SOURCES (LINUX_2_6): linux-2.6-grsec_full.patch - merged changes from http:...

zbyniu zbyniu at pld-linux.org
Tue May 20 15:56:59 CEST 2008 

Author: zbyniu                       Date: Tue May 20 13:56:59 2008 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- merged changes from http://www.grsecurity.net/~paxguy1/pax-linux-2.6.25.4-test15.patch

---- Files affected:
SOURCES:
   linux-2.6-grsec_full.patch (1.1.2.35 -> 1.1.2.36) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.35 SOURCES/linux-2.6-grsec_full.patch:1.1.2.36
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.35	Mon May 19 12:03:53 2008
+++ SOURCES/linux-2.6-grsec_full.patch	Tue May 20 15:56:53 2008
@@ -6042,7 +6042,7 @@
  struct x8664_pda boot_cpu_pda[NR_CPUS] __cacheline_aligned;
  
 -struct desc_ptr idt_descr = { 256 * 16 - 1, (unsigned long) idt_table };
-+const struct desc_ptr idt_descr = { 256 * 16 - 1, (unsigned long) idt_table };
++struct desc_ptr idt_descr __read_only = { 256 * 16 - 1, (unsigned long) idt_table };
  
  char boot_cpu_stack[IRQSTACKSIZE] __attribute__((section(".bss.page_aligned")));
  
@@ -6233,15 +6233,18 @@
 diff -urNp linux-2.6.25.4/arch/x86/kernel/smpcommon_32.c linux-2.6.25.4/arch/x86/kernel/smpcommon_32.c
 --- linux-2.6.25.4/arch/x86/kernel/smpcommon_32.c	2008-05-15 11:00:12.000000000 -0400
 +++ linux-2.6.25.4/arch/x86/kernel/smpcommon_32.c	2008-05-18 13:33:14.000000000 -0400
-@@ -3,6 +3,7 @@
+@@ -3,8 +3,9 @@
   */
  #include <linux/module.h>
  #include <asm/smp.h>
 +#include <asm/sections.h>
  
- DEFINE_PER_CPU(unsigned long, this_cpu_off);
+-DEFINE_PER_CPU(unsigned long, this_cpu_off);
++DEFINE_PER_CPU(unsigned long, this_cpu_off) = (unsigned long)__per_cpu_start;
  EXPORT_PER_CPU_SYMBOL(this_cpu_off);
-@@ -12,13 +13,20 @@ EXPORT_PER_CPU_SYMBOL(this_cpu_off);
+ 
+ /* Initialize the CPU's GDT.  This is either the boot CPU doing itself
+@@ -12,15 +13,22 @@ EXPORT_PER_CPU_SYMBOL(this_cpu_off);
     secondary which will soon come up. */
  __cpuinit void init_gdt(int cpu)
  {
@@ -6262,11 +6265,14 @@
 +		pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4);
 +	else
 +		pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
-+
-+	write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
  
- 	per_cpu(this_cpu_off, cpu) = __per_cpu_offset[cpu];
+-	per_cpu(this_cpu_off, cpu) = __per_cpu_offset[cpu];
++	write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
++
++	per_cpu(this_cpu_off, cpu) = base;
  	per_cpu(cpu_number, cpu) = cpu;
+ }
+ 
 diff -urNp linux-2.6.25.4/arch/x86/kernel/step.c linux-2.6.25.4/arch/x86/kernel/step.c
 --- linux-2.6.25.4/arch/x86/kernel/step.c	2008-05-15 11:00:12.000000000 -0400
 +++ linux-2.6.25.4/arch/x86/kernel/step.c	2008-05-18 13:33:14.000000000 -0400
@@ -26717,13 +26723,11 @@
  	desc->s = 1;
  	desc->dpl = 0x3;
  	desc->p = info->seg_not_present ^ 1;
-@@ -26,15 +27,16 @@ static inline void fill_ldt(struct desc_
- 	desc->base2 = (info->base_addr & 0xff000000) >> 24;
+@@ -26,14 +27,15 @@ static inline void fill_ldt(struct desc_
  }
  
--extern struct desc_ptr idt_descr;
+ extern struct desc_ptr idt_descr;
 -extern gate_desc idt_table[];
-+extern const struct desc_ptr idt_descr;
 +extern gate_desc idt_table[256];
  
 -#ifdef CONFIG_X86_64
@@ -27350,29 +27354,19 @@
 diff -urNp linux-2.6.25.4/include/asm-x86/percpu.h linux-2.6.25.4/include/asm-x86/percpu.h
 --- linux-2.6.25.4/include/asm-x86/percpu.h	2008-05-15 11:00:12.000000000 -0400
 +++ linux-2.6.25.4/include/asm-x86/percpu.h	2008-05-18 13:33:17.000000000 -0400
-@@ -41,6 +41,7 @@ DECLARE_PER_CPU(struct x8664_pda, pda);
- #ifdef CONFIG_SMP
- #define PER_CPU(var, reg)				\
- 	movl %fs:per_cpu__##this_cpu_off, reg;		\
-+	lea __per_cpu_start(reg), reg;			\
- 	lea per_cpu__##var(reg), reg
- #define PER_CPU_VAR(var)	%fs:per_cpu__##var
- #else /* ! SMP */
-@@ -65,7 +66,13 @@ DECLARE_PER_CPU(struct x8664_pda, pda);
-  */
- #ifdef CONFIG_SMP
+@@ -67,6 +67,12 @@ DECLARE_PER_CPU(struct x8664_pda, pda);
+ 
+ #define __my_cpu_offset x86_read_percpu(this_cpu_off)
  
