1 |
This is TOMOYO Linux patch for kernel 2.6.31-git13. |
This is TOMOYO Linux patch for kernel 2.6.32-rc1. |
2 |
|
|
3 |
Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git13.bz2 |
Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/testing/linux-2.6.32-rc1.tar.bz2 |
4 |
--- |
--- |
5 |
fs/compat.c | 3 ++- |
fs/compat.c | 3 ++- |
6 |
fs/compat_ioctl.c | 7 +++++++ |
fs/compat_ioctl.c | 7 +++++++ |
36 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
37 |
32 files changed, 249 insertions(+), 3 deletions(-) |
32 files changed, 249 insertions(+), 3 deletions(-) |
38 |
|
|
39 |
--- linux-2.6.31-git13.orig/fs/compat.c |
--- linux-2.6.32-rc1.orig/fs/compat.c |
40 |
+++ linux-2.6.31-git13/fs/compat.c |
+++ linux-2.6.32-rc1/fs/compat.c |
41 |
@@ -56,6 +56,7 @@ |
@@ -56,6 +56,7 @@ |
42 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
43 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
55 |
if (retval < 0) |
if (retval < 0) |
56 |
goto out; |
goto out; |
57 |
|
|
58 |
--- linux-2.6.31-git13.orig/fs/compat_ioctl.c |
--- linux-2.6.32-rc1.orig/fs/compat_ioctl.c |
59 |
+++ linux-2.6.31-git13/fs/compat_ioctl.c |
+++ linux-2.6.32-rc1/fs/compat_ioctl.c |
60 |
@@ -114,6 +114,7 @@ |
@@ -114,6 +114,7 @@ |
61 |
#ifdef CONFIG_SPARC |
#ifdef CONFIG_SPARC |
62 |
#include <asm/fbio.h> |
#include <asm/fbio.h> |
85 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
86 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
87 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
88 |
--- linux-2.6.31-git13.orig/fs/exec.c |
--- linux-2.6.32-rc1.orig/fs/exec.c |
89 |
+++ linux-2.6.31-git13/fs/exec.c |
+++ linux-2.6.32-rc1/fs/exec.c |
90 |
@@ -60,6 +60,7 @@ |
@@ -61,6 +61,7 @@ |
91 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
92 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
93 |
#include "internal.h" |
#include "internal.h" |
95 |
|
|
96 |
int core_uses_pid; |
int core_uses_pid; |
97 |
char core_pattern[CORENAME_MAX_SIZE] = "core"; |
char core_pattern[CORENAME_MAX_SIZE] = "core"; |
98 |
@@ -1353,7 +1354,7 @@ int do_execve(char * filename, |
@@ -1355,7 +1356,7 @@ int do_execve(char * filename, |
99 |
goto out; |
goto out; |
100 |
|
|
101 |
current->flags &= ~PF_KTHREAD; |
current->flags &= ~PF_KTHREAD; |
104 |
if (retval < 0) |
if (retval < 0) |
105 |
goto out; |
goto out; |
106 |
|
|
107 |
--- linux-2.6.31-git13.orig/fs/fcntl.c |
--- linux-2.6.32-rc1.orig/fs/fcntl.c |
108 |
+++ linux-2.6.31-git13/fs/fcntl.c |
+++ linux-2.6.32-rc1/fs/fcntl.c |
109 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
110 |
#include <asm/poll.h> |
#include <asm/poll.h> |
111 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
124 |
/* O_NOATIME can only be set by the owner or superuser */ |
/* O_NOATIME can only be set by the owner or superuser */ |
125 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
126 |
if (!is_owner_or_cap(inode)) |
if (!is_owner_or_cap(inode)) |
127 |
--- linux-2.6.31-git13.orig/fs/ioctl.c |
--- linux-2.6.32-rc1.orig/fs/ioctl.c |
128 |
+++ linux-2.6.31-git13/fs/ioctl.c |
+++ linux-2.6.32-rc1/fs/ioctl.c |
129 |
@@ -18,6 +18,7 @@ |
@@ -18,6 +18,7 @@ |
130 |
#include <linux/falloc.h> |
#include <linux/falloc.h> |
131 |
|
|
143 |
|
|
144 |
if (filp->f_op->unlocked_ioctl) { |
if (filp->f_op->unlocked_ioctl) { |
145 |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
146 |
@@ -617,6 +620,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd, |
@@ -618,6 +621,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd, |
147 |
goto out; |
goto out; |
148 |
|
|
149 |
error = security_file_ioctl(filp, cmd, arg); |
error = security_file_ioctl(filp, cmd, arg); |
152 |
if (error) |
if (error) |
153 |
goto out_fput; |
goto out_fput; |
154 |
|
|
155 |
--- linux-2.6.31-git13.orig/fs/namei.c |
--- linux-2.6.32-rc1.orig/fs/namei.c |
156 |
+++ linux-2.6.31-git13/fs/namei.c |
+++ linux-2.6.32-rc1/fs/namei.c |
157 |
@@ -37,6 +37,8 @@ |
@@ -37,6 +37,8 @@ |
158 |
|
|
159 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
285 |
if (error) |
if (error) |
286 |
goto exit6; |
goto exit6; |
287 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
288 |
--- linux-2.6.31-git13.orig/fs/namespace.c |
--- linux-2.6.32-rc1.orig/fs/namespace.c |
289 |
+++ linux-2.6.31-git13/fs/namespace.c |
+++ linux-2.6.32-rc1/fs/namespace.c |
290 |
@@ -33,6 +33,7 @@ |
@@ -33,6 +33,7 @@ |
291 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
292 |
#include "pnode.h" |
#include "pnode.h" |
343 |
|
|
344 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
345 |
if ((err = graft_tree(newmnt, path))) |
if ((err = graft_tree(newmnt, path))) |
346 |
@@ -1888,6 +1902,7 @@ int copy_mount_options(const void __user |
@@ -1905,6 +1919,7 @@ int copy_mount_string(const void __user |
347 |
long do_mount(char *dev_name, char *dir_name, char *type_page, |
long do_mount(char *dev_name, char *dir_name, char *type_page, |
348 |
unsigned long flags, void *data_page) |
unsigned long flags, void *data_page) |
349 |
{ |
{ |
351 |
struct path path; |
struct path path; |
352 |
int retval = 0; |
int retval = 0; |
353 |
int mnt_flags = 0; |
int mnt_flags = 0; |
354 |
@@ -1937,6 +1952,9 @@ long do_mount(char *dev_name, char *dir_ |
@@ -1952,6 +1967,9 @@ long do_mount(char *dev_name, char *dir_ |
355 |
|
|
356 |
retval = security_sb_mount(dev_name, &path, |
retval = security_sb_mount(dev_name, &path, |
357 |
type_page, flags, data_page); |
type_page, flags, data_page); |
361 |
if (retval) |
if (retval) |
362 |
goto dput_out; |
goto dput_out; |
363 |
|
|
364 |
@@ -2140,6 +2158,8 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
@@ -2157,6 +2175,8 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
365 |
|
|
366 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
367 |
return -EPERM; |
return -EPERM; |
370 |
|
|
371 |
error = user_path_dir(new_root, &new); |
error = user_path_dir(new_root, &new); |
372 |
if (error) |
if (error) |
373 |
@@ -2153,6 +2173,8 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
@@ -2170,6 +2190,8 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
374 |
goto out1; |
goto out1; |
375 |
|
|
376 |
error = security_sb_pivotroot(&old, &new); |
error = security_sb_pivotroot(&old, &new); |
379 |
if (error) { |
if (error) { |
380 |
path_put(&old); |
path_put(&old); |
381 |
goto out1; |
goto out1; |
382 |
--- linux-2.6.31-git13.orig/fs/open.c |
--- linux-2.6.32-rc1.orig/fs/open.c |
383 |
+++ linux-2.6.31-git13/fs/open.c |
+++ linux-2.6.32-rc1/fs/open.c |
384 |
@@ -30,6 +30,7 @@ |
@@ -30,6 +30,7 @@ |
385 |
#include <linux/audit.h> |
#include <linux/audit.h> |
386 |
#include <linux/falloc.h> |
#include <linux/falloc.h> |
501 |
if (capable(CAP_SYS_TTY_CONFIG)) { |
if (capable(CAP_SYS_TTY_CONFIG)) { |
502 |
tty_vhangup_self(); |
tty_vhangup_self(); |
503 |
return 0; |
return 0; |
504 |
--- linux-2.6.31-git13.orig/fs/proc/version.c |
--- linux-2.6.32-rc1.orig/fs/proc/version.c |
505 |
+++ linux-2.6.31-git13/fs/proc/version.c |
+++ linux-2.6.32-rc1/fs/proc/version.c |
506 |
@@ -32,3 +32,10 @@ static int __init proc_version_init(void |
@@ -32,3 +32,10 @@ static int __init proc_version_init(void |
507 |
return 0; |
return 0; |
508 |
} |
} |
510 |
+ |
+ |
511 |
+static int __init ccs_show_version(void) |
+static int __init ccs_show_version(void) |
512 |
+{ |
+{ |
513 |
+ printk(KERN_INFO "Hook version: 2.6.31-git13 2009/09/24\n"); |
+ printk(KERN_INFO "Hook version: 2.6.32-rc1 2009/09/28\n"); |
514 |
+ return 0; |
+ return 0; |
515 |
+} |
+} |
516 |
+module_init(ccs_show_version); |
+module_init(ccs_show_version); |
517 |
--- linux-2.6.31-git13.orig/include/linux/init_task.h |
--- linux-2.6.32-rc1.orig/include/linux/init_task.h |
518 |
+++ linux-2.6.31-git13/include/linux/init_task.h |
+++ linux-2.6.32-rc1/include/linux/init_task.h |
519 |
@@ -115,6 +115,14 @@ extern struct cred init_cred; |
@@ -115,6 +115,14 @@ extern struct cred init_cred; |
520 |
# define INIT_PERF_EVENTS(tsk) |
# define INIT_PERF_EVENTS(tsk) |
521 |
#endif |
#endif |
539 |
} |
} |
540 |
|
|
541 |
|
|
542 |
--- linux-2.6.31-git13.orig/include/linux/sched.h |
--- linux-2.6.32-rc1.orig/include/linux/sched.h |
543 |
+++ linux-2.6.31-git13/include/linux/sched.h |
+++ linux-2.6.32-rc1/include/linux/sched.h |
544 |
@@ -29,6 +29,8 @@ |
@@ -29,6 +29,8 @@ |
545 |
#define CLONE_NEWNET 0x40000000 /* New network namespace */ |
#define CLONE_NEWNET 0x40000000 /* New network namespace */ |
546 |
#define CLONE_IO 0x80000000 /* Clone io context */ |
#define CLONE_IO 0x80000000 /* Clone io context */ |
550 |
/* |
/* |
551 |
* Scheduling policies |
* Scheduling policies |
552 |
*/ |
*/ |
553 |
@@ -1540,6 +1542,10 @@ struct task_struct { |
@@ -1539,6 +1541,10 @@ struct task_struct { |
554 |
unsigned long trace_recursion; |
unsigned long trace_recursion; |
555 |
#endif /* CONFIG_TRACING */ |
#endif /* CONFIG_TRACING */ |
556 |
unsigned long stack_start; |
unsigned long stack_start; |
561 |
}; |
}; |
562 |
|
|
563 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
564 |
--- linux-2.6.31-git13.orig/kernel/compat.c |
--- linux-2.6.32-rc1.orig/kernel/compat.c |
565 |
+++ linux-2.6.31-git13/kernel/compat.c |
+++ linux-2.6.32-rc1/kernel/compat.c |
566 |
@@ -27,6 +27,7 @@ |
@@ -27,6 +27,7 @@ |
567 |
#include <linux/ptrace.h> |
#include <linux/ptrace.h> |
568 |
|
|
580 |
|
|
581 |
do_settimeofday(&tv); |
do_settimeofday(&tv); |
582 |
return 0; |
return 0; |
583 |
--- linux-2.6.31-git13.orig/kernel/kexec.c |
--- linux-2.6.32-rc1.orig/kernel/kexec.c |
584 |
+++ linux-2.6.31-git13/kernel/kexec.c |
+++ linux-2.6.32-rc1/kernel/kexec.c |
585 |
@@ -37,6 +37,7 @@ |
@@ -37,6 +37,7 @@ |
586 |
#include <asm/io.h> |
#include <asm/io.h> |
587 |
#include <asm/system.h> |
#include <asm/system.h> |
599 |
|
|
600 |
/* |
/* |
601 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
602 |
--- linux-2.6.31-git13.orig/kernel/kmod.c |
--- linux-2.6.32-rc1.orig/kernel/kmod.c |
603 |
+++ linux-2.6.31-git13/kernel/kmod.c |
+++ linux-2.6.32-rc1/kernel/kmod.c |
604 |
@@ -188,6 +188,11 @@ static int ____call_usermodehelper(void |
@@ -184,6 +184,11 @@ static int ____call_usermodehelper(void |
605 |
if (wait == UMH_WAIT_EXEC) |
*/ |
606 |
complete(sub_info->complete); |
set_user_nice(current, 0); |
607 |
|
|
608 |
+#ifdef CONFIG_CCSECURITY |
+#ifdef CONFIG_CCSECURITY |
609 |
+ current->ccs_domain_info = NULL; |
+ current->ccs_domain_info = NULL; |
613 |
retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
614 |
|
|
615 |
/* Exec failed? */ |
/* Exec failed? */ |
616 |
--- linux-2.6.31-git13.orig/kernel/module.c |
--- linux-2.6.32-rc1.orig/kernel/module.c |
617 |
+++ linux-2.6.31-git13/kernel/module.c |
+++ linux-2.6.32-rc1/kernel/module.c |
618 |
@@ -55,6 +55,7 @@ |
@@ -55,6 +55,7 @@ |
619 |
#include <linux/async.h> |
#include <linux/async.h> |
620 |
#include <linux/percpu.h> |
#include <linux/percpu.h> |
632 |
|
|
633 |
if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) |
if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) |
634 |
return -EFAULT; |
return -EFAULT; |
635 |
@@ -2433,6 +2436,8 @@ SYSCALL_DEFINE3(init_module, void __user |
@@ -2567,6 +2570,8 @@ SYSCALL_DEFINE3(init_module, void __user |
636 |
/* Must have permission */ |
/* Must have permission */ |
637 |
if (!capable(CAP_SYS_MODULE) || modules_disabled) |
if (!capable(CAP_SYS_MODULE) || modules_disabled) |
638 |
return -EPERM; |
return -EPERM; |
641 |
|
|
642 |
/* Only one module load at a time, please */ |
/* Only one module load at a time, please */ |
643 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
644 |
--- linux-2.6.31-git13.orig/kernel/ptrace.c |
--- linux-2.6.32-rc1.orig/kernel/ptrace.c |
645 |
+++ linux-2.6.31-git13/kernel/ptrace.c |
+++ linux-2.6.32-rc1/kernel/ptrace.c |
646 |
@@ -22,6 +22,7 @@ |
@@ -22,6 +22,7 @@ |
647 |
#include <linux/pid_namespace.h> |
#include <linux/pid_namespace.h> |
648 |
#include <linux/syscalls.h> |
#include <linux/syscalls.h> |
651 |
|
|
652 |
|
|
653 |
/* |
/* |
654 |
@@ -600,6 +601,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
@@ -603,6 +604,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
655 |
{ |
{ |
656 |
struct task_struct *child; |
struct task_struct *child; |
657 |
long ret; |
long ret; |
660 |
|
|
661 |
/* |
/* |
662 |
* This lock_kernel fixes a subtle race with suid exec |
* This lock_kernel fixes a subtle race with suid exec |
663 |
@@ -721,6 +724,8 @@ asmlinkage long compat_sys_ptrace(compat |
@@ -724,6 +727,8 @@ asmlinkage long compat_sys_ptrace(compat |
664 |
{ |
{ |
665 |
struct task_struct *child; |
struct task_struct *child; |
666 |
long ret; |
long ret; |
669 |
|
|
670 |
/* |
/* |
671 |
* This lock_kernel fixes a subtle race with suid exec |
* This lock_kernel fixes a subtle race with suid exec |
672 |
--- linux-2.6.31-git13.orig/kernel/sched.c |
--- linux-2.6.32-rc1.orig/kernel/sched.c |
673 |
+++ linux-2.6.31-git13/kernel/sched.c |
+++ linux-2.6.32-rc1/kernel/sched.c |
674 |
@@ -74,6 +74,7 @@ |
@@ -74,6 +74,7 @@ |
675 |
|
|
676 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
688 |
|
|
689 |
/* |
/* |
690 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
691 |
--- linux-2.6.31-git13.orig/kernel/signal.c |
--- linux-2.6.32-rc1.orig/kernel/signal.c |
692 |
+++ linux-2.6.31-git13/kernel/signal.c |
+++ linux-2.6.32-rc1/kernel/signal.c |
693 |
@@ -34,6 +34,7 @@ |
@@ -34,6 +34,7 @@ |
694 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
695 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
698 |
|
|
699 |
/* |
/* |
700 |
* SLAB caches for signal bits. |
* SLAB caches for signal bits. |
701 |
@@ -2276,6 +2277,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
@@ -2255,6 +2256,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
702 |
SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
703 |
{ |
{ |
704 |
struct siginfo info; |
struct siginfo info; |
707 |
|
|
708 |
info.si_signo = sig; |
info.si_signo = sig; |
709 |
info.si_errno = 0; |
info.si_errno = 0; |
710 |
@@ -2343,6 +2346,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid |
@@ -2323,6 +2326,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid |
711 |
/* This is only valid for single tasks */ |
/* This is only valid for single tasks */ |
712 |
if (pid <= 0 || tgid <= 0) |
if (pid <= 0 || tgid <= 0) |
713 |
return -EINVAL; |
return -EINVAL; |
716 |
|
|
717 |
return do_tkill(tgid, pid, sig); |
return do_tkill(tgid, pid, sig); |
718 |
} |
} |
719 |
@@ -2355,6 +2360,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int, |
@@ -2335,6 +2340,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int, |
720 |
/* This is only valid for single tasks */ |
/* This is only valid for single tasks */ |
721 |
if (pid <= 0) |
if (pid <= 0) |
722 |
return -EINVAL; |
return -EINVAL; |
725 |
|
|
726 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
727 |
} |
} |
728 |
@@ -2372,6 +2379,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t, |
@@ -2352,6 +2359,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t, |
729 |
if (info.si_code >= 0) |
if (info.si_code >= 0) |
730 |
return -EPERM; |
return -EPERM; |
731 |
info.si_signo = sig; |
info.si_signo = sig; |
734 |
|
|
735 |
/* POSIX.1b doesn't mention process groups. */ |
/* POSIX.1b doesn't mention process groups. */ |
736 |
return kill_proc_info(sig, &info, pid); |
return kill_proc_info(sig, &info, pid); |
737 |
@@ -2388,6 +2397,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi |
@@ -2368,6 +2377,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi |
738 |
if (info->si_code >= 0) |
if (info->si_code >= 0) |
739 |
return -EPERM; |
return -EPERM; |
740 |
info->si_signo = sig; |
info->si_signo = sig; |
743 |
|
|
744 |
return do_send_specific(tgid, pid, sig, info); |
return do_send_specific(tgid, pid, sig, info); |
745 |
} |
} |
746 |
--- linux-2.6.31-git13.orig/kernel/sys.c |
--- linux-2.6.32-rc1.orig/kernel/sys.c |
747 |
+++ linux-2.6.31-git13/kernel/sys.c |
+++ linux-2.6.32-rc1/kernel/sys.c |
748 |
@@ -45,6 +45,7 @@ |
@@ -45,6 +45,7 @@ |
749 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
750 |
#include <asm/io.h> |
#include <asm/io.h> |
791 |
|
|
792 |
down_write(&uts_sem); |
down_write(&uts_sem); |
793 |
errno = -EFAULT; |
errno = -EFAULT; |
794 |
--- linux-2.6.31-git13.orig/kernel/sysctl.c |
--- linux-2.6.32-rc1.orig/kernel/sysctl.c |
795 |
+++ linux-2.6.31-git13/kernel/sysctl.c |
+++ linux-2.6.32-rc1/kernel/sysctl.c |
796 |
@@ -54,6 +54,7 @@ |
@@ -53,6 +53,7 @@ |
797 |
|
|
798 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
799 |
#include <asm/processor.h> |
#include <asm/processor.h> |
801 |
|
|
802 |
#ifdef CONFIG_X86 |
#ifdef CONFIG_X86 |
803 |
#include <asm/nmi.h> |
#include <asm/nmi.h> |
804 |
@@ -1817,6 +1818,9 @@ int do_sysctl(int __user *name, int nlen |
@@ -1850,6 +1851,9 @@ int do_sysctl(int __user *name, int nlen |
805 |
|
|
806 |
for (head = sysctl_head_next(NULL); head; |
for (head = sysctl_head_next(NULL); head; |
807 |
head = sysctl_head_next(head)) { |
head = sysctl_head_next(head)) { |
811 |
error = parse_table(name, nlen, oldval, oldlenp, |
error = parse_table(name, nlen, oldval, oldlenp, |
812 |
newval, newlen, |
newval, newlen, |
813 |
head->root, head->ctl_table); |
head->root, head->ctl_table); |
814 |
--- linux-2.6.31-git13.orig/kernel/time.c |
--- linux-2.6.32-rc1.orig/kernel/time.c |
815 |
+++ linux-2.6.31-git13/kernel/time.c |
+++ linux-2.6.32-rc1/kernel/time.c |
816 |
@@ -41,6 +41,7 @@ |
@@ -41,6 +41,7 @@ |
817 |
|
|
818 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
839 |
|
|
840 |
if (tz) { |
if (tz) { |
841 |
/* SMP safe, global irq locking makes it work. */ |
/* SMP safe, global irq locking makes it work. */ |
842 |
--- linux-2.6.31-git13.orig/kernel/time/ntp.c |
--- linux-2.6.32-rc1.orig/kernel/time/ntp.c |
843 |
+++ linux-2.6.31-git13/kernel/time/ntp.c |
+++ linux-2.6.32-rc1/kernel/time/ntp.c |
844 |
@@ -14,6 +14,7 @@ |
@@ -14,6 +14,7 @@ |
845 |
#include <linux/timex.h> |
#include <linux/timex.h> |
846 |
#include <linux/time.h> |
#include <linux/time.h> |
865 |
|
|
866 |
/* |
/* |
867 |
* if the quartz is off by more than 10% then |
* if the quartz is off by more than 10% then |
868 |
--- linux-2.6.31-git13.orig/net/ipv4/inet_connection_sock.c |
--- linux-2.6.32-rc1.orig/net/ipv4/inet_connection_sock.c |
869 |
+++ linux-2.6.31-git13/net/ipv4/inet_connection_sock.c |
+++ linux-2.6.32-rc1/net/ipv4/inet_connection_sock.c |
870 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
871 |
#include <net/route.h> |
#include <net/route.h> |
872 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
884 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
885 |
if (ib_net(tb) == net && tb->port == rover) { |
if (ib_net(tb) == net && tb->port == rover) { |
886 |
if (tb->fastreuse > 0 && |
if (tb->fastreuse > 0 && |
887 |
--- linux-2.6.31-git13.orig/net/ipv4/inet_hashtables.c |
--- linux-2.6.32-rc1.orig/net/ipv4/inet_hashtables.c |
888 |
+++ linux-2.6.31-git13/net/ipv4/inet_hashtables.c |
+++ linux-2.6.32-rc1/net/ipv4/inet_hashtables.c |
889 |
@@ -22,6 +22,7 @@ |
@@ -22,6 +22,7 @@ |
890 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
891 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
903 |
head = &hinfo->bhash[inet_bhashfn(net, port, |
head = &hinfo->bhash[inet_bhashfn(net, port, |
904 |
hinfo->bhash_size)]; |
hinfo->bhash_size)]; |
905 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
906 |
--- linux-2.6.31-git13.orig/net/ipv4/raw.c |
--- linux-2.6.32-rc1.orig/net/ipv4/raw.c |
907 |
+++ linux-2.6.31-git13/net/ipv4/raw.c |
+++ linux-2.6.32-rc1/net/ipv4/raw.c |
908 |
@@ -77,6 +77,7 @@ |
@@ -77,6 +77,7 @@ |
909 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
910 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
923 |
|
|
924 |
copied = skb->len; |
copied = skb->len; |
925 |
if (len < copied) { |
if (len < copied) { |
926 |
--- linux-2.6.31-git13.orig/net/ipv4/udp.c |
--- linux-2.6.32-rc1.orig/net/ipv4/udp.c |
927 |
+++ linux-2.6.31-git13/net/ipv4/udp.c |
+++ linux-2.6.32-rc1/net/ipv4/udp.c |
928 |
@@ -105,6 +105,7 @@ |
@@ -105,6 +105,7 @@ |
929 |
#include <net/checksum.h> |
#include <net/checksum.h> |
930 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
953 |
|
|
954 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
955 |
copied = len; |
copied = len; |
956 |
--- linux-2.6.31-git13.orig/net/ipv6/raw.c |
--- linux-2.6.32-rc1.orig/net/ipv6/raw.c |
957 |
+++ linux-2.6.31-git13/net/ipv6/raw.c |
+++ linux-2.6.32-rc1/net/ipv6/raw.c |
958 |
@@ -59,6 +59,7 @@ |
@@ -59,6 +59,7 @@ |
959 |
|
|
960 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
973 |
|
|
974 |
copied = skb->len; |
copied = skb->len; |
975 |
if (copied > len) { |
if (copied > len) { |
976 |
--- linux-2.6.31-git13.orig/net/ipv6/udp.c |
--- linux-2.6.32-rc1.orig/net/ipv6/udp.c |
977 |
+++ linux-2.6.31-git13/net/ipv6/udp.c |
+++ linux-2.6.32-rc1/net/ipv6/udp.c |
978 |
@@ -48,6 +48,7 @@ |
@@ -48,6 +48,7 @@ |
979 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
980 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
993 |
|
|
994 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
995 |
copied = len; |
copied = len; |
996 |
--- linux-2.6.31-git13.orig/net/socket.c |
--- linux-2.6.32-rc1.orig/net/socket.c |
997 |
+++ linux-2.6.31-git13/net/socket.c |
+++ linux-2.6.32-rc1/net/socket.c |
998 |
@@ -97,6 +97,8 @@ |
@@ -97,6 +97,8 @@ |
999 |
#include <net/sock.h> |
#include <net/sock.h> |
1000 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1067 |
if (err) |
if (err) |
1068 |
goto out_put; |
goto out_put; |
1069 |
|
|
1070 |
--- linux-2.6.31-git13.orig/net/unix/af_unix.c |
--- linux-2.6.32-rc1.orig/net/unix/af_unix.c |
1071 |
+++ linux-2.6.31-git13/net/unix/af_unix.c |
+++ linux-2.6.32-rc1/net/unix/af_unix.c |
1072 |
@@ -114,6 +114,7 @@ |
@@ -114,6 +114,7 @@ |
1073 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1074 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1088 |
if (err) |
if (err) |
1089 |
goto out_mknod_drop_write; |
goto out_mknod_drop_write; |
1090 |
err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0); |
1091 |
--- linux-2.6.31-git13.orig/security/Kconfig |
--- linux-2.6.32-rc1.orig/security/Kconfig |
1092 |
+++ linux-2.6.31-git13/security/Kconfig |
+++ linux-2.6.32-rc1/security/Kconfig |
1093 |
@@ -165,5 +165,7 @@ source security/tomoyo/Kconfig |
@@ -165,5 +165,7 @@ source security/tomoyo/Kconfig |
1094 |
|
|
1095 |
source security/integrity/ima/Kconfig |
source security/integrity/ima/Kconfig |
1098 |
+ |
+ |
1099 |
endmenu |
endmenu |
1100 |
|
|
1101 |
--- linux-2.6.31-git13.orig/security/Makefile |
--- linux-2.6.32-rc1.orig/security/Makefile |
1102 |
+++ linux-2.6.31-git13/security/Makefile |
+++ linux-2.6.32-rc1/security/Makefile |
1103 |
@@ -24,3 +24,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
@@ -24,3 +24,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
1104 |
# Object integrity file lists |
# Object integrity file lists |
1105 |
subdir-$(CONFIG_IMA) += integrity/ima |
subdir-$(CONFIG_IMA) += integrity/ima |