1 diff -urNp linux-2.6.32.1/arch/alpha/include/asm/atomic.h linux-2.6.32.1/arch/alpha/include/asm/atomic.h
2 --- linux-2.6.32.1/arch/alpha/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
3 +++ linux-2.6.32.1/arch/alpha/include/asm/atomic.h 2009-12-14 18:33:50.937708656 -0500
5 #define ATOMIC64_INIT(i) ( (atomic64_t) { (i) } )
7 #define atomic_read(v) ((v)->counter + 0)
8 +#define atomic_read_unchecked(v) ((v)->counter + 0)
9 #define atomic64_read(v) ((v)->counter + 0)
11 #define atomic_set(v,i) ((v)->counter = (i))
12 +#define atomic_set_unchecked(v,i) ((v)->counter = (i))
13 #define atomic64_set(v,i) ((v)->counter = (i))
16 @@ -44,6 +46,11 @@ static __inline__ void atomic_add(int i,
17 :"Ir" (i), "m" (v->counter));
20 +static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t * v)
22 + atomic_add(i, (atomic_t *)v);
25 static __inline__ void atomic64_add(long i, atomic64_t * v)
28 @@ -74,6 +81,11 @@ static __inline__ void atomic_sub(int i,
29 :"Ir" (i), "m" (v->counter));
32 +static __inline__ void atomic_sub_unchecked(int i, atomic_unchecked_t * v)
34 + atomic_sub(i, (atomic_t *)v);
37 static __inline__ void atomic64_sub(long i, atomic64_t * v)
40 @@ -246,6 +258,7 @@ static __inline__ int atomic64_add_unles
41 #define atomic64_dec_and_test(v) (atomic64_sub_return(1, (v)) == 0)
43 #define atomic_inc(v) atomic_add(1,(v))
44 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1,(v))
45 #define atomic64_inc(v) atomic64_add(1,(v))
47 #define atomic_dec(v) atomic_sub(1,(v))
48 diff -urNp linux-2.6.32.1/arch/alpha/include/asm/elf.h linux-2.6.32.1/arch/alpha/include/asm/elf.h
49 --- linux-2.6.32.1/arch/alpha/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
50 +++ linux-2.6.32.1/arch/alpha/include/asm/elf.h 2009-12-14 18:33:50.937708656 -0500
51 @@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
53 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
55 +#ifdef CONFIG_PAX_ASLR
56 +#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
58 +#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
59 +#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
62 /* $0 is set by ld.so to a pointer to a function which might be
63 registered using atexit. This provides a mean for the dynamic
64 linker to call DT_FINI functions for shared libraries that have
65 diff -urNp linux-2.6.32.1/arch/alpha/include/asm/pgtable.h linux-2.6.32.1/arch/alpha/include/asm/pgtable.h
66 --- linux-2.6.32.1/arch/alpha/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
67 +++ linux-2.6.32.1/arch/alpha/include/asm/pgtable.h 2009-12-14 18:33:50.937708656 -0500
68 @@ -101,6 +101,17 @@ struct vm_area_struct;
69 #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
70 #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
71 #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
73 +#ifdef CONFIG_PAX_PAGEEXEC
74 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
75 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
76 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
78 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
79 +# define PAGE_COPY_NOEXEC PAGE_COPY
80 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
83 #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
85 #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
86 diff -urNp linux-2.6.32.1/arch/alpha/kernel/module.c linux-2.6.32.1/arch/alpha/kernel/module.c
87 --- linux-2.6.32.1/arch/alpha/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
88 +++ linux-2.6.32.1/arch/alpha/kernel/module.c 2009-12-14 18:33:50.938740017 -0500
89 @@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
91 /* The small sections were sorted to the end of the segment.
92 The following should definitely cover them. */
93 - gp = (u64)me->module_core + me->core_size - 0x8000;
94 + gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000;
95 got = sechdrs[me->arch.gotsecindex].sh_addr;
97 for (i = 0; i < n; i++) {
98 diff -urNp linux-2.6.32.1/arch/alpha/kernel/osf_sys.c linux-2.6.32.1/arch/alpha/kernel/osf_sys.c
99 --- linux-2.6.32.1/arch/alpha/kernel/osf_sys.c 2009-12-02 22:51:21.000000000 -0500
100 +++ linux-2.6.32.1/arch/alpha/kernel/osf_sys.c 2009-12-14 18:33:50.955989565 -0500
101 @@ -1212,6 +1212,10 @@ arch_get_unmapped_area(struct file *filp
102 merely specific addresses, but regions of memory -- perhaps
103 this feature should be incorporated into all ports? */
105 +#ifdef CONFIG_PAX_RANDMMAP
106 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
110 addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
111 if (addr != (unsigned long) -ENOMEM)
112 @@ -1219,8 +1223,8 @@ arch_get_unmapped_area(struct file *filp
115 /* Next, try allocating at TASK_UNMAPPED_BASE. */
116 - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
118 + addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit);
120 if (addr != (unsigned long) -ENOMEM)
123 diff -urNp linux-2.6.32.1/arch/alpha/mm/fault.c linux-2.6.32.1/arch/alpha/mm/fault.c
124 --- linux-2.6.32.1/arch/alpha/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
125 +++ linux-2.6.32.1/arch/alpha/mm/fault.c 2009-12-14 18:33:50.955989565 -0500
126 @@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
127 __reload_thread(pcb);
130 +#ifdef CONFIG_PAX_PAGEEXEC
132 + * PaX: decide what to do with offenders (regs->pc = fault address)
134 + * returns 1 when task should be killed
135 + * 2 when patched PLT trampoline was detected
136 + * 3 when unpatched PLT trampoline was detected
138 +static int pax_handle_fetch_fault(struct pt_regs *regs)
141 +#ifdef CONFIG_PAX_EMUPLT
144 + do { /* PaX: patched PLT emulation #1 */
145 + unsigned int ldah, ldq, jmp;
147 + err = get_user(ldah, (unsigned int *)regs->pc);
148 + err |= get_user(ldq, (unsigned int *)(regs->pc+4));
149 + err |= get_user(jmp, (unsigned int *)(regs->pc+8));
154 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
155 + (ldq & 0xFFFF0000U) == 0xA77B0000U &&
156 + jmp == 0x6BFB0000U)
158 + unsigned long r27, addr;
159 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
160 + unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
162 + addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
163 + err = get_user(r27, (unsigned long *)addr);
173 + do { /* PaX: patched PLT emulation #2 */
174 + unsigned int ldah, lda, br;
176 + err = get_user(ldah, (unsigned int *)regs->pc);
177 + err |= get_user(lda, (unsigned int *)(regs->pc+4));
178 + err |= get_user(br, (unsigned int *)(regs->pc+8));
183 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
184 + (lda & 0xFFFF0000U) == 0xA77B0000U &&
185 + (br & 0xFFE00000U) == 0xC3E00000U)
187 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
188 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
189 + unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
191 + regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
192 + regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
197 + do { /* PaX: unpatched PLT emulation */
200 + err = get_user(br, (unsigned int *)regs->pc);
202 + if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
203 + unsigned int br2, ldq, nop, jmp;
204 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
206 + addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
207 + err = get_user(br2, (unsigned int *)addr);
208 + err |= get_user(ldq, (unsigned int *)(addr+4));
209 + err |= get_user(nop, (unsigned int *)(addr+8));
210 + err |= get_user(jmp, (unsigned int *)(addr+12));
211 + err |= get_user(resolver, (unsigned long *)(addr+16));
216 + if (br2 == 0xC3600000U &&
217 + ldq == 0xA77B000CU &&
218 + nop == 0x47FF041FU &&
219 + jmp == 0x6B7B0000U)
221 + regs->r28 = regs->pc+4;
222 + regs->r27 = addr+16;
223 + regs->pc = resolver;
233 +void pax_report_insns(void *pc, void *sp)
237 + printk(KERN_ERR "PAX: bytes at PC: ");
238 + for (i = 0; i < 5; i++) {
240 + if (get_user(c, (unsigned int *)pc+i))
241 + printk(KERN_CONT "???????? ");
243 + printk(KERN_CONT "%08x ", c);
250 * This routine handles page faults. It determines the address,
251 @@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns
253 si_code = SEGV_ACCERR;
255 - if (!(vma->vm_flags & VM_EXEC))
256 + if (!(vma->vm_flags & VM_EXEC)) {
258 +#ifdef CONFIG_PAX_PAGEEXEC
259 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
262 + up_read(&mm->mmap_sem);
263 + switch (pax_handle_fetch_fault(regs)) {
265 +#ifdef CONFIG_PAX_EMUPLT
272 + pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
273 + do_group_exit(SIGKILL);
280 /* Allow reads even for write-only mappings */
281 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
282 diff -urNp linux-2.6.32.1/arch/arm/include/asm/atomic.h linux-2.6.32.1/arch/arm/include/asm/atomic.h
283 --- linux-2.6.32.1/arch/arm/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
284 +++ linux-2.6.32.1/arch/arm/include/asm/atomic.h 2009-12-14 18:33:51.013956117 -0500
286 * atomic_set() is the clrex or dummy strex done on every exception return.
288 #define atomic_read(v) ((v)->counter)
289 +#define atomic_read_unchecked(v) ((v)->counter)
290 #define atomic_set(v,i) (((v)->counter) = (i))
291 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
293 #if __LINUX_ARM_ARCH__ >= 6
295 @@ -50,6 +52,11 @@ static inline void atomic_add(int i, ato
299 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
301 + atomic_add(i, (atomic_t *)v);
304 static inline int atomic_add_return(int i, atomic_t *v)
307 @@ -88,6 +95,11 @@ static inline void atomic_sub(int i, ato
311 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
313 + atomic_sub(i, (atomic_t *)v);
316 static inline int atomic_sub_return(int i, atomic_t *v)
319 @@ -220,6 +232,7 @@ static inline int atomic_add_unless(atom
320 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
322 #define atomic_inc(v) atomic_add(1, v)
323 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1, v)
324 #define atomic_dec(v) atomic_sub(1, v)
326 #define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0)
327 diff -urNp linux-2.6.32.1/arch/arm/include/asm/elf.h linux-2.6.32.1/arch/arm/include/asm/elf.h
328 --- linux-2.6.32.1/arch/arm/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
329 +++ linux-2.6.32.1/arch/arm/include/asm/elf.h 2009-12-14 18:33:51.020967373 -0500
330 @@ -109,7 +109,14 @@ int dump_task_regs(struct task_struct *t
331 the loader. We need to make sure that it is out of the way of the program
332 that it will "exec", and that there is sufficient room for the brk. */
334 -#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
335 +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
337 +#ifdef CONFIG_PAX_ASLR
338 +#define PAX_ELF_ET_DYN_BASE 0x00008000UL
340 +#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
341 +#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
344 /* When the program starts, a1 contains a pointer to a function to be
345 registered with atexit, as per the SVR4 ABI. A value of 0 means we
346 diff -urNp linux-2.6.32.1/arch/arm/include/asm/kmap_types.h linux-2.6.32.1/arch/arm/include/asm/kmap_types.h
347 --- linux-2.6.32.1/arch/arm/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
348 +++ linux-2.6.32.1/arch/arm/include/asm/kmap_types.h 2009-12-14 18:33:51.020967373 -0500
349 @@ -19,6 +19,7 @@ enum km_type {
357 diff -urNp linux-2.6.32.1/arch/arm/include/asm/uaccess.h linux-2.6.32.1/arch/arm/include/asm/uaccess.h
358 --- linux-2.6.32.1/arch/arm/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
359 +++ linux-2.6.32.1/arch/arm/include/asm/uaccess.h 2009-12-14 18:33:51.020967373 -0500
360 @@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
362 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
367 if (access_ok(VERIFY_READ, from, n))
368 n = __copy_from_user(to, from, n);
369 else /* security hole - plug it */
370 @@ -412,6 +415,9 @@ static inline unsigned long __must_check
372 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
377 if (access_ok(VERIFY_WRITE, to, n))
378 n = __copy_to_user(to, from, n);
380 diff -urNp linux-2.6.32.1/arch/arm/kernel/kgdb.c linux-2.6.32.1/arch/arm/kernel/kgdb.c
381 --- linux-2.6.32.1/arch/arm/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
382 +++ linux-2.6.32.1/arch/arm/kernel/kgdb.c 2009-12-14 18:33:51.020967373 -0500
383 @@ -190,7 +190,7 @@ void kgdb_arch_exit(void)
384 * and we handle the normal undef case within the do_undefinstr
387 -struct kgdb_arch arch_kgdb_ops = {
388 +const struct kgdb_arch arch_kgdb_ops = {
390 .gdb_bpt_instr = {0xfe, 0xde, 0xff, 0xe7}
391 #else /* ! __ARMEB__ */
392 diff -urNp linux-2.6.32.1/arch/arm/mach-at91/pm.c linux-2.6.32.1/arch/arm/mach-at91/pm.c
393 --- linux-2.6.32.1/arch/arm/mach-at91/pm.c 2009-12-02 22:51:21.000000000 -0500
394 +++ linux-2.6.32.1/arch/arm/mach-at91/pm.c 2009-12-14 18:33:51.020967373 -0500
395 @@ -348,7 +348,7 @@ static void at91_pm_end(void)
399 -static struct platform_suspend_ops at91_pm_ops ={
400 +static const struct platform_suspend_ops at91_pm_ops ={
401 .valid = at91_pm_valid_state,
402 .begin = at91_pm_begin,
403 .enter = at91_pm_enter,
404 diff -urNp linux-2.6.32.1/arch/arm/mach-omap1/pm.c linux-2.6.32.1/arch/arm/mach-omap1/pm.c
405 --- linux-2.6.32.1/arch/arm/mach-omap1/pm.c 2009-12-02 22:51:21.000000000 -0500
406 +++ linux-2.6.32.1/arch/arm/mach-omap1/pm.c 2009-12-14 18:33:51.020967373 -0500
407 @@ -647,7 +647,7 @@ static struct irqaction omap_wakeup_irq
411 -static struct platform_suspend_ops omap_pm_ops ={
412 +static const struct platform_suspend_ops omap_pm_ops ={
413 .prepare = omap_pm_prepare,
414 .enter = omap_pm_enter,
415 .finish = omap_pm_finish,
416 diff -urNp linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c
417 --- linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c 2009-12-02 22:51:21.000000000 -0500
418 +++ linux-2.6.32.1/arch/arm/mach-omap2/pm24xx.c 2009-12-14 18:33:51.140923568 -0500
419 @@ -326,7 +326,7 @@ static void omap2_pm_finish(void)
423 -static struct platform_suspend_ops omap_pm_ops = {
424 +static const struct platform_suspend_ops omap_pm_ops = {
425 .prepare = omap2_pm_prepare,
426 .enter = omap2_pm_enter,
427 .finish = omap2_pm_finish,
428 diff -urNp linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c
429 --- linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c 2009-12-02 22:51:21.000000000 -0500
430 +++ linux-2.6.32.1/arch/arm/mach-omap2/pm34xx.c 2009-12-14 18:33:51.153153597 -0500
431 @@ -401,7 +401,7 @@ static void omap3_pm_end(void)
435 -static struct platform_suspend_ops omap_pm_ops = {
436 +static const struct platform_suspend_ops omap_pm_ops = {
437 .begin = omap3_pm_begin,
439 .prepare = omap3_pm_prepare,
440 diff -urNp linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c
441 --- linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c 2009-12-02 22:51:21.000000000 -0500
442 +++ linux-2.6.32.1/arch/arm/mach-pnx4008/pm.c 2009-12-14 18:33:51.153153597 -0500
443 @@ -116,7 +116,7 @@ static int pnx4008_pm_valid(suspend_stat
444 (state == PM_SUSPEND_MEM);
447 -static struct platform_suspend_ops pnx4008_pm_ops = {
448 +static const struct platform_suspend_ops pnx4008_pm_ops = {
449 .enter = pnx4008_pm_enter,
450 .valid = pnx4008_pm_valid,
452 diff -urNp linux-2.6.32.1/arch/arm/mach-pxa/pm.c linux-2.6.32.1/arch/arm/mach-pxa/pm.c
453 --- linux-2.6.32.1/arch/arm/mach-pxa/pm.c 2009-12-02 22:51:21.000000000 -0500
454 +++ linux-2.6.32.1/arch/arm/mach-pxa/pm.c 2009-12-14 18:33:51.154149859 -0500
455 @@ -95,7 +95,7 @@ void pxa_pm_finish(void)
456 pxa_cpu_pm_fns->finish();
459 -static struct platform_suspend_ops pxa_pm_ops = {
460 +static const struct platform_suspend_ops pxa_pm_ops = {
461 .valid = pxa_pm_valid,
462 .enter = pxa_pm_enter,
463 .prepare = pxa_pm_prepare,
464 diff -urNp linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c
465 --- linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c 2009-12-02 22:51:21.000000000 -0500
466 +++ linux-2.6.32.1/arch/arm/mach-pxa/sharpsl_pm.c 2009-12-14 18:33:51.171158507 -0500
467 @@ -891,7 +891,7 @@ static void sharpsl_apm_get_power_status
471 -static struct platform_suspend_ops sharpsl_pm_ops = {
472 +static const struct platform_suspend_ops sharpsl_pm_ops = {
473 .prepare = pxa_pm_prepare,
474 .finish = pxa_pm_finish,
475 .enter = corgi_pxa_pm_enter,
476 diff -urNp linux-2.6.32.1/arch/arm/mach-sa1100/pm.c linux-2.6.32.1/arch/arm/mach-sa1100/pm.c
477 --- linux-2.6.32.1/arch/arm/mach-sa1100/pm.c 2009-12-02 22:51:21.000000000 -0500
478 +++ linux-2.6.32.1/arch/arm/mach-sa1100/pm.c 2009-12-14 18:33:51.171158507 -0500
479 @@ -120,7 +120,7 @@ unsigned long sleep_phys_sp(void *sp)
480 return virt_to_phys(sp);
483 -static struct platform_suspend_ops sa11x0_pm_ops = {
484 +static const struct platform_suspend_ops sa11x0_pm_ops = {
485 .enter = sa11x0_pm_enter,
486 .valid = suspend_valid_only_mem,
488 diff -urNp linux-2.6.32.1/arch/arm/mm/mmap.c linux-2.6.32.1/arch/arm/mm/mmap.c
489 --- linux-2.6.32.1/arch/arm/mm/mmap.c 2009-12-02 22:51:21.000000000 -0500
490 +++ linux-2.6.32.1/arch/arm/mm/mmap.c 2009-12-14 18:33:51.172149632 -0500
491 @@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp
495 +#ifdef CONFIG_PAX_RANDMMAP
496 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
501 addr = COLOUR_ALIGN(addr, pgoff);
502 @@ -74,10 +78,10 @@ arch_get_unmapped_area(struct file *filp
505 if (len > mm->cached_hole_size) {
506 - start_addr = addr = mm->free_area_cache;
507 + start_addr = addr = mm->free_area_cache;
509 - start_addr = addr = TASK_UNMAPPED_BASE;
510 - mm->cached_hole_size = 0;
511 + start_addr = addr = mm->mmap_base;
512 + mm->cached_hole_size = 0;
516 @@ -93,8 +97,8 @@ full_search:
517 * Start a new search - just in case we missed
520 - if (start_addr != TASK_UNMAPPED_BASE) {
521 - start_addr = addr = TASK_UNMAPPED_BASE;
522 + if (start_addr != mm->mmap_base) {
523 + start_addr = addr = mm->mmap_base;
524 mm->cached_hole_size = 0;
527 diff -urNp linux-2.6.32.1/arch/arm/plat-s3c/pm.c linux-2.6.32.1/arch/arm/plat-s3c/pm.c
528 --- linux-2.6.32.1/arch/arm/plat-s3c/pm.c 2009-12-02 22:51:21.000000000 -0500
529 +++ linux-2.6.32.1/arch/arm/plat-s3c/pm.c 2009-12-14 18:33:51.172149632 -0500
530 @@ -355,7 +355,7 @@ static void s3c_pm_finish(void)
531 s3c_pm_check_cleanup();
534 -static struct platform_suspend_ops s3c_pm_ops = {
535 +static const struct platform_suspend_ops s3c_pm_ops = {
536 .enter = s3c_pm_enter,
537 .prepare = s3c_pm_prepare,
538 .finish = s3c_pm_finish,
539 diff -urNp linux-2.6.32.1/arch/avr32/include/asm/atomic.h linux-2.6.32.1/arch/avr32/include/asm/atomic.h
540 --- linux-2.6.32.1/arch/avr32/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
541 +++ linux-2.6.32.1/arch/avr32/include/asm/atomic.h 2009-12-14 18:33:51.172149632 -0500
543 #define ATOMIC_INIT(i) { (i) }
545 #define atomic_read(v) ((v)->counter)
546 +#define atomic_read_unchecked(v) ((v)->counter)
547 #define atomic_set(v, i) (((v)->counter) = i)
548 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
551 * atomic_sub_return - subtract the atomic variable
552 @@ -48,6 +50,18 @@ static inline int atomic_sub_return(int
556 + * atomic_sub_return_unchecked - subtract the atomic variable
557 + * @i: integer value to subtract
558 + * @v: pointer of type atomic_unchecked_t
560 + * Atomically subtracts @i from @v. Returns the resulting value.
562 +static inline int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v)
564 + return atomic_sub_return(i, (atomic_t *)v);
568 * atomic_add_return - add integer to atomic variable
569 * @i: integer value to add
570 * @v: pointer of type atomic_t
571 @@ -76,6 +90,18 @@ static inline int atomic_add_return(int
575 + * atomic_add_return_unchecked - add integer to atomic variable
576 + * @i: integer value to add
577 + * @v: pointer of type atomic_unchecked_t
579 + * Atomically adds @i to @v. Returns the resulting value.
581 +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
583 + return atomic_add_return(i, (atomic_t *)v);
587 * atomic_sub_unless - sub unless the number is a given value
588 * @v: pointer of type atomic_t
589 * @a: the amount to add to v...
590 @@ -176,9 +202,12 @@ static inline int atomic_sub_if_positive
591 #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
593 #define atomic_sub(i, v) (void)atomic_sub_return(i, v)
594 +#define atomic_sub_unchecked(i, v) (void)atomic_sub_return_unchecked(i, v)
595 #define atomic_add(i, v) (void)atomic_add_return(i, v)
596 +#define atomic_add_unchecked(i, v) (void)atomic_add_return_unchecked(i, v)
597 #define atomic_dec(v) atomic_sub(1, (v))
598 #define atomic_inc(v) atomic_add(1, (v))
599 +#define atomic_inc_unchecked(v) (void)atomic_add_return_unchecked(1, (v))
601 #define atomic_dec_return(v) atomic_sub_return(1, v)
602 #define atomic_inc_return(v) atomic_add_return(1, v)
603 diff -urNp linux-2.6.32.1/arch/avr32/include/asm/elf.h linux-2.6.32.1/arch/avr32/include/asm/elf.h
604 --- linux-2.6.32.1/arch/avr32/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
605 +++ linux-2.6.32.1/arch/avr32/include/asm/elf.h 2009-12-14 18:33:51.172149632 -0500
606 @@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
607 the loader. We need to make sure that it is out of the way of the program
608 that it will "exec", and that there is sufficient room for the brk. */
610 -#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
611 +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
613 +#ifdef CONFIG_PAX_ASLR
614 +#define PAX_ELF_ET_DYN_BASE 0x00001000UL
616 +#define PAX_DELTA_MMAP_LEN 15
617 +#define PAX_DELTA_STACK_LEN 15
620 /* This yields a mask that user programs can use to figure out what
621 instruction set this CPU supports. This could be done in user space,
622 diff -urNp linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h
623 --- linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
624 +++ linux-2.6.32.1/arch/avr32/include/asm/kmap_types.h 2009-12-14 18:33:51.173167798 -0500
625 @@ -22,7 +22,8 @@ D(10) KM_IRQ0,
635 diff -urNp linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c
636 --- linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c 2009-12-02 22:51:21.000000000 -0500
637 +++ linux-2.6.32.1/arch/avr32/mach-at32ap/pm.c 2009-12-14 18:33:51.173167798 -0500
638 @@ -176,7 +176,7 @@ out:
642 -static struct platform_suspend_ops avr32_pm_ops = {
643 +static const struct platform_suspend_ops avr32_pm_ops = {
644 .valid = avr32_pm_valid_state,
645 .enter = avr32_pm_enter,
647 diff -urNp linux-2.6.32.1/arch/avr32/mm/fault.c linux-2.6.32.1/arch/avr32/mm/fault.c
648 --- linux-2.6.32.1/arch/avr32/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
649 +++ linux-2.6.32.1/arch/avr32/mm/fault.c 2009-12-14 18:33:51.173167798 -0500
650 @@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
652 int exception_trace = 1;
654 +#ifdef CONFIG_PAX_PAGEEXEC
655 +void pax_report_insns(void *pc, void *sp)
659 + printk(KERN_ERR "PAX: bytes at PC: ");
660 + for (i = 0; i < 20; i++) {
662 + if (get_user(c, (unsigned char *)pc+i))
663 + printk(KERN_CONT "???????? ");
665 + printk(KERN_CONT "%02x ", c);
672 * This routine handles page faults. It determines the address and the
673 * problem, and then passes it off to one of the appropriate routines.
674 @@ -157,6 +174,16 @@ bad_area:
675 up_read(&mm->mmap_sem);
677 if (user_mode(regs)) {
679 +#ifdef CONFIG_PAX_PAGEEXEC
680 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
681 + if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
682 + pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
683 + do_group_exit(SIGKILL);
688 if (exception_trace && printk_ratelimit())
689 printk("%s%s[%d]: segfault at %08lx pc %08lx "
690 "sp %08lx ecr %lu\n",
691 diff -urNp linux-2.6.32.1/arch/blackfin/include/asm/atomic.h linux-2.6.32.1/arch/blackfin/include/asm/atomic.h
692 --- linux-2.6.32.1/arch/blackfin/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
693 +++ linux-2.6.32.1/arch/blackfin/include/asm/atomic.h 2009-12-14 18:33:51.173803102 -0500
696 #define ATOMIC_INIT(i) { (i) }
697 #define atomic_set(v, i) (((v)->counter) = i)
698 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
700 #define atomic_read(v) __raw_uncached_fetch_asm(&(v)->counter)
701 +#define atomic_read_unchecked(v) __raw_uncached_fetch_asm(&(v)->counter)
703 asmlinkage int __raw_uncached_fetch_asm(const volatile int *ptr);
705 @@ -41,11 +43,21 @@ static inline void atomic_add(int i, ato
706 __raw_atomic_update_asm(&v->counter, i);
709 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
711 + atomic_add(i, (atomic_t *)v);
714 static inline void atomic_sub(int i, atomic_t *v)
716 __raw_atomic_update_asm(&v->counter, -i);
719 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
721 + atomic_sub(i, (atomic_t *)v);
724 static inline int atomic_add_return(int i, atomic_t *v)
726 return __raw_atomic_update_asm(&v->counter, i);
727 @@ -61,6 +73,11 @@ static inline void atomic_inc(volatile a
728 __raw_atomic_update_asm(&v->counter, 1);
731 +static inline void atomic_inc_unchecked(volatile atomic_unchecked_t *v)
733 + atomic_inc((atomic_t *)v);
736 static inline void atomic_dec(volatile atomic_t *v)
738 __raw_atomic_update_asm(&v->counter, -1);
739 diff -urNp linux-2.6.32.1/arch/blackfin/kernel/kgdb.c linux-2.6.32.1/arch/blackfin/kernel/kgdb.c
740 --- linux-2.6.32.1/arch/blackfin/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
741 +++ linux-2.6.32.1/arch/blackfin/kernel/kgdb.c 2009-12-14 18:33:51.177167154 -0500
742 @@ -428,7 +428,7 @@ int kgdb_arch_handle_exception(int vecto
743 return -1; /* this means that we do not want to exit from the handler */
746 -struct kgdb_arch arch_kgdb_ops = {
747 +const struct kgdb_arch arch_kgdb_ops = {
748 .gdb_bpt_instr = {0xa1},
750 .flags = KGDB_HW_BREAKPOINT|KGDB_THR_PROC_SWAP,
751 diff -urNp linux-2.6.32.1/arch/blackfin/mach-common/pm.c linux-2.6.32.1/arch/blackfin/mach-common/pm.c
752 --- linux-2.6.32.1/arch/blackfin/mach-common/pm.c 2009-12-02 22:51:21.000000000 -0500
753 +++ linux-2.6.32.1/arch/blackfin/mach-common/pm.c 2009-12-14 18:33:51.177167154 -0500
754 @@ -255,7 +255,7 @@ static int bfin_pm_enter(suspend_state_t
758 -struct platform_suspend_ops bfin_pm_ops = {
759 +const struct platform_suspend_ops bfin_pm_ops = {
760 .enter = bfin_pm_enter,
761 .valid = bfin_pm_valid,
763 diff -urNp linux-2.6.32.1/arch/cris/include/asm/atomic.h linux-2.6.32.1/arch/cris/include/asm/atomic.h
764 --- linux-2.6.32.1/arch/cris/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
765 +++ linux-2.6.32.1/arch/cris/include/asm/atomic.h 2009-12-14 18:33:51.177167154 -0500
767 #define ATOMIC_INIT(i) { (i) }
769 #define atomic_read(v) ((v)->counter)
770 +#define atomic_read_unchecked(v) ((v)->counter)
771 #define atomic_set(v,i) (((v)->counter) = (i))
772 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
774 /* These should be written in asm but we do it in C for now. */
776 @@ -28,6 +30,11 @@ static inline void atomic_add(int i, vol
777 cris_atomic_restore(v, flags);
780 +static inline void atomic_add_unchecked(int i, volatile atomic_unchecked_t *v)
782 + atomic_add(i, (volatile atomic_t *)v);
785 static inline void atomic_sub(int i, volatile atomic_t *v)
788 @@ -36,6 +43,11 @@ static inline void atomic_sub(int i, vol
789 cris_atomic_restore(v, flags);
792 +static inline void atomic_sub_unchecked(int i, volatile atomic_unchecked_t *v)
794 + atomic_sub(i, (volatile atomic_t *)v);
797 static inline int atomic_add_return(int i, volatile atomic_t *v)
800 @@ -76,6 +88,11 @@ static inline void atomic_inc(volatile a
801 cris_atomic_restore(v, flags);
804 +static inline void atomic_inc_unchecked(volatile atomic_unchecked_t *v)
806 + atomic_inc((volatile atomic_t *)v);
809 static inline void atomic_dec(volatile atomic_t *v)
812 diff -urNp linux-2.6.32.1/arch/frv/include/asm/atomic.h linux-2.6.32.1/arch/frv/include/asm/atomic.h
813 --- linux-2.6.32.1/arch/frv/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
814 +++ linux-2.6.32.1/arch/frv/include/asm/atomic.h 2009-12-14 18:33:51.177167154 -0500
817 #define ATOMIC_INIT(i) { (i) }
818 #define atomic_read(v) ((v)->counter)
819 +#define atomic_read_unchecked(v) ((v)->counter)
820 #define atomic_set(v, i) (((v)->counter) = (i))
821 +#define atomic_set_unchecked(v, i) (((v)->counter) = (i))
823 #ifndef CONFIG_FRV_OUTOFLINE_ATOMIC_OPS
824 static inline int atomic_add_return(int i, atomic_t *v)
825 @@ -99,16 +101,31 @@ static inline void atomic_add(int i, ato
826 atomic_add_return(i, v);
829 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
831 + atomic_add_return(i, (atomic_t *)v);
834 static inline void atomic_sub(int i, atomic_t *v)
836 atomic_sub_return(i, v);
839 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
841 + atomic_sub_return(i, (atomic_t *)v);
844 static inline void atomic_inc(atomic_t *v)
846 atomic_add_return(1, v);
849 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
851 + atomic_add_return(1, (atomic_t *)v);
854 static inline void atomic_dec(atomic_t *v)
856 atomic_sub_return(1, v);
857 diff -urNp linux-2.6.32.1/arch/frv/include/asm/kmap_types.h linux-2.6.32.1/arch/frv/include/asm/kmap_types.h
858 --- linux-2.6.32.1/arch/frv/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
859 +++ linux-2.6.32.1/arch/frv/include/asm/kmap_types.h 2009-12-14 18:33:51.178173575 -0500
860 @@ -23,6 +23,7 @@ enum km_type {
868 diff -urNp linux-2.6.32.1/arch/h8300/include/asm/atomic.h linux-2.6.32.1/arch/h8300/include/asm/atomic.h
869 --- linux-2.6.32.1/arch/h8300/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
870 +++ linux-2.6.32.1/arch/h8300/include/asm/atomic.h 2009-12-14 18:33:51.178173575 -0500
872 #define ATOMIC_INIT(i) { (i) }
874 #define atomic_read(v) ((v)->counter)
875 +#define atomic_read_unchecked(v) ((v)->counter)
876 #define atomic_set(v, i) (((v)->counter) = i)
877 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
879 #include <asm/system.h>
880 #include <linux/kernel.h>
881 @@ -25,7 +27,13 @@ static __inline__ int atomic_add_return(
885 +static __inline__ int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
887 + return atomic_add_return(i, (atomic_t *)v);
890 #define atomic_add(i, v) atomic_add_return(i, v)
891 +#define atomic_add_unchecked(i, v) atomic_add_return_unchecked(i, v)
892 #define atomic_add_negative(a, v) (atomic_add_return((a), (v)) < 0)
894 static __inline__ int atomic_sub_return(int i, atomic_t *v)
895 @@ -37,7 +45,13 @@ static __inline__ int atomic_sub_return(
899 +static __inline__ int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v)
901 + return atomic_sub_return(i, (atomic_t *)v);
904 #define atomic_sub(i, v) atomic_sub_return(i, v)
905 +#define atomic_sub_unchecked(i, v) atomic_sub_return_unchecked(i, v)
906 #define atomic_sub_and_test(i,v) (atomic_sub_return(i, v) == 0)
908 static __inline__ int atomic_inc_return(atomic_t *v)
909 @@ -50,7 +64,13 @@ static __inline__ int atomic_inc_return(
913 +static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v)
915 + return atomic_inc_return((atomic_t *)v);
918 #define atomic_inc(v) atomic_inc_return(v)
919 +#define atomic_inc_unchecked(v) atomic_inc_return_unchecked(v)
922 * atomic_inc_and_test - increment and test
923 diff -urNp linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c
924 --- linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c 2009-12-02 22:51:21.000000000 -0500
925 +++ linux-2.6.32.1/arch/ia64/hp/common/hwsw_iommu.c 2009-12-14 18:33:51.178173575 -0500
927 #include <linux/swiotlb.h>
928 #include <asm/machvec.h>
930 -extern struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
931 +extern const struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
933 /* swiotlb declarations & definitions: */
934 extern int swiotlb_late_init_with_default_size (size_t size);
935 @@ -33,7 +33,7 @@ static inline int use_swiotlb(struct dev
936 !sba_dma_ops.dma_supported(dev, *dev->dma_mask);
939 -struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
940 +const struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
942 if (use_swiotlb(dev))
943 return &swiotlb_dma_ops;
944 diff -urNp linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c
945 --- linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c 2009-12-02 22:51:21.000000000 -0500
946 +++ linux-2.6.32.1/arch/ia64/hp/common/sba_iommu.c 2009-12-14 18:33:51.302103882 -0500
947 @@ -2077,7 +2077,7 @@ static struct acpi_driver acpi_sba_ioc_d
951 -extern struct dma_map_ops swiotlb_dma_ops;
952 +extern const struct dma_map_ops swiotlb_dma_ops;
956 @@ -2191,7 +2191,7 @@ sba_page_override(char *str)
958 __setup("sbapagesize=",sba_page_override);
960 -struct dma_map_ops sba_dma_ops = {
961 +const struct dma_map_ops sba_dma_ops = {
962 .alloc_coherent = sba_alloc_coherent,
963 .free_coherent = sba_free_coherent,
964 .map_page = sba_map_page,
965 diff -urNp linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c
966 --- linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c 2009-12-02 22:51:21.000000000 -0500
967 +++ linux-2.6.32.1/arch/ia64/ia32/binfmt_elf32.c 2009-12-14 18:33:51.302103882 -0500
968 @@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
970 #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack))
972 +#ifdef CONFIG_PAX_ASLR
973 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
975 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
976 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
979 /* Ugly but avoids duplication */
980 #include "../../../fs/binfmt_elf.c"
982 diff -urNp linux-2.6.32.1/arch/ia64/ia32/ia32priv.h linux-2.6.32.1/arch/ia64/ia32/ia32priv.h
983 --- linux-2.6.32.1/arch/ia64/ia32/ia32priv.h 2009-12-02 22:51:21.000000000 -0500
984 +++ linux-2.6.32.1/arch/ia64/ia32/ia32priv.h 2009-12-14 18:33:51.302908495 -0500
985 @@ -296,7 +296,14 @@ typedef struct compat_siginfo {
986 #define ELF_DATA ELFDATA2LSB
987 #define ELF_ARCH EM_386
989 -#define IA32_STACK_TOP IA32_PAGE_OFFSET
990 +#ifdef CONFIG_PAX_RANDUSTACK
991 +#define __IA32_DELTA_STACK (current->mm->delta_stack)
993 +#define __IA32_DELTA_STACK 0UL
996 +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
998 #define IA32_GATE_OFFSET IA32_PAGE_OFFSET
999 #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE
1001 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/atomic.h linux-2.6.32.1/arch/ia64/include/asm/atomic.h
1002 --- linux-2.6.32.1/arch/ia64/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1003 +++ linux-2.6.32.1/arch/ia64/include/asm/atomic.h 2009-12-14 18:33:51.302908495 -0500
1005 #define ATOMIC64_INIT(i) ((atomic64_t) { (i) })
1007 #define atomic_read(v) ((v)->counter)
1008 +#define atomic_read_unchecked(v) ((v)->counter)
1009 #define atomic64_read(v) ((v)->counter)
1011 #define atomic_set(v,i) (((v)->counter) = (i))
1012 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
1013 #define atomic64_set(v,i) (((v)->counter) = (i))
1015 static __inline__ int
1016 @@ -201,8 +203,11 @@ atomic64_add_negative (__s64 i, atomic64
1017 #define atomic64_inc_and_test(v) (atomic64_add_return(1, (v)) == 0)
1019 #define atomic_add(i,v) atomic_add_return((i), (v))
1020 +#define atomic_add_unchecked(i,v) atomic_add((i), (atomic_t *)(v))
1021 #define atomic_sub(i,v) atomic_sub_return((i), (v))
1022 +#define atomic_sub_unchecked(i,v) atomic_sub((i), (atomic_t *)(v))
1023 #define atomic_inc(v) atomic_add(1, (v))
1024 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
1025 #define atomic_dec(v) atomic_sub(1, (v))
1027 #define atomic64_add(i,v) atomic64_add_return((i), (v))
1028 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h
1029 --- linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
1030 +++ linux-2.6.32.1/arch/ia64/include/asm/dma-mapping.h 2009-12-14 18:33:51.302908495 -0500
1033 #define ARCH_HAS_DMA_GET_REQUIRED_MASK
1035 -extern struct dma_map_ops *dma_ops;
1036 +extern const struct dma_map_ops *dma_ops;
1037 extern struct ia64_machine_vector ia64_mv;
1038 extern void set_iommu_machvec(void);
1040 @@ -24,7 +24,7 @@ extern void machvec_dma_sync_sg(struct d
1041 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
1042 dma_addr_t *daddr, gfp_t gfp)
1044 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1045 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1048 caddr = ops->alloc_coherent(dev, size, daddr, gfp);
1049 @@ -35,7 +35,7 @@ static inline void *dma_alloc_coherent(s
1050 static inline void dma_free_coherent(struct device *dev, size_t size,
1051 void *caddr, dma_addr_t daddr)
1053 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1054 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1055 debug_dma_free_coherent(dev, size, caddr, daddr);
1056 ops->free_coherent(dev, size, caddr, daddr);
1058 @@ -49,13 +49,13 @@ static inline void dma_free_coherent(str
1060 static inline int dma_mapping_error(struct device *dev, dma_addr_t daddr)
1062 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1063 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1064 return ops->mapping_error(dev, daddr);
1067 static inline int dma_supported(struct device *dev, u64 mask)
1069 - struct dma_map_ops *ops = platform_dma_get_ops(dev);
1070 + const struct dma_map_ops *ops = platform_dma_get_ops(dev);
1071 return ops->dma_supported(dev, mask);
1074 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/elf.h linux-2.6.32.1/arch/ia64/include/asm/elf.h
1075 --- linux-2.6.32.1/arch/ia64/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
1076 +++ linux-2.6.32.1/arch/ia64/include/asm/elf.h 2009-12-14 18:33:51.302908495 -0500
1079 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
1081 +#ifdef CONFIG_PAX_ASLR
1082 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
1084 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
1085 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
1088 #define PT_IA_64_UNWIND 0x70000001
1090 /* IA-64 relocations: */
1091 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/machvec.h linux-2.6.32.1/arch/ia64/include/asm/machvec.h
1092 --- linux-2.6.32.1/arch/ia64/include/asm/machvec.h 2009-12-02 22:51:21.000000000 -0500
1093 +++ linux-2.6.32.1/arch/ia64/include/asm/machvec.h 2009-12-14 18:33:51.325178548 -0500
1094 @@ -45,7 +45,7 @@ typedef void ia64_mv_kernel_launch_event
1095 /* DMA-mapping interface: */
1096 typedef void ia64_mv_dma_init (void);
1097 typedef u64 ia64_mv_dma_get_required_mask (struct device *);
1098 -typedef struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
1099 +typedef const struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
1102 * WARNING: The legacy I/O space is _architected_. Platforms are
1103 @@ -251,7 +251,7 @@ extern void machvec_init_from_cmdline(co
1104 # endif /* CONFIG_IA64_GENERIC */
1106 extern void swiotlb_dma_init(void);
1107 -extern struct dma_map_ops *dma_get_ops(struct device *);
1108 +extern const struct dma_map_ops *dma_get_ops(struct device *);
1111 * Define default versions so we can extend machvec for new platforms without having
1112 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/pgtable.h linux-2.6.32.1/arch/ia64/include/asm/pgtable.h
1113 --- linux-2.6.32.1/arch/ia64/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
1114 +++ linux-2.6.32.1/arch/ia64/include/asm/pgtable.h 2009-12-14 18:33:51.325178548 -0500
1115 @@ -143,6 +143,17 @@
1116 #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1117 #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1118 #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
1120 +#ifdef CONFIG_PAX_PAGEEXEC
1121 +# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
1122 +# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1123 +# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
1125 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
1126 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
1127 +# define PAGE_COPY_NOEXEC PAGE_COPY
1130 #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
1131 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
1132 #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
1133 diff -urNp linux-2.6.32.1/arch/ia64/include/asm/uaccess.h linux-2.6.32.1/arch/ia64/include/asm/uaccess.h
1134 --- linux-2.6.32.1/arch/ia64/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
1135 +++ linux-2.6.32.1/arch/ia64/include/asm/uaccess.h 2009-12-14 18:33:51.326163123 -0500
1136 @@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
1137 const void *__cu_from = (from); \
1138 long __cu_len = (n); \
1140 - if (__access_ok(__cu_to, __cu_len, get_fs())) \
1141 + if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) \
1142 __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
1145 @@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
1146 long __cu_len = (n); \
1148 __chk_user_ptr(__cu_from); \
1149 - if (__access_ok(__cu_from, __cu_len, get_fs())) \
1150 + if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) \
1151 __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \
1154 diff -urNp linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c
1155 --- linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c 2009-12-02 22:51:21.000000000 -0500
1156 +++ linux-2.6.32.1/arch/ia64/kernel/dma-mapping.c 2009-12-14 18:33:51.326163123 -0500
1158 /* Set this to 1 if there is a HW IOMMU in the system */
1159 int iommu_detected __read_mostly;
1161 -struct dma_map_ops *dma_ops;
1162 +const struct dma_map_ops *dma_ops;
1163 EXPORT_SYMBOL(dma_ops);
1165 #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16)
1166 @@ -16,7 +16,7 @@ static int __init dma_init(void)
1168 fs_initcall(dma_init);
1170 -struct dma_map_ops *dma_get_ops(struct device *dev)
1171 +const struct dma_map_ops *dma_get_ops(struct device *dev)
1175 diff -urNp linux-2.6.32.1/arch/ia64/kernel/module.c linux-2.6.32.1/arch/ia64/kernel/module.c
1176 --- linux-2.6.32.1/arch/ia64/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
1177 +++ linux-2.6.32.1/arch/ia64/kernel/module.c 2009-12-14 18:33:51.326163123 -0500
1178 @@ -315,8 +315,7 @@ module_alloc (unsigned long size)
1180 module_free (struct module *mod, void *module_region)
1182 - if (mod && mod->arch.init_unw_table &&
1183 - module_region == mod->module_init) {
1184 + if (mod && mod->arch.init_unw_table && module_region == mod->module_init_rx) {
1185 unw_remove_unwind_table(mod->arch.init_unw_table);
1186 mod->arch.init_unw_table = NULL;
1188 @@ -502,15 +501,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
1192 +in_init_rx (const struct module *mod, uint64_t addr)
1194 + return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
1198 +in_init_rw (const struct module *mod, uint64_t addr)
1200 + return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
1204 in_init (const struct module *mod, uint64_t addr)
1206 - return addr - (uint64_t) mod->module_init < mod->init_size;
1207 + return in_init_rx(mod, addr) || in_init_rw(mod, addr);
1211 +in_core_rx (const struct module *mod, uint64_t addr)
1213 + return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
1217 +in_core_rw (const struct module *mod, uint64_t addr)
1219 + return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
1223 in_core (const struct module *mod, uint64_t addr)
1225 - return addr - (uint64_t) mod->module_core < mod->core_size;
1226 + return in_core_rx(mod, addr) || in_core_rw(mod, addr);
1230 @@ -693,7 +716,14 @@ do_reloc (struct module *mod, uint8_t r_
1234 - val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
1235 + if (in_init_rx(mod, val))
1236 + val -= (uint64_t) mod->module_init_rx;
1237 + else if (in_init_rw(mod, val))
1238 + val -= (uint64_t) mod->module_init_rw;
1239 + else if (in_core_rx(mod, val))
1240 + val -= (uint64_t) mod->module_core_rx;
1241 + else if (in_core_rw(mod, val))
1242 + val -= (uint64_t) mod->module_core_rw;
1246 @@ -828,15 +858,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
1247 * addresses have been selected...
