Update Grsec/PaX20110709

2.2.2-2.6.32.42-201107090923 2.2.2-2.6.39.3-201107090923
author: Anthony G. Basile <blueness@gentoo.org> 2011-07-12 17:25:09 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2011-07-12 17:25:09 -0400
commit: a912671d9622a0865bbdd57917de86388db3ffef (patch)
tree: 2c2af46d78e2fb42a322e5c6b4f5858b322dc275 /2.6.32
parent: Update Grsec/PaX (diff)
download: hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.tar.gz
hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.tar.bz2
hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.zip
2 files changed, 360 insertions, 85 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 73ac723..eb47dd6 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
+Patch:	4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch
index 568fb06..cb632f3 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch
@@ -381,6 +381,20 @@ diff -urNp linux-2.6.32.42/arch/arm/include/asm/uaccess.h linux-2.6.32.42/arch/a
  	if (access_ok(VERIFY_WRITE, to, n))
  		n = __copy_to_user(to, from, n);
  	return n;
+diff -urNp linux-2.6.32.42/arch/arm/kernel/armksyms.c linux-2.6.32.42/arch/arm/kernel/armksyms.c
+--- linux-2.6.32.42/arch/arm/kernel/armksyms.c	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/arm/kernel/armksyms.c	2011-07-06 19:51:50.000000000 -0400
+@@ -118,8 +118,8 @@ EXPORT_SYMBOL(__strncpy_from_user);
+ #ifdef CONFIG_MMU
+ EXPORT_SYMBOL(copy_page);
+ 
+-EXPORT_SYMBOL(__copy_from_user);
+-EXPORT_SYMBOL(__copy_to_user);
++EXPORT_SYMBOL(___copy_from_user);
++EXPORT_SYMBOL(___copy_to_user);
+ EXPORT_SYMBOL(__clear_user);
+ 
+ EXPORT_SYMBOL(__get_user_1);
 diff -urNp linux-2.6.32.42/arch/arm/kernel/kgdb.c linux-2.6.32.42/arch/arm/kernel/kgdb.c
 --- linux-2.6.32.42/arch/arm/kernel/kgdb.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/arch/arm/kernel/kgdb.c	2011-04-17 15:56:45.000000000 -0400
@@ -3803,13 +3817,13 @@ diff -urNp linux-2.6.32.42/arch/sparc/include/asm/atomic_64.h linux-2.6.32.42/ar
  #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
 diff -urNp linux-2.6.32.42/arch/sparc/include/asm/cache.h linux-2.6.32.42/arch/sparc/include/asm/cache.h
 --- linux-2.6.32.42/arch/sparc/include/asm/cache.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/sparc/include/asm/cache.h	2011-05-17 19:26:34.000000000 -0400
++++ linux-2.6.32.42/arch/sparc/include/asm/cache.h	2011-07-06 19:53:33.000000000 -0400
 @@ -8,7 +8,7 @@
  #define _SPARC_CACHE_H
  
  #define L1_CACHE_SHIFT 5
 -#define L1_CACHE_BYTES 32
-+#define L1_CACHE_BYTES 32U
++#define L1_CACHE_BYTES 32UL
  #define L1_CACHE_ALIGN(x) ((((x)+(L1_CACHE_BYTES-1))&~(L1_CACHE_BYTES-1)))
  
  #ifdef CONFIG_SPARC32
@@ -8093,13 +8107,13 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/cacheflush.h linux-2.6.32.42/arc
  		break;
 diff -urNp linux-2.6.32.42/arch/x86/include/asm/cache.h linux-2.6.32.42/arch/x86/include/asm/cache.h
 --- linux-2.6.32.42/arch/x86/include/asm/cache.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/include/asm/cache.h	2011-05-04 17:56:20.000000000 -0400
++++ linux-2.6.32.42/arch/x86/include/asm/cache.h	2011-07-06 19:53:33.000000000 -0400
 @@ -5,9 +5,10 @@
  
  /* L1 cache line size */
  #define L1_CACHE_SHIFT	(CONFIG_X86_L1_CACHE_SHIFT)
 -#define L1_CACHE_BYTES	(1 << L1_CACHE_SHIFT)
-+#define L1_CACHE_BYTES	(_AC(1,U) << L1_CACHE_SHIFT)
++#define L1_CACHE_BYTES	(_AC(1,UL) << L1_CACHE_SHIFT)
  
  #define __read_mostly __attribute__((__section__(".data.read_mostly")))
 +#define __read_only __attribute__((__section__(".data.read_only")))
@@ -10215,7 +10229,16 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/spinlock.h linux-2.6.32.42/arch/
  
 diff -urNp linux-2.6.32.42/arch/x86/include/asm/stackprotector.h linux-2.6.32.42/arch/x86/include/asm/stackprotector.h
 --- linux-2.6.32.42/arch/x86/include/asm/stackprotector.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/include/asm/stackprotector.h	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/include/asm/stackprotector.h	2011-07-06 19:53:33.000000000 -0400
+@@ -48,7 +48,7 @@
+  * head_32 for boot CPU and setup_per_cpu_areas() for others.
+  */
+ #define GDT_STACK_CANARY_INIT						\
+-	[GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x18),
++	[GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x17),
+ 
+ /*
+  * Initialize the stackprotector canary value.
 @@ -113,7 +113,7 @@ static inline void setup_stack_canary_se
  
  static inline void load_stack_canary_segment(void)
@@ -13992,7 +14015,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head32.c linux-2.6.32.42/arch/x86/ker
  	/* Reserve INITRD */
 diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/kernel/head_32.S
 --- linux-2.6.32.42/arch/x86/kernel/head_32.S	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/head_32.S	2011-07-01 19:09:03.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/head_32.S	2011-07-06 19:53:33.000000000 -0400
 @@ -19,10 +19,17 @@
  #include <asm/setup.h>
  #include <asm/processor-flags.h>
@@ -14506,7 +14529,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
 +
 +	.quad 0x00c0930000000000	/* 0xd0 - ESPFIX SS */
 +	.quad 0x0040930000000000	/* 0xd8 - PERCPU */
-+	.quad 0x0040910000000018	/* 0xe0 - STACK_CANARY */
++	.quad 0x0040910000000017	/* 0xe0 - STACK_CANARY */
 +	.quad 0x0000000000000000	/* 0xe8 - PCIBIOS_CS */
 +	.quad 0x0000000000000000	/* 0xf0 - PCIBIOS_DS */
 +	.quad 0x0000000000000000	/* 0xf8 - GDT entry 31: double-fault TSS */
@@ -14892,7 +14915,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/ioport.c linux-2.6.32.42/arch/x86/ker
  	}
 diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/kernel/irq_32.c
 --- linux-2.6.32.42/arch/x86/kernel/irq_32.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/irq_32.c	2011-04-23 13:26:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/irq_32.c	2011-07-06 19:53:33.000000000 -0400
 @@ -35,7 +35,7 @@ static int check_stack_overflow(void)
  	__asm__ __volatile__("andl %%esp,%0" :
  			     "=r" (sp) : "0" (THREAD_SIZE - 1));
@@ -14927,7 +14950,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker
  	irqctx = __get_cpu_var(hardirq_ctx);
  
  	/*
-@@ -90,21 +89,17 @@ execute_on_irq_stack(int overflow, struc
+@@ -90,21 +89,16 @@ execute_on_irq_stack(int overflow, struc
  	 * handler) we can't do that and just have to keep using the
  	 * current stack (which is the irq stack already after all)
  	 */
@@ -14941,7 +14964,6 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker
 -	irqctx->tinfo.previous_esp = current_stack_pointer;
 +	isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
 +	irqctx->previous_esp = current_stack_pointer;
-+	add_preempt_count(HARDIRQ_OFFSET);
  
 -	/*
 -	 * Copy the softirq bits in preempt_count so that the
@@ -14956,7 +14978,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker
  
  	if (unlikely(overflow))
  		call_on_stack(print_stack_overflow, isp);
-@@ -116,6 +111,12 @@ execute_on_irq_stack(int overflow, struc
+@@ -116,6 +110,11 @@ execute_on_irq_stack(int overflow, struc
  		     :  "0" (irq),   "1" (desc),  "2" (isp),
  			"D" (desc->handle_irq)
  		     : "memory", "cc", "ecx");
@@ -14965,11 +14987,10 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker
 +	__set_fs(current_thread_info()->addr_limit);
 +#endif
 +
-+	sub_preempt_count(HARDIRQ_OFFSET);
  	return 1;
  }
  
-@@ -124,28 +125,11 @@ execute_on_irq_stack(int overflow, struc
+@@ -124,28 +123,11 @@ execute_on_irq_stack(int overflow, struc
   */
  void __cpuinit irq_ctx_init(int cpu)
  {
@@ -15000,7 +15021,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker
  
  	printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
  	       cpu, per_cpu(hardirq_ctx, cpu),  per_cpu(softirq_ctx, cpu));
-@@ -159,7 +143,6 @@ void irq_ctx_exit(int cpu)
+@@ -159,7 +141,6 @@ void irq_ctx_exit(int cpu)
  asmlinkage void do_softirq(void)
  {
  	unsigned long flags;
@@ -15008,7 +15029,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker
  	union irq_ctx *irqctx;
  	u32 *isp;
  
-@@ -169,15 +152,22 @@ asmlinkage void do_softirq(void)
+@@ -169,15 +150,22 @@ asmlinkage void do_softirq(void)
  	local_irq_save(flags);
  
  	if (local_softirq_pending()) {
@@ -17109,7 +17130,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_64.S linux-2.6.32.42/arch/
  	.quad	0x00cf9b000000ffff	# __KERNEL32_CS
 diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kernel/traps.c
 --- linux-2.6.32.42/arch/x86/kernel/traps.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/traps.c	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/traps.c	2011-07-06 19:53:33.000000000 -0400
 @@ -69,12 +69,6 @@ asmlinkage int system_call(void);
  
  /* Do we ignore FPU interrupts ? */
@@ -17232,7 +17253,25 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
  	die("general protection fault", regs, error_code);
  }
  
-@@ -558,7 +587,7 @@ dotraplinkage void __kprobes do_debug(st
+@@ -435,6 +464,17 @@ static notrace __kprobes void default_do
+ dotraplinkage notrace __kprobes void
+ do_nmi(struct pt_regs *regs, long error_code)
+ {
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++	if (!user_mode(regs)) {
++		unsigned long cs = regs->cs & 0xFFFF;
++		unsigned long ip = ktva_ktla(regs->ip);
++
++		if ((cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) && ip <= (unsigned long)_etext)
++			regs->ip = ip;
++	}
++#endif
++
+ 	nmi_enter();
+ 
+ 	inc_irq_stat(__nmi_count);
+@@ -558,7 +598,7 @@ dotraplinkage void __kprobes do_debug(st
  	}
  
  #ifdef CONFIG_X86_32
@@ -17241,7 +17280,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
  		goto debug_vm86;
  #endif
  
-@@ -570,7 +599,7 @@ dotraplinkage void __kprobes do_debug(st
+@@ -570,7 +610,7 @@ dotraplinkage void __kprobes do_debug(st
  	 * kernel space (but re-enable TF when returning to user mode).
  	 */
  	if (condition & DR_STEP) {
@@ -17250,7 +17289,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
  			goto clear_TF_reenable;
  	}
  
