packages: kernel/kernel-grsec-caps.patch, kernel/kernel-grsec_full.patch, k...

Sun Oct 23 13:51:15 CEST 2011

Author: arekm                        Date: Sun Oct 23 11:51:15 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 2; up grsec to grsecurity-2.2.2-3.0.7-201110200052.patch

---- Files affected:
packages/kernel:
   kernel-grsec-caps.patch (1.4 -> 1.5) , kernel-grsec_full.patch (1.84 -> 1.85) , kernel.spec (1.985 -> 1.986) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec-caps.patch
diff -u packages/kernel/kernel-grsec-caps.patch:1.4 packages/kernel/kernel-grsec-caps.patch:1.5

--- packages/kernel/kernel-grsec-caps.patch:1.4	Fri Sep 16 19:38:53 2011
+++ packages/kernel/kernel-grsec-caps.patch	Sun Oct 23 13:51:09 2011
@@ -1,11 +1,11 @@
 --- linux-3.0/grsecurity/grsec_exec.c~	2011-09-16 15:24:46.000000000 +0200
 +++ linux-3.0/grsecurity/grsec_exec.c	2011-09-16 15:26:29.350213716 +0200
 @@ -114,7 +114,8 @@
- 	"CAP_SETFCAP",
  	"CAP_MAC_OVERRIDE",
  	"CAP_MAC_ADMIN",
--	"CAP_SYSLOG"
-+	"CAP_SYSLOG",
+ 	"CAP_SYSLOG",
+-	"CAP_WAKE_ALARM"
++	"CAP_WAKE_ALARM",
 +	"CAP_CONTEXT"
  };
  

