+4));
5862 + err |= get_user(b, (unsigned int *)(regs->nip+8));
5863 + err |= get_user(bctr, (unsigned int *)(regs->nip+12));
5868 + if ((lis & 0xFFFF0000U) == 0x39600000U &&
5869 + (lwzu & 0xU) == 0xU &&
5870 + (b & 0xFC000003U) == 0x48000000U &&
5871 + bctr == 0x4E800420U)
5873 + unsigned int addis, addi, rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr;
5874 + unsigned long addr = b | 0xFC000000UL;
5876 + addr = regs->nip + 12 + ((addr ^ 0x02000000UL) + 0x02000000UL);
5877 + err = get_user(addis, (unsigned int*)addr);
5878 + err |= get_user(addi, (unsigned int*)(addr+4));
5879 + err |= get_user(rlwinm, (unsigned int*)(addr+8));
5880 + err |= get_user(add, (unsigned int*)(addr+12));
5881 + err |= get_user(li2, (unsigned int*)(addr+16));
5882 + err |= get_user(addis2, (unsigned int*)(addr+20));
5883 + err |= get_user(mtctr, (unsigned int*)(addr+24));
5884 + err |= get_user(li3, (unsigned int*)(addr+28));
5885 + err |= get_user(addis3, (unsigned int*)(addr+32));
5886 + err |= get_user(bctr, (unsigned int*)(addr+36));
5891 + if ((addis & 0xFFFF0000U) == 0x3D6B0000U &&
5892 + (addi & 0xFFFF0000U) == 0x396B0000U &&
5893 + rlwinm == 0x556C083CU &&
5894 + add == 0x7D6C5A14U &&
5895 + (li2 & 0xFFFF0000U) == 0x39800000U &&
5896 + (addis2 & 0xFFFF0000U) == 0x3D8C0000U &&
5897 + mtctr == 0x7D8903A6U &&
5898 + (li3 & 0xFFFF0000U) == 0x39800000U &&
5899 + (addis3 & 0xFFFF0000U) == 0x3D8C0000U &&
5900 + bctr == 0x4E800420U)
5902 + regs->gpr[PT_R11] =
5903 + regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5904 + regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5905 + regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16;
5906 + regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5907 + regs->ctr += (addis2 & 0xFFFFU) << 16;
5908 + regs->nip = regs->ctr;
5915 + do { /* PaX: unpatched PLT emulation #3 */
5916 + unsigned int li, b;
5918 + err = get_user(li, (unsigned int *)regs->nip);
5919 + err |= get_user(b, (unsigned int *)(regs->nip+4));
5921 + if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) {
5922 + unsigned int addis, lwz, mtctr, bctr;
5923 + unsigned long addr = b | 0xFC000000UL;
5925 + addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL);
5926 + err = get_user(addis, (unsigned int*)addr);
5927 + err |= get_user(lwz, (unsigned int*)(addr+4));
5928 + err |= get_user(mtctr, (unsigned int*)(addr+8));
5929 + err |= get_user(bctr, (unsigned int*)(addr+12));
5934 + if ((addis & 0xFFFF0000U) == 0x3D6B0000U &&
5935 + (lwz & 0xFFFF0000U) == 0x816B0000U &&
5936 + mtctr == 0x7D6903A6U &&
5937 + bctr == 0x4E800420U)
5941 + addr = (addis << 16) + (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5942 + addr += (((lwz | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
5944 + err = get_user(r11, (unsigned int*)addr);
5948 + regs->gpr[PT_R11] = r11;
5957 +#ifdef CONFIG_PAX_EMUSIGRT
5958 + do { /* PaX: sigreturn emulation */
5959 + unsigned int li, sc;
5961 + err = get_user(li, (unsigned int *)regs->nip);
5962 + err |= get_user(sc, (unsigned int *)(regs->nip+4));
5964 + if (!err && li == 0x38007777U && sc == 0x44000002U) {
5965 + struct vm_area_struct *vma;
5966 + unsigned long call_syscall;
5968 + down_read(¤t->mm->mmap_sem);
5969 + call_syscall = current->mm->call_syscall;
5970 + up_read(¤t->mm->mmap_sem);
5971 + if (likely(call_syscall))
5974 + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
5976 + down_write(¤t->mm->mmap_sem);
5977 + if (current->mm->call_syscall) {
5978 + call_syscall = current->mm->call_syscall;
5979 + up_write(¤t->mm->mmap_sem);
5980 + if (vma) kmem_cache_free(vm_area_cachep, vma);
5984 + call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
5985 + if (!vma || (call_syscall & ~PAGE_MASK)) {
5986 + up_write(¤t->mm->mmap_sem);
5987 + if (vma) kmem_cache_free(vm_area_cachep, vma);
5991 + if (pax_insert_vma(vma, call_syscall)) {
5992 + up_write(¤t->mm->mmap_sem);
5993 + kmem_cache_free(vm_area_cachep, vma);
5997 + current->mm->call_syscall = call_syscall;
5998 + up_write(¤t->mm->mmap_sem);
6001 + regs->gpr[PT_R0] = 0x7777UL;
6002 + regs->nip = call_syscall;
6007 + do { /* PaX: rt_sigreturn emulation */
6008 + unsigned int li, sc;
6010 + err = get_user(li, (unsigned int *)regs->nip);
6011 + err |= get_user(sc, (unsigned int *)(regs->nip+4));
6013 + if (!err && li == 0x38006666U && sc == 0x44000002U) {
6014 + struct vm_area_struct *vma;
6015 + unsigned int call_syscall;
6017 + down_read(¤t->mm->mmap_sem);
6018 + call_syscall = current->mm->call_syscall;
6019 + up_read(¤t->mm->mmap_sem);
6020 + if (likely(call_syscall))
6023 + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
6025 + down_write(¤t->mm->mmap_sem);
6026 + if (current->mm->call_syscall) {
6027 + call_syscall = current->mm->call_syscall;
6028 + up_write(¤t->mm->mmap_sem);
6029 + if (vma) kmem_cache_free(vm_area_cachep, vma);
6033 + call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
6034 + if (!vma || (call_syscall & ~PAGE_MASK)) {
6035 + up_write(¤t->mm->mmap_sem);
6036 + if (vma) kmem_cache_free(vm_area_cachep, vma);
6040 + if (pax_insert_vma(vma, call_syscall)) {
6041 + up_write(¤t->mm->mmap_sem);
6042 + kmem_cache_free(vm_area_cachep, vma);
6046 + current->mm->call_syscall = call_syscall;
6047 + up_write(¤t->mm->mmap_sem);
6050 + regs->gpr[PT_R0] = 0x6666UL;
6051 + regs->nip = call_syscall;
6060 +void pax_report_insns(void *pc, void *sp)
6064 + printk(KERN_ERR "PAX: bytes at PC: ");
6065 + for (i = 0; i < 5; i++) {
6067 + if (get_user(c, (unsigned int*)pc+i))
6068 + printk("???????? ");
6070 + printk("%08x ", c);
6077 * Check whether the instruction at regs->nip is a store using
6078 * an update addressing form which will update r1.
6079 @@ -112,7 +468,7 @@ void do_page_fault(struct pt_regs *regs,
6080 * indicate errors in DSISR but can validly be set in SRR1.
6082 if (regs->trap == 0x400)
6083 - error_code &= 0x48200000;
6084 + error_code &= 0x58200000;
6086 is_write = error_code & 0x02000000;
6087 #endif /* CONFIG_4xx || CONFIG_BOOKE */
6088 @@ -245,6 +601,33 @@ bad_area:
6090 /* User mode accesses cause a SIGSEGV */
6091 if (user_mode(regs)) {
6093 +#ifdef CONFIG_PAX_PAGEEXEC
6094 + if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
6095 + if ((regs->trap == 0x400) && (regs->nip == address)) {
6096 + switch (pax_handle_fetch_fault(regs)) {
6098 +#ifdef CONFIG_PAX_EMUPLT
6105 +#ifdef CONFIG_PAX_EMUSIGRT
6113 + pax_report_fault(regs, (void*)regs->nip, (void*)regs->gpr[1]);
6119 info.si_signo = SIGSEGV;
6121 info.si_code = code;
6122 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/ioctl32.c linux-2.4.37.7/arch/ppc64/kernel/ioctl32.c
6123 --- linux-2.4.37.7/arch/ppc64/kernel/ioctl32.c 2009-11-07 11:52:20.000000000 -0500
6124 +++ linux-2.4.37.7/arch/ppc64/kernel/ioctl32.c 2009-11-10 19:30:27.000000000 -0500
6125 @@ -1827,7 +1827,11 @@ static int vt_check(struct file *file)
6126 * To have permissions to do most of the vt ioctls, we either have
6127 * to be the owner of the tty, or super-user.
6129 +#ifdef CONFIG_GRKERNSEC
6130 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
6132 if (current->tty == tty || suser())
6137 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/lparcfg.c linux-2.4.37.7/arch/ppc64/kernel/lparcfg.c
6138 --- linux-2.4.37.7/arch/ppc64/kernel/lparcfg.c 2009-11-07 11:52:20.000000000 -0500
6139 +++ linux-2.4.37.7/arch/ppc64/kernel/lparcfg.c 2009-11-10 19:30:27.000000000 -0500
6140 @@ -432,7 +432,7 @@ static int lparcfg_open(struct inode * i
6144 -struct file_operations lparcfg_fops = {
6145 +const struct file_operations lparcfg_fops = {
6149 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/nvram.c linux-2.4.37.7/arch/ppc64/kernel/nvram.c
6150 --- linux-2.4.37.7/arch/ppc64/kernel/nvram.c 2009-11-07 11:52:20.000000000 -0500
6151 +++ linux-2.4.37.7/arch/ppc64/kernel/nvram.c 2009-11-10 19:30:27.000000000 -0500
6152 @@ -149,7 +149,7 @@ static int dev_ppc64_nvram_ioctl(struct
6156 -struct file_operations nvram_fops = {
6157 +const struct file_operations nvram_fops = {
6158 .owner = THIS_MODULE,
6159 .llseek = dev_ppc64_nvram_llseek,
6160 .read = dev_ppc64_read_nvram,
6161 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/proc_pmc.c linux-2.4.37.7/arch/ppc64/kernel/proc_pmc.c
6162 --- linux-2.4.37.7/arch/ppc64/kernel/proc_pmc.c 2009-11-07 11:52:20.000000000 -0500
6163 +++ linux-2.4.37.7/arch/ppc64/kernel/proc_pmc.c 2009-11-10 19:30:27.000000000 -0500
6164 @@ -100,7 +100,7 @@ static loff_t nacamap_seek( struct file
6165 static ssize_t nacamap_read( struct file *file, char *buf, size_t nbytes, loff_t *ppos);
6166 static int nacamap_mmap( struct file *file, struct vm_area_struct *vma );
6168 -static struct file_operations nacamap_fops = {
6169 +static const struct file_operations nacamap_fops = {
6170 llseek: nacamap_seek,
6173 @@ -116,17 +116,17 @@ static ssize_t read_timeslice(struct fil
6174 static ssize_t write_timeslice(struct file * file, const char * buf,
6175 size_t count, loff_t *ppos);
6177 -static struct file_operations proc_profile_operations = {
6178 +static const struct file_operations proc_profile_operations = {
6180 write: write_profile,
6183 -static struct file_operations proc_trace_operations = {
6184 +static const struct file_operations proc_trace_operations = {
6189 -static struct file_operations proc_timeslice_operations = {
6190 +static const struct file_operations proc_timeslice_operations = {
6191 read: read_timeslice,
6192 write: write_timeslice,
6194 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/rtasd.c linux-2.4.37.7/arch/ppc64/kernel/rtasd.c
6195 --- linux-2.4.37.7/arch/ppc64/kernel/rtasd.c 2009-11-07 11:52:20.000000000 -0500
6196 +++ linux-2.4.37.7/arch/ppc64/kernel/rtasd.c 2009-11-10 19:30:27.000000000 -0500
6197 @@ -276,7 +276,7 @@ static unsigned int rtas_log_poll(struct
6201 -struct file_operations proc_rtas_log_operations = {
6202 +const struct file_operations proc_rtas_log_operations = {
6203 .read = rtas_log_read,
6204 .poll = rtas_log_poll,
6205 .open = rtas_log_open,
6206 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/rtas_flash.c linux-2.4.37.7/arch/ppc64/kernel/rtas_flash.c
6207 --- linux-2.4.37.7/arch/ppc64/kernel/rtas_flash.c 2009-11-07 11:52:20.000000000 -0500
6208 +++ linux-2.4.37.7/arch/ppc64/kernel/rtas_flash.c 2009-11-10 19:30:27.000000000 -0500
6209 @@ -618,21 +618,21 @@ static inline struct proc_dir_entry * cr
6213 -static struct file_operations rtas_flash_operations = {
6214 +static const struct file_operations rtas_flash_operations = {
6215 read: rtas_flash_read,
6216 write: rtas_flash_write,
6217 open: rtas_excl_open,
6218 release: rtas_flash_release,
6221 -static struct file_operations manage_flash_operations = {
6222 +static const struct file_operations manage_flash_operations = {
6223 read: manage_flash_read,
6224 write: manage_flash_write,
6225 open: rtas_excl_open,
6226 release: rtas_excl_release,
6229 -static struct file_operations validate_flash_operations = {
6230 +static const struct file_operations validate_flash_operations = {
6231 read: validate_flash_read,
6232 write: validate_flash_write,
6233 open: rtas_excl_open,
6234 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/rtas-proc.c linux-2.4.37.7/arch/ppc64/kernel/rtas-proc.c
6235 --- linux-2.4.37.7/arch/ppc64/kernel/rtas-proc.c 2009-11-07 11:52:20.000000000 -0500
6236 +++ linux-2.4.37.7/arch/ppc64/kernel/rtas-proc.c 2009-11-10 19:30:27.000000000 -0500
6237 @@ -176,30 +176,30 @@ static ssize_t ppc_rtas_errinjct_write(s
6238 static ssize_t ppc_rtas_errinjct_read(struct file *file, char *buf,
6239 size_t count, loff_t *ppos);
6241 -struct file_operations ppc_rtas_poweron_operations = {
6242 +const struct file_operations ppc_rtas_poweron_operations = {
6243 .read = ppc_rtas_poweron_read,
6244 .write = ppc_rtas_poweron_write
6246 -struct file_operations ppc_rtas_progress_operations = {
6247 +const struct file_operations ppc_rtas_progress_operations = {
6248 .read = ppc_rtas_progress_read,
6249 .write = ppc_rtas_progress_write
6252 -struct file_operations ppc_rtas_clock_operations = {
6253 +const struct file_operations ppc_rtas_clock_operations = {
6254 .read = ppc_rtas_clock_read,
6255 .write = ppc_rtas_clock_write
6258 -struct file_operations ppc_rtas_tone_freq_operations = {
6259 +const struct file_operations ppc_rtas_tone_freq_operations = {
6260 .read = ppc_rtas_tone_freq_read,
6261 .write = ppc_rtas_tone_freq_write
6263 -struct file_operations ppc_rtas_tone_volume_operations = {
6264 +const struct file_operations ppc_rtas_tone_volume_operations = {
6265 .read = ppc_rtas_tone_volume_read,
6266 .write = ppc_rtas_tone_volume_write
6269 -struct file_operations ppc_rtas_errinjct_operations = {
6270 +const struct file_operations ppc_rtas_errinjct_operations = {
6271 .open = ppc_rtas_errinjct_open,
6272 .read = ppc_rtas_errinjct_read,
6273 .write = ppc_rtas_errinjct_write,
6274 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/rtc.c linux-2.4.37.7/arch/ppc64/kernel/rtc.c
6275 --- linux-2.4.37.7/arch/ppc64/kernel/rtc.c 2009-11-07 11:52:20.000000000 -0500
6276 +++ linux-2.4.37.7/arch/ppc64/kernel/rtc.c 2009-11-10 19:30:27.000000000 -0500
6277 @@ -179,7 +179,7 @@ static int rtc_release(struct inode *ino
6279 * The various file operations we support.
6281 -static struct file_operations rtc_fops = {
6282 +static const struct file_operations rtc_fops = {
6283 .owner = THIS_MODULE,
6284 .llseek = rtc_llseek,
6286 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/scanlog.c linux-2.4.37.7/arch/ppc64/kernel/scanlog.c
6287 --- linux-2.4.37.7/arch/ppc64/kernel/scanlog.c 2009-11-07 11:52:20.000000000 -0500
6288 +++ linux-2.4.37.7/arch/ppc64/kernel/scanlog.c 2009-11-10 19:30:27.000000000 -0500
6289 @@ -190,7 +190,7 @@ static int scanlog_release(struct inode
6293 -struct file_operations scanlog_fops = {
6294 +const struct file_operations scanlog_fops = {
6297 write: scanlog_write,
6298 diff -urNp linux-2.4.37.7/arch/ppc64/kernel/setup.c linux-2.4.37.7/arch/ppc64/kernel/setup.c
6299 --- linux-2.4.37.7/arch/ppc64/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6300 +++ linux-2.4.37.7/arch/ppc64/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6301 @@ -306,7 +306,7 @@ static void *c_next(struct seq_file *m,
6302 static void c_stop(struct seq_file *m, void *v)
6305 -struct seq_operations cpuinfo_op = {
6306 +const struct seq_operations cpuinfo_op = {
6310 diff -urNp linux-2.4.37.7/arch/s390/config.in linux-2.4.37.7/arch/s390/config.in
6311 --- linux-2.4.37.7/arch/s390/config.in 2009-11-07 11:52:20.000000000 -0500
6312 +++ linux-2.4.37.7/arch/s390/config.in 2009-11-10 19:30:27.000000000 -0500
6313 @@ -87,3 +87,11 @@ endmenu
6315 source crypto/Config.in
6316 source lib/Config.in
6318 +mainmenu_option next_comment
6319 +comment 'Grsecurity'
6320 +bool 'Grsecurity' CONFIG_GRKERNSEC
6321 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
6322 + source grsecurity/Config.in
6325 diff -urNp linux-2.4.37.7/arch/s390/kernel/debug.c linux-2.4.37.7/arch/s390/kernel/debug.c
6326 --- linux-2.4.37.7/arch/s390/kernel/debug.c 2009-11-07 11:52:20.000000000 -0500
6327 +++ linux-2.4.37.7/arch/s390/kernel/debug.c 2009-11-10 19:30:27.000000000 -0500
6328 @@ -159,14 +159,14 @@ DECLARE_MUTEX(debug_lock);
6330 static int initialized = 0;
6332 -static struct file_operations debug_file_ops = {
6333 +static const struct file_operations debug_file_ops = {
6337 release: debug_close,
6340 -static struct inode_operations debug_inode_ops = {
6341 +static const struct inode_operations debug_inode_ops = {
6342 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,3,98))
6343 default_file_ops: &debug_file_ops, /* file ops */
6345 diff -urNp linux-2.4.37.7/arch/s390/kernel/setup.c linux-2.4.37.7/arch/s390/kernel/setup.c
6346 --- linux-2.4.37.7/arch/s390/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6347 +++ linux-2.4.37.7/arch/s390/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6348 @@ -686,7 +686,7 @@ static void *c_next(struct seq_file *m,
6349 static void c_stop(struct seq_file *m, void *v)
6352 -struct seq_operations cpuinfo_op = {
6353 +const struct seq_operations cpuinfo_op = {
6357 diff -urNp linux-2.4.37.7/arch/s390x/config.in linux-2.4.37.7/arch/s390x/config.in
6358 --- linux-2.4.37.7/arch/s390x/config.in 2009-11-07 11:52:20.000000000 -0500
6359 +++ linux-2.4.37.7/arch/s390x/config.in 2009-11-10 19:30:27.000000000 -0500
6360 @@ -91,3 +91,11 @@ endmenu
6362 source crypto/Config.in
6363 source lib/Config.in
6365 +mainmenu_option next_comment
6366 +comment 'Grsecurity'
6367 +bool 'Grsecurity' CONFIG_GRKERNSEC
6368 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
6369 + source grsecurity/Config.in
6372 diff -urNp linux-2.4.37.7/arch/s390x/kernel/debug.c linux-2.4.37.7/arch/s390x/kernel/debug.c
6373 --- linux-2.4.37.7/arch/s390x/kernel/debug.c 2009-11-07 11:52:20.000000000 -0500
6374 +++ linux-2.4.37.7/arch/s390x/kernel/debug.c 2009-11-10 19:30:27.000000000 -0500
6375 @@ -159,14 +159,14 @@ DECLARE_MUTEX(debug_lock);
6377 static int initialized = 0;
6379 -static struct file_operations debug_file_ops = {
6380 +static const struct file_operations debug_file_ops = {
6384 release: debug_close,
6387 -static struct inode_operations debug_inode_ops = {
6388 +static const struct inode_operations debug_inode_ops = {
6389 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,3,98))
6390 default_file_ops: &debug_file_ops, /* file ops */
6392 diff -urNp linux-2.4.37.7/arch/s390x/kernel/setup.c linux-2.4.37.7/arch/s390x/kernel/setup.c
6393 --- linux-2.4.37.7/arch/s390x/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6394 +++ linux-2.4.37.7/arch/s390x/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6395 @@ -545,7 +545,7 @@ static void *c_next(struct seq_file *m,
6396 static void c_stop(struct seq_file *m, void *v)
6399 -struct seq_operations cpuinfo_op = {
6400 +const struct seq_operations cpuinfo_op = {
6404 diff -urNp linux-2.4.37.7/arch/sh/config.in linux-2.4.37.7/arch/sh/config.in
6405 --- linux-2.4.37.7/arch/sh/config.in 2009-11-07 11:52:20.000000000 -0500
6406 +++ linux-2.4.37.7/arch/sh/config.in 2009-11-10 19:30:27.000000000 -0500
6407 @@ -493,3 +493,11 @@ endmenu
6409 source crypto/Config.in
6410 source lib/Config.in
6412 +mainmenu_option next_comment
6413 +comment 'Grsecurity'
6414 +bool 'Grsecurity' CONFIG_GRKERNSEC
6415 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
6416 + source grsecurity/Config.in
6419 diff -urNp linux-2.4.37.7/arch/sh/kernel/setup.c linux-2.4.37.7/arch/sh/kernel/setup.c
6420 --- linux-2.4.37.7/arch/sh/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6421 +++ linux-2.4.37.7/arch/sh/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6422 @@ -566,7 +566,7 @@ static void *c_next(struct seq_file *m,
6423 static void c_stop(struct seq_file *m, void *v)
6426 -struct seq_operations cpuinfo_op = {
6427 +const struct seq_operations cpuinfo_op = {
6431 diff -urNp linux-2.4.37.7/arch/sh64/kernel/setup.c linux-2.4.37.7/arch/sh64/kernel/setup.c
6432 --- linux-2.4.37.7/arch/sh64/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6433 +++ linux-2.4.37.7/arch/sh64/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6434 @@ -353,7 +353,7 @@ static void *c_next(struct seq_file *m,
6435 static void c_stop(struct seq_file *m, void *v)
6438 -struct seq_operations cpuinfo_op = {
6439 +const struct seq_operations cpuinfo_op = {
6443 diff -urNp linux-2.4.37.7/arch/sparc/boot/Makefile linux-2.4.37.7/arch/sparc/boot/Makefile
6444 --- linux-2.4.37.7/arch/sparc/boot/Makefile 2009-11-07 11:52:20.000000000 -0500
6445 +++ linux-2.4.37.7/arch/sparc/boot/Makefile 2009-11-10 19:30:27.000000000 -0500
6446 @@ -24,7 +24,7 @@ clean:
6448 BTOBJS := $(HEAD) init/main.o init/version.o init/do_mounts.o
6449 BTLIBS := $(CORE_FILES_NO_BTFIX) $(FILESYSTEMS) \
6450 - $(DRIVERS) $(NETWORKS)
6451 + $(DRIVERS) $(NETWORKS) $(GRSECURITY)
6453 GENFILES := include/linux/version.h include/linux/compile.h $(foreach dirname, $(CORE_FILES_NO_BTFIX), _dir_$(dir $(dirname)))
6454 .PHONY : $(GENFILES)
6455 diff -urNp linux-2.4.37.7/arch/sparc/config.in linux-2.4.37.7/arch/sparc/config.in
6456 --- linux-2.4.37.7/arch/sparc/config.in 2009-11-07 11:52:20.000000000 -0500
6457 +++ linux-2.4.37.7/arch/sparc/config.in 2009-11-10 19:30:27.000000000 -0500
6458 @@ -282,3 +282,11 @@ endmenu
6460 source crypto/Config.in
6461 source lib/Config.in
6463 +mainmenu_option next_comment
6464 +comment 'Grsecurity'
6465 +bool 'Grsecurity' CONFIG_GRKERNSEC
6466 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
6467 + source grsecurity/Config.in
6470 diff -urNp linux-2.4.37.7/arch/sparc/kernel/apc.c linux-2.4.37.7/arch/sparc/kernel/apc.c
6471 --- linux-2.4.37.7/arch/sparc/kernel/apc.c 2009-11-07 11:52:20.000000000 -0500
6472 +++ linux-2.4.37.7/arch/sparc/kernel/apc.c 2009-11-10 19:30:27.000000000 -0500
6473 @@ -130,7 +130,7 @@ static int apc_ioctl(struct inode *inode
6477 -static struct file_operations apc_fops = {
6478 +static const struct file_operations apc_fops = {
6481 release: apc_release,
6482 diff -urNp linux-2.4.37.7/arch/sparc/kernel/ptrace.c linux-2.4.37.7/arch/sparc/kernel/ptrace.c
6483 --- linux-2.4.37.7/arch/sparc/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
6484 +++ linux-2.4.37.7/arch/sparc/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
6486 #include <linux/user.h>
6487 #include <linux/smp.h>
6488 #include <linux/smp_lock.h>
6489 +#include <linux/grsecurity.h>
6491 #include <asm/pgtable.h>
6492 #include <asm/system.h>
6493 @@ -310,6 +311,9 @@ asmlinkage void do_ptrace(struct pt_regs
6497 + if(gr_handle_ptrace(child, request))
6500 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
6501 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
6502 if (ptrace_attach(child)) {
6503 diff -urNp linux-2.4.37.7/arch/sparc/kernel/setup.c linux-2.4.37.7/arch/sparc/kernel/setup.c
6504 --- linux-2.4.37.7/arch/sparc/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6505 +++ linux-2.4.37.7/arch/sparc/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6506 @@ -516,7 +516,7 @@ static void c_stop(struct seq_file *m, v
6510 -struct seq_operations cpuinfo_op = {
6511 +const struct seq_operations cpuinfo_op = {
6515 diff -urNp linux-2.4.37.7/arch/sparc/kernel/sys_sparc.c linux-2.4.37.7/arch/sparc/kernel/sys_sparc.c
6516 --- linux-2.4.37.7/arch/sparc/kernel/sys_sparc.c 2009-11-07 11:52:20.000000000 -0500
6517 +++ linux-2.4.37.7/arch/sparc/kernel/sys_sparc.c 2009-11-10 19:30:27.000000000 -0500
6518 @@ -54,6 +54,13 @@ unsigned long arch_get_unmapped_area(str
6520 if (ARCH_SUN4C_SUN4 && len > 0x20000000)
6523 +#ifdef CONFIG_PAX_RANDMMAP
6524 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
6525 + addr = TASK_UNMAPPED_BASE + current->mm->delta_mmap;
6530 addr = TASK_UNMAPPED_BASE;
6532 diff -urNp linux-2.4.37.7/arch/sparc/mm/fault.c linux-2.4.37.7/arch/sparc/mm/fault.c
6533 --- linux-2.4.37.7/arch/sparc/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
6534 +++ linux-2.4.37.7/arch/sparc/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
6536 #include <linux/smp.h>
6537 #include <linux/smp_lock.h>
6538 #include <linux/interrupt.h>
6539 +#include <linux/slab.h>
6540 +#include <linux/pagemap.h>
6541 +#include <linux/compiler.h>
6543 #include <asm/system.h>
6544 #include <asm/segment.h>
6545 @@ -219,6 +222,248 @@ static unsigned long compute_si_addr(str
6546 return safe_compute_effective_address(regs, insn);
6549 +#ifdef CONFIG_PAX_PAGEEXEC
6550 +void pax_emuplt_close(struct vm_area_struct * vma)
6552 + vma->vm_mm->call_dl_resolve = 0UL;
6555 +static struct page* pax_emuplt_nopage(struct vm_area_struct *vma, unsigned long address, int write_access)
6557 + struct page* page;
6558 + unsigned int *kaddr;
6560 + page = alloc_page(GFP_HIGHUSER);
6564 + kaddr = kmap(page);
6565 + memset(kaddr, 0, PAGE_SIZE);
6566 + kaddr[0] = 0x9DE3BFA8U; /* save */
6567 + flush_dcache_page(page);
6572 +static const struct vm_operations_struct pax_vm_ops = {
6573 + .close = pax_emuplt_close,
6574 + .nopage = pax_emuplt_nopage,
6577 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
6581 + memset(vma, 0, sizeof(*vma));
6582 + vma->vm_mm = current->mm;
6583 + vma->vm_start = addr;
6584 + vma->vm_end = addr + PAGE_SIZE;
6585 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
6586 + vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];
6587 + vma->vm_ops = &pax_vm_ops;
6589 + ret = insert_vm_struct(current->mm, vma);
6593 + ++current->mm->total_vm;
6598 + * PaX: decide what to do with offenders (regs->pc = fault address)
6600 + * returns 1 when task should be killed
6601 + * 2 when patched PLT trampoline was detected
6602 + * 3 when unpatched PLT trampoline was detected
6604 +static int pax_handle_fetch_fault(struct pt_regs *regs)
6608 +#ifdef CONFIG_PAX_EMUPLT
6609 + do { /* PaX: patched PLT emulation #1 */
6610 + unsigned int sethi1, sethi2, jmpl;
6612 + err = get_user(sethi1, (unsigned int*)regs->pc);
6613 + err |= get_user(sethi2, (unsigned int*)(regs->pc+4));
6614 + err |= get_user(jmpl, (unsigned int*)(regs->pc+8));
6619 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
6620 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
6621 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
6623 + unsigned int addr;
6625 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
6626 + addr = regs->u_regs[UREG_G1];
6627 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
6629 + regs->npc = addr+4;
6634 + { /* PaX: patched PLT emulation #2 */
6637 + err = get_user(ba, (unsigned int*)regs->pc);
6639 + if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
6640 + unsigned int addr;
6642 + addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
6644 + regs->npc = addr+4;
6649 + do { /* PaX: patched PLT emulation #3 */
6650 + unsigned int sethi, jmpl, nop;
6652 + err = get_user(sethi, (unsigned int*)regs->pc);
6653 + err |= get_user(jmpl, (unsigned int*)(regs->pc+4));
6654 + err |= get_user(nop, (unsigned int*)(regs->pc+8));
6659 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
6660 + (jmpl & 0xFFFFE000U) == 0x81C06000U &&
6661 + nop == 0x01000000U)
6663 + unsigned int addr;
6665 + addr = (sethi & 0x003FFFFFU) << 10;
6666 + regs->u_regs[UREG_G1] = addr;
6667 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
6669 + regs->npc = addr+4;
6674 + do { /* PaX: unpatched PLT emulation step 1 */
6675 + unsigned int sethi, ba, nop;
6677 + err = get_user(sethi, (unsigned int*)regs->pc);
6678 + err |= get_user(ba, (unsigned int*)(regs->pc+4));
6679 + err |= get_user(nop, (unsigned int*)(regs->pc+8));
6684 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
6685 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
6686 + nop == 0x01000000U)
6688 + unsigned int addr, save, call;
6690 + if ((ba & 0xFFC00000U) == 0x30800000U)
6691 + addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
6693 + addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
6695 + err = get_user(save, (unsigned int*)addr);
6696 + err |= get_user(call, (unsigned int*)(addr+4));
6697 + err |= get_user(nop, (unsigned int*)(addr+8));
6701 + if (save == 0x9DE3BFA8U &&
6702 + (call & 0xC0000000U) == 0x40000000U &&
6703 + nop == 0x01000000U)
6705 + struct vm_area_struct *vma;
6706 + unsigned long call_dl_resolve;
6708 + down_read(¤t->mm->mmap_sem);
6709 + call_dl_resolve = current->mm->call_dl_resolve;
6710 + up_read(¤t->mm->mmap_sem);
6711 + if (likely(call_dl_resolve))
6714 + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
6716 + down_write(¤t->mm->mmap_sem);
6717 + if (current->mm->call_dl_resolve) {
6718 + call_dl_resolve = current->mm->call_dl_resolve;
6719 + up_write(¤t->mm->mmap_sem);
6720 + if (vma) kmem_cache_free(vm_area_cachep, vma);
6724 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
6725 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
6726 + up_write(¤t->mm->mmap_sem);
6727 + if (vma) kmem_cache_free(vm_area_cachep, vma);
6731 + if (pax_insert_vma(vma, call_dl_resolve)) {
6732 + up_write(¤t->mm->mmap_sem);
6733 + kmem_cache_free(vm_area_cachep, vma);
6737 + current->mm->call_dl_resolve = call_dl_resolve;
6738 + up_write(¤t->mm->mmap_sem);
6741 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
6742 + regs->pc = call_dl_resolve;
6743 + regs->npc = addr+4;
6749 + do { /* PaX: unpatched PLT emulation step 2 */
6750 + unsigned int save, call, nop;
6752 + err = get_user(save, (unsigned int*)(regs->pc-4));
6753 + err |= get_user(call, (unsigned int*)regs->pc);
6754 + err |= get_user(nop, (unsigned int*)(regs->pc+4));
6758 + if (save == 0x9DE3BFA8U &&
6759 + (call & 0xC0000000U) == 0x40000000U &&
6760 + nop == 0x01000000U)
6762 + unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
6764 + regs->u_regs[UREG_RETPC] = regs->pc;
6765 + regs->pc = dl_resolve;
6766 + regs->npc = dl_resolve+4;
6775 +void pax_report_insns(void *pc, void *sp)
6779 + printk(KERN_ERR "PAX: bytes at PC: ");
6780 + for (i = 0; i < 5; i++) {
6782 + if (get_user(c, (unsigned int*)pc+i))
6783 + printk("???????? ");
6785 + printk("%08x ", c);
6791 asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
6792 unsigned long address)
6794 @@ -282,6 +527,24 @@ good_area:
6795 if(!(vma->vm_flags & VM_WRITE))
6799 +#ifdef CONFIG_PAX_PAGEEXEC
6800 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
6801 + up_read(&mm->mmap_sem);
6802 + switch (pax_handle_fetch_fault(regs)) {
6804 +#ifdef CONFIG_PAX_EMUPLT
6811 + pax_report_fault(regs, (void*)regs->pc, (void*)regs->u_regs[UREG_FP]);
6816 /* Allow reads even for write-only mappings */
6817 if(!(vma->vm_flags & (VM_READ | VM_EXEC)))
6819 diff -urNp linux-2.4.37.7/arch/sparc/mm/init.c linux-2.4.37.7/arch/sparc/mm/init.c
6820 --- linux-2.4.37.7/arch/sparc/mm/init.c 2009-11-07 11:52:20.000000000 -0500
6821 +++ linux-2.4.37.7/arch/sparc/mm/init.c 2009-11-10 19:30:27.000000000 -0500
6822 @@ -350,17 +350,17 @@ void __init paging_init(void)
6824 /* Initialize the protection map with non-constant, MMU dependent values. */
6825 protection_map[0] = PAGE_NONE;
6826 - protection_map[1] = PAGE_READONLY;
6827 - protection_map[2] = PAGE_COPY;
6828 - protection_map[3] = PAGE_COPY;
6829 + protection_map[1] = PAGE_READONLY_NOEXEC;
6830 + protection_map[2] = PAGE_COPY_NOEXEC;
6831 + protection_map[3] = PAGE_COPY_NOEXEC;
6832 protection_map[4] = PAGE_READONLY;
6833 protection_map[5] = PAGE_READONLY;
6834 protection_map[6] = PAGE_COPY;
6835 protection_map[7] = PAGE_COPY;
6836 protection_map[8] = PAGE_NONE;
6837 - protection_map[9] = PAGE_READONLY;
6838 - protection_map[10] = PAGE_SHARED;
6839 - protection_map[11] = PAGE_SHARED;
6840 + protection_map[9] = PAGE_READONLY_NOEXEC;
6841 + protection_map[10] = PAGE_SHARED_NOEXEC;
6842 + protection_map[11] = PAGE_SHARED_NOEXEC;
6843 protection_map[12] = PAGE_READONLY;
6844 protection_map[13] = PAGE_READONLY;
6845 protection_map[14] = PAGE_SHARED;
6846 diff -urNp linux-2.4.37.7/arch/sparc/mm/srmmu.c linux-2.4.37.7/arch/sparc/mm/srmmu.c
6847 --- linux-2.4.37.7/arch/sparc/mm/srmmu.c 2009-11-07 11:52:20.000000000 -0500
6848 +++ linux-2.4.37.7/arch/sparc/mm/srmmu.c 2009-11-10 19:30:27.000000000 -0500
6849 @@ -2047,6 +2047,13 @@ void __init ld_mmu_srmmu(void)
6850 BTFIXUPSET_INT(page_shared, pgprot_val(SRMMU_PAGE_SHARED));
6851 BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY));
6852 BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY));
6854 +#ifdef CONFIG_PAX_PAGEEXEC
6855 + BTFIXUPSET_INT(page_shared_noexec, pgprot_val(SRMMU_PAGE_SHARED_NOEXEC));
6856 + BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC));
6857 + BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC));
6860 BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL));
6861 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL);
6862 pg_iobits = SRMMU_VALID | SRMMU_WRITE | SRMMU_REF;
6863 diff -urNp linux-2.4.37.7/arch/sparc64/config.in linux-2.4.37.7/arch/sparc64/config.in
6864 --- linux-2.4.37.7/arch/sparc64/config.in 2009-11-07 11:52:20.000000000 -0500
6865 +++ linux-2.4.37.7/arch/sparc64/config.in 2009-11-10 19:30:27.000000000 -0500
6866 @@ -320,3 +320,11 @@ endmenu
6868 source crypto/Config.in
6869 source lib/Config.in
6871 +mainmenu_option next_comment
6872 +comment 'Grsecurity'
6873 +bool 'Grsecurity' CONFIG_GRKERNSEC
6874 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
6875 + source grsecurity/Config.in
6878 diff -urNp linux-2.4.37.7/arch/sparc64/kernel/ioctl32.c linux-2.4.37.7/arch/sparc64/kernel/ioctl32.c
6879 --- linux-2.4.37.7/arch/sparc64/kernel/ioctl32.c 2009-11-07 11:52:20.000000000 -0500
6880 +++ linux-2.4.37.7/arch/sparc64/kernel/ioctl32.c 2009-11-10 19:30:27.000000000 -0500
6881 @@ -2053,7 +2053,11 @@ static int vt_check(struct file *file)
6882 * To have permissions to do most of the vt ioctls, we either have
6883 * to be the owner of the tty, or super-user.
6885 +#ifdef CONFIG_GRKERNSEC
6886 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
6888 if (current->tty == tty || suser())
6893 diff -urNp linux-2.4.37.7/arch/sparc64/kernel/ptrace.c linux-2.4.37.7/arch/sparc64/kernel/ptrace.c
6894 --- linux-2.4.37.7/arch/sparc64/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
6895 +++ linux-2.4.37.7/arch/sparc64/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
6897 #include <linux/user.h>
6898 #include <linux/smp.h>
6899 #include <linux/smp_lock.h>
6900 +#include <linux/grsecurity.h>
6902 #include <asm/asi.h>
6903 #include <asm/pgtable.h>
6904 @@ -161,6 +162,11 @@ asmlinkage void do_ptrace(struct pt_regs
6908 + if (gr_handle_ptrace(child, (long)request)) {
6909 + pt_error_return(regs, EPERM);
6913 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
6914 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
6915 if (ptrace_attach(child)) {
6916 diff -urNp linux-2.4.37.7/arch/sparc64/kernel/setup.c linux-2.4.37.7/arch/sparc64/kernel/setup.c
6917 --- linux-2.4.37.7/arch/sparc64/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
6918 +++ linux-2.4.37.7/arch/sparc64/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
6919 @@ -690,7 +690,7 @@ static void c_stop(struct seq_file *m, v
6923 -struct seq_operations cpuinfo_op = {
6924 +const struct seq_operations cpuinfo_op = {
6928 diff -urNp linux-2.4.37.7/arch/sparc64/kernel/sys_sparc32.c linux-2.4.37.7/arch/sparc64/kernel/sys_sparc32.c
6929 --- linux-2.4.37.7/arch/sparc64/kernel/sys_sparc32.c 2009-11-07 11:52:20.000000000 -0500
6930 +++ linux-2.4.37.7/arch/sparc64/kernel/sys_sparc32.c 2009-11-10 19:30:27.000000000 -0500
6932 #include <linux/vmalloc.h>
6933 #include <linux/dnotify.h>
6934 #include <linux/netfilter_ipv4/ip_tables.h>
6935 +#include <linux/random.h>
6936 +#include <linux/grsecurity.h>
6938 #include <asm/types.h>
6939 #include <asm/ipc.h>
6940 @@ -3274,8 +3276,18 @@ do_execve32(char * filename, u32 * argv,
6944 +#ifdef CONFIG_GRKERNSEC
6945 + struct file *old_exec_file;
6946 + struct acl_subject_label *old_acl;
6947 + struct rlimit old_rlim[RLIM_NLIMITS];
6950 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
6952 +#ifdef CONFIG_PAX_RANDUSTACK
6953 + bprm.p -= (net_random() & ~(sizeof(void *)-1)) & ~PAGE_MASK;
6956 memset(bprm.page, 0, MAX_ARG_PAGES * sizeof(bprm.page[0]));
6958 file = open_exec(filename);
6959 @@ -3284,6 +3296,20 @@ do_execve32(char * filename, u32 * argv,
6963 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes), 1);
6965 + if (gr_handle_nproc()) {
6966 + allow_write_access(file);
6971 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
6972 + allow_write_access(file);
6978 bprm.filename = filename;
6980 @@ -3304,11 +3330,24 @@ do_execve32(char * filename, u32 * argv,
6984 + if(!gr_tpe_allow(file)) {
6989 + if (gr_check_crash_exec(file)) {
6994 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
7000 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
7002 retval = copy_strings32(bprm.envc, envp, &bprm);
7005 @@ -3317,11 +3356,35 @@ do_execve32(char * filename, u32 * argv,
7009 +#ifdef CONFIG_GRKERNSEC
7010 + old_acl = current->acl;
7011 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
7012 + old_exec_file = current->exec_file;
7014 + current->exec_file = file;
7017 + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
7021 retval = search_binary_handler(&bprm, regs);
7023 + if (retval >= 0) {
7024 +#ifdef CONFIG_GRKERNSEC
7025 + if (old_exec_file)
7026 + fput(old_exec_file);
7028 /* execve success */
7033 +#ifdef CONFIG_GRKERNSEC
7034 + current->acl = old_acl;
7035 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
7036 + fput(current->exec_file);
7037 + current->exec_file = old_exec_file;
7040 /* Something went wrong, return the inode and free the argument pages*/
7041 allow_write_access(bprm.file);
7042 diff -urNp linux-2.4.37.7/arch/sparc64/kernel/sys_sparc.c linux-2.4.37.7/arch/sparc64/kernel/sys_sparc.c
7043 --- linux-2.4.37.7/arch/sparc64/kernel/sys_sparc.c 2009-11-07 11:52:20.000000000 -0500
7044 +++ linux-2.4.37.7/arch/sparc64/kernel/sys_sparc.c 2009-11-10 19:30:27.000000000 -0500
7045 @@ -63,6 +63,13 @@ unsigned long arch_get_unmapped_area(str
7046 task_size = 0xf0000000UL;
7047 if (len > task_size || len > -PAGE_OFFSET)
7050 +#ifdef CONFIG_PAX_RANDMMAP
7051 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
7052 + addr = TASK_UNMAPPED_BASE + current->mm->delta_mmap;
7057 addr = TASK_UNMAPPED_BASE;
7059 diff -urNp linux-2.4.37.7/arch/sparc64/mm/fault.c linux-2.4.37.7/arch/sparc64/mm/fault.c
7060 --- linux-2.4.37.7/arch/sparc64/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
7061 +++ linux-2.4.37.7/arch/sparc64/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
7063 #include <linux/smp_lock.h>
7064 #include <linux/init.h>
7065 #include <linux/interrupt.h>
7066 +#include <linux/slab.h>
7067 +#include <linux/pagemap.h>
7068 +#include <linux/compiler.h>
7070 #include <asm/page.h>
7071 #include <asm/pgtable.h>
7072 @@ -306,6 +309,369 @@ cannot_handle:
7073 unhandled_fault (address, current, regs);
7076 +#ifdef CONFIG_PAX_PAGEEXEC
7077 +#ifdef CONFIG_PAX_EMUPLT
7078 +static void pax_emuplt_close(struct vm_area_struct * vma)
7080 + vma->vm_mm->call_dl_resolve = 0UL;
7083 +static struct page* pax_emuplt_nopage(struct vm_area_struct *vma, unsigned long address, int write_access)
7085 + struct page* page;
7086 + unsigned int *kaddr;
7088 + page = alloc_page(GFP_HIGHUSER);
7092 + kaddr = kmap(page);
7093 + memset(kaddr, 0, PAGE_SIZE);
7094 + kaddr[0] = 0x9DE3BFA8U; /* save */
7095 + flush_dcache_page(page);
7100 +static const struct vm_operations_struct pax_vm_ops = {
7101 + .close = pax_emuplt_close,
7102 + .nopage = pax_emuplt_nopage,
7105 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
7109 + memset(vma, 0, sizeof(*vma));
7110 + vma->vm_mm = current->mm;
7111 + vma->vm_start = addr;
7112 + vma->vm_end = addr + PAGE_SIZE;
7113 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
7114 + vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];
7115 + vma->vm_ops = &pax_vm_ops;
7117 + ret = insert_vm_struct(current->mm, vma);
7121 + ++current->mm->total_vm;
7127 + * PaX: decide what to do with offenders (regs->tpc = fault address)
7129 + * returns 1 when task should be killed
7130 + * 2 when patched PLT trampoline was detected
7131 + * 3 when unpatched PLT trampoline was detected
7133 +static int pax_handle_fetch_fault(struct pt_regs *regs)
7136 +#ifdef CONFIG_PAX_EMUPLT
7139 + do { /* PaX: patched PLT emulation #1 */
7140 + unsigned int sethi1, sethi2, jmpl;
7142 + err = get_user(sethi1, (unsigned int*)regs->tpc);
7143 + err |= get_user(sethi2, (unsigned int*)(regs->tpc+4));
7144 + err |= get_user(jmpl, (unsigned int*)(regs->tpc+8));
7149 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
7150 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
7151 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
7153 + unsigned long addr;
7155 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
7156 + addr = regs->u_regs[UREG_G1];
7157 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
7159 + regs->tnpc = addr+4;
7164 + { /* PaX: patched PLT emulation #2 */
7167 + err = get_user(ba, (unsigned int*)regs->tpc);
7169 + if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
7170 + unsigned long addr;
7172 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
7174 + regs->tnpc = addr+4;
7179 + do { /* PaX: patched PLT emulation #3 */
7180 + unsigned int sethi, jmpl, nop;
7182 + err = get_user(sethi, (unsigned int*)regs->tpc);
7183 + err |= get_user(jmpl, (unsigned int*)(regs->tpc+4));
7184 + err |= get_user(nop, (unsigned int*)(regs->tpc+8));
7189 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
7190 + (jmpl & 0xFFFFE000U) == 0x81C06000U &&
7191 + nop == 0x01000000U)
7193 + unsigned long addr;
7195 + addr = (sethi & 0x003FFFFFU) << 10;
7196 + regs->u_regs[UREG_G1] = addr;
7197 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
7199 + regs->tnpc = addr+4;
7204 + do { /* PaX: patched PLT emulation #4 */
7205 + unsigned int mov1, call, mov2;
7207 + err = get_user(mov1, (unsigned int*)regs->tpc);
7208 + err |= get_user(call, (unsigned int*)(regs->tpc+4));
7209 + err |= get_user(mov2, (unsigned int*)(regs->tpc+8));
7214 + if (mov1 == 0x8210000FU &&
7215 + (call & 0xC0000000U) == 0x40000000U &&
7216 + mov2 == 0x9E100001U)
7218 + unsigned long addr;
7220 + regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
7221 + addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
7223 + regs->tnpc = addr+4;
7228 + do { /* PaX: patched PLT emulation #5 */
7229 + unsigned int sethi1, sethi2, or1, or2, sllx, jmpl, nop;
7231 + err = get_user(sethi1, (unsigned int*)regs->tpc);
7232 + err |= get_user(sethi2, (unsigned int*)(regs->tpc+4));
7233 + err |= get_user(or1, (unsigned int*)(regs->tpc+8));
7234 + err |= get_user(or2, (unsigned int*)(regs->tpc+12));
7235 + err |= get_user(sllx, (unsigned int*)(regs->tpc+16));
7236 + err |= get_user(jmpl, (unsigned int*)(regs->tpc+20));
7237 + err |= get_user(nop, (unsigned int*)(regs->tpc+24));
7242 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
7243 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
7244 + (or1 & 0xFFFFE000U) == 0x82106000U &&
7245 + (or2 & 0xFFFFE000U) == 0x8A116000U &&
7246 + sllx == 0x83287020 &&
7247 + jmpl == 0x81C04005U &&
7248 + nop == 0x01000000U)
7250 + unsigned long addr;
7252 + regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
7253 + regs->u_regs[UREG_G1] <<= 32;
7254 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
7255 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
7257 + regs->tnpc = addr+4;
7262 + do { /* PaX: patched PLT emulation #6 */
7263 + unsigned int sethi1, sethi2, sllx, or, jmpl, nop;
7265 + err = get_user(sethi1, (unsigned int*)regs->tpc);
7266 + err |= get_user(sethi2, (unsigned int*)(regs->tpc+4));
7267 + err |= get_user(sllx, (unsigned int*)(regs->tpc+8));
7268 + err |= get_user(or, (unsigned int*)(regs->tpc+12));
7269 + err |= get_user(jmpl, (unsigned int*)(regs->tpc+16));
7270 + err |= get_user(nop, (unsigned int*)(regs->tpc+20));
7275 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
7276 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
7277 + sllx == 0x83287020 &&
7278 + (or & 0xFFFFE000U) == 0x8A116000U &&
7279 + jmpl == 0x81C04005U &&
7280 + nop == 0x01000000U)
7282 + unsigned long addr;
7284 + regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
7285 + regs->u_regs[UREG_G1] <<= 32;
7286 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
7287 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
7289 + regs->tnpc = addr+4;
7294 + do { /* PaX: patched PLT emulation #7 */
7295 + unsigned int sethi, ba, nop;
7297 + err = get_user(sethi, (unsigned int*)regs->tpc);
7298 + err |= get_user(ba, (unsigned int*)(regs->tpc+4));
7299 + err |= get_user(nop, (unsigned int*)(regs->tpc+8));
7304 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
7305 + (ba & 0xFFF00000U) == 0x30600000U &&
7306 + nop == 0x01000000U)
7308 + unsigned long addr;
7310 + addr = (sethi & 0x003FFFFFU) << 10;
7311 + regs->u_regs[UREG_G1] = addr;
7312 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
7314 + regs->tnpc = addr+4;
7319 + do { /* PaX: unpatched PLT emulation step 1 */
7320 + unsigned int sethi, ba, nop;
7322 + err = get_user(sethi, (unsigned int*)regs->tpc);
7323 + err |= get_user(ba, (unsigned int*)(regs->tpc+4));
7324 + err |= get_user(nop, (unsigned int*)(regs->tpc+8));
7329 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
7330 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
7331 + nop == 0x01000000U)
7333 + unsigned long addr;
7334 + unsigned int save, call;
7336 + if ((ba & 0xFFC00000U) == 0x30800000U)
7337 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
7339 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
7341 + err = get_user(save, (unsigned int*)addr);
7342 + err |= get_user(call, (unsigned int*)(addr+4));
7343 + err |= get_user(nop, (unsigned int*)(addr+8));
7348 + if (save == 0x9DE3BFA8U &&
7349 + (call & 0xC0000000U) == 0x40000000U &&
7350 + nop == 0x01000000U)
7352 + struct vm_area_struct *vma;
7353 + unsigned long call_dl_resolve;
7355 + down_read(¤t->mm->mmap_sem);
7356 + call_dl_resolve = current->mm->call_dl_resolve;
7357 + up_read(¤t->mm->mmap_sem);
7358 + if (likely(call_dl_resolve))
7361 + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
7363 + down_write(¤t->mm->mmap_sem);
7364 + if (current->mm->call_dl_resolve) {
7365 + call_dl_resolve = current->mm->call_dl_resolve;
7366 + up_write(¤t->mm->mmap_sem);
7367 + if (vma) kmem_cache_free(vm_area_cachep, vma);
7371 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
7372 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
7373 + up_write(¤t->mm->mmap_sem);
7374 + if (vma) kmem_cache_free(vm_area_cachep, vma);
7378 + if (pax_insert_vma(vma, call_dl_resolve)) {
7379 + up_write(¤t->mm->mmap_sem);
7380 + kmem_cache_free(vm_area_cachep, vma);
7384 + current->mm->call_dl_resolve = call_dl_resolve;
7385 + up_write(¤t->mm->mmap_sem);
7388 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
7389 + regs->tpc = call_dl_resolve;
7390 + regs->tnpc = addr+4;
7396 + do { /* PaX: unpatched PLT emulation step 2 */
7397 + unsigned int save, call, nop;
7399 + err = get_user(save, (unsigned int*)(regs->tpc-4));
7400 + err |= get_user(call, (unsigned int*)regs->tpc);
7401 + err |= get_user(nop, (unsigned int*)(regs->tpc+4));
7406 + if (save == 0x9DE3BFA8U &&
7407 + (call & 0xC0000000U) == 0x40000000U &&
7408 + nop == 0x01000000U)
7410 + unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
7412 + regs->u_regs[UREG_RETPC] = regs->tpc;
7413 + regs->tpc = dl_resolve;
7414 + regs->tnpc = dl_resolve+4;
7423 +void pax_report_insns(void *pc, void *sp)
7427 + printk(KERN_ERR "PAX: bytes at PC: ");
7428 + for (i = 0; i < 5; i++) {
7430 + if (get_user(c, (unsigned int*)pc+i))
7431 + printk("???????? ");
7433 + printk("%08x ", c);
7439 asmlinkage void do_sparc64_fault(struct pt_regs *regs)
7441 struct mm_struct *mm = current->mm;
7442 @@ -345,6 +711,7 @@ asmlinkage void do_sparc64_fault(struct
7444 if ((current->thread.flags & SPARC_FLAG_32BIT) != 0) {
7445 regs->tpc &= 0xffffffff;
7446 + regs->tnpc &= 0xffffffff;
7447 address &= 0xffffffff;
7450 @@ -353,6 +720,29 @@ asmlinkage void do_sparc64_fault(struct
7454 +#ifdef CONFIG_PAX_PAGEEXEC
7455 + /* PaX: detect ITLB misses on non-exec pages */
7456 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
7457 + !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
7459 + if (address != regs->tpc)
7462 + up_read(&mm->mmap_sem);
7463 + switch (pax_handle_fetch_fault(regs)) {
7465 +#ifdef CONFIG_PAX_EMUPLT
7472 + pax_report_fault(regs, (void*)regs->tpc, (void*)(regs->u_regs[UREG_FP] + STACK_BIAS));
7477 /* Pure DTLB misses do not tell us whether the fault causing
7478 * load/store/atomic was a write or not, it only says that there
7479 * was no match. So in such a case we (carefully) read the
7480 diff -urNp linux-2.4.37.7/arch/sparc64/solaris/socksys.c linux-2.4.37.7/arch/sparc64/solaris/socksys.c
7481 --- linux-2.4.37.7/arch/sparc64/solaris/socksys.c 2009-11-07 11:52:20.000000000 -0500
7482 +++ linux-2.4.37.7/arch/sparc64/solaris/socksys.c 2009-11-10 19:30:27.000000000 -0500
7483 @@ -49,7 +49,7 @@ extern void mykfree(void *);
7485 static unsigned int (*sock_poll)(struct file *, poll_table *);
7487 -static struct file_operations socksys_file_ops = {
7488 +static const struct file_operations socksys_file_ops = {
7489 /* Currently empty */
7492 @@ -156,7 +156,7 @@ static unsigned int socksys_poll(struct
7496 -static struct file_operations socksys_fops = {
7497 +static const struct file_operations socksys_fops = {
7499 release: socksys_release,
7501 diff -urNp linux-2.4.37.7/arch/x86_64/config.in linux-2.4.37.7/arch/x86_64/config.in
7502 --- linux-2.4.37.7/arch/x86_64/config.in 2009-11-07 11:52:20.000000000 -0500
7503 +++ linux-2.4.37.7/arch/x86_64/config.in 2009-11-10 19:30:27.000000000 -0500
7504 @@ -262,3 +262,11 @@ int 'Kernel messages buffer length shift
7507 source lib/Config.in
7509 +mainmenu_option next_comment
7510 +comment 'Grsecurity'
7511 +bool 'Grsecurity' CONFIG_GRKERNSEC
7512 +if [ "$CONFIG_GRKERNSEC" = "y" ]; then
7513 + source grsecurity/Config.in
7516 diff -urNp linux-2.4.37.7/arch/x86_64/ia32/ia32_binfmt.c linux-2.4.37.7/arch/x86_64/ia32/ia32_binfmt.c
7517 --- linux-2.4.37.7/arch/x86_64/ia32/ia32_binfmt.c 2009-11-07 11:52:20.000000000 -0500
7518 +++ linux-2.4.37.7/arch/x86_64/ia32/ia32_binfmt.c 2009-11-10 19:30:27.000000000 -0500
7519 @@ -28,7 +28,14 @@ struct elf_phdr;
7521 #define ELF_NAME "elf/i386"
7523 -#define IA32_STACK_TOP IA32_PAGE_OFFSET
7524 +#ifdef CONFIG_PAX_RANDUSTACK
7525 +#define __IA32_DELTA_STACK (current->mm->delta_stack)
7527 +#define __IA32_DELTA_STACK 0UL
7530 +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
7532 #define ELF_ET_DYN_BASE (IA32_PAGE_OFFSET/3 + 0x1000000)
7535 @@ -129,6 +136,13 @@ struct elf_prpsinfo
7536 #include <asm/ia32.h>
7537 #include <linux/elf.h>
7539 +#ifdef CONFIG_PAX_ASLR
7540 +#define PAX_ELF_ET_DYN_BASE 0x08048000UL
7542 +#define PAX_DELTA_MMAP_LEN 16
7543 +#define PAX_DELTA_STACK_LEN 16
7546 typedef struct user_i387_ia32_struct elf_fpregset_t;
7547 typedef struct user32_fxsr_struct elf_fpxregset_t;
7549 @@ -218,7 +232,7 @@ static void elf32_init(struct pt_regs *r
7550 me->thread.flags |= THREAD_IA32;
7553 -extern void put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address);
7554 +extern int put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address);
7557 int ia32_setup_arg_pages(struct linux_binprm *bprm)
7558 @@ -243,7 +257,13 @@ int ia32_setup_arg_pages(struct linux_bi
7559 mpnt->vm_mm = current->mm;
7560 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
7561 mpnt->vm_end = IA32_STACK_TOP;
7562 - mpnt->vm_flags = vm_stack_flags32;
7564 +#ifdef CONFIG_PAX_PAGEEXEC
7565 + mpnt->vm_flags = VM_STACK_FLAGS;
7567 + mpnt->vm_flags = vm_stack_flags32;
7570 mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ?
7571 PAGE_COPY_EXEC : PAGE_COPY;
7572 mpnt->vm_ops = NULL;
7573 @@ -260,16 +280,18 @@ int ia32_setup_arg_pages(struct linux_bi
7575 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
7576 struct page *page = bprm->page[i];
7579 bprm->page[i] = NULL;
7580 - current->mm->rss++;
7581 - put_dirty_page(current,page,stack_base);
7582 + retval = put_dirty_page(current,page,stack_base);
7586 stack_base += PAGE_SIZE;
7588 up_write(¤t->mm->mmap_sem);
7594 static unsigned long
7595 elf32_map (struct file *filep, unsigned long addr, struct elf_phdr *eppnt, int prot, int type)
7596 @@ -277,8 +299,10 @@ elf32_map (struct file *filep, unsigned
7597 unsigned long map_addr;
7598 struct task_struct *me = current;
7600 +#ifndef CONFIG_PAX_PAGEEXEC
7601 if (prot & PROT_READ)
7605 down_write(&me->mm->mmap_sem);
7606 map_addr = do_mmap(filep, ELF_PAGESTART(addr),
7607 diff -urNp linux-2.4.37.7/arch/x86_64/ia32/ia32_ioctl.c linux-2.4.37.7/arch/x86_64/ia32/ia32_ioctl.c
7608 --- linux-2.4.37.7/arch/x86_64/ia32/ia32_ioctl.c 2009-11-07 11:52:20.000000000 -0500
7609 +++ linux-2.4.37.7/arch/x86_64/ia32/ia32_ioctl.c 2009-11-10 19:30:27.000000000 -0500
7610 @@ -1963,7 +1963,11 @@ static int vt_check(struct file *file)
7611 * To have permissions to do most of the vt ioctls, we either have
7612 * to be the owner of the tty, or super-user.
7614 +#ifdef CONFIG_GRKERNSEC
7615 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
7617 if (current->tty == tty || suser())
7622 diff -urNp linux-2.4.37.7/arch/x86_64/ia32/sys_ia32.c linux-2.4.37.7/arch/x86_64/ia32/sys_ia32.c
7623 --- linux-2.4.37.7/arch/x86_64/ia32/sys_ia32.c 2009-11-07 11:52:20.000000000 -0500
7624 +++ linux-2.4.37.7/arch/x86_64/ia32/sys_ia32.c 2009-11-10 19:30:27.000000000 -0500
7625 @@ -333,8 +333,11 @@ sys32_mmap(struct mmap_arg_struct *arg)
7630 +#ifndef CONFIG_PAX_PAGEEXEC
7631 if (a.prot & PROT_READ)
7632 a.prot |= PROT_EXEC;
7636 down_write(&mm->mmap_sem);
7637 @@ -351,8 +354,12 @@ extern asmlinkage long sys_mprotect(unsi
7639 asmlinkage long sys32_mprotect(unsigned long start, size_t len, unsigned long prot)
7642 +#ifndef CONFIG_PAX_PAGEEXEC
7643 if (prot & PROT_READ)
7647 return sys_mprotect(start,len,prot);
7650 @@ -2121,8 +2128,10 @@ asmlinkage long sys32_mmap2(unsigned lon
7654 +#ifndef CONFIG_PAX_PAGEEXEC
7655 if (prot & PROT_READ)
7659 down_write(&mm->mmap_sem);
7660 error = do_mmap_pgoff(file, addr, len, prot, flags|MAP_32BIT, pgoff);
7661 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/cpuid.c linux-2.4.37.7/arch/x86_64/kernel/cpuid.c
7662 --- linux-2.4.37.7/arch/x86_64/kernel/cpuid.c 2009-11-07 11:52:20.000000000 -0500
7663 +++ linux-2.4.37.7/arch/x86_64/kernel/cpuid.c 2009-11-10 19:30:27.000000000 -0500
7664 @@ -133,7 +133,7 @@ static int cpuid_open(struct inode *inod
7666 * File operations we support
7668 -static struct file_operations cpuid_fops = {
7669 +static const struct file_operations cpuid_fops = {
7673 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/ioport.c linux-2.4.37.7/arch/x86_64/kernel/ioport.c
7674 --- linux-2.4.37.7/arch/x86_64/kernel/ioport.c 2009-11-07 11:52:20.000000000 -0500
7675 +++ linux-2.4.37.7/arch/x86_64/kernel/ioport.c 2009-11-10 19:30:27.000000000 -0500
7676 @@ -38,8 +38,16 @@ asmlinkage long sys_ioperm(unsigned long
7678 if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
7681 +#ifdef CONFIG_GRKERNSEC_IO
7683 + gr_handle_ioperm();
7687 if (turn_on && !capable(CAP_SYS_RAWIO))
7691 * If it's the first ioperm() call in this thread's lifetime, set the
7692 * IO bitmap up. ioperm() is much less timing critical than clone(),
7693 @@ -89,8 +97,13 @@ asmlinkage long sys_iopl(unsigned int le
7695 /* Trying to gain more privileges? */
7697 +#ifdef CONFIG_GRKERNSEC_IO
7701 if (!capable(CAP_SYS_RAWIO))
7705 regs->eflags = (regs->eflags &~ 0x3000UL) | (level << 12);
7707 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/msr.c linux-2.4.37.7/arch/x86_64/kernel/msr.c
7708 --- linux-2.4.37.7/arch/x86_64/kernel/msr.c 2009-11-07 11:52:20.000000000 -0500
7709 +++ linux-2.4.37.7/arch/x86_64/kernel/msr.c 2009-11-10 19:30:27.000000000 -0500
7710 @@ -240,7 +240,7 @@ static int msr_open(struct inode *inode,
7712 * File operations we support
7714 -static struct file_operations msr_fops = {
7715 +static const struct file_operations msr_fops = {
7719 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/mtrr.c linux-2.4.37.7/arch/x86_64/kernel/mtrr.c
7720 --- linux-2.4.37.7/arch/x86_64/kernel/mtrr.c 2009-11-07 11:52:20.000000000 -0500
7721 +++ linux-2.4.37.7/arch/x86_64/kernel/mtrr.c 2009-11-10 19:30:27.000000000 -0500
7722 @@ -981,6 +981,9 @@ static ssize_t mtrr_write (struct file *
7724 char line[LINE_SIZE];
7729 if (!capable(CAP_SYS_ADMIN))
7732 @@ -1208,7 +1211,7 @@ static int mtrr_close (struct inode *ino
7736 -static struct file_operations mtrr_fops = {
7737 +static const struct file_operations mtrr_fops = {
7741 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/ptrace.c linux-2.4.37.7/arch/x86_64/kernel/ptrace.c
7742 --- linux-2.4.37.7/arch/x86_64/kernel/ptrace.c 2009-11-07 11:52:20.000000000 -0500
7743 +++ linux-2.4.37.7/arch/x86_64/kernel/ptrace.c 2009-11-10 19:30:27.000000000 -0500
7745 #include <linux/errno.h>
7746 #include <linux/ptrace.h>
7747 #include <linux/user.h>
7748 +#include <linux/grsecurity.h>
7750 #include <asm/uaccess.h>
7751 #include <asm/pgtable.h>
7752 @@ -206,6 +207,9 @@ asmlinkage long sys_ptrace(long request,
7753 if (pid == 1) /* you may not mess with init */
7756 + if (gr_handle_ptrace(child, request))
7759 if (request == PTRACE_ATTACH) {
7760 ret = ptrace_attach(child);
7762 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/setup64.c linux-2.4.37.7/arch/x86_64/kernel/setup64.c
7763 --- linux-2.4.37.7/arch/x86_64/kernel/setup64.c 2009-11-07 11:52:20.000000000 -0500
7764 +++ linux-2.4.37.7/arch/x86_64/kernel/setup64.c 2009-11-10 19:30:27.000000000 -0500
7765 @@ -36,11 +36,18 @@ struct desc_ptr idt_descr = { 256 * 16,
7766 correct flags everywhere. */
7767 unsigned long __supported_pte_mask = ~0UL;
7768 static int do_not_nx __initdata = 0;
7769 -unsigned long vm_stack_flags = __VM_STACK_FLAGS;
7770 -unsigned long vm_stack_flags32 = __VM_STACK_FLAGS;
7772 +#ifdef CONFIG_PAX_PAGEEXEC
7773 +unsigned long vm_stack_flags = __VM_DATA_DEFAULT_FLAGS;
7774 +unsigned long vm_stack_flags32 = __VM_DATA_DEFAULT_FLAGS;
7776 +unsigned long vm_stack_flags = __VM_STACK_FLAGS;
7777 +unsigned long vm_stack_flags32 = __VM_STACK_FLAGS;
7780 unsigned long vm_data_default_flags = __VM_DATA_DEFAULT_FLAGS;
7781 unsigned long vm_data_default_flags32 = __VM_DATA_DEFAULT_FLAGS;
7782 -unsigned long vm_force_exec32 = PROT_EXEC;
7783 +unsigned long vm_force_exec32 = 0;
7785 char boot_cpu_stack[IRQSTACKSIZE] __cacheline_aligned;
7787 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/setup.c linux-2.4.37.7/arch/x86_64/kernel/setup.c
7788 --- linux-2.4.37.7/arch/x86_64/kernel/setup.c 2009-11-07 11:52:20.000000000 -0500
7789 +++ linux-2.4.37.7/arch/x86_64/kernel/setup.c 2009-11-10 19:30:27.000000000 -0500
7790 @@ -913,7 +913,7 @@ static void c_stop(struct seq_file *m, v
7794 -struct seq_operations cpuinfo_op = {
7795 +const struct seq_operations cpuinfo_op = {
7799 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/signal.c linux-2.4.37.7/arch/x86_64/kernel/signal.c
7800 --- linux-2.4.37.7/arch/x86_64/kernel/signal.c 2009-11-07 11:52:20.000000000 -0500
7801 +++ linux-2.4.37.7/arch/x86_64/kernel/signal.c 2009-11-10 19:30:27.000000000 -0500
7802 @@ -144,7 +144,7 @@ restore_sigcontext(struct pt_regs *regs,
7803 COPY(rdx); COPY(rcx);
7805 if (regs->rip >= TASK_SIZE && regs->rip < VSYSCALL_START) {
7811 @@ -361,7 +361,7 @@ static void setup_rt_frame(int sig, stru
7812 if (regs->rip >= TASK_SIZE) {
7814 ka->sa.sa_handler = SIG_DFL;
7818 regs->cs = __USER_CS;
7819 regs->ss = __USER_DS;
7820 diff -urNp linux-2.4.37.7/arch/x86_64/kernel/sys_x86_64.c linux-2.4.37.7/arch/x86_64/kernel/sys_x86_64.c
7821 --- linux-2.4.37.7/arch/x86_64/kernel/sys_x86_64.c 2009-11-07 11:52:20.000000000 -0500
7822 +++ linux-2.4.37.7/arch/x86_64/kernel/sys_x86_64.c 2009-11-10 19:30:27.000000000 -0500
7823 @@ -72,6 +72,13 @@ unsigned long arch_get_unmapped_area(str
7824 unsigned long end = TASK_SIZE;
7826 if (current->thread.flags & THREAD_IA32) {
7828 +#ifdef CONFIG_PAX_RANDMMAP
7829 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
7830 + addr = TASK_UNMAPPED_32 + current->mm->delta_mmap;
7835 addr = TASK_UNMAPPED_32;
7837 @@ -82,10 +89,24 @@ unsigned long arch_get_unmapped_area(str
7838 base down for this case. This may give conflicts
7839 with the heap, but we assume that malloc falls back
7840 to mmap. Give it 1GB of playground for now. -AK */
7842 +#ifdef CONFIG_PAX_RANDMMAP
7843 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
7844 + addr = 0x40000000 + (current->mm->delta_mmap & 0x0FFFFFFFU);
7853 +#ifdef CONFIG_PAX_RANDMMAP
7854 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && (!addr || filp))
7855 + addr = TASK_UNMAPPED_64 + current->mm->delta_mmap;
7860 addr = TASK_UNMAPPED_64;
7862 diff -urNp linux-2.4.37.7/arch/x86_64/mm/fault.c linux-2.4.37.7/arch/x86_64/mm/fault.c
7863 --- linux-2.4.37.7/arch/x86_64/mm/fault.c 2009-11-07 11:52:20.000000000 -0500
7864 +++ linux-2.4.37.7/arch/x86_64/mm/fault.c 2009-11-10 19:30:27.000000000 -0500
7865 @@ -173,6 +173,33 @@ static int is_prefetch(struct pt_regs *r
7869 +#ifdef CONFIG_PAX_PAGEEXEC
7870 +void pax_report_insns(void *pc, void *sp)
7874 + printk(KERN_ERR "PAX: bytes at PC: ");
7875 + for (i = 0; i < 20; i++) {
7877 + if (get_user(c, (unsigned char*)pc+i))
7878 + printk("???????? ");
7880 + printk("%08x ", c);
7884 + printk(KERN_ERR "PAX: bytes at SP-8: ");
7885 + for (i = -1; i < 10; i++) {
7887 + if (get_user(c, (unsigned long*)sp+i))
7888 + printk("???????????????? ");
7890 + printk("%16lx ", c);
7896 int page_fault_trace;
7897 int exception_trace = 1;
7899 @@ -267,6 +294,15 @@ again:
7900 * we can handle it..
7904 +#ifdef CONFIG_PAX_PAGEEXEC
7905 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (error_code & 16) && !(vma->vm_flags & VM_EXEC)) {
7906 + up_read(&mm->mmap_sem);
7907 + pax_report_fault(regs, (void*)regs->rip, (void*)regs->rsp);
7912 info.si_code = SEGV_ACCERR;
7914 switch (error_code & 3) {
7915 diff -urNp linux-2.4.37.7/crypto/proc.c linux-2.4.37.7/crypto/proc.c
7916 --- linux-2.4.37.7/crypto/proc.c 2009-11-07 11:52:20.000000000 -0500
7917 +++ linux-2.4.37.7/crypto/proc.c 2009-11-10 19:30:27.000000000 -0500
7918 @@ -86,7 +86,7 @@ static int c_show(struct seq_file *m, vo
7922 -static struct seq_operations crypto_seq_ops = {
7923 +static const struct seq_operations crypto_seq_ops = {
7927 @@ -98,7 +98,7 @@ static int crypto_info_open(struct inode
7928 return seq_open(file, &crypto_seq_ops);
7931 -static struct file_operations proc_crypto_ops = {
7932 +static const struct file_operations proc_crypto_ops = {
7933 .open = crypto_info_open,
7935 .llseek = seq_lseek,
7936 diff -urNp linux-2.4.37.7/Documentation/Configure.help linux-2.4.37.7/Documentation/Configure.help
7937 --- linux-2.4.37.7/Documentation/Configure.help 2009-11-07 11:52:20.000000000 -0500
7938 +++ linux-2.4.37.7/Documentation/Configure.help 2009-11-10 19:30:27.000000000 -0500
7939 @@ -23530,6 +23530,933 @@ CONFIG_CF_AREA5
7941 "Area6" will work for most boards. For ADX, select "Area5".
7945 + If you say Y here, you will be able to configure many features that
7946 + will enhance the security of your system. It is highly recommended
7947 + that you say Y here and read through the help for each option so
7948 + you fully understand the features and can evaluate their usefulness
7951 +Additional security levels
7952 +CONFIG_GRKERNSEC_LOW
7954 + Low additional security
7955 + -----------------------------------------------------------------------
7956 + If you choose this option, several of the grsecurity options will
7957 + be enabled that will give you greater protection against a number
7958 + of attacks, while assuring that none of your software will have any
7959 + conflicts with the additional security measures. If you run a lot of
7960 + unusual software, or you are having problems with the higher security
7961 + levels, you should say Y here. With this option, the following features
7964 + linking restrictions
7966 + enforcing nproc on execve()
7968 + enforced chdir("/") on chroot
7969 + runtime module disabling
7971 + Medium additional security
7972 + -----------------------------------------------------------------------
7973 + If you say Y here, several features in addition to those included in the
7974 + low additional security level will be enabled. These features provide
7975 + even more security to your system, though in rare cases they may
7976 + be incompatible with very old or poorly written software. If you
7977 + enable this option, make sure that your auth service (identd) is
7978 + running as gid 10 (usually group wheel). With this option the following
7979 + features (in addition to those provided in the low additional security
7980 + level) will be enabled:
7982 + random tcp source ports
7983 + failed fork logging
7984 + time change logging
7986 + deny mounts in chroot
7987 + deny double chrooting
7988 + deny sysctl writes in chroot
7989 + deny mknod in chroot
7990 + deny access to abstract AF_UNIX sockets out of chroot
7991 + deny pivot_root in chroot
7992 + denied writes of /dev/kmem, /dev/mem, and /dev/port
7993 + /proc restrictions with special gid set to 10 (usually wheel)
7994 + address space layout randomization
7995 + removal of addresses from /proc/<pid>/[maps|stat]
7997 + High additional security
7998 + ----------------------------------------------------------------------
7999 + If you say Y here, many of the features of grsecurity will be enabled,
8000 + that will protect you against many kinds of attacks against
8001 + your system. The heightened security comes at a cost of an
8002 + increased chance of incompatibilities with rare software on your
8003 + machine. Since this security level enables PaX, you should view
8004 + <http://pax.grsecurity.net> and read about the PaX project. While
8005 + you are there, download chpax and run it on binaries that cause
8006 + problems with PaX. Also remember that since the /proc restrictions are
8007 + enabled, you must run your identd as group wheel (gid 10).
8008 + This security level enables the following features in addition to those
8009 + listed in the low and medium security levels:
8011 + additional /proc restrictions
8012 + chmod restrictions in chroot
8013 + no signals, ptrace, or viewing processes outside of chroot
8014 + capability restrictions in chroot
8015 + deny fchdir out of chroot
8016 + priority restrictions in chroot
8017 + segmentation-based implementation of PaX
8018 + mprotect restrictions
8019 + kernel stack randomization
8020 + mount/unmount/remount logging
8021 + kernel symbol hiding
8022 + destroy unused shared memory
8024 +Customized additional security
8025 +CONFIG_GRKERNSEC_CUSTOM
8026 + If you say Y here, you will be able to configure every grsecurity
8027 + option, which allows you to enable many more features that aren't
8028 + covered in the basic security levels. These additional features include
8029 + TPE, socket restrictions, and the sysctl system for grsecurity. It is
8030 + advised that you read through the help for each option to determine its
8031 + usefulness in your situation.
8034 +CONFIG_PAX_SOFTMODE
8035 + Enabling this option will allow you to run PaX in soft mode, that
8036 + is, PaX features will not be enforced by default, only on executables
8037 + marked explicitly. You must also enable PT_PAX_FLAGS support as it
8038 + is the only way to mark executables for soft mode use.
8040 + Soft mode can be activated by using the "pax_softmode=1" kernel command
8041 + line option on boot. Furthermore you can control various PaX features
8042 + at runtime via the entries in /proc/sys/kernel/pax.
8044 +Use legacy ELF header marking
8046 + Enabling this option will allow you to control PaX features on
8047 + a per executable basis via the 'chpax' utility available at
8048 + http://pax.grsecurity.net/. The control flags will be read from
8049 + an otherwise reserved part of the ELF header. This marking has
8050 + numerous drawbacks (no support for soft-mode, toolchain does not
8051 + know about the non-standard use of the ELF header) therefore it
8052 + has been deprecated in favour of PT_PAX_FLAGS support.
8054 + If you have applications not marked by the PT_PAX_FLAGS ELF
8055 + program header then you MUST enable this option otherwise they
8056 + will not get any protection.
8058 + Note that if you enable PT_PAX_FLAGS marking support as well,
8059 + the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
8061 +Use ELF program header marking
8062 +CONFIG_PAX_PT_PAX_FLAGS
8063 + Enabling this option will allow you to control PaX features on
8064 + a per executable basis via the 'paxctl' utility available at
8065 + http://pax.grsecurity.net/. The control flags will be read from
8066 + a PaX specific ELF program header (PT_PAX_FLAGS). This marking
8067 + has the benefits of supporting both soft mode and being fully
8068 + integrated into the toolchain (the binutils patch is available
8069 + from http://pax.grsecurity.net).
8071 + If you have applications not marked by the PT_PAX_FLAGS ELF
8072 + program header then you MUST enable the EI_PAX marking support
8073 + otherwise they will not get any protection.
8075 + Note that if you enable the legacy EI_PAX marking support as well,
8076 + the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
8078 +MAC system integration
8079 +CONFIG_PAX_NO_ACL_FLAGS
8080 + Mandatory Access Control systems have the option of controlling
8081 + PaX flags on a per executable basis, choose the method supported
8082 + by your particular system.
8084 + - "none": if your MAC system does not interact with PaX,
8085 + - "direct": if your MAC system defines pax_set_initial_flags() itself,
8086 + - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
8088 + NOTE: this option is for developers/integrators only.
8090 +Enforce non-executable pages
8092 + By design some architectures do not allow for protecting memory
8093 + pages against execution or even if they do, Linux does not make
8094 + use of this feature. In practice this means that if a page is
8095 + readable (such as the stack or heap) it is also executable.
8097 + There is a well known exploit technique that makes use of this
8098 + fact and a common programming mistake where an attacker can
8099 + introduce code of his choice somewhere in the attacked program's
8100 + memory (typically the stack or the heap) and then execute it.
8102 + If the attacked program was running with different (typically
8103 + higher) privileges than that of the attacker, then he can elevate
8104 + his own privilege level (e.g. get a root shell, write to files for
8105 + which he does not have write access to, etc).
8107 + Enabling this option will let you choose from various features
8108 + that prevent the injection and execution of 'foreign' code in
8111 + This will also break programs that rely on the old behaviour and
8112 + expect that dynamically allocated memory via the malloc() family
8113 + of functions is executable (which it is not). Notable examples
8114 + are the XFree86 4.x server, the java runtime and wine.
8116 +Paging based non-executable pages
8117 +CONFIG_PAX_PAGEEXEC
8118 + This implementation is based on the paging feature of the CPU.
8119 + On i386 it has a variable performance impact on applications
8120 + depending on their memory usage pattern. You should carefully
8121 + test your applications before using this feature in production.
8122 + On alpha, parisc, sparc and sparc64 there is no performance
8123 + impact. On ppc there is a slight performance impact.
8125 +Segmentation based non-executable pages
8126 +CONFIG_PAX_SEGMEXEC
8127 + This implementation is based on the segmentation feature of the
8128 + CPU and has little performance impact, however applications will
8129 + be limited to a 1.5 GB address space instead of the normal 3 GB.
8131 +Emulate trampolines
8132 +CONFIG_PAX_EMUTRAMP
8133 + There are some programs and libraries that for one reason or
8134 + another attempt to execute special small code snippets from
8135 + non-executable memory pages. Most notable examples are the
8136 + signal handler return code generated by the kernel itself and
8137 + the GCC trampolines.
8139 + If you enabled CONFIG_PAX_PAGEEXEC or
8140 + CONFIG_PAX_SEGMEXEC then such programs will no longer
8141 + work under your kernel.
8143 + As a remedy you can say Y here and use the 'chpax' or 'paxctl'
8144 + utilities to enable trampoline emulation for the affected programs
8145 + yet still have the protection provided by the non-executable pages.
8147 + On parisc and ppc you MUST enable this option and EMUSIGRT as
8148 + well, otherwise your system will not even boot.
8150 + Alternatively you can say N here and use the 'chpax' or 'paxctl'
8151 + utilities to disable CONFIG_PAX_PAGEEXEC and
8152 + CONFIG_PAX_SEGMEXEC for the affected files.
8154 + NOTE: enabling this feature *may* open up a loophole in the
8155 + protection provided by non-executable pages that an attacker
8156 + could abuse. Therefore the best solution is to not have any
8157 + files on your system that would require this option. This can
8158 + be achieved by not using libc5 (which relies on the kernel
8159 + signal handler return code) and not using or rewriting programs
8160 + that make use of the nested function implementation of GCC.
8161 + Skilled users can just fix GCC itself so that it implements
8162 + nested function calls in a way that does not interfere with PaX.
8164 +Automatically emulate sigreturn trampolines
8165 +CONFIG_PAX_EMUSIGRT
8166 + Enabling this option will have the kernel automatically detect
8167 + and emulate signal return trampolines executing on the stack
8168 + that would otherwise lead to task termination.
8170 + This solution is intended as a temporary one for users with
8171 + legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
8172 + Modula-3 runtime, etc) or executables linked to such, basically
8173 + everything that does not specify its own SA_RESTORER function in
8174 + normal executable memory like glibc 2.1+ does.
8176 + On parisc and ppc you MUST enable this option, otherwise your
8177 + system will not even boot.
8179 + NOTE: this feature cannot be disabled on a per executable basis
8180 + and since it *does* open up a loophole in the protection provided
8181 + by non-executable pages, the best solution is to not have any
8182 + files on your system that would require this option.
8184 +Restrict mprotect()
8185 +CONFIG_PAX_MPROTECT
8186 + Enabling this option will prevent programs from
8187 + - changing the executable status of memory pages that were
8188 + not originally created as executable,
8189 + - making read-only executable pages writable again,
8190 + - creating executable pages from anonymous memory.
8192 + You should say Y here to complete the protection provided by
8193 + the enforcement of non-executable pages.
8195 + NOTE: you can use the 'chpax' utility to control this
8196 + feature on a per file basis. chpax is available at
8197 + <http://pax.grsecurity.net>
8199 +Disallow ELF text relocations
8200 +CONFIG_PAX_NOELFRELOCS
8201 + Non-executable pages and mprotect() restrictions are effective
8202 + in preventing the introduction of new executable code into an
8203 + attacked task's address space. There remain only two venues
8204 + for this kind of attack: if the attacker can execute already
8205 + existing code in the attacked task then he can either have it
8206 + create and mmap() a file containing his code or have it mmap()
8207 + an already existing ELF library that does not have position
8208 + independent code in it and use mprotect() on it to make it
8209 + writable and copy his code there. While protecting against
8210 + the former approach is beyond PaX, the latter can be prevented
8211 + by having only PIC ELF libraries on one's system (which do not
8212 + need to relocate their code). If you are sure this is your case,
8213 + then enable this option otherwise be careful as you may not even
8214 + be able to boot or log on your system (for example, some PAM
8215 + modules are erroneously compiled as non-PIC by default).
8217 + NOTE: if you are using dynamic ELF executables (as suggested
8218 + when using ASLR) then you must have made sure that you linked
8219 + your files using the PIC version of crt1 (the et_dyn.zip package
8220 + referenced there has already been updated to support this).
8222 +Enforce non-executable kernel pages
8223 +CONFIG_PAX_KERNEXEC
8224 + This is the kernel land equivalent of PAGEEXEC and MPROTECT,
8225 + that is, enabling this option will make it harder to inject
8226 + and execute 'foreign' code in kernel memory itself.
8228 +Address Space Layout Randomization
8230 + Many if not most exploit techniques rely on the knowledge of
8231 + certain addresses in the attacked program. The following options
8232 + will allow the kernel to apply a certain amount of randomization
8233 + to specific parts of the program thereby forcing an attacker to
8234 + guess them in most cases. Any failed guess will most likely crash
8235 + the attacked program which allows the kernel to detect such attempts
8236 + and react on them. PaX itself provides no reaction mechanisms,
8237 + instead it is strongly encouraged that you make use of grsecurity's
8238 + built-in crash detection features or develop one yourself.
8240 + By saying Y here you can choose to randomize the following areas:
8241 + - top of the task's kernel stack
8242 + - top of the task's userland stack
8243 + - base address for mmap() requests that do not specify one
8244 + (this includes all libraries)
8245 + - base address of the main executable
8247 + It is strongly recommended to say Y here as address space layout
8248 + randomization has negligible impact on performance yet it provides
8249 + a very effective protection.
8251 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control most
8252 + of these features on a per file basis.
8254 +Randomize kernel stack base
8255 +CONFIG_PAX_RANDKSTACK
8256 + By saying Y here the kernel will randomize every task's kernel
8257 + stack on every system call. This will not only force an attacker
8258 + to guess it but also prevent him from making use of possible
8259 + leaked information about it.
8261 + Since the kernel stack is a rather scarce resource, randomization
8262 + may cause unexpected stack overflows, therefore you should very
8263 + carefully test your system. Note that once enabled in the kernel
8264 + configuration, this feature cannot be disabled on a per file basis.
8266 +Randomize user stack base
8267 +CONFIG_PAX_RANDUSTACK
8268 + By saying Y here the kernel will randomize every task's userland
8269 + stack. The randomization is done in two steps where the second
8270 + one may apply a big amount of shift to the top of the stack and
8271 + cause problems for programs that want to use lots of memory (more
8272 + than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
8273 + For this reason the second step can be controlled by 'chpax' or
8274 + 'paxctl' on a per file basis.
8276 +Allow ELF ET_EXEC text relocations
8277 +CONFIG_PAX_ETEXECRELOCS
8278 + On some architectures like the alpha there are incorrectly
8279 + created applications that require text relocations and would
8280 + not work without enabling this option. If you are an alpha
8281 + user, you should enable this option and disable it once you
8282 + have made sure that none of your applications need it.
8284 +Automatically emulate ELF PLT
8286 + Enabling this option will have the kernel automatically detect
8287 + and emulate the Procedure Linkage Table entries in ELF files.
8288 + On some architectures such entries are in writable memory, and
8289 + become non-executable leading to task termination. Therefore
8290 + it is mandatory that you enable this option on alpha, parisc, ppc,
8291 + sparc and sparc64, otherwise your system would not even boot.
8293 + NOTE: this feature *does* open up a loophole in the protection
8294 + provided by the non-executable pages, therefore the proper
8295 + solution is to modify the toolchain to produce a PLT that does
8296 + not need to be writable.
8298 +Randomize mmap() base
8299 +CONFIG_PAX_RANDMMAP
8300 + By saying Y here the kernel will use a randomized base address for
8301 + mmap() requests that do not specify one themselves. As a result
8302 + all dynamically loaded libraries will appear at random addresses
8303 + and therefore be harder to exploit by a technique where an attacker
8304 + attempts to execute library code for his purposes (e.g. spawn a
8305 + shell from an exploited program that is running at an elevated
8308 + Furthermore, if a program is relinked as a dynamic ELF file, its
8309 + base address will be randomized as well, completing the full
8310 + randomization of the address space layout. Attacking such programs
8311 + becomes a guess game. You can find an example of doing this at
8312 + <http://pax.grsecurity.net/et_dyn.zip> and practical samples at
8313 + <http://www.grsecurity.net/grsec-gcc-specs.tar.gz> .
8315 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
8316 + feature on a per file basis.
8318 +Deny writing to /dev/kmem, /dev/mem, and /dev/port
8319 +CONFIG_GRKERNSEC_KMEM
8320 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
8321 + be written to via mmap or otherwise to modify the running kernel.
8322 + /dev/port will also not be allowed to be opened. If you have module
8323 + support disabled, enabling this will close up four ways that are
8324 + currently used to insert malicious code into the running kernel.
8325 + Even with all these features enabled, we still highly recommend that
8326 + you use the RBAC system, as it is still possible for an attacker to
8327 + modify the running kernel through privileged I/O granted by ioperm/iopl.
8328 + If you are not using XFree86, you may be able to stop this additional
8329 + case by enabling the 'Disable privileged I/O' option. Though nothing
8330 + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
8331 + but only to video memory, which is the only writing we allow in this
8332 + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
8333 + not be allowed to mprotect it with PROT_WRITE later.
8334 + It is highly recommended that you say Y here if you meet all the
8337 +Disable privileged I/O
8338 +CONFIG_GRKERNSEC_IO
8339 + If you say Y here, all ioperm and iopl calls will return an error.
8340 + Ioperm and iopl can be used to modify the running kernel.
8341 + Unfortunately, some programs need this access to operate properly,
8342 + the most notable of which are XFree86 and hwclock. hwclock can be
8343 + remedied by having RTC support in the kernel, so CONFIG_RTC is
8344 + enabled if this option is enabled, to ensure that hwclock operates
8345 + correctly. XFree86 still will not operate correctly with this option
8346 + enabled, so DO NOT CHOOSE Y IF YOU USE XFree86. If you use XFree86
8347 + and you still want to protect your kernel against modification,
8348 + use the RBAC system.
8350 +Runtime module disabling
8351 +CONFIG_GRKERNSEC_MODSTOP
8352 + If you say Y here, you will be able to disable the ability to (un)load
8353 + modules at runtime. This feature is useful if you need the ability
8354 + to load kernel modules at boot time, but do not want to allow an
8355 + attacker to load a rootkit kernel module into the system, or to remove
8356 + a loaded kernel module important to system functioning. You should
8357 + enable the /dev/mem protection feature as well, since rootkits can be
8358 + inserted into the kernel via other methods than kernel modules. Since
8359 + an untrusted module could still be loaded by modifying init scripts and
8360 + rebooting the system, it is also recommended that you enable the RBAC
8361 + system. If you enable this option, a sysctl option with name
8362 + "disable_modules" will be created. Setting this option to "1" disables
8363 + module loading. After this option is set, no further writes to it are
8364 + allowed until the system is rebooted.
8366 +Hide kernel symbols
8367 +CONFIG_GRKERNSEC_HIDESYM
8368 + If you say Y here, getting information on loaded modules, and
8369 + displaying all kernel symbols through a syscall will be restricted
8370 + to users with CAP_SYS_MODULE. This option is only effective
8371 + provided the following conditions are met:
8372 + 1) The kernel using grsecurity is not precompiled by some distribution
8373 + 2) You are using the RBAC system and hiding other files such as your
8374 + kernel image and System.map
8375 + 3) You have the additional /proc restrictions enabled, which removes
8377 + If the above conditions are met, this option will aid to provide a
8378 + useful protection against local and remote kernel exploitation of
8379 + overflows and arbitrary read/write vulnerabilities.
8381 +Deter exploit bruteforcing
8382 +CONFIG_GRKERNSEC_BRUTE
8383 + If you say Y here, attempts to bruteforce exploits against forking
8384 + daemons such as apache or sshd will be deterred. When a child of a
8385 + forking daemon is killed by PaX or crashes due to an illegal
8386 + instruction, the parent process will be delayed 30 seconds upon every
8387 + subsequent fork until the administrator is able to assess the
8388 + situation and restart the daemon. It is recommended that you also
8389 + enable signal logging in the auditing section so that logs are
8390 + generated when a process performs an illegal instruction.
8392 +/proc/<pid>/ipaddr support
8393 +CONFIG_GRKERNSEC_PROC_IPADDR
8394 + If you say Y here, a new entry will be added to each /proc/<pid>
8395 + directory that contains the IP address of the person using the task.
8396 + The IP is carried across local TCP and AF_UNIX stream sockets.
8397 + This information can be useful for IDS/IPSes to perform remote response
8398 + to a local attack. The entry is readable by only the owner of the
8399 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
8400 + the RBAC system), and thus does not create privacy concerns.
8403 +CONFIG_GRKERNSEC_PROC
8404 + If you say Y here, the permissions of the /proc filesystem
8405 + will be altered to enhance system security and privacy. You MUST
8406 + choose either a user only restriction or a user and group restriction.
8407 + Depending upon the option you choose, you can either restrict users to
8408 + see only the processes they themselves run, or choose a group that can
8409 + view all processes and files normally restricted to root if you choose
8410 + the "restrict to user only" option. NOTE: If you're running identd as
8411 + a non-root user, you will have to run it as the group you specify here.
8413 +Restrict /proc to user only
8414 +CONFIG_GRKERNSEC_PROC_USER
8415 + If you say Y here, non-root users will only be able to view their own
8416 + processes, and restricts them from viewing network-related information,
8417 + and viewing kernel symbol and module information.
8419 +Restrict /proc to user and group
8420 +CONFIG_GRKERNSEC_PROC_USERGROUP
8421 + If you say Y here, you will be able to select a group that will be
8422 + able to view all processes, network-related information, and
8423 + kernel and symbol information. This option is useful if you want
8424 + to run identd as a non-root user.
8426 +Harden kernel heap management
8427 +CONFIG_GRKERNSEC_KHEAP
8428 + If you say Y here, the kernel heap management routines will be
8429 + modified to provide greater resilience against kernel heap
8430 + exploitation. Specifically, this option prevents allocated
8431 + shared memory IPC structures from being targeted by the only public
8432 + technique for reliable kernel heap exploitation.
8434 +Remove addresses from /proc/pid/[maps|stat]
8435 +CONFIG_GRKERNSEC_PROC_MEMMAP
8436 + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
8437 + give no information about the addresses of its mappings if
8438 + PaX features that rely on random addresses are enabled on the task.
8439 + If you use PaX it is greatly recommended that you say Y here as it
8440 + closes up a hole that makes the full ASLR useless for suid
8443 +Additional proc restrictions
8444 +CONFIG_GRKERNSEC_PROC_ADD
8445 + If you say Y here, additional restrictions will be placed on
8446 + /proc that keep normal users from viewing device information and
8447 + slabinfo information that could be useful for exploits.
8449 +Dmesg(8) Restriction
8450 +CONFIG_GRKERNSEC_DMESG
8451 + If you say Y here, non-root users will not be able to use dmesg(8)
8452 + to view up to the last 4kb of messages in the kernel's log buffer.
8453 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
8456 +Destroy unused shared memory
8457 +CONFIG_GRKERNSEC_SHM
8458 + If you say Y here, shared memory will be destroyed when no one is
8459 + attached to it. Otherwise, resources involved with the shared
8460 + memory can be used up and not be associated with any process (as the
8461 + shared memory still exists, and the creating process has exited). If
8462 + the sysctl option is enabled, a sysctl option with name
8463 + "destroy_unused_shm" is created.
8465 +Linking restrictions
8466 +CONFIG_GRKERNSEC_LINK
8467 + If you say Y here, /tmp race exploits will be prevented, since users
8468 + will no longer be able to follow symlinks owned by other users in
8469 + world-writable +t directories (i.e. /tmp), unless the owner of the
8470 + symlink is the owner of the directory. users will also not be
8471 + able to hardlink to files they do not own. If the sysctl option is
8472 + enabled, a sysctl option with name "linking_restrictions" is created.
8475 +CONFIG_GRKERNSEC_FIFO
8476 + If you say Y here, users will not be able to write to FIFOs they don't
8477 + own in world-writable +t directories (i.e. /tmp), unless the owner of
8478 + the FIFO is the same owner of the directory it's held in. If the sysctl
8479 + option is enabled, a sysctl option with name "fifo_restrictions" is
8482 +Enforce RLIMIT_NPROC on execs
8483 +CONFIG_GRKERNSEC_EXECVE
8484 + If you say Y here, users with a resource limit on processes will
8485 + have the value checked during execve() calls. The current system
8486 + only checks the system limit during fork() calls. If the sysctl option
8487 + is enabled, a sysctl option with name "execve_limiting" is created.
8489 +Single group for auditing
8490 +CONFIG_GRKERNSEC_AUDIT_GROUP
8491 + If you say Y here, the exec, chdir, (un)mount, and ipc logging features
8492 + will only operate on a group you specify. This option is recommended
8493 + if you only want to watch certain users instead of having a large
8494 + amount of logs from the entire system. If the sysctl option is enabled,
8495 + a sysctl option with name "audit_group" is created.
8498 +CONFIG_GRKERNSEC_AUDIT_GID
8499 + Here you can choose the GID that will be the target of kernel auditing.
8500 + Remember to add the users you want to log to the GID specified here.
8501 + If the sysctl option is enabled, a sysctl option with name "audit_gid"
8505 +CONFIG_GRKERNSEC_AUDIT_CHDIR
8506 + If you say Y here, all chdir() calls will be logged. If the sysctl
8507 + option is enabled, a sysctl option with name "audit_chdir" is created.
8510 +CONFIG_GRKERNSEC_AUDIT_MOUNT
8511 + If you say Y here, all mounts and unmounts will be logged. If the
8512 + sysctl option is enabled, a sysctl option with name "audit_mount" is
8516 +CONFIG_GRKERNSEC_AUDIT_IPC
8517 + If you say Y here, creation and removal of message queues, semaphores,
8518 + and shared memory will be logged. If the sysctl option is enabled, a
8519 + sysctl option with name "audit_ipc" is created.
8522 +CONFIG_GRKERNSEC_EXECLOG
8523 + If you say Y here, all execve() calls will be logged (since the
8524 + other exec*() calls are frontends to execve(), all execution
8525 + will be logged). Useful for shell-servers that like to keep track
8526 + of their users. If the sysctl option is enabled, a sysctl option with
8527 + name "exec_logging" is created.
8528 + WARNING: This option when enabled will produce a LOT of logs, especially
8529 + on an active system.
8532 +CONFIG_GRKERNSEC_RESLOG
8533 + If you say Y here, all attempts to overstep resource limits will
8534 + be logged with the resource name, the requested size, and the current
8535 + limit. It is highly recommended that you say Y here. If the sysctl
8536 + option is enabled, a sysctl option with name "resource_logging" is
8537 + created. If the RBAC system is enabled, the sysctl value is ignored.
8540 +CONFIG_GRKERNSEC_SIGNAL
8541 + If you say Y here, certain important signals will be logged, such as
8542 + SIGSEGV, which will as a result inform you of when a error in a program
8543 + occurred, which in some cases could mean a possible exploit attempt.
8544 + If the sysctl option is enabled, a sysctl option with name
8545 + "signal_logging" is created.
8547 +Fork failure logging
8548 +CONFIG_GRKERNSEC_FORKFAIL
8549 + If you say Y here, all failed fork() attempts will be logged.
8550 + This could suggest a fork bomb, or someone attempting to overstep
8551 + their process limit. If the sysctl option is enabled, a sysctl option
8552 + with name "forkfail_logging" is created.
8554 +Time change logging
8555 +CONFIG_GRKERNSEC_TIME
8556 + If you say Y here, any changes of the system clock will be logged.
8557 + If the sysctl option is enabled, a sysctl option with name
8558 + "timechange_logging" is created.
8560 +ELF text relocations logging
8561 +CONFIG_GRKERNSEC_AUDIT_TEXTREL
8562 + If you say Y here, text relocations will be logged with the filename
8563 + of the offending library or binary. The purpose of the feature is
8564 + to help Linux distribution developers get rid of libraries and
8565 + binaries that need text relocations which hinder the future progress
8566 + of PaX. Only Linux distribution developers should say Y here, and
8567 + never on a production machine, as this option creates an information
8568 + leak that could aid an attacker in defeating the randomization of
8569 + a single memory region. If the sysctl option is enabled, a sysctl
8570 + option with name "audit_textrel" is created.
8572 +Chroot jail restrictions
8573 +CONFIG_GRKERNSEC_CHROOT
8574 + If you say Y here, you will be able to choose several options that will
8575 + make breaking out of a chrooted jail much more difficult. If you
8576 + encounter no software incompatibilities with the following options, it
8577 + is recommended that you enable each one.
8579 +Deny access to abstract AF_UNIX sockets out of chroot
8580 +CONFIG_GRKERNSEC_CHROOT_UNIX
8581 + If you say Y here, processes inside a chroot will not be able to
8582 + connect to abstract (meaning not belonging to a filesystem) Unix
8583 + domain sockets that were bound outside of a chroot. It is recommended
8584 + that you say Y here. If the sysctl option is enabled, a sysctl option
8585 + with name "chroot_deny_unix" is created.
8587 +Deny shmat() out of chroot
8588 +CONFIG_GRKERNSEC_CHROOT_SHMAT
8589 + If you say Y here, processes inside a chroot will not be able to attach
8590 + to shared memory segments that were created outside of the chroot jail.
8591 + It is recommended that you say Y here. If the sysctl option is enabled,
8592 + a sysctl option with name "chroot_deny_shmat" is created.
8594 +Protect outside processes
8595 +CONFIG_GRKERNSEC_CHROOT_FINDTASK
8596 + If you say Y here, processes inside a chroot will not be able to
8597 + kill, send signals with fcntl, ptrace, capget, getpgid, setpgid, getsid,
8598 + getsid, or view any process outside of the chroot. If the sysctl option
8599 + is enabled, a sysctl option with name "chroot_findtask" is created.
8601 +Deny mounts in chroot
8602 +CONFIG_GRKERNSEC_CHROOT_MOUNT
8603 + If you say Y here, processes inside a chroot will not be able to
8604 + mount or remount filesystems. If the sysctl option is enabled, a
8605 + sysctl option with name "chroot_deny_mount" is created.
8607 +Deny pivot_root in chroot
8608 +CONFIG_GRKERNSEC_CHROOT_PIVOT
8609 + If you say Y here, processes inside a chroot will not be able to use
8610 + a function called pivot_root() that was introduced in Linux 2.3.41. It
8611 + works similar to chroot in that it changes the root filesystem. This
8612 + function could be misused in a chrooted process to attempt to break out
8613 + of the chroot, and therefore should not be allowed. If the sysctl
8614 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
8617 +Deny double-chroots
8618 +CONFIG_GRKERNSEC_CHROOT_DOUBLE
8619 + If you say Y here, processes inside a chroot will not be able to chroot
8620 + again outside of the chroot. This is a widely used method of breaking
8621 + out of a chroot jail and should not be allowed. If the sysctl option
8622 + is enabled, a sysctl option with name "chroot_deny_chroot" is created.
8624 +Deny fchdir outside of chroot
8625 +CONFIG_GRKERNSEC_CHROOT_FCHDIR
8626 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
8627 + to a file descriptor of the chrooting process that points to a directory
8628 + outside the filesystem will be stopped. If the sysctl option
8629 + is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
8631 +Enforce chdir("/") on all chroots
8632 +CONFIG_GRKERNSEC_CHROOT_CHDIR
8633 + If you say Y here, the current working directory of all newly-chrooted
8634 + applications will be set to the the root directory of the chroot.
8635 + The man page on chroot(2) states:
8636 + Note that this call does not change the current working
8637 + directory, so that `.' can be outside the tree rooted at
8638 + `/'. In particular, the super-user can escape from a
8639 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
8641 + It is recommended that you say Y here, since it's not known to break
8642 + any software. If the sysctl option is enabled, a sysctl option with
8643 + name "chroot_enforce_chdir" is created.
8645 +Deny (f)chmod +s in chroot
8646 +CONFIG_GRKERNSEC_CHROOT_CHMOD
8647 + If you say Y here, processes inside a chroot will not be able to chmod
8648 + or fchmod files to make them have suid or sgid bits. This protects
8649 + against another published method of breaking a chroot. If the sysctl
8650 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
8653 +Deny mknod in chroot
8654 +CONFIG_GRKERNSEC_CHROOT_MKNOD
8655 + If you say Y here, processes inside a chroot will not be allowed to
8656 + mknod. The problem with using mknod inside a chroot is that it
8657 + would allow an attacker to create a device entry that is the same
8658 + as one on the physical root of your system, which could range from
8659 + anything from the console device to a device for your harddrive (which
8660 + they could then use to wipe the drive or steal data). It is recommended
8661 + that you say Y here, unless you run into software incompatibilities.
8662 + If the sysctl option is enabled, a sysctl option with name
8663 + "chroot_deny_mknod" is created.
8665 +Restrict priority changes in chroot
8666 +CONFIG_GRKERNSEC_CHROOT_NICE
8667 + If you say Y here, processes inside a chroot will not be able to raise
8668 + the priority of processes in the chroot, or alter the priority of
8669 + processes outside the chroot. This provides more security than simply
8670 + removing CAP_SYS_NICE from the process' capability set. If the
8671 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
8674 +Log all execs within chroot
8675 +CONFIG_GRKERNSEC_CHROOT_EXECLOG
8676 + If you say Y here, all executions inside a chroot jail will be logged
8677 + to syslog. This can cause a large amount of logs if certain
8678 + applications (eg. djb's daemontools) are installed on the system, and
8679 + is therefore left as an option. If the sysctl option is enabled, a
8680 + sysctl option with name "chroot_execlog" is created.
8682 +Deny sysctl writes in chroot
8683 +CONFIG_GRKERNSEC_CHROOT_SYSCTL
8684 + If you say Y here, an attacker in a chroot will not be able to
8685 + write to sysctl entries, either by sysctl(2) or through a /proc
8686 + interface. It is strongly recommended that you say Y here. If the
8687 + sysctl option is enabled, a sysctl option with name
8688 + "chroot_deny_sysctl" is created.
8690 +Chroot jail capability restrictions
8691 +CONFIG_GRKERNSEC_CHROOT_CAPS
8692 + If you say Y here, the capabilities on all root processes within a
8693 + chroot jail will be lowered to stop module insertion, raw i/o,
8694 + system and net admin tasks, rebooting the system, modifying immutable
8695 + files, modifying IPC owned by another, and changing the system time.
8696 + This is left an option because it can break some apps. Disable this
8697 + if your chrooted apps are having problems performing those kinds of
8698 + tasks. If the sysctl option is enabled, a sysctl option with
8699 + name "chroot_caps" is created.
8701 +Trusted path execution
8702 +CONFIG_GRKERNSEC_TPE
8703 + If you say Y here, you will be able to choose a gid to add to the
8704 + supplementary groups of users you want to mark as "untrusted."
8705 + These users will not be able to execute any files that are not in
8706 + root-owned directories writable only by root. If the sysctl option
8707 + is enabled, a sysctl option with name "tpe" is created.
8710 +CONFIG_GRKERNSEC_TPE_INVERT
8711 + If you say Y here, the group you specify in the TPE configuration will
8712 + decide what group TPE restrictions will be *disabled* for. This
8713 + option is useful if you want TPE restrictions to be applied to most
8714 + users on the system.
8716 +Group for trusted path execution
8717 +CONFIG_GRKERNSEC_TPE_GID
8718 + If you have selected the "Invert GID option" above, setting this
8719 + GID determines what group TPE restrictions will be *disabled* for.
8720 + If you have not selected the "Invert GID option" above, setting this
8721 + GID determines what group TPE restrictions will be *enabled* for.
8722 + If the sysctl option is enabled, a sysctl option with name "tpe_gid"
8725 +Partially restrict non-root users
8726 +CONFIG_GRKERNSEC_TPE_ALL
8727 + If you say Y here, All non-root users other than the ones in the
8728 + group specified in the main TPE option will only be allowed to
8729 + execute files in directories they own that are not group or
8730 + world-writable, or in directories owned by root and writable only by
8731 + root. If the sysctl option is enabled, a sysctl option with name
8732 + "tpe_restrict_all" is created.
8734 +Larger entropy pools
8735 +CONFIG_GRKERNSEC_RANDNET
8736 + If you say Y here, the entropy pools used for many features of Linux
8737 + and grsecurity will be doubled in size. Since several grsecurity
8738 + features use additional randomness, it is recommended that you say Y
8739 + here. Saying Y here has a similar effect as modifying
8740 + /proc/sys/kernel/random/poolsize.
8743 +CONFIG_GRKERNSEC_BLACKHOLE
8744 + If you say Y here, neither TCP resets nor ICMP
8745 + destination-unreachable packets will be sent in response to packets
8746 + send to ports for which no associated listening process exists.
8747 + This feature supports both IPV4 and IPV6 and exempts the
8748 + loopback interface from blackholing. Enabling this feature
8749 + makes a host more resilient to DoS attacks and reduces network
8750 + visibility against scanners.
8752 +Socket restrictions
8753 +CONFIG_GRKERNSEC_SOCKET
8754 + If you say Y here, you will be able to choose from several options.
8755 + If you assign a GID on your system and add it to the supplementary
8756 + groups of users you want to restrict socket access to, this patch
8757 + will perform up to three things, based on the option(s) you choose.
8759 +Deny all socket access
8760 +CONFIG_GRKERNSEC_SOCKET_ALL
8761 + If you say Y here, you will be able to choose a GID of whose users will
8762 + be unable to connect to other hosts from your machine or run server
8763 + applications from your machine. If the sysctl option is enabled, a
8764 + sysctl option with name "socket_all" is created.
8766 +Group for disabled socket access
8767 +CONFIG_GRKERNSEC_SOCKET_ALL_GID
8768 + Here you can choose the GID to disable socket access for. Remember to
8769 + add the users you want socket access disabled for to the GID
8770 + specified here. If the sysctl option is enabled, a sysctl option with
8771 + name "socket_all_gid" is created.
8773 +Deny all client socket access
8774 +CONFIG_GRKERNSEC_SOCKET_CLIENT
8775 + If you say Y here, you will be able to choose a GID of whose users will
8776 + be unable to connect to other hosts from your machine, but will be
8777 + able to run servers. If this option is enabled, all users in the group
8778 + you specify will have to use passive mode when initiating ftp transfers
8779 + from the shell on your machine. If the sysctl option is enabled, a
8780 + sysctl option with name "socket_client" is created.
8782 +Group for disabled client socket access
8783 +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID
8784 + Here you can choose the GID to disable client socket access for.
8785 + Remember to add the users you want client socket access disabled for to
8786 + the GID specified here. If the sysctl option is enabled, a sysctl
8787 + option with name "socket_client_gid" is created.
8789 +Deny all server socket access
8790 +CONFIG_GRKERNSEC_SOCKET_SERVER
8791 + If you say Y here, you will be able to choose a GID of whose users will
8792 + be unable to run server applications from your machine. If the sysctl
8793 + option is enabled, a sysctl option with name "socket_server" is created.
8795 +Group for disabled server socket access
8796 +CONFIG_GRKERNSEC_SOCKET_SERVER_GID
8797 + Here you can choose the GID to disable server socket access for.
8798 + Remember to add the users you want server socket access disabled for to
8799 + the GID specified here. If the sysctl option is enabled, a sysctl
8800 + option with name "socket_server_gid" is created.
8803 +CONFIG_GRKERNSEC_SYSCTL
8804 + If you say Y here, you will be able to change the options that
8805 + grsecurity runs with at bootup, without having to recompile your
8806 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
8807 + to enable (1) or disable (0) various features. All the sysctl entries
8808 + are mutable until the "grsec_lock" entry is set to a non-zero value.
8809 + All features enabled in the kernel configuration are disabled at boot
8810 + if you do not say Y to the "Turn on features by default" option.
8811 + All options should be set at startup, and the grsec_lock entry should
8812 + be set to a non-zero value after all the options are set.
8813 + *THIS IS EXTREMELY IMPORTANT*
8815 +Turn on features by default
8816 +CONFIG_GRKERNSEC_SYSCTL_ON
8817 + If you say Y here, instead of having all features enabled in the
8818 + kernel configuration disabled at boot time, the features will be
8819 + enabled at boot time. It is recommended you say Y here unless
8820 + there is some reason you would want all sysctl-tunable features to
8821 + be disabled by default. As mentioned elsewhere, it is important
8822 + to enable the grsec_lock entry once you have finished modifying
8823 + the sysctl entries.
8825 +Number of burst messages
8826 +CONFIG_GRKERNSEC_FLOODBURST
8827 + This option allows you to choose the maximum number of messages allowed
8828 + within the flood time interval you chose in a separate option. The
8829 + default should be suitable for most people, however if you find that
8830 + many of your logs are being interpreted as flooding, you may want to
8833 +Seconds in between log messages
8834 +CONFIG_GRKERNSEC_FLOODTIME
8835 + This option allows you to enforce the number of seconds between
8836 + grsecurity log messages. The default should be suitable for most
8837 + people, however, if you choose to change it, choose a value small enough
8838 + to allow informative logs to be produced, but large enough to
8841 +Disable RBAC system
8842 +CONFIG_GRKERNSEC_NO_RBAC
8843 + If you say Y here, the /dev/grsec device will be removed from the kernel,
8844 + preventing the RBAC system from being enabled. You should only say Y
8845 + here if you have no intention of using the RBAC system, so as to prevent
8846 + an attacker with root access from misusing the RBAC system to hide files
8847 + and processes when loadable module support and /dev/[k]mem have been
8850 +Hide kernel processes
8851 +CONFIG_GRKERNSEC_ACL_HIDEKERN
8852 + If you say Y here, all kernel threads will be hidden to all
8853 + processes but those whose subject has the "view hidden processes"
8856 +Maximum tries before password lockout
8857 +CONFIG_GRKERNSEC_ACL_MAXTRIES
8858 + This option enforces the maximum number of times a user can attempt
8859 + to authorize themselves with the grsecurity RBAC system before being
8860 + denied the ability to attempt authorization again for a specified time.
8861 + The lower the number, the harder it will be to brute-force a password.
8863 +Time to wait after max password tries, in seconds
8864 +CONFIG_GRKERNSEC_ACL_TIMEOUT
8865 + This option specifies the time the user must wait after attempting to
8866 + authorize to the RBAC system with the maximum number of invalid
8867 + passwords. The higher the number, the harder it will be to brute-force
8871 CONFIG_DCACHE_DISABLE
8872 This option allows you to run the kernel with data cache disabled.
8873 @@ -29158,6 +30085,42 @@ CONFIG_SOUND_WM97XX
8877 +Sanitize all freed memory
8878 +CONFIG_PAX_MEMORY_SANITIZE
8879 + By saying Y here the kernel will erase memory pages as soon as they
8880 + are freed. This in turn reduces the lifetime of data stored in the
8881 + pages, making it less likely that sensitive information such as
8882 + passwords, cryptographic secrets, etc stay in memory for too long.
8884 + This is especially useful for programs whose runtime is short, long
8885 + lived processes and the kernel itself benefit from this as long as
8886 + they operate on whole memory pages and ensure timely freeing of pages
8887 + that may hold sensitive information.
8889 + The tradeoff is performance impact, on a single CPU system kernel
8890 + compilation sees a 3% slowdown, other systems and workloads may vary
8891 + and you are advised to test this feature on your expected workload
8892 + before deploying it.
8894 + Note that this feature does not protect data stored in live pages,
8895 + e.g., process memory swapped to disk may stay there for a long time.
8897 +Prevent invalid userland pointer dereference
8898 +CONFIG_PAX_MEMORY_UDEREF
8899 + By saying Y here the kernel will be prevented from dereferencing
8900 + userland pointers in contexts where the kernel expects only kernel
8901 + pointers. This is both a useful runtime debugging feature and a
8902 + security measure that prevents exploiting a class of kernel bugs.
8904 + The tradeoff is that some virtualization solutions may experience
8905 + a huge slowdown and therefore you should not enable this feature
8906 + for kernels meant to run in such environments. Whether a given VM
8907 + solution is affected or not is best determined by simply trying it
8908 + out, the performance impact will be obvious right on boot as this
8909 + mechanism engages from very early on. A good rule of thumb is that
8910 + VMs running on CPUs without hardware virtualization support (i.e.,
8911 + the majority of IA-32 CPUs) will likely experience the slowdown.
8914 # A couple of things I keep forgetting:
8915 # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet,
8916 diff -urNp linux-2.4.37.7/Documentation/DocBook/mousedrivers.tmpl linux-2.4.37.7/Documentation/DocBook/mousedrivers.tmpl
8917 --- linux-2.4.37.7/Documentation/DocBook/mousedrivers.tmpl 2009-11-07 11:52:20.000000000 -0500
8918 +++ linux-2.4.37.7/Documentation/DocBook/mousedrivers.tmpl 2009-11-10 19:30:27.000000000 -0500
8919 @@ -248,7 +248,7 @@ void cleanup_module(void)
8923 -struct file_operations our_mouse_fops = {
8924 +const struct file_operations our_mouse_fops = {
8925 owner: THIS_MODULE, /* Automatic usage management */
8926 read: read_mouse, /* You can read a mouse */
8927 write: write_mouse, /* This won't do a lot */
8928 @@ -894,7 +894,7 @@ static void ourmouse_interrupt(int irq,
8932 -struct file_operations our_mouse_fops = {
8933 +const struct file_operations our_mouse_fops = {
8935 read: read_mouse, /* You can read a mouse */
8936 write: write_mouse, /* This won't do a lot */
8937 diff -urNp linux-2.4.37.7/drivers/acorn/char/i2c.c linux-2.4.37.7/drivers/acorn/char/i2c.c
8938 --- linux-2.4.37.7/drivers/acorn/char/i2c.c 2009-11-07 11:52:20.000000000 -0500
8939 +++ linux-2.4.37.7/drivers/acorn/char/i2c.c 2009-11-10 19:30:27.000000000 -0500
8940 @@ -200,7 +200,7 @@ static int rtc_ioctl(struct inode *inode
8944 -static struct file_operations rtc_fops = {
8945 +static const struct file_operations rtc_fops = {
8949 diff -urNp linux-2.4.37.7/drivers/acorn/char/mouse_ps2.c linux-2.4.37.7/drivers/acorn/char/mouse_ps2.c
8950 --- linux-2.4.37.7/drivers/acorn/char/mouse_ps2.c 2009-11-07 11:52:20.000000000 -0500
8951 +++ linux-2.4.37.7/drivers/acorn/char/mouse_ps2.c 2009-11-10 19:30:27.000000000 -0500
8952 @@ -249,7 +249,7 @@ static unsigned int aux_poll(struct file
8956 -struct file_operations psaux_fops = {
8957 +const struct file_operations psaux_fops = {
8961 diff -urNp linux-2.4.37.7/drivers/acpi/system.c linux-2.4.37.7/drivers/acpi/system.c
8962 --- linux-2.4.37.7/drivers/acpi/system.c 2009-11-07 11:52:20.000000000 -0500
8963 +++ linux-2.4.37.7/drivers/acpi/system.c 2009-11-10 19:30:27.000000000 -0500
8964 @@ -423,7 +423,7 @@ static int acpi_system_close_event(struc
8965 static unsigned int acpi_system_poll_event(struct file *file, poll_table *wait);
8968 -static struct file_operations acpi_system_event_ops = {
8969 +static const struct file_operations acpi_system_event_ops = {
8970 .open = acpi_system_open_event,
8971 .read = acpi_system_read_event,
8972 .release = acpi_system_close_event,
8973 @@ -519,7 +519,7 @@ acpi_system_poll_event(
8975 static ssize_t acpi_system_read_dsdt (struct file*, char*, size_t, loff_t*);
8977 -static struct file_operations acpi_system_dsdt_ops = {
8978 +static const struct file_operations acpi_system_dsdt_ops = {
8979 .read = acpi_system_read_dsdt,
8982 @@ -562,7 +562,7 @@ acpi_system_read_dsdt (
8984 static ssize_t acpi_system_read_fadt (struct file*, char*, size_t, loff_t*);
8986 -static struct file_operations acpi_system_fadt_ops = {
8987 +static const struct file_operations acpi_system_fadt_ops = {
8988 .read = acpi_system_read_fadt,
8991 diff -urNp linux-2.4.37.7/drivers/block/acsi_slm.c linux-2.4.37.7/drivers/block/acsi_slm.c
8992 --- linux-2.4.37.7/drivers/block/acsi_slm.c 2009-11-07 11:52:20.000000000 -0500
8993 +++ linux-2.4.37.7/drivers/block/acsi_slm.c 2009-11-10 19:30:27.000000000 -0500
8994 @@ -272,7 +272,7 @@ static int slm_get_pagesize( int device,
8996 static struct timer_list slm_timer = { function: slm_test_ready };
8998 -static struct file_operations slm_fops = {
8999 +static const struct file_operations slm_fops = {
9003 diff -urNp linux-2.4.37.7/drivers/block/genhd.c linux-2.4.37.7/drivers/block/genhd.c
9004 --- linux-2.4.37.7/drivers/block/genhd.c 2009-11-07 11:52:20.000000000 -0500
9005 +++ linux-2.4.37.7/drivers/block/genhd.c 2009-11-10 19:30:27.000000000 -0500
9006 @@ -226,7 +226,7 @@ static int part_show(struct seq_file *s,
9010 -struct seq_operations partitions_op = {
9011 +const struct seq_operations partitions_op = {
9012 .start = part_start,
9015 diff -urNp linux-2.4.37.7/drivers/block/loop.c linux-2.4.37.7/drivers/block/loop.c
9016 --- linux-2.4.37.7/drivers/block/loop.c 2009-11-07 11:52:20.000000000 -0500
9017 +++ linux-2.4.37.7/drivers/block/loop.c 2009-11-10 19:30:27.000000000 -0500
9018 @@ -176,7 +176,7 @@ static int lo_send(struct loop_device *l
9020 struct file *file = lo->lo_backing_file; /* kudos to NFsckingS */
9021 struct address_space *mapping = file->f_dentry->d_inode->i_mapping;
9022 - struct address_space_operations *aops = mapping->a_ops;
9023 + const struct address_space_operations *aops = mapping->a_ops;
9026 unsigned long index;
9027 @@ -650,7 +650,7 @@ static int loop_set_fd(struct loop_devic
9030 } else if (S_ISREG(inode->i_mode)) {
9031 - struct address_space_operations *aops = inode->i_mapping->a_ops;
9032 + const struct address_space_operations *aops = inode->i_mapping->a_ops;
9034 * If we can't read - sorry. If we only can't write - well,
9035 * it's going to be read-only.
