SOURCES: grsecurity-2.1.9-2.4.32-200602141845.patch (NEW) - raw fr...
zbyniu
zbyniu at pld-linux.org
Wed Mar 1 16:05:43 CET 2006
Author: zbyniu Date: Wed Mar 1 15:05:43 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- raw from http://www.grsecurity.net/~spender/grsecurity-2.1.9-2.4.32-200602141845.patch
---- Files affected:
SOURCES:
grsecurity-2.1.9-2.4.32-200602141845.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-2.1.9-2.4.32-200602141845.patch
diff -u /dev/null SOURCES/grsecurity-2.1.9-2.4.32-200602141845.patch:1.1
--- /dev/null Wed Mar 1 16:05:43 2006
+++ SOURCES/grsecurity-2.1.9-2.4.32-200602141845.patch Wed Mar 1 16:05:38 2006
@@ -0,0 +1,22720 @@
+diff -urNp linux-2.4.32/arch/alpha/config.in linux-2.4.32/arch/alpha/config.in
+--- linux-2.4.32/arch/alpha/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.32/arch/alpha/config.in 2006-02-09 03:45:36.000000000 -0500
+@@ -468,3 +468,12 @@ endmenu
+
+ source crypto/Config.in
+ source lib/Config.in
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
++
+diff -urNp linux-2.4.32/arch/alpha/kernel/osf_sys.c linux-2.4.32/arch/alpha/kernel/osf_sys.c
+--- linux-2.4.32/arch/alpha/kernel/osf_sys.c 2003-06-13 10:51:29.000000000 -0400
++++ linux-2.4.32/arch/alpha/kernel/osf_sys.c 2006-02-09 03:45:36.000000000 -0500
+@@ -230,6 +230,11 @@ asmlinkage unsigned long osf_mmap(unsign
+ struct file *file = NULL;
+ unsigned long ret = -EBADF;
+
++#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
++ if (flags & MAP_MIRROR)
++ return -EINVAL;
++#endif
++
+ #if 0
+ if (flags & (_MAP_HASSEMAPHORE | _MAP_INHERIT | _MAP_UNALIGNED))
+ printk("%s: unimplemented OSF mmap flags %04lx\n",
+@@ -1357,6 +1362,10 @@ arch_get_unmapped_area(struct file *filp
+ merely specific addresses, but regions of memory -- perhaps
+ this feature should be incorporated into all ports? */
+
++#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++#endif
++
+ if (addr) {
+ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
+ if (addr != -ENOMEM)
+@@ -1364,8 +1373,15 @@ arch_get_unmapped_area(struct file *filp
+ }
+
+ /* Next, try allocating at TASK_UNMAPPED_BASE. */
+- addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
+- len, limit);
++
++ addr = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++ addr += current->mm->delta_mmap;
++#endif
++
++ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
+ if (addr != -ENOMEM)
+ return addr;
+
+diff -urNp linux-2.4.32/arch/alpha/kernel/ptrace.c linux-2.4.32/arch/alpha/kernel/ptrace.c
+--- linux-2.4.32/arch/alpha/kernel/ptrace.c 2003-06-13 10:51:29.000000000 -0400
++++ linux-2.4.32/arch/alpha/kernel/ptrace.c 2006-02-09 03:45:36.000000000 -0500
+@@ -13,6 +13,7 @@
+ #include <linux/ptrace.h>
+ #include <linux/user.h>
+ #include <linux/slab.h>
++#include <linux/grsecurity.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+@@ -275,6 +276,10 @@ sys_ptrace(long request, long pid, long
+ read_unlock(&tasklist_lock);
+ if (!child)
+ goto out_notsk;
++
++ if(gr_handle_ptrace(child, request))
++ goto out;
++
+ if (request == PTRACE_ATTACH) {
+ ret = ptrace_attach(child);
+ goto out;
+diff -urNp linux-2.4.32/arch/alpha/mm/fault.c linux-2.4.32/arch/alpha/mm/fault.c
+--- linux-2.4.32/arch/alpha/mm/fault.c 2002-11-28 18:53:08.000000000 -0500
++++ linux-2.4.32/arch/alpha/mm/fault.c 2006-02-09 03:45:36.000000000 -0500
+@@ -53,6 +53,138 @@ __load_new_mm_context(struct mm_struct *
+ __reload_thread(¤t->thread);
+ }
+
++/*
++ * PaX: decide what to do with offenders (regs->pc = fault address)
++ *
++ * returns 1 when task should be killed
++ * 2 when patched PLT trampoline was detected
++ * 3 when unpatched PLT trampoline was detected
++ * 4 when legitimate ET_EXEC was detected
++ */
++#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++ int err;
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
++ if (current->mm->pax_flags & MF_PAX_RANDEXEC) {
++ if (regs->pc >= current->mm->start_code &&
++ regs->pc < current->mm->end_code)
++ {
++ if (regs->r26 == regs->pc)
++ return 1;
++ regs->pc += current->mm->delta_exec;
++ return 4;
++ }
++ }
++#endif
++
++#ifdef CONFIG_GRKERNSEC_PAX_EMUPLT
++ do { /* PaX: patched PLT emulation #1 */
++ unsigned int ldah, ldq, jmp;
++
++ err = get_user(ldah, (unsigned int *)regs->pc);
++ err |= get_user(ldq, (unsigned int *)(regs->pc+4));
++ err |= get_user(jmp, (unsigned int *)(regs->pc+8));
++
++ if (err)
++ break;
++
++ if ((ldah & 0xFFFF0000U)== 0x277B0000U &&
++ (ldq & 0xFFFF0000U) == 0xA77B0000U &&
++ jmp == 0x6BFB0000U)
++ {
++ unsigned long r27, addr;
++ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
++ unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
++
++ addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
++ err = get_user(r27, (unsigned long*)addr);
++ if (err)
++ break;
++
++ regs->r27 = r27;
++ regs->pc = r27;
++ return 2;
++ }
++ } while (0);
++
++ do { /* PaX: patched PLT emulation #2 */
++ unsigned int ldah, lda, br;
++
++ err = get_user(ldah, (unsigned int *)regs->pc);
++ err |= get_user(lda, (unsigned int *)(regs->pc+4));
++ err |= get_user(br, (unsigned int *)(regs->pc+8));
++
++ if (err)
++ break;
++
++ if ((ldah & 0xFFFF0000U)== 0x277B0000U &&
++ (lda & 0xFFFF0000U) == 0xA77B0000U &&
++ (br & 0xFFE00000U) == 0xC3E00000U)
++ {
++ unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
++ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
++ unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
++
++ regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
++ regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
++ return 2;
++ }
++ } while (0);
++
++ do { /* PaX: unpatched PLT emulation */
++ unsigned int br;
++
++ err = get_user(br, (unsigned int *)regs->pc);
++
++ if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
++ unsigned int br2, ldq, nop, jmp;
++ unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
++
++ addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
++ err = get_user(br2, (unsigned int *)addr);
++ err |= get_user(ldq, (unsigned int *)(addr+4));
++ err |= get_user(nop, (unsigned int *)(addr+8));
++ err |= get_user(jmp, (unsigned int *)(addr+12));
++ err |= get_user(resolver, (unsigned long *)(addr+16));
++
++ if (err)
++ break;
++
++ if (br2 == 0xC3600000U &&
++ ldq == 0xA77B000CU &&
++ nop == 0x47FF041FU &&
++ jmp == 0x6B7B0000U)
++ {
++ regs->r28 = regs->pc+4;
++ regs->r27 = addr+16;
++ regs->pc = resolver;
++ return 3;
++ }
++ }
++ } while (0);
++#endif
++
++ return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++ unsigned long i;
++
++ printk(KERN_ERR "PAX: bytes at PC: ");
++ for (i = 0; i < 5; i++) {
++ unsigned int c;
++ if (get_user(c, (unsigned int*)pc+i))
++ printk("???????? ");
++ else
++ printk("%08x ", c);
++ }
++ printk("\n");
++}
++#endif
++
+
+ /*
+ * This routine handles page faults. It determines the address,
+@@ -133,8 +265,32 @@ do_page_fault(unsigned long address, uns
+ good_area:
+ info.si_code = SEGV_ACCERR;
+ if (cause < 0) {
+- if (!(vma->vm_flags & VM_EXEC))
++ if (!(vma->vm_flags & VM_EXEC)) {
++
++#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC
++ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
++ goto bad_area;
++
++ up_read(&mm->mmap_sem);
++ switch(pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_GRKERNSEC_PAX_EMUPLT
++ case 2:
++ case 3:
++ return;
++#endif
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
++ case 4:
++ return;
++#endif
++ }
++ pax_report_fault(regs, (void*)regs->pc, (void*)rdusp());
++ do_exit(SIGKILL);
++#else
+ goto bad_area;
++#endif
++ }
+ } else if (!cause) {
+ /* Allow reads even for write-only mappings */
+ if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
+diff -urNp linux-2.4.32/arch/arm/config.in linux-2.4.32/arch/arm/config.in
+--- linux-2.4.32/arch/arm/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.32/arch/arm/config.in 2006-02-09 03:45:36.000000000 -0500
+@@ -736,3 +736,11 @@ endmenu
+
+ source crypto/Config.in
+ source lib/Config.in
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
+diff -urNp linux-2.4.32/arch/cris/config.in linux-2.4.32/arch/cris/config.in
+--- linux-2.4.32/arch/cris/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.32/arch/cris/config.in 2006-02-09 03:45:36.000000000 -0500
+@@ -276,3 +276,12 @@ int 'Kernel messages buffer length shift
+ source crypto/Config.in
+ source lib/Config.in
+ endmenu
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
++
+diff -urNp linux-2.4.32/arch/i386/boot/bootsect.S linux-2.4.32/arch/i386/boot/bootsect.S
+--- linux-2.4.32/arch/i386/boot/bootsect.S 2003-08-25 07:44:39.000000000 -0400
++++ linux-2.4.32/arch/i386/boot/bootsect.S 2006-02-09 03:45:36.000000000 -0500
+@@ -237,7 +237,7 @@ rp_read:
+ #ifdef __BIG_KERNEL__
+ # look in setup.S for bootsect_kludge
+ bootsect_kludge = 0x220 # 0x200 + 0x20 which is the size of the
+- lcall bootsect_kludge # bootsector + bootsect_kludge offset
++ lcall *bootsect_kludge # bootsector + bootsect_kludge offset
+ #else
+ movw %es, %ax
+ subw $SYSSEG, %ax
+diff -urNp linux-2.4.32/arch/i386/boot/compressed/head.S linux-2.4.32/arch/i386/boot/compressed/head.S
+--- linux-2.4.32/arch/i386/boot/compressed/head.S 2000-07-05 15:03:12.000000000 -0400
++++ linux-2.4.32/arch/i386/boot/compressed/head.S 2006-02-09 03:45:36.000000000 -0500
+@@ -38,11 +38,13 @@ startup_32:
+ movl %eax,%gs
+
+ lss SYMBOL_NAME(stack_start),%esp
++ movl 0x000000,%ecx
+ xorl %eax,%eax
+ 1: incl %eax # check that A20 really IS enabled
+ movl %eax,0x000000 # loop forever if it isn't
+ cmpl %eax,0x100000
+ je 1b
++ movl %ecx,0x000000
+
+ /*
+ * Initialize eflags. Some BIOS's leave bits like NT set. This would
+diff -urNp linux-2.4.32/arch/i386/boot/setup.S linux-2.4.32/arch/i386/boot/setup.S
+--- linux-2.4.32/arch/i386/boot/setup.S 2004-02-18 08:36:30.000000000 -0500
++++ linux-2.4.32/arch/i386/boot/setup.S 2006-02-09 03:45:36.000000000 -0500
+@@ -637,7 +637,7 @@ edd_done:
+ cmpw $0, %cs:realmode_swtch
+ jz rmodeswtch_normal
+
+- lcall %cs:realmode_swtch
++ lcall *%cs:realmode_swtch
+
+ jmp rmodeswtch_end
+
+diff -urNp linux-2.4.32/arch/i386/config.in linux-2.4.32/arch/i386/config.in
+--- linux-2.4.32/arch/i386/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.32/arch/i386/config.in 2006-02-09 03:45:36.000000000 -0500
+@@ -99,6 +99,7 @@ if [ "$CONFIG_M586MMX" = "y" ]; then
+ fi
+ if [ "$CONFIG_M686" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 5
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ bool 'PGE extensions (not for Cyrix/Transmeta)' CONFIG_X86_PGE
+@@ -108,6 +109,7 @@ if [ "$CONFIG_M686" = "y" ]; then
+ fi
+ if [ "$CONFIG_MPENTIUMIII" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 5
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ define_bool CONFIG_X86_PGE y
+@@ -116,6 +118,7 @@ if [ "$CONFIG_MPENTIUMIII" = "y" ]; then
+ fi
+ if [ "$CONFIG_MPENTIUM4" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 7
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ define_bool CONFIG_X86_PGE y
+@@ -135,6 +138,7 @@ if [ "$CONFIG_MK8" = "y" ]; then
+ fi
+ if [ "$CONFIG_MK7" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 6
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ define_bool CONFIG_X86_USE_3DNOW y
+@@ -487,3 +491,11 @@ endmenu
+
+ source crypto/Config.in
+ source lib/Config.in
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
+diff -urNp linux-2.4.32/arch/i386/kernel/acpi.c linux-2.4.32/arch/i386/kernel/acpi.c
+--- linux-2.4.32/arch/i386/kernel/acpi.c 2005-04-03 21:42:19.000000000 -0400
++++ linux-2.4.32/arch/i386/kernel/acpi.c 2006-02-09 03:45:36.000000000 -0500
+@@ -708,7 +708,7 @@ static void acpi_create_identity_pmd (vo
+ saved_pmd = *pmd;
+
+ /* set the new one */
+- set_pmd(pmd, __pmd(_PAGE_TABLE + __pa(ptep)));
++ set_pmd(pmd, __pmd(_KERNPG_TABLE + __pa(ptep)));
+
+ /* flush the TLB */
+ local_flush_tlb();
+diff -urNp linux-2.4.32/arch/i386/kernel/apm.c linux-2.4.32/arch/i386/kernel/apm.c
+--- linux-2.4.32/arch/i386/kernel/apm.c 2005-11-16 14:12:54.000000000 -0500
++++ linux-2.4.32/arch/i386/kernel/apm.c 2006-02-09 03:45:36.000000000 -0500
+@@ -614,7 +614,7 @@ static u8 apm_bios_call(u32 func, u32 eb
+ __asm__ __volatile__(APM_DO_ZERO_SEGS
+ "pushl %%edi\n\t"
+ "pushl %%ebp\n\t"
+- "lcall %%cs:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
++ "lcall *%%ss:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
+ "setc %%al\n\t"
+ "popl %%ebp\n\t"
+ "popl %%edi\n\t"
+@@ -666,7 +666,7 @@ static u8 apm_bios_call_simple(u32 func,
+ __asm__ __volatile__(APM_DO_ZERO_SEGS
+ "pushl %%edi\n\t"
+ "pushl %%ebp\n\t"
+- "lcall %%cs:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
++ "lcall *%%ss:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
+ "setc %%bl\n\t"
+ "popl %%ebp\n\t"
+ "popl %%edi\n\t"
+@@ -1985,6 +1985,12 @@ static int __init apm_init(void)
+ __va((unsigned long)0x40 << 4));
+ _set_limit((char *)&gdt[APM_40 >> 3], 4095 - (0x40 << 4));
+
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ set_base(gdt2[APM_40 >> 3],
++ __va((unsigned long)0x40 << 4));
++ _set_limit((char *)&gdt2[APM_40 >> 3], 4095 - (0x40 << 4));
++#endif
++
+ apm_bios_entry.offset = apm_info.bios.offset;
+ apm_bios_entry.segment = APM_CS;
+ set_base(gdt[APM_CS >> 3],
+@@ -1993,6 +1999,16 @@ static int __init apm_init(void)
+ __va((unsigned long)apm_info.bios.cseg_16 << 4));
+ set_base(gdt[APM_DS >> 3],
+ __va((unsigned long)apm_info.bios.dseg << 4));
++
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ set_base(gdt2[APM_CS >> 3],
++ __va((unsigned long)apm_info.bios.cseg << 4));
++ set_base(gdt2[APM_CS_16 >> 3],
++ __va((unsigned long)apm_info.bios.cseg_16 << 4));
++ set_base(gdt2[APM_DS >> 3],
++ __va((unsigned long)apm_info.bios.dseg << 4));
++#endif
++
+ #ifndef APM_RELAX_SEGMENTS
+ if (apm_info.bios.version == 0x100) {
+ #endif
+@@ -2002,6 +2018,13 @@ static int __init apm_init(void)
+ _set_limit((char *)&gdt[APM_CS_16 >> 3], 64 * 1024 - 1);
+ /* For the DEC Hinote Ultra CT475 (and others?) */
+ _set_limit((char *)&gdt[APM_DS >> 3], 64 * 1024 - 1);
++
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ _set_limit((char *)&gdt2[APM_CS >> 3], 64 * 1024 - 1);
++ _set_limit((char *)&gdt2[APM_CS_16 >> 3], 64 * 1024 - 1);
++ _set_limit((char *)&gdt2[APM_DS >> 3], 64 * 1024 - 1);
++#endif
++
+ #ifndef APM_RELAX_SEGMENTS
+ } else {
+ _set_limit((char *)&gdt[APM_CS >> 3],
+@@ -2010,6 +2033,16 @@ static int __init apm_init(void)
+ (apm_info.bios.cseg_16_len - 1) & 0xffff);
+ _set_limit((char *)&gdt[APM_DS >> 3],
+ (apm_info.bios.dseg_len - 1) & 0xffff);
++
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ _set_limit((char *)&gdt2[APM_CS >> 3],
++ (apm_info.bios.cseg_len - 1) & 0xffff);
++ _set_limit((char *)&gdt2[APM_CS_16 >> 3],
++ (apm_info.bios.cseg_16_len - 1) & 0xffff);
++ _set_limit((char *)&gdt2[APM_DS >> 3],
++ (apm_info.bios.dseg_len - 1) & 0xffff);
++#endif
++
+ }
+ #endif
+
+diff -urNp linux-2.4.32/arch/i386/kernel/entry.S linux-2.4.32/arch/i386/kernel/entry.S
+--- linux-2.4.32/arch/i386/kernel/entry.S 2003-06-13 10:51:29.000000000 -0400
++++ linux-2.4.32/arch/i386/kernel/entry.S 2006-02-09 03:45:36.000000000 -0500
+@@ -209,6 +209,17 @@ ENTRY(system_call)
+ jae badsys
+ call *SYMBOL_NAME(sys_call_table)(,%eax,4)
+ movl %eax,EAX(%esp) # save the return value
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDKSTACK
++ cli # need_resched and signals atomic test
++ cmpl $0,need_resched(%ebx)
++ jne reschedule
++ cmpl $0,sigpending(%ebx)
++ jne signal_return
++ call SYMBOL_NAME(pax_randomize_kstack)
++ jmp restore_all
++#endif
++
+ ENTRY(ret_from_sys_call)
+ cli # need_resched and signals atomic test
+ cmpl $0,need_resched(%ebx)
+@@ -389,8 +400,56 @@ ENTRY(alignment_check)
+ jmp error_code
+
+ ENTRY(page_fault)
++#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC
++ ALIGN
++ pushl $ SYMBOL_NAME(pax_do_page_fault)
++#else
+ pushl $ SYMBOL_NAME(do_page_fault)
++#endif
++
++#ifndef CONFIG_GRKERNSEC_PAX_EMUTRAMP
+ jmp error_code
++#else
++ pushl %ds
++ pushl %eax
++ xorl %eax,%eax
++ pushl %ebp
++ pushl %edi
++ pushl %esi
++ pushl %edx
++ decl %eax # eax = -1
++ pushl %ecx
++ pushl %ebx
++ cld
++ movl %es,%ecx
++ movl ORIG_EAX(%esp), %esi # get the error code
++ movl ES(%esp), %edi # get the function address
++ movl %eax, ORIG_EAX(%esp)
++ movl %ecx, ES(%esp)
++ movl %esp,%edx
++ pushl %esi # push the error code
++ pushl %edx # push the pt_regs pointer
++ movl $(__KERNEL_DS),%edx
++ movl %edx,%ds
++ movl %edx,%es
++ GET_CURRENT(%ebx)
++ call *%edi
++ addl $8,%esp
++ decl %eax
++ jnz ret_from_exception
++
++ popl %ebx
++ popl %ecx
++ popl %edx
++ popl %esi
++ popl %edi
++ popl %ebp
++ popl %eax
++ popl %ds
++ popl %es
++ addl $4,%esp
++ jmp system_call
++#endif
+
+ ENTRY(machine_check)
+ pushl $0
+@@ -402,7 +461,7 @@ ENTRY(spurious_interrupt_bug)
+ pushl $ SYMBOL_NAME(do_spurious_interrupt_bug)
+ jmp error_code
+
+-.data
++.section .rodata, "a", at progbits
+ ENTRY(sys_call_table)
+ .long SYMBOL_NAME(sys_ni_syscall) /* 0 - old "setup()" system call*/
+ .long SYMBOL_NAME(sys_exit)
+diff -urNp linux-2.4.32/arch/i386/kernel/head.S linux-2.4.32/arch/i386/kernel/head.S
+--- linux-2.4.32/arch/i386/kernel/head.S 2003-11-28 13:26:19.000000000 -0500
++++ linux-2.4.32/arch/i386/kernel/head.S 2006-02-09 03:45:36.000000000 -0500
+@@ -37,10 +37,17 @@
+ #define X86_VENDOR_ID CPU_PARAMS+36 /* tied to NCAPINTS in cpufeature.h */
+
+ /*
++ * Real beginning of normal "text" segment
++ */
++ENTRY(stext)
++ENTRY(_stext)
++
++/*
+ * swapper_pg_dir is the main page directory, address 0x00101000
+ *
+ * On entry, %esi points to the real-mode code as a 32-bit pointer.
+ */
++.global startup_32
+ startup_32:
+ /*
+ * Set segments to known values
+@@ -51,9 +58,23 @@ startup_32:
+ movl %eax,%es
+ movl %eax,%fs
+ movl %eax,%gs
++
+ #ifdef CONFIG_SMP
+- orw %bx,%bx
+- jz 1f
++ orw %bx,%bx
++ jnz 1f
++#endif
++
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list