Attachment 46831 Details for Bug 72452 – 2.4.28 VMA Patch (Use with GRSecurity-enabled kernels; requires a.out patch)

[patch] 2.4.28 VMA Patch (Use with GRSecurity-enabled kernels; requires a.out patch)

2.4.28-vma-PaX.patch (text/plain), 11.10 KB, created by Tim Yamin (RETIRED) on 2004-12-24 16:26:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Tim Yamin (RETIRED)

Created: 2004-12-24 16:26:29 UTC

Size: 11.10 KB

patch

obsolete

>diff -ur linux-2.4.28-gentoo-r2/arch/ia64/ia32/binfmt_elf32.c linux-2.4.28-gentoo-r3/arch/ia64/ia32/binfmt_elf32.c
>--- linux-2.4.28-gentoo-r2/arch/ia64/ia32/binfmt_elf32.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/ia64/ia32/binfmt_elf32.c	2004-12-24 14:34:29.531899728 +0000
>@@ -95,7 +95,11 @@
> 		vma->vm_private_data = NULL;
> 		down_write(&current->mm->mmap_sem);
> 		{
>-			insert_vm_struct(current->mm, vma);
>+			if (insert_vm_struct(current->mm, vma)) {
>+				kmem_cache_free(vm_area_cachep, vma);
>+				up_write(&current->mm->mmap_sem);
>+				return;
>+			}
> 		}
> 		up_write(&current->mm->mmap_sem);
> 	}
>@@ -117,7 +121,11 @@
> 		vma->vm_private_data = NULL;
> 		down_write(&current->mm->mmap_sem);
> 		{
>-			insert_vm_struct(current->mm, vma);
>+			if (insert_vm_struct(current->mm, vma)) {
>+				kmem_cache_free(vm_area_cachep, vma);
>+				up_write(&current->mm->mmap_sem);
>+				return;
>+			}
> 		}
> 		up_write(&current->mm->mmap_sem);
> 	}
>@@ -164,7 +172,7 @@
> {
> 	unsigned long stack_base;
> 	struct vm_area_struct *mpnt;
>-	int i;
>+	int i, ret;
> 
> 	stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
> 
>@@ -188,7 +196,11 @@
> 		mpnt->vm_pgoff = 0;
> 		mpnt->vm_file = NULL;
> 		mpnt->vm_private_data = 0;
>-		insert_vm_struct(current->mm, mpnt);
>+		if ((ret = insert_vm_struct(current->mm, mpnt))) {
>+			up_write(&current->mm->mmap_sem);
>+			kmem_cache_free(vm_area_cachep, mpnt);
>+			return ret;
>+		}
> 		current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
> 	}
> 
>diff -ur linux-2.4.28-gentoo-r2/arch/ia64/kernel/perfmon.c linux-2.4.28-gentoo-r3/arch/ia64/kernel/perfmon.c
>--- linux-2.4.28-gentoo-r2/arch/ia64/kernel/perfmon.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/ia64/kernel/perfmon.c	2004-12-24 14:34:29.534899272 +0000
>@@ -967,7 +967,8 @@
> 	 * now insert the vma in the vm list for the process, must be
> 	 * done with mmap lock held
> 	 */
>-	insert_vm_struct(mm, vma);
>+	if(insert_vm_struct(mm, vma)) /* Handle -ENOMEM et al. */
>+		goto error;
> 
> 	mm->total_vm  += size >> PAGE_SHIFT;
> 
>diff -ur linux-2.4.28-gentoo-r2/arch/ia64/mm/init.c linux-2.4.28-gentoo-r3/arch/ia64/mm/init.c
>--- linux-2.4.28-gentoo-r2/arch/ia64/mm/init.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/ia64/mm/init.c	2004-12-24 14:34:29.535899120 +0000
>@@ -105,7 +105,13 @@
> 		vma->vm_pgoff = 0;
> 		vma->vm_file = NULL;
> 		vma->vm_private_data = NULL;
>-		insert_vm_struct(current->mm, vma);
>+		down_write(&current->mm->mmap_sem);
>+		if (insert_vm_struct(current->mm, vma)) {
>+			up_write(&current->mm->mmap_sem);
>+			kmem_cache_free(vm_area_cachep, vma);
>+			return;
>+		}
>+		up_write(&current->mm->mmap_sem);
> 	}
> 
> 	/* map NaT-page at address zero to speed up speculative dereferencing of NULL: */
>@@ -117,7 +123,13 @@
> 			vma->vm_end = PAGE_SIZE;
> 			vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT);
> 			vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED;
>-			insert_vm_struct(current->mm, vma);
>+			down_write(&current->mm->mmap_sem);
>+			if (insert_vm_struct(current->mm, vma)) {
>+				up_write(&current->mm->mmap_sem);
>+				kmem_cache_free(vm_area_cachep, vma);
>+				return;
>+			}
>+			up_write(&current->mm->mmap_sem);
> 		}
> 	}
> }
>diff -ur linux-2.4.28-gentoo-r2/arch/ppc/mm/fault.c linux-2.4.28-gentoo-r3/arch/ppc/mm/fault.c
>--- linux-2.4.28-gentoo-r2/arch/ppc/mm/fault.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/ppc/mm/fault.c	2004-12-24 14:34:29.543897904 +0000
>@@ -83,8 +83,10 @@
> 	nopage:		pax_syscall_nopage,
> };
> 
>-static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
>+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
> {
>+	int ret;
>+
> 	vma->vm_mm = current->mm;
> 	vma->vm_start = addr;
> 	vma->vm_end = addr + PAGE_SIZE;
>@@ -94,8 +96,15 @@
> 	vma->vm_pgoff = 0UL;
> 	vma->vm_file = NULL;
> 	vma->vm_private_data = NULL;
>-	insert_vm_struct(current->mm, vma);
>+	ret = insert_vm_struct(current->mm, vma);
>+	if(ret != 0)
>+	{
>+		up_write(&current->mm->mmap_sem);
>+		kmem_cache_free(vm_area_cachep, vma);
>+		return ret;
>+	}
> 	++current->mm->total_vm;
>+	return 0;
> }
> #endif
> 
>@@ -333,7 +342,8 @@
> 				return 1;
> 			}
> 
>-			pax_insert_vma(vma, call_syscall);
>+			if(pax_insert_vma(vma, call_syscall))
>+				return 1; /* VMA overlapping attempt; bye bye! */
> 			current->mm->call_syscall = call_syscall;
> 			up_write(&current->mm->mmap_sem);
> 
>@@ -377,7 +387,8 @@
> 				return 1;
> 			}
> 
>-			pax_insert_vma(vma, call_syscall);
>+			if(pax_insert_vma(vma, call_syscall))
>+				return 1; /* VMA overlapping attempt; bye bye! */
> 			current->mm->call_syscall = call_syscall;
> 			up_write(&current->mm->mmap_sem);
> 
>diff -ur linux-2.4.28-gentoo-r2/arch/s390x/kernel/exec32.c linux-2.4.28-gentoo-r3/arch/s390x/kernel/exec32.c
>--- linux-2.4.28-gentoo-r2/arch/s390x/kernel/exec32.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/s390x/kernel/exec32.c	2004-12-24 14:34:29.543897904 +0000
>@@ -41,7 +41,7 @@
> {
> 	unsigned long stack_base;
> 	struct vm_area_struct *mpnt;
>-	int i;
>+	int i, ret;
> 
> 	stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
> 
>@@ -65,7 +65,11 @@
> 		mpnt->vm_pgoff = 0;
> 		mpnt->vm_file = NULL;
> 		mpnt->vm_private_data = (void *) 0;
>-		insert_vm_struct(current->mm, mpnt);
>+		if ((ret = insert_vm_struct(current->mm, mpnt))) {
>+			up_write(&current->mm->mmap_sem);
>+			kmem_cache_free(vm_area_cachep, mpnt);
>+			return ret;
>+		}
> 		current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
> 	} 
> 
>diff -ur linux-2.4.28-gentoo-r2/arch/sparc/mm/fault.c linux-2.4.28-gentoo-r3/arch/sparc/mm/fault.c
>--- linux-2.4.28-gentoo-r2/arch/sparc/mm/fault.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/sparc/mm/fault.c	2004-12-24 14:34:29.544897752 +0000
>@@ -250,8 +250,10 @@
> 	nopage:		pax_emuplt_nopage,
> };
> 
>-static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
>+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
> {
>+	int ret;
>+
> 	vma->vm_mm = current->mm;
> 	vma->vm_start = addr;
> 	vma->vm_end = addr + PAGE_SIZE;
>@@ -261,8 +263,15 @@
> 	vma->vm_pgoff = 0UL;
> 	vma->vm_file = NULL;
> 	vma->vm_private_data = NULL;
>-	insert_vm_struct(current->mm, vma);
>+	ret = insert_vm_struct(current->mm, vma);
>+	if(ret != 0)
>+	{
>+		up_write(&current->mm->mmap_sem);
>+		kmem_cache_free(vm_area_cachep, vma);
>+		return ret;
>+	}
> 	++current->mm->total_vm;
>+	return 0;
> }
> 
> /*
>@@ -423,7 +432,8 @@
> 					return 1;
> 				}
> 
>-				pax_insert_vma(vma, call_dl_resolve);
>+				if(pax_insert_vma(vma, call_dl_resolve))
>+					return 1; /* VMA overlapping attempt; bye bye! */
> 				current->mm->call_dl_resolve = call_dl_resolve;
> 				up_write(&current->mm->mmap_sem);
> 
>diff -ur linux-2.4.28-gentoo-r2/arch/sparc64/mm/fault.c linux-2.4.28-gentoo-r3/arch/sparc64/mm/fault.c
>--- linux-2.4.28-gentoo-r2/arch/sparc64/mm/fault.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/sparc64/mm/fault.c	2004-12-24 14:34:29.559895472 +0000
>@@ -338,8 +338,10 @@
> 	nopage:		pax_emuplt_nopage,
> };
> 
>-static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
>+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
> {
>+	int ret;
>+
> 	vma->vm_mm = current->mm;
> 	vma->vm_start = addr;
> 	vma->vm_end = addr + PAGE_SIZE;
>@@ -349,8 +351,15 @@
> 	vma->vm_pgoff = 0UL; 
> 	vma->vm_file = NULL;
> 	vma->vm_private_data = NULL;
>-	insert_vm_struct(current->mm, vma);
>+	ret = insert_vm_struct(current->mm, vma);
>+	if(ret != 0)
>+	{
>+		up_write(&current->mm->mmap_sem);
>+		kmem_cache_free(vm_area_cachep, vma);
>+		return ret;
>+	}
> 	++current->mm->total_vm;
>+	return 0;
> }
> #endif
> 
>@@ -609,7 +618,8 @@
> 					return 1;
> 				}
> 
>-				pax_insert_vma(vma, call_dl_resolve);
>+				if(pax_insert_vma(vma, call_dl_resolve))
>+					return 1; /* VMA overlapping attempt; bye bye! */
> 				current->mm->call_dl_resolve = call_dl_resolve;
> 				up_write(&current->mm->mmap_sem);
> 
>diff -ur linux-2.4.28-gentoo-r2/arch/x86_64/ia32/ia32_binfmt.c linux-2.4.28-gentoo-r3/arch/x86_64/ia32/ia32_binfmt.c
>--- linux-2.4.28-gentoo-r2/arch/x86_64/ia32/ia32_binfmt.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/arch/x86_64/ia32/ia32_binfmt.c	2004-12-24 14:34:29.559895472 +0000
>@@ -225,7 +225,7 @@
> {
> 	unsigned long stack_base;
> 	struct vm_area_struct *mpnt;
>-	int i;
>+	int i, ret;
> 
> 	stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
> 
>@@ -250,7 +250,11 @@
> 		mpnt->vm_pgoff = 0;
> 		mpnt->vm_file = NULL;
> 		mpnt->vm_private_data = (void *) 0;
>-		insert_vm_struct(current->mm, mpnt);
>+		if ((ret = insert_vm_struct(current->mm, mpnt))) {
>+			up_write(&current->mm->mmap_sem);
>+			kmem_cache_free(vm_area_cachep, mpnt);
>+			return ret;
>+		}
> 		current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
> 	} 
> 
>diff -ur linux-2.4.28-gentoo-r2/fs/exec.c linux-2.4.28-gentoo-r3/fs/exec.c
>--- linux-2.4.28-gentoo-r2/fs/exec.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/fs/exec.c	2004-12-24 14:35:52.000000000 +0000
>@@ -358,7 +358,7 @@
> {
> 	unsigned long stack_base;
> 	struct vm_area_struct *mpnt;
>-	int i;
>+	int i, ret;
> 
> #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
> 	struct vm_area_struct *mpnt_m = NULL;
>@@ -387,7 +387,6 @@
> 
> 	down_write(&current->mm->mmap_sem);
> 	{
>-		struct vm_area_struct *vma;
> 		mpnt->vm_mm = current->mm;
> 		mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
> 		mpnt->vm_end = STACK_TOP;
>@@ -402,13 +401,11 @@
> 		mpnt->vm_pgoff = 0;
> 		mpnt->vm_file = NULL;
> 		mpnt->vm_private_data = (void *) 0;
>-		vma = find_vma(current->mm, mpnt->vm_start);
>-		if (vma) {
>+		if ((ret = insert_vm_struct(current->mm, mpnt))) {
> 			up_write(&current->mm->mmap_sem);
> 			kmem_cache_free(vm_area_cachep, mpnt);
>-			return -ENOMEM;
>+			return ret;
> 		}
>-		insert_vm_struct(current->mm, mpnt);
> 		current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
> 
> #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
>diff -ur linux-2.4.28-gentoo-r2/include/linux/mm.h linux-2.4.28-gentoo-r3/include/linux/mm.h
>--- linux-2.4.28-gentoo-r2/include/linux/mm.h	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/include/linux/mm.h	2004-12-24 14:34:29.000000000 +0000
>@@ -577,7 +577,7 @@
> /* mmap.c */
> extern void lock_vma_mappings(struct vm_area_struct *);
> extern void unlock_vma_mappings(struct vm_area_struct *);
>-extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
>+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
> extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
> extern void build_mmap_rb(struct mm_struct *);
> extern void exit_mmap(struct mm_struct *);
>diff -ur linux-2.4.28-gentoo-r2/mm/mmap.c linux-2.4.28-gentoo-r3/mm/mmap.c
>--- linux-2.4.28-gentoo-r2/mm/mmap.c	2004-11-27 20:50:07.000000000 +0000
>+++ linux-2.4.28-gentoo-r3/mm/mmap.c	2004-12-24 14:34:29.000000000 +0000
>@@ -1480,14 +1480,15 @@
> 	validate_mm(mm);
> }
> 
>-void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
>+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
> {
> 	struct vm_area_struct * __vma, * prev;
> 	rb_node_t ** rb_link, * rb_parent;
> 
> 	__vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent);
> 	if (__vma && __vma->vm_start < vma->vm_end)
>-		BUG();
>+		return -ENOMEM;
> 	vma_link(mm, vma, prev, rb_link, rb_parent);
> 	validate_mm(mm);
>+	return 0;
> }

Actions: View | Diff

Attachments on bug 72452: 45056 | 45071 | 45171 | 45193 | 46349 | 46830 | 46831 | 46836