[gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/
@ 2015-06-28 13:56 Anthony G. Basile
  0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2015-06-28 13:56 UTC (permalink / raw
  To: gentoo-commits

commit:     980b9085c5a073862dfe86244fa10f2d614df0f4
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 28 13:58:41 2015 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jun 28 13:58:41 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=980b9085

Grsec/PaX: 3.1-4.0.6-201506272327

 4.0.6/0000_README                                  |  2 +-
 ...> 4420_grsecurity-3.1-4.0.6-201506272327.patch} | 52 +++++++++++++++++++++-
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/4.0.6/0000_README b/4.0.6/0000_README
index 00d5c29..67f188e 100644
--- a/4.0.6/0000_README
+++ b/4.0.6/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.0.6-201506262047.patch
+Patch:	4420_grsecurity-3.1-4.0.6-201506272327.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
similarity index 99%
rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
rename to 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
index 797b7c1..01515b8 100644
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
@@ -24259,7 +24259,7 @@ index f5d0730..5bce89c 100644
  unlock_done:
  	mutex_unlock(&espfix_init_mutex);
 diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index 8b7b0a5..2395f29 100644
+index 8b7b0a5..02219db 100644
 --- a/arch/x86/kernel/ftrace.c
 +++ b/arch/x86/kernel/ftrace.c
 @@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)
@@ -24298,6 +24298,56 @@ index 8b7b0a5..2395f29 100644
  		return -EFAULT;
  
  	/* Make sure it is what we expect it to be */
+@@ -670,11 +672,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
+ /* Module allocation simplifies allocating memory for code */
+ static inline void *alloc_tramp(unsigned long size)
+ {
+-	return module_alloc(size);
++	return module_alloc_exec(size);
+ }
+ static inline void tramp_free(void *tramp)
+ {
+-	module_memfree(tramp);
++	module_memfree_exec(tramp);
+ }
+ #else
+ /* Trampolines can only be created if modules are supported */
+@@ -753,7 +755,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ 	*tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *);
+ 
+ 	/* Copy ftrace_caller onto the trampoline memory */
++	pax_open_kernel();
+ 	ret = probe_kernel_read(trampoline, (void *)start_offset, size);
++	pax_close_kernel();
+ 	if (WARN_ON(ret < 0)) {
+ 		tramp_free(trampoline);
+ 		return 0;
+@@ -763,6 +767,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ 
+ 	/* The trampoline ends with a jmp to ftrace_return */
+ 	jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return);
++	pax_open_kernel();
+ 	memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);
+ 
+ 	/*
+@@ -775,6 +780,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ 
+ 	ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);
+ 	*ptr = (unsigned long)ops;
++	pax_close_kernel();
+ 
+ 	op_offset -= start_offset;
+ 	memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
+@@ -792,7 +798,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ 	op_ptr.offset = offset;
+ 
+ 	/* put in the new offset to the ftrace_ops */
++	pax_open_kernel();
+ 	memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);
++	pax_close_kernel();
+ 
+ 	/* ALLOC_TRAMP flags lets us know we created it */
+ 	ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
 index b111ab5..3d419ea 100644
 --- a/arch/x86/kernel/head64.c


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2015-06-28 13:56 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-28 13:56 [gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/ Anthony G. Basile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox