Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-09-11 12:18:49 -0400
committerAnthony G. Basile <blueness@gentoo.org>2012-09-11 12:18:49 -0400
commit5cec591f0e85403b2ce0182ffd9c0bea6efc93a8 (patch)
tree829f575e9518189c1effbbb7742139260375e15e
parentGrsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.3}-201209062131 (diff)
downloadhardened-patchset-5cec591f0e85403b2ce0182ffd9c0bea6efc93a8.tar.gz
hardened-patchset-5cec591f0e85403b2ce0182ffd9c0bea6efc93a8.tar.bz2
hardened-patchset-5cec591f0e85403b2ce0182ffd9c0bea6efc93a8.zip
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.3}-20120910183020120910
Diffstat
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201209101829.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201209062129.patch)99
-rw-r--r--3.2.28/0000_README2
-rw-r--r--3.2.28/4420_grsecurity-2.9.1-3.2.28-201209101830.patch (renamed from 3.2.28/4420_grsecurity-2.9.1-3.2.28-201209062131.patch)59
-rw-r--r--3.5.3/0000_README2
-rw-r--r--3.5.3/4420_grsecurity-2.9.1-3.5.3-201209101830.patch (renamed from 3.5.3/4420_grsecurity-2.9.1-3.5.3-201209062131.patch)81
6 files changed, 146 insertions, 99 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 6210bbc..186798a 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.59-201209062129.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.59-201209101829.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201209062129.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201209101829.patch
index 89a32c4..83e390b 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201209062129.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201209101829.patch
@@ -72484,7 +72484,7 @@ index ec88ff3..b843a82 100644
cache->c_bucket_bits = bucket_bits;
#ifdef MB_CACHE_INDEXES_COUNT
diff --git a/fs/namei.c b/fs/namei.c
-index b0afbd4..e3fc8f4 100644
+index b0afbd4..e6236df 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -224,6 +224,14 @@ int generic_permission(struct inode *inode, int mask,
@@ -72540,13 +72540,13 @@ index b0afbd4..e3fc8f4 100644
dentry->d_inode->i_op->put_link(dentry, nd, cookie);
}
+
-+ if (!error && !(nd->flags & LOOKUP_PARENT) && gr_handle_symlink_owner(path, nd->path.dentry->d_inode))
++ if (!error && (nd->flags & LOOKUP_SYMLINKOWN) && gr_handle_symlink_owner(path, nd->path.dentry->d_inode))
+ error = -EACCES;
+
path_put(path);
return error;
-@@ -669,6 +674,13 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
+@@ -669,9 +674,17 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
@@ -72560,7 +72560,11 @@ index b0afbd4..e3fc8f4 100644
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1016,11 +1028,19 @@ return_reval:
++ nd->flags |= LOOKUP_SYMLINKOWN;
+ err = __do_follow_link(path, nd);
+ current->link_count--;
+ nd->depth--;
+@@ -1016,11 +1029,19 @@ return_reval:
break;
}
return_base:
@@ -72580,7 +72584,7 @@ index b0afbd4..e3fc8f4 100644
path_put(&nd->path);
return_err:
return err;
-@@ -1091,13 +1111,20 @@ static int do_path_lookup(int dfd, const char *name,
+@@ -1091,13 +1112,20 @@ static int do_path_lookup(int dfd, const char *name,
int retval = path_init(dfd, name, flags, nd);
if (!retval)
retval = path_walk(name, nd);
@@ -72604,7 +72608,7 @@ index b0afbd4..e3fc8f4 100644
return retval;
}
-@@ -1576,6 +1603,20 @@ int may_open(struct path *path, int acc_mode, int flag)
+@@ -1576,6 +1604,20 @@ int may_open(struct path *path, int acc_mode, int flag)
if (error)
goto err_out;
@@ -72625,7 +72629,7 @@ index b0afbd4..e3fc8f4 100644
if (flag & O_TRUNC) {
error = get_write_access(inode);
if (error)
-@@ -1620,6 +1661,17 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
+@@ -1620,6 +1662,17 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
{
int error;
struct dentry *dir = nd->path.dentry;
@@ -72643,7 +72647,7 @@ index b0afbd4..e3fc8f4 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
-@@ -1627,6 +1679,8 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
+@@ -1627,6 +1680,8 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
if (error)
goto out_unlock;
error = vfs_create(dir->d_inode, path->dentry, mode, nd);
@@ -72652,7 +72656,7 @@ index b0afbd4..e3fc8f4 100644
out_unlock:
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
-@@ -1684,6 +1738,7 @@ struct file *do_filp_open(int dfd, const char *pathname,
+@@ -1684,6 +1739,7 @@ struct file *do_filp_open(int dfd, const char *pathname,
struct nameidata nd;
int error;
struct path path;
@@ -72660,7 +72664,7 @@ index b0afbd4..e3fc8f4 100644
struct dentry *dir;
int count = 0;
int will_write;
-@@ -1709,6 +1764,22 @@ struct file *do_filp_open(int dfd, const char *pathname,
+@@ -1709,6 +1765,22 @@ struct file *do_filp_open(int dfd, const char *pathname,
&nd, flag);
if (error)
return ERR_PTR(error);
@@ -72683,7 +72687,7 @@ index b0afbd4..e3fc8f4 100644
goto ok;
}
-@@ -1795,6 +1866,19 @@ do_last:
+@@ -1795,6 +1867,19 @@ do_last:
/*
* It already exists.
*/
@@ -72703,7 +72707,7 @@ index b0afbd4..e3fc8f4 100644
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path.dentry);
-@@ -1887,6 +1971,13 @@ do_link:
+@@ -1887,6 +1972,14 @@ do_link:
error = security_inode_follow_link(path.dentry, &nd);
if (error)
goto exit_dput;
@@ -72714,10 +72718,11 @@ index b0afbd4..e3fc8f4 100644
+ goto exit_dput;
+ }
+
++ nd.flags &= ~LOOKUP_SYMLINKOWN;
error = __do_follow_link(&path, &nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -1915,9 +2006,15 @@ do_link:
+@@ -1915,9 +2008,24 @@ do_link:
}
dir = nd.path.dentry;
mutex_lock(&dir->d_inode->i_mutex);
@@ -72726,14 +72731,23 @@ index b0afbd4..e3fc8f4 100644
path.dentry = lookup_hash(&nd);
path.mnt = nd.path.mnt;
__putname(nd.last.name);
-+ if (!IS_ERR(path.dentry) && gr_handle_symlink_owner(&link_path, path.dentry->d_inode)) {
-+ error = -EACCES;
-+ goto exit_mutex_unlock;
++
++ /* if the last path component resolved by the symlink exists, then check ownership against that
++ if it doesn't, we're trying to create it, check ownership against its directory
++ */
++ if (!IS_ERR(path.dentry) && !IS_ERR(nd.intent.open.file)) {
++ if (path.dentry->d_inode && gr_handle_symlink_owner(&link_path, path.dentry->d_inode)) {
++ error = -EACCES;
++ goto exit_mutex_unlock;
++ } else if (!path.dentry->d_inode && gr_handle_symlink_owner(&link_path, dir->d_inode)) {
++ error = -EACCES;
++ goto exit_mutex_unlock;
++ }
+ }
goto do_last;
}
-@@ -1984,6 +2081,10 @@ struct dentry *lookup_create(struct nameidata *nd, int is_dir)
+@@ -1984,6 +2092,10 @@ struct dentry *lookup_create(struct nameidata *nd, int is_dir)
}
return dentry;
eexist:
@@ -72744,7 +72758,7 @@ index b0afbd4..e3fc8f4 100644
dput(dentry);
dentry = ERR_PTR(-EEXIST);
fail:
-@@ -2061,6 +2162,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2061,6 +2173,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
error = may_mknod(mode);
if (error)
goto out_dput;
@@ -72762,7 +72776,7 @@ index b0afbd4..e3fc8f4 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2081,6 +2193,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2081,6 +2204,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
}
out_drop_write:
mnt_drop_write(nd.path.mnt);
@@ -72772,7 +72786,7 @@ index b0afbd4..e3fc8f4 100644
out_dput:
dput(dentry);
out_unlock:
-@@ -2134,6 +2249,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
+@@ -2134,6 +2260,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
if (IS_ERR(dentry))
goto out_unlock;
@@ -72784,7 +72798,7 @@ index b0afbd4..e3fc8f4 100644
if (!IS_POSIXACL(nd.path.dentry->d_inode))
mode &= ~current_umask();
error = mnt_want_write(nd.path.mnt);
-@@ -2145,6 +2265,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
+@@ -2145,6 +2276,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
out_drop_write:
mnt_drop_write(nd.path.mnt);
@@ -72795,7 +72809,7 @@ index b0afbd4..e3fc8f4 100644
out_dput:
dput(dentry);
out_unlock:
-@@ -2226,6 +2350,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2226,6 +2361,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -72804,7 +72818,7 @@ index b0afbd4..e3fc8f4 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2250,6 +2376,17 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2250,6 +2387,17 @@ static long do_rmdir(int dfd, const char __user *pathname)
