Update Grsec/PaX20110701

2.2.2-2.6.32.42-201107011911 2.2.2-2.6.39.2-201107011911
author: Anthony G. Basile <blueness@gentoo.org> 2011-07-04 22:24:44 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2011-07-04 22:24:44 -0400
commit: 694b56591453a2987d6633230abe447a7c7ecd61 (patch)
tree: f611ee025b9b2c0913d27f0982e38139e311d2b6
parent: Update Grsec/PaX and address bug #366019 (diff)
download: hardened-patchset-694b56591453a2987d6633230abe447a7c7ecd61.tar.gz
hardened-patchset-694b56591453a2987d6633230abe447a7c7ecd61.tar.bz2
hardened-patchset-694b56591453a2987d6633230abe447a7c7ecd61.zip
4 files changed, 832 insertions, 83 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 03320de..73ac723 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch
+Patch:	4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
index d0d2a83..568fb06 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201106281648.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch
@@ -325,8 +325,43 @@ diff -urNp linux-2.6.32.42/arch/arm/include/asm/kmap_types.h linux-2.6.32.42/arc
  
 diff -urNp linux-2.6.32.42/arch/arm/include/asm/uaccess.h linux-2.6.32.42/arch/arm/include/asm/uaccess.h
 --- linux-2.6.32.42/arch/arm/include/asm/uaccess.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/arm/include/asm/uaccess.h	2011-04-17 15:56:45.000000000 -0400
-@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
++++ linux-2.6.32.42/arch/arm/include/asm/uaccess.h	2011-06-29 21:02:24.000000000 -0400
+@@ -22,6 +22,8 @@
+ #define VERIFY_READ 0
+ #define VERIFY_WRITE 1
+ 
++extern void check_object_size(const void *ptr, unsigned long n, bool to);
++
+ /*
+  * The exception table consists of pairs of addresses: the first is the
+  * address of an instruction that is allowed to fault, and the second is
+@@ -387,8 +389,23 @@ do {									\
+ 
+ 
+ #ifdef CONFIG_MMU
+-extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
+-extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
++extern unsigned long __must_check ___copy_from_user(void *to, const void __user *from, unsigned long n);
++extern unsigned long __must_check ___copy_to_user(void __user *to, const void *from, unsigned long n);
++
++static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
++{
++	if (!__builtin_constant_p(n))
++		check_object_size(to, n, false);
++	return ___copy_from_user(to, from, n);
++}
++
++static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
++{
++	if (!__builtin_constant_p(n))
++		check_object_size(from, n, true);
++	return ___copy_to_user(to, from, n);
++}
++
+ extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
+ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
+ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
+@@ -403,6 +420,9 @@ extern unsigned long __must_check __strn
  
  static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -336,7 +371,7 @@ diff -urNp linux-2.6.32.42/arch/arm/include/asm/uaccess.h linux-2.6.32.42/arch/a
  	if (access_ok(VERIFY_READ, from, n))
  		n = __copy_from_user(to, from, n);
  	else /* security hole - plug it */
-@@ -412,6 +415,9 @@ static inline unsigned long __must_check
+@@ -412,6 +432,9 @@ static inline unsigned long __must_check
  
  static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
  {
@@ -379,6 +414,126 @@ diff -urNp linux-2.6.32.42/arch/arm/kernel/traps.c linux-2.6.32.42/arch/arm/kern
  	do_exit(SIGSEGV);
  }
  
+diff -urNp linux-2.6.32.42/arch/arm/lib/copy_from_user.S linux-2.6.32.42/arch/arm/lib/copy_from_user.S
+--- linux-2.6.32.42/arch/arm/lib/copy_from_user.S	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/arm/lib/copy_from_user.S	2011-06-29 20:48:38.000000000 -0400
+@@ -16,7 +16,7 @@
+ /*
+  * Prototype:
+  *
+- *	size_t __copy_from_user(void *to, const void *from, size_t n)
++ *	size_t ___copy_from_user(void *to, const void *from, size_t n)
+  *
+  * Purpose:
+  *
+@@ -84,11 +84,11 @@
+ 
+ 	.text
+ 
+-ENTRY(__copy_from_user)
++ENTRY(___copy_from_user)
+ 
+ #include "copy_template.S"
+ 
+-ENDPROC(__copy_from_user)
++ENDPROC(___copy_from_user)
+ 
+ 	.section .fixup,"ax"
+ 	.align 0
+diff -urNp linux-2.6.32.42/arch/arm/lib/copy_to_user.S linux-2.6.32.42/arch/arm/lib/copy_to_user.S
+--- linux-2.6.32.42/arch/arm/lib/copy_to_user.S	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/arm/lib/copy_to_user.S	2011-06-29 20:46:49.000000000 -0400
+@@ -16,7 +16,7 @@
+ /*
+  * Prototype:
+  *
+- *	size_t __copy_to_user(void *to, const void *from, size_t n)
++ *	size_t ___copy_to_user(void *to, const void *from, size_t n)
+  *
+  * Purpose:
+  *
+@@ -88,11 +88,11 @@
+ 	.text
+ 
+ ENTRY(__copy_to_user_std)
+-WEAK(__copy_to_user)
++WEAK(___copy_to_user)
+ 
+ #include "copy_template.S"
+ 
+-ENDPROC(__copy_to_user)
++ENDPROC(___copy_to_user)
+ 
+ 	.section .fixup,"ax"
+ 	.align 0
+diff -urNp linux-2.6.32.42/arch/arm/lib/uaccess.S linux-2.6.32.42/arch/arm/lib/uaccess.S
+--- linux-2.6.32.42/arch/arm/lib/uaccess.S	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/arm/lib/uaccess.S	2011-06-29 20:48:53.000000000 -0400
+@@ -19,7 +19,7 @@
+ 
+ #define PAGE_SHIFT 12
+ 
+-/* Prototype: int __copy_to_user(void *to, const char *from, size_t n)
++/* Prototype: int ___copy_to_user(void *to, const char *from, size_t n)
+  * Purpose  : copy a block to user memory from kernel memory
+  * Params   : to   - user memory
+  *          : from - kernel memory
+@@ -39,7 +39,7 @@ USER(		strgtbt	r3, [r0], #1)			@ May fau
+ 		sub	r2, r2, ip
+ 		b	.Lc2u_dest_aligned
+ 
+-ENTRY(__copy_to_user)
++ENTRY(___copy_to_user)
+ 		stmfd	sp!, {r2, r4 - r7, lr}
+ 		cmp	r2, #4
+ 		blt	.Lc2u_not_enough
+@@ -277,14 +277,14 @@ USER(		strgebt	r3, [r0], #1)			@ May fau
+ 		ldrgtb	r3, [r1], #0
+ USER(		strgtbt	r3, [r0], #1)			@ May fault
+ 		b	.Lc2u_finished
+-ENDPROC(__copy_to_user)
++ENDPROC(___copy_to_user)
+ 
+ 		.section .fixup,"ax"
+ 		.align	0
+ 9001:		ldmfd	sp!, {r0, r4 - r7, pc}
+ 		.previous
+ 
+-/* Prototype: unsigned long __copy_from_user(void *to,const void *from,unsigned long n);
++/* Prototype: unsigned long ___copy_from_user(void *to,const void *from,unsigned long n);
+  * Purpose  : copy a block from user memory to kernel memory
+  * Params   : to   - kernel memory
+  *          : from - user memory
+@@ -303,7 +303,7 @@ USER(		ldrgtbt	r3, [r1], #1)			@ May fau
+ 		sub	r2, r2, ip
+ 		b	.Lcfu_dest_aligned
+ 
+-ENTRY(__copy_from_user)
++ENTRY(___copy_from_user)
+ 		stmfd	sp!, {r0, r2, r4 - r7, lr}
+ 		cmp	r2, #4
+ 		blt	.Lcfu_not_enough
+@@ -543,7 +543,7 @@ USER(		ldrgebt	r3, [r1], #1)			@ May fau
+ USER(		ldrgtbt	r3, [r1], #1)			@ May fault
+ 		strgtb	r3, [r0], #1
+ 		b	.Lcfu_finished
+-ENDPROC(__copy_from_user)
++ENDPROC(___copy_from_user)
+ 
+ 		.section .fixup,"ax"
+ 		.align	0
+diff -urNp linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c
+--- linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/arm/lib/uaccess_with_memcpy.c	2011-06-29 20:44:35.000000000 -0400
+@@ -97,7 +97,7 @@ out:
+ }
+ 
+ unsigned long
+-__copy_to_user(void __user *to, const void *from, unsigned long n)
++___copy_to_user(void __user *to, const void *from, unsigned long n)
+ {
+ 	/*
+ 	 * This test is stubbed out of the main function above to keep
 diff -urNp linux-2.6.32.42/arch/arm/mach-at91/pm.c linux-2.6.32.42/arch/arm/mach-at91/pm.c
 --- linux-2.6.32.42/arch/arm/mach-at91/pm.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/arch/arm/mach-at91/pm.c	2011-04-17 15:56:45.000000000 -0400
@@ -6003,7 +6158,7 @@ diff -urNp linux-2.6.32.42/arch/x86/boot/compressed/head_32.S linux-2.6.32.42/ar
  2:
 diff -urNp linux-2.6.32.42/arch/x86/boot/compressed/head_64.S linux-2.6.32.42/arch/x86/boot/compressed/head_64.S
 --- linux-2.6.32.42/arch/x86/boot/compressed/head_64.S	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/boot/compressed/head_64.S	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/boot/compressed/head_64.S	2011-07-01 18:53:00.000000000 -0400
 @@ -91,7 +91,7 @@ ENTRY(startup_32)
  	notl	%eax
  	andl	%eax, %ebx
@@ -6013,6 +6168,15 @@ diff -urNp linux-2.6.32.42/arch/x86/boot/compressed/head_64.S linux-2.6.32.42/ar
  #endif
  
