rpms/kernel/F-9 kernel.spec, 1.895, 1.896 linux-2.6-execshield.patch, 1.91, 1.92
Kyle McMartin
kyle at fedoraproject.org
Mon Jan 19 06:23:07 UTC 2009
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3530
Modified Files:
kernel.spec linux-2.6-execshield.patch
Log Message:
* Mon Jan 19 2009 Kyle McMartin <kyle at redhat.com>
- execshield fixes: should no longer generate spurious handled GPFs,
fixes randomization of executables. also some clean ups.
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.895
retrieving revision 1.896
diff -u -r1.895 -r1.896
--- kernel.spec 14 Jan 2009 16:03:04 -0000 1.895
+++ kernel.spec 19 Jan 2009 06:22:36 -0000 1.896
@@ -1779,6 +1779,10 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Mon Jan 19 2009 Kyle McMartin <kyle at redhat.com>
+- execshield fixes: should no longer generate spurious handled GPFs,
+ fixes randomization of executables. also some clean ups.
+
* Wed Jan 14 2009 Hans de Goede <hdegoede at redhat.com>
- Rebase gspca git patch and re-enable
- Add gscpa-stv06xx (qc-usb replacement) driver from its own git tree
linux-2.6-execshield.patch:
Index: linux-2.6-execshield.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/linux-2.6-execshield.patch,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- linux-2.6-execshield.patch 12 Jan 2009 19:54:17 -0000 1.91
+++ linux-2.6-execshield.patch 19 Jan 2009 06:22:37 -0000 1.92
@@ -1,5 +1,5 @@
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
-index e6b82b1..c314884 100644
+index e6b82b1..aea00b6 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -6,6 +6,7 @@
@@ -20,7 +20,7 @@
#define write_ldt_entry(dt, entry, desc) \
native_write_ldt_entry(dt, entry, desc)
-@@ -381,6 +385,24 @@ static inline void set_system_intr_gate_ist(int n, void *addr, unsigned ist)
+@@ -381,6 +385,27 @@ static inline void set_system_intr_gate_ist(int n, void *addr, unsigned ist)
_set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
}
@@ -37,8 +37,11 @@
+ get_cpu_gdt_table(cpu)[GDT_ENTRY_DEFAULT_USER_CS] = (mm)->context.user_cs;
+}
+
++#define arch_add_exec_range arch_add_exec_range
+extern void arch_add_exec_range(struct mm_struct *mm, unsigned long limit);
++#define arch_remove_exec_range arch_remove_exec_range
+extern void arch_remove_exec_range(struct mm_struct *mm, unsigned long limit);
++#define arch_flush_exec_range arch_flush_exec_range
+extern void arch_flush_exec_range(struct mm_struct *mm);
+#endif /* CONFIG_X86_32 */
+
@@ -151,21 +154,31 @@
.load_idt = native_load_idt,
.store_gdt = native_store_gdt,
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 0a1302f..ab96a10 100644
+index 0a1302f..7d5927e 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
-@@ -354,6 +354,10 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
+@@ -345,6 +345,8 @@ int copy_thread(int nr, unsigned long clone_flags, unsigned long sp,
+ void
+ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
+ {
++ int cpu;
++
+ __asm__("movl %0, %%gs" :: "r"(0));
+ regs->fs = 0;
+ set_fs(USER_DS);
+@@ -354,6 +356,11 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
regs->cs = __USER_CS;
regs->ip = new_ip;
regs->sp = new_sp;
-+ preempt_disable();
-+ load_user_cs_desc(smp_processor_id(), current->mm);
-+ preempt_enable();
++
++ cpu = get_cpu();
++ load_user_cs_desc(cpu, current->mm);
++ put_cpu();
+
/*
* Free the old FP and other extended state
*/
-@@ -558,7 +562,8 @@ struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct
+@@ -558,7 +565,8 @@ struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct
/* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
__unlazy_fpu(prev_p);
@@ -175,7 +188,7 @@
/* we're going to use this soon, after a few expensive things */
if (next_p->fpu_counter > 5)
-@@ -731,3 +736,39 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
+@@ -731,3 +739,39 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
unsigned long range_end = mm->brk + 0x02000000;
return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
}
@@ -185,9 +198,9 @@
+ mm->context.exec_limit = limit;
+ set_user_cs(&mm->context.user_cs, limit);
+ if (mm == current->mm) {
-+ preempt_disable();
-+ load_user_cs_desc(smp_processor_id(), mm);
-+ preempt_enable();
++ int cpu = get_cpu();
++ load_user_cs_desc(cpu, mm);
++ put_cpu();
+ }
+}
+
@@ -237,14 +250,25 @@
if (!cpu_isset(cpu, flush_cpumask))
goto out;
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 04d242a..bb52785 100644
+index 04d242a..e478f3b 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
-@@ -159,6 +159,63 @@ static int lazy_iobitmap_copy(void)
+@@ -159,6 +159,74 @@ static int lazy_iobitmap_copy(void)
return 0;
}
+
++static inline int
++__compare_user_cs_desc(const struct desc_struct * const desc1,
++ const struct desc_struct * const desc2)
++{
++ return ((desc1->limit0 != desc2->limit0) ||
++ (desc1->limit != desc2->limit) ||
++ (desc1->base0 != desc2->base0) ||
++ (desc1->base1 != desc2->base1) ||
++ (desc1->base2 != desc2->base2));
++}
++
+/*
+ * lazy-check for CS validity on exec-shield binaries:
+ *
@@ -281,8 +305,7 @@
+ desc1 = ¤t->mm->context.user_cs;
+ desc2 = get_cpu_gdt_table(cpu) + GDT_ENTRY_DEFAULT_USER_CS;
+
-+ if ((desc1->a & 0xff0000ff) != (desc2->a & 0xff0000ff) ||
-+ desc1->b != desc2->b) {
++ if (__compare_user_cs_desc(desc1, desc2)) {
+ /*
+ * The CS was not in sync - reload it and retry the
+ * instruction. If the instruction still faults then
@@ -290,9 +313,10 @@
+ */
+ if (print_fatal_signals >= 2) {
+ printk(KERN_ERR "#GPF fixup (%ld[seg:%lx]) at %08lx, CPU#%d.\n",
-+ error_code, error_code/8, regs->ip, smp_processor_id());
++ error_code, error_code/8, regs->ip, cpu);
+ printk(KERN_ERR "exec_limit: %08lx, user_cs: %08x/%08x, CPU_cs: %08x/%08x.\n",
-+ current->mm->context.exec_limit, desc1->a, desc1->b, desc2->a, desc2->b);
++ current->mm->context.exec_limit,
++ desc1->a, desc1->b, desc2->a, desc2->b);
+ }
+ load_user_cs_desc(cpu, current->mm);
+
@@ -304,7 +328,7 @@
#endif
static void __kprobes
-@@ -320,6 +377,29 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -320,6 +388,29 @@ do_general_protection(struct pt_regs *regs, long error_code)
if (!user_mode(regs))
goto gp_in_kernel;
@@ -322,7 +346,7 @@
+
+ if (print_fatal_signals) {
+ printk(KERN_ERR "#GPF(%ld[seg:%lx]) at %08lx, CPU#%d.\n",
-+ error_code, error_code/8, regs->ip, smp_processor_id());
++ error_code, error_code/8, regs->ip, cpu);
+ printk(KERN_ERR "exec_limit: %08lx, user_cs: %08x/%08x.\n",
+ current->mm->context.exec_limit,
+ current->mm->context.user_cs.a,
@@ -334,7 +358,7 @@
tsk->thread.error_code = error_code;
tsk->thread.trap_no = 13;
-@@ -931,19 +1011,37 @@ do_device_not_available(struct pt_regs *regs, long error)
+@@ -931,19 +1022,37 @@ do_device_not_available(struct pt_regs *regs, long error)
}
#ifdef CONFIG_X86_32
@@ -702,7 +726,7 @@
.procname = "core_uses_pid",
.data = &core_uses_pid,
diff --git a/mm/mmap.c b/mm/mmap.c
-index d4855a6..0850042 100644
+index d4855a6..ac07ab7 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -27,6 +27,7 @@
@@ -790,7 +814,7 @@
if (file && file->f_op && file->f_op->get_unmapped_area)
get_area = file->f_op->get_unmapped_area;
addr = get_area(file, addr, len, pgoff, flags);
-@@ -1460,8 +1484,74 @@ get_unmapped_area(struct file *file, unsigned long addr, unsigned long len,
+@@ -1460,8 +1484,76 @@ get_unmapped_area(struct file *file, unsigned long addr, unsigned long len,
return arch_rebalance_pgtables(addr, len);
}
@@ -798,7 +822,8 @@
+
+#define SHLIB_BASE 0x00110000
+
-+unsigned long arch_get_unmapped_exec_area(struct file *filp, unsigned long addr0,
++unsigned long
++arch_get_unmapped_exec_area(struct file *filp, unsigned long addr0,
+ unsigned long len0, unsigned long pgoff, unsigned long flags)
+{
+ unsigned long addr = addr0, len = len0;
@@ -812,9 +837,10 @@
+ if (flags & MAP_FIXED)
+ return addr;
+
-+ if (!addr) {
++ if (!addr)
+ addr = randomize_range(SHLIB_BASE, 0x01000000, len);
-+ } else {
++
++ if (addr) {
+ addr = PAGE_ALIGN(addr);
+ vma = find_vma(mm, addr);
+ if (TASK_SIZE - len >= addr &&
@@ -866,7 +892,7 @@
/* Look up the first VMA which satisfies addr < vm_end, NULL if none. */
struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr)
-@@ -1536,6 +1626,14 @@ out:
+@@ -1536,6 +1628,14 @@ out:
return prev ? prev->vm_next : vma;
}
@@ -881,7 +907,7 @@
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -1552,7 +1650,7 @@ static int acct_stack_growth(struct vm_area_struct * vma, unsigned long size, un
+@@ -1552,7 +1652,7 @@ static int acct_stack_growth(struct vm_area_struct * vma, unsigned long size, un
return -ENOMEM;
/* Stack limit test */
@@ -890,7 +916,7 @@
return -ENOMEM;
/* mlock limit tests */
-@@ -1862,10 +1960,14 @@ int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1862,10 +1962,14 @@ int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
@@ -907,7 +933,7 @@
vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
return 0;
-@@ -2109,6 +2211,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2109,6 +2213,7 @@ void exit_mmap(struct mm_struct *mm)
vm_unacct_memory(nr_accounted);
free_pgtables(tlb, vma, FIRST_USER_ADDRESS, 0);
tlb_finish_mmu(tlb, 0, end);
@@ -916,26 +942,25 @@
/*
* Walk the list again, actually closing and freeing it,
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index fded06f..cdfcbd2 100644
+index fded06f..a2cf942 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
-@@ -24,8 +24,15 @@
+@@ -24,9 +24,14 @@
#include <linux/mmu_notifier.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
+#include <asm/pgalloc.h>
#include <asm/cacheflush.h>
#include <asm/tlbflush.h>
-+#ifdef CONFIG_X86
-+#include <asm/desc.h>
-+#endif
+
+#ifndef arch_remove_exec_range
+#define arch_remove_exec_range(mm, limit) do { ; } while (0)
+#endif
-
++
#ifndef pgprot_modify
static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
-@@ -140,7 +147,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+ {
+@@ -140,7 +145,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
struct mm_struct *mm = vma->vm_mm;
unsigned long oldflags = vma->vm_flags;
long nrpages = (end - start) >> PAGE_SHIFT;
@@ -944,7 +969,7 @@
pgoff_t pgoff;
int error;
int dirty_accountable = 0;
-@@ -204,6 +211,9 @@ success:
+@@ -204,6 +209,9 @@ success:
dirty_accountable = 1;
}
More information about the fedora-extras-commits
mailing list