SOURCES (Titanium): linux-2.6-grsecurity.patch - http://www.grsecu...
hawk
hawk at pld-linux.org
Tue Jan 1 13:49:28 CET 2008
Author: hawk Date: Tue Jan 1 12:49:28 2008 GMT
Module: SOURCES Tag: Titanium
---- Log message:
- http://www.grsecurity.net/~spender/grsecurity-2.1.11-2.6.23.9-200712101800.patch
with localversion killed
---- Files affected:
SOURCES:
linux-2.6-grsecurity.patch (1.1.2.1 -> 1.1.2.2)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsecurity.patch
diff -u SOURCES/linux-2.6-grsecurity.patch:1.1.2.1 SOURCES/linux-2.6-grsecurity.patch:1.1.2.2
--- SOURCES/linux-2.6-grsecurity.patch:1.1.2.1 Sat Nov 10 22:26:28 2007
+++ SOURCES/linux-2.6-grsecurity.patch Tue Jan 1 13:49:22 2008
@@ -1,6 +1,6 @@
-diff -urNp linux-2.6.23.1/arch/alpha/kernel/module.c linux-2.6.23.1/arch/alpha/kernel/module.c
---- linux-2.6.23.1/arch/alpha/kernel/module.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/alpha/kernel/module.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/alpha/kernel/module.c linux-2.6.23.9/arch/alpha/kernel/module.c
+--- linux-2.6.23.9/arch/alpha/kernel/module.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/alpha/kernel/module.c 2007-12-03 10:05:50.000000000 -0500
@@ -176,7 +176,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
@@ -10,9 +10,9 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.23.1/arch/alpha/kernel/osf_sys.c linux-2.6.23.1/arch/alpha/kernel/osf_sys.c
---- linux-2.6.23.1/arch/alpha/kernel/osf_sys.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/alpha/kernel/osf_sys.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/alpha/kernel/osf_sys.c linux-2.6.23.9/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.23.9/arch/alpha/kernel/osf_sys.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/alpha/kernel/osf_sys.c 2007-12-03 10:05:50.000000000 -0500
@@ -1288,6 +1288,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
@@ -35,9 +35,9 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.23.1/arch/alpha/kernel/ptrace.c linux-2.6.23.1/arch/alpha/kernel/ptrace.c
---- linux-2.6.23.1/arch/alpha/kernel/ptrace.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/alpha/kernel/ptrace.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/alpha/kernel/ptrace.c linux-2.6.23.9/arch/alpha/kernel/ptrace.c
+--- linux-2.6.23.9/arch/alpha/kernel/ptrace.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/alpha/kernel/ptrace.c 2007-12-03 10:05:50.000000000 -0500
@@ -15,6 +15,7 @@
#include <linux/slab.h>
#include <linux/security.h>
@@ -58,9 +58,9 @@
if (request == PTRACE_ATTACH) {
ret = ptrace_attach(child);
goto out;
-diff -urNp linux-2.6.23.1/arch/alpha/mm/fault.c linux-2.6.23.1/arch/alpha/mm/fault.c
---- linux-2.6.23.1/arch/alpha/mm/fault.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/alpha/mm/fault.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/alpha/mm/fault.c linux-2.6.23.9/arch/alpha/mm/fault.c
+--- linux-2.6.23.9/arch/alpha/mm/fault.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/alpha/mm/fault.c 2007-12-03 10:05:50.000000000 -0500
@@ -23,6 +23,7 @@
#include <linux/smp.h>
#include <linux/interrupt.h>
@@ -225,9 +225,9 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.23.1/arch/arm/mm/mmap.c linux-2.6.23.1/arch/arm/mm/mmap.c
---- linux-2.6.23.1/arch/arm/mm/mmap.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/arm/mm/mmap.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/arm/mm/mmap.c linux-2.6.23.9/arch/arm/mm/mmap.c
+--- linux-2.6.23.9/arch/arm/mm/mmap.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/arm/mm/mmap.c 2007-12-03 10:05:50.000000000 -0500
@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
@@ -264,9 +264,9 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -urNp linux-2.6.23.1/arch/avr32/mm/fault.c linux-2.6.23.1/arch/avr32/mm/fault.c
---- linux-2.6.23.1/arch/avr32/mm/fault.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/avr32/mm/fault.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/avr32/mm/fault.c linux-2.6.23.9/arch/avr32/mm/fault.c
+--- linux-2.6.23.9/arch/avr32/mm/fault.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/avr32/mm/fault.c 2007-12-03 10:05:50.000000000 -0500
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -308,9 +308,9 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.23.1/arch/i386/boot/bitops.h linux-2.6.23.1/arch/i386/boot/bitops.h
---- linux-2.6.23.1/arch/i386/boot/bitops.h 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/bitops.h 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/bitops.h linux-2.6.23.9/arch/i386/boot/bitops.h
+--- linux-2.6.23.9/arch/i386/boot/bitops.h 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/bitops.h 2007-12-03 10:05:50.000000000 -0500
@@ -28,7 +28,7 @@ static inline int variable_test_bit(int
u8 v;
const u32 *p = (const u32 *)addr;
@@ -329,10 +329,10 @@
}
#endif /* BOOT_BITOPS_H */
-diff -urNp linux-2.6.23.1/arch/i386/boot/boot.h linux-2.6.23.1/arch/i386/boot/boot.h
---- linux-2.6.23.1/arch/i386/boot/boot.h 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/boot.h 2007-10-30 18:10:07.000000000 -0400
-@@ -76,7 +76,7 @@ static inline void io_delay(void)
+diff -urNp linux-2.6.23.9/arch/i386/boot/boot.h linux-2.6.23.9/arch/i386/boot/boot.h
+--- linux-2.6.23.9/arch/i386/boot/boot.h 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/boot.h 2007-12-03 10:05:50.000000000 -0500
+@@ -78,7 +78,7 @@ static inline void io_delay(void)
static inline u16 ds(void)
{
u16 seg;
@@ -341,7 +341,7 @@
return seg;
}
-@@ -172,7 +172,7 @@ static inline void wrgs32(u32 v, addr_t
+@@ -174,7 +174,7 @@ static inline void wrgs32(u32 v, addr_t
static inline int memcmp(const void *s1, const void *s2, size_t len)
{
u8 diff;
@@ -350,9 +350,140 @@
: "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
return diff;
}
-diff -urNp linux-2.6.23.1/arch/i386/boot/cpucheck.c linux-2.6.23.1/arch/i386/boot/cpucheck.c
---- linux-2.6.23.1/arch/i386/boot/cpucheck.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/cpucheck.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/compressed/head.S linux-2.6.23.9/arch/i386/boot/compressed/head.S
+--- linux-2.6.23.9/arch/i386/boot/compressed/head.S 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/compressed/head.S 2007-12-03 10:05:50.000000000 -0500
+@@ -159,9 +159,8 @@ relocated:
+ */
+
+ 1: subl $4, %edi
+- movl 0(%edi), %ecx
+- testl %ecx, %ecx
+- jz 2f
++ movl (%edi), %ecx
++ jecxz 2f
+ addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
+ jmp 1b
+ 2:
+diff -urNp linux-2.6.23.9/arch/i386/boot/compressed/relocs.c linux-2.6.23.9/arch/i386/boot/compressed/relocs.c
+--- linux-2.6.23.9/arch/i386/boot/compressed/relocs.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/compressed/relocs.c 2007-12-03 10:05:50.000000000 -0500
+@@ -10,9 +10,13 @@
+ #define USE_BSD
+ #include <endian.h>
+
++#include "../../../../include/linux/autoconf.h"
++
++#define MAX_PHDRS 100
+ #define MAX_SHDRS 100
+ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+ static Elf32_Ehdr ehdr;
++static Elf32_Phdr phdr[MAX_PHDRS];
+ static Elf32_Shdr shdr[MAX_SHDRS];
+ static Elf32_Sym *symtab[MAX_SHDRS];
+ static Elf32_Rel *reltab[MAX_SHDRS];
+@@ -246,6 +250,34 @@ static void read_ehdr(FILE *fp)
+ }
+ }
+
++static void read_phdrs(FILE *fp)
++{
++ int i;
++ if (ehdr.e_phnum > MAX_PHDRS) {
++ die("%d program headers supported: %d\n",
++ ehdr.e_phnum, MAX_PHDRS);
++ }
++ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
++ die("Seek to %d failed: %s\n",
++ ehdr.e_phoff, strerror(errno));
++ }
++ if (fread(&phdr, sizeof(phdr[0]), ehdr.e_phnum, fp) != ehdr.e_phnum) {
++ die("Cannot read ELF program headers: %s\n",
++ strerror(errno));
++ }
++ for(i = 0; i < ehdr.e_phnum; i++) {
++ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
++ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
++ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
++ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
++ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
++ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
++ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
++ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
++ }
++
++}
++
+ static void read_shdrs(FILE *fp)
+ {
+ int i;
+@@ -332,6 +364,8 @@ static void read_symtabs(FILE *fp)
+ static void read_relocs(FILE *fp)
+ {
+ int i,j;
++ uint32_t base;
++
+ for(i = 0; i < ehdr.e_shnum; i++) {
+ if (shdr[i].sh_type != SHT_REL) {
+ continue;
+@@ -349,8 +383,17 @@ static void read_relocs(FILE *fp)
+ die("Cannot read symbol table: %s\n",
+ strerror(errno));
+ }
++ base = 0;
++ for (j = 0; j < ehdr.e_phnum; j++) {
++ if (phdr[j].p_type != PT_LOAD )
++ continue;
++ if (shdr[shdr[i].sh_info].sh_offset < phdr[j].p_offset || shdr[shdr[i].sh_info].sh_offset > phdr[j].p_offset + phdr[j].p_filesz)
++ continue;
++ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
++ break;
++ }
+ for(j = 0; j < shdr[i].sh_size/sizeof(reltab[0][0]); j++) {
+- reltab[i][j].r_offset = elf32_to_cpu(reltab[i][j].r_offset);
++ reltab[i][j].r_offset = elf32_to_cpu(reltab[i][j].r_offset) + base;
+ reltab[i][j].r_info = elf32_to_cpu(reltab[i][j].r_info);
+ }
+ }
+@@ -487,6 +530,27 @@ static void walk_relocs(void (*visit)(El
+ if (sym->st_shndx == SHN_ABS) {
+ continue;
+ }
++ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
++ if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strncmp(sym_name(sym_strtab, sym), "__per_cpu_", 10)) {
++ continue;
++ }
++#ifdef CONFIG_PAX_KERNEXEC
++ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
++ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) {
++ continue;
++ }
++ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) {
++ continue;
++ }
++ if (!strcmp(sec_name(sym->st_shndx), ".text.head"))
++ if (strcmp(sym_name(sym_strtab, sym), "__init_end") &&
++ strcmp(sym_name(sym_strtab, sym), "KERNEL_TEXT_OFFSET")) {
++ continue;
++ }
++ if (!strcmp(sec_name(sym->st_shndx), ".text")) {
++ continue;
++ }
++#endif
+ if (r_type == R_386_PC32) {
+ /* PC relative relocations don't need to be adjusted */
+ }
+@@ -614,6 +678,7 @@ int main(int argc, char **argv)
+ fname, strerror(errno));
+ }
+ read_ehdr(fp);
++ read_phdrs(fp);
+ read_shdrs(fp);
+ read_strtabs(fp);
+ read_symtabs(fp);
+diff -urNp linux-2.6.23.9/arch/i386/boot/cpucheck.c linux-2.6.23.9/arch/i386/boot/cpucheck.c
+--- linux-2.6.23.9/arch/i386/boot/cpucheck.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/cpucheck.c 2007-12-03 10:05:50.000000000 -0500
@@ -90,7 +90,7 @@ static int has_fpu(void)
u16 fcw = -1, fsw = -1;
u32 cr0;
@@ -448,9 +579,9 @@
err = check_flags();
}
-diff -urNp linux-2.6.23.1/arch/i386/boot/edd.c linux-2.6.23.1/arch/i386/boot/edd.c
---- linux-2.6.23.1/arch/i386/boot/edd.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/edd.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/edd.c linux-2.6.23.9/arch/i386/boot/edd.c
+--- linux-2.6.23.9/arch/i386/boot/edd.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/edd.c 2007-12-03 10:05:50.000000000 -0500
@@ -78,7 +78,7 @@ static int get_edd_info(u8 devno, struct
ax = 0x4100;
bx = EDDMAGIC1;
@@ -478,9 +609,9 @@
"movw %%di,%%es; "
"pushfl; stc; int $0x13; setc %%al; popfl; "
"popw %%es"
-diff -urNp linux-2.6.23.1/arch/i386/boot/main.c linux-2.6.23.1/arch/i386/boot/main.c
---- linux-2.6.23.1/arch/i386/boot/main.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/main.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/main.c linux-2.6.23.9/arch/i386/boot/main.c
+--- linux-2.6.23.9/arch/i386/boot/main.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/main.c 2007-12-03 10:05:50.000000000 -0500
@@ -77,7 +77,7 @@ static void keyboard_set_repeat(void)
*/
static void query_ist(void)
@@ -490,9 +621,9 @@
: "=a" (boot_params.ist_info.signature),
"=b" (boot_params.ist_info.command),
"=c" (boot_params.ist_info.event),
-diff -urNp linux-2.6.23.1/arch/i386/boot/mca.c linux-2.6.23.1/arch/i386/boot/mca.c
---- linux-2.6.23.1/arch/i386/boot/mca.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/mca.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/mca.c linux-2.6.23.9/arch/i386/boot/mca.c
+--- linux-2.6.23.9/arch/i386/boot/mca.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/mca.c 2007-12-03 10:05:50.000000000 -0500
@@ -21,7 +21,7 @@ int query_mca(void)
u8 err;
u16 es, bx, len;
@@ -502,9 +633,9 @@
"int $0x15 ; "
"setc %0 ; "
"movw %%es, %1 ; "
-diff -urNp linux-2.6.23.1/arch/i386/boot/memory.c linux-2.6.23.1/arch/i386/boot/memory.c
---- linux-2.6.23.1/arch/i386/boot/memory.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/memory.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/memory.c linux-2.6.23.9/arch/i386/boot/memory.c
+--- linux-2.6.23.9/arch/i386/boot/memory.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/memory.c 2007-12-03 10:05:50.000000000 -0500
@@ -32,7 +32,7 @@ static int detect_memory_e820(void)
/* Important: %edx is clobbered by some BIOSes,
so it must be either used for the error output
@@ -532,9 +663,9 @@
boot_params.screen_info.ext_mem_k = ax;
-diff -urNp linux-2.6.23.1/arch/i386/boot/video.c linux-2.6.23.1/arch/i386/boot/video.c
---- linux-2.6.23.1/arch/i386/boot/video.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/video.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/video.c linux-2.6.23.9/arch/i386/boot/video.c
+--- linux-2.6.23.9/arch/i386/boot/video.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/video.c 2007-12-03 10:05:50.000000000 -0500
@@ -40,7 +40,7 @@ static void store_cursor_position(void)
ax = 0x0300;
@@ -553,9 +684,9 @@
: "+a" (ax), "=b" (page)
: : "ecx", "edx", "esi", "edi");
-diff -urNp linux-2.6.23.1/arch/i386/boot/video-vesa.c linux-2.6.23.1/arch/i386/boot/video-vesa.c
---- linux-2.6.23.1/arch/i386/boot/video-vesa.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/video-vesa.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/video-vesa.c linux-2.6.23.9/arch/i386/boot/video-vesa.c
+--- linux-2.6.23.9/arch/i386/boot/video-vesa.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/video-vesa.c 2007-12-03 10:05:50.000000000 -0500
@@ -41,7 +41,7 @@ static int vesa_probe(void)
ax = 0x4f00;
@@ -627,9 +758,9 @@
: "+a" (ax), "+b" (bx), "+d" (dx), "=m" (boot_params.edid_info)
: "c" (cx), "D" (di)
: "esi");
-diff -urNp linux-2.6.23.1/arch/i386/boot/video-vga.c linux-2.6.23.1/arch/i386/boot/video-vga.c
---- linux-2.6.23.1/arch/i386/boot/video-vga.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/video-vga.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/video-vga.c linux-2.6.23.9/arch/i386/boot/video-vga.c
+--- linux-2.6.23.9/arch/i386/boot/video-vga.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/video-vga.c 2007-12-03 10:05:50.000000000 -0500
@@ -225,7 +225,7 @@ static int vga_probe(void)
};
u8 vga_flag;
@@ -648,9 +779,9 @@
: "=a" (vga_flag)
: "a" (0x1a00)
: "ebx", "ecx", "edx", "esi", "edi");
-diff -urNp linux-2.6.23.1/arch/i386/boot/voyager.c linux-2.6.23.1/arch/i386/boot/voyager.c
---- linux-2.6.23.1/arch/i386/boot/voyager.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/boot/voyager.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/boot/voyager.c linux-2.6.23.9/arch/i386/boot/voyager.c
+--- linux-2.6.23.9/arch/i386/boot/voyager.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/boot/voyager.c 2007-12-03 10:05:50.000000000 -0500
@@ -27,7 +27,7 @@ int query_voyager(void)
data_ptr[0] = 0xff; /* Flag on config not found(?) */
@@ -660,9 +791,9 @@
"int $0x15 ; "
"setc %0 ; "
"movw %%es, %1 ; "
-diff -urNp linux-2.6.23.1/arch/i386/Kconfig linux-2.6.23.1/arch/i386/Kconfig
---- linux-2.6.23.1/arch/i386/Kconfig 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/Kconfig 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/Kconfig linux-2.6.23.9/arch/i386/Kconfig
+--- linux-2.6.23.9/arch/i386/Kconfig 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/Kconfig 2007-12-03 10:05:50.000000000 -0500
@@ -592,7 +592,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
@@ -699,9 +830,9 @@
---help---
On PCI systems, the BIOS can be used to detect the PCI devices and
determine their configuration. However, some old PCI motherboards
-diff -urNp linux-2.6.23.1/arch/i386/Kconfig.cpu linux-2.6.23.1/arch/i386/Kconfig.cpu
---- linux-2.6.23.1/arch/i386/Kconfig.cpu 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/Kconfig.cpu 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/Kconfig.cpu linux-2.6.23.9/arch/i386/Kconfig.cpu
+--- linux-2.6.23.9/arch/i386/Kconfig.cpu 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/Kconfig.cpu 2007-12-03 10:05:50.000000000 -0500
@@ -274,7 +274,7 @@ config X86_PPRO_FENCE
config X86_F00F_BUG
@@ -720,9 +851,9 @@
default y
config X86_GOOD_APIC
-diff -urNp linux-2.6.23.1/arch/i386/Kconfig.debug linux-2.6.23.1/arch/i386/Kconfig.debug
---- linux-2.6.23.1/arch/i386/Kconfig.debug 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/Kconfig.debug 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/Kconfig.debug linux-2.6.23.9/arch/i386/Kconfig.debug
+--- linux-2.6.23.9/arch/i386/Kconfig.debug 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/Kconfig.debug 2007-12-03 10:05:50.000000000 -0500
@@ -46,16 +46,6 @@ config DEBUG_PAGEALLOC
This results in a large slowdown, but helps to find certain types
of memory corruptions.
@@ -740,9 +871,9 @@
config 4KSTACKS
bool "Use 4Kb for kernel stacks instead of 8Kb"
depends on DEBUG_KERNEL
-diff -urNp linux-2.6.23.1/arch/i386/kernel/acpi/boot.c linux-2.6.23.1/arch/i386/kernel/acpi/boot.c
---- linux-2.6.23.1/arch/i386/kernel/acpi/boot.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/acpi/boot.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/acpi/boot.c linux-2.6.23.9/arch/i386/kernel/acpi/boot.c
+--- linux-2.6.23.9/arch/i386/kernel/acpi/boot.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/acpi/boot.c 2007-12-03 10:05:50.000000000 -0500
@@ -1123,7 +1123,7 @@ static struct dmi_system_id __initdata a
DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
},
@@ -752,9 +883,9 @@
};
#endif /* __i386__ */
-diff -urNp linux-2.6.23.1/arch/i386/kernel/acpi/sleep.c linux-2.6.23.1/arch/i386/kernel/acpi/sleep.c
---- linux-2.6.23.1/arch/i386/kernel/acpi/sleep.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/acpi/sleep.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/acpi/sleep.c linux-2.6.23.9/arch/i386/kernel/acpi/sleep.c
+--- linux-2.6.23.9/arch/i386/kernel/acpi/sleep.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/acpi/sleep.c 2007-12-03 10:05:50.000000000 -0500
@@ -98,7 +98,7 @@ static __initdata struct dmi_system_id a
DMI_MATCH(DMI_PRODUCT_NAME, "S4030CDT/4.3"),
},
@@ -764,9 +895,9 @@
};
static int __init acpisleep_dmi_init(void)
-diff -urNp linux-2.6.23.1/arch/i386/kernel/acpi/wakeup.S linux-2.6.23.1/arch/i386/kernel/acpi/wakeup.S
---- linux-2.6.23.1/arch/i386/kernel/acpi/wakeup.S 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/acpi/wakeup.S 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/acpi/wakeup.S linux-2.6.23.9/arch/i386/kernel/acpi/wakeup.S
+--- linux-2.6.23.9/arch/i386/kernel/acpi/wakeup.S 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/acpi/wakeup.S 2007-12-03 10:05:50.000000000 -0500
@@ -2,6 +2,7 @@
#include <linux/linkage.h>
#include <asm/segment.h>
@@ -809,9 +940,9 @@
rdmsr
movl %edx, real_save_efer_edx - wakeup_start (%ebx)
movl %eax, real_save_efer_eax - wakeup_start (%ebx)
-diff -urNp linux-2.6.23.1/arch/i386/kernel/alternative.c linux-2.6.23.1/arch/i386/kernel/alternative.c
---- linux-2.6.23.1/arch/i386/kernel/alternative.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/alternative.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/alternative.c linux-2.6.23.9/arch/i386/kernel/alternative.c
+--- linux-2.6.23.9/arch/i386/kernel/alternative.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/alternative.c 2007-12-03 10:05:50.000000000 -0500
@@ -443,7 +443,20 @@ void __init alternative_instructions(voi
*/
void __kprobes text_poke(void *addr, unsigned char *opcode, int len)
@@ -833,9 +964,18 @@
sync_core();
/* Could also do a CLFLUSH here to speed up CPU recovery; but
that causes hangs on some VIA CPUs. */
-diff -urNp linux-2.6.23.1/arch/i386/kernel/apm.c linux-2.6.23.1/arch/i386/kernel/apm.c
---- linux-2.6.23.1/arch/i386/kernel/apm.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/apm.c 2007-10-30 18:19:42.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/apm.c linux-2.6.23.9/arch/i386/kernel/apm.c
+--- linux-2.6.23.9/arch/i386/kernel/apm.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/apm.c 2007-12-03 10:06:02.000000000 -0500
+@@ -407,7 +407,7 @@ static DECLARE_WAIT_QUEUE_HEAD(apm_waitq
+ static DECLARE_WAIT_QUEUE_HEAD(apm_suspend_waitqueue);
+ static struct apm_user * user_list;
+ static DEFINE_SPINLOCK(user_list_lock);
+-static const struct desc_struct bad_bios_desc = { 0, 0x00409200 };
++static const struct desc_struct bad_bios_desc = { 0, 0x00409300 };
+
+ static const char driver_version[] = "1.16ac"; /* no spaces */
+
@@ -601,19 +601,42 @@ static u8 apm_bios_call(u32 func, u32 eb
struct desc_struct save_desc_40;
struct desc_struct *gdt;
@@ -1201,7 +1341,26 @@
dmi_check_system(apm_dmi_table);
if (apm_info.bios.version == 0 || paravirt_enabled()) {
-@@ -2292,6 +2345,11 @@ static int __init apm_init(void)
+@@ -2271,9 +2324,18 @@ static int __init apm_init(void)
+ * This is for buggy BIOS's that refer to (real mode) segment 0x40
+ * even though they are called in protected mode.
+ */
++
++#ifdef CONFIG_PAX_KERNEXEC
++ pax_open_kernel(cr0);
++#endif
++
+ set_base(bad_bios_desc, __va((unsigned long)0x40 << 4));
+ _set_limit((char *)&bad_bios_desc, 4095 - (0x40 << 4));
+
++#ifdef CONFIG_PAX_KERNEXEC
++ pax_close_kernel(cr0);
++#endif
++
+ /*
+ * Set up the long jump entry point to the APM BIOS, which is called
+ * from inline assembly.
+@@ -2292,6 +2354,11 @@ static int __init apm_init(void)
* code to that CPU.
*/
gdt = get_cpu_gdt_table(0);
@@ -1213,7 +1372,7 @@
set_base(gdt[APM_CS >> 3],
__va((unsigned long)apm_info.bios.cseg << 4));
set_base(gdt[APM_CS_16 >> 3],
-@@ -2299,6 +2357,10 @@ static int __init apm_init(void)
+@@ -2299,6 +2366,10 @@ static int __init apm_init(void)
set_base(gdt[APM_DS >> 3],
__va((unsigned long)apm_info.bios.dseg << 4));
@@ -1224,9 +1383,9 @@
apm_proc = create_proc_entry("apm", 0, NULL);
if (apm_proc)
apm_proc->proc_fops = &apm_file_ops;
-diff -urNp linux-2.6.23.1/arch/i386/kernel/asm-offsets.c linux-2.6.23.1/arch/i386/kernel/asm-offsets.c
---- linux-2.6.23.1/arch/i386/kernel/asm-offsets.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/asm-offsets.c 2007-10-30 18:19:42.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/asm-offsets.c linux-2.6.23.9/arch/i386/kernel/asm-offsets.c
+--- linux-2.6.23.9/arch/i386/kernel/asm-offsets.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/asm-offsets.c 2007-12-03 10:05:50.000000000 -0500
@@ -109,6 +109,7 @@ void foo(void)
DEFINE(PTRS_PER_PTE, PTRS_PER_PTE);
DEFINE(PTRS_PER_PMD, PTRS_PER_PMD);
@@ -1243,9 +1402,9 @@
#endif
#ifdef CONFIG_XEN
-diff -urNp linux-2.6.23.1/arch/i386/kernel/cpu/common.c linux-2.6.23.1/arch/i386/kernel/cpu/common.c
---- linux-2.6.23.1/arch/i386/kernel/cpu/common.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/cpu/common.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/cpu/common.c linux-2.6.23.9/arch/i386/kernel/cpu/common.c
+--- linux-2.6.23.9/arch/i386/kernel/cpu/common.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/cpu/common.c 2007-12-03 10:05:50.000000000 -0500
@@ -4,7 +4,6 @@
#include <linux/smp.h>
#include <linux/module.h>
@@ -1354,9 +1513,9 @@
struct thread_struct *thread = &curr->thread;
if (cpu_test_and_set(cpu, cpu_initialized)) {
-diff -urNp linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
---- linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
+--- linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c 2007-12-03 10:05:50.000000000 -0500
@@ -549,7 +549,7 @@ static struct dmi_system_id sw_any_bug_d
DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"),
},
@@ -1366,9 +1525,9 @@
};
#endif
-diff -urNp linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c
---- linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c
+--- linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2007-12-03 10:05:50.000000000 -0500
@@ -223,7 +223,7 @@ static struct cpu_model models[] =
{ &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL },
{ &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL },
@@ -1378,9 +1537,9 @@
};
#undef _BANIAS
#undef BANIAS
-diff -urNp linux-2.6.23.1/arch/i386/kernel/cpu/intel_cacheinfo.c linux-2.6.23.1/arch/i386/kernel/cpu/intel_cacheinfo.c
---- linux-2.6.23.1/arch/i386/kernel/cpu/intel_cacheinfo.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/cpu/intel_cacheinfo.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/cpu/intel_cacheinfo.c linux-2.6.23.9/arch/i386/kernel/cpu/intel_cacheinfo.c
+--- linux-2.6.23.9/arch/i386/kernel/cpu/intel_cacheinfo.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/cpu/intel_cacheinfo.c 2007-12-03 10:05:50.000000000 -0500
@@ -351,8 +351,8 @@ unsigned int __cpuinit init_intel_cachei
*/
if ((num_cache_leaves == 0 || c->x86 == 15) && c->cpuid_level > 1) {
@@ -1401,9 +1560,9 @@
}
/* Byte 0 is level count, not a descriptor */
-diff -urNp linux-2.6.23.1/arch/i386/kernel/cpu/mcheck/therm_throt.c linux-2.6.23.1/arch/i386/kernel/cpu/mcheck/therm_throt.c
---- linux-2.6.23.1/arch/i386/kernel/cpu/mcheck/therm_throt.c 2007-10-12 12:43:44.000000000 -0400
-+++ linux-2.6.23.1/arch/i386/kernel/cpu/mcheck/therm_throt.c 2007-10-30 18:10:07.000000000 -0400
+diff -urNp linux-2.6.23.9/arch/i386/kernel/cpu/mcheck/therm_throt.c linux-2.6.23.9/arch/i386/kernel/cpu/mcheck/therm_throt.c
+--- linux-2.6.23.9/arch/i386/kernel/cpu/mcheck/therm_throt.c 2007-11-26 12:51:43.000000000 -0500
++++ linux-2.6.23.9/arch/i386/kernel/cpu/mcheck/therm_throt.c 2007-12-03 10:05:50.000000000 -0500
@@ -152,7 +152,7 @@ static __cpuinit int thermal_throttle_cp
return NOTIFY_OK;
}
@@ -1413,9 +1572,9 @@
{
.notifier_call = thermal_throttle_cpu_callback,
};
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsecurity.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
More information about the pld-cvs-commit
mailing list