rpms/kernel/devel linux-2.6-execshield.patch,1.84,1.85

Mon Feb 18 17:03:25 UTC 2008

Author: davej

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7224

Modified Files:
	linux-2.6-execshield.patch 
Log Message:
add comment explaining magic.

linux-2.6-execshield.patch:

Index: linux-2.6-execshield.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-execshield.patch,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85

--- linux-2.6-execshield.patch	18 Feb 2008 16:54:29 -0000	1.84
+++ linux-2.6-execshield.patch	18 Feb 2008 17:03:16 -0000	1.85
@@ -2,15 +2,22 @@
 index f86a3c4..4c5f70d 100644
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
-@@ -478,6 +478,13 @@ void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -478,6 +478,20 @@ void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
  	 * we do "generic changes."
  	 */
  
++	/*
++	 *  emulation of NX with segment limits unfortunately means
++	 *  we have to disable the fast system calls, due to the way that
++	 *  sysexit clears the segment limits on return.
++	 *  If we have either disabled exec-shield on the boot command line,
++	 *  or we have NX, then we don't need to do this.
++	 */
 +	if (exec_shield != 0) {
 +#ifdef CONFIG_X86_PAE
 +		if (!test_bit(X86_FEATURE_NX, c->x86_capability))
 +#endif
-+		clear_bit(X86_FEATURE_SEP, c->x86_capability);
++			clear_bit(X86_FEATURE_SEP, c->x86_capability);
 +	}
 +
  	/* If the model name is still unset, do table lookup. */