================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.84 packages/kernel/kernel-grsec_full.patch:1.85
--- packages/kernel/kernel-grsec_full.patch:1.84	Tue Oct 18 13:01:26 2011
+++ packages/kernel/kernel-grsec_full.patch	Sun Oct 23 13:51:09 2011
@@ -1,3 +1,325 @@
+diff -urNp linux-3.0.7/Documentation/dontdiff linux-3.0.7/Documentation/dontdiff
+--- linux-3.0.7/Documentation/dontdiff	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/Documentation/dontdiff	2011-10-07 19:07:23.000000000 -0400
+@@ -5,6 +5,7 @@
+ *.cis
+ *.cpio
+ *.csp
++*.dbg
+ *.dsp
+ *.dvi
+ *.elf
+@@ -48,9 +49,11 @@
+ *.tab.h
+ *.tex
+ *.ver
++*.vim
+ *.xml
+ *.xz
+ *_MODULES
++*_reg_safe.h
+ *_vga16.c
+ *~
+ \#*#
+@@ -70,6 +73,7 @@ Kerntypes
+ Module.markers
+ Module.symvers
+ PENDING
++PERF*
+ SCCS
+ System.map*
+ TAGS
+@@ -98,6 +102,8 @@ bzImage*
+ capability_names.h
+ capflags.c
+ classlist.h*
++clut_vga16.c
++common-cmds.h
+ comp*.log
+ compile.h*
+ conf
+@@ -126,12 +132,14 @@ fore200e_pca_fw.c*
+ gconf
+ gconf.glade.h
+ gen-devlist
++gen-kdb_cmds.c
+ gen_crc32table
+ gen_init_cpio
+ generated
+ genheaders
+ genksyms
+ *_gray256.c
++hash
+ hpet_example
+ hugepage-mmap
+ hugepage-shm
+@@ -146,7 +154,6 @@ int32.c
+ int4.c
+ int8.c
+ kallsyms
+-kconfig
+ keywords.c
+ ksym.c*
+ ksym.h*
+@@ -154,7 +161,6 @@ kxgettext
+ lkc_defs.h
+ lex.c
+ lex.*.c
+-linux
+ logo_*.c
+ logo_*_clut224.c
+ logo_*_mono.c
+@@ -166,7 +172,6 @@ machtypes.h
+ map
+ map_hugetlb
+ maui_boot.h
+-media
+ mconf
+ miboot*
+ mk_elfconfig
+@@ -174,6 +179,7 @@ mkboot
+ mkbugboot
+ mkcpustr
+ mkdep
++mkpiggy
+ mkprep
+ mkregtable
+ mktables
+@@ -209,6 +215,7 @@ r300_reg_safe.h
+ r420_reg_safe.h
+ r600_reg_safe.h
+ recordmcount
++regdb.c
+ relocs
+ rlim_names.h
+ rn50_reg_safe.h
+@@ -219,6 +226,7 @@ setup
+ setup.bin
+ setup.elf
+ sImage
++slabinfo
+ sm_tbl*
+ split-include
+ syscalltab.h
+@@ -246,7 +254,9 @@ vmlinux
+ vmlinux-*
+ vmlinux.aout
+ vmlinux.bin.all
++vmlinux.bin.bz2
+ vmlinux.lds
++vmlinux.relocs
+ vmlinuz
+ voffset.h
+ vsyscall.lds
+@@ -254,6 +264,7 @@ vsyscall_32.lds
+ wanxlfw.inc
+ uImage
+ unifdef
++utsrelease.h
+ wakeup.bin
+ wakeup.elf
+ wakeup.lds
+diff -urNp linux-3.0.7/Documentation/kernel-parameters.txt linux-3.0.7/Documentation/kernel-parameters.txt
+--- linux-3.0.7/Documentation/kernel-parameters.txt	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/Documentation/kernel-parameters.txt	2011-08-23 21:47:55.000000000 -0400
+@@ -1883,6 +1883,13 @@ bytes respectively. Such letter suffixes
+ 			the specified number of seconds.  This is to be used if
+ 			your oopses keep scrolling off the screen.
+ 
++	pax_nouderef	[X86] disables UDEREF.  Most likely needed under certain
++			virtualization environments that don't cope well with the
++			expand down segment used by UDEREF on X86-32 or the frequent
++			page table updates on X86-64.
++
++	pax_softmode=	0/1 to disable/enable PaX softmode on boot already.
++
+ 	pcbit=		[HW,ISDN]
+ 
+ 	pcd.		[PARIDE]
+diff -urNp linux-3.0.7/Makefile linux-3.0.7/Makefile
+--- linux-3.0.7/Makefile	2011-10-17 23:17:08.000000000 -0400
++++ linux-3.0.7/Makefile	2011-10-17 23:17:19.000000000 -0400
+@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
+ 
+ HOSTCC       = gcc
+ HOSTCXX      = g++
+-HOSTCFLAGS   = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
+-HOSTCXXFLAGS = -O2
++HOSTCFLAGS   = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
++HOSTCFLAGS  += $(call cc-option, -Wno-empty-body)
++HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
+ 
+ # Decide whether to build built-in, modular, or both.
+ # Normally, just do built-in.
+@@ -365,10 +366,12 @@ LINUXINCLUDE    := -I$(srctree)/arch/$(h
+ KBUILD_CPPFLAGS := -D__KERNEL__
+ 
+ KBUILD_CFLAGS   := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
++		   -W -Wno-unused-parameter -Wno-missing-field-initializers \
+ 		   -fno-strict-aliasing -fno-common \
+ 		   -Werror-implicit-function-declaration \
+ 		   -Wno-format-security \
+ 		   -fno-delete-null-pointer-checks
++KBUILD_CFLAGS   += $(call cc-option, -Wno-empty-body)
+ KBUILD_AFLAGS_KERNEL :=
+ KBUILD_CFLAGS_KERNEL :=
+ KBUILD_AFLAGS   := -D__ASSEMBLY__
+@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS 
+ # Rules shared between *config targets and build targets
+ 
+ # Basic helpers built in scripts/
+-PHONY += scripts_basic
+-scripts_basic:
++PHONY += scripts_basic gcc-plugins
++scripts_basic: gcc-plugins
+ 	$(Q)$(MAKE) $(build)=scripts/basic
+ 	$(Q)rm -f .tmp_quiet_recordmcount
+ 
+@@ -564,6 +567,36 @@ else
+ KBUILD_CFLAGS	+= -O2
+ endif
+ 
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
++CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++ifdef CONFIG_PAX_MEMORY_STACKLEAK
++STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
++endif
++ifdef CONFIG_KALLOCSTAT_PLUGIN
++KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
++endif
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
++ifdef CONFIG_CHECKER_PLUGIN
++ifeq ($(call cc-ifversion, -ge, 0406, y), y)
++CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
++endif
++endif
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
++gcc-plugins:
++	$(Q)$(MAKE) $(build)=tools/gcc
++else
++gcc-plugins:
++ifeq ($(call cc-ifversion, -ge, 0405, y), y)
++	$(error Your gcc installation does not support plugins.  If the necessary headers for plugin support are missing, they should be installed.  On Debian, apt-get install gcc-<ver>-plugin-dev.))
++else
++	$(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least"
++endif
++	$(Q)echo "PAX_MEMORY_STACKLEAK and constification will be less secure"
++endif
++
+ include $(srctree)/arch/$(SRCARCH)/Makefile
+ 
+ ifneq ($(CONFIG_FRAME_WARN),0)
+@@ -708,7 +741,7 @@ export mod_strip_cmd
+ 
+ 
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ 
+ vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ 		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+@@ -932,6 +965,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
+ 
+ # The actual objects are generated when descending, 
+ # make sure no implicit rule kicks in
++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS)
+ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+ 
+ # Handle descending into subdirectories listed in $(vmlinux-dirs)
+@@ -941,7 +975,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) 
+ # Error messages still appears in the original language
+ 
+ PHONY += $(vmlinux-dirs)
+-$(vmlinux-dirs): prepare scripts
++$(vmlinux-dirs): gcc-plugins prepare scripts
+ 	$(Q)$(MAKE) $(build)=$@
+ 
+ # Store (new) KERNELRELASE string in include/config/kernel.release
+@@ -986,6 +1020,7 @@ prepare0: archprepare FORCE
+ 	$(Q)$(MAKE) $(build)=. missing-syscalls
+ 
+ # All the preparing..
++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS))
+ prepare: prepare0
+ 
+ # Generate some files
+@@ -1087,6 +1122,7 @@ all: modules
+ #	using awk while concatenating to the final file.
+ 
+ PHONY += modules
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
+ 	$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
+ 	@$(kecho) '  Building modules, stage 2.';
+@@ -1102,7 +1138,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+ 
+ # Target to prepare building external modules
+ PHONY += modules_prepare
+-modules_prepare: prepare scripts
++modules_prepare: gcc-plugins prepare scripts
+ 
+ # Target to install modules
+ PHONY += modules_install
+@@ -1198,7 +1234,7 @@ distclean: mrproper
+ 	@find $(srctree) $(RCS_FIND_IGNORE) \
+ 		\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
+ 		-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
+-		-o -name '.*.rej' -o -size 0 \
++		-o -name '.*.rej' -o -name '*.so' -o -size 0 \
+ 		-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
+ 		-type f -print | xargs rm -f
+ 
+@@ -1359,6 +1395,7 @@ PHONY += $(module-dirs) modules
+ $(module-dirs): crmodverdir $(objtree)/Module.symvers
+ 	$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
+ 
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(module-dirs)
+ 	@$(kecho) '  Building modules, stage 2.';
+ 	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
+@@ -1485,17 +1522,19 @@ else
+         target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
+ endif
+ 
+-%.s: %.c prepare scripts FORCE
++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.s: %.c gcc-plugins prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.i: %.c prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.o: %.c prepare scripts FORCE
++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.o: %.c gcc-plugins prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.lst: %.c prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.s: %.S prepare scripts FORCE
++%.s: %.S gcc-plugins prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.o: %.S prepare scripts FORCE
++%.o: %.S gcc-plugins prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.symtypes: %.c prepare scripts FORCE
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+@@ -1505,11 +1544,13 @@ endif
+ 	$(cmd_crmodverdir)
+ 	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ 	$(build)=$(build-dir)
+-%/: prepare scripts FORCE
++%/: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%/: gcc-plugins prepare scripts FORCE
+ 	$(cmd_crmodverdir)
+ 	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ 	$(build)=$(build-dir)
+-%.ko: prepare scripts FORCE
++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.ko: gcc-plugins prepare scripts FORCE
+ 	$(cmd_crmodverdir)
+ 	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1)   \
+ 	$(build)=$(build-dir) $(@:.ko=.o)
 diff -urNp linux-3.0.7/arch/alpha/include/asm/elf.h linux-3.0.7/arch/alpha/include/asm/elf.h
 --- linux-3.0.7/arch/alpha/include/asm/elf.h	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/alpha/include/asm/elf.h	2011-08-23 21:47:55.000000000 -0400
@@ -1687,30 +2009,6 @@
  {
  	return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
  }
-diff -urNp linux-3.0.7/arch/powerpc/include/asm/page_64.h linux-3.0.7/arch/powerpc/include/asm/page_64.h
---- linux-3.0.7/arch/powerpc/include/asm/page_64.h	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/powerpc/include/asm/page_64.h	2011-08-23 21:47:55.000000000 -0400
-@@ -155,15 +155,18 @@ do {						\
-  * stack by default, so in the absence of a PT_GNU_STACK program header
-  * we turn execute permission off.
-  */
--#define VM_STACK_DEFAULT_FLAGS32	(VM_READ | VM_WRITE | VM_EXEC | \
--					 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-+#define VM_STACK_DEFAULT_FLAGS32 \
-+	(((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
-+	 VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
- 
- #define VM_STACK_DEFAULT_FLAGS64	(VM_READ | VM_WRITE | \
- 					 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
- 
-+#ifndef CONFIG_PAX_PAGEEXEC
- #define VM_STACK_DEFAULT_FLAGS \
- 	(is_32bit_task() ? \
- 	 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
-+#endif
- 
- #include <asm-generic/getorder.h>
- 
 diff -urNp linux-3.0.7/arch/powerpc/include/asm/page.h linux-3.0.7/arch/powerpc/include/asm/page.h
 --- linux-3.0.7/arch/powerpc/include/asm/page.h	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/powerpc/include/asm/page.h	2011-08-23 21:47:55.000000000 -0400
@@ -1736,6 +2034,30 @@
  #ifndef __ASSEMBLY__
  
  #undef STRICT_MM_TYPECHECKS
+diff -urNp linux-3.0.7/arch/powerpc/include/asm/page_64.h linux-3.0.7/arch/powerpc/include/asm/page_64.h
+--- linux-3.0.7/arch/powerpc/include/asm/page_64.h	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/powerpc/include/asm/page_64.h	2011-08-23 21:47:55.000000000 -0400
+@@ -155,15 +155,18 @@ do {						\
+  * stack by default, so in the absence of a PT_GNU_STACK program header
+  * we turn execute permission off.
+  */
+-#define VM_STACK_DEFAULT_FLAGS32	(VM_READ | VM_WRITE | VM_EXEC | \
+-					 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
++#define VM_STACK_DEFAULT_FLAGS32 \
++	(((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
++	 VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+ 
+ #define VM_STACK_DEFAULT_FLAGS64	(VM_READ | VM_WRITE | \
+ 					 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+ 
++#ifndef CONFIG_PAX_PAGEEXEC
+ #define VM_STACK_DEFAULT_FLAGS \
+ 	(is_32bit_task() ? \
+ 	 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
++#endif
+ 
+ #include <asm-generic/getorder.h>
+ 
 diff -urNp linux-3.0.7/arch/powerpc/include/asm/pgtable.h linux-3.0.7/arch/powerpc/include/asm/pgtable.h
 --- linux-3.0.7/arch/powerpc/include/asm/pgtable.h	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/powerpc/include/asm/pgtable.h	2011-08-23 21:47:55.000000000 -0400
@@ -1997,38 +2319,6 @@
  	mr	r5,r3
  	addi	r3,r1,STACK_FRAME_OVERHEAD
  	lwz	r4,_DAR(r1)
-diff -urNp linux-3.0.7/arch/powerpc/kernel/module_32.c linux-3.0.7/arch/powerpc/kernel/module_32.c
---- linux-3.0.7/arch/powerpc/kernel/module_32.c	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/powerpc/kernel/module_32.c	2011-08-23 21:47:55.000000000 -0400
-@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
- 			me->arch.core_plt_section = i;
- 	}
- 	if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
--		printk("Module doesn't contain .plt or .init.plt sections.\n");
-+		printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
- 		return -ENOEXEC;
- 	}
- 
-@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
- 
- 	DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
- 	/* Init, or core PLT? */
--	if (location >= mod->module_core
--	    && location < mod->module_core + mod->core_size)
-+	if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
-+	    (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
- 		entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
--	else
-+	else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
-+		 (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
- 		entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
-+	else {
-+		printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
-+		return ~0UL;
-+	}
- 
- 	/* Find this entry, or if that fails, the next avail. entry */
- 	while (entry->jump[0]) {
 diff -urNp linux-3.0.7/arch/powerpc/kernel/module.c linux-3.0.7/arch/powerpc/kernel/module.c
 --- linux-3.0.7/arch/powerpc/kernel/module.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/powerpc/kernel/module.c	2011-08-23 21:47:55.000000000 -0400
@@ -2071,6 +2361,38 @@
  static const Elf_Shdr *find_section(const Elf_Ehdr *hdr,
  				    const Elf_Shdr *sechdrs,
  				    const char *name)
+diff -urNp linux-3.0.7/arch/powerpc/kernel/module_32.c linux-3.0.7/arch/powerpc/kernel/module_32.c
+--- linux-3.0.7/arch/powerpc/kernel/module_32.c	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/powerpc/kernel/module_32.c	2011-08-23 21:47:55.000000000 -0400
+@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
+ 			me->arch.core_plt_section = i;
+ 	}
+ 	if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
+-		printk("Module doesn't contain .plt or .init.plt sections.\n");
++		printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
+ 		return -ENOEXEC;
+ 	}
+ 
+@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
+ 
+ 	DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
+ 	/* Init, or core PLT? */
+-	if (location >= mod->module_core
+-	    && location < mod->module_core + mod->core_size)
++	if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
++	    (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
+ 		entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
+-	else
++	else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
++		 (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
+ 		entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
++	else {
++		printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
++		return ~0UL;
++	}
+ 
+ 	/* Find this entry, or if that fails, the next avail. entry */
+ 	while (entry->jump[0]) {
 diff -urNp linux-3.0.7/arch/powerpc/kernel/process.c linux-3.0.7/arch/powerpc/kernel/process.c
 --- linux-3.0.7/arch/powerpc/kernel/process.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/powerpc/kernel/process.c	2011-08-23 21:48:14.000000000 -0400
@@ -2830,6 +3152,18 @@
  