--#define __my_cpu_offset x86_read_percpu(this_cpu_off)
-+#define __my_cpu_offset (x86_read_percpu(this_cpu_off) + (unsigned long)__per_cpu_start)
-+
-+#include <linux/threads.h>
 +#include <asm-generic/sections.h>
++#include <linux/threads.h>
 +#define __per_cpu_offset __per_cpu_offset
 +extern unsigned long __per_cpu_offset[NR_CPUS];
 +#define per_cpu_offset(x) (__per_cpu_offset[x] + (unsigned long)__per_cpu_start)
- 
++
  /* fs segment starts at (positive) offset == __per_cpu_offset[cpu] */
  #define __percpu_seg "%%fs:"
+ 
 diff -urNp linux-2.6.25.4/include/asm-x86/pgalloc_32.h linux-2.6.25.4/include/asm-x86/pgalloc_32.h
 --- linux-2.6.25.4/include/asm-x86/pgalloc_32.h	2008-05-15 11:00:12.000000000 -0400
 +++ linux-2.6.25.4/include/asm-x86/pgalloc_32.h	2008-05-18 13:33:17.000000000 -0400
@@ -30019,6 +30013,15 @@
  static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
  char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
  static const char *panic_later, *panic_param;
+@@ -364,7 +375,7 @@ static inline void smp_prepare_cpus(unsi
+ #else
+
+ #ifndef CONFIG_HAVE_SETUP_PER_CPU_AREA
+-unsigned long __per_cpu_offset[NR_CPUS] __read_mostly;
++unsigned long __per_cpu_offset[NR_CPUS] __read_only;
+
+ EXPORT_SYMBOL(__per_cpu_offset);
+
 @@ -668,7 +680,7 @@ static void __init do_initcalls(void)
  
  	for (call = __initcall_start; call < __initcall_end; call++) {
@@ -30738,6 +30741,21 @@
  	/*
  	 * static variable?
  	 */
+@@ -609,9 +613,12 @@ static int static_obj(void *obj)
+ 	 * percpu var?
+ 	 */
+ 	for_each_possible_cpu(i) {
++#ifdef CONFIG_X86_32
++		start = per_cpu_offset(i);
++#else
+ 		start = (unsigned long) &__per_cpu_start + per_cpu_offset(i);
+-		end   = (unsigned long) &__per_cpu_start + PERCPU_ENOUGH_ROOM
+-					+ per_cpu_offset(i);
++#endif
++		end   = start + PERCPU_ENOUGH_ROOM;
+ 
+ 		if ((addr >= start) && (addr < end))
+ 			return 1;
 diff -urNp linux-2.6.25.4/kernel/module.c linux-2.6.25.4/kernel/module.c
 --- linux-2.6.25.4/kernel/module.c	2008-05-15 11:00:12.000000000 -0400
 +++ linux-2.6.25.4/kernel/module.c	2008-05-18 13:33:17.000000000 -0400
@@ -30780,6 +30798,18 @@
  		printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
  		       name, align, PAGE_SIZE);
  		align = PAGE_SIZE;
+@@ -433,7 +442,11 @@ static void percpu_modcopy(void *pcpudes
+ 	int cpu;
+ 
+ 	for_each_possible_cpu(cpu)
++#ifdef CONFIG_X86_32
++		memcpy(pcpudest + __per_cpu_offset[cpu], from, size);
++#else
+ 		memcpy(pcpudest + per_cpu_offset(cpu), from, size);
++#endif
+ }
+ 
+ static int percpu_modinit(void)
 @@ -684,6 +693,9 @@ sys_delete_module(const char __user *nam
  	char name[MODULE_NAME_LEN];
  	int ret, forced = 0;
@@ -30985,12 +31015,17 @@
 +	}
 +	memset(ptr, 0, mod->init_size_rw);
 +	mod->module_init_rw = ptr;
-+
+ 
+-	ptr = module_alloc(mod->init_size);
+-	if (!ptr && mod->init_size) {
 +	ptr = module_alloc_exec(mod->core_size_rx);
 +	if (!ptr) {
-+		err = -ENOMEM;
+ 		err = -ENOMEM;
+-		goto free_core;
 +		goto free_init_rw;
-+	}
+ 	}
+-	memset(ptr, 0, mod->init_size);
+-	mod->module_init = ptr;
 +
 +#ifdef CONFIG_PAX_KERNEXEC
 +	pax_open_kernel(cr0);
@@ -31003,17 +31038,12 @@
 +#endif
 +
 +	mod->module_core_rx = ptr;
- 
--	ptr = module_alloc(mod->init_size);
--	if (!ptr && mod->init_size) {
++ 
 +	ptr = module_alloc_exec(mod->init_size_rx);
 +	if (!ptr && mod->init_size_rx) {
- 		err = -ENOMEM;
--		goto free_core;
++		err = -ENOMEM;
 +		goto free_core_rx;
- 	}
--	memset(ptr, 0, mod->init_size);
--	mod->module_init = ptr;
++	}
 +
 +#ifdef CONFIG_PAX_KERNEXEC
 +	pax_open_kernel(cr0);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.35&r2=1.1.2.36&f=u

More information about the pld-cvs-commit mailing list