packages (LINUX_3_1): kernel/kernel-grsec_full.patch - updated to version 2...
cieciwa
cieciwa at pld-linux.org
Mon Jan 9 13:34:01 CET 2012
Author: cieciwa Date: Mon Jan 9 12:34:01 2012 GMT
Module: packages Tag: LINUX_3_1
---- Log message:
- updated to version 201201062207 for kernel 3.1.8.
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.91.2.1 -> 1.91.2.2)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.91.2.1 packages/kernel/kernel-grsec_full.patch:1.91.2.2
--- packages/kernel/kernel-grsec_full.patch:1.91.2.1 Thu Jan 5 16:05:08 2012
+++ packages/kernel/kernel-grsec_full.patch Mon Jan 9 13:33:55 2012
@@ -186,7 +186,7 @@
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 96c48df..f811964 100644
+index 64a2e76..5b86280 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -212,7 +212,7 @@
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +565,42 @@ else
+@@ -564,6 +565,46 @@ else
KBUILD_CFLAGS += -O2
endif
@@ -239,9 +239,13 @@
+endif
+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
++ifeq ($(KBUILD_EXTMOD),)
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
++gcc-plugins: ;
++endif
++else
+gcc-plugins:
+ifeq ($(call cc-ifversion, -ge, 0405, y), y)
+ $(error Your gcc installation does not support plugins. If the necessary headers for plugin support are missing, they should be installed. On Debian, apt-get install gcc-<ver>-plugin-dev. If you choose to ignore this error and lessen the improvements provided by this patch, re-run make with the DISABLE_PAX_PLUGINS=y argument.))
@@ -255,7 +259,7 @@
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +745,7 @@ export mod_strip_cmd
+@@ -708,7 +749,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -264,7 +268,7 @@
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +969,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -932,6 +973,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -272,7 +276,7 @@
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +979,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -941,7 +983,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -281,7 +285,7 @@
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1024,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1028,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
@@ -289,7 +293,7 @@
prepare: prepare0
# Generate some files
-@@ -1087,6 +1126,7 @@ all: modules
+@@ -1087,6 +1130,7 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -297,7 +301,7 @@
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1102,7 +1142,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1102,7 +1146,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -306,7 +310,7 @@
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1238,7 @@ distclean: mrproper
+@@ -1198,7 +1242,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -315,7 +319,7 @@
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1360,6 +1400,7 @@ PHONY += $(module-dirs) modules
+@@ -1360,6 +1404,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -323,7 +327,7 @@
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1486,17 +1527,19 @@ else
+@@ -1486,17 +1531,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -347,7 +351,7 @@
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1506,11 +1549,13 @@ endif
+@@ -1506,11 +1553,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -3523,7 +3527,7 @@
#define ELF_HWCAP sparc64_elf_hwcap
diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h
-index 5b31a8e..1d92567 100644
+index a790cc6..091ed94 100644
--- a/arch/sparc/include/asm/pgtable_32.h
+++ b/arch/sparc/include/asm/pgtable_32.h
@@ -45,6 +45,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd)
@@ -4547,7 +4551,7 @@
/* Atomic bit operations. */
diff --git a/arch/sparc/mm/Makefile b/arch/sparc/mm/Makefile
-index e3cda21..a68e4cb 100644
+index 301421c..e2535d1 100644
--- a/arch/sparc/mm/Makefile
+++ b/arch/sparc/mm/Makefile
@@ -2,7 +2,7 @@
@@ -6629,7 +6633,7 @@
if (err)
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 54edb207..9335b5f 100644
+index 54edb207..f5101b9 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -13,7 +13,9 @@
@@ -6642,7 +6646,7 @@
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -95,6 +97,30 @@ ENTRY(native_irq_enable_sysexit)
+@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit)
ENDPROC(native_irq_enable_sysexit)
#endif
@@ -6659,7 +6663,9 @@
+#endif
+#ifdef CONFIG_PAX_RANDKSTACK
+ pushq %rax
++ pushq %r11
+ call pax_randomize_kstack
++ popq %r11
+ popq %rax
+#endif
+ .endm
@@ -6673,7 +6679,7 @@
/*
* 32bit SYSENTER instruction entry.
