diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-04-08 12:08:05 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-04-08 12:08:05 -0400 |
| commit | 0a52db7b3a5e19bbd7e27bc6d800a92a4a5c69c6 (patch) | |
| tree | 36244cb9f85b3116d31c20a1421632de77186423 | |
| parent | Grsec/PaX: 2.9-2.6.32.59-201204010910 2.9-{3.2.14,3.3.1}-201204021758 (diff) | |
| download | hardened-patchset-0a52db7b3a5e19bbd7e27bc6d800a92a4a5c69c6.tar.gz hardened-patchset-0a52db7b3a5e19bbd7e27bc6d800a92a4a5c69c6.tar.bz2 hardened-patchset-0a52db7b3a5e19bbd7e27bc6d800a92a4a5c69c6.zip | |
Grsec/PaX: 2.9-{2.6.32.59-201204010910,3.2.14-201204021757,3.3.1-201204021758}
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204010910.patch) | 38 | ||||
| -rw-r--r-- | 3.2.14/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch (renamed from 3.2.14/4420_grsecurity-2.9-3.2.14-201204021757.patch) | 42 | ||||
| -rw-r--r-- | 3.3.1/0000_README | 2 | ||||
| -rw-r--r-- | 3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch (renamed from 3.3.1/4420_grsecurity-2.9-3.3.1-201204021758.patch) | 42 |
6 files changed, 76 insertions, 52 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index eb3b0e5..e55e10a 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9-2.6.32.59-201204010910.patch +Patch: 4420_grsecurity-2.9-2.6.32.59-201204062020.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204010910.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch index adc0a83..8d7ed1b 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204010910.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch @@ -64990,7 +64990,7 @@ index 0133b5a..3710d09 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a64fde6..4d6ea81 100644 +index a64fde6..aea5248 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -65633,7 +65633,7 @@ index a64fde6..4d6ea81 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -877,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -877,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -65651,8 +65651,10 @@ index a64fde6..4d6ea81 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; + ++ current->mm->end_data = end_data = elf_brk; + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); ++ current->mm->start_brk = start + size; + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { @@ -65672,7 +65674,7 @@ index a64fde6..4d6ea81 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1112,8 +1598,10 @@ static int dump_seek(struct file *file, loff_t off) +@@ -1112,8 +1600,10 @@ static int dump_seek(struct file *file, loff_t off) unsigned long n = off; if (n > PAGE_SIZE) n = PAGE_SIZE; @@ -65684,7 +65686,7 @@ index a64fde6..4d6ea81 100644 off -= n; } free_page((unsigned long)buf); -@@ -1125,7 +1613,7 @@ static int dump_seek(struct file *file, loff_t off) +@@ -1125,7 +1615,7 @@ static int dump_seek(struct file *file, loff_t off) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -65693,7 +65695,7 @@ index a64fde6..4d6ea81 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1159,7 +1647,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1159,7 +1649,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -65702,7 +65704,7 @@ index a64fde6..4d6ea81 100644 goto whole; /* -@@ -1255,8 +1743,11 @@ static int writenote(struct memelfnote *men, struct file *file, +@@ -1255,8 +1745,11 @@ static int writenote(struct memelfnote *men, struct file *file, #undef DUMP_WRITE #define DUMP_WRITE(addr, nr) \ @@ -65715,7 +65717,7 @@ index a64fde6..4d6ea81 100644 static void fill_elf_header(struct elfhdr *elf, int segs, u16 machine, u32 flags, u8 osabi) -@@ -1385,9 +1876,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1385,9 +1878,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -65727,7 +65729,7 @@ index a64fde6..4d6ea81 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1973,7 +2464,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -1973,7 +2466,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -65736,7 +65738,7 @@ index a64fde6..4d6ea81 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2006,7 +2497,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -2006,7 +2499,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un unsigned long addr; unsigned long end; @@ -65745,7 +65747,7 @@ index a64fde6..4d6ea81 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2015,6 +2506,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -2015,6 +2508,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -65753,7 +65755,7 @@ index a64fde6..4d6ea81 100644 stop = ((size += PAGE_SIZE) > limit) || !dump_write(file, kaddr, PAGE_SIZE); kunmap(page); -@@ -2042,6 +2534,97 @@ out: +@@ -2042,6 +2536,97 @@ out: #endif /* USE_ELF_CORE_DUMP */ @@ -96871,7 +96873,7 @@ index 2d846cf..98134d2 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 4b80cbf..12a7861 100644 +index 4b80cbf..073ac3e 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -45,6 +45,16 @@ @@ -98127,16 +98129,22 @@ index 4b80cbf..12a7861 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2237,7 +2691,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2236,8 +2690,14 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) + unsigned long cur = mm->total_vm; /* pages */ unsigned long lim; ++#ifdef CONFIG_PAX_RANDMMAP ++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) ++ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; ++#endif ++ lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; -- + + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; return 1; -@@ -2307,6 +2761,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2307,6 +2767,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; diff --git a/3.2.14/0000_README b/3.2.14/0000_README index 61ea918..3842c31 100644 --- a/3.2.14/0000_README +++ b/3.2.14/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.2.14-201204021757.patch +Patch: 4420_grsecurity-2.9-3.2.14-201204062020.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.14/4420_grsecurity-2.9-3.2.14-201204021757.patch b/3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch index 7964fc2..a4dfa05 100644 --- a/3.2.14/4420_grsecurity-2.9-3.2.14-201204021757.patch +++ b/3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch @@ -42181,7 +42181,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..64d2dec 100644 +index 6ff96c6..d788bf7 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42815,7 +42815,7 @@ index 6ff96c6..64d2dec 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42833,8 +42833,10 @@ index 6ff96c6..64d2dec 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; + ++ current->mm->end_data = end_data = elf_brk; + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); ++ current->mm->start_brk = start + size; + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { @@ -42854,7 +42856,7 @@ index 6ff96c6..64d2dec 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1098,7 +1580,7 @@ out: +@@ -1098,7 +1582,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42863,7 +42865,7 @@ index 6ff96c6..64d2dec 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1616,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42872,7 +42874,7 @@ index 6ff96c6..64d2dec 100644 goto whole; /* -@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1838,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42884,7 +42886,7 @@ index 6ff96c6..64d2dec 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2346,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42901,7 +42903,7 @@ index 6ff96c6..64d2dec 100644 return size; } -@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2447,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42910,7 +42912,7 @@ index 6ff96c6..64d2dec 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2461,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42923,7 +42925,7 @@ index 6ff96c6..64d2dec 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2480,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42932,7 +42934,7 @@ index 6ff96c6..64d2dec 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42940,7 +42942,7 @@ index 6ff96c6..64d2dec 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2516,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42949,7 +42951,7 @@ index 6ff96c6..64d2dec 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2525,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42957,7 +42959,7 @@ index 6ff96c6..64d2dec 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2543,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42965,7 +42967,7 @@ index 6ff96c6..64d2dec 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2562,97 @@ out: +@@ -2075,6 +2564,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -71682,7 +71684,7 @@ index 4f4f53b..9511904 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index eae90af..c930262 100644 +index eae90af..4370c73 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -72978,16 +72980,22 @@ index eae90af..c930262 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2382,8 +2863,13 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) + unsigned long cur = mm->total_vm; /* pages */ unsigned long lim; ++#ifdef CONFIG_PAX_RANDMMAP ++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) ++ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; ++#endif ++ lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; - + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; return 1; -@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2454,6 +2940,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; diff --git a/3.3.1/0000_README b/3.3.1/0000_README index 224c31f..945f66f 100644 --- a/3.3.1/0000_README +++ b/3.3.1/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.3.1-201204021758.patch +Patch: 4420_grsecurity-2.9-3.3.1-201204062021.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.3.1/4420_grsecurity-2.9-3.3.1-201204021758.patch b/3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch index 9d0bae3..2fad352 100644 --- a/3.3.1/4420_grsecurity-2.9-3.3.1-201204021758.patch +++ b/3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch @@ -41022,7 +41022,7 @@ index 1ff9405..f1e376a 100644 fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 07d096c..5e2a0b3 100644 +index 07d096c..1f08d39 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -41656,7 +41656,7 @@ index 07d096c..5e2a0b3 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -41674,8 +41674,10 @@ index 07d096c..5e2a0b3 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; + ++ current->mm->end_data = end_data = elf_brk; + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); ++ current->mm->start_brk = start + size; + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { @@ -41695,7 +41697,7 @@ index 07d096c..5e2a0b3 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1098,7 +1580,7 @@ out: +@@ -1098,7 +1582,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -41704,7 +41706,7 @@ index 07d096c..5e2a0b3 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1616,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -41713,7 +41715,7 @@ index 07d096c..5e2a0b3 100644 goto whole; /* -@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1838,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -41725,7 +41727,7 @@ index 07d096c..5e2a0b3 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2346,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -41742,7 +41744,7 @@ index 07d096c..5e2a0b3 100644 return size; } -@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2447,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -41751,7 +41753,7 @@ index 07d096c..5e2a0b3 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2461,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -41764,7 +41766,7 @@ index 07d096c..5e2a0b3 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2480,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -41773,7 +41775,7 @@ index 07d096c..5e2a0b3 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -41781,7 +41783,7 @@ index 07d096c..5e2a0b3 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2516,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -41790,7 +41792,7 @@ index 07d096c..5e2a0b3 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2525,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -41798,7 +41800,7 @@ index 07d096c..5e2a0b3 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2543,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -41806,7 +41808,7 @@ index 07d096c..5e2a0b3 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2562,97 @@ out: +@@ -2075,6 +2564,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -70120,7 +70122,7 @@ index ef726e8..13e0901 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index da15a79..2e3d9ff 100644 +index da15a79..333850b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -71349,16 +71351,22 @@ index da15a79..2e3d9ff 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2392,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2391,8 +2881,13 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) + unsigned long cur = mm->total_vm; /* pages */ unsigned long lim; ++#ifdef CONFIG_PAX_RANDMMAP ++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) ++ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; ++#endif ++ lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; - + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; return 1; -@@ -2463,6 +2953,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2463,6 +2958,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; |