-@@ -757,7 +786,7 @@ do_simd_coprocessor_error(struct pt_regs
+@@ -757,7 +797,7 @@ do_simd_coprocessor_error(struct pt_regs
  	 * Handle strange cache flush from user space exception
  	 * in all other cases.  This is undocumented behaviour.
  	 */
@@ -17259,7 +17298,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
  		handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code);
  		return;
  	}
-@@ -798,7 +827,7 @@ asmlinkage void __attribute__((weak)) sm
+@@ -798,7 +838,7 @@ asmlinkage void __attribute__((weak)) sm
  void __math_state_restore(void)
  {
  	struct thread_info *thread = current_thread_info();
@@ -17268,7 +17307,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
  
  	/*
  	 * Paranoid restore. send a SIGSEGV if we fail to restore the state.
-@@ -825,8 +854,7 @@ void __math_state_restore(void)
+@@ -825,8 +865,7 @@ void __math_state_restore(void)
   */
  asmlinkage void math_state_restore(void)
  {
@@ -21961,7 +22000,16 @@ diff -urNp linux-2.6.32.42/arch/x86/mm/mmap.c linux-2.6.32.42/arch/x86/mm/mmap.c
  	}
 diff -urNp linux-2.6.32.42/arch/x86/mm/mmio-mod.c linux-2.6.32.42/arch/x86/mm/mmio-mod.c
 --- linux-2.6.32.42/arch/x86/mm/mmio-mod.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/mm/mmio-mod.c	2011-05-04 17:56:28.000000000 -0400
++++ linux-2.6.32.42/arch/x86/mm/mmio-mod.c	2011-07-06 19:53:33.000000000 -0400
+@@ -193,7 +193,7 @@ static void pre(struct kmmio_probe *p, s
+ 		break;
+ 	default:
+ 		{
+-			unsigned char *ip = (unsigned char *)instptr;
++			unsigned char *ip = (unsigned char *)ktla_ktva(instptr);
+ 			my_trace->opcode = MMIO_UNKNOWN_OP;
+ 			my_trace->width = 0;
+ 			my_trace->value = (*ip) << 16 | *(ip + 1) << 8 |
 @@ -233,7 +233,7 @@ static void post(struct kmmio_probe *p, 
  static void ioremap_trace_core(resource_size_t offset, unsigned long size,
  							void __iomem *addr)
@@ -22132,6 +22180,54 @@ diff -urNp linux-2.6.32.42/arch/x86/mm/pat.c linux-2.6.32.42/arch/x86/mm/pat.c
  				cattr_name(want_flags),
  				(unsigned long long)paddr,
  				(unsigned long long)(paddr + size),
+diff -urNp linux-2.6.32.42/arch/x86/mm/pf_in.c linux-2.6.32.42/arch/x86/mm/pf_in.c
+--- linux-2.6.32.42/arch/x86/mm/pf_in.c	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/x86/mm/pf_in.c	2011-07-06 19:53:33.000000000 -0400
+@@ -148,7 +148,7 @@ enum reason_type get_ins_type(unsigned l
+ 	int i;
+ 	enum reason_type rv = OTHERS;
+ 
+-	p = (unsigned char *)ins_addr;
++	p = (unsigned char *)ktla_ktva(ins_addr);
+ 	p += skip_prefix(p, &prf);
+ 	p += get_opcode(p, &opcode);
+ 
+@@ -168,7 +168,7 @@ static unsigned int get_ins_reg_width(un
+ 	struct prefix_bits prf;
+ 	int i;
+ 
+-	p = (unsigned char *)ins_addr;
++	p = (unsigned char *)ktla_ktva(ins_addr);
+ 	p += skip_prefix(p, &prf);
+ 	p += get_opcode(p, &opcode);
+ 
+@@ -191,7 +191,7 @@ unsigned int get_ins_mem_width(unsigned 
+ 	struct prefix_bits prf;
+ 	int i;
+ 
+-	p = (unsigned char *)ins_addr;
++	p = (unsigned char *)ktla_ktva(ins_addr);
+ 	p += skip_prefix(p, &prf);
+ 	p += get_opcode(p, &opcode);
+ 
+@@ -417,7 +417,7 @@ unsigned long get_ins_reg_val(unsigned l
+ 	int i;
+ 	unsigned long rv;
+ 
+-	p = (unsigned char *)ins_addr;
++	p = (unsigned char *)ktla_ktva(ins_addr);
+ 	p += skip_prefix(p, &prf);
+ 	p += get_opcode(p, &opcode);
+ 	for (i = 0; i < ARRAY_SIZE(reg_rop); i++)
+@@ -472,7 +472,7 @@ unsigned long get_ins_imm_val(unsigned l
+ 	int i;
+ 	unsigned long rv;
+ 
+-	p = (unsigned char *)ins_addr;
++	p = (unsigned char *)ktla_ktva(ins_addr);
+ 	p += skip_prefix(p, &prf);
+ 	p += get_opcode(p, &opcode);
+ 	for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
 diff -urNp linux-2.6.32.42/arch/x86/mm/pgtable_32.c linux-2.6.32.42/arch/x86/mm/pgtable_32.c
 --- linux-2.6.32.42/arch/x86/mm/pgtable_32.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/arch/x86/mm/pgtable_32.c	2011-04-17 15:56:46.000000000 -0400
@@ -23619,6 +23715,27 @@ diff -urNp linux-2.6.32.42/block/scsi_ioctl.c linux-2.6.32.42/block/scsi_ioctl.c
  	if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
  		goto error;
  
