packages (GRSECURITY_RAW): kernel/kernel-grsec_full.patch http://oss.axsent...

Thu Aug 27 18:13:24 CEST 2009

Author: arekm                        Date: Thu Aug 27 16:13:24 2009 GMT
Module: packages                      Tag: GRSECURITY_RAW
---- Log message:
http://oss.axsentis.de/people/stkn/grsecurity/2.6.27/grsecurity-2.1.12-2.6.27.4-200810272314.patch.bz2

---- Files affected:
packages/kernel:
   kernel-grsec_full.patch (1.3.2.7 -> 1.3.2.8) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.7 packages/kernel/kernel-grsec_full.patch:1.3.2.8

--- packages/kernel/kernel-grsec_full.patch:1.3.2.7	Thu Aug 27 18:12:15 2009
+++ packages/kernel/kernel-grsec_full.patch	Thu Aug 27 18:13:14 2009
@@ -1,70 +1,6 @@
-diff -urNp linux-2.6.29.6/arch/alpha/include/asm/atomic.h linux-2.6.29.6/arch/alpha/include/asm/atomic.h
---- linux-2.6.29.6/arch/alpha/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/include/asm/atomic.h	2009-07-30 17:59:25.587759902 -0400
-@@ -246,6 +246,9 @@ static __inline__ int atomic64_add_unles
- #define atomic64_dec_and_test(v) (atomic64_sub_return(1, (v)) == 0)
- 
- #define atomic_inc(v) atomic_add(1,(v))
-+#define atomic_inc_unchecked(v) atomic_inc(v)
-+#define atomic_add_unchecked(i,v) atomic_add((i),(v))
-+#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
- #define atomic64_inc(v) atomic64_add(1,(v))
- 
- #define atomic_dec(v) atomic_sub(1,(v))
-diff -urNp linux-2.6.29.6/arch/alpha/include/asm/elf.h linux-2.6.29.6/arch/alpha/include/asm/elf.h
---- linux-2.6.29.6/arch/alpha/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/include/asm/elf.h	2009-07-30 17:59:25.587759902 -0400
-@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
- 
- #define ELF_ET_DYN_BASE		(TASK_UNMAPPED_BASE + 0x1000000)
- 
-+#ifdef CONFIG_PAX_ASLR
-+#define PAX_ELF_ET_DYN_BASE	(current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
-+
-+#define PAX_DELTA_MMAP_LEN	(current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
-+#define PAX_DELTA_STACK_LEN	(current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
-+#endif
-+
- /* $0 is set by ld.so to a pointer to a function which might be 
-    registered using atexit.  This provides a mean for the dynamic
-    linker to call DT_FINI functions for shared libraries that have
-diff -urNp linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h	2009-07-30 17:59:25.587759902 -0400
-@@ -24,7 +24,8 @@ D(9)	KM_IRQ0,
- D(10)	KM_IRQ1,
- D(11)	KM_SOFTIRQ0,
- D(12)	KM_SOFTIRQ1,
--D(13)	KM_TYPE_NR
-+D(13)  KM_CLEARPAGE,
-+D(14)  KM_TYPE_NR
- };
- 
- #undef D
-diff -urNp linux-2.6.29.6/arch/alpha/include/asm/pgtable.h linux-2.6.29.6/arch/alpha/include/asm/pgtable.h
---- linux-2.6.29.6/arch/alpha/include/asm/pgtable.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/include/asm/pgtable.h	2009-07-30 17:59:25.588634543 -0400
-@@ -101,6 +101,17 @@ struct vm_area_struct;
- #define PAGE_SHARED	__pgprot(_PAGE_VALID | __ACCESS_BITS)
- #define PAGE_COPY	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
- #define PAGE_READONLY	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
-+
-+#ifdef CONFIG_PAX_PAGEEXEC
-+# define PAGE_SHARED_NOEXEC	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
-+# define PAGE_COPY_NOEXEC	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
-+# define PAGE_READONLY_NOEXEC	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
-+#else
-+# define PAGE_SHARED_NOEXEC	PAGE_SHARED
-+# define PAGE_COPY_NOEXEC	PAGE_COPY
-+# define PAGE_READONLY_NOEXEC	PAGE_READONLY
-+#endif
-+
- #define PAGE_KERNEL	__pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
- 
- #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
-diff -urNp linux-2.6.29.6/arch/alpha/kernel/module.c linux-2.6.29.6/arch/alpha/kernel/module.c
---- linux-2.6.29.6/arch/alpha/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/kernel/module.c	2009-07-30 17:59:25.588634543 -0400
+diff -urNp linux-2.6.27.4/arch/alpha/kernel/module.c linux-2.6.27.4/arch/alpha/kernel/module.c
+--- linux-2.6.27.4/arch/alpha/kernel/module.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/alpha/kernel/module.c	2008-10-27 22:36:16.000000000 -0400
 @@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, 
  