  	/* Target address to relocate to for decompression */
+@@ -183,7 +183,7 @@ no_longmode:
+ 	hlt
+ 	jmp     1b
+ 
+-#include "../../kernel/verify_cpu_64.S"
++#include "../../kernel/verify_cpu.S"
+ 
+ 	/*
+ 	 * Be careful here startup_64 needs to be at a predictable
 @@ -234,7 +234,7 @@ ENTRY(startup_64)
  	notq	%rax
  	andq	%rax, %rbp
@@ -9945,7 +10109,7 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/segment.h linux-2.6.32.42/arch/x
  #define __USER_CS     (GDT_ENTRY_DEFAULT_USER_CS* 8 + 3)
 diff -urNp linux-2.6.32.42/arch/x86/include/asm/smp.h linux-2.6.32.42/arch/x86/include/asm/smp.h
 --- linux-2.6.32.42/arch/x86/include/asm/smp.h	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/include/asm/smp.h	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/include/asm/smp.h	2011-07-01 19:00:40.000000000 -0400
 @@ -24,7 +24,7 @@ extern unsigned int num_processors;
  DECLARE_PER_CPU(cpumask_var_t, cpu_sibling_map);
  DECLARE_PER_CPU(cpumask_var_t, cpu_core_map);
@@ -9955,7 +10119,19 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/smp.h linux-2.6.32.42/arch/x86/i
  
  static inline struct cpumask *cpu_sibling_mask(int cpu)
  {
-@@ -175,14 +175,8 @@ extern unsigned disabled_cpus __cpuinitd
+@@ -40,10 +40,7 @@ DECLARE_EARLY_PER_CPU(u16, x86_cpu_to_ap
+ DECLARE_EARLY_PER_CPU(u16, x86_bios_cpu_apicid);
+ 
+ /* Static state in head.S used to set up a CPU */
+-extern struct {
+-	void *sp;
+-	unsigned short ss;
+-} stack_start;
++extern unsigned long stack_start; /* Initial stack pointer address */
+ 
+ struct smp_ops {
+ 	void (*smp_prepare_boot_cpu)(void);
+@@ -175,14 +172,8 @@ extern unsigned disabled_cpus __cpuinitd
  extern int safe_smp_processor_id(void);
  
  #elif defined(CONFIG_X86_64_SMP)
@@ -11199,8 +11375,18 @@ diff -urNp linux-2.6.32.42/arch/x86/Kconfig.debug linux-2.6.32.42/arch/x86/Kconf
  	  in order to catch accidental (and incorrect) writes to such const
 diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S
 --- linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S	2011-04-17 15:56:46.000000000 -0400
-@@ -104,7 +104,7 @@ _start:
++++ linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S	2011-07-01 18:53:40.000000000 -0400
+@@ -91,6 +91,9 @@ _start:
+ 	/* Do any other stuff... */
+ 
+ #ifndef CONFIG_64BIT
++	/* Recheck NX bit overrides (64bit path does this in trampoline) */
++	call	verify_cpu
++
+ 	/* This could also be done in C code... */
+ 	movl	pmode_cr3, %eax
+ 	movl	%eax, %cr3
+@@ -104,7 +107,7 @@ _start:
  	movl	%eax, %ecx
  	orl	%edx, %ecx
  	jz	1f
@@ -11209,9 +11395,17 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.4
  	wrmsr
  1:
  
+@@ -114,6 +117,7 @@ _start:
+ 	movl	pmode_cr0, %eax
+ 	movl	%eax, %cr0
+ 	jmp	pmode_return
++# include "../../verify_cpu.S"
+ #else
+ 	pushw	$0
+ 	pushw	trampoline_segment
 diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c
 --- linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c	2011-07-01 19:01:34.000000000 -0400
 @@ -11,11 +11,12 @@
  #include <linux/cpumask.h>
  #include <asm/segment.h>
@@ -11226,10 +11420,12 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/acpi/sleep.c linux-2.6.32.42/arch/x86
  unsigned long acpi_realmode_flags;
  
  /* address in low memory of the wakeup routine. */
-@@ -99,8 +100,12 @@ int acpi_save_state_mem(void)
+@@ -98,9 +99,13 @@ int acpi_save_state_mem(void)
+ #else /* CONFIG_64BIT */
  	header->trampoline_segment = setup_trampoline() >> 4;
  #ifdef CONFIG_SMP
- 	stack_start.sp = temp_stack + sizeof(temp_stack);
+-	stack_start.sp = temp_stack + sizeof(temp_stack);
++	stack_start = (unsigned long)temp_stack + sizeof(temp_stack);
 +
 +	pax_open_kernel();
  	early_gdt_descr.address =
@@ -13796,7 +13992,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head32.c linux-2.6.32.42/arch/x86/ker
  	/* Reserve INITRD */
 diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/kernel/head_32.S
 --- linux-2.6.32.42/arch/x86/kernel/head_32.S	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/head_32.S	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/head_32.S	2011-07-01 19:09:03.000000000 -0400
 @@ -19,10 +19,17 @@
  #include <asm/setup.h>
  #include <asm/processor-flags.h>
@@ -13841,7 +14037,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
   * 32-bit kernel entrypoint; only used by the boot CPU.  On entry,
   * %esi points to the real-mode code as a 32-bit pointer.
   * CS and DS must be 4 GB flat segments, but we don't depend on
-@@ -80,6 +89,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
+@@ -80,7 +89,16 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
   * can.
   */
  __HEAD
@@ -13853,12 +14049,19 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
 +#endif
 +
  ENTRY(startup_32)
++	movl pa(stack_start),%ecx
++
  	/* test KEEP_SEGMENTS flag to see if the bootloader is asking
  		us to not reload segments */
-@@ -97,6 +113,57 @@ ENTRY(startup_32)
+ 	testb $(1<<6), BP_loadflags(%esi)
+@@ -95,7 +113,60 @@ ENTRY(startup_32)
+ 	movl %eax,%es
+ 	movl %eax,%fs
  	movl %eax,%gs
++	movl %eax,%ss
  2:
- 
++	leal -__PAGE_OFFSET(%ecx),%esp
++
 +#ifdef CONFIG_SMP
 +	movl $pa(cpu_gdt_table),%edi
 +	movl $__per_cpu_load,%eax
@@ -13909,11 +14112,10 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
 +	addl $PAGE_SIZE_asm,%edi
 +	loop 1b
 +#endif
-+
+ 
  /*
   * Clear BSS first so that there are no surprises...
-  */
-@@ -140,9 +207,7 @@ ENTRY(startup_32)
+@@ -140,9 +211,7 @@ ENTRY(startup_32)
  	cmpl $num_subarch_entries, %eax
  	jae bad_subarch
  
@@ -13924,7 +14126,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  
  bad_subarch:
  WEAK(lguest_entry)
-@@ -154,10 +219,10 @@ WEAK(xen_entry)
+@@ -154,10 +223,10 @@ WEAK(xen_entry)
  	__INITDATA
  
  subarch_entries:
@@ -13939,7 +14141,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  num_subarch_entries = (. - subarch_entries) / 4
  .previous
  #endif /* CONFIG_PARAVIRT */
-@@ -218,8 +283,11 @@ default_entry:
+@@ -218,8 +287,11 @@ default_entry:
  	movl %eax, pa(max_pfn_mapped)
  
