Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.39/, 2.6.32/
Date: Tue, 05 Jul 2011 02:25:56
Message-Id: 694b56591453a2987d6633230abe447a7c7ecd61.blueness@gentoo
1 commit: 694b56591453a2987d6633230abe447a7c7ecd61
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Tue Jul 5 02:24:44 2011 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Tue Jul 5 02:24:44 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=694b5659
7
8 Update Grsec/PaX
9 2.2.2-2.6.32.42-201107011911
10 2.2.2-2.6.39.2-201107011911
11
12 ---
13 2.6.32/0000_README | 2 +-
14 ..._grsecurity-2.2.2-2.6.32.42-201107011911.patch} | 664 ++++++++++++++++++--
15 2.6.39/0000_README | 2 +-
16 ...0_grsecurity-2.2.2-2.6.39.2-201107011911.patch} | 247 +++++++-
17 4 files changed, 832 insertions(+), 83 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 03320de..73ac723 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -3,7 +3,7 @@ README
24
25 Individual Patch Descriptions:
26 -----------------------------------------------------------------------------
27 -Patch: 4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch
28 +Patch: 4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch
36 rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
37 index d0d2a83..568fb06 100644
38 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch
39 +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
40 @@ -325,8 +325,43 @@ diff -urNp linux-2.6.32.42/arch/arm/include/asm/kmap_types.h linux-2.6.32.42/arc
41
42 diff -urNp linux-2.6.32.42/arch/arm/include/asm/uaccess.h linux-2.6.32.42/arch/arm/include/asm/uaccess.h
43 --- linux-2.6.32.42/arch/arm/include/asm/uaccess.h 2011-03-27 14:31:47.000000000 -0400
44 -+++ linux-2.6.32.42/arch/arm/include/asm/uaccess.h 2011-04-17 15:56:45.000000000 -0400
45 -@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
46 ++++ linux-2.6.32.42/arch/arm/include/asm/uaccess.h 2011-06-29 21:02:24.000000000 -0400
47 +@@ -22,6 +22,8 @@
48 + #define VERIFY_READ 0
49 + #define VERIFY_WRITE 1
50 +
51 ++extern void check_object_size(const void *ptr, unsigned long n, bool to);
52 ++
53 + /*
54 + * The exception table consists of pairs of addresses: the first is the
55 + * address of an instruction that is allowed to fault, and the second is
56 +@@ -387,8 +389,23 @@ do { \
57 +
58 +
59 + #ifdef CONFIG_MMU
60 +-extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
61 +-extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
62 ++extern unsigned long __must_check ___copy_from_user(void *to, const void __user *from, unsigned long n);
63 ++extern unsigned long __must_check ___copy_to_user(void __user *to, const void *from, unsigned long n);
64 ++
65 ++static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
66 ++{
67 ++ if (!__builtin_constant_p(n))
68 ++ check_object_size(to, n, false);
69 ++ return ___copy_from_user(to, from, n);
70 ++}
71 ++
72 ++static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
73 ++{
74 ++ if (!__builtin_constant_p(n))
75 ++ check_object_size(from, n, true);
76 ++ return ___copy_to_user(to, from, n);
77 ++}
78 ++
79 + extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
80 + extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
81 + extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
82 +@@ -403,6 +420,9 @@ extern unsigned long __must_check __strn
83
84 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
85 {
86 @@ -336,7 +371,7 @@ diff -urNp linux-2.6.32.42/arch/arm/include/asm/uaccess.h linux-2.6.32.42/arch/a
87 if (access_ok(VERIFY_READ, from, n))
88 n = __copy_from_user(to, from, n);
89 else /* security hole - plug it */
90 -@@ -412,6 +415,9 @@ static inline unsigned long __must_check
91 +@@ -412,6 +432,9 @@ static inline unsigned long __must_check
92
93 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
94 {
95 @@ -379,6 +414,126 @@ diff -urNp linux-2.6.32.42/arch/arm/kernel/traps.c linux-2.6.32.42/arch/arm/kern
96 do_exit(SIGSEGV);
97 }
98
99 +diff -urNp linux-2.6.32.42/arch/arm/lib/copy_from_user.S linux-2.6.32.42/arch/arm/lib/copy_from_user.S
100 +--- linux-2.6.32.42/arch/arm/lib/copy_from_user.S 2011-03-27 14:31:47.000000000 -0400
101 ++++ linux-2.6.32.42/arch/arm/lib/copy_from_user.S 2011-06-29 20:48:38.000000000 -0400
102 +@@ -16,7 +16,7 @@
103 + /*
104 + * Prototype:
105 + *
106 +- * size_t __copy_from_user(void *to, const void *from, size_t n)
107 ++ * size_t ___copy_from_user(void *to, const void *from, size_t n)
108 + *
109 + * Purpose:
110 + *
111 +@@ -84,11 +84,11 @@
112 +
113 + .text
114 +
115 +-ENTRY(__copy_from_user)
116 ++ENTRY(___copy_from_user)
117 +
118 + #include "copy_template.S"
119 +
120 +-ENDPROC(__copy_from_user)
121 ++ENDPROC(___copy_from_user)
122 +
123 + .section .fixup,"ax"
124 + .align 0
125 +diff -urNp linux-2.6.32.42/arch/arm/lib/copy_to_user.S linux-2.6.32.42/arch/arm/lib/copy_to_user.S
126 +--- linux-2.6.32.42/arch/arm/lib/copy_to_user.S 2011-03-27 14:31:47.000000000 -0400
127 ++++ linux-2.6.32.42/arch/arm/lib/copy_to_user.S 2011-06-29 20:46:49.000000000 -0400
128 +@@ -16,7 +16,7 @@
129 + /*
130 + * Prototype:
131 + *
132 +- * size_t __copy_to_user(void *to, const void *from, size_t n)
133 ++ * size_t ___copy_to_user(void *to, const void *from, size_t n)
134 + *
135 + * Purpose:
136 + *
137 +@@ -88,11 +88,11 @@
138 + .text
139 +
140 + ENTRY(__copy_to_user_std)
141 +-WEAK(__copy_to_user)
142 ++WEAK(___copy_to_user)
143 +
144 + #include "copy_template.S"
145 +
146 +-ENDPROC(__copy_to_user)
147 ++ENDPROC(___copy_to_user)
148 +
149 + .section .fixup,"ax"
150 + .align 0
151 +diff -urNp linux-2.6.32.42/arch/arm/lib/uaccess.S linux-2.6.32.42/arch/arm/lib/uaccess.S
152 +--- linux-2.6.32.42/arch/arm/lib/uaccess.S 2011-03-27 14:31:47.000000000 -0400
153 ++++ linux-2.6.32.42/arch/arm/lib/uaccess.S 2011-06-29 20:48:53.000000000 -0400
154 +@@ -19,7 +19,7 @@
155 +
156 + #define PAGE_SHIFT 12
157 +
158 +-/* Prototype: int __copy_to_user(void *to, const char *from, size_t n)
159 ++/* Prototype: int ___copy_to_user(void *to, const char *from, size_t n)
160 + * Purpose : copy a block to user memory from kernel memory
161 + * Params : to - user memory
162 + * : from - kernel memory
163 +@@ -39,7 +39,7 @@ USER( strgtbt r3, [r0], #1) @ May fau
164 + sub r2, r2, ip
165 + b .Lc2u_dest_aligned
166 +
167 +-ENTRY(__copy_to_user)
168 ++ENTRY(___copy_to_user)
169 + stmfd sp!, {r2, r4 - r7, lr}
170 + cmp r2, #4
171 + blt .Lc2u_not_enough
172 +@@ -277,14 +277,14 @@ USER( strgebt r3, [r0], #1) @ May fau
173 + ldrgtb r3, [r1], #0
174 + USER( strgtbt r3, [r0], #1) @ May fault
175 + b .Lc2u_finished
176 +-ENDPROC(__copy_to_user)
177 ++ENDPROC(___copy_to_user)
178 +
179 + .section .fixup,"ax"
180 + .align 0
181 + 9001: ldmfd sp!, {r0, r4 - r7, pc}
182 + .previous
183 +
184 +-/* Prototype: unsigned long __copy_from_user(void *to,const void *from,unsigned long n);
185 ++/* Prototype: unsigned long ___copy_from_user(void *to,const void *from,unsigned long n);
186 + * Purpose : copy a block from user memory to kernel memory
187 + * Params : to - kernel memory
188 + * : from - user memory
189 +@@ -303,7 +303,7 @@ USER( ldrgtbt r3, [r1], #1) @ May fau
190 + sub r2, r2, ip
191 + b .Lcfu_dest_aligned
192 +
193 +-ENTRY(__copy_from_user)
194 ++ENTRY(___copy_from_user)
195 + stmfd sp!, {r0, r2, r4 - r7, lr}
196 + cmp r2, #4
197 + blt .Lcfu_not_enough
198 +@@ -543,7 +543,7 @@ USER( ldrgebt r3, [r1], #1) @ May fau
199 + USER( ldrgtbt r3, [r1], #1) @ May fault
200 + strgtb r3, [r0], #1
201 + b .Lcfu_finished
202 +-ENDPROC(__copy_from_user)
203 ++ENDPROC(___copy_from_user)
204 +
205 + .section .fixup,"ax"
206 + .align 0
207 +diff -urNp linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c
208 +--- linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c 2011-03-27 14:31:47.000000000 -0400
209 ++++ linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c 2011-06-29 20:44:35.000000000 -0400
210 +@@ -97,7 +97,7 @@ out:
211 + }
212 +
213 + unsigned long
214 +-__copy_to_user(void __user *to, const void *from, unsigned long n)
215 ++___copy_to_user(void __user *to, const void *from, unsigned long n)
216 + {
217 + /*
218 + * This test is stubbed out of the main function above to keep
219 diff -urNp linux-2.6.32.42/arch/arm/mach-at91/pm.c linux-2.6.32.42/arch/arm/mach-at91/pm.c
220 --- linux-2.6.32.42/arch/arm/mach-at91/pm.c 2011-03-27 14:31:47.000000000 -0400
221 +++ linux-2.6.32.42/arch/arm/mach-at91/pm.c 2011-04-17 15:56:45.000000000 -0400
222 @@ -6003,7 +6158,7 @@ diff -urNp linux-2.6.32.42/arch/x86/boot/compressed/head_32.S linux-2.6.32.42/ar
223 2:
224 diff -urNp linux-2.6.32.42/arch/x86/boot/compressed/head_64.S linux-2.6.32.42/arch/x86/boot/compressed/head_64.S
225 --- linux-2.6.32.42/arch/x86/boot/compressed/head_64.S 2011-03-27 14:31:47.000000000 -0400
226 -+++ linux-2.6.32.42/arch/x86/boot/compressed/head_64.S 2011-04-17 15:56:46.000000000 -0400
227 ++++ linux-2.6.32.42/arch/x86/boot/compressed/head_64.S 2011-07-01 18:53:00.000000000 -0400
228 @@ -91,7 +91,7 @@ ENTRY(startup_32)
229 notl %eax
230 andl %eax, %ebx
231 @@ -6013,6 +6168,15 @@ diff -urNp linux-2.6.32.42/arch/x86/boot/compressed/head_64.S linux-2.6.32.42/ar
232 #endif
233
234 /* Target address to relocate to for decompression */
235 +@@ -183,7 +183,7 @@ no_longmode:
236 + hlt
237 + jmp 1b
238 +
239 +-#include "../../kernel/verify_cpu_64.S"
240 ++#include "../../kernel/verify_cpu.S"
241 +
242 + /*
243 + * Be careful here startup_64 needs to be at a predictable
244 @@ -234,7 +234,7 @@ ENTRY(startup_64)
245 notq %rax
246 andq %rax, %rbp
247 @@ -9945,7 +10109,7 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/segment.h linux-2.6.32.42/arch/x
248 #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS* 8 + 3)
249 diff -urNp linux-2.6.32.42/arch/x86/include/asm/smp.h linux-2.6.32.42/arch/x86/include/asm/smp.h
250 --- linux-2.6.32.42/arch/x86/include/asm/smp.h 2011-03-27 14:31:47.000000000 -0400
251 -+++ linux-2.6.32.42/arch/x86/include/asm/smp.h 2011-04-17 15:56:46.000000000 -0400
252 ++++ linux-2.6.32.42/arch/x86/include/asm/smp.h 2011-07-01 19:00:40.000000000 -0400
253 @@ -24,7 +24,7 @@ extern unsigned int num_processors;
254 DECLARE_PER_CPU(cpumask_var_t, cpu_sibling_map);
255 DECLARE_PER_CPU(cpumask_var_t, cpu_core_map);
256 @@ -9955,7 +10119,19 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/smp.h linux-2.6.32.42/arch/x86/i
257
258 static inline struct cpumask *cpu_sibling_mask(int cpu)
259 {
260 -@@ -175,14 +175,8 @@ extern unsigned disabled_cpus __cpuinitd
261 +@@ -40,10 +40,7 @@ DECLARE_EARLY_PER_CPU(u16, x86_cpu_to_ap
262 + DECLARE_EARLY_PER_CPU(u16, x86_bios_cpu_apicid);
263 +
264 + /* Static state in head.S used to set up a CPU */
265 +-extern struct {
266 +- void *sp;
267 +- unsigned short ss;
268 +-} stack_start;
269 ++extern unsigned long stack_start; /* Initial stack pointer address */
270 +
271 + struct smp_ops {
272 + void (*smp_prepare_boot_cpu)(void);
273 +@@ -175,14 +172,8 @@ extern unsigned disabled_cpus __cpuinitd
274 extern int safe_smp_processor_id(void);
275
276 #elif defined(CONFIG_X86_64_SMP)
277 @@ -11199,8 +11375,18 @@ diff -urNp linux-2.6.32.42/arch/x86/Kconfig.debug linux-2.6.32.42/arch/x86/Kconf
278 in order to catch accidental (and incorrect) writes to such const
279 diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S
280 --- linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S 2011-03-27 14:31:47.000000000 -0400
281 -+++ linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S 2011-04-17 15:56:46.000000000 -0400
282 -@@ -104,7 +104,7 @@ _start:
283 ++++ linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S 2011-07-01 18:53:40.000000000 -0400
284 +@@ -91,6 +91,9 @@ _start:
285 + /* Do any other stuff... */
286 +
287 + #ifndef CONFIG_64BIT
288 ++ /* Recheck NX bit overrides (64bit path does this in trampoline) */
289 ++ call verify_cpu
290 ++
291 + /* This could also be done in C code... */
292 + movl pmode_cr3, %eax
293 + movl %eax, %cr3
294 +@@ -104,7 +107,7 @@ _start:
295 movl %eax, %ecx
296 orl %edx, %ecx
297 jz 1f
298 @@ -11209,9 +11395,17 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.4
299 wrmsr
300 1:
301
302 +@@ -114,6 +117,7 @@ _start:
303 + movl pmode_cr0, %eax
304 + movl %eax, %cr0
305 + jmp pmode_return
306 ++# include "../../verify_cpu.S"
307 + #else
308 + pushw $0
309 + pushw trampoline_segment
310 diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c
311 --- linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c 2011-03-27 14:31:47.000000000 -0400
312 -+++ linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c 2011-04-17 15:56:46.000000000 -0400
313 ++++ linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c 2011-07-01 19:01:34.000000000 -0400
314 @@ -11,11 +11,12 @@
315 #include <linux/cpumask.h>
316 #include <asm/segment.h>
317 @@ -11226,10 +11420,12 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c linux-2.6.32.42/arch/x86
318 unsigned long acpi_realmode_flags;
319
320 /* address in low memory of the wakeup routine. */
321 -@@ -99,8 +100,12 @@ int acpi_save_state_mem(void)
322 +@@ -98,9 +99,13 @@ int acpi_save_state_mem(void)
323 + #else /* CONFIG_64BIT */
324 header->trampoline_segment = setup_trampoline() >> 4;
325 #ifdef CONFIG_SMP
326 - stack_start.sp = temp_stack + sizeof(temp_stack);
327 +- stack_start.sp = temp_stack + sizeof(temp_stack);
328 ++ stack_start = (unsigned long)temp_stack + sizeof(temp_stack);
329 +
330 + pax_open_kernel();
331 early_gdt_descr.address =
332 @@ -13796,7 +13992,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head32.c linux-2.6.32.42/arch/x86/ker
333 /* Reserve INITRD */
334 diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/kernel/head_32.S
335 --- linux-2.6.32.42/arch/x86/kernel/head_32.S 2011-03-27 14:31:47.000000000 -0400
336 -+++ linux-2.6.32.42/arch/x86/kernel/head_32.S 2011-04-17 15:56:46.000000000 -0400
337 ++++ linux-2.6.32.42/arch/x86/kernel/head_32.S 2011-07-01 19:09:03.000000000 -0400
338 @@ -19,10 +19,17 @@
339 #include <asm/setup.h>
340 #include <asm/processor-flags.h>
341 @@ -13841,7 +14037,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
342 * 32-bit kernel entrypoint; only used by the boot CPU. On entry,
343 * %esi points to the real-mode code as a 32-bit pointer.
344 * CS and DS must be 4 GB flat segments, but we don't depend on
345 -@@ -80,6 +89,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
346 +@@ -80,7 +89,16 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
347 * can.
348 */
349 __HEAD
350 @@ -13853,12 +14049,19 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
351 +#endif
352 +
353 ENTRY(startup_32)
354 ++ movl pa(stack_start),%ecx
355 ++
356 /* test KEEP_SEGMENTS flag to see if the bootloader is asking
357 us to not reload segments */
358 -@@ -97,6 +113,57 @@ ENTRY(startup_32)
359 + testb $(1<<6), BP_loadflags(%esi)
360 +@@ -95,7 +113,60 @@ ENTRY(startup_32)
361 + movl %eax,%es
362 + movl %eax,%fs
363 movl %eax,%gs
364 ++ movl %eax,%ss
365 2:
366 -
367 ++ leal -__PAGE_OFFSET(%ecx),%esp
368 ++
369 +#ifdef CONFIG_SMP
370 + movl $pa(cpu_gdt_table),%edi
371 + movl $__per_cpu_load,%eax
372 @@ -13909,11 +14112,10 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
373 + addl $PAGE_SIZE_asm,%edi
374 + loop 1b
375 +#endif
376 -+
377 +
378 /*
379 * Clear BSS first so that there are no surprises...
380 - */
381 -@@ -140,9 +207,7 @@ ENTRY(startup_32)
382 +@@ -140,9 +211,7 @@ ENTRY(startup_32)
383 cmpl $num_subarch_entries, %eax
384 jae bad_subarch
385
386 @@ -13924,7 +14126,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
387
388 bad_subarch:
389 WEAK(lguest_entry)
390 -@@ -154,10 +219,10 @@ WEAK(xen_entry)
391 +@@ -154,10 +223,10 @@ WEAK(xen_entry)
392 __INITDATA
393
394 subarch_entries:
395 @@ -13939,7 +14141,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
396 num_subarch_entries = (. - subarch_entries) / 4
397 .previous
398 #endif /* CONFIG_PARAVIRT */
399 -@@ -218,8 +283,11 @@ default_entry:
400 +@@ -218,8 +287,11 @@ default_entry:
401 movl %eax, pa(max_pfn_mapped)
402
403 /* Do early initialization of the fixmap area */
404 @@ -13953,7 +14155,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
405 #else /* Not PAE */
406
407 page_pde_offset = (__PAGE_OFFSET >> 20);
408 -@@ -249,8 +317,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
409 +@@ -249,8 +321,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
410 movl %eax, pa(max_pfn_mapped)
411
412 /* Do early initialization of the fixmap area */
413 @@ -13967,7 +14169,17 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
414 #endif
415 jmp 3f
416 /*
417 -@@ -297,6 +368,7 @@ ENTRY(startup_32_smp)
418 +@@ -272,6 +347,9 @@ ENTRY(startup_32_smp)
419 + movl %eax,%es
420 + movl %eax,%fs
421 + movl %eax,%gs
422 ++ movl pa(stack_start),%ecx
423 ++ movl %eax,%ss
424 ++ leal -__PAGE_OFFSET(%ecx),%esp
425 + #endif /* CONFIG_SMP */
426 + 3:
427 +
428 +@@ -297,6 +375,7 @@ ENTRY(startup_32_smp)
429 orl %edx,%eax
430 movl %eax,%cr4
431
432 @@ -13975,7 +14187,18 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
433 btl $5, %eax # check if PAE is enabled
434 jnc 6f
435
436 -@@ -312,13 +384,17 @@ ENTRY(startup_32_smp)
437 +@@ -305,6 +384,10 @@ ENTRY(startup_32_smp)
438 + cpuid
439 + cmpl $0x80000000, %eax
440 + jbe 6f
441 ++
442 ++ /* Clear bogus XD_DISABLE bits */
443 ++ call verify_cpu
444 ++
445 + mov $0x80000001, %eax
446 + cpuid
447 + /* Execute Disable bit supported? */
448 +@@ -312,13 +395,17 @@ ENTRY(startup_32_smp)
449 jnc 6f
450
451 /* Setup EFER (Extended Feature Enable Register) */
452 @@ -13994,18 +14217,29 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
453 6:
454
455 /*
456 -@@ -344,9 +420,7 @@ ENTRY(startup_32_smp)
457 +@@ -331,8 +418,8 @@ ENTRY(startup_32_smp)
458 + movl %eax,%cr0 /* ..and set paging (PG) bit */
459 + ljmp $__BOOT_CS,$1f /* Clear prefetch and normalize %eip */
460 + 1:
461 +- /* Set up the stack pointer */
462 +- lss stack_start,%esp
463 ++ /* Shift the stack pointer to a virtual address */
464 ++ addl $__PAGE_OFFSET, %esp
465 +
466 + /*
467 + * Initialize eflags. Some BIOS's leave bits like NT set. This would
468 +@@ -344,9 +431,7 @@ ENTRY(startup_32_smp)
469
470 #ifdef CONFIG_SMP
471 cmpb $0, ready
472 - jz 1f /* Initial CPU cleans BSS */
473 - jmp checkCPUtype
474 -1:
475 -+ jnz checkCPUtype /* Initial CPU cleans BSS */
476 ++ jnz checkCPUtype
477 #endif /* CONFIG_SMP */
478
479 /*
480 -@@ -424,7 +498,7 @@ is386: movl $2,%ecx # set MP
481 +@@ -424,7 +509,7 @@ is386: movl $2,%ecx # set MP
482 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
483 movl %eax,%ss # after changing gdt.
484
485 @@ -14014,7 +14248,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
486 movl %eax,%ds
487 movl %eax,%es
488
489 -@@ -438,15 +512,22 @@ is386: movl $2,%ecx # set MP
490 +@@ -438,15 +523,22 @@ is386: movl $2,%ecx # set MP
491 */
492 cmpb $0,ready
493 jne 1f
494 @@ -14039,18 +14273,22 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
495 movl %eax,%gs
496
497 xorl %eax,%eax # Clear LDT
498 -@@ -457,10 +538,6 @@ is386: movl $2,%ecx # set MP
499 - #ifdef CONFIG_SMP
500 - movb ready, %cl
501 +@@ -454,14 +546,7 @@ is386: movl $2,%ecx # set MP
502 +
503 + cld # gcc2 wants the direction flag cleared at all times
504 + pushl $0 # fake return address for unwinder
505 +-#ifdef CONFIG_SMP
506 +- movb ready, %cl
507 movb $1, ready
508 - cmpb $0,%cl # the first CPU calls start_kernel
509 - je 1f
510 - movl (stack_start), %esp
511 -1:
512 - #endif /* CONFIG_SMP */
513 +-#endif /* CONFIG_SMP */
514 jmp *(initial_code)
515
516 -@@ -546,22 +623,22 @@ early_page_fault:
517 + /*
518 +@@ -546,22 +631,22 @@ early_page_fault:
519 jmp early_fault
520
521 early_fault:
522 @@ -14078,7 +14316,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
523 hlt_loop:
524 hlt
525 jmp hlt_loop
526 -@@ -569,8 +646,11 @@ hlt_loop:
527 +@@ -569,8 +654,11 @@ hlt_loop:
528 /* This is the default interrupt "handler" :-) */
529 ALIGN
530 ignore_int:
531 @@ -14091,7 +14329,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
532 pushl %eax
533 pushl %ecx
534 pushl %edx
535 -@@ -579,9 +659,6 @@ ignore_int:
536 +@@ -579,9 +667,6 @@ ignore_int:
537 movl $(__KERNEL_DS),%eax
538 movl %eax,%ds
539 movl %eax,%es
540 @@ -14101,7 +14339,16 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
541 pushl 16(%esp)
542 pushl 24(%esp)
543 pushl 32(%esp)
544 -@@ -610,31 +687,47 @@ ENTRY(initial_page_table)
545 +@@ -600,6 +685,8 @@ ignore_int:
546 + #endif
547 + iret
548 +
549 ++#include "verify_cpu.S"
550 ++
551 + __REFDATA
552 + .align 4
553 + ENTRY(initial_code)
554 +@@ -610,31 +697,47 @@ ENTRY(initial_page_table)
555 /*
556 * BSS section
557 */
558 @@ -14154,7 +14401,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
559 ENTRY(swapper_pg_dir)
560 .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
561 # if KPMDS == 3
562 -@@ -653,15 +746,24 @@ ENTRY(swapper_pg_dir)
563 +@@ -653,15 +756,24 @@ ENTRY(swapper_pg_dir)
564 # error "Kernel PMDs should be 1, 2 or 3"
565 # endif
566 .align PAGE_SIZE_asm /* needs to be page-sized too */
567 @@ -14169,10 +14416,11 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
568 #endif
569
570 .data
571 ++.balign 4
572 ENTRY(stack_start)
573 - .long init_thread_union+THREAD_SIZE
574 +- .long __BOOT_DS
575 + .long init_thread_union+THREAD_SIZE-8
576 - .long __BOOT_DS
577
578 ready: .byte 0
579
580 @@ -14180,7 +14428,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
581 early_recursion_flag:
582 .long 0
583
584 -@@ -697,7 +799,7 @@ fault_msg:
585 +@@ -697,7 +809,7 @@ fault_msg:
586 .word 0 # 32 bit align gdt_desc.address
587 boot_gdt_descr:
588 .word __BOOT_DS+7
589 @@ -14189,7 +14437,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
590
591 .word 0 # 32-bit align idt_desc.address
592 idt_descr:
593 -@@ -708,7 +810,7 @@ idt_descr:
594 +@@ -708,7 +820,7 @@ idt_descr:
595 .word 0 # 32 bit align gdt_desc.address
596 ENTRY(early_gdt_descr)
597 .word GDT_ENTRIES*8-1
598 @@ -14198,7 +14446,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
599
600 /*
601 * The boot_gdt must mirror the equivalent in setup.S and is
602 -@@ -717,5 +819,65 @@ ENTRY(early_gdt_descr)
603 +@@ -717,5 +829,65 @@ ENTRY(early_gdt_descr)
604 .align L1_CACHE_BYTES
605 ENTRY(boot_gdt)
606 .fill GDT_ENTRY_BOOT_CS,8,0
607 @@ -16160,7 +16408,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/signal.c linux-2.6.32.42/arch/x86/ker
608 if (current_thread_info()->status & TS_RESTORE_SIGMASK)
609 diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/kernel/smpboot.c
610 --- linux-2.6.32.42/arch/x86/kernel/smpboot.c 2011-03-27 14:31:47.000000000 -0400
611 -+++ linux-2.6.32.42/arch/x86/kernel/smpboot.c 2011-05-11 18:25:15.000000000 -0400
612 ++++ linux-2.6.32.42/arch/x86/kernel/smpboot.c 2011-07-01 19:10:03.000000000 -0400
613 @@ -94,14 +94,14 @@ static DEFINE_PER_CPU(struct task_struct
614 */
615 static DEFINE_MUTEX(x86_cpu_hotplug_driver_mutex);
616 @@ -16180,6 +16428,15 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/ke
617 }
618
619 ssize_t arch_cpu_probe(const char *buf, size_t count) { return -1; }
620 +@@ -625,7 +625,7 @@ wakeup_secondary_cpu_via_init(int phys_a
621 + * target processor state.
622 + */
623 + startup_ipi_hook(phys_apicid, (unsigned long) start_secondary,
624 +- (unsigned long)stack_start.sp);
625 ++ stack_start);
626 +
627 + /*
628 + * Run STARTUP IPI loop.
