1 diff -urNp linux-2.6.32.1/arch/alpha/include/asm/atomic.h linux-2.6.32.1/arch/alpha/include/asm/atomic.h
2 --- linux-2.6.32.1/arch/alpha/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
3 +++ linux-2.6.32.1/arch/alpha/include/asm/atomic.h 2009-12-14 18:33:50.937708656 -0500
5 #define ATOMIC64_INIT(i) ( (atomic64_t) { (i) } )
7 #define atomic_read(v) ((v)->counter + 0)
8 +#define atomic_read_unchecked(v) ((v)->counter + 0)
9 #define atomic64_read(v) ((v)->counter + 0)
11 #define atomic_set(v,i) ((v)->counter = (i))
12 +#define atomic_set_unchecked(v,i) ((v)->counter = (i))
13 #define atomic64_set(v,i) ((v)->counter = (i))
16 @@ -44,6 +46,11 @@ static __inline__ void atomic_add(int i,
17 :"Ir" (i), "m" (v->counter));
20 +static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t * v)
22 + atomic_add(i, (atomic_t *)v);
25 static __inline__ void atomic64_add(long i, atomic64_t * v)
28 @@ -74,6 +81,11 @@ static __inline__ void atomic_sub(int i,
29 :"Ir" (i), "m" (v->counter));
32 +static __inline__ void atomic_sub_unchecked(int i, atomic_unchecked_t * v)
34 + atomic_sub(i, (atomic_t *)v);
37 static __inline__ void atomic64_sub(long i, atomic64_t * v)
40 @@ -246,6 +258,7 @@ static __inline__ int atomic64_add_unles
41 #define atomic64_dec_and_test(v) (atomic64_sub_return(1, (v)) == 0)
43 #define atomic_inc(v) atomic_add(1,(v))
44 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1,(v))
45 #define atomic64_inc(v) atomic64_add(1,(v))
47 #define atomic_dec(v) atomic_sub(1,(v))
48 diff -urNp linux-2.6.32.1/arch/alpha/include/asm/elf.h linux-2.6.32.1/arch/alpha/include/asm/elf.h
49 --- linux-2.6.32.1/arch/alpha/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
50 +++ linux-2.6.32.1/arch/alpha/include/asm/elf.h 2009-12-14 18:33:50.937708656 -0500
51 @@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
53 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
55 +#ifdef CONFIG_PAX_ASLR
56 +#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
58 +#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
59 +#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
62 /* $0 is set by ld.so to a pointer to a function which might be
63 registered using atexit. This provides a mean for the dynamic
64 linker to call DT_FINI functions for shared libraries that have
65 diff -urNp linux-2.6.32.1/arch/alpha/include/asm/pgtable.h linux-2.6.32.1/arch/alpha/include/asm/pgtable.h
66 --- linux-2.6.32.1/arch/alpha/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
67 +++ linux-2.6.32.1/arch/alpha/include/asm/pgtable.h 2009-12-14 18:33:50.937708656 -0500
68 @@ -101,6 +101,17 @@ struct vm_area_struct;
69 #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
70 #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
71 #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
73 +#ifdef CONFIG_PAX_PAGEEXEC
74 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
75 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
76 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
78 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
79 +# define PAGE_COPY_NOEXEC PAGE_COPY
80 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
83 #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
85 #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
86 diff -urNp linux-2.6.32.1/arch/alpha/kernel/module.c linux-2.6.32.1/arch/alpha/kernel/module.c
87 --- linux-2.6.32.1/arch/alpha/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
88 +++ linux-2.6.32.1/arch/alpha/kernel/module.c 2009-12-14 18:33:50.938740017 -0500
89 @@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
91 /* The small sections were sorted to the end of the segment.
92 The following should definitely cover them. */
93 - gp = (u64)me->module_core + me->core_size - 0x8000;
94 + gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000;
95 got = sechdrs[me->arch.gotsecindex].sh_addr;
97 for (i = 0; i < n; i++) {
98 diff -urNp linux-2.6.32.1/arch/alpha/kernel/osf_sys.c linux-2.6.32.1/arch/alpha/kernel/osf_sys.c
99 --- linux-2.6.32.1/arch/alpha/kernel/osf_sys.c 2009-12-02 22:51:21.000000000 -0500
100 +++ linux-2.6.32.1/arch/alpha/kernel/osf_sys.c 2009-12-14 18:33:50.955989565 -0500
101 @@ -1212,6 +1212,10 @@ arch_get_unmapped_area(struct file *filp
102 merely specific addresses, but regions of memory -- perhaps
103 this feature should be incorporated into all ports? */
105 +#ifdef CONFIG_PAX_RANDMMAP
106 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
110 addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
111 if (addr != (unsigned long) -ENOMEM)
112 @@ -1219,8 +1223,8 @@ arch_get_unmapped_area(struct file *filp
115 /* Next, try allocating at TASK_UNMAPPED_BASE. */
116 - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
118 + addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit);
120 if (addr != (unsigned long) -ENOMEM)
123 diff -urNp linux-2.6.32.1/arch/alpha/mm/fault.c linux-2.6.32.1/arch/alpha/mm/fault.c
124 --- linux-2.6.32.1/arch/alpha/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
125 +++ linux-2.6.32.1/arch/alpha/mm/fault.c 2009-12-14 18:33:50.955989565 -0500
126 @@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
127 __reload_thread(pcb);
130 +#ifdef CONFIG_PAX_PAGEEXEC
132 + * PaX: decide what to do with offenders (regs->pc = fault address)
134 + * returns 1 when task should be killed
135 + * 2 when patched PLT trampoline was detected
136 + * 3 when unpatched PLT trampoline was detected
138 +static int pax_handle_fetch_fault(struct pt_regs *regs)
141 +#ifdef CONFIG_PAX_EMUPLT
144 + do { /* PaX: patched PLT emulation #1 */
145 + unsigned int ldah, ldq, jmp;
147 + err = get_user(ldah, (unsigned int *)regs->pc);
148 + err |= get_user(ldq, (unsigned int *)(regs->pc+4));
149 + err |= get_user(jmp, (unsigned int *)(regs->pc+8));
154 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
155 + (ldq & 0xFFFF0000U) == 0xA77B0000U &&
156 + jmp == 0x6BFB0000U)
158 + unsigned long r27, addr;
159 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
160 + unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
162 + addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
163 + err = get_user(r27, (unsigned long *)addr);
173 + do { /* PaX: patched PLT emulation #2 */
174 + unsigned int ldah, lda, br;
176 + err = get_user(ldah, (unsigned int *)regs->pc);
177 + err |= get_user(lda, (unsigned int *)(regs->pc+4));
178 + err |= get_user(br, (unsigned int *)(regs->pc+8));
183 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
184 + (lda & 0xFFFF0000U) == 0xA77B0000U &&
185 + (br & 0xFFE00000U) == 0xC3E00000U)
187 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
188 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
189 + unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
191 + regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
192 + regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
197 + do { /* PaX: unpatched PLT emulation */
200 + err = get_user(br, (unsigned int *)regs->pc);
202 + if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
203 + unsigned int br2, ldq, nop, jmp;
204 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
206 + addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
207 + err = get_user(br2, (unsigned int *)addr);
208 + err |= get_user(ldq, (unsigned int *)(addr+4));
209 + err |= get_user(nop, (unsigned int *)(addr+8));
210 + err |= get_user(jmp, (unsigned int *)(addr+12));
211 + err |= get_user(resolver, (unsigned long *)(addr+16));
216 + if (br2 == 0xC3600000U &&
217 + ldq == 0xA77B000CU &&
218 + nop == 0x47FF041FU &&
219 + jmp == 0x6B7B0000U)
221 + regs->r28 = regs->pc+4;
222 + regs->r27 = addr+16;
223 + regs->pc = resolver;
233 +void pax_report_insns(void *pc, void *sp)
237 + printk(KERN_ERR "PAX: bytes at PC: ");
238 + for (i = 0; i < 5; i++) {
240 + if (get_user(c, (unsigned int *)pc+i))
241 + printk(KERN_CONT "???????? ");
243 + printk(KERN_CONT "%08x ", c);
250 * This routine handles page faults. It determines the address,
251 @@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns
253 si_code = SEGV_ACCERR;
255 - if (!(vma->vm_flags & VM_EXEC))
256 + if (!(vma->vm_flags & VM_EXEC)) {
258 +#ifdef CONFIG_PAX_PAGEEXEC
259 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
262 + up_read(&mm->mmap_sem);
263 + switch (pax_handle_fetch_fault(regs)) {
265 +#ifdef CONFIG_PAX_EMUPLT
272 + pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
273 + do_group_exit(SIGKILL);
280 /* Allow reads even for write-only mappings */
281 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
282 diff -urNp linux-2.6.32.1/arch/arm/include/asm/atomic.h linux-2.6.32.1/arch/arm/include/asm/atomic.h
283 --- linux-2.6.32.1/arch/arm/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
284 +++ linux-2.6.32.1/arch/arm/include/asm/atomic.h 2009-12-14 18:33:51.013956117 -0500
286 * atomic_set() is the clrex or dummy strex done on every exception return.
288 #define atomic_read(v) ((v)->counter)
289 +#define atomic_read_unchecked(v) ((v)->counter)
290 #define atomic_set(v,i) (((v)->counter) = (i))
291 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
293 #if __LINUX_ARM_ARCH__ >= 6
295 @@ -50,6 +52,11 @@ static inline void atomic_add(int i, ato
299 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
301 + atomic_add(i, (atomic_t *)v);
304 static inline int atomic_add_return(int i, atomic_t *v)
307 @@ -88,6 +95,11 @@ static inline void atomic_sub(int i, ato
311 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
313 + atomic_sub(i, (atomic_t *)v);
316 static inline int atomic_sub_return(int i, atomic_t *v)
319 @@ -220,6 +232,7 @@ static inline int atomic_add_unless(atom
320 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
322 #define atomic_inc(v) atomic_add(1, v)
323 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1, v)
324 #define atomic_dec(v) atomic_sub(1, v)
326 #define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0)
327 diff -urNp linux-2.6.32.1/arch/arm/include/asm/elf.h linux-2.6.32.1/arch/arm/include/asm/elf.h
328 --- linux-2.6.32.1/arch/arm/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
329 +++ linux-2.6.32.1/arch/arm/include/asm/elf.h 2009-12-14 18:33:51.020967373 -0500
330 @@ -109,7 +109,14 @@ int dump_task_regs(struct task_struct *t
331 the loader. We need to make sure that it is out of the way of the program
332 that it will "exec", and that there is sufficient room for the brk. */
334 -#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
335 +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
337 +#ifdef CONFIG_PAX_ASLR
338 +#define PAX_ELF_ET_DYN_BASE 0x00008000UL
340 +#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
341 +#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
344 /* When the program starts, a1 contains a pointer to a function to be
345 registered with atexit, as per the SVR4 ABI. A value of 0 means we
346 diff -urNp linux-2.6.32.1/arch/arm/include/asm/kmap_types.h linux-2.6.32.1/arch/arm/include/asm/kmap_types.h
347 --- linux-2.6.32.1/arch/arm/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
348 +++ linux-2.6.32.1/arch/arm/include/asm/kmap_types.h 2009-12-14 18:33:51.020967373 -0500
349 @@ -19,6 +19,7 @@ enum km_type {
357 diff -urNp linux-2.6.32.1/arch/arm/include/asm/uaccess.h linux-2.6.32.1/arch/arm/include/asm/uaccess.h
358 --- linux-2.6.32.1/arch/arm/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
359 +++ linux-2.6.32.1/arch/arm/include/asm/uaccess.h 2009-12-14 18:33:51.020967373 -0500
360 @@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
362 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
367 if (access_ok(VERIFY_READ, from, n))
368 n = __copy_from_user(to, from, n);
369 else /* security hole - plug it */
370 @@ -412,6 +415,9 @@ static inline unsigned long __must_check
372 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
377 if (access_ok(VERIFY_WRITE, to, n))
378 n = __copy_to_user(to, from, n);
380 diff -urNp linux-2.6.32.1/arch/arm/kernel/kgdb.c linux-2.6.32.1/arch/arm/kernel/kgdb.c
381 --- linux-2.6.32.1/arch/arm/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
382 +++ linux-2.6.32.1/arch/arm/kernel/kgdb.c 2009-12-14 18:33:51.020967373 -0500
383 @@ -190,7 +190,7 @@ void kgdb_arch_exit(void)
384 * and we handle the normal undef case within the do_undefinstr
387 -struct kgdb_arch arch_kgdb_ops = {
388 +const struct kgdb_arch arch_kgdb_ops = {
390 .gdb_bpt_instr = {0xfe, 0xde, 0xff, 0xe7}
391 #else /* ! __ARMEB__ */
392 diff -urNp linux-2.6.32.1/arch/arm/mach-at91/pm.c linux-2.6.32.1/arch/arm/mach-at91/pm.c
393 --- linux-2.6.32.1/arch/arm/mach-at91/pm.c 2009-12-02 22:51:21.000000000 -0500
394 +++ linux-2.6.32.1/arch/arm/mach-at91/pm.c 2009-12-14 18:33:51.020967373 -0500
395 @@ -348,7 +348,7 @@ static void at91_pm_end(void)
399 -static struct platform_suspend_ops at91_pm_ops ={
400 +static const struct platform_suspend_ops at91_pm_ops ={
401 .valid = at91_pm_valid_state,
402 .begin = at91_pm_begin,
403 .enter = at91_pm_enter,
404 diff -urNp linux-2.6.32.1/arch/arm/mach-omap1/pm.c linux-2.6.32.1/arch/arm/mach-omap1/pm.c
405 --- linux-2.6.32.1/arch/arm/mach-omap1/pm.c 2009-12-02 22:51:21.000000000 -0500
406 +++ linux-2.6.32.1/arch/arm/mach-omap1/pm.c 2009-12-14 18:33:51.020967373 -0500
407 @@ -647,7 +647,7 @@ static struct irqaction omap_wakeup_irq
411 -static struct platform_suspend_ops omap_pm_ops ={
412 +static const struct platform_suspend_ops omap_pm_ops ={
413 .prepare = omap_pm_prepare,
414 .enter = omap_pm_enter,
415 .finish = omap_pm_finish,
416 diff -urNp linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c
417 --- linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c 2009-12-02 22:51:21.000000000 -0500
418 +++ linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c 2009-12-14 18:33:51.140923568 -0500
419 @@ -326,7 +326,7 @@ static void omap2_pm_finish(void)
423 -static struct platform_suspend_ops omap_pm_ops = {
424 +static const struct platform_suspend_ops omap_pm_ops = {
425 .prepare = omap2_pm_prepare,
426 .enter = omap2_pm_enter,
427 .finish = omap2_pm_finish,
428 diff -urNp linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c
429 --- linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c 2009-12-02 22:51:21.000000000 -0500
430 +++ linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c 2009-12-14 18:33:51.153153597 -0500
431 @@ -401,7 +401,7 @@ static void omap3_pm_end(void)
435 -static struct platform_suspend_ops omap_pm_ops = {
436 +static const struct platform_suspend_ops omap_pm_ops = {
437 .begin = omap3_pm_begin,
439 .prepare = omap3_pm_prepare,
440 diff -urNp linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c
441 --- linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c 2009-12-02 22:51:21.000000000 -0500
442 +++ linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c 2009-12-14 18:33:51.153153597 -0500
443 @@ -116,7 +116,7 @@ static int pnx4008_pm_valid(suspend_stat
444 (state == PM_SUSPEND_MEM);
447 -static struct platform_suspend_ops pnx4008_pm_ops = {
448 +static const struct platform_suspend_ops pnx4008_pm_ops = {
449 .enter = pnx4008_pm_enter,
450 .valid = pnx4008_pm_valid,
452 diff -urNp linux-2.6.32.1/arch/arm/mach-pxa/pm.c linux-2.6.32.1/arch/arm/mach-pxa/pm.c
453 --- linux-2.6.32.1/arch/arm/mach-pxa/pm.c 2009-12-02 22:51:21.000000000 -0500
454 +++ linux-2.6.32.1/arch/arm/mach-pxa/pm.c 2009-12-14 18:33:51.154149859 -0500
455 @@ -95,7 +95,7 @@ void pxa_pm_finish(void)
456 pxa_cpu_pm_fns->finish();
459 -static struct platform_suspend_ops pxa_pm_ops = {
460 +static const struct platform_suspend_ops pxa_pm_ops = {
461 .valid = pxa_pm_valid,
462 .enter = pxa_pm_enter,
463 .prepare = pxa_pm_prepare,
464 diff -urNp linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c
465 --- linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c 2009-12-02 22:51:21.000000000 -0500
466 +++ linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c 2009-12-14 18:33:51.171158507 -0500
467 @@ -891,7 +891,7 @@ static void sharpsl_apm_get_power_status
471 -static struct platform_suspend_ops sharpsl_pm_ops = {
472 +static const struct platform_suspend_ops sharpsl_pm_ops = {
473 .prepare = pxa_pm_prepare,
474 .finish = pxa_pm_finish,
475 .enter = corgi_pxa_pm_enter,
476 diff -urNp linux-2.6.32.1/arch/arm/mach-sa1100/pm.c linux-2.6.32.1/arch/arm/mach-sa1100/pm.c
477 --- linux-2.6.32.1/arch/arm/mach-sa1100/pm.c 2009-12-02 22:51:21.000000000 -0500
478 +++ linux-2.6.32.1/arch/arm/mach-sa1100/pm.c 2009-12-14 18:33:51.171158507 -0500
479 @@ -120,7 +120,7 @@ unsigned long sleep_phys_sp(void *sp)
480 return virt_to_phys(sp);
483 -static struct platform_suspend_ops sa11x0_pm_ops = {
484 +static const struct platform_suspend_ops sa11x0_pm_ops = {
485 .enter = sa11x0_pm_enter,
486 .valid = suspend_valid_only_mem,
488 diff -urNp linux-2.6.32.1/arch/arm/mm/mmap.c linux-2.6.32.1/arch/arm/mm/mmap.c
489 --- linux-2.6.32.1/arch/arm/mm/mmap.c 2009-12-02 22:51:21.000000000 -0500
490 +++ linux-2.6.32.1/arch/arm/mm/mmap.c 2009-12-14 18:33:51.172149632 -0500
491 @@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp
495 +#ifdef CONFIG_PAX_RANDMMAP
496 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
501 addr = COLOUR_ALIGN(addr, pgoff);
502 @@ -74,10 +78,10 @@ arch_get_unmapped_area(struct file *filp
505 if (len > mm->cached_hole_size) {
506 - start_addr = addr = mm->free_area_cache;
507 + start_addr = addr = mm->free_area_cache;
509 - start_addr = addr = TASK_UNMAPPED_BASE;
510 - mm->cached_hole_size = 0;
511 + start_addr = addr = mm->mmap_base;
512 + mm->cached_hole_size = 0;
516 @@ -93,8 +97,8 @@ full_search:
517 * Start a new search - just in case we missed
520 - if (start_addr != TASK_UNMAPPED_BASE) {
521 - start_addr = addr = TASK_UNMAPPED_BASE;
522 + if (start_addr != mm->mmap_base) {
523 + start_addr = addr = mm->mmap_base;
524 mm->cached_hole_size = 0;
527 diff -urNp linux-2.6.32.1/arch/arm/plat-s3c/pm.c linux-2.6.32.1/arch/arm/plat-s3c/pm.c
528 --- linux-2.6.32.1/arch/arm/plat-s3c/pm.c 2009-12-02 22:51:21.000000000 -0500
529 +++ linux-2.6.32.1/arch/arm/plat-s3c/pm.c 2009-12-14 18:33:51.172149632 -0500
530 @@ -355,7 +355,7 @@ static void s3c_pm_finish(void)
531 s3c_pm_check_cleanup();
534 -static struct platform_suspend_ops s3c_pm_ops = {
535 +static const struct platform_suspend_ops s3c_pm_ops = {
536 .enter = s3c_pm_enter,
537 .prepare = s3c_pm_prepare,
538 .finish = s3c_pm_finish,
539 diff -urNp linux-2.6.32.1/arch/avr32/include/asm/atomic.h linux-2.6.32.1/arch/avr32/include/asm/atomic.h
540 --- linux-2.6.32.1/arch/avr32/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
541 +++ linux-2.6.32.1/arch/avr32/include/asm/atomic.h 2009-12-14 18:33:51.172149632 -0500
543 #define ATOMIC_INIT(i) { (i) }
545 #define atomic_read(v) ((v)->counter)
546 +#define atomic_read_unchecked(v) ((v)->counter)
547 #define atomic_set(v, i) (((v)->counter) = i)
548 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
551 * atomic_sub_return - subtract the atomic variable
552 @@ -48,6 +50,18 @@ static inline int atomic_sub_return(int
556 + * atomic_sub_return_unchecked - subtract the atomic variable
557 + * @i: integer value to subtract
558 + * @v: pointer of type atomic_unchecked_t
560 + * Atomically subtracts @i from @v. Returns the resulting value.
562 +static inline int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v)
564 + return atomic_sub_return(i, (atomic_t *)v);
568 * atomic_add_return - add integer to atomic variable
569 * @i: integer value to add
570 * @v: pointer of type atomic_t
571 @@ -76,6 +90,18 @@ static inline int atomic_add_return(int
575 + * atomic_add_return_unchecked - add integer to atomic variable
576 + * @i: integer value to add
577 + * @v: pointer of type atomic_unchecked_t
579 + * Atomically adds @i to @v. Returns the resulting value.
581 +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
583 + return atomic_add_return(i, (atomic_t *)v);
587 * atomic_sub_unless - sub unless the number is a given value
588 * @v: pointer of type atomic_t
589 * @a: the amount to add to v...
590 @@ -176,9 +202,12 @@ static inline int atomic_sub_if_positive
591 #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
593 #define atomic_sub(i, v) (void)atomic_sub_return(i, v)
594 +#define atomic_sub_unchecked(i, v) (void)atomic_sub_return_unchecked(i, v)
595 #define atomic_add(i, v) (void)atomic_add_return(i, v)
596 +#define atomic_add_unchecked(i, v) (void)atomic_add_return_unchecked(i, v)
597 #define atomic_dec(v) atomic_sub(1, (v))
598 #define atomic_inc(v) atomic_add(1, (v))
599 +#define atomic_inc_unchecked(v) (void)atomic_add_return_unchecked(1, (v))
601 #define atomic_dec_return(v) atomic_sub_return(1, v)
602 #define atomic_inc_return(v) atomic_add_return(1, v)
603 diff -urNp linux-2.6.32.1/arch/avr32/include/asm/elf.h linux-2.6.32.1/arch/avr32/include/asm/elf.h
604 --- linux-2.6.32.1/arch/avr32/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
605 +++ linux-2.6.32.1/arch/avr32/include/asm/elf.h 2009-12-14 18:33:51.172149632 -0500
606 @@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
607 the loader. We need to make sure that it is out of the way of the program
608 that it will "exec", and that there is sufficient room for the brk. */
610 -#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
611 +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
613 +#ifdef CONFIG_PAX_ASLR
614 +#define PAX_ELF_ET_DYN_BASE 0x00001000UL
616 +#define PAX_DELTA_MMAP_LEN 15
617 +#define PAX_DELTA_STACK_LEN 15
620 /* This yields a mask that user programs can use to figure out what
621 instruction set this CPU supports. This could be done in user space,
622 diff -urNp linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h
623 --- linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
624 +++ linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h 2009-12-14 18:33:51.173167798 -0500
625 @@ -22,7 +22,8 @@ D(10) KM_IRQ0,
635 diff -urNp linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c
636 --- linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c 2009-12-02 22:51:21.000000000 -0500
637 +++ linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c 2009-12-14 18:33:51.173167798 -0500
638 @@ -176,7 +176,7 @@ out:
642 -static struct platform_suspend_ops avr32_pm_ops = {
643 +static const struct platform_suspend_ops avr32_pm_ops = {
644 .valid = avr32_pm_valid_state,
645 .enter = avr32_pm_enter,
647 diff -urNp linux-2.6.32.1/arch/avr32/mm/fault.c linux-2.6.32.1/arch/avr32/mm/fault.c
648 --- linux-2.6.32.1/arch/avr32/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
649 +++ linux-2.6.32.1/arch/avr32/mm/fault.c 2009-12-14 18:33:51.173167798 -0500
650 @@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
652 int exception_trace = 1;
654 +#ifdef CONFIG_PAX_PAGEEXEC
655 +void pax_report_insns(void *pc, void *sp)
659 + printk(KERN_ERR "PAX: bytes at PC: ");
660 + for (i = 0; i < 20; i++) {
662 + if (get_user(c, (unsigned char *)pc+i))
663 + printk(KERN_CONT "???????? ");
665 + printk(KERN_CONT "%02x ", c);
672 * This routine handles page faults. It determines the address and the
673 * problem, and then passes it off to one of the appropriate routines.
674 @@ -157,6 +174,16 @@ bad_area:
675 up_read(&mm->mmap_sem);
677 if (user_mode(regs)) {
679 +#ifdef CONFIG_PAX_PAGEEXEC
680 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
681 + if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
682 + pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
683 + do_group_exit(SIGKILL);
688 if (exception_trace && printk_ratelimit())
689 printk("%s%s[%d]: segfault at %08lx pc %08lx "
690 "sp %08lx ecr %lu\n",
691 diff -urNp linux-2.6.32.1/arch/blackfin/include/asm/atomic.h linux-2.6.32.1/arch/blackfin/include/asm/atomic.h
692 --- linux-2.6.32.1/arch/blackfin/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
693 +++ linux-2.6.32.1/arch/blackfin/include/asm/atomic.h 2009-12-14 18:33:51.173803102 -0500
696 #define ATOMIC_INIT(i) { (i) }
697 #define atomic_set(v, i) (((v)->counter) = i)
698 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
700 #define atomic_read(v) __raw_uncached_fetch_asm(&(v)->counter)
701 +#define atomic_read_unchecked(v) __raw_uncached_fetch_asm(&(v)->counter)
703 asmlinkage int __raw_uncached_fetch_asm(const volatile int *ptr);
705 @@ -41,11 +43,21 @@ static inline void atomic_add(int i, ato
706 __raw_atomic_update_asm(&v->counter, i);
709 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
711 + atomic_add(i, (atomic_t *)v);
714 static inline void atomic_sub(int i, atomic_t *v)
716 __raw_atomic_update_asm(&v->counter, -i);
719 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
721 + atomic_sub(i, (atomic_t *)v);
724 static inline int atomic_add_return(int i, atomic_t *v)
726 return __raw_atomic_update_asm(&v->counter, i);
727 @@ -61,6 +73,11 @@ static inline void atomic_inc(volatile a
728 __raw_atomic_update_asm(&v->counter, 1);
731 +static inline void atomic_inc_unchecked(volatile atomic_unchecked_t *v)
733 + atomic_inc((atomic_t *)v);
736 static inline void atomic_dec(volatile atomic_t *v)
738 __raw_atomic_update_asm(&v->counter, -1);
739 diff -urNp linux-2.6.32.1/arch/blackfin/kernel/kgdb.c linux-2.6.32.1/arch/blackfin/kernel/kgdb.c
740 --- linux-2.6.32.1/arch/blackfin/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
741 +++ linux-2.6.32.1/arch/blackfin/kernel/kgdb.c 2009-12-14 18:33:51.177167154 -0500
742 @@ -428,7 +428,7 @@ int kgdb_arch_handle_exception(int vecto
743 return -1; /* this means that we do not want to exit from the handler */
746 -struct kgdb_arch arch_kgdb_ops = {
747 +const struct kgdb_arch arch_kgdb_ops = {
748 .gdb_bpt_instr = {0xa1},
750 .flags = KGDB_HW_BREAKPOINT|KGDB_THR_PROC_SWAP,
751 diff -urNp linux-2.6.32.1/arch/blackfin/mach-common/pm.c linux-2.6.32.1/arch/blackfin/mach-common/pm.c
752 --- linux-2.6.32.1/arch/blackfin/mach-common/pm.c 2009-12-02 22:51:21.000000000 -0500
753 +++ linux-2.6.32.1/arch/blackfin/mach-common/pm.c 2009-12-14 18:33:51.177167154 -0500
754 @@ -255,7 +255,7 @@ static int bfin_pm_enter(suspend_state_t
758 -struct platform_suspend_ops bfin_pm_ops = {
759 +const struct platform_suspend_ops bfin_pm_ops = {
760 .enter = bfin_pm_enter,
761 .valid = bfin_pm_valid,
763 diff -urNp linux-2.6.32.1/arch/cris/include/asm/atomic.h linux-2.6.32.1/arch/cris/include/asm/atomic.h
764 --- linux-2.6.32.1/arch/cris/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
765 +++ linux-2.6.32.1/arch/cris/include/asm/atomic.h 2009-12-14 18:33:51.177167154 -0500
767 #define ATOMIC_INIT(i) { (i) }
769 #define atomic_read(v) ((v)->counter)
770 +#define atomic_read_unchecked(v) ((v)->counter)
771 #define atomic_set(v,i) (((v)->counter) = (i))
772 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
774 /* These should be written in asm but we do it in C for now. */
776 @@ -28,6 +30,11 @@ static inline void atomic_add(int i, vol
777 cris_atomic_restore(v, flags);
780 +static inline void atomic_add_unchecked(int i, volatile atomic_unchecked_t *v)
782 + atomic_add(i, (volatile atomic_t *)v);
785 static inline void atomic_sub(int i, volatile atomic_t *v)
788 @@ -36,6 +43,11 @@ static inline void atomic_sub(int i, vol
789 cris_atomic_restore(v, flags);
792 +static inline void atomic_sub_unchecked(int i, volatile atomic_unchecked_t *v)
794 + atomic_sub(i, (volatile atomic_t *)v);
797 static inline int atomic_add_return(int i, volatile atomic_t *v)
800 @@ -76,6 +88,11 @@ static inline void atomic_inc(volatile a
801 cris_atomic_restore(v, flags);
804 +static inline void atomic_inc_unchecked(volatile atomic_unchecked_t *v)
806 + atomic_inc((volatile atomic_t *)v);
809 static inline void atomic_dec(volatile atomic_t *v)
812 diff -urNp linux-2.6.32.1/arch/frv/include/asm/atomic.h linux-2.6.32.1/arch/frv/include/asm/atomic.h
813 --- linux-2.6.32.1/arch/frv/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
814 +++ linux-2.6.32.1/arch/frv/include/asm/atomic.h 2009-12-14 18:33:51.177167154 -0500
817 #define ATOMIC_INIT(i) { (i) }
818 #define atomic_read(v) ((v)->counter)
819 +#define atomic_read_unchecked(v) ((v)->counter)
820 #define atomic_set(v, i) (((v)->counter) = (i))
821 +#define atomic_set_unchecked(v, i) (((v)->counter) = (i))
823 #ifndef CONFIG_FRV_OUTOFLINE_ATOMIC_OPS
824 static inline int atomic_add_return(int i, atomic_t *v)
825 @@ -99,16 +101,31 @@ static inline void atomic_add(int i, ato
826 atomic_add_return(i, v);
829 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
831 + atomic_add_return(i, (atomic_t *)v);
834 static inline void atomic_sub(int i, atomic_t *v)
836 atomic_sub_return(i, v);
839 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
841 + atomic_sub_return(i, (atomic_t *)v);
844 static inline void atomic_inc(atomic_t *v)
846 atomic_add_return(1, v);
849 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
851 + atomic_add_return(1, (atomic_t *)v);
854 static inline void atomic_dec(atomic_t *v)
856 atomic_sub_return(1, v);
857 diff -urNp linux-2.6.32.1/arch/frv/include/asm/kmap_types.h linux-2.6.32.1/arch/frv/include/asm/kmap_types.h
858 --- linux-2.6.32.1/arch/frv/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
859 +++ linux-2.6.32.1/arch/frv/include/asm/kmap_types.h 2009-12-14 18:33:51.178173575 -0500
860 @@ -23,6 +23,7 @@ enum km_type {
868 diff -urNp linux-2.6.32.1/arch/h8300/include/asm/atomic.h linux-2.6.32.1/arch/h8300/include/asm/atomic.h
869 --- linux-2.6.32.1/arch/h8300/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
870 +++ linux-2.6.32.1/arch/h8300/include/asm/atomic.h 2009-12-14 18:33:51.178173575 -0500
872 #define ATOMIC_INIT(i) { (i) }
874 #define atomic_read(v) ((v)->counter)
875 +#define atomic_read_unchecked(v) ((v)->counter)
876 #define atomic_set(v, i) (((v)->counter) = i)
877 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
879 #include <asm/system.h>
880 #include <linux/kernel.h>
881 @@ -25,7 +27,13 @@ static __inline__ int atomic_add_return(
885 +static __inline__ int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
887 + return atomic_add_return(i, (atomic_t *)v);
890 #define atomic_add(i, v) atomic_add_return(i, v)
891 +#define atomic_add_unchecked(i, v) atomic_add_return_unchecked(i, v)
892 #define atomic_add_negative(a, v) (atomic_add_return((a), (v)) < 0)
894 static __inline__ int atomic_sub_return(int i, atomic_t *v)
895 @@ -37,7 +45,13 @@ static __inline__ int atomic_sub_return(
899 +static __inline__ int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v)
901 + return atomic_sub_return(i, (atomic_t *)v);
904 #define atomic_sub(i, v) atomic_sub_return(i, v)
905 +#define atomic_sub_unchecked(i, v) atomic_sub_return_unchecked(i, v)
906 #define atomic_sub_and_test(i,v) (atomic_sub_return(i, v) == 0)
908 static __inline__ int atomic_inc_return(atomic_t *v)
909 @@ -50,7 +64,13 @@ static __inline__ int atomic_inc_return(
913 +static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v)
915 + return atomic_inc_return((atomic_t *)v);
918 #define atomic_inc(v) atomic_inc_return(v)
919 +#define atomic_inc_unchecked(v) atomic_inc_return_unchecked(v)
922 * atomic_inc_and_test - increment and test
923 diff -urNp linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c
924 --- linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c 2009-12-02 22:51:21.000000000 -0500
925 +++ linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c 2009-12-14 18:33:51.178173575 -0500
927 #include <linux/swiotlb.h>
928 #include <asm/machvec.h>
930 -extern struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
931 +extern const struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
933 /* swiotlb declarations & definitions: */
934 extern int swiotlb_late_init_with_default_size (size_t size);
935 @@ -33,7 +33,7 @@ static inline int use_swiotlb(struct dev
936 !sba_dma_ops.dma_supported(dev, *dev->dma_mask);
939 -struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
940 +const struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
942 if (use_swiotlb(dev))
943 return &swiotlb_dma_ops;
944 diff -urNp linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c
945 --- linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c 2009-12-02 22:51:21.000000000 -0500
946 +++ linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c 2009-12-14 18:33:51.302103882 -0500
947 @@ -2077,7 +2077,7 @@ static struct acpi_driver acpi_sba_ioc_d
951 -extern struct dma_map_ops swiotlb_dma_ops;
952 +extern const struct dma_map_ops swiotlb_dma_ops;
956 @@ -2191,7 +2191,7 @@ sba_page_override(char *str)
958 __setup("sbapagesize=",sba_page_override);
960 -struct dma_map_ops sba_dma_ops = {
961 +const struct dma_map_ops sba_dma_ops = {
962 .alloc_coherent = sba_alloc_coherent,
963 .free_coherent = sba_free_coherent,
964 .map_page = sba_map_page,
965 diff -urNp linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c
966 --- linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c 2009-12-02 22:51:21.000000000 -0500
967 +++ linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c 2009-12-14 18:33:51.302103882 -0500
968 @@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
970 #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
972 +#ifdef CONFIG_PAX_ASLR
973 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
975 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
976 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
979 /* Ugly but avoids duplication */
980 #include "../../../fs/binfmt_elf.c"
982 diff -urNp linux-2.6.32.1/arch/ia64/ia32/ia32priv.h linux-2.6.32.1/arch/ia64/ia32/ia32priv.h
983 --- linux-2.6.32.1/arch/ia64/ia32/ia32priv.h 2009-12-02 22:51:21.000000000 -0500
984 +++ linux-2.6.32.1/arch/ia64/ia32/ia32priv.h 2009-12-14 18:33:51.302908495 -0500
985 @@ -296,7 +296,14 @@ typedef struct compat_siginfo {
986 #define ELF_DATA ELFDATA2LSB
987 #define ELF_ARCH EM_386
989 -#define IA32_STACK_TOP IA32_PAGE_OFFSET
990 +#ifdef CONFIG_PAX_RANDUSTACK
991 +#define __IA32_DELTA_STACK (current->mm->delta_stack)
993 +#define __IA32_DELTA_STACK 0UL
996 +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
998 #define IA32_GATE_OFFSET IA32_PAGE_OFFSET
999 #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
1001 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/atomic.h linux-2.6.32.1/arch/ia64/include/asm/atomic.h
1002 --- linux-2.6.32.1/arch/ia64/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1003 +++ linux-2.6.32.1/arch/ia64/include/asm/atomic.h 2009-12-14 18:33:51.302908495 -0500
1005 #define ATOMIC64_INIT(i) ((atomic64_t) { (i) })
1007 #define atomic_read(v) ((v)->counter)
1008 +#define atomic_read_unchecked(v) ((v)->counter)
1009 #define atomic64_read(v) ((v)->counter)
1011 #define atomic_set(v,i) (((v)->counter) = (i))
1012 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
1013 #define atomic64_set(v,i) (((v)->counter) = (i))
1015 static __inline__ int
1016 @@ -201,8 +203,11 @@ atomic64_add_negative (__s64 i, atomic64
1017 #define atomic64_inc_and_test(v) (atomic64_add_return(1, (v)) == 0)
1019 #define atomic_add(i,v) atomic_add_return((i), (v))
1020 +#define atomic_add_unchecked(i,v) atomic_add((i), (atomic_t *)(v))
1021 #define atomic_sub(i,v) atomic_sub_return((i), (v))
1022 +#define atomic_sub_unchecked(i,v) atomic_sub((i), (atomic_t *)(v))
1023 #define atomic_inc(v) atomic_add(1, (v))
1024 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
1025 #define atomic_dec(v) atomic_sub(1, (v))
1027 #define atomic64_add(i,v) atomic64_add_return((i), (v))
1028 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h
1029 --- linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
1030 +++ linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h 2009-12-14 18:33:51.302908495 -0500
1033 #define ARCH_HAS_DMA_GET_REQUIRED_MASK
1035 -extern struct dma_map_ops *dma_ops;
1036 +extern const struct dma_map_ops *dma_ops;
1037 extern struct ia64_machine_vector ia64_mv;
1038 extern void set_iommu_machvec(void);
1040 @@ -24,7 +24,7 @@ extern void machvec_dma_sync_sg(struct d
1041 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
1042 dma_addr_t *daddr, gfp_t gfp)
1044 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1045 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1048 caddr = ops->alloc_coherent(dev, size, daddr, gfp);
1049 @@ -35,7 +35,7 @@ static inline void *dma_alloc_coherent(s
1050 static inline void dma_free_coherent(struct device *dev, size_t size,
1051 void *caddr, dma_addr_t daddr)
1053 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1054 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1055 debug_dma_free_coherent(dev, size, caddr, daddr);
1056 ops->free_coherent(dev, size, caddr, daddr);
1058 @@ -49,13 +49,13 @@ static inline void dma_free_coherent(str
1060 static inline int dma_mapping_error(struct device *dev, dma_addr_t daddr)
1062 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1063 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1064 return ops->mapping_error(dev, daddr);
1067 static inline int dma_supported(struct device *dev, u64 mask)
1069 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1070 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1071 return ops->dma_supported(dev, mask);
1074 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/elf.h linux-2.6.32.1/arch/ia64/include/asm/elf.h
1075 --- linux-2.6.32.1/arch/ia64/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
1076 +++ linux-2.6.32.1/arch/ia64/include/asm/elf.h 2009-12-14 18:33:51.302908495 -0500
1079 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
1081 +#ifdef CONFIG_PAX_ASLR
1082 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
1084 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
1085 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
1088 #define PT_IA_64_UNWIND 0x70000001
1090 /* IA-64 relocations: */
1091 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/machvec.h linux-2.6.32.1/arch/ia64/include/asm/machvec.h
1092 --- linux-2.6.32.1/arch/ia64/include/asm/machvec.h 2009-12-02 22:51:21.000000000 -0500
1093 +++ linux-2.6.32.1/arch/ia64/include/asm/machvec.h 2009-12-14 18:33:51.325178548 -0500
1094 @@ -45,7 +45,7 @@ typedef void ia64_mv_kernel_launch_event
1095 /* DMA-mapping interface: */
1096 typedef void ia64_mv_dma_init (void);
1097 typedef u64 ia64_mv_dma_get_required_mask (struct device *);
1098 -typedef struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
1099 +typedef const struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
1102 * WARNING: The legacy I/O space is _architected_. Platforms are
1103 @@ -251,7 +251,7 @@ extern void machvec_init_from_cmdline(co
1104 # endif /* CONFIG_IA64_GENERIC */
1106 extern void swiotlb_dma_init(void);
1107 -extern struct dma_map_ops *dma_get_ops(struct device *);
1108 +extern const struct dma_map_ops *dma_get_ops(struct device *);
1111 * Define default versions so we can extend machvec for new platforms without having
1112 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/pgtable.h linux-2.6.32.1/arch/ia64/include/asm/pgtable.h
1113 --- linux-2.6.32.1/arch/ia64/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
1114 +++ linux-2.6.32.1/arch/ia64/include/asm/pgtable.h 2009-12-14 18:33:51.325178548 -0500
1115 @@ -143,6 +143,17 @@
1116 #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1117 #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1118 #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
1120 +#ifdef CONFIG_PAX_PAGEEXEC
1121 +# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
1122 +# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1123 +# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1125 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
1126 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
1127 +# define PAGE_COPY_NOEXEC PAGE_COPY
1130 #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
1131 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
1132 #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
1133 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/uaccess.h linux-2.6.32.1/arch/ia64/include/asm/uaccess.h
1134 --- linux-2.6.32.1/arch/ia64/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
1135 +++ linux-2.6.32.1/arch/ia64/include/asm/uaccess.h 2009-12-14 18:33:51.326163123 -0500
1136 @@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
1137 const void *__cu_from = (from); \
1138 long __cu_len = (n); \
1140 - if (__access_ok(__cu_to, __cu_len, get_fs())) \
1141 + if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) \
1142 __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
1145 @@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
1146 long __cu_len = (n); \
1148 __chk_user_ptr(__cu_from); \
1149 - if (__access_ok(__cu_from, __cu_len, get_fs())) \
1150 + if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) \
1151 __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \
1154 diff -urNp linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c
1155 --- linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c 2009-12-02 22:51:21.000000000 -0500
1156 +++ linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c 2009-12-14 18:33:51.326163123 -0500
1158 /* Set this to 1 if there is a HW IOMMU in the system */
1159 int iommu_detected __read_mostly;
1161 -struct dma_map_ops *dma_ops;
1162 +const struct dma_map_ops *dma_ops;
1163 EXPORT_SYMBOL(dma_ops);
1165 #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16)
1166 @@ -16,7 +16,7 @@ static int __init dma_init(void)
1168 fs_initcall(dma_init);
1170 -struct dma_map_ops *dma_get_ops(struct device *dev)
1171 +const struct dma_map_ops *dma_get_ops(struct device *dev)
1175 diff -urNp linux-2.6.32.1/arch/ia64/kernel/module.c linux-2.6.32.1/arch/ia64/kernel/module.c
1176 --- linux-2.6.32.1/arch/ia64/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
1177 +++ linux-2.6.32.1/arch/ia64/kernel/module.c 2009-12-14 18:33:51.326163123 -0500
1178 @@ -315,8 +315,7 @@ module_alloc (unsigned long size)
1180 module_free (struct module *mod, void *module_region)
1182 - if (mod && mod->arch.init_unw_table &&
1183 - module_region == mod->module_init) {
1184 + if (mod && mod->arch.init_unw_table && module_region == mod->module_init_rx) {
1185 unw_remove_unwind_table(mod->arch.init_unw_table);
1186 mod->arch.init_unw_table = NULL;
1188 @@ -502,15 +501,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
1192 +in_init_rx (const struct module *mod, uint64_t addr)
1194 + return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
1198 +in_init_rw (const struct module *mod, uint64_t addr)
1200 + return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
1204 in_init (const struct module *mod, uint64_t addr)
1206 - return addr - (uint64_t) mod->module_init < mod->init_size;
1207 + return in_init_rx(mod, addr) || in_init_rw(mod, addr);
1211 +in_core_rx (const struct module *mod, uint64_t addr)
1213 + return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
1217 +in_core_rw (const struct module *mod, uint64_t addr)
1219 + return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
1223 in_core (const struct module *mod, uint64_t addr)
1225 - return addr - (uint64_t) mod->module_core < mod->core_size;
1226 + return in_core_rx(mod, addr) || in_core_rw(mod, addr);
1230 @@ -693,7 +716,14 @@ do_reloc (struct module *mod, uint8_t r_
1234 - val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
1235 + if (in_init_rx(mod, val))
1236 + val -= (uint64_t) mod->module_init_rx;
1237 + else if (in_init_rw(mod, val))
1238 + val -= (uint64_t) mod->module_init_rw;
1239 + else if (in_core_rx(mod, val))
1240 + val -= (uint64_t) mod->module_core_rx;
1241 + else if (in_core_rw(mod, val))
1242 + val -= (uint64_t) mod->module_core_rw;
1246 @@ -828,15 +858,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
1247 * addresses have been selected...
1250 - if (mod->core_size > MAX_LTOFF)
1251 + if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
1253 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
1254 * at the end of the module.
1256 - gp = mod->core_size - MAX_LTOFF / 2;
1257 + gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
1259 - gp = mod->core_size / 2;
1260 - gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
1261 + gp = (mod->core_size_rx + mod->core_size_rw) / 2;
1262 + gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
1264 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
1266 diff -urNp linux-2.6.32.1/arch/ia64/kernel/pci-dma.c linux-2.6.32.1/arch/ia64/kernel/pci-dma.c
1267 --- linux-2.6.32.1/arch/ia64/kernel/pci-dma.c 2009-12-02 22:51:21.000000000 -0500
1268 +++ linux-2.6.32.1/arch/ia64/kernel/pci-dma.c 2009-12-14 18:33:51.326163123 -0500
1269 @@ -43,7 +43,7 @@ struct device fallback_dev = {
1270 .dma_mask = &fallback_dev.coherent_dma_mask,
1273 -extern struct dma_map_ops intel_dma_ops;
1274 +extern const struct dma_map_ops intel_dma_ops;
1276 static int __init pci_iommu_init(void)
1278 diff -urNp linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c
1279 --- linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c 2009-12-02 22:51:21.000000000 -0500
1280 +++ linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c 2009-12-14 18:33:51.327164518 -0500
1281 @@ -21,7 +21,7 @@ static void *ia64_swiotlb_alloc_coherent
1282 return swiotlb_alloc_coherent(dev, size, dma_handle, gfp);
1285 -struct dma_map_ops swiotlb_dma_ops = {
1286 +const struct dma_map_ops swiotlb_dma_ops = {
1287 .alloc_coherent = ia64_swiotlb_alloc_coherent,
1288 .free_coherent = swiotlb_free_coherent,
1289 .map_page = swiotlb_map_page,
1290 diff -urNp linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c
1291 --- linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c 2009-12-02 22:51:21.000000000 -0500
1292 +++ linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c 2009-12-14 18:33:51.327164518 -0500
1293 @@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
1294 if (REGION_NUMBER(addr) == RGN_HPAGE)
1298 +#ifdef CONFIG_PAX_RANDMMAP
1299 + if (mm->pax_flags & MF_PAX_RANDMMAP)
1300 + addr = mm->free_area_cache;
1305 addr = mm->free_area_cache;
1307 @@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
1308 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
1309 /* At this point: (!vma || addr < vma->vm_end). */
1310 if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
1311 - if (start_addr != TASK_UNMAPPED_BASE) {
1312 + if (start_addr != mm->mmap_base) {
1313 /* Start a new search --- just in case we missed some holes. */
1314 - addr = TASK_UNMAPPED_BASE;
1315 + addr = mm->mmap_base;
1319 diff -urNp linux-2.6.32.1/arch/ia64/kernel/topology.c linux-2.6.32.1/arch/ia64/kernel/topology.c
1320 --- linux-2.6.32.1/arch/ia64/kernel/topology.c 2009-12-02 22:51:21.000000000 -0500
1321 +++ linux-2.6.32.1/arch/ia64/kernel/topology.c 2009-12-14 18:33:51.327164518 -0500
1322 @@ -282,7 +282,7 @@ static ssize_t cache_show(struct kobject
1326 -static struct sysfs_ops cache_sysfs_ops = {
1327 +static const struct sysfs_ops cache_sysfs_ops = {
1331 diff -urNp linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S
1332 --- linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S 2009-12-02 22:51:21.000000000 -0500
1333 +++ linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S 2009-12-14 18:33:51.327774824 -0500
1334 @@ -190,7 +190,7 @@ SECTIONS
1336 . = ALIGN(PERCPU_PAGE_SIZE);
1337 PERCPU_VADDR(PERCPU_ADDR, :percpu)
1338 - __phys_per_cpu_start = __per_cpu_load;
1339 + __phys_per_cpu_start = per_cpu_load;
1340 . = __phys_per_cpu_start + PERCPU_PAGE_SIZE; /* ensure percpu data fits
1341 * into percpu page size
1343 diff -urNp linux-2.6.32.1/arch/ia64/mm/fault.c linux-2.6.32.1/arch/ia64/mm/fault.c
1344 --- linux-2.6.32.1/arch/ia64/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
1345 +++ linux-2.6.32.1/arch/ia64/mm/fault.c 2009-12-14 18:33:51.327774824 -0500
1346 @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned
1347 return pte_present(pte);
1350 +#ifdef CONFIG_PAX_PAGEEXEC
1351 +void pax_report_insns(void *pc, void *sp)
1355 + printk(KERN_ERR "PAX: bytes at PC: ");
1356 + for (i = 0; i < 8; i++) {
1358 + if (get_user(c, (unsigned int *)pc+i))
1359 + printk(KERN_CONT "???????? ");
1361 + printk(KERN_CONT "%08x ", c);
1368 ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
1370 @@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long addres
1371 mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
1372 | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
1374 - if ((vma->vm_flags & mask) != mask)
1375 + if ((vma->vm_flags & mask) != mask) {
1377 +#ifdef CONFIG_PAX_PAGEEXEC
1378 + if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
1379 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
1382 + up_read(&mm->mmap_sem);
1383 + pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
1384 + do_group_exit(SIGKILL);
1394 * If for any reason at all we couldn't handle the fault, make
1395 diff -urNp linux-2.6.32.1/arch/ia64/mm/init.c linux-2.6.32.1/arch/ia64/mm/init.c
1396 --- linux-2.6.32.1/arch/ia64/mm/init.c 2009-12-02 22:51:21.000000000 -0500
1397 +++ linux-2.6.32.1/arch/ia64/mm/init.c 2009-12-14 18:33:51.327774824 -0500
1398 @@ -122,6 +122,19 @@ ia64_init_addr_space (void)
1399 vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
1400 vma->vm_end = vma->vm_start + PAGE_SIZE;
1401 vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
1403 +#ifdef CONFIG_PAX_PAGEEXEC
1404 + if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
1405 + vma->vm_flags &= ~VM_EXEC;
1407 +#ifdef CONFIG_PAX_MPROTECT
1408 + if (current->mm->pax_flags & MF_PAX_MPROTECT)
1409 + vma->vm_flags &= ~VM_MAYEXEC;
1415 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1416 down_write(¤t->mm->mmap_sem);
1417 if (insert_vm_struct(current->mm, vma)) {
1418 diff -urNp linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c
1419 --- linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c 2009-12-02 22:51:21.000000000 -0500
1420 +++ linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c 2009-12-14 18:33:51.327774824 -0500
1421 @@ -464,7 +464,7 @@ int sn_pci_legacy_write(struct pci_bus *
1425 -static struct dma_map_ops sn_dma_ops = {
1426 +static const struct dma_map_ops sn_dma_ops = {
1427 .alloc_coherent = sn_dma_alloc_coherent,
1428 .free_coherent = sn_dma_free_coherent,
1429 .map_page = sn_dma_map_page,
1430 diff -urNp linux-2.6.32.1/arch/m32r/include/asm/atomic.h linux-2.6.32.1/arch/m32r/include/asm/atomic.h
1431 --- linux-2.6.32.1/arch/m32r/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1432 +++ linux-2.6.32.1/arch/m32r/include/asm/atomic.h 2009-12-14 18:33:51.327774824 -0500
1434 #define atomic_read(v) ((v)->counter)
1437 + * atomic_read_unchecked - read atomic variable
1438 + * @v: pointer of type atomic_unchecked_t
1440 + * Atomically reads the value of @v.
1442 +#define atomic_read_unchecked(v) ((v)->counter)
1445 * atomic_set - set atomic variable
1446 * @v: pointer of type atomic_t
1447 * @i: required value
1449 #define atomic_set(v,i) (((v)->counter) = (i))
1452 + * atomic_set_unchecked - set atomic variable
1453 + * @v: pointer of type atomic_unchecked_t
1454 + * @i: required value
1456 + * Atomically sets the value of @v to @i.
1458 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
1461 * atomic_add_return - add integer to atomic variable and return it
1462 * @i: integer value to add
1463 * @v: pointer of type atomic_t
1464 @@ -308,6 +325,10 @@ static __inline__ void atomic_set_mask(u
1465 local_irq_restore(flags);
1468 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
1469 +#define atomic_add_unchecked(i,v) atomic_add((i),(atomic_t *)(v))
1470 +#define atomic_sub_unchecked(i,v) atomic_sub((i),(atomic_t *)(v))
1472 /* Atomic operations are already serializing on m32r */
1473 #define smp_mb__before_atomic_dec() barrier()
1474 #define smp_mb__after_atomic_dec() barrier()
1475 diff -urNp linux-2.6.32.1/arch/m32r/lib/usercopy.c linux-2.6.32.1/arch/m32r/lib/usercopy.c
1476 --- linux-2.6.32.1/arch/m32r/lib/usercopy.c 2009-12-02 22:51:21.000000000 -0500
1477 +++ linux-2.6.32.1/arch/m32r/lib/usercopy.c 2009-12-14 18:33:51.329164039 -0500
1480 __generic_copy_to_user(void __user *to, const void *from, unsigned long n)
1486 if (access_ok(VERIFY_WRITE, to, n))
1487 __copy_user(to,from,n);
1488 @@ -23,6 +26,9 @@ __generic_copy_to_user(void __user *to,
1490 __generic_copy_from_user(void *to, const void __user *from, unsigned long n)
1496 if (access_ok(VERIFY_READ, from, n))
1497 __copy_user_zeroing(to,from,n);
1498 diff -urNp linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h
1499 --- linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h 2009-12-02 22:51:21.000000000 -0500
1500 +++ linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h 2009-12-14 18:33:51.445181863 -0500
1502 #define ATOMIC_INIT(i) { (i) }
1504 #define atomic_read(v) ((v)->counter)
1505 +#define atomic_read_unchecked(v) ((v)->counter)
1506 #define atomic_set(v, i) (((v)->counter) = i)
1507 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
1509 static inline void atomic_add(int i, atomic_t *v)
1511 __asm__ __volatile__("addl %1,%0" : "+m" (*v) : "id" (i));
1514 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
1516 + atomic_add(i, (atomic_t *)v);
1519 static inline void atomic_sub(int i, atomic_t *v)
1521 __asm__ __volatile__("subl %1,%0" : "+m" (*v) : "id" (i));
1524 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
1526 + atomic_sub(i, (atomic_t *)v);
1529 static inline void atomic_inc(atomic_t *v)
1531 __asm__ __volatile__("addql #1,%0" : "+m" (*v));
1534 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
1536 + atomic_inc((atomic_t *)v);
1539 static inline void atomic_dec(atomic_t *v)
1541 __asm__ __volatile__("subql #1,%0" : "+m" (*v));
1542 diff -urNp linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h
1543 --- linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h 2009-12-02 22:51:21.000000000 -0500
1544 +++ linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h 2009-12-14 18:33:51.445181863 -0500
1546 #define ATOMIC_INIT(i) { (i) }
1548 #define atomic_read(v) ((v)->counter)
1549 +#define atomic_read_unchecked(v) ((v)->counter)
1550 #define atomic_set(v, i) (((v)->counter) = i)
1551 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
1553 static __inline__ void atomic_add(int i, atomic_t *v)
1555 @@ -27,6 +29,11 @@ static __inline__ void atomic_add(int i,
1559 +static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t *v)
1561 + atomic_add(i, (atomic_t *)v);
1564 static __inline__ void atomic_sub(int i, atomic_t *v)
1566 #ifdef CONFIG_COLDFIRE
1567 @@ -36,6 +43,11 @@ static __inline__ void atomic_sub(int i,
1571 +static __inline__ void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
1573 + atomic_sub(i, (atomic_t *)v);
1576 static __inline__ int atomic_sub_and_test(int i, atomic_t * v)
1579 @@ -56,6 +68,11 @@ static __inline__ void atomic_inc(volati
1580 __asm__ __volatile__("addql #1,%0" : "+m" (*v));
1583 +static __inline__ void atomic_inc_unchecked(volatile atomic_unchecked_t *v)
1585 + atomic_inc((volatile atomic_t *)v);
1589 * atomic_inc_and_test - increment and test
1590 * @v: pointer of type atomic_t
1591 diff -urNp linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c
1592 --- linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c 2009-12-02 22:51:21.000000000 -0500
1593 +++ linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c 2009-12-14 18:33:51.446179829 -0500
1594 @@ -78,7 +78,7 @@ static void db1x_pm_end(void)
1598 -static struct platform_suspend_ops db1x_pm_ops = {
1599 +static const struct platform_suspend_ops db1x_pm_ops = {
1600 .valid = suspend_valid_only_mem,
1601 .begin = db1x_pm_begin,
1602 .enter = db1x_pm_enter,
1603 diff -urNp linux-2.6.32.1/arch/mips/include/asm/atomic.h linux-2.6.32.1/arch/mips/include/asm/atomic.h
1604 --- linux-2.6.32.1/arch/mips/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1605 +++ linux-2.6.32.1/arch/mips/include/asm/atomic.h 2009-12-14 18:33:51.446179829 -0500
1607 #define atomic_read(v) ((v)->counter)
1610 + * atomic_read_unchecked - read atomic variable
1611 + * @v: pointer of type atomic_unchecked_t
1613 + * Atomically reads the value of @v.
1615 +#define atomic_read_unchecked(v) ((v)->counter)
1618 * atomic_set - set atomic variable
1619 * @v: pointer of type atomic_t
1620 * @i: required value
1622 #define atomic_set(v, i) ((v)->counter = (i))
1625 + * atomic_set_unchecked - set atomic variable
1626 + * @v: pointer of type atomic_unchecked_t
1627 + * @i: required value
1629 + * Atomically sets the value of @v to @i.
1631 +#define atomic_set_unchecked(v, i) ((v)->counter = (i))
1634 * atomic_add - add integer to atomic variable
1635 * @i: integer value to add
1636 * @v: pointer of type atomic_t
1637 @@ -381,6 +398,9 @@ static __inline__ int atomic_add_unless(
1638 * Atomically increments @v by 1.
1640 #define atomic_inc(v) atomic_add(1, (v))
1641 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
1642 +#define atomic_add_unchecked(i, v) atomic_add((i), (atomic_t *)(v))
1643 +#define atomic_sub_unchecked(i, v) atomic_sub((i), (atomic_t *)(v))
1646 * atomic_dec - decrement and test
1647 diff -urNp linux-2.6.32.1/arch/mips/include/asm/elf.h linux-2.6.32.1/arch/mips/include/asm/elf.h
1648 --- linux-2.6.32.1/arch/mips/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
1649 +++ linux-2.6.32.1/arch/mips/include/asm/elf.h 2009-12-14 18:33:51.446179829 -0500
1650 @@ -368,4 +368,11 @@ extern int dump_task_fpu(struct task_str
1651 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
1654 +#ifdef CONFIG_PAX_ASLR
1655 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1657 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1658 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1661 #endif /* _ASM_ELF_H */
1662 diff -urNp linux-2.6.32.1/arch/mips/include/asm/page.h linux-2.6.32.1/arch/mips/include/asm/page.h
1663 --- linux-2.6.32.1/arch/mips/include/asm/page.h 2009-12-02 22:51:21.000000000 -0500
1664 +++ linux-2.6.32.1/arch/mips/include/asm/page.h 2009-12-14 18:33:51.446179829 -0500
1665 @@ -93,7 +93,7 @@ extern void copy_user_highpage(struct pa
1666 #ifdef CONFIG_CPU_MIPS32
1667 typedef struct { unsigned long pte_low, pte_high; } pte_t;
1668 #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
1669 - #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
1670 + #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
1672 typedef struct { unsigned long long pte; } pte_t;
1673 #define pte_val(x) ((x).pte)
1674 diff -urNp linux-2.6.32.1/arch/mips/include/asm/system.h linux-2.6.32.1/arch/mips/include/asm/system.h
1675 --- linux-2.6.32.1/arch/mips/include/asm/system.h 2009-12-02 22:51:21.000000000 -0500
1676 +++ linux-2.6.32.1/arch/mips/include/asm/system.h 2009-12-14 18:33:51.446179829 -0500
1677 @@ -230,6 +230,6 @@ extern void per_cpu_trap_init(void);
1679 #define __ARCH_WANT_UNLOCKED_CTXSW
1681 -extern unsigned long arch_align_stack(unsigned long sp);
1682 +#define arch_align_stack(x) ((x) & ALMASK)
1684 #endif /* _ASM_SYSTEM_H */
1685 diff -urNp linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c
1686 --- linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c 2009-12-02 22:51:21.000000000 -0500
1687 +++ linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c 2009-12-14 18:33:51.447180802 -0500
1688 @@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1689 #undef ELF_ET_DYN_BASE
1690 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1692 +#ifdef CONFIG_PAX_ASLR
1693 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1695 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1696 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1699 #include <asm/processor.h>
1700 #include <linux/module.h>
1701 #include <linux/elfcore.h>
1702 diff -urNp linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c
1703 --- linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c 2009-12-02 22:51:21.000000000 -0500
1704 +++ linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c 2009-12-14 18:33:51.447180802 -0500
1705 @@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1706 #undef ELF_ET_DYN_BASE
1707 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1709 +#ifdef CONFIG_PAX_ASLR
1710 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1712 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1713 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1716 #include <asm/processor.h>
1719 diff -urNp linux-2.6.32.1/arch/mips/kernel/kgdb.c linux-2.6.32.1/arch/mips/kernel/kgdb.c
1720 --- linux-2.6.32.1/arch/mips/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
1721 +++ linux-2.6.32.1/arch/mips/kernel/kgdb.c 2009-12-14 18:33:51.447180802 -0500
1722 @@ -245,6 +245,7 @@ int kgdb_arch_handle_exception(int vecto
1726 +/* cannot be const */
1727 struct kgdb_arch arch_kgdb_ops;
1730 diff -urNp linux-2.6.32.1/arch/mips/kernel/process.c linux-2.6.32.1/arch/mips/kernel/process.c
1731 --- linux-2.6.32.1/arch/mips/kernel/process.c 2009-12-02 22:51:21.000000000 -0500
1732 +++ linux-2.6.32.1/arch/mips/kernel/process.c 2009-12-14 18:33:51.452179193 -0500
1733 @@ -470,15 +470,3 @@ unsigned long get_wchan(struct task_stru
1739 - * Don't forget that the stack pointer must be aligned on a 8 bytes
1740 - * boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
1742 -unsigned long arch_align_stack(unsigned long sp)
1744 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1745 - sp -= get_random_int() & ~PAGE_MASK;
1747 - return sp & ALMASK;
1749 diff -urNp linux-2.6.32.1/arch/mips/kernel/syscall.c linux-2.6.32.1/arch/mips/kernel/syscall.c
1750 --- linux-2.6.32.1/arch/mips/kernel/syscall.c 2009-12-02 22:51:21.000000000 -0500
1751 +++ linux-2.6.32.1/arch/mips/kernel/syscall.c 2009-12-14 18:33:51.452742593 -0500
1752 @@ -101,6 +101,11 @@ unsigned long arch_get_unmapped_area(str
1754 if (filp || (flags & MAP_SHARED))
1757 +#ifdef CONFIG_PAX_RANDMMAP
1758 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
1763 addr = COLOUR_ALIGN(addr, pgoff);
1764 @@ -111,7 +116,7 @@ unsigned long arch_get_unmapped_area(str
1765 (!vmm || addr + len <= vmm->vm_start))
1768 - addr = TASK_UNMAPPED_BASE;
1769 + addr = current->mm->mmap_base;
1771 addr = COLOUR_ALIGN(addr, pgoff);
1773 diff -urNp linux-2.6.32.1/arch/mips/mm/fault.c linux-2.6.32.1/arch/mips/mm/fault.c
1774 --- linux-2.6.32.1/arch/mips/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
1775 +++ linux-2.6.32.1/arch/mips/mm/fault.c 2009-12-14 18:33:51.452742593 -0500
1777 #include <asm/ptrace.h>
1778 #include <asm/highmem.h> /* For VMALLOC_END */
1780 +#ifdef CONFIG_PAX_PAGEEXEC
1781 +void pax_report_insns(void *pc)
1785 + printk(KERN_ERR "PAX: bytes at PC: ");
1786 + for (i = 0; i < 5; i++) {
1788 + if (get_user(c, (unsigned int *)pc+i))
1789 + printk(KERN_CONT "???????? ");
1791 + printk(KERN_CONT "%08x ", c);
1798 * This routine handles page faults. It determines the address,
1799 * and the problem, and then passes it off to one of the appropriate
1800 diff -urNp linux-2.6.32.1/arch/mn10300/include/asm/atomic.h linux-2.6.32.1/arch/mn10300/include/asm/atomic.h
1801 --- linux-2.6.32.1/arch/mn10300/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1802 +++ linux-2.6.32.1/arch/mn10300/include/asm/atomic.h 2009-12-14 18:33:51.452742593 -0500
1804 #define atomic_read(v) ((v)->counter)
1807 + * atomic_read_unchecked - read atomic variable
1808 + * @v: pointer of type atomic_unchecked_t
1810 + * Atomically reads the value of @v. Note that the guaranteed
1811 + * useful range of an atomic_unchecked_t is only 24 bits.
1813 +#define atomic_read_unchecked(v) ((v)->counter)
1816 * atomic_set - set atomic variable
1817 * @v: pointer of type atomic_t
1818 * @i: required value
1821 #define atomic_set(v, i) (((v)->counter) = (i))
1824 + * atomic_set_unchecked - set atomic variable
1825 + * @v: pointer of type atomic_unchecked_t
1826 + * @i: required value
1828 + * Atomically sets the value of @v to @i. Note that the guaranteed
1829 + * useful range of an atomic_unchecked_t is only 24 bits.
1831 +#define atomic_set_unchecked(v, i) (((v)->counter) = (i))
1833 #include <asm/system.h>
1836 @@ -99,16 +118,31 @@ static inline void atomic_add(int i, ato
1837 atomic_add_return(i, v);
1840 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
1842 + atomic_add_return(i, (atomic_t *)v);
1845 static inline void atomic_sub(int i, atomic_t *v)
1847 atomic_sub_return(i, v);
1850 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
1852 + atomic_sub_return(i, (atomic_t *)v);
1855 static inline void atomic_inc(atomic_t *v)
1857 atomic_add_return(1, v);
1860 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
1862 + atomic_add_return(1, (atomic_t *)v);
1865 static inline void atomic_dec(atomic_t *v)
1867 atomic_sub_return(1, v);
1868 diff -urNp linux-2.6.32.1/arch/parisc/include/asm/atomic.h linux-2.6.32.1/arch/parisc/include/asm/atomic.h
1869 --- linux-2.6.32.1/arch/parisc/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1870 +++ linux-2.6.32.1/arch/parisc/include/asm/atomic.h 2009-12-14 18:33:51.452742593 -0500
1871 @@ -177,6 +177,18 @@ static __inline__ int __atomic_add_retur
1875 +static __inline__ int __atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
1878 + unsigned long flags;
1879 + _atomic_spin_lock_irqsave(v, flags);
1881 + ret = (v->counter += i);
1883 + _atomic_spin_unlock_irqrestore(v, flags);
1887 static __inline__ void atomic_set(atomic_t *v, int i)
1889 unsigned long flags;
1890 @@ -187,11 +199,26 @@ static __inline__ void atomic_set(atomic
1891 _atomic_spin_unlock_irqrestore(v, flags);
1894 +static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
1896 + unsigned long flags;
1897 + _atomic_spin_lock_irqsave(v, flags);
1901 + _atomic_spin_unlock_irqrestore(v, flags);
1904 static __inline__ int atomic_read(const atomic_t *v)
1909 +static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
1911 + return v->counter;
1914 /* exported interface */
1915 #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
1916 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
1917 @@ -223,8 +250,11 @@ static __inline__ int atomic_add_unless(
1918 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
1920 #define atomic_add(i,v) ((void)(__atomic_add_return( (i),(v))))
1921 +#define atomic_add_unchecked(i,v) ((void)(__atomic_add_return_unchecked( ((i),(v))))
1922 #define atomic_sub(i,v) ((void)(__atomic_add_return(-(i),(v))))
1923 +#define atomic_sub_unchecked(i,v) ((void)(__atomic_add_return_unchecked(-(i),(v))))
1924 #define atomic_inc(v) ((void)(__atomic_add_return( 1,(v))))
1925 +#define atomic_inc_unchecked(v) ((void)(__atomic_add_return_unchecked( 1,(v))))
1926 #define atomic_dec(v) ((void)(__atomic_add_return( -1,(v))))
1928 #define atomic_add_return(i,v) (__atomic_add_return( (i),(v)))
1929 diff -urNp linux-2.6.32.1/arch/parisc/include/asm/elf.h linux-2.6.32.1/arch/parisc/include/asm/elf.h
1930 --- linux-2.6.32.1/arch/parisc/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
1931 +++ linux-2.6.32.1/arch/parisc/include/asm/elf.h 2009-12-14 18:33:51.463795738 -0500
1932 @@ -343,6 +343,13 @@ struct pt_regs; /* forward declaration..
1934 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
1936 +#ifdef CONFIG_PAX_ASLR
1937 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
1939 +#define PAX_DELTA_MMAP_LEN 16
1940 +#define PAX_DELTA_STACK_LEN 16
1943 /* This yields a mask that user programs can use to figure out what
1944 instruction set this CPU supports. This could be done in user space,
1945 but it's not easy, and we've already done it here. */
1946 diff -urNp linux-2.6.32.1/arch/parisc/include/asm/pgtable.h linux-2.6.32.1/arch/parisc/include/asm/pgtable.h
1947 --- linux-2.6.32.1/arch/parisc/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
1948 +++ linux-2.6.32.1/arch/parisc/include/asm/pgtable.h 2009-12-14 18:33:51.463795738 -0500
1949 @@ -207,6 +207,17 @@
1950 #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
1951 #define PAGE_COPY PAGE_EXECREAD
1952 #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
1954 +#ifdef CONFIG_PAX_PAGEEXEC
1955 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
1956 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1957 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1959 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
1960 +# define PAGE_COPY_NOEXEC PAGE_COPY
1961 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
1964 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
1965 #define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
1966 #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
1967 diff -urNp linux-2.6.32.1/arch/parisc/kernel/module.c linux-2.6.32.1/arch/parisc/kernel/module.c
1968 --- linux-2.6.32.1/arch/parisc/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
1969 +++ linux-2.6.32.1/arch/parisc/kernel/module.c 2009-12-14 18:33:51.463795738 -0500
1972 /* three functions to determine where in the module core
1973 * or init pieces the location is */
1974 +static inline int in_init_rx(struct module *me, void *loc)
1976 + return (loc >= me->module_init_rx &&
1977 + loc < (me->module_init_rx + me->init_size_rx));
1980 +static inline int in_init_rw(struct module *me, void *loc)
1982 + return (loc >= me->module_init_rw &&
1983 + loc < (me->module_init_rw + me->init_size_rw));
1986 static inline int in_init(struct module *me, void *loc)
1988 - return (loc >= me->module_init &&
1989 - loc <= (me->module_init + me->init_size));
1990 + return in_init_rx(me, loc) || in_init_rw(me, loc);
1993 +static inline int in_core_rx(struct module *me, void *loc)
1995 + return (loc >= me->module_core_rx &&
1996 + loc < (me->module_core_rx + me->core_size_rx));
1999 +static inline int in_core_rw(struct module *me, void *loc)
2001 + return (loc >= me->module_core_rw &&
2002 + loc < (me->module_core_rw + me->core_size_rw));
2005 static inline int in_core(struct module *me, void *loc)
2007 - return (loc >= me->module_core &&
2008 - loc <= (me->module_core + me->core_size));
2009 + return in_core_rx(me, loc) || in_core_rw(me, loc);
2012 static inline int in_local(struct module *me, void *loc)
2013 @@ -364,13 +386,13 @@ int module_frob_arch_sections(CONST Elf_
2016 /* align things a bit */
2017 - me->core_size = ALIGN(me->core_size, 16);
2018 - me->arch.got_offset = me->core_size;
2019 - me->core_size += gots * sizeof(struct got_entry);
2021 - me->core_size = ALIGN(me->core_size, 16);
2022 - me->arch.fdesc_offset = me->core_size;
2023 - me->core_size += fdescs * sizeof(Elf_Fdesc);
2024 + me->core_size_rw = ALIGN(me->core_size_rw, 16);
2025 + me->arch.got_offset = me->core_size_rw;
2026 + me->core_size_rw += gots * sizeof(struct got_entry);
2028 + me->core_size_rw = ALIGN(me->core_size_rw, 16);
2029 + me->arch.fdesc_offset = me->core_size_rw;
2030 + me->core_size_rw += fdescs * sizeof(Elf_Fdesc);
2032 me->arch.got_max = gots;
2033 me->arch.fdesc_max = fdescs;
2034 @@ -388,7 +410,7 @@ static Elf64_Word get_got(struct module
2038 - got = me->module_core + me->arch.got_offset;
2039 + got = me->module_core_rw + me->arch.got_offset;
2040 for (i = 0; got[i].addr; i++)
2041 if (got[i].addr == value)
2043 @@ -406,7 +428,7 @@ static Elf64_Word get_got(struct module
2045 static Elf_Addr get_fdesc(struct module *me, unsigned long value)
2047 - Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset;
2048 + Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset;
2051 printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
2052 @@ -424,7 +446,7 @@ static Elf_Addr get_fdesc(struct module
2054 /* Create new one */
2055 fdesc->addr = value;
2056 - fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset;
2057 + fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
2058 return (Elf_Addr)fdesc;
2060 #endif /* CONFIG_64BIT */
2061 @@ -848,7 +870,7 @@ register_unwind_table(struct module *me,
2063 table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
2064 end = table + sechdrs[me->arch.unwind_section].sh_size;
2065 - gp = (Elf_Addr)me->module_core + me->arch.got_offset;
2066 + gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
2068 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
2069 me->arch.unwind_section, table, end, gp);
2070 diff -urNp linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c
2071 --- linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c 2009-12-02 22:51:21.000000000 -0500
2072 +++ linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c 2009-12-14 18:33:51.463795738 -0500
2073 @@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
2074 if (flags & MAP_FIXED)
2077 - addr = TASK_UNMAPPED_BASE;
2078 + addr = current->mm->mmap_base;
2081 addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
2082 diff -urNp linux-2.6.32.1/arch/parisc/kernel/traps.c linux-2.6.32.1/arch/parisc/kernel/traps.c
2083 --- linux-2.6.32.1/arch/parisc/kernel/traps.c 2009-12-02 22:51:21.000000000 -0500
2084 +++ linux-2.6.32.1/arch/parisc/kernel/traps.c 2009-12-14 18:33:51.463795738 -0500
2085 @@ -733,9 +733,7 @@ void notrace handle_interruption(int cod
2087 down_read(¤t->mm->mmap_sem);
2088 vma = find_vma(current->mm,regs->iaoq[0]);
2089 - if (vma && (regs->iaoq[0] >= vma->vm_start)
2090 - && (vma->vm_flags & VM_EXEC)) {
2092 + if (vma && (regs->iaoq[0] >= vma->vm_start)) {
2093 fault_address = regs->iaoq[0];
2094 fault_space = regs->iasq[0];
2096 diff -urNp linux-2.6.32.1/arch/parisc/mm/fault.c linux-2.6.32.1/arch/parisc/mm/fault.c
2097 --- linux-2.6.32.1/arch/parisc/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
2098 +++ linux-2.6.32.1/arch/parisc/mm/fault.c 2009-12-14 18:33:51.465187119 -0500
2100 #include <linux/sched.h>
2101 #include <linux/interrupt.h>
2102 #include <linux/module.h>
2103 +#include <linux/unistd.h>
2105 #include <asm/uaccess.h>
2106 #include <asm/traps.h>
2107 @@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, ex
2108 static unsigned long
2109 parisc_acctyp(unsigned long code, unsigned int inst)
2111 - if (code == 6 || code == 16)
2112 + if (code == 6 || code == 7 || code == 16)
2115 switch (inst & 0xf0000000) {
2116 @@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsign
2120 +#ifdef CONFIG_PAX_PAGEEXEC
2122 + * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
2124 + * returns 1 when task should be killed
2125 + * 2 when rt_sigreturn trampoline was detected
2126 + * 3 when unpatched PLT trampoline was detected
2128 +static int pax_handle_fetch_fault(struct pt_regs *regs)
2131 +#ifdef CONFIG_PAX_EMUPLT
2134 + do { /* PaX: unpatched PLT emulation */
2135 + unsigned int bl, depwi;
2137 + err = get_user(bl, (unsigned int *)instruction_pointer(regs));
2138 + err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4));
2143 + if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
2144 + unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
2146 + err = get_user(ldw, (unsigned int *)addr);
2147 + err |= get_user(bv, (unsigned int *)(addr+4));
2148 + err |= get_user(ldw2, (unsigned int *)(addr+8));
2153 + if (ldw == 0x0E801096U &&
2154 + bv == 0xEAC0C000U &&
2155 + ldw2 == 0x0E881095U)
2157 + unsigned int resolver, map;
2159 + err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8));
2160 + err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12));
2164 + regs->gr[20] = instruction_pointer(regs)+8;
2165 + regs->gr[21] = map;
2166 + regs->gr[22] = resolver;
2167 + regs->iaoq[0] = resolver | 3UL;
2168 + regs->iaoq[1] = regs->iaoq[0] + 4;
2175 +#ifdef CONFIG_PAX_EMUTRAMP
2177 +#ifndef CONFIG_PAX_EMUSIGRT
2178 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
2182 + do { /* PaX: rt_sigreturn emulation */
2183 + unsigned int ldi1, ldi2, bel, nop;
2185 + err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
2186 + err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
2187 + err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
2188 + err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
2193 + if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
2194 + ldi2 == 0x3414015AU &&
2195 + bel == 0xE4008200U &&
2196 + nop == 0x08000240U)
2198 + regs->gr[25] = (ldi1 & 2) >> 1;
2199 + regs->gr[20] = __NR_rt_sigreturn;
2200 + regs->gr[31] = regs->iaoq[1] + 16;
2201 + regs->sr[0] = regs->iasq[1];
2202 + regs->iaoq[0] = 0x100UL;
2203 + regs->iaoq[1] = regs->iaoq[0] + 4;
2204 + regs->iasq[0] = regs->sr[2];
2205 + regs->iasq[1] = regs->sr[2];
2214 +void pax_report_insns(void *pc, void *sp)
2218 + printk(KERN_ERR "PAX: bytes at PC: ");
2219 + for (i = 0; i < 5; i++) {
2221 + if (get_user(c, (unsigned int *)pc+i))
2222 + printk(KERN_CONT "???????? ");
2224 + printk(KERN_CONT "%08x ", c);
2230 int fixup_exception(struct pt_regs *regs)
2232 const struct exception_table_entry *fix;
2233 @@ -192,8 +303,33 @@ good_area:
2235 acc_type = parisc_acctyp(code,regs->iir);
2237 - if ((vma->vm_flags & acc_type) != acc_type)
2238 + if ((vma->vm_flags & acc_type) != acc_type) {
2240 +#ifdef CONFIG_PAX_PAGEEXEC
2241 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
2242 + (address & ~3UL) == instruction_pointer(regs))
2244 + up_read(&mm->mmap_sem);
2245 + switch (pax_handle_fetch_fault(regs)) {
2247 +#ifdef CONFIG_PAX_EMUPLT
2252 +#ifdef CONFIG_PAX_EMUTRAMP
2258 + pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]);
2259 + do_group_exit(SIGKILL);
2267 * If for any reason at all we couldn't handle the fault, make
2268 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/atomic.h linux-2.6.32.1/arch/powerpc/include/asm/atomic.h
2269 --- linux-2.6.32.1/arch/powerpc/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
2270 +++ linux-2.6.32.1/arch/powerpc/include/asm/atomic.h 2009-12-14 18:33:51.465187119 -0500
2271 @@ -24,11 +24,21 @@ static __inline__ int atomic_read(const
2275 +static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
2277 + return atomic_read((const atomic_t *)v);
2280 static __inline__ void atomic_set(atomic_t *v, int i)
2282 __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
2285 +static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
2287 + atomic_set((atomic_t *)v, i);
2290 static __inline__ void atomic_add(int a, atomic_t *v)
2293 @@ -44,6 +54,11 @@ static __inline__ void atomic_add(int a,
2297 +static __inline__ void atomic_add_unchecked(int a, atomic_unchecked_t *v)
2299 + atomic_add(a, (atomic_t *)v);
2302 static __inline__ int atomic_add_return(int a, atomic_t *v)
2305 @@ -80,6 +95,11 @@ static __inline__ void atomic_sub(int a,
2309 +static __inline__ void atomic_sub_unchecked(int a, atomic_unchecked_t *v)
2311 + atomic_sub(a, (atomic_t *)v);
2314 static __inline__ int atomic_sub_return(int a, atomic_t *v)
2317 @@ -114,6 +134,11 @@ static __inline__ void atomic_inc(atomic
2321 +static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v)
2323 + atomic_inc((atomic_t *)v);
2326 static __inline__ int atomic_inc_return(atomic_t *v)
2329 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/device.h linux-2.6.32.1/arch/powerpc/include/asm/device.h
2330 --- linux-2.6.32.1/arch/powerpc/include/asm/device.h 2009-12-02 22:51:21.000000000 -0500
2331 +++ linux-2.6.32.1/arch/powerpc/include/asm/device.h 2009-12-14 18:33:51.465187119 -0500
2332 @@ -14,7 +14,7 @@ struct dev_archdata {
2333 struct device_node *of_node;
2335 /* DMA operations on that device */
2336 - struct dma_map_ops *dma_ops;
2337 + const struct dma_map_ops *dma_ops;
2340 * When an iommu is in use, dma_data is used as a ptr to the base of the
2341 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h
2342 --- linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
2343 +++ linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h 2009-12-14 18:33:51.465187119 -0500
2344 @@ -67,11 +67,11 @@ static inline unsigned long device_to_ma
2345 * Available generic sets of operations
2348 -extern struct dma_map_ops dma_iommu_ops;
2349 +extern const struct dma_map_ops dma_iommu_ops;
2351 -extern struct dma_map_ops dma_direct_ops;
2352 +extern const struct dma_map_ops dma_direct_ops;
2354 -static inline struct dma_map_ops *get_dma_ops(struct device *dev)
2355 +static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
2357 /* We don't handle the NULL dev case for ISA for now. We could
2358 * do it via an out of line call but it is not needed for now. The
2359 @@ -84,7 +84,7 @@ static inline struct dma_map_ops *get_dm
2360 return dev->archdata.dma_ops;
2363 -static inline void set_dma_ops(struct device *dev, struct dma_map_ops *ops)
2364 +static inline void set_dma_ops(struct device *dev, const struct dma_map_ops *ops)
2366 dev->archdata.dma_ops = ops;
2368 @@ -118,7 +118,7 @@ static inline void set_dma_offset(struct
2370 static inline int dma_supported(struct device *dev, u64 mask)
2372 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2373 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2375 if (unlikely(dma_ops == NULL))
2377 @@ -132,7 +132,7 @@ static inline int dma_supported(struct d
2379 static inline int dma_set_mask(struct device *dev, u64 dma_mask)
2381 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2382 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2384 if (unlikely(dma_ops == NULL))
2386 @@ -147,7 +147,7 @@ static inline int dma_set_mask(struct de
2387 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
2388 dma_addr_t *dma_handle, gfp_t flag)
2390 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2391 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2395 @@ -162,7 +162,7 @@ static inline void *dma_alloc_coherent(s
2396 static inline void dma_free_coherent(struct device *dev, size_t size,
2397 void *cpu_addr, dma_addr_t dma_handle)
2399 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2400 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2404 @@ -173,7 +173,7 @@ static inline void dma_free_coherent(str
2406 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
2408 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2409 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2411 if (dma_ops->mapping_error)
2412 return dma_ops->mapping_error(dev, dma_addr);
2413 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/elf.h linux-2.6.32.1/arch/powerpc/include/asm/elf.h
2414 --- linux-2.6.32.1/arch/powerpc/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
2415 +++ linux-2.6.32.1/arch/powerpc/include/asm/elf.h 2009-12-14 18:33:51.466181848 -0500
2416 @@ -179,8 +179,19 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E
2417 the loader. We need to make sure that it is out of the way of the program
2418 that it will "exec", and that there is sufficient room for the brk. */
2420 -extern unsigned long randomize_et_dyn(unsigned long base);
2421 -#define ELF_ET_DYN_BASE (randomize_et_dyn(0x20000000))
2422 +#define ELF_ET_DYN_BASE (0x20000000)
2424 +#ifdef CONFIG_PAX_ASLR
2425 +#define PAX_ELF_ET_DYN_BASE (0x10000000UL)
2427 +#ifdef __powerpc64__
2428 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
2429 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
2431 +#define PAX_DELTA_MMAP_LEN 15
2432 +#define PAX_DELTA_STACK_LEN 15
2437 * Our registers are always unsigned longs, whether we're a 32 bit
2438 @@ -279,9 +290,6 @@ extern int arch_setup_additional_pages(s
2439 (0x7ff >> (PAGE_SHIFT - 12)) : \
2440 (0x3ffff >> (PAGE_SHIFT - 12)))
2442 -extern unsigned long arch_randomize_brk(struct mm_struct *mm);
2443 -#define arch_randomize_brk arch_randomize_brk
2445 #endif /* __KERNEL__ */
2448 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h
2449 --- linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
2450 +++ linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h 2009-12-14 18:33:51.466181848 -0500
2451 @@ -26,6 +26,7 @@ enum km_type {
2459 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/page_64.h linux-2.6.32.1/arch/powerpc/include/asm/page_64.h
2460 --- linux-2.6.32.1/arch/powerpc/include/asm/page_64.h 2009-12-02 22:51:21.000000000 -0500
2461 +++ linux-2.6.32.1/arch/powerpc/include/asm/page_64.h 2009-12-14 18:33:51.466181848 -0500
2462 @@ -180,15 +180,18 @@ do { \
2463 * stack by default, so in the absense of a PT_GNU_STACK program header
2464 * we turn execute permission off.
2466 -#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
2467 - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2468 +#define VM_STACK_DEFAULT_FLAGS32 \
2469 + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
2470 + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2472 #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
2473 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2475 +#ifndef CONFIG_PAX_PAGEEXEC
2476 #define VM_STACK_DEFAULT_FLAGS \
2477 (test_thread_flag(TIF_32BIT) ? \
2478 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
2481 #include <asm-generic/getorder.h>
2483 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/page.h linux-2.6.32.1/arch/powerpc/include/asm/page.h
2484 --- linux-2.6.32.1/arch/powerpc/include/asm/page.h 2009-12-02 22:51:21.000000000 -0500
2485 +++ linux-2.6.32.1/arch/powerpc/include/asm/page.h 2009-12-14 18:33:51.466181848 -0500
2486 @@ -116,8 +116,9 @@ extern phys_addr_t kernstart_addr;
2487 * and needs to be executable. This means the whole heap ends
2488 * up being executable.
2490 -#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
2491 - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2492 +#define VM_DATA_DEFAULT_FLAGS32 \
2493 + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
2494 + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2496 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
2497 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2498 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/pci.h linux-2.6.32.1/arch/powerpc/include/asm/pci.h
2499 --- linux-2.6.32.1/arch/powerpc/include/asm/pci.h 2009-12-02 22:51:21.000000000 -0500
2500 +++ linux-2.6.32.1/arch/powerpc/include/asm/pci.h 2009-12-14 18:33:51.467183109 -0500
2501 @@ -65,8 +65,8 @@ static inline int pci_get_legacy_ide_irq
2505 -extern void set_pci_dma_ops(struct dma_map_ops *dma_ops);
2506 -extern struct dma_map_ops *get_pci_dma_ops(void);
2507 +extern void set_pci_dma_ops(const struct dma_map_ops *dma_ops);
2508 +extern const struct dma_map_ops *get_pci_dma_ops(void);
2509 #else /* CONFIG_PCI */
2510 #define set_pci_dma_ops(d)
2511 #define get_pci_dma_ops() NULL
2512 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h
2513 --- linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h 2009-12-02 22:51:21.000000000 -0500
2514 +++ linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h 2009-12-14 18:33:51.467183109 -0500
2515 @@ -123,11 +123,11 @@ extern unsigned long bad_call_to_PMD_PAG
2517 #define PAGE_NONE __pgprot(_PAGE_BASE)
2518 #define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW)
2519 -#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC)
2520 +#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC | _PAGE_HWEXEC)
2521 #define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER)
2522 -#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
2523 +#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
2524 #define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER)
2525 -#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
2526 +#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
2528 #define __P000 PAGE_NONE
2529 #define __P001 PAGE_READONLY
2530 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h
2531 --- linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h 2009-12-02 22:51:21.000000000 -0500
2532 +++ linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h 2009-12-14 18:33:51.467183109 -0500
2534 #define _PAGE_FILE 0x004 /* when !present: nonlinear file mapping */
2535 #define _PAGE_USER 0x004 /* usermode access allowed */
2536 #define _PAGE_GUARDED 0x008 /* G: prohibit speculative access */
2537 +#define _PAGE_HWEXEC _PAGE_GUARDED
2538 #define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
2539 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
2540 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
2541 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/reg.h linux-2.6.32.1/arch/powerpc/include/asm/reg.h
2542 --- linux-2.6.32.1/arch/powerpc/include/asm/reg.h 2009-12-02 22:51:21.000000000 -0500
2543 +++ linux-2.6.32.1/arch/powerpc/include/asm/reg.h 2009-12-14 18:33:51.467183109 -0500
2545 #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
2546 #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
2547 #define DSISR_NOHPTE 0x40000000 /* no translation found */
2548 +#define DSISR_GUARDED 0x10000000 /* fetch from guarded storage */
2549 #define DSISR_PROTFAULT 0x08000000 /* protection fault */
2550 #define DSISR_ISSTORE 0x02000000 /* access was a store */
2551 #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
2552 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h
2553 --- linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h 2009-12-02 22:51:21.000000000 -0500
2554 +++ linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h 2009-12-14 18:33:51.467183109 -0500
2557 #include <linux/swiotlb.h>
2559 -extern struct dma_map_ops swiotlb_dma_ops;
2560 +extern const struct dma_map_ops swiotlb_dma_ops;
2562 static inline void dma_mark_clean(void *addr, size_t size) {}
2564 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h
2565 --- linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
2566 +++ linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h 2009-12-14 18:33:51.468177656 -0500
2567 @@ -327,52 +327,6 @@ do { \
2568 extern unsigned long __copy_tofrom_user(void __user *to,
2569 const void __user *from, unsigned long size);
2571 -#ifndef __powerpc64__
2573 -static inline unsigned long copy_from_user(void *to,
2574 - const void __user *from, unsigned long n)
2576 - unsigned long over;
2578 - if (access_ok(VERIFY_READ, from, n))
2579 - return __copy_tofrom_user((__force void __user *)to, from, n);
2580 - if ((unsigned long)from < TASK_SIZE) {
2581 - over = (unsigned long)from + n - TASK_SIZE;
2582 - return __copy_tofrom_user((__force void __user *)to, from,
2588 -static inline unsigned long copy_to_user(void __user *to,
2589 - const void *from, unsigned long n)
2591 - unsigned long over;
2593 - if (access_ok(VERIFY_WRITE, to, n))
2594 - return __copy_tofrom_user(to, (__force void __user *)from, n);
2595 - if ((unsigned long)to < TASK_SIZE) {
2596 - over = (unsigned long)to + n - TASK_SIZE;
2597 - return __copy_tofrom_user(to, (__force void __user *)from,
2603 -#else /* __powerpc64__ */
2605 -#define __copy_in_user(to, from, size) \
2606 - __copy_tofrom_user((to), (from), (size))
2608 -extern unsigned long copy_from_user(void *to, const void __user *from,
2610 -extern unsigned long copy_to_user(void __user *to, const void *from,
2612 -extern unsigned long copy_in_user(void __user *to, const void __user *from,
2615 -#endif /* __powerpc64__ */
2617 static inline unsigned long __copy_from_user_inatomic(void *to,
2618 const void __user *from, unsigned long n)
2620 @@ -396,6 +350,10 @@ static inline unsigned long __copy_from_
2625 + if (!__builtin_constant_p(n))
2626 + check_object_size(to, n, false);
2628 return __copy_tofrom_user((__force void __user *)to, from, n);
2631 @@ -422,6 +380,10 @@ static inline unsigned long __copy_to_us
2636 + if (!__builtin_constant_p(n))
2637 + check_object_size(from, n, true);
2639 return __copy_tofrom_user(to, (__force const void __user *)from, n);
2642 @@ -439,6 +401,92 @@ static inline unsigned long __copy_to_us
2643 return __copy_to_user_inatomic(to, from, size);
2646 +#ifndef __powerpc64__
2648 +static inline unsigned long __must_check copy_from_user(void *to,
2649 + const void __user *from, unsigned long n)
2651 + unsigned long over;
2656 + if (access_ok(VERIFY_READ, from, n)) {
2657 + if (!__builtin_constant_p(n))
2658 + check_object_size(to, n, false);
2659 + return __copy_tofrom_user((__force void __user *)to, from, n);
2661 + if ((unsigned long)from < TASK_SIZE) {
2662 + over = (unsigned long)from + n - TASK_SIZE;
2663 + if (!__builtin_constant_p(n - over))
2664 + check_object_size(to, n - over, false);
2665 + return __copy_tofrom_user((__force void __user *)to, from,
2671 +static inline unsigned long __must_check copy_to_user(void __user *to,
2672 + const void *from, unsigned long n)
2674 + unsigned long over;
2679 + if (access_ok(VERIFY_WRITE, to, n)) {
2680 + if (!__builtin_constant_p(n))
2681 + check_object_size(from, n, true);
2682 + return __copy_tofrom_user(to, (__force void __user *)from, n);
2684 + if ((unsigned long)to < TASK_SIZE) {
2685 + over = (unsigned long)to + n - TASK_SIZE;
2686 + if (!__builtin_constant_p(n))
2687 + check_object_size(from, n - over, true);
2688 + return __copy_tofrom_user(to, (__force void __user *)from,
2694 +#else /* __powerpc64__ */
2696 +#define __copy_in_user(to, from, size) \
2697 + __copy_tofrom_user((to), (from), (size))
2699 +static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
2701 + if ((long)n < 0 || n > INT_MAX)
2704 + if (!__builtin_constant_p(n))
2705 + check_object_size(to, n, false);
2707 + if (likely(access_ok(VERIFY_READ, from, n)))
2708 + n = __copy_from_user(to, from, n);
2714 +static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
2716 + if ((long)n < 0 || n > INT_MAX)
2719 + if (likely(access_ok(VERIFY_WRITE, to, n))) {
2720 + if (!__builtin_constant_p(n))
2721 + check_object_size(from, n, true);
2722 + n = __copy_to_user(to, from, n);
2727 +extern unsigned long copy_in_user(void __user *to, const void __user *from,
2730 +#endif /* __powerpc64__ */
2732 extern unsigned long __clear_user(void __user *addr, unsigned long size);
2734 static inline unsigned long clear_user(void __user *addr, unsigned long size)
2735 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c
2736 --- linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c 2009-12-02 22:51:21.000000000 -0500
2737 +++ linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c 2009-12-14 18:33:51.468716909 -0500
2738 @@ -642,7 +642,7 @@ static struct kobj_attribute *cache_inde
2742 -static struct sysfs_ops cache_index_ops = {
2743 +static const struct sysfs_ops cache_index_ops = {
2744 .show = cache_index_show,
2747 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/dma.c linux-2.6.32.1/arch/powerpc/kernel/dma.c
2748 --- linux-2.6.32.1/arch/powerpc/kernel/dma.c 2009-12-02 22:51:21.000000000 -0500
2749 +++ linux-2.6.32.1/arch/powerpc/kernel/dma.c 2009-12-14 18:33:51.468716909 -0500
2750 @@ -134,7 +134,7 @@ static inline void dma_direct_sync_singl
2754 -struct dma_map_ops dma_direct_ops = {
2755 +const struct dma_map_ops dma_direct_ops = {
2756 .alloc_coherent = dma_direct_alloc_coherent,
2757 .free_coherent = dma_direct_free_coherent,
2758 .map_sg = dma_direct_map_sg,
2759 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c
2760 --- linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c 2009-12-02 22:51:21.000000000 -0500
2761 +++ linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c 2009-12-14 18:33:51.468716909 -0500
2762 @@ -89,7 +89,7 @@ static int dma_iommu_dma_supported(struc
2766 -struct dma_map_ops dma_iommu_ops = {
2767 +const struct dma_map_ops dma_iommu_ops = {
2768 .alloc_coherent = dma_iommu_alloc_coherent,
2769 .free_coherent = dma_iommu_free_coherent,
2770 .map_sg = dma_iommu_map_sg,
2771 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c
2772 --- linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c 2009-12-02 22:51:21.000000000 -0500
2773 +++ linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c 2009-12-14 18:33:51.468716909 -0500
2774 @@ -31,7 +31,7 @@ unsigned int ppc_swiotlb_enable;
2775 * map_page, and unmap_page on highmem, use normal dma_ops
2776 * for everything else.
2778 -struct dma_map_ops swiotlb_dma_ops = {
2779 +const struct dma_map_ops swiotlb_dma_ops = {
2780 .alloc_coherent = dma_direct_alloc_coherent,
2781 .free_coherent = dma_direct_free_coherent,
2782 .map_sg = swiotlb_map_sg_attrs,
2783 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c
2784 --- linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c 2009-12-02 22:51:21.000000000 -0500
2785 +++ linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c 2009-12-14 18:33:51.468716909 -0500
2786 @@ -127,7 +127,7 @@ static int ibmebus_dma_supported(struct
2790 -static struct dma_map_ops ibmebus_dma_ops = {
2791 +static const struct dma_map_ops ibmebus_dma_ops = {
2792 .alloc_coherent = ibmebus_alloc_coherent,
2793 .free_coherent = ibmebus_free_coherent,
2794 .map_sg = ibmebus_map_sg,
2795 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/kgdb.c linux-2.6.32.1/arch/powerpc/kernel/kgdb.c
2796 --- linux-2.6.32.1/arch/powerpc/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
2797 +++ linux-2.6.32.1/arch/powerpc/kernel/kgdb.c 2009-12-14 18:33:51.468716909 -0500
2798 @@ -126,7 +126,7 @@ static int kgdb_handle_breakpoint(struct
2799 if (kgdb_handle_exception(0, SIGTRAP, 0, regs) != 0)
2802 - if (*(u32 *) (regs->nip) == *(u32 *) (&arch_kgdb_ops.gdb_bpt_instr))
2803 + if (*(u32 *) (regs->nip) == *(const u32 *) (&arch_kgdb_ops.gdb_bpt_instr))
2807 @@ -353,7 +353,7 @@ int kgdb_arch_handle_exception(int vecto
2811 -struct kgdb_arch arch_kgdb_ops = {
2812 +const struct kgdb_arch arch_kgdb_ops = {
2813 .gdb_bpt_instr = {0x7d, 0x82, 0x10, 0x08},
2816 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/module_32.c linux-2.6.32.1/arch/powerpc/kernel/module_32.c
2817 --- linux-2.6.32.1/arch/powerpc/kernel/module_32.c 2009-12-02 22:51:21.000000000 -0500
2818 +++ linux-2.6.32.1/arch/powerpc/kernel/module_32.c 2009-12-14 18:33:51.468716909 -0500
2819 @@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
2820 me->arch.core_plt_section = i;
2822 if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
2823 - printk("Module doesn't contain .plt or .init.plt sections.\n");
2824 + printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
2828 @@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
2830 DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
2831 /* Init, or core PLT? */
2832 - if (location >= mod->module_core
2833 - && location < mod->module_core + mod->core_size)
2834 + if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
2835 + (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
2836 entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
2838 + else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
2839 + (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
2840 entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
2842 + printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
2846 /* Find this entry, or if that fails, the next avail. entry */
2847 while (entry->jump[0]) {
2848 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/pci-common.c linux-2.6.32.1/arch/powerpc/kernel/pci-common.c
2849 --- linux-2.6.32.1/arch/powerpc/kernel/pci-common.c 2009-12-02 22:51:21.000000000 -0500
2850 +++ linux-2.6.32.1/arch/powerpc/kernel/pci-common.c 2009-12-14 18:33:51.494725296 -0500
2851 @@ -50,14 +50,14 @@ resource_size_t isa_mem_base;
2852 unsigned int ppc_pci_flags = 0;
2855 -static struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2856 +static const struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2858 -void set_pci_dma_ops(struct dma_map_ops *dma_ops)
2859 +void set_pci_dma_ops(const struct dma_map_ops *dma_ops)
2861 pci_dma_ops = dma_ops;
2864 -struct dma_map_ops *get_pci_dma_ops(void)
2865 +const struct dma_map_ops *get_pci_dma_ops(void)
2869 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/process.c linux-2.6.32.1/arch/powerpc/kernel/process.c
2870 --- linux-2.6.32.1/arch/powerpc/kernel/process.c 2009-12-02 22:51:21.000000000 -0500
2871 +++ linux-2.6.32.1/arch/powerpc/kernel/process.c 2009-12-14 18:33:51.495818460 -0500
2872 @@ -1153,51 +1153,3 @@ unsigned long arch_align_stack(unsigned
2873 sp -= get_random_int() & ~PAGE_MASK;
2877 -static inline unsigned long brk_rnd(void)
2879 - unsigned long rnd = 0;
2881 - /* 8MB for 32bit, 1GB for 64bit */
2882 - if (is_32bit_task())
2883 - rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
2885 - rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
2887 - return rnd << PAGE_SHIFT;
2890 -unsigned long arch_randomize_brk(struct mm_struct *mm)
2892 - unsigned long base = mm->brk;
2893 - unsigned long ret;
2895 -#ifdef CONFIG_PPC_STD_MMU_64
2897 - * If we are using 1TB segments and we are allowed to randomise
2898 - * the heap, we can put it above 1TB so it is backed by a 1TB
2899 - * segment. Otherwise the heap will be in the bottom 1TB
2900 - * which always uses 256MB segments and this may result in a
2901 - * performance penalty.
2903 - if (!is_32bit_task() && (mmu_highuser_ssize == MMU_SEGSIZE_1T))
2904 - base = max_t(unsigned long, mm->brk, 1UL << SID_SHIFT_1T);
2907 - ret = PAGE_ALIGN(base + brk_rnd());
2909 - if (ret < mm->brk)
2915 -unsigned long randomize_et_dyn(unsigned long base)
2917 - unsigned long ret = PAGE_ALIGN(base + brk_rnd());
2924 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/signal_32.c linux-2.6.32.1/arch/powerpc/kernel/signal_32.c
2925 --- linux-2.6.32.1/arch/powerpc/kernel/signal_32.c 2009-12-02 22:51:21.000000000 -0500
2926 +++ linux-2.6.32.1/arch/powerpc/kernel/signal_32.c 2009-12-14 18:33:51.496785316 -0500
2927 @@ -857,7 +857,7 @@ int handle_rt_signal32(unsigned long sig
2928 /* Save user registers on the stack */
2929 frame = &rt_sf->uc.uc_mcontext;
2931 - if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
2932 + if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2933 if (save_user_regs(regs, frame, 0, 1))
2935 regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
2936 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/signal_64.c linux-2.6.32.1/arch/powerpc/kernel/signal_64.c
2937 --- linux-2.6.32.1/arch/powerpc/kernel/signal_64.c 2009-12-02 22:51:21.000000000 -0500
2938 +++ linux-2.6.32.1/arch/powerpc/kernel/signal_64.c 2009-12-14 18:33:51.496785316 -0500
2939 @@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct
2940 current->thread.fpscr.val = 0;
2942 /* Set up to return from userspace. */
2943 - if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
2944 + if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2945 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
2947 err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
2948 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c
2949 --- linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c 2009-12-02 22:51:21.000000000 -0500
2950 +++ linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c 2009-12-14 18:33:51.496785316 -0500
2951 @@ -563,10 +563,10 @@ asmlinkage long compat_sys_sysctl(struct
2954 if (get_user(oldlen, oldlenp) ||
2955 - put_user(oldlen, (compat_size_t __user *)compat_ptr(tmp.oldlenp)))
2956 + put_user(oldlen, (compat_size_t __user *)compat_ptr(tmp.oldlenp)) ||
2957 + copy_to_user(args->__unused, tmp.__unused, sizeof(tmp.__unused)))
2960 - copy_to_user(args->__unused, tmp.__unused, sizeof(tmp.__unused));
2964 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/vdso.c linux-2.6.32.1/arch/powerpc/kernel/vdso.c
2965 --- linux-2.6.32.1/arch/powerpc/kernel/vdso.c 2009-12-02 22:51:21.000000000 -0500
2966 +++ linux-2.6.32.1/arch/powerpc/kernel/vdso.c 2009-12-14 18:33:51.498049630 -0500
2968 #include <asm/firmware.h>
2969 #include <asm/vdso.h>
2970 #include <asm/vdso_datapage.h>
2971 +#include <asm/mman.h>
2975 @@ -220,7 +221,7 @@ int arch_setup_additional_pages(struct l
2976 vdso_base = VDSO32_MBASE;
2979 - current->mm->context.vdso_base = 0;
2980 + current->mm->context.vdso_base = ~0UL;
2982 /* vDSO has a problem and was disabled, just don't "enable" it for the
2984 @@ -240,7 +241,7 @@ int arch_setup_additional_pages(struct l
2985 vdso_base = get_unmapped_area(NULL, vdso_base,
2986 (vdso_pages << PAGE_SHIFT) +
2987 ((VDSO_ALIGNMENT - 1) & PAGE_MASK),
2989 + 0, MAP_PRIVATE | MAP_EXECUTABLE);
2990 if (IS_ERR_VALUE(vdso_base)) {
2993 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/vio.c linux-2.6.32.1/arch/powerpc/kernel/vio.c
2994 --- linux-2.6.32.1/arch/powerpc/kernel/vio.c 2009-12-02 22:51:21.000000000 -0500
2995 +++ linux-2.6.32.1/arch/powerpc/kernel/vio.c 2009-12-14 18:33:51.498797053 -0500
2996 @@ -601,6 +601,7 @@ static void vio_dma_iommu_unmap_sg(struc
2997 vio_cmo_dealloc(viodev, alloc_size);
3000 +/* cannot be const */
3001 struct dma_map_ops vio_dma_mapping_ops = {
3002 .alloc_coherent = vio_dma_iommu_alloc_coherent,
3003 .free_coherent = vio_dma_iommu_free_coherent,
3004 diff -urNp linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c
3005 --- linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c 2009-12-02 22:51:21.000000000 -0500
3006 +++ linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c 2009-12-14 18:33:51.498797053 -0500
3008 #include <linux/module.h>
3009 #include <asm/uaccess.h>
3011 -unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
3013 - if (likely(access_ok(VERIFY_READ, from, n)))
3014 - n = __copy_from_user(to, from, n);
3020 -unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
3022 - if (likely(access_ok(VERIFY_WRITE, to, n)))
3023 - n = __copy_to_user(to, from, n);
3027 unsigned long copy_in_user(void __user *to, const void __user *from,
3030 @@ -35,7 +19,5 @@ unsigned long copy_in_user(void __user *
3034 -EXPORT_SYMBOL(copy_from_user);
3035 -EXPORT_SYMBOL(copy_to_user);
3036 EXPORT_SYMBOL(copy_in_user);
3038 diff -urNp linux-2.6.32.1/arch/powerpc/mm/fault.c linux-2.6.32.1/arch/powerpc/mm/fault.c
3039 --- linux-2.6.32.1/arch/powerpc/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
3040 +++ linux-2.6.32.1/arch/powerpc/mm/fault.c 2009-12-14 18:33:51.498797053 -0500
3042 #include <linux/kprobes.h>
3043 #include <linux/kdebug.h>
3044 #include <linux/perf_event.h>
3045 +#include <linux/slab.h>
3046 +#include <linux/pagemap.h>
3047 +#include <linux/compiler.h>
3048 +#include <linux/unistd.h>
3050 #include <asm/firmware.h>
3051 #include <asm/page.h>
3053 #include <asm/uaccess.h>
3054 #include <asm/tlbflush.h>
3055 #include <asm/siginfo.h>
3056 +#include <asm/ptrace.h>
3059 #ifdef CONFIG_KPROBES
3060 @@ -64,6 +69,33 @@ static inline int notify_page_fault(stru
3064 +#ifdef CONFIG_PAX_PAGEEXEC
3066 + * PaX: decide what to do with offenders (regs->nip = fault address)
3068 + * returns 1 when task should be killed
3070 +static int pax_handle_fetch_fault(struct pt_regs *regs)
3075 +void pax_report_insns(void *pc, void *sp)
3079 + printk(KERN_ERR "PAX: bytes at PC: ");
3080 + for (i = 0; i < 5; i++) {
3082 + if (get_user(c, (unsigned int *)pc+i))
3083 + printk(KERN_CONT "???????? ");
3085 + printk(KERN_CONT "%08x ", c);
3092 * Check whether the instruction at regs->nip is a store using
3093 * an update addressing form which will update r1.
3094 @@ -134,7 +166,7 @@ int __kprobes do_page_fault(struct pt_re
3095 * indicate errors in DSISR but can validly be set in SRR1.
3098 - error_code &= 0x48200000;
3099 + error_code &= 0x58200000;
3101 is_write = error_code & DSISR_ISSTORE;
3103 @@ -250,7 +282,7 @@ good_area:
3104 * "undefined". Of those that can be set, this is the only
3105 * one which seems bad.
3107 - if (error_code & 0x10000000)
3108 + if (error_code & DSISR_GUARDED)
3109 /* Guarded storage error. */
3111 #endif /* CONFIG_8xx */
3112 @@ -265,7 +297,7 @@ good_area:
3113 * processors use the same I/D cache coherency mechanism
3116 - if (error_code & DSISR_PROTFAULT)
3117 + if (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))
3119 #endif /* CONFIG_PPC_STD_MMU */
3121 @@ -335,6 +367,23 @@ bad_area:
3122 bad_area_nosemaphore:
3123 /* User mode accesses cause a SIGSEGV */
3124 if (user_mode(regs)) {
3126 +#ifdef CONFIG_PAX_PAGEEXEC
3127 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
3128 +#ifdef CONFIG_PPC_STD_MMU
3129 + if (is_exec && (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))) {
3131 + if (is_exec && regs->nip == address) {
3133 + switch (pax_handle_fetch_fault(regs)) {
3136 + pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]);
3137 + do_group_exit(SIGKILL);
3142 _exception(SIGSEGV, regs, code, address);
3145 diff -urNp linux-2.6.32.1/arch/powerpc/mm/mmap_64.c linux-2.6.32.1/arch/powerpc/mm/mmap_64.c
3146 --- linux-2.6.32.1/arch/powerpc/mm/mmap_64.c 2009-12-02 22:51:21.000000000 -0500
3147 +++ linux-2.6.32.1/arch/powerpc/mm/mmap_64.c 2009-12-14 18:33:51.498797053 -0500
3148 @@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_str
3150 if (mmap_is_legacy()) {
3151 mm->mmap_base = TASK_UNMAPPED_BASE;
3153 +#ifdef CONFIG_PAX_RANDMMAP
3154 + if (mm->pax_flags & MF_PAX_RANDMMAP)
3155 + mm->mmap_base += mm->delta_mmap;
3158 mm->get_unmapped_area = arch_get_unmapped_area;
3159 mm->unmap_area = arch_unmap_area;
3161 mm->mmap_base = mmap_base();
3163 +#ifdef CONFIG_PAX_RANDMMAP
3164 + if (mm->pax_flags & MF_PAX_RANDMMAP)
3165 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
3168 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
3169 mm->unmap_area = arch_unmap_area_topdown;
3171 diff -urNp linux-2.6.32.1/arch/powerpc/mm/slice.c linux-2.6.32.1/arch/powerpc/mm/slice.c
3172 --- linux-2.6.32.1/arch/powerpc/mm/slice.c 2009-12-02 22:51:21.000000000 -0500
3173 +++ linux-2.6.32.1/arch/powerpc/mm/slice.c 2009-12-14 18:33:51.499879436 -0500
3174 @@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un
3175 if (fixed && addr > (mm->task_size - len))
3178 +#ifdef CONFIG_PAX_RANDMMAP
3179 + if (!fixed && (mm->pax_flags & MF_PAX_RANDMMAP))
3183 /* If hint, make sure it matches our alignment restrictions */
3184 if (!fixed && addr) {
3185 addr = _ALIGN_UP(addr, 1ul << pshift);
3186 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c
3187 --- linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c 2009-12-02 22:51:21.000000000 -0500
3188 +++ linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c 2009-12-14 18:33:51.520200853 -0500
3189 @@ -235,7 +235,7 @@ static void lite5200_pm_end(void)
3190 lite5200_pm_target_state = PM_SUSPEND_ON;
3193 -static struct platform_suspend_ops lite5200_pm_ops = {
3194 +static const struct platform_suspend_ops lite5200_pm_ops = {
3195 .valid = lite5200_pm_valid,
3196 .begin = lite5200_pm_begin,
3197 .prepare = lite5200_pm_prepare,
3198 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c
3199 --- linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2009-12-02 22:51:21.000000000 -0500
3200 +++ linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2009-12-14 18:33:51.520887334 -0500
3201 @@ -180,7 +180,7 @@ void mpc52xx_pm_finish(void)
3205 -static struct platform_suspend_ops mpc52xx_pm_ops = {
3206 +static const struct platform_suspend_ops mpc52xx_pm_ops = {
3207 .valid = mpc52xx_pm_valid,
3208 .prepare = mpc52xx_pm_prepare,
3209 .enter = mpc52xx_pm_enter,
3210 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c
3211 --- linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c 2009-12-02 22:51:21.000000000 -0500
3212 +++ linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c 2009-12-14 18:33:51.520887334 -0500
3213 @@ -273,7 +273,7 @@ static int mpc83xx_is_pci_agent(void)
3217 -static struct platform_suspend_ops mpc83xx_suspend_ops = {
3218 +static const struct platform_suspend_ops mpc83xx_suspend_ops = {
3219 .valid = mpc83xx_suspend_valid,
3220 .begin = mpc83xx_suspend_begin,
3221 .enter = mpc83xx_suspend_enter,
3222 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c
3223 --- linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c 2009-12-02 22:51:21.000000000 -0500
3224 +++ linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c 2009-12-14 18:33:51.520887334 -0500
3225 @@ -642,7 +642,7 @@ static int dma_fixed_dma_supported(struc
3227 static int dma_set_mask_and_switch(struct device *dev, u64 dma_mask);
3229 -struct dma_map_ops dma_iommu_fixed_ops = {
3230 +const struct dma_map_ops dma_iommu_fixed_ops = {
3231 .alloc_coherent = dma_fixed_alloc_coherent,
3232 .free_coherent = dma_fixed_free_coherent,
3233 .map_sg = dma_fixed_map_sg,
3234 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c
3235 --- linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c 2009-12-02 22:51:21.000000000 -0500
3236 +++ linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c 2009-12-14 18:33:51.536181929 -0500
3237 @@ -694,7 +694,7 @@ static int ps3_dma_supported(struct devi
3238 return mask >= DMA_BIT_MASK(32);
3241 -static struct dma_map_ops ps3_sb_dma_ops = {
3242 +static const struct dma_map_ops ps3_sb_dma_ops = {
3243 .alloc_coherent = ps3_alloc_coherent,
3244 .free_coherent = ps3_free_coherent,
3245 .map_sg = ps3_sb_map_sg,
3246 @@ -704,7 +704,7 @@ static struct dma_map_ops ps3_sb_dma_ops
3247 .unmap_page = ps3_unmap_page,
3250 -static struct dma_map_ops ps3_ioc0_dma_ops = {
3251 +static const struct dma_map_ops ps3_ioc0_dma_ops = {
3252 .alloc_coherent = ps3_alloc_coherent,
3253 .free_coherent = ps3_free_coherent,
3254 .map_sg = ps3_ioc0_map_sg,
3255 diff -urNp linux-2.6.32.1/arch/s390/include/asm/atomic.h linux-2.6.32.1/arch/s390/include/asm/atomic.h
3256 --- linux-2.6.32.1/arch/s390/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
3257 +++ linux-2.6.32.1/arch/s390/include/asm/atomic.h 2009-12-14 18:33:51.536779990 -0500
3258 @@ -61,19 +61,31 @@ static inline int atomic_read(const atom
3262 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
3264 + return atomic_read((const atomic_t *)v);
3267 static inline void atomic_set(atomic_t *v, int i)
3273 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
3275 + atomic_set((atomic_t *)v, i);
3278 static inline int atomic_add_return(int i, atomic_t *v)
3280 return __CS_LOOP(v, i, "ar");
3282 #define atomic_add(_i, _v) atomic_add_return(_i, _v)
3283 +#define atomic_add_unchecked(_i, _v) atomic_add((_i), (atomic_t *)(_v))
3284 #define atomic_add_negative(_i, _v) (atomic_add_return(_i, _v) < 0)
3285 #define atomic_inc(_v) atomic_add_return(1, _v)
3286 +#define atomic_inc_unchecked(_v) atomic_inc((atomic_t *)(_v))
3287 #define atomic_inc_return(_v) atomic_add_return(1, _v)
3288 #define atomic_inc_and_test(_v) (atomic_add_return(1, _v) == 0)
3290 @@ -82,6 +94,7 @@ static inline int atomic_sub_return(int
3291 return __CS_LOOP(v, i, "sr");
3293 #define atomic_sub(_i, _v) atomic_sub_return(_i, _v)
3294 +#define atomic_sub_unchecked(_i, _v) atomic_sub((_i), (atomic_t *)(_v))
3295 #define atomic_sub_and_test(_i, _v) (atomic_sub_return(_i, _v) == 0)
3296 #define atomic_dec(_v) atomic_sub_return(1, _v)
3297 #define atomic_dec_return(_v) atomic_sub_return(1, _v)
3298 diff -urNp linux-2.6.32.1/arch/s390/include/asm/uaccess.h linux-2.6.32.1/arch/s390/include/asm/uaccess.h
3299 --- linux-2.6.32.1/arch/s390/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
3300 +++ linux-2.6.32.1/arch/s390/include/asm/uaccess.h 2009-12-14 18:33:51.536779990 -0500
3301 @@ -232,6 +232,10 @@ static inline unsigned long __must_check
3302 copy_to_user(void __user *to, const void *from, unsigned long n)
3309 if (access_ok(VERIFY_WRITE, to, n))
3310 n = __copy_to_user(to, from, n);
3312 @@ -257,6 +261,9 @@ copy_to_user(void __user *to, const void
3313 static inline unsigned long __must_check
3314 __copy_from_user(void *to, const void __user *from, unsigned long n)
3319 if (__builtin_constant_p(n) && (n <= 256))
3320 return uaccess.copy_from_user_small(n, from, to);
3322 @@ -283,6 +290,10 @@ static inline unsigned long __must_check
3323 copy_from_user(void *to, const void __user *from, unsigned long n)
3330 if (access_ok(VERIFY_READ, from, n))
3331 n = __copy_from_user(to, from, n);
3333 diff -urNp linux-2.6.32.1/arch/s390/kernel/module.c linux-2.6.32.1/arch/s390/kernel/module.c
3334 --- linux-2.6.32.1/arch/s390/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
3335 +++ linux-2.6.32.1/arch/s390/kernel/module.c 2009-12-14 18:33:51.536779990 -0500
3336 @@ -166,11 +166,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr,
3338 /* Increase core size by size of got & plt and set start
3339 offsets for got and plt. */
3340 - me->core_size = ALIGN(me->core_size, 4);
3341 - me->arch.got_offset = me->core_size;
3342 - me->core_size += me->arch.got_size;
3343 - me->arch.plt_offset = me->core_size;
3344 - me->core_size += me->arch.plt_size;
3345 + me->core_size_rw = ALIGN(me->core_size_rw, 4);
3346 + me->arch.got_offset = me->core_size_rw;
3347 + me->core_size_rw += me->arch.got_size;
3348 + me->arch.plt_offset = me->core_size_rx;
3349 + me->core_size_rx += me->arch.plt_size;
3353 @@ -256,7 +256,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3354 if (info->got_initialized == 0) {
3357 - gotent = me->module_core + me->arch.got_offset +
3358 + gotent = me->module_core_rw + me->arch.got_offset +
3361 info->got_initialized = 1;
3362 @@ -280,7 +280,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3363 else if (r_type == R_390_GOTENT ||
3364 r_type == R_390_GOTPLTENT)
3365 *(unsigned int *) loc =
3366 - (val + (Elf_Addr) me->module_core - loc) >> 1;
3367 + (val + (Elf_Addr) me->module_core_rw - loc) >> 1;
3368 else if (r_type == R_390_GOT64 ||
3369 r_type == R_390_GOTPLT64)
3370 *(unsigned long *) loc = val;
3371 @@ -294,7 +294,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3372 case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */
3373 if (info->plt_initialized == 0) {
3375 - ip = me->module_core + me->arch.plt_offset +
3376 + ip = me->module_core_rx + me->arch.plt_offset +
3378 #ifndef CONFIG_64BIT
3379 ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */
3380 @@ -319,7 +319,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3381 val - loc + 0xffffUL < 0x1ffffeUL) ||
3382 (r_type == R_390_PLT32DBL &&
3383 val - loc + 0xffffffffULL < 0x1fffffffeULL)))
3384 - val = (Elf_Addr) me->module_core +
3385 + val = (Elf_Addr) me->module_core_rx +
3386 me->arch.plt_offset +
3388 val += rela->r_addend - loc;
3389 @@ -341,7 +341,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3390 case R_390_GOTOFF32: /* 32 bit offset to GOT. */
3391 case R_390_GOTOFF64: /* 64 bit offset to GOT. */
3392 val = val + rela->r_addend -
3393 - ((Elf_Addr) me->module_core + me->arch.got_offset);
3394 + ((Elf_Addr) me->module_core_rw + me->arch.got_offset);
3395 if (r_type == R_390_GOTOFF16)
3396 *(unsigned short *) loc = val;
3397 else if (r_type == R_390_GOTOFF32)
3398 @@ -351,7 +351,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3400 case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */
3401 case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */
3402 - val = (Elf_Addr) me->module_core + me->arch.got_offset +
3403 + val = (Elf_Addr) me->module_core_rw + me->arch.got_offset +
3404 rela->r_addend - loc;
3405 if (r_type == R_390_GOTPC)
3406 *(unsigned int *) loc = val;
3407 diff -urNp linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c
3408 --- linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c 2009-12-02 22:51:21.000000000 -0500
3409 +++ linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c 2009-12-14 18:33:51.536779990 -0500
3410 @@ -143,7 +143,7 @@ static int hp6x0_pm_enter(suspend_state_
3414 -static struct platform_suspend_ops hp6x0_pm_ops = {
3415 +static const struct platform_suspend_ops hp6x0_pm_ops = {
3416 .enter = hp6x0_pm_enter,
3417 .valid = suspend_valid_only_mem,
3419 diff -urNp linux-2.6.32.1/arch/sh/include/asm/atomic.h linux-2.6.32.1/arch/sh/include/asm/atomic.h
3420 --- linux-2.6.32.1/arch/sh/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
3421 +++ linux-2.6.32.1/arch/sh/include/asm/atomic.h 2009-12-14 18:33:51.536779990 -0500
3423 #define ATOMIC_INIT(i) ( (atomic_t) { (i) } )
3425 #define atomic_read(v) ((v)->counter)
3426 +#define atomic_read_unchecked(v) ((v)->counter)
3427 #define atomic_set(v,i) ((v)->counter = (i))
3428 +#define atomic_set_unchecked(v,i) ((v)->counter = (i))
3430 #if defined(CONFIG_GUSA_RB)
3431 #include <asm/atomic-grb.h>
3433 #define atomic_dec_and_test(v) (atomic_sub_return(1, (v)) == 0)
3435 #define atomic_inc(v) atomic_add(1,(v))
3436 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
3437 +#define atomic_add_unchecked(i,v) atomic_add((i),(atomic_t *)(v))
3438 +#define atomic_sub_unchecked(i,v) atomic_sub((i),(atomic_t *)(v))
3439 #define atomic_dec(v) atomic_sub(1,(v))
3441 #if !defined(CONFIG_GUSA_RB) && !defined(CONFIG_CPU_SH4A)
3442 diff -urNp linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c
3443 --- linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c 2009-12-02 22:51:21.000000000 -0500
3444 +++ linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c 2009-12-14 18:33:51.538190752 -0500
3445 @@ -327,7 +327,7 @@ static struct attribute *sq_sysfs_attrs[
3449 -static struct sysfs_ops sq_sysfs_ops = {
3450 +static const struct sysfs_ops sq_sysfs_ops = {
3451 .show = sq_sysfs_show,
3452 .store = sq_sysfs_store,
3454 diff -urNp linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c
3455 --- linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c 2009-12-02 22:51:21.000000000 -0500
3456 +++ linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c 2009-12-14 18:33:51.538190752 -0500
3457 @@ -58,7 +58,7 @@ static int sh_pm_enter(suspend_state_t s
3461 -static struct platform_suspend_ops sh_pm_ops = {
3462 +static const struct platform_suspend_ops sh_pm_ops = {
3463 .enter = sh_pm_enter,
3464 .valid = suspend_valid_only_mem,
3466 diff -urNp linux-2.6.32.1/arch/sh/kernel/kgdb.c linux-2.6.32.1/arch/sh/kernel/kgdb.c
3467 --- linux-2.6.32.1/arch/sh/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
3468 +++ linux-2.6.32.1/arch/sh/kernel/kgdb.c 2009-12-14 18:33:51.548195505 -0500
3469 @@ -271,7 +271,7 @@ void kgdb_arch_exit(void)
3473 -struct kgdb_arch arch_kgdb_ops = {
3474 +const struct kgdb_arch arch_kgdb_ops = {
3475 /* Breakpoint instruction: trapa #0x3c */
3476 #ifdef CONFIG_CPU_LITTLE_ENDIAN
3477 .gdb_bpt_instr = { 0x3c, 0xc3 },
3478 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h
3479 --- linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h 2009-12-02 22:51:21.000000000 -0500
3480 +++ linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h 2009-12-14 18:33:51.548195505 -0500
3481 @@ -24,12 +24,17 @@ extern int atomic_cmpxchg(atomic_t *, in
3482 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
3483 extern int atomic_add_unless(atomic_t *, int, int);
3484 extern void atomic_set(atomic_t *, int);
3485 +extern void atomic_set_unchecked(atomic_unchecked_t *, int);
3487 #define atomic_read(v) ((v)->counter)
3488 +#define atomic_read_unchecked(v) ((v)->counter)
3490 #define atomic_add(i, v) ((void)__atomic_add_return( (int)(i), (v)))
3491 +#define atomic_add_unchecked(i, v) atomic_add((i), (atomic_t *)(v))
3492 #define atomic_sub(i, v) ((void)__atomic_add_return(-(int)(i), (v)))
3493 +#define atomic_sub_unchecked(i, v) atomic_sub((i), (atomic_t *)(v))
3494 #define atomic_inc(v) ((void)__atomic_add_return( 1, (v)))
3495 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
3496 #define atomic_dec(v) ((void)__atomic_add_return( -1, (v)))
3498 #define atomic_add_return(i, v) (__atomic_add_return( (int)(i), (v)))
3499 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h
3500 --- linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h 2009-12-02 22:51:21.000000000 -0500
3501 +++ linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h 2009-12-14 18:33:51.549188129 -0500
3503 #define ATOMIC64_INIT(i) { (i) }
3505 #define atomic_read(v) ((v)->counter)
3506 +#define atomic_read_unchecked(v) ((v)->counter)
3507 #define atomic64_read(v) ((v)->counter)
3509 #define atomic_set(v, i) (((v)->counter) = i)
3510 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
3511 #define atomic64_set(v, i) (((v)->counter) = i)
3513 extern void atomic_add(int, atomic_t *);
3514 +extern void atomic_add_unchecked(int, atomic_unchecked_t *);
3515 extern void atomic64_add(int, atomic64_t *);
3516 extern void atomic_sub(int, atomic_t *);
3517 +extern void atomic_sub_unchecked(int, atomic_unchecked_t *);
3518 extern void atomic64_sub(int, atomic64_t *);
3520 extern int atomic_add_ret(int, atomic_t *);
3521 @@ -59,6 +63,7 @@ extern int atomic64_sub_ret(int, atomic6
3522 #define atomic64_dec_and_test(v) (atomic64_sub_ret(1, v) == 0)
3524 #define atomic_inc(v) atomic_add(1, v)
3525 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1, v)
3526 #define atomic64_inc(v) atomic64_add(1, v)
3528 #define atomic_dec(v) atomic_sub(1, v)
3529 @@ -72,17 +77,28 @@ extern int atomic64_sub_ret(int, atomic6
3531 static inline int atomic_add_unless(atomic_t *v, int a, int u)
3537 - if (unlikely(c == (u)))
3538 + if (unlikely(c == u))
3540 - old = atomic_cmpxchg((v), c, c + (a));
3542 + asm volatile("addcc %2, %0, %0\n"
3544 +#ifdef CONFIG_PAX_REFCOUNT
3549 + : "0" (c), "ir" (a)
3552 + old = atomic_cmpxchg(v, c, new);
3553 if (likely(old == c))
3561 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
3562 @@ -93,17 +109,28 @@ static inline int atomic_add_unless(atom
3564 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
3568 c = atomic64_read(v);
3570 - if (unlikely(c == (u)))
3571 + if (unlikely(c == u))
3573 - old = atomic64_cmpxchg((v), c, c + (a));
3575 + asm volatile("addcc %2, %0, %0\n"
3577 +#ifdef CONFIG_PAX_REFCOUNT
3582 + : "0" (c), "ir" (a)
3585 + old = atomic64_cmpxchg(v, c, new);
3586 if (likely(old == c))
3594 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
3595 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h
3596 --- linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
3597 +++ linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h 2009-12-14 18:33:51.549188129 -0500
3598 @@ -14,10 +14,10 @@ extern int dma_set_mask(struct device *d
3599 #define dma_free_noncoherent(d, s, v, h) dma_free_coherent(d, s, v, h)
3600 #define dma_is_consistent(d, h) (1)
3602 -extern struct dma_map_ops *dma_ops, pci32_dma_ops;
3603 +extern struct const dma_map_ops *dma_ops, pci32_dma_ops;
3604 extern struct bus_type pci_bus_type;
3606 -static inline struct dma_map_ops *get_dma_ops(struct device *dev)
3607 +static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
3609 #if defined(CONFIG_SPARC32) && defined(CONFIG_PCI)
3610 if (dev->bus == &pci_bus_type)
3611 @@ -31,7 +31,7 @@ static inline struct dma_map_ops *get_dm
3612 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
3613 dma_addr_t *dma_handle, gfp_t flag)
3615 - struct dma_map_ops *ops = get_dma_ops(dev);
3616 + const struct dma_map_ops *ops = get_dma_ops(dev);
3619 cpu_addr = ops->alloc_coherent(dev, size, dma_handle, flag);
3620 @@ -42,7 +42,7 @@ static inline void *dma_alloc_coherent(s
3621 static inline void dma_free_coherent(struct device *dev, size_t size,
3622 void *cpu_addr, dma_addr_t dma_handle)
3624 - struct dma_map_ops *ops = get_dma_ops(dev);
3625 + const struct dma_map_ops *ops = get_dma_ops(dev);
3627 debug_dma_free_coherent(dev, size, cpu_addr, dma_handle);
3628 ops->free_coherent(dev, size, cpu_addr, dma_handle);
3629 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/elf_32.h linux-2.6.32.1/arch/sparc/include/asm/elf_32.h
3630 --- linux-2.6.32.1/arch/sparc/include/asm/elf_32.h 2009-12-02 22:51:21.000000000 -0500
3631 +++ linux-2.6.32.1/arch/sparc/include/asm/elf_32.h 2009-12-14 18:33:51.549188129 -0500
3632 @@ -116,6 +116,13 @@ typedef struct {
3634 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE)
3636 +#ifdef CONFIG_PAX_ASLR
3637 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
3639 +#define PAX_DELTA_MMAP_LEN 16
3640 +#define PAX_DELTA_STACK_LEN 16
3643 /* This yields a mask that user programs can use to figure out what
3644 instruction set this cpu supports. This can NOT be done in userspace
3646 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/elf_64.h linux-2.6.32.1/arch/sparc/include/asm/elf_64.h
3647 --- linux-2.6.32.1/arch/sparc/include/asm/elf_64.h 2009-12-02 22:51:21.000000000 -0500
3648 +++ linux-2.6.32.1/arch/sparc/include/asm/elf_64.h 2009-12-14 18:33:51.549188129 -0500
3649 @@ -163,6 +163,12 @@ typedef struct {
3650 #define ELF_ET_DYN_BASE 0x0000010000000000UL
3651 #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL
3653 +#ifdef CONFIG_PAX_ASLR
3654 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL)
3656 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 14 : 28 )
3657 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 15 : 29 )
3660 /* This yields a mask that user programs can use to figure out what
3661 instruction set this cpu supports. */
3662 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h
3663 --- linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h 2009-12-02 22:51:21.000000000 -0500
3664 +++ linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h 2009-12-14 18:33:51.549188129 -0500
3665 @@ -43,6 +43,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd)
3666 BTFIXUPDEF_INT(page_none)
3667 BTFIXUPDEF_INT(page_copy)
3668 BTFIXUPDEF_INT(page_readonly)
3670 +#ifdef CONFIG_PAX_PAGEEXEC
3671 +BTFIXUPDEF_INT(page_shared_noexec)
3672 +BTFIXUPDEF_INT(page_copy_noexec)
3673 +BTFIXUPDEF_INT(page_readonly_noexec)
3676 BTFIXUPDEF_INT(page_kernel)
3678 #define PMD_SHIFT SUN4C_PMD_SHIFT
3679 @@ -64,6 +71,16 @@ extern pgprot_t PAGE_SHARED;
3680 #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy))
3681 #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly))
3683 +#ifdef CONFIG_PAX_PAGEEXEC
3684 +extern pgprot_t PAGE_SHARED_NOEXEC;
3685 +# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec))
3686 +# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec))
3688 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
3689 +# define PAGE_COPY_NOEXEC PAGE_COPY
3690 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
3693 extern unsigned long page_kernel;
3696 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h
3697 --- linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h 2009-12-02 22:51:21.000000000 -0500
3698 +++ linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h 2009-12-14 18:33:51.550193388 -0500
3699 @@ -115,6 +115,13 @@
3700 SRMMU_EXEC | SRMMU_REF)
3701 #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \
3702 SRMMU_EXEC | SRMMU_REF)
3704 +#ifdef CONFIG_PAX_PAGEEXEC
3705 +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF)
3706 +#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
3707 +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
3710 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
3711 SRMMU_DIRTY | SRMMU_REF)
3713 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h
3714 --- linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h 2009-12-02 22:51:21.000000000 -0500
3715 +++ linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h 2009-12-14 18:33:51.550193388 -0500
3716 @@ -99,7 +99,12 @@ static void inline arch_read_lock(raw_rw
3717 __asm__ __volatile__ (
3718 "1: ldsw [%2], %0\n"
3720 -"4: add %0, 1, %1\n"
3721 +"4: addcc %0, 1, %1\n"
3723 +#ifdef CONFIG_PAX_REFCOUNT
3727 " cas [%2], %0, %1\n"
3729 " bne,pn %%icc, 1b\n"
3730 @@ -112,7 +117,7 @@ static void inline arch_read_lock(raw_rw
3732 : "=&r" (tmp1), "=&r" (tmp2)
3735 + : "memory", "cc");
3738 static int inline arch_read_trylock(raw_rwlock_t *lock)
3739 @@ -123,7 +128,12 @@ static int inline arch_read_trylock(raw_
3740 "1: ldsw [%2], %0\n"
3741 " brlz,a,pn %0, 2f\n"
3744 +" addcc %0, 1, %1\n"
3746 +#ifdef CONFIG_PAX_REFCOUNT
3750 " cas [%2], %0, %1\n"
3752 " bne,pn %%icc, 1b\n"
3753 @@ -142,7 +152,12 @@ static void inline arch_read_unlock(raw_
3755 __asm__ __volatile__(
3756 "1: lduw [%2], %0\n"
3758 +" subcc %0, 1, %1\n"
3760 +#ifdef CONFIG_PAX_REFCOUNT
3764 " cas [%2], %0, %1\n"
3766 " bne,pn %%xcc, 1b\n"
3767 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h
3768 --- linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h 2009-12-02 22:51:21.000000000 -0500
3769 +++ linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h 2009-12-14 18:33:51.550193388 -0500
3770 @@ -249,27 +249,46 @@ extern unsigned long __copy_user(void __
3772 static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
3774 - if (n && __access_ok((unsigned long) to, n))
3778 + if (n && __access_ok((unsigned long) to, n)) {
3779 + if (!__builtin_constant_p(n))
3780 + check_object_size(from, n, true);
3781 return __copy_user(to, (__force void __user *) from, n);
3787 static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n)
3792 + if (!__builtin_constant_p(n))
3793 + check_object_size(from, n, true);
3795 return __copy_user(to, (__force void __user *) from, n);
3798 static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
3800 - if (n && __access_ok((unsigned long) from, n))
3804 + if (n && __access_ok((unsigned long) from, n)) {
3805 + if (!__builtin_constant_p(n))
3806 + check_object_size(to, n, false);
3807 return __copy_user((__force void __user *) to, from, n);
3813 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
3818 return __copy_user((__force void __user *) to, from, n);
3821 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h
3822 --- linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h 2009-12-02 22:51:21.000000000 -0500
3823 +++ linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h 2009-12-14 18:33:51.551190193 -0500
3824 @@ -212,8 +212,15 @@ extern unsigned long copy_from_user_fixu
3825 static inline unsigned long __must_check
3826 copy_from_user(void *to, const void __user *from, unsigned long size)
3828 - unsigned long ret = ___copy_from_user(to, from, size);
3829 + unsigned long ret;
3831 + if ((long)size < 0 || size > INT_MAX)
3834 + if (!__builtin_constant_p(size))
3835 + check_object_size(to, size, false);
3837 + ret = ___copy_from_user(to, from, size);
3839 ret = copy_from_user_fixup(to, from, size);
3841 @@ -228,8 +235,15 @@ extern unsigned long copy_to_user_fixup(
3842 static inline unsigned long __must_check
3843 copy_to_user(void __user *to, const void *from, unsigned long size)
3845 - unsigned long ret = ___copy_to_user(to, from, size);
3846 + unsigned long ret;
3848 + if ((long)size < 0 || size > INT_MAX)
3851 + if (!__builtin_constant_p(size))
3852 + check_object_size(from, size, true);
3854 + ret = ___copy_to_user(to, from, size);
3856 ret = copy_to_user_fixup(to, from, size);
3858 diff -urNp linux-2.6.32.1/arch/sparc/kernel/iommu.c linux-2.6.32.1/arch/sparc/kernel/iommu.c
3859 --- linux-2.6.32.1/arch/sparc/kernel/iommu.c 2009-12-02 22:51:21.000000000 -0500
3860 +++ linux-2.6.32.1/arch/sparc/kernel/iommu.c 2009-12-14 18:33:51.555212162 -0500
3861 @@ -826,7 +826,7 @@ static void dma_4u_sync_sg_for_cpu(struc
3862 spin_unlock_irqrestore(&iommu->lock, flags);
3865 -static struct dma_map_ops sun4u_dma_ops = {
3866 +static const struct dma_map_ops sun4u_dma_ops = {
3867 .alloc_coherent = dma_4u_alloc_coherent,
3868 .free_coherent = dma_4u_free_coherent,
3869 .map_page = dma_4u_map_page,
3870 @@ -837,7 +837,7 @@ static struct dma_map_ops sun4u_dma_ops
3871 .sync_sg_for_cpu = dma_4u_sync_sg_for_cpu,
3874 -struct dma_map_ops *dma_ops = &sun4u_dma_ops;
3875 +const struct dma_map_ops *dma_ops = &sun4u_dma_ops;
3876 EXPORT_SYMBOL(dma_ops);
3878 extern int pci64_dma_supported(struct pci_dev *pdev, u64 device_mask);
3879 diff -urNp linux-2.6.32.1/arch/sparc/kernel/ioport.c linux-2.6.32.1/arch/sparc/kernel/ioport.c
3880 --- linux-2.6.32.1/arch/sparc/kernel/ioport.c 2009-12-02 22:51:21.000000000 -0500
3881 +++ linux-2.6.32.1/arch/sparc/kernel/ioport.c 2009-12-14 18:33:51.555212162 -0500
3882 @@ -392,7 +392,7 @@ static void sbus_sync_sg_for_device(stru
3886 -struct dma_map_ops sbus_dma_ops = {
3887 +const struct dma_map_ops sbus_dma_ops = {
3888 .alloc_coherent = sbus_alloc_coherent,
3889 .free_coherent = sbus_free_coherent,
3890 .map_page = sbus_map_page,
3891 @@ -403,7 +403,7 @@ struct dma_map_ops sbus_dma_ops = {
3892 .sync_sg_for_device = sbus_sync_sg_for_device,
3895 -struct dma_map_ops *dma_ops = &sbus_dma_ops;
3896 +const struct dma_map_ops *dma_ops = &sbus_dma_ops;
3897 EXPORT_SYMBOL(dma_ops);
3899 static int __init sparc_register_ioport(void)
3900 @@ -640,7 +640,7 @@ static void pci32_sync_sg_for_device(str
3904 -struct dma_map_ops pci32_dma_ops = {
3905 +const struct dma_map_ops pci32_dma_ops = {
3906 .alloc_coherent = pci32_alloc_coherent,
3907 .free_coherent = pci32_free_coherent,
3908 .map_page = pci32_map_page,
3909 diff -urNp linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c
3910 --- linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c 2009-12-02 22:51:21.000000000 -0500
3911 +++ linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c 2009-12-14 18:33:51.556186027 -0500
3912 @@ -158,7 +158,7 @@ void kgdb_arch_exit(void)
3916 -struct kgdb_arch arch_kgdb_ops = {
3917 +const struct kgdb_arch arch_kgdb_ops = {
3918 /* Breakpoint instruction: ta 0x7d */
3919 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x7d },
3921 diff -urNp linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c
3922 --- linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c 2009-12-02 22:51:21.000000000 -0500
3923 +++ linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c 2009-12-14 18:33:51.556186027 -0500
3924 @@ -180,7 +180,7 @@ void kgdb_arch_exit(void)
3928 -struct kgdb_arch arch_kgdb_ops = {
3929 +const struct kgdb_arch arch_kgdb_ops = {
3930 /* Breakpoint instruction: ta 0x72 */
3931 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x72 },
3933 diff -urNp linux-2.6.32.1/arch/sparc/kernel/Makefile linux-2.6.32.1/arch/sparc/kernel/Makefile
3934 --- linux-2.6.32.1/arch/sparc/kernel/Makefile 2009-12-02 22:51:21.000000000 -0500
3935 +++ linux-2.6.32.1/arch/sparc/kernel/Makefile 2009-12-14 18:33:51.556186027 -0500
3940 -ccflags-y := -Werror
3941 +#ccflags-y := -Werror
3943 extra-y := head_$(BITS).o
3944 extra-y += init_task.o
3945 diff -urNp linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c
3946 --- linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c 2009-12-02 22:51:21.000000000 -0500
3947 +++ linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c 2009-12-14 18:33:51.556186027 -0500
3948 @@ -525,7 +525,7 @@ static void dma_4v_unmap_sg(struct devic
3949 spin_unlock_irqrestore(&iommu->lock, flags);
3952 -static struct dma_map_ops sun4v_dma_ops = {
3953 +static const struct dma_map_ops sun4v_dma_ops = {
3954 .alloc_coherent = dma_4v_alloc_coherent,
3955 .free_coherent = dma_4v_free_coherent,
3956 .map_page = dma_4v_map_page,
3957 diff -urNp linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c
3958 --- linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c 2009-12-02 22:51:21.000000000 -0500
3959 +++ linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c 2009-12-14 18:33:51.556186027 -0500
3960 @@ -56,7 +56,7 @@ unsigned long arch_get_unmapped_area(str
3961 if (ARCH_SUN4C && len > 0x20000000)
3964 - addr = TASK_UNMAPPED_BASE;
3965 + addr = current->mm->mmap_base;
3967 if (flags & MAP_SHARED)
3968 addr = COLOUR_ALIGN(addr);
3969 diff -urNp linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c
3970 --- linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c 2009-12-02 22:51:21.000000000 -0500
3971 +++ linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c 2009-12-14 18:33:51.557187999 -0500
3972 @@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str
3973 /* We do not accept a shared mapping if it would violate
3974 * cache aliasing constraints.
3976 - if ((flags & MAP_SHARED) &&
3977 + if ((filp || (flags & MAP_SHARED)) &&
3978 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
3981 @@ -140,6 +140,10 @@ unsigned long arch_get_unmapped_area(str
3982 if (filp || (flags & MAP_SHARED))
3985 +#ifdef CONFIG_PAX_RANDMMAP
3986 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
3991 addr = COLOUR_ALIGN(addr, pgoff);
3992 @@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str
3995 if (len > mm->cached_hole_size) {
3996 - start_addr = addr = mm->free_area_cache;
3997 + start_addr = addr = mm->free_area_cache;
3999 - start_addr = addr = TASK_UNMAPPED_BASE;
4000 + start_addr = addr = mm->mmap_base;
4001 mm->cached_hole_size = 0;
4004 @@ -175,8 +179,8 @@ full_search:
4005 vma = find_vma(mm, VA_EXCLUDE_END);
4007 if (unlikely(task_size < addr)) {
4008 - if (start_addr != TASK_UNMAPPED_BASE) {
4009 - start_addr = addr = TASK_UNMAPPED_BASE;
4010 + if (start_addr != mm->mmap_base) {
4011 + start_addr = addr = mm->mmap_base;
4012 mm->cached_hole_size = 0;
4015 @@ -216,7 +220,7 @@ arch_get_unmapped_area_topdown(struct fi
4016 /* We do not accept a shared mapping if it would violate
4017 * cache aliasing constraints.
4019 - if ((flags & MAP_SHARED) &&
4020 + if ((filp || (flags & MAP_SHARED)) &&
4021 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
4024 @@ -380,6 +384,12 @@ void arch_pick_mmap_layout(struct mm_str
4025 current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY ||
4026 sysctl_legacy_va_layout) {
4027 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
4029 +#ifdef CONFIG_PAX_RANDMMAP
4030 + if (mm->pax_flags & MF_PAX_RANDMMAP)
4031 + mm->mmap_base += mm->delta_mmap;
4034 mm->get_unmapped_area = arch_get_unmapped_area;
4035 mm->unmap_area = arch_unmap_area;
4037 @@ -394,6 +404,12 @@ void arch_pick_mmap_layout(struct mm_str
4038 gap = (task_size / 6 * 5);
4040 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
4042 +#ifdef CONFIG_PAX_RANDMMAP
4043 + if (mm->pax_flags & MF_PAX_RANDMMAP)
4044 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
4047 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
4048 mm->unmap_area = arch_unmap_area_topdown;
4050 diff -urNp linux-2.6.32.1/arch/sparc/kernel/traps_64.c linux-2.6.32.1/arch/sparc/kernel/traps_64.c
4051 --- linux-2.6.32.1/arch/sparc/kernel/traps_64.c 2009-12-02 22:51:21.000000000 -0500
4052 +++ linux-2.6.32.1/arch/sparc/kernel/traps_64.c 2009-12-14 18:33:51.562806947 -0500
4053 @@ -93,6 +93,12 @@ void bad_trap(struct pt_regs *regs, long
4056 if (regs->tstate & TSTATE_PRIV) {
4058 +#ifdef CONFIG_PAX_REFCOUNT
4060 + pax_report_refcount_overflow(regs);
4063 sprintf(buffer, "Kernel bad sw trap %lx", lvl);
4064 die_if_kernel(buffer, regs);
4066 @@ -111,11 +117,16 @@ void bad_trap(struct pt_regs *regs, long
4067 void bad_trap_tl1(struct pt_regs *regs, long lvl)
4072 if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs,
4073 0, lvl, SIGTRAP) == NOTIFY_STOP)
4076 +#ifdef CONFIG_PAX_REFCOUNT
4078 + pax_report_refcount_overflow(regs);
4081 dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
4083 sprintf (buffer, "Bad trap %lx at tl>0", lvl);
4084 diff -urNp linux-2.6.32.1/arch/sparc/lib/atomic32.c linux-2.6.32.1/arch/sparc/lib/atomic32.c
4085 --- linux-2.6.32.1/arch/sparc/lib/atomic32.c 2009-12-02 22:51:21.000000000 -0500
4086 +++ linux-2.6.32.1/arch/sparc/lib/atomic32.c 2009-12-14 18:33:51.562806947 -0500
4087 @@ -80,6 +80,12 @@ void atomic_set(atomic_t *v, int i)
4089 EXPORT_SYMBOL(atomic_set);
4091 +void atomic_set_unchecked(atomic_unchecked_t *v, int i)
4093 + atomic_set((atomic_t *)v, i);
4095 +EXPORT_SYMBOL(atomic_set_unchecked);
4097 unsigned long ___set_bit(unsigned long *addr, unsigned long mask)
4099 unsigned long old, flags;
4100 diff -urNp linux-2.6.32.1/arch/sparc/lib/atomic_64.S linux-2.6.32.1/arch/sparc/lib/atomic_64.S
4101 --- linux-2.6.32.1/arch/sparc/lib/atomic_64.S 2009-12-02 22:51:21.000000000 -0500
4102 +++ linux-2.6.32.1/arch/sparc/lib/atomic_64.S 2009-12-14 18:33:51.562806947 -0500
4104 atomic_add: /* %o0 = increment, %o1 = atomic_ptr */
4108 + addcc %g1, %o0, %g7
4110 +#ifdef CONFIG_PAX_REFCOUNT
4117 @@ -28,12 +33,32 @@ atomic_add: /* %o0 = increment, %o1 = at
4118 2: BACKOFF_SPIN(%o2, %o3, 1b)
4119 .size atomic_add, .-atomic_add
4121 + .globl atomic_add_unchecked
4122 + .type atomic_add_unchecked,#function
4123 +atomic_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
4124 + BACKOFF_SETUP(%o2)
4127 + cas [%o1], %g1, %g7
4133 +2: BACKOFF_SPIN(%o2, %o3, 1b)
4134 + .size atomic_add_unchecked, .-atomic_add_unchecked
4137 .type atomic_sub,#function
4138 atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */
4142 + subcc %g1, %o0, %g7
4144 +#ifdef CONFIG_PAX_REFCOUNT
4151 @@ -43,12 +68,32 @@ atomic_sub: /* %o0 = decrement, %o1 = at
4152 2: BACKOFF_SPIN(%o2, %o3, 1b)
4153 .size atomic_sub, .-atomic_sub
4155 + .globl atomic_sub_unchecked
4156 + .type atomic_sub_unchecked,#function
4157 +atomic_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */
4158 + BACKOFF_SETUP(%o2)
4161 + cas [%o1], %g1, %g7
4167 +2: BACKOFF_SPIN(%o2, %o3, 1b)
4168 + .size atomic_sub_unchecked, .-atomic_sub_unchecked
4170 .globl atomic_add_ret
4171 .type atomic_add_ret,#function
4172 atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
4176 + addcc %g1, %o0, %g7
4178 +#ifdef CONFIG_PAX_REFCOUNT
4185 @@ -64,7 +109,12 @@ atomic_add_ret: /* %o0 = increment, %o1
4186 atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
4190 + subcc %g1, %o0, %g7
4192 +#ifdef CONFIG_PAX_REFCOUNT
4199 @@ -80,7 +130,12 @@ atomic_sub_ret: /* %o0 = decrement, %o1
4200 atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */
4204 + addcc %g1, %o0, %g7
4206 +#ifdef CONFIG_PAX_REFCOUNT
4210 casx [%o1], %g1, %g7
4213 @@ -95,7 +150,12 @@ atomic64_add: /* %o0 = increment, %o1 =
4214 atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */
4218 + subcc %g1, %o0, %g7
4220 +#ifdef CONFIG_PAX_REFCOUNT
4224 casx [%o1], %g1, %g7
4227 @@ -110,7 +170,12 @@ atomic64_sub: /* %o0 = decrement, %o1 =
4228 atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
4232 + addcc %g1, %o0, %g7
4234 +#ifdef CONFIG_PAX_REFCOUNT
4238 casx [%o1], %g1, %g7
4241 @@ -126,7 +191,12 @@ atomic64_add_ret: /* %o0 = increment, %o
4242 atomic64_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
4246 + subcc %g1, %o0, %g7
4248 +#ifdef CONFIG_PAX_REFCOUNT
4252 casx [%o1], %g1, %g7
4255 diff -urNp linux-2.6.32.1/arch/sparc/lib/ksyms.c linux-2.6.32.1/arch/sparc/lib/ksyms.c
4256 --- linux-2.6.32.1/arch/sparc/lib/ksyms.c 2009-12-02 22:51:21.000000000 -0500
4257 +++ linux-2.6.32.1/arch/sparc/lib/ksyms.c 2009-12-14 18:33:51.564188549 -0500
4258 @@ -144,8 +144,10 @@ EXPORT_SYMBOL(__downgrade_write);
4260 /* Atomic counter implementation. */
4261 EXPORT_SYMBOL(atomic_add);
4262 +EXPORT_SYMBOL(atomic_add_unchecked);
4263 EXPORT_SYMBOL(atomic_add_ret);
4264 EXPORT_SYMBOL(atomic_sub);
4265 +EXPORT_SYMBOL(atomic_sub_unchecked);
4266 EXPORT_SYMBOL(atomic_sub_ret);
4267 EXPORT_SYMBOL(atomic64_add);
4268 EXPORT_SYMBOL(atomic64_add_ret);
4269 diff -urNp linux-2.6.32.1/arch/sparc/lib/rwsem_64.S linux-2.6.32.1/arch/sparc/lib/rwsem_64.S
4270 --- linux-2.6.32.1/arch/sparc/lib/rwsem_64.S 2009-12-02 22:51:21.000000000 -0500
4271 +++ linux-2.6.32.1/arch/sparc/lib/rwsem_64.S 2009-12-14 18:33:51.564188549 -0500
4279 +#ifdef CONFIG_PAX_REFCOUNT
4286 @@ -33,7 +38,12 @@ __down_read:
4287 .globl __down_read_trylock
4288 __down_read_trylock:
4293 +#ifdef CONFIG_PAX_REFCOUNT
4300 @@ -51,7 +61,12 @@ __down_write:
4301 or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1
4305 + addcc %g3, %g1, %g7
4307 +#ifdef CONFIG_PAX_REFCOUNT
4314 @@ -77,7 +92,12 @@ __down_write_trylock:
4319 + addcc %g3, %g1, %g7
4321 +#ifdef CONFIG_PAX_REFCOUNT
4328 @@ -90,7 +110,12 @@ __down_write_trylock:
4335 +#ifdef CONFIG_PAX_REFCOUNT
4342 @@ -118,7 +143,12 @@ __up_write:
4343 or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1
4347 + subcc %g3, %g1, %g7
4349 +#ifdef CONFIG_PAX_REFCOUNT
4356 @@ -143,7 +173,12 @@ __downgrade_write:
4357 or %g1, %lo(RWSEM_WAITING_BIAS), %g1
4361 + subcc %g3, %g1, %g7
4363 +#ifdef CONFIG_PAX_REFCOUNT
4370 diff -urNp linux-2.6.32.1/arch/sparc/Makefile linux-2.6.32.1/arch/sparc/Makefile
4371 --- linux-2.6.32.1/arch/sparc/Makefile 2009-12-02 22:51:21.000000000 -0500
4372 +++ linux-2.6.32.1/arch/sparc/Makefile 2009-12-14 18:33:51.564188549 -0500
4373 @@ -73,7 +73,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
4374 # Export what is needed by arch/sparc/boot/Makefile
4375 export VMLINUX_INIT VMLINUX_MAIN
4376 VMLINUX_INIT := $(head-y) $(init-y)
4377 -VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
4378 +VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
4379 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
4380 VMLINUX_MAIN += $(drivers-y) $(net-y)
4382 diff -urNp linux-2.6.32.1/arch/sparc/mm/fault_32.c linux-2.6.32.1/arch/sparc/mm/fault_32.c
4383 --- linux-2.6.32.1/arch/sparc/mm/fault_32.c 2009-12-02 22:51:21.000000000 -0500
4384 +++ linux-2.6.32.1/arch/sparc/mm/fault_32.c 2009-12-14 18:33:51.565074152 -0500
4386 #include <linux/interrupt.h>
4387 #include <linux/module.h>
4388 #include <linux/kdebug.h>
4389 +#include <linux/slab.h>
4390 +#include <linux/pagemap.h>
4391 +#include <linux/compiler.h>
4393 #include <asm/system.h>
4394 #include <asm/page.h>
4395 @@ -167,6 +170,267 @@ static unsigned long compute_si_addr(str
4396 return safe_compute_effective_address(regs, insn);
4399 +#ifdef CONFIG_PAX_PAGEEXEC
4400 +#ifdef CONFIG_PAX_DLRESOLVE
4401 +static void pax_emuplt_close(struct vm_area_struct *vma)
4403 + vma->vm_mm->call_dl_resolve = 0UL;
4406 +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
4408 + unsigned int *kaddr;
4410 + vmf->page = alloc_page(GFP_HIGHUSER);
4412 + return VM_FAULT_OOM;
4414 + kaddr = kmap(vmf->page);
4415 + memset(kaddr, 0, PAGE_SIZE);
4416 + kaddr[0] = 0x9DE3BFA8U; /* save */
4417 + flush_dcache_page(vmf->page);
4418 + kunmap(vmf->page);
4419 + return VM_FAULT_MAJOR;
4422 +static const struct vm_operations_struct pax_vm_ops = {
4423 + .close = pax_emuplt_close,
4424 + .fault = pax_emuplt_fault
4427 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
4431 + vma->vm_mm = current->mm;
4432 + vma->vm_start = addr;
4433 + vma->vm_end = addr + PAGE_SIZE;
4434 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
4435 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
4436 + vma->vm_ops = &pax_vm_ops;
4438 + ret = insert_vm_struct(current->mm, vma);
4442 + ++current->mm->total_vm;
4448 + * PaX: decide what to do with offenders (regs->pc = fault address)
4450 + * returns 1 when task should be killed
4451 + * 2 when patched PLT trampoline was detected
4452 + * 3 when unpatched PLT trampoline was detected
4454 +static int pax_handle_fetch_fault(struct pt_regs *regs)
4457 +#ifdef CONFIG_PAX_EMUPLT
4460 + do { /* PaX: patched PLT emulation #1 */
4461 + unsigned int sethi1, sethi2, jmpl;
4463 + err = get_user(sethi1, (unsigned int *)regs->pc);
4464 + err |= get_user(sethi2, (unsigned int *)(regs->pc+4));
4465 + err |= get_user(jmpl, (unsigned int *)(regs->pc+8));
4470 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4471 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
4472 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
4474 + unsigned int addr;
4476 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
4477 + addr = regs->u_regs[UREG_G1];
4478 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4480 + regs->npc = addr+4;
4485 + { /* PaX: patched PLT emulation #2 */
4488 + err = get_user(ba, (unsigned int *)regs->pc);
4490 + if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
4491 + unsigned int addr;
4493 + addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
4495 + regs->npc = addr+4;
4500 + do { /* PaX: patched PLT emulation #3 */
4501 + unsigned int sethi, jmpl, nop;
4503 + err = get_user(sethi, (unsigned int *)regs->pc);
4504 + err |= get_user(jmpl, (unsigned int *)(regs->pc+4));
4505 + err |= get_user(nop, (unsigned int *)(regs->pc+8));
4510 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4511 + (jmpl & 0xFFFFE000U) == 0x81C06000U &&
4512 + nop == 0x01000000U)
4514 + unsigned int addr;
4516 + addr = (sethi & 0x003FFFFFU) << 10;
4517 + regs->u_regs[UREG_G1] = addr;
4518 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4520 + regs->npc = addr+4;
4525 + do { /* PaX: unpatched PLT emulation step 1 */
4526 + unsigned int sethi, ba, nop;
4528 + err = get_user(sethi, (unsigned int *)regs->pc);
4529 + err |= get_user(ba, (unsigned int *)(regs->pc+4));
4530 + err |= get_user(nop, (unsigned int *)(regs->pc+8));
4535 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4536 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
4537 + nop == 0x01000000U)
4539 + unsigned int addr, save, call;
4541 + if ((ba & 0xFFC00000U) == 0x30800000U)
4542 + addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
4544 + addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
4546 + err = get_user(save, (unsigned int *)addr);
4547 + err |= get_user(call, (unsigned int *)(addr+4));
4548 + err |= get_user(nop, (unsigned int *)(addr+8));
4552 +#ifdef CONFIG_PAX_DLRESOLVE
4553 + if (save == 0x9DE3BFA8U &&
4554 + (call & 0xC0000000U) == 0x40000000U &&
4555 + nop == 0x01000000U)
4557 + struct vm_area_struct *vma;
4558 + unsigned long call_dl_resolve;
4560 + down_read(¤t->mm->mmap_sem);
4561 + call_dl_resolve = current->mm->call_dl_resolve;
4562 + up_read(¤t->mm->mmap_sem);
4563 + if (likely(call_dl_resolve))
4566 + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4568 + down_write(¤t->mm->mmap_sem);
4569 + if (current->mm->call_dl_resolve) {
4570 + call_dl_resolve = current->mm->call_dl_resolve;
4571 + up_write(¤t->mm->mmap_sem);
4573 + kmem_cache_free(vm_area_cachep, vma);
4577 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
4578 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
4579 + up_write(¤t->mm->mmap_sem);
4581 + kmem_cache_free(vm_area_cachep, vma);
4585 + if (pax_insert_vma(vma, call_dl_resolve)) {
4586 + up_write(¤t->mm->mmap_sem);
4587 + kmem_cache_free(vm_area_cachep, vma);
4591 + current->mm->call_dl_resolve = call_dl_resolve;
4592 + up_write(¤t->mm->mmap_sem);
4595 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
4596 + regs->pc = call_dl_resolve;
4597 + regs->npc = addr+4;
4602 + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
4603 + if ((save & 0xFFC00000U) == 0x05000000U &&
4604 + (call & 0xFFFFE000U) == 0x85C0A000U &&
4605 + nop == 0x01000000U)
4607 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
4608 + regs->u_regs[UREG_G2] = addr + 4;
4609 + addr = (save & 0x003FFFFFU) << 10;
4610 + addr += (((call | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4612 + regs->npc = addr+4;
4618 + do { /* PaX: unpatched PLT emulation step 2 */
4619 + unsigned int save, call, nop;
4621 + err = get_user(save, (unsigned int *)(regs->pc-4));
4622 + err |= get_user(call, (unsigned int *)regs->pc);
4623 + err |= get_user(nop, (unsigned int *)(regs->pc+4));
4627 + if (save == 0x9DE3BFA8U &&
4628 + (call & 0xC0000000U) == 0x40000000U &&
4629 + nop == 0x01000000U)
4631 + unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
4633 + regs->u_regs[UREG_RETPC] = regs->pc;
4634 + regs->pc = dl_resolve;
4635 + regs->npc = dl_resolve+4;
4644 +void pax_report_insns(void *pc, void *sp)
4648 + printk(KERN_ERR "PAX: bytes at PC: ");
4649 + for (i = 0; i < 5; i++) {
4651 + if (get_user(c, (unsigned int *)pc+i))
4652 + printk(KERN_CONT "???????? ");
4654 + printk(KERN_CONT "%08x ", c);
4660 asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
4661 unsigned long address)
4663 @@ -231,6 +495,24 @@ good_area:
4664 if(!(vma->vm_flags & VM_WRITE))
4668 +#ifdef CONFIG_PAX_PAGEEXEC
4669 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
4670 + up_read(&mm->mmap_sem);
4671 + switch (pax_handle_fetch_fault(regs)) {
4673 +#ifdef CONFIG_PAX_EMUPLT
4680 + pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]);
4681 + do_group_exit(SIGKILL);
4685 /* Allow reads even for write-only mappings */
4686 if(!(vma->vm_flags & (VM_READ | VM_EXEC)))
4688 diff -urNp linux-2.6.32.1/arch/sparc/mm/fault_64.c linux-2.6.32.1/arch/sparc/mm/fault_64.c
4689 --- linux-2.6.32.1/arch/sparc/mm/fault_64.c 2009-12-02 22:51:21.000000000 -0500
4690 +++ linux-2.6.32.1/arch/sparc/mm/fault_64.c 2009-12-14 18:33:51.565074152 -0500
4692 #include <linux/kprobes.h>
4693 #include <linux/kdebug.h>
4694 #include <linux/percpu.h>
4695 +#include <linux/slab.h>
4696 +#include <linux/pagemap.h>
4697 +#include <linux/compiler.h>
4699 #include <asm/page.h>
4700 #include <asm/pgtable.h>
4701 @@ -249,6 +252,416 @@ static void noinline bogus_32bit_fault_a
4705 +#ifdef CONFIG_PAX_PAGEEXEC
4706 +#ifdef CONFIG_PAX_DLRESOLVE
4707 +static void pax_emuplt_close(struct vm_area_struct *vma)
4709 + vma->vm_mm->call_dl_resolve = 0UL;
4712 +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
4714 + unsigned int *kaddr;
4716 + vmf->page = alloc_page(GFP_HIGHUSER);
4718 + return VM_FAULT_OOM;
4720 + kaddr = kmap(vmf->page);
4721 + memset(kaddr, 0, PAGE_SIZE);
4722 + kaddr[0] = 0x9DE3BFA8U; /* save */
4723 + flush_dcache_page(vmf->page);
4724 + kunmap(vmf->page);
4725 + return VM_FAULT_MAJOR;
4728 +static const struct vm_operations_struct pax_vm_ops = {
4729 + .close = pax_emuplt_close,
4730 + .fault = pax_emuplt_fault
4733 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
4737 + vma->vm_mm = current->mm;
4738 + vma->vm_start = addr;
4739 + vma->vm_end = addr + PAGE_SIZE;
4740 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
4741 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
4742 + vma->vm_ops = &pax_vm_ops;
4744 + ret = insert_vm_struct(current->mm, vma);
4748 + ++current->mm->total_vm;
4754 + * PaX: decide what to do with offenders (regs->tpc = fault address)
4756 + * returns 1 when task should be killed
4757 + * 2 when patched PLT trampoline was detected
4758 + * 3 when unpatched PLT trampoline was detected
4760 +static int pax_handle_fetch_fault(struct pt_regs *regs)
4763 +#ifdef CONFIG_PAX_EMUPLT
4766 + do { /* PaX: patched PLT emulation #1 */
4767 + unsigned int sethi1, sethi2, jmpl;
4769 + err = get_user(sethi1, (unsigned int *)regs->tpc);
4770 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4771 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+8));
4776 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4777 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
4778 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
4780 + unsigned long addr;
4782 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
4783 + addr = regs->u_regs[UREG_G1];
4784 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4786 + if (test_thread_flag(TIF_32BIT))
4787 + addr &= 0xFFFFFFFFUL;
4790 + regs->tnpc = addr+4;
4795 + { /* PaX: patched PLT emulation #2 */
4798 + err = get_user(ba, (unsigned int *)regs->tpc);
4800 + if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
4801 + unsigned long addr;
4803 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
4805 + if (test_thread_flag(TIF_32BIT))
4806 + addr &= 0xFFFFFFFFUL;
4809 + regs->tnpc = addr+4;
4814 + do { /* PaX: patched PLT emulation #3 */
4815 + unsigned int sethi, jmpl, nop;
4817 + err = get_user(sethi, (unsigned int *)regs->tpc);
4818 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+4));
4819 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4824 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4825 + (jmpl & 0xFFFFE000U) == 0x81C06000U &&
4826 + nop == 0x01000000U)
4828 + unsigned long addr;
4830 + addr = (sethi & 0x003FFFFFU) << 10;
4831 + regs->u_regs[UREG_G1] = addr;
4832 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4834 + if (test_thread_flag(TIF_32BIT))
4835 + addr &= 0xFFFFFFFFUL;
4838 + regs->tnpc = addr+4;
4843 + do { /* PaX: patched PLT emulation #4 */
4844 + unsigned int mov1, call, mov2;
4846 + err = get_user(mov1, (unsigned int *)regs->tpc);
4847 + err |= get_user(call, (unsigned int *)(regs->tpc+4));
4848 + err |= get_user(mov2, (unsigned int *)(regs->tpc+8));
4853 + if (mov1 == 0x8210000FU &&
4854 + (call & 0xC0000000U) == 0x40000000U &&
4855 + mov2 == 0x9E100001U)
4857 + unsigned long addr;
4859 + regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
4860 + addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
4862 + if (test_thread_flag(TIF_32BIT))
4863 + addr &= 0xFFFFFFFFUL;
4866 + regs->tnpc = addr+4;
4871 + do { /* PaX: patched PLT emulation #5 */
4872 + unsigned int sethi1, sethi2, or1, or2, sllx, jmpl, nop;
4874 + err = get_user(sethi1, (unsigned int *)regs->tpc);
4875 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4876 + err |= get_user(or1, (unsigned int *)(regs->tpc+8));
4877 + err |= get_user(or2, (unsigned int *)(regs->tpc+12));
4878 + err |= get_user(sllx, (unsigned int *)(regs->tpc+16));
4879 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+20));
4880 + err |= get_user(nop, (unsigned int *)(regs->tpc+24));
4885 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4886 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
4887 + (or1 & 0xFFFFE000U) == 0x82106000U &&
4888 + (or2 & 0xFFFFE000U) == 0x8A116000U &&
4889 + sllx == 0x83287020 &&
4890 + jmpl == 0x81C04005U &&
4891 + nop == 0x01000000U)
4893 + unsigned long addr;
4895 + regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
4896 + regs->u_regs[UREG_G1] <<= 32;
4897 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
4898 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
4900 + regs->tnpc = addr+4;
4905 + do { /* PaX: patched PLT emulation #6 */
4906 + unsigned int sethi1, sethi2, sllx, or, jmpl, nop;
4908 + err = get_user(sethi1, (unsigned int *)regs->tpc);
4909 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4910 + err |= get_user(sllx, (unsigned int *)(regs->tpc+8));
4911 + err |= get_user(or, (unsigned int *)(regs->tpc+12));
4912 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+16));
4913 + err |= get_user(nop, (unsigned int *)(regs->tpc+20));
4918 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4919 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
4920 + sllx == 0x83287020 &&
4921 + (or & 0xFFFFE000U) == 0x8A116000U &&
4922 + jmpl == 0x81C04005U &&
4923 + nop == 0x01000000U)
4925 + unsigned long addr;
4927 + regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
4928 + regs->u_regs[UREG_G1] <<= 32;
4929 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
4930 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
4932 + regs->tnpc = addr+4;
4937 + do { /* PaX: unpatched PLT emulation step 1 */
4938 + unsigned int sethi, ba, nop;
4940 + err = get_user(sethi, (unsigned int *)regs->tpc);
4941 + err |= get_user(ba, (unsigned int *)(regs->tpc+4));
4942 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4947 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4948 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
4949 + nop == 0x01000000U)
4951 + unsigned long addr;
4952 + unsigned int save, call;
4954 + if ((ba & 0xFFC00000U) == 0x30800000U)
4955 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
4957 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
4959 + if (test_thread_flag(TIF_32BIT))
4960 + addr &= 0xFFFFFFFFUL;
4962 + err = get_user(save, (unsigned int *)addr);
4963 + err |= get_user(call, (unsigned int *)(addr+4));
4964 + err |= get_user(nop, (unsigned int *)(addr+8));
4968 +#ifdef CONFIG_PAX_DLRESOLVE
4969 + if (save == 0x9DE3BFA8U &&
4970 + (call & 0xC0000000U) == 0x40000000U &&
4971 + nop == 0x01000000U)
4973 + struct vm_area_struct *vma;
4974 + unsigned long call_dl_resolve;
4976 + down_read(¤t->mm->mmap_sem);
4977 + call_dl_resolve = current->mm->call_dl_resolve;
4978 + up_read(¤t->mm->mmap_sem);
4979 + if (likely(call_dl_resolve))
4982 + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4984 + down_write(¤t->mm->mmap_sem);
4985 + if (current->mm->call_dl_resolve) {
4986 + call_dl_resolve = current->mm->call_dl_resolve;
4987 + up_write(¤t->mm->mmap_sem);
4989 + kmem_cache_free(vm_area_cachep, vma);
4993 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
4994 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
4995 + up_write(¤t->mm->mmap_sem);
4997 + kmem_cache_free(vm_area_cachep, vma);
5001 + if (pax_insert_vma(vma, call_dl_resolve)) {
5002 + up_write(¤t->mm->mmap_sem);
5003 + kmem_cache_free(vm_area_cachep, vma);
5007 + current->mm->call_dl_resolve = call_dl_resolve;
5008 + up_write(¤t->mm->mmap_sem);
5011 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5012 + regs->tpc = call_dl_resolve;
5013 + regs->tnpc = addr+4;
5018 + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
5019 + if ((save & 0xFFC00000U) == 0x05000000U &&
5020 + (call & 0xFFFFE000U) == 0x85C0A000U &&
5021 + nop == 0x01000000U)
5023 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5024 + regs->u_regs[UREG_G2] = addr + 4;
5025 + addr = (save & 0x003FFFFFU) << 10;
5026 + addr += (((call | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
5028 + if (test_thread_flag(TIF_32BIT))
5029 + addr &= 0xFFFFFFFFUL;
5032 + regs->tnpc = addr+4;
5038 +#ifdef CONFIG_PAX_DLRESOLVE
5039 + do { /* PaX: unpatched PLT emulation step 2 */
5040 + unsigned int save, call, nop;
5042 + err = get_user(save, (unsigned int *)(regs->tpc-4));
5043 + err |= get_user(call, (unsigned int *)regs->tpc);
5044 + err |= get_user(nop, (unsigned int *)(regs->tpc+4));
5048 + if (save == 0x9DE3BFA8U &&
5049 + (call & 0xC0000000U) == 0x40000000U &&
5050 + nop == 0x01000000U)
5052 + unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
5054 + if (test_thread_flag(TIF_32BIT))
5055 + dl_resolve &= 0xFFFFFFFFUL;
5057 + regs->u_regs[UREG_RETPC] = regs->tpc;
5058 + regs->tpc = dl_resolve;
5059 + regs->tnpc = dl_resolve+4;
5065 + do { /* PaX: patched PLT emulation #7, must be AFTER the unpatched PLT emulation */
5066 + unsigned int sethi, ba, nop;
5068 + err = get_user(sethi, (unsigned int *)regs->tpc);
5069 + err |= get_user(ba, (unsigned int *)(regs->tpc+4));
5070 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
5075 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
5076 + (ba & 0xFFF00000U) == 0x30600000U &&
5077 + nop == 0x01000000U)
5079 + unsigned long addr;
5081 + addr = (sethi & 0x003FFFFFU) << 10;
5082 + regs->u_regs[UREG_G1] = addr;
5083 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
5085 + if (test_thread_flag(TIF_32BIT))
5086 + addr &= 0xFFFFFFFFUL;
5089 + regs->tnpc = addr+4;
5099 +void pax_report_insns(void *pc, void *sp)
5103 + printk(KERN_ERR "PAX: bytes at PC: ");
5104 + for (i = 0; i < 5; i++) {
5106 + if (get_user(c, (unsigned int *)pc+i))
5107 + printk(KERN_CONT "???????? ");
5109 + printk(KERN_CONT "%08x ", c);
5115 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
5117 struct mm_struct *mm = current->mm;
5118 @@ -315,6 +728,29 @@ asmlinkage void __kprobes do_sparc64_fau
5122 +#ifdef CONFIG_PAX_PAGEEXEC
5123 + /* PaX: detect ITLB misses on non-exec pages */
5124 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
5125 + !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
5127 + if (address != regs->tpc)
5130 + up_read(&mm->mmap_sem);
5131 + switch (pax_handle_fetch_fault(regs)) {
5133 +#ifdef CONFIG_PAX_EMUPLT
5140 + pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS));
5141 + do_group_exit(SIGKILL);
5145 /* Pure DTLB misses do not tell us whether the fault causing
5146 * load/store/atomic was a write or not, it only says that there
5147 * was no match. So in such a case we (carefully) read the
5148 diff -urNp linux-2.6.32.1/arch/sparc/mm/init_32.c linux-2.6.32.1/arch/sparc/mm/init_32.c
5149 --- linux-2.6.32.1/arch/sparc/mm/init_32.c 2009-12-02 22:51:21.000000000 -0500
5150 +++ linux-2.6.32.1/arch/sparc/mm/init_32.c 2009-12-14 18:33:51.565074152 -0500
5151 @@ -317,6 +317,9 @@ extern void device_scan(void);
5152 pgprot_t PAGE_SHARED __read_mostly;
5153 EXPORT_SYMBOL(PAGE_SHARED);
5155 +pgprot_t PAGE_SHARED_NOEXEC __read_mostly;
5156 +EXPORT_SYMBOL(PAGE_SHARED_NOEXEC);
5158 void __init paging_init(void)
5160 switch(sparc_cpu_model) {
5161 @@ -345,17 +348,17 @@ void __init paging_init(void)
5163 /* Initialize the protection map with non-constant, MMU dependent values. */
5164 protection_map[0] = PAGE_NONE;
5165 - protection_map[1] = PAGE_READONLY;
5166 - protection_map[2] = PAGE_COPY;
5167 - protection_map[3] = PAGE_COPY;
5168 + protection_map[1] = PAGE_READONLY_NOEXEC;
5169 + protection_map[2] = PAGE_COPY_NOEXEC;
5170 + protection_map[3] = PAGE_COPY_NOEXEC;
5171 protection_map[4] = PAGE_READONLY;
5172 protection_map[5] = PAGE_READONLY;
5173 protection_map[6] = PAGE_COPY;
5174 protection_map[7] = PAGE_COPY;
5175 protection_map[8] = PAGE_NONE;
5176 - protection_map[9] = PAGE_READONLY;
5177 - protection_map[10] = PAGE_SHARED;
5178 - protection_map[11] = PAGE_SHARED;
5179 + protection_map[9] = PAGE_READONLY_NOEXEC;
5180 + protection_map[10] = PAGE_SHARED_NOEXEC;
5181 + protection_map[11] = PAGE_SHARED_NOEXEC;
5182 protection_map[12] = PAGE_READONLY;
5183 protection_map[13] = PAGE_READONLY;
5184 protection_map[14] = PAGE_SHARED;
5185 diff -urNp linux-2.6.32.1/arch/sparc/mm/Makefile linux-2.6.32.1/arch/sparc/mm/Makefile
5186 --- linux-2.6.32.1/arch/sparc/mm/Makefile 2009-12-02 22:51:21.000000000 -0500
5187 +++ linux-2.6.32.1/arch/sparc/mm/Makefile 2009-12-14 18:33:51.565975886 -0500
5192 -ccflags-y := -Werror
5193 +#ccflags-y := -Werror
5195 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o
5196 obj-y += fault_$(BITS).o
5197 diff -urNp linux-2.6.32.1/arch/sparc/mm/srmmu.c linux-2.6.32.1/arch/sparc/mm/srmmu.c
5198 --- linux-2.6.32.1/arch/sparc/mm/srmmu.c 2009-12-02 22:51:21.000000000 -0500
5199 +++ linux-2.6.32.1/arch/sparc/mm/srmmu.c 2009-12-14 18:33:51.565975886 -0500
5200 @@ -2200,6 +2200,13 @@ void __init ld_mmu_srmmu(void)
5201 PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED);
5202 BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY));
5203 BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY));
5205 +#ifdef CONFIG_PAX_PAGEEXEC
5206 + PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC);
5207 + BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC));
5208 + BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC));
5211 BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL));
5212 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL);
5214 diff -urNp linux-2.6.32.1/arch/um/include/asm/kmap_types.h linux-2.6.32.1/arch/um/include/asm/kmap_types.h
5215 --- linux-2.6.32.1/arch/um/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
5216 +++ linux-2.6.32.1/arch/um/include/asm/kmap_types.h 2009-12-14 18:33:51.566841693 -0500
5217 @@ -23,6 +23,7 @@ enum km_type {
5225 diff -urNp linux-2.6.32.1/arch/um/include/asm/page.h linux-2.6.32.1/arch/um/include/asm/page.h
5226 --- linux-2.6.32.1/arch/um/include/asm/page.h 2009-12-02 22:51:21.000000000 -0500
5227 +++ linux-2.6.32.1/arch/um/include/asm/page.h 2009-12-14 18:33:51.566841693 -0500
5229 #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT)
5230 #define PAGE_MASK (~(PAGE_SIZE-1))
5232 +#define ktla_ktva(addr) (addr)
5233 +#define ktva_ktla(addr) (addr)
5235 #ifndef __ASSEMBLY__
5238 diff -urNp linux-2.6.32.1/arch/um/sys-i386/syscalls.c linux-2.6.32.1/arch/um/sys-i386/syscalls.c
5239 --- linux-2.6.32.1/arch/um/sys-i386/syscalls.c 2009-12-02 22:51:21.000000000 -0500
5240 +++ linux-2.6.32.1/arch/um/sys-i386/syscalls.c 2009-12-14 18:33:51.577203984 -0500
5242 #include "asm/uaccess.h"
5243 #include "asm/unistd.h"
5245 +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
5247 + unsigned long pax_task_size = TASK_SIZE;
5249 +#ifdef CONFIG_PAX_SEGMEXEC
5250 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
5251 + pax_task_size = SEGMEXEC_TASK_SIZE;
5254 + if (len > pax_task_size || addr > pax_task_size - len)
5261 * Perform the select(nd, in, out, ex, tv) and mmap() system
5262 * calls. Linux/i386 didn't use to be able to handle more than
5263 diff -urNp linux-2.6.32.1/arch/x86/boot/bitops.h linux-2.6.32.1/arch/x86/boot/bitops.h
5264 --- linux-2.6.32.1/arch/x86/boot/bitops.h 2009-12-02 22:51:21.000000000 -0500
5265 +++ linux-2.6.32.1/arch/x86/boot/bitops.h 2009-12-14 18:33:51.581189750 -0500
5266 @@ -26,7 +26,7 @@ static inline int variable_test_bit(int
5268 const u32 *p = (const u32 *)addr;
5270 - asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
5271 + asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
5275 @@ -37,7 +37,7 @@ static inline int variable_test_bit(int
5277 static inline void set_bit(int nr, void *addr)
5279 - asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
5280 + asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
5283 #endif /* BOOT_BITOPS_H */
5284 diff -urNp linux-2.6.32.1/arch/x86/boot/boot.h linux-2.6.32.1/arch/x86/boot/boot.h
5285 --- linux-2.6.32.1/arch/x86/boot/boot.h 2009-12-02 22:51:21.000000000 -0500
5286 +++ linux-2.6.32.1/arch/x86/boot/boot.h 2009-12-14 18:33:51.595738615 -0500
5287 @@ -82,7 +82,7 @@ static inline void io_delay(void)
5288 static inline u16 ds(void)
5291 - asm("movw %%ds,%0" : "=rm" (seg));
5292 + asm volatile("movw %%ds,%0" : "=rm" (seg));
5296 @@ -178,7 +178,7 @@ static inline void wrgs32(u32 v, addr_t
5297 static inline int memcmp(const void *s1, const void *s2, size_t len)
5300 - asm("repe; cmpsb; setnz %0"
5301 + asm volatile("repe; cmpsb; setnz %0"
5302 : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
5305 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/head_32.S linux-2.6.32.1/arch/x86/boot/compressed/head_32.S
5306 --- linux-2.6.32.1/arch/x86/boot/compressed/head_32.S 2009-12-02 22:51:21.000000000 -0500
5307 +++ linux-2.6.32.1/arch/x86/boot/compressed/head_32.S 2009-12-14 18:33:51.595738615 -0500
5308 @@ -76,7 +76,7 @@ ENTRY(startup_32)
5312 - movl $LOAD_PHYSICAL_ADDR, %ebx
5313 + movl $____LOAD_PHYSICAL_ADDR, %ebx
5316 /* Target address to relocate to for decompression */
5317 @@ -149,7 +149,7 @@ relocated:
5318 * and where it was actually loaded.
5321 - subl $LOAD_PHYSICAL_ADDR, %ebx
5322 + subl $____LOAD_PHYSICAL_ADDR, %ebx
5323 jz 2f /* Nothing to be done if loaded at compiled addr. */
5325 * Process relocations.
5326 @@ -157,8 +157,7 @@ relocated:
5333 addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
5336 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/head_64.S linux-2.6.32.1/arch/x86/boot/compressed/head_64.S
5337 --- linux-2.6.32.1/arch/x86/boot/compressed/head_64.S 2009-12-02 22:51:21.000000000 -0500
5338 +++ linux-2.6.32.1/arch/x86/boot/compressed/head_64.S 2009-12-14 18:33:51.595738615 -0500
5339 @@ -91,7 +91,7 @@ ENTRY(startup_32)
5343 - movl $LOAD_PHYSICAL_ADDR, %ebx
5344 + movl $____LOAD_PHYSICAL_ADDR, %ebx
5347 /* Target address to relocate to for decompression */
5348 @@ -234,7 +234,7 @@ ENTRY(startup_64)
5352 - movq $LOAD_PHYSICAL_ADDR, %rbp
5353 + movq $____LOAD_PHYSICAL_ADDR, %rbp
5356 /* Target address to relocate to for decompression */
5357 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/misc.c linux-2.6.32.1/arch/x86/boot/compressed/misc.c
5358 --- linux-2.6.32.1/arch/x86/boot/compressed/misc.c 2009-12-02 22:51:21.000000000 -0500
5359 +++ linux-2.6.32.1/arch/x86/boot/compressed/misc.c 2009-12-14 18:33:51.595738615 -0500
5360 @@ -288,7 +288,7 @@ static void parse_elf(void *output)
5362 #ifdef CONFIG_RELOCATABLE
5364 - dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR);
5365 + dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR);
5367 dest = (void *)(phdr->p_paddr);
5369 @@ -335,7 +335,7 @@ asmlinkage void decompress_kernel(void *
5370 error("Destination address too large");
5372 #ifndef CONFIG_RELOCATABLE
5373 - if ((unsigned long)output != LOAD_PHYSICAL_ADDR)
5374 + if ((unsigned long)output != ____LOAD_PHYSICAL_ADDR)
5375 error("Wrong destination address");
5378 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c
5379 --- linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c 2009-12-02 22:51:21.000000000 -0500
5380 +++ linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c 2009-12-14 18:33:51.596762216 -0500
5381 @@ -74,7 +74,7 @@ int main(int argc, char *argv[])
5383 offs = (olen > ilen) ? olen - ilen : 0;
5384 offs += olen >> 12; /* Add 8 bytes for each 32K block */
5385 - offs += 32*1024 + 18; /* Add 32K + 18 bytes slack */
5386 + offs += 64*1024; /* Add 64K bytes slack */
5387 offs = (offs+4095) & ~4095; /* Round to a 4K boundary */
5389 printf(".section \".rodata.compressed\",\"a\",@progbits\n");
5390 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/relocs.c linux-2.6.32.1/arch/x86/boot/compressed/relocs.c
5391 --- linux-2.6.32.1/arch/x86/boot/compressed/relocs.c 2009-12-02 22:51:21.000000000 -0500
5392 +++ linux-2.6.32.1/arch/x86/boot/compressed/relocs.c 2009-12-14 18:33:51.596762216 -0500
5397 +#include "../../../../include/linux/autoconf.h"
5399 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
5400 static Elf32_Ehdr ehdr;
5401 +static Elf32_Phdr *phdr;
5402 static unsigned long reloc_count, reloc_idx;
5403 static unsigned long *relocs;
5405 @@ -37,7 +40,7 @@ static const char* safe_abs_relocs[] = {
5407 static int is_safe_abs_reloc(const char* sym_name)
5412 for (i = 0; i < ARRAY_SIZE(safe_abs_relocs); i++) {
5413 if (!strcmp(sym_name, safe_abs_relocs[i]))
5414 @@ -245,9 +248,39 @@ static void read_ehdr(FILE *fp)
5418 +static void read_phdrs(FILE *fp)
5422 + phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr));
5424 + die("Unable to allocate %d program headers\n",
5427 + if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
5428 + die("Seek to %d failed: %s\n",
5429 + ehdr.e_phoff, strerror(errno));
5431 + if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) {
5432 + die("Cannot read ELF program headers: %s\n",
5435 + for(i = 0; i < ehdr.e_phnum; i++) {
5436 + phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
5437 + phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
5438 + phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
5439 + phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
5440 + phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
5441 + phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
5442 + phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
5443 + phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
5448 static void read_shdrs(FILE *fp)
5454 secs = calloc(ehdr.e_shnum, sizeof(struct section));
5455 @@ -282,7 +315,7 @@ static void read_shdrs(FILE *fp)
5457 static void read_strtabs(FILE *fp)
5461 for (i = 0; i < ehdr.e_shnum; i++) {
5462 struct section *sec = &secs[i];
5463 if (sec->shdr.sh_type != SHT_STRTAB) {
5464 @@ -307,7 +340,7 @@ static void read_strtabs(FILE *fp)
5466 static void read_symtabs(FILE *fp)
5470 for (i = 0; i < ehdr.e_shnum; i++) {
5471 struct section *sec = &secs[i];
5472 if (sec->shdr.sh_type != SHT_SYMTAB) {
5473 @@ -340,7 +373,9 @@ static void read_symtabs(FILE *fp)
5475 static void read_relocs(FILE *fp)
5481 for (i = 0; i < ehdr.e_shnum; i++) {
5482 struct section *sec = &secs[i];
5483 if (sec->shdr.sh_type != SHT_REL) {
5484 @@ -360,9 +395,18 @@ static void read_relocs(FILE *fp)
5485 die("Cannot read symbol table: %s\n",
5489 + for (j = 0; j < ehdr.e_phnum; j++) {
5490 + if (phdr[j].p_type != PT_LOAD )
5492 + if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz)
5494 + base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
5497 for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
5498 Elf32_Rel *rel = &sec->reltab[j];
5499 - rel->r_offset = elf32_to_cpu(rel->r_offset);
5500 + rel->r_offset = elf32_to_cpu(rel->r_offset) + base;
5501 rel->r_info = elf32_to_cpu(rel->r_info);
5504 @@ -371,14 +415,14 @@ static void read_relocs(FILE *fp)
5506 static void print_absolute_symbols(void)
5510 printf("Absolute symbols\n");
5511 printf(" Num: Value Size Type Bind Visibility Name\n");
5512 for (i = 0; i < ehdr.e_shnum; i++) {
5513 struct section *sec = &secs[i];
5515 Elf32_Sym *sh_symtab;
5519 if (sec->shdr.sh_type != SHT_SYMTAB) {
5521 @@ -406,14 +450,14 @@ static void print_absolute_symbols(void)
5523 static void print_absolute_relocs(void)
5525 - int i, printed = 0;
5526 + unsigned int i, printed = 0;
5528 for (i = 0; i < ehdr.e_shnum; i++) {
5529 struct section *sec = &secs[i];
5530 struct section *sec_applies, *sec_symtab;
5532 Elf32_Sym *sh_symtab;
5535 if (sec->shdr.sh_type != SHT_REL) {
5538 @@ -474,13 +518,13 @@ static void print_absolute_relocs(void)
5540 static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
5544 /* Walk through the relocations */
5545 for (i = 0; i < ehdr.e_shnum; i++) {
5547 Elf32_Sym *sh_symtab;
5548 struct section *sec_applies, *sec_symtab;
5551 struct section *sec = &secs[i];
5553 if (sec->shdr.sh_type != SHT_REL) {
5554 @@ -504,6 +548,21 @@ static void walk_relocs(void (*visit)(El
5555 if (sym->st_shndx == SHN_ABS) {
5558 + /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
5559 + if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
5562 +#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
5563 + /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
5564 + if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
5566 + if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
5568 + if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
5570 + if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
5573 if (r_type == R_386_NONE || r_type == R_386_PC32) {
5575 * NONE can be ignored and and PC relative
5576 @@ -541,7 +600,7 @@ static int cmp_relocs(const void *va, co
5578 static void emit_relocs(int as_text)
5582 /* Count how many relocations I have and allocate space for them. */
5584 walk_relocs(count_reloc);
5585 @@ -634,6 +693,7 @@ int main(int argc, char **argv)
5586 fname, strerror(errno));
5593 diff -urNp linux-2.6.32.1/arch/x86/boot/cpucheck.c linux-2.6.32.1/arch/x86/boot/cpucheck.c
5594 --- linux-2.6.32.1/arch/x86/boot/cpucheck.c 2009-12-02 22:51:21.000000000 -0500
5595 +++ linux-2.6.32.1/arch/x86/boot/cpucheck.c 2009-12-14 18:33:51.596762216 -0500
5596 @@ -74,7 +74,7 @@ static int has_fpu(void)
5597 u16 fcw = -1, fsw = -1;
5600 - asm("movl %%cr0,%0" : "=r" (cr0));
5601 + asm volatile("movl %%cr0,%0" : "=r" (cr0));
5602 if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
5603 cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
5604 asm volatile("movl %0,%%cr0" : : "r" (cr0));
5605 @@ -90,7 +90,7 @@ static int has_eflag(u32 mask)
5610 + asm volatile("pushfl ; "
5614 @@ -115,7 +115,7 @@ static void get_flags(void)
5615 set_bit(X86_FEATURE_FPU, cpu.flags);
5617 if (has_eflag(X86_EFLAGS_ID)) {
5619 + asm volatile("cpuid"
5620 : "=a" (max_intel_level),
5621 "=b" (cpu_vendor[0]),
5622 "=d" (cpu_vendor[1]),
5623 @@ -124,7 +124,7 @@ static void get_flags(void)
5625 if (max_intel_level >= 0x00000001 &&
5626 max_intel_level <= 0x0000ffff) {
5628 + asm volatile("cpuid"
5630 "=c" (cpu.flags[4]),
5632 @@ -136,7 +136,7 @@ static void get_flags(void)
5633 cpu.model += ((tfms >> 16) & 0xf) << 4;
5637 + asm volatile("cpuid"
5638 : "=a" (max_amd_level)
5640 : "ebx", "ecx", "edx");
5641 @@ -144,7 +144,7 @@ static void get_flags(void)
5642 if (max_amd_level >= 0x80000001 &&
5643 max_amd_level <= 0x8000ffff) {
5644 u32 eax = 0x80000001;
5646 + asm volatile("cpuid"
5648 "=c" (cpu.flags[6]),
5650 @@ -203,9 +203,9 @@ int check_cpu(int *cpu_level_ptr, int *r
5651 u32 ecx = MSR_K7_HWCR;
5654 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5655 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5657 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5658 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5660 get_flags(); /* Make sure it really did something */
5661 err = check_flags();
5662 @@ -218,9 +218,9 @@ int check_cpu(int *cpu_level_ptr, int *r
5663 u32 ecx = MSR_VIA_FCR;
5666 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5667 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5668 eax |= (1<<1)|(1<<7);
5669 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5670 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5672 set_bit(X86_FEATURE_CX8, cpu.flags);
5673 err = check_flags();
5674 @@ -231,12 +231,12 @@ int check_cpu(int *cpu_level_ptr, int *r
5678 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5679 - asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
5681 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5682 + asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
5683 + asm volatile("cpuid"
5684 : "+a" (level), "=d" (cpu.flags[0])
5686 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5687 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5689 err = check_flags();
5691 diff -urNp linux-2.6.32.1/arch/x86/boot/header.S linux-2.6.32.1/arch/x86/boot/header.S
5692 --- linux-2.6.32.1/arch/x86/boot/header.S 2009-12-02 22:51:21.000000000 -0500
5693 +++ linux-2.6.32.1/arch/x86/boot/header.S 2009-12-14 18:33:51.597950814 -0500
5694 @@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical
5695 # single linked list of
5698 -pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
5699 +pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr
5701 #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
5702 #define VO_INIT_SIZE (VO__end - VO__text)
5703 diff -urNp linux-2.6.32.1/arch/x86/boot/video-vesa.c linux-2.6.32.1/arch/x86/boot/video-vesa.c
5704 --- linux-2.6.32.1/arch/x86/boot/video-vesa.c 2009-12-02 22:51:21.000000000 -0500
5705 +++ linux-2.6.32.1/arch/x86/boot/video-vesa.c 2009-12-14 18:33:51.598742911 -0500
5706 @@ -200,6 +200,7 @@ static void vesa_store_pm_info(void)
5708 boot_params.screen_info.vesapm_seg = oreg.es;
5709 boot_params.screen_info.vesapm_off = oreg.di;
5710 + boot_params.screen_info.vesapm_size = oreg.cx;
5714 diff -urNp linux-2.6.32.1/arch/x86/ia32/ia32_signal.c linux-2.6.32.1/arch/x86/ia32/ia32_signal.c
5715 --- linux-2.6.32.1/arch/x86/ia32/ia32_signal.c 2009-12-02 22:51:21.000000000 -0500
5716 +++ linux-2.6.32.1/arch/x86/ia32/ia32_signal.c 2009-12-14 18:33:51.598742911 -0500
5717 @@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
5719 /* Align the stack pointer according to the i386 ABI,
5720 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
5721 - sp = ((sp + 4) & -16ul) - 4;
5722 + sp = ((sp - 12) & -16ul) - 4;
5723 return (void __user *) sp;
5726 @@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct
5728 __NR_ia32_rt_sigreturn,
5734 frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
5735 diff -urNp linux-2.6.32.1/arch/x86/include/asm/alternative.h linux-2.6.32.1/arch/x86/include/asm/alternative.h
5736 --- linux-2.6.32.1/arch/x86/include/asm/alternative.h 2009-12-02 22:51:21.000000000 -0500
5737 +++ linux-2.6.32.1/arch/x86/include/asm/alternative.h 2009-12-14 18:33:51.598742911 -0500
5738 @@ -85,7 +85,7 @@ static inline void alternatives_smp_swit
5739 " .byte 662b-661b\n" /* sourcelen */ \
5740 " .byte 664f-663f\n" /* replacementlen */ \
5742 - ".section .altinstr_replacement, \"ax\"\n" \
5743 + ".section .altinstr_replacement, \"a\"\n" \
5744 "663:\n\t" newinstr "\n664:\n" /* replacement */ \
5747 diff -urNp linux-2.6.32.1/arch/x86/include/asm/apm.h linux-2.6.32.1/arch/x86/include/asm/apm.h
5748 --- linux-2.6.32.1/arch/x86/include/asm/apm.h 2009-12-02 22:51:21.000000000 -0500
5749 +++ linux-2.6.32.1/arch/x86/include/asm/apm.h 2009-12-14 18:33:51.599707107 -0500
5750 @@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32
5751 __asm__ __volatile__(APM_DO_ZERO_SEGS
5754 - "lcall *%%cs:apm_bios_entry\n\t"
5755 + "lcall *%%ss:apm_bios_entry\n\t"
5759 @@ -58,7 +58,7 @@ static inline u8 apm_bios_call_simple_as
5760 __asm__ __volatile__(APM_DO_ZERO_SEGS
5763 - "lcall *%%cs:apm_bios_entry\n\t"
5764 + "lcall *%%ss:apm_bios_entry\n\t"
5768 diff -urNp linux-2.6.32.1/arch/x86/include/asm/atomic_32.h linux-2.6.32.1/arch/x86/include/asm/atomic_32.h
5769 --- linux-2.6.32.1/arch/x86/include/asm/atomic_32.h 2009-12-02 22:51:21.000000000 -0500
5770 +++ linux-2.6.32.1/arch/x86/include/asm/atomic_32.h 2009-12-14 18:33:51.599707107 -0500
5771 @@ -25,6 +25,17 @@ static inline int atomic_read(const atom
5775 + * atomic_read_unchecked - read atomic variable
5776 + * @v: pointer of type atomic_unchecked_t
5778 + * Atomically reads the value of @v.
5780 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
5782 + return v->counter;
5786 * atomic_set - set atomic variable
5787 * @v: pointer of type atomic_t
5788 * @i: required value
5789 @@ -37,6 +48,18 @@ static inline void atomic_set(atomic_t *
5793 + * atomic_set_unchecked - set atomic variable
5794 + * @v: pointer of type atomic_unchecked_t
5795 + * @i: required value
5797 + * Atomically sets the value of @v to @i.
5799 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
5805 * atomic_add - add integer to atomic variable
5806 * @i: integer value to add
5807 * @v: pointer of type atomic_t
5808 @@ -45,7 +68,29 @@ static inline void atomic_set(atomic_t *
5810 static inline void atomic_add(int i, atomic_t *v)
5812 - asm volatile(LOCK_PREFIX "addl %1,%0"
5813 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
5815 +#ifdef CONFIG_PAX_REFCOUNT
5817 + LOCK_PREFIX "subl %1,%0\n"
5819 + _ASM_EXTABLE(0b, 0b)
5822 + : "+m" (v->counter)
5827 + * atomic_add_unchecked - add integer to atomic variable
5828 + * @i: integer value to add
5829 + * @v: pointer of type atomic_unchecked_t
5831 + * Atomically adds @i to @v.
5833 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
5835 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
5839 @@ -59,7 +104,29 @@ static inline void atomic_add(int i, ato
5841 static inline void atomic_sub(int i, atomic_t *v)
5843 - asm volatile(LOCK_PREFIX "subl %1,%0"
5844 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
5846 +#ifdef CONFIG_PAX_REFCOUNT
5848 + LOCK_PREFIX "addl %1,%0\n"
5850 + _ASM_EXTABLE(0b, 0b)
5853 + : "+m" (v->counter)
5858 + * atomic_sub_unchecked - subtract integer from atomic variable
5859 + * @i: integer value to subtract
5860 + * @v: pointer of type atomic_t
5862 + * Atomically subtracts @i from @v.
5864 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
5866 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
5870 @@ -77,7 +144,16 @@ static inline int atomic_sub_and_test(in
5874 - asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
5875 + asm volatile(LOCK_PREFIX "subl %2,%0\n"
5877 +#ifdef CONFIG_PAX_REFCOUNT
5879 + LOCK_PREFIX "addl %2,%0\n"
5881 + _ASM_EXTABLE(0b, 0b)
5885 : "+m" (v->counter), "=qm" (c)
5886 : "ir" (i) : "memory");
5888 @@ -91,7 +167,30 @@ static inline int atomic_sub_and_test(in
5890 static inline void atomic_inc(atomic_t *v)
5892 - asm volatile(LOCK_PREFIX "incl %0"
5893 + asm volatile(LOCK_PREFIX "incl %0\n"
5895 +#ifdef CONFIG_PAX_REFCOUNT
5897 + ".pushsection .fixup,\"ax\"\n"
5899 + LOCK_PREFIX "decl %0\n"
5902 + _ASM_EXTABLE(0b, 1b)
5905 + : "+m" (v->counter));
5909 + * atomic_inc_unchecked - increment atomic variable
5910 + * @v: pointer of type atomic_unchecked_t
5912 + * Atomically increments @v by 1.
5914 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
5916 + asm volatile(LOCK_PREFIX "incl %0\n"
5917 : "+m" (v->counter));
5920 @@ -103,7 +202,18 @@ static inline void atomic_inc(atomic_t *
5922 static inline void atomic_dec(atomic_t *v)
5924 - asm volatile(LOCK_PREFIX "decl %0"
5925 + asm volatile(LOCK_PREFIX "decl %0\n"
5927 +#ifdef CONFIG_PAX_REFCOUNT
5929 + ".pushsection .fixup,\"ax\"\n"
5931 + LOCK_PREFIX "incl %0\n"
5934 + _ASM_EXTABLE(0b, 1b)
5937 : "+m" (v->counter));
5940 @@ -119,7 +229,19 @@ static inline int atomic_dec_and_test(at
5944 - asm volatile(LOCK_PREFIX "decl %0; sete %1"
5945 + asm volatile(LOCK_PREFIX "decl %0\n"
5947 +#ifdef CONFIG_PAX_REFCOUNT
5949 + ".pushsection .fixup,\"ax\"\n"
5951 + LOCK_PREFIX "incl %0\n"
5954 + _ASM_EXTABLE(0b, 1b)
5958 : "+m" (v->counter), "=qm" (c)
5961 @@ -137,7 +259,19 @@ static inline int atomic_inc_and_test(at
5965 - asm volatile(LOCK_PREFIX "incl %0; sete %1"
5966 + asm volatile(LOCK_PREFIX "incl %0\n"
5968 +#ifdef CONFIG_PAX_REFCOUNT
5970 + ".pushsection .fixup,\"ax\"\n"
5972 + LOCK_PREFIX "decl %0\n"
5975 + _ASM_EXTABLE(0b, 1b)
5979 : "+m" (v->counter), "=qm" (c)
5982 @@ -156,7 +290,16 @@ static inline int atomic_add_negative(in
5986 - asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
5987 + asm volatile(LOCK_PREFIX "addl %2,%0\n"
5989 +#ifdef CONFIG_PAX_REFCOUNT
5991 + LOCK_PREFIX "subl %2,%0\n"
5993 + _ASM_EXTABLE(0b, 0b)
5997 : "+m" (v->counter), "=qm" (c)
5998 : "ir" (i) : "memory");
6000 @@ -179,7 +322,15 @@ static inline int atomic_add_return(int
6002 /* Modern 486+ processor */
6004 - asm volatile(LOCK_PREFIX "xaddl %0, %1"
6005 + asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
6007 +#ifdef CONFIG_PAX_REFCOUNT
6011 + _ASM_EXTABLE(0b, 0b)
6014 : "+r" (i), "+m" (v->counter)
6017 @@ -227,17 +378,28 @@ static inline int atomic_xchg(atomic_t *
6019 static inline int atomic_add_unless(atomic_t *v, int a, int u)
6025 - if (unlikely(c == (u)))
6026 + if (unlikely(c == u))
6028 - old = atomic_cmpxchg((v), c, c + (a));
6030 + asm volatile("addl %2,%0\n"
6032 +#ifdef CONFIG_PAX_REFCOUNT
6034 + _ASM_EXTABLE(0b, 0b)
6038 + : "0" (c), "ir" (a));
6040 + old = atomic_cmpxchg(v, c, new);
6041 if (likely(old == c))
6049 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
6050 diff -urNp linux-2.6.32.1/arch/x86/include/asm/atomic_64.h linux-2.6.32.1/arch/x86/include/asm/atomic_64.h
6051 --- linux-2.6.32.1/arch/x86/include/asm/atomic_64.h 2009-12-02 22:51:21.000000000 -0500
6052 +++ linux-2.6.32.1/arch/x86/include/asm/atomic_64.h 2009-12-14 18:33:51.599707107 -0500
6053 @@ -24,6 +24,17 @@ static inline int atomic_read(const atom
6057 + * atomic_read_unchecked - read atomic variable
6058 + * @v: pointer of type atomic_unchecked_t
6060 + * Atomically reads the value of @v.
6062 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
6064 + return v->counter;
6068 * atomic_set - set atomic variable
6069 * @v: pointer of type atomic_t
6070 * @i: required value
6071 @@ -36,6 +47,18 @@ static inline void atomic_set(atomic_t *
6075 + * atomic_set_unchecked - set atomic variable
6076 + * @v: pointer of type atomic_unchecked_t
6077 + * @i: required value
6079 + * Atomically sets the value of @v to @i.
6081 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
6087 * atomic_add - add integer to atomic variable
6088 * @i: integer value to add
6089 * @v: pointer of type atomic_t
6090 @@ -44,7 +67,29 @@ static inline void atomic_set(atomic_t *
6092 static inline void atomic_add(int i, atomic_t *v)
6094 - asm volatile(LOCK_PREFIX "addl %1,%0"
6095 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
6097 +#ifdef CONFIG_PAX_REFCOUNT
6099 + LOCK_PREFIX "subl %1,%0\n"
6101 + _ASM_EXTABLE(0b, 0b)
6104 + : "=m" (v->counter)
6105 + : "ir" (i), "m" (v->counter));
6109 + * atomic_add_unchecked - add integer to atomic variable
6110 + * @i: integer value to add
6111 + * @v: pointer of type atomic_unchecked_t
6113 + * Atomically adds @i to @v.
6115 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
6117 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
6119 : "ir" (i), "m" (v->counter));
6121 @@ -58,7 +103,29 @@ static inline void atomic_add(int i, ato
6123 static inline void atomic_sub(int i, atomic_t *v)
6125 - asm volatile(LOCK_PREFIX "subl %1,%0"
6126 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
6128 +#ifdef CONFIG_PAX_REFCOUNT
6130 + LOCK_PREFIX "addl %1,%0\n"
6132 + _ASM_EXTABLE(0b, 0b)
6135 + : "=m" (v->counter)
6136 + : "ir" (i), "m" (v->counter));
6140 + * atomic_sub_unchecked - subtract the atomic variable
6141 + * @i: integer value to subtract
6142 + * @v: pointer of type atomic_unchecked_t
6144 + * Atomically subtracts @i from @v.
6146 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
6148 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
6150 : "ir" (i), "m" (v->counter));
6152 @@ -76,7 +143,16 @@ static inline int atomic_sub_and_test(in
6156 - asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
6157 + asm volatile(LOCK_PREFIX "subl %2,%0\n"
6159 +#ifdef CONFIG_PAX_REFCOUNT
6161 + LOCK_PREFIX "addl %2,%0\n"
6163 + _ASM_EXTABLE(0b, 0b)
6167 : "=m" (v->counter), "=qm" (c)
6168 : "ir" (i), "m" (v->counter) : "memory");
6170 @@ -90,7 +166,32 @@ static inline int atomic_sub_and_test(in
6172 static inline void atomic_inc(atomic_t *v)
6174 - asm volatile(LOCK_PREFIX "incl %0"
6175 + asm volatile(LOCK_PREFIX "incl %0\n"
6177 +#ifdef CONFIG_PAX_REFCOUNT
6180 + ".pushsection .fixup,\"ax\"\n"
6182 + LOCK_PREFIX "decl %0\n"
6185 + _ASM_EXTABLE(0b, 1b)
6188 + : "=m" (v->counter)
6189 + : "m" (v->counter));
6193 + * atomic_inc_unchecked - increment atomic variable
6194 + * @v: pointer of type atomic_unchecked_t
6196 + * Atomically increments @v by 1.
6198 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
6200 + asm volatile(LOCK_PREFIX "incl %0\n"
6202 : "m" (v->counter));
6204 @@ -103,7 +204,19 @@ static inline void atomic_inc(atomic_t *
6206 static inline void atomic_dec(atomic_t *v)
6208 - asm volatile(LOCK_PREFIX "decl %0"
6209 + asm volatile(LOCK_PREFIX "decl %0\n"
6211 +#ifdef CONFIG_PAX_REFCOUNT
6214 + ".pushsection .fixup,\"ax\"\n"
6216 + LOCK_PREFIX "incl %0\n"
6219 + _ASM_EXTABLE(0b, 1b)
6223 : "m" (v->counter));
6225 @@ -120,7 +233,20 @@ static inline int atomic_dec_and_test(at
6229 - asm volatile(LOCK_PREFIX "decl %0; sete %1"
6230 + asm volatile(LOCK_PREFIX "decl %0\n"
6232 +#ifdef CONFIG_PAX_REFCOUNT
6235 + ".pushsection .fixup,\"ax\"\n"
6237 + LOCK_PREFIX "incl %0\n"
6240 + _ASM_EXTABLE(0b, 1b)
6244 : "=m" (v->counter), "=qm" (c)
6245 : "m" (v->counter) : "memory");
6247 @@ -138,7 +264,20 @@ static inline int atomic_inc_and_test(at
6251 - asm volatile(LOCK_PREFIX "incl %0; sete %1"
6252 + asm volatile(LOCK_PREFIX "incl %0\n"
6254 +#ifdef CONFIG_PAX_REFCOUNT
6257 + ".pushsection .fixup,\"ax\"\n"
6259 + LOCK_PREFIX "decl %0\n"
6262 + _ASM_EXTABLE(0b, 1b)
6266 : "=m" (v->counter), "=qm" (c)
6267 : "m" (v->counter) : "memory");
6269 @@ -157,7 +296,16 @@ static inline int atomic_add_negative(in
6273 - asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
6274 + asm volatile(LOCK_PREFIX "addl %2,%0\n"
6276 +#ifdef CONFIG_PAX_REFCOUNT
6278 + LOCK_PREFIX "subl %2,%0\n"
6280 + _ASM_EXTABLE(0b, 0b)
6284 : "=m" (v->counter), "=qm" (c)
6285 : "ir" (i), "m" (v->counter) : "memory");
6287 @@ -173,7 +321,15 @@ static inline int atomic_add_negative(in
6288 static inline int atomic_add_return(int i, atomic_t *v)
6291 - asm volatile(LOCK_PREFIX "xaddl %0, %1"
6292 + asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
6294 +#ifdef CONFIG_PAX_REFCOUNT
6298 + _ASM_EXTABLE(0b, 0b)
6301 : "+r" (i), "+m" (v->counter)
6304 @@ -224,7 +380,15 @@ static inline void atomic64_set(atomic64
6306 static inline void atomic64_add(long i, atomic64_t *v)
6308 - asm volatile(LOCK_PREFIX "addq %1,%0"
6309 + asm volatile(LOCK_PREFIX "addq %1,%0\n"
6311 +#ifdef CONFIG_PAX_REFCOUNT
6313 + LOCK_PREFIX "subq %1,%0\n"
6315 + _ASM_EXTABLE(0b, 0b)
6319 : "er" (i), "m" (v->counter));
6321 @@ -238,7 +402,15 @@ static inline void atomic64_add(long i,
6323 static inline void atomic64_sub(long i, atomic64_t *v)
6325 - asm volatile(LOCK_PREFIX "subq %1,%0"
6326 + asm volatile(LOCK_PREFIX "subq %1,%0\n"
6328 +#ifdef CONFIG_PAX_REFCOUNT
6330 + LOCK_PREFIX "addq %1,%0\n"
6332 + _ASM_EXTABLE(0b, 0b)
6336 : "er" (i), "m" (v->counter));
6338 @@ -256,7 +428,16 @@ static inline int atomic64_sub_and_test(
6342 - asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
6343 + asm volatile(LOCK_PREFIX "subq %2,%0\n"
6345 +#ifdef CONFIG_PAX_REFCOUNT
6347 + LOCK_PREFIX "addq %2,%0\n"
6349 + _ASM_EXTABLE(0b, 0b)
6353 : "=m" (v->counter), "=qm" (c)
6354 : "er" (i), "m" (v->counter) : "memory");
6356 @@ -270,7 +451,19 @@ static inline int atomic64_sub_and_test(
6358 static inline void atomic64_inc(atomic64_t *v)
6360 - asm volatile(LOCK_PREFIX "incq %0"
6361 + asm volatile(LOCK_PREFIX "incq %0\n"
6363 +#ifdef CONFIG_PAX_REFCOUNT
6366 + ".pushsection .fixup,\"ax\"\n"
6368 + LOCK_PREFIX "decq %0\n"
6371 + _ASM_EXTABLE(0b, 1b)
6375 : "m" (v->counter));
6377 @@ -283,7 +476,19 @@ static inline void atomic64_inc(atomic64
6379 static inline void atomic64_dec(atomic64_t *v)
6381 - asm volatile(LOCK_PREFIX "decq %0"
6382 + asm volatile(LOCK_PREFIX "decq %0\n"
6384 +#ifdef CONFIG_PAX_REFCOUNT
6387 + ".pushsection .fixup,\"ax\"\n"
6389 + LOCK_PREFIX "incq %0\n"
6392 + _ASM_EXTABLE(0b, 1b)
6396 : "m" (v->counter));
6398 @@ -300,7 +505,20 @@ static inline int atomic64_dec_and_test(
6402 - asm volatile(LOCK_PREFIX "decq %0; sete %1"
6403 + asm volatile(LOCK_PREFIX "decq %0\n"
6405 +#ifdef CONFIG_PAX_REFCOUNT
6408 + ".pushsection .fixup,\"ax\"\n"
6410 + LOCK_PREFIX "incq %0\n"
6413 + _ASM_EXTABLE(0b, 1b)
6417 : "=m" (v->counter), "=qm" (c)
6418 : "m" (v->counter) : "memory");
6420 @@ -318,7 +536,20 @@ static inline int atomic64_inc_and_test(
6424 - asm volatile(LOCK_PREFIX "incq %0; sete %1"
6425 + asm volatile(LOCK_PREFIX "incq %0\n"
6427 +#ifdef CONFIG_PAX_REFCOUNT
6430 + ".pushsection .fixup,\"ax\"\n"
6432 + LOCK_PREFIX "decq %0\n"
6435 + _ASM_EXTABLE(0b, 1b)
6439 : "=m" (v->counter), "=qm" (c)
6440 : "m" (v->counter) : "memory");
6442 @@ -337,7 +568,16 @@ static inline int atomic64_add_negative(
6446 - asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
6447 + asm volatile(LOCK_PREFIX "addq %2,%0\n"
6449 +#ifdef CONFIG_PAX_REFCOUNT
6451 + LOCK_PREFIX "subq %2,%0\n"
6453 + _ASM_EXTABLE(0b, 0b)
6457 : "=m" (v->counter), "=qm" (c)
6458 : "er" (i), "m" (v->counter) : "memory");
6460 @@ -353,7 +593,15 @@ static inline int atomic64_add_negative(
6461 static inline long atomic64_add_return(long i, atomic64_t *v)
6464 - asm volatile(LOCK_PREFIX "xaddq %0, %1;"
6465 + asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
6467 +#ifdef CONFIG_PAX_REFCOUNT
6471 + _ASM_EXTABLE(0b, 0b)
6474 : "+r" (i), "+m" (v->counter)
6477 @@ -398,17 +646,29 @@ static inline long atomic_xchg(atomic_t
6479 static inline int atomic_add_unless(atomic_t *v, int a, int u)
6485 - if (unlikely(c == (u)))
6486 + if (unlikely(c == u))
6488 - old = atomic_cmpxchg((v), c, c + (a));
6490 + asm volatile("addl %2,%0\n"
6492 +#ifdef CONFIG_PAX_REFCOUNT
6495 + _ASM_EXTABLE(0b, 0b)
6499 + : "0" (c), "ir" (a));
6501 + old = atomic_cmpxchg(v, c, new);
6502 if (likely(old == c))
6510 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
6511 @@ -424,17 +684,29 @@ static inline int atomic_add_unless(atom
6513 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
6517 c = atomic64_read(v);
6519 - if (unlikely(c == (u)))
6520 + if (unlikely(c == u))
6522 - old = atomic64_cmpxchg((v), c, c + (a));
6524 + asm volatile("addq %2,%0\n"
6526 +#ifdef CONFIG_PAX_REFCOUNT
6529 + _ASM_EXTABLE(0b, 0b)
6533 + : "0" (c), "er" (a));
6535 + old = atomic64_cmpxchg((v), c, new);
6536 if (likely(old == c))
6545 diff -urNp linux-2.6.32.1/arch/x86/include/asm/boot.h linux-2.6.32.1/arch/x86/include/asm/boot.h
6546 --- linux-2.6.32.1/arch/x86/include/asm/boot.h 2009-12-02 22:51:21.000000000 -0500
6547 +++ linux-2.6.32.1/arch/x86/include/asm/boot.h 2009-12-14 18:33:51.599707107 -0500
6549 #include <asm/pgtable_types.h>
6551 /* Physical address where kernel should be loaded. */
6552 -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
6553 +#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
6554 + (CONFIG_PHYSICAL_ALIGN - 1)) \
6555 & ~(CONFIG_PHYSICAL_ALIGN - 1))
6557 +#ifndef __ASSEMBLY__
6558 +extern unsigned char __LOAD_PHYSICAL_ADDR[];
6559 +#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
6562 /* Minimum kernel alignment, as a power of two */
6563 #ifdef CONFIG_X86_64
6564 #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT
6565 diff -urNp linux-2.6.32.1/arch/x86/include/asm/cacheflush.h linux-2.6.32.1/arch/x86/include/asm/cacheflush.h
6566 --- linux-2.6.32.1/arch/x86/include/asm/cacheflush.h 2009-12-02 22:51:21.000000000 -0500
6567 +++ linux-2.6.32.1/arch/x86/include/asm/cacheflush.h 2009-12-15 17:05:40.612643960 -0500
6568 @@ -179,8 +179,8 @@ extern const int rodata_test_data;
6569 void set_kernel_text_rw(void);
6570 void set_kernel_text_ro(void);
6572 -static inline void set_kernel_text_rw(void) { }
6573 -static inline void set_kernel_text_ro(void) { }
6574 +static inline void set_kernel_text_rw(void) { pax_open_kernel(); }
6575 +static inline void set_kernel_text_ro(void) { pax_close_kernel(); }
6578 #ifdef CONFIG_DEBUG_RODATA_TEST
6579 diff -urNp linux-2.6.32.1/arch/x86/include/asm/cache.h linux-2.6.32.1/arch/x86/include/asm/cache.h
6580 --- linux-2.6.32.1/arch/x86/include/asm/cache.h 2009-12-02 22:51:21.000000000 -0500
6581 +++ linux-2.6.32.1/arch/x86/include/asm/cache.h 2009-12-14 18:33:51.599707107 -0500
6583 #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
6585 #define __read_mostly __attribute__((__section__(".data.read_mostly")))
6586 +#define __read_only __attribute__((__section__(".data.read_only")))
6588 #ifdef CONFIG_X86_VSMP
6589 /* vSMP Internode cacheline shift */
6590 diff -urNp linux-2.6.32.1/arch/x86/include/asm/checksum_32.h linux-2.6.32.1/arch/x86/include/asm/checksum_32.h
6591 --- linux-2.6.32.1/arch/x86/include/asm/checksum_32.h 2009-12-02 22:51:21.000000000 -0500
6592 +++ linux-2.6.32.1/arch/x86/include/asm/checksum_32.h 2009-12-14 18:33:51.605206905 -0500
6593 @@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
6594 int len, __wsum sum,
6595 int *src_err_ptr, int *dst_err_ptr);
6597 +asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
6598 + int len, __wsum sum,
6599 + int *src_err_ptr, int *dst_err_ptr);
6601 +asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
6602 + int len, __wsum sum,
6603 + int *src_err_ptr, int *dst_err_ptr);
6606 * Note: when you get a NULL pointer exception here this means someone
6607 * passed in an incorrect kernel address to one of these functions.
