diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2011-09-22 14:27:48 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-09-22 14:27:48 +0000 |
commit | 967ed15c5aa5cc735536e24b5b5cc6eb1b16e808 (patch) | |
tree | dda78fb4f27033b7b733fed1d090d0d9a34511a6 /main/linux-grsec | |
parent | 19b7ea721540c6a613f54ce11760f9afbae9a2a3 (diff) | |
download | aports-967ed15c5aa5cc735536e24b5b5cc6eb1b16e808.tar.bz2 aports-967ed15c5aa5cc735536e24b5b5cc6eb1b16e808.tar.xz |
main/linux-grsec: upgrade to grsecurity-2.2.2-3.0.4-201109190917
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.4-201109150655.patch) | 1029 |
2 files changed, 942 insertions, 93 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 008077e2fc..77438b0742 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.0.4 _kernver=3.0 -pkgrel=5 +pkgrel=6 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.2.2-3.0.4-201109150655.patch + grsecurity-2.2.2-3.0.4-201109190917.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -138,7 +138,7 @@ dev() { md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 62ca5f3caed233617127b2b3b7a87d15 patch-3.0.4.bz2 -b7dc9741bbb8f0ec91f88a6983a4fc74 grsecurity-2.2.2-3.0.4-201109150655.patch +475c1129df5aca0d82587640b878109d grsecurity-2.2.2-3.0.4-201109190917.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 9a2c88b20d296158cdcd01f843898415 kernelconfig.x86 6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109150655.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch index 01280f49f7..ec88fda16b 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109150655.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch @@ -5589,6 +5589,74 @@ diff -urNp linux-3.0.4/arch/x86/boot/video-vesa.c linux-3.0.4/arch/x86/boot/vide } /* +diff -urNp linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S +--- linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -71,6 +71,12 @@ FUNC: movq r1,r2; \ + je B192; \ + leaq 32(r9),r9; + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++#define ret orb $0x80, 0x7(%rsp); ret ++#else ++#define ret ret ++#endif ++ + #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \ + movq r1,r2; \ + movq r3,r4; \ +diff -urNp linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S +--- linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -790,6 +790,9 @@ ECRYPT_encrypt_bytes: + add %r11,%rsp + mov %rdi,%rax + mov %rsi,%rdx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + # bytesatleast65: + ._bytesatleast65: +@@ -891,6 +894,9 @@ ECRYPT_keysetup: + add %r11,%rsp + mov %rdi,%rax + mov %rsi,%rdx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + # enter ECRYPT_ivsetup + .text +@@ -917,4 +923,7 @@ ECRYPT_ivsetup: + add %r11,%rsp + mov %rdi,%rax + mov %rsi,%rdx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret +diff -urNp linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S +--- linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -269,6 +269,9 @@ twofish_enc_blk: + + popq R1 + movq $1,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + twofish_dec_blk: +@@ -321,4 +324,7 @@ twofish_dec_blk: + + popq R1 + movq $1,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret diff -urNp linux-3.0.4/arch/x86/ia32/ia32_aout.c linux-3.0.4/arch/x86/ia32/ia32_aout.c --- linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-08-23 21:48:14.000000000 -0400 @@ -8676,8 +8744,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/rwsem.h linux-3.0.4/arch/x86/include diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/include/asm/segment.h --- linux-3.0.4/arch/x86/include/asm/segment.h 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-08-23 21:47:55.000000000 -0400 -@@ -64,8 +64,8 @@ ++++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-09-17 00:53:42.000000000 -0400 +@@ -64,10 +64,15 @@ * 26 - ESPFIX small SS * 27 - per-cpu [ offset to per-cpu data area ] * 28 - stack_canary-20 [ for stack protector ] @@ -8687,8 +8755,15 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu + * 30 - PCI BIOS DS * 31 - TSS for double fault handler */ ++#define GDT_ENTRY_KERNEXEC_EFI_CS (1) ++#define GDT_ENTRY_KERNEXEC_EFI_DS (2) ++#define __KERNEXEC_EFI_CS (GDT_ENTRY_KERNEXEC_EFI_CS*8) ++#define __KERNEXEC_EFI_DS (GDT_ENTRY_KERNEXEC_EFI_DS*8) ++ #define GDT_ENTRY_TLS_MIN 6 -@@ -79,6 +79,8 @@ + #define GDT_ENTRY_TLS_MAX (GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1) + +@@ -79,6 +84,8 @@ #define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE+0) @@ -8697,7 +8772,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE+1) #define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE+4) -@@ -104,6 +106,12 @@ +@@ -104,6 +111,12 @@ #define __KERNEL_STACK_CANARY 0 #endif @@ -8710,7 +8785,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #define GDT_ENTRY_DOUBLEFAULT_TSS 31 /* -@@ -141,7 +149,7 @@ +@@ -141,7 +154,7 @@ */ /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */ @@ -8719,7 +8794,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #else -@@ -165,6 +173,8 @@ +@@ -165,6 +178,8 @@ #define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3) #define __USER32_DS __USER_DS @@ -8728,7 +8803,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu #define GDT_ENTRY_TSS 8 /* needs two entries */ #define GDT_ENTRY_LDT 10 /* needs two entries */ #define GDT_ENTRY_TLS_MIN 12 -@@ -185,6 +195,7 @@ +@@ -185,6 +200,7 @@ #endif #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8) @@ -10047,7 +10122,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include ".section .fixup,\"ax\"\n" diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig --- linux-3.0.4/arch/x86/Kconfig 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/Kconfig 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.4/arch/x86/Kconfig 2011-09-17 00:58:36.000000000 -0400 @@ -229,7 +229,7 @@ config X86_HT config X86_32_LAZY_GS @@ -10084,15 +10159,6 @@ diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1453,7 +1453,7 @@ config ARCH_USES_PG_UNCACHED - - config EFI - bool "EFI runtime service support" -- depends on ACPI -+ depends on ACPI && !PAX_KERNEXEC - ---help--- - This enables the kernel to use EFI runtime services that are - available (such as the EFI variable services). @@ -1483,6 +1483,7 @@ config SECCOMP config CC_STACKPROTECTOR @@ -11728,7 +11794,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S --- linux-3.0.4/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-08-26 19:49:56.000000000 -0400 ++++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-09-17 18:31:51.000000000 -0400 @@ -53,6 +53,7 @@ #include <asm/paravirt.h> #include <asm/ftrace.h> @@ -12108,7 +12174,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en je retint_kernel /* Interrupt came from user space */ -@@ -847,12 +1125,15 @@ retint_swapgs: /* return to user-space +@@ -847,12 +1125,18 @@ retint_swapgs: /* return to user-space * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -12121,10 +12187,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en retint_restore_args: /* return to kernel space */ DISABLE_INTERRUPTS(CLBR_ANY) + pax_exit_kernel ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7+RIP-ARGOFFSET(%rsp) ++#endif /* * The iretq could re-enable interrupts: */ -@@ -1027,6 +1308,16 @@ ENTRY(\sym) +@@ -1027,6 +1311,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12141,7 +12210,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1044,6 +1335,16 @@ ENTRY(\sym) +@@ -1044,6 +1338,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12158,7 +12227,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1052,7 +1353,7 @@ ENTRY(\sym) +@@ -1052,7 +1356,7 @@ ENTRY(\sym) END(\sym) .endm @@ -12167,7 +12236,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1062,8 +1363,24 @@ ENTRY(\sym) +@@ -1062,8 +1366,24 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12192,7 +12261,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) call \do_sym addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) -@@ -1080,6 +1397,16 @@ ENTRY(\sym) +@@ -1080,6 +1400,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12209,7 +12278,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1099,6 +1426,16 @@ ENTRY(\sym) +@@ -1099,6 +1429,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -12226,7 +12295,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1361,14 +1698,27 @@ ENTRY(paranoid_exit) +@@ -1361,16 +1701,35 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -12238,6 +12307,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en + TRACE_IRQS_IRETQ 0 + SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif + jmp irq_return +#endif paranoid_swapgs: @@ -12254,8 +12326,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en + pax_exit_kernel TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif jmp irq_return -@@ -1426,7 +1776,7 @@ ENTRY(error_entry) + paranoid_userspace: + GET_THREAD_INFO(%rcx) +@@ -1426,7 +1785,7 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -12264,7 +12341,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en je error_kernelspace error_swapgs: SWAPGS -@@ -1490,6 +1840,16 @@ ENTRY(nmi) +@@ -1490,6 +1849,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -12281,7 +12358,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1500,11 +1860,25 @@ ENTRY(nmi) +@@ -1500,12 +1869,32 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -12292,6 +12369,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en + pax_exit_kernel + SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif + jmp irq_return +#endif nmi_swapgs: @@ -12306,8 +12386,12 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en nmi_restore: + pax_exit_kernel RESTORE_ALL 8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80,0x7(%rsp) ++#endif jmp irq_return nmi_userspace: + GET_THREAD_INFO(%rcx) diff -urNp linux-3.0.4/arch/x86/kernel/ftrace.c linux-3.0.4/arch/x86/kernel/ftrace.c --- linux-3.0.4/arch/x86/kernel/ftrace.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/kernel/ftrace.c 2011-08-23 21:47:55.000000000 -0400 @@ -16528,8 +16612,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_386_32.S linux-3.0.4/arch/x86/lib/a movl %edx, 4(v) diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S --- linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-08-23 21:47:55.000000000 -0400 -@@ -39,6 +39,14 @@ ENTRY(atomic64_read_cx8) ++++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-09-17 18:31:51.000000000 -0400 +@@ -35,10 +35,24 @@ ENTRY(atomic64_read_cx8) + CFI_STARTPROC + + read64 %ecx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret CFI_ENDPROC ENDPROC(atomic64_read_cx8) @@ -16537,6 +16628,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a + CFI_STARTPROC + + read64 %ecx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC +ENDPROC(atomic64_read_unchecked_cx8) @@ -16544,7 +16638,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a ENTRY(atomic64_set_cx8) CFI_STARTPROC -@@ -52,6 +60,19 @@ ENTRY(atomic64_set_cx8) +@@ -48,10 +62,29 @@ ENTRY(atomic64_set_cx8) + cmpxchg8b (%esi) + jne 1b + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret CFI_ENDPROC ENDPROC(atomic64_set_cx8) @@ -16557,6 +16658,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a + cmpxchg8b (%esi) + jne 1b + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC +ENDPROC(atomic64_set_unchecked_cx8) @@ -16564,7 +16668,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a ENTRY(atomic64_xchg_cx8) CFI_STARTPROC -@@ -66,8 +87,8 @@ ENTRY(atomic64_xchg_cx8) +@@ -62,12 +95,15 @@ ENTRY(atomic64_xchg_cx8) + cmpxchg8b (%esi) + jne 1b + ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret CFI_ENDPROC ENDPROC(atomic64_xchg_cx8) @@ -16575,7 +16686,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a CFI_STARTPROC SAVE ebp SAVE ebx -@@ -84,27 +105,43 @@ ENTRY(atomic64_\func\()_return_cx8) +@@ -84,27 +120,46 @@ ENTRY(atomic64_\func\()_return_cx8) movl %edx, %ecx \ins\()l %esi, %ebx \insc\()l %edi, %ecx @@ -16606,6 +16717,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a RESTORE esi RESTORE ebx RESTORE ebp ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif ret CFI_ENDPROC -ENDPROC(atomic64_\func\()_return_cx8) @@ -16624,7 +16738,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a CFI_STARTPROC SAVE ebx -@@ -114,21 +151,38 @@ ENTRY(atomic64_\func\()_return_cx8) +@@ -114,21 +169,41 @@ ENTRY(atomic64_\func\()_return_cx8) movl %edx, %ecx \ins\()l $1, %ebx \insc\()l $0, %ecx @@ -16652,6 +16766,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a +.endif + RESTORE ebx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif ret CFI_ENDPROC -ENDPROC(atomic64_\func\()_return_cx8) @@ -16665,7 +16782,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a ENTRY(atomic64_dec_if_positive_cx8) CFI_STARTPROC -@@ -140,6 +194,13 @@ ENTRY(atomic64_dec_if_positive_cx8) +@@ -140,6 +215,13 @@ ENTRY(atomic64_dec_if_positive_cx8) movl %edx, %ecx subl $1, %ebx sbb $0, %ecx @@ -16679,7 +16796,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a js 2f LOCK_PREFIX cmpxchg8b (%esi) -@@ -174,6 +235,13 @@ ENTRY(atomic64_add_unless_cx8) +@@ -149,6 +231,9 @@ ENTRY(atomic64_dec_if_positive_cx8) + movl %ebx, %eax + movl %ecx, %edx + RESTORE ebx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(atomic64_dec_if_positive_cx8) +@@ -174,6 +259,13 @@ ENTRY(atomic64_add_unless_cx8) movl %edx, %ecx addl %esi, %ebx adcl %edi, %ecx @@ -16693,7 +16820,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a LOCK_PREFIX cmpxchg8b (%ebp) jne 1b -@@ -206,6 +274,13 @@ ENTRY(atomic64_inc_not_zero_cx8) +@@ -184,6 +276,9 @@ ENTRY(atomic64_add_unless_cx8) + CFI_ADJUST_CFA_OFFSET -8 + RESTORE ebx + RESTORE ebp ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + 4: + cmpl %edx, 4(%esp) +@@ -206,6 +301,13 @@ ENTRY(atomic64_inc_not_zero_cx8) movl %edx, %ecx addl $1, %ebx adcl $0, %ecx @@ -16707,6 +16844,16 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a LOCK_PREFIX cmpxchg8b (%esi) jne 1b +@@ -213,6 +315,9 @@ ENTRY(atomic64_inc_not_zero_cx8) + movl $1, %eax + 3: + RESTORE ebx ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + 4: + testl %edx, %edx diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/checksum_32.S --- linux-3.0.4/arch/x86/lib/checksum_32.S 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/checksum_32.S 2011-08-23 21:47:55.000000000 -0400 @@ -16956,8 +17103,38 @@ diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/check #undef ROUND1 diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/clear_page_64.S --- linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-08-23 21:47:55.000000000 -0400 -@@ -58,7 +58,7 @@ ENDPROC(clear_page) ++++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -11,6 +11,9 @@ ENTRY(clear_page_c) + movl $4096/8,%ecx + xorl %eax,%eax + rep stosq ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(clear_page_c) +@@ -20,6 +23,9 @@ ENTRY(clear_page_c_e) + movl $4096,%ecx + xorl %eax,%eax + rep stosb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(clear_page_c_e) +@@ -43,6 +49,9 @@ ENTRY(clear_page) + leaq 64(%rdi),%rdi + jnz .Lloop + nop ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + .Lclear_page_end: +@@ -58,7 +67,7 @@ ENDPROC(clear_page) #include <asm/cpufeature.h> @@ -16968,8 +17145,28 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle 2: .byte 0xeb /* jmp <disp8> */ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S --- linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-08-23 21:47:55.000000000 -0400 -@@ -104,7 +104,7 @@ ENDPROC(copy_page) ++++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -8,6 +8,9 @@ copy_page_c: + CFI_STARTPROC + movl $4096/8,%ecx + rep movsq ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(copy_page_c) +@@ -94,6 +97,9 @@ ENTRY(copy_page) + CFI_RESTORE r13 + addq $3*8,%rsp + CFI_ADJUST_CFA_OFFSET -3*8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lcopy_page_end: + CFI_ENDPROC +@@ -104,7 +110,7 @@ ENDPROC(copy_page) #include <asm/cpufeature.h> @@ -16980,7 +17177,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy 2: diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy_user_64.S --- linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-08-23 21:47:55.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-09-17 18:31:51.000000000 -0400 @@ -16,6 +16,7 @@ #include <asm/thread_info.h> #include <asm/cpufeature.h> @@ -16998,7 +17195,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy 2: .byte 0xe9 /* near jump with 32bit immediate */ .long \alt1-1b /* offset */ /* or alternatively to alt1 */ 3: .byte 0xe9 /* near jump with 32bit immediate */ -@@ -71,41 +72,13 @@ +@@ -71,47 +72,22 @@ #endif .endm @@ -17042,9 +17239,48 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy movl %edx,%ecx xorl %eax,%eax rep + stosb + bad_to_user: + movl %edx,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(bad_from_user) +@@ -179,6 +155,9 @@ ENTRY(copy_user_generic_unrolled) + decl %ecx + jnz 21b + 23: xor %eax,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" +@@ -251,6 +230,9 @@ ENTRY(copy_user_generic_string) + 3: rep + movsb + 4: xorl %eax,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" +@@ -287,6 +269,9 @@ ENTRY(copy_user_enhanced_fast_string) + 1: rep + movsb + 2: xorl %eax,%eax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S --- linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-08-23 21:47:55.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-09-17 18:31:51.000000000 -0400 @@ -14,6 +14,7 @@ #include <asm/current.h> #include <asm/asm-offsets.h> @@ -17069,6 +17305,29 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/ cmpl $8,%edx jb 20f /* less then 8 bytes, go to byte copy loop */ ALIGN_DESTINATION +@@ -98,6 +108,9 @@ ENTRY(__copy_user_nocache) + jnz 21b + 23: xorl %eax,%eax + sfence ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + .section .fixup,"ax" +diff -urNp linux-3.0.4/arch/x86/lib/csum-copy_64.S linux-3.0.4/arch/x86/lib/csum-copy_64.S +--- linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -228,6 +228,9 @@ ENTRY(csum_partial_copy_generic) + CFI_RESTORE rbp + addq $7*8, %rsp + CFI_ADJUST_CFA_OFFSET -7*8 ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_RESTORE_STATE + diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/csum-wrappers_64.c --- linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-08-23 21:47:55.000000000 -0400 @@ -17232,6 +17491,138 @@ diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c insn->x86_64 = x86_64 ? 1 : 0; insn->opnd_bytes = 4; if (x86_64) +diff -urNp linux-3.0.4/arch/x86/lib/iomap_copy_64.S linux-3.0.4/arch/x86/lib/iomap_copy_64.S +--- linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -25,6 +25,9 @@ ENTRY(__iowrite32_copy) + CFI_STARTPROC + movl %edx,%ecx + rep movsd ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(__iowrite32_copy) +diff -urNp linux-3.0.4/arch/x86/lib/memcpy_64.S linux-3.0.4/arch/x86/lib/memcpy_64.S +--- linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -34,6 +34,9 @@ + rep movsq + movl %edx, %ecx + rep movsb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemcpy_e: + .previous +@@ -51,6 +54,9 @@ + + movl %edx, %ecx + rep movsb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemcpy_e_e: + .previous +@@ -141,6 +147,9 @@ ENTRY(memcpy) + movq %r9, 1*8(%rdi) + movq %r10, -2*8(%rdi, %rdx) + movq %r11, -1*8(%rdi, %rdx) ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .p2align 4 + .Lless_16bytes: +@@ -153,6 +162,9 @@ ENTRY(memcpy) + movq -1*8(%rsi, %rdx), %r9 + movq %r8, 0*8(%rdi) + movq %r9, -1*8(%rdi, %rdx) ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .p2align 4 + .Lless_8bytes: +@@ -166,6 +178,9 @@ ENTRY(memcpy) + movl -4(%rsi, %rdx), %r8d + movl %ecx, (%rdi) + movl %r8d, -4(%rdi, %rdx) ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .p2align 4 + .Lless_3bytes: +@@ -183,6 +198,9 @@ ENTRY(memcpy) + jnz .Lloop_1 + + .Lend: ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + CFI_ENDPROC + ENDPROC(memcpy) +diff -urNp linux-3.0.4/arch/x86/lib/memmove_64.S linux-3.0.4/arch/x86/lib/memmove_64.S +--- linux-3.0.4/arch/x86/lib/memmove_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/memmove_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -201,6 +201,9 @@ ENTRY(memmove) + movb (%rsi), %r11b + movb %r11b, (%rdi) + 13: ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + CFI_ENDPROC + +@@ -209,6 +212,9 @@ ENTRY(memmove) + /* Forward moving data. */ + movq %rdx, %rcx + rep movsb ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + retq + .Lmemmove_end_forward_efs: + .previous +diff -urNp linux-3.0.4/arch/x86/lib/memset_64.S linux-3.0.4/arch/x86/lib/memset_64.S +--- linux-3.0.4/arch/x86/lib/memset_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/memset_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -31,6 +31,9 @@ + movl %r8d,%ecx + rep stosb + movq %r9,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemset_e: + .previous +@@ -53,6 +56,9 @@ + movl %edx,%ecx + rep stosb + movq %r9,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + .Lmemset_e_e: + .previous +@@ -121,6 +127,9 @@ ENTRY(__memset) + + .Lende: + movq %r10,%rax ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + + CFI_RESTORE_STATE diff -urNp linux-3.0.4/arch/x86/lib/mmx_32.c linux-3.0.4/arch/x86/lib/mmx_32.c --- linux-3.0.4/arch/x86/lib/mmx_32.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/mmx_32.c 2011-08-23 21:47:55.000000000 -0400 @@ -17690,6 +18081,84 @@ diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S #endif xor %eax,%eax EXIT +diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_64.S +--- linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -17,6 +17,9 @@ ENTRY(__write_lock_failed) + LOCK_PREFIX + subl $RW_LOCK_BIAS,(%rdi) + jnz __write_lock_failed ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + END(__write_lock_failed) +@@ -33,6 +36,9 @@ ENTRY(__read_lock_failed) + LOCK_PREFIX + decl (%rdi) + js __read_lock_failed ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + END(__read_lock_failed) +diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S +--- linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -51,6 +51,9 @@ ENTRY(call_rwsem_down_read_failed) + popq_cfi %rdx + CFI_RESTORE rdx + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(call_rwsem_down_read_failed) +@@ -61,6 +64,9 @@ ENTRY(call_rwsem_down_write_failed) + movq %rax,%rdi + call rwsem_down_write_failed + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(call_rwsem_down_write_failed) +@@ -73,6 +79,9 @@ ENTRY(call_rwsem_wake) + movq %rax,%rdi + call rwsem_wake + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + 1: ret + CFI_ENDPROC + ENDPROC(call_rwsem_wake) +@@ -88,6 +97,9 @@ ENTRY(call_rwsem_downgrade_wake) + popq_cfi %rdx + CFI_RESTORE rdx + restore_common_regs ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC + ENDPROC(call_rwsem_downgrade_wake) +diff -urNp linux-3.0.4/arch/x86/lib/thunk_64.S linux-3.0.4/arch/x86/lib/thunk_64.S +--- linux-3.0.4/arch/x86/lib/thunk_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/lib/thunk_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -50,5 +50,8 @@ + SAVE_ARGS + restore: + RESTORE_ARGS ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + CFI_ENDPROC diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/usercopy_32.c --- linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-08-23 21:47:55.000000000 -0400 @@ -20872,8 +21341,8 @@ diff -urNp linux-3.0.4/arch/x86/pci/pcbios.c linux-3.0.4/arch/x86/pci/pcbios.c EXPORT_SYMBOL(pcibios_set_irq_routing); diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platform/efi/efi_32.c --- linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-08-23 21:47:55.000000000 -0400 -@@ -38,70 +38,37 @@ ++++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-09-19 09:16:58.000000000 -0400 +@@ -38,70 +38,56 @@ */ static unsigned long efi_rt_eflags; @@ -20887,7 +21356,10 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf - unsigned long temp; struct desc_ptr gdt_descr; - local_irq_save(efi_rt_eflags); +- local_irq_save(efi_rt_eflags); ++#ifdef CONFIG_PAX_KERNEXEC ++ struct desc_struct d; ++#endif - /* - * If I don't have PAE, I should just duplicate two entries in page @@ -20895,7 +21367,8 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf - * page directory. - */ - cr4 = read_cr4_safe(); -- ++ local_irq_save(efi_rt_eflags); + - if (cr4 & X86_CR4_PAE) { - efi_bak_pg_dir_pointer[0].pgd = - swapper_pg_dir[pgd_index(0)].pgd; @@ -20921,8 +21394,14 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf */ __flush_tlb_all(); -- gdt_descr.address = __pa(get_cpu_gdt_table(0)); -+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0)); ++#ifdef CONFIG_PAX_KERNEXEC ++ pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S); ++ pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S); ++#endif ++ + gdt_descr.address = __pa(get_cpu_gdt_table(0)); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); } @@ -20933,8 +21412,15 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf - unsigned long cr4; struct desc_ptr gdt_descr; -- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); -+ gdt_descr.address = get_cpu_gdt_table(0); ++#ifdef CONFIG_PAX_KERNEXEC ++ struct desc_struct d; ++ ++ memset(&d, 0, sizeof d); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S); ++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S); ++#endif ++ + gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); @@ -20955,16 +21441,18 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf * After the lock is released, the original page table is restored. diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S --- linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-08-23 21:47:55.000000000 -0400 -@@ -6,6 +6,7 @@ ++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-09-19 09:16:58.000000000 -0400 +@@ -6,7 +6,9 @@ */ #include <linux/linkage.h> +#include <linux/init.h> #include <asm/page_types.h> ++#include <asm/segment.h> /* -@@ -20,7 +21,7 @@ + * efi_call_phys(void *, ...) is a function with variable parameters. +@@ -20,7 +22,7 @@ * service functions will comply with gcc calling convention, too. */ @@ -20973,18 +21461,22 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ ENTRY(efi_call_phys) /* * 0. The function can only be called in Linux kernel. So CS has been -@@ -36,9 +37,7 @@ ENTRY(efi_call_phys) +@@ -36,9 +38,11 @@ ENTRY(efi_call_phys) * The mapping of lower virtual memory has been created in prelog and * epilog. */ - movl $1f, %edx - subl $__PAGE_OFFSET, %edx - jmp *%edx -+ jmp 1f-__PAGE_OFFSET ++ movl $(__KERNEXEC_EFI_DS), %edx ++ mov %edx, %ds ++ mov %edx, %es ++ mov %edx, %ss ++ ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET 1: /* -@@ -47,14 +46,8 @@ ENTRY(efi_call_phys) +@@ -47,14 +51,8 @@ ENTRY(efi_call_phys) * parameter 2, ..., param n. To make things easy, we save the return * address of efi_call_phys in a global variable. */ @@ -21001,7 +21493,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ /* * 3. Clear PG bit in %CR0. -@@ -73,9 +66,8 @@ ENTRY(efi_call_phys) +@@ -73,9 +71,8 @@ ENTRY(efi_call_phys) /* * 5. Call the physical function. */ @@ -21012,7 +21504,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ /* * 6. After EFI runtime service returns, control will return to * following instruction. We'd better readjust stack pointer first. -@@ -88,35 +80,28 @@ ENTRY(efi_call_phys) +@@ -88,35 +85,32 @@ ENTRY(efi_call_phys) movl %cr0, %edx orl $0x80000000, %edx movl %edx, %cr0 @@ -21025,8 +21517,12 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ */ - movl $1f, %edx - jmp *%edx -+ jmp 1f+__PAGE_OFFSET ++ ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET 1: ++ movl $(__KERNEL_DS), %edx ++ mov %edx, %ds ++ mov %edx, %es ++ mov %edx, %ss /* * 9. Balance the stack. And because EAX contain the return value, @@ -21054,6 +21550,78 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/ saved_return_addr: .long 0 efi_rt_function_ptr: +diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S +--- linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-09-17 18:31:51.000000000 -0400 +@@ -40,6 +40,9 @@ ENTRY(efi_call0) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call0) + +@@ -50,6 +53,9 @@ ENTRY(efi_call1) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call1) + +@@ -60,6 +66,9 @@ ENTRY(efi_call2) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call2) + +@@ -71,6 +80,9 @@ ENTRY(efi_call3) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call3) + +@@ -83,6 +95,9 @@ ENTRY(efi_call4) + call *%rdi + addq $32, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call4) + +@@ -96,6 +111,9 @@ ENTRY(efi_call5) + call *%rdi + addq $48, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call5) + +@@ -112,5 +130,8 @@ ENTRY(efi_call6) + call *%rdi + addq $48, %rsp + RESTORE_XMM ++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++ orb $0x80, 0x7(%rsp) ++#endif + ret + ENDPROC(efi_call6) diff -urNp linux-3.0.4/arch/x86/platform/mrst/mrst.c linux-3.0.4/arch/x86/platform/mrst/mrst.c --- linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-08-23 21:47:55.000000000 -0400 @@ -63277,7 +63845,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec +-grsec diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile --- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400 -+++ linux-3.0.4/Makefile 2011-09-14 11:16:43.000000000 -0400 ++++ linux-3.0.4/Makefile 2011-09-17 00:56:07.000000000 -0400 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" HOSTCC = gcc @@ -63314,20 +63882,23 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +567,28 @@ else +@@ -564,6 +567,31 @@ else KBUILD_CFLAGS += -O2 endif +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN ++ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so ++endif +ifdef CONFIG_KALLOCSTAT_PLUGIN +KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so +endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100 +endif -+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN ++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) ++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc +else @@ -63343,7 +63914,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +733,7 @@ export mod_strip_cmd +@@ -708,7 +736,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -63352,7 +63923,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -907,6 +932,8 @@ define rule_vmlinux-modpost +@@ -907,6 +935,8 @@ define rule_vmlinux-modpost endef # vmlinux image - including updated kernel symbols @@ -63361,7 +63932,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE ifdef CONFIG_HEADERS_CHECK $(Q)$(MAKE) -f $(srctree)/Makefile headers_check -@@ -941,7 +968,8 @@ $(sort $(vmlinux-init) $(vmlinux-main)) +@@ -941,7 +971,8 @@ $(sort $(vmlinux-init) $(vmlinux-main)) # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -63371,7 +63942,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -986,6 +1014,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1017,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -63379,7 +63950,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile prepare: prepare0 # Generate some files -@@ -1102,7 +1131,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu +@@ -1102,7 +1134,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu # Target to prepare building external modules PHONY += modules_prepare @@ -63388,7 +63959,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile # Target to install modules PHONY += modules_install -@@ -1198,7 +1227,7 @@ distclean: mrproper +@@ -1198,7 +1230,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -63397,7 +63968,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1359,6 +1388,7 @@ PHONY += $(module-dirs) modules +@@ -1359,6 +1391,7 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -63405,7 +63976,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1485,17 +1515,19 @@ else +@@ -1485,17 +1518,19 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -63429,7 +64000,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1505,11 +1537,13 @@ endif +@@ -1505,11 +1540,13 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -71384,8 +71955,8 @@ diff -urNp linux-3.0.4/security/integrity/ima/ima_queue.c linux-3.0.4/security/i return 0; diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig --- linux-3.0.4/security/Kconfig 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.4/security/Kconfig 2011-08-23 21:48:14.000000000 -0400 -@@ -4,6 +4,554 @@ ++++ linux-3.0.4/security/Kconfig 2011-09-17 00:58:04.000000000 -0400 +@@ -4,6 +4,558 @@ menu "Security options" @@ -71396,6 +71967,9 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig + config ARCH_TRACK_EXEC_LIMIT + bool + ++ config PAX_KERNEXEC_PLUGIN ++ bool ++ + config PAX_PER_CPU_PGD + bool + @@ -71706,6 +72280,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig + bool "Enforce non-executable kernel pages" + depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) ++ select PAX_KERNEXEC_PLUGIN if X86_64 + help + This is the kernel land equivalent of PAGEEXEC and MPROTECT, + that is, enabling this option will make it harder to inject @@ -71940,7 +72515,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig config KEYS bool "Enable access key retention support" help -@@ -167,7 +715,7 @@ config INTEL_TXT +@@ -167,7 +719,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -72832,8 +73407,8 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif +} diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c --- linux-3.0.4/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-14 09:08:05.000000000 -0400 -@@ -0,0 +1,163 @@ ++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-17 00:53:44.000000000 -0400 +@@ -0,0 +1,165 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -72868,6 +73443,8 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo +#include "emit-rtl.h" +#include "function.h" + ++extern void print_gimple_stmt(FILE *, gimple, int, int); ++ +int plugin_is_GPL_compatible; + +static const char * const kalloc_functions[] = { @@ -72997,10 +73574,279 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo + + return 0; +} +diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexec_plugin.c +--- linux-3.0.4/tools/gcc/kernexec_plugin.c 1969-12-31 19:00:00.000000000 -0500 ++++ linux-3.0.4/tools/gcc/kernexec_plugin.c 2011-09-19 09:16:58.000000000 -0400 +@@ -0,0 +1,265 @@ ++/* ++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Licensed under the GPL v2 ++ * ++ * Note: the choice of the license means that the compilation process is ++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3, ++ * but for the kernel it doesn't matter since it doesn't link against ++ * any of the gcc libraries ++ * ++ * gcc plugin to make KERNEXEC/amd64 almost as good as it is on i386 ++ * ++ * TODO: ++ * ++ * BUGS: ++ * - none known ++ */ ++#include "gcc-plugin.h" ++#include "config.h" ++#include "system.h" ++#include "coretypes.h" ++#include "tree.h" ++#include "tree-pass.h" ++#include "intl.h" ++#include "plugin-version.h" ++#include "tm.h" ++#include "toplev.h" ++#include "basic-block.h" ++#include "gimple.h" ++//#include "expr.h" where are you... ++#include "diagnostic.h" ++#include "rtl.h" ++#include "emit-rtl.h" ++#include "function.h" ++#include "tree-flow.h" ++ ++extern void print_gimple_stmt(FILE *, gimple, int, int); ++ ++int plugin_is_GPL_compatible; ++ ++static struct plugin_info kernexec_plugin_info = { ++ .version = "201109191200", ++}; ++ ++static unsigned int execute_kernexec_fptr(void); ++static unsigned int execute_kernexec_retaddr(void); ++ ++static struct gimple_opt_pass kernexec_fptr_pass = { ++ .pass = { ++ .type = GIMPLE_PASS, ++ .name = "kernexec_fptr", ++ .gate = NULL, ++ .execute = execute_kernexec_fptr, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = 0, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi ++ } ++}; ++ ++static struct rtl_opt_pass kernexec_retaddr_pass = { ++ .pass = { ++ .type = RTL_PASS, ++ .name = "kernexec_retaddr", ++ .gate = NULL, ++ .execute = execute_kernexec_retaddr, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = 0, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = TODO_dump_func ++ } ++}; ++ ++/* ++ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce ++ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference ++ */ ++static void kernexec_instrument_fptr(gimple_stmt_iterator gsi) ++{ ++ gimple assign_intptr, assign_new_fptr, call_stmt; ++ tree intptr, old_fptr, new_fptr, kernexec_mask; ++ ++ call_stmt = gsi_stmt(gsi); ++ old_fptr = gimple_call_fn(call_stmt); ++ ++ // create temporary unsigned long variable used for bitops and cast fptr to it ++ intptr = create_tmp_var(long_unsigned_type_node, NULL); ++ add_referenced_var(intptr); ++ mark_sym_for_renaming(intptr); ++ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); ++ update_stmt(assign_intptr); ++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT); ++ ++ gsi_next(&gsi); ++ ++ // apply logical or to temporary unsigned long and bitmask ++ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); ++// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); ++ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask)); ++ update_stmt(assign_intptr); ++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT); ++ ++ gsi_next(&gsi); ++ ++ // cast temporary unsigned long back to a temporary fptr variable ++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL); ++ add_referenced_var(new_fptr); ++ mark_sym_for_renaming(new_fptr); ++ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); ++ update_stmt(assign_new_fptr); ++ gsi_insert_before(&gsi, assign_new_fptr, GSI_NEW_STMT); ++ ++ gsi_next(&gsi); ++ ++ // replace call stmt fn with the new fptr ++ gimple_call_set_fn(call_stmt, new_fptr); ++ update_stmt(call_stmt); ++} ++ ++/* ++ * find all C level function pointer dereferences and forcibly set the highest bit of the pointer ++ */ ++static unsigned int execute_kernexec_fptr(void) ++{ ++ basic_block bb; ++ gimple_stmt_iterator gsi; ++ ++ // 1. loop through BBs and GIMPLE statements ++ FOR_EACH_BB(bb) { ++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); ++ tree fn; ++ gimple call_stmt; ++ ++ // is it a call ... ++ call_stmt = gsi_stmt(gsi); ++ if (!is_gimple_call(call_stmt)) ++ continue; ++ fn = gimple_call_fn(call_stmt); ++ if (TREE_CODE(fn) == ADDR_EXPR) ++ continue; ++ if (TREE_CODE(fn) != SSA_NAME) ++ gcc_unreachable(); ++ ++ // ... through a function pointer ++ fn = SSA_NAME_VAR(fn); ++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL) ++ continue; ++ fn = TREE_TYPE(fn); ++ if (TREE_CODE(fn) != POINTER_TYPE) ++ continue; ++ fn = TREE_TYPE(fn); ++ if (TREE_CODE(fn) != FUNCTION_TYPE) ++ continue; ++ ++ kernexec_instrument_fptr(gsi); ++ ++//debug_tree(gimple_call_fn(call_stmt)); ++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO); ++ } ++ } ++ ++ return 0; ++} ++ ++// add special KERNEXEC instrumentation: orb $0x80,7(%rsp) just before retn ++static void kernexec_instrument_retaddr(rtx insn) ++{ ++ rtx ret_addr, clob, or; ++ ++ start_sequence(); ++ ++ // compute 7(%rsp) ++ ret_addr = gen_rtx_MEM(QImode, gen_rtx_PLUS(Pmode, stack_pointer_rtx, GEN_INT(7))); ++ MEM_VOLATILE_P(ret_addr) = 1; ++ ++ // create orb $0x80,7(%rsp) ++ or = gen_rtx_SET(VOIDmode, ret_addr, gen_rtx_IOR(QImode, ret_addr, GEN_INT(0xffffffffffffff80))); ++ clob = gen_rtx_CLOBBER(VOIDmode, gen_rtx_REG(CCmode, FLAGS_REG)); ++ ++ // put everything together ++ or = emit_insn(gen_rtx_PARALLEL(VOIDmode, gen_rtvec(2, or, clob))); ++ RTX_FRAME_RELATED_P(or) = 1; ++ ++ end_sequence(); ++ ++ emit_insn_before(or, insn); ++} ++ ++/* ++ * find all asm level function returns and forcibly set the highest bit of the return address ++ */ ++static unsigned int execute_kernexec_retaddr(void) ++{ ++ rtx insn; ++ ++ // 1. find function returns ++ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) { ++ // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil)) ++ // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil)) ++ rtx body; ++ ++ // is it a retn ++ if (!JUMP_P(insn)) ++ continue; ++ body = PATTERN(insn); ++ if (GET_CODE(body) == PARALLEL) ++ body = XVECEXP(body, 0, 0); ++ if (GET_CODE(body) != RETURN) ++ continue; ++ kernexec_instrument_retaddr(insn); ++ } ++ ++// print_simple_rtl(stderr, get_insns()); ++// print_rtl(stderr, get_insns()); ++ ++ return 0; ++} ++ ++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) ++{ ++ const char * const plugin_name = plugin_info->base_name; ++ const int argc = plugin_info->argc; ++ const struct plugin_argument * const argv = plugin_info->argv; ++ int i; ++ struct register_pass_info kernexec_fptr_pass_info = { ++ .pass = &kernexec_fptr_pass.pass, ++ .reference_pass_name = "ssa", ++ .ref_pass_instance_number = 0, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ struct register_pass_info kernexec_retaddr_pass_info = { ++ .pass = &kernexec_retaddr_pass.pass, ++ .reference_pass_name = "pro_and_epilogue", ++ .ref_pass_instance_number = 0, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ ++ if (!plugin_default_version_check(version, &gcc_version)) { ++ error(G_("incompatible gcc/plugin versions")); ++ return 1; ++ } ++ ++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kernexec_plugin_info); ++ ++ for (i = 0; i < argc; ++i) ++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); ++ ++ if (TARGET_64BIT == 0 || ix86_cmodel != CM_KERNEL) ++ return 0; ++ ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info); ++ ++ return 0; ++} diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile --- linux-3.0.4/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/tools/gcc/Makefile 2011-09-14 09:08:05.000000000 -0400 -@@ -0,0 +1,13 @@ ++++ linux-3.0.4/tools/gcc/Makefile 2011-09-17 00:53:44.000000000 -0400 +@@ -0,0 +1,14 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -73009,15 +73855,16 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile + +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include + -+hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so ++hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so kernexec_plugin.so +always := $(hostlibs-y) +stackleak_plugin-objs := stackleak_plugin.o +constify_plugin-objs := constify_plugin.o +kallocstat_plugin-objs := kallocstat_plugin.o ++kernexec_plugin-objs := kernexec_plugin.o diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c --- linux-3.0.4/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-14 09:08:05.000000000 -0400 -@@ -0,0 +1,249 @@ ++++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-17 00:53:44.000000000 -0400 +@@ -0,0 +1,251 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -73085,7 +73932,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts, -+ .todo_flags_finish = TODO_verify_stmts // | TODO_dump_func ++ .todo_flags_finish = TODO_verify_stmts | TODO_dump_func + } +}; + @@ -73103,7 +73950,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, -+ .todo_flags_finish = 0 ++ .todo_flags_finish = TODO_dump_func + } +}; + @@ -73181,6 +74028,10 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + if (cfun->calls_alloca) + return 0; + ++ // keep calls only if function frame is big enough ++ if (get_frame_size() >= track_frame_size) ++ return 0; ++ + // 1. find pax_track_stack calls + for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) { + // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil)) @@ -73200,9 +74051,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl + if (strcmp(XSTR(body, 0), track_function)) + continue; +// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size); -+ // 2. delete call if function frame is not big enough -+ if (get_frame_size() >= track_frame_size) -+ continue; ++ // 2. delete call + delete_insn_and_edges(insn); + } + |