packages (GRSECURITY_RAW): kernel/kernel-grsec_full.patch http://www.grsecu...

arekm arekm at pld-linux.org
Sun Aug 16 20:39:22 CEST 2009 

Author: arekm                        Date: Sun Aug 16 18:39:21 2009 GMT
Module: packages                      Tag: GRSECURITY_RAW
---- Log message:
http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.30.4-200908132040.patch

---- Files affected:
packages/kernel:
   kernel-grsec_full.patch (1.3.2.5 -> 1.3.2.6) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.5 packages/kernel/kernel-grsec_full.patch:1.3.2.6
--- packages/kernel/kernel-grsec_full.patch:1.3.2.5	Tue Aug 11 10:52:15 2009
+++ packages/kernel/kernel-grsec_full.patch	Sun Aug 16 20:39:15 2009
@@ -8320,7 +8320,7 @@
  efi_rt_function_ptr:
 diff -urNp linux-2.6.30.4/arch/x86/kernel/entry_32.S linux-2.6.30.4/arch/x86/kernel/entry_32.S
 --- linux-2.6.30.4/arch/x86/kernel/entry_32.S	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/kernel/entry_32.S	2009-07-30 09:48:09.945662533 -0400
++++ linux-2.6.30.4/arch/x86/kernel/entry_32.S	2009-08-12 21:15:21.098460043 -0400
 @@ -192,7 +192,7 @@
  
  #endif	/* CONFIG_X86_32_LAZY_GS */
@@ -8525,11 +8525,11 @@
  	/* since we are on a wrong stack, we cant make it a C code :( */
 -	PER_CPU(gdt_page, %ebx)
 +#ifdef CONFIG_SMP
-+	movl PER_CPU_VAR(cpu_number), %ebx;
-+	shll $PAGE_SHIFT_asm, %ebx;
-+	addl $cpu_gdt_table, %ebx;
++	movl PER_CPU_VAR(cpu_number), %ebx
++	shll $PAGE_SHIFT_asm, %ebx
++	addl $cpu_gdt_table, %ebx
 +#else
-+	movl $cpu_gdt_table, %ebx;
++	movl $cpu_gdt_table, %ebx
 +#endif
  	GET_DESC_BASE(GDT_ENTRY_ESPFIX_SS, %ebx, %eax, %ax, %al, %ah)
  	addl %esp, %eax
@@ -8595,14 +8595,18 @@
  	CFI_ADJUST_CFA_OFFSET -24
 diff -urNp linux-2.6.30.4/arch/x86/kernel/entry_64.S linux-2.6.30.4/arch/x86/kernel/entry_64.S
 --- linux-2.6.30.4/arch/x86/kernel/entry_64.S	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/kernel/entry_64.S	2009-07-30 09:48:09.945662533 -0400
-@@ -1073,7 +1073,8 @@ ENTRY(\sym)
++++ linux-2.6.30.4/arch/x86/kernel/entry_64.S	2009-08-12 21:15:21.099483377 -0400
+@@ -1073,7 +1073,12 @@ ENTRY(\sym)
  	TRACE_IRQS_OFF
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
 -	PER_CPU(init_tss, %rbp)
++#ifdef CONFIG_SMP
 +	imul $TSS_size, PER_CPU_VAR(cpu_number), %ebp
 +	lea init_tss(%rbp), %rbp
++#else
++	lea init_tss(%rip), %rbp
++#endif
  	subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
  	call \do_sym
  	addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
@@ -11088,7 +11092,7 @@
  		tsk->thread.sysenter_cs = 0;
 diff -urNp linux-2.6.30.4/arch/x86/kernel/vmi_32.c linux-2.6.30.4/arch/x86/kernel/vmi_32.c
 --- linux-2.6.30.4/arch/x86/kernel/vmi_32.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/kernel/vmi_32.c	2009-07-30 09:48:09.962543704 -0400
++++ linux-2.6.30.4/arch/x86/kernel/vmi_32.c	2009-08-12 21:15:21.104308164 -0400
 @@ -102,18 +102,43 @@ static unsigned patch_internal(int call,
  {
  	u64 reloc;
@@ -11149,7 +11153,7 @@
  	vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD);
  }
  #endif
-@@ -438,8 +463,8 @@ vmi_startup_ipi_hook(int phys_apicid, un
+@@ -438,10 +463,10 @@ vmi_startup_ipi_hook(int phys_apicid, un
  	ap.ss = __KERNEL_DS;
  	ap.esp = (unsigned long) start_esp;
  
@@ -11158,7 +11162,10 @@
 +	ap.ds = __KERNEL_DS;
 +	ap.es = __KERNEL_DS;
  	ap.fs = __KERNEL_PERCPU;
- 	ap.gs = 0;
+-	ap.gs = 0;
++	ap.gs = __KERNEL_STACK_CANARY;
+ 
+ 	ap.eflags = 0;
  
 @@ -634,12 +659,20 @@ static inline int __init activate_vmi(vo
  	u64 reloc;
@@ -43646,7 +43653,7 @@
  		if (pp->fastreuse && sk->sk_reuse &&
 diff -urNp linux-2.6.30.4/net/socket.c linux-2.6.30.4/net/socket.c
 --- linux-2.6.30.4/net/socket.c	2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/net/socket.c	2009-07-30 11:29:24.032618401 -0400
++++ linux-2.6.30.4/net/socket.c	2009-08-13 20:40:32.961482335 -0400
 @@ -86,6 +86,7 @@
  #include <linux/audit.h>
  #include <linux/wireless.h>
@@ -43695,6 +43702,15 @@
  
  static struct file_system_type sock_fs_type = {
  	.name =		"sockfs",
+@@ -736,7 +752,7 @@ static ssize_t sock_sendpage(struct file
+ 	if (more)
+ 		flags |= MSG_MORE;
+ 
+-	return sock->ops->sendpage(sock, page, offset, size, flags);
++	return kernel_sendpage(sock, page, offset, size, flags);
+ }
+ 
+ static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 @@ -1283,6 +1299,16 @@ SYSCALL_DEFINE3(socket, int, family, int
  	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
  		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.5&r2=1.3.2.6&f=u

More information about the pld-cvs-commit mailing list