SOURCES (LINUX_2_6): linux-2.6-grsec_full.patch - updated to 2.6.28
adamg
adamg at pld-linux.org
Sun Jan 18 03:07:56 CET 2009
Author: adamg Date: Sun Jan 18 02:07:56 2009 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updated to 2.6.28
---- Files affected:
SOURCES:
linux-2.6-grsec_full.patch (1.1.2.51 -> 1.1.2.52)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.51 SOURCES/linux-2.6-grsec_full.patch:1.1.2.52
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.51 Sun Dec 14 09:51:32 2008
+++ SOURCES/linux-2.6-grsec_full.patch Sun Jan 18 03:07:49 2009
@@ -1,6 +1,57 @@
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/module.c linux-2.6.27.4/arch/alpha/kernel/module.c
---- linux-2.6.27.4/arch/alpha/kernel/module.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/kernel/module.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/alpha/include/asm/elf.h linux-2.6.28/arch/alpha/include/asm/elf.h
+--- linux-2.6.28/arch/alpha/include/asm/elf.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/include/asm/elf.h 2009-01-11 07:20:06.000000000 -0500
+@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
++#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
++#endif
++
+ /* $0 is set by ld.so to a pointer to a function which might be
+ registered using atexit. This provides a mean for the dynamic
+ linker to call DT_FINI functions for shared libraries that have
+diff -urNp linux-2.6.28/arch/alpha/include/asm/kmap_types.h linux-2.6.28/arch/alpha/include/asm/kmap_types.h
+--- linux-2.6.28/arch/alpha/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -24,7 +24,8 @@ D(9) KM_IRQ0,
+ D(10) KM_IRQ1,
+ D(11) KM_SOFTIRQ0,
+ D(12) KM_SOFTIRQ1,
+-D(13) KM_TYPE_NR
++D(13) KM_CLEARPAGE,
++D(14) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.28/arch/alpha/include/asm/pgtable.h linux-2.6.28/arch/alpha/include/asm/pgtable.h
+--- linux-2.6.28/arch/alpha/include/asm/pgtable.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/include/asm/pgtable.h 2009-01-11 07:20:06.000000000 -0500
+@@ -101,6 +101,17 @@ struct vm_area_struct;
+ #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
+ #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
+ #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
++# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
++# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
++#else
++# define PAGE_SHARED_NOEXEC PAGE_SHARED
++# define PAGE_COPY_NOEXEC PAGE_COPY
++# define PAGE_READONLY_NOEXEC PAGE_READONLY
++#endif
++
+ #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
+
+ #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
+diff -urNp linux-2.6.28/arch/alpha/kernel/module.c linux-2.6.28/arch/alpha/kernel/module.c
+--- linux-2.6.28/arch/alpha/kernel/module.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/kernel/module.c 2009-01-11 07:20:06.000000000 -0500
@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
@@ -10,21 +61,21 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/osf_sys.c linux-2.6.27.4/arch/alpha/kernel/osf_sys.c
---- linux-2.6.27.4/arch/alpha/kernel/osf_sys.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/kernel/osf_sys.c 2008-10-27 22:36:16.000000000 -0400
-@@ -1232,6 +1232,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.28/arch/alpha/kernel/osf_sys.c linux-2.6.28/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.28/arch/alpha/kernel/osf_sys.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/kernel/osf_sys.c 2009-01-11 07:20:06.000000000 -0500
+@@ -1230,6 +1230,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (addr) {
addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
if (addr != (unsigned long) -ENOMEM)
-@@ -1239,8 +1243,8 @@ arch_get_unmapped_area(struct file *filp
+@@ -1237,8 +1241,8 @@ arch_get_unmapped_area(struct file *filp
}
/* Next, try allocating at TASK_UNMAPPED_BASE. */
