summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2010-06-30 08:52:44 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2010-06-30 08:52:44 +0000
commit74d2648cf84993788c3538b2ebc632a077fd967e (patch)
treeaf832f484f10f911446af4f694cb2255e8f52310
parenta70bc750040798ae7b2181334d9b17faf567a26e (diff)
downloadaports-74d2648cf84993788c3538b2ebc632a077fd967e.tar.bz2
aports-74d2648cf84993788c3538b2ebc632a077fd967e.tar.xz
main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.15-201006271253
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch)577
2 files changed, 363 insertions, 220 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index cb94b0136..ef73e4958 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.15
_kernver=2.6.32
-pkgrel=8
+pkgrel=9
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.1.14-2.6.32.15-201006011506.patch
+ grsecurity-2.2.0-2.6.32.15-201006271253.patch
0001-grsec-revert-conflicting-flow-cache-changes.patch
0002-gre-fix-hard-header-destination-address-checking.patch
0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -148,7 +148,7 @@ firmware() {
md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
5c9251844c2819eddee4dba1293bd46d patch-2.6.32.15.bz2
-7f61d0de3d703c465bff03a20b2dbd30 grsecurity-2.1.14-2.6.32.15-201006011506.patch
+98a8ab1e328d67e40657ef5e4b9d1b37 grsecurity-2.2.0-2.6.32.15-201006271253.patch
1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch
index 215c62b4e..722e01f37 100644
--- a/main/linux-grsec/grsecurity-2.1.14-2.6.32.15-201006011506.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.15-201006271253.patch
@@ -7562,7 +7562,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/page_64_types.h linux-2.6.32.15/
#define __VIRTUAL_MASK_SHIFT 47
diff -urNp linux-2.6.32.15/arch/x86/include/asm/paravirt.h linux-2.6.32.15/arch/x86/include/asm/paravirt.h
--- linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-05-28 21:27:14.915041226 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/paravirt.h 2010-06-19 10:03:50.008525890 -0400
@@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
@@ -7765,7 +7765,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32.
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-05-28 21:27:14.915041226 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h 2010-06-19 10:03:50.008525890 -0400
@@ -38,12 +38,16 @@ static inline void native_set_pte_atomic
static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
@@ -7785,7 +7785,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.15
/*
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-05-28 21:27:14.915041226 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h 2010-06-19 10:03:50.008525890 -0400
@@ -16,10 +16,13 @@
extern pud_t level3_kernel_pgt[512];
@@ -7812,7 +7812,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc
}
static inline void native_pmd_clear(pmd_t *pmd)
-@@ -94,12 +99,18 @@ static inline void native_pud_clear(pud_
+@@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_
static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
{
@@ -7822,15 +7822,6 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64.h linux-2.6.32.15/arc
}
static inline void native_pgd_clear(pgd_t *pgd)
- {
-+
-+#ifndef CONFIG_PAX_PER_CPU_PGD
- native_set_pgd(pgd, native_make_pgd(0));
-+#endif
-+
- }
-
- /*
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h 2010-05-28 21:27:14.915041226 -0400
@@ -7844,7 +7835,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable_64_types.h linux-2.6.32.
#endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x86/include/asm/pgtable.h
--- linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-05-28 21:27:14.918896182 -0400
++++ linux-2.6.32.15/arch/x86/include/asm/pgtable.h 2010-06-19 10:03:50.008525890 -0400
@@ -74,12 +74,51 @@ extern struct list_head pgd_list;
#define arch_end_context_switch(prev) do {} while(0)
@@ -7988,7 +7979,7 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -611,11 +698,18 @@ static inline void ptep_set_wrprotect(st
+@@ -611,11 +698,23 @@ static inline void ptep_set_wrprotect(st
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -8004,7 +7995,12 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/pgtable.h linux-2.6.32.15/arch/x
+#ifdef CONFIG_PAX_PER_CPU_PGD
+extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count);
++#endif
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count);
++#else
++static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {}
+#endif
#include <asm-generic/pgtable.h>
@@ -9301,16 +9297,8 @@ diff -urNp linux-2.6.32.15/arch/x86/include/asm/xsave.h linux-2.6.32.15/arch/x86
".section .fixup,\"ax\"\n"
diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
--- linux-2.6.32.15/arch/x86/Kconfig 2010-05-15 13:20:18.407099662 -0400
-+++ linux-2.6.32.15/arch/x86/Kconfig 2010-05-28 21:27:14.922894828 -0400
-@@ -531,6 +531,7 @@ source "arch/x86/lguest/Kconfig"
-
- config PARAVIRT
- bool "Enable paravirtualization code"
-+ depends on !PAX_PER_CPU_PGD
- ---help---
- This changes the kernel so it can modify itself when it is run
- under a hypervisor, potentially improving performance significantly
-@@ -1083,7 +1084,7 @@ config PAGE_OFFSET
++++ linux-2.6.32.15/arch/x86/Kconfig 2010-06-19 11:15:06.486972627 -0400
+@@ -1083,7 +1083,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -9319,7 +9307,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1414,7 +1415,7 @@ config ARCH_USES_PG_UNCACHED
+@@ -1414,7 +1414,7 @@ config ARCH_USES_PG_UNCACHED
config EFI
bool "EFI runtime service support"
@@ -9328,7 +9316,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
---help---
This enables the kernel to use EFI runtime services that are
available (such as the EFI variable services).
-@@ -1501,6 +1502,7 @@ config KEXEC_JUMP
+@@ -1501,6 +1501,7 @@ config KEXEC_JUMP
config PHYSICAL_START
hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
default "0x1000000"
@@ -9336,7 +9324,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
---help---
This gives the physical address where the kernel is loaded.
-@@ -1565,6 +1567,7 @@ config PHYSICAL_ALIGN
+@@ -1565,6 +1566,7 @@ config PHYSICAL_ALIGN
hex
prompt "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -9344,7 +9332,7 @@ diff -urNp linux-2.6.32.15/arch/x86/Kconfig linux-2.6.32.15/arch/x86/Kconfig
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1596,9 +1599,10 @@ config HOTPLUG_CPU
+@@ -1596,9 +1598,10 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
config COMPAT_VDSO
@@ -10503,7 +10491,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/efi_stub_32.S linux-2.6.32.15/arch/x8
efi_rt_function_ptr:
diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/kernel/entry_32.S
--- linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-05-28 21:27:15.031137412 -0400
++++ linux-2.6.32.15/arch/x86/kernel/entry_32.S 2010-06-19 10:03:50.008525890 -0400
@@ -191,7 +191,67 @@
#endif /* CONFIG_X86_32_LAZY_GS */
@@ -10780,15 +10768,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k
#include "syscall_table_32.S"
syscall_table_size=(.-sys_call_table)
-@@ -1250,12 +1366,15 @@ error_code:
- movl %ecx, %fs
- UNWIND_ESPFIX_STACK
- GS_TO_REG %ecx
-+
-+ PAX_ENTER_KERNEL
-+
- movl PT_GS(%esp), %edi # get the function address
- movl PT_ORIG_EAX(%esp), %edx # get the error code
+@@ -1255,9 +1371,12 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -10796,7 +10776,12 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/entry_32.S linux-2.6.32.15/arch/x86/k
+ movl $(__KERNEL_DS), %ecx
movl %ecx, %ds
movl %ecx, %es
++
++ PAX_ENTER_KERNEL
++
TRACE_IRQS_OFF
+ movl %esp,%eax # pt_regs pointer
+ call *%edi
@@ -1351,6 +1470,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
@@ -11367,7 +11352,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head32.c linux-2.6.32.15/arch/x86/ker
/* Reserve INITRD */
diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/kernel/head_32.S
--- linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-05-28 21:27:15.039159907 -0400
++++ linux-2.6.32.15/arch/x86/kernel/head_32.S 2010-06-19 10:03:50.008525890 -0400
@@ -19,10 +19,17 @@
#include <asm/setup.h>
#include <asm/processor-flags.h>
@@ -11658,7 +11643,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -608,27 +679,45 @@ ENTRY(initial_code)
+@@ -608,27 +679,38 @@ ENTRY(initial_code)
/*
* BSS section
*/
@@ -11699,17 +11684,22 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
- .align PAGE_SIZE_asm
+.section .swapper_pg_dir,"a",@progbits
+
+ ENTRY(swapper_pg_dir)
+ .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
+ # if KPMDS == 3
+@@ -647,15 +729,24 @@ ENTRY(swapper_pg_dir)
+ # error "Kernel PMDs should be 1, 2 or 3"
+ # endif
+ .align PAGE_SIZE_asm /* needs to be page-sized too */
++
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ENTRY(cpu_pgd)
+ .rept NR_CPUS
-+ .fill 512,8,0
++ .fill 4,8,0
+ .endr
+#endif
+
- ENTRY(swapper_pg_dir)
- .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
- # if KPMDS == 3
-@@ -651,11 +740,12 @@ ENTRY(swapper_pg_dir)
+ #endif
.data
ENTRY(stack_start)
@@ -11723,7 +11713,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
early_recursion_flag:
.long 0
-@@ -691,7 +781,7 @@ fault_msg:
+@@ -691,7 +782,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -11732,7 +11722,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -702,7 +792,7 @@ idt_descr:
+@@ -702,7 +793,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -11741,7 +11731,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -711,5 +801,65 @@ ENTRY(early_gdt_descr)
+@@ -711,5 +802,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -11809,23 +11799,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/head_32.S linux-2.6.32.15/arch/x86/ke
+ /* Be sure this is zeroed to avoid false validations in Xen */
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
-diff -urNp linux-2.6.32.15/arch/x86/kernel/head64.c linux-2.6.32.15/arch/x86/kernel/head64.c
---- linux-2.6.32.15/arch/x86/kernel/head64.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/head64.c 2010-05-28 21:27:15.039159907 -0400
-@@ -29,7 +29,13 @@
- static void __init zap_identity_mappings(void)
- {
- pgd_t *pgd = pgd_offset_k(0UL);
-+
-+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ set_pgd(pgd, native_make_pgd(0));
-+#else
- pgd_clear(pgd);
-+#endif
-+
- __flush_tlb_all();
- }
-
diff -urNp linux-2.6.32.15/arch/x86/kernel/head_64.S linux-2.6.32.15/arch/x86/kernel/head_64.S
--- linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/kernel/head_64.S 2010-05-28 21:27:15.039159907 -0400
@@ -12136,7 +12109,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/init_task.c linux-2.6.32.15/arch/x86/
+EXPORT_SYMBOL(init_tss);
diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/kernel/ioport.c
--- linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-05-28 21:27:15.039159907 -0400
++++ linux-2.6.32.15/arch/x86/kernel/ioport.c 2010-06-19 21:48:03.327550760 -0400
@@ -6,6 +6,7 @@
#include <linux/sched.h>
#include <linux/kernel.h>
@@ -12150,7 +12123,7 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
+#ifdef CONFIG_GRKERNSEC_IO
-+ if (turn_on) {
++ if (turn_on && grsec_disable_privio) {
+ gr_handle_ioperm();
+ return -EPERM;
+ }
@@ -12167,20 +12140,19 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/ioport.c linux-2.6.32.15/arch/x86/ker
set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
-@@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s
+@@ -111,6 +118,12 @@ static int do_iopl(unsigned int level, s
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
+#ifdef CONFIG_GRKERNSEC_IO
-+ gr_handle_iopl();
-+ return -EPERM;
-+#else
++ if (grsec_disable_privio) {
++ gr_handle_iopl();
++ return -EPERM;
++ }
++#endif
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
-+#endif
}
- regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
-
diff -urNp linux-2.6.32.15/arch/x86/kernel/irq_32.c linux-2.6.32.15/arch/x86/kernel/irq_32.c
--- linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/kernel/irq_32.c 2010-05-28 21:27:15.039159907 -0400
@@ -12406,23 +12378,6 @@ diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.15/ar
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
-diff -urNp linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c
---- linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/kernel/machine_kexec_64.c 2010-05-28 21:27:15.043064911 -0400
-@@ -126,7 +126,13 @@ static int init_level4_page(struct kimag
- }
- /* clear the unused entries */
- while (addr < end_addr) {
-+
-+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ set_pgd(level4p++, native_make_pgd(0));
-+#else
- pgd_clear(level4p++);
-+#endif
-+
- addr += PGDIR_SIZE;
- }
- out:
diff -urNp linux-2.6.32.15/arch/x86/kernel/microcode_amd.c linux-2.6.32.15/arch/x86/kernel/microcode_amd.c
--- linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/kernel/microcode_amd.c 2010-05-28 21:27:15.043064911 -0400
@@ -16982,7 +16937,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/extable.c linux-2.6.32.15/arch/x86/mm/ext
pnp_bios_is_utter_crap = 1;
diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault.c
--- linux-2.6.32.15/arch/x86/mm/fault.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-05-28 21:27:15.107152206 -0400
++++ linux-2.6.32.15/arch/x86/mm/fault.c 2010-06-19 10:03:50.012498759 -0400
@@ -11,10 +11,19 @@
#include <linux/kprobes.h> /* __kprobes, ... */
#include <linux/mmiotrace.h> /* kmmio_handler, ... */
@@ -17069,17 +17024,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
break;
}
spin_unlock_irqrestore(&pgd_lock, flags);
-@@ -257,6 +303,9 @@ static noinline int vmalloc_fault(unsign
- * Do _not_ use "current" here. We might be inside
+@@ -258,6 +304,11 @@ static noinline int vmalloc_fault(unsign
* an interrupt in the middle of a task switch..
