40 |
kernel/sys.c | 9 +++++++++ |
kernel/sys.c | 9 +++++++++ |
41 |
kernel/sysctl.c | 13 ++++++++++++- |
kernel/sysctl.c | 13 ++++++++++++- |
42 |
kernel/time.c | 7 +++++++ |
kernel/time.c | 7 +++++++ |
43 |
net/ipv4/raw.c | 4 ++++ |
net/ipv4/raw.c | 12 +++++++++--- |
44 |
net/ipv4/tcp_ipv4.c | 5 +++++ |
net/ipv4/tcp_ipv4.c | 5 +++++ |
45 |
net/ipv4/udp.c | 8 ++++++++ |
net/ipv4/udp.c | 14 +++++++++++++- |
46 |
net/ipv6/raw.c | 4 ++++ |
net/ipv6/raw.c | 12 +++++++++--- |
47 |
net/ipv6/tcp_ipv6.c | 3 +++ |
net/ipv6/tcp_ipv6.c | 3 +++ |
48 |
net/ipv6/udp.c | 8 ++++++++ |
net/ipv6/udp.c | 14 +++++++++++++- |
49 |
net/socket.c | 23 +++++++++++++++++++++-- |
net/socket.c | 23 +++++++++++++++++++++-- |
50 |
net/unix/af_unix.c | 4 ++++ |
net/unix/af_unix.c | 4 ++++ |
51 |
46 files changed, 325 insertions(+), 5 deletions(-) |
46 files changed, 345 insertions(+), 13 deletions(-) |
52 |
|
|
53 |
--- linux-2.4.37.9.orig/Makefile |
--- linux-2.4.37.9.orig/Makefile |
54 |
+++ linux-2.4.37.9/Makefile |
+++ linux-2.4.37.9/Makefile |
947 |
entry->proc_fops = &ppc_htab_operations; |
entry->proc_fops = &ppc_htab_operations; |
948 |
} |
} |
949 |
#endif |
#endif |
950 |
+ printk(KERN_INFO "Hook version: 2.4.37.9 2010/04/12\n"); |
+ printk(KERN_INFO "Hook version: 2.4.37.9 2010/07/21\n"); |
951 |
} |
} |
952 |
--- linux-2.4.37.9.orig/include/linux/sched.h |
--- linux-2.4.37.9.orig/include/linux/sched.h |
953 |
+++ linux-2.4.37.9/include/linux/sched.h |
+++ linux-2.4.37.9/include/linux/sched.h |
1229 |
|
|
1230 |
struct sock *raw_v4_htable[RAWV4_HTABLE_SIZE]; |
struct sock *raw_v4_htable[RAWV4_HTABLE_SIZE]; |
1231 |
rwlock_t raw_v4_lock = RW_LOCK_UNLOCKED; |
rwlock_t raw_v4_lock = RW_LOCK_UNLOCKED; |
1232 |
@@ -503,6 +504,9 @@ int raw_recvmsg(struct sock *sk, struct |
@@ -500,9 +501,14 @@ int raw_recvmsg(struct sock *sk, struct |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
|
|
if (!skb) |
|
1233 |
goto out; |
goto out; |
1234 |
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
} |
1235 |
+ if (err) |
|
1236 |
+ goto out; |
- skb = skb_recv_datagram(sk, flags, noblock, &err); |
1237 |
|
- if (!skb) |
1238 |
|
- goto out; |
1239 |
|
+ for (;;) { |
1240 |
|
+ skb = skb_recv_datagram(sk, flags, noblock, &err); |
1241 |
|
+ if (!skb) |
1242 |
|
+ goto out; |
1243 |
|
+ if (!ccs_socket_post_recvmsg_permission(sk, skb)) |
1244 |
|
+ break; |
1245 |
|
+ skb_kill_datagram(sk, skb, flags); |
1246 |
|
+ } |
1247 |
|
|
1248 |
copied = skb->len; |
copied = skb->len; |
1249 |
if (len < copied) { |
if (len < copied) { |
1303 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
1304 |
break; |
break; |
1305 |
} |
} |
1306 |
@@ -711,6 +716,9 @@ try_again: |
@@ -697,6 +702,7 @@ int udp_recvmsg(struct sock *sk, struct |
1307 |
|
struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; |
1308 |
|
struct sk_buff *skb; |
1309 |
|
int copied, err; |
1310 |
|
+ _Bool update_stat; |
1311 |
|
|
1312 |
|
/* |
1313 |
|
* Check any passed addresses |
1314 |
|
@@ -711,6 +717,11 @@ try_again: |
1315 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1316 |
if (!skb) |
if (!skb) |
1317 |
goto out; |
goto out; |
1318 |
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
+ if (ccs_socket_post_recvmsg_permission(sk, skb)) { |
1319 |
+ if (err) |
+ update_stat = 0; |
1320 |
+ goto out; |
+ goto csum_copy_err; |
1321 |
|
+ } |
1322 |
|
+ update_stat = 1; |
1323 |
|
|
1324 |
copied = skb->len - sizeof(struct udphdr); |
copied = skb->len - sizeof(struct udphdr); |
1325 |
if (copied > len) { |
if (copied > len) { |
1326 |
|
@@ -759,7 +770,8 @@ out: |
1327 |
|
return err; |
1328 |
|
|
1329 |
|
csum_copy_err: |
1330 |
|
- UDP_INC_STATS_BH(UdpInErrors); |
1331 |
|
+ if (update_stat) |
1332 |
|
+ UDP_INC_STATS_BH(UdpInErrors); |
1333 |
|
|
1334 |
|
/* Clear queue. */ |
1335 |
|
if (flags&MSG_PEEK) { |
1336 |
--- linux-2.4.37.9.orig/net/ipv6/raw.c |
--- linux-2.4.37.9.orig/net/ipv6/raw.c |
1337 |
+++ linux-2.4.37.9/net/ipv6/raw.c |
+++ linux-2.4.37.9/net/ipv6/raw.c |
1338 |
@@ -45,6 +45,7 @@ |
@@ -45,6 +45,7 @@ |
1343 |
|
|
1344 |
struct sock *raw_v6_htable[RAWV6_HTABLE_SIZE]; |
struct sock *raw_v6_htable[RAWV6_HTABLE_SIZE]; |
1345 |
rwlock_t raw_v6_lock = RW_LOCK_UNLOCKED; |
rwlock_t raw_v6_lock = RW_LOCK_UNLOCKED; |
1346 |
@@ -369,6 +370,9 @@ int rawv6_recvmsg(struct sock *sk, struc |
@@ -366,9 +367,14 @@ int rawv6_recvmsg(struct sock *sk, struc |
1347 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
if (flags & MSG_ERRQUEUE) |
1348 |
if (!skb) |
return ipv6_recv_error(sk, msg, len); |
1349 |
goto out; |
|
1350 |
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
- skb = skb_recv_datagram(sk, flags, noblock, &err); |
1351 |
+ if (err) |
- if (!skb) |
1352 |
+ goto out; |
- goto out; |
1353 |
|
+ for (;;) { |
1354 |
|
+ skb = skb_recv_datagram(sk, flags, noblock, &err); |
1355 |
|
+ if (!skb) |
1356 |
|
+ goto out; |
1357 |
|
+ if (!ccs_socket_post_recvmsg_permission(sk, skb)) |
1358 |
|
+ break; |
1359 |
|
+ skb_kill_datagram(sk, skb, flags); |
1360 |
|
+ } |
1361 |
|
|
1362 |
copied = skb->len; |
copied = skb->len; |
1363 |
if (copied > len) { |
if (copied > len) { |
1408 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
1409 |
break; |
break; |
1410 |
} |
} |
1411 |
@@ -406,6 +411,9 @@ try_again: |
@@ -395,6 +400,7 @@ int udpv6_recvmsg(struct sock *sk, struc |
1412 |
|
{ |
1413 |
|
struct sk_buff *skb; |
1414 |
|
int copied, err; |
1415 |
|
+ _Bool update_stat; |
1416 |
|
|
1417 |
|
if (addr_len) |
1418 |
|
*addr_len=sizeof(struct sockaddr_in6); |
1419 |
|
@@ -406,6 +412,11 @@ try_again: |
1420 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1421 |
if (!skb) |
if (!skb) |
1422 |
goto out; |
goto out; |
1423 |
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
+ if (ccs_socket_post_recvmsg_permission(sk, skb)) { |
1424 |
+ if (err) |
+ update_stat = 0; |
1425 |
+ goto out; |
+ goto csum_copy_err; |
1426 |
|
+ } |
1427 |
|
+ update_stat = 1; |
1428 |
|
|
1429 |
copied = skb->len - sizeof(struct udphdr); |
copied = skb->len - sizeof(struct udphdr); |
1430 |
if (copied > len) { |
if (copied > len) { |
1431 |
|
@@ -485,7 +496,8 @@ csum_copy_err: |
1432 |
|
skb_free_datagram(sk, skb); |
1433 |
|
|
1434 |
|
if (flags & MSG_DONTWAIT) { |
1435 |
|
- UDP6_INC_STATS_USER(UdpInErrors); |
1436 |
|
+ if (update_stat) |
1437 |
|
+ UDP6_INC_STATS_USER(UdpInErrors); |
1438 |
|
return -EAGAIN; |
1439 |
|
} |
1440 |
|
goto try_again; |
1441 |
--- linux-2.4.37.9.orig/net/socket.c |
--- linux-2.4.37.9.orig/net/socket.c |
1442 |
+++ linux-2.4.37.9/net/socket.c |
+++ linux-2.4.37.9/net/socket.c |
1443 |
@@ -84,6 +84,7 @@ |
@@ -84,6 +84,7 @@ |
1489 |
err=sock->ops->listen(sock, backlog); |
err=sock->ops->listen(sock, backlog); |
1490 |
sockfd_put(sock); |
sockfd_put(sock); |
1491 |
} |
} |
1492 |
@@ -1069,6 +1079,11 @@ asmlinkage long sys_accept(int fd, struc |
@@ -1058,6 +1068,7 @@ asmlinkage long sys_accept(int fd, struc |
1493 |
|
if (!sock) |
1494 |
|
goto out; |
1495 |
|
|
1496 |
|
+retry: |
1497 |
|
err = -ENFILE; |
1498 |
|
if (!(newsock = sock_alloc())) |
1499 |
|
goto out_put; |
1500 |
|
@@ -1069,6 +1080,10 @@ asmlinkage long sys_accept(int fd, struc |
1501 |
if (err < 0) |
if (err < 0) |
1502 |
goto out_release; |
goto out_release; |
1503 |
|
|
1504 |
+ if (ccs_socket_accept_permission(newsock, |
+ if (ccs_socket_post_accept_permission(sock, newsock)) { |
1505 |
+ (struct sockaddr *) address)) { |
+ sock_release(newsock); |
1506 |
+ err = -ECONNABORTED; /* Hope less harmful than -EPERM. */ |
+ goto retry; |
|
+ goto out_release; |
|
1507 |
+ } |
+ } |
1508 |
if (upeer_sockaddr) { |
if (upeer_sockaddr) { |
1509 |
if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) { |
if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) { |