From: Anthony G. Basile <blueness@gentoo.org>

This patch removes all references to legacy EI_PAX markings
in favor of PT_PAX.  It should be applied immediately after
the grsecurity patch.

diff -Naur a/fs/binfmt_elf.c b/fs/binfmt_elf.c
--- a/fs/binfmt_elf.c	2011-07-30 07:14:33.000000000 -0400
+++ b/fs/binfmt_elf.c	2011-07-30 07:17:26.000000000 -0400
@@ -557,7 +557,7 @@
 	return error;
 }
 
-#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
+#if (defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
 static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
 {
 	unsigned long pax_flags = 0UL;
@@ -643,50 +643,7 @@
 }
 #endif
 
-#ifdef CONFIG_PAX_EI_PAX
-static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
-{
-	unsigned long pax_flags = 0UL;
-
-#ifdef CONFIG_PAX_PAGEEXEC
-	if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
-		pax_flags |= MF_PAX_PAGEEXEC;
-#endif
-
-#ifdef CONFIG_PAX_SEGMEXEC
-	if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
-		pax_flags |= MF_PAX_SEGMEXEC;
-#endif
-
-#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
-	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
-		if (nx_enabled)
-			pax_flags &= ~MF_PAX_SEGMEXEC;
-		else
-			pax_flags &= ~MF_PAX_PAGEEXEC;
-	}
-#endif
-
-#ifdef CONFIG_PAX_EMUTRAMP
-	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
-		pax_flags |= MF_PAX_EMUTRAMP;
-#endif
-
-#ifdef CONFIG_PAX_MPROTECT
-	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
-		pax_flags |= MF_PAX_MPROTECT;
-#endif
-
-#ifdef CONFIG_PAX_ASLR
-	if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
-		pax_flags |= MF_PAX_RANDMMAP;
-#endif
-
-	return pax_flags;
-}
-#endif
-
-#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
+#if defined(CONFIG_PAX_PT_PAX_FLAGS)
 static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
 {
 	unsigned long pax_flags = 0UL;
@@ -696,10 +653,6 @@
 	int found_flags = 0;
 #endif
 
-#ifdef CONFIG_PAX_EI_PAX
-	pax_flags = pax_parse_ei_pax(elf_ex);
-#endif
-
 #ifdef CONFIG_PAX_PT_PAX_FLAGS
 	for (i = 0UL; i < elf_ex->e_phnum; i++)
 		if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
@@ -722,7 +675,7 @@
 		}
 #endif
 
-#if !defined(CONFIG_PAX_EI_PAX) && defined(CONFIG_PAX_PT_PAX_FLAGS)
+#if defined(CONFIG_PAX_PT_PAX_FLAGS)
 	if (found_flags == 0) {
 		struct elf_phdr phdr;
 		memset(&phdr, 0, sizeof(phdr));
@@ -956,7 +909,7 @@
 
 	current->mm->def_flags = 0;
 
-#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
+#if defined(CONFIG_PAX_PT_PAX_FLAGS)
 	if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
 		send_sig(SIGKILL, current, 0);
 		goto out_free_dentry;
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig	2011-07-30 07:14:33.000000000 -0400
+++ b/grsecurity/Kconfig	2011-07-30 07:17:56.000000000 -0400
@@ -49,7 +49,6 @@
 config GRKERNSEC_MEDIUM
 	bool "Medium"
 	select PAX
-	select PAX_EI_PAX
 	select PAX_PT_PAX_FLAGS
 	select PAX_HAVE_ACL_FLAGS
 	select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
@@ -147,7 +146,6 @@
 	select PAX_RANDMMAP
 	select PAX_NOEXEC
 	select PAX_MPROTECT
-	select PAX_EI_PAX
 	select PAX_PT_PAX_FLAGS
 	select PAX_HAVE_ACL_FLAGS
 	select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
diff -Naur a/include/linux/grsecurity.h b/include/linux/grsecurity.h
--- a/include/linux/grsecurity.h	2011-07-30 07:14:33.000000000 -0400
+++ b/include/linux/grsecurity.h	2011-07-30 07:19:50.000000000 -0400
@@ -10,11 +10,11 @@
 #if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
 #error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
 #endif
-#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
-#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
+#error "CONFIG_PAX_NOEXEC enabled, but CONFIG_PAX_PT_PAX_FLAGS is not enabled."
 #endif
-#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
-#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
+#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
+#error "CONFIG_PAX_ASLR enabled, but CONFIG_PAX_PT_PAX_FLAGS is not enabled."
 #endif
 #if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
 #error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
diff -Naur a/include/linux/mm_types.h b/include/linux/mm_types.h
--- a/include/linux/mm_types.h	2011-07-30 07:14:33.000000000 -0400
+++ b/include/linux/mm_types.h	2011-07-30 07:18:49.000000000 -0400
@@ -290,7 +290,7 @@
 	struct mmu_notifier_mm *mmu_notifier_mm;
 #endif
 
-#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
+#if defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
 	unsigned long pax_flags;
 #endif
 
diff -Naur a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig	2011-07-30 07:14:33.000000000 -0400
+++ b/security/Kconfig	2011-07-30 07:20:37.000000000 -0400
@@ -48,20 +48,6 @@
 	  line option on boot.  Furthermore you can control various PaX features
 	  at runtime via the entries in /proc/sys/kernel/pax.
 
-config PAX_EI_PAX
-	bool 'Use legacy ELF header marking'
-	help
-	  Enabling this option will allow you to control PaX features on
-	  a per executable basis via the 'chpax' utility available at
-	  http://pax.grsecurity.net/.  The control flags will be read from
-	  an otherwise reserved part of the ELF header.  This marking has
-	  numerous drawbacks (no support for soft-mode, toolchain does not
-	  know about the non-standard use of the ELF header) therefore it
-	  has been deprecated in favour of PT_PAX_FLAGS support.
-
-	  Note that if you enable PT_PAX_FLAGS marking support as well,
-	  the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
-
 config PAX_PT_PAX_FLAGS
 	bool 'Use ELF program header marking'
 	help
@@ -110,7 +96,7 @@
 
 config PAX_NOEXEC
 	bool "Enforce non-executable pages"
-	depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86)
+	depends on (PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86)
 	help
 	  By design some architectures do not allow for protecting memory
 	  pages against execution or even if they do, Linux does not make
@@ -356,7 +342,7 @@
 
 config PAX_ASLR
 	bool "Address Space Layout Randomization"
-	depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
+	depends on PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
 	help
 	  Many if not most exploit techniques rely on the knowledge of
 	  certain addresses in the attacked program.  The following options