[gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.0.4/

["Anthony G. Basile" <blueness@gentoo.org>]

commit:     fe9efb4e75bc2e6bc3db5dcfd574db7de1bdda1a
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 11:31:14 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 11:31:14 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=fe9efb4e

Grsec/PaX: 2.2.2-3.0.4-201109190917

---
 2.6.32/0000_README                                 |    8 -
 3.0.4/0000_README                                  |    2 +-
 ...4420_grsecurity-2.2.2-3.0.4-201109190917.patch} | 1031 ++++++++++++++++++--
 3.0.4/4435_grsec-kconfig-gentoo.patch              |   18 +-
 4 files changed, 951 insertions(+), 108 deletions(-)

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 160c256..8013d69 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,14 +3,6 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	1043_linux-2.6.32.44.patch
-From:	http://www.kernel.org
-Desc:	Linux 2.6.39.44
-
-Patch:	1044_linux-2.6.32.45.patch
-From:	http://www.kernel.org
-Desc:	Linux 2.6.39.45
-
 Patch:	4420_grsecurity-2.2.2-2.6.32.46-201109150655.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity

diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index 2fff4cc..a44f871 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-3.0.4-201109150655.patch
+Patch:	4420_grsecurity-2.2.2-3.0.4-201109190917.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
similarity index 98%
rename from 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
rename to 3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
index 97156c7..ec88fda 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109150655.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109190917.patch
@@ -5589,6 +5589,74 @@ diff -urNp linux-3.0.4/arch/x86/boot/video-vesa.c linux-3.0.4/arch/x86/boot/vide
  }
  
  /*
+diff -urNp linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/aes-x86_64-asm_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -71,6 +71,12 @@ FUNC:	movq	r1,r2;			\
+ 	je	B192;			\
+ 	leaq	32(r9),r9;
+ 
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++#define ret	orb $0x80, 0x7(%rsp); ret
++#else
++#define ret	ret
++#endif
++
+ #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \
+ 	movq	r1,r2;			\
+ 	movq	r3,r4;			\
+diff -urNp linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/salsa20-x86_64-asm_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -790,6 +790,9 @@ ECRYPT_encrypt_bytes:
+ 	add	%r11,%rsp
+ 	mov	%rdi,%rax
+ 	mov	%rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ #   bytesatleast65:
+ ._bytesatleast65:
+@@ -891,6 +894,9 @@ ECRYPT_keysetup:
+ 	add	%r11,%rsp
+ 	mov	%rdi,%rax
+ 	mov	%rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ # enter ECRYPT_ivsetup
+ .text
+@@ -917,4 +923,7 @@ ECRYPT_ivsetup:
+ 	add	%r11,%rsp
+ 	mov	%rdi,%rax
+ 	mov	%rsi,%rdx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+diff -urNp linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S
+--- linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/crypto/twofish-x86_64-asm_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -269,6 +269,9 @@ twofish_enc_blk:
+ 
+ 	popq	R1
+ 	movq	$1,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 
+ twofish_dec_blk:
+@@ -321,4 +324,7 @@ twofish_dec_blk:
+ 
+ 	popq	R1
+ 	movq	$1,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
 diff -urNp linux-3.0.4/arch/x86/ia32/ia32_aout.c linux-3.0.4/arch/x86/ia32/ia32_aout.c
 --- linux-3.0.4/arch/x86/ia32/ia32_aout.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/ia32/ia32_aout.c	2011-08-23 21:48:14.000000000 -0400
@@ -8676,8 +8744,8 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/rwsem.h linux-3.0.4/arch/x86/include
  
 diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/include/asm/segment.h
 --- linux-3.0.4/arch/x86/include/asm/segment.h	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/include/asm/segment.h	2011-08-23 21:47:55.000000000 -0400
-@@ -64,8 +64,8 @@
++++ linux-3.0.4/arch/x86/include/asm/segment.h	2011-09-17 00:53:42.000000000 -0400
+@@ -64,10 +64,15 @@
   *  26 - ESPFIX small SS
   *  27 - per-cpu			[ offset to per-cpu data area ]
   *  28 - stack_canary-20		[ for stack protector ]
@@ -8687,8 +8755,15 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
 + *  30 - PCI BIOS DS
   *  31 - TSS for double fault handler
   */
++#define GDT_ENTRY_KERNEXEC_EFI_CS	(1)
++#define GDT_ENTRY_KERNEXEC_EFI_DS	(2)
++#define __KERNEXEC_EFI_CS	(GDT_ENTRY_KERNEXEC_EFI_CS*8)
++#define __KERNEXEC_EFI_DS	(GDT_ENTRY_KERNEXEC_EFI_DS*8)
++
  #define GDT_ENTRY_TLS_MIN	6
-@@ -79,6 +79,8 @@
+ #define GDT_ENTRY_TLS_MAX 	(GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1)
+ 
+@@ -79,6 +84,8 @@
  
  #define GDT_ENTRY_KERNEL_CS		(GDT_ENTRY_KERNEL_BASE+0)
  
@@ -8697,7 +8772,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
  #define GDT_ENTRY_KERNEL_DS		(GDT_ENTRY_KERNEL_BASE+1)
  
  #define GDT_ENTRY_TSS			(GDT_ENTRY_KERNEL_BASE+4)
-@@ -104,6 +106,12 @@
+@@ -104,6 +111,12 @@
  #define __KERNEL_STACK_CANARY		0
  #endif
  
@@ -8710,7 +8785,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
  #define GDT_ENTRY_DOUBLEFAULT_TSS	31
  
  /*
-@@ -141,7 +149,7 @@
+@@ -141,7 +154,7 @@
   */
  
  /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
@@ -8719,7 +8794,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
  
  
  #else
-@@ -165,6 +173,8 @@
+@@ -165,6 +178,8 @@
  #define __USER32_CS   (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3)
  #define __USER32_DS	__USER_DS
  
@@ -8728,7 +8803,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/segment.h linux-3.0.4/arch/x86/inclu
  #define GDT_ENTRY_TSS 8	/* needs two entries */
  #define GDT_ENTRY_LDT 10 /* needs two entries */
  #define GDT_ENTRY_TLS_MIN 12
-@@ -185,6 +195,7 @@
+@@ -185,6 +200,7 @@
  #endif
  
  #define __KERNEL_CS	(GDT_ENTRY_KERNEL_CS*8)
@@ -10047,7 +10122,7 @@ diff -urNp linux-3.0.4/arch/x86/include/asm/xsave.h linux-3.0.4/arch/x86/include
  			     ".section .fixup,\"ax\"\n"
 diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig
 --- linux-3.0.4/arch/x86/Kconfig	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/Kconfig	2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/arch/x86/Kconfig	2011-09-17 00:58:36.000000000 -0400
 @@ -229,7 +229,7 @@ config X86_HT
  
  config X86_32_LAZY_GS
@@ -10084,15 +10159,6 @@ diff -urNp linux-3.0.4/arch/x86/Kconfig linux-3.0.4/arch/x86/Kconfig
  	default 0x40000000 if VMSPLIT_1G
  	default 0xC0000000
  	depends on X86_32
-@@ -1453,7 +1453,7 @@ config ARCH_USES_PG_UNCACHED
- 
- config EFI
- 	bool "EFI runtime service support"
--	depends on ACPI
-+	depends on ACPI && !PAX_KERNEXEC
- 	---help---
- 	  This enables the kernel to use EFI runtime services that are
- 	  available (such as the EFI variable services).
 @@ -1483,6 +1483,7 @@ config SECCOMP
  
  config CC_STACKPROTECTOR
@@ -11728,7 +11794,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_32.S linux-3.0.4/arch/x86/kernel/en
  	CFI_ADJUST_CFA_OFFSET -24
 diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/entry_64.S
 --- linux-3.0.4/arch/x86/kernel/entry_64.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/kernel/entry_64.S	2011-08-26 19:49:56.000000000 -0400
++++ linux-3.0.4/arch/x86/kernel/entry_64.S	2011-09-17 18:31:51.000000000 -0400
 @@ -53,6 +53,7 @@
  #include <asm/paravirt.h>
  #include <asm/ftrace.h>
@@ -12108,7 +12174,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -847,12 +1125,15 @@ retint_swapgs:		/* return to user-space 
+@@ -847,12 +1125,18 @@ retint_swapgs:		/* return to user-space 
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
@@ -12121,10 +12187,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  retint_restore_args:	/* return to kernel space */
  	DISABLE_INTERRUPTS(CLBR_ANY)
 +	pax_exit_kernel
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80,0x7+RIP-ARGOFFSET(%rsp)
++#endif
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
-@@ -1027,6 +1308,16 @@ ENTRY(\sym)
+@@ -1027,6 +1311,16 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -12141,7 +12210,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
  	call \do_sym
-@@ -1044,6 +1335,16 @@ ENTRY(\sym)
+@@ -1044,6 +1338,16 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -12158,7 +12227,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
  	call \do_sym
-@@ -1052,7 +1353,7 @@ ENTRY(\sym)
+@@ -1052,7 +1356,7 @@ ENTRY(\sym)
  END(\sym)
  .endm
  
@@ -12167,7 +12236,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  .macro paranoidzeroentry_ist sym do_sym ist
  ENTRY(\sym)
  	INTR_FRAME
-@@ -1062,8 +1363,24 @@ ENTRY(\sym)
+@@ -1062,8 +1366,24 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -12192,7 +12261,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
  	call \do_sym
  	addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1080,6 +1397,16 @@ ENTRY(\sym)
+@@ -1080,6 +1400,16 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -12209,7 +12278,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	movq %rsp,%rdi			/* pt_regs pointer */
  	movq ORIG_RAX(%rsp),%rsi	/* get error code */
  	movq $-1,ORIG_RAX(%rsp)		/* no syscall to restart */
-@@ -1099,6 +1426,16 @@ ENTRY(\sym)
+@@ -1099,6 +1429,16 @@ ENTRY(\sym)
  	call save_paranoid
  	DEFAULT_FRAME 0
  	TRACE_IRQS_OFF
@@ -12226,7 +12295,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	movq %rsp,%rdi			/* pt_regs pointer */
  	movq ORIG_RAX(%rsp),%rsi	/* get error code */
  	movq $-1,ORIG_RAX(%rsp)		/* no syscall to restart */
-@@ -1361,14 +1698,27 @@ ENTRY(paranoid_exit)
+@@ -1361,16 +1701,35 @@ ENTRY(paranoid_exit)
  	TRACE_IRQS_OFF
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz paranoid_restore
@@ -12238,6 +12307,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
 +	TRACE_IRQS_IRETQ 0
 +	SWAPGS_UNSAFE_STACK
 +	RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80,0x7(%rsp)
++#endif
 +	jmp irq_return
 +#endif
  paranoid_swapgs:
@@ -12254,8 +12326,13 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
 +	pax_exit_kernel
  	TRACE_IRQS_IRETQ 0
  	RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80,0x7(%rsp)
++#endif
  	jmp irq_return
-@@ -1426,7 +1776,7 @@ ENTRY(error_entry)
+ paranoid_userspace:
+ 	GET_THREAD_INFO(%rcx)
+@@ -1426,7 +1785,7 @@ ENTRY(error_entry)
  	movq_cfi r14, R14+8
  	movq_cfi r15, R15+8
  	xorl %ebx,%ebx
@@ -12264,7 +12341,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	je error_kernelspace
  error_swapgs:
  	SWAPGS
-@@ -1490,6 +1840,16 @@ ENTRY(nmi)
+@@ -1490,6 +1849,16 @@ ENTRY(nmi)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	DEFAULT_FRAME 0
@@ -12281,7 +12358,7 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
  	movq $-1,%rsi
-@@ -1500,11 +1860,25 @@ ENTRY(nmi)
+@@ -1500,12 +1869,32 @@ ENTRY(nmi)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz nmi_restore
@@ -12292,6 +12369,9 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
 +	pax_exit_kernel
 +	SWAPGS_UNSAFE_STACK
 +	RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80,0x7(%rsp)
++#endif
 +	jmp irq_return
 +#endif
  nmi_swapgs:
@@ -12306,8 +12386,12 @@ diff -urNp linux-3.0.4/arch/x86/kernel/entry_64.S linux-3.0.4/arch/x86/kernel/en
  nmi_restore:
 +	pax_exit_kernel
  	RESTORE_ALL 8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80,0x7(%rsp)
++#endif
  	jmp irq_return
  nmi_userspace:
+ 	GET_THREAD_INFO(%rcx)
 diff -urNp linux-3.0.4/arch/x86/kernel/ftrace.c linux-3.0.4/arch/x86/kernel/ftrace.c
 --- linux-3.0.4/arch/x86/kernel/ftrace.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/kernel/ftrace.c	2011-08-23 21:47:55.000000000 -0400
@@ -16528,8 +16612,15 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_386_32.S linux-3.0.4/arch/x86/lib/a
  	movl %edx, 4(v)
 diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S
 --- linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S	2011-08-23 21:47:55.000000000 -0400
-@@ -39,6 +39,14 @@ ENTRY(atomic64_read_cx8)
++++ linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S	2011-09-17 18:31:51.000000000 -0400
+@@ -35,10 +35,24 @@ ENTRY(atomic64_read_cx8)
+ 	CFI_STARTPROC
+ 
+ 	read64 %ecx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
  	CFI_ENDPROC
  ENDPROC(atomic64_read_cx8)
  
@@ -16537,6 +16628,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
 +	CFI_STARTPROC
 +
 +	read64 %ecx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
 +	ret
 +	CFI_ENDPROC
 +ENDPROC(atomic64_read_unchecked_cx8)
@@ -16544,7 +16638,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  ENTRY(atomic64_set_cx8)
  	CFI_STARTPROC
  
-@@ -52,6 +60,19 @@ ENTRY(atomic64_set_cx8)
+@@ -48,10 +62,29 @@ ENTRY(atomic64_set_cx8)
+ 	cmpxchg8b (%esi)
+ 	jne 1b
+ 
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
  	CFI_ENDPROC
  ENDPROC(atomic64_set_cx8)
  
@@ -16557,6 +16658,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
 +	cmpxchg8b (%esi)
 +	jne 1b
 +
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
 +	ret
 +	CFI_ENDPROC
 +ENDPROC(atomic64_set_unchecked_cx8)
@@ -16564,7 +16668,14 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  ENTRY(atomic64_xchg_cx8)
  	CFI_STARTPROC
  
-@@ -66,8 +87,8 @@ ENTRY(atomic64_xchg_cx8)
+@@ -62,12 +95,15 @@ ENTRY(atomic64_xchg_cx8)
+ 	cmpxchg8b (%esi)
+ 	jne 1b
+ 
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
  	CFI_ENDPROC
  ENDPROC(atomic64_xchg_cx8)
  
@@ -16575,7 +16686,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  	CFI_STARTPROC
  	SAVE ebp
  	SAVE ebx
-@@ -84,27 +105,43 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -84,27 +120,46 @@ ENTRY(atomic64_\func\()_return_cx8)
  	movl %edx, %ecx
  	\ins\()l %esi, %ebx
  	\insc\()l %edi, %ecx
@@ -16606,6 +16717,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  	RESTORE esi
  	RESTORE ebx
  	RESTORE ebp
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
  	ret
  	CFI_ENDPROC
 -ENDPROC(atomic64_\func\()_return_cx8)
@@ -16624,7 +16738,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  	CFI_STARTPROC
  	SAVE ebx
  
-@@ -114,21 +151,38 @@ ENTRY(atomic64_\func\()_return_cx8)
+@@ -114,21 +169,41 @@ ENTRY(atomic64_\func\()_return_cx8)
  	movl %edx, %ecx
  	\ins\()l $1, %ebx
  	\insc\()l $0, %ecx
@@ -16652,6 +16766,9 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
 +.endif
 +
  	RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
  	ret
  	CFI_ENDPROC
 -ENDPROC(atomic64_\func\()_return_cx8)
@@ -16665,7 +16782,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  
  ENTRY(atomic64_dec_if_positive_cx8)
  	CFI_STARTPROC
-@@ -140,6 +194,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
+@@ -140,6 +215,13 @@ ENTRY(atomic64_dec_if_positive_cx8)
  	movl %edx, %ecx
  	subl $1, %ebx
  	sbb $0, %ecx
@@ -16679,7 +16796,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  	js 2f
  	LOCK_PREFIX
  	cmpxchg8b (%esi)
-@@ -174,6 +235,13 @@ ENTRY(atomic64_add_unless_cx8)
+@@ -149,6 +231,9 @@ ENTRY(atomic64_dec_if_positive_cx8)
+ 	movl %ebx, %eax
+ 	movl %ecx, %edx
+ 	RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(atomic64_dec_if_positive_cx8)
+@@ -174,6 +259,13 @@ ENTRY(atomic64_add_unless_cx8)
  	movl %edx, %ecx
  	addl %esi, %ebx
  	adcl %edi, %ecx
@@ -16693,7 +16820,17 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  	LOCK_PREFIX
  	cmpxchg8b (%ebp)
  	jne 1b
-@@ -206,6 +274,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
+@@ -184,6 +276,9 @@ ENTRY(atomic64_add_unless_cx8)
+ 	CFI_ADJUST_CFA_OFFSET -8
+ 	RESTORE ebx
+ 	RESTORE ebp
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 4:
+ 	cmpl %edx, 4(%esp)
+@@ -206,6 +301,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
  	movl %edx, %ecx
  	addl $1, %ebx
  	adcl $0, %ecx
@@ -16707,6 +16844,16 @@ diff -urNp linux-3.0.4/arch/x86/lib/atomic64_cx8_32.S linux-3.0.4/arch/x86/lib/a
  	LOCK_PREFIX
  	cmpxchg8b (%esi)
  	jne 1b
+@@ -213,6 +315,9 @@ ENTRY(atomic64_inc_not_zero_cx8)
+ 	movl $1, %eax
+ 3:
+ 	RESTORE ebx
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 4:
+ 	testl %edx, %edx
 diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/checksum_32.S
 --- linux-3.0.4/arch/x86/lib/checksum_32.S	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/lib/checksum_32.S	2011-08-23 21:47:55.000000000 -0400
@@ -16956,8 +17103,38 @@ diff -urNp linux-3.0.4/arch/x86/lib/checksum_32.S linux-3.0.4/arch/x86/lib/check
  #undef ROUND1		
 diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/clear_page_64.S
 --- linux-3.0.4/arch/x86/lib/clear_page_64.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/clear_page_64.S	2011-08-23 21:47:55.000000000 -0400
-@@ -58,7 +58,7 @@ ENDPROC(clear_page)
++++ linux-3.0.4/arch/x86/lib/clear_page_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -11,6 +11,9 @@ ENTRY(clear_page_c)
+ 	movl $4096/8,%ecx
+ 	xorl %eax,%eax
+ 	rep stosq
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(clear_page_c)
+@@ -20,6 +23,9 @@ ENTRY(clear_page_c_e)
+ 	movl $4096,%ecx
+ 	xorl %eax,%eax
+ 	rep stosb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(clear_page_c_e)
+@@ -43,6 +49,9 @@ ENTRY(clear_page)
+ 	leaq	64(%rdi),%rdi
+ 	jnz	.Lloop
+ 	nop
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ .Lclear_page_end:
+@@ -58,7 +67,7 @@ ENDPROC(clear_page)
  
  #include <asm/cpufeature.h>
  
@@ -16968,8 +17145,28 @@ diff -urNp linux-3.0.4/arch/x86/lib/clear_page_64.S linux-3.0.4/arch/x86/lib/cle
  2:	.byte 0xeb					/* jmp <disp8> */
 diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy_page_64.S
 --- linux-3.0.4/arch/x86/lib/copy_page_64.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_page_64.S	2011-08-23 21:47:55.000000000 -0400
-@@ -104,7 +104,7 @@ ENDPROC(copy_page)
++++ linux-3.0.4/arch/x86/lib/copy_page_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -8,6 +8,9 @@ copy_page_c:
+ 	CFI_STARTPROC
+ 	movl $4096/8,%ecx
+ 	rep movsq
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(copy_page_c)
+@@ -94,6 +97,9 @@ ENTRY(copy_page)
+ 	CFI_RESTORE r13
+ 	addq	$3*8,%rsp
+ 	CFI_ADJUST_CFA_OFFSET -3*8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ .Lcopy_page_end:
+ 	CFI_ENDPROC
+@@ -104,7 +110,7 @@ ENDPROC(copy_page)
  
  #include <asm/cpufeature.h>
  
@@ -16980,7 +17177,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_page_64.S linux-3.0.4/arch/x86/lib/copy
  2:
 diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy_user_64.S
 --- linux-3.0.4/arch/x86/lib/copy_user_64.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_64.S	2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_64.S	2011-09-17 18:31:51.000000000 -0400
 @@ -16,6 +16,7 @@
  #include <asm/thread_info.h>
  #include <asm/cpufeature.h>
@@ -16998,7 +17195,7 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
  2:	.byte 0xe9			/* near jump with 32bit immediate */
  	.long \alt1-1b /* offset */   /* or alternatively to alt1 */
  3:	.byte 0xe9			/* near jump with 32bit immediate */
-@@ -71,41 +72,13 @@
+@@ -71,47 +72,22 @@
  #endif
  	.endm
  
@@ -17042,9 +17239,48 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_64.S linux-3.0.4/arch/x86/lib/copy
  	movl %edx,%ecx
  	xorl %eax,%eax
  	rep
+ 	stosb
+ bad_to_user:
+ 	movl %edx,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(bad_from_user)
+@@ -179,6 +155,9 @@ ENTRY(copy_user_generic_unrolled)
+ 	decl %ecx
+ 	jnz 21b
+ 23:	xor %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 
+ 	.section .fixup,"ax"
+@@ -251,6 +230,9 @@ ENTRY(copy_user_generic_string)
+ 3:	rep
+ 	movsb
+ 4:	xorl %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 
+ 	.section .fixup,"ax"
+@@ -287,6 +269,9 @@ ENTRY(copy_user_enhanced_fast_string)
+ 1:	rep
+ 	movsb
+ 2:	xorl %eax,%eax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 
+ 	.section .fixup,"ax"
 diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S
 --- linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S	2011-08-23 21:47:55.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S	2011-09-17 18:31:51.000000000 -0400
 @@ -14,6 +14,7 @@
  #include <asm/current.h>
  #include <asm/asm-offsets.h>
@@ -17069,6 +17305,29 @@ diff -urNp linux-3.0.4/arch/x86/lib/copy_user_nocache_64.S linux-3.0.4/arch/x86/
  	cmpl $8,%edx
  	jb 20f		/* less then 8 bytes, go to byte copy loop */
  	ALIGN_DESTINATION
+@@ -98,6 +108,9 @@ ENTRY(__copy_user_nocache)
+ 	jnz 21b
+ 23:	xorl %eax,%eax
+ 	sfence
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 
+ 	.section .fixup,"ax"
+diff -urNp linux-3.0.4/arch/x86/lib/csum-copy_64.S linux-3.0.4/arch/x86/lib/csum-copy_64.S
+--- linux-3.0.4/arch/x86/lib/csum-copy_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/csum-copy_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -228,6 +228,9 @@ ENTRY(csum_partial_copy_generic)
+ 	CFI_RESTORE rbp
+ 	addq $7*8, %rsp
+ 	CFI_ADJUST_CFA_OFFSET -7*8
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_RESTORE_STATE
+ 
 diff -urNp linux-3.0.4/arch/x86/lib/csum-wrappers_64.c linux-3.0.4/arch/x86/lib/csum-wrappers_64.c
 --- linux-3.0.4/arch/x86/lib/csum-wrappers_64.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/lib/csum-wrappers_64.c	2011-08-23 21:47:55.000000000 -0400
@@ -17232,6 +17491,138 @@ diff -urNp linux-3.0.4/arch/x86/lib/insn.c linux-3.0.4/arch/x86/lib/insn.c
  	insn->x86_64 = x86_64 ? 1 : 0;
  	insn->opnd_bytes = 4;
  	if (x86_64)
+diff -urNp linux-3.0.4/arch/x86/lib/iomap_copy_64.S linux-3.0.4/arch/x86/lib/iomap_copy_64.S
+--- linux-3.0.4/arch/x86/lib/iomap_copy_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/iomap_copy_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -25,6 +25,9 @@ ENTRY(__iowrite32_copy)
+ 	CFI_STARTPROC
+ 	movl %edx,%ecx
+ 	rep movsd
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(__iowrite32_copy)
+diff -urNp linux-3.0.4/arch/x86/lib/memcpy_64.S linux-3.0.4/arch/x86/lib/memcpy_64.S
+--- linux-3.0.4/arch/x86/lib/memcpy_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memcpy_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -34,6 +34,9 @@
+ 	rep movsq
+ 	movl %edx, %ecx
+ 	rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ .Lmemcpy_e:
+ 	.previous
+@@ -51,6 +54,9 @@
+ 
+ 	movl %edx, %ecx
+ 	rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ .Lmemcpy_e_e:
+ 	.previous
+@@ -141,6 +147,9 @@ ENTRY(memcpy)
+ 	movq %r9,	1*8(%rdi)
+ 	movq %r10,	-2*8(%rdi, %rdx)
+ 	movq %r11,	-1*8(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	retq
+ 	.p2align 4
+ .Lless_16bytes:
+@@ -153,6 +162,9 @@ ENTRY(memcpy)
+ 	movq -1*8(%rsi, %rdx),	%r9
+ 	movq %r8,	0*8(%rdi)
+ 	movq %r9,	-1*8(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	retq
+ 	.p2align 4
+ .Lless_8bytes:
+@@ -166,6 +178,9 @@ ENTRY(memcpy)
+ 	movl -4(%rsi, %rdx), %r8d
+ 	movl %ecx, (%rdi)
+ 	movl %r8d, -4(%rdi, %rdx)
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	retq
+ 	.p2align 4
+ .Lless_3bytes:
+@@ -183,6 +198,9 @@ ENTRY(memcpy)
+ 	jnz .Lloop_1
+ 
+ .Lend:
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	retq
+ 	CFI_ENDPROC
+ ENDPROC(memcpy)
+diff -urNp linux-3.0.4/arch/x86/lib/memmove_64.S linux-3.0.4/arch/x86/lib/memmove_64.S
+--- linux-3.0.4/arch/x86/lib/memmove_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memmove_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -201,6 +201,9 @@ ENTRY(memmove)
+ 	movb (%rsi), %r11b
+ 	movb %r11b, (%rdi)
+ 13:
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	retq
+ 	CFI_ENDPROC
+ 
+@@ -209,6 +212,9 @@ ENTRY(memmove)
+ 	/* Forward moving data. */
+ 	movq %rdx, %rcx
+ 	rep movsb
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	retq
+ .Lmemmove_end_forward_efs:
+ 	.previous
+diff -urNp linux-3.0.4/arch/x86/lib/memset_64.S linux-3.0.4/arch/x86/lib/memset_64.S
+--- linux-3.0.4/arch/x86/lib/memset_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/memset_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -31,6 +31,9 @@
+ 	movl %r8d,%ecx
+ 	rep stosb
+ 	movq %r9,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ .Lmemset_e:
+ 	.previous
+@@ -53,6 +56,9 @@
+ 	movl %edx,%ecx
+ 	rep stosb
+ 	movq %r9,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ .Lmemset_e_e:
+ 	.previous
+@@ -121,6 +127,9 @@ ENTRY(__memset)
+ 
+ .Lende:
+ 	movq	%r10,%rax
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 
+ 	CFI_RESTORE_STATE
 diff -urNp linux-3.0.4/arch/x86/lib/mmx_32.c linux-3.0.4/arch/x86/lib/mmx_32.c
 --- linux-3.0.4/arch/x86/lib/mmx_32.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/lib/mmx_32.c	2011-08-23 21:47:55.000000000 -0400
@@ -17690,6 +18081,84 @@ diff -urNp linux-3.0.4/arch/x86/lib/putuser.S linux-3.0.4/arch/x86/lib/putuser.S
  #endif
  	xor %eax,%eax
  	EXIT
+diff -urNp linux-3.0.4/arch/x86/lib/rwlock_64.S linux-3.0.4/arch/x86/lib/rwlock_64.S
+--- linux-3.0.4/arch/x86/lib/rwlock_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwlock_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -17,6 +17,9 @@ ENTRY(__write_lock_failed)
+ 	LOCK_PREFIX
+ 	subl $RW_LOCK_BIAS,(%rdi)
+ 	jnz  __write_lock_failed
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ END(__write_lock_failed)
+@@ -33,6 +36,9 @@ ENTRY(__read_lock_failed)
+ 	LOCK_PREFIX
+ 	decl (%rdi)
+ 	js __read_lock_failed
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ END(__read_lock_failed)
+diff -urNp linux-3.0.4/arch/x86/lib/rwsem_64.S linux-3.0.4/arch/x86/lib/rwsem_64.S
+--- linux-3.0.4/arch/x86/lib/rwsem_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/rwsem_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -51,6 +51,9 @@ ENTRY(call_rwsem_down_read_failed)
+ 	popq_cfi %rdx
+ 	CFI_RESTORE rdx
+ 	restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(call_rwsem_down_read_failed)
+@@ -61,6 +64,9 @@ ENTRY(call_rwsem_down_write_failed)
+ 	movq %rax,%rdi
+ 	call rwsem_down_write_failed
+ 	restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(call_rwsem_down_write_failed)
+@@ -73,6 +79,9 @@ ENTRY(call_rwsem_wake)
+ 	movq %rax,%rdi
+ 	call rwsem_wake
+ 	restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 1:	ret
+ 	CFI_ENDPROC
+ ENDPROC(call_rwsem_wake)
+@@ -88,6 +97,9 @@ ENTRY(call_rwsem_downgrade_wake)
+ 	popq_cfi %rdx
+ 	CFI_RESTORE rdx
+ 	restore_common_regs
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ 	CFI_ENDPROC
+ ENDPROC(call_rwsem_downgrade_wake)
+diff -urNp linux-3.0.4/arch/x86/lib/thunk_64.S linux-3.0.4/arch/x86/lib/thunk_64.S
+--- linux-3.0.4/arch/x86/lib/thunk_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/lib/thunk_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -50,5 +50,8 @@
+ 	SAVE_ARGS
+ restore:
+ 	RESTORE_ARGS
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret	
+ 	CFI_ENDPROC
 diff -urNp linux-3.0.4/arch/x86/lib/usercopy_32.c linux-3.0.4/arch/x86/lib/usercopy_32.c
 --- linux-3.0.4/arch/x86/lib/usercopy_32.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/lib/usercopy_32.c	2011-08-23 21:47:55.000000000 -0400
@@ -20872,8 +21341,8 @@ diff -urNp linux-3.0.4/arch/x86/pci/pcbios.c linux-3.0.4/arch/x86/pci/pcbios.c
  EXPORT_SYMBOL(pcibios_set_irq_routing);
 diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platform/efi/efi_32.c
 --- linux-3.0.4/arch/x86/platform/efi/efi_32.c	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_32.c	2011-08-23 21:47:55.000000000 -0400
-@@ -38,70 +38,37 @@
++++ linux-3.0.4/arch/x86/platform/efi/efi_32.c	2011-09-19 09:16:58.000000000 -0400
+@@ -38,70 +38,56 @@
   */
  
  static unsigned long efi_rt_eflags;
@@ -20887,7 +21356,10 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
 -	unsigned long temp;
  	struct desc_ptr gdt_descr;
  
- 	local_irq_save(efi_rt_eflags);
+-	local_irq_save(efi_rt_eflags);
++#ifdef CONFIG_PAX_KERNEXEC
++	struct desc_struct d;
++#endif
  
 -	/*
 -	 * If I don't have PAE, I should just duplicate two entries in page
@@ -20895,7 +21367,8 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
 -	 * page directory.
 -	 */
 -	cr4 = read_cr4_safe();
--
++	local_irq_save(efi_rt_eflags);
+ 
 -	if (cr4 & X86_CR4_PAE) {
 -		efi_bak_pg_dir_pointer[0].pgd =
 -		    swapper_pg_dir[pgd_index(0)].pgd;
@@ -20921,8 +21394,14 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
  	 */
  	__flush_tlb_all();
  
--	gdt_descr.address = __pa(get_cpu_gdt_table(0));
-+	gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
++#ifdef CONFIG_PAX_KERNEXEC
++	pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC);
++	write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++	pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC);
++	write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ 	gdt_descr.address = __pa(get_cpu_gdt_table(0));
  	gdt_descr.size = GDT_SIZE - 1;
  	load_gdt(&gdt_descr);
  }
@@ -20933,8 +21412,15 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
 -	unsigned long cr4;
  	struct desc_ptr gdt_descr;
  
--	gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
-+	gdt_descr.address = get_cpu_gdt_table(0);
++#ifdef CONFIG_PAX_KERNEXEC
++	struct desc_struct d;
++
++	memset(&d, 0, sizeof d);
++	write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_CS, &d, DESCTYPE_S);
++	write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_EFI_DS, &d, DESCTYPE_S);
++#endif
++
+ 	gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
  	gdt_descr.size = GDT_SIZE - 1;
  	load_gdt(&gdt_descr);
  
@@ -20955,16 +21441,18 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_32.c linux-3.0.4/arch/x86/platf
  	 * After the lock is released, the original page table is restored.
 diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S
 --- linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S	2011-08-23 21:47:55.000000000 -0400
-@@ -6,6 +6,7 @@
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S	2011-09-19 09:16:58.000000000 -0400
+@@ -6,7 +6,9 @@
   */
  
  #include <linux/linkage.h>
 +#include <linux/init.h>
  #include <asm/page_types.h>
++#include <asm/segment.h>
  
  /*
-@@ -20,7 +21,7 @@
+  * efi_call_phys(void *, ...) is a function with variable parameters.
+@@ -20,7 +22,7 @@
   * service functions will comply with gcc calling convention, too.
   */
  
@@ -20973,18 +21461,22 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
  ENTRY(efi_call_phys)
  	/*
  	 * 0. The function can only be called in Linux kernel. So CS has been
-@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
+@@ -36,9 +38,11 @@ ENTRY(efi_call_phys)
  	 * The mapping of lower virtual memory has been created in prelog and
  	 * epilog.
  	 */
 -	movl	$1f, %edx
 -	subl	$__PAGE_OFFSET, %edx
 -	jmp	*%edx
-+	jmp	1f-__PAGE_OFFSET
++	movl	$(__KERNEXEC_EFI_DS), %edx
++	mov	%edx, %ds
++	mov	%edx, %es
++	mov	%edx, %ss
++	ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET
  1:
  
  	/*
-@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
+@@ -47,14 +51,8 @@ ENTRY(efi_call_phys)
  	 * parameter 2, ..., param n. To make things easy, we save the return
  	 * address of efi_call_phys in a global variable.
  	 */
@@ -21001,7 +21493,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
  
  	/*
  	 * 3. Clear PG bit in %CR0.
-@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
+@@ -73,9 +71,8 @@ ENTRY(efi_call_phys)
  	/*
  	 * 5. Call the physical function.
  	 */
@@ -21012,7 +21504,7 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
  	/*
  	 * 6. After EFI runtime service returns, control will return to
  	 * following instruction. We'd better readjust stack pointer first.
-@@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
+@@ -88,35 +85,32 @@ ENTRY(efi_call_phys)
  	movl	%cr0, %edx
  	orl	$0x80000000, %edx
  	movl	%edx, %cr0
@@ -21025,8 +21517,12 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
  	 */
 -	movl	$1f, %edx
 -	jmp	*%edx
-+	jmp	1f+__PAGE_OFFSET
++	ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET
  1:
++	movl	$(__KERNEL_DS), %edx
++	mov	%edx, %ds
++	mov	%edx, %es
++	mov	%edx, %ss
  
  	/*
  	 * 9. Balance the stack. And because EAX contain the return value,
@@ -21054,6 +21550,78 @@ diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_32.S linux-3.0.4/arch/x86/
  saved_return_addr:
  	.long 0
  efi_rt_function_ptr:
+diff -urNp linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S
+--- linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S	2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.4/arch/x86/platform/efi/efi_stub_64.S	2011-09-17 18:31:51.000000000 -0400
+@@ -40,6 +40,9 @@ ENTRY(efi_call0)
+ 	call *%rdi
+ 	addq $32, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call0)
+ 
+@@ -50,6 +53,9 @@ ENTRY(efi_call1)
+ 	call *%rdi
+ 	addq $32, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call1)
+ 
+@@ -60,6 +66,9 @@ ENTRY(efi_call2)
+ 	call *%rdi
+ 	addq $32, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call2)
+ 
+@@ -71,6 +80,9 @@ ENTRY(efi_call3)
+ 	call *%rdi
+ 	addq $32, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call3)
+ 
+@@ -83,6 +95,9 @@ ENTRY(efi_call4)
+ 	call *%rdi
+ 	addq $32, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call4)
+ 
+@@ -96,6 +111,9 @@ ENTRY(efi_call5)
+ 	call *%rdi
+ 	addq $48, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call5)
+ 
+@@ -112,5 +130,8 @@ ENTRY(efi_call6)
+ 	call *%rdi
+ 	addq $48, %rsp
+ 	RESTORE_XMM
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++	orb $0x80, 0x7(%rsp)
++#endif
+ 	ret
+ ENDPROC(efi_call6)
 diff -urNp linux-3.0.4/arch/x86/platform/mrst/mrst.c linux-3.0.4/arch/x86/platform/mrst/mrst.c
 --- linux-3.0.4/arch/x86/platform/mrst/mrst.c	2011-07-21 22:17:23.000000000 -0400
 +++ linux-3.0.4/arch/x86/platform/mrst/mrst.c	2011-08-23 21:47:55.000000000 -0400
@@ -63277,7 +63845,7 @@ diff -urNp linux-3.0.4/localversion-grsec linux-3.0.4/localversion-grsec
 +-grsec
 diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
 --- linux-3.0.4/Makefile	2011-09-02 18:11:26.000000000 -0400
-+++ linux-3.0.4/Makefile	2011-09-14 11:16:43.000000000 -0400
++++ linux-3.0.4/Makefile	2011-09-17 00:56:07.000000000 -0400
 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
  
  HOSTCC       = gcc
@@ -63314,20 +63882,23 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  	$(Q)$(MAKE) $(build)=scripts/basic
  	$(Q)rm -f .tmp_quiet_recordmcount
  
-@@ -564,6 +567,28 @@ else
+@@ -564,6 +567,31 @@ else
  KBUILD_CFLAGS	+= -O2
  endif
  
-+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh $(HOSTCC) $(CC)), y)
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
 +CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
 +ifdef CONFIG_KALLOCSTAT_PLUGIN
 +KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
 +endif
 +ifdef CONFIG_PAX_MEMORY_STACKLEAK
 +STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
 +endif
-+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN
 +gcc-plugins:
 +	$(Q)$(MAKE) $(build)=tools/gcc
 +else
@@ -63343,7 +63914,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  include $(srctree)/arch/$(SRCARCH)/Makefile
  
  ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +733,7 @@ export mod_strip_cmd
+@@ -708,7 +736,7 @@ export mod_strip_cmd
  
  
  ifeq ($(KBUILD_EXTMOD),)
@@ -63352,7 +63923,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  
  vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
  		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -907,6 +932,8 @@ define rule_vmlinux-modpost
+@@ -907,6 +935,8 @@ define rule_vmlinux-modpost
  endef
  
  # vmlinux image - including updated kernel symbols
@@ -63361,7 +63932,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  vmlinux: $(vmlinux-lds) $(vmlinux-init) $(vmlinux-main) vmlinux.o $(kallsyms.o) FORCE
  ifdef CONFIG_HEADERS_CHECK
  	$(Q)$(MAKE) -f $(srctree)/Makefile headers_check
-@@ -941,7 +968,8 @@ $(sort $(vmlinux-init) $(vmlinux-main)) 
+@@ -941,7 +971,8 @@ $(sort $(vmlinux-init) $(vmlinux-main)) 
  # Error messages still appears in the original language
  
  PHONY += $(vmlinux-dirs)
@@ -63371,7 +63942,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  	$(Q)$(MAKE) $(build)=$@
  
  # Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1014,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1017,7 @@ prepare0: archprepare FORCE
  	$(Q)$(MAKE) $(build)=. missing-syscalls
  
  # All the preparing..
@@ -63379,7 +63950,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  prepare: prepare0
  
  # Generate some files
-@@ -1102,7 +1131,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+@@ -1102,7 +1134,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
  
  # Target to prepare building external modules
  PHONY += modules_prepare
@@ -63388,7 +63959,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  
  # Target to install modules
  PHONY += modules_install
-@@ -1198,7 +1227,7 @@ distclean: mrproper
+@@ -1198,7 +1230,7 @@ distclean: mrproper
  	@find $(srctree) $(RCS_FIND_IGNORE) \
  		\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
  		-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -63397,7 +63968,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  		-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
  		-type f -print | xargs rm -f
  
-@@ -1359,6 +1388,7 @@ PHONY += $(module-dirs) modules
+@@ -1359,6 +1391,7 @@ PHONY += $(module-dirs) modules
  $(module-dirs): crmodverdir $(objtree)/Module.symvers
  	$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
  
@@ -63405,7 +63976,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  modules: $(module-dirs)
  	@$(kecho) '  Building modules, stage 2.';
  	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1515,19 @@ else
+@@ -1485,17 +1518,19 @@ else
          target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
  endif
  
@@ -63429,7 +64000,7 @@ diff -urNp linux-3.0.4/Makefile linux-3.0.4/Makefile
  	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
  %.symtypes: %.c prepare scripts FORCE
  	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1537,13 @@ endif
+@@ -1505,11 +1540,13 @@ endif
  	$(cmd_crmodverdir)
  	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
  	$(build)=$(build-dir)
@@ -71384,8 +71955,8 @@ diff -urNp linux-3.0.4/security/integrity/ima/ima_queue.c linux-3.0.4/security/i
  	return 0;
 diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
 --- linux-3.0.4/security/Kconfig	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/security/Kconfig	2011-08-23 21:48:14.000000000 -0400
-@@ -4,6 +4,554 @@
++++ linux-3.0.4/security/Kconfig	2011-09-17 00:58:04.000000000 -0400
+@@ -4,6 +4,558 @@
  
  menu "Security options"
  
