summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-06-28 09:58:41 -0400
committerAnthony G. Basile <blueness@gentoo.org>2015-06-28 09:58:41 -0400
commit980b9085c5a073862dfe86244fa10f2d614df0f4 (patch)
tree117b72790b1dc154e33b7f0f3b7357eea80da44c
parentGrsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506262047 (diff)
downloadhardened-patchset-20150627.tar.gz
hardened-patchset-20150627.tar.bz2
hardened-patchset-20150627.zip
Grsec/PaX: 3.1-4.0.6-20150627232720150627
-rw-r--r--4.0.6/0000_README2
-rw-r--r--4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch (renamed from 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch)52
2 files changed, 52 insertions, 2 deletions
diff --git a/4.0.6/0000_README b/4.0.6/0000_README
index 00d5c29..67f188e 100644
--- a/4.0.6/0000_README
+++ b/4.0.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch
+Patch: 4420_grsecurity-3.1-4.0.6-201506272327.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
index 797b7c1..01515b8 100644
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
@@ -24259,7 +24259,7 @@ index f5d0730..5bce89c 100644
unlock_done:
mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index 8b7b0a5..2395f29 100644
+index 8b7b0a5..02219db 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)
@@ -24298,6 +24298,56 @@ index 8b7b0a5..2395f29 100644
return -EFAULT;
/* Make sure it is what we expect it to be */
+@@ -670,11 +672,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
+ /* Module allocation simplifies allocating memory for code */
+ static inline void *alloc_tramp(unsigned long size)
+ {
+- return module_alloc(size);
++ return module_alloc_exec(size);
+ }
+ static inline void tramp_free(void *tramp)
+ {
+- module_memfree(tramp);
++ module_memfree_exec(tramp);
+ }
+ #else
+ /* Trampolines can only be created if modules are supported */
+@@ -753,7 +755,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ *tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *);
+
+ /* Copy ftrace_caller onto the trampoline memory */
++ pax_open_kernel();
+ ret = probe_kernel_read(trampoline, (void *)start_offset, size);
++ pax_close_kernel();
+ if (WARN_ON(ret < 0)) {
+ tramp_free(trampoline);
+ return 0;
+@@ -763,6 +767,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+
+ /* The trampoline ends with a jmp to ftrace_return */
+ jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return);
++ pax_open_kernel();
+ memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);
+
+ /*
+@@ -775,6 +780,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+
+ ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);
+ *ptr = (unsigned long)ops;
++ pax_close_kernel();
+
+ op_offset -= start_offset;
+ memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
+@@ -792,7 +798,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ op_ptr.offset = offset;
+
+ /* put in the new offset to the ftrace_ops */
++ pax_open_kernel();
+ memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);
++ pax_close_kernel();
+
+ /* ALLOC_TRAMP flags lets us know we created it */
+ ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index b111ab5..3d419ea 100644
--- a/arch/x86/kernel/head64.c