aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD10
-rw-r--r--main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908051916.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908041752.patch)147
-rw-r--r--main/linux-grsec/kernelconfig18
3 files changed, 92 insertions, 83 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index c5a1d3f9e3..08e386e29b 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.4
_kernver=2.6.30
-pkgrel=1
+pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
@@ -13,7 +13,7 @@ _config=${config:-kernelconfig}
install="$pkgname.post-install $pkgname.post-upgrade"
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.1.14-2.6.30.4-200908041752.patch
+ grsecurity-2.1.14-2.6.30.4-200908051916.patch
linux-nbma-mroute-v4-2.6.30.diff
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
@@ -27,7 +27,7 @@ _abi_release=${pkgver}-${_flavor}
_prepare() {
cd "$srcdir"/linux-$_kernver
if [ "$_kernver" != "$pkgver" ]; then
- bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 || return 1
+ bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
fi
for i in ../*.diff ../*.patch; do
@@ -113,9 +113,9 @@ dev() {
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
d0fc44b54ba5953140b3f2aa9a1f2580 patch-2.6.30.4.bz2
-7d9fd867108074ec9dcc9d2385ff1e7b grsecurity-2.1.14-2.6.30.4-200908041752.patch
+9a0d6d6ce67289e24c6e3ef4441b6388 grsecurity-2.1.14-2.6.30.4-200908051916.patch
7420c0b1095335990313656b114e1379 linux-nbma-mroute-v4-2.6.30.diff
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
-13bdad159b0d99281c931a7dcb7d31ae kernelconfig
+60adb085be0ab268c0f27279ae2b2bab kernelconfig
2834240b15805b248ef2a973b1ad4416 linux-grsec.post-install
2834240b15805b248ef2a973b1ad4416 linux-grsec.post-upgrade"
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908041752.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908051916.patch
index 799132a383..5d0902c211 100644
--- a/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908041752.patch
+++ b/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908051916.patch
@@ -8652,7 +8652,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head32.c linux-2.6.30.4/arch/x86/kerne
/* Reserve INITRD */
diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kernel/head_32.S
--- linux-2.6.30.4/arch/x86/kernel/head_32.S 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/kernel/head_32.S 2009-07-30 19:56:23.400350396 -0400
++++ linux-2.6.30.4/arch/x86/kernel/head_32.S 2009-08-05 19:08:00.458589400 -0400
@@ -20,6 +20,7 @@
#include <asm/setup.h>
#include <asm/processor-flags.h>
@@ -8703,10 +8703,11 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
ENTRY(startup_32)
/* test KEEP_SEGMENTS flag to see if the bootloader is asking
us to not reload segments */
-@@ -98,6 +110,56 @@ ENTRY(startup_32)
+@@ -98,6 +110,58 @@ ENTRY(startup_32)
movl %eax,%gs
2:
++#ifdef CONFIG_SMP
+ movl $pa(cpu_gdt_table),%edi
+ movl $__per_cpu_load,%eax
+ movw %ax,__KERNEL_PERCPU + 2(%edi)
@@ -8716,6 +8717,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
+ movl $__per_cpu_end - 1,%eax
+ subl $__per_cpu_load,%eax
+ movw %ax,__KERNEL_PERCPU + 0(%edi)
++#endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ /* check for VMware */
@@ -8760,7 +8762,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
/*
* Clear BSS first so that there are no surprises...
*/
-@@ -141,9 +203,7 @@ ENTRY(startup_32)
+@@ -141,9 +205,7 @@ ENTRY(startup_32)
cmpl $num_subarch_entries, %eax
jae bad_subarch
@@ -8771,7 +8773,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
bad_subarch:
WEAK(lguest_entry)
-@@ -155,9 +215,9 @@ WEAK(xen_entry)
+@@ -155,9 +217,9 @@ WEAK(xen_entry)
__INITDATA
subarch_entries:
@@ -8784,7 +8786,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
num_subarch_entries = (. - subarch_entries) / 4
.previous
#endif /* CONFIG_PARAVIRT */
-@@ -218,8 +278,14 @@ default_entry:
+@@ -218,8 +280,14 @@ default_entry:
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -8801,7 +8803,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
#else /* Not PAE */
page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -249,8 +315,14 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -249,8 +317,14 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -8818,7 +8820,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
#endif
jmp 3f
/*
-@@ -314,13 +386,16 @@ ENTRY(startup_32_smp)
+@@ -314,13 +388,16 @@ ENTRY(startup_32_smp)
jnc 6f
/* Setup EFER (Extended Feature Enable Register) */
@@ -8836,7 +8838,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
6:
/*
-@@ -346,9 +421,7 @@ ENTRY(startup_32_smp)
+@@ -346,9 +423,7 @@ ENTRY(startup_32_smp)
#ifdef CONFIG_SMP
cmpb $0, ready
@@ -8847,7 +8849,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
#endif /* CONFIG_SMP */
/*
-@@ -426,7 +499,7 @@ is386: movl $2,%ecx # set MP
+@@ -426,7 +501,7 @@ is386: movl $2,%ecx # set MP
1: movl $(__KERNEL_DS),%eax # reload all the segment registers
movl %eax,%ss # after changing gdt.