*/
+ pgd_paddr = read_cr3();
++
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK));
++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK));
+#endif
- pgd_paddr = read_cr3();
++
pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
if (!pmd_k)
-@@ -332,15 +381,27 @@ void vmalloc_sync_all(void)
+ return -1;
+@@ -332,15 +383,27 @@ void vmalloc_sync_all(void)
const pgd_t *pgd_ref = pgd_offset_k(address);
unsigned long flags;
@@ -17107,7 +17064,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
if (pgd_none(*pgd))
set_pgd(pgd, *pgd_ref);
else
-@@ -373,7 +434,14 @@ static noinline int vmalloc_fault(unsign
+@@ -373,7 +436,14 @@ static noinline int vmalloc_fault(unsign
* happen within a race in page table update. In the later
* case just flush:
*/
@@ -17122,7 +17079,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
pgd_ref = pgd_offset_k(address);
if (pgd_none(*pgd_ref))
return -1;
-@@ -535,7 +603,7 @@ static int is_errata93(struct pt_regs *r
+@@ -535,7 +605,7 @@ static int is_errata93(struct pt_regs *r
static int is_errata100(struct pt_regs *regs, unsigned long address)
{
#ifdef CONFIG_X86_64
@@ -17131,7 +17088,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
return 1;
#endif
return 0;
-@@ -562,7 +630,7 @@ static int is_f00f_bug(struct pt_regs *r
+@@ -562,7 +632,7 @@ static int is_f00f_bug(struct pt_regs *r
}
static const char nx_warning[] = KERN_CRIT
@@ -17140,7 +17097,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
static void
show_fault_oops(struct pt_regs *regs, unsigned long error_code,
-@@ -571,15 +639,26 @@ show_fault_oops(struct pt_regs *regs, un
+@@ -571,15 +641,26 @@ show_fault_oops(struct pt_regs *regs, un
if (!oops_may_print())
return;
@@ -17169,7 +17126,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -704,6 +783,68 @@ __bad_area_nosemaphore(struct pt_regs *r
+@@ -704,6 +785,68 @@ __bad_area_nosemaphore(struct pt_regs *r
unsigned long address, int si_code)
{
struct task_struct *tsk = current;
@@ -17238,7 +17195,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
/* User mode accesses just cause a SIGSEGV */
if (error_code & PF_USER) {
-@@ -848,6 +989,106 @@ static int spurious_fault_check(unsigned
+@@ -848,6 +991,106 @@ static int spurious_fault_check(unsigned
return 1;
}
@@ -17345,7 +17302,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -914,6 +1155,9 @@ int show_unhandled_signals = 1;
+@@ -914,6 +1157,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, int write, struct vm_area_struct *vma)
{
@@ -17355,7 +17312,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
if (write) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -947,17 +1191,31 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -947,17 +1193,31 @@ do_page_fault(struct pt_regs *regs, unsi
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -17391,7 +17348,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1017,7 +1275,7 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1017,7 +1277,7 @@ do_page_fault(struct pt_regs *regs, unsi
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
@@ -17400,7 +17357,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1071,6 +1329,11 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1071,6 +1331,11 @@ do_page_fault(struct pt_regs *regs, unsi
might_sleep();
}
@@ -17412,7 +17369,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1082,18 +1345,24 @@ do_page_fault(struct pt_regs *regs, unsi
+@@ -1082,18 +1347,24 @@ do_page_fault(struct pt_regs *regs, unsi
bad_area(regs, error_code, address);
return;
}
@@ -17436,19 +17393,19 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/fault.c linux-2.6.32.15/arch/x86/mm/fault
+ if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
+ bad_area(regs, error_code, address);
+ return;
-+ }
+ }
+
+#ifdef CONFIG_PAX_SEGMEXEC
+ if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
+ bad_area(regs, error_code, address);
+ return;
- }
++ }
+#endif
+
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1137,3 +1406,199 @@ good_area:
+@@ -1137,3 +1408,199 @@ good_area:
up_read(&mm->mmap_sem);
}
@@ -18182,7 +18139,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init_64.c linux-2.6.32.15/arch/x86/mm/ini
return "[vsyscall]";
diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c
--- linux-2.6.32.15/arch/x86/mm/init.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/init.c 2010-05-28 21:27:15.114903294 -0400
++++ linux-2.6.32.15/arch/x86/mm/init.c 2010-06-19 10:03:50.012498759 -0400
@@ -69,11 +69,7 @@ static void __init find_early_table_spac
* cause a hotspot and fill up ZONE_DMA. The page tables
* need roughly 0.5KB per GB.
@@ -18211,7 +18168,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c
return 1;
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
-@@ -379,6 +381,87 @@ void free_init_pages(char *what, unsigne
+@@ -379,6 +381,89 @@ void free_init_pages(char *what, unsigne
void free_initmem(void)
{
@@ -18250,12 +18207,14 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/init.c linux-2.6.32.15/arch/x86/mm/init.c
+*/
+#ifdef CONFIG_X86_PAE
+ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
++/*
+ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
+ pgd = pgd_offset_k(addr);
+ pud = pud_offset(pgd, addr);
+ pmd = pmd_offset(pud, addr);
+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
+ }
++*/
+#endif
+
+#ifdef CONFIG_MODULES
@@ -18475,38 +18434,83 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/numa_32.c linux-2.6.32.15/arch/x86/mm/num
#define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr.c linux-2.6.32.15/arch/x86/mm/pageattr.c
--- linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-05-28 21:27:15.118897735 -0400
-@@ -268,9 +268,10 @@ static inline pgprot_t static_protection
++++ linux-2.6.32.15/arch/x86/mm/pageattr.c 2010-06-19 10:03:50.012498759 -0400
+@@ -261,16 +261,17 @@ static inline pgprot_t static_protection
+ * PCI BIOS based config access (CONFIG_PCI_GOBIOS) support.
+ */
+ if (within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
+- pgprot_val(forbidden) |= _PAGE_NX;
++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
+
+ /*
+ * The kernel text needs to be executable for obvious reasons
* Does not cover __inittext since that is gone later on. On
* 64bit we do not enforce !NX on the low mapping
*/
- if (within(address, (unsigned long)_text, (unsigned long)_etext))
+- pgprot_val(forbidden) |= _PAGE_NX;
+ if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
- pgprot_val(forbidden) |= _PAGE_NX;
++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
+#ifdef CONFIG_DEBUG_RODATA
/*
* The .rodata section needs to be read-only. Using the pfn
* catches all aliases.
-@@ -278,6 +279,7 @@ static inline pgprot_t static_protection
+@@ -278,6 +279,14 @@ static inline pgprot_t static_protection
if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
__pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
pgprot_val(forbidden) |= _PAGE_RW;
+#endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++ if (within(pfn, __pa((unsigned long)&_text), __pa((unsigned long)&_sdata))) {
++ pgprot_val(forbidden) |= _PAGE_RW;
++ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
++ }
++#endif
prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
-@@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address);
+@@ -331,23 +340,37 @@ EXPORT_SYMBOL_GPL(lookup_address);
static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
{
/* change init_mm */
+ pax_open_kernel();
set_pte_atomic(kpte, pte);
-+ pax_close_kernel();
+
#ifdef CONFIG_X86_32
if (!SHARED_KERNEL_PMD) {
++
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ unsigned long cpu;
++#else
struct page *page;
++#endif
+
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ for (cpu = 0; cpu < NR_CPUS; ++cpu) {
++ pgd_t *pgd = get_cpu_pgd(cpu);
++#else
+ list_for_each_entry(page, &pgd_list, lru) {
+- pgd_t *pgd;
++ pgd_t *pgd = (pgd_t *)page_address(page);;
++#endif
++
+ pud_t *pud;
+ pmd_t *pmd;
+
+- pgd = (pgd_t *)page_address(page) + pgd_index(address);
++ pgd += pgd_index(address);
+ pud = pud_offset(pgd, address);
+ pmd = pmd_offset(pud, address);
+ set_pte_atomic((pte_t *)pmd, pte);
+ }
+ }
+ #endif
++ pax_close_kernel();
+ }
+
+ static int
diff -urNp linux-2.6.32.15/arch/x86/mm/pageattr-test.c linux-2.6.32.15/arch/x86/mm/pageattr-test.c
--- linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/arch/x86/mm/pageattr-test.c 2010-05-28 21:27:15.118897735 -0400
@@ -18577,28 +18581,22 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable_32.c linux-2.6.32.15/arch/x86/mm/
* It's enough to flush this one mapping.
diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgtable.c
--- linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-05-28 21:27:15.118897735 -0400
-@@ -63,8 +63,12 @@ void ___pmd_free_tlb(struct mmu_gather *
- #if PAGETABLE_LEVELS > 3
- void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud)
- {
-+
-+#ifndef CONFIG_PAX_PER_CPU_PGD
- paravirt_release_pud(__pa(pud) >> PAGE_SHIFT);
- tlb_remove_page(tlb, virt_to_page(pud));
-+#endif
-+
- }
- #endif /* PAGETABLE_LEVELS > 3 */
- #endif /* PAGETABLE_LEVELS > 2 */
-@@ -83,8 +87,62 @@ static inline void pgd_list_del(pgd_t *p
++++ linux-2.6.32.15/arch/x86/mm/pgtable.c 2010-06-19 10:03:50.012498759 -0400
+@@ -83,8 +83,59 @@ static inline void pgd_list_del(pgd_t *p
list_del(&page->lru);
}
-#define UNSHARED_PTRS_PER_PGD \
- (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+pteval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT;
++pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT;
++
++void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count)
++{
++ while (count--)
++ *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER);
++
++}
+#endif
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
@@ -18613,16 +18611,6 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
+#endif
+
+}
-+
-+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count)
-+{
-+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ while (count--)
-+ *dst++ = __pgd((pgd_val(*src++) | _PAGE_NX) & ~_PAGE_USER);
-+#endif
-+
-+}
+#endif
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
@@ -18656,7 +18644,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
static void pgd_ctor(pgd_t *pgd)
{
-@@ -119,6 +177,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -119,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd)
pgd_list_del(pgd);
spin_unlock_irqrestore(&pgd_lock, flags);
}
@@ -18664,7 +18652,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
-@@ -131,7 +190,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -131,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd)
* -- wli
*/
@@ -18673,7 +18661,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
/*
* In PAE mode, we need to do a cr3 reload (=tlb flush) when
* updating the top-level pagetable entries to guarantee the
-@@ -143,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -143,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd)
* not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
* and initialize the kernel pmds here.
*/
@@ -18682,7 +18670,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
{
-@@ -162,36 +221,38 @@ void pud_populate(struct mm_struct *mm,
+@@ -162,36 +214,38 @@ void pud_populate(struct mm_struct *mm,
if (mm == current->active_mm)
write_cr3(read_cr3());
}
@@ -18732,7 +18720,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
return -ENOMEM;
}
-@@ -204,51 +265,56 @@ static int preallocate_pmds(pmd_t *pmds[
+@@ -204,51 +258,56 @@ static int preallocate_pmds(pmd_t *pmds[
* preallocate which never got a corresponding vma will need to be
* freed manually.
