diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2010-06-30 08:52:44 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-06-30 08:52:44 +0000 |
commit | 74d2648cf84993788c3538b2ebc632a077fd967e (patch) | |
tree | af832f484f10f911446af4f694cb2255e8f52310 | |
parent | a70bc750040798ae7b2181334d9b17faf567a26e (diff) | |
download | aports-74d2648cf84993788c3538b2ebc632a077fd967e.tar.bz2 aports-74d2648cf84993788c3538b2ebc632a077fd967e.tar.xz |
main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.15-201006271253
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch) | 577 |
2 files changed, 363 insertions, 220 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index cb94b0136..ef73e4958 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.15 _kernver=2.6.32 -pkgrel=8 +pkgrel=9 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.1.14-2.6.32.15-201006011506.patch + grsecurity-2.2.0-2.6.32.15-201006271253.patch 0001-grsec-revert-conflicting-flow-cache-changes.patch 0002-gre-fix-hard-header-destination-address-checking.patch 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch @@ -148,7 +148,7 @@ firmware() { md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 5c9251844c2819eddee4dba1293bd46d patch-2.6.32.15.bz2 -7f61d0de3d703c465bff03a20b2dbd30 grsecurity-2.1.14-2.6.32.15-201006011506.patch +98a8ab1e328d67e40657ef5e4b9d1b37 grsecurity-2.2.0-2.6.32.15-201006271253.patch 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch index 215c62b4e..722e01f37 100644 --- a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch @@ -7562,7 +7562,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/page_64_types.h linux-2.6.32.15/ #define __VIRTUAL_MASK_SHIFT 47 diff -urNp linux-2.6.32.15/arch/x86/include/asm/paravirt.h linux-2.6.32.15/arch/x86/include/asm/paravirt.h --- linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-05-28 21:27:14.915041226 -0400 ++++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-06-19 10:03:50.008525890 -0400 @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -7765,7 +7765,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32. #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h --- linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-05-28 21:27:14.915041226 -0400 ++++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-06-19 10:03:50.008525890 -0400 @@ -38,12 +38,16 @@ static inline void native_set_pte_atomic static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) @@ -7785,7 +7785,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15 /* diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h --- linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-05-28 21:27:14.915041226 -0400 ++++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-06-19 10:03:50.008525890 -0400 @@ -16,10 +16,13 @@ extern pud_t level3_kernel_pgt[512]; @@ -7812,7 +7812,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc } static inline void native_pmd_clear(pmd_t *pmd) -@@ -94,12 +99,18 @@ static inline void native_pud_clear(pud_ +@@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_ static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -7822,15 +7822,6 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc } static inline void native_pgd_clear(pgd_t *pgd) - { -+ -+#ifndef CONFIG_PAX_PER_CPU_PGD - native_set_pgd(pgd, native_make_pgd(0)); -+#endif -+ - } - - /* diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h --- linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-05-28 21:27:14.915041226 -0400 @@ -7844,7 +7835,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32. #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x86/include/asm/pgtable.h --- linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-05-28 21:27:14.918896182 -0400 ++++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-06-19 10:03:50.008525890 -0400 @@ -74,12 +74,51 @@ extern struct list_head pgd_list; #define arch_end_context_switch(prev) do {} while(0) @@ -7988,7 +7979,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -611,11 +698,18 @@ static inline void ptep_set_wrprotect(st +@@ -611,11 +698,23 @@ static inline void ptep_set_wrprotect(st * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -8004,7 +7995,12 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x +#ifdef CONFIG_PAX_PER_CPU_PGD +extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count); ++#endif ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count); ++#else ++static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {} +#endif #include <asm-generic/pgtable.h> @@ -9301,16 +9297,8 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/xsave.h linux-2.6.32.15/arch/x86 ".section .fixup,\"ax\"\n" diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig --- linux-2.6.32.15/arch/x86/Kconfig 2010-05-15 13:20:18.407099662 -0400 -+++ linux-2.6.32.15/arch/x86/Kconfig 2010-05-28 21:27:14.922894828 -0400 -@@ -531,6 +531,7 @@ source "arch/x86/lguest/Kconfig" - - config PARAVIRT - bool "Enable paravirtualization code" -+ depends on !PAX_PER_CPU_PGD - ---help--- - This changes the kernel so it can modify itself when it is run - under a hypervisor, potentially improving performance significantly -@@ -1083,7 +1084,7 @@ config PAGE_OFFSET ++++ linux-2.6.32.15/arch/x86/Kconfig 2010-06-19 11:15:06.486972627 -0400 +@@ -1083,7 +1083,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -9319,7 +9307,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1414,7 +1415,7 @@ config ARCH_USES_PG_UNCACHED +@@ -1414,7 +1414,7 @@ config ARCH_USES_PG_UNCACHED config EFI bool "EFI runtime service support" @@ -9328,7 +9316,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig ---help--- This enables the kernel to use EFI runtime services that are available (such as the EFI variable services). -@@ -1501,6 +1502,7 @@ config KEXEC_JUMP +@@ -1501,6 +1501,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP) default "0x1000000" @@ -9336,7 +9324,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig ---help--- This gives the physical address where the kernel is loaded. -@@ -1565,6 +1567,7 @@ config PHYSICAL_ALIGN +@@ -1565,6 +1566,7 @@ config PHYSICAL_ALIGN hex prompt "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -9344,7 +9332,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1596,9 +1599,10 @@ config HOTPLUG_CPU +@@ -1596,9 +1598,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -10503,7 +10491,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/efi_stub_32.S linux-2.6.32.15/arch/x8 efi_rt_function_ptr: diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/kernel/entry_32.S --- linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-05-28 21:27:15.031137412 -0400 ++++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-06-19 10:03:50.008525890 -0400 @@ -191,7 +191,67 @@ #endif /* CONFIG_X86_32_LAZY_GS */ @@ -10780,15 +10768,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k #include "syscall_table_32.S" syscall_table_size=(.