r2540 - in trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian: . patches patches/series

Frederik Schüler fschueler-guest@costa.debian.org
Thu, 24 Feb 2005 00:47:18 +0100 

Author: fschueler-guest
Date: 2005-02-24 00:47:17 +0100 (Thu, 24 Feb 2005)
New Revision: 2540

Added:
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6
Log:
Added amd64-noexec32-backport.dpatch: enable executable stack and executable heap for all 32bit programs on amd64 unless noexec32=on is specified


Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog	2005-02-23 16:35:12 UTC (rev 2539)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog	2005-02-23 23:47:17 UTC (rev 2540)
@@ -30,8 +30,12 @@
     fix potential information leak by making fragment queues private. 
     (Joshua Kwan, Simon Horman)
 
- -- Simon Horman <horms@debian.org>  Wed, 23 Feb 2005 12:21:02 +0900
+  * amd64-noexec32-backport.dpatch: enable executable stack and executable 
+    heap for all 32bit programs on amd64, except if noexec32=on is specified. 
+    (Frederik Schüler)
 
+ -- Frederik Schüler <fschueler@gmx.net>  Thu, 24 Feb 2005 00:37:56 +0100
+
 kernel-source-2.6.10 (2.6.10-5) unstable; urgency=low
 
   * Change $((exp) | exp) to $( (exp) | exp), so things work with dash

Added: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch	2005-02-23 16:35:12 UTC (rev 2539)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch	2005-02-23 23:47:17 UTC (rev 2540)
@@ -0,0 +1,100 @@
+#! /bin/sh -e
+## amd64-noexec32-backport.dpatch by Frederik Schüler <f.schueler@gmx.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: enable executable stack and executable heap for all 32bit programs on x86-64, except if noexec32=on is specified.
+## DP: Patch author: Andi Kleen <ak@suse.de>
+## DP: Upstream status: backport from 2.6.11-rc4
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+--- ./arch/x86_64/kernel/process.c.orig	2005-02-23 17:44:38.298266097 +0100
++++ ./arch/x86_64/kernel/process.c	2005-02-23 17:48:52.229019916 +0100
+@@ -560,6 +560,13 @@
+ 
+ 	/* Make sure to be in 64bit mode */
+ 	clear_thread_flag(TIF_IA32); 
++
++	/* TBD: overwrites user setup. Should have two bits.
++	   But 64bit processes have always behaved this way,
++	   so it's not too bad. The main problem is just that
++		 32bit childs are affected again. */
++	current->personality &= ~READ_IMPLIES_EXEC;
++
+ }
+ 
+ asmlinkage long sys_fork(struct pt_regs *regs)
+--- ./arch/x86_64/kernel/setup64.c.orig	2005-02-23 23:58:30.719543925 +0100
++++ ./arch/x86_64/kernel/setup64.c	2005-02-23 23:59:20.551256256 +0100
+@@ -52,10 +52,10 @@
+ */ 
+ static int __init nonx_setup(char *str)
+ {
+-	if (!strcmp(str, "on")) {
++	if (!strncmp(str, "on", 2)) {
+                 __supported_pte_mask |= _PAGE_NX; 
+  		do_not_nx = 0; 
+-	} else if (!strcmp(str, "off")) {
++	} else if (!strncmp(str, "off", 3)) {
+ 		do_not_nx = 1;
+ 		__supported_pte_mask &= ~_PAGE_NX;
+         } 
+-        return 1;
++        return 0;
+ } 
+ 
+ __setup("noexec=", nonx_setup); 
+ 
++int force_personality32 = READ_IMPLIES_EXEC;
++
++/* noexec32=on|off
++	 Control non executable heap for 32bit processes.
++	 To control the stack too use noexec=off
++
++	 on PROT_READ does not imply PROT_EXEC for 32bit processes
++	 off  PROT_READ implies PROT_EXEC (default)
++*/
++static int __init nonx32_setup(char *str)
++{
++	if (!strcmp(str, "on"))
++		force_personality32 &= ~READ_IMPLIES_EXEC;
++	else if (!strcmp(str, "off"))
++		force_personality32 |= READ_IMPLIES_EXEC;
++	return 0;
++}
++__setup("noexec32=", nonx32_setup);
++
+ /*
+  * Great future plan:
+  * Declare PDA itself and support (irqstack,tss,pml4) as per cpu data.
+--- ./arch/x86_64/ia32/ia32_binfmt.c.orig	2005-02-23 17:40:43.650300332 +0100
++++ ./arch/x86_64/ia32/ia32_binfmt.c	2005-02-23 17:44:20.781180261 +0100
+@@ -249,6 +249,8 @@
+ #define elf_check_arch(x) \
+ 	((x)->e_machine == EM_386)
+ 
++extern int force_personality32;
++
+ #define ELF_EXEC_PAGESIZE PAGE_SIZE
+ #define ELF_HWCAP (boot_cpu_data.x86_capability[0])
+ #define ELF_PLATFORM  ("i686")
+@@ -262,6 +264,8 @@
+ 		set_thread_flag(TIF_ABI_PENDING);		\
+ 	else							\
+ 		clear_thread_flag(TIF_ABI_PENDING);		\
++	/* XXX This overwrites the user set personality */  \
++	current->personality |= force_personality32;    \
+ } while (0)
+ 
+ /* Override some function names */
+--- ./include/asm-x86_64/pgtable.h.orig	2005-02-23 20:55:49.128396559 +0100
++++ ./include/asm-x86_64/pgtable.h	2005-02-23 20:56:32.137208282 +0100
+@@ -27,6 +27,7 @@
+ 
+ #define swapper_pg_dir NULL
+ 
++extern int nonx_setup(char *str);
+ extern void paging_init(void);
+ extern void clear_kernel_mapping(unsigned long addr, unsigned long size);
+ 

Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6	2005-02-23 16:35:12 UTC (rev 2539)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6	2005-02-23 23:47:17 UTC (rev 2540)
@@ -7,3 +7,4 @@
 + ipv4-fragment-queues.dpatch
 + ipv4-fragment-queues-2.dpatch
 + nls-table-overflow.dpatch
++ amd64-noexec32-backport.dpatch