[gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/
Date:	Sun, 28 Jun 2015 13:56:59
Message-Id:	`1435499921.980b9085c5a073862dfe86244fa10f2d614df0f4.blueness@gentoo`

1

commit:     980b9085c5a073862dfe86244fa10f2d614df0f4

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Sun Jun 28 13:58:41 2015 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Sun Jun 28 13:58:41 2015 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=980b9085

7

8

Grsec/PaX: 3.1-4.0.6-201506272327

9

10

 4.0.6/0000_README                                  |  2 +-

11

 ...> 4420_grsecurity-3.1-4.0.6-201506272327.patch} | 52 +++++++++++++++++++++-

12

 2 files changed, 52 insertions(+), 2 deletions(-)

13

14

diff --git a/4.0.6/0000_README b/4.0.6/0000_README

15

index 00d5c29..67f188e 100644

16

--- a/4.0.6/0000_README

17

+++ b/4.0.6/0000_README

18

@@ -2,7 +2,7 @@ README

19

 -----------------------------------------------------------------------------

20

 Individual Patch Descriptions:

21

 -----------------------------------------------------------------------------

22

-Patch:	4420_grsecurity-3.1-4.0.6-201506262047.patch

23

+Patch:	4420_grsecurity-3.1-4.0.6-201506272327.patch

24

 From:	http://www.grsecurity.net

25

 Desc:	hardened-sources base patch from upstream grsecurity

26

27

28

diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch

29

similarity index 99%

30

rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch

31

rename to 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch

32

index 797b7c1..01515b8 100644

33

--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch

34

+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch

35

@@ -24259,7 +24259,7 @@ index f5d0730..5bce89c 100644

36

  unlock_done:

37

  	mutex_unlock(&espfix_init_mutex);

38

 diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c

39

-index 8b7b0a5..2395f29 100644

40

+index 8b7b0a5..02219db 100644

41

 --- a/arch/x86/kernel/ftrace.c

42

 +++ b/arch/x86/kernel/ftrace.c

43

 @@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)

44

@@ -24298,6 +24298,56 @@ index 8b7b0a5..2395f29 100644

45

  		return -EFAULT;

46

47

  	/* Make sure it is what we expect it to be */

48

+@@ -670,11 +672,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)

49

+ /* Module allocation simplifies allocating memory for code */

50

+ static inline void *alloc_tramp(unsigned long size)

51

+ {

52

+-	return module_alloc(size);

53

++	return module_alloc_exec(size);

54

+ }

55

+ static inline void tramp_free(void *tramp)

56

+ {

57

+-	module_memfree(tramp);

58

++	module_memfree_exec(tramp);

59

+ }

60

+ #else

61

+ /* Trampolines can only be created if modules are supported */

62

+@@ -753,7 +755,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)

63

+ 	*tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *);

64

+

65

+ 	/* Copy ftrace_caller onto the trampoline memory */

66

++	pax_open_kernel();

67

+ 	ret = probe_kernel_read(trampoline, (void *)start_offset, size);

68

++	pax_close_kernel();

69

+ 	if (WARN_ON(ret < 0)) {

70

+ 		tramp_free(trampoline);

71

+ 		return 0;

72

+@@ -763,6 +767,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)

73

+

74

+ 	/* The trampoline ends with a jmp to ftrace_return */

75

+ 	jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return);

76

++	pax_open_kernel();

77

+ 	memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);

78

+

79

+ 	/*

80

+@@ -775,6 +780,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)

81

+

82

+ 	ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);

83

+ 	*ptr = (unsigned long)ops;

84

++	pax_close_kernel();

85

+

86

+ 	op_offset -= start_offset;

87

+ 	memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);

88

+@@ -792,7 +798,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)

89

+ 	op_ptr.offset = offset;

90

+

91

+ 	/* put in the new offset to the ftrace_ops */

92

++	pax_open_kernel();

93

+ 	memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);

94

++	pax_close_kernel();

95

+

96

+ 	/* ALLOC_TRAMP flags lets us know we created it */

97

+ 	ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;

