rpms/kernel/FC-5 kernel-2.6.spec, 1.2192, 1.2193 linux-2.6-execshield.patch, 1.16, 1.17
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Oct 2 02:55:57 UTC 2006
- Previous message (by thread): rpms/kernel/FC-5/configs config-generic, 1.174, 1.175 config-ia64-generic, 1.24, 1.25 config-powerpc-generic, 1.17, 1.18 config-x86-generic, 1.44, 1.45 config-x86_64-generic, 1.37, 1.38
- Next message (by thread): rpms/kernel/FC-5 linux-2.6-inode-diet-xfs.patch, NONE, 1.1 kernel-2.6.spec, 1.2193, 1.2194 linux-2.6-lockdep-fixes.patch, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: davej
Update of /cvs/dist/rpms/kernel/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv14938
Modified Files:
kernel-2.6.spec linux-2.6-execshield.patch
Log Message:
- Execshield improvements. (Bart Oldeman)
- Disable PM_DEBUG
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-5/kernel-2.6.spec,v
retrieving revision 1.2192
retrieving revision 1.2193
diff -u -r1.2192 -r1.2193
--- kernel-2.6.spec 2 Oct 2006 02:51:00 -0000 1.2192
+++ kernel-2.6.spec 2 Oct 2006 02:55:55 -0000 1.2193
@@ -1549,6 +1549,10 @@
* Sun Oct 1 2006 Dave Jones <davej at redhat.com>
- Drop the STICKY tag from acpi-cpufreq, it breaks suspend/resume.
+* Fri Sep 29 2006 Dave Jones <davej at redhat.com>
+- Execshield improvements. (Bart Oldeman)
+- Disable PM_DEBUG
+
* Wed Sep 27 2006 Dave Jones <davej at redhat.com>
- Enable serverworks IDE driver for x86-64.
- More lockdep fixes.
linux-2.6-execshield.patch:
2/arch/i386/kernel/sysenter.c | 2
2/mm/mmap.c | 2
linux-2.6.18.noarch/kernel/sysctl.c | 7 -
linux-810/arch/i386/kernel/cpu/common.c | 7 +
linux-810/arch/i386/kernel/process.c | 59 +++++++++
linux-810/arch/i386/kernel/smp.c | 3
linux-810/arch/i386/kernel/sysenter.c | 3
linux-810/arch/i386/kernel/traps.c | 93 +++++++++++++++
linux-810/arch/i386/mm/init.c | 6 -
linux-810/arch/i386/mm/mmap.c | 6 -
linux-810/arch/ia64/ia32/binfmt_elf32.c | 2
linux-810/arch/powerpc/kernel/vdso.c | 3
linux-810/arch/x86_64/ia32/ia32_binfmt.c | 6 -
linux-810/arch/x86_64/ia32/syscall32.c | 4
linux-810/arch/x86_64/kernel/process.c | 6 -
linux-810/arch/x86_64/kernel/setup64.c | 23 ---
linux-810/arch/x86_64/mm/fault.c | 2
linux-810/arch/x86_64/mm/mmap.c | 98 +++++++++++++---
linux-810/drivers/char/random.c | 7 +
linux-810/fs/binfmt_elf.c | 147 ++++++++++++++++++------
linux-810/fs/proc/array.c | 8 +
linux-810/fs/proc/base.c | 8 -
linux-810/fs/proc/task_mmu.c | 29 ++++
linux-810/include/asm-i386/a.out.h | 2
linux-810/include/asm-i386/desc.h | 14 ++
linux-810/include/asm-i386/elf.h | 6 -
linux-810/include/asm-i386/mmu.h | 4
linux-810/include/asm-i386/page.h | 5
linux-810/include/asm-i386/pgalloc.h | 1
linux-810/include/asm-i386/processor.h | 8 +
linux-810/include/asm-ia64/pgalloc.h | 4
linux-810/include/asm-powerpc/elf.h | 3
linux-810/include/asm-powerpc/pgalloc.h | 5
linux-810/include/asm-ppc/pgalloc.h | 5
linux-810/include/asm-s390/pgalloc.h | 4
linux-810/include/asm-sparc/pgalloc.h | 4
linux-810/include/asm-sparc64/pgalloc.h | 4
linux-810/include/asm-x86_64/pgalloc.h | 7 +
linux-810/include/asm-x86_64/pgtable.h | 2
linux-810/include/linux/mm.h | 16 ++
linux-810/include/linux/resource.h | 5
linux-810/include/linux/sched.h | 9 +
linux-810/include/linux/sysctl.h | 3
linux-810/kernel/signal.c | 33 +++++
linux-810/kernel/sysctl.c | 57 +++++++++
linux-810/mm/fremap.c | 16 +-
linux-810/mm/mmap.c | 183 +++++++++++++++++++++++++++++--
linux-810/mm/mprotect.c | 5
linux-810/mm/mremap.c | 4
49 files changed, 800 insertions(+), 140 deletions(-)
Index: linux-2.6-execshield.patch
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-5/linux-2.6-execshield.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- linux-2.6-execshield.patch 22 Sep 2006 22:43:07 -0000 1.16
+++ linux-2.6-execshield.patch 2 Oct 2006 02:55:55 -0000 1.17
@@ -1832,3 +1832,74 @@
ret = new_addr;
if (new_addr & ~PAGE_MASK)
goto out;
+
+
+Date: Fri, 29 Sep 2006 02:14:32 +0100
+From: "Bart Oldeman" <bartoldeman at users.sourceforge.net>
+To: mingo at elte.hu
+Subject: [patch] exec-shield: move vdso back to the ascii-armor.
+
+Hi Ingo,
+
+testing exec-shield I observed that unlike in earlier versions, the
+vdso page was now placed at the normal maps around 0xbf000000. With
+the cs-selector protection that makes the heap executable.
+
+I wonder if this was done on purpose? In any case, the attached patch
+rectifies this.
+
+Also, two of the four bits in the sysctl are not used anymore, and I
+observed that random_int() when called withing very short time ranges,
+returns the same value, and the same random address, so the address is
+reset to 0x110000.
+
+As the vdso page is no longer placed just below any other region, SHLIB_BASE
+could be decreased by 0x1000.
+
+Bart
+
+--- linux-2.6.18.noarch/kernel/sysctl.c~ 2006-09-29 16:59:02.000000000 -0400
++++ linux-2.6.18.noarch/kernel/sysctl.c 2006-09-29 17:00:06.000000000 -0400
+@@ -82,16 +82,15 @@ extern int proc_unknown_nmi_panic(ctl_ta
+
+ extern unsigned int vdso_enabled, vdso_populate;
+
+-int exec_shield = (1<<3) | (1<<0);
++int exec_shield = (1<<1) | (1<<0);
+ /* exec_shield is a bitmask:
+ 0: off; vdso at STACK_TOP, 1 page below TASK_SIZE
+ (1<<0) 1: on [also on if !=0]
+ (1<<1) 2: noexecstack by default
++ The old settings
+ (1<<2) 4: vdso just below .text of main (unless too low)
+ (1<<3) 8: vdso just below .text of PT_INTERP (unless too low)
+-Yes, vdso placement is overloaded here; but exec_shield off
+-is a strong incentive to place vdso at STACK_TOP, so the bit
+-for vdso just below .text comes along for the ride.
++ are ignored because the vdso is placed completely randomly
+ */
+
+ static int __init setup_exec_shield(char *str)
+--- 1/mm/mmap.c.orig 2006-09-28 22:16:49.000000000 +0100
++++ 2/mm/mmap.c 2006-09-28 23:58:14.000000000 +0100
+@@ -1407,7 +1407,7 @@
+
+ EXPORT_SYMBOL(get_unmapped_area_prot);
+
+-#define SHLIB_BASE 0x00111000
++#define SHLIB_BASE 0x00110000
+
+ unsigned long arch_get_unmapped_exec_area(struct file *filp, unsigned long addr0,
+ unsigned long len0, unsigned long pgoff, unsigned long flags)
+--- 1/arch/i386/kernel/sysenter.c.orig 2006-09-28 22:09:57.000000000 +0100
++++ 2/arch/i386/kernel/sysenter.c 2006-09-28 23:02:38.000000000 +0100
+@@ -127,7 +127,7 @@
+ int ret;
+
+ down_write(&mm->mmap_sem);
+- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
++ addr = get_unmapped_area_prot(NULL, 0, PAGE_SIZE, 0, 0, 1);
+ if (IS_ERR_VALUE(addr)) {
+ ret = addr;
+ goto up_fail;
+
- Previous message (by thread): rpms/kernel/FC-5/configs config-generic, 1.174, 1.175 config-ia64-generic, 1.24, 1.25 config-powerpc-generic, 1.17, 1.18 config-x86-generic, 1.44, 1.45 config-x86_64-generic, 1.37, 1.38
- Next message (by thread): rpms/kernel/FC-5 linux-2.6-inode-diet-xfs.patch, NONE, 1.1 kernel-2.6.spec, 1.2193, 1.2194 linux-2.6-lockdep-fixes.patch, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list