aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2011-09-22 14:27:48 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2011-09-22 14:27:48 +0000
commit967ed15c5aa5cc735536e24b5b5cc6eb1b16e808 (patch)
treedda78fb4f27033b7b733fed1d090d0d9a34511a6 /main/linux-grsec
parent19b7ea721540c6a613f54ce11760f9afbae9a2a3 (diff)
downloadaports-967ed15c5aa5cc735536e24b5b5cc6eb1b16e808.tar.bz2
aports-967ed15c5aa5cc735536e24b5b5cc6eb1b16e808.tar.xz
main/linux-grsec: upgrade to grsecurity-2.2.2-3.0.4-201109190917
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.4-201109150655.patch)1029
2 files changed, 942 insertions, 93 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 008077e2fc..77438b0742 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.0.4
_kernver=3.0
-pkgrel=5
+pkgrel=6
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
- grsecurity-2.2.2-3.0.4-201109150655.patch
+ grsecurity-2.2.2-3.0.4-201109190917.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -138,7 +138,7 @@ dev() {
md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2
62ca5f3caed233617127b2b3b7a87d15 patch-3.0.4.bz2
-b7dc9741bbb8f0ec91f88a6983a4fc74 grsecurity-2.2.2-3.0.4-201109150655.patch
+475c1129df5aca0d82587640b878109d grsecurity-2.2.2-3.0.4-201109190917.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
9a2c88b20d296158cdcd01f843898415 kernelconfig.x86
6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109150655.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch
index 01280f49f7..ec88fda16b 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109150655.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.0.4-201109190917.patch
@@ -5589,6 +5589,74 @@ diff -urNp linux-3.0.4/arch/x86/boot/video-vesa.c linux-3.0.4/arch/x86/boot/vide
}
/*
+diff -urNp linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -71,6 +71,12 @@ FUNC: movq r1,r2; \
+ je B192; \
+ leaq 32(r9),r9;
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++#define ret orb $0x80, 0x7(%rsp); ret
++#else
++#define ret ret
++#endif
++
+ #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \
+ movq r1,r2; \
+ movq r3,r4; \
+diff -urNp linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -790,6 +790,9 @@ ECRYPT_encrypt_bytes:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ # bytesatleast65:
+ ._bytesatleast65:
+@@ -891,6 +894,9 @@ ECRYPT_keysetup:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ # enter ECRYPT_ivsetup
+ .text
+@@ -917,4 +923,7 @@ ECRYPT_ivsetup:
+ add %r11,%rsp
+ mov %rdi,%rax
+ mov %rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+diff -urNp linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -269,6 +269,9 @@ twofish_enc_blk:
+
+ popq R1
+ movq $1,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ twofish_dec_blk:
+@@ -321,4 +324,7 @@ twofish_dec_blk:
+
+ popq R1
+ movq $1,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
diff -urNp linux-3.0.4/arch/x86/ia32/ia32_aout.c linux-3.0.4/arch/x86/ia32/ia32_aout.c
--- linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/ia32/ia32_aout.c 2011-08-23 21:48:14.000000000 -0400
@@ -8676,8 +8744,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/rwsem.h linux-3.0.4/arch/x86/include
diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/include/asm/segment.h
--- linux-3.0.4/arch/x86/include/asm/segment.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-08-23 21:47:55.000000000 -0400
-@@ -64,8 +64,8 @@
++++ linux-3.0.4/arch/x86/include/asm/segment.h 2011-09-17 00:53:42.000000000 -0400
+@@ -64,10 +64,15 @@
* 26 - ESPFIX small SS
* 27 - per-cpu [ offset to per-cpu data area ]
* 28 - stack_canary-20 [ for stack protector ]
@@ -8687,8 +8755,15 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
+ * 30 - PCI BIOS DS
* 31 - TSS for double fault handler
*/
++#define GDT_ENTRY_KERNEXEC_EFI_CS (1)
++#define GDT_ENTRY_KERNEXEC_EFI_DS (2)
++#define __KERNEXEC_EFI_CS (GDT_ENTRY_KERNEXEC_EFI_CS*8)
++#define __KERNEXEC_EFI_DS (GDT_ENTRY_KERNEXEC_EFI_DS*8)
++
#define GDT_ENTRY_TLS_MIN 6
-@@ -79,6 +79,8 @@
+ #define GDT_ENTRY_TLS_MAX (GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1)
+
+@@ -79,6 +84,8 @@
#define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE+0)
@@ -8697,7 +8772,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE+1)
#define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE+4)
-@@ -104,6 +106,12 @@
+@@ -104,6 +111,12 @@
#define __KERNEL_STACK_CANARY 0
#endif
@@ -8710,7 +8785,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#define GDT_ENTRY_DOUBLEFAULT_TSS 31
/*
-@@ -141,7 +149,7 @@
+@@ -141,7 +154,7 @@
*/
/* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
@@ -8719,7 +8794,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#else
-@@ -165,6 +173,8 @@
+@@ -165,6 +178,8 @@
#define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3)
#define __USER32_DS __USER_DS
@@ -8728,7 +8803,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
#define GDT_ENTRY_TSS 8 /* needs two entries */
#define GDT_ENTRY_LDT 10 /* needs two entries */
#define GDT_ENTRY_TLS_MIN 12
-@@ -185,6 +195,7 @@
+@@ -185,6 +200,7 @@
#endif
#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
@@ -10047,7 +10122,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include
".section .fixup,\"ax\"\n"
diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig
--- linux-3.0.4/arch/x86/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/Kconfig 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/Kconfig 2011-09-17 00:58:36.000000000 -0400
@@ -229,7 +229,7 @@ config X86_HT
config X86_32_LAZY_GS
@@ -10084,15 +10159,6 @@ diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1453,7 +1453,7 @@ config ARCH_USES_PG_UNCACHED
-
- config EFI
- bool "EFI runtime service support"
-- depends on ACPI
-+ depends on ACPI && !PAX_KERNEXEC
- ---help---
- This enables the kernel to use EFI runtime services that are
- available (such as the EFI variable services).
