| 1 |
Peter, |
| 2 |
|
| 3 |
First, thanks for taking the time to look at the hardened-sources so |
| 4 |
thoroughly. I appreciate the comments. For those of you that don't |
| 5 |
know me, |
| 6 |
I've been helping out with hardened-sources and have worked on the |
| 7 |
patchsets for 2.4.21 and 2.4.22. |
| 8 |
|
| 9 |
Point #0 |
| 10 |
-------- |
| 11 |
|
| 12 |
I agree that the original patch naming/versioning should appear in the |
| 13 |
patch |
| 14 |
file name. I'm really not sure why I didn't name the ckbase patch |
| 15 |
using that |
| 16 |
convention, but I seem to have followed that convention with the |
| 17 |
majority of |
| 18 |
the other patches. |
| 19 |
|
| 20 |
Point #1 |
| 21 |
-------- |
| 22 |
|
| 23 |
For the diff of sched.c, this seems to be a side effect of an earlier |
| 24 |
version |
| 25 |
of the ck-base patch. In fact, it looks like the latest patch changes |
| 26 |
this |
| 27 |
yet again from (p)->sleep_timestamp to (p)->timestamp. |
| 28 |
|
| 29 |
For your diff of sys.c, that is definitely not good. My source tree |
| 30 |
still |
| 31 |
shows set_user() as static and it should be static. |
| 32 |
|
| 33 |
Making it non-static, as you probably know, would allow a it to be |
| 34 |
called from anywhere in the kernel. I'm probably just being paranoid |
| 35 |
because |
| 36 |
of the recent backdoor attempt against the bk-kernel tree, but I'd |
| 37 |
verify your |
| 38 |
checksums and make sure someone isn't fooling around with your sources. |
| 39 |
I |
| 40 |
have the following: |
| 41 |
|
| 42 |
MD5 75dc85149b06ac9432106b8941eb9f7b linux-2.4.22.tar.bz2 29528612 |
| 43 |
MD5 cb58e57bf9c2115eb71745761209df97 patches-2.4.22-hardened.tar.bz2 |
| 44 |
2592916 |
| 45 |
|
| 46 |
As for naming the patches, I'm not sure about the extra slots. Given |
| 47 |
the |
| 48 |
number of colliding patches and the complexity of them, I've been |
| 49 |
leaning |
| 50 |
toward tagging any fixes at the end of the patch chain, to make sure |
| 51 |
the fix |
| 52 |
does not either get reversed by a subsequent patch or break the |
| 53 |
following |
| 54 |
patches in the chain. |
| 55 |
|
| 56 |
I've been trying to come up with a better order for the patches in |
| 57 |
hardened-sources. For 2.4.23 I was thinking of taking a different |
| 58 |
approach, |
| 59 |
namely, apply all of the common patches used by both the grsec and |
| 60 |
selinux |
| 61 |
branches of the kernel, then apply the grsec/selinux specific patches. |
| 62 |
|
| 63 |
It will make applying both the grsec and selinux patches fail horribly, |
| 64 |
but |
| 65 |
after having gone through both 2.4.21 and 2.4.22, they both fail |
| 66 |
horribly |
| 67 |
already with where they are now in the patch chain. I don't think it |
| 68 |
will be |
| 69 |
that much more work to apply them last and that will, hopefully, let us |
| 70 |
keep |
| 71 |
nearly all the other patches in their original form. Feedback on this |
| 72 |
approach is welcome. |
| 73 |
|
| 74 |
Point #2: |
| 75 |
-------- |
| 76 |
|
| 77 |
The ea-acl-nfs patch I used has: |
| 78 |
|
| 79 |
/* |
| 80 |
* The swap-out function returns 1 if it successfully |
| 81 |
* scanned all the pages it was asked to (`count'). |
| 82 |
* It returns zero if it couldn't do anything, |
| 83 |
@@ -598,6 +642,7 @@ |
| 84 |
#ifdef CONFIG_QUOTA |
| 85 |
shrink_dqcache_memory(DEF_PRIORITY, gfp_mask); |
| 86 |
#endif |
| 87 |
+ shrink_other_caches(priority, gfp_mask); |
| 88 |
|
| 89 |
return nr_pages; |
| 90 |
} |
| 91 |
|
| 92 |
So, this may be due to an older version of that patch. |
| 93 |
|
| 94 |
Point #3 |
| 95 |
-------- |
| 96 |
|
| 97 |
This is interesting. This spot in mmap.c is one of the places where |
| 98 |
there |
| 99 |
are quite a few patch collisions. |
| 100 |
|
| 101 |
After the ck patch the code should look like: |
| 102 |
|
| 103 |
remove_shared_vm_struct(mpnt); |
| 104 |
mm->map_count--; |
| 105 |
|
| 106 |
zap_page_range(mm, st, size, ZPR_COND_RESCHED); /* sys_munmap() */ |
| 107 |
|
| 108 |
PAX (via grsec and selinux+pax) wants it to look like this: |
| 109 |
|
| 110 |
remove_shared_vm_struct(mpnt); |
| 111 |
zap_page_range(mm, st, size); |
| 112 |
|
| 113 |
So, it looks like the proper thing to do is: |
| 114 |
|
| 115 |
zap_page_range(mm, st, size, ZPR_COND_RESCHED); /* sys_munmap() */ |
| 116 |
|
| 117 |
and not: |
| 118 |
|
| 119 |
zap_page_range(mm, st, size, 0); |
| 120 |
|
| 121 |
You probably have something here. I'm having trouble thinking of why I |
| 122 |
may have done this, but it's late. It may be the case that I wanted to |
| 123 |
be more conservative here since PAX splits munmap into two parts and |
| 124 |
that |
| 125 |
is a fairly big change to mix in with the low latency patch. But I'm |
| 126 |
probably over analyzing because it's late and I'm just as likely to have |
| 127 |
missed it while resolving a patch reject. :) |
| 128 |
|
| 129 |
Point #4 |
| 130 |
-------- |
| 131 |
|
| 132 |
I'm not sure if there is anything special about the guard or not. |
| 133 |
Maybe Matt |
| 134 |
(frogger) can comment on this as he is the hardened propolice guru. The |
| 135 |
cleanup portion of your patch seems fine. :) |
| 136 |
|
| 137 |
Thanks, |
| 138 |
|
| 139 |
-Phil |
| 140 |
|
| 141 |
|
| 142 |
-- |
| 143 |
gentoo-hardened@g.o mailing list |
Archives