Commit 4afea78a authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to 2.1.14-2.6.32.11-201004071936

parent 4fb971ce
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.11
_kernver=2.6.32
pkgrel=0
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.1.14-2.6.32.11-201004042103.patch
grsecurity-2.1.14-2.6.32.11-201004071936.patch
ip_gre.patch
ip_gre2.patch
arp.patch
......@@ -126,7 +126,7 @@ firmware() {
md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
855c248334a71ef5ca3d8cb89d51334f patch-2.6.32.11.bz2
86fc90c3b2821a5dc0df726893c63297 grsecurity-2.1.14-2.6.32.11-201004042103.patch
6eabb0c08a988a97a823b5462d1c5018 grsecurity-2.1.14-2.6.32.11-201004071936.patch
3ef822f3a2723b9a80c3f12954457225 ip_gre.patch
13ca9e91700e459da269c957062bbea7 ip_gre2.patch
4c39a161d918e7f274292ecfd168b891 arp.patch
......
......@@ -6908,6 +6908,21 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/iommu.h linux-2.6.32.11/arch/x86
extern int force_iommu, no_iommu;
extern int iommu_detected;
extern int iommu_pass_through;
diff -urNp linux-2.6.32.11/arch/x86/include/asm/irqflags.h linux-2.6.32.11/arch/x86/include/asm/irqflags.h
--- linux-2.6.32.11/arch/x86/include/asm/irqflags.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/arch/x86/include/asm/irqflags.h 2010-04-07 19:33:06.601891934 -0400
@@ -142,6 +142,11 @@ static inline unsigned long __raw_local_
sti; \
sysexit
+#define GET_CR0_INTO_RDI mov %cr0, %rdi
+#define SET_RDI_INTO_CR0 mov %rdi, %cr0
+#define GET_CR3_INTO_RDI mov %cr3, %rdi
+#define SET_RDI_INTO_CR3 mov %rdi, %cr3
+
#else
#define INTERRUPT_RETURN iret
#define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
diff -urNp linux-2.6.32.11/arch/x86/include/asm/kvm_host.h linux-2.6.32.11/arch/x86/include/asm/kvm_host.h
--- linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-04-04 20:46:41.500459645 -0400
......@@ -7210,8 +7225,8 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mman.h linux-2.6.32.11/arch/x86/
#endif /* _ASM_X86_MMAN_H */
diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/arch/x86/include/asm/mmu_context.h
--- linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-04-04 20:58:33.220592413 -0400
@@ -24,6 +24,22 @@ void destroy_context(struct mm_struct *m
+++ linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-04-06 22:21:53.692294722 -0400
@@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m
static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
{
......@@ -7223,18 +7238,17 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/ar
+ pax_open_kernel();
+ pgd = get_cpu_pgd(smp_processor_id());
+ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i)
+#ifdef CONFIG_PARAVIRT
+ set_pgd(pgd+i, native_make_pgd(0));
+#else
+ pgd[i] = native_make_pgd(0);
+#endif
+ if (paravirt_enabled())
+ set_pgd(pgd+i, native_make_pgd(0));
+ else
+ pgd[i] = native_make_pgd(0);
+ pax_close_kernel();
+#endif
+
#ifdef CONFIG_SMP
if (percpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
percpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
@@ -34,37 +50,96 @@ static inline void switch_mm(struct mm_s
@@ -34,37 +49,96 @@ static inline void switch_mm(struct mm_s
struct task_struct *tsk)
{
unsigned cpu = smp_processor_id();
......@@ -7425,7 +7439,7 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/page_64_types.h linux-2.6.32.11/
#define __VIRTUAL_MASK_SHIFT 47
diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/x86/include/asm/paravirt.h
--- linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-04-04 20:47:28.952733264 -0400
+++ linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-04-07 16:58:23.343008831 -0400
@@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
......@@ -7457,6 +7471,28 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/
#endif
#define INTERRUPT_RETURN \
@@ -1022,6 +1037,21 @@ extern void default_banner(void);
PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \
CLBR_NONE, \
jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit))
+
+#define GET_CR0_INTO_RDI \
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
+ mov %rax,%rdi
+
+#define SET_RDI_INTO_CR0 \
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
+
+#define GET_CR3_INTO_RDI \
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3); \
+ mov %rax,%rdi
+
+#define SET_RDI_INTO_CR3 \
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3)
+
#endif /* CONFIG_X86_32 */
#endif /* __ASSEMBLY__ */
diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h
--- linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-04-04 20:46:41.505526780 -0400
......@@ -10641,7 +10677,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_32.S linux-2.6.32.11/arch/x86/k
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/kernel/entry_64.S
--- linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-04-04 20:58:33.220592413 -0400
+++ linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-04-07 16:58:23.343008831 -0400
@@ -53,6 +53,7 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
......@@ -10650,7 +10686,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
@@ -174,6 +175,200 @@ ENTRY(native_usergs_sysret64)
@@ -174,6 +175,189 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
......@@ -10671,16 +10707,13 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
+ENTRY(pax_enter_kernel)
+
+#ifdef CONFIG_PAX_KERNEXEC
+ push %rax
+ push %rdi
+
+#ifdef CONFIG_PARAVIRT
+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
+ mov %rax,%rdi
+#else
+ mov %cr0,%rdi
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
+ GET_CR0_INTO_RDI
+ bts $16,%rdi
+ jnc 1f
+ mov %cs,%edi
......@@ -10688,17 +10721,14 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
+ jz 3f
+ ljmpq __KERNEL_CS,3f
+1: ljmpq __KERNEXEC_KERNEL_CS,2f
+2:
+#ifdef CONFIG_PARAVIRT
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
+3: PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+#else
+ mov %rdi,%cr0
+2: SET_RDI_INTO_CR0
+3:
+
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI)
+#endif
+
+ pop %rdi
+ pop %rax
+#endif
+
+ retq
......@@ -10707,34 +10737,26 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
+ENTRY(pax_exit_kernel)
+
+#ifdef CONFIG_PAX_KERNEXEC
+ push %rax
+ push %rdi
+
+#ifdef CONFIG_PARAVIRT
+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
+ mov %cs,%rdi
+ cmp $__KERNEXEC_KERNEL_CS,%edi
+ jnz 2f
+#ifdef CONFIG_PARAVIRT
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
+ mov %rax,%rdi
+#else
+ mov %cr0,%rdi
+#endif
+ GET_CR0_INTO_RDI
+ btr $16,%rdi
+ ljmpq __KERNEL_CS,1f
+1:
+#ifdef CONFIG_PARAVIRT
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
+2: PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI);
+#else
+ mov %rdi,%cr0
+1: SET_RDI_INTO_CR0
+2:
+
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI);
+#endif
+
+ pop %rdi
+ pop %rax
+#endif
+
+ retq
......@@ -10743,115 +10765,118 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
+ENTRY(pax_enter_kernel_user)
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ push %rax
+ push %rdi
+ push %rbx
+
+#ifdef CONFIG_PARAVIRT
+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3)
+#else
+ mov %cr3,%rax
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
+ mov %rax,%rdi
+ add $__START_KERNEL_map,%rax
+ sub phys_base(%rip),%rax
+ GET_CR3_INTO_RDI
+ mov %rdi,%rbx
+ add $__START_KERNEL_map,%rbx
+ sub phys_base(%rip),%rbx
+
+#ifdef CONFIG_PARAVIRT
+ push %rdi
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
+ i = 0
+ .rept USER_PGD_PTRS
+#ifdef CONFIG_PARAVIRT
+ mov i*8(%rax),%rsi
+ mov $0,$sil
+ lea i*8(%rax),%rdi
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set+pgd)
+#else
+ movb $0,i*8(%rax)
+ mov i*8(%rbx),%rsi
+ mov $0,%sil
+ lea i*8(%rbx),%rdi
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd)
+ i = i + 1
+ .endr
+ jmp 2f
+1:
+#endif
+
+ i = 0
+ .rept USER_PGD_PTRS
+ movb $0,i*8(%rbx)
+ i = i + 1
+ .endr
+
+#ifdef CONFIG_PARAVIRT
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3)
+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+#else
+ mov %rdi,%cr3
+2: pop %rdi
+#endif
+ SET_RDI_INTO_CR3
+
+#ifdef CONFIG_PAX_KERNEXEC
+#ifdef CONFIG_PARAVIRT
+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
+ mov %rax,%rdi
+#else
+ mov %cr0,%rdi
+#endif
+ GET_CR0_INTO_RDI
+ bts $16,%rdi
+#ifdef CONFIG_PARAVIRT
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+#else
+ mov %rdi,%cr0
+ SET_RDI_INTO_CR0
+#endif
+
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI)
+#endif
+
+ pop %rbx
+ pop %rdi
+ pop %rax
+#endif
+
+ retq
+ENDPROC(pax_enter_kernel_user)
+
+ENTRY(pax_exit_kernel_user)
+ push %rax
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ push %rdi
