SOURCES: grsecurity-2.1.9-2.4.33-200608131429.patch (NEW) - http:/...
qboosh
qboosh at pld-linux.org
Wed Aug 16 14:03:10 CEST 2006
Author: qboosh Date: Wed Aug 16 12:03:10 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- http://www.grsecurity.net/grsecurity-2.1.9-2.4.33-200608131429.patch.gz, gunzipped
---- Files affected:
SOURCES:
grsecurity-2.1.9-2.4.33-200608131429.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch
diff -u /dev/null SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch:1.1
--- /dev/null Wed Aug 16 14:03:10 2006
+++ SOURCES/grsecurity-2.1.9-2.4.33-200608131429.patch Wed Aug 16 14:03:05 2006
@@ -0,0 +1,24420 @@
+diff -urNp linux-2.4.33/arch/alpha/config.in linux-2.4.33/arch/alpha/config.in
+--- linux-2.4.33/arch/alpha/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.33/arch/alpha/config.in 2006-08-11 13:50:43.000000000 -0400
+@@ -468,3 +468,12 @@ endmenu
+
+ source crypto/Config.in
+ source lib/Config.in
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
++
+diff -urNp linux-2.4.33/arch/alpha/kernel/osf_sys.c linux-2.4.33/arch/alpha/kernel/osf_sys.c
+--- linux-2.4.33/arch/alpha/kernel/osf_sys.c 2003-06-13 10:51:29.000000000 -0400
++++ linux-2.4.33/arch/alpha/kernel/osf_sys.c 2006-08-11 13:50:43.000000000 -0400
+@@ -230,6 +230,11 @@ asmlinkage unsigned long osf_mmap(unsign
+ struct file *file = NULL;
+ unsigned long ret = -EBADF;
+
++#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
++ if (flags & MAP_MIRROR)
++ return -EINVAL;
++#endif
++
+ #if 0
+ if (flags & (_MAP_HASSEMAPHORE | _MAP_INHERIT | _MAP_UNALIGNED))
+ printk("%s: unimplemented OSF mmap flags %04lx\n",
+@@ -1357,6 +1362,10 @@ arch_get_unmapped_area(struct file *filp
+ merely specific addresses, but regions of memory -- perhaps
+ this feature should be incorporated into all ports? */
+
++#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++#endif
++
+ if (addr) {
+ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
+ if (addr != -ENOMEM)
+@@ -1364,8 +1373,15 @@ arch_get_unmapped_area(struct file *filp
+ }
+
+ /* Next, try allocating at TASK_UNMAPPED_BASE. */
+- addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
+- len, limit);
++
++ addr = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++ addr += current->mm->delta_mmap;
++#endif
++
++ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
+ if (addr != -ENOMEM)
+ return addr;
+
+diff -urNp linux-2.4.33/arch/alpha/kernel/ptrace.c linux-2.4.33/arch/alpha/kernel/ptrace.c
+--- linux-2.4.33/arch/alpha/kernel/ptrace.c 2003-06-13 10:51:29.000000000 -0400
++++ linux-2.4.33/arch/alpha/kernel/ptrace.c 2006-08-11 13:50:43.000000000 -0400
+@@ -13,6 +13,7 @@
+ #include <linux/ptrace.h>
+ #include <linux/user.h>
+ #include <linux/slab.h>
++#include <linux/grsecurity.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+@@ -275,6 +276,10 @@ sys_ptrace(long request, long pid, long
+ read_unlock(&tasklist_lock);
+ if (!child)
+ goto out_notsk;
++
++ if(gr_handle_ptrace(child, request))
