Author: arekm Date: Wed May 18 08:44:46 2011 GMT Module: packages Tag: GRSECURITY_RAW ---- Log message: http://grsecurity.net/~spender/grsecurity-2.2.2-2.6.38.6-201105171931.patch
---- Files affected: packages/kernel: kernel-grsec_full.patch (1.3.2.67 -> 1.3.2.68) ---- Diffs: ================================================================ Index: packages/kernel/kernel-grsec_full.patch diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.67 packages/kernel/kernel-grsec_full.patch:1.3.2.68 --- packages/kernel/kernel-grsec_full.patch:1.3.2.67 Sun May 15 13:27:51 2011 +++ packages/kernel/kernel-grsec_full.patch Wed May 18 10:44:24 2011 @@ -3780,6 +3780,18 @@ } #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +diff -urNp linux-2.6.38.6/arch/sparc/include/asm/cache.h linux-2.6.38.6/arch/sparc/include/asm/cache.h +--- linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/sparc/include/asm/cache.h 2011-05-17 19:31:43.000000000 -0400 +@@ -10,7 +10,7 @@ + #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long) + + #define L1_CACHE_SHIFT 5 +-#define L1_CACHE_BYTES 32 ++#define L1_CACHE_BYTES 32U + + #ifdef CONFIG_SPARC32 + #define SMP_CACHE_BYTES_SHIFT 5 diff -urNp linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h --- linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/sparc/include/asm/dma-mapping.h 2011-04-28 19:34:14.000000000 -0400 @@ -4861,6 +4873,18 @@ EXPORT_SYMBOL(atomic64_sub_ret); /* Atomic bit operations. */ +diff -urNp linux-2.6.38.6/arch/sparc/lib/Makefile linux-2.6.38.6/arch/sparc/lib/Makefile +--- linux-2.6.38.6/arch/sparc/lib/Makefile 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/sparc/lib/Makefile 2011-05-17 19:31:43.000000000 -0400 +@@ -2,7 +2,7 @@ + # + + asflags-y := -ansi -DST_DIV0=0x02 +-ccflags-y := -Werror ++#ccflags-y := -Werror + + lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o + lib-$(CONFIG_SPARC32) += memcpy.o memset.o diff -urNp linux-2.6.38.6/arch/sparc/Makefile linux-2.6.38.6/arch/sparc/Makefile --- linux-2.6.38.6/arch/sparc/Makefile 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/sparc/Makefile 2011-04-28 19:34:14.000000000 -0400 @@ -6362,7 +6386,7 @@ has_dumped = 1; diff -urNp linux-2.6.38.6/arch/x86/ia32/ia32entry.S linux-2.6.38.6/arch/x86/ia32/ia32entry.S --- linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-11 18:34:57.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/ia32/ia32entry.S 2011-05-16 21:47:08.000000000 -0400 @@ -13,6 +13,7 @@ #include <asm/thread_info.h> #include <asm/segment.h> @@ -6371,7 +6395,7 @@ #include <linux/linkage.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ -@@ -93,6 +94,28 @@ ENTRY(native_irq_enable_sysexit) +@@ -93,6 +94,26 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -6386,21 +6410,19 @@ + call pax_exit_kernel_user +#endif +#ifdef CONFIG_PAX_RANDKSTACK -+ push %rax ++ pushq %rax + call pax_randomize_kstack -+ pop %rax ++ popq %rax +#endif +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ push %rax + call pax_erase_kstack -+ pop %rax +#endif + .endm + /* * 32bit SYSENTER instruction entry. * -@@ -119,7 +142,7 @@ ENTRY(ia32_sysenter_target) +@@ -119,7 +140,7 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -6409,7 +6431,7 @@ /* * No need to follow this irqs on/off section: the syscall * disabled irqs, here we enable it straight after entry: -@@ -135,7 +158,8 @@ ENTRY(ia32_sysenter_target) +@@ -135,7 +156,8 @@ ENTRY(ia32_sysenter_target) pushfq CFI_ADJUST_CFA_OFFSET 8 /*CFI_REL_OFFSET rflags,0*/ @@ -6419,7 +6441,7 @@ CFI_REGISTER rip,r10 pushq $__USER32_CS CFI_ADJUST_CFA_OFFSET 8 -@@ -150,6 +174,12 @@ ENTRY(ia32_sysenter_target) +@@ -150,6 +172,12 @@ ENTRY(ia32_sysenter_target) SAVE_ARGS 0,0,1 /* no need to do an access_ok check here because rbp has been 32bit zero extended */ @@ -6432,7 +6454,7 @@ 1: movl (%rbp),%ebp .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -172,6 +202,7 @@ sysenter_dispatch: +@@ -172,6 +200,7 @@ sysenter_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysexit_audit sysexit_from_sys_call: @@ -6440,7 +6462,7 @@ andl $~TS_COMPAT,TI_status(%r10) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) -@@ -283,19 +314,24 @@ ENDPROC(ia32_sysenter_target) +@@ -283,19 +312,24 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -6467,7 +6489,7 @@ movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -311,6 +347,12 @@ ENTRY(ia32_cstar_target) +@@ -311,6 +345,12 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -6480,7 +6502,7 @@ 1: movl (%r8),%r9d .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -333,6 +375,7 @@ cstar_dispatch: +@@ -333,6 +373,7 @@ cstar_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysretl_audit sysretl_from_sys_call: @@ -6488,7 +6510,7 @@ andl $~TS_COMPAT,TI_status(%r10) RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx -@@ -415,6 +458,7 @@ ENTRY(ia32_syscall) +@@ -415,6 +456,7 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -6735,7 +6757,7 @@ * @v: pointer to type atomic64_t diff -urNp linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h --- linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-04-28 19:34:14.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/atomic64_64.h 2011-05-16 21:47:08.000000000 -0400 @@ -18,7 +18,19 @@ */ static inline long atomic64_read(const atomic64_t *v) @@ -7010,7 +7032,19 @@ #define atomic64_dec_return(v) (atomic64_sub_return(1, (v))) static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) -@@ -206,17 +380,30 @@ static inline long atomic64_xchg(atomic6 +@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atom + return cmpxchg(&v->counter, old, new); + } + ++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new) ++{ ++ return cmpxchg(&v->counter, old, new); ++} ++ + static inline long atomic64_xchg(atomic64_t *v, long new) + { + return xchg(&v->counter, new); +@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic6 */ static inline int atomic64_add_unless(atomic64_t *v, long a, long u) { @@ -9689,7 +9723,7 @@ void default_idle(void); diff -urNp linux-2.6.38.6/arch/x86/include/asm/thread_info.h linux-2.6.38.6/arch/x86/include/asm/thread_info.h --- linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-04-30 19:58:48.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/thread_info.h 2011-05-17 19:31:43.000000000 -0400 @@ -10,6 +10,7 @@ #include <linux/compiler.h> #include <asm/page.h> @@ -9706,7 +9740,7 @@ struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,11 @@ struct thread_info { +@@ -34,18 +34,12 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -9716,6 +9750,7 @@ - */ - __u8 supervisor_stack[0]; -#endif ++ unsigned long lowest_stack; int uaccess_err; }; @@ -9726,7 +9761,7 @@ .exec_domain = &default_exec_domain, \ .flags = 0, \ .cpu = 0, \ -@@ -56,7 +49,7 @@ struct thread_info { +@@ -56,7 +50,7 @@ struct thread_info { }, \ } @@ -9735,7 +9770,7 @@ #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -164,6 +157,23 @@ struct thread_info { +@@ -164,6 +158,23 @@ struct thread_info { #define alloc_thread_info(tsk) \ ((struct thread_info *)__get_free_pages(THREAD_FLAGS, THREAD_ORDER)) @@ -9759,7 +9794,7 @@ #ifdef CONFIG_X86_32 #define STACK_WARN (THREAD_SIZE/8) -@@ -174,35 +184,13 @@ struct thread_info { +@@ -174,35 +185,13 @@ struct thread_info { */ #ifndef __ASSEMBLY__ @@ -9795,7 +9830,7 @@ /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -210,21 +198,6 @@ static inline struct thread_info *curren +@@ -210,21 +199,8 @@ static inline struct thread_info *curren #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -9814,10 +9849,12 @@ - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("rsp") __used; #endif #endif /* !X86_32 */ -@@ -260,5 +233,16 @@ extern void arch_task_cache_init(void); +@@ -260,5 +236,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -9836,18 +9873,20 @@ #endif /* _ASM_X86_THREAD_INFO_H */ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h --- linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-04-28 19:34:14.000000000 -0400 -@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u ++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_32.h 2011-05-16 21:47:08.000000000 -0400 +@@ -44,6 +44,11 @@ unsigned long __must_check __copy_from_u static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; -@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to, +@@ -62,6 +67,8 @@ __copy_to_user_inatomic(void __user *to, return ret; } } @@ -9856,7 +9895,14 @@ return __copy_to_user_ll(to, from, n); } -@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo +@@ -83,12 +90,16 @@ static __always_inline unsigned long __m + __copy_to_user(void __user *to, const void *from, unsigned long n) + { + might_fault(); ++ + return __copy_to_user_inatomic(to, from, n); + } + static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { @@ -9866,18 +9912,20 @@ /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -138,6 +146,10 @@ static __always_inline unsigned long +@@ -138,6 +149,12 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); + ++ pax_track_stack(); ++ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; -@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __ +@@ -153,6 +170,8 @@ __copy_from_user(void *to, const void __ return ret; } } @@ -9886,7 +9934,7 @@ return __copy_from_user_ll(to, from, n); } -@@ -160,6 +174,10 @@ static __always_inline unsigned long __c +@@ -160,6 +179,10 @@ static __always_inline unsigned long __c const void __user *from, unsigned long n) { might_fault(); @@ -9897,7 +9945,7 @@ if (__builtin_constant_p(n)) { unsigned long ret; -@@ -182,15 +200,19 @@ static __always_inline unsigned long +@@ -182,15 +205,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -9924,7 +9972,7 @@ extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -200,17 +222,61 @@ extern void copy_from_user_overflow(void +@@ -200,17 +227,61 @@ extern void copy_from_user_overflow(void #endif ; @@ -9995,7 +10043,7 @@ diff -urNp linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h --- linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/include/asm/uaccess_64.h 2011-05-16 21:47:08.000000000 -0400 @@ -11,6 +11,9 @@ #include <asm/alternative.h> #include <asm/cpufeature.h> @@ -10046,7 +10094,7 @@ return n; } -@@ -65,110 +68,194 @@ int copy_to_user(void __user *dst, const +@@ -65,110 +68,198 @@ int copy_to_user(void __user *dst, const { might_fault(); @@ -10068,6 +10116,8 @@ - if (!__builtin_constant_p(size)) - return copy_user_generic(dst, (__force void *)src, size); + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10155,6 +10205,8 @@ might_fault(); - if (!__builtin_constant_p(size)) + ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10271,7 +10323,7 @@ ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -177,7 +264,7 @@ int __copy_in_user(void __user *dst, con +@@ -177,7 +268,7 @@ int __copy_in_user(void __user *dst, con } case 2: { u16 tmp; @@ -10280,7 +10332,7 @@ ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -187,7 +274,7 @@ int __copy_in_user(void __user *dst, con +@@ -187,7 +278,7 @@ int __copy_in_user(void __user *dst, con case 4: { u32 tmp; @@ -10289,7 +10341,7 @@ ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -196,7 +283,7 @@ int __copy_in_user(void __user *dst, con +@@ -196,7 +287,7 @@ int __copy_in_user(void __user *dst, con } case 8: { u64 tmp; @@ -10298,7 +10350,7 @@ ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -204,8 +291,16 @@ int __copy_in_user(void __user *dst, con +@@ -204,8 +295,16 @@ int __copy_in_user(void __user *dst, con return ret; } default: @@ -10316,10 +10368,12 @@ } } -@@ -222,33 +317,70 @@ __must_check unsigned long __clear_user( +@@ -222,33 +321,72 @@ __must_check unsigned long __clear_user( static __must_check __always_inline int __copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) { ++ pax_track_stack(); ++ + if ((int)size < 0) + return size; + @@ -10995,7 +11049,7 @@ .map_page = map_page, diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/apic.c linux-2.6.38.6/arch/x86/kernel/apic/apic.c --- linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-04-28 19:57:25.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/apic/apic.c 2011-05-16 21:47:08.000000000 -0400 @@ -1819,7 +1819,7 @@ void smp_error_interrupt(struct pt_regs apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); @@ -11005,6 +11059,15 @@ /* * Here is what the APIC error bits mean: +@@ -2209,6 +2209,8 @@ static int __cpuinit apic_cluster_num(vo + u16 *bios_cpu_apicid; + DECLARE_BITMAP(clustermap, NUM_APIC_CLUSTERS); + ++ pax_track_stack(); ++ + bios_cpu_apicid = early_per_cpu_ptr(x86_bios_cpu_apicid); + bitmap_zero(clustermap, NUM_APIC_CLUSTERS); + diff -urNp linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c --- linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-03-14 21:20:32.000000000 -0400 +++ linux-2.6.38.6/arch/x86/kernel/apic/io_apic.c 2011-04-28 19:57:25.000000000 -0400 @@ -11147,7 +11210,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c --- linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-04-28 19:34:14.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_32.c 2011-05-16 21:47:08.000000000 -0400 @@ -51,7 +51,6 @@ void foo(void) OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id); BLANK(); @@ -11156,7 +11219,16 @@ OFFSET(TI_exec_domain, thread_info, exec_domain); OFFSET(TI_flags, thread_info, flags); OFFSET(TI_status, thread_info, status); -@@ -113,6 +112,11 @@ void foo(void) +@@ -60,6 +59,8 @@ void foo(void) + OFFSET(TI_restart_block, thread_info, restart_block); + OFFSET(TI_sysenter_return, thread_info, sysenter_return); + OFFSET(TI_cpu, thread_info, cpu); ++ OFFSET(TI_lowest_stack, thread_info, lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo)); + BLANK(); + + OFFSET(GDS_size, desc_ptr, size); +@@ -113,6 +114,11 @@ void foo(void) OFFSET(PV_CPU_iret, pv_cpu_ops, iret); OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0); @@ -11170,8 +11242,17 @@ #ifdef CONFIG_XEN diff -urNp linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c --- linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-04-30 11:45:06.000000000 -0400 -@@ -63,6 +63,18 @@ int main(void) ++++ linux-2.6.38.6/arch/x86/kernel/asm-offsets_64.c 2011-05-16 21:47:08.000000000 -0400 +@@ -44,6 +44,8 @@ int main(void) + ENTRY(addr_limit); + ENTRY(preempt_count); + ENTRY(status); ++ ENTRY(lowest_stack); ++ DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo)); + #ifdef CONFIG_IA32_EMULATION + ENTRY(sysenter_return); + #endif +@@ -63,6 +65,18 @@ int main(void) OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit); OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs); OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2); @@ -11190,7 +11271,7 @@ #endif -@@ -115,6 +127,7 @@ int main(void) +@@ -115,6 +129,7 @@ int main(void) ENTRY(cr8); BLANK(); #undef ENTRY @@ -11198,7 +11279,7 @@ DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist)); BLANK(); DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); -@@ -130,6 +143,7 @@ int main(void) +@@ -130,6 +145,7 @@ int main(void) BLANK(); DEFINE(PAGE_SIZE_asm, PAGE_SIZE); @@ -11550,8 +11631,17 @@ extern int generic_get_free_region(unsigned long base, unsigned long size, diff -urNp linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c --- linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-03-14 21:20:32.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-04-28 19:34:14.000000000 -0400 -@@ -1781,7 +1781,7 @@ perf_callchain_user(struct perf_callchai ++++ linux-2.6.38.6/arch/x86/kernel/cpu/perf_event.c 2011-05-16 21:47:08.000000000 -0400 +@@ -674,6 +674,8 @@ static int x86_schedule_events(struct cp + int i, j, w, wmax, num = 0; + struct hw_perf_event *hwc; + ++ pax_track_stack(); ++ + bitmap_zero(used_mask, X86_PMC_IDX_MAX); + + for (i = 0; i < n; i++) { +@@ -1781,7 +1783,7 @@ perf_callchain_user(struct perf_callchai break; perf_callchain_store(entry, frame.return_address); @@ -11882,10 +11972,30 @@ report_bug(regs->ip, regs); if (__die(str, regs, err)) +diff -urNp linux-2.6.38.6/arch/x86/kernel/early_printk.c linux-2.6.38.6/arch/x86/kernel/early_printk.c +--- linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-03-14 21:20:32.000000000 -0400 ++++ linux-2.6.38.6/arch/x86/kernel/early_printk.c 2011-05-16 21:47:08.000000000 -0400 +@@ -7,6 +7,7 @@ + #include <linux/pci_regs.h> + #include <linux/pci_ids.h> + #include <linux/errno.h> ++#include <linux/sched.h> + #include <asm/io.h> + #include <asm/processor.h> + #include <asm/fcntl.h> +@@ -179,6 +180,8 @@ asmlinkage void early_printk(const char + int n; + va_list ap; + ++ pax_track_stack(); ++ + va_start(ap, fmt); + n = vscnprintf(buf, sizeof(buf), fmt, ap); + early_console->write(early_console, buf, n); diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/kernel/entry_32.S --- linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-04-18 17:27:16.000000000 -0400 -+++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-10 21:13:12.000000000 -0400 -@@ -183,13 +183,139 @@ ++++ linux-2.6.38.6/arch/x86/kernel/entry_32.S 2011-05-16 21:55:51.000000000 -0400 +@@ -183,13 +183,154 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -11919,7 +12029,10 @@ +#ifdef CONFIG_PAX_KERNEXEC +ENTRY(pax_enter_kernel) +#ifdef CONFIG_PARAVIRT -+ push %eax; push %ecx ++ pushl %eax ++ CFI_REL_OFFSET eax, 0 ++ pushl %ecx ++ CFI_REL_OFFSET ecx, 0 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) + mov %eax, %esi +#else @@ -11941,14 +12054,20 @@ +#endif +3: +#ifdef CONFIG_PARAVIRT -+ pop %ecx; pop %eax ++ popl %ecx ++ CFI_RESTORE ecx ++ popl %eax ++ CFI_RESTORE eax +#endif + ret <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.67&r2=1.3.2.68&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit