Remove patch to binfmt_elf_fdpic
We do not build this module and we do not support NOMMU platforms. svn path=/dists/trunk/linux-2.6/; revision=15104
This commit is contained in:
parent
162bbcf175
commit
222e0d7fa9
|
@ -11,10 +11,7 @@ linux-2.6 (2.6.32-7) UNRELEASED; urgency=low
|
||||||
[ dann frazier ]
|
[ dann frazier ]
|
||||||
* Disable FUNCTION_TRACER due to performance/build issues.
|
* Disable FUNCTION_TRACER due to performance/build issues.
|
||||||
(Closes: #568025)
|
(Closes: #568025)
|
||||||
* Patches queued for 2.6.32.8:
|
* Split 'flush_old_exec' into two functions (CVE-2010-0307)
|
||||||
- FDPIC: Respect PT_GNU_STACK exec protection markings when creating
|
|
||||||
NOMMU stack
|
|
||||||
- Split 'flush_old_exec' into two functions (CVE-2010-0307)
|
|
||||||
|
|
||||||
-- maximilian attems <maks@debian.org> Mon, 01 Feb 2010 17:16:31 +0100
|
-- maximilian attems <maks@debian.org> Mon, 01 Feb 2010 17:16:31 +0100
|
||||||
|
|
||||||
|
|
|
@ -1,105 +0,0 @@
|
||||||
From 04e4f2b18c8de1389d1e00fef0f42a8099910daf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mike Frysinger <vapier@gentoo.org>
|
|
||||||
Date: Wed, 6 Jan 2010 17:23:17 +0000
|
|
||||||
Subject: FDPIC: Respect PT_GNU_STACK exec protection markings when creating NOMMU stack
|
|
||||||
|
|
||||||
From: Mike Frysinger <vapier@gentoo.org>
|
|
||||||
|
|
||||||
commit 04e4f2b18c8de1389d1e00fef0f42a8099910daf upstream.
|
|
||||||
|
|
||||||
The current code will load the stack size and protection markings, but
|
|
||||||
then only use the markings in the MMU code path. The NOMMU code path
|
|
||||||
always passes PROT_EXEC to the mmap() call. While this doesn't matter
|
|
||||||
to most people whilst the code is running, it will cause a pointless
|
|
||||||
icache flush when starting every FDPIC application. Typically this
|
|
||||||
icache flush will be of a region on the order of 128KB in size, or may
|
|
||||||
be the entire icache, depending on the facilities available on the CPU.
|
|
||||||
|
|
||||||
In the case where the arch default behaviour seems to be desired
|
|
||||||
(EXSTACK_DEFAULT), we probe VM_STACK_FLAGS for VM_EXEC to determine
|
|
||||||
whether we should be setting PROT_EXEC or not.
|
|
||||||
|
|
||||||
For arches that support an MPU (Memory Protection Unit - an MMU without
|
|
||||||
the virtual mapping capability), setting PROT_EXEC or not will make an
|
|
||||||
important difference.
|
|
||||||
|
|
||||||
It should be noted that this change also affects the executability of
|
|
||||||
the brk region, since ELF-FDPIC has that share with the stack. However,
|
|
||||||
this is probably irrelevant as NOMMU programs aren't likely to use the
|
|
||||||
brk region, preferring instead allocation via mmap().
|
|
||||||
|
|
||||||
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
||||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
||||||
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
|
||||||
|
|
||||||
---
|
|
||||||
arch/blackfin/include/asm/page.h | 5 +++++
|
|
||||||
arch/frv/include/asm/page.h | 2 --
|
|
||||||
fs/binfmt_elf_fdpic.c | 13 +++++++++++--
|
|
||||||
3 files changed, 16 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
--- a/arch/blackfin/include/asm/page.h
|
|
||||||
+++ b/arch/blackfin/include/asm/page.h
|
|
||||||
@@ -10,4 +10,9 @@
|
|
||||||
#include <asm-generic/page.h>
|
|
||||||
#define MAP_NR(addr) (((unsigned long)(addr)-PAGE_OFFSET) >> PAGE_SHIFT)
|
|
||||||
|
|
||||||
+#define VM_DATA_DEFAULT_FLAGS \
|
|
||||||
+ (VM_READ | VM_WRITE | \
|
|
||||||
+ ((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \
|
|
||||||
+ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
|
|
||||||
+
|
|
||||||
#endif
|
|
||||||
--- a/arch/frv/include/asm/page.h
|
|
||||||
+++ b/arch/frv/include/asm/page.h
|
|
||||||
@@ -63,12 +63,10 @@ extern unsigned long max_pfn;
|
|
||||||
#define virt_addr_valid(kaddr) pfn_valid(__pa(kaddr) >> PAGE_SHIFT)
|
|
||||||
|
|
||||||
|
|
||||||
-#ifdef CONFIG_MMU
|
|
||||||
#define VM_DATA_DEFAULT_FLAGS \
|
|
||||||
(VM_READ | VM_WRITE | \
|
|
||||||
((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \
|
|
||||||
VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
#endif /* __ASSEMBLY__ */
|
|
||||||
|
|
||||||
--- a/fs/binfmt_elf_fdpic.c
|
|
||||||
+++ b/fs/binfmt_elf_fdpic.c
|
|
||||||
@@ -171,6 +171,9 @@ static int load_elf_fdpic_binary(struct
|
|
||||||
#ifdef ELF_FDPIC_PLAT_INIT
|
|
||||||
unsigned long dynaddr;
|
|
||||||
#endif
|
|
||||||
+#ifndef CONFIG_MMU
|
|
||||||
+ unsigned long stack_prot;
|
|
||||||
+#endif
|
|
||||||
struct file *interpreter = NULL; /* to shut gcc up */
|
|
||||||
char *interpreter_name = NULL;
|
|
||||||
int executable_stack;
|
|
||||||
@@ -316,6 +319,8 @@ static int load_elf_fdpic_binary(struct
|
|
||||||
* defunct, deceased, etc. after this point we have to exit via
|
|
||||||
* error_kill */
|
|
||||||
set_personality(PER_LINUX_FDPIC);
|
|
||||||
+ if (elf_read_implies_exec(&exec_params.hdr, executable_stack))
|
|
||||||
+ current->personality |= READ_IMPLIES_EXEC;
|
|
||||||
set_binfmt(&elf_fdpic_format);
|
|
||||||
|
|
||||||
current->mm->start_code = 0;
|
|
||||||
@@ -377,9 +382,13 @@ static int load_elf_fdpic_binary(struct
|
|
||||||
if (stack_size < PAGE_SIZE * 2)
|
|
||||||
stack_size = PAGE_SIZE * 2;
|
|
||||||
|
|
||||||
+ stack_prot = PROT_READ | PROT_WRITE;
|
|
||||||
+ if (executable_stack == EXSTACK_ENABLE_X ||
|
|
||||||
+ (executable_stack == EXSTACK_DEFAULT && VM_STACK_FLAGS & VM_EXEC))
|
|
||||||
+ stack_prot |= PROT_EXEC;
|
|
||||||
+
|
|
||||||
down_write(¤t->mm->mmap_sem);
|
|
||||||
- current->mm->start_brk = do_mmap(NULL, 0, stack_size,
|
|
||||||
- PROT_READ | PROT_WRITE | PROT_EXEC,
|
|
||||||
+ current->mm->start_brk = do_mmap(NULL, 0, stack_size, stack_prot,
|
|
||||||
MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN,
|
|
||||||
0);
|
|
||||||
|
|
|
@ -1,3 +1,2 @@
|
||||||
+ bugfix/all/clocksource-events-Fix-fallout-of-generic-code-changes.patch
|
+ bugfix/all/clocksource-events-Fix-fallout-of-generic-code-changes.patch
|
||||||
+ bugfix/all/fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch
|
|
||||||
+ bugfix/all/split-flush_old_exec-into-two-functions.patch
|
+ bugfix/all/split-flush_old_exec-into-two-functions.patch
|
||||||
|
|
Loading…
Reference in New Issue