SOURCES (Titanium): linux-2.6-grsecurity.patch - http://grsecurity...

hawk hawk at pld-linux.org
Thu Feb 28 13:16:09 CET 2008


Author: hawk                         Date: Thu Feb 28 12:16:09 2008 GMT
Module: SOURCES                       Tag: Titanium
---- Log message:
- http://grsecurity.net/~spender/grsecurity-2.1.11-2.6.24.2-200802192340.patch
  with localversion killed

---- Files affected:
SOURCES:
   linux-2.6-grsecurity.patch (1.1.2.3 -> 1.1.2.4) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsecurity.patch
diff -u SOURCES/linux-2.6-grsecurity.patch:1.1.2.3 SOURCES/linux-2.6-grsecurity.patch:1.1.2.4
--- SOURCES/linux-2.6-grsecurity.patch:1.1.2.3	Sat Feb  9 00:35:12 2008
+++ SOURCES/linux-2.6-grsecurity.patch	Thu Feb 28 13:16:04 2008
@@ -1,6 +1,6 @@
-diff -urNp linux-2.6.23.9/arch/alpha/kernel/module.c linux-2.6.23.9/arch/alpha/kernel/module.c
---- linux-2.6.23.9/arch/alpha/kernel/module.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/kernel/module.c	2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/module.c linux-2.6.24.2/arch/alpha/kernel/module.c
+--- linux-2.6.24.2/arch/alpha/kernel/module.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/module.c	2008-02-13 18:27:54.000000000 -0500
 @@ -176,7 +176,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, 
  
  	/* The small sections were sorted to the end of the segment.
@@ -10,9 +10,9 @@
  	got = sechdrs[me->arch.gotsecindex].sh_addr;
  
  	for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.23.9/arch/alpha/kernel/osf_sys.c linux-2.6.23.9/arch/alpha/kernel/osf_sys.c
---- linux-2.6.23.9/arch/alpha/kernel/osf_sys.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/kernel/osf_sys.c	2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/osf_sys.c linux-2.6.24.2/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.24.2/arch/alpha/kernel/osf_sys.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/osf_sys.c	2008-02-13 18:27:54.000000000 -0500
 @@ -1288,6 +1288,10 @@ arch_get_unmapped_area(struct file *filp
  	   merely specific addresses, but regions of memory -- perhaps
  	   this feature should be incorporated into all ports?  */
@@ -35,9 +35,9 @@
  	if (addr != (unsigned long) -ENOMEM)
  		return addr;
  
-diff -urNp linux-2.6.23.9/arch/alpha/kernel/ptrace.c linux-2.6.23.9/arch/alpha/kernel/ptrace.c
---- linux-2.6.23.9/arch/alpha/kernel/ptrace.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/kernel/ptrace.c	2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/alpha/kernel/ptrace.c linux-2.6.24.2/arch/alpha/kernel/ptrace.c
+--- linux-2.6.24.2/arch/alpha/kernel/ptrace.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/kernel/ptrace.c	2008-02-13 18:27:54.000000000 -0500
 @@ -15,6 +15,7 @@
  #include <linux/slab.h>
  #include <linux/security.h>
@@ -46,21 +46,19 @@
  
  #include <asm/uaccess.h>
  #include <asm/pgtable.h>
-@@ -283,6 +284,11 @@ do_sys_ptrace(long request, long pid, lo
- 		goto out_notsk;
- 	}
+@@ -266,6 +267,9 @@ long arch_ptrace(struct task_struct *chi
+ 	size_t copied;
+ 	long ret;
  
-+	if (gr_handle_ptrace(child, request)) {
-+		ret = -EPERM;
-+		goto out;
-+	}
++	if (gr_handle_ptrace(child, request))
++		return -EPERM;
 +
- 	if (request == PTRACE_ATTACH) {
- 		ret = ptrace_attach(child);
- 		goto out;
-diff -urNp linux-2.6.23.9/arch/alpha/mm/fault.c linux-2.6.23.9/arch/alpha/mm/fault.c
---- linux-2.6.23.9/arch/alpha/mm/fault.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/alpha/mm/fault.c	2007-12-03 10:05:50.000000000 -0500
+ 	switch (request) {
+ 	/* When I and D space are separate, these will need to be fixed.  */
+ 	case PTRACE_PEEKTEXT: /* read word at location addr. */
+diff -urNp linux-2.6.24.2/arch/alpha/mm/fault.c linux-2.6.24.2/arch/alpha/mm/fault.c
+--- linux-2.6.24.2/arch/alpha/mm/fault.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/alpha/mm/fault.c	2008-02-13 18:27:54.000000000 -0500
 @@ -23,6 +23,7 @@
  #include <linux/smp.h>
  #include <linux/interrupt.h>
@@ -225,9 +223,9 @@
  	} else if (!cause) {
  		/* Allow reads even for write-only mappings */
  		if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.23.9/arch/arm/mm/mmap.c linux-2.6.23.9/arch/arm/mm/mmap.c
---- linux-2.6.23.9/arch/arm/mm/mmap.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/arm/mm/mmap.c	2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/arm/mm/mmap.c linux-2.6.24.2/arch/arm/mm/mmap.c
+--- linux-2.6.24.2/arch/arm/mm/mmap.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/arm/mm/mmap.c	2008-02-13 18:27:54.000000000 -0500
 @@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
  	if (len > TASK_SIZE)
  		return -ENOMEM;
@@ -264,9 +262,9 @@
  				mm->cached_hole_size = 0;
  				goto full_search;
  			}
-diff -urNp linux-2.6.23.9/arch/avr32/mm/fault.c linux-2.6.23.9/arch/avr32/mm/fault.c
---- linux-2.6.23.9/arch/avr32/mm/fault.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/avr32/mm/fault.c	2007-12-03 10:05:50.000000000 -0500
+diff -urNp linux-2.6.24.2/arch/avr32/mm/fault.c linux-2.6.24.2/arch/avr32/mm/fault.c
+--- linux-2.6.24.2/arch/avr32/mm/fault.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/avr32/mm/fault.c	2008-02-13 18:27:54.000000000 -0500
 @@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
  
  int exception_trace = 1;
@@ -308,10526 +306,11369 @@
  		if (exception_trace && printk_ratelimit())
  			printk("%s%s[%d]: segfault at %08lx pc %08lx "
  			       "sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.23.9/arch/i386/boot/bitops.h linux-2.6.23.9/arch/i386/boot/bitops.h
---- linux-2.6.23.9/arch/i386/boot/bitops.h	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/bitops.h	2007-12-03 10:05:50.000000000 -0500
-@@ -28,7 +28,7 @@ static inline int variable_test_bit(int 
- 	u8 v;
- 	const u32 *p = (const u32 *)addr;
+diff -urNp linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/ia32/binfmt_elf32.c	2008-02-13 18:27:54.000000000 -0500
+@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
  
--	asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
-+	asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
- 	return v;
- }
+ #define elf_read_implies_exec(ex, have_pt_gnu_stack)	(!(have_pt_gnu_stack))
  
-@@ -39,7 +39,7 @@ static inline int variable_test_bit(int 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#endif
++
+ /* Ugly but avoids duplication */
+ #include "../../../fs/binfmt_elf.c"
  
- static inline void set_bit(int nr, void *addr)
+diff -urNp linux-2.6.24.2/arch/ia64/ia32/ia32priv.h linux-2.6.24.2/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.24.2/arch/ia64/ia32/ia32priv.h	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/ia32/ia32priv.h	2008-02-13 18:27:54.000000000 -0500
+@@ -303,7 +303,14 @@ struct old_linux32_dirent {
+ #define ELF_DATA	ELFDATA2LSB
+ #define ELF_ARCH	EM_386
+ 
+-#define IA32_STACK_TOP		IA32_PAGE_OFFSET
++#ifdef CONFIG_PAX_RANDUSTACK
++#define __IA32_DELTA_STACK	(current->mm->delta_stack)
++#else
++#define __IA32_DELTA_STACK	0UL
++#endif
++
++#define IA32_STACK_TOP		(IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
++
+ #define IA32_GATE_OFFSET	IA32_PAGE_OFFSET
+ #define IA32_GATE_END		IA32_PAGE_OFFSET + PAGE_SIZE
+ 
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/module.c linux-2.6.24.2/arch/ia64/kernel/module.c
+--- linux-2.6.24.2/arch/ia64/kernel/module.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/module.c	2008-02-13 18:27:54.000000000 -0500
+@@ -321,7 +321,7 @@ module_alloc (unsigned long size)
+ void
+ module_free (struct module *mod, void *module_region)
  {
--	asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
-+	asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
+-	if (mod->arch.init_unw_table && module_region == mod->module_init) {
++	if (mod->arch.init_unw_table && module_region == mod->module_init_rx) {
+ 		unw_remove_unwind_table(mod->arch.init_unw_table);
+ 		mod->arch.init_unw_table = NULL;
+ 	}
+@@ -499,15 +499,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
  }
  
- #endif /* BOOT_BITOPS_H */
-diff -urNp linux-2.6.23.9/arch/i386/boot/boot.h linux-2.6.23.9/arch/i386/boot/boot.h
---- linux-2.6.23.9/arch/i386/boot/boot.h	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/boot.h	2007-12-03 10:05:50.000000000 -0500
-@@ -78,7 +78,7 @@ static inline void io_delay(void)
- static inline u16 ds(void)
+ static inline int
++in_init_rx (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
++}
++
++static inline int
++in_init_rw (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
++}
++
++static inline int
+ in_init (const struct module *mod, uint64_t addr)
  {
- 	u16 seg;
--	asm("movw %%ds,%0" : "=rm" (seg));
-+	asm volatile("movw %%ds,%0" : "=rm" (seg));
- 	return seg;
+-	return addr - (uint64_t) mod->module_init < mod->init_size;
++	return in_init_rx(mod, value) || in_init_rw(mod, value);
++}
++
++static inline int
++in_core_rx (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
++}
++
++static inline int
++in_core_rw (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
  }
  
-@@ -174,7 +174,7 @@ static inline void wrgs32(u32 v, addr_t 
- static inline int memcmp(const void *s1, const void *s2, size_t len)
+ static inline int
+ in_core (const struct module *mod, uint64_t addr)
  {
- 	u8 diff;
--	asm("repe; cmpsb; setnz %0"
-+	asm volatile("repe; cmpsb; setnz %0"
- 	    : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
- 	return diff;
+-	return addr - (uint64_t) mod->module_core < mod->core_size;
++	return in_core_rx(mod, addr) || in_core_rw(mod, addr);
  }
-diff -urNp linux-2.6.23.9/arch/i386/boot/compressed/head.S linux-2.6.23.9/arch/i386/boot/compressed/head.S
---- linux-2.6.23.9/arch/i386/boot/compressed/head.S	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/compressed/head.S	2007-12-03 10:05:50.000000000 -0500
-@@ -159,9 +159,8 @@ relocated:
-  */
  
- 1:	subl $4, %edi
--	movl 0(%edi), %ecx
--	testl %ecx, %ecx
--	jz 2f
-+	movl (%edi), %ecx
-+	jecxz 2f
- 	addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
- 	jmp 1b
- 2:
-diff -urNp linux-2.6.23.9/arch/i386/boot/compressed/relocs.c linux-2.6.23.9/arch/i386/boot/compressed/relocs.c
---- linux-2.6.23.9/arch/i386/boot/compressed/relocs.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/compressed/relocs.c	2007-12-03 10:05:50.000000000 -0500
-@@ -10,9 +10,13 @@
- #define USE_BSD
- #include <endian.h>
+ static inline int
+@@ -691,7 +715,14 @@ do_reloc (struct module *mod, uint8_t r_
+ 		break;
  
-+#include "../../../../include/linux/autoconf.h"
-+
-+#define MAX_PHDRS 100
- #define MAX_SHDRS 100
- #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
- static Elf32_Ehdr ehdr;
-+static Elf32_Phdr phdr[MAX_PHDRS];
- static Elf32_Shdr shdr[MAX_SHDRS];
- static Elf32_Sym  *symtab[MAX_SHDRS];
- static Elf32_Rel  *reltab[MAX_SHDRS];
-@@ -246,6 +250,34 @@ static void read_ehdr(FILE *fp)
+ 	      case RV_BDREL:
+-		val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
++		if (in_init_rx(mod, val))
++			val -= (uint64_t) mod->module_init_rx;
++		else if (in_init_rw(mod, val))
++			val -= (uint64_t) mod->module_init_rw;
++		else if (in_core_rx(mod, val))
++			val -= (uint64_t) mod->module_core_rx;
++		else if (in_core_rw(mod, val))
++			val -= (uint64_t) mod->module_core_rw;
+ 		break;
+ 
+ 	      case RV_LTV:
+@@ -825,15 +856,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
+ 		 *     addresses have been selected...
+ 		 */
+ 		uint64_t gp;
+-		if (mod->core_size > MAX_LTOFF)
++		if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
+ 			/*
+ 			 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
+ 			 * at the end of the module.
+ 			 */
+-			gp = mod->core_size - MAX_LTOFF / 2;
++			gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
+ 		else
+-			gp = mod->core_size / 2;
+-		gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
++			gp = (mod->core_size_rx + mod->core_size_rw) / 2;
++		gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
+ 		mod->arch.gp = gp;
+ 		DEBUGP("%s: placing gp at 0x%lx\n", __FUNCTION__, gp);
  	}
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/ptrace.c linux-2.6.24.2/arch/ia64/kernel/ptrace.c
+--- linux-2.6.24.2/arch/ia64/kernel/ptrace.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/ptrace.c	2008-02-13 18:27:54.000000000 -0500
+@@ -17,6 +17,7 @@
+ #include <linux/security.h>
+ #include <linux/audit.h>
+ #include <linux/signal.h>
++#include <linux/grsecurity.h>
+ 
+ #include <asm/pgtable.h>
+ #include <asm/processor.h>
+@@ -1451,6 +1452,9 @@ sys_ptrace (long request, pid_t pid, uns
+ 	if (pid == 1)		/* no messing around with init! */
+ 		goto out_tsk;
+ 
++	if (gr_handle_ptrace(child, request))
++		goto out_tsk;
++
+ 	if (request == PTRACE_ATTACH) {
+ 		ret = ptrace_attach(child);
+ 		goto out_tsk;
+diff -urNp linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/kernel/sys_ia64.c	2008-02-13 18:27:54.000000000 -0500
+@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
+ 	if (REGION_NUMBER(addr) == RGN_HPAGE)
+ 		addr = 0;
+ #endif
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp)
++		addr = mm->free_area_cache;
++	else
++#endif
++
+ 	if (!addr)
+ 		addr = mm->free_area_cache;
+ 
+@@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
+ 	for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
+ 		/* At this point:  (!vma || addr < vma->vm_end). */
+ 		if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
+-			if (start_addr != TASK_UNMAPPED_BASE) {
++			if (start_addr != mm->mmap_base) {
+ 				/* Start a new search --- just in case we missed some holes.  */
+-				addr = TASK_UNMAPPED_BASE;
++				addr = mm->mmap_base;
+ 				goto full_search;
+ 			}
+ 			return -ENOMEM;
+diff -urNp linux-2.6.24.2/arch/ia64/mm/fault.c linux-2.6.24.2/arch/ia64/mm/fault.c
+--- linux-2.6.24.2/arch/ia64/mm/fault.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/mm/fault.c	2008-02-13 18:27:54.000000000 -0500
+@@ -10,6 +10,7 @@
+ #include <linux/interrupt.h>
+ #include <linux/kprobes.h>
+ #include <linux/kdebug.h>
++#include <linux/binfmts.h>
+ 
+ #include <asm/pgtable.h>
+ #include <asm/processor.h>
+@@ -72,6 +73,23 @@ mapped_kernel_page_is_present (unsigned 
+ 	return pte_present(pte);
  }
  
-+static void read_phdrs(FILE *fp)
++#ifdef CONFIG_PAX_PAGEEXEC
++void pax_report_insns(void *pc, void *sp)
 +{
-+	int i;
-+	if (ehdr.e_phnum > MAX_PHDRS) {
-+		die("%d program headers supported: %d\n",
-+			ehdr.e_phnum, MAX_PHDRS);
-+	}
-+	if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
-+		die("Seek to %d failed: %s\n",
-+			ehdr.e_phoff, strerror(errno));
-+	}
-+	if (fread(&phdr, sizeof(phdr[0]), ehdr.e_phnum, fp) != ehdr.e_phnum) {
-+		die("Cannot read ELF program headers: %s\n",
-+			strerror(errno));
-+	}
-+	for(i = 0; i < ehdr.e_phnum; i++) {
-+		phdr[i].p_type      = elf32_to_cpu(phdr[i].p_type);
-+		phdr[i].p_offset    = elf32_to_cpu(phdr[i].p_offset);
-+		phdr[i].p_vaddr     = elf32_to_cpu(phdr[i].p_vaddr);
-+		phdr[i].p_paddr     = elf32_to_cpu(phdr[i].p_paddr);
-+		phdr[i].p_filesz    = elf32_to_cpu(phdr[i].p_filesz);
-+		phdr[i].p_memsz     = elf32_to_cpu(phdr[i].p_memsz);
-+		phdr[i].p_flags     = elf32_to_cpu(phdr[i].p_flags);
-+		phdr[i].p_align     = elf32_to_cpu(phdr[i].p_align);
-+	}
++	unsigned long i;
 +
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 8; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk("???????? ");
++		else
++			printk("%08x ", c);
++	}
++	printk("\n");
 +}
++#endif
 +
- static void read_shdrs(FILE *fp)
- {
- 	int i;
-@@ -332,6 +364,8 @@ static void read_symtabs(FILE *fp)
- static void read_relocs(FILE *fp)
+ void __kprobes
+ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
  {
- 	int i,j;
-+	uint32_t base;
+@@ -145,9 +163,23 @@ ia64_do_page_fault (unsigned long addres
+ 	mask = (  (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
+ 		| (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
+ 
+-	if ((vma->vm_flags & mask) != mask)
++	if ((vma->vm_flags & mask) != mask) {
 +
- 	for(i = 0; i < ehdr.e_shnum; i++) {
- 		if (shdr[i].sh_type != SHT_REL) {
- 			continue;
-@@ -349,8 +383,17 @@ static void read_relocs(FILE *fp)
- 			die("Cannot read symbol table: %s\n",
- 				strerror(errno));
- 		}
-+		base = 0;
-+		for (j = 0; j < ehdr.e_phnum; j++) {
-+			if (phdr[j].p_type != PT_LOAD )
-+				continue;
-+			if (shdr[shdr[i].sh_info].sh_offset < phdr[j].p_offset || shdr[shdr[i].sh_info].sh_offset > phdr[j].p_offset + phdr[j].p_filesz)
-+				continue;
-+			base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
-+			break;
++#ifdef CONFIG_PAX_PAGEEXEC
++		if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
++			if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
++				goto bad_area;
++
++			up_read(&mm->mmap_sem);
++			pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
++			do_exit(SIGKILL);
 +		}
- 		for(j = 0; j < shdr[i].sh_size/sizeof(reltab[0][0]); j++) {
--			reltab[i][j].r_offset = elf32_to_cpu(reltab[i][j].r_offset);
-+			reltab[i][j].r_offset = elf32_to_cpu(reltab[i][j].r_offset) + base;
- 			reltab[i][j].r_info   = elf32_to_cpu(reltab[i][j].r_info);
- 		}
- 	}
-@@ -487,6 +530,27 @@ static void walk_relocs(void (*visit)(El
- 			if (sym->st_shndx == SHN_ABS) {
- 				continue;
- 			}
-+			/* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
-+			if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strncmp(sym_name(sym_strtab, sym), "__per_cpu_", 10)) {
-+				continue;
-+			}
-+#ifdef CONFIG_PAX_KERNEXEC
-+			/* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
-+			if (!strcmp(sec_name(sym->st_shndx), ".init.text")) {
-+				continue;
-+			}
-+			if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) {
-+				continue;
-+			}
-+			if (!strcmp(sec_name(sym->st_shndx), ".text.head"))
-+				if (strcmp(sym_name(sym_strtab, sym), "__init_end") &&
-+				    strcmp(sym_name(sym_strtab, sym), "KERNEL_TEXT_OFFSET")) {
-+				continue;
-+			}
-+			if (!strcmp(sec_name(sym->st_shndx), ".text")) {
-+				continue;
-+			}
 +#endif
- 			if (r_type == R_386_PC32) {
- 				/* PC relative relocations don't need to be adjusted */
- 			}
-@@ -614,6 +678,7 @@ int main(int argc, char **argv)
- 			fname, strerror(errno));
- 	}
- 	read_ehdr(fp);
-+	read_phdrs(fp);
- 	read_shdrs(fp);
- 	read_strtabs(fp);
- 	read_symtabs(fp);
-diff -urNp linux-2.6.23.9/arch/i386/boot/cpucheck.c linux-2.6.23.9/arch/i386/boot/cpucheck.c
---- linux-2.6.23.9/arch/i386/boot/cpucheck.c	2007-11-26 12:51:43.000000000 -0500
-+++ linux-2.6.23.9/arch/i386/boot/cpucheck.c	2007-12-03 10:05:50.000000000 -0500
-@@ -90,7 +90,7 @@ static int has_fpu(void)
- 	u16 fcw = -1, fsw = -1;
- 	u32 cr0;
++
+ 		goto bad_area;
  
--	asm("movl %%cr0,%0" : "=r" (cr0));
-+	asm volatile("movl %%cr0,%0" : "=r" (cr0));
- 	if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
- 		cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
- 		asm volatile("movl %0,%%cr0" : : "r" (cr0));
-@@ -106,7 +106,7 @@ static int has_eflag(u32 mask)
- {
- 	u32 f0, f1;
++	}
++
+   survive:
+ 	/*
+ 	 * If for any reason at all we couldn't handle the fault, make
+diff -urNp linux-2.6.24.2/arch/ia64/mm/init.c linux-2.6.24.2/arch/ia64/mm/init.c
+--- linux-2.6.24.2/arch/ia64/mm/init.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/ia64/mm/init.c	2008-02-13 18:27:54.000000000 -0500
+@@ -20,8 +20,8 @@
+ #include <linux/proc_fs.h>
+ #include <linux/bitops.h>
+ #include <linux/kexec.h>
++#include <linux/a.out.h>
  
--	asm("pushfl ; "
-+	asm volatile("pushfl ; "
- 	    "pushfl ; "
- 	    "popl %0 ; "
- 	    "movl %0,%1 ; "
-@@ -131,7 +131,7 @@ static void get_flags(void)
- 		set_bit(X86_FEATURE_FPU, cpu.flags);
+-#include <asm/a.out.h>
+ #include <asm/dma.h>
+ #include <asm/ia32.h>
+ #include <asm/io.h>
+@@ -128,6 +128,19 @@ ia64_init_addr_space (void)
+ 		vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
+ 		vma->vm_end = vma->vm_start + PAGE_SIZE;
+ 		vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
++			vm->vm_flags &= ~VM_EXEC;
++
++#ifdef CONFIG_PAX_MPROTECT
++			if (current->mm->pax_flags & MF_PAX_MPROTECT)
++				vma->vm_flags &= ~VM_MAYEXEC;
++#endif
++
++		}
++#endif
++
+ 		vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+ 		down_write(&current->mm->mmap_sem);
+ 		if (insert_vm_struct(current->mm, vma)) {
+diff -urNp linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c
+--- linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/mips/kernel/binfmt_elfn32.c	2008-02-13 18:27:54.000000000 -0500
+@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ #undef ELF_ET_DYN_BASE
+ #define ELF_ET_DYN_BASE         (TASK32_SIZE / 3 * 2)
  
- 	if (has_eflag(X86_EFLAGS_ID)) {
--		asm("cpuid"
-+		asm volatile("cpuid"
- 		    : "=a" (max_intel_level),
- 		      "=b" (cpu_vendor[0]),
- 		      "=d" (cpu_vendor[1]),
-@@ -140,7 +140,7 @@ static void get_flags(void)
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN	((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN	((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #include <asm/processor.h>
+ #include <linux/module.h>
+ #include <linux/elfcore.h>
+diff -urNp linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c
+--- linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/mips/kernel/binfmt_elfo32.c	2008-02-13 18:27:54.000000000 -0500
+@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ #undef ELF_ET_DYN_BASE
+ #define ELF_ET_DYN_BASE         (TASK32_SIZE / 3 * 2)
  
- 		if (max_intel_level >= 0x00000001 &&
- 		    max_intel_level <= 0x0000ffff) {
--			asm("cpuid"
-+			asm volatile("cpuid"
- 			    : "=a" (tfms),
- 			      "=c" (cpu.flags[4]),
- 			      "=d" (cpu.flags[0])
-@@ -152,7 +152,7 @@ static void get_flags(void)
- 				cpu.model += ((tfms >> 16) & 0xf) << 4;
- 		}
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	((current->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN	((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN	((current->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #include <asm/processor.h>
+ #include <linux/module.h>
+ #include <linux/elfcore.h>
+diff -urNp linux-2.6.24.2/arch/mips/kernel/syscall.c linux-2.6.24.2/arch/mips/kernel/syscall.c
+--- linux-2.6.24.2/arch/mips/kernel/syscall.c	2008-02-11 00:51:11.000000000 -0500
++++ linux-2.6.24.2/arch/mips/kernel/syscall.c	2008-02-13 18:27:54.000000000 -0500
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsecurity.patch?r1=1.1.2.3&r2=1.1.2.4&f=u



More information about the pld-cvs-commit mailing list