Grsec/PaX: 3.0-3.2.63-20141020173620141020

2 files changed, 13 insertions, 50 deletions

diff --git a/3.2.63/0000_README b/3.2.63/0000_README
index 35112a1..860a604 100644
--- a/3.2.63/0000_README
+++ b/3.2.63/0000_README
@@ -170,7 +170,7 @@ Patch:	1062_linux-3.2.63.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.63
 
-Patch:	4420_grsecurity-3.0-3.2.63-201410192044.patch
+Patch:	4420_grsecurity-3.0-3.2.63-201410201736.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch
index 7b7e1d2..045f3ce 100644
--- a/3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch
+++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch
@@ -24704,18 +24704,10 @@ index 2102a17..16e1531 100644
  
  	local_irq_disable();
 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index a4f6bda..a02a77c 100644
+index a4f6bda..40eb721 100644
 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c
-@@ -390,6 +390,7 @@ struct vcpu_vmx {
- 		u16           fs_sel, gs_sel, ldt_sel;
- 		int           gs_ldt_reload_needed;
- 		int           fs_reload_needed;
-+		unsigned long vmcs_host_cr4;	/* May not match real cr4 */
- 	} host_state;
- 	struct {
- 		int vm86_active;
-@@ -1099,12 +1100,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+@@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value)
  #endif
  }
  
@@ -24730,7 +24722,7 @@ index a4f6bda..a02a77c 100644
  {
  	vmcs_writel(field, vmcs_readl(field) | mask);
  }
-@@ -1305,7 +1306,11 @@ static void reload_tss(void)
+@@ -1305,7 +1305,11 @@ static void reload_tss(void)
  	struct desc_struct *descs;
  
  	descs = (void *)gdt->address;
@@ -24742,7 +24734,7 @@ index a4f6bda..a02a77c 100644
  	load_TR_desc();
  }
  
-@@ -1504,6 +1509,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1504,6 +1508,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
  		vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
  		vmcs_writel(HOST_GDTR_BASE, gdt->address);   /* 22.2.4 */
  
@@ -24753,7 +24745,7 @@ index a4f6bda..a02a77c 100644
  		rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
  		vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
  		vmx->loaded_vmcs->cpu = cpu;
-@@ -2634,8 +2643,11 @@ static __init int hardware_setup(void)
+@@ -2634,8 +2642,11 @@ static __init int hardware_setup(void)
  	if (!cpu_has_vmx_flexpriority())
  		flexpriority_enabled = 0;
  
@@ -24767,26 +24759,18 @@ index a4f6bda..a02a77c 100644
  
  	if (enable_ept && !cpu_has_vmx_ept_2m_page())
  		kvm_disable_largepages();
-@@ -3634,10 +3646,17 @@ static void vmx_set_constant_host_state(void)
- 	u32 low32, high32;
- 	unsigned long tmpl;
- 	struct desc_ptr dt;
-+	unsigned long cr4;
+@@ -3637,7 +3648,10 @@ static void vmx_set_constant_host_state(void)
  
  	vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS);  /* 22.2.3 */
--	vmcs_writel(HOST_CR4, read_cr4());  /* 22.2.3, 22.2.5 */
+ 	vmcs_writel(HOST_CR4, read_cr4());  /* 22.2.3, 22.2.5 */
++
 +#ifndef CONFIG_PAX_PER_CPU_PGD
  	vmcs_writel(HOST_CR3, read_cr3());  /* 22.2.3  FIXME: shadow tables */
 +#endif
-+
-+	/* Save the most likely value for this task's CR4 in the VMCS. */
-+	cr4 = read_cr4();
-+	vmcs_writel(HOST_CR4, cr4);			/* 22.2.3, 22.2.5 */
-+	vmx->host_state.vmcs_host_cr4 = cr4;
  
  	vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS);  /* 22.2.4 */
  	vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS);  /* 22.2.4 */
-@@ -3649,7 +3668,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3649,7 +3663,7 @@ static void vmx_set_constant_host_state(void)
  	vmcs_writel(HOST_IDTR_BASE, dt.address);   /* 22.2.4 */
  
  	asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
@@ -24795,28 +24779,7 @@ index a4f6bda..a02a77c 100644
  
  	rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
  	vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6093,6 +6112,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
- static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- {
- 	struct vcpu_vmx *vmx = to_vmx(vcpu);
-+	unsigned long cr4;
- 
- 	if (is_guest_mode(vcpu) && !vmx->nested.nested_run_pending) {
- 		struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
-@@ -6123,6 +6143,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- 	if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
- 		vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
- 
-+	cr4 = read_cr4();
-+	if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) {
-+		vmcs_writel(HOST_CR4, cr4);
-+		vmx->host_state.vmcs_host_cr4 = cr4;
-+	}
-+
- 	/* When single-stepping over STI and MOV SS, we must clear the
- 	 * corresponding interruptibility bits in the guest state. Otherwise
- 	 * vmentry fails as it then expects bit 14 (BS) in pending debug
-@@ -6178,6 +6204,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6178,6 +6192,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  		"jmp .Lkvm_vmx_return \n\t"
  		".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
  		".Lkvm_vmx_return: "
@@ -24829,7 +24792,7 @@ index a4f6bda..a02a77c 100644
  		/* Save guest registers, load host registers, keep flags */
  		"mov %0, %c[wordsize](%%"R"sp) \n\t"
  		"pop %0 \n\t"
-@@ -6226,6 +6258,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6226,6 +6246,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  #endif
  		[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
  		[wordsize]"i"(sizeof(ulong))
@@ -24841,7 +24804,7 @@ index a4f6bda..a02a77c 100644
  	      : "cc", "memory"
  		, R"ax", R"bx", R"di", R"si"
  #ifdef CONFIG_X86_64
-@@ -6254,7 +6291,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6254,7 +6279,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  		}
  	}