98

 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c

99

 index b111ab5..3d419ea 100644

100

 --- a/arch/x86/kernel/head64.c

1	commit: 980b9085c5a073862dfe86244fa10f2d614df0f4
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Sun Jun 28 13:58:41 2015 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Sun Jun 28 13:58:41 2015 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=980b9085
7
8	Grsec/PaX: 3.1-4.0.6-201506272327
9
10	4.0.6/0000_README \| 2 +-
11	...> 4420_grsecurity-3.1-4.0.6-201506272327.patch} \| 52 +++++++++++++++++++++-
12	2 files changed, 52 insertions(+), 2 deletions(-)
13
14	diff --git a/4.0.6/0000_README b/4.0.6/0000_README
15	index 00d5c29..67f188e 100644
16	--- a/4.0.6/0000_README
17	+++ b/4.0.6/0000_README
18	@@ -2,7 +2,7 @@ README
19	-----------------------------------------------------------------------------
20	Individual Patch Descriptions:
21	-----------------------------------------------------------------------------
22	-Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch
23	+Patch: 4420_grsecurity-3.1-4.0.6-201506272327.patch
24	From: http://www.grsecurity.net
25	Desc: hardened-sources base patch from upstream grsecurity
26
27
28	diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
29	similarity index 99%
30	rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
31	rename to 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
32	index 797b7c1..01515b8 100644
33	--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
34	+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
35	@@ -24259,7 +24259,7 @@ index f5d0730..5bce89c 100644
36	unlock_done:
37	mutex_unlock(&espfix_init_mutex);
38	diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
39	-index 8b7b0a5..2395f29 100644
40	+index 8b7b0a5..02219db 100644
41	--- a/arch/x86/kernel/ftrace.c
42	+++ b/arch/x86/kernel/ftrace.c
43	@@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)
44	@@ -24298,6 +24298,56 @@ index 8b7b0a5..2395f29 100644
45	return -EFAULT;
46
47	/* Make sure it is what we expect it to be */
48	+@@ -670,11 +672,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
49	+ /* Module allocation simplifies allocating memory for code */
50	+ static inline void *alloc_tramp(unsigned long size)
51	+ {
52	+- return module_alloc(size);
53	++ return module_alloc_exec(size);
54	+ }
55	+ static inline void tramp_free(void *tramp)
56	+ {
57	+- module_memfree(tramp);
58	++ module_memfree_exec(tramp);
59	+ }
60	+ #else
61	+ /* Trampolines can only be created if modules are supported */
62	+@@ -753,7 +755,9 @@ create_trampoline(struct ftrace_ops ops, unsigned int tramp_size)
63	+ tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void );
64	+
65	+ /* Copy ftrace_caller onto the trampoline memory */
66	++ pax_open_kernel();
67	+ ret = probe_kernel_read(trampoline, (void *)start_offset, size);
68	++ pax_close_kernel();
69	+ if (WARN_ON(ret < 0)) {
70	+ tramp_free(trampoline);
71	+ return 0;
72	+@@ -763,6 +767,7 @@ create_trampoline(struct ftrace_ops ops, unsigned int tramp_size)
73	+
74	+ /* The trampoline ends with a jmp to ftrace_return */
75	+ jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return);
76	++ pax_open_kernel();
77	+ memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);
78	+
79	+ /*
80	+@@ -775,6 +780,7 @@ create_trampoline(struct ftrace_ops ops, unsigned int tramp_size)
81	+
82	+ ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);
83	+ *ptr = (unsigned long)ops;
84	++ pax_close_kernel();
85	+
86	+ op_offset -= start_offset;
87	+ memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
88	+@@ -792,7 +798,9 @@ create_trampoline(struct ftrace_ops ops, unsigned int tramp_size)
89	+ op_ptr.offset = offset;
90	+
91	+ /* put in the new offset to the ftrace_ops */
92	++ pax_open_kernel();
93	+ memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);
94	++ pax_close_kernel();
95	+
96	+ /* ALLOC_TRAMP flags lets us know we created it */
97	+ ops->flags \|= FTRACE_OPS_FL_ALLOC_TRAMP;
98	diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
99	index b111ab5..3d419ea 100644
100	--- a/arch/x86/kernel/head64.c

Gentoo Archives: gentoo-commits