+diff -urNp linux-2.6.32.42/crypto/gf128mul.c linux-2.6.32.42/crypto/gf128mul.c
+--- linux-2.6.32.42/crypto/gf128mul.c	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/crypto/gf128mul.c	2011-07-06 19:53:33.000000000 -0400
+@@ -182,7 +182,7 @@ void gf128mul_lle(be128 *r, const be128 
+ 	for (i = 0; i < 7; ++i)
+ 		gf128mul_x_lle(&p[i + 1], &p[i]);
+ 
+-	memset(r, 0, sizeof(r));
++	memset(r, 0, sizeof(*r));
+ 	for (i = 0;;) {
+ 		u8 ch = ((u8 *)b)[15 - i];
+ 
+@@ -220,7 +220,7 @@ void gf128mul_bbe(be128 *r, const be128 
+ 	for (i = 0; i < 7; ++i)
+ 		gf128mul_x_bbe(&p[i + 1], &p[i]);
+ 
+-	memset(r, 0, sizeof(r));
++	memset(r, 0, sizeof(*r));
+ 	for (i = 0;;) {
+ 		u8 ch = ((u8 *)b)[i];
+ 
 diff -urNp linux-2.6.32.42/crypto/serpent.c linux-2.6.32.42/crypto/serpent.c
 --- linux-2.6.32.42/crypto/serpent.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/crypto/serpent.c	2011-05-16 21:46:57.000000000 -0400
@@ -38227,7 +38344,7 @@ diff -urNp linux-2.6.32.42/fs/ecryptfs/inode.c linux-2.6.32.42/fs/ecryptfs/inode
  		goto out_free;
 diff -urNp linux-2.6.32.42/fs/exec.c linux-2.6.32.42/fs/exec.c
 --- linux-2.6.32.42/fs/exec.c	2011-06-25 12:55:34.000000000 -0400
-+++ linux-2.6.32.42/fs/exec.c	2011-06-25 12:56:37.000000000 -0400
++++ linux-2.6.32.42/fs/exec.c	2011-07-06 19:53:33.000000000 -0400
 @@ -56,12 +56,24 @@
  #include <linux/fsnotify.h>
  #include <linux/fs_struct.h>
@@ -38710,7 +38827,7 @@ diff -urNp linux-2.6.32.42/fs/exec.c linux-2.6.32.42/fs/exec.c
 +}
 +
 +
-+void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
++NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
 +{
 +	if (current->signal->curr_ip)
 +		printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
@@ -41067,8 +41184,57 @@ diff -urNp linux-2.6.32.42/fs/lockd/svc.c linux-2.6.32.42/fs/lockd/svc.c
  static DEFINE_MUTEX(nlmsvc_mutex);
 diff -urNp linux-2.6.32.42/fs/locks.c linux-2.6.32.42/fs/locks.c
 --- linux-2.6.32.42/fs/locks.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/fs/locks.c	2011-04-17 15:56:46.000000000 -0400
-@@ -2007,16 +2007,16 @@ void locks_remove_flock(struct file *fil
++++ linux-2.6.32.42/fs/locks.c	2011-07-06 19:47:11.000000000 -0400
+@@ -145,10 +145,28 @@ static LIST_HEAD(blocked_list);
+ 
+ static struct kmem_cache *filelock_cache __read_mostly;
+ 
++static void locks_init_lock_always(struct file_lock *fl)
++{
++	fl->fl_next = NULL;
++	fl->fl_fasync = NULL;
++	fl->fl_owner = NULL;
++	fl->fl_pid = 0;
++	fl->fl_nspid = NULL;
++	fl->fl_file = NULL;
++	fl->fl_flags = 0;
++	fl->fl_type = 0;
++	fl->fl_start = fl->fl_end = 0;
++}
++
+ /* Allocate an empty lock structure. */
+ static struct file_lock *locks_alloc_lock(void)
+ {
+-	return kmem_cache_alloc(filelock_cache, GFP_KERNEL);
++	struct file_lock *fl = kmem_cache_alloc(filelock_cache, GFP_KERNEL);
++
++	if (fl)
++		locks_init_lock_always(fl);
++
++	return fl;
+ }
+ 
+ void locks_release_private(struct file_lock *fl)
+@@ -183,17 +201,9 @@ void locks_init_lock(struct file_lock *f
+ 	INIT_LIST_HEAD(&fl->fl_link);
+ 	INIT_LIST_HEAD(&fl->fl_block);
+ 	init_waitqueue_head(&fl->fl_wait);
+-	fl->fl_next = NULL;
+-	fl->fl_fasync = NULL;
+-	fl->fl_owner = NULL;
+-	fl->fl_pid = 0;
+-	fl->fl_nspid = NULL;
+-	fl->fl_file = NULL;
+-	fl->fl_flags = 0;
+-	fl->fl_type = 0;
+-	fl->fl_start = fl->fl_end = 0;
+ 	fl->fl_ops = NULL;
+ 	fl->fl_lmops = NULL;
++	locks_init_lock_always(fl);
+ }
+ 
+ EXPORT_SYMBOL(locks_init_lock);
+@@ -2007,16 +2017,16 @@ void locks_remove_flock(struct file *fil
  		return;
  
  	if (filp->f_op && filp->f_op->flock) {
@@ -41666,7 +41832,16 @@ diff -urNp linux-2.6.32.42/fs/ncpfs/inode.c linux-2.6.32.42/fs/ncpfs/inode.c
  	if (!server)
 diff -urNp linux-2.6.32.42/fs/nfs/inode.c linux-2.6.32.42/fs/nfs/inode.c
 --- linux-2.6.32.42/fs/nfs/inode.c	2011-05-10 22:12:01.000000000 -0400
-+++ linux-2.6.32.42/fs/nfs/inode.c	2011-05-10 22:12:33.000000000 -0400
++++ linux-2.6.32.42/fs/nfs/inode.c	2011-07-06 19:53:33.000000000 -0400
+@@ -156,7 +156,7 @@ static void nfs_zap_caches_locked(struct
+ 	nfsi->attrtimeo = NFS_MINATTRTIMEO(inode);
+ 	nfsi->attrtimeo_timestamp = jiffies;
+ 
+-	memset(NFS_COOKIEVERF(inode), 0, sizeof(NFS_COOKIEVERF(inode)));
++	memset(NFS_COOKIEVERF(inode), 0, sizeof(NFS_I(inode)->cookieverf));
+ 	if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))
+ 		nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE;
+ 	else
 @@ -973,16 +973,16 @@ static int nfs_size_need_update(const st
  	return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
  }
@@ -52973,7 +53148,7 @@ diff -urNp linux-2.6.32.42/grsecurity/grsum.c linux-2.6.32.42/grsecurity/grsum.c
 +}
 diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 --- linux-2.6.32.42/grsecurity/Kconfig	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/grsecurity/Kconfig	2011-06-29 20:55:13.000000000 -0400
++++ linux-2.6.32.42/grsecurity/Kconfig	2011-07-06 19:57:57.000000000 -0400
 @@ -0,0 +1,1047 @@
 +#
 +# grecurity configuration
@@ -53053,7 +53228,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +	select PAX_ASLR
 +	select PAX_RANDMMAP
 +	select PAX_REFCOUNT if (X86 || SPARC64)
-+	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
++	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
 +
 +	help
 +	  If you say Y here, several features in addition to those included
@@ -53138,7 +53313,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +	select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
 +	select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
 +	select PAX_REFCOUNT if (X86 || SPARC64)
-+	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
++	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
 +	help
 +	  If you say Y here, many of the features of grsecurity will be
 +	  enabled, which will protect you against many kinds of attacks
@@ -54362,15 +54537,15 @@ diff -urNp linux-2.6.32.42/include/asm-generic/atomic-long.h linux-2.6.32.42/inc
  #endif  /*  _ASM_GENERIC_ATOMIC_LONG_H  */
 diff -urNp linux-2.6.32.42/include/asm-generic/cache.h linux-2.6.32.42/include/asm-generic/cache.h
 --- linux-2.6.32.42/include/asm-generic/cache.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/include/asm-generic/cache.h	2011-05-04 17:56:28.000000000 -0400
++++ linux-2.6.32.42/include/asm-generic/cache.h	2011-07-06 19:53:33.000000000 -0400
 @@ -6,7 +6,7 @@
   * cache lines need to provide their own cache.h.
   */
  
 -#define L1_CACHE_SHIFT		5
 -#define L1_CACHE_BYTES		(1 << L1_CACHE_SHIFT)
-+#define L1_CACHE_SHIFT		5U
-+#define L1_CACHE_BYTES		(1U << L1_CACHE_SHIFT)
++#define L1_CACHE_SHIFT		5UL
++#define L1_CACHE_BYTES		(1UL << L1_CACHE_SHIFT)
  
  #endif /* __ASM_GENERIC_CACHE_H */
 diff -urNp linux-2.6.32.42/include/asm-generic/dma-mapping-common.h linux-2.6.32.42/include/asm-generic/dma-mapping-common.h
@@ -57374,7 +57549,7 @@ diff -urNp linux-2.6.32.42/include/linux/reiserfs_fs_sb.h linux-2.6.32.42/includ
  					   on-disk FS format */
 diff -urNp linux-2.6.32.42/include/linux/sched.h linux-2.6.32.42/include/linux/sched.h
 --- linux-2.6.32.42/include/linux/sched.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/include/linux/sched.h	2011-06-04 20:42:54.000000000 -0400
++++ linux-2.6.32.42/include/linux/sched.h	2011-07-06 19:53:33.000000000 -0400
 @@ -101,6 +101,7 @@ struct bio;
  struct fs_struct;
  struct bts_context;
@@ -57565,10 +57740,10 @@ diff -urNp linux-2.6.32.42/include/linux/sched.h linux-2.6.32.42/include/linux/s
 +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
 +#endif
 +
-+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
-+void pax_report_insns(void *pc, void *sp);
-+void pax_report_refcount_overflow(struct pt_regs *regs);
-+void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type);
++extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
++extern void pax_report_insns(void *pc, void *sp);
++extern void pax_report_refcount_overflow(struct pt_regs *regs);
++extern NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) ATTRIB_NORET;
 +
 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
 +extern void pax_track_stack(void);
@@ -57658,7 +57833,7 @@ diff -urNp linux-2.6.32.42/include/linux/shm.h linux-2.6.32.42/include/linux/shm
  /* shm_mode upper byte flags */
 diff -urNp linux-2.6.32.42/include/linux/skbuff.h linux-2.6.32.42/include/linux/skbuff.h
 --- linux-2.6.32.42/include/linux/skbuff.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/include/linux/skbuff.h	2011-05-04 17:56:20.000000000 -0400
++++ linux-2.6.32.42/include/linux/skbuff.h	2011-07-06 19:53:33.000000000 -0400
 @@ -544,7 +544,7 @@ static inline union skb_shared_tx *skb_t
   */
  static inline int skb_queue_empty(const struct sk_buff_head *list)
@@ -57691,7 +57866,7 @@ diff -urNp linux-2.6.32.42/include/linux/skbuff.h linux-2.6.32.42/include/linux/
   */
  #ifndef NET_SKB_PAD
 -#define NET_SKB_PAD	32
-+#define NET_SKB_PAD	(_AC(32,U))
++#define NET_SKB_PAD	(_AC(32,UL))
  #endif
  
  extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
@@ -63600,7 +63775,7 @@ diff -urNp linux-2.6.32.42/localversion-grsec linux-2.6.32.42/localversion-grsec
 +-grsec
 diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile
 --- linux-2.6.32.42/Makefile	2011-06-25 12:55:34.000000000 -0400
-+++ linux-2.6.32.42/Makefile	2011-06-25 12:56:37.000000000 -0400
++++ linux-2.6.32.42/Makefile	2011-07-09 09:13:08.000000000 -0400
 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
  
