diff options
| author | Ben Hutchings <benh@debian.org> | 2010-02-03 00:48:52 +0000 |
|---|---|---|
| committer | Ben Hutchings <benh@debian.org> | 2010-02-03 00:48:52 +0000 |
| commit | bd319132de2f0d710938a8193d6eb2077173b42a (patch) | |
| tree | 9b3e24c8c5100c73fd84ba543859e7f71a53e8cc | |
| parent | 222e0d7fa9d505a41fd144743cf1aad2cf973de9 (diff) | |
| download | kernel_replicant_linux-bd319132de2f0d710938a8193d6eb2077173b42a.tar.gz kernel_replicant_linux-bd319132de2f0d710938a8193d6eb2077173b42a.tar.bz2 kernel_replicant_linux-bd319132de2f0d710938a8193d6eb2077173b42a.zip | |
Restore patch removed in r15104
split-flush_old_exec-into-two-functions.patch also modifies
binfmt_elf_fdpic and must be applied on top of
fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch
Don't mention it in the changelog since it has no actual effect on
Debian kernels.
svn path=/dists/trunk/linux-2.6/; revision=15105
| -rw-r--r-- | debian/patches/bugfix/all/fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch | 105 | ||||
| -rw-r--r-- | debian/patches/series/7 | 1 |
2 files changed, 106 insertions, 0 deletions
diff --git a/debian/patches/bugfix/all/fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch b/debian/patches/bugfix/all/fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch new file mode 100644 index 000000000000..ba5e8844a0a9 --- /dev/null +++ b/debian/patches/bugfix/all/fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch @@ -0,0 +1,105 @@ +From 04e4f2b18c8de1389d1e00fef0f42a8099910daf Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Wed, 6 Jan 2010 17:23:17 +0000 +Subject: FDPIC: Respect PT_GNU_STACK exec protection markings when creating NOMMU stack + +From: Mike Frysinger <vapier@gentoo.org> + +commit 04e4f2b18c8de1389d1e00fef0f42a8099910daf upstream. + +The current code will load the stack size and protection markings, but +then only use the markings in the MMU code path. The NOMMU code path +always passes PROT_EXEC to the mmap() call. While this doesn't matter +to most people whilst the code is running, it will cause a pointless +icache flush when starting every FDPIC application. Typically this +icache flush will be of a region on the order of 128KB in size, or may +be the entire icache, depending on the facilities available on the CPU. + +In the case where the arch default behaviour seems to be desired +(EXSTACK_DEFAULT), we probe VM_STACK_FLAGS for VM_EXEC to determine +whether we should be setting PROT_EXEC or not. + +For arches that support an MPU (Memory Protection Unit - an MMU without +the virtual mapping capability), setting PROT_EXEC or not will make an +important difference. + +It should be noted that this change also affects the executability of +the brk region, since ELF-FDPIC has that share with the stack. However, +this is probably irrelevant as NOMMU programs aren't likely to use the +brk region, preferring instead allocation via mmap(). + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +Signed-off-by: David Howells <dhowells@redhat.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + arch/blackfin/include/asm/page.h | 5 +++++ + arch/frv/include/asm/page.h | 2 -- + fs/binfmt_elf_fdpic.c | 13 +++++++++++-- + 3 files changed, 16 insertions(+), 4 deletions(-) + +--- a/arch/blackfin/include/asm/page.h ++++ b/arch/blackfin/include/asm/page.h +@@ -10,4 +10,9 @@ + #include <asm-generic/page.h> + #define MAP_NR(addr) (((unsigned long)(addr)-PAGE_OFFSET) >> PAGE_SHIFT) + ++#define VM_DATA_DEFAULT_FLAGS \ ++ (VM_READ | VM_WRITE | \ ++ ((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \ ++ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) ++ + #endif +--- a/arch/frv/include/asm/page.h ++++ b/arch/frv/include/asm/page.h +@@ -63,12 +63,10 @@ extern unsigned long max_pfn; + #define virt_addr_valid(kaddr) pfn_valid(__pa(kaddr) >> PAGE_SHIFT) + + +-#ifdef CONFIG_MMU + #define VM_DATA_DEFAULT_FLAGS \ + (VM_READ | VM_WRITE | \ + ((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \ + VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) +-#endif + + #endif /* __ASSEMBLY__ */ + +--- a/fs/binfmt_elf_fdpic.c ++++ b/fs/binfmt_elf_fdpic.c +@@ -171,6 +171,9 @@ static int load_elf_fdpic_binary(struct + #ifdef ELF_FDPIC_PLAT_INIT + unsigned long dynaddr; + #endif ++#ifndef CONFIG_MMU ++ unsigned long stack_prot; ++#endif + struct file *interpreter = NULL; /* to shut gcc up */ + char *interpreter_name = NULL; + int executable_stack; +@@ -316,6 +319,8 @@ static int load_elf_fdpic_binary(struct + * defunct, deceased, etc. after this point we have to exit via + * error_kill */ + set_personality(PER_LINUX_FDPIC); ++ if (elf_read_implies_exec(&exec_params.hdr, executable_stack)) ++ current->personality |= READ_IMPLIES_EXEC; + set_binfmt(&elf_fdpic_format); + + current->mm->start_code = 0; +@@ -377,9 +382,13 @@ static int load_elf_fdpic_binary(struct + if (stack_size < PAGE_SIZE * 2) + stack_size = PAGE_SIZE * 2; + ++ stack_prot = PROT_READ | PROT_WRITE; ++ if (executable_stack == EXSTACK_ENABLE_X || ++ (executable_stack == EXSTACK_DEFAULT && VM_STACK_FLAGS & VM_EXEC)) ++ stack_prot |= PROT_EXEC; ++ + down_write(¤t->mm->mmap_sem); +- current->mm->start_brk = do_mmap(NULL, 0, stack_size, +- PROT_READ | PROT_WRITE | PROT_EXEC, ++ current->mm->start_brk = do_mmap(NULL, 0, stack_size, stack_prot, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN, + 0); + diff --git a/debian/patches/series/7 b/debian/patches/series/7 index a1aa2f6b7993..bc337f7732b8 100644 --- a/debian/patches/series/7 +++ b/debian/patches/series/7 @@ -1,2 +1,3 @@ + bugfix/all/clocksource-events-Fix-fallout-of-generic-code-changes.patch ++ bugfix/all/fdpic-respect-pt_gnu_stack-exec-protection-markings-when-creating-nommu-stack.patch + bugfix/all/split-flush_old_exec-into-two-functions.patch |