diff options
| -rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004071936.patch (renamed from main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004042103.patch) | 282 |
2 files changed, 167 insertions, 121 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 0e93993e..2b81673e 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.11 _kernver=2.6.32 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.1.14-2.6.32.11-201004042103.patch + grsecurity-2.1.14-2.6.32.11-201004071936.patch ip_gre.patch ip_gre2.patch arp.patch @@ -126,7 +126,7 @@ firmware() { md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 855c248334a71ef5ca3d8cb89d51334f patch-2.6.32.11.bz2 -86fc90c3b2821a5dc0df726893c63297 grsecurity-2.1.14-2.6.32.11-201004042103.patch +6eabb0c08a988a97a823b5462d1c5018 grsecurity-2.1.14-2.6.32.11-201004071936.patch 3ef822f3a2723b9a80c3f12954457225 ip_gre.patch 13ca9e91700e459da269c957062bbea7 ip_gre2.patch 4c39a161d918e7f274292ecfd168b891 arp.patch diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004042103.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004071936.patch index 77ce3878..62c446bc 100644 --- a/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004042103.patch +++ b/main/linux-grsec/grsecurity-2.1.14-2.6.32.11-201004071936.patch @@ -6908,6 +6908,21 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/iommu.h linux-2.6.32.11/arch/x86 extern int force_iommu, no_iommu; extern int iommu_detected; extern int iommu_pass_through; +diff -urNp linux-2.6.32.11/arch/x86/include/asm/irqflags.h linux-2.6.32.11/arch/x86/include/asm/irqflags.h +--- linux-2.6.32.11/arch/x86/include/asm/irqflags.h 2010-03-15 11:52:04.000000000 -0400 ++++ linux-2.6.32.11/arch/x86/include/asm/irqflags.h 2010-04-07 19:33:06.601891934 -0400 +@@ -142,6 +142,11 @@ static inline unsigned long __raw_local_ + sti; \ + sysexit + ++#define GET_CR0_INTO_RDI mov %cr0, %rdi ++#define SET_RDI_INTO_CR0 mov %rdi, %cr0 ++#define GET_CR3_INTO_RDI mov %cr3, %rdi ++#define SET_RDI_INTO_CR3 mov %rdi, %cr3 ++ + #else + #define INTERRUPT_RETURN iret + #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit diff -urNp linux-2.6.32.11/arch/x86/include/asm/kvm_host.h linux-2.6.32.11/arch/x86/include/asm/kvm_host.h --- linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.11/arch/x86/include/asm/kvm_host.h 2010-04-04 20:46:41.500459645 -0400 @@ -7210,8 +7225,8 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mman.h linux-2.6.32.11/arch/x86/ #endif /* _ASM_X86_MMAN_H */ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/arch/x86/include/asm/mmu_context.h --- linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-04-04 20:58:33.220592413 -0400 -@@ -24,6 +24,22 @@ void destroy_context(struct mm_struct *m ++++ linux-2.6.32.11/arch/x86/include/asm/mmu_context.h 2010-04-06 22:21:53.692294722 -0400 +@@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) { @@ -7223,18 +7238,17 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/mmu_context.h linux-2.6.32.11/ar + pax_open_kernel(); + pgd = get_cpu_pgd(smp_processor_id()); + for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i) -+#ifdef CONFIG_PARAVIRT -+ set_pgd(pgd+i, native_make_pgd(0)); -+#else -+ pgd[i] = native_make_pgd(0); -+#endif ++ if (paravirt_enabled()) ++ set_pgd(pgd+i, native_make_pgd(0)); ++ else ++ pgd[i] = native_make_pgd(0); + pax_close_kernel(); +#endif + #ifdef CONFIG_SMP if (percpu_read(cpu_tlbstate.state) == TLBSTATE_OK) percpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); -@@ -34,37 +50,96 @@ static inline void switch_mm(struct mm_s +@@ -34,37 +49,96 @@ static inline void switch_mm(struct