*
-@@ -121,12 +147,6 @@ ENTRY(ia32_sysenter_target)
+@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target)
CFI_REGISTER rsp,rbp
SWAPGS_UNSAFE_STACK
movq PER_CPU_VAR(kernel_stack), %rsp
@@ -6686,7 +6692,7 @@
movl %ebp,%ebp /* zero extension */
pushq_cfi $__USER32_DS
/*CFI_REL_OFFSET ss,0*/
-@@ -134,25 +154,38 @@ ENTRY(ia32_sysenter_target)
+@@ -134,25 +156,38 @@ ENTRY(ia32_sysenter_target)
CFI_REL_OFFSET rsp,0
pushfq_cfi
/*CFI_REL_OFFSET rflags,0*/
@@ -6731,7 +6737,7 @@
CFI_REMEMBER_STATE
jnz sysenter_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -162,13 +195,15 @@ sysenter_do_call:
+@@ -162,13 +197,15 @@ sysenter_do_call:
sysenter_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
@@ -6750,7 +6756,7 @@
/* clear IF, that popfq doesn't enable interrupts early */
andl $~0x200,EFLAGS-R11(%rsp)
movl RIP-R11(%rsp),%edx /* User %eip */
-@@ -194,6 +229,9 @@ sysexit_from_sys_call:
+@@ -194,6 +231,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -6760,7 +6766,7 @@
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -205,7 +243,7 @@ sysexit_from_sys_call:
+@@ -205,7 +245,7 @@ sysexit_from_sys_call:
.endm
.macro auditsys_exit exit
@@ -6769,7 +6775,7 @@
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
sti
-@@ -215,12 +253,12 @@ sysexit_from_sys_call:
+@@ -215,12 +255,12 @@ sysexit_from_sys_call:
movzbl %al,%edi /* zero-extend that into %edi */
inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
call audit_syscall_exit
@@ -6784,7 +6790,7 @@
jz \exit
CLEAR_RREGS -ARGOFFSET
jmp int_with_check
-@@ -238,7 +276,7 @@ sysexit_audit:
+@@ -238,7 +278,7 @@ sysexit_audit:
sysenter_tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -6793,7 +6799,7 @@
jz sysenter_auditsys
#endif
SAVE_REST
-@@ -246,6 +284,9 @@ sysenter_tracesys:
+@@ -246,6 +286,9 @@ sysenter_tracesys:
movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -6803,7 +6809,7 @@
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -277,19 +318,20 @@ ENDPROC(ia32_sysenter_target)
+@@ -277,19 +320,20 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
@@ -6826,7 +6832,7 @@
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -305,13 +347,19 @@ ENTRY(ia32_cstar_target)
+@@ -305,13 +349,19 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
@@ -6849,7 +6855,7 @@
CFI_REMEMBER_STATE
jnz cstar_tracesys
cmpq $IA32_NR_syscalls-1,%rax
-@@ -321,13 +369,15 @@ cstar_do_call:
+@@ -321,13 +371,15 @@ cstar_do_call:
cstar_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
@@ -6868,7 +6874,7 @@
RESTORE_ARGS 0,-ARG_SKIP,0,0,0
movl RIP-ARGOFFSET(%rsp),%ecx
CFI_REGISTER rip,rcx
-@@ -355,7 +405,7 @@ sysretl_audit:
+@@ -355,7 +407,7 @@ sysretl_audit:
cstar_tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -6877,7 +6883,7 @@
jz cstar_auditsys
#endif
xchgl %r9d,%ebp
-@@ -364,6 +414,9 @@ cstar_tracesys:
+@@ -364,6 +416,9 @@ cstar_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -6887,7 +6893,7 @@
LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
RESTORE_REST
xchgl %ebp,%r9d
-@@ -409,20 +462,21 @@ ENTRY(ia32_syscall)
+@@ -409,20 +464,21 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
@@ -6917,7 +6923,7 @@
jnz ia32_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -441,6 +495,9 @@ ia32_tracesys:
+@@ -441,6 +497,9 @@ ia32_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -6927,7 +6933,7 @@
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -455,6 +512,7 @@ ia32_badsys:
+@@ -455,6 +514,7 @@ ia32_badsys:
quiet_ni_syscall:
movq $-ENOSYS,%rax
@@ -11858,7 +11864,7 @@
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 6218439..0f1addc 100644
+index 6218439..ab2e4ab 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
@@ -11935,7 +11941,7 @@
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
-+#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || (defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32))
++#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF))
+ setup_clear_cpu_cap(X86_FEATURE_SEP);
+#endif
+
@@ -13421,7 +13427,7 @@
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 6419bb0..00440bf 100644
+index 6419bb0..bb59ca4 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -55,6 +55,8 @@
@@ -13605,9 +13611,9 @@
+ call pax_exit_kernel_user
+#endif
+#ifdef CONFIG_PAX_RANDKSTACK
-+ push %rax
++ pushq %rax
+ call pax_randomize_kstack
-+ pop %rax
++ popq %rax
+#endif
+ .endm
+
@@ -16137,7 +16143,7 @@
for (p = start; p < finish; p++) {
q = find_dependents_of(start, finish, p);
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 30eb651..0758167 100644
+index 30eb651..37fa2d7 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk)
@@ -16220,17 +16226,16 @@
#else
regs.ss = __KERNEL_DS;
#endif
-@@ -411,7 +431,8 @@ bool set_pm_idle_to_default(void)
+@@ -411,7 +431,7 @@ bool set_pm_idle_to_default(void)
return ret;
}
-void stop_this_cpu(void *dummy)
-+
+__noreturn void stop_this_cpu(void *dummy)
{
local_irq_disable();
/*
-@@ -653,16 +674,37 @@ static int __init idle_setup(char *str)
+@@ -653,16 +673,37 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -23628,7 +23633,7 @@
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index bfab3fa..05aac3a 100644
+index 7b65f75..63097f6 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end)
@@ -28195,7 +28200,7 @@
mutex_unlock(&dev->struct_mutex);
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index 8a3942c..1b73bf1 100644
+index c72b590..aa86f0a 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
@@ -1171,7 +1171,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
@@ -28208,7 +28213,7 @@
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index 7916bd9..7c17a0f 100644
+index 1a2a2d1..f280182 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -222,7 +222,7 @@ struct drm_i915_display_funcs {
@@ -28229,7 +28234,7 @@
/* protects the irq masks */
spinlock_t irq_lock;
-@@ -882,7 +882,7 @@ struct drm_i915_gem_object {
+@@ -883,7 +883,7 @@ struct drm_i915_gem_object {
* will be page flipped away on the next vblank. When it
* reaches 0, dev_priv->pending_flip_queue will be woken up.
*/
@@ -28238,7 +28243,7 @@
};
#define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
-@@ -1262,7 +1262,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
+@@ -1263,7 +1263,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
extern void intel_teardown_gmbus(struct drm_device *dev);
extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
@@ -28695,7 +28700,7 @@
/*
* Asic structures
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
-index 285acc4..f4d909f 100644
+index a098edc..d001c09 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -569,6 +569,8 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev)
@@ -35093,10 +35098,10 @@
extern struct oprofile_stat_struct oprofile_stats;
diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
-index e9ff6f7..28e259a 100644
+index 1c0b799..c11b2d2 100644
--- a/drivers/oprofile/oprofilefs.c
+++ b/drivers/oprofile/oprofilefs.c
-@@ -186,7 +186,7 @@ static const struct file_operations atomic_ro_fops = {
+@@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops = {
int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
@@ -41916,10 +41921,18 @@
fd_offset + ex.a_text);
up_write(¤t->mm->mmap_sem);
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 21ac5ee..171b1d0 100644
+index 21ac5ee..f54fdd0 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
-@@ -51,6 +51,10 @@ static int elf_core_dump(struct coredump_params *cprm);
+@@ -32,6 +32,7 @@
+ #include <linux/elf.h>
+ #include <linux/utsname.h>
+ #include <linux/coredump.h>
++#include <linux/xattr.h>
+ #include <asm/uaccess.h>
+ #include <asm/param.h>
+ #include <asm/page.h>
+@@ -51,6 +52,10 @@ static int elf_core_dump(struct coredump_params *cprm);
#define elf_core_dump NULL
#endif
@@ -41930,7 +41943,7 @@
#if ELF_EXEC_PAGESIZE > PAGE_SIZE
#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
#else
-@@ -70,6 +74,11 @@ static struct linux_binfmt elf_format = {
+@@ -70,6 +75,11 @@ static struct linux_binfmt elf_format = {
.load_binary = load_elf_binary,
.load_shlib = load_elf_library,
.core_dump = elf_core_dump,
@@ -41942,7 +41955,7 @@
.min_coredump = ELF_EXEC_PAGESIZE,
};
-@@ -77,6 +86,8 @@ static struct linux_binfmt elf_format = {
+@@ -77,6 +87,8 @@ static struct linux_binfmt elf_format = {
static int set_brk(unsigned long start, unsigned long end)
{
@@ -41951,7 +41964,7 @@
start = ELF_PAGEALIGN(start);
end = ELF_PAGEALIGN(end);
if (end > start) {
-@@ -87,7 +98,7 @@ static int set_brk(unsigned long start, unsigned long end)
+@@ -87,7 +99,7 @@ static int set_brk(unsigned long start, unsigned long end)
if (BAD_ADDR(addr))
return addr;
}
@@ -41960,7 +41973,7 @@
return 0;
}
-@@ -148,12 +159,15 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -148,12 +160,15 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
elf_addr_t __user *u_rand_bytes;
const char *k_platform = ELF_PLATFORM;
const char *k_base_platform = ELF_BASE_PLATFORM;
@@ -41977,7 +41990,7 @@
/*
* In some cases (e.g. Hyper-Threading), we want to avoid L1
-@@ -195,8 +209,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -195,8 +210,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
* Generate 16 random bytes for userspace PRNG seeding.
*/
get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
@@ -41992,7 +42005,7 @@
if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
return -EFAULT;
-@@ -308,9 +326,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -308,9 +327,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
return -EFAULT;
current->mm->env_end = p;
@@ -42005,7 +42018,7 @@
return -EFAULT;
return 0;
}
-@@ -381,10 +401,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -381,10 +402,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
@@ -42018,7 +42031,7 @@
unsigned long total_size;
int retval, i, size;
-@@ -430,6 +450,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -430,6 +451,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
goto out_close;
}
@@ -42030,7 +42043,7 @@
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
-@@ -473,8 +498,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -473,8 +499,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
k = load_addr + eppnt->p_vaddr;
if (BAD_ADDR(k) ||
eppnt->p_filesz > eppnt->p_memsz ||
@@ -42041,15 +42054,16 @@
error = -ENOMEM;
goto out_close;
}
-@@ -528,6 +553,193 @@ out:
+@@ -528,6 +554,348 @@ out:
return error;
}
-+#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
-+static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
++static unsigned long pax_parse_pt_pax_softmode(const struct elf_phdr * const elf_phdata)
+{
+ unsigned long pax_flags = 0UL;
+
++#ifdef CONFIG_PAX_PT_PAX_FLAGS
++
+#ifdef CONFIG_PAX_PAGEEXEC
+ if (elf_phdata->p_flags & PF_PAGEEXEC)
+ pax_flags |= MF_PAX_PAGEEXEC;
@@ -42084,15 +42098,17 @@
+ pax_flags |= MF_PAX_RANDMMAP;
+#endif
+
++#endif
++
+ return pax_flags;
+}
-+#endif
+
-+#ifdef CONFIG_PAX_PT_PAX_FLAGS
-+static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
++static unsigned long pax_parse_pt_pax_hardmode(const struct elf_phdr * const elf_phdata)
+{
+ unsigned long pax_flags = 0UL;
+
++#ifdef CONFIG_PAX_PT_PAX_FLAGS
++
+#ifdef CONFIG_PAX_PAGEEXEC
+ if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
+ pax_flags |= MF_PAX_PAGEEXEC;
@@ -42127,15 +42143,17 @@
+ pax_flags |= MF_PAX_RANDMMAP;
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.91.2.1&r2=1.91.2.2&f=u
More information about the pld-cvs-commit
mailing list