* [gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/
@ 2015-06-28 13:56 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2015-06-28 13:56 UTC (permalink / raw
To: gentoo-commits
commit: 980b9085c5a073862dfe86244fa10f2d614df0f4
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 28 13:58:41 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jun 28 13:58:41 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=980b9085
Grsec/PaX: 3.1-4.0.6-201506272327
4.0.6/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.0.6-201506272327.patch} | 52 +++++++++++++++++++++-
2 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/4.0.6/0000_README b/4.0.6/0000_README
index 00d5c29..67f188e 100644
--- a/4.0.6/0000_README
+++ b/4.0.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch
+Patch: 4420_grsecurity-3.1-4.0.6-201506272327.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
similarity index 99%
rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
rename to 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
index 797b7c1..01515b8 100644
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
@@ -24259,7 +24259,7 @@ index f5d0730..5bce89c 100644
unlock_done:
mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index 8b7b0a5..2395f29 100644
+index 8b7b0a5..02219db 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)
@@ -24298,6 +24298,56 @@ index 8b7b0a5..2395f29 100644
return -EFAULT;
/* Make sure it is what we expect it to be */
+@@ -670,11 +672,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
+ /* Module allocation simplifies allocating memory for code */
+ static inline void *alloc_tramp(unsigned long size)
+ {
+- return module_alloc(size);
++ return module_alloc_exec(size);
+ }
+ static inline void tramp_free(void *tramp)
+ {
+- module_memfree(tramp);
++ module_memfree_exec(tramp);
+ }
+ #else
+ /* Trampolines can only be created if modules are supported */
+@@ -753,7 +755,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ *tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *);
+
+ /* Copy ftrace_caller onto the trampoline memory */
++ pax_open_kernel();
+ ret = probe_kernel_read(trampoline, (void *)start_offset, size);
++ pax_close_kernel();
+ if (WARN_ON(ret < 0)) {
+ tramp_free(trampoline);
+ return 0;
+@@ -763,6 +767,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+
+ /* The trampoline ends with a jmp to ftrace_return */
+ jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return);
++ pax_open_kernel();
+ memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);
+
+ /*
+@@ -775,6 +780,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+
+ ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);
+ *ptr = (unsigned long)ops;
++ pax_close_kernel();
+
+ op_offset -= start_offset;
+ memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
+@@ -792,7 +798,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+ op_ptr.offset = offset;
+
+ /* put in the new offset to the ftrace_ops */
++ pax_open_kernel();
+ memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);
++ pax_close_kernel();
+
+ /* ALLOC_TRAMP flags lets us know we created it */
+ ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index b111ab5..3d419ea 100644
--- a/arch/x86/kernel/head64.c
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-28 13:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-28 13:56 [gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox