SOURCES (LINUX_2_6): kernel-pax.patch - pure http://www.grsecurity...
zbyniu
zbyniu at pld-linux.org
Mon Jan 28 02:11:14 CET 2008
Author: zbyniu Date: Mon Jan 28 01:11:14 2008 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- pure http://www.grsecurity.net/~paxguy1/pax-linux-2.6.24-test8.patch
---- Files affected:
SOURCES:
kernel-pax.patch (1.1.2.2 -> 1.1.2.3)
---- Diffs:
================================================================
Index: SOURCES/kernel-pax.patch
diff -u SOURCES/kernel-pax.patch:1.1.2.2 SOURCES/kernel-pax.patch:1.1.2.3
--- SOURCES/kernel-pax.patch:1.1.2.2 Sat Sep 8 20:54:46 2007
+++ SOURCES/kernel-pax.patch Mon Jan 28 02:11:08 2008
@@ -1,36 +1,39 @@
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/Documentation/dontdiff linux-2.6.22.6-pax/Documentation/dontdiff
---- linux-2.6.22.6/Documentation/dontdiff 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/Documentation/dontdiff 2007-07-10 02:05:11.000000000 +0200
-@@ -177,10 +177,13 @@ version.h*
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/Documentation/dontdiff linux-2.6.24-pax/Documentation/dontdiff
+--- linux-2.6.24/Documentation/dontdiff 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/Documentation/dontdiff 2008-01-25 15:28:01.000000000 +0100
+@@ -183,11 +183,14 @@ version.h*
vmlinux
vmlinux-*
vmlinux.aout
+-vmlinux*.lds*
+vmlinux.bin.all
- vmlinux.lds
++vmlinux*.lds
+vmlinux.relocs
- vsyscall.lds
+ vmlinux*.scr
+-vsyscall.lds
++vsyscall*.lds
wanxlfw.inc
uImage
unifdef
+utsrelease.h
zImage*
zconf.hash.c
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/Makefile linux-2.6.22.6-pax/Makefile
---- linux-2.6.22.6/Makefile 2007-08-31 14:33:33.000000000 +0200
-+++ linux-2.6.22.6-pax/Makefile 2007-08-31 14:37:51.000000000 +0200
-@@ -312,7 +312,7 @@ LINUXINCLUDE := -Iinclude \
-
- CPPFLAGS := -D__KERNEL__ $(LINUXINCLUDE)
-
--CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-+CFLAGS := -Wall -W -Wno-unused -Wno-sign-compare -Wundef -Wstrict-prototypes -Wno-trigraphs \
- -fno-strict-aliasing -fno-common
- AFLAGS := -D__ASSEMBLY__
-
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/alpha/kernel/module.c linux-2.6.22.6-pax/arch/alpha/kernel/module.c
---- linux-2.6.22.6/arch/alpha/kernel/module.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/alpha/kernel/module.c 2007-07-10 02:05:11.000000000 +0200
-@@ -177,7 +177,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/Makefile linux-2.6.24-pax/Makefile
+--- linux-2.6.24/Makefile 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/Makefile 2008-01-25 15:28:01.000000000 +0100
+@@ -214,7 +214,7 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
+
+ HOSTCC = gcc
+ HOSTCXX = g++
+-HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
++HOSTCFLAGS = -Wall -W -Wno-unused -Wno-sign-compare -Wstrict-prototypes -O2 -fomit-frame-pointer
+ HOSTCXXFLAGS = -O2
+
+ # Decide whether to build built-in, modular, or both.
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/alpha/kernel/module.c linux-2.6.24-pax/arch/alpha/kernel/module.c
+--- linux-2.6.24/arch/alpha/kernel/module.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/alpha/kernel/module.c 2008-01-25 15:28:01.000000000 +0100
+@@ -176,7 +176,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
The following should definitely cover them. */
@@ -39,9 +42,9 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/alpha/kernel/osf_sys.c linux-2.6.22.6-pax/arch/alpha/kernel/osf_sys.c
---- linux-2.6.22.6/arch/alpha/kernel/osf_sys.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/alpha/kernel/osf_sys.c 2007-07-10 02:05:11.000000000 +0200
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/alpha/kernel/osf_sys.c linux-2.6.24-pax/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.24/arch/alpha/kernel/osf_sys.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/alpha/kernel/osf_sys.c 2008-01-25 15:28:01.000000000 +0100
@@ -1288,6 +1288,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
@@ -64,9 +67,9 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/alpha/mm/fault.c linux-2.6.22.6-pax/arch/alpha/mm/fault.c
---- linux-2.6.22.6/arch/alpha/mm/fault.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/alpha/mm/fault.c 2007-07-29 21:45:49.000000000 +0200
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/alpha/mm/fault.c linux-2.6.24-pax/arch/alpha/mm/fault.c
+--- linux-2.6.24/arch/alpha/mm/fault.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/alpha/mm/fault.c 2008-01-25 15:28:01.000000000 +0100
@@ -23,6 +23,7 @@
#include <linux/smp.h>
#include <linux/interrupt.h>
@@ -231,9 +234,9 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/arm/mm/mmap.c linux-2.6.22.6-pax/arch/arm/mm/mmap.c
---- linux-2.6.22.6/arch/arm/mm/mmap.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/arm/mm/mmap.c 2007-07-29 21:45:49.000000000 +0200
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/arm/mm/mmap.c linux-2.6.24-pax/arch/arm/mm/mmap.c
+--- linux-2.6.24/arch/arm/mm/mmap.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/arm/mm/mmap.c 2008-01-25 15:28:01.000000000 +0100
@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
@@ -270,9 +273,9 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/avr32/mm/fault.c linux-2.6.22.6-pax/arch/avr32/mm/fault.c
---- linux-2.6.22.6/arch/avr32/mm/fault.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/avr32/mm/fault.c 2007-07-29 21:45:49.000000000 +0200
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/avr32/mm/fault.c linux-2.6.24-pax/arch/avr32/mm/fault.c
+--- linux-2.6.24/arch/avr32/mm/fault.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/avr32/mm/fault.c 2008-01-25 15:28:01.000000000 +0100
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -297,7 +300,7 @@
/*
* This routine handles page faults. It determines the address and the
* problem, and then passes it off to one of the appropriate routines.
-@@ -158,6 +175,16 @@ bad_area:
+@@ -157,6 +174,16 @@ bad_area:
up_read(&mm->mmap_sem);
if (user_mode(regs)) {
@@ -314,10121 +317,11758 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/Kconfig linux-2.6.22.6-pax/arch/i386/Kconfig
---- linux-2.6.22.6/arch/i386/Kconfig 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/Kconfig 2007-07-10 02:05:11.000000000 +0200
-@@ -586,7 +586,7 @@ config PAGE_OFFSET
- hex
- default 0xB0000000 if VMSPLIT_3G_OPT
- default 0x80000000 if VMSPLIT_2G
-- default 0x78000000 if VMSPLIT_2G_OPT
-+ default 0x70000000 if VMSPLIT_2G_OPT
- default 0x40000000 if VMSPLIT_1G
- default 0xC0000000
-
-@@ -815,7 +815,7 @@ config CRASH_DUMP
-
- config PHYSICAL_START
- hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
-- default "0x100000"
-+ default "0x200000"
- help
- This gives the physical address where the kernel is loaded.
-
-@@ -900,7 +900,7 @@ config HOTPLUG_CPU
-
- config COMPAT_VDSO
- bool "Compat VDSO support"
-- default y
-+ default n
- help
- Map the VDSO to the predictable old-style address too.
- ---help---
-@@ -1076,7 +1076,7 @@ config PCI
- choice
- prompt "PCI access mode"
- depends on PCI && !X86_VISWS
-- default PCI_GOANY
-+ default PCI_GODIRECT
- ---help---
- On PCI systems, the BIOS can be used to detect the PCI devices and
- determine their configuration. However, some old PCI motherboards
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/Kconfig.cpu linux-2.6.22.6-pax/arch/i386/Kconfig.cpu
---- linux-2.6.22.6/arch/i386/Kconfig.cpu 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/Kconfig.cpu 2007-07-10 02:05:11.000000000 +0200
-@@ -274,7 +274,7 @@ config X86_PPRO_FENCE
-
- config X86_F00F_BUG
- bool
-- depends on M586MMX || M586TSC || M586 || M486 || M386
-+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
- default y
-
- config X86_WP_WORKS_OK
-@@ -304,7 +304,7 @@ config X86_CMPXCHG64
-
- config X86_ALIGNMENT_16
- bool
-- depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
-+ depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
- default y
-
- config X86_GOOD_APIC
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/Kconfig.debug linux-2.6.22.6-pax/arch/i386/Kconfig.debug
---- linux-2.6.22.6/arch/i386/Kconfig.debug 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/Kconfig.debug 2007-07-10 02:05:11.000000000 +0200
-@@ -48,7 +48,7 @@ config DEBUG_PAGEALLOC
-
- config DEBUG_RODATA
- bool "Write protect kernel read-only data structures"
-- depends on DEBUG_KERNEL
-+ depends on DEBUG_KERNEL && !PAX_KERNEXEC
- help
- Mark the kernel read-only data as write-protected in the pagetables,
- in order to catch accidental (and incorrect) writes to such const
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/boot/setup.S linux-2.6.22.6-pax/arch/i386/boot/setup.S
---- linux-2.6.22.6/arch/i386/boot/setup.S 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/boot/setup.S 2007-07-10 02:05:11.000000000 +0200
-@@ -893,11 +893,13 @@ startup_32:
- movl %eax, %gs
- movl %eax, %ss
-
-+ movl 0x00000000, %ecx
- xorl %eax, %eax
- 1: incl %eax # check that A20 really IS enabled
- movl %eax, 0x00000000 # loop forever if it isn't
- cmpl %eax, 0x00100000
- je 1b
-+ movl %ecx, 0x00000000
-
- # Jump to the 32bit entry point
- jmpl *(code32_start - start + (DELTA_INITSEG << 4))(%esi)
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/boot/video.S linux-2.6.22.6-pax/arch/i386/boot/video.S
---- linux-2.6.22.6/arch/i386/boot/video.S 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/boot/video.S 2007-08-19 17:23:53.000000000 +0200
-@@ -96,6 +96,7 @@
- #define PARAM_LFB_PAGES 0x32
- #define PARAM_VESA_ATTRIB 0x34
- #define PARAM_CAPABILITIES 0x36
-+#define PARAM_VESAPM_SIZE 0x3a
-
- /* Define DO_STORE according to CONFIG_VIDEO_RETAIN */
- #ifdef CONFIG_VIDEO_RETAIN
-@@ -280,6 +281,7 @@ dac_done:
-
- movw %es, %fs:(PARAM_VESAPM_SEG)
- movw %di, %fs:(PARAM_VESAPM_OFF)
-+ movw %cx, %fs:(PARAM_VESAPM_SIZE)
- no_pm: ret
-
- # The video mode menu
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/kernel/acpi/boot.c linux-2.6.22.6-pax/arch/i386/kernel/acpi/boot.c
---- linux-2.6.22.6/arch/i386/kernel/acpi/boot.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/kernel/acpi/boot.c 2007-07-10 02:05:11.000000000 +0200
-@@ -1095,7 +1095,7 @@ static struct dmi_system_id __initdata a
- DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
- },
- },
-- {}
-+ { NULL, NULL, {{0, NULL}}, NULL}
- };
-
- #endif /* __i386__ */
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/kernel/acpi/sleep.c linux-2.6.22.6-pax/arch/i386/kernel/acpi/sleep.c
---- linux-2.6.22.6/arch/i386/kernel/acpi/sleep.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/kernel/acpi/sleep.c 2007-07-10 02:05:11.000000000 +0200
-@@ -94,7 +94,7 @@ static __initdata struct dmi_system_id a
- DMI_MATCH(DMI_PRODUCT_NAME, "S4030CDT/4.3"),
- },
- },
-- {}
-+ { NULL, NULL, {{0, NULL}}, NULL}
- };
-
- static int __init acpisleep_dmi_init(void)
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/kernel/acpi/wakeup.S linux-2.6.22.6-pax/arch/i386/kernel/acpi/wakeup.S
---- linux-2.6.22.6/arch/i386/kernel/acpi/wakeup.S 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/kernel/acpi/wakeup.S 2007-07-10 02:05:11.000000000 +0200
-@@ -2,6 +2,7 @@
- #include <linux/linkage.h>
- #include <asm/segment.h>
- #include <asm/page.h>
-+#include <asm/msr-index.h>
-
- #
- # wakeup_code runs in real mode, and at unknown address (determined at run-time).
-@@ -64,7 +65,7 @@ wakeup_code:
- # restore efer setting
- movl real_save_efer_edx - wakeup_code, %edx
- movl real_save_efer_eax - wakeup_code, %eax
-- mov $0xc0000080, %ecx
-+ mov $MSR_EFER, %ecx
- wrmsr
- 4:
- # make sure %cr4 is set correctly (features, etc)
-@@ -205,13 +206,11 @@ wakeup_pmode_return:
- # and restore the stack ... but you need gdt for this to work
- movl saved_context_esp, %esp
-
-- movl %cs:saved_magic, %eax
-- cmpl $0x12345678, %eax
-+ cmpl $0x12345678, saved_magic
- jne bogus_magic
-
- # jump to place where we left off
-- movl saved_eip,%eax
-- jmp *%eax
-+ jmp *(saved_eip)
-
- bogus_magic:
- movw $0x0e00 + 'B', 0xb8018
-@@ -243,7 +242,7 @@ ENTRY(acpi_copy_wakeup_routine)
- # save efer setting
- pushl %eax
- movl %eax, %ebx
-- mov $0xc0000080, %ecx
-+ mov $MSR_EFER, %ecx
- rdmsr
- movl %edx, real_save_efer_edx - wakeup_start (%ebx)
- movl %eax, real_save_efer_eax - wakeup_start (%ebx)
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/kernel/alternative.c linux-2.6.22.6-pax/arch/i386/kernel/alternative.c
---- linux-2.6.22.6/arch/i386/kernel/alternative.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/kernel/alternative.c 2007-08-11 22:49:55.000000000 +0200
-@@ -4,6 +4,7 @@
- #include <linux/list.h>
- #include <asm/alternative.h>
- #include <asm/sections.h>
-+#include <asm/desc.h>
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/ia64/ia32/binfmt_elf32.c linux-2.6.24-pax/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.24/arch/ia64/ia32/binfmt_elf32.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/ia64/ia32/binfmt_elf32.c 2008-01-25 15:28:01.000000000 +0100
+@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
- static int noreplace_smp = 0;
- static int smp_alt_once = 0;
-@@ -165,12 +166,18 @@ void apply_alternatives(struct alt_instr
- u8 *instr;
- int diff;
+ #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+
-+ pax_open_kernel(cr0);
-+#endif
-+
- DPRINTK("%s: alt table %p -> %p\n", __FUNCTION__, start, end);
- for (a = start; a < end; a++) {
- BUG_ON(a->replacementlen > a->instrlen);
- if (!boot_cpu_has(a->cpuid))
- continue;
-- instr = a->instr;
-+ instr = a->instr + __KERNEL_TEXT_OFFSET;
- #ifdef CONFIG_X86_64
- /* vsyscall code is not mapped yet. resolve it manually. */
- if (instr >= (u8 *)VSYSCALL_START && instr < (u8*)VSYSCALL_END) {
-@@ -183,6 +190,11 @@ void apply_alternatives(struct alt_instr
- diff = a->instrlen - a->replacementlen;
- nop_out(instr + a->replacementlen, diff);
- }
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
++#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
+#endif
+
- }
+ /* Ugly but avoids duplication */
+ #include "../../../fs/binfmt_elf.c"
- #ifdef CONFIG_SMP
-@@ -191,29 +203,53 @@ static void alternatives_smp_lock(u8 **s
- {
- u8 **ptr;
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/ia64/ia32/ia32priv.h linux-2.6.24-pax/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.24/arch/ia64/ia32/ia32priv.h 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/ia64/ia32/ia32priv.h 2008-01-25 15:28:01.000000000 +0100
+@@ -303,7 +303,14 @@ struct old_linux32_dirent {
+ #define ELF_DATA ELFDATA2LSB
+ #define ELF_ARCH EM_386
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+
-+ pax_open_kernel(cr0);
+-#define IA32_STACK_TOP IA32_PAGE_OFFSET
++#ifdef CONFIG_PAX_RANDUSTACK
++#define __IA32_DELTA_STACK (current->mm->delta_stack)
++#else
++#define __IA32_DELTA_STACK 0UL
+#endif
+
- for (ptr = start; ptr < end; ptr++) {
- if (*ptr < text)
- continue;
- if (*ptr > text_end)
- continue;
-- **ptr = 0xf0; /* lock prefix */
-- };
-+ *(*ptr + __KERNEL_TEXT_OFFSET) = 0xf0; /* lock prefix */
-+ }
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
-+#endif
++#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
+
- }
+ #define IA32_GATE_OFFSET IA32_PAGE_OFFSET
+ #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
- static void alternatives_smp_unlock(u8 **start, u8 **end, u8 *text, u8 *text_end)
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/ia64/kernel/module.c linux-2.6.24-pax/arch/ia64/kernel/module.c
+--- linux-2.6.24/arch/ia64/kernel/module.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/ia64/kernel/module.c 2008-01-25 15:28:01.000000000 +0100
+@@ -321,7 +321,7 @@ module_alloc (unsigned long size)
+ void
+ module_free (struct module *mod, void *module_region)
{
- u8 **ptr;
+- if (mod->arch.init_unw_table && module_region == mod->module_init) {
++ if (mod->arch.init_unw_table && module_region == mod->module_init_rx) {
+ unw_remove_unwind_table(mod->arch.init_unw_table);
+ mod->arch.init_unw_table = NULL;
+ }
+@@ -499,15 +499,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
+ }
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+#endif
+ static inline int
++in_init_rx (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
++}
+
- if (noreplace_smp)
- return;
-
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_open_kernel(cr0);
-+#endif
++static inline int
++in_init_rw (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
++}
+
- for (ptr = start; ptr < end; ptr++) {
- if (*ptr < text)
- continue;
- if (*ptr > text_end)
- continue;
-- nop_out(*ptr, 1);
-- };
-+ nop_out(*ptr + __KERNEL_TEXT_OFFSET, 1);
-+ }
++static inline int
+ in_init (const struct module *mod, uint64_t addr)
+ {
+- return addr - (uint64_t) mod->module_init < mod->init_size;
++ return in_init_rx(mod, value) || in_init_rw(mod, value);
++}
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
-+#endif
++static inline int
++in_core_rx (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
++}
+
++static inline int
++in_core_rw (const struct module *mod, uint64_t addr)
++{
++ return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
}
- struct smp_alt_module {
-@@ -340,21 +376,34 @@ void apply_paravirt(struct paravirt_patc
+ static inline int
+ in_core (const struct module *mod, uint64_t addr)
{
- struct paravirt_patch_site *p;
-
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+#endif
-+
- if (noreplace_paravirt)
- return;
+- return addr - (uint64_t) mod->module_core < mod->core_size;
++ return in_core_rx(mod, value) || in_core_rw(mod, value);
+ }
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_open_kernel(cr0);
-+#endif
-+
- for (p = start; p < end; p++) {
- unsigned int used;
-+ u8 *instr = p->instr + __KERNEL_TEXT_OFFSET;
-
-- used = paravirt_ops.patch(p->instrtype, p->clobbers, p->instr,
-+ used = paravirt_ops.patch(p->instrtype, p->clobbers, instr,
- p->len);
-
- BUG_ON(used > p->len);
-
- /* Pad the rest with nops */
-- nop_out(p->instr + used, p->len - used);
-+ nop_out(instr + used, p->len - used);
- }
+ static inline int
+@@ -691,7 +715,14 @@ do_reloc (struct module *mod, uint8_t r_
+ break;
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
-+#endif
-+
- /* Sync to be conservative, in case we patched following
- * instructions */
- sync_core();
-diff -NurpX linux-2.6.22.6-pax/Documentation/dontdiff linux-2.6.22.6/arch/i386/kernel/apm.c linux-2.6.22.6-pax/arch/i386/kernel/apm.c
---- linux-2.6.22.6/arch/i386/kernel/apm.c 2007-07-09 01:32:17.000000000 +0200
-+++ linux-2.6.22.6-pax/arch/i386/kernel/apm.c 2007-07-10 02:05:11.000000000 +0200
-@@ -600,9 +600,18 @@ static u8 apm_bios_call(u32 func, u32 eb
- struct desc_struct save_desc_40;
- struct desc_struct *gdt;
+ case RV_BDREL:
+- val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
++ if (in_init_rx(mod, val))
++ val -= (uint64_t) mod->module_init_rx;
++ else if (in_init_rw(mod, val))
++ val -= (uint64_t) mod->module_init_rw;
++ else if (in_core_rx(mod, val))
++ val -= (uint64_t) mod->module_core_rx;
++ else if (in_core_rw(mod, val))
++ val -= (uint64_t) mod->module_core_rw;
+ break;
-+#ifdef CONFIG_PAX_KERNEXEC
-+ unsigned long cr0;
-+#endif
-+
- cpus = apm_save_cpus();
-
- cpu = get_cpu();
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_open_kernel(cr0);
-+#endif
-+
- gdt = get_cpu_gdt_table(cpu);
- save_desc_40 = gdt[0x40 / 8];
- gdt[0x40 / 8] = bad_bios_desc;
-@@ -613,6 +622,11 @@ static u8 apm_bios_call(u32 func, u32 eb
- APM_DO_RESTORE_SEGS;
- apm_irq_restore(flags);
- gdt[0x40 / 8] = save_desc_40;
+ case RV_LTV:
+@@ -825,15 +856,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
+ * addresses have been selected...
+ */
+ uint64_t gp;
+- if (mod->core_size > MAX_LTOFF)
++ if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
+ /*
+ * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
+ * at the end of the module.
+ */
+- gp = mod->core_size - MAX_LTOFF / 2;
++ gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
+ else
+- gp = mod->core_size / 2;
+- gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
++ gp = (mod->core_size_rx + mod->core_size_rw) / 2;
++ gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
+ mod->arch.gp = gp;
+ DEBUGP("%s: placing gp at 0x%lx\n", __FUNCTION__, gp);
+ }
+diff -NurpX linux-2.6.24-pax/Documentation/dontdiff linux-2.6.24/arch/ia64/kernel/sys_ia64.c linux-2.6.24-pax/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.24/arch/ia64/kernel/sys_ia64.c 2008-01-24 23:58:37.000000000 +0100
++++ linux-2.6.24-pax/arch/ia64/kernel/sys_ia64.c 2008-01-25 15:28:01.000000000 +0100
+@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
+ if (REGION_NUMBER(addr) == RGN_HPAGE)
+ addr = 0;
+ #endif
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ pax_close_kernel(cr0);
++#ifdef CONFIG_PAX_RANDMMAP
++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp)
++ addr = mm->free_area_cache;
++ else
+#endif
+
- put_cpu();
- apm_restore_cpus(cpus);
-
-@@ -643,9 +657,18 @@ static u8 apm_bios_call_simple(u32 func,
- struct desc_struct save_desc_40;
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-pax.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
More information about the pld-cvs-commit
mailing list