9036 diff -urNp linux-2.4.37.7/drivers/block/paride/pg.c linux-2.4.37.7/drivers/block/paride/pg.c
9037 --- linux-2.4.37.7/drivers/block/paride/pg.c 2009-11-07 11:52:20.000000000 -0500
9038 +++ linux-2.4.37.7/drivers/block/paride/pg.c 2009-11-10 19:30:27.000000000 -0500
9039 @@ -261,7 +261,7 @@ static char pg_scratch[512];
9041 /* kernel glue structures */
9043 -static struct file_operations pg_fops = {
9044 +static const struct file_operations pg_fops = {
9048 diff -urNp linux-2.4.37.7/drivers/block/paride/pt.c linux-2.4.37.7/drivers/block/paride/pt.c
9049 --- linux-2.4.37.7/drivers/block/paride/pt.c 2009-11-07 11:52:20.000000000 -0500
9050 +++ linux-2.4.37.7/drivers/block/paride/pt.c 2009-11-10 19:30:27.000000000 -0500
9051 @@ -263,7 +263,7 @@ static char pt_scratch[512];
9053 /* kernel glue structures */
9055 -static struct file_operations pt_fops = {
9056 +static const struct file_operations pt_fops = {
9060 diff -urNp linux-2.4.37.7/drivers/block/rd.c linux-2.4.37.7/drivers/block/rd.c
9061 --- linux-2.4.37.7/drivers/block/rd.c 2009-11-07 11:52:20.000000000 -0500
9062 +++ linux-2.4.37.7/drivers/block/rd.c 2009-11-10 19:30:27.000000000 -0500
9063 @@ -151,7 +151,7 @@ static int ramdisk_commit_write(struct f
9067 -static struct address_space_operations ramdisk_aops = {
9068 +static const struct address_space_operations ramdisk_aops = {
9069 readpage: ramdisk_readpage,
9070 writepage: fail_writepage,
9071 prepare_write: ramdisk_prepare_write,
9072 @@ -352,7 +352,7 @@ static int initrd_release(struct inode *
9076 -static struct file_operations initrd_fops = {
9077 +static const struct file_operations initrd_fops = {
9079 release: initrd_release,
9081 diff -urNp linux-2.4.37.7/drivers/bluetooth/hci_vhci.c linux-2.4.37.7/drivers/bluetooth/hci_vhci.c
9082 --- linux-2.4.37.7/drivers/bluetooth/hci_vhci.c 2009-11-07 11:52:20.000000000 -0500
9083 +++ linux-2.4.37.7/drivers/bluetooth/hci_vhci.c 2009-11-10 19:30:27.000000000 -0500
9084 @@ -306,7 +306,7 @@ static int hci_vhci_chr_close(struct ino
9088 -static struct file_operations hci_vhci_fops = {
9089 +static const struct file_operations hci_vhci_fops = {
9091 llseek: hci_vhci_chr_lseek,
9092 read: hci_vhci_chr_read,
9093 diff -urNp linux-2.4.37.7/drivers/char/acquirewdt.c linux-2.4.37.7/drivers/char/acquirewdt.c
9094 --- linux-2.4.37.7/drivers/char/acquirewdt.c 2009-11-07 11:52:20.000000000 -0500
9095 +++ linux-2.4.37.7/drivers/char/acquirewdt.c 2009-11-10 19:30:27.000000000 -0500
9096 @@ -207,7 +207,7 @@ static int acq_notify_sys(struct notifie
9100 -static struct file_operations acq_fops = {
9101 +static const struct file_operations acq_fops = {
9105 diff -urNp linux-2.4.37.7/drivers/char/advantechwdt.c linux-2.4.37.7/drivers/char/advantechwdt.c
9106 --- linux-2.4.37.7/drivers/char/advantechwdt.c 2009-11-07 11:52:20.000000000 -0500
9107 +++ linux-2.4.37.7/drivers/char/advantechwdt.c 2009-11-10 19:30:27.000000000 -0500
9108 @@ -246,7 +246,7 @@ advwdt_notify_sys(struct notifier_block
9112 -static struct file_operations advwdt_fops = {
9113 +static const struct file_operations advwdt_fops = {
9116 write: advwdt_write,
9117 diff -urNp linux-2.4.37.7/drivers/char/agp/agpgart_fe.c linux-2.4.37.7/drivers/char/agp/agpgart_fe.c
9118 --- linux-2.4.37.7/drivers/char/agp/agpgart_fe.c 2009-11-07 11:52:20.000000000 -0500
9119 +++ linux-2.4.37.7/drivers/char/agp/agpgart_fe.c 2009-11-10 19:30:27.000000000 -0500
9120 @@ -1075,8 +1075,7 @@ ioctl_out:
9124 -static struct file_operations agp_fops =
9126 +static const struct file_operations agp_fops = {
9130 diff -urNp linux-2.4.37.7/drivers/char/alim1535d_wdt.c linux-2.4.37.7/drivers/char/alim1535d_wdt.c
9131 --- linux-2.4.37.7/drivers/char/alim1535d_wdt.c 2009-11-07 11:52:20.000000000 -0500
9132 +++ linux-2.4.37.7/drivers/char/alim1535d_wdt.c 2009-11-10 19:30:27.000000000 -0500
9133 @@ -302,7 +302,7 @@ static int __init ali_find_watchdog(void
9137 -static struct file_operations ali_fops = {
9138 +static const struct file_operations ali_fops = {
9142 diff -urNp linux-2.4.37.7/drivers/char/alim7101_wdt.c linux-2.4.37.7/drivers/char/alim7101_wdt.c
9143 --- linux-2.4.37.7/drivers/char/alim7101_wdt.c 2009-11-07 11:52:20.000000000 -0500
9144 +++ linux-2.4.37.7/drivers/char/alim7101_wdt.c 2009-11-10 19:30:27.000000000 -0500
9145 @@ -239,7 +239,7 @@ static int fop_ioctl(struct inode *inode
9149 -static struct file_operations wdt_fops = {
9150 +static const struct file_operations wdt_fops = {
9154 diff -urNp linux-2.4.37.7/drivers/char/amd768_rng.c linux-2.4.37.7/drivers/char/amd768_rng.c
9155 --- linux-2.4.37.7/drivers/char/amd768_rng.c 2009-11-07 11:52:20.000000000 -0500
9156 +++ linux-2.4.37.7/drivers/char/amd768_rng.c 2009-11-10 19:30:27.000000000 -0500
9157 @@ -167,7 +167,7 @@ static ssize_t rng_dev_read (struct file
9161 -static struct file_operations rng_chrdev_ops = {
9162 +static const struct file_operations rng_chrdev_ops = {
9165 release: rng_dev_release,
9166 diff -urNp linux-2.4.37.7/drivers/char/applicom.c linux-2.4.37.7/drivers/char/applicom.c
9167 --- linux-2.4.37.7/drivers/char/applicom.c 2009-11-07 11:52:20.000000000 -0500
9168 +++ linux-2.4.37.7/drivers/char/applicom.c 2009-11-10 19:30:27.000000000 -0500
9169 @@ -118,7 +118,7 @@ static int ac_ioctl(struct inode *, stru
9171 static void ac_interrupt(int, void *, struct pt_regs *);
9173 -static struct file_operations ac_fops = {
9174 +static const struct file_operations ac_fops = {
9178 diff -urNp linux-2.4.37.7/drivers/char/au1000_gpio.c linux-2.4.37.7/drivers/char/au1000_gpio.c
9179 --- linux-2.4.37.7/drivers/char/au1000_gpio.c 2009-11-07 11:52:20.000000000 -0500
9180 +++ linux-2.4.37.7/drivers/char/au1000_gpio.c 2009-11-10 19:30:27.000000000 -0500
9181 @@ -235,8 +235,7 @@ static int au1000gpio_ioctl(struct inode
9185 -static struct file_operations au1000gpio_fops =
9187 +static const struct file_operations au1000gpio_fops = {
9189 ioctl: au1000gpio_ioctl,
9190 open: au1000gpio_open,
9191 diff -urNp linux-2.4.37.7/drivers/char/au1000_ts.c linux-2.4.37.7/drivers/char/au1000_ts.c
9192 --- linux-2.4.37.7/drivers/char/au1000_ts.c 2009-11-07 11:52:20.000000000 -0500
9193 +++ linux-2.4.37.7/drivers/char/au1000_ts.c 2009-11-10 19:30:27.000000000 -0500
9194 @@ -587,7 +587,7 @@ au1000_release(struct inode * inode, str
9198 -static struct file_operations ts_fops = {
9199 +static const struct file_operations ts_fops = {
9202 ioctl: au1000_ioctl,
9203 diff -urNp linux-2.4.37.7/drivers/char/au1000_usbraw.c linux-2.4.37.7/drivers/char/au1000_usbraw.c
9204 --- linux-2.4.37.7/drivers/char/au1000_usbraw.c 2009-11-07 11:52:20.000000000 -0500
9205 +++ linux-2.4.37.7/drivers/char/au1000_usbraw.c 2009-11-10 19:30:27.000000000 -0500
9206 @@ -457,7 +457,7 @@ static int usbraw_ioctl(struct inode *in
9210 -static struct file_operations usbraw_fops = {
9211 +static const struct file_operations usbraw_fops = {
9213 write: usbraw_write,
9215 diff -urNp linux-2.4.37.7/drivers/char/briq_panel.c linux-2.4.37.7/drivers/char/briq_panel.c
9216 --- linux-2.4.37.7/drivers/char/briq_panel.c 2009-11-07 11:52:20.000000000 -0500
9217 +++ linux-2.4.37.7/drivers/char/briq_panel.c 2009-11-10 19:30:27.000000000 -0500
9218 @@ -168,7 +168,7 @@ static ssize_t do_write(struct file *fil
9222 -static struct file_operations vfd_fops = {
9223 +static const struct file_operations vfd_fops = {
9224 read: do_read, /* Read */
9225 write: do_write, /* Write */
9226 open: do_open, /* Open */
9227 diff -urNp linux-2.4.37.7/drivers/char/busmouse.c linux-2.4.37.7/drivers/char/busmouse.c
9228 --- linux-2.4.37.7/drivers/char/busmouse.c 2009-11-07 11:52:20.000000000 -0500
9229 +++ linux-2.4.37.7/drivers/char/busmouse.c 2009-11-10 19:30:27.000000000 -0500
9230 @@ -332,8 +332,7 @@ static unsigned int busmouse_poll(struct
9234 -struct file_operations busmouse_fops=
9236 +const struct file_operations busmouse_fops = {
9238 read: busmouse_read,
9239 write: busmouse_write,
9240 diff -urNp linux-2.4.37.7/drivers/char/defkeymap.c linux-2.4.37.7/drivers/char/defkeymap.c
9241 --- linux-2.4.37.7/drivers/char/defkeymap.c 2009-11-07 11:52:20.000000000 -0500
9242 +++ linux-2.4.37.7/drivers/char/defkeymap.c 2009-11-10 19:30:27.000000000 -0500
9243 @@ -18,47 +18,130 @@ u_short plain_map[NR_KEYS] = {
9244 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9245 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf03c, 0xf10a,
9246 0xf10b, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9247 - 0xf30e, 0xf702, 0xf30d, 0xf01c, 0xf701, 0xf205, 0xf114, 0xf603,
9248 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9249 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9250 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9251 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf210, 0xf211, 0xf20e,
9252 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9253 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9254 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9255 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9256 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9257 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9258 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9259 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9260 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9261 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9262 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9263 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9264 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9265 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9266 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9267 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9270 u_short shift_map[NR_KEYS] = {
9271 0xf200, 0xf01b, 0xf021, 0xf040, 0xf023, 0xf024, 0xf025, 0xf05e,
9272 - 0xf026, 0xf02a, 0xf028, 0xf029, 0xf05f, 0xf02b, 0xf07f, 0xf009,
9273 + 0xf026, 0xf02a, 0xf028, 0xf029, 0xf05f, 0xf02b, 0xf07f, 0xf809,
9274 0xfb51, 0xfb57, 0xfb45, 0xfb52, 0xfb54, 0xfb59, 0xfb55, 0xfb49,
9275 0xfb4f, 0xfb50, 0xf07b, 0xf07d, 0xf201, 0xf702, 0xfb41, 0xfb53,
9276 0xfb44, 0xfb46, 0xfb47, 0xfb48, 0xfb4a, 0xfb4b, 0xfb4c, 0xf03a,
9277 0xf022, 0xf07e, 0xf700, 0xf07c, 0xfb5a, 0xfb58, 0xfb43, 0xfb56,
9278 0xfb42, 0xfb4e, 0xfb4d, 0xf03c, 0xf03e, 0xf03f, 0xf700, 0xf30c,
9279 - 0xf703, 0xf020, 0xf207, 0xf10a, 0xf10b, 0xf10c, 0xf10d, 0xf10e,
9280 - 0xf10f, 0xf110, 0xf111, 0xf112, 0xf113, 0xf213, 0xf203, 0xf307,
9281 + 0xf703, 0xf020, 0xf207, 0xf10c, 0xf10d, 0xf10e, 0xf10f, 0xf110,
9282 + 0xf111, 0xf112, 0xf113, 0xf11e, 0xf11f, 0xf208, 0xf203, 0xf307,
9283 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9284 - 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf03e, 0xf10a,
9285 - 0xf10b, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9286 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf03e, 0xf120,
9287 + 0xf121, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9288 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9289 0xf20b, 0xf601, 0xf602, 0xf117, 0xf600, 0xf20a, 0xf115, 0xf116,
9290 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9291 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf206, 0xf206, 0xf210,
9292 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9293 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9294 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9295 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9296 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9297 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9298 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9299 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9300 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9301 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9302 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9303 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9304 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9305 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9306 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9307 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9310 u_short altgr_map[NR_KEYS] = {
9311 0xf200, 0xf200, 0xf200, 0xf040, 0xf200, 0xf024, 0xf200, 0xf200,
9312 0xf07b, 0xf05b, 0xf05d, 0xf07d, 0xf05c, 0xf200, 0xf200, 0xf200,
9313 - 0xfb71, 0xfb77, 0xf918, 0xfb72, 0xfb74, 0xfb79, 0xfb75, 0xfb69,
9314 - 0xfb6f, 0xfb70, 0xf200, 0xf07e, 0xf201, 0xf702, 0xf914, 0xfb73,
9315 - 0xf917, 0xf919, 0xfb67, 0xfb68, 0xfb6a, 0xfb6b, 0xfb6c, 0xf200,
9316 - 0xf200, 0xf200, 0xf700, 0xf200, 0xfb7a, 0xfb78, 0xf916, 0xfb76,
9317 - 0xf915, 0xfb6e, 0xfb6d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9318 + 0xfb71, 0xfb77, 0xfb65, 0xfb72, 0xfb74, 0xfb79, 0xfb75, 0xfb69,
9319 + 0xfb6f, 0xfb70, 0xf200, 0xf07e, 0xf201, 0xf702, 0xfb61, 0xfb73,
9320 + 0xfb64, 0xfb66, 0xfb67, 0xfb68, 0xfb6a, 0xfb6b, 0xfb6c, 0xf200,
9321 + 0xf200, 0xf200, 0xf700, 0xf200, 0xfb7a, 0xfb78, 0xfb63, 0xfb76,
9322 + 0xfb62, 0xfb6e, 0xfb6d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9323 0xf703, 0xf200, 0xf207, 0xf50c, 0xf50d, 0xf50e, 0xf50f, 0xf510,
9324 - 0xf511, 0xf512, 0xf513, 0xf514, 0xf515, 0xf208, 0xf202, 0xf911,
9325 - 0xf912, 0xf913, 0xf30b, 0xf90e, 0xf90f, 0xf910, 0xf30a, 0xf90b,
9326 - 0xf90c, 0xf90d, 0xf90a, 0xf310, 0xf206, 0xf200, 0xf07c, 0xf516,
9327 + 0xf511, 0xf512, 0xf513, 0xf514, 0xf515, 0xf208, 0xf202, 0xf307,
9328 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9329 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf07c, 0xf516,
9330 0xf517, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9331 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9332 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9333 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9334 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf211, 0xf210, 0xf211,
9335 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9336 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9337 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9338 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9339 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9340 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9341 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9342 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9343 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9344 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9345 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9346 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9347 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9348 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9349 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9350 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9353 +u_short shift_altgr_map[NR_KEYS] = {
9354 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9355 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9356 + 0xfb51, 0xfb57, 0xfb45, 0xfb52, 0xfb54, 0xfb59, 0xfb55, 0xfb49,
9357 + 0xfb4f, 0xfb50, 0xf200, 0xf200, 0xf201, 0xf702, 0xfb41, 0xfb53,
9358 + 0xfb44, 0xfb46, 0xfb47, 0xfb48, 0xfb4a, 0xfb4b, 0xfb4c, 0xf200,
9359 + 0xf200, 0xf200, 0xf700, 0xf200, 0xfb5a, 0xfb58, 0xfb43, 0xfb56,
9360 + 0xfb42, 0xfb4e, 0xfb4d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9361 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9362 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9363 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9364 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9365 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9366 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9367 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9368 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9369 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf20e, 0xf20e, 0xf206,
9370 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9371 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9372 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9373 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9374 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9375 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9376 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9377 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9378 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9379 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9380 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9381 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9382 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9383 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9384 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9385 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9388 @@ -70,15 +153,31 @@ u_short ctrl_map[NR_KEYS] = {
9389 0xf004, 0xf006, 0xf007, 0xf008, 0xf00a, 0xf00b, 0xf00c, 0xf200,
9390 0xf007, 0xf000, 0xf700, 0xf01c, 0xf01a, 0xf018, 0xf003, 0xf016,
9391 0xf002, 0xf00e, 0xf00d, 0xf200, 0xf20e, 0xf07f, 0xf700, 0xf30c,
9392 - 0xf703, 0xf000, 0xf207, 0xf100, 0xf101, 0xf102, 0xf103, 0xf104,
9393 - 0xf105, 0xf106, 0xf107, 0xf108, 0xf109, 0xf208, 0xf204, 0xf307,
9394 + 0xf703, 0xf000, 0xf207, 0xf122, 0xf123, 0xf124, 0xf125, 0xf126,
9395 + 0xf127, 0xf128, 0xf129, 0xf12a, 0xf12b, 0xf208, 0xf204, 0xf307,
9396 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9397 - 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf10a,
9398 - 0xf10b, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9399 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf12c,
9400 + 0xf12d, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9401 0xf30e, 0xf702, 0xf30d, 0xf01c, 0xf701, 0xf205, 0xf114, 0xf603,
9402 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9403 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9404 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9405 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9406 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9407 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9408 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9409 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9410 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9411 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9412 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9413 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9414 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9415 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9416 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9417 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9418 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9419 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9420 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9423 u_short shift_ctrl_map[NR_KEYS] = {
9424 @@ -88,6 +187,76 @@ u_short shift_ctrl_map[NR_KEYS] = {
9425 0xf00f, 0xf010, 0xf200, 0xf200, 0xf201, 0xf702, 0xf001, 0xf013,
9426 0xf004, 0xf006, 0xf007, 0xf008, 0xf00a, 0xf00b, 0xf00c, 0xf200,
9427 0xf200, 0xf200, 0xf700, 0xf200, 0xf01a, 0xf018, 0xf003, 0xf016,
9428 + 0xf002, 0xf00e, 0xf00d, 0xf200, 0xf200, 0xf07f, 0xf700, 0xf30c,
9429 + 0xf703, 0xf200, 0xf207, 0xf12e, 0xf12f, 0xf130, 0xf131, 0xf132,
9430 + 0xf133, 0xf134, 0xf135, 0xf136, 0xf137, 0xf208, 0xf200, 0xf307,
9431 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9432 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf138,
9433 + 0xf139, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9434 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9435 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9436 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9437 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9438 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9439 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9440 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9441 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9442 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9443 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9444 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9445 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9446 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9447 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9448 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9449 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9450 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9451 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9452 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9453 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9456 +u_short altgr_ctrl_map[NR_KEYS] = {
9457 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9458 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9459 + 0xf011, 0xf017, 0xf005, 0xf012, 0xf014, 0xf019, 0xf015, 0xf009,
9460 + 0xf00f, 0xf010, 0xf200, 0xf200, 0xf201, 0xf702, 0xf001, 0xf013,
9461 + 0xf004, 0xf006, 0xf007, 0xf008, 0xf00a, 0xf00b, 0xf00c, 0xf200,
9462 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf01a, 0xf018, 0xf003, 0xf016,
9463 + 0xf002, 0xf00e, 0xf00d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9464 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9465 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9466 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9467 + 0xf302, 0xf303, 0xf300, 0xf20c, 0xf206, 0xf200, 0xf200, 0xf200,
9468 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9469 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9470 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf20c,
9471 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9472 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9473 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9474 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9475 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9476 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9477 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9478 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9479 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9480 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9481 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9482 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9483 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9484 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9485 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9486 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9487 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9488 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9491 +u_short shift_altgr_ctrl_map[NR_KEYS] = {
9492 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9493 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9494 + 0xf011, 0xf017, 0xf005, 0xf012, 0xf014, 0xf019, 0xf015, 0xf009,
9495 + 0xf00f, 0xf010, 0xf200, 0xf200, 0xf201, 0xf702, 0xf001, 0xf013,
9496 + 0xf004, 0xf006, 0xf007, 0xf008, 0xf00a, 0xf00b, 0xf00c, 0xf200,
9497 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf01a, 0xf018, 0xf003, 0xf016,
9498 0xf002, 0xf00e, 0xf00d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9499 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9500 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9501 @@ -98,6 +267,22 @@ u_short shift_ctrl_map[NR_KEYS] = {
9502 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9503 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9504 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9505 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9506 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9507 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9508 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9509 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9510 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9511 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9512 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9513 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9514 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9515 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9516 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9517 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9518 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9519 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9520 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9523 u_short alt_map[NR_KEYS] = {
9524 @@ -117,6 +302,127 @@ u_short alt_map[NR_KEYS] = {
9525 0xf118, 0xf210, 0xf211, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9526 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9527 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9528 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9529 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9530 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9531 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9532 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9533 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9534 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9535 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9536 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9537 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9538 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9539 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9540 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9541 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9542 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9543 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9546 +u_short shift_alt_map[NR_KEYS] = {
9547 + 0xf200, 0xf200, 0xf821, 0xf840, 0xf823, 0xf824, 0xf825, 0xf85e,
9548 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9549 + 0xf851, 0xf857, 0xf845, 0xf852, 0xf854, 0xf859, 0xf855, 0xf849,
9550 + 0xf84f, 0xf850, 0xf87b, 0xf87d, 0xf201, 0xf702, 0xf841, 0xf853,
9551 + 0xf844, 0xf846, 0xf847, 0xf848, 0xf84a, 0xf84b, 0xf84c, 0xf200,
9552 + 0xf200, 0xf200, 0xf700, 0xf87c, 0xf85a, 0xf858, 0xf843, 0xf856,
9553 + 0xf842, 0xf84e, 0xf84d, 0xf83c, 0xf83e, 0xf200, 0xf700, 0xf30c,
9554 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9555 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9556 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9557 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9558 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9559 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9560 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9561 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9562 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9563 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9564 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9565 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9566 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9567 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9568 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9569 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9570 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9571 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9572 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9573 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9574 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9575 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9576 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9577 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9578 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9581 +u_short altgr_alt_map[NR_KEYS] = {
9582 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9583 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9584 + 0xf871, 0xf877, 0xf865, 0xf872, 0xf874, 0xf879, 0xf875, 0xf869,
9585 + 0xf86f, 0xf870, 0xf200, 0xf200, 0xf201, 0xf702, 0xf861, 0xf873,
9586 + 0xf864, 0xf866, 0xf867, 0xf868, 0xf86a, 0xf86b, 0xf86c, 0xf200,
9587 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf87a, 0xf878, 0xf863, 0xf876,
9588 + 0xf862, 0xf86e, 0xf86d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9589 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9590 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9591 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9592 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9593 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9594 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9595 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9596 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9597 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9598 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9599 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9600 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9601 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9602 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9603 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9604 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9605 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9606 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9607 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9608 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9609 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9610 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9611 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9612 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9613 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9616 +u_short shift_altgr_alt_map[NR_KEYS] = {
9617 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9618 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9619 + 0xf851, 0xf857, 0xf845, 0xf852, 0xf854, 0xf859, 0xf855, 0xf849,
9620 + 0xf84f, 0xf850, 0xf200, 0xf200, 0xf201, 0xf702, 0xf841, 0xf853,
9621 + 0xf844, 0xf846, 0xf847, 0xf848, 0xf84a, 0xf84b, 0xf84c, 0xf200,
9622 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf85a, 0xf858, 0xf843, 0xf856,
9623 + 0xf842, 0xf84e, 0xf84d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9624 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9625 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9626 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9627 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9628 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9629 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9630 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9631 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9632 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9633 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9634 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9635 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9636 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9637 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9638 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9639 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9640 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9641 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9642 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9643 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9644 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9645 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9646 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9647 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9648 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9651 u_short ctrl_alt_map[NR_KEYS] = {
9652 @@ -136,16 +442,137 @@ u_short ctrl_alt_map[NR_KEYS] = {
9653 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf20c,
9654 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9655 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9656 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9657 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9658 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9659 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9660 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9661 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9662 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9663 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9664 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9665 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9666 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9667 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9668 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9669 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9670 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9671 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9674 +u_short shift_ctrl_alt_map[NR_KEYS] = {
9675 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9676 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9677 + 0xf811, 0xf817, 0xf805, 0xf812, 0xf814, 0xf819, 0xf815, 0xf809,
9678 + 0xf80f, 0xf810, 0xf200, 0xf200, 0xf201, 0xf702, 0xf801, 0xf813,
9679 + 0xf804, 0xf806, 0xf807, 0xf808, 0xf80a, 0xf80b, 0xf80c, 0xf200,
9680 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf81a, 0xf818, 0xf803, 0xf816,
9681 + 0xf802, 0xf80e, 0xf80d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9682 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9683 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9684 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9685 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9686 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9687 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9688 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9689 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9690 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9691 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9692 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9693 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9694 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9695 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9696 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9697 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9698 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9699 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9700 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9701 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9702 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9703 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9704 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9705 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9706 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9709 +u_short altgr_ctrl_alt_map[NR_KEYS] = {
9710 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9711 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9712 + 0xf811, 0xf817, 0xf805, 0xf812, 0xf814, 0xf819, 0xf815, 0xf809,
9713 + 0xf80f, 0xf810, 0xf200, 0xf200, 0xf201, 0xf702, 0xf801, 0xf813,
9714 + 0xf804, 0xf806, 0xf807, 0xf808, 0xf80a, 0xf80b, 0xf80c, 0xf200,
9715 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf81a, 0xf818, 0xf803, 0xf816,
9716 + 0xf802, 0xf80e, 0xf80d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9717 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9718 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9719 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9720 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9721 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9722 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9723 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9724 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9725 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9726 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9727 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9728 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9729 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9730 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9731 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9732 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9733 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9734 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9735 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9736 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9737 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9738 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9739 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9740 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9741 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9744 +u_short shift_altgr_ctrl_alt_map[NR_KEYS] = {
9745 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9746 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9747 + 0xf811, 0xf817, 0xf805, 0xf812, 0xf814, 0xf819, 0xf815, 0xf809,
9748 + 0xf80f, 0xf810, 0xf200, 0xf200, 0xf201, 0xf702, 0xf801, 0xf813,
9749 + 0xf804, 0xf806, 0xf807, 0xf808, 0xf80a, 0xf80b, 0xf80c, 0xf200,
9750 + 0xf200, 0xf200, 0xf700, 0xf200, 0xf81a, 0xf818, 0xf803, 0xf816,
9751 + 0xf802, 0xf80e, 0xf80d, 0xf200, 0xf200, 0xf200, 0xf700, 0xf30c,
9752 + 0xf703, 0xf200, 0xf207, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9753 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf208, 0xf200, 0xf307,
9754 + 0xf308, 0xf309, 0xf30b, 0xf304, 0xf305, 0xf306, 0xf30a, 0xf301,
9755 + 0xf302, 0xf303, 0xf300, 0xf310, 0xf206, 0xf200, 0xf200, 0xf200,
9756 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9757 + 0xf30e, 0xf702, 0xf30d, 0xf200, 0xf701, 0xf205, 0xf114, 0xf603,
9758 + 0xf118, 0xf601, 0xf602, 0xf117, 0xf600, 0xf119, 0xf115, 0xf116,
9759 + 0xf11a, 0xf10c, 0xf10d, 0xf11b, 0xf11c, 0xf110, 0xf311, 0xf11d,
9760 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9761 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9762 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9763 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9764 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9765 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9766 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9767 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9768 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9769 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9770 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9771 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9772 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9773 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9774 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9775 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9776 + 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200, 0xf200,
9779 ushort *key_maps[MAX_NR_KEYMAPS] = {
9780 - plain_map, shift_map, altgr_map, 0,
9781 - ctrl_map, shift_ctrl_map, 0, 0,
9784 + plain_map, shift_map, altgr_map, shift_altgr_map,
9785 + ctrl_map, shift_ctrl_map, altgr_ctrl_map, shift_altgr_ctrl_map,
9786 + alt_map, shift_alt_map, altgr_alt_map, shift_altgr_alt_map,
9787 + ctrl_alt_map, shift_ctrl_alt_map, altgr_ctrl_alt_map, shift_altgr_ctrl_alt_map, 0
9790 -unsigned int keymap_count = 7;
9791 +unsigned int keymap_count = 16;
9794 * Philosophy: most people do not define more strings, but they who do
9795 diff -urNp linux-2.4.37.7/drivers/char/drm/drm_drv.h linux-2.4.37.7/drivers/char/drm/drm_drv.h
9796 --- linux-2.4.37.7/drivers/char/drm/drm_drv.h 2009-11-07 11:52:20.000000000 -0500
9797 +++ linux-2.4.37.7/drivers/char/drm/drm_drv.h 2009-11-10 19:30:27.000000000 -0500
9801 #define DRIVER_FOPS \
9802 -static struct file_operations DRM(fops) = { \
9803 +static const struct file_operations DRM(fops) = { \
9804 .owner = THIS_MODULE, \
9805 .open = DRM(open), \
9806 .flush = DRM(flush), \
9807 diff -urNp linux-2.4.37.7/drivers/char/drm/drm_stub.h linux-2.4.37.7/drivers/char/drm/drm_stub.h
9808 --- linux-2.4.37.7/drivers/char/drm/drm_stub.h 2009-11-07 11:52:20.000000000 -0500
9809 +++ linux-2.4.37.7/drivers/char/drm/drm_stub.h 2009-11-10 19:30:27.000000000 -0500
9810 @@ -65,7 +65,7 @@ static int DRM(stub_open)(struct inode *
9814 -static struct file_operations DRM(stub_fops) = {
9815 +static const struct file_operations DRM(stub_fops) = {
9816 .owner = THIS_MODULE,
9817 .open = DRM(stub_open)
9819 diff -urNp linux-2.4.37.7/drivers/char/drm/drm_vm.h linux-2.4.37.7/drivers/char/drm/drm_vm.h
9820 --- linux-2.4.37.7/drivers/char/drm/drm_vm.h 2009-11-07 11:52:20.000000000 -0500
9821 +++ linux-2.4.37.7/drivers/char/drm/drm_vm.h 2009-11-10 19:30:27.000000000 -0500
9826 -struct vm_operations_struct DRM(vm_ops) = {
9827 +const struct vm_operations_struct DRM(vm_ops) = {
9828 nopage: DRM(vm_nopage),
9830 close: DRM(vm_close),
9833 -struct vm_operations_struct DRM(vm_shm_ops) = {
9834 +const struct vm_operations_struct DRM(vm_shm_ops) = {
9835 nopage: DRM(vm_shm_nopage),
9837 close: DRM(vm_shm_close),
9840 -struct vm_operations_struct DRM(vm_dma_ops) = {
9841 +const struct vm_operations_struct DRM(vm_dma_ops) = {
9842 nopage: DRM(vm_dma_nopage),
9844 close: DRM(vm_close),
9847 -struct vm_operations_struct DRM(vm_sg_ops) = {
9848 +const struct vm_operations_struct DRM(vm_sg_ops) = {
9849 nopage: DRM(vm_sg_nopage),
9851 close: DRM(vm_close),
9852 diff -urNp linux-2.4.37.7/drivers/char/drm/ffb_drv.c linux-2.4.37.7/drivers/char/drm/ffb_drv.c
9853 --- linux-2.4.37.7/drivers/char/drm/ffb_drv.c 2009-11-07 11:52:20.000000000 -0500
9854 +++ linux-2.4.37.7/drivers/char/drm/ffb_drv.c 2009-11-10 19:30:27.000000000 -0500
9856 #define DRIVER_PATCHLEVEL 1
9858 #define DRIVER_FOPS \
9859 -static struct file_operations DRM(fops) = { \
9860 +static const struct file_operations DRM(fops) = { \
9861 owner: THIS_MODULE, \
9863 flush: DRM(flush), \
9864 diff -urNp linux-2.4.37.7/drivers/char/drm/i810_dma.c linux-2.4.37.7/drivers/char/drm/i810_dma.c
9865 --- linux-2.4.37.7/drivers/char/drm/i810_dma.c 2009-11-07 11:52:20.000000000 -0500
9866 +++ linux-2.4.37.7/drivers/char/drm/i810_dma.c 2009-11-10 19:30:27.000000000 -0500
9867 @@ -131,7 +131,7 @@ static int i810_freelist_put(drm_device_
9871 -static struct file_operations i810_buffer_fops = {
9872 +static const struct file_operations i810_buffer_fops = {
9874 .flush = DRM(flush),
9875 .release = DRM(release),
9876 diff -urNp linux-2.4.37.7/drivers/char/drm/i830_dma.c linux-2.4.37.7/drivers/char/drm/i830_dma.c
9877 --- linux-2.4.37.7/drivers/char/drm/i830_dma.c 2009-11-07 11:52:20.000000000 -0500
9878 +++ linux-2.4.37.7/drivers/char/drm/i830_dma.c 2009-11-10 19:30:27.000000000 -0500
9879 @@ -120,7 +120,7 @@ static int i830_freelist_put(drm_device_
9883 -static struct file_operations i830_buffer_fops = {
9884 +static const struct file_operations i830_buffer_fops = {
9886 .flush = DRM(flush),
9887 .release = DRM(release),
9888 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/ffb_drv.c linux-2.4.37.7/drivers/char/drm-4.0/ffb_drv.c
9889 --- linux-2.4.37.7/drivers/char/drm-4.0/ffb_drv.c 2009-11-07 11:52:20.000000000 -0500
9890 +++ linux-2.4.37.7/drivers/char/drm-4.0/ffb_drv.c 2009-11-10 19:30:27.000000000 -0500
9891 @@ -47,7 +47,7 @@ extern int ffb_newctx(struct inode *, st
9892 extern int ffb_rmctx(struct inode *, struct file *, unsigned int, unsigned long);
9893 extern int ffb_context_switch(drm_device_t *, int, int);
9895 -static struct file_operations ffb_fops = {
9896 +static const struct file_operations ffb_fops = {
9900 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/gamma_drv.c linux-2.4.37.7/drivers/char/drm-4.0/gamma_drv.c
9901 --- linux-2.4.37.7/drivers/char/drm-4.0/gamma_drv.c 2009-11-07 11:52:20.000000000 -0500
9902 +++ linux-2.4.37.7/drivers/char/drm-4.0/gamma_drv.c 2009-11-10 19:30:27.000000000 -0500
9905 static drm_device_t gamma_device;
9907 -static struct file_operations gamma_fops = {
9908 +static const struct file_operations gamma_fops = {
9909 #if LINUX_VERSION_CODE >= 0x020400
9910 /* This started being used during 2.4.0-test */
9912 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/i810_dma.c linux-2.4.37.7/drivers/char/drm-4.0/i810_dma.c
9913 --- linux-2.4.37.7/drivers/char/drm-4.0/i810_dma.c 2009-11-07 11:52:20.000000000 -0500
9914 +++ linux-2.4.37.7/drivers/char/drm-4.0/i810_dma.c 2009-11-10 19:30:27.000000000 -0500
9915 @@ -143,7 +143,7 @@ static int i810_freelist_put(drm_device_
9919 -static struct file_operations i810_buffer_fops = {
9920 +static const struct file_operations i810_buffer_fops = {
9923 release: i810_release,
9924 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/i810_drv.c linux-2.4.37.7/drivers/char/drm-4.0/i810_drv.c
9925 --- linux-2.4.37.7/drivers/char/drm-4.0/i810_drv.c 2009-11-07 11:52:20.000000000 -0500
9926 +++ linux-2.4.37.7/drivers/char/drm-4.0/i810_drv.c 2009-11-10 19:30:27.000000000 -0500
9928 static drm_device_t i810_device;
9929 drm_ctx_t i810_res_ctx;
9931 -static struct file_operations i810_fops = {
9932 +static const struct file_operations i810_fops = {
9933 #if LINUX_VERSION_CODE >= 0x020400
9934 /* This started being used during 2.4.0-test */
9936 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/mga_drv.c linux-2.4.37.7/drivers/char/drm-4.0/mga_drv.c
9937 --- linux-2.4.37.7/drivers/char/drm-4.0/mga_drv.c 2009-11-07 11:52:20.000000000 -0500
9938 +++ linux-2.4.37.7/drivers/char/drm-4.0/mga_drv.c 2009-11-10 19:30:27.000000000 -0500
9940 static drm_device_t mga_device;
9941 drm_ctx_t mga_res_ctx;
9943 -static struct file_operations mga_fops = {
9944 +static const struct file_operations mga_fops = {
9945 #if LINUX_VERSION_CODE >= 0x020400
9946 /* This started being used during 2.4.0-test */
9948 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/r128_drv.c linux-2.4.37.7/drivers/char/drm-4.0/r128_drv.c
9949 --- linux-2.4.37.7/drivers/char/drm-4.0/r128_drv.c 2009-11-07 11:52:20.000000000 -0500
9950 +++ linux-2.4.37.7/drivers/char/drm-4.0/r128_drv.c 2009-11-10 19:30:27.000000000 -0500
9952 static drm_device_t r128_device;
9953 drm_ctx_t r128_res_ctx;
9955 -static struct file_operations r128_fops = {
9956 +static const struct file_operations r128_fops = {
9957 #if LINUX_VERSION_CODE >= 0x020400
9958 /* This started being used during 2.4.0-test */
9960 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/radeon_drv.c linux-2.4.37.7/drivers/char/drm-4.0/radeon_drv.c
9961 --- linux-2.4.37.7/drivers/char/drm-4.0/radeon_drv.c 2009-11-07 11:52:20.000000000 -0500
9962 +++ linux-2.4.37.7/drivers/char/drm-4.0/radeon_drv.c 2009-11-10 19:30:27.000000000 -0500
9964 static drm_device_t radeon_device;
9965 drm_ctx_t radeon_res_ctx;
9967 -static struct file_operations radeon_fops = {
9968 +static const struct file_operations radeon_fops = {
9969 #if LINUX_VERSION_CODE >= 0x020400
9970 /* This started being used during 2.4.0-test */
9972 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/tdfx_drv.c linux-2.4.37.7/drivers/char/drm-4.0/tdfx_drv.c
9973 --- linux-2.4.37.7/drivers/char/drm-4.0/tdfx_drv.c 2009-11-07 11:52:20.000000000 -0500
9974 +++ linux-2.4.37.7/drivers/char/drm-4.0/tdfx_drv.c 2009-11-10 19:30:27.000000000 -0500
9976 static drm_device_t tdfx_device;
9977 drm_ctx_t tdfx_res_ctx;
9979 -static struct file_operations tdfx_fops = {
9980 +static const struct file_operations tdfx_fops = {
9981 #if LINUX_VERSION_CODE >= 0x020400
9982 /* This started being used during 2.4.0-test */
9984 diff -urNp linux-2.4.37.7/drivers/char/drm-4.0/vm.c linux-2.4.37.7/drivers/char/drm-4.0/vm.c
9985 --- linux-2.4.37.7/drivers/char/drm-4.0/vm.c 2009-11-07 11:52:20.000000000 -0500
9986 +++ linux-2.4.37.7/drivers/char/drm-4.0/vm.c 2009-11-10 19:30:27.000000000 -0500
9988 #define __NO_VERSION__
9991 -struct vm_operations_struct drm_vm_ops = {
9992 +const struct vm_operations_struct drm_vm_ops = {
9993 nopage: drm_vm_nopage,
9995 close: drm_vm_close,
9998 -struct vm_operations_struct drm_vm_shm_ops = {
9999 +const struct vm_operations_struct drm_vm_shm_ops = {
10000 nopage: drm_vm_shm_nopage,
10002 close: drm_vm_close,
10005 -struct vm_operations_struct drm_vm_shm_lock_ops = {
10006 +const struct vm_operations_struct drm_vm_shm_lock_ops = {
10007 nopage: drm_vm_shm_nopage_lock,
10009 close: drm_vm_close,
10012 -struct vm_operations_struct drm_vm_dma_ops = {
10013 +const struct vm_operations_struct drm_vm_dma_ops = {
10014 nopage: drm_vm_dma_nopage,
10016 close: drm_vm_close,
10017 diff -urNp linux-2.4.37.7/drivers/char/ds1286.c linux-2.4.37.7/drivers/char/ds1286.c
10018 --- linux-2.4.37.7/drivers/char/ds1286.c 2009-11-07 11:52:20.000000000 -0500
10019 +++ linux-2.4.37.7/drivers/char/ds1286.c 2009-11-10 19:30:27.000000000 -0500
10020 @@ -280,7 +280,7 @@ static unsigned int ds1286_poll(struct f
10021 * The various file operations we support.
10024 -static struct file_operations ds1286_fops = {
10025 +static const struct file_operations ds1286_fops = {
10026 .llseek = no_llseek,
10027 .read = ds1286_read,
10028 .poll = ds1286_poll,
10029 diff -urNp linux-2.4.37.7/drivers/char/ds1620.c linux-2.4.37.7/drivers/char/ds1620.c
10030 --- linux-2.4.37.7/drivers/char/ds1620.c 2009-11-07 11:52:20.000000000 -0500
10031 +++ linux-2.4.37.7/drivers/char/ds1620.c 2009-11-10 19:30:27.000000000 -0500
10032 @@ -336,7 +336,7 @@ proc_therm_ds1620_read(char *buf, char *
10033 static struct proc_dir_entry *proc_therm_ds1620;
10036 -static struct file_operations ds1620_fops = {
10037 +static const struct file_operations ds1620_fops = {
10038 owner: THIS_MODULE,
10040 ioctl: ds1620_ioctl,
10041 diff -urNp linux-2.4.37.7/drivers/char/ds1742.c linux-2.4.37.7/drivers/char/ds1742.c
10042 --- linux-2.4.37.7/drivers/char/ds1742.c 2009-11-07 11:52:20.000000000 -0500
10043 +++ linux-2.4.37.7/drivers/char/ds1742.c 2009-11-10 19:30:27.000000000 -0500
10044 @@ -312,7 +312,7 @@ static int ds1742_release(struct inode *
10048 -static struct file_operations ds1742_fops = {
10049 +static const struct file_operations ds1742_fops = {
10052 ioctl:ds1742_ioctl,
10053 diff -urNp linux-2.4.37.7/drivers/char/dsp56k.c linux-2.4.37.7/drivers/char/dsp56k.c
10054 --- linux-2.4.37.7/drivers/char/dsp56k.c 2009-11-07 11:52:20.000000000 -0500
10055 +++ linux-2.4.37.7/drivers/char/dsp56k.c 2009-11-10 19:30:27.000000000 -0500
10056 @@ -488,7 +488,7 @@ static int dsp56k_release(struct inode *
10060 -static struct file_operations dsp56k_fops = {
10061 +static const struct file_operations dsp56k_fops = {
10062 owner: THIS_MODULE,
10064 write: dsp56k_write,
10065 diff -urNp linux-2.4.37.7/drivers/char/dtlk.c linux-2.4.37.7/drivers/char/dtlk.c
10066 --- linux-2.4.37.7/drivers/char/dtlk.c 2009-11-07 11:52:20.000000000 -0500
10067 +++ linux-2.4.37.7/drivers/char/dtlk.c 2009-11-10 19:30:27.000000000 -0500
10068 @@ -97,8 +97,7 @@ static int dtlk_release(struct inode *,
10069 static int dtlk_ioctl(struct inode *inode, struct file *file,
10070 unsigned int cmd, unsigned long arg);
10072 -static struct file_operations dtlk_fops =
10074 +static const struct file_operations dtlk_fops = {
10075 owner: THIS_MODULE,
10078 diff -urNp linux-2.4.37.7/drivers/char/efirtc.c linux-2.4.37.7/drivers/char/efirtc.c
10079 --- linux-2.4.37.7/drivers/char/efirtc.c 2009-11-07 11:52:20.000000000 -0500
10080 +++ linux-2.4.37.7/drivers/char/efirtc.c 2009-11-10 19:30:27.000000000 -0500
10081 @@ -282,7 +282,7 @@ efi_rtc_close(struct inode *inode, struc
10082 * The various file operations we support.
10085 -static struct file_operations efi_rtc_fops = {
10086 +static const struct file_operations efi_rtc_fops = {
10087 owner: THIS_MODULE,
10088 ioctl: efi_rtc_ioctl,
10089 open: efi_rtc_open,
10090 diff -urNp linux-2.4.37.7/drivers/char/eurotechwdt.c linux-2.4.37.7/drivers/char/eurotechwdt.c
10091 --- linux-2.4.37.7/drivers/char/eurotechwdt.c 2009-11-07 11:52:20.000000000 -0500
10092 +++ linux-2.4.37.7/drivers/char/eurotechwdt.c 2009-11-10 19:30:27.000000000 -0500
10093 @@ -386,7 +386,7 @@ static int eurwdt_notify_sys(struct noti
10097 -static struct file_operations eurwdt_fops = {
10098 +static const struct file_operations eurwdt_fops = {
10099 owner: THIS_MODULE,
10101 write: eurwdt_write,
10102 diff -urNp linux-2.4.37.7/drivers/char/fetchop.c linux-2.4.37.7/drivers/char/fetchop.c
10103 --- linux-2.4.37.7/drivers/char/fetchop.c 2009-11-07 11:52:20.000000000 -0500
10104 +++ linux-2.4.37.7/drivers/char/fetchop.c 2009-11-10 19:30:27.000000000 -0500
10105 @@ -75,7 +75,7 @@ static int fetchop_mmap(struct file *fil
10106 static void fetchop_open(struct vm_area_struct *vma);
10107 static void fetchop_close(struct vm_area_struct *vma);
10109 -static struct file_operations fetchop_fops = {
10110 +static const struct file_operations fetchop_fops = {
10111 owner: THIS_MODULE,
10112 mmap: fetchop_mmap,
10114 @@ -86,7 +86,7 @@ static struct miscdevice fetchop_miscdev
10118 -static struct vm_operations_struct fetchop_vm_ops = {
10119 +static const struct vm_operations_struct fetchop_vm_ops = {
10120 open: fetchop_open,
10121 close: fetchop_close,
10123 diff -urNp linux-2.4.37.7/drivers/char/ftape/zftape/zftape-init.c linux-2.4.37.7/drivers/char/ftape/zftape/zftape-init.c
10124 --- linux-2.4.37.7/drivers/char/ftape/zftape/zftape-init.c 2009-11-07 11:52:20.000000000 -0500
10125 +++ linux-2.4.37.7/drivers/char/ftape/zftape/zftape-init.c 2009-11-10 19:30:27.000000000 -0500
10126 @@ -94,8 +94,7 @@ static ssize_t zft_read (struct file *fp
10127 static ssize_t zft_write(struct file *fp, const char *buff,
10128 size_t req_len, loff_t *ppos);
10130 -static struct file_operations zft_cdev =
10132 +static const struct file_operations zft_cdev = {
10133 owner: THIS_MODULE,
10136 @@ -205,7 +204,7 @@ static int zft_mmap(struct file *filep,
10138 if ((result = ftape_mmap(vma)) >= 0) {
10139 #ifndef MSYNC_BUG_WAS_FIXED
10140 - static struct vm_operations_struct dummy = { NULL, };
10141 + static const struct vm_operations_struct dummy = { NULL, };
10142 vma->vm_ops = &dummy;
10145 diff -urNp linux-2.4.37.7/drivers/char/genrtc.c linux-2.4.37.7/drivers/char/genrtc.c
10146 --- linux-2.4.37.7/drivers/char/genrtc.c 2009-11-07 11:52:20.000000000 -0500
10147 +++ linux-2.4.37.7/drivers/char/genrtc.c 2009-11-10 19:30:27.000000000 -0500
10148 @@ -476,7 +476,7 @@ static int gen_rtc_read_proc(char *page,
10149 * The various file operations we support.
10152 -static struct file_operations gen_rtc_fops = {
10153 +static const struct file_operations gen_rtc_fops = {
10154 .owner = THIS_MODULE,
10155 #ifdef CONFIG_GEN_RTC_X
10156 .read = gen_rtc_read,
10157 diff -urNp linux-2.4.37.7/drivers/char/geodewdt.c linux-2.4.37.7/drivers/char/geodewdt.c
10158 --- linux-2.4.37.7/drivers/char/geodewdt.c 2009-11-07 11:52:20.000000000 -0500
10159 +++ linux-2.4.37.7/drivers/char/geodewdt.c 2009-11-10 19:30:27.000000000 -0500
10160 @@ -183,7 +183,7 @@ static int geodewdt_notify_sys(struct no
10161 return NOTIFY_DONE;
10164 -static struct file_operations geodewdt_fops = {
10165 +static const struct file_operations geodewdt_fops = {
10166 .owner = THIS_MODULE,
10167 .llseek = no_llseek,
10168 .write = geodewdt_write,
10169 diff -urNp linux-2.4.37.7/drivers/char/hp_psaux.c linux-2.4.37.7/drivers/char/hp_psaux.c
10170 --- linux-2.4.37.7/drivers/char/hp_psaux.c 2009-11-07 11:52:20.000000000 -0500
10171 +++ linux-2.4.37.7/drivers/char/hp_psaux.c 2009-11-10 19:30:27.000000000 -0500
10172 @@ -414,7 +414,7 @@ static int release_aux(struct inode * in
10176 -static struct file_operations psaux_fops = {
10177 +static const struct file_operations psaux_fops = {
10181 diff -urNp linux-2.4.37.7/drivers/char/hw_random.c linux-2.4.37.7/drivers/char/hw_random.c
10182 --- linux-2.4.37.7/drivers/char/hw_random.c 2009-11-07 11:52:20.000000000 -0500
10183 +++ linux-2.4.37.7/drivers/char/hw_random.c 2009-11-10 19:30:27.000000000 -0500
10184 @@ -106,7 +106,7 @@ struct rng_operations {
10186 static struct rng_operations *rng_ops;
10188 -static struct file_operations rng_chrdev_ops = {
10189 +static const struct file_operations rng_chrdev_ops = {
10190 .owner = THIS_MODULE,
10191 .open = rng_dev_open,
10192 .read = rng_dev_read,
10193 diff -urNp linux-2.4.37.7/drivers/char/i810_rng.c linux-2.4.37.7/drivers/char/i810_rng.c
10194 --- linux-2.4.37.7/drivers/char/i810_rng.c 2009-11-07 11:52:20.000000000 -0500
10195 +++ linux-2.4.37.7/drivers/char/i810_rng.c 2009-11-10 19:30:27.000000000 -0500
10196 @@ -260,7 +260,7 @@ static ssize_t rng_dev_read (struct file
10200 -static struct file_operations rng_chrdev_ops = {
10201 +static const struct file_operations rng_chrdev_ops = {
10202 owner: THIS_MODULE,
10203 open: rng_dev_open,
10204 release: rng_dev_release,
10205 diff -urNp linux-2.4.37.7/drivers/char/i810-tco.c linux-2.4.37.7/drivers/char/i810-tco.c
10206 --- linux-2.4.37.7/drivers/char/i810-tco.c 2009-11-07 11:52:20.000000000 -0500
10207 +++ linux-2.4.37.7/drivers/char/i810-tco.c 2009-11-10 19:30:27.000000000 -0500
10208 @@ -376,7 +376,7 @@ static unsigned char __init i810tco_getd
10212 -static struct file_operations i810tco_fops = {
10213 +static const struct file_operations i810tco_fops = {
10214 owner: THIS_MODULE,
10215 write: i810tco_write,
10216 ioctl: i810tco_ioctl,
10217 diff -urNp linux-2.4.37.7/drivers/char/i8k.c linux-2.4.37.7/drivers/char/i8k.c
10218 --- linux-2.4.37.7/drivers/char/i8k.c 2009-11-07 11:52:20.000000000 -0500
10219 +++ linux-2.4.37.7/drivers/char/i8k.c 2009-11-10 19:30:27.000000000 -0500
10220 @@ -112,7 +112,7 @@ static int i8k_ioctl(struct inode *, str
10222 static void i8k_keys_set_timer(void);
10224 -static struct file_operations i8k_fops = {
10225 +static const struct file_operations i8k_fops = {
10229 diff -urNp linux-2.4.37.7/drivers/char/ib700wdt.c linux-2.4.37.7/drivers/char/ib700wdt.c
10230 --- linux-2.4.37.7/drivers/char/ib700wdt.c 2009-11-07 11:52:20.000000000 -0500
10231 +++ linux-2.4.37.7/drivers/char/ib700wdt.c 2009-11-10 19:30:27.000000000 -0500
10232 @@ -280,7 +280,7 @@ ibwdt_notify_sys(struct notifier_block *
10233 * Kernel Interfaces
10236 -static struct file_operations ibwdt_fops = {
10237 +static const struct file_operations ibwdt_fops = {
10238 owner: THIS_MODULE,
10240 write: ibwdt_write,
10241 diff -urNp linux-2.4.37.7/drivers/char/indydog.c linux-2.4.37.7/drivers/char/indydog.c
10242 --- linux-2.4.37.7/drivers/char/indydog.c 2009-11-07 11:52:20.000000000 -0500
10243 +++ linux-2.4.37.7/drivers/char/indydog.c 2009-11-10 19:30:27.000000000 -0500
10244 @@ -137,7 +137,7 @@ static int indydog_ioctl(struct inode *i
10248 -static struct file_operations indydog_fops = {
10249 +static const struct file_operations indydog_fops = {
10250 owner: THIS_MODULE,
10251 write: indydog_write,
10252 ioctl: indydog_ioctl,
10253 diff -urNp linux-2.4.37.7/drivers/char/ip27-rtc.c linux-2.4.37.7/drivers/char/ip27-rtc.c
10254 --- linux-2.4.37.7/drivers/char/ip27-rtc.c 2009-11-07 11:52:20.000000000 -0500
10255 +++ linux-2.4.37.7/drivers/char/ip27-rtc.c 2009-11-10 19:30:27.000000000 -0500
10256 @@ -192,7 +192,7 @@ static int rtc_release(struct inode *ino
10257 * The various file operations we support.
10260 -static struct file_operations rtc_fops = {
10261 +static const struct file_operations rtc_fops = {
10262 .owner = THIS_MODULE,
10263 .llseek = no_llseek,
10264 .ioctl = rtc_ioctl,
10265 diff -urNp linux-2.4.37.7/drivers/char/ip2main.c linux-2.4.37.7/drivers/char/ip2main.c
10266 --- linux-2.4.37.7/drivers/char/ip2main.c 2009-11-07 11:52:20.000000000 -0500
10267 +++ linux-2.4.37.7/drivers/char/ip2main.c 2009-11-10 19:30:27.000000000 -0500
10268 @@ -354,7 +354,7 @@ static struct termios * TermiosLocked
10269 /* This is the driver descriptor for the ip2ipl device, which is used to
10270 * download the loadware to the boards.
10272 -static struct file_operations ip2_ipl = {
10273 +static const struct file_operations ip2_ipl = {
10274 owner: THIS_MODULE,
10275 read: ip2_ipl_read,
10276 write: ip2_ipl_write,
10277 diff -urNp linux-2.4.37.7/drivers/char/ipmi/ipmi_devintf.c linux-2.4.37.7/drivers/char/ipmi/ipmi_devintf.c
10278 --- linux-2.4.37.7/drivers/char/ipmi/ipmi_devintf.c 2009-11-07 11:52:20.000000000 -0500
10279 +++ linux-2.4.37.7/drivers/char/ipmi/ipmi_devintf.c 2009-11-10 19:30:27.000000000 -0500
10280 @@ -423,7 +423,7 @@ static int ipmi_ioctl(struct inode *ino
10284 -static struct file_operations ipmi_fops = {
10285 +static const struct file_operations ipmi_fops = {
10286 owner: THIS_MODULE,
10289 diff -urNp linux-2.4.37.7/drivers/char/ipmi/ipmi_watchdog.c linux-2.4.37.7/drivers/char/ipmi/ipmi_watchdog.c
10290 --- linux-2.4.37.7/drivers/char/ipmi/ipmi_watchdog.c 2009-11-07 11:52:20.000000000 -0500
10291 +++ linux-2.4.37.7/drivers/char/ipmi/ipmi_watchdog.c 2009-11-10 19:30:27.000000000 -0500
10292 @@ -699,7 +699,7 @@ static int ipmi_close(struct inode *ino,
10296 -static struct file_operations ipmi_wdog_fops = {
10297 +static const struct file_operations ipmi_wdog_fops = {
10298 .owner = THIS_MODULE,
10301 diff -urNp linux-2.4.37.7/drivers/char/isicom.c linux-2.4.37.7/drivers/char/isicom.c
10302 --- linux-2.4.37.7/drivers/char/isicom.c 2009-11-07 11:52:20.000000000 -0500
10303 +++ linux-2.4.37.7/drivers/char/isicom.c 2009-11-10 19:30:27.000000000 -0500
10304 @@ -113,7 +113,7 @@ static signed char linuxb_to_isib[] = {
10308 -static struct file_operations ISILoad_fops = {
10309 +static const struct file_operations ISILoad_fops = {
10310 owner: THIS_MODULE,
10311 ioctl: ISILoad_ioctl,
10313 diff -urNp linux-2.4.37.7/drivers/char/istallion.c linux-2.4.37.7/drivers/char/istallion.c
10314 --- linux-2.4.37.7/drivers/char/istallion.c 2009-11-07 11:52:20.000000000 -0500
10315 +++ linux-2.4.37.7/drivers/char/istallion.c 2009-11-10 19:30:27.000000000 -0500
10316 @@ -782,7 +782,7 @@ static inline int stli_initpcibrd(int br
10317 * will give access to the shared memory on the Stallion intelligent
10318 * board. This is also a very useful debugging tool.
10320 -static struct file_operations stli_fsiomem = {
10321 +static const struct file_operations stli_fsiomem = {
10322 owner: THIS_MODULE,
10323 read: stli_memread,
10324 write: stli_memwrite,
10325 diff -urNp linux-2.4.37.7/drivers/char/ite_gpio.c linux-2.4.37.7/drivers/char/ite_gpio.c
10326 --- linux-2.4.37.7/drivers/char/ite_gpio.c 2009-11-07 11:52:20.000000000 -0500
10327 +++ linux-2.4.37.7/drivers/char/ite_gpio.c 2009-11-10 19:30:27.000000000 -0500
10328 @@ -364,7 +364,7 @@ DEB(printk("interrupt 0x%x %d\n",ITE_GPA
10332 -static struct file_operations ite_gpio_fops = {
10333 +static const struct file_operations ite_gpio_fops = {
10334 owner: THIS_MODULE,
10335 ioctl: ite_gpio_ioctl,
10336 open: ite_gpio_open,
10337 diff -urNp linux-2.4.37.7/drivers/char/keyboard.c linux-2.4.37.7/drivers/char/keyboard.c
10338 --- linux-2.4.37.7/drivers/char/keyboard.c 2009-11-07 11:52:20.000000000 -0500
10339 +++ linux-2.4.37.7/drivers/char/keyboard.c 2009-11-10 19:30:27.000000000 -0500
10340 @@ -545,6 +545,16 @@ static void do_spec(unsigned char value,
10341 if ((kbd->kbdmode == VC_RAW || kbd->kbdmode == VC_MEDIUMRAW) &&
10342 !(SPECIALS_ALLOWED_IN_RAW_MODE & (1 << value)))
10345 +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
10347 + void *func = spec_fn_table[value];
10348 + if (func == show_state || func == show_ptregs ||
10349 + func == show_mem)
10354 spec_fn_table[value]();
10357 diff -urNp linux-2.4.37.7/drivers/char/lcd.c linux-2.4.37.7/drivers/char/lcd.c
10358 --- linux-2.4.37.7/drivers/char/lcd.c 2009-11-07 11:52:20.000000000 -0500
10359 +++ linux-2.4.37.7/drivers/char/lcd.c 2009-11-10 19:30:27.000000000 -0500
10360 @@ -556,7 +556,7 @@ static long lcd_read(struct inode *inode
10361 * The various file operations we support.
10364 -static struct file_operations lcd_fops = {
10365 +static const struct file_operations lcd_fops = {
10369 diff -urNp linux-2.4.37.7/drivers/char/lp.c linux-2.4.37.7/drivers/char/lp.c
10370 --- linux-2.4.37.7/drivers/char/lp.c 2009-11-07 11:52:20.000000000 -0500
10371 +++ linux-2.4.37.7/drivers/char/lp.c 2009-11-10 19:30:27.000000000 -0500
10372 @@ -664,7 +664,7 @@ static int lp_ioctl(struct inode *inode,
10376 -static struct file_operations lp_fops = {
10377 +static const struct file_operations lp_fops = {
10378 owner: THIS_MODULE,
10381 diff -urNp linux-2.4.37.7/drivers/char/machzwd.c linux-2.4.37.7/drivers/char/machzwd.c
10382 --- linux-2.4.37.7/drivers/char/machzwd.c 2009-11-07 11:52:20.000000000 -0500
10383 +++ linux-2.4.37.7/drivers/char/machzwd.c 2009-11-10 19:30:27.000000000 -0500
10384 @@ -448,7 +448,7 @@ static int zf_notify_sys(struct notifier
10388 -static struct file_operations zf_fops = {
10389 +static const struct file_operations zf_fops = {
10390 owner: THIS_MODULE,
10393 diff -urNp linux-2.4.37.7/drivers/char/mem.c linux-2.4.37.7/drivers/char/mem.c
10394 --- linux-2.4.37.7/drivers/char/mem.c 2009-11-07 11:52:20.000000000 -0500
10395 +++ linux-2.4.37.7/drivers/char/mem.c 2009-11-10 19:30:27.000000000 -0500
10397 #include <linux/tty.h>
10398 #include <linux/capability.h>
10399 #include <linux/ptrace.h>
10400 +#include <linux/grsecurity.h>
10402 #include <asm/uaccess.h>
10403 #include <asm/io.h>
10404 @@ -42,6 +43,10 @@ extern void mda_console_init(void);
10405 #if defined(CONFIG_S390_TAPE) && defined(CONFIG_S390_TAPE_CHAR)
10406 extern void tapechar_init(void);
10409 +#ifdef CONFIG_GRKERNSEC
10410 +extern struct file_operations grsec_fops;
10413 static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp,
10414 const char * buf, size_t count, loff_t *ppos)
10415 @@ -115,6 +120,11 @@ static ssize_t write_mem(struct file * f
10416 unsigned long p = *ppos;
10417 unsigned long end_mem;
10419 +#ifdef CONFIG_GRKERNSEC_KMEM
10420 + gr_handle_mem_write();
10424 end_mem = __pa(high_memory);
10427 @@ -187,6 +197,12 @@ static int mmap_mem(struct file * file,
10429 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
10431 +#ifdef CONFIG_GRKERNSEC_KMEM
10432 + if (gr_handle_mem_mmap(offset, vma))
10438 * Accessing memory above the top the kernel knows about or
10439 * through a file pointer that was marked O_SYNC will be
10440 @@ -286,6 +302,11 @@ static ssize_t write_kmem(struct file *
10442 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
10444 +#ifdef CONFIG_GRKERNSEC_KMEM
10445 + gr_handle_kmem_write();
10449 if (p < (unsigned long) high_memory) {
10451 if (count > (unsigned long) high_memory - p)
10452 @@ -402,9 +423,25 @@ static inline size_t read_zero_pagealign
10455 zap_page_range(mm, addr, count);
10456 - if (zeromap_page_range(addr, count, PAGE_COPY))
10457 + if (zeromap_page_range(addr, count, vma->vm_page_prot))
10460 +#ifdef CONFIG_PAX_SEGMEXEC
10461 + if (vma->vm_flags & VM_MIRROR) {
10462 + unsigned long addr_m;
10463 + struct vm_area_struct * vma_m;
10465 + addr_m = vma->vm_start + vma->vm_mirror;
10466 + vma_m = find_vma(mm, addr_m);
10467 + if (vma_m && vma_m->vm_start == addr_m && (vma_m->vm_flags & VM_MIRROR)) {
10468 + addr_m = addr + vma->vm_mirror;
10469 + zap_page_range(mm, addr_m, count);
10471 + printk(KERN_ERR "PAX: VMMIRROR: read_zero bug, %08lx, %08lx\n",
10472 + addr, vma->vm_start);
10479 @@ -526,6 +563,15 @@ static loff_t memory_lseek(struct file *
10481 static int open_port(struct inode * inode, struct file * filp)
10483 +#ifdef CONFIG_GRKERNSEC_KMEM
10484 + gr_handle_open_port();
10487 + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
10490 +static int open_mem(struct inode * inode, struct file * filp)
10492 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
10495 @@ -574,7 +620,7 @@ out:
10499 -struct vm_operations_struct kmem_vm_ops = {
10500 +const struct vm_operations_struct kmem_vm_ops = {
10501 nopage: kmem_vm_nopage,
10504 @@ -583,6 +629,11 @@ static int mmap_kmem(struct file * file,
10505 unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
10506 unsigned long size = vma->vm_end - vma->vm_start;
10508 +#ifdef CONFIG_GRKERNSEC_KMEM
10509 + if (gr_handle_mem_mmap(offset, vma))
10514 * If the user is not attempting to mmap a high memory address then
10515 * the standard mmap_mem mechanism will work. High memory addresses
10516 @@ -618,10 +669,9 @@ static int mmap_kmem(struct file * file,
10517 #define full_lseek null_lseek
10518 #define write_zero write_null
10519 #define read_full read_zero
10520 -#define open_mem open_port
10521 #define open_kmem open_mem
10523 -static struct file_operations mem_fops = {
10524 +static const struct file_operations mem_fops = {
10525 llseek: memory_lseek,
10528 @@ -629,7 +679,7 @@ static struct file_operations mem_fops =
10532 -static struct file_operations kmem_fops = {
10533 +static const struct file_operations kmem_fops = {
10534 llseek: memory_lseek,
10537 @@ -637,14 +687,14 @@ static struct file_operations kmem_fops
10541 -static struct file_operations null_fops = {
10542 +static const struct file_operations null_fops = {
10543 llseek: null_lseek,
10548 #if defined(CONFIG_ISA) || !defined(__mc68000__)
10549 -static struct file_operations port_fops = {
10550 +static const struct file_operations port_fops = {
10551 llseek: memory_lseek,
10554 @@ -652,14 +702,14 @@ static struct file_operations port_fops
10558 -static struct file_operations zero_fops = {
10559 +static const struct file_operations zero_fops = {
10560 llseek: zero_lseek,
10566 -static struct file_operations full_fops = {
10567 +static const struct file_operations full_fops = {
10568 llseek: full_lseek,
10571 @@ -694,6 +744,11 @@ static int memory_open(struct inode * in
10573 filp->f_op = &urandom_fops;
10575 +#ifdef CONFIG_GRKERNSEC
10577 + filp->f_op = &grsec_fops;
10583 @@ -709,7 +764,7 @@ void __init memory_devfs_register (void)
10584 unsigned short minor;
10587 - struct file_operations *fops;
10588 + const struct file_operations *fops;
10589 } list[] = { /* list of minor devices */
10590 {1, "mem", S_IRUSR | S_IWUSR | S_IRGRP, &mem_fops},
10591 {2, "kmem", S_IRUSR | S_IWUSR | S_IRGRP, &kmem_fops},
10592 @@ -720,7 +775,10 @@ void __init memory_devfs_register (void)
10593 {5, "zero", S_IRUGO | S_IWUGO, &zero_fops},
10594 {7, "full", S_IRUGO | S_IWUGO, &full_fops},
10595 {8, "random", S_IRUGO | S_IWUSR, &random_fops},
10596 - {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops}
10597 + {9, "urandom", S_IRUGO | S_IWUSR, &urandom_fops},
10598 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
10599 + {13,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}
10604 @@ -731,7 +789,7 @@ void __init memory_devfs_register (void)
10605 list[i].fops, NULL);
10608 -static struct file_operations memory_fops = {
10609 +static const struct file_operations memory_fops = {
10610 open: memory_open, /* just a selector for the real open */
10613 diff -urNp linux-2.4.37.7/drivers/char/mips_rtc.c linux-2.4.37.7/drivers/char/mips_rtc.c
10614 --- linux-2.4.37.7/drivers/char/mips_rtc.c 2009-11-07 11:52:20.000000000 -0500
10615 +++ linux-2.4.37.7/drivers/char/mips_rtc.c 2009-11-10 19:30:27.000000000 -0500
10616 @@ -138,7 +138,7 @@ static int rtc_release(struct inode *ino
10617 * The various file operations we support.
10620 -static struct file_operations rtc_fops = {
10621 +static const struct file_operations rtc_fops = {
10625 diff -urNp linux-2.4.37.7/drivers/char/misc.c linux-2.4.37.7/drivers/char/misc.c
10626 --- linux-2.4.37.7/drivers/char/misc.c 2009-11-07 11:52:20.000000000 -0500
10627 +++ linux-2.4.37.7/drivers/char/misc.c 2009-11-10 19:30:27.000000000 -0500
10628 @@ -104,7 +104,7 @@ static int misc_open(struct inode * inod
10629 int minor = MINOR(inode->i_rdev);
10630 struct miscdevice *c;
10632 - struct file_operations *old_fops, *new_fops = NULL;
10633 + const struct file_operations *old_fops, *new_fops = NULL;
10637 @@ -143,7 +143,7 @@ fail:
10641 -static struct file_operations misc_fops = {
10642 +static const struct file_operations misc_fops = {
10643 owner: THIS_MODULE,
10646 diff -urNp linux-2.4.37.7/drivers/char/mixcomwd.c linux-2.4.37.7/drivers/char/mixcomwd.c
10647 --- linux-2.4.37.7/drivers/char/mixcomwd.c 2009-11-07 11:52:20.000000000 -0500
10648 +++ linux-2.4.37.7/drivers/char/mixcomwd.c 2009-11-10 19:30:27.000000000 -0500
10649 @@ -197,8 +197,7 @@ static int mixcomwd_ioctl(struct inode *
10653 -static struct file_operations mixcomwd_fops=
10655 +static const struct file_operations mixcomwd_fops = {
10656 owner: THIS_MODULE,
10657 write: mixcomwd_write,
10658 ioctl: mixcomwd_ioctl,
10659 diff -urNp linux-2.4.37.7/drivers/char/mk712.c linux-2.4.37.7/drivers/char/mk712.c
10660 --- linux-2.4.37.7/drivers/char/mk712.c 2009-11-07 11:52:20.000000000 -0500
10661 +++ linux-2.4.37.7/drivers/char/mk712.c 2009-11-10 19:30:27.000000000 -0500
10662 @@ -415,7 +415,7 @@ static ssize_t mk712_write(struct file *
10666 -struct file_operations mk712_fops = {
10667 +const struct file_operations mk712_fops = {
10668 owner: THIS_MODULE,
10670 write: mk712_write,
10671 diff -urNp linux-2.4.37.7/drivers/char/mpc8xx_wdt.c linux-2.4.37.7/drivers/char/mpc8xx_wdt.c
10672 --- linux-2.4.37.7/drivers/char/mpc8xx_wdt.c 2009-11-07 11:52:20.000000000 -0500
10673 +++ linux-2.4.37.7/drivers/char/mpc8xx_wdt.c 2009-11-10 19:30:27.000000000 -0500
10674 @@ -144,7 +144,7 @@ mpc8xx_wdt_ioctl(struct inode *inode, st
10678 -static struct file_operations mpc8xx_wdt_fops = {
10679 +static const struct file_operations mpc8xx_wdt_fops = {
10680 .owner = THIS_MODULE,
10681 .write = mpc8xx_wdt_write,
10682 .ioctl = mpc8xx_wdt_ioctl,
10683 diff -urNp linux-2.4.37.7/drivers/char/mwave/mwavedd.c linux-2.4.37.7/drivers/char/mwave/mwavedd.c
10684 --- linux-2.4.37.7/drivers/char/mwave/mwavedd.c 2009-11-07 11:52:20.000000000 -0500
10685 +++ linux-2.4.37.7/drivers/char/mwave/mwavedd.c 2009-11-10 19:30:27.000000000 -0500
10686 @@ -431,7 +431,7 @@ static int register_serial_portandirq(un
10689 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
10690 -static struct file_operations mwave_fops = {
10691 +static const struct file_operations mwave_fops = {
10695 @@ -440,7 +440,7 @@ static struct file_operations mwave_fops
10696 release:mwave_close
10699 -static struct file_operations mwave_fops = {
10700 +static const struct file_operations mwave_fops = {
10702 mwave_read, /* read */
10703 mwave_write, /* write */
10704 diff -urNp linux-2.4.37.7/drivers/char/nvram.c linux-2.4.37.7/drivers/char/nvram.c
10705 --- linux-2.4.37.7/drivers/char/nvram.c 2009-11-07 11:52:20.000000000 -0500
10706 +++ linux-2.4.37.7/drivers/char/nvram.c 2009-11-10 19:30:27.000000000 -0500
10707 @@ -443,7 +443,7 @@ nvram_read_proc(char *buffer, char **sta
10709 #endif /* CONFIG_PROC_FS */
10711 -static struct file_operations nvram_fops = {
10712 +static const struct file_operations nvram_fops = {
10713 owner: THIS_MODULE,
10714 llseek: nvram_llseek,
10716 diff -urNp linux-2.4.37.7/drivers/char/nwbutton.c linux-2.4.37.7/drivers/char/nwbutton.c
10717 --- linux-2.4.37.7/drivers/char/nwbutton.c 2009-11-07 11:52:20.000000000 -0500
10718 +++ linux-2.4.37.7/drivers/char/nwbutton.c 2009-11-10 19:30:27.000000000 -0500
10719 @@ -182,7 +182,7 @@ static int button_read (struct file *fil
10720 * attempts to perform these operations on the device.
10723 -static struct file_operations button_fops = {
10724 +static const struct file_operations button_fops = {
10725 owner: THIS_MODULE,
10728 diff -urNp linux-2.4.37.7/drivers/char/nwflash.c linux-2.4.37.7/drivers/char/nwflash.c
10729 --- linux-2.4.37.7/drivers/char/nwflash.c 2009-11-07 11:52:20.000000000 -0500
10730 +++ linux-2.4.37.7/drivers/char/nwflash.c 2009-11-10 19:30:27.000000000 -0500
10731 @@ -636,8 +636,7 @@ static void kick_open(void)
10735 -static struct file_operations flash_fops =
10737 +static const struct file_operations flash_fops = {
10738 owner: THIS_MODULE,
10739 llseek: flash_llseek,
10741 diff -urNp linux-2.4.37.7/drivers/char/pc110pad.c linux-2.4.37.7/drivers/char/pc110pad.c
10742 --- linux-2.4.37.7/drivers/char/pc110pad.c 2009-11-07 11:52:20.000000000 -0500
10743 +++ linux-2.4.37.7/drivers/char/pc110pad.c 2009-11-10 19:30:27.000000000 -0500
10744 @@ -770,7 +770,7 @@ static int pad_ioctl(struct inode *inode
10748 -static struct file_operations pad_fops = {
10749 +static const struct file_operations pad_fops = {
10750 owner: THIS_MODULE,
10753 diff -urNp linux-2.4.37.7/drivers/char/pc_keyb.c linux-2.4.37.7/drivers/char/pc_keyb.c
10754 --- linux-2.4.37.7/drivers/char/pc_keyb.c 2009-11-07 11:52:20.000000000 -0500
10755 +++ linux-2.4.37.7/drivers/char/pc_keyb.c 2009-11-10 19:30:27.000000000 -0500
10756 @@ -1182,7 +1182,7 @@ static unsigned int aux_poll(struct file
10760 -struct file_operations psaux_fops = {
10761 +const struct file_operations psaux_fops = {
10765 diff -urNp linux-2.4.37.7/drivers/char/pcwd.c linux-2.4.37.7/drivers/char/pcwd.c
10766 --- linux-2.4.37.7/drivers/char/pcwd.c 2009-11-07 11:52:20.000000000 -0500
10767 +++ linux-2.4.37.7/drivers/char/pcwd.c 2009-11-10 19:30:27.000000000 -0500
10768 @@ -710,7 +710,7 @@ static struct pci_driver pcwd_driver = {
10769 probe:pcwd_init_one,
10772 -static struct file_operations pcwd_fops = {
10773 +static const struct file_operations pcwd_fops = {
10777 @@ -724,7 +724,7 @@ static struct miscdevice pcwd_miscdev =
10781 -static struct file_operations pcwd_temp_fops = {
10782 +static const struct file_operations pcwd_temp_fops = {
10786 diff -urNp linux-2.4.37.7/drivers/char/ppdev.c linux-2.4.37.7/drivers/char/ppdev.c
10787 --- linux-2.4.37.7/drivers/char/ppdev.c 2009-11-07 11:52:20.000000000 -0500
10788 +++ linux-2.4.37.7/drivers/char/ppdev.c 2009-11-10 19:30:27.000000000 -0500
10789 @@ -743,7 +743,7 @@ static unsigned int pp_poll (struct file
10793 -static struct file_operations pp_fops = {
10794 +static const struct file_operations pp_fops = {
10795 owner: THIS_MODULE,
10798 diff -urNp linux-2.4.37.7/drivers/char/qpmouse.c linux-2.4.37.7/drivers/char/qpmouse.c
10799 --- linux-2.4.37.7/drivers/char/qpmouse.c 2009-11-07 11:52:20.000000000 -0500
10800 +++ linux-2.4.37.7/drivers/char/qpmouse.c 2009-11-10 19:30:27.000000000 -0500
10801 @@ -288,7 +288,7 @@ repeat:
10805 -struct file_operations qp_fops = {
10806 +const struct file_operations qp_fops = {
10807 owner: THIS_MODULE,
10810 diff -urNp linux-2.4.37.7/drivers/char/qtronix.c linux-2.4.37.7/drivers/char/qtronix.c
10811 --- linux-2.4.37.7/drivers/char/qtronix.c 2009-11-07 11:52:20.000000000 -0500
10812 +++ linux-2.4.37.7/drivers/char/qtronix.c 2009-11-10 19:30:27.000000000 -0500
10813 @@ -569,7 +569,7 @@ static unsigned int aux_poll(struct file
10817 -struct file_operations psaux_fops = {
10818 +const struct file_operations psaux_fops = {
10822 diff -urNp linux-2.4.37.7/drivers/char/random.c linux-2.4.37.7/drivers/char/random.c
10823 --- linux-2.4.37.7/drivers/char/random.c 2009-11-07 11:52:20.000000000 -0500
10824 +++ linux-2.4.37.7/drivers/char/random.c 2009-11-10 19:30:27.000000000 -0500
10825 @@ -262,9 +262,15 @@
10827 * Configuration information
10829 +#ifdef CONFIG_GRKERNSEC_RANDNET
10830 +#define DEFAULT_POOL_SIZE 1024
10831 +#define SECONDARY_POOL_SIZE 256
10832 +#define BATCH_ENTROPY_SIZE 512
10834 #define DEFAULT_POOL_SIZE 512
10835 #define SECONDARY_POOL_SIZE 128
10836 #define BATCH_ENTROPY_SIZE 256
10841 @@ -1699,14 +1705,14 @@ random_ioctl(struct inode * inode, struc
10845 -struct file_operations random_fops = {
10846 +const struct file_operations random_fops = {
10848 write: random_write,
10850 ioctl: random_ioctl,
10853 -struct file_operations urandom_fops = {
10854 +const struct file_operations urandom_fops = {
10855 read: urandom_read,
10856 write: random_write,
10857 ioctl: random_ioctl,
10858 diff -urNp linux-2.4.37.7/drivers/char/raw.c linux-2.4.37.7/drivers/char/raw.c
10859 --- linux-2.4.37.7/drivers/char/raw.c 2009-11-07 11:52:20.000000000 -0500
10860 +++ linux-2.4.37.7/drivers/char/raw.c 2009-11-10 19:30:27.000000000 -0500
10861 @@ -37,7 +37,7 @@ int raw_ctl_ioctl(struct inode *, struct
10862 int raw_ioctl(struct inode *, struct file *, unsigned int, unsigned long);
10865 -static struct file_operations raw_fops = {
10866 +static const struct file_operations raw_fops = {
10870 @@ -45,7 +45,7 @@ static struct file_operations raw_fops =
10874 -static struct file_operations raw_ctl_fops = {
10875 +static const struct file_operations raw_ctl_fops = {
10876 ioctl: raw_ctl_ioctl,
10879 diff -urNp linux-2.4.37.7/drivers/char/rio/rio_linux.c linux-2.4.37.7/drivers/char/rio/rio_linux.c
10880 --- linux-2.4.37.7/drivers/char/rio/rio_linux.c 2009-11-07 11:52:20.000000000 -0500
10881 +++ linux-2.4.37.7/drivers/char/rio/rio_linux.c 2009-11-10 19:30:27.000000000 -0500
10882 @@ -276,7 +276,7 @@ static struct real_driver rio_real_drive
10886 -static struct file_operations rio_fw_fops = {
10887 +static const struct file_operations rio_fw_fops = {
10888 owner: THIS_MODULE,
10889 ioctl: rio_fw_ioctl,
10891 diff -urNp linux-2.4.37.7/drivers/char/rtc.c linux-2.4.37.7/drivers/char/rtc.c
10892 --- linux-2.4.37.7/drivers/char/rtc.c 2009-11-07 11:52:20.000000000 -0500
10893 +++ linux-2.4.37.7/drivers/char/rtc.c 2009-11-10 19:30:27.000000000 -0500
10894 @@ -686,7 +686,7 @@ static unsigned int rtc_poll(struct file
10895 * The various file operations we support.
10898 -static struct file_operations rtc_fops = {
10899 +static const struct file_operations rtc_fops = {
10900 owner: THIS_MODULE,
10903 diff -urNp linux-2.4.37.7/drivers/char/sbc60xxwdt.c linux-2.4.37.7/drivers/char/sbc60xxwdt.c
10904 --- linux-2.4.37.7/drivers/char/sbc60xxwdt.c 2009-11-07 11:52:20.000000000 -0500
10905 +++ linux-2.4.37.7/drivers/char/sbc60xxwdt.c 2009-11-10 19:30:27.000000000 -0500
10906 @@ -251,7 +251,7 @@ static int fop_ioctl(struct inode *inode
10910 -static struct file_operations wdt_fops = {
10911 +static const struct file_operations wdt_fops = {
10912 owner: THIS_MODULE,
10915 diff -urNp linux-2.4.37.7/drivers/char/sc1200wdt.c linux-2.4.37.7/drivers/char/sc1200wdt.c
10916 --- linux-2.4.37.7/drivers/char/sc1200wdt.c 2009-11-07 11:52:20.000000000 -0500
10917 +++ linux-2.4.37.7/drivers/char/sc1200wdt.c 2009-11-10 19:30:27.000000000 -0500
10918 @@ -292,8 +292,7 @@ static struct notifier_block sc1200wdt_n
10919 notifier_call: sc1200wdt_notify_sys
10922 -static struct file_operations sc1200wdt_fops =
10924 +static const struct file_operations sc1200wdt_fops = {
10925 owner: THIS_MODULE,
10926 write: sc1200wdt_write,
10927 ioctl: sc1200wdt_ioctl,
10928 diff -urNp linux-2.4.37.7/drivers/char/sc520_wdt.c linux-2.4.37.7/drivers/char/sc520_wdt.c
10929 --- linux-2.4.37.7/drivers/char/sc520_wdt.c 2009-11-07 11:52:20.000000000 -0500
10930 +++ linux-2.4.37.7/drivers/char/sc520_wdt.c 2009-11-10 19:30:27.000000000 -0500
10931 @@ -286,7 +286,7 @@ static int fop_ioctl(struct inode *inode
10935 -static struct file_operations wdt_fops = {
10936 +static const struct file_operations wdt_fops = {
10937 owner: THIS_MODULE,
10938 llseek: fop_llseek,
10940 diff -urNp linux-2.4.37.7/drivers/char/scx200_gpio.c linux-2.4.37.7/drivers/char/scx200_gpio.c
10941 --- linux-2.4.37.7/drivers/char/scx200_gpio.c 2009-11-07 11:52:20.000000000 -0500
10942 +++ linux-2.4.37.7/drivers/char/scx200_gpio.c 2009-11-10 19:30:27.000000000 -0500
10943 @@ -106,7 +106,7 @@ static int scx200_gpio_release(struct in
10947 -static struct file_operations scx200_gpio_fops = {
10948 +static const struct file_operations scx200_gpio_fops = {
10949 .owner = THIS_MODULE,
10950 .write = scx200_gpio_write,
10951 .read = scx200_gpio_read,
10952 diff -urNp linux-2.4.37.7/drivers/char/scx200_wdt.c linux-2.4.37.7/drivers/char/scx200_wdt.c
10953 --- linux-2.4.37.7/drivers/char/scx200_wdt.c 2009-11-07 11:52:20.000000000 -0500
10954 +++ linux-2.4.37.7/drivers/char/scx200_wdt.c 2009-11-10 19:30:27.000000000 -0500
10955 @@ -200,7 +200,7 @@ static int scx200_wdt_ioctl(struct inode
10959 -static struct file_operations scx200_wdt_fops = {
10960 +static const struct file_operations scx200_wdt_fops = {
10961 .owner = THIS_MODULE,
10962 .write = scx200_wdt_write,
10963 .ioctl = scx200_wdt_ioctl,
10964 diff -urNp linux-2.4.37.7/drivers/char/shwdt.c linux-2.4.37.7/drivers/char/shwdt.c
10965 --- linux-2.4.37.7/drivers/char/shwdt.c 2009-11-07 11:52:20.000000000 -0500
10966 +++ linux-2.4.37.7/drivers/char/shwdt.c 2009-11-10 19:30:27.000000000 -0500
10967 @@ -405,7 +405,7 @@ static int sh_wdt_notify_sys(struct noti
10968 return NOTIFY_DONE;
10971 -static struct file_operations sh_wdt_fops = {
10972 +static const struct file_operations sh_wdt_fops = {
10973 owner: THIS_MODULE,
10975 write: sh_wdt_write,
10976 diff -urNp linux-2.4.37.7/drivers/char/softdog.c linux-2.4.37.7/drivers/char/softdog.c
10977 --- linux-2.4.37.7/drivers/char/softdog.c 2009-11-07 11:52:20.000000000 -0500
10978 +++ linux-2.4.37.7/drivers/char/softdog.c 2009-11-10 19:30:27.000000000 -0500
10979 @@ -198,7 +198,7 @@ static int softdog_ioctl(struct inode *i
10983 -static struct file_operations softdog_fops = {
10984 +static const struct file_operations softdog_fops = {
10985 owner: THIS_MODULE,
10986 write: softdog_write,
10987 ioctl: softdog_ioctl,
10988 diff -urNp linux-2.4.37.7/drivers/char/sonypi.c linux-2.4.37.7/drivers/char/sonypi.c
10989 --- linux-2.4.37.7/drivers/char/sonypi.c 2009-11-07 11:52:20.000000000 -0500
10990 +++ linux-2.4.37.7/drivers/char/sonypi.c 2009-11-10 19:30:27.000000000 -0500
10991 @@ -613,7 +613,7 @@ static int sonypi_misc_ioctl(struct inod
10995 -static struct file_operations sonypi_misc_fops = {
10996 +static const struct file_operations sonypi_misc_fops = {
10997 .owner = THIS_MODULE,
10998 .read = sonypi_misc_read,
10999 .poll = sonypi_misc_poll,
11000 diff -urNp linux-2.4.37.7/drivers/char/stallion.c linux-2.4.37.7/drivers/char/stallion.c
11001 --- linux-2.4.37.7/drivers/char/stallion.c 2009-11-07 11:52:20.000000000 -0500
11002 +++ linux-2.4.37.7/drivers/char/stallion.c 2009-11-10 19:30:27.000000000 -0500
11003 @@ -735,7 +735,7 @@ static unsigned int sc26198_baudtable[]
11004 * Define the driver info for a user level control device. Used mainly
11005 * to get at port stats - only not using the port device itself.
11007 -static struct file_operations stl_fsiomem = {
11008 +static const struct file_operations stl_fsiomem = {
11009 owner: THIS_MODULE,
11010 ioctl: stl_memioctl,
11012 diff -urNp linux-2.4.37.7/drivers/char/sx.c linux-2.4.37.7/drivers/char/sx.c
11013 --- linux-2.4.37.7/drivers/char/sx.c 2009-11-07 11:52:20.000000000 -0500
11014 +++ linux-2.4.37.7/drivers/char/sx.c 2009-11-10 19:30:27.000000000 -0500
11015 @@ -421,7 +421,7 @@ static struct real_driver sx_real_driver
11019 -static struct file_operations sx_fw_fops = {
11020 +static const struct file_operations sx_fw_fops = {
11021 owner: THIS_MODULE,
11022 ioctl: sx_fw_ioctl,
11024 diff -urNp linux-2.4.37.7/drivers/char/tipar.c linux-2.4.37.7/drivers/char/tipar.c
11025 --- linux-2.4.37.7/drivers/char/tipar.c 2009-11-07 11:52:20.000000000 -0500
11026 +++ linux-2.4.37.7/drivers/char/tipar.c 2009-11-10 19:30:27.000000000 -0500
11027 @@ -384,7 +384,7 @@ tipar_ioctl(struct inode *inode, struct
11029 /* ----- kernel module registering ------------------------------------ */
11031 -static struct file_operations tipar_fops = {
11032 +static const struct file_operations tipar_fops = {
11036 diff -urNp linux-2.4.37.7/drivers/char/toshiba.c linux-2.4.37.7/drivers/char/toshiba.c
11037 --- linux-2.4.37.7/drivers/char/toshiba.c 2009-11-07 11:52:20.000000000 -0500
11038 +++ linux-2.4.37.7/drivers/char/toshiba.c 2009-11-10 19:30:27.000000000 -0500
11039 @@ -90,7 +90,7 @@ static int tosh_ioctl(struct inode *, st
11043 -static struct file_operations tosh_fops = {
11044 +static const struct file_operations tosh_fops = {
11045 owner: THIS_MODULE,
11048 diff -urNp linux-2.4.37.7/drivers/char/tpqic02.c linux-2.4.37.7/drivers/char/tpqic02.c
11049 --- linux-2.4.37.7/drivers/char/tpqic02.c 2009-11-07 11:52:20.000000000 -0500
11050 +++ linux-2.4.37.7/drivers/char/tpqic02.c 2009-11-10 19:30:27.000000000 -0500
11051 @@ -2703,7 +2703,7 @@ static int qic02_tape_ioctl(struct inode
11054 /* These are (most) of the interface functions: */
11055 -static struct file_operations qic02_tape_fops = {
11056 +static const struct file_operations qic02_tape_fops = {
11059 read:qic02_tape_read,
11060 diff -urNp linux-2.4.37.7/drivers/char/tty_io.c linux-2.4.37.7/drivers/char/tty_io.c
11061 --- linux-2.4.37.7/drivers/char/tty_io.c 2009-11-07 11:52:20.000000000 -0500
11062 +++ linux-2.4.37.7/drivers/char/tty_io.c 2009-11-10 19:30:27.000000000 -0500
11063 @@ -671,7 +671,7 @@ static int hung_up_tty_ioctl(struct inod
11064 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
11067 -static struct file_operations tty_fops = {
11068 +static const struct file_operations tty_fops = {
11072 @@ -682,7 +682,7 @@ static struct file_operations tty_fops =
11073 fasync: tty_fasync,
11076 -static struct file_operations hung_up_tty_fops = {
11077 +static const struct file_operations hung_up_tty_fops = {
11079 read: hung_up_tty_read,
11080 write: hung_up_tty_write,
11081 @@ -1775,7 +1775,11 @@ init_dev_done:
11083 filp->f_flags = saved_flags;
11085 +#ifdef CONFIG_GRKERNSEC
11086 + if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
11088 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
11093 @@ -1882,7 +1886,11 @@ static int tiocsti(struct tty_struct *tt
11095 struct tty_ldisc *ld;
11097 +#ifdef CONFIG_GRKERNSEC
11098 + if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
11100 if ((current->tty != tty) && !suser())
11103 if (get_user(ch, arg))
11105 @@ -1922,7 +1930,11 @@ static int tioccons(struct inode *inode,
11106 if (inode->i_rdev == SYSCONS_DEV ||
11107 inode->i_rdev == CONSOLE_DEV) {
11109 +#ifdef CONFIG_GRKERNSEC
11110 + if (!capable(CAP_SYS_TTY_CONFIG))
11115 spin_lock(&redirect_lock);
11117 @@ -1974,7 +1986,11 @@ static int tiocsctty(struct tty_struct *
11118 * This tty is already the controlling
11119 * tty for another session group!
11121 +#ifdef CONFIG_GRKERNSEC
11122 + if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
11124 if ((arg == 1) && suser()) {
11129 diff -urNp linux-2.4.37.7/drivers/char/vc_screen.c linux-2.4.37.7/drivers/char/vc_screen.c
11130 --- linux-2.4.37.7/drivers/char/vc_screen.c 2009-11-07 11:52:20.000000000 -0500
11131 +++ linux-2.4.37.7/drivers/char/vc_screen.c 2009-11-10 19:30:27.000000000 -0500
11132 @@ -471,7 +471,7 @@ vcs_open(struct inode *inode, struct fil
11136 -static struct file_operations vcs_fops = {
11137 +static const struct file_operations vcs_fops = {
11141 diff -urNp linux-2.4.37.7/drivers/char/vt.c linux-2.4.37.7/drivers/char/vt.c
11142 --- linux-2.4.37.7/drivers/char/vt.c 2009-11-07 11:52:20.000000000 -0500
11143 +++ linux-2.4.37.7/drivers/char/vt.c 2009-11-10 19:30:27.000000000 -0500
11144 @@ -182,6 +182,11 @@ do_kdsk_ioctl(int cmd, struct kbentry *u
11148 +#ifdef CONFIG_GRKERNSEC
11149 + if (!capable(CAP_SYS_TTY_CONFIG))
11153 if (!i && v == K_NOSUCHMAP) {
11154 /* disallocate map */
11155 key_map = key_maps[s];
11156 @@ -307,6 +312,11 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
11160 +#ifdef CONFIG_GRKERNSEC
11161 + if (!capable(CAP_SYS_TTY_CONFIG))
11166 first_free = funcbufptr + (funcbufsize - funcbufleft);
11167 for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++)
11168 @@ -449,7 +459,11 @@ int vt_ioctl(struct tty_struct *tty, str
11169 * to be the owner of the tty, or super-user.
11172 +#ifdef CONFIG_GRKERNSEC
11173 + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
11175 if (current->tty == tty || suser())
11179 kbd = kbd_table + console;
11180 @@ -1043,12 +1057,20 @@ int vt_ioctl(struct tty_struct *tty, str
11181 return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
11183 case VT_LOCKSWITCH:
11184 +#ifdef CONFIG_GRKERNSEC
11185 + if (!capable(CAP_SYS_TTY_CONFIG))
11190 vt_dont_switch = 1;
11192 case VT_UNLOCKSWITCH:
11193 +#ifdef CONFIG_GRKERNSEC
11194 + if (!capable(CAP_SYS_TTY_CONFIG))
11199 vt_dont_switch = 0;
11201 diff -urNp linux-2.4.37.7/drivers/char/w83877f_wdt.c linux-2.4.37.7/drivers/char/w83877f_wdt.c
11202 --- linux-2.4.37.7/drivers/char/w83877f_wdt.c 2009-11-07 11:52:20.000000000 -0500
11203 +++ linux-2.4.37.7/drivers/char/w83877f_wdt.c 2009-11-10 19:30:27.000000000 -0500
11204 @@ -268,7 +268,7 @@ static int fop_ioctl(struct inode *inode
11208 -static struct file_operations wdt_fops = {
11209 +static const struct file_operations wdt_fops = {
11210 owner: THIS_MODULE,
11213 diff -urNp linux-2.4.37.7/drivers/char/wafer5823wdt.c linux-2.4.37.7/drivers/char/wafer5823wdt.c
11214 --- linux-2.4.37.7/drivers/char/wafer5823wdt.c 2009-11-07 11:52:20.000000000 -0500
11215 +++ linux-2.4.37.7/drivers/char/wafer5823wdt.c 2009-11-10 19:30:27.000000000 -0500
11216 @@ -199,7 +199,7 @@ static int wafwdt_notify_sys(struct noti
11217 * Kernel Interfaces
11220 -static struct file_operations wafwdt_fops = {
11221 +static const struct file_operations wafwdt_fops = {
11223 write:wafwdt_write,
11224 ioctl:wafwdt_ioctl,
11225 diff -urNp linux-2.4.37.7/drivers/char/wdt285.c linux-2.4.37.7/drivers/char/wdt285.c
11226 --- linux-2.4.37.7/drivers/char/wdt285.c 2009-11-07 11:52:20.000000000 -0500
11227 +++ linux-2.4.37.7/drivers/char/wdt285.c 2009-11-10 19:30:27.000000000 -0500
11228 @@ -161,8 +161,7 @@ static int watchdog_ioctl(struct inode *
11232 -static struct file_operations watchdog_fops=
11234 +static const struct file_operations watchdog_fops = {
11235 owner: THIS_MODULE,
11236 write: watchdog_write,
11237 ioctl: watchdog_ioctl,
11238 diff -urNp linux-2.4.37.7/drivers/char/wdt977.c linux-2.4.37.7/drivers/char/wdt977.c
11239 --- linux-2.4.37.7/drivers/char/wdt977.c 2009-11-07 11:52:20.000000000 -0500
11240 +++ linux-2.4.37.7/drivers/char/wdt977.c 2009-11-10 19:30:27.000000000 -0500
11241 @@ -194,8 +194,7 @@ static ssize_t wdt977_write(struct file
11245 -static struct file_operations wdt977_fops=
11247 +static const struct file_operations wdt977_fops = {
11248 owner: THIS_MODULE,
11249 write: wdt977_write,
11251 diff -urNp linux-2.4.37.7/drivers/char/wdt.c linux-2.4.37.7/drivers/char/wdt.c
11252 --- linux-2.4.37.7/drivers/char/wdt.c 2009-11-07 11:52:20.000000000 -0500
11253 +++ linux-2.4.37.7/drivers/char/wdt.c 2009-11-10 19:30:27.000000000 -0500
11254 @@ -459,7 +459,7 @@ static int wdt_notify_sys(struct notifie
11258 -static struct file_operations wdt_fops = {
11259 +static const struct file_operations wdt_fops = {
11260 owner: THIS_MODULE,
11263 diff -urNp linux-2.4.37.7/drivers/char/wdt_pci.c linux-2.4.37.7/drivers/char/wdt_pci.c
11264 --- linux-2.4.37.7/drivers/char/wdt_pci.c 2009-11-07 11:52:20.000000000 -0500
11265 +++ linux-2.4.37.7/drivers/char/wdt_pci.c 2009-11-10 19:30:27.000000000 -0500
11266 @@ -475,7 +475,7 @@ static int wdtpci_notify_sys(struct noti
11270 -static struct file_operations wdtpci_fops = {
11271 +static const struct file_operations wdtpci_fops = {
11272 owner: THIS_MODULE,
11275 diff -urNp linux-2.4.37.7/drivers/gsc/eisa_eeprom.c linux-2.4.37.7/drivers/gsc/eisa_eeprom.c
11276 --- linux-2.4.37.7/drivers/gsc/eisa_eeprom.c 2009-11-07 11:52:20.000000000 -0500
11277 +++ linux-2.4.37.7/drivers/gsc/eisa_eeprom.c 2009-11-10 19:30:27.000000000 -0500
11278 @@ -84,7 +84,7 @@ static int eisa_eeprom_release(struct in
11280 * The various file operations we support.
11282 -static struct file_operations eisa_eeprom_fops = {
11283 +static const struct file_operations eisa_eeprom_fops = {
11284 owner: THIS_MODULE,
11285 llseek: eisa_eeprom_llseek,
11286 read: eisa_eeprom_read,
11287 diff -urNp linux-2.4.37.7/drivers/hil/hp_sdc_rtc.c linux-2.4.37.7/drivers/hil/hp_sdc_rtc.c
11288 --- linux-2.4.37.7/drivers/hil/hp_sdc_rtc.c 2009-11-07 11:52:20.000000000 -0500
11289 +++ linux-2.4.37.7/drivers/hil/hp_sdc_rtc.c 2009-11-10 19:30:27.000000000 -0500
11290 @@ -675,7 +675,7 @@ static int hp_sdc_rtc_ioctl(struct inode
11294 -static struct file_operations hp_sdc_rtc_fops = {
11295 +static const struct file_operations hp_sdc_rtc_fops = {
11296 .owner = THIS_MODULE,
11297 .llseek = hp_sdc_rtc_llseek,
11298 .read = hp_sdc_rtc_read,
11299 diff -urNp linux-2.4.37.7/drivers/hotplug/cpqphp_nvram.c linux-2.4.37.7/drivers/hotplug/cpqphp_nvram.c
11300 --- linux-2.4.37.7/drivers/hotplug/cpqphp_nvram.c 2009-11-07 11:52:20.000000000 -0500
11301 +++ linux-2.4.37.7/drivers/hotplug/cpqphp_nvram.c 2009-11-10 19:30:27.000000000 -0500
11302 @@ -425,9 +425,13 @@ static u32 store_HRT (void *rom_start)
11304 void compaq_nvram_init (void *rom_start)
11307 +#ifndef CONFIG_PAX_KERNEXEC
11309 compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
11313 dbg("int15 entry = %p\n", compaq_int15_entry_point);
11315 /* initialize our int15 lock */
11316 diff -urNp linux-2.4.37.7/drivers/hotplug/pci_hotplug_core.c linux-2.4.37.7/drivers/hotplug/pci_hotplug_core.c
11317 --- linux-2.4.37.7/drivers/hotplug/pci_hotplug_core.c 2009-11-07 11:52:20.000000000 -0500
11318 +++ linux-2.4.37.7/drivers/hotplug/pci_hotplug_core.c 2009-11-10 19:30:27.000000000 -0500
11319 @@ -80,9 +80,9 @@ struct hotplug_slot_core {
11320 struct dentry *cur_bus_speed_dentry;
11323 -static struct super_operations pcihpfs_ops;
11324 -static struct file_operations default_file_operations;
11325 -static struct inode_operations pcihpfs_dir_inode_operations;
11326 +static const struct super_operations pcihpfs_ops;
11327 +static const struct file_operations default_file_operations;
11328 +static const struct inode_operations pcihpfs_dir_inode_operations;
11329 static struct vfsmount *pcihpfs_mount; /* one of the mounts of our fs for reference counting */
11330 static int pcihpfs_mount_count; /* times we have mounted our fs */
11331 static spinlock_t mount_lock; /* protects our mount_count */
11332 @@ -269,7 +269,7 @@ static int default_open (struct inode *i
11336 -static struct file_operations default_file_operations = {
11337 +static const struct file_operations default_file_operations = {
11338 read: default_read_file,
11339 write: default_write_file,
11340 open: default_open,
11341 @@ -279,7 +279,7 @@ static struct file_operations default_fi
11342 /* file ops for the "power" files */
11343 static ssize_t power_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11344 static ssize_t power_write_file (struct file *file, const char *buf, size_t count, loff_t *ppos);
11345 -static struct file_operations power_file_operations = {
11346 +static const struct file_operations power_file_operations = {
11347 read: power_read_file,
11348 write: power_write_file,
11349 open: default_open,
11350 @@ -289,7 +289,7 @@ static struct file_operations power_file
11351 /* file ops for the "attention" files */
11352 static ssize_t attention_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11353 static ssize_t attention_write_file (struct file *file, const char *buf, size_t count, loff_t *ppos);
11354 -static struct file_operations attention_file_operations = {
11355 +static const struct file_operations attention_file_operations = {
11356 read: attention_read_file,
11357 write: attention_write_file,
11358 open: default_open,
11359 @@ -298,7 +298,7 @@ static struct file_operations attention_
11361 /* file ops for the "latch" files */
11362 static ssize_t latch_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11363 -static struct file_operations latch_file_operations = {
11364 +static const struct file_operations latch_file_operations = {
11365 read: latch_read_file,
11366 write: default_write_file,
11367 open: default_open,
11368 @@ -307,7 +307,7 @@ static struct file_operations latch_file
11370 /* file ops for the "presence" files */
11371 static ssize_t presence_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11372 -static struct file_operations presence_file_operations = {
11373 +static const struct file_operations presence_file_operations = {
11374 read: presence_read_file,
11375 write: default_write_file,
11376 open: default_open,
11377 @@ -316,7 +316,7 @@ static struct file_operations presence_f
11379 /* file ops for the "address" files */
11380 static ssize_t address_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11381 -static struct file_operations address_file_operations = {
11382 +static const struct file_operations address_file_operations = {
11383 read: address_read_file,
11384 write: default_write_file,
11385 open: default_open,
11386 @@ -325,7 +325,7 @@ static struct file_operations address_fi
11388 /* file ops for the "max bus speed" files */
11389 static ssize_t max_bus_speed_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11390 -static struct file_operations max_bus_speed_file_operations = {
11391 +static const struct file_operations max_bus_speed_file_operations = {
11392 read: max_bus_speed_read_file,
11393 write: default_write_file,
11394 open: default_open,
11395 @@ -334,7 +334,7 @@ static struct file_operations max_bus_sp
11397 /* file ops for the "current bus speed" files */
11398 static ssize_t cur_bus_speed_read_file (struct file *file, char *buf, size_t count, loff_t *offset);
11399 -static struct file_operations cur_bus_speed_file_operations = {
11400 +static const struct file_operations cur_bus_speed_file_operations = {
11401 read: cur_bus_speed_read_file,
11402 write: default_write_file,
11403 open: default_open,
11404 @@ -343,14 +343,14 @@ static struct file_operations cur_bus_sp
11406 /* file ops for the "test" files */
11407 static ssize_t test_write_file (struct file *file, const char *buf, size_t count, loff_t *ppos);
11408 -static struct file_operations test_file_operations = {
11409 +static const struct file_operations test_file_operations = {
11410 read: default_read_file,
11411 write: test_write_file,
11412 open: default_open,
11413 llseek: default_file_lseek,
11416 -static struct inode_operations pcihpfs_dir_inode_operations = {
11417 +static const struct inode_operations pcihpfs_dir_inode_operations = {
11418 create: pcihpfs_create,
11419 lookup: pcihpfs_lookup,
11420 unlink: pcihpfs_unlink,
11421 @@ -359,7 +359,7 @@ static struct inode_operations pcihpfs_d
11422 mknod: pcihpfs_mknod,
11425 -static struct super_operations pcihpfs_ops = {
11426 +static const struct super_operations pcihpfs_ops = {
11427 statfs: pcihpfs_statfs,
11428 put_inode: force_delete,
11430 @@ -514,7 +514,7 @@ static int pcihpfs_create_by_name (const
11432 static struct dentry *fs_create_file (const char *name, mode_t mode,
11433 struct dentry *parent, void *data,
11434 - struct file_operations *fops)
11435 + const struct file_operations *fops)
11437 struct dentry *dentry;
11439 diff -urNp linux-2.4.37.7/drivers/i2c/i2c-core.c linux-2.4.37.7/drivers/i2c/i2c-core.c
11440 --- linux-2.4.37.7/drivers/i2c/i2c-core.c 2009-11-07 11:52:20.000000000 -0500
11441 +++ linux-2.4.37.7/drivers/i2c/i2c-core.c 2009-11-10 19:30:27.000000000 -0500
11442 @@ -86,7 +86,7 @@ static int read_bus_i2c(char *buf, char
11444 /* To implement the dynamic /proc/bus/i2c-? files, we need our own
11445 implementation of the read hook */
11446 -static struct file_operations i2cproc_operations = {
11447 +static const struct file_operations i2cproc_operations = {
11448 .read = i2cproc_bus_read,
11451 diff -urNp linux-2.4.37.7/drivers/i2c/i2c-dev.c linux-2.4.37.7/drivers/i2c/i2c-dev.c
11452 --- linux-2.4.37.7/drivers/i2c/i2c-dev.c 2009-11-07 11:52:20.000000000 -0500
11453 +++ linux-2.4.37.7/drivers/i2c/i2c-dev.c 2009-11-10 19:30:27.000000000 -0500
11454 @@ -79,7 +79,7 @@ extern
11455 int __init i2c_dev_init(void);
11456 static int i2cdev_cleanup(void);
11458 -static struct file_operations i2cdev_fops = {
11459 +static const struct file_operations i2cdev_fops = {
11460 .owner = THIS_MODULE,
11461 .llseek = no_llseek,
11462 .read = i2cdev_read,
11463 diff -urNp linux-2.4.37.7/drivers/ide/ide-tape.c linux-2.4.37.7/drivers/ide/ide-tape.c
11464 --- linux-2.4.37.7/drivers/ide/ide-tape.c 2009-11-07 11:52:20.000000000 -0500
11465 +++ linux-2.4.37.7/drivers/ide/ide-tape.c 2009-11-10 19:30:27.000000000 -0500
11466 @@ -6500,7 +6500,7 @@ static ide_module_t idetape_module = {
11468 * Our character device supporting functions, passed to register_chrdev.
11470 -static struct file_operations idetape_fops = {
11471 +static const struct file_operations idetape_fops = {
11472 owner: THIS_MODULE,
11473 read: idetape_chrdev_read,
11474 write: idetape_chrdev_write,
11475 diff -urNp linux-2.4.37.7/drivers/ieee1394/amdtp.c linux-2.4.37.7/drivers/ieee1394/amdtp.c
11476 --- linux-2.4.37.7/drivers/ieee1394/amdtp.c 2009-11-07 11:52:20.000000000 -0500
11477 +++ linux-2.4.37.7/drivers/ieee1394/amdtp.c 2009-11-10 19:30:27.000000000 -0500
11478 @@ -1196,8 +1196,7 @@ static int amdtp_release(struct inode *i
11482 -static struct file_operations amdtp_fops =
11484 +static const struct file_operations amdtp_fops = {
11485 .owner = THIS_MODULE,
11486 .write = amdtp_write,
11487 .poll = amdtp_poll,
11488 diff -urNp linux-2.4.37.7/drivers/ieee1394/dma.c linux-2.4.37.7/drivers/ieee1394/dma.c
11489 --- linux-2.4.37.7/drivers/ieee1394/dma.c 2009-11-07 11:52:20.000000000 -0500
11490 +++ linux-2.4.37.7/drivers/ieee1394/dma.c 2009-11-10 19:30:27.000000000 -0500
11491 @@ -210,7 +210,7 @@ out:
11495 -static struct vm_operations_struct dma_region_vm_ops = {
11496 +static const struct vm_operations_struct dma_region_vm_ops = {
11497 .nopage = dma_region_pagefault,
11500 diff -urNp linux-2.4.37.7/drivers/ieee1394/dv1394.c linux-2.4.37.7/drivers/ieee1394/dv1394.c
11501 --- linux-2.4.37.7/drivers/ieee1394/dv1394.c 2009-11-07 11:52:20.000000000 -0500
11502 +++ linux-2.4.37.7/drivers/ieee1394/dv1394.c 2009-11-10 19:30:27.000000000 -0500
11503 @@ -2414,8 +2414,7 @@ out:
11504 spin_unlock(&video->spinlock);
11507 -static struct file_operations dv1394_fops=
11509 +static const struct file_operations dv1394_fops = {
11510 .owner = THIS_MODULE,
11511 .poll = dv1394_poll,
11512 .ioctl = dv1394_ioctl,
11513 diff -urNp linux-2.4.37.7/drivers/ieee1394/ieee1394_core.c linux-2.4.37.7/drivers/ieee1394/ieee1394_core.c
11514 --- linux-2.4.37.7/drivers/ieee1394/ieee1394_core.c 2009-11-07 11:52:20.000000000 -0500
11515 +++ linux-2.4.37.7/drivers/ieee1394/ieee1394_core.c 2009-11-10 19:30:27.000000000 -0500
11516 @@ -1008,7 +1008,7 @@ static rwlock_t ieee1394_chardevs_lock =
11518 static int ieee1394_dispatch_open(struct inode *inode, struct file *file);
11520 -static struct file_operations ieee1394_chardev_ops = {
11521 +static const struct file_operations ieee1394_chardev_ops = {
11522 .owner =THIS_MODULE,
11523 .open = ieee1394_dispatch_open,
11525 diff -urNp linux-2.4.37.7/drivers/ieee1394/ohci1394.c linux-2.4.37.7/drivers/ieee1394/ohci1394.c
11526 --- linux-2.4.37.7/drivers/ieee1394/ohci1394.c 2009-11-07 11:52:20.000000000 -0500
11527 +++ linux-2.4.37.7/drivers/ieee1394/ohci1394.c 2009-11-10 19:30:27.000000000 -0500
11528 @@ -169,8 +169,8 @@ static char version[] __devinitdata =
11530 /* Module Parameters */
11531 MODULE_PARM(phys_dma,"i");
11532 -MODULE_PARM_DESC(phys_dma, "Enable physical dma (default = 1).");
11533 -static int phys_dma = 1;
11534 +MODULE_PARM_DESC(phys_dma, "Enable physical dma (default = 0).");
11535 +static int phys_dma = 0;
11537 static void dma_trm_tasklet(unsigned long data);
11538 static void dma_trm_reset(struct dma_trm_ctx *d);
11539 diff -urNp linux-2.4.37.7/drivers/ieee1394/pcilynx.c linux-2.4.37.7/drivers/ieee1394/pcilynx.c
11540 --- linux-2.4.37.7/drivers/ieee1394/pcilynx.c 2009-11-07 11:52:20.000000000 -0500
11541 +++ linux-2.4.37.7/drivers/ieee1394/pcilynx.c 2009-11-10 19:30:27.000000000 -0500
11542 @@ -861,7 +861,7 @@ static ssize_t mem_read (struct file*, c
11543 static ssize_t mem_write(struct file*, const char*, size_t, loff_t*);
11546 -static struct file_operations aux_ops = {
11547 +static const struct file_operations aux_ops = {
11548 .owner = THIS_MODULE,
11550 .write = mem_write,
11551 diff -urNp linux-2.4.37.7/drivers/ieee1394/raw1394.c linux-2.4.37.7/drivers/ieee1394/raw1394.c
11552 --- linux-2.4.37.7/drivers/ieee1394/raw1394.c 2009-11-07 11:52:20.000000000 -0500
11553 +++ linux-2.4.37.7/drivers/ieee1394/raw1394.c 2009-11-10 19:30:27.000000000 -0500
11554 @@ -2538,7 +2538,7 @@ static struct hpsb_highlevel raw1394_hig
11555 .fcp_request = fcp_request,
11558 -static struct file_operations file_ops = {
11559 +static const struct file_operations file_ops = {
11560 .owner = THIS_MODULE,
11561 .read = raw1394_read,
11562 .write = raw1394_write,
11563 diff -urNp linux-2.4.37.7/drivers/ieee1394/video1394.c linux-2.4.37.7/drivers/ieee1394/video1394.c
11564 --- linux-2.4.37.7/drivers/ieee1394/video1394.c 2009-11-07 11:52:20.000000000 -0500
11565 +++ linux-2.4.37.7/drivers/ieee1394/video1394.c 2009-11-10 19:30:27.000000000 -0500
11566 @@ -1254,8 +1254,7 @@ static int video1394_release(struct inod
11570 -static struct file_operations video1394_fops=
11572 +static const struct file_operations video1394_fops = {
11573 .owner = THIS_MODULE,
11574 .ioctl = video1394_ioctl,
11575 .mmap = video1394_mmap,
11576 diff -urNp linux-2.4.37.7/drivers/input/evdev.c linux-2.4.37.7/drivers/input/evdev.c
11577 --- linux-2.4.37.7/drivers/input/evdev.c 2009-11-07 11:52:20.000000000 -0500
11578 +++ linux-2.4.37.7/drivers/input/evdev.c 2009-11-10 19:30:27.000000000 -0500
11579 @@ -317,7 +317,7 @@ static int evdev_ioctl(struct inode *ino
11583 -static struct file_operations evdev_fops = {
11584 +static const struct file_operations evdev_fops = {
11585 owner: THIS_MODULE,
11587 write: evdev_write,
11588 diff -urNp linux-2.4.37.7/drivers/input/input.c linux-2.4.37.7/drivers/input/input.c
11589 --- linux-2.4.37.7/drivers/input/input.c 2009-11-07 11:52:20.000000000 -0500
11590 +++ linux-2.4.37.7/drivers/input/input.c 2009-11-10 19:30:27.000000000 -0500
11591 @@ -371,7 +371,7 @@ void input_unregister_handler(struct inp
11592 static int input_open_file(struct inode *inode, struct file *file)
11594 struct input_handler *handler = input_table[MINOR(inode->i_rdev) >> 5];
11595 - struct file_operations *old_fops, *new_fops = NULL;
11596 + const struct file_operations *old_fops, *new_fops = NULL;
11599 /* No load-on-demand here? */
11600 @@ -401,7 +401,7 @@ static int input_open_file(struct inode
11604 -static struct file_operations input_fops = {
11605 +static const struct file_operations input_fops = {
11606 owner: THIS_MODULE,
11607 open: input_open_file,
11609 diff -urNp linux-2.4.37.7/drivers/input/joydev.c linux-2.4.37.7/drivers/input/joydev.c
11610 --- linux-2.4.37.7/drivers/input/joydev.c 2009-11-07 11:52:20.000000000 -0500
11611 +++ linux-2.4.37.7/drivers/input/joydev.c 2009-11-10 19:30:27.000000000 -0500
11612 @@ -409,7 +409,7 @@ static int joydev_ioctl(struct inode *in
11616 -static struct file_operations joydev_fops = {
11617 +static const struct file_operations joydev_fops = {
11618 owner: THIS_MODULE,
11620 write: joydev_write,
11621 diff -urNp linux-2.4.37.7/drivers/input/mousedev.c linux-2.4.37.7/drivers/input/mousedev.c
11622 --- linux-2.4.37.7/drivers/input/mousedev.c 2009-11-07 11:52:20.000000000 -0500
11623 +++ linux-2.4.37.7/drivers/input/mousedev.c 2009-11-10 19:30:27.000000000 -0500
11624 @@ -393,7 +393,7 @@ static unsigned int mousedev_poll(struct
11628 -struct file_operations mousedev_fops = {
11629 +const struct file_operations mousedev_fops = {
11630 owner: THIS_MODULE,
11631 read: mousedev_read,
11632 write: mousedev_write,
11633 diff -urNp linux-2.4.37.7/drivers/input/uinput.c linux-2.4.37.7/drivers/input/uinput.c
11634 --- linux-2.4.37.7/drivers/input/uinput.c 2009-11-07 11:52:20.000000000 -0500
11635 +++ linux-2.4.37.7/drivers/input/uinput.c 2009-11-10 19:30:27.000000000 -0500
11636 @@ -393,7 +393,7 @@ static int uinput_ioctl(struct inode *in
11640 -struct file_operations uinput_fops = {
11641 +const struct file_operations uinput_fops = {
11642 owner: THIS_MODULE,
11644 release: uinput_close,
11645 diff -urNp linux-2.4.37.7/drivers/isdn/avmb1/capi.c linux-2.4.37.7/drivers/isdn/avmb1/capi.c
11646 --- linux-2.4.37.7/drivers/isdn/avmb1/capi.c 2009-11-07 11:52:20.000000000 -0500
11647 +++ linux-2.4.37.7/drivers/isdn/avmb1/capi.c 2009-11-10 19:30:27.000000000 -0500
11648 @@ -1068,8 +1068,7 @@ capi_release(struct inode *inode, struct
11652 -static struct file_operations capi_fops =
11654 +static const struct file_operations capi_fops = {
11655 owner: THIS_MODULE,
11658 @@ -1258,8 +1257,7 @@ capinc_raw_release(struct inode *inode,
11662 -static struct file_operations capinc_raw_fops =
11664 +static const struct file_operations capinc_raw_fops = {
11665 owner: THIS_MODULE,
11667 read: capinc_raw_read,
11668 diff -urNp linux-2.4.37.7/drivers/isdn/avmb1/capifs.c linux-2.4.37.7/drivers/isdn/avmb1/capifs.c
11669 --- linux-2.4.37.7/drivers/isdn/avmb1/capifs.c 2009-11-07 11:52:20.000000000 -0500
11670 +++ linux-2.4.37.7/drivers/isdn/avmb1/capifs.c 2009-11-10 19:30:27.000000000 -0500
11671 @@ -71,16 +71,16 @@ static struct dentry *capifs_root_lookup
11672 static int capifs_revalidate(struct dentry *, int);
11673 static struct inode *capifs_new_inode(struct super_block *sb);
11675 -static struct file_operations capifs_root_operations = {
11676 +static const struct file_operations capifs_root_operations = {
11677 read: generic_read_dir,
11678 readdir: capifs_root_readdir,
11681 -struct inode_operations capifs_root_inode_operations = {
11682 +const struct inode_operations capifs_root_inode_operations = {
11683 lookup: capifs_root_lookup,
11686 -static struct dentry_operations capifs_dentry_operations = {
11687 +static const struct dentry_operations capifs_dentry_operations = {
11688 d_revalidate: capifs_revalidate,
11691 @@ -217,7 +217,7 @@ static void capifs_put_super(struct supe
11693 static int capifs_statfs(struct super_block *sb, struct statfs *buf);
11695 -static struct super_operations capifs_sops = {
11696 +static const struct super_operations capifs_sops = {
11697 put_super: capifs_put_super,
11698 statfs: capifs_statfs,
11700 diff -urNp linux-2.4.37.7/drivers/isdn/divert/divert_procfs.c linux-2.4.37.7/drivers/isdn/divert/divert_procfs.c
11701 --- linux-2.4.37.7/drivers/isdn/divert/divert_procfs.c 2009-11-07 11:52:20.000000000 -0500
11702 +++ linux-2.4.37.7/drivers/isdn/divert/divert_procfs.c 2009-11-10 19:30:27.000000000 -0500
11703 @@ -266,8 +266,7 @@ isdn_divert_ioctl(struct inode *inode, s
11706 #ifdef CONFIG_PROC_FS
11707 -static struct file_operations isdn_fops =
11709 +static const struct file_operations isdn_fops = {
11711 read: isdn_divert_read,
11712 write: isdn_divert_write,
11713 diff -urNp linux-2.4.37.7/drivers/isdn/hysdn/hysdn_procconf.c linux-2.4.37.7/drivers/isdn/hysdn/hysdn_procconf.c
11714 --- linux-2.4.37.7/drivers/isdn/hysdn/hysdn_procconf.c 2009-11-07 11:52:20.000000000 -0500
11715 +++ linux-2.4.37.7/drivers/isdn/hysdn/hysdn_procconf.c 2009-11-10 19:30:27.000000000 -0500
11716 @@ -378,8 +378,7 @@ hysdn_conf_close(struct inode *ino, stru
11717 /******************************************************/
11718 /* table for conf filesystem functions defined above. */
11719 /******************************************************/
11720 -static struct file_operations conf_fops =
11722 +static const struct file_operations conf_fops = {
11724 read: hysdn_conf_read,
11725 write: hysdn_conf_write,
11726 diff -urNp linux-2.4.37.7/drivers/isdn/hysdn/hysdn_proclog.c linux-2.4.37.7/drivers/isdn/hysdn/hysdn_proclog.c
11727 --- linux-2.4.37.7/drivers/isdn/hysdn/hysdn_proclog.c 2009-11-07 11:52:20.000000000 -0500
11728 +++ linux-2.4.37.7/drivers/isdn/hysdn/hysdn_proclog.c 2009-11-10 19:30:27.000000000 -0500
11729 @@ -390,8 +390,7 @@ hysdn_log_poll(struct file *file, poll_t
11730 /**************************************************/
11731 /* table for log filesystem functions defined above. */
11732 /**************************************************/
11733 -static struct file_operations log_fops =
11735 +static const struct file_operations log_fops = {
11737 read: hysdn_log_read,
11738 write: hysdn_log_write,
11739 diff -urNp linux-2.4.37.7/drivers/isdn/isdn_common.c linux-2.4.37.7/drivers/isdn/isdn_common.c
11740 --- linux-2.4.37.7/drivers/isdn/isdn_common.c 2009-11-07 11:52:20.000000000 -0500
11741 +++ linux-2.4.37.7/drivers/isdn/isdn_common.c 2009-11-10 19:30:27.000000000 -0500
11742 @@ -1753,8 +1753,7 @@ isdn_close(struct inode *ino, struct fil
11746 -static struct file_operations isdn_fops =
11748 +static const struct file_operations isdn_fops = {
11749 owner: THIS_MODULE,
11752 diff -urNp linux-2.4.37.7/drivers/macintosh/adb.c linux-2.4.37.7/drivers/macintosh/adb.c
11753 --- linux-2.4.37.7/drivers/macintosh/adb.c 2009-11-07 11:52:20.000000000 -0500
11754 +++ linux-2.4.37.7/drivers/macintosh/adb.c 2009-11-10 19:30:27.000000000 -0500
11755 @@ -835,7 +835,7 @@ out:
11759 -static struct file_operations adb_fops = {
11760 +static const struct file_operations adb_fops = {
11764 diff -urNp linux-2.4.37.7/drivers/macintosh/ans-lcd.c linux-2.4.37.7/drivers/macintosh/ans-lcd.c
11765 --- linux-2.4.37.7/drivers/macintosh/ans-lcd.c 2009-11-07 11:52:20.000000000 -0500
11766 +++ linux-2.4.37.7/drivers/macintosh/ans-lcd.c 2009-11-10 19:30:27.000000000 -0500
11767 @@ -118,7 +118,7 @@ anslcd_open( struct inode * inode, struc
11771 -struct file_operations anslcd_fops = {
11772 +const struct file_operations anslcd_fops = {
11773 write: anslcd_write,
11774 ioctl: anslcd_ioctl,
11776 diff -urNp linux-2.4.37.7/drivers/macintosh/apm_emu.c linux-2.4.37.7/drivers/macintosh/apm_emu.c
11777 --- linux-2.4.37.7/drivers/macintosh/apm_emu.c 2009-11-07 11:52:20.000000000 -0500
11778 +++ linux-2.4.37.7/drivers/macintosh/apm_emu.c 2009-11-10 19:30:27.000000000 -0500
11779 @@ -498,7 +498,7 @@ static int apm_emu_get_info(char *buf, c
11783 -static struct file_operations apm_bios_fops = {
11784 +static const struct file_operations apm_bios_fops = {
11785 owner: THIS_MODULE,
11788 diff -urNp linux-2.4.37.7/drivers/macintosh/nvram.c linux-2.4.37.7/drivers/macintosh/nvram.c
11789 --- linux-2.4.37.7/drivers/macintosh/nvram.c 2009-11-07 11:52:20.000000000 -0500
11790 +++ linux-2.4.37.7/drivers/macintosh/nvram.c 2009-11-10 19:30:27.000000000 -0500
11791 @@ -97,7 +97,7 @@ static int nvram_ioctl(struct inode *ino
11795 -struct file_operations nvram_fops = {
11796 +const struct file_operations nvram_fops = {
11797 owner: THIS_MODULE,
11798 llseek: nvram_llseek,
11800 diff -urNp linux-2.4.37.7/drivers/macintosh/rtc.c linux-2.4.37.7/drivers/macintosh/rtc.c
11801 --- linux-2.4.37.7/drivers/macintosh/rtc.c 2009-11-07 11:52:20.000000000 -0500
11802 +++ linux-2.4.37.7/drivers/macintosh/rtc.c 2009-11-10 19:30:27.000000000 -0500
11803 @@ -115,7 +115,7 @@ static int rtc_release(struct inode *ino
11807 -static struct file_operations rtc_fops = {
11808 +static const struct file_operations rtc_fops = {
11809 owner: THIS_MODULE,
11812 diff -urNp linux-2.4.37.7/drivers/macintosh/via-pmu68k.c linux-2.4.37.7/drivers/macintosh/via-pmu68k.c
11813 --- linux-2.4.37.7/drivers/macintosh/via-pmu68k.c 2009-11-07 11:52:20.000000000 -0500
11814 +++ linux-2.4.37.7/drivers/macintosh/via-pmu68k.c 2009-11-10 19:30:27.000000000 -0500
11815 @@ -1039,7 +1039,7 @@ static int /*__openfirmware*/ pmu_ioctl(
11819 -static struct file_operations pmu_device_fops = {
11820 +static const struct file_operations pmu_device_fops = {
11824 diff -urNp linux-2.4.37.7/drivers/macintosh/via-pmu.c linux-2.4.37.7/drivers/macintosh/via-pmu.c
11825 --- linux-2.4.37.7/drivers/macintosh/via-pmu.c 2009-11-07 11:52:20.000000000 -0500
11826 +++ linux-2.4.37.7/drivers/macintosh/via-pmu.c 2009-11-10 19:30:27.000000000 -0500
11827 @@ -2825,7 +2825,7 @@ static int pmu_ioctl(struct inode * inod
11831 -static struct file_operations pmu_device_fops = {
11832 +static const struct file_operations pmu_device_fops = {
11836 diff -urNp linux-2.4.37.7/drivers/md/lvm.c linux-2.4.37.7/drivers/md/lvm.c
11837 --- linux-2.4.37.7/drivers/md/lvm.c 2009-11-07 11:52:20.000000000 -0500
11838 +++ linux-2.4.37.7/drivers/md/lvm.c 2009-11-10 19:30:27.000000000 -0500
11839 @@ -405,7 +405,7 @@ static struct buffer_head *_pe_requests;
11840 static DECLARE_RWSEM(_pe_lock);
11843 -struct file_operations lvm_chr_fops = {
11844 +const struct file_operations lvm_chr_fops = {
11847 release:lvm_chr_close,
11848 diff -urNp linux-2.4.37.7/drivers/md/lvm-internal.h linux-2.4.37.7/drivers/md/lvm-internal.h
11849 --- linux-2.4.37.7/drivers/md/lvm-internal.h 2009-11-07 11:52:20.000000000 -0500
11850 +++ linux-2.4.37.7/drivers/md/lvm-internal.h 2009-11-10 19:30:27.000000000 -0500
11851 @@ -45,7 +45,6 @@ extern int loadtime;
11852 extern const char *const lvm_name;
11855 -extern uint vg_count;
11857 extern struct file_operations lvm_chr_fops;
11859 diff -urNp linux-2.4.37.7/drivers/md/md.c linux-2.4.37.7/drivers/md/md.c
11860 --- linux-2.4.37.7/drivers/md/md.c 2009-11-07 11:52:20.000000000 -0500
11861 +++ linux-2.4.37.7/drivers/md/md.c 2009-11-10 19:30:27.000000000 -0500
11862 @@ -3295,7 +3295,7 @@ static int md_seq_show(struct seq_file *
11866 -static struct seq_operations md_seq_ops = {
11867 +static const struct seq_operations md_seq_ops = {
11868 .start = md_seq_start,
11869 .next = md_seq_next,
11870 .stop = md_seq_stop,
11871 @@ -3310,7 +3310,7 @@ static int md_seq_open(struct inode *ino
11875 -static struct file_operations md_seq_fops = {
11876 +static const struct file_operations md_seq_fops = {
11877 .open = md_seq_open,
11879 .llseek = seq_lseek,
11880 diff -urNp linux-2.4.37.7/drivers/media/radio/miropcm20-rds.c linux-2.4.37.7/drivers/media/radio/miropcm20-rds.c
11881 --- linux-2.4.37.7/drivers/media/radio/miropcm20-rds.c 2009-11-07 11:52:20.000000000 -0500
11882 +++ linux-2.4.37.7/drivers/media/radio/miropcm20-rds.c 2009-11-10 19:30:27.000000000 -0500
11883 @@ -105,7 +105,7 @@ static ssize_t rds_f_read(struct file *f
11887 -static struct file_operations rds_f_ops = {
11888 +static const struct file_operations rds_f_ops = {
11891 release: rds_f_release
11892 diff -urNp linux-2.4.37.7/drivers/media/video/cpia.c linux-2.4.37.7/drivers/media/video/cpia.c
11893 --- linux-2.4.37.7/drivers/media/video/cpia.c 2009-11-07 11:52:20.000000000 -0500
11894 +++ linux-2.4.37.7/drivers/media/video/cpia.c 2009-11-10 19:30:27.000000000 -0500
11895 @@ -3064,7 +3064,7 @@ static int cpia_mmap(struct file *file,
11899 -static struct file_operations cpia_fops = {
11900 +static const struct file_operations cpia_fops = {
11901 owner: THIS_MODULE,
11903 release: cpia_close,
11904 diff -urNp linux-2.4.37.7/drivers/media/video/meye.c linux-2.4.37.7/drivers/media/video/meye.c
11905 --- linux-2.4.37.7/drivers/media/video/meye.c 2009-11-07 11:52:20.000000000 -0500
11906 +++ linux-2.4.37.7/drivers/media/video/meye.c 2009-11-10 19:30:27.000000000 -0500
11907 @@ -1252,7 +1252,7 @@ static int meye_mmap(struct file *file,
11911 -static struct file_operations meye_fops = {
11912 +static const struct file_operations meye_fops = {
11913 .owner = THIS_MODULE,
11915 .release = meye_release,
11916 diff -urNp linux-2.4.37.7/drivers/media/video/tvmixer.c linux-2.4.37.7/drivers/media/video/tvmixer.c
11917 --- linux-2.4.37.7/drivers/media/video/tvmixer.c 2009-11-07 11:52:20.000000000 -0500
11918 +++ linux-2.4.37.7/drivers/media/video/tvmixer.c 2009-11-10 19:30:27.000000000 -0500
11919 @@ -226,7 +226,7 @@ static struct i2c_driver driver = {
11920 .detach_client = tvmixer_clients,
11923 -static struct file_operations tvmixer_fops = {
11924 +static const struct file_operations tvmixer_fops = {
11925 .owner = THIS_MODULE,
11926 .llseek = no_llseek,
11927 .ioctl = tvmixer_ioctl,
11928 diff -urNp linux-2.4.37.7/drivers/media/video/videodev.c linux-2.4.37.7/drivers/media/video/videodev.c
11929 --- linux-2.4.37.7/drivers/media/video/videodev.c 2009-11-07 11:52:20.000000000 -0500
11930 +++ linux-2.4.37.7/drivers/media/video/videodev.c 2009-11-10 19:30:27.000000000 -0500
11931 @@ -155,7 +155,7 @@ static int video_open(struct inode *inod
11935 - struct file_operations *old_fops;
11936 + const struct file_operations *old_fops;
11938 old_fops = file->f_op;
11939 file->f_op = fops_get(vfl->fops);
11940 @@ -489,8 +489,7 @@ static void videodev_proc_destroy_dev (s
11942 #endif /* CONFIG_VIDEO_PROC_FS */
11944 -static struct file_operations video_fops=
11946 +static const struct file_operations video_fops = {
11947 owner: THIS_MODULE,
11950 diff -urNp linux-2.4.37.7/drivers/media/video/vino.c linux-2.4.37.7/drivers/media/video/vino.c
11951 --- linux-2.4.37.7/drivers/media/video/vino.c 2009-11-07 11:52:20.000000000 -0500
11952 +++ linux-2.4.37.7/drivers/media/video/vino.c 2009-11-10 19:30:27.000000000 -0500
11953 @@ -1007,7 +1007,7 @@ static int vino_ioctl(struct inode *inod
11957 -static struct file_operations vino_fops = {
11958 +static const struct file_operations vino_fops = {
11959 .owner = THIS_MODULE,
11961 .release = vino_close,
11962 diff -urNp linux-2.4.37.7/drivers/message/fusion/mptctl.c linux-2.4.37.7/drivers/message/fusion/mptctl.c
11963 --- linux-2.4.37.7/drivers/message/fusion/mptctl.c 2009-11-07 11:52:20.000000000 -0500
11964 +++ linux-2.4.37.7/drivers/message/fusion/mptctl.c 2009-11-10 19:30:27.000000000 -0500
11965 @@ -2738,7 +2738,7 @@ mptctl_hp_targetinfo(unsigned long arg)
11966 #define owner_THIS_MODULE
11969 -static struct file_operations mptctl_fops = {
11970 +static const struct file_operations mptctl_fops = {
11972 .llseek = no_llseek,
11973 .read = mptctl_read,
11974 diff -urNp linux-2.4.37.7/drivers/message/i2o/i2o_config.c linux-2.4.37.7/drivers/message/i2o/i2o_config.c
11975 --- linux-2.4.37.7/drivers/message/i2o/i2o_config.c 2009-11-07 11:52:20.000000000 -0500
11976 +++ linux-2.4.37.7/drivers/message/i2o/i2o_config.c 2009-11-10 19:30:27.000000000 -0500
11977 @@ -890,8 +890,7 @@ static int cfg_fasync(int fd, struct fil
11978 return fasync_helper(fd, fp, on, &p->fasync);
11981 -static struct file_operations config_fops =
11983 +static const struct file_operations config_fops = {
11984 owner: THIS_MODULE,
11987 diff -urNp linux-2.4.37.7/drivers/mtd/devices/doc2001.c linux-2.4.37.7/drivers/mtd/devices/doc2001.c
11988 --- linux-2.4.37.7/drivers/mtd/devices/doc2001.c 2009-11-07 11:52:20.000000000 -0500
11989 +++ linux-2.4.37.7/drivers/mtd/devices/doc2001.c 2009-11-10 19:30:27.000000000 -0500
11990 @@ -418,6 +418,8 @@ static int doc_read_ecc (struct mtd_info
11991 /* Don't allow read past end of device */
11992 if (from >= this->totlen)
11997 /* Don't allow a single read to cross a 512-byte block boundary */
11998 if (from + len > ((from | 0x1ff) + 1))
11999 diff -urNp linux-2.4.37.7/drivers/mtd/ftl.c linux-2.4.37.7/drivers/mtd/ftl.c
12000 --- linux-2.4.37.7/drivers/mtd/ftl.c 2009-11-07 11:52:20.000000000 -0500
12001 +++ linux-2.4.37.7/drivers/mtd/ftl.c 2009-11-10 19:30:27.000000000 -0500
12002 @@ -231,7 +231,7 @@ static int ftl_reread_partitions(int min
12003 static void ftl_erase_callback(struct erase_info *done);
12005 #if LINUX_VERSION_CODE < 0x20326
12006 -static struct file_operations ftl_blk_fops = {
12007 +static const struct file_operations ftl_blk_fops = {
12009 release: ftl_close,
12011 diff -urNp linux-2.4.37.7/drivers/mtd/mtdblock.c linux-2.4.37.7/drivers/mtd/mtdblock.c
12012 --- linux-2.4.37.7/drivers/mtd/mtdblock.c 2009-11-07 11:52:20.000000000 -0500
12013 +++ linux-2.4.37.7/drivers/mtd/mtdblock.c 2009-11-10 19:30:27.000000000 -0500
12014 @@ -567,8 +567,7 @@ static int mtdblock_ioctl(struct inode *
12017 #if LINUX_VERSION_CODE < 0x20326
12018 -static struct file_operations mtd_fops =
12020 +static const struct file_operations mtd_fops = {
12021 open: mtdblock_open,
12022 ioctl: mtdblock_ioctl,
12023 release: mtdblock_release,
12024 diff -urNp linux-2.4.37.7/drivers/mtd/mtdblock_ro.c linux-2.4.37.7/drivers/mtd/mtdblock_ro.c
12025 --- linux-2.4.37.7/drivers/mtd/mtdblock_ro.c 2009-11-07 11:52:20.000000000 -0500
12026 +++ linux-2.4.37.7/drivers/mtd/mtdblock_ro.c 2009-11-10 19:30:27.000000000 -0500
12027 @@ -242,8 +242,7 @@ static int mtdblock_ioctl(struct inode *
12030 #if LINUX_VERSION_CODE < 0x20326
12031 -static struct file_operations mtd_fops =
12033 +static const struct file_operations mtd_fops = {
12034 open: mtdblock_open,
12035 ioctl: mtdblock_ioctl,
12036 release: mtdblock_release,
12037 diff -urNp linux-2.4.37.7/drivers/mtd/mtdchar.c linux-2.4.37.7/drivers/mtd/mtdchar.c
12038 --- linux-2.4.37.7/drivers/mtd/mtdchar.c 2009-11-07 11:52:20.000000000 -0500
12039 +++ linux-2.4.37.7/drivers/mtd/mtdchar.c 2009-11-10 19:30:27.000000000 -0500
12040 @@ -533,7 +533,7 @@ static int mtd_ioctl(struct inode *inode
12042 } /* memory_ioctl */
12044 -static struct file_operations mtd_fops = {
12045 +static const struct file_operations mtd_fops = {
12046 owner: THIS_MODULE,
12047 llseek: mtd_lseek, /* lseek */
12048 read: mtd_read, /* read */
12049 diff -urNp linux-2.4.37.7/drivers/mtd/nftlcore.c linux-2.4.37.7/drivers/mtd/nftlcore.c
12050 --- linux-2.4.37.7/drivers/mtd/nftlcore.c 2009-11-07 11:52:20.000000000 -0500
12051 +++ linux-2.4.37.7/drivers/mtd/nftlcore.c 2009-11-10 19:30:27.000000000 -0500
12052 @@ -1020,7 +1020,7 @@ static int nftl_release(struct inode *in
12055 #if LINUX_VERSION_CODE < 0x20326
12056 -static struct file_operations nftl_fops = {
12057 +static const struct file_operations nftl_fops = {
12059 write: block_write,
12061 diff -urNp linux-2.4.37.7/drivers/net/bonding/bond_main.c linux-2.4.37.7/drivers/net/bonding/bond_main.c
12062 --- linux-2.4.37.7/drivers/net/bonding/bond_main.c 2009-11-07 11:52:20.000000000 -0500
12063 +++ linux-2.4.37.7/drivers/net/bonding/bond_main.c 2009-11-10 19:30:27.000000000 -0500
12064 @@ -3246,7 +3246,7 @@ static int bond_info_seq_show(struct seq
12068 -static struct seq_operations bond_info_seq_ops = {
12069 +static const struct seq_operations bond_info_seq_ops = {
12070 .start = bond_info_seq_start,
12071 .next = bond_info_seq_next,
12072 .stop = bond_info_seq_stop,
12073 @@ -3270,7 +3270,7 @@ static int bond_info_open(struct inode *
12077 -static struct file_operations bond_info_fops = {
12078 +static const struct file_operations bond_info_fops = {
12079 .owner = THIS_MODULE,
12080 .open = bond_info_open,
12082 diff -urNp linux-2.4.37.7/drivers/net/ibmveth.c linux-2.4.37.7/drivers/net/ibmveth.c
12083 --- linux-2.4.37.7/drivers/net/ibmveth.c 2009-11-07 11:52:20.000000000 -0500
12084 +++ linux-2.4.37.7/drivers/net/ibmveth.c 2009-11-10 19:30:27.000000000 -0500
12085 @@ -1013,7 +1013,7 @@ static int ibmveth_seq_show(struct seq_f
12089 -static struct seq_operations ibmveth_seq_ops = {
12090 +static const struct seq_operations ibmveth_seq_ops = {
12091 .start = ibmveth_seq_start,
12092 .next = ibmveth_seq_next,
12093 .stop = ibmveth_seq_stop,
12094 @@ -1036,7 +1036,7 @@ static int ibmveth_proc_open(struct inod
12098 -static struct file_operations ibmveth_proc_fops = {
12099 +static const struct file_operations ibmveth_proc_fops = {
12100 .owner = THIS_MODULE,
12101 .open = ibmveth_proc_open,
12103 diff -urNp linux-2.4.37.7/drivers/net/ppp_generic.c linux-2.4.37.7/drivers/net/ppp_generic.c
12104 --- linux-2.4.37.7/drivers/net/ppp_generic.c 2009-11-07 11:52:20.000000000 -0500
12105 +++ linux-2.4.37.7/drivers/net/ppp_generic.c 2009-11-10 19:30:27.000000000 -0500
12106 @@ -764,7 +764,7 @@ static int ppp_unattached_ioctl(struct p
12110 -static struct file_operations ppp_device_fops = {
12111 +static const struct file_operations ppp_device_fops = {
12112 owner: THIS_MODULE,
12115 diff -urNp linux-2.4.37.7/drivers/net/tun.c linux-2.4.37.7/drivers/net/tun.c
12116 --- linux-2.4.37.7/drivers/net/tun.c 2009-11-07 11:52:20.000000000 -0500
12117 +++ linux-2.4.37.7/drivers/net/tun.c 2009-11-10 19:30:27.000000000 -0500
12118 @@ -563,7 +563,7 @@ static int tun_chr_close(struct inode *i
12122 -static struct file_operations tun_fops = {
12123 +static const struct file_operations tun_fops = {
12124 owner: THIS_MODULE,
12126 read: tun_chr_read,
12127 diff -urNp linux-2.4.37.7/drivers/net/wan/8253x/8253xini.c linux-2.4.37.7/drivers/net/wan/8253x/8253xini.c
12128 --- linux-2.4.37.7/drivers/net/wan/8253x/8253xini.c 2009-11-07 11:52:20.000000000 -0500
12129 +++ linux-2.4.37.7/drivers/net/wan/8253x/8253xini.c 2009-11-10 19:30:27.000000000 -0500
12130 @@ -182,8 +182,7 @@ struct net_device auraXX20n_prototype =
12131 sab8253xn_init /* network driver initialization */
12134 -struct file_operations sab8253xc_fops =
12136 +const struct file_operations sab8253xc_fops = {
12137 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2, 4, 0))
12140 diff -urNp linux-2.4.37.7/drivers/net/wan/comx.c linux-2.4.37.7/drivers/net/wan/comx.c
12141 --- linux-2.4.37.7/drivers/net/wan/comx.c 2009-11-07 11:52:20.000000000 -0500
12142 +++ linux-2.4.37.7/drivers/net/wan/comx.c 2009-11-10 19:30:27.000000000 -0500
12143 @@ -96,7 +96,7 @@ static int comx_mkdir(struct inode *, st
12144 static int comx_rmdir(struct inode *, struct dentry *);
12145 static struct dentry *comx_lookup(struct inode *, struct dentry *);
12147 -static struct inode_operations comx_root_inode_ops = {
12148 +static const struct inode_operations comx_root_inode_ops = {
12149 lookup: comx_lookup,
12152 @@ -106,7 +106,7 @@ static int comx_delete_dentry(struct den
12153 static struct proc_dir_entry *create_comx_proc_entry(char *name, int mode,
12154 int size, struct proc_dir_entry *dir);
12156 -static struct dentry_operations comx_dentry_operations = {
12157 +static const struct dentry_operations comx_dentry_operations = {
12158 d_delete: comx_delete_dentry,
12161 diff -urNp linux-2.4.37.7/drivers/net/wan/cosa.c linux-2.4.37.7/drivers/net/wan/cosa.c
12162 --- linux-2.4.37.7/drivers/net/wan/cosa.c 2009-11-07 11:52:20.000000000 -0500
12163 +++ linux-2.4.37.7/drivers/net/wan/cosa.c 2009-11-10 19:30:27.000000000 -0500
12164 @@ -310,7 +310,7 @@ static int cosa_chardev_ioctl(struct ino
12165 static int cosa_fasync(struct inode *inode, struct file *file, int on);
12168 -static struct file_operations cosa_fops = {
12169 +static const struct file_operations cosa_fops = {
12170 owner: THIS_MODULE,
12173 diff -urNp linux-2.4.37.7/drivers/net/wan/sdla_ppp.c linux-2.4.37.7/drivers/net/wan/sdla_ppp.c
12174 --- linux-2.4.37.7/drivers/net/wan/sdla_ppp.c 2009-11-07 11:52:20.000000000 -0500
12175 +++ linux-2.4.37.7/drivers/net/wan/sdla_ppp.c 2009-11-10 19:30:27.000000000 -0500
12176 @@ -467,7 +467,7 @@ static int update(wan_device_t *wandev)
12177 sdla_t* card = wandev->private;
12179 volatile ppp_private_area_t *ppp_priv_area;
12180 - ppp_flags_t *flags = card->flags;
12181 + ppp_flags_t *flags;
12182 unsigned long timeout;
12184 /* sanity checks */
12185 @@ -491,6 +491,7 @@ static int update(wan_device_t *wandev)
12187 ppp_priv_area->update_comms_stats = 2;
12188 ppp_priv_area->timer_int_enabled |= TMR_INT_ENABLED_UPDATE;
12189 + flags = card->flags;
12190 flags->imask |= PPP_INTR_TIMER;
12192 /* wait a maximum of 1 second for the statistics to be updated */
12193 diff -urNp linux-2.4.37.7/drivers/net/wireless/airo.c linux-2.4.37.7/drivers/net/wireless/airo.c
12194 --- linux-2.4.37.7/drivers/net/wireless/airo.c 2009-11-07 11:52:20.000000000 -0500
12195 +++ linux-2.4.37.7/drivers/net/wireless/airo.c 2009-11-10 19:30:27.000000000 -0500
12196 @@ -3473,53 +3473,53 @@ static int proc_BSSList_open( struct ino
12197 static int proc_config_open( struct inode *inode, struct file *file );
12198 static int proc_wepkey_open( struct inode *inode, struct file *file );
12200 -static struct file_operations proc_statsdelta_ops = {
12201 +static const struct file_operations proc_statsdelta_ops = {
12203 .open = proc_statsdelta_open,
12204 .release = proc_close
12207 -static struct file_operations proc_stats_ops = {
12208 +static const struct file_operations proc_stats_ops = {
12210 .open = proc_stats_open,
12211 .release = proc_close
12214 -static struct file_operations proc_status_ops = {
12215 +static const struct file_operations proc_status_ops = {
12217 .open = proc_status_open,
12218 .release = proc_close
12221 -static struct file_operations proc_SSID_ops = {
12222 +static const struct file_operations proc_SSID_ops = {
12224 .write = proc_write,
12225 .open = proc_SSID_open,
12226 .release = proc_close
12229 -static struct file_operations proc_BSSList_ops = {
12230 +static const struct file_operations proc_BSSList_ops = {
12232 .write = proc_write,
12233 .open = proc_BSSList_open,
12234 .release = proc_close
12237 -static struct file_operations proc_APList_ops = {
12238 +static const struct file_operations proc_APList_ops = {
12240 .write = proc_write,
12241 .open = proc_APList_open,
12242 .release = proc_close
12245 -static struct file_operations proc_config_ops = {
12246 +static const struct file_operations proc_config_ops = {
12248 .write = proc_write,
12249 .open = proc_config_open,
12250 .release = proc_close
12253 -static struct file_operations proc_wepkey_ops = {
12254 +static const struct file_operations proc_wepkey_ops = {
12256 .write = proc_write,
12257 .open = proc_wepkey_open,
12258 diff -urNp linux-2.4.37.7/drivers/pci/proc.c linux-2.4.37.7/drivers/pci/proc.c
12259 --- linux-2.4.37.7/drivers/pci/proc.c 2009-11-07 11:52:20.000000000 -0500
12260 +++ linux-2.4.37.7/drivers/pci/proc.c 2009-11-10 19:30:27.000000000 -0500
12261 @@ -284,7 +284,7 @@ static int proc_bus_pci_release(struct i
12263 #endif /* HAVE_PCI_MMAP */
12265 -static struct file_operations proc_bus_pci_operations = {
12266 +static const struct file_operations proc_bus_pci_operations = {
12267 llseek: proc_bus_pci_lseek,
12268 read: proc_bus_pci_read,
12269 write: proc_bus_pci_write,
12270 @@ -364,7 +364,7 @@ static int show_device(struct seq_file *
12274 -static struct seq_operations proc_bus_pci_devices_op = {
12275 +static const struct seq_operations proc_bus_pci_devices_op = {
12276 start: pci_seq_start,
12277 next: pci_seq_next,
12278 stop: pci_seq_stop,
12279 @@ -524,7 +524,7 @@ static int show_dev_config(struct seq_fi
12283 -static struct seq_operations proc_pci_op = {
12284 +static const struct seq_operations proc_pci_op = {
12285 start: pci_seq_start,
12286 next: pci_seq_next,
12287 stop: pci_seq_stop,
12288 @@ -535,7 +535,7 @@ static int proc_bus_pci_dev_open(struct
12290 return seq_open(file, &proc_bus_pci_devices_op);
12292 -static struct file_operations proc_bus_pci_dev_operations = {
12293 +static const struct file_operations proc_bus_pci_dev_operations = {
12294 open: proc_bus_pci_dev_open,
12297 @@ -545,7 +545,7 @@ static int proc_pci_open(struct inode *i
12299 return seq_open(file, &proc_pci_op);
12301 -static struct file_operations proc_pci_operations = {
12302 +static const struct file_operations proc_pci_operations = {
12303 open: proc_pci_open,
12306 @@ -564,7 +564,15 @@ static int __init pci_proc_init(void)
12307 pci_for_each_dev(dev) {
12308 pci_proc_attach_device(dev);
12310 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
12311 +#ifdef CONFIG_GRKERNSEC_PROC_USER
12312 + entry = create_proc_entry("pci", S_IRUSR, NULL);
12313 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
12314 + entry = create_proc_entry("pci", S_IRUSR | S_IRGRP, NULL);
12317 entry = create_proc_entry("pci", 0, NULL);
12320 entry->proc_fops = &proc_pci_operations;
12322 diff -urNp linux-2.4.37.7/drivers/pcmcia/ds.c linux-2.4.37.7/drivers/pcmcia/ds.c
12323 --- linux-2.4.37.7/drivers/pcmcia/ds.c 2009-11-07 11:52:20.000000000 -0500
12324 +++ linux-2.4.37.7/drivers/pcmcia/ds.c 2009-11-10 19:30:27.000000000 -0500
12325 @@ -867,7 +867,7 @@ static int ds_ioctl(struct inode * inode
12327 /*====================================================================*/
12329 -static struct file_operations ds_fops = {
12330 +static const struct file_operations ds_fops = {
12331 owner: THIS_MODULE,
12333 release: ds_release,
12334 diff -urNp linux-2.4.37.7/drivers/pnp/isapnp_proc.c linux-2.4.37.7/drivers/pnp/isapnp_proc.c
12335 --- linux-2.4.37.7/drivers/pnp/isapnp_proc.c 2009-11-07 11:52:20.000000000 -0500
12336 +++ linux-2.4.37.7/drivers/pnp/isapnp_proc.c 2009-11-10 19:30:27.000000000 -0500
12337 @@ -205,8 +205,7 @@ static unsigned int isapnp_info_entry_po
12338 return POLLIN | POLLRDNORM;
12341 -static struct file_operations isapnp_info_entry_operations =
12343 +static const struct file_operations isapnp_info_entry_operations = {
12344 llseek: isapnp_info_entry_lseek,
12345 read: isapnp_info_entry_read,
12346 write: isapnp_info_entry_write,
12347 @@ -269,8 +268,7 @@ static ssize_t isapnp_proc_bus_read(stru
12351 -static struct file_operations isapnp_proc_bus_file_operations =
12353 +static const struct file_operations isapnp_proc_bus_file_operations = {
12354 llseek: isapnp_proc_bus_lseek,
12355 read: isapnp_proc_bus_read,
12357 diff -urNp linux-2.4.37.7/drivers/s390/block/dasd.c linux-2.4.37.7/drivers/s390/block/dasd.c
12358 --- linux-2.4.37.7/drivers/s390/block/dasd.c 2009-11-07 11:52:20.000000000 -0500
12359 +++ linux-2.4.37.7/drivers/s390/block/dasd.c 2009-11-10 19:30:27.000000000 -0500
12360 @@ -4968,14 +4968,14 @@ dasd_devices_close (struct inode *inode,
12364 -static struct file_operations dasd_devices_file_ops = {
12365 +static const struct file_operations dasd_devices_file_ops = {
12366 read:dasd_generic_read, /* read */
12367 write:dasd_devices_write, /* write */
12368 open:dasd_devices_open, /* open */
12369 release:dasd_devices_close, /* close */
12372 -static struct inode_operations dasd_devices_inode_ops = {
12373 +static const struct inode_operations dasd_devices_inode_ops = {
12377 @@ -5248,14 +5248,14 @@ dasd_statistics_write (struct file *file
12381 -static struct file_operations dasd_statistics_file_ops = {
12382 +static const struct file_operations dasd_statistics_file_ops = {
12383 read:dasd_generic_read, /* read */
12384 write:dasd_statistics_write, /* write */
12385 open:dasd_statistics_open, /* open */
12386 release:dasd_devices_close, /* close */
12389 -static struct inode_operations dasd_statistics_inode_ops = {
12390 +static const struct inode_operations dasd_statistics_inode_ops = {
12394 diff -urNp linux-2.4.37.7/drivers/s390/block/xpram.c linux-2.4.37.7/drivers/s390/block/xpram.c
12395 --- linux-2.4.37.7/drivers/s390/block/xpram.c 2009-11-07 11:52:20.000000000 -0500
12396 +++ linux-2.4.37.7/drivers/s390/block/xpram.c 2009-11-10 19:30:27.000000000 -0500
12397 @@ -717,7 +717,7 @@ int xpram_ioctl (struct inode *inode, st
12400 #if (XPRAM_VERSION == 22)
12401 -struct file_operations xpram_fops = {
12402 +const struct file_operations xpram_fops = {
12403 NULL, /* lseek: default */
12406 diff -urNp linux-2.4.37.7/drivers/s390/char/tapeblock.c linux-2.4.37.7/drivers/s390/char/tapeblock.c
12407 --- linux-2.4.37.7/drivers/s390/char/tapeblock.c 2009-11-07 11:52:20.000000000 -0500
12408 +++ linux-2.4.37.7/drivers/s390/char/tapeblock.c 2009-11-10 19:30:27.000000000 -0500
12410 #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,3,98))
12411 static struct block_device_operations tapeblock_fops = {
12413 -static struct file_operations tapeblock_fops = {
12414 +static const struct file_operations tapeblock_fops = {
12416 owner : THIS_MODULE,
12417 open : tapeblock_open, /* open */
12418 diff -urNp linux-2.4.37.7/drivers/s390/char/tape.c linux-2.4.37.7/drivers/s390/char/tape.c
12419 --- linux-2.4.37.7/drivers/s390/char/tape.c 2009-11-07 11:52:20.000000000 -0500
12420 +++ linux-2.4.37.7/drivers/s390/char/tape.c 2009-11-10 19:30:27.000000000 -0500
12421 @@ -203,15 +203,13 @@ tape_devices_release (struct inode *inod
12425 -static struct file_operations tape_devices_file_ops =
12427 +static const struct file_operations tape_devices_file_ops = {
12428 read:tape_devices_read, /* read */
12429 open:tape_devices_open, /* open */
12430 release:tape_devices_release, /* close */
12433 -static struct inode_operations tape_devices_inode_ops =
12435 +static const struct inode_operations tape_devices_inode_ops = {
12436 #if !(LINUX_VERSION_CODE > KERNEL_VERSION(2,3,98))
12437 default_file_ops:&tape_devices_file_ops /* file ops */
12438 #endif /* LINUX_IS_24 */
12439 diff -urNp linux-2.4.37.7/drivers/s390/char/tapechar.c linux-2.4.37.7/drivers/s390/char/tapechar.c
12440 --- linux-2.4.37.7/drivers/s390/char/tapechar.c 2009-11-07 11:52:20.000000000 -0500
12441 +++ linux-2.4.37.7/drivers/s390/char/tapechar.c 2009-11-10 19:30:27.000000000 -0500
12444 * file operation structure for tape devices
12446 -static struct file_operations tape_fops =
12448 +static const struct file_operations tape_fops = {
12449 // owner : THIS_MODULE,
12450 llseek:NULL, /* lseek - default */
12451 read:tape_read, /* read */
12452 diff -urNp linux-2.4.37.7/drivers/s390/char/tubfs.c linux-2.4.37.7/drivers/s390/char/tubfs.c
12453 --- linux-2.4.37.7/drivers/s390/char/tubfs.c 2009-11-07 11:52:20.000000000 -0500
12454 +++ linux-2.4.37.7/drivers/s390/char/tubfs.c 2009-11-10 19:30:27.000000000 -0500
12455 @@ -22,7 +22,7 @@ static int fs3270_wait(tub_t *, long *);
12456 static void fs3270_int(tub_t *tubp, devstat_t *dsp);
12457 extern void tty3270_refresh(tub_t *);
12459 -static struct file_operations fs3270_fops = {
12460 +static const struct file_operations fs3270_fops = {
12461 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0))
12462 owner: THIS_MODULE, /* owner */
12464 diff -urNp linux-2.4.37.7/drivers/s390/net/ctcmain.c linux-2.4.37.7/drivers/s390/net/ctcmain.c
12465 --- linux-2.4.37.7/drivers/s390/net/ctcmain.c 2009-11-07 11:52:20.000000000 -0500
12466 +++ linux-2.4.37.7/drivers/s390/net/ctcmain.c 2009-11-10 19:30:27.000000000 -0500
12467 @@ -3202,38 +3202,38 @@ static ssize_t ctc_stat_read(struct file
12471 -static struct file_operations ctc_stat_fops = {
12472 +static const struct file_operations ctc_stat_fops = {
12473 read: ctc_stat_read,
12474 write: ctc_stat_write,
12475 open: ctc_stat_open,
12476 release: ctc_stat_close,
12479 -static struct file_operations ctc_ctrl_fops = {
12480 +static const struct file_operations ctc_ctrl_fops = {
12481 read: ctc_ctrl_read,
12482 write: ctc_ctrl_write,
12483 open: ctc_ctrl_open,
12484 release: ctc_ctrl_close,
12487 -static struct file_operations ctc_loglevel_fops = {
12488 +static const struct file_operations ctc_loglevel_fops = {
12489 read: ctc_loglevel_read,
12490 write: ctc_loglevel_write,
12491 open: ctc_loglevel_open,
12492 release: ctc_loglevel_close,
12495 -static struct inode_operations ctc_stat_iops = {
12496 +static const struct inode_operations ctc_stat_iops = {
12497 #if LINUX_VERSION_CODE < 0x020363
12498 default_file_ops: &ctc_stat_fops
12501 -static struct inode_operations ctc_ctrl_iops = {
12502 +static const struct inode_operations ctc_ctrl_iops = {
12503 #if LINUX_VERSION_CODE < 0x020363
12504 default_file_ops: &ctc_ctrl_fops
12507 -static struct inode_operations ctc_loglevel_iops = {
12508 +static const struct inode_operations ctc_loglevel_iops = {
12509 #if LINUX_VERSION_CODE < 0x020363
12510 default_file_ops: &ctc_loglevel_fops
12512 diff -urNp linux-2.4.37.7/drivers/s390/net/netiucv.c linux-2.4.37.7/drivers/s390/net/netiucv.c
12513 --- linux-2.4.37.7/drivers/s390/net/netiucv.c 2009-11-07 11:52:20.000000000 -0500
12514 +++ linux-2.4.37.7/drivers/s390/net/netiucv.c 2009-11-10 19:30:27.000000000 -0500
12515 @@ -1648,39 +1648,39 @@ netiucv_stat_read(struct file *file, cha
12519 -static struct file_operations netiucv_stat_fops = {
12520 +static const struct file_operations netiucv_stat_fops = {
12521 read: netiucv_stat_read,
12522 write: netiucv_stat_write,
12523 open: netiucv_stat_open,
12524 release: netiucv_stat_close,
12527 -static struct file_operations netiucv_buffer_fops = {
12528 +static const struct file_operations netiucv_buffer_fops = {
12529 read: netiucv_buffer_read,
12530 write: netiucv_buffer_write,
12531 open: netiucv_buffer_open,
12532 release: netiucv_buffer_close,
12535 -static struct file_operations netiucv_user_fops = {
12536 +static const struct file_operations netiucv_user_fops = {
12537 read: netiucv_user_read,
12538 write: netiucv_user_write,
12539 open: netiucv_user_open,
12540 release: netiucv_user_close,
12543 -static struct inode_operations netiucv_stat_iops = {
12544 +static const struct inode_operations netiucv_stat_iops = {
12545 #if LINUX_VERSION_CODE < 0x020363
12546 default_file_ops: &netiucv_stat_fops
12549 -static struct inode_operations netiucv_buffer_iops = {
12550 +static const struct inode_operations netiucv_buffer_iops = {
12551 #if LINUX_VERSION_CODE < 0x020363
12552 default_file_ops: &netiucv_buffer_fops
12556 -static struct inode_operations netiucv_user_iops = {
12557 +static const struct inode_operations netiucv_user_iops = {
12558 #if LINUX_VERSION_CODE < 0x020363
12559 default_file_ops: &netiucv_user_fops
12561 diff -urNp linux-2.4.37.7/drivers/s390/net/qeth.c linux-2.4.37.7/drivers/s390/net/qeth.c
12562 --- linux-2.4.37.7/drivers/s390/net/qeth.c 2009-11-07 11:52:20.000000000 -0500
12563 +++ linux-2.4.37.7/drivers/s390/net/qeth.c 2009-11-10 19:30:27.000000000 -0500
12564 @@ -10929,8 +10929,7 @@ static int qeth_procfile_ioctl(struct in
12568 -static struct file_operations qeth_procfile_fops =
12570 +static const struct file_operations qeth_procfile_fops = {
12571 ioctl:qeth_procfile_ioctl,
12572 read:qeth_procfile_read,
12573 write:qeth_procfile_write,
12574 @@ -10940,8 +10939,7 @@ static struct file_operations qeth_procf
12576 static struct proc_dir_entry *qeth_proc_file;
12578 -static struct file_operations qeth_ipato_procfile_fops =
12580 +static const struct file_operations qeth_ipato_procfile_fops = {
12581 read:qeth_procfile_read, /* same as above! */
12582 write:qeth_ipato_procfile_write,
12583 open:qeth_ipato_procfile_open,
12584 diff -urNp linux-2.4.37.7/drivers/s390/s390io.c linux-2.4.37.7/drivers/s390/s390io.c
12585 --- linux-2.4.37.7/drivers/s390/s390io.c 2009-11-07 11:52:20.000000000 -0500
12586 +++ linux-2.4.37.7/drivers/s390/s390io.c 2009-11-10 19:30:27.000000000 -0500
12587 @@ -8350,7 +8350,7 @@ chan_subch_read (struct file *file, char
12591 -static struct file_operations chan_subch_file_ops = {
12592 +static const struct file_operations chan_subch_file_ops = {
12593 read:chan_subch_read, open:chan_subch_open, release:chan_subch_close,
12596 @@ -8597,17 +8597,17 @@ cio_chpid_entry_open (struct inode *inod
12600 -static struct file_operations cio_sensedata_entry_file_ops = {
12601 +static const struct file_operations cio_sensedata_entry_file_ops = {
12602 read:cio_device_entry_read, open:cio_sensedata_entry_open,
12603 release:cio_device_entry_close,
12606 -static struct file_operations cio_in_use_entry_file_ops = {
12607 +static const struct file_operations cio_in_use_entry_file_ops = {
12608 read:cio_device_entry_read, open:cio_in_use_entry_open,
12609 release:cio_device_entry_close,
12612 -static struct file_operations cio_chpid_entry_file_ops = {
12613 +static const struct file_operations cio_chpid_entry_file_ops = {
12614 read:cio_device_entry_read, open:cio_chpid_entry_open,
12615 release:cio_device_entry_close,
12617 @@ -8926,7 +8926,7 @@ cio_ignore_proc_write (struct file *file
12621 -static struct file_operations cio_ignore_proc_file_ops = {
12622 +static const struct file_operations cio_ignore_proc_file_ops = {
12623 read:cio_ignore_proc_read, open:cio_ignore_proc_open,
12624 write:cio_ignore_proc_write, release:cio_ignore_proc_close,
12626 @@ -9019,7 +9019,7 @@ cio_irq_proc_read (struct file *file, ch
12630 -static struct file_operations cio_irq_proc_file_ops = {
12631 +static const struct file_operations cio_irq_proc_file_ops = {
12632 read:cio_irq_proc_read, open:cio_irq_proc_open,
12633 release:cio_irq_proc_close,
12635 @@ -9177,7 +9177,7 @@ cio_chpids_proc_write (struct file *file
12639 -static struct file_operations cio_chpids_proc_file_ops =
12640 +static const struct file_operations cio_chpids_proc_file_ops =
12642 read:cio_chpids_proc_read,
12643 open:cio_chpids_proc_open,
12644 diff -urNp linux-2.4.37.7/drivers/sbus/audio/audio.c linux-2.4.37.7/drivers/sbus/audio/audio.c
12645 --- linux-2.4.37.7/drivers/sbus/audio/audio.c 2009-11-07 11:52:20.000000000 -0500
12646 +++ linux-2.4.37.7/drivers/sbus/audio/audio.c 2009-11-10 19:30:27.000000000 -0500
12647 @@ -1701,7 +1701,7 @@ static int sparcaudio_ioctl(struct inode
12651 -static struct file_operations sparcaudioctl_fops = {
12652 +static const struct file_operations sparcaudioctl_fops = {
12653 owner: THIS_MODULE,
12654 poll: sparcaudio_poll,
12655 ioctl: sparcaudio_ioctl,
12656 @@ -1893,7 +1893,7 @@ static int sparcaudio_release(struct ino
12660 -static struct file_operations sparcaudio_fops = {
12661 +static const struct file_operations sparcaudio_fops = {
12662 owner: THIS_MODULE,
12664 read: sparcaudio_read,
12665 diff -urNp linux-2.4.37.7/drivers/sbus/char/bpp.c linux-2.4.37.7/drivers/sbus/char/bpp.c
12666 --- linux-2.4.37.7/drivers/sbus/char/bpp.c 2009-11-07 11:52:20.000000000 -0500
12667 +++ linux-2.4.37.7/drivers/sbus/char/bpp.c 2009-11-10 19:30:27.000000000 -0500
12668 @@ -859,7 +859,7 @@ static int bpp_ioctl(struct inode *inode
12672 -static struct file_operations bpp_fops = {
12673 +static const struct file_operations bpp_fops = {
12674 owner: THIS_MODULE,
12677 diff -urNp linux-2.4.37.7/drivers/sbus/char/cpwatchdog.c linux-2.4.37.7/drivers/sbus/char/cpwatchdog.c
12678 --- linux-2.4.37.7/drivers/sbus/char/cpwatchdog.c 2009-11-07 11:52:20.000000000 -0500
12679 +++ linux-2.4.37.7/drivers/sbus/char/cpwatchdog.c 2009-11-10 19:30:27.000000000 -0500
12680 @@ -461,7 +461,7 @@ static void wd_interrupt(int irq, void *
12684 -static struct file_operations wd_fops = {
12685 +static const struct file_operations wd_fops = {
12686 owner: THIS_MODULE,
12689 diff -urNp linux-2.4.37.7/drivers/sbus/char/display7seg.c linux-2.4.37.7/drivers/sbus/char/display7seg.c
12690 --- linux-2.4.37.7/drivers/sbus/char/display7seg.c 2009-11-07 11:52:20.000000000 -0500
12691 +++ linux-2.4.37.7/drivers/sbus/char/display7seg.c 2009-11-10 19:30:27.000000000 -0500
12692 @@ -164,7 +164,7 @@ static int d7s_ioctl(struct inode *inode
12696 -static struct file_operations d7s_fops = {
12697 +static const struct file_operations d7s_fops = {
12698 owner: THIS_MODULE,
12701 diff -urNp linux-2.4.37.7/drivers/sbus/char/envctrl.c linux-2.4.37.7/drivers/sbus/char/envctrl.c
12702 --- linux-2.4.37.7/drivers/sbus/char/envctrl.c 2009-11-07 11:52:20.000000000 -0500
12703 +++ linux-2.4.37.7/drivers/sbus/char/envctrl.c 2009-11-10 19:30:27.000000000 -0500
12704 @@ -721,7 +721,7 @@ envctrl_release(struct inode *inode, str
12708 -static struct file_operations envctrl_fops = {
12709 +static const struct file_operations envctrl_fops = {
12710 owner: THIS_MODULE,
12711 read: envctrl_read,
12712 ioctl: envctrl_ioctl,
12713 diff -urNp linux-2.4.37.7/drivers/sbus/char/flash.c linux-2.4.37.7/drivers/sbus/char/flash.c
12714 --- linux-2.4.37.7/drivers/sbus/char/flash.c 2009-11-07 11:52:20.000000000 -0500
12715 +++ linux-2.4.37.7/drivers/sbus/char/flash.c 2009-11-10 19:30:27.000000000 -0500
12716 @@ -147,7 +147,7 @@ flash_release(struct inode *inode, struc
12720 -static struct file_operations flash_fops = {
12721 +static const struct file_operations flash_fops = {
12722 /* no write to the Flash, use mmap
12723 * and play flash dependent tricks.