@@ -71396,6 +71967,9 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
 +	config ARCH_TRACK_EXEC_LIMIT
 +	bool
 +
++	config PAX_KERNEXEC_PLUGIN
++	bool
++
 +	config PAX_PER_CPU_PGD
 +	bool
 +
@@ -71706,6 +72280,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
 +	bool "Enforce non-executable kernel pages"
 +	depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
 +	select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
++	select PAX_KERNEXEC_PLUGIN if X86_64
 +	help
 +	  This is the kernel land equivalent of PAGEEXEC and MPROTECT,
 +	  that is, enabling this option will make it harder to inject
@@ -71940,7 +72515,7 @@ diff -urNp linux-3.0.4/security/Kconfig linux-3.0.4/security/Kconfig
  config KEYS
  	bool "Enable access key retention support"
  	help
-@@ -167,7 +715,7 @@ config INTEL_TXT
+@@ -167,7 +719,7 @@ config INTEL_TXT
  config LSM_MMAP_MIN_ADDR
  	int "Low address space for LSM to protect from user allocation"
  	depends on SECURITY && SECURITY_SELINUX
@@ -72832,8 +73407,8 @@ diff -urNp linux-3.0.4/tools/gcc/constify_plugin.c linux-3.0.4/tools/gcc/constif
 +}
 diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallocstat_plugin.c
 --- linux-3.0.4/tools/gcc/kallocstat_plugin.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/kallocstat_plugin.c	2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,163 @@
++++ linux-3.0.4/tools/gcc/kallocstat_plugin.c	2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,165 @@
 +/*
 + * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -72868,6 +73443,8 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
 +#include "emit-rtl.h"
 +#include "function.h"
 +
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
 +int plugin_is_GPL_compatible;
 +
 +static const char * const kalloc_functions[] = {
@@ -72997,10 +73574,279 @@ diff -urNp linux-3.0.4/tools/gcc/kallocstat_plugin.c linux-3.0.4/tools/gcc/kallo
 +
 +	return 0;
 +}
+diff -urNp linux-3.0.4/tools/gcc/kernexec_plugin.c linux-3.0.4/tools/gcc/kernexec_plugin.c
+--- linux-3.0.4/tools/gcc/kernexec_plugin.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.4/tools/gcc/kernexec_plugin.c	2011-09-19 09:16:58.000000000 -0400
+@@ -0,0 +1,265 @@
++/*
++ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
++ * Licensed under the GPL v2
++ *
++ * Note: the choice of the license means that the compilation process is
++ *       NOT 'eligible' as defined by gcc's library exception to the GPL v3,
++ *       but for the kernel it doesn't matter since it doesn't link against
++ *       any of the gcc libraries
++ *
++ * gcc plugin to make KERNEXEC/amd64 almost as good as it is on i386
++ *
++ * TODO:
++ *
++ * BUGS:
++ * - none known
++ */
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "basic-block.h"
++#include "gimple.h"
++//#include "expr.h" where are you...
++#include "diagnostic.h"
++#include "rtl.h"
++#include "emit-rtl.h"
++#include "function.h"
++#include "tree-flow.h"
++
++extern void print_gimple_stmt(FILE *, gimple, int, int);
++
++int plugin_is_GPL_compatible;
++
++static struct plugin_info kernexec_plugin_info = {
++	.version	= "201109191200",
++};
++
++static unsigned int execute_kernexec_fptr(void);
++static unsigned int execute_kernexec_retaddr(void);
++
++static struct gimple_opt_pass kernexec_fptr_pass = {
++	.pass = {
++		.type			= GIMPLE_PASS,
++		.name			= "kernexec_fptr",
++		.gate			= NULL,
++		.execute		= execute_kernexec_fptr,
++		.sub			= NULL,
++		.next			= NULL,
++		.static_pass_number	= 0,
++		.tv_id			= TV_NONE,
++		.properties_required	= 0,
++		.properties_provided	= 0,
++		.properties_destroyed	= 0,
++		.todo_flags_start	= 0,
++		.todo_flags_finish	= TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi
++	}
++};
++
++static struct rtl_opt_pass kernexec_retaddr_pass = {
++	.pass = {
++		.type			= RTL_PASS,
++		.name			= "kernexec_retaddr",
++		.gate			= NULL,
++		.execute		= execute_kernexec_retaddr,
++		.sub			= NULL,
++		.next			= NULL,
++		.static_pass_number	= 0,
++		.tv_id			= TV_NONE,
++		.properties_required	= 0,
++		.properties_provided	= 0,
++		.properties_destroyed	= 0,
++		.todo_flags_start	= 0,
++		.todo_flags_finish	= TODO_dump_func
++	}
++};
++
++/*
++ * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce
++ * a non-canonical address from a userland ptr and will just trigger a GPF on dereference
++ */
++static void kernexec_instrument_fptr(gimple_stmt_iterator gsi)
++{
++	gimple assign_intptr, assign_new_fptr, call_stmt;
++	tree intptr, old_fptr, new_fptr, kernexec_mask;
++
++	call_stmt = gsi_stmt(gsi);
++	old_fptr = gimple_call_fn(call_stmt);
++
++	// create temporary unsigned long variable used for bitops and cast fptr to it
++	intptr = create_tmp_var(long_unsigned_type_node, NULL);
++	add_referenced_var(intptr);
++	mark_sym_for_renaming(intptr);
++	assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr));
++	update_stmt(assign_intptr);
++	gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
++
++	gsi_next(&gsi);
++
++	// apply logical or to temporary unsigned long and bitmask
++	kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL);
++//	kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL);
++	assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask));
++	update_stmt(assign_intptr);
++	gsi_insert_before(&gsi, assign_intptr, GSI_NEW_STMT);
++
++	gsi_next(&gsi);
++
++	// cast temporary unsigned long back to a temporary fptr variable
++	new_fptr = create_tmp_var(TREE_TYPE(old_fptr), NULL);
++	add_referenced_var(new_fptr);
++	mark_sym_for_renaming(new_fptr);
++	assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
++	update_stmt(assign_new_fptr);
++	gsi_insert_before(&gsi, assign_new_fptr, GSI_NEW_STMT);
++
++	gsi_next(&gsi);
++
++	// replace call stmt fn with the new fptr
++	gimple_call_set_fn(call_stmt, new_fptr);
++	update_stmt(call_stmt);
++}
++
++/*
++ * find all C level function pointer dereferences and forcibly set the highest bit of the pointer
++ */
++static unsigned int execute_kernexec_fptr(void)
++{
++	basic_block bb;
++	gimple_stmt_iterator gsi;
++
++	// 1. loop through BBs and GIMPLE statements
++	FOR_EACH_BB(bb) {
++		for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++			// gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
++			tree fn;
++			gimple call_stmt;
++
++			// is it a call ...
++			call_stmt = gsi_stmt(gsi);
++			if (!is_gimple_call(call_stmt))
++				continue;
++			fn = gimple_call_fn(call_stmt);
++			if (TREE_CODE(fn) == ADDR_EXPR)
++				continue;
++			if (TREE_CODE(fn) != SSA_NAME)
++				gcc_unreachable();
++
++			// ... through a function pointer
++			fn = SSA_NAME_VAR(fn);
++			if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL)
++				continue;
++			fn = TREE_TYPE(fn);
++			if (TREE_CODE(fn) != POINTER_TYPE)
++				continue;
++			fn = TREE_TYPE(fn);
++			if (TREE_CODE(fn) != FUNCTION_TYPE)
++				continue;
++
++			kernexec_instrument_fptr(gsi);
++
++//debug_tree(gimple_call_fn(call_stmt));
++//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO);
++		}
++	}
++
++	return 0;
++}
++
++// add special KERNEXEC instrumentation: orb $0x80,7(%rsp) just before retn
++static void kernexec_instrument_retaddr(rtx insn)
++{
++	rtx ret_addr, clob, or;
++
++	start_sequence();
++
++	// compute 7(%rsp)
++	ret_addr = gen_rtx_MEM(QImode, gen_rtx_PLUS(Pmode, stack_pointer_rtx, GEN_INT(7)));
++	MEM_VOLATILE_P(ret_addr) = 1;
++
++	// create orb $0x80,7(%rsp)
++	or = gen_rtx_SET(VOIDmode, ret_addr, gen_rtx_IOR(QImode, ret_addr, GEN_INT(0xffffffffffffff80)));
++	clob = gen_rtx_CLOBBER(VOIDmode, gen_rtx_REG(CCmode, FLAGS_REG));
++
++	// put everything together
++	or = emit_insn(gen_rtx_PARALLEL(VOIDmode, gen_rtvec(2, or, clob)));
++	RTX_FRAME_RELATED_P(or) = 1;
++
++	end_sequence();
++
++	emit_insn_before(or, insn);
++}
++
++/*
++ * find all asm level function returns and forcibly set the highest bit of the return address
++ */
++static unsigned int execute_kernexec_retaddr(void)
++{
++	rtx insn;
++
++	// 1. find function returns
++	for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
++		// rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
++		//            (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
++		rtx body;
++
++		// is it a retn
++		if (!JUMP_P(insn))
++			continue;
++		body = PATTERN(insn);
++		if (GET_CODE(body) == PARALLEL)
++			body = XVECEXP(body, 0, 0);
++		if (GET_CODE(body) != RETURN)
++			continue;
++		kernexec_instrument_retaddr(insn);
++	}
++
++//	print_simple_rtl(stderr, get_insns());
++//	print_rtl(stderr, get_insns());
++
++	return 0;
++}
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++	const char * const plugin_name = plugin_info->base_name;
++	const int argc = plugin_info->argc;
++	const struct plugin_argument * const argv = plugin_info->argv;
++	int i;
++	struct register_pass_info kernexec_fptr_pass_info = {
++		.pass				= &kernexec_fptr_pass.pass,
++		.reference_pass_name		= "ssa",
++		.ref_pass_instance_number	= 0,
++		.pos_op 			= PASS_POS_INSERT_AFTER
++	};
++	struct register_pass_info kernexec_retaddr_pass_info = {
++		.pass				= &kernexec_retaddr_pass.pass,
++		.reference_pass_name		= "pro_and_epilogue",
++		.ref_pass_instance_number	= 0,
++		.pos_op 			= PASS_POS_INSERT_AFTER
++	};
++
++	if (!plugin_default_version_check(version, &gcc_version)) {
++		error(G_("incompatible gcc/plugin versions"));
++		return 1;
++	}
++
++	register_callback(plugin_name, PLUGIN_INFO, NULL, &kernexec_plugin_info);
++
++	for (i = 0; i < argc; ++i)
++		error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++
++	if (TARGET_64BIT == 0 || ix86_cmodel != CM_KERNEL)
++		return 0;
++
++	register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info);
++	register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info);
++
++	return 0;
++}
 diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
 --- linux-3.0.4/tools/gcc/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/Makefile	2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,13 @@
++++ linux-3.0.4/tools/gcc/Makefile	2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,14 @@
 +#CC := gcc
 +#PLUGIN_SOURCE_FILES := pax_plugin.c
 +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -73009,15 +73855,16 @@ diff -urNp linux-3.0.4/tools/gcc/Makefile linux-3.0.4/tools/gcc/Makefile
 +
 +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
 +
-+hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so
++hostlibs-y := stackleak_plugin.so constify_plugin.so kallocstat_plugin.so kernexec_plugin.so
 +always := $(hostlibs-y)
 +stackleak_plugin-objs := stackleak_plugin.o
 +constify_plugin-objs := constify_plugin.o
 +kallocstat_plugin-objs := kallocstat_plugin.o
++kernexec_plugin-objs := kernexec_plugin.o
 diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackleak_plugin.c
 --- linux-3.0.4/tools/gcc/stackleak_plugin.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/tools/gcc/stackleak_plugin.c	2011-09-14 09:08:05.000000000 -0400
-@@ -0,0 +1,249 @@
++++ linux-3.0.4/tools/gcc/stackleak_plugin.c	2011-09-17 00:53:44.000000000 -0400
+@@ -0,0 +1,251 @@
 +/*
 + * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -73085,7 +73932,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
 +		.properties_provided	= 0,
 +		.properties_destroyed	= 0,
 +		.todo_flags_start	= 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+		.todo_flags_finish	= TODO_verify_stmts // | TODO_dump_func
++		.todo_flags_finish	= TODO_verify_stmts | TODO_dump_func
 +	}
 +};
 +
@@ -73103,7 +73950,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
 +		.properties_provided	= 0,
 +		.properties_destroyed	= 0,
 +		.todo_flags_start	= 0,
-+		.todo_flags_finish	= 0
++		.todo_flags_finish	= TODO_dump_func
 +	}
 +};
 +
@@ -73181,6 +74028,10 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
 +	if (cfun->calls_alloca)
 +		return 0;
 +
++	// keep calls only if function frame is big enough
++	if (get_frame_size() >= track_frame_size)
++		return 0;
++
 +	// 1. find pax_track_stack calls
 +	for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
 +		// rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil))
@@ -73200,9 +74051,7 @@ diff -urNp linux-3.0.4/tools/gcc/stackleak_plugin.c linux-3.0.4/tools/gcc/stackl
 +		if (strcmp(XSTR(body, 0), track_function))
 +			continue;
 +//		warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
-+		// 2. delete call if function frame is not big enough
-+		if (get_frame_size() >= track_frame_size)
-+			continue;
++		// 2. delete call
 +		delete_insn_and_edges(insn);
 +	}
 +

diff --git a/3.0.4/4435_grsec-kconfig-gentoo.patch b/3.0.4/4435_grsec-kconfig-gentoo.patch
index 6e1e60f..82d188e 100644
--- a/3.0.4/4435_grsec-kconfig-gentoo.patch
+++ b/3.0.4/4435_grsec-kconfig-gentoo.patch
@@ -15,9 +15,9 @@ and conflicts with some software and thus would be less suitable.
 The original version of this patch was conceived and created by:
 Ned Ludd <solar@gentoo.org>
 
-diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig
---- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
-+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig	2011-04-17 19:27:46.000000000 -0400
+diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+--- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
++++ b/grsecurity/Kconfig	2011-04-17 19:27:46.000000000 -0400
 @@ -18,7 +18,7 @@
  choice
  	prompt "Security Level"
@@ -286,21 +286,22 @@ diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardene
  config GRKERNSEC_CUSTOM
  	bool "Custom"
  	help
-diff -Naur linux-2.6.38-hardened-r1.orig/security/Kconfig linux-2.6.38-hardened-r1/security/Kconfig
---- linux-2.6.38-hardened-r1.orig/security/Kconfig	2011-04-17 19:25:02.000000000 -0400
-+++ linux-2.6.38-hardened-r1/security/Kconfig	2011-04-17 19:27:46.000000000 -0400
-@@ -319,8 +319,9 @@
+diff -Naur a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig	2011-09-21 07:20:02.000000000 -0400
++++ b/security/Kconfig	2011-09-21 07:25:50.000000000 -0400
+@@ -322,9 +322,10 @@
  
  config PAX_KERNEXEC
  	bool "Enforce non-executable kernel pages"
 -	depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
 +	depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN && !GRKERNSEC_HARDENED_VIRTUALIZATION
  	select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ 	select PAX_KERNEXEC_PLUGIN if X86_64
 +	default y if GRKERNSEC_HARDENED_WORKSTATION
  	help
  	  This is the kernel land equivalent of PAGEEXEC and MPROTECT,
  	  that is, enabling this option will make it harder to inject
-@@ -483,8 +484,9 @@
+@@ -487,8 +488,9 @@
  
  config PAX_MEMORY_UDEREF
  	bool "Prevent invalid userland pointer dereference"
@@ -311,3 +312,4 @@ diff -Naur linux-2.6.38-hardened-r1.orig/security/Kconfig linux-2.6.38-hardened-
  	help
  	  By saying Y here the kernel will be prevented from dereferencing
  	  userland pointers in contexts where the kernel expects only kernel
+