@@ -35,9 +86,9 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/ptrace.c linux-2.6.27.4/arch/alpha/kernel/ptrace.c
---- linux-2.6.27.4/arch/alpha/kernel/ptrace.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/kernel/ptrace.c 2008-10-25 12:03:06.000000000 -0400
+diff -urNp linux-2.6.28/arch/alpha/kernel/ptrace.c linux-2.6.28/arch/alpha/kernel/ptrace.c
+--- linux-2.6.28/arch/alpha/kernel/ptrace.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/kernel/ptrace.c 2009-01-11 05:46:58.000000000 -0500
@@ -15,6 +15,7 @@
#include <linux/security.h>
#include <linux/signal.h>
@@ -56,9 +107,9 @@
switch (request) {
/* When I and D space are separate, these will need to be fixed. */
case PTRACE_PEEKTEXT: /* read word at location addr. */
-diff -urNp linux-2.6.27.4/arch/alpha/mm/fault.c linux-2.6.27.4/arch/alpha/mm/fault.c
---- linux-2.6.27.4/arch/alpha/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/alpha/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/alpha/mm/fault.c linux-2.6.28/arch/alpha/mm/fault.c
+--- linux-2.6.28/arch/alpha/mm/fault.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/alpha/mm/fault.c 2009-01-11 07:20:06.000000000 -0500
@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
__reload_thread(pcb);
}
@@ -215,21 +266,51 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.27.4/arch/arm/mm/mmap.c linux-2.6.27.4/arch/arm/mm/mmap.c
---- linux-2.6.27.4/arch/arm/mm/mmap.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/arm/mm/mmap.c 2008-10-27 22:36:16.000000000 -0400
-@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.28/arch/arm/include/asm/elf.h linux-2.6.28/arch/arm/include/asm/elf.h
+--- linux-2.6.28/arch/arm/include/asm/elf.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/arm/include/asm/elf.h 2009-01-11 07:20:06.000000000 -0500
+@@ -99,7 +99,14 @@ extern int arm_elf_read_implies_exec(con
+ the loader. We need to make sure that it is out of the way of the program
+ that it will "exec", and that there is sufficient room for the brk. */
+
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
++
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x00008000UL
++
++#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
++#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
++#endif
+
+ /* When the program starts, a1 contains a pointer to a function to be
+ registered with atexit, as per the SVR4 ABI. A value of 0 means we
+diff -urNp linux-2.6.28/arch/arm/include/asm/kmap_types.h linux-2.6.28/arch/arm/include/asm/kmap_types.h
+--- linux-2.6.28/arch/arm/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/arm/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -18,6 +18,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.28/arch/arm/mm/mmap.c linux-2.6.28/arch/arm/mm/mmap.c
+--- linux-2.6.28/arch/arm/mm/mmap.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/arm/mm/mmap.c 2009-01-11 07:20:06.000000000 -0500
+@@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (addr) {
if (do_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -72,10 +76,10 @@ arch_get_unmapped_area(struct file *filp
+@@ -74,10 +78,10 @@ arch_get_unmapped_area(struct file *filp
return addr;
}
if (len > mm->cached_hole_size) {
@@ -243,7 +324,7 @@
}
full_search:
-@@ -91,8 +95,8 @@ full_search:
+@@ -93,8 +97,8 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
@@ -254,9 +335,41 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -urNp linux-2.6.27.4/arch/avr32/mm/fault.c linux-2.6.27.4/arch/avr32/mm/fault.c
---- linux-2.6.27.4/arch/avr32/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/avr32/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/avr32/include/asm/elf.h linux-2.6.28/arch/avr32/include/asm/elf.h
+--- linux-2.6.28/arch/avr32/include/asm/elf.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/avr32/include/asm/elf.h 2009-01-11 07:20:06.000000000 -0500
+@@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
+ the loader. We need to make sure that it is out of the way of the program
+ that it will "exec", and that there is sufficient room for the brk. */
+
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x00001000UL
++
++#define PAX_DELTA_MMAP_LEN 15
++#define PAX_DELTA_STACK_LEN 15
++#endif
+
+ /* This yields a mask that user programs can use to figure out what
+ instruction set this CPU supports. This could be done in user space,
+diff -urNp linux-2.6.28/arch/avr32/include/asm/kmap_types.h linux-2.6.28/arch/avr32/include/asm/kmap_types.h
+--- linux-2.6.28/arch/avr32/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/avr32/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -22,7 +22,8 @@ D(10) KM_IRQ0,
+ D(11) KM_IRQ1,
+ D(12) KM_SOFTIRQ0,
+ D(13) KM_SOFTIRQ1,
+-D(14) KM_TYPE_NR
++D(14) KM_CLEARPAGE,
++D(15) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.28/arch/avr32/mm/fault.c linux-2.6.28/arch/avr32/mm/fault.c
+--- linux-2.6.28/arch/avr32/mm/fault.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/avr32/mm/fault.c 2009-01-11 07:20:06.000000000 -0500
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -298,9 +411,42 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c
---- linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/blackfin/include/asm/kmap_types.h linux-2.6.28/arch/blackfin/include/asm/kmap_types.h
+--- linux-2.6.28/arch/blackfin/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/blackfin/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -15,6 +15,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.28/arch/cris/include/asm/kmap_types.h linux-2.6.28/arch/cris/include/asm/kmap_types.h
+--- linux-2.6.28/arch/cris/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/cris/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -19,6 +19,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.28/arch/h8300/include/asm/kmap_types.h linux-2.6.28/arch/h8300/include/asm/kmap_types.h
+--- linux-2.6.28/arch/h8300/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/h8300/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -15,6 +15,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.28/arch/ia64/ia32/binfmt_elf32.c linux-2.6.28/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.28/arch/ia64/ia32/binfmt_elf32.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/ia32/binfmt_elf32.c 2009-01-11 07:20:06.000000000 -0500
@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
#define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
@@ -315,9 +461,9 @@
/* Ugly but avoids duplication */
#include "../../../fs/binfmt_elf.c"
-diff -urNp linux-2.6.27.4/arch/ia64/ia32/ia32priv.h linux-2.6.27.4/arch/ia64/ia32/ia32priv.h
---- linux-2.6.27.4/arch/ia64/ia32/ia32priv.h 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/ia32/ia32priv.h 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/ia64/ia32/ia32priv.h linux-2.6.28/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.28/arch/ia64/ia32/ia32priv.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/ia32/ia32priv.h 2009-01-11 07:20:06.000000000 -0500
@@ -296,7 +296,14 @@ typedef struct compat_siginfo {
#define ELF_DATA ELFDATA2LSB
#define ELF_ARCH EM_386
@@ -334,9 +480,60 @@
#define IA32_GATE_OFFSET IA32_PAGE_OFFSET
#define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
-diff -urNp linux-2.6.27.4/arch/ia64/kernel/module.c linux-2.6.27.4/arch/ia64/kernel/module.c
---- linux-2.6.27.4/arch/ia64/kernel/module.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/kernel/module.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/ia64/include/asm/elf.h linux-2.6.28/arch/ia64/include/asm/elf.h
+--- linux-2.6.28/arch/ia64/include/asm/elf.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/include/asm/elf.h 2009-01-11 07:20:06.000000000 -0500
+@@ -43,6 +43,13 @@
+ */
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#endif
++
+ #define PT_IA_64_UNWIND 0x70000001
+
+ /* IA-64 relocations: */
+diff -urNp linux-2.6.28/arch/ia64/include/asm/kmap_types.h linux-2.6.28/arch/ia64/include/asm/kmap_types.h
+--- linux-2.6.28/arch/ia64/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -22,7 +22,8 @@ D(9) KM_IRQ0,
+ D(10) KM_IRQ1,
+ D(11) KM_SOFTIRQ0,
+ D(12) KM_SOFTIRQ1,
+-D(13) KM_TYPE_NR
++D(13) KM_CLEARPAGE,
++D(14) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.28/arch/ia64/include/asm/pgtable.h linux-2.6.28/arch/ia64/include/asm/pgtable.h
+--- linux-2.6.28/arch/ia64/include/asm/pgtable.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/include/asm/pgtable.h 2009-01-11 07:20:06.000000000 -0500
+@@ -143,6 +143,17 @@
+ #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
++# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
++# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
++#else
++# define PAGE_SHARED_NOEXEC PAGE_SHARED
++# define PAGE_READONLY_NOEXEC PAGE_READONLY
++# define PAGE_COPY_NOEXEC PAGE_COPY
++#endif
++
+ #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
+ #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
+ #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
+diff -urNp linux-2.6.28/arch/ia64/kernel/module.c linux-2.6.28/arch/ia64/kernel/module.c
+--- linux-2.6.28/arch/ia64/kernel/module.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/kernel/module.c 2009-01-11 07:20:06.000000000 -0500
@@ -312,8 +312,7 @@ module_alloc (unsigned long size)
void
module_free (struct module *mod, void *module_region)
@@ -425,16 +622,16 @@
mod->arch.gp = gp;
DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
}
-diff -urNp linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c
---- linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/ia64/kernel/sys_ia64.c linux-2.6.28/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.28/arch/ia64/kernel/sys_ia64.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/kernel/sys_ia64.c 2009-01-11 07:20:06.000000000 -0500
@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
if (REGION_NUMBER(addr) == RGN_HPAGE)
addr = 0;
#endif
+
+#ifdef CONFIG_PAX_RANDMMAP
-+ if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp)
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
+ addr = mm->free_area_cache;
+ else
+#endif
@@ -454,9 +651,9 @@
goto full_search;
}
return -ENOMEM;
-diff -urNp linux-2.6.27.4/arch/ia64/mm/fault.c linux-2.6.27.4/arch/ia64/mm/fault.c
---- linux-2.6.27.4/arch/ia64/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/ia64/mm/fault.c linux-2.6.28/arch/ia64/mm/fault.c
+--- linux-2.6.28/arch/ia64/mm/fault.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/mm/fault.c 2009-01-11 07:20:06.000000000 -0500
@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned
return pte_present(pte);
}
@@ -506,10 +703,10 @@
survive:
/*
* If for any reason at all we couldn't handle the fault, make
-diff -urNp linux-2.6.27.4/arch/ia64/mm/init.c linux-2.6.27.4/arch/ia64/mm/init.c
---- linux-2.6.27.4/arch/ia64/mm/init.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/mm/init.c 2008-10-27 22:36:16.000000000 -0400
-@@ -122,6 +122,19 @@ ia64_init_addr_space (void)
+diff -urNp linux-2.6.28/arch/ia64/mm/init.c linux-2.6.28/arch/ia64/mm/init.c
+--- linux-2.6.28/arch/ia64/mm/init.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/ia64/mm/init.c 2009-01-11 07:20:06.000000000 -0500
+@@ -121,6 +121,19 @@ ia64_init_addr_space (void)
vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
vma->vm_end = vma->vm_start + PAGE_SIZE;
vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
@@ -529,9 +726,71 @@
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
down_write(¤t->mm->mmap_sem);
if (insert_vm_struct(current->mm, vma)) {
-diff -urNp linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c
---- linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/binfmt_elfn32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/m68knommu/include/asm/kmap_types.h linux-2.6.28/arch/m68knommu/include/asm/kmap_types.h
+--- linux-2.6.28/arch/m68knommu/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/m68knommu/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -15,6 +15,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.28/arch/mips/include/asm/elf.h linux-2.6.28/arch/mips/include/asm/elf.h
+--- linux-2.6.28/arch/mips/include/asm/elf.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/include/asm/elf.h 2009-01-11 07:20:06.000000000 -0500
+@@ -364,4 +364,11 @@ extern int dump_task_fpu(struct task_str
+ #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
+ #endif
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #endif /* _ASM_ELF_H */
+diff -urNp linux-2.6.28/arch/mips/include/asm/kmap_types.h linux-2.6.28/arch/mips/include/asm/kmap_types.h
+--- linux-2.6.28/arch/mips/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -22,7 +22,8 @@ D(9) KM_IRQ0,
+ D(10) KM_IRQ1,
+ D(11) KM_SOFTIRQ0,
+ D(12) KM_SOFTIRQ1,
+-D(13) KM_TYPE_NR
++D(13) KM_CLEARPAGE,
++D(14) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.28/arch/mips/include/asm/page.h linux-2.6.28/arch/mips/include/asm/page.h
+--- linux-2.6.28/arch/mips/include/asm/page.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/include/asm/page.h 2009-01-11 07:20:06.000000000 -0500
+@@ -82,7 +82,7 @@ extern void copy_user_highpage(struct pa
+ #ifdef CONFIG_CPU_MIPS32
+ typedef struct { unsigned long pte_low, pte_high; } pte_t;
+ #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
+- #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
++ #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
+ #else
+ typedef struct { unsigned long long pte; } pte_t;
+ #define pte_val(x) ((x).pte)
+diff -urNp linux-2.6.28/arch/mips/include/asm/system.h linux-2.6.28/arch/mips/include/asm/system.h
+--- linux-2.6.28/arch/mips/include/asm/system.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/include/asm/system.h 2009-01-11 07:20:06.000000000 -0500
+@@ -217,6 +217,6 @@ extern void per_cpu_trap_init(void);
+ */
+ #define __ARCH_WANT_UNLOCKED_CTXSW
+
+-extern unsigned long arch_align_stack(unsigned long sp);
++#define arch_align_stack(x) ((x) & ALMASK)
+
+ #endif /* _ASM_SYSTEM_H */
+diff -urNp linux-2.6.28/arch/mips/kernel/binfmt_elfn32.c linux-2.6.28/arch/mips/kernel/binfmt_elfn32.c
+--- linux-2.6.28/arch/mips/kernel/binfmt_elfn32.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/kernel/binfmt_elfn32.c 2009-01-11 07:20:06.000000000 -0500
@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -546,9 +805,9 @@
#include <asm/processor.h>
#include <linux/module.h>
#include <linux/elfcore.h>
-diff -urNp linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c
---- linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/binfmt_elfo32.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/mips/kernel/binfmt_elfo32.c linux-2.6.28/arch/mips/kernel/binfmt_elfo32.c
+--- linux-2.6.28/arch/mips/kernel/binfmt_elfo32.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/kernel/binfmt_elfo32.c 2009-01-11 07:20:06.000000000 -0500
@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -563,10 +822,10 @@
#include <asm/processor.h>
#include <linux/module.h>
#include <linux/elfcore.h>
-diff -urNp linux-2.6.27.4/arch/mips/kernel/process.c linux-2.6.27.4/arch/mips/kernel/process.c
---- linux-2.6.27.4/arch/mips/kernel/process.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/process.c 2008-10-27 22:36:16.000000000 -0400
-@@ -458,15 +458,3 @@ unsigned long get_wchan(struct task_stru
+diff -urNp linux-2.6.28/arch/mips/kernel/process.c linux-2.6.28/arch/mips/kernel/process.c
+--- linux-2.6.28/arch/mips/kernel/process.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/kernel/process.c 2009-01-11 07:20:06.000000000 -0500
+@@ -457,15 +457,3 @@ unsigned long get_wchan(struct task_stru
out:
return pc;
}
@@ -582,22 +841,22 @@
-
- return sp & ALMASK;
-}
-diff -urNp linux-2.6.27.4/arch/mips/kernel/syscall.c linux-2.6.27.4/arch/mips/kernel/syscall.c
---- linux-2.6.27.4/arch/mips/kernel/syscall.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/kernel/syscall.c 2008-10-27 22:36:16.000000000 -0400
-@@ -100,6 +100,11 @@ unsigned long arch_get_unmapped_area(str
+diff -urNp linux-2.6.28/arch/mips/kernel/syscall.c linux-2.6.28/arch/mips/kernel/syscall.c
+--- linux-2.6.28/arch/mips/kernel/syscall.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/kernel/syscall.c 2009-01-11 07:20:06.000000000 -0500
+@@ -99,6 +99,11 @@ unsigned long arch_get_unmapped_area(str
do_color_align = 0;
if (filp || (flags & MAP_SHARED))
do_color_align = 1;
+
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (addr) {
if (do_color_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -110,7 +115,7 @@ unsigned long arch_get_unmapped_area(str
+@@ -109,7 +114,7 @@ unsigned long arch_get_unmapped_area(str
(!vmm || addr + len <= vmm->vm_start))
return addr;
}
@@ -606,9 +865,9 @@
if (do_color_align)
addr = COLOUR_ALIGN(addr, pgoff);
else
-diff -urNp linux-2.6.27.4/arch/mips/mm/fault.c linux-2.6.27.4/arch/mips/mm/fault.c
---- linux-2.6.27.4/arch/mips/mm/fault.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/mips/mm/fault.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/mips/mm/fault.c linux-2.6.28/arch/mips/mm/fault.c
+--- linux-2.6.28/arch/mips/mm/fault.c 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/mips/mm/fault.c 2009-01-11 07:20:06.000000000 -0500
@@ -26,6 +26,23 @@
#include <asm/ptrace.h>
#include <asm/highmem.h> /* For VMALLOC_END */
@@ -633,9 +892,60 @@
/*
* This routine handles page faults. It determines the address,
* and the problem, and then passes it off to one of the appropriate
-diff -urNp linux-2.6.27.4/arch/parisc/kernel/module.c linux-2.6.27.4/arch/parisc/kernel/module.c
---- linux-2.6.27.4/arch/parisc/kernel/module.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/parisc/kernel/module.c 2008-10-27 22:36:16.000000000 -0400
+diff -urNp linux-2.6.28/arch/parisc/include/asm/elf.h linux-2.6.28/arch/parisc/include/asm/elf.h
+--- linux-2.6.28/arch/parisc/include/asm/elf.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/parisc/include/asm/elf.h 2009-01-11 07:20:06.000000000 -0500
+@@ -333,6 +333,13 @@ struct pt_regs; /* forward declaration..
+
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x10000UL
++
++#define PAX_DELTA_MMAP_LEN 16
++#define PAX_DELTA_STACK_LEN 16
++#endif
++
+ /* This yields a mask that user programs can use to figure out what
+ instruction set this CPU supports. This could be done in user space,
+ but it's not easy, and we've already done it here. */
+diff -urNp linux-2.6.28/arch/parisc/include/asm/kmap_types.h linux-2.6.28/arch/parisc/include/asm/kmap_types.h
+--- linux-2.6.28/arch/parisc/include/asm/kmap_types.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/parisc/include/asm/kmap_types.h 2009-01-11 07:20:06.000000000 -0500
+@@ -22,7 +22,8 @@ D(9) KM_IRQ0,
+ D(10) KM_IRQ1,
+ D(11) KM_SOFTIRQ0,
+ D(12) KM_SOFTIRQ1,
+-D(13) KM_TYPE_NR
++D(13) KM_CLEARPAGE,
++D(14) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.28/arch/parisc/include/asm/pgtable.h linux-2.6.28/arch/parisc/include/asm/pgtable.h
+--- linux-2.6.28/arch/parisc/include/asm/pgtable.h 2008-12-24 18:26:37.000000000 -0500
++++ linux-2.6.28/arch/parisc/include/asm/pgtable.h 2009-01-11 07:20:06.000000000 -0500
+@@ -202,6 +202,17 @@
+ #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
+ #define PAGE_COPY PAGE_EXECREAD
+ #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
++# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.51&r2=1.1.2.52&f=u
More information about the pld-cvs-commit
mailing list