+
+#ifdef CONFIG_PAX_KERNEXEC
+#ifdef CONFIG_PARAVIRT
+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
+ mov %rax,%rdi
+#else
+ mov %cr0,%rdi
+ push %rbx
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
+#ifdef CONFIG_PAX_KERNEXEC
+ GET_CR0_INTO_RDI
+ btr $16,%rdi
+#ifdef CONFIG_PARAVIRT
+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+#else
+ mov %rdi,%cr0
+#endif
+ SET_RDI_INTO_CR0
+#endif
+
+ GET_CR3_INTO_RDI
+ add $__START_KERNEL_map,%rdi
+ sub phys_base(%rip),%rdi
+
+#ifdef CONFIG_PARAVIRT
+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI)
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3)
+#else
+ mov %cr3,%rax
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
+ mov %rdi,%rbx
+ i = 0
+ .rept USER_PGD_PTRS
+ mov i*8(%rbx),%rsi
+ mov $0x67,%sil
+ lea i*8(%rbx),%rdi
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd)
+ i = i + 1
+ .endr
+ jmp 2f
+1:
+#endif
+ add $__START_KERNEL_map,%rax
+ sub phys_base(%rip),%rax
+
+ i = 0
+ .rept USER_PGD_PTRS
+#ifdef CONFIG_PARAVIRT
+ mov i*8(%rax),%rsi
+ mov $0x67,$sil
+ lea i*8(%rax),%rdi
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set+pgd)
+#else
+ movb $0x67,i*8(%rax)
+#endif
+ movb $0x67,i*8(%rdi)
+ i = i + 1
+ .endr
+
+#ifdef CONFIG_PARAVIRT
+2: PV_RESTORE_REGS(CLBR_RDI)
+ pop %rbx
+#endif
+
+ pop %rdi
+ pop %rax
+#endif
+
+ retq
+ENDPROC(pax_exit_kernel_user)
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
@@ -468,6 +663,11 @@ ENTRY(system_call_after_swapgs)
@@ -468,6 +652,11 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
......@@ -10863,7 +10888,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
/*
* No need to follow this irqs off/on section - it's straight
* and short:
@@ -502,6 +702,11 @@ sysret_check:
@@ -502,6 +691,11 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
......@@ -10875,7 +10900,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
/*
* sysretq will re-enable interrupts:
*/
@@ -800,7 +1005,16 @@ END(interrupt)
@@ -800,7 +994,16 @@ END(interrupt)
CFI_ADJUST_CFA_OFFSET 10*8
call save_args
PARTIAL_FRAME 0
......@@ -10893,7 +10918,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
.endm
/*
@@ -844,12 +1058,18 @@ retint_swapgs: /* return to user-space
@@ -844,12 +1047,18 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
......@@ -10912,7 +10937,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
/*
* The iretq could re-enable interrupts:
*/
@@ -1032,7 +1252,16 @@ ENTRY(\sym)
@@ -1032,7 +1241,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET 15*8
call error_entry
DEFAULT_FRAME 0
......@@ -10930,7 +10955,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
xorl %esi,%esi /* no error code */
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
@@ -1049,7 +1278,16 @@ ENTRY(\sym)
@@ -1049,7 +1267,16 @@ ENTRY(\sym)
subq $15*8, %rsp
call save_paranoid
TRACE_IRQS_OFF
......@@ -10948,7 +10973,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
xorl %esi,%esi /* no error code */
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
@@ -1066,9 +1304,23 @@ ENTRY(\sym)
@@ -1066,9 +1293,23 @@ ENTRY(\sym)
subq $15*8, %rsp
call save_paranoid
TRACE_IRQS_OFF
......@@ -10974,7 +10999,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
call \do_sym
addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
@@ -1085,7 +1337,16 @@ ENTRY(\sym)
@@ -1085,7 +1326,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET 15*8
call error_entry
DEFAULT_FRAME 0
......@@ -10992,7 +11017,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
call \do_sym
@@ -1104,7 +1365,16 @@ ENTRY(\sym)
@@ -1104,7 +1354,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
......@@ -11010,7 +11035,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
call \do_sym
@@ -1408,11 +1678,13 @@ ENTRY(paranoid_exit)
@@ -1408,11 +1667,13 @@ ENTRY(paranoid_exit)
testl $3,CS(%rsp)
jnz paranoid_userspace
paranoid_swapgs:
......@@ -11024,7 +11049,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
TRACE_IRQS_IRETQ 0
RESTORE_ALL 8
jmp irq_return
@@ -1529,6 +1801,16 @@ ENTRY(nmi)
@@ -1529,6 +1790,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET 15*8
call save_paranoid
DEFAULT_FRAME 0
......@@ -11041,7 +11066,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
@@ -1544,6 +1826,7 @@ ENTRY(nmi)
@@ -1544,6 +1815,7 @@ ENTRY(nmi)
nmi_swapgs:
