packages (LINUX_2_6_32): kernel/kernel-grsec_full.patch - prepared for 2.6....
cieciwa
cieciwa at pld-linux.org
Thu Jan 19 11:24:20 CET 2012
Author: cieciwa Date: Thu Jan 19 10:24:20 2012 GMT
Module: packages Tag: LINUX_2_6_32
---- Log message:
- prepared for 2.6.32.54
NFY
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.29.2.5 -> 1.29.2.6)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.29.2.5 packages/kernel/kernel-grsec_full.patch:1.29.2.6
--- packages/kernel/kernel-grsec_full.patch:1.29.2.5 Thu Oct 7 10:37:31 2010
+++ packages/kernel/kernel-grsec_full.patch Thu Jan 19 11:23:54 2012
@@ -1,7 +1,411 @@
-diff -urNp linux-2.6.32.24/arch/alpha/include/asm/elf.h linux-2.6.32.24/arch/alpha/include/asm/elf.h
---- linux-2.6.32.24/arch/alpha/include/asm/elf.h 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/alpha/include/asm/elf.h 2010-09-04 15:54:51.000000000 -0400
-@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+diff --git a/Documentation/dontdiff b/Documentation/dontdiff
+index e1efc40..47f0daf 100644
+--- a/Documentation/dontdiff
++++ b/Documentation/dontdiff
+@@ -1,15 +1,19 @@
+ *.a
+ *.aux
+ *.bin
++*.cis
+ *.cpio
+ *.csp
++*.dbg
+ *.dsp
+ *.dvi
+ *.elf
+ *.eps
+ *.fw
++*.gcno
+ *.gen.S
+ *.gif
++*.gmo
+ *.grep
+ *.grp
+ *.gz
+@@ -38,8 +42,10 @@
+ *.tab.h
+ *.tex
+ *.ver
++*.vim
+ *.xml
+ *_MODULES
++*_reg_safe.h
+ *_vga16.c
+ *~
+ *.9
+@@ -49,11 +55,16 @@
+ 53c700_d.h
+ CVS
+ ChangeSet
++GPATH
++GRTAGS
++GSYMS
++GTAGS
+ Image
+ Kerntypes
+ Module.markers
+ Module.symvers
+ PENDING
++PERF*
+ SCCS
+ System.map*
+ TAGS
+@@ -76,7 +87,11 @@ btfixupprep
+ build
+ bvmlinux
+ bzImage*
++capability_names.h
++capflags.c
+ classlist.h*
++clut_vga16.c
++common-cmds.h
+ comp*.log
+ compile.h*
+ conf
+@@ -84,6 +99,8 @@ config
+ config-*
+ config_data.h*
+ config_data.gz*
++config.c
++config.tmp
+ conmakehash
+ consolemap_deftbl.c*
+ cpustr.h
+@@ -97,19 +114,23 @@ elfconfig.h*
+ fixdep
+ fore200e_mkfirm
+ fore200e_pca_fw.c*
++gate.lds
+ gconf
+ gen-devlist
+ gen_crc32table
+ gen_init_cpio
+ genksyms
+ *_gray256.c
++hash
++hid-example
+ ihex2fw
+ ikconfig.h*
+ initramfs_data.cpio
++initramfs_data.cpio.bz2
+ initramfs_data.cpio.gz
+ initramfs_list
+ kallsyms
+-kconfig
++kern_constants.h
+ keywords.c
+ ksym.c*
+ ksym.h*
+@@ -127,13 +148,16 @@ machtypes.h
+ map
+ maui_boot.h
+ mconf
++mdp
+ miboot*
+ mk_elfconfig
+ mkboot
+ mkbugboot
+ mkcpustr
+ mkdep
++mkpiggy
+ mkprep
++mkregtable
+ mktables
+ mktree
+ modpost
+@@ -149,6 +173,7 @@ patches*
+ pca200e.bin
+ pca200e_ecd.bin2
+ piggy.gz
++piggy.S
+ piggyback
+ pnmtologo
+ ppc_defs.h*
+@@ -157,12 +182,15 @@ qconf
+ raid6altivec*.c
+ raid6int*.c
+ raid6tables.c
++regdb.c
+ relocs
++rlim_names.h
+ series
+ setup
+ setup.bin
+ setup.elf
+ sImage
++slabinfo
+ sm_tbl*
+ split-include
+ syscalltab.h
+@@ -171,6 +199,7 @@ tftpboot.img
+ timeconst.h
+ times.h*
+ trix_boot.h
++user_constants.h
+ utsrelease.h*
+ vdso-syms.lds
+ vdso.lds
+@@ -186,14 +215,20 @@ version.h*
+ vmlinux
+ vmlinux-*
+ vmlinux.aout
++vmlinux.bin.all
++vmlinux.bin.bz2
+ vmlinux.lds
++vmlinux.relocs
++voffset.h
+ vsyscall.lds
+ vsyscall_32.lds
+ wanxlfw.inc
+ uImage
+ unifdef
++utsrelease.h
+ wakeup.bin
+ wakeup.elf
+ wakeup.lds
+ zImage*
+ zconf.hash.c
++zoffset.h
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index c840e7d..f4c451c 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -1837,6 +1837,13 @@ and is between 256 and 4096 characters. It is defined in the file
+ the specified number of seconds. This is to be used if
+ your oopses keep scrolling off the screen.
+
++ pax_nouderef [X86] disables UDEREF. Most likely needed under certain
++ virtualization environments that don't cope well with the
++ expand down segment used by UDEREF on X86-32 or the frequent
++ page table updates on X86-64.
++
++ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
++
+ pcbit= [HW,ISDN]
+
+ pcd. [PARIDE]
+diff --git a/Makefile b/Makefile
+index e480d8c..c7b2c86 100644
+--- a/Makefile
++++ b/Makefile
+@@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
+
+ HOSTCC = gcc
+ HOSTCXX = g++
+-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
+-HOSTCXXFLAGS = -O2
++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
++HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
++HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks
+
+ # Decide whether to build built-in, modular, or both.
+ # Normally, just do built-in.
+@@ -376,8 +377,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc
+ # Rules shared between *config targets and build targets
+
+ # Basic helpers built in scripts/
+-PHONY += scripts_basic
+-scripts_basic:
++PHONY += scripts_basic gcc-plugins
++scripts_basic: gcc-plugins
+ $(Q)$(MAKE) $(build)=scripts/basic
+
+ # To avoid any implicit rule to kick in, define an empty command.
+@@ -403,7 +404,7 @@ endif
+ # of make so .config is not included in this case either (for *config).
+
+ no-dot-config-targets := clean mrproper distclean \
+- cscope TAGS tags help %docs check% \
++ cscope gtags TAGS tags help %docs check% \
+ include/linux/version.h headers_% \
+ kernelrelease kernelversion
+
+@@ -526,6 +527,46 @@ else
+ KBUILD_CFLAGS += -O2
+ endif
+
++ifndef DISABLE_PAX_PLUGINS
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
++ifndef DISABLE_PAX_CONSTIFY_PLUGIN
++CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++endif
++ifdef CONFIG_PAX_MEMORY_STACKLEAK
++STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN
++STACKLEAK_PLUGIN += -fplugin-arg-stackleak_plugin-track-lowest-sp=100
++endif
++ifdef CONFIG_KALLOCSTAT_PLUGIN
++KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
++endif
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++KERNEXEC_PLUGIN += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD)
++endif
++ifdef CONFIG_CHECKER_PLUGIN
++ifeq ($(call cc-ifversion, -ge, 0406, y), y)
++CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
++endif
++endif
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
++ifeq ($(KBUILD_EXTMOD),)
++gcc-plugins:
++ $(Q)$(MAKE) $(build)=tools/gcc
++else
++gcc-plugins: ;
++endif
++else
++gcc-plugins:
++ifeq ($(call cc-ifversion, -ge, 0405, y), y)
++ $(error Your gcc installation does not support plugins. If the necessary headers for plugin support are missing, they should be installed. On Debian, apt-get install gcc-<ver>-plugin-dev. If you choose to ignore this error and lessen the improvements provided by this patch, re-run make with the DISABLE_PAX_PLUGINS=y argument.))
++else
++ $(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least"
++endif
++ $(Q)echo "PAX_MEMORY_STACKLEAK and constification will be less secure"
++endif
++endif
++
+ include $(srctree)/arch/$(SRCARCH)/Makefile
+
+ ifneq ($(CONFIG_FRAME_WARN),0)
+@@ -647,7 +688,7 @@ export mod_strip_cmd
+
+
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+
+ vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+@@ -868,6 +909,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+
+ # The actual objects are generated when descending,
+ # make sure no implicit rule kicks in
++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS)
+ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+
+ # Handle descending into subdirectories listed in $(vmlinux-dirs)
+@@ -877,7 +919,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+ # Error messages still appears in the original language
+
+ PHONY += $(vmlinux-dirs)
+-$(vmlinux-dirs): prepare scripts
++$(vmlinux-dirs): gcc-plugins prepare scripts
+ $(Q)$(MAKE) $(build)=$@
+
+ # Build the kernel release string
+@@ -986,6 +1028,7 @@ prepare0: archprepare FORCE
+ $(Q)$(MAKE) $(build)=. missing-syscalls
+
+ # All the preparing..
++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS))
+ prepare: prepare0
+
+ # The asm symlink changes when $(ARCH) changes.
+@@ -1127,6 +1170,7 @@ all: modules
+ # using awk while concatenating to the final file.
+
+ PHONY += modules
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
+ $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
+ @$(kecho) ' Building modules, stage 2.';
+@@ -1136,7 +1180,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
+
+ # Target to prepare building external modules
+ PHONY += modules_prepare
+-modules_prepare: prepare scripts
++modules_prepare: gcc-plugins prepare scripts
+
+ # Target to install modules
+ PHONY += modules_install
+@@ -1201,7 +1245,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \
+ include/linux/autoconf.h include/linux/version.h \
+ include/linux/utsrelease.h \
+ include/linux/bounds.h include/asm*/asm-offsets.h \
+- Module.symvers Module.markers tags TAGS cscope*
++ Module.symvers Module.markers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
+
+ # clean - Delete most, but leave enough to build external modules
+ #
+@@ -1245,7 +1289,7 @@ distclean: mrproper
+ @find $(srctree) $(RCS_FIND_IGNORE) \
+ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
+ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
+- -o -name '.*.rej' -o -size 0 \
++ -o -name '.*.rej' -o -name '*.so' -o -size 0 \
+ -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
+ -type f -print | xargs rm -f
+
+@@ -1292,6 +1336,7 @@ help:
+ @echo ' modules_prepare - Set up for building external modules'
+ @echo ' tags/TAGS - Generate tags file for editors'
+ @echo ' cscope - Generate cscope index'
++ @echo ' gtags - Generate GNU GLOBAL index'
+ @echo ' kernelrelease - Output the release version string'
+ @echo ' kernelversion - Output the version stored in Makefile'
+ @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
+@@ -1393,6 +1438,7 @@ PHONY += $(module-dirs) modules
+ $(module-dirs): crmodverdir $(objtree)/Module.symvers
+ $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
+
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(module-dirs)
+ @$(kecho) ' Building modules, stage 2.';
+ $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
+@@ -1448,7 +1494,7 @@ endif # KBUILD_EXTMOD
+ quiet_cmd_tags = GEN $@
+ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
+
+-tags TAGS cscope: FORCE
++tags TAGS cscope gtags: FORCE
+ $(call cmd,tags)
+
+ # Scripts to check various things for consistency
+@@ -1513,17 +1559,19 @@ else
+ target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
+ endif
+
+-%.s: %.c prepare scripts FORCE
++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.s: %.c gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.i: %.c prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.o: %.c prepare scripts FORCE
++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.o: %.c gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.lst: %.c prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.s: %.S prepare scripts FORCE
++%.s: %.S gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.o: %.S prepare scripts FORCE
++%.o: %.S gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.symtypes: %.c prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+@@ -1533,11 +1581,13 @@ endif
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%/: prepare scripts FORCE
++%/: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%/: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%.ko: prepare scripts FORCE
++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.ko: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir) $(@:.ko=.o)
+diff --git a/arch/alpha/include/asm/elf.h b/arch/alpha/include/asm/elf.h
+index 5c75c1b..c82f878 100644
+--- a/arch/alpha/include/asm/elf.h
++++ b/arch/alpha/include/asm/elf.h
+@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
#define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
@@ -15,9 +419,10 @@
/* $0 is set by ld.so to a pointer to a function which might be
registered using atexit. This provides a mean for the dynamic
linker to call DT_FINI functions for shared libraries that have
-diff -urNp linux-2.6.32.24/arch/alpha/include/asm/pgtable.h linux-2.6.32.24/arch/alpha/include/asm/pgtable.h
---- linux-2.6.32.24/arch/alpha/include/asm/pgtable.h 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/alpha/include/asm/pgtable.h 2010-09-04 15:54:51.000000000 -0400
+diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h
+index 3f0c59f..cf1e100 100644
+--- a/arch/alpha/include/asm/pgtable.h
++++ b/arch/alpha/include/asm/pgtable.h
@@ -101,6 +101,17 @@ struct vm_area_struct;
#define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
#define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
@@ -36,10 +441,11 @@
#define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
#define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
-diff -urNp linux-2.6.32.24/arch/alpha/kernel/module.c linux-2.6.32.24/arch/alpha/kernel/module.c
---- linux-2.6.32.24/arch/alpha/kernel/module.c 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/alpha/kernel/module.c 2010-09-04 15:54:51.000000000 -0400
-@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
+diff --git a/arch/alpha/kernel/module.c b/arch/alpha/kernel/module.c
+index ebc3c89..20cfa63 100644
+--- a/arch/alpha/kernel/module.c
++++ b/arch/alpha/kernel/module.c
+@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, const char *strtab,
/* The small sections were sorted to the end of the segment.
The following should definitely cover them. */
@@ -48,10 +454,11 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.32.24/arch/alpha/kernel/osf_sys.c linux-2.6.32.24/arch/alpha/kernel/osf_sys.c
---- linux-2.6.32.24/arch/alpha/kernel/osf_sys.c 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/alpha/kernel/osf_sys.c 2010-09-17 18:34:04.000000000 -0400
-@@ -1169,7 +1169,7 @@ arch_get_unmapped_area_1(unsigned long a
+diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
+index a94e49c..d71dd44 100644
+--- a/arch/alpha/kernel/osf_sys.c
++++ b/arch/alpha/kernel/osf_sys.c
+@@ -1172,7 +1172,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len,
/* At this point: (!vma || addr < vma->vm_end). */
if (limit - len < addr)
return -ENOMEM;
@@ -60,7 +467,7 @@
return addr;
addr = vma->vm_end;
vma = vma->vm_next;
-@@ -1205,6 +1205,10 @@ arch_get_unmapped_area(struct file *filp
+@@ -1208,6 +1208,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
@@ -71,7 +478,7 @@
if (addr) {
addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
if (addr != (unsigned long) -ENOMEM)
-@@ -1212,8 +1216,8 @@ arch_get_unmapped_area(struct file *filp
+@@ -1215,8 +1219,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
}
/* Next, try allocating at TASK_UNMAPPED_BASE. */
@@ -82,10 +489,11 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.32.24/arch/alpha/mm/fault.c linux-2.6.32.24/arch/alpha/mm/fault.c
---- linux-2.6.32.24/arch/alpha/mm/fault.c 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/alpha/mm/fault.c 2010-09-04 15:54:51.000000000 -0400
-@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
+diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c
+index 00a31de..2ded0f2 100644
+--- a/arch/alpha/mm/fault.c
++++ b/arch/alpha/mm/fault.c
+@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *next_mm)
__reload_thread(pcb);
}
@@ -192,7 +600,7 @@
+ return 1;
+}
+
-+void pax_report_insns(void *pc, void *sp)
++void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
+{
+ unsigned long i;
+
@@ -210,7 +618,7 @@
/*
* This routine handles page faults. It determines the address,
-@@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns
+@@ -131,8 +249,29 @@ do_page_fault(unsigned long address, unsigned long mmcsr,
good_area:
si_code = SEGV_ACCERR;
if (cause < 0) {
@@ -241,10 +649,11 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.32.24/arch/arm/include/asm/elf.h linux-2.6.32.24/arch/arm/include/asm/elf.h
---- linux-2.6.32.24/arch/arm/include/asm/elf.h 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/arm/include/asm/elf.h 2010-09-04 15:54:51.000000000 -0400
-@@ -109,7 +109,14 @@ int dump_task_regs(struct task_struct *t
+diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h
+index 6aac3f5..265536b 100644
+--- a/arch/arm/include/asm/elf.h
++++ b/arch/arm/include/asm/elf.h
+@@ -109,7 +109,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs);
the loader. We need to make sure that it is out of the way of the program
that it will "exec", and that there is sufficient room for the brk. */
@@ -260,9 +669,10 @@
/* When the program starts, a1 contains a pointer to a function to be
registered with atexit, as per the SVR4 ABI. A value of 0 means we
-diff -urNp linux-2.6.32.24/arch/arm/include/asm/kmap_types.h linux-2.6.32.24/arch/arm/include/asm/kmap_types.h
---- linux-2.6.32.24/arch/arm/include/asm/kmap_types.h 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/arm/include/asm/kmap_types.h 2010-09-04 15:54:51.000000000 -0400
+diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h
+index c019949..388fdd1 100644
+--- a/arch/arm/include/asm/kmap_types.h
++++ b/arch/arm/include/asm/kmap_types.h
@@ -19,6 +19,7 @@ enum km_type {
KM_SOFTIRQ0,
KM_SOFTIRQ1,
@@ -271,10 +681,46 @@
KM_TYPE_NR
};
-diff -urNp linux-2.6.32.24/arch/arm/include/asm/uaccess.h linux-2.6.32.24/arch/arm/include/asm/uaccess.h
---- linux-2.6.32.24/arch/arm/include/asm/uaccess.h 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/arch/arm/include/asm/uaccess.h 2010-09-04 15:54:51.000000000 -0400
-@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
+diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
+index 1d6bd40..fba0cb9 100644
+--- a/arch/arm/include/asm/uaccess.h
++++ b/arch/arm/include/asm/uaccess.h
+@@ -22,6 +22,8 @@
+ #define VERIFY_READ 0
+ #define VERIFY_WRITE 1
+
++extern void check_object_size(const void *ptr, unsigned long n, bool to);
++
+ /*
+ * The exception table consists of pairs of addresses: the first is the
+ * address of an instruction that is allowed to fault, and the second is
+@@ -387,8 +389,23 @@ do { \
+
+
+ #ifdef CONFIG_MMU
+-extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
+-extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
++extern unsigned long __must_check ___copy_from_user(void *to, const void __user *from, unsigned long n);
++extern unsigned long __must_check ___copy_to_user(void __user *to, const void *from, unsigned long n);
++
++static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
++{
++ if (!__builtin_constant_p(n))
++ check_object_size(to, n, false);
++ return ___copy_from_user(to, from, n);
++}
++
++static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
++{
++ if (!__builtin_constant_p(n))
++ check_object_size(from, n, true);
++ return ___copy_to_user(to, from, n);
++}
++
+ extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
+ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
+ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
+@@ -403,6 +420,9 @@ extern unsigned long __must_check __strnlen_user(const char __user *s, long n);
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.29.2.5&r2=1.29.2.6&f=u
More information about the pld-cvs-commit
mailing list