6608 @@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
6612 - return csum_partial_copy_generic((__force void *)src, dst,
6613 + return csum_partial_copy_generic_from_user((__force void *)src, dst,
6614 len, sum, err_ptr, NULL);
6617 @@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us
6620 if (access_ok(VERIFY_WRITE, dst, len))
6621 - return csum_partial_copy_generic(src, (__force void *)dst,
6622 + return csum_partial_copy_generic_to_user(src, (__force void *)dst,
6623 len, sum, NULL, err_ptr);
6626 diff -urNp linux-2.6.32.1/arch/x86/include/asm/desc.h linux-2.6.32.1/arch/x86/include/asm/desc.h
6627 --- linux-2.6.32.1/arch/x86/include/asm/desc.h 2009-12-02 22:51:21.000000000 -0500
6628 +++ linux-2.6.32.1/arch/x86/include/asm/desc.h 2009-12-14 18:33:51.605802803 -0500
6630 #include <asm/desc_defs.h>
6631 #include <asm/ldt.h>
6632 #include <asm/mmu.h>
6633 +#include <asm/pgtable.h>
6634 #include <linux/smp.h>
6636 static inline void fill_ldt(struct desc_struct *desc,
6637 @@ -15,6 +16,7 @@ static inline void fill_ldt(struct desc_
6638 desc->base1 = (info->base_addr & 0x00ff0000) >> 16;
6639 desc->type = (info->read_exec_only ^ 1) << 1;
6640 desc->type |= info->contents << 2;
6641 + desc->type |= info->seg_not_present ^ 1;
6644 desc->p = info->seg_not_present ^ 1;
6645 @@ -31,16 +33,12 @@ static inline void fill_ldt(struct desc_
6648 extern struct desc_ptr idt_descr;
6649 -extern gate_desc idt_table[];
6652 - struct desc_struct gdt[GDT_ENTRIES];
6653 -} __attribute__((aligned(PAGE_SIZE)));
6654 -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
6655 +extern gate_desc idt_table[256];
6657 +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
6658 static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
6660 - return per_cpu(gdt_page, cpu).gdt;
6661 + return cpu_gdt_table[cpu];
6664 #ifdef CONFIG_X86_64
6665 @@ -115,19 +113,24 @@ static inline void paravirt_free_ldt(str
6666 static inline void native_write_idt_entry(gate_desc *idt, int entry,
6667 const gate_desc *gate)
6669 + pax_open_kernel();
6670 memcpy(&idt[entry], gate, sizeof(*gate));
6671 + pax_close_kernel();
6674 static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry,
6677 + pax_open_kernel();
6678 memcpy(&ldt[entry], desc, 8);
6679 + pax_close_kernel();
6682 static inline void native_write_gdt_entry(struct desc_struct *gdt, int entry,
6683 const void *desc, int type)
6689 size = sizeof(tss_desc);
6690 @@ -139,7 +142,10 @@ static inline void native_write_gdt_entr
6691 size = sizeof(struct desc_struct);
6695 + pax_open_kernel();
6696 memcpy(&gdt[entry], desc, size);
6697 + pax_close_kernel();
6700 static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
6701 @@ -211,7 +217,9 @@ static inline void native_set_ldt(const
6703 static inline void native_load_tr_desc(void)
6705 + pax_open_kernel();
6706 asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8));
6707 + pax_close_kernel();
6710 static inline void native_load_gdt(const struct desc_ptr *dtr)
6711 @@ -246,8 +254,10 @@ static inline void native_load_tls(struc
6713 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
6715 + pax_open_kernel();
6716 for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++)
6717 gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
6718 + pax_close_kernel();
6721 #define _LDT_empty(info) \
6722 @@ -392,4 +402,16 @@ static inline void set_system_intr_gate_
6723 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
6726 +#ifdef CONFIG_X86_32
6727 +static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu)
6729 + struct desc_struct d;
6731 + if (likely(limit))
6732 + limit = (limit - 1UL) >> PAGE_SHIFT;
6733 + pack_descriptor(&d, base, limit, 0xFB, 0xC);
6734 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S);
6738 #endif /* _ASM_X86_DESC_H */
6739 diff -urNp linux-2.6.32.1/arch/x86/include/asm/device.h linux-2.6.32.1/arch/x86/include/asm/device.h
6740 --- linux-2.6.32.1/arch/x86/include/asm/device.h 2009-12-02 22:51:21.000000000 -0500
6741 +++ linux-2.6.32.1/arch/x86/include/asm/device.h 2009-12-14 18:33:51.605802803 -0500
6742 @@ -6,7 +6,7 @@ struct dev_archdata {
6745 #ifdef CONFIG_X86_64
6746 -struct dma_map_ops *dma_ops;
6747 + const struct dma_map_ops *dma_ops;
6750 void *iommu; /* hook for IOMMU specific extension */
6751 diff -urNp linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h
6752 --- linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
6753 +++ linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h 2009-12-14 18:33:51.605802803 -0500
6754 @@ -25,9 +25,9 @@ extern int iommu_merge;
6755 extern struct device x86_dma_fallback_dev;
6756 extern int panic_on_overflow;
6758 -extern struct dma_map_ops *dma_ops;
6759 +extern const struct dma_map_ops *dma_ops;
6761 -static inline struct dma_map_ops *get_dma_ops(struct device *dev)
6762 +static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
6764 #ifdef CONFIG_X86_32
6766 @@ -44,7 +44,7 @@ static inline struct dma_map_ops *get_dm
6767 /* Make sure we keep the same behaviour */
6768 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
6770 - struct dma_map_ops *ops = get_dma_ops(dev);
6771 + const struct dma_map_ops *ops = get_dma_ops(dev);
6772 if (ops->mapping_error)
6773 return ops->mapping_error(dev, dma_addr);
6775 @@ -122,7 +122,7 @@ static inline void *
6776 dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle,
6779 - struct dma_map_ops *ops = get_dma_ops(dev);
6780 + const struct dma_map_ops *ops = get_dma_ops(dev);
6783 gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
6784 @@ -149,7 +149,7 @@ dma_alloc_coherent(struct device *dev, s
6785 static inline void dma_free_coherent(struct device *dev, size_t size,
6786 void *vaddr, dma_addr_t bus)
6788 - struct dma_map_ops *ops = get_dma_ops(dev);
6789 + const struct dma_map_ops *ops = get_dma_ops(dev);
6791 WARN_ON(irqs_disabled()); /* for portability */
6793 diff -urNp linux-2.6.32.1/arch/x86/include/asm/e820.h linux-2.6.32.1/arch/x86/include/asm/e820.h
6794 --- linux-2.6.32.1/arch/x86/include/asm/e820.h 2009-12-02 22:51:21.000000000 -0500
6795 +++ linux-2.6.32.1/arch/x86/include/asm/e820.h 2009-12-14 18:33:51.606706147 -0500
6796 @@ -133,7 +133,7 @@ extern char *default_machine_specific_me
6797 #define ISA_END_ADDRESS 0x100000
6798 #define is_ISA_range(s, e) ((s) >= ISA_START_ADDRESS && (e) < ISA_END_ADDRESS)
6800 -#define BIOS_BEGIN 0x000a0000
6801 +#define BIOS_BEGIN 0x000c0000
6802 #define BIOS_END 0x00100000
6805 diff -urNp linux-2.6.32.1/arch/x86/include/asm/elf.h linux-2.6.32.1/arch/x86/include/asm/elf.h
6806 --- linux-2.6.32.1/arch/x86/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
6807 +++ linux-2.6.32.1/arch/x86/include/asm/elf.h 2009-12-14 18:33:51.606706147 -0500
6808 @@ -263,7 +263,25 @@ extern int force_personality32;
6809 the loader. We need to make sure that it is out of the way of the program
6810 that it will "exec", and that there is sufficient room for the brk. */
6812 +#ifdef CONFIG_PAX_SEGMEXEC
6813 +#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
6815 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
6818 +#ifdef CONFIG_PAX_ASLR
6819 +#ifdef CONFIG_X86_32
6820 +#define PAX_ELF_ET_DYN_BASE 0x10000000UL
6822 +#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
6823 +#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
6825 +#define PAX_ELF_ET_DYN_BASE 0x400000UL
6827 +#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32)
6828 +#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32)
6832 /* This yields a mask that user programs can use to figure out what
6833 instruction set this CPU supports. This could be done in user space,
6834 @@ -317,8 +335,7 @@ do { \
6835 #define ARCH_DLINFO \
6838 - NEW_AUX_ENT(AT_SYSINFO_EHDR, \
6839 - (unsigned long)current->mm->context.vdso); \
6840 + NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso);\
6843 #define AT_SYSINFO 32
6844 @@ -329,7 +346,7 @@ do { \
6846 #endif /* !CONFIG_X86_32 */
6848 -#define VDSO_CURRENT_BASE ((unsigned long)current->mm->context.vdso)
6849 +#define VDSO_CURRENT_BASE (current->mm->context.vdso)
6851 #define VDSO_ENTRY \
6852 ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall))
6853 @@ -343,7 +360,4 @@ extern int arch_setup_additional_pages(s
6854 extern int syscall32_setup_pages(struct linux_binprm *, int exstack);
6855 #define compat_arch_setup_additional_pages syscall32_setup_pages
6857 -extern unsigned long arch_randomize_brk(struct mm_struct *mm);
6858 -#define arch_randomize_brk arch_randomize_brk
6860 #endif /* _ASM_X86_ELF_H */
6861 diff -urNp linux-2.6.32.1/arch/x86/include/asm/futex.h linux-2.6.32.1/arch/x86/include/asm/futex.h
6862 --- linux-2.6.32.1/arch/x86/include/asm/futex.h 2009-12-02 22:51:21.000000000 -0500
6863 +++ linux-2.6.32.1/arch/x86/include/asm/futex.h 2009-12-14 18:33:51.606706147 -0500
6865 #include <asm/processor.h>
6866 #include <asm/system.h>
6868 +#ifdef CONFIG_X86_32
6869 +#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
6871 + "movw\t%w6, %%ds\n" \
6872 + "1:\t" insn "\n" \
6873 + "2:\tpushl\t%%ss\n" \
6874 + "\tpopl\t%%ds\n" \
6875 + "\t.section .fixup,\"ax\"\n" \
6876 + "3:\tmov\t%3, %1\n" \
6879 + _ASM_EXTABLE(1b, 3b) \
6880 + : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
6881 + : "i" (-EFAULT), "0" (oparg), "1" (0), "r" (__USER_DS))
6883 +#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
6884 + asm volatile("movw\t%w7, %%es\n" \
6885 + "1:\tmovl\t%%es:%2, %0\n" \
6886 + "\tmovl\t%0, %3\n" \
6888 + "2:\t" LOCK_PREFIX "cmpxchgl %3, %%es:%2\n"\
6890 + "3:\tpushl\t%%ss\n" \
6891 + "\tpopl\t%%es\n" \
6892 + "\t.section .fixup,\"ax\"\n" \
6893 + "4:\tmov\t%5, %1\n" \
6896 + _ASM_EXTABLE(1b, 4b) \
6897 + _ASM_EXTABLE(2b, 4b) \
6898 + : "=&a" (oldval), "=&r" (ret), \
6899 + "+m" (*uaddr), "=&r" (tem) \
6900 + : "r" (oparg), "i" (-EFAULT), "1" (0), "r" (__USER_DS))
6902 #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
6903 asm volatile("1:\t" insn "\n" \
6904 "2:\t.section .fixup,\"ax\"\n" \
6906 : "=&a" (oldval), "=&r" (ret), \
6907 "+m" (*uaddr), "=&r" (tem) \
6908 : "r" (oparg), "i" (-EFAULT), "1" (0))
6911 -static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
6912 +static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
6914 int op = (encoded_op >> 28) & 7;
6915 int cmp = (encoded_op >> 24) & 15;
6916 @@ -61,11 +96,20 @@ static inline int futex_atomic_op_inuser
6920 +#ifdef CONFIG_X86_32
6921 + __futex_atomic_op1("xchgl %0, %%ds:%2", ret, oldval, uaddr, oparg);
6923 __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
6927 +#ifdef CONFIG_X86_32
6928 + __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %%ds:%2", ret, oldval,
6931 __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
6936 __futex_atomic_op2("orl %4, %3", ret, oldval, uaddr, oparg);
6937 @@ -109,7 +153,7 @@ static inline int futex_atomic_op_inuser
6941 -static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval,
6942 +static inline int futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval,
6946 @@ -122,14 +166,27 @@ static inline int futex_atomic_cmpxchg_i
6947 if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
6950 - asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6952 +#ifdef CONFIG_X86_32
6953 + "\tmovw %w5, %%ds\n"
6954 + "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6955 + "2:\tpushl %%ss\n"
6957 + "\t.section .fixup, \"ax\"\n"
6959 + "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6960 "2:\t.section .fixup, \"ax\"\n"
6965 _ASM_EXTABLE(1b, 3b)
6966 : "=a" (oldval), "+m" (*uaddr)
6967 +#ifdef CONFIG_X86_32
6968 + : "i" (-EFAULT), "r" (newval), "0" (oldval), "r" (__USER_DS)
6970 : "i" (-EFAULT), "r" (newval), "0" (oldval)
6975 diff -urNp linux-2.6.32.1/arch/x86/include/asm/i387.h linux-2.6.32.1/arch/x86/include/asm/i387.h
6976 --- linux-2.6.32.1/arch/x86/include/asm/i387.h 2009-12-02 22:51:21.000000000 -0500
6977 +++ linux-2.6.32.1/arch/x86/include/asm/i387.h 2009-12-14 18:33:51.607723418 -0500
6978 @@ -195,13 +195,8 @@ static inline int fxrstor_checking(struc
6981 /* We need a safe address that is cheap to find and that is already
6982 - in L1 during context switch. The best choices are unfortunately
6983 - different for UP and SMP */
6985 -#define safe_address (__per_cpu_offset[0])
6987 -#define safe_address (kstat_cpu(0).cpustat.user)
6989 + in L1 during context switch. */
6990 +#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
6993 * These must be called with preempt disabled
6994 diff -urNp linux-2.6.32.1/arch/x86/include/asm/io_64.h linux-2.6.32.1/arch/x86/include/asm/io_64.h
6995 --- linux-2.6.32.1/arch/x86/include/asm/io_64.h 2009-12-02 22:51:21.000000000 -0500
6996 +++ linux-2.6.32.1/arch/x86/include/asm/io_64.h 2009-12-14 18:33:51.607723418 -0500
6997 @@ -140,6 +140,17 @@ __OUTS(l)
6999 #include <linux/vmalloc.h>
7001 +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
7002 +static inline int valid_phys_addr_range (unsigned long addr, size_t count)
7004 + return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
7007 +static inline int valid_mmap_phys_addr_range (unsigned long pfn, size_t count)
7009 + return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
7012 #include <asm-generic/iomap.h>
7014 void __memcpy_fromio(void *, unsigned long, unsigned);
7015 diff -urNp linux-2.6.32.1/arch/x86/include/asm/iommu.h linux-2.6.32.1/arch/x86/include/asm/iommu.h
7016 --- linux-2.6.32.1/arch/x86/include/asm/iommu.h 2009-12-02 22:51:21.000000000 -0500
7017 +++ linux-2.6.32.1/arch/x86/include/asm/iommu.h 2009-12-14 18:33:51.607723418 -0500
7020 extern void pci_iommu_shutdown(void);
7021 extern void no_iommu_init(void);
7022 -extern struct dma_map_ops nommu_dma_ops;
7023 +extern const struct dma_map_ops nommu_dma_ops;
7024 extern int force_iommu, no_iommu;
7025 extern int iommu_detected;
7026 extern int iommu_pass_through;
7027 diff -urNp linux-2.6.32.1/arch/x86/include/asm/irqflags.h linux-2.6.32.1/arch/x86/include/asm/irqflags.h
7028 --- linux-2.6.32.1/arch/x86/include/asm/irqflags.h 2009-12-02 22:51:21.000000000 -0500
7029 +++ linux-2.6.32.1/arch/x86/include/asm/irqflags.h 2009-12-14 18:33:51.607723418 -0500
7030 @@ -146,6 +146,27 @@ static inline unsigned long __raw_local_
7031 #define INTERRUPT_RETURN iret
7032 #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
7033 #define GET_CR0_INTO_EAX movl %cr0, %eax
7035 +/* PaX: special register usage in entry_32.S, beware */
7036 +#ifdef CONFIG_PAX_KERNEXEC
7037 +#define PAX_EXIT_KERNEL \
7040 + movl %esi, %cr0; \
7043 +#define PAX_ENTER_KERNEL \
7044 + movl %cr0, %esi; \
7045 + movl %esi, %edx; \
7048 + movl %edx, %cr0; \
7051 +#define PAX_EXIT_KERNEL
7052 +#define PAX_ENTER_KERNEL
7058 diff -urNp linux-2.6.32.1/arch/x86/include/asm/kvm_host.h linux-2.6.32.1/arch/x86/include/asm/kvm_host.h
7059 --- linux-2.6.32.1/arch/x86/include/asm/kvm_host.h 2009-12-02 22:51:21.000000000 -0500
7060 +++ linux-2.6.32.1/arch/x86/include/asm/kvm_host.h 2009-12-14 18:33:51.607723418 -0500
7061 @@ -530,7 +530,7 @@ struct kvm_x86_ops {
7062 const struct trace_print_flags *exit_reasons_str;
7065 -extern struct kvm_x86_ops *kvm_x86_ops;
7066 +extern const struct kvm_x86_ops *kvm_x86_ops;
7068 int kvm_mmu_module_init(void);
7069 void kvm_mmu_module_exit(void);
7070 diff -urNp linux-2.6.32.1/arch/x86/include/asm/local.h linux-2.6.32.1/arch/x86/include/asm/local.h
7071 --- linux-2.6.32.1/arch/x86/include/asm/local.h 2009-12-02 22:51:21.000000000 -0500
7072 +++ linux-2.6.32.1/arch/x86/include/asm/local.h 2009-12-14 18:33:51.607723418 -0500
7073 @@ -18,26 +18,90 @@ typedef struct {
7075 static inline void local_inc(local_t *l)
7077 - asm volatile(_ASM_INC "%0"
7078 + asm volatile(_ASM_INC "%0\n"
7080 +#ifdef CONFIG_PAX_REFCOUNT
7081 +#ifdef CONFIG_X86_32
7087 + ".pushsection .fixup,\"ax\"\n"
7092 + _ASM_EXTABLE(0b, 1b)
7095 : "+m" (l->a.counter));
7098 static inline void local_dec(local_t *l)
7100 - asm volatile(_ASM_DEC "%0"
7101 + asm volatile(_ASM_DEC "%0\n"
7103 +#ifdef CONFIG_PAX_REFCOUNT
7104 +#ifdef CONFIG_X86_32
7110 + ".pushsection .fixup,\"ax\"\n"
7115 + _ASM_EXTABLE(0b, 1b)
7118 : "+m" (l->a.counter));
7121 static inline void local_add(long i, local_t *l)
7123 - asm volatile(_ASM_ADD "%1,%0"
7124 + asm volatile(_ASM_ADD "%1,%0\n"
7126 +#ifdef CONFIG_PAX_REFCOUNT
7127 +#ifdef CONFIG_X86_32
7133 + ".pushsection .fixup,\"ax\"\n"
7135 + _ASM_SUB "%1,%0\n"
7138 + _ASM_EXTABLE(0b, 1b)
7141 : "+m" (l->a.counter)
7145 static inline void local_sub(long i, local_t *l)
7147 - asm volatile(_ASM_SUB "%1,%0"
7148 + asm volatile(_ASM_SUB "%1,%0\n"
7150 +#ifdef CONFIG_PAX_REFCOUNT
7151 +#ifdef CONFIG_X86_32
7157 + ".pushsection .fixup,\"ax\"\n"
7159 + _ASM_ADD "%1,%0\n"
7162 + _ASM_EXTABLE(0b, 1b)
7165 : "+m" (l->a.counter)
7168 @@ -55,7 +119,24 @@ static inline int local_sub_and_test(lon
7172 - asm volatile(_ASM_SUB "%2,%0; sete %1"
7173 + asm volatile(_ASM_SUB "%2,%0\n"
7175 +#ifdef CONFIG_PAX_REFCOUNT
7176 +#ifdef CONFIG_X86_32
7182 + ".pushsection .fixup,\"ax\"\n"
7184 + _ASM_ADD "%2,%0\n"
7187 + _ASM_EXTABLE(0b, 1b)
7191 : "+m" (l->a.counter), "=qm" (c)
7192 : "ir" (i) : "memory");
7194 @@ -73,7 +154,24 @@ static inline int local_dec_and_test(loc
7198 - asm volatile(_ASM_DEC "%0; sete %1"
7199 + asm volatile(_ASM_DEC "%0\n"
7201 +#ifdef CONFIG_PAX_REFCOUNT
7202 +#ifdef CONFIG_X86_32
7208 + ".pushsection .fixup,\"ax\"\n"
7213 + _ASM_EXTABLE(0b, 1b)
7217 : "+m" (l->a.counter), "=qm" (c)
7220 @@ -91,7 +189,24 @@ static inline int local_inc_and_test(loc
7224 - asm volatile(_ASM_INC "%0; sete %1"
7225 + asm volatile(_ASM_INC "%0\n"
7227 +#ifdef CONFIG_PAX_REFCOUNT
7228 +#ifdef CONFIG_X86_32
7234 + ".pushsection .fixup,\"ax\"\n"
7239 + _ASM_EXTABLE(0b, 1b)
7243 : "+m" (l->a.counter), "=qm" (c)
7246 @@ -110,7 +225,24 @@ static inline int local_add_negative(lon
7250 - asm volatile(_ASM_ADD "%2,%0; sets %1"
7251 + asm volatile(_ASM_ADD "%2,%0\n"
7253 +#ifdef CONFIG_PAX_REFCOUNT
7254 +#ifdef CONFIG_X86_32
7260 + ".pushsection .fixup,\"ax\"\n"
7262 + _ASM_SUB "%2,%0\n"
7265 + _ASM_EXTABLE(0b, 1b)
7269 : "+m" (l->a.counter), "=qm" (c)
7270 : "ir" (i) : "memory");
7272 @@ -133,7 +265,23 @@ static inline long local_add_return(long
7274 /* Modern 486+ processor */
7276 - asm volatile(_ASM_XADD "%0, %1;"
7277 + asm volatile(_ASM_XADD "%0, %1\n"
7279 +#ifdef CONFIG_PAX_REFCOUNT
7280 +#ifdef CONFIG_X86_32
7286 + ".pushsection .fixup,\"ax\"\n"
7288 + _ASM_MOV "%0,%1\n"
7291 + _ASM_EXTABLE(0b, 1b)
7294 : "+r" (i), "+m" (l->a.counter)
7297 diff -urNp linux-2.6.32.1/arch/x86/include/asm/microcode.h linux-2.6.32.1/arch/x86/include/asm/microcode.h
7298 --- linux-2.6.32.1/arch/x86/include/asm/microcode.h 2009-12-02 22:51:21.000000000 -0500
7299 +++ linux-2.6.32.1/arch/x86/include/asm/microcode.h 2009-12-14 18:33:51.609195189 -0500
7300 @@ -12,13 +12,13 @@ struct device;
7301 enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND };
7303 struct microcode_ops {
7304 - enum ucode_state (*request_microcode_user) (int cpu,
7305 + enum ucode_state (* const request_microcode_user) (int cpu,
7306 const void __user *buf, size_t size);
7308 - enum ucode_state (*request_microcode_fw) (int cpu,
7309 + enum ucode_state (* const request_microcode_fw) (int cpu,
7310 struct device *device);
7312 - void (*microcode_fini_cpu) (int cpu);
7313 + void (* const microcode_fini_cpu) (int cpu);
7316 * The generic 'microcode_core' part guarantees that
7317 @@ -38,18 +38,18 @@ struct ucode_cpu_info {
7318 extern struct ucode_cpu_info ucode_cpu_info[];
7320 #ifdef CONFIG_MICROCODE_INTEL
7321 -extern struct microcode_ops * __init init_intel_microcode(void);
7322 +extern const struct microcode_ops * __init init_intel_microcode(void);
7324 -static inline struct microcode_ops * __init init_intel_microcode(void)
7325 +static inline const struct microcode_ops * __init init_intel_microcode(void)
7329 #endif /* CONFIG_MICROCODE_INTEL */
7331 #ifdef CONFIG_MICROCODE_AMD
7332 -extern struct microcode_ops * __init init_amd_microcode(void);
7333 +extern const struct microcode_ops * __init init_amd_microcode(void);
7335 -static inline struct microcode_ops * __init init_amd_microcode(void)
7336 +static inline const struct microcode_ops * __init init_amd_microcode(void)
7340 diff -urNp linux-2.6.32.1/arch/x86/include/asm/mman.h linux-2.6.32.1/arch/x86/include/asm/mman.h
7341 --- linux-2.6.32.1/arch/x86/include/asm/mman.h 2009-12-02 22:51:21.000000000 -0500
7342 +++ linux-2.6.32.1/arch/x86/include/asm/mman.h 2009-12-14 18:33:51.614107213 -0500
7345 #include <asm-generic/mman.h>
7348 +#ifndef __ASSEMBLY__
7349 +#ifdef CONFIG_X86_32
7350 +#define arch_mmap_check i386_mmap_check
7351 +int i386_mmap_check(unsigned long addr, unsigned long len,
7352 + unsigned long flags);
7357 #endif /* _ASM_X86_MMAN_H */
7358 diff -urNp linux-2.6.32.1/arch/x86/include/asm/mmu_context.h linux-2.6.32.1/arch/x86/include/asm/mmu_context.h
7359 --- linux-2.6.32.1/arch/x86/include/asm/mmu_context.h 2009-12-02 22:51:21.000000000 -0500
7360 +++ linux-2.6.32.1/arch/x86/include/asm/mmu_context.h 2009-12-14 18:33:51.614708658 -0500
7361 @@ -34,11 +34,17 @@ static inline void switch_mm(struct mm_s
7362 struct task_struct *tsk)
7364 unsigned cpu = smp_processor_id();
7365 +#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
7366 + int tlbstate = TLBSTATE_OK;
7369 if (likely(prev != next)) {
7370 /* stop flush ipis for the previous mm */
7371 cpumask_clear_cpu(cpu, mm_cpumask(prev));
7373 +#ifdef CONFIG_X86_32
7374 + tlbstate = percpu_read(cpu_tlbstate.state);
7376 percpu_write(cpu_tlbstate.state, TLBSTATE_OK);
7377 percpu_write(cpu_tlbstate.active_mm, next);
7379 @@ -52,6 +58,26 @@ static inline void switch_mm(struct mm_s
7381 if (unlikely(prev->context.ldt != next->context.ldt))
7382 load_LDT_nolock(&next->context);
7384 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
7385 + if (!nx_enabled) {
7386 + smp_mb__before_clear_bit();
7387 + cpu_clear(cpu, prev->context.cpu_user_cs_mask);
7388 + smp_mb__after_clear_bit();
7389 + cpu_set(cpu, next->context.cpu_user_cs_mask);
7393 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
7394 + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
7395 + prev->context.user_cs_limit != next->context.user_cs_limit))
7396 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
7398 + else if (unlikely(tlbstate != TLBSTATE_OK))
7399 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
7406 @@ -65,6 +91,19 @@ static inline void switch_mm(struct mm_s
7408 load_cr3(next->pgd);
7409 load_LDT_nolock(&next->context);
7411 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
7413 + cpu_set(cpu, next->context.cpu_user_cs_mask);
7416 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
7417 +#ifdef CONFIG_PAX_PAGEEXEC
7418 + if (!((next->pax_flags & MF_PAX_PAGEEXEC) && nx_enabled))
7420 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
7426 diff -urNp linux-2.6.32.1/arch/x86/include/asm/mmu.h linux-2.6.32.1/arch/x86/include/asm/mmu.h
7427 --- linux-2.6.32.1/arch/x86/include/asm/mmu.h 2009-12-02 22:51:21.000000000 -0500
7428 +++ linux-2.6.32.1/arch/x86/include/asm/mmu.h 2009-12-14 18:33:51.614708658 -0500
7430 * we put the segment information here.
7434 + struct desc_struct *ldt;
7438 + unsigned long vdso;
7440 +#ifdef CONFIG_X86_32
7441 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
7442 + unsigned long user_cs_base;
7443 + unsigned long user_cs_limit;
7445 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
7446 + cpumask_t cpu_user_cs_mask;
7455 diff -urNp linux-2.6.32.1/arch/x86/include/asm/module.h linux-2.6.32.1/arch/x86/include/asm/module.h
7456 --- linux-2.6.32.1/arch/x86/include/asm/module.h 2009-12-02 22:51:21.000000000 -0500
7457 +++ linux-2.6.32.1/arch/x86/include/asm/module.h 2009-12-14 18:33:51.614708658 -0500
7460 # define MODULE_STACKSIZE ""
7462 -# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE
7463 +# ifdef CONFIG_GRKERNSEC
7464 +# define MODULE_GRSEC "GRSECURITY "
7466 +# define MODULE_GRSEC ""
7468 +# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC
7471 #endif /* _ASM_X86_MODULE_H */
7472 diff -urNp linux-2.6.32.1/arch/x86/include/asm/page_32_types.h linux-2.6.32.1/arch/x86/include/asm/page_32_types.h
7473 --- linux-2.6.32.1/arch/x86/include/asm/page_32_types.h 2009-12-02 22:51:21.000000000 -0500
7474 +++ linux-2.6.32.1/arch/x86/include/asm/page_32_types.h 2009-12-14 18:33:51.614708658 -0500
7477 #define __PAGE_OFFSET _AC(CONFIG_PAGE_OFFSET, UL)
7479 +#ifdef CONFIG_PAX_PAGEEXEC
7480 +#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1
7483 #ifdef CONFIG_4KSTACKS
7484 #define THREAD_ORDER 0
7486 diff -urNp linux-2.6.32.1/arch/x86/include/asm/page_64_types.h linux-2.6.32.1/arch/x86/include/asm/page_64_types.h
7487 --- linux-2.6.32.1/arch/x86/include/asm/page_64_types.h 2009-12-02 22:51:21.000000000 -0500
7488 +++ linux-2.6.32.1/arch/x86/include/asm/page_64_types.h 2009-12-14 18:33:51.614708658 -0500
7490 #define __START_KERNEL (__START_KERNEL_map + __PHYSICAL_START)
7491 #define __START_KERNEL_map _AC(0xffffffff80000000, UL)
7493 +#define ktla_ktva(addr) (addr)
7494 +#define ktva_ktla(addr) (addr)
7496 /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */
7497 #define __PHYSICAL_MASK_SHIFT 46
7498 #define __VIRTUAL_MASK_SHIFT 47
7499 diff -urNp linux-2.6.32.1/arch/x86/include/asm/paravirt.h linux-2.6.32.1/arch/x86/include/asm/paravirt.h
7500 --- linux-2.6.32.1/arch/x86/include/asm/paravirt.h 2009-12-02 22:51:21.000000000 -0500
7501 +++ linux-2.6.32.1/arch/x86/include/asm/paravirt.h 2009-12-14 18:33:51.615757710 -0500
7502 @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
7503 pv_mmu_ops.set_fixmap(idx, phys, flags);
7506 +#ifdef CONFIG_PAX_KERNEXEC
7507 +static inline unsigned long pax_open_kernel(void)
7509 + return pv_mmu_ops.pax_open_kernel();
7512 +static inline unsigned long pax_close_kernel(void)
7514 + return pv_mmu_ops.pax_close_kernel();
7517 +static inline unsigned long pax_open_kernel(void) { return 0; }
7518 +static inline unsigned long pax_close_kernel(void) { return 0; }
7521 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
7523 static inline int __raw_spin_is_locked(struct raw_spinlock *lock)
7524 @@ -845,7 +860,7 @@ static inline unsigned long __raw_local_
7526 static inline void raw_local_irq_restore(unsigned long f)
7528 - PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
7529 + return PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
7532 static inline void raw_local_irq_disable(void)
7533 @@ -945,7 +960,7 @@ extern void default_banner(void);
7535 #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
7536 #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
7537 -#define PARA_INDIRECT(addr) *%cs:addr
7538 +#define PARA_INDIRECT(addr) *%ss:addr
7541 #define INTERRUPT_RETURN \
7542 @@ -970,6 +985,31 @@ extern void default_banner(void);
7543 jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret32))
7545 #ifdef CONFIG_X86_32
7547 +#ifdef CONFIG_PAX_KERNEXEC
7548 +#define PAX_EXIT_KERNEL \
7551 + push %eax; push %ecx; \
7552 + movl %esi, %eax; \
7553 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\
7554 + pop %ecx; pop %eax; \
7557 +#define PAX_ENTER_KERNEL \
7558 + push %eax; push %ecx; \
7559 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
7560 + movl %eax, %esi; \
7563 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\
7565 + pop %ecx; pop %eax;
7567 +#define PAX_EXIT_KERNEL
7568 +#define PAX_ENTER_KERNEL
7571 #define GET_CR0_INTO_EAX \
7572 push %ecx; push %edx; \
7573 call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
7574 diff -urNp linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h
7575 --- linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h 2009-12-02 22:51:21.000000000 -0500
7576 +++ linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h 2009-12-14 18:33:51.615757710 -0500
7577 @@ -316,6 +316,12 @@ struct pv_mmu_ops {
7578 an mfn. We can tell which is which from the index. */
7579 void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx,
7580 phys_addr_t phys, pgprot_t flags);
7582 +#ifdef CONFIG_PAX_KERNEXEC
7583 + unsigned long (*pax_open_kernel)(void);
7584 + unsigned long (*pax_close_kernel)(void);
7589 struct raw_spinlock;
7590 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pci_x86.h linux-2.6.32.1/arch/x86/include/asm/pci_x86.h
7591 --- linux-2.6.32.1/arch/x86/include/asm/pci_x86.h 2009-12-02 22:51:21.000000000 -0500
7592 +++ linux-2.6.32.1/arch/x86/include/asm/pci_x86.h 2009-12-14 18:33:51.615757710 -0500
7593 @@ -89,16 +89,16 @@ extern int (*pcibios_enable_irq)(struct
7594 extern void (*pcibios_disable_irq)(struct pci_dev *dev);
7596 struct pci_raw_ops {
7597 - int (*read)(unsigned int domain, unsigned int bus, unsigned int devfn,
7598 + int (* const read)(unsigned int domain, unsigned int bus, unsigned int devfn,
7599 int reg, int len, u32 *val);
7600 - int (*write)(unsigned int domain, unsigned int bus, unsigned int devfn,
7601 + int (* const write)(unsigned int domain, unsigned int bus, unsigned int devfn,
7602 int reg, int len, u32 val);
7605 -extern struct pci_raw_ops *raw_pci_ops;
7606 -extern struct pci_raw_ops *raw_pci_ext_ops;
7607 +extern const struct pci_raw_ops *raw_pci_ops;
7608 +extern const struct pci_raw_ops *raw_pci_ext_ops;
7610 -extern struct pci_raw_ops pci_direct_conf1;
7611 +extern const struct pci_raw_ops pci_direct_conf1;
7612 extern bool port_cf9_safe;
7614 /* arch_initcall level */
7615 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgalloc.h linux-2.6.32.1/arch/x86/include/asm/pgalloc.h
7616 --- linux-2.6.32.1/arch/x86/include/asm/pgalloc.h 2009-12-02 22:51:21.000000000 -0500
7617 +++ linux-2.6.32.1/arch/x86/include/asm/pgalloc.h 2009-12-14 18:33:51.616774776 -0500
7618 @@ -58,6 +58,13 @@ static inline void pmd_populate_kernel(s
7619 pmd_t *pmd, pte_t *pte)
7621 paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
7622 + set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
7625 +static inline void pmd_populate_user(struct mm_struct *mm,
7626 + pmd_t *pmd, pte_t *pte)
7628 + paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
7629 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
7632 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h
7633 --- linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h 2009-12-02 22:51:21.000000000 -0500
7634 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h 2009-12-14 18:33:51.616774776 -0500
7635 @@ -18,7 +18,9 @@ static inline void native_set_pte(pte_t
7637 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7639 + pax_open_kernel();
7641 + pax_close_kernel();
7644 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
7645 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h
7646 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h 2009-12-02 22:51:21.000000000 -0500
7647 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h 2009-12-14 18:33:51.616774776 -0500
7650 struct vm_area_struct;
7652 -extern pgd_t swapper_pg_dir[1024];
7654 static inline void pgtable_cache_init(void) { }
7655 static inline void check_pgt_cache(void) { }
7656 void paging_init(void);
7657 @@ -48,6 +46,11 @@ extern void set_pmd_pfn(unsigned long, u
7658 # include <asm/pgtable-2level.h>
7661 +extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
7662 +#ifdef CONFIG_X86_PAE
7663 +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
7666 #if defined(CONFIG_HIGHPTE)
7668 (in_nmi() ? KM_NMI_PTE : \
7669 @@ -72,7 +75,9 @@ extern void set_pmd_pfn(unsigned long, u
7670 /* Clear a kernel PTE and flush it from the TLB */
7671 #define kpte_clear_flush(ptep, vaddr) \
7673 + pax_open_kernel(); \
7674 pte_clear(&init_mm, (vaddr), (ptep)); \
7675 + pax_close_kernel(); \
7676 __flush_tlb_one((vaddr)); \
7679 @@ -84,6 +89,9 @@ do { \
7681 #endif /* !__ASSEMBLY__ */
7683 +#define HAVE_ARCH_UNMAPPED_AREA
7684 +#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
7687 * kern_addr_valid() is (1) for FLATMEM and (0) for
7688 * SPARSEMEM and DISCONTIGMEM
7689 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h
7690 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h 2009-12-02 22:51:21.000000000 -0500
7691 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h 2009-12-14 18:33:51.616774776 -0500
7694 #ifdef CONFIG_X86_PAE
7695 # include <asm/pgtable-3level_types.h>
7696 -# define PMD_SIZE (1UL << PMD_SHIFT)
7697 +# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
7698 # define PMD_MASK (~(PMD_SIZE - 1))
7700 # include <asm/pgtable-2level_types.h>
7701 @@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set
7702 # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
7705 +#ifdef CONFIG_PAX_KERNEXEC
7706 +#ifndef __ASSEMBLY__
7707 +extern unsigned char MODULES_EXEC_VADDR[];
7708 +extern unsigned char MODULES_EXEC_END[];
7710 +#include <asm/boot.h>
7711 +#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET)
7712 +#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET)
7714 +#define ktla_ktva(addr) (addr)
7715 +#define ktva_ktla(addr) (addr)
7718 #define MODULES_VADDR VMALLOC_START
7719 #define MODULES_END VMALLOC_END
7720 #define MODULES_LEN (MODULES_VADDR - MODULES_END)
7721 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h
7722 --- linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h 2009-12-02 22:51:21.000000000 -0500
7723 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h 2009-12-14 18:33:51.616774776 -0500
7724 @@ -38,12 +38,16 @@ static inline void native_set_pte_atomic
7726 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7728 + pax_open_kernel();
7729 set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd));
7730 + pax_close_kernel();
7733 static inline void native_set_pud(pud_t *pudp, pud_t pud)
7735 + pax_open_kernel();
7736 set_64bit((unsigned long long *)(pudp), native_pud_val(pud));
7737 + pax_close_kernel();
7741 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h
7742 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h 2009-12-02 22:51:21.000000000 -0500
7743 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h 2009-12-14 18:33:51.616774776 -0500
7746 extern pud_t level3_kernel_pgt[512];
7747 extern pud_t level3_ident_pgt[512];
7748 +extern pud_t level3_vmalloc_pgt[512];
7749 +extern pud_t level3_vmemmap_pgt[512];
7750 +extern pud_t level2_vmemmap_pgt[512];
7751 extern pmd_t level2_kernel_pgt[512];
7752 extern pmd_t level2_fixmap_pgt[512];
7753 -extern pmd_t level2_ident_pgt[512];
7754 +extern pmd_t level2_ident_pgt[512*4];
7755 extern pgd_t init_level4_pgt[];
7757 #define swapper_pg_dir init_level4_pgt
7758 @@ -74,7 +77,9 @@ static inline pte_t native_ptep_get_and_
7760 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7762 + pax_open_kernel();
7764 + pax_close_kernel();
7767 static inline void native_pmd_clear(pmd_t *pmd)
7768 @@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_
7770 static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
7772 + pax_open_kernel();
7774 + pax_close_kernel();
7777 static inline void native_pgd_clear(pgd_t *pgd)
7778 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable.h linux-2.6.32.1/arch/x86/include/asm/pgtable.h
7779 --- linux-2.6.32.1/arch/x86/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
7780 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable.h 2009-12-14 18:33:51.616774776 -0500
7781 @@ -74,12 +74,51 @@ extern struct list_head pgd_list;
7783 #define arch_end_context_switch(prev) do {} while(0)
7785 +#define pax_open_kernel() native_pax_open_kernel()
7786 +#define pax_close_kernel() native_pax_close_kernel()
7787 #endif /* CONFIG_PARAVIRT */
7789 +#define __HAVE_ARCH_PAX_OPEN_KERNEL
7790 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL
7792 +#ifdef CONFIG_PAX_KERNEXEC
7793 +static inline unsigned long native_pax_open_kernel(void)
7795 + unsigned long cr0;
7797 + preempt_disable();
7800 + if (likely(cr0 & X86_CR0_WP))
7801 + write_cr0(cr0 & ~X86_CR0_WP);
7805 +static inline unsigned long native_pax_close_kernel(void)
7807 + unsigned long cr0;
7810 + if (likely(!(cr0 & X86_CR0_WP)))
7811 + write_cr0(cr0 | X86_CR0_WP);
7813 + preempt_enable_no_resched();
7817 +static inline unsigned long native_pax_open_kernel(void) { return 0; }
7818 +static inline unsigned long native_pax_close_kernel(void) { return 0; }
7822 * The following only work if pte_present() is true.
7823 * Undefined behaviour if not..
7825 +static inline int pte_user(pte_t pte)
7827 + return pte_val(pte) & _PAGE_USER;
7830 static inline int pte_dirty(pte_t pte)
7832 return pte_flags(pte) & _PAGE_DIRTY;
7833 @@ -167,9 +206,29 @@ static inline pte_t pte_wrprotect(pte_t
7834 return pte_clear_flags(pte, _PAGE_RW);
7837 +static inline pte_t pte_mkread(pte_t pte)
7839 + return __pte(pte_val(pte) | _PAGE_USER);
7842 static inline pte_t pte_mkexec(pte_t pte)
7844 - return pte_clear_flags(pte, _PAGE_NX);
7845 +#ifdef CONFIG_X86_PAE
7846 + if (__supported_pte_mask & _PAGE_NX)
7847 + return pte_clear_flags(pte, _PAGE_NX);
7850 + return pte_set_flags(pte, _PAGE_USER);
7853 +static inline pte_t pte_exprotect(pte_t pte)
7855 +#ifdef CONFIG_X86_PAE
7856 + if (__supported_pte_mask & _PAGE_NX)
7857 + return pte_set_flags(pte, _PAGE_NX);
7860 + return pte_clear_flags(pte, _PAGE_USER);
7863 static inline pte_t pte_mkdirty(pte_t pte)
7864 @@ -472,7 +531,7 @@ static inline pud_t *pud_offset(pgd_t *p
7866 static inline int pgd_bad(pgd_t pgd)
7868 - return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE;
7869 + return (pgd_flags(pgd) & ~(_PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
7872 static inline int pgd_none(pgd_t pgd)
7873 @@ -613,7 +672,9 @@ static inline void ptep_set_wrprotect(st
7875 static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
7877 - memcpy(dst, src, count * sizeof(pgd_t));
7878 + pax_open_kernel();
7879 + memcpy(dst, src, count * sizeof(pgd_t));
7880 + pax_close_kernel();
7884 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h
7885 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h 2009-12-02 22:51:21.000000000 -0500
7886 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h 2009-12-14 18:33:51.618196576 -0500
7888 #define _PAGE_BIT_PSE 7 /* 4 MB (or 2MB) page */
7889 #define _PAGE_BIT_PAT 7 /* on 4KB pages */
7890 #define _PAGE_BIT_GLOBAL 8 /* Global TLB entry PPro+ */
7891 -#define _PAGE_BIT_UNUSED1 9 /* available for programmer */
7892 +#define _PAGE_BIT_SPECIAL 9 /* special mappings, no associated struct page */
7893 #define _PAGE_BIT_IOMAP 10 /* flag used to indicate IO mapping */
7894 #define _PAGE_BIT_HIDDEN 11 /* hidden by kmemcheck */
7895 #define _PAGE_BIT_PAT_LARGE 12 /* On 2MB or 1GB pages */
7896 -#define _PAGE_BIT_SPECIAL _PAGE_BIT_UNUSED1
7897 -#define _PAGE_BIT_CPA_TEST _PAGE_BIT_UNUSED1
7898 +#define _PAGE_BIT_CPA_TEST _PAGE_BIT_SPECIAL
7899 #define _PAGE_BIT_NX 63 /* No execute: only valid after cpuid check */
7901 /* If _PAGE_BIT_PRESENT is clear, we use these: */
7903 #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
7904 #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE)
7905 #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
7906 -#define _PAGE_UNUSED1 (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
7907 #define _PAGE_IOMAP (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
7908 #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
7909 #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE)
7912 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
7913 #define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX)
7915 +#elif defined(CONFIG_KMEMCHECK)
7916 #define _PAGE_NX (_AT(pteval_t, 0))
7918 +#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN)
7921 #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE)
7923 #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
7926 +#define PAGE_READONLY_NOEXEC PAGE_READONLY
7927 +#define PAGE_SHARED_NOEXEC PAGE_SHARED
7929 #define __PAGE_KERNEL_EXEC \
7930 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
7931 #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
7933 #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC)
7934 #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT)
7935 #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD)
7936 -#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RX | _PAGE_USER)
7937 -#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_VSYSCALL | _PAGE_PCD | _PAGE_PWT)
7938 +#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RO | _PAGE_USER)
7939 +#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_RO | _PAGE_PCD | _PAGE_PWT | _PAGE_USER)
7940 #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
7941 #define __PAGE_KERNEL_LARGE_NOCACHE (__PAGE_KERNEL | _PAGE_CACHE_UC | _PAGE_PSE)
7942 #define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE)
7944 * bits are combined, this will alow user to access the high address mapped
7945 * VDSO in the presence of CONFIG_COMPAT_VDSO
7947 -#define PTE_IDENT_ATTR 0x003 /* PRESENT+RW */
7948 -#define PDE_IDENT_ATTR 0x067 /* PRESENT+RW+USER+DIRTY+ACCESSED */
7949 +#define PTE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
7950 +#define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
7951 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
7954 @@ -278,7 +281,16 @@ typedef struct page *pgtable_t;
7956 extern pteval_t __supported_pte_mask;
7957 extern void set_nx(void);
7959 +#ifdef CONFIG_X86_32
7960 +#ifdef CONFIG_X86_PAE
7961 extern int nx_enabled;
7963 +#define nx_enabled (0)
7966 +#define nx_enabled (1)
7969 #define pgprot_writecombine pgprot_writecombine
7970 extern pgprot_t pgprot_writecombine(pgprot_t prot);
7971 diff -urNp linux-2.6.32.1/arch/x86/include/asm/processor.h linux-2.6.32.1/arch/x86/include/asm/processor.h
7972 --- linux-2.6.32.1/arch/x86/include/asm/processor.h 2009-12-02 22:51:21.000000000 -0500
7973 +++ linux-2.6.32.1/arch/x86/include/asm/processor.h 2009-12-14 18:33:51.628704378 -0500
7974 @@ -272,7 +272,7 @@ struct tss_struct {
7976 } ____cacheline_aligned;
7978 -DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss);
7979 +extern struct tss_struct init_tss[NR_CPUS];
7982 * Save the original ist values for checking stack pointers during debugging
7983 @@ -911,8 +911,17 @@ static inline void spin_lock_prefetch(co
7985 #define TASK_SIZE PAGE_OFFSET
7986 #define TASK_SIZE_MAX TASK_SIZE
7988 +#ifdef CONFIG_PAX_SEGMEXEC
7989 +#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2)
7992 +#ifdef CONFIG_PAX_SEGMEXEC
7993 +#define STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE)
7995 #define STACK_TOP TASK_SIZE
7996 -#define STACK_TOP_MAX STACK_TOP
7998 +#define STACK_TOP_MAX TASK_SIZE
8000 #define INIT_THREAD { \
8001 .sp0 = sizeof(init_stack) + (long)&init_stack, \
8002 @@ -929,7 +938,7 @@ static inline void spin_lock_prefetch(co
8004 #define INIT_TSS { \
8006 - .sp0 = sizeof(init_stack) + (long)&init_stack, \
8007 + .sp0 = sizeof(init_stack) + (long)&init_stack - 8, \
8008 .ss0 = __KERNEL_DS, \
8009 .ss1 = __KERNEL_CS, \
8010 .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
8011 @@ -940,11 +949,7 @@ static inline void spin_lock_prefetch(co
8012 extern unsigned long thread_saved_pc(struct task_struct *tsk);
8014 #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
8015 -#define KSTK_TOP(info) \
8017 - unsigned long *__ptr = (unsigned long *)(info); \
8018 - (unsigned long)(&__ptr[THREAD_SIZE_LONGS]); \
8020 +#define KSTK_TOP(info) ((info)->task.thread.sp0)
8023 * The below -8 is to reserve 8 bytes on top of the ring0 stack.
8024 @@ -959,7 +964,7 @@ extern unsigned long thread_saved_pc(str
8025 #define task_pt_regs(task) \
8027 struct pt_regs *__regs__; \
8028 - __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \
8029 + __regs__ = (struct pt_regs *)((task)->thread.sp0); \
8033 @@ -975,7 +980,7 @@ extern unsigned long thread_saved_pc(str
8034 * space during mmap's.
8036 #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \
8037 - 0xc0000000 : 0xFFFFe000)
8038 + 0xc0000000 : 0xFFFFf000)
8040 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \
8041 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
8042 @@ -1012,6 +1017,10 @@ extern void start_thread(struct pt_regs
8044 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
8046 +#ifdef CONFIG_PAX_SEGMEXEC
8047 +#define SEGMEXEC_TASK_UNMAPPED_BASE (PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3))
8050 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
8052 /* Get/set a process' ability to use the timestamp counter instruction */
8053 diff -urNp linux-2.6.32.1/arch/x86/include/asm/ptrace.h linux-2.6.32.1/arch/x86/include/asm/ptrace.h
8054 --- linux-2.6.32.1/arch/x86/include/asm/ptrace.h 2009-12-02 22:51:21.000000000 -0500
8055 +++ linux-2.6.32.1/arch/x86/include/asm/ptrace.h 2009-12-14 18:33:51.628704378 -0500
8056 @@ -151,28 +151,29 @@ static inline unsigned long regs_return_
8060 - * user_mode_vm(regs) determines whether a register set came from user mode.
8061 + * user_mode(regs) determines whether a register set came from user mode.
8062 * This is true if V8086 mode was enabled OR if the register set was from
8063 * protected mode with RPL-3 CS value. This tricky test checks that with
8064 * one comparison. Many places in the kernel can bypass this full check
8065 - * if they have already ruled out V8086 mode, so user_mode(regs) can be used.
8066 + * if they have already ruled out V8086 mode, so user_mode_novm(regs) can
8069 -static inline int user_mode(struct pt_regs *regs)
8070 +static inline int user_mode_novm(struct pt_regs *regs)
8072 #ifdef CONFIG_X86_32
8073 return (regs->cs & SEGMENT_RPL_MASK) == USER_RPL;
8075 - return !!(regs->cs & 3);
8076 + return !!(regs->cs & SEGMENT_RPL_MASK);
8080 -static inline int user_mode_vm(struct pt_regs *regs)
8081 +static inline int user_mode(struct pt_regs *regs)
8083 #ifdef CONFIG_X86_32
8084 return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK)) >=
8087 - return user_mode(regs);
8088 + return user_mode_novm(regs);
8092 diff -urNp linux-2.6.32.1/arch/x86/include/asm/reboot.h linux-2.6.32.1/arch/x86/include/asm/reboot.h
8093 --- linux-2.6.32.1/arch/x86/include/asm/reboot.h 2009-12-02 22:51:21.000000000 -0500
8094 +++ linux-2.6.32.1/arch/x86/include/asm/reboot.h 2009-12-14 18:33:51.630145569 -0500
8095 @@ -18,7 +18,7 @@ extern struct machine_ops machine_ops;
8097 void native_machine_crash_shutdown(struct pt_regs *regs);
8098 void native_machine_shutdown(void);
8099 -void machine_real_restart(const unsigned char *code, int length);
8100 +void machine_real_restart(const unsigned char *code, unsigned int length);
8102 typedef void (*nmi_shootdown_cb)(int, struct die_args*);
8103 void nmi_shootdown_cpus(nmi_shootdown_cb callback);
8104 diff -urNp linux-2.6.32.1/arch/x86/include/asm/rwsem.h linux-2.6.32.1/arch/x86/include/asm/rwsem.h
8105 --- linux-2.6.32.1/arch/x86/include/asm/rwsem.h 2009-12-02 22:51:21.000000000 -0500
8106 +++ linux-2.6.32.1/arch/x86/include/asm/rwsem.h 2009-12-14 18:33:51.630145569 -0500
8107 @@ -106,10 +106,26 @@ static inline void __down_read(struct rw
8109 asm volatile("# beginning down_read\n\t"
8110 LOCK_PREFIX " incl (%%eax)\n\t"
8112 +#ifdef CONFIG_PAX_REFCOUNT
8113 +#ifdef CONFIG_X86_32
8119 + ".pushsection .fixup,\"ax\"\n"
8121 + LOCK_PREFIX "decl (%%eax)\n"
8124 + _ASM_EXTABLE(0b, 1b)
8127 /* adds 0x00000001, returns the old value */
8130 " call call_rwsem_down_read_failed\n"
8133 "# ending down_read\n\t"
8136 @@ -124,13 +140,29 @@ static inline int __down_read_trylock(st
8138 asm volatile("# beginning __down_read_trylock\n\t"
8146 +#ifdef CONFIG_PAX_REFCOUNT
8147 +#ifdef CONFIG_X86_32
8153 + ".pushsection .fixup,\"ax\"\n"
8158 + _ASM_EXTABLE(0b, 1b)
8162 LOCK_PREFIX " cmpxchgl %2,%0\n\t"
8167 "# ending __down_read_trylock\n\t"
8168 : "+m" (sem->count), "=&a" (result), "=&r" (tmp)
8169 : "i" (RWSEM_ACTIVE_READ_BIAS)
8170 @@ -148,12 +180,28 @@ static inline void __down_write_nested(s
8171 tmp = RWSEM_ACTIVE_WRITE_BIAS;
8172 asm volatile("# beginning down_write\n\t"
8173 LOCK_PREFIX " xadd %%edx,(%%eax)\n\t"
8175 +#ifdef CONFIG_PAX_REFCOUNT
8176 +#ifdef CONFIG_X86_32
8182 + ".pushsection .fixup,\"ax\"\n"
8184 + "movl %%edx,(%%eax)\n"
8187 + _ASM_EXTABLE(0b, 1b)
8190 /* subtract 0x0000ffff, returns the old value */
8191 " testl %%edx,%%edx\n\t"
8192 /* was the count 0 before? */
8195 " call call_rwsem_down_write_failed\n"
8198 "# ending down_write"
8199 : "+m" (sem->count), "=d" (tmp)
8200 : "a" (sem), "1" (tmp)
8201 @@ -186,10 +234,26 @@ static inline void __up_read(struct rw_s
8202 __s32 tmp = -RWSEM_ACTIVE_READ_BIAS;
8203 asm volatile("# beginning __up_read\n\t"
8204 LOCK_PREFIX " xadd %%edx,(%%eax)\n\t"
8206 +#ifdef CONFIG_PAX_REFCOUNT
8207 +#ifdef CONFIG_X86_32
8213 + ".pushsection .fixup,\"ax\"\n"
8215 + "movl %%edx,(%%eax)\n"
8218 + _ASM_EXTABLE(0b, 1b)
8221 /* subtracts 1, returns the old value */
8224 " call call_rwsem_wake\n"
8227 "# ending __up_read\n"
8228 : "+m" (sem->count), "=d" (tmp)
8229 : "a" (sem), "1" (tmp)
8230 @@ -204,11 +268,27 @@ static inline void __up_write(struct rw_
8231 asm volatile("# beginning __up_write\n\t"
8232 " movl %2,%%edx\n\t"
8233 LOCK_PREFIX " xaddl %%edx,(%%eax)\n\t"
8235 +#ifdef CONFIG_PAX_REFCOUNT
8236 +#ifdef CONFIG_X86_32
8242 + ".pushsection .fixup,\"ax\"\n"
8244 + "movl %%edx,(%%eax)\n"
8247 + _ASM_EXTABLE(0b, 1b)
8250 /* tries to transition
8251 0xffff0001 -> 0x00000000 */
8254 " call call_rwsem_wake\n"
8257 "# ending __up_write\n"
8259 : "a" (sem), "i" (-RWSEM_ACTIVE_WRITE_BIAS)
8260 @@ -222,10 +302,26 @@ static inline void __downgrade_write(str
8262 asm volatile("# beginning __downgrade_write\n\t"
8263 LOCK_PREFIX " addl %2,(%%eax)\n\t"
8265 +#ifdef CONFIG_PAX_REFCOUNT
8266 +#ifdef CONFIG_X86_32
8272 + ".pushsection .fixup,\"ax\"\n"
8274 + LOCK_PREFIX "subl %2,(%%eax)\n"
8277 + _ASM_EXTABLE(0b, 1b)
8280 /* transitions 0xZZZZ0001 -> 0xYYYY0001 */
8283 " call call_rwsem_downgrade_wake\n"
8286 "# ending __downgrade_write\n"
8288 : "a" (sem), "i" (-RWSEM_WAITING_BIAS)
8289 @@ -237,7 +333,23 @@ static inline void __downgrade_write(str
8291 static inline void rwsem_atomic_add(int delta, struct rw_semaphore *sem)
8293 - asm volatile(LOCK_PREFIX "addl %1,%0"
8294 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
8296 +#ifdef CONFIG_PAX_REFCOUNT
8297 +#ifdef CONFIG_X86_32
8303 + ".pushsection .fixup,\"ax\"\n"
8305 + LOCK_PREFIX "subl %1,%0\n"
8308 + _ASM_EXTABLE(0b, 1b)
8314 @@ -249,7 +361,23 @@ static inline int rwsem_atomic_update(in
8318 - asm volatile(LOCK_PREFIX "xadd %0,%1"
8319 + asm volatile(LOCK_PREFIX "xadd %0,%1\n"
8321 +#ifdef CONFIG_PAX_REFCOUNT
8322 +#ifdef CONFIG_X86_32
8328 + ".pushsection .fixup,\"ax\"\n"
8333 + _ASM_EXTABLE(0b, 1b)
8336 : "+r" (tmp), "+m" (sem->count)
8339 diff -urNp linux-2.6.32.1/arch/x86/include/asm/segment.h linux-2.6.32.1/arch/x86/include/asm/segment.h
8340 --- linux-2.6.32.1/arch/x86/include/asm/segment.h 2009-12-02 22:51:21.000000000 -0500
8341 +++ linux-2.6.32.1/arch/x86/include/asm/segment.h 2009-12-14 18:33:51.630750090 -0500
8343 #define GDT_ENTRY_ESPFIX_SS (GDT_ENTRY_KERNEL_BASE + 14)
8344 #define __ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)
8346 -#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15)
8347 +#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15)
8349 #define __KERNEL_PERCPU (GDT_ENTRY_PERCPU * 8)
8351 @@ -102,6 +102,12 @@
8352 #define __KERNEL_STACK_CANARY 0
8355 +#define GDT_ENTRY_PCIBIOS_CS (GDT_ENTRY_KERNEL_BASE + 17)
8356 +#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8)
8358 +#define GDT_ENTRY_PCIBIOS_DS (GDT_ENTRY_KERNEL_BASE + 18)
8359 +#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8)
8361 #define GDT_ENTRY_DOUBLEFAULT_TSS 31
8367 /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
8368 -#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8)
8369 +#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16)
8373 diff -urNp linux-2.6.32.1/arch/x86/include/asm/spinlock.h linux-2.6.32.1/arch/x86/include/asm/spinlock.h
8374 --- linux-2.6.32.1/arch/x86/include/asm/spinlock.h 2009-12-02 22:51:21.000000000 -0500
8375 +++ linux-2.6.32.1/arch/x86/include/asm/spinlock.h 2009-12-14 18:33:51.630750090 -0500
8376 @@ -249,18 +249,50 @@ static inline int __raw_write_can_lock(r
8377 static inline void __raw_read_lock(raw_rwlock_t *rw)
8379 asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t"
8381 - "call __read_lock_failed\n\t"
8383 +#ifdef CONFIG_PAX_REFCOUNT
8384 +#ifdef CONFIG_X86_32
8390 + ".pushsection .fixup,\"ax\"\n"
8392 + LOCK_PREFIX " addl $1,(%0)\n"
8395 + _ASM_EXTABLE(0b, 1b)
8399 + "call __read_lock_failed\n\t"
8401 ::LOCK_PTR_REG (rw) : "memory");
8404 static inline void __raw_write_lock(raw_rwlock_t *rw)
8406 asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t"
8408 - "call __write_lock_failed\n\t"
8410 +#ifdef CONFIG_PAX_REFCOUNT
8411 +#ifdef CONFIG_X86_32
8417 + ".pushsection .fixup,\"ax\"\n"
8419 + LOCK_PREFIX " addl %1,(%0)\n"
8422 + _ASM_EXTABLE(0b, 1b)
8426 + "call __write_lock_failed\n\t"
8428 ::LOCK_PTR_REG (rw), "i" (RW_LOCK_BIAS) : "memory");
8431 @@ -286,12 +318,45 @@ static inline int __raw_write_trylock(ra
8433 static inline void __raw_read_unlock(raw_rwlock_t *rw)
8435 - asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory");
8436 + asm volatile(LOCK_PREFIX "incl %0\n"
8438 +#ifdef CONFIG_PAX_REFCOUNT
8439 +#ifdef CONFIG_X86_32
8445 + ".pushsection .fixup,\"ax\"\n"
8447 + LOCK_PREFIX "decl %0\n"
8450 + _ASM_EXTABLE(0b, 1b)
8453 + :"+m" (rw->lock) : : "memory");
8456 static inline void __raw_write_unlock(raw_rwlock_t *rw)
8458 - asm volatile(LOCK_PREFIX "addl %1, %0"
8459 + asm volatile(LOCK_PREFIX "addl %1, %0\n"
8461 +#ifdef CONFIG_PAX_REFCOUNT
8462 +#ifdef CONFIG_X86_32
8468 + ".pushsection .fixup,\"ax\"\n"
8470 + LOCK_PREFIX "subl %1,%0\n"
8473 + _ASM_EXTABLE(0b, 1b)
8476 : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory");
8479 diff -urNp linux-2.6.32.1/arch/x86/include/asm/system.h linux-2.6.32.1/arch/x86/include/asm/system.h
8480 --- linux-2.6.32.1/arch/x86/include/asm/system.h 2009-12-02 22:51:21.000000000 -0500
8481 +++ linux-2.6.32.1/arch/x86/include/asm/system.h 2009-12-14 18:33:51.630750090 -0500
8482 @@ -200,7 +200,7 @@ static inline unsigned long get_limit(un
8484 unsigned long __limit;
8485 asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
8486 - return __limit + 1;
8490 static inline void native_clts(void)
8491 @@ -340,7 +340,7 @@ void enable_hlt(void);
8493 void cpu_idle_wait(void);
8495 -extern unsigned long arch_align_stack(unsigned long sp);
8496 +#define arch_align_stack(x) ((x) & ~0xfUL)
8497 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
8499 void default_idle(void);
8500 diff -urNp linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h
8501 --- linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h 2009-12-02 22:51:21.000000000 -0500
8502 +++ linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h 2009-12-14 18:33:51.630750090 -0500
8503 @@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u
8504 static __always_inline unsigned long __must_check
8505 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
8510 if (__builtin_constant_p(n)) {
8513 @@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to,
8517 + if (!__builtin_constant_p(n))
8518 + check_object_size(from, n, true);
8519 return __copy_to_user_ll(to, from, n);
8522 @@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo
8523 static __always_inline unsigned long
8524 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
8529 /* Avoid zeroing the tail if the copy fails..
8530 * If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
8531 * but as the zeroing behaviour is only significant when n is not
8532 @@ -138,6 +146,10 @@ static __always_inline unsigned long
8533 __copy_from_user(void *to, const void __user *from, unsigned long n)
8540 if (__builtin_constant_p(n)) {
8543 @@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __
8547 + if (!__builtin_constant_p(n))
8548 + check_object_size(to, n, false);
8549 return __copy_from_user_ll(to, from, n);
8552 @@ -160,6 +174,10 @@ static __always_inline unsigned long __c
8553 const void __user *from, unsigned long n)
8560 if (__builtin_constant_p(n)) {
8563 @@ -182,14 +200,62 @@ static __always_inline unsigned long
8564 __copy_from_user_inatomic_nocache(void *to, const void __user *from,
8567 - return __copy_from_user_ll_nocache_nozero(to, from, n);
8571 + return __copy_from_user_ll_nocache_nozero(to, from, n);
8575 + * copy_to_user: - Copy a block of data into user space.
8576 + * @to: Destination address, in user space.
8577 + * @from: Source address, in kernel space.
8578 + * @n: Number of bytes to copy.
8580 + * Context: User context only. This function may sleep.
8582 + * Copy data from kernel space to user space.
8584 + * Returns number of bytes that could not be copied.
8585 + * On success, this will be zero.
8587 +static __always_inline unsigned long __must_check
8588 +copy_to_user(void __user *to, const void *from, unsigned long n)
8590 + if (access_ok(VERIFY_WRITE, to, n))
8591 + n = __copy_to_user(to, from, n);
8596 + * copy_from_user: - Copy a block of data from user space.
8597 + * @to: Destination address, in kernel space.
8598 + * @from: Source address, in user space.
8599 + * @n: Number of bytes to copy.
8601 + * Context: User context only. This function may sleep.
8603 + * Copy data from user space to kernel space.
8605 + * Returns number of bytes that could not be copied.
8606 + * On success, this will be zero.
8608 + * If some data could not be copied, this function will pad the copied
8609 + * data to the requested size using zero bytes.
8611 +static __always_inline unsigned long __must_check
8612 +copy_from_user(void *to, const void __user *from, unsigned long n)
8614 + if (access_ok(VERIFY_READ, from, n))
8615 + n = __copy_from_user(to, from, n);
8616 + else if ((long)n > 0) {
8617 + if (!__builtin_constant_p(n))
8618 + check_object_size(to, n, false);
8624 -unsigned long __must_check copy_to_user(void __user *to,
8625 - const void *from, unsigned long n);
8626 -unsigned long __must_check copy_from_user(void *to,
8627 - const void __user *from,
8629 long __must_check strncpy_from_user(char *dst, const char __user *src,
8631 long __must_check __strncpy_from_user(char *dst,
8632 diff -urNp linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h
8633 --- linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h 2009-12-02 22:51:21.000000000 -0500
8634 +++ linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h 2009-12-14 18:33:51.632016363 -0500
8636 #include <linux/lockdep.h>
8637 #include <asm/page.h>
8639 +#define set_fs(x) (current_thread_info()->addr_limit = (x))
8642 * Copy To/From Userspace
8644 @@ -19,20 +21,22 @@ __must_check unsigned long
8645 copy_user_generic(void *to, const void *from, unsigned len);
8647 __must_check unsigned long
8648 -copy_to_user(void __user *to, const void *from, unsigned len);
8649 -__must_check unsigned long
8650 -copy_from_user(void *to, const void __user *from, unsigned len);
8651 -__must_check unsigned long
8652 copy_in_user(void __user *to, const void __user *from, unsigned len);
8654 static __always_inline __must_check
8655 -int __copy_from_user(void *dst, const void __user *src, unsigned size)
8656 +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size)
8662 - if (!__builtin_constant_p(size))
8664 + if ((int)size < 0)
8667 + if (!__builtin_constant_p(size)) {
8668 + check_object_size(dst, size, false);
8669 return copy_user_generic(dst, (__force void *)src, size);
8672 case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
8673 ret, "b", "b", "=q", 1);
8674 @@ -70,13 +74,19 @@ int __copy_from_user(void *dst, const vo
8677 static __always_inline __must_check
8678 -int __copy_to_user(void __user *dst, const void *src, unsigned size)
8679 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size)
8685 - if (!__builtin_constant_p(size))
8687 + if ((int)size < 0)
8690 + if (!__builtin_constant_p(size)) {
8691 + check_object_size(src, size, true);
8692 return copy_user_generic((__force void *)dst, src, size);
8695 case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
8696 ret, "b", "b", "iq", 1);
8697 @@ -114,11 +124,39 @@ int __copy_to_user(void __user *dst, con
8700 static __always_inline __must_check
8701 -int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
8702 +unsigned long copy_to_user(void __user *to, const void *from, unsigned len)
8705 + if (access_ok(VERIFY_WRITE, to, len))
8706 + len = __copy_to_user(to, from, len);
8710 +static __always_inline __must_check
8711 +unsigned long copy_from_user(void *to, const void __user *from, unsigned len)
8716 + if (access_ok(VERIFY_READ, from, len))
8717 + len = __copy_from_user(to, from, len);
8718 + else if ((int)len > 0) {
8719 + if (!__builtin_constant_p(len))
8720 + check_object_size(to, len, false);
8721 + memset(to, 0, len);
8726 +static __always_inline __must_check
8727 +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
8733 + if ((int)size < 0)
8736 if (!__builtin_constant_p(size))
8737 return copy_user_generic((__force void *)dst,
8738 (__force void *)src, size);
8739 @@ -179,30 +217,38 @@ __must_check unsigned long __clear_user(
8740 __must_check long __copy_from_user_inatomic(void *dst, const void __user *src,
8743 -static __must_check __always_inline int
8744 +static __must_check __always_inline unsigned long
8745 __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
8747 + if ((int)size < 0)
8750 return copy_user_generic((__force void *)dst, src, size);
8753 -extern long __copy_user_nocache(void *dst, const void __user *src,
8754 +extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
8755 unsigned size, int zerorest);
8758 -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
8759 +static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
8763 + if ((int)size < 0)
8766 return __copy_user_nocache(dst, src, size, 1);
8770 -__copy_from_user_inatomic_nocache(void *dst, const void __user *src,
8771 +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
8774 + if ((int)size < 0)
8777 return __copy_user_nocache(dst, src, size, 0);
8781 +extern unsigned long
8782 copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
8784 #endif /* _ASM_X86_UACCESS_64_H */
8785 diff -urNp linux-2.6.32.1/arch/x86/include/asm/uaccess.h linux-2.6.32.1/arch/x86/include/asm/uaccess.h
8786 --- linux-2.6.32.1/arch/x86/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
8787 +++ linux-2.6.32.1/arch/x86/include/asm/uaccess.h 2009-12-14 18:33:51.632016363 -0500
8789 #include <linux/thread_info.h>
8790 #include <linux/prefetch.h>
8791 #include <linux/string.h>
8792 +#include <linux/sched.h>
8793 +#include <linux/slab.h>
8794 #include <asm/asm.h>
8795 #include <asm/page.h>
8796 +#include <asm/segment.h>
8798 #define VERIFY_READ 0
8799 #define VERIFY_WRITE 1
8802 #define get_ds() (KERNEL_DS)
8803 #define get_fs() (current_thread_info()->addr_limit)
8804 +#ifdef CONFIG_X86_32
8805 +void __set_fs(mm_segment_t x, int cpu);
8806 +void set_fs(mm_segment_t x);
8808 #define set_fs(x) (current_thread_info()->addr_limit = (x))
8811 #define segment_eq(a, b) ((a).seg == (b).seg)
8814 * checks that the pointer is in the user space range - after calling
8815 * this function, memory access functions may still return -EFAULT.
8817 -#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
8818 +#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
8819 +#define access_ok(type, addr, size) \
8821 + long __size = size; \
8822 + unsigned long __addr = (unsigned long)addr; \
8823 + unsigned long __addr_ao = __addr & PAGE_MASK; \
8824 + unsigned long __end_ao = __addr + __size - 1; \
8825 + bool __ret_ao = __range_not_ok(__addr, __size) == 0; \
8826 + if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
8827 + for (; __addr_ao <= __end_ao; __addr_ao += PAGE_SIZE) { \
8829 + if (__size > PAGE_SIZE) \
8831 + if (__get_user(__c_ao, (char __user *)__addr_ao))\
8833 + if (type != VERIFY_WRITE) \
8835 + if (__put_user(__c_ao, (char __user *)__addr_ao))\
8843 * The exception table consists of pairs of addresses: the first is the
8844 @@ -183,13 +213,21 @@ extern int __get_user_bad(void);
8845 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
8846 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
8849 +#ifdef CONFIG_X86_32
8850 +#define _ASM_LOAD_USER_DS(ds) "movw %w" #ds ",%%ds\n"
8851 +#define _ASM_LOAD_KERNEL_DS "pushl %%ss; popl %%ds\n"
8853 +#define _ASM_LOAD_USER_DS(ds)
8854 +#define _ASM_LOAD_KERNEL_DS
8857 #ifdef CONFIG_X86_32
8858 #define __put_user_asm_u64(x, addr, err, errret) \
8859 - asm volatile("1: movl %%eax,0(%2)\n" \
8860 - "2: movl %%edx,4(%2)\n" \
8861 + asm volatile(_ASM_LOAD_USER_DS(5) \
8862 + "1: movl %%eax,%%ds:0(%2)\n" \
8863 + "2: movl %%edx,%%ds:4(%2)\n" \
8865 + _ASM_LOAD_KERNEL_DS \
8866 ".section .fixup,\"ax\"\n" \
8869 @@ -197,15 +235,18 @@ extern int __get_user_bad(void);
8870 _ASM_EXTABLE(1b, 4b) \
8871 _ASM_EXTABLE(2b, 4b) \
8873 - : "A" (x), "r" (addr), "i" (errret), "0" (err))
8874 + : "A" (x), "r" (addr), "i" (errret), "0" (err), \
8877 #define __put_user_asm_ex_u64(x, addr) \
8878 - asm volatile("1: movl %%eax,0(%1)\n" \
8879 - "2: movl %%edx,4(%1)\n" \
8880 + asm volatile(_ASM_LOAD_USER_DS(2) \
8881 + "1: movl %%eax,%%ds:0(%1)\n" \
8882 + "2: movl %%edx,%%ds:4(%1)\n" \
8884 + _ASM_LOAD_KERNEL_DS \
8885 _ASM_EXTABLE(1b, 2b - 1b) \
8886 _ASM_EXTABLE(2b, 3b - 2b) \
8887 - : : "A" (x), "r" (addr))
8888 + : : "A" (x), "r" (addr), "r"(__USER_DS))
8890 #define __put_user_x8(x, ptr, __ret_pu) \
8891 asm volatile("call __put_user_8" : "=a" (__ret_pu) \
8892 @@ -374,16 +415,18 @@ do { \
8895 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
8896 - asm volatile("1: mov"itype" %2,%"rtype"1\n" \
8897 + asm volatile(_ASM_LOAD_USER_DS(5) \
8898 + "1: mov"itype" %%ds:%2,%"rtype"1\n" \
8900 + _ASM_LOAD_KERNEL_DS \
8901 ".section .fixup,\"ax\"\n" \
8903 " xor"itype" %"rtype"1,%"rtype"1\n" \
8906 _ASM_EXTABLE(1b, 3b) \
8907 - : "=r" (err), ltype(x) \
8908 - : "m" (__m(addr)), "i" (errret), "0" (err))
8909 + : "=r" (err), ltype (x) \
8910 + : "m" (__m(addr)), "i" (errret), "0" (err), "r"(__USER_DS))
8912 #define __get_user_size_ex(x, ptr, size) \
8914 @@ -407,10 +450,12 @@ do { \
8917 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
8918 - asm volatile("1: mov"itype" %1,%"rtype"0\n" \
8919 + asm volatile(_ASM_LOAD_USER_DS(2) \
8920 + "1: mov"itype" %%ds:%1,%"rtype"0\n" \
8922 + _ASM_LOAD_KERNEL_DS \
8923 _ASM_EXTABLE(1b, 2b - 1b) \
8924 - : ltype(x) : "m" (__m(addr)))
8925 + : ltype(x) : "m" (__m(addr)), "r"(__USER_DS))
8927 #define __put_user_nocheck(x, ptr, size) \
8929 @@ -424,7 +469,7 @@ do { \
8931 unsigned long __gu_val; \
8932 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
8933 - (x) = (__force __typeof__(*(ptr)))__gu_val; \
8934 + (x) = (__typeof__(*(ptr)))__gu_val; \
8938 @@ -438,21 +483,26 @@ struct __large_struct { unsigned long bu
8941 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
8942 - asm volatile("1: mov"itype" %"rtype"1,%2\n" \
8943 + asm volatile(_ASM_LOAD_USER_DS(5) \
8944 + "1: mov"itype" %"rtype"1,%%ds:%2\n" \
8946 + _ASM_LOAD_KERNEL_DS \
8947 ".section .fixup,\"ax\"\n" \
8951 _ASM_EXTABLE(1b, 3b) \
8953 - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
8954 + : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err),\
8957 #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
8958 - asm volatile("1: mov"itype" %"rtype"0,%1\n" \
8959 + asm volatile(_ASM_LOAD_USER_DS(2) \
8960 + "1: mov"itype" %"rtype"0,%%ds:%1\n" \
8962 + _ASM_LOAD_KERNEL_DS \
8963 _ASM_EXTABLE(1b, 2b - 1b) \
8964 - : : ltype(x), "m" (__m(addr)))
8965 + : : ltype(x), "m" (__m(addr)), "r"(__USER_DS))
8968 * uaccess_try and catch
8969 @@ -530,7 +580,7 @@ struct __large_struct { unsigned long bu
8970 #define get_user_ex(x, ptr) do { \
8971 unsigned long __gue_val; \
8972 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
8973 - (x) = (__force __typeof__(*(ptr)))__gue_val; \
8974 + (x) = (__typeof__(*(ptr)))__gue_val; \
8977 #ifdef CONFIG_X86_WP_WORKS_OK
8978 @@ -567,6 +617,7 @@ extern struct movsl_mask {
8980 #define ARCH_HAS_NOCACHE_UACCESS 1
8982 +#define ARCH_HAS_SORT_EXTABLE
8983 #ifdef CONFIG_X86_32
8984 # include "uaccess_32.h"
8986 diff -urNp linux-2.6.32.1/arch/x86/include/asm/vgtod.h linux-2.6.32.1/arch/x86/include/asm/vgtod.h
8987 --- linux-2.6.32.1/arch/x86/include/asm/vgtod.h 2009-12-02 22:51:21.000000000 -0500
8988 +++ linux-2.6.32.1/arch/x86/include/asm/vgtod.h 2009-12-14 18:33:51.632749980 -0500
8989 @@ -14,6 +14,7 @@ struct vsyscall_gtod_data {
8991 struct timezone sys_tz;
8992 struct { /* extract of a clocksource struct */
8994 cycle_t (*vread)(void);
8997 diff -urNp linux-2.6.32.1/arch/x86/include/asm/vmi.h linux-2.6.32.1/arch/x86/include/asm/vmi.h
8998 --- linux-2.6.32.1/arch/x86/include/asm/vmi.h 2009-12-02 22:51:21.000000000 -0500
8999 +++ linux-2.6.32.1/arch/x86/include/asm/vmi.h 2009-12-14 18:33:51.632749980 -0500
9000 @@ -191,6 +191,7 @@ struct vrom_header {
9001 u8 reserved[96]; /* Reserved for headers */
9002 char vmi_init[8]; /* VMI_Init jump point */
9003 char get_reloc[8]; /* VMI_GetRelocationInfo jump point */
9004 + char rom_data[8048]; /* rest of the option ROM */
9005 } __attribute__((packed));
9008 diff -urNp linux-2.6.32.1/arch/x86/include/asm/vsyscall.h linux-2.6.32.1/arch/x86/include/asm/vsyscall.h
9009 --- linux-2.6.32.1/arch/x86/include/asm/vsyscall.h 2009-12-02 22:51:21.000000000 -0500
9010 +++ linux-2.6.32.1/arch/x86/include/asm/vsyscall.h 2009-12-14 18:33:51.632749980 -0500
9011 @@ -15,9 +15,10 @@ enum vsyscall_num {
9014 #include <linux/seqlock.h>
9015 +#include <linux/getcpu.h>
9016 +#include <linux/time.h>
9018 #define __section_vgetcpu_mode __attribute__ ((unused, __section__ (".vgetcpu_mode"), aligned(16)))
9019 -#define __section_jiffies __attribute__ ((unused, __section__ (".jiffies"), aligned(16)))
9021 /* Definitions for CONFIG_GENERIC_TIME definitions */
9022 #define __section_vsyscall_gtod_data __attribute__ \
9023 @@ -31,7 +32,6 @@ enum vsyscall_num {
9024 #define VGETCPU_LSL 2
9026 extern int __vgetcpu_mode;
9027 -extern volatile unsigned long __jiffies;
9029 /* kernel space (writeable) */
9030 extern int vgetcpu_mode;
9031 @@ -39,6 +39,9 @@ extern struct timezone sys_tz;
9033 extern void map_vsyscall(void);
9035 +extern int vgettimeofday(struct timeval * tv, struct timezone * tz);
9036 +extern time_t vtime(time_t *t);
9037 +extern long vgetcpu(unsigned *cpu, unsigned *node, struct getcpu_cache *tcache);
9038 #endif /* __KERNEL__ */
9040 #endif /* _ASM_X86_VSYSCALL_H */
9041 diff -urNp linux-2.6.32.1/arch/x86/Kconfig linux-2.6.32.1/arch/x86/Kconfig
9042 --- linux-2.6.32.1/arch/x86/Kconfig 2009-12-02 22:51:21.000000000 -0500
9043 +++ linux-2.6.32.1/arch/x86/Kconfig 2009-12-14 18:33:51.633828180 -0500
9044 @@ -1089,7 +1089,7 @@ config PAGE_OFFSET
9046 default 0xB0000000 if VMSPLIT_3G_OPT
9047 default 0x80000000 if VMSPLIT_2G
9048 - default 0x78000000 if VMSPLIT_2G_OPT
9049 + default 0x70000000 if VMSPLIT_2G_OPT
9050 default 0x40000000 if VMSPLIT_1G
9053 @@ -1415,7 +1415,7 @@ config ARCH_USES_PG_UNCACHED
9056 bool "EFI runtime service support"
9058 + depends on ACPI && !PAX_KERNEXEC
9060 This enables the kernel to use EFI runtime services that are
9061 available (such as the EFI variable services).
9062 @@ -1502,6 +1502,7 @@ config KEXEC_JUMP
9063 config PHYSICAL_START
9064 hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
9066 + range 0x400000 0x40000000
9068 This gives the physical address where the kernel is loaded.
9070 @@ -1566,6 +1567,7 @@ config PHYSICAL_ALIGN
9072 prompt "Alignment value to which kernel should be aligned" if X86_32
9074 + range 0x400000 0x1000000 if PAX_KERNEXEC
9075 range 0x2000 0x1000000
9077 This value puts the alignment restrictions on physical address
9078 @@ -1597,9 +1599,10 @@ config HOTPLUG_CPU
9079 Say N if you want to disable CPU hotplug.
9084 prompt "Compat VDSO support"
9085 depends on X86_32 || IA32_EMULATION
9086 + depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
9088 Map the 32-bit VDSO to the predictable old-style address too.
9090 diff -urNp linux-2.6.32.1/arch/x86/Kconfig.cpu linux-2.6.32.1/arch/x86/Kconfig.cpu
9091 --- linux-2.6.32.1/arch/x86/Kconfig.cpu 2009-12-02 22:51:21.000000000 -0500
9092 +++ linux-2.6.32.1/arch/x86/Kconfig.cpu 2009-12-14 18:33:51.633828180 -0500
9093 @@ -340,7 +340,7 @@ config X86_PPRO_FENCE
9097 - depends on M586MMX || M586TSC || M586 || M486 || M386
9098 + depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
9100 config X86_WP_WORKS_OK
9102 @@ -360,7 +360,7 @@ config X86_POPAD_OK
9104 config X86_ALIGNMENT_16
9106 - depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
9107 + depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
9109 config X86_INTEL_USERCOPY
9111 @@ -406,7 +406,7 @@ config X86_CMPXCHG64
9115 - depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
9116 + depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
9118 config X86_MINIMUM_CPU_FAMILY
9120 diff -urNp linux-2.6.32.1/arch/x86/Kconfig.debug linux-2.6.32.1/arch/x86/Kconfig.debug
9121 --- linux-2.6.32.1/arch/x86/Kconfig.debug 2009-12-02 22:51:21.000000000 -0500
9122 +++ linux-2.6.32.1/arch/x86/Kconfig.debug 2009-12-14 18:33:51.633828180 -0500
9123 @@ -99,7 +99,7 @@ config X86_PTDUMP
9125 bool "Write protect kernel read-only data structures"
9127 - depends on DEBUG_KERNEL
9128 + depends on DEBUG_KERNEL && BROKEN
9130 Mark the kernel read-only data as write-protected in the pagetables,
9131 in order to catch accidental (and incorrect) writes to such const
9132 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/boot.c linux-2.6.32.1/arch/x86/kernel/acpi/boot.c
9133 --- linux-2.6.32.1/arch/x86/kernel/acpi/boot.c 2009-12-02 22:51:21.000000000 -0500
9134 +++ linux-2.6.32.1/arch/x86/kernel/acpi/boot.c 2009-12-14 18:33:51.634726600 -0500
9135 @@ -1508,7 +1508,7 @@ static struct dmi_system_id __initdata a
9136 DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"),
9140 + { NULL, NULL, {{0, {0}}}, NULL}
9144 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S
9145 --- linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S 2009-12-02 22:51:21.000000000 -0500
9146 +++ linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S 2009-12-14 18:33:51.634726600 -0500
9147 @@ -104,7 +104,7 @@ _start:
9151 - movl $0xc0000080, %ecx
9152 + mov $MSR_EFER, %ecx
9156 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c
9157 --- linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c 2009-12-02 22:51:21.000000000 -0500
9158 +++ linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c 2009-12-14 18:33:51.634726600 -0500
9160 #include <linux/cpumask.h>
9161 #include <asm/segment.h>
9162 #include <asm/desc.h>
9163 +#include <asm/e820.h>
9165 #include "realmode/wakeup.h"
9168 -unsigned long acpi_wakeup_address;
9169 +unsigned long acpi_wakeup_address = 0x2000;
9170 unsigned long acpi_realmode_flags;
9172 /* address in low memory of the wakeup routine. */
9173 @@ -99,8 +100,12 @@ int acpi_save_state_mem(void)
9174 header->trampoline_segment = setup_trampoline() >> 4;
9176 stack_start.sp = temp_stack + sizeof(temp_stack);
9178 + pax_open_kernel();
9179 early_gdt_descr.address =
9180 (unsigned long)get_cpu_gdt_table(smp_processor_id());
9181 + pax_close_kernel();
9183 initial_gs = per_cpu_offset(smp_processor_id());
9185 initial_code = (unsigned long)wakeup_long64;
9186 @@ -134,14 +139,8 @@ void __init acpi_reserve_bootmem(void)
9190 - acpi_realmode = (unsigned long)alloc_bootmem_low(WAKEUP_SIZE);
9192 - if (!acpi_realmode) {
9193 - printk(KERN_ERR "ACPI: Cannot allocate lowmem, S3 disabled.\n");
9197 - acpi_wakeup_address = virt_to_phys((void *)acpi_realmode);
9198 + reserve_early(acpi_wakeup_address, acpi_wakeup_address + WAKEUP_SIZE, "ACPI Wakeup Code");
9199 + acpi_realmode = (unsigned long)__va(acpi_wakeup_address);;
9203 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S
9204 --- linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S 2009-12-02 22:51:21.000000000 -0500
9205 +++ linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S 2009-12-14 18:33:51.635713362 -0500
9206 @@ -30,13 +30,11 @@ wakeup_pmode_return:
9207 # and restore the stack ... but you need gdt for this to work
9208 movl saved_context_esp, %esp
9210 - movl %cs:saved_magic, %eax
9211 - cmpl $0x12345678, %eax
9212 + cmpl $0x12345678, saved_magic
9215 # jump to place where we left off
9216 - movl saved_eip, %eax
9222 diff -urNp linux-2.6.32.1/arch/x86/kernel/alternative.c linux-2.6.32.1/arch/x86/kernel/alternative.c
9223 --- linux-2.6.32.1/arch/x86/kernel/alternative.c 2009-12-02 22:51:21.000000000 -0500
9224 +++ linux-2.6.32.1/arch/x86/kernel/alternative.c 2009-12-14 18:33:51.636713026 -0500
9225 @@ -407,7 +407,7 @@ void __init_or_module apply_paravirt(str
9227 BUG_ON(p->len > MAX_PATCH_LEN);
9228 /* prep the buffer with the original instructions */
9229 - memcpy(insnbuf, p->instr, p->len);
9230 + memcpy(insnbuf, ktla_ktva(p->instr), p->len);
9231 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
9232 (unsigned long)p->instr, p->len);
9234 @@ -497,7 +497,11 @@ static void *__init_or_module text_poke_
9236 unsigned long flags;
9237 local_irq_save(flags);
9238 - memcpy(addr, opcode, len);
9240 + pax_open_kernel();
9241 + memcpy(ktla_ktva(addr), opcode, len);
9242 + pax_close_kernel();
9245 local_irq_restore(flags);
9246 /* Could also do a CLFLUSH here to speed up CPU recovery; but
9247 @@ -520,35 +524,21 @@ static void *__init_or_module text_poke_
9249 void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
9251 - unsigned long flags;
9253 + unsigned char *vaddr = ktla_ktva(addr);
9254 struct page *pages[2];
9258 if (!core_kernel_text((unsigned long)addr)) {
9259 - pages[0] = vmalloc_to_page(addr);
9260 - pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
9261 + pages[0] = vmalloc_to_page(vaddr);
9262 + pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE);
9264 - pages[0] = virt_to_page(addr);
9265 + pages[0] = virt_to_page(vaddr);
9266 WARN_ON(!PageReserved(pages[0]));
9267 - pages[1] = virt_to_page(addr + PAGE_SIZE);
9268 + pages[1] = virt_to_page(vaddr + PAGE_SIZE);
9271 - local_irq_save(flags);
9272 - set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
9274 - set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1]));
9275 - vaddr = (char *)fix_to_virt(FIX_TEXT_POKE0);
9276 - memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
9277 - clear_fixmap(FIX_TEXT_POKE0);
9279 - clear_fixmap(FIX_TEXT_POKE1);
9280 - local_flush_tlb();
9282 - /* Could also do a CLFLUSH here to speed up CPU recovery; but
9283 - that causes hangs on some VIA CPUs. */
9284 + text_poke_early(addr, opcode, len);
9285 for (i = 0; i < len; i++)
9286 - BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
9287 - local_irq_restore(flags);
9288 + BUG_ON(((char *)vaddr)[i] != ((char *)opcode)[i]);
9291 diff -urNp linux-2.6.32.1/arch/x86/kernel/amd_iommu.c linux-2.6.32.1/arch/x86/kernel/amd_iommu.c
9292 --- linux-2.6.32.1/arch/x86/kernel/amd_iommu.c 2009-12-02 22:51:21.000000000 -0500
9293 +++ linux-2.6.32.1/arch/x86/kernel/amd_iommu.c 2009-12-14 18:33:51.637702583 -0500
9294 @@ -2069,7 +2069,7 @@ static void prealloc_protection_domains(
9298 -static struct dma_map_ops amd_iommu_dma_ops = {
9299 +static const struct dma_map_ops amd_iommu_dma_ops = {
9300 .alloc_coherent = alloc_coherent,
9301 .free_coherent = free_coherent,
9302 .map_page = map_page,
9303 diff -urNp linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c
9304 --- linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c 2009-12-02 22:51:21.000000000 -0500
9305 +++ linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c 2009-12-14 18:33:51.639703158 -0500
9306 @@ -711,7 +711,7 @@ struct IO_APIC_route_entry **alloc_ioapi
9307 ioapic_entries = kzalloc(sizeof(*ioapic_entries) * nr_ioapics,
9309 if (!ioapic_entries)
9313 for (apic = 0; apic < nr_ioapics; apic++) {
9314 ioapic_entries[apic] =
9315 @@ -728,7 +728,7 @@ nomem:
9316 kfree(ioapic_entries[apic]);
9317 kfree(ioapic_entries);
9324 @@ -1145,7 +1145,7 @@ int IO_APIC_get_PCI_irq_vector(int bus,
9326 EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector);
9328 -void lock_vector_lock(void)
9329 +void lock_vector_lock(void) __acquires(vector_lock)
9331 /* Used to the online set of cpus does not change
9332 * during assign_irq_vector.
9333 @@ -1153,7 +1153,7 @@ void lock_vector_lock(void)
9334 spin_lock(&vector_lock);
9337 -void unlock_vector_lock(void)
9338 +void unlock_vector_lock(void) __releases(vector_lock)
9340 spin_unlock(&vector_lock);
9342 diff -urNp linux-2.6.32.1/arch/x86/kernel/apm_32.c linux-2.6.32.1/arch/x86/kernel/apm_32.c
9343 --- linux-2.6.32.1/arch/x86/kernel/apm_32.c 2009-12-02 22:51:21.000000000 -0500
9344 +++ linux-2.6.32.1/arch/x86/kernel/apm_32.c 2009-12-14 18:33:51.650727711 -0500
9345 @@ -410,7 +410,7 @@ static DEFINE_SPINLOCK(user_list_lock);
9346 * This is for buggy BIOS's that refer to (real mode) segment 0x40
9347 * even though they are called in protected mode.
9349 -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
9350 +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
9351 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
9353 static const char driver_version[] = "1.16ac"; /* no spaces */
9354 @@ -588,7 +588,10 @@ static long __apm_bios_call(void *_call)
9356 gdt = get_cpu_gdt_table(cpu);
9357 save_desc_40 = gdt[0x40 / 8];
9359 + pax_open_kernel();
9360 gdt[0x40 / 8] = bad_bios_desc;
9361 + pax_close_kernel();
9363 apm_irq_save(flags);
9365 @@ -597,7 +600,11 @@ static long __apm_bios_call(void *_call)
9367 APM_DO_RESTORE_SEGS;
9368 apm_irq_restore(flags);
9370 + pax_open_kernel();
9371 gdt[0x40 / 8] = save_desc_40;
9372 + pax_close_kernel();
9376 return call->eax & 0xff;
9377 @@ -664,7 +671,10 @@ static long __apm_bios_call_simple(void
9379 gdt = get_cpu_gdt_table(cpu);
9380 save_desc_40 = gdt[0x40 / 8];
9382 + pax_open_kernel();
9383 gdt[0x40 / 8] = bad_bios_desc;
9384 + pax_close_kernel();
9386 apm_irq_save(flags);
9388 @@ -672,7 +682,11 @@ static long __apm_bios_call_simple(void
9390 APM_DO_RESTORE_SEGS;
9391 apm_irq_restore(flags);
9393 + pax_open_kernel();
9394 gdt[0x40 / 8] = save_desc_40;
9395 + pax_close_kernel();
9400 @@ -975,7 +989,7 @@ recalc:
9402 static void apm_power_off(void)
9404 - unsigned char po_bios_call[] = {
9405 + const unsigned char po_bios_call[] = {
9406 0xb8, 0x00, 0x10, /* movw $0x1000,ax */
9407 0x8e, 0xd0, /* movw ax,ss */
9408 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */
9409 @@ -1933,7 +1947,10 @@ static const struct file_operations apm_
9410 static struct miscdevice apm_device = {
9421 @@ -2254,7 +2271,7 @@ static struct dmi_system_id __initdata a
9422 { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
9426 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
9430 @@ -2357,12 +2374,15 @@ static int __init apm_init(void)
9433 gdt = get_cpu_gdt_table(0);
9435 + pax_open_kernel();
9436 set_desc_base(&gdt[APM_CS >> 3],
9437 (unsigned long)__va((unsigned long)apm_info.bios.cseg << 4));
9438 set_desc_base(&gdt[APM_CS_16 >> 3],
9439 (unsigned long)__va((unsigned long)apm_info.bios.cseg_16 << 4));
9440 set_desc_base(&gdt[APM_DS >> 3],
9441 (unsigned long)__va((unsigned long)apm_info.bios.dseg << 4));
9442 + pax_close_kernel();
9444 proc_create("apm", 0, NULL, &apm_file_ops);
9446 diff -urNp linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c
9447 --- linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c 2009-12-02 22:51:21.000000000 -0500
9448 +++ linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c 2009-12-14 18:33:51.650727711 -0500
9449 @@ -115,6 +115,11 @@ void foo(void)
9450 OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
9451 OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
9452 OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
9454 +#ifdef CONFIG_PAX_KERNEXEC
9455 + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
9461 diff -urNp linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c
9462 --- linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c 2009-12-02 22:51:21.000000000 -0500
9463 +++ linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c 2009-12-14 18:33:51.651715474 -0500
9464 @@ -115,6 +115,7 @@ int main(void)
9468 + DEFINE(TSS_size, sizeof(struct tss_struct));
9469 DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
9471 DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
9472 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/common.c linux-2.6.32.1/arch/x86/kernel/cpu/common.c
9473 --- linux-2.6.32.1/arch/x86/kernel/cpu/common.c 2009-12-02 22:51:21.000000000 -0500
9474 +++ linux-2.6.32.1/arch/x86/kernel/cpu/common.c 2009-12-14 18:33:51.651715474 -0500
9475 @@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitcon
9477 static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
9479 -DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
9480 -#ifdef CONFIG_X86_64
9482 - * We need valid kernel segments for data and code in long mode too
9483 - * IRET will check the segment types kkeil 2000/10/28
9484 - * Also sysret mandates a special GDT layout
9486 - * TLS descriptors are currently at a different place compared to i386.
9487 - * Hopefully nobody expects them at a fixed place (Wine?)
9489 - [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff),
9490 - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff),
9491 - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc093, 0, 0xfffff),
9492 - [GDT_ENTRY_DEFAULT_USER32_CS] = GDT_ENTRY_INIT(0xc0fb, 0, 0xfffff),
9493 - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f3, 0, 0xfffff),
9494 - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xa0fb, 0, 0xfffff),
9496 - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xc09a, 0, 0xfffff),
9497 - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
9498 - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xc0fa, 0, 0xfffff),
9499 - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f2, 0, 0xfffff),
9501 - * Segments used for calling PnP BIOS have byte granularity.
9502 - * They code segments and data segments have fixed 64k limits,
9503 - * the transfer segment sizes are set at run time.
9506 - [GDT_ENTRY_PNPBIOS_CS32] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
9508 - [GDT_ENTRY_PNPBIOS_CS16] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
9510 - [GDT_ENTRY_PNPBIOS_DS] = GDT_ENTRY_INIT(0x0092, 0, 0xffff),
9512 - [GDT_ENTRY_PNPBIOS_TS1] = GDT_ENTRY_INIT(0x0092, 0, 0),
9514 - [GDT_ENTRY_PNPBIOS_TS2] = GDT_ENTRY_INIT(0x0092, 0, 0),
9516 - * The APM segments have byte granularity and their bases
9517 - * are set at run time. All have 64k limits.
9520 - [GDT_ENTRY_APMBIOS_BASE] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
9522 - [GDT_ENTRY_APMBIOS_BASE+1] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
9524 - [GDT_ENTRY_APMBIOS_BASE+2] = GDT_ENTRY_INIT(0x4092, 0, 0xffff),
9526 - [GDT_ENTRY_ESPFIX_SS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
9527 - [GDT_ENTRY_PERCPU] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
9528 - GDT_STACK_CANARY_INIT
9531 -EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
9533 static int __init x86_xsave_setup(char *s)
9535 setup_clear_cpu_cap(X86_FEATURE_XSAVE);
9536 @@ -344,7 +290,7 @@ void switch_to_new_gdt(int cpu)
9538 struct desc_ptr gdt_descr;
9540 - gdt_descr.address = (long)get_cpu_gdt_table(cpu);
9541 + gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
9542 gdt_descr.size = GDT_SIZE - 1;
9543 load_gdt(&gdt_descr);
9544 /* Reload the per-cpu base */
9545 @@ -798,6 +744,10 @@ static void __cpuinit identify_cpu(struc
9546 /* Filter out anything that depends on CPUID levels we don't have */
9547 filter_cpuid_features(c, true);
9549 +#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
9550 + setup_clear_cpu_cap(X86_FEATURE_SEP);
9553 /* If the model name is still unset, do table lookup. */
9554 if (!c->x86_model_id[0]) {
9556 @@ -1101,7 +1051,7 @@ void __cpuinit cpu_init(void)
9559 cpu = stack_smp_processor_id();
9560 - t = &per_cpu(init_tss, cpu);
9561 + t = init_tss + cpu;
9562 orig_ist = &per_cpu(orig_ist, cpu);
9565 @@ -1199,7 +1149,7 @@ void __cpuinit cpu_init(void)
9567 int cpu = smp_processor_id();
9568 struct task_struct *curr = current;
9569 - struct tss_struct *t = &per_cpu(init_tss, cpu);
9570 + struct tss_struct *t = init_tss + cpu;
9571 struct thread_struct *thread = &curr->thread;
9573 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
9574 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
9575 --- linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2009-12-02 22:51:21.000000000 -0500
9576 +++ linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2009-12-14 18:33:51.651715474 -0500
9577 @@ -521,7 +521,7 @@ static const struct dmi_system_id sw_any
9578 DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"),
9582 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
9585 static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c)
9586 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
9587 --- linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2009-12-02 22:51:21.000000000 -0500
9588 +++ linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2009-12-14 18:33:51.651715474 -0500
9589 @@ -225,7 +225,7 @@ static struct cpu_model models[] =
9590 { &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL },
9591 { &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL },
9594 + { NULL, NULL, 0, NULL}
9598 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/intel.c linux-2.6.32.1/arch/x86/kernel/cpu/intel.c
9599 --- linux-2.6.32.1/arch/x86/kernel/cpu/intel.c 2009-12-02 22:51:21.000000000 -0500
9600 +++ linux-2.6.32.1/arch/x86/kernel/cpu/intel.c 2009-12-14 18:33:51.652916887 -0500
9601 @@ -140,7 +140,7 @@ static void __cpuinit trap_init_f00f_bug
9602 * Update the IDT descriptor and reload the IDT so that
9603 * it uses the read-only mapped virtual address.
9605 - idt_descr.address = fix_to_virt(FIX_F00F_IDT);
9606 + idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
9607 load_idt(&idt_descr);
9610 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c
9611 --- linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c 2009-12-02 22:51:21.000000000 -0500
9612 +++ linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c 2009-12-14 18:33:51.654157859 -0500
9613 @@ -860,7 +860,7 @@ static ssize_t store(struct kobject *kob
9617 -static struct sysfs_ops sysfs_ops = {
9618 +static const struct sysfs_ops sysfs_ops = {
9622 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/Makefile linux-2.6.32.1/arch/x86/kernel/cpu/Makefile
9623 --- linux-2.6.32.1/arch/x86/kernel/cpu/Makefile 2009-12-02 22:51:21.000000000 -0500
9624 +++ linux-2.6.32.1/arch/x86/kernel/cpu/Makefile 2009-12-14 18:33:51.654722553 -0500
9625 @@ -7,10 +7,6 @@ ifdef CONFIG_FUNCTION_TRACER
9626 CFLAGS_REMOVE_common.o = -pg
9629 -# Make sure load_percpu_segment has no stackprotector
9630 -nostackp := $(call cc-option, -fno-stack-protector)
9631 -CFLAGS_common.o := $(nostackp)
9633 obj-y := intel_cacheinfo.o addon_cpuid_features.o
9634 obj-y += proc.o capflags.o powerflags.o common.o
9635 obj-y += vmware.o hypervisor.o sched.o
9636 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c
9637 --- linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c 2009-12-02 22:51:21.000000000 -0500
9638 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c 2009-12-14 18:33:51.654722553 -0500
9639 @@ -388,7 +388,7 @@ static ssize_t store(struct kobject *kob
9643 -static struct sysfs_ops threshold_ops = {
9644 +static const struct sysfs_ops threshold_ops = {
9648 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c
9649 --- linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c 2009-12-02 22:51:21.000000000 -0500
9650 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c 2009-12-14 18:33:51.654722553 -0500
9651 @@ -1428,14 +1428,14 @@ void __cpuinit mcheck_init(struct cpuinf
9654 static DEFINE_SPINLOCK(mce_state_lock);
9655 -static int open_count; /* #times opened */
9656 +static atomic_t open_count; /* #times opened */
9657 static int open_exclu; /* already open exclusive? */
9659 static int mce_open(struct inode *inode, struct file *file)
9661 spin_lock(&mce_state_lock);
9663 - if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
9664 + if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) {
9665 spin_unlock(&mce_state_lock);
9668 @@ -1443,7 +1443,7 @@ static int mce_open(struct inode *inode,
9670 if (file->f_flags & O_EXCL)
9673 + atomic_inc(&open_count);
9675 spin_unlock(&mce_state_lock);
9677 @@ -1454,7 +1454,7 @@ static int mce_release(struct inode *ino
9679 spin_lock(&mce_state_lock);
9682 + atomic_dec(&open_count);
9685 spin_unlock(&mce_state_lock);
9686 @@ -1594,6 +1594,7 @@ static struct miscdevice mce_log_device
9690 + {NULL, NULL}, NULL, NULL
9694 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c
9695 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c 2009-12-02 22:51:21.000000000 -0500
9696 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c 2009-12-14 18:33:51.655699526 -0500
9697 @@ -108,7 +108,7 @@ amd_validate_add_page(unsigned long base
9701 -static struct mtrr_ops amd_mtrr_ops = {
9702 +static const struct mtrr_ops amd_mtrr_ops = {
9703 .vendor = X86_VENDOR_AMD,
9704 .set = amd_set_mtrr,
9705 .get = amd_get_mtrr,
9706 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c
9707 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c 2009-12-02 22:51:21.000000000 -0500
9708 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c 2009-12-14 18:33:51.655699526 -0500
9709 @@ -110,7 +110,7 @@ centaur_validate_add_page(unsigned long
9713 -static struct mtrr_ops centaur_mtrr_ops = {
9714 +static const struct mtrr_ops centaur_mtrr_ops = {
9715 .vendor = X86_VENDOR_CENTAUR,
9716 .set = centaur_set_mcr,
9717 .get = centaur_get_mcr,
9718 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c
9719 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c 2009-12-02 22:51:21.000000000 -0500
9720 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c 2009-12-14 18:33:51.655699526 -0500
9721 @@ -265,7 +265,7 @@ static void cyrix_set_all(void)
9725 -static struct mtrr_ops cyrix_mtrr_ops = {
9726 +static const struct mtrr_ops cyrix_mtrr_ops = {
9727 .vendor = X86_VENDOR_CYRIX,
9728 .set_all = cyrix_set_all,
9729 .set = cyrix_set_arr,
9730 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c
9731 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c 2009-12-02 22:51:21.000000000 -0500
9732 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c 2009-12-14 18:33:51.655699526 -0500
9733 @@ -29,7 +29,7 @@ static struct fixed_range_block fixed_ra
9734 { MSR_MTRRfix64K_00000, 1 }, /* one 64k MTRR */
9735 { MSR_MTRRfix16K_80000, 2 }, /* two 16k MTRRs */
9736 { MSR_MTRRfix4K_C0000, 8 }, /* eight 4k MTRRs */
9741 static unsigned long smp_changes_mask;
9742 @@ -752,7 +752,7 @@ int positive_have_wrcomb(void)
9744 * Generic structure...
9746 -struct mtrr_ops generic_mtrr_ops = {
9747 +const struct mtrr_ops generic_mtrr_ops = {
9749 .set_all = generic_set_all,
9750 .get = generic_get_mtrr,
9751 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c
9752 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c 2009-12-02 22:51:21.000000000 -0500
9753 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c 2009-12-14 18:33:51.655699526 -0500
9754 @@ -60,14 +60,14 @@ static DEFINE_MUTEX(mtrr_mutex);
9755 u64 size_or_mask, size_and_mask;
9756 static bool mtrr_aps_delayed_init;
9758 -static struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM];
9759 +static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __read_only;
9761 -struct mtrr_ops *mtrr_if;
9762 +const struct mtrr_ops *mtrr_if;
9764 static void set_mtrr(unsigned int reg, unsigned long base,
9765 unsigned long size, mtrr_type type);
9767 -void set_mtrr_ops(struct mtrr_ops *ops)
9768 +void set_mtrr_ops(const struct mtrr_ops *ops)
9770 if (ops->vendor && ops->vendor < X86_VENDOR_NUM)
9771 mtrr_ops[ops->vendor] = ops;
9772 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h
9773 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h 2009-12-02 22:51:21.000000000 -0500
9774 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h 2009-12-14 18:33:51.657105851 -0500
9776 extern unsigned int mtrr_usage_table[MTRR_MAX_VAR_RANGES];
9781 - void (*set)(unsigned int reg, unsigned long base,
9783 + const u32 use_intel_if;
9784 + void (* const set)(unsigned int reg, unsigned long base,
9785 unsigned long size, mtrr_type type);
9786 - void (*set_all)(void);
9787 + void (* const set_all)(void);
9789 - void (*get)(unsigned int reg, unsigned long *base,
9790 + void (* const get)(unsigned int reg, unsigned long *base,
9791 unsigned long *size, mtrr_type *type);
9792 - int (*get_free_region)(unsigned long base, unsigned long size,
9793 + int (* const get_free_region)(unsigned long base, unsigned long size,
9795 - int (*validate_add_page)(unsigned long base, unsigned long size,
9796 + int (* const validate_add_page)(unsigned long base, unsigned long size,
9798 - int (*have_wrcomb)(void);
9799 + int (* const have_wrcomb)(void);
9802 extern int generic_get_free_region(unsigned long base, unsigned long size,
9803 @@ -32,7 +32,7 @@ extern int generic_get_free_region(unsig
9804 extern int generic_validate_add_page(unsigned long base, unsigned long size,
9807 -extern struct mtrr_ops generic_mtrr_ops;
9808 +extern const struct mtrr_ops generic_mtrr_ops;
9810 extern int positive_have_wrcomb(void);
9812 @@ -53,10 +53,10 @@ void fill_mtrr_var_range(unsigned int in
9813 u32 base_lo, u32 base_hi, u32 mask_lo, u32 mask_hi);
9814 void get_mtrr_state(void);
9816 -extern void set_mtrr_ops(struct mtrr_ops *ops);
9817 +extern void set_mtrr_ops(const struct mtrr_ops *ops);
9819 extern u64 size_or_mask, size_and_mask;
9820 -extern struct mtrr_ops *mtrr_if;
9821 +extern const struct mtrr_ops *mtrr_if;
9823 #define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd)
9824 #define use_intel() (mtrr_if && mtrr_if->use_intel_if == 1)
9825 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c
9826 --- linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c 2009-12-02 22:51:21.000000000 -0500
9827 +++ linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c 2009-12-14 18:33:51.657724494 -0500
9828 @@ -30,11 +30,11 @@ struct nmi_watchdog_ctlblk {
9830 /* Interface defining a CPU specific perfctr watchdog */
9832 - int (*reserve)(void);
9833 - void (*unreserve)(void);
9834 - int (*setup)(unsigned nmi_hz);
9835 - void (*rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz);
9836 - void (*stop)(void);
9837 + int (* const reserve)(void);
9838 + void (* const unreserve)(void);
9839 + int (* const setup)(unsigned nmi_hz);
9840 + void (* const rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz);
9841 + void (* const stop)(void);
9845 @@ -645,6 +645,7 @@ static const struct wd_ops p4_wd_ops = {
9846 #define ARCH_PERFMON_NMI_EVENT_SEL ARCH_PERFMON_UNHALTED_CORE_CYCLES_SEL
9847 #define ARCH_PERFMON_NMI_EVENT_UMASK ARCH_PERFMON_UNHALTED_CORE_CYCLES_UMASK
9849 +/* cannot be const */
9850 static struct wd_ops intel_arch_wd_ops;
9852 static int setup_intel_arch_watchdog(unsigned nmi_hz)
9853 @@ -697,6 +698,7 @@ static int setup_intel_arch_watchdog(uns
9857 +/* cannot be const */
9858 static struct wd_ops intel_arch_wd_ops __read_mostly = {
9859 .reserve = single_msr_reserve,
9860 .unreserve = single_msr_unreserve,
9861 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c
9862 --- linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c 2009-12-02 22:51:21.000000000 -0500
9863 +++ linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c 2009-12-14 18:33:51.657724494 -0500
9864 @@ -2252,7 +2252,7 @@ perf_callchain_user(struct pt_regs *regs
9867 callchain_store(entry, frame.return_address);
9868 - fp = frame.next_frame;
9869 + fp = (__force const void __user *)frame.next_frame;
9873 diff -urNp linux-2.6.32.1/arch/x86/kernel/crash.c linux-2.6.32.1/arch/x86/kernel/crash.c
9874 --- linux-2.6.32.1/arch/x86/kernel/crash.c 2009-12-02 22:51:21.000000000 -0500
9875 +++ linux-2.6.32.1/arch/x86/kernel/crash.c 2009-12-14 18:33:51.657724494 -0500
9876 @@ -42,7 +42,7 @@ static void kdump_nmi_callback(int cpu,
9879 #ifdef CONFIG_X86_32
9880 - if (!user_mode_vm(regs)) {
9881 + if (!user_mode(regs)) {
9882 crash_fixup_ss_esp(&fixed_regs, regs);
9885 diff -urNp linux-2.6.32.1/arch/x86/kernel/doublefault_32.c linux-2.6.32.1/arch/x86/kernel/doublefault_32.c
9886 --- linux-2.6.32.1/arch/x86/kernel/doublefault_32.c 2009-12-02 22:51:21.000000000 -0500
9887 +++ linux-2.6.32.1/arch/x86/kernel/doublefault_32.c 2009-12-14 18:33:51.657724494 -0500
9890 #define DOUBLEFAULT_STACKSIZE (1024)
9891 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
9892 -#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
9893 +#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2)
9895 #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
9897 @@ -21,7 +21,7 @@ static void doublefault_fn(void)
9898 unsigned long gdt, tss;
9900 store_gdt(&gdt_desc);
9901 - gdt = gdt_desc.address;
9902 + gdt = (unsigned long)gdt_desc.address;
9904 printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
9906 @@ -58,10 +58,10 @@ struct tss_struct doublefault_tss __cach
9907 /* 0x2 bit is always set */
9908 .flags = X86_EFLAGS_SF | 0x2,
9911 + .es = __KERNEL_DS,
9915 + .ds = __KERNEL_DS,
9916 .fs = __KERNEL_PERCPU,
9918 .__cr3 = __pa_nodebug(swapper_pg_dir),
9919 diff -urNp linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c
9920 --- linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c 2009-12-02 22:51:21.000000000 -0500
9921 +++ linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c 2009-12-14 18:33:51.658747364 -0500
9922 @@ -112,11 +112,12 @@ void show_registers(struct pt_regs *regs
9923 * When in-kernel, we also print out the stack and code at the
9924 * time of the fault..
9926 - if (!user_mode_vm(regs)) {
9927 + if (!user_mode(regs)) {
9928 unsigned int code_prologue = code_bytes * 43 / 64;
9929 unsigned int code_len = code_bytes;
9932 + unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
9934 printk(KERN_EMERG "Stack:\n");
9935 show_stack_log_lvl(NULL, regs, ®s->sp,
9936 @@ -124,10 +125,10 @@ void show_registers(struct pt_regs *regs
9938 printk(KERN_EMERG "Code: ");
9940 - ip = (u8 *)regs->ip - code_prologue;
9941 + ip = (u8 *)regs->ip - code_prologue + cs_base;
9942 if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
9943 /* try starting at IP */
9944 - ip = (u8 *)regs->ip;
9945 + ip = (u8 *)regs->ip + cs_base;
9946 code_len = code_len - code_prologue + 1;
9948 for (i = 0; i < code_len; i++, ip++) {
9949 @@ -136,7 +137,7 @@ void show_registers(struct pt_regs *regs
9950 printk(" Bad EIP value.");
9953 - if (ip == (u8 *)regs->ip)
9954 + if (ip == (u8 *)regs->ip + cs_base)
9955 printk("<%02x> ", c);
9958 @@ -149,6 +150,7 @@ int is_valid_bugaddr(unsigned long ip)
9962 + ip = ktla_ktva(ip);
9963 if (ip < PAGE_OFFSET)
9965 if (probe_kernel_address((unsigned short *)ip, ud2))
9966 diff -urNp linux-2.6.32.1/arch/x86/kernel/dumpstack.c linux-2.6.32.1/arch/x86/kernel/dumpstack.c
9967 --- linux-2.6.32.1/arch/x86/kernel/dumpstack.c 2009-12-02 22:51:21.000000000 -0500
9968 +++ linux-2.6.32.1/arch/x86/kernel/dumpstack.c 2009-12-14 18:33:51.658747364 -0500
9969 @@ -180,7 +180,7 @@ void dump_stack(void)
9972 printk("Pid: %d, comm: %.20s xid: #%u %s %s %.*s\n",
9973 - current->pid, current->comm, current->xid, print_tainted(),
9974 + task_pid_nr(current), current->comm, current->xid, print_tainted(),
9975 init_utsname()->release,
9976 (int)strcspn(init_utsname()->version, " "),
9977 init_utsname()->version);
9978 @@ -241,7 +241,7 @@ void __kprobes oops_end(unsigned long fl
9979 panic("Fatal exception in interrupt");
9981 panic("Fatal exception");
9983 + do_group_exit(signr);
9986 int __kprobes __die(const char *str, struct pt_regs *regs, long err)
9987 @@ -295,7 +295,7 @@ void die(const char *str, struct pt_regs
9988 unsigned long flags = oops_begin();
9991 - if (!user_mode_vm(regs))
9992 + if (!user_mode(regs))
9993 report_bug(regs->ip, regs);
9995 if (__die(str, regs, err))
9996 diff -urNp linux-2.6.32.1/arch/x86/kernel/e820.c linux-2.6.32.1/arch/x86/kernel/e820.c
9997 --- linux-2.6.32.1/arch/x86/kernel/e820.c 2009-12-02 22:51:21.000000000 -0500
9998 +++ linux-2.6.32.1/arch/x86/kernel/e820.c 2009-12-14 18:33:51.663700965 -0500
9999 @@ -733,7 +733,10 @@ struct early_res {
10001 static struct early_res early_res[MAX_EARLY_RES] __initdata = {
10002 { 0, PAGE_SIZE, "BIOS data page" }, /* BIOS data page */
10004 +#ifdef CONFIG_VM86
10005 + { PAGE_SIZE, ISA_START_ADDRESS, "V86 mode memory", 1 },
10010 static int __init find_overlapped_early(u64 start, u64 end)
10011 diff -urNp linux-2.6.32.1/arch/x86/kernel/efi_32.c linux-2.6.32.1/arch/x86/kernel/efi_32.c
10012 --- linux-2.6.32.1/arch/x86/kernel/efi_32.c 2009-12-02 22:51:21.000000000 -0500
10013 +++ linux-2.6.32.1/arch/x86/kernel/efi_32.c 2009-12-14 18:33:51.663700965 -0500
10014 @@ -38,70 +38,38 @@
10017 static unsigned long efi_rt_eflags;
10018 -static pgd_t efi_bak_pg_dir_pointer[2];
10019 +static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS];
10021 -void efi_call_phys_prelog(void)
10022 +void __init efi_call_phys_prelog(void)
10024 - unsigned long cr4;
10025 - unsigned long temp;
10026 struct desc_ptr gdt_descr;
10028 local_irq_save(efi_rt_eflags);
10031 - * If I don't have PAE, I should just duplicate two entries in page
10032 - * directory. If I have PAE, I just need to duplicate one entry in
10033 - * page directory.
10035 - cr4 = read_cr4_safe();
10037 - if (cr4 & X86_CR4_PAE) {
10038 - efi_bak_pg_dir_pointer[0].pgd =
10039 - swapper_pg_dir[pgd_index(0)].pgd;
10040 - swapper_pg_dir[0].pgd =
10041 - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
10043 - efi_bak_pg_dir_pointer[0].pgd =
10044 - swapper_pg_dir[pgd_index(0)].pgd;
10045 - efi_bak_pg_dir_pointer[1].pgd =
10046 - swapper_pg_dir[pgd_index(0x400000)].pgd;
10047 - swapper_pg_dir[pgd_index(0)].pgd =
10048 - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
10049 - temp = PAGE_OFFSET + 0x400000;
10050 - swapper_pg_dir[pgd_index(0x400000)].pgd =
10051 - swapper_pg_dir[pgd_index(temp)].pgd;
10053 + clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS);
10054 + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
10055 + min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
10058 * After the lock is released, the original page table is restored.
10062 - gdt_descr.address = __pa(get_cpu_gdt_table(0));
10063 + gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
10064 gdt_descr.size = GDT_SIZE - 1;
10065 load_gdt(&gdt_descr);
10068 -void efi_call_phys_epilog(void)
10069 +void __init efi_call_phys_epilog(void)
10071 - unsigned long cr4;
10072 struct desc_ptr gdt_descr;
10074 - gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
10075 + gdt_descr.address = get_cpu_gdt_table(0);
10076 gdt_descr.size = GDT_SIZE - 1;
10077 load_gdt(&gdt_descr);
10079 - cr4 = read_cr4_safe();
10081 - if (cr4 & X86_CR4_PAE) {
10082 - swapper_pg_dir[pgd_index(0)].pgd =
10083 - efi_bak_pg_dir_pointer[0].pgd;
10085 - swapper_pg_dir[pgd_index(0)].pgd =
10086 - efi_bak_pg_dir_pointer[0].pgd;
10087 - swapper_pg_dir[pgd_index(0x400000)].pgd =
10088 - efi_bak_pg_dir_pointer[1].pgd;
10090 + clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS);
10093 * After the lock is released, the original page table is restored.
10094 diff -urNp linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S
10095 --- linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S 2009-12-02 22:51:21.000000000 -0500
10096 +++ linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S 2009-12-14 18:33:51.664705034 -0500
10100 #include <linux/linkage.h>
10101 +#include <linux/init.h>
10102 #include <asm/page_types.h>
10106 * service functions will comply with gcc calling convention, too.
10111 ENTRY(efi_call_phys)
10113 * 0. The function can only be called in Linux kernel. So CS has been
10114 @@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
10115 * The mapping of lower virtual memory has been created in prelog and
10119 - subl $__PAGE_OFFSET, %edx
10121 + jmp 1f-__PAGE_OFFSET
10125 @@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
10126 * parameter 2, ..., param n. To make things easy, we save the return
10127 * address of efi_call_phys in a global variable.
10130 - movl %edx, saved_return_addr
10131 - /* get the function pointer into ECX*/
10133 - movl %ecx, efi_rt_function_ptr
10135 - subl $__PAGE_OFFSET, %edx
10137 + popl (saved_return_addr)
10138 + popl (efi_rt_function_ptr)
10141 * 3. Clear PG bit in %CR0.
10142 @@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
10144 * 5. Call the physical function.
10147 + call *(efi_rt_function_ptr-__PAGE_OFFSET)
10151 * 6. After EFI runtime service returns, control will return to
10152 * following instruction. We'd better readjust stack pointer first.
10153 @@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
10155 orl $0x80000000, %edx
10161 * 8. Now restore the virtual mode from flat mode by
10162 * adding EIP with PAGE_OFFSET.
10166 + jmp 1f+__PAGE_OFFSET
10170 * 9. Balance the stack. And because EAX contain the return value,
10171 * we'd better not clobber it.
10173 - leal efi_rt_function_ptr, %edx
10174 - movl (%edx), %ecx
10176 + pushl (efi_rt_function_ptr)
10179 - * 10. Push the saved return address onto the stack and return.
10180 + * 10. Return to the saved return address.
10182 - leal saved_return_addr, %edx
10183 - movl (%edx), %ecx
10186 + jmpl *(saved_return_addr)
10187 ENDPROC(efi_call_phys)
10194 efi_rt_function_ptr:
10195 diff -urNp linux-2.6.32.1/arch/x86/kernel/entry_32.S linux-2.6.32.1/arch/x86/kernel/entry_32.S
10196 --- linux-2.6.32.1/arch/x86/kernel/entry_32.S 2009-12-02 22:51:21.000000000 -0500
10197 +++ linux-2.6.32.1/arch/x86/kernel/entry_32.S 2009-12-14 18:33:51.664705034 -0500
10198 @@ -191,7 +191,7 @@
10200 #endif /* CONFIG_X86_32_LAZY_GS */
10203 +.macro __SAVE_ALL _DS
10207 @@ -224,7 +224,7 @@
10209 CFI_ADJUST_CFA_OFFSET 4
10210 CFI_REL_OFFSET ebx, 0
10211 - movl $(__USER_DS), %edx
10215 movl $(__KERNEL_PERCPU), %edx
10216 @@ -232,6 +232,15 @@
10221 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
10222 + __SAVE_ALL __KERNEL_DS
10225 + __SAVE_ALL __USER_DS
10229 .macro RESTORE_INT_REGS
10231 CFI_ADJUST_CFA_OFFSET -4
10232 @@ -352,7 +361,15 @@ check_userspace:
10233 movb PT_CS(%esp), %al
10234 andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
10235 cmpl $USER_RPL, %eax
10237 +#ifdef CONFIG_PAX_KERNEXEC
10238 + jae resume_userspace
10241 + jmp resume_kernel
10243 jb resume_kernel # not returning to v8086 or userspace
10246 ENTRY(resume_userspace)
10248 @@ -414,10 +431,9 @@ sysenter_past_esp:
10249 /*CFI_REL_OFFSET cs, 0*/
10251 * Push current_thread_info()->sysenter_return to the stack.
10252 - * A tiny bit of offset fixup is necessary - 4*4 means the 4 words
10253 - * pushed above; +8 corresponds to copy_thread's esp0 setting.
10255 - pushl (TI_sysenter_return-THREAD_SIZE+8+4*4)(%esp)
10256 + GET_THREAD_INFO(%ebp)
10257 + pushl TI_sysenter_return(%ebp)
10258 CFI_ADJUST_CFA_OFFSET 4
10259 CFI_REL_OFFSET eip, 0
10261 @@ -430,9 +446,19 @@ sysenter_past_esp:
10262 * Load the potential sixth argument from user stack.
10263 * Careful about security.
10265 + movl PT_OLDESP(%esp),%ebp
10267 +#ifdef CONFIG_PAX_MEMORY_UDEREF
10268 + mov PT_OLDSS(%esp),%ds
10269 +1: movl %ds:(%ebp),%ebp
10273 cmpl $__PAGE_OFFSET-3,%ebp
10275 1: movl (%ebp),%ebp
10278 movl %ebp,PT_EBP(%esp)
10279 .section __ex_table,"a"
10281 @@ -455,12 +481,23 @@ sysenter_do_call:
10282 testl $_TIF_ALLWORK_MASK, %ecx
10286 +#ifdef CONFIG_PAX_RANDKSTACK
10288 + CFI_ADJUST_CFA_OFFSET 4
10289 + call pax_randomize_kstack
10291 + CFI_ADJUST_CFA_OFFSET -4
10294 /* if something modifies registers it must also disable sysexit */
10295 movl PT_EIP(%esp), %edx
10296 movl PT_OLDESP(%esp), %ecx
10299 1: mov PT_FS(%esp), %fs
10300 +2: mov PT_DS(%esp), %ds
10301 +3: mov PT_ES(%esp), %es
10303 ENABLE_INTERRUPTS_SYSEXIT
10305 @@ -504,11 +541,17 @@ sysexit_audit:
10308 .pushsection .fixup,"ax"
10309 -2: movl $0,PT_FS(%esp)
10310 +4: movl $0,PT_FS(%esp)
10312 +5: movl $0,PT_DS(%esp)
10314 +6: movl $0,PT_ES(%esp)
10316 .section __ex_table,"a"
10324 ENDPROC(ia32_sysenter_target)
10325 @@ -538,6 +581,10 @@ syscall_exit:
10326 testl $_TIF_ALLWORK_MASK, %ecx # current->work
10327 jne syscall_exit_work
10329 +#ifdef CONFIG_PAX_RANDKSTACK
10330 + call pax_randomize_kstack
10335 restore_all_notrace:
10336 @@ -602,7 +649,13 @@ ldt_ss:
10337 mov PT_OLDESP(%esp), %eax /* load userspace esp */
10338 mov %dx, %ax /* eax: new kernel esp */
10339 sub %eax, %edx /* offset (low word is 0) */
10340 - PER_CPU(gdt_page, %ebx)
10342 + movl PER_CPU_VAR(cpu_number), %ebx
10343 + shll $PAGE_SHIFT_asm, %ebx
10344 + addl $cpu_gdt_table, %ebx
10346 + movl $cpu_gdt_table, %ebx
10349 mov %dl, GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx) /* bits 16..23 */
10350 mov %dh, GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx) /* bits 24..31 */
10351 @@ -642,25 +695,19 @@ work_resched:
10353 work_notifysig: # deal with pending signals and
10354 # notify-resume requests
10357 testl $X86_EFLAGS_VM, PT_EFLAGS(%esp)
10359 - jne work_notifysig_v86 # returning to kernel-space or
10360 + jz 1f # returning to kernel-space or
10363 - call do_notify_resume
10364 - jmp resume_userspace_sig
10367 -work_notifysig_v86:
10368 pushl %ecx # save ti_flags for do_notify_resume
10369 CFI_ADJUST_CFA_OFFSET 4
10370 call save_v86_state # %eax contains pt_regs pointer
10372 CFI_ADJUST_CFA_OFFSET -4
10379 call do_notify_resume
10380 @@ -695,6 +742,10 @@ END(syscall_exit_work)
10382 RING0_INT_FRAME # can't unwind into user space anyway
10384 +#ifdef CONFIG_PAX_MEMORY_UDEREF
10388 GET_THREAD_INFO(%ebp)
10389 movl $-EFAULT,PT_EAX(%esp)
10390 jmp resume_userspace
10391 @@ -735,7 +786,13 @@ PTREGSCALL(vm86old)
10392 * normal stack and adjusts ESP with the matching offset.
10394 /* fixup the stack */
10395 - PER_CPU(gdt_page, %ebx)
10397 + movl PER_CPU_VAR(cpu_number), %ebx
10398 + shll $PAGE_SHIFT_asm, %ebx
10399 + addl $cpu_gdt_table, %ebx
10401 + movl $cpu_gdt_table, %ebx
10403 mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */
10404 mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */
10406 @@ -1198,7 +1255,6 @@ return_to_handler:
10410 -.section .rodata,"a"
10411 #include "syscall_table_32.S"
10413 syscall_table_size=(.-sys_call_table)
10414 @@ -1250,12 +1306,15 @@ error_code:
10416 UNWIND_ESPFIX_STACK
10421 movl PT_GS(%esp), %edi # get the function address
10422 movl PT_ORIG_EAX(%esp), %edx # get the error code
10423 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
10426 - movl $(__USER_DS), %ecx
10427 + movl $(__KERNEL_DS), %ecx
10431 @@ -1351,6 +1410,9 @@ nmi_stack_correct:
10432 xorl %edx,%edx # zero error code
10433 movl %esp,%eax # pt_regs pointer
10438 jmp restore_all_notrace
10441 @@ -1391,6 +1453,9 @@ nmi_espfix_stack:
10442 FIXUP_ESPFIX_STACK # %eax == %esp
10443 xorl %edx,%edx # zero error code
10449 lss 12+4(%esp), %esp # back to espfix stack
10450 CFI_ADJUST_CFA_OFFSET -24
10451 diff -urNp linux-2.6.32.1/arch/x86/kernel/entry_64.S linux-2.6.32.1/arch/x86/kernel/entry_64.S
10452 --- linux-2.6.32.1/arch/x86/kernel/entry_64.S 2009-12-02 22:51:21.000000000 -0500
10453 +++ linux-2.6.32.1/arch/x86/kernel/entry_64.S 2009-12-14 18:33:51.664705034 -0500
10454 @@ -1068,7 +1068,12 @@ ENTRY(\sym)
10456 movq %rsp,%rdi /* pt_regs pointer */
10457 xorl %esi,%esi /* no error code */
10458 - PER_CPU(init_tss, %rbp)
10460 + imul $TSS_size, PER_CPU_VAR(cpu_number), %ebp
10461 + lea init_tss(%rbp), %rbp
10463 + lea init_tss(%rip), %rbp
10465 subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
10467 addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
10468 diff -urNp linux-2.6.32.1/arch/x86/kernel/ftrace.c linux-2.6.32.1/arch/x86/kernel/ftrace.c
10469 --- linux-2.6.32.1/arch/x86/kernel/ftrace.c 2009-12-02 22:51:21.000000000 -0500
10470 +++ linux-2.6.32.1/arch/x86/kernel/ftrace.c 2009-12-15 17:05:40.572633226 -0500
10471 @@ -215,7 +215,7 @@ do_ftrace_mod_code(unsigned long ip, voi
10475 -static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
10476 +static unsigned char ftrace_nop[MCOUNT_INSN_SIZE] __read_only;
10478 static unsigned char *ftrace_nop_replace(void)
10480 @@ -228,6 +228,8 @@ ftrace_modify_code(unsigned long ip, uns
10482 unsigned char replaced[MCOUNT_INSN_SIZE];
10484 + ip = ktla_ktva(ip);
10487 * Note: Due to modules and __init, code can
10488 * disappear and change, we need to protect against faulting
10489 @@ -284,7 +286,7 @@ int ftrace_update_ftrace_func(ftrace_fun
10490 unsigned char old[MCOUNT_INSN_SIZE], *new;
10493 - memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
10494 + memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
10495 new = ftrace_call_replace(ip, (unsigned long)func);
10496 ret = ftrace_modify_code(ip, old, new);
10498 @@ -337,15 +339,15 @@ int __init ftrace_dyn_arch_init(void *da
10501 pr_info("ftrace: converting mcount calls to 0f 1f 44 00 00\n");
10502 - memcpy(ftrace_nop, ftrace_test_p6nop, MCOUNT_INSN_SIZE);
10503 + memcpy(ftrace_nop, ktla_ktva(ftrace_test_p6nop), MCOUNT_INSN_SIZE);
10506 pr_info("ftrace: converting mcount calls to 66 66 66 66 90\n");
10507 - memcpy(ftrace_nop, ftrace_test_nop5, MCOUNT_INSN_SIZE);
10508 + memcpy(ftrace_nop, ktla_ktva(ftrace_test_nop5), MCOUNT_INSN_SIZE);
10511 pr_info("ftrace: converting mcount calls to jmp . + 5\n");
10512 - memcpy(ftrace_nop, ftrace_test_jmp, MCOUNT_INSN_SIZE);
10513 + memcpy(ftrace_nop, ktla_ktva(ftrace_test_jmp), MCOUNT_INSN_SIZE);
10517 diff -urNp linux-2.6.32.1/arch/x86/kernel/head32.c linux-2.6.32.1/arch/x86/kernel/head32.c
10518 --- linux-2.6.32.1/arch/x86/kernel/head32.c 2009-12-02 22:51:21.000000000 -0500
10519 +++ linux-2.6.32.1/arch/x86/kernel/head32.c 2009-12-14 18:33:51.665756688 -0500
10521 #include <asm/apic.h>
10522 #include <asm/io_apic.h>
10523 #include <asm/bios_ebda.h>
10524 +#include <asm/boot.h>
10526 static void __init i386_default_early_setup(void)
10528 @@ -31,7 +32,7 @@ void __init i386_start_kernel(void)
10530 reserve_trampoline_memory();
10532 - reserve_early(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
10533 + reserve_early(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS");
10535 #ifdef CONFIG_BLK_DEV_INITRD
10536 /* Reserve INITRD */
10537 diff -urNp linux-2.6.32.1/arch/x86/kernel/head_32.S linux-2.6.32.1/arch/x86/kernel/head_32.S
10538 --- linux-2.6.32.1/arch/x86/kernel/head_32.S 2009-12-02 22:51:21.000000000 -0500
10539 +++ linux-2.6.32.1/arch/x86/kernel/head_32.S 2009-12-14 18:33:51.698704673 -0500
10540 @@ -19,10 +19,17 @@
10541 #include <asm/setup.h>
10542 #include <asm/processor-flags.h>
10543 #include <asm/percpu.h>
10544 +#include <asm/msr-index.h>
10546 /* Physical address */
10547 #define pa(X) ((X) - __PAGE_OFFSET)
10549 +#ifdef CONFIG_PAX_KERNEXEC
10552 +#define ta(X) ((X) - __PAGE_OFFSET)
10556 * References to members of the new_cpu_data structure.
10559 * and small than max_low_pfn, otherwise will waste some page table entries
10562 -#if PTRS_PER_PMD > 1
10563 -#define PAGE_TABLE_SIZE(pages) (((pages) / PTRS_PER_PMD) + PTRS_PER_PGD)
10565 -#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PGD)
10567 +#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PTE)
10569 /* Enough space to fit pagetables for the low memory linear map */
10570 MAPPING_BEYOND_END = \
10571 @@ -73,6 +76,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_P
10572 RESERVE_BRK(pagetables, INIT_MAP_SIZE)
10575 + * Real beginning of normal "text" segment
10581 * 32-bit kernel entrypoint; only used by the boot CPU. On entry,
10582 * %esi points to the real-mode code as a 32-bit pointer.
10583 * CS and DS must be 4 GB flat segments, but we don't depend on
10584 @@ -80,6 +89,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
10589 +#ifdef CONFIG_PAX_KERNEXEC
10591 +/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
10592 +.fill PAGE_SIZE-5,1,0xcc
10596 /* test KEEP_SEGMENTS flag to see if the bootloader is asking
10597 us to not reload segments */
10598 @@ -97,6 +113,52 @@ ENTRY(startup_32)
10603 + movl $pa(cpu_gdt_table),%edi
10604 + movl $__per_cpu_load,%eax
10605 + movw %ax,__KERNEL_PERCPU + 2(%edi)
10607 + movb %al,__KERNEL_PERCPU + 4(%edi)
10608 + movb %ah,__KERNEL_PERCPU + 7(%edi)
10609 + movl $__per_cpu_end - 1,%eax
10610 + subl $__per_cpu_start,%eax
10611 + movw %ax,__KERNEL_PERCPU + 0(%edi)
10614 +#ifdef CONFIG_PAX_MEMORY_UDEREF
10615 + movl $NR_CPUS,%ecx
10616 + movl $pa(cpu_gdt_table),%edi
10618 + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
10619 + addl $PAGE_SIZE_asm,%edi
10623 +#ifdef CONFIG_PAX_KERNEXEC
10624 + movl $pa(boot_gdt),%edi
10625 + movl $__LOAD_PHYSICAL_ADDR,%eax
10626 + movw %ax,__BOOT_CS + 2(%edi)
10628 + movb %al,__BOOT_CS + 4(%edi)
10629 + movb %ah,__BOOT_CS + 7(%edi)
10632 + ljmp $(__BOOT_CS),$1f
10635 + movl $NR_CPUS,%ecx
10636 + movl $pa(cpu_gdt_table),%edi
10637 + addl $__PAGE_OFFSET,%eax
10639 + movw %ax,__KERNEL_CS + 2(%edi)
10641 + movb %al,__KERNEL_CS + 4(%edi)
10642 + movb %ah,__KERNEL_CS + 7(%edi)
10644 + addl $PAGE_SIZE_asm,%edi
10649 * Clear BSS first so that there are no surprises...
10651 @@ -140,9 +202,7 @@ ENTRY(startup_32)
10652 cmpl $num_subarch_entries, %eax
10655 - movl pa(subarch_entries)(,%eax,4), %eax
10656 - subl $__PAGE_OFFSET, %eax
10658 + jmp *pa(subarch_entries)(,%eax,4)
10662 @@ -154,10 +214,10 @@ WEAK(xen_entry)
10666 - .long default_entry /* normal x86/PC */
10667 - .long lguest_entry /* lguest hypervisor */
10668 - .long xen_entry /* Xen hypervisor */
10669 - .long default_entry /* Moorestown MID */
10670 + .long ta(default_entry) /* normal x86/PC */
10671 + .long ta(lguest_entry) /* lguest hypervisor */
10672 + .long ta(xen_entry) /* Xen hypervisor */
10673 + .long ta(default_entry) /* Moorestown MID */
10674 num_subarch_entries = (. - subarch_entries) / 4
10676 #endif /* CONFIG_PARAVIRT */
10677 @@ -218,8 +278,11 @@ default_entry:
10678 movl %eax, pa(max_pfn_mapped)
10680 /* Do early initialization of the fixmap area */
10681 - movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
10682 - movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10683 +#ifdef CONFIG_COMPAT_VDSO
10684 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10686 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10688 #else /* Not PAE */
10690 page_pde_offset = (__PAGE_OFFSET >> 20);
10691 @@ -249,8 +312,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
10692 movl %eax, pa(max_pfn_mapped)
10694 /* Do early initialization of the fixmap area */
10695 - movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
10696 - movl %eax,pa(swapper_pg_dir+0xffc)
10697 +#ifdef CONFIG_COMPAT_VDSO
10698 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
10700 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
10705 @@ -297,6 +363,7 @@ ENTRY(startup_32_smp)
10709 +#ifdef CONFIG_X86_PAE
10710 btl $5, %eax # check if PAE is enabled
10713 @@ -312,13 +379,17 @@ ENTRY(startup_32_smp)
10716 /* Setup EFER (Extended Feature Enable Register) */
10717 - movl $0xc0000080, %ecx
10718 + movl $MSR_EFER, %ecx
10722 /* Make changes effective */
10725 + btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
10726 + movl $1,pa(nx_enabled)
10732 @@ -344,9 +415,7 @@ ENTRY(startup_32_smp)
10736 - jz 1f /* Initial CPU cleans BSS */
10739 + jnz checkCPUtype /* Initial CPU cleans BSS */
10740 #endif /* CONFIG_SMP */
10743 @@ -424,7 +493,7 @@ is386: movl $2,%ecx # set MP
10744 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
10745 movl %eax,%ss # after changing gdt.
10747 - movl $(__USER_DS),%eax # DS/ES contains default USER segment
10748 +# movl $(__KERNEL_DS),%eax # DS/ES contains default KERNEL segment
10752 @@ -438,8 +507,11 @@ is386: movl $2,%ecx # set MP
10756 - movl $per_cpu__gdt_page,%eax
10757 + movl $cpu_gdt_table,%eax
10758 movl $per_cpu__stack_canary,%ecx
10760 + addl $__per_cpu_load,%ecx
10762 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
10764 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
10765 @@ -457,10 +529,6 @@ is386: movl $2,%ecx # set MP
10769 - cmpb $0,%cl # the first CPU calls start_kernel
10771 - movl (stack_start), %esp
10773 #endif /* CONFIG_SMP */
10774 jmp *(initial_code)
10776 @@ -546,22 +614,22 @@ early_page_fault:
10781 #ifdef CONFIG_PRINTK
10782 + cmpl $1,%ss:early_recursion_flag
10784 + incl %ss:early_recursion_flag
10787 movl $(__KERNEL_DS),%eax
10790 - cmpl $2,early_recursion_flag
10792 - incl early_recursion_flag
10795 pushl %edx /* trapno */
10804 @@ -569,8 +637,11 @@ hlt_loop:
10805 /* This is the default interrupt "handler" :-) */
10809 #ifdef CONFIG_PRINTK
10810 + cmpl $2,%ss:early_recursion_flag
10812 + incl %ss:early_recursion_flag
10817 @@ -579,9 +650,6 @@ ignore_int:
10818 movl $(__KERNEL_DS),%eax
10821 - cmpl $2,early_recursion_flag
10823 - incl early_recursion_flag
10827 @@ -608,27 +676,37 @@ ENTRY(initial_code)
10831 -__PAGE_ALIGNED_BSS
10832 - .align PAGE_SIZE_asm
10833 #ifdef CONFIG_X86_PAE
10834 +.section .swapper_pg_pmd,"a",@progbits
10836 .fill 1024*KPMDS,4,0
10838 +.section .swapper_pg_dir,"a",@progbits
10839 ENTRY(swapper_pg_dir)
10846 +.section .empty_zero_page,"a",@progbits
10847 ENTRY(empty_zero_page)
10851 + * The IDT has to be page-aligned to simplify the Pentium
10852 + * F0 0F bug workaround.. We have a special link segment
10855 +.section .idt,"a",@progbits
10860 * This starts the data section.
10862 #ifdef CONFIG_X86_PAE
10863 -__PAGE_ALIGNED_DATA
10864 - /* Page-aligned for the benefit of paravirt? */
10865 - .align PAGE_SIZE_asm
10866 +.section .swapper_pg_dir,"a",@progbits
10867 ENTRY(swapper_pg_dir)
10868 .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
10870 @@ -651,11 +729,12 @@ ENTRY(swapper_pg_dir)
10874 - .long init_thread_union+THREAD_SIZE
10875 + .long init_thread_union+THREAD_SIZE-8
10880 +.section .rodata,"a",@progbits
10881 early_recursion_flag:
10884 @@ -691,7 +770,7 @@ fault_msg:
10885 .word 0 # 32 bit align gdt_desc.address
10888 - .long boot_gdt - __PAGE_OFFSET
10889 + .long pa(boot_gdt)
10891 .word 0 # 32-bit align idt_desc.address
10893 @@ -702,7 +781,7 @@ idt_descr:
10894 .word 0 # 32 bit align gdt_desc.address
10895 ENTRY(early_gdt_descr)
10896 .word GDT_ENTRIES*8-1
10897 - .long per_cpu__gdt_page /* Overwritten for secondary CPUs */
10898 + .long cpu_gdt_table /* Overwritten for secondary CPUs */
10901 * The boot_gdt must mirror the equivalent in setup.S and is
10902 @@ -711,5 +790,59 @@ ENTRY(early_gdt_descr)
10903 .align L1_CACHE_BYTES
10905 .fill GDT_ENTRY_BOOT_CS,8,0
10906 - .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */
10907 - .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */
10908 + .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */
10909 + .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */
10911 + .align PAGE_SIZE_asm
10912 +ENTRY(cpu_gdt_table)
10914 + .quad 0x0000000000000000 /* NULL descriptor */
10915 + .quad 0x0000000000000000 /* 0x0b reserved */
10916 + .quad 0x0000000000000000 /* 0x13 reserved */
10917 + .quad 0x0000000000000000 /* 0x1b reserved */
10918 + .quad 0x0000000000000000 /* 0x20 unused */
10919 + .quad 0x0000000000000000 /* 0x28 unused */
10920 + .quad 0x0000000000000000 /* 0x33 TLS entry 1 */
10921 + .quad 0x0000000000000000 /* 0x3b TLS entry 2 */
10922 + .quad 0x0000000000000000 /* 0x43 TLS entry 3 */
10923 + .quad 0x0000000000000000 /* 0x4b reserved */
10924 + .quad 0x0000000000000000 /* 0x53 reserved */
10925 + .quad 0x0000000000000000 /* 0x5b reserved */
10927 + .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
10928 + .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
10929 + .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */
10930 + .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */
10932 + .quad 0x0000000000000000 /* 0x80 TSS descriptor */
10933 + .quad 0x0000000000000000 /* 0x88 LDT descriptor */
10936 + * Segments used for calling PnP BIOS have byte granularity.
10937 + * The code segments and data segments have fixed 64k limits,
10938 + * the transfer segment sizes are set at run time.
10940 + .quad 0x00409b000000ffff /* 0x90 32-bit code */
10941 + .quad 0x00009b000000ffff /* 0x98 16-bit code */
10942 + .quad 0x000093000000ffff /* 0xa0 16-bit data */
10943 + .quad 0x0000930000000000 /* 0xa8 16-bit data */
10944 + .quad 0x0000930000000000 /* 0xb0 16-bit data */
10947 + * The APM segments have byte granularity and their bases
10948 + * are set at run time. All have 64k limits.
10950 + .quad 0x00409b000000ffff /* 0xb8 APM CS code */
10951 + .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */
10952 + .quad 0x004093000000ffff /* 0xc8 APM DS data */
10954 + .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */
10955 + .quad 0x0040930000000000 /* 0xd8 - PERCPU */
10956 + .quad 0x0040930000000018 /* 0xe0 - STACK_CANARY */
10957 + .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */
10958 + .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */
10959 + .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */
10961 + /* Be sure this is zeroed to avoid false validations in Xen */
10962 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0
10964 diff -urNp linux-2.6.32.1/arch/x86/kernel/head_64.S linux-2.6.32.1/arch/x86/kernel/head_64.S
10965 --- linux-2.6.32.1/arch/x86/kernel/head_64.S 2009-12-02 22:51:21.000000000 -0500
10966 +++ linux-2.6.32.1/arch/x86/kernel/head_64.S 2009-12-14 18:33:51.698704673 -0500
10967 @@ -38,6 +38,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
10968 L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
10969 L4_START_KERNEL = pgd_index(__START_KERNEL_map)
10970 L3_START_KERNEL = pud_index(__START_KERNEL_map)
10971 +L4_VMALLOC_START = pgd_index(VMALLOC_START)
10972 +L3_VMALLOC_START = pud_index(VMALLOC_START)
10973 +L4_VMEMMAP_START = pgd_index(VMEMMAP_START)
10974 +L3_VMEMMAP_START = pud_index(VMEMMAP_START)
10978 @@ -85,35 +89,22 @@ startup_64:
10980 addq %rbp, init_level4_pgt + 0(%rip)
10981 addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
10982 + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
10983 + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
10984 addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
10986 addq %rbp, level3_ident_pgt + 0(%rip)
10987 + addq %rbp, level3_ident_pgt + 8(%rip)
10988 + addq %rbp, level3_ident_pgt + 16(%rip)
10989 + addq %rbp, level3_ident_pgt + 24(%rip)
10991 - addq %rbp, level3_kernel_pgt + (510*8)(%rip)
10992 - addq %rbp, level3_kernel_pgt + (511*8)(%rip)
10993 + addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
10995 - addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
10996 + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
10997 + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
10999 - /* Add an Identity mapping if I am above 1G */
11000 - leaq _text(%rip), %rdi
11001 - andq $PMD_PAGE_MASK, %rdi
11004 - shrq $PUD_SHIFT, %rax
11005 - andq $(PTRS_PER_PUD - 1), %rax
11006 - jz ident_complete
11008 - leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
11009 - leaq level3_ident_pgt(%rip), %rbx
11010 - movq %rdx, 0(%rbx, %rax, 8)
11013 - shrq $PMD_SHIFT, %rax
11014 - andq $(PTRS_PER_PMD - 1), %rax
11015 - leaq __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
11016 - leaq level2_spare_pgt(%rip), %rbx
11017 - movq %rdx, 0(%rbx, %rax, 8)
11019 + addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
11020 + addq %rbp, level2_fixmap_pgt + (507*8)(%rip)
11023 * Fixup the kernel text+data virtual addresses. Note that
11024 @@ -187,6 +178,10 @@ ENTRY(secondary_startup_64)
11025 btl $20,%edi /* No Execute supported? */
11027 btsl $_EFER_NX, %eax
11028 + leaq init_level4_pgt(%rip), %rdi
11029 + btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi)
11030 + btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi)
11031 + btsq $_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi)
11032 1: wrmsr /* Make changes effective */
11035 @@ -262,16 +257,16 @@ ENTRY(secondary_startup_64)
11036 .quad x86_64_start_kernel
11038 .quad INIT_PER_CPU_VAR(irq_stack_union)
11042 .quad init_thread_union+THREAD_SIZE-8
11049 - .section ".init.text","ax"
11051 #ifdef CONFIG_EARLY_PRINTK
11052 .globl early_idt_handlers
11053 early_idt_handlers:
11054 @@ -316,18 +311,23 @@ ENTRY(early_idt_handler)
11055 #endif /* EARLY_PRINTK */
11060 #ifdef CONFIG_EARLY_PRINTK
11062 early_recursion_flag:
11066 + .section .rodata,"a",@progbits
11068 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
11071 -#endif /* CONFIG_EARLY_PRINTK */
11073 +#endif /* CONFIG_EARLY_PRINTK */
11075 + .section .rodata,"a",@progbits
11076 #define NEXT_PAGE(name) \
11077 .balign PAGE_SIZE; \
11079 @@ -350,13 +350,31 @@ NEXT_PAGE(init_level4_pgt)
11080 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
11081 .org init_level4_pgt + L4_PAGE_OFFSET*8, 0
11082 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
11083 + .org init_level4_pgt + L4_VMALLOC_START*8, 0
11084 + .quad level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE
11085 + .org init_level4_pgt + L4_VMEMMAP_START*8, 0
11086 + .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
11087 .org init_level4_pgt + L4_START_KERNEL*8, 0
11088 /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
11089 .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
11091 NEXT_PAGE(level3_ident_pgt)
11092 .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
11096 + .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
11097 + .quad level2_ident_pgt + 2*PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
11098 + .quad level2_ident_pgt + 3*PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
11102 +NEXT_PAGE(level3_vmalloc_pgt)
11105 +NEXT_PAGE(level3_vmemmap_pgt)
11106 + .fill L3_VMEMMAP_START,8,0
11107 + .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
11109 NEXT_PAGE(level3_kernel_pgt)
11110 .fill L3_START_KERNEL,8,0
11111 @@ -364,20 +382,23 @@ NEXT_PAGE(level3_kernel_pgt)
11112 .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
11113 .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
11115 +NEXT_PAGE(level2_vmemmap_pgt)
11118 NEXT_PAGE(level2_fixmap_pgt)
11120 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
11121 - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
11124 + .quad level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
11125 + /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
11128 -NEXT_PAGE(level1_fixmap_pgt)
11129 +NEXT_PAGE(level1_vsyscall_pgt)
11132 -NEXT_PAGE(level2_ident_pgt)
11133 - /* Since I easily can, map the first 1G.
11134 + /* Since I easily can, map the first 4G.
11135 * Don't set NX because code runs from these pages.
11137 - PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
11138 +NEXT_PAGE(level2_ident_pgt)
11139 + PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 4*PTRS_PER_PMD)
11141 NEXT_PAGE(level2_kernel_pgt)
11143 @@ -390,33 +411,49 @@ NEXT_PAGE(level2_kernel_pgt)
11144 * If you want to increase this then increase MODULES_VADDR
11147 - PMDS(0, __PAGE_KERNEL_LARGE_EXEC,
11148 - KERNEL_IMAGE_SIZE/PMD_SIZE)
11150 -NEXT_PAGE(level2_spare_pgt)
11152 + PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE)
11159 +ENTRY(cpu_gdt_table)
11161 + .quad 0x0000000000000000 /* NULL descriptor */
11162 + .quad 0x00cf9b000000ffff /* __KERNEL32_CS */
11163 + .quad 0x00af9b000000ffff /* __KERNEL_CS */
11164 + .quad 0x00cf93000000ffff /* __KERNEL_DS */
11165 + .quad 0x00cffb000000ffff /* __USER32_CS */
11166 + .quad 0x00cff3000000ffff /* __USER_DS, __USER32_DS */
11167 + .quad 0x00affb000000ffff /* __USER_CS */
11168 + .quad 0x0 /* unused */
11169 + .quad 0,0 /* TSS */
11170 + .quad 0,0 /* LDT */
11171 + .quad 0,0,0 /* three TLS descriptors */
11172 + .quad 0x0000f40000000000 /* node/CPU stored in limit */
11173 + /* asm/segment.h:GDT_ENTRIES must match this */
11175 + /* zero the remaining page */
11176 + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
11180 .globl early_gdt_descr
11182 .word GDT_ENTRIES*8-1
11183 early_gdt_descr_base:
11184 - .quad INIT_PER_CPU_VAR(gdt_page)
11185 + .quad cpu_gdt_table
11188 /* This must match the first entry in level2_kernel_pgt */
11189 .quad 0x0000000000000000
11191 #include "../../x86/xen/xen-head.S"
11193 - .section .bss, "aw", @nobits
11195 + .section .rodata,"a",@progbits
11196 .align L1_CACHE_BYTES
11198 - .skip IDT_ENTRIES * 16
11203 diff -urNp linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c
11204 --- linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c 2009-12-02 22:51:21.000000000 -0500
11205 +++ linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c 2009-12-14 18:33:51.698704673 -0500
11206 @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void);
11207 EXPORT_SYMBOL(cmpxchg8b_emu);
11210 +EXPORT_SYMBOL_GPL(cpu_gdt_table);
11212 /* Networking helper routines. */
11213 EXPORT_SYMBOL(csum_partial_copy_generic);
11214 +EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
11215 +EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
11217 EXPORT_SYMBOL(__get_user_1);
11218 EXPORT_SYMBOL(__get_user_2);
11219 @@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr);
11221 EXPORT_SYMBOL(csum_partial);
11222 EXPORT_SYMBOL(empty_zero_page);
11224 +#ifdef CONFIG_PAX_KERNEXEC
11225 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
11227 diff -urNp linux-2.6.32.1/arch/x86/kernel/init_task.c linux-2.6.32.1/arch/x86/kernel/init_task.c
11228 --- linux-2.6.32.1/arch/x86/kernel/init_task.c 2009-12-02 22:51:21.000000000 -0500
11229 +++ linux-2.6.32.1/arch/x86/kernel/init_task.c 2009-12-14 18:33:51.698704673 -0500
11230 @@ -38,5 +38,5 @@ EXPORT_SYMBOL(init_task);
11231 * section. Since TSS's are completely CPU-local, we want them
11232 * on exact cacheline boundaries, to eliminate cacheline ping-pong.
11234 -DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS;
11236 +struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS };
11237 +EXPORT_SYMBOL(init_tss);
11238 diff -urNp linux-2.6.32.1/arch/x86/kernel/ioport.c linux-2.6.32.1/arch/x86/kernel/ioport.c
11239 --- linux-2.6.32.1/arch/x86/kernel/ioport.c 2009-12-02 22:51:21.000000000 -0500
11240 +++ linux-2.6.32.1/arch/x86/kernel/ioport.c 2009-12-14 18:33:51.711705213 -0500
11242 #include <linux/sched.h>
11243 #include <linux/kernel.h>
11244 #include <linux/capability.h>
11245 +#include <linux/security.h>
11246 #include <linux/errno.h>
11247 #include <linux/types.h>
11248 #include <linux/ioport.h>
11249 @@ -41,6 +42,12 @@ asmlinkage long sys_ioperm(unsigned long
11251 if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
11253 +#ifdef CONFIG_GRKERNSEC_IO
11255 + gr_handle_ioperm();
11259 if (turn_on && !capable(CAP_SYS_RAWIO))
11262 @@ -67,7 +74,7 @@ asmlinkage long sys_ioperm(unsigned long
11263 * because the ->io_bitmap_max value must match the bitmap
11266 - tss = &per_cpu(init_tss, get_cpu());
11267 + tss = init_tss + get_cpu();
11269 set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
11271 @@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s
11273 /* Trying to gain more privileges? */
11275 +#ifdef CONFIG_GRKERNSEC_IO
11276 + gr_handle_iopl();
11279 if (!capable(CAP_SYS_RAWIO))
11283 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
11285 diff -urNp linux-2.6.32.1/arch/x86/kernel/irq_32.c linux-2.6.32.1/arch/x86/kernel/irq_32.c
11286 --- linux-2.6.32.1/arch/x86/kernel/irq_32.c 2009-12-02 22:51:21.000000000 -0500
11287 +++ linux-2.6.32.1/arch/x86/kernel/irq_32.c 2009-12-14 18:33:51.712725194 -0500
11288 @@ -94,7 +94,7 @@ execute_on_irq_stack(int overflow, struc
11291 /* build the stack frame on the IRQ stack */
11292 - isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
11293 + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
11294 irqctx->tinfo.task = curctx->tinfo.task;
11295 irqctx->tinfo.previous_esp = current_stack_pointer;
11297 @@ -175,7 +175,7 @@ asmlinkage void do_softirq(void)
11298 irqctx->tinfo.previous_esp = current_stack_pointer;
11300 /* build the stack frame on the softirq stack */
11301 - isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
11302 + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
11304 call_on_stack(__do_softirq, isp);
11306 diff -urNp linux-2.6.32.1/arch/x86/kernel/kgdb.c linux-2.6.32.1/arch/x86/kernel/kgdb.c
11307 --- linux-2.6.32.1/arch/x86/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
11308 +++ linux-2.6.32.1/arch/x86/kernel/kgdb.c 2009-12-14 18:33:51.712725194 -0500
11309 @@ -573,7 +573,7 @@ unsigned long kgdb_arch_pc(int exception
11310 return instruction_pointer(regs);
11313 -struct kgdb_arch arch_kgdb_ops = {
11314 +const struct kgdb_arch arch_kgdb_ops = {
11315 /* Breakpoint instruction: */
11316 .gdb_bpt_instr = { 0xcc },
11317 .flags = KGDB_HW_BREAKPOINT,
11318 diff -urNp linux-2.6.32.1/arch/x86/kernel/kprobes.c linux-2.6.32.1/arch/x86/kernel/kprobes.c
11319 --- linux-2.6.32.1/arch/x86/kernel/kprobes.c 2009-12-02 22:51:21.000000000 -0500
11320 +++ linux-2.6.32.1/arch/x86/kernel/kprobes.c 2009-12-14 18:33:51.713708818 -0500
11321 @@ -166,9 +166,13 @@ static void __kprobes set_jmp_op(void *f
11324 } __attribute__((packed)) * jop;
11325 - jop = (struct __arch_jmp_op *)from;
11327 + jop = (struct __arch_jmp_op *)(ktla_ktva(from));
11329 + pax_open_kernel();
11330 jop->raddr = (s32)((long)(to) - ((long)(from) + 5));
11331 jop->op = RELATIVEJUMP_INSTRUCTION;
11332 + pax_close_kernel();
11336 @@ -345,16 +349,18 @@ static void __kprobes fix_riprel(struct
11338 static void __kprobes arch_copy_kprobe(struct kprobe *p)
11340 - memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
11341 + pax_open_kernel();
11342 + memcpy(p->ainsn.insn, ktla_ktva(p->addr), MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
11343 + pax_close_kernel();
11347 - if (can_boost(p->addr))
11348 + if (can_boost(ktla_ktva(p->addr)))
11349 p->ainsn.boostable = 0;
11351 p->ainsn.boostable = -1;
11353 - p->opcode = *p->addr;
11354 + p->opcode = *(ktla_ktva(p->addr));
11357 int __kprobes arch_prepare_kprobe(struct kprobe *p)
11358 @@ -432,7 +438,7 @@ static void __kprobes prepare_singlestep
11359 if (p->opcode == BREAKPOINT_INSTRUCTION)
11360 regs->ip = (unsigned long)p->addr;
11362 - regs->ip = (unsigned long)p->ainsn.insn;
11363 + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
11366 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
11367 @@ -453,7 +459,7 @@ static void __kprobes setup_singlestep(s
11368 if (p->ainsn.boostable == 1 && !p->post_handler) {
11369 /* Boost up -- we can execute copied instructions directly */
11370 reset_current_kprobe();
11371 - regs->ip = (unsigned long)p->ainsn.insn;
11372 + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
11373 preempt_enable_no_resched();
11376 @@ -523,7 +529,7 @@ static int __kprobes kprobe_handler(stru
11377 struct kprobe_ctlblk *kcb;
11379 addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t));
11380 - if (*addr != BREAKPOINT_INSTRUCTION) {
11381 + if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) {
11383 * The breakpoint instruction was removed right
11384 * after we hit it. Another cpu has removed
11385 @@ -775,7 +781,7 @@ static void __kprobes resume_execution(s
11386 struct pt_regs *regs, struct kprobe_ctlblk *kcb)
11388 unsigned long *tos = stack_addr(regs);
11389 - unsigned long copy_ip = (unsigned long)p->ainsn.insn;
11390 + unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn);
11391 unsigned long orig_ip = (unsigned long)p->addr;
11392 kprobe_opcode_t *insn = p->ainsn.insn;
11394 @@ -958,7 +964,7 @@ int __kprobes kprobe_exceptions_notify(s
11395 struct die_args *args = data;
11396 int ret = NOTIFY_DONE;
11398 - if (args->regs && user_mode_vm(args->regs))
11399 + if (args->regs && user_mode(args->regs))
11403 diff -urNp linux-2.6.32.1/arch/x86/kernel/ldt.c linux-2.6.32.1/arch/x86/kernel/ldt.c
11404 --- linux-2.6.32.1/arch/x86/kernel/ldt.c 2009-12-02 22:51:21.000000000 -0500
11405 +++ linux-2.6.32.1/arch/x86/kernel/ldt.c 2009-12-14 18:33:51.713708818 -0500
11406 @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, i
11411 + load_LDT_nolock(pc);
11412 if (!cpumask_equal(mm_cpumask(current->mm),
11413 cpumask_of(smp_processor_id())))
11414 smp_call_function(flush_ldt, current->mm, 1);
11418 + load_LDT_nolock(pc);
11422 @@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t
11425 for (i = 0; i < old->size; i++)
11426 - write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
11427 + write_ldt_entry(new->ldt, i, old->ldt + i);
11431 @@ -115,6 +115,24 @@ int init_new_context(struct task_struct
11432 retval = copy_ldt(&mm->context, &old_mm->context);
11433 mutex_unlock(&old_mm->context.lock);
11436 + if (tsk == current) {
11437 + mm->context.vdso = ~0UL;
11439 +#ifdef CONFIG_X86_32
11440 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
11441 + mm->context.user_cs_base = 0UL;
11442 + mm->context.user_cs_limit = ~0UL;
11444 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
11445 + cpus_clear(mm->context.cpu_user_cs_mask);
11456 @@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, u
11460 +#ifdef CONFIG_PAX_SEGMEXEC
11461 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) {
11467 fill_ldt(&ldt, &ldt_info);
11470 diff -urNp linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c
11471 --- linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c 2009-12-02 22:51:21.000000000 -0500
11472 +++ linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c 2009-12-14 18:33:51.713708818 -0500
11474 #include <asm/system.h>
11475 #include <asm/cacheflush.h>
11477 -static void set_idt(void *newidt, __u16 limit)
11478 +static void set_idt(struct desc_struct *newidt, __u16 limit)
11480 struct desc_ptr curidt;
11482 @@ -38,7 +38,7 @@ static void set_idt(void *newidt, __u16
11486 -static void set_gdt(void *newgdt, __u16 limit)
11487 +static void set_gdt(struct desc_struct *newgdt, __u16 limit)
11489 struct desc_ptr curgdt;
11491 @@ -217,7 +217,7 @@ void machine_kexec(struct kimage *image)
11494 control_page = page_address(image->control_code_page);
11495 - memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
11496 + memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE);
11498 relocate_kernel_ptr = control_page;
11499 page_list[PA_CONTROL_PAGE] = __pa(control_page);
11500 diff -urNp linux-2.6.32.1/arch/x86/kernel/microcode_amd.c linux-2.6.32.1/arch/x86/kernel/microcode_amd.c
11501 --- linux-2.6.32.1/arch/x86/kernel/microcode_amd.c 2009-12-02 22:51:21.000000000 -0500
11502 +++ linux-2.6.32.1/arch/x86/kernel/microcode_amd.c 2009-12-14 18:33:51.720706008 -0500
11503 @@ -346,7 +346,7 @@ static void microcode_fini_cpu_amd(int c
11507 -static struct microcode_ops microcode_amd_ops = {
11508 +static const struct microcode_ops microcode_amd_ops = {
11509 .request_microcode_user = request_microcode_user,
11510 .request_microcode_fw = request_microcode_fw,
11511 .collect_cpu_info = collect_cpu_info_amd,
11512 @@ -354,7 +354,7 @@ static struct microcode_ops microcode_am
11513 .microcode_fini_cpu = microcode_fini_cpu_amd,
11516 -struct microcode_ops * __init init_amd_microcode(void)
11517 +const struct microcode_ops * __init init_amd_microcode(void)
11519 return µcode_amd_ops;
11521 diff -urNp linux-2.6.32.1/arch/x86/kernel/microcode_core.c linux-2.6.32.1/arch/x86/kernel/microcode_core.c
11522 --- linux-2.6.32.1/arch/x86/kernel/microcode_core.c 2009-12-02 22:51:21.000000000 -0500
11523 +++ linux-2.6.32.1/arch/x86/kernel/microcode_core.c 2009-12-14 18:33:51.720706008 -0500
11524 @@ -90,7 +90,7 @@ MODULE_LICENSE("GPL");
11526 #define MICROCODE_VERSION "2.00"
11528 -static struct microcode_ops *microcode_ops;
11529 +static const struct microcode_ops *microcode_ops;
11533 diff -urNp linux-2.6.32.1/arch/x86/kernel/microcode_intel.c linux-2.6.32.1/arch/x86/kernel/microcode_intel.c
11534 --- linux-2.6.32.1/arch/x86/kernel/microcode_intel.c 2009-12-02 22:51:21.000000000 -0500
11535 +++ linux-2.6.32.1/arch/x86/kernel/microcode_intel.c 2009-12-14 18:33:51.720706008 -0500
11536 @@ -443,13 +443,13 @@ static enum ucode_state request_microcod
11538 static int get_ucode_user(void *to, const void *from, size_t n)
11540 - return copy_from_user(to, from, n);
11541 + return copy_from_user(to, (__force const void __user *)from, n);
11544 static enum ucode_state
11545 request_microcode_user(int cpu, const void __user *buf, size_t size)
11547 - return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
11548 + return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user);
11551 static void microcode_fini_cpu(int cpu)
11552 @@ -460,7 +460,7 @@ static void microcode_fini_cpu(int cpu)
11556 -static struct microcode_ops microcode_intel_ops = {
11557 +static const struct microcode_ops microcode_intel_ops = {
11558 .request_microcode_user = request_microcode_user,
11559 .request_microcode_fw = request_microcode_fw,
11560 .collect_cpu_info = collect_cpu_info,
11561 @@ -468,7 +468,7 @@ static struct microcode_ops microcode_in
11562 .microcode_fini_cpu = microcode_fini_cpu,
11565 -struct microcode_ops * __init init_intel_microcode(void)
11566 +const struct microcode_ops * __init init_intel_microcode(void)
11568 return µcode_intel_ops;
11570 diff -urNp linux-2.6.32.1/arch/x86/kernel/module.c linux-2.6.32.1/arch/x86/kernel/module.c
11571 --- linux-2.6.32.1/arch/x86/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
11572 +++ linux-2.6.32.1/arch/x86/kernel/module.c 2009-12-14 18:33:51.721716979 -0500
11574 #define DEBUGP(fmt...)
11577 -void *module_alloc(unsigned long size)
11578 +static void *__module_alloc(unsigned long size, pgprot_t prot)
11580 struct vm_struct *area;
11582 @@ -48,9 +48,90 @@ void *module_alloc(unsigned long size)
11586 - return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM,
11587 - PAGE_KERNEL_EXEC);
11588 + return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, prot);
11591 +#ifdef CONFIG_PAX_KERNEXEC
11592 +#ifdef CONFIG_X86_32
11593 +void *module_alloc(unsigned long size)
11595 + return __module_alloc(size, PAGE_KERNEL);
11598 +void *module_alloc_exec(unsigned long size)
11600 + struct vm_struct *area;
11605 + area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_EXEC_VADDR, (unsigned long)&MODULES_EXEC_END);
11607 + return area->addr;
11611 +EXPORT_SYMBOL(module_alloc_exec);
11613 +void module_free_exec(struct module *mod, void *module_region)
11615 + struct vm_struct **p, *tmp;
11617 + if (!module_region)
11620 + if ((PAGE_SIZE-1) & (unsigned long)module_region) {
11621 + printk(KERN_ERR "Trying to module_free_exec() bad address (%p)\n", module_region);
11626 + write_lock(&vmlist_lock);
11627 + for (p = &vmlist; (tmp = *p) != NULL; p = &tmp->next)
11628 + if (tmp->addr == module_region)
11632 + pax_open_kernel();
11633 + memset(tmp->addr, 0xCC, tmp->size);
11634 + pax_close_kernel();
11639 + write_unlock(&vmlist_lock);
11642 + printk(KERN_ERR "Trying to module_free_exec() nonexistent vm area (%p)\n",
11647 +EXPORT_SYMBOL(module_free_exec);
11649 +void *module_alloc(unsigned long size)
11651 + return __module_alloc(size, PAGE_KERNEL);
11654 +void module_free_exec(struct module *mod, void *module_region)
11656 + module_free(mod, module_region);
11658 +EXPORT_SYMBOL(module_free_exec);
11660 +void *module_alloc_exec(unsigned long size)
11662 + return __module_alloc(size, PAGE_KERNEL_RX);
11664 +EXPORT_SYMBOL(module_alloc_exec);
11667 +void *module_alloc(unsigned long size)
11669 + return __module_alloc(size, PAGE_KERNEL_EXEC);
11673 /* Free memory returned from module_alloc */
11674 void module_free(struct module *mod, void *module_region)
11675 @@ -77,14 +158,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
11677 Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
11679 - uint32_t *location;
11680 + uint32_t *plocation, location;
11682 DEBUGP("Applying relocate section %u to %u\n", relsec,
11683 sechdrs[relsec].sh_info);
11684 for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
11685 /* This is where to make the change */
11686 - location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
11687 - + rel[i].r_offset;
11688 + plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset;
11689 + location = (uint32_t)plocation;
11690 + if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR)
11691 + plocation = ktla_ktva((void *)plocation);
11692 /* This is the symbol it is referring to. Note that all
11693 undefined symbols have been resolved. */
11694 sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
11695 @@ -93,11 +176,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
11696 switch (ELF32_R_TYPE(rel[i].r_info)) {
11698 /* We add the value into the location given */
11699 - *location += sym->st_value;
11700 + pax_open_kernel();
11701 + *plocation += sym->st_value;
11702 + pax_close_kernel();
11705 /* Add the value, subtract its postition */
11706 - *location += sym->st_value - (uint32_t)location;
11707 + pax_open_kernel();
11708 + *plocation += sym->st_value - location;
11709 + pax_close_kernel();
11712 printk(KERN_ERR "module %s: Unknown relocation: %u\n",
11713 @@ -153,21 +240,30 @@ int apply_relocate_add(Elf64_Shdr *sechd
11714 case R_X86_64_NONE:
11717 + pax_open_kernel();
11719 + pax_close_kernel();
11722 + pax_open_kernel();
11724 + pax_close_kernel();
11725 if (val != *(u32 *)loc)
11729 + pax_open_kernel();
11731 + pax_close_kernel();
11732 if ((s64)val != *(s32 *)loc)
11735 case R_X86_64_PC32:
11737 + pax_open_kernel();
11739 + pax_close_kernel();
11742 if ((s64)val != *(s32 *)loc)
11744 diff -urNp linux-2.6.32.1/arch/x86/kernel/paravirt.c linux-2.6.32.1/arch/x86/kernel/paravirt.c
11745 --- linux-2.6.32.1/arch/x86/kernel/paravirt.c 2009-12-02 22:51:21.000000000 -0500
11746 +++ linux-2.6.32.1/arch/x86/kernel/paravirt.c 2009-12-14 18:33:51.721716979 -0500
11747 @@ -120,9 +120,9 @@ unsigned paravirt_patch_jmp(void *insnbu
11749 /* Neat trick to map patch type back to the call within the
11750 * corresponding structure. */
11751 -static void *get_call_destination(u8 type)
11752 +static const void *get_call_destination(u8 type)
11754 - struct paravirt_patch_template tmpl = {
11755 + const struct paravirt_patch_template tmpl = {
11756 .pv_init_ops = pv_init_ops,
11757 .pv_time_ops = pv_time_ops,
11758 .pv_cpu_ops = pv_cpu_ops,
11759 @@ -133,13 +133,13 @@ static void *get_call_destination(u8 typ
11760 .pv_lock_ops = pv_lock_ops,
11763 - return *((void **)&tmpl + type);
11764 + return *((const void **)&tmpl + type);
11767 unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf,
11768 unsigned long addr, unsigned len)
11770 - void *opfunc = get_call_destination(type);
11771 + const void *opfunc = get_call_destination(type);
11774 if (opfunc == NULL)
11775 @@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn
11776 if (insn_len > len || start == NULL)
11779 - memcpy(insnbuf, start, insn_len);
11780 + memcpy(insnbuf, ktla_ktva(start), insn_len);
11784 @@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void)
11788 -struct pv_info pv_info = {
11789 +struct pv_info pv_info __read_only = {
11790 .name = "bare hardware",
11791 .paravirt_enabled = 0,
11793 .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */
11796 -struct pv_init_ops pv_init_ops = {
11797 +struct pv_init_ops pv_init_ops __read_only = {
11798 .patch = native_patch,
11801 -struct pv_time_ops pv_time_ops = {
11802 +struct pv_time_ops pv_time_ops __read_only = {
11803 .sched_clock = native_sched_clock,
11806 -struct pv_irq_ops pv_irq_ops = {
11807 +struct pv_irq_ops pv_irq_ops __read_only = {
11808 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
11809 .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
11810 .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
11811 @@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops = {
11815 -struct pv_cpu_ops pv_cpu_ops = {
11816 +struct pv_cpu_ops pv_cpu_ops __read_only = {
11817 .cpuid = native_cpuid,
11818 .get_debugreg = native_get_debugreg,
11819 .set_debugreg = native_set_debugreg,
11820 @@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops = {
11821 .end_context_switch = paravirt_nop,
11824 -struct pv_apic_ops pv_apic_ops = {
11825 +struct pv_apic_ops pv_apic_ops __read_only = {
11826 #ifdef CONFIG_X86_LOCAL_APIC
11827 .startup_ipi_hook = paravirt_nop,
11829 @@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops = {
11830 #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64)
11833 -struct pv_mmu_ops pv_mmu_ops = {
11834 +struct pv_mmu_ops pv_mmu_ops __read_only = {
11836 .read_cr2 = native_read_cr2,
11837 .write_cr2 = native_write_cr2,
11838 @@ -467,6 +467,12 @@ struct pv_mmu_ops pv_mmu_ops = {
11841 .set_fixmap = native_set_fixmap,
11843 +#ifdef CONFIG_PAX_KERNEXEC
11844 + .pax_open_kernel = native_pax_open_kernel,
11845 + .pax_close_kernel = native_pax_close_kernel,
11850 EXPORT_SYMBOL_GPL(pv_time_ops);
11851 diff -urNp linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c
11852 --- linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c 2009-12-02 22:51:21.000000000 -0500
11853 +++ linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c 2009-12-14 18:33:51.721716979 -0500
11854 @@ -13,7 +13,7 @@ default_spin_lock_flags(raw_spinlock_t *
11855 __raw_spin_lock(lock);
11858 -struct pv_lock_ops pv_lock_ops = {
11859 +struct pv_lock_ops pv_lock_ops __read_only = {
11861 .spin_is_locked = __ticket_spin_is_locked,
11862 .spin_is_contended = __ticket_spin_is_contended,
11863 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c
11864 --- linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c 2009-12-02 22:51:21.000000000 -0500
11865 +++ linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c 2009-12-14 18:33:51.722702563 -0500
11866 @@ -470,7 +470,7 @@ static void calgary_free_coherent(struct
11867 free_pages((unsigned long)vaddr, get_order(size));
11870 -static struct dma_map_ops calgary_dma_ops = {
11871 +static const struct dma_map_ops calgary_dma_ops = {
11872 .alloc_coherent = calgary_alloc_coherent,
11873 .free_coherent = calgary_free_coherent,
11874 .map_sg = calgary_map_sg,
11875 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-dma.c linux-2.6.32.1/arch/x86/kernel/pci-dma.c
11876 --- linux-2.6.32.1/arch/x86/kernel/pci-dma.c 2009-12-02 22:51:21.000000000 -0500
11877 +++ linux-2.6.32.1/arch/x86/kernel/pci-dma.c 2009-12-14 18:33:51.722702563 -0500
11880 static int forbid_dac __read_mostly;
11882 -struct dma_map_ops *dma_ops;
11883 +const struct dma_map_ops *dma_ops;
11884 EXPORT_SYMBOL(dma_ops);
11886 static int iommu_sac_force __read_mostly;
11887 @@ -243,7 +243,7 @@ early_param("iommu", iommu_setup);
11889 int dma_supported(struct device *dev, u64 mask)
11891 - struct dma_map_ops *ops = get_dma_ops(dev);
11892 + const struct dma_map_ops *ops = get_dma_ops(dev);
11895 if (mask > 0xffffffff && forbid_dac > 0) {
11896 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c
11897 --- linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c 2009-12-02 22:51:21.000000000 -0500
11898 +++ linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c 2009-12-14 18:33:51.722702563 -0500
11899 @@ -679,7 +679,7 @@ static __init int init_k8_gatt(struct ag
11903 -static struct dma_map_ops gart_dma_ops = {
11904 +static const struct dma_map_ops gart_dma_ops = {
11905 .map_sg = gart_map_sg,
11906 .unmap_sg = gart_unmap_sg,
11907 .map_page = gart_map_page,
11908 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-nommu.c linux-2.6.32.1/arch/x86/kernel/pci-nommu.c
11909 --- linux-2.6.32.1/arch/x86/kernel/pci-nommu.c 2009-12-02 22:51:21.000000000 -0500
11910 +++ linux-2.6.32.1/arch/x86/kernel/pci-nommu.c 2009-12-14 18:33:51.723705512 -0500
11911 @@ -94,7 +94,7 @@ static void nommu_sync_sg_for_device(str
11912 flush_write_buffers();
11915 -struct dma_map_ops nommu_dma_ops = {
11916 +const struct dma_map_ops nommu_dma_ops = {
11917 .alloc_coherent = dma_generic_alloc_coherent,
11918 .free_coherent = nommu_free_coherent,
11919 .map_sg = nommu_map_sg,
11920 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c
11921 --- linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c 2009-12-02 22:51:21.000000000 -0500
11922 +++ linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c 2009-12-14 18:33:51.723705512 -0500
11923 @@ -25,7 +25,7 @@ static void *x86_swiotlb_alloc_coherent(
11924 return swiotlb_alloc_coherent(hwdev, size, dma_handle, flags);
11927 -static struct dma_map_ops swiotlb_dma_ops = {
11928 +static const struct dma_map_ops swiotlb_dma_ops = {
11929 .mapping_error = swiotlb_dma_mapping_error,
11930 .alloc_coherent = x86_swiotlb_alloc_coherent,
11931 .free_coherent = swiotlb_free_coherent,
11932 diff -urNp linux-2.6.32.1/arch/x86/kernel/process_32.c linux-2.6.32.1/arch/x86/kernel/process_32.c
11933 --- linux-2.6.32.1/arch/x86/kernel/process_32.c 2009-12-02 22:51:21.000000000 -0500
11934 +++ linux-2.6.32.1/arch/x86/kernel/process_32.c 2009-12-14 18:33:51.723705512 -0500
11935 @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __as
11936 unsigned long thread_saved_pc(struct task_struct *tsk)
11938 return ((unsigned long *)tsk->thread.sp)[3];
11939 +//XXX return tsk->thread.eip;
11943 @@ -129,7 +130,7 @@ void __show_regs(struct pt_regs *regs, i
11944 unsigned short ss, gs;
11947 - if (user_mode_vm(regs)) {
11948 + if (user_mode(regs)) {
11950 ss = regs->ss & 0xffff;
11951 gs = get_user_gs(regs);
11952 @@ -210,8 +211,8 @@ int kernel_thread(int (*fn)(void *), voi
11953 regs.bx = (unsigned long) fn;
11954 regs.dx = (unsigned long) arg;
11956 - regs.ds = __USER_DS;
11957 - regs.es = __USER_DS;
11958 + regs.ds = __KERNEL_DS;
11959 + regs.es = __KERNEL_DS;
11960 regs.fs = __KERNEL_PERCPU;
11961 regs.gs = __KERNEL_STACK_CANARY;
11963 @@ -247,7 +248,7 @@ int copy_thread(unsigned long clone_flag
11964 struct task_struct *tsk;
11967 - childregs = task_pt_regs(p);
11968 + childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
11969 *childregs = *regs;
11971 childregs->sp = sp;
11972 @@ -276,6 +277,7 @@ int copy_thread(unsigned long clone_flag
11973 * Set a new TLS for the child thread?
11975 if (clone_flags & CLONE_SETTLS)
11976 +//XXX needs set_fs()?
11977 err = do_set_thread_area(p, -1,
11978 (struct user_desc __user *)childregs->si, 0);
11980 @@ -346,7 +348,7 @@ __switch_to(struct task_struct *prev_p,
11981 struct thread_struct *prev = &prev_p->thread,
11982 *next = &next_p->thread;
11983 int cpu = smp_processor_id();
11984 - struct tss_struct *tss = &per_cpu(init_tss, cpu);
11985 + struct tss_struct *tss = init_tss + cpu;
11988 /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
11989 @@ -381,6 +383,11 @@ __switch_to(struct task_struct *prev_p,
11991 lazy_save_gs(prev->gs);
11993 +#ifdef CONFIG_PAX_MEMORY_UDEREF
11994 + if (!segment_eq(task_thread_info(prev_p)->addr_limit, task_thread_info(next_p)->addr_limit))
11995 + __set_fs(task_thread_info(next_p)->addr_limit, cpu);
11999 * Load the per-thread Thread-Local Storage descriptor.
12001 @@ -497,3 +504,27 @@ unsigned long get_wchan(struct task_stru
12005 +#ifdef CONFIG_PAX_RANDKSTACK
12006 +asmlinkage void pax_randomize_kstack(void)
12008 + struct thread_struct *thread = ¤t->thread;
12009 + unsigned long time;
12011 + if (!randomize_va_space)
12016 + /* P4 seems to return a 0 LSB, ignore it */
12017 +#ifdef CONFIG_MPENTIUM4
12025 + thread->sp0 ^= time;
12026 + load_sp0(init_tss + smp_processor_id(), thread);
12029 diff -urNp linux-2.6.32.1/arch/x86/kernel/process_64.c linux-2.6.32.1/arch/x86/kernel/process_64.c
12030 --- linux-2.6.32.1/arch/x86/kernel/process_64.c 2009-12-02 22:51:21.000000000 -0500
12031 +++ linux-2.6.32.1/arch/x86/kernel/process_64.c 2009-12-14 18:33:51.724703151 -0500
12032 @@ -91,7 +91,7 @@ static void __exit_idle(void)
12033 void exit_idle(void)
12035 /* idle loop has pid 0 */
12036 - if (current->pid)
12037 + if (task_pid_nr(current))
12041 @@ -170,7 +170,7 @@ void __show_regs(struct pt_regs *regs, i
12044 printk(KERN_INFO "Pid: %d, comm: %.20s xid: #%u %s %s %.*s %s\n",
12045 - current->pid, current->comm, current->xid, print_tainted(),
12046 + task_pid_nr(current), current->comm, current->xid, print_tainted(),
12047 init_utsname()->release,
12048 (int)strcspn(init_utsname()->version, " "),
12049 init_utsname()->version, board);
12050 @@ -381,7 +381,7 @@ __switch_to(struct task_struct *prev_p,
12051 struct thread_struct *prev = &prev_p->thread;
12052 struct thread_struct *next = &next_p->thread;
12053 int cpu = smp_processor_id();
12054 - struct tss_struct *tss = &per_cpu(init_tss, cpu);
12055 + struct tss_struct *tss = init_tss + cpu;
12056 unsigned fsindex, gsindex;
12059 @@ -549,12 +549,11 @@ unsigned long get_wchan(struct task_stru
12060 if (!p || p == current || p->state == TASK_RUNNING)
12062 stack = (unsigned long)task_stack_page(p);
12063 - if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
12064 + if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE-8-sizeof(u64))
12066 fp = *(u64 *)(p->thread.sp);
12068 - if (fp < (unsigned long)stack ||
12069 - fp >= (unsigned long)stack+THREAD_SIZE)
12070 + if (fp < stack || fp > stack+THREAD_SIZE-8-sizeof(u64))
12072 ip = *(u64 *)(fp+8);
12073 if (!in_sched_functions(ip))
12074 diff -urNp linux-2.6.32.1/arch/x86/kernel/process.c linux-2.6.32.1/arch/x86/kernel/process.c
12075 --- linux-2.6.32.1/arch/x86/kernel/process.c 2009-12-02 22:51:21.000000000 -0500
12076 +++ linux-2.6.32.1/arch/x86/kernel/process.c 2009-12-14 18:33:51.734707193 -0500
12077 @@ -73,7 +73,7 @@ void exit_thread(void)
12078 unsigned long *bp = t->io_bitmap_ptr;
12081 - struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
12082 + struct tss_struct *tss = init_tss + get_cpu();
12084 t->io_bitmap_ptr = NULL;
12085 clear_thread_flag(TIF_IO_BITMAP);
12086 @@ -105,6 +105,9 @@ void flush_thread(void)
12088 clear_tsk_thread_flag(tsk, TIF_DEBUG);
12090 +#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR)
12091 + loadsegment(gs, 0);
12093 tsk->thread.debugreg0 = 0;
12094 tsk->thread.debugreg1 = 0;
12095 tsk->thread.debugreg2 = 0;
12096 @@ -596,17 +599,3 @@ static int __init idle_setup(char *str)
12099 early_param("idle", idle_setup);
12101 -unsigned long arch_align_stack(unsigned long sp)
12103 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
12104 - sp -= get_random_int() % 8192;
12105 - return sp & ~0xf;
12108 -unsigned long arch_randomize_brk(struct mm_struct *mm)
12110 - unsigned long range_end = mm->brk + 0x02000000;
12111 - return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
12114 diff -urNp linux-2.6.32.1/arch/x86/kernel/ptrace.c linux-2.6.32.1/arch/x86/kernel/ptrace.c
12115 --- linux-2.6.32.1/arch/x86/kernel/ptrace.c 2009-12-02 22:51:21.000000000 -0500
12116 +++ linux-2.6.32.1/arch/x86/kernel/ptrace.c 2009-12-14 18:33:51.734707193 -0500
12117 @@ -925,7 +925,7 @@ static const struct user_regset_view use
12118 long arch_ptrace(struct task_struct *child, long request, long addr, long data)
12121 - unsigned long __user *datap = (unsigned long __user *)data;
12122 + unsigned long __user *datap = (__force unsigned long __user *)data;
12125 /* read the word at location addr in the USER area. */
12126 @@ -1012,14 +1012,14 @@ long arch_ptrace(struct task_struct *chi
12129 ret = do_get_thread_area(child, addr,
12130 - (struct user_desc __user *) data);
12131 + (__force struct user_desc __user *) data);
12134 case PTRACE_SET_THREAD_AREA:
12137 ret = do_set_thread_area(child, addr,
12138 - (struct user_desc __user *) data, 0);
12139 + (__force struct user_desc __user *) data, 0);
12143 @@ -1038,12 +1038,12 @@ long arch_ptrace(struct task_struct *chi
12144 #ifdef CONFIG_X86_PTRACE_BTS
12145 case PTRACE_BTS_CONFIG:
12146 ret = ptrace_bts_config
12147 - (child, data, (struct ptrace_bts_config __user *)addr);
12148 + (child, data, (__force struct ptrace_bts_config __user *)addr);
12151 case PTRACE_BTS_STATUS:
12152 ret = ptrace_bts_status
12153 - (child, data, (struct ptrace_bts_config __user *)addr);
12154 + (child, data, (__force struct ptrace_bts_config __user *)addr);
12157 case PTRACE_BTS_SIZE:
12158 @@ -1052,7 +1052,7 @@ long arch_ptrace(struct task_struct *chi
12160 case PTRACE_BTS_GET:
12161 ret = ptrace_bts_read_record
12162 - (child, data, (struct bts_struct __user *) addr);
12163 + (child, data, (__force struct bts_struct __user *) addr);
12166 case PTRACE_BTS_CLEAR:
12167 @@ -1061,7 +1061,7 @@ long arch_ptrace(struct task_struct *chi
12169 case PTRACE_BTS_DRAIN:
12170 ret = ptrace_bts_drain
12171 - (child, data, (struct bts_struct __user *) addr);
12172 + (child, data, (__force struct bts_struct __user *) addr);
12174 #endif /* CONFIG_X86_PTRACE_BTS */
12176 @@ -1450,7 +1450,7 @@ void send_sigtrap(struct task_struct *ts
12177 info.si_code = si_code;
12179 /* User-mode ip? */
12180 - info.si_addr = user_mode_vm(regs) ? (void __user *) regs->ip : NULL;
12181 + info.si_addr = user_mode(regs) ? (__force void __user *) regs->ip : NULL;
12183 /* Send us the fake SIGTRAP */
12184 force_sig_info(SIGTRAP, &info, tsk);
12185 diff -urNp linux-2.6.32.1/arch/x86/kernel/reboot.c linux-2.6.32.1/arch/x86/kernel/reboot.c
12186 --- linux-2.6.32.1/arch/x86/kernel/reboot.c 2009-12-02 22:51:21.000000000 -0500
12187 +++ linux-2.6.32.1/arch/x86/kernel/reboot.c 2009-12-14 18:33:51.734707193 -0500
12188 @@ -33,7 +33,7 @@ void (*pm_power_off)(void);
12189 EXPORT_SYMBOL(pm_power_off);
12191 static const struct desc_ptr no_idt = {};
12192 -static int reboot_mode;
12193 +static unsigned short reboot_mode;
12194 enum reboot_type reboot_type = BOOT_KBD;
12197 @@ -259,7 +259,7 @@ static struct dmi_system_id __initdata r
12198 DMI_MATCH(DMI_PRODUCT_NAME, "SBC-FITPC2"),
12202 + { NULL, NULL, {{0, {0}}}, NULL}
12205 static int __init reboot_init(void)
12206 @@ -275,12 +275,12 @@ core_initcall(reboot_init);
12207 controller to pulse the CPU reset line, which is more thorough, but
12208 doesn't work with at least one type of 486 motherboard. It is easy
12209 to stop this code working; hence the copious comments. */
12210 -static const unsigned long long
12211 -real_mode_gdt_entries [3] =
12212 +static struct desc_struct
12213 +real_mode_gdt_entries [3] __read_only =
12215 - 0x0000000000000000ULL, /* Null descriptor */
12216 - 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */
12217 - 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */
12218 + GDT_ENTRY_INIT(0, 0, 0), /* Null descriptor */
12219 + GDT_ENTRY_INIT(0x9b, 0, 0xffff), /* 16-bit real-mode 64k code at 0x00000000 */
12220 + GDT_ENTRY_INIT(0x93, 0x100, 0xffff) /* 16-bit real-mode 64k data at 0x00000100 */
12223 static const struct desc_ptr
12224 @@ -329,7 +329,7 @@ static const unsigned char jump_to_bios
12225 * specified by the code and length parameters.
12226 * We assume that length will aways be less that 100!
12228 -void machine_real_restart(const unsigned char *code, int length)
12229 +void machine_real_restart(const unsigned char *code, unsigned int length)
12231 local_irq_disable();
12233 @@ -349,8 +349,8 @@ void machine_real_restart(const unsigned
12234 /* Remap the kernel at virtual address zero, as well as offset zero
12235 from the kernel segment. This assumes the kernel segment starts at
12236 virtual address PAGE_OFFSET. */
12237 - memcpy(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
12238 - sizeof(swapper_pg_dir [0]) * KERNEL_PGD_PTRS);
12239 + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
12240 + min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
12243 * Use `swapper_pg_dir' as our page directory.
12244 @@ -362,16 +362,15 @@ void machine_real_restart(const unsigned
12245 boot)". This seems like a fairly standard thing that gets set by
12246 REBOOT.COM programs, and the previous reset routine did this
12248 - *((unsigned short *)0x472) = reboot_mode;
12249 + *(unsigned short *)(__va(0x472)) = reboot_mode;
12251 /* For the switch to real mode, copy some code to low memory. It has
12252 to be in the first 64k because it is running in 16-bit mode, and it
12253 has to have the same physical and virtual address, because it turns
12254 off paging. Copy it near the end of the first page, out of the way
12255 of BIOS variables. */
12256 - memcpy((void *)(0x1000 - sizeof(real_mode_switch) - 100),
12257 - real_mode_switch, sizeof (real_mode_switch));
12258 - memcpy((void *)(0x1000 - 100), code, length);
12259 + memcpy(__va(0x1000 - sizeof (real_mode_switch) - 100), real_mode_switch, sizeof (real_mode_switch));
12260 + memcpy(__va(0x1000 - 100), code, length);
12262 /* Set up the IDT for real mode. */
12263 load_idt(&real_mode_idt);
12264 diff -urNp linux-2.6.32.1/arch/x86/kernel/setup.c linux-2.6.32.1/arch/x86/kernel/setup.c
12265 --- linux-2.6.32.1/arch/x86/kernel/setup.c 2009-12-02 22:51:21.000000000 -0500
12266 +++ linux-2.6.32.1/arch/x86/kernel/setup.c 2009-12-14 18:33:51.735708242 -0500
12267 @@ -762,14 +762,14 @@ void __init setup_arch(char **cmdline_p)
12269 if (!boot_params.hdr.root_flags)
12270 root_mountflags &= ~MS_RDONLY;
12271 - init_mm.start_code = (unsigned long) _text;
12272 - init_mm.end_code = (unsigned long) _etext;
12273 + init_mm.start_code = ktla_ktva((unsigned long) _text);
12274 + init_mm.end_code = ktla_ktva((unsigned long) _etext);
12275 init_mm.end_data = (unsigned long) _edata;
12276 init_mm.brk = _brk_end;
12278 - code_resource.start = virt_to_phys(_text);
12279 - code_resource.end = virt_to_phys(_etext)-1;
12280 - data_resource.start = virt_to_phys(_etext);
12281 + code_resource.start = virt_to_phys(ktla_ktva(_text));
12282 + code_resource.end = virt_to_phys(ktla_ktva(_etext))-1;
12283 + data_resource.start = virt_to_phys(_sdata);
12284 data_resource.end = virt_to_phys(_edata)-1;
12285 bss_resource.start = virt_to_phys(&__bss_start);
12286 bss_resource.end = virt_to_phys(&__bss_stop)-1;
12287 diff -urNp linux-2.6.32.1/arch/x86/kernel/setup_percpu.c linux-2.6.32.1/arch/x86/kernel/setup_percpu.c
12288 --- linux-2.6.32.1/arch/x86/kernel/setup_percpu.c 2009-12-02 22:51:21.000000000 -0500
12289 +++ linux-2.6.32.1/arch/x86/kernel/setup_percpu.c 2009-12-14 18:33:51.735708242 -0500
12290 @@ -25,19 +25,17 @@
12295 DEFINE_PER_CPU(int, cpu_number);
12296 EXPORT_PER_CPU_SYMBOL(cpu_number);
12299 -#ifdef CONFIG_X86_64
12300 #define BOOT_PERCPU_OFFSET ((unsigned long)__per_cpu_load)
12302 -#define BOOT_PERCPU_OFFSET 0
12305 DEFINE_PER_CPU(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET;
12306 EXPORT_PER_CPU_SYMBOL(this_cpu_off);
12308 -unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = {
12309 +unsigned long __per_cpu_offset[NR_CPUS] __read_only = {
12310 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
12312 EXPORT_SYMBOL(__per_cpu_offset);
12313 @@ -158,13 +156,15 @@ static void __init pcpup_populate_pte(un
12314 static inline void setup_percpu_segment(int cpu)
12316 #ifdef CONFIG_X86_32
12317 - struct desc_struct gdt;
12318 + struct desc_struct d, *gdt = get_cpu_gdt_table(cpu);
12319 + unsigned long base = per_cpu_offset(cpu);
12320 + const unsigned long limit = VMALLOC_END - base - 1;
12322 - pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF,
12323 - 0x2 | DESCTYPE_S, 0x8);
12325 - write_gdt_entry(get_cpu_gdt_table(cpu),
12326 - GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
12327 + if (limit < 64*1024)
12328 + pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4);
12330 + pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
12331 + write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
12335 @@ -212,6 +212,11 @@ void __init setup_per_cpu_areas(void)
12336 /* alrighty, percpu areas up and running */
12337 delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
12338 for_each_possible_cpu(cpu) {
12339 +#ifdef CONFIG_CC_STACKPROTECTOR
12340 +#ifdef CONFIG_x86_32
12341 + unsigned long canary = per_cpu(stack_canary, cpu);
12344 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
12345 per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
12346 per_cpu(cpu_number, cpu) = cpu;
12347 @@ -239,6 +244,12 @@ void __init setup_per_cpu_areas(void)
12348 early_per_cpu_map(x86_cpu_to_node_map, cpu);
12351 +#ifdef CONFIG_CC_STACKPROTECTOR
12352 +#ifdef CONFIG_x86_32
12353 + if (cpu == boot_cpu_id)
12354 + per_cpu(stack_canary, cpu) = canary;
12358 * Up to this point, the boot CPU has been using .data.init
12359 * area. Reload any changed state for the boot CPU.
12360 diff -urNp linux-2.6.32.1/arch/x86/kernel/signal.c linux-2.6.32.1/arch/x86/kernel/signal.c
12361 --- linux-2.6.32.1/arch/x86/kernel/signal.c 2009-12-02 22:51:21.000000000 -0500
12362 +++ linux-2.6.32.1/arch/x86/kernel/signal.c 2009-12-14 18:33:51.735708242 -0500
12363 @@ -197,7 +197,7 @@ static unsigned long align_sigframe(unsi
12364 * Align the stack pointer according to the i386 ABI,
12365 * i.e. so that on function entry ((sp + 4) & 15) == 0.
12367 - sp = ((sp + 4) & -16ul) - 4;
12368 + sp = ((sp - 12) & -16ul) - 4;
12369 #else /* !CONFIG_X86_32 */
12370 sp = round_down(sp, 16) - 8;
12372 @@ -248,11 +248,11 @@ get_sigframe(struct k_sigaction *ka, str
12373 * Return an always-bogus address instead so we will die with SIGSEGV.
12375 if (onsigstack && !likely(on_sig_stack(sp)))
12376 - return (void __user *)-1L;
12377 + return (__force void __user *)-1L;
12379 /* save i387 state */
12380 if (used_math() && save_i387_xstate(*fpstate) < 0)
12381 - return (void __user *)-1L;
12382 + return (__force void __user *)-1L;
12384 return (void __user *)sp;
12386 @@ -307,9 +307,9 @@ __setup_frame(int sig, struct k_sigactio
12389 if (current->mm->context.vdso)
12390 - restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
12391 + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
12393 - restorer = &frame->retcode;
12394 + restorer = (void __user *)&frame->retcode;
12395 if (ka->sa.sa_flags & SA_RESTORER)
12396 restorer = ka->sa.sa_restorer;
12398 @@ -323,7 +323,7 @@ __setup_frame(int sig, struct k_sigactio
12399 * reasons and because gdb uses it as a signature to notice
12400 * signal handler stack frames.
12402 - err |= __put_user(*((u64 *)&retcode), (u64 *)frame->retcode);
12403 + err |= __put_user(*((u64 *)&retcode), (u64 __user *)frame->retcode);
12407 @@ -377,7 +377,7 @@ static int __setup_rt_frame(int sig, str
12408 err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
12410 /* Set up to return from userspace. */
12411 - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
12412 + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
12413 if (ka->sa.sa_flags & SA_RESTORER)
12414 restorer = ka->sa.sa_restorer;
12415 put_user_ex(restorer, &frame->pretcode);
12416 @@ -389,7 +389,7 @@ static int __setup_rt_frame(int sig, str
12417 * reasons and because gdb uses it as a signature to notice
12418 * signal handler stack frames.
12420 - put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode);
12421 + put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode);
12422 } put_user_catch(err);
12425 @@ -789,7 +789,7 @@ static void do_signal(struct pt_regs *re
12426 * X86_32: vm86 regs switched out by assembly code before reaching
12427 * here, so testing against kernel CS suffices.
12429 - if (!user_mode(regs))
12430 + if (!user_mode_novm(regs))
12433 if (current_thread_info()->status & TS_RESTORE_SIGMASK)
12434 diff -urNp linux-2.6.32.1/arch/x86/kernel/smpboot.c linux-2.6.32.1/arch/x86/kernel/smpboot.c
12435 --- linux-2.6.32.1/arch/x86/kernel/smpboot.c 2009-12-02 22:51:21.000000000 -0500
12436 +++ linux-2.6.32.1/arch/x86/kernel/smpboot.c 2009-12-14 18:33:51.752708412 -0500
12437 @@ -729,7 +729,11 @@ do_rest:
12438 (unsigned long)task_stack_page(c_idle.idle) -
12439 KERNEL_STACK_OFFSET + THREAD_SIZE;
12442 + pax_open_kernel();
12443 early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
12444 + pax_close_kernel();
12446 initial_code = (unsigned long)start_secondary;
12447 stack_start.sp = (void *) c_idle.idle->thread.sp;
12449 diff -urNp linux-2.6.32.1/arch/x86/kernel/step.c linux-2.6.32.1/arch/x86/kernel/step.c
12450 --- linux-2.6.32.1/arch/x86/kernel/step.c 2009-12-02 22:51:21.000000000 -0500
12451 +++ linux-2.6.32.1/arch/x86/kernel/step.c 2009-12-14 18:33:51.752708412 -0500
12452 @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struc
12453 struct desc_struct *desc;
12454 unsigned long base;
12459 mutex_lock(&child->mm->context.lock);
12460 - if (unlikely((seg >> 3) >= child->mm->context.size))
12461 + if (unlikely(seg >= child->mm->context.size))
12462 addr = -1L; /* bogus selector, access would fault */
12464 desc = child->mm->context.ldt + seg;
12465 @@ -53,6 +53,9 @@ static int is_setting_trap_flag(struct t
12466 unsigned char opcode[15];
12467 unsigned long addr = convert_ip_to_linear(child, regs);
12469 + if (addr == -EINVAL)
12472 copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
12473 for (i = 0; i < copied; i++) {
12474 switch (opcode[i]) {
12475 @@ -74,7 +77,7 @@ static int is_setting_trap_flag(struct t
12477 #ifdef CONFIG_X86_64
12478 case 0x40 ... 0x4f:
12479 - if (regs->cs != __USER_CS)
12480 + if ((regs->cs & 0xffff) != __USER_CS)
12481 /* 32-bit mode: register increment */
12483 /* 64-bit mode: REX prefix */
12484 diff -urNp linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S
12485 --- linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S 2009-12-02 22:51:21.000000000 -0500
12486 +++ linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S 2009-12-14 18:33:51.753706275 -0500
12488 +.section .rodata,"a",@progbits
12489 ENTRY(sys_call_table)
12490 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
12492 diff -urNp linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c
12493 --- linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c 2009-12-02 22:51:21.000000000 -0500
12494 +++ linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c 2009-12-14 18:33:51.753706275 -0500
12497 #include <asm/syscalls.h>
12499 +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
12501 + unsigned long pax_task_size = TASK_SIZE;
12503 +#ifdef CONFIG_PAX_SEGMEXEC
12504 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
12505 + pax_task_size = SEGMEXEC_TASK_SIZE;
12508 + if (len > pax_task_size || addr > pax_task_size - len)
12514 asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
12515 unsigned long prot, unsigned long flags,
12516 unsigned long fd, unsigned long pgoff)
12517 @@ -83,6 +98,205 @@ out:
12522 +arch_get_unmapped_area(struct file *filp, unsigned long addr,
12523 + unsigned long len, unsigned long pgoff, unsigned long flags)
12525 + struct mm_struct *mm = current->mm;
12526 + struct vm_area_struct *vma;
12527 + unsigned long start_addr, pax_task_size = TASK_SIZE;
12529 +#ifdef CONFIG_PAX_SEGMEXEC
12530 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
12531 + pax_task_size = SEGMEXEC_TASK_SIZE;
12534 + if (len > pax_task_size)
12537 + if (flags & MAP_FIXED)
12540 +#ifdef CONFIG_PAX_RANDMMAP
12541 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12545 + addr = PAGE_ALIGN(addr);
12546 + vma = find_vma(mm, addr);
12547 + if (pax_task_size - len >= addr &&
12548 + (!vma || addr + len <= vma->vm_start))
12551 + if (len > mm->cached_hole_size) {
12552 + start_addr = addr = mm->free_area_cache;
12554 + start_addr = addr = mm->mmap_base;
12555 + mm->cached_hole_size = 0;
12558 +#ifdef CONFIG_PAX_PAGEEXEC
12559 + if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) {
12560 + start_addr = 0x00110000UL;
12562 +#ifdef CONFIG_PAX_RANDMMAP
12563 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12564 + start_addr += mm->delta_mmap & 0x03FFF000UL;
12567 + if (mm->start_brk <= start_addr && start_addr < mm->mmap_base)
12568 + start_addr = addr = mm->mmap_base;
12570 + addr = start_addr;
12575 + for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
12576 + /* At this point: (!vma || addr < vma->vm_end). */
12577 + if (pax_task_size - len < addr) {
12579 + * Start a new search - just in case we missed
12582 + if (start_addr != mm->mmap_base) {
12583 + start_addr = addr = mm->mmap_base;
12584 + mm->cached_hole_size = 0;
12585 + goto full_search;
12589 + if (!vma || addr + len <= vma->vm_start) {
12591 + * Remember the place where we stopped the search:
12593 + mm->free_area_cache = addr + len;
12596 + if (addr + mm->cached_hole_size < vma->vm_start)
12597 + mm->cached_hole_size = vma->vm_start - addr;
12598 + addr = vma->vm_end;
12599 + if (mm->start_brk <= addr && addr < mm->mmap_base) {
12600 + start_addr = addr = mm->mmap_base;
12601 + mm->cached_hole_size = 0;
12602 + goto full_search;
12608 +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
12609 + const unsigned long len, const unsigned long pgoff,
12610 + const unsigned long flags)
12612 + struct vm_area_struct *vma;
12613 + struct mm_struct *mm = current->mm;
12614 + unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE;
12616 +#ifdef CONFIG_PAX_SEGMEXEC
12617 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
12618 + pax_task_size = SEGMEXEC_TASK_SIZE;
12621 + /* requested length too big for entire address space */
12622 + if (len > pax_task_size)
12625 + if (flags & MAP_FIXED)
12628 +#ifdef CONFIG_PAX_PAGEEXEC
12629 + if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE))
12633 +#ifdef CONFIG_PAX_RANDMMAP
12634 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12637 + /* requesting a specific address */
12639 + addr = PAGE_ALIGN(addr);
12640 + vma = find_vma(mm, addr);
12641 + if (pax_task_size - len >= addr &&
12642 + (!vma || addr + len <= vma->vm_start))
12646 + /* check if free_area_cache is useful for us */
12647 + if (len <= mm->cached_hole_size) {
12648 + mm->cached_hole_size = 0;
12649 + mm->free_area_cache = mm->mmap_base;
12652 + /* either no address requested or can't fit in requested address hole */
12653 + addr = mm->free_area_cache;
12655 + /* make sure it can fit in the remaining address space */
12656 + if (addr > len) {
12657 + vma = find_vma(mm, addr-len);
12658 + if (!vma || addr <= vma->vm_start)
12659 + /* remember the address as a hint for next time */
12660 + return (mm->free_area_cache = addr-len);
12663 + if (mm->mmap_base < len)
12666 + addr = mm->mmap_base-len;
12670 + * Lookup failure means no vma is above this address,
12671 + * else if new region fits below vma->vm_start,
12672 + * return with success:
12674 + vma = find_vma(mm, addr);
12675 + if (!vma || addr+len <= vma->vm_start)
12676 + /* remember the address as a hint for next time */
12677 + return (mm->free_area_cache = addr);
12679 + /* remember the largest hole we saw so far */
12680 + if (addr + mm->cached_hole_size < vma->vm_start)
12681 + mm->cached_hole_size = vma->vm_start - addr;
12683 + /* try just below the current vma->vm_start */
12684 + addr = vma->vm_start-len;
12685 + } while (len < vma->vm_start);
12689 + * A failed mmap() very likely causes application failure,
12690 + * so fall back to the bottom-up function here. This scenario
12691 + * can happen with large stack limits and large mmap()
12695 +#ifdef CONFIG_PAX_SEGMEXEC
12696 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
12697 + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
12701 + mm->mmap_base = TASK_UNMAPPED_BASE;
12703 +#ifdef CONFIG_PAX_RANDMMAP
12704 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12705 + mm->mmap_base += mm->delta_mmap;
12708 + mm->free_area_cache = mm->mmap_base;
12709 + mm->cached_hole_size = ~0UL;
12710 + addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
12712 + * Restore the topdown base:
12714 + mm->mmap_base = base;
12715 + mm->free_area_cache = base;
12716 + mm->cached_hole_size = ~0UL;
12721 struct sel_arg_struct {
12723 @@ -118,7 +332,7 @@ asmlinkage int sys_ipc(uint call, int fi
12724 return sys_semtimedop(first, (struct sembuf __user *)ptr, second, NULL);
12726 return sys_semtimedop(first, (struct sembuf __user *)ptr, second,
12727 - (const struct timespec __user *)fifth);
12728 + (__force const struct timespec __user *)fifth);
12731 return sys_semget(first, second, third);
12732 @@ -165,7 +379,7 @@ asmlinkage int sys_ipc(uint call, int fi
12733 ret = do_shmat(first, (char __user *) ptr, second, &raddr);
12736 - return put_user(raddr, (ulong __user *) third);
12737 + return put_user(raddr, (__force ulong __user *) third);
12739 case 1: /* iBCS2 emulator entry point */
12740 if (!segment_eq(get_fs(), get_ds()))
12741 diff -urNp linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c
12742 --- linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c 2009-12-02 22:51:21.000000000 -0500
12743 +++ linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c 2009-12-14 18:33:51.754713106 -0500
12744 @@ -47,8 +47,8 @@ out:
12748 -static void find_start_end(unsigned long flags, unsigned long *begin,
12749 - unsigned long *end)
12750 +static void find_start_end(struct mm_struct *mm, unsigned long flags,
12751 + unsigned long *begin, unsigned long *end)
12753 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) {
12754 unsigned long new_begin;
12755 @@ -67,7 +67,7 @@ static void find_start_end(unsigned long
12756 *begin = new_begin;
12759 - *begin = TASK_UNMAPPED_BASE;
12760 + *begin = mm->mmap_base;
12764 @@ -84,11 +84,15 @@ arch_get_unmapped_area(struct file *filp
12765 if (flags & MAP_FIXED)
12768 - find_start_end(flags, &begin, &end);
12769 + find_start_end(mm, flags, &begin, &end);
12774 +#ifdef CONFIG_PAX_RANDMMAP
12775 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12779 addr = PAGE_ALIGN(addr);
12780 vma = find_vma(mm, addr);
12781 @@ -143,7 +147,7 @@ arch_get_unmapped_area_topdown(struct fi
12783 struct vm_area_struct *vma;
12784 struct mm_struct *mm = current->mm;
12785 - unsigned long addr = addr0;
12786 + unsigned long base = mm->mmap_base, addr = addr0;
12788 /* requested length too big for entire address space */
12789 if (len > TASK_SIZE)
12790 @@ -156,6 +160,10 @@ arch_get_unmapped_area_topdown(struct fi
12791 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
12794 +#ifdef CONFIG_PAX_RANDMMAP
12795 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12798 /* requesting a specific address */
12800 addr = PAGE_ALIGN(addr);
12801 @@ -213,13 +221,21 @@ bottomup:
12802 * can happen with large stack limits and large mmap()
12805 + mm->mmap_base = TASK_UNMAPPED_BASE;
12807 +#ifdef CONFIG_PAX_RANDMMAP
12808 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12809 + mm->mmap_base += mm->delta_mmap;
12812 + mm->free_area_cache = mm->mmap_base;
12813 mm->cached_hole_size = ~0UL;
12814 - mm->free_area_cache = TASK_UNMAPPED_BASE;
12815 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
12817 * Restore the topdown base:
12819 - mm->free_area_cache = mm->mmap_base;
12820 + mm->mmap_base = base;
12821 + mm->free_area_cache = base;
12822 mm->cached_hole_size = ~0UL;
12825 diff -urNp linux-2.6.32.1/arch/x86/kernel/time.c linux-2.6.32.1/arch/x86/kernel/time.c
12826 --- linux-2.6.32.1/arch/x86/kernel/time.c 2009-12-02 22:51:21.000000000 -0500
12827 +++ linux-2.6.32.1/arch/x86/kernel/time.c 2009-12-14 18:33:51.754713106 -0500
12828 @@ -26,17 +26,13 @@
12832 -#ifdef CONFIG_X86_64
12833 -volatile unsigned long __jiffies __section_jiffies = INITIAL_JIFFIES;
12836 unsigned long profile_pc(struct pt_regs *regs)
12838 unsigned long pc = instruction_pointer(regs);
12840 - if (!user_mode_vm(regs) && in_lock_functions(pc)) {
12841 + if (!user_mode(regs) && in_lock_functions(pc)) {
12842 #ifdef CONFIG_FRAME_POINTER
12843 - return *(unsigned long *)(regs->bp + sizeof(long));
12844 + return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long)));
12846 unsigned long *sp =
12847 (unsigned long *)kernel_stack_pointer(regs);
12848 @@ -45,11 +41,17 @@ unsigned long profile_pc(struct pt_regs
12849 * or above a saved flags. Eflags has bits 22-31 zero,
12850 * kernel addresses don't.
12853 +#ifdef CONFIG_PAX_KERNEXEC
12854 + return ktla_ktva(sp[0]);
12866 diff -urNp linux-2.6.32.1/arch/x86/kernel/tls.c linux-2.6.32.1/arch/x86/kernel/tls.c
12867 --- linux-2.6.32.1/arch/x86/kernel/tls.c 2009-12-02 22:51:21.000000000 -0500
12868 +++ linux-2.6.32.1/arch/x86/kernel/tls.c 2009-12-14 18:33:51.754713106 -0500
12869 @@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struc
12870 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
12873 +#ifdef CONFIG_PAX_SEGMEXEC
12874 + if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE))
12878 set_tls_desc(p, idx, &info, 1);
12881 diff -urNp linux-2.6.32.1/arch/x86/kernel/trampoline_32.S linux-2.6.32.1/arch/x86/kernel/trampoline_32.S
12882 --- linux-2.6.32.1/arch/x86/kernel/trampoline_32.S 2009-12-02 22:51:21.000000000 -0500
12883 +++ linux-2.6.32.1/arch/x86/kernel/trampoline_32.S 2009-12-14 18:33:51.754713106 -0500
12885 #include <asm/segment.h>
12886 #include <asm/page_types.h>
12888 +#ifdef CONFIG_PAX_KERNEXEC
12891 +#define ta(X) ((X) - __PAGE_OFFSET)
12894 /* We can free up trampoline after bootup if cpu hotplug is not supported. */
12897 @@ -60,7 +66,7 @@ r_base = .
12898 inc %ax # protected mode (PE) bit
12899 lmsw %ax # into protected mode
12900 # flush prefetch and jump to startup_32_smp in arch/i386/kernel/head.S
12901 - ljmpl $__BOOT_CS, $(startup_32_smp-__PAGE_OFFSET)
12902 + ljmpl $__BOOT_CS, $ta(startup_32_smp)
12904 # These need to be in the same 64K segment as the above;
12905 # hence we don't use the boot_gdt_descr defined in head.S
12906 diff -urNp linux-2.6.32.1/arch/x86/kernel/traps.c linux-2.6.32.1/arch/x86/kernel/traps.c
12907 --- linux-2.6.32.1/arch/x86/kernel/traps.c 2009-12-02 22:51:21.000000000 -0500
12908 +++ linux-2.6.32.1/arch/x86/kernel/traps.c 2009-12-14 18:33:51.755710508 -0500
12909 @@ -69,12 +69,6 @@ asmlinkage int system_call(void);
12911 /* Do we ignore FPU interrupts ? */
12912 char ignore_fpu_irq;
12915 - * The IDT has to be page-aligned to simplify the Pentium
12916 - * F0 0F bug workaround.
12918 -gate_desc idt_table[NR_VECTORS] __page_aligned_data = { { { { 0, 0 } } }, };
12921 DECLARE_BITMAP(used_vectors, NR_VECTORS);
12922 @@ -112,7 +106,7 @@ static inline void preempt_conditional_c
12924 die_if_kernel(const char *str, struct pt_regs *regs, long err)
12926 - if (!user_mode_vm(regs))
12927 + if (!user_mode(regs))
12928 die(str, regs, err);
12931 @@ -124,7 +118,7 @@ do_trap(int trapnr, int signr, char *str
12932 struct task_struct *tsk = current;
12934 #ifdef CONFIG_X86_32
12935 - if (regs->flags & X86_VM_MASK) {
12936 + if (v8086_mode(regs)) {
12938 * traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
12939 * On nmi (interrupt 2), do_trap should not be called.
12940 @@ -135,7 +129,7 @@ do_trap(int trapnr, int signr, char *str
12944 - if (!user_mode(regs))
12945 + if (!user_mode_novm(regs))
12948 #ifdef CONFIG_X86_32
12949 @@ -158,7 +152,7 @@ trap_signal:
12950 printk_ratelimit()) {
12952 "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
12953 - tsk->comm, tsk->pid, str,
12954 + tsk->comm, task_pid_nr(tsk), str,
12955 regs->ip, regs->sp, error_code);
12956 print_vma_addr(" in ", regs->ip);
12958 @@ -177,6 +171,12 @@ kernel_trap:
12959 tsk->thread.trap_no = trapnr;
12960 die(str, regs, error_code);
12963 +#ifdef CONFIG_PAX_REFCOUNT
12965 + pax_report_refcount_overflow(regs);
12970 #ifdef CONFIG_X86_32
12971 @@ -265,14 +265,30 @@ do_general_protection(struct pt_regs *re
12972 conditional_sti(regs);
12974 #ifdef CONFIG_X86_32
12975 - if (regs->flags & X86_VM_MASK)
12976 + if (v8086_mode(regs))
12981 - if (!user_mode(regs))
12982 + if (!user_mode_novm(regs))
12985 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
12986 + if (!nx_enabled && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
12987 + struct mm_struct *mm = tsk->mm;
12988 + unsigned long limit;
12990 + down_write(&mm->mmap_sem);
12991 + limit = mm->context.user_cs_limit;
12992 + if (limit < TASK_SIZE) {
12993 + track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC);
12994 + up_write(&mm->mmap_sem);
12997 + up_write(&mm->mmap_sem);
13001 tsk->thread.error_code = error_code;
13002 tsk->thread.trap_no = 13;
13004 @@ -305,6 +321,13 @@ gp_in_kernel:
13005 if (notify_die(DIE_GPF, "general protection fault", regs,
13006 error_code, 13, SIGSEGV) == NOTIFY_STOP)
13009 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13010 + if ((regs->cs & 0xFFFF) == __KERNEL_CS)
13011 + die("PAX: suspicious general protection fault", regs, error_code);
13015 die("general protection fault", regs, error_code);
13018 @@ -558,7 +581,7 @@ dotraplinkage void __kprobes do_debug(st
13021 #ifdef CONFIG_X86_32
13022 - if (regs->flags & X86_VM_MASK)
13023 + if (v8086_mode(regs))
13027 @@ -570,7 +593,7 @@ dotraplinkage void __kprobes do_debug(st
13028 * kernel space (but re-enable TF when returning to user mode).
13030 if (condition & DR_STEP) {
13031 - if (!user_mode(regs))
13032 + if (!user_mode_novm(regs))
13033 goto clear_TF_reenable;
13036 @@ -757,7 +780,7 @@ do_simd_coprocessor_error(struct pt_regs
13037 * Handle strange cache flush from user space exception
13038 * in all other cases. This is undocumented behaviour.
13040 - if (regs->flags & X86_VM_MASK) {
13041 + if (v8086_mode(regs)) {
13042 handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code);
13045 diff -urNp linux-2.6.32.1/arch/x86/kernel/tsc.c linux-2.6.32.1/arch/x86/kernel/tsc.c
13046 --- linux-2.6.32.1/arch/x86/kernel/tsc.c 2009-12-02 22:51:21.000000000 -0500
13047 +++ linux-2.6.32.1/arch/x86/kernel/tsc.c 2009-12-14 18:33:51.755710508 -0500
13048 @@ -794,7 +794,7 @@ static struct dmi_system_id __initdata b
13049 DMI_MATCH(DMI_BOARD_NAME, "2635FA0"),
13053 + { NULL, NULL, {{0, {0}}}, NULL}
13056 static void __init check_system_tsc_reliable(void)
13057 diff -urNp linux-2.6.32.1/arch/x86/kernel/vm86_32.c linux-2.6.32.1/arch/x86/kernel/vm86_32.c
13058 --- linux-2.6.32.1/arch/x86/kernel/vm86_32.c 2009-12-02 22:51:21.000000000 -0500
13059 +++ linux-2.6.32.1/arch/x86/kernel/vm86_32.c 2009-12-14 18:33:51.755710508 -0500
13061 #include <linux/ptrace.h>
13062 #include <linux/audit.h>
13063 #include <linux/stddef.h>
13064 +#include <linux/grsecurity.h>
13066 #include <asm/uaccess.h>
13067 #include <asm/io.h>
13068 @@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct ke
13072 - tss = &per_cpu(init_tss, get_cpu());
13073 + tss = init_tss + get_cpu();
13074 current->thread.sp0 = current->thread.saved_sp0;
13075 current->thread.sysenter_cs = __KERNEL_CS;
13076 load_sp0(tss, ¤t->thread);
13077 @@ -208,6 +209,13 @@ int sys_vm86old(struct pt_regs *regs)
13078 struct task_struct *tsk;
13079 int tmp, ret = -EPERM;
13081 +#ifdef CONFIG_GRKERNSEC_VM86
13082 + if (!capable(CAP_SYS_RAWIO)) {
13083 + gr_handle_vm86();
13089 if (tsk->thread.saved_sp0)
13091 @@ -238,6 +246,14 @@ int sys_vm86(struct pt_regs *regs)
13093 struct vm86plus_struct __user *v86;
13095 +#ifdef CONFIG_GRKERNSEC_VM86
13096 + if (!capable(CAP_SYS_RAWIO)) {
13097 + gr_handle_vm86();
13104 switch (regs->bx) {
13105 case VM86_REQUEST_IRQ:
13106 @@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm
13107 tsk->thread.saved_fs = info->regs32->fs;
13108 tsk->thread.saved_gs = get_user_gs(info->regs32);
13110 - tss = &per_cpu(init_tss, get_cpu());
13111 + tss = init_tss + get_cpu();
13112 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
13114 tsk->thread.sysenter_cs = 0;
13115 @@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_re
13116 goto cannot_handle;
13117 if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
13118 goto cannot_handle;
13119 - intr_ptr = (unsigned long __user *) (i << 2);
13120 + intr_ptr = (__force unsigned long __user *) (i << 2);
13121 if (get_user(segoffs, intr_ptr))
13122 goto cannot_handle;
13123 if ((segoffs >> 16) == BIOSSEG)
13124 diff -urNp linux-2.6.32.1/arch/x86/kernel/vmi_32.c linux-2.6.32.1/arch/x86/kernel/vmi_32.c
13125 --- linux-2.6.32.1/arch/x86/kernel/vmi_32.c 2009-12-02 22:51:21.000000000 -0500
13126 +++ linux-2.6.32.1/arch/x86/kernel/vmi_32.c 2009-12-14 18:33:51.762711460 -0500
13127 @@ -44,12 +44,17 @@ typedef u32 __attribute__((regparm(1)))
13128 typedef u64 __attribute__((regparm(2))) (VROMLONGFUNC)(int);
13130 #define call_vrom_func(rom,func) \
13131 - (((VROMFUNC *)(rom->func))())
13132 + (((VROMFUNC *)(ktva_ktla(rom.func)))())
13134 #define call_vrom_long_func(rom,func,arg) \
13135 - (((VROMLONGFUNC *)(rom->func)) (arg))
13137 + u64 __reloc = ((VROMLONGFUNC *)(ktva_ktla(rom.func))) (arg);\
13138 + struct vmi_relocation_info *const __rel = (struct vmi_relocation_info *)&__reloc;\
13139 + __rel->eip = (unsigned char *)ktva_ktla((unsigned long)__rel->eip);\
13143 -static struct vrom_header *vmi_rom;
13144 +static struct vrom_header vmi_rom __attribute((__section__(".vmi.rom"), __aligned__(PAGE_SIZE)));
13145 static int disable_pge;
13146 static int disable_pse;
13147 static int disable_sep;
13148 @@ -76,10 +81,10 @@ static struct {
13149 void (*set_initial_ap_state)(int, int);
13150 void (*halt)(void);
13151 void (*set_lazy_mode)(int mode);
13153 +} vmi_ops __read_only;
13155 /* Cached VMI operations */
13156 -struct vmi_timer_ops vmi_timer_ops;
13157 +struct vmi_timer_ops vmi_timer_ops __read_only;
13160 * VMI patching routines.
13161 @@ -94,7 +99,7 @@ struct vmi_timer_ops vmi_timer_ops;
13162 static inline void patch_offset(void *insnbuf,
13163 unsigned long ip, unsigned long dest)
13165 - *(unsigned long *)(insnbuf+1) = dest-ip-5;
13166 + *(unsigned long *)(insnbuf+1) = dest-ip-5;
13169 static unsigned patch_internal(int call, unsigned len, void *insnbuf,
13170 @@ -102,6 +107,7 @@ static unsigned patch_internal(int call,
13173 struct vmi_relocation_info *const rel = (struct vmi_relocation_info *)&reloc;
13175 reloc = call_vrom_long_func(vmi_rom, get_reloc, call);
13176 switch(rel->type) {
13177 case VMI_RELOCATION_CALL_REL:
13178 @@ -404,13 +410,13 @@ static void vmi_set_pud(pud_t *pudp, pud
13180 static void vmi_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
13182 - const pte_t pte = { .pte = 0 };
13183 + const pte_t pte = __pte(0ULL);
13184 vmi_ops.set_pte(pte, ptep, vmi_flags_addr(mm, addr, VMI_PAGE_PT, 0));
13187 static void vmi_pmd_clear(pmd_t *pmd)
13189 - const pte_t pte = { .pte = 0 };
13190 + const pte_t pte = __pte(0ULL);
13191 vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD);
13194 @@ -438,8 +444,8 @@ vmi_startup_ipi_hook(int phys_apicid, un
13195 ap.ss = __KERNEL_DS;
13196 ap.esp = (unsigned long) start_esp;
13198 - ap.ds = __USER_DS;
13199 - ap.es = __USER_DS;
13200 + ap.ds = __KERNEL_DS;
13201 + ap.es = __KERNEL_DS;
13202 ap.fs = __KERNEL_PERCPU;
13203 ap.gs = __KERNEL_STACK_CANARY;
13205 @@ -486,6 +492,18 @@ static void vmi_leave_lazy_mmu(void)
13206 paravirt_leave_lazy_mmu();
13209 +#ifdef CONFIG_PAX_KERNEXEC
13210 +static unsigned long vmi_pax_open_kernel(void)
13215 +static unsigned long vmi_pax_close_kernel(void)
13221 static inline int __init check_vmi_rom(struct vrom_header *rom)
13223 struct pci_header *pci;
13224 @@ -498,6 +516,10 @@ static inline int __init check_vmi_rom(s
13226 if (rom->vrom_signature != VMI_SIGNATURE)
13228 + if (rom->rom_length * 512 > sizeof(*rom)) {
13229 + printk(KERN_WARNING "PAX: VMI: ROM size too big: %x\n", rom->rom_length * 512);
13232 if (rom->api_version_maj != VMI_API_REV_MAJOR ||
13233 rom->api_version_min+1 < VMI_API_REV_MINOR+1) {
13234 printk(KERN_WARNING "VMI: Found mismatched rom version %d.%d\n",
13235 @@ -562,7 +584,7 @@ static inline int __init probe_vmi_rom(v
13236 struct vrom_header *romstart;
13237 romstart = (struct vrom_header *)isa_bus_to_virt(base);
13238 if (check_vmi_rom(romstart)) {
13239 - vmi_rom = romstart;
13240 + vmi_rom = *romstart;
13244 @@ -836,6 +858,11 @@ static inline int __init activate_vmi(vo
13246 para_fill(pv_irq_ops.safe_halt, Halt);
13248 +#ifdef CONFIG_PAX_KERNEXEC
13249 + pv_mmu_ops.pax_open_kernel = vmi_pax_open_kernel;
13250 + pv_mmu_ops.pax_close_kernel = vmi_pax_close_kernel;
13254 * Alternative instruction rewriting doesn't happen soon enough
13255 * to convert VMI_IRET to a call instead of a jump; so we have
13256 @@ -853,16 +880,16 @@ static inline int __init activate_vmi(vo
13258 void __init vmi_init(void)
13261 + if (!vmi_rom.rom_signature)
13264 - check_vmi_rom(vmi_rom);
13265 + check_vmi_rom(&vmi_rom);
13267 /* In case probing for or validating the ROM failed, basil */
13269 + if (!vmi_rom.rom_signature)
13272 - reserve_top_address(-vmi_rom->virtual_top);
13273 + reserve_top_address(-vmi_rom.virtual_top);
13275 #ifdef CONFIG_X86_IO_APIC
13276 /* This is virtual hardware; timer routing is wired correctly */
13277 @@ -874,7 +901,7 @@ void __init vmi_activate(void)
13279 unsigned long flags;
13282 + if (!vmi_rom.rom_signature)
13285 local_irq_save(flags);
13286 diff -urNp linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S
13287 --- linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S 2009-12-02 22:51:21.000000000 -0500
13288 +++ linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S 2009-12-14 18:33:51.762711460 -0500
13290 #include <asm/page_types.h>
13291 #include <asm/cache.h>
13292 #include <asm/boot.h>
13293 +#include <asm/segment.h>
13297 +#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
13298 +#define PMD_SHIFT 21
13300 +#define PMD_SHIFT 22
13302 +#define PMD_SIZE (1 << PMD_SHIFT)
13304 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13305 +#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR)
13307 +#define __KERNEL_TEXT_OFFSET 0
13310 #undef i386 /* in case the preprocessor is a 32bit one */
13312 @@ -34,40 +50,49 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF
13313 #ifdef CONFIG_X86_32
13315 ENTRY(phys_startup_32)
13316 -jiffies = jiffies_64;
13318 OUTPUT_ARCH(i386:x86-64)
13319 ENTRY(phys_startup_64)
13320 -jiffies_64 = jiffies;
13323 +jiffies = jiffies_64;
13326 text PT_LOAD FLAGS(5); /* R_E */
13327 - data PT_LOAD FLAGS(7); /* RWE */
13328 + rodata PT_LOAD FLAGS(4); /* R__ */
13329 + module PT_LOAD FLAGS(5); /* R_E */
13330 + data PT_LOAD FLAGS(6); /* RW_ */
13331 #ifdef CONFIG_X86_64
13332 user PT_LOAD FLAGS(5); /* R_E */
13334 + init.begin PT_LOAD FLAGS(6); /* RW_ */
13336 percpu PT_LOAD FLAGS(6); /* RW_ */
13338 + text.init PT_LOAD FLAGS(5); /* R_E */
13339 + text.exit PT_LOAD FLAGS(5); /* R_E */
13340 init PT_LOAD FLAGS(7); /* RWE */
13342 note PT_NOTE FLAGS(0); /* ___ */
13347 #ifdef CONFIG_X86_32
13348 - . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
13349 - phys_startup_32 = startup_32 - LOAD_OFFSET;
13350 + . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
13352 - . = __START_KERNEL;
13353 - phys_startup_64 = startup_64 - LOAD_OFFSET;
13354 + . = __START_KERNEL;
13357 /* Text and read-only data */
13358 - .text : AT(ADDR(.text) - LOAD_OFFSET) {
13360 + .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
13361 /* bootstrapping code */
13362 +#ifdef CONFIG_X86_32
13363 + phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
13365 + phys_startup_64 = startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
13367 + __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
13370 #ifdef CONFIG_X86_32
13371 . = ALIGN(PAGE_SIZE);
13372 @@ -82,28 +107,64 @@ SECTIONS
13376 - /* End of text section */
13380 - NOTES :text :note
13381 + . += __KERNEL_TEXT_OFFSET;
13383 + . = ALIGN(PAGE_SIZE);
13384 + NOTES :rodata :note
13386 - EXCEPTION_TABLE(16) :text = 0x9090
13387 + EXCEPTION_TABLE(16) :rodata
13391 +#ifdef CONFIG_X86_32
13392 + . = ALIGN(PAGE_SIZE);
13393 + .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
13395 + . = ALIGN(PAGE_SIZE);
13396 + *(.empty_zero_page)
13397 + *(.swapper_pg_pmd)
13398 + *(.swapper_pg_dir)
13402 + . = ALIGN(PAGE_SIZE);
13403 + .vmi.rom : AT(ADDR(.vmi.rom) - LOAD_OFFSET) {
13407 + . = ALIGN(PAGE_SIZE);
13408 + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
13410 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
13411 + MODULES_EXEC_VADDR = .;
13413 + . += (8 * 1024 * 1024);
13414 + . = ALIGN(PMD_SIZE);
13415 + MODULES_EXEC_END = . - 1;
13418 + /* End of text section */
13419 + _etext = . - __KERNEL_TEXT_OFFSET;
13423 .data : AT(ADDR(.data) - LOAD_OFFSET) {
13425 +#ifdef CONFIG_PAX_KERNEXEC
13426 + . = ALIGN(PMD_SIZE);
13428 + . = ALIGN(PAGE_SIZE);
13431 /* Start of data section */
13435 INIT_TASK_DATA(THREAD_SIZE)
13437 -#ifdef CONFIG_X86_32
13438 - /* 32 bit has nosave before _edata */
13442 PAGE_ALIGNED_DATA(PAGE_SIZE)
13444 @@ -166,12 +227,6 @@ SECTIONS
13446 vgetcpu_mode = VVIRT(.vgetcpu_mode);
13448 - . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
13449 - .jiffies : AT(VLOAD(.jiffies)) {
13452 - jiffies = VVIRT(.jiffies);
13454 .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
13457 @@ -187,12 +242,19 @@ SECTIONS
13458 #endif /* CONFIG_X86_64 */
13460 /* Init code and data - will be freed after init */
13461 - . = ALIGN(PAGE_SIZE);
13462 .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) {
13465 +#ifdef CONFIG_PAX_KERNEXEC
13466 + . = ALIGN(PMD_SIZE);
13468 + . = ALIGN(PAGE_SIZE);
13471 __init_begin = .; /* paired with __init_end */
13475 -#if defined(CONFIG_X86_64) && defined(CONFIG_SMP)
13478 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
13479 * output PHDR, so the next output section - .init.text - should
13480 @@ -201,12 +263,25 @@ SECTIONS
13481 PERCPU_VADDR(0, :percpu)
13484 - INIT_TEXT_SECTION(PAGE_SIZE)
13485 -#ifdef CONFIG_X86_64
13488 + . = ALIGN(PAGE_SIZE);
13490 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
13491 + VMLINUX_SYMBOL(_sinittext) = .;
13493 + VMLINUX_SYMBOL(_einittext) = .;
13496 - INIT_DATA_SECTION(16)
13498 + * .exit.text is discard at runtime, not link time, to deal with
13499 + * references from .altinstructions and .eh_frame
13501 + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
13505 + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
13507 + INIT_DATA_SECTION(16) :init
13509 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
13510 __x86_cpu_dev_start = .;
13511 @@ -232,19 +307,11 @@ SECTIONS
13512 *(.altinstr_replacement)
13516 - * .exit.text is discard at runtime, not link time, to deal with
13517 - * references from .altinstructions and .eh_frame
13519 - .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
13523 .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) {
13527 -#if !defined(CONFIG_X86_64) || !defined(CONFIG_SMP)
13528 +#ifndef CONFIG_SMP
13532 @@ -267,12 +334,6 @@ SECTIONS
13533 . = ALIGN(PAGE_SIZE);
13536 -#ifdef CONFIG_X86_64
13537 - .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
13543 . = ALIGN(PAGE_SIZE);
13544 .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
13545 @@ -288,6 +349,7 @@ SECTIONS
13547 . += 64 * 1024; /* 64k alignment slop space */
13548 *(.brk_reservation) /* areas brk users have reserved */
13549 + . = ALIGN(PMD_SIZE);
13553 @@ -316,13 +378,12 @@ SECTIONS
13554 * for the boot processor.
13556 #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load
13557 -INIT_PER_CPU(gdt_page);
13558 INIT_PER_CPU(irq_stack_union);
13561 * Build-time check on the image size:
13563 -. = ASSERT((_end - _text <= KERNEL_IMAGE_SIZE),
13564 +. = ASSERT((_end - _text - __KERNEL_TEXT_OFFSET <= KERNEL_IMAGE_SIZE),
13565 "kernel image bigger than KERNEL_IMAGE_SIZE");
13568 diff -urNp linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c
13569 --- linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c 2009-12-02 22:51:21.000000000 -0500
13570 +++ linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c 2009-12-14 18:33:51.763712039 -0500
13571 @@ -79,6 +79,7 @@ void update_vsyscall(struct timespec *wa
13573 write_seqlock_irqsave(&vsyscall_gtod_data.lock, flags);
13574 /* copy vsyscall data */
13575 + strlcpy(vsyscall_gtod_data.clock.name, clock->name, sizeof vsyscall_gtod_data.clock.name);
13576 vsyscall_gtod_data.clock.vread = clock->vread;
13577 vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
13578 vsyscall_gtod_data.clock.mask = clock->mask;
13579 @@ -202,7 +203,7 @@ vgetcpu(unsigned *cpu, unsigned *node, s
13580 We do this here because otherwise user space would do it on
13581 its own in a likely inferior way (no access to jiffies).
13582 If you don't like it pass NULL. */
13583 - if (tcache && tcache->blob[0] == (j = __jiffies)) {
13584 + if (tcache && tcache->blob[0] == (j = jiffies)) {
13585 p = tcache->blob[1];
13586 } else if (__vgetcpu_mode == VGETCPU_RDTSCP) {
13587 /* Load per CPU data from RDTSCP */
13588 @@ -233,13 +234,13 @@ static ctl_table kernel_table2[] = {
13589 .data = &vsyscall_gtod_data.sysctl_enabled, .maxlen = sizeof(int),
13591 .proc_handler = proc_dointvec },
13593 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
13596 static ctl_table kernel_root_table2[] = {
13597 { .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555,
13598 .child = kernel_table2 },
13600 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
13604 diff -urNp linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c
13605 --- linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c 2009-12-02 22:51:21.000000000 -0500
13606 +++ linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c 2009-12-14 18:33:51.763712039 -0500
13607 @@ -30,8 +30,6 @@ EXPORT_SYMBOL(__put_user_8);
13609 EXPORT_SYMBOL(copy_user_generic);
13610 EXPORT_SYMBOL(__copy_user_nocache);
13611 -EXPORT_SYMBOL(copy_from_user);
13612 -EXPORT_SYMBOL(copy_to_user);
13613 EXPORT_SYMBOL(__copy_from_user_inatomic);
13615 EXPORT_SYMBOL(copy_page);
13616 diff -urNp linux-2.6.32.1/arch/x86/kernel/xsave.c linux-2.6.32.1/arch/x86/kernel/xsave.c
13617 --- linux-2.6.32.1/arch/x86/kernel/xsave.c 2009-12-02 22:51:21.000000000 -0500
13618 +++ linux-2.6.32.1/arch/x86/kernel/xsave.c 2009-12-14 18:33:51.763712039 -0500
13619 @@ -54,7 +54,7 @@ int check_for_xstate(struct i387_fxsave_
13620 fx_sw_user->xstate_size > fx_sw_user->extended_size)
13623 - err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
13624 + err = __get_user(magic2, (__u32 __user *) (((void __user *)fpstate) +
13625 fx_sw_user->extended_size -
13626 FP_XSTATE_MAGIC2_SIZE));
13628 @@ -196,7 +196,7 @@ fx_only:
13629 * the other extended state.
13631 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
13632 - return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
13633 + return fxrstor_checking((struct i387_fxsave_struct __user *)buf);
13637 @@ -228,7 +228,7 @@ int restore_i387_xstate(void __user *buf
13638 if (task_thread_info(tsk)->status & TS_XSAVE)
13639 err = restore_user_xstate(buf);
13641 - err = fxrstor_checking((__force struct i387_fxsave_struct *)
13642 + err = fxrstor_checking((struct i387_fxsave_struct __user *)
13644 if (unlikely(err)) {
13646 diff -urNp linux-2.6.32.1/arch/x86/kvm/emulate.c linux-2.6.32.1/arch/x86/kvm/emulate.c
13647 --- linux-2.6.32.1/arch/x86/kvm/emulate.c 2009-12-02 22:51:21.000000000 -0500
13648 +++ linux-2.6.32.1/arch/x86/kvm/emulate.c 2009-12-14 18:33:51.764710507 -0500
13649 @@ -389,6 +389,7 @@ static u32 group2_table[] = {
13651 #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix) \
13653 + unsigned long _tmp; \
13654 __asm__ __volatile__ ( \
13655 _PRE_EFLAGS("0", "4", "2") \
13656 _op _suffix " %"_x"3,%1; " \
13657 @@ -402,8 +403,6 @@ static u32 group2_table[] = {
13658 /* Raw emulation: instruction has two explicit operands. */
13659 #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
13661 - unsigned long _tmp; \
13663 switch ((_dst).bytes) { \
13665 ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w"); \
13666 @@ -419,7 +418,6 @@ static u32 group2_table[] = {
13668 #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
13670 - unsigned long _tmp; \
13671 switch ((_dst).bytes) { \
13673 ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b"); \
13674 diff -urNp linux-2.6.32.1/arch/x86/kvm/svm.c linux-2.6.32.1/arch/x86/kvm/svm.c
13675 --- linux-2.6.32.1/arch/x86/kvm/svm.c 2009-12-02 22:51:21.000000000 -0500
13676 +++ linux-2.6.32.1/arch/x86/kvm/svm.c 2009-12-14 18:33:51.764710507 -0500
13677 @@ -2389,9 +2389,12 @@ static int handle_exit(struct kvm_run *k
13678 static void reload_tss(struct kvm_vcpu *vcpu)
13680 int cpu = raw_smp_processor_id();
13682 struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);
13684 + pax_open_kernel();
13685 svm_data->tss_desc->type = 9; /* available 32/64-bit TSS */
13686 + pax_close_kernel();
13691 @@ -2839,7 +2842,7 @@ static bool svm_gb_page_enable(void)
13695 -static struct kvm_x86_ops svm_x86_ops = {
13696 +static const struct kvm_x86_ops svm_x86_ops = {
13697 .cpu_has_kvm_support = has_svm,
13698 .disabled_by_bios = is_disabled,
13699 .hardware_setup = svm_hardware_setup,
13700 diff -urNp linux-2.6.32.1/arch/x86/kvm/vmx.c linux-2.6.32.1/arch/x86/kvm/vmx.c
13701 --- linux-2.6.32.1/arch/x86/kvm/vmx.c 2009-12-02 22:51:21.000000000 -0500
13702 +++ linux-2.6.32.1/arch/x86/kvm/vmx.c 2009-12-14 18:33:51.765712280 -0500
13703 @@ -566,7 +566,11 @@ static void reload_tss(void)
13706 descs = (void *)gdt.base;
13708 + pax_open_kernel();
13709 descs[GDT_ENTRY_TSS].type = 9; /* available TSS */
13710 + pax_close_kernel();
13715 @@ -1388,8 +1392,11 @@ static __init int hardware_setup(void)
13716 if (!cpu_has_vmx_flexpriority())
13717 flexpriority_enabled = 0;
13719 - if (!cpu_has_vmx_tpr_shadow())
13720 - kvm_x86_ops->update_cr8_intercept = NULL;
13721 + if (!cpu_has_vmx_tpr_shadow()) {
13722 + pax_open_kernel();
13723 + *(void **)&kvm_x86_ops->update_cr8_intercept = NULL;
13724 + pax_close_kernel();
13727 if (enable_ept && !cpu_has_vmx_ept_2m_page())
13728 kvm_disable_largepages();
13729 @@ -2339,7 +2346,7 @@ static int vmx_vcpu_setup(struct vcpu_vm
13730 vmcs_writel(HOST_IDTR_BASE, dt.base); /* 22.2.4 */
13732 asm("mov $.Lkvm_vmx_return, %0" : "=r"(kvm_vmx_return));
13733 - vmcs_writel(HOST_RIP, kvm_vmx_return); /* 22.2.5 */
13734 + vmcs_writel(HOST_RIP, ktla_ktva(kvm_vmx_return)); /* 22.2.5 */
13735 vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
13736 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
13737 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
13738 @@ -3682,6 +3689,12 @@ static void vmx_vcpu_run(struct kvm_vcpu
13739 "jmp .Lkvm_vmx_return \n\t"
13740 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
13741 ".Lkvm_vmx_return: "
13743 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13744 + "ljmp %[cs],$.Lkvm_vmx_return2\n\t"
13745 + ".Lkvm_vmx_return2: "
13748 /* Save guest registers, load host registers, keep flags */
13749 "xchg %0, (%%"R"sp) \n\t"
13750 "mov %%"R"ax, %c[rax](%0) \n\t"
13751 @@ -3728,6 +3741,11 @@ static void vmx_vcpu_run(struct kvm_vcpu
13752 [r15]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])),
13754 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2))
13756 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13757 + ,[cs]"i"(__KERNEL_CS)
13761 , R"bx", R"di", R"si"
13762 #ifdef CONFIG_X86_64
13763 @@ -3746,7 +3764,7 @@ static void vmx_vcpu_run(struct kvm_vcpu
13764 if (vmx->rmode.irq.pending)
13765 fixup_rmode_irq(vmx);
13767 - asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS));
13768 + asm("mov %0, %%ds; mov %0, %%es" : : "r"(__KERNEL_DS));
13771 vmx_complete_interrupts(vmx);
13772 @@ -3921,7 +3939,7 @@ static bool vmx_gb_page_enable(void)
13776 -static struct kvm_x86_ops vmx_x86_ops = {
13777 +static const struct kvm_x86_ops vmx_x86_ops = {
13778 .cpu_has_kvm_support = cpu_has_kvm_support,
13779 .disabled_by_bios = vmx_disabled_by_bios,
13780 .hardware_setup = hardware_setup,
13781 diff -urNp linux-2.6.32.1/arch/x86/kvm/x86.c linux-2.6.32.1/arch/x86/kvm/x86.c
13782 --- linux-2.6.32.1/arch/x86/kvm/x86.c 2009-12-02 22:51:21.000000000 -0500
13783 +++ linux-2.6.32.1/arch/x86/kvm/x86.c 2009-12-14 18:33:51.819714318 -0500
13784 @@ -81,45 +81,45 @@ static void update_cr8_intercept(struct
13785 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
13786 struct kvm_cpuid_entry2 __user *entries);
13788 -struct kvm_x86_ops *kvm_x86_ops;
13789 +const struct kvm_x86_ops *kvm_x86_ops;
13790 EXPORT_SYMBOL_GPL(kvm_x86_ops);
13792 int ignore_msrs = 0;
13793 module_param_named(ignore_msrs, ignore_msrs, bool, S_IRUGO | S_IWUSR);
13795 struct kvm_stats_debugfs_item debugfs_entries[] = {
13796 - { "pf_fixed", VCPU_STAT(pf_fixed) },
13797 - { "pf_guest", VCPU_STAT(pf_guest) },
13798 - { "tlb_flush", VCPU_STAT(tlb_flush) },
13799 - { "invlpg", VCPU_STAT(invlpg) },
13800 - { "exits", VCPU_STAT(exits) },
13801 - { "io_exits", VCPU_STAT(io_exits) },
13802 - { "mmio_exits", VCPU_STAT(mmio_exits) },
13803 - { "signal_exits", VCPU_STAT(signal_exits) },
13804 - { "irq_window", VCPU_STAT(irq_window_exits) },
13805 - { "nmi_window", VCPU_STAT(nmi_window_exits) },
13806 - { "halt_exits", VCPU_STAT(halt_exits) },
13807 - { "halt_wakeup", VCPU_STAT(halt_wakeup) },
13808 - { "hypercalls", VCPU_STAT(hypercalls) },
13809 - { "request_irq", VCPU_STAT(request_irq_exits) },
13810 - { "irq_exits", VCPU_STAT(irq_exits) },
13811 - { "host_state_reload", VCPU_STAT(host_state_reload) },
13812 - { "efer_reload", VCPU_STAT(efer_reload) },
13813 - { "fpu_reload", VCPU_STAT(fpu_reload) },
13814 - { "insn_emulation", VCPU_STAT(insn_emulation) },
13815 - { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
13816 - { "irq_injections", VCPU_STAT(irq_injections) },
13817 - { "nmi_injections", VCPU_STAT(nmi_injections) },
13818 - { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
13819 - { "mmu_pte_write", VM_STAT(mmu_pte_write) },
13820 - { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
13821 - { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
13822 - { "mmu_flooded", VM_STAT(mmu_flooded) },
13823 - { "mmu_recycled", VM_STAT(mmu_recycled) },
13824 - { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
13825 - { "mmu_unsync", VM_STAT(mmu_unsync) },
13826 - { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
13827 - { "largepages", VM_STAT(lpages) },
13828 + { "pf_fixed", VCPU_STAT(pf_fixed), NULL },
13829 + { "pf_guest", VCPU_STAT(pf_guest), NULL },
13830 + { "tlb_flush", VCPU_STAT(tlb_flush), NULL },
13831 + { "invlpg", VCPU_STAT(invlpg), NULL },
13832 + { "exits", VCPU_STAT(exits), NULL },
13833 + { "io_exits", VCPU_STAT(io_exits), NULL },
13834 + { "mmio_exits", VCPU_STAT(mmio_exits), NULL },
13835 + { "signal_exits", VCPU_STAT(signal_exits), NULL },
13836 + { "irq_window", VCPU_STAT(irq_window_exits), NULL },
13837 + { "nmi_window", VCPU_STAT(nmi_window_exits), NULL },
13838 + { "halt_exits", VCPU_STAT(halt_exits), NULL },
13839 + { "halt_wakeup", VCPU_STAT(halt_wakeup), NULL },
13840 + { "hypercalls", VCPU_STAT(hypercalls), NULL },
13841 + { "request_irq", VCPU_STAT(request_irq_exits), NULL },
13842 + { "irq_exits", VCPU_STAT(irq_exits), NULL },
13843 + { "host_state_reload", VCPU_STAT(host_state_reload), NULL },
13844 + { "efer_reload", VCPU_STAT(efer_reload), NULL },
13845 + { "fpu_reload", VCPU_STAT(fpu_reload), NULL },
13846 + { "insn_emulation", VCPU_STAT(insn_emulation), NULL },
13847 + { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail), NULL },
13848 + { "irq_injections", VCPU_STAT(irq_injections), NULL },
13849 + { "nmi_injections", VCPU_STAT(nmi_injections), NULL },
13850 + { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped), NULL },
13851 + { "mmu_pte_write", VM_STAT(mmu_pte_write), NULL },
13852 + { "mmu_pte_updated", VM_STAT(mmu_pte_updated), NULL },
13853 + { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped), NULL },
13854 + { "mmu_flooded", VM_STAT(mmu_flooded), NULL },
13855 + { "mmu_recycled", VM_STAT(mmu_recycled), NULL },
13856 + { "mmu_cache_miss", VM_STAT(mmu_cache_miss), NULL },
13857 + { "mmu_unsync", VM_STAT(mmu_unsync), NULL },
13858 + { "remote_tlb_flush", VM_STAT(remote_tlb_flush), NULL },
13859 + { "largepages", VM_STAT(lpages), NULL },
13863 @@ -1654,7 +1654,7 @@ static int kvm_vcpu_ioctl_set_lapic(stru
13864 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
13865 struct kvm_interrupt *irq)
13867 - if (irq->irq < 0 || irq->irq >= 256)
13868 + if (irq->irq >= 256)
13870 if (irqchip_in_kernel(vcpu->kvm))
13872 @@ -3127,10 +3127,10 @@ static struct notifier_block kvmclock_cp
13873 .notifier_call = kvmclock_cpufreq_notifier
13876 -int kvm_arch_init(void *opaque)
13877 +int kvm_arch_init(const void *opaque)
13880 - struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
13881 + const struct kvm_x86_ops *ops = (const struct kvm_x86_ops *)opaque;
13884 printk(KERN_ERR "kvm: already loaded the other module\n");
13885 diff -urNp linux-2.6.32.1/arch/x86/lib/checksum_32.S linux-2.6.32.1/arch/x86/lib/checksum_32.S
13886 --- linux-2.6.32.1/arch/x86/lib/checksum_32.S 2009-12-02 22:51:21.000000000 -0500
13887 +++ linux-2.6.32.1/arch/x86/lib/checksum_32.S 2009-12-14 18:33:51.829715057 -0500
13889 #include <linux/linkage.h>
13890 #include <asm/dwarf2.h>
13891 #include <asm/errno.h>
13893 +#include <asm/segment.h>
13896 * computes a partial checksum, e.g. for TCP/UDP fragments
13898 @@ -304,9 +305,22 @@ unsigned int csum_partial_copy_generic (
13903 -ENTRY(csum_partial_copy_generic)
13905 +ENTRY(csum_partial_copy_generic_to_user)
13907 + pushl $(__USER_DS)
13908 + CFI_ADJUST_CFA_OFFSET 4
13910 + CFI_ADJUST_CFA_OFFSET -4
13911 + jmp csum_partial_copy_generic
13913 +ENTRY(csum_partial_copy_generic_from_user)
13914 + pushl $(__USER_DS)
13915 + CFI_ADJUST_CFA_OFFSET 4
13917 + CFI_ADJUST_CFA_OFFSET -4
13919 +ENTRY(csum_partial_copy_generic)
13921 CFI_ADJUST_CFA_OFFSET 4
13923 @@ -331,7 +345,7 @@ ENTRY(csum_partial_copy_generic)
13925 SRC(1: movw (%esi), %bx )
13927 -DST( movw %bx, (%edi) )
13928 +DST( movw %bx, %es:(%edi) )
13932 @@ -343,30 +357,30 @@ DST( movw %bx, (%edi) )
13933 SRC(1: movl (%esi), %ebx )
13934 SRC( movl 4(%esi), %edx )
13936 -DST( movl %ebx, (%edi) )
13937 +DST( movl %ebx, %es:(%edi) )
13939 -DST( movl %edx, 4(%edi) )
13940 +DST( movl %edx, %es:4(%edi) )
13942 SRC( movl 8(%esi), %ebx )
13943 SRC( movl 12(%esi), %edx )
13945 -DST( movl %ebx, 8(%edi) )
13946 +DST( movl %ebx, %es:8(%edi) )
13948 -DST( movl %edx, 12(%edi) )
13949 +DST( movl %edx, %es:12(%edi) )
13951 SRC( movl 16(%esi), %ebx )
13952 SRC( movl 20(%esi), %edx )
13954 -DST( movl %ebx, 16(%edi) )
13955 +DST( movl %ebx, %es:16(%edi) )
13957 -DST( movl %edx, 20(%edi) )
13958 +DST( movl %edx, %es:20(%edi) )
13960 SRC( movl 24(%esi), %ebx )
13961 SRC( movl 28(%esi), %edx )
13963 -DST( movl %ebx, 24(%edi) )
13964 +DST( movl %ebx, %es:24(%edi) )
13966 -DST( movl %edx, 28(%edi) )
13967 +DST( movl %edx, %es:28(%edi) )
13971 @@ -380,7 +394,7 @@ DST( movl %edx, 28(%edi) )
13972 shrl $2, %edx # This clears CF
13973 SRC(3: movl (%esi), %ebx )
13975 -DST( movl %ebx, (%edi) )
13976 +DST( movl %ebx, %es:(%edi) )
13980 @@ -392,12 +406,12 @@ DST( movl %ebx, (%edi) )
13982 SRC( movw (%esi), %cx )
13984 -DST( movw %cx, (%edi) )
13985 +DST( movw %cx, %es:(%edi) )
13989 SRC(5: movb (%esi), %cl )
13990 -DST( movb %cl, (%edi) )
13991 +DST( movb %cl, %es:(%edi) )
13995 @@ -408,7 +422,7 @@ DST( movb %cl, (%edi) )
13998 movl ARGBASE+20(%esp), %ebx # src_err_ptr
13999 - movl $-EFAULT, (%ebx)
14000 + movl $-EFAULT, %ss:(%ebx)
14002 # zero the complete destination - computing the rest
14004 @@ -421,11 +435,19 @@ DST( movb %cl, (%edi) )
14007 movl ARGBASE+24(%esp), %ebx # dst_err_ptr
14008 - movl $-EFAULT,(%ebx)
14009 + movl $-EFAULT,%ss:(%ebx)
14015 + CFI_ADJUST_CFA_OFFSET 4
14017 + CFI_ADJUST_CFA_OFFSET -4
14019 + CFI_ADJUST_CFA_OFFSET 4
14021 + CFI_ADJUST_CFA_OFFSET -4
14023 CFI_ADJUST_CFA_OFFSET -4
14025 @@ -439,26 +461,41 @@ DST( movb %cl, (%edi) )
14026 CFI_ADJUST_CFA_OFFSET -4
14029 -ENDPROC(csum_partial_copy_generic)
14030 +ENDPROC(csum_partial_copy_generic_to_user)
14034 /* Version for PentiumII/PPro */
14036 #define ROUND1(x) \
14038 SRC(movl x(%esi), %ebx ) ; \
14039 addl %ebx, %eax ; \
14040 - DST(movl %ebx, x(%edi) ) ;
14041 + DST(movl %ebx, %es:x(%edi)) ;
14045 SRC(movl x(%esi), %ebx ) ; \
14046 adcl %ebx, %eax ; \
14047 - DST(movl %ebx, x(%edi) ) ;
14048 + DST(movl %ebx, %es:x(%edi)) ;
14052 -ENTRY(csum_partial_copy_generic)
14054 +ENTRY(csum_partial_copy_generic_to_user)
14056 + pushl $(__USER_DS)
14057 + CFI_ADJUST_CFA_OFFSET 4
14059 + CFI_ADJUST_CFA_OFFSET -4
14060 + jmp csum_partial_copy_generic
14062 +ENTRY(csum_partial_copy_generic_from_user)
14063 + pushl $(__USER_DS)
14064 + CFI_ADJUST_CFA_OFFSET 4
14066 + CFI_ADJUST_CFA_OFFSET -4
14068 +ENTRY(csum_partial_copy_generic)
14070 CFI_ADJUST_CFA_OFFSET 4
14071 CFI_REL_OFFSET ebx, 0
14072 @@ -482,7 +519,7 @@ ENTRY(csum_partial_copy_generic)
14076 - lea 3f(%ebx,%ebx), %ebx
14077 + lea 3f(%ebx,%ebx,2), %ebx
14081 @@ -503,19 +540,19 @@ ENTRY(csum_partial_copy_generic)
14083 SRC( movw (%esi), %dx )
14085 -DST( movw %dx, (%edi) )
14086 +DST( movw %dx, %es:(%edi) )
14091 SRC( movb (%esi), %dl )
14092 -DST( movb %dl, (%edi) )
14093 +DST( movb %dl, %es:(%edi) )
14097 .section .fixup, "ax"
14098 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr
14099 - movl $-EFAULT, (%ebx)
14100 + movl $-EFAULT, %ss:(%ebx)
14101 # zero the complete destination (computing the rest is too much work)
14102 movl ARGBASE+8(%esp),%edi # dst
14103 movl ARGBASE+12(%esp),%ecx # len
14104 @@ -523,10 +560,18 @@ DST( movb %dl, (%edi) )
14107 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr
14108 - movl $-EFAULT, (%ebx)
14109 + movl $-EFAULT, %ss:(%ebx)
14114 + CFI_ADJUST_CFA_OFFSET 4
14116 + CFI_ADJUST_CFA_OFFSET -4
14118 + CFI_ADJUST_CFA_OFFSET 4
14120 + CFI_ADJUST_CFA_OFFSET -4
14122 CFI_ADJUST_CFA_OFFSET -4
14124 @@ -538,7 +583,7 @@ DST( movb %dl, (%edi) )
14128 -ENDPROC(csum_partial_copy_generic)
14129 +ENDPROC(csum_partial_copy_generic_to_user)
14133 diff -urNp linux-2.6.32.1/arch/x86/lib/clear_page_64.S linux-2.6.32.1/arch/x86/lib/clear_page_64.S
14134 --- linux-2.6.32.1/arch/x86/lib/clear_page_64.S 2009-12-02 22:51:21.000000000 -0500
14135 +++ linux-2.6.32.1/arch/x86/lib/clear_page_64.S 2009-12-14 18:33:51.829715057 -0500
14136 @@ -43,7 +43,7 @@ ENDPROC(clear_page)
14138 #include <asm/cpufeature.h>
14140 - .section .altinstr_replacement,"ax"
14141 + .section .altinstr_replacement,"a"
14142 1: .byte 0xeb /* jmp <disp8> */
14143 .byte (clear_page_c - clear_page) - (2f - 1b) /* offset */
14145 diff -urNp linux-2.6.32.1/arch/x86/lib/copy_page_64.S linux-2.6.32.1/arch/x86/lib/copy_page_64.S
14146 --- linux-2.6.32.1/arch/x86/lib/copy_page_64.S 2009-12-02 22:51:21.000000000 -0500
14147 +++ linux-2.6.32.1/arch/x86/lib/copy_page_64.S 2009-12-14 18:33:51.832709314 -0500
14148 @@ -104,7 +104,7 @@ ENDPROC(copy_page)
14150 #include <asm/cpufeature.h>
14152 - .section .altinstr_replacement,"ax"
14153 + .section .altinstr_replacement,"a"
14154 1: .byte 0xeb /* jmp <disp8> */
14155 .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */
14157 diff -urNp linux-2.6.32.1/arch/x86/lib/copy_user_64.S linux-2.6.32.1/arch/x86/lib/copy_user_64.S
14158 --- linux-2.6.32.1/arch/x86/lib/copy_user_64.S 2009-12-02 22:51:21.000000000 -0500
14159 +++ linux-2.6.32.1/arch/x86/lib/copy_user_64.S 2009-12-14 18:33:51.832709314 -0500
14161 .byte 0xe9 /* 32bit jump */
14162 .long \orig-1f /* by default jump to orig */
14164 - .section .altinstr_replacement,"ax"
14165 + .section .altinstr_replacement,"a"
14166 2: .byte 0xe9 /* near jump with 32bit immediate */
14167 .long \alt-1b /* offset */ /* or alternatively to alt */
14173 -/* Standard copy_to_user with segment limit checking */
14174 -ENTRY(copy_to_user)
14176 - GET_THREAD_INFO(%rax)
14180 - cmpq TI_addr_limit(%rax),%rcx
14182 - ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
14184 -ENDPROC(copy_to_user)
14186 -/* Standard copy_from_user with segment limit checking */
14187 -ENTRY(copy_from_user)
14189 - GET_THREAD_INFO(%rax)
14193 - cmpq TI_addr_limit(%rax),%rcx
14194 - jae bad_from_user
14195 - ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
14197 -ENDPROC(copy_from_user)
14199 ENTRY(copy_user_generic)
14201 ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
14202 @@ -107,6 +81,8 @@ ENDPROC(__copy_from_user_inatomic)
14203 ENTRY(bad_from_user)
14211 diff -urNp linux-2.6.32.1/arch/x86/lib/getuser.S linux-2.6.32.1/arch/x86/lib/getuser.S
14212 --- linux-2.6.32.1/arch/x86/lib/getuser.S 2009-12-02 22:51:21.000000000 -0500
14213 +++ linux-2.6.32.1/arch/x86/lib/getuser.S 2009-12-14 18:33:51.832709314 -0500
14215 #include <asm/asm-offsets.h>
14216 #include <asm/thread_info.h>
14217 #include <asm/asm.h>
14218 +#include <asm/segment.h>
14221 ENTRY(__get_user_1)
14222 @@ -40,7 +41,19 @@ ENTRY(__get_user_1)
14223 GET_THREAD_INFO(%_ASM_DX)
14224 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
14227 +#ifdef CONFIG_X86_32
14228 + pushl $(__USER_DS)
14232 1: movzb (%_ASM_AX),%edx
14234 +#ifdef CONFIG_X86_32
14242 @@ -53,7 +66,19 @@ ENTRY(__get_user_2)
14243 GET_THREAD_INFO(%_ASM_DX)
14244 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
14247 +#ifdef CONFIG_X86_32
14248 + pushl $(__USER_DS)
14252 2: movzwl -1(%_ASM_AX),%edx
14254 +#ifdef CONFIG_X86_32
14262 @@ -66,7 +91,19 @@ ENTRY(__get_user_4)
14263 GET_THREAD_INFO(%_ASM_DX)
14264 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
14267 +#ifdef CONFIG_X86_32
14268 + pushl $(__USER_DS)
14272 3: mov -3(%_ASM_AX),%edx
14274 +#ifdef CONFIG_X86_32
14282 @@ -89,6 +126,12 @@ ENDPROC(__get_user_8)
14287 +#ifdef CONFIG_X86_32
14293 mov $(-EFAULT),%_ASM_AX
14295 diff -urNp linux-2.6.32.1/arch/x86/lib/memcpy_64.S linux-2.6.32.1/arch/x86/lib/memcpy_64.S
14296 --- linux-2.6.32.1/arch/x86/lib/memcpy_64.S 2009-12-02 22:51:21.000000000 -0500
14297 +++ linux-2.6.32.1/arch/x86/lib/memcpy_64.S 2009-12-14 18:33:51.833719440 -0500
14298 @@ -128,7 +128,7 @@ ENDPROC(__memcpy)
14299 * It is also a lot simpler. Use this when possible:
14302 - .section .altinstr_replacement, "ax"
14303 + .section .altinstr_replacement, "a"
14304 1: .byte 0xeb /* jmp <disp8> */
14305 .byte (memcpy_c - memcpy) - (2f - 1b) /* offset */
14307 diff -urNp linux-2.6.32.1/arch/x86/lib/memset_64.S linux-2.6.32.1/arch/x86/lib/memset_64.S
14308 --- linux-2.6.32.1/arch/x86/lib/memset_64.S 2009-12-02 22:51:21.000000000 -0500
14309 +++ linux-2.6.32.1/arch/x86/lib/memset_64.S 2009-12-14 18:33:51.833719440 -0500
14310 @@ -118,7 +118,7 @@ ENDPROC(__memset)
14312 #include <asm/cpufeature.h>
14314 - .section .altinstr_replacement,"ax"
14315 + .section .altinstr_replacement,"a"
14316 1: .byte 0xeb /* jmp <disp8> */
14317 .byte (memset_c - memset) - (2f - 1b) /* offset */
14319 diff -urNp linux-2.6.32.1/arch/x86/lib/mmx_32.c linux-2.6.32.1/arch/x86/lib/mmx_32.c
14320 --- linux-2.6.32.1/arch/x86/lib/mmx_32.c 2009-12-02 22:51:21.000000000 -0500
14321 +++ linux-2.6.32.1/arch/x86/lib/mmx_32.c 2009-12-14 18:33:51.837714253 -0500
14322 @@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void *
14326 + unsigned long cr0;
14328 if (unlikely(in_interrupt()))
14329 return __memcpy(to, from, len);
14330 @@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void *
14331 kernel_fpu_begin();
14333 __asm__ __volatile__ (
14334 - "1: prefetch (%0)\n" /* This set is 28 bytes */
14335 - " prefetch 64(%0)\n"
14336 - " prefetch 128(%0)\n"
14337 - " prefetch 192(%0)\n"
14338 - " prefetch 256(%0)\n"
14339 + "1: prefetch (%1)\n" /* This set is 28 bytes */
14340 + " prefetch 64(%1)\n"
14341 + " prefetch 128(%1)\n"
14342 + " prefetch 192(%1)\n"
14343 + " prefetch 256(%1)\n"
14345 ".section .fixup, \"ax\"\n"
14346 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14349 +#ifdef CONFIG_PAX_KERNEXEC
14350 + " movl %%cr0, %0\n"
14351 + " movl %0, %%eax\n"
14352 + " andl $0xFFFEFFFF, %%eax\n"
14353 + " movl %%eax, %%cr0\n"
14356 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14358 +#ifdef CONFIG_PAX_KERNEXEC
14359 + " movl %0, %%cr0\n"
14364 _ASM_EXTABLE(1b, 3b)
14366 + : "=&r" (cr0) : "r" (from) : "ax");
14368 for ( ; i > 5; i--) {
14369 __asm__ __volatile__ (
14370 - "1: prefetch 320(%0)\n"
14371 - "2: movq (%0), %%mm0\n"
14372 - " movq 8(%0), %%mm1\n"
14373 - " movq 16(%0), %%mm2\n"
14374 - " movq 24(%0), %%mm3\n"
14375 - " movq %%mm0, (%1)\n"
14376 - " movq %%mm1, 8(%1)\n"
14377 - " movq %%mm2, 16(%1)\n"
14378 - " movq %%mm3, 24(%1)\n"
14379 - " movq 32(%0), %%mm0\n"
14380 - " movq 40(%0), %%mm1\n"
14381 - " movq 48(%0), %%mm2\n"
14382 - " movq 56(%0), %%mm3\n"
14383 - " movq %%mm0, 32(%1)\n"
14384 - " movq %%mm1, 40(%1)\n"
14385 - " movq %%mm2, 48(%1)\n"
14386 - " movq %%mm3, 56(%1)\n"
14387 + "1: prefetch 320(%1)\n"
14388 + "2: movq (%1), %%mm0\n"
14389 + " movq 8(%1), %%mm1\n"
14390 + " movq 16(%1), %%mm2\n"
14391 + " movq 24(%1), %%mm3\n"
14392 + " movq %%mm0, (%2)\n"
14393 + " movq %%mm1, 8(%2)\n"
14394 + " movq %%mm2, 16(%2)\n"
14395 + " movq %%mm3, 24(%2)\n"
14396 + " movq 32(%1), %%mm0\n"
14397 + " movq 40(%1), %%mm1\n"
14398 + " movq 48(%1), %%mm2\n"
14399 + " movq 56(%1), %%mm3\n"
14400 + " movq %%mm0, 32(%2)\n"
14401 + " movq %%mm1, 40(%2)\n"
14402 + " movq %%mm2, 48(%2)\n"
14403 + " movq %%mm3, 56(%2)\n"
14404 ".section .fixup, \"ax\"\n"
14405 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14408 +#ifdef CONFIG_PAX_KERNEXEC
14409 + " movl %%cr0, %0\n"
14410 + " movl %0, %%eax\n"
14411 + " andl $0xFFFEFFFF, %%eax\n"
14412 + " movl %%eax, %%cr0\n"
14415 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14417 +#ifdef CONFIG_PAX_KERNEXEC
14418 + " movl %0, %%cr0\n"
14423 _ASM_EXTABLE(1b, 3b)
14424 - : : "r" (from), "r" (to) : "memory");
14425 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14429 @@ -158,6 +187,7 @@ static void fast_clear_page(void *page)
14430 static void fast_copy_page(void *to, void *from)
14433 + unsigned long cr0;
14435 kernel_fpu_begin();
14437 @@ -166,42 +196,70 @@ static void fast_copy_page(void *to, voi
14438 * but that is for later. -AV
14440 __asm__ __volatile__(
14441 - "1: prefetch (%0)\n"
14442 - " prefetch 64(%0)\n"
14443 - " prefetch 128(%0)\n"
14444 - " prefetch 192(%0)\n"
14445 - " prefetch 256(%0)\n"
14446 + "1: prefetch (%1)\n"
14447 + " prefetch 64(%1)\n"
14448 + " prefetch 128(%1)\n"
14449 + " prefetch 192(%1)\n"
14450 + " prefetch 256(%1)\n"
14452 ".section .fixup, \"ax\"\n"
14453 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14456 +#ifdef CONFIG_PAX_KERNEXEC
14457 + " movl %%cr0, %0\n"
14458 + " movl %0, %%eax\n"
14459 + " andl $0xFFFEFFFF, %%eax\n"
14460 + " movl %%eax, %%cr0\n"
14463 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14465 +#ifdef CONFIG_PAX_KERNEXEC
14466 + " movl %0, %%cr0\n"
14471 - _ASM_EXTABLE(1b, 3b) : : "r" (from));
14472 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
14474 for (i = 0; i < (4096-320)/64; i++) {
14475 __asm__ __volatile__ (
14476 - "1: prefetch 320(%0)\n"
14477 - "2: movq (%0), %%mm0\n"
14478 - " movntq %%mm0, (%1)\n"
14479 - " movq 8(%0), %%mm1\n"
14480 - " movntq %%mm1, 8(%1)\n"
14481 - " movq 16(%0), %%mm2\n"
14482 - " movntq %%mm2, 16(%1)\n"
14483 - " movq 24(%0), %%mm3\n"
14484 - " movntq %%mm3, 24(%1)\n"
14485 - " movq 32(%0), %%mm4\n"
14486 - " movntq %%mm4, 32(%1)\n"
14487 - " movq 40(%0), %%mm5\n"
14488 - " movntq %%mm5, 40(%1)\n"
14489 - " movq 48(%0), %%mm6\n"
14490 - " movntq %%mm6, 48(%1)\n"
14491 - " movq 56(%0), %%mm7\n"
14492 - " movntq %%mm7, 56(%1)\n"
14493 + "1: prefetch 320(%1)\n"
14494 + "2: movq (%1), %%mm0\n"
14495 + " movntq %%mm0, (%2)\n"
14496 + " movq 8(%1), %%mm1\n"
14497 + " movntq %%mm1, 8(%2)\n"
14498 + " movq 16(%1), %%mm2\n"
14499 + " movntq %%mm2, 16(%2)\n"
14500 + " movq 24(%1), %%mm3\n"
14501 + " movntq %%mm3, 24(%2)\n"
14502 + " movq 32(%1), %%mm4\n"
14503 + " movntq %%mm4, 32(%2)\n"
14504 + " movq 40(%1), %%mm5\n"
14505 + " movntq %%mm5, 40(%2)\n"
14506 + " movq 48(%1), %%mm6\n"
14507 + " movntq %%mm6, 48(%2)\n"
14508 + " movq 56(%1), %%mm7\n"
14509 + " movntq %%mm7, 56(%2)\n"
14510 ".section .fixup, \"ax\"\n"
14511 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14514 +#ifdef CONFIG_PAX_KERNEXEC
14515 + " movl %%cr0, %0\n"
14516 + " movl %0, %%eax\n"
14517 + " andl $0xFFFEFFFF, %%eax\n"
14518 + " movl %%eax, %%cr0\n"
14521 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14523 +#ifdef CONFIG_PAX_KERNEXEC
14524 + " movl %0, %%cr0\n"
14529 - _ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory");
14530 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14534 @@ -280,47 +338,76 @@ static void fast_clear_page(void *page)
14535 static void fast_copy_page(void *to, void *from)
14538 + unsigned long cr0;
14540 kernel_fpu_begin();
14542 __asm__ __volatile__ (
14543 - "1: prefetch (%0)\n"
14544 - " prefetch 64(%0)\n"
14545 - " prefetch 128(%0)\n"
14546 - " prefetch 192(%0)\n"
14547 - " prefetch 256(%0)\n"
14548 + "1: prefetch (%1)\n"
14549 + " prefetch 64(%1)\n"
14550 + " prefetch 128(%1)\n"
14551 + " prefetch 192(%1)\n"
14552 + " prefetch 256(%1)\n"
14554 ".section .fixup, \"ax\"\n"
14555 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14558 +#ifdef CONFIG_PAX_KERNEXEC
14559 + " movl %%cr0, %0\n"
14560 + " movl %0, %%eax\n"
14561 + " andl $0xFFFEFFFF, %%eax\n"
14562 + " movl %%eax, %%cr0\n"
14565 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14567 +#ifdef CONFIG_PAX_KERNEXEC
14568 + " movl %0, %%cr0\n"
14573 - _ASM_EXTABLE(1b, 3b) : : "r" (from));
14574 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
14576 for (i = 0; i < 4096/64; i++) {
14577 __asm__ __volatile__ (
14578 - "1: prefetch 320(%0)\n"
14579 - "2: movq (%0), %%mm0\n"
14580 - " movq 8(%0), %%mm1\n"
14581 - " movq 16(%0), %%mm2\n"
14582 - " movq 24(%0), %%mm3\n"
14583 - " movq %%mm0, (%1)\n"
14584 - " movq %%mm1, 8(%1)\n"
14585 - " movq %%mm2, 16(%1)\n"
14586 - " movq %%mm3, 24(%1)\n"
14587 - " movq 32(%0), %%mm0\n"
14588 - " movq 40(%0), %%mm1\n"
14589 - " movq 48(%0), %%mm2\n"
14590 - " movq 56(%0), %%mm3\n"
14591 - " movq %%mm0, 32(%1)\n"
14592 - " movq %%mm1, 40(%1)\n"
14593 - " movq %%mm2, 48(%1)\n"
14594 - " movq %%mm3, 56(%1)\n"
14595 + "1: prefetch 320(%1)\n"
14596 + "2: movq (%1), %%mm0\n"
14597 + " movq 8(%1), %%mm1\n"
14598 + " movq 16(%1), %%mm2\n"
14599 + " movq 24(%1), %%mm3\n"
14600 + " movq %%mm0, (%2)\n"
14601 + " movq %%mm1, 8(%2)\n"
14602 + " movq %%mm2, 16(%2)\n"
14603 + " movq %%mm3, 24(%2)\n"
14604 + " movq 32(%1), %%mm0\n"
14605 + " movq 40(%1), %%mm1\n"
14606 + " movq 48(%1), %%mm2\n"
14607 + " movq 56(%1), %%mm3\n"
14608 + " movq %%mm0, 32(%2)\n"
14609 + " movq %%mm1, 40(%2)\n"
14610 + " movq %%mm2, 48(%2)\n"
14611 + " movq %%mm3, 56(%2)\n"
14612 ".section .fixup, \"ax\"\n"
14613 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14616 +#ifdef CONFIG_PAX_KERNEXEC
14617 + " movl %%cr0, %0\n"
14618 + " movl %0, %%eax\n"
14619 + " andl $0xFFFEFFFF, %%eax\n"
14620 + " movl %%eax, %%cr0\n"
14623 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14625 +#ifdef CONFIG_PAX_KERNEXEC
14626 + " movl %0, %%cr0\n"
14631 _ASM_EXTABLE(1b, 3b)
14632 - : : "r" (from), "r" (to) : "memory");
14633 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14637 diff -urNp linux-2.6.32.1/arch/x86/lib/putuser.S linux-2.6.32.1/arch/x86/lib/putuser.S
14638 --- linux-2.6.32.1/arch/x86/lib/putuser.S 2009-12-02 22:51:21.000000000 -0500
14639 +++ linux-2.6.32.1/arch/x86/lib/putuser.S 2009-12-14 18:33:51.838703272 -0500
14641 #include <asm/thread_info.h>
14642 #include <asm/errno.h>
14643 #include <asm/asm.h>
14644 +#include <asm/segment.h>
14648 @@ -39,7 +40,19 @@ ENTRY(__put_user_1)
14650 cmp TI_addr_limit(%_ASM_BX),%_ASM_CX
14653 +#ifdef CONFIG_X86_32
14654 + pushl $(__USER_DS)
14658 1: movb %al,(%_ASM_CX)
14660 +#ifdef CONFIG_X86_32
14667 ENDPROC(__put_user_1)
14668 @@ -50,7 +63,19 @@ ENTRY(__put_user_2)
14670 cmp %_ASM_BX,%_ASM_CX
14673 +#ifdef CONFIG_X86_32
14674 + pushl $(__USER_DS)
14678 2: movw %ax,(%_ASM_CX)
14680 +#ifdef CONFIG_X86_32
14687 ENDPROC(__put_user_2)
14688 @@ -61,7 +86,19 @@ ENTRY(__put_user_4)
14690 cmp %_ASM_BX,%_ASM_CX
14693 +#ifdef CONFIG_X86_32
14694 + pushl $(__USER_DS)
14698 3: movl %eax,(%_ASM_CX)
14700 +#ifdef CONFIG_X86_32
14707 ENDPROC(__put_user_4)
14708 @@ -72,16 +109,34 @@ ENTRY(__put_user_8)
14710 cmp %_ASM_BX,%_ASM_CX
14713 +#ifdef CONFIG_X86_32
14714 + pushl $(__USER_DS)
14718 4: mov %_ASM_AX,(%_ASM_CX)
14719 #ifdef CONFIG_X86_32
14720 5: movl %edx,4(%_ASM_CX)
14723 +#ifdef CONFIG_X86_32
14730 ENDPROC(__put_user_8)
14735 +#ifdef CONFIG_X86_32
14743 diff -urNp linux-2.6.32.1/arch/x86/lib/usercopy_32.c linux-2.6.32.1/arch/x86/lib/usercopy_32.c
14744 --- linux-2.6.32.1/arch/x86/lib/usercopy_32.c 2009-12-02 22:51:21.000000000 -0500
14745 +++ linux-2.6.32.1/arch/x86/lib/usercopy_32.c 2009-12-14 18:33:51.839717995 -0500
14746 @@ -36,31 +36,38 @@ static inline int __movsl_is_ok(unsigned
14747 * Copy a null terminated string from userspace.
14750 -#define __do_strncpy_from_user(dst, src, count, res) \
14752 - int __d0, __d1, __d2; \
14754 - __asm__ __volatile__( \
14755 - " testl %1,%1\n" \
14759 - " testb %%al,%%al\n" \
14763 - "1: subl %1,%0\n" \
14765 - ".section .fixup,\"ax\"\n" \
14766 - "3: movl %5,%0\n" \
14769 - _ASM_EXTABLE(0b,3b) \
14770 - : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \
14772 - : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
14775 +static long __do_strncpy_from_user(char *dst, const char __user *src, long count)
14777 + int __d0, __d1, __d2;
14778 + long res = -EFAULT;
14781 + __asm__ __volatile__(
14782 + " movw %w10,%%ds\n"
14787 + " testb %%al,%%al\n"
14791 + "1: subl %1,%0\n"
14795 + ".section .fixup,\"ax\"\n"
14796 + "3: movl %5,%0\n"
14799 + _ASM_EXTABLE(0b,3b)
14800 + : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),
14802 + : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst),
14809 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
14810 @@ -85,9 +92,7 @@ do { \
14812 __strncpy_from_user(char *dst, const char __user *src, long count)
14815 - __do_strncpy_from_user(dst, src, count, res);
14817 + return __do_strncpy_from_user(dst, src, count);
14819 EXPORT_SYMBOL(__strncpy_from_user);
14821 @@ -114,7 +119,7 @@ strncpy_from_user(char *dst, const char
14823 long res = -EFAULT;
14824 if (access_ok(VERIFY_READ, src, 1))
14825 - __do_strncpy_from_user(dst, src, count, res);
14826 + res = __do_strncpy_from_user(dst, src, count);
14829 EXPORT_SYMBOL(strncpy_from_user);
14830 @@ -123,24 +128,30 @@ EXPORT_SYMBOL(strncpy_from_user);
14834 -#define __do_clear_user(addr,size) \
14838 - __asm__ __volatile__( \
14839 - "0: rep; stosl\n" \
14840 - " movl %2,%0\n" \
14841 - "1: rep; stosb\n" \
14843 - ".section .fixup,\"ax\"\n" \
14844 - "3: lea 0(%2,%0,4),%0\n" \
14847 - _ASM_EXTABLE(0b,3b) \
14848 - _ASM_EXTABLE(1b,2b) \
14849 - : "=&c"(size), "=&D" (__d0) \
14850 - : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \
14852 +static unsigned long __do_clear_user(void __user *addr, unsigned long size)
14857 + __asm__ __volatile__(
14858 + " movw %w6,%%es\n"
14859 + "0: rep; stosl\n"
14861 + "1: rep; stosb\n"
14865 + ".section .fixup,\"ax\"\n"
14866 + "3: lea 0(%2,%0,4),%0\n"
14869 + _ASM_EXTABLE(0b,3b)
14870 + _ASM_EXTABLE(1b,2b)
14871 + : "=&c"(size), "=&D" (__d0)
14872 + : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0),
14878 * clear_user: - Zero a block of memory in user space.
14879 @@ -157,7 +168,7 @@ clear_user(void __user *to, unsigned lon
14882 if (access_ok(VERIFY_WRITE, to, n))
14883 - __do_clear_user(to, n);
14884 + n = __do_clear_user(to, n);
14887 EXPORT_SYMBOL(clear_user);
14888 @@ -176,8 +187,7 @@ EXPORT_SYMBOL(clear_user);
14890 __clear_user(void __user *to, unsigned long n)
14892 - __do_clear_user(to, n);
14894 + return __do_clear_user(to, n);
14896 EXPORT_SYMBOL(__clear_user);
14898 @@ -200,14 +210,17 @@ long strnlen_user(const char __user *s,
14901 __asm__ __volatile__(
14902 + " movw %w8,%%es\n"
14905 - " andl %0,%%ecx\n"
14906 + " movl %0,%%ecx\n"
14907 "0: repne; scasb\n"
14914 ".section .fixup,\"ax\"\n"
14915 "2: xorl %%eax,%%eax\n"
14917 @@ -219,7 +232,7 @@ long strnlen_user(const char __user *s,
14920 :"=&r" (n), "=&D" (s), "=&a" (res), "=&c" (tmp)
14921 - :"0" (n), "1" (s), "2" (0), "3" (mask)
14922 + :"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS)
14926 @@ -227,10 +240,11 @@ EXPORT_SYMBOL(strnlen_user);
14928 #ifdef CONFIG_X86_INTEL_USERCOPY
14929 static unsigned long
14930 -__copy_user_intel(void __user *to, const void *from, unsigned long size)
14931 +__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size)
14934 __asm__ __volatile__(
14935 + " movw %w6, %%es\n"
14937 "1: movl 32(%4), %%eax\n"
14939 @@ -239,36 +253,36 @@ __copy_user_intel(void __user *to, const
14941 "3: movl 0(%4), %%eax\n"
14942 "4: movl 4(%4), %%edx\n"
14943 - "5: movl %%eax, 0(%3)\n"
14944 - "6: movl %%edx, 4(%3)\n"
14945 + "5: movl %%eax, %%es:0(%3)\n"
14946 + "6: movl %%edx, %%es:4(%3)\n"
14947 "7: movl 8(%4), %%eax\n"
14948 "8: movl 12(%4),%%edx\n"
14949 - "9: movl %%eax, 8(%3)\n"
14950 - "10: movl %%edx, 12(%3)\n"
14951 + "9: movl %%eax, %%es:8(%3)\n"
14952 + "10: movl %%edx, %%es:12(%3)\n"
14953 "11: movl 16(%4), %%eax\n"
14954 "12: movl 20(%4), %%edx\n"
14955 - "13: movl %%eax, 16(%3)\n"
14956 - "14: movl %%edx, 20(%3)\n"
14957 + "13: movl %%eax, %%es:16(%3)\n"
14958 + "14: movl %%edx, %%es:20(%3)\n"
14959 "15: movl 24(%4), %%eax\n"
14960 "16: movl 28(%4), %%edx\n"
14961 - "17: movl %%eax, 24(%3)\n"
14962 - "18: movl %%edx, 28(%3)\n"
14963 + "17: movl %%eax, %%es:24(%3)\n"
14964 + "18: movl %%edx, %%es:28(%3)\n"
14965 "19: movl 32(%4), %%eax\n"
14966 "20: movl 36(%4), %%edx\n"
14967 - "21: movl %%eax, 32(%3)\n"
14968 - "22: movl %%edx, 36(%3)\n"
14969 + "21: movl %%eax, %%es:32(%3)\n"
14970 + "22: movl %%edx, %%es:36(%3)\n"
14971 "23: movl 40(%4), %%eax\n"
14972 "24: movl 44(%4), %%edx\n"
14973 - "25: movl %%eax, 40(%3)\n"
14974 - "26: movl %%edx, 44(%3)\n"
14975 + "25: movl %%eax, %%es:40(%3)\n"
14976 + "26: movl %%edx, %%es:44(%3)\n"
14977 "27: movl 48(%4), %%eax\n"
14978 "28: movl 52(%4), %%edx\n"
14979 - "29: movl %%eax, 48(%3)\n"
14980 - "30: movl %%edx, 52(%3)\n"
14981 + "29: movl %%eax, %%es:48(%3)\n"
14982 + "30: movl %%edx, %%es:52(%3)\n"
14983 "31: movl 56(%4), %%eax\n"
14984 "32: movl 60(%4), %%edx\n"
14985 - "33: movl %%eax, 56(%3)\n"
14986 - "34: movl %%edx, 60(%3)\n"
14987 + "33: movl %%eax, %%es:56(%3)\n"
14988 + "34: movl %%edx, %%es:60(%3)\n"
14992 @@ -282,6 +296,8 @@ __copy_user_intel(void __user *to, const
14993 "36: movl %%eax, %0\n"
14998 ".section .fixup,\"ax\"\n"
14999 "101: lea 0(%%eax,%0,4),%0\n"
15001 @@ -328,7 +344,117 @@ __copy_user_intel(void __user *to, const
15002 " .long 99b,101b\n"
15004 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15005 - : "1"(to), "2"(from), "0"(size)
15006 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15007 + : "eax", "edx", "memory");
15011 +static unsigned long
15012 +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
15015 + __asm__ __volatile__(
15016 + " movw %w6, %%ds\n"
15017 + " .align 2,0x90\n"
15018 + "1: movl 32(%4), %%eax\n"
15019 + " cmpl $67, %0\n"
15021 + "2: movl 64(%4), %%eax\n"
15022 + " .align 2,0x90\n"
15023 + "3: movl 0(%4), %%eax\n"
15024 + "4: movl 4(%4), %%edx\n"
15025 + "5: movl %%eax, %%es:0(%3)\n"
15026 + "6: movl %%edx, %%es:4(%3)\n"
15027 + "7: movl 8(%4), %%eax\n"
15028 + "8: movl 12(%4),%%edx\n"
15029 + "9: movl %%eax, %%es:8(%3)\n"
15030 + "10: movl %%edx, %%es:12(%3)\n"
15031 + "11: movl 16(%4), %%eax\n"
15032 + "12: movl 20(%4), %%edx\n"
15033 + "13: movl %%eax, %%es:16(%3)\n"
15034 + "14: movl %%edx, %%es:20(%3)\n"
15035 + "15: movl 24(%4), %%eax\n"
15036 + "16: movl 28(%4), %%edx\n"
15037 + "17: movl %%eax, %%es:24(%3)\n"
15038 + "18: movl %%edx, %%es:28(%3)\n"
15039 + "19: movl 32(%4), %%eax\n"
15040 + "20: movl 36(%4), %%edx\n"
15041 + "21: movl %%eax, %%es:32(%3)\n"
15042 + "22: movl %%edx, %%es:36(%3)\n"
15043 + "23: movl 40(%4), %%eax\n"
15044 + "24: movl 44(%4), %%edx\n"
15045 + "25: movl %%eax, %%es:40(%3)\n"
15046 + "26: movl %%edx, %%es:44(%3)\n"
15047 + "27: movl 48(%4), %%eax\n"
15048 + "28: movl 52(%4), %%edx\n"
15049 + "29: movl %%eax, %%es:48(%3)\n"
15050 + "30: movl %%edx, %%es:52(%3)\n"
15051 + "31: movl 56(%4), %%eax\n"
15052 + "32: movl 60(%4), %%edx\n"
15053 + "33: movl %%eax, %%es:56(%3)\n"
15054 + "34: movl %%edx, %%es:60(%3)\n"
15055 + " addl $-64, %0\n"
15056 + " addl $64, %4\n"
15057 + " addl $64, %3\n"
15058 + " cmpl $63, %0\n"
15060 + "35: movl %0, %%eax\n"
15062 + " andl $3, %%eax\n"
15064 + "99: rep; movsl\n"
15065 + "36: movl %%eax, %0\n"
15066 + "37: rep; movsb\n"
15070 + ".section .fixup,\"ax\"\n"
15071 + "101: lea 0(%%eax,%0,4),%0\n"
15074 + ".section __ex_table,\"a\"\n"
15076 + " .long 1b,100b\n"
15077 + " .long 2b,100b\n"
15078 + " .long 3b,100b\n"
15079 + " .long 4b,100b\n"
15080 + " .long 5b,100b\n"
15081 + " .long 6b,100b\n"
15082 + " .long 7b,100b\n"
15083 + " .long 8b,100b\n"
15084 + " .long 9b,100b\n"
15085 + " .long 10b,100b\n"
15086 + " .long 11b,100b\n"
15087 + " .long 12b,100b\n"
15088 + " .long 13b,100b\n"
15089 + " .long 14b,100b\n"
15090 + " .long 15b,100b\n"
15091 + " .long 16b,100b\n"
15092 + " .long 17b,100b\n"
15093 + " .long 18b,100b\n"
15094 + " .long 19b,100b\n"
15095 + " .long 20b,100b\n"
15096 + " .long 21b,100b\n"
15097 + " .long 22b,100b\n"
15098 + " .long 23b,100b\n"
15099 + " .long 24b,100b\n"
15100 + " .long 25b,100b\n"
15101 + " .long 26b,100b\n"
15102 + " .long 27b,100b\n"
15103 + " .long 28b,100b\n"
15104 + " .long 29b,100b\n"
15105 + " .long 30b,100b\n"
15106 + " .long 31b,100b\n"
15107 + " .long 32b,100b\n"
15108 + " .long 33b,100b\n"
15109 + " .long 34b,100b\n"
15110 + " .long 35b,100b\n"
15111 + " .long 36b,100b\n"
15112 + " .long 37b,100b\n"
15113 + " .long 99b,101b\n"
15115 + : "=&c"(size), "=&D" (d0), "=&S" (d1)
15116 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15117 : "eax", "edx", "memory");
15120 @@ -338,6 +464,7 @@ __copy_user_zeroing_intel(void *to, cons
15123 __asm__ __volatile__(
15124 + " movw %w6, %%ds\n"
15126 "0: movl 32(%4), %%eax\n"
15128 @@ -346,36 +473,36 @@ __copy_user_zeroing_intel(void *to, cons
15130 "2: movl 0(%4), %%eax\n"
15131 "21: movl 4(%4), %%edx\n"
15132 - " movl %%eax, 0(%3)\n"
15133 - " movl %%edx, 4(%3)\n"
15134 + " movl %%eax, %%es:0(%3)\n"
15135 + " movl %%edx, %%es:4(%3)\n"
15136 "3: movl 8(%4), %%eax\n"
15137 "31: movl 12(%4),%%edx\n"
15138 - " movl %%eax, 8(%3)\n"
15139 - " movl %%edx, 12(%3)\n"
15140 + " movl %%eax, %%es:8(%3)\n"
15141 + " movl %%edx, %%es:12(%3)\n"
15142 "4: movl 16(%4), %%eax\n"
15143 "41: movl 20(%4), %%edx\n"
15144 - " movl %%eax, 16(%3)\n"
15145 - " movl %%edx, 20(%3)\n"
15146 + " movl %%eax, %%es:16(%3)\n"
15147 + " movl %%edx, %%es:20(%3)\n"
15148 "10: movl 24(%4), %%eax\n"
15149 "51: movl 28(%4), %%edx\n"
15150 - " movl %%eax, 24(%3)\n"
15151 - " movl %%edx, 28(%3)\n"
15152 + " movl %%eax, %%es:24(%3)\n"
15153 + " movl %%edx, %%es:28(%3)\n"
15154 "11: movl 32(%4), %%eax\n"
15155 "61: movl 36(%4), %%edx\n"
15156 - " movl %%eax, 32(%3)\n"
15157 - " movl %%edx, 36(%3)\n"
15158 + " movl %%eax, %%es:32(%3)\n"
15159 + " movl %%edx, %%es:36(%3)\n"
15160 "12: movl 40(%4), %%eax\n"
15161 "71: movl 44(%4), %%edx\n"
15162 - " movl %%eax, 40(%3)\n"
15163 - " movl %%edx, 44(%3)\n"
15164 + " movl %%eax, %%es:40(%3)\n"
15165 + " movl %%edx, %%es:44(%3)\n"
15166 "13: movl 48(%4), %%eax\n"
15167 "81: movl 52(%4), %%edx\n"
15168 - " movl %%eax, 48(%3)\n"
15169 - " movl %%edx, 52(%3)\n"
15170 + " movl %%eax, %%es:48(%3)\n"
15171 + " movl %%edx, %%es:52(%3)\n"
15172 "14: movl 56(%4), %%eax\n"
15173 "91: movl 60(%4), %%edx\n"
15174 - " movl %%eax, 56(%3)\n"
15175 - " movl %%edx, 60(%3)\n"
15176 + " movl %%eax, %%es:56(%3)\n"
15177 + " movl %%edx, %%es:60(%3)\n"
15181 @@ -389,6 +516,8 @@ __copy_user_zeroing_intel(void *to, cons
15187 ".section .fixup,\"ax\"\n"
15188 "9: lea 0(%%eax,%0,4),%0\n"
15190 @@ -423,7 +552,7 @@ __copy_user_zeroing_intel(void *to, cons
15193 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15194 - : "1"(to), "2"(from), "0"(size)
15195 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15196 : "eax", "edx", "memory");
15199 @@ -439,6 +568,7 @@ static unsigned long __copy_user_zeroing
15202 __asm__ __volatile__(
15203 + " movw %w6, %%ds\n"
15205 "0: movl 32(%4), %%eax\n"
15207 @@ -447,36 +577,36 @@ static unsigned long __copy_user_zeroing
15209 "2: movl 0(%4), %%eax\n"
15210 "21: movl 4(%4), %%edx\n"
15211 - " movnti %%eax, 0(%3)\n"
15212 - " movnti %%edx, 4(%3)\n"
15213 + " movnti %%eax, %%es:0(%3)\n"
15214 + " movnti %%edx, %%es:4(%3)\n"
15215 "3: movl 8(%4), %%eax\n"
15216 "31: movl 12(%4),%%edx\n"
15217 - " movnti %%eax, 8(%3)\n"
15218 - " movnti %%edx, 12(%3)\n"
15219 + " movnti %%eax, %%es:8(%3)\n"
15220 + " movnti %%edx, %%es:12(%3)\n"
15221 "4: movl 16(%4), %%eax\n"
15222 "41: movl 20(%4), %%edx\n"
15223 - " movnti %%eax, 16(%3)\n"
15224 - " movnti %%edx, 20(%3)\n"
15225 + " movnti %%eax, %%es:16(%3)\n"
15226 + " movnti %%edx, %%es:20(%3)\n"
15227 "10: movl 24(%4), %%eax\n"
15228 "51: movl 28(%4), %%edx\n"
15229 - " movnti %%eax, 24(%3)\n"
15230 - " movnti %%edx, 28(%3)\n"
15231 + " movnti %%eax, %%es:24(%3)\n"
15232 + " movnti %%edx, %%es:28(%3)\n"
15233 "11: movl 32(%4), %%eax\n"
15234 "61: movl 36(%4), %%edx\n"
15235 - " movnti %%eax, 32(%3)\n"
15236 - " movnti %%edx, 36(%3)\n"
15237 + " movnti %%eax, %%es:32(%3)\n"
15238 + " movnti %%edx, %%es:36(%3)\n"
15239 "12: movl 40(%4), %%eax\n"
15240 "71: movl 44(%4), %%edx\n"
15241 - " movnti %%eax, 40(%3)\n"
15242 - " movnti %%edx, 44(%3)\n"
15243 + " movnti %%eax, %%es:40(%3)\n"
15244 + " movnti %%edx, %%es:44(%3)\n"
15245 "13: movl 48(%4), %%eax\n"
15246 "81: movl 52(%4), %%edx\n"
15247 - " movnti %%eax, 48(%3)\n"
15248 - " movnti %%edx, 52(%3)\n"
15249 + " movnti %%eax, %%es:48(%3)\n"
15250 + " movnti %%edx, %%es:52(%3)\n"
15251 "14: movl 56(%4), %%eax\n"
15252 "91: movl 60(%4), %%edx\n"
15253 - " movnti %%eax, 56(%3)\n"
15254 - " movnti %%edx, 60(%3)\n"
15255 + " movnti %%eax, %%es:56(%3)\n"
15256 + " movnti %%edx, %%es:60(%3)\n"
15260 @@ -491,6 +621,8 @@ static unsigned long __copy_user_zeroing
15266 ".section .fixup,\"ax\"\n"
15267 "9: lea 0(%%eax,%0,4),%0\n"
15269 @@ -525,7 +657,7 @@ static unsigned long __copy_user_zeroing
15272 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15273 - : "1"(to), "2"(from), "0"(size)
15274 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15275 : "eax", "edx", "memory");
15278 @@ -536,6 +668,7 @@ static unsigned long __copy_user_intel_n
15281 __asm__ __volatile__(
15282 + " movw %w6, %%ds\n"
15284 "0: movl 32(%4), %%eax\n"
15286 @@ -544,36 +677,36 @@ static unsigned long __copy_user_intel_n
15288 "2: movl 0(%4), %%eax\n"
15289 "21: movl 4(%4), %%edx\n"
15290 - " movnti %%eax, 0(%3)\n"
15291 - " movnti %%edx, 4(%3)\n"
15292 + " movnti %%eax, %%es:0(%3)\n"
15293 + " movnti %%edx, %%es:4(%3)\n"
15294 "3: movl 8(%4), %%eax\n"
15295 "31: movl 12(%4),%%edx\n"
15296 - " movnti %%eax, 8(%3)\n"
15297 - " movnti %%edx, 12(%3)\n"
15298 + " movnti %%eax, %%es:8(%3)\n"
15299 + " movnti %%edx, %%es:12(%3)\n"
15300 "4: movl 16(%4), %%eax\n"
15301 "41: movl 20(%4), %%edx\n"
15302 - " movnti %%eax, 16(%3)\n"
15303 - " movnti %%edx, 20(%3)\n"
15304 + " movnti %%eax, %%es:16(%3)\n"
15305 + " movnti %%edx, %%es:20(%3)\n"
15306 "10: movl 24(%4), %%eax\n"
15307 "51: movl 28(%4), %%edx\n"
15308 - " movnti %%eax, 24(%3)\n"
15309 - " movnti %%edx, 28(%3)\n"
15310 + " movnti %%eax, %%es:24(%3)\n"
15311 + " movnti %%edx, %%es:28(%3)\n"
15312 "11: movl 32(%4), %%eax\n"
15313 "61: movl 36(%4), %%edx\n"
15314 - " movnti %%eax, 32(%3)\n"
15315 - " movnti %%edx, 36(%3)\n"
15316 + " movnti %%eax, %%es:32(%3)\n"
15317 + " movnti %%edx, %%es:36(%3)\n"
15318 "12: movl 40(%4), %%eax\n"
15319 "71: movl 44(%4), %%edx\n"
15320 - " movnti %%eax, 40(%3)\n"
15321 - " movnti %%edx, 44(%3)\n"
15322 + " movnti %%eax, %%es:40(%3)\n"
15323 + " movnti %%edx, %%es:44(%3)\n"
15324 "13: movl 48(%4), %%eax\n"
15325 "81: movl 52(%4), %%edx\n"
15326 - " movnti %%eax, 48(%3)\n"
15327 - " movnti %%edx, 52(%3)\n"
15328 + " movnti %%eax, %%es:48(%3)\n"
15329 + " movnti %%edx, %%es:52(%3)\n"
15330 "14: movl 56(%4), %%eax\n"
15331 "91: movl 60(%4), %%edx\n"
15332 - " movnti %%eax, 56(%3)\n"
15333 - " movnti %%edx, 60(%3)\n"
15334 + " movnti %%eax, %%es:56(%3)\n"
15335 + " movnti %%edx, %%es:60(%3)\n"
15339 @@ -588,6 +721,8 @@ static unsigned long __copy_user_intel_n
15345 ".section .fixup,\"ax\"\n"
15346 "9: lea 0(%%eax,%0,4),%0\n"
15348 @@ -616,7 +751,7 @@ static unsigned long __copy_user_intel_n
15351 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15352 - : "1"(to), "2"(from), "0"(size)
15353 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15354 : "eax", "edx", "memory");
15357 @@ -629,90 +764,146 @@ static unsigned long __copy_user_intel_n
15359 unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
15360 unsigned long size);
15361 -unsigned long __copy_user_intel(void __user *to, const void *from,
15362 +unsigned long __generic_copy_to_user_intel(void __user *to, const void *from,
15363 + unsigned long size);
15364 +unsigned long __generic_copy_from_user_intel(void *to, const void __user *from,
15365 unsigned long size);
15366 unsigned long __copy_user_zeroing_intel_nocache(void *to,
15367 const void __user *from, unsigned long size);
15368 #endif /* CONFIG_X86_INTEL_USERCOPY */
15370 /* Generic arbitrary sized copy. */
15371 -#define __copy_user(to, from, size) \
15373 - int __d0, __d1, __d2; \
15374 - __asm__ __volatile__( \
15377 - " movl %1,%0\n" \
15379 - " andl $7,%0\n" \
15380 - " subl %0,%3\n" \
15381 - "4: rep; movsb\n" \
15382 - " movl %3,%0\n" \
15383 - " shrl $2,%0\n" \
15384 - " andl $3,%3\n" \
15385 - " .align 2,0x90\n" \
15386 - "0: rep; movsl\n" \
15387 - " movl %3,%0\n" \
15388 - "1: rep; movsb\n" \
15390 - ".section .fixup,\"ax\"\n" \
15391 - "5: addl %3,%0\n" \
15393 - "3: lea 0(%3,%0,4),%0\n" \
15396 - ".section __ex_table,\"a\"\n" \
15398 - " .long 4b,5b\n" \
15399 - " .long 0b,3b\n" \
15400 - " .long 1b,2b\n" \
15402 - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
15403 - : "3"(size), "0"(size), "1"(to), "2"(from) \
15407 -#define __copy_user_zeroing(to, from, size) \
15409 - int __d0, __d1, __d2; \
15410 - __asm__ __volatile__( \
15413 - " movl %1,%0\n" \
15415 - " andl $7,%0\n" \
15416 - " subl %0,%3\n" \
15417 - "4: rep; movsb\n" \
15418 - " movl %3,%0\n" \
15419 - " shrl $2,%0\n" \
15420 - " andl $3,%3\n" \
15421 - " .align 2,0x90\n" \
15422 - "0: rep; movsl\n" \
15423 - " movl %3,%0\n" \
15424 - "1: rep; movsb\n" \
15426 - ".section .fixup,\"ax\"\n" \
15427 - "5: addl %3,%0\n" \
15429 - "3: lea 0(%3,%0,4),%0\n" \
15430 - "6: pushl %0\n" \
15431 - " pushl %%eax\n" \
15432 - " xorl %%eax,%%eax\n" \
15433 - " rep; stosb\n" \
15434 - " popl %%eax\n" \
15438 - ".section __ex_table,\"a\"\n" \
15440 - " .long 4b,5b\n" \
15441 - " .long 0b,3b\n" \
15442 - " .long 1b,6b\n" \
15444 - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
15445 - : "3"(size), "0"(size), "1"(to), "2"(from) \
15448 +static unsigned long
15449 +__generic_copy_to_user(void __user *to, const void *from, unsigned long size)
15451 + int __d0, __d1, __d2;
15453 + __asm__ __volatile__(
15454 + " movw %w8,%%es\n"
15461 + "4: rep; movsb\n"
15465 + " .align 2,0x90\n"
15466 + "0: rep; movsl\n"
15468 + "1: rep; movsb\n"
15472 + ".section .fixup,\"ax\"\n"
15473 + "5: addl %3,%0\n"
15475 + "3: lea 0(%3,%0,4),%0\n"
15478 + ".section __ex_table,\"a\"\n"
15484 + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15485 + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15490 +static unsigned long
15491 +__generic_copy_from_user(void *to, const void __user *from, unsigned long size)
15493 + int __d0, __d1, __d2;
15495 + __asm__ __volatile__(
15496 + " movw %w8,%%ds\n"
15503 + "4: rep; movsb\n"
15507 + " .align 2,0x90\n"
15508 + "0: rep; movsl\n"
15510 + "1: rep; movsb\n"
15514 + ".section .fixup,\"ax\"\n"
15515 + "5: addl %3,%0\n"
15517 + "3: lea 0(%3,%0,4),%0\n"
15520 + ".section __ex_table,\"a\"\n"
15526 + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15527 + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15532 +static unsigned long
15533 +__copy_user_zeroing(void *to, const void __user *from, unsigned long size)
15535 + int __d0, __d1, __d2;
15537 + __asm__ __volatile__(
15538 + " movw %w8,%%ds\n"
15545 + "4: rep; movsb\n"
15549 + " .align 2,0x90\n"
15550 + "0: rep; movsl\n"
15552 + "1: rep; movsb\n"
15556 + ".section .fixup,\"ax\"\n"
15557 + "5: addl %3,%0\n"
15559 + "3: lea 0(%3,%0,4),%0\n"
15562 + " xorl %%eax,%%eax\n"
15568 + ".section __ex_table,\"a\"\n"
15574 + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15575 + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15580 unsigned long __copy_to_user_ll(void __user *to, const void *from,
15582 @@ -775,9 +966,9 @@ survive:
15585 if (movsl_is_ok(to, from, n))
15586 - __copy_user(to, from, n);
15587 + n = __generic_copy_to_user(to, from, n);
15589 - n = __copy_user_intel(to, from, n);
15590 + n = __generic_copy_to_user_intel(to, from, n);
15593 EXPORT_SYMBOL(__copy_to_user_ll);
15594 @@ -786,7 +977,7 @@ unsigned long __copy_from_user_ll(void *
15597 if (movsl_is_ok(to, from, n))
15598 - __copy_user_zeroing(to, from, n);
15599 + n = __copy_user_zeroing(to, from, n);
15601 n = __copy_user_zeroing_intel(to, from, n);
15603 @@ -797,10 +988,9 @@ unsigned long __copy_from_user_ll_nozero
15606 if (movsl_is_ok(to, from, n))
15607 - __copy_user(to, from, n);
15608 + n = __generic_copy_from_user(to, from, n);
15610 - n = __copy_user_intel((void __user *)to,
15611 - (const void *)from, n);
15612 + n = __generic_copy_from_user_intel(to, from, n);
15615 EXPORT_SYMBOL(__copy_from_user_ll_nozero);
15616 @@ -812,9 +1002,9 @@ unsigned long __copy_from_user_ll_nocach
15617 if (n > 64 && cpu_has_xmm2)
15618 n = __copy_user_zeroing_intel_nocache(to, from, n);
15620 - __copy_user_zeroing(to, from, n);
15621 + n = __copy_user_zeroing(to, from, n);
15623 - __copy_user_zeroing(to, from, n);
15624 + n = __copy_user_zeroing(to, from, n);
15628 @@ -827,59 +1017,40 @@ unsigned long __copy_from_user_ll_nocach
15629 if (n > 64 && cpu_has_xmm2)
15630 n = __copy_user_intel_nocache(to, from, n);
15632 - __copy_user(to, from, n);
15633 + n = __generic_copy_from_user(to, from, n);
15635 - __copy_user(to, from, n);
15636 + n = __generic_copy_from_user(to, from, n);
15640 EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
15643 - * copy_to_user: - Copy a block of data into user space.
15644 - * @to: Destination address, in user space.
15645 - * @from: Source address, in kernel space.
15646 - * @n: Number of bytes to copy.
15648 - * Context: User context only. This function may sleep.
15650 - * Copy data from kernel space to user space.
15652 - * Returns number of bytes that could not be copied.
15653 - * On success, this will be zero.
15656 -copy_to_user(void __user *to, const void *from, unsigned long n)
15657 +#ifdef CONFIG_PAX_MEMORY_UDEREF
15658 +void __set_fs(mm_segment_t x, int cpu)
15660 - if (access_ok(VERIFY_WRITE, to, n))
15661 - n = __copy_to_user(to, from, n);
15663 + unsigned long limit = x.seg;
15664 + struct desc_struct d;
15666 + current_thread_info()->addr_limit = x;
15667 + if (unlikely(paravirt_enabled()))
15670 + if (likely(limit))
15671 + limit = (limit - 1UL) >> PAGE_SHIFT;
15672 + pack_descriptor(&d, 0UL, limit, 0xF3, 0xC);
15673 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_DS, &d, DESCTYPE_S);
15675 -EXPORT_SYMBOL(copy_to_user);
15678 - * copy_from_user: - Copy a block of data from user space.
15679 - * @to: Destination address, in kernel space.
15680 - * @from: Source address, in user space.
15681 - * @n: Number of bytes to copy.
15683 - * Context: User context only. This function may sleep.
15685 - * Copy data from user space to kernel space.
15687 - * Returns number of bytes that could not be copied.
15688 - * On success, this will be zero.
15690 - * If some data could not be copied, this function will pad the copied
15691 - * data to the requested size using zero bytes.
15694 -copy_from_user(void *to, const void __user *from, unsigned long n)
15695 +void set_fs(mm_segment_t x)
15697 - if (access_ok(VERIFY_READ, from, n))
15698 - n = __copy_from_user(to, from, n);
15700 - memset(to, 0, n);
15702 + __set_fs(x, get_cpu());
15705 -EXPORT_SYMBOL(copy_from_user);
15707 +void set_fs(mm_segment_t x)
15709 + current_thread_info()->addr_limit = x;
15713 +EXPORT_SYMBOL(set_fs);
15714 diff -urNp linux-2.6.32.1/arch/x86/Makefile linux-2.6.32.1/arch/x86/Makefile
15715 --- linux-2.6.32.1/arch/x86/Makefile 2009-12-02 22:51:21.000000000 -0500
15716 +++ linux-2.6.32.1/arch/x86/Makefile 2009-12-14 18:33:51.839717995 -0500
15717 @@ -189,3 +189,12 @@ define archhelp
15718 echo ' FDARGS="..." arguments for the booted kernel'
15719 echo ' FDINITRD=file initrd for the booted kernel'
15724 +*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
15725 +*** Please upgrade your binutils to 2.18 or newer
15729 + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
15730 diff -urNp linux-2.6.32.1/arch/x86/mm/extable.c linux-2.6.32.1/arch/x86/mm/extable.c
15731 --- linux-2.6.32.1/arch/x86/mm/extable.c 2009-12-02 22:51:21.000000000 -0500
15732 +++ linux-2.6.32.1/arch/x86/mm/extable.c 2009-12-14 18:33:51.840719324 -0500
15734 #include <linux/module.h>
15735 #include <linux/spinlock.h>
15736 +#include <linux/sort.h>
15737 #include <asm/uaccess.h>
15738 +#include <asm/pgtable.h>
15741 + * The exception table needs to be sorted so that the binary
15742 + * search that we use to find entries in it works properly.
15743 + * This is used both for the kernel exception table and for
15744 + * the exception tables of modules that get loaded.
15746 +static int cmp_ex(const void *a, const void *b)
15748 + const struct exception_table_entry *x = a, *y = b;
15750 + /* avoid overflow */
15751 + if (x->insn > y->insn)
15753 + if (x->insn < y->insn)
15758 +static void swap_ex(void *a, void *b, int size)
15760 + struct exception_table_entry t, *x = a, *y = b;
15764 + pax_open_kernel();
15767 + pax_close_kernel();
15770 +void sort_extable(struct exception_table_entry *start,
15771 + struct exception_table_entry *finish)
15773 + sort(start, finish - start, sizeof(struct exception_table_entry),
15774 + cmp_ex, swap_ex);
15777 +#ifdef CONFIG_MODULES
15779 + * If the exception table is sorted, any referring to the module init
15780 + * will be at the beginning or the end.
15782 +void trim_init_extable(struct module *m)
15784 + /*trim the beginning*/
15785 + while (m->num_exentries && within_module_init(m->extable[0].insn, m)) {
15787 + m->num_exentries--;
15790 + while (m->num_exentries &&
15791 + within_module_init(m->extable[m->num_exentries-1].insn, m))
15792 + m->num_exentries--;
15794 +#endif /* CONFIG_MODULES */
15796 int fixup_exception(struct pt_regs *regs)
15798 const struct exception_table_entry *fixup;
15800 #ifdef CONFIG_PNPBIOS
15801 - if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
15802 + if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) {
15803 extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
15804 extern u32 pnp_bios_is_utter_crap;
15805 pnp_bios_is_utter_crap = 1;
15806 diff -urNp linux-2.6.32.1/arch/x86/mm/fault.c linux-2.6.32.1/arch/x86/mm/fault.c
15807 --- linux-2.6.32.1/arch/x86/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
15808 +++ linux-2.6.32.1/arch/x86/mm/fault.c 2009-12-14 18:33:51.851713993 -0500
15809 @@ -11,10 +11,14 @@
15810 #include <linux/kprobes.h> /* __kprobes, ... */
15811 #include <linux/mmiotrace.h> /* kmmio_handler, ... */
15812 #include <linux/perf_event.h> /* perf_sw_event */
15813 +#include <linux/unistd.h>
15814 +#include <linux/compiler.h>
15816 #include <asm/traps.h> /* dotraplinkage, ... */
15817 #include <asm/pgalloc.h> /* pgd_*(), ... */
15818 #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */
15819 +#include <asm/vsyscall.h>
15820 +#include <asm/tlbflush.h>
15823 * Page fault error code bits:
15824 @@ -51,7 +55,7 @@ static inline int notify_page_fault(stru
15827 /* kprobe_running() needs smp_processor_id() */
15828 - if (kprobes_built_in() && !user_mode_vm(regs)) {
15829 + if (kprobes_built_in() && !user_mode(regs)) {
15831 if (kprobe_running() && kprobe_fault_handler(regs, 14))
15833 @@ -172,6 +176,30 @@ force_sig_info_fault(int si_signo, int s
15834 force_sig_info(si_signo, &info, tsk);
15837 +#ifdef CONFIG_PAX_EMUTRAMP
15838 +static int pax_handle_fetch_fault(struct pt_regs *regs);
15841 +#ifdef CONFIG_PAX_PAGEEXEC
15842 +static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address)
15848 + pgd = pgd_offset(mm, address);
15849 + if (!pgd_present(*pgd))
15851 + pud = pud_offset(pgd, address);
15852 + if (!pud_present(*pud))
15854 + pmd = pmd_offset(pud, address);
15855 + if (!pmd_present(*pmd))
15861 DEFINE_SPINLOCK(pgd_lock);
15862 LIST_HEAD(pgd_list);
15864 @@ -535,7 +563,7 @@ static int is_errata93(struct pt_regs *r
15865 static int is_errata100(struct pt_regs *regs, unsigned long address)
15867 #ifdef CONFIG_X86_64
15868 - if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32))
15869 + if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) && (address >> 32))
15873 @@ -562,7 +590,7 @@ static int is_f00f_bug(struct pt_regs *r
15876 static const char nx_warning[] = KERN_CRIT
15877 -"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n";
15878 +"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n";
15881 show_fault_oops(struct pt_regs *regs, unsigned long error_code,
15882 @@ -571,15 +599,26 @@ show_fault_oops(struct pt_regs *regs, un
15883 if (!oops_may_print())
15886 - if (error_code & PF_INSTR) {
15887 + if (nx_enabled && (error_code & PF_INSTR)) {
15888 unsigned int level;
15890 pte_t *pte = lookup_address(address, &level);
15892 if (pte && pte_present(*pte) && !pte_exec(*pte))
15893 - printk(nx_warning, current_uid());
15894 + printk(nx_warning, current_uid(), current->comm, task_pid_nr(current));
15897 +#ifdef CONFIG_PAX_KERNEXEC
15898 + if (init_mm.start_code <= address && address < init_mm.end_code) {
15899 + if (current->signal->curr_ip)
15900 + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
15901 + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
15903 + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
15904 + current->comm, task_pid_nr(current), current_uid(), current_euid());
15908 printk(KERN_ALERT "BUG: unable to handle kernel ");
15909 if (address < PAGE_SIZE)
15910 printk(KERN_CONT "NULL pointer dereference");
15911 @@ -704,6 +743,68 @@ __bad_area_nosemaphore(struct pt_regs *r
15912 unsigned long address, int si_code)
15914 struct task_struct *tsk = current;
15915 + struct mm_struct *mm = tsk->mm;
15917 +#ifdef CONFIG_X86_64
15918 + if (mm && (error_code & PF_INSTR)) {
15919 + if (regs->ip == (unsigned long)vgettimeofday) {
15920 + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_gettimeofday);
15922 + } else if (regs->ip == (unsigned long)vtime) {
15923 + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_time);
15925 + } else if (regs->ip == (unsigned long)vgetcpu) {
15926 + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, getcpu);
15932 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
15933 + if (mm && (error_code & PF_USER)) {
15934 + unsigned long ip = regs->ip;
15936 + if (v8086_mode(regs))
15937 + ip = ((regs->cs & 0xffff) << 4) + (regs->ip & 0xffff);
15940 + * It's possible to have interrupts off here:
15942 + local_irq_enable();
15944 +#ifdef CONFIG_PAX_PAGEEXEC
15945 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) &&
15946 + ((nx_enabled && (error_code & PF_INSTR)) || (!(error_code & (PF_PROT | PF_WRITE)) && regs->ip == address))) {
15948 +#ifdef CONFIG_PAX_EMUTRAMP
15949 + switch (pax_handle_fetch_fault(regs)) {
15955 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15956 + do_group_exit(SIGKILL);
15960 +#ifdef CONFIG_PAX_SEGMEXEC
15961 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & (PF_PROT | PF_WRITE)) && (regs->ip + SEGMEXEC_TASK_SIZE == address)) {
15963 +#ifdef CONFIG_PAX_EMUTRAMP
15964 + switch (pax_handle_fetch_fault(regs)) {
15970 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15971 + do_group_exit(SIGKILL);
15978 /* User mode accesses just cause a SIGSEGV */
15979 if (error_code & PF_USER) {
15980 @@ -848,6 +949,106 @@ static int spurious_fault_check(unsigned
15984 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
15985 +static int pax_handle_pageexec_fault(struct pt_regs *regs, struct mm_struct *mm, unsigned long address, unsigned long error_code)
15990 + unsigned char pte_mask;
15992 + if (nx_enabled || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) ||
15993 + !(mm->pax_flags & MF_PAX_PAGEEXEC))
15996 + /* PaX: it's our fault, let's handle it if we can */
15998 + /* PaX: take a look at read faults before acquiring any locks */
15999 + if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) {
16000 + /* instruction fetch attempt from a protected page in user mode */
16001 + up_read(&mm->mmap_sem);
16003 +#ifdef CONFIG_PAX_EMUTRAMP
16004 + switch (pax_handle_fetch_fault(regs)) {
16010 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
16011 + do_group_exit(SIGKILL);
16014 + pmd = pax_get_pmd(mm, address);
16015 + if (unlikely(!pmd))
16018 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
16019 + if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) {
16020 + pte_unmap_unlock(pte, ptl);
16024 + if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) {
16025 + /* write attempt to a protected page in user mode */
16026 + pte_unmap_unlock(pte, ptl);
16031 + if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
16033 + if (likely(address > get_limit(regs->cs)))
16036 + set_pte(pte, pte_mkread(*pte));
16037 + __flush_tlb_one(address);
16038 + pte_unmap_unlock(pte, ptl);
16039 + up_read(&mm->mmap_sem);
16043 + pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1));
16046 + * PaX: fill DTLB with user rights and retry
16048 + __asm__ __volatile__ (
16049 +#ifdef CONFIG_PAX_MEMORY_UDEREF
16050 + "movw %w4,%%es\n"
16053 +#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
16055 + * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
16056 + * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
16057 + * page fault when examined during a TLB load attempt. this is true not only
16058 + * for PTEs holding a non-present entry but also present entries that will
16059 + * raise a page fault (such as those set up by PaX, or the copy-on-write
16060 + * mechanism). in effect it means that we do *not* need to flush the TLBs
16061 + * for our target pages since their PTEs are simply not in the TLBs at all.
16063 + * the best thing in omitting it is that we gain around 15-20% speed in the
16064 + * fast path of the page fault handler and can get rid of tracing since we
16065 + * can no longer flush unintended entries.
16069 + "testb $0,%%es:(%0)\n"
16071 +#ifdef CONFIG_PAX_MEMORY_UDEREF
16076 + : "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS)
16077 + : "memory", "cc");
16078 + pte_unmap_unlock(pte, ptl);
16079 + up_read(&mm->mmap_sem);
16085 * Handle a spurious fault caused by a stale TLB entry.
16087 @@ -914,6 +1115,9 @@ int show_unhandled_signals = 1;
16089 access_error(unsigned long error_code, int write, struct vm_area_struct *vma)
16091 + if (nx_enabled && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
16095 /* write, present and write, not present: */
16096 if (unlikely(!(vma->vm_flags & VM_WRITE)))
16097 @@ -947,17 +1151,16 @@ do_page_fault(struct pt_regs *regs, unsi
16099 struct vm_area_struct *vma;
16100 struct task_struct *tsk;
16101 - unsigned long address;
16102 struct mm_struct *mm;
16106 + /* Get the faulting address: */
16107 + const unsigned long address = read_cr2();
16112 - /* Get the faulting address: */
16113 - address = read_cr2();
16116 * Detect and handle instructions that would cause a page fault for
16117 * both a tracked kernel page and a userspace page.
16118 @@ -1017,7 +1220,7 @@ do_page_fault(struct pt_regs *regs, unsi
16119 * User-mode registers count as a user access even for any
16120 * potential system fault or CPU buglet:
16122 - if (user_mode_vm(regs)) {
16123 + if (user_mode(regs)) {
16124 local_irq_enable();
16125 error_code |= PF_USER;
16127 @@ -1071,6 +1274,11 @@ do_page_fault(struct pt_regs *regs, unsi
16131 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
16132 + if (pax_handle_pageexec_fault(regs, mm, address, error_code))
16136 vma = find_vma(mm, address);
16137 if (unlikely(!vma)) {
16138 bad_area(regs, error_code, address);
16139 @@ -1082,18 +1290,24 @@ do_page_fault(struct pt_regs *regs, unsi
16140 bad_area(regs, error_code, address);
16143 - if (error_code & PF_USER) {
16145 - * Accessing the stack below %sp is always a bug.
16146 - * The large cushion allows instructions like enter
16147 - * and pusha to work. ("enter $65535, $31" pushes
16148 - * 32 pointers and then decrements %sp by 65535.)
16150 - if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
16151 - bad_area(regs, error_code, address);
16155 + * Accessing the stack below %sp is always a bug.
16156 + * The large cushion allows instructions like enter
16157 + * and pusha to work. ("enter $65535, $31" pushes
16158 + * 32 pointers and then decrements %sp by 65535.)
16160 + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
16161 + bad_area(regs, error_code, address);
16165 +#ifdef CONFIG_PAX_SEGMEXEC
16166 + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
16167 + bad_area(regs, error_code, address);
16172 if (unlikely(expand_stack(vma, address))) {
16173 bad_area(regs, error_code, address);
16175 @@ -1137,3 +1351,174 @@ good_area:
16177 up_read(&mm->mmap_sem);
16180 +#ifdef CONFIG_PAX_EMUTRAMP
16181 +static int pax_handle_fetch_fault_32(struct pt_regs *regs)
16185 + do { /* PaX: gcc trampoline emulation #1 */
16186 + unsigned char mov1, mov2;
16187 + unsigned short jmp;
16188 + unsigned int addr1, addr2;
16190 +#ifdef CONFIG_X86_64
16191 + if ((regs->ip + 11) >> 32)
16195 + err = get_user(mov1, (unsigned char __user *)regs->ip);
16196 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
16197 + err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5));
16198 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
16199 + err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10));
16204 + if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) {
16205 + regs->cx = addr1;
16206 + regs->ax = addr2;
16207 + regs->ip = addr2;
16212 + do { /* PaX: gcc trampoline emulation #2 */
16213 + unsigned char mov, jmp;
16214 + unsigned int addr1, addr2;
16216 +#ifdef CONFIG_X86_64
16217 + if ((regs->ip + 9) >> 32)
16221 + err = get_user(mov, (unsigned char __user *)regs->ip);
16222 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
16223 + err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
16224 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
16229 + if (mov == 0xB9 && jmp == 0xE9) {
16230 + regs->cx = addr1;
16231 + regs->ip = (unsigned int)(regs->ip + addr2 + 10);
16236 + return 1; /* PaX in action */
16239 +#ifdef CONFIG_X86_64
16240 +static int pax_handle_fetch_fault_64(struct pt_regs *regs)
16244 + do { /* PaX: gcc trampoline emulation #1 */
16245 + unsigned short mov1, mov2, jmp1;
16246 + unsigned char jmp2;
16247 + unsigned int addr1;
16248 + unsigned long addr2;
16250 + err = get_user(mov1, (unsigned short __user *)regs->ip);
16251 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2));
16252 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6));
16253 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8));
16254 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16));
16255 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18));
16260 + if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
16261 + regs->r11 = addr1;
16262 + regs->r10 = addr2;
16263 + regs->ip = addr1;
16268 + do { /* PaX: gcc trampoline emulation #2 */
16269 + unsigned short mov1, mov2, jmp1;
16270 + unsigned char jmp2;
16271 + unsigned long addr1, addr2;
16273 + err = get_user(mov1, (unsigned short __user *)regs->ip);
16274 + err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
16275 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
16276 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
16277 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20));
16278 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22));
16283 + if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
16284 + regs->r11 = addr1;
16285 + regs->r10 = addr2;
16286 + regs->ip = addr1;
16291 + return 1; /* PaX in action */
16296 + * PaX: decide what to do with offenders (regs->ip = fault address)
16298 + * returns 1 when task should be killed
16299 + * 2 when gcc trampoline was detected
16301 +static int pax_handle_fetch_fault(struct pt_regs *regs)
16303 + if (v8086_mode(regs))
16306 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
16309 +#ifdef CONFIG_X86_32
16310 + return pax_handle_fetch_fault_32(regs);
16312 + if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))
16313 + return pax_handle_fetch_fault_32(regs);
16315 + return pax_handle_fetch_fault_64(regs);
16320 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
16321 +void pax_report_insns(void *pc, void *sp)
16325 + printk(KERN_ERR "PAX: bytes at PC: ");
16326 + for (i = 0; i < 20; i++) {
16328 + if (get_user(c, (__force unsigned char __user *)pc+i))
16329 + printk(KERN_CONT "?? ");
16331 + printk(KERN_CONT "%02x ", c);
16335 + printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
16336 + for (i = -1; i < 80 / sizeof(long); i++) {
16338 + if (get_user(c, (__force unsigned long __user *)sp+i))
16339 +#ifdef CONFIG_X86_32
16340 + printk(KERN_CONT "???????? ");
16342 + printk(KERN_CONT "???????????????? ");
16345 + printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c);
16350 diff -urNp linux-2.6.32.1/arch/x86/mm/gup.c linux-2.6.32.1/arch/x86/mm/gup.c
16351 --- linux-2.6.32.1/arch/x86/mm/gup.c 2009-12-02 22:51:21.000000000 -0500
16352 +++ linux-2.6.32.1/arch/x86/mm/gup.c 2009-12-14 18:33:51.851713993 -0500
16353 @@ -237,7 +237,7 @@ int __get_user_pages_fast(unsigned long
16355 len = (unsigned long) nr_pages << PAGE_SHIFT;
16357 - if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
16358 + if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
16359 (void __user *)start, len)))
16362 diff -urNp linux-2.6.32.1/arch/x86/mm/highmem_32.c linux-2.6.32.1/arch/x86/mm/highmem_32.c
16363 --- linux-2.6.32.1/arch/x86/mm/highmem_32.c 2009-12-02 22:51:21.000000000 -0500
16364 +++ linux-2.6.32.1/arch/x86/mm/highmem_32.c 2009-12-14 18:33:51.851713993 -0500
16365 @@ -43,7 +43,10 @@ void *kmap_atomic_prot(struct page *page
16366 idx = type + KM_TYPE_NR*smp_processor_id();
16367 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
16368 BUG_ON(!pte_none(*(kmap_pte-idx)));
16370 + pax_open_kernel();
16371 set_pte(kmap_pte-idx, mk_pte(page, prot));
16372 + pax_close_kernel();
16374 return (void *)vaddr;
16376 diff -urNp linux-2.6.32.1/arch/x86/mm/hugetlbpage.c linux-2.6.32.1/arch/x86/mm/hugetlbpage.c
16377 --- linux-2.6.32.1/arch/x86/mm/hugetlbpage.c 2009-12-02 22:51:21.000000000 -0500
16378 +++ linux-2.6.32.1/arch/x86/mm/hugetlbpage.c 2009-12-14 18:33:51.852719320 -0500
16379 @@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe
16380 struct hstate *h = hstate_file(file);
16381 struct mm_struct *mm = current->mm;
16382 struct vm_area_struct *vma;
16383 - unsigned long start_addr;
16384 + unsigned long start_addr, pax_task_size = TASK_SIZE;
16386 +#ifdef CONFIG_PAX_SEGMEXEC
16387 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
16388 + pax_task_size = SEGMEXEC_TASK_SIZE;
16391 if (len > mm->cached_hole_size) {
16392 - start_addr = mm->free_area_cache;
16393 + start_addr = mm->free_area_cache;
16395 - start_addr = TASK_UNMAPPED_BASE;
16396 - mm->cached_hole_size = 0;
16397 + start_addr = mm->mmap_base;
16398 + mm->cached_hole_size = 0;
16402 @@ -281,13 +286,13 @@ full_search:
16404 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
16405 /* At this point: (!vma || addr < vma->vm_end). */
16406 - if (TASK_SIZE - len < addr) {
16407 + if (pax_task_size - len < addr) {
16409 * Start a new search - just in case we missed
16412 - if (start_addr != TASK_UNMAPPED_BASE) {
16413 - start_addr = TASK_UNMAPPED_BASE;
16414 + if (start_addr != mm->mmap_base) {
16415 + start_addr = mm->mmap_base;
16416 mm->cached_hole_size = 0;
16419 @@ -310,9 +315,8 @@ static unsigned long hugetlb_get_unmappe
16420 struct hstate *h = hstate_file(file);
16421 struct mm_struct *mm = current->mm;
16422 struct vm_area_struct *vma, *prev_vma;
16423 - unsigned long base = mm->mmap_base, addr = addr0;
16424 + unsigned long base = mm->mmap_base, addr;
16425 unsigned long largest_hole = mm->cached_hole_size;
16426 - int first_time = 1;
16428 /* don't allow allocations above current base */
16429 if (mm->free_area_cache > base)
16430 @@ -322,7 +326,7 @@ static unsigned long hugetlb_get_unmappe
16432 mm->free_area_cache = base;
16436 /* make sure it can fit in the remaining address space */
16437 if (mm->free_area_cache < len)
16439 @@ -364,22 +368,26 @@ try_again:
16443 - * if hint left us with no space for the requested
16444 - * mapping then try again:
16446 - if (first_time) {
16447 - mm->free_area_cache = base;
16448 - largest_hole = 0;
16453 * A failed mmap() very likely causes application failure,
16454 * so fall back to the bottom-up function here. This scenario
16455 * can happen with large stack limits and large mmap()
16458 - mm->free_area_cache = TASK_UNMAPPED_BASE;
16460 +#ifdef CONFIG_PAX_SEGMEXEC
16461 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
16462 + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
16466 + mm->mmap_base = TASK_UNMAPPED_BASE;
16468 +#ifdef CONFIG_PAX_RANDMMAP
16469 + if (mm->pax_flags & MF_PAX_RANDMMAP)
16470 + mm->mmap_base += mm->delta_mmap;
16473 + mm->free_area_cache = mm->mmap_base;
16474 mm->cached_hole_size = ~0UL;
16475 addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
16476 len, pgoff, flags);
16477 @@ -387,6 +395,7 @@ fail:
16479 * Restore the topdown base:
16481 + mm->mmap_base = base;
16482 mm->free_area_cache = base;
16483 mm->cached_hole_size = ~0UL;
16485 @@ -400,10 +409,17 @@ hugetlb_get_unmapped_area(struct file *f
16486 struct hstate *h = hstate_file(file);
16487 struct mm_struct *mm = current->mm;
16488 struct vm_area_struct *vma;
16489 + unsigned long pax_task_size = TASK_SIZE;
16491 if (len & ~huge_page_mask(h))
16493 - if (len > TASK_SIZE)
16495 +#ifdef CONFIG_PAX_SEGMEXEC
16496 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
16497 + pax_task_size = SEGMEXEC_TASK_SIZE;
16500 + if (len > pax_task_size)
16503 if (flags & MAP_FIXED) {
16504 @@ -415,7 +431,7 @@ hugetlb_get_unmapped_area(struct file *f
16506 addr = ALIGN(addr, huge_page_size(h));
16507 vma = find_vma(mm, addr);
16508 - if (TASK_SIZE - len >= addr &&
16509 + if (pax_task_size - len >= addr &&
16510 (!vma || addr + len <= vma->vm_start))
16513 diff -urNp linux-2.6.32.1/arch/x86/mm/init_32.c linux-2.6.32.1/arch/x86/mm/init_32.c
16514 --- linux-2.6.32.1/arch/x86/mm/init_32.c 2009-12-02 22:51:21.000000000 -0500
16515 +++ linux-2.6.32.1/arch/x86/mm/init_32.c 2009-12-15 17:05:40.583629988 -0500
16516 @@ -72,36 +72,6 @@ static __init void *alloc_low_page(void)
16520 - * Creates a middle page table and puts a pointer to it in the
16521 - * given global directory entry. This only returns the gd entry
16522 - * in non-PAE compilation mode, since the middle layer is folded.
16524 -static pmd_t * __init one_md_table_init(pgd_t *pgd)
16527 - pmd_t *pmd_table;
16529 -#ifdef CONFIG_X86_PAE
16530 - if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
16531 - if (after_bootmem)
16532 - pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE);
16534 - pmd_table = (pmd_t *)alloc_low_page();
16535 - paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
16536 - set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
16537 - pud = pud_offset(pgd, 0);
16538 - BUG_ON(pmd_table != pmd_offset(pud, 0));
16540 - return pmd_table;
16543 - pud = pud_offset(pgd, 0);
16544 - pmd_table = pmd_offset(pud, 0);
16546 - return pmd_table;
16550 * Create a page table and place a pointer to it in a middle page
16553 @@ -121,13 +91,28 @@ static pte_t * __init one_page_table_ini
16554 page_table = (pte_t *)alloc_low_page();
16556 paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
16557 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
16558 + set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE));
16560 set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE));
16562 BUG_ON(page_table != pte_offset_kernel(pmd, 0));
16565 return pte_offset_kernel(pmd, 0);
16568 +static pmd_t * __init one_md_table_init(pgd_t *pgd)
16571 + pmd_t *pmd_table;
16573 + pud = pud_offset(pgd, 0);
16574 + pmd_table = pmd_offset(pud, 0);
16576 + return pmd_table;
16579 pmd_t * __init populate_extra_pmd(unsigned long vaddr)
16581 int pgd_idx = pgd_index(vaddr);
16582 @@ -201,6 +186,7 @@ page_table_range_init(unsigned long star
16583 int pgd_idx, pmd_idx;
16584 unsigned long vaddr;
16590 @@ -210,8 +196,13 @@ page_table_range_init(unsigned long star
16591 pgd = pgd_base + pgd_idx;
16593 for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
16594 - pmd = one_md_table_init(pgd);
16595 - pmd = pmd + pmd_index(vaddr);
16596 + pud = pud_offset(pgd, vaddr);
16597 + pmd = pmd_offset(pud, vaddr);
16599 +#ifdef CONFIG_X86_PAE
16600 + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
16603 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
16604 pmd++, pmd_idx++) {
16605 pte = page_table_kmap_check(one_page_table_init(pmd),
16606 @@ -223,11 +214,20 @@ page_table_range_init(unsigned long star
16610 -static inline int is_kernel_text(unsigned long addr)
16611 +static inline int is_kernel_text(unsigned long start, unsigned long end)
16613 - if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end)
16616 + if ((start > ktla_ktva((unsigned long)_etext) ||
16617 + end <= ktla_ktva((unsigned long)_stext)) &&
16618 + (start > ktla_ktva((unsigned long)_einittext) ||
16619 + end <= ktla_ktva((unsigned long)_sinittext)) &&
16621 +#ifdef CONFIG_ACPI_SLEEP
16622 + (start > (unsigned long)__va(acpi_wakeup_address) + 0x4000 || end <= (unsigned long)__va(acpi_wakeup_address)) &&
16625 + (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000)))
16631 @@ -243,9 +243,10 @@ kernel_physical_mapping_init(unsigned lo
16632 int use_pse = page_size_mask == (1<<PG_LEVEL_2M);
16633 unsigned long start_pfn, end_pfn;
16634 pgd_t *pgd_base = swapper_pg_dir;
16635 - int pgd_idx, pmd_idx, pte_ofs;
16636 + unsigned int pgd_idx, pmd_idx, pte_ofs;
16642 unsigned pages_2m, pages_4k;
16643 @@ -278,8 +279,13 @@ repeat:
16645 pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
16646 pgd = pgd_base + pgd_idx;
16647 - for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) {
16648 - pmd = one_md_table_init(pgd);
16649 + for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) {
16650 + pud = pud_offset(pgd, 0);
16651 + pmd = pmd_offset(pud, 0);
16653 +#ifdef CONFIG_X86_PAE
16654 + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
16657 if (pfn >= end_pfn)
16659 @@ -291,14 +297,13 @@ repeat:
16661 for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
16662 pmd++, pmd_idx++) {
16663 - unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET;
16664 + unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET;
16667 * Map with big pages if possible, otherwise
16668 * create normal page tables:
16671 - unsigned int addr2;
16672 pgprot_t prot = PAGE_KERNEL_LARGE;
16674 * first pass will use the same initial
16675 @@ -308,11 +313,7 @@ repeat:
16676 __pgprot(PTE_IDENT_ATTR |
16679 - addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
16680 - PAGE_OFFSET + PAGE_SIZE-1;
16682 - if (is_kernel_text(addr) ||
16683 - is_kernel_text(addr2))
16684 + if (is_kernel_text(address, address + PMD_SIZE))
16685 prot = PAGE_KERNEL_LARGE_EXEC;
16688 @@ -329,7 +330,7 @@ repeat:
16689 pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
16691 for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
16692 - pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
16693 + pte++, pfn++, pte_ofs++, address += PAGE_SIZE) {
16694 pgprot_t prot = PAGE_KERNEL;
16696 * first pass will use the same initial
16697 @@ -337,7 +338,7 @@ repeat:
16699 pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
16701 - if (is_kernel_text(addr))
16702 + if (is_kernel_text(address, address + PAGE_SIZE))
16703 prot = PAGE_KERNEL_EXEC;
16706 @@ -489,7 +490,7 @@ void __init native_pagetable_setup_start
16708 pud = pud_offset(pgd, va);
16709 pmd = pmd_offset(pud, va);
16710 - if (!pmd_present(*pmd))
16711 + if (!pmd_present(*pmd) || pmd_huge(*pmd))
16714 pte = pte_offset_kernel(pmd, va);
16715 @@ -541,9 +542,7 @@ void __init early_ioremap_page_table_ran
16717 static void __init pagetable_init(void)
16719 - pgd_t *pgd_base = swapper_pg_dir;
16721 - permanent_kmaps_init(pgd_base);
16722 + permanent_kmaps_init(swapper_pg_dir);
16725 #ifdef CONFIG_ACPI_SLEEP
16726 @@ -551,12 +550,12 @@ static void __init pagetable_init(void)
16727 * ACPI suspend needs this for resume, because things like the intel-agp
16728 * driver might have split up a kernel 4MB mapping.
16730 -char swsusp_pg_dir[PAGE_SIZE]
16731 +pgd_t swsusp_pg_dir[PTRS_PER_PGD]
16732 __attribute__ ((aligned(PAGE_SIZE)));
16734 static inline void save_pg_dir(void)
16736 - memcpy(swsusp_pg_dir, swapper_pg_dir, PAGE_SIZE);
16737 + clone_pgd_range(swsusp_pg_dir, swapper_pg_dir, PTRS_PER_PGD);
16739 #else /* !CONFIG_ACPI_SLEEP */
16740 static inline void save_pg_dir(void)
16741 @@ -588,7 +587,7 @@ void zap_low_mappings(bool early)
16745 -pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
16746 +pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
16747 EXPORT_SYMBOL_GPL(__supported_pte_mask);
16749 /* user-defined highmem size */
16750 @@ -881,7 +880,7 @@ void __init mem_init(void)
16751 set_highmem_pages_init();
16753 codesize = (unsigned long) &_etext - (unsigned long) &_text;
16754 - datasize = (unsigned long) &_edata - (unsigned long) &_etext;
16755 + datasize = (unsigned long) &_edata - (unsigned long) &_sdata;
16756 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
16758 printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
16759 @@ -923,10 +922,10 @@ void __init mem_init(void)
16760 ((unsigned long)&__init_end -
16761 (unsigned long)&__init_begin) >> 10,
16763 - (unsigned long)&_etext, (unsigned long)&_edata,
16764 - ((unsigned long)&_edata - (unsigned long)&_etext) >> 10,
16765 + (unsigned long)&_sdata, (unsigned long)&_edata,
16766 + ((unsigned long)&_edata - (unsigned long)&_sdata) >> 10,
16768 - (unsigned long)&_text, (unsigned long)&_etext,
16769 + ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext),
16770 ((unsigned long)&_etext - (unsigned long)&_text) >> 10);
16773 @@ -1007,6 +1006,7 @@ void set_kernel_text_rw(void)
16774 if (!kernel_set_to_readonly)
16777 + start = ktla_ktva(start);
16778 pr_debug("Set kernel text: %lx - %lx for read write\n",
16779 start, start+size);
16781 @@ -1021,6 +1021,7 @@ void set_kernel_text_ro(void)
16782 if (!kernel_set_to_readonly)
16785 + start = ktla_ktva(start);
16786 pr_debug("Set kernel text: %lx - %lx for read only\n",
16787 start, start+size);
16789 @@ -1032,6 +1033,7 @@ void mark_rodata_ro(void)
16790 unsigned long start = PFN_ALIGN(_text);
16791 unsigned long size = PFN_ALIGN(_etext) - start;
16793 + start = ktla_ktva(start);
16794 set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
16795 printk(KERN_INFO "Write protecting the kernel text: %luk\n",
16797 diff -urNp linux-2.6.32.1/arch/x86/mm/init_64.c linux-2.6.32.1/arch/x86/mm/init_64.c
16798 --- linux-2.6.32.1/arch/x86/mm/init_64.c 2009-12-02 22:51:21.000000000 -0500
16799 +++ linux-2.6.32.1/arch/x86/mm/init_64.c 2009-12-14 18:33:51.855716926 -0500
16800 @@ -163,7 +163,9 @@ void set_pte_vaddr_pud(pud_t *pud_page,
16801 pmd = fill_pmd(pud, vaddr);
16802 pte = fill_pte(pmd, vaddr);
16804 + pax_open_kernel();
16805 set_pte(pte, new_pte);
16806 + pax_close_kernel();
16809 * It's enough to flush this one mapping.
16810 @@ -222,14 +224,12 @@ static void __init __init_extra_mapping(
16811 pgd = pgd_offset_k((unsigned long)__va(phys));
16812 if (pgd_none(*pgd)) {
16813 pud = (pud_t *) spp_getpage();
16814 - set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE |
16816 + set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE));
16818 pud = pud_offset(pgd, (unsigned long)__va(phys));
16819 if (pud_none(*pud)) {
16820 pmd = (pmd_t *) spp_getpage();
16821 - set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE |
16823 + set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE));
16825 pmd = pmd_offset(pud, phys);
16826 BUG_ON(!pmd_none(*pmd));
16827 @@ -842,8 +842,8 @@ int kern_addr_valid(unsigned long addr)
16828 static struct vm_area_struct gate_vma = {
16829 .vm_start = VSYSCALL_START,
16830 .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
16831 - .vm_page_prot = PAGE_READONLY_EXEC,
16832 - .vm_flags = VM_READ | VM_EXEC
16833 + .vm_page_prot = PAGE_READONLY,
16834 + .vm_flags = VM_READ
16837 struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
16838 @@ -877,7 +877,7 @@ int in_gate_area_no_task(unsigned long a
16840 const char *arch_vma_name(struct vm_area_struct *vma)
16842 - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
16843 + if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
16845 if (vma == &gate_vma)
16846 return "[vsyscall]";
16847 diff -urNp linux-2.6.32.1/arch/x86/mm/init.c linux-2.6.32.1/arch/x86/mm/init.c
16848 --- linux-2.6.32.1/arch/x86/mm/init.c 2009-12-02 22:51:21.000000000 -0500
16849 +++ linux-2.6.32.1/arch/x86/mm/init.c 2009-12-14 18:33:51.855716926 -0500
16850 @@ -331,7 +331,13 @@ unsigned long __init_refok init_memory_m
16852 int devmem_is_allowed(unsigned long pagenr)
16854 - if (pagenr <= 256)
16857 +#ifdef CONFIG_VM86
16858 + if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
16861 + if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
16863 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
16865 @@ -379,6 +385,83 @@ void free_init_pages(char *what, unsigne
16867 void free_initmem(void)
16870 +#ifdef CONFIG_PAX_KERNEXEC
16875 +#ifdef CONFIG_X86_32
16876 + /* PaX: limit KERNEL_CS to actual size */
16877 + unsigned long addr, limit;
16878 + struct desc_struct d;
16881 + limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
16882 + limit = (limit - 1UL) >> PAGE_SHIFT;
16884 + memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
16885 + for (cpu = 0; cpu < NR_CPUS; cpu++) {
16886 + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
16887 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
16890 + /* PaX: make KERNEL_CS read-only */
16891 + addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
16892 + if (!paravirt_enabled())
16893 + set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
16895 + for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
16896 + pgd = pgd_offset_k(addr);
16897 + pud = pud_offset(pgd, addr);
16898 + pmd = pmd_offset(pud, addr);
16899 + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16902 +#ifdef CONFIG_X86_PAE
16903 + set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
16904 + for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
16905 + pgd = pgd_offset_k(addr);
16906 + pud = pud_offset(pgd, addr);
16907 + pmd = pmd_offset(pud, addr);
16908 + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16912 +#ifdef CONFIG_MODULES
16913 + set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
16917 + unsigned long addr, end;
16919 + /* PaX: make kernel code/rodata read-only, rest non-executable */
16920 + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
16921 + pgd = pgd_offset_k(addr);
16922 + pud = pud_offset(pgd, addr);
16923 + pmd = pmd_offset(pud, addr);
16924 + if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
16925 + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16927 + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16930 + addr = (unsigned long)__va(__pa(__START_KERNEL_map));
16931 + end = addr + KERNEL_IMAGE_SIZE;
16932 + for (; addr < end; addr += PMD_SIZE) {
16933 + pgd = pgd_offset_k(addr);
16934 + pud = pud_offset(pgd, addr);
16935 + pmd = pmd_offset(pud, addr);
16936 + if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
16937 + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16939 + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16946 free_init_pages("unused kernel memory",
16947 (unsigned long)(&__init_begin),
16948 (unsigned long)(&__init_end));
16949 diff -urNp linux-2.6.32.1/arch/x86/mm/iomap_32.c linux-2.6.32.1/arch/x86/mm/iomap_32.c
16950 --- linux-2.6.32.1/arch/x86/mm/iomap_32.c 2009-12-02 22:51:21.000000000 -0500
16951 +++ linux-2.6.32.1/arch/x86/mm/iomap_32.c 2009-12-14 18:33:51.855716926 -0500
16952 @@ -65,7 +65,11 @@ void *kmap_atomic_prot_pfn(unsigned long
16953 debug_kmap_atomic(type);
16954 idx = type + KM_TYPE_NR * smp_processor_id();
16955 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
16957 + pax_open_kernel();
16958 set_pte(kmap_pte - idx, pfn_pte(pfn, prot));
16959 + pax_close_kernel();
16961 arch_flush_lazy_mmu_mode();
16963 return (void *)vaddr;
16964 diff -urNp linux-2.6.32.1/arch/x86/mm/ioremap.c linux-2.6.32.1/arch/x86/mm/ioremap.c
16965 --- linux-2.6.32.1/arch/x86/mm/ioremap.c 2009-12-02 22:51:21.000000000 -0500
16966 +++ linux-2.6.32.1/arch/x86/mm/ioremap.c 2009-12-14 18:33:51.857713707 -0500
16967 @@ -41,8 +41,8 @@ int page_is_ram(unsigned long pagenr)
16968 * Second special case: Some BIOSen report the PC BIOS
16969 * area (640->1Mb) as ram even though it is not.
16971 - if (pagenr >= (BIOS_BEGIN >> PAGE_SHIFT) &&
16972 - pagenr < (BIOS_END >> PAGE_SHIFT))
16973 + if (pagenr >= (ISA_START_ADDRESS >> PAGE_SHIFT) &&
16974 + pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
16977 for (i = 0; i < e820.nr_map; i++) {
16978 @@ -137,10 +137,7 @@ static void __iomem *__ioremap_caller(re
16980 * Don't allow anybody to remap normal RAM that we're using..
16982 - for (pfn = phys_addr >> PAGE_SHIFT;
16983 - (pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK);
16986 + for (pfn = phys_addr >> PAGE_SHIFT; ((resource_size_t)pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK); pfn++) {
16987 int is_ram = page_is_ram(pfn);
16989 if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
16990 @@ -191,6 +188,8 @@ static void __iomem *__ioremap_caller(re
16994 + prot = canon_pgprot(prot);
16999 @@ -407,7 +406,7 @@ static int __init early_ioremap_debug_se
17000 early_param("early_ioremap_debug", early_ioremap_debug_setup);
17002 static __initdata int after_paging_init;
17003 -static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
17004 +static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE);
17006 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
17008 @@ -439,8 +438,7 @@ void __init early_ioremap_init(void)
17009 slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
17011 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
17012 - memset(bm_pte, 0, sizeof(bm_pte));
17013 - pmd_populate_kernel(&init_mm, pmd, bm_pte);
17014 + pmd_populate_user(&init_mm, pmd, bm_pte);
17017 * The boot-ioremap range spans multiple pmds, for which
17018 diff -urNp linux-2.6.32.1/arch/x86/mm/mmap.c linux-2.6.32.1/arch/x86/mm/mmap.c
17019 --- linux-2.6.32.1/arch/x86/mm/mmap.c 2009-12-02 22:51:21.000000000 -0500
17020 +++ linux-2.6.32.1/arch/x86/mm/mmap.c 2009-12-14 18:33:51.857713707 -0500
17021 @@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size
17022 * Leave an at least ~128 MB hole with possible stack randomization.
17024 #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
17025 -#define MAX_GAP (TASK_SIZE/6*5)
17026 +#define MAX_GAP (pax_task_size/6*5)
17029 * True on X86_32 or when emulating IA32 on X86_64
17030 @@ -94,27 +94,40 @@ static unsigned long mmap_rnd(void)
17031 return rnd << PAGE_SHIFT;
17034 -static unsigned long mmap_base(void)
17035 +static unsigned long mmap_base(struct mm_struct *mm)
17037 unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
17038 + unsigned long pax_task_size = TASK_SIZE;
17040 +#ifdef CONFIG_PAX_SEGMEXEC
17041 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
17042 + pax_task_size = SEGMEXEC_TASK_SIZE;
17047 else if (gap > MAX_GAP)
17050 - return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
17051 + return PAGE_ALIGN(pax_task_size - gap - mmap_rnd());
17055 * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
17056 * does, but not when emulating X86_32
17058 -static unsigned long mmap_legacy_base(void)
17059 +static unsigned long mmap_legacy_base(struct mm_struct *mm)
17061 - if (mmap_is_ia32())
17062 + if (mmap_is_ia32()) {
17064 +#ifdef CONFIG_PAX_SEGMEXEC
17065 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
17066 + return SEGMEXEC_TASK_UNMAPPED_BASE;
17070 return TASK_UNMAPPED_BASE;
17073 return TASK_UNMAPPED_BASE + mmap_rnd();
17076 @@ -125,11 +138,23 @@ static unsigned long mmap_legacy_base(vo
17077 void arch_pick_mmap_layout(struct mm_struct *mm)
17079 if (mmap_is_legacy()) {
17080 - mm->mmap_base = mmap_legacy_base();
17081 + mm->mmap_base = mmap_legacy_base(mm);
17083 +#ifdef CONFIG_PAX_RANDMMAP
17084 + if (mm->pax_flags & MF_PAX_RANDMMAP)
17085 + mm->mmap_base += mm->delta_mmap;
17088 mm->get_unmapped_area = arch_get_unmapped_area;
17089 mm->unmap_area = arch_unmap_area;
17091 - mm->mmap_base = mmap_base();
17092 + mm->mmap_base = mmap_base(mm);
17094 +#ifdef CONFIG_PAX_RANDMMAP
17095 + if (mm->pax_flags & MF_PAX_RANDMMAP)
17096 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
17099 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
17100 mm->unmap_area = arch_unmap_area_topdown;
17102 diff -urNp linux-2.6.32.1/arch/x86/mm/numa_32.c linux-2.6.32.1/arch/x86/mm/numa_32.c
17103 --- linux-2.6.32.1/arch/x86/mm/numa_32.c 2009-12-02 22:51:21.000000000 -0500
17104 +++ linux-2.6.32.1/arch/x86/mm/numa_32.c 2009-12-14 18:33:51.858716642 -0500
17105 @@ -98,7 +98,6 @@ unsigned long node_memmap_size_bytes(int
17109 -extern unsigned long find_max_low_pfn(void);
17110 extern unsigned long highend_pfn, highstart_pfn;
17112 #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
17113 diff -urNp linux-2.6.32.1/arch/x86/mm/pageattr.c linux-2.6.32.1/arch/x86/mm/pageattr.c
17114 --- linux-2.6.32.1/arch/x86/mm/pageattr.c 2009-12-02 22:51:21.000000000 -0500
17115 +++ linux-2.6.32.1/arch/x86/mm/pageattr.c 2009-12-14 18:33:51.858716642 -0500
17116 @@ -268,9 +268,10 @@ static inline pgprot_t static_protection
17117 * Does not cover __inittext since that is gone later on. On
17118 * 64bit we do not enforce !NX on the low mapping
17120 - if (within(address, (unsigned long)_text, (unsigned long)_etext))
17121 + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
17122 pgprot_val(forbidden) |= _PAGE_NX;
17124 +#ifdef CONFIG_DEBUG_RODATA
17126 * The .rodata section needs to be read-only. Using the pfn
17127 * catches all aliases.
17128 @@ -278,6 +279,7 @@ static inline pgprot_t static_protection
17129 if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
17130 __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
17131 pgprot_val(forbidden) |= _PAGE_RW;
17134 prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
17136 @@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address);
17137 static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
17139 /* change init_mm */
17140 + pax_open_kernel();
17141 set_pte_atomic(kpte, pte);
17142 + pax_close_kernel();
17144 #ifdef CONFIG_X86_32
17145 if (!SHARED_KERNEL_PMD) {
17147 diff -urNp linux-2.6.32.1/arch/x86/mm/pageattr-test.c linux-2.6.32.1/arch/x86/mm/pageattr-test.c
17148 --- linux-2.6.32.1/arch/x86/mm/pageattr-test.c 2009-12-02 22:51:21.000000000 -0500
17149 +++ linux-2.6.32.1/arch/x86/mm/pageattr-test.c 2009-12-14 18:33:51.858716642 -0500
17150 @@ -36,7 +36,7 @@ enum {
17152 static int pte_testbit(pte_t pte)
17154 - return pte_flags(pte) & _PAGE_UNUSED1;
17155 + return pte_flags(pte) & _PAGE_CPA_TEST;
17158 struct split_state {
17159 diff -urNp linux-2.6.32.1/arch/x86/mm/pat.c linux-2.6.32.1/arch/x86/mm/pat.c
17160 --- linux-2.6.32.1/arch/x86/mm/pat.c 2009-12-02 22:51:21.000000000 -0500
17161 +++ linux-2.6.32.1/arch/x86/mm/pat.c 2009-12-14 18:33:51.860715150 -0500
17162 @@ -258,7 +258,7 @@ chk_conflict(struct memtype *new, struct
17165 printk(KERN_INFO "%s:%d conflicting memory types "
17166 - "%Lx-%Lx %s<->%s\n", current->comm, current->pid, new->start,
17167 + "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), new->start,
17168 new->end, cattr_name(new->type), cattr_name(entry->type));
17171 @@ -559,7 +559,7 @@ unlock_ret:
17174 printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n",
17175 - current->comm, current->pid, start, end);
17176 + current->comm, task_pid_nr(current), start, end);
17179 dprintk("free_memtype request 0x%Lx-0x%Lx\n", start, end);
17180 @@ -755,7 +755,7 @@ int kernel_map_sync_memtype(u64 base, un
17182 "%s:%d ioremap_change_attr failed %s "
17184 - current->comm, current->pid,
17185 + current->comm, task_pid_nr(current),
17187 base, (unsigned long long)(base + size));
17189 @@ -813,7 +813,7 @@ static int reserve_pfn_range(u64 paddr,
17190 free_memtype(paddr, paddr + size);
17191 printk(KERN_ERR "%s:%d map pfn expected mapping type %s"
17192 " for %Lx-%Lx, got %s\n",
17193 - current->comm, current->pid,
17194 + current->comm, task_pid_nr(current),
17195 cattr_name(want_flags),
17196 (unsigned long long)paddr,
17197 (unsigned long long)(paddr + size),
17198 diff -urNp linux-2.6.32.1/arch/x86/mm/pgtable_32.c linux-2.6.32.1/arch/x86/mm/pgtable_32.c
17199 --- linux-2.6.32.1/arch/x86/mm/pgtable_32.c 2009-12-02 22:51:21.000000000 -0500
17200 +++ linux-2.6.32.1/arch/x86/mm/pgtable_32.c 2009-12-14 18:33:51.860715150 -0500
17201 @@ -49,10 +49,13 @@ void set_pte_vaddr(unsigned long vaddr,
17204 pte = pte_offset_kernel(pmd, vaddr);
17206 + pax_open_kernel();
17207 if (pte_val(pteval))
17208 set_pte_at(&init_mm, vaddr, pte, pteval);
17210 pte_clear(&init_mm, vaddr, pte);
17211 + pax_close_kernel();
17214 * It's enough to flush this one mapping.
17215 diff -urNp linux-2.6.32.1/arch/x86/mm/setup_nx.c linux-2.6.32.1/arch/x86/mm/setup_nx.c
17216 --- linux-2.6.32.1/arch/x86/mm/setup_nx.c 2009-12-02 22:51:21.000000000 -0500
17217 +++ linux-2.6.32.1/arch/x86/mm/setup_nx.c 2009-12-14 18:33:51.860715150 -0500
17220 #include <asm/pgtable.h>
17222 +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
17225 -#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
17226 -static int disable_nx __cpuinitdata;
17228 +#ifndef CONFIG_PAX_PAGEEXEC
17232 @@ -22,32 +21,26 @@ static int __init noexec_setup(char *str
17235 if (!strncmp(str, "on", 2)) {
17236 - __supported_pte_mask |= _PAGE_NX;
17239 } else if (!strncmp(str, "off", 3)) {
17241 - __supported_pte_mask &= ~_PAGE_NX;
17246 early_param("noexec", noexec_setup);
17250 #ifdef CONFIG_X86_PAE
17251 void __init set_nx(void)
17253 - unsigned int v[4], l, h;
17254 + if (!nx_enabled && cpu_has_nx) {
17257 - if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
17258 - cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
17260 - if ((v[3] & (1 << 20)) && !disable_nx) {
17261 - rdmsr(MSR_EFER, l, h);
17263 - wrmsr(MSR_EFER, l, h);
17265 - __supported_pte_mask |= _PAGE_NX;
17267 + __supported_pte_mask &= ~_PAGE_NX;
17268 + rdmsr(MSR_EFER, l, h);
17270 + wrmsr(MSR_EFER, l, h);
17274 @@ -62,7 +55,7 @@ void __cpuinit check_efer(void)
17275 unsigned long efer;
17277 rdmsrl(MSR_EFER, efer);
17278 - if (!(efer & EFER_NX) || disable_nx)
17279 + if (!(efer & EFER_NX) || !nx_enabled)
17280 __supported_pte_mask &= ~_PAGE_NX;
17283 diff -urNp linux-2.6.32.1/arch/x86/mm/tlb.c linux-2.6.32.1/arch/x86/mm/tlb.c
17284 --- linux-2.6.32.1/arch/x86/mm/tlb.c 2009-12-02 22:51:21.000000000 -0500
17285 +++ linux-2.6.32.1/arch/x86/mm/tlb.c 2009-12-14 18:33:51.860715150 -0500
17287 #include <asm/uv/uv.h>
17289 DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate)
17290 - = { &init_mm, 0, };
17291 + = { &init_mm, 0 };
17294 * Smarter SMP flushing macros.
17295 diff -urNp linux-2.6.32.1/arch/x86/oprofile/backtrace.c linux-2.6.32.1/arch/x86/oprofile/backtrace.c
17296 --- linux-2.6.32.1/arch/x86/oprofile/backtrace.c 2009-12-02 22:51:21.000000000 -0500
17297 +++ linux-2.6.32.1/arch/x86/oprofile/backtrace.c 2009-12-14 18:33:51.860715150 -0500
17298 @@ -37,7 +37,7 @@ static void backtrace_address(void *data
17299 unsigned int *depth = data;
17302 - oprofile_add_trace(addr);
17303 + oprofile_add_trace(ktla_ktva(addr));
17306 static struct stacktrace_ops backtrace_ops = {
17307 @@ -57,7 +57,7 @@ static struct frame_head *dump_user_back
17308 struct frame_head bufhead[2];
17310 /* Also check accessibility of one struct frame_head beyond */
17311 - if (!access_ok(VERIFY_READ, head, sizeof(bufhead)))
17312 + if (!__access_ok(VERIFY_READ, head, sizeof(bufhead)))
17314 if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead)))
17316 @@ -77,7 +77,7 @@ x86_backtrace(struct pt_regs * const reg
17318 struct frame_head *head = (struct frame_head *)frame_pointer(regs);
17320 - if (!user_mode_vm(regs)) {
17321 + if (!user_mode(regs)) {
17322 unsigned long stack = kernel_stack_pointer(regs);
17324 dump_trace(NULL, regs, (unsigned long *)stack, 0,
17325 diff -urNp linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c
17326 --- linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c 2009-12-02 22:51:21.000000000 -0500
17327 +++ linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c 2009-12-14 18:33:51.861723486 -0500
17328 @@ -50,7 +50,7 @@ static inline void setup_num_counters(vo
17332 -static int inline addr_increment(void)
17333 +static inline int addr_increment(void)
17336 return smp_num_siblings == 2 ? 2 : 1;
17337 diff -urNp linux-2.6.32.1/arch/x86/pci/common.c linux-2.6.32.1/arch/x86/pci/common.c
17338 --- linux-2.6.32.1/arch/x86/pci/common.c 2009-12-02 22:51:21.000000000 -0500
17339 +++ linux-2.6.32.1/arch/x86/pci/common.c 2009-12-14 18:33:51.861723486 -0500
17340 @@ -31,8 +31,8 @@ int noioapicreroute = 1;
17341 int pcibios_last_bus = -1;
17342 unsigned long pirq_table_addr;
17343 struct pci_bus *pci_root_bus;
17344 -struct pci_raw_ops *raw_pci_ops;
17345 -struct pci_raw_ops *raw_pci_ext_ops;
17346 +const struct pci_raw_ops *raw_pci_ops;
17347 +const struct pci_raw_ops *raw_pci_ext_ops;
17349 int raw_pci_read(unsigned int domain, unsigned int bus, unsigned int devfn,
17350 int reg, int len, u32 *val)
17351 @@ -370,7 +370,7 @@ static const struct dmi_system_id __devi
17352 DMI_MATCH(DMI_PRODUCT_NAME, "ProLiant DL585 G2"),
17356 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
17359 void __init dmi_check_pciprobe(void)
17360 diff -urNp linux-2.6.32.1/arch/x86/pci/direct.c linux-2.6.32.1/arch/x86/pci/direct.c
17361 --- linux-2.6.32.1/arch/x86/pci/direct.c 2009-12-02 22:51:21.000000000 -0500
17362 +++ linux-2.6.32.1/arch/x86/pci/direct.c 2009-12-14 18:33:51.862717608 -0500
17363 @@ -79,7 +79,7 @@ static int pci_conf1_write(unsigned int
17365 #undef PCI_CONF1_ADDRESS
17367 -struct pci_raw_ops pci_direct_conf1 = {
17368 +const struct pci_raw_ops pci_direct_conf1 = {
17369 .read = pci_conf1_read,
17370 .write = pci_conf1_write,
17372 @@ -173,7 +173,7 @@ static int pci_conf2_write(unsigned int
17374 #undef PCI_CONF2_ADDRESS
17376 -struct pci_raw_ops pci_direct_conf2 = {
17377 +const struct pci_raw_ops pci_direct_conf2 = {
17378 .read = pci_conf2_read,
17379 .write = pci_conf2_write,
17381 @@ -189,7 +189,7 @@ struct pci_raw_ops pci_direct_conf2 = {
17382 * This should be close to trivial, but it isn't, because there are buggy
17383 * chipsets (yes, you guessed it, by Intel and Compaq) that have no class ID.
17385 -static int __init pci_sanity_check(struct pci_raw_ops *o)
17386 +static int __init pci_sanity_check(const struct pci_raw_ops *o)
17390 diff -urNp linux-2.6.32.1/arch/x86/pci/fixup.c linux-2.6.32.1/arch/x86/pci/fixup.c
17391 --- linux-2.6.32.1/arch/x86/pci/fixup.c 2009-12-02 22:51:21.000000000 -0500
17392 +++ linux-2.6.32.1/arch/x86/pci/fixup.c 2009-12-14 18:33:51.862717608 -0500
17393 @@ -364,7 +364,7 @@ static const struct dmi_system_id __devi
17394 DMI_MATCH(DMI_PRODUCT_NAME, "MS-6702E"),
17398 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
17402 @@ -435,7 +435,7 @@ static const struct dmi_system_id __devi
17403 DMI_MATCH(DMI_PRODUCT_VERSION, "PSA40U"),
17407 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
17410 static void __devinit pci_pre_fixup_toshiba_ohci1394(struct pci_dev *dev)
17411 diff -urNp linux-2.6.32.1/arch/x86/pci/irq.c linux-2.6.32.1/arch/x86/pci/irq.c
17412 --- linux-2.6.32.1/arch/x86/pci/irq.c 2009-12-02 22:51:21.000000000 -0500
17413 +++ linux-2.6.32.1/arch/x86/pci/irq.c 2009-12-14 18:33:51.863721838 -0500
17414 @@ -543,7 +543,7 @@ static __init int intel_router_probe(str
17415 static struct pci_device_id __initdata pirq_440gx[] = {
17416 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0) },
17417 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_2) },
17419 + { PCI_DEVICE(0, 0) }
17422 /* 440GX has a proprietary PIRQ router -- don't use it */
17423 @@ -1107,7 +1107,7 @@ static struct dmi_system_id __initdata p
17424 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
17428 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
17431 int __init pcibios_irq_init(void)
17432 diff -urNp linux-2.6.32.1/arch/x86/pci/mmconfig_32.c linux-2.6.32.1/arch/x86/pci/mmconfig_32.c
17433 --- linux-2.6.32.1/arch/x86/pci/mmconfig_32.c 2009-12-02 22:51:21.000000000 -0500
17434 +++ linux-2.6.32.1/arch/x86/pci/mmconfig_32.c 2009-12-14 18:33:51.863721838 -0500
17435 @@ -125,7 +125,7 @@ static int pci_mmcfg_write(unsigned int
17439 -static struct pci_raw_ops pci_mmcfg = {
17440 +static const struct pci_raw_ops pci_mmcfg = {
17441 .read = pci_mmcfg_read,
17442 .write = pci_mmcfg_write,
17444 diff -urNp linux-2.6.32.1/arch/x86/pci/mmconfig_64.c linux-2.6.32.1/arch/x86/pci/mmconfig_64.c
17445 --- linux-2.6.32.1/arch/x86/pci/mmconfig_64.c 2009-12-02 22:51:21.000000000 -0500
17446 +++ linux-2.6.32.1/arch/x86/pci/mmconfig_64.c 2009-12-14 18:33:51.863721838 -0500
17447 @@ -104,7 +104,7 @@ static int pci_mmcfg_write(unsigned int
17451 -static struct pci_raw_ops pci_mmcfg = {
17452 +static const struct pci_raw_ops pci_mmcfg = {
17453 .read = pci_mmcfg_read,
17454 .write = pci_mmcfg_write,
17456 diff -urNp linux-2.6.32.1/arch/x86/pci/numaq_32.c linux-2.6.32.1/arch/x86/pci/numaq_32.c
17457 --- linux-2.6.32.1/arch/x86/pci/numaq_32.c 2009-12-02 22:51:21.000000000 -0500
17458 +++ linux-2.6.32.1/arch/x86/pci/numaq_32.c 2009-12-14 18:33:51.863721838 -0500
17459 @@ -112,7 +112,7 @@ static int pci_conf1_mq_write(unsigned i
17461 #undef PCI_CONF1_MQ_ADDRESS
17463 -static struct pci_raw_ops pci_direct_conf1_mq = {
17464 +static const struct pci_raw_ops pci_direct_conf1_mq = {
17465 .read = pci_conf1_mq_read,
17466 .write = pci_conf1_mq_write
17468 diff -urNp linux-2.6.32.1/arch/x86/pci/olpc.c linux-2.6.32.1/arch/x86/pci/olpc.c
17469 --- linux-2.6.32.1/arch/x86/pci/olpc.c 2009-12-02 22:51:21.000000000 -0500
17470 +++ linux-2.6.32.1/arch/x86/pci/olpc.c 2009-12-14 18:33:51.863721838 -0500
17471 @@ -297,7 +297,7 @@ static int pci_olpc_write(unsigned int s
17475 -static struct pci_raw_ops pci_olpc_conf = {
17476 +static const struct pci_raw_ops pci_olpc_conf = {
17477 .read = pci_olpc_read,
17478 .write = pci_olpc_write,
17480 diff -urNp linux-2.6.32.1/arch/x86/pci/pcbios.c linux-2.6.32.1/arch/x86/pci/pcbios.c
17481 --- linux-2.6.32.1/arch/x86/pci/pcbios.c 2009-12-02 22:51:21.000000000 -0500
17482 +++ linux-2.6.32.1/arch/x86/pci/pcbios.c 2009-12-14 18:33:51.864725360 -0500
17483 @@ -56,50 +56,93 @@ union bios32 {
17485 unsigned long address;
17486 unsigned short segment;
17487 -} bios32_indirect = { 0, __KERNEL_CS };
17488 +} bios32_indirect __read_only = { 0, __PCIBIOS_CS };
17491 * Returns the entry point for the given service, NULL on error
17494 -static unsigned long bios32_service(unsigned long service)
17495 +static unsigned long __devinit bios32_service(unsigned long service)
17497 unsigned char return_code; /* %al */
17498 unsigned long address; /* %ebx */
17499 unsigned long length; /* %ecx */
17500 unsigned long entry; /* %edx */
17501 unsigned long flags;
17502 + struct desc_struct d, *gdt;
17504 local_irq_save(flags);
17505 - __asm__("lcall *(%%edi); cld"
17507 + gdt = get_cpu_gdt_table(smp_processor_id());
17509 + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC);
17510 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
17511 + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC);
17512 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
17514 + __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
17515 : "=a" (return_code),
17521 - "D" (&bios32_indirect));
17522 + "D" (&bios32_indirect),
17523 + "r"(__PCIBIOS_DS)
17526 + pax_open_kernel();
17527 + gdt[GDT_ENTRY_PCIBIOS_CS].a = 0;
17528 + gdt[GDT_ENTRY_PCIBIOS_CS].b = 0;
17529 + gdt[GDT_ENTRY_PCIBIOS_DS].a = 0;
17530 + gdt[GDT_ENTRY_PCIBIOS_DS].b = 0;
17531 + pax_close_kernel();
17533 local_irq_restore(flags);
17535 switch (return_code) {
17537 - return address + entry;
17538 - case 0x80: /* Not present */
17539 - printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
17541 - default: /* Shouldn't happen */
17542 - printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
17543 - service, return_code);
17546 + unsigned char flags;
17548 + printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
17549 + if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) {
17550 + printk(KERN_WARNING "bios32_service: not valid\n");
17553 + address = address + PAGE_OFFSET;
17554 + length += 16UL; /* some BIOSs underreport this... */
17556 + if (length >= 64*1024*1024) {
17557 + length >>= PAGE_SHIFT;
17561 + for (cpu = 0; cpu < NR_CPUS; cpu++) {
17562 + gdt = get_cpu_gdt_table(cpu);
17563 + pack_descriptor(&d, address, length, 0x9b, flags);
17564 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
17565 + pack_descriptor(&d, address, length, 0x93, flags);
17566 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
17570 + case 0x80: /* Not present */
17571 + printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
17573 + default: /* Shouldn't happen */
17574 + printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
17575 + service, return_code);
17581 unsigned long address;
17582 unsigned short segment;
17583 -} pci_indirect = { 0, __KERNEL_CS };
17584 +} pci_indirect __read_only = { 0, __PCIBIOS_CS };
17586 -static int pci_bios_present;
17587 +static int pci_bios_present __read_only;
17589 static int __devinit check_pcibios(void)
17591 @@ -108,11 +151,13 @@ static int __devinit check_pcibios(void)
17592 unsigned long flags, pcibios_entry;
17594 if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
17595 - pci_indirect.address = pcibios_entry + PAGE_OFFSET;
17596 + pci_indirect.address = pcibios_entry;
17598 local_irq_save(flags);
17600 - "lcall *(%%edi); cld\n\t"
17601 + __asm__("movw %w6, %%ds\n\t"
17602 + "lcall *%%ss:(%%edi); cld\n\t"
17608 @@ -121,7 +166,8 @@ static int __devinit check_pcibios(void)
17611 : "1" (PCIBIOS_PCI_BIOS_PRESENT),
17612 - "D" (&pci_indirect)
17613 + "D" (&pci_indirect),
17614 + "r" (__PCIBIOS_DS)
17616 local_irq_restore(flags);
17618 @@ -165,7 +211,10 @@ static int pci_bios_read(unsigned int se
17622 - __asm__("lcall *(%%esi); cld\n\t"
17623 + __asm__("movw %w6, %%ds\n\t"
17624 + "lcall *%%ss:(%%esi); cld\n\t"
17630 @@ -174,7 +223,8 @@ static int pci_bios_read(unsigned int se
17631 : "1" (PCIBIOS_READ_CONFIG_BYTE),
17634 - "S" (&pci_indirect));
17635 + "S" (&pci_indirect),
17636 + "r" (__PCIBIOS_DS));
17638 * Zero-extend the result beyond 8 bits, do not trust the
17639 * BIOS having done it:
17640 @@ -182,7 +232,10 @@ static int pci_bios_read(unsigned int se
17644 - __asm__("lcall *(%%esi); cld\n\t"
17645 + __asm__("movw %w6, %%ds\n\t"
17646 + "lcall *%%ss:(%%esi); cld\n\t"
17652 @@ -191,7 +244,8 @@ static int pci_bios_read(unsigned int se
17653 : "1" (PCIBIOS_READ_CONFIG_WORD),
17656 - "S" (&pci_indirect));
17657 + "S" (&pci_indirect),
17658 + "r" (__PCIBIOS_DS));
17660 * Zero-extend the result beyond 16 bits, do not trust the
17661 * BIOS having done it:
17662 @@ -199,7 +253,10 @@ static int pci_bios_read(unsigned int se
17666 - __asm__("lcall *(%%esi); cld\n\t"
17667 + __asm__("movw %w6, %%ds\n\t"
17668 + "lcall *%%ss:(%%esi); cld\n\t"
17674 @@ -208,7 +265,8 @@ static int pci_bios_read(unsigned int se
17675 : "1" (PCIBIOS_READ_CONFIG_DWORD),
17678 - "S" (&pci_indirect));
17679 + "S" (&pci_indirect),
17680 + "r" (__PCIBIOS_DS));
17684 @@ -231,7 +289,10 @@ static int pci_bios_write(unsigned int s
17688 - __asm__("lcall *(%%esi); cld\n\t"
17689 + __asm__("movw %w6, %%ds\n\t"
17690 + "lcall *%%ss:(%%esi); cld\n\t"
17696 @@ -240,10 +301,14 @@ static int pci_bios_write(unsigned int s
17700 - "S" (&pci_indirect));
17701 + "S" (&pci_indirect),
17702 + "r" (__PCIBIOS_DS));
17705 - __asm__("lcall *(%%esi); cld\n\t"
17706 + __asm__("movw %w6, %%ds\n\t"
17707 + "lcall *%%ss:(%%esi); cld\n\t"
17713 @@ -252,10 +317,14 @@ static int pci_bios_write(unsigned int s
17717 - "S" (&pci_indirect));
17718 + "S" (&pci_indirect),
17719 + "r" (__PCIBIOS_DS));
17722 - __asm__("lcall *(%%esi); cld\n\t"
17723 + __asm__("movw %w6, %%ds\n\t"
17724 + "lcall *%%ss:(%%esi); cld\n\t"
17730 @@ -264,7 +333,8 @@ static int pci_bios_write(unsigned int s
17734 - "S" (&pci_indirect));
17735 + "S" (&pci_indirect),
17736 + "r" (__PCIBIOS_DS));
17740 @@ -278,7 +348,7 @@ static int pci_bios_write(unsigned int s
17741 * Function table for BIOS32 access
17744 -static struct pci_raw_ops pci_bios_access = {
17745 +static const struct pci_raw_ops pci_bios_access = {
17746 .read = pci_bios_read,
17747 .write = pci_bios_write
17749 @@ -287,7 +357,7 @@ static struct pci_raw_ops pci_bios_acces
17750 * Try to find PCI BIOS.
17753 -static struct pci_raw_ops * __devinit pci_find_bios(void)
17754 +static const struct pci_raw_ops * __devinit pci_find_bios(void)
17756 union bios32 *check;
17758 @@ -368,10 +438,13 @@ struct irq_routing_table * pcibios_get_i
17760 DBG("PCI: Fetching IRQ routing table... ");
17761 __asm__("push %%es\n\t"
17762 + "movw %w8, %%ds\n\t"
17765 - "lcall *(%%esi); cld\n\t"
17766 + "lcall *%%ss:(%%esi); cld\n\t"
17773 @@ -382,7 +455,8 @@ struct irq_routing_table * pcibios_get_i
17776 "S" (&pci_indirect),
17779 + "r" (__PCIBIOS_DS)
17781 DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map);
17783 @@ -406,7 +480,10 @@ int pcibios_set_irq_routing(struct pci_d
17787 - __asm__("lcall *(%%esi); cld\n\t"
17788 + __asm__("movw %w5, %%ds\n\t"
17789 + "lcall *%%ss:(%%esi); cld\n\t"
17795 @@ -414,7 +491,8 @@ int pcibios_set_irq_routing(struct pci_d
17796 : "0" (PCIBIOS_SET_PCI_HW_INT),
17797 "b" ((dev->bus->number << 8) | dev->devfn),
17798 "c" ((irq << 8) | (pin + 10)),
17799 - "S" (&pci_indirect));
17800 + "S" (&pci_indirect),
17801 + "r" (__PCIBIOS_DS));
17802 return !(ret & 0xff00);
17804 EXPORT_SYMBOL(pcibios_set_irq_routing);
17805 diff -urNp linux-2.6.32.1/arch/x86/power/cpu.c linux-2.6.32.1/arch/x86/power/cpu.c
17806 --- linux-2.6.32.1/arch/x86/power/cpu.c 2009-12-02 22:51:21.000000000 -0500
17807 +++ linux-2.6.32.1/arch/x86/power/cpu.c 2009-12-14 18:33:51.865717511 -0500
17808 @@ -126,7 +126,7 @@ static void do_fpu_end(void)
17809 static void fix_processor_context(void)
17811 int cpu = smp_processor_id();
17812 - struct tss_struct *t = &per_cpu(init_tss, cpu);
17813 + struct tss_struct *t = init_tss + cpu;
17815 set_tss_desc(cpu, t); /*
17816 * This just modifies memory; should not be
17817 @@ -136,7 +136,9 @@ static void fix_processor_context(void)
17820 #ifdef CONFIG_X86_64
17821 + pax_open_kernel();
17822 get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
17823 + pax_close_kernel();
17825 syscall_init(); /* This sets MSR_*STAR and related */
17827 diff -urNp linux-2.6.32.1/arch/x86/vdso/Makefile linux-2.6.32.1/arch/x86/vdso/Makefile
17828 --- linux-2.6.32.1/arch/x86/vdso/Makefile 2009-12-02 22:51:21.000000000 -0500
17829 +++ linux-2.6.32.1/arch/x86/vdso/Makefile 2009-12-14 18:33:51.866722911 -0500
17830 @@ -122,7 +122,7 @@ quiet_cmd_vdso = VDSO $@
17831 $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
17832 -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^)
17834 -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
17835 +VDSO_LDFLAGS = -fPIC -shared --no-undefined $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
17839 diff -urNp linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c
17840 --- linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c 2009-12-02 22:51:21.000000000 -0500
17841 +++ linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c 2009-12-14 18:33:51.866722911 -0500
17842 @@ -22,24 +22,48 @@
17843 #include <asm/hpet.h>
17844 #include <asm/unistd.h>
17845 #include <asm/io.h>
17846 +#include <asm/fixmap.h>
17847 #include "vextern.h"
17849 #define gtod vdso_vsyscall_gtod_data
17851 +notrace noinline long __vdso_fallback_time(long *t)
17854 + asm volatile("syscall"
17856 + : "0" (__NR_time),"D" (t) : "r11", "cx", "memory");
17860 notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
17863 asm("syscall" : "=a" (ret) :
17864 - "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory");
17865 + "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "r11", "cx", "memory");
17869 +notrace static inline cycle_t __vdso_vread_hpet(void)
17871 + return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + 0xf0);
17874 +notrace static inline cycle_t __vdso_vread_tsc(void)
17876 + cycle_t ret = (cycle_t)vget_cycles();
17878 + return ret >= gtod->clock.cycle_last ? ret : gtod->clock.cycle_last;
17881 notrace static inline long vgetns(void)
17884 - cycles_t (*vread)(void);
17885 - vread = gtod->clock.vread;
17886 - v = (vread() - gtod->clock.cycle_last) & gtod->clock.mask;
17887 + if (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])
17888 + v = __vdso_vread_tsc();
17890 + v = __vdso_vread_hpet();
17891 + v = (v - gtod->clock.cycle_last) & gtod->clock.mask;
17892 return (v * gtod->clock.mult) >> gtod->clock.shift;
17895 @@ -113,7 +137,9 @@ notrace static noinline int do_monotonic
17897 notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
17899 - if (likely(gtod->sysctl_enabled))
17900 + if (likely(gtod->sysctl_enabled &&
17901 + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
17902 + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
17904 case CLOCK_REALTIME:
17905 if (likely(gtod->clock.vread))
17906 @@ -133,10 +159,20 @@ notrace int __vdso_clock_gettime(clockid
17907 int clock_gettime(clockid_t, struct timespec *)
17908 __attribute__((weak, alias("__vdso_clock_gettime")));
17910 -notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
17911 +notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz)
17914 - if (likely(gtod->sysctl_enabled && gtod->clock.vread)) {
17915 + asm("syscall" : "=a" (ret) :
17916 + "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory");
17920 +notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
17922 + if (likely(gtod->sysctl_enabled &&
17923 + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
17924 + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
17926 if (likely(tv != NULL)) {
17927 BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
17928 offsetof(struct timespec, tv_nsec) ||
17929 @@ -151,9 +187,7 @@ notrace int __vdso_gettimeofday(struct t
17933 - asm("syscall" : "=a" (ret) :
17934 - "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
17936 + return __vdso_fallback_gettimeofday(tv, tz);
17938 int gettimeofday(struct timeval *, struct timezone *)
17939 __attribute__((weak, alias("__vdso_gettimeofday")));
17940 diff -urNp linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c
17941 --- linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c 2009-12-02 22:51:21.000000000 -0500
17942 +++ linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c 2009-12-14 18:33:51.866722911 -0500
17944 #include <asm/tlbflush.h>
17945 #include <asm/vdso.h>
17946 #include <asm/proto.h>
17947 +#include <asm/mman.h>
17951 @@ -226,7 +227,7 @@ static inline void map_compat_vdso(int m
17952 void enable_sep_cpu(void)
17954 int cpu = get_cpu();
17955 - struct tss_struct *tss = &per_cpu(init_tss, cpu);
17956 + struct tss_struct *tss = init_tss + cpu;
17958 if (!boot_cpu_has(X86_FEATURE_SEP)) {
17960 @@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
17961 gate_vma.vm_start = FIXADDR_USER_START;
17962 gate_vma.vm_end = FIXADDR_USER_END;
17963 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
17964 - gate_vma.vm_page_prot = __P101;
17965 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
17967 * Make sure the vDSO gets into every core dump.
17968 * Dumping its contents makes post-mortem fully interpretable later
17969 @@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct l
17971 addr = VDSO_HIGH_BASE;
17973 - addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
17974 + addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE);
17975 if (IS_ERR_VALUE(addr)) {
17981 - current->mm->context.vdso = (void *)addr;
17982 + current->mm->context.vdso = addr;
17984 if (compat_uses_vma || !compat) {
17986 @@ -361,11 +362,11 @@ int arch_setup_additional_pages(struct l
17989 current_thread_info()->sysenter_return =
17990 - VDSO32_SYMBOL(addr, SYSENTER_RETURN);
17991 + (__force void __user *)VDSO32_SYMBOL(addr, SYSENTER_RETURN);
17995 - current->mm->context.vdso = NULL;
17996 + current->mm->context.vdso = 0;
17998 up_write(&mm->mmap_sem);
18000 @@ -388,7 +389,7 @@ static ctl_table abi_table2[] = {
18002 .proc_handler = proc_dointvec
18005 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
18008 static ctl_table abi_root_table2[] = {
18009 @@ -398,7 +399,7 @@ static ctl_table abi_root_table2[] = {
18011 .child = abi_table2
18014 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
18017 static __init int ia32_binfmt_init(void)
18018 @@ -413,8 +414,14 @@ __initcall(ia32_binfmt_init);
18020 const char *arch_vma_name(struct vm_area_struct *vma)
18022 - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
18023 + if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
18026 +#ifdef CONFIG_PAX_SEGMEXEC
18027 + if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
18034 @@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(stru
18035 struct mm_struct *mm = tsk->mm;
18037 /* Check to see if this task was created in compat vdso mode */
18038 - if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE)
18039 + if (mm && mm->context.vdso == VDSO_HIGH_BASE)
18043 diff -urNp linux-2.6.32.1/arch/x86/vdso/vdso.lds.S linux-2.6.32.1/arch/x86/vdso/vdso.lds.S
18044 --- linux-2.6.32.1/arch/x86/vdso/vdso.lds.S 2009-12-02 22:51:21.000000000 -0500
18045 +++ linux-2.6.32.1/arch/x86/vdso/vdso.lds.S 2009-12-14 18:33:51.866722911 -0500
18046 @@ -35,3 +35,9 @@ VDSO64_PRELINK = VDSO_PRELINK;
18047 #define VEXTERN(x) VDSO64_ ## x = vdso_ ## x;
18048 #include "vextern.h"
18051 +#define VEXTERN(x) VDSO64_ ## x = __vdso_ ## x;
18052 +VEXTERN(fallback_gettimeofday)
18053 +VEXTERN(fallback_time)
18056 diff -urNp linux-2.6.32.1/arch/x86/vdso/vextern.h linux-2.6.32.1/arch/x86/vdso/vextern.h
18057 --- linux-2.6.32.1/arch/x86/vdso/vextern.h 2009-12-02 22:51:21.000000000 -0500
18058 +++ linux-2.6.32.1/arch/x86/vdso/vextern.h 2009-12-14 18:33:51.867702060 -0500
18060 put into vextern.h and be referenced as a pointer with vdso prefix.
18061 The main kernel later fills in the values. */
18064 VEXTERN(vgetcpu_mode)
18065 VEXTERN(vsyscall_gtod_data)
18066 diff -urNp linux-2.6.32.1/arch/x86/vdso/vma.c linux-2.6.32.1/arch/x86/vdso/vma.c
18067 --- linux-2.6.32.1/arch/x86/vdso/vma.c 2009-12-02 22:51:21.000000000 -0500
18068 +++ linux-2.6.32.1/arch/x86/vdso/vma.c 2009-12-14 18:33:51.867702060 -0500
18069 @@ -57,7 +57,7 @@ static int __init init_vdso_vars(void)
18073 - if (memcmp(vbase, "\177ELF", 4)) {
18074 + if (memcmp(vbase, ELFMAG, SELFMAG)) {
18075 printk("VDSO: I'm broken; not ELF\n");
18078 @@ -66,6 +66,7 @@ static int __init init_vdso_vars(void)
18079 *(typeof(__ ## x) **) var_ref(VDSO64_SYMBOL(vbase, x), #x) = &__ ## x;
18080 #include "vextern.h"
18086 @@ -116,7 +117,7 @@ int arch_setup_additional_pages(struct l
18090 - current->mm->context.vdso = (void *)addr;
18091 + current->mm->context.vdso = addr;
18093 ret = install_special_mapping(mm, addr, vdso_size,
18095 @@ -124,7 +125,7 @@ int arch_setup_additional_pages(struct l
18099 - current->mm->context.vdso = NULL;
18100 + current->mm->context.vdso = 0;
18104 @@ -132,10 +133,3 @@ up_fail:
18105 up_write(&mm->mmap_sem);
18109 -static __init int vdso_setup(char *s)
18111 - vdso_enabled = simple_strtoul(s, NULL, 0);
18114 -__setup("vdso=", vdso_setup);
18115 diff -urNp linux-2.6.32.1/arch/x86/xen/enlighten.c linux-2.6.32.1/arch/x86/xen/enlighten.c
18116 --- linux-2.6.32.1/arch/x86/xen/enlighten.c 2009-12-02 22:51:21.000000000 -0500
18117 +++ linux-2.6.32.1/arch/x86/xen/enlighten.c 2009-12-14 18:33:51.867702060 -0500
18118 @@ -70,8 +70,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
18120 struct shared_info xen_dummy_shared_info;
18122 -void *xen_initial_gdt;
18125 * Point at some empty memory to start with. We map the real shared_info
18126 * page as soon as fixmap is up and running.
18127 @@ -548,7 +546,7 @@ static void xen_write_idt_entry(gate_des
18131 - start = __get_cpu_var(idt_desc).address;
18132 + start = (unsigned long)__get_cpu_var(idt_desc).address;
18133 end = start + __get_cpu_var(idt_desc).size + 1;
18136 @@ -1127,13 +1125,6 @@ asmlinkage void __init xen_start_kernel(
18138 machine_ops = xen_machine_ops;
18141 - * The only reliable way to retain the initial address of the
18142 - * percpu gdt_page is to remember it here, so we can go and
18143 - * mark it RW later, when the initial percpu area is freed.
18145 - xen_initial_gdt = &per_cpu(gdt_page, 0);
18149 pgd = (pgd_t *)xen_start_info->pt_base;
18150 diff -urNp linux-2.6.32.1/arch/x86/xen/mmu.c linux-2.6.32.1/arch/x86/xen/mmu.c
18151 --- linux-2.6.32.1/arch/x86/xen/mmu.c 2009-12-02 22:51:21.000000000 -0500
18152 +++ linux-2.6.32.1/arch/x86/xen/mmu.c 2009-12-14 18:33:51.868718427 -0500
18153 @@ -1710,6 +1710,8 @@ __init pgd_t *xen_setup_kernel_pagetable
18154 convert_pfn_mfn(init_level4_pgt);
18155 convert_pfn_mfn(level3_ident_pgt);
18156 convert_pfn_mfn(level3_kernel_pgt);
18157 + convert_pfn_mfn(level3_vmalloc_pgt);
18158 + convert_pfn_mfn(level3_vmemmap_pgt);
18160 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
18161 l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
18162 @@ -1728,7 +1730,10 @@ __init pgd_t *xen_setup_kernel_pagetable
18163 set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
18164 set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
18165 set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
18166 + set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO);
18167 + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
18168 set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
18169 + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
18170 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
18171 set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
18173 diff -urNp linux-2.6.32.1/arch/x86/xen/smp.c linux-2.6.32.1/arch/x86/xen/smp.c
18174 --- linux-2.6.32.1/arch/x86/xen/smp.c 2009-12-02 22:51:21.000000000 -0500
18175 +++ linux-2.6.32.1/arch/x86/xen/smp.c 2009-12-14 18:33:51.868718427 -0500
18176 @@ -167,11 +167,6 @@ static void __init xen_smp_prepare_boot_
18178 BUG_ON(smp_processor_id() != 0);
18179 native_smp_prepare_boot_cpu();
18181 - /* We've switched to the "real" per-cpu gdt, so make sure the
18182 - old memory can be recycled */
18183 - make_lowmem_page_readwrite(xen_initial_gdt);
18185 xen_setup_vcpu_info_placement();
18188 @@ -231,8 +226,8 @@ cpu_initialize_context(unsigned int cpu,
18189 gdt = get_cpu_gdt_table(cpu);
18191 ctxt->flags = VGCF_IN_KERNEL;
18192 - ctxt->user_regs.ds = __USER_DS;
18193 - ctxt->user_regs.es = __USER_DS;
18194 + ctxt->user_regs.ds = __KERNEL_DS;
18195 + ctxt->user_regs.es = __KERNEL_DS;
18196 ctxt->user_regs.ss = __KERNEL_DS;
18197 #ifdef CONFIG_X86_32
18198 ctxt->user_regs.fs = __KERNEL_PERCPU;
18199 diff -urNp linux-2.6.32.1/arch/x86/xen/xen-ops.h linux-2.6.32.1/arch/x86/xen/xen-ops.h
18200 --- linux-2.6.32.1/arch/x86/xen/xen-ops.h 2009-12-02 22:51:21.000000000 -0500
18201 +++ linux-2.6.32.1/arch/x86/xen/xen-ops.h 2009-12-14 18:33:51.868718427 -0500
18203 extern const char xen_hypervisor_callback[];
18204 extern const char xen_failsafe_callback[];
18206 -extern void *xen_initial_gdt;
18209 void xen_copy_trap_info(struct trap_info *traps);
18211 diff -urNp linux-2.6.32.1/arch/xtensa/include/asm/atomic.h linux-2.6.32.1/arch/xtensa/include/asm/atomic.h
18212 --- linux-2.6.32.1/arch/xtensa/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
18213 +++ linux-2.6.32.1/arch/xtensa/include/asm/atomic.h 2009-12-14 18:33:51.869718599 -0500
18215 #define atomic_read(v) ((v)->counter)
18218 + * atomic_read_unchecked - read atomic variable
18219 + * @v: pointer of type atomic_unchecked_t
18221 + * Atomically reads the value of @v.
18223 +#define atomic_read_unchecked(v) ((v)->counter)
18226 * atomic_set - set atomic variable
18227 * @v: pointer of type atomic_t
18228 * @i: required value
18230 #define atomic_set(v,i) ((v)->counter = (i))
18233 + * atomic_set_unchecked - set atomic variable
18234 + * @v: pointer of type atomic_unchecked_t
18235 + * @i: required value
18237 + * Atomically sets the value of @v to @i.
18239 +#define atomic_set_unchecked(v,i) ((v)->counter = (i))
18242 * atomic_add - add integer to atomic variable
18243 * @i: integer value to add
18244 * @v: pointer of type atomic_t
18245 @@ -81,6 +98,11 @@ static inline void atomic_add(int i, ato
18249 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t * v)
18251 + atomic_add(i, (atomic_t *)v);
18255 * atomic_sub - subtract the atomic variable
18256 * @i: integer value to subtract
18257 @@ -105,6 +127,11 @@ static inline void atomic_sub(int i, ato
18261 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
18263 + atomic_sub(i, (atomic_t *)v);
18267 * We use atomic_{add|sub}_return to define other functions.
18269 @@ -165,6 +192,7 @@ static inline int atomic_sub_return(int
18270 * Atomically increments @v by 1.
18272 #define atomic_inc(v) atomic_add(1,(v))
18273 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1,(v))
18276 * atomic_inc - increment atomic variable
18277 diff -urNp linux-2.6.32.1/block/blk-integrity.c linux-2.6.32.1/block/blk-integrity.c
18278 --- linux-2.6.32.1/block/blk-integrity.c 2009-12-02 22:51:21.000000000 -0500
18279 +++ linux-2.6.32.1/block/blk-integrity.c 2009-12-14 18:33:51.869718599 -0500
18280 @@ -278,7 +278,7 @@ static struct attribute *integrity_attrs
18284 -static struct sysfs_ops integrity_ops = {
18285 +static const struct sysfs_ops integrity_ops = {
18286 .show = &integrity_attr_show,
18287 .store = &integrity_attr_store,
18289 diff -urNp linux-2.6.32.1/block/blk-map.c linux-2.6.32.1/block/blk-map.c
18290 --- linux-2.6.32.1/block/blk-map.c 2009-12-02 22:51:21.000000000 -0500
18291 +++ linux-2.6.32.1/block/blk-map.c 2009-12-14 18:33:51.869718599 -0500
18292 @@ -54,7 +54,7 @@ static int __blk_rq_map_user(struct requ
18293 * direct dma. else, set up kernel bounce buffers
18295 uaddr = (unsigned long) ubuf;
18296 - if (blk_rq_aligned(q, ubuf, len) && !map_data)
18297 + if (blk_rq_aligned(q, (__force void *)ubuf, len) && !map_data)
18298 bio = bio_map_user(q, NULL, uaddr, len, reading, gfp_mask);
18300 bio = bio_copy_user(q, map_data, uaddr, len, reading, gfp_mask);
18301 @@ -297,7 +297,7 @@ int blk_rq_map_kern(struct request_queue
18305 - do_copy = !blk_rq_aligned(q, kbuf, len) || object_is_on_stack(kbuf);
18306 + do_copy = !blk_rq_aligned(q, kbuf, len) || object_starts_on_stack(kbuf);
18308 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
18310 diff -urNp linux-2.6.32.1/block/blk-sysfs.c linux-2.6.32.1/block/blk-sysfs.c
18311 --- linux-2.6.32.1/block/blk-sysfs.c 2009-12-02 22:51:21.000000000 -0500
18312 +++ linux-2.6.32.1/block/blk-sysfs.c 2009-12-14 18:33:51.870723177 -0500
18313 @@ -414,7 +414,7 @@ static void blk_release_queue(struct kob
18314 kmem_cache_free(blk_requestq_cachep, q);
18317 -static struct sysfs_ops queue_sysfs_ops = {
18318 +static const struct sysfs_ops queue_sysfs_ops = {
18319 .show = queue_attr_show,
18320 .store = queue_attr_store,
18322 diff -urNp linux-2.6.32.1/block/elevator.c linux-2.6.32.1/block/elevator.c
18323 --- linux-2.6.32.1/block/elevator.c 2009-12-02 22:51:21.000000000 -0500
18324 +++ linux-2.6.32.1/block/elevator.c 2009-12-14 18:33:51.870723177 -0500
18325 @@ -889,7 +889,7 @@ elv_attr_store(struct kobject *kobj, str
18329 -static struct sysfs_ops elv_sysfs_ops = {
18330 +static const struct sysfs_ops elv_sysfs_ops = {
18331 .show = elv_attr_show,
18332 .store = elv_attr_store,
18334 diff -urNp linux-2.6.32.1/crypto/lrw.c linux-2.6.32.1/crypto/lrw.c
18335 --- linux-2.6.32.1/crypto/lrw.c 2009-12-02 22:51:21.000000000 -0500
18336 +++ linux-2.6.32.1/crypto/lrw.c 2009-12-14 18:33:51.870723177 -0500
18337 @@ -60,7 +60,7 @@ static int setkey(struct crypto_tfm *par
18338 struct priv *ctx = crypto_tfm_ctx(parent);
18339 struct crypto_cipher *child = ctx->child;
18341 - be128 tmp = { 0 };
18342 + be128 tmp = { 0, 0 };
18343 int bsize = crypto_cipher_blocksize(child);
18345 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
18346 diff -urNp linux-2.6.32.1/Documentation/dontdiff linux-2.6.32.1/Documentation/dontdiff
18347 --- linux-2.6.32.1/Documentation/dontdiff 2009-12-02 22:51:21.000000000 -0500
18348 +++ linux-2.6.32.1/Documentation/dontdiff 2009-12-14 18:33:51.870723177 -0500
18365 @@ -49,11 +51,16 @@
18382 @@ -76,7 +83,9 @@ btfixupprep
18392 @@ -103,13 +112,14 @@ gen_crc32table
18399 initramfs_data.cpio
18400 +initramfs_data.cpio.bz2
18401 initramfs_data.cpio.gz
18408 @@ -133,7 +143,9 @@ mkboot
18418 @@ -149,6 +161,7 @@ patches*
18426 @@ -163,6 +176,7 @@ setup
18434 @@ -186,14 +200,20 @@ version.h*
18455 diff -urNp linux-2.6.32.1/Documentation/kernel-parameters.txt linux-2.6.32.1/Documentation/kernel-parameters.txt
18456 --- linux-2.6.32.1/Documentation/kernel-parameters.txt 2009-12-02 22:51:21.000000000 -0500
18457 +++ linux-2.6.32.1/Documentation/kernel-parameters.txt 2009-12-14 18:33:51.895721525 -0500
18458 @@ -1833,6 +1833,12 @@ and is between 256 and 4096 characters.
18459 the specified number of seconds. This is to be used if
18460 your oopses keep scrolling off the screen.
18462 + pax_nouderef [X86-32] disables UDEREF. Most likely needed under certain
18463 + virtualization environments that don't cope well with the
18464 + expand down segment used by UDEREF on X86-32.
18466 + pax_softmode= [X86-32] 0/1 to disable/enable PaX softmode on boot already.
18471 diff -urNp linux-2.6.32.1/drivers/acpi/battery.c linux-2.6.32.1/drivers/acpi/battery.c
18472 --- linux-2.6.32.1/drivers/acpi/battery.c 2009-12-02 22:51:21.000000000 -0500
18473 +++ linux-2.6.32.1/drivers/acpi/battery.c 2009-12-14 18:33:51.922822435 -0500
18474 @@ -763,7 +763,7 @@ DECLARE_FILE_FUNCTIONS(alarm);
18477 static struct battery_file {
18478 - struct file_operations ops;
18479 + const struct file_operations ops;
18482 } acpi_battery_file[] = {
18483 diff -urNp linux-2.6.32.1/drivers/acpi/blacklist.c linux-2.6.32.1/drivers/acpi/blacklist.c
18484 --- linux-2.6.32.1/drivers/acpi/blacklist.c 2009-12-02 22:51:21.000000000 -0500
18485 +++ linux-2.6.32.1/drivers/acpi/blacklist.c 2009-12-14 18:33:51.932727870 -0500
18486 @@ -73,7 +73,7 @@ static struct acpi_blacklist_item acpi_b
18487 {"IBM ", "TP600E ", 0x00000105, ACPI_SIG_DSDT, less_than_or_equal,
18488 "Incorrect _ADR", 1},
18491 + {"", "", 0, NULL, all_versions, NULL, 0}
18494 #if CONFIG_ACPI_BLACKLIST_YEAR
18495 diff -urNp linux-2.6.32.1/drivers/acpi/dock.c linux-2.6.32.1/drivers/acpi/dock.c
18496 --- linux-2.6.32.1/drivers/acpi/dock.c 2009-12-02 22:51:21.000000000 -0500
18497 +++ linux-2.6.32.1/drivers/acpi/dock.c 2009-12-14 18:33:51.940740929 -0500
18498 @@ -77,7 +77,7 @@ struct dock_dependent_device {
18499 struct list_head list;
18500 struct list_head hotplug_list;
18501 acpi_handle handle;
18502 - struct acpi_dock_ops *ops;
18503 + const struct acpi_dock_ops *ops;
18507 @@ -605,7 +605,7 @@ EXPORT_SYMBOL_GPL(unregister_dock_notifi
18508 * the dock driver after _DCK is executed.
18511 -register_hotplug_dock_device(acpi_handle handle, struct acpi_dock_ops *ops,
18512 +register_hotplug_dock_device(acpi_handle handle, const struct acpi_dock_ops *ops,
18515 struct dock_dependent_device *dd;
18516 diff -urNp linux-2.6.32.1/drivers/acpi/osl.c linux-2.6.32.1/drivers/acpi/osl.c
18517 --- linux-2.6.32.1/drivers/acpi/osl.c 2009-12-02 22:51:21.000000000 -0500
18518 +++ linux-2.6.32.1/drivers/acpi/osl.c 2009-12-14 18:33:51.941733597 -0500
18519 @@ -523,6 +523,8 @@ acpi_os_read_memory(acpi_physical_addres
18520 void __iomem *virt_addr;
18522 virt_addr = ioremap(phys_addr, width);
18524 + return AE_NO_MEMORY;
18528 @@ -551,6 +553,8 @@ acpi_os_write_memory(acpi_physical_addre
18529 void __iomem *virt_addr;
18531 virt_addr = ioremap(phys_addr, width);
18533 + return AE_NO_MEMORY;
18537 diff -urNp linux-2.6.32.1/drivers/acpi/processor_core.c linux-2.6.32.1/drivers/acpi/processor_core.c
18538 --- linux-2.6.32.1/drivers/acpi/processor_core.c 2009-12-02 22:51:21.000000000 -0500
18539 +++ linux-2.6.32.1/drivers/acpi/processor_core.c 2009-12-14 18:33:51.952727517 -0500
18540 @@ -796,7 +796,7 @@ static int __cpuinit acpi_processor_add(
18544 - BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0));
18545 + BUG_ON(pr->id >= nr_cpu_ids);
18549 diff -urNp linux-2.6.32.1/drivers/acpi/processor_idle.c linux-2.6.32.1/drivers/acpi/processor_idle.c
18550 --- linux-2.6.32.1/drivers/acpi/processor_idle.c 2009-12-02 22:51:21.000000000 -0500
18551 +++ linux-2.6.32.1/drivers/acpi/processor_idle.c 2009-12-14 18:33:51.999788867 -0500
18552 @@ -110,7 +110,7 @@ static struct dmi_system_id __cpuinitdat
18553 DMI_MATCH(DMI_BIOS_VENDOR,"Phoenix Technologies LTD"),
18554 DMI_MATCH(DMI_BIOS_VERSION,"SHE845M0.86C.0013.D.0302131307")},
18557 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL},
18561 diff -urNp linux-2.6.32.1/drivers/acpi/sleep.c linux-2.6.32.1/drivers/acpi/sleep.c
18562 --- linux-2.6.32.1/drivers/acpi/sleep.c 2009-12-02 22:51:21.000000000 -0500
18563 +++ linux-2.6.32.1/drivers/acpi/sleep.c 2009-12-14 18:33:52.051735935 -0500
18564 @@ -297,7 +297,7 @@ static int acpi_suspend_state_valid(susp
18568 -static struct platform_suspend_ops acpi_suspend_ops = {
18569 +static const struct platform_suspend_ops acpi_suspend_ops = {
18570 .valid = acpi_suspend_state_valid,
18571 .begin = acpi_suspend_begin,
18572 .prepare_late = acpi_pm_prepare,
18573 @@ -325,7 +325,7 @@ static int acpi_suspend_begin_old(suspen
18574 * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has
18577 -static struct platform_suspend_ops acpi_suspend_ops_old = {
18578 +static const struct platform_suspend_ops acpi_suspend_ops_old = {
18579 .valid = acpi_suspend_state_valid,
18580 .begin = acpi_suspend_begin_old,
18581 .prepare_late = acpi_pm_disable_gpes,
18582 @@ -552,7 +552,7 @@ static void acpi_pm_enable_gpes(void)
18583 acpi_enable_all_runtime_gpes();
18586 -static struct platform_hibernation_ops acpi_hibernation_ops = {
18587 +static const struct platform_hibernation_ops acpi_hibernation_ops = {
18588 .begin = acpi_hibernation_begin,
18589 .end = acpi_pm_end,
18590 .pre_snapshot = acpi_hibernation_pre_snapshot,
18591 @@ -605,7 +605,7 @@ static int acpi_hibernation_pre_snapshot
18592 * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has
18595 -static struct platform_hibernation_ops acpi_hibernation_ops_old = {
18596 +static const struct platform_hibernation_ops acpi_hibernation_ops_old = {
18597 .begin = acpi_hibernation_begin_old,
18598 .end = acpi_pm_end,
18599 .pre_snapshot = acpi_hibernation_pre_snapshot_old,
18600 diff -urNp linux-2.6.32.1/drivers/acpi/video.c linux-2.6.32.1/drivers/acpi/video.c
18601 --- linux-2.6.32.1/drivers/acpi/video.c 2009-12-02 22:51:21.000000000 -0500
18602 +++ linux-2.6.32.1/drivers/acpi/video.c 2009-12-14 18:33:52.083741050 -0500
18603 @@ -359,7 +359,7 @@ static int acpi_video_set_brightness(str
18604 vd->brightness->levels[request_level]);
18607 -static struct backlight_ops acpi_backlight_ops = {
18608 +static const struct backlight_ops acpi_backlight_ops = {
18609 .get_brightness = acpi_video_get_brightness,
18610 .update_status = acpi_video_set_brightness,
18612 diff -urNp linux-2.6.32.1/drivers/ata/ahci.c linux-2.6.32.1/drivers/ata/ahci.c
18613 --- linux-2.6.32.1/drivers/ata/ahci.c 2009-12-02 22:51:21.000000000 -0500
18614 +++ linux-2.6.32.1/drivers/ata/ahci.c 2009-12-14 18:33:52.113752354 -0500
18615 @@ -385,7 +385,7 @@ static struct scsi_host_template ahci_sh
18616 .sdev_attrs = ahci_sdev_attrs,
18619 -static struct ata_port_operations ahci_ops = {
18620 +static const struct ata_port_operations ahci_ops = {
18621 .inherits = &sata_pmp_port_ops,
18623 .qc_defer = sata_pmp_qc_defer_cmd_switch,
18624 @@ -422,17 +422,17 @@ static struct ata_port_operations ahci_o
18625 .port_stop = ahci_port_stop,
18628 -static struct ata_port_operations ahci_vt8251_ops = {
18629 +static const struct ata_port_operations ahci_vt8251_ops = {
18630 .inherits = &ahci_ops,
18631 .hardreset = ahci_vt8251_hardreset,
18634 -static struct ata_port_operations ahci_p5wdh_ops = {
18635 +static const struct ata_port_operations ahci_p5wdh_ops = {
18636 .inherits = &ahci_ops,
18637 .hardreset = ahci_p5wdh_hardreset,
18640 -static struct ata_port_operations ahci_sb600_ops = {
18641 +static const struct ata_port_operations ahci_sb600_ops = {
18642 .inherits = &ahci_ops,
18643 .softreset = ahci_sb600_softreset,
18644 .pmp_softreset = ahci_sb600_softreset,
18645 @@ -671,7 +671,7 @@ static const struct pci_device_id ahci_p
18646 { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
18647 PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci },
18649 - { } /* terminate list */
18650 + { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
18654 diff -urNp linux-2.6.32.1/drivers/ata/ata_generic.c linux-2.6.32.1/drivers/ata/ata_generic.c
18655 --- linux-2.6.32.1/drivers/ata/ata_generic.c 2009-12-02 22:51:21.000000000 -0500
18656 +++ linux-2.6.32.1/drivers/ata/ata_generic.c 2009-12-14 18:33:52.134785743 -0500
18657 @@ -95,7 +95,7 @@ static struct scsi_host_template generic
18658 ATA_BMDMA_SHT(DRV_NAME),
18661 -static struct ata_port_operations generic_port_ops = {
18662 +static const struct ata_port_operations generic_port_ops = {
18663 .inherits = &ata_bmdma_port_ops,
18664 .cable_detect = ata_cable_unknown,
18665 .set_mode = generic_set_mode,
18666 diff -urNp linux-2.6.32.1/drivers/ata/ata_piix.c linux-2.6.32.1/drivers/ata/ata_piix.c
18667 --- linux-2.6.32.1/drivers/ata/ata_piix.c 2009-12-02 22:51:21.000000000 -0500
18668 +++ linux-2.6.32.1/drivers/ata/ata_piix.c 2009-12-14 18:33:52.151742687 -0500
18669 @@ -291,7 +291,7 @@ static const struct pci_device_id piix_p
18670 { 0x8086, 0x3b2d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
18671 /* SATA Controller IDE (PCH) */
18672 { 0x8086, 0x3b2e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata },
18673 - { } /* terminate list */
18674 + { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
18677 static struct pci_driver piix_pci_driver = {
18678 @@ -309,7 +309,7 @@ static struct scsi_host_template piix_sh
18679 ATA_BMDMA_SHT(DRV_NAME),
18682 -static struct ata_port_operations piix_pata_ops = {
18683 +static const struct ata_port_operations piix_pata_ops = {
18684 .inherits = &ata_bmdma32_port_ops,
18685 .cable_detect = ata_cable_40wire,
18686 .set_piomode = piix_set_piomode,
18687 @@ -317,22 +317,22 @@ static struct ata_port_operations piix_p
18688 .prereset = piix_pata_prereset,
18691 -static struct ata_port_operations piix_vmw_ops = {
18692 +static const struct ata_port_operations piix_vmw_ops = {
18693 .inherits = &piix_pata_ops,
18694 .bmdma_status = piix_vmw_bmdma_status,
18697 -static struct ata_port_operations ich_pata_ops = {
18698 +static const struct ata_port_operations ich_pata_ops = {
18699 .inherits = &piix_pata_ops,
18700 .cable_detect = ich_pata_cable_detect,
18701 .set_dmamode = ich_set_dmamode,
18704 -static struct ata_port_operations piix_sata_ops = {
18705 +static const struct ata_port_operations piix_sata_ops = {
18706 .inherits = &ata_bmdma_port_ops,
18709 -static struct ata_port_operations piix_sidpr_sata_ops = {
18710 +static const struct ata_port_operations piix_sidpr_sata_ops = {
18711 .inherits = &piix_sata_ops,
18712 .hardreset = sata_std_hardreset,
18713 .scr_read = piix_sidpr_scr_read,
18714 @@ -608,7 +608,7 @@ static const struct ich_laptop ich_lapto
18715 { 0x2653, 0x1043, 0x82D8 }, /* ICH6M on Asus Eee 701 */
18716 { 0x27df, 0x104d, 0x900e }, /* ICH7 on Sony TZ-90 */
18723 @@ -1086,7 +1086,7 @@ static int piix_broken_suspend(void)
18727 - { } /* terminate list */
18728 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } /* terminate list */
18730 static const char *oemstrs[] = {
18732 diff -urNp linux-2.6.32.1/drivers/ata/libata-acpi.c linux-2.6.32.1/drivers/ata/libata-acpi.c
18733 --- linux-2.6.32.1/drivers/ata/libata-acpi.c 2009-12-02 22:51:21.000000000 -0500
18734 +++ linux-2.6.32.1/drivers/ata/libata-acpi.c 2009-12-14 18:33:52.171749832 -0500
18735 @@ -223,12 +223,12 @@ static void ata_acpi_dev_uevent(acpi_han
18736 ata_acpi_uevent(dev->link->ap, dev, event);
18739 -static struct acpi_dock_ops ata_acpi_dev_dock_ops = {
18740 +static const struct acpi_dock_ops ata_acpi_dev_dock_ops = {
18741 .handler = ata_acpi_dev_notify_dock,
18742 .uevent = ata_acpi_dev_uevent,
18745 -static struct acpi_dock_ops ata_acpi_ap_dock_ops = {
18746 +static const struct acpi_dock_ops ata_acpi_ap_dock_ops = {
18747 .handler = ata_acpi_ap_notify_dock,
18748 .uevent = ata_acpi_ap_uevent,
18750 diff -urNp linux-2.6.32.1/drivers/ata/libata-core.c linux-2.6.32.1/drivers/ata/libata-core.c
18751 --- linux-2.6.32.1/drivers/ata/libata-core.c 2009-12-02 22:51:21.000000000 -0500
18752 +++ linux-2.6.32.1/drivers/ata/libata-core.c 2009-12-14 18:33:52.206710619 -0500
18753 @@ -896,7 +896,7 @@ static const struct ata_xfer_ent {
18754 { ATA_SHIFT_PIO, ATA_NR_PIO_MODES, XFER_PIO_0 },
18755 { ATA_SHIFT_MWDMA, ATA_NR_MWDMA_MODES, XFER_MW_DMA_0 },
18756 { ATA_SHIFT_UDMA, ATA_NR_UDMA_MODES, XFER_UDMA_0 },
18762 @@ -3163,7 +3163,7 @@ static const struct ata_timing ata_timin
18763 { XFER_UDMA_5, 0, 0, 0, 0, 0, 0, 0, 0, 20 },
18764 { XFER_UDMA_6, 0, 0, 0, 0, 0, 0, 0, 0, 15 },
18767 + { 0xFF, 0, 0, 0, 0, 0, 0, 0, 0 }
18770 #define ENOUGH(v, unit) (((v)-1)/(unit)+1)
18771 @@ -4361,7 +4361,7 @@ static const struct ata_blacklist_entry
18772 { "PIONEER DVD-RW DVRTD08", "1.00", ATA_HORKAGE_NOSETXFER },
18776 + { NULL, NULL, 0 }
18779 static int strn_pattern_cmp(const char *patt, const char *name, int wildchar)
18780 @@ -5937,7 +5937,7 @@ static void ata_host_stop(struct device
18784 -static void ata_finalize_port_ops(struct ata_port_operations *ops)
18785 +static void ata_finalize_port_ops(const struct ata_port_operations *ops)
18787 static DEFINE_SPINLOCK(lock);
18788 const struct ata_port_operations *cur;
18789 @@ -5949,6 +5949,7 @@ static void ata_finalize_port_ops(struct
18793 + pax_open_kernel();
18795 for (cur = ops->inherits; cur; cur = cur->inherits) {
18796 void **inherit = (void **)cur;
18797 @@ -5962,8 +5963,9 @@ static void ata_finalize_port_ops(struct
18801 - ops->inherits = NULL;
18802 + ((struct ata_port_operations *)ops)->inherits = NULL;
18804 + pax_close_kernel();
18805 spin_unlock(&lock);
18808 @@ -6060,7 +6062,7 @@ int ata_host_start(struct ata_host *host
18810 /* KILLME - the only user left is ipr */
18811 void ata_host_init(struct ata_host *host, struct device *dev,
18812 - unsigned long flags, struct ata_port_operations *ops)
18813 + unsigned long flags, const struct ata_port_operations *ops)
18815 spin_lock_init(&host->lock);
18817 @@ -6723,7 +6725,7 @@ static void ata_dummy_error_handler(stru
18821 -struct ata_port_operations ata_dummy_port_ops = {
18822 +const struct ata_port_operations ata_dummy_port_ops = {
18823 .qc_prep = ata_noop_qc_prep,
18824 .qc_issue = ata_dummy_qc_issue,
18825 .error_handler = ata_dummy_error_handler,
18826 diff -urNp linux-2.6.32.1/drivers/ata/libata-eh.c linux-2.6.32.1/drivers/ata/libata-eh.c
18827 --- linux-2.6.32.1/drivers/ata/libata-eh.c 2009-12-02 22:51:21.000000000 -0500
18828 +++ linux-2.6.32.1/drivers/ata/libata-eh.c 2009-12-14 18:33:52.227756101 -0500
18829 @@ -3580,7 +3580,7 @@ void ata_do_eh(struct ata_port *ap, ata_
18831 void ata_std_error_handler(struct ata_port *ap)
18833 - struct ata_port_operations *ops = ap->ops;
18834 + const struct ata_port_operations *ops = ap->ops;
18835 ata_reset_fn_t hardreset = ops->hardreset;
18837 /* ignore built-in hardreset if SCR access is not available */
18838 diff -urNp linux-2.6.32.1/drivers/ata/libata-pmp.c linux-2.6.32.1/drivers/ata/libata-pmp.c
18839 --- linux-2.6.32.1/drivers/ata/libata-pmp.c 2009-12-02 22:51:21.000000000 -0500
18840 +++ linux-2.6.32.1/drivers/ata/libata-pmp.c 2009-12-14 18:33:52.228753266 -0500
18841 @@ -841,7 +841,7 @@ static int sata_pmp_handle_link_fail(str
18843 static int sata_pmp_eh_recover(struct ata_port *ap)
18845 - struct ata_port_operations *ops = ap->ops;
18846 + const struct ata_port_operations *ops = ap->ops;
18847 int pmp_tries, link_tries[SATA_PMP_MAX_PORTS];
18848 struct ata_link *pmp_link = &ap->link;
18849 struct ata_device *pmp_dev = pmp_link->device;
18850 diff -urNp linux-2.6.32.1/drivers/ata/pata_acpi.c linux-2.6.32.1/drivers/ata/pata_acpi.c
18851 --- linux-2.6.32.1/drivers/ata/pata_acpi.c 2009-12-02 22:51:21.000000000 -0500
18852 +++ linux-2.6.32.1/drivers/ata/pata_acpi.c 2009-12-14 18:33:52.229715215 -0500
18853 @@ -215,7 +215,7 @@ static struct scsi_host_template pacpi_s
18854 ATA_BMDMA_SHT(DRV_NAME),
18857 -static struct ata_port_operations pacpi_ops = {
18858 +static const struct ata_port_operations pacpi_ops = {
18859 .inherits = &ata_bmdma_port_ops,
18860 .qc_issue = pacpi_qc_issue,
18861 .cable_detect = pacpi_cable_detect,
18862 diff -urNp linux-2.6.32.1/drivers/ata/pata_ali.c linux-2.6.32.1/drivers/ata/pata_ali.c
18863 --- linux-2.6.32.1/drivers/ata/pata_ali.c 2009-12-02 22:51:21.000000000 -0500
18864 +++ linux-2.6.32.1/drivers/ata/pata_ali.c 2009-12-14 18:33:52.231780997 -0500
18865 @@ -365,7 +365,7 @@ static struct scsi_host_template ali_sht
18866 * Port operations for PIO only ALi
18869 -static struct ata_port_operations ali_early_port_ops = {
18870 +static const struct ata_port_operations ali_early_port_ops = {
18871 .inherits = &ata_sff_port_ops,
18872 .cable_detect = ata_cable_40wire,
18873 .set_piomode = ali_set_piomode,
18874 @@ -382,7 +382,7 @@ static const struct ata_port_operations
18875 * Port operations for DMA capable ALi without cable
18878 -static struct ata_port_operations ali_20_port_ops = {
18879 +static const struct ata_port_operations ali_20_port_ops = {
18880 .inherits = &ali_dma_base_ops,
18881 .cable_detect = ata_cable_40wire,
18882 .mode_filter = ali_20_filter,
18883 @@ -393,7 +393,7 @@ static struct ata_port_operations ali_20
18885 * Port operations for DMA capable ALi with cable detect
18887 -static struct ata_port_operations ali_c2_port_ops = {
18888 +static const struct ata_port_operations ali_c2_port_ops = {
18889 .inherits = &ali_dma_base_ops,
18890 .check_atapi_dma = ali_check_atapi_dma,
18891 .cable_detect = ali_c2_cable_detect,
18892 @@ -404,7 +404,7 @@ static struct ata_port_operations ali_c2
18894 * Port operations for DMA capable ALi with cable detect
18896 -static struct ata_port_operations ali_c4_port_ops = {
18897 +static const struct ata_port_operations ali_c4_port_ops = {
18898 .inherits = &ali_dma_base_ops,
18899 .check_atapi_dma = ali_check_atapi_dma,
18900 .cable_detect = ali_c2_cable_detect,
18901 @@ -414,7 +414,7 @@ static struct ata_port_operations ali_c4
18903 * Port operations for DMA capable ALi with cable detect and LBA48
18905 -static struct ata_port_operations ali_c5_port_ops = {
18906 +static const struct ata_port_operations ali_c5_port_ops = {
18907 .inherits = &ali_dma_base_ops,
18908 .check_atapi_dma = ali_check_atapi_dma,
18909 .dev_config = ali_warn_atapi_dma,
18910 diff -urNp linux-2.6.32.1/drivers/ata/pata_amd.c linux-2.6.32.1/drivers/ata/pata_amd.c
18911 --- linux-2.6.32.1/drivers/ata/pata_amd.c 2009-12-02 22:51:21.000000000 -0500
18912 +++ linux-2.6.32.1/drivers/ata/pata_amd.c 2009-12-14 18:33:52.233757048 -0500
18913 @@ -397,28 +397,28 @@ static const struct ata_port_operations
18914 .prereset = amd_pre_reset,
18917 -static struct ata_port_operations amd33_port_ops = {
18918 +static const struct ata_port_operations amd33_port_ops = {
18919 .inherits = &amd_base_port_ops,
18920 .cable_detect = ata_cable_40wire,
18921 .set_piomode = amd33_set_piomode,
18922 .set_dmamode = amd33_set_dmamode,
18925 -static struct ata_port_operations amd66_port_ops = {
18926 +static const struct ata_port_operations amd66_port_ops = {
18927 .inherits = &amd_base_port_ops,
18928 .cable_detect = ata_cable_unknown,
18929 .set_piomode = amd66_set_piomode,
18930 .set_dmamode = amd66_set_dmamode,
18933 -static struct ata_port_operations amd100_port_ops = {
18934 +static const struct ata_port_operations amd100_port_ops = {
18935 .inherits = &amd_base_port_ops,
18936 .cable_detect = ata_cable_unknown,
18937 .set_piomode = amd100_set_piomode,
18938 .set_dmamode = amd100_set_dmamode,
18941 -static struct ata_port_operations amd133_port_ops = {
18942 +static const struct ata_port_operations amd133_port_ops = {
18943 .inherits = &amd_base_port_ops,
18944 .cable_detect = amd_cable_detect,
18945 .set_piomode = amd133_set_piomode,
18946 @@ -433,13 +433,13 @@ static const struct ata_port_operations
18947 .host_stop = nv_host_stop,
18950 -static struct ata_port_operations nv100_port_ops = {
18951 +static const struct ata_port_operations nv100_port_ops = {
18952 .inherits = &nv_base_port_ops,
18953 .set_piomode = nv100_set_piomode,
18954 .set_dmamode = nv100_set_dmamode,
18957 -static struct ata_port_operations nv133_port_ops = {
18958 +static const struct ata_port_operations nv133_port_ops = {
18959 .inherits = &nv_base_port_ops,
18960 .set_piomode = nv133_set_piomode,
18961 .set_dmamode = nv133_set_dmamode,
18962 diff -urNp linux-2.6.32.1/drivers/ata/pata_artop.c linux-2.6.32.1/drivers/ata/pata_artop.c
18963 --- linux-2.6.32.1/drivers/ata/pata_artop.c 2009-12-02 22:51:21.000000000 -0500
18964 +++ linux-2.6.32.1/drivers/ata/pata_artop.c 2009-12-14 18:33:52.236749783 -0500
18965 @@ -311,7 +311,7 @@ static struct scsi_host_template artop_s
18966 ATA_BMDMA_SHT(DRV_NAME),
18969 -static struct ata_port_operations artop6210_ops = {
18970 +static const struct ata_port_operations artop6210_ops = {
18971 .inherits = &ata_bmdma_port_ops,
18972 .cable_detect = ata_cable_40wire,
18973 .set_piomode = artop6210_set_piomode,
18974 @@ -320,7 +320,7 @@ static struct ata_port_operations artop6
18975 .qc_defer = artop6210_qc_defer,
18978 -static struct ata_port_operations artop6260_ops = {
18979 +static const struct ata_port_operations artop6260_ops = {
18980 .inherits = &ata_bmdma_port_ops,
18981 .cable_detect = artop6260_cable_detect,
18982 .set_piomode = artop6260_set_piomode,
18983 diff -urNp linux-2.6.32.1/drivers/ata/pata_at32.c linux-2.6.32.1/drivers/ata/pata_at32.c
18984 --- linux-2.6.32.1/drivers/ata/pata_at32.c 2009-12-02 22:51:21.000000000 -0500
18985 +++ linux-2.6.32.1/drivers/ata/pata_at32.c 2009-12-14 18:33:52.237769323 -0500
18986 @@ -172,7 +172,7 @@ static struct scsi_host_template at32_sh
18987 ATA_PIO_SHT(DRV_NAME),
18990 -static struct ata_port_operations at32_port_ops = {
18991 +static const struct ata_port_operations at32_port_ops = {
18992 .inherits = &ata_sff_port_ops,
18993 .cable_detect = ata_cable_40wire,
18994 .set_piomode = pata_at32_set_piomode,
18995 diff -urNp linux-2.6.32.1/drivers/ata/pata_at91.c linux-2.6.32.1/drivers/ata/pata_at91.c
18996 --- linux-2.6.32.1/drivers/ata/pata_at91.c 2009-12-02 22:51:21.000000000 -0500
18997 +++ linux-2.6.32.1/drivers/ata/pata_at91.c 2009-12-14 18:33:52.239752383 -0500
18998 @@ -195,7 +195,7 @@ static struct scsi_host_template pata_at
18999 ATA_PIO_SHT(DRV_NAME),
19002 -static struct ata_port_operations pata_at91_port_ops = {
19003 +static const struct ata_port_operations pata_at91_port_ops = {
19004 .inherits = &ata_sff_port_ops,
19006 .sff_data_xfer = pata_at91_data_xfer_noirq,
19007 diff -urNp linux-2.6.32.1/drivers/ata/pata_atiixp.c linux-2.6.32.1/drivers/ata/pata_atiixp.c
19008 --- linux-2.6.32.1/drivers/ata/pata_atiixp.c 2009-12-02 22:51:21.000000000 -0500
19009 +++ linux-2.6.32.1/drivers/ata/pata_atiixp.c 2009-12-14 18:33:52.271764550 -0500
19010 @@ -205,7 +205,7 @@ static struct scsi_host_template atiixp_
19011 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19014 -static struct ata_port_operations atiixp_port_ops = {
19015 +static const struct ata_port_operations atiixp_port_ops = {
19016 .inherits = &ata_bmdma_port_ops,
19018 .qc_prep = ata_sff_dumb_qc_prep,
19019 diff -urNp linux-2.6.32.1/drivers/ata/pata_atp867x.c linux-2.6.32.1/drivers/ata/pata_atp867x.c
19020 --- linux-2.6.32.1/drivers/ata/pata_atp867x.c 2009-12-02 22:51:21.000000000 -0500
19021 +++ linux-2.6.32.1/drivers/ata/pata_atp867x.c 2009-12-14 18:33:52.272740638 -0500
19022 @@ -274,7 +274,7 @@ static struct scsi_host_template atp867x
19023 ATA_BMDMA_SHT(DRV_NAME),
19026 -static struct ata_port_operations atp867x_ops = {
19027 +static const struct ata_port_operations atp867x_ops = {
19028 .inherits = &ata_bmdma_port_ops,
19029 .cable_detect = atp867x_cable_detect,
19030 .set_piomode = atp867x_set_piomode,
19031 diff -urNp linux-2.6.32.1/drivers/ata/pata_bf54x.c linux-2.6.32.1/drivers/ata/pata_bf54x.c
19032 --- linux-2.6.32.1/drivers/ata/pata_bf54x.c 2009-12-02 22:51:21.000000000 -0500
19033 +++ linux-2.6.32.1/drivers/ata/pata_bf54x.c 2009-12-14 18:33:52.283762923 -0500
19034 @@ -1464,7 +1464,7 @@ static struct scsi_host_template bfin_sh
19035 .dma_boundary = ATA_DMA_BOUNDARY,
19038 -static struct ata_port_operations bfin_pata_ops = {
19039 +static const struct ata_port_operations bfin_pata_ops = {
19040 .inherits = &ata_sff_port_ops,
19042 .set_piomode = bfin_set_piomode,
19043 diff -urNp linux-2.6.32.1/drivers/ata/pata_cmd640.c linux-2.6.32.1/drivers/ata/pata_cmd640.c
19044 --- linux-2.6.32.1/drivers/ata/pata_cmd640.c 2009-12-02 22:51:21.000000000 -0500
19045 +++ linux-2.6.32.1/drivers/ata/pata_cmd640.c 2009-12-14 18:33:52.286758439 -0500
19046 @@ -168,7 +168,7 @@ static struct scsi_host_template cmd640_
19047 ATA_BMDMA_SHT(DRV_NAME),
19050 -static struct ata_port_operations cmd640_port_ops = {
19051 +static const struct ata_port_operations cmd640_port_ops = {
19052 .inherits = &ata_bmdma_port_ops,
19053 /* In theory xfer_noirq is not needed once we kill the prefetcher */
19054 .sff_data_xfer = ata_sff_data_xfer_noirq,
19055 diff -urNp linux-2.6.32.1/drivers/ata/pata_cmd64x.c linux-2.6.32.1/drivers/ata/pata_cmd64x.c
19056 --- linux-2.6.32.1/drivers/ata/pata_cmd64x.c 2009-12-02 22:51:21.000000000 -0500
19057 +++ linux-2.6.32.1/drivers/ata/pata_cmd64x.c 2009-12-14 18:33:52.287766497 -0500
19058 @@ -275,18 +275,18 @@ static const struct ata_port_operations
19059 .set_dmamode = cmd64x_set_dmamode,
19062 -static struct ata_port_operations cmd64x_port_ops = {
19063 +static const struct ata_port_operations cmd64x_port_ops = {
19064 .inherits = &cmd64x_base_ops,
19065 .cable_detect = ata_cable_40wire,
19068 -static struct ata_port_operations cmd646r1_port_ops = {
19069 +static const struct ata_port_operations cmd646r1_port_ops = {
19070 .inherits = &cmd64x_base_ops,
19071 .bmdma_stop = cmd646r1_bmdma_stop,
19072 .cable_detect = ata_cable_40wire,
19075 -static struct ata_port_operations cmd648_port_ops = {
19076 +static const struct ata_port_operations cmd648_port_ops = {
19077 .inherits = &cmd64x_base_ops,
19078 .bmdma_stop = cmd648_bmdma_stop,
19079 .cable_detect = cmd648_cable_detect,
19080 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5520.c linux-2.6.32.1/drivers/ata/pata_cs5520.c
19081 --- linux-2.6.32.1/drivers/ata/pata_cs5520.c 2009-12-02 22:51:21.000000000 -0500
19082 +++ linux-2.6.32.1/drivers/ata/pata_cs5520.c 2009-12-14 18:33:52.288759601 -0500
19083 @@ -144,7 +144,7 @@ static struct scsi_host_template cs5520_
19084 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19087 -static struct ata_port_operations cs5520_port_ops = {
19088 +static const struct ata_port_operations cs5520_port_ops = {
19089 .inherits = &ata_bmdma_port_ops,
19090 .qc_prep = ata_sff_dumb_qc_prep,
19091 .cable_detect = ata_cable_40wire,
19092 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5530.c linux-2.6.32.1/drivers/ata/pata_cs5530.c
19093 --- linux-2.6.32.1/drivers/ata/pata_cs5530.c 2009-12-02 22:51:21.000000000 -0500
19094 +++ linux-2.6.32.1/drivers/ata/pata_cs5530.c 2009-12-14 18:33:52.290726192 -0500
19095 @@ -164,7 +164,7 @@ static struct scsi_host_template cs5530_
19096 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19099 -static struct ata_port_operations cs5530_port_ops = {
19100 +static const struct ata_port_operations cs5530_port_ops = {
19101 .inherits = &ata_bmdma_port_ops,
19103 .qc_prep = ata_sff_dumb_qc_prep,
19104 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5535.c linux-2.6.32.1/drivers/ata/pata_cs5535.c
19105 --- linux-2.6.32.1/drivers/ata/pata_cs5535.c 2009-12-02 22:51:21.000000000 -0500
19106 +++ linux-2.6.32.1/drivers/ata/pata_cs5535.c 2009-12-14 18:33:52.291730001 -0500
19107 @@ -160,7 +160,7 @@ static struct scsi_host_template cs5535_
19108 ATA_BMDMA_SHT(DRV_NAME),
19111 -static struct ata_port_operations cs5535_port_ops = {
19112 +static const struct ata_port_operations cs5535_port_ops = {
19113 .inherits = &ata_bmdma_port_ops,
19114 .cable_detect = cs5535_cable_detect,
19115 .set_piomode = cs5535_set_piomode,
19116 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5536.c linux-2.6.32.1/drivers/ata/pata_cs5536.c
19117 --- linux-2.6.32.1/drivers/ata/pata_cs5536.c 2009-12-02 22:51:21.000000000 -0500
19118 +++ linux-2.6.32.1/drivers/ata/pata_cs5536.c 2009-12-14 18:33:52.292713572 -0500
19119 @@ -223,7 +223,7 @@ static struct scsi_host_template cs5536_
19120 ATA_BMDMA_SHT(DRV_NAME),
19123 -static struct ata_port_operations cs5536_port_ops = {
19124 +static const struct ata_port_operations cs5536_port_ops = {
19125 .inherits = &ata_bmdma_port_ops,
19126 .cable_detect = cs5536_cable_detect,
19127 .set_piomode = cs5536_set_piomode,
19128 diff -urNp linux-2.6.32.1/drivers/ata/pata_cypress.c linux-2.6.32.1/drivers/ata/pata_cypress.c
19129 --- linux-2.6.32.1/drivers/ata/pata_cypress.c 2009-12-02 22:51:21.000000000 -0500
19130 +++ linux-2.6.32.1/drivers/ata/pata_cypress.c 2009-12-14 18:33:52.294739940 -0500
19131 @@ -113,7 +113,7 @@ static struct scsi_host_template cy82c69
19132 ATA_BMDMA_SHT(DRV_NAME),
19135 -static struct ata_port_operations cy82c693_port_ops = {
19136 +static const struct ata_port_operations cy82c693_port_ops = {
19137 .inherits = &ata_bmdma_port_ops,
19138 .cable_detect = ata_cable_40wire,
19139 .set_piomode = cy82c693_set_piomode,
19140 diff -urNp linux-2.6.32.1/drivers/ata/pata_efar.c linux-2.6.32.1/drivers/ata/pata_efar.c
19141 --- linux-2.6.32.1/drivers/ata/pata_efar.c 2009-12-02 22:51:21.000000000 -0500
19142 +++ linux-2.6.32.1/drivers/ata/pata_efar.c 2009-12-14 18:33:52.295745767 -0500
19143 @@ -222,7 +222,7 @@ static struct scsi_host_template efar_sh
19144 ATA_BMDMA_SHT(DRV_NAME),
19147 -static struct ata_port_operations efar_ops = {
19148 +static const struct ata_port_operations efar_ops = {
19149 .inherits = &ata_bmdma_port_ops,
19150 .cable_detect = efar_cable_detect,
19151 .set_piomode = efar_set_piomode,
19152 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt366.c linux-2.6.32.1/drivers/ata/pata_hpt366.c
19153 --- linux-2.6.32.1/drivers/ata/pata_hpt366.c 2009-12-02 22:51:21.000000000 -0500
19154 +++ linux-2.6.32.1/drivers/ata/pata_hpt366.c 2009-12-14 18:33:52.296706549 -0500
19155 @@ -282,7 +282,7 @@ static struct scsi_host_template hpt36x_
19156 * Configuration for HPT366/68
19159 -static struct ata_port_operations hpt366_port_ops = {
19160 +static const struct ata_port_operations hpt366_port_ops = {
19161 .inherits = &ata_bmdma_port_ops,
19162 .cable_detect = hpt36x_cable_detect,
19163 .mode_filter = hpt366_filter,
19164 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt37x.c linux-2.6.32.1/drivers/ata/pata_hpt37x.c
19165 --- linux-2.6.32.1/drivers/ata/pata_hpt37x.c 2009-12-02 22:51:21.000000000 -0500
19166 +++ linux-2.6.32.1/drivers/ata/pata_hpt37x.c 2009-12-14 18:33:52.297723734 -0500
19167 @@ -578,7 +578,7 @@ static struct scsi_host_template hpt37x_
19168 * Configuration for HPT370
19171 -static struct ata_port_operations hpt370_port_ops = {
19172 +static const struct ata_port_operations hpt370_port_ops = {
19173 .inherits = &ata_bmdma_port_ops,
19175 .bmdma_stop = hpt370_bmdma_stop,
19176 @@ -593,7 +593,7 @@ static struct ata_port_operations hpt370
19177 * Configuration for HPT370A. Close to 370 but less filters
19180 -static struct ata_port_operations hpt370a_port_ops = {
19181 +static const struct ata_port_operations hpt370a_port_ops = {
19182 .inherits = &hpt370_port_ops,
19183 .mode_filter = hpt370a_filter,
19185 @@ -603,7 +603,7 @@ static struct ata_port_operations hpt370
19186 * and DMA mode setting functionality.
19189 -static struct ata_port_operations hpt372_port_ops = {
19190 +static const struct ata_port_operations hpt372_port_ops = {
19191 .inherits = &ata_bmdma_port_ops,
19193 .bmdma_stop = hpt37x_bmdma_stop,
19194 @@ -618,7 +618,7 @@ static struct ata_port_operations hpt372
19195 * but we have a different cable detection procedure for function 1.
19198 -static struct ata_port_operations hpt374_fn1_port_ops = {
19199 +static const struct ata_port_operations hpt374_fn1_port_ops = {
19200 .inherits = &hpt372_port_ops,
19201 .prereset = hpt374_fn1_pre_reset,
19203 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c
19204 --- linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c 2009-12-02 22:51:21.000000000 -0500
19205 +++ linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c 2009-12-14 18:33:52.311764085 -0500
19206 @@ -334,7 +334,7 @@ static struct scsi_host_template hpt3x2n
19207 * Configuration for HPT3x2n.
19210 -static struct ata_port_operations hpt3x2n_port_ops = {
19211 +static const struct ata_port_operations hpt3x2n_port_ops = {
19212 .inherits = &ata_bmdma_port_ops,
19214 .bmdma_stop = hpt3x2n_bmdma_stop,
19215 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt3x3.c linux-2.6.32.1/drivers/ata/pata_hpt3x3.c
19216 --- linux-2.6.32.1/drivers/ata/pata_hpt3x3.c 2009-12-02 22:51:21.000000000 -0500
19217 +++ linux-2.6.32.1/drivers/ata/pata_hpt3x3.c 2009-12-14 18:33:52.320715637 -0500
19218 @@ -141,7 +141,7 @@ static struct scsi_host_template hpt3x3_
19219 ATA_BMDMA_SHT(DRV_NAME),
19222 -static struct ata_port_operations hpt3x3_port_ops = {
19223 +static const struct ata_port_operations hpt3x3_port_ops = {
19224 .inherits = &ata_bmdma_port_ops,
19225 .cable_detect = ata_cable_40wire,
19226 .set_piomode = hpt3x3_set_piomode,
19227 diff -urNp linux-2.6.32.1/drivers/ata/pata_icside.c linux-2.6.32.1/drivers/ata/pata_icside.c
19228 --- linux-2.6.32.1/drivers/ata/pata_icside.c 2009-12-02 22:51:21.000000000 -0500
19229 +++ linux-2.6.32.1/drivers/ata/pata_icside.c 2009-12-14 18:33:52.329748602 -0500
19230 @@ -319,7 +319,7 @@ static void pata_icside_postreset(struct
19234 -static struct ata_port_operations pata_icside_port_ops = {
19235 +static const struct ata_port_operations pata_icside_port_ops = {
19236 .inherits = &ata_sff_port_ops,
19237 /* no need to build any PRD tables for DMA */
19238 .qc_prep = ata_noop_qc_prep,
19239 diff -urNp linux-2.6.32.1/drivers/ata/pata_isapnp.c linux-2.6.32.1/drivers/ata/pata_isapnp.c
19240 --- linux-2.6.32.1/drivers/ata/pata_isapnp.c 2009-12-02 22:51:21.000000000 -0500
19241 +++ linux-2.6.32.1/drivers/ata/pata_isapnp.c 2009-12-14 18:33:52.330730401 -0500
19242 @@ -23,12 +23,12 @@ static struct scsi_host_template isapnp_
19243 ATA_PIO_SHT(DRV_NAME),
19246 -static struct ata_port_operations isapnp_port_ops = {
19247 +static const struct ata_port_operations isapnp_port_ops = {
19248 .inherits = &ata_sff_port_ops,
19249 .cable_detect = ata_cable_40wire,
19252 -static struct ata_port_operations isapnp_noalt_port_ops = {
19253 +static const struct ata_port_operations isapnp_noalt_port_ops = {
19254 .inherits = &ata_sff_port_ops,
19255 .cable_detect = ata_cable_40wire,
19256 /* No altstatus so we don't want to use the lost interrupt poll */
19257 diff -urNp linux-2.6.32.1/drivers/ata/pata_it8213.c linux-2.6.32.1/drivers/ata/pata_it8213.c
19258 --- linux-2.6.32.1/drivers/ata/pata_it8213.c 2009-12-02 22:51:21.000000000 -0500
19259 +++ linux-2.6.32.1/drivers/ata/pata_it8213.c 2009-12-14 18:33:52.340712269 -0500
19260 @@ -234,7 +234,7 @@ static struct scsi_host_template it8213_
19264 -static struct ata_port_operations it8213_ops = {
19265 +static const struct ata_port_operations it8213_ops = {
19266 .inherits = &ata_bmdma_port_ops,
19267 .cable_detect = it8213_cable_detect,
19268 .set_piomode = it8213_set_piomode,
19269 diff -urNp linux-2.6.32.1/drivers/ata/pata_it821x.c linux-2.6.32.1/drivers/ata/pata_it821x.c
19270 --- linux-2.6.32.1/drivers/ata/pata_it821x.c 2009-12-02 22:51:21.000000000 -0500
19271 +++ linux-2.6.32.1/drivers/ata/pata_it821x.c 2009-12-14 18:33:52.352710516 -0500
19272 @@ -800,7 +800,7 @@ static struct scsi_host_template it821x_
19273 ATA_BMDMA_SHT(DRV_NAME),
19276 -static struct ata_port_operations it821x_smart_port_ops = {
19277 +static const struct ata_port_operations it821x_smart_port_ops = {
19278 .inherits = &ata_bmdma_port_ops,
19280 .check_atapi_dma= it821x_check_atapi_dma,
19281 @@ -814,7 +814,7 @@ static struct ata_port_operations it821x
19282 .port_start = it821x_port_start,
19285 -static struct ata_port_operations it821x_passthru_port_ops = {
19286 +static const struct ata_port_operations it821x_passthru_port_ops = {
19287 .inherits = &ata_bmdma_port_ops,
19289 .check_atapi_dma= it821x_check_atapi_dma,
19290 @@ -830,7 +830,7 @@ static struct ata_port_operations it821x
19291 .port_start = it821x_port_start,
19294 -static struct ata_port_operations it821x_rdc_port_ops = {
19295 +static const struct ata_port_operations it821x_rdc_port_ops = {
19296 .inherits = &ata_bmdma_port_ops,
19298 .check_atapi_dma= it821x_check_atapi_dma,
19299 diff -urNp linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c
19300 --- linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c 2009-12-02 22:51:21.000000000 -0500
19301 +++ linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c 2009-12-14 18:33:52.365770715 -0500
19302 @@ -89,7 +89,7 @@ static struct scsi_host_template ixp4xx_
19303 ATA_PIO_SHT(DRV_NAME),
19306 -static struct ata_port_operations ixp4xx_port_ops = {
19307 +static const struct ata_port_operations ixp4xx_port_ops = {
19308 .inherits = &ata_sff_port_ops,
19309 .sff_data_xfer = ixp4xx_mmio_data_xfer,
19310 .cable_detect = ata_cable_40wire,
19311 diff -urNp linux-2.6.32.1/drivers/ata/pata_jmicron.c linux-2.6.32.1/drivers/ata/pata_jmicron.c
19312 --- linux-2.6.32.1/drivers/ata/pata_jmicron.c 2009-12-02 22:51:21.000000000 -0500
19313 +++ linux-2.6.32.1/drivers/ata/pata_jmicron.c 2009-12-14 18:33:52.372728592 -0500
19314 @@ -111,7 +111,7 @@ static struct scsi_host_template jmicron
19315 ATA_BMDMA_SHT(DRV_NAME),
19318 -static struct ata_port_operations jmicron_ops = {
19319 +static const struct ata_port_operations jmicron_ops = {
19320 .inherits = &ata_bmdma_port_ops,
19321 .prereset = jmicron_pre_reset,
19323 diff -urNp linux-2.6.32.1/drivers/ata/pata_legacy.c linux-2.6.32.1/drivers/ata/pata_legacy.c
19324 --- linux-2.6.32.1/drivers/ata/pata_legacy.c 2009-12-02 22:51:21.000000000 -0500
19325 +++ linux-2.6.32.1/drivers/ata/pata_legacy.c 2009-12-14 18:33:52.388771890 -0500
19326 @@ -106,7 +106,7 @@ struct legacy_probe {
19328 struct legacy_controller {
19330 - struct ata_port_operations *ops;
19331 + const struct ata_port_operations *ops;
19332 unsigned int pio_mask;
19333 unsigned int flags;
19334 unsigned int pflags;
19335 @@ -223,12 +223,12 @@ static const struct ata_port_operations
19336 * pio_mask as well.
19339 -static struct ata_port_operations simple_port_ops = {
19340 +static const struct ata_port_operations simple_port_ops = {
19341 .inherits = &legacy_base_port_ops,
19342 .sff_data_xfer = ata_sff_data_xfer_noirq,
19345 -static struct ata_port_operations legacy_port_ops = {
19346 +static const struct ata_port_operations legacy_port_ops = {
19347 .inherits = &legacy_base_port_ops,
19348 .sff_data_xfer = ata_sff_data_xfer_noirq,
19349 .set_mode = legacy_set_mode,
19350 @@ -324,7 +324,7 @@ static unsigned int pdc_data_xfer_vlb(st
19354 -static struct ata_port_operations pdc20230_port_ops = {
19355 +static const struct ata_port_operations pdc20230_port_ops = {
19356 .inherits = &legacy_base_port_ops,
19357 .set_piomode = pdc20230_set_piomode,
19358 .sff_data_xfer = pdc_data_xfer_vlb,
19359 @@ -357,7 +357,7 @@ static void ht6560a_set_piomode(struct a
19360 ioread8(ap->ioaddr.status_addr);
19363 -static struct ata_port_operations ht6560a_port_ops = {
19364 +static const struct ata_port_operations ht6560a_port_ops = {
19365 .inherits = &legacy_base_port_ops,
19366 .set_piomode = ht6560a_set_piomode,
19368 @@ -400,7 +400,7 @@ static void ht6560b_set_piomode(struct a
19369 ioread8(ap->ioaddr.status_addr);
19372 -static struct ata_port_operations ht6560b_port_ops = {
19373 +static const struct ata_port_operations ht6560b_port_ops = {
19374 .inherits = &legacy_base_port_ops,
19375 .set_piomode = ht6560b_set_piomode,
19377 @@ -499,7 +499,7 @@ static void opti82c611a_set_piomode(stru
19381 -static struct ata_port_operations opti82c611a_port_ops = {
19382 +static const struct ata_port_operations opti82c611a_port_ops = {
19383 .inherits = &legacy_base_port_ops,
19384 .set_piomode = opti82c611a_set_piomode,
19386 @@ -609,7 +609,7 @@ static unsigned int opti82c46x_qc_issue(
19387 return ata_sff_qc_issue(qc);
19390 -static struct ata_port_operations opti82c46x_port_ops = {
19391 +static const struct ata_port_operations opti82c46x_port_ops = {
19392 .inherits = &legacy_base_port_ops,
19393 .set_piomode = opti82c46x_set_piomode,
19394 .qc_issue = opti82c46x_qc_issue,
19395 @@ -771,20 +771,20 @@ static int qdi_port(struct platform_devi
19399 -static struct ata_port_operations qdi6500_port_ops = {
19400 +static const struct ata_port_operations qdi6500_port_ops = {
19401 .inherits = &legacy_base_port_ops,
19402 .set_piomode = qdi6500_set_piomode,
19403 .qc_issue = qdi_qc_issue,
19404 .sff_data_xfer = vlb32_data_xfer,
19407 -static struct ata_port_operations qdi6580_port_ops = {
19408 +static const struct ata_port_operations qdi6580_port_ops = {
19409 .inherits = &legacy_base_port_ops,
19410 .set_piomode = qdi6580_set_piomode,
19411 .sff_data_xfer = vlb32_data_xfer,
19414 -static struct ata_port_operations qdi6580dp_port_ops = {
19415 +static const struct ata_port_operations qdi6580dp_port_ops = {
19416 .inherits = &legacy_base_port_ops,
19417 .set_piomode = qdi6580dp_set_piomode,
19418 .sff_data_xfer = vlb32_data_xfer,
19419 @@ -855,7 +855,7 @@ static int winbond_port(struct platform_
19423 -static struct ata_port_operations winbond_port_ops = {
19424 +static const struct ata_port_operations winbond_port_ops = {
19425 .inherits = &legacy_base_port_ops,
19426 .set_piomode = winbond_set_piomode,
19427 .sff_data_xfer = vlb32_data_xfer,
19428 @@ -978,7 +978,7 @@ static __init int legacy_init_one(struct
19429 int pio_modes = controller->pio_mask;
19430 unsigned long io = probe->port;
19431 u32 mask = (1 << probe->slot);
19432 - struct ata_port_operations *ops = controller->ops;
19433 + const struct ata_port_operations *ops = controller->ops;
19434 struct legacy_data *ld = &legacy_data[probe->slot];
19435 struct ata_host *host = NULL;
19436 struct ata_port *ap;
19437 diff -urNp linux-2.6.32.1/drivers/ata/pata_marvell.c linux-2.6.32.1/drivers/ata/pata_marvell.c
19438 --- linux-2.6.32.1/drivers/ata/pata_marvell.c 2009-12-02 22:51:21.000000000 -0500
19439 +++ linux-2.6.32.1/drivers/ata/pata_marvell.c 2009-12-14 18:33:52.404773618 -0500
19440 @@ -100,7 +100,7 @@ static struct scsi_host_template marvell
19441 ATA_BMDMA_SHT(DRV_NAME),
19444 -static struct ata_port_operations marvell_ops = {
19445 +static const struct ata_port_operations marvell_ops = {
19446 .inherits = &ata_bmdma_port_ops,
19447 .cable_detect = marvell_cable_detect,
19448 .prereset = marvell_pre_reset,
19449 diff -urNp linux-2.6.32.1/drivers/ata/pata_mpc52xx.c linux-2.6.32.1/drivers/ata/pata_mpc52xx.c
19450 --- linux-2.6.32.1/drivers/ata/pata_mpc52xx.c 2009-12-02 22:51:21.000000000 -0500
19451 +++ linux-2.6.32.1/drivers/ata/pata_mpc52xx.c 2009-12-14 18:33:52.405776770 -0500
19452 @@ -609,7 +609,7 @@ static struct scsi_host_template mpc52xx
19453 ATA_PIO_SHT(DRV_NAME),
19456 -static struct ata_port_operations mpc52xx_ata_port_ops = {
19457 +static const struct ata_port_operations mpc52xx_ata_port_ops = {
19458 .inherits = &ata_sff_port_ops,
19459 .sff_dev_select = mpc52xx_ata_dev_select,
19460 .set_piomode = mpc52xx_ata_set_piomode,
19461 diff -urNp linux-2.6.32.1/drivers/ata/pata_mpiix.c linux-2.6.32.1/drivers/ata/pata_mpiix.c
19462 --- linux-2.6.32.1/drivers/ata/pata_mpiix.c 2009-12-02 22:51:21.000000000 -0500
19463 +++ linux-2.6.32.1/drivers/ata/pata_mpiix.c 2009-12-14 18:33:52.412777557 -0500
19464 @@ -140,7 +140,7 @@ static struct scsi_host_template mpiix_s
19465 ATA_PIO_SHT(DRV_NAME),
19468 -static struct ata_port_operations mpiix_port_ops = {
19469 +static const struct ata_port_operations mpiix_port_ops = {
19470 .inherits = &ata_sff_port_ops,
19471 .qc_issue = mpiix_qc_issue,
19472 .cable_detect = ata_cable_40wire,
19473 diff -urNp linux-2.6.32.1/drivers/ata/pata_netcell.c linux-2.6.32.1/drivers/ata/pata_netcell.c
19474 --- linux-2.6.32.1/drivers/ata/pata_netcell.c 2009-12-02 22:51:21.000000000 -0500
19475 +++ linux-2.6.32.1/drivers/ata/pata_netcell.c 2009-12-14 18:33:52.435775797 -0500
19476 @@ -34,7 +34,7 @@ static struct scsi_host_template netcell
19477 ATA_BMDMA_SHT(DRV_NAME),
19480 -static struct ata_port_operations netcell_ops = {
19481 +static const struct ata_port_operations netcell_ops = {
19482 .inherits = &ata_bmdma_port_ops,
19483 .cable_detect = ata_cable_80wire,
19484 .read_id = netcell_read_id,
19485 diff -urNp linux-2.6.32.1/drivers/ata/pata_ninja32.c linux-2.6.32.1/drivers/ata/pata_ninja32.c
19486 --- linux-2.6.32.1/drivers/ata/pata_ninja32.c 2009-12-02 22:51:21.000000000 -0500
19487 +++ linux-2.6.32.1/drivers/ata/pata_ninja32.c 2009-12-14 18:33:52.437780205 -0500
19488 @@ -81,7 +81,7 @@ static struct scsi_host_template ninja32
19489 ATA_BMDMA_SHT(DRV_NAME),
19492 -static struct ata_port_operations ninja32_port_ops = {
19493 +static const struct ata_port_operations ninja32_port_ops = {
19494 .inherits = &ata_bmdma_port_ops,
19495 .sff_dev_select = ninja32_dev_select,
19496 .cable_detect = ata_cable_40wire,
19497 diff -urNp linux-2.6.32.1/drivers/ata/pata_ns87410.c linux-2.6.32.1/drivers/ata/pata_ns87410.c
19498 --- linux-2.6.32.1/drivers/ata/pata_ns87410.c 2009-12-02 22:51:21.000000000 -0500
19499 +++ linux-2.6.32.1/drivers/ata/pata_ns87410.c 2009-12-14 18:33:52.452753530 -0500
19500 @@ -132,7 +132,7 @@ static struct scsi_host_template ns87410
19501 ATA_PIO_SHT(DRV_NAME),
19504 -static struct ata_port_operations ns87410_port_ops = {
19505 +static const struct ata_port_operations ns87410_port_ops = {
19506 .inherits = &ata_sff_port_ops,
19507 .qc_issue = ns87410_qc_issue,
19508 .cable_detect = ata_cable_40wire,
19509 diff -urNp linux-2.6.32.1/drivers/ata/pata_ns87415.c linux-2.6.32.1/drivers/ata/pata_ns87415.c
19510 --- linux-2.6.32.1/drivers/ata/pata_ns87415.c 2009-12-02 22:51:21.000000000 -0500
19511 +++ linux-2.6.32.1/drivers/ata/pata_ns87415.c 2009-12-14 18:33:52.453740321 -0500
19512 @@ -299,7 +299,7 @@ static u8 ns87560_bmdma_status(struct at
19514 #endif /* 87560 SuperIO Support */
19516 -static struct ata_port_operations ns87415_pata_ops = {
19517 +static const struct ata_port_operations ns87415_pata_ops = {
19518 .inherits = &ata_bmdma_port_ops,
19520 .check_atapi_dma = ns87415_check_atapi_dma,
19521 @@ -313,7 +313,7 @@ static struct ata_port_operations ns8741
19524 #if defined(CONFIG_SUPERIO)
19525 -static struct ata_port_operations ns87560_pata_ops = {
19526 +static const struct ata_port_operations ns87560_pata_ops = {
19527 .inherits = &ns87415_pata_ops,
19528 .sff_tf_read = ns87560_tf_read,
19529 .sff_check_status = ns87560_check_status,
19530 diff -urNp linux-2.6.32.1/drivers/ata/pata_octeon_cf.c linux-2.6.32.1/drivers/ata/pata_octeon_cf.c
19531 --- linux-2.6.32.1/drivers/ata/pata_octeon_cf.c 2009-12-02 22:51:21.000000000 -0500
19532 +++ linux-2.6.32.1/drivers/ata/pata_octeon_cf.c 2009-12-14 18:33:52.461780616 -0500
19533 @@ -801,6 +801,7 @@ static unsigned int octeon_cf_qc_issue(s
19537 +/* cannot be const */
19538 static struct ata_port_operations octeon_cf_ops = {
19539 .inherits = &ata_sff_port_ops,
19540 .check_atapi_dma = octeon_cf_check_atapi_dma,
19541 diff -urNp linux-2.6.32.1/drivers/ata/pata_oldpiix.c linux-2.6.32.1/drivers/ata/pata_oldpiix.c
19542 --- linux-2.6.32.1/drivers/ata/pata_oldpiix.c 2009-12-02 22:51:21.000000000 -0500
19543 +++ linux-2.6.32.1/drivers/ata/pata_oldpiix.c 2009-12-14 18:33:52.488777624 -0500
19544 @@ -208,7 +208,7 @@ static struct scsi_host_template oldpiix
19545 ATA_BMDMA_SHT(DRV_NAME),
19548 -static struct ata_port_operations oldpiix_pata_ops = {
19549 +static const struct ata_port_operations oldpiix_pata_ops = {
19550 .inherits = &ata_bmdma_port_ops,
19551 .qc_issue = oldpiix_qc_issue,
19552 .cable_detect = ata_cable_40wire,
19553 diff -urNp linux-2.6.32.1/drivers/ata/pata_opti.c linux-2.6.32.1/drivers/ata/pata_opti.c
19554 --- linux-2.6.32.1/drivers/ata/pata_opti.c 2009-12-02 22:51:21.000000000 -0500
19555 +++ linux-2.6.32.1/drivers/ata/pata_opti.c 2009-12-14 18:33:52.490712194 -0500
19556 @@ -152,7 +152,7 @@ static struct scsi_host_template opti_sh
19557 ATA_PIO_SHT(DRV_NAME),
19560 -static struct ata_port_operations opti_port_ops = {
19561 +static const struct ata_port_operations opti_port_ops = {
19562 .inherits = &ata_sff_port_ops,
19563 .cable_detect = ata_cable_40wire,
19564 .set_piomode = opti_set_piomode,
19565 diff -urNp linux-2.6.32.1/drivers/ata/pata_optidma.c linux-2.6.32.1/drivers/ata/pata_optidma.c
19566 --- linux-2.6.32.1/drivers/ata/pata_optidma.c 2009-12-02 22:51:21.000000000 -0500
19567 +++ linux-2.6.32.1/drivers/ata/pata_optidma.c 2009-12-14 18:33:52.497787330 -0500
19568 @@ -337,7 +337,7 @@ static struct scsi_host_template optidma
19569 ATA_BMDMA_SHT(DRV_NAME),
19572 -static struct ata_port_operations optidma_port_ops = {
19573 +static const struct ata_port_operations optidma_port_ops = {
19574 .inherits = &ata_bmdma_port_ops,
19575 .cable_detect = ata_cable_40wire,
19576 .set_piomode = optidma_set_pio_mode,
19577 @@ -346,7 +346,7 @@ static struct ata_port_operations optidm
19578 .prereset = optidma_pre_reset,
19581 -static struct ata_port_operations optiplus_port_ops = {
19582 +static const struct ata_port_operations optiplus_port_ops = {
19583 .inherits = &optidma_port_ops,
19584 .set_piomode = optiplus_set_pio_mode,
19585 .set_dmamode = optiplus_set_dma_mode,
19586 diff -urNp linux-2.6.32.1/drivers/ata/pata_palmld.c linux-2.6.32.1/drivers/ata/pata_palmld.c
19587 --- linux-2.6.32.1/drivers/ata/pata_palmld.c 2009-12-02 22:51:21.000000000 -0500
19588 +++ linux-2.6.32.1/drivers/ata/pata_palmld.c 2009-12-14 18:33:52.499703226 -0500
19589 @@ -37,7 +37,7 @@ static struct scsi_host_template palmld_
19590 ATA_PIO_SHT(DRV_NAME),
19593 -static struct ata_port_operations palmld_port_ops = {
19594 +static const struct ata_port_operations palmld_port_ops = {
19595 .inherits = &ata_sff_port_ops,
19596 .sff_data_xfer = ata_sff_data_xfer_noirq,
19597 .cable_detect = ata_cable_40wire,
19598 diff -urNp linux-2.6.32.1/drivers/ata/pata_pcmcia.c linux-2.6.32.1/drivers/ata/pata_pcmcia.c
19599 --- linux-2.6.32.1/drivers/ata/pata_pcmcia.c 2009-12-02 22:51:21.000000000 -0500
19600 +++ linux-2.6.32.1/drivers/ata/pata_pcmcia.c 2009-12-14 18:33:52.508737710 -0500
19601 @@ -162,14 +162,14 @@ static struct scsi_host_template pcmcia_
19602 ATA_PIO_SHT(DRV_NAME),
19605 -static struct ata_port_operations pcmcia_port_ops = {
19606 +static const struct ata_port_operations pcmcia_port_ops = {
19607 .inherits = &ata_sff_port_ops,
19608 .sff_data_xfer = ata_sff_data_xfer_noirq,
19609 .cable_detect = ata_cable_40wire,
19610 .set_mode = pcmcia_set_mode,
19613 -static struct ata_port_operations pcmcia_8bit_port_ops = {
19614 +static const struct ata_port_operations pcmcia_8bit_port_ops = {
19615 .inherits = &ata_sff_port_ops,
19616 .sff_data_xfer = ata_data_xfer_8bit,
19617 .cable_detect = ata_cable_40wire,
19618 @@ -256,7 +256,7 @@ static int pcmcia_init_one(struct pcmcia
19619 unsigned long io_base, ctl_base;
19620 void __iomem *io_addr, *ctl_addr;
19622 - struct ata_port_operations *ops = &pcmcia_port_ops;
19623 + const struct ata_port_operations *ops = &pcmcia_port_ops;
19625 info = kzalloc(sizeof(*info), GFP_KERNEL);
19627 diff -urNp linux-2.6.32.1/drivers/ata/pata_pdc2027x.c linux-2.6.32.1/drivers/ata/pata_pdc2027x.c
19628 --- linux-2.6.32.1/drivers/ata/pata_pdc2027x.c 2009-12-02 22:51:21.000000000 -0500
19629 +++ linux-2.6.32.1/drivers/ata/pata_pdc2027x.c 2009-12-14 18:33:52.513816405 -0500
19630 @@ -132,14 +132,14 @@ static struct scsi_host_template pdc2027
19631 ATA_BMDMA_SHT(DRV_NAME),
19634 -static struct ata_port_operations pdc2027x_pata100_ops = {
19635 +static const struct ata_port_operations pdc2027x_pata100_ops = {
19636 .inherits = &ata_bmdma_port_ops,
19637 .check_atapi_dma = pdc2027x_check_atapi_dma,
19638 .cable_detect = pdc2027x_cable_detect,
19639 .prereset = pdc2027x_prereset,
19642 -static struct ata_port_operations pdc2027x_pata133_ops = {
19643 +static const struct ata_port_operations pdc2027x_pata133_ops = {
19644 .inherits = &pdc2027x_pata100_ops,
19645 .mode_filter = pdc2027x_mode_filter,
19646 .set_piomode = pdc2027x_set_piomode,
19647 diff -urNp linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c
19648 --- linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c 2009-12-02 22:51:21.000000000 -0500
19649 +++ linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c 2009-12-14 18:33:52.519782684 -0500
19650 @@ -265,7 +265,7 @@ static struct scsi_host_template pdc202x
19651 ATA_BMDMA_SHT(DRV_NAME),
19654 -static struct ata_port_operations pdc2024x_port_ops = {
19655 +static const struct ata_port_operations pdc2024x_port_ops = {
19656 .inherits = &ata_bmdma_port_ops,
19658 .cable_detect = ata_cable_40wire,
19659 @@ -273,7 +273,7 @@ static struct ata_port_operations pdc202
19660 .set_dmamode = pdc202xx_set_dmamode,
19663 -static struct ata_port_operations pdc2026x_port_ops = {
19664 +static const struct ata_port_operations pdc2026x_port_ops = {
19665 .inherits = &pdc2024x_port_ops,
19667 .check_atapi_dma = pdc2026x_check_atapi_dma,
19668 diff -urNp linux-2.6.32.1/drivers/ata/pata_platform.c linux-2.6.32.1/drivers/ata/pata_platform.c
19669 --- linux-2.6.32.1/drivers/ata/pata_platform.c 2009-12-02 22:51:21.000000000 -0500
19670 +++ linux-2.6.32.1/drivers/ata/pata_platform.c 2009-12-14 18:33:52.537747965 -0500
19671 @@ -48,7 +48,7 @@ static struct scsi_host_template pata_pl
19672 ATA_PIO_SHT(DRV_NAME),
19675 -static struct ata_port_operations pata_platform_port_ops = {
19676 +static const struct ata_port_operations pata_platform_port_ops = {
19677 .inherits = &ata_sff_port_ops,
19678 .sff_data_xfer = ata_sff_data_xfer_noirq,
19679 .cable_detect = ata_cable_unknown,
19680 diff -urNp linux-2.6.32.1/drivers/ata/pata_qdi.c linux-2.6.32.1/drivers/ata/pata_qdi.c
19681 --- linux-2.6.32.1/drivers/ata/pata_qdi.c 2009-12-02 22:51:21.000000000 -0500
19682 +++ linux-2.6.32.1/drivers/ata/pata_qdi.c 2009-12-14 18:33:52.546712944 -0500
19683 @@ -157,7 +157,7 @@ static struct scsi_host_template qdi_sht
19684 ATA_PIO_SHT(DRV_NAME),
19687 -static struct ata_port_operations qdi6500_port_ops = {
19688 +static const struct ata_port_operations qdi6500_port_ops = {
19689 .inherits = &ata_sff_port_ops,
19690 .qc_issue = qdi_qc_issue,
19691 .sff_data_xfer = qdi_data_xfer,
19692 @@ -165,7 +165,7 @@ static struct ata_port_operations qdi650
19693 .set_piomode = qdi6500_set_piomode,
19696 -static struct ata_port_operations qdi6580_port_ops = {
19697 +static const struct ata_port_operations qdi6580_port_ops = {
19698 .inherits = &qdi6500_port_ops,
19699 .set_piomode = qdi6580_set_piomode,
19701 diff -urNp linux-2.6.32.1/drivers/ata/pata_radisys.c linux-2.6.32.1/drivers/ata/pata_radisys.c
19702 --- linux-2.6.32.1/drivers/ata/pata_radisys.c 2009-12-02 22:51:21.000000000 -0500
19703 +++ linux-2.6.32.1/drivers/ata/pata_radisys.c 2009-12-14 18:33:52.547762477 -0500
19704 @@ -187,7 +187,7 @@ static struct scsi_host_template radisys
19705 ATA_BMDMA_SHT(DRV_NAME),
19708 -static struct ata_port_operations radisys_pata_ops = {
19709 +static const struct ata_port_operations radisys_pata_ops = {
19710 .inherits = &ata_bmdma_port_ops,
19711 .qc_issue = radisys_qc_issue,
19712 .cable_detect = ata_cable_unknown,
19713 diff -urNp linux-2.6.32.1/drivers/ata/pata_rb532_cf.c linux-2.6.32.1/drivers/ata/pata_rb532_cf.c
19714 --- linux-2.6.32.1/drivers/ata/pata_rb532_cf.c 2009-12-02 22:51:21.000000000 -0500
19715 +++ linux-2.6.32.1/drivers/ata/pata_rb532_cf.c 2009-12-14 18:33:52.548735147 -0500
19716 @@ -68,7 +68,7 @@ static irqreturn_t rb532_pata_irq_handle
19717 return IRQ_HANDLED;
19720 -static struct ata_port_operations rb532_pata_port_ops = {
19721 +static const struct ata_port_operations rb532_pata_port_ops = {
19722 .inherits = &ata_sff_port_ops,
19723 .sff_data_xfer = ata_sff_data_xfer32,
19725 diff -urNp linux-2.6.32.1/drivers/ata/pata_rdc.c linux-2.6.32.1/drivers/ata/pata_rdc.c
19726 --- linux-2.6.32.1/drivers/ata/pata_rdc.c 2009-12-02 22:51:21.000000000 -0500
19727 +++ linux-2.6.32.1/drivers/ata/pata_rdc.c 2009-12-14 18:33:52.567802368 -0500
19728 @@ -272,7 +272,7 @@ static void rdc_set_dmamode(struct ata_p
19729 pci_write_config_byte(dev, 0x48, udma_enable);
19732 -static struct ata_port_operations rdc_pata_ops = {
19733 +static const struct ata_port_operations rdc_pata_ops = {
19734 .inherits = &ata_bmdma32_port_ops,
19735 .cable_detect = rdc_pata_cable_detect,
19736 .set_piomode = rdc_set_piomode,
19737 diff -urNp linux-2.6.32.1/drivers/ata/pata_rz1000.c linux-2.6.32.1/drivers/ata/pata_rz1000.c
19738 --- linux-2.6.32.1/drivers/ata/pata_rz1000.c 2009-12-02 22:51:21.000000000 -0500
19739 +++ linux-2.6.32.1/drivers/ata/pata_rz1000.c 2009-12-14 18:33:52.567802368 -0500
19740 @@ -54,7 +54,7 @@ static struct scsi_host_template rz1000_
19741 ATA_PIO_SHT(DRV_NAME),
19744 -static struct ata_port_operations rz1000_port_ops = {
19745 +static const struct ata_port_operations rz1000_port_ops = {
19746 .inherits = &ata_sff_port_ops,
19747 .cable_detect = ata_cable_40wire,
19748 .set_mode = rz1000_set_mode,
19749 diff -urNp linux-2.6.32.1/drivers/ata/pata_sc1200.c linux-2.6.32.1/drivers/ata/pata_sc1200.c
19750 --- linux-2.6.32.1/drivers/ata/pata_sc1200.c 2009-12-02 22:51:21.000000000 -0500
19751 +++ linux-2.6.32.1/drivers/ata/pata_sc1200.c 2009-12-14 18:33:52.572791092 -0500
19752 @@ -207,7 +207,7 @@ static struct scsi_host_template sc1200_
19753 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19756 -static struct ata_port_operations sc1200_port_ops = {
19757 +static const struct ata_port_operations sc1200_port_ops = {
19758 .inherits = &ata_bmdma_port_ops,
19759 .qc_prep = ata_sff_dumb_qc_prep,
19760 .qc_issue = sc1200_qc_issue,
19761 diff -urNp linux-2.6.32.1/drivers/ata/pata_scc.c linux-2.6.32.1/drivers/ata/pata_scc.c
19762 --- linux-2.6.32.1/drivers/ata/pata_scc.c 2009-12-02 22:51:21.000000000 -0500
19763 +++ linux-2.6.32.1/drivers/ata/pata_scc.c 2009-12-14 18:33:52.575757473 -0500
19764 @@ -965,7 +965,7 @@ static struct scsi_host_template scc_sht
19765 ATA_BMDMA_SHT(DRV_NAME),
19768 -static struct ata_port_operations scc_pata_ops = {
19769 +static const struct ata_port_operations scc_pata_ops = {
19770 .inherits = &ata_bmdma_port_ops,
19772 .set_piomode = scc_set_piomode,
19773 diff -urNp linux-2.6.32.1/drivers/ata/pata_sch.c linux-2.6.32.1/drivers/ata/pata_sch.c
19774 --- linux-2.6.32.1/drivers/ata/pata_sch.c 2009-12-02 22:51:21.000000000 -0500
19775 +++ linux-2.6.32.1/drivers/ata/pata_sch.c 2009-12-14 18:33:52.590795896 -0500
19776 @@ -75,7 +75,7 @@ static struct scsi_host_template sch_sht
19777 ATA_BMDMA_SHT(DRV_NAME),
19780 -static struct ata_port_operations sch_pata_ops = {
19781 +static const struct ata_port_operations sch_pata_ops = {
19782 .inherits = &ata_bmdma_port_ops,
19783 .cable_detect = ata_cable_unknown,
19784 .set_piomode = sch_set_piomode,
19785 diff -urNp linux-2.6.32.1/drivers/ata/pata_serverworks.c linux-2.6.32.1/drivers/ata/pata_serverworks.c
19786 --- linux-2.6.32.1/drivers/ata/pata_serverworks.c 2009-12-02 22:51:21.000000000 -0500
19787 +++ linux-2.6.32.1/drivers/ata/pata_serverworks.c 2009-12-14 18:33:52.608788179 -0500
19788 @@ -299,7 +299,7 @@ static struct scsi_host_template serverw
19789 ATA_BMDMA_SHT(DRV_NAME),
19792 -static struct ata_port_operations serverworks_osb4_port_ops = {
19793 +static const struct ata_port_operations serverworks_osb4_port_ops = {
19794 .inherits = &ata_bmdma_port_ops,
19795 .cable_detect = serverworks_cable_detect,
19796 .mode_filter = serverworks_osb4_filter,
19797 @@ -307,7 +307,7 @@ static struct ata_port_operations server
19798 .set_dmamode = serverworks_set_dmamode,
19801 -static struct ata_port_operations serverworks_csb_port_ops = {
19802 +static const struct ata_port_operations serverworks_csb_port_ops = {
19803 .inherits = &serverworks_osb4_port_ops,
19804 .mode_filter = serverworks_csb_filter,
19806 diff -urNp linux-2.6.32.1/drivers/ata/pata_sil680.c linux-2.6.32.1/drivers/ata/pata_sil680.c
19807 --- linux-2.6.32.1/drivers/ata/pata_sil680.c 2009-12-02 22:51:21.000000000 -0500
19808 +++ linux-2.6.32.1/drivers/ata/pata_sil680.c 2009-12-14 18:33:52.616795701 -0500
19809 @@ -194,7 +194,7 @@ static struct scsi_host_template sil680_
19810 ATA_BMDMA_SHT(DRV_NAME),
19813 -static struct ata_port_operations sil680_port_ops = {
19814 +static const struct ata_port_operations sil680_port_ops = {
19815 .inherits = &ata_bmdma32_port_ops,
19816 .cable_detect = sil680_cable_detect,
19817 .set_piomode = sil680_set_piomode,
19818 diff -urNp linux-2.6.32.1/drivers/ata/pata_sis.c linux-2.6.32.1/drivers/ata/pata_sis.c
19819 --- linux-2.6.32.1/drivers/ata/pata_sis.c 2009-12-02 22:51:21.000000000 -0500
19820 +++ linux-2.6.32.1/drivers/ata/pata_sis.c 2009-12-14 18:33:52.617796446 -0500
19821 @@ -503,47 +503,47 @@ static struct scsi_host_template sis_sht
19822 ATA_BMDMA_SHT(DRV_NAME),
19825 -static struct ata_port_operations sis_133_for_sata_ops = {
19826 +static const struct ata_port_operations sis_133_for_sata_ops = {
19827 .inherits = &ata_bmdma_port_ops,
19828 .set_piomode = sis_133_set_piomode,
19829 .set_dmamode = sis_133_set_dmamode,
19830 .cable_detect = sis_133_cable_detect,
19833 -static struct ata_port_operations sis_base_ops = {
19834 +static const struct ata_port_operations sis_base_ops = {
19835 .inherits = &ata_bmdma_port_ops,
19836 .prereset = sis_pre_reset,
19839 -static struct ata_port_operations sis_133_ops = {
19840 +static const struct ata_port_operations sis_133_ops = {
19841 .inherits = &sis_base_ops,
19842 .set_piomode = sis_133_set_piomode,
19843 .set_dmamode = sis_133_set_dmamode,
19844 .cable_detect = sis_133_cable_detect,
19847 -static struct ata_port_operations sis_133_early_ops = {
19848 +static const struct ata_port_operations sis_133_early_ops = {
19849 .inherits = &sis_base_ops,
19850 .set_piomode = sis_100_set_piomode,
19851 .set_dmamode = sis_133_early_set_dmamode,
19852 .cable_detect = sis_66_cable_detect,
19855 -static struct ata_port_operations sis_100_ops = {
19856 +static const struct ata_port_operations sis_100_ops = {
19857 .inherits = &sis_base_ops,
19858 .set_piomode = sis_100_set_piomode,
19859 .set_dmamode = sis_100_set_dmamode,
19860 .cable_detect = sis_66_cable_detect,
19863 -static struct ata_port_operations sis_66_ops = {
19864 +static const struct ata_port_operations sis_66_ops = {
19865 .inherits = &sis_base_ops,
19866 .set_piomode = sis_old_set_piomode,
19867 .set_dmamode = sis_66_set_dmamode,
19868 .cable_detect = sis_66_cable_detect,
19871 -static struct ata_port_operations sis_old_ops = {
19872 +static const struct ata_port_operations sis_old_ops = {
19873 .inherits = &sis_base_ops,
19874 .set_piomode = sis_old_set_piomode,
19875 .set_dmamode = sis_old_set_dmamode,
19876 diff -urNp linux-2.6.32.1/drivers/ata/pata_sl82c105.c linux-2.6.32.1/drivers/ata/pata_sl82c105.c
19877 --- linux-2.6.32.1/drivers/ata/pata_sl82c105.c 2009-12-02 22:51:21.000000000 -0500
19878 +++ linux-2.6.32.1/drivers/ata/pata_sl82c105.c 2009-12-14 18:33:52.618796044 -0500
19879 @@ -231,7 +231,7 @@ static struct scsi_host_template sl82c10
19880 ATA_BMDMA_SHT(DRV_NAME),
19883 -static struct ata_port_operations sl82c105_port_ops = {
19884 +static const struct ata_port_operations sl82c105_port_ops = {
19885 .inherits = &ata_bmdma_port_ops,
19886 .qc_defer = sl82c105_qc_defer,
19887 .bmdma_start = sl82c105_bmdma_start,
19888 diff -urNp linux-2.6.32.1/drivers/ata/pata_triflex.c linux-2.6.32.1/drivers/ata/pata_triflex.c
19889 --- linux-2.6.32.1/drivers/ata/pata_triflex.c 2009-12-02 22:51:21.000000000 -0500
19890 +++ linux-2.6.32.1/drivers/ata/pata_triflex.c 2009-12-14 18:33:52.619803170 -0500
19891 @@ -178,7 +178,7 @@ static struct scsi_host_template triflex
19892 ATA_BMDMA_SHT(DRV_NAME),
19895 -static struct ata_port_operations triflex_port_ops = {
19896 +static const struct ata_port_operations triflex_port_ops = {
19897 .inherits = &ata_bmdma_port_ops,
19898 .bmdma_start = triflex_bmdma_start,
19899 .bmdma_stop = triflex_bmdma_stop,
19900 diff -urNp linux-2.6.32.1/drivers/ata/pata_via.c linux-2.6.32.1/drivers/ata/pata_via.c
19901 --- linux-2.6.32.1/drivers/ata/pata_via.c 2009-12-02 22:51:21.000000000 -0500
19902 +++ linux-2.6.32.1/drivers/ata/pata_via.c 2009-12-14 18:33:52.620780452 -0500
19903 @@ -419,7 +419,7 @@ static struct scsi_host_template via_sht
19904 ATA_BMDMA_SHT(DRV_NAME),
19907 -static struct ata_port_operations via_port_ops = {
19908 +static const struct ata_port_operations via_port_ops = {
19909 .inherits = &ata_bmdma_port_ops,
19910 .cable_detect = via_cable_detect,
19911 .set_piomode = via_set_piomode,
19912 @@ -429,7 +429,7 @@ static struct ata_port_operations via_po
19913 .port_start = via_port_start,
19916 -static struct ata_port_operations via_port_ops_noirq = {
19917 +static const struct ata_port_operations via_port_ops_noirq = {
19918 .inherits = &via_port_ops,
19919 .sff_data_xfer = ata_sff_data_xfer_noirq,
19921 diff -urNp linux-2.6.32.1/drivers/ata/pata_winbond.c linux-2.6.32.1/drivers/ata/pata_winbond.c
19922 --- linux-2.6.32.1/drivers/ata/pata_winbond.c 2009-12-02 22:51:21.000000000 -0500
19923 +++ linux-2.6.32.1/drivers/ata/pata_winbond.c 2009-12-14 18:33:52.626715963 -0500
19924 @@ -125,7 +125,7 @@ static struct scsi_host_template winbond
19925 ATA_PIO_SHT(DRV_NAME),
19928 -static struct ata_port_operations winbond_port_ops = {
19929 +static const struct ata_port_operations winbond_port_ops = {
19930 .inherits = &ata_sff_port_ops,
19931 .sff_data_xfer = winbond_data_xfer,
19932 .cable_detect = ata_cable_40wire,
19933 diff -urNp linux-2.6.32.1/drivers/ata/pdc_adma.c linux-2.6.32.1/drivers/ata/pdc_adma.c
19934 --- linux-2.6.32.1/drivers/ata/pdc_adma.c 2009-12-02 22:51:21.000000000 -0500
19935 +++ linux-2.6.32.1/drivers/ata/pdc_adma.c 2009-12-14 18:33:52.627794824 -0500
19936 @@ -145,7 +145,7 @@ static struct scsi_host_template adma_at
19937 .dma_boundary = ADMA_DMA_BOUNDARY,
19940 -static struct ata_port_operations adma_ata_ops = {
19941 +static const struct ata_port_operations adma_ata_ops = {
19942 .inherits = &ata_sff_port_ops,
19944 .lost_interrupt = ATA_OP_NULL,
19945 diff -urNp linux-2.6.32.1/drivers/ata/sata_fsl.c linux-2.6.32.1/drivers/ata/sata_fsl.c
19946 --- linux-2.6.32.1/drivers/ata/sata_fsl.c 2009-12-02 22:51:21.000000000 -0500
19947 +++ linux-2.6.32.1/drivers/ata/sata_fsl.c 2009-12-14 18:33:52.637747586 -0500
19948 @@ -1258,7 +1258,7 @@ static struct scsi_host_template sata_fs
19949 .dma_boundary = ATA_DMA_BOUNDARY,
19952 -static struct ata_port_operations sata_fsl_ops = {
19953 +static const struct ata_port_operations sata_fsl_ops = {
19954 .inherits = &sata_pmp_port_ops,
19956 .qc_defer = ata_std_qc_defer,
19957 diff -urNp linux-2.6.32.1/drivers/ata/sata_inic162x.c linux-2.6.32.1/drivers/ata/sata_inic162x.c
19958 --- linux-2.6.32.1/drivers/ata/sata_inic162x.c 2009-12-02 22:51:21.000000000 -0500
19959 +++ linux-2.6.32.1/drivers/ata/sata_inic162x.c 2009-12-14 18:33:52.639706652 -0500
19960 @@ -721,7 +721,7 @@ static int inic_port_start(struct ata_po
19964 -static struct ata_port_operations inic_port_ops = {
19965 +static const struct ata_port_operations inic_port_ops = {
19966 .inherits = &sata_port_ops,
19968 .check_atapi_dma = inic_check_atapi_dma,
19969 diff -urNp linux-2.6.32.1/drivers/ata/sata_mv.c linux-2.6.32.1/drivers/ata/sata_mv.c
19970 --- linux-2.6.32.1/drivers/ata/sata_mv.c 2009-12-02 22:51:21.000000000 -0500
19971 +++ linux-2.6.32.1/drivers/ata/sata_mv.c 2009-12-14 18:33:52.658704306 -0500
19972 @@ -656,7 +656,7 @@ static struct scsi_host_template mv6_sht
19973 .dma_boundary = MV_DMA_BOUNDARY,
19976 -static struct ata_port_operations mv5_ops = {
19977 +static const struct ata_port_operations mv5_ops = {
19978 .inherits = &ata_sff_port_ops,
19980 .lost_interrupt = ATA_OP_NULL,
19981 @@ -678,7 +678,7 @@ static struct ata_port_operations mv5_op
19982 .port_stop = mv_port_stop,
19985 -static struct ata_port_operations mv6_ops = {
19986 +static const struct ata_port_operations mv6_ops = {
19987 .inherits = &mv5_ops,
19988 .dev_config = mv6_dev_config,
19989 .scr_read = mv_scr_read,
19990 @@ -698,7 +698,7 @@ static struct ata_port_operations mv6_op
19991 .bmdma_status = mv_bmdma_status,
19994 -static struct ata_port_operations mv_iie_ops = {
19995 +static const struct ata_port_operations mv_iie_ops = {
19996 .inherits = &mv6_ops,
19997 .dev_config = ATA_OP_NULL,
19998 .qc_prep = mv_qc_prep_iie,
19999 diff -urNp linux-2.6.32.1/drivers/ata/sata_nv.c linux-2.6.32.1/drivers/ata/sata_nv.c
20000 --- linux-2.6.32.1/drivers/ata/sata_nv.c 2009-12-02 22:51:21.000000000 -0500
20001 +++ linux-2.6.32.1/drivers/ata/sata_nv.c 2009-12-14 18:33:52.696718019 -0500
20002 @@ -464,7 +464,7 @@ static struct scsi_host_template nv_swnc
20003 * cases. Define nv_hardreset() which only kicks in for post-boot
20004 * probing and use it for all variants.
20006 -static struct ata_port_operations nv_generic_ops = {
20007 +static const struct ata_port_operations nv_generic_ops = {
20008 .inherits = &ata_bmdma_port_ops,
20009 .lost_interrupt = ATA_OP_NULL,
20010 .scr_read = nv_scr_read,
20011 @@ -472,20 +472,20 @@ static struct ata_port_operations nv_gen
20012 .hardreset = nv_hardreset,
20015 -static struct ata_port_operations nv_nf2_ops = {
20016 +static const struct ata_port_operations nv_nf2_ops = {
20017 .inherits = &nv_generic_ops,
20018 .freeze = nv_nf2_freeze,
20019 .thaw = nv_nf2_thaw,
20022 -static struct ata_port_operations nv_ck804_ops = {
20023 +static const struct ata_port_operations nv_ck804_ops = {
20024 .inherits = &nv_generic_ops,
20025 .freeze = nv_ck804_freeze,
20026 .thaw = nv_ck804_thaw,
20027 .host_stop = nv_ck804_host_stop,
20030 -static struct ata_port_operations nv_adma_ops = {
20031 +static const struct ata_port_operations nv_adma_ops = {
20032 .inherits = &nv_ck804_ops,
20034 .check_atapi_dma = nv_adma_check_atapi_dma,
20035 @@ -509,7 +509,7 @@ static struct ata_port_operations nv_adm
20036 .host_stop = nv_adma_host_stop,
20039 -static struct ata_port_operations nv_swncq_ops = {
20040 +static const struct ata_port_operations nv_swncq_ops = {
20041 .inherits = &nv_generic_ops,
20043 .qc_defer = ata_std_qc_defer,
20044 diff -urNp linux-2.6.32.1/drivers/ata/sata_promise.c linux-2.6.32.1/drivers/ata/sata_promise.c
20045 --- linux-2.6.32.1/drivers/ata/sata_promise.c 2009-12-02 22:51:21.000000000 -0500
20046 +++ linux-2.6.32.1/drivers/ata/sata_promise.c 2009-12-14 18:33:52.698752470 -0500
20047 @@ -195,7 +195,7 @@ static const struct ata_port_operations
20048 .error_handler = pdc_error_handler,
20051 -static struct ata_port_operations pdc_sata_ops = {
20052 +static const struct ata_port_operations pdc_sata_ops = {
20053 .inherits = &pdc_common_ops,
20054 .cable_detect = pdc_sata_cable_detect,
20055 .freeze = pdc_sata_freeze,
20056 @@ -208,14 +208,14 @@ static struct ata_port_operations pdc_sa
20058 /* First-generation chips need a more restrictive ->check_atapi_dma op,
20059 and ->freeze/thaw that ignore the hotplug controls. */
20060 -static struct ata_port_operations pdc_old_sata_ops = {
20061 +static const struct ata_port_operations pdc_old_sata_ops = {
20062 .inherits = &pdc_sata_ops,
20063 .freeze = pdc_freeze,
20065 .check_atapi_dma = pdc_old_sata_check_atapi_dma,
20068 -static struct ata_port_operations pdc_pata_ops = {
20069 +static const struct ata_port_operations pdc_pata_ops = {
20070 .inherits = &pdc_common_ops,
20071 .cable_detect = pdc_pata_cable_detect,
20072 .freeze = pdc_freeze,
20073 diff -urNp linux-2.6.32.1/drivers/ata/sata_qstor.c linux-2.6.32.1/drivers/ata/sata_qstor.c
20074 --- linux-2.6.32.1/drivers/ata/sata_qstor.c 2009-12-02 22:51:21.000000000 -0500
20075 +++ linux-2.6.32.1/drivers/ata/sata_qstor.c 2009-12-14 18:33:52.699808658 -0500
20076 @@ -132,7 +132,7 @@ static struct scsi_host_template qs_ata_
20077 .dma_boundary = QS_DMA_BOUNDARY,
20080 -static struct ata_port_operations qs_ata_ops = {
20081 +static const struct ata_port_operations qs_ata_ops = {
20082 .inherits = &ata_sff_port_ops,
20084 .check_atapi_dma = qs_check_atapi_dma,
20085 diff -urNp linux-2.6.32.1/drivers/ata/sata_sil24.c linux-2.6.32.1/drivers/ata/sata_sil24.c
20086 --- linux-2.6.32.1/drivers/ata/sata_sil24.c 2009-12-02 22:51:21.000000000 -0500
20087 +++ linux-2.6.32.1/drivers/ata/sata_sil24.c 2009-12-14 18:33:52.705762950 -0500
20088 @@ -388,7 +388,7 @@ static struct scsi_host_template sil24_s
20089 .dma_boundary = ATA_DMA_BOUNDARY,
20092 -static struct ata_port_operations sil24_ops = {
20093 +static const struct ata_port_operations sil24_ops = {
20094 .inherits = &sata_pmp_port_ops,
20096 .qc_defer = sil24_qc_defer,
20097 diff -urNp linux-2.6.32.1/drivers/ata/sata_sil.c linux-2.6.32.1/drivers/ata/sata_sil.c
20098 --- linux-2.6.32.1/drivers/ata/sata_sil.c 2009-12-02 22:51:21.000000000 -0500
20099 +++ linux-2.6.32.1/drivers/ata/sata_sil.c 2009-12-14 18:33:52.707805475 -0500
20100 @@ -182,7 +182,7 @@ static struct scsi_host_template sil_sht
20101 .sg_tablesize = ATA_MAX_PRD
20104 -static struct ata_port_operations sil_ops = {
20105 +static const struct ata_port_operations sil_ops = {
20106 .inherits = &ata_bmdma32_port_ops,
20107 .dev_config = sil_dev_config,
20108 .set_mode = sil_set_mode,
20109 diff -urNp linux-2.6.32.1/drivers/ata/sata_sis.c linux-2.6.32.1/drivers/ata/sata_sis.c
20110 --- linux-2.6.32.1/drivers/ata/sata_sis.c 2009-12-02 22:51:21.000000000 -0500
20111 +++ linux-2.6.32.1/drivers/ata/sata_sis.c 2009-12-14 18:33:52.714800469 -0500
20112 @@ -89,7 +89,7 @@ static struct scsi_host_template sis_sht
20113 ATA_BMDMA_SHT(DRV_NAME),
20116 -static struct ata_port_operations sis_ops = {
20117 +static const struct ata_port_operations sis_ops = {
20118 .inherits = &ata_bmdma_port_ops,
20119 .scr_read = sis_scr_read,
20120 .scr_write = sis_scr_write,
20121 diff -urNp linux-2.6.32.1/drivers/ata/sata_svw.c linux-2.6.32.1/drivers/ata/sata_svw.c
20122 --- linux-2.6.32.1/drivers/ata/sata_svw.c 2009-12-02 22:51:21.000000000 -0500
20123 +++ linux-2.6.32.1/drivers/ata/sata_svw.c 2009-12-14 18:33:52.715787586 -0500
20124 @@ -344,7 +344,7 @@ static struct scsi_host_template k2_sata
20128 -static struct ata_port_operations k2_sata_ops = {
20129 +static const struct ata_port_operations k2_sata_ops = {
20130 .inherits = &ata_bmdma_port_ops,
20131 .sff_tf_load = k2_sata_tf_load,
20132 .sff_tf_read = k2_sata_tf_read,
20133 diff -urNp linux-2.6.32.1/drivers/ata/sata_sx4.c linux-2.6.32.1/drivers/ata/sata_sx4.c
20134 --- linux-2.6.32.1/drivers/ata/sata_sx4.c 2009-12-02 22:51:21.000000000 -0500
20135 +++ linux-2.6.32.1/drivers/ata/sata_sx4.c 2009-12-14 18:33:52.727821368 -0500
20136 @@ -248,7 +248,7 @@ static struct scsi_host_template pdc_sat
20139 /* TODO: inherit from base port_ops after converting to new EH */
20140 -static struct ata_port_operations pdc_20621_ops = {
20141 +static const struct ata_port_operations pdc_20621_ops = {
20142 .inherits = &ata_sff_port_ops,
20144 .check_atapi_dma = pdc_check_atapi_dma,
20145 diff -urNp linux-2.6.32.1/drivers/ata/sata_uli.c linux-2.6.32.1/drivers/ata/sata_uli.c
20146 --- linux-2.6.32.1/drivers/ata/sata_uli.c 2009-12-02 22:51:21.000000000 -0500
20147 +++ linux-2.6.32.1/drivers/ata/sata_uli.c 2009-12-14 18:33:52.734813932 -0500
20148 @@ -79,7 +79,7 @@ static struct scsi_host_template uli_sht
20149 ATA_BMDMA_SHT(DRV_NAME),
20152 -static struct ata_port_operations uli_ops = {
20153 +static const struct ata_port_operations uli_ops = {
20154 .inherits = &ata_bmdma_port_ops,
20155 .scr_read = uli_scr_read,
20156 .scr_write = uli_scr_write,
20157 diff -urNp linux-2.6.32.1/drivers/ata/sata_via.c linux-2.6.32.1/drivers/ata/sata_via.c
20158 --- linux-2.6.32.1/drivers/ata/sata_via.c 2009-12-02 22:51:21.000000000 -0500
20159 +++ linux-2.6.32.1/drivers/ata/sata_via.c 2009-12-14 18:33:52.739786675 -0500
20160 @@ -112,31 +112,31 @@ static struct scsi_host_template svia_sh
20161 ATA_BMDMA_SHT(DRV_NAME),
20164 -static struct ata_port_operations svia_base_ops = {
20165 +static const struct ata_port_operations svia_base_ops = {
20166 .inherits = &ata_bmdma_port_ops,
20167 .sff_tf_load = svia_tf_load,
20170 -static struct ata_port_operations vt6420_sata_ops = {
20171 +static const struct ata_port_operations vt6420_sata_ops = {
20172 .inherits = &svia_base_ops,
20173 .freeze = svia_noop_freeze,
20174 .prereset = vt6420_prereset,
20177 -static struct ata_port_operations vt6421_pata_ops = {
20178 +static const struct ata_port_operations vt6421_pata_ops = {
20179 .inherits = &svia_base_ops,
20180 .cable_detect = vt6421_pata_cable_detect,
20181 .set_piomode = vt6421_set_pio_mode,
20182 .set_dmamode = vt6421_set_dma_mode,
20185 -static struct ata_port_operations vt6421_sata_ops = {
20186 +static const struct ata_port_operations vt6421_sata_ops = {
20187 .inherits = &svia_base_ops,
20188 .scr_read = svia_scr_read,
20189 .scr_write = svia_scr_write,
20192 -static struct ata_port_operations vt8251_ops = {
20193 +static const struct ata_port_operations vt8251_ops = {
20194 .inherits = &svia_base_ops,
20195 .hardreset = sata_std_hardreset,
20196 .scr_read = vt8251_scr_read,
20197 diff -urNp linux-2.6.32.1/drivers/ata/sata_vsc.c linux-2.6.32.1/drivers/ata/sata_vsc.c
20198 --- linux-2.6.32.1/drivers/ata/sata_vsc.c 2009-12-02 22:51:21.000000000 -0500
20199 +++ linux-2.6.32.1/drivers/ata/sata_vsc.c 2009-12-14 18:33:52.750768010 -0500
20200 @@ -306,7 +306,7 @@ static struct scsi_host_template vsc_sat
20204 -static struct ata_port_operations vsc_sata_ops = {
20205 +static const struct ata_port_operations vsc_sata_ops = {
20206 .inherits = &ata_bmdma_port_ops,
20207 /* The IRQ handling is not quite standard SFF behaviour so we
20208 cannot use the default lost interrupt handler */
20209 diff -urNp linux-2.6.32.1/drivers/atm/adummy.c linux-2.6.32.1/drivers/atm/adummy.c
20210 --- linux-2.6.32.1/drivers/atm/adummy.c 2009-12-02 22:51:21.000000000 -0500
20211 +++ linux-2.6.32.1/drivers/atm/adummy.c 2009-12-14 18:33:52.758818499 -0500
20212 @@ -77,7 +77,7 @@ adummy_send(struct atm_vcc *vcc, struct
20213 vcc->pop(vcc, skb);
20215 dev_kfree_skb_any(skb);
20216 - atomic_inc(&vcc->stats->tx);
20217 + atomic_inc_unchecked(&vcc->stats->tx);
20221 diff -urNp linux-2.6.32.1/drivers/atm/ambassador.c linux-2.6.32.1/drivers/atm/ambassador.c
20222 --- linux-2.6.32.1/drivers/atm/ambassador.c 2009-12-02 22:51:21.000000000 -0500
20223 +++ linux-2.6.32.1/drivers/atm/ambassador.c 2009-12-14 18:33:52.788804348 -0500
20224 @@ -453,7 +453,7 @@ static void tx_complete (amb_dev * dev,
20225 PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx);
20228 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
20229 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
20231 // free the descriptor
20233 @@ -494,7 +494,7 @@ static void rx_complete (amb_dev * dev,
20234 dump_skb ("<<<", vc, skb);
20237 - atomic_inc(&atm_vcc->stats->rx);
20238 + atomic_inc_unchecked(&atm_vcc->stats->rx);
20239 __net_timestamp(skb);
20240 // end of our responsability
20241 atm_vcc->push (atm_vcc, skb);
20242 @@ -509,7 +509,7 @@ static void rx_complete (amb_dev * dev,
20244 PRINTK (KERN_INFO, "dropped over-size frame");
20245 // should we count this?
20246 - atomic_inc(&atm_vcc->stats->rx_drop);
20247 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
20251 @@ -1341,7 +1341,7 @@ static int amb_send (struct atm_vcc * at
20254 if (check_area (skb->data, skb->len)) {
20255 - atomic_inc(&atm_vcc->stats->tx_err);
20256 + atomic_inc_unchecked(&atm_vcc->stats->tx_err);
20257 return -ENOMEM; // ?
20260 diff -urNp linux-2.6.32.1/drivers/atm/atmtcp.c linux-2.6.32.1/drivers/atm/atmtcp.c
20261 --- linux-2.6.32.1/drivers/atm/atmtcp.c 2009-12-02 22:51:21.000000000 -0500
20262 +++ linux-2.6.32.1/drivers/atm/atmtcp.c 2009-12-14 18:33:52.803786695 -0500
20263 @@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc
20264 if (vcc->pop) vcc->pop(vcc,skb);
20265 else dev_kfree_skb(skb);
20266 if (dev_data) return 0;
20267 - atomic_inc(&vcc->stats->tx_err);
20268 + atomic_inc_unchecked(&vcc->stats->tx_err);
20271 size = skb->len+sizeof(struct atmtcp_hdr);
20272 @@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc
20274 if (vcc->pop) vcc->pop(vcc,skb);
20275 else dev_kfree_skb(skb);
20276 - atomic_inc(&vcc->stats->tx_err);
20277 + atomic_inc_unchecked(&vcc->stats->tx_err);
20280 hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
20281 @@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc
20282 if (vcc->pop) vcc->pop(vcc,skb);
20283 else dev_kfree_skb(skb);
20284 out_vcc->push(out_vcc,new_skb);
20285 - atomic_inc(&vcc->stats->tx);
20286 - atomic_inc(&out_vcc->stats->rx);
20287 + atomic_inc_unchecked(&vcc->stats->tx);
20288 + atomic_inc_unchecked(&out_vcc->stats->rx);
20292 @@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc
20293 out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci));
20294 read_unlock(&vcc_sklist_lock);
20296 - atomic_inc(&vcc->stats->tx_err);
20297 + atomic_inc_unchecked(&vcc->stats->tx_err);
20300 skb_pull(skb,sizeof(struct atmtcp_hdr));
20301 @@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc
20302 __net_timestamp(new_skb);
20303 skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
20304 out_vcc->push(out_vcc,new_skb);
20305 - atomic_inc(&vcc->stats->tx);
20306 - atomic_inc(&out_vcc->stats->rx);
20307 + atomic_inc_unchecked(&vcc->stats->tx);
20308 + atomic_inc_unchecked(&out_vcc->stats->rx);
20310 if (vcc->pop) vcc->pop(vcc,skb);
20311 else dev_kfree_skb(skb);
20312 diff -urNp linux-2.6.32.1/drivers/atm/eni.c linux-2.6.32.1/drivers/atm/eni.c
20313 --- linux-2.6.32.1/drivers/atm/eni.c 2009-12-02 22:51:21.000000000 -0500
20314 +++ linux-2.6.32.1/drivers/atm/eni.c 2009-12-14 18:33:52.820819840 -0500
20315 @@ -525,7 +525,7 @@ static int rx_aal0(struct atm_vcc *vcc)
20316 DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n",
20319 - atomic_inc(&vcc->stats->rx_err);
20320 + atomic_inc_unchecked(&vcc->stats->rx_err);
20323 length = ATM_CELL_SIZE-1; /* no HEC */
20324 @@ -580,7 +580,7 @@ static int rx_aal5(struct atm_vcc *vcc)
20328 - atomic_inc(&vcc->stats->rx_err);
20329 + atomic_inc_unchecked(&vcc->stats->rx_err);
20332 size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2);
20333 @@ -597,7 +597,7 @@ static int rx_aal5(struct atm_vcc *vcc)
20334 "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n",
20335 vcc->dev->number,vcc->vci,length,size << 2,descr);
20337 - atomic_inc(&vcc->stats->rx_err);
20338 + atomic_inc_unchecked(&vcc->stats->rx_err);
20341 skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL;
20342 @@ -770,7 +770,7 @@ rx_dequeued++;
20343 vcc->push(vcc,skb);
20346 - atomic_inc(&vcc->stats->rx);
20347 + atomic_inc_unchecked(&vcc->stats->rx);
20349 wake_up(&eni_dev->rx_wait);
20351 @@ -1227,7 +1227,7 @@ static void dequeue_tx(struct atm_dev *d
20353 if (vcc->pop) vcc->pop(vcc,skb);
20354 else dev_kfree_skb_irq(skb);
20355 - atomic_inc(&vcc->stats->tx);
20356 + atomic_inc_unchecked(&vcc->stats->tx);
20357 wake_up(&eni_dev->tx_wait);
20360 diff -urNp linux-2.6.32.1/drivers/atm/firestream.c linux-2.6.32.1/drivers/atm/firestream.c
20361 --- linux-2.6.32.1/drivers/atm/firestream.c 2009-12-02 22:51:21.000000000 -0500
20362 +++ linux-2.6.32.1/drivers/atm/firestream.c 2009-12-14 18:33:52.841814340 -0500
20363 @@ -748,7 +748,7 @@ static void process_txdone_queue (struct
20367 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
20368 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
20370 fs_dprintk (FS_DEBUG_TXMEM, "i");
20371 fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
20372 @@ -815,7 +815,7 @@ static void process_incoming (struct fs_
20374 skb_put (skb, qe->p1 & 0xffff);
20375 ATM_SKB(skb)->vcc = atm_vcc;
20376 - atomic_inc(&atm_vcc->stats->rx);
20377 + atomic_inc_unchecked(&atm_vcc->stats->rx);
20378 __net_timestamp(skb);
20379 fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
20380 atm_vcc->push (atm_vcc, skb);
20381 @@ -836,12 +836,12 @@ static void process_incoming (struct fs_
20385 - atomic_inc(&atm_vcc->stats->rx_drop);
20386 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
20388 case 0x1f: /* Reassembly abort: no buffers. */
20389 /* Silently increment error counter. */
20391 - atomic_inc(&atm_vcc->stats->rx_drop);
20392 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
20394 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
20395 printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n",
20396 diff -urNp linux-2.6.32.1/drivers/atm/fore200e.c linux-2.6.32.1/drivers/atm/fore200e.c
20397 --- linux-2.6.32.1/drivers/atm/fore200e.c 2009-12-02 22:51:21.000000000 -0500
20398 +++ linux-2.6.32.1/drivers/atm/fore200e.c 2009-12-14 18:33:52.843812882 -0500
20399 @@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200
20401 /* check error condition */
20402 if (*entry->status & STATUS_ERROR)
20403 - atomic_inc(&vcc->stats->tx_err);
20404 + atomic_inc_unchecked(&vcc->stats->tx_err);
20406 - atomic_inc(&vcc->stats->tx);
20407 + atomic_inc_unchecked(&vcc->stats->tx);
20411 @@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore2
20413 DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
20415 - atomic_inc(&vcc->stats->rx_drop);
20416 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20420 @@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore2
20422 dev_kfree_skb_any(skb);
20424 - atomic_inc(&vcc->stats->rx_drop);
20425 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20429 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
20431 vcc->push(vcc, skb);
20432 - atomic_inc(&vcc->stats->rx);
20433 + atomic_inc_unchecked(&vcc->stats->rx);
20435 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
20437 @@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200
20438 DPRINTK(2, "damaged PDU on %d.%d.%d\n",
20439 fore200e->atm_dev->number,
20440 entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
20441 - atomic_inc(&vcc->stats->rx_err);
20442 + atomic_inc_unchecked(&vcc->stats->rx_err);
20446 @@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struc
20450 - atomic_inc(&vcc->stats->tx_err);
20451 + atomic_inc_unchecked(&vcc->stats->tx_err);
20453 fore200e->tx_sat++;
20454 DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
20455 diff -urNp linux-2.6.32.1/drivers/atm/he.c linux-2.6.32.1/drivers/atm/he.c
20456 --- linux-2.6.32.1/drivers/atm/he.c 2009-12-02 22:51:21.000000000 -0500
20457 +++ linux-2.6.32.1/drivers/atm/he.c 2009-12-14 18:33:52.878739381 -0500
20458 @@ -1769,7 +1769,7 @@ he_service_rbrq(struct he_dev *he_dev, i
20460 if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
20461 hprintk("HBUF_ERR! (cid 0x%x)\n", cid);
20462 - atomic_inc(&vcc->stats->rx_drop);
20463 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20464 goto return_host_buffers;
20467 @@ -1802,7 +1802,7 @@ he_service_rbrq(struct he_dev *he_dev, i
20468 RBRQ_LEN_ERR(he_dev->rbrq_head)
20470 vcc->vpi, vcc->vci);
20471 - atomic_inc(&vcc->stats->rx_err);
20472 + atomic_inc_unchecked(&vcc->stats->rx_err);
20473 goto return_host_buffers;
20476 @@ -1861,7 +1861,7 @@ he_service_rbrq(struct he_dev *he_dev, i
20477 vcc->push(vcc, skb);
20478 spin_lock(&he_dev->global_lock);
20480 - atomic_inc(&vcc->stats->rx);
20481 + atomic_inc_unchecked(&vcc->stats->rx);
20483 return_host_buffers:
20485 @@ -2206,7 +2206,7 @@ __enqueue_tpd(struct he_dev *he_dev, str
20486 tpd->vcc->pop(tpd->vcc, tpd->skb);
20488 dev_kfree_skb_any(tpd->skb);
20489 - atomic_inc(&tpd->vcc->stats->tx_err);
20490 + atomic_inc_unchecked(&tpd->vcc->stats->tx_err);
20492 pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
20494 @@ -2618,7 +2618,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20495 vcc->pop(vcc, skb);
20497 dev_kfree_skb_any(skb);
20498 - atomic_inc(&vcc->stats->tx_err);
20499 + atomic_inc_unchecked(&vcc->stats->tx_err);
20503 @@ -2629,7 +2629,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20504 vcc->pop(vcc, skb);
20506 dev_kfree_skb_any(skb);
20507 - atomic_inc(&vcc->stats->tx_err);
20508 + atomic_inc_unchecked(&vcc->stats->tx_err);
20512 @@ -2641,7 +2641,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20513 vcc->pop(vcc, skb);
20515 dev_kfree_skb_any(skb);
20516 - atomic_inc(&vcc->stats->tx_err);
20517 + atomic_inc_unchecked(&vcc->stats->tx_err);
20518 spin_unlock_irqrestore(&he_dev->global_lock, flags);
20521 @@ -2683,7 +2683,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20522 vcc->pop(vcc, skb);
20524 dev_kfree_skb_any(skb);
20525 - atomic_inc(&vcc->stats->tx_err);
20526 + atomic_inc_unchecked(&vcc->stats->tx_err);
20527 spin_unlock_irqrestore(&he_dev->global_lock, flags);
20530 @@ -2714,7 +2714,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20531 __enqueue_tpd(he_dev, tpd, cid);
20532 spin_unlock_irqrestore(&he_dev->global_lock, flags);
20534 - atomic_inc(&vcc->stats->tx);
20535 + atomic_inc_unchecked(&vcc->stats->tx);
20539 diff -urNp linux-2.6.32.1/drivers/atm/horizon.c linux-2.6.32.1/drivers/atm/horizon.c
20540 --- linux-2.6.32.1/drivers/atm/horizon.c 2009-12-02 22:51:21.000000000 -0500
20541 +++ linux-2.6.32.1/drivers/atm/horizon.c 2009-12-14 18:33:52.909829659 -0500
20542 @@ -1033,7 +1033,7 @@ static void rx_schedule (hrz_dev * dev,
20544 struct atm_vcc * vcc = ATM_SKB(skb)->vcc;
20546 - atomic_inc(&vcc->stats->rx);
20547 + atomic_inc_unchecked(&vcc->stats->rx);
20548 __net_timestamp(skb);
20549 // end of our responsability
20550 vcc->push (vcc, skb);
20551 @@ -1185,7 +1185,7 @@ static void tx_schedule (hrz_dev * const
20552 dev->tx_iovec = NULL;
20555 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
20556 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
20559 hrz_kfree_skb (skb);
20560 diff -urNp linux-2.6.32.1/drivers/atm/idt77252.c linux-2.6.32.1/drivers/atm/idt77252.c
20561 --- linux-2.6.32.1/drivers/atm/idt77252.c 2009-12-02 22:51:21.000000000 -0500
20562 +++ linux-2.6.32.1/drivers/atm/idt77252.c 2009-12-14 18:33:52.921825790 -0500
20563 @@ -810,7 +810,7 @@ drain_scq(struct idt77252_dev *card, str
20565 dev_kfree_skb(skb);
20567 - atomic_inc(&vcc->stats->tx);
20568 + atomic_inc_unchecked(&vcc->stats->tx);
20571 atomic_dec(&scq->used);
20572 @@ -1073,13 +1073,13 @@ dequeue_rx(struct idt77252_dev *card, st
20573 if ((sb = dev_alloc_skb(64)) == NULL) {
20574 printk("%s: Can't allocate buffers for aal0.\n",
20576 - atomic_add(i, &vcc->stats->rx_drop);
20577 + atomic_add_unchecked(i, &vcc->stats->rx_drop);
20580 if (!atm_charge(vcc, sb->truesize)) {
20581 RXPRINTK("%s: atm_charge() dropped aal0 packets.\n",
20583 - atomic_add(i - 1, &vcc->stats->rx_drop);
20584 + atomic_add_unchecked(i - 1, &vcc->stats->rx_drop);
20588 @@ -1096,7 +1096,7 @@ dequeue_rx(struct idt77252_dev *card, st
20589 ATM_SKB(sb)->vcc = vcc;
20590 __net_timestamp(sb);
20591 vcc->push(vcc, sb);
20592 - atomic_inc(&vcc->stats->rx);
20593 + atomic_inc_unchecked(&vcc->stats->rx);
20595 cell += ATM_CELL_PAYLOAD;
20597 @@ -1133,13 +1133,13 @@ dequeue_rx(struct idt77252_dev *card, st
20599 card->name, len, rpp->len, readl(SAR_REG_CDC));
20600 recycle_rx_pool_skb(card, rpp);
20601 - atomic_inc(&vcc->stats->rx_err);
20602 + atomic_inc_unchecked(&vcc->stats->rx_err);
20605 if (stat & SAR_RSQE_CRC) {
20606 RXPRINTK("%s: AAL5 CRC error.\n", card->name);
20607 recycle_rx_pool_skb(card, rpp);
20608 - atomic_inc(&vcc->stats->rx_err);
20609 + atomic_inc_unchecked(&vcc->stats->rx_err);
20612 if (skb_queue_len(&rpp->queue) > 1) {
20613 @@ -1150,7 +1150,7 @@ dequeue_rx(struct idt77252_dev *card, st
20614 RXPRINTK("%s: Can't alloc RX skb.\n",
20616 recycle_rx_pool_skb(card, rpp);
20617 - atomic_inc(&vcc->stats->rx_err);
20618 + atomic_inc_unchecked(&vcc->stats->rx_err);
20621 if (!atm_charge(vcc, skb->truesize)) {
20622 @@ -1169,7 +1169,7 @@ dequeue_rx(struct idt77252_dev *card, st
20623 __net_timestamp(skb);
20625 vcc->push(vcc, skb);
20626 - atomic_inc(&vcc->stats->rx);
20627 + atomic_inc_unchecked(&vcc->stats->rx);
20631 @@ -1191,7 +1191,7 @@ dequeue_rx(struct idt77252_dev *card, st
20632 __net_timestamp(skb);
20634 vcc->push(vcc, skb);
20635 - atomic_inc(&vcc->stats->rx);
20636 + atomic_inc_unchecked(&vcc->stats->rx);
20638 if (skb->truesize > SAR_FB_SIZE_3)
20639 add_rx_skb(card, 3, SAR_FB_SIZE_3, 1);
20640 @@ -1303,14 +1303,14 @@ idt77252_rx_raw(struct idt77252_dev *car
20641 if (vcc->qos.aal != ATM_AAL0) {
20642 RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n",
20643 card->name, vpi, vci);
20644 - atomic_inc(&vcc->stats->rx_drop);
20645 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20649 if ((sb = dev_alloc_skb(64)) == NULL) {
20650 printk("%s: Can't allocate buffers for AAL0.\n",
20652 - atomic_inc(&vcc->stats->rx_err);
20653 + atomic_inc_unchecked(&vcc->stats->rx_err);
20657 @@ -1329,7 +1329,7 @@ idt77252_rx_raw(struct idt77252_dev *car
20658 ATM_SKB(sb)->vcc = vcc;
20659 __net_timestamp(sb);
20660 vcc->push(vcc, sb);
20661 - atomic_inc(&vcc->stats->rx);
20662 + atomic_inc_unchecked(&vcc->stats->rx);
20665 skb_pull(queue, 64);
20666 @@ -1954,13 +1954,13 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20669 printk("%s: NULL connection in send().\n", card->name);
20670 - atomic_inc(&vcc->stats->tx_err);
20671 + atomic_inc_unchecked(&vcc->stats->tx_err);
20672 dev_kfree_skb(skb);
20675 if (!test_bit(VCF_TX, &vc->flags)) {
20676 printk("%s: Trying to transmit on a non-tx VC.\n", card->name);
20677 - atomic_inc(&vcc->stats->tx_err);
20678 + atomic_inc_unchecked(&vcc->stats->tx_err);
20679 dev_kfree_skb(skb);
20682 @@ -1972,14 +1972,14 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20685 printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal);
20686 - atomic_inc(&vcc->stats->tx_err);
20687 + atomic_inc_unchecked(&vcc->stats->tx_err);
20688 dev_kfree_skb(skb);
20692 if (skb_shinfo(skb)->nr_frags != 0) {
20693 printk("%s: No scatter-gather yet.\n", card->name);
20694 - atomic_inc(&vcc->stats->tx_err);
20695 + atomic_inc_unchecked(&vcc->stats->tx_err);
20696 dev_kfree_skb(skb);
20699 @@ -1987,7 +1987,7 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20701 err = queue_skb(card, vc, skb, oam);
20703 - atomic_inc(&vcc->stats->tx_err);
20704 + atomic_inc_unchecked(&vcc->stats->tx_err);
20705 dev_kfree_skb(skb);
20708 @@ -2010,7 +2010,7 @@ idt77252_send_oam(struct atm_vcc *vcc, v
20709 skb = dev_alloc_skb(64);
20711 printk("%s: Out of memory in send_oam().\n", card->name);
20712 - atomic_inc(&vcc->stats->tx_err);
20713 + atomic_inc_unchecked(&vcc->stats->tx_err);
20716 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
20717 diff -urNp linux-2.6.32.1/drivers/atm/iphase.c linux-2.6.32.1/drivers/atm/iphase.c
20718 --- linux-2.6.32.1/drivers/atm/iphase.c 2009-12-02 22:51:21.000000000 -0500
20719 +++ linux-2.6.32.1/drivers/atm/iphase.c 2009-12-14 18:33:52.935769926 -0500
20720 @@ -1123,7 +1123,7 @@ static int rx_pkt(struct atm_dev *dev)
20721 status = (u_short) (buf_desc_ptr->desc_mode);
20722 if (status & (RX_CER | RX_PTE | RX_OFL))
20724 - atomic_inc(&vcc->stats->rx_err);
20725 + atomic_inc_unchecked(&vcc->stats->rx_err);
20726 IF_ERR(printk("IA: bad packet, dropping it");)
20727 if (status & RX_CER) {
20728 IF_ERR(printk(" cause: packet CRC error\n");)
20729 @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
20730 len = dma_addr - buf_addr;
20731 if (len > iadev->rx_buf_sz) {
20732 printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz);
20733 - atomic_inc(&vcc->stats->rx_err);
20734 + atomic_inc_unchecked(&vcc->stats->rx_err);
20735 goto out_free_desc;
20738 @@ -1296,7 +1296,7 @@ static void rx_dle_intr(struct atm_dev *
20739 ia_vcc = INPH_IA_VCC(vcc);
20740 if (ia_vcc == NULL)
20742 - atomic_inc(&vcc->stats->rx_err);
20743 + atomic_inc_unchecked(&vcc->stats->rx_err);
20744 dev_kfree_skb_any(skb);
20745 atm_return(vcc, atm_guess_pdu2truesize(len));
20747 @@ -1308,7 +1308,7 @@ static void rx_dle_intr(struct atm_dev *
20748 if ((length > iadev->rx_buf_sz) || (length >
20749 (skb->len - sizeof(struct cpcs_trailer))))
20751 - atomic_inc(&vcc->stats->rx_err);
20752 + atomic_inc_unchecked(&vcc->stats->rx_err);
20753 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
20754 length, skb->len);)
20755 dev_kfree_skb_any(skb);
20756 @@ -1324,7 +1324,7 @@ static void rx_dle_intr(struct atm_dev *
20758 IF_RX(printk("rx_dle_intr: skb push");)
20759 vcc->push(vcc,skb);
20760 - atomic_inc(&vcc->stats->rx);
20761 + atomic_inc_unchecked(&vcc->stats->rx);
20762 iadev->rx_pkt_cnt++;
20765 @@ -2806,15 +2806,15 @@ static int ia_ioctl(struct atm_dev *dev,
20767 struct k_sonet_stats *stats;
20768 stats = &PRIV(_ia_dev[board])->sonet_stats;
20769 - printk("section_bip: %d\n", atomic_read(&stats->section_bip));
20770 - printk("line_bip : %d\n", atomic_read(&stats->line_bip));
20771 - printk("path_bip : %d\n", atomic_read(&stats->path_bip));
20772 - printk("line_febe : %d\n", atomic_read(&stats->line_febe));
20773 - printk("path_febe : %d\n", atomic_read(&stats->path_febe));
20774 - printk("corr_hcs : %d\n", atomic_read(&stats->corr_hcs));
20775 - printk("uncorr_hcs : %d\n", atomic_read(&stats->uncorr_hcs));
20776 - printk("tx_cells : %d\n", atomic_read(&stats->tx_cells));
20777 - printk("rx_cells : %d\n", atomic_read(&stats->rx_cells));
20778 + printk("section_bip: %d\n", atomic_read_unchecked(&stats->section_bip));
20779 + printk("line_bip : %d\n", atomic_read_unchecked(&stats->line_bip));
20780 + printk("path_bip : %d\n", atomic_read_unchecked(&stats->path_bip));
20781 + printk("line_febe : %d\n", atomic_read_unchecked(&stats->line_febe));
20782 + printk("path_febe : %d\n", atomic_read_unchecked(&stats->path_febe));
20783 + printk("corr_hcs : %d\n", atomic_read_unchecked(&stats->corr_hcs));
20784 + printk("uncorr_hcs : %d\n", atomic_read_unchecked(&stats->uncorr_hcs));
20785 + printk("tx_cells : %d\n", atomic_read_unchecked(&stats->tx_cells));
20786 + printk("rx_cells : %d\n", atomic_read_unchecked(&stats->rx_cells));
20788 ia_cmds.status = 0;
20790 @@ -2919,7 +2919,7 @@ static int ia_pkt_tx (struct atm_vcc *vc
20791 if ((desc == 0) || (desc > iadev->num_tx_desc))
20793 IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);)
20794 - atomic_inc(&vcc->stats->tx);
20795 + atomic_inc_unchecked(&vcc->stats->tx);
20797 vcc->pop(vcc, skb);
20799 @@ -3024,14 +3024,14 @@ static int ia_pkt_tx (struct atm_vcc *vc
20800 ATM_DESC(skb) = vcc->vci;
20801 skb_queue_tail(&iadev->tx_dma_q, skb);
20803 - atomic_inc(&vcc->stats->tx);
20804 + atomic_inc_unchecked(&vcc->stats->tx);
20805 iadev->tx_pkt_cnt++;
20806 /* Increment transaction counter */
20807 writel(2, iadev->dma+IPHASE5575_TX_COUNTER);
20810 /* add flow control logic */
20811 - if (atomic_read(&vcc->stats->tx) % 20 == 0) {
20812 + if (atomic_read_unchecked(&vcc->stats->tx) % 20 == 0) {
20813 if (iavcc->vc_desc_cnt > 10) {
20814 vcc->tx_quota = vcc->tx_quota * 3 / 4;
20815 printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota );
20816 diff -urNp linux-2.6.32.1/drivers/atm/lanai.c linux-2.6.32.1/drivers/atm/lanai.c
20817 --- linux-2.6.32.1/drivers/atm/lanai.c 2009-12-02 22:51:21.000000000 -0500
20818 +++ linux-2.6.32.1/drivers/atm/lanai.c 2009-12-14 18:33:52.937829310 -0500
20819 @@ -1305,7 +1305,7 @@ static void lanai_send_one_aal5(struct l
20820 vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0);
20821 lanai_endtx(lanai, lvcc);
20822 lanai_free_skb(lvcc->tx.atmvcc, skb);
20823 - atomic_inc(&lvcc->tx.atmvcc->stats->tx);
20824 + atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx);
20827 /* Try to fill the buffer - don't call unless there is backlog */
20828 @@ -1428,7 +1428,7 @@ static void vcc_rx_aal5(struct lanai_vcc
20829 ATM_SKB(skb)->vcc = lvcc->rx.atmvcc;
20830 __net_timestamp(skb);
20831 lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb);
20832 - atomic_inc(&lvcc->rx.atmvcc->stats->rx);
20833 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx);
20835 lvcc->rx.buf.ptr = end;
20836 cardvcc_write(lvcc, endptr, vcc_rxreadptr);
20837 @@ -1670,7 +1670,7 @@ static int handle_service(struct lanai_d
20838 DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 "
20839 "vcc %d\n", lanai->number, (unsigned int) s, vci);
20840 lanai->stats.service_rxnotaal5++;
20841 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20842 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20845 if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) {
20846 @@ -1682,7 +1682,7 @@ static int handle_service(struct lanai_d
20848 read_unlock(&vcc_sklist_lock);
20849 DPRINTK("got trashed rx pdu on vci %d\n", vci);
20850 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20851 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20852 lvcc->stats.x.aal5.service_trash++;
20853 bytes = (SERVICE_GET_END(s) * 16) -
20854 (((unsigned long) lvcc->rx.buf.ptr) -
20855 @@ -1694,7 +1694,7 @@ static int handle_service(struct lanai_d
20857 if (s & SERVICE_STREAM) {
20858 read_unlock(&vcc_sklist_lock);
20859 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20860 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20861 lvcc->stats.x.aal5.service_stream++;
20862 printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream "
20863 "PDU on VCI %d!\n", lanai->number, vci);
20864 @@ -1702,7 +1702,7 @@ static int handle_service(struct lanai_d
20867 DPRINTK("got rx crc error on vci %d\n", vci);
20868 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20869 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20870 lvcc->stats.x.aal5.service_rxcrc++;
20871 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
20872 cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
20873 diff -urNp linux-2.6.32.1/drivers/atm/nicstar.c linux-2.6.32.1/drivers/atm/nicstar.c
20874 --- linux-2.6.32.1/drivers/atm/nicstar.c 2009-12-02 22:51:21.000000000 -0500
20875 +++ linux-2.6.32.1/drivers/atm/nicstar.c 2009-12-14 18:33:52.964758233 -0500
20876 @@ -1723,7 +1723,7 @@ static int ns_send(struct atm_vcc *vcc,
20877 if ((vc = (vc_map *) vcc->dev_data) == NULL)
20879 printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n", card->index);
20880 - atomic_inc(&vcc->stats->tx_err);
20881 + atomic_inc_unchecked(&vcc->stats->tx_err);
20882 dev_kfree_skb_any(skb);
20885 @@ -1731,7 +1731,7 @@ static int ns_send(struct atm_vcc *vcc,
20888 printk("nicstar%d: Trying to transmit on a non-tx VC.\n", card->index);
20889 - atomic_inc(&vcc->stats->tx_err);
20890 + atomic_inc_unchecked(&vcc->stats->tx_err);
20891 dev_kfree_skb_any(skb);
20894 @@ -1739,7 +1739,7 @@ static int ns_send(struct atm_vcc *vcc,
20895 if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0)
20897 printk("nicstar%d: Only AAL0 and AAL5 are supported.\n", card->index);
20898 - atomic_inc(&vcc->stats->tx_err);
20899 + atomic_inc_unchecked(&vcc->stats->tx_err);
20900 dev_kfree_skb_any(skb);
20903 @@ -1747,7 +1747,7 @@ static int ns_send(struct atm_vcc *vcc,
20904 if (skb_shinfo(skb)->nr_frags != 0)
20906 printk("nicstar%d: No scatter-gather yet.\n", card->index);
20907 - atomic_inc(&vcc->stats->tx_err);
20908 + atomic_inc_unchecked(&vcc->stats->tx_err);
20909 dev_kfree_skb_any(skb);
20912 @@ -1792,11 +1792,11 @@ static int ns_send(struct atm_vcc *vcc,
20914 if (push_scqe(card, vc, scq, &scqe, skb) != 0)
20916 - atomic_inc(&vcc->stats->tx_err);
20917 + atomic_inc_unchecked(&vcc->stats->tx_err);
20918 dev_kfree_skb_any(skb);
20921 - atomic_inc(&vcc->stats->tx);
20922 + atomic_inc_unchecked(&vcc->stats->tx);
20926 @@ -2111,14 +2111,14 @@ static void dequeue_rx(ns_dev *card, ns_
20928 printk("nicstar%d: Can't allocate buffers for aal0.\n",
20930 - atomic_add(i,&vcc->stats->rx_drop);
20931 + atomic_add_unchecked(i,&vcc->stats->rx_drop);
20934 if (!atm_charge(vcc, sb->truesize))
20936 RXPRINTK("nicstar%d: atm_charge() dropped aal0 packets.\n",
20938 - atomic_add(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
20939 + atomic_add_unchecked(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
20940 dev_kfree_skb_any(sb);
20943 @@ -2133,7 +2133,7 @@ static void dequeue_rx(ns_dev *card, ns_
20944 ATM_SKB(sb)->vcc = vcc;
20945 __net_timestamp(sb);
20946 vcc->push(vcc, sb);
20947 - atomic_inc(&vcc->stats->rx);
20948 + atomic_inc_unchecked(&vcc->stats->rx);
20949 cell += ATM_CELL_PAYLOAD;
20952 @@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev *card, ns_
20955 printk("nicstar%d: Out of iovec buffers.\n", card->index);
20956 - atomic_inc(&vcc->stats->rx_drop);
20957 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20958 recycle_rx_buf(card, skb);
20961 @@ -2182,7 +2182,7 @@ static void dequeue_rx(ns_dev *card, ns_
20962 else if (NS_SKB(iovb)->iovcnt >= NS_MAX_IOVECS)
20964 printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
20965 - atomic_inc(&vcc->stats->rx_err);
20966 + atomic_inc_unchecked(&vcc->stats->rx_err);
20967 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, NS_MAX_IOVECS);
20968 NS_SKB(iovb)->iovcnt = 0;
20970 @@ -2202,7 +2202,7 @@ static void dequeue_rx(ns_dev *card, ns_
20971 printk("nicstar%d: Expected a small buffer, and this is not one.\n",
20973 which_list(card, skb);
20974 - atomic_inc(&vcc->stats->rx_err);
20975 + atomic_inc_unchecked(&vcc->stats->rx_err);
20976 recycle_rx_buf(card, skb);
20978 recycle_iov_buf(card, iovb);
20979 @@ -2216,7 +2216,7 @@ static void dequeue_rx(ns_dev *card, ns_
20980 printk("nicstar%d: Expected a large buffer, and this is not one.\n",
20982 which_list(card, skb);
20983 - atomic_inc(&vcc->stats->rx_err);
20984 + atomic_inc_unchecked(&vcc->stats->rx_err);
20985 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20986 NS_SKB(iovb)->iovcnt);
20988 @@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev *card, ns_
20989 printk(" - PDU size mismatch.\n");
20992 - atomic_inc(&vcc->stats->rx_err);
20993 + atomic_inc_unchecked(&vcc->stats->rx_err);
20994 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20995 NS_SKB(iovb)->iovcnt);
20997 @@ -2256,7 +2256,7 @@ static void dequeue_rx(ns_dev *card, ns_
20998 if (!atm_charge(vcc, skb->truesize))
21000 push_rxbufs(card, skb);
21001 - atomic_inc(&vcc->stats->rx_drop);
21002 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21006 @@ -2268,7 +2268,7 @@ static void dequeue_rx(ns_dev *card, ns_
21007 ATM_SKB(skb)->vcc = vcc;
21008 __net_timestamp(skb);
21009 vcc->push(vcc, skb);
21010 - atomic_inc(&vcc->stats->rx);
21011 + atomic_inc_unchecked(&vcc->stats->rx);
21014 else if (NS_SKB(iovb)->iovcnt == 2) /* One small plus one large buffer */
21015 @@ -2283,7 +2283,7 @@ static void dequeue_rx(ns_dev *card, ns_
21016 if (!atm_charge(vcc, sb->truesize))
21018 push_rxbufs(card, sb);
21019 - atomic_inc(&vcc->stats->rx_drop);
21020 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21024 @@ -2295,7 +2295,7 @@ static void dequeue_rx(ns_dev *card, ns_
21025 ATM_SKB(sb)->vcc = vcc;
21026 __net_timestamp(sb);
21027 vcc->push(vcc, sb);
21028 - atomic_inc(&vcc->stats->rx);
21029 + atomic_inc_unchecked(&vcc->stats->rx);
21032 push_rxbufs(card, skb);
21033 @@ -2306,7 +2306,7 @@ static void dequeue_rx(ns_dev *card, ns_
21034 if (!atm_charge(vcc, skb->truesize))
21036 push_rxbufs(card, skb);
21037 - atomic_inc(&vcc->stats->rx_drop);
21038 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21042 @@ -2320,7 +2320,7 @@ static void dequeue_rx(ns_dev *card, ns_
21043 ATM_SKB(skb)->vcc = vcc;
21044 __net_timestamp(skb);
21045 vcc->push(vcc, skb);
21046 - atomic_inc(&vcc->stats->rx);
21047 + atomic_inc_unchecked(&vcc->stats->rx);
21050 push_rxbufs(card, sb);
21051 @@ -2342,7 +2342,7 @@ static void dequeue_rx(ns_dev *card, ns_
21054 printk("nicstar%d: Out of huge buffers.\n", card->index);
21055 - atomic_inc(&vcc->stats->rx_drop);
21056 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21057 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
21058 NS_SKB(iovb)->iovcnt);
21060 @@ -2393,7 +2393,7 @@ static void dequeue_rx(ns_dev *card, ns_
21063 dev_kfree_skb_any(hb);
21064 - atomic_inc(&vcc->stats->rx_drop);
21065 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21069 @@ -2427,7 +2427,7 @@ static void dequeue_rx(ns_dev *card, ns_
21070 #endif /* NS_USE_DESTRUCTORS */
21071 __net_timestamp(hb);
21072 vcc->push(vcc, hb);
21073 - atomic_inc(&vcc->stats->rx);
21074 + atomic_inc_unchecked(&vcc->stats->rx);
21078 diff -urNp linux-2.6.32.1/drivers/atm/solos-pci.c linux-2.6.32.1/drivers/atm/solos-pci.c
21079 --- linux-2.6.32.1/drivers/atm/solos-pci.c 2009-12-02 22:51:21.000000000 -0500
21080 +++ linux-2.6.32.1/drivers/atm/solos-pci.c 2009-12-14 18:33:52.977834437 -0500
21081 @@ -708,7 +708,7 @@ void solos_bh(unsigned long card_arg)
21083 atm_charge(vcc, skb->truesize);
21084 vcc->push(vcc, skb);
21085 - atomic_inc(&vcc->stats->rx);
21086 + atomic_inc_unchecked(&vcc->stats->rx);
21090 @@ -1011,7 +1011,7 @@ static uint32_t fpga_tx(struct solos_car
21091 vcc = SKB_CB(oldskb)->vcc;
21094 - atomic_inc(&vcc->stats->tx);
21095 + atomic_inc_unchecked(&vcc->stats->tx);
21096 solos_pop(vcc, oldskb);
21098 dev_kfree_skb_irq(oldskb);
21099 diff -urNp linux-2.6.32.1/drivers/atm/suni.c linux-2.6.32.1/drivers/atm/suni.c
21100 --- linux-2.6.32.1/drivers/atm/suni.c 2009-12-02 22:51:21.000000000 -0500
21101 +++ linux-2.6.32.1/drivers/atm/suni.c 2009-12-14 18:33:52.980022643 -0500
21102 @@ -49,8 +49,8 @@ static DEFINE_SPINLOCK(sunis_lock);
21105 #define ADD_LIMITED(s,v) \
21106 - atomic_add((v),&stats->s); \
21107 - if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX);
21108 + atomic_add_unchecked((v),&stats->s); \
21109 + if (atomic_read_unchecked(&stats->s) < 0) atomic_set_unchecked(&stats->s,INT_MAX);
21112 static void suni_hz(unsigned long from_timer)
21113 diff -urNp linux-2.6.32.1/drivers/atm/uPD98402.c linux-2.6.32.1/drivers/atm/uPD98402.c
21114 --- linux-2.6.32.1/drivers/atm/uPD98402.c 2009-12-02 22:51:21.000000000 -0500
21115 +++ linux-2.6.32.1/drivers/atm/uPD98402.c 2009-12-14 18:33:52.990842947 -0500
21116 @@ -41,7 +41,7 @@ static int fetch_stats(struct atm_dev *d
21117 struct sonet_stats tmp;
21120 - atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
21121 + atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
21122 sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp);
21123 if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp));
21124 if (zero && !error) {
21125 @@ -160,9 +160,9 @@ static int uPD98402_ioctl(struct atm_dev
21128 #define ADD_LIMITED(s,v) \
21129 - { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \
21130 - if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \
21131 - atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); }
21132 + { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \
21133 + if (atomic_read_unchecked(&PRIV(dev)->sonet_stats.s) < 0) \
21134 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.s,INT_MAX); }
21137 static void stat_event(struct atm_dev *dev)
21138 @@ -193,7 +193,7 @@ static void uPD98402_int(struct atm_dev
21139 if (reason & uPD98402_INT_PFM) stat_event(dev);
21140 if (reason & uPD98402_INT_PCO) {
21141 (void) GET(PCOCR); /* clear interrupt cause */
21142 - atomic_add(GET(HECCT),
21143 + atomic_add_unchecked(GET(HECCT),
21144 &PRIV(dev)->sonet_stats.uncorr_hcs);
21146 if ((reason & uPD98402_INT_RFO) &&
21147 @@ -221,9 +221,9 @@ static int uPD98402_start(struct atm_dev
21148 PUT(~(uPD98402_INT_PFM | uPD98402_INT_ALM | uPD98402_INT_RFO |
21149 uPD98402_INT_LOS),PIMR); /* enable them */
21150 (void) fetch_stats(dev,NULL,1); /* clear kernel counters */
21151 - atomic_set(&PRIV(dev)->sonet_stats.corr_hcs,-1);
21152 - atomic_set(&PRIV(dev)->sonet_stats.tx_cells,-1);
21153 - atomic_set(&PRIV(dev)->sonet_stats.rx_cells,-1);
21154 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.corr_hcs,-1);
21155 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.tx_cells,-1);
21156 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.rx_cells,-1);
21160 diff -urNp linux-2.6.32.1/drivers/atm/zatm.c linux-2.6.32.1/drivers/atm/zatm.c
21161 --- linux-2.6.32.1/drivers/atm/zatm.c 2009-12-02 22:51:21.000000000 -0500
21162 +++ linux-2.6.32.1/drivers/atm/zatm.c 2009-12-14 18:33:53.018842028 -0500
21163 @@ -458,7 +458,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
21166 dev_kfree_skb_irq(skb);
21167 - if (vcc) atomic_inc(&vcc->stats->rx_err);
21168 + if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err);
21171 if (!atm_charge(vcc,skb->truesize)) {
21172 @@ -468,7 +468,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
21174 ATM_SKB(skb)->vcc = vcc;
21175 vcc->push(vcc,skb);
21176 - atomic_inc(&vcc->stats->rx);
21177 + atomic_inc_unchecked(&vcc->stats->rx);
21179 zout(pos & 0xffff,MTA(mbx));
21180 #if 0 /* probably a stupid idea */
21181 @@ -732,7 +732,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD
21182 skb_queue_head(&zatm_vcc->backlog,skb);
21185 - atomic_inc(&vcc->stats->tx);
21186 + atomic_inc_unchecked(&vcc->stats->tx);
21187 wake_up(&zatm_vcc->tx_wait);
21190 diff -urNp linux-2.6.32.1/drivers/base/bus.c linux-2.6.32.1/drivers/base/bus.c
21191 --- linux-2.6.32.1/drivers/base/bus.c 2009-12-02 22:51:21.000000000 -0500
21192 +++ linux-2.6.32.1/drivers/base/bus.c 2009-12-14 18:33:53.036833038 -0500
21193 @@ -70,7 +70,7 @@ static ssize_t drv_attr_store(struct kob
21197 -static struct sysfs_ops driver_sysfs_ops = {
21198 +static const struct sysfs_ops driver_sysfs_ops = {
21199 .show = drv_attr_show,
21200 .store = drv_attr_store,
21202 @@ -115,7 +115,7 @@ static ssize_t bus_attr_store(struct kob
21206 -static struct sysfs_ops bus_sysfs_ops = {
21207 +static const struct sysfs_ops bus_sysfs_ops = {
21208 .show = bus_attr_show,
21209 .store = bus_attr_store,
21211 @@ -154,7 +154,7 @@ static int bus_uevent_filter(struct kset
21215 -static struct kset_uevent_ops bus_uevent_ops = {
21216 +static const struct kset_uevent_ops bus_uevent_ops = {
21217 .filter = bus_uevent_filter,
21220 diff -urNp linux-2.6.32.1/drivers/base/class.c linux-2.6.32.1/drivers/base/class.c
21221 --- linux-2.6.32.1/drivers/base/class.c 2009-12-02 22:51:21.000000000 -0500
21222 +++ linux-2.6.32.1/drivers/base/class.c 2009-12-14 18:33:53.047749139 -0500
21223 @@ -61,7 +61,7 @@ static void class_release(struct kobject
21224 "be careful\n", class->name);
21227 -static struct sysfs_ops class_sysfs_ops = {
21228 +static const struct sysfs_ops class_sysfs_ops = {
21229 .show = class_attr_show,
21230 .store = class_attr_store,
21232 diff -urNp linux-2.6.32.1/drivers/base/core.c linux-2.6.32.1/drivers/base/core.c
21233 --- linux-2.6.32.1/drivers/base/core.c 2009-12-02 22:51:21.000000000 -0500
21234 +++ linux-2.6.32.1/drivers/base/core.c 2009-12-14 18:33:53.048851470 -0500
21235 @@ -93,7 +93,7 @@ static ssize_t dev_attr_store(struct kob
21239 -static struct sysfs_ops dev_sysfs_ops = {
21240 +static const struct sysfs_ops dev_sysfs_ops = {
21241 .show = dev_attr_show,
21242 .store = dev_attr_store,
21244 @@ -245,7 +245,7 @@ static int dev_uevent(struct kset *kset,
21248 -static struct kset_uevent_ops device_uevent_ops = {
21249 +static const struct kset_uevent_ops device_uevent_ops = {
21250 .filter = dev_uevent_filter,
21251 .name = dev_uevent_name,
21252 .uevent = dev_uevent,
21253 diff -urNp linux-2.6.32.1/drivers/base/memory.c linux-2.6.32.1/drivers/base/memory.c
21254 --- linux-2.6.32.1/drivers/base/memory.c 2009-12-02 22:51:21.000000000 -0500
21255 +++ linux-2.6.32.1/drivers/base/memory.c 2009-12-14 18:33:53.049701321 -0500
21256 @@ -44,7 +44,7 @@ static int memory_uevent(struct kset *ks
21260 -static struct kset_uevent_ops memory_uevent_ops = {
21261 +static const struct kset_uevent_ops memory_uevent_ops = {
21262 .name = memory_uevent_name,
21263 .uevent = memory_uevent,
21265 diff -urNp linux-2.6.32.1/drivers/base/sys.c linux-2.6.32.1/drivers/base/sys.c
21266 --- linux-2.6.32.1/drivers/base/sys.c 2009-12-02 22:51:21.000000000 -0500
21267 +++ linux-2.6.32.1/drivers/base/sys.c 2009-12-14 18:33:53.055789510 -0500
21268 @@ -54,7 +54,7 @@ sysdev_store(struct kobject *kobj, struc
21272 -static struct sysfs_ops sysfs_ops = {
21273 +static const struct sysfs_ops sysfs_ops = {
21274 .show = sysdev_show,
21275 .store = sysdev_store,
21277 @@ -104,7 +104,7 @@ static ssize_t sysdev_class_store(struct
21281 -static struct sysfs_ops sysfs_class_ops = {
21282 +static const struct sysfs_ops sysfs_class_ops = {
21283 .show = sysdev_class_show,
21284 .store = sysdev_class_store,
21286 diff -urNp linux-2.6.32.1/drivers/block/pktcdvd.c linux-2.6.32.1/drivers/block/pktcdvd.c
21287 --- linux-2.6.32.1/drivers/block/pktcdvd.c 2009-12-02 22:51:21.000000000 -0500
21288 +++ linux-2.6.32.1/drivers/block/pktcdvd.c 2009-12-14 18:33:53.078842134 -0500
21289 @@ -284,7 +284,7 @@ static ssize_t kobj_pkt_store(struct kob
21293 -static struct sysfs_ops kobj_pkt_ops = {
21294 +static const struct sysfs_ops kobj_pkt_ops = {
21295 .show = kobj_pkt_show,
21296 .store = kobj_pkt_store
21298 diff -urNp linux-2.6.32.1/drivers/char/agp/frontend.c linux-2.6.32.1/drivers/char/agp/frontend.c
21299 --- linux-2.6.32.1/drivers/char/agp/frontend.c 2009-12-02 22:51:21.000000000 -0500
21300 +++ linux-2.6.32.1/drivers/char/agp/frontend.c 2009-12-14 18:33:53.097861880 -0500
21301 @@ -824,7 +824,7 @@ static int agpioc_reserve_wrap(struct ag
21302 if (copy_from_user(&reserve, arg, sizeof(struct agp_region)))
21305 - if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment))
21306 + if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv))
21309 client = agp_find_client_by_pid(reserve.pid);
21310 diff -urNp linux-2.6.32.1/drivers/char/agp/intel-agp.c linux-2.6.32.1/drivers/char/agp/intel-agp.c
21311 --- linux-2.6.32.1/drivers/char/agp/intel-agp.c 2009-12-02 22:51:21.000000000 -0500
21312 +++ linux-2.6.32.1/drivers/char/agp/intel-agp.c 2009-12-14 18:33:53.120769030 -0500
21313 @@ -2566,7 +2566,7 @@ static struct pci_device_id agp_intel_pc
21314 ID(PCI_DEVICE_ID_INTEL_IGDNG_M_HB),
21315 ID(PCI_DEVICE_ID_INTEL_IGDNG_MA_HB),
21316 ID(PCI_DEVICE_ID_INTEL_IGDNG_MC2_HB),
21318 + { 0, 0, 0, 0, 0, 0, 0 }
21321 MODULE_DEVICE_TABLE(pci, agp_intel_pci_table);
21322 diff -urNp linux-2.6.32.1/drivers/char/hpet.c linux-2.6.32.1/drivers/char/hpet.c
21323 --- linux-2.6.32.1/drivers/char/hpet.c 2009-12-02 22:51:21.000000000 -0500
21324 +++ linux-2.6.32.1/drivers/char/hpet.c 2009-12-14 18:33:53.133710539 -0500
21325 @@ -998,7 +998,7 @@ static struct acpi_driver hpet_acpi_driv
21329 -static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops };
21330 +static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops, {NULL, NULL}, NULL, NULL };
21332 static int __init hpet_init(void)
21334 diff -urNp linux-2.6.32.1/drivers/char/hvc_beat.c linux-2.6.32.1/drivers/char/hvc_beat.c
21335 --- linux-2.6.32.1/drivers/char/hvc_beat.c 2009-12-02 22:51:21.000000000 -0500
21336 +++ linux-2.6.32.1/drivers/char/hvc_beat.c 2009-12-14 18:33:53.135759194 -0500
21337 @@ -84,7 +84,7 @@ static int hvc_beat_put_chars(uint32_t v
21341 -static struct hv_ops hvc_beat_get_put_ops = {
21342 +static const struct hv_ops hvc_beat_get_put_ops = {
21343 .get_chars = hvc_beat_get_chars,
21344 .put_chars = hvc_beat_put_chars,
21346 diff -urNp linux-2.6.32.1/drivers/char/hvc_console.c linux-2.6.32.1/drivers/char/hvc_console.c
21347 --- linux-2.6.32.1/drivers/char/hvc_console.c 2009-12-02 22:51:21.000000000 -0500
21348 +++ linux-2.6.32.1/drivers/char/hvc_console.c 2009-12-14 18:33:53.144859541 -0500
21349 @@ -125,7 +125,7 @@ static struct hvc_struct *hvc_get_by_ind
21350 * console interfaces but can still be used as a tty device. This has to be
21351 * static because kmalloc will not work during early console init.
21353 -static struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES];
21354 +static const struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES];
21355 static uint32_t vtermnos[MAX_NR_HVC_CONSOLES] =
21356 {[0 ... MAX_NR_HVC_CONSOLES - 1] = -1};
21358 @@ -247,7 +247,7 @@ static void destroy_hvc_struct(struct kr
21359 * vty adapters do NOT get an hvc_instantiate() callback since they
21360 * appear after early console init.
21362 -int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops)
21363 +int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops)
21365 struct hvc_struct *hp;
21367 @@ -749,7 +749,7 @@ static const struct tty_operations hvc_o
21370 struct hvc_struct __devinit *hvc_alloc(uint32_t vtermno, int data,
21371 - struct hv_ops *ops, int outbuf_size)
21372 + const struct hv_ops *ops, int outbuf_size)
21374 struct hvc_struct *hp;
21376 diff -urNp linux-2.6.32.1/drivers/char/hvc_console.h linux-2.6.32.1/drivers/char/hvc_console.h
21377 --- linux-2.6.32.1/drivers/char/hvc_console.h 2009-12-02 22:51:21.000000000 -0500
21378 +++ linux-2.6.32.1/drivers/char/hvc_console.h 2009-12-14 18:33:53.161871330 -0500
21379 @@ -55,7 +55,7 @@ struct hvc_struct {
21383 - struct hv_ops *ops;
21384 + const struct hv_ops *ops;
21388 @@ -76,11 +76,11 @@ struct hv_ops {
21391 /* Register a vterm and a slot index for use as a console (console_init) */
21392 -extern int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops);
21393 +extern int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops);
21395 /* register a vterm for hvc tty operation (module_init or hotplug add) */
21396 extern struct hvc_struct * __devinit hvc_alloc(uint32_t vtermno, int data,
21397 - struct hv_ops *ops, int outbuf_size);
21398 + const struct hv_ops *ops, int outbuf_size);
21399 /* remove a vterm from hvc tty operation (module_exit or hotplug remove) */
21400 extern int hvc_remove(struct hvc_struct *hp);
21402 diff -urNp linux-2.6.32.1/drivers/char/hvc_iseries.c linux-2.6.32.1/drivers/char/hvc_iseries.c
21403 --- linux-2.6.32.1/drivers/char/hvc_iseries.c 2009-12-02 22:51:21.000000000 -0500
21404 +++ linux-2.6.32.1/drivers/char/hvc_iseries.c 2009-12-14 18:33:53.163850005 -0500
21405 @@ -197,7 +197,7 @@ done:
21409 -static struct hv_ops hvc_get_put_ops = {
21410 +static const struct hv_ops hvc_get_put_ops = {
21411 .get_chars = get_chars,
21412 .put_chars = put_chars,
21413 .notifier_add = notifier_add_irq,
21414 diff -urNp linux-2.6.32.1/drivers/char/hvc_iucv.c linux-2.6.32.1/drivers/char/hvc_iucv.c
21415 --- linux-2.6.32.1/drivers/char/hvc_iucv.c 2009-12-02 22:51:21.000000000 -0500
21416 +++ linux-2.6.32.1/drivers/char/hvc_iucv.c 2009-12-14 18:33:53.165859858 -0500
21417 @@ -922,7 +922,7 @@ static int hvc_iucv_pm_restore_thaw(stru
21420 /* HVC operations */
21421 -static struct hv_ops hvc_iucv_ops = {
21422 +static const struct hv_ops hvc_iucv_ops = {
21423 .get_chars = hvc_iucv_get_chars,
21424 .put_chars = hvc_iucv_put_chars,
21425 .notifier_add = hvc_iucv_notifier_add,
21426 diff -urNp linux-2.6.32.1/drivers/char/hvc_rtas.c linux-2.6.32.1/drivers/char/hvc_rtas.c
21427 --- linux-2.6.32.1/drivers/char/hvc_rtas.c 2009-12-02 22:51:21.000000000 -0500
21428 +++ linux-2.6.32.1/drivers/char/hvc_rtas.c 2009-12-14 18:33:53.176782143 -0500
21429 @@ -71,7 +71,7 @@ static int hvc_rtas_read_console(uint32_
21433 -static struct hv_ops hvc_rtas_get_put_ops = {
21434 +static const struct hv_ops hvc_rtas_get_put_ops = {
21435 .get_chars = hvc_rtas_read_console,
21436 .put_chars = hvc_rtas_write_console,
21438 diff -urNp linux-2.6.32.1/drivers/char/hvcs.c linux-2.6.32.1/drivers/char/hvcs.c
21439 --- linux-2.6.32.1/drivers/char/hvcs.c 2009-12-02 22:51:21.000000000 -0500
21440 +++ linux-2.6.32.1/drivers/char/hvcs.c 2009-12-14 18:33:53.181857316 -0500
21441 @@ -269,7 +269,7 @@ struct hvcs_struct {
21442 unsigned int index;
21444 struct tty_struct *tty;
21446 + atomic_t open_count;
21449 * Used to tell the driver kernel_thread what operations need to take
21450 @@ -419,7 +419,7 @@ static ssize_t hvcs_vterm_state_store(st
21452 spin_lock_irqsave(&hvcsd->lock, flags);
21454 - if (hvcsd->open_count > 0) {
21455 + if (atomic_read(&hvcsd->open_count) > 0) {
21456 spin_unlock_irqrestore(&hvcsd->lock, flags);
21457 printk(KERN_INFO "HVCS: vterm state unchanged. "
21458 "The hvcs device node is still in use.\n");
21459 @@ -1135,7 +1135,7 @@ static int hvcs_open(struct tty_struct *
21460 if ((retval = hvcs_partner_connect(hvcsd)))
21461 goto error_release;
21463 - hvcsd->open_count = 1;
21464 + atomic_set(&hvcsd->open_count, 1);
21466 tty->driver_data = hvcsd;
21468 @@ -1169,7 +1169,7 @@ fast_open:
21470 spin_lock_irqsave(&hvcsd->lock, flags);
21471 kref_get(&hvcsd->kref);
21472 - hvcsd->open_count++;
21473 + atomic_inc(&hvcsd->open_count);
21474 hvcsd->todo_mask |= HVCS_SCHED_READ;
21475 spin_unlock_irqrestore(&hvcsd->lock, flags);
21477 @@ -1213,7 +1213,7 @@ static void hvcs_close(struct tty_struct
21478 hvcsd = tty->driver_data;
21480 spin_lock_irqsave(&hvcsd->lock, flags);
21481 - if (--hvcsd->open_count == 0) {
21482 + if (atomic_dec_and_test(&hvcsd->open_count)) {
21484 vio_disable_interrupts(hvcsd->vdev);
21486 @@ -1239,10 +1239,10 @@ static void hvcs_close(struct tty_struct
21487 free_irq(irq, hvcsd);
21488 kref_put(&hvcsd->kref, destroy_hvcs_struct);
21490 - } else if (hvcsd->open_count < 0) {
21491 + } else if (atomic_read(&hvcsd->open_count) < 0) {
21492 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
21493 " is missmanaged.\n",
21494 - hvcsd->vdev->unit_address, hvcsd->open_count);
21495 + hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count));
21498 spin_unlock_irqrestore(&hvcsd->lock, flags);
21499 @@ -1258,7 +1258,7 @@ static void hvcs_hangup(struct tty_struc
21501 spin_lock_irqsave(&hvcsd->lock, flags);
21502 /* Preserve this so that we know how many kref refs to put */
21503 - temp_open_count = hvcsd->open_count;
21504 + temp_open_count = atomic_read(&hvcsd->open_count);
21507 * Don't kref put inside the spinlock because the destruction
21508 @@ -1273,7 +1273,7 @@ static void hvcs_hangup(struct tty_struc
21509 hvcsd->tty->driver_data = NULL;
21512 - hvcsd->open_count = 0;
21513 + atomic_set(&hvcsd->open_count, 0);
21515 /* This will drop any buffered data on the floor which is OK in a hangup
21517 @@ -1344,7 +1344,7 @@ static int hvcs_write(struct tty_struct
21518 * the middle of a write operation? This is a crummy place to do this
21519 * but we want to keep it all in the spinlock.
21521 - if (hvcsd->open_count <= 0) {
21522 + if (atomic_read(&hvcsd->open_count) <= 0) {
21523 spin_unlock_irqrestore(&hvcsd->lock, flags);
21526 @@ -1418,7 +1418,7 @@ static int hvcs_write_room(struct tty_st
21528 struct hvcs_struct *hvcsd = tty->driver_data;
21530 - if (!hvcsd || hvcsd->open_count <= 0)
21531 + if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0)
21534 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
21535 diff -urNp linux-2.6.32.1/drivers/char/hvc_udbg.c linux-2.6.32.1/drivers/char/hvc_udbg.c
21536 --- linux-2.6.32.1/drivers/char/hvc_udbg.c 2009-12-02 22:51:21.000000000 -0500
21537 +++ linux-2.6.32.1/drivers/char/hvc_udbg.c 2009-12-14 18:33:53.182718847 -0500
21538 @@ -58,7 +58,7 @@ static int hvc_udbg_get(uint32_t vtermno
21542 -static struct hv_ops hvc_udbg_ops = {
21543 +static const struct hv_ops hvc_udbg_ops = {
21544 .get_chars = hvc_udbg_get,
21545 .put_chars = hvc_udbg_put,
21547 diff -urNp linux-2.6.32.1/drivers/char/hvc_vio.c linux-2.6.32.1/drivers/char/hvc_vio.c
21548 --- linux-2.6.32.1/drivers/char/hvc_vio.c 2009-12-02 22:51:21.000000000 -0500
21549 +++ linux-2.6.32.1/drivers/char/hvc_vio.c 2009-12-14 18:33:53.192868106 -0500
21550 @@ -77,7 +77,7 @@ static int filtered_get_chars(uint32_t v
21554 -static struct hv_ops hvc_get_put_ops = {
21555 +static const struct hv_ops hvc_get_put_ops = {
21556 .get_chars = filtered_get_chars,
21557 .put_chars = hvc_put_chars,
21558 .notifier_add = notifier_add_irq,
21559 diff -urNp linux-2.6.32.1/drivers/char/hvc_xen.c linux-2.6.32.1/drivers/char/hvc_xen.c
21560 --- linux-2.6.32.1/drivers/char/hvc_xen.c 2009-12-02 22:51:21.000000000 -0500
21561 +++ linux-2.6.32.1/drivers/char/hvc_xen.c 2009-12-14 18:33:53.199722723 -0500
21562 @@ -120,7 +120,7 @@ static int read_console(uint32_t vtermno
21566 -static struct hv_ops hvc_ops = {
21567 +static const struct hv_ops hvc_ops = {
21568 .get_chars = read_console,
21569 .put_chars = write_console,
21570 .notifier_add = notifier_add_irq,
21571 diff -urNp linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c
21572 --- linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c 2009-12-02 22:51:21.000000000 -0500
21573 +++ linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c 2009-12-14 18:33:53.217765021 -0500
21574 @@ -414,7 +414,7 @@ struct ipmi_smi {
21575 struct proc_dir_entry *proc_dir;
21576 char proc_dir_name[10];
21578 - atomic_t stats[IPMI_NUM_STATS];
21579 + atomic_unchecked_t stats[IPMI_NUM_STATS];
21582 * run_to_completion duplicate of smb_info, smi_info
21583 @@ -447,9 +447,9 @@ static DEFINE_MUTEX(smi_watchers_mutex);
21586 #define ipmi_inc_stat(intf, stat) \
21587 - atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
21588 + atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])
21589 #define ipmi_get_stat(intf, stat) \
21590 - ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
21591 + ((unsigned int) atomic_read_unchecked(&(intf)->stats[IPMI_STAT_ ## stat]))
21593 static int is_lan_addr(struct ipmi_addr *addr)
21595 @@ -2808,7 +2808,7 @@ int ipmi_register_smi(struct ipmi_smi_ha
21596 INIT_LIST_HEAD(&intf->cmd_rcvrs);
21597 init_waitqueue_head(&intf->waitq);
21598 for (i = 0; i < IPMI_NUM_STATS; i++)
21599 - atomic_set(&intf->stats[i], 0);
21600 + atomic_set_unchecked(&intf->stats[i], 0);
21602 intf->proc_dir = NULL;
21604 diff -urNp linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c
21605 --- linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c 2009-12-02 22:51:21.000000000 -0500
21606 +++ linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c 2009-12-14 18:33:53.230726881 -0500
21607 @@ -277,7 +277,7 @@ struct smi_info {
21608 unsigned char slave_addr;
21610 /* Counters and things for the proc filesystem. */
21611 - atomic_t stats[SI_NUM_STATS];
21612 + atomic_unchecked_t stats[SI_NUM_STATS];
21614 struct task_struct *thread;
21616 @@ -285,9 +285,9 @@ struct smi_info {
21619 #define smi_inc_stat(smi, stat) \
21620 - atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
21621 + atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat])
21622 #define smi_get_stat(smi, stat) \
21623 - ((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
21624 + ((unsigned int) atomic_read_unchecked(&(smi)->stats[SI_STAT_ ## stat]))
21626 #define SI_MAX_PARMS 4
21628 @@ -2926,7 +2926,7 @@ static int try_smi_init(struct smi_info
21629 atomic_set(&new_smi->req_events, 0);
21630 new_smi->run_to_completion = 0;
21631 for (i = 0; i < SI_NUM_STATS; i++)
21632 - atomic_set(&new_smi->stats[i], 0);
21633 + atomic_set_unchecked(&new_smi->stats[i], 0);
21635 new_smi->interrupt_disabled = 0;
21636 atomic_set(&new_smi->stop_operation, 0);
21637 diff -urNp linux-2.6.32.1/drivers/char/keyboard.c linux-2.6.32.1/drivers/char/keyboard.c
21638 --- linux-2.6.32.1/drivers/char/keyboard.c 2009-12-02 22:51:21.000000000 -0500
21639 +++ linux-2.6.32.1/drivers/char/keyboard.c 2009-12-14 18:33:53.232853602 -0500
21640 @@ -635,6 +635,16 @@ static void k_spec(struct vc_data *vc, u
21641 kbd->kbdmode == VC_MEDIUMRAW) &&
21642 value != KVAL(K_SAK))
21643 return; /* SAK is allowed even in raw mode */
21645 +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
21647 + void *func = fn_handler[value];
21648 + if (func == fn_show_state || func == fn_show_ptregs ||
21649 + func == fn_show_mem)
21654 fn_handler[value](vc);
21657 @@ -1386,7 +1396,7 @@ static const struct input_device_id kbd_
21658 .evbit = { BIT_MASK(EV_SND) },
21661 - { }, /* Terminating entry */
21662 + { 0 }, /* Terminating entry */
21665 MODULE_DEVICE_TABLE(input, kbd_ids);
21666 diff -urNp linux-2.6.32.1/drivers/char/mem.c linux-2.6.32.1/drivers/char/mem.c
21667 --- linux-2.6.32.1/drivers/char/mem.c 2009-12-02 22:51:21.000000000 -0500
21668 +++ linux-2.6.32.1/drivers/char/mem.c 2009-12-14 18:33:53.242721386 -0500
21670 #include <linux/raw.h>
21671 #include <linux/tty.h>
21672 #include <linux/capability.h>
21673 +#include <linux/security.h>
21674 #include <linux/ptrace.h>
21675 #include <linux/device.h>
21676 #include <linux/highmem.h>
21678 # include <linux/efi.h>
21681 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
21682 +extern struct file_operations grsec_fops;
21686 * Architectures vary in how they handle caching for addresses
21687 * outside of main memory.
21688 @@ -192,6 +197,11 @@ static ssize_t write_mem(struct file * f
21689 if (!valid_phys_addr_range(p, count))
21692 +#ifdef CONFIG_GRKERNSEC_KMEM
21693 + gr_handle_mem_write();
21699 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
21700 @@ -324,6 +334,11 @@ static int mmap_mem(struct file * file,
21701 &vma->vm_page_prot))
21704 +#ifdef CONFIG_GRKERNSEC_KMEM
21705 + if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma))
21709 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
21711 vma->vm_page_prot);
21712 @@ -558,6 +573,11 @@ static ssize_t write_kmem(struct file *
21714 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
21716 +#ifdef CONFIG_GRKERNSEC_KMEM
21717 + gr_handle_kmem_write();
21721 if (p < (unsigned long) high_memory) {
21724 @@ -763,6 +783,16 @@ static loff_t memory_lseek(struct file *
21726 static int open_port(struct inode * inode, struct file * filp)
21728 +#ifdef CONFIG_GRKERNSEC_KMEM
21729 + gr_handle_open_port();
21733 + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
21736 +static int open_mem(struct inode * inode, struct file * filp)
21738 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
21741 @@ -770,7 +800,6 @@ static int open_port(struct inode * inod
21742 #define full_lseek null_lseek
21743 #define write_zero write_null
21744 #define read_full read_zero
21745 -#define open_mem open_port
21746 #define open_kmem open_mem
21747 #define open_oldmem open_mem
21749 @@ -886,6 +915,9 @@ static const struct memdev {
21750 #ifdef CONFIG_CRASH_DUMP
21751 [12] = { "oldmem", 0, &oldmem_fops, NULL },
21753 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
21754 + [13] = { "grsec",S_IRUSR | S_IWUGO, &grsec_fops, NULL },
21758 static int memory_open(struct inode *inode, struct file *filp)
21759 diff -urNp linux-2.6.32.1/drivers/char/nvram.c linux-2.6.32.1/drivers/char/nvram.c
21760 --- linux-2.6.32.1/drivers/char/nvram.c 2009-12-02 22:51:21.000000000 -0500
21761 +++ linux-2.6.32.1/drivers/char/nvram.c 2009-12-14 18:33:53.252874352 -0500
21762 @@ -429,7 +429,10 @@ static const struct file_operations nvra
21763 static struct miscdevice nvram_dev = {
21773 static int __init nvram_init(void)
21774 diff -urNp linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c
21775 --- linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c 2009-12-02 22:51:21.000000000 -0500
21776 +++ linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c 2009-12-14 18:33:53.254793634 -0500
21777 @@ -51,7 +51,7 @@ struct ipw_tty {
21779 struct ipw_network *network;
21780 struct tty_struct *linux_tty;
21782 + atomic_t open_count;
21783 unsigned int control_lines;
21784 struct mutex ipw_tty_mutex;
21785 int tx_bytes_queued;
21786 @@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l
21787 mutex_unlock(&tty->ipw_tty_mutex);
21790 - if (tty->open_count == 0)
21791 + if (atomic_read(&tty->open_count) == 0)
21792 tty->tx_bytes_queued = 0;
21794 - tty->open_count++;
21795 + atomic_inc(&tty->open_count);
21797 tty->linux_tty = linux_tty;
21798 linux_tty->driver_data = tty;
21799 @@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l
21801 static void do_ipw_close(struct ipw_tty *tty)
21803 - tty->open_count--;
21805 - if (tty->open_count == 0) {
21806 + if (atomic_dec_return(&tty->open_count) == 0) {
21807 struct tty_struct *linux_tty = tty->linux_tty;
21809 if (linux_tty != NULL) {
21810 @@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct
21813 mutex_lock(&tty->ipw_tty_mutex);
21814 - if (tty->open_count == 0) {
21815 + if (atomic_read(&tty->open_count) == 0) {
21816 mutex_unlock(&tty->ipw_tty_mutex);
21819 @@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_
21823 - if (!tty->open_count) {
21824 + if (!atomic_read(&tty->open_count)) {
21825 mutex_unlock(&tty->ipw_tty_mutex);
21828 @@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct *
21831 mutex_lock(&tty->ipw_tty_mutex);
21832 - if (!tty->open_count) {
21833 + if (!atomic_read(&tty->open_count)) {
21834 mutex_unlock(&tty->ipw_tty_mutex);
21837 @@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str
21841 - if (!tty->open_count)
21842 + if (!atomic_read(&tty->open_count))
21845 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
21846 @@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt
21850 - if (!tty->open_count)
21851 + if (!atomic_read(&tty->open_count))
21854 return tty->tx_bytes_queued;
21855 @@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc
21859 - if (!tty->open_count)
21860 + if (!atomic_read(&tty->open_count))
21863 return get_control_lines(tty);
21864 @@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
21868 - if (!tty->open_count)
21869 + if (!atomic_read(&tty->open_count))
21872 return set_control_lines(tty, set, clear);
21873 @@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct *
21877 - if (!tty->open_count)
21878 + if (!atomic_read(&tty->open_count))
21881 /* FIXME: Exactly how is the tty object locked here .. */
21882 @@ -591,7 +589,7 @@ void ipwireless_tty_free(struct ipw_tty
21883 against a parallel ioctl etc */
21884 mutex_lock(&ttyj->ipw_tty_mutex);
21886 - while (ttyj->open_count)
21887 + while (atomic_read(&ttyj->open_count))
21888 do_ipw_close(ttyj);
21889 ipwireless_disassociate_network_ttys(network,
21890 ttyj->channel_idx);
21891 diff -urNp linux-2.6.32.1/drivers/char/pty.c linux-2.6.32.1/drivers/char/pty.c
21892 --- linux-2.6.32.1/drivers/char/pty.c 2009-12-02 22:51:21.000000000 -0500
21893 +++ linux-2.6.32.1/drivers/char/pty.c 2009-12-14 18:33:53.256868256 -0500
21894 @@ -682,7 +682,18 @@ static int ptmx_open(struct inode *inode
21898 -static struct file_operations ptmx_fops;
21899 +static const struct file_operations ptmx_fops = {
21900 + .llseek = no_llseek,
21901 + .read = tty_read,
21902 + .write = tty_write,
21903 + .poll = tty_poll,
21904 + .unlocked_ioctl = tty_ioctl,
21905 + .compat_ioctl = tty_compat_ioctl,
21906 + .open = ptmx_open,
21907 + .release = tty_release,
21908 + .fasync = tty_fasync,
21912 static void __init unix98_pty_init(void)
21914 @@ -736,9 +747,6 @@ static void __init unix98_pty_init(void)
21915 register_sysctl_table(pty_root_table);
21917 /* Now create the /dev/ptmx special device */
21918 - tty_default_fops(&ptmx_fops);
21919 - ptmx_fops.open = ptmx_open;
21921 cdev_init(&ptmx_cdev, &ptmx_fops);
21922 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
21923 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
21924 diff -urNp linux-2.6.32.1/drivers/char/random.c linux-2.6.32.1/drivers/char/random.c
21925 --- linux-2.6.32.1/drivers/char/random.c 2009-12-02 22:51:21.000000000 -0500
21926 +++ linux-2.6.32.1/drivers/char/random.c 2009-12-14 18:33:53.284775572 -0500
21927 @@ -254,8 +254,13 @@
21929 * Configuration information
21931 +#ifdef CONFIG_GRKERNSEC_RANDNET
21932 +#define INPUT_POOL_WORDS 512
21933 +#define OUTPUT_POOL_WORDS 128
21935 #define INPUT_POOL_WORDS 128
21936 #define OUTPUT_POOL_WORDS 32
21938 #define SEC_XFER_SIZE 512
21941 @@ -292,10 +297,17 @@ static struct poolinfo {
21943 int tap1, tap2, tap3, tap4, tap5;
21944 } poolinfo_table[] = {
21945 +#ifdef CONFIG_GRKERNSEC_RANDNET
21946 + /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
21947 + { 512, 411, 308, 208, 104, 1 },
21948 + /* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
21949 + { 128, 103, 76, 51, 25, 1 },
21951 /* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
21952 { 128, 103, 76, 51, 25, 1 },
21953 /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
21954 { 32, 26, 20, 14, 7, 1 },
21957 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
21958 { 2048, 1638, 1231, 819, 411, 1 },
21959 @@ -1218,7 +1230,7 @@ EXPORT_SYMBOL(generate_random_uuid);
21960 #include <linux/sysctl.h>
21962 static int min_read_thresh = 8, min_write_thresh;
21963 -static int max_read_thresh = INPUT_POOL_WORDS * 32;
21964 +static int max_read_thresh = OUTPUT_POOL_WORDS * 32;
21965 static int max_write_thresh = INPUT_POOL_WORDS * 32;
21966 static char sysctl_bootid[16];
21968 diff -urNp linux-2.6.32.1/drivers/char/sonypi.c linux-2.6.32.1/drivers/char/sonypi.c
21969 --- linux-2.6.32.1/drivers/char/sonypi.c 2009-12-02 22:51:21.000000000 -0500
21970 +++ linux-2.6.32.1/drivers/char/sonypi.c 2009-12-14 18:33:53.304842135 -0500
21971 @@ -491,7 +491,7 @@ static struct sonypi_device {
21972 spinlock_t fifo_lock;
21973 wait_queue_head_t fifo_proc_list;
21974 struct fasync_struct *fifo_async;
21976 + atomic_t open_count;
21978 struct input_dev *input_jog_dev;
21979 struct input_dev *input_key_dev;
21980 @@ -895,7 +895,7 @@ static int sonypi_misc_fasync(int fd, st
21981 static int sonypi_misc_release(struct inode *inode, struct file *file)
21983 mutex_lock(&sonypi_device.lock);
21984 - sonypi_device.open_count--;
21985 + atomic_dec(&sonypi_device.open_count);
21986 mutex_unlock(&sonypi_device.lock);
21989 @@ -905,9 +905,9 @@ static int sonypi_misc_open(struct inode
21991 mutex_lock(&sonypi_device.lock);
21992 /* Flush input queue on first open */
21993 - if (!sonypi_device.open_count)
21994 + if (!atomic_read(&sonypi_device.open_count))
21995 kfifo_reset(sonypi_device.fifo);
21996 - sonypi_device.open_count++;
21997 + atomic_inc(&sonypi_device.open_count);
21998 mutex_unlock(&sonypi_device.lock);
22001 diff -urNp linux-2.6.32.1/drivers/char/tpm/tpm_bios.c linux-2.6.32.1/drivers/char/tpm/tpm_bios.c
22002 --- linux-2.6.32.1/drivers/char/tpm/tpm_bios.c 2009-12-02 22:51:21.000000000 -0500
22003 +++ linux-2.6.32.1/drivers/char/tpm/tpm_bios.c 2009-12-14 18:33:53.329724049 -0500
22004 @@ -172,7 +172,7 @@ static void *tpm_bios_measurements_start
22007 if ((event->event_type == 0 && event->event_size == 0) ||
22008 - ((addr + sizeof(struct tcpa_event) + event->event_size) >= limit))
22009 + (event->event_size >= limit - addr - sizeof(struct tcpa_event)))
22013 @@ -197,7 +197,7 @@ static void *tpm_bios_measurements_next(
22016 if ((event->event_type == 0 && event->event_size == 0) ||
22017 - ((v + sizeof(struct tcpa_event) + event->event_size) >= limit))
22018 + (event->event_size >= limit - v - sizeof(struct tcpa_event)))
22022 @@ -290,7 +290,8 @@ static int tpm_binary_bios_measurements_
22025 for (i = 0; i < sizeof(struct tcpa_event) + event->event_size; i++)
22026 - seq_putc(m, data[i]);
22027 + if (!seq_putc(m, data[i]))
22032 @@ -409,6 +410,11 @@ static int read_log(struct tpm_bios_log
22033 log->bios_event_log_end = log->bios_event_log + len;
22035 virt = acpi_os_map_memory(start, len);
22037 + kfree(log->bios_event_log);
22038 + log->bios_event_log = NULL;
22042 memcpy(log->bios_event_log, virt, len);
22044 diff -urNp linux-2.6.32.1/drivers/char/tty_io.c linux-2.6.32.1/drivers/char/tty_io.c
22045 --- linux-2.6.32.1/drivers/char/tty_io.c 2009-12-02 22:51:21.000000000 -0500
22046 +++ linux-2.6.32.1/drivers/char/tty_io.c 2009-12-14 18:33:53.362910089 -0500
22047 @@ -136,21 +136,10 @@ LIST_HEAD(tty_drivers); /* linked list
22048 DEFINE_MUTEX(tty_mutex);
22049 EXPORT_SYMBOL(tty_mutex);
22051 -static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
22052 -static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
22053 ssize_t redirected_tty_write(struct file *, const char __user *,
22055 -static unsigned int tty_poll(struct file *, poll_table *);
22056 static int tty_open(struct inode *, struct file *);
22057 -static int tty_release(struct inode *, struct file *);
22058 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
22059 -#ifdef CONFIG_COMPAT
22060 -static long tty_compat_ioctl(struct file *file, unsigned int cmd,
22061 - unsigned long arg);
22063 -#define tty_compat_ioctl NULL
22065 -static int tty_fasync(int fd, struct file *filp, int on);
22066 static void release_tty(struct tty_struct *tty, int idx);
22067 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
22068 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
22069 @@ -870,7 +859,7 @@ EXPORT_SYMBOL(start_tty);
22070 * read calls may be outstanding in parallel.
22073 -static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
22074 +ssize_t tty_read(struct file *file, char __user *buf, size_t count,
22078 @@ -1045,7 +1034,7 @@ void tty_write_message(struct tty_struct
22079 * write method will not be invoked in parallel for each device.
22082 -static ssize_t tty_write(struct file *file, const char __user *buf,
22083 +ssize_t tty_write(struct file *file, const char __user *buf,
22084 size_t count, loff_t *ppos)
22086 struct tty_struct *tty;
22087 @@ -1865,7 +1854,7 @@ static int tty_open(struct inode *inode,
22088 * Takes bkl. See tty_release_dev
22091 -static int tty_release(struct inode *inode, struct file *filp)
22092 +int tty_release(struct inode *inode, struct file *filp)
22095 tty_release_dev(filp);
22096 @@ -1885,7 +1874,7 @@ static int tty_release(struct inode *ino
22097 * may be re-entered freely by other callers.
22100 -static unsigned int tty_poll(struct file *filp, poll_table *wait)
22101 +unsigned int tty_poll(struct file *filp, poll_table *wait)
22103 struct tty_struct *tty;
22104 struct tty_ldisc *ld;
22105 @@ -1902,7 +1891,7 @@ static unsigned int tty_poll(struct file
22109 -static int tty_fasync(int fd, struct file *filp, int on)
22110 +int tty_fasync(int fd, struct file *filp, int on)
22112 struct tty_struct *tty;
22113 unsigned long flags;
22114 @@ -2579,7 +2568,7 @@ long tty_ioctl(struct file *file, unsign
22117 #ifdef CONFIG_COMPAT
22118 -static long tty_compat_ioctl(struct file *file, unsigned int cmd,
22119 +long tty_compat_ioctl(struct file *file, unsigned int cmd,
22122 struct inode *inode = file->f_dentry->d_inode;
22123 @@ -3046,11 +3035,6 @@ struct tty_struct *get_current_tty(void)
22125 EXPORT_SYMBOL_GPL(get_current_tty);
22127 -void tty_default_fops(struct file_operations *fops)
22129 - *fops = tty_fops;
22133 * Initialize the console device. This is called *early*, so
22134 * we can't necessarily depend on lots of kernel help here.
22135 diff -urNp linux-2.6.32.1/drivers/char/tty_ldisc.c linux-2.6.32.1/drivers/char/tty_ldisc.c
22136 --- linux-2.6.32.1/drivers/char/tty_ldisc.c 2009-12-02 22:51:21.000000000 -0500
22137 +++ linux-2.6.32.1/drivers/char/tty_ldisc.c 2009-12-14 18:33:53.372863425 -0500
22138 @@ -73,7 +73,7 @@ static void put_ldisc(struct tty_ldisc *
22139 if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
22140 struct tty_ldisc_ops *ldo = ld->ops;
22143 + atomic_dec(&ldo->refcount);
22144 module_put(ldo->owner);
22145 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
22147 @@ -107,7 +107,7 @@ int tty_register_ldisc(int disc, struct
22148 spin_lock_irqsave(&tty_ldisc_lock, flags);
22149 tty_ldiscs[disc] = new_ldisc;
22150 new_ldisc->num = disc;
22151 - new_ldisc->refcount = 0;
22152 + atomic_set(&new_ldisc->refcount, 0);
22153 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
22156 @@ -135,7 +135,7 @@ int tty_unregister_ldisc(int disc)
22159 spin_lock_irqsave(&tty_ldisc_lock, flags);
22160 - if (tty_ldiscs[disc]->refcount)
22161 + if (atomic_read(&tty_ldiscs[disc]->refcount))
22164 tty_ldiscs[disc] = NULL;
22165 @@ -156,7 +156,7 @@ static struct tty_ldisc_ops *get_ldops(i
22167 ret = ERR_PTR(-EAGAIN);
22168 if (try_module_get(ldops->owner)) {
22169 - ldops->refcount++;
22170 + atomic_inc(&ldops->refcount);
22174 @@ -169,7 +169,7 @@ static void put_ldops(struct tty_ldisc_o
22175 unsigned long flags;
22177 spin_lock_irqsave(&tty_ldisc_lock, flags);
22178 - ldops->refcount--;
22179 + atomic_dec(&ldops->refcount);
22180 module_put(ldops->owner);
22181 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
22183 diff -urNp linux-2.6.32.1/drivers/char/virtio_console.c linux-2.6.32.1/drivers/char/virtio_console.c
22184 --- linux-2.6.32.1/drivers/char/virtio_console.c 2009-12-02 22:51:21.000000000 -0500
22185 +++ linux-2.6.32.1/drivers/char/virtio_console.c 2009-12-14 18:33:53.380875003 -0500
22186 @@ -44,6 +44,7 @@ static unsigned int in_len;
22187 static char *in, *inbuf;
22189 /* The operations for our console. */
22190 +/* cannot be const */
22191 static struct hv_ops virtio_cons;
22193 /* The hvc device */
22194 diff -urNp linux-2.6.32.1/drivers/char/vt_ioctl.c linux-2.6.32.1/drivers/char/vt_ioctl.c
22195 --- linux-2.6.32.1/drivers/char/vt_ioctl.c 2009-12-02 22:51:21.000000000 -0500
22196 +++ linux-2.6.32.1/drivers/char/vt_ioctl.c 2009-12-14 18:33:53.381790968 -0500
22197 @@ -226,6 +226,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __
22202 +#ifdef CONFIG_GRKERNSEC
22203 + if (!capable(CAP_SYS_TTY_CONFIG))
22207 if (!i && v == K_NOSUCHMAP) {
22208 /* deallocate map */
22209 key_map = key_maps[s];
22210 @@ -366,6 +372,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
22214 +#ifdef CONFIG_GRKERNSEC
22215 + if (!capable(CAP_SYS_TTY_CONFIG)) {
22222 first_free = funcbufptr + (funcbufsize - funcbufleft);
22223 for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++)
22224 diff -urNp linux-2.6.32.1/drivers/cpufreq/cpufreq.c linux-2.6.32.1/drivers/cpufreq/cpufreq.c
22225 --- linux-2.6.32.1/drivers/cpufreq/cpufreq.c 2009-12-02 22:51:21.000000000 -0500
22226 +++ linux-2.6.32.1/drivers/cpufreq/cpufreq.c 2009-12-14 18:33:53.428873908 -0500
22227 @@ -750,7 +750,7 @@ static void cpufreq_sysfs_release(struct
22228 complete(&policy->kobj_unregister);
22231 -static struct sysfs_ops sysfs_ops = {
22232 +static const struct sysfs_ops sysfs_ops = {
22236 diff -urNp linux-2.6.32.1/drivers/cpuidle/sysfs.c linux-2.6.32.1/drivers/cpuidle/sysfs.c
22237 --- linux-2.6.32.1/drivers/cpuidle/sysfs.c 2009-12-02 22:51:21.000000000 -0500
22238 +++ linux-2.6.32.1/drivers/cpuidle/sysfs.c 2009-12-14 18:33:53.453879656 -0500
22239 @@ -191,7 +191,7 @@ static ssize_t cpuidle_store(struct kobj
22243 -static struct sysfs_ops cpuidle_sysfs_ops = {
22244 +static const struct sysfs_ops cpuidle_sysfs_ops = {
22245 .show = cpuidle_show,
22246 .store = cpuidle_store,
22248 @@ -277,7 +277,7 @@ static ssize_t cpuidle_state_show(struct
22252 -static struct sysfs_ops cpuidle_state_sysfs_ops = {
22253 +static const struct sysfs_ops cpuidle_state_sysfs_ops = {
22254 .show = cpuidle_state_show,
22257 diff -urNp linux-2.6.32.1/drivers/dma/ioat/dma.c linux-2.6.32.1/drivers/dma/ioat/dma.c
22258 --- linux-2.6.32.1/drivers/dma/ioat/dma.c 2009-12-02 22:51:21.000000000 -0500
22259 +++ linux-2.6.32.1/drivers/dma/ioat/dma.c 2009-12-14 18:33:53.470726264 -0500
22260 @@ -1146,7 +1146,7 @@ ioat_attr_show(struct kobject *kobj, str
22261 return entry->show(&chan->common, page);
22264 -struct sysfs_ops ioat_sysfs_ops = {
22265 +const struct sysfs_ops ioat_sysfs_ops = {
22266 .show = ioat_attr_show,
22269 diff -urNp linux-2.6.32.1/drivers/dma/ioat/dma.h linux-2.6.32.1/drivers/dma/ioat/dma.h
22270 --- linux-2.6.32.1/drivers/dma/ioat/dma.h 2009-12-02 22:51:21.000000000 -0500
22271 +++ linux-2.6.32.1/drivers/dma/ioat/dma.h 2009-12-14 18:33:53.470726264 -0500
22272 @@ -329,7 +329,7 @@ bool ioat_cleanup_preamble(struct ioat_c
22273 unsigned long *phys_complete);
22274 void ioat_kobject_add(struct ioatdma_device *device, struct kobj_type *type);
22275 void ioat_kobject_del(struct ioatdma_device *device);
22276 -extern struct sysfs_ops ioat_sysfs_ops;
22277 +extern const struct sysfs_ops ioat_sysfs_ops;
22278 extern struct ioat_sysfs_entry ioat_version_attr;
22279 extern struct ioat_sysfs_entry ioat_cap_attr;
22280 #endif /* IOATDMA_H */
22281 diff -urNp linux-2.6.32.1/drivers/edac/edac_core.h linux-2.6.32.1/drivers/edac/edac_core.h
22282 --- linux-2.6.32.1/drivers/edac/edac_core.h 2009-12-02 22:51:21.000000000 -0500
22283 +++ linux-2.6.32.1/drivers/edac/edac_core.h 2009-12-14 18:33:53.485857498 -0500
22284 @@ -99,11 +99,11 @@ extern int edac_debug_level;
22286 #else /* !CONFIG_EDAC_DEBUG */
22288 -#define debugf0( ... )
22289 -#define debugf1( ... )
22290 -#define debugf2( ... )
22291 -#define debugf3( ... )
22292 -#define debugf4( ... )
22293 +#define debugf0( ... ) do {} while (0)
22294 +#define debugf1( ... ) do {} while (0)
22295 +#define debugf2( ... ) do {} while (0)
22296 +#define debugf3( ... ) do {} while (0)
22297 +#define debugf4( ... ) do {} while (0)
22299 #endif /* !CONFIG_EDAC_DEBUG */
22301 diff -urNp linux-2.6.32.1/drivers/edac/edac_device_sysfs.c linux-2.6.32.1/drivers/edac/edac_device_sysfs.c
22302 --- linux-2.6.32.1/drivers/edac/edac_device_sysfs.c 2009-12-02 22:51:21.000000000 -0500
22303 +++ linux-2.6.32.1/drivers/edac/edac_device_sysfs.c 2009-12-14 18:33:53.495749328 -0500
22304 @@ -137,7 +137,7 @@ static ssize_t edac_dev_ctl_info_store(s
22307 /* edac_dev file operations for an 'ctl_info' */
22308 -static struct sysfs_ops device_ctl_info_ops = {
22309 +static const struct sysfs_ops device_ctl_info_ops = {
22310 .show = edac_dev_ctl_info_show,
22311 .store = edac_dev_ctl_info_store
22313 @@ -373,7 +373,7 @@ static ssize_t edac_dev_instance_store(s
22316 /* edac_dev file operations for an 'instance' */
22317 -static struct sysfs_ops device_instance_ops = {
22318 +static const struct sysfs_ops device_instance_ops = {
22319 .show = edac_dev_instance_show,
22320 .store = edac_dev_instance_store
22322 @@ -476,7 +476,7 @@ static ssize_t edac_dev_block_store(stru
22325 /* edac_dev file operations for a 'block' */
22326 -static struct sysfs_ops device_block_ops = {
22327 +static const struct sysfs_ops device_block_ops = {
22328 .show = edac_dev_block_show,
22329 .store = edac_dev_block_store
22331 diff -urNp linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c
22332 --- linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c 2009-12-02 22:51:21.000000000 -0500
22333 +++ linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c 2009-12-14 18:33:53.501894531 -0500
22334 @@ -245,7 +245,7 @@ static ssize_t csrowdev_store(struct kob
22338 -static struct sysfs_ops csrowfs_ops = {
22339 +static const struct sysfs_ops csrowfs_ops = {
22340 .show = csrowdev_show,
22341 .store = csrowdev_store
22343 @@ -575,7 +575,7 @@ static ssize_t mcidev_store(struct kobje
22346 /* Intermediate show/store table */
22347 -static struct sysfs_ops mci_ops = {
22348 +static const struct sysfs_ops mci_ops = {
22349 .show = mcidev_show,
22350 .store = mcidev_store
22352 diff -urNp linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c
22353 --- linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c 2009-12-02 22:51:21.000000000 -0500
22354 +++ linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c 2009-12-14 18:33:53.510878837 -0500
22355 @@ -121,7 +121,7 @@ static ssize_t edac_pci_instance_store(s
22359 -static struct sysfs_ops pci_instance_ops = {
22360 +static const struct sysfs_ops pci_instance_ops = {
22361 .show = edac_pci_instance_show,
22362 .store = edac_pci_instance_store
22364 @@ -261,7 +261,7 @@ static ssize_t edac_pci_dev_store(struct
22368 -static struct sysfs_ops edac_pci_sysfs_ops = {
22369 +static const struct sysfs_ops edac_pci_sysfs_ops = {
22370 .show = edac_pci_dev_show,
22371 .store = edac_pci_dev_store
22373 diff -urNp linux-2.6.32.1/drivers/firmware/dmi_scan.c linux-2.6.32.1/drivers/firmware/dmi_scan.c
22374 --- linux-2.6.32.1/drivers/firmware/dmi_scan.c 2009-12-02 22:51:21.000000000 -0500
22375 +++ linux-2.6.32.1/drivers/firmware/dmi_scan.c 2009-12-14 18:33:53.521738420 -0500
22376 @@ -391,11 +391,6 @@ void __init dmi_scan_machine(void)
22381 - * no iounmap() for that ioremap(); it would be a no-op, but
22382 - * it's so early in setup that sucker gets confused into doing
22383 - * what it shouldn't if we actually call it.
22385 p = dmi_ioremap(0xF0000, 0x10000);
22388 diff -urNp linux-2.6.32.1/drivers/firmware/edd.c linux-2.6.32.1/drivers/firmware/edd.c
22389 --- linux-2.6.32.1/drivers/firmware/edd.c 2009-12-02 22:51:21.000000000 -0500
22390 +++ linux-2.6.32.1/drivers/firmware/edd.c 2009-12-14 18:33:53.521738420 -0500
22391 @@ -122,7 +122,7 @@ edd_attr_show(struct kobject * kobj, str
22395 -static struct sysfs_ops edd_attr_ops = {
22396 +static const struct sysfs_ops edd_attr_ops = {
22397 .show = edd_attr_show,
22400 diff -urNp linux-2.6.32.1/drivers/firmware/efivars.c linux-2.6.32.1/drivers/firmware/efivars.c
22401 --- linux-2.6.32.1/drivers/firmware/efivars.c 2009-12-02 22:51:21.000000000 -0500
22402 +++ linux-2.6.32.1/drivers/firmware/efivars.c 2009-12-14 18:33:53.532799691 -0500
22403 @@ -362,7 +362,7 @@ static ssize_t efivar_attr_store(struct
22407 -static struct sysfs_ops efivar_attr_ops = {
22408 +static const struct sysfs_ops efivar_attr_ops = {
22409 .show = efivar_attr_show,
22410 .store = efivar_attr_store,
22412 diff -urNp linux-2.6.32.1/drivers/firmware/iscsi_ibft.c linux-2.6.32.1/drivers/firmware/iscsi_ibft.c
22413 --- linux-2.6.32.1/drivers/firmware/iscsi_ibft.c 2009-12-02 22:51:21.000000000 -0500
22414 +++ linux-2.6.32.1/drivers/firmware/iscsi_ibft.c 2009-12-14 18:33:53.551823841 -0500
22415 @@ -525,7 +525,7 @@ static ssize_t ibft_show_attribute(struc
22419 -static struct sysfs_ops ibft_attr_ops = {
22420 +static const struct sysfs_ops ibft_attr_ops = {
22421 .show = ibft_show_attribute,
22424 diff -urNp linux-2.6.32.1/drivers/firmware/memmap.c linux-2.6.32.1/drivers/firmware/memmap.c
22425 --- linux-2.6.32.1/drivers/firmware/memmap.c 2009-12-02 22:51:21.000000000 -0500
22426 +++ linux-2.6.32.1/drivers/firmware/memmap.c 2009-12-14 18:33:53.553727803 -0500
22427 @@ -74,7 +74,7 @@ static struct attribute *def_attrs[] = {
22431 -static struct sysfs_ops memmap_attr_ops = {
22432 +static const struct sysfs_ops memmap_attr_ops = {
22433 .show = memmap_attr_show,
22436 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_drv.c linux-2.6.32.1/drivers/gpu/drm/drm_drv.c
22437 --- linux-2.6.32.1/drivers/gpu/drm/drm_drv.c 2009-12-02 22:51:21.000000000 -0500
22438 +++ linux-2.6.32.1/drivers/gpu/drm/drm_drv.c 2009-12-14 18:33:53.572891729 -0500
22439 @@ -417,7 +417,7 @@ int drm_ioctl(struct inode *inode, struc
22440 char *kdata = NULL;
22442 atomic_inc(&dev->ioctl_count);
22443 - atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]);
22444 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]);
22445 ++file_priv->ioctl_count;
22447 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
22448 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_fops.c linux-2.6.32.1/drivers/gpu/drm/drm_fops.c
22449 --- linux-2.6.32.1/drivers/gpu/drm/drm_fops.c 2009-12-02 22:51:21.000000000 -0500
22450 +++ linux-2.6.32.1/drivers/gpu/drm/drm_fops.c 2009-12-14 18:33:53.588910549 -0500
22451 @@ -66,7 +66,7 @@ static int drm_setup(struct drm_device *
22454 for (i = 0; i < ARRAY_SIZE(dev->counts); i++)
22455 - atomic_set(&dev->counts[i], 0);
22456 + atomic_set_unchecked(&dev->counts[i], 0);
22458 dev->sigdata.lock = NULL;
22460 @@ -130,9 +130,9 @@ int drm_open(struct inode *inode, struct
22462 retcode = drm_open_helper(inode, filp, dev);
22464 - atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
22465 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
22466 spin_lock(&dev->count_lock);
22467 - if (!dev->open_count++) {
22468 + if (atomic_inc_return(&dev->open_count) == 1) {
22469 spin_unlock(&dev->count_lock);
22470 retcode = drm_setup(dev);
22472 @@ -433,7 +433,7 @@ int drm_release(struct inode *inode, str
22476 - DRM_DEBUG("open_count = %d\n", dev->open_count);
22477 + DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count));
22479 if (dev->driver->preclose)
22480 dev->driver->preclose(dev, file_priv);
22481 @@ -445,7 +445,7 @@ int drm_release(struct inode *inode, str
22482 DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
22483 task_pid_nr(current),
22484 (long)old_encode_dev(file_priv->minor->device),
22485 - dev->open_count);
22486 + atomic_read(&dev->open_count));
22488 /* if the master has gone away we can't do anything with the lock */
22489 if (file_priv->minor->master)
22490 @@ -522,9 +522,9 @@ int drm_release(struct inode *inode, str
22491 * End inline drm_release
22494 - atomic_inc(&dev->counts[_DRM_STAT_CLOSES]);
22495 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
22496 spin_lock(&dev->count_lock);
22497 - if (!--dev->open_count) {
22498 + if (atomic_dec_and_test(&dev->open_count)) {
22499 if (atomic_read(&dev->ioctl_count)) {
22500 DRM_ERROR("Device busy: %d\n",
22501 atomic_read(&dev->ioctl_count));
22502 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c
22503 --- linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c 2009-12-02 22:51:21.000000000 -0500
22504 +++ linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c 2009-12-14 18:33:53.608913123 -0500
22505 @@ -283,7 +283,7 @@ int drm_getstats(struct drm_device *dev,
22506 stats->data[i].value =
22507 (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0);
22509 - stats->data[i].value = atomic_read(&dev->counts[i]);
22510 + stats->data[i].value = atomic_read_unchecked(&dev->counts[i]);
22511 stats->data[i].type = dev->types[i];
22514 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_lock.c linux-2.6.32.1/drivers/gpu/drm/drm_lock.c
22515 --- linux-2.6.32.1/drivers/gpu/drm/drm_lock.c 2009-12-02 22:51:21.000000000 -0500
22516 +++ linux-2.6.32.1/drivers/gpu/drm/drm_lock.c 2009-12-14 18:33:53.616909727 -0500
22517 @@ -87,7 +87,7 @@ int drm_lock(struct drm_device *dev, voi
22518 if (drm_lock_take(&master->lock, lock->context)) {
22519 master->lock.file_priv = file_priv;
22520 master->lock.lock_time = jiffies;
22521 - atomic_inc(&dev->counts[_DRM_STAT_LOCKS]);
22522 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_LOCKS]);
22523 break; /* Got lock */
22526 @@ -165,7 +165,7 @@ int drm_unlock(struct drm_device *dev, v
22530 - atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
22531 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_UNLOCKS]);
22533 /* kernel_context_switch isn't used by any of the x86 drm
22534 * modules but is required by the Sparc driver.
22535 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c
22536 --- linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c 2009-12-02 22:51:21.000000000 -0500
22537 +++ linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c 2009-12-14 18:33:53.638897561 -0500
22538 @@ -952,8 +952,8 @@ static int i810_dma_vertex(struct drm_de
22539 dma->buflist[vertex->idx],
22540 vertex->discard, vertex->used);
22542 - atomic_add(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
22543 - atomic_inc(&dev->counts[_DRM_STAT_DMA]);
22544 + atomic_add_unchecked(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
22545 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
22546 sarea_priv->last_enqueue = dev_priv->counter - 1;
22547 sarea_priv->last_dispatch = (int)hw_status[5];
22549 @@ -1115,8 +1115,8 @@ static int i810_dma_mc(struct drm_device
22550 i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
22553 - atomic_add(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
22554 - atomic_inc(&dev->counts[_DRM_STAT_DMA]);
22555 + atomic_add_unchecked(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
22556 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
22557 sarea_priv->last_enqueue = dev_priv->counter - 1;
22558 sarea_priv->last_dispatch = (int)hw_status[5];
22560 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c
22561 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c 2009-12-02 22:51:21.000000000 -0500
22562 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c 2009-12-14 18:33:53.639841412 -0500
22563 @@ -443,7 +443,7 @@ static void ch7017_destroy(struct intel_
22567 -struct intel_dvo_dev_ops ch7017_ops = {
22568 +const struct intel_dvo_dev_ops ch7017_ops = {
22569 .init = ch7017_init,
22570 .detect = ch7017_detect,
22571 .mode_valid = ch7017_mode_valid,
22572 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c
22573 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c 2009-12-02 22:51:21.000000000 -0500
22574 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c 2009-12-14 18:33:53.649915069 -0500
22575 @@ -356,7 +356,7 @@ static void ch7xxx_destroy(struct intel_
22579 -struct intel_dvo_dev_ops ch7xxx_ops = {
22580 +const struct intel_dvo_dev_ops ch7xxx_ops = {
22581 .init = ch7xxx_init,
22582 .detect = ch7xxx_detect,
22583 .mode_valid = ch7xxx_mode_valid,
22584 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h
22585 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h 2009-12-02 22:51:21.000000000 -0500
22586 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h 2009-12-14 18:33:53.651903938 -0500
22587 @@ -135,23 +135,23 @@ struct intel_dvo_dev_ops {
22589 * \return singly-linked list of modes or NULL if no modes found.
22591 - struct drm_display_mode *(*get_modes)(struct intel_dvo_device *dvo);
22592 + struct drm_display_mode *(* const get_modes)(struct intel_dvo_device *dvo);
22595 * Clean up driver-specific bits of the output
22597 - void (*destroy) (struct intel_dvo_device *dvo);
22598 + void (* const destroy) (struct intel_dvo_device *dvo);
22601 * Debugging hook to dump device registers to log file
22603 - void (*dump_regs)(struct intel_dvo_device *dvo);
22604 + void (* const dump_regs)(struct intel_dvo_device *dvo);
22607 -extern struct intel_dvo_dev_ops sil164_ops;
22608 -extern struct intel_dvo_dev_ops ch7xxx_ops;
22609 -extern struct intel_dvo_dev_ops ivch_ops;
22610 -extern struct intel_dvo_dev_ops tfp410_ops;
22611 -extern struct intel_dvo_dev_ops ch7017_ops;
22612 +extern const struct intel_dvo_dev_ops sil164_ops;
22613 +extern const struct intel_dvo_dev_ops ch7xxx_ops;
22614 +extern const struct intel_dvo_dev_ops ivch_ops;
22615 +extern const struct intel_dvo_dev_ops tfp410_ops;
22616 +extern const struct intel_dvo_dev_ops ch7017_ops;
22618 #endif /* _INTEL_DVO_H */
22619 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c
22620 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c 2009-12-02 22:51:21.000000000 -0500
22621 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c 2009-12-14 18:33:53.652837364 -0500
22622 @@ -430,7 +430,7 @@ static void ivch_destroy(struct intel_dv
22626 -struct intel_dvo_dev_ops ivch_ops= {
22627 +const struct intel_dvo_dev_ops ivch_ops= {
22631 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c
22632 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c 2009-12-02 22:51:21.000000000 -0500
22633 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c 2009-12-14 18:33:53.653698666 -0500
22634 @@ -290,7 +290,7 @@ static void sil164_destroy(struct intel_
22638 -struct intel_dvo_dev_ops sil164_ops = {
22639 +const struct intel_dvo_dev_ops sil164_ops = {
22640 .init = sil164_init,
22641 .detect = sil164_detect,
22642 .mode_valid = sil164_mode_valid,
22643 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c
22644 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c 2009-12-02 22:51:21.000000000 -0500
22645 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c 2009-12-14 18:33:53.657792583 -0500
22646 @@ -323,7 +323,7 @@ static void tfp410_destroy(struct intel_
22650 -struct intel_dvo_dev_ops tfp410_ops = {
22651 +const struct intel_dvo_dev_ops tfp410_ops = {
22652 .init = tfp410_init,
22653 .detect = tfp410_detect,
22654 .mode_valid = tfp410_mode_valid,
22655 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c
22656 --- linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c 2009-12-02 22:51:21.000000000 -0500
22657 +++ linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c 2009-12-14 18:33:53.666913342 -0500
22658 @@ -284,7 +284,7 @@ i915_pci_resume(struct pci_dev *pdev)
22659 return i915_resume(dev);
22662 -static struct vm_operations_struct i915_gem_vm_ops = {
22663 +static const struct vm_operations_struct i915_gem_vm_ops = {
22664 .fault = i915_gem_fault,
22665 .open = drm_gem_vm_open,
22666 .close = drm_gem_vm_close,
22667 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c
22668 --- linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c 2009-12-02 22:51:21.000000000 -0500
22669 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c 2009-12-14 18:33:53.695940128 -0500
22670 @@ -637,14 +637,14 @@ static int parser_auth(struct table *t,
22672 regmatch_t match[4];
22680 struct offset *offset;
22681 char last_reg_s[10];
22683 + unsigned long last_reg;
22686 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
22687 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c
22688 --- linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c 2009-12-02 22:51:21.000000000 -0500
22689 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c 2009-12-14 18:33:53.710935550 -0500
22690 @@ -496,13 +496,13 @@ static uint16_t atombios_get_connector_o
22694 -struct bios_connector {
22695 +static struct bios_connector {
22699 int connector_type;
22700 struct radeon_i2c_bus_rec ddc_bus;
22702 +} bios_connectors[ATOM_MAX_SUPPORTED_DEVICE];
22704 bool radeon_get_atom_connector_info_from_supported_devices_table(struct
22706 @@ -518,7 +518,6 @@ bool radeon_get_atom_connector_info_from
22708 union atom_supported_devices *supported_devices;
22710 - struct bios_connector bios_connectors[ATOM_MAX_SUPPORTED_DEVICE];
22712 atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset);
22714 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c
22715 --- linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c 2009-12-02 22:51:21.000000000 -0500
22716 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c 2009-12-14 18:33:53.753040028 -0500
22717 @@ -3014,7 +3014,7 @@ static int radeon_cp_getparam(struct drm
22719 drm_radeon_private_t *dev_priv = dev->dev_private;
22720 drm_radeon_getparam_t *param = data;
22724 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
22726 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c
22727 --- linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c 2009-12-02 22:51:21.000000000 -0500
22728 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c 2009-12-14 18:33:53.759914568 -0500
22729 @@ -535,27 +535,10 @@ void radeon_ttm_fini(struct radeon_devic
22730 DRM_INFO("radeon: ttm finalized\n");
22733 -static struct vm_operations_struct radeon_ttm_vm_ops;
22734 -static const struct vm_operations_struct *ttm_vm_ops = NULL;
22736 -static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
22738 - struct ttm_buffer_object *bo;
22741 - bo = (struct ttm_buffer_object *)vma->vm_private_data;
22742 - if (bo == NULL) {
22743 - return VM_FAULT_NOPAGE;
22745 - r = ttm_vm_ops->fault(vma, vmf);
22749 int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
22751 struct drm_file *file_priv;
22752 struct radeon_device *rdev;
22755 if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) {
22756 return drm_mmap(filp, vma);
22757 @@ -563,20 +546,9 @@ int radeon_mmap(struct file *filp, struc
22759 file_priv = (struct drm_file *)filp->private_data;
22760 rdev = file_priv->minor->dev->dev_private;
22761 - if (rdev == NULL) {
22765 - r = ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
22766 - if (unlikely(r != 0)) {
22769 - if (unlikely(ttm_vm_ops == NULL)) {
22770 - ttm_vm_ops = vma->vm_ops;
22771 - radeon_ttm_vm_ops = *ttm_vm_ops;
22772 - radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
22774 - vma->vm_ops = &radeon_ttm_vm_ops;
22776 + return ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
22780 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c
22781 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c 2009-12-02 22:51:21.000000000 -0500
22782 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c 2009-12-14 18:33:53.790952799 -0500
22783 @@ -67,7 +67,7 @@ static struct attribute *ttm_bo_global_a
22787 -static struct sysfs_ops ttm_bo_global_ops = {
22788 +static const struct sysfs_ops ttm_bo_global_ops = {
22789 .show = &ttm_bo_global_show
22792 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c
22793 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c 2009-12-02 22:51:21.000000000 -0500
22794 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c 2009-12-14 18:33:53.799846277 -0500
22795 @@ -73,7 +73,7 @@ static int ttm_bo_vm_fault(struct vm_are
22797 struct ttm_buffer_object *bo = (struct ttm_buffer_object *)
22798 vma->vm_private_data;
22799 - struct ttm_bo_device *bdev = bo->bdev;
22800 + struct ttm_bo_device *bdev;
22801 unsigned long bus_base;
22802 unsigned long bus_offset;
22803 unsigned long bus_size;
22804 @@ -88,6 +88,10 @@ static int ttm_bo_vm_fault(struct vm_are
22805 unsigned long address = (unsigned long)vmf->virtual_address;
22806 int retval = VM_FAULT_NOPAGE;
22809 + return VM_FAULT_NOPAGE;
22813 * Work around locking order reversal in fault / nopfn
22814 * between mmap_sem and bo_reserve: Perform a trylock operation
22815 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c
22816 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c 2009-12-02 22:51:21.000000000 -0500
22817 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c 2009-12-14 18:33:53.800702145 -0500
22819 struct ttm_global_item {
22820 struct mutex mutex;
22823 + atomic_t refcount;
22826 static struct ttm_global_item glob[TTM_GLOBAL_NUM];
22827 @@ -49,7 +49,7 @@ void ttm_global_init(void)
22828 struct ttm_global_item *item = &glob[i];
22829 mutex_init(&item->mutex);
22830 item->object = NULL;
22831 - item->refcount = 0;
22832 + atomic_set(&item->refcount, 0);
22836 @@ -59,7 +59,7 @@ void ttm_global_release(void)
22837 for (i = 0; i < TTM_GLOBAL_NUM; ++i) {
22838 struct ttm_global_item *item = &glob[i];
22839 BUG_ON(item->object != NULL);
22840 - BUG_ON(item->refcount != 0);
22841 + BUG_ON(atomic_read(&item->refcount) != 0);
22845 @@ -70,7 +70,7 @@ int ttm_global_item_ref(struct ttm_globa
22848 mutex_lock(&item->mutex);
22849 - if (item->refcount == 0) {
22850 + if (atomic_read(&item->refcount) == 0) {
22851 item->object = kzalloc(ref->size, GFP_KERNEL);
22852 if (unlikely(item->object == NULL)) {
22854 @@ -83,7 +83,7 @@ int ttm_global_item_ref(struct ttm_globa
22858 - ++item->refcount;
22859 + atomic_inc(&item->refcount);
22860 ref->object = item->object;
22861 object = item->object;
22862 mutex_unlock(&item->mutex);
22863 @@ -100,9 +100,9 @@ void ttm_global_item_unref(struct ttm_gl
22864 struct ttm_global_item *item = &glob[ref->global_type];
22866 mutex_lock(&item->mutex);
22867 - BUG_ON(item->refcount == 0);
22868 + BUG_ON(atomic_read(&item->refcount) == 0);
22869 BUG_ON(ref->object != item->object);
22870 - if (--item->refcount == 0) {
22871 + if (atomic_dec_and_test(&item->refcount)) {
22873 item->object = NULL;
22875 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c
22876 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c 2009-12-02 22:51:21.000000000 -0500
22877 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c 2009-12-14 18:33:53.815912678 -0500
22878 @@ -152,7 +152,7 @@ static struct attribute *ttm_mem_zone_at
22882 -static struct sysfs_ops ttm_mem_zone_ops = {
22883 +static const struct sysfs_ops ttm_mem_zone_ops = {
22884 .show = &ttm_mem_zone_show,
22885 .store = &ttm_mem_zone_store
22887 diff -urNp linux-2.6.32.1/drivers/hwmon/k8temp.c linux-2.6.32.1/drivers/hwmon/k8temp.c
22888 --- linux-2.6.32.1/drivers/hwmon/k8temp.c 2009-12-02 22:51:21.000000000 -0500
22889 +++ linux-2.6.32.1/drivers/hwmon/k8temp.c 2009-12-14 18:33:53.837839651 -0500
22890 @@ -138,7 +138,7 @@ static DEVICE_ATTR(name, S_IRUGO, show_n
22892 static struct pci_device_id k8temp_ids[] = {
22893 { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) },
22895 + { 0, 0, 0, 0, 0, 0, 0 },
22898 MODULE_DEVICE_TABLE(pci, k8temp_ids);
22899 diff -urNp linux-2.6.32.1/drivers/hwmon/sis5595.c linux-2.6.32.1/drivers/hwmon/sis5595.c
22900 --- linux-2.6.32.1/drivers/hwmon/sis5595.c 2009-12-02 22:51:21.000000000 -0500
22901 +++ linux-2.6.32.1/drivers/hwmon/sis5595.c 2009-12-14 18:33:53.850721491 -0500
22902 @@ -699,7 +699,7 @@ static struct sis5595_data *sis5595_upda
22904 static struct pci_device_id sis5595_pci_ids[] = {
22905 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
22907 + { 0, 0, 0, 0, 0, 0, 0 }
22910 MODULE_DEVICE_TABLE(pci, sis5595_pci_ids);
22911 diff -urNp linux-2.6.32.1/drivers/hwmon/via686a.c linux-2.6.32.1/drivers/hwmon/via686a.c
22912 --- linux-2.6.32.1/drivers/hwmon/via686a.c 2009-12-02 22:51:21.000000000 -0500
22913 +++ linux-2.6.32.1/drivers/hwmon/via686a.c 2009-12-14 18:33:53.854780877 -0500
22914 @@ -769,7 +769,7 @@ static struct via686a_data *via686a_upda
22916 static struct pci_device_id via686a_pci_ids[] = {
22917 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_82C686_4) },
22919 + { 0, 0, 0, 0, 0, 0, 0 }
22922 MODULE_DEVICE_TABLE(pci, via686a_pci_ids);
22923 diff -urNp linux-2.6.32.1/drivers/hwmon/vt8231.c linux-2.6.32.1/drivers/hwmon/vt8231.c
22924 --- linux-2.6.32.1/drivers/hwmon/vt8231.c 2009-12-02 22:51:21.000000000 -0500
22925 +++ linux-2.6.32.1/drivers/hwmon/vt8231.c 2009-12-14 18:33:53.875735911 -0500
22926 @@ -699,7 +699,7 @@ static struct platform_driver vt8231_dri
22928 static struct pci_device_id vt8231_pci_ids[] = {
22929 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_8231_4) },
22931 + { 0, 0, 0, 0, 0, 0, 0 }
22934 MODULE_DEVICE_TABLE(pci, vt8231_pci_ids);
22935 diff -urNp linux-2.6.32.1/drivers/hwmon/w83791d.c linux-2.6.32.1/drivers/hwmon/w83791d.c
22936 --- linux-2.6.32.1/drivers/hwmon/w83791d.c 2009-12-02 22:51:21.000000000 -0500
22937 +++ linux-2.6.32.1/drivers/hwmon/w83791d.c 2009-12-14 18:33:53.884931052 -0500
22938 @@ -330,8 +330,8 @@ static int w83791d_detect(struct i2c_cli
22939 struct i2c_board_info *info);
22940 static int w83791d_remove(struct i2c_client *client);
22942 -static int w83791d_read(struct i2c_client *client, u8 register);
22943 -static int w83791d_write(struct i2c_client *client, u8 register, u8 value);
22944 +static int w83791d_read(struct i2c_client *client, u8 reg);
22945 +static int w83791d_write(struct i2c_client *client, u8 reg, u8 value);
22946 static struct w83791d_data *w83791d_update_device(struct device *dev);
22949 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c
22950 --- linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c 2009-12-02 22:51:21.000000000 -0500
22951 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c 2009-12-14 18:33:53.906972021 -0500
22952 @@ -578,7 +578,7 @@ static struct pci_device_id i801_ids[] =
22953 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_4) },
22954 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_5) },
22955 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PCH_SMBUS) },
22957 + { 0, 0, 0, 0, 0, 0, 0 }
22960 MODULE_DEVICE_TABLE (pci, i801_ids);
22961 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c
22962 --- linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c 2009-12-02 22:51:21.000000000 -0500
22963 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c 2009-12-14 18:33:53.918718926 -0500
22964 @@ -124,7 +124,7 @@ static struct dmi_system_id __devinitdat
22966 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
22969 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22972 static int __devinit piix4_setup(struct pci_dev *PIIX4_dev,
22973 @@ -491,7 +491,7 @@ static struct pci_device_id piix4_ids[]
22974 PCI_DEVICE_ID_SERVERWORKS_HT1000SB) },
22975 { PCI_DEVICE(PCI_VENDOR_ID_SERVERWORKS,
22976 PCI_DEVICE_ID_SERVERWORKS_HT1100LD) },
22978 + { 0, 0, 0, 0, 0, 0, 0 }
22981 MODULE_DEVICE_TABLE (pci, piix4_ids);
22982 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c
22983 --- linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c 2009-12-02 22:51:21.000000000 -0500
22984 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c 2009-12-14 18:33:53.925070570 -0500
22985 @@ -471,7 +471,7 @@ static struct i2c_adapter sis630_adapter
22986 static struct pci_device_id sis630_ids[] __devinitdata = {
22987 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
22988 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_LPC) },
22990 + { 0, 0, 0, 0, 0, 0, 0 }
22993 MODULE_DEVICE_TABLE (pci, sis630_ids);
22994 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c
22995 --- linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c 2009-12-02 22:51:21.000000000 -0500
22996 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c 2009-12-14 18:33:53.931866082 -0500
22997 @@ -247,7 +247,7 @@ static struct i2c_adapter sis96x_adapter
22999 static struct pci_device_id sis96x_ids[] = {
23000 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_SMBUS) },
23002 + { 0, 0, 0, 0, 0, 0, 0 }
23005 MODULE_DEVICE_TABLE (pci, sis96x_ids);
23006 diff -urNp linux-2.6.32.1/drivers/ide/ide-cd.c linux-2.6.32.1/drivers/ide/ide-cd.c
23007 --- linux-2.6.32.1/drivers/ide/ide-cd.c 2009-12-02 22:51:21.000000000 -0500
23008 +++ linux-2.6.32.1/drivers/ide/ide-cd.c 2009-12-14 18:33:53.955714837 -0500
23009 @@ -766,7 +766,7 @@ static void cdrom_do_block_pc(ide_drive_
23010 alignment = queue_dma_alignment(q) | q->dma_pad_mask;
23011 if ((unsigned long)buf & alignment
23012 || blk_rq_bytes(rq) & q->dma_pad_mask
23013 - || object_is_on_stack(buf))
23014 + || object_starts_on_stack(buf))
23018 diff -urNp linux-2.6.32.1/drivers/ieee1394/dv1394.c linux-2.6.32.1/drivers/ieee1394/dv1394.c
23019 --- linux-2.6.32.1/drivers/ieee1394/dv1394.c 2009-12-02 22:51:21.000000000 -0500
23020 +++ linux-2.6.32.1/drivers/ieee1394/dv1394.c 2009-12-14 18:33:53.975925674 -0500
23021 @@ -739,7 +739,7 @@ static void frame_prepare(struct video_c
23022 based upon DIF section and sequence
23025 -static void inline
23026 +static inline void
23027 frame_put_packet (struct frame *f, struct packet *p)
23029 int section_type = p->data[0] >> 5; /* section type is in bits 5 - 7 */
23030 @@ -2178,7 +2178,7 @@ static const struct ieee1394_device_id d
23031 .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
23032 .version = AVC_SW_VERSION_ENTRY & 0xffffff
23035 + { 0, 0, 0, 0, 0, 0 }
23038 MODULE_DEVICE_TABLE(ieee1394, dv1394_id_table);
23039 diff -urNp linux-2.6.32.1/drivers/ieee1394/eth1394.c linux-2.6.32.1/drivers/ieee1394/eth1394.c
23040 --- linux-2.6.32.1/drivers/ieee1394/eth1394.c 2009-12-02 22:51:21.000000000 -0500
23041 +++ linux-2.6.32.1/drivers/ieee1394/eth1394.c 2009-12-14 18:33:53.990866635 -0500
23042 @@ -446,7 +446,7 @@ static const struct ieee1394_device_id e
23043 .specifier_id = ETHER1394_GASP_SPECIFIER_ID,
23044 .version = ETHER1394_GASP_VERSION,
23047 + { 0, 0, 0, 0, 0, 0 }
23050 MODULE_DEVICE_TABLE(ieee1394, eth1394_id_table);
23051 diff -urNp linux-2.6.32.1/drivers/ieee1394/hosts.c linux-2.6.32.1/drivers/ieee1394/hosts.c
23052 --- linux-2.6.32.1/drivers/ieee1394/hosts.c 2009-12-02 22:51:21.000000000 -0500
23053 +++ linux-2.6.32.1/drivers/ieee1394/hosts.c 2009-12-14 18:33:53.993836998 -0500
23054 @@ -78,6 +78,7 @@ static int dummy_isoctl(struct hpsb_iso
23057 static struct hpsb_host_driver dummy_driver = {
23059 .transmit_packet = dummy_transmit_packet,
23060 .devctl = dummy_devctl,
23061 .isoctl = dummy_isoctl
23062 diff -urNp linux-2.6.32.1/drivers/ieee1394/ohci1394.c linux-2.6.32.1/drivers/ieee1394/ohci1394.c
23063 --- linux-2.6.32.1/drivers/ieee1394/ohci1394.c 2009-12-02 22:51:21.000000000 -0500
23064 +++ linux-2.6.32.1/drivers/ieee1394/ohci1394.c 2009-12-14 18:33:54.019740665 -0500
23065 @@ -147,9 +147,9 @@ printk(level "%s: " fmt "\n" , OHCI1394_
23066 printk(level "%s: fw-host%d: " fmt "\n" , OHCI1394_DRIVER_NAME, ohci->host->id , ## args)
23068 /* Module Parameters */
23069 -static int phys_dma = 1;
23070 +static int phys_dma;
23071 module_param(phys_dma, int, 0444);
23072 -MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 1).");
23073 +MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 0).");
23075 static void dma_trm_tasklet(unsigned long data);
23076 static void dma_trm_reset(struct dma_trm_ctx *d);
23077 @@ -3449,7 +3449,7 @@ static struct pci_device_id ohci1394_pci
23078 .subvendor = PCI_ANY_ID,
23079 .subdevice = PCI_ANY_ID,
23082 + { 0, 0, 0, 0, 0, 0, 0 },
23085 MODULE_DEVICE_TABLE(pci, ohci1394_pci_tbl);
23086 diff -urNp linux-2.6.32.1/drivers/ieee1394/raw1394.c linux-2.6.32.1/drivers/ieee1394/raw1394.c
23087 --- linux-2.6.32.1/drivers/ieee1394/raw1394.c 2009-12-02 22:51:21.000000000 -0500
23088 +++ linux-2.6.32.1/drivers/ieee1394/raw1394.c 2009-12-14 18:33:54.021823202 -0500
23089 @@ -3002,7 +3002,7 @@ static const struct ieee1394_device_id r
23090 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
23091 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
23092 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
23094 + { 0, 0, 0, 0, 0, 0 }
23097 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
23098 diff -urNp linux-2.6.32.1/drivers/ieee1394/sbp2.c linux-2.6.32.1/drivers/ieee1394/sbp2.c
23099 --- linux-2.6.32.1/drivers/ieee1394/sbp2.c 2009-12-02 22:51:21.000000000 -0500
23100 +++ linux-2.6.32.1/drivers/ieee1394/sbp2.c 2009-12-14 18:33:54.041973386 -0500
23101 @@ -290,7 +290,7 @@ static const struct ieee1394_device_id s
23102 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
23103 .specifier_id = SBP2_UNIT_SPEC_ID_ENTRY & 0xffffff,
23104 .version = SBP2_SW_VERSION_ENTRY & 0xffffff},
23106 + { 0, 0, 0, 0, 0, 0 }
23108 MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);
23110 @@ -2111,7 +2111,7 @@ MODULE_DESCRIPTION("IEEE-1394 SBP-2 prot
23111 MODULE_SUPPORTED_DEVICE(SBP2_DEVICE_NAME);
23112 MODULE_LICENSE("GPL");
23114 -static int sbp2_module_init(void)
23115 +static int __init sbp2_module_init(void)
23119 diff -urNp linux-2.6.32.1/drivers/ieee1394/video1394.c linux-2.6.32.1/drivers/ieee1394/video1394.c
23120 --- linux-2.6.32.1/drivers/ieee1394/video1394.c 2009-12-02 22:51:21.000000000 -0500
23121 +++ linux-2.6.32.1/drivers/ieee1394/video1394.c 2009-12-14 18:33:54.056833945 -0500
23122 @@ -1311,7 +1311,7 @@ static const struct ieee1394_device_id v
23123 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
23124 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff
23127 + { 0, 0, 0, 0, 0, 0 }
23130 MODULE_DEVICE_TABLE(ieee1394, video1394_id_table);
23131 diff -urNp linux-2.6.32.1/drivers/infiniband/core/cm.c linux-2.6.32.1/drivers/infiniband/core/cm.c
23132 --- linux-2.6.32.1/drivers/infiniband/core/cm.c 2009-12-02 22:51:21.000000000 -0500
23133 +++ linux-2.6.32.1/drivers/infiniband/core/cm.c 2009-12-14 18:33:54.074829229 -0500
23134 @@ -3597,7 +3597,7 @@ static ssize_t cm_show_counter(struct ko
23135 atomic_long_read(&group->counter[cm_attr->index]));
23138 -static struct sysfs_ops cm_counter_ops = {
23139 +static const struct sysfs_ops cm_counter_ops = {
23140 .show = cm_show_counter
23143 diff -urNp linux-2.6.32.1/drivers/infiniband/core/sysfs.c linux-2.6.32.1/drivers/infiniband/core/sysfs.c
23144 --- linux-2.6.32.1/drivers/infiniband/core/sysfs.c 2009-12-02 22:51:21.000000000 -0500
23145 +++ linux-2.6.32.1/drivers/infiniband/core/sysfs.c 2009-12-14 18:33:54.090967930 -0500
23146 @@ -79,7 +79,7 @@ static ssize_t port_attr_show(struct kob
23147 return port_attr->show(p, port_attr, buf);
23150 -static struct sysfs_ops port_sysfs_ops = {
23151 +static const struct sysfs_ops port_sysfs_ops = {
23152 .show = port_attr_show
23155 diff -urNp linux-2.6.32.1/drivers/input/keyboard/atkbd.c linux-2.6.32.1/drivers/input/keyboard/atkbd.c
23156 --- linux-2.6.32.1/drivers/input/keyboard/atkbd.c 2009-12-02 22:51:21.000000000 -0500
23157 +++ linux-2.6.32.1/drivers/input/keyboard/atkbd.c 2009-12-14 18:33:54.119950593 -0500
23158 @@ -1212,7 +1212,7 @@ static struct serio_device_id atkbd_seri
23160 .extra = SERIO_ANY,
23166 MODULE_DEVICE_TABLE(serio, atkbd_serio_ids);
23167 diff -urNp linux-2.6.32.1/drivers/input/mouse/lifebook.c linux-2.6.32.1/drivers/input/mouse/lifebook.c
23168 --- linux-2.6.32.1/drivers/input/mouse/lifebook.c 2009-12-02 22:51:21.000000000 -0500
23169 +++ linux-2.6.32.1/drivers/input/mouse/lifebook.c 2009-12-14 18:33:54.128740292 -0500
23170 @@ -115,7 +115,7 @@ static const struct dmi_system_id lifebo
23171 DMI_MATCH(DMI_PRODUCT_NAME, "LifeBook B142"),
23175 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
23178 static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
23179 diff -urNp linux-2.6.32.1/drivers/input/mouse/psmouse-base.c linux-2.6.32.1/drivers/input/mouse/psmouse-base.c
23180 --- linux-2.6.32.1/drivers/input/mouse/psmouse-base.c 2009-12-02 22:51:21.000000000 -0500
23181 +++ linux-2.6.32.1/drivers/input/mouse/psmouse-base.c 2009-12-14 18:33:54.140878695 -0500
23182 @@ -1407,7 +1407,7 @@ static struct serio_device_id psmouse_se
23184 .extra = SERIO_ANY,
23190 MODULE_DEVICE_TABLE(serio, psmouse_serio_ids);
23191 diff -urNp linux-2.6.32.1/drivers/input/mouse/synaptics.c linux-2.6.32.1/drivers/input/mouse/synaptics.c
23192 --- linux-2.6.32.1/drivers/input/mouse/synaptics.c 2009-12-02 22:51:21.000000000 -0500
23193 +++ linux-2.6.32.1/drivers/input/mouse/synaptics.c 2009-12-14 18:33:54.160959318 -0500
23194 @@ -437,7 +437,7 @@ static void synaptics_process_packet(str
23197 if (SYN_MODEL_PEN(priv->model_id))
23198 - ; /* Nothing, treat a pen as a single finger */
23199 + break; /* Nothing, treat a pen as a single finger */
23202 if (SYN_CAP_PALMDETECT(priv->capabilities))
23203 @@ -652,7 +652,6 @@ static const struct dmi_system_id toshib
23204 DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
23205 DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE M300"),
23210 .ident = "Toshiba Portege M300",
23211 @@ -661,9 +660,8 @@ static const struct dmi_system_id toshib
23212 DMI_MATCH(DMI_PRODUCT_NAME, "Portable PC"),
23213 DMI_MATCH(DMI_PRODUCT_VERSION, "Version 1.0"),
23218 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23222 diff -urNp linux-2.6.32.1/drivers/input/mousedev.c linux-2.6.32.1/drivers/input/mousedev.c
23223 --- linux-2.6.32.1/drivers/input/mousedev.c 2009-12-02 22:51:21.000000000 -0500
23224 +++ linux-2.6.32.1/drivers/input/mousedev.c 2009-12-14 18:33:54.205808151 -0500
23225 @@ -1057,7 +1057,7 @@ static struct input_handler mousedev_han
23227 #ifdef CONFIG_INPUT_MOUSEDEV_PSAUX
23228 static struct miscdevice psaux_mouse = {
23229 - PSMOUSE_MINOR, "psaux", &mousedev_fops
23230 + PSMOUSE_MINOR, "psaux", &mousedev_fops, {NULL, NULL}, NULL, NULL
23232 static int psaux_registered;
23234 diff -urNp linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h
23235 --- linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h 2009-12-02 22:51:21.000000000 -0500
23236 +++ linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h 2009-12-14 18:33:54.222735325 -0500
23237 @@ -167,7 +167,7 @@ static struct dmi_system_id __initdata i
23238 DMI_MATCH(DMI_PRODUCT_VERSION, "Rev 1"),
23242 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23246 @@ -401,7 +401,7 @@ static struct dmi_system_id __initdata i
23247 DMI_MATCH(DMI_PRODUCT_VERSION, "0100"),
23251 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23254 static struct dmi_system_id __initdata i8042_dmi_reset_table[] = {
23255 @@ -468,7 +468,7 @@ static struct dmi_system_id __initdata i
23256 DMI_MATCH(DMI_PRODUCT_NAME, "Vostro 1720"),
23260 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23264 @@ -487,7 +487,7 @@ static struct dmi_system_id __initdata i
23265 DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"),
23269 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23272 static struct dmi_system_id __initdata i8042_dmi_laptop_table[] = {
23273 @@ -515,7 +515,7 @@ static struct dmi_system_id __initdata i
23274 DMI_MATCH(DMI_CHASSIS_TYPE, "14"), /* Sub-Notebook */
23278 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23282 @@ -582,7 +582,7 @@ static struct dmi_system_id __initdata i
23283 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 4280"),
23287 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23290 #endif /* CONFIG_X86 */
23291 diff -urNp linux-2.6.32.1/drivers/input/serio/serio_raw.c linux-2.6.32.1/drivers/input/serio/serio_raw.c
23292 --- linux-2.6.32.1/drivers/input/serio/serio_raw.c 2009-12-02 22:51:21.000000000 -0500
23293 +++ linux-2.6.32.1/drivers/input/serio/serio_raw.c 2009-12-14 18:33:54.231961669 -0500
23294 @@ -377,7 +377,7 @@ static struct serio_device_id serio_raw_
23296 .extra = SERIO_ANY,
23302 MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
23303 diff -urNp linux-2.6.32.1/drivers/isdn/gigaset/common.c linux-2.6.32.1/drivers/isdn/gigaset/common.c
23304 --- linux-2.6.32.1/drivers/isdn/gigaset/common.c 2009-12-02 22:51:21.000000000 -0500
23305 +++ linux-2.6.32.1/drivers/isdn/gigaset/common.c 2009-12-14 18:33:54.250965221 -0500
23306 @@ -712,7 +712,7 @@ struct cardstate *gigaset_initcs(struct
23307 cs->commands_pending = 0;
23308 cs->cur_at_seq = 0;
23310 - cs->open_count = 0;
23311 + atomic_set(&cs->open_count, 0);
23314 cs->tty_dev = NULL;
23315 diff -urNp linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h
23316 --- linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h 2009-12-02 22:51:21.000000000 -0500
23317 +++ linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h 2009-12-14 18:33:54.271752322 -0500
23318 @@ -446,7 +446,7 @@ struct cardstate {
23319 spinlock_t cmdlock;
23320 unsigned curlen, cmdbytes;
23322 - unsigned open_count;
23323 + atomic_t open_count;
23324 struct tty_struct *tty;
23325 struct tasklet_struct if_wake_tasklet;
23326 unsigned control_state;
23327 diff -urNp linux-2.6.32.1/drivers/isdn/gigaset/interface.c linux-2.6.32.1/drivers/isdn/gigaset/interface.c
23328 --- linux-2.6.32.1/drivers/isdn/gigaset/interface.c 2009-12-02 22:51:21.000000000 -0500
23329 +++ linux-2.6.32.1/drivers/isdn/gigaset/interface.c 2009-12-14 18:33:54.279961033 -0500
23330 @@ -165,9 +165,7 @@ static int if_open(struct tty_struct *tt
23331 return -ERESTARTSYS; // FIXME -EINTR?
23332 tty->driver_data = cs;
23334 - ++cs->open_count;
23336 - if (cs->open_count == 1) {
23337 + if (atomic_inc_return(&cs->open_count) == 1) {
23338 spin_lock_irqsave(&cs->lock, flags);
23340 spin_unlock_irqrestore(&cs->lock, flags);
23341 @@ -195,10 +193,10 @@ static void if_close(struct tty_struct *
23343 if (!cs->connected)
23344 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23345 - else if (!cs->open_count)
23346 + else if (!atomic_read(&cs->open_count))
23347 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23349 - if (!--cs->open_count) {
23350 + if (!atomic_dec_return(&cs->open_count)) {
23351 spin_lock_irqsave(&cs->lock, flags);
23353 spin_unlock_irqrestore(&cs->lock, flags);
23354 @@ -233,7 +231,7 @@ static int if_ioctl(struct tty_struct *t
23355 if (!cs->connected) {
23356 gig_dbg(DEBUG_IF, "not connected");
23358 - } else if (!cs->open_count)
23359 + } else if (!atomic_read(&cs->open_count))
23360 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23363 @@ -361,7 +359,7 @@ static int if_write(struct tty_struct *t
23364 if (!cs->connected) {
23365 gig_dbg(DEBUG_IF, "not connected");
23367 - } else if (!cs->open_count)
23368 + } else if (!atomic_read(&cs->open_count))
23369 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23370 else if (cs->mstate != MS_LOCKED) {
23371 dev_warn(cs->dev, "can't write to unlocked device\n");
23372 @@ -395,7 +393,7 @@ static int if_write_room(struct tty_stru
23373 if (!cs->connected) {
23374 gig_dbg(DEBUG_IF, "not connected");
23376 - } else if (!cs->open_count)
23377 + } else if (!atomic_read(&cs->open_count))
23378 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23379 else if (cs->mstate != MS_LOCKED) {
23380 dev_warn(cs->dev, "can't write to unlocked device\n");
23381 @@ -425,7 +423,7 @@ static int if_chars_in_buffer(struct tty
23383 if (!cs->connected)
23384 gig_dbg(DEBUG_IF, "not connected");
23385 - else if (!cs->open_count)
23386 + else if (!atomic_read(&cs->open_count))
23387 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23388 else if (cs->mstate != MS_LOCKED)
23389 dev_warn(cs->dev, "can't write to unlocked device\n");
23390 @@ -453,7 +451,7 @@ static void if_throttle(struct tty_struc
23392 if (!cs->connected)
23393 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23394 - else if (!cs->open_count)
23395 + else if (!atomic_read(&cs->open_count))
23396 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23399 @@ -478,7 +476,7 @@ static void if_unthrottle(struct tty_str
23401 if (!cs->connected)
23402 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23403 - else if (!cs->open_count)
23404 + else if (!atomic_read(&cs->open_count))
23405 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23408 @@ -510,7 +508,7 @@ static void if_set_termios(struct tty_st
23412 - if (!cs->open_count) {
23413 + if (!atomic_read(&cs->open_count)) {
23414 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23417 diff -urNp linux-2.6.32.1/drivers/lguest/core.c linux-2.6.32.1/drivers/lguest/core.c
23418 --- linux-2.6.32.1/drivers/lguest/core.c 2009-12-02 22:51:21.000000000 -0500
23419 +++ linux-2.6.32.1/drivers/lguest/core.c 2009-12-14 18:33:54.292924242 -0500
23420 @@ -91,9 +91,17 @@ static __init int map_switcher(void)
23421 * it's worked so far. The end address needs +1 because __get_vm_area
23422 * allocates an extra guard page, so we need space for that.
23425 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
23426 + switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
23427 + VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
23428 + + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
23430 switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
23431 VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR
23432 + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
23435 if (!switcher_vma) {
23437 printk("lguest: could not map switcher pages high\n");
23438 diff -urNp linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c
23439 --- linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c 2009-12-02 22:51:21.000000000 -0500
23440 +++ linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c 2009-12-14 18:33:54.302875688 -0500
23443 #define MAX_PMU_LEVEL 0xFF
23445 -static struct backlight_ops pmu_backlight_data;
23446 +static const struct backlight_ops pmu_backlight_data;
23447 static DEFINE_SPINLOCK(pmu_backlight_lock);
23448 static int sleeping, uses_pmu_bl;
23449 static u8 bl_curve[FB_BACKLIGHT_LEVELS];
23450 @@ -115,7 +115,7 @@ static int pmu_backlight_get_brightness(
23451 return bd->props.brightness;
23454 -static struct backlight_ops pmu_backlight_data = {
23455 +static const struct backlight_ops pmu_backlight_data = {
23456 .get_brightness = pmu_backlight_get_brightness,
23457 .update_status = pmu_backlight_update_status,
23459 diff -urNp linux-2.6.32.1/drivers/macintosh/via-pmu.c linux-2.6.32.1/drivers/macintosh/via-pmu.c
23460 --- linux-2.6.32.1/drivers/macintosh/via-pmu.c 2009-12-02 22:51:21.000000000 -0500
23461 +++ linux-2.6.32.1/drivers/macintosh/via-pmu.c 2009-12-14 18:33:54.313973800 -0500
23462 @@ -2232,7 +2232,7 @@ static int pmu_sleep_valid(suspend_state
23463 && (pmac_call_feature(PMAC_FTR_SLEEP_STATE, NULL, 0, -1) >= 0);
23466 -static struct platform_suspend_ops pmu_pm_ops = {
23467 +static const struct platform_suspend_ops pmu_pm_ops = {
23468 .enter = powerbook_sleep,
23469 .valid = pmu_sleep_valid,
23471 diff -urNp linux-2.6.32.1/drivers/md/bitmap.c linux-2.6.32.1/drivers/md/bitmap.c
23472 --- linux-2.6.32.1/drivers/md/bitmap.c 2009-12-02 22:51:21.000000000 -0500
23473 +++ linux-2.6.32.1/drivers/md/bitmap.c 2009-12-14 18:33:54.330968642 -0500
23476 # define PRINTK(x...) printk(KERN_DEBUG x)
23478 -# define PRINTK(x...)
23479 +# define PRINTK(x...) do {} while (0)
23483 diff -urNp linux-2.6.32.1/drivers/md/dm-sysfs.c linux-2.6.32.1/drivers/md/dm-sysfs.c
23484 --- linux-2.6.32.1/drivers/md/dm-sysfs.c 2009-12-02 22:51:21.000000000 -0500
23485 +++ linux-2.6.32.1/drivers/md/dm-sysfs.c 2009-12-14 18:33:54.342792361 -0500
23486 @@ -75,7 +75,7 @@ static struct attribute *dm_attrs[] = {
23490 -static struct sysfs_ops dm_sysfs_ops = {
23491 +static const struct sysfs_ops dm_sysfs_ops = {
23492 .show = dm_attr_show,
23495 diff -urNp linux-2.6.32.1/drivers/md/dm-table.c linux-2.6.32.1/drivers/md/dm-table.c
23496 --- linux-2.6.32.1/drivers/md/dm-table.c 2009-12-02 22:51:21.000000000 -0500
23497 +++ linux-2.6.32.1/drivers/md/dm-table.c 2009-12-14 18:33:54.365795777 -0500
23498 @@ -359,7 +359,7 @@ static int device_area_is_invalid(struct
23502 - if ((start >= dev_size) || (start + len > dev_size)) {
23503 + if ((start >= dev_size) || (len > dev_size - start)) {
23504 DMWARN("%s: %s too small for target: "
23505 "start=%llu, len=%llu, dev_size=%llu",
23506 dm_device_name(ti->table->md), bdevname(bdev, b),
23507 diff -urNp linux-2.6.32.1/drivers/md/md.c linux-2.6.32.1/drivers/md/md.c
23508 --- linux-2.6.32.1/drivers/md/md.c 2009-12-02 22:51:21.000000000 -0500
23509 +++ linux-2.6.32.1/drivers/md/md.c 2009-12-14 18:33:54.386883422 -0500
23510 @@ -2505,7 +2505,7 @@ static void rdev_free(struct kobject *ko
23511 mdk_rdev_t *rdev = container_of(ko, mdk_rdev_t, kobj);
23514 -static struct sysfs_ops rdev_sysfs_ops = {
23515 +static const struct sysfs_ops rdev_sysfs_ops = {
23516 .show = rdev_attr_show,
23517 .store = rdev_attr_store,
23519 @@ -3875,7 +3875,7 @@ static void md_free(struct kobject *ko)
23523 -static struct sysfs_ops md_sysfs_ops = {
23524 +static const struct sysfs_ops md_sysfs_ops = {
23525 .show = md_attr_show,
23526 .store = md_attr_store,
23528 @@ -5997,7 +5997,7 @@ static int md_seq_show(struct seq_file *
23529 chunk_kb ? "KB" : "B");
23530 if (bitmap->file) {
23531 seq_printf(seq, ", file: ");
23532 - seq_path(seq, &bitmap->file->f_path, " \t\n");
23533 + seq_path(seq, &bitmap->file->f_path, " \t\n\\");
23536 seq_printf(seq, "\n");
23537 @@ -6091,7 +6091,7 @@ static int is_mddev_idle(mddev_t *mddev,
23538 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
23539 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
23540 (int)part_stat_read(&disk->part0, sectors[1]) -
23541 - atomic_read(&disk->sync_io);
23542 + atomic_read_unchecked(&disk->sync_io);
23543 /* sync IO will cause sync_io to increase before the disk_stats
23544 * as sync_io is counted when a request starts, and
23545 * disk_stats is counted when it completes.
23546 diff -urNp linux-2.6.32.1/drivers/md/md.h linux-2.6.32.1/drivers/md/md.h
23547 --- linux-2.6.32.1/drivers/md/md.h 2009-12-02 22:51:21.000000000 -0500
23548 +++ linux-2.6.32.1/drivers/md/md.h 2009-12-14 18:33:54.388809345 -0500
23549 @@ -303,7 +303,7 @@ static inline void rdev_dec_pending(mdk_
23551 static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
23553 - atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
23554 + atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
23557 struct mdk_personality
23558 diff -urNp linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c
23559 --- linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c 2009-12-02 22:51:21.000000000 -0500
23560 +++ linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c 2009-12-14 18:33:54.409940682 -0500
23561 @@ -191,6 +191,7 @@ int dvb_register_device(struct dvb_adapt
23562 const struct dvb_device *template, void *priv, int type)
23564 struct dvb_device *dvbdev;
23565 + /* cannot be const */
23566 struct file_operations *dvbdevfops;
23567 struct device *clsdev;
23569 diff -urNp linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c
23570 --- linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c 2009-12-02 22:51:21.000000000 -0500
23571 +++ linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c 2009-12-14 18:33:54.431094016 -0500
23572 @@ -225,7 +225,7 @@ static void konicawc_register_input(stru
23575 usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
23576 - strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23577 + strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23579 cam->input = input_dev = input_allocate_device();
23581 diff -urNp linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c
23582 --- linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c 2009-12-02 22:51:21.000000000 -0500
23583 +++ linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c 2009-12-14 18:33:54.442710420 -0500
23584 @@ -89,7 +89,7 @@ static void qcm_register_input(struct qc
23587 usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
23588 - strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23589 + strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23591 cam->input = input_dev = input_allocate_device();
23593 diff -urNp linux-2.6.32.1/drivers/message/i2o/i2o_proc.c linux-2.6.32.1/drivers/message/i2o/i2o_proc.c
23594 --- linux-2.6.32.1/drivers/message/i2o/i2o_proc.c 2009-12-02 22:51:21.000000000 -0500
23595 +++ linux-2.6.32.1/drivers/message/i2o/i2o_proc.c 2009-12-14 18:33:54.453974267 -0500
23596 @@ -259,13 +259,6 @@ static char *scsi_devices[] = {
23597 "Array Controller Device"
23600 -static char *chtostr(u8 * chars, int n)
23604 - return strncat(tmp, (char *)chars, n);
23607 static int i2o_report_query_status(struct seq_file *seq, int block_status,
23610 @@ -842,8 +835,7 @@ static int i2o_seq_show_ddm_table(struct
23612 seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id);
23613 seq_printf(seq, "%-#8x", ddm_table.module_id);
23614 - seq_printf(seq, "%-29s",
23615 - chtostr(ddm_table.module_name_version, 28));
23616 + seq_printf(seq, "%-.28s", ddm_table.module_name_version);
23617 seq_printf(seq, "%9d ", ddm_table.data_size);
23618 seq_printf(seq, "%8d", ddm_table.code_size);
23620 @@ -944,8 +936,8 @@ static int i2o_seq_show_drivers_stored(s
23622 seq_printf(seq, "%-#7x", dst->i2o_vendor_id);
23623 seq_printf(seq, "%-#8x", dst->module_id);
23624 - seq_printf(seq, "%-29s", chtostr(dst->module_name_version, 28));
23625 - seq_printf(seq, "%-9s", chtostr(dst->date, 8));
23626 + seq_printf(seq, "%-.28s", dst->module_name_version);
23627 + seq_printf(seq, "%-.8s", dst->date);
23628 seq_printf(seq, "%8d ", dst->module_size);
23629 seq_printf(seq, "%8d ", dst->mpb_size);
23630 seq_printf(seq, "0x%04x", dst->module_flags);
23631 @@ -1276,14 +1268,10 @@ static int i2o_seq_show_dev_identity(str
23632 seq_printf(seq, "Device Class : %s\n", i2o_get_class_name(work16[0]));
23633 seq_printf(seq, "Owner TID : %0#5x\n", work16[2]);
23634 seq_printf(seq, "Parent TID : %0#5x\n", work16[3]);
23635 - seq_printf(seq, "Vendor info : %s\n",
23636 - chtostr((u8 *) (work32 + 2), 16));
23637 - seq_printf(seq, "Product info : %s\n",
23638 - chtostr((u8 *) (work32 + 6), 16));
23639 - seq_printf(seq, "Description : %s\n",
23640 - chtostr((u8 *) (work32 + 10), 16));
23641 - seq_printf(seq, "Product rev. : %s\n",
23642 - chtostr((u8 *) (work32 + 14), 8));
23643 + seq_printf(seq, "Vendor info : %.16s\n", (u8 *) (work32 + 2));
23644 + seq_printf(seq, "Product info : %.16s\n", (u8 *) (work32 + 6));
23645 + seq_printf(seq, "Description : %.16s\n", (u8 *) (work32 + 10));
23646 + seq_printf(seq, "Product rev. : %.8s\n", (u8 *) (work32 + 14));
23648 seq_printf(seq, "Serial number : ");
23649 print_serial_number(seq, (u8 *) (work32 + 16),
23650 @@ -1328,10 +1316,8 @@ static int i2o_seq_show_ddm_identity(str
23653 seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid);
23654 - seq_printf(seq, "Module name : %s\n",
23655 - chtostr(result.module_name, 24));
23656 - seq_printf(seq, "Module revision : %s\n",
23657 - chtostr(result.module_rev, 8));
23658 + seq_printf(seq, "Module name : %.24s\n", result.module_name);
23659 + seq_printf(seq, "Module revision : %.8s\n", result.module_rev);
23661 seq_printf(seq, "Serial number : ");
23662 print_serial_number(seq, result.serial_number, sizeof(result) - 36);
23663 @@ -1362,14 +1348,10 @@ static int i2o_seq_show_uinfo(struct seq
23667 - seq_printf(seq, "Device name : %s\n",
23668 - chtostr(result.device_name, 64));
23669 - seq_printf(seq, "Service name : %s\n",
23670 - chtostr(result.service_name, 64));
23671 - seq_printf(seq, "Physical name : %s\n",
23672 - chtostr(result.physical_location, 64));
23673 - seq_printf(seq, "Instance number : %s\n",
23674 - chtostr(result.instance_number, 4));
23675 + seq_printf(seq, "Device name : %.64s\n", result.device_name);
23676 + seq_printf(seq, "Service name : %.64s\n", result.service_name);
23677 + seq_printf(seq, "Physical name : %.64s\n", result.physical_location);
23678 + seq_printf(seq, "Instance number : %.4s\n", result.instance_number);
23682 diff -urNp linux-2.6.32.1/drivers/misc/kgdbts.c linux-2.6.32.1/drivers/misc/kgdbts.c
23683 --- linux-2.6.32.1/drivers/misc/kgdbts.c 2009-12-02 22:51:21.000000000 -0500
23684 +++ linux-2.6.32.1/drivers/misc/kgdbts.c 2009-12-14 18:33:54.463717800 -0500
23685 @@ -118,7 +118,7 @@
23687 #define MAX_CONFIG_LEN 40
23689 -static struct kgdb_io kgdbts_io_ops;
23690 +static const struct kgdb_io kgdbts_io_ops;
23691 static char get_buf[BUFMAX];
23692 static int get_buf_cnt;
23693 static char put_buf[BUFMAX];
23694 @@ -1102,7 +1102,7 @@ static void kgdbts_post_exp_handler(void
23695 module_put(THIS_MODULE);
23698 -static struct kgdb_io kgdbts_io_ops = {
23699 +static const struct kgdb_io kgdbts_io_ops = {
23701 .read_char = kgdbts_get_char,
23702 .write_char = kgdbts_put_char,
23703 diff -urNp linux-2.6.32.1/drivers/mtd/devices/doc2000.c linux-2.6.32.1/drivers/mtd/devices/doc2000.c
23704 --- linux-2.6.32.1/drivers/mtd/devices/doc2000.c 2009-12-02 22:51:21.000000000 -0500
23705 +++ linux-2.6.32.1/drivers/mtd/devices/doc2000.c 2009-12-14 18:33:54.472983018 -0500
23706 @@ -776,7 +776,7 @@ static int doc_write(struct mtd_info *mt
23708 /* The ECC will not be calculated correctly if less than 512 is written */
23710 - if (len != 0x200 && eccbuf)
23711 + if (len != 0x200)
23712 printk(KERN_WARNING
23713 "ECC needs a full sector write (adr: %lx size %lx)\n",
23714 (long) to, (long) len);
23715 diff -urNp linux-2.6.32.1/drivers/mtd/devices/doc2001.c linux-2.6.32.1/drivers/mtd/devices/doc2001.c
23716 --- linux-2.6.32.1/drivers/mtd/devices/doc2001.c 2009-12-02 22:51:21.000000000 -0500
23717 +++ linux-2.6.32.1/drivers/mtd/devices/doc2001.c 2009-12-14 18:33:54.488932859 -0500
23718 @@ -395,6 +395,8 @@ static int doc_read (struct mtd_info *mt
23719 /* Don't allow read past end of device */
23720 if (from >= this->totlen)
23725 /* Don't allow a single read to cross a 512-byte block boundary */
23726 if (from + len > ((from | 0x1ff) + 1))
23727 diff -urNp linux-2.6.32.1/drivers/mtd/ubi/build.c linux-2.6.32.1/drivers/mtd/ubi/build.c
23728 --- linux-2.6.32.1/drivers/mtd/ubi/build.c 2009-12-02 22:51:21.000000000 -0500
23729 +++ linux-2.6.32.1/drivers/mtd/ubi/build.c 2009-12-14 18:33:54.535765236 -0500
23730 @@ -1255,7 +1255,7 @@ module_exit(ubi_exit);
23731 static int __init bytes_str_to_int(const char *str)
23734 - unsigned long result;
23735 + unsigned long result, scale = 1;
23737 result = simple_strtoul(str, &endp, 0);
23738 if (str == endp || result >= INT_MAX) {
23739 @@ -1266,11 +1266,11 @@ static int __init bytes_str_to_int(const
23751 if (endp[1] == 'i' && endp[2] == 'B')
23754 @@ -1281,7 +1281,13 @@ static int __init bytes_str_to_int(const
23759 + if ((intoverflow_t)result*scale >= INT_MAX) {
23760 + printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
23765 + return result*scale;
23769 diff -urNp linux-2.6.32.1/drivers/net/e1000e/82571.c linux-2.6.32.1/drivers/net/e1000e/82571.c
23770 --- linux-2.6.32.1/drivers/net/e1000e/82571.c 2009-12-02 22:51:21.000000000 -0500
23771 +++ linux-2.6.32.1/drivers/net/e1000e/82571.c 2009-12-14 18:33:54.554992954 -0500
23772 @@ -212,6 +212,7 @@ static s32 e1000_init_mac_params_82571(s
23774 struct e1000_hw *hw = &adapter->hw;
23775 struct e1000_mac_info *mac = &hw->mac;
23776 + /* cannot be const */
23777 struct e1000_mac_operations *func = &mac->ops;
23780 @@ -1656,7 +1657,7 @@ static void e1000_clear_hw_cntrs_82571(s
23781 temp = er32(ICRXDMTC);
23784 -static struct e1000_mac_operations e82571_mac_ops = {
23785 +static const struct e1000_mac_operations e82571_mac_ops = {
23786 /* .check_mng_mode: mac type dependent */
23787 /* .check_for_link: media type dependent */
23788 .id_led_init = e1000e_id_led_init,
23789 @@ -1674,7 +1675,7 @@ static struct e1000_mac_operations e8257
23790 .setup_led = e1000e_setup_led_generic,
23793 -static struct e1000_phy_operations e82_phy_ops_igp = {
23794 +static const struct e1000_phy_operations e82_phy_ops_igp = {
23795 .acquire_phy = e1000_get_hw_semaphore_82571,
23796 .check_reset_block = e1000e_check_reset_block_generic,
23797 .commit_phy = NULL,
23798 @@ -1691,7 +1692,7 @@ static struct e1000_phy_operations e82_p
23799 .cfg_on_link_up = NULL,
23802 -static struct e1000_phy_operations e82_phy_ops_m88 = {
23803 +static const struct e1000_phy_operations e82_phy_ops_m88 = {
23804 .acquire_phy = e1000_get_hw_semaphore_82571,
23805 .check_reset_block = e1000e_check_reset_block_generic,
23806 .commit_phy = e1000e_phy_sw_reset,
23807 @@ -1708,7 +1709,7 @@ static struct e1000_phy_operations e82_p
23808 .cfg_on_link_up = NULL,
23811 -static struct e1000_phy_operations e82_phy_ops_bm = {
23812 +static const struct e1000_phy_operations e82_phy_ops_bm = {
23813 .acquire_phy = e1000_get_hw_semaphore_82571,
23814 .check_reset_block = e1000e_check_reset_block_generic,
23815 .commit_phy = e1000e_phy_sw_reset,
23816 @@ -1725,7 +1726,7 @@ static struct e1000_phy_operations e82_p
23817 .cfg_on_link_up = NULL,
23820 -static struct e1000_nvm_operations e82571_nvm_ops = {
23821 +static const struct e1000_nvm_operations e82571_nvm_ops = {
23822 .acquire_nvm = e1000_acquire_nvm_82571,
23823 .read_nvm = e1000e_read_nvm_eerd,
23824 .release_nvm = e1000_release_nvm_82571,
23825 diff -urNp linux-2.6.32.1/drivers/net/e1000e/e1000.h linux-2.6.32.1/drivers/net/e1000e/e1000.h
23826 --- linux-2.6.32.1/drivers/net/e1000e/e1000.h 2009-12-02 22:51:21.000000000 -0500
23827 +++ linux-2.6.32.1/drivers/net/e1000e/e1000.h 2009-12-14 18:33:54.558819487 -0500
23828 @@ -375,9 +375,9 @@ struct e1000_info {
23830 u32 max_hw_frame_size;
23831 s32 (*get_variants)(struct e1000_adapter *);
23832 - struct e1000_mac_operations *mac_ops;
23833 - struct e1000_phy_operations *phy_ops;
23834 - struct e1000_nvm_operations *nvm_ops;
23835 + const struct e1000_mac_operations *mac_ops;
23836 + const struct e1000_phy_operations *phy_ops;
23837 + const struct e1000_nvm_operations *nvm_ops;
23840 /* hardware capability, feature, and workaround flags */
23841 diff -urNp linux-2.6.32.1/drivers/net/e1000e/es2lan.c linux-2.6.32.1/drivers/net/e1000e/es2lan.c
23842 --- linux-2.6.32.1/drivers/net/e1000e/es2lan.c 2009-12-02 22:51:21.000000000 -0500
23843 +++ linux-2.6.32.1/drivers/net/e1000e/es2lan.c 2009-12-14 18:33:54.568711876 -0500
23844 @@ -207,6 +207,7 @@ static s32 e1000_init_mac_params_80003es
23846 struct e1000_hw *hw = &adapter->hw;
23847 struct e1000_mac_info *mac = &hw->mac;
23848 + /* cannot be const */
23849 struct e1000_mac_operations *func = &mac->ops;
23851 /* Set media type */
23852 @@ -1365,7 +1366,7 @@ static void e1000_clear_hw_cntrs_80003es
23853 temp = er32(ICRXDMTC);
23856 -static struct e1000_mac_operations es2_mac_ops = {
23857 +static const struct e1000_mac_operations es2_mac_ops = {
23858 .id_led_init = e1000e_id_led_init,
23859 .check_mng_mode = e1000e_check_mng_mode_generic,
23860 /* check_for_link dependent on media type */
23861 @@ -1383,7 +1384,7 @@ static struct e1000_mac_operations es2_m
23862 .setup_led = e1000e_setup_led_generic,
23865 -static struct e1000_phy_operations es2_phy_ops = {
23866 +static const struct e1000_phy_operations es2_phy_ops = {
23867 .acquire_phy = e1000_acquire_phy_80003es2lan,
23868 .check_reset_block = e1000e_check_reset_block_generic,
23869 .commit_phy = e1000e_phy_sw_reset,
23870 @@ -1400,7 +1401,7 @@ static struct e1000_phy_operations es2_p
23871 .cfg_on_link_up = e1000_cfg_on_link_up_80003es2lan,
23874 -static struct e1000_nvm_operations es2_nvm_ops = {
23875 +static const struct e1000_nvm_operations es2_nvm_ops = {
23876 .acquire_nvm = e1000_acquire_nvm_80003es2lan,
23877 .read_nvm = e1000e_read_nvm_eerd,
23878 .release_nvm = e1000_release_nvm_80003es2lan,
23879 diff -urNp linux-2.6.32.1/drivers/net/e1000e/hw.h linux-2.6.32.1/drivers/net/e1000e/hw.h
23880 --- linux-2.6.32.1/drivers/net/e1000e/hw.h 2009-12-02 22:51:21.000000000 -0500
23881 +++ linux-2.6.32.1/drivers/net/e1000e/hw.h 2009-12-14 18:33:54.574854371 -0500
23882 @@ -755,34 +755,34 @@ struct e1000_mac_operations {
23884 /* Function pointers for the PHY. */
23885 struct e1000_phy_operations {
23886 - s32 (*acquire_phy)(struct e1000_hw *);
23887 - s32 (*check_polarity)(struct e1000_hw *);
23888 - s32 (*check_reset_block)(struct e1000_hw *);
23889 - s32 (*commit_phy)(struct e1000_hw *);
23890 - s32 (*force_speed_duplex)(struct e1000_hw *);
23891 - s32 (*get_cfg_done)(struct e1000_hw *hw);
23892 - s32 (*get_cable_length)(struct e1000_hw *);
23893 - s32 (*get_phy_info)(struct e1000_hw *);
23894 - s32 (*read_phy_reg)(struct e1000_hw *, u32, u16 *);
23895 - s32 (*read_phy_reg_locked)(struct e1000_hw *, u32, u16 *);
23896 - void (*release_phy)(struct e1000_hw *);
23897 - s32 (*reset_phy)(struct e1000_hw *);
23898 - s32 (*set_d0_lplu_state)(struct e1000_hw *, bool);
23899 - s32 (*set_d3_lplu_state)(struct e1000_hw *, bool);
23900 - s32 (*write_phy_reg)(struct e1000_hw *, u32, u16);
23901 - s32 (*write_phy_reg_locked)(struct e1000_hw *, u32, u16);
23902 - s32 (*cfg_on_link_up)(struct e1000_hw *);
23903 + s32 (* acquire_phy)(struct e1000_hw *);
23904 + s32 (* check_polarity)(struct e1000_hw *);
23905 + s32 (* check_reset_block)(struct e1000_hw *);
23906 + s32 (* commit_phy)(struct e1000_hw *);
23907 + s32 (* force_speed_duplex)(struct e1000_hw *);
23908 + s32 (* get_cfg_done)(struct e1000_hw *hw);
23909 + s32 (* get_cable_length)(struct e1000_hw *);
23910 + s32 (* get_phy_info)(struct e1000_hw *);
23911 + s32 (* read_phy_reg)(struct e1000_hw *, u32, u16 *);
23912 + s32 (* read_phy_reg_locked)(struct e1000_hw *, u32, u16 *);
23913 + void (* release_phy)(struct e1000_hw *);
23914 + s32 (* reset_phy)(struct e1000_hw *);
23915 + s32 (* set_d0_lplu_state)(struct e1000_hw *, bool);
23916 + s32 (* set_d3_lplu_state)(struct e1000_hw *, bool);
23917 + s32 (* write_phy_reg)(struct e1000_hw *, u32, u16);
23918 + s32 (* write_phy_reg_locked)(struct e1000_hw *, u32, u16);
23919 + s32 (* cfg_on_link_up)(struct e1000_hw *);
23922 /* Function pointers for the NVM. */
23923 struct e1000_nvm_operations {
23924 - s32 (*acquire_nvm)(struct e1000_hw *);
23925 - s32 (*read_nvm)(struct e1000_hw *, u16, u16, u16 *);
23926 - void (*release_nvm)(struct e1000_hw *);
23927 - s32 (*update_nvm)(struct e1000_hw *);
23928 - s32 (*valid_led_default)(struct e1000_hw *, u16 *);
23929 - s32 (*validate_nvm)(struct e1000_hw *);
23930 - s32 (*write_nvm)(struct e1000_hw *, u16, u16, u16 *);
23931 + s32 (* const acquire_nvm)(struct e1000_hw *);
23932 + s32 (* const read_nvm)(struct e1000_hw *, u16, u16, u16 *);
23933 + void (* const release_nvm)(struct e1000_hw *);
23934 + s32 (* const update_nvm)(struct e1000_hw *);
23935 + s32 (* const valid_led_default)(struct e1000_hw *, u16 *);
23936 + s32 (* const validate_nvm)(struct e1000_hw *);
23937 + s32 (* const write_nvm)(struct e1000_hw *, u16, u16, u16 *);
23940 struct e1000_mac_info {
23941 @@ -856,7 +856,7 @@ struct e1000_phy_info {
23944 struct e1000_nvm_info {
23945 - struct e1000_nvm_operations ops;
23946 + const struct e1000_nvm_operations ops;
23948 enum e1000_nvm_type type;
23949 enum e1000_nvm_override override;
23950 diff -urNp linux-2.6.32.1/drivers/net/e1000e/ich8lan.c linux-2.6.32.1/drivers/net/e1000e/ich8lan.c
23951 --- linux-2.6.32.1/drivers/net/e1000e/ich8lan.c 2009-12-02 22:51:21.000000000 -0500
23952 +++ linux-2.6.32.1/drivers/net/e1000e/ich8lan.c 2009-12-14 18:33:54.613837127 -0500
23953 @@ -3451,7 +3451,7 @@ static void e1000_clear_hw_cntrs_ich8lan
23957 -static struct e1000_mac_operations ich8_mac_ops = {
23958 +static const struct e1000_mac_operations ich8_mac_ops = {
23959 .id_led_init = e1000e_id_led_init,
23960 .check_mng_mode = e1000_check_mng_mode_ich8lan,
23961 .check_for_link = e1000_check_for_copper_link_ich8lan,
23962 @@ -3469,7 +3469,7 @@ static struct e1000_mac_operations ich8_
23963 /* id_led_init dependent on mac type */
23966 -static struct e1000_phy_operations ich8_phy_ops = {
23967 +static const struct e1000_phy_operations ich8_phy_ops = {
23968 .acquire_phy = e1000_acquire_swflag_ich8lan,
23969 .check_reset_block = e1000_check_reset_block_ich8lan,
23970 .commit_phy = NULL,
23971 @@ -3485,7 +3485,7 @@ static struct e1000_phy_operations ich8_
23972 .write_phy_reg = e1000e_write_phy_reg_igp,
23975 -static struct e1000_nvm_operations ich8_nvm_ops = {
23976 +static const struct e1000_nvm_operations ich8_nvm_ops = {
23977 .acquire_nvm = e1000_acquire_nvm_ich8lan,
23978 .read_nvm = e1000_read_nvm_ich8lan,
23979 .release_nvm = e1000_release_nvm_ich8lan,
23980 diff -urNp linux-2.6.32.1/drivers/net/ibmveth.c linux-2.6.32.1/drivers/net/ibmveth.c
23981 --- linux-2.6.32.1/drivers/net/ibmveth.c 2009-12-02 22:51:21.000000000 -0500
23982 +++ linux-2.6.32.1/drivers/net/ibmveth.c 2009-12-14 18:33:54.635712840 -0500
23983 @@ -1577,7 +1577,7 @@ static struct attribute * veth_pool_attr
23987 -static struct sysfs_ops veth_pool_ops = {
23988 +static const struct sysfs_ops veth_pool_ops = {
23989 .show = veth_pool_show,
23990 .store = veth_pool_store,
23992 diff -urNp linux-2.6.32.1/drivers/net/igb/e1000_82575.c linux-2.6.32.1/drivers/net/igb/e1000_82575.c
23993 --- linux-2.6.32.1/drivers/net/igb/e1000_82575.c 2009-12-02 22:51:21.000000000 -0500
23994 +++ linux-2.6.32.1/drivers/net/igb/e1000_82575.c 2009-12-14 18:33:54.645995272 -0500
23995 @@ -1400,7 +1400,7 @@ void igb_vmdq_set_replication_pf(struct
23996 wr32(E1000_VT_CTL, vt_ctl);
23999 -static struct e1000_mac_operations e1000_mac_ops_82575 = {
24000 +static const struct e1000_mac_operations e1000_mac_ops_82575 = {
24001 .reset_hw = igb_reset_hw_82575,
24002 .init_hw = igb_init_hw_82575,
24003 .check_for_link = igb_check_for_link_82575,
24004 @@ -1409,13 +1409,13 @@ static struct e1000_mac_operations e1000
24005 .get_speed_and_duplex = igb_get_speed_and_duplex_copper,
24008 -static struct e1000_phy_operations e1000_phy_ops_82575 = {
24009 +static const struct e1000_phy_operations e1000_phy_ops_82575 = {
24010 .acquire = igb_acquire_phy_82575,
24011 .get_cfg_done = igb_get_cfg_done_82575,
24012 .release = igb_release_phy_82575,
24015 -static struct e1000_nvm_operations e1000_nvm_ops_82575 = {
24016 +static const struct e1000_nvm_operations e1000_nvm_ops_82575 = {
24017 .acquire = igb_acquire_nvm_82575,
24018 .read = igb_read_nvm_eerd,
24019 .release = igb_release_nvm_82575,
24020 diff -urNp linux-2.6.32.1/drivers/net/igb/e1000_hw.h linux-2.6.32.1/drivers/net/igb/e1000_hw.h
24021 --- linux-2.6.32.1/drivers/net/igb/e1000_hw.h 2009-12-02 22:51:21.000000000 -0500
24022 +++ linux-2.6.32.1/drivers/net/igb/e1000_hw.h 2009-12-14 18:33:54.647922615 -0500
24023 @@ -302,17 +302,17 @@ struct e1000_phy_operations {
24026 struct e1000_nvm_operations {
24027 - s32 (*acquire)(struct e1000_hw *);
24028 - s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
24029 - void (*release)(struct e1000_hw *);
24030 - s32 (*write)(struct e1000_hw *, u16, u16, u16 *);
24031 + s32 (* const acquire)(struct e1000_hw *);
24032 + s32 (* const read)(struct e1000_hw *, u16, u16, u16 *);
24033 + void (* const release)(struct e1000_hw *);
24034 + s32 (* const write)(struct e1000_hw *, u16, u16, u16 *);
24037 struct e1000_info {
24038 s32 (*get_invariants)(struct e1000_hw *);
24039 - struct e1000_mac_operations *mac_ops;
24040 - struct e1000_phy_operations *phy_ops;
24041 - struct e1000_nvm_operations *nvm_ops;
24042 + const struct e1000_mac_operations *mac_ops;
24043 + const struct e1000_phy_operations *phy_ops;
24044 + const struct e1000_nvm_operations *nvm_ops;
24047 extern const struct e1000_info e1000_82575_info;
24048 @@ -397,7 +397,7 @@ struct e1000_phy_info {
24051 struct e1000_nvm_info {
24052 - struct e1000_nvm_operations ops;
24053 + const struct e1000_nvm_operations ops;
24055 enum e1000_nvm_type type;
24056 enum e1000_nvm_override override;
24057 diff -urNp linux-2.6.32.1/drivers/net/irda/vlsi_ir.c linux-2.6.32.1/drivers/net/irda/vlsi_ir.c
24058 --- linux-2.6.32.1/drivers/net/irda/vlsi_ir.c 2009-12-02 22:51:21.000000000 -0500
24059 +++ linux-2.6.32.1/drivers/net/irda/vlsi_ir.c 2009-12-14 18:33:54.675752420 -0500
24060 @@ -907,13 +907,12 @@ static netdev_tx_t vlsi_hard_start_xmit(
24061 /* no race - tx-ring already empty */
24062 vlsi_set_baud(idev, iobase);
24063 netif_wake_queue(ndev);
24068 /* keep the speed change pending like it would
24069 * for any len>0 packet. tx completion interrupt
24070 * will apply it when the tx ring becomes empty.