++ goto out;
++
+ if (request == PTRACE_ATTACH) {
+ ret = ptrace_attach(child);
+ goto out;
+diff -urNp linux-2.4.33/arch/alpha/mm/fault.c linux-2.4.33/arch/alpha/mm/fault.c
+--- linux-2.4.33/arch/alpha/mm/fault.c 2002-11-28 18:53:08.000000000 -0500
++++ linux-2.4.33/arch/alpha/mm/fault.c 2006-08-11 13:50:43.000000000 -0400
+@@ -53,6 +53,138 @@ __load_new_mm_context(struct mm_struct *
+ __reload_thread(¤t->thread);
+ }
+
++/*
++ * PaX: decide what to do with offenders (regs->pc = fault address)
++ *
++ * returns 1 when task should be killed
++ * 2 when patched PLT trampoline was detected
++ * 3 when unpatched PLT trampoline was detected
++ * 4 when legitimate ET_EXEC was detected
++ */
++#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++ int err;
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
++ if (current->mm->pax_flags & MF_PAX_RANDEXEC) {
++ if (regs->pc >= current->mm->start_code &&
++ regs->pc < current->mm->end_code)
++ {
++ if (regs->r26 == regs->pc)
++ return 1;
++ regs->pc += current->mm->delta_exec;
++ return 4;
++ }
++ }
++#endif
++
++#ifdef CONFIG_GRKERNSEC_PAX_EMUPLT
++ do { /* PaX: patched PLT emulation #1 */
++ unsigned int ldah, ldq, jmp;
++
++ err = get_user(ldah, (unsigned int *)regs->pc);
++ err |= get_user(ldq, (unsigned int *)(regs->pc+4));
++ err |= get_user(jmp, (unsigned int *)(regs->pc+8));
++
++ if (err)
++ break;
++
++ if ((ldah & 0xFFFF0000U)== 0x277B0000U &&
++ (ldq & 0xFFFF0000U) == 0xA77B0000U &&
++ jmp == 0x6BFB0000U)
++ {
++ unsigned long r27, addr;
++ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
++ unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
++
++ addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
++ err = get_user(r27, (unsigned long*)addr);
++ if (err)
++ break;
++
++ regs->r27 = r27;
++ regs->pc = r27;
++ return 2;
++ }
++ } while (0);
++
++ do { /* PaX: patched PLT emulation #2 */
++ unsigned int ldah, lda, br;
++
++ err = get_user(ldah, (unsigned int *)regs->pc);
++ err |= get_user(lda, (unsigned int *)(regs->pc+4));
++ err |= get_user(br, (unsigned int *)(regs->pc+8));
++
++ if (err)
++ break;
++
++ if ((ldah & 0xFFFF0000U)== 0x277B0000U &&
++ (lda & 0xFFFF0000U) == 0xA77B0000U &&
++ (br & 0xFFE00000U) == 0xC3E00000U)
++ {
++ unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
++ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
++ unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
++
++ regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
++ regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
++ return 2;
++ }
++ } while (0);
++
++ do { /* PaX: unpatched PLT emulation */
++ unsigned int br;
++
++ err = get_user(br, (unsigned int *)regs->pc);
++
++ if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
++ unsigned int br2, ldq, nop, jmp;
++ unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
++
++ addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
++ err = get_user(br2, (unsigned int *)addr);
++ err |= get_user(ldq, (unsigned int *)(addr+4));
++ err |= get_user(nop, (unsigned int *)(addr+8));
++ err |= get_user(jmp, (unsigned int *)(addr+12));
++ err |= get_user(resolver, (unsigned long *)(addr+16));
++
++ if (err)
++ break;
++
++ if (br2 == 0xC3600000U &&
++ ldq == 0xA77B000CU &&
++ nop == 0x47FF041FU &&
++ jmp == 0x6B7B0000U)
++ {
++ regs->r28 = regs->pc+4;
++ regs->r27 = addr+16;
++ regs->pc = resolver;
++ return 3;
++ }
++ }
++ } while (0);
++#endif
++
++ return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++ unsigned long i;
++
++ printk(KERN_ERR "PAX: bytes at PC: ");
++ for (i = 0; i < 5; i++) {
++ unsigned int c;
++ if (get_user(c, (unsigned int*)pc+i))
++ printk("???????? ");
++ else
++ printk("%08x ", c);
++ }
++ printk("\n");
++}
++#endif
++
+
+ /*
+ * This routine handles page faults. It determines the address,
+@@ -133,8 +265,32 @@ do_page_fault(unsigned long address, uns
+ good_area:
+ info.si_code = SEGV_ACCERR;
+ if (cause < 0) {
+- if (!(vma->vm_flags & VM_EXEC))
++ if (!(vma->vm_flags & VM_EXEC)) {
++
++#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC
++ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
++ goto bad_area;
++
++ up_read(&mm->mmap_sem);
++ switch(pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_GRKERNSEC_PAX_EMUPLT
++ case 2:
++ case 3:
++ return;
++#endif
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC
++ case 4:
++ return;
++#endif
++ }
++ pax_report_fault(regs, (void*)regs->pc, (void*)rdusp());
++ do_exit(SIGKILL);
++#else
+ goto bad_area;
++#endif
++ }
+ } else if (!cause) {
+ /* Allow reads even for write-only mappings */
+ if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
+diff -urNp linux-2.4.33/arch/arm/config.in linux-2.4.33/arch/arm/config.in
+--- linux-2.4.33/arch/arm/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.33/arch/arm/config.in 2006-08-11 13:50:43.000000000 -0400
+@@ -736,3 +736,11 @@ endmenu
+
+ source crypto/Config.in
+ source lib/Config.in
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
+diff -urNp linux-2.4.33/arch/cris/config.in linux-2.4.33/arch/cris/config.in
+--- linux-2.4.33/arch/cris/config.in 2004-11-17 06:54:21.000000000 -0500
++++ linux-2.4.33/arch/cris/config.in 2006-08-11 13:50:43.000000000 -0400
+@@ -276,3 +276,12 @@ int 'Kernel messages buffer length shift
+ source crypto/Config.in
+ source lib/Config.in
+ endmenu
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
++
+diff -urNp linux-2.4.33/arch/i386/boot/bootsect.S linux-2.4.33/arch/i386/boot/bootsect.S
+--- linux-2.4.33/arch/i386/boot/bootsect.S 2003-08-25 07:44:39.000000000 -0400
++++ linux-2.4.33/arch/i386/boot/bootsect.S 2006-08-11 13:50:43.000000000 -0400
+@@ -237,7 +237,7 @@ rp_read:
+ #ifdef __BIG_KERNEL__
+ # look in setup.S for bootsect_kludge
+ bootsect_kludge = 0x220 # 0x200 + 0x20 which is the size of the
+- lcall bootsect_kludge # bootsector + bootsect_kludge offset
++ lcall *bootsect_kludge # bootsector + bootsect_kludge offset
+ #else
+ movw %es, %ax
+ subw $SYSSEG, %ax
