1 |
Hello! |
2 |
|
3 |
Sorry for cross-posting, some part is related to dev, some to hardened |
4 |
only. |
5 |
|
6 |
0. I propose using the versions of "original" patches in the name of the |
7 |
applied patches (like 001_originalname), so tracking diffs/updates is |
8 |
easier. |
9 |
Also, if one original patch is applying cleanly (as the ck/eaacl patches), |
10 |
then use the original (numbered with xx0_name) and add the changes as |
11 |
separate patches (xx1_name-version, xx2_name-version) |
12 |
|
13 |
I have compared the patches from hardened with the originals. Please |
14 |
comment on the described patches for 2.,3., if they are needed, and |
15 |
solution for the warning in 4. |
16 |
|
17 |
1. O1/Lowlatency/Preemptive from ck (200309132043-ck2) diffed to hardened |
18 |
(patch OK) |
19 |
|
20 |
--- linux-2.4.22.orig/kernel/sched.c Wed Nov 5 12:31:13 2003 |
21 |
+++ linux-2.4.22/kernel/sched.c Wed Nov 5 12:31:43 2003 |
22 |
@@ -1033,7 +1033,7 @@ |
23 |
*/ |
24 |
|
25 |
#define CAN_MIGRATE_TASK(p,rq,this_cpu) \ |
26 |
- ((jiffies - (p)->sleep_timestamp > cache_decay_ticks) && \ |
27 |
+ ((jiffies - (p)->sleep_avg > cache_decay_ticks) && \ |
28 |
!task_running(rq, p) && \ |
29 |
((p)->cpus_allowed & (1UL << (this_cpu)))) |
30 |
|
31 |
So for our case (use 3 characters, to have enough free slots for addons) |
32 |
101_patch-2.4.22-1000-ckbase-0309132043.bz2 |
33 |
102_<the_diff_above> |
34 |
103_<the_diff_below>, consider applying it. |
35 |
Patch needed (O1) |
36 |
--- kernel/sys.c.mps Tue Sep 2 15:29:26 2003 |
37 |
+++ kernel/sys.c Tue Sep 2 15:30:06 2003 |
38 |
@@ -520,7 +520,7 @@ |
39 |
} |
40 |
} |
41 |
|
42 |
-static int set_user(uid_t new_ruid, int dumpclear) |
43 |
+int set_user(uid_t new_ruid, int dumpclear) |
44 |
{ |
45 |
struct user_struct *new_user, *old_user; |
46 |
|
47 |
|
48 |
|
49 |
2. EA/ACL |
50 |
for our case |
51 |
121_ea+acl+nfsacl-2.4.22-0.8.64.diff.gz |
52 |
122_<maybe_the_patch_below> |
53 |
The diff is to intrusive, so that I can't say, if you've done changes to |
54 |
it, but 0.8.64 is newer then the one applied (see attached eaacl.dif, |
55 |
you can reverse apply it, or better, take the original), some bugs |
56 |
(intermezzo, nfs) solved |
57 |
|
58 |
I have though found this diff (and I am not sure if it has to be applied |
59 |
(could be related to the eaaclnfs update) |
60 |
|
61 |
diff -urN linux-2.4.22.orig/mm/vmscan.c linux-2.4.22/mm/vmscan.c |
62 |
--- linux-2.4.22.orig/mm/vmscan.c Wed Nov 5 22:33:41 2003 |
63 |
+++ linux-2.4.22/mm/vmscan.c Wed Nov 5 22:35:32 2003 |
64 |
@@ -642,7 +642,7 @@ |
65 |
#ifdef CONFIG_QUOTA |
66 |
shrink_dqcache_memory(DEF_PRIORITY, gfp_mask); |
67 |
#endif |
68 |
- shrink_other_caches(DEF_PRIORITY, gfp_mask); |
69 |
+ shrink_other_caches(priority, gfp_mask); |
70 |
|
71 |
return nr_pages; |
72 |
} |
73 |
|
74 |
3. grsecurity |
75 |
Due to the fact that it won't apply after O1 and EA/ACL, it has to be |
76 |
changed (well, I prefer patching the original patch and apply cleanly, so |
77 |
I track all the changes, if some wants to go this way, I can supply the |
78 |
needed patches for grsecurity after O1 scheduler, lowlatency, eaacl) |
79 |
If you change the original patch, then name it xxx_origname_gentoo (and |
80 |
comment the changes done, for example: changed vfs_create/vfs_mkdir in |
81 |
fs/namei.c for POSIX_ACL) |
82 |
|
83 |
I found this diff between my version and yours |
84 |
diff -urN linux-2.4.22.orig/mm/mmap.c linux-2.4.22/mm/mmap.c |
85 |
--- linux-2.4.22.orig/mm/mmap.c Wed Nov 5 14:08:53 2003 |
86 |
+++ linux-2.4.22/mm/mmap.c Wed Nov 5 14:09:42 2003 |
87 |
@@ -1045,7 +1045,7 @@ |
88 |
atomic_dec(&file->f_dentry->d_inode->i_writecount); |
89 |
} |
90 |
remove_shared_vm_struct(mpnt); |
91 |
- zap_page_range(mm, st, size, ZPR_COND_RESCHED); /* sys_munmap() */ |
92 |
+ zap_page_range(mm, st, size, 0); |
93 |
|
94 |
/* |
95 |
* Fix the mapping, and free the old area if it wasn't reused. |
96 |
|
97 |
Is this diff necessary? (related to the lowlatency patch from ck) |
98 |
|
99 |
4. Propolice |
100 |
The patch attached is a cleanup of lib/propolice.c (include kernel.h, |
101 |
typo), one warning remaining regarding unsupported characters in __guard. |
102 |
How to solve this one? |
103 |
|
104 |
|
105 |
Thanks, Peter |
106 |
|
107 |
-- |
108 |
Peter S. Mazinger <ps.m@×××.net> ID: 0xA5F059F2 NIC: IXUYHSKQLI |
109 |
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2 |
110 |
|
111 |
____________________________________________________________________ |
112 |
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol. |
113 |
Probald ki most! http://www.freestart.hu |