diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 10 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908051916.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908041752.patch) | 147 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig | 18 |
3 files changed, 92 insertions, 83 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index c5a1d3f9e3..08e386e29b 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.30.4 _kernver=2.6.30 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs" @@ -13,7 +13,7 @@ _config=${config:-kernelconfig} install="$pkgname.post-install $pkgname.post-upgrade" source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.1.14-2.6.30.4-200908041752.patch + grsecurity-2.1.14-2.6.30.4-200908051916.patch linux-nbma-mroute-v4-2.6.30.diff net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch $_config @@ -27,7 +27,7 @@ _abi_release=${pkgver}-${_flavor} _prepare() { cd "$srcdir"/linux-$_kernver if [ "$_kernver" != "$pkgver" ]; then - bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 || return 1 + bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1 fi for i in ../*.diff ../*.patch; do @@ -113,9 +113,9 @@ dev() { md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2 d0fc44b54ba5953140b3f2aa9a1f2580 patch-2.6.30.4.bz2 -7d9fd867108074ec9dcc9d2385ff1e7b grsecurity-2.1.14-2.6.30.4-200908041752.patch +9a0d6d6ce67289e24c6e3ef4441b6388 grsecurity-2.1.14-2.6.30.4-200908051916.patch 7420c0b1095335990313656b114e1379 linux-nbma-mroute-v4-2.6.30.diff ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch -13bdad159b0d99281c931a7dcb7d31ae kernelconfig +60adb085be0ab268c0f27279ae2b2bab kernelconfig 2834240b15805b248ef2a973b1ad4416 linux-grsec.post-install 2834240b15805b248ef2a973b1ad4416 linux-grsec.post-upgrade" diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908041752.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908051916.patch index 799132a383..5d0902c211 100644 --- a/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908041752.patch +++ b/main/linux-grsec/grsecurity-2.1.14-2.6.30.4-200908051916.patch @@ -8652,7 +8652,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head32.c linux-2.6.30.4/arch/x86/kerne /* Reserve INITRD */ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kernel/head_32.S --- linux-2.6.30.4/arch/x86/kernel/head_32.S 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/kernel/head_32.S 2009-07-30 19:56:23.400350396 -0400 ++++ linux-2.6.30.4/arch/x86/kernel/head_32.S 2009-08-05 19:08:00.458589400 -0400 @@ -20,6 +20,7 @@ #include <asm/setup.h> #include <asm/processor-flags.h> @@ -8703,10 +8703,11 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern ENTRY(startup_32) /* test KEEP_SEGMENTS flag to see if the bootloader is asking us to not reload segments */ -@@ -98,6 +110,56 @@ ENTRY(startup_32) +@@ -98,6 +110,58 @@ ENTRY(startup_32) movl %eax,%gs 2: ++#ifdef CONFIG_SMP + movl $pa(cpu_gdt_table),%edi + movl $__per_cpu_load,%eax + movw %ax,__KERNEL_PERCPU + 2(%edi) @@ -8716,6 +8717,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern + movl $__per_cpu_end - 1,%eax + subl $__per_cpu_load,%eax + movw %ax,__KERNEL_PERCPU + 0(%edi) ++#endif + +#ifdef CONFIG_PAX_MEMORY_UDEREF + /* check for VMware */ @@ -8760,7 +8762,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern /* * Clear BSS first so that there are no surprises... */ -@@ -141,9 +203,7 @@ ENTRY(startup_32) +@@ -141,9 +205,7 @@ ENTRY(startup_32) cmpl $num_subarch_entries, %eax jae bad_subarch @@ -8771,7 +8773,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern bad_subarch: WEAK(lguest_entry) -@@ -155,9 +215,9 @@ WEAK(xen_entry) +@@ -155,9 +217,9 @@ WEAK(xen_entry) __INITDATA subarch_entries: @@ -8784,7 +8786,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern num_subarch_entries = (. - subarch_entries) / 4 .previous #endif /* CONFIG_PARAVIRT */ -@@ -218,8 +278,14 @@ default_entry: +@@ -218,8 +280,14 @@ default_entry: movl %eax, pa(max_pfn_mapped) /* Do early initialization of the fixmap area */ @@ -8801,7 +8803,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern #else /* Not PAE */ page_pde_offset = (__PAGE_OFFSET >> 20); -@@ -249,8 +315,14 @@ page_pde_offset = (__PAGE_OFFSET >> 20); +@@ -249,8 +317,14 @@ page_pde_offset = (__PAGE_OFFSET >> 20); movl %eax, pa(max_pfn_mapped) /* Do early initialization of the fixmap area */ @@ -8818,7 +8820,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern #endif jmp 3f /* -@@ -314,13 +386,16 @@ ENTRY(startup_32_smp) +@@ -314,13 +388,16 @@ ENTRY(startup_32_smp) jnc 6f /* Setup EFER (Extended Feature Enable Register) */ @@ -8836,7 +8838,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern 6: /* -@@ -346,9 +421,7 @@ ENTRY(startup_32_smp) +@@ -346,9 +423,7 @@ ENTRY(startup_32_smp) #ifdef CONFIG_SMP cmpb $0, ready @@ -8847,7 +8849,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern #endif /* CONFIG_SMP */ /* -@@ -426,7 +499,7 @@ is386: movl $2,%ecx # set MP +@@ -426,7 +501,7 @@ is386: movl $2,%ecx # set MP 1: movl $(__KERNEL_DS),%eax # reload all the segment registers movl %eax,%ss # after changing gdt. @@ -8856,18 +8858,20 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern movl %eax,%ds movl %eax,%es -@@ -440,8 +513,9 @@ is386: movl $2,%ecx # set MP +@@ -440,8 +515,11 @@ is386: movl $2,%ecx # set MP */ cmpb $0,ready jne 1f - movl $per_cpu__gdt_page,%eax + movl $cpu_gdt_table,%eax movl $per_cpu__stack_canary,%ecx ++#ifdef CONFIG_SMP + addl $__per_cpu_load,%ecx ++#endif subl $20, %ecx movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx -@@ -460,10 +534,6 @@ is386: movl $2,%ecx # set MP +@@ -460,10 +538,6 @@ is386: movl $2,%ecx # set MP #ifdef CONFIG_SMP movb ready, %cl movb $1, ready @@ -8878,7 +8882,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern #endif /* CONFIG_SMP */ jmp *(initial_code) -@@ -549,22 +619,22 @@ early_page_fault: +@@ -549,22 +623,22 @@ early_page_fault: jmp early_fault early_fault: @@ -8906,7 +8910,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern hlt_loop: hlt jmp hlt_loop -@@ -572,8 +642,11 @@ hlt_loop: +@@ -572,8 +646,11 @@ hlt_loop: /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -8919,7 +8923,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern pushl %eax pushl %ecx pushl %edx -@@ -582,9 +655,6 @@ ignore_int: +@@ -582,9 +659,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -8929,7 +8933,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -608,37 +678,49 @@ ignore_int: +@@ -608,37 +682,49 @@ ignore_int: ENTRY(initial_code) .long i386_start_kernel @@ -8960,13 +8964,13 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern + .fill 1024,4,0 + +ENTRY(swapper_pg_fixmap1) -+ .fill 1024,4,0 + .fill 1024,4,0 + +ENTRY(swapper_pg_fixmap2) + .fill 1024,4,0 + +ENTRY(swapper_pg_fixmap3) - .fill 1024,4,0 ++ .fill 1024,4,0 + +.section .empty_zero_page,"a",@progbits ENTRY(empty_zero_page) @@ -8992,7 +8996,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern ENTRY(swapper_pg_dir) .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -661,11 +743,12 @@ ENTRY(swapper_pg_dir) +@@ -661,11 +747,12 @@ ENTRY(swapper_pg_dir) .data ENTRY(stack_start) @@ -9006,7 +9010,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern early_recursion_flag: .long 0 -@@ -701,7 +784,7 @@ fault_msg: +@@ -701,7 +788,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -9015,7 +9019,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -712,7 +795,7 @@ idt_descr: +@@ -712,7 +799,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -9024,7 +9028,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/head_32.S linux-2.6.30.4/arch/x86/kern /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -721,5 +804,59 @@ ENTRY(early_gdt_descr) +@@ -721,5 +808,59 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -10165,7 +10169,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/process_64.c linux-2.6.30.4/arch/x86/k -} diff -urNp linux-2.6.30.4/arch/x86/kernel/process.c linux-2.6.30.4/arch/x86/kernel/process.c --- linux-2.6.30.4/arch/x86/kernel/process.c 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/kernel/process.c 