r2540 - in trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian: . patches patches/series
Frederik Schüler
fschueler-guest@costa.debian.org
Thu, 24 Feb 2005 00:47:18 +0100
Author: fschueler-guest
Date: 2005-02-24 00:47:17 +0100 (Thu, 24 Feb 2005)
New Revision: 2540
Added:
trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6
Log:
Added amd64-noexec32-backport.dpatch: enable executable stack and executable heap for all 32bit programs on amd64 unless noexec32=on is specified
Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog 2005-02-23 16:35:12 UTC (rev 2539)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog 2005-02-23 23:47:17 UTC (rev 2540)
@@ -30,8 +30,12 @@
fix potential information leak by making fragment queues private.
(Joshua Kwan, Simon Horman)
- -- Simon Horman <horms@debian.org> Wed, 23 Feb 2005 12:21:02 +0900
+ * amd64-noexec32-backport.dpatch: enable executable stack and executable
+ heap for all 32bit programs on amd64, except if noexec32=on is specified.
+ (Frederik Schüler)
+ -- Frederik Schüler <fschueler@gmx.net> Thu, 24 Feb 2005 00:37:56 +0100
+
kernel-source-2.6.10 (2.6.10-5) unstable; urgency=low
* Change $((exp) | exp) to $( (exp) | exp), so things work with dash
Added: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch 2005-02-23 16:35:12 UTC (rev 2539)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/amd64-noexec32-backport.dpatch 2005-02-23 23:47:17 UTC (rev 2540)
@@ -0,0 +1,100 @@
+#! /bin/sh -e
+## amd64-noexec32-backport.dpatch by Frederik Schüler <f.schueler@gmx.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: enable executable stack and executable heap for all 32bit programs on x86-64, except if noexec32=on is specified.
+## DP: Patch author: Andi Kleen <ak@suse.de>
+## DP: Upstream status: backport from 2.6.11-rc4
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+--- ./arch/x86_64/kernel/process.c.orig 2005-02-23 17:44:38.298266097 +0100
++++ ./arch/x86_64/kernel/process.c 2005-02-23 17:48:52.229019916 +0100
+@@ -560,6 +560,13 @@
+
+ /* Make sure to be in 64bit mode */
+ clear_thread_flag(TIF_IA32);
++
++ /* TBD: overwrites user setup. Should have two bits.
++ But 64bit processes have always behaved this way,
++ so it's not too bad. The main problem is just that
++ 32bit childs are affected again. */
++ current->personality &= ~READ_IMPLIES_EXEC;
++
+ }
+
+ asmlinkage long sys_fork(struct pt_regs *regs)
+--- ./arch/x86_64/kernel/setup64.c.orig 2005-02-23 23:58:30.719543925 +0100
++++ ./arch/x86_64/kernel/setup64.c 2005-02-23 23:59:20.551256256 +0100
+@@ -52,10 +52,10 @@
+ */
+ static int __init nonx_setup(char *str)
+ {
+- if (!strcmp(str, "on")) {
++ if (!strncmp(str, "on", 2)) {
+ __supported_pte_mask |= _PAGE_NX;
+ do_not_nx = 0;
+- } else if (!strcmp(str, "off")) {
++ } else if (!strncmp(str, "off", 3)) {
+ do_not_nx = 1;
+ __supported_pte_mask &= ~_PAGE_NX;
+ }
+- return 1;
++ return 0;
+ }
+
+ __setup("noexec=", nonx_setup);
+
++int force_personality32 = READ_IMPLIES_EXEC;
++
++/* noexec32=on|off
++ Control non executable heap for 32bit processes.
++ To control the stack too use noexec=off
++
++ on PROT_READ does not imply PROT_EXEC for 32bit processes
++ off PROT_READ implies PROT_EXEC (default)
++*/
++static int __init nonx32_setup(char *str)
++{
++ if (!strcmp(str, "on"))
++ force_personality32 &= ~READ_IMPLIES_EXEC;
++ else if (!strcmp(str, "off"))
++ force_personality32 |= READ_IMPLIES_EXEC;
++ return 0;
++}
++__setup("noexec32=", nonx32_setup);
++
+ /*
+ * Great future plan:
+ * Declare PDA itself and support (irqstack,tss,pml4) as per cpu data.
+--- ./arch/x86_64/ia32/ia32_binfmt.c.orig 2005-02-23 17:40:43.650300332 +0100
++++ ./arch/x86_64/ia32/ia32_binfmt.c 2005-02-23 17:44:20.781180261 +0100
+@@ -249,6 +249,8 @@
+ #define elf_check_arch(x) \
+ ((x)->e_machine == EM_386)
+
++extern int force_personality32;
++
+ #define ELF_EXEC_PAGESIZE PAGE_SIZE
+ #define ELF_HWCAP (boot_cpu_data.x86_capability[0])
+ #define ELF_PLATFORM ("i686")
+@@ -262,6 +264,8 @@
+ set_thread_flag(TIF_ABI_PENDING); \
+ else \
+ clear_thread_flag(TIF_ABI_PENDING); \
++ /* XXX This overwrites the user set personality */ \
++ current->personality |= force_personality32; \
+ } while (0)
+
+ /* Override some function names */
+--- ./include/asm-x86_64/pgtable.h.orig 2005-02-23 20:55:49.128396559 +0100
++++ ./include/asm-x86_64/pgtable.h 2005-02-23 20:56:32.137208282 +0100
+@@ -27,6 +27,7 @@
+
+ #define swapper_pg_dir NULL
+
++extern int nonx_setup(char *str);
+ extern void paging_init(void);
+ extern void clear_kernel_mapping(unsigned long addr, unsigned long size);
+
Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6 2005-02-23 16:35:12 UTC (rev 2539)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6 2005-02-23 23:47:17 UTC (rev 2540)
@@ -7,3 +7,4 @@
+ ipv4-fragment-queues.dpatch
+ ipv4-fragment-queues-2.dpatch
+ nls-table-overflow.dpatch
++ amd64-noexec32-backport.dpatch