24073 spin_unlock_irqrestore(&idev->lock, flags);
24074 dev_kfree_skb_any(skb);
24075 return NETDEV_TX_OK;
24076 diff -urNp linux-2.6.32.1/drivers/net/iseries_veth.c linux-2.6.32.1/drivers/net/iseries_veth.c
24077 --- linux-2.6.32.1/drivers/net/iseries_veth.c 2009-12-02 22:51:21.000000000 -0500
24078 +++ linux-2.6.32.1/drivers/net/iseries_veth.c 2009-12-14 18:33:54.725001471 -0500
24079 @@ -384,7 +384,7 @@ static struct attribute *veth_cnx_defaul
24083 -static struct sysfs_ops veth_cnx_sysfs_ops = {
24084 +static const struct sysfs_ops veth_cnx_sysfs_ops = {
24085 .show = veth_cnx_attribute_show
24088 @@ -441,7 +441,7 @@ static struct attribute *veth_port_defau
24092 -static struct sysfs_ops veth_port_sysfs_ops = {
24093 +static const struct sysfs_ops veth_port_sysfs_ops = {
24094 .show = veth_port_attribute_show
24097 diff -urNp linux-2.6.32.1/drivers/net/pcnet32.c linux-2.6.32.1/drivers/net/pcnet32.c
24098 --- linux-2.6.32.1/drivers/net/pcnet32.c 2009-12-02 22:51:21.000000000 -0500
24099 +++ linux-2.6.32.1/drivers/net/pcnet32.c 2009-12-14 18:33:54.740854853 -0500
24100 @@ -79,7 +79,7 @@ static int cards_found;
24102 * VLB I/O addresses
24104 -static unsigned int pcnet32_portlist[] __initdata =
24105 +static unsigned int pcnet32_portlist[] __devinitdata =
24106 { 0x300, 0x320, 0x340, 0x360, 0 };
24108 static int pcnet32_debug = 0;
24109 diff -urNp linux-2.6.32.1/drivers/net/tg3.h linux-2.6.32.1/drivers/net/tg3.h
24110 --- linux-2.6.32.1/drivers/net/tg3.h 2009-12-02 22:51:21.000000000 -0500
24111 +++ linux-2.6.32.1/drivers/net/tg3.h 2009-12-14 18:33:54.763788650 -0500
24113 #define CHIPREV_ID_5750_A0 0x4000
24114 #define CHIPREV_ID_5750_A1 0x4001
24115 #define CHIPREV_ID_5750_A3 0x4003
24116 +#define CHIPREV_ID_5750_C1 0x4201
24117 #define CHIPREV_ID_5750_C2 0x4202
24118 #define CHIPREV_ID_5752_A0_HW 0x5000
24119 #define CHIPREV_ID_5752_A0 0x6000
24120 diff -urNp linux-2.6.32.1/drivers/net/usb/hso.c linux-2.6.32.1/drivers/net/usb/hso.c
24121 --- linux-2.6.32.1/drivers/net/usb/hso.c 2009-12-02 22:51:21.000000000 -0500
24122 +++ linux-2.6.32.1/drivers/net/usb/hso.c 2009-12-14 18:33:54.775796419 -0500
24123 @@ -258,7 +258,7 @@ struct hso_serial {
24125 /* from usb_serial_port */
24126 struct tty_struct *tty;
24128 + atomic_t open_count;
24129 spinlock_t serial_lock;
24131 int (*write_data) (struct hso_serial *serial);
24132 @@ -1180,7 +1180,7 @@ static void put_rxbuf_data_and_resubmit_
24135 urb = serial->rx_urb[0];
24136 - if (serial->open_count > 0) {
24137 + if (atomic_read(&serial->open_count) > 0) {
24138 count = put_rxbuf_data(urb, serial);
24141 @@ -1216,7 +1216,7 @@ static void hso_std_serial_read_bulk_cal
24142 DUMP1(urb->transfer_buffer, urb->actual_length);
24144 /* Anyone listening? */
24145 - if (serial->open_count == 0)
24146 + if (atomic_read(&serial->open_count) == 0)
24150 @@ -1311,8 +1311,7 @@ static int hso_serial_open(struct tty_st
24151 spin_unlock_irq(&serial->serial_lock);
24153 /* check for port already opened, if not set the termios */
24154 - serial->open_count++;
24155 - if (serial->open_count == 1) {
24156 + if (atomic_inc_return(&serial->open_count) == 1) {
24157 tty->low_latency = 1;
24158 serial->rx_state = RX_IDLE;
24159 /* Force default termio settings */
24160 @@ -1325,7 +1324,7 @@ static int hso_serial_open(struct tty_st
24161 result = hso_start_serial_device(serial->parent, GFP_KERNEL);
24163 hso_stop_serial_device(serial->parent);
24164 - serial->open_count--;
24165 + atomic_dec(&serial->open_count);
24166 kref_put(&serial->parent->ref, hso_serial_ref_free);
24169 @@ -1362,10 +1361,10 @@ static void hso_serial_close(struct tty_
24171 /* reset the rts and dtr */
24172 /* do the actual close */
24173 - serial->open_count--;
24174 + atomic_dec(&serial->open_count);
24176 - if (serial->open_count <= 0) {
24177 - serial->open_count = 0;
24178 + if (atomic_read(&serial->open_count) <= 0) {
24179 + atomic_set(&serial->open_count, 0);
24180 spin_lock_irq(&serial->serial_lock);
24181 if (serial->tty == tty) {
24182 serial->tty->driver_data = NULL;
24183 @@ -1447,7 +1446,7 @@ static void hso_serial_set_termios(struc
24185 /* the actual setup */
24186 spin_lock_irqsave(&serial->serial_lock, flags);
24187 - if (serial->open_count)
24188 + if (atomic_read(&serial->open_count))
24189 _hso_serial_set_termios(tty, old);
24191 tty->termios = old;
24192 @@ -3095,7 +3094,7 @@ static int hso_resume(struct usb_interfa
24193 /* Start all serial ports */
24194 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
24195 if (serial_table[i] && (serial_table[i]->interface == iface)) {
24196 - if (dev2ser(serial_table[i])->open_count) {
24197 + if (atomic_read(&dev2ser(serial_table[i])->open_count)) {
24199 hso_start_serial_device(serial_table[i], GFP_NOIO);
24200 hso_kick_transmit(dev2ser(serial_table[i]));
24201 diff -urNp linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c
24202 --- linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c 2009-12-02 22:51:21.000000000 -0500
24203 +++ linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c 2009-12-14 18:33:54.787830196 -0500
24204 @@ -43,7 +43,7 @@ static struct dentry *rootdir;
24205 struct b43_debugfs_fops {
24206 ssize_t (*read)(struct b43_wldev *dev, char *buf, size_t bufsize);
24207 int (*write)(struct b43_wldev *dev, const char *buf, size_t count);
24208 - struct file_operations fops;
24209 + const struct file_operations fops;
24210 /* Offset of struct b43_dfs_file in struct b43_dfsentry */
24211 size_t file_struct_offset;
24213 diff -urNp linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c
24214 --- linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c 2009-12-02 22:51:21.000000000 -0500
24215 +++ linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c 2009-12-14 18:33:54.798021293 -0500
24216 @@ -44,7 +44,7 @@ static struct dentry *rootdir;
24217 struct b43legacy_debugfs_fops {
24218 ssize_t (*read)(struct b43legacy_wldev *dev, char *buf, size_t bufsize);
24219 int (*write)(struct b43legacy_wldev *dev, const char *buf, size_t count);
24220 - struct file_operations fops;
24221 + const struct file_operations fops;
24222 /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */
24223 size_t file_struct_offset;
24224 /* Take wl->irq_lock before calling read/write? */
24225 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c
24226 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c 2009-12-02 22:51:21.000000000 -0500
24227 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c 2009-12-14 18:33:54.803959723 -0500
24228 @@ -137,7 +137,7 @@ static struct iwl_lib_ops iwl1000_lib =
24232 -static struct iwl_ops iwl1000_ops = {
24233 +static const struct iwl_ops iwl1000_ops = {
24234 .ucode = &iwl5000_ucode,
24235 .lib = &iwl1000_lib,
24236 .hcmd = &iwl5000_hcmd,
24237 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c
24238 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c 2009-12-02 22:51:21.000000000 -0500
24239 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c 2009-12-14 18:33:54.847028145 -0500
24240 @@ -2876,7 +2876,7 @@ static struct iwl_hcmd_utils_ops iwl3945
24241 .build_addsta_hcmd = iwl3945_build_addsta_hcmd,
24244 -static struct iwl_ops iwl3945_ops = {
24245 +static const struct iwl_ops iwl3945_ops = {
24246 .ucode = &iwl3945_ucode,
24247 .lib = &iwl3945_lib,
24248 .hcmd = &iwl3945_hcmd,
24249 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c
24250 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c 2009-12-02 22:51:21.000000000 -0500
24251 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c 2009-12-14 18:33:54.862730732 -0500
24252 @@ -2335,7 +2335,7 @@ static struct iwl_lib_ops iwl4965_lib =
24256 -static struct iwl_ops iwl4965_ops = {
24257 +static const struct iwl_ops iwl4965_ops = {
24258 .ucode = &iwl4965_ucode,
24259 .lib = &iwl4965_lib,
24260 .hcmd = &iwl4965_hcmd,
24261 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c
24262 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c 2009-12-02 22:51:21.000000000 -0500
24263 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c 2009-12-14 18:33:54.876020816 -0500
24264 @@ -1627,14 +1627,14 @@ static struct iwl_lib_ops iwl5150_lib =
24268 -struct iwl_ops iwl5000_ops = {
24269 +const struct iwl_ops iwl5000_ops = {
24270 .ucode = &iwl5000_ucode,
24271 .lib = &iwl5000_lib,
24272 .hcmd = &iwl5000_hcmd,
24273 .utils = &iwl5000_hcmd_utils,
24276 -static struct iwl_ops iwl5150_ops = {
24277 +static const struct iwl_ops iwl5150_ops = {
24278 .ucode = &iwl5000_ucode,
24279 .lib = &iwl5150_lib,
24280 .hcmd = &iwl5000_hcmd,
24281 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c
24282 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c 2009-12-02 22:51:21.000000000 -0500
24283 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c 2009-12-14 18:33:54.906800344 -0500
24284 @@ -146,7 +146,7 @@ static struct iwl_hcmd_utils_ops iwl6000
24285 .calc_rssi = iwl5000_calc_rssi,
24288 -static struct iwl_ops iwl6000_ops = {
24289 +static const struct iwl_ops iwl6000_ops = {
24290 .ucode = &iwl5000_ucode,
24291 .lib = &iwl6000_lib,
24292 .hcmd = &iwl5000_hcmd,
24293 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h
24294 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h 2009-12-02 22:51:21.000000000 -0500
24295 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h 2009-12-14 18:33:55.011809667 -0500
24296 @@ -67,7 +67,7 @@ struct iwl_tx_queue;
24298 /* shared structures from iwl-5000.c */
24299 extern struct iwl_mod_params iwl50_mod_params;
24300 -extern struct iwl_ops iwl5000_ops;
24301 +extern const struct iwl_ops iwl5000_ops;
24302 extern struct iwl_ucode_ops iwl5000_ucode;
24303 extern struct iwl_lib_ops iwl5000_lib;
24304 extern struct iwl_hcmd_ops iwl5000_hcmd;
24305 diff -urNp linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c
24306 --- linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c 2009-12-02 22:51:21.000000000 -0500
24307 +++ linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c 2009-12-14 18:33:55.023739193 -0500
24308 @@ -708,7 +708,7 @@ out_unlock:
24309 struct lbs_debugfs_files {
24312 - struct file_operations fops;
24313 + const struct file_operations fops;
24316 static const struct lbs_debugfs_files debugfs_files[] = {
24317 diff -urNp linux-2.6.32.1/drivers/oprofile/buffer_sync.c linux-2.6.32.1/drivers/oprofile/buffer_sync.c
24318 --- linux-2.6.32.1/drivers/oprofile/buffer_sync.c 2009-12-02 22:51:21.000000000 -0500
24319 +++ linux-2.6.32.1/drivers/oprofile/buffer_sync.c 2009-12-14 18:33:55.029055185 -0500
24320 @@ -340,7 +340,7 @@ static void add_data(struct op_entry *en
24321 if (cookie == NO_COOKIE)
24323 if (cookie == INVALID_COOKIE) {
24324 - atomic_inc(&oprofile_stats.sample_lost_no_mapping);
24325 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
24328 if (cookie != last_cookie) {
24329 @@ -384,14 +384,14 @@ add_sample(struct mm_struct *mm, struct
24330 /* add userspace sample */
24333 - atomic_inc(&oprofile_stats.sample_lost_no_mm);
24334 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm);
24338 cookie = lookup_dcookie(mm, s->eip, &offset);
24340 if (cookie == INVALID_COOKIE) {
24341 - atomic_inc(&oprofile_stats.sample_lost_no_mapping);
24342 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
24346 @@ -560,7 +560,7 @@ void sync_buffer(int cpu)
24347 /* ignore backtraces if failed to add a sample */
24348 if (state == sb_bt_start) {
24349 state = sb_bt_ignore;
24350 - atomic_inc(&oprofile_stats.bt_lost_no_mapping);
24351 + atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping);
24355 diff -urNp linux-2.6.32.1/drivers/oprofile/event_buffer.c linux-2.6.32.1/drivers/oprofile/event_buffer.c
24356 --- linux-2.6.32.1/drivers/oprofile/event_buffer.c 2009-12-02 22:51:21.000000000 -0500
24357 +++ linux-2.6.32.1/drivers/oprofile/event_buffer.c 2009-12-14 18:33:55.032768369 -0500
24358 @@ -53,7 +53,7 @@ void add_event_entry(unsigned long value
24361 if (buffer_pos == buffer_size) {
24362 - atomic_inc(&oprofile_stats.event_lost_overflow);
24363 + atomic_inc_unchecked(&oprofile_stats.event_lost_overflow);
24367 diff -urNp linux-2.6.32.1/drivers/oprofile/oprof.c linux-2.6.32.1/drivers/oprofile/oprof.c
24368 --- linux-2.6.32.1/drivers/oprofile/oprof.c 2009-12-02 22:51:21.000000000 -0500
24369 +++ linux-2.6.32.1/drivers/oprofile/oprof.c 2009-12-14 18:33:55.035044562 -0500
24370 @@ -110,7 +110,7 @@ static void switch_worker(struct work_st
24371 if (oprofile_ops.switch_events())
24374 - atomic_inc(&oprofile_stats.multiplex_counter);
24375 + atomic_inc_unchecked(&oprofile_stats.multiplex_counter);
24376 start_switch_worker();
24379 diff -urNp linux-2.6.32.1/drivers/oprofile/oprofilefs.c linux-2.6.32.1/drivers/oprofile/oprofilefs.c
24380 --- linux-2.6.32.1/drivers/oprofile/oprofilefs.c 2009-12-02 22:51:21.000000000 -0500
24381 +++ linux-2.6.32.1/drivers/oprofile/oprofilefs.c 2009-12-14 18:33:55.035853152 -0500
24382 @@ -187,7 +187,7 @@ static const struct file_operations atom
24385 int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
24386 - char const *name, atomic_t *val)
24387 + char const *name, atomic_unchecked_t *val)
24389 struct dentry *d = __oprofilefs_create_file(sb, root, name,
24390 &atomic_ro_fops, 0444);
24391 diff -urNp linux-2.6.32.1/drivers/oprofile/oprofile_stats.c linux-2.6.32.1/drivers/oprofile/oprofile_stats.c
24392 --- linux-2.6.32.1/drivers/oprofile/oprofile_stats.c 2009-12-02 22:51:21.000000000 -0500
24393 +++ linux-2.6.32.1/drivers/oprofile/oprofile_stats.c 2009-12-14 18:33:55.037978961 -0500
24394 @@ -30,11 +30,11 @@ void oprofile_reset_stats(void)
24395 cpu_buf->sample_invalid_eip = 0;
24398 - atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
24399 - atomic_set(&oprofile_stats.sample_lost_no_mapping, 0);
24400 - atomic_set(&oprofile_stats.event_lost_overflow, 0);
24401 - atomic_set(&oprofile_stats.bt_lost_no_mapping, 0);
24402 - atomic_set(&oprofile_stats.multiplex_counter, 0);
24403 + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mm, 0);
24404 + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mapping, 0);
24405 + atomic_set_unchecked(&oprofile_stats.event_lost_overflow, 0);
24406 + atomic_set_unchecked(&oprofile_stats.bt_lost_no_mapping, 0);
24407 + atomic_set_unchecked(&oprofile_stats.multiplex_counter, 0);
24411 diff -urNp linux-2.6.32.1/drivers/oprofile/oprofile_stats.h linux-2.6.32.1/drivers/oprofile/oprofile_stats.h
24412 --- linux-2.6.32.1/drivers/oprofile/oprofile_stats.h 2009-12-02 22:51:21.000000000 -0500
24413 +++ linux-2.6.32.1/drivers/oprofile/oprofile_stats.h 2009-12-14 18:33:55.142844045 -0500
24414 @@ -13,11 +13,11 @@
24415 #include <asm/atomic.h>
24417 struct oprofile_stat_struct {
24418 - atomic_t sample_lost_no_mm;
24419 - atomic_t sample_lost_no_mapping;
24420 - atomic_t bt_lost_no_mapping;
24421 - atomic_t event_lost_overflow;
24422 - atomic_t multiplex_counter;
24423 + atomic_unchecked_t sample_lost_no_mm;
24424 + atomic_unchecked_t sample_lost_no_mapping;
24425 + atomic_unchecked_t bt_lost_no_mapping;
24426 + atomic_unchecked_t event_lost_overflow;
24427 + atomic_unchecked_t multiplex_counter;
24430 extern struct oprofile_stat_struct oprofile_stats;
24431 diff -urNp linux-2.6.32.1/drivers/parisc/pdc_stable.c linux-2.6.32.1/drivers/parisc/pdc_stable.c
24432 --- linux-2.6.32.1/drivers/parisc/pdc_stable.c 2009-12-02 22:51:21.000000000 -0500
24433 +++ linux-2.6.32.1/drivers/parisc/pdc_stable.c 2009-12-14 18:33:55.266828951 -0500
24434 @@ -481,7 +481,7 @@ pdcspath_attr_store(struct kobject *kobj
24438 -static struct sysfs_ops pdcspath_attr_ops = {
24439 +static const struct sysfs_ops pdcspath_attr_ops = {
24440 .show = pdcspath_attr_show,
24441 .store = pdcspath_attr_store,
24443 diff -urNp linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c
24444 --- linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c 2009-12-02 22:51:21.000000000 -0500
24445 +++ linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c 2009-12-14 18:33:55.489082621 -0500
24446 @@ -111,7 +111,7 @@ static int post_dock_fixups(struct notif
24450 -static struct acpi_dock_ops acpiphp_dock_ops = {
24451 +static const struct acpi_dock_ops acpiphp_dock_ops = {
24452 .handler = handle_hotplug_event_func,
24455 diff -urNp linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c
24456 --- linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c 2009-12-02 22:51:21.000000000 -0500
24457 +++ linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c 2009-12-14 18:33:55.492016288 -0500
24458 @@ -428,9 +428,13 @@ static u32 store_HRT (void __iomem *rom_
24460 void compaq_nvram_init (void __iomem *rom_start)
24463 +#ifndef CONFIG_PAX_KERNEXEC
24465 compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
24469 dbg("int15 entry = %p\n", compaq_int15_entry_point);
24471 /* initialize our int15 lock */
24472 diff -urNp linux-2.6.32.1/drivers/pci/hotplug/fakephp.c linux-2.6.32.1/drivers/pci/hotplug/fakephp.c
24473 --- linux-2.6.32.1/drivers/pci/hotplug/fakephp.c 2009-12-02 22:51:21.000000000 -0500
24474 +++ linux-2.6.32.1/drivers/pci/hotplug/fakephp.c 2009-12-14 18:33:55.492799690 -0500
24475 @@ -73,7 +73,7 @@ static void legacy_release(struct kobjec
24478 static struct kobj_type legacy_ktype = {
24479 - .sysfs_ops = &(struct sysfs_ops){
24480 + .sysfs_ops = &(const struct sysfs_ops){
24481 .store = legacy_store, .show = legacy_show
24483 .release = &legacy_release,
24484 diff -urNp linux-2.6.32.1/drivers/pci/intel-iommu.c linux-2.6.32.1/drivers/pci/intel-iommu.c
24485 --- linux-2.6.32.1/drivers/pci/intel-iommu.c 2009-12-02 22:51:21.000000000 -0500
24486 +++ linux-2.6.32.1/drivers/pci/intel-iommu.c 2009-12-14 18:33:55.520095156 -0500
24487 @@ -2937,7 +2937,7 @@ static int intel_mapping_error(struct de
24491 -struct dma_map_ops intel_dma_ops = {
24492 +const struct dma_map_ops intel_dma_ops = {
24493 .alloc_coherent = intel_alloc_coherent,
24494 .free_coherent = intel_free_coherent,
24495 .map_sg = intel_map_sg,
24496 diff -urNp linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c
24497 --- linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c 2009-12-02 22:51:21.000000000 -0500
24498 +++ linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c 2009-12-14 18:33:55.629114556 -0500
24499 @@ -249,7 +249,7 @@ static void pcie_portdrv_err_resume(stru
24500 static const struct pci_device_id port_pci_ids[] = { {
24501 /* handle any PCI-Express port */
24502 PCI_DEVICE_CLASS(((PCI_CLASS_BRIDGE_PCI << 8) | 0x00), ~0),
24503 - }, { /* end: all zeroes */ }
24504 + }, { 0, 0, 0, 0, 0, 0, 0 }
24506 MODULE_DEVICE_TABLE(pci, port_pci_ids);
24508 diff -urNp linux-2.6.32.1/drivers/pci/proc.c linux-2.6.32.1/drivers/pci/proc.c
24509 --- linux-2.6.32.1/drivers/pci/proc.c 2009-12-02 22:51:21.000000000 -0500
24510 +++ linux-2.6.32.1/drivers/pci/proc.c 2009-12-14 18:33:55.739118344 -0500
24511 @@ -480,7 +480,16 @@ static const struct file_operations proc
24512 static int __init pci_proc_init(void)
24514 struct pci_dev *dev = NULL;
24516 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
24517 +#ifdef CONFIG_GRKERNSEC_PROC_USER
24518 + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
24519 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
24520 + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
24523 proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
24525 proc_create("devices", 0, proc_bus_pci_dir,
24526 &proc_bus_pci_dev_operations);
24527 proc_initialized = 1;
24528 diff -urNp linux-2.6.32.1/drivers/pci/slot.c linux-2.6.32.1/drivers/pci/slot.c
24529 --- linux-2.6.32.1/drivers/pci/slot.c 2009-12-02 22:51:21.000000000 -0500
24530 +++ linux-2.6.32.1/drivers/pci/slot.c 2009-12-14 18:33:55.739882201 -0500
24531 @@ -29,7 +29,7 @@ static ssize_t pci_slot_attr_store(struc
24532 return attribute->store ? attribute->store(slot, buf, len) : -EIO;
24535 -static struct sysfs_ops pci_slot_sysfs_ops = {
24536 +static const struct sysfs_ops pci_slot_sysfs_ops = {
24537 .show = pci_slot_attr_show,
24538 .store = pci_slot_attr_store,
24540 diff -urNp linux-2.6.32.1/drivers/pcmcia/ti113x.h linux-2.6.32.1/drivers/pcmcia/ti113x.h
24541 --- linux-2.6.32.1/drivers/pcmcia/ti113x.h 2009-12-02 22:51:21.000000000 -0500
24542 +++ linux-2.6.32.1/drivers/pcmcia/ti113x.h 2009-12-14 18:33:55.749622860 -0500
24543 @@ -903,7 +903,7 @@ static struct pci_device_id ene_tune_tbl
24544 DEVID(PCI_VENDOR_ID_MOTOROLA, 0x3410, 0xECC0, PCI_ANY_ID,
24545 ENE_TEST_C9_TLTENABLE | ENE_TEST_C9_PFENABLE, ENE_TEST_C9_TLTENABLE),
24548 + { 0, 0, 0, 0, 0, 0, 0 }
24551 static void ene_tune_bridge(struct pcmcia_socket *sock, struct pci_bus *bus)
24552 diff -urNp linux-2.6.32.1/drivers/pcmcia/yenta_socket.c linux-2.6.32.1/drivers/pcmcia/yenta_socket.c
24553 --- linux-2.6.32.1/drivers/pcmcia/yenta_socket.c 2009-12-02 22:51:21.000000000 -0500
24554 +++ linux-2.6.32.1/drivers/pcmcia/yenta_socket.c 2009-12-14 18:33:55.800130505 -0500
24555 @@ -1387,7 +1387,7 @@ static struct pci_device_id yenta_table
24557 /* match any cardbus bridge */
24558 CB_ID(PCI_ANY_ID, PCI_ANY_ID, DEFAULT),
24559 - { /* all zeroes */ }
24560 + { 0, 0, 0, 0, 0, 0, 0 }
24562 MODULE_DEVICE_TABLE(pci, yenta_table);
24564 diff -urNp linux-2.6.32.1/drivers/platform/x86/acer-wmi.c linux-2.6.32.1/drivers/platform/x86/acer-wmi.c
24565 --- linux-2.6.32.1/drivers/platform/x86/acer-wmi.c 2009-12-02 22:51:21.000000000 -0500
24566 +++ linux-2.6.32.1/drivers/platform/x86/acer-wmi.c 2009-12-14 18:33:55.834859500 -0500
24567 @@ -918,7 +918,7 @@ static int update_bl_status(struct backl
24571 -static struct backlight_ops acer_bl_ops = {
24572 +static const struct backlight_ops acer_bl_ops = {
24573 .get_brightness = read_brightness,
24574 .update_status = update_bl_status,
24576 diff -urNp linux-2.6.32.1/drivers/platform/x86/asus_acpi.c linux-2.6.32.1/drivers/platform/x86/asus_acpi.c
24577 --- linux-2.6.32.1/drivers/platform/x86/asus_acpi.c 2009-12-02 22:51:21.000000000 -0500
24578 +++ linux-2.6.32.1/drivers/platform/x86/asus_acpi.c 2009-12-14 18:33:55.836770614 -0500
24579 @@ -1402,7 +1402,7 @@ static int asus_hotk_remove(struct acpi_
24583 -static struct backlight_ops asus_backlight_data = {
24584 +static const struct backlight_ops asus_backlight_data = {
24585 .get_brightness = read_brightness,
24586 .update_status = set_brightness_status,
24588 diff -urNp linux-2.6.32.1/drivers/platform/x86/asus-laptop.c linux-2.6.32.1/drivers/platform/x86/asus-laptop.c
24589 --- linux-2.6.32.1/drivers/platform/x86/asus-laptop.c 2009-12-02 22:51:21.000000000 -0500
24590 +++ linux-2.6.32.1/drivers/platform/x86/asus-laptop.c 2009-12-14 18:33:55.837827310 -0500
24591 @@ -249,7 +249,7 @@ static struct backlight_device *asus_bac
24593 static int read_brightness(struct backlight_device *bd);
24594 static int update_bl_status(struct backlight_device *bd);
24595 -static struct backlight_ops asusbl_ops = {
24596 +static const struct backlight_ops asusbl_ops = {
24597 .get_brightness = read_brightness,
24598 .update_status = update_bl_status,
24600 diff -urNp linux-2.6.32.1/drivers/platform/x86/compal-laptop.c linux-2.6.32.1/drivers/platform/x86/compal-laptop.c
24601 --- linux-2.6.32.1/drivers/platform/x86/compal-laptop.c 2009-12-02 22:51:21.000000000 -0500
24602 +++ linux-2.6.32.1/drivers/platform/x86/compal-laptop.c 2009-12-14 18:33:55.838707580 -0500
24603 @@ -163,7 +163,7 @@ static int bl_update_status(struct backl
24604 return set_lcd_level(b->props.brightness);
24607 -static struct backlight_ops compalbl_ops = {
24608 +static const struct backlight_ops compalbl_ops = {
24609 .get_brightness = bl_get_brightness,
24610 .update_status = bl_update_status,
24612 diff -urNp linux-2.6.32.1/drivers/platform/x86/dell-laptop.c linux-2.6.32.1/drivers/platform/x86/dell-laptop.c
24613 --- linux-2.6.32.1/drivers/platform/x86/dell-laptop.c 2009-12-02 22:51:21.000000000 -0500
24614 +++ linux-2.6.32.1/drivers/platform/x86/dell-laptop.c 2009-12-14 18:33:55.838707580 -0500
24615 @@ -305,7 +305,7 @@ static int dell_get_intensity(struct bac
24616 return buffer.output[1];
24619 -static struct backlight_ops dell_ops = {
24620 +static const struct backlight_ops dell_ops = {
24621 .get_brightness = dell_get_intensity,
24622 .update_status = dell_send_intensity,
24624 diff -urNp linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c
24625 --- linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c 2009-12-02 22:51:21.000000000 -0500
24626 +++ linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c 2009-12-14 18:33:55.844122126 -0500
24627 @@ -242,7 +242,7 @@ static struct device *eeepc_hwmon_device
24629 static int read_brightness(struct backlight_device *bd);
24630 static int update_bl_status(struct backlight_device *bd);
24631 -static struct backlight_ops eeepcbl_ops = {
24632 +static const struct backlight_ops eeepcbl_ops = {
24633 .get_brightness = read_brightness,
24634 .update_status = update_bl_status,
24636 diff -urNp linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c
24637 --- linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c 2009-12-02 22:51:21.000000000 -0500
24638 +++ linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c 2009-12-14 18:33:55.866968187 -0500
24639 @@ -436,7 +436,7 @@ static int bl_update_status(struct backl
24643 -static struct backlight_ops fujitsubl_ops = {
24644 +static const struct backlight_ops fujitsubl_ops = {
24645 .get_brightness = bl_get_brightness,
24646 .update_status = bl_update_status,
24648 diff -urNp linux-2.6.32.1/drivers/platform/x86/msi-laptop.c linux-2.6.32.1/drivers/platform/x86/msi-laptop.c
24649 --- linux-2.6.32.1/drivers/platform/x86/msi-laptop.c 2009-12-02 22:51:21.000000000 -0500
24650 +++ linux-2.6.32.1/drivers/platform/x86/msi-laptop.c 2009-12-14 18:33:55.870749582 -0500
24651 @@ -161,7 +161,7 @@ static int bl_update_status(struct backl
24652 return set_lcd_level(b->props.brightness);
24655 -static struct backlight_ops msibl_ops = {
24656 +static const struct backlight_ops msibl_ops = {
24657 .get_brightness = bl_get_brightness,
24658 .update_status = bl_update_status,
24660 diff -urNp linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c
24661 --- linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c 2009-12-02 22:51:21.000000000 -0500
24662 +++ linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c 2009-12-14 18:33:55.872005065 -0500
24663 @@ -352,7 +352,7 @@ static int bl_set_status(struct backligh
24664 return acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, bright);
24667 -static struct backlight_ops pcc_backlight_ops = {
24668 +static const struct backlight_ops pcc_backlight_ops = {
24669 .get_brightness = bl_get,
24670 .update_status = bl_set_status,
24672 diff -urNp linux-2.6.32.1/drivers/platform/x86/sony-laptop.c linux-2.6.32.1/drivers/platform/x86/sony-laptop.c
24673 --- linux-2.6.32.1/drivers/platform/x86/sony-laptop.c 2009-12-02 22:51:21.000000000 -0500
24674 +++ linux-2.6.32.1/drivers/platform/x86/sony-laptop.c 2009-12-14 18:33:55.895049235 -0500
24675 @@ -850,7 +850,7 @@ static int sony_backlight_get_brightness
24678 static struct backlight_device *sony_backlight_device;
24679 -static struct backlight_ops sony_backlight_ops = {
24680 +static const struct backlight_ops sony_backlight_ops = {
24681 .update_status = sony_backlight_update_status,
24682 .get_brightness = sony_backlight_get_brightness,
24684 diff -urNp linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c
24685 --- linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c 2009-12-02 22:51:21.000000000 -0500
24686 +++ linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c 2009-12-14 18:33:55.935705037 -0500
24687 @@ -6095,7 +6095,7 @@ static int brightness_get(struct backlig
24688 return status & TP_EC_BACKLIGHT_LVLMSK;
24691 -static struct backlight_ops ibm_backlight_data = {
24692 +static const struct backlight_ops ibm_backlight_data = {
24693 .get_brightness = brightness_get,
24694 .update_status = brightness_update_status,
24696 diff -urNp linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c
24697 --- linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c 2009-12-02 22:51:21.000000000 -0500
24698 +++ linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c 2009-12-14 18:33:55.944748123 -0500
24699 @@ -671,7 +671,7 @@ static acpi_status remove_device(void)
24703 -static struct backlight_ops toshiba_backlight_data = {
24704 +static const struct backlight_ops toshiba_backlight_data = {
24705 .get_brightness = get_lcd,
24706 .update_status = set_lcd_status,
24708 diff -urNp linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c
24709 --- linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c 2009-12-02 22:51:21.000000000 -0500
24710 +++ linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c 2009-12-14 18:33:55.952133531 -0500
24711 @@ -60,7 +60,7 @@ do { \
24712 set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \
24715 -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
24716 +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
24717 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
24720 @@ -97,7 +97,10 @@ static inline u16 call_pnp_bios(u16 func
24723 save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8];
24725 + pax_open_kernel();
24726 get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc;
24727 + pax_close_kernel();
24729 /* On some boxes IRQ's during PnP BIOS calls are deadly. */
24730 spin_lock_irqsave(&pnp_bios_lock, flags);
24731 @@ -135,7 +138,10 @@ static inline u16 call_pnp_bios(u16 func
24733 spin_unlock_irqrestore(&pnp_bios_lock, flags);
24735 + pax_open_kernel();
24736 get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40;
24737 + pax_close_kernel();
24741 /* If we get here and this is set then the PnP BIOS faulted on us. */
24742 @@ -469,7 +475,7 @@ int pnp_bios_read_escd(char *data, u32 n
24746 -void pnpbios_calls_init(union pnp_bios_install_struct *header)
24747 +void __init pnpbios_calls_init(union pnp_bios_install_struct *header)
24751 @@ -477,6 +483,8 @@ void pnpbios_calls_init(union pnp_bios_i
24752 pnp_bios_callpoint.offset = header->fields.pm16offset;
24753 pnp_bios_callpoint.segment = PNP_CS16;
24755 + pax_open_kernel();
24757 for_each_possible_cpu(i) {
24758 struct desc_struct *gdt = get_cpu_gdt_table(i);
24760 @@ -488,4 +496,6 @@ void pnpbios_calls_init(union pnp_bios_i
24761 set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS],
24762 (unsigned long)__va(header->fields.pm16dseg));
24765 + pax_close_kernel();
24767 diff -urNp linux-2.6.32.1/drivers/pnp/quirks.c linux-2.6.32.1/drivers/pnp/quirks.c
24768 --- linux-2.6.32.1/drivers/pnp/quirks.c 2009-12-02 22:51:21.000000000 -0500
24769 +++ linux-2.6.32.1/drivers/pnp/quirks.c 2009-12-14 18:33:55.970988084 -0500
24770 @@ -327,7 +327,7 @@ static struct pnp_fixup pnp_fixups[] = {
24771 /* PnP resources that might overlap PCI BARs */
24772 {"PNP0c01", quirk_system_pci_resources},
24773 {"PNP0c02", quirk_system_pci_resources},
24778 void pnp_fixup_device(struct pnp_dev *dev)
24779 diff -urNp linux-2.6.32.1/drivers/pnp/resource.c linux-2.6.32.1/drivers/pnp/resource.c
24780 --- linux-2.6.32.1/drivers/pnp/resource.c 2009-12-02 22:51:21.000000000 -0500
24781 +++ linux-2.6.32.1/drivers/pnp/resource.c 2009-12-14 18:33:55.979764165 -0500
24782 @@ -355,7 +355,7 @@ int pnp_check_irq(struct pnp_dev *dev, s
24785 /* check if the resource is valid */
24786 - if (*irq < 0 || *irq > 15)
24790 /* check if the resource is reserved */
24791 @@ -419,7 +419,7 @@ int pnp_check_dma(struct pnp_dev *dev, s
24794 /* check if the resource is valid */
24795 - if (*dma < 0 || *dma == 4 || *dma > 7)
24796 + if (*dma == 4 || *dma > 7)
24799 /* check if the resource is reserved */
24800 diff -urNp linux-2.6.32.1/drivers/scsi/ipr.c linux-2.6.32.1/drivers/scsi/ipr.c
24801 --- linux-2.6.32.1/drivers/scsi/ipr.c 2009-12-02 22:51:21.000000000 -0500
24802 +++ linux-2.6.32.1/drivers/scsi/ipr.c 2009-12-14 18:33:56.022142074 -0500
24803 @@ -5286,7 +5286,7 @@ static bool ipr_qc_fill_rtf(struct ata_q
24807 -static struct ata_port_operations ipr_sata_ops = {
24808 +static const struct ata_port_operations ipr_sata_ops = {
24809 .phy_reset = ipr_ata_phy_reset,
24810 .hardreset = ipr_sata_reset,
24811 .post_internal_cmd = ipr_ata_post_internal,
24812 diff -urNp linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c
24813 --- linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c 2009-12-02 22:51:21.000000000 -0500
24814 +++ linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c 2009-12-14 18:33:56.040784122 -0500
24815 @@ -86,12 +86,12 @@ struct fc_exch_mgr {
24816 * all together if not used XXX
24819 - atomic_t no_free_exch;
24820 - atomic_t no_free_exch_xid;
24821 - atomic_t xid_not_found;
24822 - atomic_t xid_busy;
24823 - atomic_t seq_not_found;
24824 - atomic_t non_bls_resp;
24825 + atomic_unchecked_t no_free_exch;
24826 + atomic_unchecked_t no_free_exch_xid;
24827 + atomic_unchecked_t xid_not_found;
24828 + atomic_unchecked_t xid_busy;
24829 + atomic_unchecked_t seq_not_found;
24830 + atomic_unchecked_t non_bls_resp;
24833 #define fc_seq_exch(sp) container_of(sp, struct fc_exch, seq)
24834 @@ -510,7 +510,7 @@ static struct fc_exch *fc_exch_em_alloc(
24835 /* allocate memory for exchange */
24836 ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
24838 - atomic_inc(&mp->stats.no_free_exch);
24839 + atomic_inc_unchecked(&mp->stats.no_free_exch);
24842 memset(ep, 0, sizeof(*ep));
24843 @@ -557,7 +557,7 @@ out:
24846 spin_unlock_bh(&pool->lock);
24847 - atomic_inc(&mp->stats.no_free_exch_xid);
24848 + atomic_inc_unchecked(&mp->stats.no_free_exch_xid);
24849 mempool_free(ep, mp->ep_pool);
24852 @@ -690,7 +690,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24853 xid = ntohs(fh->fh_ox_id); /* we originated exch */
24854 ep = fc_exch_find(mp, xid);
24856 - atomic_inc(&mp->stats.xid_not_found);
24857 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24858 reject = FC_RJT_OX_ID;
24861 @@ -720,7 +720,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24862 ep = fc_exch_find(mp, xid);
24863 if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
24865 - atomic_inc(&mp->stats.xid_busy);
24866 + atomic_inc_unchecked(&mp->stats.xid_busy);
24867 reject = FC_RJT_RX_ID;
24870 @@ -731,7 +731,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24872 xid = ep->xid; /* get our XID */
24874 - atomic_inc(&mp->stats.xid_not_found);
24875 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24876 reject = FC_RJT_RX_ID; /* XID not found */
24879 @@ -752,7 +752,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24882 if (sp->id != fh->fh_seq_id) {
24883 - atomic_inc(&mp->stats.seq_not_found);
24884 + atomic_inc_unchecked(&mp->stats.seq_not_found);
24885 reject = FC_RJT_SEQ_ID; /* sequence/exch should exist */
24888 @@ -1163,22 +1163,22 @@ static void fc_exch_recv_seq_resp(struct
24890 ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
24892 - atomic_inc(&mp->stats.xid_not_found);
24893 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24896 if (ep->esb_stat & ESB_ST_COMPLETE) {
24897 - atomic_inc(&mp->stats.xid_not_found);
24898 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24901 if (ep->rxid == FC_XID_UNKNOWN)
24902 ep->rxid = ntohs(fh->fh_rx_id);
24903 if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) {
24904 - atomic_inc(&mp->stats.xid_not_found);
24905 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24908 if (ep->did != ntoh24(fh->fh_s_id) &&
24909 ep->did != FC_FID_FLOGI) {
24910 - atomic_inc(&mp->stats.xid_not_found);
24911 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24915 @@ -1189,7 +1189,7 @@ static void fc_exch_recv_seq_resp(struct
24918 if (sp->id != fh->fh_seq_id) {
24919 - atomic_inc(&mp->stats.seq_not_found);
24920 + atomic_inc_unchecked(&mp->stats.seq_not_found);
24924 @@ -1249,9 +1249,9 @@ static void fc_exch_recv_resp(struct fc_
24925 sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
24928 - atomic_inc(&mp->stats.xid_not_found);
24929 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24931 - atomic_inc(&mp->stats.non_bls_resp);
24932 + atomic_inc_unchecked(&mp->stats.non_bls_resp);
24936 diff -urNp linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c
24937 --- linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c 2009-12-02 22:51:21.000000000 -0500
24938 +++ linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c 2009-12-14 18:33:56.072817664 -0500
24939 @@ -343,7 +343,7 @@ static int sas_ata_scr_read(struct ata_l
24943 -static struct ata_port_operations sas_sata_ops = {
24944 +static const struct ata_port_operations sas_sata_ops = {
24945 .phy_reset = sas_ata_phy_reset,
24946 .post_internal_cmd = sas_ata_post_internal,
24947 .qc_prep = ata_noop_qc_prep,
24948 diff -urNp linux-2.6.32.1/drivers/scsi/scsi_logging.h linux-2.6.32.1/drivers/scsi/scsi_logging.h
24949 --- linux-2.6.32.1/drivers/scsi/scsi_logging.h 2009-12-02 22:51:21.000000000 -0500
24950 +++ linux-2.6.32.1/drivers/scsi/scsi_logging.h 2009-12-14 18:33:56.082745190 -0500
24951 @@ -51,7 +51,7 @@ do { \
24955 -#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD)
24956 +#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0)
24957 #endif /* CONFIG_SCSI_LOGGING */
24960 diff -urNp linux-2.6.32.1/drivers/scsi/sg.c linux-2.6.32.1/drivers/scsi/sg.c
24961 --- linux-2.6.32.1/drivers/scsi/sg.c 2009-12-02 22:51:21.000000000 -0500
24962 +++ linux-2.6.32.1/drivers/scsi/sg.c 2009-12-14 18:33:56.095153533 -0500
24963 @@ -2292,7 +2292,7 @@ struct sg_proc_leaf {
24964 const struct file_operations * fops;
24967 -static struct sg_proc_leaf sg_proc_leaf_arr[] = {
24968 +static const struct sg_proc_leaf sg_proc_leaf_arr[] = {
24969 {"allow_dio", &adio_fops},
24970 {"debug", &debug_fops},
24971 {"def_reserved_size", &dressz_fops},
24972 @@ -2307,7 +2307,7 @@ sg_proc_init(void)
24975 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
24976 - struct sg_proc_leaf * leaf;
24977 + const struct sg_proc_leaf * leaf;
24979 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
24981 diff -urNp linux-2.6.32.1/drivers/serial/8250_pci.c linux-2.6.32.1/drivers/serial/8250_pci.c
24982 --- linux-2.6.32.1/drivers/serial/8250_pci.c 2009-12-02 22:51:21.000000000 -0500
24983 +++ linux-2.6.32.1/drivers/serial/8250_pci.c 2009-12-14 18:33:56.124714120 -0500
24984 @@ -3664,7 +3664,7 @@ static struct pci_device_id serial_pci_t
24985 PCI_ANY_ID, PCI_ANY_ID,
24986 PCI_CLASS_COMMUNICATION_MULTISERIAL << 8,
24987 0xffff00, pbn_default },
24989 + { 0, 0, 0, 0, 0, 0, 0 }
24992 static struct pci_driver serial_pci_driver = {
24993 diff -urNp linux-2.6.32.1/drivers/serial/kgdboc.c linux-2.6.32.1/drivers/serial/kgdboc.c
24994 --- linux-2.6.32.1/drivers/serial/kgdboc.c 2009-12-02 22:51:21.000000000 -0500
24995 +++ linux-2.6.32.1/drivers/serial/kgdboc.c 2009-12-14 18:33:56.136250252 -0500
24998 #define MAX_CONFIG_LEN 40
25000 -static struct kgdb_io kgdboc_io_ops;
25001 +static const struct kgdb_io kgdboc_io_ops;
25003 /* -1 = init not run yet, 0 = unconfigured, 1 = configured. */
25004 static int configured = -1;
25005 @@ -154,7 +154,7 @@ static void kgdboc_post_exp_handler(void
25006 module_put(THIS_MODULE);
25009 -static struct kgdb_io kgdboc_io_ops = {
25010 +static const struct kgdb_io kgdboc_io_ops = {
25012 .read_char = kgdboc_get_char,
25013 .write_char = kgdboc_put_char,
25014 diff -urNp linux-2.6.32.1/drivers/staging/android/binder.c linux-2.6.32.1/drivers/staging/android/binder.c
25015 --- linux-2.6.32.1/drivers/staging/android/binder.c 2009-12-02 22:51:21.000000000 -0500
25016 +++ linux-2.6.32.1/drivers/staging/android/binder.c 2009-12-14 18:33:56.151914823 -0500
25017 @@ -2756,7 +2756,7 @@ static void binder_vma_close(struct vm_a
25018 binder_defer_work(proc, BINDER_DEFERRED_PUT_FILES);
25021 -static struct vm_operations_struct binder_vm_ops = {
25022 +static const struct vm_operations_struct binder_vm_ops = {
25023 .open = binder_vma_open,
25024 .close = binder_vma_close,
25026 diff -urNp linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c
25027 --- linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c 2009-12-02 22:51:21.000000000 -0500
25028 +++ linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c 2009-12-14 18:33:56.180829699 -0500
25029 @@ -455,7 +455,7 @@ static int b3dfg_vma_fault(struct vm_are
25030 return VM_FAULT_NOPAGE;
25033 -static struct vm_operations_struct b3dfg_vm_ops = {
25034 +static const struct vm_operations_struct b3dfg_vm_ops = {
25035 .fault = b3dfg_vma_fault,
25038 @@ -848,7 +848,7 @@ static int b3dfg_mmap(struct file *filp,
25042 -static struct file_operations b3dfg_fops = {
25043 +static const struct file_operations b3dfg_fops = {
25044 .owner = THIS_MODULE,
25045 .open = b3dfg_open,
25046 .release = b3dfg_release,
25047 diff -urNp linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c
25048 --- linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c 2009-12-02 22:51:21.000000000 -0500
25049 +++ linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c 2009-12-14 18:33:56.204759560 -0500
25050 @@ -1389,7 +1389,7 @@ void comedi_unmap(struct vm_area_struct
25051 mutex_unlock(&dev->mutex);
25054 -static struct vm_operations_struct comedi_vm_ops = {
25055 +static const struct vm_operations_struct comedi_vm_ops = {
25056 .close = comedi_unmap,
25059 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c
25060 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c 2009-12-02 22:51:21.000000000 -0500
25061 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c 2009-12-14 18:33:56.217730751 -0500
25062 @@ -576,7 +576,7 @@ static struct adsp_device *inode_to_devi
25063 static dev_t adsp_devno;
25064 static struct class *adsp_class;
25066 -static struct file_operations adsp_fops = {
25067 +static const struct file_operations adsp_fops = {
25068 .owner = THIS_MODULE,
25070 .unlocked_ioctl = adsp_ioctl,
25071 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c
25072 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c 2009-12-02 22:51:21.000000000 -0500
25073 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c 2009-12-14 18:33:56.243755442 -0500
25074 @@ -1022,7 +1022,7 @@ done:
25078 -static struct file_operations audio_aac_fops = {
25079 +static const struct file_operations audio_aac_fops = {
25080 .owner = THIS_MODULE,
25081 .open = audio_open,
25082 .release = audio_release,
25083 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c
25084 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c 2009-12-02 22:51:21.000000000 -0500
25085 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c 2009-12-14 18:33:56.266835744 -0500
25086 @@ -833,7 +833,7 @@ done:
25090 -static struct file_operations audio_amrnb_fops = {
25091 +static const struct file_operations audio_amrnb_fops = {
25092 .owner = THIS_MODULE,
25093 .open = audamrnb_open,
25094 .release = audamrnb_release,
25095 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c
25096 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c 2009-12-02 22:51:21.000000000 -0500
25097 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c 2009-12-14 18:33:56.267703597 -0500
25098 @@ -805,7 +805,7 @@ dma_fail:
25102 -static struct file_operations audio_evrc_fops = {
25103 +static const struct file_operations audio_evrc_fops = {
25104 .owner = THIS_MODULE,
25105 .open = audevrc_open,
25106 .release = audevrc_release,
25107 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c
25108 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c 2009-12-02 22:51:21.000000000 -0500
25109 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c 2009-12-14 18:33:56.268741974 -0500
25110 @@ -913,7 +913,7 @@ static int audpre_open(struct inode *ino
25114 -static struct file_operations audio_fops = {
25115 +static const struct file_operations audio_fops = {
25116 .owner = THIS_MODULE,
25117 .open = audio_in_open,
25118 .release = audio_in_release,
25119 @@ -922,7 +922,7 @@ static struct file_operations audio_fops
25120 .unlocked_ioctl = audio_in_ioctl,
25123 -static struct file_operations audpre_fops = {
25124 +static const struct file_operations audpre_fops = {
25125 .owner = THIS_MODULE,
25126 .open = audpre_open,
25127 .unlocked_ioctl = audpre_ioctl,
25128 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c
25129 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c 2009-12-02 22:51:21.000000000 -0500
25130 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c 2009-12-14 18:33:56.270777115 -0500
25131 @@ -941,7 +941,7 @@ done:
25135 -static struct file_operations audio_mp3_fops = {
25136 +static const struct file_operations audio_mp3_fops = {
25137 .owner = THIS_MODULE,
25138 .open = audio_open,
25139 .release = audio_release,
25140 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c
25141 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c 2009-12-02 22:51:21.000000000 -0500
25142 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c 2009-12-14 18:33:56.272703386 -0500
25143 @@ -810,7 +810,7 @@ static int audpp_open(struct inode *inod
25147 -static struct file_operations audio_fops = {
25148 +static const struct file_operations audio_fops = {
25149 .owner = THIS_MODULE,
25150 .open = audio_open,
25151 .release = audio_release,
25152 @@ -819,7 +819,7 @@ static struct file_operations audio_fops
25153 .unlocked_ioctl = audio_ioctl,
25156 -static struct file_operations audpp_fops = {
25157 +static const struct file_operations audpp_fops = {
25158 .owner = THIS_MODULE,
25159 .open = audpp_open,
25160 .unlocked_ioctl = audpp_ioctl,
25161 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c
25162 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c 2009-12-02 22:51:21.000000000 -0500
25163 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c 2009-12-14 18:33:56.275989683 -0500
25164 @@ -816,7 +816,7 @@ err:
25168 -static struct file_operations audio_qcelp_fops = {
25169 +static const struct file_operations audio_qcelp_fops = {
25170 .owner = THIS_MODULE,
25171 .open = audqcelp_open,
25172 .release = audqcelp_release,
25173 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c
25174 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c 2009-12-02 22:51:21.000000000 -0500
25175 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c 2009-12-14 18:33:56.276744780 -0500
25176 @@ -242,7 +242,7 @@ err:
25180 -static struct file_operations snd_fops = {
25181 +static const struct file_operations snd_fops = {
25182 .owner = THIS_MODULE,
25184 .release = snd_release,
25185 diff -urNp linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c
25186 --- linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c 2009-12-02 22:51:21.000000000 -0500
25187 +++ linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c 2009-12-14 18:33:56.288069638 -0500
25188 @@ -793,7 +793,7 @@ static int qmi_release(struct inode *ip,
25192 -static struct file_operations qmi_fops = {
25193 +static const struct file_operations qmi_fops = {
25194 .owner = THIS_MODULE,
25196 .write = qmi_write,
25197 diff -urNp linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c
25198 --- linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c 2009-12-02 22:51:21.000000000 -0500
25199 +++ linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c 2009-12-14 18:33:56.294817718 -0500
25200 @@ -214,7 +214,7 @@ static long rpcrouter_ioctl(struct file
25204 -static struct file_operations rpcrouter_server_fops = {
25205 +static const struct file_operations rpcrouter_server_fops = {
25206 .owner = THIS_MODULE,
25207 .open = rpcrouter_open,
25208 .release = rpcrouter_release,
25209 @@ -224,7 +224,7 @@ static struct file_operations rpcrouter_
25210 .unlocked_ioctl = rpcrouter_ioctl,
25213 -static struct file_operations rpcrouter_router_fops = {
25214 +static const struct file_operations rpcrouter_router_fops = {
25215 .owner = THIS_MODULE,
25216 .open = rpcrouter_open,
25217 .release = rpcrouter_release,
25218 diff -urNp linux-2.6.32.1/drivers/staging/dst/dcore.c linux-2.6.32.1/drivers/staging/dst/dcore.c
25219 --- linux-2.6.32.1/drivers/staging/dst/dcore.c 2009-12-02 22:51:21.000000000 -0500
25220 +++ linux-2.6.32.1/drivers/staging/dst/dcore.c 2009-12-14 18:33:56.304159431 -0500
25221 @@ -149,7 +149,7 @@ static int dst_bdev_release(struct gendi
25225 -static struct block_device_operations dst_blk_ops = {
25226 +static const struct block_device_operations dst_blk_ops = {
25227 .open = dst_bdev_open,
25228 .release = dst_bdev_release,
25229 .owner = THIS_MODULE,
25230 diff -urNp linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c
25231 --- linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c 2009-12-02 22:51:21.000000000 -0500
25232 +++ linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c 2009-12-14 18:33:56.318778895 -0500
25233 @@ -1700,7 +1700,7 @@ static int go7007_vm_fault(struct vm_are
25237 -static struct vm_operations_struct go7007_vm_ops = {
25238 +static const struct vm_operations_struct go7007_vm_ops = {
25239 .open = go7007_vm_open,
25240 .close = go7007_vm_close,
25241 .fault = go7007_vm_fault,
25242 diff -urNp linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c
25243 --- linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c 2009-12-02 22:51:21.000000000 -0500
25244 +++ linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c 2009-12-14 18:33:56.334798643 -0500
25245 @@ -153,7 +153,7 @@ static int blkvsc_ringbuffer_size = BLKV
25246 /* The one and only one */
25247 static struct blkvsc_driver_context g_blkvsc_drv;
25249 -static struct block_device_operations block_ops = {
25250 +static const struct block_device_operations block_ops = {
25251 .owner = THIS_MODULE,
25252 .open = blkvsc_open,
25253 .release = blkvsc_release,
25254 diff -urNp linux-2.6.32.1/drivers/staging/panel/panel.c linux-2.6.32.1/drivers/staging/panel/panel.c
25255 --- linux-2.6.32.1/drivers/staging/panel/panel.c 2009-12-02 22:51:21.000000000 -0500
25256 +++ linux-2.6.32.1/drivers/staging/panel/panel.c 2009-12-14 18:33:56.357797047 -0500
25257 @@ -1305,7 +1305,7 @@ static int lcd_release(struct inode *ino
25261 -static struct file_operations lcd_fops = {
25262 +static const struct file_operations lcd_fops = {
25263 .write = lcd_write,
25265 .release = lcd_release,
25266 @@ -1565,7 +1565,7 @@ static int keypad_release(struct inode *
25270 -static struct file_operations keypad_fops = {
25271 +static const struct file_operations keypad_fops = {
25272 .read = keypad_read, /* read */
25273 .open = keypad_open, /* open */
25274 .release = keypad_release, /* close */
25275 diff -urNp linux-2.6.32.1/drivers/staging/phison/phison.c linux-2.6.32.1/drivers/staging/phison/phison.c
25276 --- linux-2.6.32.1/drivers/staging/phison/phison.c 2009-12-02 22:51:21.000000000 -0500
25277 +++ linux-2.6.32.1/drivers/staging/phison/phison.c 2009-12-14 18:33:56.364170212 -0500
25278 @@ -43,7 +43,7 @@ static struct scsi_host_template phison_
25279 ATA_BMDMA_SHT(DRV_NAME),
25282 -static struct ata_port_operations phison_ops = {
25283 +static const struct ata_port_operations phison_ops = {
25284 .inherits = &ata_bmdma_port_ops,
25285 .prereset = phison_pre_reset,
25287 diff -urNp linux-2.6.32.1/drivers/staging/poch/poch.c linux-2.6.32.1/drivers/staging/poch/poch.c
25288 --- linux-2.6.32.1/drivers/staging/poch/poch.c 2009-12-02 22:51:21.000000000 -0500
25289 +++ linux-2.6.32.1/drivers/staging/poch/poch.c 2009-12-14 18:33:56.386724820 -0500
25290 @@ -1057,7 +1057,7 @@ static int poch_ioctl(struct inode *inod
25294 -static struct file_operations poch_fops = {
25295 +static const struct file_operations poch_fops = {
25296 .owner = THIS_MODULE,
25298 .release = poch_release,
25299 diff -urNp linux-2.6.32.1/drivers/staging/sep/sep_driver.c linux-2.6.32.1/drivers/staging/sep/sep_driver.c
25300 --- linux-2.6.32.1/drivers/staging/sep/sep_driver.c 2009-12-02 22:51:21.000000000 -0500
25301 +++ linux-2.6.32.1/drivers/staging/sep/sep_driver.c 2009-12-14 18:33:56.412957243 -0500
25302 @@ -2603,7 +2603,7 @@ static struct pci_driver sep_pci_driver
25303 static dev_t sep_devno;
25305 /* the files operations structure of the driver */
25306 -static struct file_operations sep_file_operations = {
25307 +static const struct file_operations sep_file_operations = {
25308 .owner = THIS_MODULE,
25309 .ioctl = sep_ioctl,
25311 diff -urNp linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c
25312 --- linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c 2009-12-02 22:51:21.000000000 -0500
25313 +++ linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c 2009-12-14 18:33:56.422918835 -0500
25314 @@ -136,7 +136,7 @@ static int vme_user_ioctl(struct inode *
25315 static int __init vme_user_probe(struct device *, int, int);
25316 static int __exit vme_user_remove(struct device *, int, int);
25318 -static struct file_operations vme_user_fops = {
25319 +static const struct file_operations vme_user_fops = {
25320 .open = vme_user_open,
25321 .release = vme_user_release,
25322 .read = vme_user_read,
25323 diff -urNp linux-2.6.32.1/drivers/uio/uio.c linux-2.6.32.1/drivers/uio/uio.c
25324 --- linux-2.6.32.1/drivers/uio/uio.c 2009-12-02 22:51:21.000000000 -0500
25325 +++ linux-2.6.32.1/drivers/uio/uio.c 2009-12-14 18:33:56.434748271 -0500
25326 @@ -129,7 +129,7 @@ static ssize_t map_type_show(struct kobj
25327 return entry->show(mem, buf);
25330 -static struct sysfs_ops map_sysfs_ops = {
25331 +static const struct sysfs_ops map_sysfs_ops = {
25332 .show = map_type_show,
25335 @@ -217,7 +217,7 @@ static ssize_t portio_type_show(struct k
25336 return entry->show(port, buf);
25339 -static struct sysfs_ops portio_sysfs_ops = {
25340 +static const struct sysfs_ops portio_sysfs_ops = {
25341 .show = portio_type_show,
25344 diff -urNp linux-2.6.32.1/drivers/usb/atm/usbatm.c linux-2.6.32.1/drivers/usb/atm/usbatm.c
25345 --- linux-2.6.32.1/drivers/usb/atm/usbatm.c 2009-12-02 22:51:21.000000000 -0500
25346 +++ linux-2.6.32.1/drivers/usb/atm/usbatm.c 2009-12-14 18:33:56.441756007 -0500
25347 @@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(stru
25348 if (printk_ratelimit())
25349 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
25350 __func__, vpi, vci);
25351 - atomic_inc(&vcc->stats->rx_err);
25352 + atomic_inc_unchecked(&vcc->stats->rx_err);
25356 @@ -361,7 +361,7 @@ static void usbatm_extract_one_cell(stru
25357 if (length > ATM_MAX_AAL5_PDU) {
25358 atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
25359 __func__, length, vcc);
25360 - atomic_inc(&vcc->stats->rx_err);
25361 + atomic_inc_unchecked(&vcc->stats->rx_err);
25365 @@ -370,14 +370,14 @@ static void usbatm_extract_one_cell(stru
25366 if (sarb->len < pdu_length) {
25367 atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
25368 __func__, pdu_length, sarb->len, vcc);
25369 - atomic_inc(&vcc->stats->rx_err);
25370 + atomic_inc_unchecked(&vcc->stats->rx_err);
25374 if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) {
25375 atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
25377 - atomic_inc(&vcc->stats->rx_err);
25378 + atomic_inc_unchecked(&vcc->stats->rx_err);
25382 @@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(stru
25383 if (printk_ratelimit())
25384 atm_err(instance, "%s: no memory for skb (length: %u)!\n",
25386 - atomic_inc(&vcc->stats->rx_drop);
25387 + atomic_inc_unchecked(&vcc->stats->rx_drop);
25391 @@ -412,7 +412,7 @@ static void usbatm_extract_one_cell(stru
25393 vcc->push(vcc, skb);
25395 - atomic_inc(&vcc->stats->rx);
25396 + atomic_inc_unchecked(&vcc->stats->rx);
25400 @@ -616,7 +616,7 @@ static void usbatm_tx_process(unsigned l
25401 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
25403 usbatm_pop(vcc, skb);
25404 - atomic_inc(&vcc->stats->tx);
25405 + atomic_inc_unchecked(&vcc->stats->tx);
25407 skb = skb_dequeue(&instance->sndqueue);
25409 @@ -775,11 +775,11 @@ static int usbatm_atm_proc_read(struct a
25411 return sprintf(page,
25412 "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
25413 - atomic_read(&atm_dev->stats.aal5.tx),
25414 - atomic_read(&atm_dev->stats.aal5.tx_err),
25415 - atomic_read(&atm_dev->stats.aal5.rx),
25416 - atomic_read(&atm_dev->stats.aal5.rx_err),
25417 - atomic_read(&atm_dev->stats.aal5.rx_drop));
25418 + atomic_read_unchecked(&atm_dev->stats.aal5.tx),
25419 + atomic_read_unchecked(&atm_dev->stats.aal5.tx_err),
25420 + atomic_read_unchecked(&atm_dev->stats.aal5.rx),
25421 + atomic_read_unchecked(&atm_dev->stats.aal5.rx_err),
25422 + atomic_read_unchecked(&atm_dev->stats.aal5.rx_drop));
25425 if (instance->disconnected)
25426 diff -urNp linux-2.6.32.1/drivers/usb/class/cdc-acm.c linux-2.6.32.1/drivers/usb/class/cdc-acm.c
25427 --- linux-2.6.32.1/drivers/usb/class/cdc-acm.c 2009-12-02 22:51:21.000000000 -0500
25428 +++ linux-2.6.32.1/drivers/usb/class/cdc-acm.c 2009-12-14 18:33:56.449082389 -0500
25429 @@ -1534,7 +1534,7 @@ static struct usb_device_id acm_ids[] =
25430 USB_CDC_ACM_PROTO_AT_CDMA) },
25432 /* NOTE: COMM/ACM/0xff is likely MSFT RNDIS ... NOT a modem!! */
25434 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
25437 MODULE_DEVICE_TABLE(usb, acm_ids);
25438 diff -urNp linux-2.6.32.1/drivers/usb/class/usblp.c linux-2.6.32.1/drivers/usb/class/usblp.c
25439 --- linux-2.6.32.1/drivers/usb/class/usblp.c 2009-12-02 22:51:21.000000000 -0500
25440 +++ linux-2.6.32.1/drivers/usb/class/usblp.c 2009-12-14 18:33:56.450737102 -0500
25441 @@ -228,7 +228,7 @@ static const struct quirk_printer_struct
25442 { 0x0482, 0x0010, USBLP_QUIRK_BIDIR }, /* Kyocera Mita FS 820, by zut <kernel@zut.de> */
25443 { 0x04f9, 0x000d, USBLP_QUIRK_BIDIR }, /* Brother Industries, Ltd HL-1440 Laser Printer */
25444 { 0x04b8, 0x0202, USBLP_QUIRK_BAD_CLASS }, /* Seiko Epson Receipt Printer M129C */
25449 static int usblp_wwait(struct usblp *usblp, int nonblock);
25450 @@ -1412,7 +1412,7 @@ static struct usb_device_id usblp_ids []
25451 { USB_INTERFACE_INFO(7, 1, 2) },
25452 { USB_INTERFACE_INFO(7, 1, 3) },
25453 { USB_DEVICE(0x04b8, 0x0202) }, /* Seiko Epson Receipt Printer M129C */
25454 - { } /* Terminating entry */
25455 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25458 MODULE_DEVICE_TABLE (usb, usblp_ids);
25459 diff -urNp linux-2.6.32.1/drivers/usb/core/hcd.c linux-2.6.32.1/drivers/usb/core/hcd.c
25460 --- linux-2.6.32.1/drivers/usb/core/hcd.c 2009-12-02 22:51:21.000000000 -0500
25461 +++ linux-2.6.32.1/drivers/usb/core/hcd.c 2009-12-14 18:33:56.472711446 -0500
25462 @@ -2216,7 +2216,7 @@ EXPORT_SYMBOL_GPL(usb_hcd_platform_shutd
25464 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
25466 -struct usb_mon_operations *mon_ops;
25467 +const struct usb_mon_operations *mon_ops;
25470 * The registration is unlocked.
25471 @@ -2226,7 +2226,7 @@ struct usb_mon_operations *mon_ops;
25472 * symbols from usbcore, usbcore gets referenced and cannot be unloaded first.
25475 -int usb_mon_register (struct usb_mon_operations *ops)
25476 +int usb_mon_register (const struct usb_mon_operations *ops)
25480 diff -urNp linux-2.6.32.1/drivers/usb/core/hcd.h linux-2.6.32.1/drivers/usb/core/hcd.h
25481 --- linux-2.6.32.1/drivers/usb/core/hcd.h 2009-12-02 22:51:21.000000000 -0500
25482 +++ linux-2.6.32.1/drivers/usb/core/hcd.h 2009-12-14 18:33:56.482754672 -0500
25483 @@ -486,13 +486,13 @@ static inline void usbfs_cleanup(void) {
25484 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
25486 struct usb_mon_operations {
25487 - void (*urb_submit)(struct usb_bus *bus, struct urb *urb);
25488 - void (*urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err);
25489 - void (*urb_complete)(struct usb_bus *bus, struct urb *urb, int status);
25490 + void (* const urb_submit)(struct usb_bus *bus, struct urb *urb);
25491 + void (* const urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err);
25492 + void (* const urb_complete)(struct usb_bus *bus, struct urb *urb, int status);
25493 /* void (*urb_unlink)(struct usb_bus *bus, struct urb *urb); */
25496 -extern struct usb_mon_operations *mon_ops;
25497 +extern const struct usb_mon_operations *mon_ops;
25499 static inline void usbmon_urb_submit(struct usb_bus *bus, struct urb *urb)
25501 @@ -514,7 +514,7 @@ static inline void usbmon_urb_complete(s
25502 (*mon_ops->urb_complete)(bus, urb, status);
25505 -int usb_mon_register(struct usb_mon_operations *ops);
25506 +int usb_mon_register(const struct usb_mon_operations *ops);
25507 void usb_mon_deregister(void);
25510 diff -urNp linux-2.6.32.1/drivers/usb/core/hub.c linux-2.6.32.1/drivers/usb/core/hub.c
25511 --- linux-2.6.32.1/drivers/usb/core/hub.c 2009-12-02 22:51:21.000000000 -0500
25512 +++ linux-2.6.32.1/drivers/usb/core/hub.c 2009-12-14 18:33:56.501728320 -0500
25513 @@ -3374,7 +3374,7 @@ static struct usb_device_id hub_id_table
25514 .bDeviceClass = USB_CLASS_HUB},
25515 { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
25516 .bInterfaceClass = USB_CLASS_HUB},
25517 - { } /* Terminating entry */
25518 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25521 MODULE_DEVICE_TABLE (usb, hub_id_table);
25522 diff -urNp linux-2.6.32.1/drivers/usb/core/message.c linux-2.6.32.1/drivers/usb/core/message.c
25523 --- linux-2.6.32.1/drivers/usb/core/message.c 2009-12-02 22:51:21.000000000 -0500
25524 +++ linux-2.6.32.1/drivers/usb/core/message.c 2009-12-14 18:33:56.525197755 -0500
25525 @@ -914,8 +914,8 @@ char *usb_cache_string(struct usb_device
25526 buf = kmalloc(MAX_USB_STRING_SIZE, GFP_KERNEL);
25528 len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE);
25530 - smallbuf = kmalloc(++len, GFP_KERNEL);
25532 + smallbuf = kmalloc(len, GFP_KERNEL);
25535 memcpy(smallbuf, buf, len);
25536 diff -urNp linux-2.6.32.1/drivers/usb/host/ehci-pci.c linux-2.6.32.1/drivers/usb/host/ehci-pci.c
25537 --- linux-2.6.32.1/drivers/usb/host/ehci-pci.c 2009-12-02 22:51:21.000000000 -0500
25538 +++ linux-2.6.32.1/drivers/usb/host/ehci-pci.c 2009-12-14 18:33:56.538757991 -0500
25539 @@ -422,7 +422,7 @@ static const struct pci_device_id pci_id
25540 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_EHCI, ~0),
25541 .driver_data = (unsigned long) &ehci_pci_hc_driver,
25543 - { /* end: all zeroes */ }
25544 + { 0, 0, 0, 0, 0, 0, 0 }
25546 MODULE_DEVICE_TABLE(pci, pci_ids);
25548 diff -urNp linux-2.6.32.1/drivers/usb/host/uhci-hcd.c linux-2.6.32.1/drivers/usb/host/uhci-hcd.c
25549 --- linux-2.6.32.1/drivers/usb/host/uhci-hcd.c 2009-12-02 22:51:21.000000000 -0500
25550 +++ linux-2.6.32.1/drivers/usb/host/uhci-hcd.c 2009-12-14 18:33:56.549987695 -0500
25551 @@ -927,7 +927,7 @@ static const struct pci_device_id uhci_p
25552 /* handle any USB UHCI controller */
25553 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_UHCI, ~0),
25554 .driver_data = (unsigned long) &uhci_driver,
25555 - }, { /* end: all zeroes */ }
25556 + }, { 0, 0, 0, 0, 0, 0, 0 }
25559 MODULE_DEVICE_TABLE(pci, uhci_pci_ids);
25560 diff -urNp linux-2.6.32.1/drivers/usb/misc/appledisplay.c linux-2.6.32.1/drivers/usb/misc/appledisplay.c
25561 --- linux-2.6.32.1/drivers/usb/misc/appledisplay.c 2009-12-02 22:51:21.000000000 -0500
25562 +++ linux-2.6.32.1/drivers/usb/misc/appledisplay.c 2009-12-14 18:33:56.570702896 -0500
25563 @@ -178,7 +178,7 @@ static int appledisplay_bl_get_brightnes
25564 return pdata->msgdata[1];
25567 -static struct backlight_ops appledisplay_bl_data = {
25568 +static const struct backlight_ops appledisplay_bl_data = {
25569 .get_brightness = appledisplay_bl_get_brightness,
25570 .update_status = appledisplay_bl_update_status,
25572 diff -urNp linux-2.6.32.1/drivers/usb/mon/mon_main.c linux-2.6.32.1/drivers/usb/mon/mon_main.c
25573 --- linux-2.6.32.1/drivers/usb/mon/mon_main.c 2009-12-02 22:51:21.000000000 -0500
25574 +++ linux-2.6.32.1/drivers/usb/mon/mon_main.c 2009-12-14 18:33:56.586891486 -0500
25575 @@ -238,7 +238,7 @@ static struct notifier_block mon_nb = {
25579 -static struct usb_mon_operations mon_ops_0 = {
25580 +static const struct usb_mon_operations mon_ops_0 = {
25581 .urb_submit = mon_submit,
25582 .urb_submit_error = mon_submit_error,
25583 .urb_complete = mon_complete,
25584 diff -urNp linux-2.6.32.1/drivers/usb/storage/debug.h linux-2.6.32.1/drivers/usb/storage/debug.h
25585 --- linux-2.6.32.1/drivers/usb/storage/debug.h 2009-12-02 22:51:21.000000000 -0500
25586 +++ linux-2.6.32.1/drivers/usb/storage/debug.h 2009-12-14 18:33:56.602740203 -0500
25587 @@ -54,9 +54,9 @@ void usb_stor_show_sense( unsigned char
25588 #define US_DEBUGPX(x...) printk( x )
25589 #define US_DEBUG(x) x
25591 -#define US_DEBUGP(x...)
25592 -#define US_DEBUGPX(x...)
25593 -#define US_DEBUG(x)
25594 +#define US_DEBUGP(x...) do {} while (0)
25595 +#define US_DEBUGPX(x...) do {} while (0)
25596 +#define US_DEBUG(x) do {} while (0)
25600 diff -urNp linux-2.6.32.1/drivers/usb/storage/usb.c linux-2.6.32.1/drivers/usb/storage/usb.c
25601 --- linux-2.6.32.1/drivers/usb/storage/usb.c 2009-12-02 22:51:21.000000000 -0500
25602 +++ linux-2.6.32.1/drivers/usb/storage/usb.c 2009-12-14 18:33:56.635722053 -0500
25603 @@ -118,7 +118,7 @@ MODULE_PARM_DESC(quirks, "supplemental l
25605 static struct us_unusual_dev us_unusual_dev_list[] = {
25606 # include "unusual_devs.h"
25607 - { } /* Terminating entry */
25608 + { NULL, NULL, 0, 0, NULL } /* Terminating entry */
25612 diff -urNp linux-2.6.32.1/drivers/usb/storage/usual-tables.c linux-2.6.32.1/drivers/usb/storage/usual-tables.c
25613 --- linux-2.6.32.1/drivers/usb/storage/usual-tables.c 2009-12-02 22:51:21.000000000 -0500
25614 +++ linux-2.6.32.1/drivers/usb/storage/usual-tables.c 2009-12-14 18:33:56.646183562 -0500
25617 struct usb_device_id usb_storage_usb_ids[] = {
25618 # include "unusual_devs.h"
25619 - { } /* Terminating entry */
25620 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25622 EXPORT_SYMBOL_GPL(usb_storage_usb_ids);
25624 diff -urNp linux-2.6.32.1/drivers/uwb/wlp/messages.c linux-2.6.32.1/drivers/uwb/wlp/messages.c
25625 --- linux-2.6.32.1/drivers/uwb/wlp/messages.c 2009-12-02 22:51:21.000000000 -0500
25626 +++ linux-2.6.32.1/drivers/uwb/wlp/messages.c 2009-12-14 18:33:56.670723254 -0500
25627 @@ -903,7 +903,7 @@ int wlp_parse_f0(struct wlp *wlp, struct
25628 size_t len = skb->len;
25631 - struct wlp_nonce enonce, rnonce;
25632 + struct wlp_nonce enonce = {{0}}, rnonce = {{0}};
25633 enum wlp_assc_error assc_err;
25634 char enonce_buf[WLP_WSS_NONCE_STRSIZE];
25635 char rnonce_buf[WLP_WSS_NONCE_STRSIZE];
25636 diff -urNp linux-2.6.32.1/drivers/uwb/wlp/sysfs.c linux-2.6.32.1/drivers/uwb/wlp/sysfs.c
25637 --- linux-2.6.32.1/drivers/uwb/wlp/sysfs.c 2009-12-02 22:51:21.000000000 -0500
25638 +++ linux-2.6.32.1/drivers/uwb/wlp/sysfs.c 2009-12-14 18:33:56.671714141 -0500
25639 @@ -615,8 +615,7 @@ ssize_t wlp_wss_attr_store(struct kobjec
25644 -struct sysfs_ops wss_sysfs_ops = {
25645 +static const struct sysfs_ops wss_sysfs_ops = {
25646 .show = wlp_wss_attr_show,
25647 .store = wlp_wss_attr_store,
25649 diff -urNp linux-2.6.32.1/drivers/video/atmel_lcdfb.c linux-2.6.32.1/drivers/video/atmel_lcdfb.c
25650 --- linux-2.6.32.1/drivers/video/atmel_lcdfb.c 2009-12-02 22:51:21.000000000 -0500
25651 +++ linux-2.6.32.1/drivers/video/atmel_lcdfb.c 2009-12-14 18:33:56.675713473 -0500
25652 @@ -110,7 +110,7 @@ static int atmel_bl_get_brightness(struc
25653 return lcdc_readl(sinfo, ATMEL_LCDC_CONTRAST_VAL);
25656 -static struct backlight_ops atmel_lcdc_bl_ops = {
25657 +static const struct backlight_ops atmel_lcdc_bl_ops = {
25658 .update_status = atmel_bl_update_status,
25659 .get_brightness = atmel_bl_get_brightness,
25661 diff -urNp linux-2.6.32.1/drivers/video/aty/aty128fb.c linux-2.6.32.1/drivers/video/aty/aty128fb.c
25662 --- linux-2.6.32.1/drivers/video/aty/aty128fb.c 2009-12-02 22:51:21.000000000 -0500
25663 +++ linux-2.6.32.1/drivers/video/aty/aty128fb.c 2009-12-14 18:33:56.696705893 -0500
25664 @@ -1787,7 +1787,7 @@ static int aty128_bl_get_brightness(stru
25665 return bd->props.brightness;
25668 -static struct backlight_ops aty128_bl_data = {
25669 +static const struct backlight_ops aty128_bl_data = {
25670 .get_brightness = aty128_bl_get_brightness,
25671 .update_status = aty128_bl_update_status,
25673 diff -urNp linux-2.6.32.1/drivers/video/aty/atyfb_base.c linux-2.6.32.1/drivers/video/aty/atyfb_base.c
25674 --- linux-2.6.32.1/drivers/video/aty/atyfb_base.c 2009-12-02 22:51:21.000000000 -0500
25675 +++ linux-2.6.32.1/drivers/video/aty/atyfb_base.c 2009-12-14 18:33:56.707707438 -0500
25676 @@ -2225,7 +2225,7 @@ static int aty_bl_get_brightness(struct
25677 return bd->props.brightness;
25680 -static struct backlight_ops aty_bl_data = {
25681 +static const struct backlight_ops aty_bl_data = {
25682 .get_brightness = aty_bl_get_brightness,
25683 .update_status = aty_bl_update_status,
25685 diff -urNp linux-2.6.32.1/drivers/video/aty/radeon_backlight.c linux-2.6.32.1/drivers/video/aty/radeon_backlight.c
25686 --- linux-2.6.32.1/drivers/video/aty/radeon_backlight.c 2009-12-02 22:51:21.000000000 -0500
25687 +++ linux-2.6.32.1/drivers/video/aty/radeon_backlight.c 2009-12-14 18:33:56.732719574 -0500
25688 @@ -127,7 +127,7 @@ static int radeon_bl_get_brightness(stru
25689 return bd->props.brightness;
25692 -static struct backlight_ops radeon_bl_data = {
25693 +static const struct backlight_ops radeon_bl_data = {
25694 .get_brightness = radeon_bl_get_brightness,
25695 .update_status = radeon_bl_update_status,
25697 diff -urNp linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c
25698 --- linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c 2009-12-02 22:51:21.000000000 -0500
25699 +++ linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c 2009-12-14 18:33:56.734719374 -0500
25700 @@ -84,7 +84,7 @@ static int adp5520_bl_get_brightness(str
25701 return error ? data->current_brightness : reg_val;
25704 -static struct backlight_ops adp5520_bl_ops = {
25705 +static const struct backlight_ops adp5520_bl_ops = {
25706 .update_status = adp5520_bl_update_status,
25707 .get_brightness = adp5520_bl_get_brightness,
25709 diff -urNp linux-2.6.32.1/drivers/video/backlight/adx_bl.c linux-2.6.32.1/drivers/video/backlight/adx_bl.c
25710 --- linux-2.6.32.1/drivers/video/backlight/adx_bl.c 2009-12-02 22:51:21.000000000 -0500
25711 +++ linux-2.6.32.1/drivers/video/backlight/adx_bl.c 2009-12-14 18:33:56.735716250 -0500
25712 @@ -61,7 +61,7 @@ static int adx_backlight_check_fb(struct
25716 -static struct backlight_ops adx_backlight_ops = {
25717 +static const struct backlight_ops adx_backlight_ops = {
25719 .update_status = adx_backlight_update_status,
25720 .get_brightness = adx_backlight_get_brightness,
25721 diff -urNp linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c
25722 --- linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c 2009-12-02 22:51:21.000000000 -0500
25723 +++ linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c 2009-12-14 18:33:56.764711094 -0500
25724 @@ -113,7 +113,7 @@ static int atmel_pwm_bl_init_pwm(struct
25725 return pwm_channel_enable(&pwmbl->pwmc);
25728 -static struct backlight_ops atmel_pwm_bl_ops = {
25729 +static const struct backlight_ops atmel_pwm_bl_ops = {
25730 .get_brightness = atmel_pwm_bl_get_intensity,
25731 .update_status = atmel_pwm_bl_set_intensity,
25733 diff -urNp linux-2.6.32.1/drivers/video/backlight/backlight.c linux-2.6.32.1/drivers/video/backlight/backlight.c
25734 --- linux-2.6.32.1/drivers/video/backlight/backlight.c 2009-12-02 22:51:21.000000000 -0500
25735 +++ linux-2.6.32.1/drivers/video/backlight/backlight.c 2009-12-14 18:33:56.776707570 -0500
25736 @@ -269,7 +269,7 @@ EXPORT_SYMBOL(backlight_force_update);
25737 * ERR_PTR() or a pointer to the newly allocated device.
25739 struct backlight_device *backlight_device_register(const char *name,
25740 - struct device *parent, void *devdata, struct backlight_ops *ops)
25741 + struct device *parent, void *devdata, const struct backlight_ops *ops)
25743 struct backlight_device *new_bd;
25745 diff -urNp linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c
25746 --- linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c 2009-12-02 22:51:21.000000000 -0500
25747 +++ linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c 2009-12-14 18:33:56.798711248 -0500
25748 @@ -451,7 +451,7 @@ void corgi_lcd_limit_intensity(int limit
25750 EXPORT_SYMBOL(corgi_lcd_limit_intensity);
25752 -static struct backlight_ops corgi_bl_ops = {
25753 +static const struct backlight_ops corgi_bl_ops = {
25754 .get_brightness = corgi_bl_get_intensity,
25755 .update_status = corgi_bl_update_status,
25757 diff -urNp linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c
25758 --- linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c 2009-12-02 22:51:21.000000000 -0500
25759 +++ linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c 2009-12-14 18:33:56.799713192 -0500
25760 @@ -108,7 +108,7 @@ static int cr_backlight_get_intensity(st
25764 -static struct backlight_ops cr_backlight_ops = {
25765 +static const struct backlight_ops cr_backlight_ops = {
25766 .get_brightness = cr_backlight_get_intensity,
25767 .update_status = cr_backlight_set_intensity,
25769 diff -urNp linux-2.6.32.1/drivers/video/backlight/da903x_bl.c linux-2.6.32.1/drivers/video/backlight/da903x_bl.c
25770 --- linux-2.6.32.1/drivers/video/backlight/da903x_bl.c 2009-12-02 22:51:21.000000000 -0500
25771 +++ linux-2.6.32.1/drivers/video/backlight/da903x_bl.c 2009-12-14 18:33:56.801716801 -0500
25772 @@ -94,7 +94,7 @@ static int da903x_backlight_get_brightne
25773 return data->current_brightness;
25776 -static struct backlight_ops da903x_backlight_ops = {
25777 +static const struct backlight_ops da903x_backlight_ops = {
25778 .update_status = da903x_backlight_update_status,
25779 .get_brightness = da903x_backlight_get_brightness,
25781 diff -urNp linux-2.6.32.1/drivers/video/backlight/generic_bl.c linux-2.6.32.1/drivers/video/backlight/generic_bl.c
25782 --- linux-2.6.32.1/drivers/video/backlight/generic_bl.c 2009-12-02 22:51:21.000000000 -0500
25783 +++ linux-2.6.32.1/drivers/video/backlight/generic_bl.c 2009-12-14 18:33:56.801716801 -0500
25784 @@ -70,7 +70,7 @@ void corgibl_limit_intensity(int limit)
25786 EXPORT_SYMBOL(corgibl_limit_intensity);
25788 -static struct backlight_ops genericbl_ops = {
25789 +static const struct backlight_ops genericbl_ops = {
25790 .options = BL_CORE_SUSPENDRESUME,
25791 .get_brightness = genericbl_get_intensity,
25792 .update_status = genericbl_send_intensity,
25793 diff -urNp linux-2.6.32.1/drivers/video/backlight/hp680_bl.c linux-2.6.32.1/drivers/video/backlight/hp680_bl.c
25794 --- linux-2.6.32.1/drivers/video/backlight/hp680_bl.c 2009-12-02 22:51:21.000000000 -0500
25795 +++ linux-2.6.32.1/drivers/video/backlight/hp680_bl.c 2009-12-14 18:33:56.828721688 -0500
25796 @@ -98,7 +98,7 @@ static int hp680bl_get_intensity(struct
25797 return current_intensity;
25800 -static struct backlight_ops hp680bl_ops = {
25801 +static const struct backlight_ops hp680bl_ops = {
25802 .get_brightness = hp680bl_get_intensity,
25803 .update_status = hp680bl_set_intensity,
25805 diff -urNp linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c
25806 --- linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c 2009-12-02 22:51:21.000000000 -0500
25807 +++ linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c 2009-12-14 18:33:56.849756143 -0500
25808 @@ -93,7 +93,7 @@ out:
25812 -static struct backlight_ops jornada_bl_ops = {
25813 +static const struct backlight_ops jornada_bl_ops = {
25814 .get_brightness = jornada_bl_get_brightness,
25815 .update_status = jornada_bl_update_status,
25816 .options = BL_CORE_SUSPENDRESUME,
25817 diff -urNp linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c
25818 --- linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c 2009-12-02 22:51:21.000000000 -0500
25819 +++ linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c 2009-12-14 18:33:56.850723993 -0500
25820 @@ -134,7 +134,7 @@ static int kb3886bl_get_intensity(struct
25821 return kb3886bl_intensity;
25824 -static struct backlight_ops kb3886bl_ops = {
25825 +static const struct backlight_ops kb3886bl_ops = {
25826 .get_brightness = kb3886bl_get_intensity,
25827 .update_status = kb3886bl_send_intensity,
25829 diff -urNp linux-2.6.32.1/drivers/video/backlight/locomolcd.c linux-2.6.32.1/drivers/video/backlight/locomolcd.c
25830 --- linux-2.6.32.1/drivers/video/backlight/locomolcd.c 2009-12-02 22:51:21.000000000 -0500
25831 +++ linux-2.6.32.1/drivers/video/backlight/locomolcd.c 2009-12-14 18:33:56.852706003 -0500
25832 @@ -141,7 +141,7 @@ static int locomolcd_get_intensity(struc
25833 return current_intensity;
25836 -static struct backlight_ops locomobl_data = {
25837 +static const struct backlight_ops locomobl_data = {
25838 .get_brightness = locomolcd_get_intensity,
25839 .update_status = locomolcd_set_intensity,
25841 diff -urNp linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c
25842 --- linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c 2009-12-02 22:51:21.000000000 -0500
25843 +++ linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c 2009-12-14 18:33:56.873731630 -0500
25844 @@ -33,7 +33,7 @@ struct dmi_match_data {
25845 unsigned long iostart;
25846 unsigned long iolen;
25847 /* Backlight operations structure. */
25848 - struct backlight_ops backlight_ops;
25849 + const struct backlight_ops backlight_ops;
25852 /* Module parameters. */
25853 diff -urNp linux-2.6.32.1/drivers/video/backlight/omap1_bl.c linux-2.6.32.1/drivers/video/backlight/omap1_bl.c
25854 --- linux-2.6.32.1/drivers/video/backlight/omap1_bl.c 2009-12-02 22:51:21.000000000 -0500
25855 +++ linux-2.6.32.1/drivers/video/backlight/omap1_bl.c 2009-12-14 18:33:56.876733224 -0500
25856 @@ -125,7 +125,7 @@ static int omapbl_get_intensity(struct b
25857 return bl->current_intensity;
25860 -static struct backlight_ops omapbl_ops = {
25861 +static const struct backlight_ops omapbl_ops = {
25862 .get_brightness = omapbl_get_intensity,
25863 .update_status = omapbl_update_status,
25865 diff -urNp linux-2.6.32.1/drivers/video/backlight/progear_bl.c linux-2.6.32.1/drivers/video/backlight/progear_bl.c
25866 --- linux-2.6.32.1/drivers/video/backlight/progear_bl.c 2009-12-02 22:51:21.000000000 -0500
25867 +++ linux-2.6.32.1/drivers/video/backlight/progear_bl.c 2009-12-14 18:33:56.884958873 -0500
25868 @@ -54,7 +54,7 @@ static int progearbl_get_intensity(struc
25869 return intensity - HW_LEVEL_MIN;
25872 -static struct backlight_ops progearbl_ops = {
25873 +static const struct backlight_ops progearbl_ops = {
25874 .get_brightness = progearbl_get_intensity,
25875 .update_status = progearbl_set_intensity,
25877 diff -urNp linux-2.6.32.1/drivers/video/backlight/pwm_bl.c linux-2.6.32.1/drivers/video/backlight/pwm_bl.c
25878 --- linux-2.6.32.1/drivers/video/backlight/pwm_bl.c 2009-12-02 22:51:21.000000000 -0500
25879 +++ linux-2.6.32.1/drivers/video/backlight/pwm_bl.c 2009-12-14 18:33:56.902731746 -0500
25880 @@ -56,7 +56,7 @@ static int pwm_backlight_get_brightness(
25881 return bl->props.brightness;
25884 -static struct backlight_ops pwm_backlight_ops = {
25885 +static const struct backlight_ops pwm_backlight_ops = {
25886 .update_status = pwm_backlight_update_status,
25887 .get_brightness = pwm_backlight_get_brightness,
25889 diff -urNp linux-2.6.32.1/drivers/video/backlight/tosa_bl.c linux-2.6.32.1/drivers/video/backlight/tosa_bl.c
25890 --- linux-2.6.32.1/drivers/video/backlight/tosa_bl.c 2009-12-02 22:51:21.000000000 -0500
25891 +++ linux-2.6.32.1/drivers/video/backlight/tosa_bl.c 2009-12-14 18:33:56.908727779 -0500
25892 @@ -72,7 +72,7 @@ static int tosa_bl_get_brightness(struct
25893 return props->brightness;
25896 -static struct backlight_ops bl_ops = {
25897 +static const struct backlight_ops bl_ops = {
25898 .get_brightness = tosa_bl_get_brightness,
25899 .update_status = tosa_bl_update_status,
25901 diff -urNp linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c
25902 --- linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c 2009-12-02 22:51:21.000000000 -0500
25903 +++ linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c 2009-12-14 18:33:56.909707606 -0500
25904 @@ -112,7 +112,7 @@ static int wm831x_backlight_get_brightne
25905 return data->current_brightness;
25908 -static struct backlight_ops wm831x_backlight_ops = {
25909 +static const struct backlight_ops wm831x_backlight_ops = {
25910 .options = BL_CORE_SUSPENDRESUME,
25911 .update_status = wm831x_backlight_update_status,
25912 .get_brightness = wm831x_backlight_get_brightness,
25913 diff -urNp linux-2.6.32.1/drivers/video/bf54x-lq043fb.c linux-2.6.32.1/drivers/video/bf54x-lq043fb.c
25914 --- linux-2.6.32.1/drivers/video/bf54x-lq043fb.c 2009-12-02 22:51:21.000000000 -0500
25915 +++ linux-2.6.32.1/drivers/video/bf54x-lq043fb.c 2009-12-14 18:33:56.914735019 -0500
25916 @@ -463,7 +463,7 @@ static int bl_get_brightness(struct back
25920 -static struct backlight_ops bfin_lq043fb_bl_ops = {
25921 +static const struct backlight_ops bfin_lq043fb_bl_ops = {
25922 .get_brightness = bl_get_brightness,
25925 diff -urNp linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c
25926 --- linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c 2009-12-02 22:51:21.000000000 -0500
25927 +++ linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c 2009-12-14 18:33:56.931742721 -0500
25928 @@ -381,7 +381,7 @@ static int bl_get_brightness(struct back
25932 -static struct backlight_ops bfin_lq043fb_bl_ops = {
25933 +static const struct backlight_ops bfin_lq043fb_bl_ops = {
25934 .get_brightness = bl_get_brightness,
25937 diff -urNp linux-2.6.32.1/drivers/video/fbmem.c linux-2.6.32.1/drivers/video/fbmem.c
25938 --- linux-2.6.32.1/drivers/video/fbmem.c 2009-12-02 22:51:21.000000000 -0500
25939 +++ linux-2.6.32.1/drivers/video/fbmem.c 2009-12-14 18:33:56.939773066 -0500
25940 @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in
25941 image->dx += image->width + 8;
25943 } else if (rotate == FB_ROTATE_UD) {
25944 - for (x = 0; x < num && image->dx >= 0; x++) {
25945 + for (x = 0; x < num && (__s32)image->dx >= 0; x++) {
25946 info->fbops->fb_imageblit(info, image);
25947 image->dx -= image->width + 8;
25949 @@ -415,7 +415,7 @@ static void fb_do_show_logo(struct fb_in
25950 image->dy += image->height + 8;
25952 } else if (rotate == FB_ROTATE_CCW) {
25953 - for (x = 0; x < num && image->dy >= 0; x++) {
25954 + for (x = 0; x < num && (__s32)image->dy >= 0; x++) {
25955 info->fbops->fb_imageblit(info, image);
25956 image->dy -= image->height + 8;
25958 @@ -1119,7 +1119,7 @@ static long do_fb_ioctl(struct fb_info *
25960 if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
25962 - if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX)
25963 + if (con2fb.framebuffer >= FB_MAX)
25965 if (!registered_fb[con2fb.framebuffer])
25966 request_module("fb%d", con2fb.framebuffer);
25967 diff -urNp linux-2.6.32.1/drivers/video/fbmon.c linux-2.6.32.1/drivers/video/fbmon.c
25968 --- linux-2.6.32.1/drivers/video/fbmon.c 2009-12-02 22:51:21.000000000 -0500
25969 +++ linux-2.6.32.1/drivers/video/fbmon.c 2009-12-14 18:33:56.942716871 -0500
25972 #define DPRINTK(fmt, args...) printk(fmt,## args)
25974 -#define DPRINTK(fmt, args...)
25975 +#define DPRINTK(fmt, args...) do {} while (0)
25978 #define FBMON_FIX_HEADER 1
25979 diff -urNp linux-2.6.32.1/drivers/video/i810/i810_accel.c linux-2.6.32.1/drivers/video/i810/i810_accel.c
25980 --- linux-2.6.32.1/drivers/video/i810/i810_accel.c 2009-12-02 22:51:21.000000000 -0500
25981 +++ linux-2.6.32.1/drivers/video/i810/i810_accel.c 2009-12-14 18:33:56.945157258 -0500
25982 @@ -73,6 +73,7 @@ static inline int wait_for_space(struct
25985 printk("ringbuffer lockup!!!\n");
25986 + printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space);
25987 i810_report_error(mmio);
25988 par->dev_flags |= LOCKUP;
25989 info->pixmap.scan_align = 1;
25990 diff -urNp linux-2.6.32.1/drivers/video/i810/i810_main.c linux-2.6.32.1/drivers/video/i810/i810_main.c
25991 --- linux-2.6.32.1/drivers/video/i810/i810_main.c 2009-12-02 22:51:21.000000000 -0500
25992 +++ linux-2.6.32.1/drivers/video/i810/i810_main.c 2009-12-14 18:33:56.946738123 -0500
25993 @@ -120,7 +120,7 @@ static struct pci_device_id i810fb_pci_t
25994 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 4 },
25995 { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82815_CGC,
25996 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 5 },
25998 + { 0, 0, 0, 0, 0, 0, 0 },
26001 static struct pci_driver i810fb_driver = {
26002 diff -urNp linux-2.6.32.1/drivers/video/modedb.c linux-2.6.32.1/drivers/video/modedb.c
26003 --- linux-2.6.32.1/drivers/video/modedb.c 2009-12-02 22:51:21.000000000 -0500
26004 +++ linux-2.6.32.1/drivers/video/modedb.c 2009-12-14 18:33:56.949716425 -0500
26005 @@ -38,240 +38,240 @@ static const struct fb_videomode modedb[
26007 /* 640x400 @ 70 Hz, 31.5 kHz hsync */
26008 NULL, 70, 640, 400, 39721, 40, 24, 39, 9, 96, 2,
26009 - 0, FB_VMODE_NONINTERLACED
26010 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26012 /* 640x480 @ 60 Hz, 31.5 kHz hsync */
26013 NULL, 60, 640, 480, 39721, 40, 24, 32, 11, 96, 2,
26014 - 0, FB_VMODE_NONINTERLACED
26015 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26017 /* 800x600 @ 56 Hz, 35.15 kHz hsync */
26018 NULL, 56, 800, 600, 27777, 128, 24, 22, 1, 72, 2,
26019 - 0, FB_VMODE_NONINTERLACED
26020 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26022 /* 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync */
26023 NULL, 87, 1024, 768, 22271, 56, 24, 33, 8, 160, 8,
26024 - 0, FB_VMODE_INTERLACED
26025 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26027 /* 640x400 @ 85 Hz, 37.86 kHz hsync */
26028 NULL, 85, 640, 400, 31746, 96, 32, 41, 1, 64, 3,
26029 - FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26030 + FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26032 /* 640x480 @ 72 Hz, 36.5 kHz hsync */
26033 NULL, 72, 640, 480, 31746, 144, 40, 30, 8, 40, 3,
26034 - 0, FB_VMODE_NONINTERLACED
26035 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26037 /* 640x480 @ 75 Hz, 37.50 kHz hsync */
26038 NULL, 75, 640, 480, 31746, 120, 16, 16, 1, 64, 3,
26039 - 0, FB_VMODE_NONINTERLACED
26040 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26042 /* 800x600 @ 60 Hz, 37.8 kHz hsync */
26043 NULL, 60, 800, 600, 25000, 88, 40, 23, 1, 128, 4,
26044 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26045 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26047 /* 640x480 @ 85 Hz, 43.27 kHz hsync */
26048 NULL, 85, 640, 480, 27777, 80, 56, 25, 1, 56, 3,
26049 - 0, FB_VMODE_NONINTERLACED
26050 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26052 /* 1152x864 @ 89 Hz interlaced, 44 kHz hsync */
26053 NULL, 89, 1152, 864, 15384, 96, 16, 110, 1, 216, 10,
26054 - 0, FB_VMODE_INTERLACED
26055 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26057 /* 800x600 @ 72 Hz, 48.0 kHz hsync */
26058 NULL, 72, 800, 600, 20000, 64, 56, 23, 37, 120, 6,
26059 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26060 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26062 /* 1024x768 @ 60 Hz, 48.4 kHz hsync */
26063 NULL, 60, 1024, 768, 15384, 168, 8, 29, 3, 144, 6,
26064 - 0, FB_VMODE_NONINTERLACED
26065 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26067 /* 640x480 @ 100 Hz, 53.01 kHz hsync */
26068 NULL, 100, 640, 480, 21834, 96, 32, 36, 8, 96, 6,
26069 - 0, FB_VMODE_NONINTERLACED
26070 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26072 /* 1152x864 @ 60 Hz, 53.5 kHz hsync */
26073 NULL, 60, 1152, 864, 11123, 208, 64, 16, 4, 256, 8,
26074 - 0, FB_VMODE_NONINTERLACED
26075 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26077 /* 800x600 @ 85 Hz, 55.84 kHz hsync */
26078 NULL, 85, 800, 600, 16460, 160, 64, 36, 16, 64, 5,
26079 - 0, FB_VMODE_NONINTERLACED
26080 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26082 /* 1024x768 @ 70 Hz, 56.5 kHz hsync */
26083 NULL, 70, 1024, 768, 13333, 144, 24, 29, 3, 136, 6,
26084 - 0, FB_VMODE_NONINTERLACED
26085 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26087 /* 1280x1024 @ 87 Hz interlaced, 51 kHz hsync */
26088 NULL, 87, 1280, 1024, 12500, 56, 16, 128, 1, 216, 12,
26089 - 0, FB_VMODE_INTERLACED
26090 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26092 /* 800x600 @ 100 Hz, 64.02 kHz hsync */
26093 NULL, 100, 800, 600, 14357, 160, 64, 30, 4, 64, 6,
26094 - 0, FB_VMODE_NONINTERLACED
26095 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26097 /* 1024x768 @ 76 Hz, 62.5 kHz hsync */
26098 NULL, 76, 1024, 768, 11764, 208, 8, 36, 16, 120, 3,
26099 - 0, FB_VMODE_NONINTERLACED
26100 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26102 /* 1152x864 @ 70 Hz, 62.4 kHz hsync */
26103 NULL, 70, 1152, 864, 10869, 106, 56, 20, 1, 160, 10,
26104 - 0, FB_VMODE_NONINTERLACED
26105 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26107 /* 1280x1024 @ 61 Hz, 64.2 kHz hsync */
26108 NULL, 61, 1280, 1024, 9090, 200, 48, 26, 1, 184, 3,
26109 - 0, FB_VMODE_NONINTERLACED
26110 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26112 /* 1400x1050 @ 60Hz, 63.9 kHz hsync */
26113 NULL, 60, 1400, 1050, 9259, 136, 40, 13, 1, 112, 3,
26114 - 0, FB_VMODE_NONINTERLACED
26115 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26117 /* 1400x1050 @ 75,107 Hz, 82,392 kHz +hsync +vsync*/
26118 NULL, 75, 1400, 1050, 7190, 120, 56, 23, 10, 112, 13,
26119 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26120 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26122 /* 1400x1050 @ 60 Hz, ? kHz +hsync +vsync*/
26123 NULL, 60, 1400, 1050, 9259, 128, 40, 12, 0, 112, 3,
26124 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26125 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26127 /* 1024x768 @ 85 Hz, 70.24 kHz hsync */
26128 NULL, 85, 1024, 768, 10111, 192, 32, 34, 14, 160, 6,
26129 - 0, FB_VMODE_NONINTERLACED
26130 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26132 /* 1152x864 @ 78 Hz, 70.8 kHz hsync */
26133 NULL, 78, 1152, 864, 9090, 228, 88, 32, 0, 84, 12,
26134 - 0, FB_VMODE_NONINTERLACED
26135 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26137 /* 1280x1024 @ 70 Hz, 74.59 kHz hsync */
26138 NULL, 70, 1280, 1024, 7905, 224, 32, 28, 8, 160, 8,
26139 - 0, FB_VMODE_NONINTERLACED
26140 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26142 /* 1600x1200 @ 60Hz, 75.00 kHz hsync */
26143 NULL, 60, 1600, 1200, 6172, 304, 64, 46, 1, 192, 3,
26144 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26145 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26147 /* 1152x864 @ 84 Hz, 76.0 kHz hsync */
26148 NULL, 84, 1152, 864, 7407, 184, 312, 32, 0, 128, 12,
26149 - 0, FB_VMODE_NONINTERLACED
26150 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26152 /* 1280x1024 @ 74 Hz, 78.85 kHz hsync */
26153 NULL, 74, 1280, 1024, 7407, 256, 32, 34, 3, 144, 3,
26154 - 0, FB_VMODE_NONINTERLACED
26155 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26157 /* 1024x768 @ 100Hz, 80.21 kHz hsync */
26158 NULL, 100, 1024, 768, 8658, 192, 32, 21, 3, 192, 10,
26159 - 0, FB_VMODE_NONINTERLACED
26160 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26162 /* 1280x1024 @ 76 Hz, 81.13 kHz hsync */
26163 NULL, 76, 1280, 1024, 7407, 248, 32, 34, 3, 104, 3,
26164 - 0, FB_VMODE_NONINTERLACED
26165 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26167 /* 1600x1200 @ 70 Hz, 87.50 kHz hsync */
26168 NULL, 70, 1600, 1200, 5291, 304, 64, 46, 1, 192, 3,
26169 - 0, FB_VMODE_NONINTERLACED
26170 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26172 /* 1152x864 @ 100 Hz, 89.62 kHz hsync */
26173 NULL, 100, 1152, 864, 7264, 224, 32, 17, 2, 128, 19,
26174 - 0, FB_VMODE_NONINTERLACED
26175 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26177 /* 1280x1024 @ 85 Hz, 91.15 kHz hsync */
26178 NULL, 85, 1280, 1024, 6349, 224, 64, 44, 1, 160, 3,
26179 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26180 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26182 /* 1600x1200 @ 75 Hz, 93.75 kHz hsync */
26183 NULL, 75, 1600, 1200, 4938, 304, 64, 46, 1, 192, 3,
26184 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26185 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26187 /* 1680x1050 @ 60 Hz, 65.191 kHz hsync */
26188 NULL, 60, 1680, 1050, 6848, 280, 104, 30, 3, 176, 6,
26189 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26190 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26192 /* 1600x1200 @ 85 Hz, 105.77 kHz hsync */
26193 NULL, 85, 1600, 1200, 4545, 272, 16, 37, 4, 192, 3,
26194 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26195 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26197 /* 1280x1024 @ 100 Hz, 107.16 kHz hsync */
26198 NULL, 100, 1280, 1024, 5502, 256, 32, 26, 7, 128, 15,
26199 - 0, FB_VMODE_NONINTERLACED
26200 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26202 /* 1800x1440 @ 64Hz, 96.15 kHz hsync */
26203 NULL, 64, 1800, 1440, 4347, 304, 96, 46, 1, 192, 3,
26204 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26205 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26207 /* 1800x1440 @ 70Hz, 104.52 kHz hsync */
26208 NULL, 70, 1800, 1440, 4000, 304, 96, 46, 1, 192, 3,
26209 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26210 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26212 /* 512x384 @ 78 Hz, 31.50 kHz hsync */
26213 NULL, 78, 512, 384, 49603, 48, 16, 16, 1, 64, 3,
26214 - 0, FB_VMODE_NONINTERLACED
26215 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26217 /* 512x384 @ 85 Hz, 34.38 kHz hsync */
26218 NULL, 85, 512, 384, 45454, 48, 16, 16, 1, 64, 3,
26219 - 0, FB_VMODE_NONINTERLACED
26220 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26222 /* 320x200 @ 70 Hz, 31.5 kHz hsync, 8:5 aspect ratio */
26223 NULL, 70, 320, 200, 79440, 16, 16, 20, 4, 48, 1,
26224 - 0, FB_VMODE_DOUBLE
26225 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26227 /* 320x240 @ 60 Hz, 31.5 kHz hsync, 4:3 aspect ratio */
26228 NULL, 60, 320, 240, 79440, 16, 16, 16, 5, 48, 1,
26229 - 0, FB_VMODE_DOUBLE
26230 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26232 /* 320x240 @ 72 Hz, 36.5 kHz hsync */
26233 NULL, 72, 320, 240, 63492, 16, 16, 16, 4, 48, 2,
26234 - 0, FB_VMODE_DOUBLE
26235 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26237 /* 400x300 @ 56 Hz, 35.2 kHz hsync, 4:3 aspect ratio */
26238 NULL, 56, 400, 300, 55555, 64, 16, 10, 1, 32, 1,
26239 - 0, FB_VMODE_DOUBLE
26240 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26242 /* 400x300 @ 60 Hz, 37.8 kHz hsync */
26243 NULL, 60, 400, 300, 50000, 48, 16, 11, 1, 64, 2,
26244 - 0, FB_VMODE_DOUBLE
26245 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26247 /* 400x300 @ 72 Hz, 48.0 kHz hsync */
26248 NULL, 72, 400, 300, 40000, 32, 24, 11, 19, 64, 3,
26249 - 0, FB_VMODE_DOUBLE
26250 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26252 /* 480x300 @ 56 Hz, 35.2 kHz hsync, 8:5 aspect ratio */
26253 NULL, 56, 480, 300, 46176, 80, 16, 10, 1, 40, 1,
26254 - 0, FB_VMODE_DOUBLE
26255 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26257 /* 480x300 @ 60 Hz, 37.8 kHz hsync */
26258 NULL, 60, 480, 300, 41858, 56, 16, 11, 1, 80, 2,
26259 - 0, FB_VMODE_DOUBLE
26260 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26262 /* 480x300 @ 63 Hz, 39.6 kHz hsync */
26263 NULL, 63, 480, 300, 40000, 56, 16, 11, 1, 80, 2,
26264 - 0, FB_VMODE_DOUBLE
26265 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26267 /* 480x300 @ 72 Hz, 48.0 kHz hsync */
26268 NULL, 72, 480, 300, 33386, 40, 24, 11, 19, 80, 3,
26269 - 0, FB_VMODE_DOUBLE
26270 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26272 /* 1920x1200 @ 60 Hz, 74.5 Khz hsync */
26273 NULL, 60, 1920, 1200, 5177, 128, 336, 1, 38, 208, 3,
26274 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
26275 - FB_VMODE_NONINTERLACED
26276 + FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26278 /* 1152x768, 60 Hz, PowerBook G4 Titanium I and II */
26279 NULL, 60, 1152, 768, 14047, 158, 26, 29, 3, 136, 6,
26280 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26281 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26283 /* 1366x768, 60 Hz, 47.403 kHz hsync, WXGA 16:9 aspect ratio */
26284 NULL, 60, 1366, 768, 13806, 120, 10, 14, 3, 32, 5,
26285 - 0, FB_VMODE_NONINTERLACED
26286 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26288 /* 1280x800, 60 Hz, 47.403 kHz hsync, WXGA 16:10 aspect ratio */
26289 NULL, 60, 1280, 800, 12048, 200, 64, 24, 1, 136, 3,
26290 - 0, FB_VMODE_NONINTERLACED
26291 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26293 /* 720x576i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
26294 NULL, 50, 720, 576, 74074, 64, 16, 39, 5, 64, 5,
26295 - 0, FB_VMODE_INTERLACED
26296 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26298 /* 800x520i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
26299 NULL, 50, 800, 520, 58823, 144, 64, 72, 28, 80, 5,
26300 - 0, FB_VMODE_INTERLACED
26301 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26305 diff -urNp linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c
26306 --- linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c 2009-12-02 22:51:21.000000000 -0500
26307 +++ linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c 2009-12-14 18:33:56.959735130 -0500
26308 @@ -87,7 +87,7 @@ static int nvidia_bl_get_brightness(stru
26309 return bd->props.brightness;
26312 -static struct backlight_ops nvidia_bl_ops = {
26313 +static const struct backlight_ops nvidia_bl_ops = {
26314 .get_brightness = nvidia_bl_get_brightness,
26315 .update_status = nvidia_bl_update_status,
26317 diff -urNp linux-2.6.32.1/drivers/video/riva/fbdev.c linux-2.6.32.1/drivers/video/riva/fbdev.c
26318 --- linux-2.6.32.1/drivers/video/riva/fbdev.c 2009-12-02 22:51:21.000000000 -0500
26319 +++ linux-2.6.32.1/drivers/video/riva/fbdev.c 2009-12-14 18:33:56.982743557 -0500
26320 @@ -331,7 +331,7 @@ static int riva_bl_get_brightness(struct
26321 return bd->props.brightness;
26324 -static struct backlight_ops riva_bl_ops = {
26325 +static const struct backlight_ops riva_bl_ops = {
26326 .get_brightness = riva_bl_get_brightness,
26327 .update_status = riva_bl_update_status,
26329 diff -urNp linux-2.6.32.1/drivers/video/uvesafb.c linux-2.6.32.1/drivers/video/uvesafb.c
26330 --- linux-2.6.32.1/drivers/video/uvesafb.c 2009-12-02 22:51:21.000000000 -0500
26331 +++ linux-2.6.32.1/drivers/video/uvesafb.c 2009-12-14 18:33:57.012741789 -0500
26333 #include <linux/fb.h>
26334 #include <linux/io.h>
26335 #include <linux/mutex.h>
26336 +#include <linux/moduleloader.h>
26337 #include <video/edid.h>
26338 #include <video/uvesafb.h>
26340 @@ -120,7 +121,7 @@ static int uvesafb_helper_start(void)
26344 - return call_usermodehelper(v86d_path, argv, envp, 1);
26345 + return call_usermodehelper(v86d_path, argv, envp, UMH_WAIT_PROC);
26349 @@ -568,10 +569,32 @@ static int __devinit uvesafb_vbe_getpmi(
26350 if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
26351 par->pmi_setpal = par->ypan = 0;
26354 +#ifdef CONFIG_PAX_KERNEXEC
26355 +#ifdef CONFIG_MODULES
26356 + par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx);
26358 + if (!par->pmi_code) {
26359 + par->pmi_setpal = par->ypan = 0;
26364 par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4)
26365 + task->t.regs.edi);
26367 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26368 + pax_open_kernel();
26369 + memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx);
26370 + pax_close_kernel();
26372 + par->pmi_start = ktva_ktla(par->pmi_code + par->pmi_base[1]);
26373 + par->pmi_pal = ktva_ktla(par->pmi_code + par->pmi_base[2]);
26375 par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1];
26376 par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2];
26379 printk(KERN_INFO "uvesafb: protected mode interface info at "
26381 (u16)task->t.regs.es, (u16)task->t.regs.edi);
26382 @@ -1799,6 +1822,11 @@ out:
26383 if (par->vbe_modes)
26384 kfree(par->vbe_modes);
26386 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26387 + if (par->pmi_code)
26388 + module_free_exec(NULL, par->pmi_code);
26391 framebuffer_release(info);
26394 @@ -1825,6 +1853,12 @@ static int uvesafb_remove(struct platfor
26395 kfree(par->vbe_state_orig);
26396 if (par->vbe_state_saved)
26397 kfree(par->vbe_state_saved);
26399 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26400 + if (par->pmi_code)
26401 + module_free_exec(NULL, par->pmi_code);
26406 framebuffer_release(info);
26407 diff -urNp linux-2.6.32.1/drivers/video/vesafb.c linux-2.6.32.1/drivers/video/vesafb.c
26408 --- linux-2.6.32.1/drivers/video/vesafb.c 2009-12-02 22:51:21.000000000 -0500
26409 +++ linux-2.6.32.1/drivers/video/vesafb.c 2009-12-14 18:33:57.027725518 -0500
26413 #include <linux/module.h>
26414 +#include <linux/moduleloader.h>
26415 #include <linux/kernel.h>
26416 #include <linux/errno.h>
26417 #include <linux/string.h>
26418 @@ -53,8 +54,8 @@ static int vram_remap __initdata; /*
26419 static int vram_total __initdata; /* Set total amount of memory */
26420 static int pmi_setpal __read_mostly = 1; /* pmi for palette changes ??? */
26421 static int ypan __read_mostly; /* 0..nothing, 1..ypan, 2..ywrap */
26422 -static void (*pmi_start)(void) __read_mostly;
26423 -static void (*pmi_pal) (void) __read_mostly;
26424 +static void (*pmi_start)(void) __read_only;
26425 +static void (*pmi_pal) (void) __read_only;
26426 static int depth __read_mostly;
26427 static int vga_compat __read_mostly;
26428 /* --------------------------------------------------------------------- */
26429 @@ -233,6 +234,7 @@ static int __init vesafb_probe(struct pl
26430 unsigned int size_vmode;
26431 unsigned int size_remap;
26432 unsigned int size_total;
26433 + void *pmi_code = NULL;
26435 if (screen_info.orig_video_isVGA != VIDEO_TYPE_VLFB)
26437 @@ -275,10 +277,6 @@ static int __init vesafb_probe(struct pl
26438 size_remap = size_total;
26439 vesafb_fix.smem_len = size_remap;
26442 - screen_info.vesapm_seg = 0;
26445 if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) {
26446 printk(KERN_WARNING
26447 "vesafb: cannot reserve video memory at 0x%lx\n",
26448 @@ -315,9 +313,21 @@ static int __init vesafb_probe(struct pl
26449 printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n",
26450 vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages);
26454 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26455 + pmi_code = module_alloc_exec(screen_info.vesapm_size);
26457 +#elif !defined(CONFIG_PAX_KERNEXEC)
26462 + screen_info.vesapm_seg = 0;
26464 if (screen_info.vesapm_seg) {
26465 - printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n",
26466 - screen_info.vesapm_seg,screen_info.vesapm_off);
26467 + printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n",
26468 + screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size);
26471 if (screen_info.vesapm_seg < 0xc000)
26472 @@ -325,9 +335,25 @@ static int __init vesafb_probe(struct pl
26474 if (ypan || pmi_setpal) {
26475 unsigned short *pmi_base;
26476 - pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
26477 - pmi_start = (void*)((char*)pmi_base + pmi_base[1]);
26478 - pmi_pal = (void*)((char*)pmi_base + pmi_base[2]);
26480 + pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
26482 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26483 + pax_open_kernel();
26484 + memcpy(pmi_code, pmi_base, screen_info.vesapm_size);
26486 + pmi_code = pmi_base;
26489 + pmi_start = (void*)((char*)pmi_code + pmi_base[1]);
26490 + pmi_pal = (void*)((char*)pmi_code + pmi_base[2]);
26492 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26493 + pmi_start = ktva_ktla(pmi_start);
26494 + pmi_pal = ktva_ktla(pmi_pal);
26495 + pax_close_kernel();
26498 printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
26500 printk(KERN_INFO "vesafb: pmi: ports = ");
26501 @@ -469,6 +495,11 @@ static int __init vesafb_probe(struct pl
26502 info->node, info->fix.id);
26506 +#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26507 + module_free_exec(NULL, pmi_code);
26510 if (info->screen_base)
26511 iounmap(info->screen_base);
26512 framebuffer_release(info);
26513 diff -urNp linux-2.6.32.1/drivers/xen/sys-hypervisor.c linux-2.6.32.1/drivers/xen/sys-hypervisor.c
26514 --- linux-2.6.32.1/drivers/xen/sys-hypervisor.c 2009-12-02 22:51:21.000000000 -0500
26515 +++ linux-2.6.32.1/drivers/xen/sys-hypervisor.c 2009-12-14 18:33:57.043739049 -0500
26516 @@ -425,7 +425,7 @@ static ssize_t hyp_sysfs_store(struct ko
26520 -static struct sysfs_ops hyp_sysfs_ops = {
26521 +static const struct sysfs_ops hyp_sysfs_ops = {
26522 .show = hyp_sysfs_show,
26523 .store = hyp_sysfs_store,
26525 diff -urNp linux-2.6.32.1/fs/9p/vfs_inode.c linux-2.6.32.1/fs/9p/vfs_inode.c
26526 --- linux-2.6.32.1/fs/9p/vfs_inode.c 2009-12-02 22:51:21.000000000 -0500
26527 +++ linux-2.6.32.1/fs/9p/vfs_inode.c 2009-12-14 18:33:57.059749105 -0500
26528 @@ -1079,7 +1079,7 @@ static void *v9fs_vfs_follow_link(struct
26530 v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
26532 - char *s = nd_get_link(nd);
26533 + const char *s = nd_get_link(nd);
26535 P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
26536 IS_ERR(s) ? "<error>" : s);
26537 diff -urNp linux-2.6.32.1/fs/aio.c linux-2.6.32.1/fs/aio.c
26538 --- linux-2.6.32.1/fs/aio.c 2009-12-02 22:51:21.000000000 -0500
26539 +++ linux-2.6.32.1/fs/aio.c 2009-12-14 18:33:57.095723301 -0500
26540 @@ -115,7 +115,7 @@ static int aio_setup_ring(struct kioctx
26541 size += sizeof(struct io_event) * nr_events;
26542 nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
26544 - if (nr_pages < 0)
26545 + if (nr_pages <= 0)
26548 nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
26549 diff -urNp linux-2.6.32.1/fs/attr.c linux-2.6.32.1/fs/attr.c
26550 --- linux-2.6.32.1/fs/attr.c 2009-12-02 22:51:21.000000000 -0500
26551 +++ linux-2.6.32.1/fs/attr.c 2009-12-14 18:33:57.104750823 -0500
26552 @@ -83,6 +83,7 @@ int inode_newsize_ok(const struct inode
26553 unsigned long limit;
26555 limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
26556 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1);
26557 if (limit != RLIM_INFINITY && offset > limit)
26559 if (offset > inode->i_sb->s_maxbytes)
26560 diff -urNp linux-2.6.32.1/fs/autofs/root.c linux-2.6.32.1/fs/autofs/root.c
26561 --- linux-2.6.32.1/fs/autofs/root.c 2009-12-02 22:51:21.000000000 -0500
26562 +++ linux-2.6.32.1/fs/autofs/root.c 2009-12-14 18:33:57.125758241 -0500
26563 @@ -299,7 +299,8 @@ static int autofs_root_symlink(struct in
26564 set_bit(n,sbi->symlink_bitmap);
26565 sl = &sbi->symlink[n];
26566 sl->len = strlen(symname);
26567 - sl->data = kmalloc(slsize = sl->len+1, GFP_KERNEL);
26568 + slsize = sl->len+1;
26569 + sl->data = kmalloc(slsize, GFP_KERNEL);
26571 clear_bit(n,sbi->symlink_bitmap);
26573 diff -urNp linux-2.6.32.1/fs/autofs4/symlink.c linux-2.6.32.1/fs/autofs4/symlink.c
26574 --- linux-2.6.32.1/fs/autofs4/symlink.c 2009-12-02 22:51:21.000000000 -0500
26575 +++ linux-2.6.32.1/fs/autofs4/symlink.c 2009-12-14 18:33:57.134749675 -0500
26577 static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd)
26579 struct autofs_info *ino = autofs4_dentry_ino(dentry);
26580 - nd_set_link(nd, (char *)ino->u.symlink);
26581 + nd_set_link(nd, ino->u.symlink);
26585 diff -urNp linux-2.6.32.1/fs/befs/linuxvfs.c linux-2.6.32.1/fs/befs/linuxvfs.c
26586 --- linux-2.6.32.1/fs/befs/linuxvfs.c 2009-12-02 22:51:21.000000000 -0500
26587 +++ linux-2.6.32.1/fs/befs/linuxvfs.c 2009-12-14 18:33:57.142702421 -0500
26588 @@ -493,7 +493,7 @@ static void befs_put_link(struct dentry
26590 befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
26591 if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
26592 - char *link = nd_get_link(nd);
26593 + const char *link = nd_get_link(nd);
26597 diff -urNp linux-2.6.32.1/fs/binfmt_aout.c linux-2.6.32.1/fs/binfmt_aout.c
26598 --- linux-2.6.32.1/fs/binfmt_aout.c 2009-12-02 22:51:21.000000000 -0500
26599 +++ linux-2.6.32.1/fs/binfmt_aout.c 2009-12-14 18:33:57.161757136 -0500
26601 #include <linux/string.h>
26602 #include <linux/fs.h>
26603 #include <linux/file.h>
26604 +#include <linux/security.h>
26605 #include <linux/stat.h>
26606 #include <linux/fcntl.h>
26607 #include <linux/ptrace.h>
26608 @@ -113,10 +114,12 @@ static int aout_core_dump(long signr, st
26610 /* If the size of the dump file exceeds the rlimit, then see what would happen
26611 if we wrote the stack, but not the data area. */
26612 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1);
26613 if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > limit)
26616 /* Make sure we have enough room to write the stack and data areas. */
26617 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1);
26618 if ((dump.u_ssize + 1) * PAGE_SIZE > limit)
26621 @@ -249,6 +252,8 @@ static int load_aout_binary(struct linux
26622 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
26623 if (rlim >= RLIM_INFINITY)
26626 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
26627 if (ex.a_data + ex.a_bss > rlim)
26630 @@ -276,6 +281,27 @@ static int load_aout_binary(struct linux
26631 install_exec_creds(bprm);
26632 current->flags &= ~PF_FORKNOEXEC;
26634 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
26635 + current->mm->pax_flags = 0UL;
26638 +#ifdef CONFIG_PAX_PAGEEXEC
26639 + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
26640 + current->mm->pax_flags |= MF_PAX_PAGEEXEC;
26642 +#ifdef CONFIG_PAX_EMUTRAMP
26643 + if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
26644 + current->mm->pax_flags |= MF_PAX_EMUTRAMP;
26647 +#ifdef CONFIG_PAX_MPROTECT
26648 + if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
26649 + current->mm->pax_flags |= MF_PAX_MPROTECT;
26655 if (N_MAGIC(ex) == OMAGIC) {
26656 unsigned long text_addr, map_size;
26658 @@ -348,7 +374,7 @@ static int load_aout_binary(struct linux
26660 down_write(¤t->mm->mmap_sem);
26661 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
26662 - PROT_READ | PROT_WRITE | PROT_EXEC,
26663 + PROT_READ | PROT_WRITE,
26664 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
26665 fd_offset + ex.a_text);
26666 up_write(¤t->mm->mmap_sem);
26667 diff -urNp linux-2.6.32.1/fs/binfmt_elf.c linux-2.6.32.1/fs/binfmt_elf.c
26668 --- linux-2.6.32.1/fs/binfmt_elf.c 2009-12-02 22:51:21.000000000 -0500
26669 +++ linux-2.6.32.1/fs/binfmt_elf.c 2009-12-14 18:33:57.172753346 -0500
26670 @@ -50,6 +50,10 @@ static int elf_core_dump(long signr, str
26671 #define elf_core_dump NULL
26674 +#ifdef CONFIG_PAX_MPROTECT
26675 +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
26678 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
26679 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
26681 @@ -69,6 +73,11 @@ static struct linux_binfmt elf_format =
26682 .load_binary = load_elf_binary,
26683 .load_shlib = load_elf_library,
26684 .core_dump = elf_core_dump,
26686 +#ifdef CONFIG_PAX_MPROTECT
26687 + .handle_mprotect= elf_handle_mprotect,
26690 .min_coredump = ELF_EXEC_PAGESIZE,
26693 @@ -77,6 +86,8 @@ static struct linux_binfmt elf_format =
26695 static int set_brk(unsigned long start, unsigned long end)
26697 + unsigned long e = end;
26699 start = ELF_PAGEALIGN(start);
26700 end = ELF_PAGEALIGN(end);
26702 @@ -87,7 +98,7 @@ static int set_brk(unsigned long start,
26703 if (BAD_ADDR(addr))
26706 - current->mm->start_brk = current->mm->brk = end;
26707 + current->mm->start_brk = current->mm->brk = e;
26711 @@ -148,7 +159,7 @@ create_elf_tables(struct linux_binprm *b
26712 elf_addr_t __user *u_rand_bytes;
26713 const char *k_platform = ELF_PLATFORM;
26714 const char *k_base_platform = ELF_BASE_PLATFORM;
26715 - unsigned char k_rand_bytes[16];
26716 + u32 k_rand_bytes[4];
26718 elf_addr_t *elf_info;
26720 @@ -195,6 +206,10 @@ create_elf_tables(struct linux_binprm *b
26721 * Generate 16 random bytes for userspace PRNG seeding.
26723 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
26724 + srandom32(k_rand_bytes[0] ^ random32());
26725 + srandom32(k_rand_bytes[1] ^ random32());
26726 + srandom32(k_rand_bytes[2] ^ random32());
26727 + srandom32(k_rand_bytes[3] ^ random32());
26728 u_rand_bytes = (elf_addr_t __user *)
26729 STACK_ALLOC(p, sizeof(k_rand_bytes));
26730 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
26731 @@ -385,10 +400,10 @@ static unsigned long load_elf_interp(str
26733 struct elf_phdr *elf_phdata;
26734 struct elf_phdr *eppnt;
26735 - unsigned long load_addr = 0;
26736 + unsigned long load_addr = 0, pax_task_size = TASK_SIZE;
26737 int load_addr_set = 0;
26738 unsigned long last_bss = 0, elf_bss = 0;
26739 - unsigned long error = ~0UL;
26740 + unsigned long error = -EINVAL;
26741 unsigned long total_size;
26742 int retval, i, size;
26744 @@ -434,6 +449,11 @@ static unsigned long load_elf_interp(str
26748 +#ifdef CONFIG_PAX_SEGMEXEC
26749 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
26750 + pax_task_size = SEGMEXEC_TASK_SIZE;
26753 eppnt = elf_phdata;
26754 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
26755 if (eppnt->p_type == PT_LOAD) {
26756 @@ -477,8 +497,8 @@ static unsigned long load_elf_interp(str
26757 k = load_addr + eppnt->p_vaddr;
26759 eppnt->p_filesz > eppnt->p_memsz ||
26760 - eppnt->p_memsz > TASK_SIZE ||
26761 - TASK_SIZE - eppnt->p_memsz < k) {
26762 + eppnt->p_memsz > pax_task_size ||
26763 + pax_task_size - eppnt->p_memsz < k) {
26767 @@ -532,6 +552,177 @@ out:
26771 +#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
26772 +static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
26774 + unsigned long pax_flags = 0UL;
26776 +#ifdef CONFIG_PAX_PAGEEXEC
26777 + if (elf_phdata->p_flags & PF_PAGEEXEC)
26778 + pax_flags |= MF_PAX_PAGEEXEC;
26781 +#ifdef CONFIG_PAX_SEGMEXEC
26782 + if (elf_phdata->p_flags & PF_SEGMEXEC)
26783 + pax_flags |= MF_PAX_SEGMEXEC;
26786 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26787 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26789 + pax_flags &= ~MF_PAX_SEGMEXEC;
26791 + pax_flags &= ~MF_PAX_PAGEEXEC;
26795 +#ifdef CONFIG_PAX_EMUTRAMP
26796 + if (elf_phdata->p_flags & PF_EMUTRAMP)
26797 + pax_flags |= MF_PAX_EMUTRAMP;
26800 +#ifdef CONFIG_PAX_MPROTECT
26801 + if (elf_phdata->p_flags & PF_MPROTECT)
26802 + pax_flags |= MF_PAX_MPROTECT;
26805 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
26806 + if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP))
26807 + pax_flags |= MF_PAX_RANDMMAP;
26810 + return pax_flags;
26814 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
26815 +static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
26817 + unsigned long pax_flags = 0UL;
26819 +#ifdef CONFIG_PAX_PAGEEXEC
26820 + if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
26821 + pax_flags |= MF_PAX_PAGEEXEC;
26824 +#ifdef CONFIG_PAX_SEGMEXEC
26825 + if (!(elf_phdata->p_flags & PF_NOSEGMEXEC))
26826 + pax_flags |= MF_PAX_SEGMEXEC;
26829 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26830 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26832 + pax_flags &= ~MF_PAX_SEGMEXEC;
26834 + pax_flags &= ~MF_PAX_PAGEEXEC;
26838 +#ifdef CONFIG_PAX_EMUTRAMP
26839 + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
26840 + pax_flags |= MF_PAX_EMUTRAMP;
26843 +#ifdef CONFIG_PAX_MPROTECT
26844 + if (!(elf_phdata->p_flags & PF_NOMPROTECT))
26845 + pax_flags |= MF_PAX_MPROTECT;
26848 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
26849 + if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP))
26850 + pax_flags |= MF_PAX_RANDMMAP;
26853 + return pax_flags;
26857 +#ifdef CONFIG_PAX_EI_PAX
26858 +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
26860 + unsigned long pax_flags = 0UL;
26862 +#ifdef CONFIG_PAX_PAGEEXEC
26863 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
26864 + pax_flags |= MF_PAX_PAGEEXEC;
26867 +#ifdef CONFIG_PAX_SEGMEXEC
26868 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
26869 + pax_flags |= MF_PAX_SEGMEXEC;
26872 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26873 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26875 + pax_flags &= ~MF_PAX_SEGMEXEC;
26877 + pax_flags &= ~MF_PAX_PAGEEXEC;
26881 +#ifdef CONFIG_PAX_EMUTRAMP
26882 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
26883 + pax_flags |= MF_PAX_EMUTRAMP;
26886 +#ifdef CONFIG_PAX_MPROTECT
26887 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
26888 + pax_flags |= MF_PAX_MPROTECT;
26891 +#ifdef CONFIG_PAX_ASLR
26892 + if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
26893 + pax_flags |= MF_PAX_RANDMMAP;
26896 + return pax_flags;
26900 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
26901 +static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
26903 + unsigned long pax_flags = 0UL;
26905 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
26909 +#ifdef CONFIG_PAX_EI_PAX
26910 + pax_flags = pax_parse_ei_pax(elf_ex);
26913 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
26914 + for (i = 0UL; i < elf_ex->e_phnum; i++)
26915 + if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
26916 + if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
26917 + ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
26918 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
26919 + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
26920 + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
26923 +#ifdef CONFIG_PAX_SOFTMODE
26924 + if (pax_softmode)
26925 + pax_flags = pax_parse_softmode(&elf_phdata[i]);
26929 + pax_flags = pax_parse_hardmode(&elf_phdata[i]);
26934 + if (0 > pax_check_flags(&pax_flags))
26937 + current->mm->pax_flags = pax_flags;
26943 * These are the functions used to load ELF style executables and shared
26944 * libraries. There is no binary dependent code anywhere else.
26945 @@ -548,6 +739,11 @@ static unsigned long randomize_stack_top
26947 unsigned int random_variable = 0;
26949 +#ifdef CONFIG_PAX_RANDUSTACK
26950 + if (randomize_va_space)
26951 + return stack_top - current->mm->delta_stack;
26954 if ((current->flags & PF_RANDOMIZE) &&
26955 !(current->personality & ADDR_NO_RANDOMIZE)) {
26956 random_variable = get_random_int() & STACK_RND_MASK;
26957 @@ -566,7 +762,7 @@ static int load_elf_binary(struct linux_
26958 unsigned long load_addr = 0, load_bias = 0;
26959 int load_addr_set = 0;
26960 char * elf_interpreter = NULL;
26961 - unsigned long error;
26962 + unsigned long error = 0;
26963 struct elf_phdr *elf_ppnt, *elf_phdata;
26964 unsigned long elf_bss, elf_brk;
26966 @@ -576,11 +772,11 @@ static int load_elf_binary(struct linux_
26967 unsigned long start_code, end_code, start_data, end_data;
26968 unsigned long reloc_func_desc = 0;
26969 int executable_stack = EXSTACK_DEFAULT;
26970 - unsigned long def_flags = 0;
26972 struct elfhdr elf_ex;
26973 struct elfhdr interp_elf_ex;
26975 + unsigned long pax_task_size = TASK_SIZE;
26977 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
26979 @@ -742,11 +938,80 @@ static int load_elf_binary(struct linux_
26981 /* OK, This is the point of no return */
26982 current->flags &= ~PF_FORKNOEXEC;
26983 - current->mm->def_flags = def_flags;
26985 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
26986 + current->mm->pax_flags = 0UL;
26989 +#ifdef CONFIG_PAX_DLRESOLVE
26990 + current->mm->call_dl_resolve = 0UL;
26993 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
26994 + current->mm->call_syscall = 0UL;
26997 +#ifdef CONFIG_PAX_ASLR
26998 + current->mm->delta_mmap = 0UL;
26999 + current->mm->delta_stack = 0UL;
27002 + current->mm->def_flags = 0;
27004 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
27005 + if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
27006 + send_sig(SIGKILL, current, 0);
27007 + goto out_free_dentry;
27011 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
27012 + pax_set_initial_flags(bprm);
27013 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
27014 + if (pax_set_initial_flags_func)
27015 + (pax_set_initial_flags_func)(bprm);
27018 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
27019 + if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !nx_enabled) {
27020 + current->mm->context.user_cs_limit = PAGE_SIZE;
27021 + current->mm->def_flags |= VM_PAGEEXEC;
27025 +#ifdef CONFIG_PAX_SEGMEXEC
27026 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
27027 + current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE;
27028 + current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
27029 + pax_task_size = SEGMEXEC_TASK_SIZE;
27033 +#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
27034 + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27035 + set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
27040 +#ifdef CONFIG_PAX_ASLR
27041 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
27042 + current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
27043 + current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
27047 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
27048 may depend on the personality. */
27049 SET_PERSONALITY(loc->elf_ex);
27051 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
27052 + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27053 + executable_stack = EXSTACK_DISABLE_X;
27054 + current->personality &= ~READ_IMPLIES_EXEC;
27058 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
27059 current->personality |= READ_IMPLIES_EXEC;
27061 @@ -827,6 +1092,20 @@ static int load_elf_binary(struct linux_
27063 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
27066 +#ifdef CONFIG_PAX_RANDMMAP
27067 + /* PaX: randomize base address at the default exe base if requested */
27068 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
27069 +#ifdef CONFIG_SPARC64
27070 + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
27072 + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
27074 + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
27075 + elf_flags |= MAP_FIXED;
27081 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
27082 @@ -859,9 +1138,9 @@ static int load_elf_binary(struct linux_
27083 * allowed task size. Note that p_filesz must always be
27084 * <= p_memsz so it is only necessary to check p_memsz.
27086 - if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
27087 - elf_ppnt->p_memsz > TASK_SIZE ||
27088 - TASK_SIZE - elf_ppnt->p_memsz < k) {
27089 + if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
27090 + elf_ppnt->p_memsz > pax_task_size ||
27091 + pax_task_size - elf_ppnt->p_memsz < k) {
27092 /* set_brk can never work. Avoid overflows. */
27093 send_sig(SIGKILL, current, 0);
27095 @@ -889,6 +1168,11 @@ static int load_elf_binary(struct linux_
27096 start_data += load_bias;
27097 end_data += load_bias;
27099 +#ifdef CONFIG_PAX_RANDMMAP
27100 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
27101 + elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
27104 /* Calling set_brk effectively mmaps the pages that we need
27105 * for the bss and break sections. We must do this before
27106 * mapping in the interpreter, to make sure it doesn't wind
27107 @@ -900,9 +1184,11 @@ static int load_elf_binary(struct linux_
27108 goto out_free_dentry;
27110 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
27111 - send_sig(SIGSEGV, current, 0);
27112 - retval = -EFAULT; /* Nobody gets to see this, but.. */
27113 - goto out_free_dentry;
27115 + * This bss-zeroing can fail if the ELF
27116 + * file specifies odd protections. So
27117 + * we don't check the return value
27121 if (elf_interpreter) {
27122 @@ -1135,8 +1421,10 @@ static int dump_seek(struct file *file,
27123 unsigned long n = off;
27126 - if (!dump_write(file, buf, n))
27127 + if (!dump_write(file, buf, n)) {
27128 + free_page((unsigned long)buf);
27133 free_page((unsigned long)buf);
27134 @@ -1148,7 +1436,7 @@ static int dump_seek(struct file *file,
27135 * Decide what to dump of a segment, part, all or none.
27137 static unsigned long vma_dump_size(struct vm_area_struct *vma,
27138 - unsigned long mm_flags)
27139 + unsigned long mm_flags, long signr)
27141 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
27143 @@ -1182,7 +1470,7 @@ static unsigned long vma_dump_size(struc
27144 if (vma->vm_file == NULL)
27147 - if (FILTER(MAPPED_PRIVATE))
27148 + if (signr == SIGKILL || FILTER(MAPPED_PRIVATE))
27152 @@ -1278,8 +1566,11 @@ static int writenote(struct memelfnote *
27155 #define DUMP_WRITE(addr, nr) \
27157 + gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \
27158 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
27159 - goto end_coredump;
27160 + goto end_coredump; \
27163 static void fill_elf_header(struct elfhdr *elf, int segs,
27164 u16 machine, u32 flags, u8 osabi)
27165 @@ -1408,9 +1699,9 @@ static void fill_auxv_note(struct memelf
27167 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
27172 - while (auxv[i - 2] != AT_NULL);
27173 + } while (auxv[i - 2] != AT_NULL);
27174 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
27177 @@ -1996,7 +2287,7 @@ static int elf_core_dump(long signr, str
27178 phdr.p_offset = offset;
27179 phdr.p_vaddr = vma->vm_start;
27181 - phdr.p_filesz = vma_dump_size(vma, mm_flags);
27182 + phdr.p_filesz = vma_dump_size(vma, mm_flags, signr);
27183 phdr.p_memsz = vma->vm_end - vma->vm_start;
27184 offset += phdr.p_filesz;
27185 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
27186 @@ -2029,7 +2320,7 @@ static int elf_core_dump(long signr, str
27187 unsigned long addr;
27190 - end = vma->vm_start + vma_dump_size(vma, mm_flags);
27191 + end = vma->vm_start + vma_dump_size(vma, mm_flags, signr);
27193 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
27195 @@ -2038,6 +2329,7 @@ static int elf_core_dump(long signr, str
27196 page = get_dump_page(addr);
27198 void *kaddr = kmap(page);
27199 + gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1);
27200 stop = ((size += PAGE_SIZE) > limit) ||
27201 !dump_write(file, kaddr, PAGE_SIZE);
27203 @@ -2065,6 +2357,97 @@ out:
27205 #endif /* USE_ELF_CORE_DUMP */
27207 +#ifdef CONFIG_PAX_MPROTECT
27208 +/* PaX: non-PIC ELF libraries need relocations on their executable segments
27209 + * therefore we'll grant them VM_MAYWRITE once during their life. Similarly
27210 + * we'll remove VM_MAYWRITE for good on RELRO segments.
27212 + * The checks favour ld-linux.so behaviour which operates on a per ELF segment
27213 + * basis because we want to allow the common case and not the special ones.
27215 +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags)
27217 + struct elfhdr elf_h;
27218 + struct elf_phdr elf_p;
27220 + unsigned long oldflags;
27221 + bool is_textrel_rw, is_textrel_rx, is_relro;
27223 + if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT))
27226 + oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
27227 + newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ;
27229 +#ifdef CONFIG_PAX_NOELFRELOCS
27230 + is_textrel_rw = false;
27231 + is_textrel_rx = false;
27233 + /* possible TEXTREL */
27234 + is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
27235 + is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
27238 + /* possible RELRO */
27239 + is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
27241 + if (!is_textrel_rw && !is_textrel_rx && !is_relro)
27244 + if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
27245 + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
27247 +#ifdef CONFIG_PAX_ETEXECRELOCS
27248 + ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
27250 + ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) ||
27253 + (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
27254 + !elf_check_arch(&elf_h) ||
27255 + elf_h.e_phentsize != sizeof(struct elf_phdr) ||
27256 + elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
27259 + for (i = 0UL; i < elf_h.e_phnum; i++) {
27260 + if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
27262 + switch (elf_p.p_type) {
27264 + if (!is_textrel_rw && !is_textrel_rx)
27267 + while ((i+1) * sizeof(elf_dyn) <= elf_p.p_filesz) {
27270 + if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
27272 + if (dyn.d_tag == DT_NULL)
27274 + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
27275 + gr_log_textrel(vma);
27276 + if (is_textrel_rw)
27277 + vma->vm_flags |= VM_MAYWRITE;
27279 + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
27280 + vma->vm_flags &= ~VM_MAYWRITE;
27287 + case PT_GNU_RELRO:
27290 + if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start)
27291 + vma->vm_flags &= ~VM_MAYWRITE;
27298 static int __init init_elf_binfmt(void)
27300 return register_binfmt(&elf_format);
27301 diff -urNp linux-2.6.32.1/fs/binfmt_flat.c linux-2.6.32.1/fs/binfmt_flat.c
27302 --- linux-2.6.32.1/fs/binfmt_flat.c 2009-12-02 22:51:21.000000000 -0500
27303 +++ linux-2.6.32.1/fs/binfmt_flat.c 2009-12-14 18:33:57.183755156 -0500
27304 @@ -563,7 +563,9 @@ static int load_flat_file(struct linux_b
27305 realdatastart = (unsigned long) -ENOMEM;
27306 printk("Unable to allocate RAM for process data, errno %d\n",
27307 (int)-realdatastart);
27308 + down_write(¤t->mm->mmap_sem);
27309 do_munmap(current->mm, textpos, text_len);
27310 + up_write(¤t->mm->mmap_sem);
27311 ret = realdatastart;
27314 @@ -587,8 +589,10 @@ static int load_flat_file(struct linux_b
27316 if (IS_ERR_VALUE(result)) {
27317 printk("Unable to read data+bss, errno %d\n", (int)-result);
27318 + down_write(¤t->mm->mmap_sem);
27319 do_munmap(current->mm, textpos, text_len);
27320 do_munmap(current->mm, realdatastart, data_len + extra);
27321 + up_write(¤t->mm->mmap_sem);
27325 @@ -657,8 +661,10 @@ static int load_flat_file(struct linux_b
27327 if (IS_ERR_VALUE(result)) {
27328 printk("Unable to read code+data+bss, errno %d\n",(int)-result);
27329 + down_write(¤t->mm->mmap_sem);
27330 do_munmap(current->mm, textpos, text_len + data_len + extra +
27331 MAX_SHARED_LIBS * sizeof(unsigned long));
27332 + up_write(¤t->mm->mmap_sem);
27336 diff -urNp linux-2.6.32.1/fs/binfmt_misc.c linux-2.6.32.1/fs/binfmt_misc.c
27337 --- linux-2.6.32.1/fs/binfmt_misc.c 2009-12-02 22:51:21.000000000 -0500
27338 +++ linux-2.6.32.1/fs/binfmt_misc.c 2009-12-14 18:33:57.183755156 -0500
27339 @@ -693,7 +693,7 @@ static int bm_fill_super(struct super_bl
27340 static struct tree_descr bm_files[] = {
27341 [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO},
27342 [3] = {"register", &bm_register_operations, S_IWUSR},
27343 - /* last one */ {""}
27344 + /* last one */ {"", NULL, 0}
27346 int err = simple_fill_super(sb, 0x42494e4d, bm_files);
27348 diff -urNp linux-2.6.32.1/fs/bio.c linux-2.6.32.1/fs/bio.c
27349 --- linux-2.6.32.1/fs/bio.c 2009-12-02 22:51:21.000000000 -0500
27350 +++ linux-2.6.32.1/fs/bio.c 2009-12-14 18:33:57.192749405 -0500
27351 @@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_cr
27354 while (i < bio_slab_nr) {
27355 - struct bio_slab *bslab = &bio_slabs[i];
27356 + bslab = &bio_slabs[i];
27358 if (!bslab->slab && entry == -1)
27360 @@ -1212,7 +1212,7 @@ static void bio_copy_kern_endio(struct b
27361 const int read = bio_data_dir(bio) == READ;
27362 struct bio_map_data *bmd = bio->bi_private;
27364 - char *p = bmd->sgvecs[0].iov_base;
27365 + char *p = (__force char *)bmd->sgvecs[0].iov_base;
27367 __bio_for_each_segment(bvec, bio, i, 0) {
27368 char *addr = page_address(bvec->bv_page);
27369 diff -urNp linux-2.6.32.1/fs/btrfs/ctree.c linux-2.6.32.1/fs/btrfs/ctree.c
27370 --- linux-2.6.32.1/fs/btrfs/ctree.c 2009-12-02 22:51:21.000000000 -0500
27371 +++ linux-2.6.32.1/fs/btrfs/ctree.c 2009-12-14 18:33:57.212701813 -0500
27372 @@ -3568,7 +3568,6 @@ setup_items_for_insert(struct btrfs_tran
27376 - struct btrfs_disk_key disk_key;
27377 btrfs_cpu_key_to_disk(&disk_key, cpu_key);
27378 ret = fixup_low_keys(trans, root, path, &disk_key, 1);
27380 diff -urNp linux-2.6.32.1/fs/btrfs/disk-io.c linux-2.6.32.1/fs/btrfs/disk-io.c
27381 --- linux-2.6.32.1/fs/btrfs/disk-io.c 2009-12-02 22:51:21.000000000 -0500
27382 +++ linux-2.6.32.1/fs/btrfs/disk-io.c 2009-12-14 18:33:57.230771869 -0500
27384 #include "tree-log.h"
27385 #include "free-space-cache.h"
27387 -static struct extent_io_ops btree_extent_io_ops;
27388 +static const struct extent_io_ops btree_extent_io_ops;
27389 static void end_workqueue_fn(struct btrfs_work *work);
27390 static void free_fs_root(struct btrfs_root *root);
27392 @@ -2585,7 +2585,7 @@ out:
27396 -static struct extent_io_ops btree_extent_io_ops = {
27397 +static const struct extent_io_ops btree_extent_io_ops = {
27398 .write_cache_pages_lock_hook = btree_lock_page_hook,
27399 .readpage_end_io_hook = btree_readpage_end_io_hook,
27400 .submit_bio_hook = btree_submit_bio_hook,
27401 diff -urNp linux-2.6.32.1/fs/btrfs/extent_io.h linux-2.6.32.1/fs/btrfs/extent_io.h
27402 --- linux-2.6.32.1/fs/btrfs/extent_io.h 2009-12-02 22:51:21.000000000 -0500
27403 +++ linux-2.6.32.1/fs/btrfs/extent_io.h 2009-12-14 18:33:57.244757099 -0500
27404 @@ -49,36 +49,36 @@ typedef int (extent_submit_bio_hook_t)(s
27405 struct bio *bio, int mirror_num,
27406 unsigned long bio_flags);
27407 struct extent_io_ops {
27408 - int (*fill_delalloc)(struct inode *inode, struct page *locked_page,
27409 + int (* const fill_delalloc)(struct inode *inode, struct page *locked_page,
27410 u64 start, u64 end, int *page_started,
27411 unsigned long *nr_written);
27412 - int (*writepage_start_hook)(struct page *page, u64 start, u64 end);
27413 - int (*writepage_io_hook)(struct page *page, u64 start, u64 end);
27414 + int (* const writepage_start_hook)(struct page *page, u64 start, u64 end);
27415 + int (* const writepage_io_hook)(struct page *page, u64 start, u64 end);
27416 extent_submit_bio_hook_t *submit_bio_hook;
27417 - int (*merge_bio_hook)(struct page *page, unsigned long offset,
27418 + int (* const merge_bio_hook)(struct page *page, unsigned long offset,
27419 size_t size, struct bio *bio,
27420 unsigned long bio_flags);
27421 - int (*readpage_io_hook)(struct page *page, u64 start, u64 end);
27422 - int (*readpage_io_failed_hook)(struct bio *bio, struct page *page,
27423 + int (* const readpage_io_hook)(struct page *page, u64 start, u64 end);
27424 + int (* const readpage_io_failed_hook)(struct bio *bio, struct page *page,
27425 u64 start, u64 end,
27426 struct extent_state *state);
27427 - int (*writepage_io_failed_hook)(struct bio *bio, struct page *page,
27428 + int (* const writepage_io_failed_hook)(struct bio *bio, struct page *page,
27429 u64 start, u64 end,
27430 struct extent_state *state);
27431 - int (*readpage_end_io_hook)(struct page *page, u64 start, u64 end,
27432 + int (* const readpage_end_io_hook)(struct page *page, u64 start, u64 end,
27433 struct extent_state *state);
27434 - int (*writepage_end_io_hook)(struct page *page, u64 start, u64 end,
27435 + int (* const writepage_end_io_hook)(struct page *page, u64 start, u64 end,
27436 struct extent_state *state, int uptodate);
27437 - int (*set_bit_hook)(struct inode *inode, u64 start, u64 end,
27438 + int (* const set_bit_hook)(struct inode *inode, u64 start, u64 end,
27439 unsigned long old, unsigned long bits);
27440 - int (*clear_bit_hook)(struct inode *inode, struct extent_state *state,
27441 + int (* const clear_bit_hook)(struct inode *inode, struct extent_state *state,
27442 unsigned long bits);
27443 - int (*merge_extent_hook)(struct inode *inode,
27444 + int (* const merge_extent_hook)(struct inode *inode,
27445 struct extent_state *new,
27446 struct extent_state *other);
27447 - int (*split_extent_hook)(struct inode *inode,
27448 + int (* const split_extent_hook)(struct inode *inode,
27449 struct extent_state *orig, u64 split);
27450 - int (*write_cache_pages_lock_hook)(struct page *page);
27451 + int (* const write_cache_pages_lock_hook)(struct page *page);
27454 struct extent_io_tree {
27455 @@ -88,7 +88,7 @@ struct extent_io_tree {
27458 spinlock_t buffer_lock;
27459 - struct extent_io_ops *ops;
27460 + const struct extent_io_ops *ops;
27463 struct extent_state {
27464 diff -urNp linux-2.6.32.1/fs/btrfs/free-space-cache.c linux-2.6.32.1/fs/btrfs/free-space-cache.c
27465 --- linux-2.6.32.1/fs/btrfs/free-space-cache.c 2009-12-02 22:51:21.000000000 -0500
27466 +++ linux-2.6.32.1/fs/btrfs/free-space-cache.c 2009-12-14 18:33:57.281770959 -0500
27467 @@ -1074,8 +1074,6 @@ u64 btrfs_alloc_from_cluster(struct btrf
27470 if (entry->bytes < bytes || entry->offset < min_start) {
27471 - struct rb_node *node;
27473 node = rb_next(&entry->offset_index);
27476 @@ -1226,7 +1224,7 @@ again:
27478 while (entry->bitmap || found_bitmap ||
27479 (!entry->bitmap && entry->bytes < min_bytes)) {
27480 - struct rb_node *node = rb_next(&entry->offset_index);
27481 + node = rb_next(&entry->offset_index);
27483 if (entry->bitmap && entry->bytes > bytes + empty_size) {
27484 ret = btrfs_bitmap_cluster(block_group, entry, cluster,
27485 diff -urNp linux-2.6.32.1/fs/btrfs/inode.c linux-2.6.32.1/fs/btrfs/inode.c
27486 --- linux-2.6.32.1/fs/btrfs/inode.c 2009-12-02 22:51:21.000000000 -0500
27487 +++ linux-2.6.32.1/fs/btrfs/inode.c 2009-12-14 18:33:57.312774084 -0500
27488 @@ -63,7 +63,7 @@ static const struct inode_operations btr
27489 static const struct address_space_operations btrfs_aops;
27490 static const struct address_space_operations btrfs_symlink_aops;
27491 static const struct file_operations btrfs_dir_file_operations;
27492 -static struct extent_io_ops btrfs_extent_io_ops;
27493 +static const struct extent_io_ops btrfs_extent_io_ops;
27495 static struct kmem_cache *btrfs_inode_cachep;
27496 struct kmem_cache *btrfs_trans_handle_cachep;
27497 @@ -5854,7 +5854,7 @@ static const struct file_operations btrf
27498 .fsync = btrfs_sync_file,
27501 -static struct extent_io_ops btrfs_extent_io_ops = {
27502 +static const struct extent_io_ops btrfs_extent_io_ops = {
27503 .fill_delalloc = run_delalloc_range,
27504 .submit_bio_hook = btrfs_submit_bio_hook,
27505 .merge_bio_hook = btrfs_merge_bio_hook,
27506 diff -urNp linux-2.6.32.1/fs/btrfs/sysfs.c linux-2.6.32.1/fs/btrfs/sysfs.c
27507 --- linux-2.6.32.1/fs/btrfs/sysfs.c 2009-12-02 22:51:21.000000000 -0500
27508 +++ linux-2.6.32.1/fs/btrfs/sysfs.c 2009-12-14 18:33:57.315769270 -0500
27509 @@ -164,12 +164,12 @@ static void btrfs_root_release(struct ko
27510 complete(&root->kobj_unregister);
27513 -static struct sysfs_ops btrfs_super_attr_ops = {
27514 +static const struct sysfs_ops btrfs_super_attr_ops = {
27515 .show = btrfs_super_attr_show,
27516 .store = btrfs_super_attr_store,
27519 -static struct sysfs_ops btrfs_root_attr_ops = {
27520 +static const struct sysfs_ops btrfs_root_attr_ops = {
27521 .show = btrfs_root_attr_show,
27522 .store = btrfs_root_attr_store,
27524 diff -urNp linux-2.6.32.1/fs/buffer.c linux-2.6.32.1/fs/buffer.c
27525 --- linux-2.6.32.1/fs/buffer.c 2009-12-02 22:51:21.000000000 -0500
27526 +++ linux-2.6.32.1/fs/buffer.c 2009-12-14 18:33:57.344773102 -0500
27528 #include <linux/percpu.h>
27529 #include <linux/slab.h>
27530 #include <linux/capability.h>
27531 +#include <linux/security.h>
27532 #include <linux/blkdev.h>
27533 #include <linux/file.h>
27534 #include <linux/quotaops.h>
27535 diff -urNp linux-2.6.32.1/fs/cachefiles/rdwr.c linux-2.6.32.1/fs/cachefiles/rdwr.c
27536 --- linux-2.6.32.1/fs/cachefiles/rdwr.c 2009-12-02 22:51:21.000000000 -0500
27537 +++ linux-2.6.32.1/fs/cachefiles/rdwr.c 2009-12-14 18:33:57.350797598 -0500
27538 @@ -946,7 +946,7 @@ int cachefiles_write_page(struct fscache
27541 ret = file->f_op->write(
27542 - file, (const void __user *) data, len, &pos);
27543 + file, (__force const void __user *) data, len, &pos);
27547 diff -urNp linux-2.6.32.1/fs/cifs/cifs_uniupr.h linux-2.6.32.1/fs/cifs/cifs_uniupr.h
27548 --- linux-2.6.32.1/fs/cifs/cifs_uniupr.h 2009-12-02 22:51:21.000000000 -0500
27549 +++ linux-2.6.32.1/fs/cifs/cifs_uniupr.h 2009-12-14 18:33:57.352714715 -0500
27550 @@ -132,7 +132,7 @@ const struct UniCaseRange CifsUniUpperRa
27551 {0x0490, 0x04cc, UniCaseRangeU0490},
27552 {0x1e00, 0x1ffc, UniCaseRangeU1e00},
27553 {0xff40, 0xff5a, UniCaseRangeUff40},
27559 diff -urNp linux-2.6.32.1/fs/cifs/link.c linux-2.6.32.1/fs/cifs/link.c
27560 --- linux-2.6.32.1/fs/cifs/link.c 2009-12-02 22:51:21.000000000 -0500
27561 +++ linux-2.6.32.1/fs/cifs/link.c 2009-12-14 18:33:57.352714715 -0500
27562 @@ -215,7 +215,7 @@ cifs_symlink(struct inode *inode, struct
27564 void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
27566 - char *p = nd_get_link(nd);
27567 + const char *p = nd_get_link(nd);
27571 diff -urNp linux-2.6.32.1/fs/compat_binfmt_elf.c linux-2.6.32.1/fs/compat_binfmt_elf.c
27572 --- linux-2.6.32.1/fs/compat_binfmt_elf.c 2009-12-02 22:51:21.000000000 -0500
27573 +++ linux-2.6.32.1/fs/compat_binfmt_elf.c 2009-12-14 18:33:57.353774760 -0500
27574 @@ -29,10 +29,12 @@
27580 #define elfhdr elf32_hdr
27581 #define elf_phdr elf32_phdr
27582 #define elf_note elf32_note
27583 +#define elf_dyn Elf32_Dyn
27584 #define elf_addr_t Elf32_Addr
27587 diff -urNp linux-2.6.32.1/fs/compat.c linux-2.6.32.1/fs/compat.c
27588 --- linux-2.6.32.1/fs/compat.c 2009-12-02 22:51:21.000000000 -0500
27589 +++ linux-2.6.32.1/fs/compat.c 2009-12-14 18:33:57.385706728 -0500
27590 @@ -1410,14 +1410,12 @@ static int compat_copy_strings(int argc,
27591 if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
27594 -#ifdef CONFIG_STACK_GROWSUP
27595 ret = expand_stack_downwards(bprm->vma, pos);
27597 /* We've exceed the stack rlimit. */
27602 ret = get_user_pages(current, bprm->mm, pos,
27603 1, 1, 1, &page, NULL);
27605 @@ -1463,6 +1461,11 @@ int compat_do_execve(char * filename,
27606 compat_uptr_t __user *envp,
27607 struct pt_regs * regs)
27609 +#ifdef CONFIG_GRKERNSEC
27610 + struct file *old_exec_file;
27611 + struct acl_subject_label *old_acl;
27612 + struct rlimit old_rlim[RLIM_NLIMITS];
27614 struct linux_binprm *bprm;
27616 struct files_struct *displaced;
27617 @@ -1499,6 +1502,14 @@ int compat_do_execve(char * filename,
27618 bprm->filename = filename;
27619 bprm->interp = filename;
27621 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1);
27622 + retval = -EAGAIN;
27623 + if (gr_handle_nproc())
27625 + retval = -EACCES;
27626 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt))
27629 retval = bprm_mm_init(bprm);
27632 @@ -1528,9 +1539,40 @@ int compat_do_execve(char * filename,
27636 + if (!gr_tpe_allow(file)) {
27637 + retval = -EACCES;
27641 + if (gr_check_crash_exec(file)) {
27642 + retval = -EACCES;
27646 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
27648 + gr_handle_exec_args(bprm, (char __user * __user *)argv);
27650 +#ifdef CONFIG_GRKERNSEC
27651 + old_acl = current->acl;
27652 + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
27653 + old_exec_file = current->exec_file;
27655 + current->exec_file = file;
27658 + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
27659 + bprm->unsafe & LSM_UNSAFE_SHARE);
27663 retval = search_binary_handler(bprm, regs);
27667 +#ifdef CONFIG_GRKERNSEC
27668 + if (old_exec_file)
27669 + fput(old_exec_file);
27672 current->stack_start = current->mm->start_stack;
27674 @@ -1543,6 +1585,14 @@ int compat_do_execve(char * filename,
27675 put_files_struct(displaced);
27679 +#ifdef CONFIG_GRKERNSEC
27680 + current->acl = old_acl;
27681 + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
27682 + fput(current->exec_file);
27683 + current->exec_file = old_exec_file;
27689 diff -urNp linux-2.6.32.1/fs/compat_ioctl.c linux-2.6.32.1/fs/compat_ioctl.c
27690 --- linux-2.6.32.1/fs/compat_ioctl.c 2009-12-02 22:51:21.000000000 -0500
27691 +++ linux-2.6.32.1/fs/compat_ioctl.c 2009-12-14 18:33:57.407779827 -0500
27692 @@ -1827,15 +1827,15 @@ struct ioctl_trans {
27695 #define HANDLE_IOCTL(cmd,handler) \
27696 - { (cmd), (ioctl_trans_handler_t)(handler) },
27697 + { (cmd), (ioctl_trans_handler_t)(handler), NULL },
27699 /* pointer to compatible structure or no argument */
27700 #define COMPATIBLE_IOCTL(cmd) \
27701 - { (cmd), do_ioctl32_pointer },
27702 + { (cmd), do_ioctl32_pointer, NULL },
27704 /* argument is an unsigned long integer, not a pointer */
27705 #define ULONG_IOCTL(cmd) \
27706 - { (cmd), (ioctl_trans_handler_t)sys_ioctl },
27707 + { (cmd), (ioctl_trans_handler_t)sys_ioctl, NULL },
27709 /* ioctl should not be warned about even if it's not implemented.
27710 Valid reasons to use this:
27711 diff -urNp linux-2.6.32.1/fs/debugfs/inode.c linux-2.6.32.1/fs/debugfs/inode.c
27712 --- linux-2.6.32.1/fs/debugfs/inode.c 2009-12-02 22:51:21.000000000 -0500
27713 +++ linux-2.6.32.1/fs/debugfs/inode.c 2009-12-14 18:33:57.427775570 -0500
27714 @@ -118,7 +118,7 @@ static inline int debugfs_positive(struc
27716 static int debug_fill_super(struct super_block *sb, void *data, int silent)
27718 - static struct tree_descr debug_files[] = {{""}};
27719 + static struct tree_descr debug_files[] = {{"", NULL, 0}};
27721 return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files);
27723 diff -urNp linux-2.6.32.1/fs/dlm/lockspace.c linux-2.6.32.1/fs/dlm/lockspace.c
27724 --- linux-2.6.32.1/fs/dlm/lockspace.c 2009-12-02 22:51:21.000000000 -0500
27725 +++ linux-2.6.32.1/fs/dlm/lockspace.c 2009-12-14 18:33:57.438783661 -0500
27726 @@ -148,7 +148,7 @@ static void lockspace_kobj_release(struc
27730 -static struct sysfs_ops dlm_attr_ops = {
27731 +static const struct sysfs_ops dlm_attr_ops = {
27732 .show = dlm_attr_show,
27733 .store = dlm_attr_store,
27735 diff -urNp linux-2.6.32.1/fs/ecryptfs/inode.c linux-2.6.32.1/fs/ecryptfs/inode.c
27736 --- linux-2.6.32.1/fs/ecryptfs/inode.c 2009-12-02 22:51:21.000000000 -0500
27737 +++ linux-2.6.32.1/fs/ecryptfs/inode.c 2009-12-14 18:33:57.465783113 -0500
27738 @@ -676,7 +676,7 @@ ecryptfs_readlink(struct dentry *dentry,
27741 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
27742 - (char __user *)lower_buf,
27743 + (__force char __user *)lower_buf,
27747 @@ -720,7 +720,7 @@ static void *ecryptfs_follow_link(struct
27751 - rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
27752 + rc = dentry->d_inode->i_op->readlink(dentry, (__force char __user *)buf, len);
27756 diff -urNp linux-2.6.32.1/fs/exec.c linux-2.6.32.1/fs/exec.c
27757 --- linux-2.6.32.1/fs/exec.c 2009-12-02 22:51:21.000000000 -0500
27758 +++ linux-2.6.32.1/fs/exec.c 2009-12-14 18:33:57.485728461 -0500
27759 @@ -56,12 +56,24 @@
27760 #include <linux/fsnotify.h>
27761 #include <linux/fs_struct.h>
27762 #include <linux/pipe_fs_i.h>
27763 +#include <linux/random.h>
27764 +#include <linux/seq_file.h>
27766 +#ifdef CONFIG_PAX_REFCOUNT
27767 +#include <linux/kallsyms.h>
27768 +#include <linux/kdebug.h>
27771 #include <asm/uaccess.h>
27772 #include <asm/mmu_context.h>
27773 #include <asm/tlb.h>
27774 #include "internal.h"
27776 +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
27777 +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
27778 +EXPORT_SYMBOL(pax_set_initial_flags_func);
27782 char core_pattern[CORENAME_MAX_SIZE] = "core";
27783 unsigned int core_pipe_limit;
27784 @@ -115,7 +127,7 @@ SYSCALL_DEFINE1(uselib, const char __use
27787 file = do_filp_open(AT_FDCWD, tmp,
27788 - O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
27789 + O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0,
27790 MAY_READ | MAY_EXEC | MAY_OPEN);
27792 error = PTR_ERR(file);
27793 @@ -163,18 +175,10 @@ static struct page *get_arg_page(struct
27799 -#ifdef CONFIG_STACK_GROWSUP
27801 - ret = expand_stack_downwards(bprm->vma, pos);
27806 - ret = get_user_pages(current, bprm->mm, pos,
27807 - 1, write, 1, &page, NULL);
27809 + if (0 > expand_stack_downwards(bprm->vma, pos))
27811 + if (0 >= get_user_pages(current, bprm->mm, pos, 1, write, 1, &page, NULL))
27815 @@ -246,6 +250,11 @@ static int __bprm_mm_init(struct linux_b
27816 vma->vm_end = STACK_TOP_MAX;
27817 vma->vm_start = vma->vm_end - PAGE_SIZE;
27818 vma->vm_flags = VM_STACK_FLAGS;
27820 +#ifdef CONFIG_PAX_SEGMEXEC
27821 + vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
27824 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
27825 err = insert_vm_struct(mm, vma);
27827 @@ -254,6 +263,12 @@ static int __bprm_mm_init(struct linux_b
27828 mm->stack_vm = mm->total_vm = 1;
27829 up_write(&mm->mmap_sem);
27830 bprm->p = vma->vm_end - sizeof(void *);
27832 +#ifdef CONFIG_PAX_RANDUSTACK
27833 + if (randomize_va_space)
27834 + bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK;
27839 up_write(&mm->mmap_sem);
27840 @@ -475,7 +490,7 @@ int copy_strings_kernel(int argc,char **
27842 mm_segment_t oldfs = get_fs();
27844 - r = copy_strings(argc, (char __user * __user *)argv, bprm);
27845 + r = copy_strings(argc, (__force char __user * __user *)argv, bprm);
27849 @@ -505,7 +520,8 @@ static int shift_arg_pages(struct vm_are
27850 unsigned long new_end = old_end - shift;
27851 struct mmu_gather *tlb;
27853 - BUG_ON(new_start > new_end);
27854 + if (new_start >= new_end || new_start < mmap_min_addr)
27858 * ensure there are no vmas between where we want to go
27859 @@ -514,6 +530,10 @@ static int shift_arg_pages(struct vm_are
27860 if (vma != find_vma(mm, new_start))
27863 +#ifdef CONFIG_PAX_SEGMEXEC
27864 + BUG_ON(pax_find_mirror_vma(vma));
27868 * cover the whole range: [new_start, old_end)
27870 @@ -602,6 +622,14 @@ int setup_arg_pages(struct linux_binprm
27871 bprm->exec -= stack_shift;
27873 down_write(&mm->mmap_sem);
27875 + /* Move stack pages down in memory. */
27876 + if (stack_shift) {
27877 + ret = shift_arg_pages(vma, stack_shift);
27882 vm_flags = VM_STACK_FLAGS;
27885 @@ -615,19 +643,24 @@ int setup_arg_pages(struct linux_binprm
27886 vm_flags &= ~VM_EXEC;
27887 vm_flags |= mm->def_flags;
27889 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
27890 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27891 + vm_flags &= ~VM_EXEC;
27893 +#ifdef CONFIG_PAX_MPROTECT
27894 + if (mm->pax_flags & MF_PAX_MPROTECT)
27895 + vm_flags &= ~VM_MAYEXEC;
27901 ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end,
27905 BUG_ON(prev != vma);
27907 - /* Move stack pages down in memory. */
27908 - if (stack_shift) {
27909 - ret = shift_arg_pages(vma, stack_shift);
27914 #ifdef CONFIG_STACK_GROWSUP
27915 stack_base = vma->vm_end + EXTRA_STACK_VM_PAGES * PAGE_SIZE;
27917 @@ -651,7 +684,7 @@ struct file *open_exec(const char *name)
27920 file = do_filp_open(AT_FDCWD, name,
27921 - O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
27922 + O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0,
27923 MAY_EXEC | MAY_OPEN);
27926 @@ -688,7 +721,7 @@ int kernel_read(struct file *file, loff_
27929 /* The cast to a user pointer is valid due to the set_fs() */
27930 - result = vfs_read(file, (void __user *)addr, count, &pos);
27931 + result = vfs_read(file, (__force void __user *)addr, count, &pos);
27935 @@ -1088,7 +1121,7 @@ int check_unsafe_exec(struct linux_binpr
27939 - if (p->fs->users > n_fs) {
27940 + if (atomic_read(&p->fs->users) > n_fs) {
27941 bprm->unsafe |= LSM_UNSAFE_SHARE;
27944 @@ -1287,6 +1320,11 @@ int do_execve(char * filename,
27945 char __user *__user *envp,
27946 struct pt_regs * regs)
27948 +#ifdef CONFIG_GRKERNSEC
27949 + struct file *old_exec_file;
27950 + struct acl_subject_label *old_acl;
27951 + struct rlimit old_rlim[RLIM_NLIMITS];
27953 struct linux_binprm *bprm;
27955 struct files_struct *displaced;
27956 @@ -1323,6 +1361,18 @@ int do_execve(char * filename,
27957 bprm->filename = filename;
27958 bprm->interp = filename;
27960 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1);
27962 + if (gr_handle_nproc()) {
27963 + retval = -EAGAIN;
27967 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
27968 + retval = -EACCES;
27972 retval = bprm_mm_init(bprm);
27975 @@ -1352,10 +1402,41 @@ int do_execve(char * filename,
27979 + if (!gr_tpe_allow(file)) {
27980 + retval = -EACCES;
27984 + if (gr_check_crash_exec(file)) {
27985 + retval = -EACCES;
27989 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
27991 + gr_handle_exec_args(bprm, argv);
27993 +#ifdef CONFIG_GRKERNSEC
27994 + old_acl = current->acl;
27995 + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
27996 + old_exec_file = current->exec_file;
27998 + current->exec_file = file;
28001 + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
28002 + bprm->unsafe & LSM_UNSAFE_SHARE);
28006 current->flags &= ~PF_KTHREAD;
28007 retval = search_binary_handler(bprm,regs);
28011 +#ifdef CONFIG_GRKERNSEC
28012 + if (old_exec_file)
28013 + fput(old_exec_file);
28016 current->stack_start = current->mm->start_stack;
28018 @@ -1368,6 +1449,14 @@ int do_execve(char * filename,
28019 put_files_struct(displaced);
28023 +#ifdef CONFIG_GRKERNSEC
28024 + current->acl = old_acl;
28025 + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
28026 + fput(current->exec_file);
28027 + current->exec_file = old_exec_file;
28033 @@ -1531,6 +1620,169 @@ out:
28037 +int pax_check_flags(unsigned long *flags)
28041 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC)
28042 + if (*flags & MF_PAX_SEGMEXEC)
28044 + *flags &= ~MF_PAX_SEGMEXEC;
28045 + retval = -EINVAL;
28049 + if ((*flags & MF_PAX_PAGEEXEC)
28051 +#ifdef CONFIG_PAX_PAGEEXEC
28052 + && (*flags & MF_PAX_SEGMEXEC)
28057 + *flags &= ~MF_PAX_PAGEEXEC;
28058 + retval = -EINVAL;
28061 + if ((*flags & MF_PAX_MPROTECT)
28063 +#ifdef CONFIG_PAX_MPROTECT
28064 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
28069 + *flags &= ~MF_PAX_MPROTECT;
28070 + retval = -EINVAL;
28073 + if ((*flags & MF_PAX_EMUTRAMP)
28075 +#ifdef CONFIG_PAX_EMUTRAMP
28076 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
28081 + *flags &= ~MF_PAX_EMUTRAMP;
28082 + retval = -EINVAL;
28088 +EXPORT_SYMBOL(pax_check_flags);
28090 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
28091 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
28093 + struct task_struct *tsk = current;
28094 + struct mm_struct *mm = current->mm;
28095 + char *buffer_exec = (char *)__get_free_page(GFP_KERNEL);
28096 + char *buffer_fault = (char *)__get_free_page(GFP_KERNEL);
28097 + char *path_exec = NULL;
28098 + char *path_fault = NULL;
28099 + unsigned long start = 0UL, end = 0UL, offset = 0UL;
28101 + if (buffer_exec && buffer_fault) {
28102 + struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL;
28104 + down_read(&mm->mmap_sem);
28106 + while (vma && (!vma_exec || !vma_fault)) {
28107 + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file)
28109 + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
28111 + vma = vma->vm_next;
28114 + path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
28115 + if (IS_ERR(path_exec))
28116 + path_exec = "<path too long>";
28118 + path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\");
28121 + path_exec = buffer_exec;
28123 + path_exec = "<path too long>";
28127 + start = vma_fault->vm_start;
28128 + end = vma_fault->vm_end;
28129 + offset = vma_fault->vm_pgoff << PAGE_SHIFT;
28130 + if (vma_fault->vm_file) {
28131 + path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
28132 + if (IS_ERR(path_fault))
28133 + path_fault = "<path too long>";
28135 + path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\");
28136 + if (path_fault) {
28138 + path_fault = buffer_fault;
28140 + path_fault = "<path too long>";
28143 + path_fault = "<anonymous mapping>";
28145 + up_read(&mm->mmap_sem);
28147 + if (tsk->signal->curr_ip)
28148 + printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset);
28150 + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
28151 + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
28152 + "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
28153 + task_uid(tsk), task_euid(tsk), pc, sp);
28154 + free_page((unsigned long)buffer_exec);
28155 + free_page((unsigned long)buffer_fault);
28156 + pax_report_insns(pc, sp);
28157 + do_coredump(SIGKILL, SIGKILL, regs);
28161 +#ifdef CONFIG_PAX_REFCOUNT
28162 +void pax_report_refcount_overflow(struct pt_regs *regs)
28164 + if (current->signal->curr_ip)
28165 + printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
28166 + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
28168 + printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
28169 + current->comm, task_pid_nr(current), current_uid(), current_euid());
28170 + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
28172 + force_sig_specific(SIGKILL, current);
28176 +#ifdef CONFIG_PAX_USERCOPY
28177 +void pax_report_leak_to_user(const void *ptr, unsigned long len)
28179 + if (current->signal->curr_ip)
28180 + printk(KERN_ERR "PAX: From %pI4: kernel memory leak attempt detected from %p (%lu bytes)\n",
28181 + ¤t->signal->curr_ip, ptr, len);
28183 + printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len);
28185 + do_group_exit(SIGKILL);
28188 +void pax_report_overflow_from_user(const void *ptr, unsigned long len)
28190 + if (current->signal->curr_ip)
28191 + printk(KERN_ERR "PAX: From %pI4: kernel memory overflow attempt detected to %p (%lu bytes)\n",
28192 + ¤t->signal->curr_ip, ptr, len);
28194 + printk(KERN_ERR "PAX: kernel memory overflow attempt detected to %p (%lu bytes)\n", ptr, len);
28196 + do_group_exit(SIGKILL);
28200 static int zap_process(struct task_struct *start)
28202 struct task_struct *t;
28203 @@ -1733,17 +1985,17 @@ static void wait_for_dump_helpers(struct
28204 pipe = file->f_path.dentry->d_inode->i_pipe;
28209 + atomic_inc(&pipe->readers);
28210 + atomic_dec(&pipe->writers);
28212 - while ((pipe->readers > 1) && (!signal_pending(current))) {
28213 + while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) {
28214 wake_up_interruptible_sync(&pipe->wait);
28215 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
28221 + atomic_dec(&pipe->readers);
28222 + atomic_inc(&pipe->writers);
28226 @@ -1814,6 +2066,10 @@ void do_coredump(long signr, int exit_co
28228 clear_thread_flag(TIF_SIGPENDING);
28230 + if (signr == SIGKILL || signr == SIGILL)
28231 + gr_handle_brute_attach(current);
28232 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
28235 * lock_kernel() because format_corename() is controlled by sysctl, which
28236 * uses lock_kernel()
28237 diff -urNp linux-2.6.32.1/fs/ext2/balloc.c linux-2.6.32.1/fs/ext2/balloc.c
28238 --- linux-2.6.32.1/fs/ext2/balloc.c 2009-12-02 22:51:21.000000000 -0500
28239 +++ linux-2.6.32.1/fs/ext2/balloc.c 2009-12-14 18:33:57.486736846 -0500
28240 @@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct e
28242 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
28243 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
28244 - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
28245 + if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
28246 sbi->s_resuid != current_fsuid() &&
28247 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
28249 diff -urNp linux-2.6.32.1/fs/ext3/balloc.c linux-2.6.32.1/fs/ext3/balloc.c
28250 --- linux-2.6.32.1/fs/ext3/balloc.c 2009-12-02 22:51:21.000000000 -0500
28251 +++ linux-2.6.32.1/fs/ext3/balloc.c 2009-12-14 18:33:57.509718920 -0500
28252 @@ -1421,7 +1421,7 @@ static int ext3_has_free_blocks(struct e
28254 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
28255 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
28256 - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
28257 + if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
28258 sbi->s_resuid != current_fsuid() &&
28259 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
28261 diff -urNp linux-2.6.32.1/fs/ext3/namei.c linux-2.6.32.1/fs/ext3/namei.c
28262 --- linux-2.6.32.1/fs/ext3/namei.c 2009-12-02 22:51:21.000000000 -0500
28263 +++ linux-2.6.32.1/fs/ext3/namei.c 2009-12-14 18:33:57.534788141 -0500
28264 @@ -1168,7 +1168,7 @@ static struct ext3_dir_entry_2 *do_split
28265 char *data1 = (*bh)->b_data, *data2;
28266 unsigned split, move, size;
28267 struct ext3_dir_entry_2 *de = NULL, *de2;
28271 bh2 = ext3_append (handle, dir, &newblock, &err);
28273 diff -urNp linux-2.6.32.1/fs/ext3/xattr.c linux-2.6.32.1/fs/ext3/xattr.c
28274 --- linux-2.6.32.1/fs/ext3/xattr.c 2009-12-02 22:51:21.000000000 -0500
28275 +++ linux-2.6.32.1/fs/ext3/xattr.c 2009-12-14 18:33:57.545729588 -0500
28280 -# define ea_idebug(f...)
28281 -# define ea_bdebug(f...)
28282 +# define ea_idebug(f...) do {} while (0)
28283 +# define ea_bdebug(f...) do {} while (0)
28286 static void ext3_xattr_cache_insert(struct buffer_head *);
28287 diff -urNp linux-2.6.32.1/fs/ext4/balloc.c linux-2.6.32.1/fs/ext4/balloc.c
28288 --- linux-2.6.32.1/fs/ext4/balloc.c 2009-12-14 18:30:08.624952361 -0500
28289 +++ linux-2.6.32.1/fs/ext4/balloc.c 2009-12-14 18:33:57.550794725 -0500
28290 @@ -573,7 +573,7 @@ int ext4_has_free_blocks(struct ext4_sb_
28291 /* Hm, nope. Are (enough) root reserved blocks available? */
28292 if (sbi->s_resuid == current_fsuid() ||
28293 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
28294 - capable(CAP_SYS_RESOURCE)) {
28295 + capable_nolog(CAP_SYS_RESOURCE)) {
28296 if (free_blocks >= (nblocks + dirty_blocks))
28299 diff -urNp linux-2.6.32.1/fs/ext4/ioctl.c linux-2.6.32.1/fs/ext4/ioctl.c
28300 --- linux-2.6.32.1/fs/ext4/ioctl.c 2009-12-14 18:30:08.691941121 -0500
28301 +++ linux-2.6.32.1/fs/ext4/ioctl.c 2009-12-14 18:34:40.201102490 -0500
28302 @@ -221,6 +221,9 @@ setversion_out:
28303 struct file *donor_filp;
28306 + /* temporary workaround for bugs in here */
28307 + return -EOPNOTSUPP;
28309 if (!(filp->f_mode & FMODE_READ) ||
28310 !(filp->f_mode & FMODE_WRITE))
28312 diff -urNp linux-2.6.32.1/fs/ext4/namei.c linux-2.6.32.1/fs/ext4/namei.c
28313 --- linux-2.6.32.1/fs/ext4/namei.c 2009-12-14 18:30:08.723951546 -0500
28314 +++ linux-2.6.32.1/fs/ext4/namei.c 2009-12-14 18:33:57.586796568 -0500
28315 @@ -1203,7 +1203,7 @@ static struct ext4_dir_entry_2 *do_split
28316 char *data1 = (*bh)->b_data, *data2;
28317 unsigned split, move, size;
28318 struct ext4_dir_entry_2 *de = NULL, *de2;
28322 bh2 = ext4_append (handle, dir, &newblock, &err);
28324 diff -urNp linux-2.6.32.1/fs/ext4/super.c linux-2.6.32.1/fs/ext4/super.c
28325 --- linux-2.6.32.1/fs/ext4/super.c 2009-12-14 18:30:08.738961620 -0500
28326 +++ linux-2.6.32.1/fs/ext4/super.c 2009-12-14 18:33:57.594709686 -0500
28327 @@ -2271,7 +2271,7 @@ static void ext4_sb_release(struct kobje
28331 -static struct sysfs_ops ext4_attr_ops = {
28332 +static const struct sysfs_ops ext4_attr_ops = {
28333 .show = ext4_attr_show,
28334 .store = ext4_attr_store,
28336 diff -urNp linux-2.6.32.1/fs/fcntl.c linux-2.6.32.1/fs/fcntl.c
28337 --- linux-2.6.32.1/fs/fcntl.c 2009-12-02 22:51:21.000000000 -0500
28338 +++ linux-2.6.32.1/fs/fcntl.c 2009-12-14 18:33:57.701815425 -0500
28339 @@ -344,6 +344,7 @@ static long do_fcntl(int fd, unsigned in
28342 case F_DUPFD_CLOEXEC:
28343 + gr_learn_resource(current, RLIMIT_NOFILE, arg, 0);
28344 if (arg >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
28346 err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0);
28347 @@ -500,7 +501,8 @@ static inline int sigio_perm(struct task
28348 ret = ((fown->euid == 0 ||
28349 fown->euid == cred->suid || fown->euid == cred->uid ||
28350 fown->uid == cred->suid || fown->uid == cred->uid) &&
28351 - !security_file_send_sigiotask(p, fown, sig));
28352 + !security_file_send_sigiotask(p, fown, sig) &&
28353 + !gr_check_protected_task(p) && !gr_pid_is_chrooted(p));
28357 diff -urNp linux-2.6.32.1/fs/fifo.c linux-2.6.32.1/fs/fifo.c
28358 --- linux-2.6.32.1/fs/fifo.c 2009-12-02 22:51:21.000000000 -0500
28359 +++ linux-2.6.32.1/fs/fifo.c 2009-12-14 18:33:57.701815425 -0500
28360 @@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode
28362 filp->f_op = &read_pipefifo_fops;
28364 - if (pipe->readers++ == 0)
28365 + if (atomic_inc_return(&pipe->readers) == 1)
28366 wake_up_partner(inode);
28368 - if (!pipe->writers) {
28369 + if (!atomic_read(&pipe->writers)) {
28370 if ((filp->f_flags & O_NONBLOCK)) {
28371 /* suppress POLLHUP until we have
28373 @@ -83,15 +83,15 @@ static int fifo_open(struct inode *inode
28374 * errno=ENXIO when there is no process reading the FIFO.
28377 - if ((filp->f_flags & O_NONBLOCK) && !pipe->readers)
28378 + if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
28381 filp->f_op = &write_pipefifo_fops;
28383 - if (!pipe->writers++)
28384 + if (atomic_inc_return(&pipe->writers) == 1)
28385 wake_up_partner(inode);
28387 - if (!pipe->readers) {
28388 + if (!atomic_read(&pipe->readers)) {
28389 wait_for_partner(inode, &pipe->r_counter);
28390 if (signal_pending(current))
28392 @@ -107,11 +107,11 @@ static int fifo_open(struct inode *inode
28394 filp->f_op = &rdwr_pipefifo_fops;
28398 + atomic_inc(&pipe->readers);
28399 + atomic_inc(&pipe->writers);
28402 - if (pipe->readers == 1 || pipe->writers == 1)
28403 + if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
28404 wake_up_partner(inode);
28407 @@ -125,19 +125,19 @@ static int fifo_open(struct inode *inode
28411 - if (!--pipe->readers)
28412 + if (atomic_dec_and_test(&pipe->readers))
28413 wake_up_interruptible(&pipe->wait);
28414 ret = -ERESTARTSYS;
28418 - if (!--pipe->writers)
28419 + if (atomic_dec_and_test(&pipe->writers))
28420 wake_up_interruptible(&pipe->wait);
28421 ret = -ERESTARTSYS;
28425 - if (!pipe->readers && !pipe->writers)
28426 + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers))
28427 free_pipe_info(inode);
28430 diff -urNp linux-2.6.32.1/fs/file.c linux-2.6.32.1/fs/file.c
28431 --- linux-2.6.32.1/fs/file.c 2009-12-02 22:51:21.000000000 -0500
28432 +++ linux-2.6.32.1/fs/file.c 2009-12-14 18:33:57.775828221 -0500
28434 #include <linux/slab.h>
28435 #include <linux/vmalloc.h>
28436 #include <linux/file.h>
28437 +#include <linux/security.h>
28438 #include <linux/fdtable.h>
28439 #include <linux/bitops.h>
28440 #include <linux/interrupt.h>
28441 @@ -257,6 +258,8 @@ int expand_files(struct files_struct *fi
28442 * N.B. For clone tasks sharing a files structure, this test
28443 * will limit the total number of files that can be opened.
28446 + gr_learn_resource(current, RLIMIT_NOFILE, nr, 0);
28447 if (nr >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
28450 diff -urNp linux-2.6.32.1/fs/fs_struct.c linux-2.6.32.1/fs/fs_struct.c
28451 --- linux-2.6.32.1/fs/fs_struct.c 2009-12-02 22:51:21.000000000 -0500
28452 +++ linux-2.6.32.1/fs/fs_struct.c 2009-12-14 18:33:57.827823406 -0500
28453 @@ -89,7 +89,7 @@ void exit_fs(struct task_struct *tsk)
28455 write_lock(&fs->lock);
28457 - kill = !--fs->users;
28458 + kill = !atomic_dec_return(&fs->users);
28459 write_unlock(&fs->lock);
28462 @@ -102,7 +102,7 @@ struct fs_struct *copy_fs_struct(struct
28463 struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
28464 /* We don't need to lock fs - think why ;-) */
28467 + atomic_set(&fs->users, 1);
28469 rwlock_init(&fs->lock);
28470 fs->umask = old->umask;
28471 @@ -127,7 +127,7 @@ int unshare_fs_struct(void)
28473 task_lock(current);
28474 write_lock(&fs->lock);
28475 - kill = !--fs->users;
28476 + kill = !atomic_dec_return(&fs->users);
28477 current->fs = new_fs;
28478 write_unlock(&fs->lock);
28479 task_unlock(current);
28480 @@ -147,7 +147,7 @@ EXPORT_SYMBOL(current_umask);
28482 /* to be mentioned only in INIT_TASK */
28483 struct fs_struct init_fs = {
28485 + .users = ATOMIC_INIT(1),
28486 .lock = __RW_LOCK_UNLOCKED(init_fs.lock),
28489 @@ -162,12 +162,12 @@ void daemonize_fs_struct(void)
28490 task_lock(current);
28492 write_lock(&init_fs.lock);
28494 + atomic_inc(&init_fs.users);
28495 write_unlock(&init_fs.lock);
28497 write_lock(&fs->lock);
28498 current->fs = &init_fs;
28499 - kill = !--fs->users;
28500 + kill = !atomic_dec_return(&fs->users);
28501 write_unlock(&fs->lock);
28503 task_unlock(current);
28504 diff -urNp linux-2.6.32.1/fs/fuse/control.c linux-2.6.32.1/fs/fuse/control.c
28505 --- linux-2.6.32.1/fs/fuse/control.c 2009-12-02 22:51:21.000000000 -0500
28506 +++ linux-2.6.32.1/fs/fuse/control.c 2009-12-14 18:33:57.828823523 -0500
28507 @@ -293,7 +293,7 @@ void fuse_ctl_remove_conn(struct fuse_co
28509 static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)
28511 - struct tree_descr empty_descr = {""};
28512 + struct tree_descr empty_descr = {"", NULL, 0};
28513 struct fuse_conn *fc;
28516 diff -urNp linux-2.6.32.1/fs/fuse/cuse.c linux-2.6.32.1/fs/fuse/cuse.c
28517 --- linux-2.6.32.1/fs/fuse/cuse.c 2009-12-02 22:51:21.000000000 -0500
28518 +++ linux-2.6.32.1/fs/fuse/cuse.c 2009-12-14 18:33:57.829806378 -0500
28519 @@ -528,8 +528,18 @@ static int cuse_channel_release(struct i
28523 -static struct file_operations cuse_channel_fops; /* initialized during init */
28525 +static const struct file_operations cuse_channel_fops = { /* initialized during init */
28526 + .owner = THIS_MODULE,
28527 + .llseek = no_llseek,
28528 + .read = do_sync_read,
28529 + .aio_read = fuse_dev_read,
28530 + .write = do_sync_write,
28531 + .aio_write = fuse_dev_write,
28532 + .poll = fuse_dev_poll,
28533 + .open = cuse_channel_open,
28534 + .release = cuse_channel_release,
28535 + .fasync = fuse_dev_fasync,
28538 /**************************************************************************
28539 * Misc stuff and module initializatiion
28540 @@ -575,12 +585,6 @@ static int __init cuse_init(void)
28541 for (i = 0; i < CUSE_CONNTBL_LEN; i++)
28542 INIT_LIST_HEAD(&cuse_conntbl[i]);
28544 - /* inherit and extend fuse_dev_operations */
28545 - cuse_channel_fops = fuse_dev_operations;
28546 - cuse_channel_fops.owner = THIS_MODULE;
28547 - cuse_channel_fops.open = cuse_channel_open;
28548 - cuse_channel_fops.release = cuse_channel_release;
28550 cuse_class = class_create(THIS_MODULE, "cuse");
28551 if (IS_ERR(cuse_class))
28552 return PTR_ERR(cuse_class);
28553 diff -urNp linux-2.6.32.1/fs/fuse/dev.c linux-2.6.32.1/fs/fuse/dev.c
28554 --- linux-2.6.32.1/fs/fuse/dev.c 2009-12-02 22:51:21.000000000 -0500
28555 +++ linux-2.6.32.1/fs/fuse/dev.c 2009-12-14 18:33:57.839750335 -0500
28556 @@ -745,7 +745,7 @@ __releases(&fc->lock)
28557 * request_end(). Otherwise add it to the processing list, and set
28560 -static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28561 +ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28562 unsigned long nr_segs, loff_t pos)
28565 @@ -885,7 +885,7 @@ static int fuse_notify_inval_entry(struc
28567 struct fuse_notify_inval_entry_out outarg;
28569 - char buf[FUSE_NAME_MAX+1];
28570 + char *buf = NULL;
28573 if (size < sizeof(outarg))
28574 @@ -899,6 +899,11 @@ static int fuse_notify_inval_entry(struc
28575 if (outarg.namelen > FUSE_NAME_MAX)
28579 + buf = kmalloc(FUSE_NAME_MAX+1, GFP_KERNEL);
28584 name.len = outarg.namelen;
28585 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
28586 @@ -910,17 +915,15 @@ static int fuse_notify_inval_entry(struc
28588 down_read(&fc->killsb);
28593 - err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
28597 + err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
28598 up_read(&fc->killsb);
28603 fuse_copy_finish(cs);
28608 @@ -987,7 +990,7 @@ static int copy_out_args(struct fuse_cop
28609 * it from the list and copy the rest of the buffer to the request.
28610 * The request is finished by calling request_end()
28612 -static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28613 +ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28614 unsigned long nr_segs, loff_t pos)
28617 @@ -1084,7 +1087,7 @@ static ssize_t fuse_dev_write(struct kio
28621 -static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
28622 +unsigned fuse_dev_poll(struct file *file, poll_table *wait)
28624 unsigned mask = POLLOUT | POLLWRNORM;
28625 struct fuse_conn *fc = fuse_get_conn(file);
28626 @@ -1210,7 +1213,7 @@ int fuse_dev_release(struct inode *inode
28628 EXPORT_SYMBOL_GPL(fuse_dev_release);
28630 -static int fuse_dev_fasync(int fd, struct file *file, int on)
28631 +int fuse_dev_fasync(int fd, struct file *file, int on)
28633 struct fuse_conn *fc = fuse_get_conn(file);
28635 diff -urNp linux-2.6.32.1/fs/fuse/dir.c linux-2.6.32.1/fs/fuse/dir.c
28636 --- linux-2.6.32.1/fs/fuse/dir.c 2009-12-02 22:51:21.000000000 -0500
28637 +++ linux-2.6.32.1/fs/fuse/dir.c 2009-12-14 18:33:57.853826263 -0500
28638 @@ -1127,7 +1127,7 @@ static char *read_link(struct dentry *de
28642 -static void free_link(char *link)
28643 +static void free_link(const char *link)
28646 free_page((unsigned long) link);
28647 diff -urNp linux-2.6.32.1/fs/fuse/fuse_i.h linux-2.6.32.1/fs/fuse/fuse_i.h
28648 --- linux-2.6.32.1/fs/fuse/fuse_i.h 2009-12-02 22:51:21.000000000 -0500
28649 +++ linux-2.6.32.1/fs/fuse/fuse_i.h 2009-12-14 18:33:57.853826263 -0500
28650 @@ -521,6 +521,16 @@ extern const struct file_operations fuse
28652 extern const struct dentry_operations fuse_dentry_operations;
28654 +extern ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28655 + unsigned long nr_segs, loff_t pos);
28657 +extern ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28658 + unsigned long nr_segs, loff_t pos);
28660 +extern unsigned fuse_dev_poll(struct file *file, poll_table *wait);
28662 +extern int fuse_dev_fasync(int fd, struct file *file, int on);
28665 * Inode to nodeid comparison.
28667 diff -urNp linux-2.6.32.1/fs/gfs2/sys.c linux-2.6.32.1/fs/gfs2/sys.c
28668 --- linux-2.6.32.1/fs/gfs2/sys.c 2009-12-02 22:51:21.000000000 -0500
28669 +++ linux-2.6.32.1/fs/gfs2/sys.c 2009-12-14 18:33:57.859828938 -0500
28670 @@ -49,7 +49,7 @@ static ssize_t gfs2_attr_store(struct ko
28671 return a->store ? a->store(sdp, buf, len) : len;
28674 -static struct sysfs_ops gfs2_attr_ops = {
28675 +static const struct sysfs_ops gfs2_attr_ops = {
28676 .show = gfs2_attr_show,
28677 .store = gfs2_attr_store,
28679 @@ -584,7 +584,7 @@ static int gfs2_uevent(struct kset *kset
28683 -static struct kset_uevent_ops gfs2_uevent_ops = {
28684 +static const struct kset_uevent_ops gfs2_uevent_ops = {
28685 .uevent = gfs2_uevent,
28688 diff -urNp linux-2.6.32.1/fs/hfs/inode.c linux-2.6.32.1/fs/hfs/inode.c
28689 --- linux-2.6.32.1/fs/hfs/inode.c 2009-12-02 22:51:21.000000000 -0500
28690 +++ linux-2.6.32.1/fs/hfs/inode.c 2009-12-14 18:33:57.885855349 -0500
28691 @@ -423,7 +423,7 @@ int hfs_write_inode(struct inode *inode,
28693 if (S_ISDIR(main_inode->i_mode)) {
28694 if (fd.entrylength < sizeof(struct hfs_cat_dir))
28697 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
28698 sizeof(struct hfs_cat_dir));
28699 if (rec.type != HFS_CDR_DIR ||
28700 @@ -444,7 +444,7 @@ int hfs_write_inode(struct inode *inode,
28701 sizeof(struct hfs_cat_file));
28703 if (fd.entrylength < sizeof(struct hfs_cat_file))
28706 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
28707 sizeof(struct hfs_cat_file));
28708 if (rec.type != HFS_CDR_FIL ||
28709 diff -urNp linux-2.6.32.1/fs/hfsplus/inode.c linux-2.6.32.1/fs/hfsplus/inode.c
28710 --- linux-2.6.32.1/fs/hfsplus/inode.c 2009-12-02 22:51:21.000000000 -0500
28711 +++ linux-2.6.32.1/fs/hfsplus/inode.c 2009-12-14 18:33:57.895847427 -0500
28712 @@ -406,7 +406,7 @@ int hfsplus_cat_read_inode(struct inode
28713 struct hfsplus_cat_folder *folder = &entry.folder;
28715 if (fd->entrylength < sizeof(struct hfsplus_cat_folder))
28718 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
28719 sizeof(struct hfsplus_cat_folder));
28720 hfsplus_get_perms(inode, &folder->permissions, 1);
28721 @@ -423,7 +423,7 @@ int hfsplus_cat_read_inode(struct inode
28722 struct hfsplus_cat_file *file = &entry.file;
28724 if (fd->entrylength < sizeof(struct hfsplus_cat_file))
28727 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
28728 sizeof(struct hfsplus_cat_file));
28730 @@ -479,7 +479,7 @@ int hfsplus_cat_write_inode(struct inode
28731 struct hfsplus_cat_folder *folder = &entry.folder;
28733 if (fd.entrylength < sizeof(struct hfsplus_cat_folder))
28736 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
28737 sizeof(struct hfsplus_cat_folder));
28738 /* simple node checks? */
28739 @@ -501,7 +501,7 @@ int hfsplus_cat_write_inode(struct inode
28740 struct hfsplus_cat_file *file = &entry.file;
28742 if (fd.entrylength < sizeof(struct hfsplus_cat_file))
28745 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
28746 sizeof(struct hfsplus_cat_file));
28747 hfsplus_inode_write_fork(inode, &file->data_fork);
28748 diff -urNp linux-2.6.32.1/fs/ioctl.c linux-2.6.32.1/fs/ioctl.c
28749 --- linux-2.6.32.1/fs/ioctl.c 2009-12-02 22:51:21.000000000 -0500
28750 +++ linux-2.6.32.1/fs/ioctl.c 2009-12-14 18:33:57.904832927 -0500
28751 @@ -97,7 +97,7 @@ int fiemap_fill_next_extent(struct fiema
28752 u64 phys, u64 len, u32 flags)
28754 struct fiemap_extent extent;
28755 - struct fiemap_extent *dest = fieinfo->fi_extents_start;
28756 + struct fiemap_extent __user *dest = fieinfo->fi_extents_start;
28758 /* only count the extents */
28759 if (fieinfo->fi_extents_max == 0) {
28760 @@ -207,7 +207,7 @@ static int ioctl_fiemap(struct file *fil
28762 fieinfo.fi_flags = fiemap.fm_flags;
28763 fieinfo.fi_extents_max = fiemap.fm_extent_count;
28764 - fieinfo.fi_extents_start = (struct fiemap_extent *)(arg + sizeof(fiemap));
28765 + fieinfo.fi_extents_start = (struct fiemap_extent __user *)(arg + sizeof(fiemap));
28767 if (fiemap.fm_extent_count != 0 &&
28768 !access_ok(VERIFY_WRITE, fieinfo.fi_extents_start,
28769 @@ -220,7 +220,7 @@ static int ioctl_fiemap(struct file *fil
28770 error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, len);
28771 fiemap.fm_flags = fieinfo.fi_flags;
28772 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
28773 - if (copy_to_user((char *)arg, &fiemap, sizeof(fiemap)))
28774 + if (copy_to_user((__force char __user *)arg, &fiemap, sizeof(fiemap)))
28778 diff -urNp linux-2.6.32.1/fs/jffs2/debug.h linux-2.6.32.1/fs/jffs2/debug.h
28779 --- linux-2.6.32.1/fs/jffs2/debug.h 2009-12-02 22:51:21.000000000 -0500
28780 +++ linux-2.6.32.1/fs/jffs2/debug.h 2009-12-14 18:33:57.904832927 -0500
28781 @@ -52,13 +52,13 @@
28782 #if CONFIG_JFFS2_FS_DEBUG > 0
28786 +#define D1(x) do {} while (0);
28789 #if CONFIG_JFFS2_FS_DEBUG > 1
28793 +#define D2(x) do {} while (0);
28796 /* The prefixes of JFFS2 messages */
28797 @@ -114,73 +114,73 @@
28798 #ifdef JFFS2_DBG_READINODE_MESSAGES
28799 #define dbg_readinode(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28801 -#define dbg_readinode(fmt, ...)
28802 +#define dbg_readinode(fmt, ...) do {} while (0)
28804 #ifdef JFFS2_DBG_READINODE2_MESSAGES
28805 #define dbg_readinode2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28807 -#define dbg_readinode2(fmt, ...)
28808 +#define dbg_readinode2(fmt, ...) do {} while (0)
28811 /* Fragtree build debugging messages */
28812 #ifdef JFFS2_DBG_FRAGTREE_MESSAGES
28813 #define dbg_fragtree(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28815 -#define dbg_fragtree(fmt, ...)
28816 +#define dbg_fragtree(fmt, ...) do {} while (0)
28818 #ifdef JFFS2_DBG_FRAGTREE2_MESSAGES
28819 #define dbg_fragtree2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28821 -#define dbg_fragtree2(fmt, ...)
28822 +#define dbg_fragtree2(fmt, ...) do {} while (0)
28825 /* Directory entry list manilulation debugging messages */
28826 #ifdef JFFS2_DBG_DENTLIST_MESSAGES
28827 #define dbg_dentlist(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28829 -#define dbg_dentlist(fmt, ...)
28830 +#define dbg_dentlist(fmt, ...) do {} while (0)
28833 /* Print the messages about manipulating node_refs */
28834 #ifdef JFFS2_DBG_NODEREF_MESSAGES
28835 #define dbg_noderef(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28837 -#define dbg_noderef(fmt, ...)
28838 +#define dbg_noderef(fmt, ...) do {} while (0)
28841 /* Manipulations with the list of inodes (JFFS2 inocache) */
28842 #ifdef JFFS2_DBG_INOCACHE_MESSAGES
28843 #define dbg_inocache(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28845 -#define dbg_inocache(fmt, ...)
28846 +#define dbg_inocache(fmt, ...) do {} while (0)
28849 /* Summary debugging messages */
28850 #ifdef JFFS2_DBG_SUMMARY_MESSAGES
28851 #define dbg_summary(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28853 -#define dbg_summary(fmt, ...)
28854 +#define dbg_summary(fmt, ...) do {} while (0)
28857 /* File system build messages */
28858 #ifdef JFFS2_DBG_FSBUILD_MESSAGES
28859 #define dbg_fsbuild(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28861 -#define dbg_fsbuild(fmt, ...)
28862 +#define dbg_fsbuild(fmt, ...) do {} while (0)
28865 /* Watch the object allocations */
28866 #ifdef JFFS2_DBG_MEMALLOC_MESSAGES
28867 #define dbg_memalloc(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28869 -#define dbg_memalloc(fmt, ...)
28870 +#define dbg_memalloc(fmt, ...) do {} while (0)
28873 /* Watch the XATTR subsystem */
28874 #ifdef JFFS2_DBG_XATTR_MESSAGES
28875 #define dbg_xattr(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28877 -#define dbg_xattr(fmt, ...)
28878 +#define dbg_xattr(fmt, ...) do {} while (0)
28881 /* "Sanity" checks */
28882 diff -urNp linux-2.6.32.1/fs/jffs2/erase.c linux-2.6.32.1/fs/jffs2/erase.c
28883 --- linux-2.6.32.1/fs/jffs2/erase.c 2009-12-02 22:51:21.000000000 -0500
28884 +++ linux-2.6.32.1/fs/jffs2/erase.c 2009-12-14 18:33:57.905843834 -0500
28885 @@ -434,7 +434,8 @@ static void jffs2_mark_erased_block(stru
28886 struct jffs2_unknown_node marker = {
28887 .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
28888 .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
28889 - .totlen = cpu_to_je32(c->cleanmarker_size)
28890 + .totlen = cpu_to_je32(c->cleanmarker_size),
28891 + .hdr_crc = cpu_to_je32(0)
28894 jffs2_prealloc_raw_node_refs(c, jeb, 1);
28895 diff -urNp linux-2.6.32.1/fs/jffs2/summary.h linux-2.6.32.1/fs/jffs2/summary.h
28896 --- linux-2.6.32.1/fs/jffs2/summary.h 2009-12-02 22:51:21.000000000 -0500
28897 +++ linux-2.6.32.1/fs/jffs2/summary.h 2009-12-14 18:33:57.905843834 -0500
28898 @@ -194,18 +194,18 @@ int jffs2_sum_scan_sumnode(struct jffs2_
28900 #define jffs2_sum_active() (0)
28901 #define jffs2_sum_init(a) (0)
28902 -#define jffs2_sum_exit(a)
28903 -#define jffs2_sum_disable_collecting(a)
28904 +#define jffs2_sum_exit(a) do {} while (0)
28905 +#define jffs2_sum_disable_collecting(a) do {} while (0)
28906 #define jffs2_sum_is_disabled(a) (0)
28907 -#define jffs2_sum_reset_collected(a)
28908 +#define jffs2_sum_reset_collected(a) do {} while (0)
28909 #define jffs2_sum_add_kvec(a,b,c,d) (0)
28910 -#define jffs2_sum_move_collected(a,b)
28911 +#define jffs2_sum_move_collected(a,b) do {} while (0)
28912 #define jffs2_sum_write_sumnode(a) (0)
28913 -#define jffs2_sum_add_padding_mem(a,b)
28914 -#define jffs2_sum_add_inode_mem(a,b,c)
28915 -#define jffs2_sum_add_dirent_mem(a,b,c)
28916 -#define jffs2_sum_add_xattr_mem(a,b,c)
28917 -#define jffs2_sum_add_xref_mem(a,b,c)
28918 +#define jffs2_sum_add_padding_mem(a,b) do {} while (0)
28919 +#define jffs2_sum_add_inode_mem(a,b,c) do {} while (0)
28920 +#define jffs2_sum_add_dirent_mem(a,b,c) do {} while (0)
28921 +#define jffs2_sum_add_xattr_mem(a,b,c) do {} while (0)
28922 +#define jffs2_sum_add_xref_mem(a,b,c) do {} while (0)
28923 #define jffs2_sum_scan_sumnode(a,b,c,d,e) (0)
28925 #endif /* CONFIG_JFFS2_SUMMARY */
28926 diff -urNp linux-2.6.32.1/fs/jffs2/wbuf.c linux-2.6.32.1/fs/jffs2/wbuf.c
28927 --- linux-2.6.32.1/fs/jffs2/wbuf.c 2009-12-02 22:51:21.000000000 -0500
28928 +++ linux-2.6.32.1/fs/jffs2/wbuf.c 2009-12-14 18:33:57.905843834 -0500
28929 @@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node o
28931 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
28932 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
28933 - .totlen = constant_cpu_to_je32(8)
28934 + .totlen = constant_cpu_to_je32(8),
28935 + .hdr_crc = constant_cpu_to_je32(0)
28939 diff -urNp linux-2.6.32.1/fs/lockd/svc.c linux-2.6.32.1/fs/lockd/svc.c
28940 --- linux-2.6.32.1/fs/lockd/svc.c 2009-12-02 22:51:21.000000000 -0500
28941 +++ linux-2.6.32.1/fs/lockd/svc.c 2009-12-14 18:33:57.906758976 -0500
28944 static struct svc_program nlmsvc_program;
28946 -struct nlmsvc_binding * nlmsvc_ops;
28947 +const struct nlmsvc_binding * nlmsvc_ops;
28948 EXPORT_SYMBOL_GPL(nlmsvc_ops);
28950 static DEFINE_MUTEX(nlmsvc_mutex);
28951 diff -urNp linux-2.6.32.1/fs/locks.c linux-2.6.32.1/fs/locks.c
28952 --- linux-2.6.32.1/fs/locks.c 2009-12-02 22:51:21.000000000 -0500
28953 +++ linux-2.6.32.1/fs/locks.c 2009-12-14 18:33:57.909722690 -0500
28954 @@ -2007,16 +2007,16 @@ void locks_remove_flock(struct file *fil
28957 if (filp->f_op && filp->f_op->flock) {
28958 - struct file_lock fl = {
28959 + struct file_lock flock = {
28960 .fl_pid = current->tgid,
28962 .fl_flags = FL_FLOCK,
28963 .fl_type = F_UNLCK,
28964 .fl_end = OFFSET_MAX,
28966 - filp->f_op->flock(filp, F_SETLKW, &fl);
28967 - if (fl.fl_ops && fl.fl_ops->fl_release_private)
28968 - fl.fl_ops->fl_release_private(&fl);
28969 + filp->f_op->flock(filp, F_SETLKW, &flock);
28970 + if (flock.fl_ops && flock.fl_ops->fl_release_private)
28971 + flock.fl_ops->fl_release_private(&flock);
28975 diff -urNp linux-2.6.32.1/fs/namei.c linux-2.6.32.1/fs/namei.c
28976 --- linux-2.6.32.1/fs/namei.c 2009-12-02 22:51:21.000000000 -0500
28977 +++ linux-2.6.32.1/fs/namei.c 2009-12-14 18:33:57.940839156 -0500
28978 @@ -637,7 +637,7 @@ static __always_inline int __do_follow_l
28979 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
28980 error = PTR_ERR(cookie);
28981 if (!IS_ERR(cookie)) {
28982 - char *s = nd_get_link(nd);
28983 + const char *s = nd_get_link(nd);
28986 error = __vfs_follow_link(nd, s);
28987 @@ -668,6 +668,13 @@ static inline int do_follow_link(struct
28988 err = security_inode_follow_link(path->dentry, nd);
28992 + if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
28993 + path->dentry->d_inode, path->dentry, nd->path.mnt)) {
28998 current->link_count++;
28999 current->total_link_count++;
29001 @@ -1005,11 +1012,18 @@ return_reval:
29005 + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
29006 + path_put(&nd->path);
29011 path_put_conditional(&next, nd);
29014 + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
29017 path_put(&nd->path);
29020 @@ -1610,12 +1624,19 @@ static int __open_namei_create(struct na
29022 struct dentry *dir = nd->path.dentry;
29024 + if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, nd->path.mnt, flag, mode)) {
29029 if (!IS_POSIXACL(dir->d_inode))
29030 mode &= ~current_umask();
29031 error = security_path_mknod(&nd->path, path->dentry, mode, 0);
29034 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
29036 + gr_handle_create(path->dentry, nd->path.mnt);
29038 mutex_unlock(&dir->d_inode->i_mutex);
29039 dput(nd->path.dentry);
29040 @@ -1698,6 +1719,22 @@ struct file *do_filp_open(int dfd, const
29043 return ERR_PTR(error);
29045 + if (gr_handle_rofs_blockwrite(nd.path.dentry, nd.path.mnt, acc_mode)) {
29050 + if (gr_handle_rawio(nd.path.dentry->d_inode)) {
29055 + if (!gr_acl_handle_open(nd.path.dentry, nd.path.mnt, flag)) {
29063 @@ -1784,6 +1821,24 @@ do_last:
29065 * It already exists.
29068 + if (gr_handle_rofs_blockwrite(path.dentry, nd.path.mnt, acc_mode)) {
29070 + goto exit_mutex_unlock;
29072 + if (gr_handle_rawio(path.dentry->d_inode)) {
29074 + goto exit_mutex_unlock;
29076 + if (!gr_acl_handle_open(path.dentry, nd.path.mnt, flag)) {
29078 + goto exit_mutex_unlock;
29080 + if (gr_handle_fifo(path.dentry, nd.path.mnt, dir, flag, acc_mode)) {
29082 + goto exit_mutex_unlock;
29085 mutex_unlock(&dir->d_inode->i_mutex);
29086 audit_inode(pathname, path.dentry);
29088 @@ -1876,6 +1931,13 @@ do_link:
29089 error = security_inode_follow_link(path.dentry, &nd);
29093 + if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode,
29094 + path.dentry, nd.path.mnt)) {
29099 error = __do_follow_link(&path, &nd);
29101 /* Does someone understand code flow here? Or it is only
29102 @@ -2050,6 +2112,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
29103 error = may_mknod(mode);
29107 + if (gr_handle_chroot_mknod(dentry, nd.path.mnt, mode)) {
29112 + if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
29117 error = mnt_want_write(nd.path.mnt);
29120 @@ -2070,6 +2143,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
29123 mnt_drop_write(nd.path.mnt);
29126 + gr_handle_create(dentry, nd.path.mnt);
29130 @@ -2123,6 +2199,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
29131 if (IS_ERR(dentry))
29134 + if (!gr_acl_handle_mkdir(dentry, nd.path.dentry, nd.path.mnt)) {
29139 if (!IS_POSIXACL(nd.path.dentry->d_inode))
29140 mode &= ~current_umask();
29141 error = mnt_want_write(nd.path.mnt);
29142 @@ -2134,6 +2215,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
29143 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
29145 mnt_drop_write(nd.path.mnt);
29148 + gr_handle_create(dentry, nd.path.mnt);
29153 @@ -2215,6 +2300,8 @@ static long do_rmdir(int dfd, const char
29155 struct dentry *dentry;
29156 struct nameidata nd;
29157 + ino_t saved_ino = 0;
29158 + dev_t saved_dev = 0;
29160 error = user_path_parent(dfd, pathname, &nd, &name);
29162 @@ -2239,6 +2326,19 @@ static long do_rmdir(int dfd, const char
29163 error = PTR_ERR(dentry);
29164 if (IS_ERR(dentry))
29167 + if (dentry->d_inode != NULL) {
29168 + if (dentry->d_inode->i_nlink <= 1) {
29169 + saved_ino = dentry->d_inode->i_ino;
29170 + saved_dev = dentry->d_inode->i_sb->s_dev;
29173 + if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
29179 error = mnt_want_write(nd.path.mnt);
29182 @@ -2246,6 +2346,8 @@ static long do_rmdir(int dfd, const char
29185 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
29186 + if (!error && (saved_dev || saved_ino))
29187 + gr_handle_delete(saved_ino, saved_dev);
29189 mnt_drop_write(nd.path.mnt);
29191 @@ -2307,6 +2409,8 @@ static long do_unlinkat(int dfd, const c
29192 struct dentry *dentry;
29193 struct nameidata nd;
29194 struct inode *inode = NULL;
29195 + ino_t saved_ino = 0;
29196 + dev_t saved_dev = 0;
29198 error = user_path_parent(dfd, pathname, &nd, &name);
29200 @@ -2326,8 +2430,19 @@ static long do_unlinkat(int dfd, const c
29201 if (nd.last.name[nd.last.len])
29203 inode = dentry->d_inode;
29206 + if (inode->i_nlink <= 1) {
29207 + saved_ino = inode->i_ino;
29208 + saved_dev = inode->i_sb->s_dev;
29211 atomic_inc(&inode->i_count);
29213 + if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
29218 error = mnt_want_write(nd.path.mnt);
29221 @@ -2335,6 +2450,8 @@ static long do_unlinkat(int dfd, const c
29224 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
29225 + if (!error && (saved_ino || saved_dev))
29226 + gr_handle_delete(saved_ino, saved_dev);
29228 mnt_drop_write(nd.path.mnt);
29230 @@ -2413,6 +2530,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
29231 if (IS_ERR(dentry))
29234 + if (!gr_acl_handle_symlink(dentry, nd.path.dentry, nd.path.mnt, from)) {
29239 error = mnt_want_write(nd.path.mnt);
29242 @@ -2420,6 +2542,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
29244 goto out_drop_write;
29245 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
29247 + gr_handle_create(dentry, nd.path.mnt);
29249 mnt_drop_write(nd.path.mnt);
29251 @@ -2513,6 +2637,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
29252 error = PTR_ERR(new_dentry);
29253 if (IS_ERR(new_dentry))
29256 + if (gr_handle_hardlink(old_path.dentry, old_path.mnt,
29257 + old_path.dentry->d_inode,
29258 + old_path.dentry->d_inode->i_mode, to)) {
29263 + if (!gr_acl_handle_link(new_dentry, nd.path.dentry, nd.path.mnt,
29264 + old_path.dentry, old_path.mnt, to)) {
29269 error = mnt_want_write(nd.path.mnt);
29272 @@ -2520,6 +2658,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
29274 goto out_drop_write;
29275 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
29277 + gr_handle_create(new_dentry, nd.path.mnt);
29279 mnt_drop_write(nd.path.mnt);
29281 @@ -2753,6 +2893,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
29282 if (new_dentry == trap)
29285 + error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt,
29286 + old_dentry, old_dir->d_inode, oldnd.path.mnt,
29291 error = mnt_want_write(oldnd.path.mnt);
29294 @@ -2762,6 +2908,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
29296 error = vfs_rename(old_dir->d_inode, old_dentry,
29297 new_dir->d_inode, new_dentry);
29299 + gr_handle_rename(old_dir->d_inode, new_dir->d_inode, old_dentry,
29300 + new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0);
29302 mnt_drop_write(oldnd.path.mnt);
29304 diff -urNp linux-2.6.32.1/fs/namespace.c linux-2.6.32.1/fs/namespace.c
29305 --- linux-2.6.32.1/fs/namespace.c 2009-12-02 22:51:21.000000000 -0500
29306 +++ linux-2.6.32.1/fs/namespace.c 2009-12-14 18:33:57.945802364 -0500
29307 @@ -1083,6 +1083,9 @@ static int do_umount(struct vfsmount *mn
29308 if (!(sb->s_flags & MS_RDONLY))
29309 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
29310 up_write(&sb->s_umount);
29312 + gr_log_remount(mnt->mnt_devname, retval);
29317 @@ -1104,6 +1107,9 @@ static int do_umount(struct vfsmount *mn
29318 security_sb_umount_busy(mnt);
29319 up_write(&namespace_sem);
29320 release_mounts(&umount_list);
29322 + gr_log_unmount(mnt->mnt_devname, retval);
29327 @@ -1955,6 +1961,16 @@ long do_mount(char *dev_name, char *dir_
29331 + if (gr_handle_rofs_mount(path.dentry, path.mnt, mnt_flags)) {
29336 + if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) {
29341 if (flags & MS_REMOUNT)
29342 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
29344 @@ -1969,6 +1985,9 @@ long do_mount(char *dev_name, char *dir_
29345 dev_name, data_page);
29349 + gr_log_mount(dev_name, dir_name, retval);
29354 @@ -2175,6 +2194,12 @@ SYSCALL_DEFINE2(pivot_root, const char _
29358 + if (gr_handle_chroot_pivot()) {
29364 read_lock(¤t->fs->lock);
29365 root = current->fs->root;
29366 path_get(¤t->fs->root);
29367 diff -urNp linux-2.6.32.1/fs/nfs/nfs4proc.c linux-2.6.32.1/fs/nfs/nfs4proc.c
29368 --- linux-2.6.32.1/fs/nfs/nfs4proc.c 2009-12-02 22:51:21.000000000 -0500
29369 +++ linux-2.6.32.1/fs/nfs/nfs4proc.c 2009-12-14 18:33:57.971842965 -0500
29370 @@ -1131,7 +1131,7 @@ static int _nfs4_do_open_reclaim(struct
29371 static int nfs4_do_open_reclaim(struct nfs_open_context *ctx, struct nfs4_state *state)
29373 struct nfs_server *server = NFS_SERVER(state->inode);
29374 - struct nfs4_exception exception = { };
29375 + struct nfs4_exception exception = {0, 0};
29378 err = _nfs4_do_open_reclaim(ctx, state);
29379 @@ -1173,7 +1173,7 @@ static int _nfs4_open_delegation_recall(
29381 int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
29383 - struct nfs4_exception exception = { };
29384 + struct nfs4_exception exception = {0, 0};
29385 struct nfs_server *server = NFS_SERVER(state->inode);
29388 @@ -1491,7 +1491,7 @@ static int _nfs4_open_expired(struct nfs
29389 static inline int nfs4_do_open_expired(struct nfs_open_context *ctx, struct nfs4_state *state)
29391 struct nfs_server *server = NFS_SERVER(state->inode);
29392 - struct nfs4_exception exception = { };
29393 + struct nfs4_exception exception = {0, 0};
29397 @@ -1589,7 +1589,7 @@ out_err:
29399 static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, fmode_t fmode, int flags, struct iattr *sattr, struct rpc_cred *cred)
29401 - struct nfs4_exception exception = { };
29402 + struct nfs4_exception exception = {0, 0};
29403 struct nfs4_state *res;
29406 @@ -1680,7 +1680,7 @@ static int nfs4_do_setattr(struct inode
29407 struct nfs4_state *state)
29409 struct nfs_server *server = NFS_SERVER(inode);
29410 - struct nfs4_exception exception = { };
29411 + struct nfs4_exception exception = {0, 0};
29414 err = nfs4_handle_exception(server,
29415 @@ -2046,7 +2046,7 @@ static int _nfs4_server_capabilities(str
29417 int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle)
29419 - struct nfs4_exception exception = { };
29420 + struct nfs4_exception exception = {0, 0};
29423 err = nfs4_handle_exception(server,
29424 @@ -2080,7 +2080,7 @@ static int _nfs4_lookup_root(struct nfs_
29425 static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
29426 struct nfs_fsinfo *info)
29428 - struct nfs4_exception exception = { };
29429 + struct nfs4_exception exception = {0, 0};
29432 err = nfs4_handle_exception(server,
29433 @@ -2169,7 +2169,7 @@ static int _nfs4_proc_getattr(struct nfs
29435 static int nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
29437 - struct nfs4_exception exception = { };
29438 + struct nfs4_exception exception = {0, 0};
29441 err = nfs4_handle_exception(server,
29442 @@ -2257,7 +2257,7 @@ static int nfs4_proc_lookupfh(struct nfs
29443 struct qstr *name, struct nfs_fh *fhandle,
29444 struct nfs_fattr *fattr)
29446 - struct nfs4_exception exception = { };
29447 + struct nfs4_exception exception = {0, 0};
29450 err = _nfs4_proc_lookupfh(server, dirfh, name, fhandle, fattr);
29451 @@ -2286,7 +2286,7 @@ static int _nfs4_proc_lookup(struct inod
29453 static int nfs4_proc_lookup(struct inode *dir, struct qstr *name, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
29455 - struct nfs4_exception exception = { };
29456 + struct nfs4_exception exception = {0, 0};
29459 err = nfs4_handle_exception(NFS_SERVER(dir),
29460 @@ -2350,7 +2350,7 @@ static int _nfs4_proc_access(struct inod
29462 static int nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry)
29464 - struct nfs4_exception exception = { };
29465 + struct nfs4_exception exception = {0, 0};
29468 err = nfs4_handle_exception(NFS_SERVER(inode),
29469 @@ -2406,7 +2406,7 @@ static int _nfs4_proc_readlink(struct in
29470 static int nfs4_proc_readlink(struct inode *inode, struct page *page,
29471 unsigned int pgbase, unsigned int pglen)
29473 - struct nfs4_exception exception = { };
29474 + struct nfs4_exception exception = {0, 0};
29477 err = nfs4_handle_exception(NFS_SERVER(inode),
29478 @@ -2504,7 +2504,7 @@ static int _nfs4_proc_remove(struct inod
29480 static int nfs4_proc_remove(struct inode *dir, struct qstr *name)
29482 - struct nfs4_exception exception = { };
29483 + struct nfs4_exception exception = {0, 0};
29486 err = nfs4_handle_exception(NFS_SERVER(dir),
29487 @@ -2578,7 +2578,7 @@ static int _nfs4_proc_rename(struct inod
29488 static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name,
29489 struct inode *new_dir, struct qstr *new_name)
29491 - struct nfs4_exception exception = { };
29492 + struct nfs4_exception exception = {0, 0};
29495 err = nfs4_handle_exception(NFS_SERVER(old_dir),
29496 @@ -2625,7 +2625,7 @@ static int _nfs4_proc_link(struct inode
29498 static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
29500 - struct nfs4_exception exception = { };
29501 + struct nfs4_exception exception = {0, 0};
29504 err = nfs4_handle_exception(NFS_SERVER(inode),
29505 @@ -2717,7 +2717,7 @@ out:
29506 static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
29507 struct page *page, unsigned int len, struct iattr *sattr)
29509 - struct nfs4_exception exception = { };
29510 + struct nfs4_exception exception = {0, 0};
29513 err = nfs4_handle_exception(NFS_SERVER(dir),
29514 @@ -2748,7 +2748,7 @@ out:
29515 static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
29516 struct iattr *sattr)
29518 - struct nfs4_exception exception = { };
29519 + struct nfs4_exception exception = {0, 0};
29522 err = nfs4_handle_exception(NFS_SERVER(dir),
29523 @@ -2797,7 +2797,7 @@ static int _nfs4_proc_readdir(struct den
29524 static int nfs4_proc_readdir(struct dentry *dentry, struct rpc_cred *cred,
29525 u64 cookie, struct page *page, unsigned int count, int plus)
29527 - struct nfs4_exception exception = { };
29528 + struct nfs4_exception exception = {0, 0};
29531 err = nfs4_handle_exception(NFS_SERVER(dentry->d_inode),
29532 @@ -2845,7 +2845,7 @@ out:
29533 static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
29534 struct iattr *sattr, dev_t rdev)
29536 - struct nfs4_exception exception = { };
29537 + struct nfs4_exception exception = {0, 0};
29540 err = nfs4_handle_exception(NFS_SERVER(dir),
29541 @@ -2877,7 +2877,7 @@ static int _nfs4_proc_statfs(struct nfs_
29543 static int nfs4_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsstat *fsstat)
29545 - struct nfs4_exception exception = { };
29546 + struct nfs4_exception exception = {0, 0};
29549 err = nfs4_handle_exception(server,
29550 @@ -2908,7 +2908,7 @@ static int _nfs4_do_fsinfo(struct nfs_se
29552 static int nfs4_do_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsinfo *fsinfo)
29554 - struct nfs4_exception exception = { };
29555 + struct nfs4_exception exception = {0, 0};
29559 @@ -2954,7 +2954,7 @@ static int _nfs4_proc_pathconf(struct nf
29560 static int nfs4_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
29561 struct nfs_pathconf *pathconf)
29563 - struct nfs4_exception exception = { };
29564 + struct nfs4_exception exception = {0, 0};
29568 @@ -3253,7 +3253,7 @@ out_free:
29570 static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
29572 - struct nfs4_exception exception = { };
29573 + struct nfs4_exception exception = {0, 0};
29576 ret = __nfs4_get_acl_uncached(inode, buf, buflen);
29577 @@ -3309,7 +3309,7 @@ static int __nfs4_proc_set_acl(struct in
29579 static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
29581 - struct nfs4_exception exception = { };
29582 + struct nfs4_exception exception = {0, 0};
29585 err = nfs4_handle_exception(NFS_SERVER(inode),
29586 @@ -3574,7 +3574,7 @@ out:
29587 int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync)
29589 struct nfs_server *server = NFS_SERVER(inode);
29590 - struct nfs4_exception exception = { };
29591 + struct nfs4_exception exception = {0, 0};
29594 err = _nfs4_proc_delegreturn(inode, cred, stateid, issync);
29595 @@ -3647,7 +3647,7 @@ out:
29597 static int nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock *request)
29599 - struct nfs4_exception exception = { };
29600 + struct nfs4_exception exception = {0, 0};
29604 @@ -4021,7 +4021,7 @@ static int _nfs4_do_setlk(struct nfs4_st
29605 static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request)
29607 struct nfs_server *server = NFS_SERVER(state->inode);
29608 - struct nfs4_exception exception = { };
29609 + struct nfs4_exception exception = {0, 0};
29613 @@ -4039,7 +4039,7 @@ static int nfs4_lock_reclaim(struct nfs4
29614 static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request)
29616 struct nfs_server *server = NFS_SERVER(state->inode);
29617 - struct nfs4_exception exception = { };
29618 + struct nfs4_exception exception = {0, 0};
29621 err = nfs4_set_lock_state(state, request);
29622 @@ -4094,7 +4094,7 @@ out:
29624 static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock *request)
29626 - struct nfs4_exception exception = { };
29627 + struct nfs4_exception exception = {0, 0};
29631 @@ -4154,7 +4154,7 @@ nfs4_proc_lock(struct file *filp, int cm
29632 int nfs4_lock_delegation_recall(struct nfs4_state *state, struct file_lock *fl)
29634 struct nfs_server *server = NFS_SERVER(state->inode);
29635 - struct nfs4_exception exception = { };
29636 + struct nfs4_exception exception = {0, 0};
29639 err = nfs4_set_lock_state(state, fl);
29640 diff -urNp linux-2.6.32.1/fs/nfsd/lockd.c linux-2.6.32.1/fs/nfsd/lockd.c
29641 --- linux-2.6.32.1/fs/nfsd/lockd.c 2009-12-02 22:51:21.000000000 -0500
29642 +++ linux-2.6.32.1/fs/nfsd/lockd.c 2009-12-14 18:33:57.979842084 -0500
29643 @@ -67,7 +67,7 @@ nlm_fclose(struct file *filp)
29647 -static struct nlmsvc_binding nfsd_nlm_ops = {
29648 +static const struct nlmsvc_binding nfsd_nlm_ops = {
29649 .fopen = nlm_fopen, /* open file for locking */
29650 .fclose = nlm_fclose, /* close file */
29652 diff -urNp linux-2.6.32.1/fs/nfsd/vfs.c linux-2.6.32.1/fs/nfsd/vfs.c
29653 --- linux-2.6.32.1/fs/nfsd/vfs.c 2009-12-02 22:51:21.000000000 -0500
29654 +++ linux-2.6.32.1/fs/nfsd/vfs.c 2009-12-14 18:33:57.989771739 -0500
29655 @@ -940,7 +940,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st
29659 - host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset);
29660 + host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset);
29664 @@ -1063,7 +1063,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s
29666 /* Write the data. */
29667 oldfs = get_fs(); set_fs(KERNEL_DS);
29668 - host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset);
29669 + host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset);
29673 @@ -1538,7 +1538,7 @@ nfsd_readlink(struct svc_rqst *rqstp, st
29676 oldfs = get_fs(); set_fs(KERNEL_DS);
29677 - host_err = inode->i_op->readlink(dentry, buf, *lenp);
29678 + host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp);
29682 diff -urNp linux-2.6.32.1/fs/nls/nls_base.c linux-2.6.32.1/fs/nls/nls_base.c
29683 --- linux-2.6.32.1/fs/nls/nls_base.c 2009-12-02 22:51:21.000000000 -0500
29684 +++ linux-2.6.32.1/fs/nls/nls_base.c 2009-12-14 18:33:58.003745323 -0500
29685 @@ -41,7 +41,7 @@ static const struct utf8_table utf8_tabl
29686 {0xF8, 0xF0, 3*6, 0x1FFFFF, 0x10000, /* 4 byte sequence */},
29687 {0xFC, 0xF8, 4*6, 0x3FFFFFF, 0x200000, /* 5 byte sequence */},
29688 {0xFE, 0xFC, 5*6, 0x7FFFFFFF, 0x4000000, /* 6 byte sequence */},
29689 - {0, /* end of table */}
29690 + {0, 0, 0, 0, 0, /* end of table */}
29693 #define UNICODE_MAX 0x0010ffff
29694 diff -urNp linux-2.6.32.1/fs/ntfs/file.c linux-2.6.32.1/fs/ntfs/file.c
29695 --- linux-2.6.32.1/fs/ntfs/file.c 2009-12-02 22:51:21.000000000 -0500
29696 +++ linux-2.6.32.1/fs/ntfs/file.c 2009-12-14 18:33:58.017886590 -0500
29697 @@ -2243,6 +2243,6 @@ const struct inode_operations ntfs_file_
29698 #endif /* NTFS_RW */
29701 -const struct file_operations ntfs_empty_file_ops = {};
29702 +const struct file_operations ntfs_empty_file_ops __read_only;
29704 -const struct inode_operations ntfs_empty_inode_ops = {};
29705 +const struct inode_operations ntfs_empty_inode_ops __read_only;
29706 diff -urNp linux-2.6.32.1/fs/ocfs2/cluster/masklog.c linux-2.6.32.1/fs/ocfs2/cluster/masklog.c
29707 --- linux-2.6.32.1/fs/ocfs2/cluster/masklog.c 2009-12-02 22:51:21.000000000 -0500
29708 +++ linux-2.6.32.1/fs/ocfs2/cluster/masklog.c 2009-12-14 18:33:58.046723305 -0500
29709 @@ -135,7 +135,7 @@ static ssize_t mlog_store(struct kobject
29710 return mlog_mask_store(mlog_attr->mask, buf, count);
29713 -static struct sysfs_ops mlog_attr_ops = {
29714 +static const struct sysfs_ops mlog_attr_ops = {
29716 .store = mlog_store,
29718 diff -urNp linux-2.6.32.1/fs/ocfs2/localalloc.c linux-2.6.32.1/fs/ocfs2/localalloc.c
29719 --- linux-2.6.32.1/fs/ocfs2/localalloc.c 2009-12-02 22:51:21.000000000 -0500
29720 +++ linux-2.6.32.1/fs/ocfs2/localalloc.c 2009-12-14 18:33:58.070813486 -0500
29721 @@ -1188,7 +1188,7 @@ static int ocfs2_local_alloc_slide_windo
29725 - atomic_inc(&osb->alloc_stats.moves);
29726 + atomic_inc_unchecked(&osb->alloc_stats.moves);
29730 diff -urNp linux-2.6.32.1/fs/ocfs2/ocfs2.h linux-2.6.32.1/fs/ocfs2/ocfs2.h
29731 --- linux-2.6.32.1/fs/ocfs2/ocfs2.h 2009-12-02 22:51:21.000000000 -0500
29732 +++ linux-2.6.32.1/fs/ocfs2/ocfs2.h 2009-12-14 18:33:58.081752152 -0500
29733 @@ -217,11 +217,11 @@ enum ocfs2_vol_state
29735 struct ocfs2_alloc_stats
29738 - atomic_t local_data;
29739 - atomic_t bitmap_data;
29740 - atomic_t bg_allocs;
29741 - atomic_t bg_extends;
29742 + atomic_unchecked_t moves;
29743 + atomic_unchecked_t local_data;
29744 + atomic_unchecked_t bitmap_data;
29745 + atomic_unchecked_t bg_allocs;
29746 + atomic_unchecked_t bg_extends;
29749 enum ocfs2_local_alloc_state
29750 diff -urNp linux-2.6.32.1/fs/ocfs2/suballoc.c linux-2.6.32.1/fs/ocfs2/suballoc.c
29751 --- linux-2.6.32.1/fs/ocfs2/suballoc.c 2009-12-02 22:51:21.000000000 -0500
29752 +++ linux-2.6.32.1/fs/ocfs2/suballoc.c 2009-12-14 18:33:58.112763271 -0500
29753 @@ -620,7 +620,7 @@ static int ocfs2_reserve_suballoc_bits(s
29754 mlog_errno(status);
29757 - atomic_inc(&osb->alloc_stats.bg_extends);
29758 + atomic_inc_unchecked(&osb->alloc_stats.bg_extends);
29760 /* You should never ask for this much metadata */
29761 BUG_ON(bits_wanted >
29762 @@ -1651,7 +1651,7 @@ int ocfs2_claim_metadata(struct ocfs2_su
29763 mlog_errno(status);
29766 - atomic_inc(&osb->alloc_stats.bg_allocs);
29767 + atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
29769 *blkno_start = bg_blkno + (u64) *suballoc_bit_start;
29770 ac->ac_bits_given += (*num_bits);
29771 @@ -1725,7 +1725,7 @@ int ocfs2_claim_new_inode(struct ocfs2_s
29772 mlog_errno(status);
29775 - atomic_inc(&osb->alloc_stats.bg_allocs);
29776 + atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
29778 BUG_ON(num_bits != 1);
29780 @@ -1827,7 +1827,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
29784 - atomic_inc(&osb->alloc_stats.local_data);
29785 + atomic_inc_unchecked(&osb->alloc_stats.local_data);
29787 if (min_clusters > (osb->bitmap_cpg - 1)) {
29788 /* The only paths asking for contiguousness
29789 @@ -1855,7 +1855,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
29790 ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
29793 - atomic_inc(&osb->alloc_stats.bitmap_data);
29794 + atomic_inc_unchecked(&osb->alloc_stats.bitmap_data);
29798 diff -urNp linux-2.6.32.1/fs/ocfs2/super.c linux-2.6.32.1/fs/ocfs2/super.c
29799 --- linux-2.6.32.1/fs/ocfs2/super.c 2009-12-02 22:51:21.000000000 -0500
29800 +++ linux-2.6.32.1/fs/ocfs2/super.c 2009-12-14 18:33:58.129850125 -0500
29801 @@ -284,11 +284,11 @@ static int ocfs2_osb_dump(struct ocfs2_s
29802 "%10s => GlobalAllocs: %d LocalAllocs: %d "
29803 "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n",
29805 - atomic_read(&osb->alloc_stats.bitmap_data),
29806 - atomic_read(&osb->alloc_stats.local_data),
29807 - atomic_read(&osb->alloc_stats.bg_allocs),
29808 - atomic_read(&osb->alloc_stats.moves),
29809 - atomic_read(&osb->alloc_stats.bg_extends));
29810 + atomic_read_unchecked(&osb->alloc_stats.bitmap_data),
29811 + atomic_read_unchecked(&osb->alloc_stats.local_data),
29812 + atomic_read_unchecked(&osb->alloc_stats.bg_allocs),
29813 + atomic_read_unchecked(&osb->alloc_stats.moves),
29814 + atomic_read_unchecked(&osb->alloc_stats.bg_extends));
29816 out += snprintf(buf + out, len - out,
29817 "%10s => State: %u Descriptor: %llu Size: %u bits "
29818 @@ -1998,11 +1998,11 @@ static int ocfs2_initialize_super(struct
29819 spin_lock_init(&osb->osb_xattr_lock);
29820 ocfs2_init_inode_steal_slot(osb);
29822 - atomic_set(&osb->alloc_stats.moves, 0);
29823 - atomic_set(&osb->alloc_stats.local_data, 0);
29824 - atomic_set(&osb->alloc_stats.bitmap_data, 0);
29825 - atomic_set(&osb->alloc_stats.bg_allocs, 0);
29826 - atomic_set(&osb->alloc_stats.bg_extends, 0);
29827 + atomic_set_unchecked(&osb->alloc_stats.moves, 0);
29828 + atomic_set_unchecked(&osb->alloc_stats.local_data, 0);
29829 + atomic_set_unchecked(&osb->alloc_stats.bitmap_data, 0);
29830 + atomic_set_unchecked(&osb->alloc_stats.bg_allocs, 0);
29831 + atomic_set_unchecked(&osb->alloc_stats.bg_extends, 0);
29833 /* Copy the blockcheck stats from the superblock probe */
29834 osb->osb_ecc_stats = *stats;
29835 diff -urNp linux-2.6.32.1/fs/open.c linux-2.6.32.1/fs/open.c
29836 --- linux-2.6.32.1/fs/open.c 2009-12-02 22:51:21.000000000 -0500
29837 +++ linux-2.6.32.1/fs/open.c 2009-12-14 18:33:58.165729130 -0500
29838 @@ -206,6 +206,9 @@ int do_truncate(struct dentry *dentry, l
29842 + if (filp && !gr_acl_handle_truncate(dentry, filp->f_path.mnt))
29845 newattrs.ia_size = length;
29846 newattrs.ia_valid = ATTR_SIZE | time_attrs;
29848 @@ -511,6 +514,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, con
29849 if (__mnt_is_readonly(path.mnt))
29852 + if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode))
29858 @@ -537,6 +543,8 @@ SYSCALL_DEFINE1(chdir, const char __user
29862 + gr_log_chdir(path.dentry, path.mnt);
29864 set_fs_pwd(current->fs, &path);
29867 @@ -563,6 +571,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd
29870 error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
29872 + if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt))
29876 + gr_log_chdir(file->f_path.dentry, file->f_path.mnt);
29879 set_fs_pwd(current->fs, &file->f_path);
29881 @@ -588,7 +603,18 @@ SYSCALL_DEFINE1(chroot, const char __use
29882 if (!capable(CAP_SYS_CHROOT))
29885 + if (gr_handle_chroot_chroot(path.dentry, path.mnt))
29886 + goto dput_and_out;
29888 + if (gr_handle_chroot_caps(&path)) {
29890 + goto dput_and_out;
29893 set_fs_root(current->fs, &path);
29895 + gr_handle_chroot_chdir(&path);
29900 @@ -616,13 +642,28 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
29901 err = mnt_want_write_file(file);
29905 + if (!gr_acl_handle_fchmod(dentry, file->f_path.mnt, mode)) {
29907 + goto out_drop_write;
29910 mutex_lock(&inode->i_mutex);
29911 if (mode == (mode_t) -1)
29912 mode = inode->i_mode;
29914 + if (gr_handle_chroot_chmod(dentry, file->f_path.mnt, mode)) {
29916 + mutex_unlock(&inode->i_mutex);
29917 + goto out_drop_write;
29920 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
29921 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
29922 err = notify_change(dentry, &newattrs);
29923 mutex_unlock(&inode->i_mutex);
29926 mnt_drop_write(file->f_path.mnt);
29929 @@ -645,13 +686,28 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
29930 error = mnt_want_write(path.mnt);
29934 + if (!gr_acl_handle_chmod(path.dentry, path.mnt, mode)) {
29936 + goto out_drop_write;
29939 mutex_lock(&inode->i_mutex);
29940 if (mode == (mode_t) -1)
29941 mode = inode->i_mode;
29943 + if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
29945 + mutex_unlock(&inode->i_mutex);
29946 + goto out_drop_write;
29949 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
29950 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
29951 error = notify_change(path.dentry, &newattrs);
29952 mutex_unlock(&inode->i_mutex);
29955 mnt_drop_write(path.mnt);
29958 @@ -664,12 +720,15 @@ SYSCALL_DEFINE2(chmod, const char __user
29959 return sys_fchmodat(AT_FDCWD, filename, mode);
29962 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
29963 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
29965 struct inode *inode = dentry->d_inode;
29967 struct iattr newattrs;
29969 + if (!gr_acl_handle_chown(dentry, mnt))
29972 newattrs.ia_valid = ATTR_CTIME;
29973 if (user != (uid_t) -1) {
29974 newattrs.ia_valid |= ATTR_UID;
29975 @@ -775,7 +775,7 @@ SYSCALL_DEFINE3(chown, const char __user
29976 error = cow_check_and_break(&path);
29979 - error = chown_common(path.dentry, user, group);
29980 + error = chown_common(path.dentry, user, group, path.nmt);
29981 mnt_drop_write(path.mnt);
29984 @@ -804,7 +804,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
29985 error = cow_check_and_break(&path);
29988 - error = chown_common(path.dentry, user, group);
29989 + error = chown_common(path.dentry, user, group, path.nmt);
29990 mnt_drop_write(path.mnt);
29993 @@ -827,7 +827,7 @@ SYSCALL_DEFINE3(lchown, const char __use
29994 error = cow_check_and_break(&path);
29997 - error = chown_common(path.dentry, user, group);
29998 + error = chown_common(path.dentry, user, group, path.nmt);
29999 mnt_drop_write(path.mnt);
30002 @@ -850,7 +850,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
30004 dentry = file->f_path.dentry;
30005 audit_inode(NULL, dentry);
30006 - error = chown_common(dentry, user, group);
30007 + error = chown_common(dentry, user, group, file->f_path.mnt);
30008 mnt_drop_write(file->f_path.mnt);
30011 diff -urNp linux-2.6.32.1/fs/pipe.c linux-2.6.32.1/fs/pipe.c
30012 --- linux-2.6.32.1/fs/pipe.c 2009-12-02 22:51:21.000000000 -0500
30013 +++ linux-2.6.32.1/fs/pipe.c 2009-12-14 18:33:58.165729130 -0500
30014 @@ -401,9 +401,9 @@ redo:
30016 if (bufs) /* More to do? */
30018 - if (!pipe->writers)
30019 + if (!atomic_read(&pipe->writers))
30021 - if (!pipe->waiting_writers) {
30022 + if (!atomic_read(&pipe->waiting_writers)) {
30023 /* syscall merging: Usually we must not sleep
30024 * if O_NONBLOCK is set, or if we got some data.
30025 * But if a writer sleeps in kernel space, then
30026 @@ -462,7 +462,7 @@ pipe_write(struct kiocb *iocb, const str
30027 mutex_lock(&inode->i_mutex);
30028 pipe = inode->i_pipe;
30030 - if (!pipe->readers) {
30031 + if (!atomic_read(&pipe->readers)) {
30032 send_sig(SIGPIPE, current, 0);
30035 @@ -511,7 +511,7 @@ redo1:
30039 - if (!pipe->readers) {
30040 + if (!atomic_read(&pipe->readers)) {
30041 send_sig(SIGPIPE, current, 0);
30044 @@ -597,9 +597,9 @@ redo2:
30045 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
30048 - pipe->waiting_writers++;
30049 + atomic_inc(&pipe->waiting_writers);
30051 - pipe->waiting_writers--;
30052 + atomic_dec(&pipe->waiting_writers);
30055 mutex_unlock(&inode->i_mutex);
30056 @@ -666,7 +666,7 @@ pipe_poll(struct file *filp, poll_table
30058 if (filp->f_mode & FMODE_READ) {
30059 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
30060 - if (!pipe->writers && filp->f_version != pipe->w_counter)
30061 + if (!atomic_read(&pipe->writers) && filp->f_version != pipe->w_counter)
30065 @@ -676,7 +676,7 @@ pipe_poll(struct file *filp, poll_table
30066 * Most Unices do not set POLLERR for FIFOs but on Linux they
30067 * behave exactly like pipes for poll().
30069 - if (!pipe->readers)
30070 + if (!atomic_read(&pipe->readers))
30074 @@ -690,10 +690,10 @@ pipe_release(struct inode *inode, int de
30076 mutex_lock(&inode->i_mutex);
30077 pipe = inode->i_pipe;
30078 - pipe->readers -= decr;
30079 - pipe->writers -= decw;
30080 + atomic_sub(decr, &pipe->readers);
30081 + atomic_sub(decw, &pipe->writers);
30083 - if (!pipe->readers && !pipe->writers) {
30084 + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
30085 free_pipe_info(inode);
30087 wake_up_interruptible_sync(&pipe->wait);
30088 @@ -783,7 +783,7 @@ pipe_read_open(struct inode *inode, stru
30090 if (inode->i_pipe) {
30092 - inode->i_pipe->readers++;
30093 + atomic_inc(&inode->i_pipe->readers);
30096 mutex_unlock(&inode->i_mutex);
30097 @@ -800,7 +800,7 @@ pipe_write_open(struct inode *inode, str
30099 if (inode->i_pipe) {
30101 - inode->i_pipe->writers++;
30102 + atomic_inc(&inode->i_pipe->writers);
30105 mutex_unlock(&inode->i_mutex);
30106 @@ -818,9 +818,9 @@ pipe_rdwr_open(struct inode *inode, stru
30107 if (inode->i_pipe) {
30109 if (filp->f_mode & FMODE_READ)
30110 - inode->i_pipe->readers++;
30111 + atomic_inc(&inode->i_pipe->readers);
30112 if (filp->f_mode & FMODE_WRITE)
30113 - inode->i_pipe->writers++;
30114 + atomic_inc(&inode->i_pipe->writers);
30117 mutex_unlock(&inode->i_mutex);
30118 @@ -905,7 +905,7 @@ void free_pipe_info(struct inode *inode)
30119 inode->i_pipe = NULL;
30122 -static struct vfsmount *pipe_mnt __read_mostly;
30123 +struct vfsmount *pipe_mnt __read_mostly;
30124 static int pipefs_delete_dentry(struct dentry *dentry)
30127 @@ -945,7 +945,8 @@ static struct inode * get_pipe_inode(voi
30129 inode->i_pipe = pipe;
30131 - pipe->readers = pipe->writers = 1;
30132 + atomic_set(&pipe->readers, 1);
30133 + atomic_set(&pipe->writers, 1);
30134 inode->i_fop = &rdwr_pipefifo_fops;
30137 diff -urNp linux-2.6.32.1/fs/proc/array.c linux-2.6.32.1/fs/proc/array.c
30138 --- linux-2.6.32.1/fs/proc/array.c 2009-12-02 22:51:21.000000000 -0500
30139 +++ linux-2.6.32.1/fs/proc/array.c 2009-12-14 18:33:58.212989652 -0500
30140 @@ -410,6 +410,21 @@ static void task_show_stack_usage(struct
30142 #endif /* CONFIG_MMU */
30144 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
30145 +static inline void task_pax(struct seq_file *m, struct task_struct *p)
30148 + seq_printf(m, "PaX:\t%c%c%c%c%c\n",
30149 + p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
30150 + p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
30151 + p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
30152 + p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
30153 + p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
30155 + seq_printf(m, "PaX:\t-----\n");
30159 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
30160 struct pid *pid, struct task_struct *task)
30162 @@ -430,9 +445,20 @@ int proc_pid_status(struct seq_file *m,
30164 task_context_switch_counts(m, task);
30165 task_show_stack_usage(m, task);
30167 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
30168 + task_pax(m, task);
30174 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30175 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30176 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
30177 + _mm->pax_flags & MF_PAX_SEGMEXEC))
30180 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
30181 struct pid *pid, struct task_struct *task, int whole)
30183 @@ -529,6 +555,19 @@ static int do_task_stat(struct seq_file
30184 gtime = task_gtime(task);
30187 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30188 + if (PAX_RAND_FLAGS(mm)) {
30194 +#ifdef CONFIG_GRKERNSEC_HIDESYM
30200 /* scale priority and nice values from timeslices to -20..20 */
30201 /* to make it look like a "normal" Unix priority/nice value */
30202 priority = task_prio(task);
30203 @@ -569,9 +608,15 @@ static int do_task_stat(struct seq_file
30205 mm ? get_mm_rss(mm) : 0,
30207 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30208 + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0),
30209 + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0),
30210 + PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? task->stack_start : 0),
30212 mm ? mm->start_code : 0,
30213 mm ? mm->end_code : 0,
30214 (permitted && mm) ? task->stack_start : 0,
30218 /* The signal information here is obsolete.