error = PTR_ERR(dentry);
if (IS_ERR(dentry))
goto exit2;
@@ -72822,7 +72836,7 @@ index b0afbd4..e3fc8f4 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2257,6 +2394,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2257,6 +2405,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -72831,7 +72845,7 @@ index b0afbd4..e3fc8f4 100644
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2318,6 +2457,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2318,6 +2468,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
@@ -72840,7 +72854,7 @@ index b0afbd4..e3fc8f4 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2337,8 +2478,19 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2337,8 +2489,19 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (nd.last.name[nd.last.len])
goto slashes;
inode = dentry->d_inode;
@@ -72861,7 +72875,7 @@ index b0afbd4..e3fc8f4 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2346,6 +2498,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2346,6 +2509,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -72870,7 +72884,7 @@ index b0afbd4..e3fc8f4 100644
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2424,6 +2578,11 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -2424,6 +2589,11 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
if (IS_ERR(dentry))
goto out_unlock;
@@ -72882,7 +72896,7 @@ index b0afbd4..e3fc8f4 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2431,6 +2590,8 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -2431,6 +2601,8 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
if (error)
goto out_drop_write;
error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
@@ -72891,7 +72905,7 @@ index b0afbd4..e3fc8f4 100644
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -2524,6 +2685,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2524,6 +2696,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out_unlock;
@@ -72912,7 +72926,7 @@ index b0afbd4..e3fc8f4 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2531,6 +2706,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2531,6 +2717,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
if (error)
goto out_drop_write;
error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
@@ -72921,7 +72935,7 @@ index b0afbd4..e3fc8f4 100644
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -2708,6 +2885,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -2708,6 +2896,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
char *to;
int error;
@@ -72930,7 +72944,7 @@ index b0afbd4..e3fc8f4 100644
error = user_path_parent(olddfd, oldname, &oldnd, &from);
if (error)
goto exit;
-@@ -2764,6 +2943,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -2764,6 +2954,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
if (new_dentry == trap)
goto exit5;
@@ -72943,7 +72957,7 @@ index b0afbd4..e3fc8f4 100644
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -2773,6 +2958,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -2773,6 +2969,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
@@ -72953,7 +72967,7 @@ index b0afbd4..e3fc8f4 100644
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -2798,6 +2986,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -2798,6 +2997,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -72962,7 +72976,7 @@ index b0afbd4..e3fc8f4 100644
int len;
len = PTR_ERR(link);
-@@ -2807,7 +2997,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -2807,7 +3008,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -90173,7 +90187,7 @@ index 878cab4..c92cb3e 100644
#ifdef CONFIG_DEBUG_MUTEXES
const char *name;
diff --git a/include/linux/namei.h b/include/linux/namei.h
-index ec0f607..d19e675 100644
+index ec0f607..fa088ac4 100644
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
@@ -22,7 +22,7 @@ struct nameidata {