+diff -urNp linux-2.4.33/arch/i386/boot/compressed/head.S linux-2.4.33/arch/i386/boot/compressed/head.S
+--- linux-2.4.33/arch/i386/boot/compressed/head.S 2000-07-05 15:03:12.000000000 -0400
++++ linux-2.4.33/arch/i386/boot/compressed/head.S 2006-08-11 13:50:43.000000000 -0400
+@@ -38,11 +38,13 @@ startup_32:
+ movl %eax,%gs
+
+ lss SYMBOL_NAME(stack_start),%esp
++ movl 0x000000,%ecx
+ xorl %eax,%eax
+ 1: incl %eax # check that A20 really IS enabled
+ movl %eax,0x000000 # loop forever if it isn't
+ cmpl %eax,0x100000
+ je 1b
++ movl %ecx,0x000000
+
+ /*
+ * Initialize eflags. Some BIOS's leave bits like NT set. This would
+diff -urNp linux-2.4.33/arch/i386/boot/setup.S linux-2.4.33/arch/i386/boot/setup.S
+--- linux-2.4.33/arch/i386/boot/setup.S 2004-02-18 08:36:30.000000000 -0500
++++ linux-2.4.33/arch/i386/boot/setup.S 2006-08-11 13:50:43.000000000 -0400
+@@ -637,7 +637,7 @@ edd_done:
+ cmpw $0, %cs:realmode_swtch
+ jz rmodeswtch_normal
+
+- lcall %cs:realmode_swtch
++ lcall *%cs:realmode_swtch
+
+ jmp rmodeswtch_end
+
+diff -urNp linux-2.4.33/arch/i386/config.in linux-2.4.33/arch/i386/config.in
+--- linux-2.4.33/arch/i386/config.in 2006-08-11 00:18:20.000000000 -0400
++++ linux-2.4.33/arch/i386/config.in 2006-08-11 13:50:43.000000000 -0400
+@@ -101,6 +101,7 @@ if [ "$CONFIG_M586MMX" = "y" ]; then
+ fi
+ if [ "$CONFIG_M686" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 5
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ bool 'PGE extensions (not for Cyrix/Transmeta)' CONFIG_X86_PGE
+@@ -110,6 +111,7 @@ if [ "$CONFIG_M686" = "y" ]; then
+ fi
+ if [ "$CONFIG_MPENTIUMIII" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 5
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ define_bool CONFIG_X86_PGE y
+@@ -118,6 +120,7 @@ if [ "$CONFIG_MPENTIUMIII" = "y" ]; then
+ fi
+ if [ "$CONFIG_MPENTIUM4" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 7
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ define_bool CONFIG_X86_PGE y
+@@ -137,6 +140,7 @@ if [ "$CONFIG_MK8" = "y" ]; then
+ fi
+ if [ "$CONFIG_MK7" = "y" ]; then
+ define_int CONFIG_X86_L1_CACHE_SHIFT 6
++ define_bool CONFIG_X86_ALIGNMENT_16 y
+ define_bool CONFIG_X86_HAS_TSC y
+ define_bool CONFIG_X86_GOOD_APIC y
+ define_bool CONFIG_X86_USE_3DNOW y
+@@ -489,3 +493,11 @@ endmenu
+
+ source crypto/Config.in
+ source lib/Config.in
++
++mainmenu_option next_comment
++comment 'Grsecurity'
++bool 'Grsecurity' CONFIG_GRKERNSEC
++if [ "$CONFIG_GRKERNSEC" = "y" ]; then
++ source grsecurity/Config.in
++fi
++endmenu
+diff -urNp linux-2.4.33/arch/i386/kernel/acpi.c linux-2.4.33/arch/i386/kernel/acpi.c
+--- linux-2.4.33/arch/i386/kernel/acpi.c 2005-04-03 21:42:19.000000000 -0400
++++ linux-2.4.33/arch/i386/kernel/acpi.c 2006-08-11 13:50:43.000000000 -0400
+@@ -708,7 +708,7 @@ static void acpi_create_identity_pmd (vo
+ saved_pmd = *pmd;
+
+ /* set the new one */
+- set_pmd(pmd, __pmd(_PAGE_TABLE + __pa(ptep)));
++ set_pmd(pmd, __pmd(_KERNPG_TABLE + __pa(ptep)));
+
+ /* flush the TLB */
+ local_flush_tlb();