  	/* Do early initialization of the fixmap area */
@@ -13953,7 +14155,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  #else	/* Not PAE */
  
  page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -249,8 +317,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -249,8 +321,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
  	movl %eax, pa(max_pfn_mapped)
  
  	/* Do early initialization of the fixmap area */
@@ -13967,7 +14169,17 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  #endif
  	jmp 3f
  /*
-@@ -297,6 +368,7 @@ ENTRY(startup_32_smp)
+@@ -272,6 +347,9 @@ ENTRY(startup_32_smp)
+ 	movl %eax,%es
+ 	movl %eax,%fs
+ 	movl %eax,%gs
++	movl pa(stack_start),%ecx
++	movl %eax,%ss
++	leal -__PAGE_OFFSET(%ecx),%esp
+ #endif /* CONFIG_SMP */
+ 3:
+ 
+@@ -297,6 +375,7 @@ ENTRY(startup_32_smp)
  	orl %edx,%eax
  	movl %eax,%cr4
  
@@ -13975,7 +14187,18 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  	btl $5, %eax		# check if PAE is enabled
  	jnc 6f
  
-@@ -312,13 +384,17 @@ ENTRY(startup_32_smp)
+@@ -305,6 +384,10 @@ ENTRY(startup_32_smp)
+ 	cpuid
+ 	cmpl $0x80000000, %eax
+ 	jbe 6f
++
++	/* Clear bogus XD_DISABLE bits */
++	call verify_cpu
++
+ 	mov $0x80000001, %eax
+ 	cpuid
+ 	/* Execute Disable bit supported? */
+@@ -312,13 +395,17 @@ ENTRY(startup_32_smp)
  	jnc 6f
  
  	/* Setup EFER (Extended Feature Enable Register) */
@@ -13994,18 +14217,29 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  6:
  
  /*
-@@ -344,9 +420,7 @@ ENTRY(startup_32_smp)
+@@ -331,8 +418,8 @@ ENTRY(startup_32_smp)
+ 	movl %eax,%cr0		/* ..and set paging (PG) bit */
+ 	ljmp $__BOOT_CS,$1f	/* Clear prefetch and normalize %eip */
+ 1:
+-	/* Set up the stack pointer */
+-	lss stack_start,%esp
++	/* Shift the stack pointer to a virtual address */
++	addl $__PAGE_OFFSET, %esp
+ 
+ /*
+  * Initialize eflags.  Some BIOS's leave bits like NT set.  This would
+@@ -344,9 +431,7 @@ ENTRY(startup_32_smp)
  
  #ifdef CONFIG_SMP
  	cmpb $0, ready
 -	jz  1f				/* Initial CPU cleans BSS */
 -	jmp checkCPUtype
 -1:
-+	jnz checkCPUtype		/* Initial CPU cleans BSS */
++	jnz checkCPUtype
  #endif /* CONFIG_SMP */
  
  /*
-@@ -424,7 +498,7 @@ is386:	movl $2,%ecx		# set MP
+@@ -424,7 +509,7 @@ is386:	movl $2,%ecx		# set MP
  1:	movl $(__KERNEL_DS),%eax	# reload all the segment registers
  	movl %eax,%ss			# after changing gdt.
  
@@ -14014,7 +14248,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  	movl %eax,%ds
  	movl %eax,%es
  
-@@ -438,15 +512,22 @@ is386:	movl $2,%ecx		# set MP
+@@ -438,15 +523,22 @@ is386:	movl $2,%ecx		# set MP
  	 */
  	cmpb $0,ready
  	jne 1f
@@ -14039,18 +14273,22 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  	movl %eax,%gs
  
  	xorl %eax,%eax			# Clear LDT
-@@ -457,10 +538,6 @@ is386:	movl $2,%ecx		# set MP
- #ifdef CONFIG_SMP
- 	movb ready, %cl
+@@ -454,14 +546,7 @@ is386:	movl $2,%ecx		# set MP
+ 
+ 	cld			# gcc2 wants the direction flag cleared at all times
+ 	pushl $0		# fake return address for unwinder
+-#ifdef CONFIG_SMP
+-	movb ready, %cl
  	movb $1, ready
 -	cmpb $0,%cl		# the first CPU calls start_kernel
 -	je   1f
 -	movl (stack_start), %esp
 -1:
- #endif /* CONFIG_SMP */
+-#endif /* CONFIG_SMP */
  	jmp *(initial_code)
  
-@@ -546,22 +623,22 @@ early_page_fault:
+ /*
+@@ -546,22 +631,22 @@ early_page_fault:
  	jmp early_fault
  
  early_fault:
@@ -14078,7 +14316,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  hlt_loop:
  	hlt
  	jmp hlt_loop
-@@ -569,8 +646,11 @@ hlt_loop:
+@@ -569,8 +654,11 @@ hlt_loop:
  /* This is the default interrupt "handler" :-) */
  	ALIGN
  ignore_int:
@@ -14091,7 +14329,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  	pushl %eax
  	pushl %ecx
  	pushl %edx
-@@ -579,9 +659,6 @@ ignore_int:
+@@ -579,9 +667,6 @@ ignore_int:
  	movl $(__KERNEL_DS),%eax
  	movl %eax,%ds
  	movl %eax,%es
@@ -14101,7 +14339,16 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  	pushl 16(%esp)
  	pushl 24(%esp)
  	pushl 32(%esp)
-@@ -610,31 +687,47 @@ ENTRY(initial_page_table)
+@@ -600,6 +685,8 @@ ignore_int:
+ #endif
+ 	iret
+ 
++#include "verify_cpu.S"
++
+ 	__REFDATA
+ .align 4
+ ENTRY(initial_code)
+@@ -610,31 +697,47 @@ ENTRY(initial_page_table)
  /*
   * BSS section
   */
@@ -14154,7 +14401,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  ENTRY(swapper_pg_dir)
  	.long	pa(swapper_pg_pmd+PGD_IDENT_ATTR),0	/* low identity map */
  # if KPMDS == 3
-@@ -653,15 +746,24 @@ ENTRY(swapper_pg_dir)
+@@ -653,15 +756,24 @@ ENTRY(swapper_pg_dir)
  #  error "Kernel PMDs should be 1, 2 or 3"
  # endif
  	.align PAGE_SIZE_asm		/* needs to be page-sized too */
@@ -14169,10 +14416,11 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  #endif
  
  .data
++.balign 4
  ENTRY(stack_start)
 -	.long init_thread_union+THREAD_SIZE
+-	.long __BOOT_DS
 +	.long init_thread_union+THREAD_SIZE-8
- 	.long __BOOT_DS
  
  ready:	.byte 0
  
@@ -14180,7 +14428,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  early_recursion_flag:
  	.long 0
  
-@@ -697,7 +799,7 @@ fault_msg:
+@@ -697,7 +809,7 @@ fault_msg:
  	.word 0				# 32 bit align gdt_desc.address
  boot_gdt_descr:
  	.word __BOOT_DS+7
@@ -14189,7 +14437,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  
  	.word 0				# 32-bit align idt_desc.address
  idt_descr:
-@@ -708,7 +810,7 @@ idt_descr:
+@@ -708,7 +820,7 @@ idt_descr:
  	.word 0				# 32 bit align gdt_desc.address
  ENTRY(early_gdt_descr)
  	.word GDT_ENTRIES*8-1
@@ -14198,7 +14446,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke
  