@@ -8856,18 +8858,20 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
movl %eax,%ds
movl %eax,%es
-@@ -440,8 +513,9 @@ is386: movl $2,%ecx # set MP
+@@ -440,8 +515,11 @@ is386: movl $2,%ecx # set MP
*/
cmpb $0,ready
jne 1f
- movl $per_cpu__gdt_page,%eax
+ movl $cpu_gdt_table,%eax
movl $per_cpu__stack_canary,%ecx
++#ifdef CONFIG_SMP
+ addl $__per_cpu_load,%ecx
++#endif
subl $20, %ecx
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
-@@ -460,10 +534,6 @@ is386: movl $2,%ecx # set MP
+@@ -460,10 +538,6 @@ is386: movl $2,%ecx # set MP
#ifdef CONFIG_SMP
movb ready, %cl
movb $1, ready
@@ -8878,7 +8882,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
#endif /* CONFIG_SMP */
jmp *(initial_code)
-@@ -549,22 +619,22 @@ early_page_fault:
+@@ -549,22 +623,22 @@ early_page_fault:
jmp early_fault
early_fault:
@@ -8906,7 +8910,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
hlt_loop:
hlt
jmp hlt_loop
-@@ -572,8 +642,11 @@ hlt_loop:
+@@ -572,8 +646,11 @@ hlt_loop:
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -8919,7 +8923,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
pushl %eax
pushl %ecx
pushl %edx
-@@ -582,9 +655,6 @@ ignore_int:
+@@ -582,9 +659,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -8929,7 +8933,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -608,37 +678,49 @@ ignore_int:
+@@ -608,37 +682,49 @@ ignore_int:
ENTRY(initial_code)
.long i386_start_kernel
@@ -8960,13 +8964,13 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
+ .fill 1024,4,0
+
+ENTRY(swapper_pg_fixmap1)
-+ .fill 1024,4,0
+ .fill 1024,4,0
+
+ENTRY(swapper_pg_fixmap2)
+ .fill 1024,4,0
+
+ENTRY(swapper_pg_fixmap3)
- .fill 1024,4,0
++ .fill 1024,4,0
+
+.section .empty_zero_page,"a",@progbits
ENTRY(empty_zero_page)
@@ -8992,7 +8996,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
ENTRY(swapper_pg_dir)
.long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -661,11 +743,12 @@ ENTRY(swapper_pg_dir)
+@@ -661,11 +747,12 @@ ENTRY(swapper_pg_dir)
.data
ENTRY(stack_start)
@@ -9006,7 +9010,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
early_recursion_flag:
.long 0
-@@ -701,7 +784,7 @@ fault_msg:
+@@ -701,7 +788,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -9015,7 +9019,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -712,7 +795,7 @@ idt_descr:
+@@ -712,7 +799,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -9024,7 +9028,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -721,5 +804,59 @@ ENTRY(early_gdt_descr)
+@@ -721,5 +808,59 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -10165,7 +10169,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/process_64.c linux-2.6.30.4/arch/x86/k
-}
diff -urNp linux-2.6.30.4/arch/x86/kernel/process.c linux-2.6.30.4/arch/x86/kernel/process.c
--- linux-2.6.30.4/arch/x86/kernel/process.c 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/kernel/process.c 2009-07-30 09:48:09.950702241 -0400
++++ linux-2.6.30.4/arch/x86/kernel/process.c 2009-08-05 19:08:00.495411211 -0400
@@ -71,7 +71,7 @@ void exit_thread(void)
unsigned long *bp = t->io_bitmap_ptr;
@@ -10179,7 +10183,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/process.c linux-2.6.30.4/arch/x86/kern
clear_tsk_thread_flag(tsk, TIF_DEBUG);
-+#ifndef CONFIG_CC_STACKPROTECTOR
++#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR)
+ loadsegment(gs, 0);
+#endif
tsk->thread.debugreg0 = 0;
@@ -10301,7 +10305,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/setup.c linux-2.6.30.4/arch/x86/kernel
bss_resource.end = virt_to_phys(&__bss_stop)-1;
diff -urNp linux-2.6.30.4/arch/x86/kernel/setup_percpu.c linux-2.6.30.4/arch/x86/kernel/setup_percpu.c
--- linux-2.6.30.4/arch/x86/kernel/setup_percpu.c 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/kernel/setup_percpu.c 2009-08-04 17:52:34.388856060 -0400
++++ linux-2.6.30.4/arch/x86/kernel/setup_percpu.c 2009-08-05 19:08:00.518752374 -0400
