[prev in list] [next in list] [prev in thread] [next in thread]
List: user-mode-linux-user
Subject: Re: [uml-user] UML and grsec in guest system
From: BlaisorBlade <blaisorblade_spam () yahoo ! it>
Date: 2004-08-30 12:22:17
Message-ID: 200408301422.17004.blaisorblade_spam () yahoo ! it
[Download RAW message or body]
Alle 19:47, luned́ 23 agosto 2004, Martin Maney ha scritto:
> On Mon, Aug 23, 2004 at 05:14:12PM +0200, Jens R?siger wrote:
> > Or better: can i use UML and grsecurity in guest system?
>
> As best I recall, that is indeed the question (mind, I haven't ever
> tried to combine UML and grsec, myself).
>
> > I tried it. I have patch the kernel-source-2.6.7 with the
> > uml-patch-2.6.7-2.bz2 and grsecurity-2.0.1-2.6.7.patch.
> > The grsecurity-2.0.1-2.6.7.patch doesn't apply.
> > Error with patching KERNELSOURCE/mm/mmap.c
>
> Two patches that conflict: each wants to make its set of changes to the
> same code section.
>
> > OK, fix the lines in the patch and patch again.
> > Patch apply.
> > But the kernel will not compile. Error:
>
> That's the compiler's way of telling you that resolving the conflict
> between the patches isn't as easy as you thought. :-/
>
> > Did that try already times someone?
>
> I know I've seen reports about the incompatibility similar to yours; I
> can not recall having seen any report of a successful combined patch.
> But perhaps I misremember.
>
> > The same problem arises with uml and grsec in the host system.
> I thought grsec was only incompatible with the UML guest. Are you
> building the host kernel from the same multiply-patched tree?
No, he applied the SKAS patch, which conflicts with the GRsec patch in the
same point. Or better, the UML patch gives a conflict because it contains the
SKAS patch for running nested UML in SKAS mode. To solve the conflict in the
guest, apply the UML patch, then the attached patch, and then the Grsec
patch. It should work (at least I hope). For the host system, instead, search
for the WOLK patchset (Working Overloaded Linux Kernel) which has already
solved that conflict.
Bye
--
Paolo Giarrusso, aka Blaisorblade
Linux registered user n. 292729
["Remove-old-skas-support.patch" (text/x-diff)]
This patch removes completely the code for SKAS support for inner UML's.
This should be merged since it's needed for mainline inclusion.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade_spam@yahoo.it>
---
uml-linux-2.6.8.1-paolo/arch/um/Kconfig | 3
uml-linux-2.6.8.1-paolo/arch/um/kernel/ptrace.c | 5
uml-linux-2.6.8.1-paolo/arch/um/kernel/syscall_kern.c | 18 -
uml-linux-2.6.8.1-paolo/include/linux/mm.h | 13 -
uml-linux-2.6.8.1-paolo/mm/Makefile | 1
uml-linux-2.6.8.1-paolo/mm/mmap.c | 8
uml-linux-2.6.8.1-paolo/mm/mprotect.c | 14 -
uml-linux-2.6.8.1/include/linux/proc_mm.h | 48 ----
uml-linux-2.6.8.1/mm/proc_mm.c | 174 ------------------
9 files changed, 21 insertions(+), 263 deletions(-)
diff -puN arch/um/Kconfig~Remove-old-skas-support arch/um/Kconfig
--- uml-linux-2.6.8.1/arch/um/Kconfig~Remove-old-skas-support 2004-08-29 \
14:40:45.692265496 +0200
+++ uml-linux-2.6.8.1-paolo/arch/um/Kconfig 2004-08-29 14:40:45.722260936 +0200
@@ -204,9 +204,6 @@ config KERNEL_HALF_GIGS
config HIGHMEM
bool "Highmem support"
-config PROC_MM
- bool "/proc/mm support"
-
config KERNEL_STACK_ORDER
int "Kernel stack size order"
default 2
diff -puN arch/um/kernel/ptrace.c~Remove-old-skas-support arch/um/kernel/ptrace.c
--- uml-linux-2.6.8.1/arch/um/kernel/ptrace.c~Remove-old-skas-support 2004-08-29 \
14:40:45.693265344 +0200
+++ uml-linux-2.6.8.1-paolo/arch/um/kernel/ptrace.c 2004-08-29 14:40:45.722260936 \
+0200 @@ -24,11 +24,6 @@ void ptrace_disable(struct task_struct *
{
}
-extern long do_mmap2(struct task_struct *task, unsigned long addr,
- unsigned long len, unsigned long prot,
- unsigned long flags, unsigned long fd,
- unsigned long pgoff);
-
int sys_ptrace(long request, long pid, long addr, long data)
{
struct task_struct *child;
diff -puN arch/um/kernel/syscall_kern.c~Remove-old-skas-support \
arch/um/kernel/syscall_kern.c
--- uml-linux-2.6.8.1/arch/um/kernel/syscall_kern.c~Remove-old-skas-support 2004-08-29 \
14:40:45.694265192 +0200
+++ uml-linux-2.6.8.1-paolo/arch/um/kernel/syscall_kern.c 2004-08-29 \
14:40:45.722260936 +0200 @@ -67,9 +67,10 @@ long sys_vfork(void)
}
/* common code for old and new mmaps */
-long do_mmap2(struct mm_struct *mm, unsigned long addr, unsigned long len,
- unsigned long prot, unsigned long flags, unsigned long fd,
- unsigned long pgoff)
+static inline long do_mmap2(
+ unsigned long addr, unsigned long len,
+ unsigned long prot, unsigned long flags,
+ unsigned long fd, unsigned long pgoff)
{
int error = -EBADF;
struct file * file = NULL;
@@ -81,9 +82,9 @@ long do_mmap2(struct mm_struct *mm, unsi
goto out;
}
- down_write(&mm->mmap_sem);
- error = do_mmap_pgoff(mm, file, addr, len, prot, flags, pgoff);
- up_write(&mm->mmap_sem);
+ down_write(¤t->mm->mmap_sem);
+ error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
+ up_write(¤t->mm->mmap_sem);
if (file)
fput(file);
@@ -95,7 +96,7 @@ long sys_mmap2(unsigned long addr, unsig
unsigned long prot, unsigned long flags,
unsigned long fd, unsigned long pgoff)
{
- return do_mmap2(current->mm, addr, len, prot, flags, fd, pgoff);
+ return do_mmap2(addr, len, prot, flags, fd, pgoff);
}
/*
@@ -122,8 +123,7 @@ int old_mmap(unsigned long addr, unsigne
if (offset & ~PAGE_MASK)
goto out;
- err = do_mmap2(current->mm, addr, len, prot, flags, fd,
- offset >> PAGE_SHIFT);
+ err = do_mmap2(addr, len, prot, flags, fd, offset >> PAGE_SHIFT);
out:
return err;
}
diff -puN include/linux/mm.h~Remove-old-skas-support include/linux/mm.h
--- uml-linux-2.6.8.1/include/linux/mm.h~Remove-old-skas-support 2004-08-29 \
14:40:45.695265040 +0200
+++ uml-linux-2.6.8.1-paolo/include/linux/mm.h 2004-08-29 14:40:45.723260784 +0200
@@ -565,9 +565,6 @@ int clear_page_dirty_for_io(struct page
*/
typedef int (*shrinker_t)(int nr_to_scan, unsigned int gfp_mask);
-extern long do_mprotect(struct mm_struct *mm, unsigned long start,
- size_t len, unsigned long prot);
-
/*
* Add an aging callback. The int is the number of 'seeks' it takes
* to recreate one of the objects that these functions age.