+diff -urNp linux-2.4.33/arch/i386/kernel/apm.c linux-2.4.33/arch/i386/kernel/apm.c
+--- linux-2.4.33/arch/i386/kernel/apm.c 2005-11-16 14:12:54.000000000 -0500
++++ linux-2.4.33/arch/i386/kernel/apm.c 2006-08-11 22:48:29.000000000 -0400
+@@ -223,7 +223,7 @@
+ #include <linux/sysrq.h>
+
+ extern unsigned long get_cmos_time(void);
+-extern void machine_real_restart(unsigned char *, int);
++extern void machine_real_restart(const unsigned char *, unsigned int);
+
+ #if defined(CONFIG_APM_DISPLAY_BLANK) && defined(CONFIG_VT)
+ extern int (*console_blank_hook)(int);
+@@ -614,7 +614,7 @@ static u8 apm_bios_call(u32 func, u32 eb
+ __asm__ __volatile__(APM_DO_ZERO_SEGS
+ "pushl %%edi\n\t"
+ "pushl %%ebp\n\t"
+- "lcall %%cs:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
++ "lcall *%%ss:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
+ "setc %%al\n\t"
+ "popl %%ebp\n\t"
+ "popl %%edi\n\t"
+@@ -666,7 +666,7 @@ static u8 apm_bios_call_simple(u32 func,
+ __asm__ __volatile__(APM_DO_ZERO_SEGS
+ "pushl %%edi\n\t"
+ "pushl %%ebp\n\t"
+- "lcall %%cs:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
++ "lcall *%%ss:" SYMBOL_NAME_STR(apm_bios_entry) "\n\t"
+ "setc %%bl\n\t"
+ "popl %%ebp\n\t"
+ "popl %%edi\n\t"
+@@ -924,7 +924,7 @@ recalc:
+
+ static void apm_power_off(void)
+ {
+- unsigned char po_bios_call[] = {
++ const unsigned char po_bios_call[] = {
+ 0xb8, 0x00, 0x10, /* movw $0x1000,ax */
+ 0x8e, 0xd0, /* movw ax,ss */
+ 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */
+@@ -1985,6 +1985,12 @@ static int __init apm_init(void)
+ __va((unsigned long)0x40 << 4));
+ _set_limit((char *)&gdt[APM_40 >> 3], 4095 - (0x40 << 4));
+
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ set_base(gdt2[APM_40 >> 3],
++ __va((unsigned long)0x40 << 4));
++ _set_limit((char *)&gdt2[APM_40 >> 3], 4095 - (0x40 << 4));
++#endif
++
+ apm_bios_entry.offset = apm_info.bios.offset;
+ apm_bios_entry.segment = APM_CS;
+ set_base(gdt[APM_CS >> 3],
+@@ -1993,6 +1999,16 @@ static int __init apm_init(void)
+ __va((unsigned long)apm_info.bios.cseg_16 << 4));
+ set_base(gdt[APM_DS >> 3],
+ __va((unsigned long)apm_info.bios.dseg << 4));
++
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ set_base(gdt2[APM_CS >> 3],
++ __va((unsigned long)apm_info.bios.cseg << 4));
++ set_base(gdt2[APM_CS_16 >> 3],
++ __va((unsigned long)apm_info.bios.cseg_16 << 4));
++ set_base(gdt2[APM_DS >> 3],
++ __va((unsigned long)apm_info.bios.dseg << 4));
++#endif
++
+ #ifndef APM_RELAX_SEGMENTS
+ if (apm_info.bios.version == 0x100) {
+ #endif
+@@ -2002,6 +2018,13 @@ static int __init apm_init(void)
+ _set_limit((char *)&gdt[APM_CS_16 >> 3], 64 * 1024 - 1);
+ /* For the DEC Hinote Ultra CT475 (and others?) */
+ _set_limit((char *)&gdt[APM_DS >> 3], 64 * 1024 - 1);
++
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ _set_limit((char *)&gdt2[APM_CS >> 3], 64 * 1024 - 1);
++ _set_limit((char *)&gdt2[APM_CS_16 >> 3], 64 * 1024 - 1);
++ _set_limit((char *)&gdt2[APM_DS >> 3], 64 * 1024 - 1);
++#endif
++
+ #ifndef APM_RELAX_SEGMENTS
+ } else {
+ _set_limit((char *)&gdt[APM_CS >> 3],
+@@ -2010,6 +2033,16 @@ static int __init apm_init(void)
+ (apm_info.bios.cseg_16_len - 1) & 0xffff);
+ _set_limit((char *)&gdt[APM_DS >> 3],
+ (apm_info.bios.dseg_len - 1) & 0xffff);
++
++#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
++ _set_limit((char *)&gdt2[APM_CS >> 3],
++ (apm_info.bios.cseg_len - 1) & 0xffff);
++ _set_limit((char *)&gdt2[APM_CS_16 >> 3],
++ (apm_info.bios.cseg_16_len - 1) & 0xffff);
++ _set_limit((char *)&gdt2[APM_DS >> 3],
++ (apm_info.bios.dseg_len - 1) & 0xffff);
++#endif
++
+ }
+ #endif
+
+diff -urNp linux-2.4.33/arch/i386/kernel/entry.S linux-2.4.33/arch/i386/kernel/entry.S
+--- linux-2.4.33/arch/i386/kernel/entry.S 2003-06-13 10:51:29.000000000 -0400
++++ linux-2.4.33/arch/i386/kernel/entry.S 2006-08-11 13:50:43.000000000 -0400
+@@ -84,7 +84,7 @@ processor = 52
+ ENOSYS = 38
+
+
+-#define SAVE_ALL \
++#define __SAVE_ALL \
+ cld; \
+ pushl %es; \
+ pushl %ds; \
+@@ -99,6 +99,18 @@ ENOSYS = 38
+ movl %edx,%ds; \
+ movl %edx,%es;
+
++#ifdef CONFIG_GRKERNSEC_PAX_KERNEXEC
++#define SAVE_ALL \
++ __SAVE_ALL \
++ movl %cr0,%edx; \
++ movl %edx,%ebp; \
++ orl $0x10000,%edx; \
++ xorl %edx,%ebp; \
++ movl %edx,%cr0;
++#else
++#define SAVE_ALL __SAVE_ALL
++#endif
++
+ #define RESTORE_ALL \
+ popl %ebx; \
+ popl %ecx; \
+@@ -209,6 +221,17 @@ ENTRY(system_call)
+ jae badsys
+ call *SYMBOL_NAME(sys_call_table)(,%eax,4)
+ movl %eax,EAX(%esp) # save the return value
++
++#ifdef CONFIG_GRKERNSEC_PAX_RANDKSTACK
++ cli # need_resched and signals atomic test
++ cmpl $0,need_resched(%ebx)
++ jne reschedule
++ cmpl $0,sigpending(%ebx)
++ jne signal_return
++ call SYMBOL_NAME(pax_randomize_kstack)
++ jmp restore_all
++#endif
++
+ ENTRY(ret_from_sys_call)
+ cli # need_resched and signals atomic test
+ cmpl $0,need_resched(%ebx)
+@@ -260,6 +283,13 @@ ret_from_exception:
+ movb CS(%esp),%al
+ testl $(VM_MASK | 3),%eax # return to VM86 mode or non-supervisor?
+ jne ret_from_sys_call
++
++#ifdef CONFIG_GRKERNSEC_PAX_KERNEXEC
++ movl %cr0, %edx
++ xorl %ebp, %edx
++ movl %edx, %cr0
++#endif
++
+ jmp restore_all
+
+ ALIGN
+@@ -283,6 +313,15 @@ error_code:
+ pushl %ecx
+ pushl %ebx
+ cld
++
++#ifdef CONFIG_GRKERNSEC_PAX_KERNEXEC
++ movl %cr0,%edx
++ movl %edx,%ebp
++ orl $0x10000,%edx
++ xorl %edx,%ebp
++ movl %edx,%cr0
++#endif
++
+ movl %es,%ecx
+ movl ORIG_EAX(%esp), %esi # get the error code
+ movl ES(%esp), %edi # get the function address
+@@ -337,6 +376,13 @@ ENTRY(nmi)
+ pushl %edx
+ call SYMBOL_NAME(do_nmi)
+ addl $8,%esp
++
++#ifdef CONFIG_GRKERNSEC_PAX_KERNEXEC
++ movl %cr0, %edx
++ xorl %ebp, %edx
++ movl %edx, %cr0
++#endif
++
+ RESTORE_ALL
+
+ ENTRY(int3)
+@@ -389,8 +435,65 @@ ENTRY(alignment_check)
+ jmp error_code
+
+ ENTRY(page_fault)
++#ifdef CONFIG_GRKERNSEC_PAX_PAGEEXEC
++ ALIGN
++ pushl $ SYMBOL_NAME(pax_do_page_fault)
++#else
+ pushl $ SYMBOL_NAME(do_page_fault)
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list