  HOSTCC       = gcc
@@ -63626,6 +63801,17 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile
  KBUILD_AFLAGS   := -D__ASSEMBLY__
  
  # Read KERNELRELEASE from include/config/kernel.release (if it exists)
+@@ -376,8 +379,8 @@ export RCS_TAR_IGNORE := --exclude SCCS 
+ # Rules shared between *config targets and build targets
+ 
+ # Basic helpers built in scripts/
+-PHONY += scripts_basic
+-scripts_basic:
++PHONY += scripts_basic pax-plugin
++scripts_basic: pax-plugin
+ 	$(Q)$(MAKE) $(build)=scripts/basic
+ 
+ # To avoid any implicit rule to kick in, define an empty command.
 @@ -403,7 +406,7 @@ endif
  # of make so .config is not included in this case either (for *config).
  
@@ -63635,22 +63821,10 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile
  			 include/linux/version.h headers_% \
  			 kernelrelease kernelversion
  
-@@ -644,7 +647,7 @@ export mod_strip_cmd
+@@ -528,6 +531,18 @@ endif
  
+ include $(srctree)/arch/$(SRCARCH)/Makefile
  
- ifeq ($(KBUILD_EXTMOD),)
--core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
- 
- vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
- 		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -949,7 +952,19 @@ include/config/kernel.release: include/c
- # version.h and scripts_basic is processed / created.
- 
- # Listed in dependency order
--PHONY += prepare archprepare prepare0 prepare1 prepare2 prepare3
-+PHONY += prepare archprepare prepare0 prepare1 prepare2 prepare3 pax-plugin
-+
 +ifeq ($(CONFIG_PAX_MEMORY_STACKLEAK),y)
 +KBUILD_CFLAGS += $(call cc-ifversion, -ge, 0405, -fplugin=$(objtree)/tools/gcc/pax_plugin.so -fplugin-arg-pax_plugin-track-lowest-sp=100)
 +endif
@@ -63662,9 +63836,19 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile
 +	$(Q)echo "warning, your gcc does not support plugins, PAX_MEMORY_STACKLEAK will be less secure"
 +endif
 +endif
++
+ ifneq ($(CONFIG_FRAME_WARN),0)
+ KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
+ endif
+@@ -644,7 +659,7 @@ export mod_strip_cmd
+ 
+ 
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
  
- # prepare3 is used to check if we are building in a separate output directory,
- # and if so do:
+ vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ 		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
 @@ -970,7 +985,7 @@ ifneq ($(KBUILD_SRC),)
  endif
  
@@ -63691,6 +63875,15 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile
  	@echo  '  kernelrelease	  - Output the release version string'
  	@echo  '  kernelversion	  - Output the version stored in Makefile'
  	@echo  '  headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
+@@ -1421,7 +1437,7 @@ clean: $(clean-dirs)
+ 	$(call cmd,rmdirs)
+ 	$(call cmd,rmfiles)
+ 	@find $(KBUILD_EXTMOD) $(RCS_FIND_IGNORE) \
+-		\( -name '*.[oas]' -o -name '*.ko' -o -name '.*.cmd' \
++		\( -name '*.[oas]' -o -name '*.[ks]o' -o -name '.*.cmd' \
+ 		-o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
+ 		-o -name '*.gcno' \) -type f -print | xargs rm -f
+ 
 @@ -1445,7 +1461,7 @@ endif # KBUILD_EXTMOD
  quiet_cmd_tags = GEN     $@
        cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
@@ -63866,6 +64059,17 @@ diff -urNp linux-2.6.32.42/mm/hugetlb.c linux-2.6.32.42/mm/hugetlb.c
  	ptep = huge_pte_alloc(mm, address, huge_page_size(h));
  	if (!ptep)
  		return VM_FAULT_OOM;
+diff -urNp linux-2.6.32.42/mm/internal.h linux-2.6.32.42/mm/internal.h
+--- linux-2.6.32.42/mm/internal.h	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/mm/internal.h	2011-07-09 09:13:08.000000000 -0400
+@@ -49,6 +49,7 @@ extern void putback_lru_page(struct page
+  * in mm/page_alloc.c
+  */
+ extern void __free_pages_bootmem(struct page *page, unsigned int order);
++extern void free_compound_page(struct page *page);
+ extern void prep_compound_page(struct page *page, unsigned long order);
+ 
+ 
 diff -urNp linux-2.6.32.42/mm/Kconfig linux-2.6.32.42/mm/Kconfig
 --- linux-2.6.32.42/mm/Kconfig	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/mm/Kconfig	2011-04-17 15:56:46.000000000 -0400
@@ -66372,7 +66576,16 @@ diff -urNp linux-2.6.32.42/mm/nommu.c linux-2.6.32.42/mm/nommu.c
   */
 diff -urNp linux-2.6.32.42/mm/page_alloc.c linux-2.6.32.42/mm/page_alloc.c
 --- linux-2.6.32.42/mm/page_alloc.c	2011-06-25 12:55:35.000000000 -0400
-+++ linux-2.6.32.42/mm/page_alloc.c	2011-06-25 12:56:37.000000000 -0400
++++ linux-2.6.32.42/mm/page_alloc.c	2011-07-09 09:13:08.000000000 -0400
+@@ -289,7 +289,7 @@ out:
+  * This usage means that zero-order pages may not be compound.
+  */
+ 
+-static void free_compound_page(struct page *page)
++void free_compound_page(struct page *page)
+ {
+ 	__free_pages_ok(page, compound_order(page));
+ }
 @@ -587,6 +587,10 @@ static void __free_pages_ok(struct page 
  	int bad = 0;
  	int wasMlocked = __TestClearPageMlocked(page);
@@ -66687,7 +66900,7 @@ diff -urNp linux-2.6.32.42/mm/slab.c linux-2.6.32.42/mm/slab.c
   * @objp: Pointer to the object
 diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
 --- linux-2.6.32.42/mm/slob.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/mm/slob.c	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/mm/slob.c	2011-07-06 19:53:33.000000000 -0400
 @@ -29,7 +29,7 @@
   * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
   * alloc_pages() directly, allocating compound pages so the page order
@@ -66806,7 +67019,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
  		ret = (void *)m + align;
  
  		trace_kmalloc_node(_RET_IP_, ret,
-@@ -501,9 +506,9 @@ void *__kmalloc_node(size_t size, gfp_t 
+@@ -501,16 +506,25 @@ void *__kmalloc_node(size_t size, gfp_t 
  
  		ret = slob_new_pages(gfp | __GFP_COMP, get_order(size), node);
  		if (ret) {
@@ -66819,21 +67032,24 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
  		}
  
  		trace_kmalloc_node(_RET_IP_, ret,
-@@ -513,6 +518,13 @@ void *__kmalloc_node(size_t size, gfp_t 
- 	kmemleak_alloc(ret, size, 1, gfp);
- 	return ret;
- }
+ 				   size, PAGE_SIZE << order, gfp, node);
+ 	}
+ 
+-	kmemleak_alloc(ret, size, 1, gfp);
++	return ret;
++}
 +
 +void *__kmalloc_node(size_t size, gfp_t gfp, int node)
 +{
 +	int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
++	void *ret = __kmalloc_node_align(size, gfp, node, align);
 +
-+	return __kmalloc_node_align(size, gfp, node, align);
-+}
++	if (!ZERO_OR_NULL_PTR(ret))
++		kmemleak_alloc(ret, size, 1, gfp);
+ 	return ret;
+ }
  EXPORT_SYMBOL(__kmalloc_node);
- 
- void kfree(const void *block)
-@@ -528,13 +540,81 @@ void kfree(const void *block)
+@@ -528,13 +542,88 @@ void kfree(const void *block)
  	sp = slob_page(block);
  	if (is_slob_page(sp)) {
  		int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
@@ -66858,6 +67074,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
 +	struct slob_page *sp;
 +	const slob_t *free;
 +	const void *base;
++	unsigned long flags;
 +
 +	if (!n)
 +		return;
@@ -66883,6 +67100,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
 +	}
 +
 +	/* some tricky double walking to find the chunk */
++	spin_lock_irqsave(&slob_lock, flags);
 +	base = (void *)((unsigned long)ptr & PAGE_MASK);
 +	free = sp->free;
 +
@@ -66897,17 +67115,22 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
 +		int offset;
 +
 +		if (ptr < base + align)
-+			goto report;
++			break;
 +
 +		offset = ptr - base - align;
-+		if (offset < m) {
-+			if (n <= m - offset)
-+				return;
-+			goto report;
++		if (offset >= m) {
++			base += size;
++			continue;
 +		}
-+		base += size;
++
++		if (n > m - offset)
++			break;
++
++		spin_unlock_irqrestore(&slob_lock, flags);
++		return;
 +	}
 +
++	spin_unlock_irqrestore(&slob_lock, flags);
 +report:
 +	pax_report_usercopy(ptr, n, to, NULL);
 +#endif
@@ -66918,7 +67141,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
  /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
  size_t ksize(const void *block)
  {
-@@ -547,10 +627,10 @@ size_t ksize(const void *block)
+@@ -547,10 +636,10 @@ size_t ksize(const void *block)
  	sp = slob_page(block);
  	if (is_slob_page(sp)) {
  		int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
@@ -66932,7 +67155,21 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
  }
  EXPORT_SYMBOL(ksize);
  
-@@ -605,17 +685,25 @@ void *kmem_cache_alloc_node(struct kmem_
+@@ -566,8 +655,13 @@ struct kmem_cache *kmem_cache_create(con
+ {
+ 	struct kmem_cache *c;
+ 
++#ifdef CONFIG_PAX_USERCOPY
++	c = __kmalloc_node_align(sizeof(struct kmem_cache),
++		GFP_KERNEL, -1, ARCH_KMALLOC_MINALIGN);
++#else
+ 	c = slob_alloc(sizeof(struct kmem_cache),
+ 		GFP_KERNEL, ARCH_KMALLOC_MINALIGN, -1);
++#endif
+ 
+ 	if (c) {
+ 		c->name = name;
+@@ -605,17 +699,25 @@ void *kmem_cache_alloc_node(struct kmem_
  {
  	void *b;
  
@@ -66958,7 +67195,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
  
  	if (c->ctor)
  		c->ctor(b);
-@@ -627,10 +715,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+@@ -627,10 +729,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
  
  static void __kmem_cache_free(void *b, int size)
  {
@@ -66977,7 +67214,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
  }
  
  static void kmem_rcu_free(struct rcu_head *head)
-@@ -643,15 +737,24 @@ static void kmem_rcu_free(struct rcu_hea
+@@ -643,18 +751,32 @@ static void kmem_rcu_free(struct rcu_hea
  
  void kmem_cache_free(struct kmem_cache *c, void *b)
  {
@@ -67004,7 +67241,15 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c
 +		__kmem_cache_free(b, size);
  	}
  
++#ifdef CONFIG_PAX_USERCOPY
++	trace_kfree(_RET_IP_, b);
++#else
  	trace_kmem_cache_free(_RET_IP_, b);
++#endif
++
+ }
+ EXPORT_SYMBOL(kmem_cache_free);
+ 
 diff -urNp linux-2.6.32.42/mm/slub.c linux-2.6.32.42/mm/slub.c
 --- linux-2.6.32.42/mm/slub.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/mm/slub.c	2011-04-17 15:56:46.000000000 -0400
@@ -67218,6 +67463,26 @@ diff -urNp linux-2.6.32.42/mm/slub.c linux-2.6.32.42/mm/slub.c
  	return 0;
  }
  module_init(slab_proc_init);
+diff -urNp linux-2.6.32.42/mm/swap.c linux-2.6.32.42/mm/swap.c
+--- linux-2.6.32.42/mm/swap.c	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/mm/swap.c	2011-07-09 09:15:19.000000000 -0400
+@@ -30,6 +30,7 @@
+ #include <linux/notifier.h>
+ #include <linux/backing-dev.h>
+ #include <linux/memcontrol.h>
++#include <linux/hugetlb.h>
+ 
+ #include "internal.h"
+ 
+@@ -65,6 +66,8 @@ static void put_compound_page(struct pag
+ 		compound_page_dtor *dtor;
+ 
+ 		dtor = get_compound_page_dtor(page);
++		if (!PageHuge(page))
++			BUG_ON(dtor != free_compound_page);
+ 		(*dtor)(page);
+ 	}
+ }
 diff -urNp linux-2.6.32.42/mm/util.c linux-2.6.32.42/mm/util.c
 --- linux-2.6.32.42/mm/util.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/mm/util.c	2011-04-17 15:56:46.000000000 -0400
@@ -70887,7 +71152,7 @@ diff -urNp linux-2.6.32.42/scripts/mod/file2alias.c linux-2.6.32.42/scripts/mod/
  
 diff -urNp linux-2.6.32.42/scripts/mod/modpost.c linux-2.6.32.42/scripts/mod/modpost.c
 --- linux-2.6.32.42/scripts/mod/modpost.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/scripts/mod/modpost.c	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/scripts/mod/modpost.c	2011-07-06 19:53:33.000000000 -0400
 @@ -835,6 +835,7 @@ enum mismatch {
  	INIT_TO_EXIT,
  	EXIT_TO_INIT,
@@ -70937,6 +71202,15 @@ diff -urNp linux-2.6.32.42/scripts/mod/modpost.c linux-2.6.32.42/scripts/mod/mod
  	case NO_MISMATCH:
  		/* To get warnings on missing members */
  		break;
+@@ -1495,7 +1510,7 @@ static void section_rel(const char *modn
+ static void check_sec_ref(struct module *mod, const char *modname,
+                           struct elf_info *elf)
+ {
+-	int i;
++	unsigned int i;
+ 	Elf_Shdr *sechdrs = elf->sechdrs;
+ 
+ 	/* Walk through all sections */
 @@ -1651,7 +1666,7 @@ void __attribute__((format(printf, 2, 3)
  	va_end(ap);
  }
@@ -71149,7 +71423,7 @@ diff -urNp linux-2.6.32.42/security/integrity/ima/ima_queue.c linux-2.6.32.42/se
  	return 0;
 diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig
 --- linux-2.6.32.42/security/Kconfig	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/security/Kconfig	2011-06-29 20:55:36.000000000 -0400
++++ linux-2.6.32.42/security/Kconfig	2011-07-06 19:58:11.000000000 -0400
 @@ -4,6 +4,555 @@
  
  menu "Security options"
@@ -71672,7 +71946,7 @@ diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig
 +config PAX_USERCOPY
 +	bool "Harden heap object copies between kernel and userland"
 +	depends on X86 || PPC || SPARC || ARM
-+	depends on GRKERNSEC && (SLAB || SLUB)
++	depends on GRKERNSEC && (SLAB || SLUB || SLOB)
 +	help
 +	  By saying Y here the kernel will enforce the size of heap objects
 +	  when they are copied in either direction between the kernel and
@@ -72431,8 +72705,8 @@ diff -urNp linux-2.6.32.42/tools/gcc/Makefile linux-2.6.32.42/tools/gcc/Makefile
 +pax_plugin-objs := pax_plugin.o
 diff -urNp linux-2.6.32.42/tools/gcc/pax_plugin.c linux-2.6.32.42/tools/gcc/pax_plugin.c
 --- linux-2.6.32.42/tools/gcc/pax_plugin.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/tools/gcc/pax_plugin.c	2011-06-04 20:52:13.000000000 -0400
-@@ -0,0 +1,242 @@
++++ linux-2.6.32.42/tools/gcc/pax_plugin.c	2011-07-06 19:53:33.000000000 -0400
+@@ -0,0 +1,243 @@
 +/*
 + * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -72450,6 +72724,7 @@ diff -urNp linux-2.6.32.42/tools/gcc/pax_plugin.c linux-2.6.32.42/tools/gcc/pax_
 + * - initialize all local variables
 + *
 + * BUGS:
++ * - cloned functions are instrumented twice
 + */
 +#include "gcc-plugin.h"
 +#include "plugin-version.h"
author	Anthony G. Basile <blueness@gentoo.org>	2011-07-12 17:25:09 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2011-07-12 17:25:09 -0400
commit	a912671d9622a0865bbdd57917de86388db3ffef (patch)
tree	2c2af46d78e2fb42a322e5c6b4f5858b322dc275 /2.6.32
parent	Update Grsec/PaX (diff)
download	hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.tar.gz hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.tar.bz2 hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.zip