SOURCES (hawk-LINUX_2_6): linux-2.6-grsec-full.patch - from http:/...

hawk hawk at pld-linux.org
Thu Aug 9 14:00:11 CEST 2007


Author: hawk                         Date: Thu Aug  9 12:00:11 2007 GMT
Module: SOURCES                       Tag: hawk-LINUX_2_6
---- Log message:
- from http://www.grsecurity.net/~spender/grsecurity-2.1.11-2.6.22.1-200708072019.patch
  with localversion killed

---- Files affected:
SOURCES:
   linux-2.6-grsec-full.patch (1.1.2.3 -> 1.1.2.4) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec-full.patch
diff -u SOURCES/linux-2.6-grsec-full.patch:1.1.2.3 SOURCES/linux-2.6-grsec-full.patch:1.1.2.4
--- SOURCES/linux-2.6-grsec-full.patch:1.1.2.3	Sat Jun 23 19:18:40 2007
+++ SOURCES/linux-2.6-grsec-full.patch	Thu Aug  9 14:00:05 2007
@@ -1,6 +1,6 @@
-diff -urNp linux-2.6.21.5/arch/alpha/kernel/module.c linux-2.6.21.5/arch/alpha/kernel/module.c
---- linux-2.6.21.5/arch/alpha/kernel/module.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/alpha/kernel/module.c	2007-05-24 22:04:52.000000000 -0400
+diff -urNp linux-2.6.22.1/arch/alpha/kernel/module.c linux-2.6.22.1/arch/alpha/kernel/module.c
+--- linux-2.6.22.1/arch/alpha/kernel/module.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/alpha/kernel/module.c	2007-08-02 11:38:45.000000000 -0400
 @@ -177,7 +177,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, 
  
  	/* The small sections were sorted to the end of the segment.
@@ -10,10 +10,10 @@
  	got = sechdrs[me->arch.gotsecindex].sh_addr;
  
  	for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.21.5/arch/alpha/kernel/osf_sys.c linux-2.6.21.5/arch/alpha/kernel/osf_sys.c
---- linux-2.6.21.5/arch/alpha/kernel/osf_sys.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/alpha/kernel/osf_sys.c	2007-05-24 22:04:52.000000000 -0400
-@@ -1277,6 +1277,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.22.1/arch/alpha/kernel/osf_sys.c linux-2.6.22.1/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.22.1/arch/alpha/kernel/osf_sys.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/alpha/kernel/osf_sys.c	2007-08-02 11:38:45.000000000 -0400
+@@ -1288,6 +1288,10 @@ arch_get_unmapped_area(struct file *filp
  	   merely specific addresses, but regions of memory -- perhaps
  	   this feature should be incorporated into all ports?  */
  
@@ -24,7 +24,7 @@
  	if (addr) {
  		addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
  		if (addr != (unsigned long) -ENOMEM)
-@@ -1284,8 +1288,8 @@ arch_get_unmapped_area(struct file *filp
+@@ -1295,8 +1299,8 @@ arch_get_unmapped_area(struct file *filp
  	}
  
  	/* Next, try allocating at TASK_UNMAPPED_BASE.  */
@@ -35,9 +35,9 @@
  	if (addr != (unsigned long) -ENOMEM)
  		return addr;
  
-diff -urNp linux-2.6.21.5/arch/alpha/kernel/ptrace.c linux-2.6.21.5/arch/alpha/kernel/ptrace.c
---- linux-2.6.21.5/arch/alpha/kernel/ptrace.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/alpha/kernel/ptrace.c	2007-05-24 22:04:52.000000000 -0400
+diff -urNp linux-2.6.22.1/arch/alpha/kernel/ptrace.c linux-2.6.22.1/arch/alpha/kernel/ptrace.c
+--- linux-2.6.22.1/arch/alpha/kernel/ptrace.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/alpha/kernel/ptrace.c	2007-08-02 11:09:14.000000000 -0400
 @@ -15,6 +15,7 @@
  #include <linux/slab.h>
  #include <linux/security.h>
@@ -56,18 +56,18 @@
  	if (request == PTRACE_ATTACH) {
  		ret = ptrace_attach(child);
  		goto out;
-diff -urNp linux-2.6.21.5/arch/alpha/mm/fault.c linux-2.6.21.5/arch/alpha/mm/fault.c
---- linux-2.6.21.5/arch/alpha/mm/fault.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/alpha/mm/fault.c	2007-05-24 22:04:52.000000000 -0400
-@@ -24,6 +24,7 @@
- #include <linux/smp_lock.h>
+diff -urNp linux-2.6.22.1/arch/alpha/mm/fault.c linux-2.6.22.1/arch/alpha/mm/fault.c
+--- linux-2.6.22.1/arch/alpha/mm/fault.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/alpha/mm/fault.c	2007-08-02 11:38:45.000000000 -0400
+@@ -23,6 +23,7 @@
+ #include <linux/smp.h>
  #include <linux/interrupt.h>
  #include <linux/module.h>
 +#include <linux/binfmts.h>
  
  #include <asm/system.h>
  #include <asm/uaccess.h>
-@@ -55,6 +56,124 @@ __load_new_mm_context(struct mm_struct *
+@@ -54,6 +55,124 @@ __load_new_mm_context(struct mm_struct *
  	__reload_thread(pcb);
  }
  
@@ -104,7 +104,7 @@
 +			unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
 +
 +			addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
-+			err = get_user(r27, (unsigned long*)addr);
++			err = get_user(r27, (unsigned long *)addr);
 +			if (err)
 +				break;
 +
@@ -181,7 +181,7 @@
 +	printk(KERN_ERR "PAX: bytes at PC: ");
 +	for (i = 0; i < 5; i++) {
 +		unsigned int c;
-+		if (get_user(c, (unsigned int*)pc+i))
++		if (get_user(c, (unsigned int *)pc+i))
 +			printk("???????? ");
 +		else
 +			printk("%08x ", c);
@@ -192,7 +192,7 @@
  
  /*
   * This routine handles page faults.  It determines the address,
-@@ -132,8 +251,29 @@ do_page_fault(unsigned long address, uns
+@@ -131,8 +250,29 @@ do_page_fault(unsigned long address, uns
   good_area:
  	si_code = SEGV_ACCERR;
  	if (cause < 0) {
@@ -204,7 +204,7 @@
 +				goto bad_area;
 +
 +			up_read(&mm->mmap_sem);
-+			switch(pax_handle_fetch_fault(regs)) {
++			switch (pax_handle_fetch_fault(regs)) {
 +
 +#ifdef CONFIG_PAX_EMUPLT
 +			case 2:
@@ -213,7 +213,7 @@
 +#endif
 +
 +			}
-+			pax_report_fault(regs, (void*)regs->pc, (void*)rdusp());
++			pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
 +			do_exit(SIGKILL);
 +#else
  			goto bad_area;
@@ -223,10 +223,10 @@
  	} else if (!cause) {
  		/* Allow reads even for write-only mappings */
  		if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.21.5/arch/arm/mm/mmap.c linux-2.6.21.5/arch/arm/mm/mmap.c
---- linux-2.6.21.5/arch/arm/mm/mmap.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/arm/mm/mmap.c	2007-05-24 22:04:52.000000000 -0400
-@@ -61,6 +61,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.22.1/arch/arm/mm/mmap.c linux-2.6.22.1/arch/arm/mm/mmap.c
+--- linux-2.6.22.1/arch/arm/mm/mmap.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/arm/mm/mmap.c	2007-08-02 11:38:45.000000000 -0400
+@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
  	if (len > TASK_SIZE)
  		return -ENOMEM;
  
@@ -237,16 +237,21 @@
  	if (addr) {
  		if (do_align)
  			addr = COLOUR_ALIGN(addr, pgoff);
-@@ -75,7 +79,7 @@ arch_get_unmapped_area(struct file *filp
+@@ -72,10 +76,10 @@ arch_get_unmapped_area(struct file *filp
+ 			return addr;
+ 	}
  	if (len > mm->cached_hole_size) {
- 	        start_addr = addr = mm->free_area_cache;
+-	        start_addr = addr = mm->free_area_cache;
++		start_addr = addr = mm->free_area_cache;
  	} else {
 -	        start_addr = addr = TASK_UNMAPPED_BASE;
-+	        start_addr = addr = mm->mmap_base;
- 	        mm->cached_hole_size = 0;
+-	        mm->cached_hole_size = 0;
++		start_addr = addr = mm->mmap_base;
++		mm->cached_hole_size = 0;
  	}
  
-@@ -92,8 +96,8 @@ full_search:
+ full_search:
+@@ -91,8 +95,8 @@ full_search:
  			 * Start a new search - just in case we missed
  			 * some holes.
  			 */
@@ -257,12 +262,12 @@
  				mm->cached_hole_size = 0;
  				goto full_search;
  			}
-diff -urNp linux-2.6.21.5/arch/avr32/mm/fault.c linux-2.6.21.5/arch/avr32/mm/fault.c
---- linux-2.6.21.5/arch/avr32/mm/fault.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/avr32/mm/fault.c	2007-05-24 22:04:52.000000000 -0400
-@@ -68,6 +68,23 @@ static inline int notify_page_fault(enum
- }
- #endif
+diff -urNp linux-2.6.22.1/arch/avr32/mm/fault.c linux-2.6.22.1/arch/avr32/mm/fault.c
+--- linux-2.6.22.1/arch/avr32/mm/fault.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/avr32/mm/fault.c	2007-08-02 11:38:45.000000000 -0400
+@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
+ 
+ int exception_trace = 1;
  
 +#ifdef CONFIG_PAX_PAGEEXEC
 +void pax_report_insns(void *pc, void *sp)
@@ -272,7 +277,7 @@
 +	printk(KERN_ERR "PAX: bytes at PC: ");
 +	for (i = 0; i < 20; i++) {
 +		unsigned char c;
-+		if (get_user(c, (unsigned char*)pc+i))
++		if (get_user(c, (unsigned char *)pc+i))
 +			printk("???????? ");
 +		else
 +			printk("%02x ", c);
@@ -284,7 +289,7 @@
  /*
   * This routine handles page faults. It determines the address and the
   * problem, and then passes it off to one of the appropriate routines.
-@@ -182,6 +199,16 @@ bad_area:
+@@ -158,6 +175,16 @@ bad_area:
  	up_read(&mm->mmap_sem);
  
  	if (user_mode(regs)) {
@@ -292,19 +297,19 @@
 +#ifdef CONFIG_PAX_PAGEEXEC
 +		if (mm->pax_flags & MF_PAX_PAGEEXEC) {
 +			if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
-+				pax_report_fault(regs, (void*)regs->pc, (void*)regs->sp);
++				pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
 +				do_exit(SIGKILL);
 +			}
 +		}
 +#endif
 +
- 		/* Hmm...we have to pass address and ecr somehow... */
- 		/* tsk->thread.address = address;
- 		   tsk->thread.error_code = ecr; */
-diff -urNp linux-2.6.21.5/arch/i386/boot/setup.S linux-2.6.21.5/arch/i386/boot/setup.S
---- linux-2.6.21.5/arch/i386/boot/setup.S	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/boot/setup.S	2007-05-24 22:04:52.000000000 -0400
-@@ -869,11 +869,13 @@ startup_32:
+ 		if (exception_trace && printk_ratelimit())
+ 			printk("%s%s[%d]: segfault at %08lx pc %08lx "
+ 			       "sp %08lx ecr %lu\n",
+diff -urNp linux-2.6.22.1/arch/i386/boot/setup.S linux-2.6.22.1/arch/i386/boot/setup.S
+--- linux-2.6.22.1/arch/i386/boot/setup.S	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/boot/setup.S	2007-08-02 11:38:45.000000000 -0400
+@@ -893,11 +893,13 @@ startup_32:
  	movl %eax, %gs
  	movl %eax, %ss
  
@@ -318,19 +323,28 @@
  
  	# Jump to the 32bit entry point
  	jmpl *(code32_start - start + (DELTA_INITSEG << 4))(%esi)
-diff -urNp linux-2.6.21.5/arch/i386/Kconfig linux-2.6.21.5/arch/i386/Kconfig
---- linux-2.6.21.5/arch/i386/Kconfig	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/Kconfig	2007-06-01 22:13:13.000000000 -0400
-@@ -578,7 +578,7 @@ endchoice
- config PAGE_OFFSET
+diff -urNp linux-2.6.22.1/arch/i386/Kconfig linux-2.6.22.1/arch/i386/Kconfig
+--- linux-2.6.22.1/arch/i386/Kconfig	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/Kconfig	2007-08-03 12:36:16.000000000 -0400
+@@ -586,7 +586,7 @@ config PAGE_OFFSET
  	hex
  	default 0xB0000000 if VMSPLIT_3G_OPT
--	default 0x78000000 if VMSPLIT_2G
-+	default 0x70000000 if VMSPLIT_2G
+ 	default 0x80000000 if VMSPLIT_2G
+-	default 0x78000000 if VMSPLIT_2G_OPT
++	default 0x70000000 if VMSPLIT_2G_OPT
  	default 0x40000000 if VMSPLIT_1G
  	default 0xC0000000
  
-@@ -892,7 +892,7 @@ config HOTPLUG_CPU
+@@ -815,7 +815,7 @@ config CRASH_DUMP
+ 
+ config PHYSICAL_START
+ 	hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
+-	default "0x100000"
++	default "0x200000"
+ 	help
+ 	  This gives the physical address where the kernel is loaded.
+ 
+@@ -900,7 +900,7 @@ config HOTPLUG_CPU
  
  config COMPAT_VDSO
  	bool "Compat VDSO support"
@@ -339,28 +353,10 @@
  	help
  	  Map the VDSO to the predictable old-style address too.
  	---help---
-@@ -1087,7 +1087,7 @@ config PCI
- choice
- 	prompt "PCI access mode"
- 	depends on PCI && !X86_VISWS
--	default PCI_GOANY
-+	default PCI_GODIRECT
- 	---help---
- 	  On PCI systems, the BIOS can be used to detect the PCI devices and
- 	  determine their configuration. However, some old PCI motherboards
-@@ -1119,7 +1119,7 @@ endchoice
- 
- config PCI_BIOS
- 	bool
--	depends on !X86_VISWS && PCI && (PCI_GOBIOS || PCI_GOANY)
-+	depends on !X86_VISWS && PCI && PCI_GOBIOS
- 	default y
- 
- config PCI_DIRECT
-diff -urNp linux-2.6.21.5/arch/i386/Kconfig.cpu linux-2.6.21.5/arch/i386/Kconfig.cpu
---- linux-2.6.21.5/arch/i386/Kconfig.cpu	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/Kconfig.cpu	2007-05-24 22:04:52.000000000 -0400
-@@ -262,7 +262,7 @@ config X86_PPRO_FENCE
+diff -urNp linux-2.6.22.1/arch/i386/Kconfig.cpu linux-2.6.22.1/arch/i386/Kconfig.cpu
+--- linux-2.6.22.1/arch/i386/Kconfig.cpu	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/Kconfig.cpu	2007-08-02 11:38:45.000000000 -0400
+@@ -274,7 +274,7 @@ config X86_PPRO_FENCE
  
  config X86_F00F_BUG
  	bool
@@ -369,7 +365,7 @@
  	default y
  
  config X86_WP_WORKS_OK
-@@ -292,7 +292,7 @@ config X86_CMPXCHG64
+@@ -304,7 +304,7 @@ config X86_CMPXCHG64
  
  config X86_ALIGNMENT_16
  	bool
@@ -378,9 +374,9 @@
  	default y
  
  config X86_GOOD_APIC
-diff -urNp linux-2.6.21.5/arch/i386/Kconfig.debug linux-2.6.21.5/arch/i386/Kconfig.debug
---- linux-2.6.21.5/arch/i386/Kconfig.debug	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/Kconfig.debug	2007-05-24 22:04:52.000000000 -0400
+diff -urNp linux-2.6.22.1/arch/i386/Kconfig.debug linux-2.6.22.1/arch/i386/Kconfig.debug
+--- linux-2.6.22.1/arch/i386/Kconfig.debug	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/Kconfig.debug	2007-08-02 11:38:45.000000000 -0400
 @@ -48,7 +48,7 @@ config DEBUG_PAGEALLOC
  
  config DEBUG_RODATA
@@ -390,10 +386,10 @@
  	help
  	  Mark the kernel read-only data as write-protected in the pagetables,
  	  in order to catch accidental (and incorrect) writes to such const
-diff -urNp linux-2.6.21.5/arch/i386/kernel/acpi/boot.c linux-2.6.21.5/arch/i386/kernel/acpi/boot.c
---- linux-2.6.21.5/arch/i386/kernel/acpi/boot.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/kernel/acpi/boot.c	2007-05-24 22:04:52.000000000 -0400
-@@ -1116,7 +1116,7 @@ static struct dmi_system_id __initdata a
+diff -urNp linux-2.6.22.1/arch/i386/kernel/acpi/boot.c linux-2.6.22.1/arch/i386/kernel/acpi/boot.c
+--- linux-2.6.22.1/arch/i386/kernel/acpi/boot.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/kernel/acpi/boot.c	2007-08-02 11:38:45.000000000 -0400
+@@ -1095,7 +1095,7 @@ static struct dmi_system_id __initdata a
  		     DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
  		     },
  	 },
@@ -402,9 +398,9 @@
  };
  
  #endif				/* __i386__ */
-diff -urNp linux-2.6.21.5/arch/i386/kernel/acpi/sleep.c linux-2.6.21.5/arch/i386/kernel/acpi/sleep.c
---- linux-2.6.21.5/arch/i386/kernel/acpi/sleep.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/kernel/acpi/sleep.c	2007-05-24 22:04:52.000000000 -0400
+diff -urNp linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c
+--- linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/kernel/acpi/sleep.c	2007-08-02 11:38:45.000000000 -0400
 @@ -94,7 +94,7 @@ static __initdata struct dmi_system_id a
  		     DMI_MATCH(DMI_PRODUCT_NAME, "S4030CDT/4.3"),
  		     },
@@ -414,10 +410,27 @@
  };
  
  static int __init acpisleep_dmi_init(void)
-diff -urNp linux-2.6.21.5/arch/i386/kernel/acpi/wakeup.S linux-2.6.21.5/arch/i386/kernel/acpi/wakeup.S
---- linux-2.6.21.5/arch/i386/kernel/acpi/wakeup.S	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/kernel/acpi/wakeup.S	2007-05-24 22:04:52.000000000 -0400
-@@ -205,13 +205,11 @@ wakeup_pmode_return:
+diff -urNp linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S
+--- linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/kernel/acpi/wakeup.S	2007-08-02 11:38:45.000000000 -0400
+@@ -2,6 +2,7 @@
+ #include <linux/linkage.h>
+ #include <asm/segment.h>
+ #include <asm/page.h>
++#include <asm/msr-index.h>
+ 
+ #
+ # wakeup_code runs in real mode, and at unknown address (determined at run-time).
+@@ -64,7 +65,7 @@ wakeup_code:
+ 	# restore efer setting
+ 	movl	real_save_efer_edx - wakeup_code, %edx
+ 	movl	real_save_efer_eax - wakeup_code, %eax
+-	mov     $0xc0000080, %ecx
++	mov     $MSR_EFER, %ecx
+ 	wrmsr
+ 4:
+ 	# make sure %cr4 is set correctly (features, etc)
+@@ -205,13 +206,11 @@ wakeup_pmode_return:
  	# and restore the stack ... but you need gdt for this to work
  	movl	saved_context_esp, %esp
  