*/
@@ -18806,7 +18794,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
unsigned long flags;
pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
-@@ -258,11 +324,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -258,11 +317,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
mm->pgd = pgd;
@@ -18820,7 +18808,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
/*
* Make sure that pre-populating the pmds is atomic with
-@@ -272,14 +338,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -272,14 +331,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
spin_lock_irqsave(&pgd_lock, flags);
pgd_ctor(pgd);
@@ -18838,7 +18826,7 @@ diff -urNp linux-2.6.32.15/arch/x86/mm/pgtable.c linux-2.6.32.15/arch/x86/mm/pgt
out_free_pgd:
free_page((unsigned long)pgd);
out:
-@@ -288,7 +354,7 @@ out:
+@@ -288,7 +347,7 @@ out:
void pgd_free(struct mm_struct *mm, pgd_t *pgd)
{
@@ -20109,6 +20097,18 @@ diff -urNp linux-2.6.32.15/Documentation/kernel-parameters.txt linux-2.6.32.15/D
pcbit= [HW,ISDN]
pcd. [PARIDE]
+diff -urNp linux-2.6.32.15/drivers/acpi/acpi_pad.c linux-2.6.32.15/drivers/acpi/acpi_pad.c
+--- linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-03-15 11:52:04.000000000 -0400
++++ linux-2.6.32.15/drivers/acpi/acpi_pad.c 2010-06-19 10:03:45.704801524 -0400
+@@ -30,7 +30,7 @@
+ #include <acpi/acpi_bus.h>
+ #include <acpi/acpi_drivers.h>
+
+-#define ACPI_PROCESSOR_AGGREGATOR_CLASS "processor_aggregator"
++#define ACPI_PROCESSOR_AGGREGATOR_CLASS "acpi_pad"
+ #define ACPI_PROCESSOR_AGGREGATOR_DEVICE_NAME "Processor Aggregator"
+ #define ACPI_PROCESSOR_AGGREGATOR_NOTIFY 0x80
+ static DEFINE_MUTEX(isolated_cpus_lock);
diff -urNp linux-2.6.32.15/drivers/acpi/battery.c linux-2.6.32.15/drivers/acpi/battery.c
--- linux-2.6.32.15/drivers/acpi/battery.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/drivers/acpi/battery.c 2010-05-28 21:27:15.179152446 -0400
@@ -27801,6 +27801,18 @@ diff -urNp linux-2.6.32.15/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.15/drive
.owner = THIS_MODULE,
.open = blkvsc_open,
.release = blkvsc_release,
+diff -urNp linux-2.6.32.15/drivers/staging/hv/Hv.c linux-2.6.32.15/drivers/staging/hv/Hv.c
+--- linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-05-15 13:20:18.963900073 -0400
++++ linux-2.6.32.15/drivers/staging/hv/Hv.c 2010-06-19 10:03:50.012498759 -0400
+@@ -161,7 +161,7 @@ static u64 HvDoHypercall(u64 Control, vo
+ u64 outputAddress = (Output) ? virt_to_phys(Output) : 0;
+ u32 outputAddressHi = outputAddress >> 32;
+ u32 outputAddressLo = outputAddress & 0xFFFFFFFF;
+- volatile void *hypercallPage = gHvContext.HypercallPage;
++ volatile void *hypercallPage = ktva_ktla(gHvContext.HypercallPage);
+
+ DPRINT_DBG(VMBUS, "Hypercall <control %llx input %p output %p>",
+ Control, Input, Output);
diff -urNp linux-2.6.32.15/drivers/staging/panel/panel.c linux-2.6.32.15/drivers/staging/panel/panel.c
--- linux-2.6.32.15/drivers/staging/panel/panel.c 2010-03-15 11:52:04.000000000 -0400
+++ linux-2.6.32.15/drivers/staging/panel/panel.c 2010-05-28 21:27:15.842942312 -0400
@@ -34413,8 +34425,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_alloc.c linux-2.6.32.15/grsecurity/g
+}
diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
--- linux-2.6.32.15/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/gracl.c 2010-05-28 21:27:16.327077893 -0400
-@@ -0,0 +1,3897 @@
++++ linux-2.6.32.15/grsecurity/gracl.c 2010-06-26 14:00:02.982610280 -0400
+@@ -0,0 +1,3899 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -38202,6 +38214,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
+ who have the 'view' subject flag if the RBAC system is enabled
+ */
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+ task = find_task_by_vpid(pid);
+ if (task) {
@@ -38230,6 +38243,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
+ ret = -ENOENT;
+
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+
+ return ret;
+}
@@ -38314,8 +38328,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl.c linux-2.6.32.15/grsecurity/gracl.c
+
diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gracl_cap.c
--- linux-2.6.32.15/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-05-28 21:27:16.327077893 -0400
-@@ -0,0 +1,131 @@
++++ linux-2.6.32.15/grsecurity/gracl_cap.c 2010-06-19 21:06:17.097881201 -0400
+@@ -0,0 +1,138 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -38370,6 +38384,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+ const struct cred *cred = current_cred();
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
++ kernel_cap_t cap_audit = __cap_empty_set;
+
+ if (!gr_acl_is_enabled())
+ return 1;
@@ -38378,6 +38393,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+
+ cap_drop = curracl->cap_lower;
+ cap_mask = curracl->cap_mask;
++ cap_audit = curracl->cap_invert_audit;
+
+ while ((curracl = curracl->parent_subject)) {
+ /* if the cap isn't specified in the current computed mask but is specified in the
@@ -38389,11 +38405,16 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+ cap_raise(cap_mask, cap);
+ if (cap_raised(curracl->cap_lower, cap))
+ cap_raise(cap_drop, cap);
++ if (cap_raised(curracl->cap_invert_audit, cap))
++ cap_raise(cap_audit, cap);
+ }
+ }
+
-+ if (!cap_raised(cap_drop, cap))
++ if (!cap_raised(cap_drop, cap)) {
++ if (cap_raised(cap_audit, cap))
++ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
+ return 1;
++ }
+
+ curracl = task->acl;
+
@@ -38409,7 +38430,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_cap.c linux-2.6.32.15/grsecurity/gra
+ return 1;
+ }
+
-+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap))
++ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
+ return 0;
+}
@@ -39818,8 +39839,8 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_segv.c linux-2.6.32.15/grsecurity/gr
+}
diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gracl_shm.c
--- linux-2.6.32.15/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,37 @@
++++ linux-2.6.32.15/grsecurity/gracl_shm.c 2010-06-26 14:01:55.746591444 -0400
+@@ -0,0 +1,40 @@
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <linux/sched.h>
@@ -39838,6 +39859,7 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra
+ if (!gr_acl_is_enabled())
+ return 1;
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+
+ task = find_task_by_vpid(shm_cprid);
@@ -39850,10 +39872,12 @@ diff -urNp linux-2.6.32.15/grsecurity/gracl_shm.c linux-2.6.32.15/grsecurity/gra
+ (task->acl->mode & GR_PROTSHM) &&
+ (task->acl != current->acl))) {
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
+ return 0;
+ }
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+
+ return 1;
+}
@@ -39882,8 +39906,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chdir.c linux-2.6.32.15/grsecurity/g
+}
diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/grsec_chroot.c
--- linux-2.6.32.15/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,348 @@
++++ linux-2.6.32.15/grsecurity/grsec_chroot.c 2010-06-26 14:05:26.054819575 -0400
+@@ -0,0 +1,355 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -39907,6 +39931,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (likely(!proc_is_chrooted(current)))
+ return 1;
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+
+ spid = find_vpid(pid);
@@ -39917,12 +39942,14 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (unlikely(!have_same_root(current, p))) {
+ gr_fs_read_unlock(p);
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
+ return 0;
+ }
+ gr_fs_read_unlock(p);
+ }
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+#endif
+ return 1;
+}
@@ -40065,6 +40092,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (likely(!proc_is_chrooted(current)))
+ return 1;
+
++ rcu_read_lock();
+ read_lock(&tasklist_lock);
+
+ pid = find_vpid(shm_cprid);
@@ -40077,6 +40105,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
+ gr_fs_read_unlock(p);
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
+ return 0;
+ }
@@ -40090,6 +40119,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ if (unlikely(!have_same_root(current, p))) {
+ gr_fs_read_unlock(p);
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
+ return 0;
+ }
@@ -40098,6 +40128,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_chroot.c linux-2.6.32.15/grsecurity/
+ }
+
+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+#endif
+ return 1;
+}
@@ -40804,8 +40835,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_fork.c linux-2.6.32.15/grsecurity/gr
+}
diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/grsec_init.c
--- linux-2.6.32.15/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,241 @@
++++ linux-2.6.32.15/grsecurity/grsec_init.c 2010-06-27 12:52:54.615758098 -0400
+@@ -0,0 +1,258 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -40814,6 +40845,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+#include <linux/slab.h>
+#include <linux/vmalloc.h>
+#include <linux/percpu.h>
++#include <linux/module.h>
+
+int grsec_enable_link;
+int grsec_enable_dmesg;
@@ -40848,6 +40880,9 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+int grsec_enable_tpe;
+int grsec_tpe_gid;
+int grsec_enable_blackhole;
++#ifdef CONFIG_IPV6_MODULE
++EXPORT_SYMBOL(grsec_enable_blackhole);
++#endif
+int grsec_lastack_retries;
+int grsec_enable_tpe_all;
+int grsec_enable_socket_all;
@@ -40857,6 +40892,7 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+int grsec_enable_socket_server;
+int grsec_socket_server_gid;
+int grsec_resource_logging;
++int grsec_disable_privio;
+int grsec_lock;
+
+DEFINE_SPINLOCK(grsec_alert_lock);
@@ -40928,10 +40964,22 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_init.c linux-2.6.32.15/grsecurity/gr
+ return;
+ }
+
++
++#ifdef CONFIG_GRKERNSEC_IO
++#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
++ grsec_disable_privio = 1;
++#elif defined(CONFIG_GRKERNSEC_SYSCTL_ON)
++ grsec_disable_privio = 1;
++#else
++ grsec_disable_privio = 0;
++#endif
++#endif
++
+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
+#ifndef CONFIG_GRKERNSEC_SYSCTL
+ grsec_lock = 1;
+#endif
++
+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
+ grsec_enable_audit_textrel = 1;
+#endif
@@ -41913,8 +41961,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sock.c linux-2.6.32.15/grsecurity/gr
+}
diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/grsec_sysctl.c
--- linux-2.6.32.15/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,447 @@
++++ linux-2.6.32.15/grsecurity/grsec_sysctl.c 2010-06-19 21:32:37.093947224 -0400
+@@ -0,0 +1,459 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/sysctl.h>
@@ -41940,6 +41988,18 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_sysctl.c linux-2.6.32.15/grsecurity/
+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
+ctl_table grsecurity_table[] = {
+#ifdef CONFIG_GRKERNSEC_SYSCTL
++#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO
++#ifdef CONFIG_GRKERNSEC_IO
++ {
++ .ctl_name = CTL_UNNUMBERED,
++ .procname = "disable_priv_io",
++ .data = &grsec_disable_privio,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++#endif
+#ifdef CONFIG_GRKERNSEC_LINK
+ {
+ .ctl_name = CTL_UNNUMBERED,
@@ -42443,8 +42503,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsec_tpe.c linux-2.6.32.15/grsecurity/grs
+}
diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c
--- linux-2.6.32.15/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/grsum.c 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,59 @@
++++ linux-2.6.32.15/grsecurity/grsum.c 2010-06-26 13:55:39.510774424 -0400
+@@ -0,0 +1,61 @@
+#include <linux/err.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -42470,6 +42530,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c
+ volatile int dummy = 0;
+ unsigned int i;
+
++ sg_init_table(&sg, 1);
++
+ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(tfm)) {
+ /* should never happen, since sha256 should be built in */
@@ -42506,8 +42568,8 @@ diff -urNp linux-2.6.32.15/grsecurity/grsum.c linux-2.6.32.15/grsecurity/grsum.c
+}
diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig
--- linux-2.6.32.15/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/grsecurity/Kconfig 2010-05-28 21:27:16.331240103 -0400
-@@ -0,0 +1,965 @@
++++ linux-2.6.32.15/grsecurity/Kconfig 2010-06-26 14:17:55.584309817 -0400
+@@ -0,0 +1,981 @@
+#
+# grecurity configuration
+#
@@ -43342,7 +43404,7 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig
+ all servers it connects to have this option enabled, consider
+ disabling this feature on the haproxy host.
+
-+ If this option is enabled, two sysctl options with names
++ If the sysctl option is enabled, two sysctl options with names
+ "ip_blackhole" and "lastack_retries" will be created.
+ While "ip_blackhole" takes the standard zero/non-zero on/off
+ toggle, "lastack_retries" uses the same kinds of values as
@@ -43434,6 +43496,22 @@ diff -urNp linux-2.6.32.15/grsecurity/Kconfig linux-2.6.32.15/grsecurity/Kconfig
+ be set to a non-zero value after all the options are set.
+ *THIS IS EXTREMELY IMPORTANT*
+
++config GRKERNSEC_SYSCTL_DISTRO
++ bool "Extra sysctl support for distro makers (READ HELP)"
++ depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO
++ help
++ If you say Y here, additional sysctl options will be created
++ for features that affect processes running as root. Therefore,
++ it is critical when using this option that the grsec_lock entry be
++ enabled after boot. Only distros with prebuilt kernel packages
++ with this option enabled that can ensure grsec_lock is enabled
++ after boot should use this option.
++ *Failure to set grsec_lock after boot makes all grsec features
++ this option covers useless*
++
++ Currently this option creates the following sysctl entries:
++ "Disable Privileged I/O": "disable_priv_io"
++
+config GRKERNSEC_SYSCTL_ON
+ bool "Turn on features by default"
+ depends on GRKERNSEC_SYSCTL
@@ -44679,8 +44757,8 @@ diff -urNp linux-2.6.32.15/include/linux/genhd.h linux-2.6.32.15/include/linux/g
struct blk_integrity *integrity;
diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/gracl.h
--- linux-2.6.32.15/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/gracl.h 2010-05-28 21:27:16.355225759 -0400
-@@ -0,0 +1,309 @@
++++ linux-2.6.32.15/include/linux/gracl.h 2010-06-19 21:06:17.097881201 -0400
+@@ -0,0 +1,310 @@
+#ifndef GR_ACL_H
+#define GR_ACL_H
+
@@ -44692,8 +44770,8 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g
+
+/* Major status information */
+
-+#define GR_VERSION "grsecurity 2.1.14"
-+#define GRSECURITY_VERSION 0x2114
++#define GR_VERSION "grsecurity 2.2.0"
++#define GRSECURITY_VERSION 0x2200
+
+enum {
+ GR_SHUTDOWN = 0,
@@ -44784,6 +44862,7 @@ diff -urNp linux-2.6.32.15/include/linux/gracl.h linux-2.6.32.15/include/linux/g
+ __u32 mode;
+ kernel_cap_t cap_mask;
+ kernel_cap_t cap_lower;
++ kernel_cap_t cap_invert_audit;
+
+ struct rlimit res[GR_NLIMITS];
+ __u32 resmask;
@@ -45145,7 +45224,7 @@ diff -urNp linux-2.6.32.15/include/linux/grdefs.h linux-2.6.32.15/include/linux/
+#endif
diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/linux/grinternal.h
--- linux-2.6.32.15/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/grinternal.h 2010-05-28 21:27:16.355225759 -0400
++++ linux-2.6.32.15/include/linux/grinternal.h 2010-06-19 21:46:05.111766483 -0400
@@ -0,0 +1,215 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -45364,8 +45443,8 @@ diff -urNp linux-2.6.32.15/include/linux/grinternal.h linux-2.6.32.15/include/li
+#endif
diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/grmsg.h
--- linux-2.6.32.15/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/grmsg.h 2010-05-28 21:27:16.355225759 -0400
-@@ -0,0 +1,107 @@
++++ linux-2.6.32.15/include/linux/grmsg.h 2010-06-19 21:06:17.097881201 -0400
+@@ -0,0 +1,108 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -45461,6 +45540,7 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g
+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
+#define GR_CAP_ACL_MSG "use of %s denied for "
++#define GR_CAP_ACL_MSG2 "use of %s permitted for "
+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
+#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
@@ -45475,8 +45555,8 @@ diff -urNp linux-2.6.32.15/include/linux/grmsg.h linux-2.6.32.15/include/linux/g
+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/linux/grsecurity.h
--- linux-2.6.32.15/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.15/include/linux/grsecurity.h 2010-05-28 21:27:16.355225759 -0400
-@@ -0,0 +1,199 @@
++++ linux-2.6.32.15/include/linux/grsecurity.h 2010-06-19 21:45:41.506145931 -0400
+@@ -0,0 +1,200 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -45673,6 +45753,7 @@ diff -urNp linux-2.6.32.15/include/linux/grsecurity.h linux-2.6.32.15/include/li
+ struct vm_area_struct *vma);
+
+extern int grsec_enable_dmesg;
++extern int grsec_disable_privio;
+#endif
+
+#endif
@@ -47637,7 +47718,7 @@ diff -urNp linux-2.6.32.15/init/Kconfig linux-2.6.32.15/init/Kconfig
also breaks ancient binaries (including anything libc5 based).
diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c
--- linux-2.6.32.15/init/main.c 2010-04-04 20:41:50.060586306 -0400
-+++ linux-2.6.32.15/init/main.c 2010-05-28 21:27:16.427051097 -0400
++++ linux-2.6.32.15/init/main.c 2010-06-19 10:03:39.368801195 -0400
@@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void)
#ifdef CONFIG_TC
extern void tc_init(void);
@@ -47653,7 +47734,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+extern void pax_enter_kernel_user(void);
+extern void pax_exit_kernel_user(void);
-+extern pteval_t clone_pgd_mask;
++extern pgdval_t clone_pgd_mask;
+#endif
+
+#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -47675,7 +47756,7 @@ diff -urNp linux-2.6.32.15/init/main.c linux-2.6.32.15/init/main.c
+ *p = 0xc3;
+ p = (char *)pax_exit_kernel_user;
+ *p = 0xc3;
-+ clone_pgd_mask = ~(pteval_t)0UL;
++ clone_pgd_mask = ~(pgdval_t)0UL;
+#endif
+
+ return 0;
@@ -50620,7 +50701,7 @@ diff -urNp linux-2.6.32.15/mm/madvise.c linux-2.6.32.15/mm/madvise.c
goto out;
diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
--- linux-2.6.32.15/mm/memory.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/mm/memory.c 2010-05-28 21:27:16.487251224 -0400
++++ linux-2.6.32.15/mm/memory.c 2010-06-19 10:03:50.012498759 -0400
@@ -48,6 +48,7 @@
#include <linux/ksm.h>
#include <linux/rmap.h>
@@ -50629,7 +50710,33 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
#include <linux/delayacct.h>
#include <linux/init.h>
#include <linux/writeback.h>
-@@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct
+@@ -187,8 +188,12 @@ static inline void free_pmd_range(struct
+ return;
+
+ pmd = pmd_offset(pud, start);
++
++#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_PER_CPU_PGD)
+ pud_clear(pud);
+ pmd_free_tlb(tlb, pmd, start);
++#endif
++
+ }
+
+ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -220,8 +225,12 @@ static inline void free_pud_range(struct
+ return;
+
+ pud = pud_offset(pgd, start);
++
++#if !defined(CONFIG_X86_64) || !defined(CONFIG_PAX_PER_CPU_PGD)
+ pgd_clear(pgd);
+ pud_free_tlb(tlb, pud, start);
++#endif
++
+ }
+
+ /*
+@@ -1251,10 +1260,10 @@ int __get_user_pages(struct task_struct
(VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
i = 0;
@@ -50642,7 +50749,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
if (!vma && in_gate_area(tsk, start)) {
unsigned long pg = start & PAGE_MASK;
struct vm_area_struct *gate_vma = get_gate_vma(tsk);
-@@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct
+@@ -1296,7 +1305,7 @@ int __get_user_pages(struct task_struct
continue;
}
@@ -50651,7 +50758,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct
+@@ -1371,7 +1380,7 @@ int __get_user_pages(struct task_struct
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
@@ -50660,7 +50767,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
return i;
}
-@@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct
+@@ -1967,6 +1976,186 @@ static inline void cow_user_page(struct
copy_user_highpage(dst, src, va, vma);
}
@@ -50847,7 +50954,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2146,6 +2327,12 @@ gotten:
+@@ -2146,6 +2335,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -50860,7 +50967,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter(mm, file_rss);
-@@ -2197,6 +2384,10 @@ gotten:
+@@ -2197,6 +2392,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -50871,7 +50978,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct
+@@ -2594,6 +2793,11 @@ static int do_swap_page(struct mm_struct
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -50883,7 +50990,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock_page(page);
if (flags & FAULT_FLAG_WRITE) {
-@@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct
+@@ -2605,6 +2809,11 @@ static int do_swap_page(struct mm_struct
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, pte);
@@ -50895,7 +51002,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s
+@@ -2628,7 +2837,7 @@ static int do_anonymous_page(struct mm_s
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -50904,7 +51011,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
spinlock_t *ptl;
pte_t entry;
-@@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s
+@@ -2663,6 +2872,11 @@ static int do_anonymous_page(struct mm_s
if (!pte_none(*page_table))
goto release;
@@ -50916,7 +51023,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
inc_mm_counter(mm, anon_rss);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -2670,6 +2876,12 @@ setpte:
+@@ -2670,6 +2884,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, entry);
@@ -50929,7 +51036,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct *
+@@ -2812,6 +3032,12 @@ static int __do_fault(struct mm_struct *
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -50942,7 +51049,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct *
+@@ -2831,6 +3057,14 @@ static int __do_fault(struct mm_struct *
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, entry);
@@ -50957,7 +51064,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
} else {
if (charged)
mem_cgroup_uncharge_page(page);
-@@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc
+@@ -2978,6 +3212,12 @@ static inline int handle_pte_fault(struc
if (flags & FAULT_FLAG_WRITE)
flush_tlb_page(vma, address);
}
@@ -50970,7 +51077,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm
+@@ -2994,6 +3234,10 @@ int handle_mm_fault(struct mm_struct *mm
pmd_t *pmd;
pte_t *pte;
@@ -50981,7 +51088,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm
+@@ -3001,6 +3245,34 @@ int handle_mm_fault(struct mm_struct *mm
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -51016,7 +51123,7 @@ diff -urNp linux-2.6.32.15/mm/memory.c linux-2.6.32.15/mm/memory.c
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void)
+@@ -3098,7 +3370,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -54054,36 +54161,72 @@ diff -urNp linux-2.6.32.15/net/ipv6/raw.c linux-2.6.32.15/net/ipv6/raw.c
{
diff -urNp linux-2.6.32.15/net/ipv6/tcp_ipv6.c linux-2.6.32.15/net/ipv6/tcp_ipv6.c
--- linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-05-28 21:27:16.624385427 -0400
-@@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk
- return 0;
++++ linux-2.6.32.15/net/ipv6/tcp_ipv6.c 2010-06-26 14:14:12.642949877 -0400
+@@ -88,6 +88,10 @@ static struct tcp_md5sig_key *tcp_v6_md5
+ }
+ #endif
- reset:
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-+ if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
++extern int grsec_enable_blackhole;
+#endif
- tcp_v6_send_reset(sk, skb);
- discard:
- if (opt_skb)
-@@ -1700,6 +1703,9 @@ no_tcp_socket:
++
+ static void tcp_v6_hash(struct sock *sk)
+ {
+ if (sk->sk_state != TCP_CLOSE) {
+@@ -1655,12 +1659,20 @@ static int tcp_v6_rcv(struct sk_buff *sk
+ TCP_SKB_CB(skb)->sacked = 0;
+
+ sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
+- if (!sk)
++ if (!sk) {
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++ ret = 1;
++#endif
+ goto no_tcp_socket;
++ }
+
+ process:
+- if (sk->sk_state == TCP_TIME_WAIT)
++ if (sk->sk_state == TCP_TIME_WAIT) {
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++ ret = 2;
++#endif
+ goto do_time_wait;
++ }
+
+ if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
+ goto discard_and_relse;
+@@ -1700,6 +1712,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-+ if (skb->dev->flags & IFF_LOOPBACK)
++ if (!grsec_enable_blackhole || (ret == 1 &&
++ (skb->dev->flags & IFF_LOOPBACK)))
+#endif
tcp_v6_send_reset(NULL, skb);
}
diff -urNp linux-2.6.32.15/net/ipv6/udp.c linux-2.6.32.15/net/ipv6/udp.c
--- linux-2.6.32.15/net/ipv6/udp.c 2010-03-15 11:52:04.000000000 -0400
-+++ linux-2.6.32.15/net/ipv6/udp.c 2010-05-28 21:27:16.631258014 -0400
-@@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
++++ linux-2.6.32.15/net/ipv6/udp.c 2010-06-26 14:15:10.978789054 -0400
+@@ -49,6 +49,10 @@
+ #include <linux/seq_file.h>
+ #include "udp_impl.h"
+
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++extern int grsec_enable_blackhole;
++#endif
++
+ int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
+ {
+ const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
+@@ -587,6 +591,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
proto == IPPROTO_UDPLITE);
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
-+ if (skb->dev->flags & IFF_LOOPBACK)
++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK))
+#endif
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
@@ -55299,7 +55442,7 @@ diff -urNp linux-2.6.32.15/security/Kconfig linux-2.6.32.15/security/Kconfig
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
-+ select PAX_PER_CPU_PGD if X86_64
++ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ help
+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
+ that is, enabling this option will make it harder to inject