Attachment #298441 for bug #329499

Lines 271-277 Link Here

(-)linux-3.1.8-pax/arch/s390/kernel/setup.c (-1 / +1 lines)
271	}	271	}
272	early_param("mem", early_parse_mem);	272	early_param("mem", early_parse_mem);
273		273
274	unsigned int user_mode = SECONDARY_SPACE_MODE;	274	unsigned int user_mode = HOME_SPACE_MODE;
275	EXPORT_SYMBOL_GPL(user_mode);	275	EXPORT_SYMBOL_GPL(user_mode);
276		276
277	static int set_amode_and_uaccess(unsigned long user_amode,	277	static int set_amode_and_uaccess(unsigned long user_amode,

Lines 4-13 Link Here

(-)linux-3.1.8-pax/arch/x86/include/asm/alternative-asm.h (-2 / +2 lines)
4		4
5	#ifdef CONFIG_SMP	5	#ifdef CONFIG_SMP
6	.macro LOCK_PREFIX	6	.macro LOCK_PREFIX
7	1: lock	7	672: lock
8	.section .smp_locks,"a"	8	.section .smp_locks,"a"
9	.balign 4	9	.balign 4
10	.long 1b - .	10	.long 672b - .
11	.previous	11	.previous
12	.endm	12	.endm
13	#else	13	#else

Lines 390-397 Link Here

(-)linux-3.1.8-pax/arch/x86/include/asm/atomic.h (-2 / +2 lines)
390	#ifdef CONFIG_M386	390	#ifdef CONFIG_M386
391	no_xadd: /* Legacy 386 processor */	391	no_xadd: /* Legacy 386 processor */
392	raw_local_irq_save(flags);	392	raw_local_irq_save(flags);
393	__i = atomic_read(v);	393	__i = atomic_read_unchecked(v);
394	atomic_set(v, i + __i);	394	atomic_set_unchecked(v, i + __i);
395	raw_local_irq_restore(flags);	395	raw_local_irq_restore(flags);
396	return i + __i;	396	return i + __i;
397	#endif	397	#endif




{
	int err;

	do { /* PaX: libffi trampoline emulation */
		unsigned char mov, jmp;
		unsigned int addr1, addr2;

#ifdef CONFIG_X86_64
		if ((regs->ip + 9) >> 32)
			break;
#endif

		err = get_user(mov, (unsigned char __user *)regs->ip);
		err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
		err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
		err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));

		if (err)
			break;

		if (mov == 0xB8 && jmp == 0xE9) {
			regs->ax = addr1;
			regs->ip = (unsigned int)(regs->ip + addr2 + 10);
			return 2;
		}
	} while (0);

	do { /* PaX: gcc trampoline emulation #1 */
		unsigned char mov1, mov2;
		unsigned short jmp;

{
	int err;

	do { /* PaX: libffi trampoline emulation */
		unsigned short mov1, mov2, jmp1;
		unsigned char stcclc, jmp2;
		unsigned long addr1, addr2;

		err = get_user(mov1, (unsigned short __user *)regs->ip);
		err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
		err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
		err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
		err |= get_user(stcclc, (unsigned char __user *)(regs->ip + 20));
		err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 21));
		err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 23));

		if (err)
			break;

		if (mov1 == 0xBB49 && mov2 == 0xBA49 && (stcclc == 0xF8 || stcclc == 0xF9) && jmp1 == 0xFF49 && jmp2 == 0xE3) {
			regs->r11 = addr1;
			regs->r10 = addr2;
			if (stcclc == 0xF8)
				regs->flags &= ~X86_EFLAGS_CF;
			else
				regs->flags |= X86_EFLAGS_CF;
			regs->ip = addr1;
			return 2;
		}
	} while (0);

	do { /* PaX: gcc trampoline emulation #1 */
		unsigned short mov1, mov2, jmp1;
		unsigned char jmp2;

Return to bug 329499

Lines 1442-1447 Link Here

(-)linux-3.1.8-pax/arch/x86/mm/fault.c (+52 lines)
1442	{	1442	{
1443	int err;	1443	int err;
1444		1444
		1445	do { /* PaX: libffi trampoline emulation */
		1446	unsigned char mov, jmp;
		1447	unsigned int addr1, addr2;
		1448
		1449	#ifdef CONFIG_X86_64
		1450	if ((regs->ip + 9) >> 32)
		1451	break;
		1452	#endif
		1453
		1454	err = get_user(mov, (unsigned char __user *)regs->ip);
		1455	err \|= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
		1456	err \|= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
		1457	err \|= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
		1458
		1459	if (err)
		1460	break;
		1461
		1462	if (mov == 0xB8 && jmp == 0xE9) {
		1463	regs->ax = addr1;
		1464	regs->ip = (unsigned int)(regs->ip + addr2 + 10);
		1465	return 2;
		1466	}
		1467	} while (0);
		1468
1445	do { /* PaX: gcc trampoline emulation #1 */	1469	do { /* PaX: gcc trampoline emulation #1 */
1446	unsigned char mov1, mov2;	1470	unsigned char mov1, mov2;
1447	unsigned short jmp;	1471	unsigned short jmp;
Lines 1501-1506 Link Here
1501	{	1525	{
1502	int err;	1526	int err;
1503		1527
		1528	do { /* PaX: libffi trampoline emulation */
		1529	unsigned short mov1, mov2, jmp1;
		1530	unsigned char stcclc, jmp2;
		1531	unsigned long addr1, addr2;
		1532
		1533	err = get_user(mov1, (unsigned short __user *)regs->ip);
		1534	err \|= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
		1535	err \|= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
		1536	err \|= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
		1537	err \|= get_user(stcclc, (unsigned char __user *)(regs->ip + 20));
		1538	err \|= get_user(jmp1, (unsigned short __user *)(regs->ip + 21));
		1539	err \|= get_user(jmp2, (unsigned char __user *)(regs->ip + 23));
		1540
		1541	if (err)
		1542	break;
		1543
		1544	if (mov1 == 0xBB49 && mov2 == 0xBA49 && (stcclc == 0xF8 \|\| stcclc == 0xF9) && jmp1 == 0xFF49 && jmp2 == 0xE3) {
		1545	regs->r11 = addr1;
		1546	regs->r10 = addr2;
		1547	if (stcclc == 0xF8)
		1548	regs->flags &= ~X86_EFLAGS_CF;
		1549	else
		1550	regs->flags \|= X86_EFLAGS_CF;
		1551	regs->ip = addr1;
		1552	return 2;
		1553	}
		1554	} while (0);
		1555
1504	do { /* PaX: gcc trampoline emulation #1 */	1556	do { /* PaX: gcc trampoline emulation #1 */
1505	unsigned short mov1, mov2, jmp1;	1557	unsigned short mov1, mov2, jmp1;
1506	unsigned char jmp2;	1558	unsigned char jmp2;