diff options
| -rw-r--r-- | kernel.spec | 4 | ||||
| -rw-r--r-- | linux-2.6-i386-nx-emulation.patch | 62 |
2 files changed, 17 insertions, 49 deletions
diff --git a/kernel.spec b/kernel.spec index 144ac1813..8342c4a7c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1876,6 +1876,10 @@ fi # || || %changelog +* Fri Sep 03 2010 Dave Jones <davej@redhat.com> +- Remove the execshield boot parameter. + Based on a patch from Kees Cook + * Thu Sep 02 2010 Chuck Ebbert <cebbert@redhat.com> - 2.6.36-0.15.rc3.git0 - Add patch from ALSA mailing list to try to fix bug #628404 - tpm-fix-stall-on-boot.patch: attempt to fix stalls during boot (#530393) diff --git a/linux-2.6-i386-nx-emulation.patch b/linux-2.6-i386-nx-emulation.patch index 224fe0587..2ea7645a1 100644 --- a/linux-2.6-i386-nx-emulation.patch +++ b/linux-2.6-i386-nx-emulation.patch @@ -107,7 +107,7 @@ + * If we have either disabled exec-shield on the boot command line, + * or we have NX, then we don't need to do this. + */ -+ if (exec_shield != 0) { ++ if (!disable_nx) { +#ifdef CONFIG_X86_PAE + if (!test_cpu_cap(c, X86_FEATURE_NX)) +#endif @@ -371,19 +371,20 @@ #include <linux/spinlock.h> #include <linux/errno.h> #include <linux/init.h> -@@ -23,6 +24,7 @@ static int __init noexec_setup(char *str) - disable_nx = 0; - } else if (!strncmp(str, "off", 3)) { - disable_nx = 1; -+ exec_shield = 0; - } - x86_configure_nx(); - return 0; +@@ -6,7 +6,7 @@ + #include <asm/pgtable.h> + #include <asm/proto.h> + +-static int disable_nx __cpuinitdata; ++int disable_nx __cpuinitdata; + + /* + * noexec = on|off @@ -40,6 +42,10 @@ void __cpuinit x86_configure_nx(void) void __init x86_report_nx(void) { if (!cpu_has_nx) { -+ if (exec_shield) ++ if (disable_nx) + printk(KERN_INFO "Using x86 segment limits to approximate NX protection\n"); + else + @@ -461,7 +462,7 @@ + * Turn off the CS limit completely if exec-shield disabled or + * NX active: + */ -+ if (!exec_shield || executable_stack != EXSTACK_DISABLE_X || (__supported_pte_mask & _PAGE_NX)) ++ if (disable_nx || executable_stack != EXSTACK_DISABLE_X || (__supported_pte_mask & _PAGE_NX)) + arch_add_exec_range(current->mm, -1); +#endif + @@ -474,49 +475,12 @@ struct fs_struct; struct perf_event_context; -+extern int exec_shield; ++extern int disable_nx; +extern int print_fatal_signals; + /* * List of flags we want to share for kernel threads, * if only because they are not used by them anyway. ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -101,6 +101,17 @@ extern int sysctl_nr_open_min, sysctl_nr_open_max; - #ifndef CONFIG_MMU - extern int sysctl_nr_trim_pages; - #endif -+ -+int exec_shield = 1; -+ -+static int __init setup_exec_shield(char *str) -+{ -+ get_option(&str, &exec_shield); -+ -+ return 1; -+} -+__setup("exec-shield=", setup_exec_shield); -+ - #ifdef CONFIG_BLOCK - extern int blk_iopoll_enabled; - #endif -@@ -428,6 +448,16 @@ static struct ctl_table kern_table[] = { - .mode = 0644, - .proc_handler = proc_dointvec, - }, -+#ifdef CONFIG_X86_32 -+ { -+ .procname = "exec-shield", -+ .data = &exec_shield, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = &proc_dointvec, -+ }, -+#endif -+ - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", --- b/mm/mmap.c +++ b/mm/mmap.c @@ -44,6 +45,18 @@ |