Commit 3e5fbd36 authored by Natanael Copa's avatar Natanael Copa

main/*-grsec: update grsec kernel to 200909052209

parent ceabdffa
......@@ -14,7 +14,7 @@ _realname=dahdi-linux
pkgname=${_realname}-${_flavor}
pkgver=2.2.0
pkgrel=12
pkgrel=13
pkgdesc="Digium Asterisk Hardware Device Interface drivers"
url="http://www.asterisk.org"
license="GPL"
......
......@@ -15,7 +15,7 @@ if [ -f ../iscsitarget/APKBUILD ]; then
fi
pkgname=${_realname}-${_flavor}
pkgver=${pkgver:-0.4.17}
pkgrel=10
pkgrel=11
pkgdesc="$_flavor kernel modules for iscsitarget"
url="http://iscsitarget.sourceforge.net/"
license="GPL-2"
......
......@@ -12,7 +12,7 @@ _abi_release=$pkgver-${_flavor}
pkgname=${_realname}-${_flavor}
pkgver=1.4.0_pre1
_realver=1.4.0pre1
pkgrel=3
pkgrel=4
pkgdesc="$_flavor kernel modules for kemu"
url="http://www.nongnu.org/qemu/"
license="GPL"
......
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.5
_kernver=2.6.30
pkgrel=2
pkgrel=3
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
......@@ -13,7 +13,7 @@ _config=${config:-kernelconfig}
install="$pkgname.post-install $pkgname.post-upgrade"
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.1.14-2.6.30.5-200908311711.patch
grsecurity-2.1.14-2.6.30.5-200909052209.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
......@@ -112,6 +112,6 @@ dev() {
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
47841c7ff5c81a7b349a79f2fa8e9138 patch-2.6.30.5.bz2
105d22bfc672508d6ed94a4f823a3e24 grsecurity-2.1.14-2.6.30.5-200908311711.patch
82ed9db7fcd03659aeb2d597982182b7 grsecurity-2.1.14-2.6.30.5-200909052209.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
35d29ea012d4b009ce2bd37b7540903e kernelconfig"
......@@ -6090,16 +6090,21 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/paravirt.h linux-2.6.30.5/arch/x8
#define INTERRUPT_RETURN \
diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgalloc.h linux-2.6.30.5/arch/x86/include/asm/pgalloc.h
--- linux-2.6.30.5/arch/x86/include/asm/pgalloc.h 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/include/asm/pgalloc.h 2009-07-30 09:48:09.931536832 -0400
@@ -52,7 +52,7 @@ static inline void pmd_populate_kernel(s
+++ linux-2.6.30.5/arch/x86/include/asm/pgalloc.h 2009-09-05 22:09:36.037016937 -0400
@@ -52,6 +52,13 @@ static inline void pmd_populate_kernel(s
pmd_t *pmd, pte_t *pte)
{
paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
- set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
+ set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
+}
+
+static inline void pmd_populate_user(struct mm_struct *mm,
+ pmd_t *pmd, pte_t *pte)
+{
+ paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
}
static inline void pmd_populate(struct mm_struct *mm, pmd_t *pmd,
diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h
--- linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h 2009-07-30 09:48:09.931536832 -0400
......@@ -6125,7 +6130,7 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable-2level.h linux-2.6.30.5/a
static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h
--- linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h 2009-08-24 21:08:46.297666606 -0400
+++ linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h 2009-09-05 22:09:36.076613109 -0400
@@ -26,8 +26,6 @@
struct mm_struct;
struct vm_area_struct;
......@@ -6135,7 +6140,7 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h linux-2.6.30.5/arch/
static inline void pgtable_cache_init(void) { }
static inline void check_pgt_cache(void) { }
void paging_init(void);
@@ -48,6 +46,15 @@ extern void set_pmd_pfn(unsigned long, u
@@ -48,6 +46,11 @@ extern void set_pmd_pfn(unsigned long, u
# include <asm/pgtable-2level.h>
#endif
......@@ -6143,15 +6148,11 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_32.h linux-2.6.30.5/arch/
+#ifdef CONFIG_X86_PAE
+extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
+#endif
+extern pte_t swapper_pg_fixmap0[PTRS_PER_PMD];
+extern pte_t swapper_pg_fixmap1[PTRS_PER_PMD];
+extern pte_t swapper_pg_fixmap2[PTRS_PER_PMD];
+extern pte_t swapper_pg_fixmap3[PTRS_PER_PMD];
+
#if defined(CONFIG_HIGHPTE)
#define pte_offset_map(dir, address) \
((pte_t *)kmap_atomic_pte(pmd_page(*(dir)), KM_PTE0) + \
@@ -80,6 +87,9 @@ do { \
@@ -80,6 +83,9 @@ do { \
#endif /* !__ASSEMBLY__ */
......@@ -6203,8 +6204,8 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable-3level.h linux-2.6.30.5/a
/*
diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h
--- linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h 2009-07-30 09:48:09.932929020 -0400
@@ -16,9 +16,12 @@
+++ linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h 2009-09-05 22:09:36.083864233 -0400
@@ -16,9 +16,11 @@
extern pud_t level3_kernel_pgt[512];
extern pud_t level3_ident_pgt[512];
......@@ -6214,11 +6215,10 @@ diff -urNp linux-2.6.30.5/arch/x86/include/asm/pgtable_64.h linux-2.6.30.5/arch/
extern pmd_t level2_fixmap_pgt[512];
-extern pmd_t level2_ident_pgt[512];
+extern pmd_t level2_ident_pgt[512*4];
+extern pte_t level1_fixmap_pgt[512];
extern pgd_t init_level4_pgt[];
#define swapper_pg_dir init_level4_pgt
@@ -78,7 +81,19 @@ static inline pte_t native_ptep_get_and_
@@ -78,7 +80,19 @@ static inline pte_t native_ptep_get_and_
static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
{
......@@ -8792,7 +8792,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head32.c linux-2.6.30.5/arch/x86/kerne
/* Reserve INITRD */
diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kernel/head_32.S
--- linux-2.6.30.5/arch/x86/kernel/head_32.S 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/kernel/head_32.S 2009-08-05 19:08:00.458589400 -0400
+++ linux-2.6.30.5/arch/x86/kernel/head_32.S 2009-09-05 22:09:36.124586132 -0400
@@ -20,6 +20,7 @@
#include <asm/setup.h>
#include <asm/processor-flags.h>
......@@ -8843,7 +8843,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
ENTRY(startup_32)
/* test KEEP_SEGMENTS flag to see if the bootloader is asking
us to not reload segments */
@@ -98,6 +110,58 @@ ENTRY(startup_32)
@@ -98,6 +110,48 @@ ENTRY(startup_32)
movl %eax,%gs
2:
......@@ -8860,22 +8860,12 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
+#endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ /* check for VMware */
+ movl $0x564d5868,%eax
+ xorl %ebx,%ebx
+ movl $0xa,%ecx
+ movl $0x5658,%edx
+ in (%dx),%eax
+ cmpl $0x564d5868,%ebx
+ jz 2f
+
+ movl $NR_CPUS,%ecx
+ movl $pa(cpu_gdt_table),%edi
+1:
+ movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
+ addl $PAGE_SIZE_asm,%edi
+ loop 1b
+2:
+#endif
+
+#ifdef CONFIG_PAX_KERNEXEC
......@@ -8902,7 +8892,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
/*
* Clear BSS first so that there are no surprises...
*/
@@ -141,9 +205,7 @@ ENTRY(startup_32)
@@ -141,9 +195,7 @@ ENTRY(startup_32)
cmpl $num_subarch_entries, %eax
jae bad_subarch
......@@ -8913,7 +8903,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
bad_subarch:
WEAK(lguest_entry)
@@ -155,9 +217,9 @@ WEAK(xen_entry)
@@ -155,9 +207,9 @@ WEAK(xen_entry)
__INITDATA
subarch_entries:
......@@ -8926,41 +8916,35 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
num_subarch_entries = (. - subarch_entries) / 4
.previous
#endif /* CONFIG_PARAVIRT */
@@ -218,8 +280,14 @@ default_entry:
@@ -218,8 +270,11 @@ default_entry:
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
- movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
- movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
+#ifdef CONFIG_COMPAT_VDSO
+ movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
+#else
+ movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
+#endif
+ movl $pa(swapper_pg_fixmap1)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-16)
+ movl $pa(swapper_pg_fixmap2)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-24)
+ movl $pa(swapper_pg_fixmap3)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-32)
#else /* Not PAE */
page_pde_offset = (__PAGE_OFFSET >> 20);
@@ -249,8 +317,14 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
@@ -249,8 +304,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
- movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
- movl %eax,pa(swapper_pg_dir+0xffc)
+#ifdef CONFIG_COMPAT_VDSO
+ movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
+#else
+ movl $pa(swapper_pg_fixmap0)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
+ movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
+#endif
+ movl $pa(swapper_pg_fixmap1)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xff8)
+ movl $pa(swapper_pg_fixmap2)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xff4)
+ movl $pa(swapper_pg_fixmap3)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xff0)
#endif
jmp 3f
/*
@@ -314,13 +388,16 @@ ENTRY(startup_32_smp)
@@ -314,13 +372,16 @@ ENTRY(startup_32_smp)
jnc 6f
/* Setup EFER (Extended Feature Enable Register) */
......@@ -8978,7 +8962,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
6:
/*
@@ -346,9 +423,7 @@ ENTRY(startup_32_smp)
@@ -346,9 +407,7 @@ ENTRY(startup_32_smp)
#ifdef CONFIG_SMP
cmpb $0, ready
......@@ -8989,7 +8973,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
#endif /* CONFIG_SMP */
/*
@@ -426,7 +501,7 @@ is386: movl $2,%ecx # set MP
@@ -426,7 +485,7 @@ is386: movl $2,%ecx # set MP
1: movl $(__KERNEL_DS),%eax # reload all the segment registers
movl %eax,%ss # after changing gdt.
......@@ -8998,7 +8982,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
movl %eax,%ds
movl %eax,%es
@@ -440,8 +515,11 @@ is386: movl $2,%ecx # set MP
@@ -440,8 +499,11 @@ is386: movl $2,%ecx # set MP
*/
cmpb $0,ready
jne 1f
......@@ -9011,7 +8995,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
subl $20, %ecx
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
@@ -460,10 +538,6 @@ is386: movl $2,%ecx # set MP
@@ -460,10 +522,6 @@ is386: movl $2,%ecx # set MP
#ifdef CONFIG_SMP
movb ready, %cl
movb $1, ready
......@@ -9022,7 +9006,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
#endif /* CONFIG_SMP */
jmp *(initial_code)
@@ -549,22 +623,22 @@ early_page_fault:
@@ -549,22 +607,22 @@ early_page_fault:
jmp early_fault
early_fault:
......@@ -9050,7 +9034,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
hlt_loop:
hlt
jmp hlt_loop
@@ -572,8 +646,11 @@ hlt_loop:
@@ -572,8 +630,11 @@ hlt_loop:
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
......@@ -9063,7 +9047,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
pushl %eax
pushl %ecx
pushl %edx
@@ -582,9 +659,6 @@ ignore_int:
@@ -582,9 +643,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
......@@ -9073,7 +9057,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
@@ -608,37 +682,49 @@ ignore_int:
@@ -608,37 +666,40 @@ ignore_int:
ENTRY(initial_code)
.long i386_start_kernel
......@@ -9098,20 +9082,10 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
ENTRY(swapper_pg_dir)
.fill 1024,4,0
#endif
-swapper_pg_fixmap:
+
+ENTRY(swapper_pg_fixmap0)
+ .fill 1024,4,0
+
+ENTRY(swapper_pg_fixmap1)
swapper_pg_fixmap:
.fill 1024,4,0
+
+ENTRY(swapper_pg_fixmap2)
+ .fill 1024,4,0
+
+ENTRY(swapper_pg_fixmap3)
+ .fill 1024,4,0
+
+.section .empty_zero_page,"a",@progbits
ENTRY(empty_zero_page)
.fill 4096,1,0
......@@ -9136,7 +9110,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
ENTRY(swapper_pg_dir)
.long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
@@ -661,11 +747,12 @@ ENTRY(swapper_pg_dir)
@@ -661,11 +722,12 @@ ENTRY(swapper_pg_dir)
.data
ENTRY(stack_start)
......@@ -9150,7 +9124,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
early_recursion_flag:
.long 0
@@ -701,7 +788,7 @@ fault_msg:
@@ -701,7 +763,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
......@@ -9159,7 +9133,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
.word 0 # 32-bit align idt_desc.address
idt_descr:
@@ -712,7 +799,7 @@ idt_descr:
@@ -712,7 +774,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
......@@ -9168,7 +9142,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
/*
* The boot_gdt must mirror the equivalent in setup.S and is
@@ -721,5 +808,59 @@ ENTRY(early_gdt_descr)
@@ -721,5 +783,59 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
......@@ -9232,7 +9206,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_32.S linux-2.6.30.5/arch/x86/kern
+ .endr
diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kernel/head_64.S
--- linux-2.6.30.5/arch/x86/kernel/head_64.S 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/kernel/head_64.S 2009-08-01 08:46:06.399105315 -0400
+++ linux-2.6.30.5/arch/x86/kernel/head_64.S 2009-09-05 22:09:36.168173047 -0400
@@ -39,6 +39,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
L4_START_KERNEL = pgd_index(__START_KERNEL_map)
......@@ -9374,7 +9348,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kern
NEXT_PAGE(level3_kernel_pgt)
.fill L3_START_KERNEL,8,0
@@ -365,20 +379,27 @@ NEXT_PAGE(level3_kernel_pgt)
@@ -365,20 +379,23 @@ NEXT_PAGE(level3_kernel_pgt)
.quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
.quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
......@@ -9382,22 +9356,21 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kern
+ .fill 512,8,0
+
NEXT_PAGE(level2_fixmap_pgt)
.fill 506,8,0
.quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
- .fill 506,8,0
- .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
- /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
- .fill 5,8,0
+ .fill 507,8,0
+ .quad level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
+ /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
+ .fill 4,8,0
NEXT_PAGE(level1_fixmap_pgt)
-NEXT_PAGE(level1_fixmap_pgt)
+NEXT_PAGE(level1_vsyscall_pgt)
.fill 512,8,0
-NEXT_PAGE(level2_ident_pgt)
- /* Since I easily can, map the first 1G.
+NEXT_PAGE(level1_vsyscall_pgt)
+ .fill 512,8,0
+
+ /* Since I easily can, map the first 4G.
* Don't set NX because code runs from these pages.
*/
......@@ -9407,7 +9380,7 @@ diff -urNp linux-2.6.30.5/arch/x86/kernel/head_64.S linux-2.6.30.5/arch/x86/kern
NEXT_PAGE(level2_kernel_pgt)
/*
@@ -391,33 +412,49 @@ NEXT_PAGE(level2_kernel_pgt)
@@ -391,33 +408,49 @@ NEXT_PAGE(level2_kernel_pgt)
* If you want to increase this then increase MODULES_VADDR
* too.)
*/
......@@ -15228,7 +15201,7 @@ diff -urNp linux-2.6.30.5/arch/x86/mm/iomap_32.c linux-2.6.30.5/arch/x86/mm/ioma
return (void *)vaddr;
diff -urNp linux-2.6.30.5/arch/x86/mm/ioremap.c linux-2.6.30.5/arch/x86/mm/ioremap.c
--- linux-2.6.30.5/arch/x86/mm/ioremap.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/mm/ioremap.c 2009-07-30 19:56:23.514032300 -0400
+++ linux-2.6.30.5/arch/x86/mm/ioremap.c 2009-09-05 22:09:36.204542208 -0400
@@ -111,8 +111,8 @@ int page_is_ram(unsigned long pagenr)
* Second special case: Some BIOSen report the PC BIOS
* area (640->1Mb) as ram even though it is not.
......@@ -15261,52 +15234,25 @@ diff -urNp linux-2.6.30.5/arch/x86/mm/ioremap.c linux-2.6.30.5/arch/x86/mm/iorem
/*
* Ok, go for it..
*/
@@ -489,7 +488,6 @@ static int __init early_ioremap_debug_se
@@ -489,7 +488,7 @@ static int __init early_ioremap_debug_se
early_param("early_ioremap_debug", early_ioremap_debug_setup);
static __initdata int after_paging_init;
-static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
+static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE);
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
{
@@ -502,11 +500,6 @@ static inline pmd_t * __init early_iorem
return pmd;
}
-static inline pte_t * __init early_ioremap_pte(unsigned long addr)
-{
- return &bm_pte[pte_index(addr)];
-}
-
static unsigned long slot_virt[FIX_BTMAPS_SLOTS] __initdata;
void __init early_ioremap_init(void)
@@ -521,8 +514,6 @@ void __init early_ioremap_init(void)
@@ -521,8 +520,7 @@ void __init early_ioremap_init(void)
slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
- memset(bm_pte, 0, sizeof(bm_pte));
- pmd_populate_kernel(&init_mm, pmd, bm_pte);
+ pmd_populate_user(&init_mm, pmd, bm_pte);
/*
* The boot-ioremap range spans multiple pmds, for which
@@ -552,13 +543,15 @@ static void __init __early_set_fixmap(en
phys_addr_t phys, pgprot_t flags)
{
unsigned long addr = __fix_to_virt(idx);
+ unsigned int level;
pte_t *pte;
if (idx >= __end_of_fixed_addresses) {
BUG();
return;
}
- pte = early_ioremap_pte(addr);
+ pte = lookup_address(addr, &level);
+ BUG_ON(!pte || level != PG_LEVEL_4K);
if (pgprot_val(flags))
set_pte(pte, pfn_pte(phys >> PAGE_SHIFT, flags));
diff -urNp linux-2.6.30.5/arch/x86/mm/mmap.c linux-2.6.30.5/arch/x86/mm/mmap.c
--- linux-2.6.30.5/arch/x86/mm/mmap.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/mm/mmap.c 2009-07-30 09:48:09.973477350 -0400
......@@ -16361,7 +16307,7 @@ diff -urNp linux-2.6.30.5/arch/x86/xen/Kconfig linux-2.6.30.5/arch/x86/xen/Kconf
kernel to boot in a paravirtualized environment under the
diff -urNp linux-2.6.30.5/arch/x86/xen/mmu.c linux-2.6.30.5/arch/x86/xen/mmu.c
--- linux-2.6.30.5/arch/x86/xen/mmu.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/xen/mmu.c 2009-07-30 09:48:09.980662517 -0400
+++ linux-2.6.30.5/arch/x86/xen/mmu.c 2009-09-05 22:09:36.227714282 -0400
@@ -1716,6 +1716,8 @@ __init pgd_t *xen_setup_kernel_pagetable
convert_pfn_mfn(init_level4_pgt);
convert_pfn_mfn(level3_ident_pgt);
......@@ -16371,7 +16317,7 @@ diff -urNp linux-2.6.30.5/arch/x86/xen/mmu.c linux-2.6.30.5/arch/x86/xen/mmu.c
l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
@@ -1734,9 +1736,12 @@ __init pgd_t *xen_setup_kernel_pagetable
@@ -1734,6 +1736,8 @@ __init pgd_t *xen_setup_kernel_pagetable
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
......@@ -16380,10 +16326,6 @@ diff -urNp linux-2.6.30.5/arch/x86/xen/mmu.c linux-2.6.30.5/arch/x86/xen/mmu.c
set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
+ set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
/* Pin down new L4 */
pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
diff -urNp linux-2.6.30.5/arch/x86/xen/smp.c linux-2.6.30.5/arch/x86/xen/smp.c
--- linux-2.6.30.5/arch/x86/xen/smp.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/arch/x86/xen/smp.c 2009-07-30 09:48:09.981489035 -0400
......@@ -16525,6 +16467,22 @@ diff -urNp linux-2.6.30.5/Documentation/dontdiff linux-2.6.30.5/Documentation/do
wakeup.bin
wakeup.elf
wakeup.lds
diff -urNp linux-2.6.30.5/Documentation/kernel-parameters.txt linux-2.6.30.5/Documentation/kernel-parameters.txt
--- linux-2.6.30.5/Documentation/kernel-parameters.txt 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/Documentation/kernel-parameters.txt 2009-09-05 22:09:36.342979816 -0400
@@ -1707,6 +1707,12 @@ and is between 256 and 4096 characters.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
+ pax_nouderef [X86-32] disables UDEREF. Most likely needed under certain
+ virtualization environments that don't cope well with the
+ expand down segment used by UDEREF on X86-32.
+
+ pax_softmode= [X86-32] 0/1 to disable/enable PaX softmode on boot already.
+
pcbit= [HW,ISDN]
pcd. [PARIDE]
diff -urNp linux-2.6.30.5/drivers/acpi/blacklist.c linux-2.6.30.5/drivers/acpi/blacklist.c
--- linux-2.6.30.5/drivers/acpi/blacklist.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/drivers/acpi/blacklist.c 2009-07-30 09:48:09.982442014 -0400
......@@ -23662,7 +23620,7 @@ diff -urNp linux-2.6.30.5/fs/namei.c linux-2.6.30.5/fs/namei.c
exit5:
diff -urNp linux-2.6.30.5/fs/namespace.c linux-2.6.30.5/fs/namespace.c
--- linux-2.6.30.5/fs/namespace.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/fs/namespace.c 2009-07-30 11:10:49.247492786 -0400
+++ linux-2.6.30.5/fs/namespace.c 2009-09-04 10:32:49.170674908 -0400
@@ -1110,6 +1110,8 @@ static int do_umount(struct vfsmount *mn
lock_kernel();
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
......@@ -23704,16 +23662,19 @@ diff -urNp linux-2.6.30.5/fs/namespace.c linux-2.6.30.5/fs/namespace.c
return retval;
}
@@ -2092,6 +2105,9 @@ SYSCALL_DEFINE5(mount, char __user *, de
if (retval < 0)
goto out3;
@@ -2159,6 +2172,12 @@ SYSCALL_DEFINE2(pivot_root, const char _
goto out1;
}
+ if (gr_handle_chroot_pivot())
+ return -EPERM;
+ if (gr_handle_chroot_pivot()) {
+ error = -EPERM;
+ path_put(&old);
+ goto out1;
+ }
+
lock_kernel();
retval = do_mount((char *)dev_page, dir_page, (char *)type_page,
flags, (void *)data_page);
read_lock(&current->fs->lock);
root = current->fs->root;
path_get(&current->fs->root);
diff -urNp linux-2.6.30.5/fs/nfs/client.c linux-2.6.30.5/fs/nfs/client.c
--- linux-2.6.30.5/fs/nfs/client.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/fs/nfs/client.c 2009-07-30 09:48:10.090670547 -0400
......@@ -37808,7 +37769,7 @@ diff -urNp linux-2.6.30.5/init/Kconfig linux-2.6.30.5/init/Kconfig
boolean
diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
--- linux-2.6.30.5/init/main.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/init/main.c 2009-07-30 11:10:49.548504780 -0400
+++ linux-2.6.30.5/init/main.c 2009-09-05 22:09:36.281558154 -0400
@@ -98,6 +98,7 @@ static inline void mark_rodata_ro(void)
#ifdef CONFIG_TC
extern void tc_init(void);
......@@ -37817,7 +37778,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
enum system_states system_state __read_mostly;
EXPORT_SYMBOL(system_state);
@@ -184,6 +185,40 @@ static int __init set_reset_devices(char
@@ -184,6 +185,34 @@ static int __init set_reset_devices(char
__setup("reset_devices", set_reset_devices);
......@@ -37826,22 +37787,16 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
+{
+ unsigned int cpu;
+
+#ifdef CONFIG_PAX_KERNEXEC
+ unsigned long cr0;
+
+ pax_open_kernel(cr0);
+#endif
+
+ for (cpu = 0; cpu < NR_CPUS; cpu++)
+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].b = 0x00cf9300;
+
+#ifdef CONFIG_PAX_KERNEXEC
+ pax_close_kernel(cr0);
+#endif
+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3;
+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf;
+ }
+ asm("mov %0, %%ds" : : "r" (__KERNEL_DS) : "memory");
+ asm("mov %0, %%es" : : "r" (__KERNEL_DS) : "memory");
+
+ return 1;
+ return 0;
+}
+__setup("pax_nouderef", setup_pax_nouderef);
+early_param("pax_nouderef", setup_pax_nouderef);
+#endif
+
+#ifdef CONFIG_PAX_SOFTMODE
......@@ -37858,7 +37813,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
@@ -377,7 +412,7 @@ static void __init setup_nr_cpu_ids(void
@@ -377,7 +406,7 @@ static void __init setup_nr_cpu_ids(void
}
#ifndef CONFIG_HAVE_SETUP_PER_CPU_AREA
......@@ -37867,7 +37822,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c
EXPORT_SYMBOL(__per_cpu_offset);
@@ -706,6 +741,7 @@ int do_one_initcall(initcall_t fn)
@@ -706,6 +735,7 @@ int do_one_initcall(initcall_t fn)
{
int count = preempt_count();
ktime_t calltime, delta, rettime;
......@@ -37875,7 +37830,7 @@ diff -urNp linux-2.6.30.5/init/main.c linux-2.6.30.5/init/main.c