@@ -1483,6 +1483,7 @@ config SECCOMP
config CC_STACKPROTECTOR
@@ -11728,7 +11794,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S
--- linux-3.0.4/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-08-26 19:49:56.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/entry_64.S 2011-09-17 18:31:51.000000000 -0400
@@ -53,6 +53,7 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
@@ -12108,7 +12174,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je retint_kernel
/* Interrupt came from user space */
-@@ -847,12 +1125,15 @@ retint_swapgs: /* return to user-space
+@@ -847,12 +1125,18 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -12121,10 +12187,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
retint_restore_args: /* return to kernel space */
DISABLE_INTERRUPTS(CLBR_ANY)
+ pax_exit_kernel
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7+RIP-ARGOFFSET(%rsp)
++#endif
/*
* The iretq could re-enable interrupts:
*/
-@@ -1027,6 +1308,16 @@ ENTRY(\sym)
+@@ -1027,6 +1311,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12141,7 +12210,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1044,6 +1335,16 @@ ENTRY(\sym)
+@@ -1044,6 +1338,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12158,7 +12227,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1052,7 +1353,7 @@ ENTRY(\sym)
+@@ -1052,7 +1356,7 @@ ENTRY(\sym)
END(\sym)
.endm
@@ -12167,7 +12236,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1062,8 +1363,24 @@ ENTRY(\sym)
+@@ -1062,8 +1366,24 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12192,7 +12261,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
call \do_sym
addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1080,6 +1397,16 @@ ENTRY(\sym)
+@@ -1080,6 +1400,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12209,7 +12278,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1099,6 +1426,16 @@ ENTRY(\sym)
+@@ -1099,6 +1429,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -12226,7 +12295,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1361,14 +1698,27 @@ ENTRY(paranoid_exit)
+@@ -1361,16 +1701,35 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -12238,6 +12307,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ TRACE_IRQS_IRETQ 0
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
+ jmp irq_return
+#endif
paranoid_swapgs:
@@ -12254,8 +12326,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ pax_exit_kernel
TRACE_IRQS_IRETQ 0
RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
jmp irq_return
-@@ -1426,7 +1776,7 @@ ENTRY(error_entry)
+ paranoid_userspace:
+ GET_THREAD_INFO(%rcx)
+@@ -1426,7 +1785,7 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -12264,7 +12341,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1490,6 +1840,16 @@ ENTRY(nmi)
+@@ -1490,6 +1849,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
@@ -12281,7 +12358,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1500,11 +1860,25 @@ ENTRY(nmi)
+@@ -1500,12 +1869,32 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -12292,6 +12369,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
+ pax_exit_kernel
+ SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
+ jmp irq_return
+#endif
nmi_swapgs:
@@ -12306,8 +12386,12 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
nmi_restore:
+ pax_exit_kernel
RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80,0x7(%rsp)
++#endif
jmp irq_return
nmi_userspace:
+ GET_THREAD_INFO(%rcx)
diff -urNp linux-3.0.4/arch/x86/kernel/ftrace.c linux-3.0.4/arch/x86/kernel/ftrace.c
--- linux-3.0.4/arch/x86/kernel/ftrace.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/kernel/ftrace.c 2011-08-23 21:47:55.000000000 -0400
@@ -16528,8 +16612,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_386_32.S linux-3.0.4/arch/x86/lib/a
movl %edx, 4(v)
diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S
--- linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-08-23 21:47:55.000000000 -0400
-@@ -39,6 +39,14 @@ ENTRY(atomic64_read_cx8)
++++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S 2011-09-17 18:31:51.000000000 -0400
+@@ -35,10 +35,24 @@ ENTRY(atomic64_read_cx8)
+ CFI_STARTPROC
+
+ read64 %ecx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
CFI_ENDPROC
ENDPROC(atomic64_read_cx8)
@@ -16537,6 +16628,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+ CFI_STARTPROC
+
+ read64 %ecx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ENDPROC(atomic64_read_unchecked_cx8)
@@ -16544,7 +16638,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_set_cx8)
CFI_STARTPROC
-@@ -52,6 +60,19 @@ ENTRY(atomic64_set_cx8)
+@@ -48,10 +62,29 @@ ENTRY(atomic64_set_cx8)
+ cmpxchg8b (%esi)
+ jne 1b
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
CFI_ENDPROC
ENDPROC(atomic64_set_cx8)
@@ -16557,6 +16658,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+ cmpxchg8b (%esi)
+ jne 1b
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ENDPROC(atomic64_set_unchecked_cx8)
@@ -16564,7 +16668,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_xchg_cx8)
CFI_STARTPROC
-@@ -66,8 +87,8 @@ ENTRY(atomic64_xchg_cx8)
+@@ -62,12 +95,15 @@ ENTRY(atomic64_xchg_cx8)
+ cmpxchg8b (%esi)
+ jne 1b
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
CFI_ENDPROC
ENDPROC(atomic64_xchg_cx8)
@@ -16575,7 +16686,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
CFI_STARTPROC
SAVE ebp
SAVE ebx
-@@ -84,27 +105,43 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -84,27 +120,46 @@ ENTRY(atomic64_\func\()_return_cx8)
movl %edx, %ecx
\ins\()l %esi, %ebx
\insc\()l %edi, %ecx
@@ -16606,6 +16717,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
RESTORE esi
RESTORE ebx
RESTORE ebp
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
ret
CFI_ENDPROC
-ENDPROC(atomic64_\func\()_return_cx8)
@@ -16624,7 +16738,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
CFI_STARTPROC
SAVE ebx
-@@ -114,21 +151,38 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -114,21 +169,41 @@ ENTRY(atomic64_\func\()_return_cx8)
movl %edx, %ecx
\ins\()l $1, %ebx
\insc\()l $0, %ecx
@@ -16652,6 +16766,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
+.endif
+
RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
ret
CFI_ENDPROC
-ENDPROC(atomic64_\func\()_return_cx8)
@@ -16665,7 +16782,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
ENTRY(atomic64_dec_if_positive_cx8)
CFI_STARTPROC
-@@ -140,6 +194,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
+@@ -140,6 +215,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
movl %edx, %ecx
subl $1, %ebx
sbb $0, %ecx
@@ -16679,7 +16796,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
js 2f
LOCK_PREFIX
cmpxchg8b (%esi)
-@@ -174,6 +235,13 @@ ENTRY(atomic64_add_unless_cx8)
+@@ -149,6 +231,9 @@ ENTRY(atomic64_dec_if_positive_cx8)
+ movl %ebx, %eax
+ movl %ecx, %edx
+ RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(atomic64_dec_if_positive_cx8)
+@@ -174,6 +259,13 @@ ENTRY(atomic64_add_unless_cx8)
movl %edx, %ecx
addl %esi, %ebx
adcl %edi, %ecx
@@ -16693,7 +16820,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
LOCK_PREFIX
cmpxchg8b (%ebp)
jne 1b
-@@ -206,6 +274,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
+@@ -184,6 +276,9 @@ ENTRY(atomic64_add_unless_cx8)
+ CFI_ADJUST_CFA_OFFSET -8
+ RESTORE ebx
+ RESTORE ebp
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ 4:
+ cmpl %edx, 4(%esp)
+@@ -206,6 +301,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
movl %edx, %ecx
addl $1, %ebx
adcl $0, %ecx
@@ -16707,6 +16844,16 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
LOCK_PREFIX
cmpxchg8b (%esi)
jne 1b
+@@ -213,6 +315,9 @@ ENTRY(atomic64_inc_not_zero_cx8)
+ movl $1, %eax
+ 3:
+ RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ 4:
+ testl %edx, %edx
diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/checksum_32.S
--- linux-3.0.4/arch/x86/lib/checksum_32.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/checksum_32.S 2011-08-23 21:47:55.000000000 -0400
@@ -16956,8 +17103,38 @@ diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/check
#undef ROUND1
diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/clear_page_64.S
--- linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-08-23 21:47:55.000000000 -0400
-@@ -58,7 +58,7 @@ ENDPROC(clear_page)
++++ linux-3.0.4/arch/x86/lib/clear_page_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -11,6 +11,9 @@ ENTRY(clear_page_c)
+ movl $4096/8,%ecx
+ xorl %eax,%eax
+ rep stosq
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(clear_page_c)
+@@ -20,6 +23,9 @@ ENTRY(clear_page_c_e)
+ movl $4096,%ecx
+ xorl %eax,%eax
+ rep stosb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(clear_page_c_e)
+@@ -43,6 +49,9 @@ ENTRY(clear_page)
+ leaq 64(%rdi),%rdi
+ jnz .Lloop
+ nop
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ .Lclear_page_end:
+@@ -58,7 +67,7 @@ ENDPROC(clear_page)
#include <asm/cpufeature.h>
@@ -16968,8 +17145,28 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle
2: .byte 0xeb /* jmp <disp8> */
diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S
--- linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-08-23 21:47:55.000000000 -0400
-@@ -104,7 +104,7 @@ ENDPROC(copy_page)
++++ linux-3.0.4/arch/x86/lib/copy_page_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -8,6 +8,9 @@ copy_page_c:
+ CFI_STARTPROC
+ movl $4096/8,%ecx
+ rep movsq
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(copy_page_c)
+@@ -94,6 +97,9 @@ ENTRY(copy_page)
+ CFI_RESTORE r13
+ addq $3*8,%rsp
+ CFI_ADJUST_CFA_OFFSET -3*8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lcopy_page_end:
+ CFI_ENDPROC
+@@ -104,7 +110,7 @@ ENDPROC(copy_page)
#include <asm/cpufeature.h>
@@ -16980,7 +17177,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy
2:
diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy_user_64.S
--- linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_64.S 2011-09-17 18:31:51.000000000 -0400
@@ -16,6 +16,7 @@
#include <asm/thread_info.h>
#include <asm/cpufeature.h>
@@ -16998,7 +17195,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
2: .byte 0xe9 /* near jump with 32bit immediate */
.long \alt1-1b /* offset */ /* or alternatively to alt1 */
3: .byte 0xe9 /* near jump with 32bit immediate */
-@@ -71,41 +72,13 @@
+@@ -71,47 +72,22 @@
#endif
.endm
@@ -17042,9 +17239,48 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
movl %edx,%ecx
xorl %eax,%eax
rep
+ stosb
+ bad_to_user:
+ movl %edx,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(bad_from_user)
+@@ -179,6 +155,9 @@ ENTRY(copy_user_generic_unrolled)
+ decl %ecx
+ jnz 21b
+ 23: xor %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
+@@ -251,6 +230,9 @@ ENTRY(copy_user_generic_string)
+ 3: rep
+ movsb
+ 4: xorl %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
+@@ -287,6 +269,9 @@ ENTRY(copy_user_enhanced_fast_string)
+ 1: rep
+ movsb
+ 2: xorl %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S
--- linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S 2011-09-17 18:31:51.000000000 -0400
@@ -14,6 +14,7 @@
#include <asm/current.h>
#include <asm/asm-offsets.h>
@@ -17069,6 +17305,29 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
ALIGN_DESTINATION
+@@ -98,6 +108,9 @@ ENTRY(__copy_user_nocache)
+ jnz 21b
+ 23: xorl %eax,%eax
+ sfence
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ .section .fixup,"ax"
+diff -urNp linux-3.0.4/arch/x86/lib/csum-copy_64.S linux-3.0.4/arch/x86/lib/csum-copy_64.S
+--- linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/csum-copy_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -228,6 +228,9 @@ ENTRY(csum_partial_copy_generic)
+ CFI_RESTORE rbp
+ addq $7*8, %rsp
+ CFI_ADJUST_CFA_OFFSET -7*8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_RESTORE_STATE
+
diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/csum-wrappers_64.c
--- linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c 2011-08-23 21:47:55.000000000 -0400
@@ -17232,6 +17491,138 @@ diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c
insn->x86_64 = x86_64 ? 1 : 0;
insn->opnd_bytes = 4;
if (x86_64)
+diff -urNp linux-3.0.4/arch/x86/lib/iomap_copy_64.S linux-3.0.4/arch/x86/lib/iomap_copy_64.S
+--- linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -25,6 +25,9 @@ ENTRY(__iowrite32_copy)
+ CFI_STARTPROC
+ movl %edx,%ecx
+ rep movsd
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(__iowrite32_copy)
+diff -urNp linux-3.0.4/arch/x86/lib/memcpy_64.S linux-3.0.4/arch/x86/lib/memcpy_64.S
+--- linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memcpy_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -34,6 +34,9 @@
+ rep movsq
+ movl %edx, %ecx
+ rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemcpy_e:
+ .previous
+@@ -51,6 +54,9 @@
+
+ movl %edx, %ecx
+ rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemcpy_e_e:
+ .previous
+@@ -141,6 +147,9 @@ ENTRY(memcpy)
+ movq %r9, 1*8(%rdi)
+ movq %r10, -2*8(%rdi, %rdx)
+ movq %r11, -1*8(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .p2align 4
+ .Lless_16bytes:
+@@ -153,6 +162,9 @@ ENTRY(memcpy)
+ movq -1*8(%rsi, %rdx), %r9
+ movq %r8, 0*8(%rdi)
+ movq %r9, -1*8(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .p2align 4
+ .Lless_8bytes:
+@@ -166,6 +178,9 @@ ENTRY(memcpy)
+ movl -4(%rsi, %rdx), %r8d
+ movl %ecx, (%rdi)
+ movl %r8d, -4(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .p2align 4
+ .Lless_3bytes:
+@@ -183,6 +198,9 @@ ENTRY(memcpy)
+ jnz .Lloop_1
+
+ .Lend:
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ CFI_ENDPROC
+ ENDPROC(memcpy)
+diff -urNp linux-3.0.4/arch/x86/lib/memmove_64.S linux-3.0.4/arch/x86/lib/memmove_64.S
+--- linux-3.0.4/arch/x86/lib/memmove_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memmove_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -201,6 +201,9 @@ ENTRY(memmove)
+ movb (%rsi), %r11b
+ movb %r11b, (%rdi)
+ 13:
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ CFI_ENDPROC
+
+@@ -209,6 +212,9 @@ ENTRY(memmove)
+ /* Forward moving data. */
+ movq %rdx, %rcx
+ rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ retq
+ .Lmemmove_end_forward_efs:
+ .previous
+diff -urNp linux-3.0.4/arch/x86/lib/memset_64.S linux-3.0.4/arch/x86/lib/memset_64.S
+--- linux-3.0.4/arch/x86/lib/memset_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memset_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -31,6 +31,9 @@
+ movl %r8d,%ecx
+ rep stosb
+ movq %r9,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemset_e:
+ .previous
+@@ -53,6 +56,9 @@
+ movl %edx,%ecx
+ rep stosb
+ movq %r9,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ .Lmemset_e_e:
+ .previous
+@@ -121,6 +127,9 @@ ENTRY(__memset)
+
+ .Lende:
+ movq %r10,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+
+ CFI_RESTORE_STATE
diff -urNp linux-3.0.4/arch/x86/lib/mmx_32.c linux-3.0.4/arch/x86/lib/mmx_32.c
--- linux-3.0.4/arch/x86/lib/mmx_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/mmx_32.c 2011-08-23 21:47:55.000000000 -0400
@@ -17690,6 +18081,84 @@ diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S
#endif
xor %eax,%eax
EXIT
+diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_64.S
+--- linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwlock_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -17,6 +17,9 @@ ENTRY(__write_lock_failed)
+ LOCK_PREFIX
+ subl $RW_LOCK_BIAS,(%rdi)
+ jnz __write_lock_failed
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ END(__write_lock_failed)
+@@ -33,6 +36,9 @@ ENTRY(__read_lock_failed)
+ LOCK_PREFIX
+ decl (%rdi)
+ js __read_lock_failed
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ END(__read_lock_failed)
+diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S
+--- linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwsem_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -51,6 +51,9 @@ ENTRY(call_rwsem_down_read_failed)
+ popq_cfi %rdx
+ CFI_RESTORE rdx
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_down_read_failed)
+@@ -61,6 +64,9 @@ ENTRY(call_rwsem_down_write_failed)
+ movq %rax,%rdi
+ call rwsem_down_write_failed
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_down_write_failed)
+@@ -73,6 +79,9 @@ ENTRY(call_rwsem_wake)
+ movq %rax,%rdi
+ call rwsem_wake
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ 1: ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_wake)
+@@ -88,6 +97,9 @@ ENTRY(call_rwsem_downgrade_wake)
+ popq_cfi %rdx
+ CFI_RESTORE rdx
+ restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
+ ENDPROC(call_rwsem_downgrade_wake)
+diff -urNp linux-3.0.4/arch/x86/lib/thunk_64.S linux-3.0.4/arch/x86/lib/thunk_64.S
+--- linux-3.0.4/arch/x86/lib/thunk_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/thunk_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -50,5 +50,8 @@
+ SAVE_ARGS
+ restore:
+ RESTORE_ARGS
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ CFI_ENDPROC
diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/usercopy_32.c
--- linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/lib/usercopy_32.c 2011-08-23 21:47:55.000000000 -0400
@@ -20872,8 +21341,8 @@ diff -urNp linux-3.0.4/arch/x86/pci/pcbios.c linux-3.0.4/arch/x86/pci/pcbios.c
EXPORT_SYMBOL(pcibios_set_irq_routing);
diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platform/efi/efi_32.c
--- linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-08-23 21:47:55.000000000 -0400
-@@ -38,70 +38,37 @@
++++ linux-3.0.4/arch/x86/platform/efi/efi_32.c 2011-09-19 09:16:58.000000000 -0400
+@@ -38,70 +38,56 @@
*/
static unsigned long efi_rt_eflags;
@@ -20887,7 +21356,10 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
- unsigned long temp;
struct desc_ptr gdt_descr;
- local_irq_save(efi_rt_eflags);
+- local_irq_save(efi_rt_eflags);
++#ifdef CONFIG_PAX_KERNEXEC
++ struct desc_struct d;
++#endif
- /*
- * If I don't have PAE, I should just duplicate two entries in page
@@ -20895,7 +21367,8 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
- * page directory.
- */
- cr4 = read_cr4_safe();
--
++ local_irq_save(efi_rt_eflags);
+
- if (cr4 & X86_CR4_PAE) {
- efi_bak_pg_dir_pointer[0].pgd =
- swapper_pg_dir[pgd_index(0)].pgd;
@@ -20921,8 +21394,14 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
*/
__flush_tlb_all();
-- gdt_descr.address = __pa(get_cpu_gdt_table(0));
-+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
++#ifdef CONFIG_PAX_KERNEXEC
++ pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++ pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ gdt_descr.address = __pa(get_cpu_gdt_table(0));
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
}
@@ -20933,8 +21412,15 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
- unsigned long cr4;
struct desc_ptr gdt_descr;
-- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
-+ gdt_descr.address = get_cpu_gdt_table(0);
++#ifdef CONFIG_PAX_KERNEXEC
++ struct desc_struct d;
++
++ memset(&d, 0, sizeof d);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
@@ -20955,16 +21441,18 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
* After the lock is released, the original page table is restored.
diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S
--- linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-08-23 21:47:55.000000000 -0400
-@@ -6,6 +6,7 @@
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S 2011-09-19 09:16:58.000000000 -0400
+@@ -6,7 +6,9 @@
*/
#include <linux/linkage.h>
+#include <linux/init.h>
#include <asm/page_types.h>
++#include <asm/segment.h>
/*
-@@ -20,7 +21,7 @@
+ * efi_call_phys(void *, ...) is a function with variable parameters.
+@@ -20,7 +22,7 @@
* service functions will comply with gcc calling convention, too.
*/
@@ -20973,18 +21461,22 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
ENTRY(efi_call_phys)
/*
* 0. The function can only be called in Linux kernel. So CS has been
-@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
+@@ -36,9 +38,11 @@ ENTRY(efi_call_phys)
* The mapping of lower virtual memory has been created in prelog and
* epilog.
*/
- movl $1f, %edx
- subl $__PAGE_OFFSET, %edx
- jmp *%edx
-+ jmp 1f-__PAGE_OFFSET
++ movl $(__KERNEXEC_EFI_DS), %edx
++ mov %edx, %ds
++ mov %edx, %es
++ mov %edx, %ss
++ ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET
1:
/*
-@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
+@@ -47,14 +51,8 @@ ENTRY(efi_call_phys)
* parameter 2, ..., param n. To make things easy, we save the return
* address of efi_call_phys in a global variable.
*/
@@ -21001,7 +21493,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
/*
* 3. Clear PG bit in %CR0.
-@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
+@@ -73,9 +71,8 @@ ENTRY(efi_call_phys)
/*
* 5. Call the physical function.
*/
@@ -21012,7 +21504,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
/*
* 6. After EFI runtime service returns, control will return to
* following instruction. We'd better readjust stack pointer first.
-@@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
+@@ -88,35 +85,32 @@ ENTRY(efi_call_phys)
movl %cr0, %edx
orl $0x80000000, %edx
movl %edx, %cr0
@@ -21025,8 +21517,12 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
*/
- movl $1f, %edx
- jmp *%edx
-+ jmp 1f+__PAGE_OFFSET
++ ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET
1:
++ movl $(__KERNEL_DS), %edx
++ mov %edx, %ds
++ mov %edx, %es
++ mov %edx, %ss
/*
* 9. Balance the stack. And because EAX contain the return value,
@@ -21054,6 +21550,78 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
saved_return_addr:
.long 0
efi_rt_function_ptr:
+diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S
+--- linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S 2011-09-17 18:31:51.000000000 -0400
+@@ -40,6 +40,9 @@ ENTRY(efi_call0)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call0)
+
+@@ -50,6 +53,9 @@ ENTRY(efi_call1)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call1)
+
+@@ -60,6 +66,9 @@ ENTRY(efi_call2)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call2)
+
+@@ -71,6 +80,9 @@ ENTRY(efi_call3)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call3)
+
+@@ -83,6 +95,9 @@ ENTRY(efi_call4)
+ call *%rdi
+ addq $32, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call4)
+
+@@ -96,6 +111,9 @@ ENTRY(efi_call5)
+ call *%rdi
+ addq $48, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call5)
+
+@@ -112,5 +130,8 @@ ENTRY(efi_call6)
+ call *%rdi
+ addq $48, %rsp
+ RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++ orb $0x80, 0x7(%rsp)
++#endif
+ ret
+ ENDPROC(efi_call6)
diff -urNp linux-3.0.4/arch/x86/platform/mrst/mrst.c linux-3.0.4/arch/x86/platform/mrst/mrst.c
--- linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.4/arch/x86/platform/mrst/mrst.c 2011-08-23 21:47:55.000000000 -0400
@@ -63277,7 +63845,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
+-grsec
diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
--- linux-3.0.4/Makefile 2011-09-02 18:11:26.000000000 -0400
-+++ linux-3.0.4/Makefile 2011-09-14 11:16:43.000000000 -0400
++++ linux-3.0.4/Makefile 2011-09-17 00:56:07.000000000 -0400
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -63314,20 +63882,23 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +567,28 @@ else
+@@ -564,6 +567,31 @@ else
KBUILD_CFLAGS += -O2
endif
+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
+ifdef CONFIG_KALLOCSTAT_PLUGIN
+KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
+endif
+ifdef CONFIG_PAX_MEMORY_STACKLEAK
+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
-+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
+else
@@ -63343,7 +63914,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +733,7 @@ export mod_strip_cmd
+@@ -708,7 +736,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -63352,7 +63923,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +932,8 @@ define rule_vmlinux-modpost
+@@ -907,6 +935,8 @@ define rule_vmlinux-modpost
endef
# vmlinux image - including updated kernel symbols
@@ -63361,7 +63932,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
ifdef CONFIG_HEADERS_CHECK
$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -941,7 +968,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+@@ -941,7 +971,8 @@ $(sort $(vmlinux-init) $(vmlinux-main))
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -63371,7 +63942,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1014,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1017,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=. missing-syscalls
# All the preparing..
@@ -63379,7 +63950,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
prepare: prepare0
# Generate some files
-@@ -1102,7 +1131,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+@@ -1102,7 +1134,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
# Target to prepare building external modules
PHONY += modules_prepare
@@ -63388,7 +63959,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
# Target to install modules
PHONY += modules_install
-@@ -1198,7 +1227,7 @@ distclean: mrproper
+@@ -1198,7 +1230,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -63397,7 +63968,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1359,6 +1388,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1391,7 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -63405,7 +63976,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1515,19 @@ else
+@@ -1485,17 +1518,19 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -63429,7 +64000,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1537,13 @@ endif
+@@ -1505,11 +1540,13 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -71384,8 +71955,8 @@ diff -urNp linux-3.0.4/security/integrity/ima/ima_queue.c linux-3.0.4/security/i
return 0;
diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
--- linux-3.0.4/security/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/security/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -4,6 +4,554 @@
++++ linux-3.0.4/security/Kconfig 2011-09-17 00:58:04.000000000 -0400
+@@ -4,6 +4,558 @@
menu "Security options"
@@ -71396,6 +71967,9 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
+ config ARCH_TRACK_EXEC_LIMIT
+ bool
+
++ config PAX_KERNEXEC_PLUGIN
++ bool
++
+ config PAX_PER_CPU_PGD
+ bool
+
@@ -71706,6 +72280,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
+ bool "Enforce non-executable kernel pages"
+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
++ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
+ that is, enabling this option will make it harder to inject
@@ -71940,7 +72515,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
config KEYS
bool "Enable access key retention support"
help
-@@ -167,7 +715,7 @@ config INTEL_TXT
+@@ -167,7 +719,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -72832,8 +73407,8 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif
+}
diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c
--- linux-3.0.4/tools/gcc/kallocstat_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,163 @@
++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c 2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,165 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -72868,6 +73443,8 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
+#include "emit-rtl.h"
+#include "function.h"
+
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
+int plugin_is_GPL_compatible;
+
+static const char * const kalloc_functions[] = {
@@ -72997,10 +73574,279 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
+
+ return 0;
+}
+diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexec_plugin.c
+--- linux-3.0.4/tools/gcc/kernexec_plugin.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.4/tools/gcc/kernexec_plugin.c 2011-09-19 09:16:58.000000000 -0400
+@@ -0,0 +1,265 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ * but for the kernel it doesn't matter since it doesn't link against
++ * any of the gcc libraries
++ *
++ * gcc plugin to make KERNEXEC/amd64 almost as good as it is on i386
++ *
++ * TODO:
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++#include "tree-flow.h"
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
++int plugin_is_GPL_compatible;
++
++static struct plugin_info kernexec_plugin_info = {
++ .version = "201109191200",
++};
++
++static unsigned int execute_kernexec_fptr(void);
++static unsigned int execute_kernexec_retaddr(void);
++
++static struct gimple_opt_pass kernexec_fptr_pass = {
++ .pass = {
++ .type = GIMPLE_PASS,
++ .name = "kernexec_fptr",
++ .gate = NULL,
++ .execute = execute_kernexec_fptr,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi
++ }
++};
++
++static struct rtl_opt_pass kernexec_retaddr_pass = {
++ .pass = {
++ .type = RTL_PASS,
++ .name = "kernexec_retaddr",
++ .gate = NULL,
++ .execute = execute_kernexec_retaddr,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = 0,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_dump_func
++ }
++};
++
++/*
++ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce
++ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference
++ */
++static void kernexec_instrument_fptr(gimple_stmt_iterator gsi)
++{
++ gimple assign_intptr, assign_new_fptr, call_stmt;
++ tree intptr, old_fptr, new_fptr, kernexec_mask;
++
++ call_stmt = gsi_stmt(gsi);
++ old_fptr = gimple_call_fn(call_stmt);
++
++ // create temporary unsigned long variable used for bitops and cast fptr to it
++ intptr = create_tmp_var(long_unsigned_type_node, NULL);
++ add_referenced_var(intptr);
++ mark_sym_for_renaming(intptr);
++ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr));
++ update_stmt(assign_intptr);
++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
++
++ gsi_next(&gsi);
++
++ // apply logical or to temporary unsigned long and bitmask
++ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL);
++// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL);
++ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask));
++ update_stmt(assign_intptr);
++ gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
++
++ gsi_next(&gsi);
++
++ // cast temporary unsigned long back to a temporary fptr variable
++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL);
++ add_referenced_var(new_fptr);
++ mark_sym_for_renaming(new_fptr);
++ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
++ update_stmt(assign_new_fptr);
++ gsi_insert_before(&gsi, assign_new_fptr, GSI_NEW_STMT);
++
++ gsi_next(&gsi);
++
++ // replace call stmt fn with the new fptr
++ gimple_call_set_fn(call_stmt, new_fptr);
++ update_stmt(call_stmt);
++}
++
++/*
++ * find all C level function pointer dereferences and forcibly set the highest bit of the pointer
++ */
++static unsigned int execute_kernexec_fptr(void)
++{
++ basic_block bb;
++ gimple_stmt_iterator gsi;
++
++ // 1. loop through BBs and GIMPLE statements
++ FOR_EACH_BB(bb) {
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
++ tree fn;
++ gimple call_stmt;
++
++ // is it a call ...
++ call_stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(call_stmt))
++ continue;
++ fn = gimple_call_fn(call_stmt);
++ if (TREE_CODE(fn) == ADDR_EXPR)
++ continue;
++ if (TREE_CODE(fn) != SSA_NAME)
++ gcc_unreachable();
++
++ // ... through a function pointer
++ fn = SSA_NAME_VAR(fn);
++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL)
++ continue;
++ fn = TREE_TYPE(fn);
++ if (TREE_CODE(fn) != POINTER_TYPE)
++ continue;
++ fn = TREE_TYPE(fn);
++ if (TREE_CODE(fn) != FUNCTION_TYPE)
++ continue;
++
++ kernexec_instrument_fptr(gsi);
++
++//debug_tree(gimple_call_fn(call_stmt));
++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO);
++ }
++ }
++
++ return 0;
++}
++
++// add special KERNEXEC instrumentation: orb $0x80,7(%rsp) just before retn
++static void kernexec_instrument_retaddr(rtx insn)
++{
++ rtx ret_addr, clob, or;
++
++ start_sequence();
++
++ // compute 7(%rsp)
++ ret_addr = gen_rtx_MEM(QImode, gen_rtx_PLUS(Pmode, stack_pointer_rtx, GEN_INT(7)));
++ MEM_VOLATILE_P(ret_addr) = 1;
++
++ // create orb $0x80,7(%rsp)
++ or = gen_rtx_SET(VOIDmode, ret_addr, gen_rtx_IOR(QImode, ret_addr, GEN_INT(0xffffffffffffff80)));
++ clob = gen_rtx_CLOBBER(VOIDmode, gen_rtx_REG(CCmode, FLAGS_REG));
++
++ // put everything together
++ or = emit_insn(gen_rtx_PARALLEL(VOIDmode, gen_rtvec(2, or, clob)));
++ RTX_FRAME_RELATED_P(or) = 1;
++
++ end_sequence();
++
++ emit_insn_before(or, insn);
++}
++
++/*
++ * find all asm level function returns and forcibly set the highest bit of the return address
++ */
++static unsigned int execute_kernexec_retaddr(void)
++{
++ rtx insn;
++
++ // 1. find function returns
++ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
++ // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
++ // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
++ rtx body;
++
++ // is it a retn
++ if (!JUMP_P(insn))
++ continue;
++ body = PATTERN(insn);
++ if (GET_CODE(body) == PARALLEL)
++ body = XVECEXP(body, 0, 0);
++ if (GET_CODE(body) != RETURN)
++ continue;
++ kernexec_instrument_retaddr(insn);
++ }
++
++// print_simple_rtl(stderr, get_insns());
++// print_rtl(stderr, get_insns());
++
++ return 0;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ int i;
++ struct register_pass_info kernexec_fptr_pass_info = {
++ .pass = &kernexec_fptr_pass.pass,
++ .reference_pass_name = "ssa",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++ struct register_pass_info kernexec_retaddr_pass_info = {
++ .pass = &kernexec_retaddr_pass.pass,
++ .reference_pass_name = "pro_and_epilogue",
++ .ref_pass_instance_number = 0,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &kernexec_plugin_info);
++
++ for (i = 0; i < argc; ++i)
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++
++ if (TARGET_64BIT == 0 || ix86_cmodel != CM_KERNEL)
++ return 0;
++
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info);
++
++ return 0;
++}
diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
--- linux-3.0.4/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/Makefile 2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,13 @@
++++ linux-3.0.4/tools/gcc/Makefile 2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,14 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -73009,15 +73855,16 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
+
-+hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so
++hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so kernexec_plugin.so
+always := $(hostlibs-y)
+stackleak_plugin-objs := stackleak_plugin.o
+constify_plugin-objs := constify_plugin.o
+kallocstat_plugin-objs := kallocstat_plugin.o
++kernexec_plugin-objs := kernexec_plugin.o
diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c
--- linux-3.0.4/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,249 @@
++++ linux-3.0.4/tools/gcc/stackleak_plugin.c 2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,251 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -73085,7 +73932,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+ .todo_flags_finish = TODO_verify_stmts // | TODO_dump_func
++ .todo_flags_finish = TODO_verify_stmts | TODO_dump_func
+ }
+};
+
@@ -73103,7 +73950,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0,
-+ .todo_flags_finish = 0
++ .todo_flags_finish = TODO_dump_func
+ }
+};
+
@@ -73181,6 +74028,10 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ if (cfun->calls_alloca)
+ return 0;
+
++ // keep calls only if function frame is big enough
++ if (get_frame_size() >= track_frame_size)
++ return 0;
++
+ // 1. find pax_track_stack calls
+ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
+ // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil))
@@ -73200,9 +74051,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
+ if (strcmp(XSTR(body, 0), track_function))
+ continue;
+// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
-+ // 2. delete call if function frame is not big enough
-+ if (get_frame_size() >= track_frame_size)
-+ continue;
++ // 2. delete call
+ delete_insn_and_edges(insn);
+ }
+