  /*
   * The boot_gdt must mirror the equivalent in setup.S and is
-@@ -717,5 +819,65 @@ ENTRY(early_gdt_descr)
+@@ -717,5 +829,65 @@ ENTRY(early_gdt_descr)
  	.align L1_CACHE_BYTES
  ENTRY(boot_gdt)
  	.fill GDT_ENTRY_BOOT_CS,8,0
@@ -16160,7 +16408,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/signal.c linux-2.6.32.42/arch/x86/ker
  	if (current_thread_info()->status & TS_RESTORE_SIGMASK)
 diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/kernel/smpboot.c
 --- linux-2.6.32.42/arch/x86/kernel/smpboot.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/smpboot.c	2011-05-11 18:25:15.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/smpboot.c	2011-07-01 19:10:03.000000000 -0400
 @@ -94,14 +94,14 @@ static DEFINE_PER_CPU(struct task_struct
   */
  static DEFINE_MUTEX(x86_cpu_hotplug_driver_mutex);
@@ -16180,6 +16428,15 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/ke
  }
  
  ssize_t arch_cpu_probe(const char *buf, size_t count) { return -1; }
+@@ -625,7 +625,7 @@ wakeup_secondary_cpu_via_init(int phys_a
+ 	 * target processor state.
+ 	 */
+ 	startup_ipi_hook(phys_apicid, (unsigned long) start_secondary,
+-			 (unsigned long)stack_start.sp);
++			 stack_start);
+ 
+ 	/*
+ 	 * Run STARTUP IPI loop.
 @@ -743,6 +743,7 @@ static int __cpuinit do_boot_cpu(int api
  	set_idle_for_cpu(cpu, c_idle.idle);
  do_rest:
@@ -16188,7 +16445,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/ke
  #ifdef CONFIG_X86_32
  	/* Stack for startup_32 can be just as for start_secondary onwards */
  	irq_ctx_init(cpu);
-@@ -750,11 +751,13 @@ do_rest:
+@@ -750,13 +751,15 @@ do_rest:
  #else
  	clear_tsk_thread_flag(c_idle.idle, TIF_FORK);
  	initial_gs = per_cpu_offset(cpu);
@@ -16203,8 +16460,11 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/smpboot.c linux-2.6.32.42/arch/x86/ke
 +	pax_close_kernel();
 +
  	initial_code = (unsigned long)start_secondary;
- 	stack_start.sp = (void *) c_idle.idle->thread.sp;
+-	stack_start.sp = (void *) c_idle.idle->thread.sp;
++	stack_start = c_idle.idle->thread.sp;
  
+ 	/* start_ip had better be page-aligned! */
+ 	start_ip = setup_trampoline();
 @@ -891,6 +894,12 @@ int __cpuinit native_cpu_up(unsigned int
  
  	per_cpu(cpu_state, cpu) = CPU_UP_PREPARE;
@@ -16819,7 +17079,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_32.S linux-2.6.32.42/arch/
  	# hence we don't use the boot_gdt_descr defined in head.S
 diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_64.S linux-2.6.32.42/arch/x86/kernel/trampoline_64.S
 --- linux-2.6.32.42/arch/x86/kernel/trampoline_64.S	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/arch/x86/kernel/trampoline_64.S	2011-04-17 15:56:46.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/trampoline_64.S	2011-07-01 18:53:26.000000000 -0400
 @@ -91,7 +91,7 @@ startup_32:
  	movl	$__KERNEL_DS, %eax	# Initialize the %ds segment register
  	movl	%eax, %ds
@@ -16829,6 +17089,15 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_64.S linux-2.6.32.42/arch/
  	movl	%eax, %cr4		# Enable PAE mode
  
  					# Setup trampoline 4 level pagetables
+@@ -127,7 +127,7 @@ startup_64:
+ no_longmode:
+ 	hlt
+ 	jmp no_longmode
+-#include "verify_cpu_64.S"
++#include "verify_cpu.S"
+ 
+ 	# Careful these need to be in the same 64K segment as the above;
+ tidt:
 @@ -138,7 +138,7 @@ tidt:
  	# so the kernel can live anywhere
  	.balign 4
@@ -17009,6 +17278,259 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern
  
  	if (!tsk_used_math(tsk)) {
  		local_irq_enable();
+diff -urNp linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S
+--- linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S	2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.42/arch/x86/kernel/verify_cpu_64.S	1969-12-31 19:00:00.000000000 -0500
+@@ -1,105 +0,0 @@
+-/*
+- *
+- *	verify_cpu.S - Code for cpu long mode and SSE verification. This
+- *	code has been borrowed from boot/setup.S and was introduced by
+- * 	Andi Kleen.
+- *
+- *	Copyright (c) 2007  Andi Kleen (ak@suse.de)
+- *	Copyright (c) 2007  Eric Biederman (ebiederm@xmission.com)
+- *	Copyright (c) 2007  Vivek Goyal (vgoyal@in.ibm.com)
+- *
+- * 	This source code is licensed under the GNU General Public License,
+- * 	Version 2.  See the file COPYING for more details.
+- *
+- *	This is a common code for verification whether CPU supports
+- * 	long mode and SSE or not. It is not called directly instead this
+- *	file is included at various places and compiled in that context.
+- * 	Following are the current usage.
+- *
+- * 	This file is included by both 16bit and 32bit code.
+- *
+- *	arch/x86_64/boot/setup.S : Boot cpu verification (16bit)
+- *	arch/x86_64/boot/compressed/head.S: Boot cpu verification (32bit)
+- *	arch/x86_64/kernel/trampoline.S: secondary processor verfication (16bit)
+- *	arch/x86_64/kernel/acpi/wakeup.S:Verfication at resume (16bit)
+- *
+- *	verify_cpu, returns the status of cpu check in register %eax.
+- *		0: Success    1: Failure
+- *
+- * 	The caller needs to check for the error code and take the action
+- * 	appropriately. Either display a message or halt.
+- */
+-
+-#include <asm/cpufeature.h>
+-
+-verify_cpu:
+-	pushfl				# Save caller passed flags
+-	pushl	$0			# Kill any dangerous flags
+-	popfl
+-
+-	pushfl				# standard way to check for cpuid
+-	popl	%eax
+-	movl	%eax,%ebx
+-	xorl	$0x200000,%eax
+-	pushl	%eax
+-	popfl
+-	pushfl
+-	popl	%eax
+-	cmpl	%eax,%ebx
+-	jz	verify_cpu_no_longmode	# cpu has no cpuid
+-
+-	movl	$0x0,%eax		# See if cpuid 1 is implemented
+-	cpuid
+-	cmpl	$0x1,%eax
+-	jb	verify_cpu_no_longmode	# no cpuid 1
+-
+-	xor	%di,%di
+-	cmpl	$0x68747541,%ebx	# AuthenticAMD
+-	jnz	verify_cpu_noamd
+-	cmpl	$0x69746e65,%edx
+-	jnz	verify_cpu_noamd
+-	cmpl	$0x444d4163,%ecx
+-	jnz	verify_cpu_noamd
+-	mov	$1,%di			# cpu is from AMD
+-
+-verify_cpu_noamd:
+-	movl    $0x1,%eax		# Does the cpu have what it takes
+-	cpuid
+-	andl	$REQUIRED_MASK0,%edx
+-	xorl	$REQUIRED_MASK0,%edx
+-	jnz	verify_cpu_no_longmode
+-
+-	movl    $0x80000000,%eax	# See if extended cpuid is implemented
+-	cpuid
+-	cmpl    $0x80000001,%eax
+-	jb      verify_cpu_no_longmode	# no extended cpuid
+-
+-	movl    $0x80000001,%eax	# Does the cpu have what it takes
+-	cpuid
+-	andl    $REQUIRED_MASK1,%edx
+-	xorl    $REQUIRED_MASK1,%edx
+-	jnz     verify_cpu_no_longmode
+-
+-verify_cpu_sse_test:
+-	movl	$1,%eax
+-	cpuid
+-	andl	$SSE_MASK,%edx
+-	cmpl	$SSE_MASK,%edx
+-	je	verify_cpu_sse_ok
+-	test	%di,%di
+-	jz	verify_cpu_no_longmode	# only try to force SSE on AMD
+-	movl	$0xc0010015,%ecx	# HWCR
+-	rdmsr
+-	btr	$15,%eax		# enable SSE
+-	wrmsr
+-	xor	%di,%di			# don't loop
+-	jmp	verify_cpu_sse_test	# try again
+-
+-verify_cpu_no_longmode:
+-	popfl				# Restore caller passed flags
+-	movl $1,%eax
+-	ret
+-verify_cpu_sse_ok:
+-	popfl				# Restore caller passed flags
+-	xorl %eax, %eax
+-	ret
+diff -urNp linux-2.6.32.42/arch/x86/kernel/verify_cpu.S linux-2.6.32.42/arch/x86/kernel/verify_cpu.S
+--- linux-2.6.32.42/arch/x86/kernel/verify_cpu.S	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.32.42/arch/x86/kernel/verify_cpu.S	2011-07-01 18:28:42.000000000 -0400
+@@ -0,0 +1,140 @@
++/*
++ *
++ *	verify_cpu.S - Code for cpu long mode and SSE verification. This
++ *	code has been borrowed from boot/setup.S and was introduced by
++ * 	Andi Kleen.
++ *
++ *	Copyright (c) 2007  Andi Kleen (ak@suse.de)
++ *	Copyright (c) 2007  Eric Biederman (ebiederm@xmission.com)
++ *	Copyright (c) 2007  Vivek Goyal (vgoyal@in.ibm.com)
++ *	Copyright (c) 2010  Kees Cook (kees.cook@canonical.com)
++ *
++ * 	This source code is licensed under the GNU General Public License,
++ * 	Version 2.  See the file COPYING for more details.
++ *
++ *	This is a common code for verification whether CPU supports
++ * 	long mode and SSE or not. It is not called directly instead this
++ *	file is included at various places and compiled in that context.
++ *	This file is expected to run in 32bit code.  Currently:
++ *
++ *	arch/x86/boot/compressed/head_64.S: Boot cpu verification
++ *	arch/x86/kernel/trampoline_64.S: secondary processor verification
++ *	arch/x86/kernel/head_32.S: processor startup
++ *	arch/x86/kernel/acpi/realmode/wakeup.S: 32bit processor resume
++ *
++ *	verify_cpu, returns the status of longmode and SSE in register %eax.
++ *		0: Success    1: Failure
++ *
++ *	On Intel, the XD_DISABLE flag will be cleared as a side-effect.
++ *
++ * 	The caller needs to check for the error code and take the action
++ * 	appropriately. Either display a message or halt.
++ */
++
++#include <asm/cpufeature.h>
++#include <asm/msr-index.h>
++
++verify_cpu:
++	pushfl				# Save caller passed flags
++	pushl	$0			# Kill any dangerous flags
++	popfl
++
++	pushfl				# standard way to check for cpuid
++	popl	%eax
++	movl	%eax,%ebx
++	xorl	$0x200000,%eax
++	pushl	%eax
++	popfl
++	pushfl
++	popl	%eax
++	cmpl	%eax,%ebx
++	jz	verify_cpu_no_longmode	# cpu has no cpuid
++
++	movl	$0x0,%eax		# See if cpuid 1 is implemented
++	cpuid
++	cmpl	$0x1,%eax
++	jb	verify_cpu_no_longmode	# no cpuid 1
++
++	xor	%di,%di
++	cmpl	$0x68747541,%ebx	# AuthenticAMD
++	jnz	verify_cpu_noamd
++	cmpl	$0x69746e65,%edx
++	jnz	verify_cpu_noamd
++	cmpl	$0x444d4163,%ecx
++	jnz	verify_cpu_noamd
++	mov	$1,%di			# cpu is from AMD
++	jmp	verify_cpu_check
++
++verify_cpu_noamd:
++	cmpl	$0x756e6547,%ebx        # GenuineIntel?
++	jnz	verify_cpu_check
++	cmpl	$0x49656e69,%edx
++	jnz	verify_cpu_check
++	cmpl	$0x6c65746e,%ecx
++	jnz	verify_cpu_check
++
++	# only call IA32_MISC_ENABLE when:
++	# family > 6 || (family == 6 && model >= 0xd)
++	movl	$0x1, %eax		# check CPU family and model
++	cpuid
++	movl	%eax, %ecx
++
++	andl	$0x0ff00f00, %eax	# mask family and extended family
++	shrl	$8, %eax
++	cmpl	$6, %eax
++	ja	verify_cpu_clear_xd	# family > 6, ok
++	jb	verify_cpu_check	# family < 6, skip
++
++	andl	$0x000f00f0, %ecx	# mask model and extended model
++	shrl	$4, %ecx
++	cmpl	$0xd, %ecx
++	jb	verify_cpu_check	# family == 6, model < 0xd, skip
++
++verify_cpu_clear_xd:
++	movl	$MSR_IA32_MISC_ENABLE, %ecx
++	rdmsr
++	btrl	$2, %edx		# clear MSR_IA32_MISC_ENABLE_XD_DISABLE
++	jnc	verify_cpu_check	# only write MSR if bit was changed
++	wrmsr
++
++verify_cpu_check:
++	movl    $0x1,%eax		# Does the cpu have what it takes
++	cpuid
++	andl	$REQUIRED_MASK0,%edx
++	xorl	$REQUIRED_MASK0,%edx
++	jnz	verify_cpu_no_longmode
++
++	movl    $0x80000000,%eax	# See if extended cpuid is implemented
++	cpuid
++	cmpl    $0x80000001,%eax
++	jb      verify_cpu_no_longmode	# no extended cpuid
++
++	movl    $0x80000001,%eax	# Does the cpu have what it takes
++	cpuid
++	andl    $REQUIRED_MASK1,%edx
++	xorl    $REQUIRED_MASK1,%edx
++	jnz     verify_cpu_no_longmode
++
++verify_cpu_sse_test:
++	movl	$1,%eax
++	cpuid
++	andl	$SSE_MASK,%edx
++	cmpl	$SSE_MASK,%edx
++	je	verify_cpu_sse_ok
++	test	%di,%di
++	jz	verify_cpu_no_longmode	# only try to force SSE on AMD
++	movl	$MSR_K7_HWCR,%ecx
++	rdmsr
++	btr	$15,%eax		# enable SSE
++	wrmsr
++	xor	%di,%di			# don't loop
++	jmp	verify_cpu_sse_test	# try again
++
++verify_cpu_no_longmode:
++	popfl				# Restore caller passed flags
++	movl $1,%eax
++	ret
++verify_cpu_sse_ok:
++	popfl				# Restore caller passed flags
++	xorl %eax, %eax
++	ret
 diff -urNp linux-2.6.32.42/arch/x86/kernel/vm86_32.c linux-2.6.32.42/arch/x86/kernel/vm86_32.c
 --- linux-2.6.32.42/arch/x86/kernel/vm86_32.c	2011-03-27 14:31:47.000000000 -0400
 +++ linux-2.6.32.42/arch/x86/kernel/vm86_32.c	2011-04-17 15:56:46.000000000 -0400
@@ -50542,8 +51064,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_fork.c linux-2.6.32.42/grsecurity/gr
 +}
 diff -urNp linux-2.6.32.42/grsecurity/grsec_init.c linux-2.6.32.42/grsecurity/grsec_init.c
 --- linux-2.6.32.42/grsecurity/grsec_init.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/grsecurity/grsec_init.c	2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,270 @@
++++ linux-2.6.32.42/grsecurity/grsec_init.c	2011-06-29 19:35:26.000000000 -0400
+@@ -0,0 +1,274 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/mm.h>
@@ -50554,6 +51076,7 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_init.c linux-2.6.32.42/grsecurity/gr
 +#include <linux/percpu.h>
 +#include <linux/module.h>
 +
++int grsec_enable_brute;
 +int grsec_enable_link;
 +int grsec_enable_dmesg;
 +int grsec_enable_harden_ptrace;
@@ -50718,6 +51241,9 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_init.c linux-2.6.32.42/grsecurity/gr
 +#ifdef CONFIG_GRKERNSEC_LINK
 +	grsec_enable_link = 1;
 +#endif
++#ifdef CONFIG_GRKERNSEC_BRUTE
++	grsec_enable_brute = 1;
++#endif
 +#ifdef CONFIG_GRKERNSEC_DMESG
 +	grsec_enable_dmesg = 1;
 +#endif
@@ -51338,8 +51864,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_ptrace.c linux-2.6.32.42/grsecurity/
 +}
 diff -urNp linux-2.6.32.42/grsecurity/grsec_sig.c linux-2.6.32.42/grsecurity/grsec_sig.c
 --- linux-2.6.32.42/grsecurity/grsec_sig.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/grsecurity/grsec_sig.c	2011-05-17 17:30:04.000000000 -0400
-@@ -0,0 +1,202 @@
++++ linux-2.6.32.42/grsecurity/grsec_sig.c	2011-06-29 19:40:31.000000000 -0400
+@@ -0,0 +1,205 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/delay.h>
@@ -51431,6 +51957,9 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_sig.c linux-2.6.32.42/grsecurity/grs
 +#ifdef CONFIG_GRKERNSEC_BRUTE
 +	uid_t uid = 0;
 +
++	if (!grsec_enable_brute)
++		return;
++
 +	rcu_read_lock();
 +	read_lock(&tasklist_lock);
 +	read_lock(&grsec_exec_file_lock);
@@ -51823,8 +52352,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_sock.c linux-2.6.32.42/grsecurity/gr
 +}
 diff -urNp linux-2.6.32.42/grsecurity/grsec_sysctl.c linux-2.6.32.42/grsecurity/grsec_sysctl.c
 --- linux-2.6.32.42/grsecurity/grsec_sysctl.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/grsecurity/grsec_sysctl.c	2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,479 @@
++++ linux-2.6.32.42/grsecurity/grsec_sysctl.c	2011-06-29 19:37:19.000000000 -0400
+@@ -0,0 +1,489 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/sysctl.h>
@@ -51872,6 +52401,16 @@ diff -urNp linux-2.6.32.42/grsecurity/grsec_sysctl.c linux-2.6.32.42/grsecurity/
 +		.proc_handler	= &proc_dointvec,
 +	},
 +#endif
++#ifdef CONFIG_GRKERNSEC_BRUTE
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "deter_bruteforce",
++		.data		= &grsec_enable_brute,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
 +#ifdef CONFIG_GRKERNSEC_FIFO
 +	{
 +		.ctl_name	= CTL_UNNUMBERED,
@@ -52434,8 +52973,8 @@ diff -urNp linux-2.6.32.42/grsecurity/grsum.c linux-2.6.32.42/grsecurity/grsum.c
 +}
 diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 --- linux-2.6.32.42/grsecurity/Kconfig	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/grsecurity/Kconfig	2011-06-13 21:34:09.000000000 -0400
-@@ -0,0 +1,1045 @@
++++ linux-2.6.32.42/grsecurity/Kconfig	2011-06-29 20:55:13.000000000 -0400
+@@ -0,0 +1,1047 @@
 +#
 +# grecurity configuration
 +#
@@ -52514,7 +53053,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +	select PAX_ASLR
 +	select PAX_RANDMMAP
 +	select PAX_REFCOUNT if (X86 || SPARC64)
-+	select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC) && (SLAB || SLUB || SLOB))
++	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
 +
 +	help
 +	  If you say Y here, several features in addition to those included
@@ -52578,7 +53117,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
 +	select GRKERNSEC_VM86 if (X86_32)
-+	select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC32 || SPARC64)
++	select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
 +	select PAX
 +	select PAX_RANDUSTACK
 +	select PAX_ASLR
@@ -52593,13 +53132,13 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +	select PAX_RANDKSTACK if (X86_TSC && X86)
 +	select PAX_SEGMEXEC if (X86_32)
 +	select PAX_PAGEEXEC
-+	select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
++	select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
 +	select PAX_EMUTRAMP if (PARISC)
 +	select PAX_EMUSIGRT if (PARISC)
 +	select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
 +	select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
 +	select PAX_REFCOUNT if (X86 || SPARC64)
-+	select PAX_USERCOPY if ((X86 || PPC || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
++	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
 +	help
 +	  If you say Y here, many of the features of grsecurity will be
 +	  enabled, which will protect you against many kinds of attacks
@@ -52729,6 +53268,8 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +	  It is recommended that you also enable signal logging in the auditing
 +	  section so that logs are generated when a process triggers a suspicious
 +	  signal.
++	  If the sysctl option is enabled, a sysctl option with name
++	  "deter_bruteforce" is created.
 +
 +config GRKERNSEC_MODHARDEN
 +	bool "Harden module auto-loading"
@@ -52778,7 +53319,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig
 +
 +config GRKERNSEC_KERN_LOCKOUT
 +	bool "Active kernel exploit response"
-+	depends on X86 || ARM || PPC || SPARC32 || SPARC64
++	depends on X86 || ARM || PPC || SPARC
 +	help
 +	  If you say Y here, when a PaX alert is triggered due to suspicious
 +	  activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
@@ -55345,8 +55886,8 @@ diff -urNp linux-2.6.32.42/include/linux/grdefs.h linux-2.6.32.42/include/linux/
 +#endif
 diff -urNp linux-2.6.32.42/include/linux/grinternal.h linux-2.6.32.42/include/linux/grinternal.h
 --- linux-2.6.32.42/include/linux/grinternal.h	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.42/include/linux/grinternal.h	2011-04-17 15:56:46.000000000 -0400
-@@ -0,0 +1,218 @@
++++ linux-2.6.32.42/include/linux/grinternal.h	2011-06-29 19:41:14.000000000 -0400
+@@ -0,0 +1,219 @@
 +#ifndef __GRINTERNAL_H
 +#define __GRINTERNAL_H
 +
@@ -55427,6 +55968,7 @@ diff -urNp linux-2.6.32.42/include/linux/grinternal.h linux-2.6.32.42/include/li
 +extern int grsec_resource_logging;
 +extern int grsec_enable_blackhole;
 +extern int grsec_lastack_retries;
++extern int grsec_enable_brute;
 +extern int grsec_lock;
 +
 +extern spinlock_t grsec_alert_lock;
@@ -70607,7 +71149,7 @@ diff -urNp linux-2.6.32.42/security/integrity/ima/ima_queue.c linux-2.6.32.42/se
  	return 0;
 diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig
 --- linux-2.6.32.42/security/Kconfig	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.42/security/Kconfig	2011-06-04 20:45:36.000000000 -0400
++++ linux-2.6.32.42/security/Kconfig	2011-06-29 20:55:36.000000000 -0400
 @@ -4,6 +4,555 @@
  
  menu "Security options"
@@ -71129,7 +71671,7 @@ diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig
 +
 +config PAX_USERCOPY
 +	bool "Harden heap object copies between kernel and userland"
-+	depends on X86 || PPC || SPARC
++	depends on X86 || PPC || SPARC || ARM
 +	depends on GRKERNSEC && (SLAB || SLUB)
 +	help
 +	  By saying Y here the kernel will enforce the size of heap objects
diff --git a/2.6.39/0000_README b/2.6.39/0000_README
index b6b1a96..2c34d1e 100644
--- a/2.6.39/0000_README
+++ b/2.6.39/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch
+Patch:	4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
index 8495f8b..4a5d663 100644
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201106281648.patch
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.2-201107011911.patch
@@ -677,8 +677,43 @@ diff -urNp linux-2.6.39.2/arch/arm/include/asm/page.h linux-2.6.39.2/arch/arm/in
  #define __cpu_copy_user_highpage	cpu_user.cpu_copy_user_highpage
 diff -urNp linux-2.6.39.2/arch/arm/include/asm/uaccess.h linux-2.6.39.2/arch/arm/include/asm/uaccess.h
 --- linux-2.6.39.2/arch/arm/include/asm/uaccess.h	2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39.2/arch/arm/include/asm/uaccess.h	2011-05-22 19:36:30.000000000 -0400
-@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
++++ linux-2.6.39.2/arch/arm/include/asm/uaccess.h	2011-06-29 21:04:12.000000000 -0400
+@@ -22,6 +22,8 @@
+ #define VERIFY_READ 0
+ #define VERIFY_WRITE 1
+ 
++extern void check_object_size(const void *ptr, unsigned long n, bool to);
++
+ /*
+  * The exception table consists of pairs of addresses: the first is the
+  * address of an instruction that is allowed to fault, and the second is
+@@ -387,8 +389,23 @@ do {									\
+ 
+ 
+ #ifdef CONFIG_MMU
+-extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
+-extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
++extern unsigned long __must_check ___copy_from_user(void *to, const void __user *from, unsigned long n);
++extern unsigned long __must_check ___copy_to_user(void __user *to, const void *from, unsigned long n);
++
++static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
++{
++	if (!__builtin_constant_p(n))
++		check_object_size(to, n, false);
++	return ___copy_from_user(to, from, n);
++}
++
++static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
++{
++	if (!__builtin_constant_p(n))
++		check_object_size(from, n, true);
++	return ___copy_to_user(to, from, n);
++}
++
+ extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
+ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
+ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
+@@ -403,6 +420,9 @@ extern unsigned long __must_check __strn
  
  static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -688,7 +723,7 @@ diff -urNp linux-2.6.39.2/arch/arm/include/asm/uaccess.h linux-2.6.39.2/arch/arm
  	if (access_ok(VERIFY_READ, from, n))
  		n = __copy_from_user(to, from, n);
  	else /* security hole - plug it */
-@@ -412,6 +415,9 @@ static inline unsigned long __must_check
+@@ -412,6 +432,9 @@ static inline unsigned long __must_check
  
  static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
  {
@@ -756,6 +791,126 @@ diff -urNp linux-2.6.39.2/arch/arm/kernel/traps.c linux-2.6.39.2/arch/arm/kernel
  	if (ret != NOTIFY_STOP)
  		do_exit(SIGSEGV);
  }
+diff -urNp linux-2.6.39.2/arch/arm/lib/copy_from_user.S linux-2.6.39.2/arch/arm/lib/copy_from_user.S
+--- linux-2.6.39.2/arch/arm/lib/copy_from_user.S	2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.2/arch/arm/lib/copy_from_user.S	2011-06-29 20:58:18.000000000 -0400
+@@ -16,7 +16,7 @@
+ /*
+  * Prototype:
+  *
+- *	size_t __copy_from_user(void *to, const void *from, size_t n)
++ *	size_t ___copy_from_user(void *to, const void *from, size_t n)
+  *
+  * Purpose:
+  *
+@@ -84,11 +84,11 @@
+ 
+ 	.text
+ 
+-ENTRY(__copy_from_user)
++ENTRY(___copy_from_user)
+ 
+ #include "copy_template.S"
+ 
+-ENDPROC(__copy_from_user)
++ENDPROC(___copy_from_user)
+ 
+ 	.pushsection .fixup,"ax"
+ 	.align 0
+diff -urNp linux-2.6.39.2/arch/arm/lib/copy_to_user.S linux-2.6.39.2/arch/arm/lib/copy_to_user.S
+--- linux-2.6.39.2/arch/arm/lib/copy_to_user.S	2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.2/arch/arm/lib/copy_to_user.S	2011-06-29 20:59:20.000000000 -0400
+@@ -16,7 +16,7 @@
+ /*
+  * Prototype:
+  *
+- *	size_t __copy_to_user(void *to, const void *from, size_t n)
++ *	size_t ___copy_to_user(void *to, const void *from, size_t n)
+  *
+  * Purpose:
+  *
+@@ -88,11 +88,11 @@
+ 	.text
+ 
+ ENTRY(__copy_to_user_std)
+-WEAK(__copy_to_user)
++WEAK(___copy_to_user)
+ 
+ #include "copy_template.S"
+ 
+-ENDPROC(__copy_to_user)
++ENDPROC(___copy_to_user)
+ ENDPROC(__copy_to_user_std)
+ 
+ 	.pushsection .fixup,"ax"
+diff -urNp linux-2.6.39.2/arch/arm/lib/uaccess.S linux-2.6.39.2/arch/arm/lib/uaccess.S
+--- linux-2.6.39.2/arch/arm/lib/uaccess.S	2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.2/arch/arm/lib/uaccess.S	2011-06-29 20:59:01.000000000 -0400
+@@ -20,7 +20,7 @@
+ 
+ #define PAGE_SHIFT 12
+ 
+-/* Prototype: int __copy_to_user(void *to, const char *from, size_t n)
++/* Prototype: int ___copy_to_user(void *to, const char *from, size_t n)
+  * Purpose  : copy a block to user memory from kernel memory
+  * Params   : to   - user memory
+  *          : from - kernel memory
+@@ -40,7 +40,7 @@ USER(		T(strgtb) r3, [r0], #1)			@ May f
+ 		sub	r2, r2, ip
+ 		b	.Lc2u_dest_aligned
+ 
+-ENTRY(__copy_to_user)
++ENTRY(___copy_to_user)
+ 		stmfd	sp!, {r2, r4 - r7, lr}
+ 		cmp	r2, #4
+ 		blt	.Lc2u_not_enough
+@@ -278,14 +278,14 @@ USER(		T(strgeb) r3, [r0], #1)			@ May f
+ 		ldrgtb	r3, [r1], #0
+ USER(		T(strgtb) r3, [r0], #1)			@ May fault
+ 		b	.Lc2u_finished
+-ENDPROC(__copy_to_user)
++ENDPROC(___copy_to_user)
+ 
+ 		.pushsection .fixup,"ax"
+ 		.align	0
+ 9001:		ldmfd	sp!, {r0, r4 - r7, pc}
+ 		.popsection
+ 
+-/* Prototype: unsigned long __copy_from_user(void *to,const void *from,unsigned long n);
++/* Prototype: unsigned long ___copy_from_user(void *to,const void *from,unsigned long n);
+  * Purpose  : copy a block from user memory to kernel memory
+  * Params   : to   - kernel memory
+  *          : from - user memory
+@@ -304,7 +304,7 @@ USER(		T(ldrgtb) r3, [r1], #1)			@ May f
+ 		sub	r2, r2, ip
+ 		b	.Lcfu_dest_aligned
+ 
+-ENTRY(__copy_from_user)
++ENTRY(___copy_from_user)
+ 		stmfd	sp!, {r0, r2, r4 - r7, lr}
+ 		cmp	r2, #4
+ 		blt	.Lcfu_not_enough
+@@ -544,7 +544,7 @@ USER(		T(ldrgeb) r3, [r1], #1)			@ May f
+ USER(		T(ldrgtb) r3, [r1], #1)			@ May fault
+ 		strgtb	r3, [r0], #1
+ 		b	.Lcfu_finished
+-ENDPROC(__copy_from_user)
++ENDPROC(___copy_from_user)
+ 
+ 		.pushsection .fixup,"ax"
+ 		.align	0
+diff -urNp linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c
+--- linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c	2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.2/arch/arm/lib/uaccess_with_memcpy.c	2011-06-29 20:59:55.000000000 -0400
+@@ -103,7 +103,7 @@ out:
+ }
+ 
+ unsigned long
+-__copy_to_user(void __user *to, const void *from, unsigned long n)
++___copy_to_user(void __user *to, const void *from, unsigned long n)
+ {
+ 	/*
+ 	 * This test is stubbed out of the main function above to keep
 diff -urNp linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c
 --- linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c	2011-05-19 00:06:34.000000000 -0400
 +++ linux-2.6.39.2/arch/arm/mach-cns3xxx/pcie.c	2011-05-22 19:36:30.000000000 -0400
@@ -12633,6 +12788,27 @@ diff -urNp linux-2.6.39.2/arch/x86/Kconfig.debug linux-2.6.39.2/arch/x86/Kconfig
  	---help---
  	  This option helps catch unintended modifications to loadable
  	  kernel module's text and read-only data. It also prevents execution
+diff -urNp linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S
+--- linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S	2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.2/arch/x86/kernel/acpi/realmode/wakeup.S	2011-07-01 18:27:29.000000000 -0400
+@@ -94,6 +94,9 @@ wakeup_code:
+ 	/* Do any other stuff... */
+ 
+ #ifndef CONFIG_64BIT
++	/* Recheck NX bit overrides (64bit path does this in trampoline */
++	call	verify_cpu
++
+ 	/* This could also be done in C code... */
+ 	movl	pmode_cr3, %eax
+ 	movl	%eax, %cr3
+@@ -117,6 +120,7 @@ wakeup_code:
+ 	movl	pmode_cr0, %eax
+ 	movl	%eax, %cr0
+ 	jmp	pmode_return
++# include "../../verify_cpu.S"
+ #else
+ 	pushw	$0
+ 	pushw	trampoline_segment
 diff -urNp linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c
 --- linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c	2011-05-19 00:06:34.000000000 -0400
 +++ linux-2.6.39.2/arch/x86/kernel/acpi/sleep.c	2011-05-22 19:36:30.000000000 -0400
@@ -18050,6 +18226,17 @@ diff -urNp linux-2.6.39.2/arch/x86/kernel/traps.c linux-2.6.39.2/arch/x86/kernel
  
  	if (!tsk_used_math(tsk)) {
  		local_irq_enable();
+diff -urNp linux-2.6.39.2/arch/x86/kernel/verify_cpu.S linux-2.6.39.2/arch/x86/kernel/verify_cpu.S
+--- linux-2.6.39.2/arch/x86/kernel/verify_cpu.S	2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.2/arch/x86/kernel/verify_cpu.S	2011-07-01 18:28:04.000000000 -0400
+@@ -20,6 +20,7 @@
+  *	arch/x86/boot/compressed/head_64.S: Boot cpu verification
+  *	arch/x86/kernel/trampoline_64.S: secondary processor verification
+  *	arch/x86/kernel/head_32.S: processor startup
++ *	arch/x86/kernel/acpi/realmode/wakeup.S: 32bit processor resume
+  *
+  *	verify_cpu, returns the status of longmode and SSE in register %eax.
+  *		0: Success    1: Failure
 diff -urNp linux-2.6.39.2/arch/x86/kernel/vm86_32.c linux-2.6.39.2/arch/x86/kernel/vm86_32.c
 --- linux-2.6.39.2/arch/x86/kernel/vm86_32.c	2011-05-19 00:06:34.000000000 -0400
 +++ linux-2.6.39.2/arch/x86/kernel/vm86_32.c	2011-05-22 19:41:32.000000000 -0400
@@ -58154,8 +58341,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_fork.c linux-2.6.39.2/grsecurity/grse
 +}
 diff -urNp linux-2.6.39.2/grsecurity/grsec_init.c linux-2.6.39.2/grsecurity/grsec_init.c
 --- linux-2.6.39.2/grsecurity/grsec_init.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.2/grsecurity/grsec_init.c	2011-05-22 22:47:15.000000000 -0400
-@@ -0,0 +1,269 @@
++++ linux-2.6.39.2/grsecurity/grsec_init.c	2011-06-29 19:35:59.000000000 -0400
+@@ -0,0 +1,273 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/mm.h>
@@ -58165,6 +58352,7 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_init.c linux-2.6.39.2/grsecurity/grse
 +#include <linux/percpu.h>
 +#include <linux/module.h>
 +
++int grsec_enable_brute;
 +int grsec_enable_link;
 +int grsec_enable_dmesg;
 +int grsec_enable_harden_ptrace;
@@ -58329,6 +58517,9 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_init.c linux-2.6.39.2/grsecurity/grse
 +#ifdef CONFIG_GRKERNSEC_LINK
 +	grsec_enable_link = 1;
 +#endif
++#ifdef CONFIG_GRKERNSEC_BRUTE
++	grsec_enable_brute = 1;
++#endif
 +#ifdef CONFIG_GRKERNSEC_DMESG
 +	grsec_enable_dmesg = 1;
 +#endif
@@ -58949,8 +59140,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_ptrace.c linux-2.6.39.2/grsecurity/gr
 +}
 diff -urNp linux-2.6.39.2/grsecurity/grsec_sig.c linux-2.6.39.2/grsecurity/grsec_sig.c
 --- linux-2.6.39.2/grsecurity/grsec_sig.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.2/grsecurity/grsec_sig.c	2011-05-22 19:41:42.000000000 -0400
-@@ -0,0 +1,203 @@
++++ linux-2.6.39.2/grsecurity/grsec_sig.c	2011-06-29 19:40:46.000000000 -0400
+@@ -0,0 +1,206 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/delay.h>
@@ -59042,6 +59233,9 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_sig.c linux-2.6.39.2/grsecurity/grsec
 +#ifdef CONFIG_GRKERNSEC_BRUTE
 +	uid_t uid = 0;
 +
++	if (!grsec_enable_brute)
++		return;
++
 +	rcu_read_lock();
 +	read_lock(&tasklist_lock);
 +	read_lock(&grsec_exec_file_lock);
@@ -59404,8 +59598,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_sock.c linux-2.6.39.2/grsecurity/grse
 +}
 diff -urNp linux-2.6.39.2/grsecurity/grsec_sysctl.c linux-2.6.39.2/grsecurity/grsec_sysctl.c
 --- linux-2.6.39.2/grsecurity/grsec_sysctl.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.2/grsecurity/grsec_sysctl.c	2011-05-22 19:41:42.000000000 -0400
-@@ -0,0 +1,433 @@
++++ linux-2.6.39.2/grsecurity/grsec_sysctl.c	2011-06-29 19:38:04.000000000 -0400
+@@ -0,0 +1,442 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/sysctl.h>
@@ -59451,6 +59645,15 @@ diff -urNp linux-2.6.39.2/grsecurity/grsec_sysctl.c linux-2.6.39.2/grsecurity/gr
 +		.proc_handler	= &proc_dointvec,
 +	},
 +#endif
++#ifdef CONFIG_GRKERNSEC_BRUTE
++	{
++		.procname	= "deter_bruteforce",
++		.data		= &grsec_enable_brute,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
 +#ifdef CONFIG_GRKERNSEC_FIFO
 +	{
 +		.procname	= "fifo_restrictions",
@@ -59969,8 +60172,8 @@ diff -urNp linux-2.6.39.2/grsecurity/grsum.c linux-2.6.39.2/grsecurity/grsum.c
 +}
 diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
 --- linux-2.6.39.2/grsecurity/Kconfig	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.2/grsecurity/Kconfig	2011-06-13 21:34:34.000000000 -0400
-@@ -0,0 +1,1045 @@
++++ linux-2.6.39.2/grsecurity/Kconfig	2011-06-29 20:57:06.000000000 -0400
+@@ -0,0 +1,1048 @@
 +#
 +# grecurity configuration
 +#
@@ -60049,7 +60252,7 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
 +	select PAX_ASLR
 +	select PAX_RANDMMAP
 +	select PAX_REFCOUNT if (X86 || SPARC64)
-+	select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC) && (SLAB || SLUB || SLOB))
++	select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB))
 +
 +	help
 +	  If you say Y here, several features in addition to those included
@@ -60113,7 +60316,7 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
 +	select GRKERNSEC_VM86 if (X86_32)
-+	select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC32 || SPARC64)
++	select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
 +	select PAX
 +	select PAX_RANDUSTACK
 +	select PAX_ASLR
@@ -60128,13 +60331,13 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
 +	select PAX_RANDKSTACK if (X86_TSC && X86)
 +	select PAX_SEGMEXEC if (X86_32)
 +	select PAX_PAGEEXEC
-+	select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
++	select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
 +	select PAX_EMUTRAMP if (PARISC)
 +	select PAX_EMUSIGRT if (PARISC)
 +	select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
 +	select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
 +	select PAX_REFCOUNT if (X86 || SPARC64)
-+	select PAX_USERCOPY if ((X86 || PPC || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
++	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB))
 +	help
 +	  If you say Y here, many of the features of grsecurity will be
 +	  enabled, which will protect you against many kinds of attacks
@@ -60264,6 +60467,9 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
 +	  It is recommended that you also enable signal logging in the auditing
 +	  section so that logs are generated when a process triggers a suspicious
 +	  signal.
++	  If the sysctl option is enabled, a sysctl option with name
++	  "deter_bruteforce" is created.
++
 +
 +config GRKERNSEC_MODHARDEN
 +	bool "Harden module auto-loading"
@@ -60313,7 +60519,7 @@ diff -urNp linux-2.6.39.2/grsecurity/Kconfig linux-2.6.39.2/grsecurity/Kconfig
 +
 +config GRKERNSEC_KERN_LOCKOUT
 +	bool "Active kernel exploit response"
-+	depends on X86 || ARM || PPC || SPARC32 || SPARC64
++	depends on X86 || ARM || PPC || SPARC
 +	help
 +	  If you say Y here, when a PaX alert is triggered due to suspicious
 +	  activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
@@ -62865,8 +63071,8 @@ diff -urNp linux-2.6.39.2/include/linux/grdefs.h linux-2.6.39.2/include/linux/gr
 +#endif
 diff -urNp linux-2.6.39.2/include/linux/grinternal.h linux-2.6.39.2/include/linux/grinternal.h
 --- linux-2.6.39.2/include/linux/grinternal.h	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.2/include/linux/grinternal.h	2011-05-22 19:41:42.000000000 -0400
-@@ -0,0 +1,219 @@
++++ linux-2.6.39.2/include/linux/grinternal.h	2011-06-29 19:41:29.000000000 -0400
+@@ -0,0 +1,220 @@
 +#ifndef __GRINTERNAL_H
 +#define __GRINTERNAL_H
 +
@@ -62947,6 +63153,7 @@ diff -urNp linux-2.6.39.2/include/linux/grinternal.h linux-2.6.39.2/include/linu
 +extern int grsec_resource_logging;
 +extern int grsec_enable_blackhole;
 +extern int grsec_lastack_retries;
++extern int grsec_enable_brute;
 +extern int grsec_lock;
 +
 +extern spinlock_t grsec_alert_lock;
@@ -79546,7 +79753,7 @@ diff -urNp linux-2.6.39.2/security/integrity/ima/ima_queue.c linux-2.6.39.2/secu
  	return 0;
 diff -urNp linux-2.6.39.2/security/Kconfig linux-2.6.39.2/security/Kconfig
 --- linux-2.6.39.2/security/Kconfig	2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39.2/security/Kconfig	2011-06-03 01:13:26.000000000 -0400
++++ linux-2.6.39.2/security/Kconfig	2011-06-29 20:57:25.000000000 -0400
 @@ -4,6 +4,554 @@
  
  menu "Security options"
@@ -80068,7 +80275,7 @@ diff -urNp linux-2.6.39.2/security/Kconfig linux-2.6.39.2/security/Kconfig
 +
 +config PAX_USERCOPY
 +	bool "Harden heap object copies between kernel and userland"
-+	depends on X86 || PPC || SPARC
++	depends on X86 || PPC || SPARC || ARM
 +	depends on GRKERNSEC && (SLAB || SLUB)
 +	help
 +	  By saying Y here the kernel will enforce the size of heap objects
author	Anthony G. Basile <blueness@gentoo.org>	2011-07-04 22:24:44 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2011-07-04 22:24:44 -0400
commit	694b56591453a2987d6633230abe447a7c7ecd61 (patch)
tree	f611ee025b9b2c0913d27f0982e38139e311d2b6
parent	Update Grsec/PaX and address bug #366019 (diff)
download	hardened-patchset-694b56591453a2987d6633230abe447a7c7ecd61.tar.gz hardened-patchset-694b56591453a2987d6633230abe447a7c7ecd61.tar.bz2 hardened-patchset-694b56591453a2987d6633230abe447a7c7ecd61.zip