@@ -25,19 +25,17 @@
# define DBG(x...)
#endif
@@ -10325,33 +10329,30 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/setup_percpu.c linux-2.6.30.4/arch/x86
[0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
};
EXPORT_SYMBOL(__per_cpu_offset);
-@@ -333,16 +331,18 @@ out_free_ar:
- return ret;
- }
-
--static inline void setup_percpu_segment(int cpu)
-+static inline void setup_percpu_segment(int cpu, size_t size)
+@@ -336,13 +334,15 @@ out_free_ar:
+ static inline void setup_percpu_segment(int cpu)
{
#ifdef CONFIG_X86_32
- struct desc_struct gdt;
-+ struct desc_struct d, *gdt = get_cpu_gdt_table(cpu);
-+ unsigned long base;
-
+-
- pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF,
- 0x2 | DESCTYPE_S, 0x8);
- gdt.s = 1;
- write_gdt_entry(get_cpu_gdt_table(cpu),
- GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
-+ base = per_cpu_offset(cpu);
-+ if (size <= 64*1024)
-+ pack_descriptor(&d, base, size-1, 0x80 | DESCTYPE_S | 0x3, 0x4);
++ struct desc_struct d, *gdt = get_cpu_gdt_table(cpu);
++ unsigned long base = per_cpu_offset(cpu);
++ const unsigned long limit = VMALLOC_END - base - 1;
++
++ if (limit < 64*1024)
++ pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4);
+ else
-+ pack_descriptor(&d, base, (size-1) >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
++ pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
+ write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
#endif
}
-@@ -381,10 +381,15 @@ void __init setup_per_cpu_areas(void)
+@@ -381,6 +381,11 @@ void __init setup_per_cpu_areas(void)
/* alrighty, percpu areas up and running */
delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
for_each_possible_cpu(cpu) {
@@ -10363,11 +10364,6 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/setup_percpu.c linux-2.6.30.4/arch/x86
per_cpu_offset(cpu) = delta + cpu * pcpu_unit_size;
per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
per_cpu(cpu_number, cpu) = cpu;
-- setup_percpu_segment(cpu);
-+ setup_percpu_segment(cpu, static_size + PERCPU_MODULE_RESERVE + PERCPU_DYNAMIC_RESERVE);
- setup_stack_canary_segment(cpu);
- /*
- * Copy data used in early init routines from the
@@ -408,6 +413,12 @@ void __init setup_per_cpu_areas(void)
early_per_cpu_map(x86_cpu_to_node_map, cpu);
#endif
@@ -13818,7 +13814,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/extable.c linux-2.6.30.4/arch/x86/mm/extab
pnp_bios_is_utter_crap = 1;
diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
--- linux-2.6.30.4/arch/x86/mm/fault.c 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/mm/fault.c 2009-07-30 11:10:48.941676108 -0400
++++ linux-2.6.30.4/arch/x86/mm/fault.c 2009-08-05 19:15:53.629625442 -0400
@@ -27,6 +27,8 @@
#include <linux/tty.h>
#include <linux/smp.h>
@@ -13828,7 +13824,15 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
#include <asm-generic/sections.h>
-@@ -73,7 +75,7 @@ static inline int notify_page_fault(stru
+@@ -37,6 +39,7 @@
+ #include <asm/proto.h>
+ #include <asm/traps.h>
+ #include <asm/desc.h>
++#include <asm/vsyscall.h>
+
+ /*
+ * Page fault error code bits:
+@@ -73,7 +76,7 @@ static inline int notify_page_fault(stru
int ret = 0;
/* kprobe_running() needs smp_processor_id() */
@@ -13837,7 +13841,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
preempt_disable();