-sys_call_table) -@@ -1250,12 +1366,15 @@ error_code: - movl %ecx, %fs - UNWIND_ESPFIX_STACK - GS_TO_REG %ecx -+ -+ PAX_ENTER_KERNEL -+ - movl PT_GS(%esp), %edi # get the function address - movl PT_ORIG_EAX(%esp), %edx # get the error code +@@ -1255,9 +1371,12 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -10796,7 +10776,12 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k + movl $(__KERNEL_DS), %ecx movl %ecx, %ds movl %ecx, %es ++ ++ PAX_ENTER_KERNEL ++ TRACE_IRQS_OFF + movl %esp,%eax # pt_regs pointer + call *%edi @@ -1351,6 +1470,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer @@ -11367,7 +11352,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head32.c linux-2.6.32.15/arch/x86/ker /* Reserve INITRD */ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/kernel/head_32.S --- linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-05-28 21:27:15.039159907 -0400 ++++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-06-19 10:03:50.008525890 -0400 @@ -19,10 +19,17 @@ #include <asm/setup.h> #include <asm/processor-flags.h> @@ -11658,7 +11643,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -608,27 +679,45 @@ ENTRY(initial_code) +@@ -608,27 +679,38 @@ ENTRY(initial_code) /* * BSS section */ @@ -11699,17 +11684,22 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke - .align PAGE_SIZE_asm +.section .swapper_pg_dir,"a",@progbits + + ENTRY(swapper_pg_dir) + .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ + # if KPMDS == 3 +@@ -647,15 +729,24 @@ ENTRY(swapper_pg_dir) + # error "Kernel PMDs should be 1, 2 or 3" + # endif + .align PAGE_SIZE_asm /* needs to be page-sized too */ ++ +#ifdef CONFIG_PAX_PER_CPU_PGD +ENTRY(cpu_pgd) + .rept NR_CPUS -+ .fill 512,8,0 ++ .fill 4,8,0 + .endr +#endif + - ENTRY(swapper_pg_dir) - .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ - # if KPMDS == 3 -@@ -651,11 +740,12 @@ ENTRY(swapper_pg_dir) + #endif .data ENTRY(stack_start) @@ -11723,7 +11713,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke early_recursion_flag: .long 0 -@@ -691,7 +781,7 @@ fault_msg: +@@ -691,7 +782,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -11732,7 +11722,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -702,7 +792,7 @@ idt_descr: +@@ -702,7 +793,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -11741,7 +11731,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -711,5 +801,65 @@ ENTRY(early_gdt_descr) +@@ -711,5 +802,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -11809,23 +11799,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke + /* Be sure this is zeroed to avoid false validations in Xen */ + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr -diff -urNp linux-2.6.32.15/arch/x86/kernel/head64.c linux-2.6.32.15/arch/x86/kernel/head64.c ---- linux-2.6.32.15/arch/x86/kernel/head64.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/kernel/head64.c 2010-05-28 21:27:15.039159907 -0400 -@@ -29,7 +29,13 @@ - static void __init zap_identity_mappings(void) - { - pgd_t *pgd = pgd_offset_k(0UL); -+ -+#ifdef CONFIG_PAX_PER_CPU_PGD -+ set_pgd(pgd, native_make_pgd(0)); -+#else - pgd_clear(pgd); -+#endif -+ - __flush_tlb_all(); - } - diff -urNp linux-2.6.32.15/arch/x86/kernel/head_64.S linux-2.6.32.15/arch/x86/kernel/head_64.S --- linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-05-28 21:27:15.039159907 -0400 @@ -12136,7 +12109,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/init_task.c linux-2.6.32.15/arch/x86/ +EXPORT_SYMBOL(init_tss); diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/kernel/ioport.c --- linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-05-28 21:27:15.039159907 -0400 ++++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-06-19 21:48:03.327550760 -0400 @@ -6,6 +6,7 @@ #include <linux/sched.h> #include <linux/kernel.h> @@ -12150,7 +12123,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; +#ifdef CONFIG_GRKERNSEC_IO -+ if (turn_on) { ++ if (turn_on && grsec_disable_privio) { + gr_handle_ioperm(); + return -EPERM; + } @@ -12167,20 +12140,19 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker set_bitmap(t->io_bitmap_ptr, from, num, !turn_on); -@@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s +@@ -111,6 +118,12 @@ static int do_iopl(unsigned int level, s return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { +#ifdef CONFIG_GRKERNSEC_IO -+ gr_handle_iopl(); -+ return -EPERM; -+#else ++ if (grsec_disable_privio) { ++ gr_handle_iopl(); ++ return -EPERM; ++ } ++#endif if (!capable(CAP_SYS_RAWIO)) return -EPERM; -+#endif } - regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); - diff -urNp linux-2.6.32.15/arch/x86/kernel/irq_32.c linux-2.6.32.15/arch/x86/kernel/irq_32.c --- linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-05-28 21:27:15.039159907 -0400 @@ -12406,23 +12378,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.15/ar relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); -diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c ---- linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-05-28 21:27:15.043064911 -0400 -@@ -126,7 +126,13 @@ static int init_level4_page(struct kimag - } - /* clear the unused entries */ - while (addr < end_addr) { -+ -+#ifdef CONFIG_PAX_PER_CPU_PGD -+ set_pgd(level4p++, native_make_pgd(0)); -+#else - pgd_clear(level4p++); -+#endif -+ - addr += PGDIR_SIZE; - } - out: diff -urNp linux-2.6.32.15/arch/x86/kernel/microcode_amd.c linux-2.6.32.15/arch/x86/kernel/microcode_amd.c --- linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-05-28 21:27:15.043064911 -0400 @@ -16982,7 +16937,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/extable.c linux-2.6.32.15/arch/x86/mm/ext pnp_bios_is_utter_crap = 1; diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault.c --- linux-2.6.32.15/arch/x86/mm/fault.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-05-28 21:27:15.107152206 -0400 ++++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-06-19 10:03:50.012498759 -0400 @@ -11,10 +11,19 @@ #include <linux/kprobes.h> /* __kprobes, ... */ #include <linux/mmiotrace.h> /* kmmio_handler, ... */ @@ -17069,17 +17024,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault break; } spin_unlock_irqrestore(&pgd_lock, flags); -@@ -257,6 +303,9 @@ static noinline int vmalloc_fault(unsign - * Do _not_ use "current" here. We might be inside +@@ -258,6 +304,11 @@ static noinline int vmalloc_fault(unsign * an interrupt in the middle of a task switch.. */ + pgd_paddr = read_cr3(); ++ +#ifdef CONFIG_PAX_PER_CPU_PGD -+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK)); ++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK)); +#endif - pgd_paddr = read_cr3(); ++ pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); if (!pmd_k) -@@ -332,15 +381,27 @@ void vmalloc_sync_all(void) + return -1; +@@ -332,15 +383,27 @@ void vmalloc_sync_all(void) const pgd_t *pgd_ref = pgd_offset_k(address); unsigned long flags; @@ -17107,7 +17064,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault if (pgd_none(*pgd)) set_pgd(pgd, *pgd_ref); else -@@ -373,7 +434,14 @@ static noinline int vmalloc_fault(unsign +@@ -373,7 +436,14 @@ static noinline int vmalloc_fault(unsign * happen within a race in page table update. In the later * case just flush: */ @@ -17122,7 +17079,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault pgd_ref = pgd_offset_k(address); if (pgd_none(*pgd_ref)) return -1; -@@ -535,7 +603,7 @@ static int is_errata93(struct pt_regs *r +@@ -535,7 +605,7 @@ static int is_errata93(struct pt_regs *r static int is_errata100(struct pt_regs *regs, unsigned long address) { #ifdef CONFIG_X86_64 @@ -17131,7 +17088,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault return 1; #endif return 0; -@@ -562,7 +630,7 @@ static int is_f00f_bug(struct pt_regs *r +@@ -562,7 +632,7 @@ static int is_f00f_bug(struct pt_regs *r } static const char nx_warning[] = KERN_CRIT @@ -17140,7 +17097,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -571,15 +639,26 @@ show_fault_oops(struct pt_regs *regs, un +@@ -571,15 +641,26 @@ show_fault_oops(struct pt_regs *regs, un if (!oops_may_print()) return; @@ -17169,7 +17126,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -704,6 +783,68 @@ __bad_area_nosemaphore(struct pt_regs *r +@@ -704,6 +785,68 @@ __bad_area_nosemaphore(struct pt_regs *r unsigned long address, int si_code) { struct task_struct *tsk = current; @@ -17238,7 +17195,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault /* User mode accesses just cause a SIGSEGV */ if (error_code & PF_USER) { -@@ -848,6 +989,106 @@ static int spurious_fault_check(unsigned +@@ -848,6 +991,106 @@ static int spurious_fault_check(unsigned return 1; } @@ -17345,7 +17302,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -914,6 +1155,9 @@ int show_unhandled_signals = 1; +@@ -914,6 +1157,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, int write, struct vm_area_struct *vma) { @@ -17355,7 +17312,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault if (write) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -947,17 +1191,31 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -947,17 +1193,31 @@ do_page_fault(struct pt_regs *regs, unsi { struct vm_area_struct *vma; struct task_struct *tsk; @@ -17391,7 +17348,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault /* * Detect and handle instructions that would cause a page fault for * both a tracked kernel page and a userspace page. -@@ -1017,7 +1275,7 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -1017,7 +1277,7 @@ do_page_fault(struct pt_regs *regs, unsi * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -17400,7 +17357,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault local_irq_enable(); error_code |= PF_USER; } else { -@@ -1071,6 +1329,11 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -1071,6 +1331,11 @@ do_page_fault(struct pt_regs *regs, unsi might_sleep(); } @@ -17412,7 +17369,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1082,18 +1345,24 @@ do_page_fault(struct pt_regs *regs, unsi +@@ -1082,18 +1347,24 @@ do_page_fault(struct pt_regs *regs, unsi bad_area(regs, error_code, address); return; } @@ -17436,19 +17393,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) { + bad_area(regs, error_code, address); + return; -+ } + } + +#ifdef CONFIG_PAX_SEGMEXEC + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) { + bad_area(regs, error_code, address); + return; - } ++ } +#endif + if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1137,3 +1406,199 @@ good_area: +@@ -1137,3 +1408,199 @@ good_area: up_read(&mm->mmap_sem); } @@ -18182,7 +18139,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init_64.c linux-2.6.32.15/arch/x86/mm/ini return "[vsyscall]"; diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c --- linux-2.6.32.15/arch/x86/mm/init.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/mm/init.c 2010-05-28 21:27:15.114903294 -0400 ++++ linux-2.6.32.15/arch/x86/mm/init.c 2010-06-19 10:03:50.012498759 -0400 @@ -69,11 +69,7 @@ static void __init find_early_table_spac * cause a hotspot and fill up ZONE_DMA. The page tables * need roughly 0.5KB per GB. @@ -18211,7 +18168,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c return 1; if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; -@@ -379,6 +381,87 @@ void free_init_pages(char *what, unsigne +@@ -379,6 +381,89 @@ void free_init_pages(char *what, unsigne void free_initmem(void) { @@ -18250,12 +18207,14 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c +*/ +#ifdef CONFIG_X86_PAE + set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT); ++/* + for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) { + pgd = pgd_offset_k(addr); + pud = pud_offset(pgd, addr); + pmd = pmd_offset(pud, addr); + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); + } ++*/ +#endif + +#ifdef CONFIG_MODULES @@ -18475,38 +18434,83 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/numa_32.c linux-2.6.32.15/arch/x86/mm/num #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE) diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr.c linux-2.6.32.15/arch/x86/mm/pageattr.c --- linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-05-28 21:27:15.118897735 -0400 -@@ -268,9 +268,10 @@ static inline pgprot_t static_protection ++++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-06-19 10:03:50.012498759 -0400 +@@ -261,16 +261,17 @@ static inline pgprot_t static_protection + * PCI BIOS based config access (CONFIG_PCI_GOBIOS) support. + */ + if (within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT)) +- pgprot_val(forbidden) |= _PAGE_NX; ++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; + + /* + * The kernel text needs to be executable for obvious reasons * Does not cover __inittext since that is gone later on. On * 64bit we do not enforce !NX on the low mapping */ - if (within(address, (unsigned long)_text, (unsigned long)_etext)) +- pgprot_val(forbidden) |= _PAGE_NX; + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext))) - pgprot_val(forbidden) |= _PAGE_NX; ++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; +#ifdef CONFIG_DEBUG_RODATA /* * The .rodata section needs to be read-only. Using the pfn * catches all aliases. -@@ -278,6 +279,7 @@ static inline pgprot_t static_protection +@@ -278,6 +279,14 @@ static inline pgprot_t static_protection if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT, __pa((unsigned long)__end_rodata) >> PAGE_SHIFT)) pgprot_val(forbidden) |= _PAGE_RW; +#endif ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ if (within(pfn, __pa((unsigned long)&_text), __pa((unsigned long)&_sdata))) { ++ pgprot_val(forbidden) |= _PAGE_RW; ++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; ++ } ++#endif prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden)); -@@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address); +@@ -331,23 +340,37 @@ EXPORT_SYMBOL_GPL(lookup_address); static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte) { /* change init_mm */ + pax_open_kernel(); set_pte_atomic(kpte, pte); -+ pax_close_kernel(); + #ifdef CONFIG_X86_32 if (!SHARED_KERNEL_PMD) { ++ ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ unsigned long cpu; ++#else struct page *page; ++#endif + ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ for (cpu = 0; cpu < NR_CPUS; ++cpu) { ++ pgd_t *pgd = get_cpu_pgd(cpu); ++#else + list_for_each_entry(page, &pgd_list, lru) { +- pgd_t *pgd; ++ pgd_t *pgd = (pgd_t *)page_address(page);; ++#endif ++ + pud_t *pud; + pmd_t *pmd; + +- pgd = (pgd_t *)page_address(page) + pgd_index(address); ++ pgd += pgd_index(address); + pud = pud_offset(pgd, address); + pmd = pmd_offset(pud, address); + set_pte_atomic((pte_t *)pmd, pte); + } + } + #endif ++ pax_close_kernel(); + } + + static int diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr-test.c linux-2.6.32.15/arch/x86/mm/pageattr-test.c --- linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-05-28 21:27:15.118897735 -0400 @@ -18577,28 +18581,22 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable_32.c linux-2.6.32.15/arch/x86/mm/ * It's enough to flush this one mapping. diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgtable.c --- linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-05-28 21:27:15.118897735 -0400 -@@ -63,8 +63,12 @@ void ___pmd_free_tlb(struct mmu_gather * - #if PAGETABLE_LEVELS > 3 - void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud) - { -+ -+#ifndef CONFIG_PAX_PER_CPU_PGD - paravirt_release_pud(__pa(pud) >> PAGE_SHIFT); - tlb_remove_page(tlb, virt_to_page(pud)); -+#endif -+ - } - #endif /* PAGETABLE_LEVELS > 3 */ - #endif /* PAGETABLE_LEVELS > 2 */ -@@ -83,8 +87,62 @@ static inline void pgd_list_del(pgd_t *p ++++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-06-19 10:03:50.012498759 -0400 +@@ -83,8 +83,59 @@ static inline void pgd_list_del(pgd_t *p list_del(&page->lru); } -#define UNSHARED_PTRS_PER_PGD \ - (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD) +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+pteval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT; ++pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT; ++ ++void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) ++{ ++ while (count--) ++ *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER); ++ ++} +#endif + +#ifdef CONFIG_PAX_PER_CPU_PGD @@ -18613,16 +18611,6 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt +#endif + +} -+ -+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) -+{ -+ -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ while (count--) -+ *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER); -+#endif -+ -+} +#endif + +#ifdef CONFIG_PAX_PER_CPU_PGD @@ -18656,7 +18644,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt static void pgd_ctor(pgd_t *pgd) { -@@ -119,6 +177,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -119,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock_irqrestore(&pgd_lock, flags); } @@ -18664,7 +18652,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -131,7 +190,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -131,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -18673,7 +18661,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -143,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -143,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -18682,7 +18670,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -162,36 +221,38 @@ void pud_populate(struct mm_struct *mm, +@@ -162,36 +214,38 @@ void pud_populate(struct mm_struct *mm, if (mm == current->active_mm) write_cr3(read_cr3()); } @@ -18732,7 +18720,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt return -ENOMEM; } -@@ -204,51 +265,56 @@ static int preallocate_pmds(pmd_t *pmds[ +@@ -204,51 +258,56 @@ static int preallocate_pmds(pmd_t *pmds[ * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -18806,7 +18794,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt unsigned long flags; pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -258,11 +324,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -258,11 +317,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -18820,7 +18808,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt /* * Make sure that pre-populating the pmds is atomic with -@@ -272,14 +338,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -272,14 +331,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock_irqsave(&pgd_lock, flags); pgd_ctor(pgd); @@ -18838,7 +18826,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt out_free_pgd: free_page((unsigned long)pgd); out: -@@ -288,7 +354,7 @@ out: +@@ -288,7 +347,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -20109,6 +20097,18 @@ diff -urNp linux-2.6.32.15/Documentation/kernel-parameters.txt linux-2.6.32.15/D pcbit= [HW,ISDN] pcd. [PARIDE] +diff -urNp linux-2.6.32.15/drivers/acpi/acpi_pad.c linux-2.6.32.15/drivers/acpi/acpi_pad.c +--- linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-03-15 11:52:04.000000000 -0400 ++++ linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-06-19 10:03:45.704801524 -0400 +@@ -30,7 +30,7 @@ + #include <acpi/acpi_bus.h> + #include <acpi/acpi_drivers.h> + +-#define ACPI_PROCESSOR_AGGREGATOR_CLASS "processor_aggregator" ++#define ACPI_PROCESSOR_AGGREGATOR_CLASS "acpi_pad" + #define ACPI_PROCESSOR_AGGREGATOR_DEVICE_NAME "Processor Aggregator" + #define ACPI_PROCESSOR_AGGREGATOR_NOTIFY 0x80 + static DEFINE_MUTEX(isolated_cpus_lock); diff -urNp linux-2.6.32.15/drivers/acpi/battery.c linux-2.6.32.15/drivers/acpi/battery.c --- linux-2.6.32.15/drivers/acpi/battery.c 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/drivers/acpi/battery.c 2010-05-28 21:27:15.179152446 -0400 @@ -27801,6 +27801,18 @@ diff -urNp linux-2.6.32.15/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.15/drive .owner = THIS_MODULE, .open = blkvsc_open, .release = blkvsc_release, +diff -urNp linux-2.6.32.15/drivers/staging/hv/Hv.c linux-2.6.32.15/drivers/staging/hv/Hv.c +--- linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-05-15 13:20:18.963900073 -0400 ++++ linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-06-19 10:03:50.012498759 -0400 +@@ -161,7 +161,7 @@ static u64 HvDoHypercall(u64 Control, vo + u64 outputAddress = (Output) ? virt_to_phys(Output) : 0; + u32 outputAddressHi = outputAddress >> 32; + u32 outputAddressLo = outputAddress & 0xFFFFFFFF; +- volatile void *hypercallPage = gHvContext.HypercallPage; ++ volatile void *hypercallPage = ktva_ktla(gHvContext.HypercallPage); + + DPRINT_DBG(VMBUS, "Hypercall <control %llx input %p output %p>", + Control, Input, Output); diff -urNp linux-2.6.32.15/drivers/staging/panel/panel.c linux-2.6.32.15/drivers/staging/panel/panel.c --- linux-2.6.32.15/drivers/staging/panel/panel.c 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.15/drivers/staging/panel/panel.c 2010-05-28 21:27:15.842942312 -0400 @@ -34413,8 +34425,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_alloc.c linux-2.6.32.15/grsecurity/g +} diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c --- linux-2.6.32.15/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/gracl.c 2010-05-28 21:27:16.327077893 -0400 -@@ -0,0 +1,3897 @@ ++++ linux-2.6.32.15/grsecurity/gracl.c 2010-06-26 14:00:02.982610280 -0400 +@@ -0,0 +1,3899 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -38202,6 +38214,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c + who have the 'view' subject flag if the RBAC system is enabled + */ + ++ rcu_read_lock(); + read_lock(&tasklist_lock); + task = find_task_by_vpid(pid); + if (task) { @@ -38230,6 +38243,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c + ret = -ENOENT; + + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); + + return ret; +} @@ -38314,8 +38328,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c + diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gracl_cap.c --- linux-2.6.32.15/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-05-28 21:27:16.327077893 -0400 -@@ -0,0 +1,131 @@ ++++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-06-19 21:06:17.097881201 -0400 +@@ -0,0 +1,138 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -38370,6 +38384,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra + const struct cred *cred = current_cred(); + struct acl_subject_label *curracl; + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; ++ kernel_cap_t cap_audit = __cap_empty_set; + + if (!gr_acl_is_enabled()) + return 1; @@ -38378,6 +38393,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra + + cap_drop = curracl->cap_lower; + cap_mask = curracl->cap_mask; ++ cap_audit = curracl->cap_invert_audit; + + while ((curracl = curracl->parent_subject)) { + /* if the cap isn't specified in the current computed mask but is specified in the @@ -38389,11 +38405,16 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra + cap_raise(cap_mask, cap); + if (cap_raised(curracl->cap_lower, cap)) + cap_raise(cap_drop, cap); ++ if (cap_raised(curracl->cap_invert_audit, cap)) ++ cap_raise(cap_audit, cap); + } + } + -+ if (!cap_raised(cap_drop, cap)) ++ if (!cap_raised(cap_drop, cap)) { ++ if (cap_raised(cap_audit, cap)) ++ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]); + return 1; ++ } + + curracl = task->acl; + @@ -38409,7 +38430,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra + return 1; + } + -+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap)) ++ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap)) + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); + return 0; +} @@ -39818,8 +39839,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_segv.c linux-2.6.32.15/grsecurity/gr +} diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gracl_shm.c --- linux-2.6.32.15/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-05-28 21:27:16.331240103 -0400 -@@ -0,0 +1,37 @@ ++++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-06-26 14:01:55.746591444 -0400 +@@ -0,0 +1,40 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <linux/sched.h> @@ -39838,6 +39859,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra + if (!gr_acl_is_enabled()) + return 1; + ++ rcu_read_lock(); + read_lock(&tasklist_lock); + + task = find_task_by_vpid(shm_cprid); @@ -39850,10 +39872,12 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra + (task->acl->mode & GR_PROTSHM) && + (task->acl != current->acl))) { + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); + return 0; + } + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); + + return 1; +} @@ -39882,8 +39906,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chdir.c linux-2.6.32.15/grsecurity/g +} diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/grsec_chroot.c --- linux-2.6.32.15/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-05-28 21:27:16.331240103 -0400 -@@ -0,0 +1,348 @@ ++++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-06-26 14:05:26.054819575 -0400 +@@ -0,0 +1,355 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -39907,6 +39931,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ + if (likely(!proc_is_chrooted(current))) + return 1; + ++ rcu_read_lock(); + read_lock(&tasklist_lock); + + spid = find_vpid(pid); @@ -39917,12 +39942,14 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ + if (unlikely(!have_same_root(current, p))) { + gr_fs_read_unlock(p); + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG); + return 0; + } + gr_fs_read_unlock(p); + } + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); +#endif + return 1; +} @@ -40065,6 +40092,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ + if (likely(!proc_is_chrooted(current))) + return 1; + ++ rcu_read_lock(); + read_lock(&tasklist_lock); + + pid = find_vpid(shm_cprid); @@ -40077,6 +40105,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ + time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) { + gr_fs_read_unlock(p); + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); + return 0; + } @@ -40090,6 +40119,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ + if (unlikely(!have_same_root(current, p))) { + gr_fs_read_unlock(p); + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); + return 0; + } @@ -40098,6 +40128,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/ + } + + read_unlock(&tasklist_lock); ++ rcu_read_unlock(); +#endif + return 1; +} @@ -40804,8 +40835,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_fork.c linux-2.6.32.15/grsecurity/gr +} diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/grsec_init.c --- linux-2.6.32.15/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-05-28 21:27:16.331240103 -0400 -@@ -0,0 +1,241 @@ ++++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-06-27 12:52:54.615758098 -0400 +@@ -0,0 +1,258 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/mm.h> @@ -40814,6 +40845,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr +#include <linux/slab.h> +#include <linux/vmalloc.h> +#include <linux/percpu.h> ++#include <linux/module.h> + +int grsec_enable_link; +int grsec_enable_dmesg; @@ -40848,6 +40880,9 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr +int grsec_enable_tpe; +int grsec_tpe_gid; +int grsec_enable_blackhole; ++#ifdef CONFIG_IPV6_MODULE ++EXPORT_SYMBOL(grsec_enable_blackhole); ++#endif +int grsec_lastack_retries; +int grsec_enable_tpe_all; +int grsec_enable_socket_all; @@ -40857,6 +40892,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr +int grsec_enable_socket_server; +int grsec_socket_server_gid; +int grsec_resource_logging; ++int grsec_disable_privio; +int grsec_lock; + +DEFINE_SPINLOCK(grsec_alert_lock); @@ -40928,10 +40964,22 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr + return; + } + ++ ++#ifdef CONFIG_GRKERNSEC_IO ++#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO) ++ grsec_disable_privio = 1; ++#elif defined(CONFIG_GRKERNSEC_SYSCTL_ON) ++ grsec_disable_privio = 1; ++#else ++ grsec_disable_privio = 0; ++#endif ++#endif ++ +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON) +#ifndef CONFIG_GRKERNSEC_SYSCTL + grsec_lock = 1; +#endif ++ +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL + grsec_enable_audit_textrel = 1; +#endif @@ -41913,8 +41961,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sock.c linux-2.6.32.15/grsecurity/gr +} diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/grsec_sysctl.c --- linux-2.6.32.15/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-05-28 21:27:16.331240103 -0400 -@@ -0,0 +1,447 @@ ++++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-06-19 21:32:37.093947224 -0400 +@@ -0,0 +1,459 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/sysctl.h> @@ -41940,6 +41988,18 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/ +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) +ctl_table grsecurity_table[] = { +#ifdef CONFIG_GRKERNSEC_SYSCTL ++#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO ++#ifdef CONFIG_GRKERNSEC_IO ++ { ++ .ctl_name = CTL_UNNUMBERED, ++ .procname = "disable_priv_io", ++ .data = &grsec_disable_privio, ++ .maxlen = sizeof(int), ++ .mode = 0600, ++ .proc_handler = &proc_dointvec, ++ }, ++#endif ++#endif +#ifdef CONFIG_GRKERNSEC_LINK + { + .ctl_name = CTL_UNNUMBERED, @@ -42443,8 +42503,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_tpe.c linux-2.6.32.15/grsecurity/grs +} diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c --- linux-2.6.32.15/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/grsum.c 2010-05-28 21:27:16.331240103 -0400 -@@ -0,0 +1,59 @@ ++++ linux-2.6.32.15/grsecurity/grsum.c 2010-06-26 13:55:39.510774424 -0400 +@@ -0,0 +1,61 @@ +#include <linux/err.h> +#include <linux/kernel.h> +#include <linux/sched.h> @@ -42470,6 +42530,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c + volatile int dummy = 0; + unsigned int i; + ++ sg_init_table(&sg, 1); ++ + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(tfm)) { + /* should never happen, since sha256 should be built in */ @@ -42506,8 +42568,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c +} diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig --- linux-2.6.32.15/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/grsecurity/Kconfig 2010-05-28 21:27:16.331240103 -0400 -@@ -0,0 +1,965 @@ ++++ linux-2.6.32.15/grsecurity/Kconfig 2010-06-26 14:17:55.584309817 -0400 +@@ -0,0 +1,981 @@ +# +# grecurity configuration +# @@ -43342,7 +43404,7 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig + all servers it connects to have this option enabled, consider + disabling this feature on the haproxy host. + -+ If this option is enabled, two sysctl options with names ++ If the sysctl option is enabled, two sysctl options with names + "ip_blackhole" and "lastack_retries" will be created. + While "ip_blackhole" takes the standard zero/non-zero on/off + toggle, "lastack_retries" uses the same kinds of values as @@ -43434,6 +43496,22 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig + be set to a non-zero value after all the options are set. + *THIS IS EXTREMELY IMPORTANT* + ++config GRKERNSEC_SYSCTL_DISTRO ++ bool "Extra