@@ -636,10 +633,9 @@ extern void exit_mmap(struct mm_struct *
extern unsigned long get_unmapped_area(struct file *, unsigned long, unsigned long, \
unsigned long, unsigned long);
-extern unsigned long do_mmap_pgoff(struct mm_struct *mm, struct file *file,
- unsigned long addr, unsigned long len,
- unsigned long prot, unsigned long flag,
- unsigned long pgoff);
+extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+ unsigned long len, unsigned long prot,
+ unsigned long flag, unsigned long pgoff);
static inline unsigned long do_mmap(struct file *file, unsigned long addr,
unsigned long len, unsigned long prot,
@@ -649,8 +645,7 @@ static inline unsigned long do_mmap(stru
if ((offset + PAGE_ALIGN(len)) < offset)
goto out;
if (!(offset & ~PAGE_MASK))
- ret = do_mmap_pgoff(current->mm, file, addr, len, prot, flag,
- offset >> PAGE_SHIFT);
+ ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT);
out:
return ret;
}
diff -L include/linux/proc_mm.h -puN include/linux/proc_mm.h~Remove-old-skas-support \
/dev/null
--- uml-linux-2.6.8.1/include/linux/proc_mm.h
+++ /dev/null 2004-06-25 17:47:25.000000000 +0200
@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2002 Jeff Dike (jdike@karaya.com)
- * Licensed under the GPL
- */
-
-#ifndef __PROC_MM_H
-#define __PROC_MM_H
-
-#include "linux/sched.h"
-
-#define MM_MMAP 54
-#define MM_MUNMAP 55
-#define MM_MPROTECT 56
-#define MM_COPY_SEGMENTS 57
-
-struct mm_mmap {
- unsigned long addr;
- unsigned long len;
- unsigned long prot;
- unsigned long flags;
- unsigned long fd;
- unsigned long offset;
-};
-
-struct mm_munmap {
- unsigned long addr;
- unsigned long len;
-};
-
-struct mm_mprotect {
- unsigned long addr;
- unsigned long len;
- unsigned int prot;
-};
-
-struct proc_mm_op {
- int op;
- union {
- struct mm_mmap mmap;
- struct mm_munmap munmap;
- struct mm_mprotect mprotect;
- int copy_segments;
- } u;
-};
-
-extern struct mm_struct *proc_mm_get_mm(int fd);
-
-#endif
diff -puN mm/Makefile~Remove-old-skas-support mm/Makefile
--- uml-linux-2.6.8.1/mm/Makefile~Remove-old-skas-support 2004-08-29 \
14:40:45.697264736 +0200
+++ uml-linux-2.6.8.1-paolo/mm/Makefile 2004-08-29 14:40:45.723260784 +0200
@@ -14,5 +14,4 @@ obj-y := bootmem.o filemap.o mempool.o
obj-$(CONFIG_SWAP) += page_io.o swap_state.o swapfile.o
obj-$(CONFIG_HUGETLBFS) += hugetlb.o
-obj-$(CONFIG_PROC_MM) += proc_mm.o
obj-$(CONFIG_NUMA) += mempolicy.o
diff -puN mm/mmap.c~Remove-old-skas-support mm/mmap.c
--- uml-linux-2.6.8.1/mm/mmap.c~Remove-old-skas-support 2004-08-29 14:40:45.698264584 \
+0200
+++ uml-linux-2.6.8.1-paolo/mm/mmap.c 2004-08-29 14:40:45.724260632 +0200
@@ -736,11 +736,11 @@ none:
* The caller must hold down_write(current->mm->mmap_sem).
*/
-unsigned long do_mmap_pgoff(struct mm_struct *mm, struct file * file,
- unsigned long addr, unsigned long len,
- unsigned long prot, unsigned long flags,
- unsigned long pgoff)
+unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
+ unsigned long len, unsigned long prot,
+ unsigned long flags, unsigned long pgoff)
{
+ struct mm_struct * mm = current->mm;
struct vm_area_struct * vma, * prev;
struct inode *inode;
unsigned int vm_flags;
diff -puN mm/mprotect.c~Remove-old-skas-support mm/mprotect.c
--- uml-linux-2.6.8.1/mm/mprotect.c~Remove-old-skas-support 2004-08-29 \
14:40:45.699264432 +0200
+++ uml-linux-2.6.8.1-paolo/mm/mprotect.c 2004-08-29 14:40:45.725260480 +0200
@@ -186,8 +186,7 @@ fail:
}
asmlinkage long
-do_mprotect(struct mm_struct *mm, unsigned long start, size_t len,
- unsigned long prot)
+sys_mprotect(unsigned long start, size_t len, unsigned long prot)
{
unsigned long vm_flags, nstart, end, tmp;
struct vm_area_struct *vma, *prev;
@@ -216,9 +215,9 @@ do_mprotect(struct mm_struct *mm, unsign
vm_flags = calc_vm_prot_bits(prot);
- down_write(&mm->mmap_sem);
+ down_write(¤t->mm->mmap_sem);
- vma = find_vma_prev(mm, start, &prev);
+ vma = find_vma_prev(current->mm, start, &prev);
error = -ENOMEM;
if (!vma)
goto out;
@@ -284,11 +283,6 @@ do_mprotect(struct mm_struct *mm, unsign
}
}
out:
- up_write(&mm->mmap_sem);
+ up_write(¤t->mm->mmap_sem);
return error;
}
-
-asmlinkage long sys_mprotect(unsigned long start, size_t len, unsigned long prot)
-{
- return(do_mprotect(current->mm, start, len, prot));
-}
diff -L mm/proc_mm.c -puN mm/proc_mm.c~Remove-old-skas-support /dev/null
--- uml-linux-2.6.8.1/mm/proc_mm.c
+++ /dev/null 2004-06-25 17:47:25.000000000 +0200
@@ -1,174 +0,0 @@
-/*
- * Copyright (C) 2002 Jeff Dike (jdike@karaya.com)
- * Licensed under the GPL
- */
-
-#include "linux/mm.h"
-#include "linux/init.h"
-#include "linux/proc_fs.h"
-#include "linux/proc_mm.h"
-#include "linux/file.h"
-#include "asm/uaccess.h"
-#include "asm/mmu_context.h"
-
-static struct file_operations proc_mm_fops;
-
-struct mm_struct *proc_mm_get_mm(int fd)
-{
- struct mm_struct *ret = ERR_PTR(-EBADF);
- struct file *file;
-
- file = fget(fd);
- if (!file)
- goto out;
-
- ret = ERR_PTR(-EINVAL);
- if(file->f_op != &proc_mm_fops)
- goto out_fput;
-
- ret = file->private_data;
- out_fput:
- fput(file);
- out:
- return(ret);
-}
-
-extern long do_mmap2(struct mm_struct *mm, unsigned long addr,
- unsigned long len, unsigned long prot,
- unsigned long flags, unsigned long fd,
- unsigned long pgoff);
-
-static ssize_t write_proc_mm(struct file *file, const char *buffer,
- size_t count, loff_t *ppos)
-{
- struct mm_struct *mm = file->private_data;
- struct proc_mm_op req;
- int n, ret;
-
- if(count > sizeof(req))
- return(-EINVAL);
-
- n = copy_from_user(&req, buffer, count);
- if(n != 0)
- return(-EFAULT);
-
- ret = count;
- switch(req.op){
- case MM_MMAP: {
- struct mm_mmap *map = &req.u.mmap;
-
- ret = do_mmap2(mm, map->addr, map->len, map->prot,
- map->flags, map->fd, map->offset >> PAGE_SHIFT);
- if((ret & ~PAGE_MASK) == 0)
- ret = count;
-
- break;
- }
- case MM_MUNMAP: {
- struct mm_munmap *unmap = &req.u.munmap;
-
- down_write(&mm->mmap_sem);
- ret = do_munmap(mm, unmap->addr, unmap->len);
- up_write(&mm->mmap_sem);
-
- if(ret == 0)
- ret = count;
- break;
- }
- case MM_MPROTECT: {
- struct mm_mprotect *protect = &req.u.mprotect;
-
- ret = do_mprotect(mm, protect->addr, protect->len,
- protect->prot);
- if(ret == 0)
- ret = count;
- break;
- }
-
- case MM_COPY_SEGMENTS: {
- struct mm_struct *from = proc_mm_get_mm(req.u.copy_segments);
-
- if(IS_ERR(from)){
- ret = PTR_ERR(from);
- break;
- }
-
- mm_copy_segments(from, mm);
- break;
- }
- default:
- ret = -EINVAL;
- break;
- }
-
- return(ret);
-}
-
-static int open_proc_mm(struct inode *inode, struct file *file)
-{
- struct mm_struct *mm = mm_alloc();
- int ret;
-
- ret = -ENOMEM;
- if(mm == NULL)
- goto out_mem;
-
- ret = init_new_context(current, mm);
- if(ret)
- goto out_free;
-
- spin_lock(&mmlist_lock);
- list_add(&mm->mmlist, ¤t->mm->mmlist);
- mmlist_nr++;
- spin_unlock(&mmlist_lock);
-
- file->private_data = mm;
-
- return(0);
-
- out_free:
- mmput(mm);
- out_mem:
- return(ret);
-}
-
-static int release_proc_mm(struct inode *inode, struct file *file)
-{
- struct mm_struct *mm = file->private_data;
-
- mmput(mm);
- return(0);
-}
-
-static struct file_operations proc_mm_fops = {
- .open = open_proc_mm,
- .release = release_proc_mm,
- .write = write_proc_mm,
-};
-
-static int make_proc_mm(void)
-{
- struct proc_dir_entry *ent;
-
- ent = create_proc_entry("mm", 0222, &proc_root);
- if(ent == NULL){
- printk("make_proc_mm : Failed to register /proc/mm\n");
- return(0);
- }
- ent->proc_fops = &proc_mm_fops;
-
- return(0);
-}
-
-__initcall(make_proc_mm);
-
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only. This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
_
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic