[people/ms/ipfire-3.x.git] / kernel / patches / linux-3.7-disable-compat_vdso.patch

No need to wrap vdso calls as gentoo does not use any version of 
glibc <=2.3.3
---
From: Gordon Malm <gengor@gentoo.org>
From: Kerin Millar <kerframil@gmail.com>
From: Jory A. Pratt	<anarchy@gentoo.org>

COMPAT_VDSO is inappropriate for any modern Hardened Gentoo system. It
conflicts with various parts of PaX, crashing the system if enabled
while PaX's NOEXEC or UDEREF features are active. Moreover, it prevents
a number of important PaX options from appearing in the configuration
menu, including all PaX NOEXEC implementations. Unfortunately, the
reason for the disappearance of these PaX configuration options is
often far from obvious to inexperienced users.

Therefore, we disable the COMPAT_VDSO menu entry entirely. However,
COMPAT_VDSO operation can still be enabled via bootparam and sysctl
interfaces. Consequently, we must also disable the ability to select
COMPAT_VDSO operation at boot or runtime. Here we patch the kernel so
that selecting COMPAT_VDSO operation at boot/runtime has no effect if
conflicting PaX options are enabled, leaving VDSO_ENABLED operation
intact.

Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138

diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig	2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig	2009-07-31 01:51:39.395749681 +0100
@@ -1651,17 +1651,8 @@
 
 config COMPAT_VDSO
 	def_bool n
-	prompt "Compat VDSO support"
 	depends on X86_32 || IA32_EMULATION
 	depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
-	---help---
-	  Map the 32-bit VDSO to the predictable old-style address too.
-
-	  Say N here if you are running a sufficiently recent glibc
-	  version (2.3.3 or later), to remove the high-mapped
-	  VDSO mapping and to exclusively use the randomized VDSO.
-
-	  If unsure, say Y.
 
 config CMDLINE_BOOL
 	bool "Built-in kernel command line"
Commit	Line	Data
ae4e228f MT	1	No need to wrap vdso calls as gentoo does not use any version of
	2	glibc <=2.3.3
	3	---
58c5fc13 MT	4	From: Gordon Malm <gengor@gentoo.org>
58c5fc13 MT	5	From: Kerin Millar <kerframil@gmail.com>
ae4e228f	6	From: Jory A. Pratt <anarchy@gentoo.org>
58c5fc13 MT	7
	8	COMPAT_VDSO is inappropriate for any modern Hardened Gentoo system. It
	9	conflicts with various parts of PaX, crashing the system if enabled
	10	while PaX's NOEXEC or UDEREF features are active. Moreover, it prevents
	11	a number of important PaX options from appearing in the configuration
	12	menu, including all PaX NOEXEC implementations. Unfortunately, the
	13	reason for the disappearance of these PaX configuration options is
	14	often far from obvious to inexperienced users.
	15
	16	Therefore, we disable the COMPAT_VDSO menu entry entirely. However,
	17	COMPAT_VDSO operation can still be enabled via bootparam and sysctl
	18	interfaces. Consequently, we must also disable the ability to select
	19	COMPAT_VDSO operation at boot or runtime. Here we patch the kernel so
	20	that selecting COMPAT_VDSO operation at boot/runtime has no effect if
	21	conflicting PaX options are enabled, leaving VDSO_ENABLED operation
	22	intact.
	23
	24	Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
	25
ae4e228f MT	26	diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
	27	--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
	28	+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
81bb0557	29	@@ -1651,17 +1651,8 @@
58c5fc13 MT	30
	31	config COMPAT_VDSO
	32	def_bool n
	33	- prompt "Compat VDSO support"
ae4e228f	34	depends on X86_32 \|\| IA32_EMULATION
81bb0557	35	depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
58c5fc13	36	- ---help---
ae4e228f MT	37	- Map the 32-bit VDSO to the predictable old-style address too.
ae4e228f MT	38	-
58c5fc13 MT	39	- Say N here if you are running a sufficiently recent glibc
	40	- version (2.3.3 or later), to remove the high-mapped
	41	- VDSO mapping and to exclusively use the randomized VDSO.
	42	-
	43	- If unsure, say Y.
	44
ae4e228f MT	45	config CMDLINE_BOOL
ae4e228f MT	46	bool "Built-in kernel command line"