packages (GRSECURITY_RAW): kernel/kernel-grsec_full.patch http://grsecurity...
arekm
arekm at pld-linux.org
Wed May 18 10:44:46 CEST 2011
Author: arekm Date: Wed May 18 08:44:46 2011 GMT
Module: packages Tag: GRSECURITY_RAW
---- Log message:
http://grsecurity.net/~spender/grsecurity-2.2.2-2.6.38.6-201105171931.patch
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.3.2.67 -> 1.3.2.68)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.67 packages/kernel/kernel-grsec_full.patch:1.3.2.68
--- packages/kernel/kernel-grsec_full.patch:1.3.2.67 Sun May 15 13:27:51 2011
+++ packages/kernel/kernel-grsec_full.patch Wed May 18 10:44:24 2011
@@ -3780,6 +3780,18 @@
}
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
+diff -urNp linux-2.6.38.6/arch/sparc/include/asm/cache.h linux-2.6.38.6/arch/sparc/include/asm/cache.h
+--- linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-03-14 21:20:32.000000000 -0400
++++ linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-05-17 19:31:43.000000000 -0400
+@@ -10,7 +10,7 @@
+ #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long)
+
+ #define L1_CACHE_SHIFT 5
+-#define L1_CACHE_BYTES 32
++#define L1_CACHE_BYTES 32U
+
+ #ifdef CONFIG_SPARC32
+ #define SMP_CACHE_BYTES_SHIFT 5
diff -urNp linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h
--- linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
+++ linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-04-28 19:34:14.000000000 -0400
@@ -4861,6 +4873,18 @@
EXPORT_SYMBOL(atomic64_sub_ret);
/* Atomic bit operations. */
+diff -urNp linux-2.6.38.6/arch/sparc/lib/Makefile linux-2.6.38.6/arch/sparc/lib/Makefile
+--- linux-2.6.38.6/arch/sparc/lib/Makefile 2011-03-14 21:20:32.000000000 -0400
++++ linux-2.6.38.6/arch/sparc/lib/Makefile 2011-05-17 19:31:43.000000000 -0400
+@@ -2,7 +2,7 @@
+ #
+
+ asflags-y := -ansi -DST_DIV0=0x02
+-ccflags-y := -Werror
++#ccflags-y := -Werror
+
+ lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o
+ lib-$(CONFIG_SPARC32) += memcpy.o memset.o
diff -urNp linux-2.6.38.6/arch/sparc/Makefile linux-2.6.38.6/arch/sparc/Makefile
--- linux-2.6.38.6/arch/sparc/Makefile 2011-03-14 21:20:32.000000000 -0400
+++ linux-2.6.38.6/arch/sparc/Makefile 2011-04-28 19:34:14.000000000 -0400
@@ -6362,7 +6386,7 @@
has_dumped = 1;
diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32/ia32entry.S
--- linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-11 18:34:57.000000000 -0400
++++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-16 21:47:08.000000000 -0400
@@ -13,6 +13,7 @@
#include <asm/thread_info.h>
#include <asm/segment.h>
@@ -6371,7 +6395,7 @@
#include <linux/linkage.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
-@@ -93,6 +94,28 @@ ENTRY(native_irq_enable_sysexit)
+@@ -93,6 +94,26 @@ ENTRY(native_irq_enable_sysexit)
ENDPROC(native_irq_enable_sysexit)
#endif
@@ -6386,21 +6410,19 @@
+ call pax_exit_kernel_user
+#endif
+#ifdef CONFIG_PAX_RANDKSTACK
-+ push %rax
++ pushq %rax
+ call pax_randomize_kstack
-+ pop %rax
++ popq %rax
+#endif
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+ push %rax
+ call pax_erase_kstack
-+ pop %rax
+#endif
+ .endm
+
/*
* 32bit SYSENTER instruction entry.
*
-@@ -119,7 +142,7 @@ ENTRY(ia32_sysenter_target)
+@@ -119,7 +140,7 @@ ENTRY(ia32_sysenter_target)
CFI_REGISTER rsp,rbp
SWAPGS_UNSAFE_STACK
movq PER_CPU_VAR(kernel_stack), %rsp
@@ -6409,7 +6431,7 @@
/*
* No need to follow this irqs on/off section: the syscall
* disabled irqs, here we enable it straight after entry:
-@@ -135,7 +158,8 @@ ENTRY(ia32_sysenter_target)
+@@ -135,7 +156,8 @@ ENTRY(ia32_sysenter_target)
pushfq
CFI_ADJUST_CFA_OFFSET 8
/*CFI_REL_OFFSET rflags,0*/
@@ -6419,7 +6441,7 @@
CFI_REGISTER rip,r10
pushq $__USER32_CS
CFI_ADJUST_CFA_OFFSET 8
-@@ -150,6 +174,12 @@ ENTRY(ia32_sysenter_target)
+@@ -150,6 +172,12 @@ ENTRY(ia32_sysenter_target)
SAVE_ARGS 0,0,1
/* no need to do an access_ok check here because rbp has been
32bit zero extended */
@@ -6432,7 +6454,7 @@
1: movl (%rbp),%ebp
.section __ex_table,"a"
.quad 1b,ia32_badarg
-@@ -172,6 +202,7 @@ sysenter_dispatch:
+@@ -172,6 +200,7 @@ sysenter_dispatch:
testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
jnz sysexit_audit
sysexit_from_sys_call:
@@ -6440,7 +6462,7 @@
andl $~TS_COMPAT,TI_status(%r10)
/* clear IF, that popfq doesn't enable interrupts early */
andl $~0x200,EFLAGS-R11(%rsp)
-@@ -283,19 +314,24 @@ ENDPROC(ia32_sysenter_target)
+@@ -283,19 +312,24 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
@@ -6467,7 +6489,7 @@
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -311,6 +347,12 @@ ENTRY(ia32_cstar_target)
+@@ -311,6 +345,12 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
@@ -6480,7 +6502,7 @@
1: movl (%r8),%r9d
.section __ex_table,"a"
.quad 1b,ia32_badarg
-@@ -333,6 +375,7 @@ cstar_dispatch:
+@@ -333,6 +373,7 @@ cstar_dispatch:
testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
jnz sysretl_audit
sysretl_from_sys_call:
@@ -6488,7 +6510,7 @@
andl $~TS_COMPAT,TI_status(%r10)
RESTORE_ARGS 1,-ARG_SKIP,1,1,1
movl RIP-ARGOFFSET(%rsp),%ecx
-@@ -415,6 +458,7 @@ ENTRY(ia32_syscall)
+@@ -415,6 +456,7 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
@@ -6735,7 +6757,7 @@
* @v: pointer to type atomic64_t
diff -urNp linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h
--- linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-04-28 19:34:14.000000000 -0400
++++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-05-16 21:47:08.000000000 -0400
@@ -18,7 +18,19 @@
*/
static inline long atomic64_read(const atomic64_t *v)
@@ -7010,7 +7032,19 @@
#define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
-@@ -206,17 +380,30 @@ static inline long atomic64_xchg(atomic6
+@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atom
+ return cmpxchg(&v->counter, old, new);
+ }
+
++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
++{
++ return cmpxchg(&v->counter, old, new);
++}
++
+ static inline long atomic64_xchg(atomic64_t *v, long new)
+ {
+ return xchg(&v->counter, new);
+@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic6
*/
static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
{
@@ -9689,7 +9723,7 @@
void default_idle(void);
diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch/x86/include/asm/thread_info.h
--- linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-04-30 19:58:48.000000000 -0400
++++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-05-17 19:31:43.000000000 -0400
@@ -10,6 +10,7 @@
#include <linux/compiler.h>
#include <asm/page.h>
@@ -9706,7 +9740,7 @@
struct exec_domain *exec_domain; /* execution domain */
__u32 flags; /* low level flags */
__u32 status; /* thread synchronous flags */
-@@ -34,18 +34,11 @@ struct thread_info {
+@@ -34,18 +34,12 @@ struct thread_info {
mm_segment_t addr_limit;
struct restart_block restart_block;
void __user *sysenter_return;
@@ -9716,6 +9750,7 @@
- */
- __u8 supervisor_stack[0];
-#endif
++ unsigned long lowest_stack;
int uaccess_err;
};
@@ -9726,7 +9761,7 @@
.exec_domain = &default_exec_domain, \
.flags = 0, \
.cpu = 0, \
-@@ -56,7 +49,7 @@ struct thread_info {
+@@ -56,7 +50,7 @@ struct thread_info {
}, \
}
@@ -9735,7 +9770,7 @@
#define init_stack (init_thread_union.stack)
#else /* !__ASSEMBLY__ */
-@@ -164,6 +157,23 @@ struct thread_info {
+@@ -164,6 +158,23 @@ struct thread_info {
#define alloc_thread_info(tsk) \
((struct thread_info *)__get_free_pages(THREAD_FLAGS, THREAD_ORDER))
@@ -9759,7 +9794,7 @@
#ifdef CONFIG_X86_32
#define STACK_WARN (THREAD_SIZE/8)
-@@ -174,35 +184,13 @@ struct thread_info {
+@@ -174,35 +185,13 @@ struct thread_info {
*/
#ifndef __ASSEMBLY__
@@ -9795,7 +9830,7 @@
/*
* macros/functions for gaining access to the thread information structure
* preempt_count needs to be 1 initially, until the scheduler is functional.
-@@ -210,21 +198,6 @@ static inline struct thread_info *curren
+@@ -210,21 +199,8 @@ static inline struct thread_info *curren
#ifndef __ASSEMBLY__
DECLARE_PER_CPU(unsigned long, kernel_stack);
@@ -9814,10 +9849,12 @@
- movq PER_CPU_VAR(kernel_stack),reg ; \
- subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg
-
++/* how to get the current stack pointer from C */
++register unsigned long current_stack_pointer asm("rsp") __used;
#endif
#endif /* !X86_32 */
-@@ -260,5 +233,16 @@ extern void arch_task_cache_init(void);
+@@ -260,5 +236,16 @@ extern void arch_task_cache_init(void);
extern void free_thread_info(struct thread_info *ti);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
#define arch_task_cache_init arch_task_cache_init
@@ -9836,18 +9873,20 @@
#endif /* _ASM_X86_THREAD_INFO_H */
diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h
--- linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-04-28 19:34:14.000000000 -0400
-@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u
++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-05-16 21:47:08.000000000 -0400
+@@ -44,6 +44,11 @@ unsigned long __must_check __copy_from_u
static __always_inline unsigned long __must_check
__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
{
++ pax_track_stack();
++
+ if ((long)n < 0)
+ return n;
+
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to,
+@@ -62,6 +67,8 @@ __copy_to_user_inatomic(void __user *to,
return ret;
}
}
@@ -9856,7 +9895,14 @@
return __copy_to_user_ll(to, from, n);
}
-@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo
+@@ -83,12 +90,16 @@ static __always_inline unsigned long __m
+ __copy_to_user(void __user *to, const void *from, unsigned long n)
+ {
+ might_fault();
++
+ return __copy_to_user_inatomic(to, from, n);
+ }
+
static __always_inline unsigned long
__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
{
@@ -9866,18 +9912,20 @@
/* Avoid zeroing the tail if the copy fails..
* If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
* but as the zeroing behaviour is only significant when n is not
-@@ -138,6 +146,10 @@ static __always_inline unsigned long
+@@ -138,6 +149,12 @@ static __always_inline unsigned long
__copy_from_user(void *to, const void __user *from, unsigned long n)
{
might_fault();
+
++ pax_track_stack();
++
+ if ((long)n < 0)
+ return n;
+
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __
+@@ -153,6 +170,8 @@ __copy_from_user(void *to, const void __
return ret;
}
}
@@ -9886,7 +9934,7 @@
return __copy_from_user_ll(to, from, n);
}
-@@ -160,6 +174,10 @@ static __always_inline unsigned long __c
+@@ -160,6 +179,10 @@ static __always_inline unsigned long __c
const void __user *from, unsigned long n)
{
might_fault();
@@ -9897,7 +9945,7 @@
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -182,15 +200,19 @@ static __always_inline unsigned long
+@@ -182,15 +205,19 @@ static __always_inline unsigned long
__copy_from_user_inatomic_nocache(void *to, const void __user *from,
unsigned long n)
{
@@ -9924,7 +9972,7 @@
extern void copy_from_user_overflow(void)
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
-@@ -200,17 +222,61 @@ extern void copy_from_user_overflow(void
+@@ -200,17 +227,61 @@ extern void copy_from_user_overflow(void
#endif
;
@@ -9995,7 +10043,7 @@
diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h
--- linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-04-28 19:57:25.000000000 -0400
++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-05-16 21:47:08.000000000 -0400
@@ -11,6 +11,9 @@
#include <asm/alternative.h>
#include <asm/cpufeature.h>
@@ -10046,7 +10094,7 @@
return n;
}
-@@ -65,110 +68,194 @@ int copy_to_user(void __user *dst, const
+@@ -65,110 +68,198 @@ int copy_to_user(void __user *dst, const
{
might_fault();
@@ -10068,6 +10116,8 @@
- if (!__builtin_constant_p(size))
- return copy_user_generic(dst, (__force void *)src, size);
+
++ pax_track_stack();
++
+ if ((int)size < 0)
+ return size;
+
@@ -10155,6 +10205,8 @@
might_fault();
- if (!__builtin_constant_p(size))
+
++ pax_track_stack();
++
+ if ((int)size < 0)
+ return size;
+
@@ -10271,7 +10323,7 @@
ret, "b", "b", "=q", 1);
if (likely(!ret))
__put_user_asm(tmp, (u8 __user *)dst,
-@@ -177,7 +264,7 @@ int __copy_in_user(void __user *dst, con
+@@ -177,7 +268,7 @@ int __copy_in_user(void __user *dst, con
}
case 2: {
u16 tmp;
@@ -10280,7 +10332,7 @@
ret, "w", "w", "=r", 2);
if (likely(!ret))
__put_user_asm(tmp, (u16 __user *)dst,
-@@ -187,7 +274,7 @@ int __copy_in_user(void __user *dst, con
+@@ -187,7 +278,7 @@ int __copy_in_user(void __user *dst, con
case 4: {
u32 tmp;
@@ -10289,7 +10341,7 @@
ret, "l", "k", "=r", 4);
if (likely(!ret))
__put_user_asm(tmp, (u32 __user *)dst,
-@@ -196,7 +283,7 @@ int __copy_in_user(void __user *dst, con
+@@ -196,7 +287,7 @@ int __copy_in_user(void __user *dst, con
}
case 8: {
u64 tmp;
@@ -10298,7 +10350,7 @@
ret, "q", "", "=r", 8);
if (likely(!ret))
__put_user_asm(tmp, (u64 __user *)dst,
-@@ -204,8 +291,16 @@ int __copy_in_user(void __user *dst, con
+@@ -204,8 +295,16 @@ int __copy_in_user(void __user *dst, con
return ret;
}
default:
@@ -10316,10 +10368,12 @@
}
}
-@@ -222,33 +317,70 @@ __must_check unsigned long __clear_user(
+@@ -222,33 +321,72 @@ __must_check unsigned long __clear_user(
static __must_check __always_inline int
__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
{
++ pax_track_stack();
++
+ if ((int)size < 0)
+ return size;
+
@@ -10995,7 +11049,7 @@
.map_page = map_page,
diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/apic.c linux-2.6.38.6/arch/x86/kernel/apic/apic.c
--- linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-04-28 19:57:25.000000000 -0400
++++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-05-16 21:47:08.000000000 -0400
@@ -1819,7 +1819,7 @@ void smp_error_interrupt(struct pt_regs
apic_write(APIC_ESR, 0);
v1 = apic_read(APIC_ESR);
@@ -11005,6 +11059,15 @@
/*
* Here is what the APIC error bits mean:
+@@ -2209,6 +2209,8 @@ static int __cpuinit apic_cluster_num(vo
+ u16 *bios_cpu_apicid;
+ DECLARE_BITMAP(clustermap, NUM_APIC_CLUSTERS);
+
++ pax_track_stack();
++
+ bios_cpu_apicid = early_per_cpu_ptr(x86_bios_cpu_apicid);
+ bitmap_zero(clustermap, NUM_APIC_CLUSTERS);
+
diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c
--- linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-03-14 21:20:32.000000000 -0400
+++ linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-04-28 19:57:25.000000000 -0400
@@ -11147,7 +11210,7 @@
diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c
--- linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-04-28 19:34:14.000000000 -0400
++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-05-16 21:47:08.000000000 -0400
@@ -51,7 +51,6 @@ void foo(void)
OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id);
BLANK();
@@ -11156,7 +11219,16 @@
OFFSET(TI_exec_domain, thread_info, exec_domain);
OFFSET(TI_flags, thread_info, flags);
OFFSET(TI_status, thread_info, status);
-@@ -113,6 +112,11 @@ void foo(void)
+@@ -60,6 +59,8 @@ void foo(void)
+ OFFSET(TI_restart_block, thread_info, restart_block);
+ OFFSET(TI_sysenter_return, thread_info, sysenter_return);
+ OFFSET(TI_cpu, thread_info, cpu);
++ OFFSET(TI_lowest_stack, thread_info, lowest_stack);
++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo));
+ BLANK();
+
+ OFFSET(GDS_size, desc_ptr, size);
+@@ -113,6 +114,11 @@ void foo(void)
OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
@@ -11170,8 +11242,17 @@
#ifdef CONFIG_XEN
diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c
--- linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-04-30 11:45:06.000000000 -0400
-@@ -63,6 +63,18 @@ int main(void)
++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-05-16 21:47:08.000000000 -0400
+@@ -44,6 +44,8 @@ int main(void)
+ ENTRY(addr_limit);
+ ENTRY(preempt_count);
+ ENTRY(status);
++ ENTRY(lowest_stack);
++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo));
+ #ifdef CONFIG_IA32_EMULATION
+ ENTRY(sysenter_return);
+ #endif
+@@ -63,6 +65,18 @@ int main(void)
OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs);
OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
@@ -11190,7 +11271,7 @@
#endif
-@@ -115,6 +127,7 @@ int main(void)
+@@ -115,6 +129,7 @@ int main(void)
ENTRY(cr8);
BLANK();
#undef ENTRY
@@ -11198,7 +11279,7 @@
DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
BLANK();
DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
-@@ -130,6 +143,7 @@ int main(void)
+@@ -130,6 +145,7 @@ int main(void)
BLANK();
DEFINE(PAGE_SIZE_asm, PAGE_SIZE);
@@ -11550,8 +11631,17 @@
extern int generic_get_free_region(unsigned long base, unsigned long size,
diff -urNp linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c
--- linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-04-28 19:34:14.000000000 -0400
-@@ -1781,7 +1781,7 @@ perf_callchain_user(struct perf_callchai
++++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-05-16 21:47:08.000000000 -0400
+@@ -674,6 +674,8 @@ static int x86_schedule_events(struct cp
+ int i, j, w, wmax, num = 0;
+ struct hw_perf_event *hwc;
+
++ pax_track_stack();
++
+ bitmap_zero(used_mask, X86_PMC_IDX_MAX);
+
+ for (i = 0; i < n; i++) {
+@@ -1781,7 +1783,7 @@ perf_callchain_user(struct perf_callchai
break;
perf_callchain_store(entry, frame.return_address);
@@ -11882,10 +11972,30 @@
report_bug(regs->ip, regs);
if (__die(str, regs, err))
+diff -urNp linux-2.6.38.6/arch/x86/kernel/early_printk.c linux-2.6.38.6/arch/x86/kernel/early_printk.c
+--- linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-03-14 21:20:32.000000000 -0400
++++ linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-05-16 21:47:08.000000000 -0400
+@@ -7,6 +7,7 @@
+ #include <linux/pci_regs.h>
+ #include <linux/pci_ids.h>
+ #include <linux/errno.h>
++#include <linux/sched.h>
+ #include <asm/io.h>
+ #include <asm/processor.h>
+ #include <asm/fcntl.h>
+@@ -179,6 +180,8 @@ asmlinkage void early_printk(const char
+ int n;
+ va_list ap;
+
++ pax_track_stack();
++
+ va_start(ap, fmt);
+ n = vscnprintf(buf, sizeof(buf), fmt, ap);
+ early_console->write(early_console, buf, n);
diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/kernel/entry_32.S
--- linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-04-18 17:27:16.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-10 21:13:12.000000000 -0400
-@@ -183,13 +183,139 @@
++++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-16 21:55:51.000000000 -0400
+@@ -183,13 +183,154 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
@@ -11919,7 +12029,10 @@
+#ifdef CONFIG_PAX_KERNEXEC
+ENTRY(pax_enter_kernel)
+#ifdef CONFIG_PARAVIRT
-+ push %eax; push %ecx
++ pushl %eax
++ CFI_REL_OFFSET eax, 0
++ pushl %ecx
++ CFI_REL_OFFSET ecx, 0
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
+ mov %eax, %esi
+#else
@@ -11941,14 +12054,20 @@
+#endif
+3:
+#ifdef CONFIG_PARAVIRT
-+ pop %ecx; pop %eax
++ popl %ecx
++ CFI_RESTORE ecx
++ popl %eax
++ CFI_RESTORE eax
+#endif
+ ret
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.67&r2=1.3.2.68&f=u
More information about the pld-cvs-commit
mailing list