SOURCES (Titanium): linux-2.6-grsecurity.patch - http://grsecurity...
hawk
hawk at pld-linux.org
Thu Feb 28 13:16:09 CET 2008
Author: hawk Date: Thu Feb 28 12:16:09 2008 GMT
Module: SOURCES Tag: Titanium
---- Log message:
- http://grsecurity.net/~spender/grsecurity-2.1.11-2.6.24.2-200802192340.patch
with localversion killed
---- Files affected:
SOURCES:
linux-2.6-grsecurity.patch (1.1.2.3 -> 1.1.2.4)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsecurity.patch
diff -u SOURCES/linux-2.6-grsecurity.patch:1.1.2.3 SOURCES/linux-2.6-grsecurity.patch:1.1.2.4
--- SOURCES/linux-2.6-grsecurity.patch:1.1.2.3 Sat Feb 9 00:35:12 2008
+++ SOURCES/linux-2.6-grsecurity.patch Thu Feb 28 13:16:04 2008
@@ -1,6 +1,6 @@
-diff -urNp linux-2.6.23.9/arch/alpha/kernel/module.c linux-2.6.23.9/arch/alpha/kernel/module.c
---- linux-2.6.23.9/arch/alpha/kernel/module.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/kernel/module.c 2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/module.c linux-2.6.24.2/arch/alpha/kernel/module.c
+--- linux-2.6.24.2/arch/alpha/kernel/module.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/module.c 2008-02-13 18:27:54.000000000 -0500
@@ -176,7 +176,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
@@ -10,9 +10,9 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.23.9/arch/alpha/kernel/osf_sys.c linux-2.6.23.9/arch/alpha/kernel/osf_sys.c
---- linux-2.6.23.9/arch/alpha/kernel/osf_sys.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/kernel/osf_sys.c 2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/osf_sys.c linux-2.6.24.2/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.24.2/arch/alpha/kernel/osf_sys.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/osf_sys.c 2008-02-13 18:27:54.000000000 -0500
@@ -1288,6 +1288,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
@@ -35,9 +35,9 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.23.9/arch/alpha/kernel/ptrace.c linux-2.6.23.9/arch/alpha/kernel/ptrace.c
---- linux-2.6.23.9/arch/alpha/kernel/ptrace.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/kernel/ptrace.c 2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/ptrace.c linux-2.6.24.2/arch/alpha/kernel/ptrace.c
+--- linux-2.6.24.2/arch/alpha/kernel/ptrace.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/ptrace.c 2008-02-13 18:27:54.000000000 -0500
@@ -15,6 +15,7 @@
#include <linux/slab.h>
#include <linux/security.h>
@@ -46,21 +46,19 @@
#include <asm/uaccess.h>
#include <asm/pgtable.h>
-@@ -283,6 +284,11 @@ do_sys_ptrace(long request, long pid, lo
- goto out_notsk;
- }
+@@ -266,6 +267,9 @@ long arch_ptrace(struct task_struct *chi
+ size_t copied;
+ long ret;
-+ if (gr_handle_ptrace(child, request)) {
-+ ret = -EPERM;
-+ goto out;
-+ }
++ if (gr_handle_ptrace(child, request))
++ return -EPERM;
+
- if (request == PTRACE_ATTACH) {
- ret = ptrace_attach(child);
- goto out;
-diff -urNp linux-2.6.23.9/arch/alpha/mm/fault.c linux-2.6.23.9/arch/alpha/mm/fault.c
---- linux-2.6.23.9/arch/alpha/mm/fault.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/mm/fault.c 2007-12-03 10:05:50.000000000 -0500
+ switch (request) {
+ /* When I and D space are separate, these will need to be fixed. */
+ case PTRACE_PEEKTEXT: /* read word at location addr. */
+diff -urNp linux-2.6.24.2/arch/alpha/mm/fault.c linux-2.6.24.2/arch/alpha/mm/fault.c
+--- linux-2.6.24.2/arch/alpha/mm/fault.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/mm/fault.c 2008-02-13 18:27:54.000000000 -0500
@@ -23,6 +23,7 @@
#include <linux/smp.h>
#include <linux/interrupt.h>
@@ -225,9 +223,9 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.23.9/arch/arm/mm/mmap.c linux-2.6.23.9/arch/arm/mm/mmap.c
---- linux-2.6.23.9/arch/arm/mm/mmap.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/arm/mm/mmap.c 2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/arm/mm/mmap.c linux-2.6.24.2/arch/arm/mm/mmap.c
+--- linux-2.6.24.2/arch/arm/mm/mmap.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/arm/mm/mmap.c 2008-02-13 18:27:54.000000000 -0500
@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
@@ -264,9 +262,9 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -urNp linux-2.6.23.9/arch/avr32/mm/fault.c linux-2.6.23.9/arch/avr32/mm/fault.c
---- linux-2.6.23.9/arch/avr32/mm/fault.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/avr32/mm/fault.c 2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/avr32/mm/fault.c linux-2.6.24.2/arch/avr32/mm/fault.c
+--- linux-2.6.24.2/arch/avr32/mm/fault.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/avr32/mm/fault.c 2008-02-13 18:27:54.000000000 -0500
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -308,10526 +306,11369 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.23.9/arch/i386/boot/bitops.h linux-2.6.23.9/arch/i386/boot/bitops.h
---- linux-2.6.23.9/arch/i386/boot/bitops.h 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/bitops.h 2007-12-03 10:05:50.000000000 -0500
-@@ -28,7 +28,7 @@ static inline int variable_test_bit(int
- u8 v;
- const u32 *p = (const u32 *)addr;
+diff -urNp linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c 2008-02-13 18:27:54.000000000 -0500
+@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
-- asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
-+ asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
- return v;
- }
+ #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
-@@ -39,7 +39,7 @@ static inline int variable_test_bit(int
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#endif
++
+ /* Ugly but avoids duplication */
+ #include "../../../fs/binfmt_elf.c"
- static inline void set_bit(int nr, void *addr)
+diff -urNp linux-2.6.24.2/arch/ia64/ia32/ia32priv.h linux-2.6.24.2/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.24.2/arch/ia64/ia32/ia32priv.h 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/ia32/ia32priv.h 2008-02-13 18:27:54.000000000 -0500
+@@ -303,7 +303,14 @@ struct old_linux32_dirent {
+ #define ELF_DATA ELFDATA2LSB
+ #define ELF_ARCH EM_386
+
+-#define IA32_STACK_TOP IA32_PAGE_OFFSET
++#ifdef CONFIG_PAX_RANDUSTACK
++#define __IA32_DELTA_STACK (current->mm->delta_stack)
++#else
++#define __IA32_DELTA_STACK 0UL
++#endif
++
++#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
++
+ #define IA32_GATE_OFFSET IA32_PAGE_OFFSET
+ #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
+
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/module.c linux-2.6.24.2/arch/ia64/kernel/module.c
+--- linux-2.6.24.2/arch/ia64/kernel/module.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/module.c 2008-02-13 18:27:54.000000000 -0500
+@@ -321,7 +321,7 @@ module_alloc (unsigned long size)
+ void
+ module_free (struct module *mod, void *module_region)
{
-- asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
-+ asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
+- if (mod->arch.init_unw_table && module_region == mod->module_init) {
++ if (mod->arch.init_unw_table && module_region == mod->module_init_rx) {
+ unw_remove_unwind_table(mod->arch.init_unw_table);
+ mod->arch.init_unw_table = NULL;
+ }
+@@ -499,15 +499,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
}
- #endif /* BOOT_BITOPS_H */
-diff -urNp linux-2.6.23.9/arch/i386/boot/boot.h linux-2.6.23.9/arch/i386/boot/boot.h
---- linux-2.6.23.9/arch/i386/boot/boot.h 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/boot.h 2007-12-03 10:05:50.000000000 -0500
-@@ -78,7 +78,7 @@ static inline void io_delay(void)
- static inline u16 ds(void)
+ static inline int
++in_init_rx (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
++}
++
++static inline int
++in_init_rw (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
++}
++
++static inline int
+ in_init (const struct module *mod, uint64_t addr)
{
- u16 seg;
-- asm("movw %%ds,%0" : "=rm" (seg));
-+ asm volatile("movw %%ds,%0" : "=rm" (seg));
- return seg;
+- return addr - (uint64_t) mod->module_init < mod->init_size;
++ return in_init_rx(mod, value) || in_init_rw(mod, value);
++}
++
++static inline int
++in_core_rx (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
++}
++
++static inline int
++in_core_rw (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
}
-@@ -174,7 +174,7 @@ static inline void wrgs32(u32 v, addr_t
- static inline int memcmp(const void *s1, const void *s2, size_t len)
+ static inline int
+ in_core (const struct module *mod, uint64_t addr)
{
- u8 diff;
-- asm("repe; cmpsb; setnz %0"
-+ asm volatile("repe; cmpsb; setnz %0"
- : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
- return diff;
+- return addr - (uint64_t) mod->module_core < mod->core_size;
++ return in_core_rx(mod, addr) || in_core_rw(mod, addr);
}
-diff -urNp linux-2.6.23.9/arch/i386/boot/compressed/head.S linux-2.6.23.9/arch/i386/boot/compressed/head.S
---- linux-2.6.23.9/arch/i386/boot/compressed/head.S 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/compressed/head.S 2007-12-03 10:05:50.000000000 -0500
-@@ -159,9 +159,8 @@ relocated:
- */
- 1: subl $4, %edi
-- movl 0(%edi), %ecx
-- testl %ecx, %ecx
-- jz 2f
-+ movl (%edi), %ecx
-+ jecxz 2f
- addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
- jmp 1b
- 2:
-diff -urNp linux-2.6.23.9/arch/i386/boot/compressed/relocs.c linux-2.6.23.9/arch/i386/boot/compressed/relocs.c
---- linux-2.6.23.9/arch/i386/boot/compressed/relocs.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/compressed/relocs.c 2007-12-03 10:05:50.000000000 -0500
-@@ -10,9 +10,13 @@
- #define USE_BSD
- #include <endian.h>
+ static inline int
+@@ -691,7 +715,14 @@ do_reloc (struct module *mod, uint8_t r_
+ break;
-+#include "../../../../include/linux/autoconf.h"
-+
-+#define MAX_PHDRS 100
- #define MAX_SHDRS 100
- #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
- static Elf32_Ehdr ehdr;
-+static Elf32_Phdr phdr[MAX_PHDRS];
- static Elf32_Shdr shdr[MAX_SHDRS];
- static Elf32_Sym *symtab[MAX_SHDRS];
- static Elf32_Rel *reltab[MAX_SHDRS];
-@@ -246,6 +250,34 @@ static void read_ehdr(FILE *fp)
+ case RV_BDREL:
+- val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
++ if (in_init_rx(mod, val))
++ val -= (uint64_t) mod->module_init_rx;
++ else if (in_init_rw(mod, val))
++ val -= (uint64_t) mod->module_init_rw;
++ else if (in_core_rx(mod, val))
++ val -= (uint64_t) mod->module_core_rx;
++ else if (in_core_rw(mod, val))
++ val -= (uint64_t) mod->module_core_rw;
+ break;
+
+ case RV_LTV:
+@@ -825,15 +856,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
+ * addresses have been selected...
+ */
+ uint64_t gp;
+- if (mod->core_size > MAX_LTOFF)
++ if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
+ /*
+ * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
+ * at the end of the module.
+ */
+- gp = mod->core_size - MAX_LTOFF / 2;
++ gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
+ else
+- gp = mod->core_size / 2;
+- gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
++ gp = (mod->core_size_rx + mod->core_size_rw) / 2;
++ gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
+ mod->arch.gp = gp;
+ DEBUGP("%s: placing gp at 0x%lx\n", __FUNCTION__, gp);
}
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/ptrace.c linux-2.6.24.2/arch/ia64/kernel/ptrace.c
+--- linux-2.6.24.2/arch/ia64/kernel/ptrace.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/ptrace.c 2008-02-13 18:27:54.000000000 -0500
+@@ -17,6 +17,7 @@
+ #include <linux/security.h>
+ #include <linux/audit.h>
+ #include <linux/signal.h>
++#include <linux/grsecurity.h>
+
+ #include <asm/pgtable.h>
+ #include <asm/processor.h>
+@@ -1451,6 +1452,9 @@ sys_ptrace (long request, pid_t pid, uns
+ if (pid == 1) /* no messing around with init! */
+ goto out_tsk;
+
++ if (gr_handle_ptrace(child, request))
++ goto out_tsk;
++
+ if (request == PTRACE_ATTACH) {
+ ret = ptrace_attach(child);
+ goto out_tsk;
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c 2008-02-13 18:27:54.000000000 -0500
+@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
+ if (REGION_NUMBER(addr) == RGN_HPAGE)
+ addr = 0;
+ #endif
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp)
++ addr = mm->free_area_cache;
++ else
++#endif
++
+ if (!addr)
+ addr = mm->free_area_cache;
+
+@@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
+ for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
+ /* At this point: (!vma || addr < vma->vm_end). */
+ if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
+- if (start_addr != TASK_UNMAPPED_BASE) {
++ if (start_addr != mm->mmap_base) {
+ /* Start a new search --- just in case we missed some holes. */
+- addr = TASK_UNMAPPED_BASE;
++ addr = mm->mmap_base;
+ goto full_search;
+ }
+ return -ENOMEM;
+diff -urNp linux-2.6.24.2/arch/ia64/mm/fault.c linux-2.6.24.2/arch/ia64/mm/fault.c
+--- linux-2.6.24.2/arch/ia64/mm/fault.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/mm/fault.c 2008-02-13 18:27:54.000000000 -0500
+@@ -10,6 +10,7 @@
+ #include <linux/interrupt.h>
+ #include <linux/kprobes.h>
+ #include <linux/kdebug.h>
++#include <linux/binfmts.h>
+
+ #include <asm/pgtable.h>
+ #include <asm/processor.h>
+@@ -72,6 +73,23 @@ mapped_kernel_page_is_present (unsigned
+ return pte_present(pte);
}
-+static void read_phdrs(FILE *fp)
++#ifdef CONFIG_PAX_PAGEEXEC
++void pax_report_insns(void *pc, void *sp)
+{
-+ int i;
-+ if (ehdr.e_phnum > MAX_PHDRS) {
-+ die("%d program headers supported: %d\n",
-+ ehdr.e_phnum, MAX_PHDRS);
-+ }
-+ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
-+ die("Seek to %d failed: %s\n",
-+ ehdr.e_phoff, strerror(errno));
-+ }
-+ if (fread(&phdr, sizeof(phdr[0]), ehdr.e_phnum, fp) != ehdr.e_phnum) {
-+ die("Cannot read ELF program headers: %s\n",
-+ strerror(errno));
-+ }
-+ for(i = 0; i < ehdr.e_phnum; i++) {
-+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
-+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
-+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
-+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
-+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
-+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
-+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
-+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
-+ }
++ unsigned long i;
+
++ printk(KERN_ERR "PAX: bytes at PC: ");
++ for (i = 0; i < 8; i++) {
++ unsigned int c;
++ if (get_user(c, (unsigned int *)pc+i))
++ printk("???????? ");
++ else
++ printk("%08x ", c);
++ }
++ printk("\n");
+}
++#endif
+
- static void read_shdrs(FILE *fp)
- {
- int i;
-@@ -332,6 +364,8 @@ static void read_symtabs(FILE *fp)
- static void read_relocs(FILE *fp)
+ void __kprobes
+ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
{
- int i,j;
-+ uint32_t base;
+@@ -145,9 +163,23 @@ ia64_do_page_fault (unsigned long addres
+ mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
+ | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
+
+- if ((vma->vm_flags & mask) != mask)
++ if ((vma->vm_flags & mask) != mask) {
+
- for(i = 0; i < ehdr.e_shnum; i++) {
- if (shdr[i].sh_type != SHT_REL) {
- continue;
-@@ -349,8 +383,17 @@ static void read_relocs(FILE *fp)
- die("Cannot read symbol table: %s\n",
- strerror(errno));
- }
-+ base = 0;
-+ for (j = 0; j < ehdr.e_phnum; j++) {
-+ if (phdr[j].p_type != PT_LOAD )
-+ continue;
-+ if (shdr[shdr[i].sh_info].sh_offset < phdr[j].p_offset || shdr[shdr[i].sh_info].sh_offset > phdr[j].p_offset + phdr[j].p_filesz)
-+ continue;
-+ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
-+ break;
++#ifdef CONFIG_PAX_PAGEEXEC
++ if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
++ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
++ goto bad_area;
++
++ up_read(&mm->mmap_sem);
++ pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
++ do_exit(SIGKILL);
+ }
- for(j = 0; j < shdr[i].sh_size/sizeof(reltab[0][0]); j++) {
-- reltab[i][j].r_offset = elf32_to_cpu(reltab[i][j].r_offset);
-+ reltab[i][j].r_offset = elf32_to_cpu(reltab[i][j].r_offset) + base;
- reltab[i][j].r_info = elf32_to_cpu(reltab[i][j].r_info);
- }
- }
-@@ -487,6 +530,27 @@ static void walk_relocs(void (*visit)(El
- if (sym->st_shndx == SHN_ABS) {
- continue;
- }
-+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
-+ if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strncmp(sym_name(sym_strtab, sym), "__per_cpu_", 10)) {
-+ continue;
-+ }
-+#ifdef CONFIG_PAX_KERNEXEC
-+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
-+ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) {
-+ continue;
-+ }
-+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) {
-+ continue;
-+ }
-+ if (!strcmp(sec_name(sym->st_shndx), ".text.head"))
-+ if (strcmp(sym_name(sym_strtab, sym), "__init_end") &&
-+ strcmp(sym_name(sym_strtab, sym), "KERNEL_TEXT_OFFSET")) {
-+ continue;
-+ }
-+ if (!strcmp(sec_name(sym->st_shndx), ".text")) {
-+ continue;
-+ }
+#endif
- if (r_type == R_386_PC32) {
- /* PC relative relocations don't need to be adjusted */
- }
-@@ -614,6 +678,7 @@ int main(int argc, char **argv)
- fname, strerror(errno));
- }
- read_ehdr(fp);
-+ read_phdrs(fp);
- read_shdrs(fp);
- read_strtabs(fp);
- read_symtabs(fp);
-diff -urNp linux-2.6.23.9/arch/i386/boot/cpucheck.c linux-2.6.23.9/arch/i386/boot/cpucheck.c
---- linux-2.6.23.9/arch/i386/boot/cpucheck.c 2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/cpucheck.c 2007-12-03 10:05:50.000000000 -0500
-@@ -90,7 +90,7 @@ static int has_fpu(void)
- u16 fcw = -1, fsw = -1;
- u32 cr0;
++
+ goto bad_area;
-- asm("movl %%cr0,%0" : "=r" (cr0));
-+ asm volatile("movl %%cr0,%0" : "=r" (cr0));
- if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
- cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
- asm volatile("movl %0,%%cr0" : : "r" (cr0));
-@@ -106,7 +106,7 @@ static int has_eflag(u32 mask)
- {
- u32 f0, f1;
++ }
++
+ survive:
+ /*
+ * If for any reason at all we couldn't handle the fault, make
+diff -urNp linux-2.6.24.2/arch/ia64/mm/init.c linux-2.6.24.2/arch/ia64/mm/init.c
+--- linux-2.6.24.2/arch/ia64/mm/init.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/mm/init.c 2008-02-13 18:27:54.000000000 -0500
+@@ -20,8 +20,8 @@
+ #include <linux/proc_fs.h>
+ #include <linux/bitops.h>
+ #include <linux/kexec.h>
++#include <linux/a.out.h>
-- asm("pushfl ; "
-+ asm volatile("pushfl ; "
- "pushfl ; "
- "popl %0 ; "
- "movl %0,%1 ; "
-@@ -131,7 +131,7 @@ static void get_flags(void)
- set_bit(X86_FEATURE_FPU, cpu.flags);
+-#include <asm/a.out.h>
+ #include <asm/dma.h>
+ #include <asm/ia32.h>
+ #include <asm/io.h>
+@@ -128,6 +128,19 @@ ia64_init_addr_space (void)
+ vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
+ vma->vm_end = vma->vm_start + PAGE_SIZE;
+ vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++ if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
++ vm->vm_flags &= ~VM_EXEC;
++
++#ifdef CONFIG_PAX_MPROTECT
++ if (current->mm->pax_flags & MF_PAX_MPROTECT)
++ vma->vm_flags &= ~VM_MAYEXEC;
++#endif
++
++ }
++#endif
++
+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+ down_write(¤t->mm->mmap_sem);
+ if (insert_vm_struct(current->mm, vma)) {
+diff -urNp linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c
+--- linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c 2008-02-13 18:27:54.000000000 -0500
+@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ #undef ELF_ET_DYN_BASE
+ #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
- if (has_eflag(X86_EFLAGS_ID)) {
-- asm("cpuid"
-+ asm volatile("cpuid"
- : "=a" (max_intel_level),
- "=b" (cpu_vendor[0]),
- "=d" (cpu_vendor[1]),
-@@ -140,7 +140,7 @@ static void get_flags(void)
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE ((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #include <asm/processor.h>
+ #include <linux/module.h>
+ #include <linux/elfcore.h>
+diff -urNp linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c
+--- linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c 2008-02-13 18:27:54.000000000 -0500
+@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ #undef ELF_ET_DYN_BASE
+ #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
- if (max_intel_level >= 0x00000001 &&
- max_intel_level <= 0x0000ffff) {
-- asm("cpuid"
-+ asm volatile("cpuid"
- : "=a" (tfms),
- "=c" (cpu.flags[4]),
- "=d" (cpu.flags[0])
-@@ -152,7 +152,7 @@ static void get_flags(void)
- cpu.model += ((tfms >> 16) & 0xf) << 4;
- }
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE ((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN ((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #include <asm/processor.h>
+ #include <linux/module.h>
+ #include <linux/elfcore.h>
+diff -urNp linux-2.6.24.2/arch/mips/kernel/syscall.c linux-2.6.24.2/arch/mips/kernel/syscall.c
+--- linux-2.6.24.2/arch/mips/kernel/syscall.c 2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/mips/kernel/syscall.c 2008-02-13 18:27:54.000000000 -0500
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsecurity.patch?r1=1.1.2.3&r2=1.1.2.4&f=u
More information about the pld-cvs-commit
mailing list