SOURCES (LINUX_2_6): linux-2.6-grsec_full.patch - raw grsecurity-2...
zbyniu
zbyniu at pld-linux.org
Mon Feb 25 23:44:44 CET 2008
Author: zbyniu Date: Mon Feb 25 22:44:44 2008 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- raw grsecurity-2.1.11-2.6.24.2-200802192340.patch
---- Files affected:
SOURCES:
linux-2.6-grsec_full.patch (1.1.2.24 -> 1.1.2.25)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.24 SOURCES/linux-2.6-grsec_full.patch:1.1.2.25
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.24 Mon Oct 8 13:36:35 2007
+++ SOURCES/linux-2.6-grsec_full.patch Mon Feb 25 23:44:38 2008
@@ -1,7 +1,7 @@
-diff -urNp linux-2.6.22.1/arch/alpha/kernel/module.c linux-2.6.22.1/arch/alpha/kernel/module.c
---- linux-2.6.22.1/arch/alpha/kernel/module.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/alpha/kernel/module.c 2007-08-02 11:38:45.000000000 -0400
-@@ -177,7 +177,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/module.c linux-2.6.24.2/arch/alpha/kernel/module.c
+--- linux-2.6.24.2/arch/alpha/kernel/module.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/module.c 2008-02-13 18:27:54.000000000 -0500
+@@ -176,7 +176,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
The following should definitely cover them. */
@@ -10,9 +10,9 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.22.1/arch/alpha/kernel/osf_sys.c linux-2.6.22.1/arch/alpha/kernel/osf_sys.c
---- linux-2.6.22.1/arch/alpha/kernel/osf_sys.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/alpha/kernel/osf_sys.c 2007-08-02 11:38:45.000000000 -0400
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/osf_sys.c linux-2.6.24.2/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.24.2/arch/alpha/kernel/osf_sys.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/osf_sys.c 2008-02-13 18:27:54.000000000 -0500
@@ -1288,6 +1288,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
@@ -35,30 +35,30 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.22.1/arch/alpha/kernel/ptrace.c linux-2.6.22.1/arch/alpha/kernel/ptrace.c
---- linux-2.6.22.1/arch/alpha/kernel/ptrace.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/alpha/kernel/ptrace.c 2007-08-02 11:09:14.000000000 -0400
-@@ -16,6 +16,7 @@
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/ptrace.c linux-2.6.24.2/arch/alpha/kernel/ptrace.c
+--- linux-2.6.24.2/arch/alpha/kernel/ptrace.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/ptrace.c 2008-02-13 18:27:54.000000000 -0500
+@@ -15,6 +15,7 @@
+ #include <linux/slab.h>
#include <linux/security.h>
#include <linux/signal.h>
- #include <linux/vs_base.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
-@@ -289,6 +290,9 @@ do_sys_ptrace(long request, long pid, lo
- goto out;
- }
+@@ -266,6 +267,9 @@ long arch_ptrace(struct task_struct *chi
+ size_t copied;
+ long ret;
+ if (gr_handle_ptrace(child, request))
-+ goto out;
++ return -EPERM;
+
- if (request == PTRACE_ATTACH) {
- ret = ptrace_attach(child);
- goto out;
-diff -urNp linux-2.6.22.1/arch/alpha/mm/fault.c linux-2.6.22.1/arch/alpha/mm/fault.c
---- linux-2.6.22.1/arch/alpha/mm/fault.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/alpha/mm/fault.c 2007-08-02 11:38:45.000000000 -0400
+ switch (request) {
+ /* When I and D space are separate, these will need to be fixed. */
+ case PTRACE_PEEKTEXT: /* read word at location addr. */
+diff -urNp linux-2.6.24.2/arch/alpha/mm/fault.c linux-2.6.24.2/arch/alpha/mm/fault.c
+--- linux-2.6.24.2/arch/alpha/mm/fault.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/mm/fault.c 2008-02-13 18:27:54.000000000 -0500
@@ -23,6 +23,7 @@
#include <linux/smp.h>
#include <linux/interrupt.h>
@@ -223,9 +223,9 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.22.1/arch/arm/mm/mmap.c linux-2.6.22.1/arch/arm/mm/mmap.c
---- linux-2.6.22.1/arch/arm/mm/mmap.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/arm/mm/mmap.c 2007-08-02 11:38:45.000000000 -0400
+diff -urNp linux-2.6.24.2/arch/arm/mm/mmap.c linux-2.6.24.2/arch/arm/mm/mmap.c
+--- linux-2.6.24.2/arch/arm/mm/mmap.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/arm/mm/mmap.c 2008-02-13 18:27:54.000000000 -0500
@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
@@ -262,9 +262,9 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -urNp linux-2.6.22.1/arch/avr32/mm/fault.c linux-2.6.22.1/arch/avr32/mm/fault.c
---- linux-2.6.22.1/arch/avr32/mm/fault.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/avr32/mm/fault.c 2007-08-02 11:38:45.000000000 -0400
+diff -urNp linux-2.6.24.2/arch/avr32/mm/fault.c linux-2.6.24.2/arch/avr32/mm/fault.c
+--- linux-2.6.24.2/arch/avr32/mm/fault.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/avr32/mm/fault.c 2008-02-13 18:27:54.000000000 -0500
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -289,7 +289,7 @@
/*
* This routine handles page faults. It determines the address and the
* problem, and then passes it off to one of the appropriate routines.