@@ -433,18 +446,27 @@
  
  bogus_magic:
  	movw	$0x0e00 + 'B', 0xb8018
-diff -urNp linux-2.6.21.5/arch/i386/kernel/alternative.c linux-2.6.21.5/arch/i386/kernel/alternative.c
---- linux-2.6.21.5/arch/i386/kernel/alternative.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/kernel/alternative.c	2007-05-24 22:04:52.000000000 -0400
+@@ -243,7 +242,7 @@ ENTRY(acpi_copy_wakeup_routine)
+ 	# save efer setting
+ 	pushl	%eax
+ 	movl	%eax, %ebx
+-	mov     $0xc0000080, %ecx
++	mov     $MSR_EFER, %ecx
+ 	rdmsr
+ 	movl	%edx, real_save_efer_edx - wakeup_start (%ebx)
+ 	movl	%eax, real_save_efer_eax - wakeup_start (%ebx)
+diff -urNp linux-2.6.22.1/arch/i386/kernel/alternative.c linux-2.6.22.1/arch/i386/kernel/alternative.c
+--- linux-2.6.22.1/arch/i386/kernel/alternative.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/kernel/alternative.c	2007-08-02 11:38:45.000000000 -0400
 @@ -4,6 +4,7 @@
  #include <linux/list.h>
  #include <asm/alternative.h>
  #include <asm/sections.h>
 +#include <asm/desc.h>
  
+ static int noreplace_smp     = 0;
  static int smp_alt_once      = 0;
- static int debug_alternative = 0;
-@@ -149,12 +150,18 @@ void apply_alternatives(struct alt_instr
+@@ -165,12 +166,18 @@ void apply_alternatives(struct alt_instr
  	u8 *instr;
  	int diff;
  
@@ -464,7 +486,7 @@
  #ifdef CONFIG_X86_64
  		/* vsyscall code is not mapped yet. resolve it manually. */
  		if (instr >= (u8 *)VSYSCALL_START && instr < (u8*)VSYSCALL_END) {
-@@ -167,6 +174,11 @@ void apply_alternatives(struct alt_instr
+@@ -183,37 +190,68 @@ void apply_alternatives(struct alt_instr
  		diff = a->instrlen - a->replacementlen;
  		nop_out(instr + a->replacementlen, diff);
  	}
@@ -476,63 +498,17 @@
  }
  
  #ifdef CONFIG_SMP
-@@ -175,49 +187,95 @@ static void alternatives_smp_save(struct
- {
- 	struct alt_instr *a;
- 
-+#ifdef CONFIG_PAX_KERNEXEC
-+	unsigned long cr0;
-+
-+	pax_open_kernel(cr0);
-+#endif
-+
- 	DPRINTK("%s: alt table %p-%p\n", __FUNCTION__, start, end);
- 	for (a = start; a < end; a++) {
- 		memcpy(a->replacement + a->replacementlen,
--		       a->instr,
-+		       a->instr + __KERNEL_TEXT_OFFSET,
- 		       a->instrlen);
- 	}
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+	pax_close_kernel(cr0);
-+#endif
-+
- }
- 
- static void alternatives_smp_apply(struct alt_instr *start, struct alt_instr *end)
- {
- 	struct alt_instr *a;
- 
-+#ifdef CONFIG_PAX_KERNEXEC
-+	unsigned long cr0;
-+
-+	pax_open_kernel(cr0);
-+#endif
-+
- 	for (a = start; a < end; a++) {
--		memcpy(a->instr,
-+		memcpy(a->instr + __KERNEL_TEXT_OFFSET,
- 		       a->replacement + a->replacementlen,
- 		       a->instrlen);
- 	}
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+	pax_close_kernel(cr0);
-+#endif
-+
- }
  
  static void alternatives_smp_lock(u8 **start, u8 **end, u8 *text, u8 *text_end)
  {
 -	u8 **ptr;
 +	u8 *ptr;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
  
 -	for (ptr = start; ptr < end; ptr++) {
 -		if (*ptr < text)
-+#ifdef CONFIG_PAX_KERNEXEC
-+	unsigned long cr0;
-+
 +	pax_open_kernel(cr0);
 +#endif
 +
@@ -560,12 +536,17 @@
 +
 +#ifdef CONFIG_PAX_KERNEXEC
 +	unsigned long cr0;
-+
-+	pax_open_kernel(cr0);
 +#endif
  
+ 	if (noreplace_smp)
+ 		return;
+ 
 -	for (ptr = start; ptr < end; ptr++) {
 -		if (*ptr < text)
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
 +	for (; start < end; start++) {
 +		ptr = *start + __KERNEL_TEXT_OFFSET;
 +		if (ptr < text)
@@ -584,13 +565,18 @@
  }
  
  struct smp_alt_module {
-@@ -344,10 +402,17 @@ void apply_paravirt(struct paravirt_patc
+@@ -340,21 +378,34 @@ void apply_paravirt(struct paravirt_patc
  {
- 	struct paravirt_patch *p;
+ 	struct paravirt_patch_site *p;
  
 +#ifdef CONFIG_PAX_KERNEXEC
 +	unsigned long cr0;
++#endif
 +
+ 	if (noreplace_paravirt)
+ 		return;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
 +	pax_open_kernel(cr0);
 +#endif
 +
@@ -601,21 +587,9 @@
 -		used = paravirt_ops.patch(p->instrtype, p->clobbers, p->instr,
 +		used = paravirt_ops.patch(p->instrtype, p->clobbers, instr,
  					  p->len);
- #ifdef CONFIG_DEBUG_PARAVIRT
- 		{
-@@ -355,17 +420,20 @@ void apply_paravirt(struct paravirt_patc
- 		/* Deliberately clobber regs using "not %reg" to find bugs. */
- 		for (i = 0; i < 3; i++) {
- 			if (p->len - used >= 2 && (p->clobbers & (1 << i))) {
--				memcpy(p->instr + used, "\xf7\xd0", 2);
--				p->instr[used+1] |= i;
--				used += 2;
-+				instr[used++] = 0xf7;
-+				instr[used++] = 0xd0 | i;
- 			}
- 		}
- 		}
- #endif
+ 
+ 		BUG_ON(used > p->len);
+ 
  		/* Pad the rest with nops */
 -		nop_out(p->instr + used, p->len - used);
 +		nop_out(instr + used, p->len - used);
@@ -625,22 +599,13 @@
 +	pax_close_kernel(cr0);
 +#endif
 +
- 	/* Sync to be conservative, in case we patched following instructions */
+ 	/* Sync to be conservative, in case we patched following
+ 	 * instructions */
  	sync_core();
- }
-diff -urNp linux-2.6.21.5/arch/i386/kernel/apm.c linux-2.6.21.5/arch/i386/kernel/apm.c
---- linux-2.6.21.5/arch/i386/kernel/apm.c	2007-04-25 23:08:32.000000000 -0400
-+++ linux-2.6.21.5/arch/i386/kernel/apm.c	2007-05-24 22:04:52.000000000 -0400
-@@ -236,7 +236,7 @@
- 
- #include "io_ports.h"
- 
--extern void machine_real_restart(unsigned char *, int);
-+extern void machine_real_restart(const unsigned char *, unsigned int);
- 
- #if defined(CONFIG_APM_DISPLAY_BLANK) && defined(CONFIG_VT)
- extern int (*console_blank_hook)(int);
-@@ -609,9 +609,18 @@ static u8 apm_bios_call(u32 func, u32 eb
+diff -urNp linux-2.6.22.1/arch/i386/kernel/apm.c linux-2.6.22.1/arch/i386/kernel/apm.c
+--- linux-2.6.22.1/arch/i386/kernel/apm.c	2007-07-10 14:56:30.000000000 -0400
++++ linux-2.6.22.1/arch/i386/kernel/apm.c	2007-08-02 11:38:45.000000000 -0400
+@@ -600,9 +600,18 @@ static u8 apm_bios_call(u32 func, u32 eb
  	struct desc_struct	save_desc_40;
  	struct desc_struct	*gdt;
  
@@ -659,7 +624,7 @@
  	gdt = get_cpu_gdt_table(cpu);
  	save_desc_40 = gdt[0x40 / 8];
  	gdt[0x40 / 8] = bad_bios_desc;
-@@ -622,6 +631,11 @@ static u8 apm_bios_call(u32 func, u32 eb
+@@ -613,6 +622,11 @@ static u8 apm_bios_call(u32 func, u32 eb
  	APM_DO_RESTORE_SEGS;
  	apm_irq_restore(flags);
  	gdt[0x40 / 8] = save_desc_40;
@@ -671,7 +636,7 @@
  	put_cpu();
  	apm_restore_cpus(cpus);
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-grsec-full.patch?r1=1.1.2.3&r2=1.1.2.4&f=u



More information about the pld-cvs-commit mailing list