rpms/kernel/F-13 kernel.spec, 1.2069, 1.2070 linux-2.6-execshield.patch, 1.116, 1.117
roland
roland at fedoraproject.org
Fri Jun 18 10:01:52 UTC 2010
- Previous message: rpms/hct/F-13 Makefile.PL, NONE, 1.1 hct-set-env-hcthome.patch, NONE, 1.1 hct-set-hct-path-for-moved-lang.patch, NONE, 1.1 hct.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/perl-Archive-RPM/devel perl-Archive-RPM.spec,1.8,1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: roland
Update of /cvs/pkgs/rpms/kernel/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv14915
Modified Files:
kernel.spec linux-2.6-execshield.patch
Log Message:
make execshield respect PF_RANDOMIZE and ADDR_NO_RANDOMIZE (#220892)
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/kernel.spec,v
retrieving revision 1.2069
retrieving revision 1.2070
diff -u -p -r1.2069 -r1.2070
--- kernel.spec 17 Jun 2010 09:54:32 -0000 1.2069
+++ kernel.spec 18 Jun 2010 10:01:51 -0000 1.2070
@@ -2231,6 +2231,9 @@ fi
# and build.
%changelog
+* Fri Jun 18 2010 Roland McGrath <roland at redhat.com> 2.6.33.5-133
+- make execshield respect PF_RANDOMIZE and ADDR_NO_RANDOMIZE (#220892)
+
* Thu Jun 17 2010 Kyle McMartin <kyle at redhat.com>
- make ghash-clmulni modular to get rid of early boot noise (rhbz#586954)
(not a /fix/ but it should at least quiet boot down a bit if you have
linux-2.6-execshield.patch:
arch/x86/include/asm/desc.h | 25 ++++++
arch/x86/include/asm/mmu.h | 7 +
arch/x86/include/asm/paravirt.h | 6 +
arch/x86/include/asm/paravirt_types.h | 3
arch/x86/include/asm/processor.h | 3
arch/x86/kernel/cpu/common.c | 14 +++
arch/x86/kernel/paravirt.c | 3
arch/x86/kernel/process_32.c | 48 ++++++++++++
arch/x86/kernel/traps.c | 129 +++++++++++++++++++++++++++++++---
arch/x86/mm/mmap.c | 5 +
arch/x86/mm/setup_nx.c | 6 +
arch/x86/mm/tlb.c | 7 +
arch/x86/vdso/vdso32-setup.c | 2
arch/x86/xen/enlighten.c | 21 +++++
fs/binfmt_elf.c | 21 ++++-
include/linux/mm.h | 8 +-
include/linux/mm_types.h | 3
include/linux/resource.h | 5 +
include/linux/sched.h | 7 +
kernel/sysctl.c | 28 +++++++
mm/mmap.c | 128 +++++++++++++++++++++++++++++++--
mm/mprotect.c | 10 ++
mm/mremap.c | 4 -
23 files changed, 466 insertions(+), 27 deletions(-)
Index: linux-2.6-execshield.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/linux-2.6-execshield.patch,v
retrieving revision 1.116
retrieving revision 1.117
diff -u -p -r1.116 -r1.117
--- linux-2.6-execshield.patch 18 Jan 2010 19:43:38 -0000 1.116
+++ linux-2.6-execshield.patch 18 Jun 2010 10:01:51 -0000 1.117
@@ -1,36 +1,3 @@
-From f19502d20f5c1e59244fa361496371f320dff55e Mon Sep 17 00:00:00 2001
-From: Kyle McMartin <kyle at ihatethathostname.lab.bos.redhat.com>
-Date: Mon, 18 Jan 2010 14:39:29 -0500
-Subject: execshield
-
----
- arch/x86/include/asm/desc.h | 25 +++++++
- arch/x86/include/asm/mmu.h | 7 ++
- arch/x86/include/asm/paravirt.h | 6 ++
- arch/x86/include/asm/paravirt_types.h | 3 +
- arch/x86/include/asm/processor.h | 3 +
- arch/x86/kernel/cpu/common.c | 14 ++++
- arch/x86/kernel/paravirt.c | 3 +
- arch/x86/kernel/process_32.c | 48 ++++++++++++
- arch/x86/kernel/traps.c | 129 ++++++++++++++++++++++++++++++---
- arch/x86/mm/mmap.c | 5 +-
- arch/x86/mm/setup_nx.c | 6 ++
- arch/x86/mm/tlb.c | 7 ++
- arch/x86/vdso/vdso32-setup.c | 2 +-
- arch/x86/xen/enlighten.c | 21 ++++++
- fs/binfmt_elf.c | 21 +++++-
- include/linux/mm.h | 8 ++-
- include/linux/mm_types.h | 3 +
- include/linux/resource.h | 5 +-
- include/linux/sched.h | 7 ++
- kernel/sysctl.c | 28 +++++++
- mm/mmap.c | 121 +++++++++++++++++++++++++++++--
- mm/mprotect.c | 10 +++-
- mm/mremap.c | 4 +-
- 23 files changed, 459 insertions(+), 27 deletions(-)
-
-diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
-index 617bd56..526248d 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -5,6 +5,7 @@
@@ -77,8 +44,6 @@ index 617bd56..526248d 100644
+#endif /* CONFIG_X86_32 */
+
#endif /* _ASM_X86_DESC_H */
-diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
-index 80a1dee..8314c66 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -7,12 +7,19 @@
@@ -101,8 +66,6 @@ index 80a1dee..8314c66 100644
} mm_context_t;
#ifdef CONFIG_SMP
-diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
-index dd59a85..9ba7d12 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -289,6 +289,12 @@ static inline void set_ldt(const void *addr, unsigned entries)
@@ -118,8 +81,6 @@ index dd59a85..9ba7d12 100644
static inline void store_gdt(struct desc_ptr *dtr)
{
PVOP_VCALL1(pv_cpu_ops.store_gdt, dtr);
-diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
-index b1e70d5..0071abd 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -118,6 +118,9 @@ struct pv_cpu_ops {
@@ -132,8 +93,6 @@ index b1e70d5..0071abd 100644
unsigned long (*store_tr)(void);
void (*load_tls)(struct thread_struct *t, unsigned int cpu);
#ifdef CONFIG_X86_64
-diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index fc801ba..8d2df5c 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -162,6 +162,9 @@ static inline int hlt_works(int cpu)
@@ -146,8 +105,6 @@ index fc801ba..8d2df5c 100644
extern void cpu_detect(struct cpuinfo_x86 *c);
extern struct pt_regs *idle_regs(struct pt_regs *);
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 4868e4a..6c8d2ca 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -802,6 +802,20 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
@@ -171,8 +128,6 @@ index 4868e4a..6c8d2ca 100644
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
-diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
-index 1b1739d..c2dda16 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -345,6 +345,9 @@ struct pv_cpu_ops pv_cpu_ops = {
@@ -185,8 +140,6 @@ index 1b1739d..c2dda16 100644
.load_gdt = native_load_gdt,
.load_idt = native_load_idt,
.store_gdt = native_store_gdt,
-diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 37ad1e0..9524afe 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -257,7 +257,10 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
@@ -263,8 +216,6 @@ index 37ad1e0..9524afe 100644
+ mm->context.exec_limit = 0;
+ set_user_cs(&mm->context.user_cs, 0);
+}
-diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 3339917..9b03688 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -115,6 +115,76 @@ die_if_kernel(const char *str, struct pt_regs *regs, long err)
@@ -421,8 +372,6 @@ index 3339917..9b03688 100644
}
#endif
-diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index c8191de..7d84d01 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -124,13 +124,16 @@ static unsigned long mmap_legacy_base(void)
@@ -443,8 +392,6 @@ index c8191de..7d84d01 100644
mm->unmap_area = arch_unmap_area_topdown;
}
}
-diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
-index a3250aa..e0d9cce 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -1,3 +1,4 @@
@@ -471,8 +418,6 @@ index a3250aa..e0d9cce 100644
printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
"missing in CPU or disabled in BIOS!\n");
} else {
-diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
-index 65b58e4..cf1ea57 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -6,6 +6,7 @@
@@ -496,8 +441,6 @@ index 65b58e4..cf1ea57 100644
/*
* orig_rax contains the negated interrupt vector.
* Use that to determine where the sender put the data.
-diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index 02b442e..957bb67 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -331,7 +331,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
@@ -509,8 +452,6 @@ index 02b442e..957bb67 100644
if (IS_ERR_VALUE(addr)) {
ret = addr;
goto up_fail;
-diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 36daccb..4ad374a 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -333,6 +333,24 @@ static void xen_set_ldt(const void *addr, unsigned entries)
@@ -548,8 +489,6 @@ index 36daccb..4ad374a 100644
.load_gdt = xen_load_gdt,
.load_idt = xen_load_idt,
.load_tls = xen_load_tls,
-diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index edd90c4..33f2f2d 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -73,7 +73,7 @@ static struct linux_binfmt elf_format = {
@@ -608,8 +547,6 @@ index edd90c4..33f2f2d 100644
/*
* load_elf_interp() returns relocation
* adjustment
-diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 60c467b..8eb1643 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1148,7 +1148,13 @@ extern int install_special_mapping(struct mm_struct *mm,
@@ -627,8 +564,6 @@ index 60c467b..8eb1643 100644
extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
unsigned long len, unsigned long prot,
-diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index 36f9627..bd4fe42 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -209,6 +209,9 @@ struct mm_struct {
@@ -641,8 +576,6 @@ index 36f9627..bd4fe42 100644
void (*unmap_area) (struct mm_struct *mm, unsigned long addr);
#endif
unsigned long mmap_base; /* base of mmap area */
-diff --git a/include/linux/resource.h b/include/linux/resource.h
-index f1e914e..d2aef9a 100644
--- a/include/linux/resource.h
+++ b/include/linux/resource.h
@@ -53,8 +53,11 @@ struct rlimit {
@@ -658,8 +591,6 @@ index f1e914e..d2aef9a 100644
/*
* GPG2 wants 64kB of mlocked memory, to make sure pass phrases
-diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 6f7bba9..ffbcf8c 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -102,6 +102,9 @@ struct fs_struct;
@@ -683,8 +614,6 @@ index 6f7bba9..ffbcf8c 100644
extern unsigned long
arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr,
unsigned long len, unsigned long pgoff,
-diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 8a68b24..2c605b1 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -87,6 +87,26 @@ extern int sysctl_nr_open_min, sysctl_nr_open_max;
@@ -729,10 +658,8 @@ index 8a68b24..2c605b1 100644
#ifdef CONFIG_PROC_SYSCTL
{
.procname = "tainted",
-diff --git a/mm/mmap.c b/mm/mmap.c
-index ee22989..5bc99f8 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
+--- b/mm/mmap.c
++++ linux-2.6.33.noarch/mm/mmap.c
@@ -28,6 +28,7 @@
#include <linux/rmap.h>
#include <linux/mmu_notifier.h>
@@ -760,7 +687,7 @@ index ee22989..5bc99f8 100644
static void unmap_region(struct mm_struct *mm,
struct vm_area_struct *vma, struct vm_area_struct *prev,
unsigned long start, unsigned long end);
-@@ -388,6 +401,8 @@ static inline void
+@@ -388,6 +401,8 @@
__vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma,
struct vm_area_struct *prev, struct rb_node *rb_parent)
{
@@ -769,7 +696,7 @@ index ee22989..5bc99f8 100644
if (prev) {
vma->vm_next = prev->vm_next;
prev->vm_next = vma;
-@@ -490,6 +505,8 @@ __vma_unlink(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -490,6 +505,8 @@
rb_erase(&vma->vm_rb, &mm->mm_rb);
if (mm->mmap_cache == vma)
mm->mmap_cache = prev;
@@ -778,7 +705,7 @@ index ee22989..5bc99f8 100644
}
/*
-@@ -797,6 +814,8 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -797,6 +814,8 @@
} else /* cases 2, 5, 7 */
vma_adjust(prev, prev->vm_start,
end, prev->vm_pgoff, NULL);
@@ -787,7 +714,7 @@ index ee22989..5bc99f8 100644
return prev;
}
-@@ -947,7 +966,8 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -947,7 +966,8 @@
/* Obtain the address to map to. we verify (or select) it and ensure
* that it represents a valid section of the address space.
*/
@@ -797,7 +724,7 @@ index ee22989..5bc99f8 100644
if (addr & ~PAGE_MASK)
return addr;
-@@ -1479,8 +1499,8 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1479,8 +1499,8 @@
}
unsigned long
@@ -808,7 +735,7 @@ index ee22989..5bc99f8 100644
{
unsigned long (*get_area)(struct file *, unsigned long,
unsigned long, unsigned long, unsigned long);
-@@ -1493,7 +1513,11 @@ get_unmapped_area(struct file *file, unsigned long addr, unsigned long len,
+@@ -1493,7 +1513,11 @@
if (len > TASK_SIZE)
return -ENOMEM;
@@ -821,12 +748,18 @@ index ee22989..5bc99f8 100644
if (file && file->f_op && file->f_op->get_unmapped_area)
get_area = file->f_op->get_unmapped_area;
addr = get_area(file, addr, len, pgoff, flags);
-@@ -1507,8 +1531,76 @@ get_unmapped_area(struct file *file, unsigned long addr, unsigned long len,
+@@ -1507,8 +1531,83 @@
return arch_rebalance_pgtables(addr, len);
}
+EXPORT_SYMBOL(get_unmapped_area_prot);
+
++static bool should_randomize(void)
++{
++ return (current->flags & PF_RANDOMIZE) &&
++ !(current->personality & ADDR_NO_RANDOMIZE);
++}
++
+#define SHLIB_BASE 0x00110000
+
+unsigned long
@@ -845,7 +778,8 @@ index ee22989..5bc99f8 100644
+ return addr;
+
+ if (!addr)
-+ addr = randomize_range(SHLIB_BASE, 0x01000000, len);
++ addr = !should_randomize() ? SHLIB_BASE :
++ randomize_range(SHLIB_BASE, 0x01000000, len);
+
+ if (addr) {
+ addr = PAGE_ALIGN(addr);
@@ -873,7 +807,7 @@ index ee22989..5bc99f8 100644
+ * Up until the brk area we randomize addresses
+ * as much as possible:
+ */
-+ if (addr >= 0x01000000) {
++ if (addr >= 0x01000000 && should_randomize()) {
+ tmp = randomize_range(0x01000000,
+ PAGE_ALIGN(max(mm->start_brk,
+ (unsigned long)0x08000000)), len);
@@ -899,7 +833,7 @@ index ee22989..5bc99f8 100644
/* Look up the first VMA which satisfies addr < vm_end, NULL if none. */
struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
-@@ -1583,6 +1675,14 @@ out:
+@@ -1583,6 +1682,14 @@
return prev ? prev->vm_next : vma;
}
@@ -914,7 +848,7 @@ index ee22989..5bc99f8 100644
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -1599,7 +1699,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -1599,7 +1706,7 @@
return -ENOMEM;
/* Stack limit test */
@@ -923,7 +857,7 @@ index ee22989..5bc99f8 100644
return -ENOMEM;
/* mlock limit tests */
-@@ -1906,10 +2006,14 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1906,10 +2013,14 @@
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
@@ -940,7 +874,7 @@ index ee22989..5bc99f8 100644
vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
return 0;
-@@ -2176,6 +2280,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2176,6 +2287,7 @@
free_pgtables(tlb, vma, FIRST_USER_ADDRESS, 0);
tlb_finish_mmu(tlb, 0, end);
@@ -948,8 +882,6 @@ index ee22989..5bc99f8 100644
/*
* Walk the list again, actually closing and freeing it,
-diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 8bc969d..3c9b4fc 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -26,9 +26,14 @@
@@ -986,8 +918,6 @@ index 8bc969d..3c9b4fc 100644
mmu_notifier_invalidate_range_start(mm, start, end);
if (is_vm_hugetlb_page(vma))
hugetlb_change_protection(vma, start, end, vma->vm_page_prot);
-diff --git a/mm/mremap.c b/mm/mremap.c
-index 8451908..d5de807 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -485,10 +485,10 @@ unsigned long do_mremap(unsigned long addr,
@@ -1003,6 +933,3 @@ index 8451908..d5de807 100644
if (new_addr & ~PAGE_MASK) {
ret = new_addr;
goto out;
---
-1.6.5.2
-
- Previous message: rpms/hct/F-13 Makefile.PL, NONE, 1.1 hct-set-env-hcthome.patch, NONE, 1.1 hct-set-hct-path-for-moved-lang.patch, NONE, 1.1 hct.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/perl-Archive-RPM/devel perl-Archive-RPM.spec,1.8,1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list