diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-06-28 09:58:41 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-06-28 09:58:41 -0400 |
| commit | 980b9085c5a073862dfe86244fa10f2d614df0f4 (patch) | |
| tree | 117b72790b1dc154e33b7f0f3b7357eea80da44c | |
| parent | Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506262047 (diff) | |
| download | hardened-patchset-980b9085c5a073862dfe86244fa10f2d614df0f4.tar.gz hardened-patchset-980b9085c5a073862dfe86244fa10f2d614df0f4.tar.bz2 hardened-patchset-980b9085c5a073862dfe86244fa10f2d614df0f4.zip | |
Grsec/PaX: 3.1-4.0.6-20150627232720150627
| -rw-r--r-- | 4.0.6/0000_README | 2 | ||||
| -rw-r--r-- | 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch (renamed from 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch) | 52 |
2 files changed, 52 insertions, 2 deletions
diff --git a/4.0.6/0000_README b/4.0.6/0000_README index 00d5c29..67f188e 100644 --- a/4.0.6/0000_README +++ b/4.0.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch +Patch: 4420_grsecurity-3.1-4.0.6-201506272327.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch index 797b7c1..01515b8 100644 --- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch +++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch @@ -24259,7 +24259,7 @@ index f5d0730..5bce89c 100644 unlock_done: mutex_unlock(&espfix_init_mutex); diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index 8b7b0a5..2395f29 100644 +index 8b7b0a5..02219db 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip) @@ -24298,6 +24298,56 @@ index 8b7b0a5..2395f29 100644 return -EFAULT; /* Make sure it is what we expect it to be */ +@@ -670,11 +672,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr) + /* Module allocation simplifies allocating memory for code */ + static inline void *alloc_tramp(unsigned long size) + { +- return module_alloc(size); ++ return module_alloc_exec(size); + } + static inline void tramp_free(void *tramp) + { +- module_memfree(tramp); ++ module_memfree_exec(tramp); + } + #else + /* Trampolines can only be created if modules are supported */ +@@ -753,7 +755,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) + *tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *); + + /* Copy ftrace_caller onto the trampoline memory */ ++ pax_open_kernel(); + ret = probe_kernel_read(trampoline, (void *)start_offset, size); ++ pax_close_kernel(); + if (WARN_ON(ret < 0)) { + tramp_free(trampoline); + return 0; +@@ -763,6 +767,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) + + /* The trampoline ends with a jmp to ftrace_return */ + jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return); ++ pax_open_kernel(); + memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE); + + /* +@@ -775,6 +780,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) + + ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE); + *ptr = (unsigned long)ops; ++ pax_close_kernel(); + + op_offset -= start_offset; + memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE); +@@ -792,7 +798,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) + op_ptr.offset = offset; + + /* put in the new offset to the ftrace_ops */ ++ pax_open_kernel(); + memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE); ++ pax_close_kernel(); + + /* ALLOC_TRAMP flags lets us know we created it */ + ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP; diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index b111ab5..3d419ea 100644 --- a/arch/x86/kernel/head64.c |