30219 @@ -624,3 +669,10 @@ int proc_pid_statm(struct seq_file *m, s
30224 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30225 +int proc_pid_ipaddr(struct task_struct *task, char *buffer)
30227 + return sprintf(buffer, "%pI4\n", &task->signal->curr_ip);
30230 diff -urNp linux-2.6.32.1/fs/proc/base.c linux-2.6.32.1/fs/proc/base.c
30231 --- linux-2.6.32.1/fs/proc/base.c 2009-12-02 22:51:21.000000000 -0500
30232 +++ linux-2.6.32.1/fs/proc/base.c 2009-12-14 18:33:58.441707899 -0500
30233 @@ -213,6 +213,9 @@ static int check_mem_permission(struct t
30234 if (task == current)
30237 + if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))
30241 * If current is actively ptrace'ing, and would also be
30242 * permitted to freshly attach with ptrace now, permit it.
30243 @@ -260,6 +263,9 @@ static int proc_pid_cmdline(struct task_
30245 goto out_mm; /* Shh! No looking before we're done */
30247 + if (gr_acl_handle_procpidmem(task))
30250 len = mm->arg_end - mm->arg_start;
30252 if (len > PAGE_SIZE)
30253 @@ -287,12 +293,26 @@ out:
30257 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30258 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30259 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
30260 + _mm->pax_flags & MF_PAX_SEGMEXEC))
30263 static int proc_pid_auxv(struct task_struct *task, char *buffer)
30266 struct mm_struct *mm = get_task_mm(task);
30268 unsigned int nwords = 0;
30270 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30271 + if (PAX_RAND_FLAGS(mm)) {
30279 } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
30280 @@ -328,7 +348,7 @@ static int proc_pid_wchan(struct task_st
30282 #endif /* CONFIG_KALLSYMS */
30284 -#ifdef CONFIG_STACKTRACE
30285 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30287 #define MAX_STACK_TRACE_DEPTH 64
30289 @@ -521,7 +541,7 @@ static int proc_pid_limits(struct task_s
30293 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30294 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30295 static int proc_pid_syscall(struct task_struct *task, char *buffer)
30298 @@ -935,6 +955,9 @@ static ssize_t environ_read(struct file
30302 + if (gr_acl_handle_procpidmem(task))
30305 if (!ptrace_may_access(task, PTRACE_MODE_READ))
30308 @@ -1455,7 +1478,11 @@ static struct inode *proc_pid_make_inode
30310 cred = __task_cred(task);
30311 inode->i_uid = cred->euid;
30312 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30313 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30315 inode->i_gid = cred->egid;
30319 security_task_to_inode(task, inode);
30320 @@ -1473,6 +1500,9 @@ static int pid_getattr(struct vfsmount *
30321 struct inode *inode = dentry->d_inode;
30322 struct task_struct *task;
30323 const struct cred *cred;
30324 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30325 + const struct cred *tmpcred = current_cred();
30328 generic_fillattr(inode, stat);
30330 @@ -1480,12 +1510,34 @@ static int pid_getattr(struct vfsmount *
30333 task = pid_task(proc_pid(inode), PIDTYPE_PID);
30335 + if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
30336 + rcu_read_unlock();
30341 + cred = __task_cred(task);
30342 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30343 + if (!tmpcred->uid || (tmpcred->uid == cred->uid)
30344 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30345 + || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
30349 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
30350 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30351 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
30352 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30353 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
30355 task_dumpable(task)) {
30356 - cred = __task_cred(task);
30357 stat->uid = cred->euid;
30358 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30359 + stat->gid = CONFIG_GRKERNSEC_PROC_GID;
30361 stat->gid = cred->egid;
30366 @@ -1517,11 +1569,20 @@ static int pid_revalidate(struct dentry
30369 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
30370 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30371 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
30372 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30373 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
30375 task_dumpable(task)) {
30377 cred = __task_cred(task);
30378 inode->i_uid = cred->euid;
30379 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30380 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30382 inode->i_gid = cred->egid;
30387 @@ -1642,7 +1703,8 @@ static int proc_fd_info(struct inode *in
30388 int fd = proc_fd(inode);
30391 - files = get_files_struct(task);
30392 + if (!gr_acl_handle_procpidmem(task))
30393 + files = get_files_struct(task);
30394 put_task_struct(task);
30397 @@ -1894,12 +1956,22 @@ static const struct file_operations proc
30398 static int proc_fd_permission(struct inode *inode, int mask)
30401 + struct task_struct *task;
30403 rv = generic_permission(inode, mask, NULL);
30407 if (task_pid(current) == proc_pid(inode))
30410 + task = get_proc_task(inode);
30411 + if (task == NULL)
30414 + if (gr_acl_handle_procpidmem(task))
30417 + put_task_struct(task);
30422 @@ -2008,6 +2080,9 @@ static struct dentry *proc_pident_lookup
30426 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30430 * Yes, it does not scale. And it should not. Don't add
30431 * new entries into /proc/<tgid>/ without very good reasons.
30432 @@ -2052,6 +2127,9 @@ static int proc_pident_readdir(struct fi
30436 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30442 @@ -2418,6 +2496,9 @@ static struct dentry *proc_base_lookup(s
30446 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30449 error = proc_base_instantiate(dir, dentry, task, p);
30452 @@ -2504,7 +2585,7 @@ static const struct pid_entry tgid_base_
30453 #ifdef CONFIG_SCHED_DEBUG
30454 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
30456 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30457 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30458 INF("syscall", S_IRUSR, proc_pid_syscall),
30460 INF("cmdline", S_IRUGO, proc_pid_cmdline),
30461 @@ -2532,7 +2613,7 @@ static const struct pid_entry tgid_base_
30462 #ifdef CONFIG_KALLSYMS
30463 INF("wchan", S_IRUGO, proc_pid_wchan),
30465 -#ifdef CONFIG_STACKTRACE
30466 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30467 ONE("stack", S_IRUSR, proc_pid_stack),
30469 #ifdef CONFIG_SCHEDSTATS
30470 @@ -2562,6 +2643,9 @@ static const struct pid_entry tgid_base_
30471 #ifdef CONFIG_TASK_IO_ACCOUNTING
30472 INF("io", S_IRUGO, proc_tgid_io_accounting),
30474 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30475 + INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
30479 static int proc_tgid_base_readdir(struct file * filp,
30480 @@ -2686,7 +2770,14 @@ static struct dentry *proc_pid_instantia
30484 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30485 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
30486 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30487 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30488 + inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
30490 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
30492 inode->i_op = &proc_tgid_base_inode_operations;
30493 inode->i_fop = &proc_tgid_base_operations;
30494 inode->i_flags|=S_IMMUTABLE;
30495 @@ -2728,7 +2819,11 @@ struct dentry *proc_pid_lookup(struct in
30499 + if (gr_check_hidden_task(task))
30500 + goto out_put_task;
30502 result = proc_pid_instantiate(dir, dentry, task, NULL);
30504 put_task_struct(task);
30507 @@ -2793,6 +2888,10 @@ int proc_pid_readdir(struct file * filp,
30509 unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
30510 struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode);
30511 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30512 + const struct cred *tmpcred = current_cred();
30513 + const struct cred *itercred;
30515 struct tgid_iter iter;
30516 struct pid_namespace *ns;
30518 @@ -2811,6 +2910,20 @@ int proc_pid_readdir(struct file * filp,
30519 for (iter = next_tgid(ns, iter);
30521 iter.tgid += 1, iter = next_tgid(ns, iter)) {
30522 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30523 + itercred = __task_cred(iter.task);
30525 + if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
30526 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30527 + || (tmpcred->uid && (itercred->uid != tmpcred->uid)
30528 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30529 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
30536 filp->f_pos = iter.tgid + TGID_OFFSET;
30537 if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
30538 put_task_struct(iter.task);
30539 @@ -2838,7 +2951,7 @@ static const struct pid_entry tid_base_s
30540 #ifdef CONFIG_SCHED_DEBUG
30541 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
30543 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30544 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30545 INF("syscall", S_IRUSR, proc_pid_syscall),
30547 INF("cmdline", S_IRUGO, proc_pid_cmdline),
30548 @@ -2865,7 +2978,7 @@ static const struct pid_entry tid_base_s
30549 #ifdef CONFIG_KALLSYMS
30550 INF("wchan", S_IRUGO, proc_pid_wchan),
30552 -#ifdef CONFIG_STACKTRACE
30553 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30554 ONE("stack", S_IRUSR, proc_pid_stack),
30556 #ifdef CONFIG_SCHEDSTATS
30557 diff -urNp linux-2.6.32.1/fs/proc/cmdline.c linux-2.6.32.1/fs/proc/cmdline.c
30558 --- linux-2.6.32.1/fs/proc/cmdline.c 2009-12-02 22:51:21.000000000 -0500
30559 +++ linux-2.6.32.1/fs/proc/cmdline.c 2009-12-14 18:33:58.645698553 -0500
30560 @@ -23,7 +23,11 @@ static const struct file_operations cmdl
30562 static int __init proc_cmdline_init(void)
30564 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
30565 + proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops);
30567 proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
30571 module_init(proc_cmdline_init);
30572 diff -urNp linux-2.6.32.1/fs/proc/devices.c linux-2.6.32.1/fs/proc/devices.c
30573 --- linux-2.6.32.1/fs/proc/devices.c 2009-12-02 22:51:21.000000000 -0500
30574 +++ linux-2.6.32.1/fs/proc/devices.c 2009-12-14 18:33:58.654900501 -0500
30575 @@ -64,7 +64,11 @@ static const struct file_operations proc
30577 static int __init proc_devices_init(void)
30579 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
30580 + proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations);
30582 proc_create("devices", 0, NULL, &proc_devinfo_operations);
30586 module_init(proc_devices_init);
30587 diff -urNp linux-2.6.32.1/fs/proc/inode.c linux-2.6.32.1/fs/proc/inode.c
30588 --- linux-2.6.32.1/fs/proc/inode.c 2009-12-02 22:51:21.000000000 -0500
30589 +++ linux-2.6.32.1/fs/proc/inode.c 2009-12-14 18:33:58.671805678 -0500
30590 @@ -457,7 +457,11 @@ struct inode *proc_get_inode(struct supe
30592 inode->i_mode = de->mode;
30593 inode->i_uid = de->uid;
30594 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30595 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30597 inode->i_gid = de->gid;
30601 inode->i_size = de->size;
30602 diff -urNp linux-2.6.32.1/fs/proc/internal.h linux-2.6.32.1/fs/proc/internal.h
30603 --- linux-2.6.32.1/fs/proc/internal.h 2009-12-02 22:51:21.000000000 -0500
30604 +++ linux-2.6.32.1/fs/proc/internal.h 2009-12-14 18:33:58.676829168 -0500
30606 struct pid *pid, struct task_struct *task);
30607 extern int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
30608 struct pid *pid, struct task_struct *task);
30609 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30610 +extern int proc_pid_ipaddr(struct task_struct *task, char *buffer);
30613 extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
30615 diff -urNp linux-2.6.32.1/fs/proc/Kconfig linux-2.6.32.1/fs/proc/Kconfig
30616 --- linux-2.6.32.1/fs/proc/Kconfig 2009-12-02 22:51:21.000000000 -0500
30617 +++ linux-2.6.32.1/fs/proc/Kconfig 2009-12-14 18:33:58.690702376 -0500
30618 @@ -30,12 +30,12 @@ config PROC_FS
30621 bool "/proc/kcore support" if !ARM
30622 - depends on PROC_FS && MMU
30623 + depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
30626 bool "/proc/vmcore support (EXPERIMENTAL)"
30627 - depends on PROC_FS && CRASH_DUMP
30629 + depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
30632 Exports the dump image of crashed kernel in ELF format.
30634 @@ -59,8 +59,8 @@ config PROC_SYSCTL
30637 config PROC_PAGE_MONITOR
30639 - depends on PROC_FS && MMU
30641 + depends on PROC_FS && MMU && !GRKERNSEC
30642 bool "Enable /proc page monitoring" if EMBEDDED
30644 Various /proc files exist to monitor process memory utilization:
30645 diff -urNp linux-2.6.32.1/fs/proc/kcore.c linux-2.6.32.1/fs/proc/kcore.c
30646 --- linux-2.6.32.1/fs/proc/kcore.c 2009-12-02 22:51:21.000000000 -0500
30647 +++ linux-2.6.32.1/fs/proc/kcore.c 2009-12-14 18:33:58.701784947 -0500
30648 @@ -541,6 +541,9 @@ read_kcore(struct file *file, char __use
30650 static int open_kcore(struct inode *inode, struct file *filp)
30652 +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
30655 if (!capable(CAP_SYS_RAWIO))
30657 if (kcore_need_update)
30658 diff -urNp linux-2.6.32.1/fs/proc/nommu.c linux-2.6.32.1/fs/proc/nommu.c
30659 --- linux-2.6.32.1/fs/proc/nommu.c 2009-12-02 22:51:21.000000000 -0500
30660 +++ linux-2.6.32.1/fs/proc/nommu.c 2009-12-14 18:33:58.710714170 -0500
30661 @@ -67,7 +67,7 @@ static int nommu_region_show(struct seq_
30664 seq_printf(m, "%*c", len, ' ');
30665 - seq_path(m, &file->f_path, "");
30666 + seq_path(m, &file->f_path, "\n\\");
30670 diff -urNp linux-2.6.32.1/fs/proc/proc_net.c linux-2.6.32.1/fs/proc/proc_net.c
30671 --- linux-2.6.32.1/fs/proc/proc_net.c 2009-12-02 22:51:21.000000000 -0500
30672 +++ linux-2.6.32.1/fs/proc/proc_net.c 2009-12-14 18:33:58.722912684 -0500
30673 @@ -104,6 +104,17 @@ static struct net *get_proc_task_net(str
30674 struct task_struct *task;
30675 struct nsproxy *ns;
30676 struct net *net = NULL;
30677 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30678 + const struct cred *cred = current_cred();
30681 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30684 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30685 + if (cred->fsuid && !in_group_p(CONFIG_GRKERNSEC_PROC_GID))
30690 task = pid_task(proc_pid(dir), PIDTYPE_PID);
30691 diff -urNp linux-2.6.32.1/fs/proc/proc_sysctl.c linux-2.6.32.1/fs/proc/proc_sysctl.c
30692 --- linux-2.6.32.1/fs/proc/proc_sysctl.c 2009-12-02 22:51:21.000000000 -0500
30693 +++ linux-2.6.32.1/fs/proc/proc_sysctl.c 2009-12-14 18:33:58.723752171 -0500
30695 #include <linux/security.h>
30696 #include "internal.h"
30698 +extern __u32 gr_handle_sysctl(const struct ctl_table *table, const int op);
30700 static const struct dentry_operations proc_sys_dentry_operations;
30701 static const struct file_operations proc_sys_file_operations;
30702 static const struct inode_operations proc_sys_inode_operations;
30703 @@ -109,6 +111,9 @@ static struct dentry *proc_sys_lookup(st
30707 + if (gr_handle_sysctl(p, MAY_EXEC))
30710 err = ERR_PTR(-ENOMEM);
30711 inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
30713 @@ -228,6 +233,9 @@ static int scan(struct ctl_table_header
30714 if (*pos < file->f_pos)
30717 + if (gr_handle_sysctl(table, 0))
30720 res = proc_sys_fill_cache(file, dirent, filldir, head, table);
30723 @@ -344,6 +352,9 @@ static int proc_sys_getattr(struct vfsmo
30725 return PTR_ERR(head);
30727 + if (table && gr_handle_sysctl(table, MAY_EXEC))
30730 generic_fillattr(inode, stat);
30732 stat->mode = (stat->mode & S_IFMT) | table->mode;
30733 diff -urNp linux-2.6.32.1/fs/proc/root.c linux-2.6.32.1/fs/proc/root.c
30734 --- linux-2.6.32.1/fs/proc/root.c 2009-12-02 22:51:21.000000000 -0500
30735 +++ linux-2.6.32.1/fs/proc/root.c 2009-12-14 18:33:58.724743723 -0500
30736 @@ -134,7 +134,15 @@ void __init proc_root_init(void)
30737 #ifdef CONFIG_PROC_DEVICETREE
30738 proc_device_tree_init();
30740 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
30741 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30742 + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
30743 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30744 + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
30747 proc_mkdir("bus", NULL);
30752 diff -urNp linux-2.6.32.1/fs/proc/task_mmu.c linux-2.6.32.1/fs/proc/task_mmu.c
30753 --- linux-2.6.32.1/fs/proc/task_mmu.c 2009-12-02 22:51:21.000000000 -0500
30754 +++ linux-2.6.32.1/fs/proc/task_mmu.c 2009-12-14 18:33:58.725699048 -0500
30755 @@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct
30756 "VmStk:\t%8lu kB\n"
30757 "VmExe:\t%8lu kB\n"
30758 "VmLib:\t%8lu kB\n"
30759 - "VmPTE:\t%8lu kB\n",
30760 - hiwater_vm << (PAGE_SHIFT-10),
30761 + "VmPTE:\t%8lu kB\n"
30763 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
30764 + "CsBase:\t%8lx\nCsLim:\t%8lx\n"
30767 + ,hiwater_vm << (PAGE_SHIFT-10),
30768 (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10),
30769 mm->locked_vm << (PAGE_SHIFT-10),
30770 hiwater_rss << (PAGE_SHIFT-10),
30771 total_rss << (PAGE_SHIFT-10),
30772 data << (PAGE_SHIFT-10),
30773 mm->stack_vm << (PAGE_SHIFT-10), text, lib,
30774 - (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10);
30775 + (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10
30777 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
30778 + , mm->context.user_cs_base, mm->context.user_cs_limit
30784 unsigned long task_vsize(struct mm_struct *mm)
30785 @@ -199,6 +210,12 @@ static int do_maps_open(struct inode *in
30789 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30790 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30791 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
30792 + _mm->pax_flags & MF_PAX_SEGMEXEC))
30795 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma)
30797 struct mm_struct *mm = vma->vm_mm;
30798 @@ -217,13 +234,22 @@ static void show_map_vma(struct seq_file
30801 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
30802 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30803 + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start,
30804 + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end,
30809 flags & VM_READ ? 'r' : '-',
30810 flags & VM_WRITE ? 'w' : '-',
30811 flags & VM_EXEC ? 'x' : '-',
30812 flags & VM_MAYSHARE ? 's' : 'p',
30813 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30814 + PAX_RAND_FLAGS(mm) ? 0UL : pgoff,
30818 MAJOR(dev), MINOR(dev), ino, &len);
30821 @@ -232,16 +258,16 @@ static void show_map_vma(struct seq_file
30824 pad_len_spaces(m, len);
30825 - seq_path(m, &file->f_path, "\n");
30826 + seq_path(m, &file->f_path, "\n\\");
30828 const char *name = arch_vma_name(vma);
30831 - if (vma->vm_start <= mm->start_brk &&
30832 - vma->vm_end >= mm->brk) {
30833 + if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
30835 - } else if (vma->vm_start <= mm->start_stack &&
30836 - vma->vm_end >= mm->start_stack) {
30837 + } else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ||
30838 + (vma->vm_start <= mm->start_stack &&
30839 + vma->vm_end >= mm->start_stack)) {
30842 unsigned long stack_start;
30843 @@ -403,9 +429,16 @@ static int show_smap(struct seq_file *m,
30846 memset(&mss, 0, sizeof mss);
30848 - if (vma->vm_mm && !is_vm_hugetlb_page(vma))
30849 - walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
30851 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30852 + if (!PAX_RAND_FLAGS(vma->vm_mm)) {
30855 + if (vma->vm_mm && !is_vm_hugetlb_page(vma))
30856 + walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
30857 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30861 show_map_vma(m, vma);
30863 @@ -421,7 +454,11 @@ static int show_smap(struct seq_file *m,
30865 "KernelPageSize: %8lu kB\n"
30866 "MMUPageSize: %8lu kB\n",
30867 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30868 + PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
30870 (vma->vm_end - vma->vm_start) >> 10,
30872 mss.resident >> 10,
30873 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
30874 mss.shared_clean >> 10,
30875 diff -urNp linux-2.6.32.1/fs/proc/task_nommu.c linux-2.6.32.1/fs/proc/task_nommu.c
30876 --- linux-2.6.32.1/fs/proc/task_nommu.c 2009-12-02 22:51:21.000000000 -0500
30877 +++ linux-2.6.32.1/fs/proc/task_nommu.c 2009-12-14 18:33:58.743919113 -0500
30878 @@ -50,7 +50,7 @@ void task_mem(struct seq_file *m, struct
30880 bytes += kobjsize(mm);
30882 - if (current->fs && current->fs->users > 1)
30883 + if (current->fs && atomic_read(¤t->fs->users) > 1)
30884 sbytes += kobjsize(current->fs);
30886 bytes += kobjsize(current->fs);
30887 @@ -154,7 +154,7 @@ static int nommu_vma_show(struct seq_fil
30890 seq_printf(m, "%*c", len, ' ');
30891 - seq_path(m, &file->f_path, "");
30892 + seq_path(m, &file->f_path, "\n\\");
30896 diff -urNp linux-2.6.32.1/fs/readdir.c linux-2.6.32.1/fs/readdir.c
30897 --- linux-2.6.32.1/fs/readdir.c 2009-12-02 22:51:21.000000000 -0500
30898 +++ linux-2.6.32.1/fs/readdir.c 2009-12-14 18:33:58.777911377 -0500
30900 #include <linux/security.h>
30901 #include <linux/syscalls.h>
30902 #include <linux/unistd.h>
30903 +#include <linux/namei.h>
30905 #include <asm/uaccess.h>
30907 @@ -67,6 +68,7 @@ struct old_linux_dirent {
30909 struct readdir_callback {
30910 struct old_linux_dirent __user * dirent;
30911 + struct file * file;
30915 @@ -84,6 +86,10 @@ static int fillonedir(void * __buf, cons
30916 buf->result = -EOVERFLOW;
30920 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
30924 dirent = buf->dirent;
30925 if (!access_ok(VERIFY_WRITE, dirent,
30926 @@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned in
30929 buf.dirent = dirent;
30932 error = vfs_readdir(file, fillonedir, &buf);
30934 @@ -142,6 +149,7 @@ struct linux_dirent {
30935 struct getdents_callback {
30936 struct linux_dirent __user * current_dir;
30937 struct linux_dirent __user * previous;
30938 + struct file * file;
30942 @@ -162,6 +170,10 @@ static int filldir(void * __buf, const c
30943 buf->error = -EOVERFLOW;
30947 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
30950 dirent = buf->previous;
30952 if (__put_user(offset, &dirent->d_off))
30953 @@ -209,6 +221,7 @@ SYSCALL_DEFINE3(getdents, unsigned int,
30954 buf.previous = NULL;
30959 error = vfs_readdir(file, filldir, &buf);
30961 @@ -228,6 +241,7 @@ out:
30962 struct getdents_callback64 {
30963 struct linux_dirent64 __user * current_dir;
30964 struct linux_dirent64 __user * previous;
30965 + struct file *file;
30969 @@ -242,6 +256,10 @@ static int filldir64(void * __buf, const
30970 buf->error = -EINVAL; /* only used if we fail.. */
30971 if (reclen > buf->count)
30974 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
30977 dirent = buf->previous;
30979 if (__put_user(offset, &dirent->d_off))
30980 @@ -289,6 +307,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
30982 buf.current_dir = dirent;
30983 buf.previous = NULL;
30988 diff -urNp linux-2.6.32.1/fs/reiserfs/do_balan.c linux-2.6.32.1/fs/reiserfs/do_balan.c
30989 --- linux-2.6.32.1/fs/reiserfs/do_balan.c 2009-12-02 22:51:21.000000000 -0500
30990 +++ linux-2.6.32.1/fs/reiserfs/do_balan.c 2009-12-14 18:33:58.799059616 -0500
30991 @@ -2058,7 +2058,7 @@ void do_balance(struct tree_balance *tb,
30995 - atomic_inc(&(fs_generation(tb->tb_sb)));
30996 + atomic_inc_unchecked(&(fs_generation(tb->tb_sb)));
30997 do_balance_starts(tb);
30999 /* balance leaf returns 0 except if combining L R and S into
31000 diff -urNp linux-2.6.32.1/fs/reiserfs/item_ops.c linux-2.6.32.1/fs/reiserfs/item_ops.c
31001 --- linux-2.6.32.1/fs/reiserfs/item_ops.c 2009-12-02 22:51:21.000000000 -0500
31002 +++ linux-2.6.32.1/fs/reiserfs/item_ops.c 2009-12-14 18:33:58.811923055 -0500
31003 @@ -102,7 +102,7 @@ static void sd_print_vi(struct virtual_i
31004 vi->vi_index, vi->vi_type, vi->vi_ih);
31007 -static struct item_operations stat_data_ops = {
31008 +static const struct item_operations stat_data_ops = {
31009 .bytes_number = sd_bytes_number,
31010 .decrement_key = sd_decrement_key,
31011 .is_left_mergeable = sd_is_left_mergeable,
31012 @@ -196,7 +196,7 @@ static void direct_print_vi(struct virtu
31013 vi->vi_index, vi->vi_type, vi->vi_ih);
31016 -static struct item_operations direct_ops = {
31017 +static const struct item_operations direct_ops = {
31018 .bytes_number = direct_bytes_number,
31019 .decrement_key = direct_decrement_key,
31020 .is_left_mergeable = direct_is_left_mergeable,
31021 @@ -341,7 +341,7 @@ static void indirect_print_vi(struct vir
31022 vi->vi_index, vi->vi_type, vi->vi_ih);
31025 -static struct item_operations indirect_ops = {
31026 +static const struct item_operations indirect_ops = {
31027 .bytes_number = indirect_bytes_number,
31028 .decrement_key = indirect_decrement_key,
31029 .is_left_mergeable = indirect_is_left_mergeable,
31030 @@ -628,7 +628,7 @@ static void direntry_print_vi(struct vir
31034 -static struct item_operations direntry_ops = {
31035 +static const struct item_operations direntry_ops = {
31036 .bytes_number = direntry_bytes_number,
31037 .decrement_key = direntry_decrement_key,
31038 .is_left_mergeable = direntry_is_left_mergeable,
31039 @@ -724,7 +724,7 @@ static void errcatch_print_vi(struct vir
31040 "Invalid item type observed, run fsck ASAP");
31043 -static struct item_operations errcatch_ops = {
31044 +static const struct item_operations errcatch_ops = {
31045 errcatch_bytes_number,
31046 errcatch_decrement_key,
31047 errcatch_is_left_mergeable,
31048 @@ -746,7 +746,7 @@ static struct item_operations errcatch_o
31049 #error Item types must use disk-format assigned values.
31052 -struct item_operations *item_ops[TYPE_ANY + 1] = {
31053 +const struct item_operations * const item_ops[TYPE_ANY + 1] = {
31057 diff -urNp linux-2.6.32.1/fs/reiserfs/procfs.c linux-2.6.32.1/fs/reiserfs/procfs.c
31058 --- linux-2.6.32.1/fs/reiserfs/procfs.c 2009-12-02 22:51:21.000000000 -0500
31059 +++ linux-2.6.32.1/fs/reiserfs/procfs.c 2009-12-14 18:33:58.821898756 -0500
31060 @@ -123,7 +123,7 @@ static int show_super(struct seq_file *m
31061 "SMALL_TAILS " : "NO_TAILS ",
31062 replay_only(sb) ? "REPLAY_ONLY " : "",
31063 convert_reiserfs(sb) ? "CONV " : "",
31064 - atomic_read(&r->s_generation_counter),
31065 + atomic_read_unchecked(&r->s_generation_counter),
31066 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes),
31067 SF(s_do_balance), SF(s_unneeded_left_neighbor),
31068 SF(s_good_search_by_key_reada), SF(s_bmaps),
31069 diff -urNp linux-2.6.32.1/fs/select.c linux-2.6.32.1/fs/select.c
31070 --- linux-2.6.32.1/fs/select.c 2009-12-02 22:51:21.000000000 -0500
31071 +++ linux-2.6.32.1/fs/select.c 2009-12-14 18:33:58.838927885 -0500
31073 #include <linux/module.h>
31074 #include <linux/slab.h>
31075 #include <linux/poll.h>
31076 +#include <linux/security.h>
31077 #include <linux/personality.h> /* for STICKY_TIMEOUTS */
31078 #include <linux/file.h>
31079 #include <linux/fdtable.h>
31080 @@ -821,6 +822,7 @@ int do_sys_poll(struct pollfd __user *uf
31081 struct poll_list *walk = head;
31082 unsigned long todo = nfds;
31084 + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1);
31085 if (nfds > current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
31088 diff -urNp linux-2.6.32.1/fs/seq_file.c linux-2.6.32.1/fs/seq_file.c
31089 --- linux-2.6.32.1/fs/seq_file.c 2009-12-02 22:51:21.000000000 -0500
31090 +++ linux-2.6.32.1/fs/seq_file.c 2009-12-14 18:33:58.866936952 -0500
31091 @@ -76,7 +76,8 @@ static int traverse(struct seq_file *m,
31095 - m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
31096 + m->size = PAGE_SIZE;
31097 + m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
31101 @@ -116,7 +117,8 @@ static int traverse(struct seq_file *m,
31105 - m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
31107 + m->buf = kmalloc(m->size, GFP_KERNEL);
31108 return !m->buf ? -ENOMEM : -EAGAIN;
31111 @@ -169,7 +171,8 @@ ssize_t seq_read(struct file *file, char
31112 m->version = file->f_version;
31113 /* grab buffer if we didn't have one */
31115 - m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
31116 + m->size = PAGE_SIZE;
31117 + m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
31121 @@ -210,7 +213,8 @@ ssize_t seq_read(struct file *file, char
31125 - m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
31127 + m->buf = kmalloc(m->size, GFP_KERNEL);
31131 diff -urNp linux-2.6.32.1/fs/smbfs/symlink.c linux-2.6.32.1/fs/smbfs/symlink.c
31132 --- linux-2.6.32.1/fs/smbfs/symlink.c 2009-12-02 22:51:21.000000000 -0500
31133 +++ linux-2.6.32.1/fs/smbfs/symlink.c 2009-12-14 18:33:58.889860804 -0500
31134 @@ -55,7 +55,7 @@ static void *smb_follow_link(struct dent
31136 static void smb_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
31138 - char *s = nd_get_link(nd);
31139 + const char *s = nd_get_link(nd);
31143 diff -urNp linux-2.6.32.1/fs/splice.c linux-2.6.32.1/fs/splice.c
31144 --- linux-2.6.32.1/fs/splice.c 2009-12-02 22:51:21.000000000 -0500
31145 +++ linux-2.6.32.1/fs/splice.c 2009-12-14 18:33:58.896934814 -0500
31146 @@ -185,7 +185,7 @@ ssize_t splice_to_pipe(struct pipe_inode
31150 - if (!pipe->readers) {
31151 + if (!atomic_read(&pipe->readers)) {
31152 send_sig(SIGPIPE, current, 0);
31155 @@ -239,9 +239,9 @@ ssize_t splice_to_pipe(struct pipe_inode
31159 - pipe->waiting_writers++;
31160 + atomic_inc(&pipe->waiting_writers);
31162 - pipe->waiting_writers--;
31163 + atomic_dec(&pipe->waiting_writers);
31167 @@ -531,7 +531,7 @@ static ssize_t kernel_readv(struct file
31170 /* The cast to a user pointer is valid due to the set_fs() */
31171 - res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos);
31172 + res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos);
31176 @@ -546,7 +546,7 @@ static ssize_t kernel_write(struct file
31179 /* The cast to a user pointer is valid due to the set_fs() */
31180 - res = vfs_write(file, (const char __user *)buf, count, &pos);
31181 + res = vfs_write(file, (__force const char __user *)buf, count, &pos);
31185 @@ -588,7 +588,7 @@ ssize_t default_file_splice_read(struct
31188 this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
31189 - vec[i].iov_base = (void __user *) page_address(page);
31190 + vec[i].iov_base = (__force void __user *) page_address(page);
31191 vec[i].iov_len = this_len;
31194 @@ -808,10 +808,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
31195 int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
31197 while (!pipe->nrbufs) {
31198 - if (!pipe->writers)
31199 + if (!atomic_read(&pipe->writers))
31202 - if (!pipe->waiting_writers && sd->num_spliced)
31203 + if (!atomic_read(&pipe->waiting_writers) && sd->num_spliced)
31206 if (sd->flags & SPLICE_F_NONBLOCK)
31207 @@ -1146,7 +1146,7 @@ ssize_t splice_direct_to_actor(struct fi
31208 * out of the pipe right after the splice_to_pipe(). So set
31209 * PIPE_READERS appropriately.
31211 - pipe->readers = 1;
31212 + atomic_set(&pipe->readers, 1);
31214 current->splice_pipe = pipe;
31216 @@ -1704,9 +1704,9 @@ static int ipipe_prep(struct pipe_inode_
31217 ret = -ERESTARTSYS;
31220 - if (!pipe->writers)
31221 + if (!atomic_read(&pipe->writers))
31223 - if (!pipe->waiting_writers) {
31224 + if (!atomic_read(&pipe->waiting_writers)) {
31225 if (flags & SPLICE_F_NONBLOCK) {
31228 @@ -1738,7 +1738,7 @@ static int opipe_prep(struct pipe_inode_
31231 while (pipe->nrbufs >= PIPE_BUFFERS) {
31232 - if (!pipe->readers) {
31233 + if (!atomic_read(&pipe->readers)) {
31234 send_sig(SIGPIPE, current, 0);
31237 @@ -1751,9 +1751,9 @@ static int opipe_prep(struct pipe_inode_
31238 ret = -ERESTARTSYS;
31241 - pipe->waiting_writers++;
31242 + atomic_inc(&pipe->waiting_writers);
31244 - pipe->waiting_writers--;
31245 + atomic_dec(&pipe->waiting_writers);
31249 @@ -1789,14 +1789,14 @@ retry:
31250 pipe_double_lock(ipipe, opipe);
31253 - if (!opipe->readers) {
31254 + if (!atomic_read(&opipe->readers)) {
31255 send_sig(SIGPIPE, current, 0);
31261 - if (!ipipe->nrbufs && !ipipe->writers)
31262 + if (!ipipe->nrbufs && !atomic_read(&ipipe->writers))
31266 @@ -1896,7 +1896,7 @@ static int link_pipe(struct pipe_inode_i
31267 pipe_double_lock(ipipe, opipe);
31270 - if (!opipe->readers) {
31271 + if (!atomic_read(&opipe->readers)) {
31272 send_sig(SIGPIPE, current, 0);
31275 @@ -1941,7 +1941,7 @@ static int link_pipe(struct pipe_inode_i
31276 * return EAGAIN if we have the potential of some data in the
31277 * future, otherwise just return 0
31279 - if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
31280 + if (!ret && atomic_read(&ipipe->waiting_writers) && (flags & SPLICE_F_NONBLOCK))
31283 pipe_unlock(ipipe);
31284 diff -urNp linux-2.6.32.1/fs/sysfs/file.c linux-2.6.32.1/fs/sysfs/file.c
31285 --- linux-2.6.32.1/fs/sysfs/file.c 2009-12-02 22:51:21.000000000 -0500
31286 +++ linux-2.6.32.1/fs/sysfs/file.c 2009-12-14 18:33:58.901960508 -0500
31287 @@ -53,7 +53,7 @@ struct sysfs_buffer {
31291 - struct sysfs_ops * ops;
31292 + const struct sysfs_ops * ops;
31293 struct mutex mutex;
31294 int needs_read_fill;
31296 @@ -75,7 +75,7 @@ static int fill_read_buffer(struct dentr
31298 struct sysfs_dirent *attr_sd = dentry->d_fsdata;
31299 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31300 - struct sysfs_ops * ops = buffer->ops;
31301 + const struct sysfs_ops * ops = buffer->ops;
31305 @@ -199,7 +199,7 @@ flush_write_buffer(struct dentry * dentr
31307 struct sysfs_dirent *attr_sd = dentry->d_fsdata;
31308 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31309 - struct sysfs_ops * ops = buffer->ops;
31310 + const struct sysfs_ops * ops = buffer->ops;
31313 /* need attr_sd for attr and ops, its parent for kobj */
31314 @@ -335,7 +335,7 @@ static int sysfs_open_file(struct inode
31315 struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata;
31316 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31317 struct sysfs_buffer *buffer;
31318 - struct sysfs_ops *ops;
31319 + const struct sysfs_ops *ops;
31320 int error = -EACCES;
31323 diff -urNp linux-2.6.32.1/fs/sysfs/symlink.c linux-2.6.32.1/fs/sysfs/symlink.c
31324 --- linux-2.6.32.1/fs/sysfs/symlink.c 2009-12-02 22:51:21.000000000 -0500
31325 +++ linux-2.6.32.1/fs/sysfs/symlink.c 2009-12-14 18:33:58.916015474 -0500
31326 @@ -204,7 +204,7 @@ static void *sysfs_follow_link(struct de
31328 static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
31330 - char *page = nd_get_link(nd);
31331 + const char *page = nd_get_link(nd);
31333 free_page((unsigned long)page);
31335 diff -urNp linux-2.6.32.1/fs/udf/balloc.c linux-2.6.32.1/fs/udf/balloc.c
31336 --- linux-2.6.32.1/fs/udf/balloc.c 2009-12-02 22:51:21.000000000 -0500
31337 +++ linux-2.6.32.1/fs/udf/balloc.c 2009-12-14 18:33:58.938944893 -0500
31338 @@ -172,9 +172,7 @@ static void udf_bitmap_free_blocks(struc
31340 mutex_lock(&sbi->s_alloc_mutex);
31341 partmap = &sbi->s_partmaps[bloc->partitionReferenceNum];
31342 - if (bloc->logicalBlockNum < 0 ||
31343 - (bloc->logicalBlockNum + count) >
31344 - partmap->s_partition_len) {
31345 + if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) {
31346 udf_debug("%d < %d || %d + %d > %d\n",
31347 bloc->logicalBlockNum, 0, bloc->logicalBlockNum,
31348 count, partmap->s_partition_len);
31349 @@ -436,9 +434,7 @@ static void udf_table_free_blocks(struct
31351 mutex_lock(&sbi->s_alloc_mutex);
31352 partmap = &sbi->s_partmaps[bloc->partitionReferenceNum];
31353 - if (bloc->logicalBlockNum < 0 ||
31354 - (bloc->logicalBlockNum + count) >
31355 - partmap->s_partition_len) {
31356 + if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) {
31357 udf_debug("%d < %d || %d + %d > %d\n",
31358 bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count,
31359 partmap->s_partition_len);
31360 diff -urNp linux-2.6.32.1/fs/utimes.c linux-2.6.32.1/fs/utimes.c
31361 --- linux-2.6.32.1/fs/utimes.c 2009-12-02 22:51:21.000000000 -0500
31362 +++ linux-2.6.32.1/fs/utimes.c 2009-12-14 18:33:58.940732997 -0500
31364 #include <linux/compiler.h>
31365 #include <linux/file.h>
31366 #include <linux/fs.h>
31367 +#include <linux/security.h>
31368 #include <linux/linkage.h>
31369 #include <linux/mount.h>
31370 #include <linux/namei.h>
31371 @@ -101,6 +102,12 @@ static int utimes_common(struct path *pa
31372 goto mnt_drop_write_and_out;
31376 + if (!gr_acl_handle_utime(path->dentry, path->mnt)) {
31378 + goto mnt_drop_write_and_out;
31381 mutex_lock(&inode->i_mutex);
31382 error = notify_change(path->dentry, &newattrs);
31383 mutex_unlock(&inode->i_mutex);
31384 diff -urNp linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c
31385 --- linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c 2009-12-02 22:51:21.000000000 -0500
31386 +++ linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c 2009-12-14 18:33:58.941748344 -0500
31387 @@ -468,7 +468,7 @@ xfs_vn_put_link(
31388 struct nameidata *nd,
31391 - char *s = nd_get_link(nd);
31392 + const char *s = nd_get_link(nd);
31396 diff -urNp linux-2.6.32.1/fs/xfs/xfs_bmap.c linux-2.6.32.1/fs/xfs/xfs_bmap.c
31397 --- linux-2.6.32.1/fs/xfs/xfs_bmap.c 2009-12-02 22:51:21.000000000 -0500
31398 +++ linux-2.6.32.1/fs/xfs/xfs_bmap.c 2009-12-14 18:33:58.958720392 -0500
31399 @@ -360,7 +360,7 @@ xfs_bmap_validate_ret(
31403 -#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
31404 +#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0)
31407 #if defined(XFS_RW_TRACE)
31408 diff -urNp linux-2.6.32.1/grsecurity/gracl_alloc.c linux-2.6.32.1/grsecurity/gracl_alloc.c
31409 --- linux-2.6.32.1/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
31410 +++ linux-2.6.32.1/grsecurity/gracl_alloc.c 2009-12-14 18:33:58.958720392 -0500
31412 +#include <linux/kernel.h>
31413 +#include <linux/mm.h>
31414 +#include <linux/slab.h>
31415 +#include <linux/vmalloc.h>
31416 +#include <linux/gracl.h>
31417 +#include <linux/grsecurity.h>
31419 +static unsigned long alloc_stack_next = 1;
31420 +static unsigned long alloc_stack_size = 1;
31421 +static void **alloc_stack;
31423 +static __inline__ int
31426 + if (alloc_stack_next == 1)
31429 + kfree(alloc_stack[alloc_stack_next - 2]);
31431 + alloc_stack_next--;
31436 +static __inline__ int
31437 +alloc_push(void *buf)
31439 + if (alloc_stack_next >= alloc_stack_size)
31442 + alloc_stack[alloc_stack_next - 1] = buf;
31444 + alloc_stack_next++;
31450 +acl_alloc(unsigned long len)
31452 + void *ret = NULL;
31454 + if (!len || len > PAGE_SIZE)
31457 + ret = kmalloc(len, GFP_KERNEL);
31460 + if (alloc_push(ret)) {
31471 +acl_alloc_num(unsigned long num, unsigned long len)
31473 + if (!len || (num > (PAGE_SIZE / len)))
31476 + return acl_alloc(num * len);
31480 +acl_free_all(void)
31482 + if (gr_acl_is_enabled() || !alloc_stack)
31485 + while (alloc_pop()) ;
31487 + if (alloc_stack) {
31488 + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
31489 + kfree(alloc_stack);
31491 + vfree(alloc_stack);
31494 + alloc_stack = NULL;
31495 + alloc_stack_size = 1;
31496 + alloc_stack_next = 1;
31502 +acl_alloc_stack_init(unsigned long size)
31504 + if ((size * sizeof (void *)) <= PAGE_SIZE)
31506 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
31508 + alloc_stack = (void **) vmalloc(size * sizeof (void *));
31510 + alloc_stack_size = size;
31512 + if (!alloc_stack)
31517 diff -urNp linux-2.6.32.1/grsecurity/gracl.c linux-2.6.32.1/grsecurity/gracl.c
31518 --- linux-2.6.32.1/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
31519 +++ linux-2.6.32.1/grsecurity/gracl.c 2009-12-14 18:33:58.960821027 -0500
31521 +#include <linux/kernel.h>
31522 +#include <linux/module.h>
31523 +#include <linux/sched.h>
31524 +#include <linux/mm.h>
31525 +#include <linux/file.h>
31526 +#include <linux/fs.h>
31527 +#include <linux/namei.h>
31528 +#include <linux/mount.h>
31529 +#include <linux/tty.h>
31530 +#include <linux/proc_fs.h>
31531 +#include <linux/smp_lock.h>
31532 +#include <linux/slab.h>
31533 +#include <linux/vmalloc.h>
31534 +#include <linux/types.h>
31535 +#include <linux/sysctl.h>
31536 +#include <linux/netdevice.h>
31537 +#include <linux/ptrace.h>
31538 +#include <linux/gracl.h>
31539 +#include <linux/gralloc.h>
31540 +#include <linux/grsecurity.h>
31541 +#include <linux/grinternal.h>
31542 +#include <linux/pid_namespace.h>
31543 +#include <linux/fdtable.h>
31544 +#include <linux/percpu.h>
31546 +#include <asm/uaccess.h>
31547 +#include <asm/errno.h>
31548 +#include <asm/mman.h>
31550 +static struct acl_role_db acl_role_set;
31551 +static struct name_db name_set;
31552 +static struct inodev_db inodev_set;
31554 +/* for keeping track of userspace pointers used for subjects, so we
31555 + can share references in the kernel as well
31558 +static struct dentry *real_root;
31559 +static struct vfsmount *real_root_mnt;
31561 +static struct acl_subj_map_db subj_map_set;
31563 +static struct acl_role_label *default_role;
31565 +static struct acl_role_label *role_list;
31567 +static u16 acl_sp_role_value;
31569 +extern char *gr_shared_page[4];
31570 +static DECLARE_MUTEX(gr_dev_sem);
31571 +DEFINE_RWLOCK(gr_inode_lock);
31573 +struct gr_arg *gr_usermode;
31575 +static unsigned int gr_status __read_only = GR_STATUS_INIT;
31577 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
31578 +extern void gr_clear_learn_entries(void);
31580 +#ifdef CONFIG_GRKERNSEC_RESLOG
31581 +extern void gr_log_resource(const struct task_struct *task,
31582 + const int res, const unsigned long wanted, const int gt);
31585 +unsigned char *gr_system_salt;
31586 +unsigned char *gr_system_sum;
31588 +static struct sprole_pw **acl_special_roles = NULL;
31589 +static __u16 num_sprole_pws = 0;
31591 +static struct acl_role_label *kernel_role = NULL;
31593 +static unsigned int gr_auth_attempts = 0;
31594 +static unsigned long gr_auth_expires = 0UL;
31596 +extern struct vfsmount *sock_mnt;
31597 +extern struct vfsmount *pipe_mnt;
31598 +extern struct vfsmount *shm_mnt;
31599 +static struct acl_object_label *fakefs_obj;
31601 +extern int gr_init_uidset(void);
31602 +extern void gr_free_uidset(void);
31603 +extern void gr_remove_uid(uid_t uid);
31604 +extern int gr_find_uid(uid_t uid);
31607 +gr_acl_is_enabled(void)
31609 + return (gr_status & GR_READY);
31612 +char gr_roletype_to_char(void)
31614 + switch (current->role->roletype &
31615 + (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
31616 + GR_ROLE_SPECIAL)) {
31617 + case GR_ROLE_DEFAULT:
31619 + case GR_ROLE_USER:
31621 + case GR_ROLE_GROUP:
31623 + case GR_ROLE_SPECIAL:
31631 +gr_acl_tpe_check(void)
31633 + if (unlikely(!(gr_status & GR_READY)))
31635 + if (current->role->roletype & GR_ROLE_TPE)
31642 +gr_handle_rawio(const struct inode *inode)
31644 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
31645 + if (inode && S_ISBLK(inode->i_mode) &&
31646 + grsec_enable_chroot_caps && proc_is_chrooted(current) &&
31647 + !capable(CAP_SYS_RAWIO))
31654 +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
31657 + unsigned long *l1;
31658 + unsigned long *l2;
31659 + unsigned char *c1;
31660 + unsigned char *c2;
31663 + if (likely(lena != lenb))
31666 + l1 = (unsigned long *)a;
31667 + l2 = (unsigned long *)b;
31669 + num_longs = lena / sizeof(unsigned long);
31671 + for (i = num_longs; i--; l1++, l2++) {
31672 + if (unlikely(*l1 != *l2))
31676 + c1 = (unsigned char *) l1;
31677 + c2 = (unsigned char *) l2;
31679 + i = lena - (num_longs * sizeof(unsigned long));
31681 + for (; i--; c1++, c2++) {
31682 + if (unlikely(*c1 != *c2))
31689 +static char * __our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
31690 + struct dentry *root, struct vfsmount *rootmnt,
31691 + char *buffer, int buflen)
31693 + char * end = buffer+buflen;
31702 + /* Get '/' right */
31707 + struct dentry * parent;
31709 + if (dentry == root && vfsmnt == rootmnt)
31711 + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
31712 + /* Global root? */
31713 + spin_lock(&vfsmount_lock);
31714 + if (vfsmnt->mnt_parent == vfsmnt) {
31715 + spin_unlock(&vfsmount_lock);
31716 + goto global_root;
31718 + dentry = vfsmnt->mnt_mountpoint;
31719 + vfsmnt = vfsmnt->mnt_parent;
31720 + spin_unlock(&vfsmount_lock);
31723 + parent = dentry->d_parent;
31724 + prefetch(parent);
31725 + namelen = dentry->d_name.len;
31726 + buflen -= namelen + 1;
31730 + memcpy(end, dentry->d_name.name, namelen);
31739 + namelen = dentry->d_name.len;
31740 + buflen -= namelen;
31743 + retval -= namelen-1; /* hit the slash */
31744 + memcpy(retval, dentry->d_name.name, namelen);
31747 + return ERR_PTR(-ENAMETOOLONG);
31751 +gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt,
31752 + struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen)
31756 + retval = __our_d_path(dentry, vfsmnt, root, rootmnt, buf, buflen);
31757 + if (unlikely(IS_ERR(retval)))
31758 + retval = strcpy(buf, "<path too long>");
31759 + else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
31760 + retval[1] = '\0';
31766 +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
31767 + char *buf, int buflen)
31771 + /* we can use real_root, real_root_mnt, because this is only called
31772 + by the RBAC system */
31773 + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen);
31779 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
31780 + char *buf, int buflen)
31783 + struct dentry *root;
31784 + struct vfsmount *rootmnt;
31785 + struct task_struct *reaper = &init_task;
31787 + /* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */
31788 + read_lock(&reaper->fs->lock);
31789 + root = dget(reaper->fs->root.dentry);
31790 + rootmnt = mntget(reaper->fs->root.mnt);
31791 + read_unlock(&reaper->fs->lock);
31793 + spin_lock(&dcache_lock);
31794 + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen);
31795 + spin_unlock(&dcache_lock);
31803 +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
31806 + spin_lock(&dcache_lock);
31807 + ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
31809 + spin_unlock(&dcache_lock);
31814 +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
31816 + return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
31821 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
31823 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
31828 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
31830 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
31835 +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
31837 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
31842 +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
31844 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
31849 +to_gr_audit(const __u32 reqmode)
31851 + /* masks off auditable permission flags, then shifts them to create
31852 + auditing flags, and adds the special case of append auditing if
31853 + we're requesting write */
31854 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
31857 +struct acl_subject_label *
31858 +lookup_subject_map(const struct acl_subject_label *userp)
31860 + unsigned int index = shash(userp, subj_map_set.s_size);
31861 + struct subject_map *match;
31863 + match = subj_map_set.s_hash[index];
31865 + while (match && match->user != userp)
31866 + match = match->next;
31868 + if (match != NULL)
31869 + return match->kernel;
31875 +insert_subj_map_entry(struct subject_map *subjmap)
31877 + unsigned int index = shash(subjmap->user, subj_map_set.s_size);
31878 + struct subject_map **curr;
31880 + subjmap->prev = NULL;
31882 + curr = &subj_map_set.s_hash[index];
31883 + if (*curr != NULL)
31884 + (*curr)->prev = subjmap;
31886 + subjmap->next = *curr;
31892 +static struct acl_role_label *
31893 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
31896 + unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
31897 + struct acl_role_label *match;
31898 + struct role_allowed_ip *ipp;
31901 + match = acl_role_set.r_hash[index];
31904 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
31905 + for (x = 0; x < match->domain_child_num; x++) {
31906 + if (match->domain_children[x] == uid)
31909 + } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
31911 + match = match->next;
31914 + if (match == NULL) {
31916 + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
31917 + match = acl_role_set.r_hash[index];
31920 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
31921 + for (x = 0; x < match->domain_child_num; x++) {
31922 + if (match->domain_children[x] == gid)
31925 + } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
31927 + match = match->next;
31930 + if (match == NULL)
31931 + match = default_role;
31932 + if (match->allowed_ips == NULL)
31935 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
31937 + ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
31938 + (ntohl(ipp->addr) & ipp->netmask)))
31941 + match = default_role;
31943 + } else if (match->allowed_ips == NULL) {
31946 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
31948 + ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
31949 + (ntohl(ipp->addr) & ipp->netmask)))
31958 +struct acl_subject_label *
31959 +lookup_acl_subj_label(const ino_t ino, const dev_t dev,
31960 + const struct acl_role_label *role)
31962 + unsigned int index = fhash(ino, dev, role->subj_hash_size);
31963 + struct acl_subject_label *match;
31965 + match = role->subj_hash[index];
31967 + while (match && (match->inode != ino || match->device != dev ||
31968 + (match->mode & GR_DELETED))) {
31969 + match = match->next;
31972 + if (match && !(match->mode & GR_DELETED))
31978 +struct acl_subject_label *
31979 +lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
31980 + const struct acl_role_label *role)
31982 + unsigned int index = fhash(ino, dev, role->subj_hash_size);
31983 + struct acl_subject_label *match;
31985 + match = role->subj_hash[index];
31987 + while (match && (match->inode != ino || match->device != dev ||
31988 + !(match->mode & GR_DELETED))) {
31989 + match = match->next;
31992 + if (match && (match->mode & GR_DELETED))
31998 +static struct acl_object_label *
31999 +lookup_acl_obj_label(const ino_t ino, const dev_t dev,
32000 + const struct acl_subject_label *subj)
32002 + unsigned int index = fhash(ino, dev, subj->obj_hash_size);
32003 + struct acl_object_label *match;
32005 + match = subj->obj_hash[index];
32007 + while (match && (match->inode != ino || match->device != dev ||
32008 + (match->mode & GR_DELETED))) {
32009 + match = match->next;
32012 + if (match && !(match->mode & GR_DELETED))
32018 +static struct acl_object_label *
32019 +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
32020 + const struct acl_subject_label *subj)
32022 + unsigned int index = fhash(ino, dev, subj->obj_hash_size);
32023 + struct acl_object_label *match;
32025 + match = subj->obj_hash[index];
32027 + while (match && (match->inode != ino || match->device != dev ||
32028 + !(match->mode & GR_DELETED))) {
32029 + match = match->next;
32032 + if (match && (match->mode & GR_DELETED))
32035 + match = subj->obj_hash[index];
32037 + while (match && (match->inode != ino || match->device != dev ||
32038 + (match->mode & GR_DELETED))) {
32039 + match = match->next;
32042 + if (match && !(match->mode & GR_DELETED))
32048 +static struct name_entry *
32049 +lookup_name_entry(const char *name)
32051 + unsigned int len = strlen(name);
32052 + unsigned int key = full_name_hash(name, len);
32053 + unsigned int index = key % name_set.n_size;
32054 + struct name_entry *match;
32056 + match = name_set.n_hash[index];
32058 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
32059 + match = match->next;
32064 +static struct name_entry *
32065 +lookup_name_entry_create(const char *name)
32067 + unsigned int len = strlen(name);
32068 + unsigned int key = full_name_hash(name, len);
32069 + unsigned int index = key % name_set.n_size;
32070 + struct name_entry *match;
32072 + match = name_set.n_hash[index];
32074 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
32075 + !match->deleted))
32076 + match = match->next;
32078 + if (match && match->deleted)
32081 + match = name_set.n_hash[index];
32083 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
32085 + match = match->next;
32087 + if (match && !match->deleted)
32093 +static struct inodev_entry *
32094 +lookup_inodev_entry(const ino_t ino, const dev_t dev)
32096 + unsigned int index = fhash(ino, dev, inodev_set.i_size);
32097 + struct inodev_entry *match;
32099 + match = inodev_set.i_hash[index];
32101 + while (match && (match->nentry->inode != ino || match->nentry->device != dev))
32102 + match = match->next;
32108 +insert_inodev_entry(struct inodev_entry *entry)
32110 + unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
32111 + inodev_set.i_size);
32112 + struct inodev_entry **curr;
32114 + entry->prev = NULL;
32116 + curr = &inodev_set.i_hash[index];
32117 + if (*curr != NULL)
32118 + (*curr)->prev = entry;
32120 + entry->next = *curr;
32127 +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
32129 + unsigned int index =
32130 + rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
32131 + struct acl_role_label **curr;
32132 + struct acl_role_label *tmp;
32134 + curr = &acl_role_set.r_hash[index];
32136 + /* if role was already inserted due to domains and already has
32137 + a role in the same bucket as it attached, then we need to
32138 + combine these two buckets
32140 + if (role->next) {
32141 + tmp = role->next;
32142 + while (tmp->next)
32144 + tmp->next = *curr;
32146 + role->next = *curr;
32153 +insert_acl_role_label(struct acl_role_label *role)
32157 + if (role_list == NULL) {
32158 + role_list = role;
32159 + role->prev = NULL;
32161 + role->prev = role_list;
32162 + role_list = role;
32165 + /* used for hash chains */
32166 + role->next = NULL;
32168 + if (role->roletype & GR_ROLE_DOMAIN) {
32169 + for (i = 0; i < role->domain_child_num; i++)
32170 + __insert_acl_role_label(role, role->domain_children[i]);
32172 + __insert_acl_role_label(role, role->uidgid);
32176 +insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
32178 + struct name_entry **curr, *nentry;
32179 + struct inodev_entry *ientry;
32180 + unsigned int len = strlen(name);
32181 + unsigned int key = full_name_hash(name, len);
32182 + unsigned int index = key % name_set.n_size;
32184 + curr = &name_set.n_hash[index];
32186 + while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
32187 + curr = &((*curr)->next);
32189 + if (*curr != NULL)
32192 + nentry = acl_alloc(sizeof (struct name_entry));
32193 + if (nentry == NULL)
32195 + ientry = acl_alloc(sizeof (struct inodev_entry));
32196 + if (ientry == NULL)
32198 + ientry->nentry = nentry;
32200 + nentry->key = key;
32201 + nentry->name = name;
32202 + nentry->inode = inode;
32203 + nentry->device = device;
32204 + nentry->len = len;
32205 + nentry->deleted = deleted;
32207 + nentry->prev = NULL;
32208 + curr = &name_set.n_hash[index];
32209 + if (*curr != NULL)
32210 + (*curr)->prev = nentry;
32211 + nentry->next = *curr;
32214 + /* insert us into the table searchable by inode/dev */
32215 + insert_inodev_entry(ientry);
32221 +insert_acl_obj_label(struct acl_object_label *obj,
32222 + struct acl_subject_label *subj)
32224 + unsigned int index =
32225 + fhash(obj->inode, obj->device, subj->obj_hash_size);
32226 + struct acl_object_label **curr;
32229 + obj->prev = NULL;
32231 + curr = &subj->obj_hash[index];
32232 + if (*curr != NULL)
32233 + (*curr)->prev = obj;
32235 + obj->next = *curr;
32242 +insert_acl_subj_label(struct acl_subject_label *obj,
32243 + struct acl_role_label *role)
32245 + unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
32246 + struct acl_subject_label **curr;
32248 + obj->prev = NULL;
32250 + curr = &role->subj_hash[index];
32251 + if (*curr != NULL)
32252 + (*curr)->prev = obj;
32254 + obj->next = *curr;
32260 +/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
32263 +create_table(__u32 * len, int elementsize)
32265 + unsigned int table_sizes[] = {
32266 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
32267 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
32268 + 4194301, 8388593, 16777213, 33554393, 67108859
32270 + void *newtable = NULL;
32271 + unsigned int pwr = 0;
32273 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
32274 + table_sizes[pwr] <= *len)
32277 + if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
32280 + if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
32282 + kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
32284 + newtable = vmalloc(table_sizes[pwr] * elementsize);
32286 + *len = table_sizes[pwr];
32292 +init_variables(const struct gr_arg *arg)
32294 + struct task_struct *reaper = &init_task;
32295 + unsigned int stacksize;
32297 + subj_map_set.s_size = arg->role_db.num_subjects;
32298 + acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
32299 + name_set.n_size = arg->role_db.num_objects;
32300 + inodev_set.i_size = arg->role_db.num_objects;
32302 + if (!subj_map_set.s_size || !acl_role_set.r_size ||
32303 + !name_set.n_size || !inodev_set.i_size)
32306 + if (!gr_init_uidset())
32309 + /* set up the stack that holds allocation info */
32311 + stacksize = arg->role_db.num_pointers + 5;
32313 + if (!acl_alloc_stack_init(stacksize))
32316 + /* grab reference for the real root dentry and vfsmount */
32317 + read_lock(&reaper->fs->lock);
32318 + real_root_mnt = mntget(reaper->fs->root.mnt);
32319 + real_root = dget(reaper->fs->root.dentry);
32320 + read_unlock(&reaper->fs->lock);
32322 + fakefs_obj = acl_alloc(sizeof(struct acl_object_label));
32323 + if (fakefs_obj == NULL)
32325 + fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
32327 + subj_map_set.s_hash =
32328 + (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
32329 + acl_role_set.r_hash =
32330 + (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
32331 + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
32332 + inodev_set.i_hash =
32333 + (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
32335 + if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
32336 + !name_set.n_hash || !inodev_set.i_hash)
32339 + memset(subj_map_set.s_hash, 0,
32340 + sizeof(struct subject_map *) * subj_map_set.s_size);
32341 + memset(acl_role_set.r_hash, 0,
32342 + sizeof (struct acl_role_label *) * acl_role_set.r_size);
32343 + memset(name_set.n_hash, 0,
32344 + sizeof (struct name_entry *) * name_set.n_size);
32345 + memset(inodev_set.i_hash, 0,
32346 + sizeof (struct inodev_entry *) * inodev_set.i_size);
32351 +/* free information not needed after startup
32352 + currently contains user->kernel pointer mappings for subjects
32356 +free_init_variables(void)
32360 + if (subj_map_set.s_hash) {
32361 + for (i = 0; i < subj_map_set.s_size; i++) {
32362 + if (subj_map_set.s_hash[i]) {
32363 + kfree(subj_map_set.s_hash[i]);
32364 + subj_map_set.s_hash[i] = NULL;
32368 + if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
32370 + kfree(subj_map_set.s_hash);
32372 + vfree(subj_map_set.s_hash);
32379 +free_variables(void)
32381 + struct acl_subject_label *s;
32382 + struct acl_role_label *r;
32383 + struct task_struct *task, *task2;
32386 + gr_clear_learn_entries();
32388 + read_lock(&tasklist_lock);
32389 + do_each_thread(task2, task) {
32390 + task->acl_sp_role = 0;
32391 + task->acl_role_id = 0;
32392 + task->acl = NULL;
32393 + task->role = NULL;
32394 + } while_each_thread(task2, task);
32395 + read_unlock(&tasklist_lock);
32397 + /* release the reference to the real root dentry and vfsmount */
32400 + real_root = NULL;
32401 + if (real_root_mnt)
32402 + mntput(real_root_mnt);
32403 + real_root_mnt = NULL;
32405 + /* free all object hash tables */
32407 + FOR_EACH_ROLE_START(r)
32408 + if (r->subj_hash == NULL)
32410 + FOR_EACH_SUBJECT_START(r, s, x)
32411 + if (s->obj_hash == NULL)
32413 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
32414 + kfree(s->obj_hash);
32416 + vfree(s->obj_hash);
32417 + FOR_EACH_SUBJECT_END(s, x)
32418 + FOR_EACH_NESTED_SUBJECT_START(r, s)
32419 + if (s->obj_hash == NULL)
32421 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
32422 + kfree(s->obj_hash);
32424 + vfree(s->obj_hash);
32425 + FOR_EACH_NESTED_SUBJECT_END(s)
32426 + if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
32427 + kfree(r->subj_hash);
32429 + vfree(r->subj_hash);
32430 + r->subj_hash = NULL;
32432 + FOR_EACH_ROLE_END(r)
32436 + if (acl_role_set.r_hash) {
32437 + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
32439 + kfree(acl_role_set.r_hash);
32441 + vfree(acl_role_set.r_hash);
32443 + if (name_set.n_hash) {
32444 + if ((name_set.n_size * sizeof (struct name_entry *)) <=
32446 + kfree(name_set.n_hash);
32448 + vfree(name_set.n_hash);
32451 + if (inodev_set.i_hash) {
32452 + if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
32454 + kfree(inodev_set.i_hash);
32456 + vfree(inodev_set.i_hash);
32459 + gr_free_uidset();
32461 + memset(&name_set, 0, sizeof (struct name_db));
32462 + memset(&inodev_set, 0, sizeof (struct inodev_db));
32463 + memset(&acl_role_set, 0, sizeof (struct acl_role_db));
32464 + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
32466 + default_role = NULL;
32467 + role_list = NULL;
32473 +count_user_objs(struct acl_object_label *userp)
32475 + struct acl_object_label o_tmp;
32479 + if (copy_from_user(&o_tmp, userp,
32480 + sizeof (struct acl_object_label)))
32483 + userp = o_tmp.prev;
32490 +static struct acl_subject_label *
32491 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
32494 +copy_user_glob(struct acl_object_label *obj)
32496 + struct acl_object_label *g_tmp, **guser;
32497 + unsigned int len;
32500 + if (obj->globbed == NULL)
32503 + guser = &obj->globbed;
32505 + g_tmp = (struct acl_object_label *)
32506 + acl_alloc(sizeof (struct acl_object_label));
32507 + if (g_tmp == NULL)
32510 + if (copy_from_user(g_tmp, *guser,
32511 + sizeof (struct acl_object_label)))
32514 + len = strnlen_user(g_tmp->filename, PATH_MAX);
32516 + if (!len || len >= PATH_MAX)
32519 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32522 + if (copy_from_user(tmp, g_tmp->filename, len))
32524 + tmp[len-1] = '\0';
32525 + g_tmp->filename = tmp;
32528 + guser = &(g_tmp->next);
32535 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
32536 + struct acl_role_label *role)
32538 + struct acl_object_label *o_tmp;
32539 + unsigned int len;
32544 + if ((o_tmp = (struct acl_object_label *)
32545 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
32548 + if (copy_from_user(o_tmp, userp,
32549 + sizeof (struct acl_object_label)))
32552 + userp = o_tmp->prev;
32554 + len = strnlen_user(o_tmp->filename, PATH_MAX);
32556 + if (!len || len >= PATH_MAX)
32559 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32562 + if (copy_from_user(tmp, o_tmp->filename, len))
32564 + tmp[len-1] = '\0';
32565 + o_tmp->filename = tmp;
32567 + insert_acl_obj_label(o_tmp, subj);
32568 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
32569 + o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
32572 + ret = copy_user_glob(o_tmp);
32576 + if (o_tmp->nested) {
32577 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
32578 + if (IS_ERR(o_tmp->nested))
32579 + return PTR_ERR(o_tmp->nested);
32581 + /* insert into nested subject list */
32582 + o_tmp->nested->next = role->hash->first;
32583 + role->hash->first = o_tmp->nested;
32591 +count_user_subjs(struct acl_subject_label *userp)
32593 + struct acl_subject_label s_tmp;
32597 + if (copy_from_user(&s_tmp, userp,
32598 + sizeof (struct acl_subject_label)))
32601 + userp = s_tmp.prev;
32602 + /* do not count nested subjects against this count, since
32603 + they are not included in the hash table, but are
32604 + attached to objects. We have already counted
32605 + the subjects in userspace for the allocation
32608 + if (!(s_tmp.mode & GR_NESTED))
32616 +copy_user_allowedips(struct acl_role_label *rolep)
32618 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
32620 + ruserip = rolep->allowed_ips;
32622 + while (ruserip) {
32625 + if ((rtmp = (struct role_allowed_ip *)
32626 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
32629 + if (copy_from_user(rtmp, ruserip,
32630 + sizeof (struct role_allowed_ip)))
32633 + ruserip = rtmp->prev;
32636 + rtmp->prev = NULL;
32637 + rolep->allowed_ips = rtmp;
32639 + rlast->next = rtmp;
32640 + rtmp->prev = rlast;
32644 + rtmp->next = NULL;
32651 +copy_user_transitions(struct acl_role_label *rolep)
32653 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
32655 + unsigned int len;
32658 + rusertp = rolep->transitions;
32660 + while (rusertp) {
32663 + if ((rtmp = (struct role_transition *)
32664 + acl_alloc(sizeof (struct role_transition))) == NULL)
32667 + if (copy_from_user(rtmp, rusertp,
32668 + sizeof (struct role_transition)))
32671 + rusertp = rtmp->prev;
32673 + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
32675 + if (!len || len >= GR_SPROLE_LEN)
32678 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32681 + if (copy_from_user(tmp, rtmp->rolename, len))
32683 + tmp[len-1] = '\0';
32684 + rtmp->rolename = tmp;
32687 + rtmp->prev = NULL;
32688 + rolep->transitions = rtmp;
32690 + rlast->next = rtmp;
32691 + rtmp->prev = rlast;
32695 + rtmp->next = NULL;
32701 +static struct acl_subject_label *
32702 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
32704 + struct acl_subject_label *s_tmp = NULL, *s_tmp2;
32705 + unsigned int len;
32708 + struct acl_ip_label **i_tmp, *i_utmp2;
32709 + struct gr_hash_struct ghash;
32710 + struct subject_map *subjmap;
32711 + unsigned int i_num;
32714 + s_tmp = lookup_subject_map(userp);
32716 + /* we've already copied this subject into the kernel, just return
32717 + the reference to it, and don't copy it over again
32722 + if ((s_tmp = (struct acl_subject_label *)
32723 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
32724 + return ERR_PTR(-ENOMEM);
32726 + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
32727 + if (subjmap == NULL)
32728 + return ERR_PTR(-ENOMEM);
32730 + subjmap->user = userp;
32731 + subjmap->kernel = s_tmp;
32732 + insert_subj_map_entry(subjmap);
32734 + if (copy_from_user(s_tmp, userp,
32735 + sizeof (struct acl_subject_label)))
32736 + return ERR_PTR(-EFAULT);
32738 + len = strnlen_user(s_tmp->filename, PATH_MAX);
32740 + if (!len || len >= PATH_MAX)
32741 + return ERR_PTR(-EINVAL);
32743 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32744 + return ERR_PTR(-ENOMEM);
32746 + if (copy_from_user(tmp, s_tmp->filename, len))
32747 + return ERR_PTR(-EFAULT);
32748 + tmp[len-1] = '\0';
32749 + s_tmp->filename = tmp;
32751 + if (!strcmp(s_tmp->filename, "/"))
32752 + role->root_label = s_tmp;
32754 + if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
32755 + return ERR_PTR(-EFAULT);
32757 + /* copy user and group transition tables */
32759 + if (s_tmp->user_trans_num) {
32762 + uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
32763 + if (uidlist == NULL)
32764 + return ERR_PTR(-ENOMEM);
32765 + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
32766 + return ERR_PTR(-EFAULT);
32768 + s_tmp->user_transitions = uidlist;
32771 + if (s_tmp->group_trans_num) {
32774 + gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
32775 + if (gidlist == NULL)
32776 + return ERR_PTR(-ENOMEM);
32777 + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
32778 + return ERR_PTR(-EFAULT);
32780 + s_tmp->group_transitions = gidlist;
32783 + /* set up object hash table */
32784 + num_objs = count_user_objs(ghash.first);
32786 + s_tmp->obj_hash_size = num_objs;
32787 + s_tmp->obj_hash =
32788 + (struct acl_object_label **)
32789 + create_table(&(s_tmp->obj_hash_size), sizeof(void *));
32791 + if (!s_tmp->obj_hash)
32792 + return ERR_PTR(-ENOMEM);
32794 + memset(s_tmp->obj_hash, 0,
32795 + s_tmp->obj_hash_size *
32796 + sizeof (struct acl_object_label *));
32798 + /* add in objects */
32799 + err = copy_user_objs(ghash.first, s_tmp, role);
32802 + return ERR_PTR(err);
32804 + /* set pointer for parent subject */
32805 + if (s_tmp->parent_subject) {
32806 + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
32808 + if (IS_ERR(s_tmp2))
32811 + s_tmp->parent_subject = s_tmp2;
32814 + /* add in ip acls */
32816 + if (!s_tmp->ip_num) {
32817 + s_tmp->ips = NULL;
32822 + (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
32823 + sizeof (struct acl_ip_label *));
32826 + return ERR_PTR(-ENOMEM);
32828 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
32829 + *(i_tmp + i_num) =
32830 + (struct acl_ip_label *)
32831 + acl_alloc(sizeof (struct acl_ip_label));
32832 + if (!*(i_tmp + i_num))
32833 + return ERR_PTR(-ENOMEM);
32835 + if (copy_from_user
32836 + (&i_utmp2, s_tmp->ips + i_num,
32837 + sizeof (struct acl_ip_label *)))
32838 + return ERR_PTR(-EFAULT);
32840 + if (copy_from_user
32841 + (*(i_tmp + i_num), i_utmp2,
32842 + sizeof (struct acl_ip_label)))
32843 + return ERR_PTR(-EFAULT);
32845 + if ((*(i_tmp + i_num))->iface == NULL)
32848 + len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
32849 + if (!len || len >= IFNAMSIZ)
32850 + return ERR_PTR(-EINVAL);
32851 + tmp = acl_alloc(len);
32853 + return ERR_PTR(-ENOMEM);
32854 + if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
32855 + return ERR_PTR(-EFAULT);
32856 + (*(i_tmp + i_num))->iface = tmp;
32859 + s_tmp->ips = i_tmp;
32862 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
32863 + s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
32864 + return ERR_PTR(-ENOMEM);
32870 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
32872 + struct acl_subject_label s_pre;
32873 + struct acl_subject_label * ret;
32877 + if (copy_from_user(&s_pre, userp,
32878 + sizeof (struct acl_subject_label)))
32881 + /* do not add nested subjects here, add
32882 + while parsing objects
32885 + if (s_pre.mode & GR_NESTED) {
32886 + userp = s_pre.prev;
32890 + ret = do_copy_user_subj(userp, role);
32892 + err = PTR_ERR(ret);
32896 + insert_acl_subj_label(ret, role);
32898 + userp = s_pre.prev;
32905 +copy_user_acl(struct gr_arg *arg)
32907 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
32908 + struct sprole_pw *sptmp;
32909 + struct gr_hash_struct *ghash;
32910 + uid_t *domainlist;
32911 + unsigned int r_num;
32912 + unsigned int len;
32918 + /* we need a default and kernel role */
32919 + if (arg->role_db.num_roles < 2)
32922 + /* copy special role authentication info from userspace */
32924 + num_sprole_pws = arg->num_sprole_pws;
32925 + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
32927 + if (!acl_special_roles) {
32932 + for (i = 0; i < num_sprole_pws; i++) {
32933 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
32938 + if (copy_from_user(sptmp, arg->sprole_pws + i,
32939 + sizeof (struct sprole_pw))) {
32945 + strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
32947 + if (!len || len >= GR_SPROLE_LEN) {
32952 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
32957 + if (copy_from_user(tmp, sptmp->rolename, len)) {
32961 + tmp[len-1] = '\0';
32962 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
32963 + printk(KERN_ALERT "Copying special role %s\n", tmp);
32965 + sptmp->rolename = tmp;
32966 + acl_special_roles[i] = sptmp;
32969 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
32971 + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
32972 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
32979 + if (copy_from_user(&r_utmp2, r_utmp + r_num,
32980 + sizeof (struct acl_role_label *))) {
32985 + if (copy_from_user(r_tmp, r_utmp2,
32986 + sizeof (struct acl_role_label))) {
32991 + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
32993 + if (!len || len >= PATH_MAX) {
32998 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
33002 + if (copy_from_user(tmp, r_tmp->rolename, len)) {
33006 + tmp[len-1] = '\0';
33007 + r_tmp->rolename = tmp;
33009 + if (!strcmp(r_tmp->rolename, "default")
33010 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
33011 + default_role = r_tmp;
33012 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
33013 + kernel_role = r_tmp;
33016 + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
33020 + if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
33025 + r_tmp->hash = ghash;
33027 + num_subjs = count_user_subjs(r_tmp->hash->first);
33029 + r_tmp->subj_hash_size = num_subjs;
33030 + r_tmp->subj_hash =
33031 + (struct acl_subject_label **)
33032 + create_table(&(r_tmp->subj_hash_size), sizeof(void *));
33034 + if (!r_tmp->subj_hash) {
33039 + err = copy_user_allowedips(r_tmp);
33043 + /* copy domain info */
33044 + if (r_tmp->domain_children != NULL) {
33045 + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
33046 + if (domainlist == NULL) {
33050 + if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
33054 + r_tmp->domain_children = domainlist;
33057 + err = copy_user_transitions(r_tmp);
33061 + memset(r_tmp->subj_hash, 0,
33062 + r_tmp->subj_hash_size *
33063 + sizeof (struct acl_subject_label *));
33065 + err = copy_user_subjs(r_tmp->hash->first, r_tmp);
33070 + /* set nested subject list to null */
33071 + r_tmp->hash->first = NULL;
33073 + insert_acl_role_label(r_tmp);
33078 + free_variables();
33085 +gracl_init(struct gr_arg *args)
33089 + memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
33090 + memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
33092 + if (init_variables(args)) {
33093 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
33095 + free_variables();
33099 + error = copy_user_acl(args);
33100 + free_init_variables();
33102 + free_variables();
33106 + if ((error = gr_set_acls(0))) {
33107 + free_variables();
33111 + pax_open_kernel();
33112 + gr_status |= GR_READY;
33113 + pax_close_kernel();
33119 +/* derived from glibc fnmatch() 0: match, 1: no match*/
33122 +glob_match(const char *p, const char *n)
33126 + while ((c = *p++) != '\0') {
33131 + else if (*n == '/')
33139 + for (c = *p++; c == '?' || c == '*'; c = *p++) {
33142 + else if (c == '?') {
33152 + const char *endp;
33154 + if ((endp = strchr(n, '/')) == NULL)
33155 + endp = n + strlen(n);
33158 + for (--p; n < endp; ++n)
33159 + if (!glob_match(p, n))
33161 + } else if (c == '/') {
33162 + while (*n != '\0' && *n != '/')
33164 + if (*n == '/' && !glob_match(p, n + 1))
33167 + for (--p; n < endp; ++n)
33168 + if (*n == c && !glob_match(p, n))
33179 + if (*n == '\0' || *n == '/')
33182 + not = (*p == '!' || *p == '^');
33188 + unsigned char fn = (unsigned char)*n;
33198 + if (c == '-' && *p != ']') {
33199 + unsigned char cend = *p++;
33201 + if (cend == '\0')
33204 + if (cold <= fn && fn <= cend)
33218 + while (c != ']') {
33245 +static struct acl_object_label *
33246 +chk_glob_label(struct acl_object_label *globbed,
33247 + struct dentry *dentry, struct vfsmount *mnt, char **path)
33249 + struct acl_object_label *tmp;
33251 + if (*path == NULL)
33252 + *path = gr_to_filename_nolock(dentry, mnt);
33257 + if (!glob_match(tmp->filename, *path))
33265 +static struct acl_object_label *
33266 +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
33267 + const ino_t curr_ino, const dev_t curr_dev,
33268 + const struct acl_subject_label *subj, char **path, const int checkglob)
33270 + struct acl_subject_label *tmpsubj;
33271 + struct acl_object_label *retval;
33272 + struct acl_object_label *retval2;
33274 + tmpsubj = (struct acl_subject_label *) subj;
33275 + read_lock(&gr_inode_lock);
33277 + retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
33279 + if (checkglob && retval->globbed) {
33280 + retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry,
33281 + (struct vfsmount *)orig_mnt, path);
33283 + retval = retval2;
33287 + } while ((tmpsubj = tmpsubj->parent_subject));
33288 + read_unlock(&gr_inode_lock);
33293 +static __inline__ struct acl_object_label *
33294 +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
33295 + const struct dentry *curr_dentry,
33296 + const struct acl_subject_label *subj, char **path, const int checkglob)
33298 + return __full_lookup(orig_dentry, orig_mnt,
33299 + curr_dentry->d_inode->i_ino,
33300 + curr_dentry->d_inode->i_sb->s_dev, subj, path, checkglob);
33303 +static struct acl_object_label *
33304 +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33305 + const struct acl_subject_label *subj, char *path, const int checkglob)
33307 + struct dentry *dentry = (struct dentry *) l_dentry;
33308 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
33309 + struct acl_object_label *retval;
33311 + spin_lock(&dcache_lock);
33313 + if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
33314 + /* ignore Eric Biederman */
33315 + IS_PRIVATE(l_dentry->d_inode))) {
33316 + retval = fakefs_obj;
33321 + if (dentry == real_root && mnt == real_root_mnt)
33324 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
33325 + if (mnt->mnt_parent == mnt)
33328 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33329 + if (retval != NULL)
33332 + dentry = mnt->mnt_mountpoint;
33333 + mnt = mnt->mnt_parent;
33337 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33338 + if (retval != NULL)
33341 + dentry = dentry->d_parent;
33344 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33346 + if (retval == NULL)
33347 + retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path, checkglob);
33349 + spin_unlock(&dcache_lock);
33353 +static __inline__ struct acl_object_label *
33354 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33355 + const struct acl_subject_label *subj)
33357 + char *path = NULL;
33358 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
33361 +static __inline__ struct acl_object_label *
33362 +chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33363 + const struct acl_subject_label *subj)
33365 + char *path = NULL;
33366 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 0);
33369 +static __inline__ struct acl_object_label *
33370 +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33371 + const struct acl_subject_label *subj, char *path)
33373 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
33376 +static struct acl_subject_label *
33377 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33378 + const struct acl_role_label *role)
33380 + struct dentry *dentry = (struct dentry *) l_dentry;
33381 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
33382 + struct acl_subject_label *retval;
33384 + spin_lock(&dcache_lock);
33387 + if (dentry == real_root && mnt == real_root_mnt)
33389 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
33390 + if (mnt->mnt_parent == mnt)
33393 + read_lock(&gr_inode_lock);
33395 + lookup_acl_subj_label(dentry->d_inode->i_ino,
33396 + dentry->d_inode->i_sb->s_dev, role);
33397 + read_unlock(&gr_inode_lock);
33398 + if (retval != NULL)
33401 + dentry = mnt->mnt_mountpoint;
33402 + mnt = mnt->mnt_parent;
33406 + read_lock(&gr_inode_lock);
33407 + retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
33408 + dentry->d_inode->i_sb->s_dev, role);
33409 + read_unlock(&gr_inode_lock);
33410 + if (retval != NULL)
33413 + dentry = dentry->d_parent;
33416 + read_lock(&gr_inode_lock);
33417 + retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
33418 + dentry->d_inode->i_sb->s_dev, role);
33419 + read_unlock(&gr_inode_lock);
33421 + if (unlikely(retval == NULL)) {
33422 + read_lock(&gr_inode_lock);
33423 + retval = lookup_acl_subj_label(real_root->d_inode->i_ino,
33424 + real_root->d_inode->i_sb->s_dev, role);
33425 + read_unlock(&gr_inode_lock);
33428 + spin_unlock(&dcache_lock);
33434 +gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
33436 + struct task_struct *task = current;
33437 + const struct cred *cred = current_cred();
33439 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
33440 + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33441 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33442 + 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->curr_ip);
33448 +gr_log_learn_sysctl(const char *path, const __u32 mode)
33450 + struct task_struct *task = current;
33451 + const struct cred *cred = current_cred();
33453 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
33454 + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33455 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33456 + 1UL, 1UL, path, (unsigned long) mode, &task->signal->curr_ip);
33462 +gr_log_learn_id_change(const char type, const unsigned int real,
33463 + const unsigned int effective, const unsigned int fs)
33465 + struct task_struct *task = current;
33466 + const struct cred *cred = current_cred();
33468 + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
33469 + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33470 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33471 + type, real, effective, fs, &task->signal->curr_ip);
33477 +gr_check_link(const struct dentry * new_dentry,
33478 + const struct dentry * parent_dentry,
33479 + const struct vfsmount * parent_mnt,
33480 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
33482 + struct acl_object_label *obj;
33483 + __u32 oldmode, newmode;
33486 + if (unlikely(!(gr_status & GR_READY)))
33487 + return (GR_CREATE | GR_LINK);
33489 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
33490 + oldmode = obj->mode;
33492 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33493 + oldmode |= (GR_CREATE | GR_LINK);
33495 + needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS;
33496 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
33497 + needmode |= GR_SETID | GR_AUDIT_SETID;
33500 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
33501 + oldmode | needmode);
33503 + needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC |
33504 + GR_SETID | GR_READ | GR_FIND | GR_DELETE |
33505 + GR_INHERIT | GR_AUDIT_INHERIT);
33507 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID))
33510 + if ((oldmode & needmode) != needmode)
33513 + needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
33514 + if ((newmode & needmode) != needmode)
33517 + if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
33520 + needmode = oldmode;
33521 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
33522 + needmode |= GR_SETID;
33524 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
33525 + gr_log_learn(old_dentry, old_mnt, needmode);
33526 + return (GR_CREATE | GR_LINK);
33527 + } else if (newmode & GR_SUPPRESS)
33528 + return GR_SUPPRESS;
33534 +gr_search_file(const struct dentry * dentry, const __u32 mode,
33535 + const struct vfsmount * mnt)
33537 + __u32 retval = mode;
33538 + struct acl_subject_label *curracl;
33539 + struct acl_object_label *currobj;
33541 + if (unlikely(!(gr_status & GR_READY)))
33542 + return (mode & ~GR_AUDITS);
33544 + curracl = current->acl;
33546 + currobj = chk_obj_label(dentry, mnt, curracl);
33547 + retval = currobj->mode & mode;
33550 + ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
33551 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
33552 + __u32 new_mode = mode;
33554 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33556 + retval = new_mode;
33558 + if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
33559 + new_mode |= GR_INHERIT;
33561 + if (!(mode & GR_NOLEARN))
33562 + gr_log_learn(dentry, mnt, new_mode);
33569 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
33570 + const struct vfsmount * mnt, const __u32 mode)
33572 + struct name_entry *match;
33573 + struct acl_object_label *matchpo;
33574 + struct acl_subject_label *curracl;
33578 + if (unlikely(!(gr_status & GR_READY)))
33579 + return (mode & ~GR_AUDITS);
33581 + preempt_disable();
33582 + path = gr_to_filename_rbac(new_dentry, mnt);
33583 + match = lookup_name_entry_create(path);
33586 + goto check_parent;
33588 + curracl = current->acl;
33590 + read_lock(&gr_inode_lock);
33591 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
33592 + read_unlock(&gr_inode_lock);
33595 + if ((matchpo->mode & mode) !=
33596 + (mode & ~(GR_AUDITS | GR_SUPPRESS))
33597 + && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
33598 + __u32 new_mode = mode;
33600 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33602 + gr_log_learn(new_dentry, mnt, new_mode);
33604 + preempt_enable();
33607 + preempt_enable();
33608 + return (matchpo->mode & mode);
33612 + curracl = current->acl;
33614 + matchpo = chk_obj_create_label(parent, mnt, curracl, path);
33615 + retval = matchpo->mode & mode;
33617 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
33618 + && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) {
33619 + __u32 new_mode = mode;
33621 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33623 + gr_log_learn(new_dentry, mnt, new_mode);
33624 + preempt_enable();
33628 + preempt_enable();
33633 +gr_check_hidden_task(const struct task_struct *task)
33635 + if (unlikely(!(gr_status & GR_READY)))
33638 + if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
33645 +gr_check_protected_task(const struct task_struct *task)
33647 + if (unlikely(!(gr_status & GR_READY) || !task))
33650 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
33651 + task->acl != current->acl)
33658 +gr_copy_label(struct task_struct *tsk)
33660 + tsk->signal->used_accept = 0;
33661 + tsk->acl_sp_role = 0;
33662 + tsk->acl_role_id = current->acl_role_id;
33663 + tsk->acl = current->acl;
33664 + tsk->role = current->role;
33665 + tsk->signal->curr_ip = current->signal->curr_ip;
33666 + if (current->exec_file)
33667 + get_file(current->exec_file);
33668 + tsk->exec_file = current->exec_file;
33669 + tsk->is_writable = current->is_writable;
33670 + if (unlikely(current->signal->used_accept))
33671 + current->signal->curr_ip = 0;
33677 +gr_set_proc_res(struct task_struct *task)
33679 + struct acl_subject_label *proc;
33680 + unsigned short i;
33682 + proc = task->acl;
33684 + if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
33687 + for (i = 0; i < RLIM_NLIMITS; i++) {
33688 + if (!(proc->resmask & (1 << i)))
33691 + task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
33692 + task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
33699 +gr_check_user_change(int real, int effective, int fs)
33706 + int effectiveok = 0;
33709 + if (unlikely(!(gr_status & GR_READY)))
33712 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33713 + gr_log_learn_id_change('u', real, effective, fs);
33715 + num = current->acl->user_trans_num;
33716 + uidlist = current->acl->user_transitions;
33718 + if (uidlist == NULL)
33723 + if (effective == -1)
33728 + if (current->acl->user_trans_type & GR_ID_ALLOW) {
33729 + for (i = 0; i < num; i++) {
33730 + curuid = (int)uidlist[i];
33731 + if (real == curuid)
33733 + if (effective == curuid)
33735 + if (fs == curuid)
33738 + } else if (current->acl->user_trans_type & GR_ID_DENY) {
33739 + for (i = 0; i < num; i++) {
33740 + curuid = (int)uidlist[i];
33741 + if (real == curuid)
33743 + if (effective == curuid)
33745 + if (fs == curuid)
33748 + /* not in deny list */
33756 + if (realok && effectiveok && fsok)
33759 + gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
33765 +gr_check_group_change(int real, int effective, int fs)
33772 + int effectiveok = 0;
33775 + if (unlikely(!(gr_status & GR_READY)))
33778 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33779 + gr_log_learn_id_change('g', real, effective, fs);
33781 + num = current->acl->group_trans_num;
33782 + gidlist = current->acl->group_transitions;
33784 + if (gidlist == NULL)
33789 + if (effective == -1)
33794 + if (current->acl->group_trans_type & GR_ID_ALLOW) {
33795 + for (i = 0; i < num; i++) {
33796 + curgid = (int)gidlist[i];
33797 + if (real == curgid)
33799 + if (effective == curgid)
33801 + if (fs == curgid)
33804 + } else if (current->acl->group_trans_type & GR_ID_DENY) {
33805 + for (i = 0; i < num; i++) {
33806 + curgid = (int)gidlist[i];
33807 + if (real == curgid)
33809 + if (effective == curgid)
33811 + if (fs == curgid)
33814 + /* not in deny list */
33822 + if (realok && effectiveok && fsok)
33825 + gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
33831 +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
33833 + struct acl_role_label *role = task->role;
33834 + struct acl_subject_label *subj = NULL;
33835 + struct acl_object_label *obj;
33836 + struct file *filp;
33838 + if (unlikely(!(gr_status & GR_READY)))
33841 + filp = task->exec_file;
33843 + /* kernel process, we'll give them the kernel role */
33844 + if (unlikely(!filp)) {
33845 + task->role = kernel_role;
33846 + task->acl = kernel_role->root_label;
33848 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
33849 + role = lookup_acl_role_label(task, uid, gid);
33851 + /* perform subject lookup in possibly new role
33852 + we can use this result below in the case where role == task->role
33854 + subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
33856 + /* if we changed uid/gid, but result in the same role
33857 + and are using inheritance, don't lose the inherited subject
33858 + if current subject is other than what normal lookup
33859 + would result in, we arrived via inheritance, don't
33862 + if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
33863 + (subj == task->acl)))
33864 + task->acl = subj;
33866 + task->role = role;
33868 + task->is_writable = 0;
33870 + /* ignore additional mmap checks for processes that are writable
33871 + by the default ACL */
33872 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
33873 + if (unlikely(obj->mode & GR_WRITE))
33874 + task->is_writable = 1;
33875 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
33876 + if (unlikely(obj->mode & GR_WRITE))
33877 + task->is_writable = 1;
33879 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
33880 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
33883 + gr_set_proc_res(task);
33889 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
33890 + const int unsafe_share)
33892 + struct task_struct *task = current;
33893 + struct acl_subject_label *newacl;
33894 + struct acl_object_label *obj;
33897 + if (unlikely(!(gr_status & GR_READY)))
33900 + newacl = chk_subj_label(dentry, mnt, task->role);
33903 + if ((((task->ptrace & PT_PTRACED) || unsafe_share) &&
33904 + !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
33905 + !(task->role->roletype & GR_ROLE_GOD) &&
33906 + !gr_search_file(dentry, GR_PTRACERD, mnt) &&
33907 + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) {
33908 + task_unlock(task);
33909 + if (unsafe_share)
33910 + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
33912 + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
33915 + task_unlock(task);
33917 + obj = chk_obj_label(dentry, mnt, task->acl);
33918 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
33920 + if (!(task->acl->mode & GR_INHERITLEARN) &&
33921 + ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
33923 + task->acl = obj->nested;
33925 + task->acl = newacl;
33926 + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
33927 + gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
33929 + task->is_writable = 0;
33931 + /* ignore additional mmap checks for processes that are writable
33932 + by the default ACL */
33933 + obj = chk_obj_label(dentry, mnt, default_role->root_label);
33934 + if (unlikely(obj->mode & GR_WRITE))
33935 + task->is_writable = 1;
33936 + obj = chk_obj_label(dentry, mnt, task->role->root_label);
33937 + if (unlikely(obj->mode & GR_WRITE))
33938 + task->is_writable = 1;
33940 + gr_set_proc_res(task);
33942 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
33943 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
33948 +/* always called with valid inodev ptr */
33950 +do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
33952 + struct acl_object_label *matchpo;
33953 + struct acl_subject_label *matchps;
33954 + struct acl_subject_label *subj;
33955 + struct acl_role_label *role;
33958 + FOR_EACH_ROLE_START(role)
33959 + FOR_EACH_SUBJECT_START(role, subj, x)
33960 + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
33961 + matchpo->mode |= GR_DELETED;
33962 + FOR_EACH_SUBJECT_END(subj,x)
33963 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
33964 + if (subj->inode == ino && subj->device == dev)
33965 + subj->mode |= GR_DELETED;
33966 + FOR_EACH_NESTED_SUBJECT_END(subj)
33967 + if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
33968 + matchps->mode |= GR_DELETED;
33969 + FOR_EACH_ROLE_END(role)
33971 + inodev->nentry->deleted = 1;
33977 +gr_handle_delete(const ino_t ino, const dev_t dev)
33979 + struct inodev_entry *inodev;
33981 + if (unlikely(!(gr_status & GR_READY)))
33984 + write_lock(&gr_inode_lock);
33985 + inodev = lookup_inodev_entry(ino, dev);
33986 + if (inodev != NULL)
33987 + do_handle_delete(inodev, ino, dev);
33988 + write_unlock(&gr_inode_lock);
33994 +update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
33995 + const ino_t newinode, const dev_t newdevice,
33996 + struct acl_subject_label *subj)
33998 + unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
33999 + struct acl_object_label *match;
34001 + match = subj->obj_hash[index];
34003 + while (match && (match->inode != oldinode ||
34004 + match->device != olddevice ||
34005 + !(match->mode & GR_DELETED)))
34006 + match = match->next;
34008 + if (match && (match->inode == oldinode)
34009 + && (match->device == olddevice)
34010 + && (match->mode & GR_DELETED)) {
34011 + if (match->prev == NULL) {
34012 + subj->obj_hash[index] = match->next;
34013 + if (match->next != NULL)
34014 + match->next->prev = NULL;
34016 + match->prev->next = match->next;
34017 + if (match->next != NULL)
34018 + match->next->prev = match->prev;
34020 + match->prev = NULL;
34021 + match->next = NULL;
34022 + match->inode = newinode;
34023 + match->device = newdevice;
34024 + match->mode &= ~GR_DELETED;
34026 + insert_acl_obj_label(match, subj);
34033 +update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
34034 + const ino_t newinode, const dev_t newdevice,
34035 + struct acl_role_label *role)
34037 + unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
34038 + struct acl_subject_label *match;
34040 + match = role->subj_hash[index];
34042 + while (match && (match->inode != oldinode ||
34043 + match->device != olddevice ||
34044 + !(match->mode & GR_DELETED)))
34045 + match = match->next;
34047 + if (match && (match->inode == oldinode)
34048 + && (match->device == olddevice)
34049 + && (match->mode & GR_DELETED)) {
34050 + if (match->prev == NULL) {
34051 + role->subj_hash[index] = match->next;
34052 + if (match->next != NULL)
34053 + match->next->prev = NULL;
34055 + match->prev->next = match->next;
34056 + if (match->next != NULL)
34057 + match->next->prev = match->prev;
34059 + match->prev = NULL;
34060 + match->next = NULL;
34061 + match->inode = newinode;
34062 + match->device = newdevice;
34063 + match->mode &= ~GR_DELETED;
34065 + insert_acl_subj_label(match, role);
34072 +update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
34073 + const ino_t newinode, const dev_t newdevice)
34075 + unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
34076 + struct inodev_entry *match;
34078 + match = inodev_set.i_hash[index];
34080 + while (match && (match->nentry->inode != oldinode ||
34081 + match->nentry->device != olddevice || !match->nentry->deleted))
34082 + match = match->next;
34084 + if (match && (match->nentry->inode == oldinode)
34085 + && (match->nentry->device == olddevice) &&
34086 + match->nentry->deleted) {
34087 + if (match->prev == NULL) {
34088 + inodev_set.i_hash[index] = match->next;
34089 + if (match->next != NULL)
34090 + match->next->prev = NULL;
34092 + match->prev->next = match->next;
34093 + if (match->next != NULL)
34094 + match->next->prev = match->prev;
34096 + match->prev = NULL;
34097 + match->next = NULL;
34098 + match->nentry->inode = newinode;
34099 + match->nentry->device = newdevice;
34100 + match->nentry->deleted = 0;
34102 + insert_inodev_entry(match);
34109 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
34110 + const struct vfsmount *mnt)
34112 + struct acl_subject_label *subj;
34113 + struct acl_role_label *role;
34116 + FOR_EACH_ROLE_START(role)
34117 + update_acl_subj_label(matchn->inode, matchn->device,
34118 + dentry->d_inode->i_ino,
34119 + dentry->d_inode->i_sb->s_dev, role);
34121 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
34122 + if ((subj->inode == dentry->d_inode->i_ino) &&
34123 + (subj->device == dentry->d_inode->i_sb->s_dev)) {
34124 + subj->inode = dentry->d_inode->i_ino;
34125 + subj->device = dentry->d_inode->i_sb->s_dev;
34127 + FOR_EACH_NESTED_SUBJECT_END(subj)
34128 + FOR_EACH_SUBJECT_START(role, subj, x)
34129 + update_acl_obj_label(matchn->inode, matchn->device,
34130 + dentry->d_inode->i_ino,
34131 + dentry->d_inode->i_sb->s_dev, subj);
34132 + FOR_EACH_SUBJECT_END(subj,x)
34133 + FOR_EACH_ROLE_END(role)
34135 + update_inodev_entry(matchn->inode, matchn->device,
34136 + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev);
34142 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
34144 + struct name_entry *matchn;
34146 + if (unlikely(!(gr_status & GR_READY)))
34149 + preempt_disable();
34150 + matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
34152 + if (unlikely((unsigned long)matchn)) {
34153 + write_lock(&gr_inode_lock);
34154 + do_handle_create(matchn, dentry, mnt);
34155 + write_unlock(&gr_inode_lock);
34157 + preempt_enable();
34163 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
34164 + struct dentry *old_dentry,
34165 + struct dentry *new_dentry,
34166 + struct vfsmount *mnt, const __u8 replace)
34168 + struct name_entry *matchn;
34169 + struct inodev_entry *inodev;
34171 + /* vfs_rename swaps the name and parent link for old_dentry and
34173 + at this point, old_dentry has the new name, parent link, and inode
34174 + for the renamed file
34175 + if a file is being replaced by a rename, new_dentry has the inode
34176 + and name for the replaced file
34179 + if (unlikely(!(gr_status & GR_READY)))
34182 + preempt_disable();
34183 + matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
34185 + /* we wouldn't have to check d_inode if it weren't for
34186 + NFS silly-renaming
34189 + write_lock(&gr_inode_lock);
34190 + if (unlikely(replace && new_dentry->d_inode)) {
34191 + inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino,
34192 + new_dentry->d_inode->i_sb->s_dev);
34193 + if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1))
34194 + do_handle_delete(inodev, new_dentry->d_inode->i_ino,
34195 + new_dentry->d_inode->i_sb->s_dev);
34198 + inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino,
34199 + old_dentry->d_inode->i_sb->s_dev);
34200 + if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
34201 + do_handle_delete(inodev, old_dentry->d_inode->i_ino,
34202 + old_dentry->d_inode->i_sb->s_dev);
34204 + if (unlikely((unsigned long)matchn))
34205 + do_handle_create(matchn, old_dentry, mnt);
34207 + write_unlock(&gr_inode_lock);
34208 + preempt_enable();
34214 +lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
34215 + unsigned char **sum)
34217 + struct acl_role_label *r;
34218 + struct role_allowed_ip *ipp;
34219 + struct role_transition *trans;
34223 + /* check transition table */
34225 + for (trans = current->role->transitions; trans; trans = trans->next) {
34226 + if (!strcmp(rolename, trans->rolename)) {
34235 + /* handle special roles that do not require authentication
34238 + FOR_EACH_ROLE_START(r)
34239 + if (!strcmp(rolename, r->rolename) &&
34240 + (r->roletype & GR_ROLE_SPECIAL)) {
34242 + if (r->allowed_ips != NULL) {
34243 + for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
34244 + if ((ntohl(current->signal->curr_ip) & ipp->netmask) ==
34245 + (ntohl(ipp->addr) & ipp->netmask))
34253 + if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
34254 + ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
34260 + FOR_EACH_ROLE_END(r)
34262 + for (i = 0; i < num_sprole_pws; i++) {
34263 + if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
34264 + *salt = acl_special_roles[i]->salt;
34265 + *sum = acl_special_roles[i]->sum;
34274 +assign_special_role(char *rolename)
34276 + struct acl_object_label *obj;
34277 + struct acl_role_label *r;
34278 + struct acl_role_label *assigned = NULL;
34279 + struct task_struct *tsk;
34280 + struct file *filp;
34282 + FOR_EACH_ROLE_START(r)
34283 + if (!strcmp(rolename, r->rolename) &&
34284 + (r->roletype & GR_ROLE_SPECIAL)) {
34288 + FOR_EACH_ROLE_END(r)
34293 + read_lock(&tasklist_lock);
34294 + read_lock(&grsec_exec_file_lock);
34296 + tsk = current->parent;
34300 + filp = tsk->exec_file;
34301 + if (filp == NULL)
34304 + tsk->is_writable = 0;
34306 + tsk->acl_sp_role = 1;
34307 + tsk->acl_role_id = ++acl_sp_role_value;
34308 + tsk->role = assigned;
34309 + tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
34311 + /* ignore additional mmap checks for processes that are writable
34312 + by the default ACL */
34313 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34314 + if (unlikely(obj->mode & GR_WRITE))
34315 + tsk->is_writable = 1;
34316 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
34317 + if (unlikely(obj->mode & GR_WRITE))
34318 + tsk->is_writable = 1;
34320 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34321 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
34325 + read_unlock(&grsec_exec_file_lock);
34326 + read_unlock(&tasklist_lock);
34330 +int gr_check_secure_terminal(struct task_struct *task)
34332 + struct task_struct *p, *p2, *p3;
34333 + struct files_struct *files;
34334 + struct fdtable *fdt;
34335 + struct file *our_file = NULL, *file;
34338 + if (task->signal->tty == NULL)
34341 + files = get_files_struct(task);
34342 + if (files != NULL) {
34344 + fdt = files_fdtable(files);
34345 + for (i=0; i < fdt->max_fds; i++) {
34346 + file = fcheck_files(files, i);
34347 + if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
34352 + rcu_read_unlock();
34353 + put_files_struct(files);
34356 + if (our_file == NULL)
34359 + read_lock(&tasklist_lock);
34360 + do_each_thread(p2, p) {
34361 + files = get_files_struct(p);
34362 + if (files == NULL ||
34363 + (p->signal && p->signal->tty == task->signal->tty)) {
34364 + if (files != NULL)
34365 + put_files_struct(files);
34369 + fdt = files_fdtable(files);
34370 + for (i=0; i < fdt->max_fds; i++) {
34371 + file = fcheck_files(files, i);
34372 + if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
34373 + file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
34375 + while (p3->pid > 0) {
34382 + gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
34383 + gr_handle_alertkill(p);
34384 + rcu_read_unlock();
34385 + put_files_struct(files);
34386 + read_unlock(&tasklist_lock);
34391 + rcu_read_unlock();
34392 + put_files_struct(files);
34393 + } while_each_thread(p2, p);
34394 + read_unlock(&tasklist_lock);
34401 +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
34403 + struct gr_arg_wrapper uwrap;
34404 + unsigned char *sprole_salt = NULL;
34405 + unsigned char *sprole_sum = NULL;
34406 + int error = sizeof (struct gr_arg_wrapper);
34409 + down(&gr_dev_sem);
34411 + if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
34416 + if (count != sizeof (struct gr_arg_wrapper)) {
34417 + gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
34423 + if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
34424 + gr_auth_expires = 0;
34425 + gr_auth_attempts = 0;
34428 + if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
34433 + if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
34438 + if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
34443 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
34444 + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
34445 + time_after(gr_auth_expires, get_seconds())) {
34450 + /* if non-root trying to do anything other than use a special role,
34451 + do not attempt authentication, do not count towards authentication
34455 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
34456 + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
34462 + /* ensure pw and special role name are null terminated */
34464 + gr_usermode->pw[GR_PW_LEN - 1] = '\0';
34465 + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
34468 + * We have our enough of the argument structure..(we have yet
34469 + * to copy_from_user the tables themselves) . Copy the tables
34470 + * only if we need them, i.e. for loading operations. */
34472 + switch (gr_usermode->mode) {
34474 + if (gr_status & GR_READY) {
34476 + if (!gr_check_secure_terminal(current))
34481 + case GR_SHUTDOWN:
34482 + if ((gr_status & GR_READY)
34483 + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34484 + pax_open_kernel();
34485 + gr_status &= ~GR_READY;
34486 + pax_close_kernel();
34488 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
34489 + free_variables();
34490 + memset(gr_usermode, 0, sizeof (struct gr_arg));
34491 + memset(gr_system_salt, 0, GR_SALT_LEN);
34492 + memset(gr_system_sum, 0, GR_SHA_LEN);
34493 + } else if (gr_status & GR_READY) {
34494 + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
34497 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
34502 + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
34503 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
34505 + if (gr_status & GR_READY)
34509 + gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
34513 + if (!(gr_status & GR_READY)) {
34514 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
34516 + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34519 + pax_open_kernel();
34520 + gr_status &= ~GR_READY;
34521 + pax_close_kernel();
34523 + free_variables();
34524 + if (!(error2 = gracl_init(gr_usermode))) {
34526 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
34530 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
34533 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
34538 + if (unlikely(!(gr_status & GR_READY))) {
34539 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
34544 + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34545 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
34546 + if (gr_usermode->segv_device && gr_usermode->segv_inode) {
34547 + struct acl_subject_label *segvacl;
34549 + lookup_acl_subj_label(gr_usermode->segv_inode,
34550 + gr_usermode->segv_device,
34553 + segvacl->crashes = 0;
34554 + segvacl->expires = 0;
34556 + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
34557 + gr_remove_uid(gr_usermode->segv_uid);
34560 + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
34565 + case GR_SPROLEPAM:
34566 + if (unlikely(!(gr_status & GR_READY))) {
34567 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
34572 + if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
34573 + current->role->expires = 0;
34574 + current->role->auth_attempts = 0;
34577 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
34578 + time_after(current->role->expires, get_seconds())) {
34583 + if (lookup_special_role_auth
34584 + (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
34585 + && ((!sprole_salt && !sprole_sum)
34586 + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
34588 + assign_special_role(gr_usermode->sp_role);
34589 + read_lock(&tasklist_lock);
34590 + if (current->parent)
34591 + p = current->parent->role->rolename;
34592 + read_unlock(&tasklist_lock);
34593 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
34594 + p, acl_sp_role_value);
34596 + gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
34598 + if(!(current->role->auth_attempts++))
34599 + current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
34604 + case GR_UNSPROLE:
34605 + if (unlikely(!(gr_status & GR_READY))) {
34606 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
34611 + if (current->role->roletype & GR_ROLE_SPECIAL) {
34615 + read_lock(&tasklist_lock);
34616 + if (current->parent) {
34617 + p = current->parent->role->rolename;
34618 + i = current->parent->acl_role_id;
34620 + read_unlock(&tasklist_lock);
34622 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
34625 + gr_log_str(GR_DONT_AUDIT, GR_UNSPROLEF_ACL_MSG, current->role->rolename);
34631 + gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
34636 + if (error != -EPERM)
34639 + if(!(gr_auth_attempts++))
34640 + gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
34648 +gr_set_acls(const int type)
34650 + struct acl_object_label *obj;
34651 + struct task_struct *task, *task2;
34652 + struct file *filp;
34653 + struct acl_role_label *role = current->role;
34654 + __u16 acl_role_id = current->acl_role_id;
34655 + const struct cred *cred;
34657 + struct name_entry *nmatch;
34658 + struct acl_subject_label *tmpsubj;
34660 + read_lock(&tasklist_lock);
34661 + read_lock(&grsec_exec_file_lock);
34662 + do_each_thread(task2, task) {
34663 + /* check to see if we're called from the exit handler,
34664 + if so, only replace ACLs that have inherited the admin
34667 + if (type && (task->role != role ||
34668 + task->acl_role_id != acl_role_id))
34671 + task->acl_role_id = 0;
34672 + task->acl_sp_role = 0;
34674 + if ((filp = task->exec_file)) {
34675 + cred = __task_cred(task);
34676 + task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
34678 + /* the following is to apply the correct subject
34679 + on binaries running when the RBAC system
34680 + is enabled, when the binaries have been
34681 + replaced or deleted since their execution
34683 + when the RBAC system starts, the inode/dev
34684 + from exec_file will be one the RBAC system
34685 + is unaware of. It only knows the inode/dev
34686 + of the present file on disk, or the absence
34689 + preempt_disable();
34690 + tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
34692 + nmatch = lookup_name_entry(tmpname);
34693 + preempt_enable();
34696 + if (nmatch->deleted)
34697 + tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
34699 + tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
34700 + if (tmpsubj != NULL)
34701 + task->acl = tmpsubj;
34703 + if (tmpsubj == NULL)
34704 + task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
34707 + struct acl_subject_label *curr;
34708 + curr = task->acl;
34710 + task->is_writable = 0;
34711 + /* ignore additional mmap checks for processes that are writable
34712 + by the default ACL */
34713 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34714 + if (unlikely(obj->mode & GR_WRITE))
34715 + task->is_writable = 1;
34716 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
34717 + if (unlikely(obj->mode & GR_WRITE))
34718 + task->is_writable = 1;
34720 + gr_set_proc_res(task);
34722 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34723 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
34726 + read_unlock(&grsec_exec_file_lock);
34727 + read_unlock(&tasklist_lock);
34728 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
34732 + // it's a kernel process
34733 + task->role = kernel_role;
34734 + task->acl = kernel_role->root_label;
34735 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
34736 + task->acl->mode &= ~GR_PROCFIND;
34739 + } while_each_thread(task2, task);
34740 + read_unlock(&grsec_exec_file_lock);
34741 + read_unlock(&tasklist_lock);
34746 +gr_learn_resource(const struct task_struct *task,
34747 + const int res, const unsigned long wanted, const int gt)
34749 + struct acl_subject_label *acl;
34750 + const struct cred *cred;
34752 + if (unlikely((gr_status & GR_READY) &&
34753 + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
34754 + goto skip_reslog;
34756 +#ifdef CONFIG_GRKERNSEC_RESLOG
34757 + gr_log_resource(task, res, wanted, gt);
34761 + if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
34766 + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
34767 + !(acl->resmask & (1 << (unsigned short) res))))
34770 + if (wanted >= acl->res[res].rlim_cur) {
34771 + unsigned long res_add;
34773 + res_add = wanted;
34776 + res_add += GR_RLIM_CPU_BUMP;
34778 + case RLIMIT_FSIZE:
34779 + res_add += GR_RLIM_FSIZE_BUMP;
34781 + case RLIMIT_DATA:
34782 + res_add += GR_RLIM_DATA_BUMP;
34784 + case RLIMIT_STACK:
34785 + res_add += GR_RLIM_STACK_BUMP;
34787 + case RLIMIT_CORE:
34788 + res_add += GR_RLIM_CORE_BUMP;
34791 + res_add += GR_RLIM_RSS_BUMP;
34793 + case RLIMIT_NPROC:
34794 + res_add += GR_RLIM_NPROC_BUMP;
34796 + case RLIMIT_NOFILE:
34797 + res_add += GR_RLIM_NOFILE_BUMP;
34799 + case RLIMIT_MEMLOCK:
34800 + res_add += GR_RLIM_MEMLOCK_BUMP;
34803 + res_add += GR_RLIM_AS_BUMP;
34805 + case RLIMIT_LOCKS:
34806 + res_add += GR_RLIM_LOCKS_BUMP;
34808 + case RLIMIT_SIGPENDING:
34809 + res_add += GR_RLIM_SIGPENDING_BUMP;
34811 + case RLIMIT_MSGQUEUE:
34812 + res_add += GR_RLIM_MSGQUEUE_BUMP;
34814 + case RLIMIT_NICE:
34815 + res_add += GR_RLIM_NICE_BUMP;
34817 + case RLIMIT_RTPRIO:
34818 + res_add += GR_RLIM_RTPRIO_BUMP;
34820 + case RLIMIT_RTTIME:
34821 + res_add += GR_RLIM_RTTIME_BUMP;
34825 + acl->res[res].rlim_cur = res_add;
34827 + if (wanted > acl->res[res].rlim_max)
34828 + acl->res[res].rlim_max = res_add;
34830 + /* only log the subject filename, since resource logging is supported for
34831 + single-subject learning only */
34832 + cred = __task_cred(task);
34833 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
34834 + task->role->roletype, cred->uid, cred->gid, acl->filename,
34835 + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
34836 + "", (unsigned long) res, &task->signal->curr_ip);
34842 +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
34844 +pax_set_initial_flags(struct linux_binprm *bprm)
34846 + struct task_struct *task = current;
34847 + struct acl_subject_label *proc;
34848 + unsigned long flags;
34850 + if (unlikely(!(gr_status & GR_READY)))
34853 + flags = pax_get_flags(task);
34855 + proc = task->acl;
34857 + if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
34858 + flags &= ~MF_PAX_PAGEEXEC;
34859 + if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
34860 + flags &= ~MF_PAX_SEGMEXEC;
34861 + if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
34862 + flags &= ~MF_PAX_RANDMMAP;
34863 + if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
34864 + flags &= ~MF_PAX_EMUTRAMP;
34865 + if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
34866 + flags &= ~MF_PAX_MPROTECT;
34868 + if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
34869 + flags |= MF_PAX_PAGEEXEC;
34870 + if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
34871 + flags |= MF_PAX_SEGMEXEC;
34872 + if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
34873 + flags |= MF_PAX_RANDMMAP;
34874 + if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
34875 + flags |= MF_PAX_EMUTRAMP;
34876 + if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
34877 + flags |= MF_PAX_MPROTECT;
34879 + pax_set_flags(task, flags);
34885 +#ifdef CONFIG_SYSCTL
34886 +/* Eric Biederman likes breaking userland ABI and every inode-based security
34887 + system to save 35kb of memory */
34889 +/* we modify the passed in filename, but adjust it back before returning */
34890 +static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
34892 + struct name_entry *nmatch;
34893 + char *p, *lastp = NULL;
34894 + struct acl_object_label *obj = NULL, *tmp;
34895 + struct acl_subject_label *tmpsubj;
34898 + read_lock(&gr_inode_lock);
34900 + p = name + len - 1;
34902 + nmatch = lookup_name_entry(name);
34903 + if (lastp != NULL)
34906 + if (nmatch == NULL)
34907 + goto next_component;
34908 + tmpsubj = current->acl;
34910 + obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
34911 + if (obj != NULL) {
34912 + tmp = obj->globbed;
34914 + if (!glob_match(tmp->filename, name)) {
34922 + } while ((tmpsubj = tmpsubj->parent_subject));
34928 + while (*p != '/')
34940 + read_unlock(&gr_inode_lock);
34941 + /* obj returned will always be non-null */
34945 +/* returns 0 when allowing, non-zero on error
34946 + op of 0 is used for readdir, so we don't log the names of hidden files
34949 +gr_handle_sysctl(const struct ctl_table *table, const int op)
34952 + const char *proc_sys = "/proc/sys";
34954 + struct acl_object_label *obj;
34955 + unsigned short len = 0, pos = 0, depth = 0, i;
34959 + if (unlikely(!(gr_status & GR_READY)))
34962 + /* for now, ignore operations on non-sysctl entries if it's not a
34964 + if (table->child != NULL && op != 0)
34968 + /* it's only a read if it's an entry, read on dirs is for readdir */
34969 + if (op & MAY_READ)
34971 + if (op & MAY_WRITE)
34972 + mode |= GR_WRITE;
34974 + preempt_disable();
34976 + path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
34978 + /* it's only a read/write if it's an actual entry, not a dir
34979 + (which are opened for readdir)
34982 + /* convert the requested sysctl entry into a pathname */
34984 + for (tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
34985 + len += strlen(tmp->procname);
34990 + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
34995 + memset(path, 0, PAGE_SIZE);
34997 + memcpy(path, proc_sys, strlen(proc_sys));
34999 + pos += strlen(proc_sys);
35001 + for (; depth > 0; depth--) {
35004 + for (i = 1, tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
35005 + if (depth == i) {
35006 + memcpy(path + pos, tmp->procname,
35007 + strlen(tmp->procname));
35008 + pos += strlen(tmp->procname);
35014 + obj = gr_lookup_by_name(path, pos);
35015 + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
35017 + if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
35018 + ((err & mode) != mode))) {
35019 + __u32 new_mode = mode;
35021 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
35024 + gr_log_learn_sysctl(path, new_mode);
35025 + } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
35026 + gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
35028 + } else if (!(err & GR_FIND)) {
35030 + } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
35031 + gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
35032 + path, (mode & GR_READ) ? " reading" : "",
35033 + (mode & GR_WRITE) ? " writing" : "");
35035 + } else if ((err & mode) != mode) {
35037 + } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
35038 + gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
35039 + path, (mode & GR_READ) ? " reading" : "",
35040 + (mode & GR_WRITE) ? " writing" : "");
35046 + preempt_enable();
35053 +gr_handle_proc_ptrace(struct task_struct *task)
35055 + struct file *filp;
35056 + struct task_struct *tmp = task;
35057 + struct task_struct *curtemp = current;
35060 +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
35061 + if (unlikely(!(gr_status & GR_READY)))
35065 + read_lock(&tasklist_lock);
35066 + read_lock(&grsec_exec_file_lock);
35067 + filp = task->exec_file;
35069 + while (tmp->pid > 0) {
35070 + if (tmp == curtemp)
35072 + tmp = tmp->parent;
35075 + if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
35076 + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
35077 + read_unlock(&grsec_exec_file_lock);
35078 + read_unlock(&tasklist_lock);
35082 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
35083 + if (!(gr_status & GR_READY)) {
35084 + read_unlock(&grsec_exec_file_lock);
35085 + read_unlock(&tasklist_lock);
35090 + retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
35091 + read_unlock(&grsec_exec_file_lock);
35092 + read_unlock(&tasklist_lock);
35094 + if (retmode & GR_NOPTRACE)
35097 + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
35098 + && (current->acl != task->acl || (current->acl != current->role->root_label
35099 + && current->pid != task->pid)))
35106 +gr_handle_ptrace(struct task_struct *task, const long request)
35108 + struct task_struct *tmp = task;
35109 + struct task_struct *curtemp = current;
35112 +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
35113 + if (unlikely(!(gr_status & GR_READY)))
35117 + read_lock(&tasklist_lock);
35118 + while (tmp->pid > 0) {
35119 + if (tmp == curtemp)
35121 + tmp = tmp->parent;
35124 + if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
35125 + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
35126 + read_unlock(&tasklist_lock);
35127 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35130 + read_unlock(&tasklist_lock);
35132 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
35133 + if (!(gr_status & GR_READY))
35137 + read_lock(&grsec_exec_file_lock);
35138 + if (unlikely(!task->exec_file)) {
35139 + read_unlock(&grsec_exec_file_lock);
35143 + retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
35144 + read_unlock(&grsec_exec_file_lock);
35146 + if (retmode & GR_NOPTRACE) {
35147 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35151 + if (retmode & GR_PTRACERD) {
35152 + switch (request) {
35153 + case PTRACE_POKETEXT:
35154 + case PTRACE_POKEDATA:
35155 + case PTRACE_POKEUSR:
35156 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
35157 + case PTRACE_SETREGS:
35158 + case PTRACE_SETFPREGS:
35161 + case PTRACE_SETFPXREGS:
35163 +#ifdef CONFIG_ALTIVEC
35164 + case PTRACE_SETVRREGS:
35170 + } else if (!(current->acl->mode & GR_POVERRIDE) &&
35171 + !(current->role->roletype & GR_ROLE_GOD) &&
35172 + (current->acl != task->acl)) {
35173 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35180 +static int is_writable_mmap(const struct file *filp)
35182 + struct task_struct *task = current;
35183 + struct acl_object_label *obj, *obj2;
35185 + if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
35186 + !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode)) {
35187 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
35188 + obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
35189 + task->role->root_label);
35190 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
35191 + gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
35199 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
35203 + if (unlikely(!file || !(prot & PROT_EXEC)))
35206 + if (is_writable_mmap(file))
35210 + gr_search_file(file->f_path.dentry,
35211 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
35212 + file->f_path.mnt);
35214 + if (!gr_tpe_allow(file))
35217 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
35218 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35220 + } else if (unlikely(!(mode & GR_EXEC))) {
35222 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
35223 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35231 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
35235 + if (unlikely(!file || !(prot & PROT_EXEC)))
35238 + if (is_writable_mmap(file))
35242 + gr_search_file(file->f_path.dentry,
35243 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
35244 + file->f_path.mnt);
35246 + if (!gr_tpe_allow(file))
35249 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
35250 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35252 + } else if (unlikely(!(mode & GR_EXEC))) {
35254 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
35255 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35263 +gr_acl_handle_psacct(struct task_struct *task, const long code)
35265 + unsigned long runtime;
35266 + unsigned long cputime;
35267 + unsigned int wday, cday;
35271 + struct timespec timeval;
35273 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
35274 + !(task->acl->mode & GR_PROCACCT)))
35277 + do_posix_clock_monotonic_gettime(&timeval);
35278 + runtime = timeval.tv_sec - task->start_time.tv_sec;
35279 + wday = runtime / (3600 * 24);
35280 + runtime -= wday * (3600 * 24);
35281 + whr = runtime / 3600;
35282 + runtime -= whr * 3600;
35283 + wmin = runtime / 60;
35284 + runtime -= wmin * 60;
35287 + cputime = (task->utime + task->stime) / HZ;
35288 + cday = cputime / (3600 * 24);
35289 + cputime -= cday * (3600 * 24);
35290 + chr = cputime / 3600;
35291 + cputime -= chr * 3600;
35292 + cmin = cputime / 60;
35293 + cputime -= cmin * 60;
35296 + gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
35301 +void gr_set_kernel_label(struct task_struct *task)
35303 + if (gr_status & GR_READY) {
35304 + task->role = kernel_role;
35305 + task->acl = kernel_role->root_label;
35310 +#ifdef CONFIG_TASKSTATS
35311 +int gr_is_taskstats_denied(int pid)
35313 + struct task_struct *task;
35314 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35315 + const struct cred *cred;
35319 + /* restrict taskstats viewing to un-chrooted root users
35320 + who have the 'view' subject flag if the RBAC system is enabled
35323 + read_lock(&tasklist_lock);
35324 + task = find_task_by_vpid(pid);
35327 +#ifdef CONFIG_GRKERNSEC_CHROOT
35328 + if (proc_is_chrooted(task))
35331 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35332 + cred = __task_cred(task);
35333 +#ifdef CONFIG_GRKERNSEC_PROC_USER
35334 + if (cred->uid != 0)
35336 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35337 + if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID))
35341 + if (gr_status & GR_READY) {
35342 + if (!(task->acl->mode & GR_VIEW))
35346 + task_unlock(task);
35350 + read_unlock(&tasklist_lock);
35356 +int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
35358 + struct task_struct *task = current;
35359 + struct dentry *dentry = file->f_path.dentry;
35360 + struct vfsmount *mnt = file->f_path.mnt;
35361 + struct acl_object_label *obj, *tmp;
35362 + struct acl_subject_label *subj;
35363 + unsigned int bufsize;
35367 + if (unlikely(!(gr_status & GR_READY)))
35370 + if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
35373 + /* ignore Eric Biederman */
35374 + if (IS_PRIVATE(dentry->d_inode))
35377 + subj = task->acl;
35379 + obj = lookup_acl_obj_label(ino, dentry->d_inode->i_sb->s_dev, subj);
35381 + return (obj->mode & GR_FIND) ? 1 : 0;
35382 + } while ((subj = subj->parent_subject));
35384 + /* this is purely an optimization since we're looking for an object
35385 + for the directory we're doing a readdir on
35386 + if it's possible for any globbed object to match the entry we're
35387 + filling into the directory, then the object we find here will be
35388 + an anchor point with attached globbed objects
35390 + obj = chk_obj_label_noglob(dentry, mnt, task->acl);
35391 + if (obj->globbed == NULL)
35392 + return (obj->mode & GR_FIND) ? 1 : 0;
35394 + is_not_root = ((obj->filename[0] == '/') &&
35395 + (obj->filename[1] == '\0')) ? 0 : 1;
35396 + bufsize = PAGE_SIZE - namelen - is_not_root;
35398 + /* check bufsize > PAGE_SIZE || bufsize == 0 */
35399 + if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
35402 + preempt_disable();
35403 + path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
35406 + bufsize = strlen(path);
35408 + /* if base is "/", don't append an additional slash */
35410 + *(path + bufsize) = '/';
35411 + memcpy(path + bufsize + is_not_root, name, namelen);
35412 + *(path + bufsize + namelen + is_not_root) = '\0';
35414 + tmp = obj->globbed;
35416 + if (!glob_match(tmp->filename, path)) {
35417 + preempt_enable();
35418 + return (tmp->mode & GR_FIND) ? 1 : 0;
35422 + preempt_enable();
35423 + return (obj->mode & GR_FIND) ? 1 : 0;
35426 +EXPORT_SYMBOL(gr_learn_resource);
35427 +EXPORT_SYMBOL(gr_set_kernel_label);
35428 +#ifdef CONFIG_SECURITY
35429 +EXPORT_SYMBOL(gr_check_user_change);
35430 +EXPORT_SYMBOL(gr_check_group_change);
35433 diff -urNp linux-2.6.32.1/grsecurity/gracl_cap.c linux-2.6.32.1/grsecurity/gracl_cap.c
35434 --- linux-2.6.32.1/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
35435 +++ linux-2.6.32.1/grsecurity/gracl_cap.c 2009-12-14 18:33:58.960821027 -0500
35437 +#include <linux/kernel.h>
35438 +#include <linux/module.h>
35439 +#include <linux/sched.h>
35440 +#include <linux/gracl.h>
35441 +#include <linux/grsecurity.h>
35442 +#include <linux/grinternal.h>
35444 +static const char *captab_log[] = {
35446 + "CAP_DAC_OVERRIDE",
35447 + "CAP_DAC_READ_SEARCH",
35454 + "CAP_LINUX_IMMUTABLE",
35455 + "CAP_NET_BIND_SERVICE",
35456 + "CAP_NET_BROADCAST",
35461 + "CAP_SYS_MODULE",
35463 + "CAP_SYS_CHROOT",
35464 + "CAP_SYS_PTRACE",
35469 + "CAP_SYS_RESOURCE",
35471 + "CAP_SYS_TTY_CONFIG",
35474 + "CAP_AUDIT_WRITE",
35475 + "CAP_AUDIT_CONTROL",
35477 + "CAP_MAC_OVERRIDE",
35481 +EXPORT_SYMBOL(gr_is_capable);
35482 +EXPORT_SYMBOL(gr_is_capable_nolog);
35485 +gr_is_capable(const int cap)
35487 + struct task_struct *task = current;
35488 + const struct cred *cred = current_cred();
35489 + struct acl_subject_label *curracl;
35490 + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
35492 + if (!gr_acl_is_enabled())
35495 + curracl = task->acl;
35497 + cap_drop = curracl->cap_lower;
35498 + cap_mask = curracl->cap_mask;
35500 + while ((curracl = curracl->parent_subject)) {
35501 + /* if the cap isn't specified in the current computed mask but is specified in the
35502 + current level subject, and is lowered in the current level subject, then add
35503 + it to the set of dropped capabilities
35504 + otherwise, add the current level subject's mask to the current computed mask
35506 + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
35507 + cap_raise(cap_mask, cap);
35508 + if (cap_raised(curracl->cap_lower, cap))
35509 + cap_raise(cap_drop, cap);
35513 + if (!cap_raised(cap_drop, cap))
35516 + curracl = task->acl;
35518 + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
35519 + && cap_raised(cred->cap_effective, cap)) {
35520 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
35521 + task->role->roletype, cred->uid,
35522 + cred->gid, task->exec_file ?
35523 + gr_to_filename(task->exec_file->f_path.dentry,
35524 + task->exec_file->f_path.mnt) : curracl->filename,
35525 + curracl->filename, 0UL,
35526 + 0UL, "", (unsigned long) cap, &task->signal->curr_ip);
35530 + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap))
35531 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
35536 +gr_is_capable_nolog(const int cap)
35538 + struct acl_subject_label *curracl;
35539 + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
35541 + if (!gr_acl_is_enabled())
35544 + curracl = current->acl;
35546 + cap_drop = curracl->cap_lower;
35547 + cap_mask = curracl->cap_mask;
35549 + while ((curracl = curracl->parent_subject)) {
35550 + /* if the cap isn't specified in the current computed mask but is specified in the
35551 + current level subject, and is lowered in the current level subject, then add
35552 + it to the set of dropped capabilities
35553 + otherwise, add the current level subject's mask to the current computed mask
35555 + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
35556 + cap_raise(cap_mask, cap);
35557 + if (cap_raised(curracl->cap_lower, cap))
35558 + cap_raise(cap_drop, cap);
35562 + if (!cap_raised(cap_drop, cap))
35568 diff -urNp linux-2.6.32.1/grsecurity/gracl_fs.c linux-2.6.32.1/grsecurity/gracl_fs.c
35569 --- linux-2.6.32.1/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
35570 +++ linux-2.6.32.1/grsecurity/gracl_fs.c 2009-12-14 18:33:58.960821027 -0500
35572 +#include <linux/kernel.h>
35573 +#include <linux/sched.h>
35574 +#include <linux/types.h>
35575 +#include <linux/fs.h>
35576 +#include <linux/file.h>
35577 +#include <linux/stat.h>
35578 +#include <linux/grsecurity.h>
35579 +#include <linux/grinternal.h>
35580 +#include <linux/gracl.h>
35583 +gr_acl_handle_hidden_file(const struct dentry * dentry,
35584 + const struct vfsmount * mnt)
35588 + if (unlikely(!dentry->d_inode))
35592 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
35594 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
35595 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
35597 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
35598 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
35600 + } else if (unlikely(!(mode & GR_FIND)))
35607 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
35610 + __u32 reqmode = GR_FIND;
35613 + if (unlikely(!dentry->d_inode))
35616 + if (unlikely(fmode & O_APPEND))
35617 + reqmode |= GR_APPEND;
35618 + else if (unlikely(fmode & FMODE_WRITE))
35619 + reqmode |= GR_WRITE;
35620 + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
35621 + reqmode |= GR_READ;
35622 + if ((fmode & FMODE_GREXEC) && (fmode & FMODE_EXEC))
35623 + reqmode &= ~GR_READ;
35625 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
35628 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35629 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
35630 + reqmode & GR_READ ? " reading" : "",
35631 + reqmode & GR_WRITE ? " writing" : reqmode &
35632 + GR_APPEND ? " appending" : "");
35635 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35637 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
35638 + reqmode & GR_READ ? " reading" : "",
35639 + reqmode & GR_WRITE ? " writing" : reqmode &
35640 + GR_APPEND ? " appending" : "");
35642 + } else if (unlikely((mode & reqmode) != reqmode))
35649 +gr_acl_handle_creat(const struct dentry * dentry,
35650 + const struct dentry * p_dentry,
35651 + const struct vfsmount * p_mnt, const int fmode,
35654 + __u32 reqmode = GR_WRITE | GR_CREATE;
35657 + if (unlikely(fmode & O_APPEND))
35658 + reqmode |= GR_APPEND;
35659 + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
35660 + reqmode |= GR_READ;
35661 + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
35662 + reqmode |= GR_SETID;
35665 + gr_check_create(dentry, p_dentry, p_mnt,
35666 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
35668 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35669 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
35670 + reqmode & GR_READ ? " reading" : "",
35671 + reqmode & GR_WRITE ? " writing" : reqmode &
35672 + GR_APPEND ? " appending" : "");
35675 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35677 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
35678 + reqmode & GR_READ ? " reading" : "",
35679 + reqmode & GR_WRITE ? " writing" : reqmode &
35680 + GR_APPEND ? " appending" : "");
35682 + } else if (unlikely((mode & reqmode) != reqmode))
35689 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
35692 + __u32 mode, reqmode = GR_FIND;
35694 + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
35695 + reqmode |= GR_EXEC;
35696 + if (fmode & S_IWOTH)
35697 + reqmode |= GR_WRITE;
35698 + if (fmode & S_IROTH)
35699 + reqmode |= GR_READ;
35702 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
35705 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35706 + gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
35707 + reqmode & GR_READ ? " reading" : "",
35708 + reqmode & GR_WRITE ? " writing" : "",
35709 + reqmode & GR_EXEC ? " executing" : "");
35712 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35714 + gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
35715 + reqmode & GR_READ ? " reading" : "",
35716 + reqmode & GR_WRITE ? " writing" : "",
35717 + reqmode & GR_EXEC ? " executing" : "");
35719 + } else if (unlikely((mode & reqmode) != reqmode))
35725 +static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
35729 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
35731 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
35732 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
35734 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
35735 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
35737 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
35740 + return (reqmode);
35744 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
35746 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
35750 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
35752 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
35756 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
35758 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
35762 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
35764 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
35768 +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
35771 + if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
35774 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
35775 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
35776 + GR_FCHMOD_ACL_MSG);
35778 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
35783 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
35786 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
35787 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
35788 + GR_CHMOD_ACL_MSG);
35790 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
35795 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
35797 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
35801 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
35803 + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
35807 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
35809 + return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
35810 + GR_UNIXCONNECT_ACL_MSG);
35813 +/* hardlinks require at minimum create permission,
35814 + any additional privilege required is based on the
35815 + privilege of the file being linked to
35818 +gr_acl_handle_link(const struct dentry * new_dentry,
35819 + const struct dentry * parent_dentry,
35820 + const struct vfsmount * parent_mnt,
35821 + const struct dentry * old_dentry,
35822 + const struct vfsmount * old_mnt, const char *to)
35825 + __u32 needmode = GR_CREATE | GR_LINK;
35826 + __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
35829 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
35832 + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
35833 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
35835 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
35836 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
35838 + } else if (unlikely((mode & needmode) != needmode))
35845 +gr_acl_handle_symlink(const struct dentry * new_dentry,
35846 + const struct dentry * parent_dentry,
35847 + const struct vfsmount * parent_mnt, const char *from)
35849 + __u32 needmode = GR_WRITE | GR_CREATE;
35853 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
35854 + GR_CREATE | GR_AUDIT_CREATE |
35855 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
35857 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
35858 + gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
35860 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
35861 + gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
35863 + } else if (unlikely((mode & needmode) != needmode))
35866 + return (GR_WRITE | GR_CREATE);
35869 +static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
35873 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
35875 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
35876 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
35878 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
35879 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
35881 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
35884 + return (reqmode);
35888 +gr_acl_handle_mknod(const struct dentry * new_dentry,
35889 + const struct dentry * parent_dentry,
35890 + const struct vfsmount * parent_mnt,
35893 + __u32 reqmode = GR_WRITE | GR_CREATE;
35894 + if (unlikely(mode & (S_ISUID | S_ISGID)))
35895 + reqmode |= GR_SETID;
35897 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
35898 + reqmode, GR_MKNOD_ACL_MSG);
35902 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
35903 + const struct dentry *parent_dentry,
35904 + const struct vfsmount *parent_mnt)
35906 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
35907 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
35910 +#define RENAME_CHECK_SUCCESS(old, new) \
35911 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
35912 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
35915 +gr_acl_handle_rename(struct dentry *new_dentry,
35916 + struct dentry *parent_dentry,
35917 + const struct vfsmount *parent_mnt,
35918 + struct dentry *old_dentry,
35919 + struct inode *old_parent_inode,
35920 + struct vfsmount *old_mnt, const char *newname)
35922 + __u32 comp1, comp2;
35925 + if (unlikely(!gr_acl_is_enabled()))
35928 + if (!new_dentry->d_inode) {
35929 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
35930 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
35931 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
35932 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
35933 + GR_DELETE | GR_AUDIT_DELETE |
35934 + GR_AUDIT_READ | GR_AUDIT_WRITE |
35935 + GR_SUPPRESS, old_mnt);
35937 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
35938 + GR_CREATE | GR_DELETE |
35939 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
35940 + GR_AUDIT_READ | GR_AUDIT_WRITE |
35941 + GR_SUPPRESS, parent_mnt);
35943 + gr_search_file(old_dentry,
35944 + GR_READ | GR_WRITE | GR_AUDIT_READ |
35945 + GR_DELETE | GR_AUDIT_DELETE |
35946 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
35949 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
35950 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
35951 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
35952 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
35953 + && !(comp2 & GR_SUPPRESS)) {
35954 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
35956 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
35963 +gr_acl_handle_exit(void)
35967 + struct file *exec_file;
35969 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
35970 + id = current->acl_role_id;
35971 + rolename = current->role->rolename;
35973 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
35976 + write_lock(&grsec_exec_file_lock);
35977 + exec_file = current->exec_file;
35978 + current->exec_file = NULL;
35979 + write_unlock(&grsec_exec_file_lock);
35986 +gr_acl_handle_procpidmem(const struct task_struct *task)
35988 + if (unlikely(!gr_acl_is_enabled()))
35991 + if (task != current && task->acl->mode & GR_PROTPROCFD)
35996 diff -urNp linux-2.6.32.1/grsecurity/gracl_ip.c linux-2.6.32.1/grsecurity/gracl_ip.c
35997 --- linux-2.6.32.1/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
35998 +++ linux-2.6.32.1/grsecurity/gracl_ip.c 2009-12-14 18:33:58.961941417 -0500
36000 +#include <linux/kernel.h>
36001 +#include <asm/uaccess.h>
36002 +#include <asm/errno.h>
36003 +#include <net/sock.h>
36004 +#include <linux/file.h>
36005 +#include <linux/fs.h>
36006 +#include <linux/net.h>
36007 +#include <linux/in.h>
36008 +#include <linux/skbuff.h>
36009 +#include <linux/ip.h>
36010 +#include <linux/udp.h>
36011 +#include <linux/smp_lock.h>
36012 +#include <linux/types.h>
36013 +#include <linux/sched.h>
36014 +#include <linux/netdevice.h>
36015 +#include <linux/inetdevice.h>
36016 +#include <linux/gracl.h>
36017 +#include <linux/grsecurity.h>
36018 +#include <linux/grinternal.h>
36020 +#define GR_BIND 0x01
36021 +#define GR_CONNECT 0x02
36022 +#define GR_INVERT 0x04
36023 +#define GR_BINDOVERRIDE 0x08
36024 +#define GR_CONNECTOVERRIDE 0x10
36026 +static const char * gr_protocols[256] = {
36027 + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
36028 + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
36029 + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
36030 + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
36031 + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
36032 + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
36033 + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
36034 + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
36035 + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
36036 + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
36037 + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
36038 + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
36039 + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
36040 + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
36041 + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
36042 + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
36043 + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
36044 + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
36045 + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
36046 + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
36047 + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
36048 + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
36049 + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
36050 + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
36051 + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
36052 + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
36053 + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
36054 + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
36055 + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
36056 + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
36057 + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
36058 + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
36061 +static const char * gr_socktypes[11] = {
36062 + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
36063 + "unknown:7", "unknown:8", "unknown:9", "packet"
36067 +gr_proto_to_name(unsigned char proto)
36069 + return gr_protocols[proto];
36073 +gr_socktype_to_name(unsigned char type)
36075 + return gr_socktypes[type];
36079 +gr_search_socket(const int domain, const int type, const int protocol)
36081 + struct acl_subject_label *curr;
36082 + const struct cred *cred = current_cred();
36084 + if (unlikely(!gr_acl_is_enabled()))
36087 + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
36088 + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
36089 + goto exit; // let the kernel handle it
36091 + curr = current->acl;
36096 + if ((curr->ip_type & (1 << type)) &&
36097 + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
36100 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
36101 + /* we don't place acls on raw sockets , and sometimes
36102 + dgram/ip sockets are opened for ioctl and not
36103 + bind/connect, so we'll fake a bind learn log */
36104 + if (type == SOCK_RAW || type == SOCK_PACKET) {
36105 + __u32 fakeip = 0;
36106 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36107 + current->role->roletype, cred->uid,
36108 + cred->gid, current->exec_file ?
36109 + gr_to_filename(current->exec_file->f_path.dentry,
36110 + current->exec_file->f_path.mnt) :
36111 + curr->filename, curr->filename,
36112 + &fakeip, 0, type,
36113 + protocol, GR_CONNECT, ¤t->signal->curr_ip);
36114 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
36115 + __u32 fakeip = 0;
36116 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36117 + current->role->roletype, cred->uid,
36118 + cred->gid, current->exec_file ?
36119 + gr_to_filename(current->exec_file->f_path.dentry,
36120 + current->exec_file->f_path.mnt) :
36121 + curr->filename, curr->filename,
36122 + &fakeip, 0, type,
36123 + protocol, GR_BIND, ¤t->signal->curr_ip);
36125 + /* we'll log when they use connect or bind */
36129 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet",
36130 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
36137 +int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
36139 + if ((ip->mode & mode) &&
36140 + (ip_port >= ip->low) &&
36141 + (ip_port <= ip->high) &&
36142 + ((ntohl(ip_addr) & our_netmask) ==
36143 + (ntohl(our_addr) & our_netmask))
36144 + && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
36145 + && (ip->type & (1 << type))) {
36146 + if (ip->mode & GR_INVERT)
36147 + return 2; // specifically denied
36149 + return 1; // allowed
36152 + return 0; // not specifically allowed, may continue parsing
36156 +gr_search_connectbind(const int full_mode, struct sock *sk,
36157 + struct sockaddr_in *addr, const int type)
36159 + char iface[IFNAMSIZ] = {0};
36160 + struct acl_subject_label *curr;
36161 + struct acl_ip_label *ip;
36162 + struct inet_sock *isk;
36163 + struct net_device *dev;
36164 + struct in_device *idev;
36167 + int mode = full_mode & (GR_BIND | GR_CONNECT);
36168 + __u32 ip_addr = 0;
36170 + __u32 our_netmask;
36172 + __u16 ip_port = 0;
36173 + const struct cred *cred = current_cred();
36175 + if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
36178 + curr = current->acl;
36179 + isk = inet_sk(sk);
36181 + /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
36182 + if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
36183 + addr->sin_addr.s_addr = curr->inaddr_any_override;
36184 + if ((full_mode & GR_CONNECT) && isk->saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
36185 + struct sockaddr_in saddr;
36188 + saddr.sin_family = AF_INET;
36189 + saddr.sin_addr.s_addr = curr->inaddr_any_override;
36190 + saddr.sin_port = isk->sport;
36192 + err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
36196 + err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
36204 + ip_addr = addr->sin_addr.s_addr;
36205 + ip_port = ntohs(addr->sin_port);
36207 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
36208 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36209 + current->role->roletype, cred->uid,
36210 + cred->gid, current->exec_file ?
36211 + gr_to_filename(current->exec_file->f_path.dentry,
36212 + current->exec_file->f_path.mnt) :
36213 + curr->filename, curr->filename,
36214 + &ip_addr, ip_port, type,
36215 + sk->sk_protocol, mode, ¤t->signal->curr_ip);
36219 + for (i = 0; i < curr->ip_num; i++) {
36220 + ip = *(curr->ips + i);
36221 + if (ip->iface != NULL) {
36222 + strncpy(iface, ip->iface, IFNAMSIZ - 1);
36223 + p = strchr(iface, ':');
36226 + dev = dev_get_by_name(sock_net(sk), iface);
36229 + idev = in_dev_get(dev);
36230 + if (idev == NULL) {
36236 + if (!strcmp(ip->iface, ifa->ifa_label)) {
36237 + our_addr = ifa->ifa_address;
36238 + our_netmask = 0xffffffff;
36239 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
36241 + rcu_read_unlock();
36242 + in_dev_put(idev);
36245 + } else if (ret == 2) {
36246 + rcu_read_unlock();
36247 + in_dev_put(idev);
36252 + } endfor_ifa(idev);
36253 + rcu_read_unlock();
36254 + in_dev_put(idev);
36257 + our_addr = ip->addr;
36258 + our_netmask = ip->netmask;
36259 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
36262 + else if (ret == 2)
36268 + if (mode == GR_BIND)
36269 + gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
36270 + else if (mode == GR_CONNECT)
36271 + gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
36277 +gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
36279 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
36283 +gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
36285 + return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
36288 +int gr_search_listen(struct socket *sock)
36290 + struct sock *sk = sock->sk;
36291 + struct sockaddr_in addr;
36293 + addr.sin_addr.s_addr = inet_sk(sk)->saddr;
36294 + addr.sin_port = inet_sk(sk)->sport;
36296 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
36299 +int gr_search_accept(struct socket *sock)
36301 + struct sock *sk = sock->sk;
36302 + struct sockaddr_in addr;
36304 + addr.sin_addr.s_addr = inet_sk(sk)->saddr;
36305 + addr.sin_port = inet_sk(sk)->sport;
36307 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
36311 +gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
36314 + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
36316 + struct sockaddr_in sin;
36317 + const struct inet_sock *inet = inet_sk(sk);
36319 + sin.sin_addr.s_addr = inet->daddr;
36320 + sin.sin_port = inet->dport;
36322 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
36327 +gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
36329 + struct sockaddr_in sin;
36331 + if (unlikely(skb->len < sizeof (struct udphdr)))
36332 + return 0; // skip this packet
36334 + sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
36335 + sin.sin_port = udp_hdr(skb)->source;
36337 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
36339 diff -urNp linux-2.6.32.1/grsecurity/gracl_learn.c linux-2.6.32.1/grsecurity/gracl_learn.c
36340 --- linux-2.6.32.1/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
36341 +++ linux-2.6.32.1/grsecurity/gracl_learn.c 2009-12-14 18:33:58.961941417 -0500
36343 +#include <linux/kernel.h>
36344 +#include <linux/mm.h>
36345 +#include <linux/sched.h>
36346 +#include <linux/poll.h>
36347 +#include <linux/smp_lock.h>
36348 +#include <linux/string.h>
36349 +#include <linux/file.h>
36350 +#include <linux/types.h>
36351 +#include <linux/vmalloc.h>
36352 +#include <linux/grinternal.h>
36354 +extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
36355 + size_t count, loff_t *ppos);
36356 +extern int gr_acl_is_enabled(void);
36358 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
36359 +static int gr_learn_attached;
36361 +/* use a 512k buffer */
36362 +#define LEARN_BUFFER_SIZE (512 * 1024)
36364 +static DEFINE_SPINLOCK(gr_learn_lock);
36365 +static DECLARE_MUTEX(gr_learn_user_sem);
36367 +/* we need to maintain two buffers, so that the kernel context of grlearn
36368 + uses a semaphore around the userspace copying, and the other kernel contexts
36369 + use a spinlock when copying into the buffer, since they cannot sleep
36371 +static char *learn_buffer;
36372 +static char *learn_buffer_user;
36373 +static int learn_buffer_len;
36374 +static int learn_buffer_user_len;
36377 +read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
36379 + DECLARE_WAITQUEUE(wait, current);
36380 + ssize_t retval = 0;
36382 + add_wait_queue(&learn_wait, &wait);
36383 + set_current_state(TASK_INTERRUPTIBLE);
36385 + down(&gr_learn_user_sem);
36386 + spin_lock(&gr_learn_lock);
36387 + if (learn_buffer_len)
36389 + spin_unlock(&gr_learn_lock);
36390 + up(&gr_learn_user_sem);
36391 + if (file->f_flags & O_NONBLOCK) {
36392 + retval = -EAGAIN;
36395 + if (signal_pending(current)) {
36396 + retval = -ERESTARTSYS;
36403 + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
36404 + learn_buffer_user_len = learn_buffer_len;
36405 + retval = learn_buffer_len;
36406 + learn_buffer_len = 0;
36408 + spin_unlock(&gr_learn_lock);
36410 + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
36411 + retval = -EFAULT;
36413 + up(&gr_learn_user_sem);
36415 + set_current_state(TASK_RUNNING);
36416 + remove_wait_queue(&learn_wait, &wait);
36420 +static unsigned int
36421 +poll_learn(struct file * file, poll_table * wait)
36423 + poll_wait(file, &learn_wait, wait);
36425 + if (learn_buffer_len)
36426 + return (POLLIN | POLLRDNORM);
36432 +gr_clear_learn_entries(void)
36436 + down(&gr_learn_user_sem);
36437 + if (learn_buffer != NULL) {
36438 + spin_lock(&gr_learn_lock);
36439 + tmp = learn_buffer;
36440 + learn_buffer = NULL;
36441 + spin_unlock(&gr_learn_lock);
36442 + vfree(learn_buffer);
36444 + if (learn_buffer_user != NULL) {
36445 + vfree(learn_buffer_user);
36446 + learn_buffer_user = NULL;
36448 + learn_buffer_len = 0;
36449 + up(&gr_learn_user_sem);
36455 +gr_add_learn_entry(const char *fmt, ...)
36458 + unsigned int len;
36460 + if (!gr_learn_attached)
36463 + spin_lock(&gr_learn_lock);
36465 + /* leave a gap at the end so we know when it's "full" but don't have to
36466 + compute the exact length of the string we're trying to append
36468 + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
36469 + spin_unlock(&gr_learn_lock);
36470 + wake_up_interruptible(&learn_wait);
36473 + if (learn_buffer == NULL) {
36474 + spin_unlock(&gr_learn_lock);
36478 + va_start(args, fmt);
36479 + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
36482 + learn_buffer_len += len + 1;
36484 + spin_unlock(&gr_learn_lock);
36485 + wake_up_interruptible(&learn_wait);
36491 +open_learn(struct inode *inode, struct file *file)
36493 + if (file->f_mode & FMODE_READ && gr_learn_attached)
36495 + if (file->f_mode & FMODE_READ) {
36497 + down(&gr_learn_user_sem);
36498 + if (learn_buffer == NULL)
36499 + learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
36500 + if (learn_buffer_user == NULL)
36501 + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
36502 + if (learn_buffer == NULL) {
36503 + retval = -ENOMEM;
36506 + if (learn_buffer_user == NULL) {
36507 + retval = -ENOMEM;
36510 + learn_buffer_len = 0;
36511 + learn_buffer_user_len = 0;
36512 + gr_learn_attached = 1;
36514 + up(&gr_learn_user_sem);
36521 +close_learn(struct inode *inode, struct file *file)
36525 + if (file->f_mode & FMODE_READ) {
36526 + down(&gr_learn_user_sem);
36527 + if (learn_buffer != NULL) {
36528 + spin_lock(&gr_learn_lock);
36529 + tmp = learn_buffer;
36530 + learn_buffer = NULL;
36531 + spin_unlock(&gr_learn_lock);
36534 + if (learn_buffer_user != NULL) {
36535 + vfree(learn_buffer_user);
36536 + learn_buffer_user = NULL;
36538 + learn_buffer_len = 0;
36539 + learn_buffer_user_len = 0;
36540 + gr_learn_attached = 0;
36541 + up(&gr_learn_user_sem);
36547 +const struct file_operations grsec_fops = {
36548 + .read = read_learn,
36549 + .write = write_grsec_handler,
36550 + .open = open_learn,
36551 + .release = close_learn,
36552 + .poll = poll_learn,
36554 diff -urNp linux-2.6.32.1/grsecurity/gracl_res.c linux-2.6.32.1/grsecurity/gracl_res.c
36555 --- linux-2.6.32.1/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
36556 +++ linux-2.6.32.1/grsecurity/gracl_res.c 2009-12-14 18:33:58.961941417 -0500
36558 +#include <linux/kernel.h>
36559 +#include <linux/sched.h>
36560 +#include <linux/gracl.h>
36561 +#include <linux/grinternal.h>
36563 +static const char *restab_log[] = {
36564 + [RLIMIT_CPU] = "RLIMIT_CPU",
36565 + [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
36566 + [RLIMIT_DATA] = "RLIMIT_DATA",
36567 + [RLIMIT_STACK] = "RLIMIT_STACK",
36568 + [RLIMIT_CORE] = "RLIMIT_CORE",
36569 + [RLIMIT_RSS] = "RLIMIT_RSS",
36570 + [RLIMIT_NPROC] = "RLIMIT_NPROC",
36571 + [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
36572 + [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
36573 + [RLIMIT_AS] = "RLIMIT_AS",
36574 + [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
36575 + [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
36576 + [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
36577 + [RLIMIT_NICE] = "RLIMIT_NICE",
36578 + [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
36579 + [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
36580 + [GR_CRASH_RES] = "RLIMIT_CRASH"
36584 +gr_log_resource(const struct task_struct *task,
36585 + const int res, const unsigned long wanted, const int gt)
36587 + const struct cred *cred = __task_cred(task);
36589 + if (res == RLIMIT_NPROC &&
36590 + (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
36591 + cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
36593 + else if (res == RLIMIT_MEMLOCK &&
36594 + cap_raised(cred->cap_effective, CAP_IPC_LOCK))
36596 + else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
36599 + if (!gr_acl_is_enabled() && !grsec_resource_logging)
36602 + // not yet supported resource
36603 + if (!restab_log[res])
36606 + preempt_disable();
36608 + if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) ||
36609 + (!gt && wanted >= task->signal->rlim[res].rlim_cur)) &&
36610 + task->signal->rlim[res].rlim_cur != RLIM_INFINITY))
36611 + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur);
36612 + preempt_enable_no_resched();
36616 diff -urNp linux-2.6.32.1/grsecurity/gracl_segv.c linux-2.6.32.1/grsecurity/gracl_segv.c
36617 --- linux-2.6.32.1/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
36618 +++ linux-2.6.32.1/grsecurity/gracl_segv.c 2009-12-14 18:33:58.961941417 -0500
36620 +#include <linux/kernel.h>
36621 +#include <linux/mm.h>
36622 +#include <asm/uaccess.h>
36623 +#include <asm/errno.h>
36624 +#include <asm/mman.h>
36625 +#include <net/sock.h>
36626 +#include <linux/file.h>
36627 +#include <linux/fs.h>
36628 +#include <linux/net.h>
36629 +#include <linux/in.h>
36630 +#include <linux/smp_lock.h>
36631 +#include <linux/slab.h>
36632 +#include <linux/types.h>
36633 +#include <linux/sched.h>
36634 +#include <linux/timer.h>
36635 +#include <linux/gracl.h>
36636 +#include <linux/grsecurity.h>
36637 +#include <linux/grinternal.h>
36639 +static struct crash_uid *uid_set;
36640 +static unsigned short uid_used;
36641 +static DEFINE_SPINLOCK(gr_uid_lock);
36642 +extern rwlock_t gr_inode_lock;
36643 +extern struct acl_subject_label *
36644 + lookup_acl_subj_label(const ino_t inode, const dev_t dev,
36645 + struct acl_role_label *role);
36646 +extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t);
36649 +gr_init_uidset(void)
36652 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
36655 + return uid_set ? 1 : 0;
36659 +gr_free_uidset(void)
36668 +gr_find_uid(const uid_t uid)
36670 + struct crash_uid *tmp = uid_set;
36672 + int low = 0, high = uid_used - 1, mid;
36674 + while (high >= low) {
36675 + mid = (low + high) >> 1;
36676 + buid = tmp[mid].uid;
36688 +static __inline__ void
36689 +gr_insertsort(void)
36691 + unsigned short i, j;
36692 + struct crash_uid index;
36694 + for (i = 1; i < uid_used; i++) {
36695 + index = uid_set[i];
36697 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
36698 + uid_set[j] = uid_set[j - 1];
36701 + uid_set[j] = index;
36707 +static __inline__ void
36708 +gr_insert_uid(const uid_t uid, const unsigned long expires)
36712 + if (uid_used == GR_UIDTABLE_MAX)
36715 + loc = gr_find_uid(uid);
36718 + uid_set[loc].expires = expires;
36722 + uid_set[uid_used].uid = uid;
36723 + uid_set[uid_used].expires = expires;
36732 +gr_remove_uid(const unsigned short loc)
36734 + unsigned short i;
36736 + for (i = loc + 1; i < uid_used; i++)
36737 + uid_set[i - 1] = uid_set[i];
36745 +gr_check_crash_uid(const uid_t uid)
36750 + if (unlikely(!gr_acl_is_enabled()))
36753 + spin_lock(&gr_uid_lock);
36754 + loc = gr_find_uid(uid);
36759 + if (time_before_eq(uid_set[loc].expires, get_seconds()))
36760 + gr_remove_uid(loc);
36765 + spin_unlock(&gr_uid_lock);
36769 +static __inline__ int
36770 +proc_is_setxid(const struct cred *cred)
36772 + if (cred->uid != cred->euid || cred->uid != cred->suid ||
36773 + cred->uid != cred->fsuid)
36775 + if (cred->gid != cred->egid || cred->gid != cred->sgid ||
36776 + cred->gid != cred->fsgid)
36781 +static __inline__ int
36782 +gr_fake_force_sig(int sig, struct task_struct *t)
36784 + unsigned long int flags;
36785 + int ret, blocked, ignored;
36786 + struct k_sigaction *action;
36788 + spin_lock_irqsave(&t->sighand->siglock, flags);
36789 + action = &t->sighand->action[sig-1];
36790 + ignored = action->sa.sa_handler == SIG_IGN;
36791 + blocked = sigismember(&t->blocked, sig);
36792 + if (blocked || ignored) {
36793 + action->sa.sa_handler = SIG_DFL;
36795 + sigdelset(&t->blocked, sig);
36796 + recalc_sigpending_and_wake(t);
36799 + if (action->sa.sa_handler == SIG_DFL)
36800 + t->signal->flags &= ~SIGNAL_UNKILLABLE;
36801 + ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t);
36803 + spin_unlock_irqrestore(&t->sighand->siglock, flags);
36809 +gr_handle_crash(struct task_struct *task, const int sig)
36811 + struct acl_subject_label *curr;
36812 + struct acl_subject_label *curr2;
36813 + struct task_struct *tsk, *tsk2;
36814 + const struct cred *cred = __task_cred(task);
36815 + const struct cred *cred2;
36817 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
36820 + if (unlikely(!gr_acl_is_enabled()))
36823 + curr = task->acl;
36825 + if (!(curr->resmask & (1 << GR_CRASH_RES)))
36828 + if (time_before_eq(curr->expires, get_seconds())) {
36829 + curr->expires = 0;
36830 + curr->crashes = 0;
36835 + if (!curr->expires)
36836 + curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
36838 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
36839 + time_after(curr->expires, get_seconds())) {
36840 + if (cred->uid && proc_is_setxid(cred)) {
36841 + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
36842 + spin_lock(&gr_uid_lock);
36843 + gr_insert_uid(cred->uid, curr->expires);
36844 + spin_unlock(&gr_uid_lock);
36845 + curr->expires = 0;
36846 + curr->crashes = 0;
36847 + read_lock(&tasklist_lock);
36848 + do_each_thread(tsk2, tsk) {
36849 + cred2 = __task_cred(tsk);
36850 + if (tsk != task && cred2->uid == cred->uid)
36851 + gr_fake_force_sig(SIGKILL, tsk);
36852 + } while_each_thread(tsk2, tsk);
36853 + read_unlock(&tasklist_lock);
36855 + gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
36856 + read_lock(&tasklist_lock);
36857 + do_each_thread(tsk2, tsk) {
36858 + if (likely(tsk != task)) {
36859 + curr2 = tsk->acl;
36861 + if (curr2->device == curr->device &&
36862 + curr2->inode == curr->inode)
36863 + gr_fake_force_sig(SIGKILL, tsk);
36865 + } while_each_thread(tsk2, tsk);
36866 + read_unlock(&tasklist_lock);
36874 +gr_check_crash_exec(const struct file *filp)
36876 + struct acl_subject_label *curr;
36878 + if (unlikely(!gr_acl_is_enabled()))
36881 + read_lock(&gr_inode_lock);
36882 + curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
36883 + filp->f_path.dentry->d_inode->i_sb->s_dev,
36885 + read_unlock(&gr_inode_lock);
36887 + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
36888 + (!curr->crashes && !curr->expires))
36891 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
36892 + time_after(curr->expires, get_seconds()))
36894 + else if (time_before_eq(curr->expires, get_seconds())) {
36895 + curr->crashes = 0;
36896 + curr->expires = 0;
36903 +gr_handle_alertkill(struct task_struct *task)
36905 + struct acl_subject_label *curracl;
36907 + struct task_struct *p, *p2;
36909 + if (unlikely(!gr_acl_is_enabled()))
36912 + curracl = task->acl;
36913 + curr_ip = task->signal->curr_ip;
36915 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
36916 + read_lock(&tasklist_lock);
36917 + do_each_thread(p2, p) {
36918 + if (p->signal->curr_ip == curr_ip)
36919 + gr_fake_force_sig(SIGKILL, p);
36920 + } while_each_thread(p2, p);
36921 + read_unlock(&tasklist_lock);
36922 + } else if (curracl->mode & GR_KILLPROC)
36923 + gr_fake_force_sig(SIGKILL, task);
36927 diff -urNp linux-2.6.32.1/grsecurity/gracl_shm.c linux-2.6.32.1/grsecurity/gracl_shm.c
36928 --- linux-2.6.32.1/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
36929 +++ linux-2.6.32.1/grsecurity/gracl_shm.c 2009-12-14 18:33:58.962849385 -0500
36931 +#include <linux/kernel.h>
36932 +#include <linux/mm.h>
36933 +#include <linux/sched.h>
36934 +#include <linux/file.h>
36935 +#include <linux/ipc.h>
36936 +#include <linux/gracl.h>
36937 +#include <linux/grsecurity.h>
36938 +#include <linux/grinternal.h>
36941 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
36942 + const time_t shm_createtime, const uid_t cuid, const int shmid)
36944 + struct task_struct *task;
36946 + if (!gr_acl_is_enabled())
36949 + read_lock(&tasklist_lock);
36951 + task = find_task_by_vpid(shm_cprid);
36953 + if (unlikely(!task))
36954 + task = find_task_by_vpid(shm_lapid);
36956 + if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
36957 + (task->pid == shm_lapid)) &&
36958 + (task->acl->mode & GR_PROTSHM) &&
36959 + (task->acl != current->acl))) {
36960 + read_unlock(&tasklist_lock);
36961 + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
36964 + read_unlock(&tasklist_lock);
36968 diff -urNp linux-2.6.32.1/grsecurity/grsec_chdir.c linux-2.6.32.1/grsecurity/grsec_chdir.c
36969 --- linux-2.6.32.1/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
36970 +++ linux-2.6.32.1/grsecurity/grsec_chdir.c 2009-12-14 18:33:58.962849385 -0500
36972 +#include <linux/kernel.h>
36973 +#include <linux/sched.h>
36974 +#include <linux/fs.h>
36975 +#include <linux/file.h>
36976 +#include <linux/grsecurity.h>
36977 +#include <linux/grinternal.h>
36980 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
36982 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
36983 + if ((grsec_enable_chdir && grsec_enable_group &&
36984 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
36985 + !grsec_enable_group)) {
36986 + gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
36991 diff -urNp linux-2.6.32.1/grsecurity/grsec_chroot.c linux-2.6.32.1/grsecurity/grsec_chroot.c
36992 --- linux-2.6.32.1/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
36993 +++ linux-2.6.32.1/grsecurity/grsec_chroot.c 2009-12-14 18:33:58.962849385 -0500
36995 +#include <linux/kernel.h>
36996 +#include <linux/module.h>
36997 +#include <linux/sched.h>
36998 +#include <linux/file.h>
36999 +#include <linux/fs.h>
37000 +#include <linux/mount.h>
37001 +#include <linux/types.h>
37002 +#include <linux/pid_namespace.h>
37003 +#include <linux/grsecurity.h>
37004 +#include <linux/grinternal.h>
37007 +gr_handle_chroot_unix(const pid_t pid)
37009 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
37010 + struct pid *spid = NULL;
37012 + if (unlikely(!grsec_enable_chroot_unix))
37015 + if (likely(!proc_is_chrooted(current)))
37018 + read_lock(&tasklist_lock);
37020 + spid = find_vpid(pid);
37022 + struct task_struct *p;
37023 + p = pid_task(spid, PIDTYPE_PID);
37025 + if (unlikely(!have_same_root(current, p))) {
37027 + read_unlock(&tasklist_lock);
37028 + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
37033 + read_unlock(&tasklist_lock);
37039 +gr_handle_chroot_nice(void)
37041 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
37042 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
37043 + gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
37051 +gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
37053 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
37054 + if (grsec_enable_chroot_nice && (niceval < task_nice(p))
37055 + && proc_is_chrooted(current)) {
37056 + gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
37064 +gr_handle_chroot_rawio(const struct inode *inode)
37066 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
37067 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
37068 + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
37075 +gr_pid_is_chrooted(struct task_struct *p)
37077 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
37078 + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL)
37082 + if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) ||
37083 + !have_same_root(current, p)) {
37092 +EXPORT_SYMBOL(gr_pid_is_chrooted);
37094 +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
37095 +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
37097 + struct dentry *dentry = (struct dentry *)u_dentry;
37098 + struct vfsmount *mnt = (struct vfsmount *)u_mnt;
37099 + struct dentry *realroot;
37100 + struct vfsmount *realrootmnt;
37101 + struct dentry *currentroot;
37102 + struct vfsmount *currentmnt;
37103 + struct task_struct *reaper = &init_task;
37106 + read_lock(&reaper->fs->lock);
37107 + realrootmnt = mntget(reaper->fs->root.mnt);
37108 + realroot = dget(reaper->fs->root.dentry);
37109 + read_unlock(&reaper->fs->lock);
37111 + read_lock(¤t->fs->lock);
37112 + currentmnt = mntget(current->fs->root.mnt);
37113 + currentroot = dget(current->fs->root.dentry);
37114 + read_unlock(¤t->fs->lock);
37116 + spin_lock(&dcache_lock);
37118 + if (unlikely((dentry == realroot && mnt == realrootmnt)
37119 + || (dentry == currentroot && mnt == currentmnt)))
37121 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
37122 + if (mnt->mnt_parent == mnt)
37124 + dentry = mnt->mnt_mountpoint;
37125 + mnt = mnt->mnt_parent;
37128 + dentry = dentry->d_parent;
37130 + spin_unlock(&dcache_lock);
37132 + dput(currentroot);
37133 + mntput(currentmnt);
37135 + /* access is outside of chroot */
37136 + if (dentry == realroot && mnt == realrootmnt)
37140 + mntput(realrootmnt);
37146 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
37148 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
37149 + if (!grsec_enable_chroot_fchdir)
37152 + if (!proc_is_chrooted(current))
37154 + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
37155 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
37163 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37164 + const time_t shm_createtime)
37166 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
37167 + struct pid *pid = NULL;
37168 + time_t starttime;
37170 + if (unlikely(!grsec_enable_chroot_shmat))
37173 + if (likely(!proc_is_chrooted(current)))
37176 + read_lock(&tasklist_lock);
37178 + pid = find_vpid(shm_cprid);
37180 + struct task_struct *p;
37181 + p = pid_task(pid, PIDTYPE_PID);
37183 + starttime = p->start_time.tv_sec;
37184 + if (unlikely(!have_same_root(current, p) &&
37185 + time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
37187 + read_unlock(&tasklist_lock);
37188 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
37193 + pid = find_vpid(shm_lapid);
37195 + struct task_struct *p;
37196 + p = pid_task(pid, PIDTYPE_PID);
37198 + if (unlikely(!have_same_root(current, p))) {
37200 + read_unlock(&tasklist_lock);
37201 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
37208 + read_unlock(&tasklist_lock);
37214 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
37216 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
37217 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
37218 + gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
37224 +gr_handle_chroot_mknod(const struct dentry *dentry,
37225 + const struct vfsmount *mnt, const int mode)
37227 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
37228 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) &&
37229 + proc_is_chrooted(current)) {
37230 + gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
37238 +gr_handle_chroot_mount(const struct dentry *dentry,
37239 + const struct vfsmount *mnt, const char *dev_name)
37241 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
37242 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
37243 + gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
37251 +gr_handle_chroot_pivot(void)
37253 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
37254 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
37255 + gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
37263 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
37265 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
37266 + if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
37267 + !gr_is_outside_chroot(dentry, mnt)) {
37268 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
37276 +gr_handle_chroot_caps(struct path *path)
37278 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
37279 + if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
37280 + (init_task.fs->root.dentry != path->dentry) &&
37281 + (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
37283 + kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
37284 + const struct cred *old = current_cred();
37285 + struct cred *new = prepare_creds();
37289 + new->cap_permitted = cap_drop(old->cap_permitted,
37291 + new->cap_inheritable = cap_drop(old->cap_inheritable,
37293 + new->cap_effective = cap_drop(old->cap_effective,
37296 + commit_creds(new);
37305 +gr_handle_chroot_sysctl(const int op)
37307 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
37308 + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
37309 + && (op & MAY_WRITE))
37316 +gr_handle_chroot_chdir(struct path *path)
37318 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
37319 + if (grsec_enable_chroot_chdir)
37320 + set_fs_pwd(current->fs, path);
37326 +gr_handle_chroot_chmod(const struct dentry *dentry,
37327 + const struct vfsmount *mnt, const int mode)
37329 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
37330 + if (grsec_enable_chroot_chmod &&
37331 + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
37332 + proc_is_chrooted(current)) {
37333 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
37340 +#ifdef CONFIG_SECURITY
37341 +EXPORT_SYMBOL(gr_handle_chroot_caps);
37343 diff -urNp linux-2.6.32.1/grsecurity/grsec_disabled.c linux-2.6.32.1/grsecurity/grsec_disabled.c
37344 --- linux-2.6.32.1/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
37345 +++ linux-2.6.32.1/grsecurity/grsec_disabled.c 2009-12-14 18:33:58.962849385 -0500
37347 +#include <linux/kernel.h>
37348 +#include <linux/module.h>
37349 +#include <linux/sched.h>
37350 +#include <linux/file.h>
37351 +#include <linux/fs.h>
37352 +#include <linux/kdev_t.h>
37353 +#include <linux/net.h>
37354 +#include <linux/in.h>
37355 +#include <linux/ip.h>
37356 +#include <linux/skbuff.h>
37357 +#include <linux/sysctl.h>
37359 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
37361 +pax_set_initial_flags(struct linux_binprm *bprm)
37367 +#ifdef CONFIG_SYSCTL
37369 +gr_handle_sysctl(const struct ctl_table * table, const int op)
37375 +#ifdef CONFIG_TASKSTATS
37376 +int gr_is_taskstats_denied(int pid)
37383 +gr_acl_is_enabled(void)
37389 +gr_handle_rawio(const struct inode *inode)
37395 +gr_acl_handle_psacct(struct task_struct *task, const long code)
37401 +gr_handle_ptrace(struct task_struct *task, const long request)
37407 +gr_handle_proc_ptrace(struct task_struct *task)
37413 +gr_learn_resource(const struct task_struct *task,
37414 + const int res, const unsigned long wanted, const int gt)
37420 +gr_set_acls(const int type)
37426 +gr_check_hidden_task(const struct task_struct *tsk)
37432 +gr_check_protected_task(const struct task_struct *task)
37438 +gr_copy_label(struct task_struct *tsk)
37444 +gr_set_pax_flags(struct task_struct *task)
37450 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
37451 + const int unsafe_share)
37457 +gr_handle_delete(const ino_t ino, const dev_t dev)
37463 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
37469 +gr_handle_crash(struct task_struct *task, const int sig)
37475 +gr_check_crash_exec(const struct file *filp)
37481 +gr_check_crash_uid(const uid_t uid)
37487 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
37488 + struct dentry *old_dentry,
37489 + struct dentry *new_dentry,
37490 + struct vfsmount *mnt, const __u8 replace)
37496 +gr_search_socket(const int family, const int type, const int protocol)
37502 +gr_search_connectbind(const int mode, const struct socket *sock,
37503 + const struct sockaddr_in *addr)
37509 +gr_is_capable(const int cap)
37515 +gr_is_capable_nolog(const int cap)
37521 +gr_handle_alertkill(struct task_struct *task)
37527 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
37533 +gr_acl_handle_hidden_file(const struct dentry * dentry,
37534 + const struct vfsmount * mnt)
37540 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
37547 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
37553 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
37559 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
37560 + unsigned int *vm_flags)
37566 +gr_acl_handle_truncate(const struct dentry * dentry,
37567 + const struct vfsmount * mnt)
37573 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
37579 +gr_acl_handle_access(const struct dentry * dentry,
37580 + const struct vfsmount * mnt, const int fmode)
37586 +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
37593 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
37600 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
37606 +grsecurity_init(void)
37612 +gr_acl_handle_mknod(const struct dentry * new_dentry,
37613 + const struct dentry * parent_dentry,
37614 + const struct vfsmount * parent_mnt,
37621 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
37622 + const struct dentry * parent_dentry,
37623 + const struct vfsmount * parent_mnt)
37629 +gr_acl_handle_symlink(const struct dentry * new_dentry,
37630 + const struct dentry * parent_dentry,
37631 + const struct vfsmount * parent_mnt, const char *from)
37637 +gr_acl_handle_link(const struct dentry * new_dentry,
37638 + const struct dentry * parent_dentry,
37639 + const struct vfsmount * parent_mnt,
37640 + const struct dentry * old_dentry,
37641 + const struct vfsmount * old_mnt, const char *to)
37647 +gr_acl_handle_rename(const struct dentry *new_dentry,
37648 + const struct dentry *parent_dentry,
37649 + const struct vfsmount *parent_mnt,
37650 + const struct dentry *old_dentry,
37651 + const struct inode *old_parent_inode,
37652 + const struct vfsmount *old_mnt, const char *newname)
37658 +gr_acl_handle_filldir(const struct file *file, const char *name,
37659 + const int namelen, const ino_t ino)
37665 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37666 + const time_t shm_createtime, const uid_t cuid, const int shmid)
37672 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
37678 +gr_search_accept(const struct socket *sock)
37684 +gr_search_listen(const struct socket *sock)
37690 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
37696 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
37702 +gr_acl_handle_creat(const struct dentry * dentry,
37703 + const struct dentry * p_dentry,
37704 + const struct vfsmount * p_mnt, const int fmode,
37711 +gr_acl_handle_exit(void)
37717 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
37723 +gr_set_role_label(const uid_t uid, const gid_t gid)
37729 +gr_acl_handle_procpidmem(const struct task_struct *task)
37735 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
37741 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
37747 +gr_set_kernel_label(struct task_struct *task)
37753 +gr_check_user_change(int real, int effective, int fs)
37759 +gr_check_group_change(int real, int effective, int fs)
37765 +EXPORT_SYMBOL(gr_is_capable);
37766 +EXPORT_SYMBOL(gr_is_capable_nolog);
37767 +EXPORT_SYMBOL(gr_learn_resource);
37768 +EXPORT_SYMBOL(gr_set_kernel_label);
37769 +#ifdef CONFIG_SECURITY
37770 +EXPORT_SYMBOL(gr_check_user_change);
37771 +EXPORT_SYMBOL(gr_check_group_change);
37773 diff -urNp linux-2.6.32.1/grsecurity/grsec_exec.c linux-2.6.32.1/grsecurity/grsec_exec.c
37774 --- linux-2.6.32.1/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
37775 +++ linux-2.6.32.1/grsecurity/grsec_exec.c 2009-12-14 18:33:58.962849385 -0500
37777 +#include <linux/kernel.h>
37778 +#include <linux/sched.h>
37779 +#include <linux/file.h>
37780 +#include <linux/binfmts.h>
37781 +#include <linux/smp_lock.h>
37782 +#include <linux/fs.h>
37783 +#include <linux/types.h>
37784 +#include <linux/grdefs.h>
37785 +#include <linux/grinternal.h>
37786 +#include <linux/capability.h>
37788 +#include <asm/uaccess.h>
37790 +#ifdef CONFIG_GRKERNSEC_EXECLOG
37791 +static char gr_exec_arg_buf[132];
37792 +static DECLARE_MUTEX(gr_exec_arg_sem);
37796 +gr_handle_nproc(void)
37798 +#ifdef CONFIG_GRKERNSEC_EXECVE
37799 + const struct cred *cred = current_cred();
37800 + if (grsec_enable_execve && cred->user &&
37801 + (atomic_read(&cred->user->processes) >
37802 + current->signal->rlim[RLIMIT_NPROC].rlim_cur) &&
37803 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
37804 + gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
37812 +gr_handle_exec_args(struct linux_binprm *bprm, const char __user *__user *argv)
37814 +#ifdef CONFIG_GRKERNSEC_EXECLOG
37815 + char *grarg = gr_exec_arg_buf;
37816 + unsigned int i, x, execlen = 0;
37819 + if (!((grsec_enable_execlog && grsec_enable_group &&
37820 + in_group_p(grsec_audit_gid))
37821 + || (grsec_enable_execlog && !grsec_enable_group)))
37824 + down(&gr_exec_arg_sem);
37825 + memset(grarg, 0, sizeof(gr_exec_arg_buf));
37827 + if (unlikely(argv == NULL))
37830 + for (i = 0; i < bprm->argc && execlen < 128; i++) {
37831 + const char __user *p;
37832 + unsigned int len;
37834 + if (copy_from_user(&p, argv + i, sizeof(p)))
37838 + len = strnlen_user(p, 128 - execlen);
37839 + if (len > 128 - execlen)
37840 + len = 128 - execlen;
37841 + else if (len > 0)
37843 + if (copy_from_user(grarg + execlen, p, len))
37846 + /* rewrite unprintable characters */
37847 + for (x = 0; x < len; x++) {
37848 + c = *(grarg + execlen + x);
37849 + if (c < 32 || c > 126)
37850 + *(grarg + execlen + x) = ' ';
37854 + *(grarg + execlen) = ' ';
37855 + *(grarg + execlen + 1) = '\0';
37860 + gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
37861 + bprm->file->f_path.mnt, grarg);
37862 + up(&gr_exec_arg_sem);
37866 diff -urNp linux-2.6.32.1/grsecurity/grsec_fifo.c linux-2.6.32.1/grsecurity/grsec_fifo.c
37867 --- linux-2.6.32.1/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
37868 +++ linux-2.6.32.1/grsecurity/grsec_fifo.c 2009-12-14 18:33:58.962849385 -0500
37870 +#include <linux/kernel.h>
37871 +#include <linux/sched.h>
37872 +#include <linux/fs.h>
37873 +#include <linux/file.h>
37874 +#include <linux/grinternal.h>
37877 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
37878 + const struct dentry *dir, const int flag, const int acc_mode)
37880 +#ifdef CONFIG_GRKERNSEC_FIFO
37881 + const struct cred *cred = current_cred();
37883 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
37884 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
37885 + (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
37886 + (cred->fsuid != dentry->d_inode->i_uid)) {
37887 + if (!generic_permission(dentry->d_inode, acc_mode, NULL))
37888 + gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
37894 diff -urNp linux-2.6.32.1/grsecurity/grsec_fork.c linux-2.6.32.1/grsecurity/grsec_fork.c
37895 --- linux-2.6.32.1/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
37896 +++ linux-2.6.32.1/grsecurity/grsec_fork.c 2009-12-14 18:33:58.962849385 -0500
37898 +#include <linux/kernel.h>
37899 +#include <linux/sched.h>
37900 +#include <linux/grsecurity.h>
37901 +#include <linux/grinternal.h>
37902 +#include <linux/errno.h>
37905 +gr_log_forkfail(const int retval)
37907 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
37908 + if (grsec_enable_forkfail && retval != -ERESTARTNOINTR)
37909 + gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval);
37913 diff -urNp linux-2.6.32.1/grsecurity/grsec_init.c linux-2.6.32.1/grsecurity/grsec_init.c
37914 --- linux-2.6.32.1/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
37915 +++ linux-2.6.32.1/grsecurity/grsec_init.c 2009-12-14 18:33:58.963935544 -0500
37917 +#include <linux/kernel.h>
37918 +#include <linux/sched.h>
37919 +#include <linux/mm.h>
37920 +#include <linux/smp_lock.h>
37921 +#include <linux/gracl.h>
37922 +#include <linux/slab.h>
37923 +#include <linux/vmalloc.h>
37924 +#include <linux/percpu.h>
37926 +int grsec_enable_link;
37927 +int grsec_enable_dmesg;
37928 +int grsec_enable_harden_ptrace;
37929 +int grsec_enable_fifo;
37930 +int grsec_enable_execve;
37931 +int grsec_enable_execlog;
37932 +int grsec_enable_signal;
37933 +int grsec_enable_forkfail;
37934 +int grsec_enable_time;
37935 +int grsec_enable_audit_textrel;
37936 +int grsec_enable_group;
37937 +int grsec_audit_gid;
37938 +int grsec_enable_chdir;
37939 +int grsec_enable_mount;
37940 +int grsec_enable_rofs;
37941 +int grsec_enable_chroot_findtask;
37942 +int grsec_enable_chroot_mount;
37943 +int grsec_enable_chroot_shmat;
37944 +int grsec_enable_chroot_fchdir;
37945 +int grsec_enable_chroot_double;
37946 +int grsec_enable_chroot_pivot;
37947 +int grsec_enable_chroot_chdir;
37948 +int grsec_enable_chroot_chmod;
37949 +int grsec_enable_chroot_mknod;
37950 +int grsec_enable_chroot_nice;
37951 +int grsec_enable_chroot_execlog;
37952 +int grsec_enable_chroot_caps;
37953 +int grsec_enable_chroot_sysctl;
37954 +int grsec_enable_chroot_unix;
37955 +int grsec_enable_tpe;
37956 +int grsec_tpe_gid;
37957 +int grsec_enable_tpe_all;
37958 +int grsec_enable_socket_all;
37959 +int grsec_socket_all_gid;
37960 +int grsec_enable_socket_client;
37961 +int grsec_socket_client_gid;
37962 +int grsec_enable_socket_server;
37963 +int grsec_socket_server_gid;
37964 +int grsec_resource_logging;
37967 +DEFINE_SPINLOCK(grsec_alert_lock);
37968 +unsigned long grsec_alert_wtime = 0;
37969 +unsigned long grsec_alert_fyet = 0;
37971 +DEFINE_SPINLOCK(grsec_audit_lock);
37973 +DEFINE_RWLOCK(grsec_exec_file_lock);
37975 +char *gr_shared_page[4];
37977 +char *gr_alert_log_fmt;
37978 +char *gr_audit_log_fmt;
37979 +char *gr_alert_log_buf;
37980 +char *gr_audit_log_buf;
37982 +extern struct gr_arg *gr_usermode;
37983 +extern unsigned char *gr_system_salt;
37984 +extern unsigned char *gr_system_sum;
37987 +grsecurity_init(void)
37990 + /* create the per-cpu shared pages */
37993 + memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
37996 + for (j = 0; j < 4; j++) {
37997 + gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(unsigned long long));
37998 + if (gr_shared_page[j] == NULL) {
37999 + panic("Unable to allocate grsecurity shared page");
38004 + /* allocate log buffers */
38005 + gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
38006 + if (!gr_alert_log_fmt) {
38007 + panic("Unable to allocate grsecurity alert log format buffer");
38010 + gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
38011 + if (!gr_audit_log_fmt) {
38012 + panic("Unable to allocate grsecurity audit log format buffer");
38015 + gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
38016 + if (!gr_alert_log_buf) {
38017 + panic("Unable to allocate grsecurity alert log buffer");
38020 + gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
38021 + if (!gr_audit_log_buf) {
38022 + panic("Unable to allocate grsecurity audit log buffer");
38026 + /* allocate memory for authentication structure */
38027 + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
38028 + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
38029 + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
38031 + if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
38032 + panic("Unable to allocate grsecurity authentication structure");
38036 +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
38037 +#ifndef CONFIG_GRKERNSEC_SYSCTL
38040 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
38041 + grsec_enable_audit_textrel = 1;
38043 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
38044 + grsec_enable_group = 1;
38045 + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
38047 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
38048 + grsec_enable_chdir = 1;
38050 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
38051 + grsec_enable_harden_ptrace = 1;
38053 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38054 + grsec_enable_mount = 1;
38056 +#ifdef CONFIG_GRKERNSEC_LINK
38057 + grsec_enable_link = 1;
38059 +#ifdef CONFIG_GRKERNSEC_DMESG
38060 + grsec_enable_dmesg = 1;
38062 +#ifdef CONFIG_GRKERNSEC_FIFO
38063 + grsec_enable_fifo = 1;
38065 +#ifdef CONFIG_GRKERNSEC_EXECVE
38066 + grsec_enable_execve = 1;
38068 +#ifdef CONFIG_GRKERNSEC_EXECLOG
38069 + grsec_enable_execlog = 1;
38071 +#ifdef CONFIG_GRKERNSEC_SIGNAL
38072 + grsec_enable_signal = 1;
38074 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
38075 + grsec_enable_forkfail = 1;
38077 +#ifdef CONFIG_GRKERNSEC_TIME
38078 + grsec_enable_time = 1;
38080 +#ifdef CONFIG_GRKERNSEC_RESLOG
38081 + grsec_resource_logging = 1;
38083 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
38084 + grsec_enable_chroot_findtask = 1;
38086 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
38087 + grsec_enable_chroot_unix = 1;
38089 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
38090 + grsec_enable_chroot_mount = 1;
38092 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
38093 + grsec_enable_chroot_fchdir = 1;
38095 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
38096 + grsec_enable_chroot_shmat = 1;
38098 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
38099 + grsec_enable_chroot_double = 1;
38101 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
38102 + grsec_enable_chroot_pivot = 1;
38104 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
38105 + grsec_enable_chroot_chdir = 1;
38107 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
38108 + grsec_enable_chroot_chmod = 1;
38110 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
38111 + grsec_enable_chroot_mknod = 1;
38113 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
38114 + grsec_enable_chroot_nice = 1;
38116 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
38117 + grsec_enable_chroot_execlog = 1;
38119 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
38120 + grsec_enable_chroot_caps = 1;
38122 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
38123 + grsec_enable_chroot_sysctl = 1;
38125 +#ifdef CONFIG_GRKERNSEC_TPE
38126 + grsec_enable_tpe = 1;
38127 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
38128 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
38129 + grsec_enable_tpe_all = 1;
38132 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
38133 + grsec_enable_socket_all = 1;
38134 + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
38136 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
38137 + grsec_enable_socket_client = 1;
38138 + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
38140 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
38141 + grsec_enable_socket_server = 1;
38142 + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
38148 diff -urNp linux-2.6.32.1/grsecurity/grsec_link.c linux-2.6.32.1/grsecurity/grsec_link.c
38149 --- linux-2.6.32.1/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
38150 +++ linux-2.6.32.1/grsecurity/grsec_link.c 2009-12-14 18:33:58.963935544 -0500
38152 +#include <linux/kernel.h>
38153 +#include <linux/sched.h>
38154 +#include <linux/fs.h>
38155 +#include <linux/file.h>
38156 +#include <linux/grinternal.h>
38159 +gr_handle_follow_link(const struct inode *parent,
38160 + const struct inode *inode,
38161 + const struct dentry *dentry, const struct vfsmount *mnt)
38163 +#ifdef CONFIG_GRKERNSEC_LINK
38164 + const struct cred *cred = current_cred();
38166 + if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
38167 + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
38168 + (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) {
38169 + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid);
38177 +gr_handle_hardlink(const struct dentry *dentry,
38178 + const struct vfsmount *mnt,
38179 + struct inode *inode, const int mode, const char *to)
38181 +#ifdef CONFIG_GRKERNSEC_LINK
38182 + const struct cred *cred = current_cred();
38184 + if (grsec_enable_link && cred->fsuid != inode->i_uid &&
38185 + (!S_ISREG(mode) || (mode & S_ISUID) ||
38186 + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
38187 + (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) &&
38188 + !capable(CAP_FOWNER) && cred->uid) {
38189 + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
38195 diff -urNp linux-2.6.32.1/grsecurity/grsec_log.c linux-2.6.32.1/grsecurity/grsec_log.c
38196 --- linux-2.6.32.1/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
38197 +++ linux-2.6.32.1/grsecurity/grsec_log.c 2009-12-14 18:33:58.963935544 -0500
38199 +#include <linux/kernel.h>
38200 +#include <linux/sched.h>
38201 +#include <linux/file.h>
38202 +#include <linux/tty.h>
38203 +#include <linux/fs.h>
38204 +#include <linux/grinternal.h>
38206 +#define BEGIN_LOCKS(x) \
38207 + read_lock(&tasklist_lock); \
38208 + read_lock(&grsec_exec_file_lock); \
38209 + if (x != GR_DO_AUDIT) \
38210 + spin_lock(&grsec_alert_lock); \
38212 + spin_lock(&grsec_audit_lock)
38214 +#define END_LOCKS(x) \
38215 + if (x != GR_DO_AUDIT) \
38216 + spin_unlock(&grsec_alert_lock); \
38218 + spin_unlock(&grsec_audit_lock); \
38219 + read_unlock(&grsec_exec_file_lock); \
38220 + read_unlock(&tasklist_lock); \
38221 + if (x == GR_DONT_AUDIT) \
38222 + gr_handle_alertkill(current)
38229 +extern char *gr_alert_log_fmt;
38230 +extern char *gr_audit_log_fmt;
38231 +extern char *gr_alert_log_buf;
38232 +extern char *gr_audit_log_buf;
38234 +static int gr_log_start(int audit)
38236 + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
38237 + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
38238 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38240 + if (audit == GR_DO_AUDIT)
38243 + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
38244 + grsec_alert_wtime = jiffies;
38245 + grsec_alert_fyet = 0;
38246 + } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
38247 + grsec_alert_fyet++;
38248 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
38249 + grsec_alert_wtime = jiffies;
38250 + grsec_alert_fyet++;
38251 + printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
38253 + } else return FLOODING;
38256 + memset(buf, 0, PAGE_SIZE);
38257 + if (current->signal->curr_ip && gr_acl_is_enabled()) {
38258 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
38259 + snprintf(buf, PAGE_SIZE - 1, fmt, ¤t->signal->curr_ip, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
38260 + } else if (current->signal->curr_ip) {
38261 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: ");
38262 + snprintf(buf, PAGE_SIZE - 1, fmt, ¤t->signal->curr_ip);
38263 + } else if (gr_acl_is_enabled()) {
38264 + sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
38265 + snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
38267 + sprintf(fmt, "%s%s", loglevel, "grsec: ");
38268 + strcpy(buf, fmt);
38271 + return NO_FLOODING;
38274 +static void gr_log_middle(int audit, const char *msg, va_list ap)
38275 + __attribute__ ((format (printf, 2, 0)));
38277 +static void gr_log_middle(int audit, const char *msg, va_list ap)
38279 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38280 + unsigned int len = strlen(buf);
38282 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
38287 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
38288 + __attribute__ ((format (printf, 2, 3)));
38290 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
38292 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38293 + unsigned int len = strlen(buf);
38296 + va_start(ap, msg);
38297 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
38303 +static void gr_log_end(int audit)
38305 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38306 + unsigned int len = strlen(buf);
38308 + snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->parent)));
38309 + printk("%s\n", buf);
38314 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
38317 + char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
38318 + char *str1, *str2, *str3;
38321 + unsigned long ulong1, ulong2;
38322 + struct dentry *dentry;
38323 + struct vfsmount *mnt;
38324 + struct file *file;
38325 + struct task_struct *task;
38326 + const struct cred *cred, *pcred;
38329 + BEGIN_LOCKS(audit);
38330 + logtype = gr_log_start(audit);
38331 + if (logtype == FLOODING) {
38332 + END_LOCKS(audit);
38335 + va_start(ap, argtypes);
38336 + switch (argtypes) {
38337 + case GR_TTYSNIFF:
38338 + task = va_arg(ap, struct task_struct *);
38339 + gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid);
38341 + case GR_SYSCTL_HIDDEN:
38342 + str1 = va_arg(ap, char *);
38343 + gr_log_middle_varargs(audit, msg, result, str1);
38346 + dentry = va_arg(ap, struct dentry *);
38347 + mnt = va_arg(ap, struct vfsmount *);
38348 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
38350 + case GR_RBAC_STR:
38351 + dentry = va_arg(ap, struct dentry *);
38352 + mnt = va_arg(ap, struct vfsmount *);
38353 + str1 = va_arg(ap, char *);
38354 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
38356 + case GR_STR_RBAC:
38357 + str1 = va_arg(ap, char *);
38358 + dentry = va_arg(ap, struct dentry *);
38359 + mnt = va_arg(ap, struct vfsmount *);
38360 + gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
38362 + case GR_RBAC_MODE2:
38363 + dentry = va_arg(ap, struct dentry *);
38364 + mnt = va_arg(ap, struct vfsmount *);
38365 + str1 = va_arg(ap, char *);
38366 + str2 = va_arg(ap, char *);
38367 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
38369 + case GR_RBAC_MODE3:
38370 + dentry = va_arg(ap, struct dentry *);
38371 + mnt = va_arg(ap, struct vfsmount *);
38372 + str1 = va_arg(ap, char *);
38373 + str2 = va_arg(ap, char *);
38374 + str3 = va_arg(ap, char *);
38375 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
38377 + case GR_FILENAME:
38378 + dentry = va_arg(ap, struct dentry *);
38379 + mnt = va_arg(ap, struct vfsmount *);
38380 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
38382 + case GR_STR_FILENAME:
38383 + str1 = va_arg(ap, char *);
38384 + dentry = va_arg(ap, struct dentry *);
38385 + mnt = va_arg(ap, struct vfsmount *);
38386 + gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
38388 + case GR_FILENAME_STR:
38389 + dentry = va_arg(ap, struct dentry *);
38390 + mnt = va_arg(ap, struct vfsmount *);
38391 + str1 = va_arg(ap, char *);
38392 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
38394 + case GR_FILENAME_TWO_INT:
38395 + dentry = va_arg(ap, struct dentry *);
38396 + mnt = va_arg(ap, struct vfsmount *);
38397 + num1 = va_arg(ap, int);
38398 + num2 = va_arg(ap, int);
38399 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
38401 + case GR_FILENAME_TWO_INT_STR:
38402 + dentry = va_arg(ap, struct dentry *);
38403 + mnt = va_arg(ap, struct vfsmount *);
38404 + num1 = va_arg(ap, int);
38405 + num2 = va_arg(ap, int);
38406 + str1 = va_arg(ap, char *);
38407 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
38410 + file = va_arg(ap, struct file *);
38411 + ulong1 = va_arg(ap, unsigned long);
38412 + ulong2 = va_arg(ap, unsigned long);
38413 + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
38416 + task = va_arg(ap, struct task_struct *);
38417 + gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid);
38419 + case GR_RESOURCE:
38420 + task = va_arg(ap, struct task_struct *);
38421 + cred = __task_cred(task);
38422 + pcred = __task_cred(task->parent);
38423 + ulong1 = va_arg(ap, unsigned long);
38424 + str1 = va_arg(ap, char *);
38425 + ulong2 = va_arg(ap, unsigned long);
38426 + gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38429 + task = va_arg(ap, struct task_struct *);
38430 + cred = __task_cred(task);
38431 + pcred = __task_cred(task->parent);
38432 + str1 = va_arg(ap, char *);
38433 + gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38436 + str1 = va_arg(ap, char *);
38437 + voidptr = va_arg(ap, void *);
38438 + gr_log_middle_varargs(audit, msg, str1, voidptr);
38441 + task = va_arg(ap, struct task_struct *);
38442 + cred = __task_cred(task);
38443 + pcred = __task_cred(task->parent);
38444 + num1 = va_arg(ap, int);
38445 + gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38448 + task = va_arg(ap, struct task_struct *);
38449 + cred = __task_cred(task);
38450 + pcred = __task_cred(task->parent);
38451 + ulong1 = va_arg(ap, unsigned long);
38452 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1);
38455 + task = va_arg(ap, struct task_struct *);
38456 + cred = __task_cred(task);
38457 + pcred = __task_cred(task->parent);
38458 + ulong1 = va_arg(ap, unsigned long);
38459 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1);
38463 + unsigned int wday, cday;
38467 + char cur_tty[64] = { 0 };
38468 + char parent_tty[64] = { 0 };
38470 + task = va_arg(ap, struct task_struct *);
38471 + wday = va_arg(ap, unsigned int);
38472 + cday = va_arg(ap, unsigned int);
38473 + whr = va_arg(ap, int);
38474 + chr = va_arg(ap, int);
38475 + wmin = va_arg(ap, int);
38476 + cmin = va_arg(ap, int);
38477 + wsec = va_arg(ap, int);
38478 + csec = va_arg(ap, int);
38479 + ulong1 = va_arg(ap, unsigned long);
38480 + cred = __task_cred(task);
38481 + pcred = __task_cred(task->parent);
38483 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, &task->parent->signal->curr_ip, tty_name(task->parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38487 + gr_log_middle(audit, msg, ap);
38490 + gr_log_end(audit);
38491 + END_LOCKS(audit);
38493 diff -urNp linux-2.6.32.1/grsecurity/grsec_mem.c linux-2.6.32.1/grsecurity/grsec_mem.c
38494 --- linux-2.6.32.1/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
38495 +++ linux-2.6.32.1/grsecurity/grsec_mem.c 2009-12-14 18:33:58.963935544 -0500
38497 +#include <linux/kernel.h>
38498 +#include <linux/sched.h>
38499 +#include <linux/mm.h>
38500 +#include <linux/mman.h>
38501 +#include <linux/grinternal.h>
38504 +gr_handle_ioperm(void)
38506 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
38511 +gr_handle_iopl(void)
38513 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
38518 +gr_handle_mem_write(void)
38520 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG);
38525 +gr_handle_kmem_write(void)
38527 + gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG);
38532 +gr_handle_open_port(void)
38534 + gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG);
38539 +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
38541 + unsigned long start, end;
38544 + end = start + vma->vm_end - vma->vm_start;
38546 + if (start > end) {
38547 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
38551 + /* allowed ranges : ISA I/O BIOS */
38552 + if ((start >= __pa(high_memory))
38553 +#if defined(CONFIG_X86) || defined(CONFIG_PPC)
38554 + || (start >= 0x000a0000 && end <= 0x00100000)
38555 + || (start >= 0x00000000 && end <= 0x00001000)
38560 + if (vma->vm_flags & VM_WRITE) {
38561 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
38564 + vma->vm_flags &= ~VM_MAYWRITE;
38570 +gr_log_nonroot_mod_load(const char *modname)
38572 + gr_log_str(GR_DONT_AUDIT, GR_NONROOT_MODLOAD_MSG, modname);
38577 +gr_handle_vm86(void)
38579 + gr_log_noargs(GR_DONT_AUDIT, GR_VM86_MSG);
38582 diff -urNp linux-2.6.32.1/grsecurity/grsec_mount.c linux-2.6.32.1/grsecurity/grsec_mount.c
38583 --- linux-2.6.32.1/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
38584 +++ linux-2.6.32.1/grsecurity/grsec_mount.c 2009-12-14 18:33:58.963935544 -0500
38586 +#include <linux/kernel.h>
38587 +#include <linux/sched.h>
38588 +#include <linux/mount.h>
38589 +#include <linux/grsecurity.h>
38590 +#include <linux/grinternal.h>
38593 +gr_log_remount(const char *devname, const int retval)
38595 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38596 + if (grsec_enable_mount && (retval >= 0))
38597 + gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
38603 +gr_log_unmount(const char *devname, const int retval)
38605 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38606 + if (grsec_enable_mount && (retval >= 0))
38607 + gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
38613 +gr_log_mount(const char *from, const char *to, const int retval)
38615 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38616 + if (grsec_enable_mount && (retval >= 0))
38617 + gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
38623 +gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags)
38625 +#ifdef CONFIG_GRKERNSEC_ROFS
38626 + if (grsec_enable_rofs && !(mnt_flags & MNT_READONLY)) {
38627 + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_MOUNT_MSG, dentry, mnt);
38636 +gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode)
38638 +#ifdef CONFIG_GRKERNSEC_ROFS
38639 + if (grsec_enable_rofs && (acc_mode & MAY_WRITE) &&
38640 + dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) {
38641 + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt);
38648 diff -urNp linux-2.6.32.1/grsecurity/grsec_sig.c linux-2.6.32.1/grsecurity/grsec_sig.c
38649 --- linux-2.6.32.1/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
38650 +++ linux-2.6.32.1/grsecurity/grsec_sig.c 2009-12-14 18:33:58.963935544 -0500
38652 +#include <linux/kernel.h>
38653 +#include <linux/sched.h>
38654 +#include <linux/delay.h>
38655 +#include <linux/grsecurity.h>
38656 +#include <linux/grinternal.h>
38658 +char *signames[] = {
38659 + [SIGSEGV] = "Segmentation fault",
38660 + [SIGILL] = "Illegal instruction",
38661 + [SIGABRT] = "Abort",
38662 + [SIGBUS] = "Invalid alignment/Bus error"
38666 +gr_log_signal(const int sig, const void *addr, const struct task_struct *t)
38668 +#ifdef CONFIG_GRKERNSEC_SIGNAL
38669 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
38670 + (sig == SIGABRT) || (sig == SIGBUS))) {
38671 + if (t->pid == current->pid) {
38672 + gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr);
38674 + gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
38682 +gr_handle_signal(const struct task_struct *p, const int sig)
38684 +#ifdef CONFIG_GRKERNSEC
38685 + if (current->pid > 1 && gr_check_protected_task(p)) {
38686 + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
38688 + } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
38695 +void gr_handle_brute_attach(struct task_struct *p)
38697 +#ifdef CONFIG_GRKERNSEC_BRUTE
38698 + read_lock(&tasklist_lock);
38699 + read_lock(&grsec_exec_file_lock);
38700 + if (p->parent && p->parent->exec_file == p->exec_file)
38701 + p->parent->brute = 1;
38702 + read_unlock(&grsec_exec_file_lock);
38703 + read_unlock(&tasklist_lock);
38708 +void gr_handle_brute_check(void)
38710 +#ifdef CONFIG_GRKERNSEC_BRUTE
38711 + if (current->brute)
38712 + msleep(30 * 1000);
38717 diff -urNp linux-2.6.32.1/grsecurity/grsec_sock.c linux-2.6.32.1/grsecurity/grsec_sock.c
38718 --- linux-2.6.32.1/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
38719 +++ linux-2.6.32.1/grsecurity/grsec_sock.c 2009-12-14 18:33:58.964938626 -0500
38721 +#include <linux/kernel.h>
38722 +#include <linux/module.h>
38723 +#include <linux/sched.h>
38724 +#include <linux/file.h>
38725 +#include <linux/net.h>
38726 +#include <linux/in.h>
38727 +#include <linux/ip.h>
38728 +#include <net/sock.h>
38729 +#include <net/inet_sock.h>
38730 +#include <linux/grsecurity.h>
38731 +#include <linux/grinternal.h>
38732 +#include <linux/gracl.h>
38734 +kernel_cap_t gr_cap_rtnetlink(struct sock *sock);
38735 +EXPORT_SYMBOL(gr_cap_rtnetlink);
38737 +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
38738 +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
38740 +EXPORT_SYMBOL(gr_search_udp_recvmsg);
38741 +EXPORT_SYMBOL(gr_search_udp_sendmsg);
38743 +#ifdef CONFIG_UNIX_MODULE
38744 +EXPORT_SYMBOL(gr_acl_handle_unix);
38745 +EXPORT_SYMBOL(gr_acl_handle_mknod);
38746 +EXPORT_SYMBOL(gr_handle_chroot_unix);
38747 +EXPORT_SYMBOL(gr_handle_create);
38750 +#ifdef CONFIG_GRKERNSEC
38751 +#define gr_conn_table_size 32749
38752 +struct conn_table_entry {
38753 + struct conn_table_entry *next;
38754 + struct signal_struct *sig;
38757 +struct conn_table_entry *gr_conn_table[gr_conn_table_size];
38758 +DEFINE_SPINLOCK(gr_conn_table_lock);
38760 +extern const char * gr_socktype_to_name(unsigned char type);
38761 +extern const char * gr_proto_to_name(unsigned char proto);
38763 +static __inline__ int
38764 +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
38766 + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
38769 +static __inline__ int
38770 +conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr,
38771 + __u16 sport, __u16 dport)
38773 + if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr &&
38774 + sig->gr_sport == sport && sig->gr_dport == dport))
38780 +static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent)
38782 + struct conn_table_entry **match;
38783 + unsigned int index;
38785 + index = conn_hash(sig->gr_saddr, sig->gr_daddr,
38786 + sig->gr_sport, sig->gr_dport,
38787 + gr_conn_table_size);
38789 + newent->sig = sig;
38791 + match = &gr_conn_table[index];
38792 + newent->next = *match;
38798 +static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig)
38800 + struct conn_table_entry *match, *last = NULL;
38801 + unsigned int index;
38803 + index = conn_hash(sig->gr_saddr, sig->gr_daddr,
38804 + sig->gr_sport, sig->gr_dport,
38805 + gr_conn_table_size);
38807 + match = gr_conn_table[index];
38808 + while (match && !conn_match(match->sig,
38809 + sig->gr_saddr, sig->gr_daddr, sig->gr_sport,
38810 + sig->gr_dport)) {
38812 + match = match->next;
38817 + last->next = match->next;
38819 + gr_conn_table[index] = NULL;
38826 +static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
38827 + __u16 sport, __u16 dport)
38829 + struct conn_table_entry *match;
38830 + unsigned int index;
38832 + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
38834 + match = gr_conn_table[index];
38835 + while (match && !conn_match(match->sig, saddr, daddr, sport, dport))
38836 + match = match->next;
38839 + return match->sig;
38846 +void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
38848 +#ifdef CONFIG_GRKERNSEC
38849 + struct signal_struct *sig = task->signal;
38850 + struct conn_table_entry *newent;
38852 + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
38853 + if (newent == NULL)
38855 + /* no bh lock needed since we are called with bh disabled */
38856 + spin_lock(&gr_conn_table_lock);
38857 + gr_del_task_from_ip_table_nolock(sig);
38858 + sig->gr_saddr = inet->rcv_saddr;
38859 + sig->gr_daddr = inet->daddr;
38860 + sig->gr_sport = inet->sport;
38861 + sig->gr_dport = inet->dport;
38862 + gr_add_to_task_ip_table_nolock(sig, newent);
38863 + spin_unlock(&gr_conn_table_lock);
38868 +void gr_del_task_from_ip_table(struct task_struct *task)
38870 +#ifdef CONFIG_GRKERNSEC
38871 + spin_lock_bh(&gr_conn_table_lock);
38872 + gr_del_task_from_ip_table_nolock(task->signal);
38873 + spin_unlock_bh(&gr_conn_table_lock);
38879 +gr_attach_curr_ip(const struct sock *sk)
38881 +#ifdef CONFIG_GRKERNSEC
38882 + struct signal_struct *p, *set;
38883 + const struct inet_sock *inet = inet_sk(sk);
38885 + if (unlikely(sk->sk_protocol != IPPROTO_TCP))
38888 + set = current->signal;
38890 + spin_lock_bh(&gr_conn_table_lock);
38891 + p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr,
38892 + inet->dport, inet->sport);
38893 + if (unlikely(p != NULL)) {
38894 + set->curr_ip = p->curr_ip;
38895 + set->used_accept = 1;
38896 + gr_del_task_from_ip_table_nolock(p);
38897 + spin_unlock_bh(&gr_conn_table_lock);
38900 + spin_unlock_bh(&gr_conn_table_lock);
38902 + set->curr_ip = inet->daddr;
38903 + set->used_accept = 1;
38909 +gr_handle_sock_all(const int family, const int type, const int protocol)
38911 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
38912 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
38913 + (family != AF_UNIX) && (family != AF_LOCAL)) {
38914 + gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol));
38922 +gr_handle_sock_server(const struct sockaddr *sck)
38924 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
38925 + if (grsec_enable_socket_server &&
38926 + in_group_p(grsec_socket_server_gid) &&
38927 + sck && (sck->sa_family != AF_UNIX) &&
38928 + (sck->sa_family != AF_LOCAL)) {
38929 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
38937 +gr_handle_sock_server_other(const struct sock *sck)
38939 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
38940 + if (grsec_enable_socket_server &&
38941 + in_group_p(grsec_socket_server_gid) &&
38942 + sck && (sck->sk_family != AF_UNIX) &&
38943 + (sck->sk_family != AF_LOCAL)) {
38944 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
38952 +gr_handle_sock_client(const struct sockaddr *sck)
38954 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
38955 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
38956 + sck && (sck->sa_family != AF_UNIX) &&
38957 + (sck->sa_family != AF_LOCAL)) {
38958 + gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
38966 +gr_cap_rtnetlink(struct sock *sock)
38968 +#ifdef CONFIG_GRKERNSEC
38969 + if (!gr_acl_is_enabled())
38970 + return current_cap();
38971 + else if (sock->sk_protocol == NETLINK_ISCSI &&
38972 + cap_raised(current_cap(), CAP_SYS_ADMIN) &&
38973 + gr_is_capable(CAP_SYS_ADMIN))
38974 + return current_cap();
38975 + else if (sock->sk_protocol == NETLINK_AUDIT &&
38976 + cap_raised(current_cap(), CAP_AUDIT_WRITE) &&
38977 + gr_is_capable(CAP_AUDIT_WRITE) &&
38978 + cap_raised(current_cap(), CAP_AUDIT_CONTROL) &&
38979 + gr_is_capable(CAP_AUDIT_CONTROL))
38980 + return current_cap();
38981 + else if (cap_raised(current_cap(), CAP_NET_ADMIN) &&
38982 + gr_is_capable(CAP_NET_ADMIN))
38983 + return current_cap();
38985 + return __cap_empty_set;
38987 + return current_cap();
38990 diff -urNp linux-2.6.32.1/grsecurity/grsec_sysctl.c linux-2.6.32.1/grsecurity/grsec_sysctl.c
38991 --- linux-2.6.32.1/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
38992 +++ linux-2.6.32.1/grsecurity/grsec_sysctl.c 2009-12-14 18:33:58.964938626 -0500
38994 +#include <linux/kernel.h>
38995 +#include <linux/sched.h>
38996 +#include <linux/sysctl.h>
38997 +#include <linux/grsecurity.h>
38998 +#include <linux/grinternal.h>
39001 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
39003 +#ifdef CONFIG_GRKERNSEC_SYSCTL
39004 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) {
39005 + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
39012 +#ifdef CONFIG_GRKERNSEC_ROFS
39013 +static int __maybe_unused one = 1;
39016 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
39017 +ctl_table grsecurity_table[] = {
39018 +#ifdef CONFIG_GRKERNSEC_SYSCTL
39019 +#ifdef CONFIG_GRKERNSEC_LINK
39021 + .ctl_name = CTL_UNNUMBERED,
39022 + .procname = "linking_restrictions",
39023 + .data = &grsec_enable_link,
39024 + .maxlen = sizeof(int),
39026 + .proc_handler = &proc_dointvec,
39029 +#ifdef CONFIG_GRKERNSEC_FIFO
39031 + .ctl_name = CTL_UNNUMBERED,
39032 + .procname = "fifo_restrictions",
39033 + .data = &grsec_enable_fifo,
39034 + .maxlen = sizeof(int),
39036 + .proc_handler = &proc_dointvec,
39039 +#ifdef CONFIG_GRKERNSEC_EXECVE
39041 + .ctl_name = CTL_UNNUMBERED,
39042 + .procname = "execve_limiting",
39043 + .data = &grsec_enable_execve,
39044 + .maxlen = sizeof(int),
39046 + .proc_handler = &proc_dointvec,
39049 +#ifdef CONFIG_GRKERNSEC_EXECLOG
39051 + .ctl_name = CTL_UNNUMBERED,
39052 + .procname = "exec_logging",
39053 + .data = &grsec_enable_execlog,
39054 + .maxlen = sizeof(int),
39056 + .proc_handler = &proc_dointvec,
39059 +#ifdef CONFIG_GRKERNSEC_SIGNAL
39061 + .ctl_name = CTL_UNNUMBERED,
39062 + .procname = "signal_logging",
39063 + .data = &grsec_enable_signal,
39064 + .maxlen = sizeof(int),
39066 + .proc_handler = &proc_dointvec,
39069 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
39071 + .ctl_name = CTL_UNNUMBERED,
39072 + .procname = "forkfail_logging",
39073 + .data = &grsec_enable_forkfail,
39074 + .maxlen = sizeof(int),
39076 + .proc_handler = &proc_dointvec,
39079 +#ifdef CONFIG_GRKERNSEC_TIME
39081 + .ctl_name = CTL_UNNUMBERED,
39082 + .procname = "timechange_logging",
39083 + .data = &grsec_enable_time,
39084 + .maxlen = sizeof(int),
39086 + .proc_handler = &proc_dointvec,
39089 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
39091 + .ctl_name = CTL_UNNUMBERED,
39092 + .procname = "chroot_deny_shmat",
39093 + .data = &grsec_enable_chroot_shmat,
39094 + .maxlen = sizeof(int),
39096 + .proc_handler = &proc_dointvec,
39099 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
39101 + .ctl_name = CTL_UNNUMBERED,
39102 + .procname = "chroot_deny_unix",
39103 + .data = &grsec_enable_chroot_unix,
39104 + .maxlen = sizeof(int),
39106 + .proc_handler = &proc_dointvec,
39109 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
39111 + .ctl_name = CTL_UNNUMBERED,
39112 + .procname = "chroot_deny_mount",
39113 + .data = &grsec_enable_chroot_mount,
39114 + .maxlen = sizeof(int),
39116 + .proc_handler = &proc_dointvec,
39119 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
39121 + .ctl_name = CTL_UNNUMBERED,
39122 + .procname = "chroot_deny_fchdir",
39123 + .data = &grsec_enable_chroot_fchdir,
39124 + .maxlen = sizeof(int),
39126 + .proc_handler = &proc_dointvec,
39129 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
39131 + .ctl_name = CTL_UNNUMBERED,
39132 + .procname = "chroot_deny_chroot",
39133 + .data = &grsec_enable_chroot_double,
39134 + .maxlen = sizeof(int),
39136 + .proc_handler = &proc_dointvec,
39139 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
39141 + .ctl_name = CTL_UNNUMBERED,
39142 + .procname = "chroot_deny_pivot",
39143 + .data = &grsec_enable_chroot_pivot,
39144 + .maxlen = sizeof(int),
39146 + .proc_handler = &proc_dointvec,
39149 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
39151 + .ctl_name = CTL_UNNUMBERED,
39152 + .procname = "chroot_enforce_chdir",
39153 + .data = &grsec_enable_chroot_chdir,
39154 + .maxlen = sizeof(int),
39156 + .proc_handler = &proc_dointvec,
39159 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
39161 + .ctl_name = CTL_UNNUMBERED,
39162 + .procname = "chroot_deny_chmod",
39163 + .data = &grsec_enable_chroot_chmod,
39164 + .maxlen = sizeof(int),
39166 + .proc_handler = &proc_dointvec,
39169 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
39171 + .ctl_name = CTL_UNNUMBERED,
39172 + .procname = "chroot_deny_mknod",
39173 + .data = &grsec_enable_chroot_mknod,
39174 + .maxlen = sizeof(int),
39176 + .proc_handler = &proc_dointvec,
39179 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
39181 + .ctl_name = CTL_UNNUMBERED,
39182 + .procname = "chroot_restrict_nice",
39183 + .data = &grsec_enable_chroot_nice,
39184 + .maxlen = sizeof(int),
39186 + .proc_handler = &proc_dointvec,
39189 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
39191 + .ctl_name = CTL_UNNUMBERED,
39192 + .procname = "chroot_execlog",
39193 + .data = &grsec_enable_chroot_execlog,
39194 + .maxlen = sizeof(int),
39196 + .proc_handler = &proc_dointvec,
39199 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
39201 + .ctl_name = CTL_UNNUMBERED,
39202 + .procname = "chroot_caps",
39203 + .data = &grsec_enable_chroot_caps,
39204 + .maxlen = sizeof(int),
39206 + .proc_handler = &proc_dointvec,
39209 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
39211 + .ctl_name = CTL_UNNUMBERED,
39212 + .procname = "chroot_deny_sysctl",
39213 + .data = &grsec_enable_chroot_sysctl,
39214 + .maxlen = sizeof(int),
39216 + .proc_handler = &proc_dointvec,
39219 +#ifdef CONFIG_GRKERNSEC_TPE
39221 + .ctl_name = CTL_UNNUMBERED,
39222 + .procname = "tpe",
39223 + .data = &grsec_enable_tpe,
39224 + .maxlen = sizeof(int),
39226 + .proc_handler = &proc_dointvec,
39229 + .ctl_name = CTL_UNNUMBERED,
39230 + .procname = "tpe_gid",
39231 + .data = &grsec_tpe_gid,
39232 + .maxlen = sizeof(int),
39234 + .proc_handler = &proc_dointvec,
39237 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
39239 + .ctl_name = CTL_UNNUMBERED,
39240 + .procname = "tpe_restrict_all",
39241 + .data = &grsec_enable_tpe_all,
39242 + .maxlen = sizeof(int),
39244 + .proc_handler = &proc_dointvec,
39247 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
39249 + .ctl_name = CTL_UNNUMBERED,
39250 + .procname = "socket_all",
39251 + .data = &grsec_enable_socket_all,
39252 + .maxlen = sizeof(int),
39254 + .proc_handler = &proc_dointvec,
39257 + .ctl_name = CTL_UNNUMBERED,
39258 + .procname = "socket_all_gid",
39259 + .data = &grsec_socket_all_gid,
39260 + .maxlen = sizeof(int),
39262 + .proc_handler = &proc_dointvec,
39265 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
39267 + .ctl_name = CTL_UNNUMBERED,
39268 + .procname = "socket_client",
39269 + .data = &grsec_enable_socket_client,
39270 + .maxlen = sizeof(int),
39272 + .proc_handler = &proc_dointvec,
39275 + .ctl_name = CTL_UNNUMBERED,
39276 + .procname = "socket_client_gid",
39277 + .data = &grsec_socket_client_gid,
39278 + .maxlen = sizeof(int),
39280 + .proc_handler = &proc_dointvec,
39283 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39285 + .ctl_name = CTL_UNNUMBERED,
39286 + .procname = "socket_server",
39287 + .data = &grsec_enable_socket_server,
39288 + .maxlen = sizeof(int),
39290 + .proc_handler = &proc_dointvec,
39293 + .ctl_name = CTL_UNNUMBERED,
39294 + .procname = "socket_server_gid",
39295 + .data = &grsec_socket_server_gid,
39296 + .maxlen = sizeof(int),
39298 + .proc_handler = &proc_dointvec,
39301 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
39303 + .ctl_name = CTL_UNNUMBERED,
39304 + .procname = "audit_group",
39305 + .data = &grsec_enable_group,
39306 + .maxlen = sizeof(int),
39308 + .proc_handler = &proc_dointvec,
39311 + .ctl_name = CTL_UNNUMBERED,
39312 + .procname = "audit_gid",
39313 + .data = &grsec_audit_gid,
39314 + .maxlen = sizeof(int),
39316 + .proc_handler = &proc_dointvec,
39319 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
39321 + .ctl_name = CTL_UNNUMBERED,
39322 + .procname = "audit_chdir",
39323 + .data = &grsec_enable_chdir,
39324 + .maxlen = sizeof(int),
39326 + .proc_handler = &proc_dointvec,
39329 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
39331 + .ctl_name = CTL_UNNUMBERED,
39332 + .procname = "audit_mount",
39333 + .data = &grsec_enable_mount,
39334 + .maxlen = sizeof(int),
39336 + .proc_handler = &proc_dointvec,
39339 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
39341 + .ctl_name = CTL_UNNUMBERED,
39342 + .procname = "audit_textrel",
39343 + .data = &grsec_enable_audit_textrel,
39344 + .maxlen = sizeof(int),
39346 + .proc_handler = &proc_dointvec,
39349 +#ifdef CONFIG_GRKERNSEC_DMESG
39351 + .ctl_name = CTL_UNNUMBERED,
39352 + .procname = "dmesg",
39353 + .data = &grsec_enable_dmesg,
39354 + .maxlen = sizeof(int),
39356 + .proc_handler = &proc_dointvec,
39359 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
39361 + .ctl_name = CTL_UNNUMBERED,
39362 + .procname = "chroot_findtask",
39363 + .data = &grsec_enable_chroot_findtask,
39364 + .maxlen = sizeof(int),
39366 + .proc_handler = &proc_dointvec,
39369 +#ifdef CONFIG_GRKERNSEC_RESLOG
39371 + .ctl_name = CTL_UNNUMBERED,
39372 + .procname = "resource_logging",
39373 + .data = &grsec_resource_logging,
39374 + .maxlen = sizeof(int),
39376 + .proc_handler = &proc_dointvec,
39379 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
39381 + .ctl_name = CTL_UNNUMBERED,
39382 + .procname = "harden_ptrace",
39383 + .data = &grsec_enable_harden_ptrace,
39384 + .maxlen = sizeof(int),
39386 + .proc_handler = &proc_dointvec,
39390 + .ctl_name = CTL_UNNUMBERED,
39391 + .procname = "grsec_lock",
39392 + .data = &grsec_lock,
39393 + .maxlen = sizeof(int),
39395 + .proc_handler = &proc_dointvec,
39398 +#ifdef CONFIG_GRKERNSEC_ROFS
39400 + .ctl_name = CTL_UNNUMBERED,
39401 + .procname = "romount_protect",
39402 + .data = &grsec_enable_rofs,
39403 + .maxlen = sizeof(int),
39405 + .proc_handler = &proc_dointvec_minmax,
39410 + { .ctl_name = 0 }
39413 diff -urNp linux-2.6.32.1/grsecurity/grsec_textrel.c linux-2.6.32.1/grsecurity/grsec_textrel.c
39414 --- linux-2.6.32.1/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500
39415 +++ linux-2.6.32.1/grsecurity/grsec_textrel.c 2009-12-14 18:33:58.964938626 -0500
39417 +#include <linux/kernel.h>
39418 +#include <linux/sched.h>
39419 +#include <linux/mm.h>
39420 +#include <linux/file.h>
39421 +#include <linux/grinternal.h>
39422 +#include <linux/grsecurity.h>
39425 +gr_log_textrel(struct vm_area_struct * vma)
39427 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
39428 + if (grsec_enable_audit_textrel)
39429 + gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
39433 diff -urNp linux-2.6.32.1/grsecurity/grsec_time.c linux-2.6.32.1/grsecurity/grsec_time.c
39434 --- linux-2.6.32.1/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
39435 +++ linux-2.6.32.1/grsecurity/grsec_time.c 2009-12-14 18:33:58.964938626 -0500
39437 +#include <linux/kernel.h>
39438 +#include <linux/sched.h>
39439 +#include <linux/grinternal.h>
39442 +gr_log_timechange(void)
39444 +#ifdef CONFIG_GRKERNSEC_TIME
39445 + if (grsec_enable_time)
39446 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
39450 diff -urNp linux-2.6.32.1/grsecurity/grsec_tpe.c linux-2.6.32.1/grsecurity/grsec_tpe.c
39451 --- linux-2.6.32.1/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
39452 +++ linux-2.6.32.1/grsecurity/grsec_tpe.c 2009-12-14 18:33:58.964938626 -0500
39454 +#include <linux/kernel.h>
39455 +#include <linux/sched.h>
39456 +#include <linux/file.h>
39457 +#include <linux/fs.h>
39458 +#include <linux/grinternal.h>
39460 +extern int gr_acl_tpe_check(void);
39463 +gr_tpe_allow(const struct file *file)
39465 +#ifdef CONFIG_GRKERNSEC
39466 + struct inode *inode = file->f_path.dentry->d_parent->d_inode;
39467 + const struct cred *cred = current_cred();
39469 + if (cred->uid && ((grsec_enable_tpe &&
39470 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
39471 + !in_group_p(grsec_tpe_gid)
39473 + in_group_p(grsec_tpe_gid)
39475 + ) || gr_acl_tpe_check()) &&
39476 + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
39477 + (inode->i_mode & S_IWOTH))))) {
39478 + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
39481 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
39482 + if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
39483 + ((inode->i_uid && (inode->i_uid != cred->uid)) ||
39484 + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
39485 + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
39492 diff -urNp linux-2.6.32.1/grsecurity/grsum.c linux-2.6.32.1/grsecurity/grsum.c
39493 --- linux-2.6.32.1/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
39494 +++ linux-2.6.32.1/grsecurity/grsum.c 2009-12-14 18:33:58.964938626 -0500
39496 +#include <linux/err.h>
39497 +#include <linux/kernel.h>
39498 +#include <linux/sched.h>
39499 +#include <linux/mm.h>
39500 +#include <linux/scatterlist.h>
39501 +#include <linux/crypto.h>
39502 +#include <linux/gracl.h>
39505 +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
39506 +#error "crypto and sha256 must be built into the kernel"
39510 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
39513 + struct crypto_hash *tfm;
39514 + struct hash_desc desc;
39515 + struct scatterlist sg;
39516 + unsigned char temp_sum[GR_SHA_LEN];
39517 + volatile int retval = 0;
39518 + volatile int dummy = 0;
39521 + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
39522 + if (IS_ERR(tfm)) {
39523 + /* should never happen, since sha256 should be built in */
39530 + crypto_hash_init(&desc);
39533 + sg_set_buf(&sg, p, GR_SALT_LEN);
39534 + crypto_hash_update(&desc, &sg, sg.length);
39537 + sg_set_buf(&sg, p, strlen(p));
39539 + crypto_hash_update(&desc, &sg, sg.length);
39541 + crypto_hash_final(&desc, temp_sum);
39543 + memset(entry->pw, 0, GR_PW_LEN);
39545 + for (i = 0; i < GR_SHA_LEN; i++)
39546 + if (sum[i] != temp_sum[i])
39549 + dummy = 1; // waste a cycle
39551 + crypto_free_hash(tfm);
39555 diff -urNp linux-2.6.32.1/grsecurity/Kconfig linux-2.6.32.1/grsecurity/Kconfig
39556 --- linux-2.6.32.1/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
39557 +++ linux-2.6.32.1/grsecurity/Kconfig 2009-12-14 18:33:58.971930129 -0500
39560 +# grecurity configuration
39566 + bool "Grsecurity"
39568 + select CRYPTO_SHA256
39570 + If you say Y here, you will be able to configure many features
39571 + that will enhance the security of your system. It is highly
39572 + recommended that you say Y here and read through the help
39573 + for each option so that you fully understand the features and
39574 + can evaluate their usefulness for your machine.