12725 diff -urNp linux-2.4.37.7/drivers/sbus/char/jsflash.c linux-2.4.37.7/drivers/sbus/char/jsflash.c
12726 --- linux-2.4.37.7/drivers/sbus/char/jsflash.c 2009-11-07 11:52:20.000000000 -0500
12727 +++ linux-2.4.37.7/drivers/sbus/char/jsflash.c 2009-11-10 19:30:27.000000000 -0500
12728 @@ -533,7 +533,7 @@ static int jsfd_release(struct inode *in
12732 -static struct file_operations jsf_fops = {
12733 +static const struct file_operations jsf_fops = {
12734 owner: THIS_MODULE,
12737 diff -urNp linux-2.4.37.7/drivers/sbus/char/openprom.c linux-2.4.37.7/drivers/sbus/char/openprom.c
12738 --- linux-2.4.37.7/drivers/sbus/char/openprom.c 2009-11-07 11:52:20.000000000 -0500
12739 +++ linux-2.4.37.7/drivers/sbus/char/openprom.c 2009-11-10 19:30:27.000000000 -0500
12740 @@ -610,7 +610,7 @@ static int openprom_release(struct inode
12744 -static struct file_operations openprom_fops = {
12745 +static const struct file_operations openprom_fops = {
12746 owner: THIS_MODULE,
12748 ioctl: openprom_ioctl,
12749 diff -urNp linux-2.4.37.7/drivers/sbus/char/pcikbd.c linux-2.4.37.7/drivers/sbus/char/pcikbd.c
12750 --- linux-2.4.37.7/drivers/sbus/char/pcikbd.c 2009-11-07 11:52:20.000000000 -0500
12751 +++ linux-2.4.37.7/drivers/sbus/char/pcikbd.c 2009-11-10 19:30:27.000000000 -0500
12752 @@ -1183,7 +1183,7 @@ static unsigned int aux_poll(struct file
12756 -struct file_operations psaux_fops = {
12757 +const struct file_operations psaux_fops = {
12758 owner: THIS_MODULE,
12761 @@ -1198,7 +1198,7 @@ static int aux_no_open(struct inode *ino
12765 -struct file_operations psaux_no_fops = {
12766 +const struct file_operations psaux_no_fops = {
12767 owner: THIS_MODULE,
12770 diff -urNp linux-2.4.37.7/drivers/sbus/char/riowatchdog.c linux-2.4.37.7/drivers/sbus/char/riowatchdog.c
12771 --- linux-2.4.37.7/drivers/sbus/char/riowatchdog.c 2009-11-07 11:52:20.000000000 -0500
12772 +++ linux-2.4.37.7/drivers/sbus/char/riowatchdog.c 2009-11-10 19:30:27.000000000 -0500
12773 @@ -199,7 +199,7 @@ static ssize_t riowd_read(struct file *f
12777 -static struct file_operations riowd_fops = {
12778 +static const struct file_operations riowd_fops = {
12779 owner: THIS_MODULE,
12780 ioctl: riowd_ioctl,
12782 diff -urNp linux-2.4.37.7/drivers/sbus/char/rtc.c linux-2.4.37.7/drivers/sbus/char/rtc.c
12783 --- linux-2.4.37.7/drivers/sbus/char/rtc.c 2009-11-07 11:52:20.000000000 -0500
12784 +++ linux-2.4.37.7/drivers/sbus/char/rtc.c 2009-11-10 19:30:27.000000000 -0500
12785 @@ -137,7 +137,7 @@ static int rtc_release(struct inode *ino
12789 -static struct file_operations rtc_fops = {
12790 +static const struct file_operations rtc_fops = {
12791 owner: THIS_MODULE,
12794 diff -urNp linux-2.4.37.7/drivers/sbus/char/sunkbd.c linux-2.4.37.7/drivers/sbus/char/sunkbd.c
12795 --- linux-2.4.37.7/drivers/sbus/char/sunkbd.c 2009-11-07 11:52:20.000000000 -0500
12796 +++ linux-2.4.37.7/drivers/sbus/char/sunkbd.c 2009-11-10 19:30:27.000000000 -0500
12797 @@ -1546,8 +1546,7 @@ kbd_close (struct inode *i, struct file
12801 -static struct file_operations kbd_fops =
12803 +static const struct file_operations kbd_fops = {
12807 diff -urNp linux-2.4.37.7/drivers/sbus/char/sunmouse.c linux-2.4.37.7/drivers/sbus/char/sunmouse.c
12808 --- linux-2.4.37.7/drivers/sbus/char/sunmouse.c 2009-11-07 11:52:20.000000000 -0500
12809 +++ linux-2.4.37.7/drivers/sbus/char/sunmouse.c 2009-11-10 19:30:27.000000000 -0500
12810 @@ -586,7 +586,7 @@ sun_mouse_ioctl (struct inode *inode, st
12814 -struct file_operations sun_mouse_fops = {
12815 +const struct file_operations sun_mouse_fops = {
12816 read: sun_mouse_read,
12817 write: sun_mouse_write,
12818 poll: sun_mouse_poll,
12819 diff -urNp linux-2.4.37.7/drivers/sbus/char/uctrl.c linux-2.4.37.7/drivers/sbus/char/uctrl.c
12820 --- linux-2.4.37.7/drivers/sbus/char/uctrl.c 2009-11-07 11:52:20.000000000 -0500
12821 +++ linux-2.4.37.7/drivers/sbus/char/uctrl.c 2009-11-10 19:30:27.000000000 -0500
12822 @@ -223,7 +223,7 @@ void uctrl_interrupt(int irq, void *dev_
12823 printk("in uctrl_interrupt\n");
12826 -static struct file_operations uctrl_fops = {
12827 +static const struct file_operations uctrl_fops = {
12828 owner: THIS_MODULE,
12830 ioctl: uctrl_ioctl,
12831 diff -urNp linux-2.4.37.7/drivers/sbus/char/vfc_dev.c linux-2.4.37.7/drivers/sbus/char/vfc_dev.c
12832 --- linux-2.4.37.7/drivers/sbus/char/vfc_dev.c 2009-11-07 11:52:20.000000000 -0500
12833 +++ linux-2.4.37.7/drivers/sbus/char/vfc_dev.c 2009-11-10 19:30:27.000000000 -0500
12836 #include <asm/vfc_ioctls.h>
12838 -static struct file_operations vfc_fops;
12839 +static const struct file_operations vfc_fops;
12840 static devfs_handle_t devfs_handle; /* For the directory */
12841 struct vfc_dev **vfc_dev_lst;
12842 static char vfcstr[]="vfc";
12843 @@ -642,7 +642,7 @@ static int vfc_mmap(struct inode *inode,
12847 -static struct file_operations vfc_fops = {
12848 +static const struct file_operations vfc_fops = {
12849 owner: THIS_MODULE,
12852 diff -urNp linux-2.4.37.7/drivers/scsi/3w-xxxx.c linux-2.4.37.7/drivers/scsi/3w-xxxx.c
12853 --- linux-2.4.37.7/drivers/scsi/3w-xxxx.c 2009-11-07 11:52:20.000000000 -0500
12854 +++ linux-2.4.37.7/drivers/scsi/3w-xxxx.c 2009-11-10 19:30:27.000000000 -0500
12855 @@ -234,7 +234,7 @@ static struct notifier_block tw_notifier
12858 /* File operations struct for character device */
12859 -static struct file_operations tw_fops = {
12860 +static const struct file_operations tw_fops = {
12861 owner: THIS_MODULE,
12862 ioctl: tw_chrdev_ioctl,
12863 open: tw_chrdev_open,
12864 diff -urNp linux-2.4.37.7/drivers/scsi/aacraid/linit.c linux-2.4.37.7/drivers/scsi/aacraid/linit.c
12865 --- linux-2.4.37.7/drivers/scsi/aacraid/linit.c 2009-11-07 11:52:20.000000000 -0500
12866 +++ linux-2.4.37.7/drivers/scsi/aacraid/linit.c 2009-11-10 19:30:27.000000000 -0500
12867 @@ -122,7 +122,7 @@ static int aac_cfg_ioctl(struct inode *
12868 static int aac_cfg_open(struct inode * inode, struct file * file);
12869 static int aac_cfg_release(struct inode * inode,struct file * file);
12871 -static struct file_operations aac_cfg_fops = {
12872 +static const struct file_operations aac_cfg_fops = {
12873 owner: THIS_MODULE,
12874 ioctl: aac_cfg_ioctl,
12875 open: aac_cfg_open,
12876 diff -urNp linux-2.4.37.7/drivers/scsi/dpt_i2o.c linux-2.4.37.7/drivers/scsi/dpt_i2o.c
12877 --- linux-2.4.37.7/drivers/scsi/dpt_i2o.c 2009-11-07 11:52:20.000000000 -0500
12878 +++ linux-2.4.37.7/drivers/scsi/dpt_i2o.c 2009-11-10 19:30:27.000000000 -0500
12879 @@ -110,7 +110,7 @@ static adpt_hba* hbas[DPTI_MAX_HBA];
12880 static adpt_hba* hba_chain = NULL;
12881 static int hba_count = 0;
12883 -static struct file_operations adpt_fops = {
12884 +static const struct file_operations adpt_fops = {
12887 release: adpt_close
12888 diff -urNp linux-2.4.37.7/drivers/scsi/gdth.c linux-2.4.37.7/drivers/scsi/gdth.c
12889 --- linux-2.4.37.7/drivers/scsi/gdth.c 2009-11-07 11:52:20.000000000 -0500
12890 +++ linux-2.4.37.7/drivers/scsi/gdth.c 2009-11-10 19:30:27.000000000 -0500
12891 @@ -698,7 +698,7 @@ MODULE_LICENSE("GPL");
12894 /* ioctl interface */
12895 -static struct file_operations gdth_fops = {
12896 +static const struct file_operations gdth_fops = {
12897 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12898 .ioctl = gdth_ioctl,
12900 diff -urNp linux-2.4.37.7/drivers/scsi/libata-scsi.c linux-2.4.37.7/drivers/scsi/libata-scsi.c
12901 --- linux-2.4.37.7/drivers/scsi/libata-scsi.c 2009-11-07 11:52:20.000000000 -0500
12902 +++ linux-2.4.37.7/drivers/scsi/libata-scsi.c 2009-11-10 19:30:27.000000000 -0500
12903 @@ -1497,7 +1497,7 @@ unsigned int ata_scsiop_inq_80(struct at
12907 -static const char *inq_83_str = "Linux ATA-SCSI simulator";
12908 +static const char inq_83_str[] = "Linux ATA-SCSI simulator";
12911 * ata_scsiop_inq_83 - Simulate INQUIRY EVPD page 83, device identity
12912 @@ -1516,13 +1516,13 @@ unsigned int ata_scsiop_inq_83(struct at
12913 unsigned int buflen)
12915 rbuf[1] = 0x83; /* this page code */
12916 - rbuf[3] = 4 + strlen(inq_83_str); /* page len */
12917 + rbuf[3] = 3 + sizeof(inq_83_str); /* page len */
12919 /* our one and only identification descriptor (vendor-specific) */
12920 - if (buflen > (strlen(inq_83_str) + 4 + 4 - 1)) {
12921 + if (buflen >= (sizeof(inq_83_str) + 4 + 4 - 1)) {
12922 rbuf[4 + 0] = 2; /* code set: ASCII */
12923 - rbuf[4 + 3] = strlen(inq_83_str);
12924 - memcpy(rbuf + 4 + 4, inq_83_str, strlen(inq_83_str));
12925 + rbuf[4 + 3] = sizeof(inq_83_str)-1;
12926 + memcpy(rbuf + 4 + 4, inq_83_str, sizeof(inq_83_str)-1);
12930 diff -urNp linux-2.4.37.7/drivers/scsi/megaraid2.c linux-2.4.37.7/drivers/scsi/megaraid2.c
12931 --- linux-2.4.37.7/drivers/scsi/megaraid2.c 2009-11-07 11:52:20.000000000 -0500
12932 +++ linux-2.4.37.7/drivers/scsi/megaraid2.c 2009-11-10 19:30:27.000000000 -0500
12933 @@ -97,7 +97,7 @@ static struct semaphore megaraid_ioc_mtx
12935 * The File Operations structure for the serial/ioctl interface of the driver
12937 -static struct file_operations megadev_fops = {
12938 +static const struct file_operations megadev_fops = {
12939 .ioctl = megadev_ioctl_entry,
12940 .open = megadev_open,
12941 .release = megadev_close,
12942 diff -urNp linux-2.4.37.7/drivers/scsi/megaraid.c linux-2.4.37.7/drivers/scsi/megaraid.c
12943 --- linux-2.4.37.7/drivers/scsi/megaraid.c 2009-11-07 11:52:20.000000000 -0500
12944 +++ linux-2.4.37.7/drivers/scsi/megaraid.c 2009-11-10 19:30:27.000000000 -0500
12945 @@ -873,7 +873,7 @@ struct mega_hbas mega_hbas[MAX_CONTROLLE
12947 /* For controller re-ordering */
12949 -static struct file_operations megadev_fops = {
12950 +static const struct file_operations megadev_fops = {
12951 ioctl:megadev_ioctl_entry,
12953 release:megadev_close,
12954 diff -urNp linux-2.4.37.7/drivers/scsi/osst.c linux-2.4.37.7/drivers/scsi/osst.c
12955 --- linux-2.4.37.7/drivers/scsi/osst.c 2009-11-07 11:52:20.000000000 -0500
12956 +++ linux-2.4.37.7/drivers/scsi/osst.c 2009-11-10 19:30:27.000000000 -0500
12957 @@ -5501,7 +5501,7 @@ __setup("osst=", osst_setup);
12961 -static struct file_operations osst_fops = {
12962 +static const struct file_operations osst_fops = {
12966 diff -urNp linux-2.4.37.7/drivers/scsi/sg.c linux-2.4.37.7/drivers/scsi/sg.c
12967 --- linux-2.4.37.7/drivers/scsi/sg.c 2009-11-07 11:52:20.000000000 -0500
12968 +++ linux-2.4.37.7/drivers/scsi/sg.c 2009-11-10 19:30:27.000000000 -0500
12969 @@ -1149,7 +1149,7 @@ static struct page * sg_vma_nopage(struc
12973 -static struct vm_operations_struct sg_mmap_vm_ops = {
12974 +static const struct vm_operations_struct sg_mmap_vm_ops = {
12975 nopage : sg_vma_nopage,
12978 @@ -1321,7 +1321,7 @@ static void sg_cmd_done_bh(Scsi_Cmnd * S
12982 -static struct file_operations sg_fops = {
12983 +static const struct file_operations sg_fops = {
12984 owner: THIS_MODULE,
12987 diff -urNp linux-2.4.37.7/drivers/scsi/st.c linux-2.4.37.7/drivers/scsi/st.c
12988 --- linux-2.4.37.7/drivers/scsi/st.c 2009-11-07 11:52:20.000000000 -0500
12989 +++ linux-2.4.37.7/drivers/scsi/st.c 2009-11-10 19:30:27.000000000 -0500
12990 @@ -3772,8 +3772,7 @@ __setup("st=", st_setup);
12994 -static struct file_operations st_fops =
12996 +static const struct file_operations st_fops = {
12997 owner: THIS_MODULE,
13000 diff -urNp linux-2.4.37.7/drivers/sound/ac97_plugin_wm97xx.c linux-2.4.37.7/drivers/sound/ac97_plugin_wm97xx.c
13001 --- linux-2.4.37.7/drivers/sound/ac97_plugin_wm97xx.c 2009-11-07 11:52:20.000000000 -0500
13002 +++ linux-2.4.37.7/drivers/sound/ac97_plugin_wm97xx.c 2009-11-10 19:30:27.000000000 -0500
13003 @@ -789,7 +789,7 @@ static int wm97xx_release(struct inode *
13007 -static struct file_operations ts_fops = {
13008 +static const struct file_operations ts_fops = {
13009 owner: THIS_MODULE,
13012 diff -urNp linux-2.4.37.7/drivers/sound/ad1889.c linux-2.4.37.7/drivers/sound/ad1889.c
13013 --- linux-2.4.37.7/drivers/sound/ad1889.c 2009-11-07 11:52:20.000000000 -0500
13014 +++ linux-2.4.37.7/drivers/sound/ad1889.c 2009-11-10 19:30:27.000000000 -0500
13015 @@ -776,7 +776,7 @@ static int ad1889_release(struct inode *
13019 -static struct file_operations ad1889_fops = {
13020 +static const struct file_operations ad1889_fops = {
13023 write: ad1889_write,
13024 @@ -811,7 +811,7 @@ static int ad1889_mixer_ioctl(struct ino
13025 return codec->mixer_ioctl(codec, cmd, arg);
13028 -static struct file_operations ad1889_mixer_fops = {
13029 +static const struct file_operations ad1889_mixer_fops = {
13031 ioctl: ad1889_mixer_ioctl,
13032 open: ad1889_mixer_open,
13033 diff -urNp linux-2.4.37.7/drivers/sound/btaudio.c linux-2.4.37.7/drivers/sound/btaudio.c
13034 --- linux-2.4.37.7/drivers/sound/btaudio.c 2009-11-07 11:52:20.000000000 -0500
13035 +++ linux-2.4.37.7/drivers/sound/btaudio.c 2009-11-10 19:30:27.000000000 -0500
13036 @@ -425,7 +425,7 @@ static int btaudio_mixer_ioctl(struct in
13040 -static struct file_operations btaudio_mixer_fops = {
13041 +static const struct file_operations btaudio_mixer_fops = {
13042 owner: THIS_MODULE,
13044 open: btaudio_mixer_open,
13045 @@ -790,7 +790,7 @@ static unsigned int btaudio_dsp_poll(str
13049 -static struct file_operations btaudio_digital_dsp_fops = {
13050 +static const struct file_operations btaudio_digital_dsp_fops = {
13051 owner: THIS_MODULE,
13053 open: btaudio_dsp_open_digital,
13054 @@ -801,7 +801,7 @@ static struct file_operations btaudio_di
13055 poll: btaudio_dsp_poll,
13058 -static struct file_operations btaudio_analog_dsp_fops = {
13059 +static const struct file_operations btaudio_analog_dsp_fops = {
13060 owner: THIS_MODULE,
13062 open: btaudio_dsp_open_analog,
13063 diff -urNp linux-2.4.37.7/drivers/sound/dmasound/dmasound_core.c linux-2.4.37.7/drivers/sound/dmasound/dmasound_core.c
13064 --- linux-2.4.37.7/drivers/sound/dmasound/dmasound_core.c 2009-11-07 11:52:20.000000000 -0500
13065 +++ linux-2.4.37.7/drivers/sound/dmasound/dmasound_core.c 2009-11-10 19:30:27.000000000 -0500
13066 @@ -365,7 +365,7 @@ static int mixer_ioctl(struct inode *ino
13070 -static struct file_operations mixer_fops =
13071 +static const struct file_operations mixer_fops =
13073 owner: THIS_MODULE,
13075 @@ -1325,7 +1325,7 @@ static int sq_ioctl(struct inode *inode,
13079 -static struct file_operations sq_fops =
13080 +static const struct file_operations sq_fops =
13082 owner: THIS_MODULE,
13084 @@ -1548,7 +1548,7 @@ static ssize_t state_read(struct file *f
13088 -static struct file_operations state_fops = {
13089 +static const struct file_operations state_fops = {
13090 owner: THIS_MODULE,
13093 diff -urNp linux-2.4.37.7/drivers/sound/emu10k1/audio.c linux-2.4.37.7/drivers/sound/emu10k1/audio.c
13094 --- linux-2.4.37.7/drivers/sound/emu10k1/audio.c 2009-11-07 11:52:20.000000000 -0500
13095 +++ linux-2.4.37.7/drivers/sound/emu10k1/audio.c 2009-11-10 19:30:27.000000000 -0500
13096 @@ -1020,7 +1020,7 @@ static struct page *emu10k1_mm_nopage (s
13100 -struct vm_operations_struct emu10k1_mm_ops = {
13101 +const struct vm_operations_struct emu10k1_mm_ops = {
13102 nopage: emu10k1_mm_nopage,
13105 @@ -1558,7 +1558,7 @@ void emu10k1_waveout_bh(unsigned long re
13109 -struct file_operations emu10k1_audio_fops = {
13110 +const struct file_operations emu10k1_audio_fops = {
13111 owner: THIS_MODULE,
13113 read: emu10k1_audio_read,
13114 diff -urNp linux-2.4.37.7/drivers/sound/emu10k1/midi.c linux-2.4.37.7/drivers/sound/emu10k1/midi.c
13115 --- linux-2.4.37.7/drivers/sound/emu10k1/midi.c 2009-11-07 11:52:20.000000000 -0500
13116 +++ linux-2.4.37.7/drivers/sound/emu10k1/midi.c 2009-11-10 19:30:27.000000000 -0500
13117 @@ -465,7 +465,7 @@ int emu10k1_midi_callback(unsigned long
13120 /* MIDI file operations */
13121 -struct file_operations emu10k1_midi_fops = {
13122 +const struct file_operations emu10k1_midi_fops = {
13123 owner: THIS_MODULE,
13124 read: emu10k1_midi_read,
13125 write: emu10k1_midi_write,
13126 diff -urNp linux-2.4.37.7/drivers/sound/emu10k1/mixer.c linux-2.4.37.7/drivers/sound/emu10k1/mixer.c
13127 --- linux-2.4.37.7/drivers/sound/emu10k1/mixer.c 2009-11-07 11:52:20.000000000 -0500
13128 +++ linux-2.4.37.7/drivers/sound/emu10k1/mixer.c 2009-11-10 19:30:27.000000000 -0500
13129 @@ -675,7 +675,7 @@ static int emu10k1_mixer_release(struct
13133 -struct file_operations emu10k1_mixer_fops = {
13134 +const struct file_operations emu10k1_mixer_fops = {
13135 owner: THIS_MODULE,
13137 ioctl: emu10k1_mixer_ioctl,
13138 diff -urNp linux-2.4.37.7/drivers/sound/forte.c linux-2.4.37.7/drivers/sound/forte.c
13139 --- linux-2.4.37.7/drivers/sound/forte.c 2009-11-07 11:52:20.000000000 -0500
13140 +++ linux-2.4.37.7/drivers/sound/forte.c 2009-11-10 19:30:27.000000000 -0500
13141 @@ -365,7 +365,7 @@ forte_mixer_ioctl (struct inode *inode,
13145 -static struct file_operations forte_mixer_fops = {
13146 +static const struct file_operations forte_mixer_fops = {
13147 .owner = THIS_MODULE,
13148 .llseek = no_llseek,
13149 .ioctl = forte_mixer_ioctl,
13150 @@ -1667,7 +1667,7 @@ forte_dsp_read (struct file *file, char
13154 -static struct file_operations forte_dsp_fops = {
13155 +static const struct file_operations forte_dsp_fops = {
13156 .owner = THIS_MODULE,
13157 .llseek = &no_llseek,
13158 .read = &forte_dsp_read,
13159 diff -urNp linux-2.4.37.7/drivers/sound/hal2.c linux-2.4.37.7/drivers/sound/hal2.c
13160 --- linux-2.4.37.7/drivers/sound/hal2.c 2009-11-07 11:52:20.000000000 -0500
13161 +++ linux-2.4.37.7/drivers/sound/hal2.c 2009-11-10 19:30:27.000000000 -0500
13162 @@ -1372,7 +1372,7 @@ static int hal2_release(struct inode *in
13166 -static struct file_operations hal2_audio_fops = {
13167 +static const struct file_operations hal2_audio_fops = {
13168 .owner = THIS_MODULE,
13169 .llseek = no_llseek,
13171 @@ -1383,7 +1383,7 @@ static struct file_operations hal2_audio
13172 .release = hal2_release,
13175 -static struct file_operations hal2_mixer_fops = {
13176 +static const struct file_operations hal2_mixer_fops = {
13177 .owner = THIS_MODULE,
13178 .llseek = no_llseek,
13179 .ioctl = hal2_ioctl_mixdev,
13180 diff -urNp linux-2.4.37.7/drivers/sound/harmony.c linux-2.4.37.7/drivers/sound/harmony.c
13181 --- linux-2.4.37.7/drivers/sound/harmony.c 2009-11-07 11:52:20.000000000 -0500
13182 +++ linux-2.4.37.7/drivers/sound/harmony.c 2009-11-10 19:30:27.000000000 -0500
13183 @@ -809,7 +809,7 @@ static void harmony_interrupt(int irq, v
13184 * Sound playing functions
13187 -static struct file_operations harmony_audio_fops = {
13188 +static const struct file_operations harmony_audio_fops = {
13189 owner: THIS_MODULE,
13191 read: harmony_audio_read,
13192 @@ -1131,7 +1131,7 @@ static int harmony_mixer_release(struct
13196 -static struct file_operations harmony_mixer_fops = {
13197 +static const struct file_operations harmony_mixer_fops = {
13198 owner: THIS_MODULE,
13200 open: harmony_mixer_open,
13201 diff -urNp linux-2.4.37.7/drivers/sound/maestro3.c linux-2.4.37.7/drivers/sound/maestro3.c
13202 --- linux-2.4.37.7/drivers/sound/maestro3.c 2009-11-07 11:52:20.000000000 -0500
13203 +++ linux-2.4.37.7/drivers/sound/maestro3.c 2009-11-10 19:30:27.000000000 -0500
13204 @@ -2176,7 +2176,7 @@ static int m3_ioctl_mixdev(struct inode
13205 return codec->mixer_ioctl(codec, cmd, arg);
13208 -static struct file_operations m3_mixer_fops = {
13209 +static const struct file_operations m3_mixer_fops = {
13211 ioctl: m3_ioctl_mixdev,
13212 open: m3_open_mixdev,
13213 @@ -2554,7 +2554,7 @@ static void m3_enable_ints(struct m3_car
13214 io + ASSP_CONTROL_C);
13217 -static struct file_operations m3_audio_fops = {
13218 +static const struct file_operations m3_audio_fops = {
13219 llseek: &no_llseek,
13222 diff -urNp linux-2.4.37.7/drivers/sound/maestro.c linux-2.4.37.7/drivers/sound/maestro.c
13223 --- linux-2.4.37.7/drivers/sound/maestro.c 2009-11-07 11:52:20.000000000 -0500
13224 +++ linux-2.4.37.7/drivers/sound/maestro.c 2009-11-10 19:30:27.000000000 -0500
13225 @@ -3097,7 +3097,7 @@ ess_release(struct inode *inode, struct
13229 -static struct file_operations ess_audio_fops = {
13230 +static const struct file_operations ess_audio_fops = {
13231 owner: THIS_MODULE,
13234 diff -urNp linux-2.4.37.7/drivers/sound/msnd_pinnacle.c linux-2.4.37.7/drivers/sound/msnd_pinnacle.c
13235 --- linux-2.4.37.7/drivers/sound/msnd_pinnacle.c 2009-11-07 11:52:20.000000000 -0500
13236 +++ linux-2.4.37.7/drivers/sound/msnd_pinnacle.c 2009-11-10 19:30:27.000000000 -0500
13237 @@ -1100,7 +1100,7 @@ static void intr(int irq, void *dev_id,
13241 -static struct file_operations dev_fileops = {
13242 +static const struct file_operations dev_fileops = {
13243 owner: THIS_MODULE,
13246 diff -urNp linux-2.4.37.7/drivers/sound/rme96xx.c linux-2.4.37.7/drivers/sound/rme96xx.c
13247 --- linux-2.4.37.7/drivers/sound/rme96xx.c 2009-11-07 11:52:20.000000000 -0500
13248 +++ linux-2.4.37.7/drivers/sound/rme96xx.c 2009-11-10 19:30:27.000000000 -0500
13249 @@ -254,8 +254,8 @@ static const char invalid_magic[] = KERN
13250 /* --------------------------------------------------------------------- */
13253 -static struct file_operations rme96xx_audio_fops;
13254 -static struct file_operations rme96xx_mixer_fops;
13255 +static const struct file_operations rme96xx_audio_fops;
13256 +static const struct file_operations rme96xx_mixer_fops;
13257 static int numcards;
13259 typedef int32_t raw_sample_t;
13260 @@ -1736,7 +1736,7 @@ static unsigned int rme96xx_poll(struct
13264 -static struct file_operations rme96xx_audio_fops = {
13265 +static const struct file_operations rme96xx_audio_fops = {
13266 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
13267 owner: THIS_MODULE,
13269 diff -urNp linux-2.4.37.7/drivers/sound/soundcard.c linux-2.4.37.7/drivers/sound/soundcard.c
13270 --- linux-2.4.37.7/drivers/sound/soundcard.c 2009-11-07 11:52:20.000000000 -0500
13271 +++ linux-2.4.37.7/drivers/sound/soundcard.c 2009-11-10 19:30:27.000000000 -0500
13272 @@ -493,7 +493,7 @@ static int sound_mmap(struct file *file,
13276 -struct file_operations oss_sound_fops = {
13277 +const struct file_operations oss_sound_fops = {
13278 owner: THIS_MODULE,
13281 diff -urNp linux-2.4.37.7/drivers/sound/sound_core.c linux-2.4.37.7/drivers/sound/sound_core.c
13282 --- linux-2.4.37.7/drivers/sound/sound_core.c 2009-11-07 11:52:20.000000000 -0500
13283 +++ linux-2.4.37.7/drivers/sound/sound_core.c 2009-11-10 19:30:27.000000000 -0500
13288 - struct file_operations *unit_fops;
13289 + const struct file_operations *unit_fops;
13290 struct sound_unit *next;
13293 @@ -69,7 +69,7 @@ extern int msnd_pinnacle_init(void);
13294 * join into it. Called with the lock asserted
13297 -static int __sound_insert_unit(struct sound_unit * s, struct sound_unit **list, struct file_operations *fops, int index, int low, int top)
13298 +static int __sound_insert_unit(struct sound_unit * s, struct sound_unit **list, const struct file_operations *fops, int index, int low, int top)
13302 @@ -154,7 +154,7 @@ static spinlock_t sound_loader_lock = SP
13304 static devfs_handle_t devfs_handle;
13306 -static int sound_insert_unit(struct sound_unit **list, struct file_operations *fops, int index, int low, int top, const char *name, umode_t mode)
13307 +static int sound_insert_unit(struct sound_unit **list, const struct file_operations *fops, int index, int low, int top, const char *name, umode_t mode)
13310 struct sound_unit *s=(struct sound_unit *)kmalloc(sizeof(struct sound_unit), GFP_KERNEL);
13311 @@ -229,7 +229,7 @@ static struct sound_unit *chains[16];
13312 * a negative error code is returned.
13315 -int register_sound_special(struct file_operations *fops, int unit)
13316 +int register_sound_special(const struct file_operations *fops, int unit)
13320 @@ -299,7 +299,7 @@ EXPORT_SYMBOL(register_sound_special);
13321 * number is returned, on failure a negative error code is returned.
13324 -int register_sound_mixer(struct file_operations *fops, int dev)
13325 +int register_sound_mixer(const struct file_operations *fops, int dev)
13327 return sound_insert_unit(&chains[0], fops, dev, 0, 128,
13328 "mixer", S_IRUSR | S_IWUSR);
13329 @@ -317,7 +317,7 @@ EXPORT_SYMBOL(register_sound_mixer);
13330 * number is returned, on failure a negative error code is returned.
13333 -int register_sound_midi(struct file_operations *fops, int dev)
13334 +int register_sound_midi(const struct file_operations *fops, int dev)
13336 return sound_insert_unit(&chains[2], fops, dev, 2, 130,
13337 "midi", S_IRUSR | S_IWUSR);
13338 @@ -343,7 +343,7 @@ EXPORT_SYMBOL(register_sound_midi);
13339 * and will always allocate them as a matching pair - eg dsp3/audio3
13342 -int register_sound_dsp(struct file_operations *fops, int dev)
13343 +int register_sound_dsp(const struct file_operations *fops, int dev)
13345 return sound_insert_unit(&chains[3], fops, dev, 3, 131,
13346 "dsp", S_IWUSR | S_IRUSR);
13347 @@ -362,7 +362,7 @@ EXPORT_SYMBOL(register_sound_dsp);
13351 -int register_sound_synth(struct file_operations *fops, int dev)
13352 +int register_sound_synth(const struct file_operations *fops, int dev)
13354 return sound_insert_unit(&chains[9], fops, dev, 9, 137,
13355 "synth", S_IRUSR | S_IWUSR);
13356 @@ -456,8 +456,7 @@ EXPORT_SYMBOL(unregister_sound_synth);
13358 static int soundcore_open(struct inode *, struct file *);
13360 -static struct file_operations soundcore_fops=
13362 +static const struct file_operations soundcore_fops = {
13363 /* We must have an owner or the module locking fails */
13364 owner: THIS_MODULE,
13365 open: soundcore_open,
13366 @@ -482,7 +481,7 @@ int soundcore_open(struct inode *inode,
13368 int unit=MINOR(inode->i_rdev);
13369 struct sound_unit *s;
13370 - struct file_operations *new_fops = NULL;
13371 + const struct file_operations *new_fops = NULL;
13374 if(chain==4 || chain==5) /* dsp/audio/dsp16 */
13375 @@ -525,7 +524,7 @@ int soundcore_open(struct inode *inode,
13376 * switching ->f_op in the first place.
13379 - struct file_operations *old_fops = file->f_op;
13380 + const struct file_operations *old_fops = file->f_op;
13381 file->f_op = new_fops;
13382 spin_unlock(&sound_loader_lock);
13383 if(file->f_op->open)
13384 diff -urNp linux-2.4.37.7/drivers/sound/via82cxxx_audio.c linux-2.4.37.7/drivers/sound/via82cxxx_audio.c
13385 --- linux-2.4.37.7/drivers/sound/via82cxxx_audio.c 2009-11-07 11:52:20.000000000 -0500
13386 +++ linux-2.4.37.7/drivers/sound/via82cxxx_audio.c 2009-11-10 19:30:27.000000000 -0500
13387 @@ -1629,7 +1629,7 @@ out:
13391 -static struct file_operations via_mixer_fops = {
13392 +static const struct file_operations via_mixer_fops = {
13393 owner: THIS_MODULE,
13394 open: via_mixer_open,
13396 @@ -2048,7 +2048,7 @@ static int via_interrupt_init (struct vi
13400 -static struct file_operations via_dsp_fops = {
13401 +static const struct file_operations via_dsp_fops = {
13402 owner: THIS_MODULE,
13403 open: via_dsp_open,
13404 release: via_dsp_release,
13405 @@ -2168,7 +2168,7 @@ static int via_mm_swapout (struct page *
13406 #endif /* VM_RESERVED */
13409 -struct vm_operations_struct via_mm_ops = {
13410 +const struct vm_operations_struct via_mm_ops = {
13411 nopage: via_mm_nopage,
13413 #ifndef VM_RESERVED
13414 diff -urNp linux-2.4.37.7/drivers/sound/vwsnd.c linux-2.4.37.7/drivers/sound/vwsnd.c
13415 --- linux-2.4.37.7/drivers/sound/vwsnd.c 2009-11-07 11:52:20.000000000 -0500
13416 +++ linux-2.4.37.7/drivers/sound/vwsnd.c 2009-11-10 19:30:27.000000000 -0500
13417 @@ -3029,7 +3029,7 @@ static int vwsnd_audio_release(struct in
13421 -static struct file_operations vwsnd_audio_fops = {
13422 +static const struct file_operations vwsnd_audio_fops = {
13423 owner: THIS_MODULE,
13425 read: vwsnd_audio_read,
13426 @@ -3219,7 +3219,7 @@ static int vwsnd_mixer_ioctl(struct inod
13430 -static struct file_operations vwsnd_mixer_fops = {
13431 +static const struct file_operations vwsnd_mixer_fops = {
13432 owner: THIS_MODULE,
13434 ioctl: vwsnd_mixer_ioctl,
13435 diff -urNp linux-2.4.37.7/drivers/telephony/ixj.c linux-2.4.37.7/drivers/telephony/ixj.c
13436 --- linux-2.4.37.7/drivers/telephony/ixj.c 2009-11-07 11:52:20.000000000 -0500
13437 +++ linux-2.4.37.7/drivers/telephony/ixj.c 2009-11-10 19:30:27.000000000 -0500
13438 @@ -6767,8 +6767,7 @@ static int ixj_fasync(int fd, struct fil
13439 return fasync_helper(fd, file_p, mode, &j->async_queue);
13442 -struct file_operations ixj_fops =
13444 +const struct file_operations ixj_fops = {
13445 owner: THIS_MODULE,
13446 read: ixj_enhanced_read,
13447 write: ixj_enhanced_write,
13448 diff -urNp linux-2.4.37.7/drivers/telephony/phonedev.c linux-2.4.37.7/drivers/telephony/phonedev.c
13449 --- linux-2.4.37.7/drivers/telephony/phonedev.c 2009-11-07 11:52:20.000000000 -0500
13450 +++ linux-2.4.37.7/drivers/telephony/phonedev.c 2009-11-10 19:30:27.000000000 -0500
13451 @@ -49,7 +49,7 @@ static int phone_open(struct inode *inod
13452 unsigned int minor = MINOR(inode->i_rdev);
13454 struct phone_device *p;
13455 - struct file_operations *old_fops, *new_fops = NULL;
13456 + const struct file_operations *old_fops, *new_fops = NULL;
13458 if (minor >= PHONE_NUM_DEVICES)
13460 @@ -133,8 +133,7 @@ void phone_unregister_device(struct phon
13464 -static struct file_operations phone_fops =
13466 +static const struct file_operations phone_fops = {
13467 owner: THIS_MODULE,
13470 diff -urNp linux-2.4.37.7/drivers/usb/auermain.c linux-2.4.37.7/drivers/usb/auermain.c
13471 --- linux-2.4.37.7/drivers/usb/auermain.c 2009-11-07 11:52:20.000000000 -0500
13472 +++ linux-2.4.37.7/drivers/usb/auermain.c 2009-11-10 19:30:27.000000000 -0500
13473 @@ -547,7 +547,7 @@ void auerswald_removeservice(struct auer
13475 /*----------------------------------------------------------------------*/
13476 /* File operation structure */
13477 -static struct file_operations auerswald_fops = {
13478 +static const struct file_operations auerswald_fops = {
13480 llseek:auerchar_llseek,
13481 read:auerchar_read,
13482 diff -urNp linux-2.4.37.7/drivers/usb/brlvger.c linux-2.4.37.7/drivers/usb/brlvger.c
13483 --- linux-2.4.37.7/drivers/usb/brlvger.c 2009-11-07 11:52:20.000000000 -0500
13484 +++ linux-2.4.37.7/drivers/usb/brlvger.c 2009-11-10 19:30:27.000000000 -0500
13485 @@ -228,8 +228,7 @@ static struct usb_device_id brlvger_ids
13487 MODULE_DEVICE_TABLE (usb, brlvger_ids);
13489 -static struct file_operations brlvger_fops =
13491 +static const struct file_operations brlvger_fops = {
13492 owner: THIS_MODULE,
13493 llseek: brlvger_llseek,
13494 read: brlvger_read,
13495 diff -urNp linux-2.4.37.7/drivers/usb/dabusb.c linux-2.4.37.7/drivers/usb/dabusb.c
13496 --- linux-2.4.37.7/drivers/usb/dabusb.c 2009-11-07 11:52:20.000000000 -0500
13497 +++ linux-2.4.37.7/drivers/usb/dabusb.c 2009-11-10 19:30:27.000000000 -0500
13498 @@ -698,8 +698,7 @@ static int dabusb_ioctl (struct inode *i
13502 -static struct file_operations dabusb_fops =
13504 +static const struct file_operations dabusb_fops = {
13505 owner: THIS_MODULE,
13508 diff -urNp linux-2.4.37.7/drivers/usb/devices.c linux-2.4.37.7/drivers/usb/devices.c
13509 --- linux-2.4.37.7/drivers/usb/devices.c 2009-11-07 11:52:20.000000000 -0500
13510 +++ linux-2.4.37.7/drivers/usb/devices.c 2009-11-10 19:30:27.000000000 -0500
13511 @@ -664,7 +664,7 @@ static loff_t usb_device_lseek(struct fi
13515 -struct file_operations usbdevfs_devices_fops = {
13516 +const struct file_operations usbdevfs_devices_fops = {
13517 llseek: usb_device_lseek,
13518 read: usb_device_read,
13519 poll: usb_device_poll,
13520 diff -urNp linux-2.4.37.7/drivers/usb/devio.c linux-2.4.37.7/drivers/usb/devio.c
13521 --- linux-2.4.37.7/drivers/usb/devio.c 2009-11-07 11:52:20.000000000 -0500
13522 +++ linux-2.4.37.7/drivers/usb/devio.c 2009-11-10 19:30:27.000000000 -0500
13523 @@ -1310,7 +1310,7 @@ static unsigned int usbdev_poll(struct f
13527 -struct file_operations usbdevfs_device_file_operations = {
13528 +const struct file_operations usbdevfs_device_file_operations = {
13529 llseek: usbdev_lseek,
13532 diff -urNp linux-2.4.37.7/drivers/usb/drivers.c linux-2.4.37.7/drivers/usb/drivers.c
13533 --- linux-2.4.37.7/drivers/usb/drivers.c 2009-11-07 11:52:20.000000000 -0500
13534 +++ linux-2.4.37.7/drivers/usb/drivers.c 2009-11-10 19:30:27.000000000 -0500
13535 @@ -113,7 +113,7 @@ static loff_t usb_driver_lseek(struct fi
13539 -struct file_operations usbdevfs_drivers_fops = {
13540 +const struct file_operations usbdevfs_drivers_fops = {
13541 llseek: usb_driver_lseek,
13542 read: usb_driver_read,
13544 diff -urNp linux-2.4.37.7/drivers/usb/hiddev.c linux-2.4.37.7/drivers/usb/hiddev.c
13545 --- linux-2.4.37.7/drivers/usb/hiddev.c 2009-11-07 11:52:20.000000000 -0500
13546 +++ linux-2.4.37.7/drivers/usb/hiddev.c 2009-11-10 19:30:27.000000000 -0500
13547 @@ -686,7 +686,7 @@ static int hiddev_ioctl(struct inode *in
13551 -static struct file_operations hiddev_fops = {
13552 +static const struct file_operations hiddev_fops = {
13553 owner: THIS_MODULE,
13555 write: hiddev_write,
13556 diff -urNp linux-2.4.37.7/drivers/usb/host/uhci-debug.h linux-2.4.37.7/drivers/usb/host/uhci-debug.h
13557 --- linux-2.4.37.7/drivers/usb/host/uhci-debug.h 2009-11-07 11:52:20.000000000 -0500
13558 +++ linux-2.4.37.7/drivers/usb/host/uhci-debug.h 2009-11-10 19:30:27.000000000 -0500
13559 @@ -561,7 +561,7 @@ static int uhci_proc_release(struct inod
13563 -static struct file_operations uhci_proc_operations = {
13564 +static const struct file_operations uhci_proc_operations = {
13565 open: uhci_proc_open,
13566 llseek: uhci_proc_lseek,
13567 read: uhci_proc_read,
13568 diff -urNp linux-2.4.37.7/drivers/usb/inode.c linux-2.4.37.7/drivers/usb/inode.c
13569 --- linux-2.4.37.7/drivers/usb/inode.c 2009-11-07 11:52:20.000000000 -0500
13570 +++ linux-2.4.37.7/drivers/usb/inode.c 2009-11-10 19:30:27.000000000 -0500
13572 #include <linux/usbdevice_fs.h>
13573 #include <asm/uaccess.h>
13575 -static struct inode_operations usbdevfs_bus_inode_operations;
13576 -static struct file_operations usbdevfs_bus_file_operations;
13577 +static const struct inode_operations usbdevfs_bus_inode_operations;
13578 +static const struct file_operations usbdevfs_bus_file_operations;
13580 /* --------------------------------------------------------------------- */
13582 @@ -55,7 +55,7 @@ static LIST_HEAD(superlist);
13586 - struct file_operations *fops;
13587 + const struct file_operations *fops;
13588 struct inode *inode;
13589 struct list_head inodes;
13591 @@ -313,7 +313,7 @@ static int usbdevfs_revalidate(struct de
13595 -static struct dentry_operations usbdevfs_dentry_operations = {
13596 +static const struct dentry_operations usbdevfs_dentry_operations = {
13597 d_revalidate: usbdevfs_revalidate,
13600 @@ -490,19 +490,19 @@ static int usbdevfs_bus_readdir(struct f
13604 -static struct file_operations usbdevfs_root_file_operations = {
13605 +static const struct file_operations usbdevfs_root_file_operations = {
13606 readdir: usbdevfs_root_readdir,
13609 -static struct inode_operations usbdevfs_root_inode_operations = {
13610 +static const struct inode_operations usbdevfs_root_inode_operations = {
13611 lookup: usbdevfs_root_lookup,
13614 -static struct file_operations usbdevfs_bus_file_operations = {
13615 +static const struct file_operations usbdevfs_bus_file_operations = {
13616 readdir: usbdevfs_bus_readdir,
13619 -static struct inode_operations usbdevfs_bus_inode_operations = {
13620 +static const struct inode_operations usbdevfs_bus_inode_operations = {
13621 lookup: usbdevfs_bus_lookup,
13624 @@ -595,7 +595,7 @@ static int usbdevfs_remount(struct super
13628 -static struct super_operations usbdevfs_sops = {
13629 +static const struct super_operations usbdevfs_sops = {
13630 read_inode: usbdevfs_read_inode,
13631 put_super: usbdevfs_put_super,
13632 statfs: usbdevfs_statfs,
13633 diff -urNp linux-2.4.37.7/drivers/usb/mdc800.c linux-2.4.37.7/drivers/usb/mdc800.c
13634 --- linux-2.4.37.7/drivers/usb/mdc800.c 2009-11-07 11:52:20.000000000 -0500
13635 +++ linux-2.4.37.7/drivers/usb/mdc800.c 2009-11-10 19:30:27.000000000 -0500
13636 @@ -916,8 +916,7 @@ static ssize_t mdc800_device_write (stru
13637 ****************************************************************************/
13639 /* File Operations of this drivers */
13640 -static struct file_operations mdc800_device_ops =
13642 +static const struct file_operations mdc800_device_ops = {
13643 owner: THIS_MODULE,
13644 read: mdc800_device_read,
13645 write: mdc800_device_write,
13646 diff -urNp linux-2.4.37.7/drivers/usb/ov511.c linux-2.4.37.7/drivers/usb/ov511.c
13647 --- linux-2.4.37.7/drivers/usb/ov511.c 2009-11-07 11:52:20.000000000 -0500
13648 +++ linux-2.4.37.7/drivers/usb/ov511.c 2009-11-10 19:30:27.000000000 -0500
13649 @@ -410,7 +410,7 @@ rvfree(void *mem, unsigned long size)
13650 static struct proc_dir_entry *ov511_proc_entry = NULL;
13651 extern struct proc_dir_entry *video_proc_entry;
13653 -static struct file_operations ov511_control_fops = {
13654 +static const struct file_operations ov511_control_fops = {
13655 .ioctl = ov51x_control_ioctl,
13658 @@ -5284,7 +5284,7 @@ ov51x_v4l1_mmap(struct file *file, struc
13662 -static struct file_operations ov511_fops = {
13663 +static const struct file_operations ov511_fops = {
13664 .owner = THIS_MODULE,
13665 .open = ov51x_v4l1_open,
13666 .release = ov51x_v4l1_close,
13667 diff -urNp linux-2.4.37.7/drivers/usb/printer.c linux-2.4.37.7/drivers/usb/printer.c
13668 --- linux-2.4.37.7/drivers/usb/printer.c 2009-11-07 11:52:20.000000000 -0500
13669 +++ linux-2.4.37.7/drivers/usb/printer.c 2009-11-10 19:30:27.000000000 -0500
13670 @@ -818,7 +818,7 @@ static unsigned int usblp_quirks (__u16
13674 -static struct file_operations usblp_fops = {
13675 +static const struct file_operations usblp_fops = {
13676 owner: THIS_MODULE,
13678 write: usblp_write,
13679 diff -urNp linux-2.4.37.7/drivers/usb/rio500.c linux-2.4.37.7/drivers/usb/rio500.c
13680 --- linux-2.4.37.7/drivers/usb/rio500.c 2009-11-07 11:52:20.000000000 -0500
13681 +++ linux-2.4.37.7/drivers/usb/rio500.c 2009-11-10 19:30:27.000000000 -0500
13682 @@ -436,8 +436,7 @@ read_rio(struct file *file, char *buffer
13687 -file_operations usb_rio_fops = {
13688 +static const struct file_operations usb_rio_fops = {
13692 diff -urNp linux-2.4.37.7/drivers/usb/scanner.c linux-2.4.37.7/drivers/usb/scanner.c
13693 --- linux-2.4.37.7/drivers/usb/scanner.c 2009-11-07 11:52:20.000000000 -0500
13694 +++ linux-2.4.37.7/drivers/usb/scanner.c 2009-11-10 19:30:27.000000000 -0500
13695 @@ -852,8 +852,7 @@ ioctl_scanner(struct inode *inode, struc
13700 -file_operations usb_scanner_fops = {
13701 +static const struct file_operations usb_scanner_fops = {
13702 owner: THIS_MODULE,
13703 read: read_scanner,
13704 write: write_scanner,
13705 diff -urNp linux-2.4.37.7/drivers/usb/tiglusb.c linux-2.4.37.7/drivers/usb/tiglusb.c
13706 --- linux-2.4.37.7/drivers/usb/tiglusb.c 2009-11-07 11:52:20.000000000 -0500
13707 +++ linux-2.4.37.7/drivers/usb/tiglusb.c 2009-11-10 19:30:27.000000000 -0500
13708 @@ -311,7 +311,7 @@ tiglusb_ioctl (struct inode *inode, stru
13710 /* ----- kernel module registering ------------------------------------ */
13712 -static struct file_operations tiglusb_fops = {
13713 +static const struct file_operations tiglusb_fops = {
13714 .owner = THIS_MODULE,
13715 .llseek = no_llseek,
13716 .read = tiglusb_read,
13717 diff -urNp linux-2.4.37.7/drivers/usb/usb.c linux-2.4.37.7/drivers/usb/usb.c
13718 --- linux-2.4.37.7/drivers/usb/usb.c 2009-11-07 11:52:20.000000000 -0500
13719 +++ linux-2.4.37.7/drivers/usb/usb.c 2009-11-10 19:30:27.000000000 -0500
13720 @@ -2324,7 +2324,7 @@ static int usb_open(struct inode * inode
13721 int minor = MINOR(inode->i_rdev);
13722 struct usb_driver *c = usb_minors[minor/16];
13724 - struct file_operations *old_fops, *new_fops = NULL;
13725 + const struct file_operations *old_fops, *new_fops = NULL;
13728 * No load-on-demand? Randy, could you ACK that it's really not
13729 @@ -2345,7 +2345,7 @@ static int usb_open(struct inode * inode
13733 -static struct file_operations usb_fops = {
13734 +static const struct file_operations usb_fops = {
13735 owner: THIS_MODULE,
13738 diff -urNp linux-2.4.37.7/drivers/usb/usblcd.c linux-2.4.37.7/drivers/usb/usblcd.c
13739 --- linux-2.4.37.7/drivers/usb/usblcd.c 2009-11-07 11:52:20.000000000 -0500
13740 +++ linux-2.4.37.7/drivers/usb/usblcd.c 2009-11-10 19:30:27.000000000 -0500
13741 @@ -300,8 +300,7 @@ static struct usb_device_id id_table []
13743 MODULE_DEVICE_TABLE (usb, id_table);
13746 -file_operations usb_lcd_fops = {
13747 +static const struct file_operations usb_lcd_fops = {
13748 .owner = THIS_MODULE,
13750 .write = write_lcd,
13751 diff -urNp linux-2.4.37.7/drivers/usb/usb-midi.c linux-2.4.37.7/drivers/usb/usb-midi.c
13752 --- linux-2.4.37.7/drivers/usb/usb-midi.c 2009-11-07 11:52:20.000000000 -0500
13753 +++ linux-2.4.37.7/drivers/usb/usb-midi.c 2009-11-10 19:30:27.000000000 -0500
13754 @@ -989,7 +989,7 @@ static int usb_midi_release(struct inode
13758 -static struct file_operations usb_midi_fops = {
13759 +static const struct file_operations usb_midi_fops = {
13760 llseek: usb_midi_llseek,
13761 read: usb_midi_read,
13762 write: usb_midi_write,
13763 diff -urNp linux-2.4.37.7/drivers/usb/usb-skeleton.c linux-2.4.37.7/drivers/usb/usb-skeleton.c
13764 --- linux-2.4.37.7/drivers/usb/usb-skeleton.c 2009-11-07 11:52:20.000000000 -0500
13765 +++ linux-2.4.37.7/drivers/usb/usb-skeleton.c 2009-11-10 19:30:27.000000000 -0500
13766 @@ -150,7 +150,7 @@ static DECLARE_MUTEX (minor_table_mutex)
13767 * would use "struct net_driver" instead, and a serial
13768 * device would use "struct tty_driver".
13770 -static struct file_operations skel_fops = {
13771 +static const struct file_operations skel_fops = {
13773 * The owner field is part of the module-locking
13774 * mechanism. The idea is that the kernel knows
13775 diff -urNp linux-2.4.37.7/drivers/usb/w9968cf.c linux-2.4.37.7/drivers/usb/w9968cf.c
13776 --- linux-2.4.37.7/drivers/usb/w9968cf.c 2009-11-07 11:52:20.000000000 -0500
13777 +++ linux-2.4.37.7/drivers/usb/w9968cf.c 2009-11-10 19:30:27.000000000 -0500
13778 @@ -375,7 +375,7 @@ MODULE_PARM_DESC(specific_debug,
13779 ****************************************************************************/
13781 /* Video4linux interface */
13782 -static struct file_operations w9968cf_fops;
13783 +static const struct file_operations w9968cf_fops;
13784 static int w9968cf_open(struct inode*, struct file*);
13785 static int w9968cf_release(struct inode*, struct file*);
13786 static ssize_t w9968cf_read(struct file*, char*, size_t, loff_t*);
13787 @@ -3708,7 +3708,7 @@ ioctl_fail:
13791 -static struct file_operations w9968cf_fops = {
13792 +static const struct file_operations w9968cf_fops = {
13793 .owner = THIS_MODULE,
13794 .open = w9968cf_open,
13795 .release = w9968cf_release,
13796 diff -urNp linux-2.4.37.7/drivers/video/fbmem.c linux-2.4.37.7/drivers/video/fbmem.c
13797 --- linux-2.4.37.7/drivers/video/fbmem.c 2009-11-07 11:52:20.000000000 -0500
13798 +++ linux-2.4.37.7/drivers/video/fbmem.c 2009-11-10 19:30:27.000000000 -0500
13799 @@ -748,7 +748,7 @@ fb_release(struct inode *inode, struct f
13803 -static struct file_operations fb_fops = {
13804 +static const struct file_operations fb_fops = {
13805 owner: THIS_MODULE,
13808 diff -urNp linux-2.4.37.7/drivers/video/vesafb.c linux-2.4.37.7/drivers/video/vesafb.c
13809 --- linux-2.4.37.7/drivers/video/vesafb.c 2009-11-07 11:52:20.000000000 -0500
13810 +++ linux-2.4.37.7/drivers/video/vesafb.c 2009-11-10 19:30:27.000000000 -0500
13811 @@ -546,7 +546,7 @@ int __init vesafb_init(void)
13812 video_visual = (video_bpp == 8) ?
13813 FB_VISUAL_PSEUDOCOLOR : FB_VISUAL_TRUECOLOR;
13816 +#if !defined(__i386__) || defined(CONFIG_PAX_KERNEXEC)
13817 screen_info.vesapm_seg = 0;
13820 diff -urNp linux-2.4.37.7/drivers/zorro/proc.c linux-2.4.37.7/drivers/zorro/proc.c
13821 --- linux-2.4.37.7/drivers/zorro/proc.c 2009-11-07 11:52:20.000000000 -0500
13822 +++ linux-2.4.37.7/drivers/zorro/proc.c 2009-11-10 19:30:27.000000000 -0500
13823 @@ -70,7 +70,7 @@ proc_bus_zorro_read(struct file *file, c
13827 -static struct file_operations proc_bus_zorro_operations = {
13828 +static const struct file_operations proc_bus_zorro_operations = {
13829 llseek: proc_bus_zorro_lseek,
13830 read: proc_bus_zorro_read,
13832 diff -urNp linux-2.4.37.7/fs/adfs/adfs.h linux-2.4.37.7/fs/adfs/adfs.h
13833 --- linux-2.4.37.7/fs/adfs/adfs.h 2009-11-07 11:52:20.000000000 -0500
13834 +++ linux-2.4.37.7/fs/adfs/adfs.h 2009-11-10 19:30:27.000000000 -0500
13835 @@ -95,17 +95,17 @@ extern struct dentry *adfs_lookup(struct
13839 -extern struct inode_operations adfs_dir_inode_operations;
13840 -extern struct file_operations adfs_dir_operations;
13841 -extern struct dentry_operations adfs_dentry_operations;
13842 +extern const struct inode_operations adfs_dir_inode_operations;
13843 +extern const struct file_operations adfs_dir_operations;
13844 +extern const struct dentry_operations adfs_dentry_operations;
13845 extern struct adfs_dir_ops adfs_f_dir_ops;
13846 extern struct adfs_dir_ops adfs_fplus_dir_ops;
13848 extern int adfs_dir_update(struct super_block *sb, struct object_info *obj);
13851 -extern struct inode_operations adfs_file_inode_operations;
13852 -extern struct file_operations adfs_file_operations;
13853 +extern const struct inode_operations adfs_file_inode_operations;
13854 +extern const struct file_operations adfs_file_operations;
13856 extern inline __u32 signed_asl(__u32 val, signed int shift)
13858 diff -urNp linux-2.4.37.7/fs/adfs/dir.c linux-2.4.37.7/fs/adfs/dir.c
13859 --- linux-2.4.37.7/fs/adfs/dir.c 2009-11-07 11:52:20.000000000 -0500
13860 +++ linux-2.4.37.7/fs/adfs/dir.c 2009-11-10 19:30:27.000000000 -0500
13861 @@ -192,7 +192,7 @@ out:
13865 -struct file_operations adfs_dir_operations = {
13866 +const struct file_operations adfs_dir_operations = {
13867 read: generic_read_dir,
13868 readdir: adfs_readdir,
13870 @@ -259,7 +259,7 @@ adfs_compare(struct dentry *parent, stru
13874 -struct dentry_operations adfs_dentry_operations = {
13875 +const struct dentry_operations adfs_dentry_operations = {
13877 d_compare: adfs_compare,
13879 @@ -289,7 +289,7 @@ struct dentry *adfs_lookup(struct inode
13881 * directories can handle most operations...
13883 -struct inode_operations adfs_dir_inode_operations = {
13884 +const struct inode_operations adfs_dir_inode_operations = {
13885 lookup: adfs_lookup,
13886 setattr: adfs_notify_change,
13888 diff -urNp linux-2.4.37.7/fs/adfs/file.c linux-2.4.37.7/fs/adfs/file.c
13889 --- linux-2.4.37.7/fs/adfs/file.c 2009-11-07 11:52:20.000000000 -0500
13890 +++ linux-2.4.37.7/fs/adfs/file.c 2009-11-10 19:30:27.000000000 -0500
13895 -struct file_operations adfs_file_operations = {
13896 +const struct file_operations adfs_file_operations = {
13897 llseek: generic_file_llseek,
13898 read: generic_file_read,
13899 mmap: generic_file_mmap,
13900 @@ -36,6 +36,6 @@ struct file_operations adfs_file_operati
13901 write: generic_file_write,
13904 -struct inode_operations adfs_file_inode_operations = {
13905 +const struct inode_operations adfs_file_inode_operations = {
13906 setattr: adfs_notify_change,
13908 diff -urNp linux-2.4.37.7/fs/adfs/inode.c linux-2.4.37.7/fs/adfs/inode.c
13909 --- linux-2.4.37.7/fs/adfs/inode.c 2009-11-07 11:52:20.000000000 -0500
13910 +++ linux-2.4.37.7/fs/adfs/inode.c 2009-11-10 19:30:27.000000000 -0500
13911 @@ -76,7 +76,7 @@ static int _adfs_bmap(struct address_spa
13912 return generic_block_bmap(mapping, block, adfs_get_block);
13915 -static struct address_space_operations adfs_aops = {
13916 +static const struct address_space_operations adfs_aops = {
13917 readpage: adfs_readpage,
13918 writepage: adfs_writepage,
13919 sync_page: block_sync_page,
13920 diff -urNp linux-2.4.37.7/fs/adfs/super.c linux-2.4.37.7/fs/adfs/super.c
13921 --- linux-2.4.37.7/fs/adfs/super.c 2009-11-07 11:52:20.000000000 -0500
13922 +++ linux-2.4.37.7/fs/adfs/super.c 2009-11-10 19:30:27.000000000 -0500
13923 @@ -232,7 +232,7 @@ static int adfs_statfs(struct super_bloc
13927 -static struct super_operations adfs_sops = {
13928 +static const struct super_operations adfs_sops = {
13929 write_inode: adfs_write_inode,
13930 put_super: adfs_put_super,
13931 statfs: adfs_statfs,
13932 diff -urNp linux-2.4.37.7/fs/affs/dir.c linux-2.4.37.7/fs/affs/dir.c
13933 --- linux-2.4.37.7/fs/affs/dir.c 2009-11-07 11:52:20.000000000 -0500
13934 +++ linux-2.4.37.7/fs/affs/dir.c 2009-11-10 19:30:27.000000000 -0500
13937 static int affs_readdir(struct file *, void *, filldir_t);
13939 -struct file_operations affs_dir_operations = {
13940 +const struct file_operations affs_dir_operations = {
13941 read: generic_read_dir,
13942 readdir: affs_readdir,
13944 @@ -34,7 +34,7 @@ struct file_operations affs_dir_operatio
13946 * directories can handle most operations...
13948 -struct inode_operations affs_dir_inode_operations = {
13949 +const struct inode_operations affs_dir_inode_operations = {
13950 create: affs_create,
13951 lookup: affs_lookup,
13953 diff -urNp linux-2.4.37.7/fs/affs/file.c linux-2.4.37.7/fs/affs/file.c
13954 --- linux-2.4.37.7/fs/affs/file.c 2009-11-07 11:52:20.000000000 -0500
13955 +++ linux-2.4.37.7/fs/affs/file.c 2009-11-10 19:30:27.000000000 -0500
13956 @@ -44,7 +44,7 @@ static ssize_t affs_file_write(struct fi
13957 static int affs_file_open(struct inode *inode, struct file *filp);
13958 static int affs_file_release(struct inode *inode, struct file *filp);
13960 -struct file_operations affs_file_operations = {
13961 +const struct file_operations affs_file_operations = {
13962 llseek: generic_file_llseek,
13963 read: generic_file_read,
13964 write: affs_file_write,
13965 @@ -54,7 +54,7 @@ struct file_operations affs_file_operati
13969 -struct inode_operations affs_file_inode_operations = {
13970 +const struct inode_operations affs_file_inode_operations = {
13971 truncate: affs_truncate,
13972 setattr: affs_notify_change,
13974 @@ -427,7 +427,7 @@ static int _affs_bmap(struct address_spa
13976 return generic_block_bmap(mapping,block,affs_get_block);
13978 -struct address_space_operations affs_aops = {
13979 +const struct address_space_operations affs_aops = {
13980 readpage: affs_readpage,
13981 writepage: affs_writepage,
13982 sync_page: block_sync_page,
13983 @@ -787,7 +787,7 @@ out:
13987 -struct address_space_operations affs_aops_ofs = {
13988 +const struct address_space_operations affs_aops_ofs = {
13989 readpage: affs_readpage_ofs,
13990 //writepage: affs_writepage_ofs,
13991 //sync_page: affs_sync_page_ofs,
13992 diff -urNp linux-2.4.37.7/fs/affs/inode.c linux-2.4.37.7/fs/affs/inode.c
13993 --- linux-2.4.37.7/fs/affs/inode.c 2009-11-07 11:52:20.000000000 -0500
13994 +++ linux-2.4.37.7/fs/affs/inode.c 2009-11-10 19:30:27.000000000 -0500
13996 #include <asm/uaccess.h>
13997 #include <linux/module.h>
13999 -extern struct inode_operations affs_symlink_inode_operations;
14000 +extern const struct inode_operations affs_symlink_inode_operations;
14001 extern struct timezone sys_tz;
14004 diff -urNp linux-2.4.37.7/fs/affs/namei.c linux-2.4.37.7/fs/affs/namei.c
14005 --- linux-2.4.37.7/fs/affs/namei.c 2009-11-07 11:52:20.000000000 -0500
14006 +++ linux-2.4.37.7/fs/affs/namei.c 2009-11-10 19:30:27.000000000 -0500
14009 typedef int (*toupper_t)(int);
14011 -extern struct inode_operations affs_symlink_inode_operations;
14012 +extern const struct inode_operations affs_symlink_inode_operations;
14014 static int affs_toupper(int ch);
14015 static int affs_hash_dentry(struct dentry *, struct qstr *);
14016 @@ -31,12 +31,12 @@ static int affs_intl_toupper(int ch);
14017 static int affs_intl_hash_dentry(struct dentry *, struct qstr *);
14018 static int affs_intl_compare_dentry(struct dentry *, struct qstr *, struct qstr *);
14020 -struct dentry_operations affs_dentry_operations = {
14021 +const struct dentry_operations affs_dentry_operations = {
14022 d_hash: affs_hash_dentry,
14023 d_compare: affs_compare_dentry,
14026 -struct dentry_operations affs_intl_dentry_operations = {
14027 +const struct dentry_operations affs_intl_dentry_operations = {
14028 d_hash: affs_intl_hash_dentry,
14029 d_compare: affs_intl_compare_dentry,
14031 diff -urNp linux-2.4.37.7/fs/affs/super.c linux-2.4.37.7/fs/affs/super.c
14032 --- linux-2.4.37.7/fs/affs/super.c 2009-11-07 11:52:20.000000000 -0500
14033 +++ linux-2.4.37.7/fs/affs/super.c 2009-11-10 19:30:27.000000000 -0500
14034 @@ -77,7 +77,7 @@ affs_write_super(struct super_block *sb)
14035 pr_debug("AFFS: write_super() at %lu, clean=%d\n", CURRENT_TIME, clean);
14038 -static struct super_operations affs_sops = {
14039 +static const struct super_operations affs_sops = {
14040 read_inode: affs_read_inode,
14041 write_inode: affs_write_inode,
14042 put_inode: affs_put_inode,
14043 diff -urNp linux-2.4.37.7/fs/affs/symlink.c linux-2.4.37.7/fs/affs/symlink.c
14044 --- linux-2.4.37.7/fs/affs/symlink.c 2009-11-07 11:52:20.000000000 -0500
14045 +++ linux-2.4.37.7/fs/affs/symlink.c 2009-11-10 19:30:27.000000000 -0500
14046 @@ -76,11 +76,11 @@ fail:
14050 -struct address_space_operations affs_symlink_aops = {
14051 +const struct address_space_operations affs_symlink_aops = {
14052 readpage: affs_symlink_readpage,
14055 -struct inode_operations affs_symlink_inode_operations = {
14056 +const struct inode_operations affs_symlink_inode_operations = {
14057 readlink: page_readlink,
14058 follow_link: page_follow_link,
14059 setattr: affs_notify_change,
14060 diff -urNp linux-2.4.37.7/fs/autofs/autofs_i.h linux-2.4.37.7/fs/autofs/autofs_i.h
14061 --- linux-2.4.37.7/fs/autofs/autofs_i.h 2009-11-07 11:52:20.000000000 -0500
14062 +++ linux-2.4.37.7/fs/autofs/autofs_i.h 2009-11-10 19:30:27.000000000 -0500
14063 @@ -137,10 +137,10 @@ struct autofs_dir_ent *autofs_expire(str
14065 /* Operations structures */
14067 -extern struct inode_operations autofs_root_inode_operations;
14068 -extern struct inode_operations autofs_symlink_inode_operations;
14069 -extern struct inode_operations autofs_dir_inode_operations;
14070 -extern struct file_operations autofs_root_operations;
14071 +extern const struct inode_operations autofs_root_inode_operations;
14072 +extern const struct inode_operations autofs_symlink_inode_operations;
14073 +extern const struct inode_operations autofs_dir_inode_operations;
14074 +extern const struct file_operations autofs_root_operations;
14076 /* Initializing function */
14078 diff -urNp linux-2.4.37.7/fs/autofs/dir.c linux-2.4.37.7/fs/autofs/dir.c
14079 --- linux-2.4.37.7/fs/autofs/dir.c 2009-11-07 11:52:20.000000000 -0500
14080 +++ linux-2.4.37.7/fs/autofs/dir.c 2009-11-10 19:30:27.000000000 -0500
14081 @@ -23,7 +23,7 @@ static struct dentry *autofs_dir_lookup(
14085 -struct inode_operations autofs_dir_inode_operations = {
14086 +const struct inode_operations autofs_dir_inode_operations = {
14087 lookup: autofs_dir_lookup,
14090 diff -urNp linux-2.4.37.7/fs/autofs/inode.c linux-2.4.37.7/fs/autofs/inode.c
14091 --- linux-2.4.37.7/fs/autofs/inode.c 2009-11-07 11:52:20.000000000 -0500
14092 +++ linux-2.4.37.7/fs/autofs/inode.c 2009-11-10 19:30:27.000000000 -0500
14093 @@ -41,7 +41,7 @@ static void autofs_put_super(struct supe
14094 static int autofs_statfs(struct super_block *sb, struct statfs *buf);
14095 static void autofs_read_inode(struct inode *inode);
14097 -static struct super_operations autofs_sops = {
14098 +static const struct super_operations autofs_sops = {
14099 read_inode: autofs_read_inode,
14100 put_super: autofs_put_super,
14101 statfs: autofs_statfs,
14102 diff -urNp linux-2.4.37.7/fs/autofs/root.c linux-2.4.37.7/fs/autofs/root.c
14103 --- linux-2.4.37.7/fs/autofs/root.c 2009-11-07 11:52:20.000000000 -0500
14104 +++ linux-2.4.37.7/fs/autofs/root.c 2009-11-10 19:30:27.000000000 -0500
14105 @@ -25,13 +25,13 @@ static int autofs_root_rmdir(struct inod
14106 static int autofs_root_mkdir(struct inode *,struct dentry *,int);
14107 static int autofs_root_ioctl(struct inode *, struct file *,unsigned int,unsigned long);
14109 -struct file_operations autofs_root_operations = {
14110 +const struct file_operations autofs_root_operations = {
14111 read: generic_read_dir,
14112 readdir: autofs_root_readdir,
14113 ioctl: autofs_root_ioctl,
14116 -struct inode_operations autofs_root_inode_operations = {
14117 +const struct inode_operations autofs_root_inode_operations = {
14118 lookup: autofs_root_lookup,
14119 unlink: autofs_root_unlink,
14120 symlink: autofs_root_symlink,
14121 @@ -187,7 +187,7 @@ static int autofs_revalidate(struct dent
14125 -static struct dentry_operations autofs_dentry_operations = {
14126 +static const struct dentry_operations autofs_dentry_operations = {
14127 d_revalidate: autofs_revalidate,
14130 diff -urNp linux-2.4.37.7/fs/autofs/symlink.c linux-2.4.37.7/fs/autofs/symlink.c
14131 --- linux-2.4.37.7/fs/autofs/symlink.c 2009-11-07 11:52:20.000000000 -0500
14132 +++ linux-2.4.37.7/fs/autofs/symlink.c 2009-11-10 19:30:27.000000000 -0500
14133 @@ -24,7 +24,7 @@ static int autofs_follow_link(struct den
14134 return vfs_follow_link(nd, s);
14137 -struct inode_operations autofs_symlink_inode_operations = {
14138 +const struct inode_operations autofs_symlink_inode_operations = {
14139 readlink: autofs_readlink,
14140 follow_link: autofs_follow_link
14142 diff -urNp linux-2.4.37.7/fs/autofs4/autofs_i.h linux-2.4.37.7/fs/autofs4/autofs_i.h
14143 --- linux-2.4.37.7/fs/autofs4/autofs_i.h 2009-11-07 11:52:20.000000000 -0500
14144 +++ linux-2.4.37.7/fs/autofs4/autofs_i.h 2009-11-10 19:30:27.000000000 -0500
14145 @@ -136,10 +136,10 @@ int autofs4_expire_multi(struct super_bl
14147 /* Operations structures */
14149 -extern struct inode_operations autofs4_symlink_inode_operations;
14150 -extern struct inode_operations autofs4_dir_inode_operations;
14151 -extern struct inode_operations autofs4_root_inode_operations;
14152 -extern struct file_operations autofs4_root_operations;
14153 +extern const struct inode_operations autofs4_symlink_inode_operations;
14154 +extern const struct inode_operations autofs4_dir_inode_operations;
14155 +extern const struct inode_operations autofs4_root_inode_operations;
14156 +extern const struct file_operations autofs4_root_operations;
14158 /* Initializing function */
14160 diff -urNp linux-2.4.37.7/fs/autofs4/inode.c linux-2.4.37.7/fs/autofs4/inode.c
14161 --- linux-2.4.37.7/fs/autofs4/inode.c 2009-11-07 11:52:20.000000000 -0500
14162 +++ linux-2.4.37.7/fs/autofs4/inode.c 2009-11-10 19:30:27.000000000 -0500
14163 @@ -92,7 +92,7 @@ static void autofs4_put_super(struct sup
14165 static int autofs4_statfs(struct super_block *sb, struct statfs *buf);
14167 -static struct super_operations autofs4_sops = {
14168 +static const struct super_operations autofs4_sops = {
14169 put_super: autofs4_put_super,
14170 statfs: autofs4_statfs,
14172 diff -urNp linux-2.4.37.7/fs/autofs4/root.c linux-2.4.37.7/fs/autofs4/root.c
14173 --- linux-2.4.37.7/fs/autofs4/root.c 2009-11-07 11:52:20.000000000 -0500
14174 +++ linux-2.4.37.7/fs/autofs4/root.c 2009-11-10 19:30:27.000000000 -0500
14175 @@ -26,7 +26,7 @@ static int autofs4_dir_mkdir(struct inod
14176 static int autofs4_root_ioctl(struct inode *, struct file *,unsigned int,unsigned long);
14177 static struct dentry *autofs4_root_lookup(struct inode *,struct dentry *);
14179 -struct file_operations autofs4_root_operations = {
14180 +const struct file_operations autofs4_root_operations = {
14181 open: dcache_dir_open,
14182 release: dcache_dir_close,
14183 llseek: dcache_dir_lseek,
14184 @@ -36,7 +36,7 @@ struct file_operations autofs4_root_oper
14185 ioctl: autofs4_root_ioctl,
14188 -struct inode_operations autofs4_root_inode_operations = {
14189 +const struct inode_operations autofs4_root_inode_operations = {
14190 lookup: autofs4_root_lookup,
14191 unlink: autofs4_dir_unlink,
14192 symlink: autofs4_dir_symlink,
14193 @@ -44,7 +44,7 @@ struct inode_operations autofs4_root_ino
14194 rmdir: autofs4_dir_rmdir,
14197 -struct inode_operations autofs4_dir_inode_operations = {
14198 +const struct inode_operations autofs4_dir_inode_operations = {
14199 lookup: autofs4_dir_lookup,
14200 unlink: autofs4_dir_unlink,
14201 symlink: autofs4_dir_symlink,
14202 @@ -216,13 +216,13 @@ static void autofs4_dentry_release(struc
14205 /* For dentries of directories in the root dir */
14206 -static struct dentry_operations autofs4_root_dentry_operations = {
14207 +static const struct dentry_operations autofs4_root_dentry_operations = {
14208 d_revalidate: autofs4_root_revalidate,
14209 d_release: autofs4_dentry_release,
14212 /* For other dentries */
14213 -static struct dentry_operations autofs4_dentry_operations = {
14214 +static const struct dentry_operations autofs4_dentry_operations = {
14215 d_revalidate: autofs4_revalidate,
14216 d_release: autofs4_dentry_release,
14218 diff -urNp linux-2.4.37.7/fs/autofs4/symlink.c linux-2.4.37.7/fs/autofs4/symlink.c
14219 --- linux-2.4.37.7/fs/autofs4/symlink.c 2009-11-07 11:52:20.000000000 -0500
14220 +++ linux-2.4.37.7/fs/autofs4/symlink.c 2009-11-10 19:30:27.000000000 -0500
14221 @@ -26,7 +26,7 @@ static int autofs4_follow_link(struct de
14222 return vfs_follow_link(nd, ino->u.symlink);
14225 -struct inode_operations autofs4_symlink_inode_operations = {
14226 +const struct inode_operations autofs4_symlink_inode_operations = {
14227 readlink: autofs4_readlink,
14228 follow_link: autofs4_follow_link
14230 diff -urNp linux-2.4.37.7/fs/bad_inode.c linux-2.4.37.7/fs/bad_inode.c
14231 --- linux-2.4.37.7/fs/bad_inode.c 2009-11-07 11:52:20.000000000 -0500
14232 +++ linux-2.4.37.7/fs/bad_inode.c 2009-11-10 19:30:27.000000000 -0500
14233 @@ -90,8 +90,7 @@ static int bad_follow_link(struct dentry
14234 return vfs_follow_link(nd, ERR_PTR(-EIO));
14237 -static struct file_operations bad_file_ops =
14239 +static const struct file_operations bad_file_ops = {
14240 llseek: bad_file_llseek,
14241 read: bad_file_read,
14242 write: bad_file_write,
14243 @@ -175,8 +174,7 @@ static int bad_inode_revalidate(struct d
14247 -struct inode_operations bad_inode_ops =
14249 +const struct inode_operations bad_inode_ops = {
14250 create: bad_inode_create,
14251 lookup: bad_inode_lookup,
14252 link: bad_inode_link,
14253 diff -urNp linux-2.4.37.7/fs/befs/linuxvfs.c linux-2.4.37.7/fs/befs/linuxvfs.c
14254 --- linux-2.4.37.7/fs/befs/linuxvfs.c 2009-11-07 11:52:20.000000000 -0500
14255 +++ linux-2.4.37.7/fs/befs/linuxvfs.c 2009-11-10 19:30:27.000000000 -0500
14256 @@ -66,31 +66,31 @@ static const struct super_operations bef
14257 remount_fs:befs_remount,
14260 -struct file_operations befs_dir_operations = {
14261 +const struct file_operations befs_dir_operations = {
14262 read:generic_read_dir,
14263 readdir:befs_readdir,
14266 -struct inode_operations befs_dir_inode_operations = {
14267 +const struct inode_operations befs_dir_inode_operations = {
14268 lookup:befs_lookup,
14271 -struct file_operations befs_file_operations = {
14272 +const struct file_operations befs_file_operations = {
14273 llseek:default_llseek,
14274 read:generic_file_read,
14275 mmap:generic_file_mmap,
14278 -struct inode_operations befs_file_inode_operations = {
14279 +const struct inode_operations befs_file_inode_operations = {
14282 -struct address_space_operations befs_aops = {
14283 +const struct address_space_operations befs_aops = {
14284 readpage:befs_readpage,
14285 sync_page:block_sync_page,
14289 -static struct inode_operations befs_symlink_inode_operations = {
14290 +static const struct inode_operations befs_symlink_inode_operations = {
14291 readlink:befs_readlink,
14292 follow_link:befs_follow_link,
14294 diff -urNp linux-2.4.37.7/fs/bfs/dir.c linux-2.4.37.7/fs/bfs/dir.c
14295 --- linux-2.4.37.7/fs/bfs/dir.c 2009-11-07 11:52:20.000000000 -0500
14296 +++ linux-2.4.37.7/fs/bfs/dir.c 2009-11-10 19:30:27.000000000 -0500
14297 @@ -65,7 +65,7 @@ static int bfs_readdir(struct file * f,
14301 -struct file_operations bfs_dir_operations = {
14302 +const struct file_operations bfs_dir_operations = {
14303 read: generic_read_dir,
14304 readdir: bfs_readdir,
14306 @@ -243,7 +243,7 @@ end_rename:
14310 -struct inode_operations bfs_dir_inops = {
14311 +const struct inode_operations bfs_dir_inops = {
14312 create: bfs_create,
14313 lookup: bfs_lookup,
14315 diff -urNp linux-2.4.37.7/fs/bfs/file.c linux-2.4.37.7/fs/bfs/file.c
14316 --- linux-2.4.37.7/fs/bfs/file.c 2009-11-07 11:52:20.000000000 -0500
14317 +++ linux-2.4.37.7/fs/bfs/file.c 2009-11-10 19:30:27.000000000 -0500
14319 #define dprintf(x...)
14322 -struct file_operations bfs_file_operations = {
14323 +const struct file_operations bfs_file_operations = {
14324 llseek: generic_file_llseek,
14325 read: generic_file_read,
14326 write: generic_file_write,
14327 @@ -156,7 +156,7 @@ static int bfs_bmap(struct address_space
14328 return generic_block_bmap(mapping, block, bfs_get_block);
14331 -struct address_space_operations bfs_aops = {
14332 +const struct address_space_operations bfs_aops = {
14333 readpage: bfs_readpage,
14334 writepage: bfs_writepage,
14335 sync_page: block_sync_page,
14336 @@ -165,4 +165,4 @@ struct address_space_operations bfs_aops
14340 -struct inode_operations bfs_file_inops;
14341 +const struct inode_operations bfs_file_inops;
14342 diff -urNp linux-2.4.37.7/fs/bfs/inode.c linux-2.4.37.7/fs/bfs/inode.c
14343 --- linux-2.4.37.7/fs/bfs/inode.c 2009-11-07 11:52:20.000000000 -0500
14344 +++ linux-2.4.37.7/fs/bfs/inode.c 2009-11-10 19:30:27.000000000 -0500
14345 @@ -209,7 +209,7 @@ static void bfs_write_super(struct super
14349 -static struct super_operations bfs_sops = {
14350 +static const struct super_operations bfs_sops = {
14351 read_inode: bfs_read_inode,
14352 write_inode: bfs_write_inode,
14353 delete_inode: bfs_delete_inode,
14354 diff -urNp linux-2.4.37.7/fs/binfmt_aout.c linux-2.4.37.7/fs/binfmt_aout.c
14355 --- linux-2.4.37.7/fs/binfmt_aout.c 2009-11-07 11:52:20.000000000 -0500
14356 +++ linux-2.4.37.7/fs/binfmt_aout.c 2009-11-10 19:30:27.000000000 -0500
14357 @@ -121,10 +121,12 @@ static int aout_core_dump(long signr, st
14358 /* If the size of the dump file exceeds the rlimit, then see what would happen
14359 if we wrote the stack, but not the data area. */
14361 + gr_learn_resource(current, RLIMIT_CORE, dump.u_dsize+dump.u_ssize, 1);
14362 if ((dump.u_dsize+dump.u_ssize) >
14363 current->rlim[RLIMIT_CORE].rlim_cur)
14366 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE, 1);
14367 if ((dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE >
14368 current->rlim[RLIMIT_CORE].rlim_cur)
14370 @@ -132,10 +134,12 @@ static int aout_core_dump(long signr, st
14372 /* Make sure we have enough room to write the stack and data areas. */
14374 + gr_learn_resource(current, RLIMIT_CORE, dump.u_ssize, 1);
14375 if ((dump.u_ssize) >
14376 current->rlim[RLIMIT_CORE].rlim_cur)
14379 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize+1) * PAGE_SIZE, 1);
14380 if ((dump.u_ssize+1) * PAGE_SIZE >
14381 current->rlim[RLIMIT_CORE].rlim_cur)
14383 @@ -284,6 +288,8 @@ static int load_aout_binary(struct linux
14384 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
14385 if (rlim >= RLIM_INFINITY)
14388 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
14389 if (ex.a_data + ex.a_bss > rlim)
14392 @@ -315,6 +321,28 @@ static int load_aout_binary(struct linux
14393 current->mm->mmap = NULL;
14394 compute_creds(bprm);
14395 current->flags &= ~PF_FORKNOEXEC;
14397 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
14398 + current->mm->pax_flags = 0UL;
14401 +#ifdef CONFIG_PAX_PAGEEXEC
14402 + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
14403 + current->mm->pax_flags |= MF_PAX_PAGEEXEC;
14405 +#ifdef CONFIG_PAX_EMUTRAMP
14406 + if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
14407 + current->mm->pax_flags |= MF_PAX_EMUTRAMP;
14410 +#ifdef CONFIG_PAX_MPROTECT
14411 + if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
14412 + current->mm->pax_flags |= MF_PAX_MPROTECT;
14419 if (N_MAGIC(ex) == NMAGIC) {
14420 loff_t pos = fd_offset;
14421 @@ -408,7 +436,7 @@ static int load_aout_binary(struct linux
14423 down_write(¤t->mm->mmap_sem);
14424 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
14425 - PROT_READ | PROT_WRITE | PROT_EXEC,
14426 + PROT_READ | PROT_WRITE,
14427 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
14428 fd_offset + ex.a_text);
14429 up_write(¤t->mm->mmap_sem);
14430 diff -urNp linux-2.4.37.7/fs/binfmt_elf.c linux-2.4.37.7/fs/binfmt_elf.c
14431 --- linux-2.4.37.7/fs/binfmt_elf.c 2009-11-07 11:52:20.000000000 -0500
14432 +++ linux-2.4.37.7/fs/binfmt_elf.c 2009-11-10 19:30:27.000000000 -0500
14433 @@ -33,15 +33,23 @@
14434 #include <linux/smp_lock.h>
14435 #include <linux/compiler.h>
14436 #include <linux/highmem.h>
14437 +#include <linux/random.h>
14438 +#include <linux/grsecurity.h>
14440 #include <asm/uaccess.h>
14441 #include <asm/param.h>
14442 #include <asm/pgalloc.h>
14443 +#include <asm/system.h>
14445 #define DLINFO_ITEMS 13
14447 #include <linux/elf.h>
14449 +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
14450 +void (*pax_set_flags_func)(struct linux_binprm * bprm);
14451 +EXPORT_SYMBOL(pax_set_flags_func);
14454 static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs);
14455 static int load_elf_library(struct file*);
14456 static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int);
14457 @@ -81,18 +89,22 @@ static struct linux_binfmt elf_format =
14459 static int set_brk(unsigned long start, unsigned long end)
14461 + unsigned long e = end, retval;
14463 start = ELF_PAGEALIGN(start);
14464 end = ELF_PAGEALIGN(end);
14466 + down_write(¤t->mm->mmap_sem);
14468 - unsigned long addr;
14469 - down_write(¤t->mm->mmap_sem);
14470 - addr = do_brk(start, end - start);
14471 - up_write(¤t->mm->mmap_sem);
14472 - if (BAD_ADDR(addr))
14474 + retval = do_brk(start, end - start);
14475 + if (BAD_ADDR(retval))
14478 - current->mm->start_brk = current->mm->brk = end;
14480 + current->mm->start_brk = current->mm->brk = e;
14483 + up_write(¤t->mm->mmap_sem);
14488 @@ -275,7 +287,7 @@ static unsigned long load_elf_interp(str
14489 unsigned long load_addr = 0;
14490 int load_addr_set = 0;
14491 unsigned long last_bss = 0, elf_bss = 0;
14492 - unsigned long error = ~0UL;
14493 + unsigned long error = -EINVAL;
14494 int retval, i, size;
14496 /* First of all, some simple consistency checks */
14497 @@ -397,6 +409,8 @@ static unsigned long load_elf_interp(str
14498 * switch to out-of-band error reporting.
14500 error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
14501 + if (BAD_ADDR(error))
14506 @@ -407,7 +421,7 @@ out:
14507 static unsigned long load_aout_interp(struct exec * interp_ex,
14508 struct file * interpreter)
14510 - unsigned long text_data, elf_entry = ~0UL;
14511 + unsigned long text_data, elf_entry = -EINVAL;
14515 @@ -452,6 +466,171 @@ out:
14519 +#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
14520 +static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
14522 + unsigned long pax_flags = 0UL;
14524 +#ifdef CONFIG_PAX_PAGEEXEC
14525 + if (elf_phdata->p_flags & PF_PAGEEXEC)
14526 + pax_flags |= MF_PAX_PAGEEXEC;
14529 +#ifdef CONFIG_PAX_SEGMEXEC
14530 + if (elf_phdata->p_flags & PF_SEGMEXEC) {
14531 + pax_flags &= ~MF_PAX_PAGEEXEC;
14532 + pax_flags |= MF_PAX_SEGMEXEC;
14536 +#ifdef CONFIG_PAX_EMUTRAMP
14537 + if (elf_phdata->p_flags & PF_EMUTRAMP)
14538 + pax_flags |= MF_PAX_EMUTRAMP;
14541 +#ifdef CONFIG_PAX_MPROTECT
14542 + if (elf_phdata->p_flags & PF_MPROTECT)
14543 + pax_flags |= MF_PAX_MPROTECT;
14546 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
14548 +#ifdef CONFIG_PAX_SOFTMODE
14552 + if (elf_phdata->p_flags & PF_RANDMMAP)
14553 + pax_flags |= MF_PAX_RANDMMAP;
14556 + return pax_flags;
14560 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
14561 +static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
14563 + unsigned long pax_flags = 0UL;
14565 +#ifdef CONFIG_PAX_PAGEEXEC
14566 + if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
14567 + pax_flags |= MF_PAX_PAGEEXEC;
14570 +#ifdef CONFIG_PAX_SEGMEXEC
14571 + if (!(elf_phdata->p_flags & PF_NOSEGMEXEC)) {
14572 + pax_flags &= ~MF_PAX_PAGEEXEC;
14573 + pax_flags |= MF_PAX_SEGMEXEC;
14577 +#ifdef CONFIG_PAX_EMUTRAMP
14578 + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
14579 + pax_flags |= MF_PAX_EMUTRAMP;
14582 +#ifdef CONFIG_PAX_MPROTECT
14583 + if (!(elf_phdata->p_flags & PF_NOMPROTECT))
14584 + pax_flags |= MF_PAX_MPROTECT;
14587 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
14589 +#ifdef CONFIG_PAX_SOFTMODE
14593 + if (!(elf_phdata->p_flags & PF_NORANDMMAP))
14594 + pax_flags |= MF_PAX_RANDMMAP;
14597 + return pax_flags;
14601 +#ifdef CONFIG_PAX_EI_PAX
14602 +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
14604 + unsigned long pax_flags = 0UL;
14606 +#ifdef CONFIG_PAX_PAGEEXEC
14607 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
14608 + pax_flags |= MF_PAX_PAGEEXEC;
14611 +#ifdef CONFIG_PAX_SEGMEXEC
14612 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC)) {
14613 + pax_flags &= ~MF_PAX_PAGEEXEC;
14614 + pax_flags |= MF_PAX_SEGMEXEC;
14618 +#ifdef CONFIG_PAX_EMUTRAMP
14619 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
14620 + pax_flags |= MF_PAX_EMUTRAMP;
14623 +#ifdef CONFIG_PAX_MPROTECT
14624 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
14625 + pax_flags |= MF_PAX_MPROTECT;
14628 +#ifdef CONFIG_PAX_ASLR
14630 +#ifdef CONFIG_PAX_SOFTMODE
14634 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
14635 + pax_flags |= MF_PAX_RANDMMAP;
14638 + return pax_flags;
14642 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
14643 +static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
14645 + unsigned long pax_flags = 0UL;
14647 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
14651 +#ifdef CONFIG_PAX_EI_PAX
14652 + pax_flags = pax_parse_ei_pax(elf_ex);
14655 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
14656 + for (i = 0UL; i < elf_ex->e_phnum; i++)
14657 + if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
14658 + if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
14659 + ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
14660 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
14661 + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
14662 + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
14665 +#ifdef CONFIG_PAX_SOFTMODE
14666 + if (pax_softmode)
14667 + pax_flags = pax_parse_softmode(&elf_phdata[i]);
14671 + pax_flags = pax_parse_hardmode(&elf_phdata[i]);
14676 + if (0 > pax_check_flags(&pax_flags))
14679 + current->mm->pax_flags = pax_flags;
14685 * These are the functions used to load ELF style executables and shared
14686 * libraries. There is no binary dependent code anywhere else.
14687 @@ -484,7 +663,7 @@ static int load_elf_binary(struct linux_
14688 struct exec interp_ex;
14689 char passed_fileno[6];
14690 struct files_struct *files;
14693 /* Get the exec-header */
14694 elf_ex = *((struct elfhdr *) bprm->buf);
14696 @@ -684,7 +863,47 @@ static int load_elf_binary(struct linux_
14697 current->mm->end_data = 0;
14698 current->mm->end_code = 0;
14699 current->mm->mmap = NULL;
14701 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
14702 + current->mm->pax_flags = 0UL;
14705 +#ifdef CONFIG_PAX_DLRESOLVE
14706 + current->mm->call_dl_resolve = 0UL;
14709 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
14710 + current->mm->call_syscall = 0UL;
14713 +#ifdef CONFIG_PAX_ASLR
14714 + current->mm->delta_mmap = 0UL;
14715 + current->mm->delta_stack = 0UL;
14718 current->flags &= ~PF_FORKNOEXEC;
14720 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
14721 + if (0 > pax_parse_elf_flags(&elf_ex, elf_phdata)) {
14722 + send_sig(SIGKILL, current, 0);
14723 + goto out_free_dentry;
14727 +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
14728 + pax_set_initial_flags(bprm);
14729 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
14730 + if (pax_set_initial_flags_func)
14731 + (*pax_set_initial_flags_func)(bprm);
14734 +#ifdef CONFIG_PAX_ASLR
14735 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
14736 + current->mm->delta_mmap = (net_random() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
14737 + current->mm->delta_stack = (net_random() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
14741 elf_entry = (unsigned long) elf_ex.e_entry;
14743 /* Do this so that we can load the interpreter, if need be. We will
14744 @@ -693,7 +912,7 @@ static int load_elf_binary(struct linux_
14745 retval = setup_arg_pages(bprm);
14747 send_sig(SIGKILL, current, 0);
14749 + goto out_free_dentry;
14752 current->mm->start_stack = bprm->p;
14753 @@ -745,6 +964,20 @@ static int load_elf_binary(struct linux_
14754 base, as well as whatever program they might try to exec. This
14755 is because the brk will follow the loader, and is not movable. */
14756 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
14758 +#ifdef CONFIG_PAX_RANDMMAP
14759 + /* PaX: randomize base address at the default exe base if requested */
14760 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
14761 +#ifdef __sparc_v9__
14762 + load_bias = (net_random() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
14764 + load_bias = (net_random() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
14766 + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
14767 + elf_flags |= MAP_FIXED;
14773 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
14774 @@ -801,6 +1034,11 @@ static int load_elf_binary(struct linux_
14775 start_data += load_bias;
14776 end_data += load_bias;
14778 +#ifdef CONFIG_PAX_RANDMMAP
14779 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
14780 + elf_brk += PAGE_SIZE + ((net_random() & ~PAGE_MASK) << 4);
14783 /* Calling set_brk effectively mmaps the pages that we need
14784 * for the bss and break sections. We must do this before
14785 * mapping in the interpreter, to make sure it doesn't wind
14786 @@ -907,6 +1145,10 @@ static int load_elf_binary(struct linux_
14787 ELF_PLAT_INIT(regs, reloc_func_desc);
14790 +#ifdef CONFIG_PAX_SEGMEXEC
14791 + pax_switch_segments(current);
14794 start_thread(regs, elf_entry, bprm->p);
14795 if (current->ptrace & PT_PTRACED)
14796 send_sig(SIGTRAP, current, 0);
14797 @@ -1052,7 +1294,7 @@ static int dump_seek(struct file *file,
14799 * I think we should skip something. But I am not sure how. H.J.
14801 -static inline int maydump(struct vm_area_struct *vma)
14802 +static inline int maydump(struct vm_area_struct *vma, long signr)
14805 * If we may not read the contents, don't allow us to dump
14806 @@ -1064,12 +1306,15 @@ static inline int maydump(struct vm_area
14807 /* Do not dump I/O mapped devices! -DaveM */
14808 if (vma->vm_flags & VM_IO)
14812 + if (signr == SIGKILL)
14815 if (vma->vm_flags & (VM_WRITE|VM_GROWSUP|VM_GROWSDOWN))
14817 if (vma->vm_flags & (VM_READ|VM_EXEC|VM_EXECUTABLE|VM_SHARED))
14824 @@ -1141,8 +1386,11 @@ static int writenote(struct memelfnote *
14827 #define DUMP_WRITE(addr, nr) \
14829 + gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \
14830 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
14831 - goto end_coredump;
14832 + goto end_coredump; \
14834 #define DUMP_SEEK(off) \
14835 if (!dump_seek(file, (off))) \
14837 @@ -1341,7 +1589,7 @@ static int elf_core_dump(long signr, str
14838 phdr.p_offset = offset;
14839 phdr.p_vaddr = vma->vm_start;
14841 - phdr.p_filesz = maydump(vma) ? sz : 0;
14842 + phdr.p_filesz = maydump(vma, signr) ? sz : 0;
14844 offset += phdr.p_filesz;
14845 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
14846 @@ -1361,7 +1609,7 @@ static int elf_core_dump(long signr, str
14847 for(vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
14848 unsigned long addr;
14850 - if (!maydump(vma))
14851 + if (!maydump(vma, signr))
14855 diff -urNp linux-2.4.37.7/fs/binfmt_misc.c linux-2.4.37.7/fs/binfmt_misc.c
14856 --- linux-2.4.37.7/fs/binfmt_misc.c 2009-11-07 11:52:20.000000000 -0500
14857 +++ linux-2.4.37.7/fs/binfmt_misc.c 2009-11-10 19:30:27.000000000 -0500
14858 @@ -102,9 +102,11 @@ static int load_misc_binary(struct linux
14863 + if (!enabled || bprm->misc)
14868 /* to keep locking time low, we copy the interpreter string */
14869 read_lock(&entries_lock);
14870 fmt = check_file(bprm);
14871 @@ -479,7 +481,7 @@ static ssize_t bm_entry_write(struct fil
14875 -static struct file_operations bm_entry_operations = {
14876 +static const struct file_operations bm_entry_operations = {
14877 read: bm_entry_read,
14878 write: bm_entry_write,
14880 @@ -538,7 +540,7 @@ static ssize_t bm_register_write(struct
14884 -static struct file_operations bm_register_operations = {
14885 +static const struct file_operations bm_register_operations = {
14886 write: bm_register_write,
14889 @@ -587,7 +589,7 @@ static ssize_t bm_status_write(struct fi
14893 -static struct file_operations bm_status_operations = {
14894 +static const struct file_operations bm_status_operations = {
14895 read: bm_status_read,
14896 write: bm_status_write,
14898 @@ -600,7 +602,7 @@ static struct dentry * bm_lookup(struct
14902 -static struct inode_operations bm_dir_inode_operations = {
14903 +static const struct inode_operations bm_dir_inode_operations = {
14907 @@ -614,7 +616,7 @@ static int bm_statfs(struct super_block
14911 -static struct super_operations s_ops = {
14912 +static const struct super_operations s_ops = {
14914 put_inode: force_delete,
14915 clear_inode: bm_clear_inode,
14916 diff -urNp linux-2.4.37.7/fs/block_dev.c linux-2.4.37.7/fs/block_dev.c
14917 --- linux-2.4.37.7/fs/block_dev.c 2009-11-07 11:52:20.000000000 -0500
14918 +++ linux-2.4.37.7/fs/block_dev.c 2009-11-10 19:30:27.000000000 -0500
14919 @@ -220,7 +220,7 @@ static int block_fsync(struct file *filp
14921 static struct super_block *bd_read_super(struct super_block *sb, void *data, int silent)
14923 - static struct super_operations sops = {};
14924 + static const struct super_operations sops = {};
14925 struct inode *root = new_inode(sb);
14928 @@ -662,7 +662,7 @@ static int blkdev_ioctl(struct inode *in
14932 -struct address_space_operations def_blk_aops = {
14933 +const struct address_space_operations def_blk_aops = {
14934 readpage: blkdev_readpage,
14935 writepage: blkdev_writepage,
14936 sync_page: block_sync_page,
14937 @@ -671,7 +671,7 @@ struct address_space_operations def_blk_
14938 direct_IO: blkdev_direct_IO,
14941 -struct file_operations def_blk_fops = {
14942 +const struct file_operations def_blk_fops = {
14944 release: blkdev_close,
14945 llseek: block_llseek,
14946 diff -urNp linux-2.4.37.7/fs/buffer.c linux-2.4.37.7/fs/buffer.c
14947 --- linux-2.4.37.7/fs/buffer.c 2009-11-07 11:52:20.000000000 -0500
14948 +++ linux-2.4.37.7/fs/buffer.c 2009-11-10 19:30:27.000000000 -0500
14949 @@ -1865,6 +1865,9 @@ int generic_cont_expand(struct inode *in
14954 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size, 1);
14956 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
14957 if (limit != RLIM_INFINITY && size > (loff_t)limit) {
14958 send_sig(SIGXFSZ, current, 0);
14959 diff -urNp linux-2.4.37.7/fs/coda/cnode.c linux-2.4.37.7/fs/coda/cnode.c
14960 --- linux-2.4.37.7/fs/coda/cnode.c 2009-11-07 11:52:20.000000000 -0500
14961 +++ linux-2.4.37.7/fs/coda/cnode.c 2009-11-10 19:30:27.000000000 -0500
14962 @@ -32,7 +32,7 @@ static int coda_inocmp(struct inode *ino
14963 return (coda_fideq((ViceFid *)opaque, &(ITOC(inode)->c_fid)));
14966 -static struct inode_operations coda_symlink_inode_operations = {
14967 +static const struct inode_operations coda_symlink_inode_operations = {
14968 readlink: page_readlink,
14969 follow_link: page_follow_link,
14970 setattr: coda_notify_change,
14971 diff -urNp linux-2.4.37.7/fs/coda/dir.c linux-2.4.37.7/fs/coda/dir.c
14972 --- linux-2.4.37.7/fs/coda/dir.c 2009-11-07 11:52:20.000000000 -0500
14973 +++ linux-2.4.37.7/fs/coda/dir.c 2009-11-10 19:30:27.000000000 -0500
14974 @@ -56,14 +56,12 @@ int coda_fsync(struct file *, struct den
14978 -struct dentry_operations coda_dentry_operations =
14980 +const struct dentry_operations coda_dentry_operations = {
14981 d_revalidate: coda_dentry_revalidate,
14982 d_delete: coda_dentry_delete,
14985 -struct inode_operations coda_dir_inode_operations =
14987 +const struct inode_operations coda_dir_inode_operations = {
14988 create: coda_create,
14989 lookup: coda_lookup,
14991 @@ -78,7 +76,7 @@ struct inode_operations coda_dir_inode_o
14992 setattr: coda_notify_change,
14995 -struct file_operations coda_dir_operations = {
14996 +const struct file_operations coda_dir_operations = {
14997 llseek: generic_file_llseek,
14998 read: generic_read_dir,
14999 readdir: coda_readdir,
15000 diff -urNp linux-2.4.37.7/fs/coda/file.c linux-2.4.37.7/fs/coda/file.c
15001 --- linux-2.4.37.7/fs/coda/file.c 2009-11-07 11:52:20.000000000 -0500
15002 +++ linux-2.4.37.7/fs/coda/file.c 2009-11-10 19:30:27.000000000 -0500
15003 @@ -279,7 +279,7 @@ int coda_fsync(struct file *coda_file, s
15007 -struct file_operations coda_file_operations = {
15008 +const struct file_operations coda_file_operations = {
15009 llseek: generic_file_llseek,
15010 read: coda_file_read,
15011 write: coda_file_write,
15012 diff -urNp linux-2.4.37.7/fs/coda/inode.c linux-2.4.37.7/fs/coda/inode.c
15013 --- linux-2.4.37.7/fs/coda/inode.c 2009-11-07 11:52:20.000000000 -0500
15014 +++ linux-2.4.37.7/fs/coda/inode.c 2009-11-10 19:30:27.000000000 -0500
15015 @@ -40,8 +40,7 @@ static void coda_put_super(struct super_
15016 static int coda_statfs(struct super_block *sb, struct statfs *buf);
15018 /* exported operations */
15019 -struct super_operations coda_super_operations =
15021 +const struct super_operations coda_super_operations = {
15022 read_inode: coda_read_inode,
15023 clear_inode: coda_clear_inode,
15024 put_super: coda_put_super,
15025 @@ -236,7 +235,7 @@ int coda_notify_change(struct dentry *de
15029 -struct inode_operations coda_file_inode_operations = {
15030 +const struct inode_operations coda_file_inode_operations = {
15031 permission: coda_permission,
15032 revalidate: coda_revalidate_inode,
15033 setattr: coda_notify_change,
15034 diff -urNp linux-2.4.37.7/fs/coda/pioctl.c linux-2.4.37.7/fs/coda/pioctl.c
15035 --- linux-2.4.37.7/fs/coda/pioctl.c 2009-11-07 11:52:20.000000000 -0500
15036 +++ linux-2.4.37.7/fs/coda/pioctl.c 2009-11-10 19:30:27.000000000 -0500
15037 @@ -30,13 +30,12 @@ static int coda_pioctl(struct inode * in
15038 unsigned int cmd, unsigned long user_data);
15040 /* exported from this file */
15041 -struct inode_operations coda_ioctl_inode_operations =
15043 +const struct inode_operations coda_ioctl_inode_operations = {
15044 permission: coda_ioctl_permission,
15045 setattr: coda_notify_change,
15048 -struct file_operations coda_ioctl_operations = {
15049 +const struct file_operations coda_ioctl_operations = {
15050 owner: THIS_MODULE,
15051 ioctl: coda_pioctl,
15053 diff -urNp linux-2.4.37.7/fs/coda/psdev.c linux-2.4.37.7/fs/coda/psdev.c
15054 --- linux-2.4.37.7/fs/coda/psdev.c 2009-11-07 11:52:20.000000000 -0500
15055 +++ linux-2.4.37.7/fs/coda/psdev.c 2009-11-10 19:30:27.000000000 -0500
15056 @@ -372,7 +372,7 @@ static int coda_psdev_release(struct ino
15060 -static struct file_operations coda_psdev_fops = {
15061 +static const struct file_operations coda_psdev_fops = {
15062 owner: THIS_MODULE,
15063 read: coda_psdev_read,
15064 write: coda_psdev_write,
15065 diff -urNp linux-2.4.37.7/fs/coda/symlink.c linux-2.4.37.7/fs/coda/symlink.c
15066 --- linux-2.4.37.7/fs/coda/symlink.c 2009-11-07 11:52:20.000000000 -0500
15067 +++ linux-2.4.37.7/fs/coda/symlink.c 2009-11-10 19:30:27.000000000 -0500
15068 @@ -50,6 +50,6 @@ fail:
15072 -struct address_space_operations coda_symlink_aops = {
15073 +const struct address_space_operations coda_symlink_aops = {
15074 readpage: coda_symlink_filler
15076 diff -urNp linux-2.4.37.7/fs/cramfs/inode.c linux-2.4.37.7/fs/cramfs/inode.c
15077 --- linux-2.4.37.7/fs/cramfs/inode.c 2009-11-07 11:52:20.000000000 -0500
15078 +++ linux-2.4.37.7/fs/cramfs/inode.c 2009-11-10 19:30:27.000000000 -0500
15079 @@ -29,10 +29,10 @@
15080 #define CRAMFS_SB_FILES u.cramfs_sb.files
15081 #define CRAMFS_SB_FLAGS u.cramfs_sb.flags
15083 -static struct super_operations cramfs_ops;
15084 -static struct inode_operations cramfs_dir_inode_operations;
15085 -static struct file_operations cramfs_directory_operations;
15086 -static struct address_space_operations cramfs_aops;
15087 +static const struct super_operations cramfs_ops;
15088 +static const struct inode_operations cramfs_dir_inode_operations;
15089 +static const struct file_operations cramfs_directory_operations;
15090 +static const struct address_space_operations cramfs_aops;
15092 static DECLARE_MUTEX(read_mutex);
15094 @@ -424,7 +424,7 @@ static int cramfs_readpage(struct file *
15098 -static struct address_space_operations cramfs_aops = {
15099 +static const struct address_space_operations cramfs_aops = {
15100 readpage: cramfs_readpage
15103 @@ -435,16 +435,16 @@ static struct address_space_operations c
15105 * A directory can only readdir
15107 -static struct file_operations cramfs_directory_operations = {
15108 +static const struct file_operations cramfs_directory_operations = {
15109 read: generic_read_dir,
15110 readdir: cramfs_readdir,
15113 -static struct inode_operations cramfs_dir_inode_operations = {
15114 +static const struct inode_operations cramfs_dir_inode_operations = {
15115 lookup: cramfs_lookup,
15118 -static struct super_operations cramfs_ops = {
15119 +static const struct super_operations cramfs_ops = {
15120 statfs: cramfs_statfs,
15123 diff -urNp linux-2.4.37.7/fs/devfs/base.c linux-2.4.37.7/fs/devfs/base.c
15124 --- linux-2.4.37.7/fs/devfs/base.c 2009-11-07 11:52:20.000000000 -0500
15125 +++ linux-2.4.37.7/fs/devfs/base.c 2009-11-10 19:30:27.000000000 -0500
15126 @@ -871,16 +871,14 @@ static int devfsd_close (struct inode *i
15127 #ifdef CONFIG_DEVFS_DEBUG
15128 static ssize_t stat_read (struct file *file, char *buf, size_t len,
15130 -static struct file_operations stat_fops =
15132 +static const struct file_operations stat_fops = {
15138 /* Devfs daemon file operations */
15139 -static struct file_operations devfsd_fops =
15141 +static const struct file_operations devfsd_fops = {
15142 .read = devfsd_read,
15143 .ioctl = devfsd_ioctl,
15144 .release = devfsd_close,
15145 @@ -1545,7 +1543,7 @@ static void devfsd_notify (struct devfs_
15146 devfs_handle_t devfs_register (devfs_handle_t dir, const char *name,
15147 unsigned int flags,
15148 unsigned int major, unsigned int minor,
15149 - umode_t mode, void *ops, void *info)
15150 + umode_t mode, const void *ops, void *info)
15152 char devtype = S_ISCHR (mode) ? DEVFS_SPECIAL_CHR : DEVFS_SPECIAL_BLK;
15154 @@ -2599,8 +2597,7 @@ static void devfs_clear_inode (struct in
15155 if ( S_ISBLK (inode->i_mode) ) bdput (inode->i_bdev);
15156 } /* End Function devfs_clear_inode */
15158 -static struct super_operations devfs_sops =
15160 +static const struct super_operations devfs_sops = {
15161 .put_inode = force_delete,
15162 .clear_inode = devfs_clear_inode,
15163 .statfs = devfs_statfs,
15164 @@ -2822,13 +2819,11 @@ static int devfs_open (struct inode *ino
15166 } /* End Function devfs_open */
15168 -static struct file_operations devfs_fops =
15170 +static const struct file_operations devfs_fops = {
15171 .open = devfs_open,
15174 -static struct file_operations devfs_dir_fops =
15176 +static const struct file_operations devfs_dir_fops = {
15177 .read = generic_read_dir,
15178 .readdir = devfs_readdir,
15179 .open = devfs_open,
15180 @@ -2871,8 +2866,7 @@ static void devfs_d_iput (struct dentry
15182 static int devfs_d_delete (struct dentry *dentry);
15184 -static struct dentry_operations devfs_dops =
15186 +static const struct dentry_operations devfs_dops = {
15187 .d_delete = devfs_d_delete,
15188 .d_release = devfs_d_release,
15189 .d_iput = devfs_d_iput,
15190 @@ -2880,8 +2874,7 @@ static struct dentry_operations devfs_do
15192 static int devfs_d_revalidate_wait (struct dentry *dentry, int flags);
15194 -static struct dentry_operations devfs_wait_dops =
15196 +static const struct dentry_operations devfs_wait_dops = {
15197 .d_delete = devfs_d_delete,
15198 .d_release = devfs_d_release,
15199 .d_iput = devfs_d_iput,
15200 @@ -3250,13 +3243,11 @@ static int devfs_follow_link (struct den
15202 } /* End Function devfs_follow_link */
15204 -static struct inode_operations devfs_iops =
15206 +static const struct inode_operations devfs_iops = {
15207 .setattr = devfs_notify_change,
15210 -static struct inode_operations devfs_dir_iops =
15212 +static const struct inode_operations devfs_dir_iops = {
15213 .lookup = devfs_lookup,
15214 .unlink = devfs_unlink,
15215 .symlink = devfs_symlink,
15216 @@ -3266,8 +3257,7 @@ static struct inode_operations devfs_dir
15217 .setattr = devfs_notify_change,
15220 -static struct inode_operations devfs_symlink_iops =
15222 +static const struct inode_operations devfs_symlink_iops = {
15223 .readlink = devfs_readlink,
15224 .follow_link = devfs_follow_link,
15225 .setattr = devfs_notify_change,
15226 diff -urNp linux-2.4.37.7/fs/devfs/util.c linux-2.4.37.7/fs/devfs/util.c
15227 --- linux-2.4.37.7/fs/devfs/util.c 2009-11-07 11:52:20.000000000 -0500
15228 +++ linux-2.4.37.7/fs/devfs/util.c 2009-11-10 19:30:27.000000000 -0500
15229 @@ -120,7 +120,7 @@ EXPORT_SYMBOL(devfs_register_tape);
15230 void devfs_register_series (devfs_handle_t dir, const char *format,
15231 unsigned int num_entries, unsigned int flags,
15232 unsigned int major, unsigned int minor_start,
15233 - umode_t mode, void *ops, void *info)
15234 + umode_t mode, const void *ops, void *info)
15236 unsigned int count;
15238 diff -urNp linux-2.4.37.7/fs/devices.c linux-2.4.37.7/fs/devices.c
15239 --- linux-2.4.37.7/fs/devices.c 2009-11-07 11:52:20.000000000 -0500
15240 +++ linux-2.4.37.7/fs/devices.c 2009-11-10 19:30:27.000000000 -0500
15241 @@ -32,7 +32,7 @@ struct tty_driver *get_tty_driver(kdev_t
15243 struct device_struct {
15245 - struct file_operations * fops;
15246 + const struct file_operations * fops;
15249 static rwlock_t chrdevs_lock = RW_LOCK_UNLOCKED;
15250 @@ -62,9 +62,9 @@ int get_device_list(char * page)
15251 Load the driver if needed.
15252 Increment the reference count of module in question.
15254 -static struct file_operations * get_chrfops(unsigned int major, unsigned int minor)
15255 +static const struct file_operations * get_chrfops(unsigned int major, unsigned int minor)
15257 - struct file_operations *ret = NULL;
15258 + const struct file_operations *ret = NULL;
15260 if (!major || major >= MAX_CHRDEV)
15262 @@ -95,7 +95,7 @@ static struct file_operations * get_chrf
15266 -int register_chrdev(unsigned int major, const char * name, struct file_operations *fops)
15267 +int register_chrdev(unsigned int major, const char * name, const struct file_operations *fops)
15270 write_lock(&chrdevs_lock);
15271 @@ -162,7 +162,7 @@ int chrdev_open(struct inode * inode, st
15272 * is contain the open that then fills in the correct operations
15273 * depending on the special file...
15275 -static struct file_operations def_chr_fops = {
15276 +static const struct file_operations def_chr_fops = {
15280 @@ -193,7 +193,7 @@ static int sock_no_open(struct inode *ir
15284 -static struct file_operations bad_sock_fops = {
15285 +static const struct file_operations bad_sock_fops = {
15289 diff -urNp linux-2.4.37.7/fs/devpts/devpts_i.h linux-2.4.37.7/fs/devpts/devpts_i.h
15290 --- linux-2.4.37.7/fs/devpts/devpts_i.h 2009-11-07 11:52:20.000000000 -0500
15291 +++ linux-2.4.37.7/fs/devpts/devpts_i.h 2009-11-10 19:30:27.000000000 -0500
15292 @@ -37,5 +37,5 @@ extern inline struct devpts_sb_info *SBI
15293 return (struct devpts_sb_info *)(sb->u.generic_sbp);
15296 -extern struct inode_operations devpts_root_inode_operations;
15297 -extern struct file_operations devpts_root_operations;
15298 +extern const struct inode_operations devpts_root_inode_operations;
15299 +extern const struct file_operations devpts_root_operations;
15300 diff -urNp linux-2.4.37.7/fs/devpts/inode.c linux-2.4.37.7/fs/devpts/inode.c
15301 --- linux-2.4.37.7/fs/devpts/inode.c 2009-11-07 11:52:20.000000000 -0500
15302 +++ linux-2.4.37.7/fs/devpts/inode.c 2009-11-10 19:30:27.000000000 -0500
15303 @@ -51,7 +51,7 @@ static void devpts_put_super(struct supe
15304 static int devpts_statfs(struct super_block *sb, struct statfs *buf);
15305 static int devpts_remount (struct super_block * sb, int * flags, char * data);
15307 -static struct super_operations devpts_sops = {
15308 +static const struct super_operations devpts_sops = {
15309 put_super: devpts_put_super,
15310 statfs: devpts_statfs,
15311 remount_fs: devpts_remount,
15312 diff -urNp linux-2.4.37.7/fs/devpts/root.c linux-2.4.37.7/fs/devpts/root.c
15313 --- linux-2.4.37.7/fs/devpts/root.c 2009-11-07 11:52:20.000000000 -0500
15314 +++ linux-2.4.37.7/fs/devpts/root.c 2009-11-10 19:30:27.000000000 -0500
15315 @@ -20,16 +20,16 @@ static int devpts_root_readdir(struct fi
15316 static struct dentry *devpts_root_lookup(struct inode *,struct dentry *);
15317 static int devpts_revalidate(struct dentry *, int);
15319 -struct file_operations devpts_root_operations = {
15320 +const struct file_operations devpts_root_operations = {
15321 read: generic_read_dir,
15322 readdir: devpts_root_readdir,
15325 -struct inode_operations devpts_root_inode_operations = {
15326 +const struct inode_operations devpts_root_inode_operations = {
15327 lookup: devpts_root_lookup,
15330 -static struct dentry_operations devpts_dentry_operations = {
15331 +static const struct dentry_operations devpts_dentry_operations = {
15332 d_revalidate: devpts_revalidate,
15335 diff -urNp linux-2.4.37.7/fs/efs/dir.c linux-2.4.37.7/fs/efs/dir.c
15336 --- linux-2.4.37.7/fs/efs/dir.c 2009-11-07 11:52:20.000000000 -0500
15337 +++ linux-2.4.37.7/fs/efs/dir.c 2009-11-10 19:30:27.000000000 -0500
15340 static int efs_readdir(struct file *, void *, filldir_t);
15342 -struct file_operations efs_dir_operations = {
15343 +const struct file_operations efs_dir_operations = {
15344 read: generic_read_dir,
15345 readdir: efs_readdir,
15348 -struct inode_operations efs_dir_inode_operations = {
15349 +const struct inode_operations efs_dir_inode_operations = {
15350 lookup: efs_lookup,
15353 diff -urNp linux-2.4.37.7/fs/efs/inode.c linux-2.4.37.7/fs/efs/inode.c
15354 --- linux-2.4.37.7/fs/efs/inode.c 2009-11-07 11:52:20.000000000 -0500
15355 +++ linux-2.4.37.7/fs/efs/inode.c 2009-11-10 19:30:27.000000000 -0500
15356 @@ -21,7 +21,7 @@ static int _efs_bmap(struct address_spac
15358 return generic_block_bmap(mapping,block,efs_get_block);
15360 -struct address_space_operations efs_aops = {
15361 +const struct address_space_operations efs_aops = {
15362 readpage: efs_readpage,
15363 sync_page: block_sync_page,
15365 diff -urNp linux-2.4.37.7/fs/efs/super.c linux-2.4.37.7/fs/efs/super.c
15366 --- linux-2.4.37.7/fs/efs/super.c 2009-11-07 11:52:20.000000000 -0500
15367 +++ linux-2.4.37.7/fs/efs/super.c 2009-11-10 19:30:27.000000000 -0500
15370 static DECLARE_FSTYPE_DEV(efs_fs_type, "efs", efs_read_super);
15372 -static struct super_operations efs_superblock_operations = {
15373 +static const struct super_operations efs_superblock_operations = {
15374 read_inode: efs_read_inode,
15375 statfs: efs_statfs,
15377 diff -urNp linux-2.4.37.7/fs/efs/symlink.c linux-2.4.37.7/fs/efs/symlink.c
15378 --- linux-2.4.37.7/fs/efs/symlink.c 2009-11-07 11:52:20.000000000 -0500
15379 +++ linux-2.4.37.7/fs/efs/symlink.c 2009-11-10 19:30:27.000000000 -0500
15380 @@ -52,6 +52,6 @@ fail:
15384 -struct address_space_operations efs_symlink_aops = {
15385 +const struct address_space_operations efs_symlink_aops = {
15386 readpage: efs_symlink_readpage
15388 diff -urNp linux-2.4.37.7/fs/exec.c linux-2.4.37.7/fs/exec.c
15389 --- linux-2.4.37.7/fs/exec.c 2009-11-07 11:52:20.000000000 -0500
15390 +++ linux-2.4.37.7/fs/exec.c 2009-11-10 19:30:27.000000000 -0500
15392 #include <asm/uaccess.h>
15393 #include <asm/pgalloc.h>
15394 #include <asm/mmu_context.h>
15395 +#include <linux/major.h>
15396 +#include <linux/random.h>
15397 +#include <linux/grsecurity.h>
15400 #include <linux/kmod.h>
15401 @@ -282,7 +285,7 @@ int copy_strings_kernel(int argc,char **
15403 * tsk->mmap_sem is held for writing.
