[kernel] r22245 - in dists/wheezy-security/linux/debian: . patches patches/bugfix/x86

[Ben Hutchings]

Author: benh
Date: Sun Jan 11 22:16:58 2015
New Revision: 22245

Log:
[amd64] Revert NX changes that caused a regresion in 3.2.65 (Closes: #774436)

Added:
   dists/wheezy-security/linux/debian/patches/bugfix/x86/revert-x86-64bit-mm-mark-data-bss-brk-to-nx.patch
   dists/wheezy-security/linux/debian/patches/bugfix/x86/revert-x86-mm-set-nx-across-entire-pmd-at-boot.patch
Modified:
   dists/wheezy-security/linux/debian/changelog
   dists/wheezy-security/linux/debian/patches/series

Modified: dists/wheezy-security/linux/debian/changelog
==============================================================================
--- dists/wheezy-security/linux/debian/changelog	Sun Jan 11 00:28:32 2015	(r22244)
+++ dists/wheezy-security/linux/debian/changelog	Sun Jan 11 22:16:58 2015	(r22245)
@@ -1,3 +1,12 @@
+linux (3.2.65-1+deb7u1~test) UNRELEASED; urgency=medium
+
+  * [amd64] Revert NX changes that caused a regresion in 3.2.65
+    (Closes: #774436)
+    - Revert "x86, mm: Set NX across entire PMD at boot"
+    - Revert "x86, 64bit, mm: Mark data/bss/brk to nx"
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Sun, 11 Jan 2015 00:33:09 +0000
+
 linux (3.2.65-1) wheezy; urgency=medium
 
   * New upstream stable update:

Added: dists/wheezy-security/linux/debian/patches/bugfix/x86/revert-x86-64bit-mm-mark-data-bss-brk-to-nx.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-security/linux/debian/patches/bugfix/x86/revert-x86-64bit-mm-mark-data-bss-brk-to-nx.patch	Sun Jan 11 22:16:58 2015	(r22245)
@@ -0,0 +1,39 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 11 Jan 2015 20:32:41 +0000
+Subject: Revert "x86, 64bit, mm: Mark data/bss/brk to nx"
+Bug-Debian: https://bugs.debian.org/774436
+Bug-Debian: https://bugs.debian.org/774461
+Bug-Debian: https://bugs.debian.org/774526
+Bug-Debian: https://bugs.debian.org/775059
+
+This reverts commit e105c8187b7101e8a8a54ac0218c9d9c9463c636 which
+was commit 72212675d1c96f5db8ec6fb35701879911193158 upstream.
+
+This caused suspend/resume to stop working on at least some systems -
+specifically, the system would reboot when woken.
+
+---
+--- a/arch/x86/mm/init_64.c
++++ b/arch/x86/mm/init_64.c
+@@ -778,7 +778,6 @@ void mark_rodata_ro(void)
+ 	unsigned long text_end = PAGE_ALIGN((unsigned long) &__stop___ex_table);
+ 	unsigned long rodata_end = PAGE_ALIGN((unsigned long) &__end_rodata);
+ 	unsigned long data_start = (unsigned long) &_sdata;
+-	unsigned long all_end = PFN_ALIGN(&_end);
+ 
+ 	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+ 	       (end - start) >> 10);
+@@ -787,10 +786,10 @@ void mark_rodata_ro(void)
+ 	kernel_set_to_readonly = 1;
+ 
+ 	/*
+-	 * The rodata/data/bss/brk section (but not the kernel text!)
+-	 * should also be not-executable.
++	 * The rodata section (but not the kernel text!) should also be
++	 * not-executable.
+ 	 */
+-	set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT);
++	set_memory_nx(rodata_start, (end - rodata_start) >> PAGE_SHIFT);
+ 
+ 	rodata_test();
+ 

Added: dists/wheezy-security/linux/debian/patches/bugfix/x86/revert-x86-mm-set-nx-across-entire-pmd-at-boot.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-security/linux/debian/patches/bugfix/x86/revert-x86-mm-set-nx-across-entire-pmd-at-boot.patch	Sun Jan 11 22:16:58 2015	(r22245)
@@ -0,0 +1,43 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 11 Jan 2015 00:30:55 +0000
+Subject: Revert "x86, mm: Set NX across entire PMD at boot"
+Bug-Debian: https://bugs.debian.org/774436
+Bug-Debian: https://bugs.debian.org/774461
+Bug-Debian: https://bugs.debian.org/774526
+Bug-Debian: https://bugs.debian.org/775059
+
+This reverts commit a5c187d92d2ce30315f333b9dff33af832e8b443 which
+was commit 45e2a9d4701d8c624d4a4bcdd1084eae31e92f58 upstream.
+
+The previous commit caused suspend/resume to stop working on at least
+some systems - specifically, the system would reboot when woken.
+
+---
+--- a/arch/x86/mm/init_64.c
++++ b/arch/x86/mm/init_64.c
+@@ -778,7 +778,7 @@ void mark_rodata_ro(void)
+ 	unsigned long text_end = PAGE_ALIGN((unsigned long) &__stop___ex_table);
+ 	unsigned long rodata_end = PAGE_ALIGN((unsigned long) &__end_rodata);
+ 	unsigned long data_start = (unsigned long) &_sdata;
+-	unsigned long all_end;
++	unsigned long all_end = PFN_ALIGN(&_end);
+ 
+ 	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+ 	       (end - start) >> 10);
+@@ -789,16 +789,7 @@ void mark_rodata_ro(void)
+ 	/*
+ 	 * The rodata/data/bss/brk section (but not the kernel text!)
+ 	 * should also be not-executable.
+-	 *
+-	 * We align all_end to PMD_SIZE because the existing mapping
+-	 * is a full PMD. If we would align _brk_end to PAGE_SIZE we
+-	 * split the PMD and the reminder between _brk_end and the end
+-	 * of the PMD will remain mapped executable.
+-	 *
+-	 * Any PMD which was setup after the one which covers _brk_end
+-	 * has been zapped already via cleanup_highmem().
+ 	 */
+-	all_end = roundup((unsigned long)_brk_end, PMD_SIZE);
+ 	set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT);
+ 
+ 	rodata_test();

Modified: dists/wheezy-security/linux/debian/patches/series
==============================================================================
--- dists/wheezy-security/linux/debian/patches/series	Sun Jan 11 00:28:32 2015	(r22244)
+++ dists/wheezy-security/linux/debian/patches/series	Sun Jan 11 22:16:58 2015	(r22245)
@@ -1146,3 +1146,5 @@
 bugfix/x86/kvm-x86-don-t-report-guest-userspace-emulation-error-to-userspace.patch
 bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch
 bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch
+bugfix/x86/revert-x86-mm-set-nx-across-entire-pmd-at-boot.patch
+bugfix/x86/revert-x86-64bit-mm-mark-data-bss-brk-to-nx.patch