39577 + prompt "Security Level"
39578 + depends on GRKERNSEC
39579 + default GRKERNSEC_CUSTOM
39581 +config GRKERNSEC_LOW
39583 + select GRKERNSEC_LINK
39584 + select GRKERNSEC_FIFO
39585 + select GRKERNSEC_EXECVE
39586 + select GRKERNSEC_RANDNET
39587 + select GRKERNSEC_DMESG
39588 + select GRKERNSEC_CHROOT
39589 + select GRKERNSEC_CHROOT_CHDIR
39592 + If you choose this option, several of the grsecurity options will
39593 + be enabled that will give you greater protection against a number
39594 + of attacks, while assuring that none of your software will have any
39595 + conflicts with the additional security measures. If you run a lot
39596 + of unusual software, or you are having problems with the higher
39597 + security levels, you should say Y here. With this option, the
39598 + following features are enabled:
39600 + - Linking restrictions
39601 + - FIFO restrictions
39602 + - Enforcing RLIMIT_NPROC on execve
39603 + - Restricted dmesg
39604 + - Enforced chdir("/") on chroot
39605 + - Runtime module disabling
39607 +config GRKERNSEC_MEDIUM
39610 + select PAX_EI_PAX
39611 + select PAX_PT_PAX_FLAGS
39612 + select PAX_HAVE_ACL_FLAGS
39613 + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
39614 + select GRKERNSEC_CHROOT
39615 + select GRKERNSEC_CHROOT_SYSCTL
39616 + select GRKERNSEC_LINK
39617 + select GRKERNSEC_FIFO
39618 + select GRKERNSEC_EXECVE
39619 + select GRKERNSEC_DMESG
39620 + select GRKERNSEC_RANDNET
39621 + select GRKERNSEC_FORKFAIL
39622 + select GRKERNSEC_TIME
39623 + select GRKERNSEC_SIGNAL
39624 + select GRKERNSEC_CHROOT
39625 + select GRKERNSEC_CHROOT_UNIX
39626 + select GRKERNSEC_CHROOT_MOUNT
39627 + select GRKERNSEC_CHROOT_PIVOT
39628 + select GRKERNSEC_CHROOT_DOUBLE
39629 + select GRKERNSEC_CHROOT_CHDIR
39630 + select GRKERNSEC_CHROOT_MKNOD
39631 + select GRKERNSEC_PROC
39632 + select GRKERNSEC_PROC_USERGROUP
39633 + select PAX_RANDUSTACK
39635 + select PAX_RANDMMAP
39636 + select PAX_REFCOUNT if (X86 || SPARC64)
39637 + select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC32 || PPC64) && (SLAB || SLUB || SLOB))
39640 + If you say Y here, several features in addition to those included
39641 + in the low additional security level will be enabled. These
39642 + features provide even more security to your system, though in rare
39643 + cases they may be incompatible with very old or poorly written
39644 + software. If you enable this option, make sure that your auth
39645 + service (identd) is running as gid 1001. With this option,
39646 + the following features (in addition to those provided in the
39647 + low additional security level) will be enabled:
39649 + - Failed fork logging
39650 + - Time change logging
39652 + - Deny mounts in chroot
39653 + - Deny double chrooting
39654 + - Deny sysctl writes in chroot
39655 + - Deny mknod in chroot
39656 + - Deny access to abstract AF_UNIX sockets out of chroot
39657 + - Deny pivot_root in chroot
39658 + - Denied writes of /dev/kmem, /dev/mem, and /dev/port
39659 + - /proc restrictions with special GID set to 10 (usually wheel)
39660 + - Address Space Layout Randomization (ASLR)
39661 + - Prevent exploitation of most refcount overflows
39662 + - Bounds checking of copying between the kernel and userland
39664 +config GRKERNSEC_HIGH
39666 + select GRKERNSEC_LINK
39667 + select GRKERNSEC_FIFO
39668 + select GRKERNSEC_EXECVE
39669 + select GRKERNSEC_DMESG
39670 + select GRKERNSEC_FORKFAIL
39671 + select GRKERNSEC_TIME
39672 + select GRKERNSEC_SIGNAL
39673 + select GRKERNSEC_CHROOT
39674 + select GRKERNSEC_CHROOT_SHMAT
39675 + select GRKERNSEC_CHROOT_UNIX
39676 + select GRKERNSEC_CHROOT_MOUNT
39677 + select GRKERNSEC_CHROOT_FCHDIR
39678 + select GRKERNSEC_CHROOT_PIVOT
39679 + select GRKERNSEC_CHROOT_DOUBLE
39680 + select GRKERNSEC_CHROOT_CHDIR
39681 + select GRKERNSEC_CHROOT_MKNOD
39682 + select GRKERNSEC_CHROOT_CAPS
39683 + select GRKERNSEC_CHROOT_SYSCTL
39684 + select GRKERNSEC_CHROOT_FINDTASK
39685 + select GRKERNSEC_PROC
39686 + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
39687 + select GRKERNSEC_HIDESYM
39688 + select GRKERNSEC_BRUTE
39689 + select GRKERNSEC_PROC_USERGROUP
39690 + select GRKERNSEC_KMEM
39691 + select GRKERNSEC_RESLOG
39692 + select GRKERNSEC_RANDNET
39693 + select GRKERNSEC_PROC_ADD
39694 + select GRKERNSEC_CHROOT_CHMOD
39695 + select GRKERNSEC_CHROOT_NICE
39696 + select GRKERNSEC_AUDIT_MOUNT
39697 + select GRKERNSEC_MODHARDEN if (MODULES)
39698 + select GRKERNSEC_HARDEN_PTRACE
39699 + select GRKERNSEC_VM86 if (X86_32)
39701 + select PAX_RANDUSTACK
39703 + select PAX_RANDMMAP
39704 + select PAX_NOEXEC
39705 + select PAX_MPROTECT
39706 + select PAX_EI_PAX
39707 + select PAX_PT_PAX_FLAGS
39708 + select PAX_HAVE_ACL_FLAGS
39709 + select PAX_KERNEXEC if (X86 && (!X86_32 || X86_WP_WORKS_OK))
39710 + select PAX_MEMORY_UDEREF if (X86_32)
39711 + select PAX_RANDKSTACK if (X86_TSC && !X86_64)
39712 + select PAX_SEGMEXEC if (X86_32)
39713 + select PAX_PAGEEXEC
39714 + select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
39715 + select PAX_EMUTRAMP if (PARISC)
39716 + select PAX_EMUSIGRT if (PARISC)
39717 + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
39718 + select PAX_REFCOUNT if (X86 || SPARC64)
39719 + select PAX_USERCOPY if ((X86 || PPC32 || PPC64 || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
39721 + If you say Y here, many of the features of grsecurity will be
39722 + enabled, which will protect you against many kinds of attacks
39723 + against your system. The heightened security comes at a cost
39724 + of an increased chance of incompatibilities with rare software
39725 + on your machine. Since this security level enables PaX, you should
39726 + view <http://pax.grsecurity.net> and read about the PaX
39727 + project. While you are there, download chpax and run it on
39728 + binaries that cause problems with PaX. Also remember that
39729 + since the /proc restrictions are enabled, you must run your
39730 + identd as gid 1001. This security level enables the following
39731 + features in addition to those listed in the low and medium
39734 + - Additional /proc restrictions
39735 + - Chmod restrictions in chroot
39736 + - No signals, ptrace, or viewing of processes outside of chroot
39737 + - Capability restrictions in chroot
39738 + - Deny fchdir out of chroot
39739 + - Priority restrictions in chroot
39740 + - Segmentation-based implementation of PaX
39741 + - Mprotect restrictions
39742 + - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
39743 + - Kernel stack randomization
39744 + - Mount/unmount/remount logging
39745 + - Kernel symbol hiding
39746 + - Prevention of memory exhaustion-based exploits
39747 + - Hardening of module auto-loading
39748 + - Ptrace restrictions
39749 + - Restricted vm86 mode
39751 +config GRKERNSEC_CUSTOM
39754 + If you say Y here, you will be able to configure every grsecurity
39755 + option, which allows you to enable many more features that aren't
39756 + covered in the basic security levels. These additional features
39757 + include TPE, socket restrictions, and the sysctl system for
39758 + grsecurity. It is advised that you read through the help for
39759 + each option to determine its usefulness in your situation.
39763 +menu "Address Space Protection"
39764 +depends on GRKERNSEC
39766 +config GRKERNSEC_KMEM
39767 + bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
39769 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
39770 + be written to via mmap or otherwise to modify the running kernel.
39771 + /dev/port will also not be allowed to be opened. If you have module
39772 + support disabled, enabling this will close up four ways that are
39773 + currently used to insert malicious code into the running kernel.
39774 + Even with all these features enabled, we still highly recommend that
39775 + you use the RBAC system, as it is still possible for an attacker to
39776 + modify the running kernel through privileged I/O granted by ioperm/iopl.
39777 + If you are not using XFree86, you may be able to stop this additional
39778 + case by enabling the 'Disable privileged I/O' option. Though nothing
39779 + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
39780 + but only to video memory, which is the only writing we allow in this
39781 + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
39782 + not be allowed to mprotect it with PROT_WRITE later.
39783 + It is highly recommended that you say Y here if you meet all the
39784 + conditions above.
39786 +config GRKERNSEC_VM86
39787 + bool "Restrict VM86 mode"
39788 + depends on X86_32
39791 + If you say Y here, only processes with CAP_SYS_RAWIO will be able to
39792 + make use of a special execution mode on 32bit x86 processors called
39793 + Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
39794 + video cards and will still work with this option enabled. The purpose
39795 + of the option is to prevent exploitation of emulation errors in
39796 + virtualization of vm86 mode like the one discovered in VMWare in 2009.
39797 + Nearly all users should be able to enable this option.
39799 +config GRKERNSEC_IO
39800 + bool "Disable privileged I/O"
39803 + select RTC_INTF_DEV
39804 + select RTC_DRV_CMOS
39807 + If you say Y here, all ioperm and iopl calls will return an error.
39808 + Ioperm and iopl can be used to modify the running kernel.
39809 + Unfortunately, some programs need this access to operate properly,
39810 + the most notable of which are XFree86 and hwclock. hwclock can be
39811 + remedied by having RTC support in the kernel, so real-time
39812 + clock support is enabled if this option is enabled, to ensure
39813 + that hwclock operates correctly. XFree86 still will not
39814 + operate correctly with this option enabled, so DO NOT CHOOSE Y
39815 + IF YOU USE XFree86. If you use XFree86 and you still want to
39816 + protect your kernel against modification, use the RBAC system.
39818 +config GRKERNSEC_PROC_MEMMAP
39819 + bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
39820 + default y if (PAX_NOEXEC || PAX_ASLR)
39821 + depends on PAX_NOEXEC || PAX_ASLR
39823 + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
39824 + give no information about the addresses of its mappings if
39825 + PaX features that rely on random addresses are enabled on the task.
39826 + If you use PaX it is greatly recommended that you say Y here as it
39827 + closes up a hole that makes the full ASLR useless for suid
39830 +config GRKERNSEC_BRUTE
39831 + bool "Deter exploit bruteforcing"
39833 + If you say Y here, attempts to bruteforce exploits against forking
39834 + daemons such as apache or sshd will be deterred. When a child of a
39835 + forking daemon is killed by PaX or crashes due to an illegal
39836 + instruction, the parent process will be delayed 30 seconds upon every
39837 + subsequent fork until the administrator is able to assess the
39838 + situation and restart the daemon. It is recommended that you also
39839 + enable signal logging in the auditing section so that logs are
39840 + generated when a process performs an illegal instruction.
39842 +config GRKERNSEC_MODHARDEN
39843 + bool "Harden module auto-loading"
39844 + depends on MODULES
39846 + If you say Y here, module auto-loading in response to use of some
39847 + feature implemented by an unloaded module will be restricted to
39848 + root users. Enabling this option helps defend against attacks
39849 + by unprivileged users who abuse the auto-loading behavior to
39850 + cause a vulnerable module to load that is then exploited.
39852 + If this option prevents a legitimate use of auto-loading for a
39853 + non-root user, the administrator can execute modprobe manually
39854 + with the exact name of the module mentioned in the alert log.
39855 + Alternatively, the administrator can add the module to the list
39856 + of modules loaded at boot by modifying init scripts.
39858 + Modification of init scripts will most likely be needed on
39859 + Ubuntu servers with encrypted home directory support enabled,
39860 + as the first non-root user logging in will cause the ecb(aes),
39861 + ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
39863 +config GRKERNSEC_HIDESYM
39864 + bool "Hide kernel symbols"
39866 + If you say Y here, getting information on loaded modules, and
39867 + displaying all kernel symbols through a syscall will be restricted
39868 + to users with CAP_SYS_MODULE. For software compatibility reasons,
39869 + /proc/kallsyms will be restricted to the root user. The RBAC
39870 + system can hide that entry even from root. Note that this option
39871 + is only effective provided the following conditions are met:
39872 + 1) The kernel using grsecurity is not precompiled by some distribution
39873 + 2) You are using the RBAC system and hiding other files such as your
39874 + kernel image and System.map. Alternatively, enabling this option
39875 + causes the permissions on /boot, /lib/modules, and the kernel
39876 + source directory to change at compile time to prevent
39877 + reading by non-root users.
39878 + If the above conditions are met, this option will aid in providing a
39879 + useful protection against local kernel exploitation of overflows
39880 + and arbitrary read/write vulnerabilities.
39883 +menu "Role Based Access Control Options"
39884 +depends on GRKERNSEC
39886 +config GRKERNSEC_NO_RBAC
39887 + bool "Disable RBAC system"
39889 + If you say Y here, the /dev/grsec device will be removed from the kernel,
39890 + preventing the RBAC system from being enabled. You should only say Y
39891 + here if you have no intention of using the RBAC system, so as to prevent
39892 + an attacker with root access from misusing the RBAC system to hide files
39893 + and processes when loadable module support and /dev/[k]mem have been
39896 +config GRKERNSEC_ACL_HIDEKERN
39897 + bool "Hide kernel processes"
39899 + If you say Y here, all kernel threads will be hidden to all
39900 + processes but those whose subject has the "view hidden processes"
39903 +config GRKERNSEC_ACL_MAXTRIES
39904 + int "Maximum tries before password lockout"
39907 + This option enforces the maximum number of times a user can attempt
39908 + to authorize themselves with the grsecurity RBAC system before being
39909 + denied the ability to attempt authorization again for a specified time.
39910 + The lower the number, the harder it will be to brute-force a password.
39912 +config GRKERNSEC_ACL_TIMEOUT
39913 + int "Time to wait after max password tries, in seconds"
39916 + This option specifies the time the user must wait after attempting to
39917 + authorize to the RBAC system with the maximum number of invalid
39918 + passwords. The higher the number, the harder it will be to brute-force
39922 +menu "Filesystem Protections"
39923 +depends on GRKERNSEC
39925 +config GRKERNSEC_PROC
39926 + bool "Proc restrictions"
39928 + If you say Y here, the permissions of the /proc filesystem
39929 + will be altered to enhance system security and privacy. You MUST
39930 + choose either a user only restriction or a user and group restriction.
39931 + Depending upon the option you choose, you can either restrict users to
39932 + see only the processes they themselves run, or choose a group that can
39933 + view all processes and files normally restricted to root if you choose
39934 + the "restrict to user only" option. NOTE: If you're running identd as
39935 + a non-root user, you will have to run it as the group you specify here.
39937 +config GRKERNSEC_PROC_USER
39938 + bool "Restrict /proc to user only"
39939 + depends on GRKERNSEC_PROC
39941 + If you say Y here, non-root users will only be able to view their own
39942 + processes, and restricts them from viewing network-related information,
39943 + and viewing kernel symbol and module information.
39945 +config GRKERNSEC_PROC_USERGROUP
39946 + bool "Allow special group"
39947 + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
39949 + If you say Y here, you will be able to select a group that will be
39950 + able to view all processes, network-related information, and
39951 + kernel and symbol information. This option is useful if you want
39952 + to run identd as a non-root user.
39954 +config GRKERNSEC_PROC_GID
39955 + int "GID for special group"
39956 + depends on GRKERNSEC_PROC_USERGROUP
39959 +config GRKERNSEC_PROC_ADD
39960 + bool "Additional restrictions"
39961 + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
39963 + If you say Y here, additional restrictions will be placed on
39964 + /proc that keep normal users from viewing device information and
39965 + slabinfo information that could be useful for exploits.
39967 +config GRKERNSEC_LINK
39968 + bool "Linking restrictions"
39970 + If you say Y here, /tmp race exploits will be prevented, since users
39971 + will no longer be able to follow symlinks owned by other users in
39972 + world-writable +t directories (i.e. /tmp), unless the owner of the
39973 + symlink is the owner of the directory. users will also not be
39974 + able to hardlink to files they do not own. If the sysctl option is
39975 + enabled, a sysctl option with name "linking_restrictions" is created.
39977 +config GRKERNSEC_FIFO
39978 + bool "FIFO restrictions"
39980 + If you say Y here, users will not be able to write to FIFOs they don't
39981 + own in world-writable +t directories (i.e. /tmp), unless the owner of
39982 + the FIFO is the same owner of the directory it's held in. If the sysctl
39983 + option is enabled, a sysctl option with name "fifo_restrictions" is
39986 +config GRKERNSEC_ROFS
39987 + bool "Runtime read-only mount protection"
39989 + If you say Y here, a sysctl option with name "romount_protect" will
39990 + be created. By setting this option to 1 at runtime, filesystems
39991 + will be protected in the following ways:
39992 + * No new writable mounts will be allowed
39993 + * Existing read-only mounts won't be able to be remounted read/write
39994 + * Write operations will be denied on all block devices
39995 + This option acts independently of grsec_lock: once it is set to 1,
39996 + it cannot be turned off. Therefore, please be mindful of the resulting
39997 + behavior if this option is enabled in an init script on a read-only
39998 + filesystem. This feature is mainly intended for secure embedded systems.
40000 +config GRKERNSEC_CHROOT
40001 + bool "Chroot jail restrictions"
40003 + If you say Y here, you will be able to choose several options that will
40004 + make breaking out of a chrooted jail much more difficult. If you
40005 + encounter no software incompatibilities with the following options, it
40006 + is recommended that you enable each one.
40008 +config GRKERNSEC_CHROOT_MOUNT
40009 + bool "Deny mounts"
40010 + depends on GRKERNSEC_CHROOT
40012 + If you say Y here, processes inside a chroot will not be able to
40013 + mount or remount filesystems. If the sysctl option is enabled, a
40014 + sysctl option with name "chroot_deny_mount" is created.
40016 +config GRKERNSEC_CHROOT_DOUBLE
40017 + bool "Deny double-chroots"
40018 + depends on GRKERNSEC_CHROOT
40020 + If you say Y here, processes inside a chroot will not be able to chroot
40021 + again outside the chroot. This is a widely used method of breaking
40022 + out of a chroot jail and should not be allowed. If the sysctl
40023 + option is enabled, a sysctl option with name
40024 + "chroot_deny_chroot" is created.
40026 +config GRKERNSEC_CHROOT_PIVOT
40027 + bool "Deny pivot_root in chroot"
40028 + depends on GRKERNSEC_CHROOT
40030 + If you say Y here, processes inside a chroot will not be able to use
40031 + a function called pivot_root() that was introduced in Linux 2.3.41. It
40032 + works similar to chroot in that it changes the root filesystem. This
40033 + function could be misused in a chrooted process to attempt to break out
40034 + of the chroot, and therefore should not be allowed. If the sysctl
40035 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
40038 +config GRKERNSEC_CHROOT_CHDIR
40039 + bool "Enforce chdir(\"/\") on all chroots"
40040 + depends on GRKERNSEC_CHROOT
40042 + If you say Y here, the current working directory of all newly-chrooted
40043 + applications will be set to the the root directory of the chroot.
40044 + The man page on chroot(2) states:
40045 + Note that this call does not change the current working
40046 + directory, so that `.' can be outside the tree rooted at
40047 + `/'. In particular, the super-user can escape from a
40048 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
40050 + It is recommended that you say Y here, since it's not known to break
40051 + any software. If the sysctl option is enabled, a sysctl option with
40052 + name "chroot_enforce_chdir" is created.
40054 +config GRKERNSEC_CHROOT_CHMOD
40055 + bool "Deny (f)chmod +s"
40056 + depends on GRKERNSEC_CHROOT
40058 + If you say Y here, processes inside a chroot will not be able to chmod
40059 + or fchmod files to make them have suid or sgid bits. This protects
40060 + against another published method of breaking a chroot. If the sysctl
40061 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
40064 +config GRKERNSEC_CHROOT_FCHDIR
40065 + bool "Deny fchdir out of chroot"
40066 + depends on GRKERNSEC_CHROOT
40068 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
40069 + to a file descriptor of the chrooting process that points to a directory
40070 + outside the filesystem will be stopped. If the sysctl option
40071 + is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
40073 +config GRKERNSEC_CHROOT_MKNOD
40074 + bool "Deny mknod"
40075 + depends on GRKERNSEC_CHROOT
40077 + If you say Y here, processes inside a chroot will not be allowed to
40078 + mknod. The problem with using mknod inside a chroot is that it
40079 + would allow an attacker to create a device entry that is the same
40080 + as one on the physical root of your system, which could range from
40081 + anything from the console device to a device for your harddrive (which
40082 + they could then use to wipe the drive or steal data). It is recommended
40083 + that you say Y here, unless you run into software incompatibilities.
40084 + If the sysctl option is enabled, a sysctl option with name
40085 + "chroot_deny_mknod" is created.
40087 +config GRKERNSEC_CHROOT_SHMAT
40088 + bool "Deny shmat() out of chroot"
40089 + depends on GRKERNSEC_CHROOT
40091 + If you say Y here, processes inside a chroot will not be able to attach
40092 + to shared memory segments that were created outside of the chroot jail.
40093 + It is recommended that you say Y here. If the sysctl option is enabled,
40094 + a sysctl option with name "chroot_deny_shmat" is created.
40096 +config GRKERNSEC_CHROOT_UNIX
40097 + bool "Deny access to abstract AF_UNIX sockets out of chroot"
40098 + depends on GRKERNSEC_CHROOT
40100 + If you say Y here, processes inside a chroot will not be able to
40101 + connect to abstract (meaning not belonging to a filesystem) Unix
40102 + domain sockets that were bound outside of a chroot. It is recommended
40103 + that you say Y here. If the sysctl option is enabled, a sysctl option
40104 + with name "chroot_deny_unix" is created.
40106 +config GRKERNSEC_CHROOT_FINDTASK
40107 + bool "Protect outside processes"
40108 + depends on GRKERNSEC_CHROOT
40110 + If you say Y here, processes inside a chroot will not be able to
40111 + kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
40112 + getsid, or view any process outside of the chroot. If the sysctl
40113 + option is enabled, a sysctl option with name "chroot_findtask" is
40116 +config GRKERNSEC_CHROOT_NICE
40117 + bool "Restrict priority changes"
40118 + depends on GRKERNSEC_CHROOT
40120 + If you say Y here, processes inside a chroot will not be able to raise
40121 + the priority of processes in the chroot, or alter the priority of
40122 + processes outside the chroot. This provides more security than simply
40123 + removing CAP_SYS_NICE from the process' capability set. If the
40124 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
40127 +config GRKERNSEC_CHROOT_SYSCTL
40128 + bool "Deny sysctl writes"
40129 + depends on GRKERNSEC_CHROOT
40131 + If you say Y here, an attacker in a chroot will not be able to
40132 + write to sysctl entries, either by sysctl(2) or through a /proc
40133 + interface. It is strongly recommended that you say Y here. If the
40134 + sysctl option is enabled, a sysctl option with name
40135 + "chroot_deny_sysctl" is created.
40137 +config GRKERNSEC_CHROOT_CAPS
40138 + bool "Capability restrictions"
40139 + depends on GRKERNSEC_CHROOT
40141 + If you say Y here, the capabilities on all root processes within a
40142 + chroot jail will be lowered to stop module insertion, raw i/o,
40143 + system and net admin tasks, rebooting the system, modifying immutable
40144 + files, modifying IPC owned by another, and changing the system time.
40145 + This is left an option because it can break some apps. Disable this
40146 + if your chrooted apps are having problems performing those kinds of
40147 + tasks. If the sysctl option is enabled, a sysctl option with
40148 + name "chroot_caps" is created.
40151 +menu "Kernel Auditing"
40152 +depends on GRKERNSEC
40154 +config GRKERNSEC_AUDIT_GROUP
40155 + bool "Single group for auditing"
40157 + If you say Y here, the exec, chdir, and (un)mount logging features
40158 + will only operate on a group you specify. This option is recommended
40159 + if you only want to watch certain users instead of having a large
40160 + amount of logs from the entire system. If the sysctl option is enabled,
40161 + a sysctl option with name "audit_group" is created.
40163 +config GRKERNSEC_AUDIT_GID
40164 + int "GID for auditing"
40165 + depends on GRKERNSEC_AUDIT_GROUP
40168 +config GRKERNSEC_EXECLOG
40169 + bool "Exec logging"
40171 + If you say Y here, all execve() calls will be logged (since the
40172 + other exec*() calls are frontends to execve(), all execution
40173 + will be logged). Useful for shell-servers that like to keep track
40174 + of their users. If the sysctl option is enabled, a sysctl option with
40175 + name "exec_logging" is created.
40176 + WARNING: This option when enabled will produce a LOT of logs, especially
40177 + on an active system.
40179 +config GRKERNSEC_RESLOG
40180 + bool "Resource logging"
40182 + If you say Y here, all attempts to overstep resource limits will
40183 + be logged with the resource name, the requested size, and the current
40184 + limit. It is highly recommended that you say Y here. If the sysctl
40185 + option is enabled, a sysctl option with name "resource_logging" is
40186 + created. If the RBAC system is enabled, the sysctl value is ignored.
40188 +config GRKERNSEC_CHROOT_EXECLOG
40189 + bool "Log execs within chroot"
40191 + If you say Y here, all executions inside a chroot jail will be logged
40192 + to syslog. This can cause a large amount of logs if certain
40193 + applications (eg. djb's daemontools) are installed on the system, and
40194 + is therefore left as an option. If the sysctl option is enabled, a
40195 + sysctl option with name "chroot_execlog" is created.
40197 +config GRKERNSEC_AUDIT_CHDIR
40198 + bool "Chdir logging"
40200 + If you say Y here, all chdir() calls will be logged. If the sysctl
40201 + option is enabled, a sysctl option with name "audit_chdir" is created.
40203 +config GRKERNSEC_AUDIT_MOUNT
40204 + bool "(Un)Mount logging"
40206 + If you say Y here, all mounts and unmounts will be logged. If the
40207 + sysctl option is enabled, a sysctl option with name "audit_mount" is
40210 +config GRKERNSEC_SIGNAL
40211 + bool "Signal logging"
40213 + If you say Y here, certain important signals will be logged, such as
40214 + SIGSEGV, which will as a result inform you of when a error in a program
40215 + occurred, which in some cases could mean a possible exploit attempt.
40216 + If the sysctl option is enabled, a sysctl option with name
40217 + "signal_logging" is created.
40219 +config GRKERNSEC_FORKFAIL
40220 + bool "Fork failure logging"
40222 + If you say Y here, all failed fork() attempts will be logged.
40223 + This could suggest a fork bomb, or someone attempting to overstep
40224 + their process limit. If the sysctl option is enabled, a sysctl option
40225 + with name "forkfail_logging" is created.
40227 +config GRKERNSEC_TIME
40228 + bool "Time change logging"
40230 + If you say Y here, any changes of the system clock will be logged.
40231 + If the sysctl option is enabled, a sysctl option with name
40232 + "timechange_logging" is created.
40234 +config GRKERNSEC_PROC_IPADDR
40235 + bool "/proc/<pid>/ipaddr support"
40237 + If you say Y here, a new entry will be added to each /proc/<pid>
40238 + directory that contains the IP address of the person using the task.
40239 + The IP is carried across local TCP and AF_UNIX stream sockets.
40240 + This information can be useful for IDS/IPSes to perform remote response
40241 + to a local attack. The entry is readable by only the owner of the
40242 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
40243 + the RBAC system), and thus does not create privacy concerns.
40245 +config GRKERNSEC_AUDIT_TEXTREL
40246 + bool 'ELF text relocations logging (READ HELP)'
40247 + depends on PAX_MPROTECT
40249 + If you say Y here, text relocations will be logged with the filename
40250 + of the offending library or binary. The purpose of the feature is
40251 + to help Linux distribution developers get rid of libraries and
40252 + binaries that need text relocations which hinder the future progress
40253 + of PaX. Only Linux distribution developers should say Y here, and
40254 + never on a production machine, as this option creates an information
40255 + leak that could aid an attacker in defeating the randomization of
40256 + a single memory region. If the sysctl option is enabled, a sysctl
40257 + option with name "audit_textrel" is created.
40261 +menu "Executable Protections"
40262 +depends on GRKERNSEC
40264 +config GRKERNSEC_EXECVE
40265 + bool "Enforce RLIMIT_NPROC on execs"
40267 + If you say Y here, users with a resource limit on processes will
40268 + have the value checked during execve() calls. The current system
40269 + only checks the system limit during fork() calls. If the sysctl option
40270 + is enabled, a sysctl option with name "execve_limiting" is created.
40272 +config GRKERNSEC_DMESG
40273 + bool "Dmesg(8) restriction"
40275 + If you say Y here, non-root users will not be able to use dmesg(8)
40276 + to view up to the last 4kb of messages in the kernel's log buffer.
40277 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
40280 +config GRKERNSEC_HARDEN_PTRACE
40281 + bool "Deter ptrace-based process snooping"
40283 + If you say Y here, TTY sniffers and other malicious monitoring
40284 + programs implemented through ptrace will be defeated. If you
40285 + have been using the RBAC system, this option has already been
40286 + enabled for several years for all users, with the ability to make
40287 + fine-grained exceptions.
40289 + This option only affects the ability of non-root users to ptrace
40290 + processes that are not a descendent of the ptracing process.
40291 + This means that strace ./binary and gdb ./binary will still work,
40292 + but attaching to arbitrary processes will not. If the sysctl
40293 + option is enabled, a sysctl option with name "harden_ptrace" is
40296 +config GRKERNSEC_TPE
40297 + bool "Trusted Path Execution (TPE)"
40299 + If you say Y here, you will be able to choose a gid to add to the
40300 + supplementary groups of users you want to mark as "untrusted."
40301 + These users will not be able to execute any files that are not in
40302 + root-owned directories writable only by root. If the sysctl option
40303 + is enabled, a sysctl option with name "tpe" is created.
40305 +config GRKERNSEC_TPE_ALL
40306 + bool "Partially restrict non-root users"
40307 + depends on GRKERNSEC_TPE
40309 + If you say Y here, All non-root users other than the ones in the
40310 + group specified in the main TPE option will only be allowed to
40311 + execute files in directories they own that are not group or
40312 + world-writable, or in directories owned by root and writable only by
40313 + root. If the sysctl option is enabled, a sysctl option with name
40314 + "tpe_restrict_all" is created.
40316 +config GRKERNSEC_TPE_INVERT
40317 + bool "Invert GID option"
40318 + depends on GRKERNSEC_TPE
40320 + If you say Y here, the group you specify in the TPE configuration will
40321 + decide what group TPE restrictions will be *disabled* for. This
40322 + option is useful if you want TPE restrictions to be applied to most
40323 + users on the system.
40325 +config GRKERNSEC_TPE_GID
40326 + int "GID for untrusted users"
40327 + depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
40330 + If you have selected the "Invert GID option" above, setting this
40331 + GID determines what group TPE restrictions will be *disabled* for.
40332 + If you have not selected the "Invert GID option" above, setting this
40333 + GID determines what group TPE restrictions will be *enabled* for.
40334 + If the sysctl option is enabled, a sysctl option with name "tpe_gid"
40337 +config GRKERNSEC_TPE_GID
40338 + int "GID for trusted users"
40339 + depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
40342 + If you have selected the "Invert GID option" above, setting this
40343 + GID determines what group TPE restrictions will be *disabled* for.
40344 + If you have not selected the "Invert GID option" above, setting this
40345 + GID determines what group TPE restrictions will be *enabled* for.
40346 + If the sysctl option is enabled, a sysctl option with name "tpe_gid"
40350 +menu "Network Protections"
40351 +depends on GRKERNSEC
40353 +config GRKERNSEC_RANDNET
40354 + bool "Larger entropy pools"
40356 + If you say Y here, the entropy pools used for many features of Linux
40357 + and grsecurity will be doubled in size. Since several grsecurity
40358 + features use additional randomness, it is recommended that you say Y
40359 + here. Saying Y here has a similar effect as modifying
40360 + /proc/sys/kernel/random/poolsize.
40362 +config GRKERNSEC_BLACKHOLE
40363 + bool "TCP/UDP blackhole"
40365 + If you say Y here, neither TCP resets nor ICMP
40366 + destination-unreachable packets will be sent in response to packets
40367 + send to ports for which no associated listening process exists.
40368 + This feature supports both IPV4 and IPV6 and exempts the
40369 + loopback interface from blackholing. Enabling this feature
40370 + makes a host more resilient to DoS attacks and reduces network
40371 + visibility against scanners.
40373 +config GRKERNSEC_SOCKET
40374 + bool "Socket restrictions"
40376 + If you say Y here, you will be able to choose from several options.
40377 + If you assign a GID on your system and add it to the supplementary
40378 + groups of users you want to restrict socket access to, this patch
40379 + will perform up to three things, based on the option(s) you choose.
40381 +config GRKERNSEC_SOCKET_ALL
40382 + bool "Deny any sockets to group"
40383 + depends on GRKERNSEC_SOCKET
40385 + If you say Y here, you will be able to choose a GID of whose users will
40386 + be unable to connect to other hosts from your machine or run server
40387 + applications from your machine. If the sysctl option is enabled, a
40388 + sysctl option with name "socket_all" is created.
40390 +config GRKERNSEC_SOCKET_ALL_GID
40391 + int "GID to deny all sockets for"
40392 + depends on GRKERNSEC_SOCKET_ALL
40395 + Here you can choose the GID to disable socket access for. Remember to
40396 + add the users you want socket access disabled for to the GID
40397 + specified here. If the sysctl option is enabled, a sysctl option
40398 + with name "socket_all_gid" is created.
40400 +config GRKERNSEC_SOCKET_CLIENT
40401 + bool "Deny client sockets to group"
40402 + depends on GRKERNSEC_SOCKET
40404 + If you say Y here, you will be able to choose a GID of whose users will
40405 + be unable to connect to other hosts from your machine, but will be
40406 + able to run servers. If this option is enabled, all users in the group
40407 + you specify will have to use passive mode when initiating ftp transfers
40408 + from the shell on your machine. If the sysctl option is enabled, a
40409 + sysctl option with name "socket_client" is created.
40411 +config GRKERNSEC_SOCKET_CLIENT_GID
40412 + int "GID to deny client sockets for"
40413 + depends on GRKERNSEC_SOCKET_CLIENT
40416 + Here you can choose the GID to disable client socket access for.
40417 + Remember to add the users you want client socket access disabled for to
40418 + the GID specified here. If the sysctl option is enabled, a sysctl
40419 + option with name "socket_client_gid" is created.
40421 +config GRKERNSEC_SOCKET_SERVER
40422 + bool "Deny server sockets to group"
40423 + depends on GRKERNSEC_SOCKET
40425 + If you say Y here, you will be able to choose a GID of whose users will
40426 + be unable to run server applications from your machine. If the sysctl
40427 + option is enabled, a sysctl option with name "socket_server" is created.
40429 +config GRKERNSEC_SOCKET_SERVER_GID
40430 + int "GID to deny server sockets for"
40431 + depends on GRKERNSEC_SOCKET_SERVER
40434 + Here you can choose the GID to disable server socket access for.
40435 + Remember to add the users you want server socket access disabled for to
40436 + the GID specified here. If the sysctl option is enabled, a sysctl
40437 + option with name "socket_server_gid" is created.
40440 +menu "Sysctl support"
40441 +depends on GRKERNSEC && SYSCTL
40443 +config GRKERNSEC_SYSCTL
40444 + bool "Sysctl support"
40446 + If you say Y here, you will be able to change the options that
40447 + grsecurity runs with at bootup, without having to recompile your
40448 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
40449 + to enable (1) or disable (0) various features. All the sysctl entries
40450 + are mutable until the "grsec_lock" entry is set to a non-zero value.
40451 + All features enabled in the kernel configuration are disabled at boot
40452 + if you do not say Y to the "Turn on features by default" option.
40453 + All options should be set at startup, and the grsec_lock entry should
40454 + be set to a non-zero value after all the options are set.
40455 + *THIS IS EXTREMELY IMPORTANT*
40457 +config GRKERNSEC_SYSCTL_ON
40458 + bool "Turn on features by default"
40459 + depends on GRKERNSEC_SYSCTL
40461 + If you say Y here, instead of having all features enabled in the
40462 + kernel configuration disabled at boot time, the features will be
40463 + enabled at boot time. It is recommended you say Y here unless
40464 + there is some reason you would want all sysctl-tunable features to
40465 + be disabled by default. As mentioned elsewhere, it is important
40466 + to enable the grsec_lock entry once you have finished modifying
40467 + the sysctl entries.
40470 +menu "Logging Options"
40471 +depends on GRKERNSEC
40473 +config GRKERNSEC_FLOODTIME
40474 + int "Seconds in between log messages (minimum)"
40477 + This option allows you to enforce the number of seconds between
40478 + grsecurity log messages. The default should be suitable for most
40479 + people, however, if you choose to change it, choose a value small enough
40480 + to allow informative logs to be produced, but large enough to
40481 + prevent flooding.
40483 +config GRKERNSEC_FLOODBURST
40484 + int "Number of messages in a burst (maximum)"
40487 + This option allows you to choose the maximum number of messages allowed
40488 + within the flood time interval you chose in a separate option. The
40489 + default should be suitable for most people, however if you find that
40490 + many of your logs are being interpreted as flooding, you may want to
40491 + raise this value.
40496 diff -urNp linux-2.6.32.1/grsecurity/Makefile linux-2.6.32.1/grsecurity/Makefile
40497 --- linux-2.6.32.1/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
40498 +++ linux-2.6.32.1/grsecurity/Makefile 2009-12-14 18:33:58.971930129 -0500
40500 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
40501 +# during 2001-2009 it has been completely redesigned by Brad Spengler
40502 +# into an RBAC system
40504 +# All code in this directory and various hooks inserted throughout the kernel
40505 +# are copyright Brad Spengler - Open Source Security, Inc., and released
40506 +# under the GPL v2 or higher
40508 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
40509 + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
40510 + grsec_time.o grsec_tpe.o grsec_link.o grsec_textrel.o
40512 +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
40513 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
40514 + gracl_learn.o grsec_log.o
40515 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
40517 +ifndef CONFIG_GRKERNSEC
40518 +obj-y += grsec_disabled.o
40521 +ifdef CONFIG_GRKERNSEC_HIDESYM
40522 +extra-y := grsec_hidesym.o
40523 +$(obj)/grsec_hidesym.o:
40524 + @-chmod -f 500 /boot
40525 + @-chmod -f 500 /lib/modules
40527 + @echo ' grsec: protected kernel image paths'
40529 diff -urNp linux-2.6.32.1/include/acpi/acpi_drivers.h linux-2.6.32.1/include/acpi/acpi_drivers.h
40530 --- linux-2.6.32.1/include/acpi/acpi_drivers.h 2009-12-02 22:51:21.000000000 -0500
40531 +++ linux-2.6.32.1/include/acpi/acpi_drivers.h 2009-12-14 18:33:58.986975322 -0500
40532 @@ -119,8 +119,8 @@ int acpi_processor_set_thermal_limit(acp
40534 -------------------------------------------------------------------------- */
40535 struct acpi_dock_ops {
40536 - acpi_notify_handler handler;
40537 - acpi_notify_handler uevent;
40538 + const acpi_notify_handler handler;
40539 + const acpi_notify_handler uevent;
40542 #if defined(CONFIG_ACPI_DOCK) || defined(CONFIG_ACPI_DOCK_MODULE)
40543 @@ -128,7 +128,7 @@ extern int is_dock_device(acpi_handle ha
40544 extern int register_dock_notifier(struct notifier_block *nb);
40545 extern void unregister_dock_notifier(struct notifier_block *nb);
40546 extern int register_hotplug_dock_device(acpi_handle handle,
40547 - struct acpi_dock_ops *ops,
40548 + const struct acpi_dock_ops *ops,
40550 extern void unregister_hotplug_dock_device(acpi_handle handle);
40552 @@ -144,7 +144,7 @@ static inline void unregister_dock_notif
40555 static inline int register_hotplug_dock_device(acpi_handle handle,
40556 - struct acpi_dock_ops *ops,
40557 + const struct acpi_dock_ops *ops,
40561 diff -urNp linux-2.6.32.1/include/asm-generic/atomic.h linux-2.6.32.1/include/asm-generic/atomic.h
40562 --- linux-2.6.32.1/include/asm-generic/atomic.h 2009-12-02 22:51:21.000000000 -0500
40563 +++ linux-2.6.32.1/include/asm-generic/atomic.h 2009-12-14 18:33:58.986975322 -0500
40565 #define atomic_read(v) ((v)->counter)
40568 + * atomic_read_unchecked - read atomic variable
40569 + * @v: pointer of type atomic_unchecked_t
40571 + * Atomically reads the value of @v. Note that the guaranteed
40572 + * useful range of an atomic_unchecked_t is only 24 bits.
40574 +#define atomic_read_unchecked(v) ((v)->counter)
40577 * atomic_set - set atomic variable
40578 * @v: pointer of type atomic_t
40579 * @i: required value
40582 #define atomic_set(v, i) (((v)->counter) = (i))
40585 + * atomic_set_unchecked - set atomic variable
40586 + * @v: pointer of type atomic_unchecked_t
40587 + * @i: required value
40589 + * Atomically sets the value of @v to @i. Note that the guaranteed
40590 + * useful range of an atomic_unchecked_t is only 24 bits.
40592 +#define atomic_set_unchecked(v, i) (((v)->counter) = (i))
40594 #include <asm/system.h>
40597 @@ -101,16 +120,31 @@ static inline void atomic_add(int i, ato
40598 atomic_add_return(i, v);
40601 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
40603 + atomic_add_return(i, (atomic_t *)v);
40606 static inline void atomic_sub(int i, atomic_t *v)
40608 atomic_sub_return(i, v);
40611 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
40613 + atomic_sub_return(i, (atomic_t *)v);
40616 static inline void atomic_inc(atomic_t *v)
40618 atomic_add_return(1, v);
40621 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
40623 + atomic_add_return(1, (atomic_t *)v);
40626 static inline void atomic_dec(atomic_t *v)
40628 atomic_sub_return(1, v);
40629 diff -urNp linux-2.6.32.1/include/asm-generic/dma-mapping-common.h linux-2.6.32.1/include/asm-generic/dma-mapping-common.h
40630 --- linux-2.6.32.1/include/asm-generic/dma-mapping-common.h 2009-12-02 22:51:21.000000000 -0500
40631 +++ linux-2.6.32.1/include/asm-generic/dma-mapping-common.h 2009-12-14 18:33:58.987946019 -0500
40632 @@ -11,7 +11,7 @@ static inline dma_addr_t dma_map_single_
40633 enum dma_data_direction dir,
40634 struct dma_attrs *attrs)
40636 - struct dma_map_ops *ops = get_dma_ops(dev);
40637 + const struct dma_map_ops *ops = get_dma_ops(dev);
40640 kmemcheck_mark_initialized(ptr, size);
40641 @@ -30,7 +30,7 @@ static inline void dma_unmap_single_attr
40642 enum dma_data_direction dir,
40643 struct dma_attrs *attrs)
40645 - struct dma_map_ops *ops = get_dma_ops(dev);
40646 + const struct dma_map_ops *ops = get_dma_ops(dev);
40648 BUG_ON(!valid_dma_direction(dir));
40649 if (ops->unmap_page)
40650 @@ -42,7 +42,7 @@ static inline int dma_map_sg_attrs(struc
40651 int nents, enum dma_data_direction dir,
40652 struct dma_attrs *attrs)
40654 - struct dma_map_ops *ops = get_dma_ops(dev);
40655 + const struct dma_map_ops *ops = get_dma_ops(dev);
40657 struct scatterlist *s;
40659 @@ -59,7 +59,7 @@ static inline void dma_unmap_sg_attrs(st
40660 int nents, enum dma_data_direction dir,
40661 struct dma_attrs *attrs)
40663 - struct dma_map_ops *ops = get_dma_ops(dev);
40664 + const struct dma_map_ops *ops = get_dma_ops(dev);
40666 BUG_ON(!valid_dma_direction(dir));
40667 debug_dma_unmap_sg(dev, sg, nents, dir);
40668 @@ -71,7 +71,7 @@ static inline dma_addr_t dma_map_page(st
40669 size_t offset, size_t size,
40670 enum dma_data_direction dir)
40672 - struct dma_map_ops *ops = get_dma_ops(dev);
40673 + const struct dma_map_ops *ops = get_dma_ops(dev);
40676 kmemcheck_mark_initialized(page_address(page) + offset, size);
40677 @@ -85,7 +85,7 @@ static inline dma_addr_t dma_map_page(st
40678 static inline void dma_unmap_page(struct device *dev, dma_addr_t addr,
40679 size_t size, enum dma_data_direction dir)
40681 - struct dma_map_ops *ops = get_dma_ops(dev);
40682 + const struct dma_map_ops *ops = get_dma_ops(dev);
40684 BUG_ON(!valid_dma_direction(dir));
40685 if (ops->unmap_page)
40686 @@ -97,7 +97,7 @@ static inline void dma_sync_single_for_c
40688 enum dma_data_direction dir)
40690 - struct dma_map_ops *ops = get_dma_ops(dev);
40691 + const struct dma_map_ops *ops = get_dma_ops(dev);
40693 BUG_ON(!valid_dma_direction(dir));
40694 if (ops->sync_single_for_cpu)
40695 @@ -109,7 +109,7 @@ static inline void dma_sync_single_for_d
40696 dma_addr_t addr, size_t size,
40697 enum dma_data_direction dir)
40699 - struct dma_map_ops *ops = get_dma_ops(dev);
40700 + const struct dma_map_ops *ops = get_dma_ops(dev);
40702 BUG_ON(!valid_dma_direction(dir));
40703 if (ops->sync_single_for_device)
40704 @@ -123,7 +123,7 @@ static inline void dma_sync_single_range
40706 enum dma_data_direction dir)
40708 - struct dma_map_ops *ops = get_dma_ops(dev);
40709 + const struct dma_map_ops *ops = get_dma_ops(dev);
40711 BUG_ON(!valid_dma_direction(dir));
40712 if (ops->sync_single_range_for_cpu) {
40713 @@ -140,7 +140,7 @@ static inline void dma_sync_single_range
40715 enum dma_data_direction dir)
40717 - struct dma_map_ops *ops = get_dma_ops(dev);
40718 + const struct dma_map_ops *ops = get_dma_ops(dev);
40720 BUG_ON(!valid_dma_direction(dir));
40721 if (ops->sync_single_range_for_device) {
40722 @@ -155,7 +155,7 @@ static inline void
40723 dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sg,
40724 int nelems, enum dma_data_direction dir)
40726 - struct dma_map_ops *ops = get_dma_ops(dev);
40727 + const struct dma_map_ops *ops = get_dma_ops(dev);
40729 BUG_ON(!valid_dma_direction(dir));
40730 if (ops->sync_sg_for_cpu)
40731 @@ -167,7 +167,7 @@ static inline void
40732 dma_sync_sg_for_device(struct device *dev, struct scatterlist *sg,
40733 int nelems, enum dma_data_direction dir)
40735 - struct dma_map_ops *ops = get_dma_ops(dev);
40736 + const struct dma_map_ops *ops = get_dma_ops(dev);
40738 BUG_ON(!valid_dma_direction(dir));
40739 if (ops->sync_sg_for_device)
40740 diff -urNp linux-2.6.32.1/include/asm-generic/futex.h linux-2.6.32.1/include/asm-generic/futex.h
40741 --- linux-2.6.32.1/include/asm-generic/futex.h 2009-12-02 22:51:21.000000000 -0500
40742 +++ linux-2.6.32.1/include/asm-generic/futex.h 2009-12-14 18:33:58.987946019 -0500
40744 #include <asm/errno.h>
40747 -futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
40748 +futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
40750 int op = (encoded_op >> 28) & 7;
40751 int cmp = (encoded_op >> 24) & 15;
40752 @@ -48,7 +48,7 @@ futex_atomic_op_inuser (int encoded_op,
40756 -futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
40757 +futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, int newval)
40761 diff -urNp linux-2.6.32.1/include/asm-generic/int-l64.h linux-2.6.32.1/include/asm-generic/int-l64.h
40762 --- linux-2.6.32.1/include/asm-generic/int-l64.h 2009-12-02 22:51:21.000000000 -0500
40763 +++ linux-2.6.32.1/include/asm-generic/int-l64.h 2009-12-14 18:33:58.987946019 -0500
40764 @@ -46,6 +46,8 @@ typedef unsigned int u32;
40765 typedef signed long s64;
40766 typedef unsigned long u64;
40768 +typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
40771 #define U8_C(x) x ## U
40773 diff -urNp linux-2.6.32.1/include/asm-generic/int-ll64.h linux-2.6.32.1/include/asm-generic/int-ll64.h
40774 --- linux-2.6.32.1/include/asm-generic/int-ll64.h 2009-12-02 22:51:21.000000000 -0500
40775 +++ linux-2.6.32.1/include/asm-generic/int-ll64.h 2009-12-14 18:33:58.987946019 -0500
40776 @@ -51,6 +51,8 @@ typedef unsigned int u32;
40777 typedef signed long long s64;
40778 typedef unsigned long long u64;
40780 +typedef unsigned long long intoverflow_t;
40783 #define U8_C(x) x ## U
40785 diff -urNp linux-2.6.32.1/include/asm-generic/kmap_types.h linux-2.6.32.1/include/asm-generic/kmap_types.h
40786 --- linux-2.6.32.1/include/asm-generic/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
40787 +++ linux-2.6.32.1/include/asm-generic/kmap_types.h 2009-12-14 18:33:58.987946019 -0500
40788 @@ -28,7 +28,8 @@ KMAP_D(15) KM_UML_USERCOPY,
40789 KMAP_D(16) KM_IRQ_PTE,
40791 KMAP_D(18) KM_NMI_PTE,
40792 -KMAP_D(19) KM_TYPE_NR
40793 +KMAP_D(19) KM_CLEARPAGE,
40794 +KMAP_D(20) KM_TYPE_NR
40798 diff -urNp linux-2.6.32.1/include/asm-generic/pgtable.h linux-2.6.32.1/include/asm-generic/pgtable.h
40799 --- linux-2.6.32.1/include/asm-generic/pgtable.h 2009-12-02 22:51:21.000000000 -0500
40800 +++ linux-2.6.32.1/include/asm-generic/pgtable.h 2009-12-14 18:33:58.988946269 -0500
40801 @@ -344,6 +344,14 @@ extern void untrack_pfn_vma(struct vm_ar
40802 unsigned long size);
40805 +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
40806 +static inline unsigned long pax_open_kernel(void) { return 0; }
40809 +#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
40810 +static inline unsigned long pax_close_kernel(void) { return 0; }
40813 #endif /* !__ASSEMBLY__ */
40815 #endif /* _ASM_GENERIC_PGTABLE_H */
40816 diff -urNp linux-2.6.32.1/include/asm-generic/vmlinux.lds.h linux-2.6.32.1/include/asm-generic/vmlinux.lds.h
40817 --- linux-2.6.32.1/include/asm-generic/vmlinux.lds.h 2009-12-02 22:51:21.000000000 -0500
40818 +++ linux-2.6.32.1/include/asm-generic/vmlinux.lds.h 2009-12-14 18:33:59.005958426 -0500
40819 @@ -199,6 +199,7 @@
40820 .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
40821 VMLINUX_SYMBOL(__start_rodata) = .; \
40822 *(.rodata) *(.rodata.*) \
40823 + *(.data.read_only) \
40824 *(__vermagic) /* Kernel version magic */ \
40825 *(__markers_strings) /* Markers: strings */ \
40826 *(__tracepoints_strings)/* Tracepoints: strings */ \
40827 @@ -656,22 +657,24 @@
40828 * section in the linker script will go there too. @phdr should have
40831 - * Note that this macros defines __per_cpu_load as an absolute symbol.
40832 + * Note that this macros defines per_cpu_load as an absolute symbol.
40833 * If there is no need to put the percpu section at a predetermined
40834 * address, use PERCPU().
40836 #define PERCPU_VADDR(vaddr, phdr) \
40837 - VMLINUX_SYMBOL(__per_cpu_load) = .; \
40838 - .data.percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \
40839 + per_cpu_load = .; \
40840 + .data.percpu vaddr : AT(VMLINUX_SYMBOL(per_cpu_load) \
40842 + VMLINUX_SYMBOL(__per_cpu_load) = . + per_cpu_load; \
40843 VMLINUX_SYMBOL(__per_cpu_start) = .; \
40844 *(.data.percpu.first) \
40845 - *(.data.percpu.page_aligned) \
40847 + . = ALIGN(PAGE_SIZE); \
40848 + *(.data.percpu.page_aligned) \
40849 *(.data.percpu.shared_aligned) \
40850 VMLINUX_SYMBOL(__per_cpu_end) = .; \
40852 - . = VMLINUX_SYMBOL(__per_cpu_load) + SIZEOF(.data.percpu);
40853 + . = VMLINUX_SYMBOL(per_cpu_load) + SIZEOF(.data.percpu);
40856 * PERCPU - define output section for percpu area, simple version
40857 diff -urNp linux-2.6.32.1/include/drm/drm_pciids.h linux-2.6.32.1/include/drm/drm_pciids.h
40858 --- linux-2.6.32.1/include/drm/drm_pciids.h 2009-12-02 22:51:21.000000000 -0500
40859 +++ linux-2.6.32.1/include/drm/drm_pciids.h 2009-12-14 18:33:59.025760956 -0500
40860 @@ -375,7 +375,7 @@
40861 {0x1002, 0x9712, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
40862 {0x1002, 0x9713, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
40863 {0x1002, 0x9714, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
40865 + {0, 0, 0, 0, 0, 0}
40867 #define r128_PCI_IDS \
40868 {0x1002, 0x4c45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40869 @@ -415,14 +415,14 @@
40870 {0x1002, 0x5446, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40871 {0x1002, 0x544C, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40872 {0x1002, 0x5452, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40874 + {0, 0, 0, 0, 0, 0}
40876 #define mga_PCI_IDS \
40877 {0x102b, 0x0520, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
40878 {0x102b, 0x0521, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
40879 {0x102b, 0x0525, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G400}, \
40880 {0x102b, 0x2527, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G550}, \
40882 + {0, 0, 0, 0, 0, 0}
40884 #define mach64_PCI_IDS \
40885 {0x1002, 0x4749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40886 @@ -445,7 +445,7 @@
40887 {0x1002, 0x4c53, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40888 {0x1002, 0x4c4d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40889 {0x1002, 0x4c4e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40891 + {0, 0, 0, 0, 0, 0}
40893 #define sisdrv_PCI_IDS \
40894 {0x1039, 0x0300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40895 @@ -456,7 +456,7 @@
40896 {0x1039, 0x7300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40897 {0x18CA, 0x0040, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
40898 {0x18CA, 0x0042, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
40900 + {0, 0, 0, 0, 0, 0}
40902 #define tdfx_PCI_IDS \
40903 {0x121a, 0x0003, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40904 @@ -465,7 +465,7 @@
40905 {0x121a, 0x0007, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40906 {0x121a, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40907 {0x121a, 0x000b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40909 + {0, 0, 0, 0, 0, 0}
40911 #define viadrv_PCI_IDS \
40912 {0x1106, 0x3022, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40913 @@ -477,14 +477,14 @@
40914 {0x1106, 0x3343, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40915 {0x1106, 0x3230, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_DX9_0}, \
40916 {0x1106, 0x3157, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_PRO_GROUP_A}, \
40918 + {0, 0, 0, 0, 0, 0}
40920 #define i810_PCI_IDS \
40921 {0x8086, 0x7121, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40922 {0x8086, 0x7123, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40923 {0x8086, 0x7125, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40924 {0x8086, 0x1132, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40926 + {0, 0, 0, 0, 0, 0}
40928 #define i830_PCI_IDS \
40929 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40930 @@ -492,11 +492,11 @@
40931 {0x8086, 0x3582, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40932 {0x8086, 0x2572, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40933 {0x8086, 0x358e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40935 + {0, 0, 0, 0, 0, 0}
40937 #define gamma_PCI_IDS \
40938 {0x3d3d, 0x0008, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40940 + {0, 0, 0, 0, 0, 0}
40942 #define savage_PCI_IDS \
40943 {0x5333, 0x8a20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_SAVAGE3D}, \
40944 @@ -522,10 +522,10 @@
40945 {0x5333, 0x8d02, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_TWISTER}, \
40946 {0x5333, 0x8d03, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
40947 {0x5333, 0x8d04, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
40949 + {0, 0, 0, 0, 0, 0}
40951 #define ffb_PCI_IDS \
40953 + {0, 0, 0, 0, 0, 0}
40955 #define i915_PCI_IDS \
40956 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
40957 @@ -558,4 +558,4 @@
40958 {0x8086, 0x35e8, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
40959 {0x8086, 0x0042, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
40960 {0x8086, 0x0046, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
40962 + {0, 0, 0, 0, 0, 0}
40963 diff -urNp linux-2.6.32.1/include/drm/drmP.h linux-2.6.32.1/include/drm/drmP.h
40964 --- linux-2.6.32.1/include/drm/drmP.h 2009-12-02 22:51:21.000000000 -0500
40965 +++ linux-2.6.32.1/include/drm/drmP.h 2009-12-14 18:33:59.025760956 -0500
40966 @@ -814,7 +814,7 @@ struct drm_driver {
40967 void (*vgaarb_irq)(struct drm_device *dev, bool state);
40969 /* Driver private ops for this object */
40970 - struct vm_operations_struct *gem_vm_ops;
40971 + const struct vm_operations_struct *gem_vm_ops;
40975 @@ -917,7 +917,7 @@ struct drm_device {
40977 /** \name Usage Counters */
40979 - int open_count; /**< Outstanding files open */
40980 + atomic_t open_count; /**< Outstanding files open */
40981 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
40982 atomic_t vma_count; /**< Outstanding vma areas open */
40983 int buf_use; /**< Buffers in use -- cannot alloc */
40984 @@ -928,7 +928,7 @@ struct drm_device {
40986 unsigned long counters;
40987 enum drm_stat_type types[15];
40988 - atomic_t counts[15];
40989 + atomic_unchecked_t counts[15];
40992 struct list_head filelist;
40993 diff -urNp linux-2.6.32.1/include/linux/a.out.h linux-2.6.32.1/include/linux/a.out.h
40994 --- linux-2.6.32.1/include/linux/a.out.h 2009-12-02 22:51:21.000000000 -0500
40995 +++ linux-2.6.32.1/include/linux/a.out.h 2009-12-14 18:33:59.025760956 -0500
40996 @@ -39,6 +39,14 @@ enum machine_type {
40997 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
41000 +/* Constants for the N_FLAGS field */
41001 +#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
41002 +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
41003 +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
41004 +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
41005 +/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
41006 +#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
41008 #if !defined (N_MAGIC)
41009 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
41011 diff -urNp linux-2.6.32.1/include/linux/atmdev.h linux-2.6.32.1/include/linux/atmdev.h
41012 --- linux-2.6.32.1/include/linux/atmdev.h 2009-12-02 22:51:21.000000000 -0500
41013 +++ linux-2.6.32.1/include/linux/atmdev.h 2009-12-14 18:33:59.026954386 -0500
41014 @@ -237,7 +237,7 @@ struct compat_atm_iobuf {
41017 struct k_atm_aal_stats {
41018 -#define __HANDLE_ITEM(i) atomic_t i
41019 +#define __HANDLE_ITEM(i) atomic_unchecked_t i
41021 #undef __HANDLE_ITEM
41023 diff -urNp linux-2.6.32.1/include/linux/backlight.h linux-2.6.32.1/include/linux/backlight.h
41024 --- linux-2.6.32.1/include/linux/backlight.h 2009-12-02 22:51:21.000000000 -0500
41025 +++ linux-2.6.32.1/include/linux/backlight.h 2009-12-14 18:33:59.026954386 -0500
41026 @@ -36,18 +36,18 @@ struct backlight_device;
41029 struct backlight_ops {
41030 - unsigned int options;
41031 + const unsigned int options;
41033 #define BL_CORE_SUSPENDRESUME (1 << 0)
41035 /* Notify the backlight driver some property has changed */
41036 - int (*update_status)(struct backlight_device *);
41037 + int (* const update_status)(struct backlight_device *);
41038 /* Return the current backlight brightness (accounting for power,
41040 - int (*get_brightness)(struct backlight_device *);
41041 + int (* const get_brightness)(struct backlight_device *);
41042 /* Check if given framebuffer device is the one bound to this backlight;
41043 return 0 if not, !=0 if it is. If NULL, backlight always matches the fb. */
41044 - int (*check_fb)(struct fb_info *);
41045 + int (* const check_fb)(struct fb_info *);
41048 /* This structure defines all the properties of a backlight */
41049 @@ -86,7 +86,7 @@ struct backlight_device {
41050 registered this device has been unloaded, and if class_get_devdata()
41051 points to something in the body of that driver, it is also invalid. */
41052 struct mutex ops_lock;
41053 - struct backlight_ops *ops;
41054 + const struct backlight_ops *ops;
41056 /* The framebuffer notifier block */
41057 struct notifier_block fb_notif;
41058 @@ -103,7 +103,7 @@ static inline void backlight_update_stat
41061 extern struct backlight_device *backlight_device_register(const char *name,
41062 - struct device *dev, void *devdata, struct backlight_ops *ops);
41063 + struct device *dev, void *devdata, const struct backlight_ops *ops);
41064 extern void backlight_device_unregister(struct backlight_device *bd);
41065 extern void backlight_force_update(struct backlight_device *bd,
41066 enum backlight_update_reason reason);
41067 diff -urNp linux-2.6.32.1/include/linux/binfmts.h linux-2.6.32.1/include/linux/binfmts.h
41068 --- linux-2.6.32.1/include/linux/binfmts.h 2009-12-02 22:51:21.000000000 -0500
41069 +++ linux-2.6.32.1/include/linux/binfmts.h 2009-12-14 18:33:59.026954386 -0500
41070 @@ -78,6 +78,7 @@ struct linux_binfmt {
41071 int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
41072 int (*load_shlib)(struct file *);
41073 int (*core_dump)(long signr, struct pt_regs *regs, struct file *file, unsigned long limit);
41074 + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
41075 unsigned long min_coredump; /* minimal dump size */
41078 diff -urNp linux-2.6.32.1/include/linux/blkdev.h linux-2.6.32.1/include/linux/blkdev.h
41079 --- linux-2.6.32.1/include/linux/blkdev.h 2009-12-02 22:51:21.000000000 -0500
41080 +++ linux-2.6.32.1/include/linux/blkdev.h 2009-12-14 18:33:59.026954386 -0500
41081 @@ -1253,19 +1253,19 @@ static inline int blk_integrity_rq(struc
41082 #endif /* CONFIG_BLK_DEV_INTEGRITY */
41084 struct block_device_operations {
41085 - int (*open) (struct block_device *, fmode_t);
41086 - int (*release) (struct gendisk *, fmode_t);
41087 - int (*locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41088 - int (*ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41089 - int (*compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41090 - int (*direct_access) (struct block_device *, sector_t,
41091 + int (* const open) (struct block_device *, fmode_t);
41092 + int (* const release) (struct gendisk *, fmode_t);
41093 + int (* const locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41094 + int (* const ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41095 + int (* const compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41096 + int (* const direct_access) (struct block_device *, sector_t,
41097 void **, unsigned long *);
41098 - int (*media_changed) (struct gendisk *);
41099 - unsigned long long (*set_capacity) (struct gendisk *,
41100 + int (* const media_changed) (struct gendisk *);
41101 + unsigned long long (* const set_capacity) (struct gendisk *,
41102 unsigned long long);
41103 - int (*revalidate_disk) (struct gendisk *);
41104 - int (*getgeo)(struct block_device *, struct hd_geometry *);
41105 - struct module *owner;
41106 + int (* const revalidate_disk) (struct gendisk *);
41107 + int (*const getgeo)(struct block_device *, struct hd_geometry *);
41108 + struct module * const owner;
41111 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int,
41112 diff -urNp linux-2.6.32.1/include/linux/cache.h linux-2.6.32.1/include/linux/cache.h
41113 --- linux-2.6.32.1/include/linux/cache.h 2009-12-02 22:51:21.000000000 -0500
41114 +++ linux-2.6.32.1/include/linux/cache.h 2009-12-14 18:33:59.027947208 -0500
41116 #define __read_mostly
41119 +#ifndef __read_only
41120 +#define __read_only __read_mostly
41123 #ifndef ____cacheline_aligned
41124 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
41126 diff -urNp linux-2.6.32.1/include/linux/capability.h linux-2.6.32.1/include/linux/capability.h
41127 --- linux-2.6.32.1/include/linux/capability.h 2009-12-02 22:51:21.000000000 -0500
41128 +++ linux-2.6.32.1/include/linux/capability.h 2009-12-14 18:33:59.027947208 -0500
41129 @@ -563,6 +563,7 @@ extern const kernel_cap_t __cap_init_eff
41130 (security_real_capable_noaudit((t), (cap)) == 0)
41132 extern int capable(int cap);
41133 +int capable_nolog(int cap);
41135 /* audit system wants to get cap info from files as well */
41137 diff -urNp linux-2.6.32.1/include/linux/compiler-gcc4.h linux-2.6.32.1/include/linux/compiler-gcc4.h
41138 --- linux-2.6.32.1/include/linux/compiler-gcc4.h 2009-12-02 22:51:21.000000000 -0500
41139 +++ linux-2.6.32.1/include/linux/compiler-gcc4.h 2009-12-14 18:33:59.027947208 -0500
41141 the kernel context */
41142 #define __cold __attribute__((__cold__))
41144 +#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__)))
41145 +#define __bos(ptr, arg) __builtin_object_size((ptr), (arg))
41146 +#define __bos0(ptr) __bos((ptr), 0)
41147 +#define __bos1(ptr) __bos((ptr), 1)
41149 diff -urNp linux-2.6.32.1/include/linux/compiler.h linux-2.6.32.1/include/linux/compiler.h
41150 --- linux-2.6.32.1/include/linux/compiler.h 2009-12-02 22:51:21.000000000 -0500
41151 +++ linux-2.6.32.1/include/linux/compiler.h 2009-12-14 18:33:59.027947208 -0500
41152 @@ -256,6 +256,22 @@ void ftrace_likely_update(struct ftrace_
41156 +#ifndef __alloc_size
41157 +#define __alloc_size
41172 /* Simple shorthand for a section definition */
41174 # define __section(S) __attribute__ ((__section__(#S)))
41175 diff -urNp linux-2.6.32.1/include/linux/decompress/mm.h linux-2.6.32.1/include/linux/decompress/mm.h
41176 --- linux-2.6.32.1/include/linux/decompress/mm.h 2009-12-02 22:51:21.000000000 -0500
41177 +++ linux-2.6.32.1/include/linux/decompress/mm.h 2009-12-14 18:33:59.028944187 -0500
41178 @@ -68,7 +68,7 @@ static void free(void *where)
41179 * warnings when not needed (indeed large_malloc / large_free are not
41180 * needed by inflate */
41182 -#define malloc(a) kmalloc(a, GFP_KERNEL)
41183 +#define malloc(a) kmalloc((a), GFP_KERNEL)
41184 #define free(a) kfree(a)
41186 #define large_malloc(a) vmalloc(a)
41187 diff -urNp linux-2.6.32.1/include/linux/elf.h linux-2.6.32.1/include/linux/elf.h
41188 --- linux-2.6.32.1/include/linux/elf.h 2009-12-02 22:51:21.000000000 -0500
41189 +++ linux-2.6.32.1/include/linux/elf.h 2009-12-14 18:33:59.028944187 -0500
41190 @@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword;
41191 #define PT_GNU_EH_FRAME 0x6474e550
41193 #define PT_GNU_STACK (PT_LOOS + 0x474e551)
41194 +#define PT_GNU_RELRO (PT_LOOS + 0x474e552)
41196 +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580)
41198 +/* Constants for the e_flags field */
41199 +#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
41200 +#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */
41201 +#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */
41202 +#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */
41203 +/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
41204 +#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
41206 /* These constants define the different elf file types */
41208 @@ -84,6 +95,8 @@ typedef __s64 Elf64_Sxword;
41209 #define DT_DEBUG 21
41210 #define DT_TEXTREL 22
41211 #define DT_JMPREL 23
41212 +#define DT_FLAGS 30
41213 + #define DF_TEXTREL 0x00000004
41214 #define DT_ENCODING 32
41215 #define OLD_DT_LOOS 0x60000000
41216 #define DT_LOOS 0x6000000d
41217 @@ -230,6 +243,19 @@ typedef struct elf64_hdr {
41221 +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */
41222 +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */
41223 +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */
41224 +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */
41225 +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */
41226 +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */
41227 +/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */
41228 +/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */
41229 +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */
41230 +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */
41231 +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */
41232 +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */
41234 typedef struct elf32_phdr{
41236 Elf32_Off p_offset;
41237 @@ -322,6 +348,8 @@ typedef struct elf64_shdr {
41243 #define ELFMAG0 0x7f /* EI_MAG */
41244 #define ELFMAG1 'E'
41245 #define ELFMAG2 'L'
41246 @@ -386,6 +414,7 @@ extern Elf32_Dyn _DYNAMIC [];
41247 #define elf_phdr elf32_phdr
41248 #define elf_note elf32_note
41249 #define elf_addr_t Elf32_Off
41250 +#define elf_dyn Elf32_Dyn
41254 @@ -394,6 +423,7 @@ extern Elf64_Dyn _DYNAMIC [];
41255 #define elf_phdr elf64_phdr
41256 #define elf_note elf64_note
41257 #define elf_addr_t Elf64_Off
41258 +#define elf_dyn Elf64_Dyn
41262 diff -urNp linux-2.6.32.1/include/linux/fs.h linux-2.6.32.1/include/linux/fs.h
41263 --- linux-2.6.32.1/include/linux/fs.h 2009-12-02 22:51:21.000000000 -0500
41264 +++ linux-2.6.32.1/include/linux/fs.h 2009-12-14 18:33:59.059779887 -0500
41265 @@ -87,6 +87,10 @@ struct inodes_stat_t {
41267 #define FMODE_NOCMTIME ((__force fmode_t)2048)
41269 +/* Hack for grsec so as not to require read permission simply to execute
41271 +#define FMODE_GREXEC ((__force fmode_t)8192)
41274 * The below are the various read and write types that we support. Some of
41275 * them include behavioral modifiers that send information down to the
41276 @@ -565,41 +569,41 @@ typedef int (*read_actor_t)(read_descrip
41277 unsigned long, unsigned long);
41279 struct address_space_operations {
41280 - int (*writepage)(struct page *page, struct writeback_control *wbc);
41281 - int (*readpage)(struct file *, struct page *);
41282 - void (*sync_page)(struct page *);
41283 + int (* const writepage)(struct page *page, struct writeback_control *wbc);
41284 + int (* const readpage)(struct file *, struct page *);
41285 + void (* const sync_page)(struct page *);
41287 /* Write back some dirty pages from this mapping. */
41288 - int (*writepages)(struct address_space *, struct writeback_control *);
41289 + int (* const writepages)(struct address_space *, struct writeback_control *);
41291 /* Set a page dirty. Return true if this dirtied it */
41292 - int (*set_page_dirty)(struct page *page);
41293 + int (* const set_page_dirty)(struct page *page);
41295 - int (*readpages)(struct file *filp, struct address_space *mapping,
41296 + int (* const readpages)(struct file *filp, struct address_space *mapping,
41297 struct list_head *pages, unsigned nr_pages);
41299 - int (*write_begin)(struct file *, struct address_space *mapping,
41300 + int (* const write_begin)(struct file *, struct address_space *mapping,
41301 loff_t pos, unsigned len, unsigned flags,
41302 struct page **pagep, void **fsdata);
41303 - int (*write_end)(struct file *, struct address_space *mapping,
41304 + int (* const write_end)(struct file *, struct address_space *mapping,
41305 loff_t pos, unsigned len, unsigned copied,
41306 struct page *page, void *fsdata);
41308 /* Unfortunately this kludge is needed for FIBMAP. Don't use it */
41309 - sector_t (*bmap)(struct address_space *, sector_t);
41310 - void (*invalidatepage) (struct page *, unsigned long);
41311 - int (*releasepage) (struct page *, gfp_t);
41312 - ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
41313 + sector_t (* const bmap)(struct address_space *, sector_t);
41314 + void (* const invalidatepage) (struct page *, unsigned long);
41315 + int (* const releasepage) (struct page *, gfp_t);
41316 + ssize_t (* const direct_IO)(int, struct kiocb *, const struct iovec *iov,
41317 loff_t offset, unsigned long nr_segs);
41318 - int (*get_xip_mem)(struct address_space *, pgoff_t, int,
41319 + int (* const get_xip_mem)(struct address_space *, pgoff_t, int,
41320 void **, unsigned long *);
41321 /* migrate the contents of a page to the specified target */
41322 - int (*migratepage) (struct address_space *,
41323 + int (* const migratepage) (struct address_space *,
41324 struct page *, struct page *);
41325 - int (*launder_page) (struct page *);
41326 - int (*is_partially_uptodate) (struct page *, read_descriptor_t *,
41327 + int (* const launder_page) (struct page *);
41328 + int (* const is_partially_uptodate) (struct page *, read_descriptor_t *,
41330 - int (*error_remove_page)(struct address_space *, struct page *);
41331 + int (* const error_remove_page)(struct address_space *, struct page *);
41335 @@ -1027,19 +1031,19 @@ static inline int file_check_writeable(s
41336 typedef struct files_struct *fl_owner_t;
41338 struct file_lock_operations {
41339 - void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
41340 - void (*fl_release_private)(struct file_lock *);
41341 + void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
41342 + void (* const fl_release_private)(struct file_lock *);
41345 struct lock_manager_operations {
41346 - int (*fl_compare_owner)(struct file_lock *, struct file_lock *);
41347 - void (*fl_notify)(struct file_lock *); /* unblock callback */
41348 - int (*fl_grant)(struct file_lock *, struct file_lock *, int);
41349 - void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
41350 - void (*fl_release_private)(struct file_lock *);
41351 - void (*fl_break)(struct file_lock *);
41352 - int (*fl_mylease)(struct file_lock *, struct file_lock *);
41353 - int (*fl_change)(struct file_lock **, int);
41354 + int (* const fl_compare_owner)(struct file_lock *, struct file_lock *);
41355 + void (* const fl_notify)(struct file_lock *); /* unblock callback */
41356 + int (* const fl_grant)(struct file_lock *, struct file_lock *, int);
41357 + void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
41358 + void (* const fl_release_private)(struct file_lock *);
41359 + void (* const fl_break)(struct file_lock *);
41360 + int (* const fl_mylease)(struct file_lock *, struct file_lock *);
41361 + int (* const fl_change)(struct file_lock **, int);
41364 struct lock_manager {
41365 @@ -1436,7 +1440,7 @@ struct fiemap_extent_info {
41366 unsigned int fi_flags; /* Flags as passed from user */
41367 unsigned int fi_extents_mapped; /* Number of mapped extents */
41368 unsigned int fi_extents_max; /* Size of fiemap_extent array */
41369 - struct fiemap_extent *fi_extents_start; /* Start of fiemap_extent
41370 + struct fiemap_extent __user *fi_extents_start; /* Start of fiemap_extent
41373 int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical,
41374 @@ -1607,32 +1607,32 @@
41375 ssize_t vfs_sendfile(struct file *, struct file *, loff_t *, size_t, loff_t);
41377 struct super_operations {
41378 - struct inode *(*alloc_inode)(struct super_block *sb);
41379 - void (*destroy_inode)(struct inode *);
41380 + struct inode *(* const alloc_inode)(struct super_block *sb);
41381 + void (* const destroy_inode)(struct inode *);
41383 - void (*dirty_inode) (struct inode *);
41384 - int (*write_inode) (struct inode *, int);
41385 - void (*drop_inode) (struct inode *);
41386 - void (*delete_inode) (struct inode *);
41387 - void (*put_super) (struct super_block *);
41388 - void (*write_super) (struct super_block *);
41389 - int (*sync_fs)(struct super_block *sb, int wait);
41390 - int (*freeze_fs) (struct super_block *);
41391 - int (*unfreeze_fs) (struct super_block *);
41392 - int (*statfs) (struct dentry *, struct kstatfs *);
41393 - int (*remount_fs) (struct super_block *, int *, char *);
41394 - void (*clear_inode) (struct inode *);
41395 - void (*umount_begin) (struct super_block *);
41396 + void (* const dirty_inode) (struct inode *);
41397 + int (* const write_inode) (struct inode *, int);
41398 + void (* const drop_inode) (struct inode *);
41399 + void (* const delete_inode) (struct inode *);
41400 + void (* const put_super) (struct super_block *);
41401 + void (* const write_super) (struct super_block *);
41402 + int (* const sync_fs)(struct super_block *sb, int wait);
41403 + int (* const freeze_fs) (struct super_block *);
41404 + int (* const unfreeze_fs) (struct super_block *);
41405 + int (* const statfs) (struct dentry *, struct kstatfs *);
41406 + int (* const remount_fs) (struct super_block *, int *, char *);
41407 + void (* const clear_inode) (struct inode *);
41408 + void (* const umount_begin) (struct super_block *);
41410 - void (*sync_inodes)(struct super_block *sb,
41411 + void (* const sync_inodes)(struct super_block *sb,
41412 struct writeback_control *wbc);
41413 - int (*show_options)(struct seq_file *, struct vfsmount *);
41414 - int (*show_stats)(struct seq_file *, struct vfsmount *);
41415 + int (* const show_options)(struct seq_file *, struct vfsmount *);
41416 + int (* const show_stats)(struct seq_file *, struct vfsmount *);
41417 #ifdef CONFIG_QUOTA
41418 - ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t);
41419 - ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t);
41420 + ssize_t (* const quota_read)(struct super_block *, int, char *, size_t, loff_t);
41421 + ssize_t (* const quota_write)(struct super_block *, int, const char *, size_t, loff_t);
41423 - int (*bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
41424 + int (* const bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
41428 diff -urNp linux-2.6.32.1/include/linux/fs_struct.h linux-2.6.32.1/include/linux/fs_struct.h
41429 --- linux-2.6.32.1/include/linux/fs_struct.h 2009-12-02 22:51:21.000000000 -0500
41430 +++ linux-2.6.32.1/include/linux/fs_struct.h 2009-12-14 18:33:59.059779887 -0500
41432 #include <linux/path.h>
41440 diff -urNp linux-2.6.32.1/include/linux/genhd.h linux-2.6.32.1/include/linux/genhd.h
41441 --- linux-2.6.32.1/include/linux/genhd.h 2009-12-02 22:51:21.000000000 -0500
41442 +++ linux-2.6.32.1/include/linux/genhd.h 2009-12-14 18:33:59.069828957 -0500
41443 @@ -161,7 +161,7 @@ struct gendisk {
41445 struct timer_rand_state *random;
41447 - atomic_t sync_io; /* RAID */
41448 + atomic_unchecked_t sync_io; /* RAID */
41449 struct work_struct async_notify;
41450 #ifdef CONFIG_BLK_DEV_INTEGRITY
41451 struct blk_integrity *integrity;
41452 diff -urNp linux-2.6.32.1/include/linux/gracl.h linux-2.6.32.1/include/linux/gracl.h
41453 --- linux-2.6.32.1/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
41454 +++ linux-2.6.32.1/include/linux/gracl.h 2009-12-14 18:33:59.069828957 -0500
41459 +#include <linux/grdefs.h>
41460 +#include <linux/resource.h>
41461 +#include <linux/capability.h>
41462 +#include <linux/dcache.h>
41463 +#include <asm/resource.h>
41465 +/* Major status information */
41467 +#define GR_VERSION "grsecurity 2.1.14"
41468 +#define GRSECURITY_VERSION 0x2114
41479 + GR_SPROLEPAM = 8,
41482 +/* Password setup definitions
41483 + * kernel/grhash.c */
41486 + GR_SALT_LEN = 16,
41491 + GR_SPROLE_LEN = 64,
41494 +#define GR_NLIMITS 32
41496 +/* Begin Data Structures */
41498 +struct sprole_pw {
41499 + unsigned char *rolename;
41500 + unsigned char salt[GR_SALT_LEN];
41501 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
41504 +struct name_entry {
41511 + struct name_entry *prev;
41512 + struct name_entry *next;
41515 +struct inodev_entry {
41516 + struct name_entry *nentry;
41517 + struct inodev_entry *prev;
41518 + struct inodev_entry *next;
41521 +struct acl_role_db {
41522 + struct acl_role_label **r_hash;
41526 +struct inodev_db {
41527 + struct inodev_entry **i_hash;
41532 + struct name_entry **n_hash;
41536 +struct crash_uid {
41538 + unsigned long expires;
41541 +struct gr_hash_struct {
41543 + void **nametable;
41545 + __u32 table_size;
41550 +/* Userspace Grsecurity ACL data structures */
41552 +struct acl_subject_label {
41557 + kernel_cap_t cap_mask;
41558 + kernel_cap_t cap_lower;
41560 + struct rlimit res[GR_NLIMITS];
41563 + __u8 user_trans_type;
41564 + __u8 group_trans_type;
41565 + uid_t *user_transitions;
41566 + gid_t *group_transitions;
41567 + __u16 user_trans_num;
41568 + __u16 group_trans_num;
41570 + __u32 ip_proto[8];
41572 + struct acl_ip_label **ips;
41574 + __u32 inaddr_any_override;
41577 + unsigned long expires;
41579 + struct acl_subject_label *parent_subject;
41580 + struct gr_hash_struct *hash;
41581 + struct acl_subject_label *prev;
41582 + struct acl_subject_label *next;
41584 + struct acl_object_label **obj_hash;
41585 + __u32 obj_hash_size;
41589 +struct role_allowed_ip {
41593 + struct role_allowed_ip *prev;
41594 + struct role_allowed_ip *next;
41597 +struct role_transition {
41600 + struct role_transition *prev;
41601 + struct role_transition *next;
41604 +struct acl_role_label {
41609 + __u16 auth_attempts;
41610 + unsigned long expires;
41612 + struct acl_subject_label *root_label;
41613 + struct gr_hash_struct *hash;
41615 + struct acl_role_label *prev;
41616 + struct acl_role_label *next;
41618 + struct role_transition *transitions;
41619 + struct role_allowed_ip *allowed_ips;
41620 + uid_t *domain_children;
41621 + __u16 domain_child_num;
41623 + struct acl_subject_label **subj_hash;
41624 + __u32 subj_hash_size;
41627 +struct user_acl_role_db {
41628 + struct acl_role_label **r_table;
41629 + __u32 num_pointers; /* Number of allocations to track */
41630 + __u32 num_roles; /* Number of roles */
41631 + __u32 num_domain_children; /* Number of domain children */
41632 + __u32 num_subjects; /* Number of subjects */
41633 + __u32 num_objects; /* Number of objects */
41636 +struct acl_object_label {
41642 + struct acl_subject_label *nested;
41643 + struct acl_object_label *globbed;
41645 + /* next two structures not used */
41647 + struct acl_object_label *prev;
41648 + struct acl_object_label *next;
41651 +struct acl_ip_label {
41660 + /* next two structures not used */
41662 + struct acl_ip_label *prev;
41663 + struct acl_ip_label *next;
41667 + struct user_acl_role_db role_db;
41668 + unsigned char pw[GR_PW_LEN];
41669 + unsigned char salt[GR_SALT_LEN];
41670 + unsigned char sum[GR_SHA_LEN];
41671 + unsigned char sp_role[GR_SPROLE_LEN];
41672 + struct sprole_pw *sprole_pws;
41673 + dev_t segv_device;
41674 + ino_t segv_inode;
41676 + __u16 num_sprole_pws;
41680 +struct gr_arg_wrapper {
41681 + struct gr_arg *arg;
41686 +struct subject_map {
41687 + struct acl_subject_label *user;
41688 + struct acl_subject_label *kernel;
41689 + struct subject_map *prev;
41690 + struct subject_map *next;
41693 +struct acl_subj_map_db {
41694 + struct subject_map **s_hash;
41698 +/* End Data Structures Section */
41700 +/* Hash functions generated by empirical testing by Brad Spengler
41701 + Makes good use of the low bits of the inode. Generally 0-1 times
41702 + in loop for successful match. 0-3 for unsuccessful match.
41703 + Shift/add algorithm with modulus of table size and an XOR*/
41705 +static __inline__ unsigned int
41706 +rhash(const uid_t uid, const __u16 type, const unsigned int sz)
41708 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
41711 + static __inline__ unsigned int
41712 +shash(const struct acl_subject_label *userp, const unsigned int sz)
41714 + return ((const unsigned long)userp % sz);
41717 +static __inline__ unsigned int
41718 +fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
41720 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
41723 +static __inline__ unsigned int
41724 +nhash(const char *name, const __u16 len, const unsigned int sz)
41726 + return full_name_hash((const unsigned char *)name, len) % sz;
41729 +#define FOR_EACH_ROLE_START(role) \
41730 + role = role_list; \
41733 +#define FOR_EACH_ROLE_END(role) \
41734 + role = role->prev; \
41737 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
41740 + while (iter < role->subj_hash_size) { \
41741 + if (subj == NULL) \
41742 + subj = role->subj_hash[iter]; \
41743 + if (subj == NULL) { \
41748 +#define FOR_EACH_SUBJECT_END(subj,iter) \
41749 + subj = subj->next; \
41750 + if (subj == NULL) \
41755 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
41756 + subj = role->hash->first; \
41757 + while (subj != NULL) {
41759 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
41760 + subj = subj->next; \
41765 diff -urNp linux-2.6.32.1/include/linux/gralloc.h linux-2.6.32.1/include/linux/gralloc.h
41766 --- linux-2.6.32.1/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
41767 +++ linux-2.6.32.1/include/linux/gralloc.h 2009-12-14 18:33:59.069828957 -0500
41769 +#ifndef __GRALLOC_H
41770 +#define __GRALLOC_H
41772 +void acl_free_all(void);
41773 +int acl_alloc_stack_init(unsigned long size);
41774 +void *acl_alloc(unsigned long len);
41775 +void *acl_alloc_num(unsigned long num, unsigned long len);
41778 diff -urNp linux-2.6.32.1/include/linux/grdefs.h linux-2.6.32.1/include/linux/grdefs.h
41779 --- linux-2.6.32.1/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
41780 +++ linux-2.6.32.1/include/linux/grdefs.h 2009-12-14 18:33:59.069828957 -0500
41785 +/* Begin grsecurity status declarations */
41789 + GR_STATUS_INIT = 0x00 // disabled state
41792 +/* Begin ACL declarations */
41797 + GR_ROLE_USER = 0x0001,
41798 + GR_ROLE_GROUP = 0x0002,
41799 + GR_ROLE_DEFAULT = 0x0004,
41800 + GR_ROLE_SPECIAL = 0x0008,
41801 + GR_ROLE_AUTH = 0x0010,
41802 + GR_ROLE_NOPW = 0x0020,
41803 + GR_ROLE_GOD = 0x0040,
41804 + GR_ROLE_LEARN = 0x0080,
41805 + GR_ROLE_TPE = 0x0100,
41806 + GR_ROLE_DOMAIN = 0x0200,
41807 + GR_ROLE_PAM = 0x0400
41810 +/* ACL Subject and Object mode flags */
41812 + GR_DELETED = 0x80000000
41815 +/* ACL Object-only mode flags */
41817 + GR_READ = 0x00000001,
41818 + GR_APPEND = 0x00000002,
41819 + GR_WRITE = 0x00000004,
41820 + GR_EXEC = 0x00000008,
41821 + GR_FIND = 0x00000010,
41822 + GR_INHERIT = 0x00000020,
41823 + GR_SETID = 0x00000040,
41824 + GR_CREATE = 0x00000080,
41825 + GR_DELETE = 0x00000100,
41826 + GR_LINK = 0x00000200,
41827 + GR_AUDIT_READ = 0x00000400,
41828 + GR_AUDIT_APPEND = 0x00000800,
41829 + GR_AUDIT_WRITE = 0x00001000,
41830 + GR_AUDIT_EXEC = 0x00002000,
41831 + GR_AUDIT_FIND = 0x00004000,
41832 + GR_AUDIT_INHERIT= 0x00008000,
41833 + GR_AUDIT_SETID = 0x00010000,
41834 + GR_AUDIT_CREATE = 0x00020000,
41835 + GR_AUDIT_DELETE = 0x00040000,
41836 + GR_AUDIT_LINK = 0x00080000,
41837 + GR_PTRACERD = 0x00100000,
41838 + GR_NOPTRACE = 0x00200000,
41839 + GR_SUPPRESS = 0x00400000,
41840 + GR_NOLEARN = 0x00800000
41843 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
41844 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
41845 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
41847 +/* ACL subject-only mode flags */
41849 + GR_KILL = 0x00000001,
41850 + GR_VIEW = 0x00000002,
41851 + GR_PROTECTED = 0x00000004,
41852 + GR_LEARN = 0x00000008,
41853 + GR_OVERRIDE = 0x00000010,
41854 + /* just a placeholder, this mode is only used in userspace */
41855 + GR_DUMMY = 0x00000020,
41856 + GR_PROTSHM = 0x00000040,
41857 + GR_KILLPROC = 0x00000080,
41858 + GR_KILLIPPROC = 0x00000100,
41859 + /* just a placeholder, this mode is only used in userspace */
41860 + GR_NOTROJAN = 0x00000200,
41861 + GR_PROTPROCFD = 0x00000400,
41862 + GR_PROCACCT = 0x00000800,
41863 + GR_RELAXPTRACE = 0x00001000,
41864 + GR_NESTED = 0x00002000,
41865 + GR_INHERITLEARN = 0x00004000,
41866 + GR_PROCFIND = 0x00008000,
41867 + GR_POVERRIDE = 0x00010000,
41868 + GR_KERNELAUTH = 0x00020000,
41872 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
41873 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
41874 + GR_PAX_ENABLE_MPROTECT = 0x0004,
41875 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
41876 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
41877 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
41878 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
41879 + GR_PAX_DISABLE_MPROTECT = 0x0400,
41880 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
41881 + GR_PAX_DISABLE_EMUTRAMP = 0x1000,
41885 + GR_ID_USER = 0x01,
41886 + GR_ID_GROUP = 0x02,
41890 + GR_ID_ALLOW = 0x01,
41891 + GR_ID_DENY = 0x02,
41894 +#define GR_CRASH_RES 31
41895 +#define GR_UIDTABLE_MAX 500
41897 +/* begin resource learning section */
41899 + GR_RLIM_CPU_BUMP = 60,
41900 + GR_RLIM_FSIZE_BUMP = 50000,
41901 + GR_RLIM_DATA_BUMP = 10000,
41902 + GR_RLIM_STACK_BUMP = 1000,
41903 + GR_RLIM_CORE_BUMP = 10000,
41904 + GR_RLIM_RSS_BUMP = 500000,
41905 + GR_RLIM_NPROC_BUMP = 1,
41906 + GR_RLIM_NOFILE_BUMP = 5,
41907 + GR_RLIM_MEMLOCK_BUMP = 50000,
41908 + GR_RLIM_AS_BUMP = 500000,
41909 + GR_RLIM_LOCKS_BUMP = 2,
41910 + GR_RLIM_SIGPENDING_BUMP = 5,
41911 + GR_RLIM_MSGQUEUE_BUMP = 10000,
41912 + GR_RLIM_NICE_BUMP = 1,
41913 + GR_RLIM_RTPRIO_BUMP = 1,
41914 + GR_RLIM_RTTIME_BUMP = 1000000
41918 diff -urNp linux-2.6.32.1/include/linux/grinternal.h linux-2.6.32.1/include/linux/grinternal.h
41919 --- linux-2.6.32.1/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
41920 +++ linux-2.6.32.1/include/linux/grinternal.h 2009-12-14 18:33:59.069828957 -0500
41922 +#ifndef __GRINTERNAL_H
41923 +#define __GRINTERNAL_H
41925 +#ifdef CONFIG_GRKERNSEC
41927 +#include <linux/fs.h>
41928 +#include <linux/mnt_namespace.h>
41929 +#include <linux/nsproxy.h>
41930 +#include <linux/gracl.h>
41931 +#include <linux/grdefs.h>
41932 +#include <linux/grmsg.h>
41934 +void gr_add_learn_entry(const char *fmt, ...)
41935 + __attribute__ ((format (printf, 1, 2)));
41936 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
41937 + const struct vfsmount *mnt);
41938 +__u32 gr_check_create(const struct dentry *new_dentry,
41939 + const struct dentry *parent,
41940 + const struct vfsmount *mnt, const __u32 mode);
41941 +int gr_check_protected_task(const struct task_struct *task);
41942 +__u32 to_gr_audit(const __u32 reqmode);
41943 +int gr_set_acls(const int type);
41945 +int gr_acl_is_enabled(void);
41946 +char gr_roletype_to_char(void);
41948 +void gr_handle_alertkill(struct task_struct *task);
41949 +char *gr_to_filename(const struct dentry *dentry,
41950 + const struct vfsmount *mnt);
41951 +char *gr_to_filename1(const struct dentry *dentry,
41952 + const struct vfsmount *mnt);
41953 +char *gr_to_filename2(const struct dentry *dentry,
41954 + const struct vfsmount *mnt);
41955 +char *gr_to_filename3(const struct dentry *dentry,
41956 + const struct vfsmount *mnt);
41958 +extern int grsec_enable_harden_ptrace;
41959 +extern int grsec_enable_link;
41960 +extern int grsec_enable_fifo;
41961 +extern int grsec_enable_execve;
41962 +extern int grsec_enable_shm;
41963 +extern int grsec_enable_execlog;
41964 +extern int grsec_enable_signal;
41965 +extern int grsec_enable_forkfail;
41966 +extern int grsec_enable_time;
41967 +extern int grsec_enable_rofs;
41968 +extern int grsec_enable_chroot_shmat;
41969 +extern int grsec_enable_chroot_findtask;
41970 +extern int grsec_enable_chroot_mount;
41971 +extern int grsec_enable_chroot_double;
41972 +extern int grsec_enable_chroot_pivot;
41973 +extern int grsec_enable_chroot_chdir;
41974 +extern int grsec_enable_chroot_chmod;
41975 +extern int grsec_enable_chroot_mknod;
41976 +extern int grsec_enable_chroot_fchdir;
41977 +extern int grsec_enable_chroot_nice;
41978 +extern int grsec_enable_chroot_execlog;
41979 +extern int grsec_enable_chroot_caps;
41980 +extern int grsec_enable_chroot_sysctl;
41981 +extern int grsec_enable_chroot_unix;
41982 +extern int grsec_enable_tpe;
41983 +extern int grsec_tpe_gid;
41984 +extern int grsec_enable_tpe_all;
41985 +extern int grsec_enable_sidcaps;
41986 +extern int grsec_enable_socket_all;
41987 +extern int grsec_socket_all_gid;
41988 +extern int grsec_enable_socket_client;
41989 +extern int grsec_socket_client_gid;
41990 +extern int grsec_enable_socket_server;
41991 +extern int grsec_socket_server_gid;
41992 +extern int grsec_audit_gid;
41993 +extern int grsec_enable_group;
41994 +extern int grsec_enable_audit_textrel;
41995 +extern int grsec_enable_mount;
41996 +extern int grsec_enable_chdir;
41997 +extern int grsec_resource_logging;
41998 +extern int grsec_lock;
42000 +extern spinlock_t grsec_alert_lock;
42001 +extern unsigned long grsec_alert_wtime;
42002 +extern unsigned long grsec_alert_fyet;
42004 +extern spinlock_t grsec_audit_lock;
42006 +extern rwlock_t grsec_exec_file_lock;
42008 +#define gr_task_fullpath(tsk) (tsk->exec_file ? \
42009 + gr_to_filename2(tsk->exec_file->f_path.dentry, \
42010 + tsk->exec_file->f_vfsmnt) : "/")
42012 +#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \
42013 + gr_to_filename3(tsk->parent->exec_file->f_path.dentry, \
42014 + tsk->parent->exec_file->f_vfsmnt) : "/")
42016 +#define gr_task_fullpath0(tsk) (tsk->exec_file ? \
42017 + gr_to_filename(tsk->exec_file->f_path.dentry, \
42018 + tsk->exec_file->f_vfsmnt) : "/")
42020 +#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \
42021 + gr_to_filename1(tsk->parent->exec_file->f_path.dentry, \
42022 + tsk->parent->exec_file->f_vfsmnt) : "/")
42024 +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \
42025 + ((init_task.fs->root.dentry != tsk_a->fs->root.dentry) && \
42026 + (tsk_a->nsproxy->mnt_ns->root->mnt_root != \
42027 + tsk_a->fs->root.dentry)))
42029 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL) && (tsk_b->fs != NULL) && \
42030 + (tsk_a->fs->root.dentry == tsk_b->fs->root.dentry))
42032 +#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), task->comm, \
42033 + task->pid, cred->uid, \
42034 + cred->euid, cred->gid, cred->egid, \
42035 + gr_parent_task_fullpath(task), \
42036 + task->parent->comm, task->parent->pid, \
42037 + pcred->uid, pcred->euid, \
42038 + pcred->gid, pcred->egid
42040 +#define GR_CHROOT_CAPS {{ \
42041 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
42042 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
42043 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
42044 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
42045 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
42046 + CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
42048 +#define security_learn(normal_msg,args...) \
42050 + read_lock(&grsec_exec_file_lock); \
42051 + gr_add_learn_entry(normal_msg "\n", ## args); \
42052 + read_unlock(&grsec_exec_file_lock); \
42058 + GR_DONT_AUDIT_GOOD
42069 + GR_SYSCTL_HIDDEN,
42072 + GR_ONE_INT_TWO_STR,
42077 + GR_FIVE_INT_TWO_STR,
42083 + GR_FILENAME_TWO_INT,
42084 + GR_FILENAME_TWO_INT_STR,
42096 +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
42097 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
42098 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
42099 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
42100 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
42101 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
42102 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
42103 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
42104 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
42105 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
42106 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
42107 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
42108 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
42109 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
42110 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
42111 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
42112 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
42113 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
42114 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
42115 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
42116 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
42117 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
42118 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
42119 +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
42120 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
42121 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
42122 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
42123 +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
42124 +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
42125 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
42126 +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
42127 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
42129 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
42134 diff -urNp linux-2.6.32.1/include/linux/grmsg.h linux-2.6.32.1/include/linux/grmsg.h
42135 --- linux-2.6.32.1/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
42136 +++ linux-2.6.32.1/include/linux/grmsg.h 2009-12-14 18:33:59.070957757 -0500
42138 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
42139 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
42140 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
42141 +#define GR_STOPMOD_MSG "denied modification of module state by "
42142 +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
42143 +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
42144 +#define GR_IOPERM_MSG "denied use of ioperm() by "
42145 +#define GR_IOPL_MSG "denied use of iopl() by "
42146 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
42147 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
42148 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
42149 +#define GR_KMEM_MSG "denied write of /dev/kmem by "
42150 +#define GR_PORT_OPEN_MSG "denied open of /dev/port by "
42151 +#define GR_MEM_WRITE_MSG "denied write of /dev/mem by "
42152 +#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by "
42153 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
42154 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
42155 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
42156 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
42157 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
42158 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
42159 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
42160 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
42161 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
42162 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
42163 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
42164 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
42165 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
42166 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
42167 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
42168 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
42169 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
42170 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
42171 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
42172 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
42173 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
42174 +#define GR_NPROC_MSG "denied overstep of process limit by "
42175 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
42176 +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
42177 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
42178 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
42179 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
42180 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
42181 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
42182 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
42183 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
42184 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
42185 +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by "
42186 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
42187 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
42188 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
42189 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
42190 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
42191 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
42192 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
42193 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by "
42194 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
42195 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
42196 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
42197 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
42198 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
42199 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
42200 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
42201 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
42202 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
42203 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
42204 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
42205 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
42206 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
42207 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
42208 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
42209 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
42210 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
42211 +#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for "
42212 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
42213 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
42214 +#define GR_FAILFORK_MSG "failed fork with errno %d by "
42215 +#define GR_NICE_CHROOT_MSG "denied priority change by "
42216 +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
42217 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
42218 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
42219 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
42220 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
42221 +#define GR_TIME_MSG "time set by "
42222 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
42223 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
42224 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
42225 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
42226 +#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by "
42227 +#define GR_BIND_MSG "denied bind() by "
42228 +#define GR_CONNECT_MSG "denied connect() by "
42229 +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
42230 +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
42231 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
42232 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
42233 +#define GR_CAP_ACL_MSG "use of %s denied for "
42234 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
42235 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
42236 +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
42237 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
42238 +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
42239 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
42240 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
42241 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
42242 +#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
42243 +#define GR_NONROOT_MODLOAD_MSG "denied kernel module auto-load of %.64s by "
42244 +#define GR_VM86_MSG "denied use of vm86 by "
42245 diff -urNp linux-2.6.32.1/include/linux/grsecurity.h linux-2.6.32.1/include/linux/grsecurity.h
42246 --- linux-2.6.32.1/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
42247 +++ linux-2.6.32.1/include/linux/grsecurity.h 2009-12-14 18:33:59.070957757 -0500
42249 +#ifndef GR_SECURITY_H
42250 +#define GR_SECURITY_H
42251 +#include <linux/fs.h>
42252 +#include <linux/fs_struct.h>
42253 +#include <linux/binfmts.h>
42254 +#include <linux/gracl.h>
42256 +/* notify of brain-dead configs */
42257 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
42258 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
42260 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
42261 +#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
42263 +#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
42264 +#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
42266 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
42267 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
42269 +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
42270 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
42273 +void gr_handle_brute_attach(struct task_struct *p);
42274 +void gr_handle_brute_check(void);
42276 +char gr_roletype_to_char(void);
42278 +int gr_check_user_change(int real, int effective, int fs);
42279 +int gr_check_group_change(int real, int effective, int fs);
42281 +void gr_del_task_from_ip_table(struct task_struct *p);
42283 +int gr_pid_is_chrooted(struct task_struct *p);
42284 +int gr_handle_chroot_nice(void);
42285 +int gr_handle_chroot_sysctl(const int op);
42286 +int gr_handle_chroot_setpriority(struct task_struct *p,
42287 + const int niceval);
42288 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
42289 +int gr_handle_chroot_chroot(const struct dentry *dentry,
42290 + const struct vfsmount *mnt);
42291 +int gr_handle_chroot_caps(struct path *path);
42292 +void gr_handle_chroot_chdir(struct path *path);
42293 +int gr_handle_chroot_chmod(const struct dentry *dentry,
42294 + const struct vfsmount *mnt, const int mode);
42295 +int gr_handle_chroot_mknod(const struct dentry *dentry,
42296 + const struct vfsmount *mnt, const int mode);
42297 +int gr_handle_chroot_mount(const struct dentry *dentry,
42298 + const struct vfsmount *mnt,
42299 + const char *dev_name);
42300 +int gr_handle_chroot_pivot(void);
42301 +int gr_handle_chroot_unix(const pid_t pid);
42303 +int gr_handle_rawio(const struct inode *inode);
42304 +int gr_handle_nproc(void);
42306 +void gr_handle_ioperm(void);
42307 +void gr_handle_iopl(void);
42309 +int gr_tpe_allow(const struct file *file);
42311 +int gr_random_pid(void);
42313 +void gr_log_forkfail(const int retval);
42314 +void gr_log_timechange(void);
42315 +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
42316 +void gr_log_chdir(const struct dentry *dentry,
42317 + const struct vfsmount *mnt);
42318 +void gr_log_chroot_exec(const struct dentry *dentry,
42319 + const struct vfsmount *mnt);
42320 +void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
42321 +void gr_log_remount(const char *devname, const int retval);
42322 +void gr_log_unmount(const char *devname, const int retval);
42323 +void gr_log_mount(const char *from, const char *to, const int retval);
42324 +void gr_log_textrel(struct vm_area_struct *vma);
42326 +int gr_handle_follow_link(const struct inode *parent,
42327 + const struct inode *inode,
42328 + const struct dentry *dentry,
42329 + const struct vfsmount *mnt);
42330 +int gr_handle_fifo(const struct dentry *dentry,
42331 + const struct vfsmount *mnt,
42332 + const struct dentry *dir, const int flag,
42333 + const int acc_mode);
42334 +int gr_handle_hardlink(const struct dentry *dentry,
42335 + const struct vfsmount *mnt,
42336 + struct inode *inode,
42337 + const int mode, const char *to);
42339 +int gr_is_capable(const int cap);
42340 +int gr_is_capable_nolog(const int cap);
42341 +void gr_learn_resource(const struct task_struct *task, const int limit,
42342 + const unsigned long wanted, const int gt);
42343 +void gr_copy_label(struct task_struct *tsk);
42344 +void gr_handle_crash(struct task_struct *task, const int sig);
42345 +int gr_handle_signal(const struct task_struct *p, const int sig);
42346 +int gr_check_crash_uid(const uid_t uid);
42347 +int gr_check_protected_task(const struct task_struct *task);
42348 +int gr_acl_handle_mmap(const struct file *file,
42349 + const unsigned long prot);
42350 +int gr_acl_handle_mprotect(const struct file *file,
42351 + const unsigned long prot);
42352 +int gr_check_hidden_task(const struct task_struct *tsk);
42353 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
42354 + const struct vfsmount *mnt);
42355 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
42356 + const struct vfsmount *mnt);
42357 +__u32 gr_acl_handle_access(const struct dentry *dentry,
42358 + const struct vfsmount *mnt, const int fmode);
42359 +__u32 gr_acl_handle_fchmod(const struct dentry *dentry,
42360 + const struct vfsmount *mnt, mode_t mode);
42361 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
42362 + const struct vfsmount *mnt, mode_t mode);
42363 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
42364 + const struct vfsmount *mnt);
42365 +int gr_handle_ptrace(struct task_struct *task, const long request);
42366 +int gr_handle_proc_ptrace(struct task_struct *task);
42367 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
42368 + const struct vfsmount *mnt);
42369 +int gr_check_crash_exec(const struct file *filp);
42370 +int gr_acl_is_enabled(void);
42371 +void gr_set_kernel_label(struct task_struct *task);
42372 +void gr_set_role_label(struct task_struct *task, const uid_t uid,
42373 + const gid_t gid);
42374 +int gr_set_proc_label(const struct dentry *dentry,
42375 + const struct vfsmount *mnt,
42376 + const int unsafe_share);
42377 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
42378 + const struct vfsmount *mnt);
42379 +__u32 gr_acl_handle_open(const struct dentry *dentry,
42380 + const struct vfsmount *mnt, const int fmode);
42381 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
42382 + const struct dentry *p_dentry,
42383 + const struct vfsmount *p_mnt, const int fmode,
42384 + const int imode);
42385 +void gr_handle_create(const struct dentry *dentry,
42386 + const struct vfsmount *mnt);
42387 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
42388 + const struct dentry *parent_dentry,
42389 + const struct vfsmount *parent_mnt,
42391 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
42392 + const struct dentry *parent_dentry,
42393 + const struct vfsmount *parent_mnt);
42394 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
42395 + const struct vfsmount *mnt);
42396 +void gr_handle_delete(const ino_t ino, const dev_t dev);
42397 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
42398 + const struct vfsmount *mnt);
42399 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
42400 + const struct dentry *parent_dentry,
42401 + const struct vfsmount *parent_mnt,
42402 + const char *from);
42403 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
42404 + const struct dentry *parent_dentry,
42405 + const struct vfsmount *parent_mnt,
42406 + const struct dentry *old_dentry,
42407 + const struct vfsmount *old_mnt, const char *to);
42408 +int gr_acl_handle_rename(struct dentry *new_dentry,
42409 + struct dentry *parent_dentry,
42410 + const struct vfsmount *parent_mnt,
42411 + struct dentry *old_dentry,
42412 + struct inode *old_parent_inode,
42413 + struct vfsmount *old_mnt, const char *newname);
42414 +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
42415 + struct dentry *old_dentry,
42416 + struct dentry *new_dentry,
42417 + struct vfsmount *mnt, const __u8 replace);
42418 +__u32 gr_check_link(const struct dentry *new_dentry,
42419 + const struct dentry *parent_dentry,
42420 + const struct vfsmount *parent_mnt,
42421 + const struct dentry *old_dentry,
42422 + const struct vfsmount *old_mnt);
42423 +int gr_acl_handle_filldir(const struct file *file, const char *name,
42424 + const unsigned int namelen, const ino_t ino);
42426 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
42427 + const struct vfsmount *mnt);
42428 +void gr_acl_handle_exit(void);
42429 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
42430 +int gr_acl_handle_procpidmem(const struct task_struct *task);
42431 +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
42432 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
42434 +#ifdef CONFIG_GRKERNSEC
42435 +void gr_log_nonroot_mod_load(const char *modname);
42436 +void gr_handle_vm86(void);
42437 +void gr_handle_mem_write(void);
42438 +void gr_handle_kmem_write(void);
42439 +void gr_handle_open_port(void);
42440 +int gr_handle_mem_mmap(const unsigned long offset,
42441 + struct vm_area_struct *vma);
42443 +extern int grsec_enable_dmesg;
42444 +extern int grsec_enable_randsrc;
42445 +extern int grsec_enable_shm;
42449 diff -urNp linux-2.6.32.1/include/linux/hdpu_features.h linux-2.6.32.1/include/linux/hdpu_features.h
42450 --- linux-2.6.32.1/include/linux/hdpu_features.h 2009-12-02 22:51:21.000000000 -0500
42451 +++ linux-2.6.32.1/include/linux/hdpu_features.h 2009-12-14 18:33:59.070957757 -0500
42453 struct cpustate_t {
42457 + atomic_t open_count;
42458 unsigned char cached_val;
42460 unsigned long *set_addr;
42461 diff -urNp linux-2.6.32.1/include/linux/highmem.h linux-2.6.32.1/include/linux/highmem.h
42462 --- linux-2.6.32.1/include/linux/highmem.h 2009-12-02 22:51:21.000000000 -0500
42463 +++ linux-2.6.32.1/include/linux/highmem.h 2009-12-14 18:33:59.079962146 -0500
42464 @@ -137,6 +137,18 @@ static inline void clear_highpage(struct
42465 kunmap_atomic(kaddr, KM_USER0);
42468 +static inline void sanitize_highpage(struct page *page)
42471 + unsigned long flags;
42473 + local_irq_save(flags);
42474 + kaddr = kmap_atomic(page, KM_CLEARPAGE);
42475 + clear_page(kaddr);
42476 + kunmap_atomic(kaddr, KM_CLEARPAGE);
42477 + local_irq_restore(flags);
42480 static inline void zero_user_segments(struct page *page,
42481 unsigned start1, unsigned end1,
42482 unsigned start2, unsigned end2)
42483 diff -urNp linux-2.6.32.1/include/linux/interrupt.h linux-2.6.32.1/include/linux/interrupt.h
42484 --- linux-2.6.32.1/include/linux/interrupt.h 2009-12-02 22:51:21.000000000 -0500
42485 +++ linux-2.6.32.1/include/linux/interrupt.h 2009-12-14 18:33:59.093720869 -0500
42486 @@ -357,7 +357,7 @@ enum
42487 /* map softirq index to softirq name. update 'softirq_to_name' in
42488 * kernel/softirq.c when adding a new softirq.
42490 -extern char *softirq_to_name[NR_SOFTIRQS];
42491 +extern const char * const softirq_to_name[NR_SOFTIRQS];
42493 /* softirq mask and active fields moved to irq_cpustat_t in
42494 * asm/hardirq.h to get better cache usage. KAO
42495 diff -urNp linux-2.6.32.1/include/linux/jbd2.h linux-2.6.32.1/include/linux/jbd2.h
42496 --- linux-2.6.32.1/include/linux/jbd2.h 2009-12-02 22:51:21.000000000 -0500
42497 +++ linux-2.6.32.1/include/linux/jbd2.h 2009-12-14 18:33:59.093720869 -0500
42498 @@ -66,7 +66,7 @@ extern u8 jbd2_journal_enable_debug;
42502 -#define jbd_debug(f, a...) /**/
42503 +#define jbd_debug(f, a...) do {} while (0)
42506 static inline void *jbd2_alloc(size_t size, gfp_t flags)
42507 diff -urNp linux-2.6.32.1/include/linux/jbd.h linux-2.6.32.1/include/linux/jbd.h
42508 --- linux-2.6.32.1/include/linux/jbd.h 2009-12-02 22:51:21.000000000 -0500
42509 +++ linux-2.6.32.1/include/linux/jbd.h 2009-12-14 18:33:59.112966652 -0500
42510 @@ -66,7 +66,7 @@ extern u8 journal_enable_debug;
42514 -#define jbd_debug(f, a...) /**/
42515 +#define jbd_debug(f, a...) do {} while (0)
42518 static inline void *jbd_alloc(size_t size, gfp_t flags)
42519 diff -urNp linux-2.6.32.1/include/linux/kallsyms.h linux-2.6.32.1/include/linux/kallsyms.h
42520 --- linux-2.6.32.1/include/linux/kallsyms.h 2009-12-02 22:51:21.000000000 -0500
42521 +++ linux-2.6.32.1/include/linux/kallsyms.h 2009-12-14 18:33:59.113955783 -0500
42526 -#ifdef CONFIG_KALLSYMS
42527 +#ifndef __INCLUDED_BY_HIDESYM
42528 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
42529 /* Lookup the address for a symbol. Returns 0 if not found. */
42530 unsigned long kallsyms_lookup_name(const char *name);
42532 @@ -92,6 +93,9 @@ static inline int lookup_symbol_attrs(un
42533 /* Stupid that this does nothing, but I didn't create this mess. */
42534 #define __print_symbol(fmt, addr)
42535 #endif /*CONFIG_KALLSYMS*/
42536 +#else /* when included by kallsyms.c, with HIDESYM enabled */
42537 +extern void __print_symbol(const char *fmt, unsigned long address);
42540 /* This macro allows us to keep printk typechecking */
42541 static void __check_printsym_format(const char *fmt, ...)
42542 diff -urNp linux-2.6.32.1/include/linux/kgdb.h linux-2.6.32.1/include/linux/kgdb.h
42543 --- linux-2.6.32.1/include/linux/kgdb.h 2009-12-02 22:51:21.000000000 -0500
42544 +++ linux-2.6.32.1/include/linux/kgdb.h 2009-12-14 18:33:59.113955783 -0500
42545 @@ -251,20 +251,20 @@ struct kgdb_arch {
42549 - int (*read_char) (void);
42550 - void (*write_char) (u8);
42551 - void (*flush) (void);
42552 - int (*init) (void);
42553 - void (*pre_exception) (void);
42554 - void (*post_exception) (void);
42555 + int (* const read_char) (void);
42556 + void (* const write_char) (u8);
42557 + void (* const flush) (void);
42558 + int (* const init) (void);
42559 + void (* const pre_exception) (void);
42560 + void (* const post_exception) (void);
42563 -extern struct kgdb_arch arch_kgdb_ops;
42564 +extern const struct kgdb_arch arch_kgdb_ops;
42566 extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
42568 -extern int kgdb_register_io_module(struct kgdb_io *local_kgdb_io_ops);
42569 -extern void kgdb_unregister_io_module(struct kgdb_io *local_kgdb_io_ops);
42570 +extern int kgdb_register_io_module(const struct kgdb_io *local_kgdb_io_ops);
42571 +extern void kgdb_unregister_io_module(const struct kgdb_io *local_kgdb_io_ops);
42573 extern int kgdb_hex2long(char **ptr, unsigned long *long_val);
42574 extern int kgdb_mem2hex(char *mem, char *buf, int count);
42575 diff -urNp linux-2.6.32.1/include/linux/kobject.h linux-2.6.32.1/include/linux/kobject.h
42576 --- linux-2.6.32.1/include/linux/kobject.h 2009-12-02 22:51:21.000000000 -0500
42577 +++ linux-2.6.32.1/include/linux/kobject.h 2009-12-14 18:33:59.130982398 -0500
42578 @@ -106,7 +106,7 @@ extern char *kobject_get_path(struct kob
42581 void (*release)(struct kobject *kobj);
42582 - struct sysfs_ops *sysfs_ops;
42583 + const struct sysfs_ops *sysfs_ops;
42584 struct attribute **default_attrs;
42587 @@ -118,9 +118,9 @@ struct kobj_uevent_env {
42590 struct kset_uevent_ops {
42591 - int (*filter)(struct kset *kset, struct kobject *kobj);
42592 - const char *(*name)(struct kset *kset, struct kobject *kobj);
42593 - int (*uevent)(struct kset *kset, struct kobject *kobj,
42594 + int (* const filter)(struct kset *kset, struct kobject *kobj);
42595 + const char *(* const name)(struct kset *kset, struct kobject *kobj);
42596 + int (* const uevent)(struct kset *kset, struct kobject *kobj,
42597 struct kobj_uevent_env *env);
42600 @@ -132,7 +132,7 @@ struct kobj_attribute {
42601 const char *buf, size_t count);
42604 -extern struct sysfs_ops kobj_sysfs_ops;
42605 +extern const struct sysfs_ops kobj_sysfs_ops;
42608 * struct kset - a set of kobjects of a specific type, belonging to a specific subsystem.
42609 @@ -155,14 +155,14 @@ struct kset {
42610 struct list_head list;
42611 spinlock_t list_lock;
42612 struct kobject kobj;
42613 - struct kset_uevent_ops *uevent_ops;
42614 + const struct kset_uevent_ops *uevent_ops;
42617 extern void kset_init(struct kset *kset);
42618 extern int __must_check kset_register(struct kset *kset);
42619 extern void kset_unregister(struct kset *kset);
42620 extern struct kset * __must_check kset_create_and_add(const char *name,
42621 - struct kset_uevent_ops *u,
42622 + const struct kset_uevent_ops *u,
42623 struct kobject *parent_kobj);
42625 static inline struct kset *to_kset(struct kobject *kobj)
42626 diff -urNp linux-2.6.32.1/include/linux/kvm_host.h linux-2.6.32.1/include/linux/kvm_host.h
42627 --- linux-2.6.32.1/include/linux/kvm_host.h 2009-12-02 22:51:21.000000000 -0500
42628 +++ linux-2.6.32.1/include/linux/kvm_host.h 2009-12-14 18:33:59.130982398 -0500
42629 @@ -205,7 +205,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vc
42630 void vcpu_load(struct kvm_vcpu *vcpu);
42631 void vcpu_put(struct kvm_vcpu *vcpu);
42633 -int kvm_init(void *opaque, unsigned int vcpu_size,
42634 +int kvm_init(const void *opaque, unsigned int vcpu_size,
42635 struct module *module);
42636 void kvm_exit(void);
42638 @@ -311,7 +311,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(
42639 struct kvm_guest_debug *dbg);
42640 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
42642 -int kvm_arch_init(void *opaque);
42643 +int kvm_arch_init(const void *opaque);
42644 void kvm_arch_exit(void);
42646 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
42647 diff -urNp linux-2.6.32.1/include/linux/libata.h linux-2.6.32.1/include/linux/libata.h
42648 --- linux-2.6.32.1/include/linux/libata.h 2009-12-02 22:51:21.000000000 -0500
42649 +++ linux-2.6.32.1/include/linux/libata.h 2009-12-14 18:33:59.153957201 -0500
42650 @@ -64,11 +64,11 @@
42651 #ifdef ATA_VERBOSE_DEBUG
42652 #define VPRINTK(fmt, args...) printk(KERN_ERR "%s: " fmt, __func__, ## args)
42654 -#define VPRINTK(fmt, args...)
42655 +#define VPRINTK(fmt, args...) do {} while (0)
42656 #endif /* ATA_VERBOSE_DEBUG */
42658 -#define DPRINTK(fmt, args...)
42659 -#define VPRINTK(fmt, args...)
42660 +#define DPRINTK(fmt, args...) do {} while (0)
42661 +#define VPRINTK(fmt, args...) do {} while (0)
42662 #endif /* ATA_DEBUG */
42664 #define BPRINTK(fmt, args...) if (ap->flags & ATA_FLAG_DEBUGMSG) printk(KERN_ERR "%s: " fmt, __func__, ## args)
42665 @@ -521,11 +521,11 @@ struct ata_ioports {
42669 - struct device *dev;
42670 + struct device *dev;
42671 void __iomem * const *iomap;
42672 unsigned int n_ports;
42673 void *private_data;
42674 - struct ata_port_operations *ops;
42675 + const struct ata_port_operations *ops;
42676 unsigned long flags;
42677 #ifdef CONFIG_ATA_ACPI
42678 acpi_handle acpi_handle;
42679 @@ -706,7 +706,7 @@ struct ata_link {
42682 struct Scsi_Host *scsi_host; /* our co-allocated scsi host */
42683 - struct ata_port_operations *ops;
42684 + const struct ata_port_operations *ops;
42686 /* Flags owned by the EH context. Only EH should touch these once the
42688 @@ -888,7 +888,7 @@ struct ata_port_info {
42689 unsigned long pio_mask;
42690 unsigned long mwdma_mask;
42691 unsigned long udma_mask;
42692 - struct ata_port_operations *port_ops;
42693 + const struct ata_port_operations *port_ops;
42694 void *private_data;
42697 @@ -912,7 +912,7 @@ extern const unsigned long sata_deb_timi
42698 extern const unsigned long sata_deb_timing_hotplug[];
42699 extern const unsigned long sata_deb_timing_long[];
42701 -extern struct ata_port_operations ata_dummy_port_ops;
42702 +extern const struct ata_port_operations ata_dummy_port_ops;
42703 extern const struct ata_port_info ata_dummy_port_info;
42705 static inline const unsigned long *
42706 @@ -958,7 +958,7 @@ extern int ata_host_activate(struct ata_
42707 struct scsi_host_template *sht);
42708 extern void ata_host_detach(struct ata_host *host);
42709 extern void ata_host_init(struct ata_host *, struct device *,
42710 - unsigned long, struct ata_port_operations *);
42711 + unsigned long, const struct ata_port_operations *);
42712 extern int ata_scsi_detect(struct scsi_host_template *sht);
42713 extern int ata_scsi_ioctl(struct scsi_device *dev, int cmd, void __user *arg);
42714 extern int ata_scsi_queuecmd(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd *));
42715 diff -urNp linux-2.6.32.1/include/linux/lockd/bind.h linux-2.6.32.1/include/linux/lockd/bind.h
42716 --- linux-2.6.32.1/include/linux/lockd/bind.h 2009-12-02 22:51:21.000000000 -0500
42717 +++ linux-2.6.32.1/include/linux/lockd/bind.h 2009-12-14 18:33:59.154959590 -0500
42718 @@ -23,13 +23,13 @@ struct svc_rqst;
42719 * This is the set of functions for lockd->nfsd communication
42721 struct nlmsvc_binding {
42722 - __be32 (*fopen)(struct svc_rqst *,
42723 + __be32 (* const fopen)(struct svc_rqst *,
42726 - void (*fclose)(struct file *);
42727 + void (* const fclose)(struct file *);
42730 -extern struct nlmsvc_binding * nlmsvc_ops;
42731 +extern const struct nlmsvc_binding * nlmsvc_ops;
42734 * Similar to nfs_client_initdata, but without the NFS-specific
42735 diff -urNp linux-2.6.32.1/include/linux/mm.h linux-2.6.32.1/include/linux/mm.h
42736 --- linux-2.6.32.1/include/linux/mm.h 2009-12-02 22:51:21.000000000 -0500
42737 +++ linux-2.6.32.1/include/linux/mm.h 2009-12-14 18:33:59.160822367 -0500
42738 @@ -106,6 +106,10 @@ extern unsigned int kobjsize(const void
42739 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */
42740 #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */
42742 +#ifdef CONFIG_PAX_PAGEEXEC
42743 +#define VM_PAGEEXEC 0x80000000 /* vma->vm_page_prot needs special handling */
42746 #ifndef VM_STACK_DEFAULT_FLAGS /* arch can override this */
42747 #define VM_STACK_DEFAULT_FLAGS VM_DATA_DEFAULT_FLAGS
42749 @@ -880,6 +884,8 @@ struct shrinker {
42750 extern void register_shrinker(struct shrinker *);
42751 extern void unregister_shrinker(struct shrinker *);
42753 +pgprot_t vm_get_page_prot(unsigned long vm_flags);
42755 int vma_wants_writenotify(struct vm_area_struct *vma);
42757 extern pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlock_t **ptl);
42758 @@ -1152,6 +1158,7 @@ out:
42761 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
42762 +extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
42764 extern unsigned long do_brk(unsigned long, unsigned long);
42766 @@ -1206,6 +1213,10 @@ extern struct vm_area_struct * find_vma(
42767 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
42768 struct vm_area_struct **pprev);
42770 +extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma);
42771 +extern void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma);
42772 +extern void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl);
42774 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
42775 NULL if none. Assume start_addr < end_addr. */
42776 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
42777 @@ -1222,7 +1233,6 @@ static inline unsigned long vma_pages(st
42778 return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
42781 -pgprot_t vm_get_page_prot(unsigned long vm_flags);
42782 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
42783 int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
42784 unsigned long pfn, unsigned long size, pgprot_t);
42785 @@ -1322,5 +1332,11 @@ extern int sysctl_memory_failure_early_k
42786 extern int sysctl_memory_failure_recovery;
42787 extern atomic_long_t mce_bad_pages;
42789 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
42790 +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
42792 +static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {}
42795 #endif /* __KERNEL__ */
42796 #endif /* _LINUX_MM_H */
42797 diff -urNp linux-2.6.32.1/include/linux/mm_types.h linux-2.6.32.1/include/linux/mm_types.h
42798 --- linux-2.6.32.1/include/linux/mm_types.h 2009-12-02 22:51:21.000000000 -0500
42799 +++ linux-2.6.32.1/include/linux/mm_types.h 2009-12-14 18:33:59.172960740 -0500
42800 @@ -186,6 +186,8 @@ struct vm_area_struct {
42802 struct mempolicy *vm_policy; /* NUMA policy for the VMA */
42805 + struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */
42808 struct core_thread {
42809 @@ -287,6 +289,24 @@ struct mm_struct {
42810 #ifdef CONFIG_MMU_NOTIFIER
42811 struct mmu_notifier_mm *mmu_notifier_mm;
42814 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
42815 + unsigned long pax_flags;
42818 +#ifdef CONFIG_PAX_DLRESOLVE
42819 + unsigned long call_dl_resolve;
42822 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
42823 + unsigned long call_syscall;
42826 +#ifdef CONFIG_PAX_ASLR
42827 + unsigned long delta_mmap; /* randomized offset */
42828 + unsigned long delta_stack; /* randomized offset */
42833 /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */
42834 diff -urNp linux-2.6.32.1/include/linux/mmu_notifier.h linux-2.6.32.1/include/linux/mmu_notifier.h
42835 --- linux-2.6.32.1/include/linux/mmu_notifier.h 2009-12-02 22:51:21.000000000 -0500
42836 +++ linux-2.6.32.1/include/linux/mmu_notifier.h 2009-12-14 18:33:59.193970523 -0500
42837 @@ -235,12 +235,12 @@ static inline void mmu_notifier_mm_destr
42839 #define ptep_clear_flush_notify(__vma, __address, __ptep) \
42843 struct vm_area_struct *___vma = __vma; \
42844 unsigned long ___address = __address; \
42845 - __pte = ptep_clear_flush(___vma, ___address, __ptep); \
42846 + ___pte = ptep_clear_flush(___vma, ___address, __ptep); \
42847 mmu_notifier_invalidate_page(___vma->vm_mm, ___address); \
42852 #define ptep_clear_flush_young_notify(__vma, __address, __ptep) \
42853 diff -urNp linux-2.6.32.1/include/linux/mod_devicetable.h linux-2.6.32.1/include/linux/mod_devicetable.h
42854 --- linux-2.6.32.1/include/linux/mod_devicetable.h 2009-12-02 22:51:21.000000000 -0500
42855 +++ linux-2.6.32.1/include/linux/mod_devicetable.h 2009-12-14 18:33:59.194758859 -0500
42857 typedef unsigned long kernel_ulong_t;
42860 -#define PCI_ANY_ID (~0)
42861 +#define PCI_ANY_ID ((__u16)~0)
42863 struct pci_device_id {
42864 __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/
42865 @@ -131,7 +131,7 @@ struct usb_device_id {
42866 #define USB_DEVICE_ID_MATCH_INT_SUBCLASS 0x0100
42867 #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
42869 -#define HID_ANY_ID (~0)
42870 +#define HID_ANY_ID (~0U)
42872 struct hid_device_id {
42874 diff -urNp linux-2.6.32.1/include/linux/module.h linux-2.6.32.1/include/linux/module.h
42875 --- linux-2.6.32.1/include/linux/module.h 2009-12-02 22:51:21.000000000 -0500
42876 +++ linux-2.6.32.1/include/linux/module.h 2009-12-14 18:33:59.194758859 -0500
42877 @@ -287,16 +287,16 @@ struct module
42880 /* If this is non-NULL, vfree after init() returns */
42881 - void *module_init;
42882 + void *module_init_rx, *module_init_rw;
42884 /* Here is the actual code + data, vfree'd on unload. */
42885 - void *module_core;
42886 + void *module_core_rx, *module_core_rw;
42888 /* Here are the sizes of the init and core sections */
42889 - unsigned int init_size, core_size;
42890 + unsigned int init_size_rw, core_size_rw;
42892 /* The size of the executable code in each section. */
42893 - unsigned int init_text_size, core_text_size;
42894 + unsigned int init_size_rx, core_size_rx;
42896 /* Arch-specific module values */
42897 struct mod_arch_specific arch;
42898 @@ -393,16 +393,46 @@ struct module *__module_address(unsigned
42899 bool is_module_address(unsigned long addr);
42900 bool is_module_text_address(unsigned long addr);
42902 +static inline int within_module_range(unsigned long addr, void *start, unsigned long size)
42905 +#ifdef CONFIG_PAX_KERNEXEC
42906 + if (ktla_ktva(addr) >= (unsigned long)start &&
42907 + ktla_ktva(addr) < (unsigned long)start + size)
42911 + return ((void *)addr >= start && (void *)addr < start + size);
42914 +static inline int within_module_core_rx(unsigned long addr, struct module *mod)
42916 + return within_module_range(addr, mod->module_core_rx, mod->core_size_rx);
42919 +static inline int within_module_core_rw(unsigned long addr, struct module *mod)
42921 + return within_module_range(addr, mod->module_core_rw, mod->core_size_rw);
42924 +static inline int within_module_init_rx(unsigned long addr, struct module *mod)
42926 + return within_module_range(addr, mod->module_init_rx, mod->init_size_rx);
42929 +static inline int within_module_init_rw(unsigned long addr, struct module *mod)
42931 + return within_module_range(addr, mod->module_init_rw, mod->init_size_rw);
42934 static inline int within_module_core(unsigned long addr, struct module *mod)
42936 - return (unsigned long)mod->module_core <= addr &&
42937 - addr < (unsigned long)mod->module_core + mod->core_size;
42938 + return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod);
42941 static inline int within_module_init(unsigned long addr, struct module *mod)
42943 - return (unsigned long)mod->module_init <= addr &&
42944 - addr < (unsigned long)mod->module_init + mod->init_size;
42945 + return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod);
42948 /* Search for module by name: must hold module_mutex. */
42949 diff -urNp linux-2.6.32.1/include/linux/moduleloader.h linux-2.6.32.1/include/linux/moduleloader.h
42950 --- linux-2.6.32.1/include/linux/moduleloader.h 2009-12-02 22:51:21.000000000 -0500
42951 +++ linux-2.6.32.1/include/linux/moduleloader.h 2009-12-14 18:33:59.194758859 -0500
42952 @@ -20,9 +20,21 @@ unsigned int arch_mod_section_prepend(st
42953 sections. Returns NULL on failure. */
42954 void *module_alloc(unsigned long size);
42956 +#ifdef CONFIG_PAX_KERNEXEC
42957 +void *module_alloc_exec(unsigned long size);
42959 +#define module_alloc_exec(x) module_alloc(x)
42962 /* Free memory returned from module_alloc. */
42963 void module_free(struct module *mod, void *module_region);
42965 +#ifdef CONFIG_PAX_KERNEXEC
42966 +void module_free_exec(struct module *mod, void *module_region);
42968 +#define module_free_exec(x, y) module_free(x, y)
42971 /* Apply the given relocation to the (simplified) ELF. Return -error
42973 int apply_relocate(Elf_Shdr *sechdrs,
42974 diff -urNp linux-2.6.32.1/include/linux/namei.h linux-2.6.32.1/include/linux/namei.h
42975 --- linux-2.6.32.1/include/linux/namei.h 2009-12-02 22:51:21.000000000 -0500
42976 +++ linux-2.6.32.1/include/linux/namei.h 2009-12-14 18:33:59.194758859 -0500
42977 @@ -22,7 +22,7 @@ struct nameidata {
42978 unsigned int flags;
42981 - char *saved_names[MAX_NESTED_LINKS + 1];
42982 + const char *saved_names[MAX_NESTED_LINKS + 1];
42986 @@ -84,12 +84,12 @@ extern int follow_up(struct path *);
42987 extern struct dentry *lock_rename(struct dentry *, struct dentry *);
42988 extern void unlock_rename(struct dentry *, struct dentry *);
42990 -static inline void nd_set_link(struct nameidata *nd, char *path)
42991 +static inline void nd_set_link(struct nameidata *nd, const char *path)
42993 nd->saved_names[nd->depth] = path;
42996 -static inline char *nd_get_link(struct nameidata *nd)
42997 +static inline const char *nd_get_link(const struct nameidata *nd)
42999 return nd->saved_names[nd->depth];
43001 diff -urNp linux-2.6.32.1/include/linux/nodemask.h linux-2.6.32.1/include/linux/nodemask.h
43002 --- linux-2.6.32.1/include/linux/nodemask.h 2009-12-02 22:51:21.000000000 -0500
43003 +++ linux-2.6.32.1/include/linux/nodemask.h 2009-12-14 18:33:59.195853346 -0500
43004 @@ -464,11 +464,11 @@ static inline int num_node_state(enum no
43006 #define any_online_node(mask) \
43009 - for_each_node_mask(node, (mask)) \
43010 - if (node_online(node)) \
43012 + for_each_node_mask(__node, (mask)) \
43013 + if (node_online(__node)) \
43019 #define num_online_nodes() num_node_state(N_ONLINE)
43020 diff -urNp linux-2.6.32.1/include/linux/oprofile.h linux-2.6.32.1/include/linux/oprofile.h
43021 --- linux-2.6.32.1/include/linux/oprofile.h 2009-12-02 22:51:21.000000000 -0500
43022 +++ linux-2.6.32.1/include/linux/oprofile.h 2009-12-14 18:33:59.195853346 -0500
43023 @@ -129,9 +129,9 @@ int oprofilefs_create_ulong(struct super
43024 int oprofilefs_create_ro_ulong(struct super_block * sb, struct dentry * root,
43025 char const * name, ulong * val);
43027 -/** Create a file for read-only access to an atomic_t. */
43028 +/** Create a file for read-only access to an atomic_unchecked_t. */
43029 int oprofilefs_create_ro_atomic(struct super_block * sb, struct dentry * root,
43030 - char const * name, atomic_t * val);
43031 + char const * name, atomic_unchecked_t * val);
43033 /** create a directory */
43034 struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
43035 diff -urNp linux-2.6.32.1/include/linux/pipe_fs_i.h linux-2.6.32.1/include/linux/pipe_fs_i.h
43036 --- linux-2.6.32.1/include/linux/pipe_fs_i.h 2009-12-02 22:51:21.000000000 -0500
43037 +++ linux-2.6.32.1/include/linux/pipe_fs_i.h 2009-12-14 18:33:59.195853346 -0500
43038 @@ -46,9 +46,9 @@ struct pipe_inode_info {
43039 wait_queue_head_t wait;
43040 unsigned int nrbufs, curbuf;
43041 struct page *tmp_page;
43042 - unsigned int readers;
43043 - unsigned int writers;
43044 - unsigned int waiting_writers;
43045 + atomic_t readers;
43046 + atomic_t writers;
43047 + atomic_t waiting_writers;
43048 unsigned int r_counter;
43049 unsigned int w_counter;
43050 struct fasync_struct *fasync_readers;
43051 diff -urNp linux-2.6.32.1/include/linux/poison.h linux-2.6.32.1/include/linux/poison.h
43052 --- linux-2.6.32.1/include/linux/poison.h 2009-12-02 22:51:21.000000000 -0500
43053 +++ linux-2.6.32.1/include/linux/poison.h 2009-12-14 18:33:59.196817227 -0500
43055 * under normal circumstances, used to verify that nobody uses
43056 * non-initialized list entries.
43058 -#define LIST_POISON1 ((void *) 0x00100100)
43059 -#define LIST_POISON2 ((void *) 0x00200200)
43060 +#define LIST_POISON1 ((void *) (long)0xFFFFFF01)
43061 +#define LIST_POISON2 ((void *) (long)0xFFFFFF02)
43063 /********** include/linux/timer.h **********/
43065 diff -urNp linux-2.6.32.1/include/linux/proc_fs.h linux-2.6.32.1/include/linux/proc_fs.h
43066 --- linux-2.6.32.1/include/linux/proc_fs.h 2009-12-02 22:51:21.000000000 -0500
43067 +++ linux-2.6.32.1/include/linux/proc_fs.h 2009-12-14 18:33:59.196817227 -0500
43068 @@ -155,6 +155,19 @@ static inline struct proc_dir_entry *pro
43069 return proc_create_data(name, mode, parent, proc_fops, NULL);
43072 +static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
43073 + struct proc_dir_entry *parent, const struct file_operations *proc_fops)
43075 +#ifdef CONFIG_GRKERNSEC_PROC_USER
43076 + return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL);
43077 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
43078 + return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL);
43080 + return proc_create_data(name, mode, parent, proc_fops, NULL);
43085 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
43086 mode_t mode, struct proc_dir_entry *base,
43087 read_proc_t *read_proc, void * data)
43088 diff -urNp linux-2.6.32.1/include/linux/random.h linux-2.6.32.1/include/linux/random.h
43089 --- linux-2.6.32.1/include/linux/random.h 2009-12-02 22:51:21.000000000 -0500
43090 +++ linux-2.6.32.1/include/linux/random.h 2009-12-14 18:33:59.212953772 -0500
43091 @@ -74,6 +74,11 @@ unsigned long randomize_range(unsigned l
43092 u32 random32(void);
43093 void srandom32(u32 seed);
43095 +static inline unsigned long pax_get_random_long(void)
43097 + return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
43100 #endif /* __KERNEL___ */
43102 #endif /* _LINUX_RANDOM_H */
43103 diff -urNp linux-2.6.32.1/include/linux/reiserfs_fs.h linux-2.6.32.1/include/linux/reiserfs_fs.h
43104 --- linux-2.6.32.1/include/linux/reiserfs_fs.h 2009-12-02 22:51:21.000000000 -0500
43105 +++ linux-2.6.32.1/include/linux/reiserfs_fs.h 2009-12-14 18:33:59.213968537 -0500
43106 @@ -1326,7 +1326,7 @@ static inline loff_t max_reiserfs_offset
43107 #define REISERFS_USER_MEM 1 /* reiserfs user memory mode */
43109 #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter)
43110 -#define get_generation(s) atomic_read (&fs_generation(s))
43111 +#define get_generation(s) atomic_read_unchecked (&fs_generation(s))
43112 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen)
43113 #define __fs_changed(gen,s) (gen != get_generation (s))
43114 #define fs_changed(gen,s) ({cond_resched(); __fs_changed(gen, s);})
43115 @@ -1534,24 +1534,24 @@ static inline struct super_block *sb_fro
43118 struct item_operations {
43119 - int (*bytes_number) (struct item_head * ih, int block_size);
43120 - void (*decrement_key) (struct cpu_key *);
43121 - int (*is_left_mergeable) (struct reiserfs_key * ih,
43122 + int (* const bytes_number) (struct item_head * ih, int block_size);
43123 + void (* const decrement_key) (struct cpu_key *);
43124 + int (* const is_left_mergeable) (struct reiserfs_key * ih,
43125 unsigned long bsize);
43126 - void (*print_item) (struct item_head *, char *item);
43127 - void (*check_item) (struct item_head *, char *item);
43128 + void (* const print_item) (struct item_head *, char *item);
43129 + void (* const check_item) (struct item_head *, char *item);
43131 - int (*create_vi) (struct virtual_node * vn, struct virtual_item * vi,
43132 + int (* const create_vi) (struct virtual_node * vn, struct virtual_item * vi,
43133 int is_affected, int insert_size);
43134 - int (*check_left) (struct virtual_item * vi, int free,
43135 + int (* const check_left) (struct virtual_item * vi, int free,
43136 int start_skip, int end_skip);
43137 - int (*check_right) (struct virtual_item * vi, int free);
43138 - int (*part_size) (struct virtual_item * vi, int from, int to);
43139 - int (*unit_num) (struct virtual_item * vi);
43140 - void (*print_vi) (struct virtual_item * vi);
43141 + int (* const check_right) (struct virtual_item * vi, int free);
43142 + int (* const part_size) (struct virtual_item * vi, int from, int to);
43143 + int (* const unit_num) (struct virtual_item * vi);
43144 + void (* const print_vi) (struct virtual_item * vi);
43147 -extern struct item_operations *item_ops[TYPE_ANY + 1];
43148 +extern const struct item_operations * const item_ops[TYPE_ANY + 1];
43150 #define op_bytes_number(ih,bsize) item_ops[le_ih_k_type (ih)]->bytes_number (ih, bsize)
43151 #define op_is_left_mergeable(key,bsize) item_ops[le_key_k_type (le_key_version (key), key)]->is_left_mergeable (key, bsize)
43152 diff -urNp linux-2.6.32.1/include/linux/reiserfs_fs_sb.h linux-2.6.32.1/include/linux/reiserfs_fs_sb.h
43153 --- linux-2.6.32.1/include/linux/reiserfs_fs_sb.h 2009-12-02 22:51:21.000000000 -0500
43154 +++ linux-2.6.32.1/include/linux/reiserfs_fs_sb.h 2009-12-14 18:33:59.213968537 -0500
43155 @@ -377,7 +377,7 @@ struct reiserfs_sb_info {
43156 /* Comment? -Hans */
43157 wait_queue_head_t s_wait;
43158 /* To be obsoleted soon by per buffer seals.. -Hans */
43159 - atomic_t s_generation_counter; // increased by one every time the
43160 + atomic_unchecked_t s_generation_counter; // increased by one every time the
43161 // tree gets re-balanced
43162 unsigned long s_properties; /* File system properties. Currently holds
43163 on-disk FS format */
43164 diff -urNp linux-2.6.32.1/include/linux/sched.h linux-2.6.32.1/include/linux/sched.h
43165 --- linux-2.6.32.1/include/linux/sched.h 2009-12-14 18:30:08.774964280 -0500
43166 +++ linux-2.6.32.1/include/linux/sched.h 2009-12-14 18:33:59.214964682 -0500
43167 @@ -101,6 +101,7 @@ struct bio;
43169 struct bts_context;
43170 struct perf_event_context;
43171 +struct linux_binprm;
43174 * List of flags we want to share for kernel threads,
43175 @@ -664,6 +665,15 @@ struct signal_struct {
43176 struct tty_audit_buf *tty_audit_buf;
43179 +#ifdef CONFIG_GRKERNSEC
43185 + u8 used_accept:1;
43188 int oom_adj; /* OOM kill score adjustment (bit shift) */
43191 @@ -1214,7 +1224,7 @@ struct rcu_node;
43193 struct task_struct {
43194 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
43196 + struct thread_info *stack;
43198 unsigned int flags; /* per process flags, defined below */
43199 unsigned int ptrace;
43200 @@ -1326,8 +1336,8 @@ struct task_struct {
43201 struct list_head thread_group;
43203 struct completion *vfork_done; /* for vfork() */
43204 - int __user *set_child_tid; /* CLONE_CHILD_SETTID */
43205 - int __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
43206 + pid_t __user *set_child_tid; /* CLONE_CHILD_SETTID */
43207 + pid_t __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
43209 cputime_t utime, stime, utimescaled, stimescaled;
43211 @@ -1341,16 +1351,6 @@ struct task_struct {
43212 struct task_cputime cputime_expires;
43213 struct list_head cpu_timers[3];
43215 -/* process credentials */
43216 - const struct cred *real_cred; /* objective and real subjective task
43217 - * credentials (COW) */
43218 - const struct cred *cred; /* effective (overridable) subjective task
43219 - * credentials (COW) */
43220 - struct mutex cred_guard_mutex; /* guard against foreign influences on
43221 - * credential calculations
43222 - * (notably. ptrace) */
43223 - struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
43225 char comm[TASK_COMM_LEN]; /* executable name excluding path
43226 - access with [gs]et_task_comm (which lock
43227 it with task_lock())
43228 @@ -1434,6 +1434,15 @@ struct task_struct {
43229 int hardirq_context;
43230 int softirq_context;
43233 +/* process credentials */
43234 + const struct cred *real_cred; /* objective and real subjective task
43235 + * credentials (COW) */
43236 + struct mutex cred_guard_mutex; /* guard against foreign influences on
43237 + * credential calculations
43238 + * (notably. ptrace) */
43239 + struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
43241 #ifdef CONFIG_LOCKDEP
43242 # define MAX_LOCK_DEPTH 48UL
43243 u64 curr_chain_key;
43244 @@ -1454,6 +1463,9 @@ struct task_struct {
43246 struct backing_dev_info *backing_dev_info;
43248 + const struct cred *cred; /* effective (overridable) subjective task
43249 + * credentials (COW) */
43251 struct io_context *io_context;
43253 unsigned long ptrace_message;
43254 @@ -1517,6 +1529,18 @@ struct task_struct {
43255 unsigned long default_timer_slack_ns;
43257 struct list_head *scm_work_list;
43259 +#ifdef CONFIG_GRKERNSEC
43261 + struct acl_subject_label *acl;
43262 + struct acl_role_label *role;
43263 + struct file *exec_file;
43270 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
43271 /* Index of current stored adress in ret_stack */
43272 int curr_ret_stack;
43273 @@ -1541,6 +1565,52 @@ struct task_struct {
43274 unsigned long stack_start;
43277 +#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */
43278 +#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */
43279 +#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */
43280 +#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */
43281 +/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */
43282 +#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */
43284 +#ifdef CONFIG_PAX_SOFTMODE
43285 +extern unsigned int pax_softmode;
43288 +extern int pax_check_flags(unsigned long *);
43290 +/* if tsk != current then task_lock must be held on it */
43291 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
43292 +static inline unsigned long pax_get_flags(struct task_struct *tsk)
43294 + if (likely(tsk->mm))
43295 + return tsk->mm->pax_flags;
43300 +/* if tsk != current then task_lock must be held on it */
43301 +static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
43303 + if (likely(tsk->mm)) {
43304 + tsk->mm->pax_flags = flags;
43311 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
43312 +extern void pax_set_initial_flags(struct linux_binprm *bprm);
43313 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
43314 +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
43317 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
43318 +void pax_report_insns(void *pc, void *sp);
43319 +void pax_report_refcount_overflow(struct pt_regs *regs);
43320 +void pax_report_leak_to_user(const void *ptr, unsigned long len);
43321 +void pax_report_overflow_from_user(const void *ptr, unsigned long len);
43323 /* Future-safe accessor for struct task_struct's cpus_allowed. */
43324 #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed)
43326 @@ -2140,7 +2210,7 @@ extern void __cleanup_sighand(struct sig
43327 extern void exit_itimers(struct signal_struct *);
43328 extern void flush_itimer_signals(void);
43330 -extern NORET_TYPE void do_group_exit(int);
43331 +extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET;
43333 extern void daemonize(const char *, ...);
43334 extern int allow_signal(int);
43335 @@ -2253,8 +2323,8 @@ static inline void unlock_task_sighand(s
43337 #ifndef __HAVE_THREAD_FUNCTIONS
43339 -#define task_thread_info(task) ((struct thread_info *)(task)->stack)
43340 -#define task_stack_page(task) ((task)->stack)
43341 +#define task_thread_info(task) ((task)->stack)
43342 +#define task_stack_page(task) ((void *)(task)->stack)
43344 static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
43346 @@ -2269,13 +2339,31 @@ static inline unsigned long *end_of_stac
43350 -static inline int object_is_on_stack(void *obj)
43351 +static inline int object_starts_on_stack(void *obj)
43353 - void *stack = task_stack_page(current);
43354 + const void *stack = task_stack_page(current);
43356 return (obj >= stack) && (obj < (stack + THREAD_SIZE));
43359 +/* 0: not at all, 1: fully, -1: partially (implies an error) */
43360 +static inline int object_is_on_stack(const void *obj, unsigned long len)
43362 + const void *stack = task_stack_page(current);
43363 + const void *stackend = stack + THREAD_SIZE;
43365 + if (obj + len < obj)
43368 + if (stack <= obj && obj + len <= stackend)
43371 + if (obj + len <= stack || stackend <= obj)
43377 extern void thread_info_cache_init(void);
43379 #ifdef CONFIG_DEBUG_STACK_USAGE
43380 diff -urNp linux-2.6.32.1/include/linux/screen_info.h linux-2.6.32.1/include/linux/screen_info.h
43381 --- linux-2.6.32.1/include/linux/screen_info.h 2009-12-02 22:51:21.000000000 -0500
43382 +++ linux-2.6.32.1/include/linux/screen_info.h 2009-12-14 18:33:59.214964682 -0500
43383 @@ -42,7 +42,8 @@ struct screen_info {
43384 __u16 pages; /* 0x32 */
43385 __u16 vesa_attributes; /* 0x34 */
43386 __u32 capabilities; /* 0x36 */
43387 - __u8 _reserved[6]; /* 0x3a */
43388 + __u16 vesapm_size; /* 0x3a */
43389 + __u8 _reserved[4]; /* 0x3c */
43390 } __attribute__((packed));
43392 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
43393 diff -urNp linux-2.6.32.1/include/linux/security.h linux-2.6.32.1/include/linux/security.h
43394 --- linux-2.6.32.1/include/linux/security.h 2009-12-02 22:51:21.000000000 -0500
43395 +++ linux-2.6.32.1/include/linux/security.h 2009-12-14 18:33:59.237195018 -0500
43397 #include <linux/key.h>
43398 #include <linux/xfrm.h>
43399 #include <linux/gfp.h>
43400 +#include <linux/grsecurity.h>
43401 #include <net/flow.h>
43403 /* Maximum number of letters for an LSM name string */
43404 diff -urNp linux-2.6.32.1/include/linux/shm.h linux-2.6.32.1/include/linux/shm.h
43405 --- linux-2.6.32.1/include/linux/shm.h 2009-12-02 22:51:21.000000000 -0500
43406 +++ linux-2.6.32.1/include/linux/shm.h 2009-12-14 18:33:59.237969220 -0500
43407 @@ -95,6 +95,10 @@ struct shmid_kernel /* private to the ke
43410 struct user_struct *mlock_user;
43411 +#ifdef CONFIG_GRKERNSEC
43412 + time_t shm_createtime;
43417 /* shm_mode upper byte flags */
43418 diff -urNp linux-2.6.32.1/include/linux/slab.h linux-2.6.32.1/include/linux/slab.h
43419 --- linux-2.6.32.1/include/linux/slab.h 2009-12-02 22:51:21.000000000 -0500
43420 +++ linux-2.6.32.1/include/linux/slab.h 2009-12-14 18:33:59.242714604 -0500
43423 #include <linux/gfp.h>
43424 #include <linux/types.h>
43425 +#include <linux/err.h>
43428 * Flags to pass to kmem_cache_create().
43429 @@ -82,10 +83,13 @@
43430 * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
43431 * Both make kfree a no-op.
43433 -#define ZERO_SIZE_PTR ((void *)16)
43434 +#define ZERO_SIZE_PTR \
43436 + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
43437 + (void *)(-MAX_ERRNO-1L); \
43440 -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
43441 - (unsigned long)ZERO_SIZE_PTR)
43442 +#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR)
43445 * struct kmem_cache related prototypes
43446 @@ -138,6 +142,7 @@ void * __must_check krealloc(const void
43447 void kfree(const void *);
43448 void kzfree(const void *);
43449 size_t ksize(const void *);
43450 +void check_object_size(const void *ptr, unsigned long n, bool to);
43453 * Allocator specific definitions. These are mainly used to establish optimized
43454 @@ -328,4 +333,37 @@ static inline void *kzalloc_node(size_t
43456 void __init kmem_cache_init_late(void);
43458 +#define kmalloc(x, y) \
43460 + void *___retval; \
43461 + intoverflow_t ___x = (intoverflow_t)x; \
43462 + if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n"))\
43463 + ___retval = NULL; \
43465 + ___retval = kmalloc((size_t)___x, (y)); \
43469 +#define kmalloc_node(x, y, z) \
43471 + void *___retval; \
43472 + intoverflow_t ___x = (intoverflow_t)x; \
43473 + if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\
43474 + ___retval = NULL; \
43476 + ___retval = kmalloc_node((size_t)___x, (y), (z));\
43480 +#define kzalloc(x, y) \
43482 + void *___retval; \
43483 + intoverflow_t ___x = (intoverflow_t)x; \
43484 + if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n"))\
43485 + ___retval = NULL; \
43487 + ___retval = kzalloc((size_t)___x, (y)); \
43491 #endif /* _LINUX_SLAB_H */
43492 diff -urNp linux-2.6.32.1/include/linux/slub_def.h linux-2.6.32.1/include/linux/slub_def.h
43493 --- linux-2.6.32.1/include/linux/slub_def.h 2009-12-02 22:51:21.000000000 -0500
43494 +++ linux-2.6.32.1/include/linux/slub_def.h 2009-12-14 18:33:59.257903937 -0500
43495 @@ -86,7 +86,7 @@ struct kmem_cache {
43496 struct kmem_cache_order_objects max;
43497 struct kmem_cache_order_objects min;
43498 gfp_t allocflags; /* gfp flags to use on each alloc */
43499 - int refcount; /* Refcount for slab cache destroy */
43500 + atomic_t refcount; /* Refcount for slab cache destroy */
43501 void (*ctor)(void *);
43502 int inuse; /* Offset to metadata */
43503 int align; /* Alignment */
43504 diff -urNp linux-2.6.32.1/include/linux/sonet.h linux-2.6.32.1/include/linux/sonet.h
43505 --- linux-2.6.32.1/include/linux/sonet.h 2009-12-02 22:51:21.000000000 -0500
43506 +++ linux-2.6.32.1/include/linux/sonet.h 2009-12-14 18:33:59.257903937 -0500
43507 @@ -61,7 +61,7 @@ struct sonet_stats {
43508 #include <asm/atomic.h>
43510 struct k_sonet_stats {
43511 -#define __HANDLE_ITEM(i) atomic_t i
43512 +#define __HANDLE_ITEM(i) atomic_unchecked_t i
43514 #undef __HANDLE_ITEM
43516 diff -urNp linux-2.6.32.1/include/linux/suspend.h linux-2.6.32.1/include/linux/suspend.h
43517 --- linux-2.6.32.1/include/linux/suspend.h 2009-12-02 22:51:21.000000000 -0500
43518 +++ linux-2.6.32.1/include/linux/suspend.h 2009-12-14 18:33:59.257903937 -0500
43519 @@ -104,15 +104,15 @@ typedef int __bitwise suspend_state_t;
43520 * which require special recovery actions in that situation.
43522 struct platform_suspend_ops {
43523 - int (*valid)(suspend_state_t state);
43524 - int (*begin)(suspend_state_t state);
43525 - int (*prepare)(void);
43526 - int (*prepare_late)(void);
43527 - int (*enter)(suspend_state_t state);
43528 - void (*wake)(void);
43529 - void (*finish)(void);
43530 - void (*end)(void);
43531 - void (*recover)(void);
43532 + int (* const valid)(suspend_state_t state);
43533 + int (* const begin)(suspend_state_t state);
43534 + int (* const prepare)(void);
43535 + int (* const prepare_late)(void);
43536 + int (* const enter)(suspend_state_t state);
43537 + void (* const wake)(void);
43538 + void (* const finish)(void);
43539 + void (* const end)(void);
43540 + void (* const recover)(void);
43543 #ifdef CONFIG_SUSPEND
43544 @@ -120,7 +120,7 @@ struct platform_suspend_ops {
43545 * suspend_set_ops - set platform dependent suspend operations
43546 * @ops: The new suspend operations to set.
43548 -extern void suspend_set_ops(struct platform_suspend_ops *ops);
43549 +extern void suspend_set_ops(const struct platform_suspend_ops *ops);
43550 extern int suspend_valid_only_mem(suspend_state_t state);
43553 @@ -145,7 +145,7 @@ extern int pm_suspend(suspend_state_t st
43554 #else /* !CONFIG_SUSPEND */
43555 #define suspend_valid_only_mem NULL
43557 -static inline void suspend_set_ops(struct platform_suspend_ops *ops) {}
43558 +static inline void suspend_set_ops(const struct platform_suspend_ops *ops) {}
43559 static inline int pm_suspend(suspend_state_t state) { return -ENOSYS; }
43560 #endif /* !CONFIG_SUSPEND */
43562 @@ -215,16 +215,16 @@ extern void mark_free_pages(struct zone
43563 * platforms which require special recovery actions in that situation.
43565 struct platform_hibernation_ops {
43566 - int (*begin)(void);
43567 - void (*end)(void);
43568 - int (*pre_snapshot)(void);
43569 - void (*finish)(void);
43570 - int (*prepare)(void);
43571 - int (*enter)(void);
43572 - void (*leave)(void);
43573 - int (*pre_restore)(void);
43574 - void (*restore_cleanup)(void);
43575 - void (*recover)(void);
43576 + int (* const begin)(void);
43577 + void (* const end)(void);
43578 + int (* const pre_snapshot)(void);
43579 + void (* const finish)(void);
43580 + int (* const prepare)(void);
43581 + int (* const enter)(void);
43582 + void (* const leave)(void);
43583 + int (* const pre_restore)(void);
43584 + void (* const restore_cleanup)(void);
43585 + void (* const recover)(void);
43588 #ifdef CONFIG_HIBERNATION
43589 @@ -243,7 +243,7 @@ extern void swsusp_set_page_free(struct
43590 extern void swsusp_unset_page_free(struct page *);
43591 extern unsigned long get_safe_page(gfp_t gfp_mask);
43593 -extern void hibernation_set_ops(struct platform_hibernation_ops *ops);
43594 +extern void hibernation_set_ops(const struct platform_hibernation_ops *ops);
43595 extern int hibernate(void);
43596 extern bool system_entering_hibernation(void);
43597 #else /* CONFIG_HIBERNATION */
43598 @@ -251,7 +251,7 @@ static inline int swsusp_page_is_forbidd
43599 static inline void swsusp_set_page_free(struct page *p) {}
43600 static inline void swsusp_unset_page_free(struct page *p) {}
43602 -static inline void hibernation_set_ops(struct platform_hibernation_ops *ops) {}
43603 +static inline void hibernation_set_ops(const struct platform_hibernation_ops *ops) {}
43604 static inline int hibernate(void) { return -ENOSYS; }
43605 static inline bool system_entering_hibernation(void) { return false; }
43606 #endif /* CONFIG_HIBERNATION */
43607 diff -urNp linux-2.6.32.1/include/linux/sysctl.h linux-2.6.32.1/include/linux/sysctl.h
43608 --- linux-2.6.32.1/include/linux/sysctl.h 2009-12-02 22:51:21.000000000 -0500
43609 +++ linux-2.6.32.1/include/linux/sysctl.h 2009-12-14 18:33:59.275781673 -0500
43610 @@ -164,7 +164,11 @@ enum
43611 KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
43615 +#ifdef CONFIG_PAX_SOFTMODE
43617 + PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
43621 /* CTL_VM names: */
43623 diff -urNp linux-2.6.32.1/include/linux/sysfs.h linux-2.6.32.1/include/linux/sysfs.h
43624 --- linux-2.6.32.1/include/linux/sysfs.h 2009-12-02 22:51:21.000000000 -0500
43625 +++ linux-2.6.32.1/include/linux/sysfs.h 2009-12-14 18:33:59.276833110 -0500
43626 @@ -75,8 +75,8 @@ struct bin_attribute {
43630 - ssize_t (*show)(struct kobject *, struct attribute *,char *);
43631 - ssize_t (*store)(struct kobject *,struct attribute *,const char *, size_t);
43632 + ssize_t (* const show)(struct kobject *, struct attribute *,char *);
43633 + ssize_t (* const store)(struct kobject *,struct attribute *,const char *, size_t);
43636 struct sysfs_dirent;
43637 diff -urNp linux-2.6.32.1/include/linux/thread_info.h linux-2.6.32.1/include/linux/thread_info.h
43638 --- linux-2.6.32.1/include/linux/thread_info.h 2009-12-02 22:51:21.000000000 -0500
43639 +++ linux-2.6.32.1/include/linux/thread_info.h 2009-12-14 18:33:59.276833110 -0500
43640 @@ -23,7 +23,7 @@ struct restart_block {
43642 /* For futex_wait and futex_wait_requeue_pi */
43645 + u32 __user *uaddr;
43649 diff -urNp linux-2.6.32.1/include/linux/tty.h linux-2.6.32.1/include/linux/tty.h
43650 --- linux-2.6.32.1/include/linux/tty.h 2009-12-02 22:51:21.000000000 -0500
43651 +++ linux-2.6.32.1/include/linux/tty.h 2009-12-14 18:33:59.297408994 -0500
43653 #include <linux/tty_driver.h>
43654 #include <linux/tty_ldisc.h>
43655 #include <linux/mutex.h>
43656 +#include <linux/poll.h>
43658 #include <asm/system.h>
43660 @@ -432,7 +433,6 @@ extern int tty_perform_flush(struct tty_
43661 extern dev_t tty_devnum(struct tty_struct *tty);
43662 extern void proc_clear_tty(struct task_struct *p);
43663 extern struct tty_struct *get_current_tty(void);
43664 -extern void tty_default_fops(struct file_operations *fops);
43665 extern struct tty_struct *alloc_tty_struct(void);
43666 extern void free_tty_struct(struct tty_struct *tty);
43667 extern void initialize_tty_struct(struct tty_struct *tty,
43668 @@ -482,6 +482,18 @@ extern void tty_ldisc_begin(void);
43669 /* This last one is just for the tty layer internals and shouldn't be used elsewhere */
43670 extern void tty_ldisc_enable(struct tty_struct *tty);
43673 +extern ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
43674 +extern ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
43675 +extern unsigned int tty_poll(struct file *, poll_table *);
43676 +#ifdef CONFIG_COMPAT
43677 +extern long tty_compat_ioctl(struct file *file, unsigned int cmd,
43678 + unsigned long arg);
43680 +#define tty_compat_ioctl NULL
43682 +extern int tty_release(struct inode *, struct file *);
43683 +extern int tty_fasync(int fd, struct file *filp, int on);
43686 extern struct tty_ldisc_ops tty_ldisc_N_TTY;
43687 diff -urNp linux-2.6.32.1/include/linux/tty_ldisc.h linux-2.6.32.1/include/linux/tty_ldisc.h
43688 --- linux-2.6.32.1/include/linux/tty_ldisc.h 2009-12-02 22:51:21.000000000 -0500
43689 +++ linux-2.6.32.1/include/linux/tty_ldisc.h 2009-12-14 18:33:59.297408994 -0500
43690 @@ -139,7 +139,7 @@ struct tty_ldisc_ops {
43692 struct module *owner;
43695 + atomic_t refcount;
43699 diff -urNp linux-2.6.32.1/include/linux/types.h linux-2.6.32.1/include/linux/types.h
43700 --- linux-2.6.32.1/include/linux/types.h 2009-12-02 22:51:21.000000000 -0500
43701 +++ linux-2.6.32.1/include/linux/types.h 2009-12-14 18:33:59.297969004 -0500
43702 @@ -191,10 +191,26 @@ typedef struct {
43703 volatile int counter;
43706 +#ifdef CONFIG_PAX_REFCOUNT
43708 + volatile int counter;
43709 +} atomic_unchecked_t;
43711 +typedef atomic_t atomic_unchecked_t;
43714 #ifdef CONFIG_64BIT
43716 volatile long counter;
43719 +#ifdef CONFIG_PAX_REFCOUNT
43721 + volatile long counter;
43722 +} atomic64_unchecked_t;
43724 +typedef atomic64_t atomic64_unchecked_t;
43729 diff -urNp linux-2.6.32.1/include/linux/uaccess.h linux-2.6.32.1/include/linux/uaccess.h
43730 --- linux-2.6.32.1/include/linux/uaccess.h 2009-12-02 22:51:21.000000000 -0500
43731 +++ linux-2.6.32.1/include/linux/uaccess.h 2009-12-14 18:33:59.297969004 -0500
43732 @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
43734 mm_segment_t old_fs = get_fs(); \
43736 - set_fs(KERNEL_DS); \
43737 pagefault_disable(); \
43738 + set_fs(KERNEL_DS); \
43739 ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
43740 - pagefault_enable(); \
43742 + pagefault_enable(); \
43746 @@ -93,7 +93,7 @@ static inline unsigned long __copy_from_
43747 * Safely read from address @src to the buffer at @dst. If a kernel fault
43748 * happens, handle that and return -EFAULT.
43750 -extern long probe_kernel_read(void *dst, void *src, size_t size);
43751 +extern long probe_kernel_read(void *dst, const void *src, size_t size);
43754 * probe_kernel_write(): safely attempt to write to a location
43755 @@ -104,6 +104,6 @@ extern long probe_kernel_read(void *dst,
43756 * Safely write to address @dst from the buffer at @src. If a kernel fault
43757 * happens, handle that and return -EFAULT.
43759 -extern long probe_kernel_write(void *dst, void *src, size_t size);
43760 +extern long probe_kernel_write(void *dst, const void *src, size_t size);
43762 #endif /* __LINUX_UACCESS_H__ */
43763 diff -urNp linux-2.6.32.1/include/linux/vmalloc.h linux-2.6.32.1/include/linux/vmalloc.h
43764 --- linux-2.6.32.1/include/linux/vmalloc.h 2009-12-02 22:51:21.000000000 -0500
43765 +++ linux-2.6.32.1/include/linux/vmalloc.h 2009-12-14 18:33:59.297969004 -0500
43766 @@ -13,6 +13,11 @@ struct vm_area_struct; /* vma defining
43767 #define VM_MAP 0x00000004 /* vmap()ed pages */
43768 #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
43769 #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
43771 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
43772 +#define VM_KERNEXEC 0x00000020 /* allocate from executable kernel memory range */
43775 /* bits [20..32] reserved for arch specific ioremap internals */
43778 @@ -121,4 +126,81 @@ struct vm_struct **pcpu_get_vm_areas(con
43780 void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms);
43782 +#define vmalloc(x) \
43784 + void *___retval; \
43785 + intoverflow_t ___x = (intoverflow_t)x; \
43786 + if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \
43787 + ___retval = NULL; \
43789 + ___retval = vmalloc((unsigned long)___x); \
43793 +#define __vmalloc(x, y, z) \
43795 + void *___retval; \
43796 + intoverflow_t ___x = (intoverflow_t)x; \
43797 + if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\
43798 + ___retval = NULL; \
43800 + ___retval = __vmalloc((unsigned long)___x, (y), (z));\
43804 +#define vmalloc_user(x) \
43806 + void *___retval; \
43807 + intoverflow_t ___x = (intoverflow_t)x; \
43808 + if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\
43809 + ___retval = NULL; \
43811 + ___retval = vmalloc_user((unsigned long)___x); \
43815 +#define vmalloc_exec(x) \
43817 + void *___retval; \
43818 + intoverflow_t ___x = (intoverflow_t)x; \
43819 + if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\
43820 + ___retval = NULL; \
43822 + ___retval = vmalloc_exec((unsigned long)___x); \
43826 +#define vmalloc_node(x, y) \
43828 + void *___retval; \
43829 + intoverflow_t ___x = (intoverflow_t)x; \
43830 + if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\
43831 + ___retval = NULL; \
43833 + ___retval = vmalloc_node((unsigned long)___x, (y));\
43837 +#define vmalloc_32(x) \
43839 + void *___retval; \
43840 + intoverflow_t ___x = (intoverflow_t)x; \
43841 + if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\
43842 + ___retval = NULL; \
43844 + ___retval = vmalloc_32((unsigned long)___x); \
43848 +#define vmalloc_32_user(x) \
43850 + void *___retval; \
43851 + intoverflow_t ___x = (intoverflow_t)x; \
43852 + if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\
43853 + ___retval = NULL; \
43855 + ___retval = vmalloc_32_user((unsigned long)___x);\
43859 #endif /* _LINUX_VMALLOC_H */
43860 diff -urNp linux-2.6.32.1/include/net/irda/ircomm_tty.h linux-2.6.32.1/include/net/irda/ircomm_tty.h
43861 --- linux-2.6.32.1/include/net/irda/ircomm_tty.h 2009-12-02 22:51:21.000000000 -0500
43862 +++ linux-2.6.32.1/include/net/irda/ircomm_tty.h 2009-12-14 18:33:59.297969004 -0500
43863 @@ -105,8 +105,8 @@ struct ircomm_tty_cb {
43864 unsigned short close_delay;
43865 unsigned short closing_wait; /* time to wait before closing */
43868 - int blocked_open; /* # of blocked opens */
43869 + atomic_t open_count;
43870 + atomic_t blocked_open; /* # of blocked opens */
43872 /* Protect concurent access to :
43873 * o self->open_count
43874 diff -urNp linux-2.6.32.1/include/net/neighbour.h linux-2.6.32.1/include/net/neighbour.h
43875 --- linux-2.6.32.1/include/net/neighbour.h 2009-12-02 22:51:21.000000000 -0500
43876 +++ linux-2.6.32.1/include/net/neighbour.h 2009-12-14 18:33:59.297969004 -0500
43877 @@ -125,12 +125,12 @@ struct neighbour
43881 - void (*solicit)(struct neighbour *, struct sk_buff*);
43882 - void (*error_report)(struct neighbour *, struct sk_buff*);
43883 - int (*output)(struct sk_buff*);
43884 - int (*connected_output)(struct sk_buff*);
43885 - int (*hh_output)(struct sk_buff*);
43886 - int (*queue_xmit)(struct sk_buff*);
43887 + void (* const solicit)(struct neighbour *, struct sk_buff*);
43888 + void (* const error_report)(struct neighbour *, struct sk_buff*);
43889 + int (* const output)(struct sk_buff*);
43890 + int (* const connected_output)(struct sk_buff*);
43891 + int (* const hh_output)(struct sk_buff*);
43892 + int (* const queue_xmit)(struct sk_buff*);
43895 struct pneigh_entry
43896 diff -urNp linux-2.6.32.1/include/net/sctp/sctp.h linux-2.6.32.1/include/net/sctp/sctp.h
43897 --- linux-2.6.32.1/include/net/sctp/sctp.h 2009-12-02 22:51:21.000000000 -0500
43898 +++ linux-2.6.32.1/include/net/sctp/sctp.h 2009-12-14 18:33:59.298976256 -0500
43899 @@ -305,8 +305,8 @@ extern int sctp_debug_flag;
43901 #else /* SCTP_DEBUG */
43903 -#define SCTP_DEBUG_PRINTK(whatever...)
43904 -#define SCTP_DEBUG_PRINTK_IPADDR(whatever...)
43905 +#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0)
43906 +#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0)
43907 #define SCTP_ENABLE_DEBUG
43908 #define SCTP_DISABLE_DEBUG
43909 #define SCTP_ASSERT(expr, str, func)
43910 diff -urNp linux-2.6.32.1/include/net/tcp.h linux-2.6.32.1/include/net/tcp.h
43911 --- linux-2.6.32.1/include/net/tcp.h 2009-12-02 22:51:21.000000000 -0500
43912 +++ linux-2.6.32.1/include/net/tcp.h 2009-12-14 18:33:59.298976256 -0500
43913 @@ -1414,6 +1414,7 @@ enum tcp_seq_states {
43914 struct tcp_seq_afinfo {
43916 sa_family_t family;
43917 + /* cannot be const */
43918 struct file_operations seq_fops;
43919 struct seq_operations seq_ops;
43921 diff -urNp linux-2.6.32.1/include/net/udp.h linux-2.6.32.1/include/net/udp.h
43922 --- linux-2.6.32.1/include/net/udp.h 2009-12-02 22:51:21.000000000 -0500
43923 +++ linux-2.6.32.1/include/net/udp.h 2009-12-14 18:33:59.298976256 -0500
43924 @@ -187,6 +187,7 @@ struct udp_seq_afinfo {
43926 sa_family_t family;
43927 struct udp_table *udp_table;
43928 + /* cannot be const */
43929 struct file_operations seq_fops;
43930 struct seq_operations seq_ops;
43932 diff -urNp linux-2.6.32.1/include/sound/ac97_codec.h linux-2.6.32.1/include/sound/ac97_codec.h
43933 --- linux-2.6.32.1/include/sound/ac97_codec.h 2009-12-02 22:51:21.000000000 -0500
43934 +++ linux-2.6.32.1/include/sound/ac97_codec.h 2009-12-14 18:33:59.310891709 -0500
43935 @@ -419,15 +419,15 @@
43938 struct snd_ac97_build_ops {
43939 - int (*build_3d) (struct snd_ac97 *ac97);
43940 - int (*build_specific) (struct snd_ac97 *ac97);
43941 - int (*build_spdif) (struct snd_ac97 *ac97);
43942 - int (*build_post_spdif) (struct snd_ac97 *ac97);
43943 + int (* const build_3d) (struct snd_ac97 *ac97);
43944 + int (* const build_specific) (struct snd_ac97 *ac97);
43945 + int (* const build_spdif) (struct snd_ac97 *ac97);
43946 + int (* const build_post_spdif) (struct snd_ac97 *ac97);
43948 - void (*suspend) (struct snd_ac97 *ac97);
43949 - void (*resume) (struct snd_ac97 *ac97);
43950 + void (* const suspend) (struct snd_ac97 *ac97);
43951 + void (* const resume) (struct snd_ac97 *ac97);
43953 - void (*update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
43954 + void (* const update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
43957 struct snd_ac97_bus_ops {
43958 @@ -477,7 +477,7 @@ struct snd_ac97_template {
43961 /* -- lowlevel (hardware) driver specific -- */
43962 - struct snd_ac97_build_ops * build_ops;
43963 + const struct snd_ac97_build_ops * build_ops;
43964 void *private_data;
43965 void (*private_free) (struct snd_ac97 *ac97);
43967 diff -urNp linux-2.6.32.1/include/video/uvesafb.h linux-2.6.32.1/include/video/uvesafb.h
43968 --- linux-2.6.32.1/include/video/uvesafb.h 2009-12-02 22:51:21.000000000 -0500
43969 +++ linux-2.6.32.1/include/video/uvesafb.h 2009-12-14 18:33:59.310891709 -0500
43970 @@ -177,6 +177,7 @@ struct uvesafb_par {
43971 u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */
43972 u8 pmi_setpal; /* PMI for palette changes */
43973 u16 *pmi_base; /* protected mode interface location */
43974 + u8 *pmi_code; /* protected mode code location */
43977 u8 *vbe_state_orig; /*
43978 diff -urNp linux-2.6.32.1/init/do_mounts.c linux-2.6.32.1/init/do_mounts.c
43979 --- linux-2.6.32.1/init/do_mounts.c 2009-12-02 22:51:21.000000000 -0500
43980 +++ linux-2.6.32.1/init/do_mounts.c 2009-12-14 18:33:59.318885471 -0500
43981 @@ -216,11 +216,11 @@ static void __init get_fs_names(char *pa
43983 static int __init do_mount_root(char *name, char *fs, int flags, void *data)
43985 - int err = sys_mount(name, "/root", fs, flags, data);
43986 + int err = sys_mount((__force char __user *)name, (__force char __user *)"/root", (__force char __user *)fs, flags, (__force void __user *)data);
43990 - sys_chdir("/root");
43991 + sys_chdir((__force char __user *)"/root");
43992 ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
43993 printk("VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
43994 current->fs->pwd.mnt->mnt_sb->s_type->name,
43995 @@ -311,18 +311,18 @@ void __init change_floppy(char *fmt, ...
43996 va_start(args, fmt);
43997 vsprintf(buf, fmt, args);
43999 - fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0);
44000 + fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0);
44002 sys_ioctl(fd, FDEJECT, 0);
44005 printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf);
44006 - fd = sys_open("/dev/console", O_RDWR, 0);
44007 + fd = sys_open((char __user *)"/dev/console", O_RDWR, 0);
44009 sys_ioctl(fd, TCGETS, (long)&termios);
44010 termios.c_lflag &= ~ICANON;
44011 sys_ioctl(fd, TCSETSF, (long)&termios);
44012 - sys_read(fd, &c, 1);
44013 + sys_read(fd, (char __user *)&c, 1);
44014 termios.c_lflag |= ICANON;
44015 sys_ioctl(fd, TCSETSF, (long)&termios);
44017 @@ -416,6 +416,6 @@ void __init prepare_namespace(void)
44020 devtmpfs_mount("dev");
44021 - sys_mount(".", "/", NULL, MS_MOVE, NULL);
44023 + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
44024 + sys_chroot((__force char __user *)".");
44026 diff -urNp linux-2.6.32.1/init/do_mounts.h linux-2.6.32.1/init/do_mounts.h
44027 --- linux-2.6.32.1/init/do_mounts.h 2009-12-02 22:51:21.000000000 -0500
44028 +++ linux-2.6.32.1/init/do_mounts.h 2009-12-14 18:33:59.336104253 -0500
44029 @@ -15,15 +15,15 @@ extern int root_mountflags;
44031 static inline int create_dev(char *name, dev_t dev)
44033 - sys_unlink(name);
44034 - return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
44035 + sys_unlink((__force char __user *)name);
44036 + return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
44039 #if BITS_PER_LONG == 32
44040 static inline u32 bstat(char *name)
44042 struct stat64 stat;
44043 - if (sys_stat64(name, &stat) != 0)
44044 + if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0)
44046 if (!S_ISBLK(stat.st_mode))
44048 diff -urNp linux-2.6.32.1/init/do_mounts_initrd.c linux-2.6.32.1/init/do_mounts_initrd.c
44049 --- linux-2.6.32.1/init/do_mounts_initrd.c 2009-12-02 22:51:21.000000000 -0500
44050 +++ linux-2.6.32.1/init/do_mounts_initrd.c 2009-12-14 18:33:59.343788319 -0500
44051 @@ -32,7 +32,7 @@ static int __init do_linuxrc(void * shel
44052 sys_close(old_fd);sys_close(root_fd);
44053 sys_close(0);sys_close(1);sys_close(2);
44055 - (void) sys_open("/dev/console",O_RDWR,0);
44056 + (void) sys_open((__force const char __user *)"/dev/console",O_RDWR,0);
44059 return kernel_execve(shell, argv, envp_init);
44060 @@ -47,13 +47,13 @@ static void __init handle_initrd(void)
44061 create_dev("/dev/root.old", Root_RAM0);
44062 /* mount initrd on rootfs' /root */
44063 mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
44064 - sys_mkdir("/old", 0700);
44065 - root_fd = sys_open("/", 0, 0);
44066 - old_fd = sys_open("/old", 0, 0);
44067 + sys_mkdir((__force const char __user *)"/old", 0700);
44068 + root_fd = sys_open((__force const char __user *)"/", 0, 0);
44069 + old_fd = sys_open((__force const char __user *)"/old", 0, 0);
44070 /* move initrd over / and chdir/chroot in initrd root */
44071 - sys_chdir("/root");
44072 - sys_mount(".", "/", NULL, MS_MOVE, NULL);
44074 + sys_chdir((__force const char __user *)"/root");
44075 + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
44076 + sys_chroot((__force const char __user *)".");
44079 * In case that a resume from disk is carried out by linuxrc or one of
44080 @@ -70,15 +70,15 @@ static void __init handle_initrd(void)
44082 /* move initrd to rootfs' /old */
44083 sys_fchdir(old_fd);
44084 - sys_mount("/", ".", NULL, MS_MOVE, NULL);
44085 + sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL);
44086 /* switch root and cwd back to / of rootfs */
44087 sys_fchdir(root_fd);
44089 + sys_chroot((__force const char __user *)".");
44091 sys_close(root_fd);
44093 if (new_decode_dev(real_root_dev) == Root_RAM0) {
44094 - sys_chdir("/old");
44095 + sys_chdir((__force const char __user *)"/old");
44099 @@ -86,17 +86,17 @@ static void __init handle_initrd(void)
44102 printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
44103 - error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
44104 + error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
44108 - int fd = sys_open("/dev/root.old", O_RDWR, 0);
44109 + int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0);
44110 if (error == -ENOENT)
44111 printk("/initrd does not exist. Ignored.\n");
44113 printk("failed\n");
44114 printk(KERN_NOTICE "Unmounting old root\n");
44115 - sys_umount("/old", MNT_DETACH);
44116 + sys_umount((__force char __user *)"/old", MNT_DETACH);
44117 printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
44120 @@ -119,11 +119,11 @@ int __init initrd_load(void)
44121 * mounted in the normal path.
44123 if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
44124 - sys_unlink("/initrd.image");
44125 + sys_unlink((__force const char __user *)"/initrd.image");
44130 - sys_unlink("/initrd.image");
44131 + sys_unlink((__force const char __user *)"/initrd.image");
44134 diff -urNp linux-2.6.32.1/init/do_mounts_md.c linux-2.6.32.1/init/do_mounts_md.c
44135 --- linux-2.6.32.1/init/do_mounts_md.c 2009-12-02 22:51:21.000000000 -0500
44136 +++ linux-2.6.32.1/init/do_mounts_md.c 2009-12-14 18:33:59.351385043 -0500
44137 @@ -170,7 +170,7 @@ static void __init md_setup_drive(void)
44138 partitioned ? "_d" : "", minor,
44139 md_setup_args[ent].device_names);
44141 - fd = sys_open(name, 0, 0);
44142 + fd = sys_open((__force char __user *)name, 0, 0);
44144 printk(KERN_ERR "md: open failed - cannot start "
44145 "array %s\n", name);
44146 @@ -233,7 +233,7 @@ static void __init md_setup_drive(void)
44150 - fd = sys_open(name, 0, 0);
44151 + fd = sys_open((__force char __user *)name, 0, 0);
44152 sys_ioctl(fd, BLKRRPART, 0);
44155 @@ -283,7 +283,7 @@ static void __init autodetect_raid(void)
44157 wait_for_device_probe();
44159 - fd = sys_open("/dev/md0", 0, 0);
44160 + fd = sys_open((__force char __user *)"/dev/md0", 0, 0);
44162 sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
44164 diff -urNp linux-2.6.32.1/init/initramfs.c linux-2.6.32.1/init/initramfs.c
44165 --- linux-2.6.32.1/init/initramfs.c 2009-12-02 22:51:21.000000000 -0500
44166 +++ linux-2.6.32.1/init/initramfs.c 2009-12-14 18:33:59.361708906 -0500
44167 @@ -74,7 +74,7 @@ static void __init free_hash(void)
44171 -static long __init do_utime(char __user *filename, time_t mtime)
44172 +static long __init do_utime(__force char __user *filename, time_t mtime)
44174 struct timespec t[2];
44176 @@ -109,7 +109,7 @@ static void __init dir_utime(void)
44177 struct dir_entry *de, *tmp;
44178 list_for_each_entry_safe(de, tmp, &dir_list, list) {
44179 list_del(&de->list);
44180 - do_utime(de->name, de->mtime);
44181 + do_utime((__force char __user *)de->name, de->mtime);
44185 @@ -271,7 +271,7 @@ static int __init maybe_link(void)
44187 char *old = find_link(major, minor, ino, mode, collected);
44189 - return (sys_link(old, collected) < 0) ? -1 : 1;
44190 + return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1;
44194 @@ -280,11 +280,11 @@ static void __init clean_path(char *path
44198 - if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
44199 + if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
44200 if (S_ISDIR(st.st_mode))
44202 + sys_rmdir((__force char __user *)path);
44204 - sys_unlink(path);
44205 + sys_unlink((__force char __user *)path);
44209 @@ -305,7 +305,7 @@ static int __init do_name(void)
44210 int openflags = O_WRONLY|O_CREAT;
44212 openflags |= O_TRUNC;
44213 - wfd = sys_open(collected, openflags, mode);
44214 + wfd = sys_open((__force char __user *)collected, openflags, mode);
44217 sys_fchown(wfd, uid, gid);
44218 @@ -317,17 +317,17 @@ static int __init do_name(void)
44221 } else if (S_ISDIR(mode)) {
44222 - sys_mkdir(collected, mode);
44223 - sys_chown(collected, uid, gid);
44224 - sys_chmod(collected, mode);
44225 + sys_mkdir((__force char __user *)collected, mode);
44226 + sys_chown((__force char __user *)collected, uid, gid);
44227 + sys_chmod((__force char __user *)collected, mode);
44228 dir_add(collected, mtime);
44229 } else if (S_ISBLK(mode) || S_ISCHR(mode) ||
44230 S_ISFIFO(mode) || S_ISSOCK(mode)) {
44231 if (maybe_link() == 0) {
44232 - sys_mknod(collected, mode, rdev);
44233 - sys_chown(collected, uid, gid);
44234 - sys_chmod(collected, mode);
44235 - do_utime(collected, mtime);
44236 + sys_mknod((__force char __user *)collected, mode, rdev);
44237 + sys_chown((__force char __user *)collected, uid, gid);
44238 + sys_chmod((__force char __user *)collected, mode);
44239 + do_utime((__force char __user *)collected, mtime);
44243 @@ -336,15 +336,15 @@ static int __init do_name(void)
44244 static int __init do_copy(void)
44246 if (count >= body_len) {
44247 - sys_write(wfd, victim, body_len);
44248 + sys_write(wfd, (__force char __user *)victim, body_len);
44250 - do_utime(vcollected, mtime);
44251 + do_utime((__force char __user *)vcollected, mtime);
44257 - sys_write(wfd, victim, count);
44258 + sys_write(wfd, (__force char __user *)victim, count);
44262 @@ -355,9 +355,9 @@ static int __init do_symlink(void)
44264 collected[N_ALIGN(name_len) + body_len] = '\0';
44265 clean_path(collected, 0);
44266 - sys_symlink(collected + N_ALIGN(name_len), collected);
44267 - sys_lchown(collected, uid, gid);
44268 - do_utime(collected, mtime);
44269 + sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected);
44270 + sys_lchown((__force char __user *)collected, uid, gid);
44271 + do_utime((__force char __user *)collected, mtime);
44273 next_state = Reset;
44275 diff -urNp linux-2.6.32.1/init/Kconfig linux-2.6.32.1/init/Kconfig
44276 --- linux-2.6.32.1/init/Kconfig 2009-12-02 22:51:21.000000000 -0500
44277 +++ linux-2.6.32.1/init/Kconfig 2009-12-14 18:33:59.372736129 -0500
44278 @@ -1026,7 +1026,7 @@ config SLUB_DEBUG
44281 bool "Disable heap randomization"
44285 Randomizing heap placement makes heap exploits harder, but it
44286 also breaks ancient binaries (including anything libc5 based).
44287 @@ -1116,9 +1116,9 @@ config HAVE_GENERIC_DMA_COHERENT
44291 - depends on PROC_FS
44292 + depends on PROC_FS && !GRKERNSEC_PROC_ADD
44293 depends on SLAB || SLUB_DEBUG
44299 diff -urNp linux-2.6.32.1/init/main.c linux-2.6.32.1/init/main.c
44300 --- linux-2.6.32.1/init/main.c 2009-12-02 22:51:21.000000000 -0500
44301 +++ linux-2.6.32.1/init/main.c 2009-12-14 18:33:59.389911000 -0500
44302 @@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void)
44304 extern void tc_init(void);
44306 +extern void grsecurity_init(void);
44308 enum system_states system_state __read_mostly;
44309 EXPORT_SYMBOL(system_state);
44310 @@ -183,6 +184,35 @@ static int __init set_reset_devices(char
44312 __setup("reset_devices", set_reset_devices);
44314 +#if defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32)
44315 +static int __init setup_pax_nouderef(char *str)
44317 + unsigned int cpu;
44319 + for (cpu = 0; cpu < NR_CPUS; cpu++) {
44320 + get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3;
44321 + get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf;
44323 + asm("mov %0, %%ds" : : "r" (__KERNEL_DS) : "memory");
44324 + asm("mov %0, %%es" : : "r" (__KERNEL_DS) : "memory");
44325 + asm("mov %0, %%ss" : : "r" (__KERNEL_DS) : "memory");
44329 +early_param("pax_nouderef", setup_pax_nouderef);
44332 +#ifdef CONFIG_PAX_SOFTMODE
44333 +unsigned int pax_softmode;
44335 +static int __init setup_pax_softmode(char *str)
44337 + get_option(&str, &pax_softmode);
44340 +__setup("pax_softmode=", setup_pax_softmode);
44343 static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
44344 char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
44345 static const char *panic_later, *panic_param;
44346 @@ -702,52 +732,53 @@ int initcall_debug;
44347 core_param(initcall_debug, initcall_debug, bool, 0644);
44349 static char msgbuf[64];
44350 -static struct boot_trace_call call;
44351 -static struct boot_trace_ret ret;
44352 +static struct boot_trace_call trace_call;
44353 +static struct boot_trace_ret trace_ret;
44355 int do_one_initcall(initcall_t fn)
44357 int count = preempt_count();
44358 ktime_t calltime, delta, rettime;
44359 + const char *msg1 = "", *msg2 = "";
44361 if (initcall_debug) {
44362 - call.caller = task_pid_nr(current);
44363 - printk("calling %pF @ %i\n", fn, call.caller);
44364 + trace_call.caller = task_pid_nr(current);
44365 + printk("calling %pF @ %i\n", fn, trace_call.caller);
44366 calltime = ktime_get();
44367 - trace_boot_call(&call, fn);
44368 + trace_boot_call(&trace_call, fn);
44369 enable_boot_trace();
44372 - ret.result = fn();
44373 + trace_ret.result = fn();
44375 if (initcall_debug) {
44376 disable_boot_trace();
44377 rettime = ktime_get();
44378 delta = ktime_sub(rettime, calltime);
44379 - ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10;
44380 - trace_boot_ret(&ret, fn);
44381 + trace_ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10;
44382 + trace_boot_ret(&trace_ret, fn);
44383 printk("initcall %pF returned %d after %Ld usecs\n", fn,
44384 - ret.result, ret.duration);
44385 + trace_ret.result, trace_ret.duration);
44390 - if (ret.result && ret.result != -ENODEV && initcall_debug)
44391 - sprintf(msgbuf, "error code %d ", ret.result);
44392 + if (trace_ret.result && trace_ret.result != -ENODEV && initcall_debug)
44393 + sprintf(msgbuf, "error code %d ", trace_ret.result);
44395 if (preempt_count() != count) {
44396 - strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf));
44397 + msg1 = " preemption imbalance";
44398 preempt_count() = count;
44400 if (irqs_disabled()) {
44401 - strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
44402 + msg2 = " disabled interrupts";
44403 local_irq_enable();
44406 - printk("initcall %pF returned with %s\n", fn, msgbuf);
44407 + if (msgbuf[0] || *msg1 || *msg2) {
44408 + printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2);
44411 - return ret.result;
44412 + return trace_ret.result;
44416 @@ -886,11 +917,13 @@ static int __init kernel_init(void * unu
44417 if (!ramdisk_execute_command)
44418 ramdisk_execute_command = "/init";
44420 - if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
44421 + if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) {
44422 ramdisk_execute_command = NULL;
44423 prepare_namespace();
44426 + grsecurity_init();
44429 * Ok, we have completed the initial bootup, and
44430 * we're essentially up and running. Get rid of the
44431 diff -urNp linux-2.6.32.1/init/noinitramfs.c linux-2.6.32.1/init/noinitramfs.c
44432 --- linux-2.6.32.1/init/noinitramfs.c 2009-12-02 22:51:21.000000000 -0500
44433 +++ linux-2.6.32.1/init/noinitramfs.c 2009-12-14 18:33:59.390888592 -0500
44434 @@ -29,7 +29,7 @@ static int __init default_rootfs(void)
44438 - err = sys_mkdir("/dev", 0755);
44439 + err = sys_mkdir((const char __user *)"/dev", 0755);
44443 @@ -39,7 +39,7 @@ static int __init default_rootfs(void)
44447 - err = sys_mkdir("/root", 0700);
44448 + err = sys_mkdir((const char __user *)"/root", 0700);
44452 diff -urNp linux-2.6.32.1/ipc/ipc_sysctl.c linux-2.6.32.1/ipc/ipc_sysctl.c
44453 --- linux-2.6.32.1/ipc/ipc_sysctl.c 2009-12-02 22:51:21.000000000 -0500
44454 +++ linux-2.6.32.1/ipc/ipc_sysctl.c 2009-12-14 18:33:59.390888592 -0500
44455 @@ -267,7 +267,7 @@ static struct ctl_table ipc_kern_table[]
44460 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
44463 static struct ctl_table ipc_root_table[] = {
44464 @@ -277,7 +277,7 @@ static struct ctl_table ipc_root_table[]
44466 .child = ipc_kern_table,
44469 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
44472 static int __init ipc_sysctl_init(void)
44473 diff -urNp linux-2.6.32.1/ipc/mqueue.c linux-2.6.32.1/ipc/mqueue.c
44474 --- linux-2.6.32.1/ipc/mqueue.c 2009-12-02 22:51:21.000000000 -0500
44475 +++ linux-2.6.32.1/ipc/mqueue.c 2009-12-14 18:33:59.391720347 -0500
44476 @@ -150,6 +150,7 @@ static struct inode *mqueue_get_inode(st
44477 mq_bytes = (mq_msg_tblsz +
44478 (info->attr.mq_maxmsg * info->attr.mq_msgsize));
44480 + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
44481 spin_lock(&mq_lock);
44482 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
44483 u->mq_bytes + mq_bytes >
44484 diff -urNp linux-2.6.32.1/ipc/shm.c linux-2.6.32.1/ipc/shm.c
44485 --- linux-2.6.32.1/ipc/shm.c 2009-12-02 22:51:21.000000000 -0500
44486 +++ linux-2.6.32.1/ipc/shm.c 2009-12-14 18:33:59.391720347 -0500
44487 @@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
44488 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
44491 +#ifdef CONFIG_GRKERNSEC
44492 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
44493 + const time_t shm_createtime, const uid_t cuid,
44494 + const int shmid);
44495 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
44496 + const time_t shm_createtime);
44499 void shm_init_ns(struct ipc_namespace *ns)
44501 ns->shm_ctlmax = SHMMAX;
44502 @@ -395,6 +403,14 @@ static int newseg(struct ipc_namespace *
44503 shp->shm_lprid = 0;
44504 shp->shm_atim = shp->shm_dtim = 0;
44505 shp->shm_ctim = get_seconds();
44506 +#ifdef CONFIG_GRKERNSEC
44508 + struct timespec timeval;
44509 + do_posix_clock_monotonic_gettime(&timeval);
44511 + shp->shm_createtime = timeval.tv_sec;
44514 shp->shm_segsz = size;
44515 shp->shm_nattch = 0;
44516 shp->shm_file = file;
44517 @@ -878,9 +894,21 @@ long do_shmat(int shmid, char __user *sh
44521 +#ifdef CONFIG_GRKERNSEC
44522 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
44523 + shp->shm_perm.cuid, shmid) ||
44524 + !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
44530 path.dentry = dget(shp->shm_file->f_path.dentry);
44531 path.mnt = shp->shm_file->f_path.mnt;
44533 +#ifdef CONFIG_GRKERNSEC
44534 + shp->shm_lapid = current->pid;
44536 size = i_size_read(path.dentry->d_inode);
44539 diff -urNp linux-2.6.32.1/kernel/acct.c linux-2.6.32.1/kernel/acct.c
44540 --- linux-2.6.32.1/kernel/acct.c 2009-12-02 22:51:21.000000000 -0500
44541 +++ linux-2.6.32.1/kernel/acct.c 2009-12-14 18:33:59.391720347 -0500
44542 @@ -578,7 +578,7 @@ static void do_acct_process(struct bsd_a
44544 flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
44545 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
44546 - file->f_op->write(file, (char *)&ac,
44547 + file->f_op->write(file, (__force char __user *)&ac,
44548 sizeof(acct_t), &file->f_pos);
44549 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
44551 diff -urNp linux-2.6.32.1/kernel/capability.c linux-2.6.32.1/kernel/capability.c
44552 --- linux-2.6.32.1/kernel/capability.c 2009-12-02 22:51:21.000000000 -0500
44553 +++ linux-2.6.32.1/kernel/capability.c 2009-12-14 18:33:59.392777275 -0500
44554 @@ -306,10 +306,21 @@ int capable(int cap)
44558 - if (security_capable(cap) == 0) {
44559 + if (security_capable(cap) == 0 && gr_is_capable(cap)) {
44560 current->flags |= PF_SUPERPRIV;
44566 +int capable_nolog(int cap)
44568 + if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {
44569 + current->flags |= PF_SUPERPRIV;
44575 EXPORT_SYMBOL(capable);
44576 +EXPORT_SYMBOL(capable_nolog);
44577 diff -urNp linux-2.6.32.1/kernel/configs.c linux-2.6.32.1/kernel/configs.c
44578 --- linux-2.6.32.1/kernel/configs.c 2009-12-02 22:51:21.000000000 -0500
44579 +++ linux-2.6.32.1/kernel/configs.c 2009-12-14 18:33:59.392777275 -0500
44580 @@ -73,8 +73,19 @@ static int __init ikconfig_init(void)
44581 struct proc_dir_entry *entry;
44583 /* create the current config file */
44584 +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
44585 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_HIDESYM)
44586 + entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL,
44587 + &ikconfig_file_ops);
44588 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
44589 + entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL,
44590 + &ikconfig_file_ops);
44593 entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL,
44594 &ikconfig_file_ops);
44600 diff -urNp linux-2.6.32.1/kernel/cpu.c linux-2.6.32.1/kernel/cpu.c
44601 --- linux-2.6.32.1/kernel/cpu.c 2009-12-02 22:51:21.000000000 -0500
44602 +++ linux-2.6.32.1/kernel/cpu.c 2009-12-14 18:33:59.421104502 -0500
44604 /* Serializes the updates to cpu_online_mask, cpu_present_mask */
44605 static DEFINE_MUTEX(cpu_add_remove_lock);
44607 -static __cpuinitdata RAW_NOTIFIER_HEAD(cpu_chain);
44608 +static RAW_NOTIFIER_HEAD(cpu_chain);
44610 /* If set, cpu_up and cpu_down will return -EBUSY and do nothing.
44611 * Should always be manipulated under cpu_add_remove_lock
44612 diff -urNp linux-2.6.32.1/kernel/cred.c linux-2.6.32.1/kernel/cred.c
44613 --- linux-2.6.32.1/kernel/cred.c 2009-12-02 22:51:21.000000000 -0500
44614 +++ linux-2.6.32.1/kernel/cred.c 2009-12-14 18:33:59.433855426 -0500
44615 @@ -520,6 +520,8 @@ int commit_creds(struct cred *new)
44617 get_cred(new); /* we will require a ref for the subj creds too */
44619 + gr_set_role_label(task, new->uid, new->gid);
44621 /* dumpability changes */
44622 if (old->euid != new->euid ||
44623 old->egid != new->egid ||
44624 diff -urNp linux-2.6.32.1/kernel/exit.c linux-2.6.32.1/kernel/exit.c
44625 --- linux-2.6.32.1/kernel/exit.c 2009-12-02 22:51:21.000000000 -0500
44626 +++ linux-2.6.32.1/kernel/exit.c 2009-12-14 18:33:59.433855426 -0500
44628 #include <asm/mmu_context.h>
44629 #include "cred-internals.h"
44631 +#ifdef CONFIG_GRKERNSEC
44632 +extern rwlock_t grsec_exec_file_lock;
44635 static void exit_mm(struct task_struct * tsk);
44637 static void __unhash_process(struct task_struct *p)
44638 @@ -167,6 +171,8 @@ void release_task(struct task_struct * p
44639 struct task_struct *leader;
44642 + gr_del_task_from_ip_table(p);
44644 tracehook_prepare_release_task(p);
44645 /* don't need to get the RCU readlock here - the process is dead and
44646 * can't be modifying its own credentials */
44647 @@ -334,11 +340,22 @@ static void reparent_to_kthreadd(void)
44649 write_lock_irq(&tasklist_lock);
44651 +#ifdef CONFIG_GRKERNSEC
44652 + write_lock(&grsec_exec_file_lock);
44653 + if (current->exec_file) {
44654 + fput(current->exec_file);
44655 + current->exec_file = NULL;
44657 + write_unlock(&grsec_exec_file_lock);
44660 ptrace_unlink(current);
44661 /* Reparent to init */
44662 current->real_parent = current->parent = kthreadd_task;
44663 list_move_tail(¤t->sibling, ¤t->real_parent->children);
44665 + gr_set_kernel_label(current);
44667 /* Set the exit signal to SIGCHLD so we signal init on exit */
44668 current->exit_signal = SIGCHLD;
44670 @@ -390,7 +407,7 @@ int allow_signal(int sig)
44671 * know it'll be handled, so that they don't get converted to
44672 * SIGKILL or just silently dropped.
44674 - current->sighand->action[(sig)-1].sa.sa_handler = (void __user *)2;
44675 + current->sighand->action[(sig)-1].sa.sa_handler = (__force void __user *)2;
44676 recalc_sigpending();
44677 spin_unlock_irq(¤t->sighand->siglock);
44679 @@ -426,6 +443,17 @@ void daemonize(const char *name, ...)
44680 vsnprintf(current->comm, sizeof(current->comm), name, args);
44683 +#ifdef CONFIG_GRKERNSEC
44684 + write_lock(&grsec_exec_file_lock);
44685 + if (current->exec_file) {
44686 + fput(current->exec_file);
44687 + current->exec_file = NULL;
44689 + write_unlock(&grsec_exec_file_lock);
44692 + gr_set_kernel_label(current);
44695 * If we were started as result of loading a module, close all of the
44696 * user space pages. We don't need them, and if we didn't close them
44697 @@ -957,6 +985,9 @@ NORET_TYPE void do_exit(long code)
44698 tsk->exit_code = code;
44699 taskstats_exit(tsk, group_dead);
44701 + gr_acl_handle_psacct(tsk, code);
44702 + gr_acl_handle_exit();
44707 @@ -1172,7 +1203,7 @@ static int wait_task_zombie(struct wait_
44709 if (unlikely(wo->wo_flags & WNOWAIT)) {
44710 int exit_code = p->exit_code;
44714 get_task_struct(p);
44715 read_unlock(&tasklist_lock);
44716 diff -urNp linux-2.6.32.1/kernel/fork.c linux-2.6.32.1/kernel/fork.c
44717 --- linux-2.6.32.1/kernel/fork.c 2009-12-02 22:51:21.000000000 -0500
44718 +++ linux-2.6.32.1/kernel/fork.c 2009-12-14 18:33:59.434987332 -0500
44719 @@ -253,7 +253,7 @@ static struct task_struct *dup_task_stru
44720 *stackend = STACK_END_MAGIC; /* for overflow detection */
44722 #ifdef CONFIG_CC_STACKPROTECTOR
44723 - tsk->stack_canary = get_random_int();
44724 + tsk->stack_canary = pax_get_random_long();
44727 /* One for us, one for whoever does the "release_task()" (usually parent) */
44728 @@ -293,8 +293,8 @@ static int dup_mmap(struct mm_struct *mm
44731 mm->mmap_cache = NULL;
44732 - mm->free_area_cache = oldmm->mmap_base;
44733 - mm->cached_hole_size = ~0UL;
44734 + mm->free_area_cache = oldmm->free_area_cache;
44735 + mm->cached_hole_size = oldmm->cached_hole_size;
44737 cpumask_clear(mm_cpumask(mm));
44738 mm->mm_rb = RB_ROOT;
44739 @@ -334,6 +334,7 @@ static int dup_mmap(struct mm_struct *mm
44740 tmp->vm_flags &= ~VM_LOCKED;
44742 tmp->vm_next = NULL;
44743 + tmp->vm_mirror = NULL;
44744 anon_vma_link(tmp);
44745 file = tmp->vm_file;
44747 @@ -381,6 +382,31 @@ static int dup_mmap(struct mm_struct *mm
44752 +#ifdef CONFIG_PAX_SEGMEXEC
44753 + if (oldmm->pax_flags & MF_PAX_SEGMEXEC) {
44754 + struct vm_area_struct *mpnt_m;
44756 + for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next, mpnt_m = mpnt_m->vm_next) {
44757 + BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm);
44759 + if (!mpnt->vm_mirror)
44762 + if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) {
44763 + BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt);
44764 + mpnt->vm_mirror = mpnt_m;
44766 + BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm);
44767 + mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror;
44768 + mpnt_m->vm_mirror->vm_mirror = mpnt_m;
44769 + mpnt->vm_mirror->vm_mirror = mpnt;
44776 /* a new mm has just been created */
44777 arch_dup_mmap(oldmm, mm);
44779 @@ -731,7 +757,7 @@ static int copy_fs(unsigned long clone_f
44780 write_unlock(&fs->lock);
44784 + atomic_inc(&fs->users);
44785 write_unlock(&fs->lock);
44788 @@ -1084,6 +1084,9 @@ static struct task_struct *copy_process(
44790 if (!vx_nproc_avail(1))
44791 goto bad_fork_cleanup_vm;
44793 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0);
44795 if (atomic_read(&p->real_cred->user->processes) >=
44796 p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
44797 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
44798 @@ -1179,6 +1208,8 @@ static struct task_struct *copy_process(
44799 goto bad_fork_free_pid;
44802 + gr_copy_label(p);
44804 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
44806 * Clear TID on mm_release()?
44807 @@ -1344,6 +1375,8 @@ bad_fork_cleanup_count:
44811 + gr_log_forkfail(retval);
44813 return ERR_PTR(retval);
44816 @@ -1437,6 +1470,8 @@ long do_fork(unsigned long clone_flags,
44817 if (clone_flags & CLONE_PARENT_SETTID)
44818 put_user(nr, parent_tidptr);
44820 + gr_handle_brute_check();
44822 if (clone_flags & CLONE_VFORK) {
44823 p->vfork_done = &vfork;
44824 init_completion(&vfork);
44825 @@ -1569,7 +1604,7 @@ static int unshare_fs(unsigned long unsh
44828 /* don't need lock here; in the worst case we'll do useless copy */
44829 - if (fs->users == 1)
44830 + if (atomic_read(&fs->users) == 1)
44833 *new_fsp = copy_fs_struct(fs);
44834 @@ -1692,7 +1727,7 @@ SYSCALL_DEFINE1(unshare, unsigned long,
44836 write_lock(&fs->lock);
44837 current->fs = new_fs;
44839 + if (atomic_dec_return(&fs->users))
44843 diff -urNp linux-2.6.32.1/kernel/futex.c linux-2.6.32.1/kernel/futex.c
44844 --- linux-2.6.32.1/kernel/futex.c 2009-12-02 22:51:21.000000000 -0500
44845 +++ linux-2.6.32.1/kernel/futex.c 2009-12-14 18:33:59.435994462 -0500
44847 #include <linux/mount.h>
44848 #include <linux/pagemap.h>
44849 #include <linux/syscalls.h>
44850 +#include <linux/ptrace.h>
44851 #include <linux/signal.h>
44852 #include <linux/module.h>
44853 #include <linux/magic.h>
44854 @@ -223,6 +224,11 @@ get_futex_key(u32 __user *uaddr, int fsh
44858 +#ifdef CONFIG_PAX_SEGMEXEC
44859 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE)
44864 * The futex address must be "naturally" aligned.
44866 @@ -1825,7 +1831,7 @@ retry:
44868 restart = ¤t_thread_info()->restart_block;
44869 restart->fn = futex_wait_restart;
44870 - restart->futex.uaddr = (u32 *)uaddr;
44871 + restart->futex.uaddr = uaddr;
44872 restart->futex.val = val;
44873 restart->futex.time = abs_time->tv64;
44874 restart->futex.bitset = bitset;
44875 @@ -2358,7 +2364,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
44877 struct robust_list_head __user *head;
44879 - const struct cred *cred = current_cred(), *pcred;
44880 +#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
44881 + const struct cred *cred = current_cred();
44882 + const struct cred *pcred;
44885 if (!futex_cmpxchg_enabled)
44887 @@ -2374,11 +2383,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
44891 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
44892 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
44895 pcred = __task_cred(p);
44896 if (cred->euid != pcred->euid &&
44897 cred->euid != pcred->uid &&
44898 !capable(CAP_SYS_PTRACE))
44901 head = p->robust_list;
44904 @@ -2440,7 +2454,7 @@ retry:
44906 static inline int fetch_robust_entry(struct robust_list __user **entry,
44907 struct robust_list __user * __user *head,
44909 + unsigned int *pi)
44911 unsigned long uentry;
44913 diff -urNp linux-2.6.32.1/kernel/futex_compat.c linux-2.6.32.1/kernel/futex_compat.c
44914 --- linux-2.6.32.1/kernel/futex_compat.c 2009-12-02 22:51:21.000000000 -0500
44915 +++ linux-2.6.32.1/kernel/futex_compat.c 2009-12-14 18:33:59.435994462 -0500
44917 #include <linux/compat.h>
44918 #include <linux/nsproxy.h>
44919 #include <linux/futex.h>
44920 +#include <linux/ptrace.h>
44922 #include <asm/uaccess.h>
44924 @@ -135,7 +136,10 @@ compat_sys_get_robust_list(int pid, comp
44926 struct compat_robust_list_head __user *head;
44928 - const struct cred *cred = current_cred(), *pcred;
44929 + const struct cred *cred = current_cred();
44930 +#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
44931 + const struct cred *pcred;
44934 if (!futex_cmpxchg_enabled)
44936 @@ -151,11 +155,16 @@ compat_sys_get_robust_list(int pid, comp
44940 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
44941 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
44944 pcred = __task_cred(p);
44945 if (cred->euid != pcred->euid &&
44946 cred->euid != pcred->uid &&
44947 !capable(CAP_SYS_PTRACE))
44950 head = p->compat_robust_list;
44951 read_unlock(&tasklist_lock);
44953 diff -urNp linux-2.6.32.1/kernel/gcov/base.c linux-2.6.32.1/kernel/gcov/base.c
44954 --- linux-2.6.32.1/kernel/gcov/base.c 2009-12-02 22:51:21.000000000 -0500
44955 +++ linux-2.6.32.1/kernel/gcov/base.c 2009-12-14 18:33:59.435994462 -0500
44956 @@ -102,11 +102,6 @@ void gcov_enable_events(void)
44959 #ifdef CONFIG_MODULES
44960 -static inline int within(void *addr, void *start, unsigned long size)
44962 - return ((addr >= start) && (addr < start + size));
44965 /* Update list and generate events when modules are unloaded. */
44966 static int gcov_module_notifier(struct notifier_block *nb, unsigned long event,
44968 @@ -121,7 +116,7 @@ static int gcov_module_notifier(struct n
44970 /* Remove entries located in module from linked list. */
44971 for (info = gcov_info_head; info; info = info->next) {
44972 - if (within(info, mod->module_core, mod->core_size)) {
44973 + if (within_module_core_rw((unsigned long)info, mod)) {
44975 prev->next = info->next;
44977 diff -urNp linux-2.6.32.1/kernel/kallsyms.c linux-2.6.32.1/kernel/kallsyms.c
44978 --- linux-2.6.32.1/kernel/kallsyms.c 2009-12-02 22:51:21.000000000 -0500
44979 +++ linux-2.6.32.1/kernel/kallsyms.c 2009-12-14 18:33:59.435994462 -0500
44981 * Changed the compression method from stem compression to "table lookup"
44982 * compression (see scripts/kallsyms.c for a more complete description)
44984 +#ifdef CONFIG_GRKERNSEC_HIDESYM
44985 +#define __INCLUDED_BY_HIDESYM 1
44987 #include <linux/kallsyms.h>
44988 #include <linux/module.h>
44989 #include <linux/init.h>
44990 @@ -51,6 +54,9 @@ extern const unsigned long kallsyms_mark
44992 static inline int is_kernel_inittext(unsigned long addr)
44994 + if (system_state != SYSTEM_BOOTING)
44997 if (addr >= (unsigned long)_sinittext
44998 && addr <= (unsigned long)_einittext)
45000 @@ -67,6 +73,9 @@ static inline int is_kernel_text(unsigne
45002 static inline int is_kernel(unsigned long addr)
45004 + if (is_kernel_inittext(addr))
45007 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
45009 return in_gate_area_no_task(addr);
45010 @@ -413,7 +422,6 @@ static unsigned long get_ksymbol_core(st
45012 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
45014 - iter->name[0] = '\0';
45015 iter->nameoff = get_symbol_offset(new_pos);
45016 iter->pos = new_pos;
45018 @@ -461,6 +469,11 @@ static int s_show(struct seq_file *m, vo
45020 struct kallsym_iter *iter = m->private;
45022 +#ifdef CONFIG_GRKERNSEC_HIDESYM
45023 + if (current_uid())
45027 /* Some debugging symbols have no name. Ignore them. */
45028 if (!iter->name[0])
45030 @@ -501,7 +514,7 @@ static int kallsyms_open(struct inode *i
45031 struct kallsym_iter *iter;
45034 - iter = kmalloc(sizeof(*iter), GFP_KERNEL);
45035 + iter = kzalloc(sizeof(*iter), GFP_KERNEL);
45038 reset_iter(iter, 0);
45039 diff -urNp linux-2.6.32.1/kernel/kgdb.c linux-2.6.32.1/kernel/kgdb.c
45040 --- linux-2.6.32.1/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
45041 +++ linux-2.6.32.1/kernel/kgdb.c 2009-12-14 18:33:59.437005376 -0500
45042 @@ -86,7 +86,7 @@ static int kgdb_io_module_registered;
45043 /* Guard for recursive entry */
45044 static int exception_level;
45046 -static struct kgdb_io *kgdb_io_ops;
45047 +static const struct kgdb_io *kgdb_io_ops;
45048 static DEFINE_SPINLOCK(kgdb_registration_lock);
45050 /* kgdb console driver is loaded */
45051 @@ -1637,7 +1637,7 @@ static void kgdb_initial_breakpoint(void
45053 * Register it with the KGDB core.
45055 -int kgdb_register_io_module(struct kgdb_io *new_kgdb_io_ops)
45056 +int kgdb_register_io_module(const struct kgdb_io *new_kgdb_io_ops)
45060 @@ -1682,7 +1682,7 @@ EXPORT_SYMBOL_GPL(kgdb_register_io_modul
45062 * Unregister it with the KGDB core.
45064 -void kgdb_unregister_io_module(struct kgdb_io *old_kgdb_io_ops)
45065 +void kgdb_unregister_io_module(const struct kgdb_io *old_kgdb_io_ops)
45067 BUG_ON(kgdb_connected);
45069 diff -urNp linux-2.6.32.1/kernel/kmod.c linux-2.6.32.1/kernel/kmod.c
45070 --- linux-2.6.32.1/kernel/kmod.c 2009-12-02 22:51:21.000000000 -0500
45071 +++ linux-2.6.32.1/kernel/kmod.c 2009-12-14 18:33:59.437005376 -0500
45072 @@ -90,6 +90,18 @@ int __request_module(bool wait, const ch
45073 if (ret >= MODULE_NAME_LEN)
45074 return -ENAMETOOLONG;
45076 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
45077 + /* we could do a tighter check here, but some distros
45078 + are taking it upon themselves to remove CAP_SYS_MODULE
45079 + from even root-running apps which cause modules to be
45082 + if (current_uid()) {
45083 + gr_log_nonroot_mod_load(module_name);
45088 /* If modprobe needs a service that is in a module, we get a recursive
45089 * loop. Limit the number of running kmod threads to max_threads/2 or
45090 * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
45091 diff -urNp linux-2.6.32.1/kernel/kprobes.c linux-2.6.32.1/kernel/kprobes.c
45092 --- linux-2.6.32.1/kernel/kprobes.c 2009-12-02 22:51:21.000000000 -0500
45093 +++ linux-2.6.32.1/kernel/kprobes.c 2009-12-14 18:33:59.437005376 -0500
45094 @@ -183,7 +183,7 @@ static kprobe_opcode_t __kprobes *__get_
45095 * kernel image and loaded module images reside. This is required
45096 * so x86_64 can correctly handle the %rip-relative fixups.
45098 - kip->insns = module_alloc(PAGE_SIZE);
45099 + kip->insns = module_alloc_exec(PAGE_SIZE);
45103 @@ -220,7 +220,7 @@ static int __kprobes collect_one_slot(st
45105 if (!list_is_singular(&kprobe_insn_pages)) {
45106 list_del(&kip->list);
45107 - module_free(NULL, kip->insns);
45108 + module_free_exec(NULL, kip->insns);
45112 diff -urNp linux-2.6.32.1/kernel/lockdep.c linux-2.6.32.1/kernel/lockdep.c
45113 --- linux-2.6.32.1/kernel/lockdep.c 2009-12-02 22:51:21.000000000 -0500
45114 +++ linux-2.6.32.1/kernel/lockdep.c 2009-12-14 18:33:59.437984082 -0500
45115 @@ -577,6 +577,10 @@ static int static_obj(void *obj)
45119 +#ifdef CONFIG_PAX_KERNEXEC
45120 + start = ktla_ktva(start);
45126 @@ -592,8 +596,7 @@ static int static_obj(void *obj)
45128 for_each_possible_cpu(i) {
45129 start = (unsigned long) &__per_cpu_start + per_cpu_offset(i);
45130 - end = (unsigned long) &__per_cpu_start + PERCPU_ENOUGH_ROOM
45131 - + per_cpu_offset(i);
45132 + end = start + PERCPU_ENOUGH_ROOM;
45134 if ((addr >= start) && (addr < end))
45136 @@ -710,6 +713,7 @@ register_lock_class(struct lockdep_map *
45137 if (!static_obj(lock->key)) {
45139 printk("INFO: trying to register non-static key.\n");
45140 + printk("lock:%pS key:%pS.\n", lock, lock->key);
45141 printk("the code is fine but needs lockdep annotation.\n");
45142 printk("turning off the locking correctness validator.\n");
45144 diff -urNp linux-2.6.32.1/kernel/module.c linux-2.6.32.1/kernel/module.c
45145 --- linux-2.6.32.1/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
45146 +++ linux-2.6.32.1/kernel/module.c 2009-12-14 18:33:59.438865919 -0500
45147 @@ -89,7 +89,8 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq
45148 static BLOCKING_NOTIFIER_HEAD(module_notify_list);
45150 /* Bounds of module allocation, for speeding __module_address */
45151 -static unsigned long module_addr_min = -1UL, module_addr_max = 0;
45152 +static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0;
45153 +static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0;
45155 int register_module_notifier(struct notifier_block * nb)
45157 @@ -245,7 +246,7 @@ bool each_symbol(bool (*fn)(const struct
45160 list_for_each_entry_rcu(mod, &modules, list) {
45161 - struct symsearch arr[] = {
45162 + struct symsearch modarr[] = {
45163 { mod->syms, mod->syms + mod->num_syms, mod->crcs,
45164 NOT_GPL_ONLY, false },
45165 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
45166 @@ -267,7 +268,7 @@ bool each_symbol(bool (*fn)(const struct
45170 - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
45171 + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
45175 @@ -442,7 +443,7 @@ static void *percpu_modalloc(unsigned lo
45179 - if (align > PAGE_SIZE) {
45180 + if (align-1 >= PAGE_SIZE) {
45181 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
45182 name, align, PAGE_SIZE);
45184 @@ -555,7 +556,11 @@ static void percpu_modcopy(void *pcpudes
45187 for_each_possible_cpu(cpu)
45188 +#ifdef CONFIG_X86_32
45189 + memcpy(pcpudest + __per_cpu_offset[cpu], from, size);
45191 memcpy(pcpudest + per_cpu_offset(cpu), from, size);
45195 #else /* ... !CONFIG_SMP */
45196 @@ -1526,7 +1531,8 @@ static void free_module(struct module *m
45197 destroy_params(mod->kp, mod->num_kp);
45199 /* This may be NULL, but that's OK */
45200 - module_free(mod, mod->module_init);
45201 + module_free(mod, mod->module_init_rw);
45202 + module_free_exec(mod, mod->module_init_rx);
45205 percpu_modfree(mod->percpu);
45206 @@ -1535,10 +1541,12 @@ static void free_module(struct module *m
45207 percpu_modfree(mod->refptr);
45209 /* Free lock-classes: */
45210 - lockdep_free_key_range(mod->module_core, mod->core_size);
45211 + lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx);
45212 + lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw);
45214 /* Finally, free the core (containing the module structure) */
45215 - module_free(mod, mod->module_core);
45216 + module_free_exec(mod, mod->module_core_rx);
45217 + module_free(mod, mod->module_core_rw);
45220 update_protections(current->mm);
45221 @@ -1632,7 +1640,9 @@ static int simplify_symbols(Elf_Shdr *se
45222 strtab + sym[i].st_name, mod);
45223 /* Ok if resolved. */
45225 + pax_open_kernel();
45226 sym[i].st_value = ksym->value;
45227 + pax_close_kernel();
45231 @@ -1651,7 +1661,9 @@ static int simplify_symbols(Elf_Shdr *se
45232 secbase = (unsigned long)mod->percpu;
45234 secbase = sechdrs[sym[i].st_shndx].sh_addr;
45235 + pax_open_kernel();
45236 sym[i].st_value += secbase;
45237 + pax_close_kernel();
45241 @@ -1712,11 +1724,12 @@ static void layout_sections(struct modul
45242 || s->sh_entsize != ~0UL
45243 || strstarts(secstrings + s->sh_name, ".init"))
45245 - s->sh_entsize = get_offset(mod, &mod->core_size, s, i);
45246 + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
45247 + s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
45249 + s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
45250 DEBUGP("\t%s\n", secstrings + s->sh_name);
45253 - mod->core_text_size = mod->core_size;
45256 DEBUGP("Init section allocation order:\n");
45257 @@ -1729,12 +1742,13 @@ static void layout_sections(struct modul
45258 || s->sh_entsize != ~0UL
45259 || !strstarts(secstrings + s->sh_name, ".init"))
45261 - s->sh_entsize = (get_offset(mod, &mod->init_size, s, i)
45262 - | INIT_OFFSET_MASK);
45263 + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
45264 + s->sh_entsize = get_offset(mod, &mod->init_size_rw, s, i);
45266 + s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
45267 + s->sh_entsize |= INIT_OFFSET_MASK;
45268 DEBUGP("\t%s\n", secstrings + s->sh_name);
45271 - mod->init_text_size = mod->init_size;
45275 @@ -1838,9 +1852,8 @@ static int is_exported(const char *name,
45278 static char elf_type(const Elf_Sym *sym,
45279 - Elf_Shdr *sechdrs,
45280 - const char *secstrings,
45281 - struct module *mod)
45282 + const Elf_Shdr *sechdrs,
45283 + const char *secstrings)
45285 if (ELF_ST_BIND(sym->st_info) == STB_WEAK) {
45286 if (ELF_ST_TYPE(sym->st_info) == STT_OBJECT)
45287 @@ -1915,7 +1928,7 @@ static unsigned long layout_symtab(struc
45289 /* Put symbol section at end of init part of module. */
45290 symsect->sh_flags |= SHF_ALLOC;
45291 - symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,
45292 + symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect,
45293 symindex) | INIT_OFFSET_MASK;
45294 DEBUGP("\t%s\n", secstrings + symsect->sh_name);
45296 @@ -1932,19 +1945,19 @@ static unsigned long layout_symtab(struc
45299 /* Append room for core symbols at end of core part. */
45300 - symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
45301 - mod->core_size = symoffs + ndst * sizeof(Elf_Sym);
45302 + symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1);
45303 + mod->core_size_rx = symoffs + ndst * sizeof(Elf_Sym);
45305 /* Put string table section at end of init part of module. */
45306 strsect->sh_flags |= SHF_ALLOC;
45307 - strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
45308 + strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect,
45309 strindex) | INIT_OFFSET_MASK;
45310 DEBUGP("\t%s\n", secstrings + strsect->sh_name);
45312 /* Append room for core symbols' strings at end of core part. */
45313 - *pstroffs = mod->core_size;
45314 + *pstroffs = mod->core_size_rx;
45315 __set_bit(0, strmap);
45316 - mod->core_size += bitmap_weight(strmap, strsect->sh_size);
45317 + mod->core_size_rx += bitmap_weight(strmap, strsect->sh_size);
45321 @@ -1968,12 +1981,14 @@ static void add_kallsyms(struct module *
45322 mod->num_symtab = sechdrs[symindex].sh_size / sizeof(Elf_Sym);
45323 mod->strtab = (void *)sechdrs[strindex].sh_addr;
45325 + pax_open_kernel();
45327 /* Set types up while we still have access to sections. */
45328 for (i = 0; i < mod->num_symtab; i++)
45329 mod->symtab[i].st_info
45330 - = elf_type(&mod->symtab[i], sechdrs, secstrings, mod);
45331 + = elf_type(&mod->symtab[i], sechdrs, secstrings);
45333 - mod->core_symtab = dst = mod->module_core + symoffs;
45334 + mod->core_symtab = dst = mod->module_core_rx + symoffs;
45337 for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
45338 @@ -1985,10 +2000,12 @@ static void add_kallsyms(struct module *
45340 mod->core_num_syms = ndst;
45342 - mod->core_strtab = s = mod->module_core + stroffs;
45343 + mod->core_strtab = s = mod->module_core_rx + stroffs;
45344 for (*s = 0, i = 1; i < sechdrs[strindex].sh_size; ++i)
45345 if (test_bit(i, strmap))
45346 *++s = mod->strtab[i];
45348 + pax_close_kernel();
45351 static inline unsigned long layout_symtab(struct module *mod,
45352 @@ -2025,16 +2042,30 @@ static void dynamic_debug_setup(struct _
45356 -static void *module_alloc_update_bounds(unsigned long size)
45357 +static void *module_alloc_update_bounds_rw(unsigned long size)
45359 void *ret = module_alloc(size);
45362 /* Update module bounds. */
45363 - if ((unsigned long)ret < module_addr_min)
45364 - module_addr_min = (unsigned long)ret;
45365 - if ((unsigned long)ret + size > module_addr_max)
45366 - module_addr_max = (unsigned long)ret + size;
45367 + if ((unsigned long)ret < module_addr_min_rw)
45368 + module_addr_min_rw = (unsigned long)ret;
45369 + if ((unsigned long)ret + size > module_addr_max_rw)
45370 + module_addr_max_rw = (unsigned long)ret + size;
45375 +static void *module_alloc_update_bounds_rx(unsigned long size)
45377 + void *ret = module_alloc_exec(size);
45380 + /* Update module bounds. */
45381 + if ((unsigned long)ret < module_addr_min_rx)
45382 + module_addr_min_rx = (unsigned long)ret;
45383 + if ((unsigned long)ret + size > module_addr_max_rx)
45384 + module_addr_max_rx = (unsigned long)ret + size;
45388 @@ -2046,8 +2077,8 @@ static void kmemleak_load_module(struct
45391 /* only scan the sections containing data */
45392 - kmemleak_scan_area(mod->module_core, (unsigned long)mod -
45393 - (unsigned long)mod->module_core,
45394 + kmemleak_scan_area(mod->module_core_rw, (unsigned long)mod -
45395 + (unsigned long)mod->module_core_rw,
45396 sizeof(struct module), GFP_KERNEL);
45398 for (i = 1; i < hdr->e_shnum; i++) {
45399 @@ -2057,8 +2088,8 @@ static void kmemleak_load_module(struct
45400 && strncmp(secstrings + sechdrs[i].sh_name, ".bss", 4) != 0)
45403 - kmemleak_scan_area(mod->module_core, sechdrs[i].sh_addr -
45404 - (unsigned long)mod->module_core,
45405 + kmemleak_scan_area(mod->module_core_rw, sechdrs[i].sh_addr -
45406 + (unsigned long)mod->module_core_rw,
45407 sechdrs[i].sh_size, GFP_KERNEL);
45410 @@ -2244,7 +2275,7 @@ static noinline struct module *load_modu
45411 secstrings, &stroffs, strmap);
45413 /* Do the allocs. */
45414 - ptr = module_alloc_update_bounds(mod->core_size);
45415 + ptr = module_alloc_update_bounds_rw(mod->core_size_rw);
45417 * The pointer to this block is stored in the module structure
45418 * which is inside the block. Just mark it as not being a
45419 @@ -2255,23 +2286,47 @@ static noinline struct module *load_modu
45423 - memset(ptr, 0, mod->core_size);
45424 - mod->module_core = ptr;
45425 + memset(ptr, 0, mod->core_size_rw);
45426 + mod->module_core_rw = ptr;
45428 - ptr = module_alloc_update_bounds(mod->init_size);
45429 + ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
45431 * The pointer to this block is stored in the module structure
45432 * which is inside the block. This block doesn't need to be
45433 * scanned as it contains data and code that will be freed
45434 * after the module is initialized.
45436 - kmemleak_ignore(ptr);
45437 - if (!ptr && mod->init_size) {
45438 + kmemleak_not_leak(ptr);
45439 + if (!ptr && mod->init_size_rw) {
45441 + goto free_core_rw;
45443 + memset(ptr, 0, mod->init_size_rw);
45444 + mod->module_init_rw = ptr;
45446 + ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
45447 + kmemleak_not_leak(ptr);
45450 + goto free_init_rw;
45453 + pax_open_kernel();
45454 + memset(ptr, 0, mod->core_size_rx);
45455 + pax_close_kernel();
45456 + mod->module_core_rx = ptr;
45458 + ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
45459 + kmemleak_not_leak(ptr);
45460 + if (!ptr && mod->init_size_rx) {
45463 + goto free_core_rx;
45465 - memset(ptr, 0, mod->init_size);
45466 - mod->module_init = ptr;
45468 + pax_open_kernel();
45469 + memset(ptr, 0, mod->init_size_rx);
45470 + pax_close_kernel();
45471 + mod->module_init_rx = ptr;
45473 /* Transfer each section which specifies SHF_ALLOC */
45474 DEBUGP("final section addresses:\n");
45475 @@ -2281,17 +2336,41 @@ static noinline struct module *load_modu
45476 if (!(sechdrs[i].sh_flags & SHF_ALLOC))
45479 - if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK)
45480 - dest = mod->module_init
45481 - + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
45483 - dest = mod->module_core + sechdrs[i].sh_entsize;
45484 + if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) {
45485 + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
45486 + dest = mod->module_init_rw
45487 + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
45489 + dest = mod->module_init_rx
45490 + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
45492 + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
45493 + dest = mod->module_core_rw + sechdrs[i].sh_entsize;
45495 + dest = mod->module_core_rx + sechdrs[i].sh_entsize;
45498 + if (sechdrs[i].sh_type != SHT_NOBITS) {
45500 - if (sechdrs[i].sh_type != SHT_NOBITS)
45501 - memcpy(dest, (void *)sechdrs[i].sh_addr,
45502 - sechdrs[i].sh_size);
45503 +#ifdef CONFIG_PAX_KERNEXEC
45504 + if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) {
45505 + pax_open_kernel();
45506 + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
45507 + pax_close_kernel();
45511 + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
45513 /* Update sh_addr to point to copy in image. */
45514 - sechdrs[i].sh_addr = (unsigned long)dest;
45516 +#ifdef CONFIG_PAX_KERNEXEC
45517 + if (sechdrs[i].sh_flags & SHF_EXECINSTR)
45518 + sechdrs[i].sh_addr = ktva_ktla((unsigned long)dest);
45522 + sechdrs[i].sh_addr = (unsigned long)dest;
45523 DEBUGP("\t0x%lx %s\n", sechdrs[i].sh_addr, secstrings + sechdrs[i].sh_name);
45525 /* Module has been moved. */
45526 @@ -2303,7 +2382,7 @@ static noinline struct module *load_modu
45528 if (!mod->refptr) {
45531 + goto free_init_rx;
45534 /* Now we've moved module, initialize linked lists, etc. */
45535 @@ -2412,8 +2491,8 @@ static noinline struct module *load_modu
45537 /* Now do relocations. */
45538 for (i = 1; i < hdr->e_shnum; i++) {
45539 - const char *strtab = (char *)sechdrs[strindex].sh_addr;
45540 unsigned int info = sechdrs[i].sh_info;
45541 + strtab = (char *)sechdrs[strindex].sh_addr;
45543 /* Not a valid relocation section? */
45544 if (info >= hdr->e_shnum)
45545 @@ -2474,12 +2553,12 @@ static noinline struct module *load_modu
45546 * Do it before processing of module parameters, so the module
45547 * can provide parameter accessor functions of its own.
45549 - if (mod->module_init)
45550 - flush_icache_range((unsigned long)mod->module_init,
45551 - (unsigned long)mod->module_init
45552 - + mod->init_size);
45553 - flush_icache_range((unsigned long)mod->module_core,
45554 - (unsigned long)mod->module_core + mod->core_size);
45555 + if (mod->module_init_rx)
45556 + flush_icache_range((unsigned long)mod->module_init_rx,
45557 + (unsigned long)mod->module_init_rx
45558 + + mod->init_size_rx);
45559 + flush_icache_range((unsigned long)mod->module_core_rx,
45560 + (unsigned long)mod->module_core_rx + mod->core_size_rx);
45564 @@ -2527,12 +2606,16 @@ static noinline struct module *load_modu
45566 module_unload_free(mod);
45567 #if defined(CONFIG_MODULE_UNLOAD) && defined(CONFIG_SMP)
45569 percpu_modfree(mod->refptr);
45572 - module_free(mod, mod->module_init);
45574 - module_free(mod, mod->module_core);
45575 + module_free_exec(mod, mod->module_init_rx);
45577 + module_free_exec(mod, mod->module_core_rx);
45579 + module_free(mod, mod->module_init_rw);
45581 + module_free(mod, mod->module_core_rw);
45582 /* mod will be freed with core. Don't access it beyond this line! */
45585 @@ -2634,10 +2717,12 @@ SYSCALL_DEFINE3(init_module, void __user
45586 mod->symtab = mod->core_symtab;
45587 mod->strtab = mod->core_strtab;
45589 - module_free(mod, mod->module_init);
45590 - mod->module_init = NULL;
45591 - mod->init_size = 0;
45592 - mod->init_text_size = 0;
45593 + module_free(mod, mod->module_init_rw);
45594 + module_free_exec(mod, mod->module_init_rx);
45595 + mod->module_init_rw = NULL;
45596 + mod->module_init_rx = NULL;
45597 + mod->init_size_rw = 0;
45598 + mod->init_size_rx = 0;
45599 mutex_unlock(&module_mutex);
45602 @@ -2668,10 +2753,16 @@ static const char *get_ksymbol(struct mo
45603 unsigned long nextval;
45605 /* At worse, next value is at end of module */
45606 - if (within_module_init(addr, mod))
45607 - nextval = (unsigned long)mod->module_init+mod->init_text_size;
45608 + if (within_module_init_rx(addr, mod))
45609 + nextval = (unsigned long)mod->module_init_rx+mod->init_size_rx;
45610 + else if (within_module_init_rw(addr, mod))
45611 + nextval = (unsigned long)mod->module_init_rw+mod->init_size_rw;
45612 + else if (within_module_core_rx(addr, mod))
45613 + nextval = (unsigned long)mod->module_core_rx+mod->core_size_rx;
45614 + else if (within_module_core_rw(addr, mod))
45615 + nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw;
45617 - nextval = (unsigned long)mod->module_core+mod->core_text_size;
45620 /* Scan for closest preceeding symbol, and next symbol. (ELF
45621 starts real symbols at 1). */
45622 @@ -2917,7 +3008,7 @@ static int m_show(struct seq_file *m, vo
45625 seq_printf(m, "%s %u",
45626 - mod->name, mod->init_size + mod->core_size);
45627 + mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw);
45628 print_unload_info(m, mod);
45630 /* Informative for users. */
45631 @@ -2926,7 +3017,7 @@ static int m_show(struct seq_file *m, vo
45632 mod->state == MODULE_STATE_COMING ? "Loading":
45634 /* Used by oprofile and other similar tools. */
45635 - seq_printf(m, " 0x%p", mod->module_core);
45636 + seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw);
45640 @@ -2962,7 +3053,17 @@ static const struct file_operations proc
45642 static int __init proc_modules_init(void)
45644 +#ifndef CONFIG_GRKERNSEC_HIDESYM
45645 +#ifdef CONFIG_GRKERNSEC_PROC_USER
45646 + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
45647 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
45648 + proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
45650 proc_create("modules", 0, NULL, &proc_modules_operations);
45653 + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
45657 module_init(proc_modules_init);
45658 @@ -3021,12 +3122,12 @@ struct module *__module_address(unsigned
45660 struct module *mod;
45662 - if (addr < module_addr_min || addr > module_addr_max)
45663 + if ((addr < module_addr_min_rx || addr > module_addr_max_rx) &&
45664 + (addr < module_addr_min_rw || addr > module_addr_max_rw))
45667 list_for_each_entry_rcu(mod, &modules, list)
45668 - if (within_module_core(addr, mod)
45669 - || within_module_init(addr, mod))
45670 + if (within_module_init(addr, mod) || within_module_core(addr, mod))
45674 @@ -3060,11 +3161,20 @@ bool is_module_text_address(unsigned lon
45676 struct module *__module_text_address(unsigned long addr)
45678 - struct module *mod = __module_address(addr);
45679 + struct module *mod;
45681 +#ifdef CONFIG_X86_32
45682 + addr = ktla_ktva(addr);
45685 + if (addr < module_addr_min_rx || addr > module_addr_max_rx)
45688 + mod = __module_address(addr);
45691 /* Make sure it's within the text section. */
45692 - if (!within(addr, mod->module_init, mod->init_text_size)
45693 - && !within(addr, mod->module_core, mod->core_text_size))
45694 + if (!within_module_init_rx(addr, mod) && !within_module_core_rx(addr, mod))
45698 diff -urNp linux-2.6.32.1/kernel/panic.c linux-2.6.32.1/kernel/panic.c
45699 --- linux-2.6.32.1/kernel/panic.c 2009-12-02 22:51:21.000000000 -0500
45700 +++ linux-2.6.32.1/kernel/panic.c 2009-12-14 18:33:59.439743212 -0500
45701 @@ -392,7 +392,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
45703 void __stack_chk_fail(void)
45705 - panic("stack-protector: Kernel stack is corrupted in: %p\n",
45707 + panic("stack-protector: Kernel stack is corrupted in: %pS\n",
45708 __builtin_return_address(0));
45710 EXPORT_SYMBOL(__stack_chk_fail);
45711 diff -urNp linux-2.6.32.1/kernel/params.c linux-2.6.32.1/kernel/params.c
45712 --- linux-2.6.32.1/kernel/params.c 2009-12-02 22:51:21.000000000 -0500
45713 +++ linux-2.6.32.1/kernel/params.c 2009-12-14 18:33:59.439743212 -0500
45714 @@ -725,7 +725,7 @@ static ssize_t module_attr_store(struct
45718 -static struct sysfs_ops module_sysfs_ops = {
45719 +static const struct sysfs_ops module_sysfs_ops = {
45720 .show = module_attr_show,
45721 .store = module_attr_store,
45723 @@ -739,7 +739,7 @@ static int uevent_filter(struct kset *ks
45727 -static struct kset_uevent_ops module_uevent_ops = {
45728 +static const struct kset_uevent_ops module_uevent_ops = {
45729 .filter = uevent_filter,
45732 diff -urNp linux-2.6.32.1/kernel/pid.c linux-2.6.32.1/kernel/pid.c
45733 --- linux-2.6.32.1/kernel/pid.c 2009-12-02 22:51:21.000000000 -0500
45734 +++ linux-2.6.32.1/kernel/pid.c 2009-12-14 18:33:59.439743212 -0500
45736 #include <linux/rculist.h>
45737 #include <linux/bootmem.h>
45738 #include <linux/hash.h>
45739 +#include <linux/security.h>
45740 #include <linux/pid_namespace.h>
45741 #include <linux/init_task.h>
45742 #include <linux/syscalls.h>
45743 @@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT
45745 int pid_max = PID_MAX_DEFAULT;
45747 -#define RESERVED_PIDS 300
45748 +#define RESERVED_PIDS 500
45750 int pid_max_min = RESERVED_PIDS + 1;
45751 int pid_max_max = PID_MAX_LIMIT;
45752 @@ -385,7 +385,14 @@ EXPORT_SYMBOL(pid_task);
45754 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
45756 - return pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID);
45757 + struct task_struct *task;
45759 + task = pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID);
45761 + if (gr_pid_is_chrooted(task))
45766 EXPORT_SYMBOL_GPL(find_task_by_pid_ns);
45768 diff -urNp linux-2.6.32.1/kernel/posix-cpu-timers.c linux-2.6.32.1/kernel/posix-cpu-timers.c
45769 --- linux-2.6.32.1/kernel/posix-cpu-timers.c 2009-12-02 22:51:21.000000000 -0500
45770 +++ linux-2.6.32.1/kernel/posix-cpu-timers.c 2009-12-14 18:33:59.440994299 -0500
45772 #include <linux/posix-timers.h>
45773 #include <linux/errno.h>
45774 #include <linux/math64.h>
45775 +#include <linux/security.h>
45776 #include <asm/uaccess.h>
45777 #include <linux/kernel_stat.h>
45778 #include <trace/events/timer.h>
45779 @@ -1044,6 +1045,7 @@ static void check_thread_timers(struct t
45780 __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
45783 + gr_learn_resource(tsk, RLIMIT_RTTIME, tsk->rt.timeout, 1);
45784 if (tsk->rt.timeout > DIV_ROUND_UP(*soft, USEC_PER_SEC/HZ)) {
45786 * At the soft limit, send a SIGXCPU every second.
45787 @@ -1206,6 +1208,7 @@ static void check_process_timers(struct
45788 __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
45791 + gr_learn_resource(tsk, RLIMIT_CPU, psecs, 0);
45792 if (psecs >= sig->rlim[RLIMIT_CPU].rlim_cur) {
45794 * At the soft limit, send a SIGXCPU every second.
45795 diff -urNp linux-2.6.32.1/kernel/power/hibernate.c linux-2.6.32.1/kernel/power/hibernate.c
45796 --- linux-2.6.32.1/kernel/power/hibernate.c 2009-12-02 22:51:21.000000000 -0500
45797 +++ linux-2.6.32.1/kernel/power/hibernate.c 2009-12-14 18:33:59.440994299 -0500
45798 @@ -48,14 +48,14 @@ enum {
45800 static int hibernation_mode = HIBERNATION_SHUTDOWN;
45802 -static struct platform_hibernation_ops *hibernation_ops;
45803 +static const struct platform_hibernation_ops *hibernation_ops;
45806 * hibernation_set_ops - set the global hibernate operations
45807 * @ops: the hibernation operations to use in subsequent hibernation transitions
45810 -void hibernation_set_ops(struct platform_hibernation_ops *ops)
45811 +void hibernation_set_ops(const struct platform_hibernation_ops *ops)
45813 if (ops && !(ops->begin && ops->end && ops->pre_snapshot
45814 && ops->prepare && ops->finish && ops->enter && ops->pre_restore
45815 diff -urNp linux-2.6.32.1/kernel/power/poweroff.c linux-2.6.32.1/kernel/power/poweroff.c
45816 --- linux-2.6.32.1/kernel/power/poweroff.c 2009-12-02 22:51:21.000000000 -0500
45817 +++ linux-2.6.32.1/kernel/power/poweroff.c 2009-12-14 18:33:59.440994299 -0500
45818 @@ -37,7 +37,7 @@ static struct sysrq_key_op sysrq_powerof
45819 .enable_mask = SYSRQ_ENABLE_BOOT,
45822 -static int pm_sysrq_init(void)
45823 +static int __init pm_sysrq_init(void)
45825 register_sysrq_key('o', &sysrq_poweroff_op);
45827 diff -urNp linux-2.6.32.1/kernel/power/process.c linux-2.6.32.1/kernel/power/process.c
45828 --- linux-2.6.32.1/kernel/power/process.c 2009-12-02 22:51:21.000000000 -0500
45829 +++ linux-2.6.32.1/kernel/power/process.c 2009-12-14 18:33:59.440994299 -0500
45830 @@ -37,12 +37,15 @@ static int try_to_freeze_tasks(bool sig_
45831 struct timeval start, end;
45832 u64 elapsed_csecs64;
45833 unsigned int elapsed_csecs;
45834 + bool timedout = false;
45836 do_gettimeofday(&start);
45838 end_time = jiffies + TIMEOUT;
45841 + if (time_after(jiffies, end_time))
45843 read_lock(&tasklist_lock);
45844 do_each_thread(g, p) {
45845 if (frozen(p) || !freezeable(p))
45846 @@ -57,15 +60,17 @@ static int try_to_freeze_tasks(bool sig_
45847 * It is "frozen enough". If the task does wake
45848 * up, it will immediately call try_to_freeze.
45850 - if (!task_is_stopped_or_traced(p) &&
45851 - !freezer_should_skip(p))
45852 + if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) {
45855 + printk(KERN_ERR "Task refusing to freeze:\n");
45856 + sched_show_task(p);
45859 } while_each_thread(g, p);
45860 read_unlock(&tasklist_lock);
45861 yield(); /* Yield is okay here */
45862 - if (time_after(jiffies, end_time))
45865 + } while (todo && !timedout);
45867 do_gettimeofday(&end);
45868 elapsed_csecs64 = timeval_to_ns(&end) - timeval_to_ns(&start);
45869 diff -urNp linux-2.6.32.1/kernel/power/suspend.c linux-2.6.32.1/kernel/power/suspend.c
45870 --- linux-2.6.32.1/kernel/power/suspend.c 2009-12-02 22:51:21.000000000 -0500
45871 +++ linux-2.6.32.1/kernel/power/suspend.c 2009-12-14 18:33:59.441985104 -0500
45872 @@ -23,13 +23,13 @@ const char *const pm_states[PM_SUSPEND_M
45873 [PM_SUSPEND_MEM] = "mem",
45876 -static struct platform_suspend_ops *suspend_ops;
45877 +static const struct platform_suspend_ops *suspend_ops;
45880 * suspend_set_ops - Set the global suspend method table.
45881 * @ops: Pointer to ops structure.
45883 -void suspend_set_ops(struct platform_suspend_ops *ops)
45884 +void suspend_set_ops(const struct platform_suspend_ops *ops)
45886 mutex_lock(&pm_mutex);
45888 diff -urNp linux-2.6.32.1/kernel/printk.c linux-2.6.32.1/kernel/printk.c
45889 --- linux-2.6.32.1/kernel/printk.c 2009-12-02 22:51:21.000000000 -0500
45890 +++ linux-2.6.32.1/kernel/printk.c 2009-12-14 18:33:59.441985104 -0500
45891 @@ -278,6 +278,11 @@ int do_syslog(int type, char __user *buf
45895 +#ifdef CONFIG_GRKERNSEC_DMESG
45896 + if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN))
45900 error = security_syslog(type);
45903 diff -urNp linux-2.6.32.1/kernel/ptrace.c linux-2.6.32.1/kernel/ptrace.c
45904 --- linux-2.6.32.1/kernel/ptrace.c 2009-12-02 22:51:21.000000000 -0500
45905 +++ linux-2.6.32.1/kernel/ptrace.c 2009-12-14 18:33:59.441985104 -0500
45906 @@ -141,7 +141,7 @@ int __ptrace_may_access(struct task_stru
45907 cred->gid != tcred->egid ||
45908 cred->gid != tcred->sgid ||
45909 cred->gid != tcred->gid) &&
45910 - !capable(CAP_SYS_PTRACE)) {
45911 + !capable_nolog(CAP_SYS_PTRACE)) {
45915 @@ -149,7 +149,7 @@ int __ptrace_may_access(struct task_stru
45918 dumpable = get_dumpable(task->mm);
45919 - if (!dumpable && !capable(CAP_SYS_PTRACE))
45920 + if (!dumpable && !capable_nolog(CAP_SYS_PTRACE))
45923 return security_ptrace_access_check(task, mode);
45924 @@ -199,7 +199,7 @@ int ptrace_attach(struct task_struct *ta
45925 goto unlock_tasklist;
45927 task->ptrace = PT_PTRACED;
45928 - if (capable(CAP_SYS_PTRACE))
45929 + if (capable_nolog(CAP_SYS_PTRACE))
45930 task->ptrace |= PT_PTRACE_CAP;
45932 __ptrace_link(task, current);
45933 @@ -532,18 +532,18 @@ int ptrace_request(struct task_struct *c
45934 ret = ptrace_setoptions(child, data);
45936 case PTRACE_GETEVENTMSG:
45937 - ret = put_user(child->ptrace_message, (unsigned long __user *) data);
45938 + ret = put_user(child->ptrace_message, (__force unsigned long __user *) data);
45941 case PTRACE_GETSIGINFO:
45942 ret = ptrace_getsiginfo(child, &siginfo);
45944 - ret = copy_siginfo_to_user((siginfo_t __user *) data,
45945 + ret = copy_siginfo_to_user((__force siginfo_t __user *) data,
45949 case PTRACE_SETSIGINFO:
45950 - if (copy_from_user(&siginfo, (siginfo_t __user *) data,
45951 + if (copy_from_user(&siginfo, (__force siginfo_t __user *) data,
45955 @@ -621,6 +621,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
45959 + if (gr_handle_ptrace(child, request)) {
45961 + goto out_put_task_struct;
45964 if (request == PTRACE_ATTACH) {
45965 ret = ptrace_attach(child);
45967 @@ -663,7 +663,7 @@ int generic_ptrace_peekdata(struct task_
45968 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
45969 if (copied != sizeof(tmp))
45971 - return put_user(tmp, (unsigned long __user *)data);
45972 + return put_user(tmp, (__force unsigned long __user *)data);
45975 int generic_ptrace_pokedata(struct task_struct *tsk, long addr, long data)
45976 diff -urNp linux-2.6.32.1/kernel/relay.c linux-2.6.32.1/kernel/relay.c
45977 --- linux-2.6.32.1/kernel/relay.c 2009-12-02 22:51:21.000000000 -0500
45978 +++ linux-2.6.32.1/kernel/relay.c 2009-12-14 18:33:59.442723685 -0500
45979 @@ -1292,7 +1292,7 @@ static int subbuf_splice_actor(struct fi
45982 ret = *nonpad_ret = splice_to_pipe(pipe, &spd);
45983 - if (ret < 0 || ret < total_len)
45984 + if ((int)ret < 0 || ret < total_len)
45987 if (read_start + ret == nonpad_end)
45988 diff -urNp linux-2.6.32.1/kernel/resource.c linux-2.6.32.1/kernel/resource.c
45989 --- linux-2.6.32.1/kernel/resource.c 2009-12-02 22:51:21.000000000 -0500
45990 +++ linux-2.6.32.1/kernel/resource.c 2009-12-14 18:33:59.442723685 -0500
45991 @@ -132,8 +132,18 @@ static const struct file_operations proc
45993 static int __init ioresources_init(void)
45995 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
45996 +#ifdef CONFIG_GRKERNSEC_PROC_USER
45997 + proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations);
45998 + proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations);
45999 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
46000 + proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations);
46001 + proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations);
46004 proc_create("ioports", 0, NULL, &proc_ioports_operations);
46005 proc_create("iomem", 0, NULL, &proc_iomem_operations);
46009 __initcall(ioresources_init);
46010 diff -urNp linux-2.6.32.1/kernel/sched.c linux-2.6.32.1/kernel/sched.c
46011 --- linux-2.6.32.1/kernel/sched.c 2009-12-02 22:51:21.000000000 -0500
46012 +++ linux-2.6.32.1/kernel/sched.c 2009-12-14 18:33:59.472984930 -0500
46013 @@ -6072,6 +6072,8 @@ int can_nice(const struct task_struct *p
46014 /* convert nice value [19,-20] to rlimit style value [1,40] */
46015 int nice_rlim = 20 - nice;
46017 + gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1);
46019 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
46020 capable(CAP_SYS_NICE));
46022 @@ -6319,7 +6319,7 @@ SYSCALL_DEFINE1(nice, int, increment)
46026 - if (increment < 0 && !can_nice(current, nice))
46027 + if (increment < 0 && (!can_nice(current, nice) || gr_handle_chroot_nice()))
46028 return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
46030 retval = security_task_setnice(current, nice);
46031 @@ -6255,6 +6258,8 @@ recheck:
46032 if (rt_policy(policy)) {
46033 unsigned long rlim_rtprio;
46035 + gr_learn_resource(p, RLIMIT_RTPRIO, param->sched_priority, 1);
46037 if (!lock_task_sighand(p, &flags))
46039 rlim_rtprio = p->signal->rlim[RLIMIT_RTPRIO].rlim_cur;
46040 @@ -7406,7 +7411,7 @@ static struct ctl_table sd_ctl_dir[] = {
46041 .procname = "sched_domain",
46045 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46048 static struct ctl_table sd_ctl_root[] = {
46049 @@ -7416,7 +7421,7 @@ static struct ctl_table sd_ctl_root[] =
46051 .child = sd_ctl_dir,
46054 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46057 static struct ctl_table *sd_alloc_ctl_entry(int n)
46058 diff -urNp linux-2.6.32.1/kernel/signal.c linux-2.6.32.1/kernel/signal.c
46059 --- linux-2.6.32.1/kernel/signal.c 2009-12-02 22:51:21.000000000 -0500
46060 +++ linux-2.6.32.1/kernel/signal.c 2009-12-14 18:33:59.473715661 -0500
46061 @@ -207,6 +207,9 @@ static struct sigqueue *__sigqueue_alloc
46063 user = get_uid(__task_cred(t)->user);
46064 atomic_inc(&user->sigpending);
46066 + if (!override_rlimit)
46067 + gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1);
46068 if (override_rlimit ||
46069 atomic_read(&user->sigpending) <=
46070 t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur)
46071 @@ -651,6 +651,10 @@
46072 sig, info, t, vx_task_xid(t), t->pid, current->xid);
46076 + if (gr_handle_signal(t, sig))
46080 return security_task_kill(t, info, sig, 0);
46082 @@ -939,8 +945,8 @@ static void print_fatal_signal(struct pt
46083 for (i = 0; i < 16; i++) {
46084 unsigned char insn;
46086 - __get_user(insn, (unsigned char *)(regs->ip + i));
46087 - printk("%02x ", insn);
46088 + if (!get_user(insn, (unsigned char __user *)(regs->ip + i)))
46089 + printk("%02x ", insn);
46093 @@ -965,7 +971,7 @@ __group_send_sig_info(int sig, struct si
46094 return send_signal(sig, info, p, 1);
46099 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
46101 return send_signal(sig, info, t, 0);
46102 @@ -1019,6 +1025,9 @@ force_sig_info(int sig, struct siginfo *
46103 ret = specific_send_sig_info(sig, info, t);
46104 spin_unlock_irqrestore(&t->sighand->siglock, flags);
46106 + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
46107 + gr_handle_crash(t, sig);
46112 @@ -1078,8 +1087,11 @@ int group_send_sig_info(int sig, struct
46114 int ret = check_kill_permission(sig, info, p);
46117 + if (!ret && sig) {
46118 ret = do_send_sig_info(sig, info, p, true);
46120 + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, p);
46125 diff -urNp linux-2.6.32.1/kernel/smp.c linux-2.6.32.1/kernel/smp.c
46126 --- linux-2.6.32.1/kernel/smp.c 2009-12-02 22:51:21.000000000 -0500
46127 +++ linux-2.6.32.1/kernel/smp.c 2009-12-14 18:33:59.487900127 -0500
46128 @@ -459,22 +459,22 @@ int smp_call_function(void (*func)(void
46130 EXPORT_SYMBOL(smp_call_function);
46132 -void ipi_call_lock(void)
46133 +void ipi_call_lock(void) __acquires(call_function.lock)
46135 spin_lock(&call_function.lock);
46138 -void ipi_call_unlock(void)
46139 +void ipi_call_unlock(void) __releases(call_function.lock)
46141 spin_unlock(&call_function.lock);
46144 -void ipi_call_lock_irq(void)
46145 +void ipi_call_lock_irq(void) __acquires(call_function.lock)
46147 spin_lock_irq(&call_function.lock);
46150 -void ipi_call_unlock_irq(void)
46151 +void ipi_call_unlock_irq(void) __releases(call_function.lock)
46153 spin_unlock_irq(&call_function.lock);
46155 diff -urNp linux-2.6.32.1/kernel/softirq.c linux-2.6.32.1/kernel/softirq.c
46156 --- linux-2.6.32.1/kernel/softirq.c 2009-12-02 22:51:21.000000000 -0500
46157 +++ linux-2.6.32.1/kernel/softirq.c 2009-12-14 18:33:59.488764183 -0500
46158 @@ -56,7 +56,7 @@ static struct softirq_action softirq_vec
46160 static DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
46162 -char *softirq_to_name[NR_SOFTIRQS] = {
46163 +const char * const softirq_to_name[NR_SOFTIRQS] = {
46164 "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL",
46165 "TASKLET", "SCHED", "HRTIMER", "RCU"
46167 diff -urNp linux-2.6.32.1/kernel/sys.c linux-2.6.32.1/kernel/sys.c
46168 --- linux-2.6.32.1/kernel/sys.c 2009-12-02 22:51:21.000000000 -0500
46169 +++ linux-2.6.32.1/kernel/sys.c 2009-12-14 18:33:59.488764183 -0500
46170 @@ -133,6 +133,12 @@ static int set_one_prio(struct task_stru
46175 + if (gr_handle_chroot_setpriority(p, niceval)) {
46180 no_nice = security_task_setnice(p, niceval);
46183 @@ -190,10 +196,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
46184 !(user = find_user(who)))
46185 goto out_unlock; /* No processes for this user */
46187 - do_each_thread(g, p)
46188 + do_each_thread(g, p) {
46189 if (__task_cred(p)->uid == who)
46190 error = set_one_prio(p, niceval, error);
46191 - while_each_thread(g, p);
46192 + } while_each_thread(g, p);
46193 if (who != cred->uid)
46194 free_uid(user); /* For find_user() */
46196 @@ -253,13 +259,13 @@ SYSCALL_DEFINE2(getpriority, int, which,
46197 !(user = find_user(who)))
46198 goto out_unlock; /* No processes for this user */
46200 - do_each_thread(g, p)
46201 + do_each_thread(g, p) {
46202 if (__task_cred(p)->uid == who) {
46203 niceval = 20 - task_nice(p);
46204 if (niceval > retval)
46207 - while_each_thread(g, p);
46208 + } while_each_thread(g, p);
46209 if (who != cred->uid)
46210 free_uid(user); /* for find_user() */
46212 @@ -509,6 +515,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g
46216 + if (gr_check_group_change(new->gid, new->egid, -1))
46219 if (rgid != (gid_t) -1 ||
46220 (egid != (gid_t) -1 && egid != old->gid))
46221 new->sgid = new->egid;
46222 @@ -542,6 +551,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
46227 + if (gr_check_group_change(gid, gid, gid))
46230 if (capable(CAP_SETGID))
46231 new->gid = new->egid = new->sgid = new->fsgid = gid;
46232 else if (gid == old->gid || gid == old->sgid)
46233 @@ -632,6 +645,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
46237 + if (gr_check_user_change(new->uid, new->euid, -1))
46240 if (new->uid != old->uid) {
46241 retval = set_user(new);
46243 @@ -680,6 +696,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
46248 + if (gr_check_crash_uid(uid))
46250 + if (gr_check_user_change(uid, uid, uid))
46253 if (capable(CAP_SETUID)) {
46254 new->suid = new->uid = uid;
46255 if (uid != old->uid) {
46256 @@ -737,6 +759,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid,
46260 + if (gr_check_user_change(ruid, euid, -1))
46263 if (ruid != (uid_t) -1) {
46265 if (ruid != old->uid) {
46266 @@ -805,6 +830,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid,
46270 + if (gr_check_group_change(rgid, egid, -1))
46273 if (rgid != (gid_t) -1)
46275 if (egid != (gid_t) -1)
46276 @@ -854,6 +882,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
46277 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
46280 + if (gr_check_user_change(-1, -1, uid))
46283 if (uid == old->uid || uid == old->euid ||
46284 uid == old->suid || uid == old->fsuid ||
46285 capable(CAP_SETUID)) {
46286 @@ -894,6 +925,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
46287 if (gid == old->gid || gid == old->egid ||
46288 gid == old->sgid || gid == old->fsgid ||
46289 capable(CAP_SETGID)) {
46290 + if (gr_check_group_change(-1, -1, gid))
46293 if (gid != old_fsgid) {
46296 @@ -1459,7 +1493,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
46297 error = get_dumpable(me->mm);
46299 case PR_SET_DUMPABLE:
46300 - if (arg2 < 0 || arg2 > 1) {
46305 diff -urNp linux-2.6.32.1/kernel/sysctl.c linux-2.6.32.1/kernel/sysctl.c
46306 --- linux-2.6.32.1/kernel/sysctl.c 2009-12-02 22:51:21.000000000 -0500
46307 +++ linux-2.6.32.1/kernel/sysctl.c 2009-12-14 18:33:59.489992453 -0500
46309 static int deprecated_sysctl_warning(struct __sysctl_args *args);
46311 #if defined(CONFIG_SYSCTL)
46312 +#include <linux/grsecurity.h>
46313 +#include <linux/grinternal.h>
46315 +extern __u32 gr_handle_sysctl(const ctl_table *table, const int op);
46316 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name,
46318 +extern int gr_handle_chroot_sysctl(const int op);
46320 /* External variables not in a header file. */
46322 @@ -168,6 +175,7 @@ static int proc_do_cad_pid(struct ctl_ta
46323 static int proc_taint(struct ctl_table *table, int write,
46324 void __user *buffer, size_t *lenp, loff_t *ppos);
46326 +extern ctl_table grsecurity_table[];
46328 static struct ctl_table root_table[];
46329 static struct ctl_table_root sysctl_table_root;
46330 @@ -200,6 +208,21 @@ extern struct ctl_table epoll_table[];
46331 int sysctl_legacy_va_layout;
46334 +#ifdef CONFIG_PAX_SOFTMODE
46335 +static ctl_table pax_table[] = {
46337 + .ctl_name = CTL_UNNUMBERED,
46338 + .procname = "softmode",
46339 + .data = &pax_softmode,
46340 + .maxlen = sizeof(unsigned int),
46342 + .proc_handler = &proc_dointvec,
46345 + { .ctl_name = 0 }
46349 extern int prove_locking;
46350 extern int lock_stat;
46352 @@ -251,6 +274,24 @@ static int max_wakeup_granularity_ns = N
46355 static struct ctl_table kern_table[] = {
46356 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
46358 + .ctl_name = CTL_UNNUMBERED,
46359 + .procname = "grsecurity",
46361 + .child = grsecurity_table,
46365 +#ifdef CONFIG_PAX_SOFTMODE
46367 + .ctl_name = CTL_UNNUMBERED,
46368 + .procname = "pax",
46370 + .child = pax_table,
46375 .ctl_name = CTL_UNNUMBERED,
46376 .procname = "sched_child_runs_first",
46377 @@ -1800,6 +1841,8 @@ static int do_sysctl_strategy(struct ctl
46381 +static int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op);
46383 static int parse_table(int __user *name, int nlen,
46384 void __user *oldval, size_t __user *oldlenp,
46385 void __user *newval, size_t newlen,
46386 @@ -1818,7 +1861,7 @@ repeat:
46387 if (n == table->ctl_name) {
46389 if (table->child) {
46390 - if (sysctl_perm(root, table, MAY_EXEC))
46391 + if (sysctl_perm_nochk(root, table, MAY_EXEC))
46395 @@ -1903,6 +1946,33 @@ int sysctl_perm(struct ctl_table_root *r
46399 + if (table->parent != NULL && table->parent->procname != NULL &&
46400 + table->procname != NULL &&
46401 + gr_handle_sysctl_mod(table->parent->procname, table->procname, op))
46403 + if (gr_handle_chroot_sysctl(op))
46405 + error = gr_handle_sysctl(table, op);
46409 + error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
46413 + if (root->permissions)
46414 + mode = root->permissions(root, current->nsproxy, table);
46416 + mode = table->mode;
46418 + return test_perm(mode, op);
46421 +int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op)
46426 error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
46429 diff -urNp linux-2.6.32.1/kernel/taskstats.c linux-2.6.32.1/kernel/taskstats.c
46430 --- linux-2.6.32.1/kernel/taskstats.c 2009-12-02 22:51:21.000000000 -0500
46431 +++ linux-2.6.32.1/kernel/taskstats.c 2009-12-14 18:33:59.489992453 -0500
46433 #include <linux/cgroup.h>
46434 #include <linux/fs.h>
46435 #include <linux/file.h>
46436 +#include <linux/grsecurity.h>
46437 #include <net/genetlink.h>
46438 #include <asm/atomic.h>
46440 +extern int gr_is_taskstats_denied(int pid);
46443 * Maximum length of a cpumask that can be specified in
46444 * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute
46445 @@ -433,6 +436,9 @@ static int taskstats_user_cmd(struct sk_
46447 cpumask_var_t mask;
46449 + if (gr_is_taskstats_denied(current->pid))
46452 if (!alloc_cpumask_var(&mask, GFP_KERNEL))
46455 diff -urNp linux-2.6.32.1/kernel/time/tick-broadcast.c linux-2.6.32.1/kernel/time/tick-broadcast.c
46456 --- linux-2.6.32.1/kernel/time/tick-broadcast.c 2009-12-02 22:51:21.000000000 -0500
46457 +++ linux-2.6.32.1/kernel/time/tick-broadcast.c 2009-12-14 18:33:59.491005145 -0500
46458 @@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct cl
46459 * then clear the broadcast bit.
46461 if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
46462 - int cpu = smp_processor_id();
46463 + cpu = smp_processor_id();
46465 cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
46466 tick_broadcast_clear_oneshot(cpu);
46467 diff -urNp linux-2.6.32.1/kernel/time.c linux-2.6.32.1/kernel/time.c
46468 --- linux-2.6.32.1/kernel/time.c 2009-12-02 22:51:21.000000000 -0500
46469 +++ linux-2.6.32.1/kernel/time.c 2009-12-14 18:33:59.491005145 -0500
46470 @@ -95,6 +95,9 @@ SYSCALL_DEFINE1(stime, time_t __user *,
46473 vx_settimeofday(&tv);
46475 + gr_log_timechange();
46480 @@ -202,6 +205,8 @@ SYSCALL_DEFINE2(settimeofday, struct tim
46484 + gr_log_timechange();
46486 return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL);
46489 @@ -240,7 +245,7 @@ EXPORT_SYMBOL(current_fs_time);
46490 * Avoid unnecessary multiplications/divisions in the
46491 * two most common HZ cases:
46493 -unsigned int inline jiffies_to_msecs(const unsigned long j)
46494 +inline unsigned int jiffies_to_msecs(const unsigned long j)
46496 #if HZ <= MSEC_PER_SEC && !(MSEC_PER_SEC % HZ)
46497 return (MSEC_PER_SEC / HZ) * j;
46498 @@ -256,7 +261,7 @@ unsigned int inline jiffies_to_msecs(con
46500 EXPORT_SYMBOL(jiffies_to_msecs);
46502 -unsigned int inline jiffies_to_usecs(const unsigned long j)
46503 +inline unsigned int jiffies_to_usecs(const unsigned long j)
46505 #if HZ <= USEC_PER_SEC && !(USEC_PER_SEC % HZ)
46506 return (USEC_PER_SEC / HZ) * j;
46507 diff -urNp linux-2.6.32.1/kernel/trace/Kconfig linux-2.6.32.1/kernel/trace/Kconfig
46508 --- linux-2.6.32.1/kernel/trace/Kconfig 2009-12-02 22:51:21.000000000 -0500
46509 +++ linux-2.6.32.1/kernel/trace/Kconfig 2009-12-14 18:33:59.491005145 -0500
46510 @@ -126,6 +126,7 @@ if FTRACE
46511 config FUNCTION_TRACER
46512 bool "Kernel Function Tracer"
46513 depends on HAVE_FUNCTION_TRACER
46514 + depends on !PAX_KERNEXEC
46515 select FRAME_POINTER
46517 select GENERIC_TRACER
46518 @@ -343,6 +344,7 @@ config POWER_TRACER
46519 config STACK_TRACER
46520 bool "Trace max stack"
46521 depends on HAVE_FUNCTION_TRACER
46522 + depends on !PAX_KERNEXEC
46523 select FUNCTION_TRACER
46526 diff -urNp linux-2.6.32.1/kernel/trace/trace.c linux-2.6.32.1/kernel/trace/trace.c
46527 --- linux-2.6.32.1/kernel/trace/trace.c 2009-12-02 22:51:21.000000000 -0500
46528 +++ linux-2.6.32.1/kernel/trace/trace.c 2009-12-14 18:33:59.491783207 -0500
46529 @@ -3792,10 +3792,9 @@ static const struct file_operations trac
46533 -static struct dentry *d_tracer;
46535 struct dentry *tracing_init_dentry(void)
46537 + static struct dentry *d_tracer;
46541 @@ -3815,10 +3814,9 @@ struct dentry *tracing_init_dentry(void)
46545 -static struct dentry *d_percpu;
46547 struct dentry *tracing_dentry_percpu(void)
46549 + static struct dentry *d_percpu;
46551 struct dentry *d_tracer;
46553 diff -urNp linux-2.6.32.1/kernel/trace/trace_events.c linux-2.6.32.1/kernel/trace/trace_events.c
46554 --- linux-2.6.32.1/kernel/trace/trace_events.c 2009-12-02 22:51:21.000000000 -0500
46555 +++ linux-2.6.32.1/kernel/trace/trace_events.c 2009-12-14 18:33:59.492790402 -0500
46556 @@ -951,6 +951,8 @@ static LIST_HEAD(ftrace_module_file_list
46557 * Modules must own their file_operations to keep up with
46558 * reference counting.
46561 +/* cannot be const */
46562 struct ftrace_module_file_ops {
46563 struct list_head list;
46564 struct module *mod;
46565 diff -urNp linux-2.6.32.1/kernel/trace/trace_output.c linux-2.6.32.1/kernel/trace/trace_output.c
46566 --- linux-2.6.32.1/kernel/trace/trace_output.c 2009-12-02 22:51:21.000000000 -0500
46567 +++ linux-2.6.32.1/kernel/trace/trace_output.c 2009-12-14 18:33:59.494733676 -0500
46568 @@ -237,7 +237,7 @@ int trace_seq_path(struct trace_seq *s,
46570 p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len);
46572 - p = mangle_path(s->buffer + s->len, p, "\n");
46573 + p = mangle_path(s->buffer + s->len, p, "\n\\");
46575 s->len = p - s->buffer;
46577 diff -urNp linux-2.6.32.1/kernel/trace/trace_stack.c linux-2.6.32.1/kernel/trace/trace_stack.c
46578 --- linux-2.6.32.1/kernel/trace/trace_stack.c 2009-12-02 22:51:21.000000000 -0500
46579 +++ linux-2.6.32.1/kernel/trace/trace_stack.c 2009-12-14 18:33:59.495722482 -0500
46580 @@ -50,7 +50,7 @@ static inline void check_stack(void)
46583 /* we do not handle interrupt stacks yet */
46584 - if (!object_is_on_stack(&this_size))
46585 + if (!object_starts_on_stack(&this_size))
46588 local_irq_save(flags);
46589 diff -urNp linux-2.6.32.1/kernel/utsname_sysctl.c linux-2.6.32.1/kernel/utsname_sysctl.c
46590 --- linux-2.6.32.1/kernel/utsname_sysctl.c 2009-12-02 22:51:21.000000000 -0500
46591 +++ linux-2.6.32.1/kernel/utsname_sysctl.c 2009-12-14 18:33:59.495722482 -0500
46592 @@ -123,7 +123,7 @@ static struct ctl_table uts_kern_table[]
46593 .proc_handler = proc_do_uts_string,
46594 .strategy = sysctl_uts_string,
46597 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46600 static struct ctl_table uts_root_table[] = {
46601 @@ -133,7 +133,7 @@ static struct ctl_table uts_root_table[]
46603 .child = uts_kern_table,
46606 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46609 static int __init utsname_sysctl_init(void)
46610 diff -urNp linux-2.6.32.1/lib/bug.c linux-2.6.32.1/lib/bug.c
46611 --- linux-2.6.32.1/lib/bug.c 2009-12-02 22:51:21.000000000 -0500
46612 +++ linux-2.6.32.1/lib/bug.c 2009-12-14 18:33:59.495722482 -0500
46613 @@ -135,6 +135,8 @@ enum bug_trap_type report_bug(unsigned l
46614 return BUG_TRAP_TYPE_NONE;
46616 bug = find_bug(bugaddr);
46618 + return BUG_TRAP_TYPE_NONE;
46620 printk(KERN_EMERG "------------[ cut here ]------------\n");
46622 diff -urNp linux-2.6.32.1/lib/debugobjects.c linux-2.6.32.1/lib/debugobjects.c
46623 --- linux-2.6.32.1/lib/debugobjects.c 2009-12-02 22:51:21.000000000 -0500
46624 +++ linux-2.6.32.1/lib/debugobjects.c 2009-12-14 18:33:59.495722482 -0500
46625 @@ -277,7 +277,7 @@ static void debug_object_is_on_stack(voi
46629 - is_on_stack = object_is_on_stack(addr);
46630 + is_on_stack = object_starts_on_stack(addr);
46631 if (is_on_stack == onstack)
46634 diff -urNp linux-2.6.32.1/lib/dma-debug.c linux-2.6.32.1/lib/dma-debug.c
46635 --- linux-2.6.32.1/lib/dma-debug.c 2009-12-02 22:51:21.000000000 -0500
46636 +++ linux-2.6.32.1/lib/dma-debug.c 2009-12-14 18:33:59.495722482 -0500
46637 @@ -857,7 +857,7 @@ out:
46639 static void check_for_stack(struct device *dev, void *addr)
46641 - if (object_is_on_stack(addr))
46642 + if (object_starts_on_stack(addr))
46643 err_printk(dev, NULL, "DMA-API: device driver maps memory from"
46644 "stack [addr=%p]\n", addr);
46646 diff -urNp linux-2.6.32.1/lib/inflate.c linux-2.6.32.1/lib/inflate.c
46647 --- linux-2.6.32.1/lib/inflate.c 2009-12-02 22:51:21.000000000 -0500
46648 +++ linux-2.6.32.1/lib/inflate.c 2009-12-14 18:33:59.497106042 -0500
46649 @@ -266,7 +266,7 @@ static void free(void *where)
46650 malloc_ptr = free_mem_ptr;
46653 -#define malloc(a) kmalloc(a, GFP_KERNEL)
46654 +#define malloc(a) kmalloc((a), GFP_KERNEL)
46655 #define free(a) kfree(a)
46658 diff -urNp linux-2.6.32.1/lib/Kconfig.debug linux-2.6.32.1/lib/Kconfig.debug
46659 --- linux-2.6.32.1/lib/Kconfig.debug 2009-12-02 22:51:21.000000000 -0500
46660 +++ linux-2.6.32.1/lib/Kconfig.debug 2009-12-14 18:33:59.497106042 -0500
46661 @@ -905,7 +905,7 @@ config LATENCYTOP
46665 - depends on HAVE_LATENCYTOP_SUPPORT
46666 + depends on HAVE_LATENCYTOP_SUPPORT && !GRKERNSEC_HIDESYM
46668 Enable this option if you want to use the LatencyTOP tool
46669 to find out which userspace is blocking on what kernel operations.
46670 diff -urNp linux-2.6.32.1/lib/kobject.c linux-2.6.32.1/lib/kobject.c
46671 --- linux-2.6.32.1/lib/kobject.c 2009-12-02 22:51:21.000000000 -0500
46672 +++ linux-2.6.32.1/lib/kobject.c 2009-12-14 18:33:59.497106042 -0500
46673 @@ -700,7 +700,7 @@ static ssize_t kobj_attr_store(struct ko
46677 -struct sysfs_ops kobj_sysfs_ops = {
46678 +const struct sysfs_ops kobj_sysfs_ops = {
46679 .show = kobj_attr_show,
46680 .store = kobj_attr_store,
46682 @@ -789,7 +789,7 @@ static struct kobj_type kset_ktype = {
46683 * If the kset was not able to be created, NULL will be returned.
46685 static struct kset *kset_create(const char *name,
46686 - struct kset_uevent_ops *uevent_ops,
46687 + const struct kset_uevent_ops *uevent_ops,
46688 struct kobject *parent_kobj)
46691 @@ -832,7 +832,7 @@ static struct kset *kset_create(const ch
46692 * If the kset was not able to be created, NULL will be returned.
46694 struct kset *kset_create_and_add(const char *name,
46695 - struct kset_uevent_ops *uevent_ops,
46696 + const struct kset_uevent_ops *uevent_ops,
46697 struct kobject *parent_kobj)
46700 diff -urNp linux-2.6.32.1/lib/kobject_uevent.c linux-2.6.32.1/lib/kobject_uevent.c
46701 --- linux-2.6.32.1/lib/kobject_uevent.c 2009-12-02 22:51:21.000000000 -0500
46702 +++ linux-2.6.32.1/lib/kobject_uevent.c 2009-12-14 18:33:59.497992692 -0500
46703 @@ -95,7 +95,7 @@ int kobject_uevent_env(struct kobject *k
46704 const char *subsystem;
46705 struct kobject *top_kobj;
46707 - struct kset_uevent_ops *uevent_ops;
46708 + const struct kset_uevent_ops *uevent_ops;
46712 diff -urNp linux-2.6.32.1/lib/parser.c linux-2.6.32.1/lib/parser.c
46713 --- linux-2.6.32.1/lib/parser.c 2009-12-02 22:51:21.000000000 -0500
46714 +++ linux-2.6.32.1/lib/parser.c 2009-12-14 18:33:59.497992692 -0500
46715 @@ -126,7 +126,7 @@ static int match_number(substring_t *s,
46719 - buf = kmalloc(s->to - s->from + 1, GFP_KERNEL);
46720 + buf = kmalloc((s->to - s->from) + 1, GFP_KERNEL);
46723 memcpy(buf, s->from, s->to - s->from);
46724 diff -urNp linux-2.6.32.1/lib/radix-tree.c linux-2.6.32.1/lib/radix-tree.c
46725 --- linux-2.6.32.1/lib/radix-tree.c 2009-12-02 22:51:21.000000000 -0500
46726 +++ linux-2.6.32.1/lib/radix-tree.c 2009-12-14 18:33:59.497992692 -0500
46727 @@ -81,7 +81,7 @@ struct radix_tree_preload {
46729 struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
46731 -static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
46732 +static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads);
46734 static inline gfp_t root_gfp_mask(struct radix_tree_root *root)
46736 diff -urNp linux-2.6.32.1/lib/random32.c linux-2.6.32.1/lib/random32.c
46737 --- linux-2.6.32.1/lib/random32.c 2009-12-02 22:51:21.000000000 -0500
46738 +++ linux-2.6.32.1/lib/random32.c 2009-12-14 18:33:59.497992692 -0500
46739 @@ -61,7 +61,7 @@ static u32 __random32(struct rnd_state *
46741 static inline u32 __seed(u32 x, u32 m)
46743 - return (x < m) ? x + m : x;
46744 + return (x <= m) ? x + m + 1 : x;
46748 diff -urNp linux-2.6.32.1/localversion-grsec linux-2.6.32.1/localversion-grsec
46749 --- linux-2.6.32.1/localversion-grsec 1969-12-31 19:00:00.000000000 -0500
46750 +++ linux-2.6.32.1/localversion-grsec 2009-12-14 18:33:59.497992692 -0500
46753 diff -urNp linux-2.6.32.1/Makefile linux-2.6.32.1/Makefile
46754 --- linux-2.6.32.1/Makefile 2009-12-14 18:30:08.541937518 -0500
46755 +++ linux-2.6.32.1/Makefile 2009-12-14 18:33:59.536904304 -0500
46756 @@ -221,8 +221,8 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
46760 -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
46761 -HOSTCXXFLAGS = -O2
46762 +HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
46763 +HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
46765 # Decide whether to build built-in, modular, or both.
46766 # Normally, just do built-in.
46767 @@ -644,7 +644,7 @@ export mod_strip_cmd
46770 ifeq ($(KBUILD_EXTMOD),)
46771 -core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
46772 +core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
46774 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
46775 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
46776 diff -urNp linux-2.6.32.1/mm/filemap.c linux-2.6.32.1/mm/filemap.c
46777 --- linux-2.6.32.1/mm/filemap.c 2009-12-02 22:51:21.000000000 -0500
46778 +++ linux-2.6.32.1/mm/filemap.c 2009-12-14 18:33:59.546876618 -0500
46779 @@ -1622,7 +1622,7 @@ int generic_file_mmap(struct file * file
46780 struct address_space *mapping = file->f_mapping;
46782 if (!mapping->a_ops->readpage)
46785 file_accessed(file);
46786 vma->vm_ops = &generic_file_vm_ops;
46787 vma->vm_flags |= VM_CAN_NONLINEAR;
46788 @@ -1982,6 +1982,7 @@ inline int generic_write_checks(struct f
46789 *pos = i_size_read(inode);
46791 if (limit != RLIM_INFINITY) {
46792 + gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0);
46793 if (*pos >= limit) {
46794 send_sig(SIGXFSZ, current, 0);
46796 diff -urNp linux-2.6.32.1/mm/fremap.c linux-2.6.32.1/mm/fremap.c
46797 --- linux-2.6.32.1/mm/fremap.c 2009-12-02 22:51:21.000000000 -0500
46798 +++ linux-2.6.32.1/mm/fremap.c 2009-12-14 18:33:59.558713378 -0500
46799 @@ -153,6 +153,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
46801 vma = find_vma(mm, start);
46803 +#ifdef CONFIG_PAX_SEGMEXEC
46804 + if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC))
46809 * Make sure the vma is shared, that it supports prefaulting,
46810 * and that the remapped range is valid and fully within
46811 diff -urNp linux-2.6.32.1/mm/highmem.c linux-2.6.32.1/mm/highmem.c
46812 --- linux-2.6.32.1/mm/highmem.c 2009-12-02 22:51:21.000000000 -0500
46813 +++ linux-2.6.32.1/mm/highmem.c 2009-12-14 18:33:59.558713378 -0500
46814 @@ -116,9 +116,10 @@ static void flush_all_zero_pkmaps(void)
46815 * So no dangers, even with speculative execution.
46817 page = pte_page(pkmap_page_table[i]);
46818 + pax_open_kernel();
46819 pte_clear(&init_mm, (unsigned long)page_address(page),
46820 &pkmap_page_table[i]);
46822 + pax_close_kernel();
46823 set_page_address(page, NULL);
46826 @@ -177,9 +178,11 @@ start:
46829 vaddr = PKMAP_ADDR(last_pkmap_nr);
46831 + pax_open_kernel();
46832 set_pte_at(&init_mm, vaddr,
46833 &(pkmap_page_table[last_pkmap_nr]), mk_pte(page, kmap_prot));
46835 + pax_close_kernel();
46836 pkmap_count[last_pkmap_nr] = 1;
46837 set_page_address(page, (void *)vaddr);
46839 diff -urNp linux-2.6.32.1/mm/hugetlb.c linux-2.6.32.1/mm/hugetlb.c
46840 --- linux-2.6.32.1/mm/hugetlb.c 2009-12-02 22:51:21.000000000 -0500
46841 +++ linux-2.6.32.1/mm/hugetlb.c 2009-12-14 18:33:59.593103514 -0500
46842 @@ -1924,6 +1924,26 @@ static int unmap_ref_private(struct mm_s
46846 +#ifdef CONFIG_PAX_SEGMEXEC
46847 +static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m)
46849 + struct mm_struct *mm = vma->vm_mm;
46850 + struct vm_area_struct *vma_m;
46851 + unsigned long address_m;
46854 + vma_m = pax_find_mirror_vma(vma);
46858 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
46859 + address_m = address + SEGMEXEC_TASK_SIZE;
46860 + ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK);
46861 + get_page(page_m);
46862 + set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0));
46866 static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
46867 unsigned long address, pte_t *ptep, pte_t pte,
46868 struct page *pagecache_page)
46869 @@ -1995,6 +2015,11 @@ retry_avoidcopy:
46870 huge_ptep_clear_flush(vma, address, ptep);
46871 set_huge_pte_at(mm, address, ptep,
46872 make_huge_pte(vma, new_page, 1));
46874 +#ifdef CONFIG_PAX_SEGMEXEC
46875 + pax_mirror_huge_pte(vma, address, new_page);
46878 /* Make the old page be freed below */
46879 new_page = old_page;
46881 @@ -2124,6 +2149,10 @@ retry:
46882 && (vma->vm_flags & VM_SHARED)));
46883 set_huge_pte_at(mm, address, ptep, new_pte);
46885 +#ifdef CONFIG_PAX_SEGMEXEC
46886 + pax_mirror_huge_pte(vma, address, page);
46889 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
46890 /* Optimization, do the COW without a second fault */
46891 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
46892 @@ -2152,6 +2181,28 @@ int hugetlb_fault(struct mm_struct *mm,
46893 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
46894 struct hstate *h = hstate_vma(vma);
46896 +#ifdef CONFIG_PAX_SEGMEXEC
46897 + struct vm_area_struct *vma_m;
46899 + vma_m = pax_find_mirror_vma(vma);
46901 + unsigned long address_m;
46903 + if (vma->vm_start > vma_m->vm_start) {
46904 + address_m = address;
46905 + address -= SEGMEXEC_TASK_SIZE;
46907 + h = hstate_vma(vma);
46909 + address_m = address + SEGMEXEC_TASK_SIZE;
46911 + if (!huge_pte_alloc(mm, address_m, huge_page_size(h)))
46912 + return VM_FAULT_OOM;
46913 + address_m &= HPAGE_MASK;
46914 + unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL);
46918 ptep = huge_pte_alloc(mm, address, huge_page_size(h));
46920 return VM_FAULT_OOM;
46921 diff -urNp linux-2.6.32.1/mm/Kconfig linux-2.6.32.1/mm/Kconfig
46922 --- linux-2.6.32.1/mm/Kconfig 2009-12-02 22:51:21.000000000 -0500
46923 +++ linux-2.6.32.1/mm/Kconfig 2009-12-14 18:33:59.593103514 -0500
46924 @@ -227,7 +227,7 @@ config KSM
46926 config DEFAULT_MMAP_MIN_ADDR
46927 int "Low address space to protect from user allocation"
46931 This is the portion of low virtual memory which should be protected
46932 from userspace allocation. Keeping a user from writing to low pages
46933 diff -urNp linux-2.6.32.1/mm/maccess.c linux-2.6.32.1/mm/maccess.c
46934 --- linux-2.6.32.1/mm/maccess.c 2009-12-02 22:51:21.000000000 -0500
46935 +++ linux-2.6.32.1/mm/maccess.c 2009-12-14 18:33:59.593999829 -0500
46937 * Safely read from address @src to the buffer at @dst. If a kernel fault
46938 * happens, handle that and return -EFAULT.
46940 -long probe_kernel_read(void *dst, void *src, size_t size)
46941 +long probe_kernel_read(void *dst, const void *src, size_t size)
46944 mm_segment_t old_fs = get_fs();
46945 @@ -39,7 +39,7 @@ EXPORT_SYMBOL_GPL(probe_kernel_read);
46946 * Safely write to address @dst from the buffer at @src. If a kernel fault
46947 * happens, handle that and return -EFAULT.
46949 -long notrace __weak probe_kernel_write(void *dst, void *src, size_t size)
46950 +long notrace __weak probe_kernel_write(void *dst, const void *src, size_t size)
46953 mm_segment_t old_fs = get_fs();
46954 diff -urNp linux-2.6.32.1/mm/madvise.c linux-2.6.32.1/mm/madvise.c
46955 --- linux-2.6.32.1/mm/madvise.c 2009-12-02 22:51:21.000000000 -0500
46956 +++ linux-2.6.32.1/mm/madvise.c 2009-12-14 18:33:59.593999829 -0500
46957 @@ -44,6 +44,10 @@ static long madvise_behavior(struct vm_a
46959 unsigned long new_flags = vma->vm_flags;
46961 +#ifdef CONFIG_PAX_SEGMEXEC
46962 + struct vm_area_struct *vma_m;
46965 switch (behavior) {
46967 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
46968 @@ -103,6 +107,13 @@ success:
46970 * vm_flags is protected by the mmap_sem held in write mode.
46973 +#ifdef CONFIG_PAX_SEGMEXEC
46974 + vma_m = pax_find_mirror_vma(vma);
46976 + vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT);
46979 vma->vm_flags = new_flags;
46982 @@ -161,6 +172,11 @@ static long madvise_dontneed(struct vm_a
46983 struct vm_area_struct ** prev,
46984 unsigned long start, unsigned long end)
46987 +#ifdef CONFIG_PAX_SEGMEXEC
46988 + struct vm_area_struct *vma_m;
46992 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
46994 @@ -173,6 +189,21 @@ static long madvise_dontneed(struct vm_a
46995 zap_page_range(vma, start, end - start, &details);
46997 zap_page_range(vma, start, end - start, NULL);
46999 +#ifdef CONFIG_PAX_SEGMEXEC
47000 + vma_m = pax_find_mirror_vma(vma);
47002 + if (unlikely(vma->vm_flags & VM_NONLINEAR)) {
47003 + struct zap_details details = {
47004 + .nonlinear_vma = vma_m,
47005 + .last_index = ULONG_MAX,
47007 + zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, &details);
47009 + zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, NULL);
47016 @@ -359,6 +390,16 @@ SYSCALL_DEFINE3(madvise, unsigned long,
47020 +#ifdef CONFIG_PAX_SEGMEXEC
47021 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
47022 + if (end > SEGMEXEC_TASK_SIZE)
47027 + if (end > TASK_SIZE)
47033 diff -urNp linux-2.6.32.1/mm/memory.c linux-2.6.32.1/mm/memory.c
47034 --- linux-2.6.32.1/mm/memory.c 2009-12-02 22:51:21.000000000 -0500
47035 +++ linux-2.6.32.1/mm/memory.c 2009-12-14 18:33:59.619848437 -0500
47037 #include <linux/ksm.h>
47038 #include <linux/rmap.h>
47039 #include <linux/module.h>
47040 +#include <linux/security.h>
47041 #include <linux/delayacct.h>
47042 #include <linux/init.h>
47043 #include <linux/writeback.h>
47044 @@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct
47045 (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
47049 + while (nr_pages) {
47050 struct vm_area_struct *vma;
47052 - vma = find_extend_vma(mm, start);
47053 + vma = find_vma(mm, start);
47054 if (!vma && in_gate_area(tsk, start)) {
47055 unsigned long pg = start & PAGE_MASK;
47056 struct vm_area_struct *gate_vma = get_gate_vma(tsk);
47057 @@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct
47062 + if (!vma || start < vma->vm_start ||
47063 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
47064 !(vm_flags & vma->vm_flags))
47065 return i ? : -EFAULT;
47066 @@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct
47067 start += PAGE_SIZE;
47069 } while (nr_pages && start < vma->vm_end);
47070 - } while (nr_pages);
47075 @@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct
47076 copy_user_highpage(dst, src, va, vma);
47079 +#ifdef CONFIG_PAX_SEGMEXEC
47080 +static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd)
47082 + struct mm_struct *mm = vma->vm_mm;
47084 + pte_t *pte, entry;
47086 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
47088 + if (!pte_present(entry)) {
47089 + if (!pte_none(entry)) {
47090 + BUG_ON(pte_file(entry));
47091 + free_swap_and_cache(pte_to_swp_entry(entry));
47092 + pte_clear_not_present_full(mm, address, pte, 0);
47095 + struct page *page;
47097 + flush_cache_page(vma, address, pte_pfn(entry));
47098 + entry = ptep_clear_flush(vma, address, pte);
47099 + BUG_ON(pte_dirty(entry));
47100 + page = vm_normal_page(vma, address, entry);
47102 + update_hiwater_rss(mm);
47103 + if (PageAnon(page))
47104 + dec_mm_counter(mm, anon_rss);
47106 + dec_mm_counter(mm, file_rss);
47107 + page_remove_rmap(page);
47108 + page_cache_release(page);
47111 + pte_unmap_unlock(pte, ptl);
47114 +/* PaX: if vma is mirrored, synchronize the mirror's PTE
47116 + * the ptl of the lower mapped page is held on entry and is not released on exit
47117 + * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
47119 +static void pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
47121 + struct mm_struct *mm = vma->vm_mm;
47122 + unsigned long address_m;
47123 + spinlock_t *ptl_m;
47124 + struct vm_area_struct *vma_m;
47126 + pte_t *pte_m, entry_m;
47128 + BUG_ON(!page_m || !PageAnon(page_m));
47130 + vma_m = pax_find_mirror_vma(vma);
47134 + BUG_ON(!PageLocked(page_m));
47135 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47136 + address_m = address + SEGMEXEC_TASK_SIZE;
47137 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47138 + pte_m = pte_offset_map_nested(pmd_m, address_m);
47139 + ptl_m = pte_lockptr(mm, pmd_m);
47140 + if (ptl != ptl_m) {
47141 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47142 + if (!pte_none(*pte_m))
47146 + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
47147 + page_cache_get(page_m);
47148 + page_add_anon_rmap(page_m, vma_m, address_m);
47149 + inc_mm_counter(mm, anon_rss);
47150 + set_pte_at(mm, address_m, pte_m, entry_m);
47151 + update_mmu_cache(vma_m, address_m, entry_m);
47153 + if (ptl != ptl_m)
47154 + spin_unlock(ptl_m);
47155 + pte_unmap_nested(pte_m);
47156 + unlock_page(page_m);
47159 +void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
47161 + struct mm_struct *mm = vma->vm_mm;
47162 + unsigned long address_m;
47163 + spinlock_t *ptl_m;
47164 + struct vm_area_struct *vma_m;
47166 + pte_t *pte_m, entry_m;
47168 + BUG_ON(!page_m || PageAnon(page_m));
47170 + vma_m = pax_find_mirror_vma(vma);
47174 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47175 + address_m = address + SEGMEXEC_TASK_SIZE;
47176 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47177 + pte_m = pte_offset_map_nested(pmd_m, address_m);
47178 + ptl_m = pte_lockptr(mm, pmd_m);
47179 + if (ptl != ptl_m) {
47180 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47181 + if (!pte_none(*pte_m))
47185 + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
47186 + page_cache_get(page_m);
47187 + page_add_file_rmap(page_m);
47188 + inc_mm_counter(mm, file_rss);
47189 + set_pte_at(mm, address_m, pte_m, entry_m);
47190 + update_mmu_cache(vma_m, address_m, entry_m);
47192 + if (ptl != ptl_m)
47193 + spin_unlock(ptl_m);
47194 + pte_unmap_nested(pte_m);
47197 +static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl)
47199 + struct mm_struct *mm = vma->vm_mm;
47200 + unsigned long address_m;
47201 + spinlock_t *ptl_m;
47202 + struct vm_area_struct *vma_m;
47204 + pte_t *pte_m, entry_m;
47206 + vma_m = pax_find_mirror_vma(vma);
47210 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47211 + address_m = address + SEGMEXEC_TASK_SIZE;
47212 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47213 + pte_m = pte_offset_map_nested(pmd_m, address_m);
47214 + ptl_m = pte_lockptr(mm, pmd_m);
47215 + if (ptl != ptl_m) {
47216 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47217 + if (!pte_none(*pte_m))
47221 + entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot);
47222 + set_pte_at(mm, address_m, pte_m, entry_m);
47224 + if (ptl != ptl_m)
47225 + spin_unlock(ptl_m);
47226 + pte_unmap_nested(pte_m);
47229 +static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl)
47231 + struct page *page_m;
47234 + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC))
47238 + page_m = vm_normal_page(vma, address, entry);
47240 + pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl);
47241 + else if (PageAnon(page_m)) {
47242 + if (pax_find_mirror_vma(vma)) {
47243 + pte_unmap_unlock(pte, ptl);
47244 + lock_page(page_m);
47245 + pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
47246 + if (pte_same(entry, *pte))
47247 + pax_mirror_anon_pte(vma, address, page_m, ptl);
47249 + unlock_page(page_m);
47252 + pax_mirror_file_pte(vma, address, page_m, ptl);
47255 + pte_unmap_unlock(pte, ptl);
47260 * This routine handles present pages, when users try to write
47261 * to a shared page. It is done by copying the page to a new address
47262 @@ -2146,6 +2327,12 @@ gotten:
47264 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
47265 if (likely(pte_same(*page_table, orig_pte))) {
47267 +#ifdef CONFIG_PAX_SEGMEXEC
47268 + if (pax_find_mirror_vma(vma))
47269 + BUG_ON(!trylock_page(new_page));
47273 if (!PageAnon(old_page)) {
47274 dec_mm_counter(mm, file_rss);
47275 @@ -2197,6 +2384,10 @@ gotten:
47276 page_remove_rmap(old_page);
47279 +#ifdef CONFIG_PAX_SEGMEXEC
47280 + pax_mirror_anon_pte(vma, address, new_page, ptl);
47283 /* Free the old page.. */
47284 new_page = old_page;
47285 ret |= VM_FAULT_WRITE;
47286 @@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct
47288 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
47289 try_to_free_swap(page);
47291 +#ifdef CONFIG_PAX_SEGMEXEC
47292 + if ((flags & FAULT_FLAG_WRITE) || !pax_find_mirror_vma(vma))
47297 if (flags & FAULT_FLAG_WRITE) {
47298 @@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct
47300 /* No need to invalidate - it was non-present before */
47301 update_mmu_cache(vma, address, pte);
47303 +#ifdef CONFIG_PAX_SEGMEXEC
47304 + pax_mirror_anon_pte(vma, address, page, ptl);
47308 pte_unmap_unlock(page_table, ptl);
47310 @@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s
47311 unsigned long address, pte_t *page_table, pmd_t *pmd,
47312 unsigned int flags)
47314 - struct page *page;
47315 + struct page *page = NULL;
47319 @@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s
47320 if (!pte_none(*page_table))
47323 +#ifdef CONFIG_PAX_SEGMEXEC
47324 + if (pax_find_mirror_vma(vma))
47325 + BUG_ON(!trylock_page(page));
47328 inc_mm_counter(mm, anon_rss);
47329 page_add_new_anon_rmap(page, vma, address);
47331 @@ -2670,6 +2876,12 @@ setpte:
47333 /* No need to invalidate - it was non-present before */
47334 update_mmu_cache(vma, address, entry);
47336 +#ifdef CONFIG_PAX_SEGMEXEC
47338 + pax_mirror_anon_pte(vma, address, page, ptl);
47342 pte_unmap_unlock(page_table, ptl);
47344 @@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct *
47346 /* Only go through if we didn't race with anybody else... */
47347 if (likely(pte_same(*page_table, orig_pte))) {
47349 +#ifdef CONFIG_PAX_SEGMEXEC
47350 + if (anon && pax_find_mirror_vma(vma))
47351 + BUG_ON(!trylock_page(page));
47354 flush_icache_page(vma, page);
47355 entry = mk_pte(page, vma->vm_page_prot);
47356 if (flags & FAULT_FLAG_WRITE)
47357 @@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct *
47359 /* no need to invalidate: a not-present page won't be cached */
47360 update_mmu_cache(vma, address, entry);
47362 +#ifdef CONFIG_PAX_SEGMEXEC
47364 + pax_mirror_anon_pte(vma, address, page, ptl);
47366 + pax_mirror_file_pte(vma, address, page, ptl);
47371 mem_cgroup_uncharge_page(page);
47372 @@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc
47373 if (flags & FAULT_FLAG_WRITE)
47374 flush_tlb_page(vma, address);
47377 +#ifdef CONFIG_PAX_SEGMEXEC
47378 + pax_mirror_pte(vma, address, pte, pmd, ptl);
47383 pte_unmap_unlock(pte, ptl);
47385 @@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm
47389 +#ifdef CONFIG_PAX_SEGMEXEC
47390 + struct vm_area_struct *vma_m;
47393 __set_current_state(TASK_RUNNING);
47395 count_vm_event(PGFAULT);
47396 @@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm
47397 if (unlikely(is_vm_hugetlb_page(vma)))
47398 return hugetlb_fault(mm, vma, address, flags);
47400 +#ifdef CONFIG_PAX_SEGMEXEC
47401 + vma_m = pax_find_mirror_vma(vma);
47403 + unsigned long address_m;
47408 + if (vma->vm_start > vma_m->vm_start) {
47409 + address_m = address;
47410 + address -= SEGMEXEC_TASK_SIZE;
47413 + address_m = address + SEGMEXEC_TASK_SIZE;
47415 + pgd_m = pgd_offset(mm, address_m);
47416 + pud_m = pud_alloc(mm, pgd_m, address_m);
47418 + return VM_FAULT_OOM;
47419 + pmd_m = pmd_alloc(mm, pud_m, address_m);
47421 + return VM_FAULT_OOM;
47422 + if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m))
47423 + return VM_FAULT_OOM;
47424 + pax_unmap_mirror_pte(vma_m, address_m, pmd_m);
47428 pgd = pgd_offset(mm, address);
47429 pud = pud_alloc(mm, pgd, address);
47431 @@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void)
47432 gate_vma.vm_start = FIXADDR_USER_START;
47433 gate_vma.vm_end = FIXADDR_USER_END;
47434 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
47435 - gate_vma.vm_page_prot = __P101;
47436 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
47438 * Make sure the vDSO gets into every core dump.
47439 * Dumping its contents makes post-mortem fully interpretable later
47440 diff -urNp linux-2.6.32.1/mm/mempolicy.c linux-2.6.32.1/mm/mempolicy.c
47441 --- linux-2.6.32.1/mm/mempolicy.c 2009-12-02 22:51:21.000000000 -0500
47442 +++ linux-2.6.32.1/mm/mempolicy.c 2009-12-14 18:33:59.643010411 -0500
47443 @@ -573,6 +573,10 @@ static int mbind_range(struct vm_area_st
47444 struct vm_area_struct *next;
47447 +#ifdef CONFIG_PAX_SEGMEXEC
47448 + struct vm_area_struct *vma_m;
47452 for (; vma && vma->vm_start < end; vma = next) {
47453 next = vma->vm_next;
47454 @@ -584,6 +588,16 @@ static int mbind_range(struct vm_area_st
47455 err = policy_vma(vma, new);
47459 +#ifdef CONFIG_PAX_SEGMEXEC
47460 + vma_m = pax_find_mirror_vma(vma);
47462 + err = policy_vma(vma_m, new);
47471 @@ -1002,6 +1016,17 @@ static long do_mbind(unsigned long start
47476 +#ifdef CONFIG_PAX_SEGMEXEC
47477 + if (mm->pax_flags & MF_PAX_SEGMEXEC) {
47478 + if (end > SEGMEXEC_TASK_SIZE)
47483 + if (end > TASK_SIZE)
47489 @@ -1207,6 +1232,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
47493 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
47494 + if (mm != current->mm &&
47495 + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
47502 * Check if this process has the right to modify the specified
47503 * process. The right exists if the process has administrative
47504 @@ -1216,8 +1249,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
47506 tcred = __task_cred(task);
47507 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
47508 - cred->uid != tcred->suid && cred->uid != tcred->uid &&
47509 - !capable(CAP_SYS_NICE)) {
47510 + cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
47514 @@ -2386,7 +2418,7 @@ int show_numa_map(struct seq_file *m, vo
47517 seq_printf(m, " file=");
47518 - seq_path(m, &file->f_path, "\n\t= ");
47519 + seq_path(m, &file->f_path, "\n\t\\= ");
47520 } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
47521 seq_printf(m, " heap");
47522 } else if (vma->vm_start <= mm->start_stack &&
47523 diff -urNp linux-2.6.32.1/mm/migrate.c linux-2.6.32.1/mm/migrate.c
47524 --- linux-2.6.32.1/mm/migrate.c 2009-12-02 22:51:21.000000000 -0500
47525 +++ linux-2.6.32.1/mm/migrate.c 2009-12-14 18:33:59.657922600 -0500
47526 @@ -1103,6 +1103,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
47530 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
47531 + if (mm != current->mm &&
47532 + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
47539 * Check if this process has the right to modify the specified
47540 * process. The right exists if the process has administrative
47541 @@ -1112,8 +1120,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
47543 tcred = __task_cred(task);
47544 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
47545 - cred->uid != tcred->suid && cred->uid != tcred->uid &&
47546 - !capable(CAP_SYS_NICE)) {
47547 + cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
47551 diff -urNp linux-2.6.32.1/mm/mlock.c linux-2.6.32.1/mm/mlock.c
47552 --- linux-2.6.32.1/mm/mlock.c 2009-12-02 22:51:21.000000000 -0500
47553 +++ linux-2.6.32.1/mm/mlock.c 2009-12-14 18:33:59.667982949 -0500
47555 #include <linux/pagemap.h>
47556 #include <linux/mempolicy.h>
47557 #include <linux/syscalls.h>
47558 +#include <linux/security.h>
47559 #include <linux/sched.h>
47560 #include <linux/module.h>
47561 #include <linux/rmap.h>
47562 @@ -435,6 +436,17 @@ static int do_mlock(unsigned long start,
47567 +#ifdef CONFIG_PAX_SEGMEXEC
47568 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
47569 + if (end > SEGMEXEC_TASK_SIZE)
47574 + if (end > TASK_SIZE)
47577 vma = find_vma_prev(current->mm, start, &prev);
47578 if (!vma || vma->vm_start > start)
47580 @@ -494,6 +506,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
47581 lock_limit >>= PAGE_SHIFT;
47583 /* check against resource limits */
47584 + gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
47585 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
47586 error = do_mlock(start, len, 1);
47587 up_write(¤t->mm->mmap_sem);
47588 @@ -515,10 +528,10 @@ SYSCALL_DEFINE2(munlock, unsigned long,
47589 static int do_mlockall(int flags)
47591 struct vm_area_struct * vma, * prev = NULL;
47592 - unsigned int def_flags = 0;
47593 + unsigned int def_flags = current->mm->def_flags & ~VM_LOCKED;
47595 if (flags & MCL_FUTURE)
47596 - def_flags = VM_LOCKED;
47597 + def_flags |= VM_LOCKED;
47598 current->mm->def_flags = def_flags;
47599 if (flags == MCL_FUTURE)
47601 @@ -526,6 +539,12 @@ static int do_mlockall(int flags)
47602 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
47603 unsigned int newflags;
47605 +#ifdef CONFIG_PAX_SEGMEXEC
47606 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
47610 + BUG_ON(vma->vm_end > TASK_SIZE);
47611 newflags = vma->vm_flags | VM_LOCKED;
47612 if (!(flags & MCL_CURRENT))
47613 newflags &= ~VM_LOCKED;
47614 @@ -582,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
47616 if (!vx_vmlocked_avail(current->mm, current->mm->total_vm))
47618 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
47619 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
47620 capable(CAP_IPC_LOCK))
47621 ret = do_mlockall(flags);
47622 diff -urNp linux-2.6.32.1/mm/mmap.c linux-2.6.32.1/mm/mmap.c
47623 --- linux-2.6.32.1/mm/mmap.c 2009-12-02 22:51:21.000000000 -0500
47624 +++ linux-2.6.32.1/mm/mmap.c 2009-12-14 18:33:59.681733190 -0500
47626 #define arch_rebalance_pgtables(addr, len) (addr)
47629 +static inline void verify_mm_writelocked(struct mm_struct *mm)
47631 +#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX)
47632 + if (unlikely(down_read_trylock(&mm->mmap_sem))) {
47633 + up_read(&mm->mmap_sem);
47639 static void unmap_region(struct mm_struct *mm,
47640 struct vm_area_struct *vma, struct vm_area_struct *prev,
47641 unsigned long start, unsigned long end);
47642 @@ -70,16 +80,25 @@ static void unmap_region(struct mm_struc
47643 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes
47646 -pgprot_t protection_map[16] = {
47647 +pgprot_t protection_map[16] __read_only = {
47648 __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
47649 __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
47652 pgprot_t vm_get_page_prot(unsigned long vm_flags)
47654 - return __pgprot(pgprot_val(protection_map[vm_flags &
47655 + pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags &
47656 (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
47657 pgprot_val(arch_vm_get_page_prot(vm_flags)));
47659 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
47660 + if (!nx_enabled &&
47661 + (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC &&
47662 + (vm_flags & (VM_READ | VM_WRITE)))
47663 + prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot)))));
47668 EXPORT_SYMBOL(vm_get_page_prot);
47670 @@ -231,6 +250,7 @@ static struct vm_area_struct *remove_vma
47671 struct vm_area_struct *next = vma->vm_next;
47674 + BUG_ON(vma->vm_mirror);
47675 if (vma->vm_ops && vma->vm_ops->close)
47676 vma->vm_ops->close(vma);
47677 if (vma->vm_file) {
47678 @@ -267,6 +287,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
47679 * not page aligned -Ram Gupta
47681 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
47682 + gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
47683 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
47684 (mm->end_data - mm->start_data) > rlim)
47686 @@ -694,6 +715,12 @@ static int
47687 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
47688 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
47691 +#ifdef CONFIG_PAX_SEGMEXEC
47692 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE)
47696 if (is_mergeable_vma(vma, file, vm_flags) &&
47697 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
47698 if (vma->vm_pgoff == vm_pgoff)
47699 @@ -713,6 +740,12 @@ static int
47700 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
47701 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
47704 +#ifdef CONFIG_PAX_SEGMEXEC
47705 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE)
47709 if (is_mergeable_vma(vma, file, vm_flags) &&
47710 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
47712 @@ -755,12 +788,19 @@ can_vma_merge_after(struct vm_area_struc
47713 struct vm_area_struct *vma_merge(struct mm_struct *mm,
47714 struct vm_area_struct *prev, unsigned long addr,
47715 unsigned long end, unsigned long vm_flags,
47716 - struct anon_vma *anon_vma, struct file *file,
47717 + struct anon_vma *anon_vma, struct file *file,
47718 pgoff_t pgoff, struct mempolicy *policy)
47720 pgoff_t pglen = (end - addr) >> PAGE_SHIFT;
47721 struct vm_area_struct *area, *next;
47723 +#ifdef CONFIG_PAX_SEGMEXEC
47724 + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE;
47725 + struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL;
47727 + BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end);
47731 * We later require that vma->vm_flags == vm_flags,
47732 * so this tests vma->vm_flags & VM_SPECIAL, too.
47733 @@ -776,6 +816,15 @@ struct vm_area_struct *vma_merge(struct
47734 if (next && next->vm_end == end) /* cases 6, 7, 8 */
47735 next = next->vm_next;
47737 +#ifdef CONFIG_PAX_SEGMEXEC
47739 + prev_m = pax_find_mirror_vma(prev);
47741 + area_m = pax_find_mirror_vma(area);
47743 + next_m = pax_find_mirror_vma(next);
47747 * Can it merge with the predecessor?
47749 @@ -795,9 +844,24 @@ struct vm_area_struct *vma_merge(struct
47751 vma_adjust(prev, prev->vm_start,
47752 next->vm_end, prev->vm_pgoff, NULL);
47753 - } else /* cases 2, 5, 7 */
47755 +#ifdef CONFIG_PAX_SEGMEXEC
47757 + vma_adjust(prev_m, prev_m->vm_start,
47758 + next_m->vm_end, prev_m->vm_pgoff, NULL);
47761 + } else { /* cases 2, 5, 7 */
47762 vma_adjust(prev, prev->vm_start,
47763 end, prev->vm_pgoff, NULL);
47765 +#ifdef CONFIG_PAX_SEGMEXEC
47767 + vma_adjust(prev_m, prev_m->vm_start,
47768 + end_m, prev_m->vm_pgoff, NULL);
47775 @@ -808,12 +872,27 @@ struct vm_area_struct *vma_merge(struct
47776 mpol_equal(policy, vma_policy(next)) &&
47777 can_vma_merge_before(next, vm_flags,
47778 anon_vma, file, pgoff+pglen)) {
47779 - if (prev && addr < prev->vm_end) /* case 4 */
47780 + if (prev && addr < prev->vm_end) { /* case 4 */
47781 vma_adjust(prev, prev->vm_start,
47782 addr, prev->vm_pgoff, NULL);
47783 - else /* cases 3, 8 */
47785 +#ifdef CONFIG_PAX_SEGMEXEC
47787 + vma_adjust(prev_m, prev_m->vm_start,
47788 + addr_m, prev_m->vm_pgoff, NULL);
47791 + } else { /* cases 3, 8 */
47792 vma_adjust(area, addr, next->vm_end,
47793 next->vm_pgoff - pglen, NULL);
47795 +#ifdef CONFIG_PAX_SEGMEXEC
47797 + vma_adjust(area_m, addr_m, next_m->vm_end,
47798 + next_m->vm_pgoff - pglen, NULL);
47805 @@ -888,14 +967,11 @@ none:
47806 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
47807 struct file *file, long pages)
47809 - const unsigned long stack_flags
47810 - = VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN);
47813 mm->shared_vm += pages;
47814 if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
47815 mm->exec_vm += pages;
47816 - } else if (flags & stack_flags)
47817 + } else if (flags & (VM_GROWSUP|VM_GROWSDOWN))
47818 mm->stack_vm += pages;
47819 if (flags & (VM_RESERVED|VM_IO))
47820 mm->reserved_vm += pages;
47821 @@ -922,7 +998,7 @@ unsigned long do_mmap_pgoff(struct file
47822 * (the exception is when the underlying filesystem is noexec
47823 * mounted, in which case we dont add PROT_EXEC.)
47825 - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
47826 + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
47827 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
47830 @@ -932,15 +1008,15 @@ unsigned long do_mmap_pgoff(struct file
47831 if (!(flags & MAP_FIXED))
47832 addr = round_hint_to_min(addr);
47834 - error = arch_mmap_check(addr, len, flags);
47838 /* Careful about overflows.. */
47839 len = PAGE_ALIGN(len);
47840 if (!len || len > TASK_SIZE)
47843 + error = arch_mmap_check(addr, len, flags);
47847 /* offset overflow? */
47848 if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
47850 @@ -970,7 +1046,7 @@ unsigned long do_mmap_pgoff(struct file
47851 /* Obtain the address to map to. we verify (or select) it and ensure
47852 * that it represents a valid section of the address space.
47854 - addr = get_unmapped_area(file, addr, len, pgoff, flags);
47855 + addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0));
47856 if (addr & ~PAGE_MASK)
47859 @@ -981,6 +1057,26 @@ unsigned long do_mmap_pgoff(struct file
47860 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
47861 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
47863 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
47864 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
47866 +#ifdef CONFIG_PAX_MPROTECT
47867 + if (mm->pax_flags & MF_PAX_MPROTECT) {
47868 + if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
47869 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
47871 + vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
47878 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
47879 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file)
47880 + vm_flags &= ~VM_PAGEEXEC;
47883 if (flags & MAP_LOCKED)
47884 if (!can_do_mlock())
47886 @@ -992,6 +1088,7 @@ unsigned long do_mmap_pgoff(struct file
47887 locked += mm->locked_vm;
47888 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
47889 lock_limit >>= PAGE_SHIFT;
47890 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
47891 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
47894 @@ -1065,6 +1162,9 @@ unsigned long do_mmap_pgoff(struct file
47898 + if (!gr_acl_handle_mmap(file, prot))
47901 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
47903 EXPORT_SYMBOL(do_mmap_pgoff);
47904 @@ -1077,10 +1177,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
47906 int vma_wants_writenotify(struct vm_area_struct *vma)
47908 - unsigned int vm_flags = vma->vm_flags;
47909 + unsigned long vm_flags = vma->vm_flags;
47911 /* If it was private or non-writable, the write bit is already clear */
47912 - if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED)))
47913 + if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED))
47916 /* The backer wishes to know when pages are first written to? */
47917 @@ -1129,14 +1229,24 @@ unsigned long mmap_region(struct file *f
47918 unsigned long charged = 0;
47919 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
47921 +#ifdef CONFIG_PAX_SEGMEXEC
47922 + struct vm_area_struct *vma_m = NULL;
47926 + * mm->mmap_sem is required to protect against another thread
47927 + * changing the mappings in case we sleep.
47929 + verify_mm_writelocked(mm);
47931 /* Clear old maps */
47934 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
47935 if (vma && vma->vm_start < addr + len) {
47936 if (do_munmap(mm, addr, len))
47938 - goto munmap_back;
47939 + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
47940 + BUG_ON(vma && vma->vm_start < addr + len);
47943 /* Check against address space limit. */
47944 @@ -1185,6 +1295,16 @@ munmap_back:
47948 +#ifdef CONFIG_PAX_SEGMEXEC
47949 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) {
47950 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
47959 vma->vm_start = addr;
47960 vma->vm_end = addr + len;
47961 @@ -1207,6 +1327,19 @@ munmap_back:
47962 error = file->f_op->mmap(file, vma);
47964 goto unmap_and_free_vma;
47966 +#ifdef CONFIG_PAX_SEGMEXEC
47967 + if (vma_m && (vm_flags & VM_EXECUTABLE))
47968 + added_exe_file_vma(mm);
47971 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
47972 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) {
47973 + vma->vm_flags |= VM_PAGEEXEC;
47974 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
47978 if (vm_flags & VM_EXECUTABLE)
47979 added_exe_file_vma(mm);
47981 @@ -1230,6 +1363,11 @@ munmap_back:
47982 vma_link(mm, vma, prev, rb_link, rb_parent);
47983 file = vma->vm_file;
47985 +#ifdef CONFIG_PAX_SEGMEXEC
47987 + pax_mirror_vma(vma_m, vma);
47990 /* Once vma denies write, undo our temporary denial count */
47991 if (correct_wcount)
47992 atomic_inc(&inode->i_writecount);
47993 @@ -1238,6 +1376,7 @@ out:
47995 mm->total_vm += len >> PAGE_SHIFT;
47996 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
47997 + track_exec_limit(mm, addr, addr + len, vm_flags);
47998 if (vm_flags & VM_LOCKED) {
48000 * makes pages present; downgrades, drops, reacquires mmap_sem
48001 @@ -1260,6 +1399,12 @@ unmap_and_free_vma:
48002 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
48006 +#ifdef CONFIG_PAX_SEGMEXEC
48008 + kmem_cache_free(vm_area_cachep, vma_m);
48011 kmem_cache_free(vm_area_cachep, vma);
48014 @@ -1293,6 +1438,10 @@ arch_get_unmapped_area(struct file *filp
48015 if (flags & MAP_FIXED)
48018 +#ifdef CONFIG_PAX_RANDMMAP
48019 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
48023 addr = PAGE_ALIGN(addr);
48024 vma = find_vma(mm, addr);
48025 @@ -1301,10 +1450,10 @@ arch_get_unmapped_area(struct file *filp
48028 if (len > mm->cached_hole_size) {
48029 - start_addr = addr = mm->free_area_cache;
48030 + start_addr = addr = mm->free_area_cache;
48032 - start_addr = addr = TASK_UNMAPPED_BASE;
48033 - mm->cached_hole_size = 0;
48034 + start_addr = addr = mm->mmap_base;
48035 + mm->cached_hole_size = 0;
48039 @@ -1315,9 +1464,8 @@ full_search:
48040 * Start a new search - just in case we missed
48043 - if (start_addr != TASK_UNMAPPED_BASE) {
48044 - addr = TASK_UNMAPPED_BASE;
48045 - start_addr = addr;
48046 + if (start_addr != mm->mmap_base) {
48047 + start_addr = addr = mm->mmap_base;
48048 mm->cached_hole_size = 0;
48051 @@ -1339,10 +1487,16 @@ full_search:
48053 void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
48056 +#ifdef CONFIG_PAX_SEGMEXEC
48057 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
48062 * Is this a new hole at the lowest possible address?
48064 - if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) {
48065 + if (addr >= mm->mmap_base && addr < mm->free_area_cache) {
48066 mm->free_area_cache = addr;
48067 mm->cached_hole_size = ~0UL;
48069 @@ -1360,7 +1514,7 @@ arch_get_unmapped_area_topdown(struct fi
48071 struct vm_area_struct *vma;
48072 struct mm_struct *mm = current->mm;
48073 - unsigned long addr = addr0;
48074 + unsigned long base = mm->mmap_base, addr = addr0;
48076 /* requested length too big for entire address space */
48077 if (len > TASK_SIZE)
48078 @@ -1369,6 +1523,10 @@ arch_get_unmapped_area_topdown(struct fi
48079 if (flags & MAP_FIXED)
48082 +#ifdef CONFIG_PAX_RANDMMAP
48083 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
48086 /* requesting a specific address */
48088 addr = PAGE_ALIGN(addr);
48089 @@ -1426,13 +1584,21 @@ bottomup:
48090 * can happen with large stack limits and large mmap()
48093 + mm->mmap_base = TASK_UNMAPPED_BASE;
48095 +#ifdef CONFIG_PAX_RANDMMAP
48096 + if (mm->pax_flags & MF_PAX_RANDMMAP)
48097 + mm->mmap_base += mm->delta_mmap;
48100 + mm->free_area_cache = mm->mmap_base;
48101 mm->cached_hole_size = ~0UL;
48102 - mm->free_area_cache = TASK_UNMAPPED_BASE;
48103 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
48105 * Restore the topdown base:
48107 - mm->free_area_cache = mm->mmap_base;
48108 + mm->mmap_base = base;
48109 + mm->free_area_cache = base;
48110 mm->cached_hole_size = ~0UL;
48113 @@ -1441,6 +1607,12 @@ bottomup:
48115 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
48118 +#ifdef CONFIG_PAX_SEGMEXEC
48119 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
48124 * Is this a new hole at the highest possible address?
48126 @@ -1448,8 +1620,10 @@ void arch_unmap_area_topdown(struct mm_s
48127 mm->free_area_cache = addr;
48129 /* dont allow allocations above current base */
48130 - if (mm->free_area_cache > mm->mmap_base)
48131 + if (mm->free_area_cache > mm->mmap_base) {
48132 mm->free_area_cache = mm->mmap_base;
48133 + mm->cached_hole_size = ~0UL;
48138 @@ -1549,6 +1723,27 @@ out:
48139 return prev ? prev->vm_next : vma;
48142 +#ifdef CONFIG_PAX_SEGMEXEC
48143 +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
48145 + struct vm_area_struct *vma_m;
48147 + BUG_ON(!vma || vma->vm_start >= vma->vm_end);
48148 + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
48149 + BUG_ON(vma->vm_mirror);
48152 + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end);
48153 + vma_m = vma->vm_mirror;
48154 + BUG_ON(!vma_m || vma_m->vm_mirror != vma);
48155 + BUG_ON(vma->vm_file != vma_m->vm_file);
48156 + BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
48157 + BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma);
48158 + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED));
48164 * Verify that the stack growth is acceptable and
48165 * update accounting. This is shared with both the
48166 @@ -1565,6 +1760,7 @@ static int acct_stack_growth(struct vm_a
48169 /* Stack limit test */
48170 + gr_learn_resource(current, RLIMIT_STACK, size, 1);
48171 if (size > rlim[RLIMIT_STACK].rlim_cur)
48174 @@ -1574,6 +1770,7 @@ static int acct_stack_growth(struct vm_a
48175 unsigned long limit;
48176 locked = mm->locked_vm + grow;
48177 limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
48178 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48179 if (locked > limit && !capable(CAP_IPC_LOCK))
48182 @@ -1609,35 +1806,40 @@ static
48184 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
48187 + int error, locknext;
48189 if (!(vma->vm_flags & VM_GROWSUP))
48192 + /* Also guard against wrapping around to address 0. */
48193 + if (address < PAGE_ALIGN(address+1))
48194 + address = PAGE_ALIGN(address+1);
48199 * We must make sure the anon_vma is allocated
48200 * so that the anon_vma locking is not a noop.
48202 if (unlikely(anon_vma_prepare(vma)))
48204 + locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
48205 + if (locknext && unlikely(anon_vma_prepare(vma->vm_next)))
48207 anon_vma_lock(vma);
48209 + anon_vma_lock(vma->vm_next);
48212 * vma->vm_start/vm_end cannot change under us because the caller
48213 * is required to hold the mmap_sem in read mode. We need the
48214 - * anon_vma lock to serialize against concurrent expand_stacks.
48215 - * Also guard against wrapping around to address 0.
48216 + * anon_vma locks to serialize against concurrent expand_stacks
48217 + * and expand_upwards.
48219 - if (address < PAGE_ALIGN(address+4))
48220 - address = PAGE_ALIGN(address+4);
48222 - anon_vma_unlock(vma);
48227 /* Somebody else might have raced and expanded it already */
48228 - if (address > vma->vm_end) {
48229 + if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
48230 unsigned long size, grow;
48232 size = address - vma->vm_start;
48233 @@ -1647,6 +1849,8 @@ int expand_upwards(struct vm_area_struct
48235 vma->vm_end = address;
48238 + anon_vma_unlock(vma->vm_next);
48239 anon_vma_unlock(vma);
48242 @@ -1658,7 +1862,8 @@ int expand_upwards(struct vm_area_struct
48243 static int expand_downwards(struct vm_area_struct *vma,
48244 unsigned long address)
48247 + int error, lockprev = 0;
48248 + struct vm_area_struct *prev = NULL;
48251 * We must make sure the anon_vma is allocated
48252 @@ -1672,6 +1877,15 @@ static int expand_downwards(struct vm_ar
48256 +#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
48257 + find_vma_prev(vma->vm_mm, address, &prev);
48258 + lockprev = prev && (prev->vm_flags & VM_GROWSUP);
48260 + if (lockprev && unlikely(anon_vma_prepare(prev)))
48263 + anon_vma_lock(prev);
48265 anon_vma_lock(vma);
48268 @@ -1681,9 +1895,15 @@ static int expand_downwards(struct vm_ar
48271 /* Somebody else might have raced and expanded it already */
48272 - if (address < vma->vm_start) {
48273 + if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
48274 unsigned long size, grow;
48276 +#ifdef CONFIG_PAX_SEGMEXEC
48277 + struct vm_area_struct *vma_m;
48279 + vma_m = pax_find_mirror_vma(vma);
48282 size = vma->vm_end - address;
48283 grow = (vma->vm_start - address) >> PAGE_SHIFT;
48285 @@ -1691,9 +1911,20 @@ static int expand_downwards(struct vm_ar
48287 vma->vm_start = address;
48288 vma->vm_pgoff -= grow;
48289 + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
48291 +#ifdef CONFIG_PAX_SEGMEXEC
48293 + vma_m->vm_start -= grow << PAGE_SHIFT;
48294 + vma_m->vm_pgoff -= grow;
48300 anon_vma_unlock(vma);
48302 + anon_vma_unlock(prev);
48306 @@ -1769,6 +2000,13 @@ static void remove_vma_list(struct mm_st
48308 long nrpages = vma_pages(vma);
48310 +#ifdef CONFIG_PAX_SEGMEXEC
48311 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) {
48312 + vma = remove_vma(vma);
48317 mm->total_vm -= nrpages;
48318 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
48319 vma = remove_vma(vma);
48320 @@ -1813,6 +2051,16 @@ detach_vmas_to_be_unmapped(struct mm_str
48322 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
48325 +#ifdef CONFIG_PAX_SEGMEXEC
48326 + if (vma->vm_mirror) {
48327 + BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma);
48328 + vma->vm_mirror->vm_mirror = NULL;
48329 + vma->vm_mirror->vm_flags &= ~VM_EXEC;
48330 + vma->vm_mirror = NULL;
48334 rb_erase(&vma->vm_rb, &mm->mm_rb);
48337 @@ -1832,6 +2080,108 @@ detach_vmas_to_be_unmapped(struct mm_str
48338 * Split a vma into two pieces at address 'addr', a new vma is allocated
48339 * either for the first part or the tail.
48342 +#ifdef CONFIG_PAX_SEGMEXEC
48343 +int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
48344 + unsigned long addr, int new_below)
48346 + struct mempolicy *pol;
48347 + struct vm_area_struct *new, *vma_m, *new_m = NULL;
48348 + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE;
48350 + if (is_vm_hugetlb_page(vma) && (addr & ~HPAGE_MASK))
48353 + vma_m = pax_find_mirror_vma(vma);
48355 + BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE);
48356 + if (mm->map_count >= sysctl_max_map_count-1)
48358 + } else if (mm->map_count >= sysctl_max_map_count)
48361 + new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
48366 + new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
48368 + kmem_cache_free(vm_area_cachep, new);
48373 + /* most fields are the same, copy all, and then fixup */
48377 + new->vm_end = addr;
48379 + new->vm_start = addr;
48380 + new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
48385 + new_m->vm_mirror = new;
48386 + new->vm_mirror = new_m;
48389 + new_m->vm_end = addr_m;
48391 + new_m->vm_start = addr_m;
48392 + new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT);
48396 + pol = mpol_dup(vma_policy(vma));
48397 + if (IS_ERR(pol)) {
48399 + kmem_cache_free(vm_area_cachep, new_m);
48400 + kmem_cache_free(vm_area_cachep, new);
48401 + return PTR_ERR(pol);
48403 + vma_set_policy(new, pol);
48405 + if (new->vm_file) {
48406 + get_file(new->vm_file);
48407 + if (vma->vm_flags & VM_EXECUTABLE)
48408 + added_exe_file_vma(mm);
48411 + if (new->vm_ops && new->vm_ops->open)
48412 + new->vm_ops->open(new);
48415 + vma_adjust(vma, addr, vma->vm_end, vma->vm_pgoff +
48416 + ((addr - new->vm_start) >> PAGE_SHIFT), new);
48418 + vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
48422 + vma_set_policy(new_m, pol);
48424 + if (new_m->vm_file) {
48425 + get_file(new_m->vm_file);
48426 + if (vma_m->vm_flags & VM_EXECUTABLE)
48427 + added_exe_file_vma(mm);
48430 + if (new_m->vm_ops && new_m->vm_ops->open)
48431 + new_m->vm_ops->open(new_m);
48434 + vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff +
48435 + ((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m);
48437 + vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m);
48443 int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
48444 unsigned long addr, int new_below)
48446 @@ -1883,17 +2233,37 @@ int split_vma(struct mm_struct * mm, str
48452 /* Munmap is split into 2 main parts -- this part which finds
48453 * what needs doing, and the areas themselves, which do the
48454 * work. This now handles partial unmappings.
48455 * Jeremy Fitzhardinge <jeremy@goop.org>
48457 +#ifdef CONFIG_PAX_SEGMEXEC
48458 int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
48460 + int ret = __do_munmap(mm, start, len);
48461 + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
48464 + return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len);
48467 +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
48469 +int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
48473 struct vm_area_struct *vma, *prev, *last;
48476 + * mm->mmap_sem is required to protect against another thread
48477 + * changing the mappings in case we sleep.
48479 + verify_mm_writelocked(mm);
48481 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
48484 @@ -1957,6 +2327,8 @@ int do_munmap(struct mm_struct *mm, unsi
48485 /* Fix up all other VM information */
48486 remove_vma_list(mm, vma);
48488 + track_exec_limit(mm, start, end, 0UL);
48493 @@ -1969,22 +2341,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
48495 profile_munmap(addr);
48497 +#ifdef CONFIG_PAX_SEGMEXEC
48498 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
48499 + (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len))
48503 down_write(&mm->mmap_sem);
48504 ret = do_munmap(mm, addr, len);
48505 up_write(&mm->mmap_sem);
48509 -static inline void verify_mm_writelocked(struct mm_struct *mm)
48511 -#ifdef CONFIG_DEBUG_VM
48512 - if (unlikely(down_read_trylock(&mm->mmap_sem))) {
48514 - up_read(&mm->mmap_sem);
48520 * this is really a simplified "do_mmap". it only handles
48521 * anonymous maps. eventually we may be able to do some
48522 @@ -1998,6 +2366,11 @@ unsigned long do_brk(unsigned long addr,
48523 struct rb_node ** rb_link, * rb_parent;
48524 pgoff_t pgoff = addr >> PAGE_SHIFT;
48526 + unsigned long charged;
48528 +#ifdef CONFIG_PAX_SEGMEXEC
48529 + struct vm_area_struct *vma_m = NULL;
48532 len = PAGE_ALIGN(len);
48534 @@ -2015,19 +2388,34 @@ unsigned long do_brk(unsigned long addr,
48536 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
48538 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
48539 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
48540 + flags &= ~VM_EXEC;
48542 +#ifdef CONFIG_PAX_MPROTECT
48543 + if (mm->pax_flags & MF_PAX_MPROTECT)
48544 + flags &= ~VM_MAYEXEC;
48550 error = arch_mmap_check(addr, len, flags);
48554 + charged = len >> PAGE_SHIFT;
48557 * mlock MCL_FUTURE?
48559 if (mm->def_flags & VM_LOCKED) {
48560 unsigned long locked, lock_limit;
48561 - locked = len >> PAGE_SHIFT;
48562 + locked = charged;
48563 locked += mm->locked_vm;
48564 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
48565 lock_limit >>= PAGE_SHIFT;
48566 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48567 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
48570 @@ -2041,22 +2429,22 @@ unsigned long do_brk(unsigned long addr,
48572 * Clear old maps. this also does some error checking for us
48575 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48576 if (vma && vma->vm_start < addr + len) {
48577 if (do_munmap(mm, addr, len))
48579 - goto munmap_back;
48580 + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48581 + BUG_ON(vma && vma->vm_start < addr + len);
48584 /* Check against address space limits *after* clearing old maps... */
48585 - if (!may_expand_vm(mm, len >> PAGE_SHIFT))
48586 + if (!may_expand_vm(mm, charged))
48589 if (mm->map_count > sysctl_max_map_count)
48592 - if (security_vm_enough_memory(len >> PAGE_SHIFT))
48593 + if (security_vm_enough_memory(charged))
48596 /* Can we just expand an old private anonymous mapping? */
48597 @@ -2070,10 +2458,21 @@ unsigned long do_brk(unsigned long addr,
48599 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48601 - vm_unacct_memory(len >> PAGE_SHIFT);
48602 + vm_unacct_memory(charged);
48606 +#ifdef CONFIG_PAX_SEGMEXEC
48607 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (flags & VM_EXEC)) {
48608 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48610 + kmem_cache_free(vm_area_cachep, vma);
48611 + vm_unacct_memory(charged);
48618 vma->vm_start = addr;
48619 vma->vm_end = addr + len;
48620 @@ -2082,11 +2481,12 @@ unsigned long do_brk(unsigned long addr,
48621 vma->vm_page_prot = vm_get_page_prot(flags);
48622 vma_link(mm, vma, prev, rb_link, rb_parent);
48624 - mm->total_vm += len >> PAGE_SHIFT;
48625 + mm->total_vm += charged;
48626 if (flags & VM_LOCKED) {
48627 if (!mlock_vma_pages_range(vma, addr, addr + len))
48628 - mm->locked_vm += (len >> PAGE_SHIFT);
48629 + mm->locked_vm += charged;
48631 + track_exec_limit(mm, addr, addr + len, flags);
48635 @@ -2133,8 +2533,10 @@ void exit_mmap(struct mm_struct *mm)
48636 * Walk the list again, actually closing and freeing it,
48637 * with preemption enabled, without holding any MM locks.
48641 + vma->vm_mirror = NULL;
48642 vma = remove_vma(vma);
48645 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
48647 @@ -2148,6 +2550,10 @@ int insert_vm_struct(struct mm_struct *
48648 struct vm_area_struct * __vma, * prev;
48649 struct rb_node ** rb_link, * rb_parent;
48651 +#ifdef CONFIG_PAX_SEGMEXEC
48652 + struct vm_area_struct *vma_m = NULL;
48656 * The vm_pgoff of a purely anonymous vma should be irrelevant
48657 * until its first write fault, when page's anon_vma and index
48658 @@ -2170,7 +2576,22 @@ int insert_vm_struct(struct mm_struct *
48659 if ((vma->vm_flags & VM_ACCOUNT) &&
48660 security_vm_enough_memory_mm(mm, vma_pages(vma)))
48663 +#ifdef CONFIG_PAX_SEGMEXEC
48664 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) {
48665 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48671 vma_link(mm, vma, prev, rb_link, rb_parent);
48673 +#ifdef CONFIG_PAX_SEGMEXEC
48675 + pax_mirror_vma(vma_m, vma);
48681 @@ -2188,6 +2609,8 @@ struct vm_area_struct *copy_vma(struct v
48682 struct rb_node **rb_link, *rb_parent;
48683 struct mempolicy *pol;
48685 + BUG_ON(vma->vm_mirror);
48688 * If anonymous vma has not yet been faulted, update new pgoff
48689 * to match new location, to increase its chance of merging.
48690 @@ -2231,6 +2654,35 @@ struct vm_area_struct *copy_vma(struct v
48694 +#ifdef CONFIG_PAX_SEGMEXEC
48695 +void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma)
48697 + struct vm_area_struct *prev_m;
48698 + struct rb_node **rb_link_m, *rb_parent_m;
48699 + struct mempolicy *pol_m;
48701 + BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC));
48702 + BUG_ON(vma->vm_mirror || vma_m->vm_mirror);
48703 + BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m)));
48705 + pol_m = vma_policy(vma_m);
48707 + vma_set_policy(vma_m, pol_m);
48708 + vma_m->vm_start += SEGMEXEC_TASK_SIZE;
48709 + vma_m->vm_end += SEGMEXEC_TASK_SIZE;
48710 + vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED);
48711 + vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags);
48712 + if (vma_m->vm_file)
48713 + get_file(vma_m->vm_file);
48714 + if (vma_m->vm_ops && vma_m->vm_ops->open)
48715 + vma_m->vm_ops->open(vma_m);
48716 + find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m);
48717 + vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m);
48718 + vma_m->vm_mirror = vma;
48719 + vma->vm_mirror = vma_m;
48724 * Return true if the calling process may expand its vm space by the passed
48726 @@ -2241,7 +2693,7 @@ int may_expand_vm(struct mm_struct *mm,
48729 lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
48731 + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
48732 if (cur + npages > lim)
48735 @@ -2310,6 +2762,15 @@ int install_special_mapping(struct mm_st
48736 vma->vm_start = addr;
48737 vma->vm_end = addr + len;
48739 +#ifdef CONFIG_PAX_MPROTECT
48740 + if (mm->pax_flags & MF_PAX_MPROTECT) {
48741 + if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
48742 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
48744 + vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
48748 vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
48749 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
48751 diff -urNp linux-2.6.32.1/mm/mprotect.c linux-2.6.32.1/mm/mprotect.c
48752 --- linux-2.6.32.1/mm/mprotect.c 2009-12-02 22:51:21.000000000 -0500
48753 +++ linux-2.6.32.1/mm/mprotect.c 2009-12-14 18:33:59.682784735 -0500
48754 @@ -24,10 +24,16 @@
48755 #include <linux/mmu_notifier.h>
48756 #include <linux/migrate.h>
48757 #include <linux/perf_event.h>
48759 +#ifdef CONFIG_PAX_MPROTECT
48760 +#include <linux/elf.h>
48763 #include <asm/uaccess.h>
48764 #include <asm/pgtable.h>
48765 #include <asm/cacheflush.h>
48766 #include <asm/tlbflush.h>
48767 +#include <asm/mmu_context.h>
48769 #ifndef pgprot_modify
48770 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
48771 @@ -132,6 +138,48 @@ static void change_protection(struct vm_
48772 flush_tlb_range(vma, start, end);
48775 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
48776 +/* called while holding the mmap semaphor for writing except stack expansion */
48777 +void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot)
48779 + unsigned long oldlimit, newlimit = 0UL;
48781 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || nx_enabled)
48784 + spin_lock(&mm->page_table_lock);
48785 + oldlimit = mm->context.user_cs_limit;
48786 + if ((prot & VM_EXEC) && oldlimit < end)
48787 + /* USER_CS limit moved up */
48789 + else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end)
48790 + /* USER_CS limit moved down */
48791 + newlimit = start;
48794 + mm->context.user_cs_limit = newlimit;
48798 + cpus_clear(mm->context.cpu_user_cs_mask);
48799 + cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
48802 + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
48804 + spin_unlock(&mm->page_table_lock);
48805 + if (newlimit == end) {
48806 + struct vm_area_struct *vma = find_vma(mm, oldlimit);
48808 + for (; vma && vma->vm_start < end; vma = vma->vm_next)
48809 + if (is_vm_hugetlb_page(vma))
48810 + hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
48812 + change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma));
48818 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
48819 unsigned long start, unsigned long end, unsigned long newflags)
48820 @@ -144,6 +192,14 @@ mprotect_fixup(struct vm_area_struct *vm
48822 int dirty_accountable = 0;
48824 +#ifdef CONFIG_PAX_SEGMEXEC
48825 + struct vm_area_struct *vma_m = NULL;
48826 + unsigned long start_m, end_m;
48828 + start_m = start + SEGMEXEC_TASK_SIZE;
48829 + end_m = end + SEGMEXEC_TASK_SIZE;
48832 if (newflags == oldflags) {
48835 @@ -165,6 +221,38 @@ mprotect_fixup(struct vm_area_struct *vm
48839 +#ifdef CONFIG_PAX_SEGMEXEC
48840 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) {
48841 + if (start != vma->vm_start) {
48842 + error = split_vma(mm, vma, start, 1);
48845 + BUG_ON(!*pprev || (*pprev)->vm_next == vma);
48846 + *pprev = (*pprev)->vm_next;
48849 + if (end != vma->vm_end) {
48850 + error = split_vma(mm, vma, end, 0);
48855 + if (pax_find_mirror_vma(vma)) {
48856 + error = __do_munmap(mm, start_m, end_m - start_m);
48860 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48865 + vma->vm_flags = newflags;
48866 + pax_mirror_vma(vma_m, vma);
48872 * First try to merge with previous and/or next vma.
48874 @@ -196,8 +284,14 @@ success:
48875 * held in write mode.
48877 vma->vm_flags = newflags;
48879 +#ifdef CONFIG_PAX_MPROTECT
48880 + if (mm->binfmt && mm->binfmt->handle_mprotect)
48881 + mm->binfmt->handle_mprotect(vma, newflags);
48884 vma->vm_page_prot = pgprot_modify(vma->vm_page_prot,
48885 - vm_get_page_prot(newflags));
48886 + vm_get_page_prot(vma->vm_flags));
48888 if (vma_wants_writenotify(vma)) {
48889 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
48890 @@ -238,6 +332,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
48895 +#ifdef CONFIG_PAX_SEGMEXEC
48896 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
48897 + if (end > SEGMEXEC_TASK_SIZE)
48902 + if (end > TASK_SIZE)
48905 if (!arch_validate_prot(prot))
48908 @@ -245,7 +350,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
48910 * Does the application expect PROT_READ to imply PROT_EXEC:
48912 - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
48913 + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
48916 vm_flags = calc_vm_prot_bits(prot);
48917 @@ -277,6 +382,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
48918 if (start > vma->vm_start)
48921 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
48926 +#ifdef CONFIG_PAX_MPROTECT
48927 + if (current->mm->binfmt && current->mm->binfmt->handle_mprotect)
48928 + current->mm->binfmt->handle_mprotect(vma, vm_flags);
48931 for (nstart = start ; ; ) {
48932 unsigned long newflags;
48934 @@ -301,6 +416,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
48937 perf_event_mmap(vma);
48939 + track_exec_limit(current->mm, nstart, tmp, vm_flags);
48943 if (nstart < prev->vm_end)
48944 diff -urNp linux-2.6.32.1/mm/mremap.c linux-2.6.32.1/mm/mremap.c
48945 --- linux-2.6.32.1/mm/mremap.c 2009-12-02 22:51:21.000000000 -0500
48946 +++ linux-2.6.32.1/mm/mremap.c 2009-12-14 18:33:59.682784735 -0500
48947 @@ -114,6 +114,12 @@ static void move_ptes(struct vm_area_str
48949 pte = ptep_clear_flush(vma, old_addr, old_pte);
48950 pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
48952 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
48953 + if (!nx_enabled && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC)
48954 + pte = pte_exprotect(pte);
48957 set_pte_at(mm, new_addr, new_pte, pte);
48960 @@ -276,6 +282,7 @@ unsigned long do_mremap(unsigned long ad
48961 struct vm_area_struct *vma;
48962 unsigned long ret = -EINVAL;
48963 unsigned long charged = 0;
48964 + unsigned long pax_task_size = TASK_SIZE;
48966 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
48968 @@ -294,6 +301,15 @@ unsigned long do_mremap(unsigned long ad
48972 +#ifdef CONFIG_PAX_SEGMEXEC
48973 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
48974 + pax_task_size = SEGMEXEC_TASK_SIZE;
48977 + if (new_len > pax_task_size || addr > pax_task_size-new_len ||
48978 + old_len > pax_task_size || addr > pax_task_size-old_len)
48981 /* new_addr is only valid if MREMAP_FIXED is specified */
48982 if (flags & MREMAP_FIXED) {
48983 if (new_addr & ~PAGE_MASK)
48984 @@ -301,16 +317,13 @@ unsigned long do_mremap(unsigned long ad
48985 if (!(flags & MREMAP_MAYMOVE))
48988 - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
48989 + if (new_addr > pax_task_size - new_len)
48992 /* Check if the location we're moving into overlaps the
48993 * old location at all, and fail if it does.
48995 - if ((new_addr <= addr) && (new_addr+new_len) > addr)
48998 - if ((addr <= new_addr) && (addr+old_len) > new_addr)
48999 + if (addr + old_len > new_addr && new_addr + new_len > addr)
49002 ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
49003 @@ -348,6 +361,14 @@ unsigned long do_mremap(unsigned long ad
49008 +#ifdef CONFIG_PAX_SEGMEXEC
49009 + if (pax_find_mirror_vma(vma)) {
49015 /* We can't remap across vm area boundaries */
49016 if (old_len > vma->vm_end - addr)
49018 @@ -381,7 +402,7 @@ unsigned long do_mremap(unsigned long ad
49019 if (old_len == vma->vm_end - addr &&
49020 !((flags & MREMAP_FIXED) && (addr != new_addr)) &&
49021 (old_len != new_len || !(flags & MREMAP_MAYMOVE))) {
49022 - unsigned long max_addr = TASK_SIZE;
49023 + unsigned long max_addr = pax_task_size;
49025 max_addr = vma->vm_next->vm_start;
49026 /* can we just expand the current mapping? */
49027 @@ -399,6 +420,7 @@ unsigned long do_mremap(unsigned long ad
49031 + track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
49035 @@ -409,8 +431,8 @@ unsigned long do_mremap(unsigned long ad
49038 if (flags & MREMAP_MAYMOVE) {
49039 + unsigned long map_flags = 0;
49040 if (!(flags & MREMAP_FIXED)) {
49041 - unsigned long map_flags = 0;
49042 if (vma->vm_flags & VM_MAYSHARE)
49043 map_flags |= MAP_SHARED;
49045 @@ -425,7 +447,12 @@ unsigned long do_mremap(unsigned long ad
49049 + map_flags = vma->vm_flags;
49050 ret = move_vma(vma, addr, old_len, new_len, new_addr);
49051 + if (!(ret & ~PAGE_MASK)) {
49052 + track_exec_limit(current->mm, addr, addr + old_len, 0UL);
49053 + track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
49057 if (ret & ~PAGE_MASK)
49058 diff -urNp linux-2.6.32.1/mm/nommu.c linux-2.6.32.1/mm/nommu.c
49059 --- linux-2.6.32.1/mm/nommu.c 2009-12-02 22:51:21.000000000 -0500
49060 +++ linux-2.6.32.1/mm/nommu.c 2009-12-14 18:33:59.684765804 -0500
49061 @@ -758,15 +758,6 @@ struct vm_area_struct *find_vma(struct m
49062 EXPORT_SYMBOL(find_vma);
49066 - * - we don't extend stack VMAs under NOMMU conditions
49068 -struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
49070 - return find_vma(mm, addr);
49074 * expand a stack to a given address
49075 * - not supported under NOMMU conditions
49077 diff -urNp linux-2.6.32.1/mm/page_alloc.c linux-2.6.32.1/mm/page_alloc.c
49078 --- linux-2.6.32.1/mm/page_alloc.c 2009-12-02 22:51:21.000000000 -0500
49079 +++ linux-2.6.32.1/mm/page_alloc.c 2009-12-14 18:33:59.698890426 -0500
49080 @@ -585,6 +585,10 @@ static void __free_pages_ok(struct page
49082 int wasMlocked = __TestClearPageMlocked(page);
49084 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
49085 + unsigned long index = 1UL << order;
49088 kmemcheck_free_shadow(page, order);
49090 for (i = 0 ; i < (1 << order) ; ++i)
49091 @@ -597,6 +601,12 @@ static void __free_pages_ok(struct page
49092 debug_check_no_obj_freed(page_address(page),
49093 PAGE_SIZE << order);
49096 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
49097 + for (; index; --index)
49098 + sanitize_highpage(page + index - 1);
49101 arch_free_page(page, order);
49102 kernel_map_pages(page, 1 << order, 0);
49104 @@ -700,8 +710,10 @@ static int prep_new_page(struct page *pa
49105 arch_alloc_page(page, order);
49106 kernel_map_pages(page, 1 << order, 1);
49108 +#ifndef CONFIG_PAX_MEMORY_SANITIZE
49109 if (gfp_flags & __GFP_ZERO)
49110 prep_zero_page(page, order, gfp_flags);
49113 if (order && (gfp_flags & __GFP_COMP))
49114 prep_compound_page(page, order);
49115 @@ -1095,6 +1107,11 @@ static void free_hot_cold_page(struct pa
49116 debug_check_no_locks_freed(page_address(page), PAGE_SIZE);
49117 debug_check_no_obj_freed(page_address(page), PAGE_SIZE);
49120 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
49121 + sanitize_highpage(page);
49124 arch_free_page(page, 0);
49125 kernel_map_pages(page, 1, 0);
49127 diff -urNp linux-2.6.32.1/mm/percpu.c linux-2.6.32.1/mm/percpu.c
49128 --- linux-2.6.32.1/mm/percpu.c 2009-12-02 22:51:21.000000000 -0500
49129 +++ linux-2.6.32.1/mm/percpu.c 2009-12-14 18:33:59.698890426 -0500
49130 @@ -115,7 +115,7 @@ static unsigned int pcpu_first_unit_cpu
49131 static unsigned int pcpu_last_unit_cpu __read_mostly;
49133 /* the address of the first chunk which starts with the kernel static area */
49134 -void *pcpu_base_addr __read_mostly;
49135 +void *pcpu_base_addr __read_only;
49136 EXPORT_SYMBOL_GPL(pcpu_base_addr);
49138 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
49139 diff -urNp linux-2.6.32.1/mm/rmap.c linux-2.6.32.1/mm/rmap.c
49140 --- linux-2.6.32.1/mm/rmap.c 2009-12-02 22:51:21.000000000 -0500
49141 +++ linux-2.6.32.1/mm/rmap.c 2009-12-14 18:33:59.706888957 -0500
49142 @@ -108,6 +108,10 @@ int anon_vma_prepare(struct vm_area_stru
49143 struct mm_struct *mm = vma->vm_mm;
49144 struct anon_vma *allocated;
49146 +#ifdef CONFIG_PAX_SEGMEXEC
49147 + struct vm_area_struct *vma_m;
49150 anon_vma = find_mergeable_anon_vma(vma);
49153 @@ -121,6 +125,15 @@ int anon_vma_prepare(struct vm_area_stru
49154 /* page_table_lock to protect against threads */
49155 spin_lock(&mm->page_table_lock);
49156 if (likely(!vma->anon_vma)) {
49158 +#ifdef CONFIG_PAX_SEGMEXEC
49159 + vma_m = pax_find_mirror_vma(vma);
49161 + vma_m->anon_vma = anon_vma;
49162 + __anon_vma_link(vma_m);
49166 vma->anon_vma = anon_vma;
49167 list_add_tail(&vma->anon_vma_node, &anon_vma->head);
49169 diff -urNp linux-2.6.32.1/mm/shmem.c linux-2.6.32.1/mm/shmem.c
49170 --- linux-2.6.32.1/mm/shmem.c 2009-12-02 22:51:21.000000000 -0500
49171 +++ linux-2.6.32.1/mm/shmem.c 2009-12-14 18:33:59.706888957 -0500
49173 #include <linux/swap.h>
49174 #include <linux/ima.h>
49176 -static struct vfsmount *shm_mnt;
49177 +struct vfsmount *shm_mnt;
49179 #ifdef CONFIG_SHMEM
49181 diff -urNp linux-2.6.32.1/mm/slab.c linux-2.6.32.1/mm/slab.c
49182 --- linux-2.6.32.1/mm/slab.c 2009-12-02 22:51:21.000000000 -0500
49183 +++ linux-2.6.32.1/mm/slab.c 2009-12-14 18:33:59.734793293 -0500
49184 @@ -308,7 +308,7 @@ struct kmem_list3 {
49185 * Need this for bootstrapping a per node allocator.
49187 #define NUM_INIT_LISTS (3 * MAX_NUMNODES)
49188 -struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
49189 +struct kmem_list3 initkmem_list3[NUM_INIT_LISTS];
49190 #define CACHE_CACHE 0
49191 #define SIZE_AC MAX_NUMNODES
49192 #define SIZE_L3 (2 * MAX_NUMNODES)
49193 @@ -558,7 +558,7 @@ static inline void *index_to_obj(struct
49194 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
49196 static inline unsigned int obj_to_index(const struct kmem_cache *cache,
49197 - const struct slab *slab, void *obj)
49198 + const struct slab *slab, const void *obj)
49200 u32 offset = (obj - slab->s_mem);
49201 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
49202 @@ -584,14 +584,14 @@ struct cache_names {
49203 static struct cache_names __initdata cache_names[] = {
49204 #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
49205 #include <linux/kmalloc_sizes.h>
49211 static struct arraycache_init initarray_cache __initdata =
49212 - { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
49213 + { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
49214 static struct arraycache_init initarray_generic =
49215 - { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
49216 + { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
49218 /* internal cache of cache description objs */
49219 static struct kmem_cache cache_cache = {
49220 @@ -4084,7 +4084,7 @@ out:
49221 schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_CPUC));
49224 -#ifdef CONFIG_SLABINFO
49225 +#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
49227 static void print_slabinfo_header(struct seq_file *m)
49229 @@ -4482,6 +4482,51 @@ static int __init slab_proc_init(void)
49230 module_init(slab_proc_init);
49233 +void check_object_size(const void *ptr, unsigned long n, bool to)
49236 +#ifdef CONFIG_PAX_USERCOPY
49237 + struct kmem_cache *cachep;
49238 + struct slab *slabp;
49239 + struct page *page;
49240 + unsigned int objnr;
49241 + unsigned long offset;
49246 + if (ZERO_OR_NULL_PTR(ptr))
49249 + if (!virt_addr_valid(ptr))
49252 + page = virt_to_head_page(ptr);
49254 + if (!PageSlab(page)) {
49255 + if (object_is_on_stack(ptr, n) == -1)
49260 + cachep = page_get_cache(page);
49261 + slabp = page_get_slab(page);
49262 + objnr = obj_to_index(cachep, slabp, ptr);
49263 + BUG_ON(objnr >= cachep->num);
49264 + offset = ptr - index_to_obj(cachep, slabp, objnr) - obj_offset(cachep);
49265 + if (offset <= obj_size(cachep) && n <= obj_size(cachep) - offset)
49270 + pax_report_leak_to_user(ptr, n);
49272 + pax_report_overflow_from_user(ptr, n);
49276 +EXPORT_SYMBOL(check_object_size);
49279 * ksize - get the actual amount of memory allocated for a given object
49280 * @objp: Pointer to the object
49281 diff -urNp linux-2.6.32.1/mm/slob.c linux-2.6.32.1/mm/slob.c
49282 --- linux-2.6.32.1/mm/slob.c 2009-12-02 22:51:21.000000000 -0500
49283 +++ linux-2.6.32.1/mm/slob.c 2009-12-14 18:33:59.736004820 -0500
49285 * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
49286 * alloc_pages() directly, allocating compound pages so the page order
49287 * does not have to be separately tracked, and also stores the exact
49288 - * allocation size in page->private so that it can be used to accurately
49289 + * allocation size in slob_page->size so that it can be used to accurately
49290 * provide ksize(). These objects are detected in kfree() because slob_page()
49291 * is false for them.
49296 #include <linux/kernel.h>
49297 +#include <linux/sched.h>
49298 #include <linux/slab.h>
49299 #include <linux/mm.h>
49300 #include <linux/swap.h> /* struct reclaim_state */
49301 @@ -100,7 +101,8 @@ struct slob_page {
49302 unsigned long flags; /* mandatory */
49303 atomic_t _count; /* mandatory */
49304 slobidx_t units; /* free units left in page */
49305 - unsigned long pad[2];
49306 + unsigned long pad[1];
49307 + unsigned long size; /* size when >=PAGE_SIZE */
49308 slob_t *free; /* first free slob_t in page */
49309 struct list_head list; /* linked list of free pages */
49311 @@ -133,7 +135,7 @@ static LIST_HEAD(free_slob_large);
49313 static inline int is_slob_page(struct slob_page *sp)
49315 - return PageSlab((struct page *)sp);
49316 + return PageSlab((struct page *)sp) && !sp->size;
49319 static inline void set_slob_page(struct slob_page *sp)
49320 @@ -148,7 +150,7 @@ static inline void clear_slob_page(struc
49322 static inline struct slob_page *slob_page(const void *addr)
49324 - return (struct slob_page *)virt_to_page(addr);
49325 + return (struct slob_page *)virt_to_head_page(addr);
49329 @@ -208,7 +210,7 @@ static void set_slob(slob_t *s, slobidx_
49331 * Return the size of a slob block.
49333 -static slobidx_t slob_units(slob_t *s)
49334 +static slobidx_t slob_units(const slob_t *s)
49338 @@ -218,7 +220,7 @@ static slobidx_t slob_units(slob_t *s)
49340 * Return the next free slob block pointer after this one.
49342 -static slob_t *slob_next(slob_t *s)
49343 +static slob_t *slob_next(const slob_t *s)
49345 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
49347 @@ -233,7 +235,7 @@ static slob_t *slob_next(slob_t *s)
49349 * Returns true if s is the last free block in its page.
49351 -static int slob_last(slob_t *s)
49352 +static int slob_last(const slob_t *s)
49354 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
49356 @@ -252,6 +254,7 @@ static void *slob_new_pages(gfp_t gfp, i
49360 + set_slob_page(page);
49361 return page_address(page);
49364 @@ -368,11 +371,11 @@ static void *slob_alloc(size_t size, gfp
49368 - set_slob_page(sp);
49370 spin_lock_irqsave(&slob_lock, flags);
49371 sp->units = SLOB_UNITS(PAGE_SIZE);
49374 INIT_LIST_HEAD(&sp->list);
49375 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
49376 set_slob_page_free(sp, slob_list);
49377 @@ -475,10 +478,9 @@ out:
49378 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long)
49381 -void *__kmalloc_node(size_t size, gfp_t gfp, int node)
49382 +static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align)
49385 - int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49389 lockdep_trace_alloc(gfp);
49390 @@ -491,7 +493,10 @@ void *__kmalloc_node(size_t size, gfp_t
49395 + BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT);
49396 + BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT);
49397 + m[0].units = size;
49398 + m[1].units = align;
49399 ret = (void *)m + align;
49401 trace_kmalloc_node(_RET_IP_, ret,
49402 @@ -501,9 +506,9 @@ void *__kmalloc_node(size_t size, gfp_t
49404 ret = slob_new_pages(gfp | __GFP_COMP, get_order(size), node);
49406 - struct page *page;
49407 - page = virt_to_page(ret);
49408 - page->private = size;
49409 + struct slob_page *sp;
49410 + sp = slob_page(ret);
49414 trace_kmalloc_node(_RET_IP_, ret,
49415 @@ -513,6 +518,13 @@ void *__kmalloc_node(size_t size, gfp_t
49416 kmemleak_alloc(ret, size, 1, gfp);
49420 +void *__kmalloc_node(size_t size, gfp_t gfp, int node)
49422 + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49424 + return __kmalloc_node_align(size, gfp, node, align);
49426 EXPORT_SYMBOL(__kmalloc_node);
49428 void kfree(const void *block)
49429 @@ -528,13 +540,84 @@ void kfree(const void *block)
49430 sp = slob_page(block);
49431 if (is_slob_page(sp)) {
49432 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49433 - unsigned int *m = (unsigned int *)(block - align);
49434 - slob_free(m, *m + align);
49436 + slob_t *m = (slob_t *)(block - align);
49437 + slob_free(m, m[0].units + align);
49439 + clear_slob_page(sp);
49440 + free_slob_page(sp);
49442 put_page(&sp->page);
49445 EXPORT_SYMBOL(kfree);
49447 +void check_object_size(const void *ptr, unsigned long n, bool to)
49450 +#ifdef CONFIG_PAX_USERCOPY
49451 + struct slob_page *sp;
49452 + const slob_t *free;
49453 + const void *base;
49458 + if (ZERO_OR_NULL_PTR(ptr))
49461 + if (!virt_addr_valid(ptr))
49464 + sp = slob_page(ptr);
49465 + if (!PageSlab((struct page*)sp)) {
49466 + if (object_is_on_stack(ptr, n) == -1)
49472 + base = page_address(&sp->page);
49473 + if (base <= ptr && n <= sp->size - (ptr - base))
49478 + /* some tricky double walking to find the chunk */
49479 + base = (void *)((unsigned long)ptr & PAGE_MASK);
49482 + while (!slob_last(free) && (void *)free <= ptr) {
49483 + base = free + slob_units(free);
49484 + free = slob_next(free);
49487 + while (base < (void *)free) {
49488 + slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units;
49489 + int size = SLOB_UNIT * SLOB_UNITS(m + align);
49492 + if (ptr < base + align)
49495 + offset = ptr - base - align;
49496 + if (offset < m) {
49497 + if (n <= m - offset)
49506 + pax_report_leak_to_user(ptr, n);
49508 + pax_report_overflow_from_user(ptr, n);
49512 +EXPORT_SYMBOL(check_object_size);
49514 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
49515 size_t ksize(const void *block)
49517 @@ -547,10 +630,10 @@ size_t ksize(const void *block)
49518 sp = slob_page(block);
49519 if (is_slob_page(sp)) {
49520 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49521 - unsigned int *m = (unsigned int *)(block - align);
49522 - return SLOB_UNITS(*m) * SLOB_UNIT;
49523 + slob_t *m = (slob_t *)(block - align);
49524 + return SLOB_UNITS(m[0].units) * SLOB_UNIT;
49526 - return sp->page.private;
49529 EXPORT_SYMBOL(ksize);
49531 @@ -605,17 +688,25 @@ void *kmem_cache_alloc_node(struct kmem_
49535 +#ifdef CONFIG_PAX_USERCOPY
49536 + b = __kmalloc_node_align(c->size, flags, node, c->align);
49538 if (c->size < PAGE_SIZE) {
49539 b = slob_alloc(c->size, flags, c->align, node);
49540 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
49541 SLOB_UNITS(c->size) * SLOB_UNIT,
49544 + struct slob_page *sp;
49546 b = slob_new_pages(flags, get_order(c->size), node);
49547 + sp = slob_page(b);
49548 + sp->size = c->size;
49549 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
49550 PAGE_SIZE << get_order(c->size),
49557 @@ -627,10 +718,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
49559 static void __kmem_cache_free(void *b, int size)
49561 - if (size < PAGE_SIZE)
49562 + struct slob_page *sp = slob_page(b);
49564 + if (is_slob_page(sp))
49565 slob_free(b, size);
49568 + clear_slob_page(sp);
49569 + free_slob_page(sp);
49571 slob_free_pages(b, get_order(size));
49575 static void kmem_rcu_free(struct rcu_head *head)
49576 @@ -643,15 +740,24 @@ static void kmem_rcu_free(struct rcu_hea
49578 void kmem_cache_free(struct kmem_cache *c, void *b)
49580 + int size = c->size;
49582 +#ifdef CONFIG_PAX_USERCOPY
49583 + if (size + c->align < PAGE_SIZE) {
49584 + size += c->align;
49589 kmemleak_free_recursive(b, c->flags);
49590 if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
49591 struct slob_rcu *slob_rcu;
49592 - slob_rcu = b + (c->size - sizeof(struct slob_rcu));
49593 + slob_rcu = b + (size - sizeof(struct slob_rcu));
49594 INIT_RCU_HEAD(&slob_rcu->head);
49595 - slob_rcu->size = c->size;
49596 + slob_rcu->size = size;
49597 call_rcu(&slob_rcu->head, kmem_rcu_free);
49599 - __kmem_cache_free(b, c->size);
49600 + __kmem_cache_free(b, size);
49603 trace_kmem_cache_free(_RET_IP_, b);
49604 diff -urNp linux-2.6.32.1/mm/slub.c linux-2.6.32.1/mm/slub.c
49605 --- linux-2.6.32.1/mm/slub.c 2009-12-02 22:51:21.000000000 -0500
49606 +++ linux-2.6.32.1/mm/slub.c 2009-12-14 18:33:59.747817639 -0500
49607 @@ -1937,7 +1937,7 @@ static int slub_min_objects;
49608 * Merge control. If this is set then no merging of slab caches will occur.
49609 * (Could be removed. This was introduced to pacify the merge skeptics.)
49611 -static int slub_nomerge;
49612 +static int slub_nomerge = 1;
49615 * Calculate the order of allocation given an slab object size.
49616 @@ -2493,7 +2493,7 @@ static int kmem_cache_open(struct kmem_c
49617 * list to avoid pounding the page allocator excessively.
49619 set_min_partial(s, ilog2(s->size));
49621 + atomic_set(&s->refcount, 1);
49623 s->remote_node_defrag_ratio = 1000;
49625 @@ -2630,8 +2630,7 @@ static inline int kmem_cache_close(struc
49626 void kmem_cache_destroy(struct kmem_cache *s)
49628 down_write(&slub_lock);
49630 - if (!s->refcount) {
49631 + if (atomic_dec_and_test(&s->refcount)) {
49632 list_del(&s->list);
49633 up_write(&slub_lock);
49634 if (kmem_cache_close(s)) {
49635 @@ -2915,6 +2914,46 @@ void *__kmalloc_node(size_t size, gfp_t
49636 EXPORT_SYMBOL(__kmalloc_node);
49639 +void check_object_size(const void *ptr, unsigned long n, bool to)
49642 +#ifdef CONFIG_PAX_USERCOPY
49643 + struct page *page;
49644 + struct kmem_cache *s;
49645 + unsigned long offset;
49650 + if (ZERO_OR_NULL_PTR(ptr))
49653 + if (!virt_addr_valid(ptr))
49656 + page = get_object_page(ptr);
49659 + if (object_is_on_stack(ptr, n) == -1)
49665 + offset = (ptr - page_address(page)) % s->size;
49666 + if (offset <= s->objsize && n <= s->objsize - offset)
49671 + pax_report_leak_to_user(ptr, n);
49673 + pax_report_overflow_from_user(ptr, n);
49677 +EXPORT_SYMBOL(check_object_size);
49679 size_t ksize(const void *object)
49682 @@ -3186,7 +3225,7 @@ void __init kmem_cache_init(void)
49684 create_kmalloc_cache(&kmalloc_caches[0], "kmem_cache_node",
49685 sizeof(struct kmem_cache_node), GFP_NOWAIT);
49686 - kmalloc_caches[0].refcount = -1;
49687 + atomic_set(&kmalloc_caches[0].refcount, -1);
49690 hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI);
49691 @@ -3293,7 +3332,7 @@ static int slab_unmergeable(struct kmem_
49693 * We may have set a slab to be unmergeable during bootstrap.
49695 - if (s->refcount < 0)
49696 + if (atomic_read(&s->refcount) < 0)
49700 @@ -3353,7 +3392,7 @@ struct kmem_cache *kmem_cache_create(con
49705 + atomic_inc(&s->refcount);
49707 * Adjust the object sizes so that we clear
49708 * the complete object on kzalloc.
49709 @@ -3372,7 +3411,7 @@ struct kmem_cache *kmem_cache_create(con
49711 if (sysfs_slab_alias(s, name)) {
49712 down_write(&slub_lock);
49714 + atomic_dec(&s->refcount);
49715 up_write(&slub_lock);
49718 @@ -4101,7 +4140,7 @@ SLAB_ATTR_RO(ctor);
49720 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
49722 - return sprintf(buf, "%d\n", s->refcount - 1);
49723 + return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1);
49725 SLAB_ATTR_RO(aliases);
49727 @@ -4503,7 +4542,7 @@ static void kmem_cache_release(struct ko
49731 -static struct sysfs_ops slab_sysfs_ops = {
49732 +static const struct sysfs_ops slab_sysfs_ops = {
49733 .show = slab_attr_show,
49734 .store = slab_attr_store,
49736 @@ -4522,7 +4561,7 @@ static int uevent_filter(struct kset *ks
49740 -static struct kset_uevent_ops slab_uevent_ops = {
49741 +static const struct kset_uevent_ops slab_uevent_ops = {
49742 .filter = uevent_filter,
49745 @@ -4696,7 +4735,7 @@ __initcall(slab_sysfs_init);
49747 * The /proc/slabinfo ABI
49749 -#ifdef CONFIG_SLABINFO
49750 +#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
49751 static void print_slabinfo_header(struct seq_file *m)
49753 seq_puts(m, "slabinfo - version: 2.1\n");
49754 diff -urNp linux-2.6.32.1/mm/util.c linux-2.6.32.1/mm/util.c
49755 --- linux-2.6.32.1/mm/util.c 2009-12-02 22:51:21.000000000 -0500
49756 +++ linux-2.6.32.1/mm/util.c 2009-12-14 18:33:59.747817639 -0500
49757 @@ -224,6 +224,12 @@ EXPORT_SYMBOL(strndup_user);
49758 void arch_pick_mmap_layout(struct mm_struct *mm)
49760 mm->mmap_base = TASK_UNMAPPED_BASE;
49762 +#ifdef CONFIG_PAX_RANDMMAP
49763 + if (mm->pax_flags & MF_PAX_RANDMMAP)
49764 + mm->mmap_base += mm->delta_mmap;
49767 mm->get_unmapped_area = arch_get_unmapped_area;
49768 mm->unmap_area = arch_unmap_area;
49770 diff -urNp linux-2.6.32.1/mm/vmalloc.c linux-2.6.32.1/mm/vmalloc.c
49771 --- linux-2.6.32.1/mm/vmalloc.c 2009-12-02 22:51:21.000000000 -0500
49772 +++ linux-2.6.32.1/mm/vmalloc.c 2009-12-14 18:33:59.758761810 -0500
49773 @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd,
49775 pte = pte_offset_kernel(pmd, addr);
49777 - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
49778 - WARN_ON(!pte_none(ptent) && !pte_present(ptent));
49780 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49781 + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
49782 + BUG_ON(!pte_exec(*pte));
49783 + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
49789 + pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
49790 + WARN_ON(!pte_none(ptent) && !pte_present(ptent));
49792 } while (pte++, addr += PAGE_SIZE, addr != end);
49795 @@ -92,6 +103,7 @@ static int vmap_pte_range(pmd_t *pmd, un
49796 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
49799 + int ret = -ENOMEM;
49802 * nr is a running index into the array which helps higher level
49803 @@ -101,17 +113,30 @@ static int vmap_pte_range(pmd_t *pmd, un
49804 pte = pte_alloc_kernel(pmd, addr);
49808 + pax_open_kernel();
49810 struct page *page = pages[*nr];
49812 - if (WARN_ON(!pte_none(*pte)))
49814 - if (WARN_ON(!page))
49816 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49817 + if (pgprot_val(prot) & _PAGE_NX)
49820 + if (WARN_ON(!pte_none(*pte))) {
49824 + if (WARN_ON(!page)) {
49828 set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
49830 } while (pte++, addr += PAGE_SIZE, addr != end);
49834 + pax_close_kernel();
49838 static int vmap_pmd_range(pud_t *pud, unsigned long addr,
49839 @@ -192,11 +217,20 @@ int is_vmalloc_or_module_addr(const void
49840 * and fall back on vmalloc() if that fails. Others
49841 * just put it in the vmalloc space.
49843 -#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
49844 +#ifdef CONFIG_MODULES
49845 +#ifdef MODULES_VADDR
49846 unsigned long addr = (unsigned long)x;
49847 if (addr >= MODULES_VADDR && addr < MODULES_END)
49851 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49852 + if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END)
49858 return is_vmalloc_addr(x);
49861 @@ -292,13 +326,13 @@ static void __insert_vmap_area(struct vm
49862 struct rb_node *tmp;
49865 - struct vmap_area *tmp;
49866 + struct vmap_area *varea;
49869 - tmp = rb_entry(parent, struct vmap_area, rb_node);
49870 - if (va->va_start < tmp->va_end)
49871 + varea = rb_entry(parent, struct vmap_area, rb_node);
49872 + if (va->va_start < varea->va_end)
49873 p = &(*p)->rb_left;
49874 - else if (va->va_end > tmp->va_start)
49875 + else if (va->va_end > varea->va_start)
49876 p = &(*p)->rb_right;
49879 @@ -1164,6 +1198,16 @@ static struct vm_struct *__get_vm_area_n
49880 struct vm_struct *area;
49882 BUG_ON(in_interrupt());
49884 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49885 + if (flags & VM_KERNEXEC) {
49886 + if (start != VMALLOC_START || end != VMALLOC_END)
49888 + start = (unsigned long)&MODULES_EXEC_VADDR;
49889 + end = (unsigned long)&MODULES_EXEC_END;
49893 if (flags & VM_IOREMAP) {
49894 int bit = fls(size);
49896 @@ -1389,6 +1433,11 @@ void *vmap(struct page **pages, unsigned
49897 if (count > totalram_pages)
49900 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49901 + if (!(pgprot_val(prot) & _PAGE_NX))
49902 + flags |= VM_KERNEXEC;
49905 area = get_vm_area_caller((count << PAGE_SHIFT), flags,
49906 __builtin_return_address(0));
49908 @@ -1499,6 +1548,13 @@ static void *__vmalloc_node(unsigned lon
49909 if (!size || (size >> PAGE_SHIFT) > totalram_pages)
49912 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49913 + if (!(pgprot_val(prot) & _PAGE_NX))
49914 + area = __get_vm_area_node(size, align, VM_ALLOC | VM_KERNEXEC, VMALLOC_START, VMALLOC_END,
49915 + node, gfp_mask, caller);
49919 area = __get_vm_area_node(size, align, VM_ALLOC, VMALLOC_START,
49920 VMALLOC_END, node, gfp_mask, caller);
49922 @@ -1517,6 +1573,7 @@ static void *__vmalloc_node(unsigned lon
49927 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
49929 return __vmalloc_node(size, 1, gfp_mask, prot, -1,
49930 @@ -1533,6 +1590,7 @@ EXPORT_SYMBOL(__vmalloc);
49931 * For tight control over page level allocator and protection flags
49932 * use __vmalloc() instead.
49935 void *vmalloc(unsigned long size)
49937 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
49938 @@ -1547,6 +1605,7 @@ EXPORT_SYMBOL(vmalloc);
49939 * The resulting memory area is zeroed so it can be mapped to userspace
49940 * without leaking data.
49942 +#undef vmalloc_user
49943 void *vmalloc_user(unsigned long size)
49945 struct vm_struct *area;
49946 @@ -1574,6 +1633,7 @@ EXPORT_SYMBOL(vmalloc_user);
49947 * For tight control over page level allocator and protection flags
49948 * use __vmalloc() instead.
49950 +#undef vmalloc_node
49951 void *vmalloc_node(unsigned long size, int node)
49953 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
49954 @@ -1596,10 +1656,10 @@ EXPORT_SYMBOL(vmalloc_node);
49955 * For tight control over page level allocator and protection flags
49956 * use __vmalloc() instead.
49959 +#undef vmalloc_exec
49960 void *vmalloc_exec(unsigned long size)
49962 - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
49963 + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
49964 -1, __builtin_return_address(0));
49967 @@ -1618,6 +1678,7 @@ void *vmalloc_exec(unsigned long size)
49968 * Allocate enough 32bit PA addressable pages to cover @size from the
49969 * page level allocator and map them into contiguous kernel virtual space.
49972 void *vmalloc_32(unsigned long size)
49974 return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
49975 @@ -1632,6 +1693,7 @@ EXPORT_SYMBOL(vmalloc_32);
49976 * The resulting memory area is 32bit addressable and zeroed so it can be
49977 * mapped to userspace without leaking data.
49979 +#undef vmalloc_32_user
49980 void *vmalloc_32_user(unsigned long size)
49982 struct vm_struct *area;
49983 diff -urNp linux-2.6.32.1/net/atm/atm_misc.c linux-2.6.32.1/net/atm/atm_misc.c
49984 --- linux-2.6.32.1/net/atm/atm_misc.c 2009-12-02 22:51:21.000000000 -0500
49985 +++ linux-2.6.32.1/net/atm/atm_misc.c 2009-12-14 18:33:59.758761810 -0500
49986 @@ -19,7 +19,7 @@ int atm_charge(struct atm_vcc *vcc,int t
49987 if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf)
49989 atm_return(vcc,truesize);
49990 - atomic_inc(&vcc->stats->rx_drop);
49991 + atomic_inc_unchecked(&vcc->stats->rx_drop);
49995 @@ -41,7 +41,7 @@ struct sk_buff *atm_alloc_charge(struct
49998 atm_return(vcc,guess);
49999 - atomic_inc(&vcc->stats->rx_drop);
50000 + atomic_inc_unchecked(&vcc->stats->rx_drop);
50004 @@ -88,7 +88,7 @@ int atm_pcr_goal(const struct atm_trafpr
50006 void sonet_copy_stats(struct k_sonet_stats *from,struct sonet_stats *to)
50008 -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
50009 +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
50011 #undef __HANDLE_ITEM
50013 @@ -96,7 +96,7 @@ void sonet_copy_stats(struct k_sonet_sta
50015 void sonet_subtract_stats(struct k_sonet_stats *from,struct sonet_stats *to)
50017 -#define __HANDLE_ITEM(i) atomic_sub(to->i,&from->i)
50018 +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i)
50020 #undef __HANDLE_ITEM
50022 diff -urNp linux-2.6.32.1/net/atm/proc.c linux-2.6.32.1/net/atm/proc.c
50023 --- linux-2.6.32.1/net/atm/proc.c 2009-12-02 22:51:21.000000000 -0500
50024 +++ linux-2.6.32.1/net/atm/proc.c 2009-12-14 18:33:59.758761810 -0500
50025 @@ -43,9 +43,9 @@ static void add_stats(struct seq_file *s
50026 const struct k_atm_aal_stats *stats)
50028 seq_printf(seq, "%s ( %d %d %d %d %d )", aal,
50029 - atomic_read(&stats->tx),atomic_read(&stats->tx_err),
50030 - atomic_read(&stats->rx),atomic_read(&stats->rx_err),
50031 - atomic_read(&stats->rx_drop));
50032 + atomic_read_unchecked(&stats->tx),atomic_read_unchecked(&stats->tx_err),
50033 + atomic_read_unchecked(&stats->rx),atomic_read_unchecked(&stats->rx_err),
50034 + atomic_read_unchecked(&stats->rx_drop));
50037 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
50038 diff -urNp linux-2.6.32.1/net/atm/resources.c linux-2.6.32.1/net/atm/resources.c
50039 --- linux-2.6.32.1/net/atm/resources.c 2009-12-02 22:51:21.000000000 -0500
50040 +++ linux-2.6.32.1/net/atm/resources.c 2009-12-14 18:33:59.760020359 -0500
50041 @@ -161,7 +161,7 @@ void atm_dev_deregister(struct atm_dev *
50042 static void copy_aal_stats(struct k_atm_aal_stats *from,
50043 struct atm_aal_stats *to)
50045 -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
50046 +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
50048 #undef __HANDLE_ITEM
50050 @@ -170,7 +170,7 @@ static void copy_aal_stats(struct k_atm_
50051 static void subtract_aal_stats(struct k_atm_aal_stats *from,
50052 struct atm_aal_stats *to)
50054 -#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
50055 +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i)
50057 #undef __HANDLE_ITEM
50059 diff -urNp linux-2.6.32.1/net/bridge/br_private.h linux-2.6.32.1/net/bridge/br_private.h
50060 --- linux-2.6.32.1/net/bridge/br_private.h 2009-12-02 22:51:21.000000000 -0500
50061 +++ linux-2.6.32.1/net/bridge/br_private.h 2009-12-14 18:33:59.760020359 -0500
50062 @@ -254,7 +254,7 @@ extern void br_ifinfo_notify(int event,
50064 #ifdef CONFIG_SYSFS
50065 /* br_sysfs_if.c */
50066 -extern struct sysfs_ops brport_sysfs_ops;
50067 +extern const struct sysfs_ops brport_sysfs_ops;
50068 extern int br_sysfs_addif(struct net_bridge_port *p);
50070 /* br_sysfs_br.c */
50071 diff -urNp linux-2.6.32.1/net/bridge/br_stp_if.c linux-2.6.32.1/net/bridge/br_stp_if.c
50072 --- linux-2.6.32.1/net/bridge/br_stp_if.c 2009-12-02 22:51:21.000000000 -0500
50073 +++ linux-2.6.32.1/net/bridge/br_stp_if.c 2009-12-14 18:33:59.760020359 -0500
50074 @@ -146,7 +146,7 @@ static void br_stp_stop(struct net_bridg
50075 char *envp[] = { NULL };
50077 if (br->stp_enabled == BR_USER_STP) {
50078 - r = call_usermodehelper(BR_STP_PROG, argv, envp, 1);
50079 + r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
50080 printk(KERN_INFO "%s: userspace STP stopped, return code %d\n",
50083 diff -urNp linux-2.6.32.1/net/bridge/br_sysfs_if.c linux-2.6.32.1/net/bridge/br_sysfs_if.c
50084 --- linux-2.6.32.1/net/bridge/br_sysfs_if.c 2009-12-02 22:51:21.000000000 -0500
50085 +++ linux-2.6.32.1/net/bridge/br_sysfs_if.c 2009-12-14 18:33:59.760020359 -0500
50086 @@ -220,7 +220,7 @@ static ssize_t brport_store(struct kobje
50090 -struct sysfs_ops brport_sysfs_ops = {
50091 +const struct sysfs_ops brport_sysfs_ops = {
50092 .show = brport_show,
50093 .store = brport_store,
50095 diff -urNp linux-2.6.32.1/net/core/flow.c linux-2.6.32.1/net/core/flow.c
50096 --- linux-2.6.32.1/net/core/flow.c 2009-12-02 22:51:21.000000000 -0500
50097 +++ linux-2.6.32.1/net/core/flow.c 2009-12-14 18:33:59.761153862 -0500
50098 @@ -39,7 +39,7 @@ atomic_t flow_cache_genid = ATOMIC_INIT(
50100 static u32 flow_hash_shift;
50101 #define flow_hash_size (1 << flow_hash_shift)
50102 -static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
50103 +static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables);
50105 #define flow_table(cpu) (per_cpu(flow_tables, cpu))
50107 @@ -52,7 +52,7 @@ struct flow_percpu_info {
50111 -static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
50112 +static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info);
50114 #define flow_hash_rnd_recalc(cpu) \
50115 (per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
50116 @@ -69,7 +69,7 @@ struct flow_flush_info {
50118 struct completion completion;
50120 -static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
50121 +static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets);
50123 #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
50125 diff -urNp linux-2.6.32.1/net/dccp/ccids/ccid3.c linux-2.6.32.1/net/dccp/ccids/ccid3.c
50126 --- linux-2.6.32.1/net/dccp/ccids/ccid3.c 2009-12-02 22:51:21.000000000 -0500
50127 +++ linux-2.6.32.1/net/dccp/ccids/ccid3.c 2009-12-14 18:33:59.786042312 -0500
50129 static int ccid3_debug;
50130 #define ccid3_pr_debug(format, a...) DCCP_PR_DEBUG(ccid3_debug, format, ##a)
50132 -#define ccid3_pr_debug(format, a...)
50133 +#define ccid3_pr_debug(format, a...) do {} while (0)
50137 diff -urNp linux-2.6.32.1/net/dccp/dccp.h linux-2.6.32.1/net/dccp/dccp.h
50138 --- linux-2.6.32.1/net/dccp/dccp.h 2009-12-02 22:51:21.000000000 -0500
50139 +++ linux-2.6.32.1/net/dccp/dccp.h 2009-12-14 18:33:59.792017972 -0500
50140 @@ -44,9 +44,9 @@ extern int dccp_debug;
50141 #define dccp_pr_debug_cat(format, a...) DCCP_PRINTK(dccp_debug, format, ##a)
50142 #define dccp_debug(fmt, a...) dccp_pr_debug_cat(KERN_DEBUG fmt, ##a)
50144 -#define dccp_pr_debug(format, a...)
50145 -#define dccp_pr_debug_cat(format, a...)
50146 -#define dccp_debug(format, a...)
50147 +#define dccp_pr_debug(format, a...) do {} while (0)
50148 +#define dccp_pr_debug_cat(format, a...) do {} while (0)
50149 +#define dccp_debug(format, a...) do {} while (0)
50152 extern struct inet_hashinfo dccp_hashinfo;
50153 diff -urNp linux-2.6.32.1/net/ipv4/inet_hashtables.c linux-2.6.32.1/net/ipv4/inet_hashtables.c
50154 --- linux-2.6.32.1/net/ipv4/inet_hashtables.c 2009-12-02 22:51:21.000000000 -0500
50155 +++ linux-2.6.32.1/net/ipv4/inet_hashtables.c 2009-12-14 18:33:59.792017972 -0500
50156 @@ -18,12 +18,15 @@
50157 #include <linux/sched.h>
50158 #include <linux/slab.h>
50159 #include <linux/wait.h>
50160 +#include <linux/security.h>
50162 #include <net/inet_connection_sock.h>
50163 #include <net/inet_hashtables.h>
50164 #include <net/route.h>
50165 #include <net/ip.h>
50167 +extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
50170 * Allocate and initialize a new local port bind bucket.
50171 * The bindhash mutex for snum's hash chain must be held here.
50172 @@ -490,6 +493,8 @@ ok:
50174 spin_unlock(&head->lock);
50176 + gr_update_task_in_ip_table(current, inet_sk(sk));
50179 inet_twsk_deschedule(tw, death_row);
50181 diff -urNp linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c
50182 --- linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c 2009-12-02 22:51:21.000000000 -0500
50183 +++ linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c 2009-12-14 18:33:59.792928382 -0500
50184 @@ -397,7 +397,7 @@ static unsigned char asn1_octets_decode(
50188 - *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
50189 + *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
50190 if (*octets == NULL) {
50191 if (net_ratelimit())
50192 printk("OOM in bsalg (%d)\n", __LINE__);
50193 diff -urNp linux-2.6.32.1/net/ipv4/tcp_ipv4.c linux-2.6.32.1/net/ipv4/tcp_ipv4.c
50194 --- linux-2.6.32.1/net/ipv4/tcp_ipv4.c 2009-12-02 22:51:21.000000000 -0500
50195 +++ linux-2.6.32.1/net/ipv4/tcp_ipv4.c 2009-12-14 18:33:59.808022502 -0500
50196 @@ -1542,6 +1542,9 @@ int tcp_v4_do_rcv(struct sock *sk, struc
50200 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50201 + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
50203 tcp_v4_send_reset(rsk, skb);
50206 @@ -1650,6 +1653,9 @@ no_tcp_socket:
50208 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
50210 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50211 + if (skb->dev->flags & IFF_LOOPBACK)
50213 tcp_v4_send_reset(NULL, skb);
50216 diff -urNp linux-2.6.32.1/net/ipv4/tcp_minisocks.c linux-2.6.32.1/net/ipv4/tcp_minisocks.c
50217 --- linux-2.6.32.1/net/ipv4/tcp_minisocks.c 2009-12-02 22:51:21.000000000 -0500
50218 +++ linux-2.6.32.1/net/ipv4/tcp_minisocks.c 2009-12-14 18:33:59.809026856 -0500
50219 @@ -672,8 +672,11 @@ listen_overflow:
50222 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
50224 +#ifndef CONFIG_GRKERNSEC_BLACKHOLE
50225 if (!(flg & TCP_FLAG_RST))
50226 req->rsk_ops->send_reset(sk, skb);
50229 inet_csk_reqsk_queue_drop(sk, req, prev);
50231 diff -urNp linux-2.6.32.1/net/ipv4/udp.c linux-2.6.32.1/net/ipv4/udp.c
50232 --- linux-2.6.32.1/net/ipv4/udp.c 2009-12-02 22:51:21.000000000 -0500
50233 +++ linux-2.6.32.1/net/ipv4/udp.c 2009-12-14 18:33:59.809736357 -0500
50235 #include <linux/types.h>
50236 #include <linux/fcntl.h>
50237 #include <linux/module.h>
50238 +#include <linux/security.h>
50239 #include <linux/socket.h>
50240 #include <linux/sockios.h>
50241 #include <linux/igmp.h>
50242 @@ -371,6 +372,9 @@ found:
50246 +extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
50247 +extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
50250 * This routine is called by the ICMP module when it gets some
50251 * sort of error condition. If err < 0 then the socket should
50252 @@ -639,9 +643,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
50253 dport = usin->sin_port;
50257 + err = gr_search_udp_sendmsg(sk, usin);
50261 if (sk->sk_state != TCP_ESTABLISHED)
50262 return -EDESTADDRREQ;
50264 + err = gr_search_udp_sendmsg(sk, NULL);
50268 daddr = inet->daddr;
50269 dport = inet->dport;
50270 /* Open fast path for connected socket.
50271 @@ -945,6 +958,10 @@ try_again:
50275 + err = gr_search_udp_recvmsg(sk, skb);
50279 ulen = skb->len - sizeof(struct udphdr);
50282 @@ -1335,6 +1352,9 @@ int __udp4_lib_rcv(struct sk_buff *skb,
50285 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
50286 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50287 + if (skb->dev->flags & IFF_LOOPBACK)
50289 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
50292 diff -urNp linux-2.6.32.1/net/ipv6/exthdrs.c linux-2.6.32.1/net/ipv6/exthdrs.c
50293 --- linux-2.6.32.1/net/ipv6/exthdrs.c 2009-12-02 22:51:21.000000000 -0500
50294 +++ linux-2.6.32.1/net/ipv6/exthdrs.c 2009-12-14 18:33:59.809736357 -0500
50295 @@ -630,7 +630,7 @@ static struct tlvtype_proc tlvprochopopt
50296 .type = IPV6_TLV_JUMBO,
50297 .func = ipv6_hop_jumbo,
50303 int ipv6_parse_hopopts(struct sk_buff *skb)
50304 diff -urNp linux-2.6.32.1/net/ipv6/raw.c linux-2.6.32.1/net/ipv6/raw.c
50305 --- linux-2.6.32.1/net/ipv6/raw.c 2009-12-02 22:51:21.000000000 -0500
50306 +++ linux-2.6.32.1/net/ipv6/raw.c 2009-12-14 18:33:59.810773987 -0500
50307 @@ -600,7 +600,7 @@ out:
50311 -static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
50312 +static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length,
50313 struct flowi *fl, struct rt6_info *rt,
50314 unsigned int flags)
50316 diff -urNp linux-2.6.32.1/net/ipv6/tcp_ipv6.c linux-2.6.32.1/net/ipv6/tcp_ipv6.c
50317 --- linux-2.6.32.1/net/ipv6/tcp_ipv6.c 2009-12-02 22:51:21.000000000 -0500
50318 +++ linux-2.6.32.1/net/ipv6/tcp_ipv6.c 2009-12-14 18:33:59.811741482 -0500
50319 @@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk
50323 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50324 + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
50326 tcp_v6_send_reset(sk, skb);
50329 @@ -1700,6 +1703,9 @@ no_tcp_socket:
50331 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
50333 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50334 + if (skb->dev->flags & IFF_LOOPBACK)
50336 tcp_v6_send_reset(NULL, skb);
50339 diff -urNp linux-2.6.32.1/net/ipv6/udp.c linux-2.6.32.1/net/ipv6/udp.c
50340 --- linux-2.6.32.1/net/ipv6/udp.c 2009-12-02 22:51:21.000000000 -0500
50341 +++ linux-2.6.32.1/net/ipv6/udp.c 2009-12-14 18:33:59.825023725 -0500
50342 @@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
50343 UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
50344 proto == IPPROTO_UDPLITE);
50346 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50347 + if (skb->dev->flags & IFF_LOOPBACK)
50349 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
50352 diff -urNp linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c
50353 --- linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c 2009-12-02 22:51:21.000000000 -0500
50354 +++ linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c 2009-12-14 18:33:59.825023725 -0500
50355 @@ -280,16 +280,16 @@ static int ircomm_tty_block_til_ready(st
50356 add_wait_queue(&self->open_wait, &wait);
50358 IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
50359 - __FILE__,__LINE__, tty->driver->name, self->open_count );
50360 + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
50362 /* As far as I can see, we protect open_count - Jean II */
50363 spin_lock_irqsave(&self->spinlock, flags);
50364 if (!tty_hung_up_p(filp)) {
50366 - self->open_count--;
50367 + atomic_dec(&self->open_count);
50369 spin_unlock_irqrestore(&self->spinlock, flags);
50370 - self->blocked_open++;
50371 + atomic_inc(&self->blocked_open);
50374 if (tty->termios->c_cflag & CBAUD) {
50375 @@ -329,7 +329,7 @@ static int ircomm_tty_block_til_ready(st
50378 IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
50379 - __FILE__,__LINE__, tty->driver->name, self->open_count );
50380 + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
50384 @@ -340,13 +340,13 @@ static int ircomm_tty_block_til_ready(st
50386 /* ++ is not atomic, so this should be protected - Jean II */
50387 spin_lock_irqsave(&self->spinlock, flags);
50388 - self->open_count++;
50389 + atomic_inc(&self->open_count);
50390 spin_unlock_irqrestore(&self->spinlock, flags);
50392 - self->blocked_open--;
50393 + atomic_dec(&self->blocked_open);
50395 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
50396 - __FILE__,__LINE__, tty->driver->name, self->open_count);
50397 + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count));
50400 self->flags |= ASYNC_NORMAL_ACTIVE;
50401 @@ -415,14 +415,14 @@ static int ircomm_tty_open(struct tty_st
50403 /* ++ is not atomic, so this should be protected - Jean II */
50404 spin_lock_irqsave(&self->spinlock, flags);
50405 - self->open_count++;
50406 + atomic_inc(&self->open_count);
50408 tty->driver_data = self;
50410 spin_unlock_irqrestore(&self->spinlock, flags);
50412 IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name,
50413 - self->line, self->open_count);
50414 + self->line, atomic_read(&self->open_count));
50416 /* Not really used by us, but lets do it anyway */
50417 self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
50418 @@ -511,7 +511,7 @@ static void ircomm_tty_close(struct tty_
50422 - if ((tty->count == 1) && (self->open_count != 1)) {
50423 + if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) {
50425 * Uh, oh. tty->count is 1, which means that the tty
50426 * structure will be freed. state->count should always
50427 @@ -521,16 +521,16 @@ static void ircomm_tty_close(struct tty_
50429 IRDA_DEBUG(0, "%s(), bad serial port count; "
50430 "tty->count is 1, state->count is %d\n", __func__ ,
50431 - self->open_count);
50432 - self->open_count = 1;
50433 + atomic_read(&self->open_count));
50434 + atomic_set(&self->open_count, 1);
50437 - if (--self->open_count < 0) {
50438 + if (atomic_dec_return(&self->open_count) < 0) {
50439 IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n",
50440 - __func__, self->line, self->open_count);
50441 - self->open_count = 0;
50442 + __func__, self->line, atomic_read(&self->open_count));
50443 + atomic_set(&self->open_count, 0);
50445 - if (self->open_count) {
50446 + if (atomic_read(&self->open_count)) {
50447 spin_unlock_irqrestore(&self->spinlock, flags);
50449 IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ );
50450 @@ -562,7 +562,7 @@ static void ircomm_tty_close(struct tty_
50454 - if (self->blocked_open) {
50455 + if (atomic_read(&self->blocked_open)) {
50456 if (self->close_delay)
50457 schedule_timeout_interruptible(self->close_delay);
50458 wake_up_interruptible(&self->open_wait);
50459 @@ -1017,7 +1017,7 @@ static void ircomm_tty_hangup(struct tty
50460 spin_lock_irqsave(&self->spinlock, flags);
50461 self->flags &= ~ASYNC_NORMAL_ACTIVE;
50463 - self->open_count = 0;
50464 + atomic_set(&self->open_count, 0);
50465 spin_unlock_irqrestore(&self->spinlock, flags);
50467 wake_up_interruptible(&self->open_wait);
50468 @@ -1369,7 +1369,7 @@ static void ircomm_tty_line_info(struct
50471 seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
50472 - seq_printf(m, "Open count: %d\n", self->open_count);
50473 + seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count));
50474 seq_printf(m, "Max data size: %d\n", self->max_data_size);
50475 seq_printf(m, "Max header size: %d\n", self->max_header_size);
50477 diff -urNp linux-2.6.32.1/net/mac80211/ieee80211_i.h linux-2.6.32.1/net/mac80211/ieee80211_i.h
50478 --- linux-2.6.32.1/net/mac80211/ieee80211_i.h 2009-12-02 22:51:21.000000000 -0500
50479 +++ linux-2.6.32.1/net/mac80211/ieee80211_i.h 2009-12-14 18:33:59.826034535 -0500
50480 @@ -634,7 +634,7 @@ struct ieee80211_local {
50481 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
50482 spinlock_t queue_stop_reason_lock;
50485 + atomic_t open_count;
50486 int monitors, cooked_mntrs;
50487 /* number of interfaces with corresponding FIF_ flags */
50488 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll;
50489 diff -urNp linux-2.6.32.1/net/mac80211/iface.c linux-2.6.32.1/net/mac80211/iface.c
50490 --- linux-2.6.32.1/net/mac80211/iface.c 2009-12-02 22:51:21.000000000 -0500
50491 +++ linux-2.6.32.1/net/mac80211/iface.c 2009-12-14 18:33:59.826034535 -0500
50492 @@ -164,7 +164,7 @@ static int ieee80211_open(struct net_dev
50496 - if (local->open_count == 0) {
50497 + if (atomic_read(&local->open_count) == 0) {
50498 res = drv_start(local);
50501 @@ -194,7 +194,7 @@ static int ieee80211_open(struct net_dev
50502 * Validate the MAC address for this device.
50504 if (!is_valid_ether_addr(dev->dev_addr)) {
50505 - if (!local->open_count)
50506 + if (!atomic_read(&local->open_count))
50508 return -EADDRNOTAVAIL;
50510 @@ -290,7 +290,7 @@ static int ieee80211_open(struct net_dev
50512 hw_reconf_flags |= __ieee80211_recalc_idle(local);
50514 - local->open_count++;
50515 + atomic_inc(&local->open_count);
50516 if (hw_reconf_flags) {
50517 ieee80211_hw_config(local, hw_reconf_flags);
50519 @@ -318,7 +318,7 @@ static int ieee80211_open(struct net_dev
50521 drv_remove_interface(local, &conf);
50523 - if (!local->open_count)
50524 + if (!atomic_read(&local->open_count))
50528 @@ -418,7 +418,7 @@ static int ieee80211_stop(struct net_dev
50529 WARN_ON(!list_empty(&sdata->u.ap.vlans));
50532 - local->open_count--;
50533 + atomic_dec(&local->open_count);
50535 switch (sdata->vif.type) {
50536 case NL80211_IFTYPE_AP_VLAN:
50537 @@ -524,7 +524,7 @@ static int ieee80211_stop(struct net_dev
50539 ieee80211_recalc_ps(local, -1);
50541 - if (local->open_count == 0) {
50542 + if (atomic_read(&local->open_count) == 0) {
50543 ieee80211_clear_tx_pending(local);
50544 ieee80211_stop_device(local);
50546 diff -urNp linux-2.6.32.1/net/mac80211/main.c linux-2.6.32.1/net/mac80211/main.c
50547 --- linux-2.6.32.1/net/mac80211/main.c 2009-12-02 22:51:21.000000000 -0500
50548 +++ linux-2.6.32.1/net/mac80211/main.c 2009-12-14 18:33:59.826034535 -0500
50549 @@ -145,7 +145,7 @@ int ieee80211_hw_config(struct ieee80211
50550 local->hw.conf.power_level = power;
50553 - if (changed && local->open_count) {
50554 + if (changed && atomic_read(&local->open_count)) {
50555 ret = drv_config(local, changed);
50558 diff -urNp linux-2.6.32.1/net/mac80211/pm.c linux-2.6.32.1/net/mac80211/pm.c
50559 --- linux-2.6.32.1/net/mac80211/pm.c 2009-12-02 22:51:21.000000000 -0500
50560 +++ linux-2.6.32.1/net/mac80211/pm.c 2009-12-14 18:33:59.826034535 -0500
50561 @@ -107,7 +107,7 @@ int __ieee80211_suspend(struct ieee80211
50564 /* stop hardware - this must stop RX */
50565 - if (local->open_count)
50566 + if (atomic_read(&local->open_count))
50567 ieee80211_stop_device(local);
50569 local->suspended = true;
50570 diff -urNp linux-2.6.32.1/net/mac80211/rate.c linux-2.6.32.1/net/mac80211/rate.c
50571 --- linux-2.6.32.1/net/mac80211/rate.c 2009-12-02 22:51:21.000000000 -0500
50572 +++ linux-2.6.32.1/net/mac80211/rate.c 2009-12-14 18:33:59.827036180 -0500
50573 @@ -287,7 +287,7 @@ int ieee80211_init_rate_ctrl_alg(struct
50574 struct rate_control_ref *ref, *old;
50577 - if (local->open_count)
50578 + if (atomic_read(&local->open_count))
50581 ref = rate_control_alloc(name, local);
50582 diff -urNp linux-2.6.32.1/net/mac80211/util.c linux-2.6.32.1/net/mac80211/util.c
50583 --- linux-2.6.32.1/net/mac80211/util.c 2009-12-02 22:51:21.000000000 -0500
50584 +++ linux-2.6.32.1/net/mac80211/util.c 2009-12-14 18:33:59.827036180 -0500
50585 @@ -1030,7 +1030,7 @@ int ieee80211_reconfig(struct ieee80211_
50586 local->resuming = true;
50588 /* restart hardware */
50589 - if (local->open_count) {
50590 + if (atomic_read(&local->open_count)) {
50591 res = drv_start(local);
50593 ieee80211_led_radio(local, true);
50594 diff -urNp linux-2.6.32.1/net/sctp/socket.c linux-2.6.32.1/net/sctp/socket.c
50595 --- linux-2.6.32.1/net/sctp/socket.c 2009-12-02 22:51:21.000000000 -0500
50596 +++ linux-2.6.32.1/net/sctp/socket.c 2009-12-14 18:33:59.843026638 -0500
50597 @@ -1482,7 +1482,7 @@ SCTP_STATIC int sctp_sendmsg(struct kioc
50598 struct sctp_sndrcvinfo *sinfo;
50599 struct sctp_initmsg *sinit;
50600 sctp_assoc_t associd = 0;
50601 - sctp_cmsgs_t cmsgs = { NULL };
50602 + sctp_cmsgs_t cmsgs = { NULL, NULL };
50604 sctp_scope_t scope;
50606 @@ -5802,7 +5802,6 @@ pp_found:
50608 int reuse = sk->sk_reuse;
50610 - struct hlist_node *node;
50612 SCTP_DEBUG_PRINTK("sctp_get_port() found a possible match\n");
50613 if (pp->fastreuse && sk->sk_reuse &&
50614 diff -urNp linux-2.6.32.1/net/socket.c linux-2.6.32.1/net/socket.c
50615 --- linux-2.6.32.1/net/socket.c 2009-12-02 22:51:21.000000000 -0500
50616 +++ linux-2.6.32.1/net/socket.c 2009-12-14 18:33:59.862720742 -0500
50618 #include <linux/wireless.h>
50619 #include <linux/nsproxy.h>
50620 #include <linux/magic.h>
50621 +#include <linux/in.h>
50623 #include <asm/uaccess.h>
50624 #include <asm/unistd.h>
50626 #include <net/sock.h>
50627 #include <linux/netfilter.h>
50629 +extern void gr_attach_curr_ip(const struct sock *sk);
50630 +extern int gr_handle_sock_all(const int family, const int type,
50631 + const int protocol);
50632 +extern int gr_handle_sock_server(const struct sockaddr *sck);
50633 +extern int gr_handle_sock_server_other(const struct socket *sck);
50634 +extern int gr_handle_sock_client(const struct sockaddr *sck);
50635 +extern int gr_search_connect(struct socket * sock,
50636 + struct sockaddr_in * addr);
50637 +extern int gr_search_bind(struct socket * sock,
50638 + struct sockaddr_in * addr);
50639 +extern int gr_search_listen(struct socket * sock);
50640 +extern int gr_search_accept(struct socket * sock);
50641 +extern int gr_search_socket(const int domain, const int type,
50642 + const int protocol);
50644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
50645 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
50646 unsigned long nr_segs, loff_t pos);
50647 @@ -298,7 +314,7 @@ static int sockfs_get_sb(struct file_sys
50651 -static struct vfsmount *sock_mnt __read_mostly;
50652 +struct vfsmount *sock_mnt __read_mostly;
50654 static struct file_system_type sock_fs_type = {
50656 @@ -1283,6 +1299,16 @@ SYSCALL_DEFINE3(socket, int, family, int
50657 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
50658 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
50660 + if(!gr_search_socket(family, type, protocol)) {
50661 + retval = -EACCES;
50665 + if (gr_handle_sock_all(family, type, protocol)) {
50666 + retval = -EACCES;
50670 retval = sock_create(family, type, protocol, &sock);
50673 @@ -1415,6 +1441,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
50675 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
50677 + if (gr_handle_sock_server((struct sockaddr *)&address)) {
50681 + err = gr_search_bind(sock, (struct sockaddr_in *)&address);
50685 err = security_socket_bind(sock,
50686 (struct sockaddr *)&address,
50688 @@ -1423,6 +1457,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
50689 (struct sockaddr *)
50690 &address, addrlen);
50693 fput_light(sock->file, fput_needed);
50696 @@ -1446,10 +1481,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
50697 if ((unsigned)backlog > somaxconn)
50698 backlog = somaxconn;
50700 + if (gr_handle_sock_server_other(sock)) {
50705 + err = gr_search_listen(sock);
50709 err = security_socket_listen(sock, backlog);
50711 err = sock->ops->listen(sock, backlog);
50714 fput_light(sock->file, fput_needed);
50717 @@ -1492,6 +1537,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
50718 newsock->type = sock->type;
50719 newsock->ops = sock->ops;
50721 + if (gr_handle_sock_server_other(sock)) {
50723 + sock_release(newsock);
50727 + err = gr_search_accept(sock);
50729 + sock_release(newsock);
50734 * We don't need try_module_get here, as the listening socket (sock)
50735 * has the protocol module (sock->ops->owner) held.
50736 @@ -1534,6 +1591,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
50737 fd_install(newfd, newfile);
50740 + gr_attach_curr_ip(newsock->sk);
50743 fput_light(sock->file, fput_needed);
50745 @@ -1571,6 +1630,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct
50748 struct socket *sock;
50749 + struct sockaddr *sck;
50750 struct sockaddr_storage address;
50751 int err, fput_needed;
50753 @@ -1581,6 +1641,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct
50757 + sck = (struct sockaddr *)&address;
50759 + if (gr_handle_sock_client(sck)) {
50764 + err = gr_search_connect(sock, (struct sockaddr_in *)sck);
50769 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
50771 diff -urNp linux-2.6.32.1/net/unix/af_unix.c linux-2.6.32.1/net/unix/af_unix.c
50772 --- linux-2.6.32.1/net/unix/af_unix.c 2009-12-02 22:51:21.000000000 -0500
50773 +++ linux-2.6.32.1/net/unix/af_unix.c 2009-12-14 18:33:59.863907744 -0500
50774 @@ -734,6 +734,12 @@ static struct sock *unix_find_other(stru
50775 err = -ECONNREFUSED;
50776 if (!S_ISSOCK(inode->i_mode))
50779 + if (!gr_acl_handle_unix(path.dentry, path.mnt)) {
50784 u = unix_find_socket_byinode(net, inode);
50787 @@ -754,6 +760,13 @@ static struct sock *unix_find_other(stru
50789 struct dentry *dentry;
50790 dentry = unix_sk(u)->dentry;
50792 + if (!gr_handle_chroot_unix(u->sk_peercred.pid)) {
50799 touch_atime(unix_sk(u)->mnt, dentry);
50801 @@ -839,11 +852,18 @@ static int unix_bind(struct socket *sock
50802 err = security_path_mknod(&nd.path, dentry, mode, 0);
50804 goto out_mknod_drop_write;
50805 + if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
50807 + goto out_mknod_drop_write;
50809 err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
50810 out_mknod_drop_write:
50811 mnt_drop_write(nd.path.mnt);
50813 goto out_mknod_dput;
50815 + gr_handle_create(dentry, nd.path.mnt);
50817 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
50818 dput(nd.path.dentry);
50819 nd.path.dentry = dentry;
50820 @@ -861,6 +881,10 @@ out_mknod_drop_write:
50824 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
50825 + sk->sk_peercred.pid = current->pid;
50828 list = &unix_socket_table[addr->hash];
50830 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
50831 diff -urNp linux-2.6.32.1/samples/kobject/kset-example.c linux-2.6.32.1/samples/kobject/kset-example.c
50832 --- linux-2.6.32.1/samples/kobject/kset-example.c 2009-12-02 22:51:21.000000000 -0500
50833 +++ linux-2.6.32.1/samples/kobject/kset-example.c 2009-12-14 18:33:59.878798344 -0500
50834 @@ -87,7 +87,7 @@ static ssize_t foo_attr_store(struct kob
50837 /* Our custom sysfs_ops that we will associate with our ktype later on */
50838 -static struct sysfs_ops foo_sysfs_ops = {
50839 +static const struct sysfs_ops foo_sysfs_ops = {
50840 .show = foo_attr_show,
50841 .store = foo_attr_store,
50843 diff -urNp linux-2.6.32.1/scripts/basic/fixdep.c linux-2.6.32.1/scripts/basic/fixdep.c
50844 --- linux-2.6.32.1/scripts/basic/fixdep.c 2009-12-02 22:51:21.000000000 -0500
50845 +++ linux-2.6.32.1/scripts/basic/fixdep.c 2009-12-14 18:33:59.896971606 -0500
50846 @@ -222,9 +222,9 @@ static void use_config(char *m, int slen
50848 static void parse_config_file(char *map, size_t len)
50850 - int *end = (int *) (map + len);
50851 + unsigned int *end = (unsigned int *) (map + len);
50852 /* start at +1, so that p can never be < map */
50853 - int *m = (int *) map + 1;
50854 + unsigned int *m = (unsigned int *) map + 1;
50857 for (; m < end; m++) {
50858 @@ -371,7 +371,7 @@ static void print_deps(void)
50859 static void traps(void)
50861 static char test[] __attribute__((aligned(sizeof(int)))) = "CONF";
50862 - int *p = (int *)test;
50863 + unsigned int *p = (unsigned int *)test;
50865 if (*p != INT_CONF) {
50866 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
50867 diff -urNp linux-2.6.32.1/scripts/kallsyms.c linux-2.6.32.1/scripts/kallsyms.c
50868 --- linux-2.6.32.1/scripts/kallsyms.c 2009-12-02 22:51:21.000000000 -0500
50869 +++ linux-2.6.32.1/scripts/kallsyms.c 2009-12-14 18:33:59.897716621 -0500
50870 @@ -43,10 +43,10 @@ struct text_range {
50872 static unsigned long long _text;
50873 static struct text_range text_ranges[] = {
50874 - { "_stext", "_etext" },
50875 - { "_sinittext", "_einittext" },
50876 - { "_stext_l1", "_etext_l1" }, /* Blackfin on-chip L1 inst SRAM */
50877 - { "_stext_l2", "_etext_l2" }, /* Blackfin on-chip L2 SRAM */
50878 + { "_stext", "_etext", 0, 0 },
50879 + { "_sinittext", "_einittext", 0, 0 },
50880 + { "_stext_l1", "_etext_l1", 0, 0 }, /* Blackfin on-chip L1 inst SRAM */
50881 + { "_stext_l2", "_etext_l2", 0, 0 }, /* Blackfin on-chip L2 SRAM */
50883 #define text_range_text (&text_ranges[0])
50884 #define text_range_inittext (&text_ranges[1])
50885 diff -urNp linux-2.6.32.1/scripts/mod/file2alias.c linux-2.6.32.1/scripts/mod/file2alias.c
50886 --- linux-2.6.32.1/scripts/mod/file2alias.c 2009-12-02 22:51:21.000000000 -0500
50887 +++ linux-2.6.32.1/scripts/mod/file2alias.c 2009-12-14 18:33:59.898724620 -0500
50888 @@ -72,7 +72,7 @@ static void device_id_check(const char *
50889 unsigned long size, unsigned long id_size,
50895 if (size % id_size || size < id_size) {
50896 if (cross_build != 0)
50897 @@ -102,7 +102,7 @@ static void device_id_check(const char *
50898 /* USB is special because the bcdDevice can be matched against a numeric range */
50899 /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */
50900 static void do_usb_entry(struct usb_device_id *id,
50901 - unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
50902 + unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
50903 unsigned char range_lo, unsigned char range_hi,
50904 struct module *mod)
50906 @@ -368,7 +368,7 @@ static void do_pnp_device_entry(void *sy
50907 for (i = 0; i < count; i++) {
50908 const char *id = (char *)devs[i].id;
50909 char acpi_id[sizeof(devs[0].id)];
50913 buf_printf(&mod->dev_table_buf,
50914 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
50915 @@ -398,7 +398,7 @@ static void do_pnp_card_entries(void *sy
50917 for (j = 0; j < PNP_MAX_DEVICES; j++) {
50918 const char *id = (char *)card->devs[j].id;
50920 + unsigned int i2, j2;
50924 @@ -424,7 +424,7 @@ static void do_pnp_card_entries(void *sy
50925 /* add an individual alias for every device entry */
50927 char acpi_id[sizeof(card->devs[0].id)];
50931 buf_printf(&mod->dev_table_buf,
50932 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
50933 @@ -699,7 +699,7 @@ static void dmi_ascii_filter(char *d, co
50934 static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
50938 + unsigned int i, j;
50940 sprintf(alias, "dmi*");
50942 diff -urNp linux-2.6.32.1/scripts/mod/modpost.c linux-2.6.32.1/scripts/mod/modpost.c
50943 --- linux-2.6.32.1/scripts/mod/modpost.c 2009-12-02 22:51:21.000000000 -0500
50944 +++ linux-2.6.32.1/scripts/mod/modpost.c 2009-12-14 18:33:59.899799564 -0500
50945 @@ -835,6 +835,7 @@ enum mismatch {
50948 EXPORT_TO_INIT_EXIT,
50952 struct sectioncheck {
50953 @@ -920,6 +921,12 @@ const struct sectioncheck sectioncheck[]
50954 .fromsec = { "__ksymtab*", NULL },
50955 .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
50956 .mismatch = EXPORT_TO_INIT_EXIT
50958 +/* Do not reference code from writable data */
50960 + .fromsec = { DATA_SECTIONS, NULL },
50961 + .tosec = { TEXT_SECTIONS, NULL },
50962 + .mismatch = DATA_TO_TEXT
50966 @@ -1024,10 +1031,10 @@ static Elf_Sym *find_elf_symbol(struct e
50968 if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
50970 - if (sym->st_value == addr)
50972 /* Find a symbol nearby - addr are maybe negative */
50973 d = sym->st_value - addr;
50977 d = addr - sym->st_value;
50978 if (d < distance) {
50979 @@ -1268,6 +1275,14 @@ static void report_sec_mismatch(const ch
50980 "Fix this by removing the %sannotation of %s "
50981 "or drop the export.\n",
50982 tosym, sec2annotation(tosec), sec2annotation(tosec), tosym);
50983 + case DATA_TO_TEXT:
50986 + "The variable %s references\n"
50987 + "the %s %s%s%s\n",
50988 + fromsym, to, sec2annotation(tosec), tosym, to_p);
50992 /* To get warnings on missing members */
50994 @@ -1651,7 +1666,7 @@ void __attribute__((format(printf, 2, 3)
50998 -void buf_write(struct buffer *buf, const char *s, int len)
50999 +void buf_write(struct buffer *buf, const char *s, unsigned int len)
51001 if (buf->size - buf->pos < len) {
51002 buf->size += len + SZ;
51003 @@ -1863,7 +1878,7 @@ static void write_if_changed(struct buff
51004 if (fstat(fileno(file), &st) < 0)
51007 - if (st.st_size != b->pos)
51008 + if (st.st_size != (off_t)b->pos)
51011 tmp = NOFAIL(malloc(b->pos));
51012 diff -urNp linux-2.6.32.1/scripts/mod/modpost.h linux-2.6.32.1/scripts/mod/modpost.h
51013 --- linux-2.6.32.1/scripts/mod/modpost.h 2009-12-02 22:51:21.000000000 -0500
51014 +++ linux-2.6.32.1/scripts/mod/modpost.h 2009-12-14 18:33:59.899799564 -0500
51015 @@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *e
51021 + unsigned int pos;
51022 + unsigned int size;
51025 void __attribute__((format(printf, 2, 3)))
51026 buf_printf(struct buffer *buf, const char *fmt, ...);
51029 -buf_write(struct buffer *buf, const char *s, int len);
51030 +buf_write(struct buffer *buf, const char *s, unsigned int len);
51033 struct module *next;
51034 diff -urNp linux-2.6.32.1/scripts/mod/sumversion.c linux-2.6.32.1/scripts/mod/sumversion.c
51035 --- linux-2.6.32.1/scripts/mod/sumversion.c 2009-12-02 22:51:21.000000000 -0500
51036 +++ linux-2.6.32.1/scripts/mod/sumversion.c 2009-12-14 18:33:59.899799564 -0500
51037 @@ -455,7 +455,7 @@ static void write_version(const char *fi
51041 - if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) {
51042 + if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) {
51043 warn("writing sum in %s failed: %s\n",
51044 filename, strerror(errno));
51046 diff -urNp linux-2.6.32.1/scripts/pnmtologo.c linux-2.6.32.1/scripts/pnmtologo.c
51047 --- linux-2.6.32.1/scripts/pnmtologo.c 2009-12-02 22:51:21.000000000 -0500
51048 +++ linux-2.6.32.1/scripts/pnmtologo.c 2009-12-14 18:33:59.900867041 -0500
51049 @@ -237,14 +237,14 @@ static void write_header(void)
51050 fprintf(out, " * Linux logo %s\n", logoname);
51051 fputs(" */\n\n", out);
51052 fputs("#include <linux/linux_logo.h>\n\n", out);
51053 - fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
51054 + fprintf(out, "static unsigned char %s_data[] = {\n",
51058 static void write_footer(void)
51060 fputs("\n};\n\n", out);
51061 - fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname);
51062 + fprintf(out, "const struct linux_logo %s = {\n", logoname);
51063 fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
51064 fprintf(out, "\t.width\t\t= %d,\n", logo_width);
51065 fprintf(out, "\t.height\t\t= %d,\n", logo_height);
51066 @@ -374,7 +374,7 @@ static void write_logo_clut224(void)
51067 fputs("\n};\n\n", out);
51069 /* write logo clut */
51070 - fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
51071 + fprintf(out, "static unsigned char %s_clut[] = {\n",
51074 for (i = 0; i < logo_clutsize; i++) {
51075 diff -urNp linux-2.6.32.1/security/commoncap.c linux-2.6.32.1/security/commoncap.c
51076 --- linux-2.6.32.1/security/commoncap.c 2009-12-02 22:51:21.000000000 -0500
51077 +++ linux-2.6.32.1/security/commoncap.c 2009-12-14 18:33:59.901789717 -0500
51079 #include <linux/securebits.h>
51080 #include <linux/vs_context.h>
51082 +#include <net/sock.h>
51085 * If a non-root user executes a setuid-root binary in
51086 * !secure(SECURE_NOROOT) mode, then we raise capabilities.
51087 @@ -53,7 +55,7 @@ static void warn_setuid_and_fcaps_mixed(
51089 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
51091 - NETLINK_CB(skb).eff_cap = vx_mbcaps(current_cap());
51092 + NETLINK_CB(skb).eff_cap = vx_mbcaps(gr_cap_rtnetlink(sk));
51096 diff -urNp linux-2.6.32.1/security/Kconfig linux-2.6.32.1/security/Kconfig
51097 --- linux-2.6.32.1/security/Kconfig 2009-12-02 22:51:21.000000000 -0500
51098 +++ linux-2.6.32.1/security/Kconfig 2009-12-14 18:33:59.911723002 -0500
51101 menu "Security options"
51103 +source grsecurity/Kconfig
51108 + bool "Enable various PaX features"
51109 + depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
51111 + This allows you to enable various PaX features. PaX adds
51112 + intrusion prevention mechanisms to the kernel that reduce
51113 + the risks posed by exploitable memory corruption bugs.
51115 +menu "PaX Control"
51118 +config PAX_SOFTMODE
51119 + bool 'Support soft mode'
51121 + Enabling this option will allow you to run PaX in soft mode, that
51122 + is, PaX features will not be enforced by default, only on executables
51123 + marked explicitly. You must also enable PT_PAX_FLAGS support as it
51124 + is the only way to mark executables for soft mode use.
51126 + Soft mode can be activated by using the "pax_softmode=1" kernel command
51127 + line option on boot. Furthermore you can control various PaX features
51128 + at runtime via the entries in /proc/sys/kernel/pax.
51131 + bool 'Use legacy ELF header marking'
51133 + Enabling this option will allow you to control PaX features on
51134 + a per executable basis via the 'chpax' utility available at
51135 + http://pax.grsecurity.net/. The control flags will be read from
51136 + an otherwise reserved part of the ELF header. This marking has
51137 + numerous drawbacks (no support for soft-mode, toolchain does not
51138 + know about the non-standard use of the ELF header) therefore it
51139 + has been deprecated in favour of PT_PAX_FLAGS support.
51141 + If you have applications not marked by the PT_PAX_FLAGS ELF
51142 + program header then you MUST enable this option otherwise they
51143 + will not get any protection.
51145 + Note that if you enable PT_PAX_FLAGS marking support as well,
51146 + the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
51148 +config PAX_PT_PAX_FLAGS
51149 + bool 'Use ELF program header marking'
51151 + Enabling this option will allow you to control PaX features on
51152 + a per executable basis via the 'paxctl' utility available at
51153 + http://pax.grsecurity.net/. The control flags will be read from
51154 + a PaX specific ELF program header (PT_PAX_FLAGS). This marking
51155 + has the benefits of supporting both soft mode and being fully
51156 + integrated into the toolchain (the binutils patch is available
51157 + from http://pax.grsecurity.net).
51159 + If you have applications not marked by the PT_PAX_FLAGS ELF
51160 + program header then you MUST enable the EI_PAX marking support
51161 + otherwise they will not get any protection.
51163 + Note that if you enable the legacy EI_PAX marking support as well,
51164 + the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
51167 + prompt 'MAC system integration'
51168 + default PAX_HAVE_ACL_FLAGS
51170 + Mandatory Access Control systems have the option of controlling
51171 + PaX flags on a per executable basis, choose the method supported
51172 + by your particular system.
51174 + - "none": if your MAC system does not interact with PaX,
51175 + - "direct": if your MAC system defines pax_set_initial_flags() itself,
51176 + - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
51178 + NOTE: this option is for developers/integrators only.
51180 + config PAX_NO_ACL_FLAGS
51183 + config PAX_HAVE_ACL_FLAGS
51186 + config PAX_HOOK_ACL_FLAGS
51192 +menu "Non-executable pages"
51196 + bool "Enforce non-executable pages"
51197 + depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
51199 + By design some architectures do not allow for protecting memory
51200 + pages against execution or even if they do, Linux does not make
51201 + use of this feature. In practice this means that if a page is
51202 + readable (such as the stack or heap) it is also executable.
51204 + There is a well known exploit technique that makes use of this
51205 + fact and a common programming mistake where an attacker can
51206 + introduce code of his choice somewhere in the attacked program's
51207 + memory (typically the stack or the heap) and then execute it.
51209 + If the attacked program was running with different (typically
51210 + higher) privileges than that of the attacker, then he can elevate
51211 + his own privilege level (e.g. get a root shell, write to files for
51212 + which he does not have write access to, etc).
51214 + Enabling this option will let you choose from various features
51215 + that prevent the injection and execution of 'foreign' code in
51218 + This will also break programs that rely on the old behaviour and
51219 + expect that dynamically allocated memory via the malloc() family
51220 + of functions is executable (which it is not). Notable examples
51221 + are the XFree86 4.x server, the java runtime and wine.
51223 +config PAX_PAGEEXEC
51224 + bool "Paging based non-executable pages"
51225 + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
51227 + This implementation is based on the paging feature of the CPU.
51228 + On i386 without hardware non-executable bit support there is a
51229 + variable but usually low performance impact, however on Intel's
51230 + P4 core based CPUs it is very high so you should not enable this
51231 + for kernels meant to be used on such CPUs.
51233 + On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
51234 + with hardware non-executable bit support there is no performance
51235 + impact, on ppc the impact is negligible.
51237 + Note that several architectures require various emulations due to
51238 + badly designed userland ABIs, this will cause a performance impact
51239 + but will disappear as soon as userland is fixed. For example, ppc
51240 + userland MUST have been built with secure-plt by a recent toolchain.
51242 +config PAX_SEGMEXEC
51243 + bool "Segmentation based non-executable pages"
51244 + depends on PAX_NOEXEC && X86_32
51246 + This implementation is based on the segmentation feature of the
51247 + CPU and has a very small performance impact, however applications
51248 + will be limited to a 1.5 GB address space instead of the normal
51251 +config PAX_EMUTRAMP
51252 + bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
51253 + default y if PARISC
51255 + There are some programs and libraries that for one reason or
51256 + another attempt to execute special small code snippets from
51257 + non-executable memory pages. Most notable examples are the
51258 + signal handler return code generated by the kernel itself and
51259 + the GCC trampolines.
51261 + If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
51262 + such programs will no longer work under your kernel.
51264 + As a remedy you can say Y here and use the 'chpax' or 'paxctl'
51265 + utilities to enable trampoline emulation for the affected programs
51266 + yet still have the protection provided by the non-executable pages.
51268 + On parisc you MUST enable this option and EMUSIGRT as well, otherwise
51269 + your system will not even boot.
51271 + Alternatively you can say N here and use the 'chpax' or 'paxctl'
51272 + utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
51273 + for the affected files.
51275 + NOTE: enabling this feature *may* open up a loophole in the
51276 + protection provided by non-executable pages that an attacker
51277 + could abuse. Therefore the best solution is to not have any
51278 + files on your system that would require this option. This can
51279 + be achieved by not using libc5 (which relies on the kernel
51280 + signal handler return code) and not using or rewriting programs
51281 + that make use of the nested function implementation of GCC.
51282 + Skilled users can just fix GCC itself so that it implements
51283 + nested function calls in a way that does not interfere with PaX.
51285 +config PAX_EMUSIGRT
51286 + bool "Automatically emulate sigreturn trampolines"
51287 + depends on PAX_EMUTRAMP && PARISC
51290 + Enabling this option will have the kernel automatically detect
51291 + and emulate signal return trampolines executing on the stack
51292 + that would otherwise lead to task termination.
51294 + This solution is intended as a temporary one for users with
51295 + legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
51296 + Modula-3 runtime, etc) or executables linked to such, basically
51297 + everything that does not specify its own SA_RESTORER function in
51298 + normal executable memory like glibc 2.1+ does.
51300 + On parisc you MUST enable this option, otherwise your system will
51303 + NOTE: this feature cannot be disabled on a per executable basis
51304 + and since it *does* open up a loophole in the protection provided
51305 + by non-executable pages, the best solution is to not have any
51306 + files on your system that would require this option.
51308 +config PAX_MPROTECT
51309 + bool "Restrict mprotect()"
51310 + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
51312 + Enabling this option will prevent programs from
51313 + - changing the executable status of memory pages that were
51314 + not originally created as executable,
51315 + - making read-only executable pages writable again,
51316 + - creating executable pages from anonymous memory.
51318 + You should say Y here to complete the protection provided by
51319 + the enforcement of non-executable pages.
51321 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control
51322 + this feature on a per file basis.
51324 +config PAX_NOELFRELOCS
51325 + bool "Disallow ELF text relocations"
51326 + depends on PAX_MPROTECT && !PAX_ETEXECRELOCS && (IA64 || PPC || X86)
51328 + Non-executable pages and mprotect() restrictions are effective
51329 + in preventing the introduction of new executable code into an
51330 + attacked task's address space. There remain only two venues
51331 + for this kind of attack: if the attacker can execute already
51332 + existing code in the attacked task then he can either have it
51333 + create and mmap() a file containing his code or have it mmap()
51334 + an already existing ELF library that does not have position
51335 + independent code in it and use mprotect() on it to make it
51336 + writable and copy his code there. While protecting against
51337 + the former approach is beyond PaX, the latter can be prevented
51338 + by having only PIC ELF libraries on one's system (which do not
51339 + need to relocate their code). If you are sure this is your case,
51340 + then enable this option otherwise be careful as you may not even
51341 + be able to boot or log on your system (for example, some PAM
51342 + modules are erroneously compiled as non-PIC by default).
51344 + NOTE: if you are using dynamic ELF executables (as suggested
51345 + when using ASLR) then you must have made sure that you linked
51346 + your files using the PIC version of crt1 (the et_dyn.tar.gz package
51347 + referenced there has already been updated to support this).
51349 +config PAX_ETEXECRELOCS
51350 + bool "Allow ELF ET_EXEC text relocations"
51351 + depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
51354 + On some architectures there are incorrectly created applications
51355 + that require text relocations and would not work without enabling
51356 + this option. If you are an alpha, ia64 or parisc user, you should
51357 + enable this option and disable it once you have made sure that
51358 + none of your applications need it.
51361 + bool "Automatically emulate ELF PLT"
51362 + depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC32 || SPARC64)
51365 + Enabling this option will have the kernel automatically detect
51366 + and emulate the Procedure Linkage Table entries in ELF files.
51367 + On some architectures such entries are in writable memory, and
51368 + become non-executable leading to task termination. Therefore
51369 + it is mandatory that you enable this option on alpha, parisc,
51370 + sparc and sparc64, otherwise your system would not even boot.
51372 + NOTE: this feature *does* open up a loophole in the protection
51373 + provided by the non-executable pages, therefore the proper
51374 + solution is to modify the toolchain to produce a PLT that does
51375 + not need to be writable.
51377 +config PAX_DLRESOLVE
51378 + bool 'Emulate old glibc resolver stub'
51379 + depends on PAX_EMUPLT && (SPARC32 || SPARC64)
51382 + This option is needed if userland has an old glibc (before 2.4)
51383 + that puts a 'save' instruction into the runtime generated resolver
51384 + stub that needs special emulation.
51386 +config PAX_KERNEXEC
51387 + bool "Enforce non-executable kernel pages"
51388 + depends on PAX_NOEXEC && X86 && (!X86_32 || X86_WP_WORKS_OK)
51390 + This is the kernel land equivalent of PAGEEXEC and MPROTECT,
51391 + that is, enabling this option will make it harder to inject
51392 + and execute 'foreign' code in kernel memory itself.
51396 +menu "Address Space Layout Randomization"
51400 + bool "Address Space Layout Randomization"
51401 + depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
51403 + Many if not most exploit techniques rely on the knowledge of
51404 + certain addresses in the attacked program. The following options
51405 + will allow the kernel to apply a certain amount of randomization
51406 + to specific parts of the program thereby forcing an attacker to
51407 + guess them in most cases. Any failed guess will most likely crash
51408 + the attacked program which allows the kernel to detect such attempts
51409 + and react on them. PaX itself provides no reaction mechanisms,
51410 + instead it is strongly encouraged that you make use of Nergal's
51411 + segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's
51412 + (http://www.grsecurity.net/) built-in crash detection features or
51413 + develop one yourself.
51415 + By saying Y here you can choose to randomize the following areas:
51416 + - top of the task's kernel stack
51417 + - top of the task's userland stack
51418 + - base address for mmap() requests that do not specify one
51419 + (this includes all libraries)
51420 + - base address of the main executable
51422 + It is strongly recommended to say Y here as address space layout
51423 + randomization has negligible impact on performance yet it provides
51424 + a very effective protection.
51426 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control
51427 + this feature on a per file basis.
51429 +config PAX_RANDKSTACK
51430 + bool "Randomize kernel stack base"
51431 + depends on PAX_ASLR && X86_TSC && X86_32
51433 + By saying Y here the kernel will randomize every task's kernel
51434 + stack on every system call. This will not only force an attacker
51435 + to guess it but also prevent him from making use of possible
51436 + leaked information about it.
51438 + Since the kernel stack is a rather scarce resource, randomization
51439 + may cause unexpected stack overflows, therefore you should very
51440 + carefully test your system. Note that once enabled in the kernel
51441 + configuration, this feature cannot be disabled on a per file basis.
51443 +config PAX_RANDUSTACK
51444 + bool "Randomize user stack base"
51445 + depends on PAX_ASLR
51447 + By saying Y here the kernel will randomize every task's userland
51448 + stack. The randomization is done in two steps where the second
51449 + one may apply a big amount of shift to the top of the stack and
51450 + cause problems for programs that want to use lots of memory (more
51451 + than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
51452 + For this reason the second step can be controlled by 'chpax' or
51453 + 'paxctl' on a per file basis.
51455 +config PAX_RANDMMAP
51456 + bool "Randomize mmap() base"
51457 + depends on PAX_ASLR
51459 + By saying Y here the kernel will use a randomized base address for
51460 + mmap() requests that do not specify one themselves. As a result
51461 + all dynamically loaded libraries will appear at random addresses
51462 + and therefore be harder to exploit by a technique where an attacker
51463 + attempts to execute library code for his purposes (e.g. spawn a
51464 + shell from an exploited program that is running at an elevated
51465 + privilege level).
51467 + Furthermore, if a program is relinked as a dynamic ELF file, its
51468 + base address will be randomized as well, completing the full
51469 + randomization of the address space layout. Attacking such programs
51470 + becomes a guess game. You can find an example of doing this at
51471 + http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
51472 + http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
51474 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
51475 + feature on a per file basis.
51479 +menu "Miscellaneous hardening features"
51481 +config PAX_MEMORY_SANITIZE
51482 + bool "Sanitize all freed memory"
51484 + By saying Y here the kernel will erase memory pages as soon as they
51485 + are freed. This in turn reduces the lifetime of data stored in the
51486 + pages, making it less likely that sensitive information such as
51487 + passwords, cryptographic secrets, etc stay in memory for too long.
51489 + This is especially useful for programs whose runtime is short, long
51490 + lived processes and the kernel itself benefit from this as long as
51491 + they operate on whole memory pages and ensure timely freeing of pages
51492 + that may hold sensitive information.
51494 + The tradeoff is performance impact, on a single CPU system kernel
51495 + compilation sees a 3% slowdown, other systems and workloads may vary
51496 + and you are advised to test this feature on your expected workload
51497 + before deploying it.
51499 + Note that this feature does not protect data stored in live pages,
51500 + e.g., process memory swapped to disk may stay there for a long time.
51502 +config PAX_MEMORY_UDEREF
51503 + bool "Prevent invalid userland pointer dereference"
51504 + depends on X86_32 && !UML_X86
51506 + By saying Y here the kernel will be prevented from dereferencing
51507 + userland pointers in contexts where the kernel expects only kernel
51508 + pointers. This is both a useful runtime debugging feature and a
51509 + security measure that prevents exploiting a class of kernel bugs.
51511 + The tradeoff is that some virtualization solutions may experience
51512 + a huge slowdown and therefore you should not enable this feature
51513 + for kernels meant to run in such environments. Whether a given VM
51514 + solution is affected or not is best determined by simply trying it
51515 + out, the performance impact will be obvious right on boot as this
51516 + mechanism engages from very early on. A good rule of thumb is that
51517 + VMs running on CPUs without hardware virtualization support (i.e.,
51518 + the majority of IA-32 CPUs) will likely experience the slowdown.
51520 +config PAX_REFCOUNT
51521 + bool "Prevent various kernel object reference counter overflows"
51522 + depends on GRKERNSEC && (X86 || SPARC64)
51524 + By saying Y here the kernel will detect and prevent overflowing
51525 + various (but not all) kinds of object reference counters. Such
51526 + overflows can normally occur due to bugs only and are often, if
51527 + not always, exploitable.
51529 + The tradeoff is that data structures protected by an overflowed
51530 + refcount will never be freed and therefore will leak memory. Note
51531 + that this leak also happens even without this protection but in
51532 + that case the overflow can eventually trigger the freeing of the
51533 + data structure while it is still being used elsewhere, resulting
51534 + in the exploitable situation that this feature prevents.
51536 + Since this has a negligible performance impact, you should enable
51539 +config PAX_USERCOPY
51540 + bool "Bounds check heap object copies between kernel and userland"
51541 + depends on X86 || PPC32 || PPC64 || SPARC32 || SPARC64
51542 + depends on GRKERNSEC && (SLAB || SLUB || SLOB)
51544 + By saying Y here the kernel will enforce the size of heap objects
51545 + when they are copied in either direction between the kernel and
51546 + userland, even if only a part of the heap object is copied.
51548 + Specifically, this checking prevents information leaking from the
51549 + kernel heap during kernel to userland copies (if the kernel heap
51550 + object is otherwise fully initialized) and prevents kernel heap
51551 + overflows during userland to kernel copies.
51553 + Note that the current implementation provides the strictest checks
51554 + for the SLUB allocator.
51556 + Since this has a negligible performance impact, you should enable
51563 bool "Enable access key retention support"
51565 @@ -146,7 +605,7 @@ config INTEL_TXT
51566 config LSM_MMAP_MIN_ADDR
51567 int "Low address space for LSM to protect from user allocation"
51568 depends on SECURITY && SECURITY_SELINUX
51572 This is the portion of low virtual memory which should be protected
51573 from userspace allocation. Keeping a user from writing to low pages
51574 diff -urNp linux-2.6.32.1/security/min_addr.c linux-2.6.32.1/security/min_addr.c
51575 --- linux-2.6.32.1/security/min_addr.c 2009-12-02 22:51:21.000000000 -0500
51576 +++ linux-2.6.32.1/security/min_addr.c 2009-12-14 18:33:59.911723002 -0500
51577 @@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG
51579 static void update_mmap_min_addr(void)
51582 #ifdef CONFIG_LSM_MMAP_MIN_ADDR
51583 if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
51584 mmap_min_addr = dac_mmap_min_addr;
51585 @@ -22,6 +23,7 @@ static void update_mmap_min_addr(void)
51587 mmap_min_addr = dac_mmap_min_addr;
51593 @@ -33,6 +35,9 @@ int mmap_min_addr_handler(struct ctl_tab
51597 + if (!capable(CAP_SYS_RAWIO))
51600 ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
51602 update_mmap_min_addr();
51603 diff -urNp linux-2.6.32.1/sound/aoa/codecs/onyx.c linux-2.6.32.1/sound/aoa/codecs/onyx.c
51604 --- linux-2.6.32.1/sound/aoa/codecs/onyx.c 2009-12-02 22:51:21.000000000 -0500
51605 +++ linux-2.6.32.1/sound/aoa/codecs/onyx.c 2009-12-14 18:33:59.922037934 -0500
51606 @@ -53,7 +53,7 @@ struct onyx {
51611 + atomic_t open_count;
51612 struct codec_info *codec_info;
51614 /* mutex serializes concurrent access to the device
51615 @@ -752,7 +752,7 @@ static int onyx_open(struct codec_info_i
51616 struct onyx *onyx = cii->codec_data;
51618 mutex_lock(&onyx->mutex);
51619 - onyx->open_count++;
51620 + atomic_inc(&onyx->open_count);
51621 mutex_unlock(&onyx->mutex);
51624 @@ -764,8 +764,7 @@ static int onyx_close(struct codec_info_
51625 struct onyx *onyx = cii->codec_data;
51627 mutex_lock(&onyx->mutex);
51628 - onyx->open_count--;
51629 - if (!onyx->open_count)
51630 + if (atomic_dec_and_test(&onyx->open_count))
51631 onyx->spdif_locked = onyx->analog_locked = 0;
51632 mutex_unlock(&onyx->mutex);
51634 diff -urNp linux-2.6.32.1/sound/core/oss/pcm_oss.c linux-2.6.32.1/sound/core/oss/pcm_oss.c
51635 --- linux-2.6.32.1/sound/core/oss/pcm_oss.c 2009-12-02 22:51:21.000000000 -0500
51636 +++ linux-2.6.32.1/sound/core/oss/pcm_oss.c 2009-12-14 18:33:59.948708067 -0500
51637 @@ -2949,8 +2949,8 @@ static void snd_pcm_oss_proc_done(struct
51640 #else /* !CONFIG_SND_VERBOSE_PROCFS */
51641 -#define snd_pcm_oss_proc_init(pcm)
51642 -#define snd_pcm_oss_proc_done(pcm)
51643 +#define snd_pcm_oss_proc_init(pcm) do {} while (0)
51644 +#define snd_pcm_oss_proc_done(pcm) do {} while (0)
51645 #endif /* CONFIG_SND_VERBOSE_PROCFS */
51648 diff -urNp linux-2.6.32.1/sound/core/seq/seq_lock.h linux-2.6.32.1/sound/core/seq/seq_lock.h
51649 --- linux-2.6.32.1/sound/core/seq/seq_lock.h 2009-12-02 22:51:21.000000000 -0500
51650 +++ linux-2.6.32.1/sound/core/seq/seq_lock.h 2009-12-14 18:33:59.957992355 -0500
51651 @@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo
51652 #else /* SMP || CONFIG_SND_DEBUG */
51654 typedef spinlock_t snd_use_lock_t; /* dummy */
51655 -#define snd_use_lock_init(lockp) /**/
51656 -#define snd_use_lock_use(lockp) /**/
51657 -#define snd_use_lock_free(lockp) /**/
51658 -#define snd_use_lock_sync(lockp) /**/
51659 +#define snd_use_lock_init(lockp) do {} while (0)
51660 +#define snd_use_lock_use(lockp) do {} while (0)
51661 +#define snd_use_lock_free(lockp) do {} while (0)
51662 +#define snd_use_lock_sync(lockp) do {} while (0)
51664 #endif /* SMP || CONFIG_SND_DEBUG */
51666 diff -urNp linux-2.6.32.1/sound/drivers/mts64.c linux-2.6.32.1/sound/drivers/mts64.c
51667 --- linux-2.6.32.1/sound/drivers/mts64.c 2009-12-02 22:51:21.000000000 -0500
51668 +++ linux-2.6.32.1/sound/drivers/mts64.c 2009-12-14 18:33:59.979956196 -0500
51669 @@ -65,7 +65,7 @@ struct mts64 {
51670 struct pardevice *pardev;
51671 int pardev_claimed;
51674 + atomic_t open_count;
51675 int current_midi_output_port;
51676 int current_midi_input_port;
51677 u8 mode[MTS64_NUM_INPUT_PORTS];
51678 @@ -695,7 +695,7 @@ static int snd_mts64_rawmidi_open(struct
51680 struct mts64 *mts = substream->rmidi->private_data;
51682 - if (mts->open_count == 0) {
51683 + if (atomic_read(&mts->open_count) == 0) {
51684 /* We don't need a spinlock here, because this is just called
51685 if the device has not been opened before.
51686 So there aren't any IRQs from the device */
51687 @@ -703,7 +703,7 @@ static int snd_mts64_rawmidi_open(struct
51691 - ++(mts->open_count);
51692 + atomic_inc(&mts->open_count);
51696 @@ -713,8 +713,7 @@ static int snd_mts64_rawmidi_close(struc
51697 struct mts64 *mts = substream->rmidi->private_data;
51698 unsigned long flags;
51700 - --(mts->open_count);
51701 - if (mts->open_count == 0) {
51702 + if (atomic_dec_return(&mts->open_count) == 0) {
51703 /* We need the spinlock_irqsave here because we can still
51704 have IRQs at this point */
51705 spin_lock_irqsave(&mts->lock, flags);
51706 @@ -723,8 +722,8 @@ static int snd_mts64_rawmidi_close(struc
51710 - } else if (mts->open_count < 0)
51711 - mts->open_count = 0;
51712 + } else if (atomic_read(&mts->open_count) < 0)
51713 + atomic_set(&mts->open_count, 0);
51717 diff -urNp linux-2.6.32.1/sound/drivers/portman2x4.c linux-2.6.32.1/sound/drivers/portman2x4.c
51718 --- linux-2.6.32.1/sound/drivers/portman2x4.c 2009-12-02 22:51:21.000000000 -0500
51719 +++ linux-2.6.32.1/sound/drivers/portman2x4.c 2009-12-14 18:33:59.981731399 -0500
51720 @@ -83,7 +83,7 @@ struct portman {
51721 struct pardevice *pardev;
51722 int pardev_claimed;
51725 + atomic_t open_count;
51726 int mode[PORTMAN_NUM_INPUT_PORTS];
51727 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
51729 diff -urNp linux-2.6.32.1/sound/pci/ac97/ac97_codec.c linux-2.6.32.1/sound/pci/ac97/ac97_codec.c
51730 --- linux-2.6.32.1/sound/pci/ac97/ac97_codec.c 2009-12-02 22:51:21.000000000 -0500
51731 +++ linux-2.6.32.1/sound/pci/ac97/ac97_codec.c 2009-12-14 18:33:59.996911247 -0500
51732 @@ -1952,7 +1952,7 @@ static int snd_ac97_dev_disconnect(struc
51735 /* build_ops to do nothing */
51736 -static struct snd_ac97_build_ops null_build_ops;
51737 +static const struct snd_ac97_build_ops null_build_ops;
51739 #ifdef CONFIG_SND_AC97_POWER_SAVE
51740 static void do_update_power(struct work_struct *work)
51741 diff -urNp linux-2.6.32.1/sound/pci/ac97/ac97_patch.c linux-2.6.32.1/sound/pci/ac97/ac97_patch.c
51742 --- linux-2.6.32.1/sound/pci/ac97/ac97_patch.c 2009-12-02 22:51:21.000000000 -0500
51743 +++ linux-2.6.32.1/sound/pci/ac97/ac97_patch.c 2009-12-14 18:34:00.010722092 -0500
51744 @@ -371,7 +371,7 @@ static int patch_yamaha_ymf743_build_spd
51748 -static struct snd_ac97_build_ops patch_yamaha_ymf743_ops = {
51749 +static const struct snd_ac97_build_ops patch_yamaha_ymf743_ops = {
51750 .build_spdif = patch_yamaha_ymf743_build_spdif,
51751 .build_3d = patch_yamaha_ymf7x3_3d,
51753 @@ -455,7 +455,7 @@ static int patch_yamaha_ymf753_post_spdi
51757 -static struct snd_ac97_build_ops patch_yamaha_ymf753_ops = {
51758 +static const struct snd_ac97_build_ops patch_yamaha_ymf753_ops = {
51759 .build_3d = patch_yamaha_ymf7x3_3d,
51760 .build_post_spdif = patch_yamaha_ymf753_post_spdif
51762 @@ -502,7 +502,7 @@ static int patch_wolfson_wm9703_specific
51766 -static struct snd_ac97_build_ops patch_wolfson_wm9703_ops = {
51767 +static const struct snd_ac97_build_ops patch_wolfson_wm9703_ops = {
51768 .build_specific = patch_wolfson_wm9703_specific,
51771 @@ -533,7 +533,7 @@ static int patch_wolfson_wm9704_specific
51775 -static struct snd_ac97_build_ops patch_wolfson_wm9704_ops = {
51776 +static const struct snd_ac97_build_ops patch_wolfson_wm9704_ops = {
51777 .build_specific = patch_wolfson_wm9704_specific,
51780 @@ -555,7 +555,7 @@ static int patch_wolfson_wm9705_specific
51784 -static struct snd_ac97_build_ops patch_wolfson_wm9705_ops = {
51785 +static const struct snd_ac97_build_ops patch_wolfson_wm9705_ops = {
51786 .build_specific = patch_wolfson_wm9705_specific,
51789 @@ -692,7 +692,7 @@ static int patch_wolfson_wm9711_specific
51793 -static struct snd_ac97_build_ops patch_wolfson_wm9711_ops = {
51794 +static const struct snd_ac97_build_ops patch_wolfson_wm9711_ops = {
51795 .build_specific = patch_wolfson_wm9711_specific,
51798 @@ -886,7 +886,7 @@ static void patch_wolfson_wm9713_resume
51802 -static struct snd_ac97_build_ops patch_wolfson_wm9713_ops = {
51803 +static const struct snd_ac97_build_ops patch_wolfson_wm9713_ops = {
51804 .build_specific = patch_wolfson_wm9713_specific,
51805 .build_3d = patch_wolfson_wm9713_3d,
51807 @@ -991,7 +991,7 @@ static int patch_sigmatel_stac97xx_speci
51811 -static struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = {
51812 +static const struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = {
51813 .build_3d = patch_sigmatel_stac9700_3d,
51814 .build_specific = patch_sigmatel_stac97xx_specific
51816 @@ -1038,7 +1038,7 @@ static int patch_sigmatel_stac9708_speci
51817 return patch_sigmatel_stac97xx_specific(ac97);
51820 -static struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = {
51821 +static const struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = {
51822 .build_3d = patch_sigmatel_stac9708_3d,
51823 .build_specific = patch_sigmatel_stac9708_specific
51825 @@ -1267,7 +1267,7 @@ static int patch_sigmatel_stac9758_speci
51829 -static struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = {
51830 +static const struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = {
51831 .build_3d = patch_sigmatel_stac9700_3d,
51832 .build_specific = patch_sigmatel_stac9758_specific
51834 @@ -1342,7 +1342,7 @@ static int patch_cirrus_build_spdif(stru
51838 -static struct snd_ac97_build_ops patch_cirrus_ops = {
51839 +static const struct snd_ac97_build_ops patch_cirrus_ops = {
51840 .build_spdif = patch_cirrus_build_spdif
51843 @@ -1399,7 +1399,7 @@ static int patch_conexant_build_spdif(st
51847 -static struct snd_ac97_build_ops patch_conexant_ops = {
51848 +static const struct snd_ac97_build_ops patch_conexant_ops = {
51849 .build_spdif = patch_conexant_build_spdif
51852 @@ -1501,7 +1501,7 @@ static const struct snd_ac97_res_table a
51853 { AC97_VIDEO, 0x9f1f },
51854 { AC97_AUX, 0x9f1f },
51855 { AC97_PCM, 0x9f1f },
51856 - { } /* terminator */
51857 + { 0, 0 } /* terminator */
51860 static int patch_ad1819(struct snd_ac97 * ac97)
51861 @@ -1575,7 +1575,7 @@ static void patch_ad1881_chained(struct
51865 -static struct snd_ac97_build_ops patch_ad1881_build_ops = {
51866 +static const struct snd_ac97_build_ops patch_ad1881_build_ops = {
51868 .resume = ad18xx_resume
51870 @@ -1662,7 +1662,7 @@ static int patch_ad1885_specific(struct
51874 -static struct snd_ac97_build_ops patch_ad1885_build_ops = {
51875 +static const struct snd_ac97_build_ops patch_ad1885_build_ops = {
51876 .build_specific = &patch_ad1885_specific,
51878 .resume = ad18xx_resume
51879 @@ -1689,7 +1689,7 @@ static int patch_ad1886_specific(struct
51883 -static struct snd_ac97_build_ops patch_ad1886_build_ops = {
51884 +static const struct snd_ac97_build_ops patch_ad1886_build_ops = {
51885 .build_specific = &patch_ad1886_specific,
51887 .resume = ad18xx_resume
51888 @@ -1893,7 +1893,7 @@ static int patch_ad1981a_specific(struct
51889 ARRAY_SIZE(snd_ac97_ad1981x_jack_sense));
51892 -static struct snd_ac97_build_ops patch_ad1981a_build_ops = {
51893 +static const struct snd_ac97_build_ops patch_ad1981a_build_ops = {
51894 .build_post_spdif = patch_ad198x_post_spdif,
51895 .build_specific = patch_ad1981a_specific,
51897 @@ -1948,7 +1948,7 @@ static int patch_ad1981b_specific(struct
51898 ARRAY_SIZE(snd_ac97_ad1981x_jack_sense));
51901 -static struct snd_ac97_build_ops patch_ad1981b_build_ops = {
51902 +static const struct snd_ac97_build_ops patch_ad1981b_build_ops = {
51903 .build_post_spdif = patch_ad198x_post_spdif,
51904 .build_specific = patch_ad1981b_specific,
51906 @@ -2087,7 +2087,7 @@ static int patch_ad1888_specific(struct
51907 return patch_build_controls(ac97, snd_ac97_ad1888_controls, ARRAY_SIZE(snd_ac97_ad1888_controls));
51910 -static struct snd_ac97_build_ops patch_ad1888_build_ops = {
51911 +static const struct snd_ac97_build_ops patch_ad1888_build_ops = {
51912 .build_post_spdif = patch_ad198x_post_spdif,
51913 .build_specific = patch_ad1888_specific,
51915 @@ -2136,7 +2136,7 @@ static int patch_ad1980_specific(struct
51916 return patch_build_controls(ac97, &snd_ac97_ad198x_2cmic, 1);
51919 -static struct snd_ac97_build_ops patch_ad1980_build_ops = {
51920 +static const struct snd_ac97_build_ops patch_ad1980_build_ops = {
51921 .build_post_spdif = patch_ad198x_post_spdif,
51922 .build_specific = patch_ad1980_specific,
51924 @@ -2251,7 +2251,7 @@ static int patch_ad1985_specific(struct
51925 ARRAY_SIZE(snd_ac97_ad1985_controls));
51928 -static struct snd_ac97_build_ops patch_ad1985_build_ops = {
51929 +static const struct snd_ac97_build_ops patch_ad1985_build_ops = {
51930 .build_post_spdif = patch_ad198x_post_spdif,
51931 .build_specific = patch_ad1985_specific,
51933 @@ -2543,7 +2543,7 @@ static int patch_ad1986_specific(struct
51934 ARRAY_SIZE(snd_ac97_ad1985_controls));
51937 -static struct snd_ac97_build_ops patch_ad1986_build_ops = {
51938 +static const struct snd_ac97_build_ops patch_ad1986_build_ops = {
51939 .build_post_spdif = patch_ad198x_post_spdif,
51940 .build_specific = patch_ad1986_specific,
51942 @@ -2648,7 +2648,7 @@ static int patch_alc650_specific(struct
51946 -static struct snd_ac97_build_ops patch_alc650_ops = {
51947 +static const struct snd_ac97_build_ops patch_alc650_ops = {
51948 .build_specific = patch_alc650_specific,
51949 .update_jacks = alc650_update_jacks
51951 @@ -2800,7 +2800,7 @@ static int patch_alc655_specific(struct
51955 -static struct snd_ac97_build_ops patch_alc655_ops = {
51956 +static const struct snd_ac97_build_ops patch_alc655_ops = {
51957 .build_specific = patch_alc655_specific,
51958 .update_jacks = alc655_update_jacks
51960 @@ -2912,7 +2912,7 @@ static int patch_alc850_specific(struct
51964 -static struct snd_ac97_build_ops patch_alc850_ops = {
51965 +static const struct snd_ac97_build_ops patch_alc850_ops = {
51966 .build_specific = patch_alc850_specific,
51967 .update_jacks = alc850_update_jacks
51969 @@ -2974,7 +2974,7 @@ static int patch_cm9738_specific(struct
51970 return patch_build_controls(ac97, snd_ac97_cm9738_controls, ARRAY_SIZE(snd_ac97_cm9738_controls));
51973 -static struct snd_ac97_build_ops patch_cm9738_ops = {
51974 +static const struct snd_ac97_build_ops patch_cm9738_ops = {
51975 .build_specific = patch_cm9738_specific,
51976 .update_jacks = cm9738_update_jacks
51978 @@ -3065,7 +3065,7 @@ static int patch_cm9739_post_spdif(struc
51979 return patch_build_controls(ac97, snd_ac97_cm9739_controls_spdif, ARRAY_SIZE(snd_ac97_cm9739_controls_spdif));
51982 -static struct snd_ac97_build_ops patch_cm9739_ops = {
51983 +static const struct snd_ac97_build_ops patch_cm9739_ops = {
51984 .build_specific = patch_cm9739_specific,
51985 .build_post_spdif = patch_cm9739_post_spdif,
51986 .update_jacks = cm9739_update_jacks
51987 @@ -3239,7 +3239,7 @@ static int patch_cm9761_specific(struct
51988 return patch_build_controls(ac97, snd_ac97_cm9761_controls, ARRAY_SIZE(snd_ac97_cm9761_controls));
51991 -static struct snd_ac97_build_ops patch_cm9761_ops = {
51992 +static const struct snd_ac97_build_ops patch_cm9761_ops = {
51993 .build_specific = patch_cm9761_specific,
51994 .build_post_spdif = patch_cm9761_post_spdif,
51995 .update_jacks = cm9761_update_jacks
51996 @@ -3335,7 +3335,7 @@ static int patch_cm9780_specific(struct
51997 return patch_build_controls(ac97, cm9780_controls, ARRAY_SIZE(cm9780_controls));
52000 -static struct snd_ac97_build_ops patch_cm9780_ops = {
52001 +static const struct snd_ac97_build_ops patch_cm9780_ops = {
52002 .build_specific = patch_cm9780_specific,
52003 .build_post_spdif = patch_cm9761_post_spdif /* identical with CM9761 */
52005 @@ -3455,7 +3455,7 @@ static int patch_vt1616_specific(struct
52009 -static struct snd_ac97_build_ops patch_vt1616_ops = {
52010 +static const struct snd_ac97_build_ops patch_vt1616_ops = {
52011 .build_specific = patch_vt1616_specific
52014 @@ -3809,7 +3809,7 @@ static int patch_it2646_specific(struct
52018 -static struct snd_ac97_build_ops patch_it2646_ops = {
52019 +static const struct snd_ac97_build_ops patch_it2646_ops = {
52020 .build_specific = patch_it2646_specific,
52021 .update_jacks = it2646_update_jacks
52023 @@ -3843,7 +3843,7 @@ static int patch_si3036_specific(struct
52027 -static struct snd_ac97_build_ops patch_si3036_ops = {
52028 +static const struct snd_ac97_build_ops patch_si3036_ops = {
52029 .build_specific = patch_si3036_specific,
52032 @@ -3876,7 +3876,7 @@ static struct snd_ac97_res_table lm4550_
52033 { AC97_AUX, 0x1f1f },
52034 { AC97_PCM, 0x1f1f },
52035 { AC97_REC_GAIN, 0x0f0f },
52036 - { } /* terminator */
52037 + { 0, 0 } /* terminator */
52040 static int patch_lm4550(struct snd_ac97 *ac97)
52041 @@ -3910,7 +3910,7 @@ static int patch_ucb1400_specific(struct
52045 -static struct snd_ac97_build_ops patch_ucb1400_ops = {
52046 +static const struct snd_ac97_build_ops patch_ucb1400_ops = {
52047 .build_specific = patch_ucb1400_specific,
52050 diff -urNp linux-2.6.32.1/sound/pci/ens1370.c linux-2.6.32.1/sound/pci/ens1370.c
52051 --- linux-2.6.32.1/sound/pci/ens1370.c 2009-12-02 22:51:21.000000000 -0500
52052 +++ linux-2.6.32.1/sound/pci/ens1370.c 2009-12-14 18:34:00.020737821 -0500
52053 @@ -452,7 +452,7 @@ static struct pci_device_id snd_audiopci
52054 { PCI_VDEVICE(ENSONIQ, 0x5880), 0, }, /* ES1373 - CT5880 */
52055 { PCI_VDEVICE(ECTIVA, 0x8938), 0, }, /* Ectiva EV1938 */
52058 + { 0, 0, 0, 0, 0, 0, 0 }
52061 MODULE_DEVICE_TABLE(pci, snd_audiopci_ids);
52062 diff -urNp linux-2.6.32.1/sound/pci/intel8x0.c linux-2.6.32.1/sound/pci/intel8x0.c
52063 --- linux-2.6.32.1/sound/pci/intel8x0.c 2009-12-02 22:51:21.000000000 -0500
52064 +++ linux-2.6.32.1/sound/pci/intel8x0.c 2009-12-14 18:34:00.038929833 -0500
52065 @@ -444,7 +444,7 @@ static struct pci_device_id snd_intel8x0
52066 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
52067 { PCI_VDEVICE(AMD, 0x7445), DEVICE_INTEL }, /* AMD768 */
52068 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
52070 + { 0, 0, 0, 0, 0, 0, 0 }
52073 MODULE_DEVICE_TABLE(pci, snd_intel8x0_ids);
52074 @@ -2123,7 +2123,7 @@ static struct ac97_quirk ac97_quirks[] _
52075 .type = AC97_TUNE_HP_ONLY
52078 - { } /* terminator */
52079 + { 0, 0, 0, 0, NULL, 0 } /* terminator */
52082 static int __devinit snd_intel8x0_mixer(struct intel8x0 *chip, int ac97_clock,
52083 diff -urNp linux-2.6.32.1/sound/pci/intel8x0m.c linux-2.6.32.1/sound/pci/intel8x0m.c
52084 --- linux-2.6.32.1/sound/pci/intel8x0m.c 2009-12-02 22:51:21.000000000 -0500
52085 +++ linux-2.6.32.1/sound/pci/intel8x0m.c 2009-12-14 18:34:00.051044558 -0500
52086 @@ -239,7 +239,7 @@ static struct pci_device_id snd_intel8x0
52087 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
52088 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
52091 + { 0, 0, 0, 0, 0, 0, 0 }
52094 MODULE_DEVICE_TABLE(pci, snd_intel8x0m_ids);
52095 @@ -1264,7 +1264,7 @@ static struct shortname_table {
52096 { 0x5455, "ALi M5455" },
52097 { 0x746d, "AMD AMD8111" },
52103 static int __devinit snd_intel8x0m_probe(struct pci_dev *pci,
52104 diff -urNp linux-2.6.32.1/usr/gen_init_cpio.c linux-2.6.32.1/usr/gen_init_cpio.c
52105 --- linux-2.6.32.1/usr/gen_init_cpio.c 2009-12-02 22:51:21.000000000 -0500
52106 +++ linux-2.6.32.1/usr/gen_init_cpio.c 2009-12-14 18:34:00.051906262 -0500
52107 @@ -299,7 +299,7 @@ static int cpio_mkfile(const char *name,
52116 @@ -383,9 +383,10 @@ static char *cpio_replace_env(char *new_
52117 *env_var = *expanded = '\0';
52118 strncat(env_var, start + 2, end - start - 2);
52119 strncat(expanded, new_location, start - new_location);
52120 - strncat(expanded, getenv(env_var), PATH_MAX);
52121 - strncat(expanded, end + 1, PATH_MAX);
52122 + strncat(expanded, getenv(env_var), PATH_MAX - strlen(expanded));
52123 + strncat(expanded, end + 1, PATH_MAX - strlen(expanded));
52124 strncpy(new_location, expanded, PATH_MAX);
52125 + new_location[PATH_MAX] = 0;
52129 diff -urNp linux-2.6.32.1/virt/kvm/kvm_main.c linux-2.6.32.1/virt/kvm/kvm_main.c
52130 --- linux-2.6.32.1/virt/kvm/kvm_main.c 2009-12-02 22:51:21.000000000 -0500
52131 +++ linux-2.6.32.1/virt/kvm/kvm_main.c 2009-12-14 18:34:00.063810240 -0500
52132 @@ -1745,6 +1745,7 @@ static int kvm_vcpu_release(struct inode
52136 +/* cannot be const */
52137 static struct file_operations kvm_vcpu_fops = {
52138 .release = kvm_vcpu_release,
52139 .unlocked_ioctl = kvm_vcpu_ioctl,
52140 @@ -2341,6 +2342,7 @@ static int kvm_vm_mmap(struct file *file
52144 +/* cannot be const */
52145 static struct file_operations kvm_vm_fops = {
52146 .release = kvm_vm_release,
52147 .unlocked_ioctl = kvm_vm_ioctl,
52148 @@ -2428,6 +2430,7 @@ out:
52152 +/* cannot be const */
52153 static struct file_operations kvm_chardev_ops = {
52154 .unlocked_ioctl = kvm_dev_ioctl,
52155 .compat_ioctl = kvm_dev_ioctl,
52156 @@ -2437,6 +2440,9 @@ static struct miscdevice kvm_dev = {
52165 static void hardware_enable(void *junk)
52166 @@ -2711,7 +2717,7 @@ static void kvm_sched_out(struct preempt
52167 kvm_arch_vcpu_put(vcpu);
52170 -int kvm_init(void *opaque, unsigned int vcpu_size,
52171 +int kvm_init(const void *opaque, unsigned int vcpu_size,
52172 struct module *module)