-@@ -158,6 +175,16 @@ bad_area:
+@@ -157,6 +174,16 @@ bad_area:
up_read(&mm->mmap_sem);
if (user_mode(regs)) {
@@ -306,10320 +306,12210 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.22.1/arch/i386/boot/setup.S linux-2.6.22.1/arch/i386/boot/setup.S
---- linux-2.6.22.1/arch/i386/boot/setup.S 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/boot/setup.S 2007-08-02 11:38:45.000000000 -0400
-@@ -893,11 +893,13 @@ startup_32:
- movl %eax, %gs
- movl %eax, %ss
-
-+ movl 0x00000000, %ecx
- xorl %eax, %eax
- 1: incl %eax # check that A20 really IS enabled
- movl %eax, 0x00000000 # loop forever if it isn't
- cmpl %eax, 0x00100000
- je 1b
-+ movl %ecx, 0x00000000
-
- # Jump to the 32bit entry point
- jmpl *(code32_start - start + (DELTA_INITSEG << 4))(%esi)
-diff -urNp linux-2.6.22/arch/i386/boot/video.S linux-2.6.22/arch/i386/boot/video.S
---- linux-2.6.22/arch/i386/boot/video.S 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22/arch/i386/boot/video.S 2007-07-10 14:56:30.000000000 -0400
-@@ -96,6 +96,7 @@
- #define PARAM_LFB_PAGES 0x32
- #define PARAM_VESA_ATTRIB 0x34
- #define PARAM_CAPABILITIES 0x36
-+#define PARAM_VESAPM_SIZE 0x3a
-
- /* Define DO_STORE according to CONFIG_VIDEO_RETAIN */
- #ifdef CONFIG_VIDEO_RETAIN
-@@ -280,6 +281,7 @@ dac_done:
-
- movw %es, %fs:(PARAM_VESAPM_SEG)
- movw %di, %fs:(PARAM_VESAPM_OFF)
-+ movw %cx, %fs:(PARAM_VESAPM_SIZE)
- no_pm: ret
-
- # The video mode menu
-diff -urNp linux-2.6.22.1/arch/i386/Kconfig linux-2.6.22.1/arch/i386/Kconfig
---- linux-2.6.22.1/arch/i386/Kconfig 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/Kconfig 2007-08-03 12:36:16.000000000 -0400
-@@ -586,7 +586,7 @@ config PAGE_OFFSET
- hex
- default 0xB0000000 if VMSPLIT_3G_OPT
- default 0x80000000 if VMSPLIT_2G
-- default 0x78000000 if VMSPLIT_2G_OPT
-+ default 0x70000000 if VMSPLIT_2G_OPT
- default 0x40000000 if VMSPLIT_1G
- default 0xC0000000
-
-@@ -815,7 +815,7 @@ config CRASH_DUMP
-
- config PHYSICAL_START
- hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
-- default "0x100000"
-+ default "0x200000"
- help
- This gives the physical address where the kernel is loaded.
-
-@@ -900,7 +900,7 @@ config HOTPLUG_CPU
-
- config COMPAT_VDSO
- bool "Compat VDSO support"
-- default y
-+ default n
- help
- Map the VDSO to the predictable old-style address too.
- ---help---
-diff -urNp linux-2.6.22.1/arch/i386/Kconfig.cpu linux-2.6.22.1/arch/i386/Kconfig.cpu
---- linux-2.6.22.1/arch/i386/Kconfig.cpu 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/Kconfig.cpu 2007-08-02 11:38:45.000000000 -0400
-@@ -274,7 +274,7 @@ config X86_PPRO_FENCE
-
- config X86_F00F_BUG
- bool
-- depends on M586MMX || M586TSC || M586 || M486 || M386
-+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
- default y
-
- config X86_WP_WORKS_OK
-@@ -304,7 +304,7 @@ config X86_CMPXCHG64
-
- config X86_ALIGNMENT_16
- bool
-- depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
-+ depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
- default y
-
- config X86_GOOD_APIC
-diff -urNp linux-2.6.22.1/arch/i386/Kconfig.debug linux-2.6.22.1/arch/i386/Kconfig.debug
---- linux-2.6.22.1/arch/i386/Kconfig.debug 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/Kconfig.debug 2007-08-02 11:38:45.000000000 -0400
-@@ -46,16 +46,6 @@ config DEBUG_PAGEALLOC
- This results in a large slowdown, but helps to find certain types
- of memory corruptions.
-
--config DEBUG_RODATA
-- bool "Write protect kernel read-only data structures"
-- depends on DEBUG_KERNEL
-- help
-- Mark the kernel read-only data as write-protected in the pagetables,
-- in order to catch accidental (and incorrect) writes to such const
-- data. This option may have a slight performance impact because a
-- portion of the kernel code won't be covered by a 2MB TLB anymore.
-- If in doubt, say "N".
--
- config 4KSTACKS
- bool "Use 4Kb for kernel stacks instead of 8Kb"
- depends on DEBUG_KERNEL
-diff -urNp linux-2.6.22.1/arch/i386/kernel/acpi/boot.c linux-2.6.22.1/arch/i386/kernel/acpi/boot.c
---- linux-2.6.22.1/arch/i386/kernel/acpi/boot.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/kernel/acpi/boot.c 2007-08-02 11:38:45.000000000 -0400
-@@ -1095,7 +1095,7 @@ static struct dmi_system_id __initdata a
- DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
- },
- },
-- {}
-+ { NULL, NULL, {{0, NULL}}, NULL}
- };
-
- #endif /* __i386__ */
-diff -urNp linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c
---- linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c 2007-08-02 11:38:45.000000000 -0400
-@@ -94,7 +94,7 @@ static __initdata struct dmi_system_id a
- DMI_MATCH(DMI_PRODUCT_NAME, "S4030CDT/4.3"),
- },
- },
-- {}
-+ { NULL, NULL, {{0, NULL}}, NULL}
- };
-
- static int __init acpisleep_dmi_init(void)
-diff -urNp linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S
---- linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S 2007-08-02 11:38:45.000000000 -0400
-@@ -2,6 +2,7 @@
- #include <linux/linkage.h>
- #include <asm/segment.h>
- #include <asm/page.h>
-+#include <asm/msr-index.h>
-
- #
- # wakeup_code runs in real mode, and at unknown address (determined at run-time).
-@@ -64,7 +65,7 @@ wakeup_code:
- # restore efer setting
- movl real_save_efer_edx - wakeup_code, %edx
- movl real_save_efer_eax - wakeup_code, %eax
-- mov $0xc0000080, %ecx
-+ mov $MSR_EFER, %ecx
- wrmsr
- 4:
- # make sure %cr4 is set correctly (features, etc)
-@@ -205,13 +206,11 @@ wakeup_pmode_return:
- # and restore the stack ... but you need gdt for this to work
- movl saved_context_esp, %esp
-
-- movl %cs:saved_magic, %eax
-- cmpl $0x12345678, %eax
-+ cmpl $0x12345678, saved_magic
- jne bogus_magic
-
- # jump to place where we left off
-- movl saved_eip,%eax
-- jmp *%eax
-+ jmp *(saved_eip)
-
- bogus_magic:
- movw $0x0e00 + 'B', 0xb8018
-@@ -243,7 +242,7 @@ ENTRY(acpi_copy_wakeup_routine)
- # save efer setting
- pushl %eax
- movl %eax, %ebx
-- mov $0xc0000080, %ecx
-+ mov $MSR_EFER, %ecx
- rdmsr
- movl %edx, real_save_efer_edx - wakeup_start (%ebx)
- movl %eax, real_save_efer_eax - wakeup_start (%ebx)
-diff -urNp linux-2.6.22.1/arch/i386/kernel/alternative.c linux-2.6.22.1/arch/i386/kernel/alternative.c
---- linux-2.6.22.1/arch/i386/kernel/alternative.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/kernel/alternative.c 2007-08-02 11:38:45.000000000 -0400
-@@ -4,6 +4,7 @@
- #include <linux/list.h>
- #include <asm/alternative.h>
- #include <asm/sections.h>
-+#include <asm/desc.h>
+diff -urNp linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c 2008-02-13 18:27:54.000000000 -0500
+@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
- static int noreplace_smp = 0;
- static int smp_alt_once = 0;
-@@ -165,12 +166,18 @@ void apply_alternatives(struct alt_instr
- u8 *instr;
- int diff;
+ #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+
-+ pax_open_kernel(cr0);
-+#endif
-+
- DPRINTK("%s: alt table %p -> %p\n", __FUNCTION__, start, end);
- for (a = start; a < end; a++) {
- BUG_ON(a->replacementlen > a->instrlen);
- if (!boot_cpu_has(a->cpuid))
- continue;
-- instr = a->instr;
-+ instr = a->instr + __KERNEL_TEXT_OFFSET;
- #ifdef CONFIG_X86_64
- /* vsyscall code is not mapped yet. resolve it manually. */
- if (instr >= (u8 *)VSYSCALL_START && instr < (u8*)VSYSCALL_END) {
-@@ -183,6 +190,11 @@ void apply_alternatives(struct alt_instr
- diff = a->instrlen - a->replacementlen;
- nop_out(instr + a->replacementlen, diff);
- }
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
++#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
+#endif
+
- }
+ /* Ugly but avoids duplication */
+ #include "../../../fs/binfmt_elf.c"
- #ifdef CONFIG_SMP
-@@ -191,29 +203,53 @@ static void alternatives_smp_lock(u8 **s
- {
- u8 **ptr;
+diff -urNp linux-2.6.24.2/arch/ia64/ia32/ia32priv.h linux-2.6.24.2/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.24.2/arch/ia64/ia32/ia32priv.h 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/ia32/ia32priv.h 2008-02-13 18:27:54.000000000 -0500
+@@ -303,7 +303,14 @@ struct old_linux32_dirent {
+ #define ELF_DATA ELFDATA2LSB
+ #define ELF_ARCH EM_386
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+
-+ pax_open_kernel(cr0);
+-#define IA32_STACK_TOP IA32_PAGE_OFFSET
++#ifdef CONFIG_PAX_RANDUSTACK
++#define __IA32_DELTA_STACK (current->mm->delta_stack)
++#else
++#define __IA32_DELTA_STACK 0UL
+#endif
+
- for (ptr = start; ptr < end; ptr++) {
- if (*ptr < text)
- continue;
- if (*ptr > text_end)
- continue;
-- **ptr = 0xf0; /* lock prefix */
-- };
-+ *(*ptr + __KERNEL_TEXT_OFFSET) = 0xf0; /* lock prefix */
-+ }
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
-+#endif
++#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
+
- }
+ #define IA32_GATE_OFFSET IA32_PAGE_OFFSET
+ #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
- static void alternatives_smp_unlock(u8 **start, u8 **end, u8 *text, u8 *text_end)
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/module.c linux-2.6.24.2/arch/ia64/kernel/module.c
+--- linux-2.6.24.2/arch/ia64/kernel/module.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/module.c 2008-02-13 18:27:54.000000000 -0500
+@@ -321,7 +321,7 @@ module_alloc (unsigned long size)
+ void
+ module_free (struct module *mod, void *module_region)
{
- u8 **ptr;
+- if (mod->arch.init_unw_table && module_region == mod->module_init) {
++ if (mod->arch.init_unw_table && module_region == mod->module_init_rx) {
+ unw_remove_unwind_table(mod->arch.init_unw_table);
+ mod->arch.init_unw_table = NULL;
+ }
+@@ -499,15 +499,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
+ }
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+#endif
+ static inline int
++in_init_rx (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
++}
+
- if (noreplace_smp)
- return;
-
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_open_kernel(cr0);
-+#endif
++static inline int
++in_init_rw (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
++}
+
- for (ptr = start; ptr < end; ptr++) {
- if (*ptr < text)
- continue;
- if (*ptr > text_end)
- continue;
-- nop_out(*ptr, 1);
-- };
-+ nop_out(*ptr + __KERNEL_TEXT_OFFSET, 1);
-+ }
++static inline int
+ in_init (const struct module *mod, uint64_t addr)
+ {
+- return addr - (uint64_t) mod->module_init < mod->init_size;
++ return in_init_rx(mod, value) || in_init_rw(mod, value);
++}
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
-+#endif
++static inline int
++in_core_rx (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
++}
+
++static inline int
++in_core_rw (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
}
- struct smp_alt_module {
-@@ -340,21 +376,34 @@ void apply_paravirt(struct paravirt_patc
+ static inline int
+ in_core (const struct module *mod, uint64_t addr)
{
- struct paravirt_patch_site *p;
+- return addr - (uint64_t) mod->module_core < mod->core_size;
++ return in_core_rx(mod, addr) || in_core_rw(mod, addr);
+ }
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+#endif
-+
- if (noreplace_paravirt)
- return;
+ static inline int
+@@ -691,7 +715,14 @@ do_reloc (struct module *mod, uint8_t r_
+ break;
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_open_kernel(cr0);
-+#endif
-+
- for (p = start; p < end; p++) {
- unsigned int used;
-+ u8 *instr = p->instr + __KERNEL_TEXT_OFFSET;
-
-- used = paravirt_ops.patch(p->instrtype, p->clobbers, p->instr,
-+ used = paravirt_ops.patch(p->instrtype, p->clobbers, instr,
- p->len);
-
- BUG_ON(used > p->len);
-
- /* Pad the rest with nops */
-- nop_out(p->instr + used, p->len - used);
-+ nop_out(instr + used, p->len - used);
+ case RV_BDREL:
+- val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
++ if (in_init_rx(mod, val))
++ val -= (uint64_t) mod->module_init_rx;
++ else if (in_init_rw(mod, val))
++ val -= (uint64_t) mod->module_init_rw;
++ else if (in_core_rx(mod, val))
++ val -= (uint64_t) mod->module_core_rx;
++ else if (in_core_rw(mod, val))
++ val -= (uint64_t) mod->module_core_rw;
+ break;
+
+ case RV_LTV:
+@@ -825,15 +856,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
+ * addresses have been selected...
+ */
+ uint64_t gp;
+- if (mod->core_size > MAX_LTOFF)
++ if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
+ /*
+ * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
+ * at the end of the module.
+ */
+- gp = mod->core_size - MAX_LTOFF / 2;
++ gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
+ else
+- gp = mod->core_size / 2;
+- gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
++ gp = (mod->core_size_rx + mod->core_size_rw) / 2;
++ gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
+ mod->arch.gp = gp;
+ DEBUGP("%s: placing gp at 0x%lx\n", __FUNCTION__, gp);
}
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/ptrace.c linux-2.6.24.2/arch/ia64/kernel/ptrace.c
+--- linux-2.6.24.2/arch/ia64/kernel/ptrace.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/ptrace.c 2008-02-13 18:27:54.000000000 -0500
+@@ -17,6 +17,7 @@
+ #include <linux/security.h>
+ #include <linux/audit.h>
+ #include <linux/signal.h>
++#include <linux/grsecurity.h>
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
-+#endif
-+
- /* Sync to be conservative, in case we patched following
- * instructions */
- sync_core();
-diff -urNp linux-2.6.22.1/arch/i386/kernel/apm.c linux-2.6.22.1/arch/i386/kernel/apm.c
---- linux-2.6.22.1/arch/i386/kernel/apm.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/arch/i386/kernel/apm.c 2007-08-02 11:38:45.000000000 -0400
-@@ -600,9 +600,18 @@ static u8 apm_bios_call(u32 func, u32 eb
- struct desc_struct save_desc_40;
- struct desc_struct *gdt;
+ #include <asm/pgtable.h>
+ #include <asm/processor.h>
+@@ -1451,6 +1452,9 @@ sys_ptrace (long request, pid_t pid, uns
+ if (pid == 1) /* no messing around with init! */
+ goto out_tsk;
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+#endif
++ if (gr_handle_ptrace(child, request))
++ goto out_tsk;
+
- cpus = apm_save_cpus();
-
- cpu = get_cpu();
+ if (request == PTRACE_ATTACH) {
+ ret = ptrace_attach(child);
+ goto out_tsk;
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c 2008-02-13 18:27:54.000000000 -0500
+@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
+ if (REGION_NUMBER(addr) == RGN_HPAGE)
+ addr = 0;
+ #endif
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_open_kernel(cr0);
++#ifdef CONFIG_PAX_RANDMMAP
++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp)
++ addr = mm->free_area_cache;
++ else
+#endif
+
- gdt = get_cpu_gdt_table(cpu);
- save_desc_40 = gdt[0x40 / 8];
- gdt[0x40 / 8] = bad_bios_desc;
-@@ -613,6 +622,11 @@ static u8 apm_bios_call(u32 func, u32 eb
- APM_DO_RESTORE_SEGS;
- apm_irq_restore(flags);
- gdt[0x40 / 8] = save_desc_40;
+ if (!addr)
+ addr = mm->free_area_cache;
+
+@@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
+ for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
+ /* At this point: (!vma || addr < vma->vm_end). */
+ if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
+- if (start_addr != TASK_UNMAPPED_BASE) {
++ if (start_addr != mm->mmap_base) {
+ /* Start a new search --- just in case we missed some holes. */
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.24&r2=1.1.2.25&f=u
More information about the pld-cvs-commit
mailing list