testing/linux-grsec: upgrade to grsecurity-2.2.2-2.6.38.6-201105182052

author: Natanael Copa <ncopa@alpinelinux.org> 2011-05-19 12:36:34 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2011-05-19 12:37:13 +0000
commit: 6047e1bc08c8a837e2380d50eb0e292df7499a5a (patch)
tree: 0d249a76f49b1c16297d7ce37ef4cd77329d4ec8 /testing
parent: 01bce94deda4c683b4dad21d4af270fb15a1795b (diff)
download: aports-6047e1bc08c8a837e2380d50eb0e292df7499a5a.tar.bz2
aports-6047e1bc08c8a837e2380d50eb0e292df7499a5a.tar.xz
3 files changed, 122 insertions, 90 deletions
diff --git a/testing/linux-grsec/APKBUILD b/testing/linux-grsec/APKBUILD
index 71a4f37e1c..a2d7ed12e5 100644
--- a/testing/linux-grsec/APKBUILD
+++ b/testing/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.38.6
 _kernver=2.6.38
-pkgrel=2
+pkgrel=3
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,8 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
 	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-	grsecurity-2.2.2-2.6.38.6-201105171931.patch
-	pax_track_stack.patch
+	grsecurity-2.2.2-2.6.38.6-201105182052.patch
 	
 	0004-arp-flush-arp-cache-on-device-change.patch
 	net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
@@ -139,8 +138,7 @@ dev() {
 
 md5sums="7d471477bfa67546f902da62227fa976  linux-2.6.38.tar.bz2
 527fab8162c682ad849eb21fc30d28ef  patch-2.6.38.6.bz2
-39e6e86e7b2534975f68914a8b022ba1  grsecurity-2.2.2-2.6.38.6-201105171931.patch
-137fe947ed6b482ab7689f3bf7dfcffc  pax_track_stack.patch
+b659409d212d3a3748a5d750443d2a1b  grsecurity-2.2.2-2.6.38.6-201105182052.patch
 776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
 aa1b82da0cabfb41c5e6da5bddf60bab  net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
 ac8deebf46b61ae9dc041a013a5b80d4  kernelconfig.x86
diff --git a/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105171931.patch b/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105182052.patch
index d61a414c23..707cf4c4d2 100644
--- a/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105171931.patch
+++ b/testing/linux-grsec/grsecurity-2.2.2-2.6.38.6-201105182052.patch
@@ -11994,8 +11994,8 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/early_printk.c linux-2.6.38.6/arch/x86
  	early_console->write(early_console, buf, n);
 diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/kernel/entry_32.S
 --- linux-2.6.38.6/arch/x86/kernel/entry_32.S	2011-04-18 17:27:16.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/entry_32.S	2011-05-16 21:55:51.000000000 -0400
-@@ -183,13 +183,154 @@
++++ linux-2.6.38.6/arch/x86/kernel/entry_32.S	2011-05-18 20:23:44.000000000 -0400
+@@ -183,13 +183,146 @@
  	/*CFI_REL_OFFSET gs, PT_GS*/
  .endm
  .macro SET_KERNEL_GS reg
@@ -12030,9 +12030,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
 +ENTRY(pax_enter_kernel)
 +#ifdef CONFIG_PARAVIRT
 +	pushl %eax
-+	CFI_REL_OFFSET eax, 0
 +	pushl %ecx
-+	CFI_REL_OFFSET ecx, 0
 +	call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
 +	mov %eax, %esi
 +#else
@@ -12055,9 +12053,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
 +3:
 +#ifdef CONFIG_PARAVIRT
 +	popl %ecx
-+	CFI_RESTORE ecx
 +	popl %eax
-+	CFI_RESTORE eax
 +#endif
 +	ret
 +ENDPROC(pax_enter_kernel)
@@ -12065,9 +12061,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
 +ENTRY(pax_exit_kernel)
 +#ifdef CONFIG_PARAVIRT
 +	pushl %eax
-+	CFI_REL_OFFSET eax, 0
 +	pushl %ecx
-+	CFI_REL_OFFSET ecx, 0
 +#endif
 +	mov %cs, %esi
 +	cmp $__KERNEXEC_KERNEL_CS, %esi
@@ -12090,9 +12084,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
 +2:
 +#ifdef CONFIG_PARAVIRT
 +	popl %ecx
-+	CFI_RESTORE ecx
 +	popl %eax
-+	CFI_RESTORE eax
 +#endif
 +	ret
 +ENDPROC(pax_exit_kernel)
@@ -12151,7 +12143,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	cld
  	PUSH_GS
  	pushl_cfi %fs
-@@ -212,7 +353,7 @@
+@@ -212,7 +345,7 @@
  	CFI_REL_OFFSET ecx, 0
  	pushl_cfi %ebx
  	CFI_REL_OFFSET ebx, 0
@@ -12160,7 +12152,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	movl %edx, %ds
  	movl %edx, %es
  	movl $(__KERNEL_PERCPU), %edx
-@@ -220,6 +361,15 @@
+@@ -220,6 +353,15 @@
  	SET_KERNEL_GS %edx
  .endm
  
@@ -12176,7 +12168,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  .macro RESTORE_INT_REGS
  	popl_cfi %ebx
  	CFI_RESTORE ebx
-@@ -330,7 +480,15 @@ check_userspace:
+@@ -330,7 +472,15 @@ check_userspace:
  	movb PT_CS(%esp), %al
  	andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
  	cmpl $USER_RPL, %eax
@@ -12192,7 +12184,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  
  ENTRY(resume_userspace)
  	LOCKDEP_SYS_EXIT
-@@ -392,23 +550,34 @@ sysenter_past_esp:
+@@ -392,23 +542,34 @@ sysenter_past_esp:
  	/*CFI_REL_OFFSET cs, 0*/
  	/*
  	 * Push current_thread_info()->sysenter_return to the stack.
@@ -12230,7 +12222,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	movl %ebp,PT_EBP(%esp)
  .section __ex_table,"a"
  	.align 4
-@@ -431,12 +600,23 @@ sysenter_do_call:
+@@ -431,12 +592,23 @@ sysenter_do_call:
  	testl $_TIF_ALLWORK_MASK, %ecx
  	jne sysexit_audit
  sysenter_exit:
@@ -12254,7 +12246,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	PTGS_TO_GS
  	ENABLE_INTERRUPTS_SYSEXIT
  
-@@ -479,11 +659,17 @@ sysexit_audit:
+@@ -479,11 +651,17 @@ sysexit_audit:
  
  	CFI_ENDPROC
  .pushsection .fixup,"ax"
@@ -12274,7 +12266,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  .popsection
  	PTGS_TO_GS_EX
  ENDPROC(ia32_sysenter_target)
-@@ -516,6 +702,12 @@ syscall_exit:
+@@ -516,6 +694,12 @@ syscall_exit:
  	testl $_TIF_ALLWORK_MASK, %ecx	# current->work
  	jne syscall_exit_work
  
@@ -12287,7 +12279,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  restore_all:
  	TRACE_IRQS_IRET
  restore_all_notrace:
-@@ -575,14 +767,21 @@ ldt_ss:
+@@ -575,14 +759,21 @@ ldt_ss:
   * compensating for the offset by changing to the ESPFIX segment with
   * a base address that matches for the difference.
   */
@@ -12312,7 +12304,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	pushl_cfi $__ESPFIX_SS
  	pushl_cfi %eax			/* new kernel esp */
  	/* Disable interrupts, but do not irqtrace this section: we
-@@ -617,23 +816,17 @@ work_resched:
+@@ -617,23 +808,17 @@ work_resched:
  
  work_notifysig:				# deal with pending signals and
  					# notify-resume requests
@@ -12339,7 +12331,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  #endif
  	xorl %edx, %edx
  	call do_notify_resume
-@@ -668,6 +861,10 @@ END(syscall_exit_work)
+@@ -668,6 +853,10 @@ END(syscall_exit_work)
  
  	RING0_INT_FRAME			# can't unwind into user space anyway
  syscall_fault:
@@ -12350,7 +12342,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	GET_THREAD_INFO(%ebp)
  	movl $-EFAULT,PT_EAX(%esp)
  	jmp resume_userspace
-@@ -750,6 +947,36 @@ ptregs_clone:
+@@ -750,6 +939,36 @@ ptregs_clone:
  	CFI_ENDPROC
  ENDPROC(ptregs_clone)
  
@@ -12387,7 +12379,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  .macro FIXUP_ESPFIX_STACK
  /*
   * Switch back for ESPFIX stack to the normal zerobased stack
-@@ -759,8 +986,15 @@ ENDPROC(ptregs_clone)
+@@ -759,8 +978,15 @@ ENDPROC(ptregs_clone)
   * normal stack and adjusts ESP with the matching offset.
   */
  	/* fixup the stack */
@@ -12405,7 +12397,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	shl $16, %eax
  	addl %esp, %eax			/* the adjusted stack pointer */
  	pushl_cfi $__KERNEL_DS
-@@ -1211,7 +1445,6 @@ return_to_handler:
+@@ -1211,7 +1437,6 @@ return_to_handler:
  	jmp *%ecx
  #endif
  
@@ -12413,7 +12405,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  #include "syscall_table_32.S"
  
  syscall_table_size=(.-sys_call_table)
-@@ -1257,9 +1490,12 @@ error_code:
+@@ -1257,9 +1482,12 @@ error_code:
  	movl $-1, PT_ORIG_EAX(%esp)	# no syscall to restart
  	REG_TO_PTGS %ecx
  	SET_KERNEL_GS %ecx
@@ -12427,7 +12419,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	TRACE_IRQS_OFF
  	movl %esp,%eax			# pt_regs pointer
  	call *%edi
-@@ -1344,6 +1580,9 @@ nmi_stack_correct:
+@@ -1344,6 +1572,9 @@ nmi_stack_correct:
  	xorl %edx,%edx		# zero error code
  	movl %esp,%eax		# pt_regs pointer
  	call do_nmi
@@ -12437,7 +12429,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	jmp restore_all_notrace
  	CFI_ENDPROC
  
-@@ -1380,6 +1619,9 @@ nmi_espfix_stack:
+@@ -1380,6 +1611,9 @@ nmi_espfix_stack:
  	FIXUP_ESPFIX_STACK		# %eax == %esp
  	xorl %edx,%edx			# zero error code
  	call do_nmi
@@ -12449,7 +12441,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_32.S linux-2.6.38.6/arch/x86/ker
  	CFI_ADJUST_CFA_OFFSET -24
 diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/kernel/entry_64.S
 --- linux-2.6.38.6/arch/x86/kernel/entry_64.S	2011-04-18 17:27:13.000000000 -0400
-+++ linux-2.6.38.6/arch/x86/kernel/entry_64.S	2011-05-16 22:04:15.000000000 -0400
++++ linux-2.6.38.6/arch/x86/kernel/entry_64.S	2011-05-18 20:23:44.000000000 -0400
 @@ -53,6 +53,7 @@
  #include <asm/paravirt.h>
  #include <asm/ftrace.h>
@@ -12458,7 +12450,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  
  /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this.  */
  #include <linux/elf-em.h>
-@@ -174,6 +175,252 @@ ENTRY(native_usergs_sysret64)
+@@ -174,6 +175,253 @@ ENTRY(native_usergs_sysret64)
  ENDPROC(native_usergs_sysret64)
  #endif /* CONFIG_PARAVIRT */
  
@@ -12675,6 +12667,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
 +	pushq %rdi
 +	pushq %rax
 +
++	GET_THREAD_INFO(%r10)
 +	mov TI_lowest_stack(%r10), %rdi
 +	mov $-0xBEEF, %rax
 +	std
@@ -12711,7 +12704,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  
  .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
  #ifdef CONFIG_TRACE_IRQFLAGS
-@@ -316,7 +563,7 @@ ENTRY(save_args)
+@@ -316,7 +564,7 @@ ENTRY(save_args)
  	leaq -RBP+8(%rsp),%rdi	/* arg1 for handler */
  	movq_cfi rbp, 8		/* push %rbp */
  	leaq 8(%rsp), %rbp		/* mov %rsp, %ebp */
@@ -12720,7 +12713,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	je 1f
  	SWAPGS
  	/*
-@@ -407,7 +654,7 @@ ENTRY(ret_from_fork)
+@@ -407,7 +655,7 @@ ENTRY(ret_from_fork)
  
  	RESTORE_REST
  
@@ -12729,7 +12722,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	je   int_ret_from_sys_call
  
  	testl $_TIF_IA32, TI_flags(%rcx)	# 32-bit compat task needs IRET
-@@ -453,7 +700,7 @@ END(ret_from_fork)
+@@ -453,7 +701,7 @@ END(ret_from_fork)
  ENTRY(system_call)
  	CFI_STARTPROC	simple
  	CFI_SIGNAL_FRAME
@@ -12738,7 +12731,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	CFI_REGISTER	rip,rcx
  	/*CFI_REGISTER	rflags,r11*/
  	SWAPGS_UNSAFE_STACK
-@@ -466,12 +713,13 @@ ENTRY(system_call_after_swapgs)
+@@ -466,12 +714,13 @@ ENTRY(system_call_after_swapgs)
  
  	movq	%rsp,PER_CPU_VAR(old_rsp)
  	movq	PER_CPU_VAR(kernel_stack),%rsp
@@ -12753,7 +12746,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	movq  %rax,ORIG_RAX-ARGOFFSET(%rsp)
  	movq  %rcx,RIP-ARGOFFSET(%rsp)
  	CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -500,6 +748,7 @@ sysret_check:
+@@ -500,6 +749,7 @@ sysret_check:
  	andl %edi,%edx
  	jnz  sysret_careful
  	CFI_REMEMBER_STATE
@@ -12761,7 +12754,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	/*
  	 * sysretq will re-enable interrupts:
  	 */
-@@ -609,7 +858,7 @@ tracesys:
+@@ -609,7 +859,7 @@ tracesys:
  GLOBAL(int_ret_from_sys_call)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
@@ -12770,7 +12763,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	je retint_restore_args
  	movl $_TIF_ALLWORK_MASK,%edi
  	/* edi:	mask to check */
-@@ -791,6 +1040,16 @@ END(interrupt)
+@@ -791,6 +1041,16 @@ END(interrupt)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
  	call save_args
  	PARTIAL_FRAME 0
@@ -12787,7 +12780,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	call \func
  	.endm
  
-@@ -823,7 +1082,7 @@ ret_from_intr:
+@@ -823,7 +1083,7 @@ ret_from_intr:
  	CFI_ADJUST_CFA_OFFSET	-8
  exit_intr:
  	GET_THREAD_INFO(%rcx)
@@ -12796,7 +12789,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -845,12 +1104,14 @@ retint_swapgs:		/* return to user-space 
+@@ -845,12 +1105,14 @@ retint_swapgs:		/* return to user-space 
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
@@ -12811,7 +12804,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
-@@ -1022,6 +1283,16 @@ ENTRY(\sym)
+@@ -1022,6 +1284,16 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -12828,7 +12821,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
  	call \do_sym
-@@ -1039,6 +1310,16 @@ ENTRY(\sym)
+@@ -1039,6 +1311,16 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -12845,7 +12838,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
  	call \do_sym
-@@ -1047,7 +1328,7 @@ ENTRY(\sym)
+@@ -1047,7 +1329,7 @@ ENTRY(\sym)
  END(\sym)
  .endm
  
@@ -12854,7 +12847,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  .macro paranoidzeroentry_ist sym do_sym ist
  ENTRY(\sym)
  	INTR_FRAME
-@@ -1057,8 +1338,24 @@ ENTRY(\sym)
+@@ -1057,8 +1339,24 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -12879,7 +12872,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
  	call \do_sym
  	addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1075,6 +1372,16 @@ ENTRY(\sym)
+@@ -1075,6 +1373,16 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -12896,7 +12889,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	movq %rsp,%rdi			/* pt_regs pointer */
  	movq ORIG_RAX(%rsp),%rsi	/* get error code */
  	movq $-1,ORIG_RAX(%rsp)		/* no syscall to restart */
-@@ -1094,6 +1401,16 @@ ENTRY(\sym)
+@@ -1094,6 +1402,16 @@ ENTRY(\sym)
  	call save_paranoid
  	DEFAULT_FRAME 0
  	TRACE_IRQS_OFF
@@ -12913,7 +12906,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	movq %rsp,%rdi			/* pt_regs pointer */
  	movq ORIG_RAX(%rsp),%rsi	/* get error code */
  	movq $-1,ORIG_RAX(%rsp)		/* no syscall to restart */
-@@ -1356,14 +1673,27 @@ ENTRY(paranoid_exit)
+@@ -1356,14 +1674,27 @@ ENTRY(paranoid_exit)
  	TRACE_IRQS_OFF
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz paranoid_restore
@@ -12942,7 +12935,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	TRACE_IRQS_IRETQ 0
  	RESTORE_ALL 8
  	jmp irq_return
-@@ -1421,7 +1751,7 @@ ENTRY(error_entry)
+@@ -1421,7 +1752,7 @@ ENTRY(error_entry)
  	movq_cfi r14, R14+8
  	movq_cfi r15, R15+8
  	xorl %ebx,%ebx
@@ -12951,7 +12944,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	je error_kernelspace
  error_swapgs:
  	SWAPGS
-@@ -1485,6 +1815,16 @@ ENTRY(nmi)
+@@ -1485,6 +1816,16 @@ ENTRY(nmi)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	DEFAULT_FRAME 0
@@ -12968,7 +12961,7 @@ diff -urNp linux-2.6.38.6/arch/x86/kernel/entry_64.S linux-2.6.38.6/arch/x86/ker
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
  	movq $-1,%rsi
-@@ -1495,11 +1835,25 @@ ENTRY(nmi)
+@@ -1495,11 +1836,25 @@ ENTRY(nmi)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz nmi_restore
@@ -22501,16 +22494,25 @@ diff -urNp linux-2.6.38.6/crypto/serpent.c linux-2.6.38.6/crypto/serpent.c
  	for (i = 0; i < keylen; ++i)
 diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/dontdiff
 --- linux-2.6.38.6/Documentation/dontdiff	2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/Documentation/dontdiff	2011-04-28 19:34:15.000000000 -0400
-@@ -3,6 +3,7 @@
++++ linux-2.6.38.6/Documentation/dontdiff	2011-05-18 20:23:44.000000000 -0400
+@@ -1,13 +1,16 @@
+ *.a
+ *.aux
  *.bin
++*.cis
  *.cpio
  *.csp
 +*.dbg
  *.dsp
  *.dvi
  *.elf
-@@ -38,8 +39,10 @@
+ *.eps
+ *.fw
++*.gcno
+ *.gen.S
+ *.gif
+ *.grep
+@@ -38,8 +41,10 @@
  *.tab.h
  *.tex
  *.ver
@@ -22521,7 +22523,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  *_vga16.c
  *~
  *.9
-@@ -49,11 +52,16 @@
+@@ -49,11 +54,16 @@
  53c700_d.h
  CVS
  ChangeSet
@@ -22538,8 +22540,11 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  SCCS
  System.map*
  TAGS
-@@ -82,6 +90,8 @@ bvmlinux
+@@ -80,8 +90,11 @@ btfixupprep
+ build
+ bvmlinux
  bzImage*
++capability_names.h
  capflags.c
  classlist.h*
 +clut_vga16.c
@@ -22547,7 +22552,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  comp*.log
  compile.h*
  conf
-@@ -106,16 +116,19 @@ fore200e_mkfirm
+@@ -106,16 +119,19 @@ fore200e_mkfirm
  fore200e_pca_fw.c*
  gconf
  gen-devlist
@@ -22567,7 +22572,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  initramfs_data.cpio.gz
  initramfs_list
  int16.c
-@@ -125,7 +138,6 @@ int32.c
+@@ -125,7 +141,6 @@ int32.c
  int4.c
  int8.c
  kallsyms
@@ -22575,7 +22580,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  keywords.c
  ksym.c*
  ksym.h*
-@@ -149,7 +161,9 @@ mkboot
+@@ -149,7 +164,9 @@ mkboot
  mkbugboot
  mkcpustr
  mkdep
@@ -22585,7 +22590,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  mktables
  mktree
  modpost
-@@ -165,6 +179,7 @@ parse.h
+@@ -165,6 +182,7 @@ parse.h
  patches*
  pca200e.bin
  pca200e_ecd.bin2
@@ -22593,15 +22598,17 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  piggy.gz
  piggyback
  piggy.S
-@@ -180,6 +195,7 @@ r600_reg_safe.h
+@@ -180,7 +198,9 @@ r600_reg_safe.h
  raid6altivec*.c
  raid6int*.c
  raid6tables.c
 +regdb.c
  relocs
++rlim_names.h
  rn50_reg_safe.h
  rs600_reg_safe.h
-@@ -189,6 +205,7 @@ setup
+ rv515_reg_safe.h
+@@ -189,6 +209,7 @@ setup
  setup.bin
  setup.elf
  sImage
@@ -22609,7 +22616,7 @@ diff -urNp linux-2.6.38.6/Documentation/dontdiff linux-2.6.38.6/Documentation/do
  sm_tbl*
  split-include
  syscalltab.h
-@@ -213,13 +230,17 @@ version.h*
+@@ -213,13 +234,17 @@ version.h*
  vmlinux
  vmlinux-*
  vmlinux.aout
@@ -28801,8 +28808,16 @@ diff -urNp linux-2.6.38.6/drivers/input/input.c linux-2.6.38.6/drivers/input/inp
  	if (error)
 diff -urNp linux-2.6.38.6/drivers/input/joystick/sidewinder.c linux-2.6.38.6/drivers/input/joystick/sidewinder.c
 --- linux-2.6.38.6/drivers/input/joystick/sidewinder.c	2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/drivers/input/joystick/sidewinder.c	2011-05-16 21:47:08.000000000 -0400
-@@ -428,6 +428,8 @@ static int sw_read(struct sw *sw)
++++ linux-2.6.38.6/drivers/input/joystick/sidewinder.c	2011-05-18 20:23:44.000000000 -0400
+@@ -30,6 +30,7 @@
+ #include <linux/kernel.h>
+ #include <linux/module.h>
+ #include <linux/slab.h>
++#include <linux/sched.h>
+ #include <linux/init.h>
+ #include <linux/input.h>
+ #include <linux/gameport.h>
+@@ -428,6 +429,8 @@ static int sw_read(struct sw *sw)
  	unsigned char buf[SW_LENGTH];
  	int i;
  
@@ -30777,8 +30792,16 @@ diff -urNp linux-2.6.38.6/drivers/mtd/nftlcore.c linux-2.6.38.6/drivers/mtd/nftl
  
 diff -urNp linux-2.6.38.6/drivers/mtd/nftlmount.c linux-2.6.38.6/drivers/mtd/nftlmount.c
 --- linux-2.6.38.6/drivers/mtd/nftlmount.c	2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/drivers/mtd/nftlmount.c	2011-05-16 21:47:08.000000000 -0400
-@@ -45,6 +45,8 @@ static int find_boot_record(struct NFTLr
++++ linux-2.6.38.6/drivers/mtd/nftlmount.c	2011-05-18 20:23:44.000000000 -0400
+@@ -24,6 +24,7 @@
+ #include <asm/errno.h>
+ #include <linux/delay.h>
+ #include <linux/slab.h>
++#include <linux/sched.h>
+ #include <linux/mtd/mtd.h>
+ #include <linux/mtd/nand.h>
+ #include <linux/mtd/nftl.h>
+@@ -45,6 +46,8 @@ static int find_boot_record(struct NFTLr
  	struct mtd_info *mtd = nftl->mbd.mtd;
  	unsigned int i;
  
@@ -31203,8 +31226,16 @@ diff -urNp linux-2.6.38.6/drivers/net/ksz884x.c linux-2.6.38.6/drivers/net/ksz88
  	for (i = 0, p = port->first_port; i < port->mib_port_cnt; i++, p++) {
 diff -urNp linux-2.6.38.6/drivers/net/mlx4/main.c linux-2.6.38.6/drivers/net/mlx4/main.c
 --- linux-2.6.38.6/drivers/net/mlx4/main.c	2011-03-14 21:20:32.000000000 -0400
-+++ linux-2.6.38.6/drivers/net/mlx4/main.c	2011-05-16 21:47:08.000000000 -0400
-@@ -737,6 +737,8 @@ static int mlx4_init_hca(struct mlx4_dev
++++ linux-2.6.38.6/drivers/net/mlx4/main.c	2011-05-18 20:23:44.000000000 -0400
+@@ -39,6 +39,7 @@
+ #include <linux/pci.h>
+ #include <linux/dma-mapping.h>
+ #include <linux/slab.h>
++#include <linux/sched.h>
+ 
+ #include <linux/mlx4/device.h>
+ #include <linux/mlx4/doorbell.h>
+@@ -737,6 +738,8 @@ static int mlx4_init_hca(struct mlx4_dev
  	u64 icm_size;
  	int err;
  
@@ -55836,7 +55867,7 @@ diff -urNp linux-2.6.38.6/include/linux/rmap.h linux-2.6.38.6/include/linux/rmap
  
 diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sched.h
 --- linux-2.6.38.6/include/linux/sched.h	2011-04-22 19:20:59.000000000 -0400
-+++ linux-2.6.38.6/include/linux/sched.h	2011-05-16 21:50:36.000000000 -0400
++++ linux-2.6.38.6/include/linux/sched.h	2011-05-18 20:23:44.000000000 -0400
 @@ -99,6 +99,7 @@ struct robust_list_head;
  struct bio_list;
  struct fs_struct;
@@ -55974,7 +56005,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch
  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
  	/* Index of current stored address in ret_stack */
  	int curr_ret_stack;
-@@ -1533,6 +1574,62 @@ struct task_struct {
+@@ -1533,6 +1574,63 @@ struct task_struct {
  #endif
  };
  
@@ -56027,9 +56058,10 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch
 +{
 +
 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+	if (current_thread_info()->lowest_stack > current_stack_pointer &&
-+	    (unsigned long)task_stack_page(current) < current_stack_pointer)
-+		current_thread_info()->lowest_stack = current_stack_pointer;
++	unsigned long sp = current_stack_pointer;
++	if (current_thread_info()->lowest_stack > sp &&
++	    (unsigned long)task_stack_page(current) < sp)
++		current_thread_info()->lowest_stack = sp;
 +#endif
 +
 +}
@@ -56037,7 +56069,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch
  /* Future-safe accessor for struct task_struct's cpus_allowed. */
  #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
  
-@@ -2002,7 +2099,9 @@ void yield(void);
+@@ -2002,7 +2100,9 @@ void yield(void);
  extern struct exec_domain	default_exec_domain;
  
  union thread_union {
@@ -56047,7 +56079,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch
  	unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  
-@@ -2172,7 +2271,7 @@ extern void __cleanup_sighand(struct sig
+@@ -2172,7 +2272,7 @@ extern void __cleanup_sighand(struct sig
  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  
@@ -56056,7 +56088,7 @@ diff -urNp linux-2.6.38.6/include/linux/sched.h linux-2.6.38.6/include/linux/sch
  
  extern void daemonize(const char *, ...);
  extern int allow_signal(int);
-@@ -2313,13 +2412,17 @@ static inline unsigned long *end_of_stac
+@@ -2313,13 +2413,17 @@ static inline unsigned long *end_of_stac
  