2009-07-30 09:48:09.950702241 -0400 ++++ linux-2.6.30.4/arch/x86/kernel/process.c 2009-08-05 19:08:00.495411211 -0400 @@ -71,7 +71,7 @@ void exit_thread(void) unsigned long *bp = t->io_bitmap_ptr; @@ -10179,7 +10183,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/process.c linux-2.6.30.4/arch/x86/kern clear_tsk_thread_flag(tsk, TIF_DEBUG); -+#ifndef CONFIG_CC_STACKPROTECTOR ++#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR) + loadsegment(gs, 0); +#endif tsk->thread.debugreg0 = 0; @@ -10301,7 +10305,7 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/setup.c linux-2.6.30.4/arch/x86/kernel bss_resource.end = virt_to_phys(&__bss_stop)-1; diff -urNp linux-2.6.30.4/arch/x86/kernel/setup_percpu.c linux-2.6.30.4/arch/x86/kernel/setup_percpu.c --- linux-2.6.30.4/arch/x86/kernel/setup_percpu.c 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/kernel/setup_percpu.c 2009-08-04 17:52:34.388856060 -0400 ++++ linux-2.6.30.4/arch/x86/kernel/setup_percpu.c 2009-08-05 19:08:00.518752374 -0400 @@ -25,19 +25,17 @@ # define DBG(x...) #endif @@ -10325,33 +10329,30 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/setup_percpu.c linux-2.6.30.4/arch/x86 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET, }; EXPORT_SYMBOL(__per_cpu_offset); -@@ -333,16 +331,18 @@ out_free_ar: - return ret; - } - --static inline void setup_percpu_segment(int cpu) -+static inline void setup_percpu_segment(int cpu, size_t size) +@@ -336,13 +334,15 @@ out_free_ar: + static inline void setup_percpu_segment(int cpu) { #ifdef CONFIG_X86_32 - struct desc_struct gdt; -+ struct desc_struct d, *gdt = get_cpu_gdt_table(cpu); -+ unsigned long base; - +- - pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF, - 0x2 | DESCTYPE_S, 0x8); - gdt.s = 1; - write_gdt_entry(get_cpu_gdt_table(cpu), - GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); -+ base = per_cpu_offset(cpu); -+ if (size <= 64*1024) -+ pack_descriptor(&d, base, size-1, 0x80 | DESCTYPE_S | 0x3, 0x4); ++ struct desc_struct d, *gdt = get_cpu_gdt_table(cpu); ++ unsigned long base = per_cpu_offset(cpu); ++ const unsigned long limit = VMALLOC_END - base - 1; ++ ++ if (limit < 64*1024) ++ pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4); + else -+ pack_descriptor(&d, base, (size-1) >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC); ++ pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC); + write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S); #endif } -@@ -381,10 +381,15 @@ void __init setup_per_cpu_areas(void) +@@ -381,6 +381,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { @@ -10363,11 +10364,6 @@ diff -urNp linux-2.6.30.4/arch/x86/kernel/setup_percpu.c linux-2.6.30.4/arch/x86 per_cpu_offset(cpu) = delta + cpu * pcpu_unit_size; per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); per_cpu(cpu_number, cpu) = cpu; -- setup_percpu_segment(cpu); -+ setup_percpu_segment(cpu, static_size + PERCPU_MODULE_RESERVE + PERCPU_DYNAMIC_RESERVE); - setup_stack_canary_segment(cpu); - /* - * Copy data used in early init routines from the @@ -408,6 +413,12 @@ void __init setup_per_cpu_areas(void) early_per_cpu_map(x86_cpu_to_node_map, cpu); #endif @@ -13818,7 +13814,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/extable.c linux-2.6.30.4/arch/x86/mm/extab pnp_bios_is_utter_crap = 1; diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c --- linux-2.6.30.4/arch/x86/mm/fault.c 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/mm/fault.c 2009-07-30 11:10:48.941676108 -0400 ++++ linux-2.6.30.4/arch/x86/mm/fault.c 2009-08-05 19:15:53.629625442 -0400 @@ -27,6 +27,8 @@ #include <linux/tty.h> #include <linux/smp.h> @@ -13828,7 +13824,15 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c #include <asm-generic/sections.h> -@@ -73,7 +75,7 @@ static inline int notify_page_fault(stru +@@ -37,6 +39,7 @@ + #include <asm/proto.h> + #include <asm/traps.h> + #include <asm/desc.h> ++#include <asm/vsyscall.h> + + /* + * Page fault error code bits: +@@ -73,7 +76,7 @@ static inline int notify_page_fault(stru int ret = 0; /* kprobe_running() needs smp_processor_id() */ @@ -13837,7 +13841,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c preempt_disable(); if (kprobe_running() && kprobe_fault_handler(regs, 14)) ret = 1; -@@ -193,6 +195,30 @@ force_sig_info_fault(int si_signo, int s +@@ -193,6 +196,30 @@ force_sig_info_fault(int si_signo, int s force_sig_info(si_signo, &info, tsk); } @@ -13868,7 +13872,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c DEFINE_SPINLOCK(pgd_lock); LIST_HEAD(pgd_list); -@@ -571,7 +597,7 @@ static int is_errata93(struct pt_regs *r +@@ -571,7 +598,7 @@ static int is_errata93(struct pt_regs *r static int is_errata100(struct pt_regs *regs, unsigned long address) { #ifdef CONFIG_X86_64 @@ -13877,7 +13881,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c return 1; #endif return 0; -@@ -598,7 +624,7 @@ static int is_f00f_bug(struct pt_regs *r +@@ -598,7 +625,7 @@ static int is_f00f_bug(struct pt_regs *r } static const char nx_warning[] = KERN_CRIT @@ -13886,7 +13890,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -607,15 +633,31 @@ show_fault_oops(struct pt_regs *regs, un +@@ -607,15 +634,31 @@ show_fault_oops(struct pt_regs *regs, un if (!oops_may_print()) return; @@ -13920,7 +13924,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -740,6 +782,68 @@ __bad_area_nosemaphore(struct pt_regs *r +@@ -740,6 +783,68 @@ __bad_area_nosemaphore(struct pt_regs *r unsigned long address, int si_code) { struct task_struct *tsk = current; @@ -13989,7 +13993,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c /* User mode accesses just cause a SIGSEGV */ if (error_code & PF_USER) { -@@ -874,6 +978,106 @@ static int spurious_fault_check(unsigned +@@ -874,6 +979,106 @@ static int spurious_fault_check(unsigned return 1; } @@ -14096,7 +14100,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -940,6 +1144,9 @@ int show_unhandled_signals = 1; +@@ -940,6 +1145,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, int write, struct vm_area_struct *vma) { @@ -14106,7 +14110,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c if (write) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -973,19 +1180,18 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -973,19 +1181,18 @@ do_page_fault(struct pt_regs *regs, unsi { struct vm_area_struct *vma; struct task_struct *tsk; @@ -14129,7 +14133,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c if (unlikely(kmmio_fault(regs, address))) return; -@@ -1033,7 +1239,7 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -1033,7 +1240,7 @@ do_page_fault(struct pt_regs *regs, unsi * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -14138,7 +14142,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c local_irq_enable(); error_code |= PF_USER; } else { -@@ -1085,6 +1291,11 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -1085,6 +1292,11 @@ do_page_fault(struct pt_regs *regs, unsi might_sleep(); } @@ -14150,7 +14154,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1096,18 +1307,24 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -1096,18 +1308,24 @@ do_page_fault(struct pt_regs *regs, unsi bad_area(regs, error_code, address); return; } @@ -14186,7 +14190,7 @@ diff -urNp linux-2.6.30.4/arch/x86/mm/fault.c linux-2.6.30.4/arch/x86/mm/fault.c if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1146,3 +1363,174 @@ good_area: +@@ -1146,3 +1364,174 @@ good_area: up_read(&mm->mmap_sem); } @@ -15909,8 +15913,13 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/Makefile linux-2.6.30.4/arch/x86/vdso/Ma # Install the unstripped copy of vdso*.so listed in $(vdso-install-y). diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c --- linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c 2009-07-30 09:48:09.978662746 -0400 -@@ -26,20 +26,43 @@ ++++ linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c 2009-08-05 19:15:53.673598242 -0400 +@@ -22,24 +22,48 @@ + #include <asm/hpet.h> + #include <asm/unistd.h> + #include <asm/io.h> ++#include <asm/fixmap.h> + #include "vextern.h" #define gtod vdso_vsyscall_gtod_data @@ -15958,7 +15967,7 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86 return (v * gtod->clock.mult) >> gtod->clock.shift; } -@@ -88,7 +111,9 @@ notrace static noinline int do_monotonic +@@ -88,7 +112,9 @@ notrace static noinline int do_monotonic notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts) { @@ -15969,7 +15978,7 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86 switch (clock) { case CLOCK_REALTIME: return do_realtime(ts); -@@ -100,10 +125,20 @@ notrace int __vdso_clock_gettime(clockid +@@ -100,10 +126,20 @@ notrace int __vdso_clock_gettime(clockid int clock_gettime(clockid_t, struct timespec *) __attribute__((weak, alias("__vdso_clock_gettime"))); @@ -15992,7 +16001,7 @@ diff -urNp linux-2.6.30.4/arch/x86/vdso/vclock_gettime.c linux-2.6.30.4/arch/x86 if (likely(tv != NULL)) { BUILD_BUG_ON(offsetof(struct timeval, tv_usec) != offsetof(struct timespec, tv_nsec) || -@@ -118,9 +153,7 @@ notrace int __vdso_gettimeofday(struct t +@@ -118,9 +154,7 @@ notrace int __vdso_gettimeofday(struct t } return 0; } @@ -34785,7 +34794,7 @@ diff -urNp linux-2.6.30.4/include/asm-generic/int-ll64.h linux-2.6.30.4/include/ #define S16_C(x) x diff -urNp linux-2.6.30.4/include/asm-generic/vmlinux.lds.h linux-2.6.30.4/include/asm-generic/vmlinux.lds.h --- linux-2.6.30.4/include/asm-generic/vmlinux.lds.h 2009-07-24 17:47:51.000000000 -0400 -+++ linux-2.6.30.4/include/asm-generic/vmlinux.lds.h 2009-08-04 17:52:34.399966119 -0400 ++++ linux-2.6.30.4/include/asm-generic/vmlinux.lds.h 2009-08-05 19:08:00.537007471 -0400 @@ -121,6 +121,7 @@ .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ VMLINUX_SYMBOL(__start_rodata) = .; \ @@ -34794,17 +34803,17 @@ diff -urNp linux-2.6.30.4/include/asm-generic/vmlinux.lds.h linux-2.6.30.4/inclu *(__vermagic) /* Kernel version magic */ \ *(__markers_strings) /* Markers: strings */ \ *(__tracepoints_strings)/* Tracepoints: strings */ \ -@@ -476,8 +477,10 @@ - VMLINUX_SYMBOL(__per_cpu_load) = .; \ - .data.percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \ +@@ -478,8 +479,9 @@ - LOAD_OFFSET) { \ -+ VMLINUX_SYMBOL(__per_cpu_load) = . + __per_cpu_load; \ VMLINUX_SYMBOL(__per_cpu_start) = .; \ *(.data.percpu.first) \ -+ . = ALIGN(PAGE_SIZE); \ - *(.data.percpu.page_aligned) \ +- *(.data.percpu.page_aligned) \ *(.data.percpu) \ ++ . = ALIGN(PAGE_SIZE); \ ++ *(.data.percpu.page_aligned) \ *(.data.percpu.shared_aligned) \ + VMLINUX_SYMBOL(__per_cpu_end) = .; \ + } phdr \ diff -urNp linux-2.6.30.4/include/drm/drm_pciids.h linux-2.6.30.4/include/drm/drm_pciids.h --- linux-2.6.30.4/include/drm/drm_pciids.h 2009-07-24 17:47:51.000000000 -0400 +++ linux-2.6.30.4/include/drm/drm_pciids.h 2009-07-30 09:48:10.106233963 -0400 diff --git a/main/linux-grsec/kernelconfig b/main/linux-grsec/kernelconfig index 71ee53486b..5fd6c53ce4 100644 --- a/main/linux-grsec/kernelconfig +++ b/main/linux-grsec/kernelconfig @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.30.4 -# Mon Aug 3 08:50:09 2009 +# Fri Aug 7 08:30:31 2009 # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -163,12 +163,12 @@ CONFIG_BLK_DEV_BSG=y CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=m CONFIG_IOSCHED_DEADLINE=m -CONFIG_IOSCHED_CFQ=m +CONFIG_IOSCHED_CFQ=y # CONFIG_DEFAULT_AS is not set # CONFIG_DEFAULT_DEADLINE is not set -# CONFIG_DEFAULT_CFQ is not set -CONFIG_DEFAULT_NOOP=y -CONFIG_DEFAULT_IOSCHED="noop" +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" CONFIG_PREEMPT_NOTIFIERS=y CONFIG_FREEZER=y @@ -244,10 +244,10 @@ CONFIG_DMI=y # CONFIG_IOMMU_HELPER is not set # CONFIG_IOMMU_API is not set CONFIG_NR_CPUS=8 -# CONFIG_SCHED_SMT is not set +CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y # CONFIG_PREEMPT is not set CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y @@ -304,7 +304,7 @@ CONFIG_MTRR=y CONFIG_MTRR_SANITIZER=y CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 -# CONFIG_X86_PAT is not set +CONFIG_X86_PAT=y # CONFIG_SECCOMP is not set # CONFIG_CC_STACKPROTECTOR is not set # CONFIG_HZ_100 is not set |