Author: arekm Date: Fri Sep 11 07:06:48 2009 GMT
Module: packages Tag: GRSECURITY_RAW
---- Log message:
http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.31-200909102042.patch
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.3.2.8 -> 1.3.2.9)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.8
packages/kernel/kernel-grsec_full.patch:1.3.2.9
--- packages/kernel/kernel-grsec_full.patch:1.3.2.8 Thu Aug 27 18:13:14 2009
+++ packages/kernel/kernel-grsec_full.patch Fri Sep 11 09:06:35 2009
@@ -1,6 +1,57 @@
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/module.c
linux-2.6.27.4/arch/alpha/kernel/module.c
---- linux-2.6.27.4/arch/alpha/kernel/module.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/alpha/kernel/module.c 2008-10-27 22:36:16.000000000
-0400
+diff -urNp linux-2.6.31/arch/alpha/include/asm/atomic.h
linux-2.6.31/arch/alpha/include/asm/atomic.h
+--- linux-2.6.31/arch/alpha/include/asm/atomic.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/alpha/include/asm/atomic.h 2009-09-06
15:29:11.104382093 -0400
+@@ -246,6 +246,9 @@ static __inline__ int atomic64_add_unles
+ #define atomic64_dec_and_test(v) (atomic64_sub_return(1, (v)) == 0)
+
+ #define atomic_inc(v) atomic_add(1,(v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
+ #define atomic64_inc(v) atomic64_add(1,(v))
+
+ #define atomic_dec(v) atomic_sub(1,(v))
+diff -urNp linux-2.6.31/arch/alpha/include/asm/elf.h
linux-2.6.31/arch/alpha/include/asm/elf.h
+--- linux-2.6.31/arch/alpha/include/asm/elf.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/alpha/include/asm/elf.h 2009-09-06 15:29:11.105049911
-0400
+@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ?
0x10000 : 0x120000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 :
28)
++#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 :
19)
++#endif
++
+ /* $0 is set by ld.so to a pointer to a function which might be
+ registered using atexit. This provides a mean for the dynamic
+ linker to call DT_FINI functions for shared libraries that have
+diff -urNp linux-2.6.31/arch/alpha/include/asm/pgtable.h
linux-2.6.31/arch/alpha/include/asm/pgtable.h
+--- linux-2.6.31/arch/alpha/include/asm/pgtable.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/alpha/include/asm/pgtable.h 2009-09-06
15:29:11.105049911 -0400
+@@ -101,6 +101,17 @@ struct vm_area_struct;
+ #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
+ #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
+ #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS |
_PAGE_FOE)
++# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS |
_PAGE_FOW | _PAGE_FOE)
++# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS |
_PAGE_FOW | _PAGE_FOE)
++#else
++# define PAGE_SHARED_NOEXEC PAGE_SHARED
++# define PAGE_COPY_NOEXEC PAGE_COPY
++# define PAGE_READONLY_NOEXEC PAGE_READONLY
++#endif
++
+ #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE |
_PAGE_KWE)
+
+ #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
+diff -urNp linux-2.6.31/arch/alpha/kernel/module.c
linux-2.6.31/arch/alpha/kernel/module.c
+--- linux-2.6.31/arch/alpha/kernel/module.c 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/alpha/kernel/module.c 2009-09-06 15:29:11.105049911
-0400
@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
/* The small sections were sorted to the end of the segment.
@@ -10,21 +61,21 @@
got = sechdrs[me->arch.gotsecindex].sh_addr;
for (i = 0; i < n; i++) {
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/osf_sys.c
linux-2.6.27.4/arch/alpha/kernel/osf_sys.c
---- linux-2.6.27.4/arch/alpha/kernel/osf_sys.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/alpha/kernel/osf_sys.c 2008-10-27 22:36:16.000000000
-0400
-@@ -1232,6 +1232,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.31/arch/alpha/kernel/osf_sys.c
linux-2.6.31/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.31/arch/alpha/kernel/osf_sys.c 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/alpha/kernel/osf_sys.c 2009-09-06 15:29:11.106230045
-0400
+@@ -1212,6 +1212,10 @@ arch_get_unmapped_area(struct file *filp
merely specific addresses, but regions of memory -- perhaps
this feature should be incorporated into all ports? */
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (addr) {
addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
if (addr != (unsigned long) -ENOMEM)
-@@ -1239,8 +1243,8 @@ arch_get_unmapped_area(struct file *filp
+@@ -1219,8 +1223,8 @@ arch_get_unmapped_area(struct file *filp
}
/* Next, try allocating at TASK_UNMAPPED_BASE. */
@@ -35,30 +86,9 @@
if (addr != (unsigned long) -ENOMEM)
return addr;
-diff -urNp linux-2.6.27.4/arch/alpha/kernel/ptrace.c
linux-2.6.27.4/arch/alpha/kernel/ptrace.c
---- linux-2.6.27.4/arch/alpha/kernel/ptrace.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/alpha/kernel/ptrace.c 2008-10-25 12:03:06.000000000
-0400
-@@ -15,6 +15,7 @@
- #include <linux/slab.h>
- #include <linux/security.h>
- #include <linux/signal.h>
-+#include <linux/grsecurity.h>
-
- #include <asm/uaccess.h>
- #include <asm/pgtable.h>
-@@ -266,6 +267,9 @@ long arch_ptrace(struct task_struct *chi
- size_t copied;
- long ret;
-
-+ if (gr_handle_ptrace(child, request))
-+ return -EPERM;
-+
- switch (request) {
- /* When I and D space are separate, these will need to be fixed. */
- case PTRACE_PEEKTEXT: /* read word at location addr. */
-diff -urNp linux-2.6.27.4/arch/alpha/mm/fault.c
linux-2.6.27.4/arch/alpha/mm/fault.c
---- linux-2.6.27.4/arch/alpha/mm/fault.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/alpha/mm/fault.c 2008-10-27 22:36:16.000000000
-0400
+diff -urNp linux-2.6.31/arch/alpha/mm/fault.c
linux-2.6.31/arch/alpha/mm/fault.c
+--- linux-2.6.31/arch/alpha/mm/fault.c 2009-08-27 20:59:04.000000000 -0400
++++ linux-2.6.31/arch/alpha/mm/fault.c 2009-09-06 15:29:11.106230045 -0400
@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
__reload_thread(pcb);
}
@@ -215,21 +245,99 @@
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
-diff -urNp linux-2.6.27.4/arch/arm/mm/mmap.c linux-2.6.27.4/arch/arm/mm/mmap.c
---- linux-2.6.27.4/arch/arm/mm/mmap.c 2008-10-22 17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/arm/mm/mmap.c 2008-10-27 22:36:16.000000000 -0400
-@@ -60,6 +60,10 @@ arch_get_unmapped_area(struct file *filp
+diff -urNp linux-2.6.31/arch/arm/include/asm/atomic.h
linux-2.6.31/arch/arm/include/asm/atomic.h
+--- linux-2.6.31/arch/arm/include/asm/atomic.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/arm/include/asm/atomic.h 2009-09-06 15:29:11.107211663
-0400
+@@ -233,6 +233,9 @@ static inline int atomic_add_unless(atom
+
+ #define atomic_inc(v) atomic_add(1, v)
+ #define atomic_dec(v) atomic_sub(1, v)
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i, v) atomic_add(i, v)
++#define atomic_sub_unchecked(i, v) atomic_sub(i, v)
+
+ #define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0)
+ #define atomic_dec_and_test(v) (atomic_sub_return(1, v) == 0)
+diff -urNp linux-2.6.31/arch/arm/include/asm/elf.h
linux-2.6.31/arch/arm/include/asm/elf.h
+--- linux-2.6.31/arch/arm/include/asm/elf.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/arm/include/asm/elf.h 2009-09-06 15:29:11.107211663
-0400
+@@ -103,7 +103,14 @@ extern int arm_elf_read_implies_exec(con
+ the loader. We need to make sure that it is out of the way of the program
+ that it will "exec", and that there is sufficient room for the brk. */
+
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
++
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x00008000UL
++
++#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16
: 10)
++#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16
: 10)
++#endif
+
+ /* When the program starts, a1 contains a pointer to a function to be
+ registered with atexit, as per the SVR4 ABI. A value of 0 means we
+diff -urNp linux-2.6.31/arch/arm/include/asm/kmap_types.h
linux-2.6.31/arch/arm/include/asm/kmap_types.h
+--- linux-2.6.31/arch/arm/include/asm/kmap_types.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/arm/include/asm/kmap_types.h 2009-09-06
15:29:11.107211663 -0400
+@@ -19,6 +19,7 @@ enum km_type {
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
+ KM_L2_CACHE,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.31/arch/arm/include/asm/uaccess.h
linux-2.6.31/arch/arm/include/asm/uaccess.h
+--- linux-2.6.31/arch/arm/include/asm/uaccess.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/arm/include/asm/uaccess.h 2009-09-06
15:29:11.108180388 -0400
+@@ -400,6 +400,9 @@ extern unsigned long __must_check __strn
+
+ static inline unsigned long __must_check copy_from_user(void *to, const void
__user *from, unsigned long n)
+ {
++ if ((long)n < 0)
++ return n;
++
+ if (access_ok(VERIFY_READ, from, n))
+ n = __copy_from_user(to, from, n);
+ else /* security hole - plug it */
+@@ -409,6 +412,9 @@ static inline unsigned long __must_check
+
+ static inline unsigned long __must_check copy_to_user(void __user *to, const
void *from, unsigned long n)
+ {
++ if ((long)n < 0)
++ return n;
++
+ if (access_ok(VERIFY_WRITE, to, n))
+ n = __copy_to_user(to, from, n);
+ return n;
+diff -urNp linux-2.6.31/arch/arm/mach-ns9xxx/clock.c
linux-2.6.31/arch/arm/mach-ns9xxx/clock.c
+--- linux-2.6.31/arch/arm/mach-ns9xxx/clock.c 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/arm/mach-ns9xxx/clock.c 2009-09-06 15:29:11.108180388
-0400
+@@ -195,7 +195,7 @@ static int clk_debugfs_open(struct inode
+ return single_open(file, clk_debugfs_show, NULL);
+ }
+
+-static struct file_operations clk_debugfs_operations = {
++static const struct file_operations clk_debugfs_operations = {
+ .open = clk_debugfs_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+diff -urNp linux-2.6.31/arch/arm/mm/mmap.c linux-2.6.31/arch/arm/mm/mmap.c
+--- linux-2.6.31/arch/arm/mm/mmap.c 2009-08-27 20:59:04.000000000 -0400
++++ linux-2.6.31/arch/arm/mm/mmap.c 2009-09-06 15:29:11.108180388 -0400
+@@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp
if (len > TASK_SIZE)
return -ENOMEM;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp)
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (addr) {
if (do_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -72,10 +76,10 @@ arch_get_unmapped_area(struct file *filp
+@@ -74,10 +78,10 @@ arch_get_unmapped_area(struct file *filp
return addr;
}
if (len > mm->cached_hole_size) {
@@ -243,7 +351,7 @@
}
full_search:
-@@ -91,8 +95,8 @@ full_search:
+@@ -93,8 +97,8 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
@@ -254,9 +362,57 @@
mm->cached_hole_size = 0;
goto full_search;
}
-diff -urNp linux-2.6.27.4/arch/avr32/mm/fault.c
linux-2.6.27.4/arch/avr32/mm/fault.c
---- linux-2.6.27.4/arch/avr32/mm/fault.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/avr32/mm/fault.c 2008-10-27 22:36:16.000000000
-0400
+diff -urNp linux-2.6.31/arch/avr32/include/asm/atomic.h
linux-2.6.31/arch/avr32/include/asm/atomic.h
+--- linux-2.6.31/arch/avr32/include/asm/atomic.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/avr32/include/asm/atomic.h 2009-09-06
15:29:11.109255148 -0400
+@@ -176,9 +176,12 @@ static inline int atomic_sub_if_positive
+ #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+
+ #define atomic_sub(i, v) (void)atomic_sub_return(i, v)
++#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
+ #define atomic_add(i, v) (void)atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
+ #define atomic_dec(v) atomic_sub(1, (v))
+ #define atomic_inc(v) atomic_add(1, (v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
+
+ #define atomic_dec_return(v) atomic_sub_return(1, v)
+ #define atomic_inc_return(v) atomic_add_return(1, v)
+diff -urNp linux-2.6.31/arch/avr32/include/asm/elf.h
linux-2.6.31/arch/avr32/include/asm/elf.h
+--- linux-2.6.31/arch/avr32/include/asm/elf.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/avr32/include/asm/elf.h 2009-09-06 15:29:11.109255148
-0400
+@@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
+ the loader. We need to make sure that it is out of the way of the program
+ that it will "exec", and that there is sufficient room for the brk. */
+
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE 0x00001000UL
++
++#define PAX_DELTA_MMAP_LEN 15
++#define PAX_DELTA_STACK_LEN 15
++#endif
+
+ /* This yields a mask that user programs can use to figure out what
+ instruction set this CPU supports. This could be done in user space,
+diff -urNp linux-2.6.31/arch/avr32/include/asm/kmap_types.h
linux-2.6.31/arch/avr32/include/asm/kmap_types.h
+--- linux-2.6.31/arch/avr32/include/asm/kmap_types.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/avr32/include/asm/kmap_types.h 2009-09-06
15:29:11.109255148 -0400
+@@ -22,7 +22,8 @@ D(10) KM_IRQ0,
+ D(11) KM_IRQ1,
+ D(12) KM_SOFTIRQ0,
+ D(13) KM_SOFTIRQ1,
+-D(14) KM_TYPE_NR
++D(14) KM_CLEARPAGE,
++D(15) KM_TYPE_NR
+ };
+
+ #undef D
+diff -urNp linux-2.6.31/arch/avr32/mm/fault.c
linux-2.6.31/arch/avr32/mm/fault.c
+--- linux-2.6.31/arch/avr32/mm/fault.c 2009-08-27 20:59:04.000000000 -0400
++++ linux-2.6.31/arch/avr32/mm/fault.c 2009-09-06 15:29:11.110254440 -0400
@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
int exception_trace = 1;
@@ -298,9 +454,124 @@
if (exception_trace && printk_ratelimit())
printk("%s%s[%d]: segfault at %08lx pc %08lx "
"sp %08lx ecr %lu\n",
-diff -urNp linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c
linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c
---- linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c 2008-10-22
17:38:01.000000000 -0400
-+++ linux-2.6.27.4/arch/ia64/ia32/binfmt_elf32.c 2008-10-27
22:36:16.000000000 -0400
+diff -urNp linux-2.6.31/arch/blackfin/include/asm/atomic.h
linux-2.6.31/arch/blackfin/include/asm/atomic.h
+--- linux-2.6.31/arch/blackfin/include/asm/atomic.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/blackfin/include/asm/atomic.h 2009-09-06
15:29:11.110254440 -0400
+@@ -81,6 +81,9 @@ static inline int atomic_test_mask(int m
+ #define smp_mb__before_atomic_inc() barrier()
+ #define smp_mb__after_atomic_inc() barrier()
+
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
++#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
++#define atomic_inc_unchecked(v) atomic_inc((v))
+ #define atomic_add_negative(a, v) (atomic_add_return((a), (v)) < 0)
+ #define atomic_dec_return(v) atomic_sub_return(1,(v))
+ #define atomic_inc_return(v) atomic_add_return(1,(v))
+diff -urNp linux-2.6.31/arch/blackfin/mach-bf561/coreb.c
linux-2.6.31/arch/blackfin/mach-bf561/coreb.c
+--- linux-2.6.31/arch/blackfin/mach-bf561/coreb.c 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/blackfin/mach-bf561/coreb.c 2009-09-06
15:29:11.110254440 -0400
+@@ -48,7 +48,7 @@ coreb_ioctl(struct inode *inode, struct
+ return ret;
+ }
+
+-static struct file_operations coreb_fops = {
++static const struct file_operations coreb_fops = {
+ .owner = THIS_MODULE,
+ .ioctl = coreb_ioctl,
+ };
+diff -urNp linux-2.6.31/arch/cris/arch-v10/drivers/sync_serial.c
linux-2.6.31/arch/cris/arch-v10/drivers/sync_serial.c
+--- linux-2.6.31/arch/cris/arch-v10/drivers/sync_serial.c 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/cris/arch-v10/drivers/sync_serial.c 2009-09-06
15:29:11.111389293 -0400
+@@ -244,7 +244,7 @@ static unsigned sync_serial_prescale_sha
+
+ #define NUMBER_OF_PORTS 2
+
+-static struct file_operations sync_serial_fops = {
++static const struct file_operations sync_serial_fops = {
+ .owner = THIS_MODULE,
+ .write = sync_serial_write,
+ .read = sync_serial_read,
+diff -urNp linux-2.6.31/arch/cris/arch-v32/drivers/mach-fs/gpio.c
linux-2.6.31/arch/cris/arch-v32/drivers/mach-fs/gpio.c
+--- linux-2.6.31/arch/cris/arch-v32/drivers/mach-fs/gpio.c 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/cris/arch-v32/drivers/mach-fs/gpio.c 2009-09-06
15:29:11.112155258 -0400
+@@ -855,7 +855,7 @@ gpio_leds_ioctl(unsigned int cmd, unsign
+ return 0;
+ }
+
+-struct file_operations gpio_fops = {
++struct struct file_operations gpio_fops = {
+ .owner = THIS_MODULE,
+ .poll = gpio_poll,
+ .ioctl = gpio_ioctl,
+diff -urNp linux-2.6.31/arch/cris/include/asm/atomic.h
linux-2.6.31/arch/cris/include/asm/atomic.h
+--- linux-2.6.31/arch/cris/include/asm/atomic.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/cris/include/asm/atomic.h 2009-09-06
15:29:11.112155258 -0400
+@@ -152,6 +152,10 @@ static inline int atomic_add_unless(atom
+ }
+ #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+
++#define atomic_inc_unchecked(v) atomic_inc((v))
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ /* Atomic operations are already serializing */
+ #define smp_mb__before_atomic_dec() barrier()
+ #define smp_mb__after_atomic_dec() barrier()
+diff -urNp linux-2.6.31/arch/frv/include/asm/atomic.h
linux-2.6.31/arch/frv/include/asm/atomic.h
+--- linux-2.6.31/arch/frv/include/asm/atomic.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/frv/include/asm/atomic.h 2009-09-06 15:29:11.112155258
-0400
+@@ -114,6 +114,10 @@ static inline void atomic_dec(atomic_t *
+ atomic_sub_return(1, v);
+ }
+
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ #define atomic_dec_return(v) atomic_sub_return(1, (v))
+ #define atomic_inc_return(v) atomic_add_return(1, (v))
+
+diff -urNp linux-2.6.31/arch/frv/include/asm/kmap_types.h
linux-2.6.31/arch/frv/include/asm/kmap_types.h
+--- linux-2.6.31/arch/frv/include/asm/kmap_types.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/frv/include/asm/kmap_types.h 2009-09-06
15:29:11.113186643 -0400
+@@ -23,6 +23,7 @@ enum km_type {
+ KM_IRQ1,
+ KM_SOFTIRQ0,
+ KM_SOFTIRQ1,
++ KM_CLEARPAGE,
+ KM_TYPE_NR
+ };
+
+diff -urNp linux-2.6.31/arch/h8300/include/asm/atomic.h
linux-2.6.31/arch/h8300/include/asm/atomic.h
+--- linux-2.6.31/arch/h8300/include/asm/atomic.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/h8300/include/asm/atomic.h 2009-09-06
15:29:11.113186643 -0400
+@@ -26,6 +26,7 @@ static __inline__ int atomic_add_return(
+ }
+
+ #define atomic_add(i, v) atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
+ #define atomic_add_negative(a, v) (atomic_add_return((a), (v)) < 0)
+
+ static __inline__ int atomic_sub_return(int i, atomic_t *v)
+@@ -38,6 +39,7 @@ static __inline__ int atomic_sub_return(
+ }
+
+ #define atomic_sub(i, v) atomic_sub_return(i, v)
++#define atomic_subUnchecked(i, v) atomic_sub(i, v)
+ #define atomic_sub_and_test(i,v) (atomic_sub_return(i, v) == 0)
+
+ static __inline__ int atomic_inc_return(atomic_t *v)
+@@ -51,6 +53,7 @@ static __inline__ int atomic_inc_return(
+ }
+
+ #define atomic_inc(v) atomic_inc_return(v)
++#define atomic_inc_unchecked(v) atomic_inc(v)
+
+ /*
+ * atomic_inc_and_test - increment and test
+diff -urNp linux-2.6.31/arch/ia64/ia32/binfmt_elf32.c
linux-2.6.31/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.31/arch/ia64/ia32/binfmt_elf32.c 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/ia64/ia32/binfmt_elf32.c 2009-09-06 15:29:11.113186643
-0400
@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
#define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
@@ -315,9 +586,23 @@
/* Ugly but avoids duplication */
#include "../../../fs/binfmt_elf.c"
-diff -urNp linux-2.6.27.4/arch/ia64/ia32/ia32priv.h
linux-2.6.27.4/arch/ia64/ia32/ia32priv.h
---- linux-2.6.27.4/arch/ia64/ia32/ia32priv.h 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/ia64/ia32/ia32priv.h 2008-10-27 22:36:16.000000000
-0400
+@@ -69,11 +76,11 @@ ia32_install_gate_page (struct vm_area_s
+ }
+
+
+-static struct vm_operations_struct ia32_shared_page_vm_ops = {
++static const struct vm_operations_struct ia32_shared_page_vm_ops = {
+ .fault = ia32_install_shared_page
+ };
+
+-static struct vm_operations_struct ia32_gate_page_vm_ops = {
++static const struct vm_operations_struct ia32_gate_page_vm_ops = {
+ .fault = ia32_install_gate_page
+ };
+
+diff -urNp linux-2.6.31/arch/ia64/ia32/ia32priv.h
linux-2.6.31/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.31/arch/ia64/ia32/ia32priv.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/ia64/ia32/ia32priv.h 2009-09-06 15:29:11.114322463
-0400
@@ -296,7 +296,14 @@ typedef struct compat_siginfo {
#define ELF_DATA ELFDATA2LSB
#define ELF_ARCH EM_386
@@ -334,10 +619,84 @@
#define IA32_GATE_OFFSET IA32_PAGE_OFFSET
#define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
-diff -urNp linux-2.6.27.4/arch/ia64/kernel/module.c
linux-2.6.27.4/arch/ia64/kernel/module.c
---- linux-2.6.27.4/arch/ia64/kernel/module.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/ia64/kernel/module.c 2008-10-27 22:36:16.000000000
-0400
-@@ -312,8 +312,7 @@ module_alloc (unsigned long size)
+diff -urNp linux-2.6.31/arch/ia64/include/asm/atomic.h
linux-2.6.31/arch/ia64/include/asm/atomic.h
+--- linux-2.6.31/arch/ia64/include/asm/atomic.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/ia64/include/asm/atomic.h 2009-09-06
15:29:11.114322463 -0400
+@@ -201,8 +201,11 @@ atomic64_add_negative (__s64 i, atomic64
+ #define atomic64_inc_and_test(v) (atomic64_add_return(1, (v)) == 0)
+
+ #define atomic_add(i,v) atomic_add_return((i), (v))
++#define atomic_add_unchecked(i,v) atomic_add((i), (v))
+ #define atomic_sub(i,v) atomic_sub_return((i), (v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i), (v))
+ #define atomic_inc(v) atomic_add(1, (v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
+ #define atomic_dec(v) atomic_sub(1, (v))
+
+ #define atomic64_add(i,v) atomic64_add_return((i), (v))
+diff -urNp linux-2.6.31/arch/ia64/include/asm/elf.h
linux-2.6.31/arch/ia64/include/asm/elf.h
+--- linux-2.6.31/arch/ia64/include/asm/elf.h 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/ia64/include/asm/elf.h 2009-09-06 15:29:11.114322463
-0400
+@@ -43,6 +43,13 @@
+ */
+ #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
+
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ?
0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 :
3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 :
3*PAGE_SHIFT - 13)
++#endif
++
+ #define PT_IA_64_UNWIND 0x70000001
+
+ /* IA-64 relocations: */
+diff -urNp linux-2.6.31/arch/ia64/include/asm/pgtable.h
linux-2.6.31/arch/ia64/include/asm/pgtable.h
+--- linux-2.6.31/arch/ia64/include/asm/pgtable.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/ia64/include/asm/pgtable.h 2009-09-06
15:29:11.115307704 -0400
+@@ -143,6 +143,17 @@
+ #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 |
_PAGE_AR_RX)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 |
_PAGE_AR_RW)
++# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 |
_PAGE_AR_R)
++# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 |
_PAGE_AR_R)
++#else
++# define PAGE_SHARED_NOEXEC PAGE_SHARED
++# define PAGE_READONLY_NOEXEC PAGE_READONLY
++# define PAGE_COPY_NOEXEC PAGE_COPY
++#endif
++
+ #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
+ #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
+ #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
+diff -urNp linux-2.6.31/arch/ia64/include/asm/uaccess.h
linux-2.6.31/arch/ia64/include/asm/uaccess.h
+--- linux-2.6.31/arch/ia64/include/asm/uaccess.h 2009-08-27
20:59:04.000000000 -0400
++++ linux-2.6.31/arch/ia64/include/asm/uaccess.h 2009-09-06
15:29:11.115307704 -0400
+@@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
+ const void *__cu_from = (from);
\
+ long __cu_len = (n);
\
+
\
+- if (__access_ok(__cu_to, __cu_len, get_fs()))
\
++ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to,
__cu_len, get_fs())) \
+ __cu_len = __copy_user(__cu_to, (__force void __user *)
__cu_from, __cu_len); \
+ __cu_len;
\
+ })
+@@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
+ long __cu_len = (n);
\
+
\
+ __chk_user_ptr(__cu_from);
\
+- if (__access_ok(__cu_from, __cu_len, get_fs()))
\
++ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from,
__cu_len, get_fs())) \
+ __cu_len = __copy_user((__force void __user *) __cu_to,
__cu_from, __cu_len); \
+ __cu_len;
\
+ })
+diff -urNp linux-2.6.31/arch/ia64/kernel/module.c
linux-2.6.31/arch/ia64/kernel/module.c
+--- linux-2.6.31/arch/ia64/kernel/module.c 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/ia64/kernel/module.c 2009-09-06 15:29:11.116247536
-0400
+@@ -315,8 +315,7 @@ module_alloc (unsigned long size)
void
module_free (struct module *mod, void *module_region)
{
@@ -347,7 +706,7 @@
unw_remove_unwind_table(mod->arch.init_unw_table);
mod->arch.init_unw_table = NULL;
}
-@@ -491,15 +490,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
+@@ -502,15 +501,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
}
static inline int
@@ -389,7 +748,7 @@
}
static inline int
-@@ -683,7 +706,14 @@ do_reloc (struct module *mod, uint8_t r_
+@@ -693,7 +716,14 @@ do_reloc (struct module *mod, uint8_t r_
break;
case RV_BDREL:
@@ -405,7 +764,7 @@
break;
case RV_LTV:
-@@ -817,15 +847,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
+@@ -828,15 +858,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
* addresses have been selected...
*/
uint64_t gp;
@@ -425,16 +784,16 @@
mod->arch.gp = gp;
DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
}
-diff -urNp linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c
linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c
---- linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c 2008-10-22 17:38:01.000000000
-0400
-+++ linux-2.6.27.4/arch/ia64/kernel/sys_ia64.c 2008-10-27 22:36:16.000000000
-0400
+diff -urNp linux-2.6.31/arch/ia64/kernel/sys_ia64.c
linux-2.6.31/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.31/arch/ia64/kernel/sys_ia64.c 2009-08-27 20:59:04.000000000
-0400
++++ linux-2.6.31/arch/ia64/kernel/sys_ia64.c 2009-09-06 15:29:11.116247536
-0400
@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
if (REGION_NUMBER(addr) == RGN_HPAGE)
addr = 0;
#endif
+
+#ifdef CONFIG_PAX_RANDMMAP
-+ if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp)
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
+ addr = mm->free_area_cache;
+ else
+#endif
@@ -454,9 +813,9 @@
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.8&r2=1.3.2.9&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
