SOURCES (LINUX_2_6_27): linux-2.6-grsec_full.patch - merged changes from ht...
zbyniu
zbyniu at pld-linux.org
Sun Jan 4 23:18:43 CET 2009
Author: zbyniu Date: Sun Jan 4 22:18:43 2009 GMT
Module: SOURCES Tag: LINUX_2_6_27
---- Log message:
- merged changes from http://www.grsecurity.net/~spender/grsecurity-2.1.12-2.6.27.10-200812271347.patch.gz
---- Files affected:
SOURCES:
linux-2.6-grsec_full.patch (1.1.2.51 -> 1.1.2.51.2.1)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.51 SOURCES/linux-2.6-grsec_full.patch:1.1.2.51.2.1
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.51 Sun Dec 14 09:51:32 2008
+++ SOURCES/linux-2.6-grsec_full.patch Sun Jan 4 23:18:37 2009
@@ -1,6 +1,66 @@
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/module.c linux-2.6.27.4/arch/alpha/kernel/module.c
---- linux-2.6.27.4/arch/alpha/kernel/module.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/kernel/module.c 2008-10-27 22:36:16.000000000 -0400
+ !
+ -~*~-
+ /!\
+ /%;@\
+ o/@,%\o
+ /%;`@,\
+ o/@'%',\o
+ '^^^N^^^`
+
+diff -urNp linux-2.6.27.10/arch/alpha/include/asm/elf.h linux-2.6.27.10/arch/alpha/include/asm/elf.h
+--- linux-2.6.27.10/arch/alpha/include/asm/elf.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/include/asm/elf.h 2008-11-18 03:39:50.000000000 -0500
+@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
++#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
++#endif
++
+ /* $0 is set by ld.so to a pointer to a function which might be
+ registered using atexit. This provides a mean for the dynamic
+ linker to call DT_FINI functions for shared libraries that have
+diff -urNp linux-2.6.27.10/arch/alpha/include/asm/kmap_types.h linux-2.6.27.10/arch/alpha/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/alpha/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -24,7 +24,8 @@ D(9) KM_IRQ0,
+ D(10) KM_IRQ1,
+ D(11) KM_SOFTIRQ0,
+ D(12) KM_SOFTIRQ1,
+-D(13) KM_TYPE_NR
++D(13) KM_CLEARPAGE,
++D(14) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.27.10/arch/alpha/include/asm/pgtable.h linux-2.6.27.10/arch/alpha/include/asm/pgtable.h
+--- linux-2.6.27.10/arch/alpha/include/asm/pgtable.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/include/asm/pgtable.h 2008-11-18 03:39:50.000000000 -0500
+@@ -101,6 +101,17 @@ struct vm_area_struct;
+ #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
+ #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
+ #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
++# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
++# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
++#else
++# define PAGE_SHARED_NOEXEC PAGE_SHARED
++# define PAGE_COPY_NOEXEC PAGE_COPY
++# define PAGE_READONLY_NOEXEC PAGE_READONLY
++#endif
++
+ #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
+
+ #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
+diff -urNp linux-2.6.27.10/arch/alpha/kernel/module.c linux-2.6.27.10/arch/alpha/kernel/module.c
+--- linux-2.6.27.10/arch/alpha/kernel/module.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/kernel/module.c 2008-11-18 03:38:43.000000000 -0500
@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
@@ -10,9 +70,9 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/osf_sys.c linux-2.6.27.4/arch/alpha/kernel/osf_sys.c
---- linux-2.6.27.4/arch/alpha/kernel/osf_sys.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/kernel/osf_sys.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/alpha/kernel/osf_sys.c linux-2.6.27.10/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.27.10/arch/alpha/kernel/osf_sys.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/kernel/osf_sys.c 2008-11-18 03:38:43.000000000 -0500
@@ -1232,6 +1232,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
@@ -35,9 +95,9 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/ptrace.c linux-2.6.27.4/arch/alpha/kernel/ptrace.c
---- linux-2.6.27.4/arch/alpha/kernel/ptrace.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/kernel/ptrace.c 2008-10-25 12:03:06.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/alpha/kernel/ptrace.c linux-2.6.27.10/arch/alpha/kernel/ptrace.c
+--- linux-2.6.27.10/arch/alpha/kernel/ptrace.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/kernel/ptrace.c 2008-11-18 03:38:43.000000000 -0500
@@ -15,6 +15,7 @@
#include <linux/security.h>
#include <linux/signal.h>
@@ -56,9 +116,9 @@
switch (request) {
/* When I and D space are separate, these will need to be fixed. */
case PTRACE_PEEKTEXT: /* read word at location addr. */
-diff -urNp linux-2.6.27.4/arch/alpha/mm/fault.c linux-2.6.27.4/arch/alpha/mm/fault.c
---- linux-2.6.27.4/arch/alpha/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/alpha/mm/fault.c linux-2.6.27.10/arch/alpha/mm/fault.c
+--- linux-2.6.27.10/arch/alpha/mm/fault.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/alpha/mm/fault.c 2008-11-18 03:38:43.000000000 -0500
@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
__reload_thread(pcb);
}
@@ -215,9 +275,39 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.27.4/arch/arm/mm/mmap.c linux-2.6.27.4/arch/arm/mm/mmap.c
---- linux-2.6.27.4/arch/arm/mm/mmap.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/arm/mm/mmap.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/arm/include/asm/elf.h linux-2.6.27.10/arch/arm/include/asm/elf.h
+--- linux-2.6.27.10/arch/arm/include/asm/elf.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/arm/include/asm/elf.h 2008-11-18 03:39:50.000000000 -0500
+@@ -87,7 +87,14 @@ extern char elf_platform[];
+ the loader. We need to make sure that it is out of the way of the program
+ that it will "exec", and that there is sufficient room for the brk. */
+
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
++
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x00008000UL
++
++#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
++#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
++#endif
+
+ /* When the program starts, a1 contains a pointer to a function to be
+ registered with atexit, as per the SVR4 ABI. A value of 0 means we
+diff -urNp linux-2.6.27.10/arch/arm/include/asm/kmap_types.h linux-2.6.27.10/arch/arm/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/arm/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/arm/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -18,6 +18,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.27.10/arch/arm/mm/mmap.c linux-2.6.27.10/arch/arm/mm/mmap.c
+--- linux-2.6.27.10/arch/arm/mm/mmap.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/arm/mm/mmap.c 2008-11-18 03:38:43.000000000 -0500
@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
@@ -254,9 +344,41 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -urNp linux-2.6.27.4/arch/avr32/mm/fault.c linux-2.6.27.4/arch/avr32/mm/fault.c
---- linux-2.6.27.4/arch/avr32/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/avr32/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/avr32/include/asm/elf.h linux-2.6.27.10/arch/avr32/include/asm/elf.h
+--- linux-2.6.27.10/arch/avr32/include/asm/elf.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/avr32/include/asm/elf.h 2008-11-18 03:39:50.000000000 -0500
+@@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
+ the loader. We need to make sure that it is out of the way of the program
+ that it will "exec", and that there is sufficient room for the brk. */
+
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x00001000UL
++
++#define PAX_DELTA_MMAP_LEN 15
++#define PAX_DELTA_STACK_LEN 15
++#endif
+
+ /* This yields a mask that user programs can use to figure out what
+ instruction set this CPU supports. This could be done in user space,
+diff -urNp linux-2.6.27.10/arch/avr32/include/asm/kmap_types.h linux-2.6.27.10/arch/avr32/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/avr32/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/avr32/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -22,7 +22,8 @@ D(10) KM_IRQ0,
+ D(11) KM_IRQ1,
+ D(12) KM_SOFTIRQ0,
+ D(13) KM_SOFTIRQ1,
+-D(14) KM_TYPE_NR
++D(14) KM_CLEARPAGE,
++D(15) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.27.10/arch/avr32/mm/fault.c linux-2.6.27.10/arch/avr32/mm/fault.c
+--- linux-2.6.27.10/arch/avr32/mm/fault.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/avr32/mm/fault.c 2008-11-18 03:38:43.000000000 -0500
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -298,9 +420,31 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c
---- linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/blackfin/include/asm/kmap_types.h linux-2.6.27.10/arch/blackfin/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/blackfin/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/blackfin/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -15,6 +15,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.27.10/arch/h8300/include/asm/kmap_types.h linux-2.6.27.10/arch/h8300/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/h8300/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/h8300/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -15,6 +15,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.27.10/arch/ia64/ia32/binfmt_elf32.c linux-2.6.27.10/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.27.10/arch/ia64/ia32/binfmt_elf32.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/ia32/binfmt_elf32.c 2008-11-18 03:38:43.000000000 -0500
@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
#define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
@@ -315,9 +459,9 @@
/* Ugly but avoids duplication */
#include "../../../fs/binfmt_elf.c"
-diff -urNp linux-2.6.27.4/arch/ia64/ia32/ia32priv.h linux-2.6.27.4/arch/ia64/ia32/ia32priv.h
---- linux-2.6.27.4/arch/ia64/ia32/ia32priv.h 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/ia32/ia32priv.h 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/ia64/ia32/ia32priv.h linux-2.6.27.10/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.27.10/arch/ia64/ia32/ia32priv.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/ia32/ia32priv.h 2008-11-18 03:38:43.000000000 -0500
@@ -296,7 +296,14 @@ typedef struct compat_siginfo {
#define ELF_DATA ELFDATA2LSB
#define ELF_ARCH EM_386
@@ -334,9 +478,60 @@
#define IA32_GATE_OFFSET IA32_PAGE_OFFSET
#define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
-diff -urNp linux-2.6.27.4/arch/ia64/kernel/module.c linux-2.6.27.4/arch/ia64/kernel/module.c
---- linux-2.6.27.4/arch/ia64/kernel/module.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/kernel/module.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/ia64/include/asm/elf.h linux-2.6.27.10/arch/ia64/include/asm/elf.h
+--- linux-2.6.27.10/arch/ia64/include/asm/elf.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/include/asm/elf.h 2008-11-18 03:39:50.000000000 -0500
+@@ -43,6 +43,13 @@
+ */
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#endif
++
+ #define PT_IA_64_UNWIND 0x70000001
+
+ /* IA-64 relocations: */
+diff -urNp linux-2.6.27.10/arch/ia64/include/asm/kmap_types.h linux-2.6.27.10/arch/ia64/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/ia64/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -22,7 +22,8 @@ D(9) KM_IRQ0,
+ D(10) KM_IRQ1,
+ D(11) KM_SOFTIRQ0,
+ D(12) KM_SOFTIRQ1,
+-D(13) KM_TYPE_NR
++D(13) KM_CLEARPAGE,
++D(14) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.27.10/arch/ia64/include/asm/pgtable.h linux-2.6.27.10/arch/ia64/include/asm/pgtable.h
+--- linux-2.6.27.10/arch/ia64/include/asm/pgtable.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/include/asm/pgtable.h 2008-11-18 03:39:50.000000000 -0500
+@@ -143,6 +143,17 @@
+ #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
++# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
++# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
++#else
++# define PAGE_SHARED_NOEXEC PAGE_SHARED
++# define PAGE_READONLY_NOEXEC PAGE_READONLY
++# define PAGE_COPY_NOEXEC PAGE_COPY
++#endif
++
+ #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
+ #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
+ #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
+diff -urNp linux-2.6.27.10/arch/ia64/kernel/module.c linux-2.6.27.10/arch/ia64/kernel/module.c
+--- linux-2.6.27.10/arch/ia64/kernel/module.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/kernel/module.c 2008-11-18 03:38:43.000000000 -0500
@@ -312,8 +312,7 @@ module_alloc (unsigned long size)
void
module_free (struct module *mod, void *module_region)
@@ -425,9 +620,9 @@
mod->arch.gp = gp;
DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
}
-diff -urNp linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c
---- linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/ia64/kernel/sys_ia64.c linux-2.6.27.10/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.27.10/arch/ia64/kernel/sys_ia64.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/kernel/sys_ia64.c 2008-11-18 03:38:43.000000000 -0500
@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
if (REGION_NUMBER(addr) == RGN_HPAGE)
addr = 0;
@@ -454,9 +649,9 @@
goto full_search;
}
return -ENOMEM;
-diff -urNp linux-2.6.27.4/arch/ia64/mm/fault.c linux-2.6.27.4/arch/ia64/mm/fault.c
---- linux-2.6.27.4/arch/ia64/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/ia64/mm/fault.c linux-2.6.27.10/arch/ia64/mm/fault.c
+--- linux-2.6.27.10/arch/ia64/mm/fault.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/mm/fault.c 2008-11-18 03:38:43.000000000 -0500
@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned
return pte_present(pte);
}
@@ -506,9 +701,9 @@
survive:
/*
* If for any reason at all we couldn't handle the fault, make
-diff -urNp linux-2.6.27.4/arch/ia64/mm/init.c linux-2.6.27.4/arch/ia64/mm/init.c
---- linux-2.6.27.4/arch/ia64/mm/init.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/mm/init.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/ia64/mm/init.c linux-2.6.27.10/arch/ia64/mm/init.c
+--- linux-2.6.27.10/arch/ia64/mm/init.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/ia64/mm/init.c 2008-11-18 03:38:43.000000000 -0500
@@ -122,6 +122,19 @@ ia64_init_addr_space (void)
vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
vma->vm_end = vma->vm_start + PAGE_SIZE;
@@ -529,9 +724,20 @@
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
down_write(¤t->mm->mmap_sem);
if (insert_vm_struct(current->mm, vma)) {
-diff -urNp linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c
---- linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/m68knommu/include/asm/kmap_types.h linux-2.6.27.10/arch/m68knommu/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/m68knommu/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/m68knommu/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -15,6 +15,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.27.10/arch/mips/kernel/binfmt_elfn32.c linux-2.6.27.10/arch/mips/kernel/binfmt_elfn32.c
+--- linux-2.6.27.10/arch/mips/kernel/binfmt_elfn32.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/mips/kernel/binfmt_elfn32.c 2008-11-18 03:38:43.000000000 -0500
@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -546,9 +752,9 @@
#include <asm/processor.h>
#include <linux/module.h>
#include <linux/elfcore.h>
-diff -urNp linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c
---- linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/mips/kernel/binfmt_elfo32.c linux-2.6.27.10/arch/mips/kernel/binfmt_elfo32.c
+--- linux-2.6.27.10/arch/mips/kernel/binfmt_elfo32.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/mips/kernel/binfmt_elfo32.c 2008-11-18 03:38:43.000000000 -0500
@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -563,9 +769,9 @@
#include <asm/processor.h>
#include <linux/module.h>
#include <linux/elfcore.h>
-diff -urNp linux-2.6.27.4/arch/mips/kernel/process.c linux-2.6.27.4/arch/mips/kernel/process.c
---- linux-2.6.27.4/arch/mips/kernel/process.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/process.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/mips/kernel/process.c linux-2.6.27.10/arch/mips/kernel/process.c
+--- linux-2.6.27.10/arch/mips/kernel/process.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/mips/kernel/process.c 2008-11-18 03:38:43.000000000 -0500
@@ -458,15 +458,3 @@ unsigned long get_wchan(struct task_stru
out:
return pc;
@@ -582,9 +788,9 @@
-
- return sp & ALMASK;
-}
-diff -urNp linux-2.6.27.4/arch/mips/kernel/syscall.c linux-2.6.27.4/arch/mips/kernel/syscall.c
---- linux-2.6.27.4/arch/mips/kernel/syscall.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/syscall.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/mips/kernel/syscall.c linux-2.6.27.10/arch/mips/kernel/syscall.c
+--- linux-2.6.27.10/arch/mips/kernel/syscall.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/mips/kernel/syscall.c 2008-11-18 03:38:43.000000000 -0500
@@ -100,6 +100,11 @@ unsigned long arch_get_unmapped_area(str
do_color_align = 0;
if (filp || (flags & MAP_SHARED))
@@ -606,9 +812,9 @@
if (do_color_align)
addr = COLOUR_ALIGN(addr, pgoff);
else
-diff -urNp linux-2.6.27.4/arch/mips/mm/fault.c linux-2.6.27.4/arch/mips/mm/fault.c
---- linux-2.6.27.4/arch/mips/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/mips/mm/fault.c linux-2.6.27.10/arch/mips/mm/fault.c
+--- linux-2.6.27.10/arch/mips/mm/fault.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/mips/mm/fault.c 2008-11-18 03:38:43.000000000 -0500
@@ -26,6 +26,23 @@
#include <asm/ptrace.h>
#include <asm/highmem.h> /* For VMALLOC_END */
@@ -633,9 +839,9 @@
/*
* This routine handles page faults. It determines the address,
* and the problem, and then passes it off to one of the appropriate
-diff -urNp linux-2.6.27.4/arch/parisc/kernel/module.c linux-2.6.27.4/arch/parisc/kernel/module.c
---- linux-2.6.27.4/arch/parisc/kernel/module.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/parisc/kernel/module.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/parisc/kernel/module.c linux-2.6.27.10/arch/parisc/kernel/module.c
+--- linux-2.6.27.10/arch/parisc/kernel/module.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/parisc/kernel/module.c 2008-11-18 03:38:43.000000000 -0500
@@ -75,16 +75,38 @@
/* three functions to determine where in the module core
@@ -767,9 +973,9 @@
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
-diff -urNp linux-2.6.27.4/arch/parisc/kernel/sys_parisc.c linux-2.6.27.4/arch/parisc/kernel/sys_parisc.c
---- linux-2.6.27.4/arch/parisc/kernel/sys_parisc.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/parisc/kernel/sys_parisc.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/parisc/kernel/sys_parisc.c linux-2.6.27.10/arch/parisc/kernel/sys_parisc.c
+--- linux-2.6.27.10/arch/parisc/kernel/sys_parisc.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/parisc/kernel/sys_parisc.c 2008-11-18 03:38:43.000000000 -0500
@@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
if (flags & MAP_FIXED)
return addr;
@@ -779,10 +985,10 @@
if (filp) {
addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
-diff -urNp linux-2.6.27.4/arch/parisc/kernel/traps.c linux-2.6.27.4/arch/parisc/kernel/traps.c
---- linux-2.6.27.4/arch/parisc/kernel/traps.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/parisc/kernel/traps.c 2008-10-27 22:36:16.000000000 -0400
-@@ -732,9 +732,7 @@ void handle_interruption(int code, struc
+diff -urNp linux-2.6.27.10/arch/parisc/kernel/traps.c linux-2.6.27.10/arch/parisc/kernel/traps.c
+--- linux-2.6.27.10/arch/parisc/kernel/traps.c 2008-12-10 22:35:36.000000000 -0500
++++ linux-2.6.27.10/arch/parisc/kernel/traps.c 2008-12-10 22:35:46.000000000 -0500
+@@ -731,9 +731,7 @@ void handle_interruption(int code, struc
down_read(¤t->mm->mmap_sem);
vma = find_vma(current->mm,regs->iaoq[0]);
@@ -793,9 +999,9 @@
fault_address = regs->iaoq[0];
fault_space = regs->iasq[0];
-diff -urNp linux-2.6.27.4/arch/parisc/mm/fault.c linux-2.6.27.4/arch/parisc/mm/fault.c
---- linux-2.6.27.4/arch/parisc/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/parisc/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/parisc/mm/fault.c linux-2.6.27.10/arch/parisc/mm/fault.c
+--- linux-2.6.27.10/arch/parisc/mm/fault.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/parisc/mm/fault.c 2008-11-18 03:38:43.000000000 -0500
@@ -16,6 +16,7 @@
#include <linux/sched.h>
#include <linux/interrupt.h>
@@ -965,9 +1171,81 @@
/*
* If for any reason at all we couldn't handle the fault, make
-diff -urNp linux-2.6.27.4/arch/powerpc/kernel/module_32.c linux-2.6.27.4/arch/powerpc/kernel/module_32.c
---- linux-2.6.27.4/arch/powerpc/kernel/module_32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/powerpc/kernel/module_32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/powerpc/include/asm/elf.h linux-2.6.27.10/arch/powerpc/include/asm/elf.h
+--- linux-2.6.27.10/arch/powerpc/include/asm/elf.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/include/asm/elf.h 2008-11-18 03:39:50.000000000 -0500
+@@ -180,6 +180,18 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E
+
+ #define ELF_ET_DYN_BASE (0x20000000)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (0x10000000UL)
++
++#ifdef __powerpc64__
++#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
++#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
++#else
++#define PAX_DELTA_MMAP_LEN 15
++#define PAX_DELTA_STACK_LEN 15
++#endif
++#endif
++
+ /*
+ * Our registers are always unsigned longs, whether we're a 32 bit
+ * process or 64 bit, on either a 64 bit or 32 bit kernel.