@@ -90185,7 +90199,16 @@ index ec0f607..d19e675 100644
/* Intent data */
union {
-@@ -84,12 +84,12 @@ extern int follow_up(struct path *);
+@@ -49,6 +49,8 @@ enum {LAST_NORM, LAST_ROOT, LAST_DOT, LAST_DOTDOT, LAST_BIND};
+ #define LOOKUP_CONTINUE 4
+ #define LOOKUP_PARENT 16
+ #define LOOKUP_REVAL 64
++#define LOOKUP_SYMLINKOWN 128
++
+ /*
+ * Intent data
+ */
+@@ -84,12 +86,12 @@ extern int follow_up(struct path *);
extern struct dentry *lock_rename(struct dentry *, struct dentry *);
extern void unlock_rename(struct dentry *, struct dentry *);
diff --git a/3.2.28/0000_README b/3.2.28/0000_README
index 839467e..d624bbd 100644
--- a/3.2.28/0000_README
+++ b/3.2.28/0000_README
@@ -30,7 +30,7 @@ Patch: 1027_linux-3.2.28.patch
From: http://www.kernel.org
Desc: Linux 3.2.28
-Patch: 4420_grsecurity-2.9.1-3.2.28-201209062131.patch
+Patch: 4420_grsecurity-2.9.1-3.2.28-201209101830.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201209062131.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201209101830.patch
index 22eeec5..e92d98d 100644
--- a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201209062131.patch
+++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201209101830.patch
@@ -47613,7 +47613,7 @@ index fcc50ab..c3dacf2 100644
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 9680cef..8af5ce7 100644
+index 9680cef..1abcb10 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -47851,11 +47851,16 @@ index 9680cef..8af5ce7 100644
audit_inode(pathname, nd->path.dentry);
goto ok;
}
-@@ -2180,6 +2278,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2180,6 +2278,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
int mode = op->mode;
+
++ if (link && gr_handle_symlink_owner(link, dir->d_inode)) {
++ error = -EACCES;
++ goto exit_mutex_unlock;
++ }
++
+ if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, path->mnt, open_flag, acc_mode, mode)) {
+ error = -EACCES;
+ goto exit_mutex_unlock;
@@ -47864,7 +47869,7 @@ index 9680cef..8af5ce7 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2203,6 +2307,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2203,6 +2312,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = vfs_create(dir->d_inode, dentry, mode, nd);
if (error)
goto exit_mutex_unlock;
@@ -47873,7 +47878,7 @@ index 9680cef..8af5ce7 100644
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
nd->path.dentry = dentry;
-@@ -2212,6 +2318,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2212,6 +2323,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
/*
* It already exists.
*/
@@ -47893,7 +47898,7 @@ index 9680cef..8af5ce7 100644
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2230,11 +2349,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2230,11 +2354,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
if (!path->dentry->d_inode)
goto exit_dput;
@@ -47912,7 +47917,7 @@ index 9680cef..8af5ce7 100644
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
error = complete_walk(nd);
if (error)
-@@ -2242,6 +2367,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2242,6 +2372,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = -EISDIR;
if (S_ISDIR(nd->inode->i_mode))
goto exit;
@@ -47925,7 +47930,7 @@ index 9680cef..8af5ce7 100644
ok:
if (!S_ISREG(nd->inode->i_mode))
will_truncate = 0;
-@@ -2314,7 +2445,7 @@ static struct file *path_openat(int dfd, const char *pathname,
+@@ -2314,7 +2450,7 @@ static struct file *path_openat(int dfd, const char *pathname,
if (unlikely(error))
goto out_filp;
@@ -47934,7 +47939,7 @@ index 9680cef..8af5ce7 100644
while (unlikely(!filp)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -2329,8 +2460,9 @@ static struct file *path_openat(int dfd, const char *pathname,
+@@ -2329,8 +2465,9 @@ static struct file *path_openat(int dfd, const char *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
filp = ERR_PTR(error);
@@ -47946,7 +47951,7 @@ index 9680cef..8af5ce7 100644
put_link(nd, &link, cookie);
}
out:
-@@ -2424,6 +2556,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
+@@ -2424,6 +2561,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
*path = nd.path;
return dentry;
eexist:
@@ -47958,7 +47963,7 @@ index 9680cef..8af5ce7 100644
dput(dentry);
dentry = ERR_PTR(-EEXIST);
fail:
-@@ -2446,6 +2583,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
+@@ -2446,6 +2588,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
}
EXPORT_SYMBOL(user_path_create);
@@ -47979,7 +47984,7 @@ index 9680cef..8af5ce7 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -2513,6 +2664,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2513,6 +2669,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47997,7 +48002,7 @@ index 9680cef..8af5ce7 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out_drop_write;
-@@ -2530,6 +2692,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2530,6 +2697,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
}
out_drop_write:
mnt_drop_write(path.mnt);
@@ -48007,7 +48012,7 @@ index 9680cef..8af5ce7 100644
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2579,12 +2744,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
+@@ -2579,12 +2749,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -48029,7 +48034,7 @@ index 9680cef..8af5ce7 100644
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2664,6 +2838,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2664,6 +2843,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -48038,7 +48043,7 @@ index 9680cef..8af5ce7 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2692,6 +2868,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2692,6 +2873,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
error = -ENOENT;
goto exit3;
}
@@ -48054,7 +48059,7 @@ index 9680cef..8af5ce7 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2699,6 +2884,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2699,6 +2889,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -48063,7 +48068,7 @@ index 9680cef..8af5ce7 100644
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2761,6 +2948,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2761,6 +2953,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
@@ -48072,7 +48077,7 @@ index 9680cef..8af5ce7 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2783,6 +2972,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2783,6 +2977,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (!inode)
goto slashes;
ihold(inode);
@@ -48089,7 +48094,7 @@ index 9680cef..8af5ce7 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2790,6 +2989,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2790,6 +2994,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -48098,7 +48103,7 @@ index 9680cef..8af5ce7 100644
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2865,10 +3066,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -2865,10 +3071,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -48117,7 +48122,7 @@ index 9680cef..8af5ce7 100644
out_drop_write:
mnt_drop_write(path.mnt);
out_dput:
-@@ -2940,6 +3149,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2940,6 +3154,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
{
struct dentry *new_dentry;
struct path old_path, new_path;
@@ -48125,7 +48130,7 @@ index 9680cef..8af5ce7 100644
int how = 0;
int error;
-@@ -2963,7 +3173,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2963,7 +3178,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
if (error)
return error;
@@ -48134,7 +48139,7 @@ index 9680cef..8af5ce7 100644
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out;
-@@ -2974,13 +3184,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2974,13 +3189,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
error = mnt_want_write(new_path.mnt);
if (error)
goto out_dput;
@@ -48165,7 +48170,7 @@ index 9680cef..8af5ce7 100644
dput(new_dentry);
mutex_unlock(&new_path.dentry->d_inode->i_mutex);
path_put(&new_path);
-@@ -3208,6 +3435,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3208,6 +3440,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
if (new_dentry == trap)
goto exit5;
@@ -48178,7 +48183,7 @@ index 9680cef..8af5ce7 100644
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -3217,6 +3450,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3217,6 +3455,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
@@ -48188,7 +48193,7 @@ index 9680cef..8af5ce7 100644
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -3242,6 +3478,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -3242,6 +3483,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -48197,7 +48202,7 @@ index 9680cef..8af5ce7 100644
int len;
len = PTR_ERR(link);
-@@ -3251,7 +3489,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -3251,7 +3494,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
diff --git a/3.5.3/0000_README b/3.5.3/0000_README
index a299929..410199b 100644
--- a/3.5.3/0000_README
+++ b/3.5.3/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9.1-3.5.3-201209062131.patch
+Patch: 4420_grsecurity-2.9.1-3.5.3-201209101830.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.5.3/4420_grsecurity-2.9.1-3.5.3-201209062131.patch b/3.5.3/4420_grsecurity-2.9.1-3.5.3-201209101830.patch
index 07e504b..4e23b0e 100644
--- a/3.5.3/4420_grsecurity-2.9.1-3.5.3-201209062131.patch
+++ b/3.5.3/4420_grsecurity-2.9.1-3.5.3-201209101830.patch
@@ -23418,7 +23418,7 @@ index e5b130b..6690d31 100644
+}
+EXPORT_SYMBOL(copy_to_user_overflow);
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
-index 903ec1e..af8e064 100644
+index 903ec1e..c4166b2 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -6,12 +6,24 @@
@@ -23428,7 +23428,7 @@ index 903ec1e..af8e064 100644
- return (unsigned long)&x->insn + x->insn;
+ unsigned long reloc = 0;
+
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ reloc = ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
+#endif
+
@@ -23440,7 +23440,7 @@ index 903ec1e..af8e064 100644
- return (unsigned long)&x->fixup + x->fixup;
+ unsigned long reloc = 0;
+
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ reloc = ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
+#endif
+
@@ -23457,6 +23457,20 @@ index 903ec1e..af8e064 100644
extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
extern u32 pnp_bios_is_utter_crap;
pnp_bios_is_utter_crap = 1;
+@@ -145,6 +157,13 @@ void sort_extable(struct exception_table_entry *start,
+ i += 4;
+ p->fixup -= i;
+ i += 4;
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++ BUILD_BUG_ON(!IS_ENABLED(CONFIG_BUILDTIME_EXTABLE_SORT));
++ p->insn -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
++ p->fixup -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
++#endif
++
+ }
+ }
+
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 76dcd9d..e9dffde 100644
--- a/arch/x86/mm/fault.c
@@ -47156,7 +47170,7 @@ index 82c3533..34e929c 100644
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 7d69419..10c6af6 100644
+index 7d69419..c7a09f0 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -265,16 +265,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -47355,11 +47369,16 @@ index 7d69419..10c6af6 100644
audit_inode(pathname, dir);
goto ok;
}
-@@ -2285,6 +2364,12 @@ retry_lookup:
+@@ -2285,6 +2364,17 @@ retry_lookup:
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
umode_t mode = op->mode;
+
++ if (link && gr_handle_symlink_owner(link, dir->d_inode)) {
++ error = -EACCES;
++ goto exit_mutex_unlock;
++ }
++
+ if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, path->mnt, open_flag, acc_mode, mode)) {
+ error = -EACCES;
+ goto exit_mutex_unlock;
@@ -47368,7 +47387,7 @@ index 7d69419..10c6af6 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2308,6 +2393,8 @@ retry_lookup:
+@@ -2308,6 +2398,8 @@ retry_lookup:
error = vfs_create(dir->d_inode, dentry, mode, nd);
if (error)
goto exit_mutex_unlock;
@@ -47377,7 +47396,7 @@ index 7d69419..10c6af6 100644
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
nd->path.dentry = dentry;
-@@ -2317,6 +2404,23 @@ retry_lookup:
+@@ -2317,6 +2409,23 @@ retry_lookup:
/*
* It already exists.
*/
@@ -47401,7 +47420,7 @@ index 7d69419..10c6af6 100644
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2349,6 +2453,11 @@ finish_lookup:
+@@ -2349,6 +2458,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
@@ -47413,7 +47432,7 @@ index 7d69419..10c6af6 100644
return NULL;
}
-@@ -2358,7 +2467,6 @@ finish_lookup:
+@@ -2358,7 +2472,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
@@ -47421,7 +47440,7 @@ index 7d69419..10c6af6 100644
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -2367,6 +2475,21 @@ finish_lookup:
+@@ -2367,6 +2480,21 @@ finish_lookup:
path_put(&save_parent);
return ERR_PTR(error);
}
@@ -47443,7 +47462,7 @@ index 7d69419..10c6af6 100644
error = -EISDIR;
if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode))
goto exit;
-@@ -2461,7 +2584,7 @@ static struct file *path_openat(int dfd, const char *pathname,
+@@ -2461,7 +2589,7 @@ static struct file *path_openat(int dfd, const char *pathname,
if (unlikely(error))
goto out_filp;
@@ -47452,7 +47471,7 @@ index 7d69419..10c6af6 100644
while (unlikely(!filp)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -2476,8 +2599,9 @@ static struct file *path_openat(int dfd, const char *pathname,
+@@ -2476,8 +2604,9 @@ static struct file *path_openat(int dfd, const char *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
filp = ERR_PTR(error);
@@ -47464,7 +47483,7 @@ index 7d69419..10c6af6 100644
put_link(nd, &link, cookie);
}
out:
-@@ -2577,6 +2701,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
+@@ -2577,6 +2706,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
*path = nd.path;
return dentry;
eexist:
@@ -47476,7 +47495,7 @@ index 7d69419..10c6af6 100644
dput(dentry);
dentry = ERR_PTR(-EEXIST);
fail:
-@@ -2599,6 +2728,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
+@@ -2599,6 +2733,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
}
EXPORT_SYMBOL(user_path_create);
@@ -47497,7 +47516,7 @@ index 7d69419..10c6af6 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -2665,6 +2808,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
+@@ -2665,6 +2813,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47515,7 +47534,7 @@ index 7d69419..10c6af6 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out_drop_write;
-@@ -2682,6 +2836,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
+@@ -2682,6 +2841,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
}
out_drop_write:
mnt_drop_write(path.mnt);
@@ -47525,7 +47544,7 @@ index 7d69419..10c6af6 100644
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2735,12 +2892,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
+@@ -2735,12 +2897,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47547,7 +47566,7 @@ index 7d69419..10c6af6 100644
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2820,6 +2986,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2820,6 +2991,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -47556,7 +47575,7 @@ index 7d69419..10c6af6 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2848,6 +3016,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2848,6 +3021,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
error = -ENOENT;
goto exit3;
}
@@ -47572,7 +47591,7 @@ index 7d69419..10c6af6 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2855,6 +3032,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2855,6 +3037,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -47581,7 +47600,7 @@ index 7d69419..10c6af6 100644
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2917,6 +3096,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2917,6 +3101,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
@@ -47590,7 +47609,7 @@ index 7d69419..10c6af6 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2939,6 +3120,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2939,6 +3125,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (!inode)
goto slashes;
ihold(inode);
@@ -47607,7 +47626,7 @@ index 7d69419..10c6af6 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2946,6 +3137,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2946,6 +3142,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -47616,7 +47635,7 @@ index 7d69419..10c6af6 100644
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -3021,10 +3214,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -3021,10 +3219,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47635,7 +47654,7 @@ index 7d69419..10c6af6 100644
out_drop_write:
mnt_drop_write(path.mnt);
out_dput:
-@@ -3099,6 +3300,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3099,6 +3305,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
{
struct dentry *new_dentry;
struct path old_path, new_path;
@@ -47643,7 +47662,7 @@ index 7d69419..10c6af6 100644
int how = 0;
int error;
-@@ -3122,7 +3324,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3122,7 +3329,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
if (error)
return error;
@@ -47652,7 +47671,7 @@ index 7d69419..10c6af6 100644
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out;
-@@ -3133,13 +3335,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3133,13 +3340,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
error = mnt_want_write(new_path.mnt);
if (error)
goto out_dput;
@@ -47683,7 +47702,7 @@ index 7d69419..10c6af6 100644
dput(new_dentry);
mutex_unlock(&new_path.dentry->d_inode->i_mutex);
path_put(&new_path);
-@@ -3373,6 +3592,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3373,6 +3597,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
if (new_dentry == trap)
goto exit5;
@@ -47696,7 +47715,7 @@ index 7d69419..10c6af6 100644
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -3382,6 +3607,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3382,6 +3612,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
@@ -47706,7 +47725,7 @@ index 7d69419..10c6af6 100644
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -3407,6 +3635,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -3407,6 +3640,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -47715,7 +47734,7 @@ index 7d69419..10c6af6 100644
int len;
len = PTR_ERR(link);
-@@ -3416,7 +3646,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -3416,7 +3651,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;