  bottomup:
  	/*
+diff -urNp linux-3.0.7/arch/sparc/Makefile linux-3.0.7/arch/sparc/Makefile
+--- linux-3.0.7/arch/sparc/Makefile	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/sparc/Makefile	2011-08-23 21:48:14.000000000 -0400
+@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE)	+= arch/sparc
+ # Export what is needed by arch/sparc/boot/Makefile
+ export VMLINUX_INIT VMLINUX_MAIN
+ VMLINUX_INIT := $(head-y) $(init-y)
+-VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
+ VMLINUX_MAIN += $(drivers-y) $(net-y)
+ 
 diff -urNp linux-3.0.7/arch/sparc/include/asm/atomic_64.h linux-3.0.7/arch/sparc/include/asm/atomic_64.h
 --- linux-3.0.7/arch/sparc/include/asm/atomic_64.h	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/sparc/include/asm/atomic_64.h	2011-08-23 21:48:14.000000000 -0400
@@ -3246,6 +3580,23 @@
  	unsigned long		fpregs[0] __attribute__ ((aligned(64)));
  };
  
+diff -urNp linux-3.0.7/arch/sparc/include/asm/uaccess.h linux-3.0.7/arch/sparc/include/asm/uaccess.h
+--- linux-3.0.7/arch/sparc/include/asm/uaccess.h	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/sparc/include/asm/uaccess.h	2011-08-23 21:47:55.000000000 -0400
+@@ -1,5 +1,13 @@
+ #ifndef ___ASM_SPARC_UACCESS_H
+ #define ___ASM_SPARC_UACCESS_H
++
++#ifdef __KERNEL__
++#ifndef __ASSEMBLY__
++#include <linux/types.h>
++extern void check_object_size(const void *ptr, unsigned long n, bool to);
++#endif
++#endif
++
+ #if defined(__sparc__) && defined(__arch64__)
+ #include <asm/uaccess_64.h>
+ #else
 diff -urNp linux-3.0.7/arch/sparc/include/asm/uaccess_32.h linux-3.0.7/arch/sparc/include/asm/uaccess_32.h
 --- linux-3.0.7/arch/sparc/include/asm/uaccess_32.h	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/sparc/include/asm/uaccess_32.h	2011-08-23 21:47:55.000000000 -0400
@@ -3345,23 +3696,6 @@
  	if (unlikely(ret))
  		ret = copy_to_user_fixup(to, from, size);
  	return ret;
-diff -urNp linux-3.0.7/arch/sparc/include/asm/uaccess.h linux-3.0.7/arch/sparc/include/asm/uaccess.h
---- linux-3.0.7/arch/sparc/include/asm/uaccess.h	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/sparc/include/asm/uaccess.h	2011-08-23 21:47:55.000000000 -0400
-@@ -1,5 +1,13 @@
- #ifndef ___ASM_SPARC_UACCESS_H
- #define ___ASM_SPARC_UACCESS_H
-+
-+#ifdef __KERNEL__
-+#ifndef __ASSEMBLY__
-+#include <linux/types.h>
-+extern void check_object_size(const void *ptr, unsigned long n, bool to);
-+#endif
-+#endif
-+
- #if defined(__sparc__) && defined(__arch64__)
- #include <asm/uaccess_64.h>
- #else
 diff -urNp linux-3.0.7/arch/sparc/kernel/Makefile linux-3.0.7/arch/sparc/kernel/Makefile
 --- linux-3.0.7/arch/sparc/kernel/Makefile	2011-10-16 21:54:53.000000000 -0400
 +++ linux-3.0.7/arch/sparc/kernel/Makefile	2011-10-16 21:55:27.000000000 -0400
@@ -3805,6 +4139,18 @@
  		       regs->tpc, (void *) regs->tpc);
  	}
  }
+diff -urNp linux-3.0.7/arch/sparc/lib/Makefile linux-3.0.7/arch/sparc/lib/Makefile
+--- linux-3.0.7/arch/sparc/lib/Makefile	2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.7/arch/sparc/lib/Makefile	2011-08-23 21:47:55.000000000 -0400
+@@ -2,7 +2,7 @@
+ #
+ 
+ asflags-y := -ansi -DST_DIV0=0x02
+-ccflags-y := -Werror
++#ccflags-y := -Werror
+ 
+ lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o
+ lib-$(CONFIG_SPARC32) += memcpy.o memset.o
 diff -urNp linux-3.0.7/arch/sparc/lib/atomic_64.S linux-3.0.7/arch/sparc/lib/atomic_64.S
 --- linux-3.0.7/arch/sparc/lib/atomic_64.S	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.7/arch/sparc/lib/atomic_64.S	2011-08-23 21:47:55.000000000 -0400
@@ -4064,30 +4410,18 @@
  EXPORT_SYMBOL(atomic64_sub_ret);
  
  /* Atomic bit operations. */
-diff -urNp linux-3.0.7/arch/sparc/lib/Makefile linux-3.0.7/arch/sparc/lib/Makefile
---- linux-3.0.7/arch/sparc/lib/Makefile	2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.7/arch/sparc/lib/Makefile	2011-08-23 21:47:55.000000000 -0400
+diff -urNp linux-3.0.7/arch/sparc/mm/Makefile linux-3.0.7/arch/sparc/mm/Makefile
+--- linux-3.0.7/arch/sparc/mm/Makefile	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/sparc/mm/Makefile	2011-08-23 21:47:55.000000000 -0400
 @@ -2,7 +2,7 @@
  #
  
- asflags-y := -ansi -DST_DIV0=0x02
+ asflags-y := -ansi
 -ccflags-y := -Werror
 +#ccflags-y := -Werror
  
- lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o
- lib-$(CONFIG_SPARC32) += memcpy.o memset.o
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec-caps.patch?r1=1.4&r2=1.5&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.84&r2=1.85&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.985&r2=1.986&f=u