15405 -void put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address)
15406 +int put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address)
15410 @@ -315,12 +318,53 @@ void put_dirty_page(struct task_struct *
15411 spin_unlock(&tsk->mm->page_table_lock);
15413 /* no need for flush_tlb */
15417 spin_unlock(&tsk->mm->page_table_lock);
15419 force_sig(SIGKILL, tsk);
15424 +static int put_dirty_page_mirror(struct task_struct * tsk, struct page *page, unsigned long address)
15429 + struct vm_area_struct *vma;
15430 + pgprot_t prot = PAGE_COPY;
15432 + if (page_count(page) != 1)
15433 + printk(KERN_ERR "mem_map disagrees with %p at %08lx\n", page, address);
15435 + page_cache_get(page);
15436 + pgd = pgd_offset(tsk->mm, address);
15438 + spin_lock(&tsk->mm->page_table_lock);
15439 + pmd = pmd_alloc(tsk->mm, pgd, address);
15442 + pte = pte_alloc(tsk->mm, pmd, address);
15445 + if (!pte_none(*pte))
15448 + vma = find_vma(tsk->mm, address);
15450 + prot = vma->vm_page_prot;
15451 + set_pte(pte, mk_pte(page, prot));
15453 + spin_unlock(&tsk->mm->page_table_lock);
15455 + /* no need for flush_tlb */
15458 + spin_unlock(&tsk->mm->page_table_lock);
15459 + page_cache_release(page);
15460 + __free_page(page);
15461 + force_sig(SIGKILL, tsk);
15465 int setup_arg_pages(struct linux_binprm *bprm)
15466 @@ -329,6 +373,10 @@ int setup_arg_pages(struct linux_binprm
15467 struct vm_area_struct *mpnt;
15470 +#ifdef CONFIG_PAX_SEGMEXEC
15471 + struct vm_area_struct *mpnt_m = NULL;
15474 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
15476 bprm->p += stack_base;
15477 @@ -339,37 +387,99 @@ int setup_arg_pages(struct linux_binprm
15478 mpnt = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
15483 +#ifdef CONFIG_PAX_SEGMEXEC
15484 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (VM_STACK_FLAGS & VM_MAYEXEC)) {
15485 + mpnt_m = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
15487 + kmem_cache_free(vm_area_cachep, mpnt);
15493 down_write(¤t->mm->mmap_sem);
15495 mpnt->vm_mm = current->mm;
15496 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
15497 mpnt->vm_end = STACK_TOP;
15498 mpnt->vm_flags = VM_STACK_FLAGS;
15500 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(__i386__)
15501 + if (!(current->mm->pax_flags & MF_PAX_PAGEEXEC))
15502 + mpnt->vm_page_prot = protection_map[(VM_STACK_FLAGS | VM_EXEC) & 0x7];
15506 mpnt->vm_page_prot = protection_map[VM_STACK_FLAGS & 0x7];
15507 mpnt->vm_ops = NULL;
15508 mpnt->vm_pgoff = 0;
15509 mpnt->vm_file = NULL;
15510 mpnt->vm_private_data = (void *) 0;
15511 + mpnt->vm_mirror = 0;
15512 if ((ret = insert_vm_struct(current->mm, mpnt))) {
15513 up_write(¤t->mm->mmap_sem);
15514 kmem_cache_free(vm_area_cachep, mpnt);
15516 +#ifdef CONFIG_PAX_SEGMEXEC
15518 + kmem_cache_free(vm_area_cachep, mpnt_m);
15523 current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
15525 +#ifdef CONFIG_PAX_SEGMEXEC
15528 + mpnt_m->vm_flags &= ~VM_WRITE;
15529 + if (!(VM_STACK_FLAGS & VM_EXEC)) {
15530 + mpnt_m->vm_flags &= ~(VM_READ | VM_EXEC);
15531 + mpnt_m->vm_page_prot = PAGE_NONE;
15533 + mpnt_m->vm_page_prot = PAGE_READONLY;
15534 + mpnt_m->vm_start += SEGMEXEC_TASK_SIZE;
15535 + mpnt_m->vm_end += SEGMEXEC_TASK_SIZE;
15536 + if ((ret = insert_vm_struct(current->mm, mpnt_m))) {
15537 + up_write(¤t->mm->mmap_sem);
15538 + kmem_cache_free(vm_area_cachep, mpnt_m);
15541 + mpnt_m->vm_flags |= VM_MIRROR;
15542 + mpnt->vm_flags |= VM_MIRROR;
15543 + mpnt_m->vm_mirror = mpnt->vm_start - mpnt_m->vm_start;
15544 + mpnt->vm_mirror = mpnt_m->vm_start - mpnt->vm_start;
15545 + current->mm->total_vm += (mpnt_m->vm_end - mpnt_m->vm_start) >> PAGE_SHIFT;
15551 - for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
15552 + for (i = 0 ; i < MAX_ARG_PAGES ; i++, stack_base += PAGE_SIZE) {
15553 struct page *page = bprm->page[i];
15555 - bprm->page[i] = NULL;
15556 - put_dirty_page(current,page,stack_base);
15558 - stack_base += PAGE_SIZE;
15563 + bprm->page[i] = NULL;
15564 + retval = put_dirty_page(current,page,stack_base);
15568 +#ifdef CONFIG_PAX_SEGMEXEC
15569 + if (!mpnt_m || retval)
15572 + retval = put_dirty_page_mirror(current,page,stack_base + SEGMEXEC_TASK_SIZE);
15578 up_write(¤t->mm->mmap_sem);
15585 struct file *open_exec(const char *name)
15586 @@ -809,8 +919,13 @@ void compute_creds(struct linux_binprm *
15588 /* AUD: Audit candidate if current->cap_effective is set */
15590 - current->suid = current->euid = current->fsuid = bprm->e_uid;
15591 - current->sgid = current->egid = current->fsgid = bprm->e_gid;
15592 + if (!gr_check_user_change(-1, bprm->e_uid, bprm->e_uid))
15593 + current->suid = current->euid = current->fsuid = bprm->e_uid;
15595 + if (!gr_check_group_change(-1, bprm->e_gid, bprm->e_gid))
15596 + current->sgid = current->egid = current->fsgid = bprm->e_gid;
15598 + gr_handle_chroot_caps(current);
15602 @@ -945,6 +1060,11 @@ int do_execve(char * filename, char ** a
15606 +#ifdef CONFIG_GRKERNSEC
15607 + struct file *old_exec_file;
15608 + struct acl_subject_label *old_acl;
15609 + struct rlimit old_rlim[RLIM_NLIMITS];
15612 file = open_exec(filename);
15614 @@ -952,12 +1072,37 @@ int do_execve(char * filename, char ** a
15618 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes), 1);
15620 + if (gr_handle_nproc()) {
15621 + allow_write_access(file);
15626 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
15627 + allow_write_access(file);
15632 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
15634 +#ifdef CONFIG_PAX_RANDUSTACK
15636 +#ifdef CONFIG_PAX_SOFTMODE
15640 + bprm.p -= (net_random() & ~15) & ~PAGE_MASK;
15643 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
15646 bprm.filename = filename;
15651 if ((bprm.argc = count(argv, bprm.p / sizeof(void *))) < 0) {
15652 @@ -976,11 +1121,26 @@ int do_execve(char * filename, char ** a
15656 + if (!gr_tpe_allow(file)) {
15657 + retval = -EACCES;
15661 + if(gr_check_crash_exec(file)) {
15662 + retval = -EACCES;
15666 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
15670 bprm.exec = bprm.p;
15672 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
15674 + gr_handle_exec_args(&bprm, argv);
15676 retval = copy_strings(bprm.envc, envp, &bprm);
15679 @@ -989,11 +1149,35 @@ int do_execve(char * filename, char ** a
15683 +#ifdef CONFIG_GRKERNSEC
15684 + old_acl = current->acl;
15685 + memcpy(old_rlim, current->rlim, sizeof(old_rlim));
15686 + old_exec_file = current->exec_file;
15688 + current->exec_file = file;
15691 + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt);
15695 retval = search_binary_handler(&bprm,regs);
15697 + if (retval >= 0) {
15698 +#ifdef CONFIG_GRKERNSEC
15699 + if (old_exec_file)
15700 + fput(old_exec_file);
15702 /* execve success */
15707 +#ifdef CONFIG_GRKERNSEC
15708 + current->acl = old_acl;
15709 + memcpy(current->rlim, old_rlim, sizeof(old_rlim));
15710 + fput(current->exec_file);
15711 + current->exec_file = old_exec_file;
15714 /* Something went wrong, return the inode and free the argument pages*/
15715 allow_write_access(bprm.file);
15716 @@ -1135,6 +1319,114 @@ void format_corename(char *corename, con
15720 +int pax_check_flags(unsigned long * flags)
15724 +#if !defined(__i386__) || !defined(CONFIG_PAX_SEGMEXEC)
15725 + if (*flags & MF_PAX_SEGMEXEC)
15727 + *flags &= ~MF_PAX_SEGMEXEC;
15728 + retval = -EINVAL;
15732 + if ((*flags & MF_PAX_PAGEEXEC)
15734 +#ifdef CONFIG_PAX_PAGEEXEC
15735 + && (*flags & MF_PAX_SEGMEXEC)
15740 + *flags &= ~MF_PAX_PAGEEXEC;
15741 + retval = -EINVAL;
15744 + if ((*flags & MF_PAX_MPROTECT)
15746 +#ifdef CONFIG_PAX_MPROTECT
15747 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
15752 + *flags &= ~MF_PAX_MPROTECT;
15753 + retval = -EINVAL;
15756 + if ((*flags & MF_PAX_EMUTRAMP)
15758 +#ifdef CONFIG_PAX_EMUTRAMP
15759 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
15764 + *flags &= ~MF_PAX_EMUTRAMP;
15765 + retval = -EINVAL;
15771 +EXPORT_SYMBOL(pax_check_flags);
15773 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
15774 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
15776 + struct task_struct *tsk = current;
15777 + struct mm_struct *mm = current->mm;
15778 + char* buffer_exec = (char*)__get_free_page(GFP_ATOMIC);
15779 + char* buffer_fault = (char*)__get_free_page(GFP_ATOMIC);
15780 + char* path_exec=NULL;
15781 + char* path_fault=NULL;
15782 + unsigned long start=0UL, end=0UL, offset=0UL;
15784 + if (buffer_exec && buffer_fault) {
15785 + struct vm_area_struct* vma, * vma_exec=NULL, * vma_fault=NULL;
15787 + down_read(&mm->mmap_sem);
15789 + while (vma && (!vma_exec || !vma_fault)) {
15790 + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file)
15792 + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
15794 + vma = vma->vm_next;
15797 + path_exec = d_path(vma_exec->vm_file->f_dentry, vma_exec->vm_file->f_vfsmnt, buffer_exec, PAGE_SIZE);
15798 + if (IS_ERR(path_exec))
15799 + path_exec = "<path too long>";
15802 + start = vma_fault->vm_start;
15803 + end = vma_fault->vm_end;
15804 + offset = vma_fault->vm_pgoff << PAGE_SHIFT;
15805 + if (vma_fault->vm_file) {
15806 + path_fault = d_path(vma_fault->vm_file->f_dentry, vma_fault->vm_file->f_vfsmnt, buffer_fault, PAGE_SIZE);
15807 + if (IS_ERR(path_fault))
15808 + path_fault = "<path too long>";
15810 + path_fault = "<anonymous mapping>";
15812 + up_read(&mm->mmap_sem);
15814 + if (tsk->curr_ip)
15815 + printk(KERN_ERR "PAX: From %u.%u.%u.%u: execution attempt in: %s, %08lx-%08lx %08lx\n", NIPQUAD(tsk->curr_ip), path_fault, start, end, offset);
15817 + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
15818 + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
15819 + "PC: %p, SP: %p\n", path_exec, tsk->comm, tsk->pid,
15820 + tsk->uid, tsk->euid, pc, sp);
15821 + free_page((unsigned long)buffer_exec);
15822 + free_page((unsigned long)buffer_fault);
15823 + pax_report_insns(pc, sp);
15824 + do_coredump(SIGKILL, regs);
15828 int do_coredump(long signr, struct pt_regs * regs)
15830 struct linux_binfmt * binfmt;
15831 @@ -1155,6 +1447,11 @@ int do_coredump(long signr, struct pt_re
15832 current->fsuid = 0;
15834 current->mm->dumpable = 0;
15836 + if (signr == SIGKILL || signr == SIGILL)
15837 + gr_handle_brute_attach(current);
15839 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
15840 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
15843 @@ -1180,7 +1477,7 @@ int do_coredump(long signr, struct pt_re
15845 if (!file->f_op->write)
15847 - if (do_truncate(file->f_dentry, 0) != 0)
15848 + if (do_truncate(file->f_dentry, 0, file->f_vfsmnt) != 0)
15851 retval = binfmt->core_dump(signr, regs, file);
15852 diff -urNp linux-2.4.37.7/fs/ext2/dir.c linux-2.4.37.7/fs/ext2/dir.c
15853 --- linux-2.4.37.7/fs/ext2/dir.c 2009-11-07 11:52:20.000000000 -0500
15854 +++ linux-2.4.37.7/fs/ext2/dir.c 2009-11-10 19:30:27.000000000 -0500
15855 @@ -619,7 +619,7 @@ not_empty:
15859 -struct file_operations ext2_dir_operations = {
15860 +const struct file_operations ext2_dir_operations = {
15861 read: generic_read_dir,
15862 readdir: ext2_readdir,
15864 diff -urNp linux-2.4.37.7/fs/ext2/file.c linux-2.4.37.7/fs/ext2/file.c
15865 --- linux-2.4.37.7/fs/ext2/file.c 2009-11-07 11:52:20.000000000 -0500
15866 +++ linux-2.4.37.7/fs/ext2/file.c 2009-11-10 19:30:27.000000000 -0500
15867 @@ -38,7 +38,7 @@ static int ext2_release_file (struct ino
15868 * We have mostly NULL's here: the current defaults are ok for
15869 * the ext2 filesystem.
15871 -struct file_operations ext2_file_operations = {
15872 +const struct file_operations ext2_file_operations = {
15873 llseek: generic_file_llseek,
15874 read: generic_file_read,
15875 write: generic_file_write,
15876 @@ -49,6 +49,6 @@ struct file_operations ext2_file_operati
15877 fsync: ext2_sync_file,
15880 -struct inode_operations ext2_file_inode_operations = {
15881 +const struct inode_operations ext2_file_inode_operations = {
15882 truncate: ext2_truncate,
15884 diff -urNp linux-2.4.37.7/fs/ext2/inode.c linux-2.4.37.7/fs/ext2/inode.c
15885 --- linux-2.4.37.7/fs/ext2/inode.c 2009-11-07 11:52:20.000000000 -0500
15886 +++ linux-2.4.37.7/fs/ext2/inode.c 2009-11-10 19:30:27.000000000 -0500
15887 @@ -608,7 +608,7 @@ static int ext2_direct_IO(int rw, struct
15889 return generic_direct_IO(rw, inode, iobuf, blocknr, blocksize, ext2_get_block);
15891 -struct address_space_operations ext2_aops = {
15892 +const struct address_space_operations ext2_aops = {
15893 readpage: ext2_readpage,
15894 writepage: ext2_writepage,
15895 sync_page: block_sync_page,
15896 diff -urNp linux-2.4.37.7/fs/ext2/namei.c linux-2.4.37.7/fs/ext2/namei.c
15897 --- linux-2.4.37.7/fs/ext2/namei.c 2009-11-07 11:52:20.000000000 -0500
15898 +++ linux-2.4.37.7/fs/ext2/namei.c 2009-11-10 19:30:27.000000000 -0500
15899 @@ -342,7 +342,7 @@ out:
15903 -struct inode_operations ext2_dir_inode_operations = {
15904 +const struct inode_operations ext2_dir_inode_operations = {
15905 create: ext2_create,
15906 lookup: ext2_lookup,
15908 diff -urNp linux-2.4.37.7/fs/ext2/super.c linux-2.4.37.7/fs/ext2/super.c
15909 --- linux-2.4.37.7/fs/ext2/super.c 2009-11-07 11:52:20.000000000 -0500
15910 +++ linux-2.4.37.7/fs/ext2/super.c 2009-11-10 19:30:27.000000000 -0500
15911 @@ -147,7 +147,7 @@ void ext2_put_super (struct super_block
15915 -static struct super_operations ext2_sops = {
15916 +static const struct super_operations ext2_sops = {
15917 read_inode: ext2_read_inode,
15918 write_inode: ext2_write_inode,
15919 put_inode: ext2_put_inode,
15920 diff -urNp linux-2.4.37.7/fs/ext2/symlink.c linux-2.4.37.7/fs/ext2/symlink.c
15921 --- linux-2.4.37.7/fs/ext2/symlink.c 2009-11-07 11:52:20.000000000 -0500
15922 +++ linux-2.4.37.7/fs/ext2/symlink.c 2009-11-10 19:30:27.000000000 -0500
15923 @@ -32,7 +32,7 @@ static int ext2_follow_link(struct dentr
15924 return vfs_follow_link(nd, s);
15927 -struct inode_operations ext2_fast_symlink_inode_operations = {
15928 +const struct inode_operations ext2_fast_symlink_inode_operations = {
15929 readlink: ext2_readlink,
15930 follow_link: ext2_follow_link,
15932 diff -urNp linux-2.4.37.7/fs/ext3/dir.c linux-2.4.37.7/fs/ext3/dir.c
15933 --- linux-2.4.37.7/fs/ext3/dir.c 2009-11-07 11:52:20.000000000 -0500
15934 +++ linux-2.4.37.7/fs/ext3/dir.c 2009-11-10 19:30:27.000000000 -0500
15935 @@ -28,7 +28,7 @@ static unsigned char ext3_filetype_table
15937 static int ext3_readdir(struct file *, void *, filldir_t);
15939 -struct file_operations ext3_dir_operations = {
15940 +const struct file_operations ext3_dir_operations = {
15941 read: generic_read_dir,
15942 readdir: ext3_readdir, /* BKL held */
15943 ioctl: ext3_ioctl, /* BKL held */
15944 diff -urNp linux-2.4.37.7/fs/ext3/file.c linux-2.4.37.7/fs/ext3/file.c
15945 --- linux-2.4.37.7/fs/ext3/file.c 2009-11-07 11:52:20.000000000 -0500
15946 +++ linux-2.4.37.7/fs/ext3/file.c 2009-11-10 19:30:27.000000000 -0500
15947 @@ -110,7 +110,7 @@ force_commit:
15951 -struct file_operations ext3_file_operations = {
15952 +const struct file_operations ext3_file_operations = {
15953 llseek: generic_file_llseek, /* BKL held */
15954 read: generic_file_read, /* BKL not held. Don't need */
15955 write: ext3_file_write, /* BKL not held. Don't need */
15956 @@ -121,7 +121,7 @@ struct file_operations ext3_file_operati
15957 fsync: ext3_sync_file, /* BKL held */
15960 -struct inode_operations ext3_file_inode_operations = {
15961 +const struct inode_operations ext3_file_inode_operations = {
15962 truncate: ext3_truncate, /* BKL held */
15963 setattr: ext3_setattr, /* BKL held */
15965 diff -urNp linux-2.4.37.7/fs/ext3/inode.c linux-2.4.37.7/fs/ext3/inode.c
15966 --- linux-2.4.37.7/fs/ext3/inode.c 2009-11-07 11:52:20.000000000 -0500
15967 +++ linux-2.4.37.7/fs/ext3/inode.c 2009-11-10 19:30:27.000000000 -0500
15968 @@ -1389,7 +1389,7 @@ static int ext3_releasepage(struct page
15972 -struct address_space_operations ext3_aops = {
15973 +const struct address_space_operations ext3_aops = {
15974 readpage: ext3_readpage, /* BKL not held. Don't need */
15975 writepage: ext3_writepage, /* BKL not held. We take it */
15976 sync_page: block_sync_page,
15977 diff -urNp linux-2.4.37.7/fs/ext3/namei.c linux-2.4.37.7/fs/ext3/namei.c
15978 --- linux-2.4.37.7/fs/ext3/namei.c 2009-11-07 11:52:20.000000000 -0500
15979 +++ linux-2.4.37.7/fs/ext3/namei.c 2009-11-10 19:30:27.000000000 -0500
15980 @@ -1111,7 +1111,7 @@ end_rename:
15982 * directories can handle most operations...
15984 -struct inode_operations ext3_dir_inode_operations = {
15985 +const struct inode_operations ext3_dir_inode_operations = {
15986 create: ext3_create, /* BKL held */
15987 lookup: ext3_lookup, /* BKL held */
15988 link: ext3_link, /* BKL held */
15989 diff -urNp linux-2.4.37.7/fs/ext3/super.c linux-2.4.37.7/fs/ext3/super.c
15990 --- linux-2.4.37.7/fs/ext3/super.c 2009-11-07 11:52:20.000000000 -0500
15991 +++ linux-2.4.37.7/fs/ext3/super.c 2009-11-10 19:30:27.000000000 -0500
15992 @@ -450,7 +450,7 @@ void ext3_put_super (struct super_block
15994 static struct dquot_operations ext3_qops;
15996 -static struct super_operations ext3_sops = {
15997 +static const struct super_operations ext3_sops = {
15998 read_inode: ext3_read_inode, /* BKL held */
15999 write_inode: ext3_write_inode, /* BKL not held. Don't need */
16000 dirty_inode: ext3_dirty_inode, /* BKL not held. We take it */
16001 diff -urNp linux-2.4.37.7/fs/ext3/symlink.c linux-2.4.37.7/fs/ext3/symlink.c
16002 --- linux-2.4.37.7/fs/ext3/symlink.c 2009-11-07 11:52:20.000000000 -0500
16003 +++ linux-2.4.37.7/fs/ext3/symlink.c 2009-11-10 19:30:27.000000000 -0500
16004 @@ -33,7 +33,7 @@ static int ext3_follow_link(struct dentr
16005 return vfs_follow_link(nd, s);
16008 -struct inode_operations ext3_fast_symlink_inode_operations = {
16009 +const struct inode_operations ext3_fast_symlink_inode_operations = {
16010 readlink: ext3_readlink, /* BKL not held. Don't need */
16011 follow_link: ext3_follow_link, /* BKL not held. Don't need */
16013 diff -urNp linux-2.4.37.7/fs/fat/dir.c linux-2.4.37.7/fs/fat/dir.c
16014 --- linux-2.4.37.7/fs/fat/dir.c 2009-11-07 11:52:20.000000000 -0500
16015 +++ linux-2.4.37.7/fs/fat/dir.c 2009-11-10 19:30:27.000000000 -0500
16020 -struct file_operations fat_dir_operations = {
16021 +const struct file_operations fat_dir_operations = {
16022 read: generic_read_dir,
16023 readdir: fat_readdir,
16024 ioctl: fat_dir_ioctl,
16025 diff -urNp linux-2.4.37.7/fs/fat/file.c linux-2.4.37.7/fs/fat/file.c
16026 --- linux-2.4.37.7/fs/fat/file.c 2009-11-07 11:52:20.000000000 -0500
16027 +++ linux-2.4.37.7/fs/fat/file.c 2009-11-10 19:30:27.000000000 -0500
16030 #define Printk(x) printk x
16032 -struct file_operations fat_file_operations = {
16033 +const struct file_operations fat_file_operations = {
16034 llseek: generic_file_llseek,
16035 read: fat_file_read,
16036 write: fat_file_write,
16037 @@ -31,7 +31,7 @@ struct file_operations fat_file_operatio
16041 -struct inode_operations fat_file_inode_operations = {
16042 +const struct inode_operations fat_file_inode_operations = {
16043 truncate: fat_truncate,
16044 setattr: fat_notify_change,
16046 diff -urNp linux-2.4.37.7/fs/fat/inode.c linux-2.4.37.7/fs/fat/inode.c
16047 --- linux-2.4.37.7/fs/fat/inode.c 2009-11-07 11:52:20.000000000 -0500
16048 +++ linux-2.4.37.7/fs/fat/inode.c 2009-11-10 19:30:27.000000000 -0500
16049 @@ -537,7 +537,7 @@ int fat_dentry_to_fh(struct dentry *de,
16053 -static struct super_operations fat_sops = {
16054 +static const struct super_operations fat_sops = {
16055 write_inode: fat_write_inode,
16056 delete_inode: fat_delete_inode,
16057 put_super: fat_put_super,
16058 @@ -557,7 +557,7 @@ static struct super_operations fat_sops
16060 struct super_block *
16061 fat_read_super(struct super_block *sb, void *data, int silent,
16062 - struct inode_operations *fs_dir_inode_ops)
16063 + const struct inode_operations *fs_dir_inode_ops)
16065 struct inode *root_inode;
16066 struct buffer_head *bh;
16067 @@ -886,7 +886,7 @@ static int _fat_bmap(struct address_spac
16069 return generic_block_bmap(mapping,block,fat_get_block);
16071 -static struct address_space_operations fat_aops = {
16072 +static const struct address_space_operations fat_aops = {
16073 readpage: fat_readpage,
16074 writepage: fat_writepage,
16075 sync_page: block_sync_page,
16076 diff -urNp linux-2.4.37.7/fs/fcntl.c linux-2.4.37.7/fs/fcntl.c
16077 --- linux-2.4.37.7/fs/fcntl.c 2009-11-07 11:52:20.000000000 -0500
16078 +++ linux-2.4.37.7/fs/fcntl.c 2009-11-10 19:30:27.000000000 -0500
16080 #include <linux/slab.h>
16081 #include <linux/iobuf.h>
16082 #include <linux/ptrace.h>
16083 +#include <linux/grsecurity.h>
16085 #include <asm/poll.h>
16086 #include <asm/siginfo.h>
16087 @@ -65,6 +66,8 @@ static int locate_fd(struct files_struct
16091 + gr_learn_resource(current, RLIMIT_NOFILE, orig_start, 0);
16093 write_lock(&files->file_lock);
16096 @@ -87,6 +90,7 @@ repeat:
16100 + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0);
16101 if (newfd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
16104 @@ -142,6 +146,8 @@ asmlinkage long sys_dup2(unsigned int ol
16105 struct file * file, *tofree;
16106 struct files_struct * files = current->files;
16108 + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0);
16110 write_lock(&files->file_lock);
16111 if (!(file = fcheck(oldfd)))
16113 diff -urNp linux-2.4.37.7/fs/fifo.c linux-2.4.37.7/fs/fifo.c
16114 --- linux-2.4.37.7/fs/fifo.c 2009-11-07 11:52:20.000000000 -0500
16115 +++ linux-2.4.37.7/fs/fifo.c 2009-11-10 19:30:27.000000000 -0500
16116 @@ -152,6 +152,6 @@ err_nolock_nocleanup:
16117 * is contain the open that then fills in the correct operations
16118 * depending on the access mode of the file...
16120 -struct file_operations def_fifo_fops = {
16121 +const struct file_operations def_fifo_fops = {
16122 open: fifo_open, /* will set read or write pipe_fops */
16124 diff -urNp linux-2.4.37.7/fs/freevxfs/vxfs_extern.h linux-2.4.37.7/fs/freevxfs/vxfs_extern.h
16125 --- linux-2.4.37.7/fs/freevxfs/vxfs_extern.h 2009-11-07 11:52:20.000000000 -0500
16126 +++ linux-2.4.37.7/fs/freevxfs/vxfs_extern.h 2009-11-10 19:30:27.000000000 -0500
16127 @@ -64,8 +64,8 @@ extern void vxfs_read_inode(struct ino
16128 extern void vxfs_put_inode(struct inode *);
16130 /* vxfs_lookup.c */
16131 -extern struct inode_operations vxfs_dir_inode_ops;
16132 -extern struct file_operations vxfs_dir_operations;
16133 +extern const struct inode_operations vxfs_dir_inode_ops;
16134 +extern const struct file_operations vxfs_dir_operations;
16137 extern int vxfs_read_olt(struct super_block *, u_long);
16138 diff -urNp linux-2.4.37.7/fs/freevxfs/vxfs_immed.c linux-2.4.37.7/fs/freevxfs/vxfs_immed.c
16139 --- linux-2.4.37.7/fs/freevxfs/vxfs_immed.c 2009-11-07 11:52:20.000000000 -0500
16140 +++ linux-2.4.37.7/fs/freevxfs/vxfs_immed.c 2009-11-10 19:30:27.000000000 -0500
16141 @@ -50,7 +50,7 @@ static int vxfs_immed_readpage(struct fi
16142 * Unliked all other operations we do not go through the pagecache,
16143 * but do all work directly on the inode.
16145 -struct inode_operations vxfs_immed_symlink_iops = {
16146 +const struct inode_operations vxfs_immed_symlink_iops = {
16147 .readlink = vxfs_immed_readlink,
16148 .follow_link = vxfs_immed_follow_link,
16150 @@ -58,7 +58,7 @@ struct inode_operations vxfs_immed_symli
16152 * Adress space operations for immed files and directories.
16154 -struct address_space_operations vxfs_immed_aops = {
16155 +const struct address_space_operations vxfs_immed_aops = {
16156 .readpage = vxfs_immed_readpage,
16159 diff -urNp linux-2.4.37.7/fs/freevxfs/vxfs_inode.c linux-2.4.37.7/fs/freevxfs/vxfs_inode.c
16160 --- linux-2.4.37.7/fs/freevxfs/vxfs_inode.c 2009-11-07 11:52:20.000000000 -0500
16161 +++ linux-2.4.37.7/fs/freevxfs/vxfs_inode.c 2009-11-10 19:30:27.000000000 -0500
16162 @@ -42,12 +42,12 @@
16163 #include "vxfs_extern.h"
16166 -extern struct address_space_operations vxfs_aops;
16167 -extern struct address_space_operations vxfs_immed_aops;
16168 +extern const struct address_space_operations vxfs_aops;
16169 +extern const struct address_space_operations vxfs_immed_aops;
16171 -extern struct inode_operations vxfs_immed_symlink_iops;
16172 +extern const struct inode_operations vxfs_immed_symlink_iops;
16174 -static struct file_operations vxfs_file_operations = {
16175 +static const struct file_operations vxfs_file_operations = {
16176 .open = generic_file_open,
16177 .llseek = generic_file_llseek,
16178 .read = generic_file_read,
16179 @@ -301,7 +301,7 @@ vxfs_read_inode(struct inode *ip)
16181 struct super_block *sbp = ip->i_sb;
16182 struct vxfs_inode_info *vip;
16183 - struct address_space_operations *aops;
16184 + const struct address_space_operations *aops;
16185 ino_t ino = ip->i_ino;
16187 if (!(vip = __vxfs_iget(ino, VXFS_SBI(sbp)->vsi_ilist)))
16188 diff -urNp linux-2.4.37.7/fs/freevxfs/vxfs_lookup.c linux-2.4.37.7/fs/freevxfs/vxfs_lookup.c
16189 --- linux-2.4.37.7/fs/freevxfs/vxfs_lookup.c 2009-11-07 11:52:20.000000000 -0500
16190 +++ linux-2.4.37.7/fs/freevxfs/vxfs_lookup.c 2009-11-10 19:30:27.000000000 -0500
16191 @@ -53,11 +53,11 @@
16192 static struct dentry * vxfs_lookup(struct inode *, struct dentry *);
16193 static int vxfs_readdir(struct file *, void *, filldir_t);
16195 -struct inode_operations vxfs_dir_inode_ops = {
16196 +const struct inode_operations vxfs_dir_inode_ops = {
16197 .lookup = vxfs_lookup,
16200 -struct file_operations vxfs_dir_operations = {
16201 +const struct file_operations vxfs_dir_operations = {
16202 .readdir = vxfs_readdir,
16205 diff -urNp linux-2.4.37.7/fs/freevxfs/vxfs_subr.c linux-2.4.37.7/fs/freevxfs/vxfs_subr.c
16206 --- linux-2.4.37.7/fs/freevxfs/vxfs_subr.c 2009-11-07 11:52:20.000000000 -0500
16207 +++ linux-2.4.37.7/fs/freevxfs/vxfs_subr.c 2009-11-10 19:30:27.000000000 -0500
16209 static int vxfs_readpage(struct file *, struct page *);
16210 static int vxfs_bmap(struct address_space *, long);
16212 -struct address_space_operations vxfs_aops = {
16213 +const struct address_space_operations vxfs_aops = {
16214 .readpage = vxfs_readpage,
16216 .sync_page = block_sync_page,
16217 diff -urNp linux-2.4.37.7/fs/freevxfs/vxfs_super.c linux-2.4.37.7/fs/freevxfs/vxfs_super.c
16218 --- linux-2.4.37.7/fs/freevxfs/vxfs_super.c 2009-11-07 11:52:20.000000000 -0500
16219 +++ linux-2.4.37.7/fs/freevxfs/vxfs_super.c 2009-11-10 19:30:27.000000000 -0500
16220 @@ -55,7 +55,7 @@ MODULE_LICENSE("Dual BSD/GPL");
16221 static void vxfs_put_super(struct super_block *);
16222 static int vxfs_statfs(struct super_block *, struct statfs *);
16224 -static struct super_operations vxfs_super_ops = {
16225 +static const struct super_operations vxfs_super_ops = {
16226 .read_inode = vxfs_read_inode,
16227 .put_inode = vxfs_put_inode,
16228 .put_super = vxfs_put_super,
16229 diff -urNp linux-2.4.37.7/fs/hfs/dir_cap.c linux-2.4.37.7/fs/hfs/dir_cap.c
16230 --- linux-2.4.37.7/fs/hfs/dir_cap.c 2009-11-07 11:52:20.000000000 -0500
16231 +++ linux-2.4.37.7/fs/hfs/dir_cap.c 2009-11-10 19:30:27.000000000 -0500
16232 @@ -57,13 +57,13 @@ const struct hfs_name hfs_cap_reserved2[
16233 #define DOT_FINDERINFO (&hfs_cap_reserved1[3])
16234 #define DOT_ROOTINFO (&hfs_cap_reserved2[0])
16236 -struct file_operations hfs_cap_dir_operations = {
16237 +const struct file_operations hfs_cap_dir_operations = {
16238 read: generic_read_dir,
16239 readdir: cap_readdir,
16243 -struct inode_operations hfs_cap_ndir_inode_operations = {
16244 +const struct inode_operations hfs_cap_ndir_inode_operations = {
16245 create: hfs_create,
16246 lookup: cap_lookup,
16247 unlink: hfs_unlink,
16248 @@ -73,12 +73,12 @@ struct inode_operations hfs_cap_ndir_ino
16249 setattr: hfs_notify_change,
16252 -struct inode_operations hfs_cap_fdir_inode_operations = {
16253 +const struct inode_operations hfs_cap_fdir_inode_operations = {
16254 lookup: cap_lookup,
16255 setattr: hfs_notify_change,
16258 -struct inode_operations hfs_cap_rdir_inode_operations = {
16259 +const struct inode_operations hfs_cap_rdir_inode_operations = {
16260 create: hfs_create,
16261 lookup: cap_lookup,
16262 setattr: hfs_notify_change,
16263 diff -urNp linux-2.4.37.7/fs/hfs/dir_dbl.c linux-2.4.37.7/fs/hfs/dir_dbl.c
16264 --- linux-2.4.37.7/fs/hfs/dir_dbl.c 2009-11-07 11:52:20.000000000 -0500
16265 +++ linux-2.4.37.7/fs/hfs/dir_dbl.c 2009-11-10 19:30:27.000000000 -0500
16266 @@ -56,13 +56,13 @@ const struct hfs_name hfs_dbl_reserved2[
16267 #define ROOTINFO (&hfs_dbl_reserved2[0])
16268 #define PCNT_ROOTINFO (&hfs_dbl_reserved2[1])
16270 -struct file_operations hfs_dbl_dir_operations = {
16271 +const struct file_operations hfs_dbl_dir_operations = {
16272 read: generic_read_dir,
16273 readdir: dbl_readdir,
16277 -struct inode_operations hfs_dbl_dir_inode_operations = {
16278 +const struct inode_operations hfs_dbl_dir_inode_operations = {
16279 create: dbl_create,
16280 lookup: dbl_lookup,
16281 unlink: dbl_unlink,
16282 diff -urNp linux-2.4.37.7/fs/hfs/dir_nat.c linux-2.4.37.7/fs/hfs/dir_nat.c
16283 --- linux-2.4.37.7/fs/hfs/dir_nat.c 2009-11-07 11:52:20.000000000 -0500
16284 +++ linux-2.4.37.7/fs/hfs/dir_nat.c 2009-11-10 19:30:27.000000000 -0500
16285 @@ -62,13 +62,13 @@ const struct hfs_name hfs_nat_reserved2[
16286 #define DOT_PARENT (&hfs_nat_reserved1[3])
16287 #define ROOTINFO (&hfs_nat_reserved2[0])
16289 -struct file_operations hfs_nat_dir_operations = {
16290 +const struct file_operations hfs_nat_dir_operations = {
16291 read: generic_read_dir,
16292 readdir: nat_readdir,
16296 -struct inode_operations hfs_nat_ndir_inode_operations = {
16297 +const struct inode_operations hfs_nat_ndir_inode_operations = {
16298 create: hfs_create,
16299 lookup: nat_lookup,
16300 unlink: hfs_unlink,
16301 @@ -78,7 +78,7 @@ struct inode_operations hfs_nat_ndir_ino
16302 setattr: hfs_notify_change,
16305 -struct inode_operations hfs_nat_hdir_inode_operations = {
16306 +const struct inode_operations hfs_nat_hdir_inode_operations = {
16307 create: hfs_create,
16308 lookup: nat_lookup,
16309 unlink: nat_hdr_unlink,
16310 diff -urNp linux-2.4.37.7/fs/hfs/file.c linux-2.4.37.7/fs/hfs/file.c
16311 --- linux-2.4.37.7/fs/hfs/file.c 2009-11-07 11:52:20.000000000 -0500
16312 +++ linux-2.4.37.7/fs/hfs/file.c 2009-11-10 19:30:27.000000000 -0500
16313 @@ -31,7 +31,7 @@ static void hfs_file_truncate(struct ino
16315 /*================ Global variables ================*/
16317 -struct file_operations hfs_file_operations = {
16318 +const struct file_operations hfs_file_operations = {
16319 llseek: generic_file_llseek,
16320 read: hfs_file_read,
16321 write: hfs_file_write,
16322 @@ -39,7 +39,7 @@ struct file_operations hfs_file_operatio
16326 -struct inode_operations hfs_file_inode_operations = {
16327 +const struct inode_operations hfs_file_inode_operations = {
16328 truncate: hfs_file_truncate,
16329 setattr: hfs_notify_change,
16331 diff -urNp linux-2.4.37.7/fs/hfs/file_cap.c linux-2.4.37.7/fs/hfs/file_cap.c
16332 --- linux-2.4.37.7/fs/hfs/file_cap.c 2009-11-07 11:52:20.000000000 -0500
16333 +++ linux-2.4.37.7/fs/hfs/file_cap.c 2009-11-10 19:30:27.000000000 -0500
16334 @@ -45,14 +45,14 @@ static hfs_rwret_t cap_info_write(struct
16336 /*================ Global variables ================*/
16338 -struct file_operations hfs_cap_info_operations = {
16339 +const struct file_operations hfs_cap_info_operations = {
16340 llseek: cap_info_llseek,
16341 read: cap_info_read,
16342 write: cap_info_write,
16346 -struct inode_operations hfs_cap_info_inode_operations = {
16347 +const struct inode_operations hfs_cap_info_inode_operations = {
16348 setattr: hfs_notify_change_cap,
16351 diff -urNp linux-2.4.37.7/fs/hfs/file_hdr.c linux-2.4.37.7/fs/hfs/file_hdr.c
16352 --- linux-2.4.37.7/fs/hfs/file_hdr.c 2009-11-07 11:52:20.000000000 -0500
16353 +++ linux-2.4.37.7/fs/hfs/file_hdr.c 2009-11-10 19:30:27.000000000 -0500
16354 @@ -45,14 +45,14 @@ static hfs_rwret_t hdr_write(struct file
16355 hfs_rwarg_t, loff_t *);
16356 /*================ Global variables ================*/
16358 -struct file_operations hfs_hdr_operations = {
16359 +const struct file_operations hfs_hdr_operations = {
16360 llseek: hdr_llseek,
16366 -struct inode_operations hfs_hdr_inode_operations = {
16367 +const struct inode_operations hfs_hdr_inode_operations = {
16368 setattr: hfs_notify_change_hdr,
16371 diff -urNp linux-2.4.37.7/fs/hfs/hfs.h linux-2.4.37.7/fs/hfs/hfs.h
16372 --- linux-2.4.37.7/fs/hfs/hfs.h 2009-11-07 11:52:20.000000000 -0500
16373 +++ linux-2.4.37.7/fs/hfs/hfs.h 2009-11-10 19:30:27.000000000 -0500
16374 @@ -546,5 +546,5 @@ static __inline__ void hfs_drop_special(
16378 -extern struct dentry_operations hfs_dentry_operations;
16379 +extern const struct dentry_operations hfs_dentry_operations;
16381 diff -urNp linux-2.4.37.7/fs/hfs/inode.c linux-2.4.37.7/fs/hfs/inode.c
16382 --- linux-2.4.37.7/fs/hfs/inode.c 2009-11-07 11:52:20.000000000 -0500
16383 +++ linux-2.4.37.7/fs/hfs/inode.c 2009-11-10 19:30:27.000000000 -0500
16384 @@ -239,7 +239,7 @@ static int hfs_bmap(struct address_space
16386 return generic_block_bmap(mapping,block,hfs_get_block);
16388 -struct address_space_operations hfs_aops = {
16389 +const struct address_space_operations hfs_aops = {
16390 readpage: hfs_readpage,
16391 writepage: hfs_writepage,
16392 sync_page: block_sync_page,
16393 diff -urNp linux-2.4.37.7/fs/hfs/super.c linux-2.4.37.7/fs/hfs/super.c
16394 --- linux-2.4.37.7/fs/hfs/super.c 2009-11-07 11:52:20.000000000 -0500
16395 +++ linux-2.4.37.7/fs/hfs/super.c 2009-11-10 19:30:27.000000000 -0500
16396 @@ -43,7 +43,7 @@ static void hfs_write_super(struct super
16398 /*================ Global variables ================*/
16400 -static struct super_operations hfs_super_operations = {
16401 +static const struct super_operations hfs_super_operations = {
16402 read_inode: hfs_read_inode,
16403 put_inode: hfs_put_inode,
16404 put_super: hfs_put_super,
16405 diff -urNp linux-2.4.37.7/fs/hfs/sysdep.c linux-2.4.37.7/fs/hfs/sysdep.c
16406 --- linux-2.4.37.7/fs/hfs/sysdep.c 2009-11-07 11:52:20.000000000 -0500
16407 +++ linux-2.4.37.7/fs/hfs/sysdep.c 2009-11-10 19:30:27.000000000 -0500
16408 @@ -23,8 +23,7 @@ static int hfs_revalidate_dentry(struct
16409 static int hfs_hash_dentry(struct dentry *, struct qstr *);
16410 static int hfs_compare_dentry(struct dentry *, struct qstr *, struct qstr *);
16411 static void hfs_dentry_iput(struct dentry *, struct inode *);
16412 -struct dentry_operations hfs_dentry_operations =
16414 +const struct dentry_operations hfs_dentry_operations = {
16415 d_revalidate: hfs_revalidate_dentry,
16416 d_hash: hfs_hash_dentry,
16417 d_compare: hfs_compare_dentry,
16418 diff -urNp linux-2.4.37.7/fs/hfsplus/dir.c linux-2.4.37.7/fs/hfsplus/dir.c
16419 --- linux-2.4.37.7/fs/hfsplus/dir.c 2009-11-07 11:52:20.000000000 -0500
16420 +++ linux-2.4.37.7/fs/hfsplus/dir.c 2009-11-10 19:30:27.000000000 -0500
16421 @@ -468,7 +468,7 @@ int hfsplus_rename(struct inode *old_dir
16425 -struct inode_operations hfsplus_dir_inode_operations = {
16426 +const struct inode_operations hfsplus_dir_inode_operations = {
16427 .lookup = hfsplus_lookup,
16428 .create = hfsplus_create,
16429 .link = hfsplus_link,
16430 @@ -480,7 +480,7 @@ struct inode_operations hfsplus_dir_inod
16431 .rename = hfsplus_rename,
16434 -struct file_operations hfsplus_dir_operations = {
16435 +const struct file_operations hfsplus_dir_operations = {
16436 .read = generic_read_dir,
16437 .readdir = hfsplus_readdir,
16438 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
16439 diff -urNp linux-2.4.37.7/fs/hfsplus/hfsplus_fs.h linux-2.4.37.7/fs/hfsplus/hfsplus_fs.h
16440 --- linux-2.4.37.7/fs/hfsplus/hfsplus_fs.h 2009-11-07 11:52:20.000000000 -0500
16441 +++ linux-2.4.37.7/fs/hfsplus/hfsplus_fs.h 2009-11-10 19:30:27.000000000 -0500
16442 @@ -284,7 +284,7 @@ void hfsplus_cat_write_inode(struct inod
16443 struct inode *hfsplus_new_inode(struct super_block *, int);
16444 void hfsplus_delete_inode(struct inode *);
16446 -extern struct address_space_operations hfsplus_btree_aops;
16447 +extern const struct address_space_operations hfsplus_btree_aops;
16450 int parse_options(char *, struct hfsplus_sb_info *);
16451 diff -urNp linux-2.4.37.7/fs/hfsplus/inode.c linux-2.4.37.7/fs/hfsplus/inode.c
16452 --- linux-2.4.37.7/fs/hfsplus/inode.c 2009-11-07 11:52:20.000000000 -0500
16453 +++ linux-2.4.37.7/fs/hfsplus/inode.c 2009-11-10 19:30:27.000000000 -0500
16454 @@ -117,7 +117,7 @@ int hfsplus_releasepage(struct page *pag
16458 -struct address_space_operations hfsplus_btree_aops = {
16459 +const struct address_space_operations hfsplus_btree_aops = {
16460 .readpage = hfsplus_readpage,
16461 .writepage = hfsplus_writepage,
16462 .sync_page = block_sync_page,
16463 @@ -127,7 +127,7 @@ struct address_space_operations hfsplus_
16464 .releasepage = hfsplus_releasepage,
16467 -struct address_space_operations hfsplus_aops = {
16468 +const struct address_space_operations hfsplus_aops = {
16469 .readpage = hfsplus_readpage,
16470 .writepage = hfsplus_writepage,
16471 .sync_page = block_sync_page,
16472 @@ -247,15 +247,15 @@ static int hfsplus_file_release(struct i
16476 -extern struct inode_operations hfsplus_dir_inode_operations;
16477 -extern struct file_operations hfsplus_dir_operations;
16478 +extern const struct inode_operations hfsplus_dir_inode_operations;
16479 +extern const struct file_operations hfsplus_dir_operations;
16481 -struct inode_operations hfsplus_file_inode_operations = {
16482 +const struct inode_operations hfsplus_file_inode_operations = {
16483 .lookup = hfsplus_file_lookup,
16484 .truncate = hfsplus_truncate,
16487 -struct file_operations hfsplus_file_operations = {
16488 +const struct file_operations hfsplus_file_operations = {
16489 .llseek = generic_file_llseek,
16490 .read = generic_file_read,
16491 //.write = hfsplus_file_write,
16492 diff -urNp linux-2.4.37.7/fs/hfsplus/super.c linux-2.4.37.7/fs/hfsplus/super.c
16493 --- linux-2.4.37.7/fs/hfsplus/super.c 2009-11-07 11:52:20.000000000 -0500
16494 +++ linux-2.4.37.7/fs/hfsplus/super.c 2009-11-10 19:30:27.000000000 -0500
16495 @@ -255,7 +255,7 @@ int hfsplus_remount(struct super_block *
16499 -static struct super_operations hfsplus_sops = {
16500 +static const struct super_operations hfsplus_sops = {
16501 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
16502 .alloc_inode = hfsplus_alloc_inode,
16503 .destroy_inode = hfsplus_destroy_inode,
16504 diff -urNp linux-2.4.37.7/fs/hpfs/dentry.c linux-2.4.37.7/fs/hpfs/dentry.c
16505 --- linux-2.4.37.7/fs/hpfs/dentry.c 2009-11-07 11:52:20.000000000 -0500
16506 +++ linux-2.4.37.7/fs/hpfs/dentry.c 2009-11-10 19:30:27.000000000 -0500
16507 @@ -49,7 +49,7 @@ int hpfs_compare_dentry(struct dentry *d
16511 -struct dentry_operations hpfs_dentry_operations = {
16512 +const struct dentry_operations hpfs_dentry_operations = {
16513 d_hash: hpfs_hash_dentry,
16514 d_compare: hpfs_compare_dentry,
16516 diff -urNp linux-2.4.37.7/fs/hpfs/file.c linux-2.4.37.7/fs/hpfs/file.c
16517 --- linux-2.4.37.7/fs/hpfs/file.c 2009-11-07 11:52:20.000000000 -0500
16518 +++ linux-2.4.37.7/fs/hpfs/file.c 2009-11-10 19:30:27.000000000 -0500
16519 @@ -112,7 +112,7 @@ static int _hpfs_bmap(struct address_spa
16521 return generic_block_bmap(mapping,block,hpfs_get_block);
16523 -struct address_space_operations hpfs_aops = {
16524 +const struct address_space_operations hpfs_aops = {
16525 readpage: hpfs_readpage,
16526 writepage: hpfs_writepage,
16527 sync_page: block_sync_page,
16528 diff -urNp linux-2.4.37.7/fs/hpfs/hpfs_fn.h linux-2.4.37.7/fs/hpfs/hpfs_fn.h
16529 --- linux-2.4.37.7/fs/hpfs/hpfs_fn.h 2009-11-07 11:52:20.000000000 -0500
16530 +++ linux-2.4.37.7/fs/hpfs/hpfs_fn.h 2009-11-10 19:30:27.000000000 -0500
16531 @@ -312,4 +312,4 @@ void hpfs_put_super(struct super_block *
16532 unsigned hpfs_count_one_bitmap(struct super_block *, secno);
16533 int hpfs_statfs(struct super_block *, struct statfs *);
16535 -extern struct address_space_operations hpfs_aops;
16536 +extern const struct address_space_operations hpfs_aops;
16537 diff -urNp linux-2.4.37.7/fs/hpfs/inode.c linux-2.4.37.7/fs/hpfs/inode.c
16538 --- linux-2.4.37.7/fs/hpfs/inode.c 2009-11-07 11:52:20.000000000 -0500
16539 +++ linux-2.4.37.7/fs/hpfs/inode.c 2009-11-10 19:30:27.000000000 -0500
16541 #include <linux/smp_lock.h>
16542 #include "hpfs_fn.h"
16544 -static struct file_operations hpfs_file_ops =
16546 +static const struct file_operations hpfs_file_ops = {
16547 llseek: generic_file_llseek,
16548 read: generic_file_read,
16549 write: hpfs_file_write,
16550 @@ -21,14 +20,12 @@ static struct file_operations hpfs_file_
16551 fsync: hpfs_file_fsync,
16554 -static struct inode_operations hpfs_file_iops =
16556 +static const struct inode_operations hpfs_file_iops = {
16557 truncate: hpfs_truncate,
16558 setattr: hpfs_notify_change,
16561 -static struct file_operations hpfs_dir_ops =
16563 +static const struct file_operations hpfs_dir_ops = {
16564 llseek: hpfs_dir_lseek,
16565 read: generic_read_dir,
16566 readdir: hpfs_readdir,
16567 @@ -37,8 +34,7 @@ static struct file_operations hpfs_dir_o
16568 fsync: hpfs_file_fsync,
16571 -static struct inode_operations hpfs_dir_iops =
16573 +static const struct inode_operations hpfs_dir_iops = {
16574 create: hpfs_create,
16575 lookup: hpfs_lookup,
16576 unlink: hpfs_unlink,
16577 @@ -50,7 +46,7 @@ static struct inode_operations hpfs_dir_
16578 setattr: hpfs_notify_change,
16581 -struct address_space_operations hpfs_symlink_aops = {
16582 +const struct address_space_operations hpfs_symlink_aops = {
16583 readpage: hpfs_symlink_readpage
16586 diff -urNp linux-2.4.37.7/fs/hpfs/namei.c linux-2.4.37.7/fs/hpfs/namei.c
16587 --- linux-2.4.37.7/fs/hpfs/namei.c 2009-11-07 11:52:20.000000000 -0500
16588 +++ linux-2.4.37.7/fs/hpfs/namei.c 2009-11-10 19:30:27.000000000 -0500
16589 @@ -225,7 +225,7 @@ int hpfs_mknod(struct inode *dir, struct
16593 -extern struct address_space_operations hpfs_symlink_aops;
16594 +extern const struct address_space_operations hpfs_symlink_aops;
16596 int hpfs_symlink(struct inode *dir, struct dentry *dentry, const char *symlink)
16598 diff -urNp linux-2.4.37.7/fs/hpfs/super.c linux-2.4.37.7/fs/hpfs/super.c
16599 --- linux-2.4.37.7/fs/hpfs/super.c 2009-11-07 11:52:20.000000000 -0500
16600 +++ linux-2.4.37.7/fs/hpfs/super.c 2009-11-10 19:30:27.000000000 -0500
16601 @@ -150,8 +150,7 @@ int hpfs_statfs(struct super_block *s, s
16603 /* Super operations */
16605 -static struct super_operations hpfs_sops =
16607 +static const struct super_operations hpfs_sops = {
16608 read_inode: hpfs_read_inode,
16609 delete_inode: hpfs_delete_inode,
16610 put_super: hpfs_put_super,
16611 diff -urNp linux-2.4.37.7/fs/inode.c linux-2.4.37.7/fs/inode.c
16612 --- linux-2.4.37.7/fs/inode.c 2009-11-07 11:52:20.000000000 -0500
16613 +++ linux-2.4.37.7/fs/inode.c 2009-11-10 19:30:27.000000000 -0500
16614 @@ -1200,7 +1200,7 @@ void iput(struct inode *inode)
16617 struct super_block *sb = inode->i_sb;
16618 - struct super_operations *op = NULL;
16619 + const struct super_operations *op = NULL;
16621 if (inode->i_state == I_CLEAR)
16623 diff -urNp linux-2.4.37.7/fs/intermezzo/dcache.c linux-2.4.37.7/fs/intermezzo/dcache.c
16624 --- linux-2.4.37.7/fs/intermezzo/dcache.c 2009-11-07 11:52:20.000000000 -0500
16625 +++ linux-2.4.37.7/fs/intermezzo/dcache.c 2009-11-10 19:30:27.000000000 -0500
16626 @@ -112,8 +112,7 @@ static void presto_d_release(struct dent
16630 -struct dentry_operations presto_dentry_ops =
16632 +const struct dentry_operations presto_dentry_ops = {
16633 .d_revalidate = presto_d_revalidate,
16634 .d_release = presto_d_release
16636 diff -urNp linux-2.4.37.7/fs/intermezzo/dir.c linux-2.4.37.7/fs/intermezzo/dir.c
16637 --- linux-2.4.37.7/fs/intermezzo/dir.c 2009-11-07 11:52:20.000000000 -0500
16638 +++ linux-2.4.37.7/fs/intermezzo/dir.c 2009-11-10 19:30:27.000000000 -0500
16639 @@ -248,7 +248,7 @@ struct dentry *presto_lookup(struct inod
16642 unsigned int generation;
16643 - struct inode_operations *iops;
16644 + const struct inode_operations *iops;
16645 int is_ilookup = 0;
16648 @@ -918,8 +918,8 @@ int presto_permission(struct inode *inod
16651 /* we only override the file/dir permission operations */
16652 - struct inode_operations *fiops = filter_c2cfiops(cache->cache_filter);
16653 - struct inode_operations *diops = filter_c2cdiops(cache->cache_filter);
16654 + const struct inode_operations *fiops = filter_c2cfiops(cache->cache_filter);
16655 + const struct inode_operations *diops = filter_c2cdiops(cache->cache_filter);
16657 if ( S_ISREG(mode) && fiops && fiops->permission ) {
16659 @@ -1388,11 +1388,11 @@ int presto_ioctl(struct inode *inode, st
16663 -struct file_operations presto_dir_fops = {
16664 +const struct file_operations presto_dir_fops = {
16665 .ioctl = presto_ioctl
16668 -struct inode_operations presto_dir_iops = {
16669 +const struct inode_operations presto_dir_iops = {
16670 .create = presto_create,
16671 .lookup = presto_lookup,
16672 .link = presto_link,
16673 diff -urNp linux-2.4.37.7/fs/intermezzo/file.c linux-2.4.37.7/fs/intermezzo/file.c
16674 --- linux-2.4.37.7/fs/intermezzo/file.c 2009-11-07 11:52:20.000000000 -0500
16675 +++ linux-2.4.37.7/fs/intermezzo/file.c 2009-11-10 19:30:27.000000000 -0500
16676 @@ -456,14 +456,14 @@ static ssize_t presto_file_write(struct
16680 -struct file_operations presto_file_fops = {
16681 +const struct file_operations presto_file_fops = {
16682 .write = presto_file_write,
16683 .open = presto_file_open,
16684 .release = presto_file_release,
16685 .ioctl = presto_ioctl
16688 -struct inode_operations presto_file_iops = {
16689 +const struct inode_operations presto_file_iops = {
16690 .permission = presto_permission,
16691 .setattr = presto_setattr,
16692 #ifdef CONFIG_FS_EXT_ATTR
16693 diff -urNp linux-2.4.37.7/fs/intermezzo/inode.c linux-2.4.37.7/fs/intermezzo/inode.c
16694 --- linux-2.4.37.7/fs/intermezzo/inode.c 2009-11-07 11:52:20.000000000 -0500
16695 +++ linux-2.4.37.7/fs/intermezzo/inode.c 2009-11-10 19:30:27.000000000 -0500
16696 @@ -172,14 +172,14 @@ exit:
16700 -struct super_operations presto_super_ops = {
16701 +const struct super_operations presto_super_ops = {
16702 .read_inode = presto_read_inode,
16703 .put_super = presto_put_super,
16707 /* symlinks can be chowned */
16708 -struct inode_operations presto_sym_iops = {
16709 +const struct inode_operations presto_sym_iops = {
16710 .setattr = presto_setattr
16713 diff -urNp linux-2.4.37.7/fs/intermezzo/methods.c linux-2.4.37.7/fs/intermezzo/methods.c
16714 --- linux-2.4.37.7/fs/intermezzo/methods.c 2009-11-07 11:52:20.000000000 -0500
16715 +++ linux-2.4.37.7/fs/intermezzo/methods.c 2009-11-10 19:30:27.000000000 -0500
16716 @@ -60,85 +60,85 @@ int filter_debug = 0xfffffff;
16717 static struct filter_fs filter_oppar[FILTER_FS_TYPES];
16719 /* get to the upper methods (intermezzo, snapfs) */
16720 -inline struct super_operations *filter_c2usops(struct filter_fs *cache)
16721 +inline const struct super_operations *filter_c2usops(struct filter_fs *cache)
16723 return &cache->o_fops.filter_sops;
16726 -inline struct inode_operations *filter_c2udiops(struct filter_fs *cache)
16727 +inline const struct inode_operations *filter_c2udiops(struct filter_fs *cache)
16729 return &cache->o_fops.filter_dir_iops;
16733 -inline struct inode_operations *filter_c2ufiops(struct filter_fs *cache)
16734 +inline const struct inode_operations *filter_c2ufiops(struct filter_fs *cache)
16736 return &cache->o_fops.filter_file_iops;
16739 -inline struct inode_operations *filter_c2usiops(struct filter_fs *cache)
16740 +inline const struct inode_operations *filter_c2usiops(struct filter_fs *cache)
16742 return &cache->o_fops.filter_sym_iops;
16746 -inline struct file_operations *filter_c2udfops(struct filter_fs *cache)
16747 +inline const struct file_operations *filter_c2udfops(struct filter_fs *cache)
16749 return &cache->o_fops.filter_dir_fops;
16752 -inline struct file_operations *filter_c2uffops(struct filter_fs *cache)
16753 +inline const struct file_operations *filter_c2uffops(struct filter_fs *cache)
16755 return &cache->o_fops.filter_file_fops;
16758 -inline struct file_operations *filter_c2usfops(struct filter_fs *cache)
16759 +inline const struct file_operations *filter_c2usfops(struct filter_fs *cache)
16761 return &cache->o_fops.filter_sym_fops;
16764 -inline struct dentry_operations *filter_c2udops(struct filter_fs *cache)
16765 +inline const struct dentry_operations *filter_c2udops(struct filter_fs *cache)
16767 return &cache->o_fops.filter_dentry_ops;
16770 /* get to the cache (lower) methods */
16771 -inline struct super_operations *filter_c2csops(struct filter_fs *cache)
16772 +inline const struct super_operations *filter_c2csops(struct filter_fs *cache)
16774 return cache->o_caops.cache_sops;
16777 -inline struct inode_operations *filter_c2cdiops(struct filter_fs *cache)
16778 +inline const struct inode_operations *filter_c2cdiops(struct filter_fs *cache)
16780 return cache->o_caops.cache_dir_iops;
16783 -inline struct inode_operations *filter_c2cfiops(struct filter_fs *cache)
16784 +inline const struct inode_operations *filter_c2cfiops(struct filter_fs *cache)
16786 return cache->o_caops.cache_file_iops;
16789 -inline struct inode_operations *filter_c2csiops(struct filter_fs *cache)
16790 +inline const struct inode_operations *filter_c2csiops(struct filter_fs *cache)
16792 return cache->o_caops.cache_sym_iops;
16795 -inline struct file_operations *filter_c2cdfops(struct filter_fs *cache)
16796 +inline const struct file_operations *filter_c2cdfops(struct filter_fs *cache)
16798 return cache->o_caops.cache_dir_fops;
16801 -inline struct file_operations *filter_c2cffops(struct filter_fs *cache)
16802 +inline const struct file_operations *filter_c2cffops(struct filter_fs *cache)
16804 return cache->o_caops.cache_file_fops;
16807 -inline struct file_operations *filter_c2csfops(struct filter_fs *cache)
16808 +inline const struct file_operations *filter_c2csfops(struct filter_fs *cache)
16810 return cache->o_caops.cache_sym_fops;
16813 -inline struct dentry_operations *filter_c2cdops(struct filter_fs *cache)
16814 +inline const struct dentry_operations *filter_c2cdops(struct filter_fs *cache)
16816 return cache->o_caops.cache_dentry_ops;
16818 @@ -265,7 +265,7 @@ struct filter_fs *filter_get_filter_fs(c
16819 * and the underlying file system used for the cache.
16822 -void filter_setup_super_ops(struct filter_fs *cache, struct super_operations *cache_sops, struct super_operations *filter_sops)
16823 +void filter_setup_super_ops(struct filter_fs *cache, const struct super_operations *cache_sops, const struct super_operations *filter_sops)
16825 /* Get ptr to the shared struct snapfs_ops structure. */
16826 struct filter_ops *props = &cache->o_fops;
16827 @@ -307,11 +307,11 @@ void filter_setup_super_ops(struct filte
16831 -void filter_setup_dir_ops(struct filter_fs *cache, struct inode *inode, struct inode_operations *filter_iops, struct file_operations *filter_fops)
16832 +void filter_setup_dir_ops(struct filter_fs *cache, struct inode *inode, const struct inode_operations *filter_iops, const struct file_operations *filter_fops)
16834 - struct inode_operations *cache_filter_iops;
16835 - struct inode_operations *cache_iops = inode->i_op;
16836 - struct file_operations *cache_fops = inode->i_fop;
16837 + const struct inode_operations *cache_filter_iops;
16838 + const struct inode_operations *cache_iops = inode->i_op;
16839 + const struct file_operations *cache_fops = inode->i_fop;
16842 if ( cache->o_flags & FILTER_DID_DIR_OPS ) {
16843 @@ -382,11 +382,11 @@ void filter_setup_dir_ops(struct filter_
16847 -void filter_setup_file_ops(struct filter_fs *cache, struct inode *inode, struct inode_operations *filter_iops, struct file_operations *filter_fops)
16848 +void filter_setup_file_ops(struct filter_fs *cache, struct inode *inode, const struct inode_operations *filter_iops, const struct file_operations *filter_fops)
16850 - struct inode_operations *pr_iops;
16851 - struct inode_operations *cache_iops = inode->i_op;
16852 - struct file_operations *cache_fops = inode->i_fop;
16853 + const struct inode_operations *pr_iops;
16854 + const struct inode_operations *cache_iops = inode->i_op;
16855 + const struct file_operations *cache_fops = inode->i_fop;
16858 if ( cache->o_flags & FILTER_DID_FILE_OPS ) {
16859 @@ -438,11 +438,11 @@ void filter_setup_file_ops(struct filter
16862 /* XXX in 2.3 there are "fast" and "slow" symlink ops for ext2 XXX */
16863 -void filter_setup_symlink_ops(struct filter_fs *cache, struct inode *inode, struct inode_operations *filter_iops, struct file_operations *filter_fops)
16864 +void filter_setup_symlink_ops(struct filter_fs *cache, struct inode *inode, const struct inode_operations *filter_iops, const struct file_operations *filter_fops)
16866 - struct inode_operations *pr_iops;
16867 - struct inode_operations *cache_iops = inode->i_op;
16868 - struct file_operations *cache_fops = inode->i_fop;
16869 + const struct inode_operations *pr_iops;
16870 + const struct inode_operations *cache_iops = inode->i_op;
16871 + const struct file_operations *cache_fops = inode->i_fop;
16874 if ( cache->o_flags & FILTER_DID_SYMLINK_OPS ) {
16875 @@ -477,8 +477,8 @@ void filter_setup_symlink_ops(struct fil
16878 void filter_setup_dentry_ops(struct filter_fs *cache,
16879 - struct dentry_operations *cache_dop,
16880 - struct dentry_operations *filter_dop)
16881 + const struct dentry_operations *cache_dop,
16882 + const struct dentry_operations *filter_dop)
16884 if ( cache->o_flags & FILTER_DID_DENTRY_OPS ) {
16886 diff -urNp linux-2.4.37.7/fs/intermezzo/psdev.c linux-2.4.37.7/fs/intermezzo/psdev.c
16887 --- linux-2.4.37.7/fs/intermezzo/psdev.c 2009-11-07 11:52:20.000000000 -0500
16888 +++ linux-2.4.37.7/fs/intermezzo/psdev.c 2009-11-10 19:30:27.000000000 -0500
16889 @@ -364,7 +364,7 @@ static int presto_psdev_release(struct i
16893 -static struct file_operations presto_psdev_fops = {
16894 +static const struct file_operations presto_psdev_fops = {
16895 .read = presto_psdev_read,
16896 .write = presto_psdev_write,
16897 .poll = presto_psdev_poll,
16898 diff -urNp linux-2.4.37.7/fs/intermezzo/vfs.c linux-2.4.37.7/fs/intermezzo/vfs.c
16899 --- linux-2.4.37.7/fs/intermezzo/vfs.c 2009-11-07 11:52:20.000000000 -0500
16900 +++ linux-2.4.37.7/fs/intermezzo/vfs.c 2009-11-10 19:30:27.000000000 -0500
16905 -extern struct inode_operations presto_sym_iops;
16906 +extern const struct inode_operations presto_sym_iops;
16908 /* Write the last_rcvd values to the last_rcvd file. We don't know what the
16909 * UUID or last_ctime values are, so we have to read from the file first
16910 @@ -228,7 +228,7 @@ int presto_settime(struct presto_file_se
16912 struct dentry *dentry;
16913 struct inode *inode;
16914 - struct inode_operations *iops;
16915 + const struct inode_operations *iops;
16916 struct iattr iattr;
16919 @@ -363,7 +363,7 @@ int presto_do_setattr(struct presto_file
16921 struct rec_info rec;
16922 struct inode *inode = dentry->d_inode;
16923 - struct inode_operations *iops;
16924 + const struct inode_operations *iops;
16926 struct presto_version old_ver, new_ver;
16927 struct izo_rollback_data rb;
16928 @@ -521,7 +521,16 @@ int lento_setattr(const char *name, stru
16929 * acl journalling is in place.
16931 set_posix_acl=dentry->d_inode->i_op->set_posix_acl;
16932 - dentry->d_inode->i_op->set_posix_acl=NULL;
16933 +#ifdef CONFIG_PAX_KERNEXEC
16935 + unsigned long cr0;
16936 + pax_open_kernel(cr0);
16938 + dentry->d_inode->i_op->set_posix_acl=NULL;
16939 +#ifdef CONFIG_PAX_KERNEXEC
16940 + pax_close_kernel(cr0);
16946 @@ -537,8 +546,16 @@ int lento_setattr(const char *name, stru
16948 #ifdef CONFIG_FS_POSIX_ACL
16949 /* restore the inode_operations if we changed them*/
16950 - if (iattr->ia_valid & ATTR_MODE)
16951 + if (iattr->ia_valid & ATTR_MODE) {
16952 +#ifdef CONFIG_PAX_KERNEXEC
16953 + unsigned long cr0;
16954 + pax_open_kernel(cr0);
16956 dentry->d_inode->i_op->set_posix_acl=set_posix_acl;
16957 +#ifdef CONFIG_PAX_KERNEXEC
16958 + pax_close_kernel(cr0);
16964 diff -urNp linux-2.4.37.7/fs/isofs/compress.c linux-2.4.37.7/fs/isofs/compress.c
16965 --- linux-2.4.37.7/fs/isofs/compress.c 2009-11-07 11:52:20.000000000 -0500
16966 +++ linux-2.4.37.7/fs/isofs/compress.c 2009-11-10 19:30:27.000000000 -0500
16967 @@ -330,7 +330,7 @@ eio:
16971 -struct address_space_operations zisofs_aops = {
16972 +const struct address_space_operations zisofs_aops = {
16973 readpage: zisofs_readpage,
16974 /* No sync_page operation supported? */
16975 /* No bmap operation supported */
16976 diff -urNp linux-2.4.37.7/fs/isofs/dir.c linux-2.4.37.7/fs/isofs/dir.c
16977 --- linux-2.4.37.7/fs/isofs/dir.c 2009-11-07 11:52:20.000000000 -0500
16978 +++ linux-2.4.37.7/fs/isofs/dir.c 2009-11-10 19:30:27.000000000 -0500
16981 static int isofs_readdir(struct file *, void *, filldir_t);
16983 -struct file_operations isofs_dir_operations =
16985 +const struct file_operations isofs_dir_operations = {
16986 read: generic_read_dir,
16987 readdir: isofs_readdir,
16989 @@ -35,8 +34,7 @@ struct file_operations isofs_dir_operati
16991 * directories can handle most operations...
16993 -struct inode_operations isofs_dir_inode_operations =
16995 +const struct inode_operations isofs_dir_inode_operations = {
16996 lookup: isofs_lookup,
16999 diff -urNp linux-2.4.37.7/fs/isofs/inode.c linux-2.4.37.7/fs/isofs/inode.c
17000 --- linux-2.4.37.7/fs/isofs/inode.c 2009-11-07 11:52:20.000000000 -0500
17001 +++ linux-2.4.37.7/fs/isofs/inode.c 2009-11-10 19:30:27.000000000 -0500
17002 @@ -73,13 +73,13 @@ static void isofs_put_super(struct super
17003 static void isofs_read_inode(struct inode *);
17004 static int isofs_statfs (struct super_block *, struct statfs *);
17006 -static struct super_operations isofs_sops = {
17007 +static const struct super_operations isofs_sops = {
17008 read_inode: isofs_read_inode,
17009 put_super: isofs_put_super,
17010 statfs: isofs_statfs,
17013 -static struct dentry_operations isofs_dentry_ops[] = {
17014 +static const struct dentry_operations isofs_dentry_ops[] = {
17016 d_hash: isofs_hash,
17017 d_compare: isofs_dentry_cmp,
17018 @@ -989,7 +989,7 @@ static int _isofs_bmap(struct address_sp
17019 return generic_block_bmap(mapping,block,isofs_get_block);
17022 -static struct address_space_operations isofs_aops = {
17023 +static const struct address_space_operations isofs_aops = {
17024 readpage: isofs_readpage,
17025 sync_page: block_sync_page,
17027 diff -urNp linux-2.4.37.7/fs/isofs/rock.c linux-2.4.37.7/fs/isofs/rock.c
17028 --- linux-2.4.37.7/fs/isofs/rock.c 2009-11-07 11:52:20.000000000 -0500
17029 +++ linux-2.4.37.7/fs/isofs/rock.c 2009-11-10 19:30:27.000000000 -0500
17030 @@ -618,6 +618,6 @@ static int rock_ridge_symlink_readpage(s
17034 -struct address_space_operations isofs_symlink_aops = {
17035 +const struct address_space_operations isofs_symlink_aops = {
17036 readpage: rock_ridge_symlink_readpage
17038 diff -urNp linux-2.4.37.7/fs/isofs/zisofs.h linux-2.4.37.7/fs/isofs/zisofs.h
17039 --- linux-2.4.37.7/fs/isofs/zisofs.h 2009-11-07 11:52:20.000000000 -0500
17040 +++ linux-2.4.37.7/fs/isofs/zisofs.h 2009-11-10 19:30:27.000000000 -0500
17044 #ifdef CONFIG_ZISOFS
17045 -extern struct address_space_operations zisofs_aops;
17046 +extern const struct address_space_operations zisofs_aops;
17047 extern int __init zisofs_init(void);
17048 extern void __exit zisofs_cleanup(void);
17050 diff -urNp linux-2.4.37.7/fs/jffs/inode-v23.c linux-2.4.37.7/fs/jffs/inode-v23.c
17051 --- linux-2.4.37.7/fs/jffs/inode-v23.c 2009-11-07 11:52:20.000000000 -0500
17052 +++ linux-2.4.37.7/fs/jffs/inode-v23.c 2009-11-10 19:30:27.000000000 -0500
17053 @@ -60,12 +60,12 @@
17055 static int jffs_remove(struct inode *dir, struct dentry *dentry, int type);
17057 -static struct super_operations jffs_ops;
17058 -static struct file_operations jffs_file_operations;
17059 -static struct inode_operations jffs_file_inode_operations;
17060 -static struct file_operations jffs_dir_operations;
17061 -static struct inode_operations jffs_dir_inode_operations;
17062 -static struct address_space_operations jffs_address_operations;
17063 +static const struct super_operations jffs_ops;
17064 +static const struct file_operations jffs_file_operations;
17065 +static const struct inode_operations jffs_file_inode_operations;
17066 +static const struct file_operations jffs_dir_operations;
17067 +static const struct inode_operations jffs_dir_inode_operations;
17068 +static const struct address_space_operations jffs_address_operations;
17070 kmem_cache_t *node_cache = NULL;
17071 kmem_cache_t *fm_cache = NULL;
17072 @@ -1574,7 +1574,7 @@ jffs_ioctl(struct inode *inode, struct f
17073 } /* jffs_ioctl() */
17076 -static struct address_space_operations jffs_address_operations = {
17077 +static const struct address_space_operations jffs_address_operations = {
17078 readpage: jffs_readpage,
17079 prepare_write: jffs_prepare_write,
17080 commit_write: jffs_commit_write,
17081 @@ -1592,8 +1592,7 @@ static int jffs_fsync(struct file *f, st
17082 extern int generic_file_open(struct inode *, struct file *) __attribute__((weak));
17083 extern loff_t generic_file_llseek(struct file *, loff_t, int) __attribute__((weak));
17085 -static struct file_operations jffs_file_operations =
17087 +static const struct file_operations jffs_file_operations = {
17088 open: generic_file_open,
17089 llseek: generic_file_llseek,
17090 read: generic_file_read,
17091 @@ -1604,21 +1603,18 @@ static struct file_operations jffs_file_
17095 -static struct inode_operations jffs_file_inode_operations =
17097 +static const struct inode_operations jffs_file_inode_operations = {
17098 lookup: jffs_lookup, /* lookup */
17099 setattr: jffs_setattr,
17103 -static struct file_operations jffs_dir_operations =
17105 +static const struct file_operations jffs_dir_operations = {
17106 readdir: jffs_readdir,
17110 -static struct inode_operations jffs_dir_inode_operations =
17112 +static const struct inode_operations jffs_dir_inode_operations = {
17113 create: jffs_create,
17114 lookup: jffs_lookup,
17115 unlink: jffs_unlink,
17116 @@ -1724,8 +1720,7 @@ jffs_write_super(struct super_block *sb)
17117 jffs_garbage_collect_trigger(c);
17120 -static struct super_operations jffs_ops =
17122 +static const struct super_operations jffs_ops = {
17123 read_inode: jffs_read_inode,
17124 delete_inode: jffs_delete_inode,
17125 put_super: jffs_put_super,
17126 diff -urNp linux-2.4.37.7/fs/jffs2/dir.c linux-2.4.37.7/fs/jffs2/dir.c
17127 --- linux-2.4.37.7/fs/jffs2/dir.c 2009-11-07 11:52:20.000000000 -0500
17128 +++ linux-2.4.37.7/fs/jffs2/dir.c 2009-11-10 19:30:27.000000000 -0500
17129 @@ -58,8 +58,7 @@ static int jffs2_mknod (struct inode *,s
17130 static int jffs2_rename (struct inode *, struct dentry *,
17131 struct inode *, struct dentry *);
17133 -struct file_operations jffs2_dir_operations =
17135 +const struct file_operations jffs2_dir_operations = {
17136 read: generic_read_dir,
17137 readdir: jffs2_readdir,
17138 ioctl: jffs2_ioctl,
17139 @@ -67,8 +66,7 @@ struct file_operations jffs2_dir_operati
17143 -struct inode_operations jffs2_dir_inode_operations =
17145 +const struct inode_operations jffs2_dir_inode_operations = {
17146 create: jffs2_create,
17147 lookup: jffs2_lookup,
17149 diff -urNp linux-2.4.37.7/fs/jffs2/file.c linux-2.4.37.7/fs/jffs2/file.c
17150 --- linux-2.4.37.7/fs/jffs2/file.c 2009-11-07 11:52:20.000000000 -0500
17151 +++ linux-2.4.37.7/fs/jffs2/file.c 2009-11-10 19:30:27.000000000 -0500
17152 @@ -54,8 +54,7 @@ int jffs2_null_fsync(struct file *filp,
17156 -struct file_operations jffs2_file_operations =
17158 +const struct file_operations jffs2_file_operations = {
17159 llseek: generic_file_llseek,
17160 open: generic_file_open,
17161 read: generic_file_read,
17162 @@ -67,13 +66,11 @@ struct file_operations jffs2_file_operat
17164 /* jffs2_file_inode_operations */
17166 -struct inode_operations jffs2_file_inode_operations =
17168 +const struct inode_operations jffs2_file_inode_operations = {
17169 setattr: jffs2_setattr
17172 -struct address_space_operations jffs2_file_address_operations =
17174 +const struct address_space_operations jffs2_file_address_operations = {
17175 readpage: jffs2_readpage,
17176 prepare_write: jffs2_prepare_write,
17177 commit_write: jffs2_commit_write
17178 diff -urNp linux-2.4.37.7/fs/jffs2/nodelist.h linux-2.4.37.7/fs/jffs2/nodelist.h
17179 --- linux-2.4.37.7/fs/jffs2/nodelist.h 2009-11-07 11:52:20.000000000 -0500
17180 +++ linux-2.4.37.7/fs/jffs2/nodelist.h 2009-11-10 19:30:27.000000000 -0500
17181 @@ -307,13 +307,13 @@ void jffs2_stop_garbage_collect_thread(s
17182 void jffs2_garbage_collect_trigger(struct jffs2_sb_info *c);
17185 -extern struct file_operations jffs2_dir_operations;
17186 -extern struct inode_operations jffs2_dir_inode_operations;
17187 +extern const struct file_operations jffs2_dir_operations;
17188 +extern const struct inode_operations jffs2_dir_inode_operations;
17191 -extern struct file_operations jffs2_file_operations;
17192 -extern struct inode_operations jffs2_file_inode_operations;
17193 -extern struct address_space_operations jffs2_file_address_operations;
17194 +extern const struct file_operations jffs2_file_operations;
17195 +extern const struct inode_operations jffs2_file_inode_operations;
17196 +extern const struct address_space_operations jffs2_file_address_operations;
17197 int jffs2_null_fsync(struct file *, struct dentry *, int);
17198 int jffs2_setattr (struct dentry *dentry, struct iattr *iattr);
17199 int jffs2_do_readpage_nolock (struct inode *inode, struct page *pg);
17200 @@ -341,7 +341,7 @@ int jffs2_scan_medium(struct jffs2_sb_in
17201 int jffs2_build_filesystem(struct jffs2_sb_info *c);
17204 -extern struct inode_operations jffs2_symlink_inode_operations;
17205 +extern const struct inode_operations jffs2_symlink_inode_operations;
17208 void jffs2_erase_block(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb);
17209 diff -urNp linux-2.4.37.7/fs/jffs2/super.c linux-2.4.37.7/fs/jffs2/super.c
17210 --- linux-2.4.37.7/fs/jffs2/super.c 2009-11-07 11:52:20.000000000 -0500
17211 +++ linux-2.4.37.7/fs/jffs2/super.c 2009-11-10 19:30:27.000000000 -0500
17212 @@ -60,8 +60,7 @@ static int jffs2_statfs (struct super_bl
17213 int jffs2_remount_fs (struct super_block *, int *, char *);
17214 extern void jffs2_clear_inode (struct inode *);
17216 -static struct super_operations jffs2_super_operations =
17218 +static const struct super_operations jffs2_super_operations = {
17219 read_inode: jffs2_read_inode,
17220 // delete_inode: jffs2_delete_inode,
17221 put_super: jffs2_put_super,
17222 diff -urNp linux-2.4.37.7/fs/jffs2/symlink.c linux-2.4.37.7/fs/jffs2/symlink.c
17223 --- linux-2.4.37.7/fs/jffs2/symlink.c 2009-11-07 11:52:20.000000000 -0500
17224 +++ linux-2.4.37.7/fs/jffs2/symlink.c 2009-11-10 19:30:27.000000000 -0500
17226 int jffs2_readlink(struct dentry *dentry, char *buffer, int buflen);
17227 int jffs2_follow_link(struct dentry *dentry, struct nameidata *nd);
17229 -struct inode_operations jffs2_symlink_inode_operations =
17231 +const struct inode_operations jffs2_symlink_inode_operations = {
17232 readlink: jffs2_readlink,
17233 follow_link: jffs2_follow_link,
17234 setattr: jffs2_setattr
17235 diff -urNp linux-2.4.37.7/fs/jfs/file.c linux-2.4.37.7/fs/jfs/file.c
17236 --- linux-2.4.37.7/fs/jfs/file.c 2009-11-07 11:52:20.000000000 -0500
17237 +++ linux-2.4.37.7/fs/jfs/file.c 2009-11-10 19:30:27.000000000 -0500
17238 @@ -96,7 +96,7 @@ static int jfs_release(struct inode *ino
17242 -struct inode_operations jfs_file_inode_operations = {
17243 +const struct inode_operations jfs_file_inode_operations = {
17244 .truncate = jfs_truncate,
17245 .setxattr = jfs_setxattr,
17246 .getxattr = jfs_getxattr,
17247 @@ -104,7 +104,7 @@ struct inode_operations jfs_file_inode_o
17248 .removexattr = jfs_removexattr,
17251 -struct file_operations jfs_file_operations = {
17252 +const struct file_operations jfs_file_operations = {
17254 .llseek = generic_file_llseek,
17255 .write = generic_file_write,
17256 diff -urNp linux-2.4.37.7/fs/jfs/inode.c linux-2.4.37.7/fs/jfs/inode.c
17257 --- linux-2.4.37.7/fs/jfs/inode.c 2009-11-07 11:52:20.000000000 -0500
17258 +++ linux-2.4.37.7/fs/jfs/inode.c 2009-11-10 19:30:27.000000000 -0500
17259 @@ -28,12 +28,12 @@
17260 #include "jfs_debug.h"
17263 -extern struct inode_operations jfs_dir_inode_operations;
17264 -extern struct inode_operations jfs_file_inode_operations;
17265 -extern struct inode_operations jfs_symlink_inode_operations;
17266 -extern struct file_operations jfs_dir_operations;
17267 -extern struct file_operations jfs_file_operations;
17268 -struct address_space_operations jfs_aops;
17269 +extern const struct inode_operations jfs_dir_inode_operations;
17270 +extern const struct inode_operations jfs_file_inode_operations;
17271 +extern const struct inode_operations jfs_symlink_inode_operations;
17272 +extern const struct file_operations jfs_dir_operations;
17273 +extern const struct file_operations jfs_file_operations;
17274 +const struct address_space_operations jfs_aops;
17275 extern int freeZeroLink(struct inode *);
17277 void jfs_clear_inode(struct inode *inode)
17278 @@ -335,7 +335,7 @@ static int jfs_direct_IO(int rw, struct
17279 blocksize, jfs_get_block);
17282 -struct address_space_operations jfs_aops = {
17283 +const struct address_space_operations jfs_aops = {
17284 .readpage = jfs_readpage,
17285 .writepage = jfs_writepage,
17286 .sync_page = block_sync_page,
17287 diff -urNp linux-2.4.37.7/fs/jfs/jfs_imap.c linux-2.4.37.7/fs/jfs/jfs_imap.c
17288 --- linux-2.4.37.7/fs/jfs/jfs_imap.c 2009-11-07 11:52:20.000000000 -0500
17289 +++ linux-2.4.37.7/fs/jfs/jfs_imap.c 2009-11-10 19:30:27.000000000 -0500
17292 * external references
17294 -extern struct address_space_operations jfs_aops;
17295 +extern const struct address_space_operations jfs_aops;
17298 * forward references
17299 diff -urNp linux-2.4.37.7/fs/jfs/namei.c linux-2.4.37.7/fs/jfs/namei.c
17300 --- linux-2.4.37.7/fs/jfs/namei.c 2009-11-07 11:52:20.000000000 -0500
17301 +++ linux-2.4.37.7/fs/jfs/namei.c 2009-11-10 19:30:27.000000000 -0500
17302 @@ -28,10 +28,10 @@
17303 #include "jfs_xattr.h"
17304 #include "jfs_debug.h"
17306 -extern struct inode_operations jfs_file_inode_operations;
17307 -extern struct inode_operations jfs_symlink_inode_operations;
17308 -extern struct file_operations jfs_file_operations;
17309 -extern struct address_space_operations jfs_aops;
17310 +extern const struct inode_operations jfs_file_inode_operations;
17311 +extern const struct inode_operations jfs_symlink_inode_operations;
17312 +extern const struct file_operations jfs_file_operations;
17313 +extern const struct address_space_operations jfs_aops;
17315 extern int jfs_fsync(struct file *, struct dentry *, int);
17316 extern void jfs_truncate_nolock(struct inode *, loff_t);
17317 @@ -39,8 +39,8 @@ extern void jfs_truncate_nolock(struct i
17319 * forward references
17321 -struct inode_operations jfs_dir_inode_operations;
17322 -struct file_operations jfs_dir_operations;
17323 +const const struct inode_operations jfs_dir_inode_operations;
17324 +const const struct file_operations jfs_dir_operations;
17326 static s64 commitZeroLink(tid_t, struct inode *);
17328 @@ -1401,7 +1401,7 @@ static struct dentry *jfs_lookup(struct
17332 -struct inode_operations jfs_dir_inode_operations = {
17333 +const struct inode_operations jfs_dir_inode_operations = {
17334 .create = jfs_create,
17335 .lookup = jfs_lookup,
17337 @@ -1417,7 +1417,7 @@ struct inode_operations jfs_dir_inode_op
17338 .removexattr = jfs_removexattr,
17341 -struct file_operations jfs_dir_operations = {
17342 +const struct file_operations jfs_dir_operations = {
17343 .read = generic_read_dir,
17344 .readdir = jfs_readdir,
17345 .fsync = jfs_fsync,
17346 diff -urNp linux-2.4.37.7/fs/jfs/super.c linux-2.4.37.7/fs/jfs/super.c
17347 --- linux-2.4.37.7/fs/jfs/super.c 2009-11-07 11:52:20.000000000 -0500
17348 +++ linux-2.4.37.7/fs/jfs/super.c 2009-11-10 19:30:27.000000000 -0500
17349 @@ -35,7 +35,7 @@ MODULE_DESCRIPTION("The Journaled Filesy
17350 MODULE_AUTHOR("Steve Best/Dave Kleikamp/Barry Arndt, IBM");
17351 MODULE_LICENSE("GPL");
17353 -static struct super_operations jfs_super_operations;
17354 +static const struct super_operations jfs_super_operations;
17355 static struct file_system_type jfs_fs_type;
17357 int jfs_stop_threads;
17358 @@ -452,7 +452,7 @@ static int jfs_sync_fs(struct super_bloc
17362 -static struct super_operations jfs_super_operations = {
17363 +static const struct super_operations jfs_super_operations = {
17364 .read_inode = jfs_read_inode,
17365 .dirty_inode = jfs_dirty_inode,
17366 .write_inode = jfs_write_inode,
17367 diff -urNp linux-2.4.37.7/fs/jfs/symlink.c linux-2.4.37.7/fs/jfs/symlink.c
17368 --- linux-2.4.37.7/fs/jfs/symlink.c 2009-11-07 11:52:20.000000000 -0500
17369 +++ linux-2.4.37.7/fs/jfs/symlink.c 2009-11-10 19:30:27.000000000 -0500
17370 @@ -32,7 +32,7 @@ static int jfs_readlink(struct dentry *d
17371 return vfs_readlink(dentry, buffer, buflen, s);
17374 -struct inode_operations jfs_symlink_inode_operations = {
17375 +const struct inode_operations jfs_symlink_inode_operations = {
17376 .readlink = jfs_readlink,
17377 .follow_link = jfs_follow_link,
17378 .setxattr = jfs_setxattr,
17379 diff -urNp linux-2.4.37.7/fs/Makefile linux-2.4.37.7/fs/Makefile
17380 --- linux-2.4.37.7/fs/Makefile 2009-11-07 11:52:20.000000000 -0500
17381 +++ linux-2.4.37.7/fs/Makefile 2009-11-10 19:30:27.000000000 -0500
17386 -export-objs := filesystems.o open.o dcache.o buffer.o dquot.o
17387 +export-objs := filesystems.o open.o dcache.o buffer.o dquot.o exec.o
17390 obj-y := open.o read_write.o devices.o file_table.o buffer.o \
17391 diff -urNp linux-2.4.37.7/fs/minix/dir.c linux-2.4.37.7/fs/minix/dir.c
17392 --- linux-2.4.37.7/fs/minix/dir.c 2009-11-07 11:52:20.000000000 -0500
17393 +++ linux-2.4.37.7/fs/minix/dir.c 2009-11-10 19:30:27.000000000 -0500
17394 @@ -14,7 +14,7 @@ typedef struct minix_dir_entry minix_dir
17396 static int minix_readdir(struct file *, void *, filldir_t);
17398 -struct file_operations minix_dir_operations = {
17399 +const struct file_operations minix_dir_operations = {
17400 read: generic_read_dir,
17401 readdir: minix_readdir,
17402 fsync: minix_sync_file,
17403 diff -urNp linux-2.4.37.7/fs/minix/file.c linux-2.4.37.7/fs/minix/file.c
17404 --- linux-2.4.37.7/fs/minix/file.c 2009-11-07 11:52:20.000000000 -0500
17405 +++ linux-2.4.37.7/fs/minix/file.c 2009-11-10 19:30:27.000000000 -0500
17408 int minix_sync_file(struct file *, struct dentry *, int);
17410 -struct file_operations minix_file_operations = {
17411 +const struct file_operations minix_file_operations = {
17412 llseek: generic_file_llseek,
17413 read: generic_file_read,
17414 write: generic_file_write,
17415 @@ -23,7 +23,7 @@ struct file_operations minix_file_operat
17416 fsync: minix_sync_file,
17419 -struct inode_operations minix_file_inode_operations = {
17420 +const struct inode_operations minix_file_inode_operations = {
17421 truncate: minix_truncate,
17424 diff -urNp linux-2.4.37.7/fs/minix/inode.c linux-2.4.37.7/fs/minix/inode.c
17425 --- linux-2.4.37.7/fs/minix/inode.c 2009-11-07 11:52:20.000000000 -0500
17426 +++ linux-2.4.37.7/fs/minix/inode.c 2009-11-10 19:30:27.000000000 -0500
17427 @@ -75,7 +75,7 @@ static void minix_put_super(struct super
17431 -static struct super_operations minix_sops = {
17432 +static const struct super_operations minix_sops = {
17433 read_inode: minix_read_inode,
17434 write_inode: minix_write_inode,
17435 delete_inode: minix_delete_inode,
17436 @@ -317,7 +317,7 @@ static int minix_bmap(struct address_spa
17438 return generic_block_bmap(mapping,block,minix_get_block);
17440 -static struct address_space_operations minix_aops = {
17441 +static const struct address_space_operations minix_aops = {
17442 readpage: minix_readpage,
17443 writepage: minix_writepage,
17444 sync_page: block_sync_page,
17445 diff -urNp linux-2.4.37.7/fs/minix/namei.c linux-2.4.37.7/fs/minix/namei.c
17446 --- linux-2.4.37.7/fs/minix/namei.c 2009-11-07 11:52:20.000000000 -0500
17447 +++ linux-2.4.37.7/fs/minix/namei.c 2009-11-10 19:30:27.000000000 -0500
17448 @@ -52,7 +52,7 @@ static int minix_hash(struct dentry *den
17452 -struct dentry_operations minix_dentry_operations = {
17453 +const struct dentry_operations minix_dentry_operations = {
17454 d_hash: minix_hash,
17457 @@ -302,7 +302,7 @@ out:
17459 * directories can handle most operations...
17461 -struct inode_operations minix_dir_inode_operations = {
17462 +const struct inode_operations minix_dir_inode_operations = {
17463 create: minix_create,
17464 lookup: minix_lookup,
17466 diff -urNp linux-2.4.37.7/fs/msdos/namei.c linux-2.4.37.7/fs/msdos/namei.c
17467 --- linux-2.4.37.7/fs/msdos/namei.c 2009-11-07 11:52:20.000000000 -0500
17468 +++ linux-2.4.37.7/fs/msdos/namei.c 2009-11-10 19:30:27.000000000 -0500
17469 @@ -198,7 +198,7 @@ old_compare:
17473 -static struct dentry_operations msdos_dentry_operations = {
17474 +static const struct dentry_operations msdos_dentry_operations = {
17475 d_hash: msdos_hash,
17476 d_compare: msdos_cmp,
17478 @@ -578,7 +578,7 @@ rename_done:
17481 /* The public inode operations for the msdos fs */
17482 -struct inode_operations msdos_dir_inode_operations = {
17483 +const struct inode_operations msdos_dir_inode_operations = {
17484 create: msdos_create,
17485 lookup: msdos_lookup,
17486 unlink: msdos_unlink,
17487 diff -urNp linux-2.4.37.7/fs/namei.c linux-2.4.37.7/fs/namei.c
17488 --- linux-2.4.37.7/fs/namei.c 2009-11-07 11:52:20.000000000 -0500
17489 +++ linux-2.4.37.7/fs/namei.c 2009-11-10 19:30:27.000000000 -0500
17491 #include <linux/dnotify.h>
17492 #include <linux/smp_lock.h>
17493 #include <linux/personality.h>
17494 +#include <linux/grsecurity.h>
17496 #include <asm/namei.h>
17497 #include <asm/uaccess.h>
17498 @@ -351,6 +352,13 @@ static inline int do_follow_link(struct
17499 current->state = TASK_RUNNING;
17503 + if (gr_handle_follow_link(dentry->d_parent->d_inode,
17504 + dentry->d_inode, dentry, nd->mnt)) {
17505 + path_release(nd);
17509 current->link_count++;
17510 current->total_link_count++;
17511 UPDATE_ATIME(dentry->d_inode);
17512 @@ -655,11 +663,18 @@ return_reval:
17516 + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) {
17517 + path_release(nd);
17525 + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt))
17531 @@ -1035,7 +1050,19 @@ int open_namei(const char * pathname, in
17532 error = path_lookup(pathname, lookup_flags(flag), nd);
17536 + if (gr_handle_rawio(nd->dentry->d_inode)) {
17541 + if (!gr_acl_handle_open(nd->dentry, nd->mnt, flag)) {
17546 dentry = nd->dentry;
17551 @@ -1068,8 +1095,22 @@ do_last:
17553 /* Negative dentry, just create the file */
17554 if (!dentry->d_inode) {
17555 + if (gr_handle_chroot_chmod(dentry, nd->mnt, mode)) {
17557 + up(&dir->d_inode->i_sem);
17560 + if (!gr_acl_handle_creat(dentry, nd->dentry, nd->mnt, flag, mode)) {
17562 + up(&dir->d_inode->i_sem);
17566 error = vfs_create(dir->d_inode, dentry,
17567 mode & ~current->fs->umask);
17569 + gr_handle_create(dentry, nd->mnt);
17571 up(&dir->d_inode->i_sem);
17573 nd->dentry = dentry;
17574 @@ -1084,6 +1125,27 @@ do_last:
17576 * It already exists.
17579 + if (gr_handle_rawio(dentry->d_inode)) {
17581 + up(&dir->d_inode->i_sem);
17585 + if (!gr_acl_handle_open(dentry, nd->mnt, flag)) {
17587 + up(&dir->d_inode->i_sem);
17591 + inode = dentry->d_inode;
17593 + if (gr_handle_fifo(dentry, nd->mnt, dir, flag, acc_mode)) {
17594 + up(&dir->d_inode->i_sem);
17599 up(&dir->d_inode->i_sem);
17602 @@ -1173,7 +1235,7 @@ ok:
17606 - error = do_truncate(dentry, 0);
17607 + error = do_truncate(dentry,0,nd->mnt);
17609 put_write_access(inode);
17611 @@ -1204,6 +1266,13 @@ do_link:
17612 * stored in nd->last.name and we will have to putname() it when we
17613 * are done. Procfs-like symlinks just set LAST_BIND.
17616 + if (gr_handle_follow_link(dentry->d_parent->d_inode, dentry->d_inode,
17617 + dentry, nd->mnt)) {
17622 UPDATE_ATIME(dentry->d_inode);
17623 mnt = mntget(nd->mnt);
17624 error = dentry->d_inode->i_op->follow_link(dentry, nd);
17625 @@ -1304,6 +1373,19 @@ asmlinkage long sys_mknod(const char * f
17627 mode &= ~current->fs->umask;
17628 if (!IS_ERR(dentry)) {
17629 + if (gr_handle_chroot_mknod(dentry, nd.mnt, mode) ||
17630 + gr_handle_chroot_chmod(dentry, nd.mnt, mode)) {
17636 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
17642 switch (mode & S_IFMT) {
17643 case 0: case S_IFREG:
17644 error = vfs_create(nd.dentry->d_inode,dentry,mode);
17645 @@ -1317,8 +1399,13 @@ asmlinkage long sys_mknod(const char * f
17651 + gr_handle_create(dentry, nd.mnt);
17656 up(&nd.dentry->d_inode->i_sem);
17659 @@ -1370,8 +1457,17 @@ asmlinkage long sys_mkdir(const char * p
17660 dentry = lookup_create(&nd, 1);
17661 error = PTR_ERR(dentry);
17662 if (!IS_ERR(dentry)) {
17663 - error = vfs_mkdir(nd.dentry->d_inode, dentry,
17666 + if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
17670 + error = vfs_mkdir(nd.dentry->d_inode, dentry,
17671 mode & ~current->fs->umask);
17673 + gr_handle_create(dentry, nd.mnt);
17677 up(&nd.dentry->d_inode->i_sem);
17678 @@ -1455,6 +1551,8 @@ asmlinkage long sys_rmdir(const char * p
17680 struct dentry *dentry;
17681 struct nameidata nd;
17682 + ino_t saved_ino = 0;
17683 + kdev_t saved_dev = 0;
17685 name = getname(pathname);
17687 @@ -1479,7 +1577,22 @@ asmlinkage long sys_rmdir(const char * p
17688 dentry = lookup_hash(&nd.last, nd.dentry);
17689 error = PTR_ERR(dentry);
17690 if (!IS_ERR(dentry)) {
17691 - error = vfs_rmdir(nd.dentry->d_inode, dentry);
17693 + if (dentry->d_inode) {
17694 + if (dentry->d_inode->i_nlink <= 1) {
17695 + saved_ino = dentry->d_inode->i_ino;
17696 + saved_dev = dentry->d_inode->i_dev;
17699 + if (!gr_acl_handle_rmdir(dentry, nd.mnt))
17704 + error = vfs_rmdir(nd.dentry->d_inode, dentry);
17705 + if (!error && (saved_dev || saved_ino))
17706 + gr_handle_delete(saved_ino,saved_dev);
17710 up(&nd.dentry->d_inode->i_sem);
17711 @@ -1530,6 +1643,8 @@ asmlinkage long sys_unlink(const char *
17713 struct dentry *dentry;
17714 struct nameidata nd;
17715 + ino_t saved_ino = 0;
17716 + kdev_t saved_dev = 0;
17718 name = getname(pathname);
17720 @@ -1548,7 +1663,21 @@ asmlinkage long sys_unlink(const char *
17721 /* Why not before? Because we want correct error value */
17722 if (nd.last.name[nd.last.len])
17724 - error = vfs_unlink(nd.dentry->d_inode, dentry);
17726 + if (dentry->d_inode) {
17727 + if (dentry->d_inode->i_nlink <= 1) {
17728 + saved_ino = dentry->d_inode->i_ino;
17729 + saved_dev = dentry->d_inode->i_dev;
17732 + if (!gr_acl_handle_unlink(dentry, nd.mnt))
17737 + error = vfs_unlink(nd.dentry->d_inode, dentry);
17738 + if (!error && (saved_ino || saved_dev))
17739 + gr_handle_delete(saved_ino,saved_dev);
17743 @@ -1612,7 +1741,15 @@ asmlinkage long sys_symlink(const char *
17744 dentry = lookup_create(&nd, 0);
17745 error = PTR_ERR(dentry);
17746 if (!IS_ERR(dentry)) {
17747 - error = vfs_symlink(nd.dentry->d_inode, dentry, from);
17750 + if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from))
17754 + error = vfs_symlink(nd.dentry->d_inode, dentry, from);
17756 + gr_handle_create(dentry, nd.mnt);
17759 up(&nd.dentry->d_inode->i_sem);
17760 @@ -1698,7 +1835,27 @@ asmlinkage long sys_link(const char * ol
17761 new_dentry = lookup_create(&nd, 0);
17762 error = PTR_ERR(new_dentry);
17763 if (!IS_ERR(new_dentry)) {
17764 - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
17767 + if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
17768 + old_nd.dentry->d_inode,
17769 + old_nd.dentry->d_inode->i_mode, to)) {
17774 + if (!gr_acl_handle_link(new_dentry, nd.dentry, nd.mnt,
17775 + old_nd.dentry, old_nd.mnt, to)) {
17780 + error = vfs_link(old_nd.dentry,
17781 + nd.dentry->d_inode, new_dentry);
17784 + gr_handle_create(new_dentry, nd.mnt);
17788 up(&nd.dentry->d_inode->i_sem);
17789 @@ -1929,10 +2086,15 @@ static inline int do_rename(const char *
17790 if (IS_ERR(new_dentry))
17794 - error = vfs_rename(old_dir->d_inode, old_dentry,
17795 + error = gr_acl_handle_rename(new_dentry, newnd.dentry, newnd.mnt,
17796 + old_dentry, old_dir->d_inode, oldnd.mnt, newname);
17798 + if (error == 1) {
17800 + error = vfs_rename(old_dir->d_inode, old_dentry,
17801 new_dir->d_inode, new_dentry);
17808 @@ -2071,7 +2233,7 @@ int page_follow_link(struct dentry *dent
17812 -struct inode_operations page_symlink_inode_operations = {
17813 +const struct inode_operations page_symlink_inode_operations = {
17814 readlink: page_readlink,
17815 follow_link: page_follow_link,
17817 diff -urNp linux-2.4.37.7/fs/namespace.c linux-2.4.37.7/fs/namespace.c
17818 --- linux-2.4.37.7/fs/namespace.c 2009-11-07 11:52:20.000000000 -0500
17819 +++ linux-2.4.37.7/fs/namespace.c 2009-11-10 19:30:27.000000000 -0500
17821 #include <linux/quotaops.h>
17822 #include <linux/acct.h>
17823 #include <linux/module.h>
17824 +#include <linux/grsecurity.h>
17826 #include <asm/uaccess.h>
17828 @@ -241,7 +242,7 @@ static int show_vfsmnt(struct seq_file *
17832 -struct seq_operations mounts_op = {
17833 +const struct seq_operations mounts_op = {
17837 @@ -325,6 +326,8 @@ static int do_umount(struct vfsmount *mn
17839 retval = do_remount_sb(sb, MS_RDONLY, 0);
17842 + gr_log_remount(mnt->mnt_devname, retval);
17844 up_write(&sb->s_umount);
17846 @@ -350,6 +353,9 @@ static int do_umount(struct vfsmount *mn
17848 spin_unlock(&dcache_lock);
17849 up_write(¤t->namespace->sem);
17851 + gr_log_unmount(mnt->mnt_devname, retval);
17856 @@ -732,6 +738,12 @@ long do_mount(char * dev_name, char * di
17860 + if (gr_handle_chroot_mount(nd.dentry, nd.mnt, dev_name)) {
17862 + path_release(&nd);
17866 if (flags & MS_REMOUNT)
17867 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
17869 @@ -743,6 +755,9 @@ long do_mount(char * dev_name, char * di
17870 retval = do_add_mount(&nd, type_page, flags, mnt_flags,
17871 dev_name, data_page);
17874 + gr_log_mount(dev_name, dir_name, retval);
17879 @@ -912,6 +927,9 @@ asmlinkage long sys_pivot_root(const cha
17880 if (!capable(CAP_SYS_ADMIN))
17883 + if (gr_handle_chroot_pivot())
17888 error = __user_walk(new_root, LOOKUP_POSITIVE|LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd);
17889 diff -urNp linux-2.4.37.7/fs/ncpfs/dir.c linux-2.4.37.7/fs/ncpfs/dir.c
17890 --- linux-2.4.37.7/fs/ncpfs/dir.c 2009-11-07 11:52:20.000000000 -0500
17891 +++ linux-2.4.37.7/fs/ncpfs/dir.c 2009-11-10 19:30:27.000000000 -0500
17892 @@ -45,15 +45,13 @@ static int ncp_rename(struct inode *, st
17893 extern int ncp_symlink(struct inode *, struct dentry *, const char *);
17896 -struct file_operations ncp_dir_operations =
17898 +const struct file_operations ncp_dir_operations = {
17899 read: generic_read_dir,
17900 readdir: ncp_readdir,
17904 -struct inode_operations ncp_dir_inode_operations =
17906 +const struct inode_operations ncp_dir_inode_operations = {
17907 create: ncp_create,
17908 lookup: ncp_lookup,
17909 unlink: ncp_unlink,
17910 @@ -74,16 +72,14 @@ static int ncp_hash_dentry(struct dentry
17911 static int ncp_compare_dentry (struct dentry *, struct qstr *, struct qstr *);
17912 static int ncp_delete_dentry(struct dentry *);
17914 -static struct dentry_operations ncp_dentry_operations =
17916 +static const struct dentry_operations ncp_dentry_operations = {
17917 d_revalidate: ncp_lookup_validate,
17918 d_hash: ncp_hash_dentry,
17919 d_compare: ncp_compare_dentry,
17920 d_delete: ncp_delete_dentry,
17923 -struct dentry_operations ncp_root_dentry_operations =
17925 +const struct dentry_operations ncp_root_dentry_operations = {
17926 d_hash: ncp_hash_dentry,
17927 d_compare: ncp_compare_dentry,
17928 d_delete: ncp_delete_dentry,
17929 diff -urNp linux-2.4.37.7/fs/ncpfs/file.c linux-2.4.37.7/fs/ncpfs/file.c
17930 --- linux-2.4.37.7/fs/ncpfs/file.c 2009-11-07 11:52:20.000000000 -0500
17931 +++ linux-2.4.37.7/fs/ncpfs/file.c 2009-11-10 19:30:27.000000000 -0500
17932 @@ -279,8 +279,7 @@ static int ncp_release(struct inode *ino
17936 -struct file_operations ncp_file_operations =
17938 +const struct file_operations ncp_file_operations = {
17939 llseek: generic_file_llseek,
17940 read: ncp_file_read,
17941 write: ncp_file_write,
17942 @@ -290,7 +289,6 @@ struct file_operations ncp_file_operatio
17946 -struct inode_operations ncp_file_inode_operations =
17948 +const struct inode_operations ncp_file_inode_operations = {
17949 setattr: ncp_notify_change,
17951 diff -urNp linux-2.4.37.7/fs/ncpfs/inode.c linux-2.4.37.7/fs/ncpfs/inode.c
17952 --- linux-2.4.37.7/fs/ncpfs/inode.c 2009-11-07 11:52:20.000000000 -0500
17953 +++ linux-2.4.37.7/fs/ncpfs/inode.c 2009-11-10 19:30:27.000000000 -0500
17954 @@ -36,17 +36,16 @@ static void ncp_delete_inode(struct inod
17955 static void ncp_put_super(struct super_block *);
17956 static int ncp_statfs(struct super_block *, struct statfs *);
17958 -static struct super_operations ncp_sops =
17960 +static const struct super_operations ncp_sops = {
17961 put_inode: force_delete,
17962 delete_inode: ncp_delete_inode,
17963 put_super: ncp_put_super,
17964 statfs: ncp_statfs,
17967 -extern struct dentry_operations ncp_root_dentry_operations;
17968 +extern const struct dentry_operations ncp_root_dentry_operations;
17969 #ifdef CONFIG_NCPFS_EXTRAS
17970 -extern struct address_space_operations ncp_symlink_aops;
17971 +extern const struct address_space_operations ncp_symlink_aops;
17972 extern int ncp_symlink(struct inode*, struct dentry*, const char*);
17975 @@ -195,7 +194,7 @@ static void ncp_set_attr(struct inode *i
17976 ncp_update_inode(inode, nwinfo);
17979 -static struct inode_operations ncp_symlink_inode_operations = {
17980 +static const struct inode_operations ncp_symlink_inode_operations = {
17981 readlink: page_readlink,
17982 follow_link: page_follow_link,
17983 setattr: ncp_notify_change,
17984 diff -urNp linux-2.4.37.7/fs/ncpfs/mmap.c linux-2.4.37.7/fs/ncpfs/mmap.c
17985 --- linux-2.4.37.7/fs/ncpfs/mmap.c 2009-11-07 11:52:20.000000000 -0500
17986 +++ linux-2.4.37.7/fs/ncpfs/mmap.c 2009-11-10 19:30:27.000000000 -0500
17987 @@ -85,8 +85,7 @@ static struct page* ncp_file_mmap_nopage
17991 -static struct vm_operations_struct ncp_file_mmap =
17993 +static const struct vm_operations_struct ncp_file_mmap = {
17994 nopage: ncp_file_mmap_nopage,
17997 diff -urNp linux-2.4.37.7/fs/ncpfs/symlink.c linux-2.4.37.7/fs/ncpfs/symlink.c
17998 --- linux-2.4.37.7/fs/ncpfs/symlink.c 2009-11-07 11:52:20.000000000 -0500
17999 +++ linux-2.4.37.7/fs/ncpfs/symlink.c 2009-11-10 19:30:27.000000000 -0500
18000 @@ -97,7 +97,7 @@ fail:
18002 * symlinks can't do much...
18004 -struct address_space_operations ncp_symlink_aops = {
18005 +const struct address_space_operations ncp_symlink_aops = {
18006 readpage: ncp_symlink_readpage,
18009 diff -urNp linux-2.4.37.7/fs/nfs/dir.c linux-2.4.37.7/fs/nfs/dir.c
18010 --- linux-2.4.37.7/fs/nfs/dir.c 2009-11-07 11:52:20.000000000 -0500
18011 +++ linux-2.4.37.7/fs/nfs/dir.c 2009-11-10 19:30:27.000000000 -0500
18012 @@ -47,7 +47,7 @@ static int nfs_rename(struct inode *, st
18013 struct inode *, struct dentry *);
18014 static int nfs_fsync_dir(struct file *, struct dentry *, int);
18016 -struct file_operations nfs_dir_operations = {
18017 +const struct file_operations nfs_dir_operations = {
18018 read: generic_read_dir,
18019 readdir: nfs_readdir,
18021 @@ -55,7 +55,7 @@ struct file_operations nfs_dir_operation
18022 fsync: nfs_fsync_dir
18025 -struct inode_operations nfs_dir_inode_operations = {
18026 +const struct inode_operations nfs_dir_inode_operations = {
18027 create: nfs_create,
18028 lookup: nfs_lookup,
18030 @@ -570,7 +570,7 @@ static void nfs_dentry_iput(struct dentr
18034 -struct dentry_operations nfs_dentry_operations = {
18035 +const struct dentry_operations nfs_dentry_operations = {
18036 d_revalidate: nfs_lookup_revalidate,
18037 d_delete: nfs_dentry_delete,
18038 d_iput: nfs_dentry_iput,
18039 diff -urNp linux-2.4.37.7/fs/nfs/file.c linux-2.4.37.7/fs/nfs/file.c
18040 --- linux-2.4.37.7/fs/nfs/file.c 2009-11-07 11:52:20.000000000 -0500
18041 +++ linux-2.4.37.7/fs/nfs/file.c 2009-11-10 19:30:27.000000000 -0500
18042 @@ -41,7 +41,7 @@ static ssize_t nfs_file_write(struct fil
18043 static int nfs_file_flush(struct file *);
18044 static int nfs_fsync(struct file *, struct dentry *dentry, int datasync);
18046 -struct file_operations nfs_file_operations = {
18047 +const struct file_operations nfs_file_operations = {
18048 llseek: generic_file_llseek,
18049 read: nfs_file_read,
18050 write: nfs_file_write,
18051 @@ -53,7 +53,7 @@ struct file_operations nfs_file_operatio
18055 -struct inode_operations nfs_file_inode_operations = {
18056 +const struct inode_operations nfs_file_inode_operations = {
18057 permission: nfs_permission,
18058 revalidate: nfs_revalidate,
18059 setattr: nfs_notify_change,
18060 @@ -196,7 +196,7 @@ static int nfs_sync_page(struct page *pa
18064 -struct address_space_operations nfs_file_aops = {
18065 +const struct address_space_operations nfs_file_aops = {
18066 readpage: nfs_readpage,
18067 sync_page: nfs_sync_page,
18068 writepage: nfs_writepage,
18069 diff -urNp linux-2.4.37.7/fs/nfs/inode.c linux-2.4.37.7/fs/nfs/inode.c
18070 --- linux-2.4.37.7/fs/nfs/inode.c 2009-11-07 11:52:20.000000000 -0500
18071 +++ linux-2.4.37.7/fs/nfs/inode.c 2009-11-10 19:30:27.000000000 -0500
18072 @@ -54,7 +54,7 @@ static void nfs_umount_begin(struct supe
18073 static int nfs_statfs(struct super_block *, struct statfs *);
18074 static int nfs_show_options(struct seq_file *, struct vfsmount *);
18076 -static struct super_operations nfs_sops = {
18077 +static const struct super_operations nfs_sops = {
18078 read_inode: nfs_read_inode,
18079 write_inode: nfs_write_inode,
18080 delete_inode: nfs_delete_inode,
18081 diff -urNp linux-2.4.37.7/fs/nfs/symlink.c linux-2.4.37.7/fs/nfs/symlink.c
18082 --- linux-2.4.37.7/fs/nfs/symlink.c 2009-11-07 11:52:20.000000000 -0500
18083 +++ linux-2.4.37.7/fs/nfs/symlink.c 2009-11-10 19:30:27.000000000 -0500
18084 @@ -100,7 +100,7 @@ static int nfs_follow_link(struct dentry
18086 * symlinks can't do much...
18088 -struct inode_operations nfs_symlink_inode_operations = {
18089 +const struct inode_operations nfs_symlink_inode_operations = {
18090 readlink: nfs_readlink,
18091 follow_link: nfs_follow_link,
18092 revalidate: nfs_revalidate,
18093 diff -urNp linux-2.4.37.7/fs/nfsd/export.c linux-2.4.37.7/fs/nfsd/export.c
18094 --- linux-2.4.37.7/fs/nfsd/export.c 2009-11-07 11:52:20.000000000 -0500
18095 +++ linux-2.4.37.7/fs/nfsd/export.c 2009-11-10 19:30:27.000000000 -0500
18096 @@ -715,7 +715,7 @@ static int e_show(struct seq_file *m, vo
18100 -struct seq_operations nfs_exports_op = {
18101 +const struct seq_operations nfs_exports_op = {
18105 diff -urNp linux-2.4.37.7/fs/nfsd/nfsctl.c linux-2.4.37.7/fs/nfsd/nfsctl.c
18106 --- linux-2.4.37.7/fs/nfsd/nfsctl.c 2009-11-07 11:52:20.000000000 -0500
18107 +++ linux-2.4.37.7/fs/nfsd/nfsctl.c 2009-11-10 19:30:27.000000000 -0500
18108 @@ -46,12 +46,12 @@ static int nfsctl_getfs(struct nfsctl_fs
18109 static int nfsctl_ugidupdate(struct nfsctl_ugidmap *data);
18112 -extern struct seq_operations nfs_exports_op;
18113 +extern const struct seq_operations nfs_exports_op;
18114 static int exports_open(struct inode *inode, struct file *file)
18116 return seq_open(file, &nfs_exports_op);
18118 -static struct file_operations exports_operations = {
18119 +static const struct file_operations exports_operations = {
18120 open: exports_open,
18123 diff -urNp linux-2.4.37.7/fs/nfsd/vfs.c linux-2.4.37.7/fs/nfsd/vfs.c
18124 --- linux-2.4.37.7/fs/nfsd/vfs.c 2009-11-07 11:52:20.000000000 -0500
18125 +++ linux-2.4.37.7/fs/nfsd/vfs.c 2009-11-10 19:30:27.000000000 -0500
18126 @@ -526,7 +526,7 @@ nfsd_close(struct file *filp)
18129 inline void nfsd_dosync(struct file *filp, struct dentry *dp,
18130 - struct file_operations *fop)
18131 + const struct file_operations *fop)
18133 struct inode *inode = dp->d_inode;
18134 int (*fsync) (struct file *, struct dentry *, int);
18135 diff -urNp linux-2.4.37.7/fs/ntfs/fs.c linux-2.4.37.7/fs/ntfs/fs.c
18136 --- linux-2.4.37.7/fs/ntfs/fs.c 2009-11-07 11:52:20.000000000 -0500
18137 +++ linux-2.4.37.7/fs/ntfs/fs.c 2009-11-10 19:30:27.000000000 -0500
18139 #include <linux/ntfs_fs.h>
18141 /* Forward declarations. */
18142 -static struct inode_operations ntfs_dir_inode_operations;
18143 -static struct file_operations ntfs_dir_operations;
18144 +static const struct inode_operations ntfs_dir_inode_operations;
18145 +static const struct file_operations ntfs_dir_operations;
18147 #define ITEM_SIZE 2040
18149 @@ -557,7 +557,7 @@ err_ret:
18150 return ERR_PTR(err);
18153 -static struct file_operations ntfs_file_operations = {
18154 +static const struct file_operations ntfs_file_operations = {
18155 llseek: generic_file_llseek,
18157 #ifdef CONFIG_NTFS_RW
18158 @@ -566,7 +566,7 @@ static struct file_operations ntfs_file_
18159 open: generic_file_open,
18162 -static struct inode_operations ntfs_inode_operations;
18163 +static const struct inode_operations ntfs_inode_operations;
18165 #ifdef CONFIG_NTFS_RW
18166 static int ntfs_create(struct inode* dir, struct dentry *d, int mode)
18167 @@ -680,12 +680,12 @@ static int _linux_ntfs_mkdir(struct inod
18171 -static struct file_operations ntfs_dir_operations = {
18172 +static const struct file_operations ntfs_dir_operations = {
18173 read: generic_read_dir,
18174 readdir: ntfs_readdir,
18177 -static struct inode_operations ntfs_dir_inode_operations = {
18178 +static const struct inode_operations ntfs_dir_inode_operations = {
18179 lookup: ntfs_lookup,
18180 #ifdef CONFIG_NTFS_RW
18181 create: ntfs_create,
18182 @@ -915,7 +915,7 @@ static int ntfs_remount_fs(struct super_
18185 /* Define the super block operation that are implemented */
18186 -static struct super_operations ntfs_super_operations = {
18187 +static const struct super_operations ntfs_super_operations = {
18188 read_inode: ntfs_read_inode,
18189 #ifdef CONFIG_NTFS_RW
18190 write_inode: ntfs_write_inode,
18191 diff -urNp linux-2.4.37.7/fs/open.c linux-2.4.37.7/fs/open.c
18192 --- linux-2.4.37.7/fs/open.c 2009-11-07 11:52:20.000000000 -0500
18193 +++ linux-2.4.37.7/fs/open.c 2009-11-10 19:30:27.000000000 -0500
18195 #include <linux/slab.h>
18196 #include <linux/tty.h>
18197 #include <linux/iobuf.h>
18198 +#include <linux/grsecurity.h>
18200 #include <asm/uaccess.h>
18202 @@ -95,7 +96,7 @@ void fd_install(unsigned int fd, struct
18203 write_unlock(&files->file_lock);
18206 -int do_truncate(struct dentry *dentry, loff_t length)
18207 +int do_truncate(struct dentry *dentry, loff_t length, struct vfsmount *mnt)
18209 struct inode *inode = dentry->d_inode;
18211 @@ -105,6 +106,9 @@ int do_truncate(struct dentry *dentry, l
18215 + if (!gr_acl_handle_truncate(dentry, mnt))
18218 down_write(&inode->i_alloc_sem);
18219 down(&inode->i_sem);
18220 newattrs.ia_size = length;
18221 @@ -167,7 +171,7 @@ static inline long do_sys_truncate(const
18222 error = locks_verify_truncate(inode, NULL, length);
18225 - error = do_truncate(nd.dentry, length);
18226 + error = do_truncate(nd.dentry, length, nd.mnt);
18228 put_write_access(inode);
18230 @@ -219,7 +223,7 @@ static inline long do_sys_ftruncate(unsi
18232 error = locks_verify_truncate(inode, file, length);
18234 - error = do_truncate(dentry, length);
18235 + error = do_truncate(dentry, length, file->f_vfsmnt);
18239 @@ -294,6 +298,12 @@ asmlinkage long sys_utime(char * filenam
18240 (error = permission(inode,MAY_WRITE)) != 0)
18244 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
18246 + goto dput_and_out;
18249 error = notify_change(nd.dentry, &newattrs);
18252 @@ -346,6 +356,12 @@ asmlinkage long sys_utimes(char * filena
18253 (error = permission(inode,MAY_WRITE)) != 0)
18257 + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) {
18259 + goto dput_and_out;
18262 error = notify_change(nd.dentry, &newattrs);
18265 @@ -388,6 +404,10 @@ asmlinkage long sys_access(const char *
18266 if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
18267 && !special_file(nd.dentry->d_inode->i_mode))
18270 + if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode))
18276 @@ -411,6 +431,8 @@ asmlinkage long sys_chdir(const char * f
18280 + gr_log_chdir(nd.dentry, nd.mnt);
18282 set_fs_pwd(current->fs, nd.mnt, nd.dentry);
18285 @@ -441,6 +463,13 @@ asmlinkage long sys_fchdir(unsigned int
18288 error = permission(inode, MAY_EXEC);
18290 + if (!error && !gr_chroot_fchdir(dentry, mnt))
18294 + gr_log_chdir(dentry, mnt);
18297 set_fs_pwd(current->fs, mnt, dentry);
18299 @@ -467,8 +496,16 @@ asmlinkage long sys_chroot(const char *
18300 if (!capable(CAP_SYS_CHROOT))
18303 + if (gr_handle_chroot_chroot(nd.dentry, nd.mnt))
18304 + goto dput_and_out;
18306 set_fs_root(current->fs, nd.mnt, nd.dentry);
18309 + gr_handle_chroot_caps(current);
18311 + gr_handle_chroot_chdir(nd.dentry, nd.mnt);
18316 @@ -497,8 +534,20 @@ asmlinkage long sys_fchmod(unsigned int
18318 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
18321 + if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) {
18326 if (mode == (mode_t) -1)
18327 mode = inode->i_mode;
18329 + if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) {
18334 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
18335 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
18336 err = notify_change(dentry, &newattrs);
18337 @@ -529,8 +578,19 @@ asmlinkage long sys_chmod(const char * f
18338 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
18341 + if (!gr_acl_handle_chmod(nd.dentry, nd.mnt, mode)) {
18343 + goto dput_and_out;
18346 if (mode == (mode_t) -1)
18347 mode = inode->i_mode;
18349 + if (gr_handle_chroot_chmod(nd.dentry, nd.mnt, mode)) {
18351 + goto dput_and_out;
18354 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
18355 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
18356 error = notify_change(nd.dentry, &newattrs);
18357 @@ -541,7 +601,7 @@ out:
18361 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
18362 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
18364 struct inode * inode;
18366 @@ -558,6 +618,12 @@ static int chown_common(struct dentry *
18368 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
18371 + if (!gr_acl_handle_chown(dentry, mnt)) {
18376 if (user == (uid_t) -1)
18377 user = inode->i_uid;
18378 if (group == (gid_t) -1)
18379 @@ -608,7 +674,7 @@ asmlinkage long sys_chown(const char * f
18381 error = user_path_walk(filename, &nd);
18383 - error = chown_common(nd.dentry, user, group);
18384 + error = chown_common(nd.dentry, user, group, nd.mnt);
18388 @@ -621,7 +687,7 @@ asmlinkage long sys_lchown(const char *
18390 error = user_path_walk_link(filename, &nd);
18392 - error = chown_common(nd.dentry, user, group);
18393 + error = chown_common(nd.dentry, user, group, nd.mnt);
18397 @@ -635,7 +701,8 @@ asmlinkage long sys_fchown(unsigned int
18401 - error = chown_common(file->f_dentry, user, group);
18402 + error = chown_common(file->f_dentry, user,
18403 + group, file->f_vfsmnt);
18407 @@ -755,6 +822,7 @@ repeat:
18408 * N.B. For clone tasks sharing a files structure, this test
18409 * will limit the total number of files that can be opened.
18411 + gr_learn_resource(current, RLIMIT_NOFILE, fd, 0);
18412 if (fd >= current->rlim[RLIMIT_NOFILE].rlim_cur)
18415 diff -urNp linux-2.4.37.7/fs/openpromfs/inode.c linux-2.4.37.7/fs/openpromfs/inode.c
18416 --- linux-2.4.37.7/fs/openpromfs/inode.c 2009-11-07 11:52:20.000000000 -0500
18417 +++ linux-2.4.37.7/fs/openpromfs/inode.c 2009-11-10 19:30:27.000000000 -0500
18418 @@ -594,28 +594,28 @@ int property_release (struct inode *inod
18422 -static struct file_operations openpromfs_prop_ops = {
18423 +static const struct file_operations openpromfs_prop_ops = {
18424 read: property_read,
18425 write: property_write,
18426 release: property_release,
18429 -static struct file_operations openpromfs_nodenum_ops = {
18430 +static const struct file_operations openpromfs_nodenum_ops = {
18431 read: nodenum_read,
18434 -static struct file_operations openprom_operations = {
18435 +static const struct file_operations openprom_operations = {
18436 read: generic_read_dir,
18437 readdir: openpromfs_readdir,
18440 -static struct inode_operations openprom_alias_inode_operations = {
18441 +static const struct inode_operations openprom_alias_inode_operations = {
18442 create: openpromfs_create,
18443 lookup: openpromfs_lookup,
18444 unlink: openpromfs_unlink,
18447 -static struct inode_operations openprom_inode_operations = {
18448 +static const struct inode_operations openprom_inode_operations = {
18449 lookup: openpromfs_lookup,
18452 @@ -1032,7 +1032,7 @@ static int openprom_statfs(struct super_
18456 -static struct super_operations openprom_sops = {
18457 +static const struct super_operations openprom_sops = {
18458 read_inode: openprom_read_inode,
18459 statfs: openprom_statfs,
18461 diff -urNp linux-2.4.37.7/fs/pipe.c linux-2.4.37.7/fs/pipe.c
18462 --- linux-2.4.37.7/fs/pipe.c 2009-11-07 11:52:20.000000000 -0500
18463 +++ linux-2.4.37.7/fs/pipe.c 2009-11-10 19:30:27.000000000 -0500
18464 @@ -388,7 +388,7 @@ pipe_rdwr_open(struct inode *inode, stru
18465 * The file_operations structs are not static because they
18466 * are also used in linux/fs/fifo.c to do operations on FIFOs.
18468 -struct file_operations read_fifo_fops = {
18469 +const struct file_operations read_fifo_fops = {
18473 @@ -398,7 +398,7 @@ struct file_operations read_fifo_fops =
18474 release: pipe_read_release,
18477 -struct file_operations write_fifo_fops = {
18478 +const struct file_operations write_fifo_fops = {
18482 @@ -408,7 +408,7 @@ struct file_operations write_fifo_fops =
18483 release: pipe_write_release,
18486 -struct file_operations rdwr_fifo_fops = {
18487 +const struct file_operations rdwr_fifo_fops = {
18491 @@ -418,7 +418,7 @@ struct file_operations rdwr_fifo_fops =
18492 release: pipe_rdwr_release,
18495 -struct file_operations read_pipe_fops = {
18496 +const struct file_operations read_pipe_fops = {
18500 @@ -428,7 +428,7 @@ struct file_operations read_pipe_fops =
18501 release: pipe_read_release,
18504 -struct file_operations write_pipe_fops = {
18505 +const struct file_operations write_pipe_fops = {
18509 @@ -438,7 +438,7 @@ struct file_operations write_pipe_fops =
18510 release: pipe_write_release,
18513 -struct file_operations rdwr_pipe_fops = {
18514 +const struct file_operations rdwr_pipe_fops = {
18518 @@ -473,12 +473,12 @@ fail_page:
18522 -static struct vfsmount *pipe_mnt;
18523 +struct vfsmount *pipe_mnt;
18524 static int pipefs_delete_dentry(struct dentry *dentry)
18528 -static struct dentry_operations pipefs_dentry_operations = {
18529 +static const struct dentry_operations pipefs_dentry_operations = {
18530 d_delete: pipefs_delete_dentry,
18533 @@ -610,7 +610,7 @@ static int pipefs_statfs(struct super_bl
18537 -static struct super_operations pipefs_ops = {
18538 +static const struct super_operations pipefs_ops = {
18539 statfs: pipefs_statfs,
18542 diff -urNp linux-2.4.37.7/fs/proc/array.c linux-2.4.37.7/fs/proc/array.c
18543 --- linux-2.4.37.7/fs/proc/array.c 2009-11-07 11:52:20.000000000 -0500
18544 +++ linux-2.4.37.7/fs/proc/array.c 2009-11-10 19:30:27.000000000 -0500
18545 @@ -276,6 +276,20 @@ static inline char *task_cap(struct task
18546 cap_t(p->cap_effective));
18549 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
18550 +static inline char *task_pax(struct task_struct *p, char *buffer)
18553 + return buffer + sprintf(buffer, "PaX:\t%c%c%c%c%c\n",
18554 + p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
18555 + p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
18556 + p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
18557 + p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
18558 + p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
18560 + return buffer + sprintf(buffer, "PaX:\t------\n");
18564 int proc_pid_status(struct task_struct *task, char * buffer)
18566 @@ -298,9 +312,20 @@ int proc_pid_status(struct task_struct *
18567 #if defined(CONFIG_ARCH_S390)
18568 buffer = task_show_regs(task, buffer);
18571 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
18572 + buffer = task_pax(task, buffer);
18575 return buffer - orig;
18578 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
18579 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
18580 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
18581 + _mm->pax_flags & MF_PAX_SEGMEXEC))
18584 int proc_pid_stat(struct task_struct *task, char * buffer)
18586 unsigned long vsize, eip, esp, wchan = ~0UL;
18587 @@ -349,6 +374,19 @@ int proc_pid_stat(struct task_struct *ta
18589 wchan = get_wchan(task);
18591 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
18592 + if (PAX_RAND_FLAGS(mm)) {
18598 +#ifdef CONFIG_GRKERNSEC_HIDESYM
18604 collect_sigign_sigcatch(task, &sigign, &sigcatch);
18606 /* scale priority and nice values from timeslices to -20..20 */
18607 @@ -388,9 +426,15 @@ int proc_pid_stat(struct task_struct *ta
18609 mm ? mm->rss : 0, /* you might want to shift this left 3 */
18610 task->rlim[RLIMIT_RSS].rlim_cur,
18611 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
18612 + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0),
18613 + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0),
18614 + PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? mm->start_stack : 0),
18616 mm ? mm->start_code : 0,
18617 mm ? mm->end_code : 0,
18618 (permitted && mm) ? mm->start_stack : 0,
18622 /* The signal information here is obsolete.
18623 @@ -542,13 +586,22 @@ static int show_map(struct seq_file *m,
18626 seq_printf(m, "%08lx-%08lx %c%c%c%c %08lx %02x:%02x %lu %n",
18627 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
18628 + PAX_RAND_FLAGS(map->vm_mm) ? 0UL : map->vm_start,
18629 + PAX_RAND_FLAGS(map->vm_mm) ? 0UL : map->vm_end,
18634 flags & VM_READ ? 'r' : '-',
18635 flags & VM_WRITE ? 'w' : '-',
18636 flags & VM_EXEC ? 'x' : '-',
18637 flags & VM_MAYSHARE ? 's' : 'p',
18638 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
18639 + PAX_RAND_FLAGS(map->vm_mm) ? 0UL : map->vm_pgoff << PAGE_SHIFT,
18641 map->vm_pgoff << PAGE_SHIFT,
18643 MAJOR(dev), MINOR(dev), ino, &len);
18645 if (map->vm_file) {
18646 @@ -615,13 +668,23 @@ static void *m_next(struct seq_file *m,
18650 -struct seq_operations proc_pid_maps_op = {
18651 +const struct seq_operations proc_pid_maps_op = {
18658 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
18659 +int proc_pid_ipaddr(struct task_struct *task, char * buffer)
18663 + len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->curr_ip));
18669 int proc_pid_cpu(struct task_struct *task, char * buffer)
18671 diff -urNp linux-2.4.37.7/fs/proc/base.c linux-2.4.37.7/fs/proc/base.c
18672 --- linux-2.4.37.7/fs/proc/base.c 2009-11-07 11:52:20.000000000 -0500
18673 +++ linux-2.4.37.7/fs/proc/base.c 2009-11-10 19:30:27.000000000 -0500
18675 #include <linux/string.h>
18676 #include <linux/seq_file.h>
18677 #include <linux/namespace.h>
18678 +#include <linux/grsecurity.h>
18681 * For hysterical raisins we keep the same inumbers as in the old procfs.
18682 @@ -40,6 +41,9 @@ int proc_pid_stat(struct task_struct*,ch
18683 int proc_pid_status(struct task_struct*,char*);
18684 int proc_pid_statm(struct task_struct*,char*);
18685 int proc_pid_cpu(struct task_struct*,char*);
18686 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
18687 +int proc_pid_ipaddr(struct task_struct*,char*);
18690 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
18692 @@ -126,7 +130,8 @@ static int proc_root_link(struct inode *
18693 #define MAY_PTRACE(task) \
18694 (task == current || \
18695 (task->p_pptr == current && \
18696 - (task->ptrace & PT_PTRACED) && task->state == TASK_STOPPED))
18697 + (task->ptrace & PT_PTRACED) && task->state == TASK_STOPPED && \
18698 + !gr_handle_proc_ptrace(task)))
18700 static int may_ptrace_attach(struct task_struct *task)
18702 @@ -145,6 +150,8 @@ static int may_ptrace_attach(struct task
18704 if (!is_dumpable(task) && !capable(CAP_SYS_PTRACE))
18706 + if (gr_handle_proc_ptrace(task))
18711 @@ -158,6 +165,9 @@ static int proc_pid_environ(struct task_
18712 struct mm_struct *mm;
18715 + if (gr_acl_handle_procpidmem(task))
18718 if (!may_ptrace_attach(task))
18721 @@ -185,6 +195,10 @@ static int proc_pid_cmdline(struct task_
18726 + if (gr_acl_handle_procpidmem(task))
18731 atomic_inc(&mm->mm_users);
18732 @@ -267,12 +281,25 @@ out:
18734 static int proc_permission(struct inode *inode, int mask)
18737 + struct task_struct *task;
18739 if (vfs_permission(inode, mask) != 0)
18741 - return proc_check_root(inode);
18742 + ret = proc_check_root(inode);
18747 + task = inode->u.proc_i.task;
18752 + return gr_acl_handle_procpidmem(task);
18755 -extern struct seq_operations proc_pid_maps_op;
18756 +extern const struct seq_operations proc_pid_maps_op;
18757 static int maps_open(struct inode *inode, struct file *file)
18759 struct task_struct *task = inode->u.proc_i.task;
18760 @@ -284,14 +311,14 @@ static int maps_open(struct inode *inode
18764 -static struct file_operations proc_maps_operations = {
18765 +static const struct file_operations proc_maps_operations = {
18768 .llseek = seq_lseek,
18769 .release = seq_release,
18772 -extern struct seq_operations mounts_op;
18773 +extern const struct seq_operations mounts_op;
18774 static int mounts_open(struct inode *inode, struct file *file)
18776 struct task_struct *task = inode->u.proc_i.task;
18777 @@ -324,7 +351,7 @@ static int mounts_release(struct inode *
18778 return seq_release(inode, file);
18781 -static struct file_operations proc_mounts_operations = {
18782 +static const struct file_operations proc_mounts_operations = {
18786 @@ -368,7 +395,7 @@ static ssize_t proc_info_read(struct fil
18790 -static struct file_operations proc_info_file_operations = {
18791 +static const struct file_operations proc_info_file_operations = {
18792 read: proc_info_read,
18795 @@ -497,14 +524,14 @@ static loff_t mem_lseek(struct file * fi
18796 return file->f_pos;
18799 -static struct file_operations proc_mem_operations = {
18800 +static const struct file_operations proc_mem_operations = {
18807 -static struct inode_operations proc_mem_inode_operations = {
18808 +static const struct inode_operations proc_mem_inode_operations = {
18809 permission: proc_permission,
18812 @@ -577,7 +604,7 @@ out:
18816 -static struct inode_operations proc_pid_link_inode_operations = {
18817 +static const struct inode_operations proc_pid_link_inode_operations = {
18818 readlink: proc_pid_readlink,
18819 follow_link: proc_pid_follow_link
18821 @@ -603,6 +630,9 @@ enum pid_directory_inos {
18825 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
18829 PROC_PID_FD_DIR = 0x8000, /* 0x8000-0xffff */
18831 @@ -618,6 +648,9 @@ static struct pid_entry base_stuff[] = {
18833 E(PROC_PID_CPU, "cpu", S_IFREG|S_IRUGO),
18835 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
18836 + E(PROC_PID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
18838 E(PROC_PID_MAPS, "maps", S_IFREG|S_IRUGO),
18839 E(PROC_PID_MEM, "mem", S_IFREG|S_IRUSR|S_IWUSR),
18840 E(PROC_PID_CWD, "cwd", S_IFLNK|S_IRWXUGO),
18841 @@ -771,10 +804,17 @@ static struct inode *proc_pid_make_inode
18842 get_task_struct(task);
18843 inode->u.proc_i.task = task;
18845 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
18846 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
18851 if (ino == PROC_PID_INO || task_dumpable(task)) {
18852 inode->i_uid = task->euid;
18853 +#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP
18854 inode->i_gid = task->egid;
18859 @@ -811,19 +851,16 @@ static int pid_delete_dentry(struct dent
18863 -static struct dentry_operations pid_fd_dentry_operations =
18865 +static const struct dentry_operations pid_fd_dentry_operations = {
18866 d_revalidate: pid_fd_revalidate,
18867 d_delete: pid_delete_dentry,
18870 -static struct dentry_operations pid_dentry_operations =
18872 +static const struct dentry_operations pid_dentry_operations = {
18873 d_delete: pid_delete_dentry,
18876 -static struct dentry_operations pid_base_dentry_operations =
18878 +static const struct dentry_operations pid_base_dentry_operations = {
18879 d_revalidate: pid_base_revalidate,
18880 d_delete: pid_delete_dentry,
18882 @@ -894,7 +931,7 @@ out:
18883 return ERR_PTR(-ENOENT);
18886 -static struct file_operations proc_fd_operations = {
18887 +static const struct file_operations proc_fd_operations = {
18888 read: generic_read_dir,
18889 readdir: proc_readfd,
18891 @@ -902,7 +939,7 @@ static struct file_operations proc_fd_op
18893 * proc directories can do almost nothing..
18895 -static struct inode_operations proc_fd_inode_operations = {
18896 +static const struct inode_operations proc_fd_inode_operations = {
18897 lookup: proc_lookupfd,
18898 permission: proc_permission,
18900 @@ -983,6 +1020,12 @@ static struct dentry *proc_base_lookup(s
18901 inode->u.proc_i.op.proc_read = proc_pid_cpu;
18904 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
18905 + case PROC_PID_IPADDR:
18906 + inode->i_fop = &proc_info_file_operations;
18907 + inode->u.proc_i.op.proc_read = proc_pid_ipaddr;
18911 inode->i_op = &proc_mem_inode_operations;
18912 inode->i_fop = &proc_mem_operations;
18913 @@ -1003,12 +1046,12 @@ out:
18914 return ERR_PTR(error);
18917 -static struct file_operations proc_base_operations = {
18918 +static const struct file_operations proc_base_operations = {
18919 read: generic_read_dir,
18920 readdir: proc_base_readdir,
18923 -static struct inode_operations proc_base_inode_operations = {
18924 +static const struct inode_operations proc_base_inode_operations = {
18925 lookup: proc_base_lookup,
18928 @@ -1029,7 +1072,7 @@ static int proc_self_follow_link(struct
18929 return vfs_follow_link(nd,tmp);
18932 -static struct inode_operations proc_self_inode_operations = {
18933 +static const struct inode_operations proc_self_inode_operations = {
18934 readlink: proc_self_readlink,
18935 follow_link: proc_self_follow_link,
18937 @@ -1081,13 +1124,35 @@ struct dentry *proc_pid_lookup(struct in
18941 + if(gr_check_hidden_task(task)) {
18942 + free_task_struct(task);
18946 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
18947 + if (current->uid && (task->uid != current->uid)
18948 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
18949 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
18952 + free_task_struct(task);
18956 inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);
18958 free_task_struct(task);
18962 +#ifdef CONFIG_GRKERNSEC_PROC_USER
18963 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
18964 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
18965 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
18966 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
18968 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
18970 inode->i_op = &proc_base_inode_operations;
18971 inode->i_fop = &proc_base_operations;
18972 inode->i_nlink = 3;
18973 @@ -1127,6 +1192,18 @@ static int get_pid_list(int index, unsig
18977 + if(gr_pid_is_chrooted(p))
18979 + if(gr_check_hidden_task(p))
18981 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
18982 + if (current->uid && (p->uid != current->uid)
18983 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
18984 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
18991 pids[nr_pids] = pid;
18992 diff -urNp linux-2.4.37.7/fs/proc/generic.c linux-2.4.37.7/fs/proc/generic.c
18993 --- linux-2.4.37.7/fs/proc/generic.c 2009-11-07 11:52:20.000000000 -0500
18994 +++ linux-2.4.37.7/fs/proc/generic.c 2009-11-10 19:30:27.000000000 -0500
18995 @@ -33,7 +33,7 @@ int proc_match(int len, const char *name
18996 return !memcmp(name, de->name, len);
18999 -static struct file_operations proc_file_operations = {
19000 +static const struct file_operations proc_file_operations = {
19001 llseek: proc_file_lseek,
19002 read: proc_file_read,
19003 write: proc_file_write,
19004 @@ -229,7 +229,7 @@ static int proc_follow_link(struct dentr
19005 return vfs_follow_link(nd, s);
19008 -static struct inode_operations proc_link_inode_operations = {
19009 +static const struct inode_operations proc_link_inode_operations = {
19010 readlink: proc_readlink,
19011 follow_link: proc_follow_link,
19013 @@ -245,8 +245,7 @@ static int proc_delete_dentry(struct den
19017 -static struct dentry_operations proc_dentry_operations =
19019 +static const struct dentry_operations proc_dentry_operations = {
19020 d_delete: proc_delete_dentry,
19023 @@ -351,7 +350,7 @@ int proc_readdir(struct file * filp,
19024 * use the in-memory "struct proc_dir_entry" tree to parse
19025 * the /proc directory.
19027 -static struct file_operations proc_dir_operations = {
19028 +static const struct file_operations proc_dir_operations = {
19029 read: generic_read_dir,
19030 readdir: proc_readdir,
19032 @@ -359,7 +358,7 @@ static struct file_operations proc_dir_o
19034 * proc directories can do almost nothing..
19036 -static struct inode_operations proc_dir_inode_operations = {
19037 +static const struct inode_operations proc_dir_inode_operations = {
19038 lookup: proc_lookup,
19041 @@ -406,7 +405,7 @@ static void proc_kill_inodes(struct proc
19042 struct file * filp = list_entry(p, struct file, f_list);
19043 struct dentry * dentry = filp->f_dentry;
19044 struct inode * inode;
19045 - struct file_operations *fops;
19046 + const struct file_operations *fops;
19048 if (dentry->d_op != &proc_dentry_operations)
19050 diff -urNp linux-2.4.37.7/fs/proc/inode.c linux-2.4.37.7/fs/proc/inode.c
19051 --- linux-2.4.37.7/fs/proc/inode.c 2009-11-07 11:52:20.000000000 -0500
19052 +++ linux-2.4.37.7/fs/proc/inode.c 2009-11-10 19:30:27.000000000 -0500
19053 @@ -91,7 +91,7 @@ static int proc_statfs(struct super_bloc
19057 -static struct super_operations proc_sops = {
19058 +static const struct super_operations proc_sops = {
19059 read_inode: proc_read_inode,
19060 put_inode: force_delete,
19061 delete_inode: proc_delete_inode,
19062 @@ -152,7 +152,11 @@ printk("proc_iget: using deleted entry %
19064 inode->i_mode = de->mode;
19065 inode->i_uid = de->uid;
19066 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
19067 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
19069 inode->i_gid = de->gid;
19073 inode->i_size = de->size;
19074 diff -urNp linux-2.4.37.7/fs/proc/kcore.c linux-2.4.37.7/fs/proc/kcore.c
19075 --- linux-2.4.37.7/fs/proc/kcore.c 2009-11-07 11:52:20.000000000 -0500
19076 +++ linux-2.4.37.7/fs/proc/kcore.c 2009-11-10 19:30:27.000000000 -0500
19077 @@ -31,7 +31,7 @@ static loff_t lseek_kcore(struct file *
19079 static ssize_t read_kcore(struct file *, char *, size_t, loff_t *);
19081 -struct file_operations proc_kcore_operations = {
19082 +const struct file_operations proc_kcore_operations = {
19085 llseek: lseek_kcore,
19086 diff -urNp linux-2.4.37.7/fs/proc/kmsg.c linux-2.4.37.7/fs/proc/kmsg.c
19087 --- linux-2.4.37.7/fs/proc/kmsg.c 2009-11-07 11:52:20.000000000 -0500
19088 +++ linux-2.4.37.7/fs/proc/kmsg.c 2009-11-10 19:30:27.000000000 -0500
19089 @@ -44,7 +44,7 @@ static unsigned int kmsg_poll(struct fil
19093 -struct file_operations proc_kmsg_operations = {
19094 +const struct file_operations proc_kmsg_operations = {
19098 diff -urNp linux-2.4.37.7/fs/proc/proc_misc.c linux-2.4.37.7/fs/proc/proc_misc.c
19099 --- linux-2.4.37.7/fs/proc/proc_misc.c 2009-11-07 11:52:20.000000000 -0500
19100 +++ linux-2.4.37.7/fs/proc/proc_misc.c 2009-11-10 19:30:27.000000000 -0500
19101 @@ -226,12 +226,12 @@ static int version_read_proc(char *page,
19102 return proc_calc_metrics(page, start, off, count, eof, len);
19105 -extern struct seq_operations cpuinfo_op;
19106 +extern const struct seq_operations cpuinfo_op;
19107 static int cpuinfo_open(struct inode *inode, struct file *file)
19109 return seq_open(file, &cpuinfo_op);
19111 -static struct file_operations proc_cpuinfo_operations = {
19112 +static const struct file_operations proc_cpuinfo_operations = {
19113 open: cpuinfo_open,
19116 @@ -256,12 +256,12 @@ static int stram_read_proc(char *page, c
19120 -extern struct seq_operations partitions_op;
19121 +extern const struct seq_operations partitions_op;
19122 static int partitions_open(struct inode *inode, struct file *file)
19124 return seq_open(file, &partitions_op);
19126 -static struct file_operations proc_partitions_operations = {
19127 +static const struct file_operations proc_partitions_operations = {
19128 open: partitions_open,
19131 @@ -276,12 +276,12 @@ static int modules_read_proc(char *page,
19132 return proc_calc_metrics(page, start, off, count, eof, len);
19135 -extern struct seq_operations ksyms_op;
19136 +extern const struct seq_operations ksyms_op;
19137 static int ksyms_open(struct inode *inode, struct file *file)
19139 return seq_open(file, &ksyms_op);
19141 -static struct file_operations proc_ksyms_operations = {
19142 +static const struct file_operations proc_ksyms_operations = {
19146 @@ -289,13 +289,13 @@ static struct file_operations proc_ksyms
19150 -extern struct seq_operations slabinfo_op;
19151 +extern const struct seq_operations slabinfo_op;
19152 extern ssize_t slabinfo_write(struct file *, const char *, size_t, loff_t *);
19153 static int slabinfo_open(struct inode *inode, struct file *file)
19155 return seq_open(file, &slabinfo_op);
19157 -static struct file_operations proc_slabinfo_operations = {
19158 +static const struct file_operations proc_slabinfo_operations = {
19159 open: slabinfo_open,
19161 write: slabinfo_write,
19162 @@ -422,7 +422,7 @@ static int interrupts_open(struct inode
19166 -static struct file_operations proc_interrupts_operations = {
19167 +static const struct file_operations proc_interrupts_operations = {
19168 .open = interrupts_open,
19170 .llseek = seq_lseek,
19171 @@ -430,8 +430,8 @@ static struct file_operations proc_inter
19173 #endif /* !CONFIG_X86 */
19175 -extern struct file_operations proc_ioports_operations;
19176 -extern struct file_operations proc_iomem_operations;
19177 +extern const struct file_operations proc_ioports_operations;
19178 +extern const struct file_operations proc_iomem_operations;
19180 static int filesystems_read_proc(char *page, char **start, off_t off,
19181 int count, int *eof, void *data)
19182 @@ -551,7 +551,7 @@ static ssize_t write_profile(struct file
19186 -static struct file_operations proc_profile_operations = {
19187 +static const struct file_operations proc_profile_operations = {
19188 read: read_profile,
19189 write: write_profile,
19191 @@ -573,14 +573,14 @@ static ssize_t write_sysrq_trigger(struc
19195 -static struct file_operations proc_sysrq_trigger_operations = {
19196 +static const struct file_operations proc_sysrq_trigger_operations = {
19197 .write = write_sysrq_trigger,
19201 struct proc_dir_entry *proc_root_kcore;
19203 -static void create_seq_entry(char *name, mode_t mode, struct file_operations *f)
19204 +static void create_seq_entry(char *name, mode_t mode, const struct file_operations *f)
19206 struct proc_dir_entry *entry;
19207 entry = create_proc_entry(name, mode, NULL);
19208 @@ -591,6 +591,7 @@ static void create_seq_entry(char *name,
19209 void __init proc_misc_init(void)
19211 struct proc_dir_entry *entry;
19215 int (*read_proc)(char*,char**,off_t,int,int*,void*);
19216 @@ -605,17 +606,21 @@ void __init proc_misc_init(void)
19217 #ifdef CONFIG_STRAM_PROC
19218 {"stram", stram_read_proc},
19220 -#ifdef CONFIG_MODULES
19221 +#if defined(CONFIG_MODULES) && !defined(CONFIG_GRKERNSEC_PROC)
19222 {"modules", modules_read_proc},
19224 {"stat", kstat_read_proc},
19225 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
19226 {"devices", devices_read_proc},
19227 -#if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_X86)
19229 +#if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_X86) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
19230 {"interrupts", interrupts_read_proc},
19232 {"filesystems", filesystems_read_proc},
19233 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
19234 {"dma", dma_read_proc},
19235 {"cmdline", cmdline_read_proc},
19237 #ifdef CONFIG_SGI_DS1286
19238 {"rtc", ds1286_read_proc},
19240 @@ -627,6 +632,23 @@ void __init proc_misc_init(void)
19241 for (p = simple_ones; p->name; p++)
19242 create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
19244 +#ifdef CONFIG_GRKERNSEC_PROC_USER
19245 + gr_mode = S_IRUSR;
19246 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
19247 + gr_mode = S_IRUSR | S_IRGRP;
19249 +#if defined(CONFIG_GRKERNSEC_PROC) && defined(CONFIG_MODULES)
19250 + create_proc_read_entry("modules", gr_mode, NULL, &modules_read_proc, NULL);
19252 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
19253 + create_proc_read_entry("devices", gr_mode, NULL, &devices_read_proc, NULL);
19254 + create_proc_read_entry("dma", gr_mode, NULL, &dma_read_proc, NULL);
19255 + create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL);
19256 +#if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_X86)
19257 + create_proc_read_entry("interrupts", gr_mode, NULL, &interrupts_read_proc, NULL);
19261 proc_symlink("mounts", NULL, "self/mounts");
19263 /* And now for trickier ones */
19264 @@ -634,22 +656,32 @@ void __init proc_misc_init(void)
19266 entry->proc_fops = &proc_kmsg_operations;
19267 create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
19268 -#if defined(CONFIG_X86)
19269 +#if defined(CONFIG_X86) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
19270 create_seq_entry("interrupts", 0, &proc_interrupts_operations);
19271 +#elif defined(CONFIG_X86)
19272 + create_seq_entry("interrupts", gr_mode, &proc_interrupts_operations);
19274 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
19275 + create_seq_entry("ioports", gr_mode, &proc_ioports_operations);
19276 + create_seq_entry("iomem", gr_mode, &proc_iomem_operations);
19277 + create_seq_entry("slabinfo",gr_mode,&proc_slabinfo_operations);
19279 create_seq_entry("ioports", 0, &proc_ioports_operations);
19280 create_seq_entry("iomem", 0, &proc_iomem_operations);
19281 - create_seq_entry("partitions", 0, &proc_partitions_operations);
19282 create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations);
19284 + create_seq_entry("partitions", 0, &proc_partitions_operations);
19285 #ifdef CONFIG_MODULES
19286 - create_seq_entry("ksyms", 0, &proc_ksyms_operations);
19287 + create_seq_entry("ksyms", gr_mode, &proc_ksyms_operations);
19289 +#ifndef CONFIG_GRKERNSEC_PROC_ADD
19290 proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
19291 if (proc_root_kcore) {
19292 proc_root_kcore->proc_fops = &proc_kcore_operations;
19293 proc_root_kcore->size =
19294 (size_t)high_memory - PAGE_OFFSET + PAGE_SIZE;
19298 entry = create_proc_entry("profile", S_IWUSR | S_IRUGO, NULL);
19300 @@ -664,7 +696,7 @@ void __init proc_misc_init(void)
19302 #ifdef CONFIG_PPC32
19304 - extern struct file_operations ppc_htab_operations;
19305 + extern const struct file_operations ppc_htab_operations;
19306 entry = create_proc_entry("ppc_htab", S_IRUGO|S_IWUSR, NULL);
19308 entry->proc_fops = &ppc_htab_operations;
19309 diff -urNp linux-2.4.37.7/fs/proc/root.c linux-2.4.37.7/fs/proc/root.c
19310 --- linux-2.4.37.7/fs/proc/root.c 2009-11-07 11:52:20.000000000 -0500
19311 +++ linux-2.4.37.7/fs/proc/root.c 2009-11-10 19:30:27.000000000 -0500
19312 @@ -37,7 +37,13 @@ void __init proc_root_init(void)
19316 - proc_net = proc_mkdir("net", 0);
19317 +#ifdef CONFIG_GRKERNSEC_PROC_USER
19318 + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR, NULL);
19319 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
19320 + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
19322 + proc_net = proc_mkdir("net", NULL);
19324 proc_net_stat = proc_mkdir("net/stat", NULL);
19326 #ifdef CONFIG_SYSVIPC
19327 @@ -69,7 +75,16 @@ void __init proc_root_init(void)
19328 #ifdef CONFIG_PPC_RTAS
19331 - proc_bus = proc_mkdir("bus", 0);
19333 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
19334 +#ifdef CONFIG_GRKERNSEC_PROC_USER
19335 + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
19336 +#elif CONFIG_GRKERNSEC_PROC_USERGROUP
19337 + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
19340 + proc_bus = proc_mkdir("bus", NULL);
19344 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry)
19345 @@ -108,7 +123,7 @@ static int proc_root_readdir(struct file
19346 * <pid> directories. Thus we don't use the generic
19347 * directory handling functions for that..
19349 -static struct file_operations proc_root_operations = {
19350 +static const struct file_operations proc_root_operations = {
19351 read: generic_read_dir,
19352 readdir: proc_root_readdir,
19354 @@ -116,7 +131,7 @@ static struct file_operations proc_root_
19356 * proc root can do almost nothing..
19358 -static struct inode_operations proc_root_inode_operations = {
19359 +static const struct inode_operations proc_root_inode_operations = {
19360 lookup: proc_root_lookup,
19363 diff -urNp linux-2.4.37.7/fs/qnx4/dir.c linux-2.4.37.7/fs/qnx4/dir.c
19364 --- linux-2.4.37.7/fs/qnx4/dir.c 2009-11-07 11:52:20.000000000 -0500
19365 +++ linux-2.4.37.7/fs/qnx4/dir.c 2009-11-10 19:30:27.000000000 -0500
19366 @@ -78,15 +78,13 @@ static int qnx4_readdir(struct file *fil
19370 -struct file_operations qnx4_dir_operations =
19372 +const struct file_operations qnx4_dir_operations = {
19373 read: generic_read_dir,
19374 readdir: qnx4_readdir,
19378 -struct inode_operations qnx4_dir_inode_operations =
19380 +const struct inode_operations qnx4_dir_inode_operations = {
19381 lookup: qnx4_lookup,
19382 #ifdef CONFIG_QNX4FS_RW
19383 create: qnx4_create,
19384 diff -urNp linux-2.4.37.7/fs/qnx4/file.c linux-2.4.37.7/fs/qnx4/file.c
19385 --- linux-2.4.37.7/fs/qnx4/file.c 2009-11-07 11:52:20.000000000 -0500
19386 +++ linux-2.4.37.7/fs/qnx4/file.c 2009-11-10 19:30:27.000000000 -0500
19388 * We have mostly NULL's here: the current defaults are ok for
19389 * the qnx4 filesystem.
19391 -struct file_operations qnx4_file_operations =
19393 +const struct file_operations qnx4_file_operations = {
19394 llseek: generic_file_llseek,
19395 read: generic_file_read,
19396 #ifdef CONFIG_QNX4FS_RW
19397 @@ -35,8 +34,7 @@ struct file_operations qnx4_file_operati
19401 -struct inode_operations qnx4_file_inode_operations =
19403 +const struct inode_operations qnx4_file_inode_operations = {
19404 #ifdef CONFIG_QNX4FS_RW
19405 truncate: qnx4_truncate,
19407 diff -urNp linux-2.4.37.7/fs/qnx4/inode.c linux-2.4.37.7/fs/qnx4/inode.c
19408 --- linux-2.4.37.7/fs/qnx4/inode.c 2009-11-07 11:52:20.000000000 -0500
19409 +++ linux-2.4.37.7/fs/qnx4/inode.c 2009-11-10 19:30:27.000000000 -0500
19411 #define QNX4_VERSION 4
19412 #define QNX4_BMNAME ".bitmap"
19414 -static struct super_operations qnx4_sops;
19415 +static const struct super_operations qnx4_sops;
19417 #ifdef CONFIG_QNX4FS_RW
19419 @@ -125,8 +125,7 @@ static void qnx4_read_inode(struct inode
19420 static int qnx4_remount(struct super_block *sb, int *flags, char *data);
19421 static int qnx4_statfs(struct super_block *, struct statfs *);
19423 -static struct super_operations qnx4_sops =
19425 +static const struct super_operations qnx4_sops = {
19426 read_inode: qnx4_read_inode,
19427 #ifdef CONFIG_QNX4FS_RW
19428 write_inode: qnx4_write_inode,
19429 @@ -428,7 +427,7 @@ static int qnx4_bmap(struct address_spac
19431 return generic_block_bmap(mapping,block,qnx4_get_block);
19433 -struct address_space_operations qnx4_aops = {
19434 +const struct address_space_operations qnx4_aops = {
19435 readpage: qnx4_readpage,
19436 writepage: qnx4_writepage,
19437 sync_page: block_sync_page,
19438 diff -urNp linux-2.4.37.7/fs/ramfs/inode.c linux-2.4.37.7/fs/ramfs/inode.c
19439 --- linux-2.4.37.7/fs/ramfs/inode.c 2009-11-07 11:52:20.000000000 -0500
19440 +++ linux-2.4.37.7/fs/ramfs/inode.c 2009-11-10 19:30:27.000000000 -0500
19441 @@ -35,10 +35,10 @@
19442 /* some random number */
19443 #define RAMFS_MAGIC 0x858458f6
19445 -static struct super_operations ramfs_ops;
19446 -static struct address_space_operations ramfs_aops;
19447 -static struct file_operations ramfs_file_operations;
19448 -static struct inode_operations ramfs_dir_inode_operations;
19449 +static const struct super_operations ramfs_ops;
19450 +static const struct address_space_operations ramfs_aops;
19451 +static const struct file_operations ramfs_file_operations;
19452 +static const struct inode_operations ramfs_dir_inode_operations;
19454 static int ramfs_statfs(struct super_block *sb, struct statfs *buf)
19456 @@ -271,21 +271,21 @@ static int ramfs_sync_file(struct file *
19460 -static struct address_space_operations ramfs_aops = {
19461 +static const struct address_space_operations ramfs_aops = {
19462 readpage: ramfs_readpage,
19463 writepage: fail_writepage,
19464 prepare_write: ramfs_prepare_write,
19465 commit_write: ramfs_commit_write
19468 -static struct file_operations ramfs_file_operations = {
19469 +static const struct file_operations ramfs_file_operations = {
19470 read: generic_file_read,
19471 write: generic_file_write,
19472 mmap: generic_file_mmap,
19473 fsync: ramfs_sync_file,
19476 -static struct inode_operations ramfs_dir_inode_operations = {
19477 +static const struct inode_operations ramfs_dir_inode_operations = {
19478 create: ramfs_create,
19479 lookup: ramfs_lookup,
19481 @@ -297,7 +297,7 @@ static struct inode_operations ramfs_dir
19482 rename: ramfs_rename,
19485 -static struct super_operations ramfs_ops = {
19486 +static const struct super_operations ramfs_ops = {
19487 statfs: ramfs_statfs,
19488 put_inode: force_delete,
19490 diff -urNp linux-2.4.37.7/fs/readdir.c linux-2.4.37.7/fs/readdir.c
19491 --- linux-2.4.37.7/fs/readdir.c 2009-11-07 11:52:20.000000000 -0500
19492 +++ linux-2.4.37.7/fs/readdir.c 2009-11-10 19:30:27.000000000 -0500
19494 #include <linux/stat.h>
19495 #include <linux/file.h>
19496 #include <linux/smp_lock.h>
19497 +#include <linux/grsecurity.h>
19499 #include <asm/uaccess.h>
19501 @@ -150,7 +151,7 @@ int dcache_readdir(struct file * filp, v
19505 -struct file_operations dcache_dir_ops = {
19506 +const struct file_operations dcache_dir_ops = {
19507 open: dcache_dir_open,
19508 release: dcache_dir_close,
19509 llseek: dcache_dir_lseek,
19510 @@ -181,6 +182,7 @@ struct old_linux_dirent {
19512 struct readdir_callback {
19513 struct old_linux_dirent * dirent;
19514 + struct file * file;
19518 @@ -192,6 +194,10 @@ static int fillonedir(void * __buf, cons
19523 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
19527 dirent = buf->dirent;
19528 put_user(ino, &dirent->d_ino);
19529 @@ -214,6 +220,7 @@ asmlinkage int old_readdir(unsigned int
19534 buf.dirent = dirent;
19536 error = vfs_readdir(file, fillonedir, &buf);
19537 @@ -241,6 +248,7 @@ struct linux_dirent {
19538 struct getdents_callback {
19539 struct linux_dirent * current_dir;
19540 struct linux_dirent * previous;
19541 + struct file * file;
19545 @@ -255,6 +263,10 @@ static int filldir(void * __buf, const c
19546 buf->error = -EINVAL; /* only used if we fail.. */
19547 if (reclen > buf->count)
19550 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
19553 dirent = buf->previous;
19555 put_user(offset, &dirent->d_off);
19556 @@ -284,6 +296,7 @@ asmlinkage long sys_getdents(unsigned in
19558 buf.current_dir = (struct linux_dirent *) dirent;
19559 buf.previous = NULL;
19564 @@ -319,6 +332,7 @@ struct linux_dirent64 {
19565 struct getdents_callback64 {
19566 struct linux_dirent64 * current_dir;
19567 struct linux_dirent64 * previous;
19568 + struct file * file;
19572 @@ -333,6 +347,10 @@ static int filldir64(void * __buf, const
19573 buf->error = -EINVAL; /* only used if we fail.. */
19574 if (reclen > buf->count)
19577 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
19580 dirent = buf->previous;
19583 @@ -367,6 +385,7 @@ asmlinkage long sys_getdents64(unsigned
19585 buf.current_dir = (struct linux_dirent64 *) dirent;
19586 buf.previous = NULL;
19591 diff -urNp linux-2.4.37.7/fs/read_write.c linux-2.4.37.7/fs/read_write.c
19592 --- linux-2.4.37.7/fs/read_write.c 2009-11-07 11:52:20.000000000 -0500
19593 +++ linux-2.4.37.7/fs/read_write.c 2009-11-10 19:30:27.000000000 -0500
19596 #include <asm/uaccess.h>
19598 -struct file_operations generic_ro_fops = {
19599 +const struct file_operations generic_ro_fops = {
19600 llseek: generic_file_llseek,
19601 read: generic_file_read,
19602 mmap: generic_file_mmap,
19603 diff -urNp linux-2.4.37.7/fs/reiserfs/dir.c linux-2.4.37.7/fs/reiserfs/dir.c
19604 --- linux-2.4.37.7/fs/reiserfs/dir.c 2009-11-07 11:52:20.000000000 -0500
19605 +++ linux-2.4.37.7/fs/reiserfs/dir.c 2009-11-10 19:30:27.000000000 -0500
19606 @@ -16,7 +16,7 @@ extern struct key MIN_KEY;
19607 static int reiserfs_readdir (struct file *, void *, filldir_t);
19608 int reiserfs_dir_fsync(struct file *filp, struct dentry *dentry, int datasync) ;
19610 -struct file_operations reiserfs_dir_operations = {
19611 +const struct file_operations reiserfs_dir_operations = {
19612 read: generic_read_dir,
19613 readdir: reiserfs_readdir,
19614 fsync: reiserfs_dir_fsync,
19615 diff -urNp linux-2.4.37.7/fs/reiserfs/file.c linux-2.4.37.7/fs/reiserfs/file.c
19616 --- linux-2.4.37.7/fs/reiserfs/file.c 2009-11-07 11:52:20.000000000 -0500
19617 +++ linux-2.4.37.7/fs/reiserfs/file.c 2009-11-10 19:30:27.000000000 -0500
19618 @@ -129,7 +129,7 @@ static int reiserfs_setattr(struct dentr
19622 -struct file_operations reiserfs_file_operations = {
19623 +const struct file_operations reiserfs_file_operations = {
19624 read: generic_file_read,
19625 write: generic_file_write,
19626 ioctl: reiserfs_ioctl,
19627 @@ -139,7 +139,7 @@ struct file_operations reiserfs_file_ope
19631 -struct inode_operations reiserfs_file_inode_operations = {
19632 +const struct inode_operations reiserfs_file_inode_operations = {
19633 truncate: reiserfs_vfs_truncate_file,
19634 setattr: reiserfs_setattr,
19636 diff -urNp linux-2.4.37.7/fs/reiserfs/inode.c linux-2.4.37.7/fs/reiserfs/inode.c
19637 --- linux-2.4.37.7/fs/reiserfs/inode.c 2009-11-07 11:52:20.000000000 -0500
19638 +++ linux-2.4.37.7/fs/reiserfs/inode.c 2009-11-10 19:30:27.000000000 -0500
19639 @@ -2229,7 +2229,7 @@ static int reiserfs_direct_io(int rw, st
19640 reiserfs_get_block_direct_io) ;
19643 -struct address_space_operations reiserfs_address_space_operations = {
19644 +const struct address_space_operations reiserfs_address_space_operations = {
19645 writepage: reiserfs_writepage,
19646 readpage: reiserfs_readpage,
19647 sync_page: block_sync_page,
19648 diff -urNp linux-2.4.37.7/fs/reiserfs/namei.c linux-2.4.37.7/fs/reiserfs/namei.c
19649 --- linux-2.4.37.7/fs/reiserfs/namei.c 2009-11-07 11:52:20.000000000 -0500
19650 +++ linux-2.4.37.7/fs/reiserfs/namei.c 2009-11-10 19:30:27.000000000 -0500
19651 @@ -1266,7 +1266,7 @@ static int reiserfs_rename (struct inode
19653 * directories can handle most operations...
19655 -struct inode_operations reiserfs_dir_inode_operations = {
19656 +const struct inode_operations reiserfs_dir_inode_operations = {
19657 //&reiserfs_dir_operations, /* default_file_ops */
19658 create: reiserfs_create,
19659 lookup: reiserfs_lookup,
19660 diff -urNp linux-2.4.37.7/fs/reiserfs/super.c linux-2.4.37.7/fs/reiserfs/super.c
19661 --- linux-2.4.37.7/fs/reiserfs/super.c 2009-11-07 11:52:20.000000000 -0500
19662 +++ linux-2.4.37.7/fs/reiserfs/super.c 2009-11-10 19:30:27.000000000 -0500
19663 @@ -408,8 +408,7 @@ static void reiserfs_dirty_inode (struct
19667 -struct super_operations reiserfs_sops =
19669 +const struct super_operations reiserfs_sops = {
19670 read_inode: reiserfs_read_inode,
19671 read_inode2: reiserfs_read_inode2,
19672 write_inode: reiserfs_write_inode,
19673 diff -urNp linux-2.4.37.7/fs/romfs/inode.c linux-2.4.37.7/fs/romfs/inode.c
19674 --- linux-2.4.37.7/fs/romfs/inode.c 2009-11-07 11:52:20.000000000 -0500
19675 +++ linux-2.4.37.7/fs/romfs/inode.c 2009-11-10 19:30:27.000000000 -0500
19676 @@ -90,7 +90,7 @@ romfs_checksum(void *data, int size)
19680 -static struct super_operations romfs_ops;
19681 +static const struct super_operations romfs_ops;
19683 static struct super_block *
19684 romfs_read_super(struct super_block *s, void *data, int silent)
19685 @@ -435,16 +435,16 @@ err_out:
19687 /* Mapping from our types to the kernel */
19689 -static struct address_space_operations romfs_aops = {
19690 +static const struct address_space_operations romfs_aops = {
19691 readpage: romfs_readpage
19694 -static struct file_operations romfs_dir_operations = {
19695 +static const struct file_operations romfs_dir_operations = {
19696 read: generic_read_dir,
19697 readdir: romfs_readdir,
19700 -static struct inode_operations romfs_dir_inode_operations = {
19701 +static const struct inode_operations romfs_dir_inode_operations = {
19702 lookup: romfs_lookup,
19705 @@ -525,7 +525,7 @@ romfs_read_inode(struct inode *i)
19709 -static struct super_operations romfs_ops = {
19710 +static const struct super_operations romfs_ops = {
19711 read_inode: romfs_read_inode,
19712 statfs: romfs_statfs,
19714 diff -urNp linux-2.4.37.7/fs/seq_file.c linux-2.4.37.7/fs/seq_file.c
19715 --- linux-2.4.37.7/fs/seq_file.c 2009-11-07 11:52:20.000000000 -0500
19716 +++ linux-2.4.37.7/fs/seq_file.c 2009-11-10 19:30:27.000000000 -0500
19718 * ERR_PTR(error). In the end of sequence they return %NULL. ->show()
19719 * returns 0 in case of success and negative number in case of error.
19721 -int seq_open(struct file *file, struct seq_operations *op)
19722 +int seq_open(struct file *file, const struct seq_operations *op)
19724 struct seq_file *p = kmalloc(sizeof(*p), GFP_KERNEL);
19726 @@ -364,7 +364,7 @@ int single_open(struct file *file, int (
19728 int single_release(struct inode *inode, struct file *file)
19730 - struct seq_operations *op = ((struct seq_file *)file->private_data)->op;
19731 + struct seq_operations *op = (struct seq_operations *)((struct seq_file *)file->private_data)->op;
19732 int res = seq_release(inode, file);
19735 diff -urNp linux-2.4.37.7/fs/smbfs/dir.c linux-2.4.37.7/fs/smbfs/dir.c
19736 --- linux-2.4.37.7/fs/smbfs/dir.c 2009-11-07 11:52:20.000000000 -0500
19737 +++ linux-2.4.37.7/fs/smbfs/dir.c 2009-11-10 19:30:27.000000000 -0500
19738 @@ -33,16 +33,14 @@ static int smb_rename(struct inode *, st
19739 static int smb_make_node(struct inode *,struct dentry *, int, int);
19740 static int smb_link(struct dentry *, struct inode *, struct dentry *);
19742 -struct file_operations smb_dir_operations =
19744 +const struct file_operations smb_dir_operations = {
19745 read: generic_read_dir,
19746 readdir: smb_readdir,
19748 open: smb_dir_open,
19751 -struct inode_operations smb_dir_inode_operations =
19753 +const struct inode_operations smb_dir_inode_operations = {
19754 create: smb_create,
19755 lookup: smb_lookup,
19756 unlink: smb_unlink,
19757 @@ -53,8 +51,7 @@ struct inode_operations smb_dir_inode_op
19758 setattr: smb_notify_change,
19761 -struct inode_operations smb_dir_inode_operations_unix =
19763 +const struct inode_operations smb_dir_inode_operations_unix = {
19764 create: smb_create,
19765 lookup: smb_lookup,
19766 unlink: smb_unlink,
19767 @@ -269,16 +266,14 @@ static int smb_hash_dentry(struct dentry
19768 static int smb_compare_dentry(struct dentry *, struct qstr *, struct qstr *);
19769 static int smb_delete_dentry(struct dentry *);
19771 -static struct dentry_operations smbfs_dentry_operations =
19773 +static const struct dentry_operations smbfs_dentry_operations = {
19774 d_revalidate: smb_lookup_validate,
19775 d_hash: smb_hash_dentry,
19776 d_compare: smb_compare_dentry,
19777 d_delete: smb_delete_dentry,
19780 -static struct dentry_operations smbfs_dentry_operations_case =
19782 +static const struct dentry_operations smbfs_dentry_operations_case = {
19783 d_revalidate: smb_lookup_validate,
19784 d_delete: smb_delete_dentry,
19786 diff -urNp linux-2.4.37.7/fs/smbfs/file.c linux-2.4.37.7/fs/smbfs/file.c
19787 --- linux-2.4.37.7/fs/smbfs/file.c 2009-11-07 11:52:20.000000000 -0500
19788 +++ linux-2.4.37.7/fs/smbfs/file.c 2009-11-10 19:30:27.000000000 -0500
19789 @@ -288,7 +288,7 @@ static int smb_commit_write(struct file
19793 -struct address_space_operations smb_file_aops = {
19794 +const struct address_space_operations smb_file_aops = {
19795 readpage: smb_readpage,
19796 writepage: smb_writepage,
19797 prepare_write: smb_prepare_write,
19798 @@ -382,8 +382,7 @@ smb_file_permission(struct inode *inode,
19802 -struct file_operations smb_file_operations =
19804 +const struct file_operations smb_file_operations = {
19805 llseek: generic_file_llseek,
19806 read: smb_file_read,
19807 write: smb_file_write,
19808 @@ -394,8 +393,7 @@ struct file_operations smb_file_operatio
19812 -struct inode_operations smb_file_inode_operations =
19814 +const struct inode_operations smb_file_inode_operations = {
19815 permission: smb_file_permission,
19816 revalidate: smb_revalidate_inode,
19817 setattr: smb_notify_change,
19818 diff -urNp linux-2.4.37.7/fs/smbfs/inode.c linux-2.4.37.7/fs/smbfs/inode.c
19819 --- linux-2.4.37.7/fs/smbfs/inode.c 2009-11-07 11:52:20.000000000 -0500
19820 +++ linux-2.4.37.7/fs/smbfs/inode.c 2009-11-10 19:30:27.000000000 -0500
19821 @@ -50,8 +50,7 @@ static void smb_put_super(struct super_b
19822 static int smb_statfs(struct super_block *, struct statfs *);
19823 static int smb_show_options(struct seq_file *, struct vfsmount *);
19825 -static struct super_operations smb_sops =
19827 +static const struct super_operations smb_sops = {
19828 put_inode: force_delete,
19829 delete_inode: smb_delete_inode,
19830 put_super: smb_put_super,
19831 diff -urNp linux-2.4.37.7/fs/smbfs/proto.h linux-2.4.37.7/fs/smbfs/proto.h
19832 --- linux-2.4.37.7/fs/smbfs/proto.h 2009-11-07 11:52:20.000000000 -0500
19833 +++ linux-2.4.37.7/fs/smbfs/proto.h 2009-11-10 19:30:27.000000000 -0500
19834 @@ -32,9 +32,9 @@ extern int smb_proc_symlink(struct smb_s
19835 extern int smb_proc_link(struct smb_sb_info *server, struct dentry *dentry, struct dentry *new_dentry);
19836 extern void smb_install_null_ops(struct smb_ops *ops);
19838 -extern struct file_operations smb_dir_operations;
19839 -extern struct inode_operations smb_dir_inode_operations;
19840 -extern struct inode_operations smb_dir_inode_operations_unix;
19841 +extern const struct file_operations smb_dir_operations;
19842 +extern const struct inode_operations smb_dir_inode_operations;
19843 +extern const struct inode_operations smb_dir_inode_operations_unix;
19844 extern void smb_new_dentry(struct dentry *dentry);
19845 extern void smb_renew_times(struct dentry *dentry);
19847 @@ -59,13 +59,13 @@ extern int smb_revalidate_inode(struct d
19848 extern struct super_block *smb_read_super(struct super_block *sb, void *raw_data, int silent);
19849 extern int smb_notify_change(struct dentry *dentry, struct iattr *attr);
19851 -extern struct address_space_operations smb_file_aops;
19852 -extern struct file_operations smb_file_operations;
19853 -extern struct inode_operations smb_file_inode_operations;
19854 +extern const struct address_space_operations smb_file_aops;
19855 +extern const struct file_operations smb_file_operations;
19856 +extern const struct inode_operations smb_file_inode_operations;
19858 extern int smb_ioctl(struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg);
19860 extern int smb_read_link(struct dentry *dentry, char *buffer, int len);
19861 extern int smb_symlink(struct inode *inode, struct dentry *dentry, const char *oldname);
19862 extern int smb_follow_link(struct dentry *dentry, struct nameidata *nd);
19863 -extern struct inode_operations smb_link_inode_operations;
19864 +extern const struct inode_operations smb_link_inode_operations;
19865 diff -urNp linux-2.4.37.7/fs/smbfs/symlink.c linux-2.4.37.7/fs/smbfs/symlink.c
19866 --- linux-2.4.37.7/fs/smbfs/symlink.c 2009-11-07 11:52:20.000000000 -0500
19867 +++ linux-2.4.37.7/fs/smbfs/symlink.c 2009-11-10 19:30:27.000000000 -0500
19868 @@ -83,8 +83,7 @@ out:
19872 -struct inode_operations smb_link_inode_operations =
19874 +const struct inode_operations smb_link_inode_operations = {
19875 .readlink = smb_read_link,
19876 .follow_link = smb_follow_link,
19878 diff -urNp linux-2.4.37.7/fs/super.c linux-2.4.37.7/fs/super.c
19879 --- linux-2.4.37.7/fs/super.c 2009-11-07 11:52:20.000000000 -0500
19880 +++ linux-2.4.37.7/fs/super.c 2009-11-10 19:30:27.000000000 -0500
19881 @@ -263,7 +263,7 @@ struct file_system_type *get_fs_type(con
19883 static struct super_block *alloc_super(void)
19885 - static struct super_operations empty_sops = {};
19886 + static const struct super_operations empty_sops = {};
19887 struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER);
19889 memset(s, 0, sizeof(struct super_block));
19890 @@ -828,7 +828,7 @@ void kill_super(struct super_block *sb)
19892 struct dentry *root = sb->s_root;
19893 struct file_system_type *fs = sb->s_type;
19894 - struct super_operations *sop = sb->s_op;
19895 + const struct super_operations *sop = sb->s_op;
19897 if (!deactivate_super(sb))
19899 diff -urNp linux-2.4.37.7/fs/sysv/dir.c linux-2.4.37.7/fs/sysv/dir.c
19900 --- linux-2.4.37.7/fs/sysv/dir.c 2009-11-07 11:52:20.000000000 -0500
19901 +++ linux-2.4.37.7/fs/sysv/dir.c 2009-11-10 19:30:27.000000000 -0500
19904 static int sysv_readdir(struct file *, void *, filldir_t);
19906 -struct file_operations sysv_dir_operations = {
19907 +const struct file_operations sysv_dir_operations = {
19908 read: generic_read_dir,
19909 readdir: sysv_readdir,
19910 fsync: sysv_sync_file,
19911 diff -urNp linux-2.4.37.7/fs/sysv/file.c linux-2.4.37.7/fs/sysv/file.c
19912 --- linux-2.4.37.7/fs/sysv/file.c 2009-11-07 11:52:20.000000000 -0500
19913 +++ linux-2.4.37.7/fs/sysv/file.c 2009-11-10 19:30:27.000000000 -0500
19915 * We have mostly NULLs here: the current defaults are OK for
19916 * the coh filesystem.
19918 -struct file_operations sysv_file_operations = {
19919 +const struct file_operations sysv_file_operations = {
19920 llseek: generic_file_llseek,
19921 read: generic_file_read,
19922 write: generic_file_write,
19923 @@ -28,7 +28,7 @@ struct file_operations sysv_file_operati
19924 fsync: sysv_sync_file,
19927 -struct inode_operations sysv_file_inode_operations = {
19928 +const struct inode_operations sysv_file_inode_operations = {
19929 truncate: sysv_truncate,
19932 diff -urNp linux-2.4.37.7/fs/sysv/inode.c linux-2.4.37.7/fs/sysv/inode.c
19933 --- linux-2.4.37.7/fs/sysv/inode.c 2009-11-07 11:52:20.000000000 -0500
19934 +++ linux-2.4.37.7/fs/sysv/inode.c 2009-11-10 19:30:27.000000000 -0500
19935 @@ -114,7 +114,7 @@ static inline void write3byte(struct sup
19939 -static struct inode_operations sysv_symlink_inode_operations = {
19940 +static const struct inode_operations sysv_symlink_inode_operations = {
19941 readlink: page_readlink,
19942 follow_link: page_follow_link,
19944 @@ -261,7 +261,7 @@ static void sysv_delete_inode(struct ino
19948 -struct super_operations sysv_sops = {
19949 +const struct super_operations sysv_sops = {
19950 read_inode: sysv_read_inode,
19951 write_inode: sysv_write_inode,
19952 delete_inode: sysv_delete_inode,
19953 diff -urNp linux-2.4.37.7/fs/sysv/itree.c linux-2.4.37.7/fs/sysv/itree.c
19954 --- linux-2.4.37.7/fs/sysv/itree.c 2009-11-07 11:52:20.000000000 -0500
19955 +++ linux-2.4.37.7/fs/sysv/itree.c 2009-11-10 19:30:27.000000000 -0500
19956 @@ -429,7 +429,7 @@ static int sysv_bmap(struct address_spac
19958 return generic_block_bmap(mapping,block,get_block);
19960 -struct address_space_operations sysv_aops = {
19961 +const struct address_space_operations sysv_aops = {
19962 readpage: sysv_readpage,
19963 writepage: sysv_writepage,
19964 sync_page: block_sync_page,
19965 diff -urNp linux-2.4.37.7/fs/sysv/namei.c linux-2.4.37.7/fs/sysv/namei.c
19966 --- linux-2.4.37.7/fs/sysv/namei.c 2009-11-07 11:52:20.000000000 -0500
19967 +++ linux-2.4.37.7/fs/sysv/namei.c 2009-11-10 19:30:27.000000000 -0500
19968 @@ -60,7 +60,7 @@ static int sysv_hash(struct dentry *dent
19972 -struct dentry_operations sysv_dentry_operations = {
19973 +const struct dentry_operations sysv_dentry_operations = {
19977 @@ -310,7 +310,7 @@ out:
19979 * directories can handle most operations...
19981 -struct inode_operations sysv_dir_inode_operations = {
19982 +const struct inode_operations sysv_dir_inode_operations = {
19983 create: sysv_create,
19984 lookup: sysv_lookup,
19986 diff -urNp linux-2.4.37.7/fs/sysv/symlink.c linux-2.4.37.7/fs/sysv/symlink.c
19987 --- linux-2.4.37.7/fs/sysv/symlink.c 2009-11-07 11:52:20.000000000 -0500
19988 +++ linux-2.4.37.7/fs/sysv/symlink.c 2009-11-10 19:30:27.000000000 -0500
19989 @@ -19,7 +19,7 @@ static int sysv_follow_link(struct dentr
19990 return vfs_follow_link(nd, s);
19993 -struct inode_operations sysv_fast_symlink_inode_operations = {
19994 +const struct inode_operations sysv_fast_symlink_inode_operations = {
19995 readlink: sysv_readlink,
19996 follow_link: sysv_follow_link,
19998 diff -urNp linux-2.4.37.7/fs/udf/dir.c linux-2.4.37.7/fs/udf/dir.c
19999 --- linux-2.4.37.7/fs/udf/dir.c 2009-11-07 11:52:20.000000000 -0500
20000 +++ linux-2.4.37.7/fs/udf/dir.c 2009-11-10 19:30:27.000000000 -0500
20001 @@ -45,7 +45,7 @@ static int do_udf_readdir(struct inode *
20003 /* readdir and lookup functions */
20005 -struct file_operations udf_dir_operations = {
20006 +const struct file_operations udf_dir_operations = {
20007 read: generic_read_dir,
20008 readdir: udf_readdir,
20010 diff -urNp linux-2.4.37.7/fs/udf/file.c linux-2.4.37.7/fs/udf/file.c
20011 --- linux-2.4.37.7/fs/udf/file.c 2009-11-07 11:52:20.000000000 -0500
20012 +++ linux-2.4.37.7/fs/udf/file.c 2009-11-10 19:30:27.000000000 -0500
20013 @@ -142,7 +142,7 @@ out:
20017 -struct address_space_operations udf_adinicb_aops = {
20018 +const struct address_space_operations udf_adinicb_aops = {
20019 readpage: udf_adinicb_readpage,
20020 writepage: udf_adinicb_writepage,
20021 sync_page: block_sync_page,
20022 @@ -360,7 +360,7 @@ static int udf_open_file(struct inode *
20026 -struct file_operations udf_file_operations = {
20027 +const struct file_operations udf_file_operations = {
20028 read: generic_file_read,
20030 open: udf_open_file,
20031 @@ -370,6 +370,6 @@ struct file_operations udf_file_operatio
20032 fsync: udf_fsync_file,
20035 -struct inode_operations udf_file_inode_operations = {
20036 +const struct inode_operations udf_file_inode_operations = {
20037 truncate: udf_truncate,
20039 diff -urNp linux-2.4.37.7/fs/udf/inode.c linux-2.4.37.7/fs/udf/inode.c
20040 --- linux-2.4.37.7/fs/udf/inode.c 2009-11-07 11:52:20.000000000 -0500
20041 +++ linux-2.4.37.7/fs/udf/inode.c 2009-11-10 19:30:27.000000000 -0500
20042 @@ -151,7 +151,7 @@ static int udf_bmap(struct address_space
20043 return generic_block_bmap(mapping,block,udf_get_block);
20046 -struct address_space_operations udf_aops = {
20047 +const struct address_space_operations udf_aops = {
20048 readpage: udf_readpage,
20049 writepage: udf_writepage,
20050 sync_page: block_sync_page,
20051 diff -urNp linux-2.4.37.7/fs/udf/namei.c linux-2.4.37.7/fs/udf/namei.c
20052 --- linux-2.4.37.7/fs/udf/namei.c 2009-11-07 11:52:20.000000000 -0500
20053 +++ linux-2.4.37.7/fs/udf/namei.c 2009-11-10 19:30:27.000000000 -0500
20054 @@ -1287,7 +1287,7 @@ end_rename:
20058 -struct inode_operations udf_dir_inode_operations = {
20059 +const struct inode_operations udf_dir_inode_operations = {
20060 lookup: udf_lookup,
20061 create: udf_create,
20063 diff -urNp linux-2.4.37.7/fs/udf/super.c linux-2.4.37.7/fs/udf/super.c
20064 --- linux-2.4.37.7/fs/udf/super.c 2009-11-07 11:52:20.000000000 -0500
20065 +++ linux-2.4.37.7/fs/udf/super.c 2009-11-10 19:30:27.000000000 -0500
20066 @@ -99,7 +99,7 @@ static int udf_statfs(struct super_block
20067 static DECLARE_FSTYPE_DEV(udf_fstype, "udf", udf_read_super);
20069 /* Superblock operations */
20070 -static struct super_operations udf_sb_ops = {
20071 +static const struct super_operations udf_sb_ops = {
20072 read_inode: udf_read_inode,
20073 write_inode: udf_write_inode,
20074 put_inode: udf_put_inode,
20075 diff -urNp linux-2.4.37.7/fs/udf/symlink.c linux-2.4.37.7/fs/udf/symlink.c
20076 --- linux-2.4.37.7/fs/udf/symlink.c 2009-11-07 11:52:20.000000000 -0500
20077 +++ linux-2.4.37.7/fs/udf/symlink.c 2009-11-10 19:30:27.000000000 -0500
20078 @@ -124,6 +124,6 @@ out:
20080 * symlinks can't do much...
20082 -struct address_space_operations udf_symlink_aops = {
20083 +const struct address_space_operations udf_symlink_aops = {
20084 readpage: udf_symlink_filler,
20086 diff -urNp linux-2.4.37.7/fs/udf/udfdecl.h linux-2.4.37.7/fs/udf/udfdecl.h
20087 --- linux-2.4.37.7/fs/udf/udfdecl.h 2009-11-07 11:52:20.000000000 -0500
20088 +++ linux-2.4.37.7/fs/udf/udfdecl.h 2009-11-10 19:30:27.000000000 -0500
20089 @@ -50,13 +50,13 @@ struct task_struct;
20090 struct buffer_head;
20091 struct super_block;
20093 -extern struct inode_operations udf_dir_inode_operations;
20094 -extern struct file_operations udf_dir_operations;
20095 -extern struct inode_operations udf_file_inode_operations;
20096 -extern struct file_operations udf_file_operations;
20097 -extern struct address_space_operations udf_aops;
20098 -extern struct address_space_operations udf_adinicb_aops;
20099 -extern struct address_space_operations udf_symlink_aops;
20100 +extern const struct inode_operations udf_dir_inode_operations;
20101 +extern const struct file_operations udf_dir_operations;
20102 +extern const struct inode_operations udf_file_inode_operations;
20103 +extern const struct file_operations udf_file_operations;
20104 +extern const struct address_space_operations udf_aops;
20105 +extern const struct address_space_operations udf_adinicb_aops;
20106 +extern const struct address_space_operations udf_symlink_aops;
20108 struct udf_fileident_bh
20110 diff -urNp linux-2.4.37.7/fs/ufs/dir.c linux-2.4.37.7/fs/ufs/dir.c
20111 --- linux-2.4.37.7/fs/ufs/dir.c 2009-11-07 11:52:20.000000000 -0500
20112 +++ linux-2.4.37.7/fs/ufs/dir.c 2009-11-10 19:30:27.000000000 -0500
20113 @@ -615,7 +615,7 @@ int ufs_empty_dir (struct inode * inode)
20117 -struct file_operations ufs_dir_operations = {
20118 +const struct file_operations ufs_dir_operations = {
20119 read: generic_read_dir,
20120 readdir: ufs_readdir,
20122 diff -urNp linux-2.4.37.7/fs/ufs/file.c linux-2.4.37.7/fs/ufs/file.c
20123 --- linux-2.4.37.7/fs/ufs/file.c 2009-11-07 11:52:20.000000000 -0500
20124 +++ linux-2.4.37.7/fs/ufs/file.c 2009-11-10 19:30:27.000000000 -0500
20126 * the ufs filesystem.
20129 -struct file_operations ufs_file_operations = {
20130 +const struct file_operations ufs_file_operations = {
20131 llseek: generic_file_llseek,
20132 read: generic_file_read,
20133 write: generic_file_write,
20134 @@ -49,6 +49,6 @@ struct file_operations ufs_file_operatio
20135 open: generic_file_open,
20138 -struct inode_operations ufs_file_inode_operations = {
20139 +const struct inode_operations ufs_file_inode_operations = {
20140 truncate: ufs_truncate,
20142 diff -urNp linux-2.4.37.7/fs/ufs/inode.c linux-2.4.37.7/fs/ufs/inode.c
20143 --- linux-2.4.37.7/fs/ufs/inode.c 2009-11-07 11:52:20.000000000 -0500
20144 +++ linux-2.4.37.7/fs/ufs/inode.c 2009-11-10 19:30:27.000000000 -0500
20145 @@ -467,7 +467,7 @@ static int ufs_bmap(struct address_space
20147 return generic_block_bmap(mapping,block,ufs_getfrag_block);
20149 -struct address_space_operations ufs_aops = {
20150 +const struct address_space_operations ufs_aops = {
20151 readpage: ufs_readpage,
20152 writepage: ufs_writepage,
20153 sync_page: block_sync_page,
20154 diff -urNp linux-2.4.37.7/fs/ufs/namei.c linux-2.4.37.7/fs/ufs/namei.c
20155 --- linux-2.4.37.7/fs/ufs/namei.c 2009-11-07 11:52:20.000000000 -0500
20156 +++ linux-2.4.37.7/fs/ufs/namei.c 2009-11-10 19:30:27.000000000 -0500
20157 @@ -324,7 +324,7 @@ out:
20161 -struct inode_operations ufs_dir_inode_operations = {
20162 +const struct inode_operations ufs_dir_inode_operations = {
20163 create: ufs_create,
20164 lookup: ufs_lookup,
20166 diff -urNp linux-2.4.37.7/fs/ufs/super.c linux-2.4.37.7/fs/ufs/super.c
20167 --- linux-2.4.37.7/fs/ufs/super.c 2009-11-07 11:52:20.000000000 -0500
20168 +++ linux-2.4.37.7/fs/ufs/super.c 2009-11-10 19:30:27.000000000 -0500
20169 @@ -177,7 +177,7 @@ void ufs_print_cylinder_stuff(struct sup
20171 #endif /* UFS_SUPER_DEBUG_MORE */
20173 -static struct super_operations ufs_super_ops;
20174 +static const struct super_operations ufs_super_ops;
20176 static char error_buf[1024];
20178 @@ -980,7 +980,7 @@ int ufs_statfs (struct super_block * sb,
20182 -static struct super_operations ufs_super_ops = {
20183 +static const struct super_operations ufs_super_ops = {
20184 read_inode: ufs_read_inode,
20185 write_inode: ufs_write_inode,
20186 delete_inode: ufs_delete_inode,
20187 diff -urNp linux-2.4.37.7/fs/ufs/symlink.c linux-2.4.37.7/fs/ufs/symlink.c
20188 --- linux-2.4.37.7/fs/ufs/symlink.c 2009-11-07 11:52:20.000000000 -0500
20189 +++ linux-2.4.37.7/fs/ufs/symlink.c 2009-11-10 19:30:27.000000000 -0500
20190 @@ -39,7 +39,7 @@ static int ufs_follow_link(struct dentry
20191 return vfs_follow_link(nd, s);
20194 -struct inode_operations ufs_fast_symlink_inode_operations = {
20195 +const struct inode_operations ufs_fast_symlink_inode_operations = {
20196 readlink: ufs_readlink,
20197 follow_link: ufs_follow_link,
20199 diff -urNp linux-2.4.37.7/fs/umsdos/dir.c linux-2.4.37.7/fs/umsdos/dir.c
20200 --- linux-2.4.37.7/fs/umsdos/dir.c 2009-11-07 11:52:20.000000000 -0500
20201 +++ linux-2.4.37.7/fs/umsdos/dir.c 2009-11-10 19:30:27.000000000 -0500
20202 @@ -45,8 +45,7 @@ static int umsdos_dentry_dput(struct den
20206 -struct dentry_operations umsdos_dentry_operations =
20208 +const struct dentry_operations umsdos_dentry_operations = {
20209 d_revalidate: umsdos_dentry_validate,
20210 d_delete: umsdos_dentry_dput,
20212 @@ -787,15 +786,13 @@ out_release:
20216 -struct file_operations umsdos_dir_operations =
20218 +const struct file_operations umsdos_dir_operations = {
20219 read: generic_read_dir,
20220 readdir: UMSDOS_readdir,
20221 ioctl: UMSDOS_ioctl_dir,
20224 -struct inode_operations umsdos_dir_inode_operations =
20226 +const struct inode_operations umsdos_dir_inode_operations = {
20227 create: UMSDOS_create,
20228 lookup: UMSDOS_lookup,
20230 diff -urNp linux-2.4.37.7/fs/umsdos/inode.c linux-2.4.37.7/fs/umsdos/inode.c
20231 --- linux-2.4.37.7/fs/umsdos/inode.c 2009-11-07 11:52:20.000000000 -0500
20232 +++ linux-2.4.37.7/fs/umsdos/inode.c 2009-11-10 19:30:27.000000000 -0500
20234 #include <linux/list.h>
20235 #include <linux/pagemap.h>
20237 -extern struct dentry_operations umsdos_dentry_operations;
20238 +extern const struct dentry_operations umsdos_dentry_operations;
20240 struct dentry *saved_root; /* Original root if changed */
20241 struct inode *pseudo_root; /* Useful to simulate the pseudo DOS */
20242 @@ -106,12 +106,12 @@ void umsdos_set_dirinfo_new (struct dent
20246 -static struct inode_operations umsdos_file_inode_operations = {
20247 +static const struct inode_operations umsdos_file_inode_operations = {
20248 truncate: fat_truncate,
20249 setattr: UMSDOS_notify_change,
20252 -static struct inode_operations umsdos_symlink_inode_operations = {
20253 +static const struct inode_operations umsdos_symlink_inode_operations = {
20254 readlink: page_readlink,
20255 follow_link: page_follow_link,
20256 setattr: UMSDOS_notify_change,
20257 @@ -331,8 +331,7 @@ void UMSDOS_write_inode (struct inode *i
20261 -static struct super_operations umsdos_sops =
20263 +static const struct super_operations umsdos_sops = {
20264 write_inode: UMSDOS_write_inode,
20265 put_inode: UMSDOS_put_inode,
20266 delete_inode: fat_delete_inode,
20267 diff -urNp linux-2.4.37.7/fs/umsdos/rdir.c linux-2.4.37.7/fs/umsdos/rdir.c
20268 --- linux-2.4.37.7/fs/umsdos/rdir.c 2009-11-07 11:52:20.000000000 -0500
20269 +++ linux-2.4.37.7/fs/umsdos/rdir.c 2009-11-10 19:30:27.000000000 -0500
20272 extern struct dentry *saved_root;
20273 extern struct inode *pseudo_root;
20274 -extern struct dentry_operations umsdos_dentry_operations;
20275 +extern const struct dentry_operations umsdos_dentry_operations;
20277 struct RDIR_FILLDIR {
20279 @@ -224,15 +224,13 @@ out:
20280 * have a "r" prefix (r for real) such as UMSDOS_rlookup, to differentiate
20281 * from the one with full UMSDOS semantics.
20283 -struct file_operations umsdos_rdir_operations =
20285 +const struct file_operations umsdos_rdir_operations = {
20286 read: generic_read_dir,
20287 readdir: UMSDOS_rreaddir,
20288 ioctl: UMSDOS_ioctl_dir,
20291 -struct inode_operations umsdos_rdir_inode_operations =
20293 +const struct inode_operations umsdos_rdir_inode_operations = {
20294 create: msdos_create,
20295 lookup: UMSDOS_rlookup,
20296 unlink: msdos_unlink,
20297 diff -urNp linux-2.4.37.7/fs/vfat/namei.c linux-2.4.37.7/fs/vfat/namei.c
20298 --- linux-2.4.37.7/fs/vfat/namei.c 2009-11-07 11:52:20.000000000 -0500
20299 +++ linux-2.4.37.7/fs/vfat/namei.c 2009-11-10 19:30:27.000000000 -0500
20300 @@ -51,7 +51,7 @@ static int vfat_cmpi(struct dentry *dent
20301 static int vfat_cmp(struct dentry *dentry, struct qstr *a, struct qstr *b);
20302 static int vfat_revalidate(struct dentry *dentry, int);
20304 -static struct dentry_operations vfat_dentry_ops[4] = {
20305 +static const struct dentry_operations vfat_dentry_ops[4] = {
20307 d_hash: vfat_hashi,
20308 d_compare: vfat_cmpi,
20309 @@ -1251,7 +1251,7 @@ rename_done:
20312 /* Public inode operations for the VFAT fs */
20313 -struct inode_operations vfat_dir_inode_operations = {
20314 +const struct inode_operations vfat_dir_inode_operations = {
20315 create: vfat_create,
20316 lookup: vfat_lookup,
20317 unlink: vfat_unlink,
20318 diff -urNp linux-2.4.37.7/fs/xfs/linux-2.4/xfs_aops.c linux-2.4.37.7/fs/xfs/linux-2.4/xfs_aops.c
20319 --- linux-2.4.37.7/fs/xfs/linux-2.4/xfs_aops.c 2009-11-07 11:52:20.000000000 -0500
20320 +++ linux-2.4.37.7/fs/xfs/linux-2.4/xfs_aops.c 2009-11-10 19:30:27.000000000 -0500
20321 @@ -1287,7 +1287,7 @@ linvfs_direct_IO(
20325 -struct address_space_operations linvfs_aops = {
20326 +const struct address_space_operations linvfs_aops = {
20327 .readpage = linvfs_readpage,
20328 .writepage = linvfs_writepage,
20329 .sync_page = block_sync_page,
20330 diff -urNp linux-2.4.37.7/fs/xfs/linux-2.4/xfs_buf.c linux-2.4.37.7/fs/xfs/linux-2.4/xfs_buf.c
20331 --- linux-2.4.37.7/fs/xfs/linux-2.4/xfs_buf.c 2009-11-07 11:52:20.000000000 -0500
20332 +++ linux-2.4.37.7/fs/xfs/linux-2.4/xfs_buf.c 2009-11-10 19:30:27.000000000 -0500
20333 @@ -1508,7 +1508,7 @@ xfs_mapping_buftarg(
20335 struct inode *inode;
20336 struct address_space *mapping;
20337 - static struct address_space_operations mapping_aops = {
20338 + static const struct address_space_operations mapping_aops = {
20339 .sync_page = block_sync_page,
20342 diff -urNp linux-2.4.37.7/fs/xfs/linux-2.4/xfs_file.c linux-2.4.37.7/fs/xfs/linux-2.4/xfs_file.c
20343 --- linux-2.4.37.7/fs/xfs/linux-2.4/xfs_file.c 2009-11-07 11:52:20.000000000 -0500
20344 +++ linux-2.4.37.7/fs/xfs/linux-2.4/xfs_file.c 2009-11-10 19:30:27.000000000 -0500
20346 #include <linux/smp_lock.h>
20347 #include <linux/mman.h> /* for PROT_WRITE */
20349 -static struct vm_operations_struct linvfs_file_vm_ops;
20350 +static const struct vm_operations_struct linvfs_file_vm_ops;
20352 STATIC inline ssize_t
20354 @@ -330,6 +330,11 @@ linvfs_file_mmap(
20358 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(__i386__)
20359 + if ((vma->vm_mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_EXEC))
20360 + vma->vm_page_prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(vma->vm_page_prot)))));
20363 vma->vm_ops = &linvfs_file_vm_ops;
20365 VOP_SETATTR(vp, &va, XFS_AT_UPDATIME, NULL, error);
20366 @@ -409,7 +414,7 @@ linvfs_mprotect(
20367 #endif /* HAVE_VMOP_MPROTECT */
20370 -struct file_operations linvfs_file_operations = {
20371 +const struct file_operations linvfs_file_operations = {
20372 .llseek = generic_file_llseek,
20373 .read = linvfs_read,
20374 .write = linvfs_write,
20375 @@ -420,7 +425,7 @@ struct file_operations linvfs_file_opera
20376 .fsync = linvfs_fsync,
20379 -struct file_operations linvfs_invis_file_operations = {
20380 +const struct file_operations linvfs_invis_file_operations = {
20381 .llseek = generic_file_llseek,
20382 .read = linvfs_read_invis,
20383 .write = linvfs_write_invis,
20384 @@ -432,14 +437,14 @@ struct file_operations linvfs_invis_file
20388 -struct file_operations linvfs_dir_operations = {
20389 +const struct file_operations linvfs_dir_operations = {
20390 .read = generic_read_dir,
20391 .readdir = linvfs_readdir,
20392 .ioctl = linvfs_ioctl,
20393 .fsync = linvfs_fsync,
20396 -static struct vm_operations_struct linvfs_file_vm_ops = {
20397 +static const struct vm_operations_struct linvfs_file_vm_ops = {
20398 .nopage = filemap_nopage,
20399 #ifdef HAVE_VMOP_MPROTECT
20400 .mprotect = linvfs_mprotect,
20401 diff -urNp linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.c linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.c
20402 --- linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.c 2009-11-07 11:52:20.000000000 -0500
20403 +++ linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.c 2009-11-10 19:30:27.000000000 -0500
20404 @@ -647,7 +647,7 @@ linvfs_removexattr(
20408 -struct inode_operations linvfs_file_inode_operations = {
20409 +const struct inode_operations linvfs_file_inode_operations = {
20410 .permission = linvfs_permission,
20411 .truncate = linvfs_truncate,
20412 .revalidate = linvfs_revalidate,
20413 @@ -658,7 +658,7 @@ struct inode_operations linvfs_file_inod
20414 .removexattr = linvfs_removexattr,
20417 -struct inode_operations linvfs_dir_inode_operations = {
20418 +const struct inode_operations linvfs_dir_inode_operations = {
20419 .create = linvfs_create,
20420 .lookup = linvfs_lookup,
20421 .link = linvfs_link,
20422 @@ -677,7 +677,7 @@ struct inode_operations linvfs_dir_inode
20423 .removexattr = linvfs_removexattr,
20426 -struct inode_operations linvfs_symlink_inode_operations = {
20427 +const struct inode_operations linvfs_symlink_inode_operations = {
20428 .readlink = linvfs_readlink,
20429 .follow_link = linvfs_follow_link,
20430 .permission = linvfs_permission,
20431 diff -urNp linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.h linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.h
20432 --- linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.h 2009-11-07 11:52:20.000000000 -0500
20433 +++ linux-2.4.37.7/fs/xfs/linux-2.4/xfs_iops.h 2009-11-10 19:30:27.000000000 -0500
20434 @@ -32,15 +32,15 @@
20435 #ifndef __XFS_IOPS_H__
20436 #define __XFS_IOPS_H__
20438 -extern struct inode_operations linvfs_file_inode_operations;
20439 -extern struct inode_operations linvfs_dir_inode_operations;
20440 -extern struct inode_operations linvfs_symlink_inode_operations;
20442 -extern struct file_operations linvfs_file_operations;
20443 -extern struct file_operations linvfs_invis_file_operations;
20444 -extern struct file_operations linvfs_dir_operations;
20445 +extern const struct inode_operations linvfs_file_inode_operations;
20446 +extern const struct inode_operations linvfs_dir_inode_operations;
20447 +extern const struct inode_operations linvfs_symlink_inode_operations;
20449 +extern const struct file_operations linvfs_file_operations;
20450 +extern const struct file_operations linvfs_invis_file_operations;
20451 +extern const struct file_operations linvfs_dir_operations;
20453 -extern struct address_space_operations linvfs_aops;
20454 +extern const struct address_space_operations linvfs_aops;
20456 extern int linvfs_get_block(struct inode *, long, struct buffer_head *, int);
20457 extern void linvfs_unwritten_done(struct buffer_head *, int);
20458 diff -urNp linux-2.4.37.7/fs/xfs/linux-2.4/xfs_super.c linux-2.4.37.7/fs/xfs/linux-2.4/xfs_super.c
20459 --- linux-2.4.37.7/fs/xfs/linux-2.4/xfs_super.c 2009-11-07 11:52:20.000000000 -0500
20460 +++ linux-2.4.37.7/fs/xfs/linux-2.4/xfs_super.c 2009-11-10 19:30:27.000000000 -0500
20462 #include <linux/init.h>
20464 STATIC struct quotactl_ops linvfs_qops;
20465 -STATIC struct super_operations linvfs_sops;
20466 +STATIC const struct super_operations linvfs_sops;
20467 STATIC kmem_zone_t *linvfs_inode_zone;
20468 STATIC kmem_shaker_t xfs_inode_shaker;
20470 @@ -958,7 +958,7 @@ fail_vfsop:
20474 -STATIC struct super_operations linvfs_sops = {
20475 +STATIC const struct super_operations linvfs_sops = {
20476 .alloc_inode = linvfs_alloc_inode,
20477 .destroy_inode = linvfs_destroy_inode,
20478 .write_inode = linvfs_write_inode,
20479 diff -urNp linux-2.4.37.7/grsecurity/Config.in linux-2.4.37.7/grsecurity/Config.in
20480 --- linux-2.4.37.7/grsecurity/Config.in 1969-12-31 19:00:00.000000000 -0500
20481 +++ linux-2.4.37.7/grsecurity/Config.in 2009-11-10 19:30:27.000000000 -0500
20483 +define_bool CONFIG_CRYPTO y
20484 +define_bool CONFIG_CRYPTO_SHA256 y
20485 +choice 'Security level' \
20486 + "Low CONFIG_GRKERNSEC_LOW \
20487 + Medium CONFIG_GRKERNSEC_MID \
20488 + High CONFIG_GRKERNSEC_HI \
20489 + Customized CONFIG_GRKERNSEC_CUSTOM" Customized
20490 +if [ "$CONFIG_GRKERNSEC_LOW" = "y" ]; then
20491 +define_bool CONFIG_GRKERNSEC_FORKFAIL n
20492 +define_bool CONFIG_GRKERNSEC_TIME n
20493 +define_bool CONFIG_GRKERNSEC_SIGNAL n
20494 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
20495 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT n
20496 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
20497 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE n
20498 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT n
20499 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD n
20500 +define_bool CONFIG_GRKERNSEC_PROC n
20501 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
20502 +define_bool CONFIG_GRKERNSEC_PROC_MEMMAP n
20503 +define_bool CONFIG_GRKERNSEC_HIDESYM n
20504 +define_bool CONFIG_GRKERNSEC_BRUTE n
20505 +define_bool CONFIG_GRKERNSEC_SHM n
20506 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
20507 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL n
20508 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP n
20509 +define_bool CONFIG_GRKERNSEC_KMEM n
20510 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
20511 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
20512 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
20513 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
20514 +define_bool CONFIG_PAX_RANDUSTACK n
20515 +define_bool CONFIG_PAX_ASLR n
20516 +define_bool CONFIG_PAX_RANDMMAP n
20517 +define_bool CONFIG_PAX_NOEXEC n
20518 +define_bool CONFIG_PAX_PAGEEXEC n
20519 +define_bool CONFIG_PAX_NOELFRELOCS n
20520 +define_bool CONFIG_PAX_ETEXECRELOCS n
20521 +define_bool CONFIG_PAX_MPROTECT n
20522 +define_bool CONFIG_PAX_SOFTMODE n
20523 +define_bool CONFIG_PAX_EI_PAX n
20524 +define_bool CONFIG_PAX_PT_PAX_FLAGS n
20525 +define_bool CONFIG_PAX_NO_ACL_FLAGS n
20526 +define_bool CONFIG_PAX_EMUTRAMP n
20527 +define_bool CONFIG_PAX_EMUSIGRT n
20528 +if [ "$CONFIG_X86" = "y" ]; then
20529 +define_bool CONFIG_PAX_RANDKSTACK n
20530 +define_bool CONFIG_PAX_KERNEXEC n
20531 +define_bool CONFIG_GRKERNSEC_IO n
20532 +define_bool CONFIG_PAX_SEGMEXEC n
20534 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
20535 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
20536 +define_bool CONFIG_GRKERNSEC_RESLOG n
20537 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
20538 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
20540 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
20541 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
20542 +define_bool CONFIG_GRKERNSEC_LINK y
20543 +define_bool CONFIG_GRKERNSEC_FIFO y
20544 +define_bool CONFIG_GRKERNSEC_EXECVE y
20545 +define_bool CONFIG_GRKERNSEC_RANDNET y
20546 +define_bool CONFIG_GRKERNSEC_DMESG y
20547 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
20548 +define_bool CONFIG_GRKERNSEC_KHEAP y
20549 +if [ "$CONFIG_MODULES" != "n" ]; then
20550 +define_bool CONFIG_GRKERNSEC_MODSTOP y
20553 +if [ "$CONFIG_GRKERNSEC_MID" = "y" ]; then
20554 +define_bool CONFIG_GRKERNSEC_KMEM n
20555 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
20556 +define_bool CONFIG_GRKERNSEC_HIDESYM n
20557 +define_bool CONFIG_GRKERNSEC_PROC_ADD n
20558 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD n
20559 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE n
20560 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK n
20561 +define_bool CONFIG_PAX_NOEXEC n
20562 +define_bool CONFIG_PAX_PAGEEXEC n
20563 +define_bool CONFIG_PAX_NOELFRELOCS n
20564 +define_bool CONFIG_PAX_ETEXECRELOCS n
20565 +define_bool CONFIG_PAX_MPROTECT n
20566 +define_bool CONFIG_PAX_SOFTMODE n
20567 +define_bool CONFIG_PAX_EI_PAX y
20568 +define_bool CONFIG_PAX_PT_PAX_FLAGS y
20569 +define_bool CONFIG_PAX_HAVE_ACL_FLAGS y
20570 +define_bool CONFIG_PAX_EMUTRAMP n
20571 +define_bool CONFIG_PAX_EMUSIGRT n
20572 +if [ "$CONFIG_X86" = "y" ]; then
20573 +define_bool CONFIG_GRKERNSEC_IO n
20574 +define_bool CONFIG_PAX_SEGMEXEC n
20576 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
20577 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS n
20578 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
20579 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR n
20580 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
20581 +define_bool CONFIG_GRKERNSEC_RESLOG n
20582 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
20583 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
20585 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
20586 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
20587 +define_bool CONFIG_GRKERNSEC_KHEAP y
20588 +define_bool CONFIG_GRKERNSEC_PROC_MEMMAP y
20589 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
20590 +define_bool CONFIG_GRKERNSEC_LINK y
20591 +define_bool CONFIG_GRKERNSEC_FIFO y
20592 +define_bool CONFIG_GRKERNSEC_EXECVE y
20593 +define_bool CONFIG_GRKERNSEC_DMESG y
20594 +define_bool CONFIG_GRKERNSEC_RANDNET y
20595 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
20596 +define_bool CONFIG_GRKERNSEC_TIME y
20597 +define_bool CONFIG_GRKERNSEC_SIGNAL y
20598 +define_bool CONFIG_GRKERNSEC_CHROOT y
20599 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT n
20600 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
20601 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
20602 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
20603 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
20604 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
20605 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
20606 +define_bool CONFIG_GRKERNSEC_PROC y
20607 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
20608 +define_int CONFIG_GRKERNSEC_PROC_GID 10
20609 +define_bool CONFIG_PAX_RANDUSTACK y
20610 +define_bool CONFIG_PAX_RANDKSTACK n
20611 +define_bool CONFIG_PAX_KERNEXEC n
20612 +define_bool CONFIG_PAX_ASLR y
20613 +define_bool CONFIG_PAX_RANDMMAP y
20614 +define_bool CONFIG_GRKERNSEC_BRUTE n
20615 +define_bool CONFIG_GRKERNSEC_SHM n
20616 +if [ "$CONFIG_MODULES" != "n" ]; then
20617 +define_bool CONFIG_GRKERNSEC_MODSTOP y
20620 +if [ "$CONFIG_GRKERNSEC_HI" = "y" ]; then
20621 +define_int CONFIG_GRKERNSEC_FLOODTIME 10
20622 +define_int CONFIG_GRKERNSEC_FLOODBURST 4
20623 +if [ "$CONFIG_MODULES" != "n" ]; then
20624 +define_bool CONFIG_GRKERNSEC_MODSTOP y
20626 +define_bool CONFIG_GRKERNSEC_KHEAP y
20627 +define_bool CONFIG_GRKERNSEC_LINK y
20628 +define_bool CONFIG_GRKERNSEC_FIFO y
20629 +define_bool CONFIG_GRKERNSEC_EXECVE y
20630 +define_bool CONFIG_GRKERNSEC_DMESG y
20631 +define_bool CONFIG_GRKERNSEC_FORKFAIL y
20632 +define_bool CONFIG_GRKERNSEC_TIME y
20633 +define_bool CONFIG_GRKERNSEC_SHM y
20634 +define_bool CONFIG_GRKERNSEC_SIGNAL y
20635 +define_bool CONFIG_GRKERNSEC_CHROOT_SHMAT y
20636 +define_bool CONFIG_GRKERNSEC_CHROOT_UNIX y
20637 +define_bool CONFIG_GRKERNSEC_CHROOT_MOUNT y
20638 +define_bool CONFIG_GRKERNSEC_CHROOT_FCHDIR y
20639 +define_bool CONFIG_GRKERNSEC_CHROOT_PIVOT y
20640 +define_bool CONFIG_GRKERNSEC_CHROOT_DOUBLE y
20641 +define_bool CONFIG_GRKERNSEC_CHROOT_CHDIR y
20642 +define_bool CONFIG_GRKERNSEC_CHROOT_MKNOD y
20643 +define_bool CONFIG_GRKERNSEC_CHROOT_CAPS y
20644 +define_bool CONFIG_GRKERNSEC_CHROOT_SYSCTL y
20645 +define_bool CONFIG_GRKERNSEC_CHROOT_FINDTASK y
20646 +define_bool CONFIG_GRKERNSEC_PROC y
20647 +define_bool CONFIG_GRKERNSEC_PROC_IPADDR n
20648 +define_bool CONFIG_GRKERNSEC_PROC_MEMMAP y
20649 +define_bool CONFIG_GRKERNSEC_HIDESYM y
20650 +define_bool CONFIG_GRKERNSEC_BRUTE y
20651 +define_bool CONFIG_GRKERNSEC_PROC_USERGROUP y
20652 +define_int CONFIG_GRKERNSEC_PROC_GID 10
20653 +define_bool CONFIG_GRKERNSEC_KMEM y
20654 +define_bool CONFIG_GRKERNSEC_RESLOG y
20655 +define_bool CONFIG_GRKERNSEC_RANDNET y
20657 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT n
20658 +define_bool CONFIG_GRKERNSEC_ACL_HIDEKERN n
20659 +define_int CONFIG_GRKERNSEC_ACL_MAXTRIES 3
20660 +define_int CONFIG_GRKERNSEC_ACL_TIMEOUT 30
20662 +define_bool CONFIG_GRKERNSEC_PROC_ADD y
20663 +define_bool CONFIG_GRKERNSEC_CHROOT_CHMOD y
20664 +define_bool CONFIG_GRKERNSEC_CHROOT_NICE y
20665 +define_bool CONFIG_PAX_RANDUSTACK y
20666 +define_bool CONFIG_PAX_ASLR y
20667 +define_bool CONFIG_PAX_RANDMMAP y
20668 +define_bool CONFIG_PAX_NOEXEC y
20669 +define_bool CONFIG_PAX_NOELFRELOCS n
20670 +define_bool CONFIG_PAX_MPROTECT y
20671 +define_bool CONFIG_PAX_ETEXECRELOCS n
20672 +define_bool CONFIG_PAX_SOFTMODE n
20673 +define_bool CONFIG_PAX_EI_PAX y
20674 +define_bool CONFIG_PAX_PT_PAX_FLAGS y
20675 +define_bool CONFIG_PAX_HAVE_ACL_FLAGS y
20676 +if [ "$CONFIG_X86" = "y" ]; then
20677 +define_bool CONFIG_GRKERNSEC_IO n
20678 +if [ "$CONFIG_MODULES" != "y" -a "$CONFIG_X86_WP_WORKS_OK" = "y" ]; then
20679 +define_bool CONFIG_PAX_KERNEXEC y
20681 +if [ "$CONFIG_X86_TSC" = "y" -a "$CONFIG_X86_64" != "y" ]; then
20682 +define_bool CONFIG_PAX_RANDKSTACK y
20684 +define_bool CONFIG_PAX_RANDKSTACK n
20686 +if [ "$CONFIG_X86_64" = "y"]; then
20687 +define_bool CONFIG_PAX_PAGEEXEC y
20688 +define_bool CONFIG_PAX_SEGMEXEC n
20690 +define_bool CONFIG_PAX_SEGMEXEC y
20691 +define_bool CONFIG_PAX_PAGEEXEC n
20693 +define_bool CONFIG_PAX_EMUTRAMP n
20694 +define_bool CONFIG_PAX_EMUSIGRT n
20696 +define_bool CONFIG_PAX_PAGEEXEC y
20697 +define_bool CONFIG_PAX_SEGMEXEC n
20699 +if [ "$CONFIG_ALPHA" = "y" -o "$CONFIG_PARISC" = "y" ]; then
20700 +define_bool CONFIG_PAX_ETEXECRELOCS y
20702 +if [ "$CONFIG_ALPHA" = "y" -o "$CONFIG_PARISC" = "y" -o "$CONFIG_SPARC32" = "y" -o "$CONFIG_SPARC64" = "y" -o "$CONFIG_PPC32" = "y" ]; then
20703 +define_bool CONFIG_PAX_EMUPLT y
20705 +if [ "$CONFIG_PARISC" = "y" ]; then
20706 +define_bool CONFIG_PAX_EMUTRAMP y
20707 +define_bool CONFIG_PAX_EMUSIGRT y
20709 +define_bool CONFIG_GRKERNSEC_AUDIT_MOUNT y
20711 +if [ "$CONFIG_GRKERNSEC_CUSTOM" = "y" ]; then
20712 +mainmenu_option next_comment
20713 +comment 'PaX Control'
20714 +bool 'Support soft mode' CONFIG_PAX_SOFTMODE
20715 +bool 'Use legacy ELF header marking' CONFIG_PAX_EI_PAX
20716 +bool 'Use ELF program header marking' CONFIG_PAX_PT_PAX_FLAGS
20717 +choice 'MAC system integration' \
20718 + "none CONFIG_PAX_NO_ACL_FLAGS \
20719 + direct CONFIG_PAX_HAVE_ACL_FLAGS \
20720 + hook CONFIG_PAX_HOOK_ACL_FLAGS" direct
20722 +mainmenu_option next_comment
20723 +comment 'Address Space Protection'
20724 +if [ "$CONFIG_PAX_EI_PAX" = "y" -o \
20725 + "$CONFIG_PAX_PT_PAX_FLAGS" = "y" -o \
20726 + "$CONFIG_PAX_HAVE_ACL_FLAGS" = "y" -o \
20727 + "$CONFIG_PAX_HOOK_ACL_FLAGS" = "y" ]; then
20728 + bool 'Enforce Non-executable pages' CONFIG_PAX_NOEXEC
20729 + if [ "$CONFIG_PAX_NOEXEC" = "y" ]; then
20730 + if [ "$CONFIG_X86" != "y" -o \
20731 + "$CONFIG_M586" = "y" -o \
20732 + "$CONFIG_M586TSC" = "y" -o \
20733 + "$CONFIG_M586MMX" = "y" -o \
20734 + "$CONFIG_M686" = "y" -o \
20735 + "$CONFIG_MPENTIUMIII" = "y" -o \
20736 + "$CONFIG_MPENTIUM4" = "y" -o \
20737 + "$CONFIG_MK7" = "y" -o \
20738 + "$CONFIG_MK8" = "y" -o \
20739 + "$CONFIG_MWINCHIPC6" = "y" -o \
20740 + "$CONFIG_MWINCHIP2" = "y" -o \
20741 + "$CONFIG_MWINCHIP3D" = "y" -o \
20742 + "$CONFIG_MVIAC3_2" = "y" ]; then
20743 + bool 'Paging based non-executable pages' CONFIG_PAX_PAGEEXEC
20745 + if [ "$CONFIG_X86" = "y" -a "$CONFIG_X86_64" != "y" ]; then
20746 + bool 'Segmentation based non-executable pages' CONFIG_PAX_SEGMEXEC
20748 + if [ "$CONFIG_X86" = "y" -o "$CONFIG_PARISC" = "y" -o "$CONFIG_PPC32" = "y" ]; then
20749 + if [ "$CONFIG_PAX_PAGEEXEC" = "y" -o "$CONFIG_PAX_SEGMEXEC" = "y" ]; then
20750 + bool ' Emulate trampolines' CONFIG_PAX_EMUTRAMP
20751 + if [ "$CONFIG_PAX_EMUTRAMP" = "y" ]; then
20752 + bool ' Automatically emulate sigreturn trampolines' CONFIG_PAX_EMUSIGRT
20756 + bool ' Restrict mprotect()' CONFIG_PAX_MPROTECT
20757 + if [ "$CONFIG_PAX_MPROTECT" = "y" ]; then
20758 + if [ "$CONFIG_X86" = "y" ]; then
20759 + bool ' Disallow ELF text relocations (DANGEROUS)' CONFIG_PAX_NOELFRELOCS
20761 + if [ "$CONFIG_ALPHA" = "y" -o "$CONFIG_PARISC" = "y" ]; then
20762 + bool ' Allow ELF ET_EXEC text relocations' CONFIG_PAX_ETEXECRELOCS
20764 + if [ "$CONFIG_PPC32" = "y" ]; then
20765 + define_bool CONFIG_PAX_SYSCALL y
20767 + if [ "$CONFIG_ALPHA" = "y" -o "$CONFIG_PARISC" = "y" -o "$CONFIG_SPARC32" = "y" -o "$CONFIG_SPARC64" = "y" -o "$CONFIG_PPC32" = "y" ]; then
20768 + bool ' Automatically emulate ELF PLT' CONFIG_PAX_EMUPLT
20769 + if [ "$CONFIG_PAX_EMUPLT" = "y" ]; then
20770 + if [ "$CONFIG_SPARC32" = "y" -o "$CONFIG_SPARC64" = "y" ]; then
20771 + define_bool CONFIG_PAX_DLRESOLVE y
20778 + if [ "$CONFIG_X86" = "y" -a \
20779 + "$CONFIG_MODULES" != "y" -a "$CONFIG_X86_WP_WORKS_OK" = "y" ]; then
20780 + bool 'Enforce non-executable kernel pages' CONFIG_PAX_KERNEXEC
20782 + bool 'Address Space Layout Randomization' CONFIG_PAX_ASLR
20783 + if [ "$CONFIG_PAX_ASLR" = "y" ]; then
20784 + if [ "$CONFIG_X86_TSC" = "y" -a "$CONFIG_X86_64" != "y" ]; then
20785 + bool ' Randomize kernel stack base' CONFIG_PAX_RANDKSTACK
20787 + bool ' Randomize user stack base' CONFIG_PAX_RANDUSTACK
20788 + bool ' Randomize mmap() base' CONFIG_PAX_RANDMMAP
20791 +bool 'Sanitize all freed memory' CONFIG_PAX_MEMORY_SANITIZE
20792 +if [ "$CONFIG_X86" = "y" -a "$CONFIG_X86_64" != "y" ]; then
20793 + bool 'Prevent invalid userland pointer dereference' CONFIG_PAX_MEMORY_UDEREF
20795 +bool 'Harden kernel heap management' CONFIG_GRKERNSEC_KHEAP
20796 +bool 'Deny writing to /dev/kmem, /dev/mem, and /dev/port' CONFIG_GRKERNSEC_KMEM
20797 +if [ "$CONFIG_X86" = "y" ]; then
20798 + bool 'Disable privileged I/O' CONFIG_GRKERNSEC_IO
20799 + if [ "$CONFIG_GRKERNSEC_IO" = "y" ]; then
20800 + define_bool CONFIG_RTC y
20803 +if [ "$CONFIG_PAX_NOEXEC" = "y" -o "$CONFIG_PAX_ASLR" = "y" ]; then
20804 +bool 'Remove addresses from /proc/pid/[maps|stat]' CONFIG_GRKERNSEC_PROC_MEMMAP
20806 +bool 'Deter exploit bruteforcing' CONFIG_GRKERNSEC_BRUTE
20807 +if [ "$CONFIG_MODULES" != "n" ]; then
20808 + bool 'Runtime module disabling' CONFIG_GRKERNSEC_MODSTOP
20810 +bool 'Hide kernel symbols' CONFIG_GRKERNSEC_HIDESYM
20812 +mainmenu_option next_comment
20813 +comment 'Role Based Access Control Options'
20814 +bool 'Disable RBAC system' CONFIG_GRKERNSEC_NO_RBAC
20815 +bool 'Hide kernel processes' CONFIG_GRKERNSEC_ACL_HIDEKERN
20816 +int 'Maximum tries before password lockout' CONFIG_GRKERNSEC_ACL_MAXTRIES 3
20817 +int 'Time to wait after max password tries, in seconds' CONFIG_GRKERNSEC_ACL_TIMEOUT 30
20819 +mainmenu_option next_comment
20820 +comment 'Filesystem Protections'
20821 +bool 'Proc restrictions' CONFIG_GRKERNSEC_PROC
20822 +if [ "$CONFIG_GRKERNSEC_PROC" != "n" ]; then
20823 + bool ' Restrict to user only' CONFIG_GRKERNSEC_PROC_USER
20824 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "y" ]; then
20825 + bool ' Allow special group' CONFIG_GRKERNSEC_PROC_USERGROUP
20826 + if [ "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
20827 + int ' GID for special group' CONFIG_GRKERNSEC_PROC_GID 1001
20830 + if [ "$CONFIG_GRKERNSEC_PROC_USER" != "n" -o "$CONFIG_GRKERNSEC_PROC_USERGROUP" != "n" ]; then
20831 + bool ' Additional restrictions' CONFIG_GRKERNSEC_PROC_ADD
20834 +bool 'Linking restrictions' CONFIG_GRKERNSEC_LINK
20835 +bool 'FIFO restrictions' CONFIG_GRKERNSEC_FIFO
20836 +bool 'Chroot jail restrictions' CONFIG_GRKERNSEC_CHROOT
20837 +if [ "$CONFIG_GRKERNSEC_CHROOT" != "n" ]; then
20838 +bool ' Deny mounts' CONFIG_GRKERNSEC_CHROOT_MOUNT
20839 +bool ' Deny double-chroots' CONFIG_GRKERNSEC_CHROOT_DOUBLE
20840 +bool ' Deny pivot_root in chroot' CONFIG_GRKERNSEC_CHROOT_PIVOT
20841 +bool ' Enforce chdir("/") on all chroots' CONFIG_GRKERNSEC_CHROOT_CHDIR
20842 +bool ' Deny (f)chmod +s' CONFIG_GRKERNSEC_CHROOT_CHMOD
20843 +bool ' Deny fchdir out of chroot' CONFIG_GRKERNSEC_CHROOT_FCHDIR
20844 +bool ' Deny mknod' CONFIG_GRKERNSEC_CHROOT_MKNOD
20845 +bool ' Deny shmat() out of chroot' CONFIG_GRKERNSEC_CHROOT_SHMAT
20846 +bool ' Deny access to abstract AF_UNIX sockets out of chroot' CONFIG_GRKERNSEC_CHROOT_UNIX
20847 +bool ' Protect outside processes' CONFIG_GRKERNSEC_CHROOT_FINDTASK
20848 +bool ' Restrict priority changes' CONFIG_GRKERNSEC_CHROOT_NICE
20849 +bool ' Deny sysctl writes in chroot' CONFIG_GRKERNSEC_CHROOT_SYSCTL
20850 +bool ' Capability restrictions within chroot' CONFIG_GRKERNSEC_CHROOT_CAPS
20853 +mainmenu_option next_comment
20854 +comment 'Kernel Auditing'
20855 +bool 'Single group for auditing' CONFIG_GRKERNSEC_AUDIT_GROUP
20856 +if [ "$CONFIG_GRKERNSEC_AUDIT_GROUP" != "n" ]; then
20857 +int ' GID for auditing' CONFIG_GRKERNSEC_AUDIT_GID 1007
20859 +bool 'Exec logging' CONFIG_GRKERNSEC_EXECLOG
20860 +bool 'Resource logging' CONFIG_GRKERNSEC_RESLOG
20861 +bool 'Log execs within chroot' CONFIG_GRKERNSEC_CHROOT_EXECLOG
20862 +bool 'Chdir logging' CONFIG_GRKERNSEC_AUDIT_CHDIR
20863 +bool '(Un)Mount logging' CONFIG_GRKERNSEC_AUDIT_MOUNT
20864 +bool 'IPC logging' CONFIG_GRKERNSEC_AUDIT_IPC
20865 +bool 'Signal logging' CONFIG_GRKERNSEC_SIGNAL
20866 +bool 'Fork failure logging' CONFIG_GRKERNSEC_FORKFAIL
20867 +bool 'Time change logging' CONFIG_GRKERNSEC_TIME
20868 +bool '/proc/<pid>/ipaddr support' CONFIG_GRKERNSEC_PROC_IPADDR
20869 +if [ "$CONFIG_PAX_MPROTECT" != "n" ]; then
20870 + bool 'ELF text relocations logging (READ HELP)' CONFIG_GRKERNSEC_AUDIT_TEXTREL
20873 +mainmenu_option next_comment
20874 +comment 'Executable Protections'
20875 +bool 'Enforce RLIMIT_NPROC on execs' CONFIG_GRKERNSEC_EXECVE
20876 +if [ "$CONFIG_SYSVIPC" = "y" ]; then
20877 + bool 'Destroy unused shared memory' CONFIG_GRKERNSEC_SHM
20879 +bool 'Dmesg(8) restriction' CONFIG_GRKERNSEC_DMESG
20880 +bool 'Trusted path execution' CONFIG_GRKERNSEC_TPE
20881 +if [ "$CONFIG_GRKERNSEC_TPE" != "n" ]; then
20882 + bool ' Partially restrict non-root users' CONFIG_GRKERNSEC_TPE_ALL
20883 + bool ' Invert GID option' CONFIG_GRKERNSEC_TPE_INVERT
20884 + if [ "$CONFIG_GRKERNSEC_TPE_INVERT" != "n" ]; then
20885 + int ' GID for trusted users:' CONFIG_GRKERNSEC_TPE_GID 1005
20887 + int ' GID for untrusted users:' CONFIG_GRKERNSEC_TPE_GID 1005
20891 +mainmenu_option next_comment
20892 +comment 'Network Protections'
20893 +bool 'Larger entropy pools' CONFIG_GRKERNSEC_RANDNET
20894 +bool 'TCP/UDP blackhole' CONFIG_GRKERNSEC_BLACKHOLE
20895 +bool 'Socket restrictions' CONFIG_GRKERNSEC_SOCKET
20896 +if [ "$CONFIG_GRKERNSEC_SOCKET" != "n" ]; then
20897 +bool ' Deny any sockets to group' CONFIG_GRKERNSEC_SOCKET_ALL
20898 +if [ "$CONFIG_GRKERNSEC_SOCKET_ALL" != "n" ]; then
20899 +int ' GID to deny all sockets for:' CONFIG_GRKERNSEC_SOCKET_ALL_GID 1004
20901 +bool ' Deny client sockets to group' CONFIG_GRKERNSEC_SOCKET_CLIENT
20902 +if [ "$CONFIG_GRKERNSEC_SOCKET_CLIENT" != "n" ]; then
20903 +int ' GID to deny client sockets for:' CONFIG_GRKERNSEC_SOCKET_CLIENT_GID 1003
20905 +bool ' Deny server sockets to group' CONFIG_GRKERNSEC_SOCKET_SERVER
20906 +if [ "$CONFIG_GRKERNSEC_SOCKET_SERVER" != "n" ]; then
20907 +int ' GID to deny server sockets for:' CONFIG_GRKERNSEC_SOCKET_SERVER_GID 1002
20911 +if [ "$CONFIG_SYSCTL" != "n" ]; then
20912 +mainmenu_option next_comment
20913 +comment 'Sysctl support'
20914 +bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL
20915 +if [ "$CONFIG_GRKERNSEC_SYSCTL" != "n" ]; then
20916 + bool ' Turn on features by default' CONFIG_GRKERNSEC_SYSCTL_ON
20920 +mainmenu_option next_comment
20921 +comment 'Logging options'
20922 +int 'Seconds in between log messages (minimum)' CONFIG_GRKERNSEC_FLOODTIME 10
20923 +int 'Number of messages in a burst (maximum)' CONFIG_GRKERNSEC_FLOODBURST 4
20926 diff -urNp linux-2.4.37.7/grsecurity/gracl_alloc.c linux-2.4.37.7/grsecurity/gracl_alloc.c
20927 --- linux-2.4.37.7/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
20928 +++ linux-2.4.37.7/grsecurity/gracl_alloc.c 2009-11-10 19:30:27.000000000 -0500
20930 +#include <linux/kernel.h>
20931 +#include <linux/mm.h>
20932 +#include <linux/slab.h>
20933 +#include <linux/vmalloc.h>
20934 +#include <linux/gracl.h>
20935 +#include <linux/grsecurity.h>
20937 +static unsigned long alloc_stack_next = 1;
20938 +static unsigned long alloc_stack_size = 1;
20939 +static void **alloc_stack;
20941 +static __inline__ int
20944 + if (alloc_stack_next == 1)
20947 + kfree(alloc_stack[alloc_stack_next - 2]);
20949 + alloc_stack_next--;
20954 +static __inline__ int
20955 +alloc_push(void *buf)
20957 + if (alloc_stack_next >= alloc_stack_size)
20960 + alloc_stack[alloc_stack_next - 1] = buf;
20962 + alloc_stack_next++;
20968 +acl_alloc(unsigned long len)
20970 + void *ret = NULL;
20972 + if (!len || len > PAGE_SIZE)
20975 + ret = kmalloc(len, GFP_KERNEL);
20978 + if (alloc_push(ret)) {
20989 +acl_alloc_num(unsigned long num, unsigned long len)
20991 + if (!len || (num > (PAGE_SIZE / len)))
20994 + return acl_alloc(num * len);
20998 +acl_free_all(void)
21000 + if (gr_acl_is_enabled() || !alloc_stack)
21003 + while (alloc_pop()) ;
21005 + if (alloc_stack) {
21006 + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
21007 + kfree(alloc_stack);
21009 + vfree(alloc_stack);
21012 + alloc_stack = NULL;
21013 + alloc_stack_size = 1;
21014 + alloc_stack_next = 1;
21020 +acl_alloc_stack_init(unsigned long size)
21022 + if ((size * sizeof (void *)) <= PAGE_SIZE)
21024 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
21026 + alloc_stack = (void **) vmalloc(size * sizeof (void *));
21028 + alloc_stack_size = size;
21030 + if (!alloc_stack)
21035 diff -urNp linux-2.4.37.7/grsecurity/gracl.c linux-2.4.37.7/grsecurity/gracl.c
21036 --- linux-2.4.37.7/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
21037 +++ linux-2.4.37.7/grsecurity/gracl.c 2009-11-10 19:30:27.000000000 -0500
21039 +#include <linux/kernel.h>
21040 +#include <linux/sched.h>
21041 +#include <linux/mm.h>
21042 +#include <linux/file.h>
21043 +#include <linux/fs.h>
21044 +#include <linux/proc_fs.h>
21045 +#include <linux/smp_lock.h>
21046 +#include <linux/slab.h>
21047 +#include <linux/vmalloc.h>
21048 +#include <linux/types.h>
21049 +#include <linux/capability.h>
21050 +#include <linux/sysctl.h>
21051 +#include <linux/netdevice.h>
21052 +#include <linux/gracl.h>
21053 +#include <linux/gralloc.h>
21054 +#include <linux/grsecurity.h>
21055 +#include <linux/grinternal.h>
21057 +#include <asm/uaccess.h>
21058 +#include <asm/errno.h>
21059 +#include <asm/mman.h>
21061 +static struct acl_role_db acl_role_set;
21062 +static struct name_db name_set;
21063 +static struct inodev_db inodev_set;
21065 +/* for keeping track of userspace pointers used for subjects, so we
21066 + can share references in the kernel as well
21069 +static struct dentry *real_root;
21070 +static struct vfsmount *real_root_mnt;
21072 +static struct acl_subj_map_db subj_map_set;
21074 +static struct acl_role_label *default_role;
21076 +static u16 acl_sp_role_value;
21078 +static DECLARE_MUTEX(gr_dev_sem);
21079 +rwlock_t gr_inode_lock = RW_LOCK_UNLOCKED;
21081 +extern char *gr_shared_page[4][NR_CPUS];
21082 +struct gr_arg *gr_usermode;
21084 +static unsigned int gr_status = GR_STATUS_INIT;
21086 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
21087 +extern void gr_clear_learn_entries(void);
21089 +#ifdef CONFIG_GRKERNSEC_RESLOG
21090 +extern void gr_log_resource(const struct task_struct *task,
21091 + const int res, const unsigned long wanted, const int gt);
21094 +unsigned char *gr_system_salt;
21095 +unsigned char *gr_system_sum;
21097 +static struct sprole_pw **acl_special_roles = NULL;
21098 +static __u16 num_sprole_pws = 0;
21100 +static struct acl_role_label *kernel_role = NULL;
21102 +static unsigned int gr_auth_attempts = 0;
21103 +static unsigned long gr_auth_expires = 0UL;
21105 +extern struct vfsmount *sock_mnt;
21106 +extern struct vfsmount *pipe_mnt;
21107 +extern struct vfsmount *shm_mnt;
21108 +static struct acl_object_label *fakefs_obj;
21110 +extern int gr_init_uidset(void);
21111 +extern void gr_free_uidset(void);
21112 +extern void gr_remove_uid(uid_t uid);
21113 +extern int gr_find_uid(uid_t uid);
21116 +gr_acl_is_enabled(void)
21118 + return (gr_status & GR_READY);
21121 +char gr_roletype_to_char(void)
21123 + switch (current->role->roletype &
21124 + (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
21125 + GR_ROLE_SPECIAL)) {
21126 + case GR_ROLE_DEFAULT:
21128 + case GR_ROLE_USER:
21130 + case GR_ROLE_GROUP:
21132 + case GR_ROLE_SPECIAL:
21140 +gr_acl_tpe_check(void)
21142 + if (unlikely(!(gr_status & GR_READY)))
21144 + if (current->role->roletype & GR_ROLE_TPE)
21151 +gr_handle_rawio(const struct inode *inode)
21153 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
21154 + if (inode && S_ISBLK(inode->i_mode) &&
21155 + grsec_enable_chroot_caps && proc_is_chrooted(current) &&
21156 + !capable(CAP_SYS_RAWIO))
21164 +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
21167 + unsigned long *l1;
21168 + unsigned long *l2;
21169 + unsigned char *c1;
21170 + unsigned char *c2;
21173 + if (likely(lena != lenb))
21176 + l1 = (unsigned long *)a;
21177 + l2 = (unsigned long *)b;
21179 + num_longs = lena / sizeof(unsigned long);
21181 + for (i = num_longs; i--; l1++, l2++) {
21182 + if (unlikely(*l1 != *l2))
21186 + c1 = (unsigned char *) l1;
21187 + c2 = (unsigned char *) l2;
21189 + i = lena - (num_longs * sizeof(unsigned long));
21191 + for (; i--; c1++, c2++) {
21192 + if (unlikely(*c1 != *c2))
21199 +static char *__our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
21200 + struct dentry *root, struct vfsmount *rootmnt,
21201 + char *buffer, int buflen)
21203 + char * end = buffer+buflen;
21210 + /* Get '/' right */
21215 + struct dentry * parent;
21217 + if (dentry == root && vfsmnt == rootmnt)
21219 + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
21220 + /* Global root? */
21221 + if (vfsmnt->mnt_parent == vfsmnt)
21222 + goto global_root;
21223 + dentry = vfsmnt->mnt_mountpoint;
21224 + vfsmnt = vfsmnt->mnt_parent;
21227 + parent = dentry->d_parent;
21228 + namelen = dentry->d_name.len;
21229 + buflen -= namelen + 1;
21231 + return ERR_PTR(-ENAMETOOLONG);
21233 + memcpy(end, dentry->d_name.name, namelen);
21242 + namelen = dentry->d_name.len;
21243 + buflen -= namelen;
21244 + if (buflen >= 0) {
21245 + retval -= namelen-1; /* hit the slash */
21246 + memcpy(retval, dentry->d_name.name, namelen);
21248 + retval = ERR_PTR(-ENAMETOOLONG);
21253 +gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt,
21254 + struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen)
21258 + retval = __our_d_path(dentry, vfsmnt, root, rootmnt, buf, buflen);
21259 + if (unlikely(IS_ERR(retval)))
21260 + retval = strcpy(buf, "<path too long>");
21261 + else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
21262 + retval[1] = '\0';
21268 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
21269 + char *buf, int buflen)
21272 + struct dentry *root;
21273 + struct vfsmount *rootmnt;
21275 + /* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */
21276 + read_lock(&child_reaper->fs->lock);
21277 + root = dget(child_reaper->fs->root);
21278 + rootmnt = mntget(child_reaper->fs->rootmnt);
21279 + read_unlock(&child_reaper->fs->lock);
21281 + spin_lock(&dcache_lock);
21282 + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen);
21283 + spin_unlock(&dcache_lock);
21289 +static __inline__ char *
21290 +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
21291 + char *buf, int buflen)
21295 + /* we can use real_root, real_root_mnt, because this is only called
21296 + by the RBAC system */
21297 + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen);
21303 +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
21307 + spin_lock(&dcache_lock);
21308 + ret = __d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
21310 + spin_unlock(&dcache_lock);
21315 +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
21317 + return __d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
21322 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
21324 + return d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
21329 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
21331 + return d_real_path(dentry, mnt, gr_shared_page[1][smp_processor_id()],
21336 +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
21338 + return d_real_path(dentry, mnt, gr_shared_page[2][smp_processor_id()],
21343 +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
21345 + return d_real_path(dentry, mnt, gr_shared_page[3][smp_processor_id()],
21350 +to_gr_audit(const __u32 reqmode)
21352 + /* masks off auditable permission flags, then shifts them to create
21353 + auditing flags, and adds the special case of append auditing if
21354 + we're requesting write */
21355 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
21358 +struct acl_subject_label *
21359 +lookup_subject_map(const struct acl_subject_label *userp)
21361 + unsigned int index = shash(userp, subj_map_set.s_size);
21362 + struct subject_map *match;
21364 + match = subj_map_set.s_hash[index];
21366 + while (match && match->user != userp)
21367 + match = match->next;
21369 + if (match != NULL)
21370 + return match->kernel;
21376 +insert_subj_map_entry(struct subject_map *subjmap)
21378 + unsigned int index = shash(subjmap->user, subj_map_set.s_size);
21379 + struct subject_map **curr;
21381 + subjmap->prev = NULL;
21383 + curr = &subj_map_set.s_hash[index];
21384 + if (*curr != NULL)
21385 + (*curr)->prev = subjmap;
21387 + subjmap->next = *curr;
21393 +static struct acl_role_label *
21394 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
21397 + unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
21398 + struct acl_role_label *match;
21399 + struct role_allowed_ip *ipp;
21402 + match = acl_role_set.r_hash[index];
21405 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
21406 + for (x = 0; x < match->domain_child_num; x++) {
21407 + if (match->domain_children[x] == uid)
21410 + } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
21412 + match = match->next;
21415 + if (match == NULL) {
21417 + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
21418 + match = acl_role_set.r_hash[index];
21421 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
21422 + for (x = 0; x < match->domain_child_num; x++) {
21423 + if (match->domain_children[x] == gid)
21426 + } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
21428 + match = match->next;
21431 + if (match == NULL)
21432 + match = default_role;
21433 + if (match->allowed_ips == NULL)
21436 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
21438 + ((ntohl(task->curr_ip) & ipp->netmask) ==
21439 + (ntohl(ipp->addr) & ipp->netmask)))
21442 + match = default_role;
21444 + } else if (match->allowed_ips == NULL) {
21447 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
21449 + ((ntohl(task->curr_ip) & ipp->netmask) ==
21450 + (ntohl(ipp->addr) & ipp->netmask)))
21459 +struct acl_subject_label *
21460 +lookup_acl_subj_label(const ino_t ino, const __u32 dev,
21461 + const struct acl_role_label *role)
21463 + unsigned int index = fhash(ino, dev, role->subj_hash_size);
21464 + struct acl_subject_label *match;
21466 + match = role->subj_hash[index];
21468 + while (match && (match->inode != ino || match->device != dev ||
21469 + (match->mode & GR_DELETED))) {
21470 + match = match->next;
21473 + if (match && !(match->mode & GR_DELETED))
21479 +struct acl_subject_label *
21480 +lookup_acl_subj_label_deleted(const ino_t ino, const __u32 dev,
21481 + const struct acl_role_label *role)
21483 + unsigned int index = fhash(ino, dev, role->subj_hash_size);
21484 + struct acl_subject_label *match;
21486 + match = role->subj_hash[index];
21488 + while (match && (match->inode != ino || match->device != dev ||
21489 + !(match->mode & GR_DELETED))) {
21490 + match = match->next;
21493 + if (match && (match->mode & GR_DELETED))
21499 +static struct acl_object_label *
21500 +lookup_acl_obj_label(const ino_t ino, const __u32 dev,
21501 + const struct acl_subject_label *subj)
21503 + unsigned int index = fhash(ino, dev, subj->obj_hash_size);
21504 + struct acl_object_label *match;
21506 + match = subj->obj_hash[index];
21508 + while (match && (match->inode != ino || match->device != dev ||
21509 + (match->mode & GR_DELETED))) {
21510 + match = match->next;
21513 + if (match && !(match->mode & GR_DELETED))
21519 +static struct acl_object_label *
21520 +lookup_acl_obj_label_create(const ino_t ino, const __u32 dev,
21521 + const struct acl_subject_label *subj)
21523 + unsigned int index = fhash(ino, dev, subj->obj_hash_size);
21524 + struct acl_object_label *match;
21526 + match = subj->obj_hash[index];
21528 + while (match && (match->inode != ino || match->device != dev ||
21529 + !(match->mode & GR_DELETED))) {
21530 + match = match->next;
21533 + if (match && (match->mode & GR_DELETED))
21536 + match = subj->obj_hash[index];
21538 + while (match && (match->inode != ino || match->device != dev ||
21539 + (match->mode & GR_DELETED))) {
21540 + match = match->next;
21543 + if (match && !(match->mode & GR_DELETED))
21549 +static struct name_entry *
21550 +lookup_name_entry(const char *name)
21552 + unsigned int len = strlen(name);
21553 + unsigned int key = full_name_hash(name, len);
21554 + unsigned int index = key % name_set.n_size;
21555 + struct name_entry *match;
21557 + match = name_set.n_hash[index];
21559 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
21560 + match = match->next;
21565 +static struct name_entry *
21566 +lookup_name_entry_create(const char *name)
21568 + unsigned int len = strlen(name);
21569 + unsigned int key = full_name_hash(name, len);
21570 + unsigned int index = key % name_set.n_size;
21571 + struct name_entry *match;
21573 + match = name_set.n_hash[index];
21575 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
21576 + !match->deleted))
21577 + match = match->next;
21579 + if (match && match->deleted)
21582 + match = name_set.n_hash[index];
21584 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
21586 + match = match->next;
21588 + if (match && !match->deleted)
21594 +static struct inodev_entry *
21595 +lookup_inodev_entry(const ino_t ino, const __u32 dev)
21597 + unsigned int index = fhash(ino, dev, inodev_set.i_size);
21598 + struct inodev_entry *match;
21600 + match = inodev_set.i_hash[index];
21602 + while (match && (match->nentry->inode != ino || match->nentry->device != dev))
21603 + match = match->next;
21609 +insert_inodev_entry(struct inodev_entry *entry)
21611 + unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
21612 + inodev_set.i_size);
21613 + struct inodev_entry **curr;
21615 + entry->prev = NULL;
21617 + curr = &inodev_set.i_hash[index];
21618 + if (*curr != NULL)
21619 + (*curr)->prev = entry;
21621 + entry->next = *curr;
21628 +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
21630 + unsigned int index =
21631 + rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
21632 + struct acl_role_label **curr;
21634 + role->prev = NULL;
21636 + curr = &acl_role_set.r_hash[index];
21637 + if (*curr != NULL)
21638 + (*curr)->prev = role;
21640 + role->next = *curr;
21647 +insert_acl_role_label(struct acl_role_label *role)
21651 + if (role->roletype & GR_ROLE_DOMAIN) {
21652 + for (i = 0; i < role->domain_child_num; i++)
21653 + __insert_acl_role_label(role, role->domain_children[i]);
21655 + __insert_acl_role_label(role, role->uidgid);
21659 +insert_name_entry(char *name, const ino_t inode, const __u32 device, __u8 deleted)
21661 + struct name_entry **curr, *nentry;
21662 + struct inodev_entry *ientry;
21663 + unsigned int len = strlen(name);
21664 + unsigned int key = full_name_hash(name, len);
21665 + unsigned int index = key % name_set.n_size;
21667 + curr = &name_set.n_hash[index];
21669 + while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
21670 + curr = &((*curr)->next);
21672 + if (*curr != NULL)
21675 + nentry = acl_alloc(sizeof (struct name_entry));
21676 + if (nentry == NULL)
21679 + ientry = acl_alloc(sizeof (struct inodev_entry));
21680 + if (ientry == NULL)
21682 + ientry->nentry = nentry;
21684 + nentry->key = key;
21685 + nentry->name = name;
21686 + nentry->inode = inode;
21687 + nentry->device = device;
21688 + nentry->len = len;
21689 + nentry->deleted = deleted;
21691 + nentry->prev = NULL;
21692 + curr = &name_set.n_hash[index];
21693 + if (*curr != NULL)
21694 + (*curr)->prev = nentry;
21695 + nentry->next = *curr;
21698 + /* insert us into the table searchable by inode/dev */
21699 + insert_inodev_entry(ientry);
21705 +insert_acl_obj_label(struct acl_object_label *obj,
21706 + struct acl_subject_label *subj)
21708 + unsigned int index =
21709 + fhash(obj->inode, obj->device, subj->obj_hash_size);
21710 + struct acl_object_label **curr;
21713 + obj->prev = NULL;
21715 + curr = &subj->obj_hash[index];
21716 + if (*curr != NULL)
21717 + (*curr)->prev = obj;
21719 + obj->next = *curr;
21726 +insert_acl_subj_label(struct acl_subject_label *obj,
21727 + struct acl_role_label *role)
21729 + unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
21730 + struct acl_subject_label **curr;
21732 + obj->prev = NULL;
21734 + curr = &role->subj_hash[index];
21735 + if (*curr != NULL)
21736 + (*curr)->prev = obj;
21738 + obj->next = *curr;
21744 +/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
21747 +create_table(__u32 * len, int elementsize)
21749 + unsigned int table_sizes[] = {
21750 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
21751 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
21752 + 4194301, 8388593, 16777213, 33554393, 67108859
21754 + void *newtable = NULL;
21755 + unsigned int pwr = 0;
21757 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
21758 + table_sizes[pwr] <= *len)
21761 + if (table_sizes[pwr] <= *len || (table_sizes[pwr] > (ULONG_MAX / elementsize)))
21764 + if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
21766 + kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
21768 + newtable = vmalloc(table_sizes[pwr] * elementsize);
21770 + *len = table_sizes[pwr];
21776 +init_variables(const struct gr_arg *arg)
21778 + unsigned int stacksize;
21780 + subj_map_set.s_size = arg->role_db.num_subjects;
21781 + acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
21782 + name_set.n_size = arg->role_db.num_objects;
21783 + inodev_set.i_size = arg->role_db.num_objects;
21785 + if (!subj_map_set.s_size || !acl_role_set.r_size ||
21786 + !name_set.n_size || !inodev_set.i_size)
21789 + if (!gr_init_uidset())
21792 + /* set up the stack that holds allocation info */
21794 + stacksize = arg->role_db.num_pointers + 6;
21796 + if (!acl_alloc_stack_init(stacksize))
21799 + /* grab reference for the real root dentry and vfsmount */
21800 + read_lock(&child_reaper->fs->lock);
21801 + real_root_mnt = mntget(child_reaper->fs->rootmnt);
21802 + real_root = dget(child_reaper->fs->root);
21803 + read_unlock(&child_reaper->fs->lock);
21805 + fakefs_obj = acl_alloc(sizeof(struct acl_object_label));
21806 + if (fakefs_obj == NULL)
21808 + fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
21810 + subj_map_set.s_hash =
21811 + (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
21812 + acl_role_set.r_hash =
21813 + (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
21814 + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
21815 + inodev_set.i_hash =
21816 + (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
21818 + if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
21819 + !name_set.n_hash || !inodev_set.i_hash)
21822 + memset(subj_map_set.s_hash, 0,
21823 + sizeof(struct subject_map *) * subj_map_set.s_size);
21824 + memset(acl_role_set.r_hash, 0,
21825 + sizeof (struct acl_role_label *) * acl_role_set.r_size);
21826 + memset(name_set.n_hash, 0,
21827 + sizeof (struct name_entry *) * name_set.n_size);
21828 + memset(inodev_set.i_hash, 0,
21829 + sizeof (struct inodev_entry *) * inodev_set.i_size);
21834 +/* free information not needed after startup
21835 + currently contains user->kernel pointer mappings for subjects
21839 +free_init_variables(void)
21843 + if (subj_map_set.s_hash) {
21844 + for (i = 0; i < subj_map_set.s_size; i++) {
21845 + if (subj_map_set.s_hash[i]) {
21846 + kfree(subj_map_set.s_hash[i]);
21847 + subj_map_set.s_hash[i] = NULL;
21851 + if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
21853 + kfree(subj_map_set.s_hash);
21855 + vfree(subj_map_set.s_hash);
21862 +free_variables(void)
21864 + struct acl_subject_label *s;
21865 + struct acl_role_label *r;
21866 + struct task_struct *task;
21867 + unsigned int i, x;
21869 + gr_clear_learn_entries();
21871 + read_lock(&tasklist_lock);
21872 + for_each_task(task) {
21873 + task->acl_sp_role = 0;
21874 + task->acl_role_id = 0;
21875 + task->acl = NULL;
21876 + task->role = NULL;
21878 + read_unlock(&tasklist_lock);
21880 + /* release the reference to the real root dentry and vfsmount */
21883 + real_root = NULL;
21884 + if (real_root_mnt)
21885 + mntput(real_root_mnt);
21886 + real_root_mnt = NULL;
21888 + /* free all object hash tables */
21890 + FOR_EACH_ROLE_START(r, i)
21891 + if (r->subj_hash == NULL)
21893 + FOR_EACH_SUBJECT_START(r, s, x)
21894 + if (s->obj_hash == NULL)
21896 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
21897 + kfree(s->obj_hash);
21899 + vfree(s->obj_hash);
21900 + FOR_EACH_SUBJECT_END(s, x)
21901 + FOR_EACH_NESTED_SUBJECT_START(r, s)
21902 + if (s->obj_hash == NULL)
21904 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
21905 + kfree(s->obj_hash);
21907 + vfree(s->obj_hash);
21908 + FOR_EACH_NESTED_SUBJECT_END(s)
21909 + if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
21910 + kfree(r->subj_hash);
21912 + vfree(r->subj_hash);
21913 + r->subj_hash = NULL;
21914 + FOR_EACH_ROLE_END(r,i)
21918 + if (acl_role_set.r_hash) {
21919 + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
21921 + kfree(acl_role_set.r_hash);
21923 + vfree(acl_role_set.r_hash);
21925 + if (name_set.n_hash) {
21926 + if ((name_set.n_size * sizeof (struct name_entry *)) <=
21928 + kfree(name_set.n_hash);
21930 + vfree(name_set.n_hash);
21933 + if (inodev_set.i_hash) {
21934 + if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
21936 + kfree(inodev_set.i_hash);
21938 + vfree(inodev_set.i_hash);
21941 + gr_free_uidset();
21943 + memset(&name_set, 0, sizeof (struct name_db));
21944 + memset(&inodev_set, 0, sizeof (struct inodev_db));
21945 + memset(&acl_role_set, 0, sizeof (struct acl_role_db));
21946 + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
21948 + default_role = NULL;
21954 +count_user_objs(struct acl_object_label *userp)
21956 + struct acl_object_label o_tmp;
21960 + if (copy_from_user(&o_tmp, userp,
21961 + sizeof (struct acl_object_label)))
21964 + userp = o_tmp.prev;
21971 +static struct acl_subject_label *
21972 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
21975 +copy_user_glob(struct acl_object_label *obj)
21977 + struct acl_object_label *g_tmp, **guser;
21978 + unsigned int len;
21981 + if (obj->globbed == NULL)
21984 + guser = &obj->globbed;
21986 + g_tmp = (struct acl_object_label *)
21987 + acl_alloc(sizeof (struct acl_object_label));
21988 + if (g_tmp == NULL)
21991 + if (copy_from_user(g_tmp, *guser,
21992 + sizeof (struct acl_object_label)))
21995 + len = strnlen_user(g_tmp->filename, PATH_MAX);
21997 + if (!len || len >= PATH_MAX)
22000 + if ((tmp = (char *) acl_alloc(len)) == NULL)
22003 + if (copy_from_user(tmp, g_tmp->filename, len))
22006 + g_tmp->filename = tmp;
22009 + guser = &(g_tmp->next);
22016 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
22017 + struct acl_role_label *role)
22019 + struct acl_object_label *o_tmp;
22020 + unsigned int len;
22025 + if ((o_tmp = (struct acl_object_label *)
22026 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
22029 + if (copy_from_user(o_tmp, userp,
22030 + sizeof (struct acl_object_label)))
22033 + userp = o_tmp->prev;
22035 + len = strnlen_user(o_tmp->filename, PATH_MAX);
22037 + if (!len || len >= PATH_MAX)
22040 + if ((tmp = (char *) acl_alloc(len)) == NULL)
22043 + if (copy_from_user(tmp, o_tmp->filename, len))
22046 + o_tmp->filename = tmp;
22048 + insert_acl_obj_label(o_tmp, subj);
22049 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
22050 + o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
22053 + ret = copy_user_glob(o_tmp);
22057 + if (o_tmp->nested) {
22058 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
22059 + if (IS_ERR(o_tmp->nested))
22060 + return PTR_ERR(o_tmp->nested);
22062 + /* insert into nested subject list */
22063 + o_tmp->nested->next = role->hash->first;
22064 + role->hash->first = o_tmp->nested;
22072 +count_user_subjs(struct acl_subject_label *userp)
22074 + struct acl_subject_label s_tmp;
22078 + if (copy_from_user(&s_tmp, userp,
22079 + sizeof (struct acl_subject_label)))
22082 + userp = s_tmp.prev;
22083 + /* do not count nested subjects against this count, since
22084 + they are not included in the hash table, but are
22085 + attached to objects. We have already counted
22086 + the subjects in userspace for the allocation
22089 + if (!(s_tmp.mode & GR_NESTED))
22097 +copy_user_allowedips(struct acl_role_label *rolep)
22099 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
22101 + ruserip = rolep->allowed_ips;
22103 + while (ruserip) {
22106 + if ((rtmp = (struct role_allowed_ip *)
22107 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
22110 + if (copy_from_user(rtmp, ruserip,
22111 + sizeof (struct role_allowed_ip)))
22114 + ruserip = rtmp->prev;
22117 + rtmp->prev = NULL;
22118 + rolep->allowed_ips = rtmp;
22120 + rlast->next = rtmp;
22121 + rtmp->prev = rlast;
22125 + rtmp->next = NULL;
22132 +copy_user_transitions(struct acl_role_label *rolep)
22134 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
22135 + unsigned int len;
22138 + rusertp = rolep->transitions;
22140 + while (rusertp) {
22143 + if ((rtmp = (struct role_transition *)
22144 + acl_alloc(sizeof (struct role_transition))) == NULL)
22147 + if (copy_from_user(rtmp, rusertp,
22148 + sizeof (struct role_transition)))
22151 + rusertp = rtmp->prev;
22153 + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
22155 + if (!len || len >= GR_SPROLE_LEN)
22158 + if ((tmp = (char *) acl_alloc(len)) == NULL)
22161 + if (copy_from_user(tmp, rtmp->rolename, len))
22164 + rtmp->rolename = tmp;
22167 + rtmp->prev = NULL;
22168 + rolep->transitions = rtmp;
22170 + rlast->next = rtmp;
22171 + rtmp->prev = rlast;
22175 + rtmp->next = NULL;
22181 +static struct acl_subject_label *
22182 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
22184 + struct acl_subject_label *s_tmp = NULL, *s_tmp2;
22185 + unsigned int len;
22188 + struct acl_ip_label **i_tmp, *i_utmp2;
22189 + struct gr_hash_struct ghash;
22190 + struct subject_map *subjmap;
22191 + unsigned int i_num;
22194 + s_tmp = lookup_subject_map(userp);
22196 + /* we've already copied this subject into the kernel, just return
22197 + the reference to it, and don't copy it over again
22202 + if ((s_tmp = (struct acl_subject_label *)
22203 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
22204 + return ERR_PTR(-ENOMEM);
22206 + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
22207 + if (subjmap == NULL)
22208 + return ERR_PTR(-ENOMEM);
22210 + subjmap->user = userp;
22211 + subjmap->kernel = s_tmp;
22212 + insert_subj_map_entry(subjmap);
22214 + if (copy_from_user(s_tmp, userp,
22215 + sizeof (struct acl_subject_label)))
22216 + return ERR_PTR(-EFAULT);
22218 + len = strnlen_user(s_tmp->filename, PATH_MAX);
22220 + if (!len || len >= PATH_MAX)
22221 + return ERR_PTR(-EINVAL);
22223 + if ((tmp = (char *) acl_alloc(len)) == NULL)
22224 + return ERR_PTR(-ENOMEM);
22226 + if (copy_from_user(tmp, s_tmp->filename, len))
22227 + return ERR_PTR(-EFAULT);
22229 + s_tmp->filename = tmp;
22231 + if (!strcmp(s_tmp->filename, "/"))
22232 + role->root_label = s_tmp;
22234 + if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
22235 + return ERR_PTR(-EFAULT);
22237 + /* copy user and group transition tables */
22239 + if (s_tmp->user_trans_num) {
22242 + uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
22243 + if (uidlist == NULL)
22244 + return ERR_PTR(-ENOMEM);
22245 + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
22246 + return ERR_PTR(-EFAULT);
22248 + s_tmp->user_transitions = uidlist;
22251 + if (s_tmp->group_trans_num) {
22254 + gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
22255 + if (gidlist == NULL)
22256 + return ERR_PTR(-ENOMEM);
22257 + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
22258 + return ERR_PTR(-EFAULT);
22260 + s_tmp->group_transitions = gidlist;
22263 + /* set up object hash table */
22264 + num_objs = count_user_objs(ghash.first);
22266 + s_tmp->obj_hash_size = num_objs;
22267 + s_tmp->obj_hash =
22268 + (struct acl_object_label **)
22269 + create_table(&(s_tmp->obj_hash_size), sizeof(void *));
22271 + if (!s_tmp->obj_hash)
22272 + return ERR_PTR(-ENOMEM);
22274 + memset(s_tmp->obj_hash, 0,
22275 + s_tmp->obj_hash_size *
22276 + sizeof (struct acl_object_label *));
22278 + /* add in objects */
22279 + err = copy_user_objs(ghash.first, s_tmp, role);
22282 + return ERR_PTR(err);
22284 + /* set pointer for parent subject */
22285 + if (s_tmp->parent_subject) {
22286 + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
22288 + if (IS_ERR(s_tmp2))
22291 + s_tmp->parent_subject = s_tmp2;
22294 + /* add in ip acls */
22296 + if (!s_tmp->ip_num) {
22297 + s_tmp->ips = NULL;
22302 + (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
22303 + sizeof (struct acl_ip_label *));
22306 + return ERR_PTR(-ENOMEM);
22308 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
22309 + *(i_tmp + i_num) =
22310 + (struct acl_ip_label *)
22311 + acl_alloc(sizeof (struct acl_ip_label));
22312 + if (!*(i_tmp + i_num))
22313 + return ERR_PTR(-ENOMEM);
22315 + if (copy_from_user
22316 + (&i_utmp2, s_tmp->ips + i_num,
22317 + sizeof (struct acl_ip_label *)))
22318 + return ERR_PTR(-EFAULT);
22320 + if (copy_from_user
22321 + (*(i_tmp + i_num), i_utmp2,
22322 + sizeof (struct acl_ip_label)))
22323 + return ERR_PTR(-EFAULT);
22325 + if ((*(i_tmp + i_num))->iface == NULL)
22328 + len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
22329 + if (!len || len >= IFNAMSIZ)
22330 + return ERR_PTR(-EINVAL);
22331 + tmp = acl_alloc(len);
22333 + return ERR_PTR(-ENOMEM);
22334 + if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
22335 + return ERR_PTR(-EFAULT);
22336 + (*(i_tmp + i_num))->iface = tmp;
22339 + s_tmp->ips = i_tmp;
22342 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
22343 + s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
22344 + return ERR_PTR(-ENOMEM);
22350 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
22352 + struct acl_subject_label s_pre;
22353 + struct acl_subject_label * ret;
22357 + if (copy_from_user(&s_pre, userp,
22358 + sizeof (struct acl_subject_label)))
22361 + /* do not add nested subjects here, add
22362 + while parsing objects
22365 + if (s_pre.mode & GR_NESTED) {
22366 + userp = s_pre.prev;
22370 + ret = do_copy_user_subj(userp, role);
22372 + err = PTR_ERR(ret);
22376 + insert_acl_subj_label(ret, role);
22378 + userp = s_pre.prev;
22385 +copy_user_acl(struct gr_arg *arg)
22387 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
22388 + struct sprole_pw *sptmp;
22389 + struct gr_hash_struct *ghash;
22390 + uid_t *domainlist;
22391 + unsigned int r_num;
22392 + unsigned int len;
22398 + /* we need a default and kernel role */
22399 + if (arg->role_db.num_roles < 2)
22402 + /* copy special role authentication info from userspace */
22404 + num_sprole_pws = arg->num_sprole_pws;
22405 + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
22407 + if (!acl_special_roles) {
22412 + for (i = 0; i < num_sprole_pws; i++) {
22413 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
22418 + if (copy_from_user(sptmp, arg->sprole_pws + i,
22419 + sizeof (struct sprole_pw))) {
22425 + strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
22427 + if (!len || len >= GR_SPROLE_LEN) {
22432 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
22437 + if (copy_from_user(tmp, sptmp->rolename, len)) {
22442 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
22443 + printk(KERN_ALERT "Copying special role %s\n", tmp);
22445 + sptmp->rolename = tmp;
22446 + acl_special_roles[i] = sptmp;
22449 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
22451 + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
22452 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
22459 + if (copy_from_user(&r_utmp2, r_utmp + r_num,
22460 + sizeof (struct acl_role_label *))) {
22465 + if (copy_from_user(r_tmp, r_utmp2,
22466 + sizeof (struct acl_role_label))) {
22471 + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
22473 + if (!len || len >= PATH_MAX) {
22478 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
22482 + if (copy_from_user(tmp, r_tmp->rolename, len)) {
22486 + r_tmp->rolename = tmp;
22488 + if (!strcmp(r_tmp->rolename, "default")
22489 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
22490 + default_role = r_tmp;
22491 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
22492 + kernel_role = r_tmp;
22495 + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
22499 + if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
22504 + r_tmp->hash = ghash;
22506 + num_subjs = count_user_subjs(r_tmp->hash->first);
22508 + r_tmp->subj_hash_size = num_subjs;
22509 + r_tmp->subj_hash =
22510 + (struct acl_subject_label **)
22511 + create_table(&(r_tmp->subj_hash_size), sizeof(void *));
22513 + if (!r_tmp->subj_hash) {
22518 + err = copy_user_allowedips(r_tmp);
22522 + /* copy domain info */
22523 + if (r_tmp->domain_children != NULL) {
22524 + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
22525 + if (domainlist == NULL) {
22529 + if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
22533 + r_tmp->domain_children = domainlist;
22536 + err = copy_user_transitions(r_tmp);
22540 + memset(r_tmp->subj_hash, 0,
22541 + r_tmp->subj_hash_size *
22542 + sizeof (struct acl_subject_label *));
22544 + err = copy_user_subjs(r_tmp->hash->first, r_tmp);
22549 + /* set nested subject list to null */
22550 + r_tmp->hash->first = NULL;
22552 + insert_acl_role_label(r_tmp);
22561 +gracl_init(struct gr_arg *args)
22565 + memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
22566 + memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
22568 + if (init_variables(args)) {
22569 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
22571 + free_variables();
22575 + error = copy_user_acl(args);
22576 + free_init_variables();
22578 + free_variables();
22582 + if ((error = gr_set_acls(0))) {
22583 + free_variables();
22587 + gr_status |= GR_READY;
22592 +/* derived from glibc fnmatch() 0: match, 1: no match*/
22595 +glob_match(const char *p, const char *n)
22599 + while ((c = *p++) != '\0') {
22604 + else if (*n == '/')
22612 + for (c = *p++; c == '?' || c == '*'; c = *p++) {
22615 + else if (c == '?') {
22625 + const char *endp;
22627 + if ((endp = strchr(n, '/')) == NULL)
22628 + endp = n + strlen(n);
22631 + for (--p; n < endp; ++n)
22632 + if (!glob_match(p, n))
22634 + } else if (c == '/') {
22635 + while (*n != '\0' && *n != '/')
22637 + if (*n == '/' && !glob_match(p, n + 1))
22640 + for (--p; n < endp; ++n)
22641 + if (*n == c && !glob_match(p, n))
22652 + if (*n == '\0' || *n == '/')
22655 + not = (*p == '!' || *p == '^');
22661 + unsigned char fn = (unsigned char)*n;
22671 + if (c == '-' && *p != ']') {
22672 + unsigned char cend = *p++;
22674 + if (cend == '\0')
22677 + if (cold <= fn && fn <= cend)
22691 + while (c != ']') {
22718 +static struct acl_object_label *
22719 +chk_glob_label(struct acl_object_label *globbed,
22720 + struct dentry *dentry, struct vfsmount *mnt, char **path)
22722 + struct acl_object_label *tmp;
22724 + if (*path == NULL)
22725 + *path = gr_to_filename_nolock(dentry, mnt);
22730 + if (!glob_match(tmp->filename, *path))
22738 +static struct acl_object_label *
22739 +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
22740 + ino_t curr_ino, dev_t curr_dev,
22741 + const struct acl_subject_label *subj, char **path, const int checkglob)
22743 + struct acl_subject_label *tmpsubj;
22744 + struct acl_object_label *retval;
22745 + struct acl_object_label *retval2;
22747 + tmpsubj = (struct acl_subject_label *) subj;
22748 + read_lock(&gr_inode_lock);
22751 + lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
22753 + if (checkglob && retval->globbed) {
22754 + retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry,
22755 + (struct vfsmount *)orig_mnt, path);
22757 + retval = retval2;
22761 + } while ((tmpsubj = tmpsubj->parent_subject));
22762 + read_unlock(&gr_inode_lock);
22767 +static struct acl_object_label *
22768 +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
22769 + const struct dentry *curr_dentry,
22770 + const struct acl_subject_label *subj, char **path, const int checkglob)
22772 + return __full_lookup(orig_dentry, orig_mnt, curr_dentry->d_inode->i_ino,
22773 + curr_dentry->d_inode->i_dev, subj, path, checkglob);
22776 +static struct acl_object_label *
22777 +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
22778 + const struct acl_subject_label *subj, char *path, const int checkglob)
22780 + struct dentry *dentry = (struct dentry *) l_dentry;
22781 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
22782 + struct acl_object_label *retval;
22784 + spin_lock(&dcache_lock);
22786 + if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt)) {
22787 + retval = fakefs_obj;
22792 + if (dentry == real_root && mnt == real_root_mnt)
22795 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
22796 + if (mnt->mnt_parent == mnt)
22799 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
22800 + if (retval != NULL)
22803 + dentry = mnt->mnt_mountpoint;
22804 + mnt = mnt->mnt_parent;
22808 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
22809 + if (retval != NULL)
22812 + dentry = dentry->d_parent;
22815 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
22817 + if (retval == NULL)
22818 + retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path, checkglob);
22820 + spin_unlock(&dcache_lock);
22824 +static __inline__ struct acl_object_label *
22825 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
22826 + const struct acl_subject_label *subj)
22828 + char *path = NULL;
22829 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
22832 +static __inline__ struct acl_object_label *
22833 +chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
22834 + const struct acl_subject_label *subj)
22836 + char *path = NULL;
22837 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 0);
22840 +static __inline__ struct acl_object_label *
22841 +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
22842 + const struct acl_subject_label *subj, char *path)
22844 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
22847 +static struct acl_subject_label *
22848 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
22849 + const struct acl_role_label *role)
22851 + struct dentry *dentry = (struct dentry *) l_dentry;
22852 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
22853 + struct acl_subject_label *retval;
22855 + spin_lock(&dcache_lock);
22858 + if (dentry == real_root && mnt == real_root_mnt)
22861 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
22862 + if (mnt->mnt_parent == mnt)
22865 + read_lock(&gr_inode_lock);
22867 + lookup_acl_subj_label(dentry->d_inode->i_ino,
22868 + dentry->d_inode->i_dev, role);
22869 + read_unlock(&gr_inode_lock);
22870 + if (retval != NULL)
22873 + dentry = mnt->mnt_mountpoint;
22874 + mnt = mnt->mnt_parent;
22878 + read_lock(&gr_inode_lock);
22880 + lookup_acl_subj_label(dentry->d_inode->i_ino,
22881 + dentry->d_inode->i_dev, role);
22882 + read_unlock(&gr_inode_lock);
22883 + if (retval != NULL)
22886 + dentry = dentry->d_parent;
22889 + read_lock(&gr_inode_lock);
22891 + lookup_acl_subj_label(dentry->d_inode->i_ino,
22892 + dentry->d_inode->i_dev, role);
22893 + read_unlock(&gr_inode_lock);
22895 + if (unlikely(retval == NULL)) {
22896 + read_lock(&gr_inode_lock);
22898 + lookup_acl_subj_label(real_root->d_inode->i_ino,
22899 + real_root->d_inode->i_dev, role);
22900 + read_unlock(&gr_inode_lock);
22903 + spin_unlock(&dcache_lock);
22909 +gr_log_learn(const struct task_struct *task, const char *pathname, const __u32 mode)
22911 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
22912 + task->uid, task->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry,
22913 + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename,
22914 + 1UL, 1UL, pathname, (unsigned long) mode, NIPQUAD(task->curr_ip));
22920 +gr_log_learn_id_change(const struct task_struct *task, const char type, const unsigned int real,
22921 + const unsigned int effective, const unsigned int fs)
22923 + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
22924 + task->uid, task->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry,
22925 + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename,
22926 + type, real, effective, fs, NIPQUAD(task->curr_ip));
22932 +gr_check_link(const struct dentry * new_dentry,
22933 + const struct dentry * parent_dentry,
22934 + const struct vfsmount * parent_mnt,
22935 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
22937 + struct acl_object_label *obj;
22938 + __u32 oldmode, newmode;
22941 + if (unlikely(!(gr_status & GR_READY)))
22942 + return (GR_CREATE | GR_LINK);
22944 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
22945 + oldmode = obj->mode;
22947 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
22948 + oldmode |= (GR_CREATE | GR_LINK);
22950 + needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS;
22951 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
22952 + needmode |= GR_SETID | GR_AUDIT_SETID;
22955 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
22956 + oldmode | needmode);
22958 + needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC |
22959 + GR_SETID | GR_READ | GR_FIND | GR_DELETE
22960 + | GR_INHERIT | GR_AUDIT_INHERIT);
22962 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID))
22965 + if ((oldmode & needmode) != needmode)
22968 + needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
22969 + if ((newmode & needmode) != needmode)
22972 + if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
22975 + needmode = oldmode;
22976 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
22977 + needmode |= GR_SETID;
22979 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
22980 + gr_log_learn(current, gr_to_filename(old_dentry, old_mnt), needmode);
22981 + return (GR_CREATE | GR_LINK);
22982 + } else if (newmode & GR_SUPPRESS)
22983 + return GR_SUPPRESS;
22989 +gr_search_file(const struct dentry * dentry, const __u32 mode,
22990 + const struct vfsmount * mnt)
22992 + __u32 retval = mode;
22993 + struct acl_subject_label *curracl;
22994 + struct acl_object_label *currobj;
22996 + if (unlikely(!(gr_status & GR_READY)))
22997 + return (mode & ~GR_AUDITS);
22999 + curracl = current->acl;
23001 + currobj = chk_obj_label(dentry, mnt, curracl);
23002 + retval = currobj->mode & mode;
23005 + ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
23006 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
23007 + __u32 new_mode = mode;
23009 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
23011 + retval = new_mode;
23013 + if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
23014 + new_mode |= GR_INHERIT;
23016 + if (!(mode & GR_NOLEARN))
23017 + gr_log_learn(current, gr_to_filename(dentry, mnt), new_mode);
23024 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
23025 + const struct vfsmount * mnt, const __u32 mode)
23027 + struct name_entry *match;
23028 + struct acl_object_label *matchpo;
23029 + struct acl_subject_label *curracl;
23033 + if (unlikely(!(gr_status & GR_READY)))
23034 + return (mode & ~GR_AUDITS);
23036 + path = gr_to_filename_rbac(new_dentry, mnt);
23037 + match = lookup_name_entry_create(path);
23040 + goto check_parent;
23042 + curracl = current->acl;
23044 + read_lock(&gr_inode_lock);
23045 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
23046 + read_unlock(&gr_inode_lock);
23049 + if ((matchpo->mode & mode) !=
23050 + (mode & ~(GR_AUDITS | GR_SUPPRESS))
23051 + && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
23052 + __u32 new_mode = mode;
23054 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
23056 + gr_log_learn(current, gr_to_filename(new_dentry, mnt), new_mode);
23060 + return (matchpo->mode & mode);
23064 + curracl = current->acl;
23066 + matchpo = chk_obj_create_label(parent, mnt, curracl, path);
23067 + retval = matchpo->mode & mode;
23069 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
23070 + && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) {
23071 + __u32 new_mode = mode;
23073 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
23075 + gr_log_learn(current, gr_to_filename(new_dentry, mnt), new_mode);
23083 +gr_check_hidden_task(const struct task_struct *task)
23085 + if (unlikely(!(gr_status & GR_READY)))
23088 + if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
23095 +gr_check_protected_task(const struct task_struct *task)
23097 + if (unlikely(!(gr_status & GR_READY) || !task))
23100 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
23101 + task->acl != current->acl)
23108 +gr_copy_label(struct task_struct *tsk)
23110 + tsk->used_accept = 0;
23111 + tsk->acl_sp_role = 0;
23112 + tsk->acl_role_id = current->acl_role_id;
23113 + tsk->acl = current->acl;
23114 + tsk->role = current->role;
23115 + tsk->curr_ip = current->curr_ip;
23116 + if (current->exec_file)
23117 + get_file(current->exec_file);
23118 + tsk->exec_file = current->exec_file;
23119 + tsk->is_writable = current->is_writable;
23120 + if (unlikely(current->used_accept))
23121 + current->curr_ip = 0;
23127 +gr_set_proc_res(struct task_struct *task)
23129 + struct acl_subject_label *proc;
23130 + unsigned short i;
23132 + proc = task->acl;
23134 + if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
23137 + for (i = 0; i < RLIM_NLIMITS; i++) {
23138 + if (!(proc->resmask & (1 << i)))
23141 + task->rlim[i].rlim_cur = proc->res[i].rlim_cur;
23142 + task->rlim[i].rlim_max = proc->res[i].rlim_max;
23148 +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ALSR))
23150 +pax_set_initial_flags(struct linux_binprm *bprm)
23152 + struct task_struct *task = current;
23153 + struct acl_subject_label *proc;
23154 + unsigned long flags;
23156 + if (unlikely(!(gr_status & GR_READY)))
23159 + flags = pax_get_flags(task);
23161 + proc = task->acl;
23163 + if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
23164 + flags &= ~MF_PAX_PAGEEXEC;
23165 + if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
23166 + flags &= ~MF_PAX_SEGMEXEC;
23167 + if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
23168 + flags &= ~MF_PAX_RANDMMAP;
23169 + if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
23170 + flags &= ~MF_PAX_EMUTRAMP;
23171 + if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
23172 + flags &= ~MF_PAX_MPROTECT;
23174 + if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
23175 + flags |= MF_PAX_PAGEEXEC;
23176 + if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
23177 + flags |= MF_PAX_SEGMEXEC;
23178 + if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
23179 + flags |= MF_PAX_RANDMMAP;
23180 + if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
23181 + flags |= MF_PAX_EMUTRAMP;
23182 + if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
23183 + flags |= MF_PAX_MPROTECT;
23185 + pax_set_flags(task, flags);
23192 +gr_check_user_change(int real, int effective, int fs)
23199 + int effectiveok = 0;
23202 + if (unlikely(!(gr_status & GR_READY)))
23205 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
23206 + gr_log_learn_id_change(current, 'u', real, effective, fs);
23208 + num = current->acl->user_trans_num;
23209 + uidlist = current->acl->user_transitions;
23211 + if (uidlist == NULL)
23216 + if (effective == -1)
23221 + if (current->acl->user_trans_type & GR_ID_ALLOW) {
23222 + for (i = 0; i < num; i++) {
23223 + curuid = (int)uidlist[i];
23224 + if (real == curuid)
23226 + if (effective == curuid)
23228 + if (fs == curuid)
23231 + } else if (current->acl->user_trans_type & GR_ID_DENY) {
23232 + for (i = 0; i < num; i++) {
23233 + curuid = (int)uidlist[i];
23234 + if (real == curuid)
23236 + if (effective == curuid)
23238 + if (fs == curuid)
23241 + /* not in deny list */
23249 + if (realok && effectiveok && fsok)
23252 + gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
23258 +gr_check_group_change(int real, int effective, int fs)
23265 + int effectiveok = 0;
23268 + if (unlikely(!(gr_status & GR_READY)))
23271 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
23272 + gr_log_learn_id_change(current, 'g', real, effective, fs);
23274 + num = current->acl->group_trans_num;
23275 + gidlist = current->acl->group_transitions;
23277 + if (gidlist == NULL)
23282 + if (effective == -1)
23287 + if (current->acl->group_trans_type & GR_ID_ALLOW) {
23288 + for (i = 0; i < num; i++) {
23289 + curgid = (int)gidlist[i];
23290 + if (real == curgid)
23292 + if (effective == curgid)
23294 + if (fs == curgid)
23297 + } else if (current->acl->group_trans_type & GR_ID_DENY) {
23298 + for (i = 0; i < num; i++) {
23299 + curgid = (int)gidlist[i];
23300 + if (real == curgid)
23302 + if (effective == curgid)
23304 + if (fs == curgid)
23307 + /* not in deny list */
23315 + if (realok && effectiveok && fsok)
23318 + gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
23324 +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
23326 + struct acl_role_label *role = task->role;
23327 + struct acl_subject_label *subj = NULL;
23328 + struct acl_object_label *obj;
23329 + struct file *filp;
23331 + if (unlikely(!(gr_status & GR_READY)))
23334 + filp = task->exec_file;
23336 + /* kernel process, we'll give them the kernel role */
23337 + if (unlikely(!filp)) {
23338 + task->role = kernel_role;
23339 + task->acl = kernel_role->root_label;
23341 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
23342 + role = lookup_acl_role_label(task, uid, gid);
23344 + /* perform subject lookup in possibly new role
23345 + we can use this result below in the case where role == task->role
23347 + subj = chk_subj_label(filp->f_dentry, filp->f_vfsmnt, role);
23349 + /* if we changed uid/gid, but result in the same role
23350 + and are using inheritance, don't lose the inherited subject
23351 + if current subject is other than what normal lookup
23352 + would result in, we arrived via inheritance, don't
23355 + if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
23356 + (subj == task->acl)))
23357 + task->acl = subj;
23359 + task->role = role;
23361 + task->is_writable = 0;
23363 + /* ignore additional mmap checks for processes that are writable
23364 + by the default ACL */
23365 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
23366 + if (unlikely(obj->mode & GR_WRITE))
23367 + task->is_writable = 1;
23368 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
23369 + if (unlikely(obj->mode & GR_WRITE))
23370 + task->is_writable = 1;
23372 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
23373 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
23376 + gr_set_proc_res(task);
23382 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
23384 + struct task_struct *task = current;
23385 + struct acl_subject_label *newacl;
23386 + struct acl_object_label *obj;
23389 + if (unlikely(!(gr_status & GR_READY)))
23392 + newacl = chk_subj_label(dentry, mnt, task->role);
23393 + obj = chk_obj_label(dentry, mnt, task->acl);
23394 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
23398 + (task->ptrace & PT_PTRACED) &&
23399 + !(task->acl->mode & GR_POVERRIDE) &&
23400 + (task->acl != newacl || obj->nested) &&
23401 + !(task->role->roletype & GR_ROLE_GOD) &&
23402 + !gr_search_file(dentry, GR_PTRACERD, mnt) &&
23403 + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
23405 + (atomic_read(&task->fs->count) > 1 ||
23406 + atomic_read(&task->files->count) > 1 ||
23407 + atomic_read(&task->sig->count) > 1
23409 + task_unlock(task);
23410 + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
23413 + task_unlock(task);
23415 + if (!(task->acl->mode & GR_INHERITLEARN) &&
23416 + ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
23418 + task->acl = obj->nested;
23420 + task->acl = newacl;
23421 + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
23422 + gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
23424 + task->is_writable = 0;
23426 + /* ignore additional mmap checks for processes that are writable
23427 + by the default ACL */
23428 + obj = chk_obj_label(dentry, mnt, default_role->root_label);
23429 + if (unlikely(obj->mode & GR_WRITE))
23430 + task->is_writable = 1;
23431 + obj = chk_obj_label(dentry, mnt, task->role->root_label);
23432 + if (unlikely(obj->mode & GR_WRITE))
23433 + task->is_writable = 1;
23435 + gr_set_proc_res(task);
23437 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
23438 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
23443 +/* always called with valid inodev ptr */
23445 +do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const __u32 dev)
23447 + struct acl_object_label *matchpo;
23448 + struct acl_subject_label *matchps;
23449 + struct acl_subject_label *subj;
23450 + struct acl_role_label *role;
23451 + unsigned int i, x;
23453 + FOR_EACH_ROLE_START(role, i)
23454 + FOR_EACH_SUBJECT_START(role, subj, x)
23455 + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
23456 + matchpo->mode |= GR_DELETED;
23457 + FOR_EACH_SUBJECT_END(subj,x)
23458 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
23459 + if (subj->inode == ino && subj->device == dev)
23460 + subj->mode |= GR_DELETED;
23461 + FOR_EACH_NESTED_SUBJECT_END(subj)
23462 + if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
23463 + matchps->mode |= GR_DELETED;
23464 + FOR_EACH_ROLE_END(role,i)
23466 + inodev->nentry->deleted = 1;
23472 +gr_handle_delete(const ino_t ino, const __u32 dev)
23474 + struct inodev_entry *inodev;
23476 + if (unlikely(!(gr_status & GR_READY)))
23479 + write_lock(&gr_inode_lock);
23480 + inodev = lookup_inodev_entry(ino, dev);
23481 + if (inodev != NULL)
23482 + do_handle_delete(inodev, ino, dev);
23483 + write_unlock(&gr_inode_lock);
23489 +update_acl_obj_label(const ino_t oldinode, const __u32 olddevice,
23490 + const ino_t newinode, const __u32 newdevice,
23491 + struct acl_subject_label *subj)
23493 + unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
23494 + struct acl_object_label *match;
23496 + match = subj->obj_hash[index];
23498 + while (match && (match->inode != oldinode ||
23499 + match->device != olddevice ||
23500 + !(match->mode & GR_DELETED)))
23501 + match = match->next;
23503 + if (match && (match->inode == oldinode)
23504 + && (match->device == olddevice)
23505 + && (match->mode & GR_DELETED)) {
23506 + if (match->prev == NULL) {
23507 + subj->obj_hash[index] = match->next;
23508 + if (match->next != NULL)
23509 + match->next->prev = NULL;
23511 + match->prev->next = match->next;
23512 + if (match->next != NULL)
23513 + match->next->prev = match->prev;
23515 + match->prev = NULL;
23516 + match->next = NULL;
23517 + match->inode = newinode;
23518 + match->device = newdevice;
23519 + match->mode &= ~GR_DELETED;
23521 + insert_acl_obj_label(match, subj);
23528 +update_acl_subj_label(const ino_t oldinode, const __u32 olddevice,
23529 + const ino_t newinode, const __u32 newdevice,
23530 + struct acl_role_label *role)
23532 + unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
23533 + struct acl_subject_label *match;
23535 + match = role->subj_hash[index];
23537 + while (match && (match->inode != oldinode ||
23538 + match->device != olddevice ||
23539 + !(match->mode & GR_DELETED)))
23540 + match = match->next;
23542 + if (match && (match->inode == oldinode)
23543 + && (match->device == olddevice)
23544 + && (match->mode & GR_DELETED)) {
23545 + if (match->prev == NULL) {
23546 + role->subj_hash[index] = match->next;
23547 + if (match->next != NULL)
23548 + match->next->prev = NULL;
23550 + match->prev->next = match->next;
23551 + if (match->next != NULL)
23552 + match->next->prev = match->prev;
23554 + match->prev = NULL;
23555 + match->next = NULL;
23556 + match->inode = newinode;
23557 + match->device = newdevice;
23558 + match->mode &= ~GR_DELETED;
23560 + insert_acl_subj_label(match, role);
23567 +update_inodev_entry(const ino_t oldinode, const __u32 olddevice,
23568 + const ino_t newinode, const __u32 newdevice)
23570 + unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
23571 + struct inodev_entry *match;
23573 + match = inodev_set.i_hash[index];
23575 + while (match && (match->nentry->inode != oldinode ||
23576 + match->nentry->device != olddevice || !match->nentry->deleted))
23577 + match = match->next;
23579 + if (match && (match->nentry->inode == oldinode)
23580 + && (match->nentry->device == olddevice) &&
23581 + match->nentry->deleted) {
23582 + if (match->prev == NULL) {
23583 + inodev_set.i_hash[index] = match->next;
23584 + if (match->next != NULL)
23585 + match->next->prev = NULL;
23587 + match->prev->next = match->next;
23588 + if (match->next != NULL)
23589 + match->next->prev = match->prev;
23591 + match->prev = NULL;
23592 + match->next = NULL;
23593 + match->nentry->inode = newinode;
23594 + match->nentry->device = newdevice;
23595 + match->nentry->deleted = 0;
23597 + insert_inodev_entry(match);
23604 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
23605 + const struct vfsmount *mnt)
23607 + struct acl_subject_label *subj;
23608 + struct acl_role_label *role;
23609 + unsigned int i, x;
23611 + FOR_EACH_ROLE_START(role, i)
23612 + update_acl_subj_label(matchn->inode, matchn->device,
23613 + dentry->d_inode->i_ino,
23614 + dentry->d_inode->i_dev, role);
23616 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
23617 + if ((subj->inode == dentry->d_inode->i_ino) &&
23618 + (subj->device == dentry->d_inode->i_dev)) {
23619 + subj->inode = dentry->d_inode->i_ino;
23620 + subj->device = dentry->d_inode->i_dev;
23622 + FOR_EACH_NESTED_SUBJECT_END(subj)
23623 + FOR_EACH_SUBJECT_START(role, subj, x)
23624 + update_acl_obj_label(matchn->inode, matchn->device,
23625 + dentry->d_inode->i_ino,
23626 + dentry->d_inode->i_dev, subj);
23628 + FOR_EACH_SUBJECT_END(subj,x)
23629 + FOR_EACH_ROLE_END(role,i)
23631 + update_inodev_entry(matchn->inode, matchn->device,
23632 + dentry->d_inode->i_ino, dentry->d_inode->i_dev);
23638 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
23640 + struct name_entry *matchn;
23642 + if (unlikely(!(gr_status & GR_READY)))
23645 + matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
23647 + if (unlikely((unsigned long)matchn)) {
23648 + write_lock(&gr_inode_lock);
23649 + do_handle_create(matchn, dentry, mnt);
23650 + write_unlock(&gr_inode_lock);
23657 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
23658 + struct dentry *old_dentry,
23659 + struct dentry *new_dentry,
23660 + struct vfsmount *mnt, const __u8 replace)
23662 + struct name_entry *matchn;
23663 + struct inodev_entry *inodev;
23666 + matchn = lookup_name_entry(gr_to_filename_rbac(new_dentry, mnt));
23669 + error = vfs_rename(old_dir, old_dentry, new_dir, new_dentry);
23672 + if (unlikely(error))
23675 + /* we wouldn't have to check d_inode if it weren't for
23676 + NFS silly-renaming
23679 + write_lock(&gr_inode_lock);
23680 + if (unlikely(replace && new_dentry->d_inode)) {
23681 + inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino,
23682 + new_dentry->d_inode->i_dev);
23684 + if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1))
23685 + do_handle_delete(inodev, new_dentry->d_inode->i_ino,
23686 + new_dentry->d_inode->i_dev);
23689 + inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino,
23690 + old_dentry->d_inode->i_dev);
23692 + if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
23693 + do_handle_delete(inodev, old_dentry->d_inode->i_ino,
23694 + old_dentry->d_inode->i_dev);
23696 + if (unlikely((unsigned long)matchn))
23697 + do_handle_create(matchn, old_dentry, mnt);
23699 + write_unlock(&gr_inode_lock);
23705 +lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
23706 + unsigned char **sum)
23708 + struct acl_role_label *r;
23709 + struct role_allowed_ip *ipp;
23710 + struct role_transition *trans;
23714 + /* check transition table */
23716 + for (trans = current->role->transitions; trans; trans = trans->next) {
23717 + if (!strcmp(rolename, trans->rolename)) {
23726 + /* handle special roles that do not require authentication
23729 + FOR_EACH_ROLE_START(r, i)
23730 + if (!strcmp(rolename, r->rolename) &&
23731 + (r->roletype & GR_ROLE_SPECIAL)) {
23733 + if (r->allowed_ips != NULL) {
23734 + for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
23735 + if ((ntohl(current->curr_ip) & ipp->netmask) ==
23736 + (ntohl(ipp->addr) & ipp->netmask))
23744 + if (((mode == GR_SPROLEPAM) &&
23745 + (r->roletype & GR_ROLE_PAM)) ||
23746 + ((mode == GR_SPROLE) &&
23747 + (r->roletype & GR_ROLE_NOPW))) {
23753 + FOR_EACH_ROLE_END(r,i)
23755 + for (i = 0; i < num_sprole_pws; i++) {
23756 + if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
23757 + *salt = acl_special_roles[i]->salt;
23758 + *sum = acl_special_roles[i]->sum;
23767 +assign_special_role(char *rolename)
23769 + struct acl_object_label *obj;
23770 + struct acl_role_label *r;
23771 + struct acl_role_label *assigned = NULL;
23772 + struct task_struct *tsk;
23773 + struct file *filp;
23776 + FOR_EACH_ROLE_START(r, i)
23777 + if (!strcmp(rolename, r->rolename) &&
23778 + (r->roletype & GR_ROLE_SPECIAL))
23780 + FOR_EACH_ROLE_END(r,i)
23785 + read_lock(&tasklist_lock);
23786 + read_lock(&grsec_exec_file_lock);
23787 + tsk = current->p_pptr;
23791 + filp = tsk->exec_file;
23792 + if (filp == NULL)
23795 + tsk->is_writable = 0;
23797 + tsk->acl_sp_role = 1;
23798 + tsk->acl_role_id = ++acl_sp_role_value;
23799 + tsk->role = assigned;
23800 + tsk->acl = chk_subj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role);
23802 + /* ignore additional mmap checks for processes that are writable
23803 + by the default ACL */
23804 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
23805 + if (unlikely(obj->mode & GR_WRITE))
23806 + tsk->is_writable = 1;
23807 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role->root_label);
23808 + if (unlikely(obj->mode & GR_WRITE))
23809 + tsk->is_writable = 1;
23811 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
23812 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
23816 + read_unlock(&grsec_exec_file_lock);
23817 + read_unlock(&tasklist_lock);
23821 +int gr_check_secure_terminal(struct task_struct *task)
23823 + struct task_struct *p, *p2;
23824 + struct files_struct *files;
23825 + struct file *our_file = NULL, *file;
23828 + if (task->tty == NULL)
23832 + files = task->files;
23833 + if (files != NULL) {
23834 + read_lock(&files->file_lock);
23835 + for (i=0; i < files->max_fds; i++) {
23836 + file = fcheck_files(files, i);
23837 + if (file && (our_file == NULL) && (file->private_data == task->tty)) {
23842 + read_unlock(&files->file_lock);
23844 + task_unlock(task);
23846 + if (our_file == NULL)
23849 + read_lock(&tasklist_lock);
23850 + for_each_task(p) {
23852 + files = p->files;
23853 + if (files == NULL || p->tty == task->tty) {
23857 + read_lock(&files->file_lock);
23858 + for (i=0; i < files->max_fds; i++) {
23859 + file = fcheck_files(files, i);
23860 + if (file && S_ISCHR(file->f_dentry->d_inode->i_mode) &&
23861 + file->f_dentry->d_inode->i_rdev == our_file->f_dentry->d_inode->i_rdev) {
23863 + while (p2->pid > 0) {
23870 + gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
23871 + gr_handle_alertkill(p);
23872 + read_unlock(&files->file_lock);
23874 + read_unlock(&tasklist_lock);
23879 + read_unlock(&files->file_lock);
23882 + read_unlock(&tasklist_lock);
23889 +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
23891 + struct gr_arg_wrapper uwrap;
23892 + unsigned char *sprole_salt;
23893 + unsigned char *sprole_sum;
23894 + int error = sizeof (struct gr_arg_wrapper);
23897 + down(&gr_dev_sem);
23899 + if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
23904 + if (count != sizeof (struct gr_arg_wrapper)) {
23905 + gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
23910 + if (gr_auth_expires && time_after_eq(jiffies, gr_auth_expires)) {
23911 + gr_auth_expires = 0;
23912 + gr_auth_attempts = 0;
23915 + if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
23920 + if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
23925 + if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
23930 + if (gr_usermode->mode != GR_SPROLE &&
23931 + gr_usermode->mode != GR_SPROLEPAM &&
23932 + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
23933 + time_after(gr_auth_expires, jiffies)) {
23938 + /* if non-root trying to do anything other than use a special role,
23939 + do not attempt authentication, do not count towards authentication
23943 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
23944 + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
23950 + /* ensure pw and special role name are null terminated */
23952 + gr_usermode->pw[GR_PW_LEN - 1] = '\0';
23953 + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
23956 + * We have our enough of the argument structure..(we have yet
23957 + * to copy_from_user the tables themselves) . Copy the tables
23958 + * only if we need them, i.e. for loading operations. */
23960 + switch (gr_usermode->mode) {
23962 + if (gr_status & GR_READY) {
23964 + if (!gr_check_secure_terminal(current))
23969 + case GR_SHUTDOWN:
23970 + if ((gr_status & GR_READY)
23971 + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
23972 + gr_status &= ~GR_READY;
23973 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
23974 + free_variables();
23975 + memset(gr_usermode, 0, sizeof (struct gr_arg));
23976 + memset(gr_system_salt, 0, GR_SALT_LEN);
23977 + memset(gr_system_sum, 0, GR_SHA_LEN);
23978 + } else if (gr_status & GR_READY) {
23979 + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
23982 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
23987 + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
23988 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
23990 + if (gr_status & GR_READY)
23994 + gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
23998 + if (!(gr_status & GR_READY)) {
23999 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
24001 + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
24003 + gr_status &= ~GR_READY;
24004 + free_variables();
24005 + if (!(error2 = gracl_init(gr_usermode))) {
24007 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
24011 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
24014 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
24019 + if (unlikely(!(gr_status & GR_READY))) {
24020 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
24025 + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
24026 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
24027 + if (gr_usermode->segv_device && gr_usermode->segv_inode) {
24028 + struct acl_subject_label *segvacl;
24030 + lookup_acl_subj_label(gr_usermode->segv_inode,
24031 + gr_usermode->segv_device,
24034 + segvacl->crashes = 0;
24035 + segvacl->expires = 0;
24037 + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
24038 + gr_remove_uid(gr_usermode->segv_uid);
24041 + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
24046 + case GR_SPROLEPAM:
24047 + if (unlikely(!(gr_status & GR_READY))) {
24048 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
24053 + if (current->role->expires && time_after_eq(jiffies, current->role->expires)) {
24054 + current->role->expires = 0;
24055 + current->role->auth_attempts = 0;
24058 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
24059 + time_after(current->role->expires, jiffies)) {
24064 + if (lookup_special_role_auth
24065 + (gr_usermode->mode, gr_usermode->sp_role,
24066 + &sprole_salt, &sprole_sum)
24067 + && ((!sprole_salt && !sprole_sum)
24068 + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
24070 + assign_special_role(gr_usermode->sp_role);
24071 + read_lock(&tasklist_lock);
24072 + if (current->p_pptr)
24073 + p = current->p_pptr->role->rolename;
24074 + read_unlock(&tasklist_lock);
24075 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
24076 + p, acl_sp_role_value);
24078 + gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
24080 + if(!(current->role->auth_attempts++))
24081 + current->role->expires = jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
24086 + case GR_UNSPROLE:
24087 + if (unlikely(!(gr_status & GR_READY))) {
24088 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
24093 + if (current->role->roletype & GR_ROLE_SPECIAL) {
24097 + read_lock(&tasklist_lock);
24098 + if (current->p_pptr) {
24099 + p = current->p_pptr->role->rolename;
24100 + i = current->p_pptr->acl_role_id;
24102 + read_unlock(&tasklist_lock);
24104 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
24107 + gr_log_str(GR_DONT_AUDIT, GR_UNSPROLEF_ACL_MSG, current->role->rolename);
24113 + gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
24118 + if (error != -EPERM)
24121 + if(!(gr_auth_attempts++))
24122 + gr_auth_expires = jiffies + CONFIG_GRKERNSEC_ACL_TIMEOUT * HZ;
24130 +gr_set_acls(const int type)
24132 + struct acl_object_label *obj;
24133 + struct task_struct *task;
24134 + struct file *filp;
24135 + struct acl_role_label *role = current->role;
24136 + __u16 acl_role_id = current->acl_role_id;
24138 + struct name_entry *nmatch;
24139 + struct acl_subject_label *tmpsubj;
24141 + read_lock(&tasklist_lock);
24142 + read_lock(&grsec_exec_file_lock);
24143 + for_each_task(task) {
24144 + /* check to see if we're called from the exit handler,
24145 + if so, only replace ACLs that have inherited the admin
24148 + if (type && (task->role != role ||
24149 + task->acl_role_id != acl_role_id))
24152 + task->acl_role_id = 0;
24153 + task->acl_sp_role = 0;
24155 + if ((filp = task->exec_file)) {
24156 + task->role = lookup_acl_role_label(task, task->uid, task->gid);
24158 + /* the following is to apply the correct subject
24159 + on binaries running when the RBAC system
24160 + is enabled, when the binaries have been
24161 + replaced or deleted since their execution
24163 + when the RBAC system starts, the inode/dev
24164 + from exec_file will be one the RBAC system
24165 + is unaware of. It only knows the inode/dev
24166 + of the present file on disk, or the absence
24169 + tmpname = gr_to_filename_rbac(filp->f_dentry, filp->f_vfsmnt);
24170 + nmatch = lookup_name_entry(tmpname);
24173 + if (nmatch->deleted)
24174 + tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
24176 + tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
24177 + if (tmpsubj != NULL)
24178 + task->acl = tmpsubj;
24180 + if (tmpsubj == NULL)
24181 + task->acl = chk_subj_label(filp->f_dentry, filp->f_vfsmnt,
24184 + struct acl_subject_label *curr;
24185 + curr = task->acl;
24187 + task->is_writable = 0;
24188 + /* ignore additional mmap checks for processes that are writable
24189 + by the default ACL */
24190 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
24191 + if (unlikely(obj->mode & GR_WRITE))
24192 + task->is_writable = 1;
24193 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label);
24194 + if (unlikely(obj->mode & GR_WRITE))
24195 + task->is_writable = 1;
24197 + gr_set_proc_res(task);
24199 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
24200 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
24203 + read_unlock(&grsec_exec_file_lock);
24204 + read_unlock(&tasklist_lock);
24205 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
24209 + // it's a kernel process
24210 + task->role = kernel_role;
24211 + task->acl = kernel_role->root_label;
24212 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
24213 + task->acl->mode &= ~GR_PROCFIND;
24217 + read_unlock(&grsec_exec_file_lock);
24218 + read_unlock(&tasklist_lock);
24223 +gr_learn_resource(const struct task_struct *task,
24224 + const int res, const unsigned long wanted, const int gt)
24226 + struct acl_subject_label *acl;
24228 + if (unlikely((gr_status & GR_READY) &&
24229 + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
24230 + goto skip_reslog;
24232 +#ifdef CONFIG_GRKERNSEC_RESLOG
24233 + gr_log_resource(task, res, wanted, gt);
24237 + if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
24242 + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
24243 + !(acl->resmask & (1 << (unsigned short) res))))
24246 + if (wanted >= acl->res[res].rlim_cur) {
24247 + unsigned long res_add;
24249 + res_add = wanted;
24252 + res_add += GR_RLIM_CPU_BUMP;
24254 + case RLIMIT_FSIZE:
24255 + res_add += GR_RLIM_FSIZE_BUMP;
24257 + case RLIMIT_DATA:
24258 + res_add += GR_RLIM_DATA_BUMP;
24260 + case RLIMIT_STACK:
24261 + res_add += GR_RLIM_STACK_BUMP;
24263 + case RLIMIT_CORE:
24264 + res_add += GR_RLIM_CORE_BUMP;
24267 + res_add += GR_RLIM_RSS_BUMP;
24269 + case RLIMIT_NPROC:
24270 + res_add += GR_RLIM_NPROC_BUMP;
24272 + case RLIMIT_NOFILE:
24273 + res_add += GR_RLIM_NOFILE_BUMP;
24275 + case RLIMIT_MEMLOCK:
24276 + res_add += GR_RLIM_MEMLOCK_BUMP;
24279 + res_add += GR_RLIM_AS_BUMP;
24281 + case RLIMIT_LOCKS:
24282 + res_add += GR_RLIM_LOCKS_BUMP;
24286 + acl->res[res].rlim_cur = res_add;
24288 + if (wanted > acl->res[res].rlim_max)
24289 + acl->res[res].rlim_max = res_add;
24291 + /* only log the subject filename, since resource logging is supported for
24292 + single-subject learning only */
24293 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
24294 + task->role->roletype, task->uid, task->gid, acl->filename,
24295 + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
24296 + "", (unsigned long) res, NIPQUAD(task->curr_ip));
24302 +#ifdef CONFIG_SYSCTL
24303 +extern struct proc_dir_entry *proc_sys_root;
24306 +gr_handle_sysctl(const struct ctl_table *table, const void *oldval,
24307 + const void *newval)
24309 + struct proc_dir_entry *tmp;
24310 + struct nameidata nd;
24311 + const char *proc_sys = "/proc/sys";
24312 + char *path = gr_shared_page[0][smp_processor_id()];
24313 + struct acl_object_label *obj;
24314 + unsigned short len = 0, pos = 0, depth = 0, i;
24318 + if (unlikely(!(gr_status & GR_READY)))
24324 + mode |= GR_WRITE;
24326 + /* convert the requested sysctl entry into a pathname */
24328 + for (tmp = table->de; tmp != proc_sys_root; tmp = tmp->parent) {
24329 + len += strlen(tmp->name);
24334 + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE)
24335 + return 0; // deny
24337 + memset(path, 0, PAGE_SIZE);
24339 + memcpy(path, proc_sys, strlen(proc_sys));
24341 + pos += strlen(proc_sys);
24343 + for (; depth > 0; depth--) {
24346 + for (i = 1, tmp = table->de; tmp != proc_sys_root;
24347 + tmp = tmp->parent) {
24348 + if (depth == i) {
24349 + memcpy(path + pos, tmp->name,
24350 + strlen(tmp->name));
24351 + pos += strlen(tmp->name);
24357 + if (path_init(path, LOOKUP_FOLLOW, &nd))
24358 + err = path_walk(path, &nd);
24363 + obj = chk_obj_label(nd.dentry, nd.mnt, current->acl);
24364 + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
24366 + if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) && ((err & mode) != mode))) {
24367 + __u32 new_mode = mode;
24369 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
24372 + gr_log_learn(current, path, new_mode);
24373 + } else if ((err & mode) != mode && !(err & GR_SUPPRESS)) {
24374 + gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
24375 + path, (mode & GR_READ) ? " reading" : "",
24376 + (mode & GR_WRITE) ? " writing" : "");
24378 + } else if ((err & mode) != mode) {
24380 + } else if (((err & mode) == mode) && (err & GR_AUDITS)) {
24381 + gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
24382 + path, (mode & GR_READ) ? " reading" : "",
24383 + (mode & GR_WRITE) ? " writing" : "");
24386 + path_release(&nd);
24394 +gr_handle_proc_ptrace(struct task_struct *task)
24396 + struct file *filp;
24397 + struct task_struct *tmp = task;
24398 + struct task_struct *curtemp = current;
24401 + if (unlikely(!(gr_status & GR_READY)))
24404 + read_lock(&tasklist_lock);
24405 + read_lock(&grsec_exec_file_lock);
24406 + filp = task->exec_file;
24408 + while (tmp->pid > 0) {
24409 + if (tmp == curtemp)
24411 + tmp = tmp->p_pptr;
24414 + if (!filp || (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE))) {
24415 + read_unlock(&grsec_exec_file_lock);
24416 + read_unlock(&tasklist_lock);
24420 + retmode = gr_search_file(filp->f_dentry, GR_NOPTRACE, filp->f_vfsmnt);
24421 + read_unlock(&grsec_exec_file_lock);
24422 + read_unlock(&tasklist_lock);
24424 + if (retmode & GR_NOPTRACE)
24427 + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
24428 + && (current->acl != task->acl || (current->acl != current->role->root_label
24429 + && current->pid != task->pid)))
24436 +gr_handle_ptrace(struct task_struct *task, const long request)
24438 + struct task_struct *tmp = task;
24439 + struct task_struct *curtemp = current;
24442 + if (unlikely(!(gr_status & GR_READY)))
24445 + read_lock(&tasklist_lock);
24446 + while (tmp->pid > 0) {
24447 + if (tmp == curtemp)
24449 + tmp = tmp->p_pptr;
24452 + if (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE)) {
24453 + read_unlock(&tasklist_lock);
24454 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
24457 + read_unlock(&tasklist_lock);
24459 + read_lock(&grsec_exec_file_lock);
24460 + if (unlikely(!task->exec_file)) {
24461 + read_unlock(&grsec_exec_file_lock);
24465 + retmode = gr_search_file(task->exec_file->f_dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_vfsmnt);
24466 + read_unlock(&grsec_exec_file_lock);
24468 + if (retmode & GR_NOPTRACE) {
24469 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
24473 + if (retmode & GR_PTRACERD) {
24474 + switch (request) {
24475 + case PTRACE_POKETEXT:
24476 + case PTRACE_POKEDATA:
24477 + case PTRACE_POKEUSR:
24478 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
24479 + case PTRACE_SETREGS:
24480 + case PTRACE_SETFPREGS:
24483 + case PTRACE_SETFPXREGS:
24485 +#ifdef CONFIG_ALTIVEC
24486 + case PTRACE_SETVRREGS:
24492 + } else if (!(current->acl->mode & GR_POVERRIDE) &&
24493 + !(current->role->roletype & GR_ROLE_GOD) &&
24494 + (current->acl != task->acl)) {
24495 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
24502 +static int is_writable_mmap(const struct file *filp)
24504 + struct task_struct *task = current;
24505 + struct acl_object_label *obj, *obj2;
24507 + if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
24508 + !task->is_writable && S_ISREG(filp->f_dentry->d_inode->i_mode)) {
24509 + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label);
24510 + obj2 = chk_obj_label(filp->f_dentry, filp->f_vfsmnt,
24511 + task->role->root_label);
24512 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
24513 + gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_dentry, filp->f_vfsmnt);
24522 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
24526 + if (unlikely(!file || !(prot & PROT_EXEC)))
24529 + if (is_writable_mmap(file))
24533 + gr_search_file(file->f_dentry,
24534 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
24537 + if (!gr_tpe_allow(file))
24540 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
24541 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_dentry, file->f_vfsmnt);
24543 + } else if (unlikely(!(mode & GR_EXEC))) {
24545 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
24546 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_dentry, file->f_vfsmnt);
24554 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
24558 + if (unlikely(!file || !(prot & PROT_EXEC)))
24561 + if (is_writable_mmap(file))
24565 + gr_search_file(file->f_dentry,
24566 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
24569 + if (!gr_tpe_allow(file))
24572 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
24573 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_dentry, file->f_vfsmnt);
24575 + } else if (unlikely(!(mode & GR_EXEC))) {
24577 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
24578 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_dentry, file->f_vfsmnt);
24586 +gr_acl_handle_psacct(struct task_struct *task, const long code)
24588 + unsigned long runtime;
24589 + unsigned long cputime;
24590 + unsigned int wday, cday;
24595 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
24596 + !(task->acl->mode & GR_PROCACCT)))
24599 + runtime = (jiffies - task->start_time) / HZ;
24600 + wday = runtime / (3600 * 24);
24601 + runtime -= wday * (3600 * 24);
24602 + whr = runtime / 3600;
24603 + runtime -= whr * 3600;
24604 + wmin = runtime / 60;
24605 + runtime -= wmin * 60;
24608 + cputime = (task->times.tms_utime + task->times.tms_stime) / HZ;
24609 + cday = cputime / (3600 * 24);
24610 + cputime -= cday * (3600 * 24);
24611 + chr = cputime / 3600;
24612 + cputime -= chr * 3600;
24613 + cmin = cputime / 60;
24614 + cputime -= cmin * 60;
24617 + gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
24622 +void gr_set_kernel_label(struct task_struct *task)
24624 + if (gr_status & GR_READY) {
24625 + task->role = kernel_role;
24626 + task->acl = kernel_role->root_label;
24631 +int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
24633 + struct task_struct *task = current;
24634 + struct dentry *dentry = file->f_dentry;
24635 + struct vfsmount *mnt = file->f_vfsmnt;
24636 + struct acl_object_label *obj, *tmp;
24637 + struct acl_subject_label *subj;
24638 + unsigned int bufsize;
24642 + if (unlikely(!(gr_status & GR_READY)))
24645 + if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
24648 + subj = task->acl;
24650 + obj = lookup_acl_obj_label(ino, dentry->d_inode->i_dev, subj);
24652 + return (obj->mode & GR_FIND) ? 1 : 0;
24653 + } while ((subj = subj->parent_subject));
24655 + /* this is purely an optimization since we're looking for an object
24656 + for the directory we're doing a readdir on
24657 + if it's possible for any globbed object to match the entry we're
24658 + filling into the directory, then the object we find here will be
24659 + an anchor point with attached globbed objects
24661 + obj = chk_obj_label_noglob(dentry, mnt, task->acl);
24662 + if (obj->globbed == NULL)
24663 + return (obj->mode & GR_FIND) ? 1 : 0;
24665 + is_not_root = ((obj->filename[0] == '/') &&
24666 + (obj->filename[1] == '\0')) ? 0 : 1;
24667 + bufsize = PAGE_SIZE - namelen - is_not_root;
24669 + /* check bufsize > PAGE_SIZE || bufsize == 0 */
24670 + if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
24673 + path = d_real_path(dentry, mnt, gr_shared_page[0][smp_processor_id()],
24676 + bufsize = strlen(path);
24678 + /* if base is "/", don't append an additional slash */
24680 + *(path + bufsize) = '/';
24681 + memcpy(path + bufsize + is_not_root, name, namelen);
24682 + *(path + bufsize + namelen + is_not_root) = '\0';
24684 + tmp = obj->globbed;
24686 + if (!glob_match(tmp->filename, path))
24687 + return (tmp->mode & GR_FIND) ? 1 : 0;
24690 + return (obj->mode & GR_FIND) ? 1 : 0;
24692 diff -urNp linux-2.4.37.7/grsecurity/gracl_cap.c linux-2.4.37.7/grsecurity/gracl_cap.c
24693 --- linux-2.4.37.7/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
24694 +++ linux-2.4.37.7/grsecurity/gracl_cap.c 2009-11-10 19:30:27.000000000 -0500
24696 +#include <linux/kernel.h>
24697 +#include <linux/sched.h>
24698 +#include <linux/capability.h>
24699 +#include <linux/gracl.h>
24700 +#include <linux/grsecurity.h>
24701 +#include <linux/grinternal.h>
24703 +static const char *captab_log[] = {
24705 + "CAP_DAC_OVERRIDE",
24706 + "CAP_DAC_READ_SEARCH",
24713 + "CAP_LINUX_IMMUTABLE",
24714 + "CAP_NET_BIND_SERVICE",
24715 + "CAP_NET_BROADCAST",
24720 + "CAP_SYS_MODULE",
24722 + "CAP_SYS_CHROOT",
24723 + "CAP_SYS_PTRACE",
24728 + "CAP_SYS_RESOURCE",
24730 + "CAP_SYS_TTY_CONFIG",
24736 +gr_task_is_capable(struct task_struct *task, const int cap)
24738 + struct acl_subject_label *curracl;
24739 + __u32 cap_drop = 0, cap_mask = 0;
24741 + if (!gr_acl_is_enabled())
24744 + curracl = task->acl;
24746 + cap_drop = curracl->cap_lower;
24747 + cap_mask = curracl->cap_mask;
24749 + while ((curracl = curracl->parent_subject)) {
24750 + if (!(cap_mask & (1 << cap)) && (curracl->cap_mask & (1 << cap)))
24751 + cap_drop |= curracl->cap_lower & (1 << cap);
24752 + cap_mask |= curracl->cap_mask;
24755 + if (!cap_raised(cap_drop, cap))
24758 + curracl = task->acl;
24760 + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
24761 + && cap_raised(task->cap_effective, cap)) {
24762 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
24763 + task->role->roletype, task->uid,
24764 + task->gid, task->exec_file ?
24765 + gr_to_filename(task->exec_file->f_dentry,
24766 + task->exec_file->f_vfsmnt) : curracl->filename,
24767 + curracl->filename, 0UL,
24768 + 0UL, "", (unsigned long) cap, NIPQUAD(task->curr_ip));
24772 + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(task->cap_effective, cap))
24773 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
24777 diff -urNp linux-2.4.37.7/grsecurity/gracl_fs.c linux-2.4.37.7/grsecurity/gracl_fs.c
24778 --- linux-2.4.37.7/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
24779 +++ linux-2.4.37.7/grsecurity/gracl_fs.c 2009-11-10 19:30:27.000000000 -0500
24781 +#include <linux/kernel.h>
24782 +#include <linux/sched.h>
24783 +#include <linux/types.h>
24784 +#include <linux/fs.h>
24785 +#include <linux/file.h>
24786 +#include <linux/stat.h>
24787 +#include <linux/grsecurity.h>
24788 +#include <linux/grinternal.h>
24789 +#include <linux/gracl.h>
24792 +gr_acl_handle_hidden_file(const struct dentry * dentry,
24793 + const struct vfsmount * mnt)
24797 + if (unlikely(!dentry->d_inode))
24801 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
24803 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
24804 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
24806 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
24807 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
24809 + } else if (unlikely(!(mode & GR_FIND)))
24816 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
24819 + __u32 reqmode = GR_FIND;
24822 + if (unlikely(!dentry->d_inode))
24825 + if (unlikely(fmode & O_APPEND))
24826 + reqmode |= GR_APPEND;
24827 + else if (unlikely(fmode & FMODE_WRITE))
24828 + reqmode |= GR_WRITE;
24829 + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
24830 + reqmode |= GR_READ;
24833 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
24836 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
24837 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
24838 + reqmode & GR_READ ? " reading" : "",
24839 + reqmode & GR_WRITE ? " writing" : reqmode &
24840 + GR_APPEND ? " appending" : "");
24843 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
24845 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
24846 + reqmode & GR_READ ? " reading" : "",
24847 + reqmode & GR_WRITE ? " writing" : reqmode &
24848 + GR_APPEND ? " appending" : "");
24850 + } else if (unlikely((mode & reqmode) != reqmode))
24857 +gr_acl_handle_creat(const struct dentry * dentry,
24858 + const struct dentry * p_dentry,
24859 + const struct vfsmount * p_mnt, const int fmode,
24862 + __u32 reqmode = GR_WRITE | GR_CREATE;
24865 + if (unlikely(fmode & O_APPEND))
24866 + reqmode |= GR_APPEND;
24867 + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
24868 + reqmode |= GR_READ;
24869 + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
24870 + reqmode |= GR_SETID;
24873 + gr_check_create(dentry, p_dentry, p_mnt,
24874 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
24876 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
24877 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
24878 + reqmode & GR_READ ? " reading" : "",
24879 + reqmode & GR_WRITE ? " writing" : reqmode &
24880 + GR_APPEND ? " appending" : "");
24883 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
24885 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
24886 + reqmode & GR_READ ? " reading" : "",
24887 + reqmode & GR_WRITE ? " writing" : reqmode &
24888 + GR_APPEND ? " appending" : "");
24890 + } else if (unlikely((mode & reqmode) != reqmode))
24897 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
24900 + __u32 mode, reqmode = GR_FIND;
24902 + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
24903 + reqmode |= GR_EXEC;
24904 + if (fmode & S_IWOTH)
24905 + reqmode |= GR_WRITE;
24906 + if (fmode & S_IROTH)
24907 + reqmode |= GR_READ;
24910 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
24913 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
24914 + gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
24915 + reqmode & GR_READ ? " reading" : "",
24916 + reqmode & GR_WRITE ? " writing" : "",
24917 + reqmode & GR_EXEC ? " executing" : "");
24920 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
24922 + gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
24923 + reqmode & GR_READ ? " reading" : "",
24924 + reqmode & GR_WRITE ? " writing" : "",
24925 + reqmode & GR_EXEC ? " executing" : "");
24927 + } else if (unlikely((mode & reqmode) != reqmode))
24933 +static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
24937 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
24939 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
24940 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
24942 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
24943 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
24945 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
24948 + return (reqmode);
24952 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
24954 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
24958 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
24960 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
24964 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
24966 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
24970 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
24972 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
24976 +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
24979 + if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
24982 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
24983 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
24984 + GR_FCHMOD_ACL_MSG);
24986 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
24991 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
24994 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
24995 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
24996 + GR_CHMOD_ACL_MSG);
24998 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
25003 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
25005 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
25009 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
25011 + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
25015 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
25017 + return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
25018 + GR_UNIXCONNECT_ACL_MSG);
25021 +/* hardlinks require at minimum create permission,
25022 + any additional privilege required is based on the
25023 + privilege of the file being linked to
25026 +gr_acl_handle_link(const struct dentry * new_dentry,
25027 + const struct dentry * parent_dentry,
25028 + const struct vfsmount * parent_mnt,
25029 + const struct dentry * old_dentry,
25030 + const struct vfsmount * old_mnt, const char *to)
25033 + __u32 needmode = GR_CREATE | GR_LINK;
25034 + __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
25037 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
25040 + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
25041 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
25043 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
25044 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
25046 + } else if (unlikely((mode & needmode) != needmode))
25053 +gr_acl_handle_symlink(const struct dentry * new_dentry,
25054 + const struct dentry * parent_dentry,
25055 + const struct vfsmount * parent_mnt, const char *from)
25057 + __u32 needmode = GR_WRITE | GR_CREATE;
25061 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
25062 + GR_CREATE | GR_AUDIT_CREATE |
25063 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
25065 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
25066 + gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
25068 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
25069 + gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
25071 + } else if (unlikely((mode & needmode) != needmode))
25074 + return (GR_WRITE | GR_CREATE);
25077 +static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
25081 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
25083 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
25084 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
25086 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
25087 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
25089 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
25092 + return (reqmode);
25096 +gr_acl_handle_mknod(const struct dentry * new_dentry,
25097 + const struct dentry * parent_dentry,
25098 + const struct vfsmount * parent_mnt,
25101 + __u32 reqmode = GR_WRITE | GR_CREATE;
25102 + if (unlikely(mode & (S_ISUID | S_ISGID)))
25103 + reqmode |= GR_SETID;
25105 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
25106 + reqmode, GR_MKNOD_ACL_MSG);
25110 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
25111 + const struct dentry *parent_dentry,
25112 + const struct vfsmount *parent_mnt)
25114 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
25115 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
25118 +#define RENAME_CHECK_SUCCESS(old, new) \
25119 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
25120 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
25123 +gr_acl_handle_rename(struct dentry *new_dentry,
25124 + struct dentry *parent_dentry,
25125 + const struct vfsmount *parent_mnt,
25126 + struct dentry *old_dentry,
25127 + struct inode *old_parent_inode,
25128 + struct vfsmount *old_mnt, const char *newname)
25130 + __u8 gr_replace = 1;
25131 + __u32 comp1, comp2;
25134 + if (unlikely(!gr_acl_is_enabled()))
25137 + if (!new_dentry->d_inode) {
25140 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
25141 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
25142 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
25143 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
25144 + GR_DELETE | GR_AUDIT_DELETE |
25145 + GR_AUDIT_READ | GR_AUDIT_WRITE |
25146 + GR_SUPPRESS, old_mnt);
25148 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
25149 + GR_CREATE | GR_DELETE |
25150 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
25151 + GR_AUDIT_READ | GR_AUDIT_WRITE |
25152 + GR_SUPPRESS, parent_mnt);
25154 + gr_search_file(old_dentry,
25155 + GR_READ | GR_WRITE | GR_AUDIT_READ |
25156 + GR_DELETE | GR_AUDIT_DELETE |
25157 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
25160 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
25161 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
25162 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
25163 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
25164 + && !(comp2 & GR_SUPPRESS)) {
25165 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
25167 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
25173 + error = gr_handle_rename(old_parent_inode, parent_dentry->d_inode,
25174 + old_dentry, new_dentry, old_mnt, gr_replace);
25180 +gr_acl_handle_exit(void)
25184 + struct file *exec_file;
25186 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
25187 + id = current->acl_role_id;
25188 + rolename = current->role->rolename;
25190 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
25193 + write_lock(&grsec_exec_file_lock);
25194 + exec_file = current->exec_file;
25195 + current->exec_file = NULL;
25196 + write_unlock(&grsec_exec_file_lock);
25203 +gr_acl_handle_procpidmem(const struct task_struct *task)
25205 + if (unlikely(!gr_acl_is_enabled()))
25208 + if (task != current && task->acl->mode & GR_PROTPROCFD)
25213 diff -urNp linux-2.4.37.7/grsecurity/gracl_ip.c linux-2.4.37.7/grsecurity/gracl_ip.c
25214 --- linux-2.4.37.7/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
25215 +++ linux-2.4.37.7/grsecurity/gracl_ip.c 2009-11-10 19:30:27.000000000 -0500
25217 +#include <linux/kernel.h>
25218 +#include <asm/uaccess.h>
25219 +#include <asm/errno.h>
25220 +#include <net/sock.h>
25221 +#include <linux/file.h>
25222 +#include <linux/fs.h>
25223 +#include <linux/net.h>
25224 +#include <linux/in.h>
25225 +#include <linux/skbuff.h>
25226 +#include <linux/ip.h>
25227 +#include <linux/udp.h>
25228 +#include <linux/smp_lock.h>
25229 +#include <linux/types.h>
25230 +#include <linux/sched.h>
25231 +#include <linux/netdevice.h>
25232 +#include <linux/inetdevice.h>
25233 +#include <linux/gracl.h>
25234 +#include <linux/grsecurity.h>
25235 +#include <linux/grinternal.h>
25237 +#define GR_BIND 0x01
25238 +#define GR_CONNECT 0x02
25239 +#define GR_INVERT 0x04
25240 +#define GR_BINDOVERRIDE 0x08
25241 +#define GR_CONNECTOVERRIDE 0x10
25243 +static const char * gr_protocols[256] = {
25244 + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
25245 + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
25246 + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
25247 + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
25248 + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
25249 + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
25250 + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
25251 + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
25252 + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
25253 + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
25254 + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
25255 + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
25256 + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
25257 + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
25258 + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
25259 + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
25260 + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
25261 + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
25262 + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
25263 + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
25264 + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
25265 + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
25266 + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
25267 + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
25268 + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
25269 + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
25270 + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
25271 + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
25272 + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
25273 + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
25274 + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
25275 + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
25278 +static const char * gr_socktypes[11] = {
25279 + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
25280 + "unknown:7", "unknown:8", "unknown:9", "packet"
25284 +gr_proto_to_name(unsigned char proto)
25286 + return gr_protocols[proto];
25290 +gr_socktype_to_name(unsigned char type)
25292 + return gr_socktypes[type];
25296 +gr_search_socket(const int domain, const int type, const int protocol)
25298 + struct acl_subject_label *curr;
25300 + if (unlikely(!gr_acl_is_enabled()))
25303 + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
25304 + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
25305 + goto exit; // let the kernel handle it
25307 + curr = current->acl;
25312 + if ((curr->ip_type & (1 << type)) &&
25313 + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
25316 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
25317 + /* we don't place acls on raw sockets , and sometimes
25318 + dgram/ip sockets are opened for ioctl and not
25319 + bind/connect, so we'll fake a bind learn log */
25320 + if (type == SOCK_RAW || type == SOCK_PACKET) {
25321 + __u32 fakeip = 0;
25322 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
25323 + current->role->roletype, current->uid,
25324 + current->gid, current->exec_file ?
25325 + gr_to_filename(current->exec_file->f_dentry,
25326 + current->exec_file->f_vfsmnt) :
25327 + curr->filename, curr->filename,
25328 + NIPQUAD(fakeip), 0, type,
25329 + protocol, GR_CONNECT, NIPQUAD(current->curr_ip));
25330 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
25331 + __u32 fakeip = 0;
25332 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
25333 + current->role->roletype, current->uid,
25334 + current->gid, current->exec_file ?
25335 + gr_to_filename(current->exec_file->f_dentry,
25336 + current->exec_file->f_vfsmnt) :
25337 + curr->filename, curr->filename,
25338 + NIPQUAD(fakeip), 0, type,
25339 + protocol, GR_BIND, NIPQUAD(current->curr_ip));
25341 + /* we'll log when they use connect or bind */
25345 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet",
25346 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
25353 +int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
25355 + if ((ip->mode & mode) &&
25356 + (ip_port >= ip->low) &&
25357 + (ip_port <= ip->high) &&
25358 + ((ntohl(ip_addr) & our_netmask) ==
25359 + (ntohl(our_addr) & our_netmask))
25360 + && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
25361 + && (ip->type & (1 << type))) {
25362 + if (ip->mode & GR_INVERT)
25363 + return 2; // specifically denied
25365 + return 1; // allowed
25368 + return 0; // not specifically allowed, may continue parsing
25372 +gr_search_connectbind(const int full_mode, struct sock *sk,
25373 + struct sockaddr_in *addr, const int type)
25375 + char iface[IFNAMSIZ] = {0};
25376 + struct acl_subject_label *curr;
25377 + struct acl_ip_label *ip;
25378 + struct net_device *dev;
25379 + struct in_device *idev;
25382 + int mode = full_mode & (GR_BIND | GR_CONNECT);
25383 + __u32 ip_addr = 0;
25385 + __u32 our_netmask;
25387 + __u16 ip_port = 0;
25389 + if (unlikely(!gr_acl_is_enabled() || sk->family != PF_INET))
25392 + curr = current->acl;
25394 + /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
25395 + if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
25396 + addr->sin_addr.s_addr = curr->inaddr_any_override;
25397 + if ((full_mode & GR_CONNECTOVERRIDE) && sk->saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
25398 + struct sockaddr_in saddr;
25401 + saddr.sin_family = AF_INET;
25402 + saddr.sin_addr.s_addr = curr->inaddr_any_override;
25403 + saddr.sin_port = sk->sport;
25405 + err = sk->socket->ops->bind(sk->socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
25413 + ip_addr = addr->sin_addr.s_addr;
25414 + ip_port = ntohs(addr->sin_port);
25416 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
25417 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
25418 + current->role->roletype, current->uid,
25419 + current->gid, current->exec_file ?
25420 + gr_to_filename(current->exec_file->f_dentry,
25421 + current->exec_file->f_vfsmnt) :
25422 + curr->filename, curr->filename,
25423 + NIPQUAD(ip_addr), ip_port, type,
25424 + sk->protocol, mode, NIPQUAD(current->curr_ip));
25428 + for (i = 0; i < curr->ip_num; i++) {
25429 + ip = *(curr->ips + i);
25430 + if (ip->iface != NULL) {
25431 + strncpy(iface, ip->iface, IFNAMSIZ - 1);
25432 + p = strchr(iface, ':');
25435 + dev = dev_get_by_name(iface);
25438 + idev = in_dev_get(dev);
25439 + if (idev == NULL) {
25443 + read_lock(&idev->lock);
25445 + if (!strcmp(ip->iface, ifa->ifa_label)) {
25446 + our_addr = ifa->ifa_address;
25447 + our_netmask = 0xffffffff;
25448 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->protocol, mode, type, our_addr, our_netmask);
25450 + read_unlock(&idev->lock);
25451 + in_dev_put(idev);
25454 + } else if (ret == 2) {
25455 + read_unlock(&idev->lock);
25456 + in_dev_put(idev);
25461 + } endfor_ifa(idev);
25462 + read_unlock(&idev->lock);
25463 + in_dev_put(idev);
25466 + our_addr = ip->addr;
25467 + our_netmask = ip->netmask;
25468 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->protocol, mode, type, our_addr, our_netmask);
25471 + else if (ret == 2)
25477 + if (mode == GR_BIND)
25478 + gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->protocol));
25479 + else if (mode == GR_CONNECT)
25480 + gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->protocol));
25486 +gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
25488 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
25492 +gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
25494 + return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
25497 +int gr_search_listen(struct socket *sock)
25499 + struct sock *sk = sock->sk;
25500 + struct sockaddr_in addr;
25502 + addr.sin_addr.s_addr = sk->saddr;
25503 + addr.sin_port = sk->sport;
25505 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
25508 +int gr_search_accept(struct socket *sock)
25510 + struct sock *sk = sock->sk;
25511 + struct sockaddr_in addr;
25513 + addr.sin_addr.s_addr = sk->saddr;
25514 + addr.sin_port = sk->sport;
25516 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
25520 +gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
25523 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, addr, SOCK_DGRAM);
25525 + struct sockaddr_in sin;
25527 + sin.sin_addr.s_addr = sk->daddr;
25528 + sin.sin_port = sk->dport;
25530 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
25535 +gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
25537 + struct sockaddr_in sin;
25539 + if (unlikely(skb->len < sizeof (struct udphdr)))
25540 + return 0; // skip this packet
25542 + sin.sin_addr.s_addr = skb->nh.iph->saddr;
25543 + sin.sin_port = skb->h.uh->source;
25545 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
25547 diff -urNp linux-2.4.37.7/grsecurity/gracl_learn.c linux-2.4.37.7/grsecurity/gracl_learn.c
25548 --- linux-2.4.37.7/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
25549 +++ linux-2.4.37.7/grsecurity/gracl_learn.c 2009-11-10 19:30:27.000000000 -0500
25551 +#include <linux/kernel.h>
25552 +#include <linux/mm.h>
25553 +#include <linux/sched.h>
25554 +#include <linux/poll.h>
25555 +#include <linux/smp_lock.h>
25556 +#include <linux/string.h>
25557 +#include <linux/file.h>
25558 +#include <linux/types.h>
25559 +#include <linux/vmalloc.h>
25560 +#include <linux/grinternal.h>
25562 +extern ssize_t write_grsec_handler(struct file * file, const char * buf,
25563 + size_t count, loff_t *ppos);
25564 +extern int gr_acl_is_enabled(void);
25566 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
25567 +static int gr_learn_attached;
25569 +/* use a 512k buffer */
25570 +#define LEARN_BUFFER_SIZE (512 * 1024)
25572 +static spinlock_t gr_learn_lock = SPIN_LOCK_UNLOCKED;
25573 +static DECLARE_MUTEX(gr_learn_user_sem);
25575 +/* we need to maintain two buffers, so that the kernel context of grlearn
25576 + uses a semaphore around the userspace copying, and the other kernel contexts
25577 + use a spinlock when copying into the buffer, since they cannot sleep
25579 +static char *learn_buffer;
25580 +static char *learn_buffer_user;
25581 +static int learn_buffer_len;
25582 +static int learn_buffer_user_len;
25585 +read_learn(struct file *file, char * buf, size_t count, loff_t * ppos)
25587 + DECLARE_WAITQUEUE(wait, current);
25588 + ssize_t retval = 0;
25590 + add_wait_queue(&learn_wait, &wait);
25591 + set_current_state(TASK_INTERRUPTIBLE);
25593 + down(&gr_learn_user_sem);
25594 + spin_lock(&gr_learn_lock);
25595 + if (learn_buffer_len)
25597 + spin_unlock(&gr_learn_lock);
25598 + up(&gr_learn_user_sem);
25599 + if (file->f_flags & O_NONBLOCK) {
25600 + retval = -EAGAIN;
25603 + if (signal_pending(current)) {
25604 + retval = -ERESTARTSYS;
25611 + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
25612 + learn_buffer_user_len = learn_buffer_len;
25613 + retval = learn_buffer_len;
25614 + learn_buffer_len = 0;
25616 + spin_unlock(&gr_learn_lock);
25618 + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
25619 + retval = -EFAULT;
25621 + up(&gr_learn_user_sem);
25623 + set_current_state(TASK_RUNNING);
25624 + remove_wait_queue(&learn_wait, &wait);
25628 +static unsigned int
25629 +poll_learn(struct file * file, poll_table * wait)
25631 + poll_wait(file, &learn_wait, wait);
25633 + if (learn_buffer_len)
25634 + return (POLLIN | POLLRDNORM);
25640 +gr_clear_learn_entries(void)
25644 + down(&gr_learn_user_sem);
25645 + if (learn_buffer != NULL) {
25646 + spin_lock(&gr_learn_lock);
25647 + tmp = learn_buffer;
25648 + learn_buffer = NULL;
25649 + spin_unlock(&gr_learn_lock);
25650 + vfree(learn_buffer);
25652 + if (learn_buffer_user != NULL) {
25653 + vfree(learn_buffer_user);
25654 + learn_buffer_user = NULL;
25656 + learn_buffer_len = 0;
25657 + up(&gr_learn_user_sem);
25663 +gr_add_learn_entry(const char *fmt, ...)
25666 + unsigned int len;
25668 + if (!gr_learn_attached)
25671 + spin_lock(&gr_learn_lock);
25673 + /* leave a gap at the end so we know when it's "full" but don't have to
25674 + compute the exact length of the string we're trying to append
25676 + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
25677 + spin_unlock(&gr_learn_lock);
25678 + wake_up_interruptible(&learn_wait);
25681 + if (learn_buffer == NULL) {
25682 + spin_unlock(&gr_learn_lock);
25686 + va_start(args, fmt);
25687 + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
25690 + learn_buffer_len += len + 1;
25692 + spin_unlock(&gr_learn_lock);
25693 + wake_up_interruptible(&learn_wait);
25699 +open_learn(struct inode *inode, struct file *file)
25701 + if (file->f_mode & FMODE_READ && gr_learn_attached)
25703 + if (file->f_mode & FMODE_READ) {
25705 + down(&gr_learn_user_sem);
25706 + if (learn_buffer == NULL)
25707 + learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
25708 + if (learn_buffer_user == NULL)
25709 + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
25710 + if (learn_buffer == NULL) {
25711 + retval = -ENOMEM;
25714 + if (learn_buffer_user == NULL) {
25715 + retval = -ENOMEM;
25718 + learn_buffer_len = 0;
25719 + learn_buffer_user_len = 0;
25720 + gr_learn_attached = 1;
25722 + up(&gr_learn_user_sem);
25729 +close_learn(struct inode *inode, struct file *file)
25733 + if (file->f_mode & FMODE_READ) {
25734 + down(&gr_learn_user_sem);
25735 + if (learn_buffer != NULL) {
25736 + spin_lock(&gr_learn_lock);
25737 + tmp = learn_buffer;
25738 + learn_buffer = NULL;
25739 + spin_unlock(&gr_learn_lock);
25742 + if (learn_buffer_user != NULL) {
25743 + vfree(learn_buffer_user);
25744 + learn_buffer_user = NULL;
25746 + learn_buffer_len = 0;
25747 + learn_buffer_user_len = 0;
25748 + gr_learn_attached = 0;
25749 + up(&gr_learn_user_sem);
25755 +const struct file_operations grsec_fops = {
25756 + read: read_learn,
25757 + write: write_grsec_handler,
25758 + open: open_learn,
25759 + release: close_learn,
25760 + poll: poll_learn,
25762 diff -urNp linux-2.4.37.7/grsecurity/gracl_res.c linux-2.4.37.7/grsecurity/gracl_res.c
25763 --- linux-2.4.37.7/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
25764 +++ linux-2.4.37.7/grsecurity/gracl_res.c 2009-11-10 19:30:27.000000000 -0500
25766 +#include <linux/kernel.h>
25767 +#include <linux/sched.h>
25768 +#include <linux/gracl.h>
25769 +#include <linux/grinternal.h>
25771 +static const char *restab_log[] = {
25772 + [RLIMIT_CPU] = "RLIMIT_CPU",
25773 + [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
25774 + [RLIMIT_DATA] = "RLIMIT_DATA",
25775 + [RLIMIT_STACK] = "RLIMIT_STACK",
25776 + [RLIMIT_CORE] = "RLIMIT_CORE",
25777 + [RLIMIT_RSS] = "RLIMIT_RSS",
25778 + [RLIMIT_NPROC] = "RLIMIT_NPROC",
25779 + [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
25780 + [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
25781 + [RLIMIT_AS] = "RLIMIT_AS",
25782 + [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
25783 + [GR_CRASH_RES] = "RLIMIT_CRASH"
25787 +gr_log_resource(const struct task_struct *task,
25788 + const int res, const unsigned long wanted, const int gt)
25790 + if (unlikely(res == RLIMIT_NPROC &&
25791 + (cap_raised(task->cap_effective, CAP_SYS_ADMIN) ||
25792 + cap_raised(task->cap_effective, CAP_SYS_RESOURCE))))
25795 + // not yet supported resources
25796 + if (!restab_log[res])
25799 + if (unlikely(((gt && wanted > task->rlim[res].rlim_cur) ||
25800 + (!gt && wanted >= task->rlim[res].rlim_cur)) &&
25801 + task->rlim[res].rlim_cur != RLIM_INFINITY))
25802 + if (gr_acl_is_enabled() || grsec_resource_logging)
25803 + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->rlim[res].rlim_cur);
25806 diff -urNp linux-2.4.37.7/grsecurity/gracl_segv.c linux-2.4.37.7/grsecurity/gracl_segv.c
25807 --- linux-2.4.37.7/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
25808 +++ linux-2.4.37.7/grsecurity/gracl_segv.c 2009-11-10 19:30:27.000000000 -0500
25810 +#include <linux/kernel.h>
25811 +#include <linux/mm.h>
25812 +#include <asm/uaccess.h>
25813 +#include <asm/errno.h>
25814 +#include <asm/mman.h>
25815 +#include <net/sock.h>
25816 +#include <linux/file.h>
25817 +#include <linux/fs.h>
25818 +#include <linux/net.h>
25819 +#include <linux/in.h>
25820 +#include <linux/smp_lock.h>
25821 +#include <linux/slab.h>
25822 +#include <linux/types.h>
25823 +#include <linux/sched.h>
25824 +#include <linux/timer.h>
25825 +#include <linux/gracl.h>
25826 +#include <linux/grsecurity.h>
25827 +#include <linux/grinternal.h>
25829 +static struct crash_uid *uid_set;
25830 +static unsigned short uid_used;
25831 +static spinlock_t gr_uid_lock = SPIN_LOCK_UNLOCKED;
25832 +extern rwlock_t gr_inode_lock;
25833 +extern struct acl_subject_label *
25834 + lookup_acl_subj_label(const ino_t inode, const __u32 dev,
25835 + struct acl_role_label *role);
25838 +gr_init_uidset(void)
25841 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
25844 + return uid_set ? 1 : 0;
25848 +gr_free_uidset(void)
25857 +gr_find_uid(const uid_t uid)
25859 + struct crash_uid *tmp = uid_set;
25861 + int low = 0, high = uid_used - 1, mid;
25863 + while (high >= low) {
25864 + mid = (low + high) >> 1;
25865 + buid = tmp[mid].uid;
25877 +static __inline__ void
25878 +gr_insertsort(void)
25880 + unsigned short i, j;
25881 + struct crash_uid index;
25883 + for (i = 1; i < uid_used; i++) {
25884 + index = uid_set[i];
25886 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
25887 + uid_set[j] = uid_set[j - 1];
25890 + uid_set[j] = index;
25896 +static __inline__ void
25897 +gr_insert_uid(const uid_t uid, const unsigned long expires)
25901 + if (uid_used == GR_UIDTABLE_MAX)
25904 + loc = gr_find_uid(uid);
25907 + uid_set[loc].expires = expires;
25911 + uid_set[uid_used].uid = uid;
25912 + uid_set[uid_used].expires = expires;
25921 +gr_remove_uid(const unsigned short loc)
25923 + unsigned short i;
25925 + for (i = loc + 1; i < uid_used; i++)
25926 + uid_set[i - 1] = uid_set[i];
25934 +gr_check_crash_uid(const uid_t uid)
25939 + if (unlikely(!gr_acl_is_enabled()))
25942 + spin_lock(&gr_uid_lock);
25943 + loc = gr_find_uid(uid);
25948 + if (time_before_eq(uid_set[loc].expires, jiffies))
25949 + gr_remove_uid(loc);
25954 + spin_unlock(&gr_uid_lock);
25958 +static __inline__ int
25959 +proc_is_setxid(const struct task_struct *task)
25961 + if (task->uid != task->euid || task->uid != task->suid ||
25962 + task->uid != task->fsuid)
25964 + if (task->gid != task->egid || task->gid != task->sgid ||
25965 + task->gid != task->fsgid)
25970 +static __inline__ int
25971 +gr_fake_force_sig(int sig, struct task_struct *t)
25973 + unsigned long int flags;
25975 + spin_lock_irqsave(&t->sigmask_lock, flags);
25976 + if (t->sig == NULL) {
25977 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
25981 + if (t->sig->action[sig - 1].sa.sa_handler == SIG_IGN)
25982 + t->sig->action[sig - 1].sa.sa_handler = SIG_DFL;
25983 + sigdelset(&t->blocked, sig);
25984 + recalc_sigpending(t);
25985 + spin_unlock_irqrestore(&t->sigmask_lock, flags);
25987 + return send_sig_info(sig, (void *) 1L, t);
25991 +gr_handle_crash(struct task_struct *task, const int sig)
25993 + struct acl_subject_label *curr;
25994 + struct acl_subject_label *curr2;
25995 + struct task_struct *tsk;
25997 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
26000 + if (unlikely(!gr_acl_is_enabled()))
26003 + curr = task->acl;
26005 + if (!(curr->resmask & (1 << GR_CRASH_RES)))
26008 + if (time_before_eq(curr->expires, jiffies)) {
26009 + curr->expires = 0;
26010 + curr->crashes = 0;
26015 + if (!curr->expires)
26016 + curr->expires = jiffies + curr->res[GR_CRASH_RES].rlim_max;
26018 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
26019 + time_after(curr->expires, jiffies)) {
26020 + if (task->uid && proc_is_setxid(task)) {
26021 + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max / HZ);
26022 + spin_lock(&gr_uid_lock);
26023 + gr_insert_uid(task->uid, curr->expires);
26024 + spin_unlock(&gr_uid_lock);
26025 + curr->expires = 0;
26026 + curr->crashes = 0;
26027 + read_lock(&tasklist_lock);
26028 + for_each_task(tsk) {
26029 + if (tsk != task && tsk->uid == task->uid)
26030 + gr_fake_force_sig(SIGKILL, tsk);
26032 + read_unlock(&tasklist_lock);
26034 + gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, kdevname(curr->device), curr->inode, curr->res[GR_CRASH_RES].rlim_max / HZ);
26035 + read_lock(&tasklist_lock);
26036 + for_each_task(tsk) {
26037 + if (likely(tsk != task)) {
26038 + curr2 = tsk->acl;
26040 + if (curr2->device == curr->device &&
26041 + curr2->inode == curr->inode)
26042 + gr_fake_force_sig(SIGKILL, tsk);
26045 + read_unlock(&tasklist_lock);
26053 +gr_check_crash_exec(const struct file *filp)
26055 + struct acl_subject_label *curr;
26057 + if (unlikely(!gr_acl_is_enabled()))
26060 + read_lock(&gr_inode_lock);
26061 + curr = lookup_acl_subj_label(filp->f_dentry->d_inode->i_ino,
26062 + filp->f_dentry->d_inode->i_dev,
26064 + read_unlock(&gr_inode_lock);
26066 + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
26067 + (!curr->crashes && !curr->expires))
26070 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
26071 + time_after(curr->expires, jiffies))
26073 + else if (time_before_eq(curr->expires, jiffies)) {
26074 + curr->crashes = 0;
26075 + curr->expires = 0;
26082 +gr_handle_alertkill(struct task_struct *task)
26084 + struct acl_subject_label *curracl;
26085 + struct task_struct *p;
26088 + if (unlikely(!gr_acl_is_enabled()))
26091 + curracl = task->acl;
26092 + curr_ip = task->curr_ip;
26094 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
26095 + read_lock(&tasklist_lock);
26096 + for_each_task(p) {
26097 + if (p->curr_ip == curr_ip)
26098 + gr_fake_force_sig(SIGKILL, p);
26100 + read_unlock(&tasklist_lock);
26101 + } else if (curracl->mode & GR_KILLPROC)
26102 + gr_fake_force_sig(SIGKILL, task);
26106 diff -urNp linux-2.4.37.7/grsecurity/gracl_shm.c linux-2.4.37.7/grsecurity/gracl_shm.c
26107 --- linux-2.4.37.7/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
26108 +++ linux-2.4.37.7/grsecurity/gracl_shm.c 2009-11-10 19:30:27.000000000 -0500
26110 +#include <linux/kernel.h>
26111 +#include <linux/mm.h>
26112 +#include <linux/sched.h>
26113 +#include <linux/file.h>
26114 +#include <linux/ipc.h>
26115 +#include <linux/gracl.h>
26116 +#include <linux/grsecurity.h>
26117 +#include <linux/grinternal.h>
26120 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
26121 + const time_t shm_createtime, const uid_t cuid, const int shmid)
26123 + struct task_struct *task;
26125 + if (!gr_acl_is_enabled())
26128 + read_lock(&tasklist_lock);
26130 + task = find_task_by_pid(shm_cprid);
26132 + if (unlikely(!task))
26133 + task = find_task_by_pid(shm_lapid);
26135 + if (unlikely(task && (time_before((unsigned long)task->start_time, (unsigned long)shm_createtime) ||
26136 + (task->pid == shm_lapid)) &&
26137 + (task->acl->mode & GR_PROTSHM) &&
26138 + (task->acl != current->acl))) {
26139 + read_unlock(&tasklist_lock);
26140 + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
26143 + read_unlock(&tasklist_lock);
26147 diff -urNp linux-2.4.37.7/grsecurity/grsec_chdir.c linux-2.4.37.7/grsecurity/grsec_chdir.c
26148 --- linux-2.4.37.7/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
26149 +++ linux-2.4.37.7/grsecurity/grsec_chdir.c 2009-11-10 19:30:27.000000000 -0500
26151 +#include <linux/kernel.h>
26152 +#include <linux/sched.h>
26153 +#include <linux/fs.h>
26154 +#include <linux/file.h>
26155 +#include <linux/grsecurity.h>
26156 +#include <linux/grinternal.h>
26159 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
26161 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
26162 + if ((grsec_enable_chdir && grsec_enable_group &&
26163 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
26164 + !grsec_enable_group)) {
26165 + gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
26170 diff -urNp linux-2.4.37.7/grsecurity/grsec_chroot.c linux-2.4.37.7/grsecurity/grsec_chroot.c
26171 --- linux-2.4.37.7/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
26172 +++ linux-2.4.37.7/grsecurity/grsec_chroot.c 2009-11-10 19:30:27.000000000 -0500
26174 +#include <linux/kernel.h>
26175 +#include <linux/sched.h>
26176 +#include <linux/file.h>
26177 +#include <linux/fs.h>
26178 +#include <linux/types.h>
26179 +#include <linux/grinternal.h>
26182 +gr_handle_chroot_unix(const pid_t pid)
26184 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
26185 + struct task_struct *p, **htable;
26187 + if (unlikely(!grsec_enable_chroot_unix))
26190 + if (likely(!proc_is_chrooted(current)))
26193 + read_lock(&tasklist_lock);
26195 + htable = &pidhash[pid_hashfn(pid)];
26197 + for (p = *htable; p && p->pid != pid; p = p->pidhash_next) ;
26201 + if (!have_same_root(current, p)) {
26203 + read_unlock(&tasklist_lock);
26204 + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
26210 + read_unlock(&tasklist_lock);
26216 +gr_handle_chroot_nice(void)
26218 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
26219 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
26220 + gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
26228 +gr_handle_chroot_setpriority(const struct task_struct *p, const int niceval)
26230 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
26231 + if (grsec_enable_chroot_nice && (niceval < p->nice)
26232 + && proc_is_chrooted(current)) {
26233 + gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
26241 +gr_handle_chroot_rawio(const struct inode *inode)
26243 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
26244 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
26245 + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
26252 +gr_pid_is_chrooted(struct task_struct *p)
26254 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
26255 + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || !p)
26259 + if ((p->state == TASK_ZOMBIE) || !have_same_root(current, p)) {
26268 +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
26269 +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
26271 + struct dentry *dentry = (struct dentry *)u_dentry;
26272 + struct vfsmount *mnt = (struct vfsmount *)u_mnt;
26273 + struct dentry *realroot;
26274 + struct vfsmount *realrootmnt;
26275 + struct dentry *currentroot;
26276 + struct vfsmount *currentmnt;
26279 + read_lock(&child_reaper->fs->lock);
26280 + realrootmnt = mntget(child_reaper->fs->rootmnt);
26281 + realroot = dget(child_reaper->fs->root);
26282 + read_unlock(&child_reaper->fs->lock);
26284 + read_lock(¤t->fs->lock);
26285 + currentmnt = mntget(current->fs->rootmnt);
26286 + currentroot = dget(current->fs->root);
26287 + read_unlock(¤t->fs->lock);
26289 + spin_lock(&dcache_lock);
26291 + if (unlikely((dentry == realroot && mnt == realrootmnt)
26292 + || (dentry == currentroot && mnt == currentmnt)))
26294 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
26295 + if (mnt->mnt_parent == mnt)
26297 + dentry = mnt->mnt_mountpoint;
26298 + mnt = mnt->mnt_parent;
26301 + dentry = dentry->d_parent;
26303 + spin_unlock(&dcache_lock);
26305 + dput(currentroot);
26306 + mntput(currentmnt);
26308 + /* access is outside of chroot */
26309 + if (dentry == realroot && mnt == realrootmnt)
26313 + mntput(realrootmnt);
26320 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
26322 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
26323 + if (!grsec_enable_chroot_fchdir)
26326 + if (!proc_is_chrooted(current))
26328 + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
26329 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
26337 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
26338 + const time_t shm_createtime)
26340 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
26341 + struct task_struct *p, **htable;
26343 + if (unlikely(!grsec_enable_chroot_shmat))
26346 + if (likely(!proc_is_chrooted(current)))
26349 + read_lock(&tasklist_lock);
26351 + htable = &pidhash[pid_hashfn(shm_cprid)];
26353 + for (p = *htable; p && p->pid != shm_cprid; p = p->pidhash_next) ;
26357 + if (!have_same_root(current, p) &&
26358 + time_before_eq(p->start_time, shm_createtime)) {
26360 + read_unlock(&tasklist_lock);
26361 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
26366 + htable = &pidhash[pid_hashfn(shm_lapid)];
26367 + for (p = *htable; p && p->pid != shm_lapid;
26368 + p = p->pidhash_next) ;
26372 + if (!have_same_root(current, p)) {
26374 + read_unlock(&tasklist_lock);
26375 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
26382 + read_unlock(&tasklist_lock);
26388 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
26390 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
26391 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
26392 + gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
26398 +gr_handle_chroot_mknod(const struct dentry *dentry,
26399 + const struct vfsmount *mnt, const int mode)
26401 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
26402 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) &&
26403 + proc_is_chrooted(current)) {
26404 + gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
26412 +gr_handle_chroot_mount(const struct dentry *dentry,
26413 + const struct vfsmount *mnt, const char *dev_name)
26415 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
26416 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
26417 + gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
26425 +gr_handle_chroot_pivot(void)
26427 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
26428 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
26429 + gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
26437 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
26439 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
26440 + if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
26441 + !gr_is_outside_chroot(dentry, mnt)) {
26442 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
26450 +gr_handle_chroot_caps(struct task_struct *task)
26452 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
26453 + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
26454 + task->cap_permitted =
26455 + cap_drop(task->cap_permitted, GR_CHROOT_CAPS);
26456 + task->cap_inheritable =
26457 + cap_drop(task->cap_inheritable, GR_CHROOT_CAPS);
26458 + task->cap_effective =
26459 + cap_drop(task->cap_effective, GR_CHROOT_CAPS);
26466 +gr_handle_chroot_sysctl(const int op)
26468 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
26469 + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
26477 +gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt)
26479 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
26480 + if (grsec_enable_chroot_chdir)
26481 + set_fs_pwd(current->fs, mnt, dentry);
26487 +gr_handle_chroot_chmod(const struct dentry *dentry,
26488 + const struct vfsmount *mnt, const int mode)
26490 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
26491 + if (grsec_enable_chroot_chmod &&
26492 + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
26493 + proc_is_chrooted(current)) {
26494 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
26501 diff -urNp linux-2.4.37.7/grsecurity/grsec_disabled.c linux-2.4.37.7/grsecurity/grsec_disabled.c
26502 --- linux-2.4.37.7/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
26503 +++ linux-2.4.37.7/grsecurity/grsec_disabled.c 2009-11-10 19:30:27.000000000 -0500
26505 +#include <linux/kernel.h>
26506 +#include <linux/config.h>
26507 +#include <linux/sched.h>
26508 +#include <linux/file.h>
26509 +#include <linux/fs.h>
26510 +#include <linux/net.h>
26511 +#include <linux/in.h>
26512 +#include <linux/ip.h>
26513 +#include <linux/skbuff.h>
26514 +#include <linux/sysctl.h>
26516 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
26518 +pax_set_initial_flags(struct linux_binprm *bprm)
26524 +#ifdef CONFIG_SYSCTL
26526 +gr_handle_sysctl(const struct ctl_table * table, const void *oldval, const void *newval)
26533 +gr_acl_is_enabled(void)
26539 +gr_handle_rawio(const struct inode *inode)
26545 +gr_acl_handle_psacct(struct task_struct *task, const long code)
26551 +gr_handle_ptrace(struct task_struct *task, const long request)
26557 +gr_handle_proc_ptrace(struct task_struct *task)
26563 +gr_learn_resource(const struct task_struct *task,
26564 + const int res, const unsigned long wanted, const int gt)
26570 +gr_set_acls(const int type)
26576 +gr_check_hidden_task(const struct task_struct *tsk)
26582 +gr_check_protected_task(const struct task_struct *task)
26588 +gr_copy_label(struct task_struct *tsk)
26594 +gr_set_pax_flags(struct task_struct *task)
26600 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt)
26606 +gr_handle_delete(const ino_t ino, const __u32 dev)
26612 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
26618 +gr_handle_crash(struct task_struct *task, const int sig)
26624 +gr_check_crash_exec(const struct file *filp)
26630 +gr_check_crash_uid(const uid_t uid)
26636 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
26637 + struct dentry *old_dentry,
26638 + struct dentry *new_dentry,
26639 + struct vfsmount *mnt, const __u8 replace)
26645 +gr_search_socket(const int family, const int type, const int protocol)
26651 +gr_search_connectbind(const int mode, const struct socket *sock,
26652 + const struct sockaddr_in *addr)
26658 +gr_task_is_capable(struct task_struct *task, const int cap)
26664 +gr_handle_alertkill(struct task_struct *task)
26670 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
26676 +gr_acl_handle_hidden_file(const struct dentry * dentry,
26677 + const struct vfsmount * mnt)
26683 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
26690 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
26696 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
26702 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
26703 + unsigned int *vm_flags)
26709 +gr_acl_handle_truncate(const struct dentry * dentry,
26710 + const struct vfsmount * mnt)
26716 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
26722 +gr_acl_handle_access(const struct dentry * dentry,
26723 + const struct vfsmount * mnt, const int fmode)
26729 +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
26736 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
26743 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
26749 +grsecurity_init(void)
26755 +gr_acl_handle_mknod(const struct dentry * new_dentry,
26756 + const struct dentry * parent_dentry,
26757 + const struct vfsmount * parent_mnt,
26764 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
26765 + const struct dentry * parent_dentry,
26766 + const struct vfsmount * parent_mnt)
26772 +gr_acl_handle_symlink(const struct dentry * new_dentry,
26773 + const struct dentry * parent_dentry,
26774 + const struct vfsmount * parent_mnt, const char *from)
26780 +gr_acl_handle_link(const struct dentry * new_dentry,
26781 + const struct dentry * parent_dentry,
26782 + const struct vfsmount * parent_mnt,
26783 + const struct dentry * old_dentry,
26784 + const struct vfsmount * old_mnt, const char *to)
26790 +gr_acl_handle_rename(const struct dentry *new_dentry,
26791 + const struct dentry *parent_dentry,
26792 + const struct vfsmount *parent_mnt,
26793 + const struct dentry *old_dentry,
26794 + const struct inode *old_parent_inode,
26795 + const struct vfsmount *old_mnt, const char *newname)
26801 +gr_acl_handle_filldir(const struct file *file, const char *name,
26802 + const int namelen, const ino_t ino)
26808 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
26809 + const time_t shm_createtime, const uid_t cuid, const int shmid)
26815 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
26821 +gr_search_accept(const struct socket *sock)
26827 +gr_search_listen(const struct socket *sock)
26833 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
26839 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
26845 +gr_acl_handle_creat(const struct dentry * dentry,
26846 + const struct dentry * p_dentry,
26847 + const struct vfsmount * p_mnt, const int fmode,
26854 +gr_acl_handle_exit(void)
26860 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
26866 +gr_set_role_label(const uid_t uid, const gid_t gid)
26872 +gr_acl_handle_procpidmem(const struct task_struct *task)
26878 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
26884 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
26890 +gr_set_kernel_label(struct task_struct *task)
26896 +gr_check_user_change(int real, int effective, int fs)
26902 +gr_check_group_change(int real, int effective, int fs)
26906 diff -urNp linux-2.4.37.7/grsecurity/grsec_exec.c linux-2.4.37.7/grsecurity/grsec_exec.c
26907 --- linux-2.4.37.7/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
26908 +++ linux-2.4.37.7/grsecurity/grsec_exec.c 2009-11-10 19:30:27.000000000 -0500
26910 +#include <linux/kernel.h>
26911 +#include <linux/sched.h>
26912 +#include <linux/file.h>
26913 +#include <linux/smp_lock.h>
26914 +#include <linux/fs.h>
26915 +#include <linux/types.h>
26916 +#include <linux/grdefs.h>
26917 +#include <linux/grinternal.h>
26918 +#include <linux/capability.h>
26920 +#include <asm/uaccess.h>
26922 +#ifdef CONFIG_GRKERNSEC_EXECLOG
26923 +static char gr_exec_arg_buf[132];
26924 +static DECLARE_MUTEX(gr_exec_arg_sem);
26928 +gr_handle_nproc(void)
26930 +#ifdef CONFIG_GRKERNSEC_EXECVE
26931 + if (grsec_enable_execve && current->user &&
26932 + (atomic_read(¤t->user->processes) >
26933 + current->rlim[RLIMIT_NPROC].rlim_cur) &&
26934 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
26935 + gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
26943 +gr_handle_exec_args(struct linux_binprm *bprm, char **argv)
26945 +#ifdef CONFIG_GRKERNSEC_EXECLOG
26946 + char *grarg = gr_exec_arg_buf;
26947 + unsigned int i, x, execlen = 0;
26950 + if (!((grsec_enable_execlog && grsec_enable_group &&
26951 + in_group_p(grsec_audit_gid))
26952 + || (grsec_enable_execlog && !grsec_enable_group)))
26955 + down(&gr_exec_arg_sem);
26956 + memset(grarg, 0, sizeof(gr_exec_arg_buf));
26958 + if (unlikely(argv == NULL))
26961 + for (i = 0; i < bprm->argc && execlen < 128; i++) {
26963 + unsigned int len;
26965 + if (copy_from_user(&p, argv + i, sizeof(p)))
26969 + len = strnlen_user(p, 128 - execlen);
26970 + if (len > 128 - execlen)
26971 + len = 128 - execlen;
26972 + else if (len > 0)
26974 + if (copy_from_user(grarg + execlen, p, len))
26977 + /* rewrite unprintable characters */
26978 + for (x = 0; x < len; x++) {
26979 + c = *(grarg + execlen + x);
26980 + if (c < 32 || c > 126)
26981 + *(grarg + execlen + x) = ' ';
26985 + *(grarg + execlen) = ' ';
26986 + *(grarg + execlen + 1) = '\0';
26991 + gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_dentry,
26992 + bprm->file->f_vfsmnt, grarg);
26993 + up(&gr_exec_arg_sem);
26997 diff -urNp linux-2.4.37.7/grsecurity/grsec_fifo.c linux-2.4.37.7/grsecurity/grsec_fifo.c
26998 --- linux-2.4.37.7/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
26999 +++ linux-2.4.37.7/grsecurity/grsec_fifo.c 2009-11-10 19:30:27.000000000 -0500
27001 +#include <linux/kernel.h>
27002 +#include <linux/sched.h>
27003 +#include <linux/fs.h>
27004 +#include <linux/file.h>
27005 +#include <linux/grinternal.h>
27008 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
27009 + const struct dentry *dir, const int flag, const int acc_mode)
27011 +#ifdef CONFIG_GRKERNSEC_FIFO
27012 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
27013 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
27014 + (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
27015 + (current->fsuid != dentry->d_inode->i_uid)) {
27016 + if (!permission(dentry->d_inode, acc_mode))
27017 + gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
27023 diff -urNp linux-2.4.37.7/grsecurity/grsec_fork.c linux-2.4.37.7/grsecurity/grsec_fork.c
27024 --- linux-2.4.37.7/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
27025 +++ linux-2.4.37.7/grsecurity/grsec_fork.c 2009-11-10 19:30:27.000000000 -0500
27027 +#include <linux/kernel.h>
27028 +#include <linux/sched.h>
27029 +#include <linux/grsecurity.h>
27030 +#include <linux/grinternal.h>
27033 +gr_log_forkfail(const int retval)
27035 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
27036 + if (grsec_enable_forkfail)
27037 + gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval);
27041 diff -urNp linux-2.4.37.7/grsecurity/grsec_init.c linux-2.4.37.7/grsecurity/grsec_init.c
27042 --- linux-2.4.37.7/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
27043 +++ linux-2.4.37.7/grsecurity/grsec_init.c 2009-11-10 19:30:27.000000000 -0500
27045 +#include <linux/kernel.h>
27046 +#include <linux/sched.h>
27047 +#include <linux/mm.h>
27048 +#include <linux/smp_lock.h>
27049 +#include <linux/gracl.h>
27050 +#include <linux/slab.h>
27051 +#include <linux/vmalloc.h>
27053 +int grsec_enable_shm;
27054 +int grsec_enable_link;
27055 +int grsec_enable_dmesg;
27056 +int grsec_enable_fifo;
27057 +int grsec_enable_execve;
27058 +int grsec_enable_execlog;
27059 +int grsec_enable_signal;
27060 +int grsec_enable_forkfail;
27061 +int grsec_enable_time;
27062 +int grsec_enable_audit_textrel;
27063 +int grsec_enable_group;
27064 +int grsec_audit_gid;
27065 +int grsec_enable_chdir;
27066 +int grsec_enable_audit_ipc;
27067 +int grsec_enable_mount;
27068 +int grsec_enable_chroot_findtask;
27069 +int grsec_enable_chroot_mount;
27070 +int grsec_enable_chroot_shmat;
27071 +int grsec_enable_chroot_fchdir;
27072 +int grsec_enable_chroot_double;
27073 +int grsec_enable_chroot_pivot;
27074 +int grsec_enable_chroot_chdir;
27075 +int grsec_enable_chroot_chmod;
27076 +int grsec_enable_chroot_mknod;
27077 +int grsec_enable_chroot_nice;
27078 +int grsec_enable_chroot_execlog;
27079 +int grsec_enable_chroot_caps;
27080 +int grsec_enable_chroot_sysctl;
27081 +int grsec_enable_chroot_unix;
27082 +int grsec_enable_tpe;
27083 +int grsec_tpe_gid;
27084 +int grsec_enable_tpe_all;
27085 +int grsec_enable_socket_all;
27086 +int grsec_socket_all_gid;
27087 +int grsec_enable_socket_client;
27088 +int grsec_socket_client_gid;
27089 +int grsec_enable_socket_server;
27090 +int grsec_socket_server_gid;
27092 +int grsec_resource_logging;
27094 +spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
27095 +unsigned long grsec_alert_wtime = 0;
27096 +unsigned long grsec_alert_fyet = 0;
27098 +spinlock_t grsec_audit_lock = SPIN_LOCK_UNLOCKED;
27100 +rwlock_t grsec_exec_file_lock = RW_LOCK_UNLOCKED;
27102 +char *gr_shared_page[4][NR_CPUS];
27104 +char *gr_alert_log_fmt;
27105 +char *gr_audit_log_fmt;
27106 +char *gr_alert_log_buf;
27107 +char *gr_audit_log_buf;
27109 +extern struct gr_arg *gr_usermode;
27110 +extern unsigned char *gr_system_salt;
27111 +extern unsigned char *gr_system_sum;
27114 +grsecurity_init(void)
27118 + /* create the per-cpu shared pages */
27121 + memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
27124 + for (j = 0; j < 4; j++) {
27125 + for (i = 0; i < NR_CPUS; i++) {
27126 + gr_shared_page[j][i] = (char *) get_zeroed_page(GFP_KERNEL);
27127 + if (!gr_shared_page[j][i]) {
27128 + panic("Unable to allocate grsecurity shared page");
27134 + /* allocate log buffers */
27135 + gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
27136 + if (!gr_alert_log_fmt) {
27137 + panic("Unable to allocate grsecurity alert log format buffer");
27140 + gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
27141 + if (!gr_audit_log_fmt) {
27142 + panic("Unable to allocate grsecurity audit log format buffer");
27145 + gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
27146 + if (!gr_alert_log_buf) {
27147 + panic("Unable to allocate grsecurity alert log buffer");
27150 + gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
27151 + if (!gr_audit_log_buf) {
27152 + panic("Unable to allocate grsecurity audit log buffer");
27156 + /* allocate memory for authentication structure */
27157 + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
27158 + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
27159 + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
27161 + if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
27162 + panic("Unable to allocate grsecurity authentication structure");
27166 +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
27167 +#ifndef CONFIG_GRKERNSEC_SYSCTL
27170 +#ifdef CONFIG_GRKERNSEC_SHM
27171 + grsec_enable_shm = 1;
27173 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
27174 + grsec_enable_audit_textrel = 1;
27176 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
27177 + grsec_enable_group = 1;
27178 + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
27180 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
27181 + grsec_enable_chdir = 1;
27183 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27184 + grsec_enable_audit_ipc = 1;
27186 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
27187 + grsec_enable_mount = 1;
27189 +#ifdef CONFIG_GRKERNSEC_LINK
27190 + grsec_enable_link = 1;
27192 +#ifdef CONFIG_GRKERNSEC_DMESG
27193 + grsec_enable_dmesg = 1;
27195 +#ifdef CONFIG_GRKERNSEC_FIFO
27196 + grsec_enable_fifo = 1;
27198 +#ifdef CONFIG_GRKERNSEC_EXECVE
27199 + grsec_enable_execve = 1;
27201 +#ifdef CONFIG_GRKERNSEC_EXECLOG
27202 + grsec_enable_execlog = 1;
27204 +#ifdef CONFIG_GRKERNSEC_SIGNAL
27205 + grsec_enable_signal = 1;
27207 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
27208 + grsec_enable_forkfail = 1;
27210 +#ifdef CONFIG_GRKERNSEC_TIME
27211 + grsec_enable_time = 1;
27213 +#ifdef CONFIG_GRKERNSEC_RELOG
27214 + grsec_resource_logging = 1;
27216 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
27217 + grsec_enable_chroot_findtask = 1;
27219 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
27220 + grsec_enable_chroot_unix = 1;
27222 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
27223 + grsec_enable_chroot_mount = 1;
27225 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
27226 + grsec_enable_chroot_fchdir = 1;
27228 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
27229 + grsec_enable_chroot_shmat = 1;
27231 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
27232 + grsec_enable_chroot_double = 1;
27234 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
27235 + grsec_enable_chroot_pivot = 1;
27237 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
27238 + grsec_enable_chroot_chdir = 1;
27240 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
27241 + grsec_enable_chroot_chmod = 1;
27243 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
27244 + grsec_enable_chroot_mknod = 1;
27246 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
27247 + grsec_enable_chroot_nice = 1;
27249 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
27250 + grsec_enable_chroot_execlog = 1;
27252 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
27253 + grsec_enable_chroot_caps = 1;
27255 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
27256 + grsec_enable_chroot_sysctl = 1;
27258 +#ifdef CONFIG_GRKERNSEC_TPE
27259 + grsec_enable_tpe = 1;
27260 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
27261 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
27262 + grsec_enable_tpe_all = 1;
27265 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
27266 + grsec_enable_socket_all = 1;
27267 + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
27269 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
27270 + grsec_enable_socket_client = 1;
27271 + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
27273 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
27274 + grsec_enable_socket_server = 1;
27275 + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
27281 diff -urNp linux-2.4.37.7/grsecurity/grsec_ipc.c linux-2.4.37.7/grsecurity/grsec_ipc.c
27282 --- linux-2.4.37.7/grsecurity/grsec_ipc.c 1969-12-31 19:00:00.000000000 -0500
27283 +++ linux-2.4.37.7/grsecurity/grsec_ipc.c 2009-11-10 19:30:27.000000000 -0500
27285 +#include <linux/kernel.h>
27286 +#include <linux/sched.h>
27287 +#include <linux/types.h>
27288 +#include <linux/ipc.h>
27289 +#include <linux/grsecurity.h>
27290 +#include <linux/grinternal.h>
27293 +gr_log_msgget(const int ret, const int msgflg)
27295 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27296 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
27297 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
27298 + !grsec_enable_group)) && (ret >= 0)
27299 + && (msgflg & IPC_CREAT))
27300 + gr_log_noargs(GR_DO_AUDIT, GR_MSGQ_AUDIT_MSG);
27306 +gr_log_msgrm(const uid_t uid, const uid_t cuid)
27308 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27309 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
27310 + grsec_enable_audit_ipc) ||
27311 + (grsec_enable_audit_ipc && !grsec_enable_group))
27312 + gr_log_int_int(GR_DO_AUDIT, GR_MSGQR_AUDIT_MSG, uid, cuid);
27318 +gr_log_semget(const int err, const int semflg)
27320 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27321 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
27322 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
27323 + !grsec_enable_group)) && (err >= 0)
27324 + && (semflg & IPC_CREAT))
27325 + gr_log_noargs(GR_DO_AUDIT, GR_SEM_AUDIT_MSG);
27331 +gr_log_semrm(const uid_t uid, const uid_t cuid)
27333 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27334 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
27335 + grsec_enable_audit_ipc) ||
27336 + (grsec_enable_audit_ipc && !grsec_enable_group))
27337 + gr_log_int_int(GR_DO_AUDIT, GR_SEMR_AUDIT_MSG, uid, cuid);
27343 +gr_log_shmget(const int err, const int shmflg, const size_t size)
27345 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27346 + if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
27347 + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
27348 + !grsec_enable_group)) && (err >= 0)
27349 + && (shmflg & IPC_CREAT))
27350 + gr_log_int(GR_DO_AUDIT, GR_SHM_AUDIT_MSG, size);
27356 +gr_log_shmrm(const uid_t uid, const uid_t cuid)
27358 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
27359 + if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
27360 + grsec_enable_audit_ipc) ||
27361 + (grsec_enable_audit_ipc && !grsec_enable_group))
27362 + gr_log_int_int(GR_DO_AUDIT, GR_SHMR_AUDIT_MSG, uid, cuid);
27366 diff -urNp linux-2.4.37.7/grsecurity/grsec_link.c linux-2.4.37.7/grsecurity/grsec_link.c
27367 --- linux-2.4.37.7/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
27368 +++ linux-2.4.37.7/grsecurity/grsec_link.c 2009-11-10 19:30:27.000000000 -0500
27370 +#include <linux/kernel.h>
27371 +#include <linux/sched.h>
27372 +#include <linux/fs.h>
27373 +#include <linux/file.h>
27374 +#include <linux/grinternal.h>
27377 +gr_handle_follow_link(const struct inode *parent,
27378 + const struct inode *inode,
27379 + const struct dentry *dentry, const struct vfsmount *mnt)
27381 +#ifdef CONFIG_GRKERNSEC_LINK
27382 + if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
27383 + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
27384 + (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) {
27385 + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid);
27393 +gr_handle_hardlink(const struct dentry *dentry,
27394 + const struct vfsmount *mnt,
27395 + struct inode *inode, const int mode, const char *to)
27397 +#ifdef CONFIG_GRKERNSEC_LINK
27398 + if (grsec_enable_link && current->fsuid != inode->i_uid &&
27399 + (!S_ISREG(mode) || (mode & S_ISUID) ||
27400 + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
27401 + (permission(inode, MAY_READ | MAY_WRITE))) &&
27402 + !capable(CAP_FOWNER) && current->uid) {
27403 + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
27409 diff -urNp linux-2.4.37.7/grsecurity/grsec_log.c linux-2.4.37.7/grsecurity/grsec_log.c
27410 --- linux-2.4.37.7/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
27411 +++ linux-2.4.37.7/grsecurity/grsec_log.c 2009-11-10 19:30:27.000000000 -0500
27413 +#include <linux/kernel.h>
27414 +#include <linux/sched.h>
27415 +#include <linux/file.h>
27416 +#include <linux/fs.h>
27417 +#include <linux/grinternal.h>
27419 +#define BEGIN_LOCKS(x) \
27420 + read_lock(&tasklist_lock); \
27421 + read_lock(&grsec_exec_file_lock); \
27422 + if (x != GR_DO_AUDIT) \
27423 + spin_lock(&grsec_alert_lock); \
27425 + spin_lock(&grsec_audit_lock)
27427 +#define END_LOCKS(x) \
27428 + if (x != GR_DO_AUDIT) \
27429 + spin_unlock(&grsec_alert_lock); \
27431 + spin_unlock(&grsec_audit_lock); \
27432 + read_unlock(&grsec_exec_file_lock); \
27433 + read_unlock(&tasklist_lock); \
27434 + if (x == GR_DONT_AUDIT) \
27435 + gr_handle_alertkill(current)
27442 +extern char *gr_alert_log_fmt;
27443 +extern char *gr_audit_log_fmt;
27444 +extern char *gr_alert_log_buf;
27445 +extern char *gr_audit_log_buf;
27447 +static int gr_log_start(int audit)
27449 + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
27450 + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
27451 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
27453 + if (audit == GR_DO_AUDIT)
27456 + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
27457 + grsec_alert_wtime = jiffies;
27458 + grsec_alert_fyet = 0;
27459 + } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
27460 + grsec_alert_fyet++;
27461 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
27462 + grsec_alert_wtime = jiffies;
27463 + grsec_alert_fyet++;
27464 + printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
27466 + } else return FLOODING;
27469 + memset(buf, 0, PAGE_SIZE);
27470 + if (current->curr_ip && gr_acl_is_enabled()) {
27471 + sprintf(fmt, "%s%s", loglevel, "grsec: From %u.%u.%u.%u: (%.64s:%c:%.950s) ");
27472 + snprintf(buf, PAGE_SIZE - 1, fmt, NIPQUAD(current->curr_ip), current->role->rolename, gr_roletype_to_char(), current->acl->filename);
27473 + } else if (current->curr_ip) {
27474 + sprintf(fmt, "%s%s", loglevel, "grsec: From %u.%u.%u.%u: ");
27475 + snprintf(buf, PAGE_SIZE - 1, fmt, NIPQUAD(current->curr_ip));
27476 + } else if (gr_acl_is_enabled()) {
27477 + sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
27478 + snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
27480 + sprintf(fmt, "%s%s", loglevel, "grsec: ");
27481 + strcpy(buf, fmt);
27484 + return NO_FLOODING;
27487 +static void gr_log_middle(int audit, const char *msg, va_list ap)
27488 + __attribute__ ((format (printf, 2, 0)));
27490 +static void gr_log_middle(int audit, const char *msg, va_list ap)
27492 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
27493 + unsigned int len = strlen(buf);
27495 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
27499 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
27500 + __attribute__ ((format (printf, 2, 3)));
27502 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
27504 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
27505 + unsigned int len = strlen(buf);
27508 + va_start(ap, msg);
27509 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
27515 +static void gr_log_end(int audit)
27517 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
27518 + unsigned int len = strlen(buf);
27520 + snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current));
27521 + printk("%s\n", buf);
27526 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
27529 + char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
27530 + char *str1, *str2, *str3;
27532 + unsigned long ulong1, ulong2;
27533 + struct dentry *dentry;
27534 + struct vfsmount *mnt;
27535 + struct file *file;
27536 + struct task_struct *task;
27539 + BEGIN_LOCKS(audit);
27540 + logtype = gr_log_start(audit);
27541 + if (logtype == FLOODING) {
27542 + END_LOCKS(audit);
27545 + va_start(ap, argtypes);
27546 + switch (argtypes) {
27547 + case GR_TTYSNIFF:
27548 + task = va_arg(ap, struct task_struct *);
27549 + gr_log_middle_varargs(audit, msg, NIPQUAD(task->curr_ip), gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->p_pptr->comm, task->p_pptr->pid);
27552 + dentry = va_arg(ap, struct dentry *);
27553 + mnt = va_arg(ap, struct vfsmount *);
27554 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
27556 + case GR_RBAC_STR:
27557 + dentry = va_arg(ap, struct dentry *);
27558 + mnt = va_arg(ap, struct vfsmount *);
27559 + str1 = va_arg(ap, char *);
27560 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
27562 + case GR_STR_RBAC:
27563 + str1 = va_arg(ap, char *);
27564 + dentry = va_arg(ap, struct dentry *);
27565 + mnt = va_arg(ap, struct vfsmount *);
27566 + gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
27568 + case GR_RBAC_MODE2:
27569 + dentry = va_arg(ap, struct dentry *);
27570 + mnt = va_arg(ap, struct vfsmount *);
27571 + str1 = va_arg(ap, char *);
27572 + str2 = va_arg(ap, char *);
27573 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
27575 + case GR_RBAC_MODE3:
27576 + dentry = va_arg(ap, struct dentry *);
27577 + mnt = va_arg(ap, struct vfsmount *);
27578 + str1 = va_arg(ap, char *);
27579 + str2 = va_arg(ap, char *);
27580 + str3 = va_arg(ap, char *);
27581 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
27583 + case GR_FILENAME:
27584 + dentry = va_arg(ap, struct dentry *);
27585 + mnt = va_arg(ap, struct vfsmount *);
27586 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
27588 + case GR_STR_FILENAME:
27589 + str1 = va_arg(ap, char *);
27590 + dentry = va_arg(ap, struct dentry *);
27591 + mnt = va_arg(ap, struct vfsmount *);
27592 + gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
27594 + case GR_FILENAME_STR:
27595 + dentry = va_arg(ap, struct dentry *);
27596 + mnt = va_arg(ap, struct vfsmount *);
27597 + str1 = va_arg(ap, char *);
27598 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
27600 + case GR_FILENAME_TWO_INT:
27601 + dentry = va_arg(ap, struct dentry *);
27602 + mnt = va_arg(ap, struct vfsmount *);
27603 + num1 = va_arg(ap, int);
27604 + num2 = va_arg(ap, int);
27605 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
27607 + case GR_FILENAME_TWO_INT_STR:
27608 + dentry = va_arg(ap, struct dentry *);
27609 + mnt = va_arg(ap, struct vfsmount *);
27610 + num1 = va_arg(ap, int);
27611 + num2 = va_arg(ap, int);
27612 + str1 = va_arg(ap, char *);
27613 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
27616 + file = va_arg(ap, struct file *);
27617 + ulong1 = va_arg(ap, unsigned long);
27618 + ulong2 = va_arg(ap, unsigned long);
27619 + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_dentry, file->f_vfsmnt) : "<anonymous mapping>", ulong1, ulong2);
27622 + task = va_arg(ap, struct task_struct *);
27623 + gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_dentry, task->exec_file->f_vfsmnt) : "(none)", task->comm, task->pid);
27625 + case GR_RESOURCE:
27626 + task = va_arg(ap, struct task_struct *);
27627 + ulong1 = va_arg(ap, unsigned long);
27628 + str1 = va_arg(ap, char *);
27629 + ulong2 = va_arg(ap, unsigned long);
27630 + gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->p_pptr->comm, task->p_pptr->pid, task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid, task->p_pptr->egid);
27633 + task = va_arg(ap, struct task_struct *);
27634 + str1 = va_arg(ap, char *);
27635 + gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->p_pptr->comm, task->p_pptr->pid, task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid, task->p_pptr->egid);
27638 + task = va_arg(ap, struct task_struct *);
27639 + num1 = va_arg(ap, int);
27640 + gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath0(task), task->p_pptr->comm, task->p_pptr->pid, task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid, task->p_pptr->egid);
27643 + task = va_arg(ap, struct task_struct *);
27644 + ulong1 = va_arg(ap, unsigned long);
27645 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->p_pptr->comm, task->p_pptr->pid, task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid, task->p_pptr->egid, task->uid, ulong1);
27648 + task = va_arg(ap, struct task_struct *);
27649 + str1 = va_arg(ap, char *);
27650 + ulong1 = va_arg(ap, unsigned long);
27651 + ulong2 = va_arg(ap, unsigned long);
27652 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->p_pptr->comm, task->p_pptr->pid, task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid, task->p_pptr->egid, task->uid, str1, ulong1, ulong2);
27656 + unsigned int wday, cday;
27660 + char cur_tty[64] = { 0 };
27661 + char parent_tty[64] = { 0 };
27663 + task = va_arg(ap, struct task_struct *);
27664 + wday = va_arg(ap, unsigned int);
27665 + cday = va_arg(ap, unsigned int);
27666 + whr = va_arg(ap, int);
27667 + chr = va_arg(ap, int);
27668 + wmin = va_arg(ap, int);
27669 + cmin = va_arg(ap, int);
27670 + wsec = va_arg(ap, int);
27671 + csec = va_arg(ap, int);
27672 + ulong1 = va_arg(ap, unsigned long);
27674 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, NIPQUAD(task->curr_ip), tty_name(task->tty, cur_tty), task->uid, task->euid, task->gid, task->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->p_pptr->comm, task->p_pptr->pid, NIPQUAD(task->p_pptr->curr_ip), tty_name(task->p_pptr->tty, parent_tty), task->p_pptr->uid, task->p_pptr->euid, task->p_pptr->gid, task->p_pptr->egid);
27678 + gr_log_middle(audit, msg, ap);
27681 + gr_log_end(audit);
27682 + END_LOCKS(audit);
27684 diff -urNp linux-2.4.37.7/grsecurity/grsec_mem.c linux-2.4.37.7/grsecurity/grsec_mem.c
27685 --- linux-2.4.37.7/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
27686 +++ linux-2.4.37.7/grsecurity/grsec_mem.c 2009-11-10 19:30:27.000000000 -0500
27688 +#include <linux/kernel.h>
27689 +#include <linux/sched.h>
27690 +#include <linux/mm.h>
27691 +#include <linux/grinternal.h>
27694 +gr_handle_ioperm(void)
27696 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
27701 +gr_handle_iopl(void)
27703 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
27708 +gr_handle_mem_write(void)
27710 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG);
27715 +gr_handle_kmem_write(void)
27717 + gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG);
27722 +gr_handle_open_port(void)
27724 + gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG);
27729 +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
27731 + unsigned long start, end;
27734 + end = start + vma->vm_end - vma->vm_start;
27736 + if (start > end) {
27737 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
27741 + /* allowed ranges : ISA I/O BIOS */
27742 + if ((start >= __pa(high_memory))
27744 + || (start >= 0x000a0000 && end <= 0x00100000)
27745 + || (start >= 0x00000000 && end <= 0x00001000)
27750 + if (vma->vm_flags & VM_WRITE) {
27751 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
27754 + vma->vm_flags &= ~VM_MAYWRITE;
27758 diff -urNp linux-2.4.37.7/grsecurity/grsec_mount.c linux-2.4.37.7/grsecurity/grsec_mount.c
27759 --- linux-2.4.37.7/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
27760 +++ linux-2.4.37.7/grsecurity/grsec_mount.c 2009-11-10 19:30:27.000000000 -0500
27762 +#include <linux/kernel.h>
27763 +#include <linux/sched.h>
27764 +#include <linux/grsecurity.h>
27765 +#include <linux/grinternal.h>
27768 +gr_log_remount(const char *devname, const int retval)
27770 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
27771 + if (grsec_enable_mount && (retval >= 0))
27772 + gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
27778 +gr_log_unmount(const char *devname, const int retval)
27780 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
27781 + if (grsec_enable_mount && (retval >= 0))
27782 + gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
27788 +gr_log_mount(const char *from, const char *to, const int retval)
27790 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
27791 + if (grsec_enable_mount && (retval >= 0))
27792 + gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
27796 diff -urNp linux-2.4.37.7/grsecurity/grsec_sig.c linux-2.4.37.7/grsecurity/grsec_sig.c
27797 --- linux-2.4.37.7/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
27798 +++ linux-2.4.37.7/grsecurity/grsec_sig.c 2009-11-10 19:30:27.000000000 -0500
27800 +#include <linux/kernel.h>
27801 +#include <linux/sched.h>
27802 +#include <linux/grinternal.h>
27805 +gr_log_signal(const int sig, const struct task_struct *t)
27807 +#ifdef CONFIG_GRKERNSEC_SIGNAL
27808 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
27809 + (sig == SIGABRT) || (sig == SIGBUS))) {
27810 + if (t->pid == current->pid) {
27811 + gr_log_int(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, sig);
27813 + gr_log_sig(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
27821 +gr_handle_signal(const struct task_struct *p, const int sig)
27823 +#ifdef CONFIG_GRKERNSEC
27824 + if (current->pid > 1 && sig != SIGCHLD && gr_check_protected_task(p)) {
27825 + gr_log_sig(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
27827 + } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
27834 +void gr_handle_brute_attach(struct task_struct *p)
27836 +#ifdef CONFIG_GRKERNSEC_BRUTE
27837 + read_lock(&tasklist_lock);
27838 + read_lock(&grsec_exec_file_lock);
27839 + if (p->p_pptr && p->p_pptr->exec_file == p->exec_file)
27840 + p->p_pptr->brute = 1;
27841 + read_unlock(&grsec_exec_file_lock);
27842 + read_unlock(&tasklist_lock);
27847 +void gr_handle_brute_check(void)
27849 +#ifdef CONFIG_GRKERNSEC_BRUTE
27850 + if (current->brute) {
27851 + set_current_state(TASK_UNINTERRUPTIBLE);
27852 + schedule_timeout(30 * HZ);
27858 diff -urNp linux-2.4.37.7/grsecurity/grsec_sock.c linux-2.4.37.7/grsecurity/grsec_sock.c
27859 --- linux-2.4.37.7/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
27860 +++ linux-2.4.37.7/grsecurity/grsec_sock.c 2009-11-10 19:30:27.000000000 -0500
27862 +#include <linux/kernel.h>
27863 +#include <linux/sched.h>
27864 +#include <linux/file.h>
27865 +#include <linux/net.h>
27866 +#include <net/sock.h>
27867 +#include <linux/grsecurity.h>
27868 +#include <linux/grinternal.h>
27869 +#include <linux/gracl.h>
27871 +#ifdef CONFIG_GRKERNSEC
27872 +#define gr_conn_table_size 32749
27873 +struct conn_table_entry {
27874 + struct conn_table_entry *next;
27875 + struct task_struct *task;
27878 +struct conn_table_entry *gr_conn_table[gr_conn_table_size];
27879 +spinlock_t gr_conn_table_lock = SPIN_LOCK_UNLOCKED;
27881 +extern const char * gr_socktype_to_name(unsigned char type);
27882 +extern const char * gr_proto_to_name(unsigned char proto);
27884 +static __inline__ int
27885 +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
27887 + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
27890 +static __inline__ int
27891 +conn_match(const struct task_struct *task, __u32 saddr, __u32 daddr,
27892 + __u16 sport, __u16 dport)
27894 + if (unlikely(task->gr_saddr == saddr && task->gr_daddr == daddr &&
27895 + task->gr_sport == sport && task->gr_dport == dport))
27901 +static void gr_add_to_task_ip_table_nolock(struct task_struct *task, struct conn_table_entry *newent)
27903 + struct conn_table_entry **match;
27904 + unsigned int index;
27906 + index = conn_hash(task->gr_saddr, task->gr_daddr,
27907 + task->gr_sport, task->gr_dport,
27908 + gr_conn_table_size);
27911 + newent->task = task;
27913 + match = &gr_conn_table[index];
27914 + newent->next = *match;
27920 +void gr_del_task_from_ip_table_nolock(struct task_struct *task)
27922 + struct conn_table_entry *match, *last = NULL;
27923 + unsigned int index;
27925 + index = conn_hash(task->gr_saddr, task->gr_daddr,
27926 + task->gr_sport, task->gr_dport,
27927 + gr_conn_table_size);
27929 + match = gr_conn_table[index];
27930 + while (match && !conn_match(match->task,
27931 + task->gr_saddr, task->gr_daddr, task->gr_sport,
27932 + task->gr_dport)) {
27934 + match = match->next;
27939 + last->next = match->next;
27941 + gr_conn_table[index] = NULL;
27948 +struct task_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
27949 + __u16 sport, __u16 dport)
27951 + struct conn_table_entry *match;
27952 + unsigned int index;
27954 + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
27956 + match = gr_conn_table[index];
27957 + while (match && !conn_match(match->task, saddr, daddr, sport, dport))
27958 + match = match->next;
27961 + return match->task;
27968 +void gr_update_task_in_ip_table(struct task_struct *task, const struct sock *sk)
27970 +#ifdef CONFIG_GRKERNSEC
27971 + struct conn_table_entry *newent;
27973 + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
27974 + if (newent == NULL)
27976 + /* no bh lock needed since we are called with bh disabled */
27977 + spin_lock(&gr_conn_table_lock);
27978 + gr_del_task_from_ip_table_nolock(task);
27979 + task->gr_saddr = sk->rcv_saddr;
27980 + task->gr_daddr = sk->daddr;
27981 + task->gr_sport = sk->sport;
27982 + task->gr_dport = sk->dport;
27983 + gr_add_to_task_ip_table_nolock(task, newent);
27984 + spin_unlock(&gr_conn_table_lock);
27989 +void gr_del_task_from_ip_table(struct task_struct *task)
27991 +#ifdef CONFIG_GRKERNSEC
27992 + spin_lock_bh(&gr_conn_table_lock);
27993 + gr_del_task_from_ip_table_nolock(task);
27994 + spin_unlock_bh(&gr_conn_table_lock);
28000 +gr_attach_curr_ip(const struct sock *sk)
28002 +#ifdef CONFIG_GRKERNSEC
28003 + struct task_struct *p;
28005 + if (unlikely(sk->protocol != IPPROTO_TCP))
28008 + spin_lock_bh(&gr_conn_table_lock);
28009 + p = gr_lookup_task_ip_table(sk->daddr, sk->rcv_saddr,
28010 + sk->dport, sk->sport);
28011 + if (unlikely(p != NULL)) {
28012 + current->curr_ip = p->curr_ip;
28013 + current->used_accept = 1;
28014 + gr_del_task_from_ip_table_nolock(p);
28015 + spin_unlock_bh(&gr_conn_table_lock);
28018 + spin_unlock_bh(&gr_conn_table_lock);
28020 + current->curr_ip = sk->daddr;
28021 + current->used_accept = 1;
28027 +gr_handle_sock_all(const int family, const int type, const int protocol)
28029 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
28030 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
28031 + (family != AF_UNIX) && (family != AF_LOCAL) && (type < SOCK_MAX)) {
28032 + gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol));
28040 +gr_handle_sock_server(const struct sockaddr *sck)
28042 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
28043 + if (grsec_enable_socket_server &&
28044 + in_group_p(grsec_socket_server_gid) &&
28045 + sck && (sck->sa_family != AF_UNIX) &&
28046 + (sck->sa_family != AF_LOCAL)) {
28047 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
28055 +gr_handle_sock_server_other(const struct sock *sck)
28057 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
28058 + if (grsec_enable_socket_server &&
28059 + in_group_p(grsec_socket_server_gid) &&
28060 + sck && (sck->family != AF_UNIX) &&
28061 + (sck->family != AF_LOCAL)) {
28062 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
28070 +gr_handle_sock_client(const struct sockaddr *sck)
28072 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
28073 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
28074 + sck && (sck->sa_family != AF_UNIX) &&
28075 + (sck->sa_family != AF_LOCAL)) {
28076 + gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
28084 +gr_cap_rtnetlink(void)
28086 +#ifdef CONFIG_GRKERNSEC
28087 + if (!gr_acl_is_enabled())
28088 + return current->cap_effective;
28089 + else if (cap_raised(current->cap_effective, CAP_NET_ADMIN) &&
28090 + gr_task_is_capable(current, CAP_NET_ADMIN))
28091 + return current->cap_effective;
28093 + printk("Returning 0 for rtnetlink!\n");
28097 + return current->cap_effective;
28100 diff -urNp linux-2.4.37.7/grsecurity/grsec_sysctl.c linux-2.4.37.7/grsecurity/grsec_sysctl.c
28101 --- linux-2.4.37.7/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
28102 +++ linux-2.4.37.7/grsecurity/grsec_sysctl.c 2009-11-10 19:30:27.000000000 -0500
28104 +#include <linux/kernel.h>
28105 +#include <linux/sched.h>
28106 +#include <linux/sysctl.h>
28107 +#include <linux/grinternal.h>
28109 +#ifdef CONFIG_GRKERNSEC_MODSTOP
28110 +int grsec_modstop;
28114 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
28116 +#ifdef CONFIG_GRKERNSEC_SYSCTL
28117 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & 002)) {
28118 + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
28122 +#ifdef CONFIG_GRKERNSEC_MODSTOP
28123 + if (!strcmp(dirname, "grsecurity") && !strcmp(name, "disable_modules") &&
28124 + grsec_modstop && (op & 002)) {
28125 + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
28133 +int gr_check_modstop(void)
28135 +#ifdef CONFIG_GRKERNSEC_MODSTOP
28136 + if (grsec_modstop != 0) {
28137 + gr_log_noargs(GR_DONT_AUDIT, GR_STOPMOD_MSG);
28143 diff -urNp linux-2.4.37.7/grsecurity/grsec_textrel.c linux-2.4.37.7/grsecurity/grsec_textrel.c
28144 --- linux-2.4.37.7/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500
28145 +++ linux-2.4.37.7/grsecurity/grsec_textrel.c 2009-11-10 19:30:27.000000000 -0500
28147 +#include <linux/kernel.h>
28148 +#include <linux/sched.h>
28149 +#include <linux/mm.h>
28150 +#include <linux/file.h>
28151 +#include <linux/grinternal.h>
28152 +#include <linux/grsecurity.h>
28155 +gr_log_textrel(struct vm_area_struct * vma)
28157 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
28158 + if (grsec_enable_audit_textrel)
28159 + gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
28163 diff -urNp linux-2.4.37.7/grsecurity/grsec_time.c linux-2.4.37.7/grsecurity/grsec_time.c
28164 --- linux-2.4.37.7/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
28165 +++ linux-2.4.37.7/grsecurity/grsec_time.c 2009-11-10 19:30:27.000000000 -0500
28167 +#include <linux/kernel.h>
28168 +#include <linux/sched.h>
28169 +#include <linux/grinternal.h>
28172 +gr_log_timechange(void)
28174 +#ifdef CONFIG_GRKERNSEC_TIME
28175 + if (grsec_enable_time)
28176 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
28180 diff -urNp linux-2.4.37.7/grsecurity/grsec_tpe.c linux-2.4.37.7/grsecurity/grsec_tpe.c
28181 --- linux-2.4.37.7/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
28182 +++ linux-2.4.37.7/grsecurity/grsec_tpe.c 2009-11-10 19:30:27.000000000 -0500
28184 +#include <linux/kernel.h>
28185 +#include <linux/sched.h>
28186 +#include <linux/file.h>
28187 +#include <linux/fs.h>
28188 +#include <linux/grinternal.h>
28190 +extern int gr_acl_tpe_check(void);
28193 +gr_tpe_allow(const struct file *file)
28195 +#ifdef CONFIG_GRKERNSEC
28196 + struct inode *inode = file->f_dentry->d_parent->d_inode;
28198 + if (current->uid && ((grsec_enable_tpe &&
28199 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
28200 + !in_group_p(grsec_tpe_gid)
28202 + in_group_p(grsec_tpe_gid)
28204 + ) || gr_acl_tpe_check()) &&
28205 + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
28206 + (inode->i_mode & S_IWOTH))))) {
28207 + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_dentry, file->f_vfsmnt);
28210 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
28211 + if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
28212 + ((inode->i_uid && (inode->i_uid != current->uid)) ||
28213 + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
28214 + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_dentry, file->f_vfsmnt);
28221 diff -urNp linux-2.4.37.7/grsecurity/grsum.c linux-2.4.37.7/grsecurity/grsum.c
28222 --- linux-2.4.37.7/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
28223 +++ linux-2.4.37.7/grsecurity/grsum.c 2009-11-10 19:30:27.000000000 -0500
28225 +#include <linux/kernel.h>
28226 +#include <linux/sched.h>
28227 +#include <linux/mm.h>
28228 +#include <asm/scatterlist.h>
28229 +#include <linux/crypto.h>
28230 +#include <linux/gracl.h>
28233 +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
28234 +#error "crypto and sha256 must be built into the kernel"
28238 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
28241 + struct crypto_tfm *tfm;
28242 + unsigned char temp_sum[GR_SHA_LEN];
28243 + struct scatterlist sg[2];
28244 + volatile int retval = 0;
28245 + volatile int dummy = 0;
28248 + tfm = crypto_alloc_tfm("sha256", 0);
28249 + if (tfm == NULL) {
28250 + /* should never happen, since sha256 should be built in */
28254 + crypto_digest_init(tfm);
28257 + sg[0].page = virt_to_page(p);
28258 + sg[0].offset = ((long) p & ~PAGE_MASK);
28259 + sg[0].length = GR_SALT_LEN;
28261 + crypto_digest_update(tfm, sg, 1);
28264 + sg[0].page = virt_to_page(p);
28265 + sg[0].offset = ((long) p & ~PAGE_MASK);
28266 + sg[0].length = strlen(entry->pw);
28268 + crypto_digest_update(tfm, sg, 1);
28270 + crypto_digest_final(tfm, temp_sum);
28272 + memset(entry->pw, 0, GR_PW_LEN);
28274 + for (i = 0; i < GR_SHA_LEN; i++)
28275 + if (sum[i] != temp_sum[i])
28278 + dummy = 1; // waste a cycle
28280 + crypto_free_tfm(tfm);
28284 diff -urNp linux-2.4.37.7/grsecurity/Makefile linux-2.4.37.7/grsecurity/Makefile
28285 --- linux-2.4.37.7/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
28286 +++ linux-2.4.37.7/grsecurity/Makefile 2009-11-10 19:30:27.000000000 -0500
28288 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
28289 +# during 2001-2005 it has been completely redesigned by Brad Spengler
28290 +# into an RBAC system
28292 +# All code in this directory and various hooks inserted throughout the kernel
28293 +# are copyright Brad Spengler - Open Source Security, Inc., and released
28294 +# under the GPL v2 or higher
28296 +O_TARGET := grsec.o
28298 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
28299 + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
28300 + grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o
28302 +ifeq ($(CONFIG_GRKERNSEC),y)
28303 +obj-y += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
28304 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
28305 + gracl_learn.o grsec_textrel.o grsec_log.o
28306 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
28308 +obj-y += grsec_disabled.o
28311 +include $(TOPDIR)/Rules.make
28312 diff -urNp linux-2.4.37.7/include/asm-alpha/a.out.h linux-2.4.37.7/include/asm-alpha/a.out.h
28313 --- linux-2.4.37.7/include/asm-alpha/a.out.h 2009-11-07 11:52:20.000000000 -0500
28314 +++ linux-2.4.37.7/include/asm-alpha/a.out.h 2009-11-10 19:30:27.000000000 -0500
28315 @@ -98,7 +98,7 @@ struct exec
28316 set_personality (((BFPM->sh_bang || EX.ah.entry < 0x100000000 \
28317 ? ADDR_LIMIT_32BIT : 0) | PER_OSF4))
28319 -#define STACK_TOP \
28320 +#define __STACK_TOP \
28321 (current->personality & ADDR_LIMIT_32BIT ? 0x80000000 : 0x00120000000UL)
28324 diff -urNp linux-2.4.37.7/include/asm-alpha/elf.h linux-2.4.37.7/include/asm-alpha/elf.h
28325 --- linux-2.4.37.7/include/asm-alpha/elf.h 2009-11-07 11:52:20.000000000 -0500
28326 +++ linux-2.4.37.7/include/asm-alpha/elf.h 2009-11-10 19:30:27.000000000 -0500
28327 @@ -41,6 +41,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
28329 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
28331 +#ifdef CONFIG_PAX_ASLR
28332 +#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
28334 +#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
28335 +#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
28338 /* $0 is set by ld.so to a pointer to a function which might be
28339 registered using atexit. This provides a mean for the dynamic
28340 linker to call DT_FINI functions for shared libraries that have
28341 diff -urNp linux-2.4.37.7/include/asm-alpha/kmap_types.h linux-2.4.37.7/include/asm-alpha/kmap_types.h
28342 --- linux-2.4.37.7/include/asm-alpha/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
28343 +++ linux-2.4.37.7/include/asm-alpha/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
28344 @@ -11,6 +11,7 @@ enum km_type {
28352 diff -urNp linux-2.4.37.7/include/asm-alpha/page.h linux-2.4.37.7/include/asm-alpha/page.h
28353 --- linux-2.4.37.7/include/asm-alpha/page.h 2009-11-07 11:52:20.000000000 -0500
28354 +++ linux-2.4.37.7/include/asm-alpha/page.h 2009-11-10 19:30:27.000000000 -0500
28355 @@ -101,6 +101,15 @@ extern __inline__ int get_order(unsigned
28356 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
28357 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
28359 +#ifdef CONFIG_PAX_PAGEEXEC
28360 +#ifdef CONFIG_PAX_MPROTECT
28361 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
28362 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
28364 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
28368 #endif /* __KERNEL__ */
28370 #endif /* _ALPHA_PAGE_H */
28371 diff -urNp linux-2.4.37.7/include/asm-alpha/pgtable.h linux-2.4.37.7/include/asm-alpha/pgtable.h
28372 --- linux-2.4.37.7/include/asm-alpha/pgtable.h 2009-11-07 11:52:20.000000000 -0500
28373 +++ linux-2.4.37.7/include/asm-alpha/pgtable.h 2009-11-10 19:30:27.000000000 -0500
28375 #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
28376 #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
28377 #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
28379 +#ifdef CONFIG_PAX_PAGEEXEC
28380 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
28381 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
28382 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
28384 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
28385 +# define PAGE_COPY_NOEXEC PAGE_COPY
28386 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
28389 #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
28391 #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
28392 diff -urNp linux-2.4.37.7/include/asm-i386/a.out.h linux-2.4.37.7/include/asm-i386/a.out.h
28393 --- linux-2.4.37.7/include/asm-i386/a.out.h 2009-11-07 11:52:20.000000000 -0500
28394 +++ linux-2.4.37.7/include/asm-i386/a.out.h 2009-11-10 19:30:27.000000000 -0500
28395 @@ -19,7 +19,11 @@ struct exec
28399 -#define STACK_TOP TASK_SIZE
28400 +#ifdef CONFIG_PAX_SEGMEXEC
28401 +#define __STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?TASK_SIZE/2:TASK_SIZE)
28403 +#define __STACK_TOP TASK_SIZE
28408 diff -urNp linux-2.4.37.7/include/asm-i386/checksum.h linux-2.4.37.7/include/asm-i386/checksum.h
28409 --- linux-2.4.37.7/include/asm-i386/checksum.h 2009-11-07 11:52:20.000000000 -0500
28410 +++ linux-2.4.37.7/include/asm-i386/checksum.h 2009-11-10 19:30:27.000000000 -0500
28411 @@ -27,6 +27,12 @@ asmlinkage unsigned int csum_partial(con
28412 asmlinkage unsigned int csum_partial_copy_generic( const char *src, char *dst, int len, int sum,
28413 int *src_err_ptr, int *dst_err_ptr);
28415 +asmlinkage unsigned int csum_partial_copy_generic_to_user( const char *src, char *dst, int len, int sum,
28416 + int *src_err_ptr, int *dst_err_ptr);
28418 +asmlinkage unsigned int csum_partial_copy_generic_from_user( const char *src, char *dst, int len, int sum,
28419 + int *src_err_ptr, int *dst_err_ptr);
28422 * Note: when you get a NULL pointer exception here this means someone
28423 * passed in an incorrect kernel address to one of these functions.
28424 @@ -45,7 +51,7 @@ static __inline__
28425 unsigned int csum_partial_copy_from_user ( const char *src, char *dst,
28426 int len, int sum, int *err_ptr)
28428 - return csum_partial_copy_generic ( src, dst, len, sum, err_ptr, NULL);
28429 + return csum_partial_copy_generic_from_user ( src, dst, len, sum, err_ptr, NULL);
28433 @@ -185,7 +191,7 @@ static __inline__ unsigned int csum_and_
28434 int len, int sum, int *err_ptr)
28436 if (access_ok(VERIFY_WRITE, dst, len))
28437 - return csum_partial_copy_generic(src, dst, len, sum, NULL, err_ptr);
28438 + return csum_partial_copy_generic_to_user(src, dst, len, sum, NULL, err_ptr);
28441 *err_ptr = -EFAULT;
28442 diff -urNp linux-2.4.37.7/include/asm-i386/desc.h linux-2.4.37.7/include/asm-i386/desc.h
28443 --- linux-2.4.37.7/include/asm-i386/desc.h 2009-11-07 11:52:20.000000000 -0500
28444 +++ linux-2.4.37.7/include/asm-i386/desc.h 2009-11-10 19:30:27.000000000 -0500
28445 @@ -46,7 +46,8 @@ struct desc_struct {
28448 extern struct desc_struct gdt_table[];
28449 -extern struct desc_struct *idt, *gdt;
28450 +extern struct desc_struct gdt_table2[];
28451 +extern struct desc_struct *idt, *gdt, *gdt2;
28453 struct Xgt_desc_struct {
28454 unsigned short size;
28455 @@ -55,6 +56,7 @@ struct Xgt_desc_struct {
28457 #define idt_descr (*(struct Xgt_desc_struct *)((char *)&idt - 2))
28458 #define gdt_descr (*(struct Xgt_desc_struct *)((char *)&gdt - 2))
28459 +#define gdt_descr2 (*(struct Xgt_desc_struct *)((char *)&gdt2 - 2))
28461 #define load_TR(n) __asm__ __volatile__("ltr %%ax"::"a" (__TSS(n)<<3))
28463 @@ -64,10 +66,10 @@ struct Xgt_desc_struct {
28464 * This is the ldt that every process will get unless we need
28465 * something other than this.
28467 -extern struct desc_struct default_ldt[];
28468 -extern void set_intr_gate(unsigned int irq, void * addr);
28469 -extern void set_ldt_desc(unsigned int n, void *addr, unsigned int size);
28470 -extern void set_tss_desc(unsigned int n, void *addr);
28471 +extern const struct desc_struct default_ldt[];
28472 +extern void set_intr_gate(unsigned int irq, const void * addr);
28473 +extern void set_ldt_desc(unsigned int n, const void *addr, unsigned int size);
28474 +extern void set_tss_desc(unsigned int n, const void *addr);
28476 static inline void clear_LDT(void)
28478 @@ -82,7 +84,7 @@ static inline void clear_LDT(void)
28479 static inline void load_LDT (mm_context_t *pc)
28481 int cpu = smp_processor_id();
28482 - void *segments = pc->ldt;
28483 + const void *segments = pc->ldt;
28484 int count = pc->size;
28487 @@ -94,6 +96,17 @@ static inline void load_LDT (mm_context_
28491 +#define pax_open_kernel(cr0) \
28493 + cr0 = read_cr0(); \
28494 + write_cr0(cr0 & ~0x10000UL); \
28497 +#define pax_close_kernel(cr0) \
28499 + write_cr0(cr0); \
28502 #endif /* !__ASSEMBLY__ */
28505 diff -urNp linux-2.4.37.7/include/asm-i386/elf.h linux-2.4.37.7/include/asm-i386/elf.h
28506 --- linux-2.4.37.7/include/asm-i386/elf.h 2009-11-07 11:52:20.000000000 -0500
28507 +++ linux-2.4.37.7/include/asm-i386/elf.h 2009-11-10 19:30:27.000000000 -0500
28508 @@ -55,7 +55,18 @@ typedef struct user_fxsr_struct elf_fpxr
28509 the loader. We need to make sure that it is out of the way of the program
28510 that it will "exec", and that there is sufficient room for the brk. */
28512 +#ifdef CONFIG_PAX_SEGMEXEC
28513 +#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE/3*2:TASK_SIZE/3*2)
28515 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
28518 +#ifdef CONFIG_PAX_ASLR
28519 +#define PAX_ELF_ET_DYN_BASE 0x08048000UL
28521 +#define PAX_DELTA_MMAP_LEN 16
28522 +#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
28525 /* Wow, the "main" arch needs arch dependent functions too.. :) */
28527 @@ -70,17 +81,17 @@ typedef struct user_fxsr_struct elf_fpxr
28528 pr_reg[4] = regs->edi; \
28529 pr_reg[5] = regs->ebp; \
28530 pr_reg[6] = regs->eax; \
28531 - pr_reg[7] = regs->xds; \
28532 - pr_reg[8] = regs->xes; \
28533 + pr_reg[7] = regs->xds & 0xffff; \
28534 + pr_reg[8] = regs->xes & 0xffff; \
28535 /* fake once used fs and gs selectors? */ \
28536 - pr_reg[9] = regs->xds; /* was fs and __fs */ \
28537 - pr_reg[10] = regs->xds; /* was gs and __gs */ \
28538 + pr_reg[9] = regs->xds & 0xffff; /* was fs and __fs */\
28539 + pr_reg[10] = regs->xds & 0xffff;/* was gs and __gs */\
28540 pr_reg[11] = regs->orig_eax; \
28541 pr_reg[12] = regs->eip; \
28542 - pr_reg[13] = regs->xcs; \
28543 + pr_reg[13] = regs->xcs & 0xffff; \
28544 pr_reg[14] = regs->eflags; \
28545 pr_reg[15] = regs->esp; \
28546 - pr_reg[16] = regs->xss;
28547 + pr_reg[16] = regs->xss & 0xffff;
28549 /* This yields a mask that user programs can use to figure out what
28550 instruction set this CPU supports. This could be done in user space,
28551 diff -urNp linux-2.4.37.7/include/asm-i386/hw_irq.h linux-2.4.37.7/include/asm-i386/hw_irq.h
28552 --- linux-2.4.37.7/include/asm-i386/hw_irq.h 2009-11-07 11:52:20.000000000 -0500
28553 +++ linux-2.4.37.7/include/asm-i386/hw_irq.h 2009-11-10 19:30:27.000000000 -0500
28554 @@ -95,7 +95,7 @@ extern char _stext, _etext;
28555 #define __STR(x) #x
28556 #define STR(x) __STR(x)
28558 -#define SAVE_ALL \
28559 +#define __SAVE_ALL \
28563 @@ -110,6 +110,18 @@ extern char _stext, _etext;
28564 "movl %edx,%ds\n\t" \
28565 "movl %edx,%es\n\t"
28567 +#ifdef CONFIG_PAX_KERNEXEC
28568 +#define SAVE_ALL \
28570 + "movl %cr0,%edx\n\t" \
28571 + "movl %edx,%ebp\n\t" \
28572 + "orl $0x10000,%edx\n\t" \
28573 + "xorl %edx,%ebp\n\t" \
28574 + "movl %edx,%cr0\n\t"
28576 +#define SAVE_ALL __SAVE_ALL
28579 #define IRQ_NAME2(nr) nr##_interrupt(void)
28580 #define IRQ_NAME(nr) IRQ_NAME2(IRQ##nr)
28582 @@ -128,6 +140,7 @@ extern char _stext, _etext;
28583 asmlinkage void x(void); \
28584 asmlinkage void call_##x(void); \
28587 "\n"__ALIGN_STR"\n" \
28588 SYMBOL_NAME_STR(x) ":\n\t" \
28589 "pushl $"#v"-256\n\t" \
28590 @@ -141,6 +154,7 @@ SYMBOL_NAME_STR(x) ":\n\t" \
28591 asmlinkage void x(struct pt_regs * regs); \
28592 asmlinkage void call_##x(void); \
28595 "\n"__ALIGN_STR"\n" \
28596 SYMBOL_NAME_STR(x) ":\n\t" \
28597 "pushl $"#v"-256\n\t" \
28598 @@ -155,6 +169,7 @@ SYMBOL_NAME_STR(x) ":\n\t" \
28599 #define BUILD_COMMON_IRQ() \
28600 asmlinkage void call_do_IRQ(void); \
28603 "\n" __ALIGN_STR"\n" \
28604 "common_interrupt:\n\t" \
28606 @@ -175,6 +190,7 @@ __asm__( \
28607 #define BUILD_IRQ(nr) \
28608 asmlinkage void IRQ_NAME(nr); \
28611 "\n"__ALIGN_STR"\n" \
28612 SYMBOL_NAME_STR(IRQ) #nr "_interrupt:\n\t" \
28613 "pushl $"#nr"-256\n\t" \
28614 diff -urNp linux-2.4.37.7/include/asm-i386/kmap_types.h linux-2.4.37.7/include/asm-i386/kmap_types.h
28615 --- linux-2.4.37.7/include/asm-i386/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
28616 +++ linux-2.4.37.7/include/asm-i386/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
28617 @@ -10,6 +10,7 @@ enum km_type {
28625 diff -urNp linux-2.4.37.7/include/asm-i386/mman.h linux-2.4.37.7/include/asm-i386/mman.h
28626 --- linux-2.4.37.7/include/asm-i386/mman.h 2009-11-07 11:52:20.000000000 -0500
28627 +++ linux-2.4.37.7/include/asm-i386/mman.h 2009-11-10 19:30:27.000000000 -0500
28629 #define MAP_LOCKED 0x2000 /* pages are locked */
28630 #define MAP_NORESERVE 0x4000 /* don't check for reservations */
28632 +#ifdef CONFIG_PAX_SEGMEXEC
28633 +#define MAP_MIRROR 0x8000
28636 #define MS_ASYNC 1 /* sync memory asynchronously */
28637 #define MS_INVALIDATE 2 /* invalidate the caches */
28638 #define MS_SYNC 4 /* synchronous memory sync */
28639 diff -urNp linux-2.4.37.7/include/asm-i386/page.h linux-2.4.37.7/include/asm-i386/page.h
28640 --- linux-2.4.37.7/include/asm-i386/page.h 2009-11-07 11:52:20.000000000 -0500
28641 +++ linux-2.4.37.7/include/asm-i386/page.h 2009-11-10 19:30:27.000000000 -0500
28642 @@ -81,6 +81,12 @@ typedef struct { unsigned long pgprot; }
28644 #define __PAGE_OFFSET (0xC0000000)
28646 +#ifdef CONFIG_PAX_KERNEXEC
28647 +#define __KERNEL_TEXT_OFFSET (0xC0400000)
28649 +#define __KERNEL_TEXT_OFFSET (0)
28653 * This much address space is reserved for vmalloc() and iomap()
28654 * as well as fixmap mappings.
28655 @@ -98,7 +104,7 @@ typedef struct { unsigned long pgprot; }
28657 #if 1 /* Set to zero for a slightly smaller kernel */
28659 - __asm__ __volatile__( "ud2\n" \
28660 + __asm__ __volatile__( "ud2\n" \
28663 : : "i" (__LINE__), "i" (__FILE__))
28664 @@ -138,6 +144,15 @@ static __inline__ int get_order(unsigned
28665 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
28666 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
28668 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
28669 +#ifdef CONFIG_PAX_MPROTECT
28670 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
28671 + ((current->mm->pax_flags & (MF_PAX_PAGEEXEC|MF_PAX_SEGMEXEC))?0:VM_EXEC))
28673 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & (MF_PAX_PAGEEXEC|MF_PAX_SEGMEXEC))?0:VM_EXEC))
28677 #endif /* __KERNEL__ */
28679 #endif /* _I386_PAGE_H */
28680 diff -urNp linux-2.4.37.7/include/asm-i386/pgalloc.h linux-2.4.37.7/include/asm-i386/pgalloc.h
28681 --- linux-2.4.37.7/include/asm-i386/pgalloc.h 2009-11-07 11:52:20.000000000 -0500
28682 +++ linux-2.4.37.7/include/asm-i386/pgalloc.h 2009-11-10 19:30:27.000000000 -0500
28684 #include <linux/config.h>
28685 #include <asm/processor.h>
28686 #include <asm/fixmap.h>
28687 +#include <asm/desc.h>
28688 #include <linux/threads.h>
28690 #define pgd_quicklist (current_cpu_data.pgd_quick)
28692 #define pmd_populate(mm, pmd, pte) \
28693 set_pmd(pmd, __pmd(_PAGE_TABLE + __pa(pte)))
28695 +#define pmd_populate_kernel(mm, pmd, pte) \
28696 + set_pmd(pmd, __pmd(_KERNPG_TABLE + __pa(pte)))
28699 * Allocate and free page tables.
28701 diff -urNp linux-2.4.37.7/include/asm-i386/pgtable-2level.h linux-2.4.37.7/include/asm-i386/pgtable-2level.h
28702 --- linux-2.4.37.7/include/asm-i386/pgtable-2level.h 2009-11-07 11:52:20.000000000 -0500
28703 +++ linux-2.4.37.7/include/asm-i386/pgtable-2level.h 2009-11-10 19:30:27.000000000 -0500
28704 @@ -46,8 +46,25 @@ static inline int pgd_present(pgd_t pgd)
28705 * (pmds are folded into pgds so this doesnt get actually called,
28706 * but the define is needed for a generic inline function.)
28708 +#ifdef CONFIG_PAX_KERNEXEC
28709 +#define set_pmd(pmdptr,pmdval) \
28711 + unsigned long cr0; \
28712 + pax_open_kernel(cr0); \
28713 + *(pmdptr) = pmdval; \
28714 + pax_close_kernel(cr0); \
28716 +#define set_pgd(pgdptr, pgdval) \
28718 + unsigned long cr0; \
28719 + pax_open_kernel(cr0); \
28720 + *(pgdptr) = pgdval; \
28721 + pax_close_kernel(cr0); \
28724 #define set_pmd(pmdptr, pmdval) (*(pmdptr) = pmdval)
28725 #define set_pgd(pgdptr, pgdval) (*(pgdptr) = pgdval)
28728 #define pgd_page(pgd) \
28729 ((unsigned long) __va(pgd_val(pgd) & PAGE_MASK))
28730 diff -urNp linux-2.4.37.7/include/asm-i386/pgtable-3level.h linux-2.4.37.7/include/asm-i386/pgtable-3level.h
28731 --- linux-2.4.37.7/include/asm-i386/pgtable-3level.h 2009-11-07 11:52:20.000000000 -0500
28732 +++ linux-2.4.37.7/include/asm-i386/pgtable-3level.h 2009-11-10 19:30:27.000000000 -0500
28733 @@ -49,10 +49,28 @@ static inline void set_pte(pte_t *ptep,
28735 ptep->pte_low = pte.pte_low;
28738 +#ifdef CONFIG_PAX_KERNEXEC
28739 +#define set_pmd(pmdptr,pmdval) \
28741 + unsigned long cr0; \
28742 + pax_open_kernel(cr0); \
28743 + set_64bit((unsigned long long *)(pmdptr),pmd_val(pmdval)); \
28744 + pax_close_kernel(cr0); \
28746 +#define set_pgd(pgdptr,pgdval) \
28748 + unsigned long cr0; \
28749 + pax_open_kernel(cr0); \
28750 + set_64bit((unsigned long long *)(pgdptr),pgd_val(pgdval)); \
28751 + pax_close_kernel(cr0); \
28754 #define set_pmd(pmdptr,pmdval) \
28755 set_64bit((unsigned long long *)(pmdptr),pmd_val(pmdval))
28756 #define set_pgd(pgdptr,pgdval) \
28757 set_64bit((unsigned long long *)(pgdptr),pgd_val(pgdval))
28759 #define set_pte_atomic(pteptr,pteval) \
28760 set_64bit((unsigned long long *)(pteptr),pte_val(pteval))
28762 diff -urNp linux-2.4.37.7/include/asm-i386/pgtable.h linux-2.4.37.7/include/asm-i386/pgtable.h
28763 --- linux-2.4.37.7/include/asm-i386/pgtable.h 2009-11-07 11:52:20.000000000 -0500
28764 +++ linux-2.4.37.7/include/asm-i386/pgtable.h 2009-11-10 19:30:27.000000000 -0500
28766 #include <asm/bitops.h>
28769 -extern pgd_t swapper_pg_dir[1024];
28770 extern void paging_init(void);
28772 /* Caches aren't brain-dead on the intel. */
28773 @@ -104,14 +103,11 @@ extern unsigned long pgkern_mask;
28774 extern unsigned long empty_zero_page[1024];
28775 #define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page))
28777 -#endif /* !__ASSEMBLY__ */
28780 * The Linux x86 paging architecture is 'compile-time dual-mode', it
28781 * implements both the traditional 2-level x86 page tables and the
28782 * newer 3-level PAE-mode page tables.
28784 -#ifndef __ASSEMBLY__
28786 # include <asm/pgtable-3level.h>
28788 @@ -129,8 +125,16 @@ extern void pgtable_cache_init(void);
28789 #define pgtable_cache_init() do { } while (0)
28793 +#ifdef CONFIG_X86_PAE
28794 +extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
28795 +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
28797 +extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
28800 +#endif /* !__ASSEMBLY__ */
28802 #define __beep() asm("movb $0x3,%al; outb %al,$0x61")
28804 #define PMD_SIZE (1UL << PMD_SHIFT)
28805 @@ -144,9 +148,13 @@ extern void pgtable_cache_init(void);
28806 #define USER_PGD_PTRS (PAGE_OFFSET >> PGDIR_SHIFT)
28807 #define KERNEL_PGD_PTRS (PTRS_PER_PGD-USER_PGD_PTRS)
28809 -#define TWOLEVEL_PGDIR_SHIFT 22
28810 -#define BOOT_USER_PGD_PTRS (__PAGE_OFFSET >> TWOLEVEL_PGDIR_SHIFT)
28811 +#ifdef CONFIG_X86_PAE
28812 +#define BOOT_USER_PMD_PTRS (__PAGE_OFFSET >> 21)
28813 +#define BOOT_KERNEL_PMD_PTRS (2048-BOOT_USER_PMD_PTRS)
28815 +#define BOOT_USER_PGD_PTRS (__PAGE_OFFSET >> 22)
28816 #define BOOT_KERNEL_PGD_PTRS (1024-BOOT_USER_PGD_PTRS)
28820 #ifndef __ASSEMBLY__
28821 @@ -205,6 +213,16 @@ extern void pgtable_cache_init(void);
28822 #define PAGE_COPY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
28823 #define PAGE_READONLY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
28825 +#ifdef CONFIG_PAX_PAGEEXEC
28826 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED)
28827 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)
28828 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)
28830 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
28831 +# define PAGE_COPY_NOEXEC PAGE_COPY
28832 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
28835 #define __PAGE_KERNEL \
28836 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED)
28837 #define __PAGE_KERNEL_NOCACHE \
28838 @@ -237,18 +255,18 @@ extern void pgtable_cache_init(void);
28839 * This is the closest we can get..
28841 #define __P000 PAGE_NONE
28842 -#define __P001 PAGE_READONLY
28843 -#define __P010 PAGE_COPY
28844 -#define __P011 PAGE_COPY
28845 +#define __P001 PAGE_READONLY_NOEXEC
28846 +#define __P010 PAGE_COPY_NOEXEC
28847 +#define __P011 PAGE_COPY_NOEXEC
28848 #define __P100 PAGE_READONLY
28849 #define __P101 PAGE_READONLY
28850 #define __P110 PAGE_COPY
28851 #define __P111 PAGE_COPY
28853 #define __S000 PAGE_NONE
28854 -#define __S001 PAGE_READONLY
28855 -#define __S010 PAGE_SHARED
28856 -#define __S011 PAGE_SHARED
28857 +#define __S001 PAGE_READONLY_NOEXEC
28858 +#define __S010 PAGE_SHARED_NOEXEC
28859 +#define __S011 PAGE_SHARED_NOEXEC
28860 #define __S100 PAGE_READONLY
28861 #define __S101 PAGE_READONLY
28862 #define __S110 PAGE_SHARED
28863 @@ -324,7 +342,7 @@ static inline pte_t pte_modify(pte_t pte
28864 ((unsigned long) __va(pmd_val(pmd) & PAGE_MASK))
28866 /* to find an entry in a page-table-directory. */
28867 -#define pgd_index(address) ((address >> PGDIR_SHIFT) & (PTRS_PER_PGD-1))
28868 +#define pgd_index(address) (((address) >> PGDIR_SHIFT) & (PTRS_PER_PGD-1))
28870 #define __pgd_offset(address) pgd_index(address)
28872 diff -urNp linux-2.4.37.7/include/asm-i386/processor.h linux-2.4.37.7/include/asm-i386/processor.h
28873 --- linux-2.4.37.7/include/asm-i386/processor.h 2009-11-07 11:52:20.000000000 -0500
28874 +++ linux-2.4.37.7/include/asm-i386/processor.h 2009-11-10 19:30:27.000000000 -0500
28875 @@ -261,10 +261,19 @@ extern unsigned int mca_pentium_flag;
28877 #define TASK_SIZE (PAGE_OFFSET)
28879 +#ifdef CONFIG_PAX_SEGMEXEC
28880 +#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2)
28883 /* This decides where the kernel will search for a free chunk of vm
28884 * space during mmap's.
28887 +#ifdef CONFIG_PAX_SEGMEXEC
28888 +#define TASK_UNMAPPED_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE/3:TASK_SIZE/3)
28890 #define TASK_UNMAPPED_BASE (TASK_SIZE / 3)
28894 * Size of io_bitmap in longwords: 32 is ports 0-0x3ff.
28895 @@ -392,7 +401,7 @@ struct thread_struct {
28897 #define INIT_TSS { \
28898 0,0, /* back_link, __blh */ \
28899 - sizeof(init_stack) + (long) &init_stack, /* esp0 */ \
28900 + sizeof(init_stack) + (long) &init_stack - 8, /* esp0 */ \
28901 __KERNEL_DS, 0, /* ss0 */ \
28902 0,0,0,0,0,0, /* stack1, stack2 */ \
28904 @@ -440,12 +449,20 @@ static inline void release_segments(stru
28906 static inline unsigned long thread_saved_pc(struct thread_struct *t)
28908 - return ((unsigned long *)t->esp)[3];
28912 unsigned long get_wchan(struct task_struct *p);
28913 -#define KSTK_EIP(tsk) (((unsigned long *)(4096+(unsigned long)(tsk)))[1019])
28914 -#define KSTK_ESP(tsk) (((unsigned long *)(4096+(unsigned long)(tsk)))[1022])
28916 +#define task_pt_regs(task) \
28918 + struct pt_regs *__regs__; \
28919 + __regs__ = (struct pt_regs *)((task)->thread.esp0); \
28923 +#define KSTK_EIP(tsk) (task_pt_regs(tsk)->eip)
28924 +#define KSTK_ESP(tsk) (task_pt_regs(tsk)->esp)
28926 #define THREAD_SIZE (2*PAGE_SIZE)
28927 #define alloc_task_struct() ((struct task_struct *) __get_free_pages(GFP_KERNEL,1))
28928 diff -urNp linux-2.4.37.7/include/asm-i386/segment.h linux-2.4.37.7/include/asm-i386/segment.h
28929 --- linux-2.4.37.7/include/asm-i386/segment.h 2009-11-07 11:52:20.000000000 -0500
28930 +++ linux-2.4.37.7/include/asm-i386/segment.h 2009-11-10 19:30:27.000000000 -0500
28932 #define __USER_CS 0x23
28933 #define __USER_DS 0x2B
28935 +#define __PCIBIOS_CS 0x30
28936 +#define __PCIBIOS_DS 0x38
28939 diff -urNp linux-2.4.37.7/include/asm-i386/system.h linux-2.4.37.7/include/asm-i386/system.h
28940 --- linux-2.4.37.7/include/asm-i386/system.h 2009-11-07 11:52:20.000000000 -0500
28941 +++ linux-2.4.37.7/include/asm-i386/system.h 2009-11-10 19:30:27.000000000 -0500
28943 struct task_struct; /* one of the stranger aspects of C forward declarations.. */
28944 extern void FASTCALL(__switch_to(struct task_struct *prev, struct task_struct *next));
28946 +void pax_switch_segments(struct task_struct *);
28948 #define prepare_to_switch() do { } while(0)
28949 #define switch_to(prev,next,last) do { \
28950 asm volatile("pushl %%esi\n\t" \
28951 diff -urNp linux-2.4.37.7/include/asm-i386/uaccess.h linux-2.4.37.7/include/asm-i386/uaccess.h
28952 --- linux-2.4.37.7/include/asm-i386/uaccess.h 2009-11-07 11:52:20.000000000 -0500
28953 +++ linux-2.4.37.7/include/asm-i386/uaccess.h 2009-11-10 19:30:27.000000000 -0500
28955 #include <linux/sched.h>
28956 #include <linux/prefetch.h>
28957 #include <asm/page.h>
28958 +#include <asm/segment.h>
28960 #define VERIFY_READ 0
28961 #define VERIFY_WRITE 1
28962 @@ -277,9 +278,12 @@ extern void __put_user_bad(void);
28964 #define __put_user_u64(x, addr, err) \
28965 __asm__ __volatile__( \
28966 - "1: movl %%eax,0(%2)\n" \
28967 - "2: movl %%edx,4(%2)\n" \
28968 + " movw %w5,%%ds\n" \
28969 + "1: movl %%eax,%%ds:0(%2)\n" \
28970 + "2: movl %%edx,%%ds:4(%2)\n" \
28972 + " pushl %%ss\n" \
28974 ".section .fixup,\"ax\"\n" \
28975 "4: movl %3,%0\n" \
28977 @@ -290,7 +294,8 @@ extern void __put_user_bad(void);
28981 - : "A" (x), "r" (addr), "i"(-EFAULT), "0"(err))
28982 + : "A" (x), "r" (addr), "i"(-EFAULT), "0"(err), \
28985 #define __put_user_size(x,ptr,size,retval) \
28987 @@ -314,8 +319,11 @@ struct __large_struct { unsigned long bu
28989 #define __put_user_asm(x, addr, err, itype, rtype, ltype) \
28990 __asm__ __volatile__( \
28991 - "1: mov"itype" %"rtype"1,%2\n" \
28992 + " movw %w5,%%ds\n" \
28993 + "1: mov"itype" %"rtype"1,%%ds:%2\n" \
28995 + " pushl %%ss\n" \
28997 ".section .fixup,\"ax\"\n" \
28998 "3: movl %3,%0\n" \
29000 @@ -325,7 +333,8 @@ struct __large_struct { unsigned long bu
29004 - : ltype (x), "m"(__m(addr)), "i"(-EFAULT), "0"(err))
29005 + : ltype (x), "m"(__m(addr)), "i"(-EFAULT), "0"(err), \
29009 #define __get_user_nocheck(x,ptr,size) \
29010 @@ -351,8 +360,11 @@ do { \
29012 #define __get_user_asm(x, addr, err, itype, rtype, ltype) \
29013 __asm__ __volatile__( \
29014 - "1: mov"itype" %2,%"rtype"1\n" \
29015 + " movw %w5,%%ds\n" \
29016 + "1: mov"itype" %%ds:%2,%"rtype"1\n" \
29018 + " pushl %%ss\n" \
29020 ".section .fixup,\"ax\"\n" \
29021 "3: movl %3,%0\n" \
29022 " xor"itype" %"rtype"1,%"rtype"1\n" \
29023 @@ -363,7 +375,7 @@ do { \
29026 : "=r"(err), ltype (x) \
29027 - : "m"(__m(addr)), "i"(-EFAULT), "0"(err))
29028 + : "m"(__m(addr)), "i"(-EFAULT), "0"(err), "r"(__USER_DS))
29032 @@ -375,10 +387,13 @@ do { \
29035 __asm__ __volatile__( \
29036 + " movw %w7,%%es\n" \
29037 "0: rep; movsl\n" \
29039 "1: rep; movsb\n" \
29041 + " pushl %%ss\n" \
29043 ".section .fixup,\"ax\"\n" \
29044 "3: lea 0(%3,%0,4),%0\n" \
29046 @@ -389,7 +404,8 @@ do { \
29049 : "=&c"(size), "=&D" (__d0), "=&S" (__d1) \
29050 - : "r"(size & 3), "0"(size / 4), "1"(to), "2"(from) \
29051 + : "r"(size & 3), "0"(size / 4), "1"(to), "2"(from), \
29056 @@ -397,10 +413,13 @@ do { \
29059 __asm__ __volatile__( \
29060 + " movw %w7,%%ds\n" \
29061 "0: rep; movsl\n" \
29063 "1: rep; movsb\n" \
29065 + " pushl %%ss\n" \
29067 ".section .fixup,\"ax\"\n" \
29068 "3: lea 0(%3,%0,4),%0\n" \
29070 @@ -417,7 +436,8 @@ do { \
29073 : "=&c"(size), "=&D" (__d0), "=&S" (__d1) \
29074 - : "r"(size & 3), "0"(size / 4), "1"(to), "2"(from) \
29075 + : "r"(size & 3), "0"(size / 4), "1"(to), "2"(from), \
29080 @@ -446,8 +466,11 @@ do { \
29081 switch (size & 3) { \
29083 __asm__ __volatile__( \
29084 + " movw %w6,%%es\n" \
29085 "0: rep; movsl\n" \
29087 + " pushl %%ss\n" \
29089 ".section .fixup,\"ax\"\n" \
29092 @@ -457,14 +480,18 @@ do { \
29095 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29096 - : "1"(from), "2"(to), "0"(size/4) \
29097 + : "1"(from), "2"(to), "0"(size/4), \
29102 __asm__ __volatile__( \
29103 + " movw %w6,%%es\n" \
29104 "0: rep; movsl\n" \
29107 + " pushl %%ss\n" \
29109 ".section .fixup,\"ax\"\n" \
29112 @@ -476,14 +503,18 @@ do { \
29115 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29116 - : "1"(from), "2"(to), "0"(size/4) \
29117 + : "1"(from), "2"(to), "0"(size/4), \
29122 __asm__ __volatile__( \
29123 + " movw %w6,%%es\n" \
29124 "0: rep; movsl\n" \
29127 + " pushl %%ss\n" \
29129 ".section .fixup,\"ax\"\n" \
29131 "4: addl $2,%0\n" \
29132 @@ -495,15 +526,19 @@ do { \
29135 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29136 - : "1"(from), "2"(to), "0"(size/4) \
29137 + : "1"(from), "2"(to), "0"(size/4), \
29142 __asm__ __volatile__( \
29143 + " movw %w6,%%es\n" \
29144 "0: rep; movsl\n" \
29148 + " pushl %%ss\n" \
29150 ".section .fixup,\"ax\"\n" \
29152 "5: addl $2,%0\n" \
29153 @@ -517,7 +552,8 @@ do { \
29156 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29157 - : "1"(from), "2"(to), "0"(size/4) \
29158 + : "1"(from), "2"(to), "0"(size/4), \
29163 @@ -530,8 +566,11 @@ do { \
29164 switch (size & 3) { \
29166 __asm__ __volatile__( \
29167 + " movw %w6,%%ds\n" \
29168 "0: rep; movsl\n" \
29170 + " pushl %%ss\n" \
29172 ".section .fixup,\"ax\"\n" \
29175 @@ -547,14 +586,18 @@ do { \
29178 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29179 - : "1"(from), "2"(to), "0"(size/4) \
29180 + : "1"(from), "2"(to), "0"(size/4), \
29185 __asm__ __volatile__( \
29186 + " movw %w6,%%ds\n" \
29187 "0: rep; movsl\n" \
29190 + " pushl %%ss\n" \
29192 ".section .fixup,\"ax\"\n" \
29195 @@ -579,14 +622,18 @@ do { \
29198 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29199 - : "1"(from), "2"(to), "0"(size/4) \
29200 + : "1"(from), "2"(to), "0"(size/4), \
29205 __asm__ __volatile__( \
29206 + " movw %w6,%%ds\n" \
29207 "0: rep; movsl\n" \
29210 + " pushl %%ss\n" \
29212 ".section .fixup,\"ax\"\n" \
29215 @@ -611,15 +658,19 @@ do { \
29218 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29219 - : "1"(from), "2"(to), "0"(size/4) \
29220 + : "1"(from), "2"(to), "0"(size/4), \
29225 __asm__ __volatile__( \
29226 + " movw %w6,%%ds\n" \
29227 "0: rep; movsl\n" \
29231 + " pushl %%ss\n" \
29233 ".section .fixup,\"ax\"\n" \
29236 @@ -653,7 +704,8 @@ do { \
29239 : "=c"(size), "=&S" (__d0), "=&D" (__d1)\
29240 - : "1"(from), "2"(to), "0"(size/4) \
29241 + : "1"(from), "2"(to), "0"(size/4), \
29246 diff -urNp linux-2.4.37.7/include/asm-ia64/elf.h linux-2.4.37.7/include/asm-ia64/elf.h
29247 --- linux-2.4.37.7/include/asm-ia64/elf.h 2009-11-07 11:52:20.000000000 -0500
29248 +++ linux-2.4.37.7/include/asm-ia64/elf.h 2009-11-10 19:30:27.000000000 -0500
29251 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000)
29253 +#ifdef CONFIG_PAX_ASLR
29254 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
29256 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
29257 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
29261 * We use (abuse?) this macro to insert the (empty) vm_area that is
29262 diff -urNp linux-2.4.37.7/include/asm-ia64/ia32.h linux-2.4.37.7/include/asm-ia64/ia32.h
29263 --- linux-2.4.37.7/include/asm-ia64/ia32.h 2009-11-07 11:52:20.000000000 -0500
29264 +++ linux-2.4.37.7/include/asm-ia64/ia32.h 2009-11-10 19:30:27.000000000 -0500
29265 @@ -367,7 +367,14 @@ struct old_linux32_dirent {
29266 #define ELF_ARCH EM_386
29268 #define IA32_PAGE_OFFSET 0xc0000000
29269 -#define IA32_STACK_TOP IA32_PAGE_OFFSET
29271 +#ifdef CONFIG_PAX_RANDUSTACK
29272 +#define __IA32_DELTA_STACK (current->mm->delta_stack)
29274 +#define __IA32_DELTA_STACK 0UL
29277 +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
29280 * The system segments (GDT, TSS, LDT) have to be mapped below 4GB so the IA-32 engine can
29281 diff -urNp linux-2.4.37.7/include/asm-ia64/kmap_types.h linux-2.4.37.7/include/asm-ia64/kmap_types.h
29282 --- linux-2.4.37.7/include/asm-ia64/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29283 +++ linux-2.4.37.7/include/asm-ia64/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29284 @@ -23,7 +23,8 @@ D(9) KM_IRQ0,
29289 +D(13) KM_CLEARPAGE,
29294 diff -urNp linux-2.4.37.7/include/asm-ia64/page.h linux-2.4.37.7/include/asm-ia64/page.h
29295 --- linux-2.4.37.7/include/asm-ia64/page.h 2009-11-07 11:52:20.000000000 -0500
29296 +++ linux-2.4.37.7/include/asm-ia64/page.h 2009-11-10 19:30:27.000000000 -0500
29297 @@ -190,4 +190,13 @@ get_order (unsigned long size)
29298 (((current->thread.flags & IA64_THREAD_XSTACK) != 0) \
29301 +#ifdef CONFIG_PAX_PAGEEXEC
29302 +#ifdef CONFIG_PAX_MPROTECT
29303 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29304 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29306 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29310 #endif /* _ASM_IA64_PAGE_H */
29311 diff -urNp linux-2.4.37.7/include/asm-ia64/pgtable.h linux-2.4.37.7/include/asm-ia64/pgtable.h
29312 --- linux-2.4.37.7/include/asm-ia64/pgtable.h 2009-11-07 11:52:20.000000000 -0500
29313 +++ linux-2.4.37.7/include/asm-ia64/pgtable.h 2009-11-10 19:30:27.000000000 -0500
29314 @@ -115,6 +115,17 @@
29315 #define PAGE_SHARED __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
29316 #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
29317 #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
29319 +#ifdef CONFIG_PAX_PAGEEXEC
29320 +# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
29321 +# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
29322 +# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
29324 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
29325 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
29326 +# define PAGE_COPY_NOEXEC PAGE_COPY
29329 #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
29330 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
29331 #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
29332 diff -urNp linux-2.4.37.7/include/asm-ia64/ustack.h linux-2.4.37.7/include/asm-ia64/ustack.h
29333 --- linux-2.4.37.7/include/asm-ia64/ustack.h 2009-11-07 11:52:20.000000000 -0500
29334 +++ linux-2.4.37.7/include/asm-ia64/ustack.h 2009-11-10 19:30:27.000000000 -0500
29336 #define MAX_USER_STACK_SIZE (RGN_MAP_LIMIT/2)
29337 /* Make a default stack size of 2GB */
29338 #define DEFAULT_USER_STACK_SIZE (1UL << 31)
29339 -#define STACK_TOP (0x6000000000000000UL + RGN_MAP_LIMIT)
29340 +#define __STACK_TOP (0x6000000000000000UL + RGN_MAP_LIMIT)
29342 #endif /* _ASM_IA64_USTACK_H */
29343 diff -urNp linux-2.4.37.7/include/asm-m68k/kmap_types.h linux-2.4.37.7/include/asm-m68k/kmap_types.h
29344 --- linux-2.4.37.7/include/asm-m68k/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29345 +++ linux-2.4.37.7/include/asm-m68k/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29346 @@ -11,6 +11,7 @@ enum km_type {
29354 diff -urNp linux-2.4.37.7/include/asm-mips/a.out.h linux-2.4.37.7/include/asm-mips/a.out.h
29355 --- linux-2.4.37.7/include/asm-mips/a.out.h 2009-11-07 11:52:20.000000000 -0500
29356 +++ linux-2.4.37.7/include/asm-mips/a.out.h 2009-11-10 19:30:27.000000000 -0500
29357 @@ -19,7 +19,7 @@ struct exec
29361 -#define STACK_TOP TASK_SIZE
29362 +#define __STACK_TOP TASK_SIZE
29366 diff -urNp linux-2.4.37.7/include/asm-mips/elf.h linux-2.4.37.7/include/asm-mips/elf.h
29367 --- linux-2.4.37.7/include/asm-mips/elf.h 2009-11-07 11:52:20.000000000 -0500
29368 +++ linux-2.4.37.7/include/asm-mips/elf.h 2009-11-10 19:30:27.000000000 -0500
29369 @@ -107,6 +107,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
29371 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
29373 +#ifdef CONFIG_PAX_ASLR
29374 +#define PAX_ELF_ET_DYN_BASE 0x00400000UL
29376 +#define PAX_DELTA_MMAP_LEN (27 - PAGE_SHIFT)
29377 +#define PAX_DELTA_STACK_LEN (27 - PAGE_SHIFT)
29381 #define SET_PERSONALITY(ex, ibcs2) set_personality((ibcs2)?PER_SVR4:PER_LINUX)
29383 diff -urNp linux-2.4.37.7/include/asm-mips/kmap_types.h linux-2.4.37.7/include/asm-mips/kmap_types.h
29384 --- linux-2.4.37.7/include/asm-mips/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29385 +++ linux-2.4.37.7/include/asm-mips/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29386 @@ -10,6 +10,7 @@ enum km_type {
29394 diff -urNp linux-2.4.37.7/include/asm-mips/page.h linux-2.4.37.7/include/asm-mips/page.h
29395 --- linux-2.4.37.7/include/asm-mips/page.h 2009-11-07 11:52:20.000000000 -0500
29396 +++ linux-2.4.37.7/include/asm-mips/page.h 2009-11-10 19:30:27.000000000 -0500
29397 @@ -77,7 +77,7 @@ static inline void copy_user_page(void *
29398 #ifdef CONFIG_CPU_MIPS32
29399 typedef struct { unsigned long pte_low, pte_high; } pte_t;
29400 #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
29401 - #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
29402 + #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
29404 typedef struct { unsigned long long pte_low; } pte_t;
29405 #define pte_val(x) ((x).pte_low)
29406 @@ -137,6 +137,15 @@ static __inline__ int get_order(unsigned
29407 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29408 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29410 +#ifdef CONFIG_PAX_PAGEEXEC
29411 +#ifdef CONFIG_PAX_MPROTECT
29412 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29413 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29415 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29419 #define UNCAC_ADDR(addr) ((addr) - PAGE_OFFSET + UNCAC_BASE)
29420 #define CAC_ADDR(addr) ((addr) - UNCAC_BASE + PAGE_OFFSET)
29422 diff -urNp linux-2.4.37.7/include/asm-mips64/a.out.h linux-2.4.37.7/include/asm-mips64/a.out.h
29423 --- linux-2.4.37.7/include/asm-mips64/a.out.h 2009-11-07 11:52:20.000000000 -0500
29424 +++ linux-2.4.37.7/include/asm-mips64/a.out.h 2009-11-10 19:30:27.000000000 -0500
29425 @@ -26,7 +26,7 @@ struct exec
29429 -#define STACK_TOP (current->thread.mflags & MF_32BIT_ADDR ? TASK_SIZE32 : TASK_SIZE)
29430 +#define __STACK_TOP (current->thread.mflags & MF_32BIT_ADDR ? TASK_SIZE32 : TASK_SIZE)
29434 diff -urNp linux-2.4.37.7/include/asm-mips64/elf.h linux-2.4.37.7/include/asm-mips64/elf.h
29435 --- linux-2.4.37.7/include/asm-mips64/elf.h 2009-11-07 11:52:20.000000000 -0500
29436 +++ linux-2.4.37.7/include/asm-mips64/elf.h 2009-11-10 19:30:27.000000000 -0500
29437 @@ -107,6 +107,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
29438 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
29441 +#ifdef CONFIG_PAX_ASLR
29442 +#define PAX_ELF_ET_DYN_BASE ((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
29444 +#define PAX_DELTA_MMAP_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
29445 +#define PAX_DELTA_STACK_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
29449 #define SET_PERSONALITY(ex, ibcs2) \
29450 do { current->thread.mflags &= ~MF_ABI_MASK; \
29451 diff -urNp linux-2.4.37.7/include/asm-mips64/kmap_types.h linux-2.4.37.7/include/asm-mips64/kmap_types.h
29452 --- linux-2.4.37.7/include/asm-mips64/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29453 +++ linux-2.4.37.7/include/asm-mips64/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29454 @@ -10,6 +10,7 @@ enum km_type {
29462 diff -urNp linux-2.4.37.7/include/asm-mips64/page.h linux-2.4.37.7/include/asm-mips64/page.h
29463 --- linux-2.4.37.7/include/asm-mips64/page.h 2009-11-07 11:52:20.000000000 -0500
29464 +++ linux-2.4.37.7/include/asm-mips64/page.h 2009-11-10 19:30:27.000000000 -0500
29465 @@ -148,6 +148,15 @@ static __inline__ int get_order(unsigned
29466 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29467 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29469 +#ifdef CONFIG_PAX_PAGEEXEC
29470 +#ifdef CONFIG_PAX_MPROTECT
29471 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29472 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29474 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29478 #endif /* defined (__KERNEL__) */
29480 #endif /* _ASM_PAGE_H */
29481 diff -urNp linux-2.4.37.7/include/asm-parisc/a.out.h linux-2.4.37.7/include/asm-parisc/a.out.h
29482 --- linux-2.4.37.7/include/asm-parisc/a.out.h 2009-11-07 11:52:20.000000000 -0500
29483 +++ linux-2.4.37.7/include/asm-parisc/a.out.h 2009-11-10 19:30:27.000000000 -0500
29484 @@ -22,7 +22,7 @@ struct exec
29485 /* XXX: STACK_TOP actually should be STACK_BOTTOM for parisc.
29488 -#define STACK_TOP TASK_SIZE
29489 +#define __STACK_TOP TASK_SIZE
29493 diff -urNp linux-2.4.37.7/include/asm-parisc/elf.h linux-2.4.37.7/include/asm-parisc/elf.h
29494 --- linux-2.4.37.7/include/asm-parisc/elf.h 2009-11-07 11:52:20.000000000 -0500
29495 +++ linux-2.4.37.7/include/asm-parisc/elf.h 2009-11-10 19:30:27.000000000 -0500
29496 @@ -135,6 +135,13 @@ struct pt_regs; /* forward declaration..
29498 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
29500 +#ifdef CONFIG_PAX_ASLR
29501 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
29503 +#define PAX_DELTA_MMAP_LEN 16
29504 +#define PAX_DELTA_STACK_LEN 16
29507 /* This yields a mask that user programs can use to figure out what
29508 instruction set this CPU supports. This could be done in user space,
29509 but it's not easy, and we've already done it here. */
29510 diff -urNp linux-2.4.37.7/include/asm-parisc/page.h linux-2.4.37.7/include/asm-parisc/page.h
29511 --- linux-2.4.37.7/include/asm-parisc/page.h 2009-11-07 11:52:20.000000000 -0500
29512 +++ linux-2.4.37.7/include/asm-parisc/page.h 2009-11-10 19:30:27.000000000 -0500
29513 @@ -117,6 +117,15 @@ extern int npmem_ranges;
29514 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29515 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29517 +#ifdef CONFIG_PAX_PAGEEXEC
29518 +#ifdef CONFIG_PAX_MPROTECT
29519 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29520 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29522 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29526 #endif /* __KERNEL__ */
29528 #endif /* _PARISC_PAGE_H */
29529 diff -urNp linux-2.4.37.7/include/asm-parisc/pgtable.h linux-2.4.37.7/include/asm-parisc/pgtable.h
29530 --- linux-2.4.37.7/include/asm-parisc/pgtable.h 2009-11-07 11:52:20.000000000 -0500
29531 +++ linux-2.4.37.7/include/asm-parisc/pgtable.h 2009-11-10 19:30:27.000000000 -0500
29532 @@ -167,6 +167,17 @@ extern void *vmalloc_start;
29533 #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
29534 #define PAGE_COPY PAGE_EXECREAD
29535 #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
29537 +#ifdef CONFIG_PAX_PAGEEXEC
29538 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
29539 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
29540 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
29542 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
29543 +# define PAGE_COPY_NOEXEC PAGE_COPY
29544 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
29547 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
29548 #define PAGE_KERNEL_RO __pgprot(_PAGE_PRESENT | _PAGE_EXEC | _PAGE_READ | _PAGE_DIRTY | _PAGE_ACCESSED)
29549 #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
29550 diff -urNp linux-2.4.37.7/include/asm-ppc/a.out.h linux-2.4.37.7/include/asm-ppc/a.out.h
29551 --- linux-2.4.37.7/include/asm-ppc/a.out.h 2009-11-07 11:52:20.000000000 -0500
29552 +++ linux-2.4.37.7/include/asm-ppc/a.out.h 2009-11-10 19:30:27.000000000 -0500
29554 #define __PPC_A_OUT_H__
29556 /* grabbed from the intel stuff */
29557 -#define STACK_TOP TASK_SIZE
29558 +#define __STACK_TOP TASK_SIZE
29562 diff -urNp linux-2.4.37.7/include/asm-ppc/elf.h linux-2.4.37.7/include/asm-ppc/elf.h
29563 --- linux-2.4.37.7/include/asm-ppc/elf.h 2009-11-07 11:52:20.000000000 -0500
29564 +++ linux-2.4.37.7/include/asm-ppc/elf.h 2009-11-10 19:30:27.000000000 -0500
29565 @@ -46,6 +46,13 @@ typedef elf_vrreg_t elf_vrregset_t[ELF_N
29567 #define ELF_ET_DYN_BASE (0x08000000)
29569 +#ifdef CONFIG_PAX_ASLR
29570 +#define PAX_ELF_ET_DYN_BASE 0x10000000UL
29572 +#define PAX_DELTA_MMAP_LEN 15
29573 +#define PAX_DELTA_STACK_LEN 15
29576 #define USE_ELF_CORE_DUMP
29577 #define ELF_EXEC_PAGESIZE 4096
29579 diff -urNp linux-2.4.37.7/include/asm-ppc/kmap_types.h linux-2.4.37.7/include/asm-ppc/kmap_types.h
29580 --- linux-2.4.37.7/include/asm-ppc/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29581 +++ linux-2.4.37.7/include/asm-ppc/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29582 @@ -11,6 +11,7 @@ enum km_type {
29590 diff -urNp linux-2.4.37.7/include/asm-ppc/page.h linux-2.4.37.7/include/asm-ppc/page.h
29591 --- linux-2.4.37.7/include/asm-ppc/page.h 2009-11-07 11:52:20.000000000 -0500
29592 +++ linux-2.4.37.7/include/asm-ppc/page.h 2009-11-10 19:30:27.000000000 -0500
29593 @@ -171,5 +171,14 @@ extern __inline__ int get_order(unsigned
29594 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29595 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29597 +#ifdef CONFIG_PAX_PAGEEXEC
29598 +#ifdef CONFIG_PAX_MPROTECT
29599 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29600 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29602 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29606 #endif /* __KERNEL__ */
29607 #endif /* _PPC_PAGE_H */
29608 diff -urNp linux-2.4.37.7/include/asm-ppc/pgtable.h linux-2.4.37.7/include/asm-ppc/pgtable.h
29609 --- linux-2.4.37.7/include/asm-ppc/pgtable.h 2009-11-07 11:52:20.000000000 -0500
29610 +++ linux-2.4.37.7/include/asm-ppc/pgtable.h 2009-11-10 19:30:27.000000000 -0500
29611 @@ -394,11 +394,21 @@ extern unsigned long vmalloc_start;
29613 #define PAGE_NONE __pgprot(_PAGE_BASE)
29614 #define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER)
29615 -#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
29616 +#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
29617 #define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW)
29618 -#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC)
29619 +#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC | _PAGE_HWEXEC)
29620 #define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER)
29621 -#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
29622 +#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
29624 +#if defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_40x) && !defined(CONFIG_44x)
29625 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_GUARDED)
29626 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_GUARDED)
29627 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_GUARDED)
29629 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
29630 +# define PAGE_COPY_NOEXEC PAGE_COPY
29631 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
29634 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
29635 #define PAGE_KERNEL_RO __pgprot(_PAGE_BASE | _PAGE_SHARED)
29636 @@ -411,21 +421,21 @@ extern unsigned long vmalloc_start;
29637 * This is the closest we can get..
29639 #define __P000 PAGE_NONE
29640 -#define __P001 PAGE_READONLY_X
29641 -#define __P010 PAGE_COPY
29642 -#define __P011 PAGE_COPY_X
29643 -#define __P100 PAGE_READONLY
29644 +#define __P001 PAGE_READONLY_NOEXEC
29645 +#define __P010 PAGE_COPY_NOEXEC
29646 +#define __P011 PAGE_COPY_NOEXEC
29647 +#define __P100 PAGE_READONLY_X
29648 #define __P101 PAGE_READONLY_X
29649 -#define __P110 PAGE_COPY
29650 +#define __P110 PAGE_COPY_X
29651 #define __P111 PAGE_COPY_X
29653 #define __S000 PAGE_NONE
29654 -#define __S001 PAGE_READONLY_X
29655 -#define __S010 PAGE_SHARED
29656 -#define __S011 PAGE_SHARED_X
29657 -#define __S100 PAGE_READONLY
29658 +#define __S001 PAGE_READONLY_NOEXEC
29659 +#define __S010 PAGE_SHARED_NOEXEC
29660 +#define __S011 PAGE_SHARED_NOEXEC
29661 +#define __S100 PAGE_READONLY_X
29662 #define __S101 PAGE_READONLY_X
29663 -#define __S110 PAGE_SHARED
29664 +#define __S110 PAGE_SHARED_X
29665 #define __S111 PAGE_SHARED_X
29667 #ifndef __ASSEMBLY__
29668 diff -urNp linux-2.4.37.7/include/asm-ppc64/kmap_types.h linux-2.4.37.7/include/asm-ppc64/kmap_types.h
29669 --- linux-2.4.37.7/include/asm-ppc64/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29670 +++ linux-2.4.37.7/include/asm-ppc64/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29671 @@ -15,7 +15,8 @@ enum km_type {
29681 diff -urNp linux-2.4.37.7/include/asm-s390/kmap_types.h linux-2.4.37.7/include/asm-s390/kmap_types.h
29682 --- linux-2.4.37.7/include/asm-s390/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29683 +++ linux-2.4.37.7/include/asm-s390/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29684 @@ -10,6 +10,7 @@ enum km_type {
29692 diff -urNp linux-2.4.37.7/include/asm-s390x/kmap_types.h linux-2.4.37.7/include/asm-s390x/kmap_types.h
29693 --- linux-2.4.37.7/include/asm-s390x/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29694 +++ linux-2.4.37.7/include/asm-s390x/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29695 @@ -10,6 +10,7 @@ enum km_type {
29703 diff -urNp linux-2.4.37.7/include/asm-sparc/a.out.h linux-2.4.37.7/include/asm-sparc/a.out.h
29704 --- linux-2.4.37.7/include/asm-sparc/a.out.h 2009-11-07 11:52:20.000000000 -0500
29705 +++ linux-2.4.37.7/include/asm-sparc/a.out.h 2009-11-10 19:30:27.000000000 -0500
29706 @@ -91,7 +91,7 @@ struct relocation_info /* used when head
29708 #include <asm/page.h>
29710 -#define STACK_TOP (PAGE_OFFSET - PAGE_SIZE)
29711 +#define __STACK_TOP (PAGE_OFFSET - PAGE_SIZE)
29713 #endif /* __KERNEL__ */
29715 diff -urNp linux-2.4.37.7/include/asm-sparc/elf.h linux-2.4.37.7/include/asm-sparc/elf.h
29716 --- linux-2.4.37.7/include/asm-sparc/elf.h 2009-11-07 11:52:20.000000000 -0500
29717 +++ linux-2.4.37.7/include/asm-sparc/elf.h 2009-11-10 19:30:27.000000000 -0500
29718 @@ -83,6 +83,13 @@ typedef struct {
29720 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE)
29722 +#ifdef CONFIG_PAX_ASLR
29723 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
29725 +#define PAX_DELTA_MMAP_LEN 16
29726 +#define PAX_DELTA_STACK_LEN 16
29729 /* This yields a mask that user programs can use to figure out what
29730 instruction set this cpu supports. This can NOT be done in userspace
29732 diff -urNp linux-2.4.37.7/include/asm-sparc/kmap_types.h linux-2.4.37.7/include/asm-sparc/kmap_types.h
29733 --- linux-2.4.37.7/include/asm-sparc/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29734 +++ linux-2.4.37.7/include/asm-sparc/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29735 @@ -10,6 +10,7 @@ enum km_type {
29743 diff -urNp linux-2.4.37.7/include/asm-sparc/page.h linux-2.4.37.7/include/asm-sparc/page.h
29744 --- linux-2.4.37.7/include/asm-sparc/page.h 2009-11-07 11:52:20.000000000 -0500
29745 +++ linux-2.4.37.7/include/asm-sparc/page.h 2009-11-10 19:30:27.000000000 -0500
29746 @@ -182,6 +182,15 @@ extern __inline__ int get_order(unsigned
29747 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29748 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29750 +#ifdef CONFIG_PAX_PAGEEXEC
29751 +#ifdef CONFIG_PAX_MPROTECT
29752 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29753 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29755 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29759 #endif /* __KERNEL__ */
29761 #endif /* _SPARC_PAGE_H */
29762 diff -urNp linux-2.4.37.7/include/asm-sparc/pgtable.h linux-2.4.37.7/include/asm-sparc/pgtable.h
29763 --- linux-2.4.37.7/include/asm-sparc/pgtable.h 2009-11-07 11:52:20.000000000 -0500
29764 +++ linux-2.4.37.7/include/asm-sparc/pgtable.h 2009-11-10 19:30:27.000000000 -0500
29765 @@ -97,6 +97,13 @@ BTFIXUPDEF_INT(page_none)
29766 BTFIXUPDEF_INT(page_shared)
29767 BTFIXUPDEF_INT(page_copy)
29768 BTFIXUPDEF_INT(page_readonly)
29770 +#ifdef CONFIG_PAX_PAGEEXEC
29771 +BTFIXUPDEF_INT(page_shared_noexec)
29772 +BTFIXUPDEF_INT(page_copy_noexec)
29773 +BTFIXUPDEF_INT(page_readonly_noexec)
29776 BTFIXUPDEF_INT(page_kernel)
29778 #define PMD_SHIFT BTFIXUP_SIMM13(pmd_shift)
29779 @@ -118,6 +125,16 @@ BTFIXUPDEF_INT(page_kernel)
29780 #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy))
29781 #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly))
29783 +#ifdef CONFIG_PAX_PAGEEXEC
29784 +# define PAGE_SHARED_NOEXEC __pgprot(BTFIXUP_INT(page_shared_noexec))
29785 +# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec))
29786 +# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec))
29788 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
29789 +# define PAGE_COPY_NOEXEC PAGE_COPY
29790 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
29793 extern unsigned long page_kernel;
29796 diff -urNp linux-2.4.37.7/include/asm-sparc/pgtsrmmu.h linux-2.4.37.7/include/asm-sparc/pgtsrmmu.h
29797 --- linux-2.4.37.7/include/asm-sparc/pgtsrmmu.h 2009-11-07 11:52:20.000000000 -0500
29798 +++ linux-2.4.37.7/include/asm-sparc/pgtsrmmu.h 2009-11-10 19:30:27.000000000 -0500
29800 SRMMU_EXEC | SRMMU_REF)
29801 #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \
29802 SRMMU_EXEC | SRMMU_REF)
29804 +#ifdef CONFIG_PAX_PAGEEXEC
29805 +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | \
29806 + SRMMU_WRITE | SRMMU_REF)
29807 +#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | \
29809 +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | \
29813 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
29814 SRMMU_DIRTY | SRMMU_REF)
29816 diff -urNp linux-2.4.37.7/include/asm-sparc/uaccess.h linux-2.4.37.7/include/asm-sparc/uaccess.h
29817 --- linux-2.4.37.7/include/asm-sparc/uaccess.h 2009-11-07 11:52:20.000000000 -0500
29818 +++ linux-2.4.37.7/include/asm-sparc/uaccess.h 2009-11-10 19:30:27.000000000 -0500
29820 * No one can read/write anything from userland in the kernel space by setting
29821 * large size and address near to PAGE_OFFSET - a fault will break his intentions.
29823 -#define __user_ok(addr,size) ((addr) < STACK_TOP)
29824 +#define __user_ok(addr,size) ((addr) < __STACK_TOP)
29825 #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
29826 #define __access_ok(addr,size) (__user_ok((addr) & get_fs().seg,(size)))
29827 #define access_ok(type,addr,size) __access_ok((unsigned long)(addr),(size))
29828 diff -urNp linux-2.4.37.7/include/asm-sparc64/a.out.h linux-2.4.37.7/include/asm-sparc64/a.out.h
29829 --- linux-2.4.37.7/include/asm-sparc64/a.out.h 2009-11-07 11:52:20.000000000 -0500
29830 +++ linux-2.4.37.7/include/asm-sparc64/a.out.h 2009-11-10 19:30:27.000000000 -0500
29831 @@ -95,7 +95,7 @@ struct relocation_info /* used when head
29835 -#define STACK_TOP (current->thread.flags & SPARC_FLAG_32BIT ? 0xf0000000 : 0x80000000000L)
29836 +#define __STACK_TOP (current->thread.flags & SPARC_FLAG_32BIT ? 0xf0000000 : 0x80000000000L)
29840 diff -urNp linux-2.4.37.7/include/asm-sparc64/elf.h linux-2.4.37.7/include/asm-sparc64/elf.h
29841 --- linux-2.4.37.7/include/asm-sparc64/elf.h 2009-11-07 11:52:20.000000000 -0500
29842 +++ linux-2.4.37.7/include/asm-sparc64/elf.h 2009-11-10 19:30:27.000000000 -0500
29843 @@ -82,6 +82,12 @@ typedef struct {
29844 #define ELF_ET_DYN_BASE 0x0000010000000000UL
29847 +#ifdef CONFIG_PAX_ASLR
29848 +#define PAX_ELF_ET_DYN_BASE (current->thread.flags & SPARC_FLAG_32BIT ? 0x10000UL : 0x100000UL)
29850 +#define PAX_DELTA_MMAP_LEN (current->thread.flags & SPARC_FLAG_32BIT ? 14 : 28 )
29851 +#define PAX_DELTA_STACK_LEN (current->thread.flags & SPARC_FLAG_32BIT ? 15 : 29 )
29854 /* This yields a mask that user programs can use to figure out what
29855 instruction set this cpu supports. */
29856 diff -urNp linux-2.4.37.7/include/asm-sparc64/kmap_types.h linux-2.4.37.7/include/asm-sparc64/kmap_types.h
29857 --- linux-2.4.37.7/include/asm-sparc64/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29858 +++ linux-2.4.37.7/include/asm-sparc64/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29859 @@ -14,6 +14,7 @@ enum km_type {
29867 diff -urNp linux-2.4.37.7/include/asm-sparc64/page.h linux-2.4.37.7/include/asm-sparc64/page.h
29868 --- linux-2.4.37.7/include/asm-sparc64/page.h 2009-11-07 11:52:20.000000000 -0500
29869 +++ linux-2.4.37.7/include/asm-sparc64/page.h 2009-11-10 19:30:27.000000000 -0500
29870 @@ -160,6 +160,15 @@ extern __inline__ int get_order(unsigned
29871 #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29872 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29874 +#ifdef CONFIG_PAX_PAGEEXEC
29875 +#ifdef CONFIG_PAX_MPROTECT
29876 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29877 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29879 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29883 #endif /* !(__KERNEL__) */
29885 #endif /* !(_SPARC64_PAGE_H) */
29886 diff -urNp linux-2.4.37.7/include/asm-x86_64/a.out.h linux-2.4.37.7/include/asm-x86_64/a.out.h
29887 --- linux-2.4.37.7/include/asm-x86_64/a.out.h 2009-11-07 11:52:20.000000000 -0500
29888 +++ linux-2.4.37.7/include/asm-x86_64/a.out.h 2009-11-10 19:30:27.000000000 -0500
29889 @@ -23,7 +23,7 @@ struct exec
29893 -#define STACK_TOP TASK_SIZE
29894 +#define __STACK_TOP TASK_SIZE
29898 diff -urNp linux-2.4.37.7/include/asm-x86_64/elf.h linux-2.4.37.7/include/asm-x86_64/elf.h
29899 --- linux-2.4.37.7/include/asm-x86_64/elf.h 2009-11-07 11:52:20.000000000 -0500
29900 +++ linux-2.4.37.7/include/asm-x86_64/elf.h 2009-11-10 19:30:27.000000000 -0500
29901 @@ -68,6 +68,13 @@ typedef struct user_fxsr_struct elf_fpxr
29903 #define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
29905 +#ifdef CONFIG_PAX_ASLR
29906 +#define PAX_ELF_ET_DYN_BASE (current->thread.flags & THREAD_IA32 ? 0x08048000UL : 0x400000UL)
29908 +#define PAX_DELTA_MMAP_LEN (current->thread.flags & THREAD_IA32 ? 16 : 24)
29909 +#define PAX_DELTA_STACK_LEN (current->thread.flags & THREAD_IA32 ? 16 : 24)
29912 /* regs is struct pt_regs, pr_reg is elf_gregset_t (which is
29913 now struct_user_regs, they are different). Assumes current is the process
29915 diff -urNp linux-2.4.37.7/include/asm-x86_64/kmap_types.h linux-2.4.37.7/include/asm-x86_64/kmap_types.h
29916 --- linux-2.4.37.7/include/asm-x86_64/kmap_types.h 2009-11-07 11:52:20.000000000 -0500
29917 +++ linux-2.4.37.7/include/asm-x86_64/kmap_types.h 2009-11-10 19:30:27.000000000 -0500
29918 @@ -9,6 +9,7 @@ enum km_type {
29926 diff -urNp linux-2.4.37.7/include/asm-x86_64/page.h linux-2.4.37.7/include/asm-x86_64/page.h
29927 --- linux-2.4.37.7/include/asm-x86_64/page.h 2009-11-07 11:52:20.000000000 -0500
29928 +++ linux-2.4.37.7/include/asm-x86_64/page.h 2009-11-10 19:30:27.000000000 -0500
29929 @@ -142,6 +142,16 @@ extern __inline__ int get_order(unsigned
29931 #define __VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
29932 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29934 +#ifdef CONFIG_PAX_PAGEEXEC
29935 +#define VM_DATA_DEFAULT_FLAGS __VM_DATA_DEFAULT_FLAGS
29936 +#ifdef CONFIG_PAX_MPROTECT
29937 +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \
29938 + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29940 +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC))
29943 #define __VM_STACK_FLAGS (VM_GROWSDOWN | VM_READ | VM_WRITE | VM_EXEC | \
29944 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
29946 @@ -149,6 +159,7 @@ extern __inline__ int get_order(unsigned
29947 ((current->thread.flags & THREAD_IA32) ? vm_data_default_flags32 : \
29948 vm_data_default_flags)
29949 #define VM_STACK_FLAGS vm_stack_flags
29952 #endif /* __KERNEL__ */
29954 diff -urNp linux-2.4.37.7/include/asm-x86_64/pgalloc.h linux-2.4.37.7/include/asm-x86_64/pgalloc.h
29955 --- linux-2.4.37.7/include/asm-x86_64/pgalloc.h 2009-11-07 11:52:20.000000000 -0500
29956 +++ linux-2.4.37.7/include/asm-x86_64/pgalloc.h 2009-11-10 19:30:27.000000000 -0500
29959 #define pmd_populate(mm, pmd, pte) \
29960 set_pmd(pmd, __pmd(_PAGE_TABLE | __pa(pte)))
29961 +#define pmd_populate_kernel(mm, pmd, pte) \
29962 + set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(pte)))
29963 #define pgd_populate(mm, pgd, pmd) \
29964 set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pmd)))
29966 diff -urNp linux-2.4.37.7/include/asm-x86_64/pgtable.h linux-2.4.37.7/include/asm-x86_64/pgtable.h
29967 --- linux-2.4.37.7/include/asm-x86_64/pgtable.h 2009-11-07 11:52:20.000000000 -0500
29968 +++ linux-2.4.37.7/include/asm-x86_64/pgtable.h 2009-11-10 19:30:27.000000000 -0500
29969 @@ -240,6 +240,8 @@ extern inline void pgd_clear (pgd_t * pg
29970 __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED)
29971 #define PAGE_EXECONLY PAGE_READONLY_EXEC
29973 +#define PAGE_READONLY_NOEXEC PAGE_READONLY
29975 #define PAGE_LARGE (_PAGE_PSE|_PAGE_PRESENT)
29977 #define __PAGE_KERNEL \
29978 diff -urNp linux-2.4.37.7/include/linux/affs_fs.h linux-2.4.37.7/include/linux/affs_fs.h
29979 --- linux-2.4.37.7/include/linux/affs_fs.h 2009-11-07 11:52:20.000000000 -0500
29980 +++ linux-2.4.37.7/include/linux/affs_fs.h 2009-11-10 19:30:27.000000000 -0500
29981 @@ -78,17 +78,17 @@ extern void affs_dir_truncate(struct i
29985 -extern struct inode_operations affs_file_inode_operations;
29986 -extern struct inode_operations affs_dir_inode_operations;
29987 -extern struct inode_operations affs_symlink_inode_operations;
29988 -extern struct file_operations affs_file_operations;
29989 -extern struct file_operations affs_file_operations_ofs;
29990 -extern struct file_operations affs_dir_operations;
29991 -extern struct address_space_operations affs_symlink_aops;
29992 -extern struct address_space_operations affs_aops;
29993 -extern struct address_space_operations affs_aops_ofs;
29994 +extern const struct inode_operations affs_file_inode_operations;
29995 +extern const struct inode_operations affs_dir_inode_operations;
29996 +extern const struct inode_operations affs_symlink_inode_operations;
29997 +extern const struct file_operations affs_file_operations;
29998 +extern const struct file_operations affs_file_operations_ofs;
29999 +extern const struct file_operations affs_dir_operations;
30000 +extern const struct address_space_operations affs_symlink_aops;
30001 +extern const struct address_space_operations affs_aops;
30002 +extern const struct address_space_operations affs_aops_ofs;
30004 -extern struct dentry_operations affs_dentry_operations;
30005 -extern struct dentry_operations affs_dentry_operations_intl;
30006 +extern const struct dentry_operations affs_dentry_operations;
30007 +extern const struct dentry_operations affs_dentry_operations_intl;
30010 diff -urNp linux-2.4.37.7/include/linux/a.out.h linux-2.4.37.7/include/linux/a.out.h
30011 --- linux-2.4.37.7/include/linux/a.out.h 2009-11-07 11:52:20.000000000 -0500
30012 +++ linux-2.4.37.7/include/linux/a.out.h 2009-11-10 19:30:27.000000000 -0500
30015 #include <asm/a.out.h>
30017 +#ifdef CONFIG_PAX_RANDUSTACK
30018 +#define __DELTA_STACK (current->mm->delta_stack)
30020 +#define __DELTA_STACK 0UL
30024 +#define STACK_TOP (__STACK_TOP - __DELTA_STACK)
30027 #endif /* __STRUCT_EXEC_OVERRIDE__ */
30029 /* these go in the N_MACHTYPE field */
30030 @@ -37,6 +47,14 @@ enum machine_type {
30031 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
30034 +/* Constants for the N_FLAGS field */
30035 +#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
30036 +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
30037 +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
30038 +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
30039 +/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
30040 +#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
30042 #if !defined (N_MAGIC)
30043 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
30045 diff -urNp linux-2.4.37.7/include/linux/bfs_fs.h linux-2.4.37.7/include/linux/bfs_fs.h
30046 --- linux-2.4.37.7/include/linux/bfs_fs.h 2009-11-07 11:52:20.000000000 -0500
30047 +++ linux-2.4.37.7/include/linux/bfs_fs.h 2009-11-10 19:30:27.000000000 -0500
30048 @@ -79,13 +79,13 @@ struct bfs_super_block {
30052 -extern struct inode_operations bfs_file_inops;
30053 -extern struct file_operations bfs_file_operations;
30054 -extern struct address_space_operations bfs_aops;
30055 +extern const struct inode_operations bfs_file_inops;
30056 +extern const struct file_operations bfs_file_operations;
30057 +extern const struct address_space_operations bfs_aops;
30060 -extern struct inode_operations bfs_dir_inops;
30061 -extern struct file_operations bfs_dir_operations;
30062 +extern const struct inode_operations bfs_dir_inops;
30063 +extern const struct file_operations bfs_dir_operations;
30065 #endif /* __KERNEL__ */
30066 #endif /* _LINUX_BFS_FS_H */
30067 diff -urNp linux-2.4.37.7/include/linux/binfmts.h linux-2.4.37.7/include/linux/binfmts.h
30068 --- linux-2.4.37.7/include/linux/binfmts.h 2009-11-07 11:52:20.000000000 -0500
30069 +++ linux-2.4.37.7/include/linux/binfmts.h 2009-11-10 19:30:27.000000000 -0500
30073 * MAX_ARG_PAGES defines the number of pages allocated for arguments
30074 - * and envelope for the new program. 32 should suffice, this gives
30075 - * a maximum env+arg of 128kB w/4KB pages!
30076 + * and envelope for the new program. 33 should suffice, this gives
30077 + * a maximum env+arg of 132kB w/4KB pages!
30079 -#define MAX_ARG_PAGES 32
30080 +#define MAX_ARG_PAGES 33
30082 /* sizeof(linux_binprm->buf) */
30083 #define BINPRM_BUF_SIZE 128
30084 @@ -30,6 +30,7 @@ struct linux_binprm{
30086 char * filename; /* Name of binary */
30087 unsigned long loader, exec;
30092 @@ -59,6 +60,8 @@ extern void compute_creds(struct linux_b
30093 extern int do_coredump(long signr, struct pt_regs * regs);
30094 extern void set_binfmt(struct linux_binfmt *new);
30096 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
30097 +void pax_report_insns(void *pc, void *sp);
30100 /* this went away now */
30101 diff -urNp linux-2.4.37.7/include/linux/coda_linux.h linux-2.4.37.7/include/linux/coda_linux.h
30102 --- linux-2.4.37.7/include/linux/coda_linux.h 2009-11-07 11:52:20.000000000 -0500
30103 +++ linux-2.4.37.7/include/linux/coda_linux.h 2009-11-10 19:30:27.000000000 -0500
30104 @@ -24,16 +24,16 @@
30105 #include <linux/coda_fs_i.h>
30108 -extern struct inode_operations coda_dir_inode_operations;
30109 -extern struct inode_operations coda_file_inode_operations;
30110 -extern struct inode_operations coda_ioctl_inode_operations;
30112 -extern struct address_space_operations coda_file_aops;
30113 -extern struct address_space_operations coda_symlink_aops;
30115 -extern struct file_operations coda_dir_operations;
30116 -extern struct file_operations coda_file_operations;
30117 -extern struct file_operations coda_ioctl_operations;
30118 +extern const struct inode_operations coda_dir_inode_operations;
30119 +extern const struct inode_operations coda_file_inode_operations;
30120 +extern const struct inode_operations coda_ioctl_inode_operations;
30122 +extern const struct address_space_operations coda_file_aops;
30123 +extern const struct address_space_operations coda_symlink_aops;
30125 +extern const struct file_operations coda_dir_operations;
30126 +extern const struct file_operations coda_file_operations;
30127 +extern const struct file_operations coda_ioctl_operations;
30129 /* operations shared over more than one file */
30130 int coda_open(struct inode *i, struct file *f);
30131 diff -urNp linux-2.4.37.7/include/linux/compiler.h linux-2.4.37.7/include/linux/compiler.h
30132 --- linux-2.4.37.7/include/linux/compiler.h 2009-11-07 11:52:20.000000000 -0500
30133 +++ linux-2.4.37.7/include/linux/compiler.h 2009-11-10 19:30:27.000000000 -0500
30139 +#ifdef __KERNEL___
30140 #if __GNUC__ > 4 || __GNUC__ == 4 && __GNUC_MINOR__ >= 2
30141 #error "GCC >= 4.2 miscompiles kernel 2.4, do not use it!"
30142 #error "While the resulting kernel may boot, you will encounter random bugs"
30143 diff -urNp linux-2.4.37.7/include/linux/dcache.h linux-2.4.37.7/include/linux/dcache.h
30144 --- linux-2.4.37.7/include/linux/dcache.h 2009-11-07 11:52:20.000000000 -0500
30145 +++ linux-2.4.37.7/include/linux/dcache.h 2009-11-10 19:30:27.000000000 -0500
30146 @@ -77,7 +77,7 @@ struct dentry {
30148 struct qstr d_name;
30149 unsigned long d_time; /* used by d_revalidate */
30150 - struct dentry_operations *d_op;
30151 + const struct dentry_operations *d_op;
30152 struct super_block * d_sb; /* The root of the dentry tree */
30153 unsigned long d_vfs_flags;
30154 void * d_fsdata; /* fs-specific data */
30155 diff -urNp linux-2.4.37.7/include/linux/devfs_fs_kernel.h linux-2.4.37.7/include/linux/devfs_fs_kernel.h
30156 --- linux-2.4.37.7/include/linux/devfs_fs_kernel.h 2009-11-07 11:52:20.000000000 -0500
30157 +++ linux-2.4.37.7/include/linux/devfs_fs_kernel.h 2009-11-10 19:30:27.000000000 -0500
30158 @@ -64,7 +64,7 @@ extern void devfs_put (devfs_handle_t de
30159 extern devfs_handle_t devfs_register (devfs_handle_t dir, const char *name,
30160 unsigned int flags,
30161 unsigned int major, unsigned int minor,
30162 - umode_t mode, void *ops, void *info);
30163 + umode_t mode, const void *ops, void *info);
30164 extern void devfs_unregister (devfs_handle_t de);
30165 extern int devfs_mk_symlink (devfs_handle_t dir, const char *name,
30166 unsigned int flags, const char *link,
30167 @@ -95,7 +95,7 @@ extern void devfs_auto_unregister (devfs
30168 extern devfs_handle_t devfs_get_unregister_slave (devfs_handle_t master);
30169 extern const char *devfs_get_name (devfs_handle_t de, unsigned int *namelen);
30170 extern int devfs_register_chrdev (unsigned int major, const char *name,
30171 - struct file_operations *fops);
30172 + const struct file_operations *fops);
30173 extern int devfs_register_blkdev (unsigned int major, const char *name,
30174 struct block_device_operations *bdops);
30175 extern int devfs_unregister_chrdev (unsigned int major, const char *name);
30176 @@ -106,7 +106,7 @@ extern void devfs_register_series (devfs
30177 unsigned int num_entries,
30178 unsigned int flags, unsigned int major,
30179 unsigned int minor_start,
30180 - umode_t mode, void *ops, void *info);
30181 + umode_t mode, const void *ops, void *info);
30182 extern int devfs_alloc_major (char type);
30183 extern void devfs_dealloc_major (char type, int major);
30184 extern kdev_t devfs_alloc_devnum (char type);
30185 @@ -136,7 +136,7 @@ static inline devfs_handle_t devfs_regis
30186 unsigned int major,
30187 unsigned int minor,
30189 - void *ops, void *info)
30190 + const void *ops, void *info)
30194 @@ -242,7 +242,7 @@ static inline const char *devfs_get_name
30197 static inline int devfs_register_chrdev (unsigned int major, const char *name,
30198 - struct file_operations *fops)
30199 + const struct file_operations *fops)
30201 return register_chrdev (major, name, fops);
30203 @@ -271,7 +271,7 @@ static inline void devfs_register_series
30204 unsigned int flags,
30205 unsigned int major,
30206 unsigned int minor_start,
30207 - umode_t mode, void *ops, void *info)
30208 + umode_t mode, const void *ops, void *info)
30212 diff -urNp linux-2.4.37.7/include/linux/efs_fs.h linux-2.4.37.7/include/linux/efs_fs.h
30213 --- linux-2.4.37.7/include/linux/efs_fs.h 2009-11-07 11:52:20.000000000 -0500
30214 +++ linux-2.4.37.7/include/linux/efs_fs.h 2009-11-10 19:30:27.000000000 -0500
30215 @@ -45,9 +45,9 @@ static const char cprt[] = "EFS: "EFS_VE
30216 #define SUPER_INFO(s) &((s)->u.efs_sb)
30219 -extern struct inode_operations efs_dir_inode_operations;
30220 -extern struct file_operations efs_dir_operations;
30221 -extern struct address_space_operations efs_symlink_aops;
30222 +extern const struct inode_operations efs_dir_inode_operations;
30223 +extern const struct file_operations efs_dir_operations;
30224 +extern const struct address_space_operations efs_symlink_aops;
30226 extern struct super_block *efs_read_super(struct super_block *, void *, int);
30227 extern int efs_statfs(struct super_block *, struct statfs *);
30228 diff -urNp linux-2.4.37.7/include/linux/elf.h linux-2.4.37.7/include/linux/elf.h
30229 --- linux-2.4.37.7/include/linux/elf.h 2009-11-07 11:52:20.000000000 -0500
30230 +++ linux-2.4.37.7/include/linux/elf.h 2009-11-10 19:30:27.000000000 -0500
30231 @@ -34,6 +34,10 @@ typedef __s64 Elf64_Sxword;
30232 #define PT_MIPS_REGINFO 0x70000000
30233 #define PT_MIPS_OPTIONS 0x70000001
30235 +#define PT_LOOS 0x60000000
30236 +#define PT_GNU_STACK (PT_LOOS + 0x474e551)
30237 +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580)
30239 /* Flags in the e_flags field of the header */
30240 #define EF_MIPS_NOREORDER 0x00000001
30241 #define EF_MIPS_PIC 0x00000002
30242 @@ -44,6 +48,14 @@ typedef __s64 Elf64_Sxword;
30243 #define EF_MIPS_ABI 0x0000f000
30244 #define EF_MIPS_ARCH 0xf0000000
30246 +/* Constants for the e_flags field */
30247 +#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
30248 +#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */
30249 +#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */
30250 +#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */
30251 +/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
30252 +#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
30254 /* These constants define the different elf file types */
30257 @@ -122,6 +134,8 @@ typedef __s64 Elf64_Sxword;
30258 #define DT_DEBUG 21
30259 #define DT_TEXTREL 22
30260 #define DT_JMPREL 23
30261 +#define DT_FLAGS 30
30262 + #define DF_TEXTREL 0x00000004
30263 #define DT_LOPROC 0x70000000
30264 #define DT_HIPROC 0x7fffffff
30265 #define DT_MIPS_RLD_VERSION 0x70000001
30266 @@ -458,6 +472,19 @@ typedef struct elf64_hdr {
30270 +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */
30271 +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */
30272 +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */
30273 +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */
30274 +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */
30275 +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */
30276 +/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */
30277 +/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */
30278 +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */
30279 +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */
30280 +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */
30281 +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */
30283 typedef struct elf32_phdr{
30285 Elf32_Off p_offset;
30286 @@ -555,6 +582,8 @@ typedef struct elf64_shdr {
30287 #define EI_VERSION 6
30292 #define ELFMAG0 0x7f /* EI_MAG */
30293 #define ELFMAG1 'E'
30294 #define ELFMAG2 'L'
30295 @@ -602,6 +631,7 @@ extern Elf32_Dyn _DYNAMIC [];
30296 #define elfhdr elf32_hdr
30297 #define elf_phdr elf32_phdr
30298 #define elf_note elf32_note
30299 +#define elf_dyn Elf32_Dyn
30303 @@ -609,6 +639,7 @@ extern Elf64_Dyn _DYNAMIC [];
30304 #define elfhdr elf64_hdr
30305 #define elf_phdr elf64_phdr
30306 #define elf_note elf64_note
30307 +#define elf_dyn Elf64_Dyn
30311 diff -urNp linux-2.4.37.7/include/linux/ext2_fs.h linux-2.4.37.7/include/linux/ext2_fs.h
30312 --- linux-2.4.37.7/include/linux/ext2_fs.h 2009-11-07 11:52:20.000000000 -0500
30313 +++ linux-2.4.37.7/include/linux/ext2_fs.h 2009-11-10 19:30:27.000000000 -0500
30314 @@ -639,20 +639,20 @@ extern int ext2_statfs (struct super_blo
30318 -extern struct file_operations ext2_dir_operations;
30319 +extern const struct file_operations ext2_dir_operations;
30322 -extern struct inode_operations ext2_file_inode_operations;
30323 -extern struct file_operations ext2_file_operations;
30324 +extern const struct inode_operations ext2_file_inode_operations;
30325 +extern const struct file_operations ext2_file_operations;
30328 -extern struct address_space_operations ext2_aops;
30329 +extern const struct address_space_operations ext2_aops;
30332 -extern struct inode_operations ext2_dir_inode_operations;
30333 +extern const struct inode_operations ext2_dir_inode_operations;
30336 -extern struct inode_operations ext2_fast_symlink_inode_operations;
30337 +extern const struct inode_operations ext2_fast_symlink_inode_operations;
30339 #endif /* __KERNEL__ */
30341 diff -urNp linux-2.4.37.7/include/linux/ext3_fs.h linux-2.4.37.7/include/linux/ext3_fs.h
30342 --- linux-2.4.37.7/include/linux/ext3_fs.h 2009-11-07 11:52:20.000000000 -0500
30343 +++ linux-2.4.37.7/include/linux/ext3_fs.h 2009-11-10 19:30:27.000000000 -0500
30344 @@ -702,20 +702,20 @@ extern const char *ext3_decode_error(str
30348 -extern struct file_operations ext3_dir_operations;
30349 +extern const struct file_operations ext3_dir_operations;
30352 -extern struct inode_operations ext3_file_inode_operations;
30353 -extern struct file_operations ext3_file_operations;
30354 +extern const struct inode_operations ext3_file_inode_operations;
30355 +extern const struct file_operations ext3_file_operations;
30358 -extern struct address_space_operations ext3_aops;
30359 +extern const struct address_space_operations ext3_aops;
30362 -extern struct inode_operations ext3_dir_inode_operations;
30363 +extern const struct inode_operations ext3_dir_inode_operations;
30366 -extern struct inode_operations ext3_fast_symlink_inode_operations;
30367 +extern const struct inode_operations ext3_fast_symlink_inode_operations;
30370 #endif /* __KERNEL__ */
30371 diff -urNp linux-2.4.37.7/include/linux/fsfilter.h linux-2.4.37.7/include/linux/fsfilter.h
30372 --- linux-2.4.37.7/include/linux/fsfilter.h 2009-11-07 11:52:20.000000000 -0500
30373 +++ linux-2.4.37.7/include/linux/fsfilter.h 2009-11-10 19:30:27.000000000 -0500
30374 @@ -33,17 +33,17 @@ struct filter_ops {
30377 /* operations on the file store */
30378 - struct super_operations *cache_sops;
30379 + const struct super_operations *cache_sops;
30381 - struct inode_operations *cache_dir_iops;
30382 - struct inode_operations *cache_file_iops;
30383 - struct inode_operations *cache_sym_iops;
30384 + const struct inode_operations *cache_dir_iops;
30385 + const struct inode_operations *cache_file_iops;
30386 + const struct inode_operations *cache_sym_iops;
30388 - struct file_operations *cache_dir_fops;
30389 - struct file_operations *cache_file_fops;
30390 - struct file_operations *cache_sym_fops;
30391 + const struct file_operations *cache_dir_fops;
30392 + const struct file_operations *cache_file_fops;
30393 + const struct file_operations *cache_sym_fops;
30395 - struct dentry_operations *cache_dentry_ops;
30396 + const struct dentry_operations *cache_dentry_ops;
30400 diff -urNp linux-2.4.37.7/include/linux/fs.h linux-2.4.37.7/include/linux/fs.h
30401 --- linux-2.4.37.7/include/linux/fs.h 2009-11-07 11:52:20.000000000 -0500
30402 +++ linux-2.4.37.7/include/linux/fs.h 2009-11-10 19:30:27.000000000 -0500
30403 @@ -410,7 +410,7 @@ struct address_space {
30404 struct list_head dirty_pages; /* list of dirty pages */
30405 struct list_head locked_pages; /* list of locked pages */
30406 unsigned long nrpages; /* number of total pages */
30407 - struct address_space_operations *a_ops; /* methods */
30408 + const struct address_space_operations *a_ops; /* methods */
30409 struct inode *host; /* owner: inode, block_device */
30410 struct vm_area_struct *i_mmap; /* list of private mappings */
30411 struct vm_area_struct *i_mmap_shared; /* list of shared mappings */
30412 @@ -465,8 +465,8 @@ struct inode {
30413 struct semaphore i_sem;
30414 struct rw_semaphore i_alloc_sem;
30415 struct semaphore i_zombie;
30416 - struct inode_operations *i_op;
30417 - struct file_operations *i_fop; /* former ->i_op->default_file_ops */
30418 + const struct inode_operations *i_op;
30419 + const struct file_operations *i_fop; /* former ->i_op->default_file_ops */
30420 struct super_block *i_sb;
30421 wait_queue_head_t i_wait;
30422 struct file_lock *i_flock;
30423 @@ -566,7 +566,7 @@ struct file {
30424 struct list_head f_list;
30425 struct dentry *f_dentry;
30426 struct vfsmount *f_vfsmnt;
30427 - struct file_operations *f_op;
30428 + const struct file_operations *f_op;
30430 unsigned int f_flags;
30432 @@ -750,7 +750,7 @@ struct super_block {
30433 unsigned char s_dirt;
30434 unsigned long long s_maxbytes; /* Max file size */
30435 struct file_system_type *s_type;
30436 - struct super_operations *s_op;
30437 + const struct super_operations *s_op;
30438 struct dquot_operations *dq_op;
30439 struct quotactl_ops *s_qcop;
30440 unsigned long s_flags;
30441 @@ -1086,7 +1086,7 @@ static inline int get_lease(struct inode
30443 asmlinkage long sys_open(const char *, int, int);
30444 asmlinkage long sys_close(unsigned int); /* yes, it's really unsigned */
30445 -extern int do_truncate(struct dentry *, loff_t start);
30446 +extern int do_truncate(struct dentry *, loff_t start, struct vfsmount *);
30448 extern struct file *filp_open(const char *, int, int);
30449 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
30450 @@ -1110,16 +1110,16 @@ extern struct char_device *cdget(dev_t);
30451 extern void cdput(struct char_device *);
30452 extern int blkdev_open(struct inode *, struct file *);
30453 extern int blkdev_close(struct inode *, struct file *);
30454 -extern struct file_operations def_blk_fops;
30455 -extern struct address_space_operations def_blk_aops;
30456 -extern struct file_operations def_fifo_fops;
30457 +extern const struct file_operations def_blk_fops;
30458 +extern const struct address_space_operations def_blk_aops;
30459 +extern const struct file_operations def_fifo_fops;
30460 extern int ioctl_by_bdev(struct block_device *, unsigned, unsigned long);
30461 extern int blkdev_get(struct block_device *, mode_t, unsigned, int);
30462 extern int blkdev_put(struct block_device *, int);
30465 extern const struct block_device_operations *get_blkfops(unsigned int);
30466 -extern int register_chrdev(unsigned int, const char *, struct file_operations *);
30467 +extern int register_chrdev(unsigned int, const char *, const struct file_operations *);
30468 extern int unregister_chrdev(unsigned int, const char *);
30469 extern int chrdev_open(struct inode *, struct file *);
30470 extern const char * bdevname(kdev_t);
30471 @@ -1131,12 +1131,12 @@ extern void init_special_inode(struct in
30472 extern void make_bad_inode(struct inode *);
30473 extern int is_bad_inode(struct inode *);
30475 -extern struct file_operations read_fifo_fops;
30476 -extern struct file_operations write_fifo_fops;
30477 -extern struct file_operations rdwr_fifo_fops;
30478 -extern struct file_operations read_pipe_fops;
30479 -extern struct file_operations write_pipe_fops;
30480 -extern struct file_operations rdwr_pipe_fops;
30481 +extern const struct file_operations read_fifo_fops;
30482 +extern const struct file_operations write_fifo_fops;
30483 +extern const struct file_operations rdwr_fifo_fops;
30484 +extern const struct file_operations read_pipe_fops;
30485 +extern const struct file_operations write_pipe_fops;
30486 +extern const struct file_operations rdwr_pipe_fops;
30488 extern int fs_may_remount_ro(struct super_block *);
30490 @@ -1530,13 +1530,13 @@ extern loff_t generic_file_llseek(struct
30491 extern ssize_t generic_read_dir(struct file *, char *, size_t, loff_t *);
30492 extern int generic_file_open(struct inode * inode, struct file * filp);
30494 -extern struct file_operations generic_ro_fops;
30495 +extern const struct file_operations generic_ro_fops;
30497 extern int vfs_readlink(struct dentry *, char *, int, const char *);
30498 extern int vfs_follow_link(struct nameidata *, const char *);
30499 extern int page_readlink(struct dentry *, char *, int);
30500 extern int page_follow_link(struct dentry *, struct nameidata *);
30501 -extern struct inode_operations page_symlink_inode_operations;
30502 +extern const struct inode_operations page_symlink_inode_operations;
30504 extern int vfs_readdir(struct file *, filldir_t, void *);
30505 extern int dcache_dir_open(struct inode *, struct file *);
30506 @@ -1544,7 +1544,7 @@ extern int dcache_dir_close(struct inode
30507 extern loff_t dcache_dir_lseek(struct file *, loff_t, int);
30508 extern int dcache_dir_fsync(struct file *, struct dentry *, int);
30509 extern int dcache_readdir(struct file *, void *, filldir_t);
30510 -extern struct file_operations dcache_dir_ops;
30511 +extern const struct file_operations dcache_dir_ops;
30513 extern struct file_system_type *get_fs_type(const char *name);
30514 extern struct super_block *get_super(kdev_t);
30515 diff -urNp linux-2.4.37.7/include/linux/gracl.h linux-2.4.37.7/include/linux/gracl.h
30516 --- linux-2.4.37.7/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
30517 +++ linux-2.4.37.7/include/linux/gracl.h 2009-11-10 19:30:27.000000000 -0500
30522 +#include <linux/grdefs.h>
30523 +#include <linux/resource.h>
30525 +#include <asm/resource.h>
30527 +/* Major status information */
30529 +#define GR_VERSION "grsecurity 2.1.14"
30530 +#define GRSECURITY_VERSION 0x2114
30541 + GR_SPROLEPAM = 8,
30544 +/* Password setup definitions
30545 + * kernel/grhash.c */
30548 + GR_SALT_LEN = 16,
30553 + GR_SPROLE_LEN = 64,
30556 +#define GR_NLIMITS 32
30558 +/* Begin Data Structures */
30560 +struct sprole_pw {
30561 + unsigned char *rolename;
30562 + unsigned char salt[GR_SALT_LEN];
30563 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
30566 +struct name_entry {
30573 + struct name_entry *prev;
30574 + struct name_entry *next;
30577 +struct inodev_entry {
30578 + struct name_entry *nentry;
30579 + struct inodev_entry *prev;
30580 + struct inodev_entry *next;
30583 +struct acl_role_db {
30584 + struct acl_role_label **r_hash;
30589 + struct name_entry **n_hash;
30593 +struct inodev_db {
30594 + struct inodev_entry **i_hash;
30598 +struct crash_uid {
30600 + unsigned long expires;
30603 +struct gr_hash_struct {
30605 + void **nametable;
30607 + __u32 table_size;
30612 +/* Userspace Grsecurity ACL data structures */
30613 +struct acl_subject_label {
30619 + __u32 cap_mask_unused;
30621 + __u32 cap_lower_unused;
30623 + struct rlimit res[GR_NLIMITS];
30626 + __u8 user_trans_type;
30627 + __u8 group_trans_type;
30628 + uid_t *user_transitions;
30629 + gid_t *group_transitions;
30630 + __u16 user_trans_num;
30631 + __u16 group_trans_num;
30633 + __u32 ip_proto[8];
30635 + struct acl_ip_label **ips;
30637 + __u32 inaddr_any_override;
30640 + unsigned long expires;
30642 + struct acl_subject_label *parent_subject;
30643 + struct gr_hash_struct *hash;
30644 + struct acl_subject_label *prev;
30645 + struct acl_subject_label *next;
30647 + struct acl_object_label **obj_hash;
30648 + __u32 obj_hash_size;
30652 +struct role_allowed_ip {
30656 + struct role_allowed_ip *prev;
30657 + struct role_allowed_ip *next;
30660 +struct role_transition {
30663 + struct role_transition *prev;
30664 + struct role_transition *next;
30667 +struct acl_role_label {
30672 + __u16 auth_attempts;
30673 + unsigned long expires;
30675 + struct acl_subject_label *root_label;
30676 + struct gr_hash_struct *hash;
30678 + struct acl_role_label *prev;
30679 + struct acl_role_label *next;
30681 + struct role_transition *transitions;
30682 + struct role_allowed_ip *allowed_ips;
30683 + uid_t *domain_children;
30684 + __u16 domain_child_num;
30686 + struct acl_subject_label **subj_hash;
30687 + __u32 subj_hash_size;
30690 +struct user_acl_role_db {
30691 + struct acl_role_label **r_table;
30692 + __u32 num_pointers; /* Number of allocations to track */
30693 + __u32 num_roles; /* Number of roles */
30694 + __u32 num_domain_children; /* Number of domain children */
30695 + __u32 num_subjects; /* Number of subjects */
30696 + __u32 num_objects; /* Number of objects */
30699 +struct acl_object_label {
30705 + struct acl_subject_label *nested;
30706 + struct acl_object_label *globbed;
30708 + /* next two structures not used */
30710 + struct acl_object_label *prev;
30711 + struct acl_object_label *next;
30714 +struct acl_ip_label {
30723 + /* next two structures not used */
30725 + struct acl_ip_label *prev;
30726 + struct acl_ip_label *next;
30730 + struct user_acl_role_db role_db;
30731 + unsigned char pw[GR_PW_LEN];
30732 + unsigned char salt[GR_SALT_LEN];
30733 + unsigned char sum[GR_SHA_LEN];
30734 + unsigned char sp_role[GR_SPROLE_LEN];
30735 + struct sprole_pw *sprole_pws;
30736 + __u32 segv_device;
30737 + ino_t segv_inode;
30739 + __u16 num_sprole_pws;
30743 +struct gr_arg_wrapper {
30744 + struct gr_arg *arg;
30749 +struct subject_map {
30750 + struct acl_subject_label *user;
30751 + struct acl_subject_label *kernel;
30752 + struct subject_map *prev;
30753 + struct subject_map *next;
30756 +struct acl_subj_map_db {
30757 + struct subject_map **s_hash;
30761 +/* End Data Structures Section */
30763 +/* Hash functions generated by empirical testing by Brad Spengler
30764 + Makes good use of the low bits of the inode. Generally 0-1 times
30765 + in loop for successful match. 0-3 for unsuccessful match.
30766 + Shift/add algorithm with modulus of table size and an XOR*/
30768 +static __inline__ unsigned int
30769 +rhash(const uid_t uid, const __u16 type, const unsigned int sz)
30771 + return (((uid << type) + (uid ^ type)) % sz);
30774 +static __inline__ unsigned int
30775 +shash(const struct acl_subject_label *userp, const unsigned int sz)
30777 + return ((const unsigned long)userp % sz);
30780 +static __inline__ unsigned int
30781 +fhash(const ino_t ino, const __u32 dev, const unsigned int sz)
30783 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
30786 +static __inline__ unsigned int
30787 +nhash(const char *name, const __u16 len, const unsigned int sz)
30789 + return full_name_hash(name, len) % sz;
30792 +#define FOR_EACH_ROLE_START(role,iter) \
30795 + while (iter < acl_role_set.r_size) { \
30796 + if (role == NULL) \
30797 + role = acl_role_set.r_hash[iter]; \
30798 + if (role == NULL) { \
30803 +#define FOR_EACH_ROLE_END(role,iter) \
30804 + role = role->next; \
30805 + if (role == NULL) \
30809 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
30812 + while (iter < role->subj_hash_size) { \
30813 + if (subj == NULL) \
30814 + subj = role->subj_hash[iter]; \
30815 + if (subj == NULL) { \
30820 +#define FOR_EACH_SUBJECT_END(subj,iter) \
30821 + subj = subj->next; \
30822 + if (subj == NULL) \
30827 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
30828 + subj = role->hash->first; \
30829 + while (subj != NULL) {
30831 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
30832 + subj = subj->next; \
30836 diff -urNp linux-2.4.37.7/include/linux/gralloc.h linux-2.4.37.7/include/linux/gralloc.h
30837 --- linux-2.4.37.7/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
30838 +++ linux-2.4.37.7/include/linux/gralloc.h 2009-11-10 19:30:27.000000000 -0500
30840 +#ifndef __GRALLOC_H
30841 +#define __GRALLOC_H
30843 +void acl_free_all(void);
30844 +int acl_alloc_stack_init(unsigned long size);
30845 +void *acl_alloc(unsigned long len);
30846 +void *acl_alloc_num(unsigned long num, unsigned long len);
30849 diff -urNp linux-2.4.37.7/include/linux/grdefs.h linux-2.4.37.7/include/linux/grdefs.h
30850 --- linux-2.4.37.7/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
30851 +++ linux-2.4.37.7/include/linux/grdefs.h 2009-11-10 19:30:27.000000000 -0500
30856 +/* Begin grsecurity status declarations */
30860 + GR_STATUS_INIT = 0x00 // disabled state
30863 +/* Begin ACL declarations */
30868 + GR_ROLE_USER = 0x0001,
30869 + GR_ROLE_GROUP = 0x0002,
30870 + GR_ROLE_DEFAULT = 0x0004,
30871 + GR_ROLE_SPECIAL = 0x0008,
30872 + GR_ROLE_AUTH = 0x0010,
30873 + GR_ROLE_NOPW = 0x0020,
30874 + GR_ROLE_GOD = 0x0040,
30875 + GR_ROLE_LEARN = 0x0080,
30876 + GR_ROLE_TPE = 0x0100,
30877 + GR_ROLE_DOMAIN = 0x0200,
30878 + GR_ROLE_PAM = 0x0400
30881 +/* ACL Subject and Object mode flags */
30883 + GR_DELETED = 0x80000000
30886 +/* ACL Object-only mode flags */
30888 + GR_READ = 0x00000001,
30889 + GR_APPEND = 0x00000002,
30890 + GR_WRITE = 0x00000004,
30891 + GR_EXEC = 0x00000008,
30892 + GR_FIND = 0x00000010,
30893 + GR_INHERIT = 0x00000020,
30894 + GR_SETID = 0x00000040,
30895 + GR_CREATE = 0x00000080,
30896 + GR_DELETE = 0x00000100,
30897 + GR_LINK = 0x00000200,
30898 + GR_AUDIT_READ = 0x00000400,
30899 + GR_AUDIT_APPEND = 0x00000800,
30900 + GR_AUDIT_WRITE = 0x00001000,
30901 + GR_AUDIT_EXEC = 0x00002000,
30902 + GR_AUDIT_FIND = 0x00004000,
30903 + GR_AUDIT_INHERIT= 0x00008000,
30904 + GR_AUDIT_SETID = 0x00010000,
30905 + GR_AUDIT_CREATE = 0x00020000,
30906 + GR_AUDIT_DELETE = 0x00040000,
30907 + GR_AUDIT_LINK = 0x00080000,
30908 + GR_PTRACERD = 0x00100000,
30909 + GR_NOPTRACE = 0x00200000,
30910 + GR_SUPPRESS = 0x00400000,
30911 + GR_NOLEARN = 0x00800000
30914 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
30915 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
30916 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
30918 +/* ACL subject-only mode flags */
30920 + GR_KILL = 0x00000001,
30921 + GR_VIEW = 0x00000002,
30922 + GR_PROTECTED = 0x00000004,
30923 + GR_LEARN = 0x00000008,
30924 + GR_OVERRIDE = 0x00000010,
30925 + /* just a placeholder, this mode is only used in userspace */
30926 + GR_DUMMY = 0x00000020,
30927 + GR_PROTSHM = 0x00000040,
30928 + GR_KILLPROC = 0x00000080,
30929 + GR_KILLIPPROC = 0x00000100,
30930 + /* just a placeholder, this mode is only used in userspace */
30931 + GR_NOTROJAN = 0x00000200,
30932 + GR_PROTPROCFD = 0x00000400,
30933 + GR_PROCACCT = 0x00000800,
30934 + GR_RELAXPTRACE = 0x00001000,
30935 + GR_NESTED = 0x00002000,
30936 + GR_INHERITLEARN = 0x00004000,
30937 + GR_PROCFIND = 0x00008000,
30938 + GR_POVERRIDE = 0x00010000,
30939 + GR_KERNELAUTH = 0x00020000,
30944 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
30945 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
30946 + GR_PAX_ENABLE_MPROTECT = 0x0004,
30947 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
30948 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
30949 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
30950 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
30951 + GR_PAX_DISABLE_MPROTECT = 0x0400,
30952 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
30953 + GR_PAX_DISABLE_EMUTRAMP = 0x1000
30957 + GR_ID_USER = 0x01,
30958 + GR_ID_GROUP = 0x02,
30962 + GR_ID_ALLOW = 0x01,
30963 + GR_ID_DENY = 0x02,
30966 +#define GR_CRASH_RES 31
30967 +#define GR_UIDTABLE_MAX 500
30969 +/* begin resource learning section */
30971 + GR_RLIM_CPU_BUMP = 60,
30972 + GR_RLIM_FSIZE_BUMP = 50000,
30973 + GR_RLIM_DATA_BUMP = 10000,
30974 + GR_RLIM_STACK_BUMP = 1000,
30975 + GR_RLIM_CORE_BUMP = 10000,
30976 + GR_RLIM_RSS_BUMP = 500000,
30977 + GR_RLIM_NPROC_BUMP = 1,
30978 + GR_RLIM_NOFILE_BUMP = 5,
30979 + GR_RLIM_MEMLOCK_BUMP = 50000,
30980 + GR_RLIM_AS_BUMP = 500000,
30981 + GR_RLIM_LOCKS_BUMP = 2
30985 diff -urNp linux-2.4.37.7/include/linux/grinternal.h linux-2.4.37.7/include/linux/grinternal.h
30986 --- linux-2.4.37.7/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
30987 +++ linux-2.4.37.7/include/linux/grinternal.h 2009-11-10 19:30:27.000000000 -0500
30989 +#ifndef __GRINTERNAL_H
30990 +#define __GRINTERNAL_H
30992 +#ifdef CONFIG_GRKERNSEC
30994 +#include <linux/grdefs.h>
30995 +#include <linux/gracl.h>
30996 +#include <linux/grmsg.h>
30998 +void gr_add_learn_entry(const char *fmt, ...)
30999 + __attribute__ ((format (printf, 1, 2)));
31000 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
31001 + const struct vfsmount *mnt);
31002 +__u32 gr_check_create(const struct dentry *new_dentry,
31003 + const struct dentry *parent,
31004 + const struct vfsmount *mnt, const __u32 mode);
31005 +int gr_check_protected_task(const struct task_struct *task);
31006 +__u32 to_gr_audit(const __u32 reqmode);
31007 +int gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
31008 + struct dentry *old_dentry,
31009 + struct dentry *new_dentry,
31010 + struct vfsmount *mnt, const __u8 replace);
31011 +int gr_set_acls(const int type);
31012 +int gr_acl_is_enabled(void);
31013 +char gr_roletype_to_char(void);
31015 +void gr_handle_alertkill(struct task_struct *task);
31016 +char *gr_to_filename(const struct dentry *dentry,
31017 + const struct vfsmount *mnt);
31018 +char *gr_to_filename1(const struct dentry *dentry,
31019 + const struct vfsmount *mnt);
31020 +char *gr_to_filename2(const struct dentry *dentry,
31021 + const struct vfsmount *mnt);
31022 +char *gr_to_filename3(const struct dentry *dentry,
31023 + const struct vfsmount *mnt);
31025 +extern int grsec_enable_link;
31026 +extern int grsec_enable_fifo;
31027 +extern int grsec_enable_execve;
31028 +extern int grsec_enable_execlog;
31029 +extern int grsec_enable_signal;
31030 +extern int grsec_enable_forkfail;
31031 +extern int grsec_enable_time;
31032 +extern int grsec_enable_chroot_shmat;
31033 +extern int grsec_enable_chroot_findtask;
31034 +extern int grsec_enable_chroot_mount;
31035 +extern int grsec_enable_chroot_double;
31036 +extern int grsec_enable_chroot_pivot;
31037 +extern int grsec_enable_chroot_chdir;
31038 +extern int grsec_enable_chroot_chmod;
31039 +extern int grsec_enable_chroot_mknod;
31040 +extern int grsec_enable_chroot_fchdir;
31041 +extern int grsec_enable_chroot_nice;
31042 +extern int grsec_enable_chroot_execlog;
31043 +extern int grsec_enable_chroot_caps;
31044 +extern int grsec_enable_chroot_sysctl;
31045 +extern int grsec_enable_chroot_unix;
31046 +extern int grsec_enable_tpe;
31047 +extern int grsec_tpe_gid;
31048 +extern int grsec_enable_tpe_all;
31049 +extern int grsec_enable_socket_all;
31050 +extern int grsec_socket_all_gid;
31051 +extern int grsec_enable_socket_client;
31052 +extern int grsec_socket_client_gid;
31053 +extern int grsec_enable_socket_server;
31054 +extern int grsec_socket_server_gid;
31055 +extern int grsec_audit_gid;
31056 +extern int grsec_enable_group;
31057 +extern int grsec_enable_audit_ipc;
31058 +extern int grsec_enable_audit_textrel;
31059 +extern int grsec_enable_mount;
31060 +extern int grsec_enable_chdir;
31061 +extern int grsec_lock;
31062 +extern int grsec_resource_logging;
31064 +extern struct task_struct *child_reaper;
31066 +extern spinlock_t grsec_alert_lock;
31067 +extern unsigned long grsec_alert_wtime;
31068 +extern unsigned long grsec_alert_fyet;
31070 +extern spinlock_t grsec_audit_lock;
31072 +extern rwlock_t grsec_exec_file_lock;
31074 +#define gr_task_fullpath(tsk) (tsk->exec_file ? \
31075 + gr_to_filename2(tsk->exec_file->f_dentry, \
31076 + tsk->exec_file->f_vfsmnt) : "/")
31078 +#define gr_parent_task_fullpath(tsk) (tsk->p_pptr->exec_file ? \
31079 + gr_to_filename3(tsk->p_pptr->exec_file->f_dentry, \
31080 + tsk->p_pptr->exec_file->f_vfsmnt) : "/")
31082 +#define gr_task_fullpath0(tsk) (tsk->exec_file ? \
31083 + gr_to_filename(tsk->exec_file->f_dentry, \
31084 + tsk->exec_file->f_vfsmnt) : "/")
31086 +#define gr_parent_task_fullpath0(tsk) (tsk->p_pptr->exec_file ? \
31087 + gr_to_filename1(tsk->p_pptr->exec_file->f_dentry, \
31088 + tsk->p_pptr->exec_file->f_vfsmnt) : "/")
31090 +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \
31091 + ((tsk_a->fs->root->d_inode->i_dev != \
31092 + child_reaper->fs->root->d_inode->i_dev) || \
31093 + (tsk_a->fs->root->d_inode->i_ino != \
31094 + child_reaper->fs->root->d_inode->i_ino)))
31096 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL && tsk_b->fs != NULL) && \
31097 + (tsk_a->fs->root->d_inode->i_dev == \
31098 + tsk_b->fs->root->d_inode->i_dev) && \
31099 + (tsk_a->fs->root->d_inode->i_ino == \
31100 + tsk_b->fs->root->d_inode->i_ino))
31102 +#define DEFAULTSECARGS(task) gr_task_fullpath(task), task->comm, \
31103 + task->pid, task->uid, \
31104 + task->euid, task->gid, task->egid, \
31105 + gr_parent_task_fullpath(task), \
31106 + task->p_pptr->comm, task->p_pptr->pid, \
31107 + task->p_pptr->uid, task->p_pptr->euid, \
31108 + task->p_pptr->gid, task->p_pptr->egid
31110 +#define GR_CHROOT_CAPS ( \
31111 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
31112 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
31113 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
31114 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
31115 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
31116 + CAP_TO_MASK(CAP_IPC_OWNER))
31118 +#define security_learn(normal_msg,args...) \
31120 + read_lock(&grsec_exec_file_lock); \
31121 + gr_add_learn_entry(normal_msg "\n", ## args); \
31122 + read_unlock(&grsec_exec_file_lock); \
31128 + GR_DONT_AUDIT_GOOD
31141 + GR_ONE_INT_TWO_STR,
31146 + GR_FIVE_INT_TWO_STR,
31152 + GR_FILENAME_TWO_INT,
31153 + GR_FILENAME_TWO_INT_STR,
31164 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
31165 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
31166 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
31167 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
31168 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
31169 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
31170 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
31171 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
31172 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
31173 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
31174 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
31175 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
31176 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
31177 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
31178 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
31179 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
31180 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
31181 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
31182 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
31183 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
31184 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
31185 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
31186 +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
31187 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
31188 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
31189 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
31190 +#define gr_log_sig(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG, task, num)
31191 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
31192 +#define gr_log_crash2(audit, msg, task, str, ulong1, ulong2) gr_log_varargs(audit, msg, GR_CRASH2, task, str, ulong1, ulong2)
31193 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
31195 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
31200 diff -urNp linux-2.4.37.7/include/linux/grmsg.h linux-2.4.37.7/include/linux/grmsg.h
31201 --- linux-2.4.37.7/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
31202 +++ linux-2.4.37.7/include/linux/grmsg.h 2009-11-10 19:30:27.000000000 -0500
31204 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
31205 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
31206 +#define GR_STOPMOD_MSG "denied modification of module state by "
31207 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
31208 +#define GR_IOPERM_MSG "denied use of ioperm() by "
31209 +#define GR_IOPL_MSG "denied use of iopl() by "
31210 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
31211 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
31212 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
31213 +#define GR_KMEM_MSG "denied write of /dev/kmem by "
31214 +#define GR_PORT_OPEN_MSG "denied open of /dev/port by "
31215 +#define GR_MEM_WRITE_MSG "denied write of /dev/mem by "
31216 +#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by "
31217 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
31218 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%u.%u.%u.%u"
31219 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%u.%u.%u.%u"
31220 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
31221 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
31222 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
31223 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
31224 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
31225 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
31226 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
31227 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%u.%u.%u.%u %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
31228 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
31229 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
31230 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
31231 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
31232 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
31233 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
31234 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
31235 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
31236 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
31237 +#define GR_NPROC_MSG "denied overstep of process limit by "
31238 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
31239 +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
31240 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
31241 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution of [%.16s:%lu] for %lu seconds"
31242 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.30s as %.930s from chroot by "
31243 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
31244 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
31245 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
31246 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
31247 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
31248 +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by "
31249 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
31250 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
31251 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
31252 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
31253 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
31254 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
31255 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
31256 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by "
31257 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
31258 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
31259 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
31260 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
31261 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
31262 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
31263 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
31264 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
31265 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
31266 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
31267 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
31268 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
31269 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
31270 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
31271 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
31272 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
31273 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
31274 +#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for "
31275 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
31276 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
31277 +#define GR_FAILFORK_MSG "failed fork with errno %d by "
31278 +#define GR_NICE_CHROOT_MSG "denied priority change by "
31279 +#define GR_UNISIGLOG_MSG "signal %d sent to "
31280 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
31281 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
31282 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
31283 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
31284 +#define GR_TIME_MSG "time set by "
31285 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
31286 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
31287 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
31288 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
31289 +#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by "
31290 +#define GR_BIND_MSG "denied bind() by "
31291 +#define GR_CONNECT_MSG "denied connect() by "
31292 +#define GR_BIND_ACL_MSG "denied bind() to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by "
31293 +#define GR_CONNECT_ACL_MSG "denied connect() to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by "
31294 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%u.%u.%u.%u\t%u\t%u\t%u\t%u\t%u.%u.%u.%u"
31295 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
31296 +#define GR_CAP_ACL_MSG "use of %s denied for "
31297 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
31298 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
31299 +#define GR_REMOUNT_AUDIT_MSG "remount of %.30s by "
31300 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.30s by "
31301 +#define GR_MOUNT_AUDIT_MSG "mount of %.30s to %.64s by "
31302 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
31303 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
31304 +#define GR_MSGQ_AUDIT_MSG "message queue created by "
31305 +#define GR_MSGQR_AUDIT_MSG "message queue of uid:%u euid:%u removed by "
31306 +#define GR_SEM_AUDIT_MSG "semaphore created by "
31307 +#define GR_SEMR_AUDIT_MSG "semaphore of uid:%u euid:%u removed by "
31308 +#define GR_SHM_AUDIT_MSG "shared memory of size %d created by "
31309 +#define GR_SHMR_AUDIT_MSG "shared memory of uid:%u euid:%u removed by "
31310 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
31311 +#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
31312 diff -urNp linux-2.4.37.7/include/linux/grsecurity.h linux-2.4.37.7/include/linux/grsecurity.h
31313 --- linux-2.4.37.7/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
31314 +++ linux-2.4.37.7/include/linux/grsecurity.h 2009-11-10 19:30:27.000000000 -0500
31316 +#ifndef GR_SECURITY_H
31317 +#define GR_SECURITY_H
31319 +/* notify of brain-dead configs */
31320 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
31321 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
31323 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
31324 +#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
31326 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
31327 +#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
31329 +#if defined(CONFIG_PAX_ALSR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
31330 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
31332 +#if defined(CONFIG_PAX) && !defined(CONFIG_NOEXEC) && !defined(CONFIG_ALSR)
31333 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
31336 +void gr_handle_brute_attach(struct task_struct *p);
31337 +void gr_handle_brute_check(void);
31339 +int gr_check_user_change(int real, int effective, int fs);
31340 +int gr_check_group_change(int real, int effective, int fs);
31342 +void gr_del_task_from_ip_table(struct task_struct *p);
31344 +int gr_pid_is_chrooted(struct task_struct *p);
31345 +int gr_handle_chroot_nice(void);
31346 +int gr_handle_chroot_sysctl(const int op);
31347 +int gr_handle_chroot_setpriority(const struct task_struct *p,
31348 + const int niceval);
31349 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
31350 +int gr_handle_chroot_chroot(const struct dentry *dentry,
31351 + const struct vfsmount *mnt);
31352 +void gr_handle_chroot_caps(struct task_struct *task);
31353 +void gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt);
31354 +int gr_handle_chroot_chmod(const struct dentry *dentry,
31355 + const struct vfsmount *mnt, const int mode);
31356 +int gr_handle_chroot_mknod(const struct dentry *dentry,
31357 + const struct vfsmount *mnt, const int mode);
31358 +int gr_handle_chroot_mount(const struct dentry *dentry,
31359 + const struct vfsmount *mnt,
31360 + const char *dev_name);
31361 +int gr_handle_chroot_pivot(void);
31362 +int gr_handle_chroot_unix(const pid_t pid);
31364 +int gr_handle_rawio(const struct inode *inode);
31365 +int gr_handle_nproc(void);
31367 +void gr_handle_ioperm(void);
31368 +void gr_handle_iopl(void);
31370 +int gr_tpe_allow(const struct file *file);
31372 +int gr_random_pid(spinlock_t * pid_lock, int *next_safe);
31374 +void gr_log_forkfail(const int retval);
31375 +void gr_log_timechange(void);
31376 +void gr_log_signal(const int sig, const struct task_struct *t);
31377 +void gr_log_chdir(const struct dentry *dentry,
31378 + const struct vfsmount *mnt);
31379 +void gr_log_chroot_exec(const struct dentry *dentry,
31380 + const struct vfsmount *mnt);
31381 +void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
31382 +void gr_log_remount(const char *devname, const int retval);
31383 +void gr_log_unmount(const char *devname, const int retval);
31384 +void gr_log_mount(const char *from, const char *to, const int retval);
31385 +void gr_log_msgget(const int ret, const int msgflg);
31386 +void gr_log_msgrm(const uid_t uid, const uid_t cuid);
31387 +void gr_log_semget(const int err, const int semflg);
31388 +void gr_log_semrm(const uid_t uid, const uid_t cuid);
31389 +void gr_log_shmget(const int err, const int shmflg, const size_t size);
31390 +void gr_log_shmrm(const uid_t uid, const uid_t cuid);
31391 +void gr_log_textrel(struct vm_area_struct *vma);
31393 +int gr_handle_follow_link(const struct inode *parent,
31394 + const struct inode *inode,
31395 + const struct dentry *dentry,
31396 + const struct vfsmount *mnt);
31397 +int gr_handle_fifo(const struct dentry *dentry,
31398 + const struct vfsmount *mnt,
31399 + const struct dentry *dir, const int flag,
31400 + const int acc_mode);
31401 +int gr_handle_hardlink(const struct dentry *dentry,
31402 + const struct vfsmount *mnt,
31403 + struct inode *inode,
31404 + const int mode, const char *to);
31406 +int gr_task_is_capable(struct task_struct *task, const int cap);
31407 +void gr_learn_resource(const struct task_struct *task, const int limit,
31408 + const unsigned long wanted, const int gt);
31409 +void gr_copy_label(struct task_struct *tsk);
31410 +void gr_handle_crash(struct task_struct *task, const int sig);
31411 +int gr_handle_signal(const struct task_struct *p, const int sig);
31412 +int gr_check_crash_uid(const uid_t uid);
31413 +int gr_check_protected_task(const struct task_struct *task);
31414 +int gr_acl_handle_mmap(const struct file *file,
31415 + const unsigned long prot);
31416 +int gr_acl_handle_mprotect(const struct file *file,
31417 + const unsigned long prot);
31418 +int gr_check_hidden_task(const struct task_struct *tsk);
31419 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
31420 + const struct vfsmount *mnt);
31421 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
31422 + const struct vfsmount *mnt);
31423 +__u32 gr_acl_handle_access(const struct dentry *dentry,
31424 + const struct vfsmount *mnt, const int fmode);
31425 +__u32 gr_acl_handle_fchmod(const struct dentry *dentry,
31426 + const struct vfsmount *mnt, mode_t mode);
31427 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
31428 + const struct vfsmount *mnt, mode_t mode);
31429 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
31430 + const struct vfsmount *mnt);
31431 +int gr_handle_ptrace(struct task_struct *task, const long request);
31432 +int gr_handle_proc_ptrace(struct task_struct *task);
31433 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
31434 + const struct vfsmount *mnt);
31435 +int gr_check_crash_exec(const struct file *filp);
31436 +int gr_acl_is_enabled(void);
31437 +void gr_set_kernel_label(struct task_struct *task);
31438 +void gr_set_role_label(struct task_struct *task, const uid_t uid,
31439 + const gid_t gid);
31440 +int gr_set_proc_label(const struct dentry *dentry,
31441 + const struct vfsmount *mnt);
31442 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
31443 + const struct vfsmount *mnt);
31444 +__u32 gr_acl_handle_open(const struct dentry *dentry,
31445 + const struct vfsmount *mnt, const int fmode);
31446 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
31447 + const struct dentry *p_dentry,
31448 + const struct vfsmount *p_mnt, const int fmode,
31449 + const int imode);
31450 +void gr_handle_create(const struct dentry *dentry,
31451 + const struct vfsmount *mnt);
31452 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
31453 + const struct dentry *parent_dentry,
31454 + const struct vfsmount *parent_mnt,
31456 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
31457 + const struct dentry *parent_dentry,
31458 + const struct vfsmount *parent_mnt);
31459 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
31460 + const struct vfsmount *mnt);
31461 +void gr_handle_delete(const ino_t ino, const __u32 dev);
31462 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
31463 + const struct vfsmount *mnt);
31464 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
31465 + const struct dentry *parent_dentry,
31466 + const struct vfsmount *parent_mnt,
31467 + const char *from);
31468 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
31469 + const struct dentry *parent_dentry,
31470 + const struct vfsmount *parent_mnt,
31471 + const struct dentry *old_dentry,
31472 + const struct vfsmount *old_mnt, const char *to);
31473 +int gr_acl_handle_rename(struct dentry *new_dentry,
31474 + struct dentry *parent_dentry,
31475 + const struct vfsmount *parent_mnt,
31476 + struct dentry *old_dentry,
31477 + struct inode *old_parent_inode,
31478 + struct vfsmount *old_mnt, const char *newname);
31479 +__u32 gr_check_link(const struct dentry *new_dentry,
31480 + const struct dentry *parent_dentry,
31481 + const struct vfsmount *parent_mnt,
31482 + const struct dentry *old_dentry,
31483 + const struct vfsmount *old_mnt);
31484 +int gr_acl_handle_filldir(const struct file *file, const char *name,
31485 + const unsigned int namelen, const ino_t ino);
31487 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
31488 + const struct vfsmount *mnt);
31489 +void gr_acl_handle_exit(void);
31490 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
31491 +int gr_acl_handle_procpidmem(const struct task_struct *task);
31492 +__u32 gr_cap_rtnetlink(void);
31494 +#ifdef CONFIG_SYSVIPC
31495 +void gr_shm_exit(void);
31497 +static inline void gr_shm_exit(void)
31503 +#ifdef CONFIG_GRKERNSEC
31504 +void gr_handle_mem_write(void);
31505 +void gr_handle_kmem_write(void);
31506 +void gr_handle_open_port(void);
31507 +int gr_handle_mem_mmap(const unsigned long offset,
31508 + struct vm_area_struct *vma);
31510 +extern int grsec_enable_dmesg;
31511 +extern int grsec_enable_shm;
31515 diff -urNp linux-2.4.37.7/include/linux/hfs_fs.h linux-2.4.37.7/include/linux/hfs_fs.h
31516 --- linux-2.4.37.7/include/linux/hfs_fs.h 2009-11-07 11:52:20.000000000 -0500
31517 +++ linux-2.4.37.7/include/linux/hfs_fs.h 2009-11-10 19:30:27.000000000 -0500
31518 @@ -244,25 +244,25 @@ extern int hfs_rename(struct inode *, st
31520 extern const struct hfs_name hfs_cap_reserved1[];
31521 extern const struct hfs_name hfs_cap_reserved2[];
31522 -extern struct inode_operations hfs_cap_ndir_inode_operations;
31523 -extern struct inode_operations hfs_cap_fdir_inode_operations;
31524 -extern struct inode_operations hfs_cap_rdir_inode_operations;
31525 -extern struct file_operations hfs_cap_dir_operations;
31526 +extern const struct inode_operations hfs_cap_ndir_inode_operations;
31527 +extern const struct inode_operations hfs_cap_fdir_inode_operations;
31528 +extern const struct inode_operations hfs_cap_rdir_inode_operations;
31529 +extern const struct file_operations hfs_cap_dir_operations;
31530 extern void hfs_cap_drop_dentry(struct dentry *, const ino_t);
31533 extern const struct hfs_name hfs_dbl_reserved1[];
31534 extern const struct hfs_name hfs_dbl_reserved2[];
31535 -extern struct inode_operations hfs_dbl_dir_inode_operations;
31536 -extern struct file_operations hfs_dbl_dir_operations;
31537 +extern const struct inode_operations hfs_dbl_dir_inode_operations;
31538 +extern const struct file_operations hfs_dbl_dir_operations;
31539 extern void hfs_dbl_drop_dentry(struct dentry *, const ino_t);
31542 extern const struct hfs_name hfs_nat_reserved1[];
31543 extern const struct hfs_name hfs_nat_reserved2[];
31544 -extern struct inode_operations hfs_nat_ndir_inode_operations;
31545 -extern struct inode_operations hfs_nat_hdir_inode_operations;
31546 -extern struct file_operations hfs_nat_dir_operations;
31547 +extern const struct inode_operations hfs_nat_ndir_inode_operations;
31548 +extern const struct inode_operations hfs_nat_hdir_inode_operations;
31549 +extern const struct file_operations hfs_nat_dir_operations;
31550 extern void hfs_nat_drop_dentry(struct dentry *, const ino_t);
31553 @@ -271,16 +271,16 @@ extern hfs_s32 hfs_do_read(struct inode
31554 extern hfs_s32 hfs_do_write(struct inode *, struct hfs_fork *, hfs_u32,
31555 const char *, hfs_u32);
31556 extern void hfs_file_fix_mode(struct hfs_cat_entry *entry);
31557 -extern struct inode_operations hfs_file_inode_operations;
31558 -extern struct file_operations hfs_file_operations;
31559 +extern const struct inode_operations hfs_file_inode_operations;
31560 +extern const struct file_operations hfs_file_operations;
31563 -extern struct inode_operations hfs_cap_info_inode_operations;
31564 -extern struct file_operations hfs_cap_info_operations;
31565 +extern const struct inode_operations hfs_cap_info_inode_operations;
31566 +extern const struct file_operations hfs_cap_info_operations;
31569 -extern struct inode_operations hfs_hdr_inode_operations;
31570 -extern struct file_operations hfs_hdr_operations;
31571 +extern const struct inode_operations hfs_hdr_inode_operations;
31572 +extern const struct file_operations hfs_hdr_operations;
31573 extern const struct hfs_hdr_layout hfs_dbl_fil_hdr_layout;
31574 extern const struct hfs_hdr_layout hfs_dbl_dir_hdr_layout;
31575 extern const struct hfs_hdr_layout hfs_nat_hdr_layout;
31576 diff -urNp linux-2.4.37.7/include/linux/highmem.h linux-2.4.37.7/include/linux/highmem.h
31577 --- linux-2.4.37.7/include/linux/highmem.h 2009-11-07 11:52:20.000000000 -0500
31578 +++ linux-2.4.37.7/include/linux/highmem.h 2009-11-10 19:30:27.000000000 -0500
31579 @@ -94,6 +94,13 @@ static inline void clear_highpage(struct
31583 +static inline void sanitize_highpage(struct page *page)
31585 + void *addr = kmap_atomic(page, KM_CLEARPAGE);
31586 + clear_page(addr);
31587 + kunmap_atomic(addr, KM_CLEARPAGE);
31591 * Same but also flushes aliased cache contents to RAM.
31593 diff -urNp linux-2.4.37.7/include/linux/input.h linux-2.4.37.7/include/linux/input.h
31594 --- linux-2.4.37.7/include/linux/input.h 2009-11-07 11:52:20.000000000 -0500
31595 +++ linux-2.4.37.7/include/linux/input.h 2009-11-10 19:30:27.000000000 -0500
31596 @@ -685,7 +685,7 @@ struct input_handler {
31597 struct input_handle* (*connect)(struct input_handler *handler, struct input_dev *dev);
31598 void (*disconnect)(struct input_handle *handle);
31600 - struct file_operations *fops;
31601 + const struct file_operations *fops;
31604 struct input_handle *handle;
31605 diff -urNp linux-2.4.37.7/include/linux/intermezzo_fs.h linux-2.4.37.7/include/linux/intermezzo_fs.h
31606 --- linux-2.4.37.7/include/linux/intermezzo_fs.h 2009-11-07 11:52:20.000000000 -0500
31607 +++ linux-2.4.37.7/include/linux/intermezzo_fs.h 2009-11-10 19:30:27.000000000 -0500
31608 @@ -337,7 +337,7 @@ int presto_lento_up(int minor);
31609 int izo_psdev_setchannel(struct file *file, int fd);
31612 -extern struct super_operations presto_super_ops;
31613 +extern const struct super_operations presto_super_ops;
31614 void presto_set_ops(struct inode *inode, struct filter_fs *filter);
31617 @@ -348,15 +348,15 @@ struct presto_dentry_data *izo_alloc_dda
31618 int presto_set_dd(struct dentry *);
31619 int presto_init_ddata_cache(void);
31620 void presto_cleanup_ddata_cache(void);
31621 -extern struct dentry_operations presto_dentry_ops;
31622 +extern const struct dentry_operations presto_dentry_ops;
31625 -extern struct inode_operations presto_dir_iops;
31626 -extern struct inode_operations presto_file_iops;
31627 -extern struct inode_operations presto_sym_iops;
31628 -extern struct file_operations presto_dir_fops;
31629 -extern struct file_operations presto_file_fops;
31630 -extern struct file_operations presto_sym_fops;
31631 +extern const struct inode_operations presto_dir_iops;
31632 +extern const struct inode_operations presto_file_iops;
31633 +extern const struct inode_operations presto_sym_iops;
31634 +extern const struct file_operations presto_dir_fops;
31635 +extern const struct file_operations presto_file_fops;
31636 +extern const struct file_operations presto_sym_fops;
31637 int presto_setattr(struct dentry *de, struct iattr *iattr);
31638 int presto_settime(struct presto_file_set *fset, struct dentry *newobj,
31639 struct dentry *parent, struct dentry *target,
31640 diff -urNp linux-2.4.37.7/include/linux/iso_fs.h linux-2.4.37.7/include/linux/iso_fs.h
31641 --- linux-2.4.37.7/include/linux/iso_fs.h 2009-11-07 11:52:20.000000000 -0500
31642 +++ linux-2.4.37.7/include/linux/iso_fs.h 2009-11-10 19:30:27.000000000 -0500
31643 @@ -222,9 +222,9 @@ extern struct dentry *isofs_lookup(struc
31644 extern struct buffer_head *isofs_bread(struct inode *inode, unsigned int block);
31645 extern int isofs_get_blocks(struct inode *, long, struct buffer_head **, unsigned long);
31647 -extern struct inode_operations isofs_dir_inode_operations;
31648 -extern struct file_operations isofs_dir_operations;
31649 -extern struct address_space_operations isofs_symlink_aops;
31650 +extern const struct inode_operations isofs_dir_inode_operations;
31651 +extern const struct file_operations isofs_dir_operations;
31652 +extern const struct address_space_operations isofs_symlink_aops;
31654 /* The following macros are used to check for memory leaks. */
31656 diff -urNp linux-2.4.37.7/include/linux/kernel.h linux-2.4.37.7/include/linux/kernel.h
31657 --- linux-2.4.37.7/include/linux/kernel.h 2009-11-07 11:52:20.000000000 -0500
31658 +++ linux-2.4.37.7/include/linux/kernel.h 2009-11-10 19:30:27.000000000 -0500
31659 @@ -96,6 +96,9 @@ extern int session_of_pgrp(int pgrp);
31660 asmlinkage int printk(const char * fmt, ...)
31661 __attribute__ ((format (printf, 1, 2)));
31663 +asmlinkage void early_printk(const char * fmt, ...)
31664 + __attribute__ ((format (printf, 1, 2)));
31666 static inline void console_silent(void)
31668 console_loglevel = 0;
31669 diff -urNp linux-2.4.37.7/include/linux/minix_fs.h linux-2.4.37.7/include/linux/minix_fs.h
31670 --- linux-2.4.37.7/include/linux/minix_fs.h 2009-11-07 11:52:20.000000000 -0500
31671 +++ linux-2.4.37.7/include/linux/minix_fs.h 2009-11-10 19:30:27.000000000 -0500
31672 @@ -123,11 +123,11 @@ extern ino_t minix_inode_by_name(struct
31674 extern int minix_sync_file(struct file *, struct dentry *, int);
31676 -extern struct inode_operations minix_file_inode_operations;
31677 -extern struct inode_operations minix_dir_inode_operations;
31678 -extern struct file_operations minix_file_operations;
31679 -extern struct file_operations minix_dir_operations;
31680 -extern struct dentry_operations minix_dentry_operations;
31681 +extern const struct inode_operations minix_file_inode_operations;
31682 +extern const struct inode_operations minix_dir_inode_operations;
31683 +extern const struct file_operations minix_file_operations;
31684 +extern const struct file_operations minix_dir_operations;
31685 +extern const struct dentry_operations minix_dentry_operations;
31687 #endif /* __KERNEL__ */
31689 diff -urNp linux-2.4.37.7/include/linux/miscdevice.h linux-2.4.37.7/include/linux/miscdevice.h
31690 --- linux-2.4.37.7/include/linux/miscdevice.h 2009-11-07 11:52:20.000000000 -0500
31691 +++ linux-2.4.37.7/include/linux/miscdevice.h 2009-11-10 19:30:27.000000000 -0500
31692 @@ -43,7 +43,7 @@ struct miscdevice
31696 - struct file_operations *fops;
31697 + const struct file_operations *fops;
31698 struct miscdevice * next, * prev;
31699 devfs_handle_t devfs_handle;
31701 diff -urNp linux-2.4.37.7/include/linux/mm.h linux-2.4.37.7/include/linux/mm.h
31702 --- linux-2.4.37.7/include/linux/mm.h 2009-11-07 11:52:20.000000000 -0500
31703 +++ linux-2.4.37.7/include/linux/mm.h 2009-11-10 19:30:27.000000000 -0500
31704 @@ -22,9 +22,13 @@ extern int page_cluster;
31705 extern struct list_head active_list;
31706 extern struct list_head inactive_list;
31708 +extern void gr_learn_resource(const struct task_struct * task, const int limit,
31709 + const unsigned long wanted, const int gt);
31711 #include <asm/page.h>
31712 #include <asm/pgtable.h>
31713 #include <asm/atomic.h>
31714 +#include <asm/mman.h>
31717 * Linux kernel virtual memory manager primitives.
31718 @@ -64,7 +68,7 @@ struct vm_area_struct {
31719 struct vm_area_struct **vm_pprev_share;
31721 /* Function pointers to deal with this struct. */
31722 - struct vm_operations_struct * vm_ops;
31723 + const struct vm_operations_struct * vm_ops;
31725 /* Information about our backing store: */
31726 unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE
31727 @@ -72,6 +76,8 @@ struct vm_area_struct {
31728 struct file * vm_file; /* File we map to (can be NULL). */
31729 unsigned long vm_raend; /* XXX: put full readahead info here. */
31730 void * vm_private_data; /* was vm_pte (shared mem) */
31732 + unsigned long vm_mirror; /* PaX: mirror distance */
31736 @@ -104,9 +110,29 @@ struct vm_area_struct {
31737 #define VM_DONTEXPAND 0x00040000 /* Cannot expand with mremap() */
31738 #define VM_RESERVED 0x00080000 /* Don't unmap it from swap_out */
31740 +#ifdef CONFIG_PAX_SEGMEXEC
31741 +#define VM_MIRROR 0x00100000 /* vma is mirroring another */
31744 +#ifdef CONFIG_PAX_MPROTECT
31745 +#define VM_MAYNOTWRITE 0x00200000 /* vma cannot be granted VM_WRITE any more */
31748 +#if defined(__VM_STACK_FLAGS) && !defined(VM_STACK_FLAGS)
31749 +#ifdef ARCH_STACK_GROWSUP
31750 +#define VM_STACK_FLAGS (0x00000233 | __VM_STACK_FLAGS)
31752 +#define VM_STACK_FLAGS (0x00000133 | __VM_STACK_FLAGS)
31756 #ifndef VM_STACK_FLAGS
31757 +#ifdef ARCH_STACK_GROWSUP
31758 +#define VM_STACK_FLAGS 0x00000277
31760 #define VM_STACK_FLAGS 0x00000177
31764 #define VM_READHINTMASK (VM_SEQ_READ | VM_RAND_READ)
31765 #define VM_ClearReadHint(v) (v)->vm_flags &= ~VM_READHINTMASK
31766 @@ -496,6 +522,7 @@ extern int zeromap_page_range(unsigned l
31767 extern int vmtruncate(struct inode * inode, loff_t offset);
31768 extern pmd_t *FASTCALL(__pmd_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address));
31769 extern pte_t *FASTCALL(pte_alloc(struct mm_struct *mm, pmd_t *pmd, unsigned long address));
31770 +extern pte_t *FASTCALL(pte_alloc_kernel(struct mm_struct *mm, pmd_t *pmd, unsigned long address));
31771 extern int handle_mm_fault(struct mm_struct *mm,struct vm_area_struct *vma, unsigned long address, int write_access);
31772 extern int make_pages_present(unsigned long addr, unsigned long end);
31773 extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
31774 @@ -587,6 +614,12 @@ static inline void __vma_unlink(struct m
31776 static inline int can_vma_merge(struct vm_area_struct * vma, unsigned long vm_flags)
31779 +#ifdef CONFIG_PAX_SEGMEXEC
31780 + if ((vma->vm_flags | vm_flags) & VM_MIRROR)
31784 if (!vma->vm_file && vma->vm_flags == vm_flags)
31787 @@ -640,13 +673,23 @@ static inline unsigned int pf_gfp_mask(u
31793 +/* Look up the first VMA which satisfies addr < vm_end, NULL if none. */
31794 +extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr);
31795 +extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
31796 + struct vm_area_struct **pprev);
31798 /* vma is the first one with address < vma->vm_end,
31799 * and even address < vma->vm_start. Have to extend vma. */
31800 static inline int expand_stack(struct vm_area_struct * vma, unsigned long address)
31802 unsigned long grow;
31804 +#ifdef CONFIG_PAX_SEGMEXEC
31805 + struct vm_area_struct * vma_m = NULL;
31806 + unsigned long address_m = 0UL;
31810 * vma->vm_start/vm_end cannot change under us because the caller
31811 * is required to hold the mmap_sem in read mode. We need the
31812 @@ -667,33 +710,62 @@ static inline int expand_stack(struct vm
31815 grow = (vma->vm_start - address) >> PAGE_SHIFT;
31816 - if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
31817 - ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) {
31818 - spin_unlock(&vma->vm_mm->page_table_lock);
31822 - if ((vma->vm_flags & VM_LOCKED) &&
31823 - ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_MEMLOCK].rlim_cur) {
31824 + gr_learn_resource(current, RLIMIT_STACK, vma->vm_end - address, 1);
31825 + gr_learn_resource(current, RLIMIT_AS, (vma->vm_mm->total_vm + grow) << PAGE_SHIFT, 1);
31826 + gr_learn_resource(current, RLIMIT_MEMLOCK, (vma->vm_mm->locked_vm + grow) << PAGE_SHIFT, 1);
31828 +#ifdef CONFIG_PAX_SEGMEXEC
31829 + if (vma->vm_flags & VM_MIRROR) {
31830 + address_m = vma->vm_start + vma->vm_mirror;
31831 + vma_m = find_vma(vma->vm_mm, address_m);
31832 + if (!vma_m || vma_m->vm_start != address_m || !(vma_m->vm_flags & VM_MIRROR) ||
31833 + vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start) {
31834 + printk(KERN_ERR "PAX: VMMIRROR: expand bug, %08lx, %08lx, %08lx, %08lx, %08lx\n",
31835 + address, vma->vm_start, vma_m->vm_start, vma->vm_end, vma_m->vm_end);
31836 + spin_unlock(&vma->vm_mm->page_table_lock);
31840 + address_m = address + vma->vm_mirror;
31841 + if (2*grow < grow || vma_m->vm_end - address_m > current->rlim[RLIMIT_STACK].rlim_cur ||
31842 + ((vma_m->vm_mm->total_vm + 2*grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur ||
31843 + ((vma_m->vm_flags & VM_LOCKED) &&
31844 + ((vma_m->vm_mm->locked_vm + 2*grow) << PAGE_SHIFT) > current->rlim[RLIMIT_MEMLOCK].rlim_cur)) {
31845 + spin_unlock(&vma->vm_mm->page_table_lock);
31851 + if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
31852 + ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur ||
31853 + ((vma->vm_flags & VM_LOCKED) &&
31854 + ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_MEMLOCK].rlim_cur)) {
31855 spin_unlock(&vma->vm_mm->page_table_lock);
31860 vma->vm_start = address;
31861 vma->vm_pgoff -= grow;
31862 vma->vm_mm->total_vm += grow;
31863 if (vma->vm_flags & VM_LOCKED)
31864 vma->vm_mm->locked_vm += grow;
31866 +#ifdef CONFIG_PAX_SEGMEXEC
31867 + if (vma->vm_flags & VM_MIRROR) {
31868 + vma_m->vm_start = address_m;
31869 + vma_m->vm_pgoff -= grow;
31870 + vma_m->vm_mm->total_vm += grow;
31871 + if (vma_m->vm_flags & VM_LOCKED)
31872 + vma_m->vm_mm->locked_vm += grow;
31876 spin_unlock(&vma->vm_mm->page_table_lock);
31880 -/* Look up the first VMA which satisfies addr < vm_end, NULL if none. */
31881 -extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr);
31882 -extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
31883 - struct vm_area_struct **pprev);
31885 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
31886 NULL if none. Assume start_addr < end_addr. */
31887 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
31888 @@ -705,8 +777,6 @@ static inline struct vm_area_struct * fi
31892 -extern struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr);
31894 extern struct page * vmalloc_to_page(void *addr);
31896 #endif /* __KERNEL__ */
31897 diff -urNp linux-2.4.37.7/include/linux/msdos_fs.h linux-2.4.37.7/include/linux/msdos_fs.h
31898 --- linux-2.4.37.7/include/linux/msdos_fs.h 2009-11-07 11:52:20.000000000 -0500
31899 +++ linux-2.4.37.7/include/linux/msdos_fs.h 2009-11-10 19:30:27.000000000 -0500
31900 @@ -256,7 +256,7 @@ extern int fat_get_cluster(struct inode
31901 extern int fat_free(struct inode *inode, int skip);
31904 -extern struct file_operations fat_dir_operations;
31905 +extern const struct file_operations fat_dir_operations;
31906 extern int fat_search_long(struct inode *inode, const char *name, int name_len,
31907 int anycase, loff_t *spos, loff_t *lpos);
31908 extern int fat_readdir(struct file *filp, void *dirent, filldir_t filldir);
31909 @@ -268,8 +268,8 @@ extern int fat_add_entries(struct inode
31910 extern int fat_new_dir(struct inode *dir, struct inode *parent, int is_vfat);
31913 -extern struct file_operations fat_file_operations;
31914 -extern struct inode_operations fat_file_inode_operations;
31915 +extern const struct file_operations fat_file_operations;
31916 +extern const struct inode_operations fat_file_inode_operations;
31917 extern ssize_t fat_file_read(struct file *filp, char *buf, size_t count,
31919 extern int fat_get_block(struct inode *inode, long iblock,
31920 @@ -290,7 +290,7 @@ extern void fat_clear_inode(struct inode
31921 extern void fat_put_super(struct super_block *sb);
31922 extern struct super_block *
31923 fat_read_super(struct super_block *sb, void *data, int silent,
31924 - struct inode_operations *fs_dir_inode_ops);
31925 + const struct inode_operations *fs_dir_inode_ops);
31926 extern int fat_statfs(struct super_block *sb, struct statfs *buf);
31927 extern void fat_write_inode(struct inode *inode, int wait);
31928 extern int fat_notify_change(struct dentry * dentry, struct iattr * attr);
31929 diff -urNp linux-2.4.37.7/include/linux/msdos_fs_sb.h linux-2.4.37.7/include/linux/msdos_fs_sb.h
31930 --- linux-2.4.37.7/include/linux/msdos_fs_sb.h 2009-11-07 11:52:20.000000000 -0500
31931 +++ linux-2.4.37.7/include/linux/msdos_fs_sb.h 2009-11-10 19:30:27.000000000 -0500
31932 @@ -48,7 +48,7 @@ struct msdos_sb_info {
31933 struct nls_table *nls_disk; /* Codepage used on disk */
31934 struct nls_table *nls_io; /* Charset used for input and display */
31935 struct cvf_format* cvf_format;
31936 - void *dir_ops; /* Opaque; default directory operations */
31937 + const void *dir_ops; /* Opaque; default directory operations */
31938 void *private_data;
31939 int dir_per_block; /* dir entries per block */
31940 int dir_per_block_bits; /* log2(dir_per_block) */
31941 diff -urNp linux-2.4.37.7/include/linux/ncp_fs.h linux-2.4.37.7/include/linux/ncp_fs.h
31942 --- linux-2.4.37.7/include/linux/ncp_fs.h 2009-11-07 11:52:20.000000000 -0500
31943 +++ linux-2.4.37.7/include/linux/ncp_fs.h 2009-11-10 19:30:27.000000000 -0500
31944 @@ -230,8 +230,8 @@ void ncp_update_inode(struct inode *, st
31945 void ncp_update_inode2(struct inode *, struct ncp_entry_info *);
31947 /* linux/fs/ncpfs/dir.c */
31948 -extern struct inode_operations ncp_dir_inode_operations;
31949 -extern struct file_operations ncp_dir_operations;
31950 +extern const struct inode_operations ncp_dir_inode_operations;
31951 +extern const struct file_operations ncp_dir_operations;
31952 int ncp_conn_logged_in(struct super_block *);
31953 int ncp_date_dos2unix(__u16 time, __u16 date);
31954 void ncp_date_unix2dos(int unix_date, __u16 * time, __u16 * date);
31955 @@ -251,8 +251,8 @@ void ncp_lock_server(struct ncp_server *
31956 void ncp_unlock_server(struct ncp_server *server);
31958 /* linux/fs/ncpfs/file.c */
31959 -extern struct inode_operations ncp_file_inode_operations;
31960 -extern struct file_operations ncp_file_operations;
31961 +extern const struct inode_operations ncp_file_inode_operations;
31962 +extern const struct file_operations ncp_file_operations;
31963 int ncp_make_open(struct inode *, int);
31965 /* linux/fs/ncpfs/mmap.c */
31966 diff -urNp linux-2.4.37.7/include/linux/nfs_fs.h linux-2.4.37.7/include/linux/nfs_fs.h
31967 --- linux-2.4.37.7/include/linux/nfs_fs.h 2009-11-07 11:52:20.000000000 -0500
31968 +++ linux-2.4.37.7/include/linux/nfs_fs.h 2009-11-10 19:30:27.000000000 -0500
31969 @@ -159,9 +159,9 @@ extern int nfs_notify_change(struct dent
31971 * linux/fs/nfs/file.c
31973 -extern struct inode_operations nfs_file_inode_operations;
31974 -extern struct file_operations nfs_file_operations;
31975 -extern struct address_space_operations nfs_file_aops;
31976 +extern const struct inode_operations nfs_file_inode_operations;
31977 +extern const struct file_operations nfs_file_operations;
31978 +extern const struct address_space_operations nfs_file_aops;
31980 static __inline__ struct rpc_cred *
31981 nfs_file_cred(struct file *file)
31982 @@ -179,14 +179,14 @@ nfs_file_cred(struct file *file)
31984 * linux/fs/nfs/dir.c
31986 -extern struct inode_operations nfs_dir_inode_operations;
31987 -extern struct file_operations nfs_dir_operations;
31988 -extern struct dentry_operations nfs_dentry_operations;
31989 +extern const struct inode_operations nfs_dir_inode_operations;
31990 +extern const struct file_operations nfs_dir_operations;
31991 +extern const struct dentry_operations nfs_dentry_operations;
31994 * linux/fs/nfs/symlink.c
31996 -extern struct inode_operations nfs_symlink_inode_operations;
31997 +extern const struct inode_operations nfs_symlink_inode_operations;
32000 * linux/fs/nfs/locks.c
32001 diff -urNp linux-2.4.37.7/include/linux/phonedev.h linux-2.4.37.7/include/linux/phonedev.h
32002 --- linux-2.4.37.7/include/linux/phonedev.h 2009-11-07 11:52:20.000000000 -0500
32003 +++ linux-2.4.37.7/include/linux/phonedev.h 2009-11-10 19:30:27.000000000 -0500
32006 struct phone_device {
32007 struct phone_device *next;
32008 - struct file_operations *f_op;
32009 + const struct file_operations *f_op;
32010 int (*open) (struct phone_device *, struct file *);
32011 int board; /* Device private index */
32013 diff -urNp linux-2.4.37.7/include/linux/proc_fs.h linux-2.4.37.7/include/linux/proc_fs.h
32014 --- linux-2.4.37.7/include/linux/proc_fs.h 2009-11-07 11:52:20.000000000 -0500
32015 +++ linux-2.4.37.7/include/linux/proc_fs.h 2009-11-10 19:30:27.000000000 -0500
32016 @@ -59,8 +59,8 @@ struct proc_dir_entry {
32019 unsigned long size;
32020 - struct inode_operations * proc_iops;
32021 - struct file_operations * proc_fops;
32022 + const struct inode_operations * proc_iops;
32023 + const struct file_operations * proc_fops;
32024 get_info_t *get_info;
32025 struct module *owner;
32026 struct proc_dir_entry *next, *parent, *subdir;
32027 @@ -112,9 +112,9 @@ extern int proc_match(int, const char *,
32028 extern int proc_readdir(struct file *, void *, filldir_t);
32029 extern struct dentry *proc_lookup(struct inode *, struct dentry *);
32031 -extern struct file_operations proc_kcore_operations;
32032 -extern struct file_operations proc_kmsg_operations;
32033 -extern struct file_operations ppc_htab_operations;
32034 +extern const struct file_operations proc_kcore_operations;
32035 +extern const struct file_operations proc_kmsg_operations;
32036 +extern const struct file_operations ppc_htab_operations;
32040 @@ -175,7 +175,7 @@ static inline struct proc_dir_entry *pro
32043 static inline struct proc_dir_entry *proc_net_fops_create(const char *name,
32044 - mode_t mode, struct file_operations *fops)
32045 + mode_t mode, const struct file_operations *fops)
32047 struct proc_dir_entry *res = create_proc_entry(name, mode, proc_net);
32049 diff -urNp linux-2.4.37.7/include/linux/qnx4_fs.h linux-2.4.37.7/include/linux/qnx4_fs.h
32050 --- linux-2.4.37.7/include/linux/qnx4_fs.h 2009-11-07 11:52:20.000000000 -0500
32051 +++ linux-2.4.37.7/include/linux/qnx4_fs.h 2009-11-10 19:30:27.000000000 -0500
32052 @@ -105,10 +105,10 @@ extern struct buffer_head *qnx4_getblk(s
32053 extern struct buffer_head *qnx4_bread(struct inode *, int, int);
32055 extern int qnx4_create(struct inode *dir, struct dentry *dentry, int mode);
32056 -extern struct inode_operations qnx4_file_inode_operations;
32057 -extern struct inode_operations qnx4_dir_inode_operations;
32058 -extern struct file_operations qnx4_file_operations;
32059 -extern struct file_operations qnx4_dir_operations;
32060 +extern const struct inode_operations qnx4_file_inode_operations;
32061 +extern const struct inode_operations qnx4_dir_inode_operations;
32062 +extern const struct file_operations qnx4_file_operations;
32063 +extern const struct file_operations qnx4_dir_operations;
32064 extern int qnx4_is_free(struct super_block *sb, long block);
32065 extern int qnx4_set_bitmap(struct super_block *sb, long block, int busy);
32066 extern int qnx4_create(struct inode *inode, struct dentry *dentry, int mode);
32067 diff -urNp linux-2.4.37.7/include/linux/random.h linux-2.4.37.7/include/linux/random.h
32068 --- linux-2.4.37.7/include/linux/random.h 2009-11-07 11:52:20.000000000 -0500
32069 +++ linux-2.4.37.7/include/linux/random.h 2009-11-10 19:30:27.000000000 -0500
32070 @@ -73,7 +73,7 @@ extern __u32 secure_tcpv6_sequence_numbe
32071 extern __u32 secure_ipv6_id(__u32 *daddr);
32074 -extern struct file_operations random_fops, urandom_fops;
32075 +extern const struct file_operations random_fops, urandom_fops;
32078 #endif /* __KERNEL___ */
32079 diff -urNp linux-2.4.37.7/include/linux/reiserfs_fs.h linux-2.4.37.7/include/linux/reiserfs_fs.h
32080 --- linux-2.4.37.7/include/linux/reiserfs_fs.h 2009-11-07 11:52:20.000000000 -0500
32081 +++ linux-2.4.37.7/include/linux/reiserfs_fs.h 2009-11-10 19:30:27.000000000 -0500
32082 @@ -1968,8 +1968,8 @@ int reiserfs_journal_in_proc( char *buff
32086 -extern struct inode_operations reiserfs_dir_inode_operations;
32087 -extern struct file_operations reiserfs_dir_operations;
32088 +extern const struct inode_operations reiserfs_dir_inode_operations;
32089 +extern const struct file_operations reiserfs_dir_operations;
32091 /* tail_conversion.c */
32092 int direct2indirect (struct reiserfs_transaction_handle *, struct inode *, struct path *, struct buffer_head *, loff_t);
32093 @@ -1978,9 +1978,9 @@ void reiserfs_unmap_buffer(struct buffer
32097 -extern struct inode_operations reiserfs_file_inode_operations;
32098 -extern struct file_operations reiserfs_file_operations;
32099 -extern struct address_space_operations reiserfs_address_space_operations ;
32100 +extern const struct inode_operations reiserfs_file_inode_operations;
32101 +extern const struct file_operations reiserfs_file_operations;
32102 +extern const struct address_space_operations reiserfs_address_space_operations ;
32103 int get_new_buffer (struct reiserfs_transaction_handle *th, struct buffer_head *,
32104 struct buffer_head **, struct path *);
32106 diff -urNp linux-2.4.37.7/include/linux/sched.h linux-2.4.37.7/include/linux/sched.h
32107 --- linux-2.4.37.7/include/linux/sched.h 2009-11-07 11:52:20.000000000 -0500
32108 +++ linux-2.4.37.7/include/linux/sched.h 2009-11-10 19:30:27.000000000 -0500
32109 @@ -27,6 +27,9 @@ extern unsigned long event;
32110 #include <linux/securebits.h>
32111 #include <linux/fs_struct.h>
32113 +extern int gr_task_is_capable(struct task_struct *task, const int cap);
32114 +extern int gr_pid_is_chrooted(struct task_struct *p);
32116 struct exec_domain;
32119 @@ -231,8 +234,33 @@ struct mm_struct {
32121 /* Architecture-specific MM context */
32122 mm_context_t context;
32124 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
32125 + unsigned long pax_flags;
32128 +#ifdef CONFIG_PAX_DLRESOLVE
32129 + unsigned long call_dl_resolve;
32132 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
32133 + unsigned long call_syscall;
32136 +#ifdef CONFIG_PAX_ASLR
32137 + unsigned long delta_mmap; /* randomized offset */
32138 + unsigned long delta_exec; /* randomized offset */
32139 + unsigned long delta_stack; /* randomized offset */
32143 +#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */
32144 +#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */
32145 +#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */
32146 +#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */
32147 +/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */
32148 +#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */
32150 extern int mmlist_nr;
32152 #define INIT_MM(name) \
32153 @@ -406,7 +434,7 @@ struct task_struct {
32154 int (*notifier)(void *priv);
32155 void *notifier_data;
32156 sigset_t *notifier_mask;
32159 /* Thread group tracking */
32160 u32 parent_exec_id;
32162 @@ -417,6 +445,24 @@ struct task_struct {
32163 void *journal_info;
32165 struct list_head *scm_work_list;
32167 +#ifdef CONFIG_GRKERNSEC
32168 +/* added by grsecurity's ACL system */
32169 + struct acl_subject_label *acl;
32170 + struct acl_role_label *role;
32171 + struct file *exec_file;
32178 + u8 acl_sp_role:1;
32179 + u8 used_accept:1;
32180 + u8 is_writable:1;
32187 @@ -438,6 +484,43 @@ struct task_struct {
32189 #define PF_USEDFPU 0x00100000 /* task used FPU this quantum (SMP) */
32191 +#ifdef CONFIG_PAX_SOFTMODE
32192 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) || defined(CONFIG_PAX_RANDKSTACK)
32193 +extern unsigned int pax_aslr;
32196 +extern unsigned int pax_softmode;
32199 +extern int pax_check_flags(unsigned long *);
32201 +/* if tsk != current then task_lock must be held on it */
32202 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
32203 +static inline unsigned long pax_get_flags(struct task_struct *tsk)
32205 + if (likely(tsk->mm != NULL))
32206 + return tsk->mm->pax_flags;
32211 +/* if tsk != current then task_lock must be held on it */
32212 +static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
32214 + if (likely(tsk->mm != NULL)) {
32215 + tsk->mm->pax_flags = flags;
32222 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
32223 +extern void pax_set_initial_flags(struct linux_binprm * bprm);
32224 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
32225 +extern void (*pax_set_initial_flags_func)(struct linux_binprm * bprm);
32231 @@ -552,6 +635,8 @@ static inline void unhash_pid(struct tas
32232 *p->pidhash_pprev = p->pidhash_next;
32235 +#include <asm/current.h>
32237 static inline struct task_struct *find_task_by_pid(int pid)
32239 struct task_struct *p, **htable = &pidhash[pid_hashfn(pid)];
32240 @@ -559,6 +644,8 @@ static inline struct task_struct *find_t
32241 for(p = *htable; p && p->pid != pid; p = p->pidhash_next)
32244 + if(gr_pid_is_chrooted(p)) p = NULL;
32249 @@ -580,8 +667,6 @@ extern struct user_struct * alloc_uid(ui
32250 extern void free_uid(struct user_struct *);
32251 extern void switch_uid(struct user_struct *);
32253 -#include <asm/current.h>
32255 extern unsigned long volatile jiffies;
32256 extern unsigned long itimer_ticks;
32257 extern unsigned long itimer_next;
32258 @@ -745,7 +830,7 @@ static inline int fsuser(void)
32259 static inline int capable(int cap)
32262 - if (cap_raised(current->cap_effective, cap))
32263 + if (cap_raised(current->cap_effective, cap) && gr_task_is_capable(current, cap))
32265 if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid == 0)
32267 diff -urNp linux-2.4.37.7/include/linux/seq_file.h linux-2.4.37.7/include/linux/seq_file.h
32268 --- linux-2.4.37.7/include/linux/seq_file.h 2009-11-07 11:52:20.000000000 -0500
32269 +++ linux-2.4.37.7/include/linux/seq_file.h 2009-11-10 19:30:27.000000000 -0500
32270 @@ -19,7 +19,7 @@ struct seq_file {
32273 struct semaphore sem;
32274 - struct seq_operations *op;
32275 + const struct seq_operations *op;
32279 @@ -30,7 +30,7 @@ struct seq_operations {
32280 int (*show) (struct seq_file *m, void *v);
32283 -int seq_open(struct file *, struct seq_operations *);
32284 +int seq_open(struct file *, const struct seq_operations *);
32285 ssize_t seq_read(struct file *, char *, size_t, loff_t *);
32286 loff_t seq_lseek(struct file *, loff_t, int);
32287 int seq_release(struct inode *, struct file *);
32288 diff -urNp linux-2.4.37.7/include/linux/sound.h linux-2.4.37.7/include/linux/sound.h
32289 --- linux-2.4.37.7/include/linux/sound.h 2009-11-07 11:52:20.000000000 -0500
32290 +++ linux-2.4.37.7/include/linux/sound.h 2009-11-10 19:30:27.000000000 -0500
32291 @@ -27,11 +27,11 @@
32292 * Sound core interface functions
32295 -extern int register_sound_special(struct file_operations *fops, int unit);
32296 -extern int register_sound_mixer(struct file_operations *fops, int dev);
32297 -extern int register_sound_midi(struct file_operations *fops, int dev);
32298 -extern int register_sound_dsp(struct file_operations *fops, int dev);
32299 -extern int register_sound_synth(struct file_operations *fops, int dev);
32300 +extern int register_sound_special(const struct file_operations *fops, int unit);
32301 +extern int register_sound_mixer(const struct file_operations *fops, int dev);
32302 +extern int register_sound_midi(const struct file_operations *fops, int dev);
32303 +extern int register_sound_dsp(const struct file_operations *fops, int dev);
32304 +extern int register_sound_synth(const struct file_operations *fops, int dev);
32306 extern void unregister_sound_special(int unit);
32307 extern void unregister_sound_mixer(int unit);
32308 diff -urNp linux-2.4.37.7/include/linux/sysctl.h linux-2.4.37.7/include/linux/sysctl.h
32309 --- linux-2.4.37.7/include/linux/sysctl.h 2009-11-07 11:52:20.000000000 -0500
32310 +++ linux-2.4.37.7/include/linux/sysctl.h 2009-11-10 19:30:27.000000000 -0500
32311 @@ -130,8 +130,20 @@ enum
32312 KERN_EXCEPTION_TRACE=58, /* boolean: exception trace */
32313 KERN_CORE_SETUID=59, /* int: set to allow core dumps of setuid apps */
32314 KERN_SPARC_SCONS_PWROFF=64, /* int: serial console power-off halt */
32315 + KERN_GRSECURITY=68, /* grsecurity */
32317 +#ifdef CONFIG_PAX_SOFTMODE
32318 + KERN_PAX=69, /* PaX control */
32323 +#ifdef CONFIG_PAX_SOFTMODE
32325 + PAX_ASLR=1, /* PaX: disable/enable all randomization features */
32326 + PAX_SOFTMODE=2, /* PaX: disable/enable soft mode */
32330 /* CTL_VM names: */
32332 diff -urNp linux-2.4.37.7/include/linux/sysv_fs.h linux-2.4.37.7/include/linux/sysv_fs.h
32333 --- linux-2.4.37.7/include/linux/sysv_fs.h 2009-11-07 11:52:20.000000000 -0500
32334 +++ linux-2.4.37.7/include/linux/sysv_fs.h 2009-11-10 19:30:27.000000000 -0500
32335 @@ -324,14 +324,14 @@ extern void sysv_set_link(struct sysv_di
32336 extern struct sysv_dir_entry *sysv_dotdot(struct inode*, struct page**);
32337 extern ino_t sysv_inode_by_name(struct dentry*);
32339 -extern struct inode_operations sysv_file_inode_operations;
32340 -extern struct inode_operations sysv_dir_inode_operations;
32341 -extern struct inode_operations sysv_fast_symlink_inode_operations;
32342 -extern struct file_operations sysv_file_operations;
32343 -extern struct file_operations sysv_dir_operations;
32344 -extern struct address_space_operations sysv_aops;
32345 -extern struct super_operations sysv_sops;
32346 -extern struct dentry_operations sysv_dentry_operations;
32347 +extern const struct inode_operations sysv_file_inode_operations;
32348 +extern const struct inode_operations sysv_dir_inode_operations;
32349 +extern const struct inode_operations sysv_fast_symlink_inode_operations;
32350 +extern const struct file_operations sysv_file_operations;
32351 +extern const struct file_operations sysv_dir_operations;
32352 +extern const struct address_space_operations sysv_aops;
32353 +extern const struct super_operations sysv_sops;
32354 +extern const struct dentry_operations sysv_dentry_operations;
32356 extern struct sysv_inode *sysv_raw_inode(struct super_block *, unsigned, struct buffer_head **);
32358 diff -urNp linux-2.4.37.7/include/linux/ufs_fs.h linux-2.4.37.7/include/linux/ufs_fs.h
32359 --- linux-2.4.37.7/include/linux/ufs_fs.h 2009-11-07 11:52:20.000000000 -0500
32360 +++ linux-2.4.37.7/include/linux/ufs_fs.h 2009-11-10 19:30:27.000000000 -0500
32361 @@ -520,7 +520,7 @@ extern struct ufs_cg_private_info * ufs_
32362 extern void ufs_put_cylinder (struct super_block *, unsigned);
32365 -extern struct inode_operations ufs_dir_inode_operations;
32366 +extern const struct inode_operations ufs_dir_inode_operations;
32367 extern int ufs_check_dir_entry (const char *, struct inode *, struct ufs_dir_entry *, struct buffer_head *, unsigned long);
32368 extern int ufs_add_link (struct dentry *, struct inode *);
32369 extern ino_t ufs_inode_by_name(struct inode *, struct dentry *);
32370 @@ -532,10 +532,10 @@ extern struct ufs_dir_entry * ufs_dotdot
32371 extern void ufs_set_link(struct inode *, struct ufs_dir_entry *, struct buffer_head *, struct inode *);
32374 -extern struct inode_operations ufs_file_inode_operations;
32375 -extern struct file_operations ufs_file_operations;
32376 +extern const struct inode_operations ufs_file_inode_operations;
32377 +extern const struct file_operations ufs_file_operations;
32379 -extern struct address_space_operations ufs_aops;
32380 +extern const struct address_space_operations ufs_aops;
32383 extern void ufs_free_inode (struct inode *inode);
32384 @@ -552,7 +552,7 @@ extern struct buffer_head * ufs_getfrag
32385 extern struct buffer_head * ufs_bread (struct inode *, unsigned, int, int *);
32388 -extern struct file_operations ufs_dir_operations;
32389 +extern const struct file_operations ufs_dir_operations;
32392 extern void ufs_warning (struct super_block *, const char *, const char *, ...) __attribute__ ((format (printf, 3, 4)));
32393 @@ -561,7 +561,7 @@ extern void ufs_panic (struct super_bloc
32394 extern void ufs_write_super (struct super_block *);
32397 -extern struct inode_operations ufs_fast_symlink_inode_operations;
32398 +extern const struct inode_operations ufs_fast_symlink_inode_operations;
32401 extern void ufs_truncate (struct inode *);
32402 diff -urNp linux-2.4.37.7/include/linux/umsdos_fs.h linux-2.4.37.7/include/linux/umsdos_fs.h
32403 --- linux-2.4.37.7/include/linux/umsdos_fs.h 2009-11-07 11:52:20.000000000 -0500
32404 +++ linux-2.4.37.7/include/linux/umsdos_fs.h 2009-11-10 19:30:27.000000000 -0500
32405 @@ -173,10 +173,10 @@ struct umsdos_ioctl {
32406 #include <linux/fs.h>
32409 -extern struct inode_operations umsdos_dir_inode_operations;
32410 -extern struct inode_operations umsdos_rdir_inode_operations;
32411 -extern struct file_operations umsdos_dir_operations;
32412 -extern struct file_operations umsdos_rdir_operations;
32413 +extern const struct inode_operations umsdos_dir_inode_operations;
32414 +extern const struct inode_operations umsdos_rdir_inode_operations;
32415 +extern const struct file_operations umsdos_dir_operations;
32416 +extern const struct file_operations umsdos_rdir_operations;
32418 #include <linux/umsdos_fs.p>
32420 diff -urNp linux-2.4.37.7/include/linux/usbdevice_fs.h linux-2.4.37.7/include/linux/usbdevice_fs.h
32421 --- linux-2.4.37.7/include/linux/usbdevice_fs.h 2009-11-07 11:52:20.000000000 -0500
32422 +++ linux-2.4.37.7/include/linux/usbdevice_fs.h 2009-11-10 19:30:27.000000000 -0500
32423 @@ -181,10 +181,10 @@ struct dev_state {
32425 /* internal methods & data */
32426 extern struct usb_driver usbdevfs_driver;
32427 -extern struct file_operations usbdevfs_drivers_fops;
32428 -extern struct file_operations usbdevfs_devices_fops;
32429 -extern struct file_operations usbdevfs_device_file_operations;
32430 -extern struct inode_operations usbdevfs_device_inode_operations;
32431 +extern const struct file_operations usbdevfs_drivers_fops;
32432 +extern const struct file_operations usbdevfs_devices_fops;
32433 +extern const struct file_operations usbdevfs_device_file_operations;
32434 +extern const struct inode_operations usbdevfs_device_inode_operations;
32435 extern void usbdevfs_conn_disc_event(void);
32437 #endif /* __KERNEL__ */
32438 diff -urNp linux-2.4.37.7/include/linux/usb.h linux-2.4.37.7/include/linux/usb.h
32439 --- linux-2.4.37.7/include/linux/usb.h 2009-11-07 11:52:20.000000000 -0500
32440 +++ linux-2.4.37.7/include/linux/usb.h 2009-11-10 19:30:27.000000000 -0500
32441 @@ -456,7 +456,7 @@ struct usb_driver {
32443 struct list_head driver_list;
32445 - struct file_operations *fops;
32446 + const struct file_operations *fops;
32449 struct semaphore serialize;
32450 diff -urNp linux-2.4.37.7/include/linux/videodev.h linux-2.4.37.7/include/linux/videodev.h
32451 --- linux-2.4.37.7/include/linux/videodev.h 2009-11-07 11:52:20.000000000 -0500
32452 +++ linux-2.4.37.7/include/linux/videodev.h 2009-11-10 19:30:27.000000000 -0500
32453 @@ -20,7 +20,7 @@ struct video_device
32456 /* device ops + callbacks */
32457 - struct file_operations *fops;
32458 + const struct file_operations *fops;
32459 void (*release)(struct video_device *vfd);
32461 /* old, obsolete interface -- dropped in 2.5.x, don't use it */
32462 diff -urNp linux-2.4.37.7/init/main.c linux-2.4.37.7/init/main.c
32463 --- linux-2.4.37.7/init/main.c 2009-11-07 11:52:20.000000000 -0500
32464 +++ linux-2.4.37.7/init/main.c 2009-11-10 19:30:27.000000000 -0500
32466 #include <linux/bootmem.h>
32467 #include <linux/file.h>
32468 #include <linux/tty.h>
32469 +#include <linux/grsecurity.h>
32471 #include <asm/io.h>
32472 #include <asm/bugs.h>
32473 @@ -117,6 +118,8 @@ extern void ecard_init(void);
32474 extern void ipc_init(void);
32477 +extern void grsecurity_init(void);
32480 * Boot command-line arguments
32482 @@ -142,6 +145,15 @@ static int __init profile_setup(char *st
32484 __setup("profile=", profile_setup);
32486 +#ifdef CONFIG_PAX_SOFTMODE
32487 +static int __init setup_pax_softmode(char *str)
32489 + get_option(&str, &pax_softmode);
32492 +__setup("pax_softmode=", setup_pax_softmode);
32495 static int __init checksetup(char *line)
32497 struct kernel_param *p;
32498 @@ -566,6 +578,7 @@ static int init(void * unused)
32501 prepare_namespace();
32502 + grsecurity_init();
32505 * Ok, we have completed the initial bootup, and
32506 diff -urNp linux-2.4.37.7/ipc/msg.c linux-2.4.37.7/ipc/msg.c
32507 --- linux-2.4.37.7/ipc/msg.c 2009-11-07 11:52:20.000000000 -0500
32508 +++ linux-2.4.37.7/ipc/msg.c 2009-11-10 19:30:27.000000000 -0500
32510 #include <linux/init.h>
32511 #include <linux/proc_fs.h>
32512 #include <linux/list.h>
32513 +#include <linux/grsecurity.h>
32514 #include <asm/uaccess.h>
32517 @@ -326,6 +327,9 @@ asmlinkage long sys_msgget (key_t key, i
32522 + gr_log_msgget(ret, msgflg);
32527 @@ -560,6 +564,8 @@ asmlinkage long sys_msgctl (int msqid, i
32531 + gr_log_msgrm(ipcp->uid, ipcp->cuid);
32536 diff -urNp linux-2.4.37.7/ipc/sem.c linux-2.4.37.7/ipc/sem.c
32537 --- linux-2.4.37.7/ipc/sem.c 2009-11-07 11:52:20.000000000 -0500
32538 +++ linux-2.4.37.7/ipc/sem.c 2009-11-10 19:30:27.000000000 -0500
32540 #include <linux/init.h>
32541 #include <linux/proc_fs.h>
32542 #include <linux/time.h>
32543 +#include <linux/grsecurity.h>
32544 #include <asm/uaccess.h>
32547 @@ -182,6 +183,9 @@ asmlinkage long sys_semget (key_t key, i
32552 + gr_log_semget(err, semflg);
32557 @@ -724,6 +728,8 @@ static int semctl_down(int semid, int se
32561 + gr_log_semrm(ipcp->uid, ipcp->cuid);
32566 diff -urNp linux-2.4.37.7/ipc/shm.c linux-2.4.37.7/ipc/shm.c
32567 --- linux-2.4.37.7/ipc/shm.c 2009-11-07 11:52:20.000000000 -0500
32568 +++ linux-2.4.37.7/ipc/shm.c 2009-11-10 19:30:27.000000000 -0500
32570 #include <linux/mman.h>
32571 #include <linux/proc_fs.h>
32572 #include <asm/uaccess.h>
32573 +#include <linux/grsecurity.h>
32577 @@ -38,12 +39,25 @@ struct shmid_kernel /* private to the ke
32582 +#ifdef CONFIG_GRKERNSEC
32583 + time_t shm_createtime;
32588 +#ifdef CONFIG_GRKERNSEC
32589 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
32590 + const time_t shm_createtime, const uid_t cuid,
32591 + const int shmid);
32592 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
32593 + const time_t shm_createtime);
32596 #define shm_flags shm_perm.mode
32598 -static struct file_operations shm_file_operations;
32599 -static struct vm_operations_struct shm_vm_ops;
32600 +static const struct file_operations shm_file_operations;
32601 +static const struct vm_operations_struct shm_vm_ops;
32603 static struct ipc_ids shm_ids;
32605 @@ -68,8 +82,19 @@ int shm_ctlmni = SHMMNI;
32607 static int shm_tot; /* total number of shared memory pages */
32609 +#ifdef CONFIG_GRKERNSEC_KHEAP
32610 +static kmem_cache_t *shm_cachep;
32613 void __init shm_init (void)
32615 +#ifdef CONFIG_GRKERNSEC_KHEAP
32616 + shm_cachep = kmem_cache_create("shm_cache", sizeof(struct shmid_kernel),
32617 + 0, 0, NULL, NULL);
32619 + panic("cannot create shm slab cache");
32622 ipc_init_ids(&shm_ids, 1);
32623 #ifdef CONFIG_PROC_FS
32624 create_proc_read_entry("sysvipc/shm", 0, 0, sysvipc_shm_read_proc, NULL);
32625 @@ -80,6 +105,7 @@ static inline int shm_checkid(struct shm
32627 if (ipc_checkid(&shm_ids,&s->shm_perm,id))
32633 @@ -127,7 +153,13 @@ static void shm_destroy (struct shmid_ke
32634 shm_unlock(shp->id);
32635 shmem_lock(shp->shm_file, 0);
32636 fput (shp->shm_file);
32638 +#ifdef CONFIG_GRKERNSEC_KHEAP
32639 + kmem_cache_free(shm_cachep, shp);
32647 @@ -149,6 +181,17 @@ static void shm_close (struct vm_area_st
32648 shp->shm_lprid = current->pid;
32649 shp->shm_dtim = CURRENT_TIME;
32651 +#ifdef CONFIG_GRKERNSEC_SHM
32652 + if (grsec_enable_shm) {
32653 + if (shp->shm_nattch == 0) {
32654 + shp->shm_flags |= SHM_DEST;
32655 + shm_destroy(shp);
32658 + up(&shm_ids.sem);
32662 if(shp->shm_nattch == 0 &&
32663 shp->shm_flags & SHM_DEST)
32665 @@ -167,11 +210,11 @@ static int shm_mmap(struct file * file,
32669 -static struct file_operations shm_file_operations = {
32670 +static const struct file_operations shm_file_operations = {
32674 -static struct vm_operations_struct shm_vm_ops = {
32675 +static const struct vm_operations_struct shm_vm_ops = {
32676 open: shm_open, /* callback for a new vm-area open */
32677 close: shm_close, /* callback for when the vm-area is released */
32678 nopage: shmem_nopage,
32679 @@ -192,7 +235,12 @@ static int newseg (key_t key, int shmflg
32680 if (shm_tot + numpages >= shm_ctlall)
32683 +#ifdef CONFIG_GRKERNSEC_KHEAP
32684 + shp = (struct shmid_kernel *) kmem_cache_alloc(shm_cachep, SLAB_USER);
32686 shp = (struct shmid_kernel *) kmalloc (sizeof (*shp), GFP_USER);
32691 sprintf (name, "SYSV%08x", key);
32692 @@ -211,6 +259,9 @@ static int newseg (key_t key, int shmflg
32693 shp->shm_lprid = 0;
32694 shp->shm_atim = shp->shm_dtim = 0;
32695 shp->shm_ctim = CURRENT_TIME;
32696 +#ifdef CONFIG_GRKERNSEC
32697 + shp->shm_createtime = CURRENT_TIME;
32699 shp->shm_segsz = size;
32700 shp->shm_nattch = 0;
32701 shp->id = shm_buildid(id,shp->shm_perm.seq);
32702 @@ -224,7 +275,11 @@ static int newseg (key_t key, int shmflg
32706 +#ifdef CONFIG_GRKERNSEC_KHEAP
32707 + kmem_cache_free(shm_cachep, shp);
32714 @@ -256,6 +311,9 @@ asmlinkage long sys_shmget (key_t key, s
32719 + gr_log_shmget(err, shmflg, size);
32724 @@ -511,6 +569,9 @@ asmlinkage long sys_shmctl (int shmid, i
32726 goto out_unlock_up;
32729 + gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid);
32731 if (shp->shm_nattch){
32732 shp->shm_flags |= SHM_DEST;
32733 /* Do not find it any more */
32734 @@ -624,9 +685,28 @@ asmlinkage long sys_shmat (int shmid, ch
32739 +#ifdef CONFIG_GRKERNSEC
32740 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
32741 + shp->shm_perm.cuid, shmid)) {
32742 + shm_unlock(shmid);
32746 + if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
32747 + shm_unlock(shmid);
32752 file = shp->shm_file;
32753 size = file->f_dentry->d_inode->i_size;
32756 +#ifdef CONFIG_GRKERNSEC
32757 + shp->shm_lapid = current->pid;
32762 down_write(¤t->mm->mmap_sem);
32763 @@ -751,3 +831,26 @@ done:
32768 +void gr_shm_exit(void)
32770 +#ifdef CONFIG_GRKERNSEC_SHM
32772 + struct task_struct *task = current;
32773 + struct shmid_kernel *shp;
32775 + if (!grsec_enable_shm)
32778 + for (i = 0; i <= shm_ids.max_id; i++) {
32779 + shp = shm_get(i);
32780 + if (shp && (shp->shm_cprid == task->pid) &&
32781 + (shp->shm_nattch <= 0)) {
32782 + shp->shm_flags |= SHM_DEST;
32783 + shm_destroy(shp);
32790 diff -urNp linux-2.4.37.7/kernel/capability.c linux-2.4.37.7/kernel/capability.c
32791 --- linux-2.4.37.7/kernel/capability.c 2009-11-07 11:52:20.000000000 -0500
32792 +++ linux-2.4.37.7/kernel/capability.c 2009-11-10 19:30:27.000000000 -0500
32795 #include <linux/mm.h>
32796 #include <asm/uaccess.h>
32797 +#include <linux/grsecurity.h>
32799 kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
32801 @@ -168,7 +169,6 @@ asmlinkage long sys_capset(cap_user_head
32806 /* verify restrictions on target's new Inheritable set */
32807 if (!cap_issubset(inheritable,
32808 cap_combine(target->cap_inheritable,
32809 diff -urNp linux-2.4.37.7/kernel/exit.c linux-2.4.37.7/kernel/exit.c
32810 --- linux-2.4.37.7/kernel/exit.c 2009-11-07 11:52:20.000000000 -0500
32811 +++ linux-2.4.37.7/kernel/exit.c 2009-11-10 19:30:27.000000000 -0500
32813 #ifdef CONFIG_BSD_PROCESS_ACCT
32814 #include <linux/acct.h>
32816 +#include <linux/grsecurity.h>
32818 #include <asm/uaccess.h>
32819 #include <asm/pgtable.h>
32820 @@ -438,10 +439,16 @@ fake_volatile:
32821 #ifdef CONFIG_BSD_PROCESS_ACCT
32822 acct_process(code);
32825 + gr_acl_handle_psacct(tsk, code);
32826 + gr_acl_handle_exit();
32827 + gr_del_task_from_ip_table(tsk);
32836 exit_namespace(tsk);
32837 diff -urNp linux-2.4.37.7/kernel/fork.c linux-2.4.37.7/kernel/fork.c
32838 --- linux-2.4.37.7/kernel/fork.c 2009-11-07 11:52:20.000000000 -0500
32839 +++ linux-2.4.37.7/kernel/fork.c 2009-11-10 19:30:27.000000000 -0500
32841 #include <linux/namespace.h>
32842 #include <linux/personality.h>
32843 #include <linux/compiler.h>
32844 +#include <linux/grsecurity.h>
32846 #include <asm/pgtable.h>
32847 #include <asm/pgalloc.h>
32848 @@ -665,6 +666,8 @@ int do_fork(unsigned long clone_flags, u
32852 + gr_handle_brute_check();
32855 p = alloc_task_struct();
32857 @@ -679,6 +682,9 @@ int do_fork(unsigned long clone_flags, u
32858 * friends to set the per-user process limit to something lower
32859 * than the amount of processes root is running. -- Rik
32862 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes), 0);
32864 if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur
32865 && p->user != &root_user
32866 && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
32867 @@ -765,6 +771,7 @@ int do_fork(unsigned long clone_flags, u
32868 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
32870 goto bad_fork_cleanup_namespace;
32871 + gr_copy_label(p);
32874 /* ok, now we should be set up.. */
32875 @@ -848,6 +855,9 @@ bad_fork_cleanup_count:
32878 free_task_struct(p);
32880 + gr_log_forkfail(retval);
32885 diff -urNp linux-2.4.37.7/kernel/ksyms.c linux-2.4.37.7/kernel/ksyms.c
32886 --- linux-2.4.37.7/kernel/ksyms.c 2009-11-07 11:52:20.000000000 -0500
32887 +++ linux-2.4.37.7/kernel/ksyms.c 2009-11-10 19:30:27.000000000 -0500
32889 #include <linux/dnotify.h>
32890 #include <linux/crc32.h>
32891 #include <linux/firmware.h>
32892 +#include <linux/grsecurity.h>
32893 #include <asm/checksum.h>
32895 #if defined(CONFIG_PROC_FS)
32896 @@ -622,3 +623,9 @@ EXPORT_SYMBOL(dump_stack);
32897 /* To match ksyms with System.map */
32898 extern const char _end[];
32899 EXPORT_SYMBOL(_end);
32902 +EXPORT_SYMBOL(gr_task_is_capable);
32903 +EXPORT_SYMBOL(gr_pid_is_chrooted);
32904 +EXPORT_SYMBOL(gr_learn_resource);
32905 +EXPORT_SYMBOL(gr_set_kernel_label);
32906 diff -urNp linux-2.4.37.7/kernel/module.c linux-2.4.37.7/kernel/module.c
32907 --- linux-2.4.37.7/kernel/module.c 2009-11-07 11:52:20.000000000 -0500
32908 +++ linux-2.4.37.7/kernel/module.c 2009-11-10 19:30:27.000000000 -0500
32909 @@ -55,6 +55,8 @@ struct module kernel_module =
32911 struct module *module_list = &kernel_module;
32913 +extern int gr_check_modstop(void);
32915 #endif /* defined(CONFIG_MODULES) || defined(CONFIG_KALLSYMS) */
32917 /* inter_module functions are always available, even when the kernel is
32918 @@ -296,6 +298,9 @@ sys_create_module(const char *name_user,
32919 struct module *mod;
32920 unsigned long flags;
32922 + if (gr_check_modstop())
32925 if (!capable(CAP_SYS_MODULE))
32928 @@ -351,6 +356,9 @@ sys_init_module(const char *name_user, s
32929 unsigned long mod_user_size, flags;
32930 struct module_ref *dep;
32932 + if (gr_check_modstop())
32935 if (!capable(CAP_SYS_MODULE))
32938 @@ -612,6 +620,9 @@ sys_delete_module(const char *name_user)
32940 int something_changed;
32942 + if (gr_check_modstop())
32945 if (!capable(CAP_SYS_MODULE))
32948 @@ -900,6 +911,11 @@ sys_query_module(const char *name_user,
32949 struct module *mod;
32952 +#ifdef CONFIG_GRKERNSEC_HIDESYM
32953 + if (!capable(CAP_SYS_MODULE))
32958 if (name_user == NULL)
32959 mod = &kernel_module;
32960 @@ -969,6 +985,11 @@ sys_get_kernel_syms(struct kernel_sym *t
32962 struct kernel_sym ksym;
32964 +#ifdef CONFIG_GRKERNSEC_HIDESYM
32965 + if (!capable(CAP_SYS_MODULE))
32970 for (mod = module_list, i = 0; mod; mod = mod->next) {
32971 /* include the count for the module name! */
32972 @@ -1241,7 +1262,7 @@ static int s_show(struct seq_file *m, vo
32976 -struct seq_operations ksyms_op = {
32977 +const struct seq_operations ksyms_op = {
32981 diff -urNp linux-2.4.37.7/kernel/printk.c linux-2.4.37.7/kernel/printk.c
32982 --- linux-2.4.37.7/kernel/printk.c 2009-11-07 11:52:20.000000000 -0500
32983 +++ linux-2.4.37.7/kernel/printk.c 2009-11-10 19:30:27.000000000 -0500
32985 #include <linux/module.h>
32986 #include <linux/interrupt.h> /* For in_interrupt() */
32987 #include <linux/config.h>
32988 +#include <linux/grsecurity.h>
32990 #include <asm/uaccess.h>
32992 @@ -299,6 +300,11 @@ out:
32994 asmlinkage long sys_syslog(int type, char * buf, int len)
32996 +#ifdef CONFIG_GRKERNSEC_DMESG
32997 + if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN))
33001 if ((type != 3) && !capable(CAP_SYS_ADMIN))
33003 return do_syslog(type, buf, len);
33004 diff -urNp linux-2.4.37.7/kernel/resource.c linux-2.4.37.7/kernel/resource.c
33005 --- linux-2.4.37.7/kernel/resource.c 2009-11-07 11:52:20.000000000 -0500
33006 +++ linux-2.4.37.7/kernel/resource.c 2009-11-10 19:30:27.000000000 -0500
33007 @@ -67,7 +67,7 @@ static int r_show(struct seq_file *m, vo
33011 -static struct seq_operations resource_op = {
33012 +static const struct seq_operations resource_op = {
33016 @@ -94,14 +94,14 @@ static int iomem_open(struct inode *inod
33020 -struct file_operations proc_ioports_operations = {
33021 +const struct file_operations proc_ioports_operations = {
33022 .open = ioports_open,
33024 .llseek = seq_lseek,
33025 .release = seq_release,
33028 -struct file_operations proc_iomem_operations = {
33029 +const struct file_operations proc_iomem_operations = {
33030 .open = iomem_open,
33032 .llseek = seq_lseek,
33033 diff -urNp linux-2.4.37.7/kernel/sched.c linux-2.4.37.7/kernel/sched.c
33034 --- linux-2.4.37.7/kernel/sched.c 2009-11-07 11:52:20.000000000 -0500
33035 +++ linux-2.4.37.7/kernel/sched.c 2009-11-10 19:30:27.000000000 -0500
33037 #include <linux/config.h>
33038 #include <linux/mm.h>
33039 #include <linux/init.h>
33040 +#include <linux/file.h>
33041 #include <linux/smp_lock.h>
33042 #include <linux/nmi.h>
33043 #include <linux/interrupt.h>
33045 #include <linux/completion.h>
33046 #include <linux/prefetch.h>
33047 #include <linux/compiler.h>
33048 +#include <linux/grsecurity.h>
33050 +#ifdef CONFIG_GRKERNSEC
33051 +extern rwlock_t grsec_exec_file_lock;
33054 #include <asm/uaccess.h>
33055 #include <asm/mmu_context.h>
33056 @@ -910,6 +916,9 @@ asmlinkage long sys_nice(int increment)
33058 if (increment < -40)
33061 + if (gr_handle_chroot_nice())
33064 if (increment > 40)
33066 @@ -1288,12 +1297,23 @@ void reparent_to_init(void)
33068 write_lock_irq(&tasklist_lock);
33070 +#ifdef CONFIG_GRKERNSEC
33071 + write_lock(&grsec_exec_file_lock);
33072 + if (this_task->exec_file) {
33073 + fput(this_task->exec_file);
33074 + this_task->exec_file = NULL;
33076 + write_unlock(&grsec_exec_file_lock);
33079 /* Reparent to init */
33080 REMOVE_LINKS(this_task);
33081 this_task->p_pptr = child_reaper;
33082 this_task->p_opptr = child_reaper;
33083 SET_LINKS(this_task);
33085 + gr_set_kernel_label(this_task);
33087 /* Set the exit signal to SIGCHLD so we signal init on exit */
33088 this_task->exit_signal = SIGCHLD;
33090 @@ -1327,6 +1347,15 @@ void daemonize(void)
33092 struct fs_struct *fs;
33094 +#ifdef CONFIG_GRKERNSEC
33095 + write_lock(&grsec_exec_file_lock);
33096 + if (current->exec_file) {
33097 + fput(current->exec_file);
33098 + current->exec_file = NULL;
33100 + write_unlock(&grsec_exec_file_lock);
33102 + gr_set_kernel_label(current);
33105 * If we were started as result of loading a module, close all of the
33106 diff -urNp linux-2.4.37.7/kernel/signal.c linux-2.4.37.7/kernel/signal.c
33107 --- linux-2.4.37.7/kernel/signal.c 2009-11-07 11:52:20.000000000 -0500
33108 +++ linux-2.4.37.7/kernel/signal.c 2009-11-10 19:30:27.000000000 -0500
33110 #include <linux/smp_lock.h>
33111 #include <linux/init.h>
33112 #include <linux/sched.h>
33113 +#include <linux/fs.h>
33114 +#include <linux/grsecurity.h>
33116 #include <asm/uaccess.h>
33118 @@ -336,11 +338,11 @@ static int rm_sig_from_queue(int sig, st
33120 int bad_signal(int sig, struct siginfo *info, struct task_struct *t)
33122 - return (!info || ((unsigned long)info != 1 && SI_FROMUSER(info)))
33123 - && ((sig != SIGCONT) || (current->session != t->session))
33124 + return ((!info || ((unsigned long)info != 1 && SI_FROMUSER(info)))
33125 + && ((((sig != SIGCONT) || (current->session != t->session))
33126 && (current->euid ^ t->suid) && (current->euid ^ t->uid)
33127 && (current->uid ^ t->suid) && (current->uid ^ t->uid)
33128 - && !capable(CAP_KILL);
33129 + && !capable(CAP_KILL)) || gr_handle_signal(t, sig)));
33133 @@ -566,6 +568,9 @@ printk("SIG queue (%s:%d): %d ", t->comm
33136 spin_lock_irqsave(&t->sigmask_lock, flags);
33138 + gr_log_signal(sig, t);
33140 handle_stop_signal(sig, t);
33142 /* Optimize away the signal, if it's a signal that can be
33143 @@ -614,6 +619,8 @@ force_sig_info(int sig, struct siginfo *
33144 recalc_sigpending(t);
33145 spin_unlock_irqrestore(&t->sigmask_lock, flags);
33147 + gr_handle_crash(t, sig);
33149 return send_sig_info(sig, info, t);
33152 @@ -1059,7 +1066,7 @@ sys_tkill(int pid, int sig)
33153 p = find_task_by_pid(pid);
33156 - error = send_sig_info(sig, &info, p);
33157 + error = send_sig_info(sig, &info, p);
33159 read_unlock(&tasklist_lock);
33161 diff -urNp linux-2.4.37.7/kernel/sys.c linux-2.4.37.7/kernel/sys.c
33162 --- linux-2.4.37.7/kernel/sys.c 2009-11-07 11:52:20.000000000 -0500
33163 +++ linux-2.4.37.7/kernel/sys.c 2009-11-10 19:30:27.000000000 -0500
33165 * Copyright (C) 1991, 1992 Linus Torvalds
33168 +#include <linux/config.h>
33169 #include <linux/module.h>
33170 #include <linux/mm.h>
33171 #include <linux/utsname.h>
33173 #include <linux/prctl.h>
33174 #include <linux/init.h>
33175 #include <linux/highuid.h>
33176 +#include <linux/grsecurity.h>
33178 #include <asm/uaccess.h>
33179 #include <asm/io.h>
33180 @@ -239,6 +241,12 @@ asmlinkage long sys_setpriority(int whic
33182 if (error == -ESRCH)
33185 + if (gr_handle_chroot_setpriority(p, niceval)) {
33186 + read_unlock(&tasklist_lock);
33190 if (niceval < p->nice && !capable(CAP_SYS_NICE))
33193 @@ -417,6 +425,10 @@ asmlinkage long sys_setregid(gid_t rgid,
33198 + if (gr_check_group_change(new_rgid, new_egid, -1))
33201 if (new_egid != old_egid)
33203 current->mm->dumpable = 0;
33204 @@ -425,6 +437,9 @@ asmlinkage long sys_setregid(gid_t rgid,
33205 if (rgid != (gid_t) -1 ||
33206 (egid != (gid_t) -1 && egid != old_rgid))
33207 current->sgid = new_egid;
33209 + gr_set_role_label(current, current->uid, new_rgid);
33211 current->fsgid = new_egid;
33212 current->egid = new_egid;
33213 current->gid = new_rgid;
33214 @@ -440,6 +455,9 @@ asmlinkage long sys_setgid(gid_t gid)
33216 int old_egid = current->egid;
33218 + if (gr_check_group_change(gid, gid, gid))
33221 if (capable(CAP_SETGID))
33223 if(old_egid != gid)
33224 @@ -447,6 +465,9 @@ asmlinkage long sys_setgid(gid_t gid)
33225 current->mm->dumpable=0;
33229 + gr_set_role_label(current, current->uid, gid);
33231 current->gid = current->egid = current->sgid = current->fsgid = gid;
33233 else if ((gid == current->gid) || (gid == current->sgid))
33234 @@ -523,6 +544,9 @@ static int set_user(uid_t new_ruid, int
33235 current->mm->dumpable = 0;
33239 + gr_set_role_label(current, new_ruid, current->gid);
33241 current->uid = new_ruid;
33244 @@ -567,6 +591,9 @@ asmlinkage long sys_setreuid(uid_t ruid,
33248 + if (gr_check_user_change(new_ruid, new_euid, -1))
33251 if (new_ruid != old_ruid && set_user(new_ruid, new_euid != old_euid) < 0)
33254 @@ -610,6 +637,12 @@ asmlinkage long sys_setuid(uid_t uid)
33255 old_suid = current->suid;
33256 new_suid = old_suid;
33258 + if (gr_check_crash_uid(uid))
33261 + if (gr_check_user_change(uid, uid, uid))
33264 if (capable(CAP_SETUID)) {
33265 if (uid != old_ruid && set_user(uid, old_euid != uid) < 0)
33267 @@ -654,6 +687,10 @@ asmlinkage long sys_setresuid(uid_t ruid
33268 (suid != current->euid) && (suid != current->suid))
33272 + if (gr_check_user_change(ruid, euid, -1))
33275 if (ruid != (uid_t) -1) {
33276 if (ruid != current->uid && set_user(ruid, euid != current->euid) < 0)
33278 @@ -704,6 +741,10 @@ asmlinkage long sys_setresgid(gid_t rgid
33279 (sgid != current->egid) && (sgid != current->sgid))
33283 + if (gr_check_group_change(rgid, egid, -1))
33286 if (egid != (gid_t) -1) {
33287 if (egid != current->egid)
33289 @@ -713,8 +754,10 @@ asmlinkage long sys_setresgid(gid_t rgid
33290 current->egid = egid;
33292 current->fsgid = current->egid;
33293 - if (rgid != (gid_t) -1)
33294 + if (rgid != (gid_t) -1) {
33295 + gr_set_role_label(current, current->uid, rgid);
33296 current->gid = rgid;
33298 if (sgid != (gid_t) -1)
33299 current->sgid = sgid;
33301 @@ -747,6 +790,9 @@ asmlinkage long sys_setfsuid(uid_t uid)
33302 uid == current->suid || uid == current->fsuid ||
33303 capable(CAP_SETUID))
33305 + if (gr_check_user_change(-1, -1, uid))
33306 + return old_fsuid;
33308 if (uid != old_fsuid)
33310 current->mm->dumpable = 0;
33311 @@ -789,6 +835,9 @@ asmlinkage long sys_setfsgid(gid_t gid)
33312 gid == current->sgid || gid == current->fsgid ||
33313 capable(CAP_SETGID))
33315 + if (gr_check_group_change(-1, -1, gid))
33316 + return old_fsgid;
33318 if (gid != old_fsgid)
33320 current->mm->dumpable = 0;
33321 @@ -1137,6 +1186,10 @@ asmlinkage long sys_setrlimit(unsigned i
33322 if (new_rlim.rlim_cur > new_rlim.rlim_max)
33324 old_rlim = current->rlim + resource;
33326 + if (old_rlim->rlim_max < old_rlim->rlim_cur)
33329 if (((new_rlim.rlim_cur > old_rlim->rlim_max) ||
33330 (new_rlim.rlim_max > old_rlim->rlim_max)) &&
33331 !capable(CAP_SYS_RESOURCE))
33332 diff -urNp linux-2.4.37.7/kernel/sysctl.c linux-2.4.37.7/kernel/sysctl.c
33333 --- linux-2.4.37.7/kernel/sysctl.c 2009-11-07 11:52:20.000000000 -0500
33334 +++ linux-2.4.37.7/kernel/sysctl.c 2009-11-10 19:30:27.000000000 -0500
33338 #if defined(CONFIG_SYSCTL)
33339 +#include <linux/grsecurity.h>
33340 +#include <linux/grinternal.h>
33342 +extern __u32 gr_handle_sysctl(const ctl_table * table, const void *oldval,
33343 + const void *newval);
33344 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, const int op);
33345 +extern int gr_handle_chroot_sysctl(const int op);
33347 /* External variables not in a header file. */
33348 extern int panic_timeout;
33349 @@ -128,6 +135,27 @@ static ctl_table debug_table[];
33350 static ctl_table dev_table[];
33351 extern ctl_table random_table[];
33353 +static ctl_table grsecurity_table[];
33355 +#ifdef CONFIG_PAX_SOFTMODE
33356 +unsigned int pax_softmode;
33358 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) || defined(CONFIG_PAX_RANDKSTACK)
33359 +unsigned int pax_aslr=1;
33362 +static ctl_table pax_table[] = {
33364 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) || defined(CONFIG_PAX_RANDKSTACK)
33365 + {PAX_ASLR, "aslr", &pax_aslr, sizeof(unsigned int), 0600, NULL, &proc_dointvec},
33368 + {PAX_SOFTMODE, "softmode", &pax_softmode, sizeof(unsigned int), 0600, NULL, &proc_dointvec},
33374 /* /proc declarations: */
33376 #ifdef CONFIG_PROC_FS
33377 @@ -136,12 +164,12 @@ static ssize_t proc_readsys(struct file
33378 static ssize_t proc_writesys(struct file *, const char *, size_t, loff_t *);
33379 static int proc_sys_permission(struct inode *, int);
33381 -struct file_operations proc_sys_file_operations = {
33382 +const struct file_operations proc_sys_file_operations = {
33383 read: proc_readsys,
33384 write: proc_writesys,
33387 -static struct inode_operations proc_sys_inode_operations = {
33388 +static const struct inode_operations proc_sys_inode_operations = {
33389 permission: proc_sys_permission,
33392 @@ -278,8 +306,197 @@ static ctl_table kern_table[] = {
33393 {KERN_EXCEPTION_TRACE,"exception-trace",
33394 &exception_trace,sizeof(int),0644,NULL,&proc_dointvec},
33396 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
33397 + {KERN_GRSECURITY, "grsecurity", NULL, 0, 0500, grsecurity_table},
33400 +#ifdef CONFIG_PAX_SOFTMODE
33401 + {KERN_PAX,"pax",NULL,0,0500,pax_table},
33407 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
33408 +enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL,
33409 +GS_FORKFAIL, GS_TIME, GS_RESLOG, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT,
33410 +GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM,
33411 +GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS,
33412 +GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL,
33413 +GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
33414 +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID,
33415 +GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG,
33416 +GS_TEXTREL, GS_FINDTASK, GS_SHM, GS_LOCK, GS_MODSTOP};
33418 +#ifdef CONFIG_GRKERNSEC_MODSTOP
33419 +extern int grsec_modstop;
33422 +static ctl_table grsecurity_table[] = {
33423 +#ifdef CONFIG_GRKERNSEC_SYSCTL
33424 +#ifdef CONFIG_GRKERNSEC_LINK
33425 + {GS_LINK, "linking_restrictions", &grsec_enable_link, sizeof (int),
33426 + 0600, NULL, &proc_dointvec},
33428 +#ifdef CONFIG_GRKERNSEC_FIFO
33429 + {GS_FIFO, "fifo_restrictions", &grsec_enable_fifo, sizeof (int),
33430 + 0600, NULL, &proc_dointvec},
33432 +#ifdef CONFIG_GRKERNSEC_EXECVE
33433 + {GS_EXECVE, "execve_limiting", &grsec_enable_execve, sizeof (int),
33434 + 0600, NULL, &proc_dointvec},
33436 +#ifdef CONFIG_GRKERNSEC_EXECLOG
33437 + {GS_EXECLOG, "exec_logging", &grsec_enable_execlog, sizeof (int),
33438 + 0600, NULL, &proc_dointvec},
33440 +#ifdef CONFIG_GRKERNSEC_SIGNAL
33441 + {GS_SIGNAL, "signal_logging", &grsec_enable_signal, sizeof (int),
33442 + 0600, NULL, &proc_dointvec},
33444 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
33445 + {GS_FORKFAIL, "forkfail_logging", &grsec_enable_forkfail, sizeof (int),
33446 + 0600, NULL, &proc_dointvec},
33448 +#ifdef CONFIG_GRKERNSEC_TIME
33449 + {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int),
33450 + 0600, NULL, &proc_dointvec},
33452 +#ifdef CONFIG_GRKERNSEC_RESLOG
33453 + {GS_RESLOG, "resource_logging", &grsec_resource_logging, sizeof (int),
33454 + 0600, NULL, &proc_dointvec},
33456 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
33457 + {GS_CHROOT_SHMAT, "chroot_deny_shmat", &grsec_enable_chroot_shmat, sizeof (int),
33458 + 0600, NULL, &proc_dointvec},
33460 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
33461 + {GS_CHROOT_UNIX, "chroot_deny_unix", &grsec_enable_chroot_unix, sizeof(int),
33462 + 0600, NULL, &proc_dointvec},
33464 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
33465 + {GS_CHROOT_MNT, "chroot_deny_mount", &grsec_enable_chroot_mount, sizeof (int),
33466 + 0600, NULL, &proc_dointvec},
33468 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
33469 + {GS_CHROOT_FCHDIR, "chroot_deny_fchdir", &grsec_enable_chroot_fchdir, sizeof (int),
33470 + 0600, NULL, &proc_dointvec},
33472 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
33473 + {GS_CHROOT_DBL, "chroot_deny_chroot", &grsec_enable_chroot_double, sizeof (int),
33474 + 0600, NULL, &proc_dointvec},
33476 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
33477 + {GS_CHROOT_PVT, "chroot_deny_pivot", &grsec_enable_chroot_pivot, sizeof (int),
33478 + 0600, NULL, &proc_dointvec},
33480 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
33481 + {GS_CHROOT_CD, "chroot_enforce_chdir", &grsec_enable_chroot_chdir, sizeof (int),
33482 + 0600, NULL, &proc_dointvec},
33484 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
33485 + {GS_CHROOT_CM, "chroot_deny_chmod", &grsec_enable_chroot_chmod, sizeof (int),
33486 + 0600, NULL, &proc_dointvec},
33488 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
33489 + {GS_CHROOT_MK, "chroot_deny_mknod", &grsec_enable_chroot_mknod, sizeof (int),
33490 + 0600, NULL, &proc_dointvec},
33492 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
33493 + {GS_CHROOT_NI, "chroot_restrict_nice", &grsec_enable_chroot_nice, sizeof (int),
33494 + 0600, NULL, &proc_dointvec},
33496 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
33497 + {GS_CHROOT_EXECLOG, "chroot_execlog",
33498 + &grsec_enable_chroot_execlog, sizeof (int),
33499 + 0600, NULL, &proc_dointvec},
33501 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
33502 + {GS_CHROOT_CAPS, "chroot_caps", &grsec_enable_chroot_caps, sizeof (int),
33503 + 0600, NULL, &proc_dointvec},
33505 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
33506 + {GS_CHROOT_SYSCTL, "chroot_deny_sysctl", &grsec_enable_chroot_sysctl, sizeof (int),
33507 + 0600, NULL, &proc_dointvec},
33509 +#ifdef CONFIG_GRKERNSEC_TPE
33510 + {GS_TPE, "tpe", &grsec_enable_tpe, sizeof (int),
33511 + 0600, NULL, &proc_dointvec},
33512 + {GS_TPE_GID, "tpe_gid", &grsec_tpe_gid, sizeof (int),
33513 + 0600, NULL, &proc_dointvec},
33515 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
33516 + {GS_TPE_ALL, "tpe_restrict_all", &grsec_enable_tpe_all, sizeof (int),
33517 + 0600, NULL, &proc_dointvec},
33519 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
33520 + {GS_SOCKET_ALL, "socket_all", &grsec_enable_socket_all, sizeof (int),
33521 + 0600, NULL, &proc_dointvec},
33522 + {GS_SOCKET_ALL_GID, "socket_all_gid",
33523 + &grsec_socket_all_gid, sizeof (int),
33524 + 0600, NULL, &proc_dointvec},
33526 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
33527 + {GS_SOCKET_CLIENT, "socket_client",
33528 + &grsec_enable_socket_client, sizeof (int),
33529 + 0600, NULL, &proc_dointvec},
33530 + {GS_SOCKET_CLIENT_GID, "socket_client_gid",
33531 + &grsec_socket_client_gid, sizeof (int),
33532 + 0600, NULL, &proc_dointvec},
33534 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
33535 + {GS_SOCKET_SERVER, "socket_server",
33536 + &grsec_enable_socket_server, sizeof (int),
33537 + 0600, NULL, &proc_dointvec},
33538 + {GS_SOCKET_SERVER_GID, "socket_server_gid",
33539 + &grsec_socket_server_gid, sizeof (int),
33540 + 0600, NULL, &proc_dointvec},
33542 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
33543 + {GS_GROUP, "audit_group", &grsec_enable_group, sizeof (int),
33544 + 0600, NULL, &proc_dointvec},
33545 + {GS_GID, "audit_gid",
33546 + &grsec_audit_gid, sizeof (int),
33547 + 0600, NULL, &proc_dointvec},
33549 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
33550 + {GS_ACHDIR, "audit_chdir", &grsec_enable_chdir, sizeof (int),
33551 + 0600, NULL, &proc_dointvec},
33553 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
33554 + {GS_AMOUNT, "audit_mount", &grsec_enable_mount, sizeof (int),
33555 + 0600, NULL, &proc_dointvec},
33557 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
33558 + {GS_TEXTREL, "audit_textrel", &grsec_enable_audit_textrel, sizeof(int),
33559 + 0600, NULL, &proc_dointvec},
33561 +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
33562 + {GS_AIPC, "audit_ipc", &grsec_enable_audit_ipc, sizeof (int),
33563 + 0600, NULL, &proc_dointvec},
33565 +#ifdef CONFIG_GRKERNSEC_DMESG
33566 + {GS_DMSG, "dmesg", &grsec_enable_dmesg, sizeof (int),
33567 + 0600, NULL, &proc_dointvec},
33569 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
33570 + {GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
33571 + sizeof (int), 0600, NULL, &proc_dointvec},
33573 +#ifdef CONFIG_GRKERNSEC_SHM
33574 + {GS_SHM, "destroy_unused_shm", &grsec_enable_shm, sizeof (int),
33575 + 0600, NULL, &proc_dointvec},
33577 + {GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
33580 +#ifdef CONFIG_GRKERNSEC_MODSTOP
33581 + {GS_MODSTOP, "disable_modules", &grsec_modstop, sizeof (int), 0600,
33582 + NULL, &proc_dointvec},
33588 static ctl_table vm_table[] = {
33589 {VM_GFP_DEBUG, "vm_gfp_debug",
33590 @@ -487,6 +704,11 @@ static int test_perm(int mode, int op)
33592 static inline int ctl_perm(ctl_table *table, int op)
33594 + if (table->de && gr_handle_sysctl_mod(table->de->parent->name, table->de->name, op))
33596 + if (gr_handle_chroot_sysctl(op))
33599 return test_perm(table->mode, op);
33602 @@ -520,6 +742,10 @@ repeat:
33603 table = table->child;
33607 + if (!gr_handle_sysctl(table, oldval, newval))
33610 error = do_sysctl_strategy(table, name, nlen,
33612 newval, newlen, context);
33613 diff -urNp linux-2.4.37.7/kernel/time.c linux-2.4.37.7/kernel/time.c
33614 --- linux-2.4.37.7/kernel/time.c 2009-11-07 11:52:20.000000000 -0500
33615 +++ linux-2.4.37.7/kernel/time.c 2009-11-10 19:30:27.000000000 -0500
33617 #include <linux/mm.h>
33618 #include <linux/timex.h>
33619 #include <linux/smp_lock.h>
33620 +#include <linux/grsecurity.h>
33622 #include <asm/uaccess.h>
33624 @@ -89,6 +90,9 @@ asmlinkage long sys_stime(int * tptr)
33625 time_maxerror = NTP_PHASE_LIMIT;
33626 time_esterror = NTP_PHASE_LIMIT;
33627 write_unlock_irq(&xtime_lock);
33629 + gr_log_timechange();
33634 @@ -167,6 +171,8 @@ int do_sys_settimeofday(struct timeval *
33635 * globally block out interrupts when it runs.
33637 do_settimeofday(tv);
33639 + gr_log_timechange();
33643 diff -urNp linux-2.4.37.7/kernel/timer.c linux-2.4.37.7/kernel/timer.c
33644 --- linux-2.4.37.7/kernel/timer.c 2009-11-07 11:52:20.000000000 -0500
33645 +++ linux-2.4.37.7/kernel/timer.c 2009-11-10 19:30:27.000000000 -0500
33646 @@ -541,6 +541,9 @@ static inline void do_process_times(stru
33648 psecs = (p->times.tms_utime += user);
33649 psecs += (p->times.tms_stime += system);
33651 + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ, 1);
33653 if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
33654 /* Send SIGXCPU every second.. */
33656 diff -urNp linux-2.4.37.7/Makefile linux-2.4.37.7/Makefile
33657 --- linux-2.4.37.7/Makefile 2009-11-07 11:52:20.000000000 -0500
33658 +++ linux-2.4.37.7/Makefile 2009-11-10 19:30:27.000000000 -0500
33659 @@ -6,6 +6,9 @@ EXTRAVERSION = .7
33660 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
33662 ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
33663 +#do this so we don't have to release a new patch for each .x.y unless necessary
33664 +EXTRAVERSION :=$(EXTRAVERSION)-grsec
33665 +KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
33666 KERNELPATH=kernel-$(shell echo $(KERNELRELEASE) | sed -e "s/-//g")
33668 CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
33669 @@ -136,9 +139,10 @@ export SVGA_MODE = -DSVGA_MODE=NORMAL_VG
33671 CORE_FILES =kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o
33672 NETWORKS =net/network.o
33673 +GRSECURITY =grsecurity/grsec.o
33675 LIBS =$(TOPDIR)/lib/lib.a
33676 -SUBDIRS =kernel drivers mm fs net ipc lib crypto
33677 +SUBDIRS =kernel drivers mm fs net ipc lib crypto grsecurity
33681 @@ -282,7 +286,7 @@ export kbuild_2_4_nostdinc
33683 export CPPFLAGS CFLAGS CFLAGS_KERNEL AFLAGS AFLAGS_KERNEL
33685 -export NETWORKS DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS
33686 +export NETWORKS DRIVERS LIBS HEAD LDFLAGS LINKFLAGS MAKEBOOT ASFLAGS GRSECURITY
33689 $(CPP) $(AFLAGS) $(AFLAGS_KERNEL) -traditional -o $*.s $<
33690 @@ -301,6 +305,7 @@ vmlinux: include/linux/version.h $(CONFI
33698 @@ -385,6 +390,11 @@ init/do_mounts.o: init/do_mounts.c inclu
33699 fs lib mm ipc kernel drivers net: dummy
33700 $(MAKE) CFLAGS="$(CFLAGS) $(CFLAGS_KERNEL)" $(subst $@, _dir_$@, $@)
33703 + find include -type d \( -name "asm-*" -o -name config \) -prune -o -name '*.h' -print > cscope.files
33704 + find kernel drivers mm fs net ipc lib crypto init arch/${ARCH} include/asm-$(ARCH) include/asm-generic -name '*.[chS]' >> cscope.files
33705 + cscope -k -b -q < cscope.files
33708 { find include/asm-${ARCH} -name '*.h' -print ; \
33709 find include -type d \( -name "asm-*" -o -name config \) -prune -o -name '*.h' -print ; \
33710 diff -urNp linux-2.4.37.7/mm/filemap.c linux-2.4.37.7/mm/filemap.c
33711 --- linux-2.4.37.7/mm/filemap.c 2009-11-07 11:52:20.000000000 -0500
33712 +++ linux-2.4.37.7/mm/filemap.c 2009-11-10 19:30:27.000000000 -0500
33713 @@ -2308,7 +2308,7 @@ int filemap_sync(struct vm_area_struct *
33717 -static struct vm_operations_struct generic_file_vm_ops = {
33718 +static const struct vm_operations_struct generic_file_vm_ops = {
33719 nopage: filemap_nopage,
33722 @@ -2324,7 +2324,13 @@ int generic_file_mmap(struct file * file
33725 if (!mapping->a_ops->readpage)
33729 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(__i386__)
33730 + if ((vma->vm_mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_EXEC))
33731 + vma->vm_page_prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(vma->vm_page_prot)))));
33734 UPDATE_ATIME(inode);
33735 vma->vm_ops = &generic_file_vm_ops;
33737 @@ -2554,8 +2560,42 @@ static long madvise_fixup_middle(struct
33738 * We can potentially split a vm area into separate
33739 * areas, each area with its own behavior.
33742 +#ifdef CONFIG_PAX_SEGMEXEC
33743 +static long __madvise_behavior(struct vm_area_struct * vma,
33744 + unsigned long start, unsigned long end, int behavior);
33746 +static long madvise_behavior(struct vm_area_struct * vma,
33747 + unsigned long start, unsigned long end, int behavior)
33749 + if (vma->vm_flags & VM_MIRROR) {
33750 + struct vm_area_struct * vma_m, * prev_m;
33751 + unsigned long start_m, end_m;
33754 + start_m = vma->vm_start + (unsigned long)vma->vm_mirror;
33755 + vma_m = find_vma_prev(vma->vm_mm, start_m, &prev_m);
33756 + if (vma_m && vma_m->vm_start == start_m && (vma_m->vm_flags & VM_MIRROR)) {
33757 + start_m = start + (unsigned long)vma->vm_mirror;
33758 + end_m = end + (unsigned long)vma->vm_mirror;
33759 + error = __madvise_behavior(vma_m, start_m, end_m, behavior);
33763 + printk("PAX: VMMIRROR: madvise bug in %s, %08lx\n", current->comm, vma->vm_start);
33768 + return __madvise_behavior(vma, start, end, behavior);
33771 +static long __madvise_behavior(struct vm_area_struct * vma,
33772 + unsigned long start, unsigned long end, int behavior)
33774 static long madvise_behavior(struct vm_area_struct * vma,
33775 unsigned long start, unsigned long end, int behavior)
33780 @@ -3068,6 +3108,7 @@ int precheck_file_write(struct file *fil
33783 if (!S_ISBLK(inode->i_mode) && limit != RLIM_INFINITY) {
33784 + gr_learn_resource(current, RLIMIT_FSIZE, pos, 0);
33785 if (pos >= limit) {
33786 send_sig(SIGXFSZ, current, 0);
33788 @@ -3103,6 +3144,7 @@ int precheck_file_write(struct file *fil
33791 if (!S_ISBLK(inode->i_mode)) {
33792 + gr_learn_resource(current, RLIMIT_FSIZE, *count + (u32)pos, 0);
33793 if (pos >= inode->i_sb->s_maxbytes)
33795 if (*count || pos > inode->i_sb->s_maxbytes) {
33796 diff -urNp linux-2.4.37.7/mm/memory.c linux-2.4.37.7/mm/memory.c
33797 --- linux-2.4.37.7/mm/memory.c 2009-11-07 11:52:20.000000000 -0500
33798 +++ linux-2.4.37.7/mm/memory.c 2009-11-10 19:30:27.000000000 -0500
33799 @@ -468,9 +468,9 @@ int get_user_pages(struct task_struct *t
33801 struct vm_area_struct * vma;
33803 - vma = find_extend_vma(mm, start);
33804 + vma = find_vma(mm, start);
33806 - if ( !vma || (pages && vma->vm_flags & VM_IO) || !(flags & vma->vm_flags) )
33807 + if ( !vma || start < vma->vm_start || (pages && vma->vm_flags & VM_IO) || !(flags & vma->vm_flags) )
33808 return i ? : -EFAULT;
33810 spin_lock(&mm->page_table_lock);
33811 @@ -929,6 +929,63 @@ static inline void break_cow(struct vm_a
33812 establish_pte(vma, address, page_table, pte_mkwrite(pte_mkdirty(mk_pte(new_page, vma->vm_page_prot))));
33815 +#ifdef CONFIG_PAX_SEGMEXEC
33816 +/* PaX: if vma is mirrored, synchronize the mirror's PTE
33818 + * mm->page_table_lock is held on entry and is not released on exit or inside
33819 + * to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
33821 +static void pax_mirror_fault(struct vm_area_struct *vma, unsigned long address, pte_t *pte)
33823 + struct mm_struct *mm = vma->vm_mm;
33824 + unsigned long address_m;
33825 + struct vm_area_struct * vma_m = NULL;
33826 + pte_t * pte_m, entry_m;
33827 + struct page * page_m;
33829 + address_m = vma->vm_start + vma->vm_mirror;
33830 + vma_m = find_vma(mm, address_m);
33831 + BUG_ON(!vma_m || vma_m->vm_start != address_m);
33833 + address_m = address + vma->vm_mirror;
33834 + pte_m = pte_offset(pmd_offset(pgd_offset(mm, address_m), address_m), address_m);
33836 + if (pte_same(*pte, *pte_m))
33839 + if (pte_present(*pte_m)) {
33840 + flush_cache_page(vma_m, address_m);
33841 + flush_icache_page(vma_m, pte_page(*pte_m));
33843 + entry_m = ptep_get_and_clear(pte_m);
33844 + if (pte_present(entry_m))
33845 + flush_tlb_page(vma_m, address_m);
33847 + if (pte_none(entry_m)) {
33849 + } else if (pte_present(entry_m)) {
33850 + page_m = pte_page(entry_m);
33851 + if (VALID_PAGE(page_m) && !PageReserved(page_m))
33852 + page_cache_release(page_m);
33856 + free_swap_and_cache(pte_to_swp_entry(entry_m));
33860 + page_m = pte_page(*pte);
33861 + if (VALID_PAGE(page_m) && !PageReserved(page_m))
33862 + page_cache_get(page_m);
33865 + entry_m = mk_pte(page_m, vma_m->vm_page_prot);
33866 + if (pte_write(*pte) && (vma_m->vm_flags & VM_WRITE))
33867 + entry_m = pte_mkdirty(pte_mkwrite(entry_m));
33868 + establish_pte(vma_m, address_m, pte_m, entry_m);
33873 * This routine handles present pages, when users try to write
33874 * to a shared page. It is done by copying the page to a new address
33875 @@ -993,6 +1050,12 @@ static int do_wp_page(struct mm_struct *
33877 /* Free the old page.. */
33878 new_page = old_page;
33880 +#ifdef CONFIG_PAX_SEGMEXEC
33881 + if (vma->vm_flags & VM_MIRROR)
33882 + pax_mirror_fault(vma, address, page_table);
33886 spin_unlock(&mm->page_table_lock);
33887 page_cache_release(new_page);
33888 @@ -1070,6 +1133,7 @@ out_unlock:
33891 limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
33892 + gr_learn_resource(current, RLIMIT_FSIZE, offset, 1);
33893 if (limit != RLIM_INFINITY && offset > limit)
33895 if (offset > inode->i_sb->s_maxbytes)
33896 @@ -1183,6 +1247,12 @@ static int do_swap_page(struct mm_struct
33898 /* No need to invalidate - it was non-present before */
33899 update_mmu_cache(vma, address, pte);
33901 +#ifdef CONFIG_PAX_SEGMEXEC
33902 + if (vma->vm_flags & VM_MIRROR)
33903 + pax_mirror_fault(vma, address, page_table);
33906 spin_unlock(&mm->page_table_lock);
33909 @@ -1229,6 +1299,12 @@ static int do_anonymous_page(struct mm_s
33911 /* No need to invalidate - it was non-present before */
33912 update_mmu_cache(vma, addr, entry);
33914 +#ifdef CONFIG_PAX_SEGMEXEC
33915 + if (vma->vm_flags & VM_MIRROR)
33916 + pax_mirror_fault(vma, addr, page_table);
33919 spin_unlock(&mm->page_table_lock);
33920 return 1; /* Minor fault */
33922 @@ -1311,6 +1387,12 @@ static int do_no_page(struct mm_struct *
33924 /* no need to invalidate: a not-present page shouldn't be cached */
33925 update_mmu_cache(vma, address, entry);
33927 +#ifdef CONFIG_PAX_SEGMEXEC
33928 + if (vma->vm_flags & VM_MIRROR)
33929 + pax_mirror_fault(vma, address, page_table);
33932 spin_unlock(&mm->page_table_lock);
33933 return 2; /* Major fault */
33935 @@ -1362,6 +1444,12 @@ static inline int handle_pte_fault(struc
33937 entry = pte_mkyoung(entry);
33938 establish_pte(vma, address, pte, entry);
33940 +#ifdef CONFIG_PAX_SEGMEXEC
33941 + if (vma->vm_flags & VM_MIRROR)
33942 + pax_mirror_fault(vma, address, pte);
33945 spin_unlock(&mm->page_table_lock);
33948 @@ -1383,6 +1471,43 @@ int handle_mm_fault(struct mm_struct *mm
33949 * and the SMP-safe atomic PTE updates.
33951 spin_lock(&mm->page_table_lock);
33953 +#ifdef CONFIG_PAX_SEGMEXEC
33954 + if (vma->vm_flags & VM_MIRROR) {
33955 + unsigned long address_m;
33956 + struct vm_area_struct * vma_m;
33960 + address_m = vma->vm_start + vma->vm_mirror;
33961 + vma_m = find_vma(mm, address_m);
33963 + /* PaX: sanity checks */
33965 + spin_unlock(&mm->page_table_lock);
33966 + printk(KERN_ERR "PAX: VMMIRROR: fault bug, %08lx, %p, %08lx, %p\n",
33967 + address, vma, address_m, vma_m);
33969 + } else if (!(vma_m->vm_flags & VM_MIRROR) ||
33970 + vma_m->vm_start != address_m ||
33971 + vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start)
33973 + spin_unlock(&mm->page_table_lock);
33974 + printk(KERN_ERR "PAX: VMMIRROR: fault bug2, %08lx, %08lx, %08lx, %08lx, %08lx\n",
33975 + address, vma->vm_start, vma_m->vm_start, vma->vm_end, vma_m->vm_end);
33979 + address_m = address + vma->vm_mirror;
33980 + pgd_m = pgd_offset(mm, address_m);
33981 + pmd_m = pmd_alloc(mm, pgd_m, address_m);
33982 + if (!pmd_m || !pte_alloc(mm, pmd_m, address_m)) {
33983 + spin_unlock(&mm->page_table_lock);
33989 pmd = pmd_alloc(mm, pgd, address);
33992 @@ -1467,6 +1592,40 @@ out:
33993 return pte_offset(pmd, address);
33996 +#ifndef pmd_populate_kernel
33997 +#define pmd_populate_kernel(mm,pmd,new) pmd_populate(mm,pmd,new)
34000 +pte_t fastcall *pte_alloc_kernel(struct mm_struct *mm, pmd_t *pmd, unsigned long address)
34002 + if (pmd_none(*pmd)) {
34005 + /* "fast" allocation can happen without dropping the lock.. */
34006 + new = pte_alloc_one_fast(mm, address);
34008 + spin_unlock(&mm->page_table_lock);
34009 + new = pte_alloc_one(mm, address);
34010 + spin_lock(&mm->page_table_lock);
34015 + * Because we dropped the lock, we should re-check the
34016 + * entry, as somebody else could have populated it..
34018 + if (!pmd_none(*pmd)) {
34020 + check_pgt_cache();
34024 + pmd_populate_kernel(mm, pmd, new);
34027 + return pte_offset(pmd, address);
34030 int make_pages_present(unsigned long addr, unsigned long end)
34032 int ret, len, write;
34033 diff -urNp linux-2.4.37.7/mm/mlock.c linux-2.4.37.7/mm/mlock.c
34034 --- linux-2.4.37.7/mm/mlock.c 2009-11-07 11:52:20.000000000 -0500
34035 +++ linux-2.4.37.7/mm/mlock.c 2009-11-10 19:30:27.000000000 -0500
34036 @@ -114,25 +114,44 @@ static inline int mlock_fixup_middle(str
34040 +static int __mlock_fixup(struct vm_area_struct * vma,
34041 + unsigned long start, unsigned long end, unsigned int newflags);
34043 static int mlock_fixup(struct vm_area_struct * vma,
34044 unsigned long start, unsigned long end, unsigned int newflags)
34048 +#ifdef CONFIG_PAX_SEGMEXEC
34049 + struct vm_area_struct * vma_m = NULL;
34050 + unsigned long start_m = 0UL, end_m = 0UL, newflags_m = 0UL;
34053 if (newflags == vma->vm_flags)
34056 - if (start == vma->vm_start) {
34057 - if (end == vma->vm_end)
34058 - retval = mlock_fixup_all(vma, newflags);
34060 - retval = mlock_fixup_start(vma, end, newflags);
34062 - if (end == vma->vm_end)
34063 - retval = mlock_fixup_end(vma, start, newflags);
34064 +#ifdef CONFIG_PAX_SEGMEXEC
34065 + if (vma->vm_flags & VM_MIRROR) {
34066 + start_m = vma->vm_start + vma->vm_mirror;
34067 + vma_m = find_vma(vma->vm_mm, start_m);
34068 + if (!vma_m || vma_m->vm_start != start_m || !(vma_m->vm_flags & VM_MIRROR)) {
34069 + printk("PAX: VMMIRROR: mlock bug in %s, %08lx\n", current->comm, vma->vm_start);
34073 + start_m = start + vma->vm_mirror;
34074 + end_m = end + vma->vm_mirror;
34075 + if (newflags & VM_LOCKED)
34076 + newflags_m = vma_m->vm_flags | VM_LOCKED;
34078 - retval = mlock_fixup_middle(vma, start, end, newflags);
34079 + newflags_m = vma_m->vm_flags & ~VM_LOCKED;
34080 + retval = __mlock_fixup(vma_m, start_m, end_m, newflags_m);
34086 + retval = __mlock_fixup(vma, start, end, newflags);
34088 /* keep track of amount of locked VM */
34089 pages = (end - start) >> PAGE_SHIFT;
34090 @@ -141,6 +160,32 @@ static int mlock_fixup(struct vm_area_st
34091 make_pages_present(start, end);
34093 vma->vm_mm->locked_vm -= pages;
34095 +#ifdef CONFIG_PAX_SEGMEXEC
34096 + if (vma->vm_flags & VM_MIRROR)
34097 + vma->vm_mm->locked_vm -= pages;
34105 +static int __mlock_fixup(struct vm_area_struct * vma,
34106 + unsigned long start, unsigned long end, unsigned int newflags)
34110 + if (start == vma->vm_start) {
34111 + if (end == vma->vm_end)
34112 + retval = mlock_fixup_all(vma, newflags);
34114 + retval = mlock_fixup_start(vma, end, newflags);
34116 + if (end == vma->vm_end)
34117 + retval = mlock_fixup_end(vma, start, newflags);
34119 + retval = mlock_fixup_middle(vma, start, end, newflags);
34123 @@ -159,6 +204,17 @@ static int do_mlock(unsigned long start,
34128 +#ifdef CONFIG_PAX_SEGMEXEC
34129 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
34130 + if (end > SEGMEXEC_TASK_SIZE)
34135 + if (end > TASK_SIZE)
34138 vma = find_vma(current->mm, start);
34139 if (!vma || vma->vm_start > start)
34141 @@ -209,6 +265,7 @@ asmlinkage long sys_mlock(unsigned long
34142 lock_limit >>= PAGE_SHIFT;
34144 /* check against resource limits */
34145 + gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
34146 if (locked > lock_limit)
34149 @@ -253,6 +310,16 @@ static int do_mlockall(int flags)
34150 for (vma = current->mm->mmap; vma ; vma = vma->vm_next) {
34151 unsigned int newflags;
34153 +#ifdef CONFIG_PAX_SEGMEXEC
34154 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
34155 + if (vma->vm_end > SEGMEXEC_TASK_SIZE)
34160 + if (vma->vm_end > TASK_SIZE)
34163 newflags = vma->vm_flags | VM_LOCKED;
34164 if (!(flags & MCL_CURRENT))
34165 newflags &= ~VM_LOCKED;
34166 @@ -276,6 +343,7 @@ asmlinkage long sys_mlockall(int flags)
34167 lock_limit >>= PAGE_SHIFT;
34170 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
34171 if (current->mm->total_vm > lock_limit)
34174 diff -urNp linux-2.4.37.7/mm/mmap.c linux-2.4.37.7/mm/mmap.c
34175 --- linux-2.4.37.7/mm/mmap.c 2009-11-07 11:52:20.000000000 -0500
34176 +++ linux-2.4.37.7/mm/mmap.c 2009-11-10 19:30:27.000000000 -0500
34178 #include <linux/fs.h>
34179 #include <linux/personality.h>
34180 #include <linux/mount.h>
34181 +#include <linux/random.h>
34182 +#include <linux/grsecurity.h>
34184 #include <asm/uaccess.h>
34185 #include <asm/pgalloc.h>
34186 @@ -171,6 +173,7 @@ asmlinkage unsigned long sys_brk(unsigne
34188 /* Check against rlimit.. */
34189 rlim = current->rlim[RLIMIT_DATA].rlim_cur;
34190 + gr_learn_resource(current, RLIMIT_DATA, brk - mm->start_data, 1);
34191 if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim)
34194 @@ -208,6 +211,11 @@ static inline unsigned long calc_vm_flag
34195 _trans(prot, PROT_WRITE, VM_WRITE) |
34196 _trans(prot, PROT_EXEC, VM_EXEC);
34199 +#ifdef CONFIG_PAX_SEGMEXEC
34200 + _trans(flags, MAP_MIRROR, VM_MIRROR) |
34203 _trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN) |
34204 _trans(flags, MAP_DENYWRITE, VM_DENYWRITE) |
34205 _trans(flags, MAP_EXECUTABLE, VM_EXECUTABLE);
34206 @@ -393,7 +401,47 @@ static int vma_merge(struct mm_struct *
34210 +static unsigned long __do_mmap_pgoff(struct file * file, unsigned long addr, unsigned long len,
34211 + unsigned long prot, unsigned long flags, unsigned long pgoff);
34213 unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, unsigned long len,
34214 + unsigned long prot, unsigned long flag, unsigned long pgoff)
34216 + unsigned long ret = -EINVAL;
34218 +#ifdef CONFIG_PAX_SEGMEXEC
34219 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) &&
34220 + (len > SEGMEXEC_TASK_SIZE || (addr > SEGMEXEC_TASK_SIZE-len)))
34224 + ret = __do_mmap_pgoff(file, addr, len, prot, flag, pgoff);
34226 +#ifdef CONFIG_PAX_SEGMEXEC
34227 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && ret < TASK_SIZE && ((flag & MAP_TYPE) == MAP_PRIVATE)
34229 +#ifdef CONFIG_PAX_MPROTECT
34230 + && (!(current->mm->pax_flags & MF_PAX_MPROTECT) || ((prot & PROT_EXEC) && file && !(prot & PROT_WRITE)))
34235 + unsigned long ret_m;
34236 + prot = prot & PROT_EXEC ? prot & ~PROT_WRITE : PROT_NONE;
34237 + ret_m = __do_mmap_pgoff(NULL, ret + SEGMEXEC_TASK_SIZE, 0UL, prot, flag | MAP_MIRROR | MAP_FIXED, ret);
34238 + if (ret_m >= TASK_SIZE) {
34239 + do_munmap(current->mm, ret, len);
34250 +static unsigned long __do_mmap_pgoff(struct file * file, unsigned long addr, unsigned long len,
34251 unsigned long prot, unsigned long flags, unsigned long pgoff)
34253 struct mm_struct * mm = current->mm;
34254 @@ -403,6 +451,28 @@ unsigned long do_mmap_pgoff(struct file
34256 rb_node_t ** rb_link, * rb_parent;
34258 +#ifdef CONFIG_PAX_SEGMEXEC
34259 + struct vm_area_struct * vma_m = NULL;
34261 + if (flags & MAP_MIRROR) {
34262 + /* PaX: sanity checks, to be removed when proved to be stable */
34263 + if (file || len || ((flags & MAP_TYPE) != MAP_PRIVATE))
34266 + vma_m = find_vma(mm, pgoff);
34269 + vma_m->vm_start != pgoff ||
34270 + (vma_m->vm_flags & VM_MIRROR) ||
34271 + (prot & PROT_WRITE))
34274 + file = vma_m->vm_file;
34275 + pgoff = vma_m->vm_pgoff;
34276 + len = vma_m->vm_end - vma_m->vm_start;
34281 if (!file->f_op || !file->f_op->mmap)
34283 @@ -440,10 +510,29 @@ unsigned long do_mmap_pgoff(struct file
34285 vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
34287 + if (file && (file->f_vfsmnt->mnt_flags & MNT_NOEXEC))
34288 + vm_flags &= ~VM_MAYEXEC;
34290 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
34291 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
34293 +#ifdef CONFIG_PAX_MPROTECT
34294 + if (mm->pax_flags & MF_PAX_MPROTECT) {
34295 + if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
34296 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
34298 + vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
34305 /* mlock MCL_FUTURE? */
34306 if (vm_flags & VM_LOCKED) {
34307 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
34309 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked, 1);
34310 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
34313 @@ -488,6 +577,9 @@ unsigned long do_mmap_pgoff(struct file
34317 + if (!gr_acl_handle_mmap(file, prot))
34320 /* Clear old maps */
34322 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
34323 @@ -498,6 +590,7 @@ munmap_back:
34326 /* Check against address space limit. */
34327 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len, 1);
34328 if ((mm->total_vm << PAGE_SHIFT) + len
34329 > current->rlim[RLIMIT_AS].rlim_cur)
34331 @@ -525,11 +618,19 @@ munmap_back:
34332 vma->vm_start = addr;
34333 vma->vm_end = addr + len;
34334 vma->vm_flags = vm_flags;
34336 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(__i386__)
34337 + if ((file || !(mm->pax_flags & MF_PAX_PAGEEXEC)) && (vm_flags & (VM_READ|VM_WRITE)))
34338 + vma->vm_page_prot = protection_map[(vm_flags | VM_EXEC) & 0x0f];
34342 vma->vm_page_prot = protection_map[vm_flags & 0x0f];
34343 vma->vm_ops = NULL;
34344 vma->vm_pgoff = pgoff;
34345 vma->vm_file = NULL;
34346 vma->vm_private_data = NULL;
34347 + vma->vm_mirror = 0;
34351 @@ -553,6 +654,14 @@ munmap_back:
34355 +#ifdef CONFIG_PAX_SEGMEXEC
34356 + if (flags & MAP_MIRROR) {
34357 + vma_m->vm_flags |= VM_MIRROR;
34358 + vma_m->vm_mirror = vma->vm_start - vma_m->vm_start;
34359 + vma->vm_mirror = vma_m->vm_start - vma->vm_start;
34363 /* Can addr have changed??
34365 * Answer: Yes, several device drivers can do it in their
34366 @@ -623,22 +732,38 @@ free_vma:
34367 static inline unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags)
34369 struct vm_area_struct *vma;
34370 + unsigned long task_size = TASK_SIZE;
34372 +#ifdef CONFIG_PAX_SEGMEXEC
34373 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
34374 + task_size = SEGMEXEC_TASK_SIZE;
34377 - if (len > TASK_SIZE)
34378 + if (len > task_size)
34381 +#ifdef CONFIG_PAX_RANDMMAP
34382 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
34386 addr = PAGE_ALIGN(addr);
34387 vma = find_vma(current->mm, addr);
34388 - if (TASK_SIZE - len >= addr &&
34389 + if (task_size - len >= addr &&
34390 (!vma || addr + len <= vma->vm_start))
34393 addr = PAGE_ALIGN(TASK_UNMAPPED_BASE);
34395 +#ifdef CONFIG_PAX_RANDMMAP
34396 + /* PaX: randomize base address if requested */
34397 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
34398 + addr += current->mm->delta_mmap;
34401 for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {
34402 /* At this point: (!vma || addr < vma->vm_end). */
34403 - if (TASK_SIZE - len < addr)
34404 + if (task_size - len < addr)
34406 if (!vma || addr + len <= vma->vm_start)
34408 @@ -759,28 +884,6 @@ struct vm_area_struct * find_vma_prev(st
34412 -struct vm_area_struct * find_extend_vma(struct mm_struct * mm, unsigned long addr)
34414 - struct vm_area_struct * vma;
34415 - unsigned long start;
34417 - addr &= PAGE_MASK;
34418 - vma = find_vma(mm,addr);
34421 - if (vma->vm_start <= addr)
34423 - if (!(vma->vm_flags & VM_GROWSDOWN))
34425 - start = vma->vm_start;
34426 - if (expand_stack(vma, addr))
34428 - if (vma->vm_flags & VM_LOCKED) {
34429 - make_pages_present(addr, start);
34434 /* Normal function to fix up a mapping
34435 * This function is the default for when an area has no specific
34436 * function. This may be used as part of a more specific routine.
34437 @@ -856,6 +959,7 @@ static struct vm_area_struct * unmap_fix
34438 mpnt->vm_pgoff = area->vm_pgoff + ((end - area->vm_start) >> PAGE_SHIFT);
34439 mpnt->vm_file = area->vm_file;
34440 mpnt->vm_private_data = area->vm_private_data;
34441 + mpnt->vm_mirror = area->vm_mirror;
34443 get_file(mpnt->vm_file);
34444 if (mpnt->vm_ops && mpnt->vm_ops->open)
34445 @@ -941,7 +1045,24 @@ no_mmaps:
34446 * work. This now handles partial unmappings.
34447 * Jeremy Fitzhardine <jeremy@sw.oz.au>
34449 +#ifdef CONFIG_PAX_SEGMEXEC
34450 +static int __do_munmap(struct mm_struct *mm, unsigned long addr, size_t len);
34452 +int do_munmap(struct mm_struct *mm, unsigned long addr, size_t len)
34454 + if (mm->pax_flags & MF_PAX_SEGMEXEC) {
34455 + int ret = __do_munmap(mm, addr + SEGMEXEC_TASK_SIZE, len);
34460 + return __do_munmap(mm, addr, len);
34463 +static int __do_munmap(struct mm_struct *mm, unsigned long addr, size_t len)
34465 int do_munmap(struct mm_struct *mm, unsigned long addr, size_t len)
34468 struct vm_area_struct *mpnt, *prev, **npp, *free, *extra;
34470 @@ -1039,6 +1160,12 @@ asmlinkage long sys_munmap(unsigned long
34472 struct mm_struct *mm = current->mm;
34474 +#ifdef CONFIG_PAX_SEGMEXEC
34475 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
34476 + (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len))
34480 down_write(&mm->mmap_sem);
34481 ret = do_munmap(mm, addr, len);
34482 up_write(&mm->mmap_sem);
34483 @@ -1059,18 +1186,47 @@ static inline void verify_mmap_write_loc
34484 * anonymous maps. eventually we may be able to do some
34485 * brk-specific accounting here.
34487 +#ifdef CONFIG_PAX_SEGMEXEC
34488 +static unsigned long __do_brk(unsigned long addr, unsigned long len);
34490 +unsigned long do_brk(unsigned long addr, unsigned long len)
34492 + unsigned long ret;
34494 + ret = __do_brk(addr, len);
34495 + if (ret == addr && (current->mm->pax_flags & (MF_PAX_SEGMEXEC | MF_PAX_MPROTECT)) == MF_PAX_SEGMEXEC) {
34496 + unsigned long ret_m;
34498 + ret_m = __do_mmap_pgoff(NULL, addr + SEGMEXEC_TASK_SIZE, 0UL, PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_MIRROR, addr);
34499 + if (ret_m > TASK_SIZE) {
34500 + do_munmap(current->mm, addr, len);
34508 +static unsigned long __do_brk(unsigned long addr, unsigned long len)
34510 unsigned long do_brk(unsigned long addr, unsigned long len)
34513 struct mm_struct * mm = current->mm;
34514 struct vm_area_struct * vma, * prev;
34515 - unsigned long flags;
34516 + unsigned long flags, task_size = TASK_SIZE;
34517 rb_node_t ** rb_link, * rb_parent;
34519 len = PAGE_ALIGN(len);
34523 - if ((addr + len) > TASK_SIZE || (addr + len) < addr)
34524 +#ifdef CONFIG_PAX_SEGMEXEC
34525 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
34526 + task_size = SEGMEXEC_TASK_SIZE;
34529 + if ((addr + len) > task_size || (addr + len) < addr)
34532 if (addr < mmap_min_addr && !capable(CAP_SYS_RAWIO))
34533 @@ -1082,6 +1238,7 @@ unsigned long do_brk(unsigned long addr,
34534 if (mm->def_flags & VM_LOCKED) {
34535 unsigned long locked = mm->locked_vm << PAGE_SHIFT;
34537 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked, 1);
34538 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
34541 @@ -1104,6 +1261,7 @@ unsigned long do_brk(unsigned long addr,
34544 /* Check against address space limits *after* clearing old maps... */
34545 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm << PAGE_SHIFT) + len, 1);
34546 if ((mm->total_vm << PAGE_SHIFT) + len
34547 > current->rlim[RLIMIT_AS].rlim_cur)
34549 @@ -1116,6 +1274,18 @@ unsigned long do_brk(unsigned long addr,
34551 flags = VM_DATA_DEFAULT_FLAGS | mm->def_flags;
34553 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
34554 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
34555 + flags &= ~VM_EXEC;
34557 +#ifdef CONFIG_PAX_MPROTECT
34558 + if (mm->pax_flags & MF_PAX_MPROTECT)
34559 + flags &= ~VM_MAYEXEC;
34565 /* Can we just expand an old anonymous mapping? */
34566 if (rb_parent && vma_merge(mm, prev, rb_parent, addr, addr + len, flags))
34568 @@ -1131,11 +1301,19 @@ unsigned long do_brk(unsigned long addr,
34569 vma->vm_start = addr;
34570 vma->vm_end = addr + len;
34571 vma->vm_flags = flags;
34573 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(__i386__)
34574 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC))
34575 + vma->vm_page_prot = protection_map[(flags | VM_EXEC) & 0x0f];
34579 vma->vm_page_prot = protection_map[flags & 0x0f];
34580 vma->vm_ops = NULL;
34582 vma->vm_file = NULL;
34583 vma->vm_private_data = NULL;
34584 + vma->vm_mirror = 0;
34586 vma_link(mm, vma, prev, rb_link, rb_parent);
34588 diff -urNp linux-2.4.37.7/mm/mprotect.c linux-2.4.37.7/mm/mprotect.c
34589 --- linux-2.4.37.7/mm/mprotect.c 2009-11-07 11:52:20.000000000 -0500
34590 +++ linux-2.4.37.7/mm/mprotect.c 2009-11-10 19:30:27.000000000 -0500
34592 #include <linux/smp_lock.h>
34593 #include <linux/shm.h>
34594 #include <linux/mman.h>
34595 +#include <linux/grsecurity.h>
34597 +#ifdef CONFIG_PAX_MPROTECT
34598 +#include <linux/elf.h>
34599 +#include <linux/fs.h>
34602 #include <asm/uaccess.h>
34603 #include <asm/pgalloc.h>
34604 @@ -236,6 +242,45 @@ static inline int mprotect_fixup_middle(
34608 +#ifdef CONFIG_PAX_SEGMEXEC
34609 +static int __mprotect_fixup(struct vm_area_struct * vma, struct vm_area_struct ** pprev,
34610 + unsigned long start, unsigned long end, unsigned int newflags);
34612 +static int mprotect_fixup(struct vm_area_struct * vma, struct vm_area_struct ** pprev,
34613 + unsigned long start, unsigned long end, unsigned int newflags)
34615 + if (vma->vm_flags & VM_MIRROR) {
34616 + struct vm_area_struct * vma_m, * prev_m;
34617 + unsigned long start_m, end_m;
34620 + start_m = vma->vm_start + vma->vm_mirror;
34621 + vma_m = find_vma_prev(vma->vm_mm, start_m, &prev_m);
34622 + if (vma_m && vma_m->vm_start == start_m && (vma_m->vm_flags & VM_MIRROR)) {
34623 + start_m = start + vma->vm_mirror;
34624 + end_m = end + vma->vm_mirror;
34626 + if (vma_m->vm_start >= SEGMEXEC_TASK_SIZE && !(newflags & VM_EXEC))
34627 + error = __mprotect_fixup(vma_m, &prev_m, start_m, end_m, vma_m->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC));
34629 + error = __mprotect_fixup(vma_m, &prev_m, start_m, end_m, newflags);
34633 + printk("PAX: VMMIRROR: mprotect bug in %s, %08lx\n", current->comm, vma->vm_start);
34638 + return __mprotect_fixup(vma, pprev, start, end, newflags);
34641 +static int __mprotect_fixup(struct vm_area_struct * vma, struct vm_area_struct ** pprev,
34642 + unsigned long start, unsigned long end, unsigned int newflags)
34644 + pgprot_t newprot;
34647 static int mprotect_fixup(struct vm_area_struct * vma, struct vm_area_struct ** pprev,
34648 unsigned long start, unsigned long end, unsigned int newflags)
34650 @@ -246,6 +291,14 @@ static int mprotect_fixup(struct vm_area
34656 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(__i386__)
34657 + if (!(vma->vm_mm->pax_flags & MF_PAX_PAGEEXEC) && (newflags & (VM_READ|VM_WRITE)))
34658 + newprot = protection_map[(newflags | VM_EXEC) & 0xf];
34662 newprot = protection_map[newflags & 0xf];
34663 if (start == vma->vm_start) {
34664 if (end == vma->vm_end)
34665 @@ -264,6 +317,69 @@ static int mprotect_fixup(struct vm_area
34669 +#ifdef CONFIG_PAX_MPROTECT
34670 +/* PaX: non-PIC ELF libraries need relocations on their executable segments
34671 + * therefore we'll grant them VM_MAYWRITE once during their life.
34673 + * The checks favour ld-linux.so behaviour which operates on a per ELF segment
34674 + * basis because we want to allow the common case and not the special ones.
34676 +static inline void pax_handle_maywrite(struct vm_area_struct * vma, unsigned long start)
34678 + struct elfhdr elf_h;
34679 + struct elf_phdr elf_p, p_dyn;
34681 + unsigned long i, j = 65536UL / sizeof(struct elf_phdr);
34683 +#ifndef CONFIG_PAX_NOELFRELOCS
34684 + if ((vma->vm_start != start) ||
34686 + !(vma->vm_flags & VM_MAYEXEC) ||
34687 + (vma->vm_flags & VM_MAYNOTWRITE))
34692 + if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char*)&elf_h, sizeof(elf_h)) ||
34693 + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
34695 +#ifdef CONFIG_PAX_ETEXECRELOCS
34696 + (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC) ||
34698 + elf_h.e_type != ET_DYN ||
34701 + !elf_check_arch(&elf_h) ||
34702 + elf_h.e_phentsize != sizeof(struct elf_phdr) ||
34703 + elf_h.e_phnum > j)
34706 + for (i = 0UL; i < elf_h.e_phnum; i++) {
34707 + if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char*)&elf_p, sizeof(elf_p)))
34709 + if (elf_p.p_type == PT_DYNAMIC) {
34714 + if (elf_h.e_phnum <= j)
34719 + if (sizeof(dyn) != kernel_read(vma->vm_file, p_dyn.p_offset + i*sizeof(dyn), (char*)&dyn, sizeof(dyn)))
34721 + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
34722 + vma->vm_flags |= VM_MAYWRITE | VM_MAYNOTWRITE;
34723 + gr_log_textrel(vma);
34727 + } while (dyn.d_tag != DT_NULL);
34732 asmlinkage long sys_mprotect(unsigned long start, size_t len, unsigned long prot)
34734 unsigned long nstart, end, tmp;
34735 @@ -276,6 +392,17 @@ asmlinkage long sys_mprotect(unsigned lo
34740 +#ifdef CONFIG_PAX_SEGMEXEC
34741 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
34742 + if (end > SEGMEXEC_TASK_SIZE)
34747 + if (end > TASK_SIZE)
34750 if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC))
34753 @@ -288,6 +415,16 @@ asmlinkage long sys_mprotect(unsigned lo
34754 if (!vma || vma->vm_start > start)
34757 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
34762 +#ifdef CONFIG_PAX_MPROTECT
34763 + if ((vma->vm_mm->pax_flags & MF_PAX_MPROTECT) && (prot & PROT_WRITE))
34764 + pax_handle_maywrite(vma, start);
34767 for (nstart = start ; ; ) {
34768 unsigned int newflags;
34770 @@ -300,6 +437,12 @@ asmlinkage long sys_mprotect(unsigned lo
34774 +#ifdef CONFIG_PAX_MPROTECT
34775 + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
34776 + if ((vma->vm_mm->pax_flags & MF_PAX_MPROTECT) && !(prot & PROT_WRITE) && (vma->vm_flags & VM_MAYNOTWRITE))
34777 + newflags &= ~VM_MAYWRITE;
34780 if (vma->vm_end > end) {
34781 error = mprotect_fixup(vma, &prev, nstart, end, newflags);
34783 diff -urNp linux-2.4.37.7/mm/mremap.c linux-2.4.37.7/mm/mremap.c
34784 --- linux-2.4.37.7/mm/mremap.c 2009-11-07 11:52:20.000000000 -0500
34785 +++ linux-2.4.37.7/mm/mremap.c 2009-11-10 19:30:27.000000000 -0500
34786 @@ -226,7 +226,7 @@ unsigned long do_mremap(unsigned long ad
34787 unsigned long flags, unsigned long new_addr)
34789 struct vm_area_struct *vma;
34790 - unsigned long ret = -EINVAL;
34791 + unsigned long ret = -EINVAL, task_size = TASK_SIZE;
34793 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
34795 @@ -237,10 +237,15 @@ unsigned long do_mremap(unsigned long ad
34796 old_len = PAGE_ALIGN(old_len);
34797 new_len = PAGE_ALIGN(new_len);
34799 - if (old_len > TASK_SIZE || addr > TASK_SIZE - old_len)
34800 +#ifdef CONFIG_PAX_SEGMEXEC
34801 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
34802 + task_size = SEGMEXEC_TASK_SIZE;
34805 + if (old_len > task_size || addr > task_size - old_len)
34808 - if (addr >= TASK_SIZE)
34809 + if (addr >= task_size)
34812 /* new_addr is only valid if MREMAP_FIXED is specified */
34813 @@ -250,10 +255,10 @@ unsigned long do_mremap(unsigned long ad
34814 if (!(flags & MREMAP_MAYMOVE))
34817 - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
34818 + if (new_len > task_size || new_addr > task_size - new_len)
34821 - if (new_addr >= TASK_SIZE)
34822 + if (new_addr >= task_size)
34826 @@ -304,6 +309,14 @@ unsigned long do_mremap(unsigned long ad
34827 vma = find_vma(current->mm, addr);
34828 if (!vma || vma->vm_start > addr)
34831 +#ifdef CONFIG_PAX_SEGMEXEC
34832 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MIRROR)) {
34838 /* We can't remap across vm area boundaries */
34839 if (old_len > vma->vm_end - addr)
34841 @@ -315,10 +328,13 @@ unsigned long do_mremap(unsigned long ad
34842 unsigned long locked = current->mm->locked_vm << PAGE_SHIFT;
34843 locked += new_len - old_len;
34845 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked, 1);
34846 if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
34851 + gr_learn_resource(current, RLIMIT_AS, (current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len), 1);
34852 if ((current->mm->total_vm << PAGE_SHIFT) + (new_len - old_len)
34853 > current->rlim[RLIMIT_AS].rlim_cur)
34855 @@ -334,7 +350,7 @@ unsigned long do_mremap(unsigned long ad
34856 if (old_len == vma->vm_end - addr &&
34857 !((flags & MREMAP_FIXED) && (addr != new_addr)) &&
34858 (old_len != new_len || !(flags & MREMAP_MAYMOVE))) {
34859 - unsigned long max_addr = TASK_SIZE;
34860 + unsigned long max_addr = task_size;
34862 max_addr = vma->vm_next->vm_start;
34863 /* can we just expand the current mapping? */
34864 diff -urNp linux-2.4.37.7/mm/page_alloc.c linux-2.4.37.7/mm/page_alloc.c
34865 --- linux-2.4.37.7/mm/page_alloc.c 2009-11-07 11:52:20.000000000 -0500
34866 +++ linux-2.4.37.7/mm/page_alloc.c 2009-11-10 19:30:27.000000000 -0500
34867 @@ -162,12 +162,16 @@ static void fastcall __free_pages_ok (st
34868 page_idx = page - base;
34869 if (page_idx & ~mask)
34871 - index = page_idx >> (1 + order);
34873 - area = zone->free_area + order;
34875 spin_lock_irqsave(&zone->lock, flags);
34877 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
34878 + for (index = 1U << order; index; --index)
34879 + sanitize_highpage(page + index - 1);
34882 + index = page_idx >> (1 + order);
34883 + area = zone->free_area + order;
34884 zone->free_pages -= mask;
34886 while (mask + (1 << (MAX_ORDER-1))) {
34887 diff -urNp linux-2.4.37.7/mm/shmem.c linux-2.4.37.7/mm/shmem.c
34888 --- linux-2.4.37.7/mm/shmem.c 2009-11-07 11:52:20.000000000 -0500
34889 +++ linux-2.4.37.7/mm/shmem.c 2009-11-10 19:30:27.000000000 -0500
34890 @@ -65,12 +65,12 @@ enum sgp_type {
34891 static int shmem_getpage(struct inode *inode, unsigned long idx,
34892 struct page **pagep, enum sgp_type sgp);
34894 -static struct super_operations shmem_ops;
34895 -static struct address_space_operations shmem_aops;
34896 -static struct file_operations shmem_file_operations;
34897 -static struct inode_operations shmem_inode_operations;
34898 -static struct inode_operations shmem_dir_inode_operations;
34899 -static struct vm_operations_struct shmem_vm_ops;
34900 +static const struct super_operations shmem_ops;
34901 +static const struct address_space_operations shmem_aops;
34902 +static const struct file_operations shmem_file_operations;
34903 +static const struct inode_operations shmem_inode_operations;
34904 +static const struct inode_operations shmem_dir_inode_operations;
34905 +static const struct vm_operations_struct shmem_vm_ops;
34907 LIST_HEAD(shmem_inodes);
34908 static spinlock_t shmem_ilock = SPIN_LOCK_UNLOCKED;
34909 @@ -841,7 +841,7 @@ void shmem_lock(struct file *file, int l
34911 static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
34913 - struct vm_operations_struct *ops;
34914 + const struct vm_operations_struct *ops;
34915 struct inode *inode = file->f_dentry->d_inode;
34917 ops = &shmem_vm_ops;
34918 @@ -930,8 +930,8 @@ out:
34920 #ifdef CONFIG_TMPFS
34922 -static struct inode_operations shmem_symlink_inode_operations;
34923 -static struct inode_operations shmem_symlink_inline_operations;
34924 +static const struct inode_operations shmem_symlink_inode_operations;
34925 +static const struct inode_operations shmem_symlink_inline_operations;
34928 * tmpfs itself makes no use of generic_file_read, generic_file_mmap
34929 @@ -1188,7 +1188,7 @@ static int shmem_delete_dentry(struct de
34931 static struct dentry *shmem_lookup(struct inode *dir, struct dentry *dentry)
34933 - static struct dentry_operations shmem_dentry_operations = {
34934 + static const struct dentry_operations shmem_dentry_operations = {
34935 .d_delete = shmem_delete_dentry,
34938 @@ -1424,12 +1424,12 @@ static int shmem_follow_link(struct dent
34942 -static struct inode_operations shmem_symlink_inline_operations = {
34943 +static const struct inode_operations shmem_symlink_inline_operations = {
34944 readlink: shmem_readlink_inline,
34945 follow_link: shmem_follow_link_inline,
34948 -static struct inode_operations shmem_symlink_inode_operations = {
34949 +static const struct inode_operations shmem_symlink_inode_operations = {
34950 truncate: shmem_truncate,
34951 readlink: shmem_readlink,
34952 follow_link: shmem_follow_link,
34953 @@ -1570,7 +1570,7 @@ static struct super_block *shmem_read_su
34957 -static struct address_space_operations shmem_aops = {
34958 +static const struct address_space_operations shmem_aops = {
34959 removepage: shmem_removepage,
34960 writepage: shmem_writepage,
34961 #ifdef CONFIG_TMPFS
34962 @@ -1580,7 +1580,7 @@ static struct address_space_operations s
34966 -static struct file_operations shmem_file_operations = {
34967 +static const struct file_operations shmem_file_operations = {
34969 #ifdef CONFIG_TMPFS
34970 read: shmem_file_read,
34971 @@ -1589,12 +1589,12 @@ static struct file_operations shmem_file
34975 -static struct inode_operations shmem_inode_operations = {
34976 +static const struct inode_operations shmem_inode_operations = {
34977 truncate: shmem_truncate,
34978 setattr: shmem_notify_change,
34981 -static struct inode_operations shmem_dir_inode_operations = {
34982 +static const struct inode_operations shmem_dir_inode_operations = {
34983 #ifdef CONFIG_TMPFS
34984 create: shmem_create,
34985 lookup: shmem_lookup,
34986 @@ -1608,7 +1608,7 @@ static struct inode_operations shmem_dir
34990 -static struct super_operations shmem_ops = {
34991 +static const struct super_operations shmem_ops = {
34992 #ifdef CONFIG_TMPFS
34993 statfs: shmem_statfs,
34994 remount_fs: shmem_remount_fs,
34995 @@ -1617,7 +1617,7 @@ static struct super_operations shmem_ops
34996 put_inode: force_delete,
34999 -static struct vm_operations_struct shmem_vm_ops = {
35000 +static const struct vm_operations_struct shmem_vm_ops = {
35001 nopage: shmem_nopage,
35004 @@ -1628,7 +1628,7 @@ static DECLARE_FSTYPE(tmpfs_fs_type, "tm
35006 static DECLARE_FSTYPE(tmpfs_fs_type, "tmpfs", shmem_read_super, FS_LITTER|FS_NOMOUNT);
35008 -static struct vfsmount *shm_mnt;
35009 +struct vfsmount *shm_mnt;
35011 static int __init init_tmpfs(void)
35013 diff -urNp linux-2.4.37.7/mm/slab.c linux-2.4.37.7/mm/slab.c
35014 --- linux-2.4.37.7/mm/slab.c 2009-11-07 11:52:20.000000000 -0500
35015 +++ linux-2.4.37.7/mm/slab.c 2009-11-10 19:30:27.000000000 -0500
35016 @@ -2017,7 +2017,7 @@ static int s_show(struct seq_file *m, vo
35017 * + further values on SMP and with statistics enabled
35020 -struct seq_operations slabinfo_op = {
35021 +const struct seq_operations slabinfo_op = {
35025 diff -urNp linux-2.4.37.7/mm/swap_state.c linux-2.4.37.7/mm/swap_state.c
35026 --- linux-2.4.37.7/mm/swap_state.c 2009-11-07 11:52:20.000000000 -0500
35027 +++ linux-2.4.37.7/mm/swap_state.c 2009-11-10 19:30:27.000000000 -0500
35028 @@ -31,7 +31,7 @@ static int swap_writepage(struct page *p
35032 -static struct address_space_operations swap_aops = {
35033 +static const struct address_space_operations swap_aops = {
35034 writepage: swap_writepage,
35035 sync_page: block_sync_page,
35037 diff -urNp linux-2.4.37.7/mm/vmalloc.c linux-2.4.37.7/mm/vmalloc.c
35038 --- linux-2.4.37.7/mm/vmalloc.c 2009-11-07 11:52:20.000000000 -0500
35039 +++ linux-2.4.37.7/mm/vmalloc.c 2009-11-10 19:30:27.000000000 -0500
35040 @@ -140,7 +140,7 @@ static inline int alloc_area_pmd(pmd_t *
35041 if (end > PGDIR_SIZE)
35044 - pte_t * pte = pte_alloc(&init_mm, pmd, address);
35045 + pte_t * pte = pte_alloc_kernel(&init_mm, pmd, address);
35048 if (alloc_area_pte(pte, address, end - address,
35049 diff -urNp linux-2.4.37.7/net/8021q/vlanproc.c linux-2.4.37.7/net/8021q/vlanproc.c
35050 --- linux-2.4.37.7/net/8021q/vlanproc.c 2009-11-07 11:52:20.000000000 -0500
35051 +++ linux-2.4.37.7/net/8021q/vlanproc.c 2009-11-10 19:30:27.000000000 -0500
35052 @@ -75,7 +75,7 @@ static char term_msg[] = "***KERNEL:
35053 * Generic /proc/net/vlan/<file> file and inode operations
35056 -static struct file_operations vlan_fops = {
35057 +static const struct file_operations vlan_fops = {
35058 read: vlan_proc_read,
35059 ioctl: NULL, /* vlan_proc_ioctl */
35061 @@ -84,7 +84,7 @@ static struct file_operations vlan_fops
35062 * /proc/net/vlan/<device> file and inode operations
35065 -static struct file_operations vlandev_fops = {
35066 +static const struct file_operations vlandev_fops = {
35067 read: vlan_proc_read,
35068 ioctl: NULL, /* vlan_proc_ioctl */
35070 diff -urNp linux-2.4.37.7/net/atm/br2684.c linux-2.4.37.7/net/atm/br2684.c
35071 --- linux-2.4.37.7/net/atm/br2684.c 2009-11-07 11:52:20.000000000 -0500
35072 +++ linux-2.4.37.7/net/atm/br2684.c 2009-11-10 19:30:27.000000000 -0500
35073 @@ -773,7 +773,7 @@ static ssize_t br2684_proc_read(struct f
35077 -static struct file_operations br2684_proc_operations = {
35078 +static const struct file_operations br2684_proc_operations = {
35079 read: br2684_proc_read,
35082 diff -urNp linux-2.4.37.7/net/atm/mpoa_proc.c linux-2.4.37.7/net/atm/mpoa_proc.c
35083 --- linux-2.4.37.7/net/atm/mpoa_proc.c 2009-11-07 11:52:20.000000000 -0500
35084 +++ linux-2.4.37.7/net/atm/mpoa_proc.c 2009-11-10 19:30:27.000000000 -0500
35085 @@ -41,7 +41,7 @@ static int parse_qos(const char *buff, i
35087 * Define allowed FILE OPERATIONS
35089 -static struct file_operations mpc_file_operations = {
35090 +static const struct file_operations mpc_file_operations = {
35091 read: proc_mpc_read,
35092 write: proc_mpc_write,
35094 diff -urNp linux-2.4.37.7/net/atm/proc.c linux-2.4.37.7/net/atm/proc.c
35095 --- linux-2.4.37.7/net/atm/proc.c 2009-11-07 11:52:20.000000000 -0500
35096 +++ linux-2.4.37.7/net/atm/proc.c 2009-11-10 19:30:27.000000000 -0500
35097 @@ -54,11 +54,11 @@ static ssize_t proc_dev_atm_read(struct
35098 static ssize_t proc_spec_atm_read(struct file *file,char *buf,size_t count,
35101 -static struct file_operations proc_dev_atm_operations = {
35102 +static const struct file_operations proc_dev_atm_operations = {
35103 read: proc_dev_atm_read,
35106 -static struct file_operations proc_spec_atm_operations = {
35107 +static const struct file_operations proc_spec_atm_operations = {
35108 read: proc_spec_atm_read,
35111 @@ -244,7 +244,7 @@ static int clip_seq_show(struct seq_file
35115 -static struct seq_operations arp_seq_ops = {
35116 +static const struct seq_operations arp_seq_ops = {
35117 .start = clip_seq_start,
35118 .next = neigh_seq_next,
35119 .stop = neigh_seq_stop,
35120 @@ -282,7 +282,7 @@ out_kfree:
35124 -static struct file_operations arp_seq_fops = {
35125 +static const struct file_operations arp_seq_fops = {
35126 .open = arp_seq_open,
35128 .llseek = seq_lseek,
35129 diff -urNp linux-2.4.37.7/net/core/neighbour.c linux-2.4.37.7/net/core/neighbour.c
35130 --- linux-2.4.37.7/net/core/neighbour.c 2009-11-07 11:52:20.000000000 -0500
35131 +++ linux-2.4.37.7/net/core/neighbour.c 2009-11-10 19:30:27.000000000 -0500
35132 @@ -63,7 +63,7 @@ void neigh_changeaddr(struct neigh_table
35134 static int neigh_glbl_allocs;
35135 static struct neigh_table *neigh_tables;
35136 -static struct file_operations neigh_stat_seq_fops;
35137 +static const struct file_operations neigh_stat_seq_fops;
35140 Neighbour hash table buckets are protected with rwlock tbl->lock.
35141 @@ -1896,7 +1896,7 @@ static int neigh_stat_seq_show(struct se
35145 -static struct seq_operations neigh_stat_seq_ops = {
35146 +static const struct seq_operations neigh_stat_seq_ops = {
35147 .start = neigh_stat_seq_start,
35148 .next = neigh_stat_seq_next,
35149 .stop = neigh_stat_seq_stop,
35150 @@ -1914,7 +1914,7 @@ static int neigh_stat_seq_open(struct in
35154 -static struct file_operations neigh_stat_seq_fops = {
35155 +static const struct file_operations neigh_stat_seq_fops = {
35156 .owner = THIS_MODULE,
35157 .open = neigh_stat_seq_open,
35159 diff -urNp linux-2.4.37.7/net/decnet/dn_neigh.c linux-2.4.37.7/net/decnet/dn_neigh.c
35160 --- linux-2.4.37.7/net/decnet/dn_neigh.c 2009-11-07 11:52:20.000000000 -0500
35161 +++ linux-2.4.37.7/net/decnet/dn_neigh.c 2009-11-10 19:30:27.000000000 -0500
35162 @@ -550,7 +550,7 @@ static void *dn_neigh_seq_start(struct s
35163 NEIGH_SEQ_NEIGH_ONLY);
35166 -static struct seq_operations dn_neigh_seq_ops = {
35167 +static const struct seq_operations dn_neigh_seq_ops = {
35168 .start = dn_neigh_seq_start,
35169 .next = neigh_seq_next,
35170 .stop = neigh_seq_stop,
35171 @@ -581,7 +581,7 @@ out_kfree:
35175 -static struct file_operations dn_neigh_seq_fops = {
35176 +static const struct file_operations dn_neigh_seq_fops = {
35177 .owner = THIS_MODULE,
35178 .open = dn_neigh_seq_open,
35180 diff -urNp linux-2.4.37.7/net/ipv4/arp.c linux-2.4.37.7/net/ipv4/arp.c
35181 --- linux-2.4.37.7/net/ipv4/arp.c 2009-11-07 11:52:20.000000000 -0500
35182 +++ linux-2.4.37.7/net/ipv4/arp.c 2009-11-10 19:30:27.000000000 -0500
35183 @@ -1311,7 +1311,7 @@ static void *arp_seq_start(struct seq_fi
35185 /* ------------------------------------------------------------------------ */
35187 -static struct seq_operations arp_seq_ops = {
35188 +static const struct seq_operations arp_seq_ops = {
35189 .start = arp_seq_start,
35190 .next = neigh_seq_next,
35191 .stop = neigh_seq_stop,
35192 @@ -1341,7 +1341,7 @@ out_kfree:
35196 -static struct file_operations arp_seq_fops = {
35197 +static const struct file_operations arp_seq_fops = {
35198 .owner = THIS_MODULE,
35199 .open = arp_seq_open,
35201 diff -urNp linux-2.4.37.7/net/ipv4/tcp_ipv4.c linux-2.4.37.7/net/ipv4/tcp_ipv4.c
35202 --- linux-2.4.37.7/net/ipv4/tcp_ipv4.c 2009-11-07 11:52:20.000000000 -0500
35203 +++ linux-2.4.37.7/net/ipv4/tcp_ipv4.c 2009-11-10 19:30:27.000000000 -0500
35205 #include <linux/inet.h>
35206 #include <linux/stddef.h>
35207 #include <linux/ipsec.h>
35208 +#include <linux/grsecurity.h>
35210 extern int sysctl_ip_dynaddr;
35211 extern int sysctl_ip_default_ttl;
35212 @@ -80,6 +81,8 @@ int sysctl_tcp_low_latency = 0;
35213 static struct inode tcp_inode;
35214 static struct socket *tcp_socket=&tcp_inode.u.socket_i;
35216 +extern void gr_update_task_in_ip_table(struct task_struct *task, const struct sock *sk);
35218 void tcp_v4_send_check(struct sock *sk, struct tcphdr *th, int len,
35219 struct sk_buff *skb);
35221 @@ -734,6 +737,8 @@ static int tcp_v4_hash_connect(struct so
35223 spin_unlock(&head->lock);
35225 + gr_update_task_in_ip_table(current, sk);
35228 tcp_tw_deschedule(tw);
35229 tcp_timewait_kill(tw);
35230 @@ -1691,6 +1696,9 @@ int tcp_v4_do_rcv(struct sock *sk, struc
35234 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
35235 + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
35237 tcp_v4_send_reset(skb);
35240 @@ -1785,6 +1793,9 @@ no_tcp_socket:
35242 TCP_INC_STATS_BH(TcpInErrs);
35244 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
35245 + if (skb->dev->flags & IFF_LOOPBACK)
35247 tcp_v4_send_reset(skb);
35250 diff -urNp linux-2.4.37.7/net/ipv4/tcp_minisocks.c linux-2.4.37.7/net/ipv4/tcp_minisocks.c
35251 --- linux-2.4.37.7/net/ipv4/tcp_minisocks.c 2009-11-07 11:52:20.000000000 -0500
35252 +++ linux-2.4.37.7/net/ipv4/tcp_minisocks.c 2009-11-10 19:30:27.000000000 -0500
35253 @@ -977,8 +977,11 @@ listen_overflow:
35256 NET_INC_STATS_BH(EmbryonicRsts);
35258 +#ifndef CONFIG_GRKERNSEC_BLACKHOLE
35259 if (!(flg & TCP_FLAG_RST))
35260 req->class->send_reset(skb);
35263 tcp_synq_drop(sk, req, prev);
35265 diff -urNp linux-2.4.37.7/net/ipv4/udp.c linux-2.4.37.7/net/ipv4/udp.c
35266 --- linux-2.4.37.7/net/ipv4/udp.c 2009-11-07 11:52:20.000000000 -0500
35267 +++ linux-2.4.37.7/net/ipv4/udp.c 2009-11-10 19:30:27.000000000 -0500
35269 #include <net/ipv6.h>
35270 #include <net/protocol.h>
35271 #include <linux/skbuff.h>
35272 +#include <linux/grsecurity.h>
35273 #include <net/sock.h>
35274 #include <net/udp.h>
35275 #include <net/icmp.h>
35277 #include <net/inet_common.h>
35278 #include <net/checksum.h>
35280 +extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
35281 +extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
35284 * Snmp MIB for the UDP layer
35286 @@ -481,9 +485,18 @@ int udp_sendmsg(struct sock *sk, struct
35287 ufh.uh.dest = usin->sin_port;
35288 if (ufh.uh.dest == 0)
35291 + err = gr_search_udp_sendmsg(sk, usin);
35295 if (sk->state != TCP_ESTABLISHED)
35296 return -EDESTADDRREQ;
35298 + err = gr_search_udp_sendmsg(sk, NULL);
35302 ufh.daddr = sk->daddr;
35303 ufh.uh.dest = sk->dport;
35304 /* Open fast path for connected socket.
35305 @@ -712,6 +725,10 @@ try_again:
35309 + err = gr_search_udp_recvmsg(sk, skb);
35313 copied = skb->len - sizeof(struct udphdr);
35314 if (copied > len) {
35316 @@ -1001,6 +1018,9 @@ int udp_rcv(struct sk_buff *skb)
35319 UDP_INC_STATS_BH(UdpNoPorts);
35320 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
35321 + if (skb->dev->flags & IFF_LOOPBACK)
35323 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
35326 diff -urNp linux-2.4.37.7/net/ipv6/tcp_ipv6.c linux-2.4.37.7/net/ipv6/tcp_ipv6.c
35327 --- linux-2.4.37.7/net/ipv6/tcp_ipv6.c 2009-11-07 11:52:20.000000000 -0500
35328 +++ linux-2.4.37.7/net/ipv6/tcp_ipv6.c 2009-11-10 19:30:27.000000000 -0500
35329 @@ -1519,6 +1519,9 @@ static int tcp_v6_do_rcv(struct sock *sk
35333 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
35334 + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
35336 tcp_v6_send_reset(skb);
35339 @@ -1629,6 +1632,9 @@ no_tcp_socket:
35341 TCP_INC_STATS_BH(TcpInErrs);
35343 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
35344 + if (skb->dev->flags & IFF_LOOPBACK)
35346 tcp_v6_send_reset(skb);
35349 diff -urNp linux-2.4.37.7/net/ipv6/udp.c linux-2.4.37.7/net/ipv6/udp.c
35350 --- linux-2.4.37.7/net/ipv6/udp.c 2009-11-07 11:52:20.000000000 -0500
35351 +++ linux-2.4.37.7/net/ipv6/udp.c 2009-11-10 19:30:27.000000000 -0500
35352 @@ -685,6 +685,9 @@ int udpv6_rcv(struct sk_buff *skb)
35354 UDP6_INC_STATS_BH(UdpNoPorts);
35356 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
35357 + if (skb->dev->flags & IFF_LOOPBACK)
35359 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
35362 diff -urNp linux-2.4.37.7/net/netlink/af_netlink.c linux-2.4.37.7/net/netlink/af_netlink.c
35363 --- linux-2.4.37.7/net/netlink/af_netlink.c 2009-11-07 11:52:20.000000000 -0500
35364 +++ linux-2.4.37.7/net/netlink/af_netlink.c 2009-11-10 19:30:27.000000000 -0500
35366 #include <linux/bitops.h>
35367 #include <linux/mm.h>
35368 #include <linux/types.h>
35369 +#include <linux/grsecurity.h>
35370 #include <net/sock.h>
35371 #include <net/scm.h>
35373 @@ -833,7 +834,8 @@ static int netlink_sendmsg(struct socket
35374 check them, when this message will be delivered
35375 to corresponding kernel module. --ANK (980802)
35377 - NETLINK_CB(skb).eff_cap = current->cap_effective;
35379 + NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink();
35382 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
35383 diff -urNp linux-2.4.37.7/net/netlink/netlink_dev.c linux-2.4.37.7/net/netlink/netlink_dev.c
35384 --- linux-2.4.37.7/net/netlink/netlink_dev.c 2009-11-07 11:52:20.000000000 -0500
35385 +++ linux-2.4.37.7/net/netlink/netlink_dev.c 2009-11-10 19:30:27.000000000 -0500
35386 @@ -159,7 +159,7 @@ static int netlink_ioctl(struct inode *i
35390 -static struct file_operations netlink_fops = {
35391 +static const struct file_operations netlink_fops = {
35392 owner: THIS_MODULE,
35394 read: netlink_read,
35395 diff -urNp linux-2.4.37.7/net/netsyms.c linux-2.4.37.7/net/netsyms.c
35396 --- linux-2.4.37.7/net/netsyms.c 2009-11-07 11:52:20.000000000 -0500
35397 +++ linux-2.4.37.7/net/netsyms.c 2009-11-10 19:30:27.000000000 -0500
35399 #include <net/checksum.h>
35400 #include <linux/etherdevice.h>
35401 #include <net/route.h>
35402 +#include <linux/grsecurity.h>
35403 #ifdef CONFIG_HIPPI
35404 #include <linux/hippidevice.h>
35406 @@ -617,6 +618,21 @@ EXPORT_SYMBOL(register_gifconf);
35408 EXPORT_SYMBOL(softnet_data);
35410 +EXPORT_SYMBOL(gr_cap_rtnetlink);
35412 +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
35413 +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
35415 +EXPORT_SYMBOL(gr_search_udp_recvmsg);
35416 +EXPORT_SYMBOL(gr_search_udp_sendmsg);
35418 +#ifdef CONFIG_UNIX_MODULE
35419 +EXPORT_SYMBOL(gr_acl_handle_unix);
35420 +EXPORT_SYMBOL(gr_acl_handle_mknod);
35421 +EXPORT_SYMBOL(gr_handle_chroot_unix);
35422 +EXPORT_SYMBOL(gr_handle_create);
35425 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
35426 #include <net/iw_handler.h>
35427 EXPORT_SYMBOL(wireless_send_event);
35428 diff -urNp linux-2.4.37.7/net/packet/af_packet.c linux-2.4.37.7/net/packet/af_packet.c
35429 --- linux-2.4.37.7/net/packet/af_packet.c 2009-11-07 11:52:20.000000000 -0500
35430 +++ linux-2.4.37.7/net/packet/af_packet.c 2009-11-10 19:30:27.000000000 -0500
35431 @@ -1614,7 +1614,7 @@ static void packet_mm_close(struct vm_ar
35432 atomic_dec(&sk->protinfo.af_packet->mapped);
35435 -static struct vm_operations_struct packet_mmap_ops = {
35436 +static const struct vm_operations_struct packet_mmap_ops = {
35437 open: packet_mm_open,
35438 close: packet_mm_close,
35440 diff -urNp linux-2.4.37.7/net/sctp/proc.c linux-2.4.37.7/net/sctp/proc.c
35441 --- linux-2.4.37.7/net/sctp/proc.c 2009-11-07 11:52:20.000000000 -0500
35442 +++ linux-2.4.37.7/net/sctp/proc.c 2009-11-10 19:30:27.000000000 -0500
35443 @@ -100,7 +100,7 @@ static int sctp_snmp_seq_open(struct ino
35444 return single_open(file, sctp_snmp_seq_show, NULL);
35447 -static struct file_operations sctp_snmp_seq_fops = {
35448 +static const struct file_operations sctp_snmp_seq_fops = {
35449 .owner = THIS_MODULE,
35450 .open = sctp_snmp_seq_open,
35452 @@ -194,7 +194,7 @@ static int sctp_eps_seq_open(struct inod
35453 return single_open(file, sctp_eps_seq_show, NULL);
35456 -static struct file_operations sctp_eps_seq_fops = {
35457 +static const struct file_operations sctp_eps_seq_fops = {
35458 .open = sctp_eps_seq_open,
35460 .llseek = seq_lseek,
35461 @@ -260,7 +260,7 @@ static int sctp_assocs_seq_open(struct i
35462 return single_open(file, sctp_assocs_seq_show, NULL);
35465 -static struct file_operations sctp_assocs_seq_fops = {
35466 +static const struct file_operations sctp_assocs_seq_fops = {
35467 .open = sctp_assocs_seq_open,
35469 .llseek = seq_lseek,
35470 diff -urNp linux-2.4.37.7/net/socket.c linux-2.4.37.7/net/socket.c
35471 --- linux-2.4.37.7/net/socket.c 2009-11-07 11:52:20.000000000 -0500
35472 +++ linux-2.4.37.7/net/socket.c 2009-11-10 19:30:27.000000000 -0500
35474 #include <net/scm.h>
35475 #include <linux/netfilter.h>
35477 +extern void gr_attach_curr_ip(const struct sock *sk);
35478 +extern int gr_handle_sock_all(const int family, const int type,
35479 + const int protocol);
35480 +extern int gr_handle_sock_server(const struct sockaddr *sck);
35481 +extern int gr_handle_sock_server_other(const struct socket *sck);
35482 +extern int gr_handle_sock_client(const struct sockaddr *sck);
35483 +extern int gr_search_connect(struct socket * sock,
35484 + struct sockaddr_in * addr);
35485 +extern int gr_search_bind(struct socket * sock,
35486 + struct sockaddr_in * addr);
35487 +extern int gr_search_listen(const struct socket * sock);
35488 +extern int gr_search_accept(const struct socket * sock);
35489 +extern int gr_search_socket(const int domain, const int type,
35490 + const int protocol);
35492 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
35493 static ssize_t sock_read(struct file *file, char *buf,
35494 size_t size, loff_t *ppos);
35495 @@ -111,7 +126,7 @@ static ssize_t sock_sendpage(struct file
35496 * in the operation structures but are done directly via the socketcall() multiplexor.
35499 -static struct file_operations socket_file_ops = {
35500 +static const struct file_operations socket_file_ops = {
35504 @@ -271,7 +286,7 @@ static int sockfs_statfs(struct super_bl
35508 -static struct super_operations sockfs_ops = {
35509 +static const struct super_operations sockfs_ops = {
35510 statfs: sockfs_statfs,
35513 @@ -298,13 +313,13 @@ static struct super_block * sockfs_read_
35517 -static struct vfsmount *sock_mnt;
35518 +struct vfsmount *sock_mnt;
35519 static DECLARE_FSTYPE(sock_fs_type, "sockfs", sockfs_read_super, FS_NOMOUNT);
35520 static int sockfs_delete_dentry(struct dentry *dentry)
35524 -static struct dentry_operations sockfs_dentry_operations = {
35525 +static const struct dentry_operations sockfs_dentry_operations = {
35526 d_delete: sockfs_delete_dentry,
35529 @@ -906,6 +921,16 @@ asmlinkage long sys_socket(int family, i
35531 struct socket *sock;
35533 + if(!gr_search_socket(family, type, protocol)) {
35534 + retval = -EACCES;
35538 + if (gr_handle_sock_all(family, type, protocol)) {
35539 + retval = -EACCES;
35543 retval = sock_create(family, type, protocol, &sock);
35546 @@ -1001,12 +1026,27 @@ asmlinkage long sys_bind(int fd, struct
35548 struct socket *sock;
35549 char address[MAX_SOCK_ADDR];
35550 + struct sockaddr * sck;
35553 if((sock = sockfd_lookup(fd,&err))!=NULL)
35555 - if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
35556 + if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
35557 + sck = (struct sockaddr *) address;
35559 + if (gr_handle_sock_server(sck)) {
35560 + sockfd_put(sock);
35564 + err = gr_search_bind(sock, (struct sockaddr_in *) sck);
35566 + sockfd_put(sock);
35570 err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
35575 @@ -1029,6 +1069,18 @@ asmlinkage long sys_listen(int fd, int b
35576 if ((sock = sockfd_lookup(fd, &err)) != NULL) {
35577 if ((unsigned) backlog > sysctl_somaxconn)
35578 backlog = sysctl_somaxconn;
35580 + if (gr_handle_sock_server_other(sock)) {
35581 + sockfd_put(sock);
35585 + err = gr_search_listen(sock);
35587 + sockfd_put(sock);
35591 err=sock->ops->listen(sock, backlog);
35594 @@ -1065,6 +1117,15 @@ asmlinkage long sys_accept(int fd, struc
35595 newsock->type = sock->type;
35596 newsock->ops = sock->ops;
35598 + if (gr_handle_sock_server_other(sock)) {
35600 + goto out_release;
35603 + err = gr_search_accept(sock);
35605 + goto out_release;
35607 err = sock->ops->accept(sock, newsock, sock->file->f_flags);
35610 @@ -1084,6 +1145,8 @@ asmlinkage long sys_accept(int fd, struc
35611 if ((err = sock_map_fd(newsock)) < 0)
35614 + gr_attach_curr_ip(newsock->sk);
35619 @@ -1111,6 +1174,7 @@ asmlinkage long sys_connect(int fd, stru
35621 struct socket *sock;
35622 char address[MAX_SOCK_ADDR];
35623 + struct sockaddr * sck;
35626 sock = sockfd_lookup(fd, &err);
35627 @@ -1119,6 +1183,18 @@ asmlinkage long sys_connect(int fd, stru
35628 err = move_addr_to_kernel(uservaddr, addrlen, address);
35632 + sck = (struct sockaddr *) address;
35634 + err = gr_search_connect(sock, (struct sockaddr_in *) sck);
35638 + if (gr_handle_sock_client(sck)) {
35643 err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
35644 sock->file->f_flags);
35646 diff -urNp linux-2.4.37.7/net/unix/af_unix.c linux-2.4.37.7/net/unix/af_unix.c
35647 --- linux-2.4.37.7/net/unix/af_unix.c 2009-11-07 11:52:20.000000000 -0500
35648 +++ linux-2.4.37.7/net/unix/af_unix.c 2009-11-10 19:30:27.000000000 -0500
35649 @@ -109,6 +109,7 @@
35650 #include <linux/poll.h>
35651 #include <linux/smp_lock.h>
35652 #include <linux/rtnetlink.h>
35653 +#include <linux/grsecurity.h>
35655 #include <asm/checksum.h>
35657 @@ -589,6 +590,11 @@ static unix_socket *unix_find_other(stru
35661 + if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) {
35666 err = -ECONNREFUSED;
35667 if (!S_ISSOCK(nd.dentry->d_inode->i_mode))
35669 @@ -612,6 +618,13 @@ static unix_socket *unix_find_other(stru
35671 struct dentry *dentry;
35672 dentry = u->protinfo.af_unix.dentry;
35674 + if (!gr_handle_chroot_unix(u->peercred.pid)) {
35681 UPDATE_ATIME(dentry->d_inode);
35683 @@ -710,9 +723,19 @@ static int unix_bind(struct socket *sock
35684 * All right, let's create it.
35686 mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
35688 + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
35690 + goto out_mknod_dput;
35693 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
35696 goto out_mknod_dput;
35698 + gr_handle_create(dentry, nd.mnt);
35700 up(&nd.dentry->d_inode->i_sem);
35702 nd.dentry = dentry;
35703 @@ -730,6 +753,10 @@ static int unix_bind(struct socket *sock
35707 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
35708 + sk->peercred.pid = current->pid;
35711 list = &unix_socket_table[addr->hash];
35713 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
35714 @@ -856,6 +883,9 @@ static int unix_stream_connect(struct so
35718 +#ifdef CONFIG_GRKERNSEC
35719 + struct task_struct *p, **htable;
35722 err = unix_mkname(sunaddr, addr_len, &hash);
35724 @@ -982,6 +1012,17 @@ restart:
35725 /* Set credentials */
35726 sk->peercred = other->peercred;
35728 +#ifdef CONFIG_GRKERNSEC
35729 + read_lock(&tasklist_lock);
35730 + htable = &pidhash[pid_hashfn(other->peercred.pid)];
35731 + for (p = *htable; p && p->pid != other->peercred.pid; p = p->pidhash_next);
35733 + p->curr_ip = current->curr_ip;
35734 + p->used_accept = 1;
35736 + read_unlock(&tasklist_lock);
35740 unix_peer(sk)=newsk;
35741 sock->state=SS_CONNECTED;