mm_s struct task_struct *tsk) { unsigned cpu = smp_processor_id(); @@ -7425,7 +7439,7 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/page_64_types.h linux-2.6.32.11/ #define __VIRTUAL_MASK_SHIFT 47 diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/x86/include/asm/paravirt.h --- linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-04-04 20:47:28.952733264 -0400 ++++ linux-2.6.32.11/arch/x86/include/asm/paravirt.h 2010-04-07 16:58:23.343008831 -0400 @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -7457,6 +7471,28 @@ diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt.h linux-2.6.32.11/arch/ #endif #define INTERRUPT_RETURN \ +@@ -1022,6 +1037,21 @@ extern void default_banner(void); + PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ + CLBR_NONE, \ + jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) ++ ++#define GET_CR0_INTO_RDI \ ++ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \ ++ mov %rax,%rdi ++ ++#define SET_RDI_INTO_CR0 \ ++ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0) ++ ++#define GET_CR3_INTO_RDI \ ++ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3); \ ++ mov %rax,%rdi ++ ++#define SET_RDI_INTO_CR3 \ ++ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3) ++ + #endif /* CONFIG_X86_32 */ + + #endif /* __ASSEMBLY__ */ diff -urNp linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h --- linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.11/arch/x86/include/asm/paravirt_types.h 2010-04-04 20:46:41.505526780 -0400 @@ -10641,7 +10677,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_32.S linux-2.6.32.11/arch/x86/k CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/kernel/entry_64.S --- linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-04-04 20:58:33.220592413 -0400 ++++ linux-2.6.32.11/arch/x86/kernel/entry_64.S 2010-04-07 16:58:23.343008831 -0400 @@ -53,6 +53,7 @@ #include <asm/paravirt.h> #include <asm/ftrace.h> @@ -10650,7 +10686,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -174,6 +175,200 @@ ENTRY(native_usergs_sysret64) +@@ -174,6 +175,189 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -10671,16 +10707,13 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k +ENTRY(pax_enter_kernel) + +#ifdef CONFIG_PAX_KERNEXEC -+ push %rax + push %rdi + +#ifdef CONFIG_PARAVIRT -+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) -+ mov %rax,%rdi -+#else -+ mov %cr0,%rdi ++ PV_SAVE_REGS(CLBR_RDI) +#endif ++ ++ GET_CR0_INTO_RDI + bts $16,%rdi + jnc 1f + mov %cs,%edi @@ -10688,17 +10721,14 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k + jz 3f + ljmpq __KERNEL_CS,3f +1: ljmpq __KERNEXEC_KERNEL_CS,2f -+2: -+#ifdef CONFIG_PARAVIRT -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0) -+3: PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+#else -+ mov %rdi,%cr0 ++2: SET_RDI_INTO_CR0 +3: ++ ++#ifdef CONFIG_PARAVIRT ++ PV_RESTORE_REGS(CLBR_RDI) +#endif + + pop %rdi -+ pop %rax +#endif + + retq @@ -10707,34 +10737,26 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k +ENTRY(pax_exit_kernel) + +#ifdef CONFIG_PAX_KERNEXEC -+ push %rax + push %rdi + +#ifdef CONFIG_PARAVIRT -+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) ++ PV_SAVE_REGS(CLBR_RDI) +#endif ++ + mov %cs,%rdi + cmp $__KERNEXEC_KERNEL_CS,%edi + jnz 2f -+#ifdef CONFIG_PARAVIRT -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) -+ mov %rax,%rdi -+#else -+ mov %cr0,%rdi -+#endif ++ GET_CR0_INTO_RDI + btr $16,%rdi + ljmpq __KERNEL_CS,1f -+1: -+#ifdef CONFIG_PARAVIRT -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0) -+2: PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI); -+#else -+ mov %rdi,%cr0 ++1: SET_RDI_INTO_CR0 +2: ++ ++#ifdef CONFIG_PARAVIRT ++ PV_RESTORE_REGS(CLBR_RDI); +#endif + + pop %rdi -+ pop %rax +#endif + + retq @@ -10743,115 +10765,118 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k +ENTRY(pax_enter_kernel_user) + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ push %rax + push %rdi ++ push %rbx + +#ifdef CONFIG_PARAVIRT -+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3) -+#else -+ mov %cr3,%rax ++ PV_SAVE_REGS(CLBR_RDI) +#endif + -+ mov %rax,%rdi -+ add $__START_KERNEL_map,%rax -+ sub phys_base(%rip),%rax ++ GET_CR3_INTO_RDI ++ mov %rdi,%rbx ++ add $__START_KERNEL_map,%rbx ++ sub phys_base(%rip),%rbx + ++#ifdef CONFIG_PARAVIRT ++ push %rdi ++ cmpl $0, pv_info+PARAVIRT_enabled ++ jz 1f + i = 0 + .rept USER_PGD_PTRS -+#ifdef CONFIG_PARAVIRT -+ mov i*8(%rax),%rsi -+ mov $0,$sil -+ lea i*8(%rax),%rdi -+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set+pgd) -+#else -+ movb $0,i*8(%rax) ++ mov i*8(%rbx),%rsi ++ mov $0,%sil ++ lea i*8(%rbx),%rdi ++ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd) ++ i = i + 1 ++ .endr ++ jmp 2f ++1: +#endif ++ ++ i = 0 ++ .rept USER_PGD_PTRS ++ movb $0,i*8(%rbx) + i = i + 1 + .endr + +#ifdef CONFIG_PARAVIRT -+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3) -+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+#else -+ mov %rdi,%cr3 ++2: pop %rdi +#endif ++ SET_RDI_INTO_CR3 + +#ifdef CONFIG_PAX_KERNEXEC -+#ifdef CONFIG_PARAVIRT -+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) -+ mov %rax,%rdi -+#else -+ mov %cr0,%rdi -+#endif ++ GET_CR0_INTO_RDI + bts $16,%rdi -+#ifdef CONFIG_PARAVIRT -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0) -+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+#else -+ mov %rdi,%cr0 ++ SET_RDI_INTO_CR0 +#endif ++ ++#ifdef CONFIG_PARAVIRT ++ PV_RESTORE_REGS(CLBR_RDI) +#endif + ++ pop %rbx + pop %rdi -+ pop %rax +#endif + + retq +ENDPROC(pax_enter_kernel_user) + +ENTRY(pax_exit_kernel_user) -+ push %rax ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF + push %rdi + -+#ifdef CONFIG_PAX_KERNEXEC +#ifdef CONFIG_PARAVIRT -+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0) -+ mov %rax,%rdi -+#else -+ mov %cr0,%rdi ++ push %rbx ++ PV_SAVE_REGS(CLBR_RDI) +#endif ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ GET_CR0_INTO_RDI + btr $16,%rdi -+#ifdef CONFIG_PARAVIRT -+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0) -+ PV_RESTORE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+#else -+ mov %rdi,%cr0 -+#endif ++ SET_RDI_INTO_CR0 +#endif + ++ GET_CR3_INTO_RDI ++ add $__START_KERNEL_map,%rdi ++ sub phys_base(%rip),%rdi ++ +#ifdef CONFIG_PARAVIRT -+ PV_SAVE_REGS(CLBR_NONE | CLBR_RAX | CLBR_RDI) -+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3) -+#else -+ mov %cr3,%rax ++ cmpl $0, pv_info+PARAVIRT_enabled ++ jz 1f ++ mov %rdi,%rbx ++ i = 0 ++ .rept USER_PGD_PTRS ++ mov i*8(%rbx),%rsi ++ mov $0x67,%sil ++ lea i*8(%rbx),%rdi ++ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd) ++ i = i + 1 ++ .endr ++ jmp 2f ++1: +#endif -+ add $__START_KERNEL_map,%rax -+ sub phys_base(%rip),%rax + + i = 0 + .rept USER_PGD_PTRS -+#ifdef CONFIG_PARAVIRT -+ mov i*8(%rax),%rsi -+ mov $0x67,$sil -+ lea i*8(%rax),%rdi -+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set+pgd) -+#else -+ movb $0x67,i*8(%rax) -+#endif ++ movb $0x67,i*8(%rdi) + i = i + 1 + .endr + ++#ifdef CONFIG_PARAVIRT ++2: PV_RESTORE_REGS(CLBR_RDI) ++ pop %rbx ++#endif ++ + pop %rdi -+ pop %rax ++#endif ++ + retq +ENDPROC(pax_exit_kernel_user) .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -468,6 +663,11 @@ ENTRY(system_call_after_swapgs) +@@ -468,6 +652,11 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -10863,7 +10888,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k /* * No need to follow this irqs off/on section - it's straight * and short: -@@ -502,6 +702,11 @@ sysret_check: +@@ -502,6 +691,11 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -10875,7 +10900,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k /* * sysretq will re-enable interrupts: */ -@@ -800,7 +1005,16 @@ END(interrupt) +@@ -800,7 +994,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET 10*8 call save_args PARTIAL_FRAME 0 @@ -10893,7 +10918,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k .endm /* -@@ -844,12 +1058,18 @@ retint_swapgs: /* return to user-space +@@ -844,12 +1047,18 @@ retint_swapgs: /* return to user-space * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -10912,7 +10937,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k /* * The iretq could re-enable interrupts: */ -@@ -1032,7 +1252,16 @@ ENTRY(\sym) +@@ -1032,7 +1241,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET 15*8 call error_entry DEFAULT_FRAME 0 @@ -10930,7 +10955,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k xorl %esi,%esi /* no error code */ call \do_sym jmp error_exit /* %ebx: no swapgs flag */ -@@ -1049,7 +1278,16 @@ ENTRY(\sym) +@@ -1049,7 +1267,16 @@ ENTRY(\sym) subq $15*8, %rsp call save_paranoid TRACE_IRQS_OFF @@ -10948,7 +10973,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k xorl %esi,%esi /* no error code */ call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ -@@ -1066,9 +1304,23 @@ ENTRY(\sym) +@@ -1066,9 +1293,23 @@ ENTRY(\sym) subq $15*8, %rsp call save_paranoid TRACE_IRQS_OFF @@ -10974,7 +10999,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) call \do_sym addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp) -@@ -1085,7 +1337,16 @@ ENTRY(\sym) +@@ -1085,7 +1326,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET 15*8 call error_entry DEFAULT_FRAME 0 @@ -10992,7 +11017,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ call \do_sym -@@ -1104,7 +1365,16 @@ ENTRY(\sym) +@@ -1104,7 +1354,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -11010,7 +11035,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ call \do_sym -@@ -1408,11 +1678,13 @@ ENTRY(paranoid_exit) +@@ -1408,11 +1667,13 @@ ENTRY(paranoid_exit) testl $3,CS(%rsp) jnz paranoid_userspace paranoid_swapgs: @@ -11024,7 +11049,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 jmp irq_return -@@ -1529,6 +1801,16 @@ ENTRY(nmi) +@@ -1529,6 +1790,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET 15*8 call save_paranoid DEFAULT_FRAME 0 @@ -11041,7 +11066,7 @@ diff -urNp linux-2.6.32.11/arch/x86/kernel/entry_64.S linux-2.6.32.11/arch/x86/k /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1544,6 +1826,7 @@ ENTRY(nmi) +@@ -1544,6 +1815,7 @@ ENTRY(nmi) nmi_swapgs: SWAPGS_UNSAFE_STACK nmi_restore: @@ -30825,6 +30850,18 @@ diff -urNp linux-2.6.32.11/fs/hfsplus/inode.c linux-2.6.32.11/fs/hfsplus/inode.c hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, sizeof(struct hfsplus_cat_file)); hfsplus_inode_write_fork(inode, &file->data_fork); +diff -urNp linux-2.6.32.11/fs/hugetlbfs/inode.c linux-2.6.32.11/fs/hugetlbfs/inode.c +--- linux-2.6.32.11/fs/hugetlbfs/inode.c 2010-03-15 11:52:04.000000000 -0400 ++++ linux-2.6.32.11/fs/hugetlbfs/inode.c 2010-04-06 22:13:08.677504702 -0400 +@@ -909,7 +909,7 @@ static struct file_system_type hugetlbfs + .kill_sb = kill_litter_super, + }; + +-static struct vfsmount *hugetlbfs_vfsmount; ++struct vfsmount *hugetlbfs_vfsmount; + + static int can_do_hugetlb_shm(void) + { diff -urNp linux-2.6.32.11/fs/ioctl.c linux-2.6.32.11/fs/ioctl.c --- linux-2.6.32.11/fs/ioctl.c 2010-03-15 11:52:04.000000000 -0400 +++ linux-2.6.32.11/fs/ioctl.c 2010-04-04 20:46:41.653544810 -0400 @@ -33684,8 +33721,8 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl_alloc.c linux-2.6.32.11/grsecurity/g +} diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c --- linux-2.6.32.11/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.11/grsecurity/gracl.c 2010-04-04 20:46:41.668784531 -0400 -@@ -0,0 +1,3917 @@ ++++ linux-2.6.32.11/grsecurity/gracl.c 2010-04-06 22:16:21.600343588 -0400 +@@ -0,0 +1,3924 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -33764,6 +33801,10 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c +extern struct vfsmount *sock_mnt; +extern struct vfsmount *pipe_mnt; +extern struct vfsmount *shm_mnt; ++#ifdef CONFIG_HUGETLBFS ++extern struct vfsmount *hugetlbfs_vfsmount; ++#endif ++ +static struct acl_object_label *fakefs_obj; + +extern int gr_init_uidset(void); @@ -35479,6 +35520,9 @@ diff -urNp linux-2.6.32.11/grsecurity/gracl.c linux-2.6.32.11/grsecurity/gracl.c + spin_lock(&dcache_lock); + + if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt || ++#ifdef CONFIG_HUGETLBFS ++ mnt == hugetlbfs_vfsmount || ++#endif + /* ignore Eric Biederman */ + IS_PRIVATE(l_dentry->d_inode))) { + retval = fakefs_obj; @@ -47655,7 +47699,7 @@ diff -urNp linux-2.6.32.11/kernel/hrtimer.c linux-2.6.32.11/kernel/hrtimer.c } diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c --- linux-2.6.32.11/kernel/kallsyms.c 2010-03-15 11:52:04.000000000 -0400 -+++ linux-2.6.32.11/kernel/kallsyms.c 2010-04-04 20:46:41.693491350 -0400 ++++ linux-2.6.32.11/kernel/kallsyms.c 2010-04-06 22:21:53.692294722 -0400 @@ -11,6 +11,9 @@ * Changed the compression method from stem compression to "table lookup" * compression (see scripts/kallsyms.c for a more complete description) @@ -47676,7 +47720,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c if (addr >= (unsigned long)_sinittext && addr <= (unsigned long)_einittext) return 1; -@@ -67,6 +73,24 @@ static inline int is_kernel_text(unsigne +@@ -67,6 +73,26 @@ static inline int is_kernel_text(unsigne static inline int is_kernel(unsigned long addr) { @@ -47684,8 +47728,10 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c + return 1; + +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#ifdef CONFIG_MODULES + if ((unsigned long)MODULES_EXEC_VADDR <= ktla_ktva(addr) && ktla_ktva(addr) <= (unsigned long)MODULES_EXEC_END) + return 0; ++#endif + + if (is_kernel_text(addr)) + return 1; @@ -47701,7 +47747,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end) return 1; return in_gate_area_no_task(addr); -@@ -413,7 +437,6 @@ static unsigned long get_ksymbol_core(st +@@ -413,7 +439,6 @@ static unsigned long get_ksymbol_core(st static void reset_iter(struct kallsym_iter *iter, loff_t new_pos) { @@ -47709,7 +47755,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c iter->nameoff = get_symbol_offset(new_pos); iter->pos = new_pos; } -@@ -461,6 +484,11 @@ static int s_show(struct seq_file *m, vo +@@ -461,6 +486,11 @@ static int s_show(struct seq_file *m, vo { struct kallsym_iter *iter = m->private; @@ -47721,7 +47767,7 @@ diff -urNp linux-2.6.32.11/kernel/kallsyms.c linux-2.6.32.11/kernel/kallsyms.c /* Some debugging symbols have no name. Ignore them. */ if (!iter->name[0]) return 0; -@@ -501,7 +529,7 @@ static int kallsyms_open(struct inode *i +@@ -501,7 +531,7 @@ static int kallsyms_open(struct inode *i struct kallsym_iter *iter; int ret; |