if (kprobe_running() && kprobe_fault_handler(regs, 14))
ret = 1;
-@@ -193,6 +195,30 @@ force_sig_info_fault(int si_signo, int s
+@@ -193,6 +196,30 @@ force_sig_info_fault(int si_signo, int s
force_sig_info(si_signo, &info, tsk);
}
@@ -13868,7 +13872,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
DEFINE_SPINLOCK(pgd_lock);
LIST_HEAD(pgd_list);
-@@ -571,7 +597,7 @@ static int is_errata93(struct pt_regs *r
+@@ -571,7 +598,7 @@ static int is_errata93(struct pt_regs *r
static int is_errata100(struct pt_regs *regs, unsigned long address)
{
#ifdef CONFIG_X86_64
@@ -13877,7 +13881,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
return 1;
#endif
return 0;
-@@ -598,7 +624,7 @@ static int is_f00f_bug(struct pt_regs *r
+@@ -598,7 +625,7 @@ static int is_f00f_bug(struct pt_regs *r
}
static const char nx_warning[] = KERN_CRIT
@@ -13886,7 +13890,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
static void
show_fault_oops(struct pt_regs *regs, unsigned long error_code,
-@@ -607,15 +633,31 @@ show_fault_oops(struct pt_regs *regs, un
+@@ -607,15 +634,31 @@ show_fault_oops(struct pt_regs *regs, un
if (!oops_may_print())
return;
@@ -13920,7 +13924,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -740,6 +782,68 @@ __bad_area_nosemaphore(struct pt_regs *r
+@@ -740,6 +783,68 @@ __bad_area_nosemaphore(struct pt_regs *r
unsigned long address, int si_code)
{
struct task_struct *tsk = current;
@@ -13989,7 +13993,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
/* User mode accesses just cause a SIGSEGV */
if (error_code & PF_USER) {
-@@ -874,6 +978,106 @@ static int spurious_fault_check(unsigned
+@@ -874,6 +979,106 @@ static int spurious_fault_check(unsigned
return 1;
}
@@ -14096,7 +14100,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -940,6 +1144,9 @@ int show_unhandled_signals = 1;
+@@ -940,6 +1145,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, int write, struct vm_area_struct *vma)
{
@@ -14106,7 +14110,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
if (write) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -973,19 +1180,18 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -973,19 +1181,18 @@ do_page_fault(struct pt_regs *regs, unsi
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -14129,7 +14133,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
if (unlikely(kmmio_fault(regs, address)))
return;
-@@ -1033,7 +1239,7 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1033,7 +1240,7 @@ do_page_fault(struct pt_regs *regs, unsi
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
@@ -14138,7 +14142,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1085,6 +1291,11 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1085,6 +1292,11 @@ do_page_fault(struct pt_regs *regs, unsi
might_sleep();
}
@@ -14150,7 +14154,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1096,18 +1307,24 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1096,18 +1308,24 @@ do_page_fault(struct pt_regs *regs, unsi
bad_area(regs, error_code, address);
return;
}
@@ -14186,7 +14190,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1146,3 +1363,174 @@ good_area:
+@@ -1146,3 +1364,174 @@ good_area:
up_read(&mm->mmap_sem);
}
@@ -15909,8 +15913,13 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/Makefile linux-2.6.30.4/arch/x86/vdso/Ma
# Install the unstripped copy of vdso*.so listed in $(vdso-install-y).
diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c
--- linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c 2009-07-30 09:48:09.978662746 -0400
-@@ -26,20 +26,43 @@
++++ linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c 2009-08-05 19:15:53.673598242 -0400
+@@ -22,24 +22,48 @@
+ #include <asm/hpet.h>
+ #include <asm/unistd.h>
+ #include <asm/io.h>
++#include <asm/fixmap.h>
+ #include "vextern.h"
#define gtod vdso_vsyscall_gtod_data
@@ -15958,7 +15967,7 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86
return (v * gtod->clock.mult) >> gtod->clock.shift;
}
-@@ -88,7 +111,9 @@ notrace static noinline int do_monotonic
+@@ -88,7 +112,9 @@ notrace static noinline int do_monotonic
notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
{
@@ -15969,7 +15978,7 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86
switch (clock) {
case CLOCK_REALTIME:
return do_realtime(ts);
-@@ -100,10 +125,20 @@ notrace int __vdso_clock_gettime(clockid
+@@ -100,10 +126,20 @@ notrace int __vdso_clock_gettime(clockid
int clock_gettime(clockid_t, struct timespec *)
__attribute__((weak, alias("__vdso_clock_gettime")));
@@ -15992,7 +16001,7 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86
if (likely(tv != NULL)) {
BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
offsetof(struct timespec, tv_nsec) ||
-@@ -118,9 +153,7 @@ notrace int __vdso_gettimeofday(struct t
+@@ -118,9 +154,7 @@ notrace int __vdso_gettimeofday(struct t
}
return 0;
}
@@ -34785,7 +34794,7 @@ diff -urNp linux-2.6.30.4/include/asm-generic/int-ll64.h linux-2.6.30.4/include/
#define S16_C(x) x
diff -urNp linux-2.6.30.4/include/asm-generic/vmlinux.lds.h linux-2.6.30.4/include/asm-generic/vmlinux.lds.h
--- linux-2.6.30.4/include/asm-generic/vmlinux.lds.h 2009-07-24 17:47:51.000000000 -0400
-+++ linux-2.6.30.4/include/asm-generic/vmlinux.lds.h 2009-08-04 17:52:34.399966119 -0400
++++ linux-2.6.30.4/include/asm-generic/vmlinux.lds.h 2009-08-05 19:08:00.537007471 -0400
@@ -121,6 +121,7 @@
.rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
VMLINUX_SYMBOL(__start_rodata) = .; \
@@ -34794,17 +34803,17 @@ diff -urNp linux-2.6.30.4/include/asm-generic/vmlinux.lds.h linux-2.6.30.4/inclu
*(__vermagic) /* Kernel version magic */ \
*(__markers_strings) /* Markers: strings */ \
*(__tracepoints_strings)/* Tracepoints: strings */ \
-@@ -476,8 +477,10 @@
- VMLINUX_SYMBOL(__per_cpu_load) = .; \
- .data.percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \
+@@ -478,8 +479,9 @@
- LOAD_OFFSET) { \
-+ VMLINUX_SYMBOL(__per_cpu_load) = . + __per_cpu_load; \
VMLINUX_SYMBOL(__per_cpu_start) = .; \
*(.data.percpu.first) \
-+ . = ALIGN(PAGE_SIZE); \
- *(.data.percpu.page_aligned) \
+- *(.data.percpu.page_aligned) \
*(.data.percpu) \
++ . = ALIGN(PAGE_SIZE); \
++ *(.data.percpu.page_aligned) \
*(.data.percpu.shared_aligned) \
+ VMLINUX_SYMBOL(__per_cpu_end) = .; \
+ } phdr \
diff -urNp linux-2.6.30.4/include/drm/drm_pciids.h linux-2.6.30.4/include/drm/drm_pciids.h
--- linux-2.6.30.4/include/drm/drm_pciids.h 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.4/include/drm/drm_pciids.h 2009-07-30 09:48:10.106233963 -0400
diff --git a/main/linux-grsec/kernelconfig b/main/linux-grsec/kernelconfig
index 71ee53486b..5fd6c53ce4 100644
--- a/main/linux-grsec/kernelconfig
+++ b/main/linux-grsec/kernelconfig
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.30.4
-# Mon Aug 3 08:50:09 2009
+# Fri Aug 7 08:30:31 2009
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -163,12 +163,12 @@ CONFIG_BLK_DEV_BSG=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_AS=m
CONFIG_IOSCHED_DEADLINE=m
-CONFIG_IOSCHED_CFQ=m
+CONFIG_IOSCHED_CFQ=y
# CONFIG_DEFAULT_AS is not set
# CONFIG_DEFAULT_DEADLINE is not set
-# CONFIG_DEFAULT_CFQ is not set
-CONFIG_DEFAULT_NOOP=y
-CONFIG_DEFAULT_IOSCHED="noop"
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_FREEZER=y
@@ -244,10 +244,10 @@ CONFIG_DMI=y
# CONFIG_IOMMU_HELPER is not set
# CONFIG_IOMMU_API is not set
CONFIG_NR_CPUS=8
-# CONFIG_SCHED_SMT is not set
+CONFIG_SCHED_SMT=y
CONFIG_SCHED_MC=y
-CONFIG_PREEMPT_NONE=y
-# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT_NONE is not set
+CONFIG_PREEMPT_VOLUNTARY=y
# CONFIG_PREEMPT is not set
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
@@ -304,7 +304,7 @@ CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
-# CONFIG_X86_PAT is not set
+CONFIG_X86_PAT=y
# CONFIG_SECCOMP is not set
# CONFIG_CC_STACKPROTECTOR is not set
# CONFIG_HZ_100 is not set