1 |
Peter, |
2 |
|
3 |
First, thanks for taking the time to look at the hardened-sources so |
4 |
thoroughly. I appreciate the comments. For those of you that don't |
5 |
know me, |
6 |
I've been helping out with hardened-sources and have worked on the |
7 |
patchsets for 2.4.21 and 2.4.22. |
8 |
|
9 |
Point #0 |
10 |
-------- |
11 |
|
12 |
I agree that the original patch naming/versioning should appear in the |
13 |
patch |
14 |
file name. I'm really not sure why I didn't name the ckbase patch |
15 |
using that |
16 |
convention, but I seem to have followed that convention with the |
17 |
majority of |
18 |
the other patches. |
19 |
|
20 |
Point #1 |
21 |
-------- |
22 |
|
23 |
For the diff of sched.c, this seems to be a side effect of an earlier |
24 |
version |
25 |
of the ck-base patch. In fact, it looks like the latest patch changes |
26 |
this |
27 |
yet again from (p)->sleep_timestamp to (p)->timestamp. |
28 |
|
29 |
For your diff of sys.c, that is definitely not good. My source tree |
30 |
still |
31 |
shows set_user() as static and it should be static. |
32 |
|
33 |
Making it non-static, as you probably know, would allow a it to be |
34 |
called from anywhere in the kernel. I'm probably just being paranoid |
35 |
because |
36 |
of the recent backdoor attempt against the bk-kernel tree, but I'd |
37 |
verify your |
38 |
checksums and make sure someone isn't fooling around with your sources. |
39 |
I |
40 |
have the following: |
41 |
|
42 |
MD5 75dc85149b06ac9432106b8941eb9f7b linux-2.4.22.tar.bz2 29528612 |
43 |
MD5 cb58e57bf9c2115eb71745761209df97 patches-2.4.22-hardened.tar.bz2 |
44 |
2592916 |
45 |
|
46 |
As for naming the patches, I'm not sure about the extra slots. Given |
47 |
the |
48 |
number of colliding patches and the complexity of them, I've been |
49 |
leaning |
50 |
toward tagging any fixes at the end of the patch chain, to make sure |
51 |
the fix |
52 |
does not either get reversed by a subsequent patch or break the |
53 |
following |
54 |
patches in the chain. |
55 |
|
56 |
I've been trying to come up with a better order for the patches in |
57 |
hardened-sources. For 2.4.23 I was thinking of taking a different |
58 |
approach, |
59 |
namely, apply all of the common patches used by both the grsec and |
60 |
selinux |
61 |
branches of the kernel, then apply the grsec/selinux specific patches. |
62 |
|
63 |
It will make applying both the grsec and selinux patches fail horribly, |
64 |
but |
65 |
after having gone through both 2.4.21 and 2.4.22, they both fail |
66 |
horribly |
67 |
already with where they are now in the patch chain. I don't think it |
68 |
will be |
69 |
that much more work to apply them last and that will, hopefully, let us |
70 |
keep |
71 |
nearly all the other patches in their original form. Feedback on this |
72 |
approach is welcome. |
73 |
|
74 |
Point #2: |
75 |
-------- |
76 |
|
77 |
The ea-acl-nfs patch I used has: |
78 |
|
79 |
/* |
80 |
* The swap-out function returns 1 if it successfully |
81 |
* scanned all the pages it was asked to (`count'). |
82 |
* It returns zero if it couldn't do anything, |
83 |
@@ -598,6 +642,7 @@ |
84 |
#ifdef CONFIG_QUOTA |
85 |
shrink_dqcache_memory(DEF_PRIORITY, gfp_mask); |
86 |
#endif |
87 |
+ shrink_other_caches(priority, gfp_mask); |
88 |
|
89 |
return nr_pages; |
90 |
} |
91 |
|
92 |
So, this may be due to an older version of that patch. |
93 |
|
94 |
Point #3 |
95 |
-------- |
96 |
|
97 |
This is interesting. This spot in mmap.c is one of the places where |
98 |
there |
99 |
are quite a few patch collisions. |
100 |
|
101 |
After the ck patch the code should look like: |
102 |
|
103 |
remove_shared_vm_struct(mpnt); |
104 |
mm->map_count--; |
105 |
|
106 |
zap_page_range(mm, st, size, ZPR_COND_RESCHED); /* sys_munmap() */ |
107 |
|
108 |
PAX (via grsec and selinux+pax) wants it to look like this: |
109 |
|
110 |
remove_shared_vm_struct(mpnt); |
111 |
zap_page_range(mm, st, size); |
112 |
|
113 |
So, it looks like the proper thing to do is: |
114 |
|
115 |
zap_page_range(mm, st, size, ZPR_COND_RESCHED); /* sys_munmap() */ |
116 |
|
117 |
and not: |
118 |
|
119 |
zap_page_range(mm, st, size, 0); |
120 |
|
121 |
You probably have something here. I'm having trouble thinking of why I |
122 |
may have done this, but it's late. It may be the case that I wanted to |
123 |
be more conservative here since PAX splits munmap into two parts and |
124 |
that |
125 |
is a fairly big change to mix in with the low latency patch. But I'm |
126 |
probably over analyzing because it's late and I'm just as likely to have |
127 |
missed it while resolving a patch reject. :) |
128 |
|
129 |
Point #4 |
130 |
-------- |
131 |
|
132 |
I'm not sure if there is anything special about the guard or not. |
133 |
Maybe Matt |
134 |
(frogger) can comment on this as he is the hardened propolice guru. The |
135 |
cleanup portion of your patch seems fine. :) |
136 |
|
137 |
Thanks, |
138 |
|
139 |
-Phil |
140 |
|
141 |
|
142 |
-- |
143 |
gentoo-hardened@g.o mailing list |