sysctl support for distro makers (READ HELP)" ++ depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO ++ help ++ If you say Y here, additional sysctl options will be created ++ for features that affect processes running as root. Therefore, ++ it is critical when using this option that the grsec_lock entry be ++ enabled after boot. Only distros with prebuilt kernel packages ++ with this option enabled that can ensure grsec_lock is enabled ++ after boot should use this option. ++ *Failure to set grsec_lock after boot makes all grsec features ++ this option covers useless* ++ ++ Currently this option creates the following sysctl entries: ++ "Disable Privileged I/O": "disable_priv_io" ++ +config GRKERNSEC_SYSCTL_ON + bool "Turn on features by default" + depends on GRKERNSEC_SYSCTL @@ -44679,8 +44757,8 @@ diff -urNp linux-2.6.32.15/include/linux/genhd.h linux-2.6.32.15/include/linux/g struct blk_integrity *integrity; diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/gracl.h --- linux-2.6.32.15/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/include/linux/gracl.h 2010-05-28 21:27:16.355225759 -0400 -@@ -0,0 +1,309 @@ ++++ linux-2.6.32.15/include/linux/gracl.h 2010-06-19 21:06:17.097881201 -0400 +@@ -0,0 +1,310 @@ +#ifndef GR_ACL_H +#define GR_ACL_H + @@ -44692,8 +44770,8 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g + +/* Major status information */ + -+#define GR_VERSION "grsecurity 2.1.14" -+#define GRSECURITY_VERSION 0x2114 ++#define GR_VERSION "grsecurity 2.2.0" ++#define GRSECURITY_VERSION 0x2200 + +enum { + GR_SHUTDOWN = 0, @@ -44784,6 +44862,7 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g + __u32 mode; + kernel_cap_t cap_mask; + kernel_cap_t cap_lower; ++ kernel_cap_t cap_invert_audit; + + struct rlimit res[GR_NLIMITS]; + __u32 resmask; @@ -45145,7 +45224,7 @@ diff -urNp linux-2.6.32.15/include/linux/grdefs.h linux-2.6.32.15/include/linux/ +#endif diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/linux/grinternal.h --- linux-2.6.32.15/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/include/linux/grinternal.h 2010-05-28 21:27:16.355225759 -0400 ++++ linux-2.6.32.15/include/linux/grinternal.h 2010-06-19 21:46:05.111766483 -0400 @@ -0,0 +1,215 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H @@ -45364,8 +45443,8 @@ diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/li +#endif diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/grmsg.h --- linux-2.6.32.15/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/include/linux/grmsg.h 2010-05-28 21:27:16.355225759 -0400 -@@ -0,0 +1,107 @@ ++++ linux-2.6.32.15/include/linux/grmsg.h 2010-06-19 21:06:17.097881201 -0400 +@@ -0,0 +1,108 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -45461,6 +45540,7 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4" +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " +#define GR_CAP_ACL_MSG "use of %s denied for " ++#define GR_CAP_ACL_MSG2 "use of %s permitted for " +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by " @@ -45475,8 +45555,8 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by " diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/linux/grsecurity.h --- linux-2.6.32.15/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.15/include/linux/grsecurity.h 2010-05-28 21:27:16.355225759 -0400 -@@ -0,0 +1,199 @@ ++++ linux-2.6.32.15/include/linux/grsecurity.h 2010-06-19 21:45:41.506145931 -0400 +@@ -0,0 +1,200 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -45673,6 +45753,7 @@ diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/li + struct vm_area_struct *vma); + +extern int grsec_enable_dmesg; ++extern int grsec_disable_privio; +#endif + +#endif @@ -47637,7 +47718,7 @@ diff -urNp linux-2.6.32.15/init/Kconfig linux-2.6.32.15/init/Kconfig also breaks ancient binaries (including anything libc5 based). diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c --- linux-2.6.32.15/init/main.c 2010-04-04 20:41:50.060586306 -0400 -+++ linux-2.6.32.15/init/main.c 2010-05-28 21:27:16.427051097 -0400 ++++ linux-2.6.32.15/init/main.c 2010-06-19 10:03:39.368801195 -0400 @@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void) #ifdef CONFIG_TC extern void tc_init(void); @@ -47653,7 +47734,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +extern void pax_enter_kernel_user(void); +extern void pax_exit_kernel_user(void); -+extern pteval_t clone_pgd_mask; ++extern pgdval_t clone_pgd_mask; +#endif + +#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -47675,7 +47756,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c + *p = 0xc3; + p = (char *)pax_exit_kernel_user; + *p = 0xc3; -+ clone_pgd_mask = ~(pteval_t)0UL; ++ clone_pgd_mask = ~(pgdval_t)0UL; +#endif + + return 0; @@ -50620,7 +50701,7 @@ diff -urNp linux-2.6.32.15/mm/madvise.c linux-2.6.32.15/mm/madvise.c goto out; diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c --- linux-2.6.32.15/mm/memory.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/mm/memory.c 2010-05-28 21:27:16.487251224 -0400 ++++ linux-2.6.32.15/mm/memory.c 2010-06-19 10:03:50.012498759 -0400 @@ -48,6 +48,7 @@ #include <linux/ksm.h> #include <linux/rmap.h> @@ -50629,7 +50710,33 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c #include <linux/delayacct.h> #include <linux/init.h> #include <linux/writeback.h> -@@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct +@@ -187,8 +188,12 @@ static inline void free_pmd_range(struct + return; + + pmd = pmd_offset(pud, start); ++ ++#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_PER_CPU_PGD) + pud_clear(pud); + pmd_free_tlb(tlb, pmd, start); ++#endif ++ + } + + static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -220,8 +225,12 @@ static inline void free_pud_range(struct + return; + + pud = pud_offset(pgd, start); ++ ++#if !defined(CONFIG_X86_64) || !defined(CONFIG_PAX_PER_CPU_PGD) + pgd_clear(pgd); + pud_free_tlb(tlb, pud, start); ++#endif ++ + } + + /* +@@ -1251,10 +1260,10 @@ int __get_user_pages(struct task_struct (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); i = 0; @@ -50642,7 +50749,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c if (!vma && in_gate_area(tsk, start)) { unsigned long pg = start & PAGE_MASK; struct vm_area_struct *gate_vma = get_gate_vma(tsk); -@@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct +@@ -1296,7 +1305,7 @@ int __get_user_pages(struct task_struct continue; } @@ -50651,7 +50758,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct +@@ -1371,7 +1380,7 @@ int __get_user_pages(struct task_struct start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -50660,7 +50767,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c return i; } -@@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct +@@ -1967,6 +1976,186 @@ static inline void cow_user_page(struct copy_user_highpage(dst, src, va, vma); } @@ -50847,7 +50954,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2146,6 +2327,12 @@ gotten: +@@ -2146,6 +2335,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -50860,7 +50967,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter(mm, file_rss); -@@ -2197,6 +2384,10 @@ gotten: +@@ -2197,6 +2392,10 @@ gotten: page_remove_rmap(old_page); } @@ -50871,7 +50978,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct +@@ -2594,6 +2793,11 @@ static int do_swap_page(struct mm_struct swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -50883,7 +50990,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c unlock_page(page); if (flags & FAULT_FLAG_WRITE) { -@@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct +@@ -2605,6 +2809,11 @@ static int do_swap_page(struct mm_struct /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, pte); @@ -50895,7 +51002,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s +@@ -2628,7 +2837,7 @@ static int do_anonymous_page(struct mm_s unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -50904,7 +51011,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c spinlock_t *ptl; pte_t entry; -@@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s +@@ -2663,6 +2872,11 @@ static int do_anonymous_page(struct mm_s if (!pte_none(*page_table)) goto release; @@ -50916,7 +51023,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c inc_mm_counter(mm, anon_rss); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -2670,6 +2876,12 @@ setpte: +@@ -2670,6 +2884,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, entry); @@ -50929,7 +51036,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct * +@@ -2812,6 +3032,12 @@ static int __do_fault(struct mm_struct * */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -50942,7 +51049,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct * +@@ -2831,6 +3057,14 @@ static int __do_fault(struct mm_struct * /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, entry); @@ -50957,7 +51064,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c } else { if (charged) mem_cgroup_uncharge_page(page); -@@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc +@@ -2978,6 +3212,12 @@ static inline int handle_pte_fault(struc if (flags & FAULT_FLAG_WRITE) flush_tlb_page(vma, address); } @@ -50970,7 +51077,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm +@@ -2994,6 +3234,10 @@ int handle_mm_fault(struct mm_struct *mm pmd_t *pmd; pte_t *pte; @@ -50981,7 +51088,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm +@@ -3001,6 +3245,34 @@ int handle_mm_fault(struct mm_struct *mm if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -51016,7 +51123,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void) +@@ -3098,7 +3370,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -54054,36 +54161,72 @@ diff -urNp linux-2.6.32.15/net/ipv6/raw.c linux-2.6.32.15/net/ipv6/raw.c { diff -urNp linux-2.6.32.15/net/ipv6/tcp_ipv6.c linux-2.6.32.15/net/ipv6/tcp_ipv6.c --- linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-05-28 21:27:16.624385427 -0400 -@@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk - return 0; ++++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-06-26 14:14:12.642949877 -0400 +@@ -88,6 +88,10 @@ static struct tcp_md5sig_key *tcp_v6_md5 + } + #endif - reset: +#ifdef CONFIG_GRKERNSEC_BLACKHOLE -+ if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK)) ++extern int grsec_enable_blackhole; +#endif - tcp_v6_send_reset(sk, skb); - discard: - if (opt_skb) -@@ -1700,6 +1703,9 @@ no_tcp_socket: ++ + static void tcp_v6_hash(struct sock *sk) + { + if (sk->sk_state != TCP_CLOSE) { +@@ -1655,12 +1659,20 @@ static int tcp_v6_rcv(struct sk_buff *sk + TCP_SKB_CB(skb)->sacked = 0; + + sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); +- if (!sk) ++ if (!sk) { ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++ ret = 1; ++#endif + goto no_tcp_socket; ++ } + + process: +- if (sk->sk_state == TCP_TIME_WAIT) ++ if (sk->sk_state == TCP_TIME_WAIT) { ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++ ret = 2; ++#endif + goto do_time_wait; ++ } + + if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) + goto discard_and_relse; +@@ -1700,6 +1712,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { +#ifdef CONFIG_GRKERNSEC_BLACKHOLE -+ if (skb->dev->flags & IFF_LOOPBACK) ++ if (!grsec_enable_blackhole || (ret == 1 && ++ (skb->dev->flags & IFF_LOOPBACK))) +#endif tcp_v6_send_reset(NULL, skb); } diff -urNp linux-2.6.32.15/net/ipv6/udp.c linux-2.6.32.15/net/ipv6/udp.c --- linux-2.6.32.15/net/ipv6/udp.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.15/net/ipv6/udp.c 2010-05-28 21:27:16.631258014 -0400 -@@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, ++++ linux-2.6.32.15/net/ipv6/udp.c 2010-06-26 14:15:10.978789054 -0400 +@@ -49,6 +49,10 @@ + #include <linux/seq_file.h> + #include "udp_impl.h" + ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++extern int grsec_enable_blackhole; ++#endif ++ + int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) + { + const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; +@@ -587,6 +591,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); +#ifdef CONFIG_GRKERNSEC_BLACKHOLE -+ if (skb->dev->flags & IFF_LOOPBACK) ++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) +#endif icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev); @@ -55299,7 +55442,7 @@ diff -urNp linux-2.6.32.15/security/Kconfig linux-2.6.32.15/security/Kconfig +config PAX_KERNEXEC + bool "Enforce non-executable kernel pages" + depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN -+ select PAX_PER_CPU_PGD if X86_64 ++ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) + help + This is the kernel land equivalent of PAGEEXEC and MPROTECT, + that is, enabling this option will make it harder to inject |