SWAPGS_UNSAFE_STACK
nmi_restore:
......@@ -30825,6 +30850,18 @@ diff -urNp linux-2.6.32.11/fs/hfsplus/inode.c linux-2.6.32.11/fs/hfsplus/inode.c
hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
sizeof(struct hfsplus_cat_file));
hfsplus_inode_write_fork(inode, &file->data_fork);
diff -urNp linux-2.6.32.11/fs/hugetlbfs/inode.c linux-2.6.32.11/fs/hugetlbfs/inode.c
--- linux-2.6.32.11/fs/hugetlbfs/inode.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/fs/hugetlbfs/inode.c 2010-04-06 22:13:08.677504702 -0400
@@ -909,7 +909,7 @@ static struct file_system_type hugetlbfs
.kill_sb = kill_litter_super,
};
-static struct vfsmount *hugetlbfs_vfsmount;
+struct vfsmount *hugetlbfs_vfsmount;
static int can_do_hugetlb_shm(void)
{
diff -urNp linux-2.6.32.11/fs/ioctl.c linux-2.6.32.11/fs/ioctl.c
--- linux-2.6.32.11/fs/ioctl.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/fs/ioctl.c 2010-04-04 20:46:41.653544810 -0400
......@@ -33684,8 +33721,8 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl_alloc.c linux-2.6.32.11/grsecurity/g
+}
diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c
--- linux-2.6.32.11/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.32.11/grsecurity/gracl.c 2010-04-04 20:46:41.668784531 -0400
@@ -0,0 +1,3917 @@
+++ linux-2.6.32.11/grsecurity/gracl.c 2010-04-06 22:16:21.600343588 -0400
@@ -0,0 +1,3924 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
......@@ -33764,6 +33801,10 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c
+extern struct vfsmount *sock_mnt;
+extern struct vfsmount *pipe_mnt;
+extern struct vfsmount *shm_mnt;
+#ifdef CONFIG_HUGETLBFS
+extern struct vfsmount *hugetlbfs_vfsmount;
+#endif
+
+static struct acl_object_label *fakefs_obj;
+
+extern int gr_init_uidset(void);
......@@ -35479,6 +35520,9 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c
+ spin_lock(&dcache_lock);
+
+ if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
+#ifdef CONFIG_HUGETLBFS
+ mnt == hugetlbfs_vfsmount ||
+#endif
+ /* ignore Eric Biederman */
+ IS_PRIVATE(l_dentry->d_inode))) {
+ retval = fakefs_obj;
......@@ -47655,7 +47699,7 @@ diff -urNp linux-2.6.32.11/kernel/hrtimer.c linux-2.6.32.11/kernel/hrtimer.c
}
diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
--- linux-2.6.32.11/kernel/kallsyms.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.11/kernel/kallsyms.c 2010-04-04 20:46:41.693491350 -0400
+++ linux-2.6.32.11/kernel/kallsyms.c 2010-04-06 22:21:53.692294722 -0400
@@ -11,6 +11,9 @@
* Changed the compression method from stem compression to "table lookup"
* compression (see scripts/kallsyms.c for a more complete description)
......@@ -47676,7 +47720,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
if (addr >= (unsigned long)_sinittext
&& addr <= (unsigned long)_einittext)
return 1;
@@ -67,6 +73,24 @@ static inline int is_kernel_text(unsigne
@@ -67,6 +73,26 @@ static inline int is_kernel_text(unsigne
static inline int is_kernel(unsigned long addr)
{
......@@ -47684,8 +47728,10 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
+ return 1;
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+#ifdef CONFIG_MODULES
+ if ((unsigned long)MODULES_EXEC_VADDR <= ktla_ktva(addr) && ktla_ktva(addr) <= (unsigned long)MODULES_EXEC_END)
+ return 0;
+#endif
+
+ if (is_kernel_text(addr))
+ return 1;
......@@ -47701,7 +47747,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
return 1;
return in_gate_area_no_task(addr);
@@ -413,7 +437,6 @@ static unsigned long get_ksymbol_core(st
@@ -413,7 +439,6 @@ static unsigned long get_ksymbol_core(st
static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
{
......@@ -47709,7 +47755,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
iter->nameoff = get_symbol_offset(new_pos);
iter->pos = new_pos;
}
@@ -461,6 +484,11 @@ static int s_show(struct seq_file *m, vo
@@ -461,6 +486,11 @@ static int s_show(struct seq_file *m, vo
{
struct kallsym_iter *iter = m->private;
......@@ -47721,7 +47767,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c
/* Some debugging symbols have no name. Ignore them. */
if (!iter->name[0])
return 0;
@@ -501,7 +529,7 @@ static int kallsyms_open(struct inode *i
@@ -501,7 +531,7 @@ static int kallsyms_open(struct inode *i
struct kallsym_iter *iter;
int ret;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment