summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2004-12-19 19:28:17 +0000
committerTim Yamin <plasmaroo@gentoo.org>2004-12-19 19:28:17 +0000
commitc34dfdb993090744025e8d37ae4122d4ecc84a48 (patch)
tree943757112c11ae4051e372451511ff494d517fe0 /sys-kernel/usermode-sources
parentAdded to ~ppc (Manifest recommit) (diff)
downloadgentoo-2-c34dfdb993090744025e8d37ae4122d4ecc84a48.tar.gz
gentoo-2-c34dfdb993090744025e8d37ae4122d4ecc84a48.tar.bz2
gentoo-2-c34dfdb993090744025e8d37ae4122d4ecc84a48.zip
Adding SELinux fixes for the AF_UNIX patch; bug #72317. Also fixing security bugs #72452 (Adding VMA Patch) and #73000.
Diffstat (limited to 'sys-kernel/usermode-sources')
-rw-r--r--sys-kernel/usermode-sources/ChangeLog12
-rw-r--r--sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r6 (renamed from sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r5)0
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.6.AF_UNIX.SELinux.patch61
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2004-1151.patch35
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.6.vma.patch205
-rw-r--r--sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r6.ebuild (renamed from sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild)7
6 files changed, 317 insertions, 3 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index 55ed3a79be84..2bf6807e0648 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for sys-kernel/usermode-sources
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.54 2004/11/28 11:50:35 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.55 2004/12/19 19:28:17 plasmaroo Exp $
+
+*usermode-sources-2.6.8.1-r6 (19 Dec 2004)
+
+ 19 Dec 2004; <plasmaroo@gentoo.org> -usermode-sources-2.6.8.1-r5.ebuild,
+ +usermode-sources-2.6.8.1-r6.ebuild,
+ +files/usermode-sources-2.6.AF_UNIX.SELinux.patch,
+ +files/usermode-sources-2.6.CAN-2004-1151.patch,
+ +files/usermode-sources-2.6.vma.patch:
+ Adding SELinux fixes for the AF_UNIX patch; bug #72317. Also fixing security
+ bugs #72452 (Adding VMA Patch) and #73000.
28 Nov 2004; <plasmaroo@gentoo.org> usermode-sources-2.6.8.1-r5.ebuild,
+files/usermode-sources-2.6.AF_UNIX.patch:
diff --git a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r5 b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r6
index 700dd6829cb4..700dd6829cb4 100644
--- a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r5
+++ b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r6
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.AF_UNIX.SELinux.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.AF_UNIX.SELinux.patch
new file mode 100644
index 000000000000..dbb8b2329a28
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.AF_UNIX.SELinux.patch
@@ -0,0 +1,61 @@
+--- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100
++++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000
+@@ -477,6 +477,8 @@
+ struct msghdr *, size_t, int);
+ static int unix_dgram_connect(struct socket *, struct sockaddr *,
+ int, int);
++static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
++ struct msghdr *, size_t);
+
+ static struct proto_ops unix_stream_ops = {
+ .family = PF_UNIX,
+@@ -535,7 +537,7 @@
+ .shutdown = unix_shutdown,
+ .setsockopt = sock_no_setsockopt,
+ .getsockopt = sock_no_getsockopt,
+- .sendmsg = unix_dgram_sendmsg,
++ .sendmsg = unix_seqpacket_sendmsg,
+ .recvmsg = unix_dgram_recvmsg,
+ .mmap = sock_no_mmap,
+ .sendpage = sock_no_sendpage,
+@@ -1365,9 +1367,11 @@
+ if (other->sk_shutdown & RCV_SHUTDOWN)
+ goto out_unlock;
+
+- err = security_unix_may_send(sk->sk_socket, other->sk_socket);
+- if (err)
+- goto out_unlock;
++ if (sk->sk_type != SOCK_SEQPACKET) {
++ err = security_unix_may_send(sk->sk_socket, other->sk_socket);
++ if (err)
++ goto out_unlock;
++ }
+
+ if (unix_peer(other) != sk &&
+ (skb_queue_len(&other->sk_receive_queue) >
+@@ -1517,6 +1521,25 @@
+ return sent ? : err;
+ }
+
++static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
++ struct msghdr *msg, size_t len)
++{
++ int err;
++ struct sock *sk = sock->sk;
++
++ err = sock_error(sk);
++ if (err)
++ return err;
++
++ if (sk->sk_state != TCP_ESTABLISHED)
++ return -ENOTCONN;
++
++ if (msg->msg_namelen)
++ msg->msg_namelen = 0;
++
++ return unix_dgram_sendmsg(kiocb, sock, msg, len);
++}
++
+ static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
+ {
+ struct unix_sock *u = unix_sk(sk);
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2004-1151.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2004-1151.patch
new file mode 100644
index 000000000000..fc4289e4f444
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2004-1151.patch
@@ -0,0 +1,35 @@
+--- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00
++++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00
+@@ -525,11 +525,12 @@
+ int sys32_ni_syscall(int call)
+ {
+ struct task_struct *me = current;
+- static char lastcomm[8];
+- if (strcmp(lastcomm, me->comm)) {
+- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call,
+- current->comm);
+- strcpy(lastcomm, me->comm);
++ static char lastcomm[sizeof(me->comm)];
++
++ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
++ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n",
++ call, me->comm);
++ strncpy(lastcomm, me->comm, sizeof(lastcomm));
+ }
+ return -ENOSYS;
+ }
+@@ -1125,11 +1126,11 @@
+ long sys32_vm86_warning(void)
+ {
+ struct task_struct *me = current;
+- static char lastcomm[8];
+- if (strcmp(lastcomm, me->comm)) {
++ static char lastcomm[sizeof(me->comm)];
++ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
+ printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n",
+ me->comm);
+- strcpy(lastcomm, me->comm);
++ strncpy(lastcomm, me->comm, sizeof(lastcomm));
+ }
+ return -ENOSYS;
+ }
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.vma.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.vma.patch
new file mode 100644
index 000000000000..53ca070ca333
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.vma.patch
@@ -0,0 +1,205 @@
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/ia64/ia32/binfmt_elf32.c linux-dsd/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.8-gentoo-r11/arch/ia64/ia32/binfmt_elf32.c 2004-08-14 06:37:42.000000000 +0100
++++ linux-dsd/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 01:22:18.416099008 +0000
+@@ -84,7 +84,11 @@ ia64_elf32_init (struct pt_regs *regs)
+ vma->vm_ops = &ia32_shared_page_vm_ops;
+ down_write(&current->mm->mmap_sem);
+ {
+- insert_vm_struct(current->mm, vma);
++ if (insert_vm_struct(current->mm, vma)) {
++ kmem_cache_free(vm_area_cachep, vma);
++ up_write(&current->mm->mmap_sem);
++ return;
++ }
+ }
+ up_write(&current->mm->mmap_sem);
+ }
+@@ -103,7 +107,11 @@ ia64_elf32_init (struct pt_regs *regs)
+ vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE;
+ down_write(&current->mm->mmap_sem);
+ {
+- insert_vm_struct(current->mm, vma);
++ if (insert_vm_struct(current->mm, vma)) {
++ kmem_cache_free(vm_area_cachep, vma);
++ up_write(&current->mm->mmap_sem);
++ return;
++ }
+ }
+ up_write(&current->mm->mmap_sem);
+ }
+@@ -151,7 +159,7 @@ ia32_setup_arg_pages (struct linux_binpr
+ unsigned long stack_base;
+ struct vm_area_struct *mpnt;
+ struct mm_struct *mm = current->mm;
+- int i;
++ int i, ret;
+
+ stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
+ mm->arg_start = bprm->p + stack_base;
+@@ -186,7 +194,11 @@ ia32_setup_arg_pages (struct linux_binpr
+ mpnt->vm_flags = VM_STACK_FLAGS;
+ mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)?
+ PAGE_COPY_EXEC: PAGE_COPY;
+- insert_vm_struct(current->mm, mpnt);
++ if ((ret = insert_vm_struct(current->mm, mpnt))) {
++ up_write(&current->mm->mmap_sem);
++ kmem_cache_free(vm_area_cachep, mpnt);
++ return ret;
++ }
+ current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+ }
+
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/ia64/mm/init.c linux-dsd/arch/ia64/mm/init.c
+--- linux-2.6.8-gentoo-r11/arch/ia64/mm/init.c 2004-08-14 06:36:56.000000000 +0100
++++ linux-dsd/arch/ia64/mm/init.c 2004-12-03 01:20:32.714168144 +0000
+@@ -131,7 +131,13 @@ ia64_init_addr_space (void)
+ vma->vm_end = vma->vm_start + PAGE_SIZE;
+ vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7];
+ vma->vm_flags = VM_DATA_DEFAULT_FLAGS | VM_GROWSUP;
+- insert_vm_struct(current->mm, vma);
++ down_write(&current->mm->mmap_sem);
++ if (insert_vm_struct(current->mm, vma)) {
++ up_write(&current->mm->mmap_sem);
++ kmem_cache_free(vm_area_cachep, vma);
++ return;
++ }
++ up_write(&current->mm->mmap_sem);
+ }
+
+ /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */
+@@ -143,7 +149,13 @@ ia64_init_addr_space (void)
+ vma->vm_end = PAGE_SIZE;
+ vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT);
+ vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED;
+- insert_vm_struct(current->mm, vma);
++ down_write(&current->mm->mmap_sem);
++ if (insert_vm_struct(current->mm, vma)) {
++ up_write(&current->mm->mmap_sem);
++ kmem_cache_free(vm_area_cachep, vma);
++ return;
++ }
++ up_write(&current->mm->mmap_sem);
+ }
+ }
+ }
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/s390/kernel/compat_exec.c linux-dsd/arch/s390/kernel/compat_exec.c
+--- linux-2.6.8-gentoo-r11/arch/s390/kernel/compat_exec.c 2004-08-14 06:37:40.000000000 +0100
++++ linux-dsd/arch/s390/kernel/compat_exec.c 2004-12-03 01:23:39.196818472 +0000
+@@ -39,7 +39,7 @@ int setup_arg_pages32(struct linux_binpr
+ unsigned long stack_base;
+ struct vm_area_struct *mpnt;
+ struct mm_struct *mm = current->mm;
+- int i;
++ int i, ret;
+
+ stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
+ mm->arg_start = bprm->p + stack_base;
+@@ -68,7 +68,11 @@ int setup_arg_pages32(struct linux_binpr
+ /* executable stack setting would be applied here */
+ mpnt->vm_page_prot = PAGE_COPY;
+ mpnt->vm_flags = VM_STACK_FLAGS;
+- insert_vm_struct(mm, mpnt);
++ if ((ret = insert_vm_struct(mm, mpnt))) {
++ up_write(&mm->mmap_sem);
++ kmem_cache_free(vm_area_cachep, mpnt);
++ return ret;
++ }
+ mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+ }
+
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/x86_64/ia32/ia32_binfmt.c linux-dsd/arch/x86_64/ia32/ia32_binfmt.c
+--- linux-2.6.8-gentoo-r11/arch/x86_64/ia32/ia32_binfmt.c 2004-08-14 06:36:12.000000000 +0100
++++ linux-dsd/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 01:25:24.771768640 +0000
+@@ -330,7 +330,7 @@ int setup_arg_pages(struct linux_binprm
+ unsigned long stack_base;
+ struct vm_area_struct *mpnt;
+ struct mm_struct *mm = current->mm;
+- int i;
++ int i, ret;
+
+ stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE;
+ mm->arg_start = bprm->p + stack_base;
+@@ -364,7 +364,11 @@ int setup_arg_pages(struct linux_binprm
+ mpnt->vm_flags = vm_stack_flags32;
+ mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ?
+ PAGE_COPY_EXEC : PAGE_COPY;
+- insert_vm_struct(mm, mpnt);
++ if ((ret = insert_vm_struct(mm, mpnt))) {
++ up_write(&mm->mmap_sem);
++ kmem_cache_free(vm_area_cachep, mpnt);
++ return ret;
++ }
+ mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+ }
+
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/fs/exec.c linux-dsd/fs/exec.c
+--- linux-2.6.8-gentoo-r11/fs/exec.c 2004-12-03 01:13:58.502097488 +0000
++++ linux-dsd/fs/exec.c 2004-12-03 01:26:47.749154160 +0000
+@@ -341,7 +341,7 @@ int setup_arg_pages(struct linux_binprm
+ unsigned long stack_base;
+ struct vm_area_struct *mpnt;
+ struct mm_struct *mm = current->mm;
+- int i;
++ int i, ret;
+ long arg_size;
+
+ #ifdef CONFIG_STACK_GROWSUP
+@@ -412,7 +412,6 @@ int setup_arg_pages(struct linux_binprm
+
+ down_write(&mm->mmap_sem);
+ {
+- struct vm_area_struct *vma;
+ mpnt->vm_mm = mm;
+ #ifdef CONFIG_STACK_GROWSUP
+ mpnt->vm_start = stack_base;
+@@ -433,13 +432,11 @@ int setup_arg_pages(struct linux_binprm
+ mpnt->vm_flags = VM_STACK_FLAGS;
+ mpnt->vm_flags |= mm->def_flags;
+ mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7];
+- vma = find_vma(mm, mpnt->vm_start);
+- if (vma) {
++ if ((ret = insert_vm_struct(mm, mpnt))) {
+ up_write(&mm->mmap_sem);
+ kmem_cache_free(vm_area_cachep, mpnt);
+- return -ENOMEM;
++ return ret;
+ }
+- insert_vm_struct(mm, mpnt);
+ mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+ }
+
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/include/linux/mm.h linux-dsd/include/linux/mm.h
+--- linux-2.6.8-gentoo-r11/include/linux/mm.h 2004-08-14 06:36:13.000000000 +0100
++++ linux-dsd/include/linux/mm.h 2004-12-03 01:20:32.718167536 +0000
+@@ -624,7 +624,7 @@ extern struct vm_area_struct *vma_merge(
+ extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *);
+ extern int split_vma(struct mm_struct *,
+ struct vm_area_struct *, unsigned long addr, int new_below);
+-extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
++extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
+ extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *,
+ struct rb_node **, struct rb_node *);
+ extern struct vm_area_struct *copy_vma(struct vm_area_struct **,
+diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/mm/mmap.c linux-dsd/mm/mmap.c
+--- linux-2.6.8-gentoo-r11/mm/mmap.c 2004-08-14 06:37:15.000000000 +0100
++++ linux-dsd/mm/mmap.c 2004-12-03 01:20:32.720167232 +0000
+@@ -1740,7 +1740,7 @@ void exit_mmap(struct mm_struct *mm)
+ * and into the inode's i_mmap tree. If vm_file is non-NULL
+ * then i_mmap_lock is taken here.
+ */
+-void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
++int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
+ {
+ struct vm_area_struct * __vma, * prev;
+ struct rb_node ** rb_link, * rb_parent;
+@@ -1763,8 +1763,9 @@ void insert_vm_struct(struct mm_struct *
+ }
+ __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent);
+ if (__vma && __vma->vm_start < vma->vm_end)
+- BUG();
++ return -ENOMEM;
+ vma_link(mm, vma, prev, rb_link, rb_parent);
++ return 0;
+ }
+
+ /*
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r6.ebuild
index 2fffd8215cdf..c9b725e655fe 100644
--- a/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild
+++ b/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r6.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild,v 1.2 2004/11/28 11:50:35 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r6.ebuild,v 1.1 2004/12/19 19:28:17 plasmaroo Exp $
K_NOUSENAME="yes"
ETYPE="sources"
@@ -16,7 +16,10 @@ UNIPATCH_LIST="${DISTDIR}/${UML_PATCH}.bz2
${FILESDIR}/${PN}-2.6.binfmt_elf.patch
${FILESDIR}/${PN}-2.6.smbfs.patch
${FILESDIR}/${PN}-2.6.binfmt_a.out.patch
- ${FILESDIR}/${PN}-2.6.AF_UNIX.patch"
+ ${FILESDIR}/${PN}-2.6.AF_UNIX.patch
+ ${FILESDIR}/${PN}-2.6.AF_UNIX.SELinux.patch
+ ${FILESDIR}/${PN}-2.6.CAN-2004-1151.patch
+ ${FILESDIR}/${PN}-2.6.vma.patch"
DESCRIPTION="Full (vanilla) sources for the User Mode Linux kernel"
SRC_URI="mirror://kernel/linux/kernel/v2.6/linux-${PV}.tar.bz2