629 @@ -743,6 +743,7 @@ static int __cpuinit do_boot_cpu(int api
630 set_idle_for_cpu(cpu, c_idle.idle);
631 do_rest:
632 @@ -16188,7 +16445,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/ke
633 #ifdef CONFIG_X86_32
634 /* Stack for startup_32 can be just as for start_secondary onwards */
635 irq_ctx_init(cpu);
636 -@@ -750,11 +751,13 @@ do_rest:
637 +@@ -750,13 +751,15 @@ do_rest:
638 #else
639 clear_tsk_thread_flag(c_idle.idle, TIF_FORK);
640 initial_gs = per_cpu_offset(cpu);
641 @@ -16203,8 +16460,11 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/ke
642 + pax_close_kernel();
643 +
644 initial_code = (unsigned long)start_secondary;
645 - stack_start.sp = (void *) c_idle.idle->thread.sp;
646 +- stack_start.sp = (void *) c_idle.idle->thread.sp;
647 ++ stack_start = c_idle.idle->thread.sp;
648
649 + /* start_ip had better be page-aligned! */
650 + start_ip = setup_trampoline();
651 @@ -891,6 +894,12 @@ int __cpuinit native_cpu_up(unsigned int
652
653 per_cpu(cpu_state, cpu) = CPU_UP_PREPARE;
654 @@ -16819,7 +17079,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_32.S linux-2.6.32.42/arch/
655 # hence we don't use the boot_gdt_descr defined in head.S
656 diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_64.S linux-2.6.32.42/arch/x86/kernel/trampoline_64.S
657 --- linux-2.6.32.42/arch/x86/kernel/trampoline_64.S 2011-03-27 14:31:47.000000000 -0400
658 -+++ linux-2.6.32.42/arch/x86/kernel/trampoline_64.S 2011-04-17 15:56:46.000000000 -0400
659 ++++ linux-2.6.32.42/arch/x86/kernel/trampoline_64.S 2011-07-01 18:53:26.000000000 -0400
660 @@ -91,7 +91,7 @@ startup_32:
661 movl $__KERNEL_DS, %eax # Initialize the %ds segment register
662 movl %eax, %ds
663 @@ -16829,6 +17089,15 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_64.S linux-2.6.32.42/arch/
664 movl %eax, %cr4 # Enable PAE mode
665
666 # Setup trampoline 4 level pagetables
667 +@@ -127,7 +127,7 @@ startup_64:
668 + no_longmode:
669 + hlt
670 + jmp no_longmode
671 +-#include "verify_cpu_64.S"
672 ++#include "verify_cpu.S"
673 +
674 + # Careful these need to be in the same 64K segment as the above;
675 + tidt:
676 @@ -138,7 +138,7 @@ tidt:
677 # so the kernel can live anywhere
678 .balign 4
679 @@ -17009,6 +17278,259 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
680
681 if (!tsk_used_math(tsk)) {
682 local_irq_enable();
683 +diff -urNp linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S
684 +--- linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S 2011-03-27 14:31:47.000000000 -0400
685 ++++ linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S 1969-12-31 19:00:00.000000000 -0500
686 +@@ -1,105 +0,0 @@
687 +-/*
688 +- *
689 +- * verify_cpu.S - Code for cpu long mode and SSE verification. This
690 +- * code has been borrowed from boot/setup.S and was introduced by
691 +- * Andi Kleen.
692 +- *
693 +- * Copyright (c) 2007 Andi Kleen (ak@××××.de)
694 +- * Copyright (c) 2007 Eric Biederman (ebiederm@××××××××.com)
695 +- * Copyright (c) 2007 Vivek Goyal (vgoyal@××××××.com)
696 +- *
697 +- * This source code is licensed under the GNU General Public License,
698 +- * Version 2. See the file COPYING for more details.
699 +- *
700 +- * This is a common code for verification whether CPU supports
701 +- * long mode and SSE or not. It is not called directly instead this
702 +- * file is included at various places and compiled in that context.
703 +- * Following are the current usage.
704 +- *
705 +- * This file is included by both 16bit and 32bit code.
706 +- *
707 +- * arch/x86_64/boot/setup.S : Boot cpu verification (16bit)
708 +- * arch/x86_64/boot/compressed/head.S: Boot cpu verification (32bit)
709 +- * arch/x86_64/kernel/trampoline.S: secondary processor verfication (16bit)
710 +- * arch/x86_64/kernel/acpi/wakeup.S:Verfication at resume (16bit)
711 +- *
712 +- * verify_cpu, returns the status of cpu check in register %eax.
713 +- * 0: Success 1: Failure
714 +- *
715 +- * The caller needs to check for the error code and take the action
716 +- * appropriately. Either display a message or halt.
717 +- */
718 +-
719 +-#include <asm/cpufeature.h>
720 +-
721 +-verify_cpu:
722 +- pushfl # Save caller passed flags
723 +- pushl $0 # Kill any dangerous flags
724 +- popfl
725 +-
726 +- pushfl # standard way to check for cpuid
727 +- popl %eax
728 +- movl %eax,%ebx
729 +- xorl $0x200000,%eax
730 +- pushl %eax
731 +- popfl
732 +- pushfl
733 +- popl %eax
734 +- cmpl %eax,%ebx
735 +- jz verify_cpu_no_longmode # cpu has no cpuid
736 +-
737 +- movl $0x0,%eax # See if cpuid 1 is implemented
738 +- cpuid
739 +- cmpl $0x1,%eax
740 +- jb verify_cpu_no_longmode # no cpuid 1
741 +-
742 +- xor %di,%di
743 +- cmpl $0x68747541,%ebx # AuthenticAMD
744 +- jnz verify_cpu_noamd
745 +- cmpl $0x69746e65,%edx
746 +- jnz verify_cpu_noamd
747 +- cmpl $0x444d4163,%ecx
748 +- jnz verify_cpu_noamd
749 +- mov $1,%di # cpu is from AMD
750 +-
751 +-verify_cpu_noamd:
752 +- movl $0x1,%eax # Does the cpu have what it takes
753 +- cpuid
754 +- andl $REQUIRED_MASK0,%edx
755 +- xorl $REQUIRED_MASK0,%edx
756 +- jnz verify_cpu_no_longmode
757 +-
758 +- movl $0x80000000,%eax # See if extended cpuid is implemented
759 +- cpuid
760 +- cmpl $0x80000001,%eax
761 +- jb verify_cpu_no_longmode # no extended cpuid
762 +-
763 +- movl $0x80000001,%eax # Does the cpu have what it takes
764 +- cpuid
765 +- andl $REQUIRED_MASK1,%edx
766 +- xorl $REQUIRED_MASK1,%edx
767 +- jnz verify_cpu_no_longmode
768 +-
769 +-verify_cpu_sse_test:
770 +- movl $1,%eax
771 +- cpuid
772 +- andl $SSE_MASK,%edx
773 +- cmpl $SSE_MASK,%edx
774 +- je verify_cpu_sse_ok
775 +- test %di,%di
776 +- jz verify_cpu_no_longmode # only try to force SSE on AMD
777 +- movl $0xc0010015,%ecx # HWCR
778 +- rdmsr
779 +- btr $15,%eax # enable SSE
780 +- wrmsr
781 +- xor %di,%di # don't loop
782 +- jmp verify_cpu_sse_test # try again
783 +-
784 +-verify_cpu_no_longmode:
785 +- popfl # Restore caller passed flags
786 +- movl $1,%eax
787 +- ret
788 +-verify_cpu_sse_ok:
789 +- popfl # Restore caller passed flags
790 +- xorl %eax, %eax
791 +- ret
792 +diff -urNp linux-2.6.32.42/arch/x86/kernel/verify_cpu.S linux-2.6.32.42/arch/x86/kernel/verify_cpu.S
793 +--- linux-2.6.32.42/arch/x86/kernel/verify_cpu.S 1969-12-31 19:00:00.000000000 -0500
794 ++++ linux-2.6.32.42/arch/x86/kernel/verify_cpu.S 2011-07-01 18:28:42.000000000 -0400
795 +@@ -0,0 +1,140 @@
796 ++/*
797 ++ *
798 ++ * verify_cpu.S - Code for cpu long mode and SSE verification. This
799 ++ * code has been borrowed from boot/setup.S and was introduced by
800 ++ * Andi Kleen.
801 ++ *
802 ++ * Copyright (c) 2007 Andi Kleen (ak@××××.de)
803 ++ * Copyright (c) 2007 Eric Biederman (ebiederm@××××××××.com)
804 ++ * Copyright (c) 2007 Vivek Goyal (vgoyal@××××××.com)
805 ++ * Copyright (c) 2010 Kees Cook (kees.cook@×××××××××.com)
806 ++ *
807 ++ * This source code is licensed under the GNU General Public License,
808 ++ * Version 2. See the file COPYING for more details.
809 ++ *
810 ++ * This is a common code for verification whether CPU supports
811 ++ * long mode and SSE or not. It is not called directly instead this
812 ++ * file is included at various places and compiled in that context.
813 ++ * This file is expected to run in 32bit code. Currently:
814 ++ *
815 ++ * arch/x86/boot/compressed/head_64.S: Boot cpu verification
816 ++ * arch/x86/kernel/trampoline_64.S: secondary processor verification
817 ++ * arch/x86/kernel/head_32.S: processor startup
818 ++ * arch/x86/kernel/acpi/realmode/wakeup.S: 32bit processor resume
819 ++ *
820 ++ * verify_cpu, returns the status of longmode and SSE in register %eax.
821 ++ * 0: Success 1: Failure
822 ++ *
823 ++ * On Intel, the XD_DISABLE flag will be cleared as a side-effect.
824 ++ *
825 ++ * The caller needs to check for the error code and take the action
826 ++ * appropriately. Either display a message or halt.
827 ++ */
828 ++
829 ++#include <asm/cpufeature.h>
830 ++#include <asm/msr-index.h>
831 ++
832 ++verify_cpu:
833 ++ pushfl # Save caller passed flags
834 ++ pushl $0 # Kill any dangerous flags
835 ++ popfl
836 ++
837 ++ pushfl # standard way to check for cpuid
838 ++ popl %eax
839 ++ movl %eax,%ebx
840 ++ xorl $0x200000,%eax
841 ++ pushl %eax
842 ++ popfl
843 ++ pushfl
844 ++ popl %eax
845 ++ cmpl %eax,%ebx
846 ++ jz verify_cpu_no_longmode # cpu has no cpuid
847 ++
848 ++ movl $0x0,%eax # See if cpuid 1 is implemented
849 ++ cpuid
850 ++ cmpl $0x1,%eax
851 ++ jb verify_cpu_no_longmode # no cpuid 1
852 ++
853 ++ xor %di,%di
854 ++ cmpl $0x68747541,%ebx # AuthenticAMD
855 ++ jnz verify_cpu_noamd
856 ++ cmpl $0x69746e65,%edx
857 ++ jnz verify_cpu_noamd
858 ++ cmpl $0x444d4163,%ecx
859 ++ jnz verify_cpu_noamd
860 ++ mov $1,%di # cpu is from AMD
861 ++ jmp verify_cpu_check
862 ++
863 ++verify_cpu_noamd:
864 ++ cmpl $0x756e6547,%ebx # GenuineIntel?
865 ++ jnz verify_cpu_check
866 ++ cmpl $0x49656e69,%edx
867 ++ jnz verify_cpu_check
868 ++ cmpl $0x6c65746e,%ecx
869 ++ jnz verify_cpu_check
870 ++
871 ++ # only call IA32_MISC_ENABLE when:
872 ++ # family > 6 || (family == 6 && model >= 0xd)
873 ++ movl $0x1, %eax # check CPU family and model
874 ++ cpuid
875 ++ movl %eax, %ecx
876 ++
877 ++ andl $0x0ff00f00, %eax # mask family and extended family
878 ++ shrl $8, %eax
879 ++ cmpl $6, %eax
880 ++ ja verify_cpu_clear_xd # family > 6, ok
881 ++ jb verify_cpu_check # family < 6, skip
882 ++
883 ++ andl $0x000f00f0, %ecx # mask model and extended model
884 ++ shrl $4, %ecx
885 ++ cmpl $0xd, %ecx
886 ++ jb verify_cpu_check # family == 6, model < 0xd, skip
887 ++
888 ++verify_cpu_clear_xd:
889 ++ movl $MSR_IA32_MISC_ENABLE, %ecx
890 ++ rdmsr
891 ++ btrl $2, %edx # clear MSR_IA32_MISC_ENABLE_XD_DISABLE
892 ++ jnc verify_cpu_check # only write MSR if bit was changed
893 ++ wrmsr
894 ++
895 ++verify_cpu_check:
896 ++ movl $0x1,%eax # Does the cpu have what it takes
897 ++ cpuid
898 ++ andl $REQUIRED_MASK0,%edx
899 ++ xorl $REQUIRED_MASK0,%edx
900 ++ jnz verify_cpu_no_longmode
901 ++
902 ++ movl $0x80000000,%eax # See if extended cpuid is implemented
903 ++ cpuid
904 ++ cmpl $0x80000001,%eax
905 ++ jb verify_cpu_no_longmode # no extended cpuid
906 ++
907 ++ movl $0x80000001,%eax # Does the cpu have what it takes
908 ++ cpuid
909 ++ andl $REQUIRED_MASK1,%edx
910 ++ xorl $REQUIRED_MASK1,%edx
911 ++ jnz verify_cpu_no_longmode
912 ++
913 ++verify_cpu_sse_test:
914 ++ movl $1,%eax
915 ++ cpuid
916 ++ andl $SSE_MASK,%edx
917 ++ cmpl $SSE_MASK,%edx
918 ++ je verify_cpu_sse_ok
919 ++ test %di,%di
920 ++ jz verify_cpu_no_longmode # only try to force SSE on AMD
921 ++ movl $MSR_K7_HWCR,%ecx
922 ++ rdmsr
923 ++ btr $15,%eax # enable SSE
924 ++ wrmsr
925 ++ xor %di,%di # don't loop
926 ++ jmp verify_cpu_sse_test # try again
927 ++
928 ++verify_cpu_no_longmode:
929 ++ popfl # Restore caller passed flags
930 ++ movl $1,%eax
931 ++ ret
932 ++verify_cpu_sse_ok:
933 ++ popfl # Restore caller passed flags
934 ++ xorl %eax, %eax
935 ++ ret
936 diff -urNp linux-2.6.32.42/arch/x86/kernel/vm86_32.c linux-2.6.32.42/arch/x86/kernel/vm86_32.c
937 --- linux-2.6.32.42/arch/x86/kernel/vm86_32.c 2011-03-27 14:31:47.000000000 -0400
938 +++ linux-2.6.32.42/arch/x86/kernel/vm86_32.c 2011-04-17 15:56:46.000000000 -0400
939 @@ -50542,8 +51064,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_fork.c linux-2.6.32.42/grsecurity/gr
940 +}
941 diff -urNp linux-2.6.32.42/grsecurity/grsec_init.c linux-2.6.32.42/grsecurity/grsec_init.c
942 --- linux-2.6.32.42/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
943 -+++ linux-2.6.32.42/grsecurity/grsec_init.c 2011-04-17 15:56:46.000000000 -0400
944 -@@ -0,0 +1,270 @@
945 ++++ linux-2.6.32.42/grsecurity/grsec_init.c 2011-06-29 19:35:26.000000000 -0400
946 +@@ -0,0 +1,274 @@
947 +#include <linux/kernel.h>
948 +#include <linux/sched.h>
949 +#include <linux/mm.h>
950 @@ -50554,6 +51076,7 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_init.c linux-2.6.32.42/grsecurity/gr
951 +#include <linux/percpu.h>
952 +#include <linux/module.h>
953 +
954 ++int grsec_enable_brute;
955 +int grsec_enable_link;
956 +int grsec_enable_dmesg;
957 +int grsec_enable_harden_ptrace;
958 @@ -50718,6 +51241,9 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_init.c linux-2.6.32.42/grsecurity/gr
959 +#ifdef CONFIG_GRKERNSEC_LINK
960 + grsec_enable_link = 1;
961 +#endif
962 ++#ifdef CONFIG_GRKERNSEC_BRUTE
963 ++ grsec_enable_brute = 1;
964 ++#endif
965 +#ifdef CONFIG_GRKERNSEC_DMESG
966 + grsec_enable_dmesg = 1;
967 +#endif
968 @@ -51338,8 +51864,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_ptrace.c linux-2.6.32.42/grsecurity/
969 +}
970 diff -urNp linux-2.6.32.42/grsecurity/grsec_sig.c linux-2.6.32.42/grsecurity/grsec_sig.c
971 --- linux-2.6.32.42/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
972 -+++ linux-2.6.32.42/grsecurity/grsec_sig.c 2011-05-17 17:30:04.000000000 -0400
973 -@@ -0,0 +1,202 @@
974 ++++ linux-2.6.32.42/grsecurity/grsec_sig.c 2011-06-29 19:40:31.000000000 -0400
975 +@@ -0,0 +1,205 @@
976 +#include <linux/kernel.h>
977 +#include <linux/sched.h>
978 +#include <linux/delay.h>
979 @@ -51431,6 +51957,9 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_sig.c linux-2.6.32.42/grsecurity/grs
980 +#ifdef CONFIG_GRKERNSEC_BRUTE
981 + uid_t uid = 0;
982 +
983 ++ if (!grsec_enable_brute)
984 ++ return;
985 ++
986 + rcu_read_lock();
987 + read_lock(&tasklist_lock);
988 + read_lock(&grsec_exec_file_lock);
989 @@ -51823,8 +52352,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_sock.c linux-2.6.32.42/grsecurity/gr
990 +}
991 diff -urNp linux-2.6.32.42/grsecurity/grsec_sysctl.c linux-2.6.32.42/grsecurity/grsec_sysctl.c
992 --- linux-2.6.32.42/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
993 -+++ linux-2.6.32.42/grsecurity/grsec_sysctl.c 2011-04-17 15:56:46.000000000 -0400
994 -@@ -0,0 +1,479 @@
995 ++++ linux-2.6.32.42/grsecurity/grsec_sysctl.c 2011-06-29 19:37:19.000000000 -0400
996 +@@ -0,0 +1,489 @@
997 +#include <linux/kernel.h>
998 +#include <linux/sched.h>
999 +#include <linux/sysctl.h>
1000 @@ -51872,6 +52401,16 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_sysctl.c linux-2.6.32.42/grsecurity/
1001 + .proc_handler = &proc_dointvec,
1002 + },
1003 +#endif
1004 ++#ifdef CONFIG_GRKERNSEC_BRUTE
1005 ++ {
1006 ++ .ctl_name = CTL_UNNUMBERED,
1007 ++ .procname = "deter_bruteforce",
1008 ++ .data = &grsec_enable_brute,
1009 ++ .maxlen = sizeof(int),
1010 ++ .mode = 0600,
1011 ++ .proc_handler = &proc_dointvec,
1012 ++ },
1013 ++#endif
1014 +#ifdef CONFIG_GRKERNSEC_FIFO
1015 + {
1016 + .ctl_name = CTL_UNNUMBERED,
1017 @@ -52434,8 +52973,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsum.c linux-2.6.32.42/grsecurity/grsum.c
1018 +}
1019 diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
1020 --- linux-2.6.32.42/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
1021 -+++ linux-2.6.32.42/grsecurity/Kconfig 2011-06-13 21:34:09.000000000 -0400
1022 -@@ -0,0 +1,1045 @@
1023 ++++ linux-2.6.32.42/grsecurity/Kconfig 2011-06-29 20:55:13.000000000 -0400
1024 +@@ -0,0 +1,1047 @@
1025 +#
1026 +# grecurity configuration
1027 +#
1028 @@ -52514,7 +53053,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
1029 + select PAX_ASLR
1030 + select PAX_RANDMMAP
1031 + select PAX_REFCOUNT if (X86 || SPARC64)
1032 -+ select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC) && (SLAB || SLUB || SLOB))
1033 ++ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
1034 +
1035 + help
1036 + If you say Y here, several features in addition to those included
1037 @@ -52578,7 +53117,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
1038 + select GRKERNSEC_MODHARDEN if (MODULES)
1039 + select GRKERNSEC_HARDEN_PTRACE
1040 + select GRKERNSEC_VM86 if (X86_32)
1041 -+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC32 || SPARC64)
1042 ++ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
1043 + select PAX
1044 + select PAX_RANDUSTACK
1045 + select PAX_ASLR
1046 @@ -52593,13 +53132,13 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
1047 + select PAX_RANDKSTACK if (X86_TSC && X86)
1048 + select PAX_SEGMEXEC if (X86_32)
1049 + select PAX_PAGEEXEC
1050 -+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
1051 ++ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
1052 + select PAX_EMUTRAMP if (PARISC)
1053 + select PAX_EMUSIGRT if (PARISC)
1054 + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
1055 + select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
1056 + select PAX_REFCOUNT if (X86 || SPARC64)
1057 -+ select PAX_USERCOPY if ((X86 || PPC || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
1058 ++ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
1059 + help
1060 + If you say Y here, many of the features of grsecurity will be
1061 + enabled, which will protect you against many kinds of attacks
1062 @@ -52729,6 +53268,8 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
1063 + It is recommended that you also enable signal logging in the auditing
1064 + section so that logs are generated when a process triggers a suspicious
1065 + signal.
1066 ++ If the sysctl option is enabled, a sysctl option with name
1067 ++ "deter_bruteforce" is created.
1068 +
1069 +config GRKERNSEC_MODHARDEN
1070 + bool "Harden module auto-loading"
1071 @@ -52778,7 +53319,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
1072 +
1073 +config GRKERNSEC_KERN_LOCKOUT
1074 + bool "Active kernel exploit response"
1075 -+ depends on X86 || ARM || PPC || SPARC32 || SPARC64
1076 ++ depends on X86 || ARM || PPC || SPARC
1077 + help
1078 + If you say Y here, when a PaX alert is triggered due to suspicious
1079 + activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
1080 @@ -55345,8 +55886,8 @@ diff -urNp linux-2.6.32.42/include/linux/grdefs.h linux-2.6.32.42/include/linux/
1081 +#endif
1082 diff -urNp linux-2.6.32.42/include/linux/grinternal.h linux-2.6.32.42/include/linux/grinternal.h
1083 --- linux-2.6.32.42/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
1084 -+++ linux-2.6.32.42/include/linux/grinternal.h 2011-04-17 15:56:46.000000000 -0400
1085 -@@ -0,0 +1,218 @@
1086 ++++ linux-2.6.32.42/include/linux/grinternal.h 2011-06-29 19:41:14.000000000 -0400
1087 +@@ -0,0 +1,219 @@
1088 +#ifndef __GRINTERNAL_H
1089 +#define __GRINTERNAL_H
1090 +
1091 @@ -55427,6 +55968,7 @@ diff -urNp linux-2.6.32.42/include/linux/grinternal.h linux-2.6.32.42/include/li
1092 +extern int grsec_resource_logging;
1093 +extern int grsec_enable_blackhole;
1094 +extern int grsec_lastack_retries;
1095 ++extern int grsec_enable_brute;
1096 +extern int grsec_lock;
1097 +
1098 +extern spinlock_t grsec_alert_lock;
1099 @@ -70607,7 +71149,7 @@ diff -urNp linux-2.6.32.42/security/integrity/ima/ima_queue.c linux-2.6.32.42/se
1100 return 0;
1101 diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig
1102 --- linux-2.6.32.42/security/Kconfig 2011-03-27 14:31:47.000000000 -0400
1103 -+++ linux-2.6.32.42/security/Kconfig 2011-06-04 20:45:36.000000000 -0400
1104 ++++ linux-2.6.32.42/security/Kconfig 2011-06-29 20:55:36.000000000 -0400
1105 @@ -4,6 +4,555 @@
1106
1107 menu "Security options"
1108 @@ -71129,7 +71671,7 @@ diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig
1109 +
1110 +config PAX_USERCOPY
1111 + bool "Harden heap object copies between kernel and userland"
1112 -+ depends on X86 || PPC || SPARC
1113 ++ depends on X86 || PPC || SPARC || ARM
1114 + depends on GRKERNSEC && (SLAB || SLUB)
1115 + help
1116 + By saying Y here the kernel will enforce the size of heap objects
1117
1118 diff --git a/2.6.39/0000_README b/2.6.39/0000_README
1119 index b6b1a96..2c34d1e 100644
1120 --- a/2.6.39/0000_README
1121 +++ b/2.6.39/0000_README
1122 @@ -3,7 +3,7 @@ README
1123
1124 Individual Patch Descriptions:
1125 -----------------------------------------------------------------------------
1126 -Patch: 4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch
1127 +Patch: 4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
1128 From: http://www.grsecurity.net
1129 Desc: hardened-sources base patch from upstream grsecurity
1130
1131
1132 diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
1133 similarity index 99%
1134 rename from 2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch
1135 rename to 2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
1136 index 8495f8b..4a5d663 100644
1137 --- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch
1138 +++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
1139 @@ -677,8 +677,43 @@ diff -urNp linux-2.6.39.2/arch/arm/include/asm/page.h linux-2.6.39.2/arch/arm/in
1140 #define __cpu_copy_user_highpage cpu_user.cpu_copy_user_highpage
1141 diff -urNp linux-2.6.39.2/arch/arm/include/asm/uaccess.h linux-2.6.39.2/arch/arm/include/asm/uaccess.h
1142 --- linux-2.6.39.2/arch/arm/include/asm/uaccess.h 2011-05-19 00:06:34.000000000 -0400
1143 -+++ linux-2.6.39.2/arch/arm/include/asm/uaccess.h 2011-05-22 19:36:30.000000000 -0400
1144 -@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
1145 ++++ linux-2.6.39.2/arch/arm/include/asm/uaccess.h 2011-06-29 21:04:12.000000000 -0400
1146 +@@ -22,6 +22,8 @@
1147 + #define VERIFY_READ 0
1148 + #define VERIFY_WRITE 1
1149 +
1150 ++extern void check_object_size(const void *ptr, unsigned long n, bool to);
1151 ++
1152 + /*
1153 + * The exception table consists of pairs of addresses: the first is the
1154 + * address of an instruction that is allowed to fault, and the second is
1155 +@@ -387,8 +389,23 @@ do { \
1156 +
1157 +
1158 + #ifdef CONFIG_MMU
1159 +-extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
1160 +-extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
1161 ++extern unsigned long __must_check ___copy_from_user(void *to, const void __user *from, unsigned long n);
1162 ++extern unsigned long __must_check ___copy_to_user(void __user *to, const void *from, unsigned long n);
1163 ++
1164 ++static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
1165 ++{
1166 ++ if (!__builtin_constant_p(n))
1167 ++ check_object_size(to, n, false);
1168 ++ return ___copy_from_user(to, from, n);
1169 ++}
1170 ++
1171 ++static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
1172 ++{
1173 ++ if (!__builtin_constant_p(n))
1174 ++ check_object_size(from, n, true);
1175 ++ return ___copy_to_user(to, from, n);
1176 ++}
1177 ++
1178 + extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
1179 + extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
1180 + extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
1181 +@@ -403,6 +420,9 @@ extern unsigned long __must_check __strn
1182
1183 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
1184 {
1185 @@ -688,7 +723,7 @@ diff -urNp linux-2.6.39.2/arch/arm/include/asm/uaccess.h linux-2.6.39.2/arch/arm
1186 if (access_ok(VERIFY_READ, from, n))
1187 n = __copy_from_user(to, from, n);
1188 else /* security hole - plug it */
1189 -@@ -412,6 +415,9 @@ static inline unsigned long __must_check
1190 +@@ -412,6 +432,9 @@ static inline unsigned long __must_check
1191
1192 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
1193 {
1194 @@ -756,6 +791,126 @@ diff -urNp linux-2.6.39.2/arch/arm/kernel/traps.c linux-2.6.39.2/arch/arm/kernel
1195 if (ret != NOTIFY_STOP)
1196 do_exit(SIGSEGV);
1197 }
1198 +diff -urNp linux-2.6.39.2/arch/arm/lib/copy_from_user.S linux-2.6.39.2/arch/arm/lib/copy_from_user.S
1199 +--- linux-2.6.39.2/arch/arm/lib/copy_from_user.S 2011-05-19 00:06:34.000000000 -0400
1200 ++++ linux-2.6.39.2/arch/arm/lib/copy_from_user.S 2011-06-29 20:58:18.000000000 -0400
1201 +@@ -16,7 +16,7 @@
1202 + /*
1203 + * Prototype:
1204 + *
1205 +- * size_t __copy_from_user(void *to, const void *from, size_t n)
1206 ++ * size_t ___copy_from_user(void *to, const void *from, size_t n)
1207 + *
1208 + * Purpose:
1209 + *
1210 +@@ -84,11 +84,11 @@
1211 +
1212 + .text
1213 +
1214 +-ENTRY(__copy_from_user)
1215 ++ENTRY(___copy_from_user)
1216 +
1217 + #include "copy_template.S"
1218 +
1219 +-ENDPROC(__copy_from_user)
1220 ++ENDPROC(___copy_from_user)
1221 +
1222 + .pushsection .fixup,"ax"
1223 + .align 0
1224 +diff -urNp linux-2.6.39.2/arch/arm/lib/copy_to_user.S linux-2.6.39.2/arch/arm/lib/copy_to_user.S
1225 +--- linux-2.6.39.2/arch/arm/lib/copy_to_user.S 2011-05-19 00:06:34.000000000 -0400
1226 ++++ linux-2.6.39.2/arch/arm/lib/copy_to_user.S 2011-06-29 20:59:20.000000000 -0400
1227 +@@ -16,7 +16,7 @@
1228 + /*
1229 + * Prototype:
1230 + *
1231 +- * size_t __copy_to_user(void *to, const void *from, size_t n)
1232 ++ * size_t ___copy_to_user(void *to, const void *from, size_t n)
1233 + *
1234 + * Purpose:
1235 + *
1236 +@@ -88,11 +88,11 @@
1237 + .text
1238 +
1239 + ENTRY(__copy_to_user_std)
1240 +-WEAK(__copy_to_user)
1241 ++WEAK(___copy_to_user)
1242 +
1243 + #include "copy_template.S"
1244 +
1245 +-ENDPROC(__copy_to_user)
1246 ++ENDPROC(___copy_to_user)
1247 + ENDPROC(__copy_to_user_std)
1248 +
1249 + .pushsection .fixup,"ax"
1250 +diff -urNp linux-2.6.39.2/arch/arm/lib/uaccess.S linux-2.6.39.2/arch/arm/lib/uaccess.S
1251 +--- linux-2.6.39.2/arch/arm/lib/uaccess.S 2011-05-19 00:06:34.000000000 -0400
1252 ++++ linux-2.6.39.2/arch/arm/lib/uaccess.S 2011-06-29 20:59:01.000000000 -0400
1253 +@@ -20,7 +20,7 @@
1254 +
1255 + #define PAGE_SHIFT 12
1256 +
1257 +-/* Prototype: int __copy_to_user(void *to, const char *from, size_t n)
1258 ++/* Prototype: int ___copy_to_user(void *to, const char *from, size_t n)
1259 + * Purpose : copy a block to user memory from kernel memory
1260 + * Params : to - user memory
1261 + * : from - kernel memory
1262 +@@ -40,7 +40,7 @@ USER( T(strgtb) r3, [r0], #1) @ May f
1263 + sub r2, r2, ip
1264 + b .Lc2u_dest_aligned
1265 +
1266 +-ENTRY(__copy_to_user)
1267 ++ENTRY(___copy_to_user)
1268 + stmfd sp!, {r2, r4 - r7, lr}
1269 + cmp r2, #4
1270 + blt .Lc2u_not_enough
1271 +@@ -278,14 +278,14 @@ USER( T(strgeb) r3, [r0], #1) @ May f
1272 + ldrgtb r3, [r1], #0
1273 + USER( T(strgtb) r3, [r0], #1) @ May fault
1274 + b .Lc2u_finished
1275 +-ENDPROC(__copy_to_user)
1276 ++ENDPROC(___copy_to_user)
1277 +
1278 + .pushsection .fixup,"ax"
1279 + .align 0
1280 + 9001: ldmfd sp!, {r0, r4 - r7, pc}
1281 + .popsection
1282 +
1283 +-/* Prototype: unsigned long __copy_from_user(void *to,const void *from,unsigned long n);
1284 ++/* Prototype: unsigned long ___copy_from_user(void *to,const void *from,unsigned long n);
1285 + * Purpose : copy a block from user memory to kernel memory
1286 + * Params : to - kernel memory
1287 + * : from - user memory
1288 +@@ -304,7 +304,7 @@ USER( T(ldrgtb) r3, [r1], #1) @ May f
1289 + sub r2, r2, ip
1290 + b .Lcfu_dest_aligned
1291 +
1292 +-ENTRY(__copy_from_user)
1293 ++ENTRY(___copy_from_user)
1294 + stmfd sp!, {r0, r2, r4 - r7, lr}
1295 + cmp r2, #4
1296 + blt .Lcfu_not_enough
1297 +@@ -544,7 +544,7 @@ USER( T(ldrgeb) r3, [r1], #1) @ May f
1298 + USER( T(ldrgtb) r3, [r1], #1) @ May fault
1299 + strgtb r3, [r0], #1
1300 + b .Lcfu_finished
1301 +-ENDPROC(__copy_from_user)
1302 ++ENDPROC(___copy_from_user)
1303 +
1304 + .pushsection .fixup,"ax"
1305 + .align 0
1306 +diff -urNp linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c
1307 +--- linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c 2011-05-19 00:06:34.000000000 -0400
1308 ++++ linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c 2011-06-29 20:59:55.000000000 -0400
1309 +@@ -103,7 +103,7 @@ out:
1310 + }
1311 +
1312 + unsigned long
1313 +-__copy_to_user(void __user *to, const void *from, unsigned long n)
1314 ++___copy_to_user(void __user *to, const void *from, unsigned long n)
1315 + {
1316 + /*
1317 + * This test is stubbed out of the main function above to keep
1318 diff -urNp linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c
1319 --- linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c 2011-05-19 00:06:34.000000000 -0400
1320 +++ linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c 2011-05-22 19:36:30.000000000 -0400
1321 @@ -12633,6 +12788,27 @@ diff -urNp linux-2.6.39.2/arch/x86/Kconfig.debug linux-2.6.39.2/arch/x86/Kconfig
1322 ---help---
1323 This option helps catch unintended modifications to loadable
1324 kernel module's text and read-only data. It also prevents execution
1325 +diff -urNp linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S
1326 +--- linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S 2011-05-19 00:06:34.000000000 -0400
1327 ++++ linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S 2011-07-01 18:27:29.000000000 -0400
1328 +@@ -94,6 +94,9 @@ wakeup_code:
1329 + /* Do any other stuff... */
1330 +
1331 + #ifndef CONFIG_64BIT
1332 ++ /* Recheck NX bit overrides (64bit path does this in trampoline */
1333 ++ call verify_cpu
1334 ++
1335 + /* This could also be done in C code... */
1336 + movl pmode_cr3, %eax
1337 + movl %eax, %cr3
1338 +@@ -117,6 +120,7 @@ wakeup_code:
1339 + movl pmode_cr0, %eax
1340 + movl %eax, %cr0
1341 + jmp pmode_return
1342 ++# include "../../verify_cpu.S"
1343 + #else
1344 + pushw $0
1345 + pushw trampoline_segment
1346 diff -urNp linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c
1347 --- linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c 2011-05-19 00:06:34.000000000 -0400
1348 +++ linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c 2011-05-22 19:36:30.000000000 -0400
1349 @@ -18050,6 +18226,17 @@ diff -urNp linux-2.6.39.2/arch/x86/kernel/traps.c linux-2.6.39.2/arch/x86/kernel
1350
1351 if (!tsk_used_math(tsk)) {
1352 local_irq_enable();
1353 +diff -urNp linux-2.6.39.2/arch/x86/kernel/verify_cpu.S linux-2.6.39.2/arch/x86/kernel/verify_cpu.S
1354 +--- linux-2.6.39.2/arch/x86/kernel/verify_cpu.S 2011-05-19 00:06:34.000000000 -0400
1355 ++++ linux-2.6.39.2/arch/x86/kernel/verify_cpu.S 2011-07-01 18:28:04.000000000 -0400
1356 +@@ -20,6 +20,7 @@
1357 + * arch/x86/boot/compressed/head_64.S: Boot cpu verification
1358 + * arch/x86/kernel/trampoline_64.S: secondary processor verification
1359 + * arch/x86/kernel/head_32.S: processor startup
1360 ++ * arch/x86/kernel/acpi/realmode/wakeup.S: 32bit processor resume
1361 + *
1362 + * verify_cpu, returns the status of longmode and SSE in register %eax.
1363 + * 0: Success 1: Failure
1364 diff -urNp linux-2.6.39.2/arch/x86/kernel/vm86_32.c linux-2.6.39.2/arch/x86/kernel/vm86_32.c
1365 --- linux-2.6.39.2/arch/x86/kernel/vm86_32.c 2011-05-19 00:06:34.000000000 -0400
1366 +++ linux-2.6.39.2/arch/x86/kernel/vm86_32.c 2011-05-22 19:41:32.000000000 -0400
1367 @@ -58154,8 +58341,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_fork.c linux-2.6.39.2/grsecurity/grse
1368 +}
1369 diff -urNp linux-2.6.39.2/grsecurity/grsec_init.c linux-2.6.39.2/grsecurity/grsec_init.c
1370 --- linux-2.6.39.2/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
1371 -+++ linux-2.6.39.2/grsecurity/grsec_init.c 2011-05-22 22:47:15.000000000 -0400
1372 -@@ -0,0 +1,269 @@
1373 ++++ linux-2.6.39.2/grsecurity/grsec_init.c 2011-06-29 19:35:59.000000000 -0400
1374 +@@ -0,0 +1,273 @@
1375 +#include <linux/kernel.h>
1376 +#include <linux/sched.h>
1377 +#include <linux/mm.h>
1378 @@ -58165,6 +58352,7 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_init.c linux-2.6.39.2/grsecurity/grse
1379 +#include <linux/percpu.h>
1380 +#include <linux/module.h>
1381 +
1382 ++int grsec_enable_brute;
1383 +int grsec_enable_link;
1384 +int grsec_enable_dmesg;
1385 +int grsec_enable_harden_ptrace;
1386 @@ -58329,6 +58517,9 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_init.c linux-2.6.39.2/grsecurity/grse
1387 +#ifdef CONFIG_GRKERNSEC_LINK
1388 + grsec_enable_link = 1;
1389 +#endif
1390 ++#ifdef CONFIG_GRKERNSEC_BRUTE
1391 ++ grsec_enable_brute = 1;
1392 ++#endif
1393 +#ifdef CONFIG_GRKERNSEC_DMESG
1394 + grsec_enable_dmesg = 1;
1395 +#endif
1396 @@ -58949,8 +59140,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_ptrace.c linux-2.6.39.2/grsecurity/gr
1397 +}
1398 diff -urNp linux-2.6.39.2/grsecurity/grsec_sig.c linux-2.6.39.2/grsecurity/grsec_sig.c
1399 --- linux-2.6.39.2/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
1400 -+++ linux-2.6.39.2/grsecurity/grsec_sig.c 2011-05-22 19:41:42.000000000 -0400
1401 -@@ -0,0 +1,203 @@
1402 ++++ linux-2.6.39.2/grsecurity/grsec_sig.c 2011-06-29 19:40:46.000000000 -0400
1403 +@@ -0,0 +1,206 @@
1404 +#include <linux/kernel.h>
1405 +#include <linux/sched.h>
1406 +#include <linux/delay.h>
1407 @@ -59042,6 +59233,9 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_sig.c linux-2.6.39.2/grsecurity/grsec
1408 +#ifdef CONFIG_GRKERNSEC_BRUTE
1409 + uid_t uid = 0;
1410 +
1411 ++ if (!grsec_enable_brute)
1412 ++ return;
1413 ++
1414 + rcu_read_lock();
1415 + read_lock(&tasklist_lock);
1416 + read_lock(&grsec_exec_file_lock);
1417 @@ -59404,8 +59598,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_sock.c linux-2.6.39.2/grsecurity/grse
1418 +}
1419 diff -urNp linux-2.6.39.2/grsecurity/grsec_sysctl.c linux-2.6.39.2/grsecurity/grsec_sysctl.c
1420 --- linux-2.6.39.2/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
1421 -+++ linux-2.6.39.2/grsecurity/grsec_sysctl.c 2011-05-22 19:41:42.000000000 -0400
1422 -@@ -0,0 +1,433 @@
1423 ++++ linux-2.6.39.2/grsecurity/grsec_sysctl.c 2011-06-29 19:38:04.000000000 -0400
1424 +@@ -0,0 +1,442 @@
1425 +#include <linux/kernel.h>
1426 +#include <linux/sched.h>
1427 +#include <linux/sysctl.h>
1428 @@ -59451,6 +59645,15 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_sysctl.c linux-2.6.39.2/grsecurity/gr
1429 + .proc_handler = &proc_dointvec,
1430 + },
1431 +#endif
1432 ++#ifdef CONFIG_GRKERNSEC_BRUTE
1433 ++ {
1434 ++ .procname = "deter_bruteforce",
1435 ++ .data = &grsec_enable_brute,
1436 ++ .maxlen = sizeof(int),
1437 ++ .mode = 0600,
1438 ++ .proc_handler = &proc_dointvec,
1439 ++ },
1440 ++#endif
1441 +#ifdef CONFIG_GRKERNSEC_FIFO
1442 + {
1443 + .procname = "fifo_restrictions",
1444 @@ -59969,8 +60172,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsum.c linux-2.6.39.2/grsecurity/grsum.c
1445 +}
1446 diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
1447 --- linux-2.6.39.2/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
1448 -+++ linux-2.6.39.2/grsecurity/Kconfig 2011-06-13 21:34:34.000000000 -0400
1449 -@@ -0,0 +1,1045 @@
1450 ++++ linux-2.6.39.2/grsecurity/Kconfig 2011-06-29 20:57:06.000000000 -0400
1451 +@@ -0,0 +1,1048 @@
1452 +#
1453 +# grecurity configuration
1454 +#
1455 @@ -60049,7 +60252,7 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
1456 + select PAX_ASLR
1457 + select PAX_RANDMMAP
1458 + select PAX_REFCOUNT if (X86 || SPARC64)
1459 -+ select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC) && (SLAB || SLUB || SLOB))
1460 ++ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
1461 +
1462 + help
1463 + If you say Y here, several features in addition to those included
1464 @@ -60113,7 +60316,7 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
1465 + select GRKERNSEC_MODHARDEN if (MODULES)
1466 + select GRKERNSEC_HARDEN_PTRACE
1467 + select GRKERNSEC_VM86 if (X86_32)
1468 -+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC32 || SPARC64)
1469 ++ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
1470 + select PAX
1471 + select PAX_RANDUSTACK
1472 + select PAX_ASLR
1473 @@ -60128,13 +60331,13 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
1474 + select PAX_RANDKSTACK if (X86_TSC && X86)
1475 + select PAX_SEGMEXEC if (X86_32)
1476 + select PAX_PAGEEXEC
1477 -+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
1478 ++ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
1479 + select PAX_EMUTRAMP if (PARISC)
1480 + select PAX_EMUSIGRT if (PARISC)
1481 + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
1482 + select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
1483 + select PAX_REFCOUNT if (X86 || SPARC64)
1484 -+ select PAX_USERCOPY if ((X86 || PPC || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
1485 ++ select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB))
1486 + help
1487 + If you say Y here, many of the features of grsecurity will be
1488 + enabled, which will protect you against many kinds of attacks
1489 @@ -60264,6 +60467,9 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
1490 + It is recommended that you also enable signal logging in the auditing
1491 + section so that logs are generated when a process triggers a suspicious
1492 + signal.
1493 ++ If the sysctl option is enabled, a sysctl option with name
1494 ++ "deter_bruteforce" is created.
1495 ++
1496 +
1497 +config GRKERNSEC_MODHARDEN
1498 + bool "Harden module auto-loading"
1499 @@ -60313,7 +60519,7 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
1500 +
1501 +config GRKERNSEC_KERN_LOCKOUT
1502 + bool "Active kernel exploit response"
1503 -+ depends on X86 || ARM || PPC || SPARC32 || SPARC64
1504 ++ depends on X86 || ARM || PPC || SPARC
1505 + help
1506 + If you say Y here, when a PaX alert is triggered due to suspicious
1507 + activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
1508 @@ -62865,8 +63071,8 @@ diff -urNp linux-2.6.39.2/include/linux/grdefs.h linux-2.6.39.2/include/linux/gr
1509 +#endif
1510 diff -urNp linux-2.6.39.2/include/linux/grinternal.h linux-2.6.39.2/include/linux/grinternal.h
1511 --- linux-2.6.39.2/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
1512 -+++ linux-2.6.39.2/include/linux/grinternal.h 2011-05-22 19:41:42.000000000 -0400
1513 -@@ -0,0 +1,219 @@
1514 ++++ linux-2.6.39.2/include/linux/grinternal.h 2011-06-29 19:41:29.000000000 -0400
1515 +@@ -0,0 +1,220 @@
1516 +#ifndef __GRINTERNAL_H
1517 +#define __GRINTERNAL_H
1518 +
1519 @@ -62947,6 +63153,7 @@ diff -urNp linux-2.6.39.2/include/linux/grinternal.h linux-2.6.39.2/include/linu
1520 +extern int grsec_resource_logging;
1521 +extern int grsec_enable_blackhole;
1522 +extern int grsec_lastack_retries;
1523 ++extern int grsec_enable_brute;
1524 +extern int grsec_lock;
1525 +
1526 +extern spinlock_t grsec_alert_lock;
1527 @@ -79546,7 +79753,7 @@ diff -urNp linux-2.6.39.2/security/integrity/ima/ima_queue.c linux-2.6.39.2/secu
1528 return 0;
1529 diff -urNp linux-2.6.39.2/security/Kconfig linux-2.6.39.2/security/Kconfig
1530 --- linux-2.6.39.2/security/Kconfig 2011-05-19 00:06:34.000000000 -0400
1531 -+++ linux-2.6.39.2/security/Kconfig 2011-06-03 01:13:26.000000000 -0400
1532 ++++ linux-2.6.39.2/security/Kconfig 2011-06-29 20:57:25.000000000 -0400
1533 @@ -4,6 +4,554 @@
1534
1535 menu "Security options"
1536 @@ -80068,7 +80275,7 @@ diff -urNp linux-2.6.39.2/security/Kconfig linux-2.6.39.2/security/Kconfig
1537 +
1538 +config PAX_USERCOPY
1539 + bool "Harden heap object copies between kernel and userland"
1540 -+ depends on X86 || PPC || SPARC
1541 ++ depends on X86 || PPC || SPARC || ARM
1542 + depends on GRKERNSEC && (SLAB || SLUB)
1543 + help
1544 + By saying Y here the kernel will enforce the size of heap objects
Report Message
Find on MARC Find on Google Groups