  	/* The small sections were sorted to the end of the segment.
@@ -74,21 +10,21 @@
  	got = sechdrs[me->arch.gotsecindex].sh_addr;
  
  	for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.29.6/arch/alpha/kernel/osf_sys.c linux-2.6.29.6/arch/alpha/kernel/osf_sys.c
---- linux-2.6.29.6/arch/alpha/kernel/osf_sys.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/kernel/osf_sys.c	2009-07-30 17:59:25.588634543 -0400
-@@ -1217,6 +1217,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.27.4/arch/alpha/kernel/osf_sys.c linux-2.6.27.4/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.27.4/arch/alpha/kernel/osf_sys.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/alpha/kernel/osf_sys.c	2008-10-27 22:36:16.000000000 -0400
+@@ -1232,6 +1232,10 @@ arch_get_unmapped_area(struct file *filp
  	   merely specific addresses, but regions of memory -- perhaps
  	   this feature should be incorporated into all ports?  */
  
 +#ifdef CONFIG_PAX_RANDMMAP
-+	if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++	if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
 +#endif
 +
  	if (addr) {
  		addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
  		if (addr != (unsigned long) -ENOMEM)
-@@ -1224,8 +1228,8 @@ arch_get_unmapped_area(struct file *filp
+@@ -1239,8 +1243,8 @@ arch_get_unmapped_area(struct file *filp
  	}
  
  	/* Next, try allocating at TASK_UNMAPPED_BASE.  */
@@ -99,9 +35,30 @@
  	if (addr != (unsigned long) -ENOMEM)
  		return addr;
  
-diff -urNp linux-2.6.29.6/arch/alpha/mm/fault.c linux-2.6.29.6/arch/alpha/mm/fault.c
---- linux-2.6.29.6/arch/alpha/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/alpha/mm/fault.c	2009-07-30 17:59:25.589701037 -0400
+diff -urNp linux-2.6.27.4/arch/alpha/kernel/ptrace.c linux-2.6.27.4/arch/alpha/kernel/ptrace.c
+--- linux-2.6.27.4/arch/alpha/kernel/ptrace.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/alpha/kernel/ptrace.c	2008-10-25 12:03:06.000000000 -0400
+@@ -15,6 +15,7 @@
+ #include <linux/slab.h>
+ #include <linux/security.h>
+ #include <linux/signal.h>
++#include <linux/grsecurity.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+@@ -266,6 +267,9 @@ long arch_ptrace(struct task_struct *chi
+ 	size_t copied;
+ 	long ret;
+ 
++	if (gr_handle_ptrace(child, request))
++		return -EPERM;
++
+ 	switch (request) {
+ 	/* When I and D space are separate, these will need to be fixed.  */
+ 	case PTRACE_PEEKTEXT: /* read word at location addr. */
+diff -urNp linux-2.6.27.4/arch/alpha/mm/fault.c linux-2.6.27.4/arch/alpha/mm/fault.c
+--- linux-2.6.27.4/arch/alpha/mm/fault.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/alpha/mm/fault.c	2008-10-27 22:36:16.000000000 -0400
 @@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
  	__reload_thread(pcb);
  }
@@ -258,88 +215,21 @@
  	} else if (!cause) {
  		/* Allow reads even for write-only mappings */
  		if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.29.6/arch/arm/include/asm/atomic.h linux-2.6.29.6/arch/arm/include/asm/atomic.h
---- linux-2.6.29.6/arch/arm/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/arm/include/asm/atomic.h	2009-07-30 17:59:25.589701037 -0400
-@@ -191,6 +191,9 @@ static inline int atomic_add_unless(atom
- #define atomic_inc(v)		(void) atomic_add_return(1, v)
- #define atomic_sub(i, v)	(void) atomic_sub_return(i, v)
- #define atomic_dec(v)		(void) atomic_sub_return(1, v)
-+#define atomic_inc_unchecked(v)		(void) atomic_inc(v)
-+#define atomic_add_unchecked(i, v)	(void) atomic_add(i, v)
-+#define atomic_sub_unchecked(i, v)	(void) atomic_sub(i, v)
- 
- #define atomic_inc_and_test(v)	(atomic_add_return(1, v) == 0)
- #define atomic_dec_and_test(v)	(atomic_sub_return(1, v) == 0)
-diff -urNp linux-2.6.29.6/arch/arm/include/asm/elf.h linux-2.6.29.6/arch/arm/include/asm/elf.h
---- linux-2.6.29.6/arch/arm/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/arm/include/asm/elf.h	2009-07-30 17:59:25.589701037 -0400
-@@ -100,7 +100,14 @@ extern int arm_elf_read_implies_exec(con
-    the loader.  We need to make sure that it is out of the way of the program
-    that it will "exec", and that there is sufficient room for the brk.  */
- 
--#define ELF_ET_DYN_BASE	(2 * TASK_SIZE / 3)
-+#define ELF_ET_DYN_BASE		(TASK_SIZE / 3 * 2)
-+
-+#ifdef CONFIG_PAX_ASLR
-+#define PAX_ELF_ET_DYN_BASE	0x00008000UL
-+
-+#define PAX_DELTA_MMAP_LEN	((current->personality == PER_LINUX_32BIT) ? 16 : 10)
-+#define PAX_DELTA_STACK_LEN	((current->personality == PER_LINUX_32BIT) ? 16 : 10)
-+#endif
- 
- /* When the program starts, a1 contains a pointer to a function to be 
-    registered with atexit, as per the SVR4 ABI.  A value of 0 means we 
-diff -urNp linux-2.6.29.6/arch/arm/include/asm/kmap_types.h linux-2.6.29.6/arch/arm/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/arm/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/arm/include/asm/kmap_types.h	2009-07-30 17:59:25.589701037 -0400
-@@ -18,6 +18,7 @@ enum km_type {
- 	KM_IRQ1,
- 	KM_SOFTIRQ0,
- 	KM_SOFTIRQ1,
-+	KM_CLEARPAGE,
- 	KM_TYPE_NR
- };
- 
-diff -urNp linux-2.6.29.6/arch/arm/include/asm/uaccess.h linux-2.6.29.6/arch/arm/include/asm/uaccess.h
---- linux-2.6.29.6/arch/arm/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/arm/include/asm/uaccess.h	2009-07-30 17:59:25.590775992 -0400
-@@ -400,7 +400,7 @@ static inline unsigned long __must_check
- {
- 	if (access_ok(VERIFY_READ, from, n))
- 		n = __copy_from_user(to, from, n);
--	else /* security hole - plug it */
-+	else if ((long)n > 0) /* security hole - plug it -- good idea! */
- 		memset(to, 0, n);
- 	return n;
- }
-diff -urNp linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c
---- linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c	2009-07-30 17:59:25.590775992 -0400
-@@ -195,7 +195,7 @@ static int clk_debugfs_open(struct inode
- 	return single_open(file, clk_debugfs_show, NULL);
- }
- 
--static struct file_operations clk_debugfs_operations = {
-+static const struct file_operations clk_debugfs_operations = {
- 	.open = clk_debugfs_open,
- 	.read = seq_read,
- 	.llseek = seq_lseek,
-diff -urNp linux-2.6.29.6/arch/arm/mm/mmap.c linux-2.6.29.6/arch/arm/mm/mmap.c
---- linux-2.6.29.6/arch/arm/mm/mmap.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/arm/mm/mmap.c	2009-07-30 17:59:25.590775992 -0400
-@@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.27.4/arch/arm/mm/mmap.c linux-2.6.27.4/arch/arm/mm/mmap.c
+--- linux-2.6.27.4/arch/arm/mm/mmap.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/arm/mm/mmap.c	2008-10-27 22:36:16.000000000 -0400
+@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
  	if (len > TASK_SIZE)
  		return -ENOMEM;
  
 +#ifdef CONFIG_PAX_RANDMMAP
-+	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
 +#endif
 +
  	if (addr) {
  		if (do_align)
  			addr = COLOUR_ALIGN(addr, pgoff);
-@@ -74,10 +78,10 @@ arch_get_unmapped_area(struct file *filp
+@@ -72,10 +76,10 @@ arch_get_unmapped_area(struct file *filp
  			return addr;
  	}
  	if (len > mm->cached_hole_size) {
@@ -353,7 +243,7 @@
  	}
  
  full_search:
-@@ -93,8 +97,8 @@ full_search:
+@@ -91,8 +95,8 @@ full_search:
  			 * Start a new search - just in case we missed
  			 * some holes.
  			 */
@@ -364,57 +254,9 @@
  				mm->cached_hole_size = 0;
  				goto full_search;
  			}
-diff -urNp linux-2.6.29.6/arch/avr32/include/asm/atomic.h linux-2.6.29.6/arch/avr32/include/asm/atomic.h
---- linux-2.6.29.6/arch/avr32/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/avr32/include/asm/atomic.h	2009-07-30 17:59:25.591659028 -0400
-@@ -176,9 +176,12 @@ static inline int atomic_sub_if_positive
- #define atomic_cmpxchg(v, o, n)	(cmpxchg(&((v)->counter), (o), (n)))
- 
- #define atomic_sub(i, v)	(void)atomic_sub_return(i, v)
-+#define atomic_sub_unchecked(i, v)	atomic_sub((i), (v))
- #define atomic_add(i, v)	(void)atomic_add_return(i, v)
-+#define atomic_add_unchecked(i, v)	atomic_add((i), (v))
- #define atomic_dec(v)		atomic_sub(1, (v))
- #define atomic_inc(v)		atomic_add(1, (v))
-+#define atomic_inc_unchecked(v)	atomic_inc(v)
- 
- #define atomic_dec_return(v)	atomic_sub_return(1, v)
- #define atomic_inc_return(v)	atomic_add_return(1, v)
-diff -urNp linux-2.6.29.6/arch/avr32/include/asm/elf.h linux-2.6.29.6/arch/avr32/include/asm/elf.h
---- linux-2.6.29.6/arch/avr32/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/avr32/include/asm/elf.h	2009-07-30 17:59:25.591659028 -0400
-@@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
-    the loader.  We need to make sure that it is out of the way of the program
-    that it will "exec", and that there is sufficient room for the brk.  */
- 
--#define ELF_ET_DYN_BASE         (2 * TASK_SIZE / 3)
-+#define ELF_ET_DYN_BASE		(TASK_SIZE / 3 * 2)
- 
-+#ifdef CONFIG_PAX_ASLR
-+#define PAX_ELF_ET_DYN_BASE	0x00001000UL
-+
-+#define PAX_DELTA_MMAP_LEN	15
-+#define PAX_DELTA_STACK_LEN	15
-+#endif
- 
- /* This yields a mask that user programs can use to figure out what
-    instruction set this CPU supports.  This could be done in user space,
-diff -urNp linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h	2009-07-30 17:59:25.591659028 -0400
-@@ -22,7 +22,8 @@ D(10)	KM_IRQ0,
- D(11)	KM_IRQ1,
- D(12)	KM_SOFTIRQ0,
- D(13)	KM_SOFTIRQ1,
--D(14)	KM_TYPE_NR
-+D(14)	KM_CLEARPAGE,
-+D(15)	KM_TYPE_NR
- };
- 
- #undef D
-diff -urNp linux-2.6.29.6/arch/avr32/mm/fault.c linux-2.6.29.6/arch/avr32/mm/fault.c
---- linux-2.6.29.6/arch/avr32/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/avr32/mm/fault.c	2009-07-30 17:59:25.604173430 -0400
+diff -urNp linux-2.6.27.4/arch/avr32/mm/fault.c linux-2.6.27.4/arch/avr32/mm/fault.c
+--- linux-2.6.27.4/arch/avr32/mm/fault.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/avr32/mm/fault.c	2008-10-27 22:36:16.000000000 -0400
 @@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
  
  int exception_trace = 1;
@@ -456,132 +298,9 @@
  		if (exception_trace && printk_ratelimit())
  			printk("%s%s[%d]: segfault at %08lx pc %08lx "
  			       "sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.29.6/arch/blackfin/include/asm/atomic.h linux-2.6.29.6/arch/blackfin/include/asm/atomic.h
---- linux-2.6.29.6/arch/blackfin/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/blackfin/include/asm/atomic.h	2009-07-30 17:59:25.604587682 -0400
-@@ -178,6 +178,9 @@ static inline void atomic_set_mask(unsig
- 
- #endif /* !CONFIG_SMP */
- 
-+#define atomic_add_unchecked(i, v) atomic_add((i), (v))
-+#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
-+#define atomic_inc_unchecked(v) atomic_inc((v))
- #define atomic_add_negative(a, v)	(atomic_add_return((a), (v)) < 0)
- #define atomic_dec_return(v) atomic_sub_return(1,(v))
- #define atomic_inc_return(v) atomic_add_return(1,(v))
-diff -urNp linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h	2009-07-30 17:59:25.604587682 -0400
-@@ -15,6 +15,7 @@ enum km_type {
- 	KM_IRQ1,
- 	KM_SOFTIRQ0,
- 	KM_SOFTIRQ1,
-+	KM_CLEARPAGE,
- 	KM_TYPE_NR
- };
- 
-diff -urNp linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c
---- linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c	2009-07-30 17:59:25.604587682 -0400
-@@ -292,7 +292,7 @@ static int coreb_ioctl(struct inode *ino
- 	return retval;
- }
- 
--static struct file_operations coreb_fops = {
-+static const struct file_operations coreb_fops = {
- 	.owner = THIS_MODULE,
- 	.llseek = coreb_lseek,
- 	.read = coreb_read,
-diff -urNp linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c
---- linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c	2009-07-30 17:59:25.605582800 -0400
-@@ -244,7 +244,7 @@ static unsigned sync_serial_prescale_sha
- 
- #define NUMBER_OF_PORTS 2
- 
--static struct file_operations sync_serial_fops = {
-+static const struct file_operations sync_serial_fops = {
- 	.owner   = THIS_MODULE,
- 	.write   = sync_serial_write,
- 	.read    = sync_serial_read,
-diff -urNp linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c
---- linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c	2009-07-30 17:59:25.605582800 -0400
-@@ -855,7 +855,7 @@ gpio_leds_ioctl(unsigned int cmd, unsign
- 	return 0;
- }
- 
--struct file_operations gpio_fops = {
-+struct struct file_operations gpio_fops = {
- 	.owner       = THIS_MODULE,
- 	.poll        = gpio_poll,
- 	.ioctl       = gpio_ioctl,
-diff -urNp linux-2.6.29.6/arch/cris/include/asm/atomic.h linux-2.6.29.6/arch/cris/include/asm/atomic.h
---- linux-2.6.29.6/arch/cris/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/cris/include/asm/atomic.h	2009-07-30 17:59:25.605582800 -0400
-@@ -152,6 +152,10 @@ static inline int atomic_add_unless(atom
- }
- #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
- 
-+#define atomic_inc_unchecked(v) atomic_inc((v))
-+#define atomic_add_unchecked(i,v) atomic_add((i),(v))
-+#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
-+
- /* Atomic operations are already serializing */
- #define smp_mb__before_atomic_dec()    barrier()
- #define smp_mb__after_atomic_dec()     barrier()
-diff -urNp linux-2.6.29.6/arch/cris/include/asm/kmap_types.h linux-2.6.29.6/arch/cris/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/cris/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/cris/include/asm/kmap_types.h	2009-07-30 17:59:25.606647968 -0400
-@@ -19,6 +19,7 @@ enum km_type {
- 	KM_IRQ1,
- 	KM_SOFTIRQ0,
- 	KM_SOFTIRQ1,
-+	KM_CLEARPAGE,
- 	KM_TYPE_NR
- };
- 
-diff -urNp linux-2.6.29.6/arch/h8300/include/asm/atomic.h linux-2.6.29.6/arch/h8300/include/asm/atomic.h
---- linux-2.6.29.6/arch/h8300/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/h8300/include/asm/atomic.h	2009-07-30 17:59:25.606647968 -0400
-@@ -26,6 +26,7 @@ static __inline__ int atomic_add_return(
- }
- 
- #define atomic_add(i, v) atomic_add_return(i, v)
-+#define atomic_add_unchecked(i, v) atomic_add((i), (v))
- #define atomic_add_negative(a, v)	(atomic_add_return((a), (v)) < 0)
- 
- static __inline__ int atomic_sub_return(int i, atomic_t *v)
-@@ -38,6 +39,7 @@ static __inline__ int atomic_sub_return(
- }
- 
- #define atomic_sub(i, v) atomic_sub_return(i, v)
-+#define atomic_subUnchecked(i, v) atomic_sub(i, v)
- #define atomic_sub_and_test(i,v) (atomic_sub_return(i, v) == 0)
- 
- static __inline__ int atomic_inc_return(atomic_t *v)
-@@ -51,6 +53,7 @@ static __inline__ int atomic_inc_return(
- }
- 
- #define atomic_inc(v) atomic_inc_return(v)
-+#define atomic_inc_unchecked(v) atomic_inc(v)
- 
- /*
-  * atomic_inc_and_test - increment and test
-diff -urNp linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h	2009-07-30 17:59:25.606647968 -0400
-@@ -15,6 +15,7 @@ enum km_type {
- 	KM_IRQ1,
- 	KM_SOFTIRQ0,
- 	KM_SOFTIRQ1,
-+	KM_CLEARPAGE,
- 	KM_TYPE_NR
- };
- 
-diff -urNp linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c
---- linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c	2009-07-30 17:59:25.606647968 -0400
+diff -urNp linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c	2008-10-27 22:36:16.000000000 -0400
 @@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
  
  #define elf_read_implies_exec(ex, have_pt_gnu_stack)	(!(have_pt_gnu_stack))
@@ -596,23 +315,9 @@
  /* Ugly but avoids duplication */
  #include "../../../fs/binfmt_elf.c"
  
-@@ -69,11 +76,11 @@ ia32_install_gate_page (struct vm_area_s
- }
- 
- 
--static struct vm_operations_struct ia32_shared_page_vm_ops = {
-+static const struct vm_operations_struct ia32_shared_page_vm_ops = {
- 	.fault = ia32_install_shared_page
- };
- 
--static struct vm_operations_struct ia32_gate_page_vm_ops = {
-+static const struct vm_operations_struct ia32_gate_page_vm_ops = {
- 	.fault = ia32_install_gate_page
- };
- 
-diff -urNp linux-2.6.29.6/arch/ia64/ia32/ia32priv.h linux-2.6.29.6/arch/ia64/ia32/ia32priv.h
---- linux-2.6.29.6/arch/ia64/ia32/ia32priv.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/ia32/ia32priv.h	2009-07-30 17:59:25.607653488 -0400
+diff -urNp linux-2.6.27.4/arch/ia64/ia32/ia32priv.h linux-2.6.27.4/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.27.4/arch/ia64/ia32/ia32priv.h	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/ia64/ia32/ia32priv.h	2008-10-27 22:36:16.000000000 -0400
 @@ -296,7 +296,14 @@ typedef struct compat_siginfo {
  #define ELF_DATA	ELFDATA2LSB
  #define ELF_ARCH	EM_386
@@ -629,96 +334,9 @@
  #define IA32_GATE_OFFSET	IA32_PAGE_OFFSET
  #define IA32_GATE_END		IA32_PAGE_OFFSET + PAGE_SIZE
  