+diff -urNp linux-2.6.27.10/arch/powerpc/include/asm/kmap_types.h linux-2.6.27.10/arch/powerpc/include/asm/kmap_types.h
+--- linux-2.6.27.10/arch/powerpc/include/asm/kmap_types.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/include/asm/kmap_types.h 2008-11-18 03:39:50.000000000 -0500
+@@ -26,6 +26,7 @@ enum km_type {
+ KM_SOFTIRQ1,
+ KM_PPC_SYNC_PAGE,
+ KM_PPC_SYNC_ICACHE,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.27.10/arch/powerpc/include/asm/page_64.h linux-2.6.27.10/arch/powerpc/include/asm/page_64.h
+--- linux-2.6.27.10/arch/powerpc/include/asm/page_64.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/include/asm/page_64.h 2008-11-18 03:39:50.000000000 -0500
+@@ -170,15 +170,18 @@ do { \
+ * stack by default, so in the absense of a PT_GNU_STACK program header
+ * we turn execute permission off.
+ */
+-#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
+- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
++#define VM_STACK_DEFAULT_FLAGS32 \
++ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
++ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+
+ #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
+ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+
++#ifndef CONFIG_PAX_PAGEEXEC
+ #define VM_STACK_DEFAULT_FLAGS \
+ (test_thread_flag(TIF_32BIT) ? \
+ VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
++#endif
+
+ #include <asm-generic/page.h>
+
+diff -urNp linux-2.6.27.10/arch/powerpc/include/asm/page.h linux-2.6.27.10/arch/powerpc/include/asm/page.h
+--- linux-2.6.27.10/arch/powerpc/include/asm/page.h 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/include/asm/page.h 2008-11-18 03:39:50.000000000 -0500
+@@ -100,8 +100,9 @@ extern phys_addr_t kernstart_addr;
+ * and needs to be executable. This means the whole heap ends
+ * up being executable.
+ */
+-#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
+- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
++#define VM_DATA_DEFAULT_FLAGS32 \
++ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
++ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+
+ #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
+ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+diff -urNp linux-2.6.27.10/arch/powerpc/kernel/module_32.c linux-2.6.27.10/arch/powerpc/kernel/module_32.c
+--- linux-2.6.27.10/arch/powerpc/kernel/module_32.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/kernel/module_32.c 2008-11-18 03:38:43.000000000 -0500
@@ -158,7 +158,7 @@ int module_frob_arch_sections(Elf32_Ehdr
me->arch.core_plt_section = i;
}
@@ -997,9 +1275,9 @@
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
-diff -urNp linux-2.6.27.4/arch/powerpc/kernel/signal_32.c linux-2.6.27.4/arch/powerpc/kernel/signal_32.c
---- linux-2.6.27.4/arch/powerpc/kernel/signal_32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/powerpc/kernel/signal_32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/powerpc/kernel/signal_32.c linux-2.6.27.10/arch/powerpc/kernel/signal_32.c
+--- linux-2.6.27.10/arch/powerpc/kernel/signal_32.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/kernel/signal_32.c 2008-11-18 03:38:43.000000000 -0500
@@ -857,7 +857,7 @@ int handle_rt_signal32(unsigned long sig
/* Save user registers on the stack */
frame = &rt_sf->uc.uc_mcontext;
@@ -1009,9 +1287,9 @@
if (save_user_regs(regs, frame, 0))
goto badframe;
regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
-diff -urNp linux-2.6.27.4/arch/powerpc/kernel/signal_64.c linux-2.6.27.4/arch/powerpc/kernel/signal_64.c
---- linux-2.6.27.4/arch/powerpc/kernel/signal_64.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/powerpc/kernel/signal_64.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.27.10/arch/powerpc/kernel/signal_64.c linux-2.6.27.10/arch/powerpc/kernel/signal_64.c
+--- linux-2.6.27.10/arch/powerpc/kernel/signal_64.c 2008-11-07 12:55:34.000000000 -0500
++++ linux-2.6.27.10/arch/powerpc/kernel/signal_64.c 2008-11-18 03:38:43.000000000 -0500
@@ -434,7 +434,7 @@ int handle_rt_signal64(int signr, struct
current->thread.fpscr.val = 0;
@@ -1021,9 +1299,9 @@
regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
} else {
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.51&r2=1.1.2.51.2.1&f=u
More information about the pld-cvs-commit
mailing list