  #endif
  
@@ -64926,7 +64958,7 @@ diff -urNp linux-2.6.38.6/mm/rmap.c linux-2.6.38.6/mm/rmap.c
  	struct anon_vma *anon_vma;
 diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.38.6/mm/shmem.c
 --- linux-2.6.38.6/mm/shmem.c	2011-04-18 17:27:16.000000000 -0400
-+++ linux-2.6.38.6/mm/shmem.c	2011-05-16 21:47:08.000000000 -0400
++++ linux-2.6.38.6/mm/shmem.c	2011-05-18 20:23:44.000000000 -0400
 @@ -31,7 +31,7 @@
  #include <linux/percpu_counter.h>
  #include <linux/swap.h>
@@ -64959,7 +64991,7 @@ diff -urNp linux-2.6.38.6/mm/shmem.c linux-2.6.38.6/mm/shmem.c
  	info = SHMEM_I(inode);
  	inode->i_size = len-1;
 -	if (len <= (char *)inode - (char *)info) {
-+	if (len <= min((char *)inode - (char *)info, 64)) {
++	if (len <= (char *)inode - (char *)info && len <= 64) {
  		/* do it inline */
  		memcpy(info, symname, len);
  		inode->i_op = &shmem_symlink_inline_operations;
@@ -70457,6 +70489,18 @@ diff -urNp linux-2.6.38.6/security/selinux/hooks.c linux-2.6.38.6/security/selin
  	.name =				"selinux",
  
  	.ptrace_access_check =		selinux_ptrace_access_check,
+diff -urNp linux-2.6.38.6/security/selinux/include/xfrm.h linux-2.6.38.6/security/selinux/include/xfrm.h
+--- linux-2.6.38.6/security/selinux/include/xfrm.h	2011-03-14 21:20:32.000000000 -0400
++++ linux-2.6.38.6/security/selinux/include/xfrm.h	2011-05-18 20:23:44.000000000 -0400
+@@ -48,7 +48,7 @@ int selinux_xfrm_decode_session(struct s
+ 
+ static inline void selinux_xfrm_notify_policyload(void)
+ {
+-	atomic_inc(&flow_cache_genid);
++	atomic_inc_unchecked(&flow_cache_genid);
+ }
+ #else
+ static inline int selinux_xfrm_enabled(void)
 diff -urNp linux-2.6.38.6/security/selinux/ss/services.c linux-2.6.38.6/security/selinux/ss/services.c
 --- linux-2.6.38.6/security/selinux/ss/services.c	2011-03-14 21:20:32.000000000 -0400
 +++ linux-2.6.38.6/security/selinux/ss/services.c	2011-05-16 21:47:09.000000000 -0400
diff --git a/testing/linux-grsec/pax_track_stack.patch b/testing/linux-grsec/pax_track_stack.patch
deleted file mode 100644
index f4d8d7827e..0000000000
--- a/testing/linux-grsec/pax_track_stack.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- ./drivers/net/mlx4/main.c.orig
-+++ ./drivers/net/mlx4/main.c
-@@ -39,6 +39,7 @@
- #include <linux/pci.h>
- #include <linux/dma-mapping.h>
- #include <linux/slab.h>
-+#include <linux/sched.h>
- 
- #include <linux/mlx4/device.h>
- #include <linux/mlx4/doorbell.h>
author	Natanael Copa <ncopa@alpinelinux.org>	2011-05-19 12:36:34 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2011-05-19 12:37:13 +0000
commit	6047e1bc08c8a837e2380d50eb0e292df7499a5a (patch)
tree	0d249a76f49b1c16297d7ce37ef4cd77329d4ec8 /testing
parent	01bce94deda4c683b4dad21d4af270fb15a1795b (diff)
download	aports-6047e1bc08c8a837e2380d50eb0e292df7499a5a.tar.bz2 aports-6047e1bc08c8a837e2380d50eb0e292df7499a5a.tar.xz