-diff -urNp linux-2.6.29.6/arch/ia64/include/asm/atomic.h linux-2.6.29.6/arch/ia64/include/asm/atomic.h
---- linux-2.6.29.6/arch/ia64/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/include/asm/atomic.h	2009-07-30 17:59:25.607653488 -0400
-@@ -201,8 +201,11 @@ atomic64_add_negative (__s64 i, atomic64
- #define atomic64_inc_and_test(v)	(atomic64_add_return(1, (v)) == 0)
- 
- #define atomic_add(i,v)			atomic_add_return((i), (v))
-+#define atomic_add_unchecked(i,v)	atomic_add((i), (v))
- #define atomic_sub(i,v)			atomic_sub_return((i), (v))
-+#define atomic_sub_unchecked(i,v)	atomic_sub((i), (v))
- #define atomic_inc(v)			atomic_add(1, (v))
-+#define atomic_inc_unchecked(v)		atomic_inc(v)
- #define atomic_dec(v)			atomic_sub(1, (v))
- 
- #define atomic64_add(i,v)		atomic64_add_return((i), (v))
-diff -urNp linux-2.6.29.6/arch/ia64/include/asm/elf.h linux-2.6.29.6/arch/ia64/include/asm/elf.h
---- linux-2.6.29.6/arch/ia64/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/include/asm/elf.h	2009-07-30 17:59:25.607653488 -0400
-@@ -43,6 +43,13 @@
-  */
- #define ELF_ET_DYN_BASE		(TASK_UNMAPPED_BASE + 0x800000000UL)
- 
-+#ifdef CONFIG_PAX_ASLR
-+#define PAX_ELF_ET_DYN_BASE	(current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
-+
-+#define PAX_DELTA_MMAP_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
-+#define PAX_DELTA_STACK_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
-+#endif
-+
- #define PT_IA_64_UNWIND		0x70000001
- 
- /* IA-64 relocations: */
-diff -urNp linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h
---- linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h	2009-07-30 17:59:25.607653488 -0400
-@@ -22,7 +22,8 @@ D(9)	KM_IRQ0,
- D(10)	KM_IRQ1,
- D(11)	KM_SOFTIRQ0,
- D(12)	KM_SOFTIRQ1,
--D(13)	KM_TYPE_NR
-+D(13)	KM_CLEARPAGE,
-+D(14)	KM_TYPE_NR
- };
- 
- #undef D
-diff -urNp linux-2.6.29.6/arch/ia64/include/asm/pgtable.h linux-2.6.29.6/arch/ia64/include/asm/pgtable.h
---- linux-2.6.29.6/arch/ia64/include/asm/pgtable.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/include/asm/pgtable.h	2009-07-30 17:59:25.608753765 -0400
-@@ -143,6 +143,17 @@
- #define PAGE_READONLY	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
- #define PAGE_COPY	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
- #define PAGE_COPY_EXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
-+
-+#ifdef CONFIG_PAX_PAGEEXEC
-+# define PAGE_SHARED_NOEXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
-+# define PAGE_READONLY_NOEXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
-+# define PAGE_COPY_NOEXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
-+#else
-+# define PAGE_SHARED_NOEXEC	PAGE_SHARED
-+# define PAGE_READONLY_NOEXEC	PAGE_READONLY
-+# define PAGE_COPY_NOEXEC	PAGE_COPY
-+#endif
-+
- #define PAGE_GATE	__pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
- #define PAGE_KERNEL	__pgprot(__DIRTY_BITS  | _PAGE_PL_0 | _PAGE_AR_RWX)
- #define PAGE_KERNELRX	__pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
-diff -urNp linux-2.6.29.6/arch/ia64/include/asm/uaccess.h linux-2.6.29.6/arch/ia64/include/asm/uaccess.h
---- linux-2.6.29.6/arch/ia64/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/include/asm/uaccess.h	2009-07-30 17:59:25.608753765 -0400
-@@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
- 	const void *__cu_from = (from);							\
- 	long __cu_len = (n);								\
- 											\
--	if (__access_ok(__cu_to, __cu_len, get_fs()))					\
-+	if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs()))	\
- 		__cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len);	\
- 	__cu_len;									\
- })
-@@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
- 	long __cu_len = (n);								\
- 											\
- 	__chk_user_ptr(__cu_from);							\
--	if (__access_ok(__cu_from, __cu_len, get_fs()))					\
-+	if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs()))	\
- 		__cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len);	\
- 	__cu_len;									\
- })
-diff -urNp linux-2.6.29.6/arch/ia64/kernel/module.c linux-2.6.29.6/arch/ia64/kernel/module.c
---- linux-2.6.29.6/arch/ia64/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/kernel/module.c	2009-07-30 17:59:25.609598673 -0400
+diff -urNp linux-2.6.27.4/arch/ia64/kernel/module.c linux-2.6.27.4/arch/ia64/kernel/module.c
+--- linux-2.6.27.4/arch/ia64/kernel/module.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/ia64/kernel/module.c	2008-10-27 22:36:16.000000000 -0400
 @@ -312,8 +312,7 @@ module_alloc (unsigned long size)
  void
  module_free (struct module *mod, void *module_region)
@@ -807,28 +425,16 @@
  		mod->arch.gp = gp;
  		DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
  	}
-diff -urNp linux-2.6.29.6/arch/ia64/kernel/perfmon.c linux-2.6.29.6/arch/ia64/kernel/perfmon.c
---- linux-2.6.29.6/arch/ia64/kernel/perfmon.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/kernel/perfmon.c	2009-07-30 17:59:25.610733927 -0400
-@@ -2196,7 +2196,7 @@ pfmfs_delete_dentry(struct dentry *dentr
- 	return 1;
- }
- 
--static struct dentry_operations pfmfs_dentry_operations = {
-+static const struct dentry_operations pfmfs_dentry_operations = {
- 	.d_delete = pfmfs_delete_dentry,
- };
- 
-diff -urNp linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c
---- linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c	2009-07-02 19:41:20.000000000 -0400
-+++ linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c	2009-07-30 17:59:25.611710470 -0400
+diff -urNp linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c	2008-10-22 17:38:01.000000000 -0400
++++ linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c	2008-10-27 22:36:16.000000000 -0400
 @@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
  	if (REGION_NUMBER(addr) == RGN_HPAGE)
  		addr = 0;
  #endif
 +
 +#ifdef CONFIG_PAX_RANDMMAP
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.7&r2=1.3.2.8&f=u

