summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-04-13 14:17:04 -0400
committerAnthony G. Basile <blueness@gentoo.org>2013-04-13 14:18:08 -0400
commit97c62af2b1855053cd0768e739e4f93ba0960937 (patch)
tree1051e6a4784fe8ad3b0de0c186a6d0c5308e2b22 /2.6.32
parentGrsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.6}-201304111817 (diff)
downloadhardened-patchset-97c62af2b1855053cd0768e739e4f93ba0960937.tar.gz
hardened-patchset-97c62af2b1855053cd0768e739e4f93ba0960937.tar.bz2
hardened-patchset-97c62af2b1855053cd0768e739e4f93ba0960937.zip
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.7}-20130412202720130412
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304111811.patch)29
2 files changed, 19 insertions, 12 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index e34859b..6b3d14c 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304111811.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304111811.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch
index 1520bdd..5b9006d 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304111811.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch
@@ -29993,7 +29993,7 @@ index 21e1aeb..2c0b3c4 100644
-}
-__setup("vdso=", vdso_setup);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index d52f895..5a92cc3 100644
+index d52f895..3bcb11b 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -71,8 +71,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -30011,10 +30011,19 @@ index d52f895..5a92cc3 100644
unsigned int size = dtr->size + 1;
- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
- unsigned long frames[pages];
-+ unsigned long frames[65536 / PAGE_SIZE];
++ unsigned long frames[(GDT_SIZE + PAGE_SIZE - 1) / PAGE_SIZE];
int f;
/*
+@@ -345,7 +342,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
+ * 8-byte entries, or 16 4k pages..
+ */
+
+- BUG_ON(size > 65536);
++ BUG_ON(size > GDT_SIZE);
+ BUG_ON(va & ~PAGE_MASK);
+
+ for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
@@ -385,8 +382,7 @@ static __init void xen_load_gdt_boot(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
@@ -30104,22 +30113,20 @@ index d52f895..5a92cc3 100644
#endif
xen_setup_features();
-@@ -1130,14 +1137,7 @@ asmlinkage void __init xen_start_kernel(void)
- pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
- }
+@@ -1132,13 +1139,6 @@ asmlinkage void __init xen_start_kernel(void)
+
+ machine_ops = xen_machine_ops;
-- machine_ops = xen_machine_ops;
--
- /*
- * The only reliable way to retain the initial address of the
- * percpu gdt_page is to remember it here, so we can go and
- * mark it RW later, when the initial percpu area is freed.
- */
- xen_initial_gdt = &per_cpu(gdt_page, 0);
-+ memcpy((void *)&machine_ops, &xen_machine_ops, sizeof machine_ops);
-
+-
xen_smp_init();
+ pgd = (pgd_t *)xen_start_info->pt_base;
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 8f4452c..38873e5 100644
--- a/arch/x86/xen/mmu.c
@@ -119647,7 +119654,7 @@ index d52f7a0..b66cdd9 100755
rm -f tags
xtags ctags
diff --git a/security/Kconfig b/security/Kconfig
-index fb363cd..f289b7c 100644
+index fb363cd..55a557a 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -4,6 +4,896 @@
@@ -120402,7 +120409,7 @@ index fb363cd..f289b7c 100644
+
+config PAX_MEMORY_STACKLEAK
+ bool "Sanitize kernel stack"
-+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_XEN))
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
+ depends on X86
+ help
+ By saying Y here the kernel will erase the kernel stack before it