1250 - if (mod->core_size > MAX_LTOFF)
1251 + if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
1253 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
1254 * at the end of the module.
1256 - gp = mod->core_size - MAX_LTOFF / 2;
1257 + gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
1259 - gp = mod->core_size / 2;
1260 - gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
1261 + gp = (mod->core_size_rx + mod->core_size_rw) / 2;
1262 + gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
1264 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
1266 diff -urNp linux-2.6.32.1/arch/ia64/kernel/pci-dma.c linux-2.6.32.1/arch/ia64/kernel/pci-dma.c
1267 --- linux-2.6.32.1/arch/ia64/kernel/pci-dma.c 2009-12-02 22:51:21.000000000 -0500
1268 +++ linux-2.6.32.1/arch/ia64/kernel/pci-dma.c 2009-12-14 18:33:51.326163123 -0500
1269 @@ -43,7 +43,7 @@ struct device fallback_dev = {
1270 .dma_mask = &fallback_dev.coherent_dma_mask,
1273 -extern struct dma_map_ops intel_dma_ops;
1274 +extern const struct dma_map_ops intel_dma_ops;
1276 static int __init pci_iommu_init(void)
1278 diff -urNp linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c
1279 --- linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c 2009-12-02 22:51:21.000000000 -0500
1280 +++ linux-2.6.32.1/arch/ia64/kernel/pci-swiotlb.c 2009-12-14 18:33:51.327164518 -0500
1281 @@ -21,7 +21,7 @@ static void *ia64_swiotlb_alloc_coherent
1282 return swiotlb_alloc_coherent(dev, size, dma_handle, gfp);
1285 -struct dma_map_ops swiotlb_dma_ops = {
1286 +const struct dma_map_ops swiotlb_dma_ops = {
1287 .alloc_coherent = ia64_swiotlb_alloc_coherent,
1288 .free_coherent = swiotlb_free_coherent,
1289 .map_page = swiotlb_map_page,
1290 diff -urNp linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c
1291 --- linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c 2009-12-02 22:51:21.000000000 -0500
1292 +++ linux-2.6.32.1/arch/ia64/kernel/sys_ia64.c 2009-12-14 18:33:51.327164518 -0500
1293 @@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
1294 if (REGION_NUMBER(addr) == RGN_HPAGE)
1298 +#ifdef CONFIG_PAX_RANDMMAP
1299 + if (mm->pax_flags & MF_PAX_RANDMMAP)
1300 + addr = mm->free_area_cache;
1305 addr = mm->free_area_cache;
1307 @@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
1308 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
1309 /* At this point: (!vma || addr < vma->vm_end). */
1310 if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
1311 - if (start_addr != TASK_UNMAPPED_BASE) {
1312 + if (start_addr != mm->mmap_base) {
1313 /* Start a new search --- just in case we missed some holes. */
1314 - addr = TASK_UNMAPPED_BASE;
1315 + addr = mm->mmap_base;
1319 diff -urNp linux-2.6.32.1/arch/ia64/kernel/topology.c linux-2.6.32.1/arch/ia64/kernel/topology.c
1320 --- linux-2.6.32.1/arch/ia64/kernel/topology.c 2009-12-02 22:51:21.000000000 -0500
1321 +++ linux-2.6.32.1/arch/ia64/kernel/topology.c 2009-12-14 18:33:51.327164518 -0500
1322 @@ -282,7 +282,7 @@ static ssize_t cache_show(struct kobject
1326 -static struct sysfs_ops cache_sysfs_ops = {
1327 +static const struct sysfs_ops cache_sysfs_ops = {
1331 diff -urNp linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S
1332 --- linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S 2009-12-02 22:51:21.000000000 -0500
1333 +++ linux-2.6.32.1/arch/ia64/kernel/vmlinux.lds.S 2009-12-14 18:33:51.327774824 -0500
1334 @@ -190,7 +190,7 @@ SECTIONS
1336 . = ALIGN(PERCPU_PAGE_SIZE);
1337 PERCPU_VADDR(PERCPU_ADDR, :percpu)
1338 - __phys_per_cpu_start = __per_cpu_load;
1339 + __phys_per_cpu_start = per_cpu_load;
1340 . = __phys_per_cpu_start + PERCPU_PAGE_SIZE; /* ensure percpu data fits
1341 * into percpu page size
1343 diff -urNp linux-2.6.32.1/arch/ia64/mm/fault.c linux-2.6.32.1/arch/ia64/mm/fault.c
1344 --- linux-2.6.32.1/arch/ia64/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
1345 +++ linux-2.6.32.1/arch/ia64/mm/fault.c 2009-12-14 18:33:51.327774824 -0500
1346 @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned
1347 return pte_present(pte);
1350 +#ifdef CONFIG_PAX_PAGEEXEC
1351 +void pax_report_insns(void *pc, void *sp)
1355 + printk(KERN_ERR "PAX: bytes at PC: ");
1356 + for (i = 0; i < 8; i++) {
1358 + if (get_user(c, (unsigned int *)pc+i))
1359 + printk(KERN_CONT "???????? ");
1361 + printk(KERN_CONT "%08x ", c);
1368 ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
1370 @@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long addres
1371 mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
1372 | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
1374 - if ((vma->vm_flags & mask) != mask)
1375 + if ((vma->vm_flags & mask) != mask) {
1377 +#ifdef CONFIG_PAX_PAGEEXEC
1378 + if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
1379 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
1382 + up_read(&mm->mmap_sem);
1383 + pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
1384 + do_group_exit(SIGKILL);
1394 * If for any reason at all we couldn't handle the fault, make
1395 diff -urNp linux-2.6.32.1/arch/ia64/mm/init.c linux-2.6.32.1/arch/ia64/mm/init.c
1396 --- linux-2.6.32.1/arch/ia64/mm/init.c 2009-12-02 22:51:21.000000000 -0500
1397 +++ linux-2.6.32.1/arch/ia64/mm/init.c 2009-12-14 18:33:51.327774824 -0500
1398 @@ -122,6 +122,19 @@ ia64_init_addr_space (void)
1399 vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
1400 vma->vm_end = vma->vm_start + PAGE_SIZE;
1401 vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
1403 +#ifdef CONFIG_PAX_PAGEEXEC
1404 + if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
1405 + vma->vm_flags &= ~VM_EXEC;
1407 +#ifdef CONFIG_PAX_MPROTECT
1408 + if (current->mm->pax_flags & MF_PAX_MPROTECT)
1409 + vma->vm_flags &= ~VM_MAYEXEC;
1415 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1416 down_write(¤t->mm->mmap_sem);
1417 if (insert_vm_struct(current->mm, vma)) {
1418 diff -urNp linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c
1419 --- linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c 2009-12-02 22:51:21.000000000 -0500
1420 +++ linux-2.6.32.1/arch/ia64/sn/pci/pci_dma.c 2009-12-14 18:33:51.327774824 -0500
1421 @@ -464,7 +464,7 @@ int sn_pci_legacy_write(struct pci_bus *
1425 -static struct dma_map_ops sn_dma_ops = {
1426 +static const struct dma_map_ops sn_dma_ops = {
1427 .alloc_coherent = sn_dma_alloc_coherent,
1428 .free_coherent = sn_dma_free_coherent,
1429 .map_page = sn_dma_map_page,
1430 diff -urNp linux-2.6.32.1/arch/m32r/include/asm/atomic.h linux-2.6.32.1/arch/m32r/include/asm/atomic.h
1431 --- linux-2.6.32.1/arch/m32r/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1432 +++ linux-2.6.32.1/arch/m32r/include/asm/atomic.h 2009-12-14 18:33:51.327774824 -0500
1434 #define atomic_read(v) ((v)->counter)
1437 + * atomic_read_unchecked - read atomic variable
1438 + * @v: pointer of type atomic_unchecked_t
1440 + * Atomically reads the value of @v.
1442 +#define atomic_read_unchecked(v) ((v)->counter)
1445 * atomic_set - set atomic variable
1446 * @v: pointer of type atomic_t
1447 * @i: required value
1449 #define atomic_set(v,i) (((v)->counter) = (i))
1452 + * atomic_set_unchecked - set atomic variable
1453 + * @v: pointer of type atomic_unchecked_t
1454 + * @i: required value
1456 + * Atomically sets the value of @v to @i.
1458 +#define atomic_set_unchecked(v,i) (((v)->counter) = (i))
1461 * atomic_add_return - add integer to atomic variable and return it
1462 * @i: integer value to add
1463 * @v: pointer of type atomic_t
1464 @@ -308,6 +325,10 @@ static __inline__ void atomic_set_mask(u
1465 local_irq_restore(flags);
1468 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
1469 +#define atomic_add_unchecked(i,v) atomic_add((i),(atomic_t *)(v))
1470 +#define atomic_sub_unchecked(i,v) atomic_sub((i),(atomic_t *)(v))
1472 /* Atomic operations are already serializing on m32r */
1473 #define smp_mb__before_atomic_dec() barrier()
1474 #define smp_mb__after_atomic_dec() barrier()
1475 diff -urNp linux-2.6.32.1/arch/m32r/lib/usercopy.c linux-2.6.32.1/arch/m32r/lib/usercopy.c
1476 --- linux-2.6.32.1/arch/m32r/lib/usercopy.c 2009-12-02 22:51:21.000000000 -0500
1477 +++ linux-2.6.32.1/arch/m32r/lib/usercopy.c 2009-12-14 18:33:51.329164039 -0500
1480 __generic_copy_to_user(void __user *to, const void *from, unsigned long n)
1486 if (access_ok(VERIFY_WRITE, to, n))
1487 __copy_user(to,from,n);
1488 @@ -23,6 +26,9 @@ __generic_copy_to_user(void __user *to,
1490 __generic_copy_from_user(void *to, const void __user *from, unsigned long n)
1496 if (access_ok(VERIFY_READ, from, n))
1497 __copy_user_zeroing(to,from,n);
1498 diff -urNp linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h
1499 --- linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h 2009-12-02 22:51:21.000000000 -0500
1500 +++ linux-2.6.32.1/arch/m68k/include/asm/atomic_mm.h 2009-12-14 18:33:51.445181863 -0500
1502 #define ATOMIC_INIT(i) { (i) }
1504 #define atomic_read(v) ((v)->counter)
1505 +#define atomic_read_unchecked(v) ((v)->counter)
1506 #define atomic_set(v, i) (((v)->counter) = i)
1507 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
1509 static inline void atomic_add(int i, atomic_t *v)
1511 __asm__ __volatile__("addl %1,%0" : "+m" (*v) : "id" (i));
1514 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
1516 + atomic_add(i, (atomic_t *)v);
1519 static inline void atomic_sub(int i, atomic_t *v)
1521 __asm__ __volatile__("subl %1,%0" : "+m" (*v) : "id" (i));
1524 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
1526 + atomic_sub(i, (atomic_t *)v);
1529 static inline void atomic_inc(atomic_t *v)
1531 __asm__ __volatile__("addql #1,%0" : "+m" (*v));
1534 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
1536 + atomic_inc((atomic_t *)v);
1539 static inline void atomic_dec(atomic_t *v)
1541 __asm__ __volatile__("subql #1,%0" : "+m" (*v));
1542 diff -urNp linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h
1543 --- linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h 2009-12-02 22:51:21.000000000 -0500
1544 +++ linux-2.6.32.1/arch/m68k/include/asm/atomic_no.h 2009-12-14 18:33:51.445181863 -0500
1546 #define ATOMIC_INIT(i) { (i) }
1548 #define atomic_read(v) ((v)->counter)
1549 +#define atomic_read_unchecked(v) ((v)->counter)
1550 #define atomic_set(v, i) (((v)->counter) = i)
1551 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
1553 static __inline__ void atomic_add(int i, atomic_t *v)
1555 @@ -27,6 +29,11 @@ static __inline__ void atomic_add(int i,
1559 +static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t *v)
1561 + atomic_add(i, (atomic_t *)v);
1564 static __inline__ void atomic_sub(int i, atomic_t *v)
1566 #ifdef CONFIG_COLDFIRE
1567 @@ -36,6 +43,11 @@ static __inline__ void atomic_sub(int i,
1571 +static __inline__ void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
1573 + atomic_sub(i, (atomic_t *)v);
1576 static __inline__ int atomic_sub_and_test(int i, atomic_t * v)
1579 @@ -56,6 +68,11 @@ static __inline__ void atomic_inc(volati
1580 __asm__ __volatile__("addql #1,%0" : "+m" (*v));
1583 +static __inline__ void atomic_inc_unchecked(volatile atomic_unchecked_t *v)
1585 + atomic_inc((volatile atomic_t *)v);
1589 * atomic_inc_and_test - increment and test
1590 * @v: pointer of type atomic_t
1591 diff -urNp linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c
1592 --- linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c 2009-12-02 22:51:21.000000000 -0500
1593 +++ linux-2.6.32.1/arch/mips/alchemy/devboards/pm.c 2009-12-14 18:33:51.446179829 -0500
1594 @@ -78,7 +78,7 @@ static void db1x_pm_end(void)
1598 -static struct platform_suspend_ops db1x_pm_ops = {
1599 +static const struct platform_suspend_ops db1x_pm_ops = {
1600 .valid = suspend_valid_only_mem,
1601 .begin = db1x_pm_begin,
1602 .enter = db1x_pm_enter,
1603 diff -urNp linux-2.6.32.1/arch/mips/include/asm/atomic.h linux-2.6.32.1/arch/mips/include/asm/atomic.h
1604 --- linux-2.6.32.1/arch/mips/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1605 +++ linux-2.6.32.1/arch/mips/include/asm/atomic.h 2009-12-14 18:33:51.446179829 -0500
1607 #define atomic_read(v) ((v)->counter)
1610 + * atomic_read_unchecked - read atomic variable
1611 + * @v: pointer of type atomic_unchecked_t
1613 + * Atomically reads the value of @v.
1615 +#define atomic_read_unchecked(v) ((v)->counter)
1618 * atomic_set - set atomic variable
1619 * @v: pointer of type atomic_t
1620 * @i: required value
1622 #define atomic_set(v, i) ((v)->counter = (i))
1625 + * atomic_set_unchecked - set atomic variable
1626 + * @v: pointer of type atomic_unchecked_t
1627 + * @i: required value
1629 + * Atomically sets the value of @v to @i.
1631 +#define atomic_set_unchecked(v, i) ((v)->counter = (i))
1634 * atomic_add - add integer to atomic variable
1635 * @i: integer value to add
1636 * @v: pointer of type atomic_t
1637 @@ -381,6 +398,9 @@ static __inline__ int atomic_add_unless(
1638 * Atomically increments @v by 1.
1640 #define atomic_inc(v) atomic_add(1, (v))
1641 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
1642 +#define atomic_add_unchecked(i, v) atomic_add((i), (atomic_t *)(v))
1643 +#define atomic_sub_unchecked(i, v) atomic_sub((i), (atomic_t *)(v))
1646 * atomic_dec - decrement and test
1647 diff -urNp linux-2.6.32.1/arch/mips/include/asm/elf.h linux-2.6.32.1/arch/mips/include/asm/elf.h
1648 --- linux-2.6.32.1/arch/mips/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
1649 +++ linux-2.6.32.1/arch/mips/include/asm/elf.h 2009-12-14 18:33:51.446179829 -0500
1650 @@ -368,4 +368,11 @@ extern int dump_task_fpu(struct task_str
1651 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
1654 +#ifdef CONFIG_PAX_ASLR
1655 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1657 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1658 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1661 #endif /* _ASM_ELF_H */
1662 diff -urNp linux-2.6.32.1/arch/mips/include/asm/page.h linux-2.6.32.1/arch/mips/include/asm/page.h
1663 --- linux-2.6.32.1/arch/mips/include/asm/page.h 2009-12-02 22:51:21.000000000 -0500
1664 +++ linux-2.6.32.1/arch/mips/include/asm/page.h 2009-12-14 18:33:51.446179829 -0500
1665 @@ -93,7 +93,7 @@ extern void copy_user_highpage(struct pa
1666 #ifdef CONFIG_CPU_MIPS32
1667 typedef struct { unsigned long pte_low, pte_high; } pte_t;
1668 #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
1669 - #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
1670 + #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
1672 typedef struct { unsigned long long pte; } pte_t;
1673 #define pte_val(x) ((x).pte)
1674 diff -urNp linux-2.6.32.1/arch/mips/include/asm/system.h linux-2.6.32.1/arch/mips/include/asm/system.h
1675 --- linux-2.6.32.1/arch/mips/include/asm/system.h 2009-12-02 22:51:21.000000000 -0500
1676 +++ linux-2.6.32.1/arch/mips/include/asm/system.h 2009-12-14 18:33:51.446179829 -0500
1677 @@ -230,6 +230,6 @@ extern void per_cpu_trap_init(void);
1679 #define __ARCH_WANT_UNLOCKED_CTXSW
1681 -extern unsigned long arch_align_stack(unsigned long sp);
1682 +#define arch_align_stack(x) ((x) & ALMASK)
1684 #endif /* _ASM_SYSTEM_H */
1685 diff -urNp linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c
1686 --- linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c 2009-12-02 22:51:21.000000000 -0500
1687 +++ linux-2.6.32.1/arch/mips/kernel/binfmt_elfn32.c 2009-12-14 18:33:51.447180802 -0500
1688 @@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1689 #undef ELF_ET_DYN_BASE
1690 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1692 +#ifdef CONFIG_PAX_ASLR
1693 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1695 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1696 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1699 #include <asm/processor.h>
1700 #include <linux/module.h>
1701 #include <linux/elfcore.h>
1702 diff -urNp linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c
1703 --- linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c 2009-12-02 22:51:21.000000000 -0500
1704 +++ linux-2.6.32.1/arch/mips/kernel/binfmt_elfo32.c 2009-12-14 18:33:51.447180802 -0500
1705 @@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1706 #undef ELF_ET_DYN_BASE
1707 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1709 +#ifdef CONFIG_PAX_ASLR
1710 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1712 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1713 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1716 #include <asm/processor.h>
1719 diff -urNp linux-2.6.32.1/arch/mips/kernel/kgdb.c linux-2.6.32.1/arch/mips/kernel/kgdb.c
1720 --- linux-2.6.32.1/arch/mips/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
1721 +++ linux-2.6.32.1/arch/mips/kernel/kgdb.c 2009-12-14 18:33:51.447180802 -0500
1722 @@ -245,6 +245,7 @@ int kgdb_arch_handle_exception(int vecto
1726 +/* cannot be const */
1727 struct kgdb_arch arch_kgdb_ops;
1730 diff -urNp linux-2.6.32.1/arch/mips/kernel/process.c linux-2.6.32.1/arch/mips/kernel/process.c
1731 --- linux-2.6.32.1/arch/mips/kernel/process.c 2009-12-02 22:51:21.000000000 -0500
1732 +++ linux-2.6.32.1/arch/mips/kernel/process.c 2009-12-14 18:33:51.452179193 -0500
1733 @@ -470,15 +470,3 @@ unsigned long get_wchan(struct task_stru
1739 - * Don't forget that the stack pointer must be aligned on a 8 bytes
1740 - * boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
1742 -unsigned long arch_align_stack(unsigned long sp)
1744 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1745 - sp -= get_random_int() & ~PAGE_MASK;
1747 - return sp & ALMASK;
1749 diff -urNp linux-2.6.32.1/arch/mips/kernel/syscall.c linux-2.6.32.1/arch/mips/kernel/syscall.c
1750 --- linux-2.6.32.1/arch/mips/kernel/syscall.c 2009-12-02 22:51:21.000000000 -0500
1751 +++ linux-2.6.32.1/arch/mips/kernel/syscall.c 2009-12-14 18:33:51.452742593 -0500
1752 @@ -101,6 +101,11 @@ unsigned long arch_get_unmapped_area(str
1754 if (filp || (flags & MAP_SHARED))
1757 +#ifdef CONFIG_PAX_RANDMMAP
1758 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
1763 addr = COLOUR_ALIGN(addr, pgoff);
1764 @@ -111,7 +116,7 @@ unsigned long arch_get_unmapped_area(str
1765 (!vmm || addr + len <= vmm->vm_start))
1768 - addr = TASK_UNMAPPED_BASE;
1769 + addr = current->mm->mmap_base;
1771 addr = COLOUR_ALIGN(addr, pgoff);
1773 diff -urNp linux-2.6.32.1/arch/mips/mm/fault.c linux-2.6.32.1/arch/mips/mm/fault.c
1774 --- linux-2.6.32.1/arch/mips/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
1775 +++ linux-2.6.32.1/arch/mips/mm/fault.c 2009-12-14 18:33:51.452742593 -0500
1777 #include <asm/ptrace.h>
1778 #include <asm/highmem.h> /* For VMALLOC_END */
1780 +#ifdef CONFIG_PAX_PAGEEXEC
1781 +void pax_report_insns(void *pc)
1785 + printk(KERN_ERR "PAX: bytes at PC: ");
1786 + for (i = 0; i < 5; i++) {
1788 + if (get_user(c, (unsigned int *)pc+i))
1789 + printk(KERN_CONT "???????? ");
1791 + printk(KERN_CONT "%08x ", c);
1798 * This routine handles page faults. It determines the address,
1799 * and the problem, and then passes it off to one of the appropriate
1800 diff -urNp linux-2.6.32.1/arch/mn10300/include/asm/atomic.h linux-2.6.32.1/arch/mn10300/include/asm/atomic.h
1801 --- linux-2.6.32.1/arch/mn10300/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1802 +++ linux-2.6.32.1/arch/mn10300/include/asm/atomic.h 2009-12-14 18:33:51.452742593 -0500
1804 #define atomic_read(v) ((v)->counter)
1807 + * atomic_read_unchecked - read atomic variable
1808 + * @v: pointer of type atomic_unchecked_t
1810 + * Atomically reads the value of @v. Note that the guaranteed
1811 + * useful range of an atomic_unchecked_t is only 24 bits.
1813 +#define atomic_read_unchecked(v) ((v)->counter)
1816 * atomic_set - set atomic variable
1817 * @v: pointer of type atomic_t
1818 * @i: required value
1821 #define atomic_set(v, i) (((v)->counter) = (i))
1824 + * atomic_set_unchecked - set atomic variable
1825 + * @v: pointer of type atomic_unchecked_t
1826 + * @i: required value
1828 + * Atomically sets the value of @v to @i. Note that the guaranteed
1829 + * useful range of an atomic_unchecked_t is only 24 bits.
1831 +#define atomic_set_unchecked(v, i) (((v)->counter) = (i))
1833 #include <asm/system.h>
1836 @@ -99,16 +118,31 @@ static inline void atomic_add(int i, ato
1837 atomic_add_return(i, v);
1840 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
1842 + atomic_add_return(i, (atomic_t *)v);
1845 static inline void atomic_sub(int i, atomic_t *v)
1847 atomic_sub_return(i, v);
1850 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
1852 + atomic_sub_return(i, (atomic_t *)v);
1855 static inline void atomic_inc(atomic_t *v)
1857 atomic_add_return(1, v);
1860 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
1862 + atomic_add_return(1, (atomic_t *)v);
1865 static inline void atomic_dec(atomic_t *v)
1867 atomic_sub_return(1, v);
1868 diff -urNp linux-2.6.32.1/arch/parisc/include/asm/atomic.h linux-2.6.32.1/arch/parisc/include/asm/atomic.h
1869 --- linux-2.6.32.1/arch/parisc/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
1870 +++ linux-2.6.32.1/arch/parisc/include/asm/atomic.h 2009-12-14 18:33:51.452742593 -0500
1871 @@ -177,6 +177,18 @@ static __inline__ int __atomic_add_retur
1875 +static __inline__ int __atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
1878 + unsigned long flags;
1879 + _atomic_spin_lock_irqsave(v, flags);
1881 + ret = (v->counter += i);
1883 + _atomic_spin_unlock_irqrestore(v, flags);
1887 static __inline__ void atomic_set(atomic_t *v, int i)
1889 unsigned long flags;
1890 @@ -187,11 +199,26 @@ static __inline__ void atomic_set(atomic
1891 _atomic_spin_unlock_irqrestore(v, flags);
1894 +static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
1896 + unsigned long flags;
1897 + _atomic_spin_lock_irqsave(v, flags);
1901 + _atomic_spin_unlock_irqrestore(v, flags);
1904 static __inline__ int atomic_read(const atomic_t *v)
1909 +static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
1911 + return v->counter;
1914 /* exported interface */
1915 #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
1916 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
1917 @@ -223,8 +250,11 @@ static __inline__ int atomic_add_unless(
1918 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
1920 #define atomic_add(i,v) ((void)(__atomic_add_return( (i),(v))))
1921 +#define atomic_add_unchecked(i,v) ((void)(__atomic_add_return_unchecked( ((i),(v))))
1922 #define atomic_sub(i,v) ((void)(__atomic_add_return(-(i),(v))))
1923 +#define atomic_sub_unchecked(i,v) ((void)(__atomic_add_return_unchecked(-(i),(v))))
1924 #define atomic_inc(v) ((void)(__atomic_add_return( 1,(v))))
1925 +#define atomic_inc_unchecked(v) ((void)(__atomic_add_return_unchecked( 1,(v))))
1926 #define atomic_dec(v) ((void)(__atomic_add_return( -1,(v))))
1928 #define atomic_add_return(i,v) (__atomic_add_return( (i),(v)))
1929 diff -urNp linux-2.6.32.1/arch/parisc/include/asm/elf.h linux-2.6.32.1/arch/parisc/include/asm/elf.h
1930 --- linux-2.6.32.1/arch/parisc/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
1931 +++ linux-2.6.32.1/arch/parisc/include/asm/elf.h 2009-12-14 18:33:51.463795738 -0500
1932 @@ -343,6 +343,13 @@ struct pt_regs; /* forward declaration..
1934 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
1936 +#ifdef CONFIG_PAX_ASLR
1937 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
1939 +#define PAX_DELTA_MMAP_LEN 16
1940 +#define PAX_DELTA_STACK_LEN 16
1943 /* This yields a mask that user programs can use to figure out what
1944 instruction set this CPU supports. This could be done in user space,
1945 but it's not easy, and we've already done it here. */
1946 diff -urNp linux-2.6.32.1/arch/parisc/include/asm/pgtable.h linux-2.6.32.1/arch/parisc/include/asm/pgtable.h
1947 --- linux-2.6.32.1/arch/parisc/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
1948 +++ linux-2.6.32.1/arch/parisc/include/asm/pgtable.h 2009-12-14 18:33:51.463795738 -0500
1949 @@ -207,6 +207,17 @@
1950 #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
1951 #define PAGE_COPY PAGE_EXECREAD
1952 #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
1954 +#ifdef CONFIG_PAX_PAGEEXEC
1955 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
1956 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1957 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1959 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
1960 +# define PAGE_COPY_NOEXEC PAGE_COPY
1961 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
1964 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
1965 #define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
1966 #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
1967 diff -urNp linux-2.6.32.1/arch/parisc/kernel/module.c linux-2.6.32.1/arch/parisc/kernel/module.c
1968 --- linux-2.6.32.1/arch/parisc/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
1969 +++ linux-2.6.32.1/arch/parisc/kernel/module.c 2009-12-14 18:33:51.463795738 -0500
1972 /* three functions to determine where in the module core
1973 * or init pieces the location is */
1974 +static inline int in_init_rx(struct module *me, void *loc)
1976 + return (loc >= me->module_init_rx &&
1977 + loc < (me->module_init_rx + me->init_size_rx));
1980 +static inline int in_init_rw(struct module *me, void *loc)
1982 + return (loc >= me->module_init_rw &&
1983 + loc < (me->module_init_rw + me->init_size_rw));
1986 static inline int in_init(struct module *me, void *loc)
1988 - return (loc >= me->module_init &&
1989 - loc <= (me->module_init + me->init_size));
1990 + return in_init_rx(me, loc) || in_init_rw(me, loc);
1993 +static inline int in_core_rx(struct module *me, void *loc)
1995 + return (loc >= me->module_core_rx &&
1996 + loc < (me->module_core_rx + me->core_size_rx));
1999 +static inline int in_core_rw(struct module *me, void *loc)
2001 + return (loc >= me->module_core_rw &&
2002 + loc < (me->module_core_rw + me->core_size_rw));
2005 static inline int in_core(struct module *me, void *loc)
2007 - return (loc >= me->module_core &&
2008 - loc <= (me->module_core + me->core_size));
2009 + return in_core_rx(me, loc) || in_core_rw(me, loc);
2012 static inline int in_local(struct module *me, void *loc)
2013 @@ -364,13 +386,13 @@ int module_frob_arch_sections(CONST Elf_
2016 /* align things a bit */
2017 - me->core_size = ALIGN(me->core_size, 16);
2018 - me->arch.got_offset = me->core_size;
2019 - me->core_size += gots * sizeof(struct got_entry);
2021 - me->core_size = ALIGN(me->core_size, 16);
2022 - me->arch.fdesc_offset = me->core_size;
2023 - me->core_size += fdescs * sizeof(Elf_Fdesc);
2024 + me->core_size_rw = ALIGN(me->core_size_rw, 16);
2025 + me->arch.got_offset = me->core_size_rw;
2026 + me->core_size_rw += gots * sizeof(struct got_entry);
2028 + me->core_size_rw = ALIGN(me->core_size_rw, 16);
2029 + me->arch.fdesc_offset = me->core_size_rw;
2030 + me->core_size_rw += fdescs * sizeof(Elf_Fdesc);
2032 me->arch.got_max = gots;
2033 me->arch.fdesc_max = fdescs;
2034 @@ -388,7 +410,7 @@ static Elf64_Word get_got(struct module
2038 - got = me->module_core + me->arch.got_offset;
2039 + got = me->module_core_rw + me->arch.got_offset;
2040 for (i = 0; got[i].addr; i++)
2041 if (got[i].addr == value)
2043 @@ -406,7 +428,7 @@ static Elf64_Word get_got(struct module
2045 static Elf_Addr get_fdesc(struct module *me, unsigned long value)
2047 - Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset;
2048 + Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset;
2051 printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
2052 @@ -424,7 +446,7 @@ static Elf_Addr get_fdesc(struct module
2054 /* Create new one */
2055 fdesc->addr = value;
2056 - fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset;
2057 + fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
2058 return (Elf_Addr)fdesc;
2060 #endif /* CONFIG_64BIT */
2061 @@ -848,7 +870,7 @@ register_unwind_table(struct module *me,
2063 table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
2064 end = table + sechdrs[me->arch.unwind_section].sh_size;
2065 - gp = (Elf_Addr)me->module_core + me->arch.got_offset;
2066 + gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
2068 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
2069 me->arch.unwind_section, table, end, gp);
2070 diff -urNp linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c
2071 --- linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c 2009-12-02 22:51:21.000000000 -0500
2072 +++ linux-2.6.32.1/arch/parisc/kernel/sys_parisc.c 2009-12-14 18:33:51.463795738 -0500
2073 @@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
2074 if (flags & MAP_FIXED)
2077 - addr = TASK_UNMAPPED_BASE;
2078 + addr = current->mm->mmap_base;
2081 addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
2082 diff -urNp linux-2.6.32.1/arch/parisc/kernel/traps.c linux-2.6.32.1/arch/parisc/kernel/traps.c
2083 --- linux-2.6.32.1/arch/parisc/kernel/traps.c 2009-12-02 22:51:21.000000000 -0500
2084 +++ linux-2.6.32.1/arch/parisc/kernel/traps.c 2009-12-14 18:33:51.463795738 -0500
2085 @@ -733,9 +733,7 @@ void notrace handle_interruption(int cod
2087 down_read(¤t->mm->mmap_sem);
2088 vma = find_vma(current->mm,regs->iaoq[0]);
2089 - if (vma && (regs->iaoq[0] >= vma->vm_start)
2090 - && (vma->vm_flags & VM_EXEC)) {
2092 + if (vma && (regs->iaoq[0] >= vma->vm_start)) {
2093 fault_address = regs->iaoq[0];
2094 fault_space = regs->iasq[0];
2096 diff -urNp linux-2.6.32.1/arch/parisc/mm/fault.c linux-2.6.32.1/arch/parisc/mm/fault.c
2097 --- linux-2.6.32.1/arch/parisc/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
2098 +++ linux-2.6.32.1/arch/parisc/mm/fault.c 2009-12-14 18:33:51.465187119 -0500
2100 #include <linux/sched.h>
2101 #include <linux/interrupt.h>
2102 #include <linux/module.h>
2103 +#include <linux/unistd.h>
2105 #include <asm/uaccess.h>
2106 #include <asm/traps.h>
2107 @@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, ex
2108 static unsigned long
2109 parisc_acctyp(unsigned long code, unsigned int inst)
2111 - if (code == 6 || code == 16)
2112 + if (code == 6 || code == 7 || code == 16)
2115 switch (inst & 0xf0000000) {
2116 @@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsign
2120 +#ifdef CONFIG_PAX_PAGEEXEC
2122 + * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
2124 + * returns 1 when task should be killed
2125 + * 2 when rt_sigreturn trampoline was detected
2126 + * 3 when unpatched PLT trampoline was detected
2128 +static int pax_handle_fetch_fault(struct pt_regs *regs)
2131 +#ifdef CONFIG_PAX_EMUPLT
2134 + do { /* PaX: unpatched PLT emulation */
2135 + unsigned int bl, depwi;
2137 + err = get_user(bl, (unsigned int *)instruction_pointer(regs));
2138 + err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4));
2143 + if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
2144 + unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
2146 + err = get_user(ldw, (unsigned int *)addr);
2147 + err |= get_user(bv, (unsigned int *)(addr+4));
2148 + err |= get_user(ldw2, (unsigned int *)(addr+8));
2153 + if (ldw == 0x0E801096U &&
2154 + bv == 0xEAC0C000U &&
2155 + ldw2 == 0x0E881095U)
2157 + unsigned int resolver, map;
2159 + err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8));
2160 + err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12));
2164 + regs->gr[20] = instruction_pointer(regs)+8;
2165 + regs->gr[21] = map;
2166 + regs->gr[22] = resolver;
2167 + regs->iaoq[0] = resolver | 3UL;
2168 + regs->iaoq[1] = regs->iaoq[0] + 4;
2175 +#ifdef CONFIG_PAX_EMUTRAMP
2177 +#ifndef CONFIG_PAX_EMUSIGRT
2178 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
2182 + do { /* PaX: rt_sigreturn emulation */
2183 + unsigned int ldi1, ldi2, bel, nop;
2185 + err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
2186 + err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
2187 + err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
2188 + err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
2193 + if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
2194 + ldi2 == 0x3414015AU &&
2195 + bel == 0xE4008200U &&
2196 + nop == 0x08000240U)
2198 + regs->gr[25] = (ldi1 & 2) >> 1;
2199 + regs->gr[20] = __NR_rt_sigreturn;
2200 + regs->gr[31] = regs->iaoq[1] + 16;
2201 + regs->sr[0] = regs->iasq[1];
2202 + regs->iaoq[0] = 0x100UL;
2203 + regs->iaoq[1] = regs->iaoq[0] + 4;
2204 + regs->iasq[0] = regs->sr[2];
2205 + regs->iasq[1] = regs->sr[2];
2214 +void pax_report_insns(void *pc, void *sp)
2218 + printk(KERN_ERR "PAX: bytes at PC: ");
2219 + for (i = 0; i < 5; i++) {
2221 + if (get_user(c, (unsigned int *)pc+i))
2222 + printk(KERN_CONT "???????? ");
2224 + printk(KERN_CONT "%08x ", c);
2230 int fixup_exception(struct pt_regs *regs)
2232 const struct exception_table_entry *fix;
2233 @@ -192,8 +303,33 @@ good_area:
2235 acc_type = parisc_acctyp(code,regs->iir);
2237 - if ((vma->vm_flags & acc_type) != acc_type)
2238 + if ((vma->vm_flags & acc_type) != acc_type) {
2240 +#ifdef CONFIG_PAX_PAGEEXEC
2241 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
2242 + (address & ~3UL) == instruction_pointer(regs))
2244 + up_read(&mm->mmap_sem);
2245 + switch (pax_handle_fetch_fault(regs)) {
2247 +#ifdef CONFIG_PAX_EMUPLT
2252 +#ifdef CONFIG_PAX_EMUTRAMP
2258 + pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]);
2259 + do_group_exit(SIGKILL);
2267 * If for any reason at all we couldn't handle the fault, make
2268 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/atomic.h linux-2.6.32.1/arch/powerpc/include/asm/atomic.h
2269 --- linux-2.6.32.1/arch/powerpc/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
2270 +++ linux-2.6.32.1/arch/powerpc/include/asm/atomic.h 2009-12-14 18:33:51.465187119 -0500
2271 @@ -24,11 +24,21 @@ static __inline__ int atomic_read(const
2275 +static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
2277 + return atomic_read((const atomic_t *)v);
2280 static __inline__ void atomic_set(atomic_t *v, int i)
2282 __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
2285 +static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
2287 + atomic_set((atomic_t *)v, i);
2290 static __inline__ void atomic_add(int a, atomic_t *v)
2293 @@ -44,6 +54,11 @@ static __inline__ void atomic_add(int a,
2297 +static __inline__ void atomic_add_unchecked(int a, atomic_unchecked_t *v)
2299 + atomic_add(a, (atomic_t *)v);
2302 static __inline__ int atomic_add_return(int a, atomic_t *v)
2305 @@ -80,6 +95,11 @@ static __inline__ void atomic_sub(int a,
2309 +static __inline__ void atomic_sub_unchecked(int a, atomic_unchecked_t *v)
2311 + atomic_sub(a, (atomic_t *)v);
2314 static __inline__ int atomic_sub_return(int a, atomic_t *v)
2317 @@ -114,6 +134,11 @@ static __inline__ void atomic_inc(atomic
2321 +static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v)
2323 + atomic_inc((atomic_t *)v);
2326 static __inline__ int atomic_inc_return(atomic_t *v)
2329 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/device.h linux-2.6.32.1/arch/powerpc/include/asm/device.h
2330 --- linux-2.6.32.1/arch/powerpc/include/asm/device.h 2009-12-02 22:51:21.000000000 -0500
2331 +++ linux-2.6.32.1/arch/powerpc/include/asm/device.h 2009-12-14 18:33:51.465187119 -0500
2332 @@ -14,7 +14,7 @@ struct dev_archdata {
2333 struct device_node *of_node;
2335 /* DMA operations on that device */
2336 - struct dma_map_ops *dma_ops;
2337 + const struct dma_map_ops *dma_ops;
2340 * When an iommu is in use, dma_data is used as a ptr to the base of the
2341 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h
2342 --- linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
2343 +++ linux-2.6.32.1/arch/powerpc/include/asm/dma-mapping.h 2009-12-14 18:33:51.465187119 -0500
2344 @@ -67,11 +67,11 @@ static inline unsigned long device_to_ma
2345 * Available generic sets of operations
2348 -extern struct dma_map_ops dma_iommu_ops;
2349 +extern const struct dma_map_ops dma_iommu_ops;
2351 -extern struct dma_map_ops dma_direct_ops;
2352 +extern const struct dma_map_ops dma_direct_ops;
2354 -static inline struct dma_map_ops *get_dma_ops(struct device *dev)
2355 +static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
2357 /* We don't handle the NULL dev case for ISA for now. We could
2358 * do it via an out of line call but it is not needed for now. The
2359 @@ -84,7 +84,7 @@ static inline struct dma_map_ops *get_dm
2360 return dev->archdata.dma_ops;
2363 -static inline void set_dma_ops(struct device *dev, struct dma_map_ops *ops)
2364 +static inline void set_dma_ops(struct device *dev, const struct dma_map_ops *ops)
2366 dev->archdata.dma_ops = ops;
2368 @@ -118,7 +118,7 @@ static inline void set_dma_offset(struct
2370 static inline int dma_supported(struct device *dev, u64 mask)
2372 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2373 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2375 if (unlikely(dma_ops == NULL))
2377 @@ -132,7 +132,7 @@ static inline int dma_supported(struct d
2379 static inline int dma_set_mask(struct device *dev, u64 dma_mask)
2381 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2382 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2384 if (unlikely(dma_ops == NULL))
2386 @@ -147,7 +147,7 @@ static inline int dma_set_mask(struct de
2387 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
2388 dma_addr_t *dma_handle, gfp_t flag)
2390 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2391 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2395 @@ -162,7 +162,7 @@ static inline void *dma_alloc_coherent(s
2396 static inline void dma_free_coherent(struct device *dev, size_t size,
2397 void *cpu_addr, dma_addr_t dma_handle)
2399 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2400 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2404 @@ -173,7 +173,7 @@ static inline void dma_free_coherent(str
2406 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
2408 - struct dma_map_ops *dma_ops = get_dma_ops(dev);
2409 + const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2411 if (dma_ops->mapping_error)
2412 return dma_ops->mapping_error(dev, dma_addr);
2413 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/elf.h linux-2.6.32.1/arch/powerpc/include/asm/elf.h
2414 --- linux-2.6.32.1/arch/powerpc/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
2415 +++ linux-2.6.32.1/arch/powerpc/include/asm/elf.h 2009-12-14 18:33:51.466181848 -0500
2416 @@ -179,8 +179,19 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E
2417 the loader. We need to make sure that it is out of the way of the program
2418 that it will "exec", and that there is sufficient room for the brk. */
2420 -extern unsigned long randomize_et_dyn(unsigned long base);
2421 -#define ELF_ET_DYN_BASE (randomize_et_dyn(0x20000000))
2422 +#define ELF_ET_DYN_BASE (0x20000000)
2424 +#ifdef CONFIG_PAX_ASLR
2425 +#define PAX_ELF_ET_DYN_BASE (0x10000000UL)
2427 +#ifdef __powerpc64__
2428 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
2429 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 16 : 28)
2431 +#define PAX_DELTA_MMAP_LEN 15
2432 +#define PAX_DELTA_STACK_LEN 15
2437 * Our registers are always unsigned longs, whether we're a 32 bit
2438 @@ -279,9 +290,6 @@ extern int arch_setup_additional_pages(s
2439 (0x7ff >> (PAGE_SHIFT - 12)) : \
2440 (0x3ffff >> (PAGE_SHIFT - 12)))
2442 -extern unsigned long arch_randomize_brk(struct mm_struct *mm);
2443 -#define arch_randomize_brk arch_randomize_brk
2445 #endif /* __KERNEL__ */
2448 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h
2449 --- linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
2450 +++ linux-2.6.32.1/arch/powerpc/include/asm/kmap_types.h 2009-12-14 18:33:51.466181848 -0500
2451 @@ -26,6 +26,7 @@ enum km_type {
2459 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/page_64.h linux-2.6.32.1/arch/powerpc/include/asm/page_64.h
2460 --- linux-2.6.32.1/arch/powerpc/include/asm/page_64.h 2009-12-02 22:51:21.000000000 -0500
2461 +++ linux-2.6.32.1/arch/powerpc/include/asm/page_64.h 2009-12-14 18:33:51.466181848 -0500
2462 @@ -180,15 +180,18 @@ do { \
2463 * stack by default, so in the absense of a PT_GNU_STACK program header
2464 * we turn execute permission off.
2466 -#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
2467 - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2468 +#define VM_STACK_DEFAULT_FLAGS32 \
2469 + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
2470 + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2472 #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
2473 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2475 +#ifndef CONFIG_PAX_PAGEEXEC
2476 #define VM_STACK_DEFAULT_FLAGS \
2477 (test_thread_flag(TIF_32BIT) ? \
2478 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
2481 #include <asm-generic/getorder.h>
2483 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/page.h linux-2.6.32.1/arch/powerpc/include/asm/page.h
2484 --- linux-2.6.32.1/arch/powerpc/include/asm/page.h 2009-12-02 22:51:21.000000000 -0500
2485 +++ linux-2.6.32.1/arch/powerpc/include/asm/page.h 2009-12-14 18:33:51.466181848 -0500
2486 @@ -116,8 +116,9 @@ extern phys_addr_t kernstart_addr;
2487 * and needs to be executable. This means the whole heap ends
2488 * up being executable.
2490 -#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
2491 - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2492 +#define VM_DATA_DEFAULT_FLAGS32 \
2493 + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
2494 + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2496 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
2497 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2498 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/pci.h linux-2.6.32.1/arch/powerpc/include/asm/pci.h
2499 --- linux-2.6.32.1/arch/powerpc/include/asm/pci.h 2009-12-02 22:51:21.000000000 -0500
2500 +++ linux-2.6.32.1/arch/powerpc/include/asm/pci.h 2009-12-14 18:33:51.467183109 -0500
2501 @@ -65,8 +65,8 @@ static inline int pci_get_legacy_ide_irq
2505 -extern void set_pci_dma_ops(struct dma_map_ops *dma_ops);
2506 -extern struct dma_map_ops *get_pci_dma_ops(void);
2507 +extern void set_pci_dma_ops(const struct dma_map_ops *dma_ops);
2508 +extern const struct dma_map_ops *get_pci_dma_ops(void);
2509 #else /* CONFIG_PCI */
2510 #define set_pci_dma_ops(d)
2511 #define get_pci_dma_ops() NULL
2512 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h
2513 --- linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h 2009-12-02 22:51:21.000000000 -0500
2514 +++ linux-2.6.32.1/arch/powerpc/include/asm/pte-common.h 2009-12-14 18:33:51.467183109 -0500
2515 @@ -123,11 +123,11 @@ extern unsigned long bad_call_to_PMD_PAG
2517 #define PAGE_NONE __pgprot(_PAGE_BASE)
2518 #define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW)
2519 -#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC)
2520 +#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC | _PAGE_HWEXEC)
2521 #define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER)
2522 -#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
2523 +#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
2524 #define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER)
2525 -#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC)
2526 +#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC)
2528 #define __P000 PAGE_NONE
2529 #define __P001 PAGE_READONLY
2530 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h
2531 --- linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h 2009-12-02 22:51:21.000000000 -0500
2532 +++ linux-2.6.32.1/arch/powerpc/include/asm/pte-hash32.h 2009-12-14 18:33:51.467183109 -0500
2534 #define _PAGE_FILE 0x004 /* when !present: nonlinear file mapping */
2535 #define _PAGE_USER 0x004 /* usermode access allowed */
2536 #define _PAGE_GUARDED 0x008 /* G: prohibit speculative access */
2537 +#define _PAGE_HWEXEC _PAGE_GUARDED
2538 #define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
2539 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
2540 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
2541 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/reg.h linux-2.6.32.1/arch/powerpc/include/asm/reg.h
2542 --- linux-2.6.32.1/arch/powerpc/include/asm/reg.h 2009-12-02 22:51:21.000000000 -0500
2543 +++ linux-2.6.32.1/arch/powerpc/include/asm/reg.h 2009-12-14 18:33:51.467183109 -0500
2545 #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
2546 #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
2547 #define DSISR_NOHPTE 0x40000000 /* no translation found */
2548 +#define DSISR_GUARDED 0x10000000 /* fetch from guarded storage */
2549 #define DSISR_PROTFAULT 0x08000000 /* protection fault */
2550 #define DSISR_ISSTORE 0x02000000 /* access was a store */
2551 #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
2552 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h
2553 --- linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h 2009-12-02 22:51:21.000000000 -0500
2554 +++ linux-2.6.32.1/arch/powerpc/include/asm/swiotlb.h 2009-12-14 18:33:51.467183109 -0500
2557 #include <linux/swiotlb.h>
2559 -extern struct dma_map_ops swiotlb_dma_ops;
2560 +extern const struct dma_map_ops swiotlb_dma_ops;
2562 static inline void dma_mark_clean(void *addr, size_t size) {}
2564 diff -urNp linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h
2565 --- linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
2566 +++ linux-2.6.32.1/arch/powerpc/include/asm/uaccess.h 2009-12-14 18:33:51.468177656 -0500
2567 @@ -327,52 +327,6 @@ do { \
2568 extern unsigned long __copy_tofrom_user(void __user *to,
2569 const void __user *from, unsigned long size);
2571 -#ifndef __powerpc64__
2573 -static inline unsigned long copy_from_user(void *to,
2574 - const void __user *from, unsigned long n)
2576 - unsigned long over;
2578 - if (access_ok(VERIFY_READ, from, n))
2579 - return __copy_tofrom_user((__force void __user *)to, from, n);
2580 - if ((unsigned long)from < TASK_SIZE) {
2581 - over = (unsigned long)from + n - TASK_SIZE;
2582 - return __copy_tofrom_user((__force void __user *)to, from,
2588 -static inline unsigned long copy_to_user(void __user *to,
2589 - const void *from, unsigned long n)
2591 - unsigned long over;
2593 - if (access_ok(VERIFY_WRITE, to, n))
2594 - return __copy_tofrom_user(to, (__force void __user *)from, n);
2595 - if ((unsigned long)to < TASK_SIZE) {
2596 - over = (unsigned long)to + n - TASK_SIZE;
2597 - return __copy_tofrom_user(to, (__force void __user *)from,
2603 -#else /* __powerpc64__ */
2605 -#define __copy_in_user(to, from, size) \
2606 - __copy_tofrom_user((to), (from), (size))
2608 -extern unsigned long copy_from_user(void *to, const void __user *from,
2610 -extern unsigned long copy_to_user(void __user *to, const void *from,
2612 -extern unsigned long copy_in_user(void __user *to, const void __user *from,
2615 -#endif /* __powerpc64__ */
2617 static inline unsigned long __copy_from_user_inatomic(void *to,
2618 const void __user *from, unsigned long n)
2620 @@ -396,6 +350,10 @@ static inline unsigned long __copy_from_
2625 + if (!__builtin_constant_p(n))
2626 + check_object_size(to, n, false);
2628 return __copy_tofrom_user((__force void __user *)to, from, n);
2631 @@ -422,6 +380,10 @@ static inline unsigned long __copy_to_us
2636 + if (!__builtin_constant_p(n))
2637 + check_object_size(from, n, true);
2639 return __copy_tofrom_user(to, (__force const void __user *)from, n);
2642 @@ -439,6 +401,92 @@ static inline unsigned long __copy_to_us
2643 return __copy_to_user_inatomic(to, from, size);
2646 +#ifndef __powerpc64__
2648 +static inline unsigned long __must_check copy_from_user(void *to,
2649 + const void __user *from, unsigned long n)
2651 + unsigned long over;
2656 + if (access_ok(VERIFY_READ, from, n)) {
2657 + if (!__builtin_constant_p(n))
2658 + check_object_size(to, n, false);
2659 + return __copy_tofrom_user((__force void __user *)to, from, n);
2661 + if ((unsigned long)from < TASK_SIZE) {
2662 + over = (unsigned long)from + n - TASK_SIZE;
2663 + if (!__builtin_constant_p(n - over))
2664 + check_object_size(to, n - over, false);
2665 + return __copy_tofrom_user((__force void __user *)to, from,
2671 +static inline unsigned long __must_check copy_to_user(void __user *to,
2672 + const void *from, unsigned long n)
2674 + unsigned long over;
2679 + if (access_ok(VERIFY_WRITE, to, n)) {
2680 + if (!__builtin_constant_p(n))
2681 + check_object_size(from, n, true);
2682 + return __copy_tofrom_user(to, (__force void __user *)from, n);
2684 + if ((unsigned long)to < TASK_SIZE) {
2685 + over = (unsigned long)to + n - TASK_SIZE;
2686 + if (!__builtin_constant_p(n))
2687 + check_object_size(from, n - over, true);
2688 + return __copy_tofrom_user(to, (__force void __user *)from,
2694 +#else /* __powerpc64__ */
2696 +#define __copy_in_user(to, from, size) \
2697 + __copy_tofrom_user((to), (from), (size))
2699 +static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
2701 + if ((long)n < 0 || n > INT_MAX)
2704 + if (!__builtin_constant_p(n))
2705 + check_object_size(to, n, false);
2707 + if (likely(access_ok(VERIFY_READ, from, n)))
2708 + n = __copy_from_user(to, from, n);
2714 +static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
2716 + if ((long)n < 0 || n > INT_MAX)
2719 + if (likely(access_ok(VERIFY_WRITE, to, n))) {
2720 + if (!__builtin_constant_p(n))
2721 + check_object_size(from, n, true);
2722 + n = __copy_to_user(to, from, n);
2727 +extern unsigned long copy_in_user(void __user *to, const void __user *from,
2730 +#endif /* __powerpc64__ */
2732 extern unsigned long __clear_user(void __user *addr, unsigned long size);
2734 static inline unsigned long clear_user(void __user *addr, unsigned long size)
2735 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c
2736 --- linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c 2009-12-02 22:51:21.000000000 -0500
2737 +++ linux-2.6.32.1/arch/powerpc/kernel/cacheinfo.c 2009-12-14 18:33:51.468716909 -0500
2738 @@ -642,7 +642,7 @@ static struct kobj_attribute *cache_inde
2742 -static struct sysfs_ops cache_index_ops = {
2743 +static const struct sysfs_ops cache_index_ops = {
2744 .show = cache_index_show,
2747 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/dma.c linux-2.6.32.1/arch/powerpc/kernel/dma.c
2748 --- linux-2.6.32.1/arch/powerpc/kernel/dma.c 2009-12-02 22:51:21.000000000 -0500
2749 +++ linux-2.6.32.1/arch/powerpc/kernel/dma.c 2009-12-14 18:33:51.468716909 -0500
2750 @@ -134,7 +134,7 @@ static inline void dma_direct_sync_singl
2754 -struct dma_map_ops dma_direct_ops = {
2755 +const struct dma_map_ops dma_direct_ops = {
2756 .alloc_coherent = dma_direct_alloc_coherent,
2757 .free_coherent = dma_direct_free_coherent,
2758 .map_sg = dma_direct_map_sg,
2759 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c
2760 --- linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c 2009-12-02 22:51:21.000000000 -0500
2761 +++ linux-2.6.32.1/arch/powerpc/kernel/dma-iommu.c 2009-12-14 18:33:51.468716909 -0500
2762 @@ -89,7 +89,7 @@ static int dma_iommu_dma_supported(struc
2766 -struct dma_map_ops dma_iommu_ops = {
2767 +const struct dma_map_ops dma_iommu_ops = {
2768 .alloc_coherent = dma_iommu_alloc_coherent,
2769 .free_coherent = dma_iommu_free_coherent,
2770 .map_sg = dma_iommu_map_sg,
2771 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c
2772 --- linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c 2009-12-02 22:51:21.000000000 -0500
2773 +++ linux-2.6.32.1/arch/powerpc/kernel/dma-swiotlb.c 2009-12-14 18:33:51.468716909 -0500
2774 @@ -31,7 +31,7 @@ unsigned int ppc_swiotlb_enable;
2775 * map_page, and unmap_page on highmem, use normal dma_ops
2776 * for everything else.
2778 -struct dma_map_ops swiotlb_dma_ops = {
2779 +const struct dma_map_ops swiotlb_dma_ops = {
2780 .alloc_coherent = dma_direct_alloc_coherent,
2781 .free_coherent = dma_direct_free_coherent,
2782 .map_sg = swiotlb_map_sg_attrs,
2783 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c
2784 --- linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c 2009-12-02 22:51:21.000000000 -0500
2785 +++ linux-2.6.32.1/arch/powerpc/kernel/ibmebus.c 2009-12-14 18:33:51.468716909 -0500
2786 @@ -127,7 +127,7 @@ static int ibmebus_dma_supported(struct
2790 -static struct dma_map_ops ibmebus_dma_ops = {
2791 +static const struct dma_map_ops ibmebus_dma_ops = {
2792 .alloc_coherent = ibmebus_alloc_coherent,
2793 .free_coherent = ibmebus_free_coherent,
2794 .map_sg = ibmebus_map_sg,
2795 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/kgdb.c linux-2.6.32.1/arch/powerpc/kernel/kgdb.c
2796 --- linux-2.6.32.1/arch/powerpc/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
2797 +++ linux-2.6.32.1/arch/powerpc/kernel/kgdb.c 2009-12-14 18:33:51.468716909 -0500
2798 @@ -126,7 +126,7 @@ static int kgdb_handle_breakpoint(struct
2799 if (kgdb_handle_exception(0, SIGTRAP, 0, regs) != 0)
2802 - if (*(u32 *) (regs->nip) == *(u32 *) (&arch_kgdb_ops.gdb_bpt_instr))
2803 + if (*(u32 *) (regs->nip) == *(const u32 *) (&arch_kgdb_ops.gdb_bpt_instr))
2807 @@ -353,7 +353,7 @@ int kgdb_arch_handle_exception(int vecto
2811 -struct kgdb_arch arch_kgdb_ops = {
2812 +const struct kgdb_arch arch_kgdb_ops = {
2813 .gdb_bpt_instr = {0x7d, 0x82, 0x10, 0x08},
2816 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/module_32.c linux-2.6.32.1/arch/powerpc/kernel/module_32.c
2817 --- linux-2.6.32.1/arch/powerpc/kernel/module_32.c 2009-12-02 22:51:21.000000000 -0500
2818 +++ linux-2.6.32.1/arch/powerpc/kernel/module_32.c 2009-12-14 18:33:51.468716909 -0500
2819 @@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
2820 me->arch.core_plt_section = i;
2822 if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
2823 - printk("Module doesn't contain .plt or .init.plt sections.\n");
2824 + printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
2828 @@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
2830 DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
2831 /* Init, or core PLT? */
2832 - if (location >= mod->module_core
2833 - && location < mod->module_core + mod->core_size)
2834 + if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
2835 + (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
2836 entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
2838 + else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
2839 + (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
2840 entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
2842 + printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
2846 /* Find this entry, or if that fails, the next avail. entry */
2847 while (entry->jump[0]) {
2848 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/pci-common.c linux-2.6.32.1/arch/powerpc/kernel/pci-common.c
2849 --- linux-2.6.32.1/arch/powerpc/kernel/pci-common.c 2009-12-02 22:51:21.000000000 -0500
2850 +++ linux-2.6.32.1/arch/powerpc/kernel/pci-common.c 2009-12-14 18:33:51.494725296 -0500
2851 @@ -50,14 +50,14 @@ resource_size_t isa_mem_base;
2852 unsigned int ppc_pci_flags = 0;
2855 -static struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2856 +static const struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2858 -void set_pci_dma_ops(struct dma_map_ops *dma_ops)
2859 +void set_pci_dma_ops(const struct dma_map_ops *dma_ops)
2861 pci_dma_ops = dma_ops;
2864 -struct dma_map_ops *get_pci_dma_ops(void)
2865 +const struct dma_map_ops *get_pci_dma_ops(void)
2869 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/process.c linux-2.6.32.1/arch/powerpc/kernel/process.c
2870 --- linux-2.6.32.1/arch/powerpc/kernel/process.c 2009-12-02 22:51:21.000000000 -0500
2871 +++ linux-2.6.32.1/arch/powerpc/kernel/process.c 2009-12-14 18:33:51.495818460 -0500
2872 @@ -1153,51 +1153,3 @@ unsigned long arch_align_stack(unsigned
2873 sp -= get_random_int() & ~PAGE_MASK;
2877 -static inline unsigned long brk_rnd(void)
2879 - unsigned long rnd = 0;
2881 - /* 8MB for 32bit, 1GB for 64bit */
2882 - if (is_32bit_task())
2883 - rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
2885 - rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
2887 - return rnd << PAGE_SHIFT;
2890 -unsigned long arch_randomize_brk(struct mm_struct *mm)
2892 - unsigned long base = mm->brk;
2893 - unsigned long ret;
2895 -#ifdef CONFIG_PPC_STD_MMU_64
2897 - * If we are using 1TB segments and we are allowed to randomise
2898 - * the heap, we can put it above 1TB so it is backed by a 1TB
2899 - * segment. Otherwise the heap will be in the bottom 1TB
2900 - * which always uses 256MB segments and this may result in a
2901 - * performance penalty.
2903 - if (!is_32bit_task() && (mmu_highuser_ssize == MMU_SEGSIZE_1T))
2904 - base = max_t(unsigned long, mm->brk, 1UL << SID_SHIFT_1T);
2907 - ret = PAGE_ALIGN(base + brk_rnd());
2909 - if (ret < mm->brk)
2915 -unsigned long randomize_et_dyn(unsigned long base)
2917 - unsigned long ret = PAGE_ALIGN(base + brk_rnd());
2924 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/signal_32.c linux-2.6.32.1/arch/powerpc/kernel/signal_32.c
2925 --- linux-2.6.32.1/arch/powerpc/kernel/signal_32.c 2009-12-02 22:51:21.000000000 -0500
2926 +++ linux-2.6.32.1/arch/powerpc/kernel/signal_32.c 2009-12-14 18:33:51.496785316 -0500
2927 @@ -857,7 +857,7 @@ int handle_rt_signal32(unsigned long sig
2928 /* Save user registers on the stack */
2929 frame = &rt_sf->uc.uc_mcontext;
2931 - if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
2932 + if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2933 if (save_user_regs(regs, frame, 0, 1))
2935 regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
2936 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/signal_64.c linux-2.6.32.1/arch/powerpc/kernel/signal_64.c
2937 --- linux-2.6.32.1/arch/powerpc/kernel/signal_64.c 2009-12-02 22:51:21.000000000 -0500
2938 +++ linux-2.6.32.1/arch/powerpc/kernel/signal_64.c 2009-12-14 18:33:51.496785316 -0500
2939 @@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct
2940 current->thread.fpscr.val = 0;
2942 /* Set up to return from userspace. */
2943 - if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
2944 + if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2945 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
2947 err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
2948 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c
2949 --- linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c 2009-12-02 22:51:21.000000000 -0500
2950 +++ linux-2.6.32.1/arch/powerpc/kernel/sys_ppc32.c 2009-12-14 18:33:51.496785316 -0500
2951 @@ -563,10 +563,10 @@ asmlinkage long compat_sys_sysctl(struct
2954 if (get_user(oldlen, oldlenp) ||
2955 - put_user(oldlen, (compat_size_t __user *)compat_ptr(tmp.oldlenp)))
2956 + put_user(oldlen, (compat_size_t __user *)compat_ptr(tmp.oldlenp)) ||
2957 + copy_to_user(args->__unused, tmp.__unused, sizeof(tmp.__unused)))
2960 - copy_to_user(args->__unused, tmp.__unused, sizeof(tmp.__unused));
2964 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/vdso.c linux-2.6.32.1/arch/powerpc/kernel/vdso.c
2965 --- linux-2.6.32.1/arch/powerpc/kernel/vdso.c 2009-12-02 22:51:21.000000000 -0500
2966 +++ linux-2.6.32.1/arch/powerpc/kernel/vdso.c 2009-12-14 18:33:51.498049630 -0500
2968 #include <asm/firmware.h>
2969 #include <asm/vdso.h>
2970 #include <asm/vdso_datapage.h>
2971 +#include <asm/mman.h>
2975 @@ -220,7 +221,7 @@ int arch_setup_additional_pages(struct l
2976 vdso_base = VDSO32_MBASE;
2979 - current->mm->context.vdso_base = 0;
2980 + current->mm->context.vdso_base = ~0UL;
2982 /* vDSO has a problem and was disabled, just don't "enable" it for the
2984 @@ -240,7 +241,7 @@ int arch_setup_additional_pages(struct l
2985 vdso_base = get_unmapped_area(NULL, vdso_base,
2986 (vdso_pages << PAGE_SHIFT) +
2987 ((VDSO_ALIGNMENT - 1) & PAGE_MASK),
2989 + 0, MAP_PRIVATE | MAP_EXECUTABLE);
2990 if (IS_ERR_VALUE(vdso_base)) {
2993 diff -urNp linux-2.6.32.1/arch/powerpc/kernel/vio.c linux-2.6.32.1/arch/powerpc/kernel/vio.c
2994 --- linux-2.6.32.1/arch/powerpc/kernel/vio.c 2009-12-02 22:51:21.000000000 -0500
2995 +++ linux-2.6.32.1/arch/powerpc/kernel/vio.c 2009-12-14 18:33:51.498797053 -0500
2996 @@ -601,6 +601,7 @@ static void vio_dma_iommu_unmap_sg(struc
2997 vio_cmo_dealloc(viodev, alloc_size);
3000 +/* cannot be const */
3001 struct dma_map_ops vio_dma_mapping_ops = {
3002 .alloc_coherent = vio_dma_iommu_alloc_coherent,
3003 .free_coherent = vio_dma_iommu_free_coherent,
3004 diff -urNp linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c
3005 --- linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c 2009-12-02 22:51:21.000000000 -0500
3006 +++ linux-2.6.32.1/arch/powerpc/lib/usercopy_64.c 2009-12-14 18:33:51.498797053 -0500
3008 #include <linux/module.h>
3009 #include <asm/uaccess.h>
3011 -unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
3013 - if (likely(access_ok(VERIFY_READ, from, n)))
3014 - n = __copy_from_user(to, from, n);
3020 -unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
3022 - if (likely(access_ok(VERIFY_WRITE, to, n)))
3023 - n = __copy_to_user(to, from, n);
3027 unsigned long copy_in_user(void __user *to, const void __user *from,
3030 @@ -35,7 +19,5 @@ unsigned long copy_in_user(void __user *
3034 -EXPORT_SYMBOL(copy_from_user);
3035 -EXPORT_SYMBOL(copy_to_user);
3036 EXPORT_SYMBOL(copy_in_user);
3038 diff -urNp linux-2.6.32.1/arch/powerpc/mm/fault.c linux-2.6.32.1/arch/powerpc/mm/fault.c
3039 --- linux-2.6.32.1/arch/powerpc/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
3040 +++ linux-2.6.32.1/arch/powerpc/mm/fault.c 2009-12-14 18:33:51.498797053 -0500
3042 #include <linux/kprobes.h>
3043 #include <linux/kdebug.h>
3044 #include <linux/perf_event.h>
3045 +#include <linux/slab.h>
3046 +#include <linux/pagemap.h>
3047 +#include <linux/compiler.h>
3048 +#include <linux/unistd.h>
3050 #include <asm/firmware.h>
3051 #include <asm/page.h>
3053 #include <asm/uaccess.h>
3054 #include <asm/tlbflush.h>
3055 #include <asm/siginfo.h>
3056 +#include <asm/ptrace.h>
3059 #ifdef CONFIG_KPROBES
3060 @@ -64,6 +69,33 @@ static inline int notify_page_fault(stru
3064 +#ifdef CONFIG_PAX_PAGEEXEC
3066 + * PaX: decide what to do with offenders (regs->nip = fault address)
3068 + * returns 1 when task should be killed
3070 +static int pax_handle_fetch_fault(struct pt_regs *regs)
3075 +void pax_report_insns(void *pc, void *sp)
3079 + printk(KERN_ERR "PAX: bytes at PC: ");
3080 + for (i = 0; i < 5; i++) {
3082 + if (get_user(c, (unsigned int *)pc+i))
3083 + printk(KERN_CONT "???????? ");
3085 + printk(KERN_CONT "%08x ", c);
3092 * Check whether the instruction at regs->nip is a store using
3093 * an update addressing form which will update r1.
3094 @@ -134,7 +166,7 @@ int __kprobes do_page_fault(struct pt_re
3095 * indicate errors in DSISR but can validly be set in SRR1.
3098 - error_code &= 0x48200000;
3099 + error_code &= 0x58200000;
3101 is_write = error_code & DSISR_ISSTORE;
3103 @@ -250,7 +282,7 @@ good_area:
3104 * "undefined". Of those that can be set, this is the only
3105 * one which seems bad.
3107 - if (error_code & 0x10000000)
3108 + if (error_code & DSISR_GUARDED)
3109 /* Guarded storage error. */
3111 #endif /* CONFIG_8xx */
3112 @@ -265,7 +297,7 @@ good_area:
3113 * processors use the same I/D cache coherency mechanism
3116 - if (error_code & DSISR_PROTFAULT)
3117 + if (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))
3119 #endif /* CONFIG_PPC_STD_MMU */
3121 @@ -335,6 +367,23 @@ bad_area:
3122 bad_area_nosemaphore:
3123 /* User mode accesses cause a SIGSEGV */
3124 if (user_mode(regs)) {
3126 +#ifdef CONFIG_PAX_PAGEEXEC
3127 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
3128 +#ifdef CONFIG_PPC_STD_MMU
3129 + if (is_exec && (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))) {
3131 + if (is_exec && regs->nip == address) {
3133 + switch (pax_handle_fetch_fault(regs)) {
3136 + pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]);
3137 + do_group_exit(SIGKILL);
3142 _exception(SIGSEGV, regs, code, address);
3145 diff -urNp linux-2.6.32.1/arch/powerpc/mm/mmap_64.c linux-2.6.32.1/arch/powerpc/mm/mmap_64.c
3146 --- linux-2.6.32.1/arch/powerpc/mm/mmap_64.c 2009-12-02 22:51:21.000000000 -0500
3147 +++ linux-2.6.32.1/arch/powerpc/mm/mmap_64.c 2009-12-14 18:33:51.498797053 -0500
3148 @@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_str
3150 if (mmap_is_legacy()) {
3151 mm->mmap_base = TASK_UNMAPPED_BASE;
3153 +#ifdef CONFIG_PAX_RANDMMAP
3154 + if (mm->pax_flags & MF_PAX_RANDMMAP)
3155 + mm->mmap_base += mm->delta_mmap;
3158 mm->get_unmapped_area = arch_get_unmapped_area;
3159 mm->unmap_area = arch_unmap_area;
3161 mm->mmap_base = mmap_base();
3163 +#ifdef CONFIG_PAX_RANDMMAP
3164 + if (mm->pax_flags & MF_PAX_RANDMMAP)
3165 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
3168 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
3169 mm->unmap_area = arch_unmap_area_topdown;
3171 diff -urNp linux-2.6.32.1/arch/powerpc/mm/slice.c linux-2.6.32.1/arch/powerpc/mm/slice.c
3172 --- linux-2.6.32.1/arch/powerpc/mm/slice.c 2009-12-02 22:51:21.000000000 -0500
3173 +++ linux-2.6.32.1/arch/powerpc/mm/slice.c 2009-12-14 18:33:51.499879436 -0500
3174 @@ -426,6 +426,11 @@ unsigned long slice_get_unmapped_area(un
3175 if (fixed && addr > (mm->task_size - len))
3178 +#ifdef CONFIG_PAX_RANDMMAP
3179 + if (!fixed && (mm->pax_flags & MF_PAX_RANDMMAP))
3183 /* If hint, make sure it matches our alignment restrictions */
3184 if (!fixed && addr) {
3185 addr = _ALIGN_UP(addr, 1ul << pshift);
3186 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c
3187 --- linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c 2009-12-02 22:51:21.000000000 -0500
3188 +++ linux-2.6.32.1/arch/powerpc/platforms/52xx/lite5200_pm.c 2009-12-14 18:33:51.520200853 -0500
3189 @@ -235,7 +235,7 @@ static void lite5200_pm_end(void)
3190 lite5200_pm_target_state = PM_SUSPEND_ON;
3193 -static struct platform_suspend_ops lite5200_pm_ops = {
3194 +static const struct platform_suspend_ops lite5200_pm_ops = {
3195 .valid = lite5200_pm_valid,
3196 .begin = lite5200_pm_begin,
3197 .prepare = lite5200_pm_prepare,
3198 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c
3199 --- linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2009-12-02 22:51:21.000000000 -0500
3200 +++ linux-2.6.32.1/arch/powerpc/platforms/52xx/mpc52xx_pm.c 2009-12-14 18:33:51.520887334 -0500
3201 @@ -180,7 +180,7 @@ void mpc52xx_pm_finish(void)
3205 -static struct platform_suspend_ops mpc52xx_pm_ops = {
3206 +static const struct platform_suspend_ops mpc52xx_pm_ops = {
3207 .valid = mpc52xx_pm_valid,
3208 .prepare = mpc52xx_pm_prepare,
3209 .enter = mpc52xx_pm_enter,
3210 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c
3211 --- linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c 2009-12-02 22:51:21.000000000 -0500
3212 +++ linux-2.6.32.1/arch/powerpc/platforms/83xx/suspend.c 2009-12-14 18:33:51.520887334 -0500
3213 @@ -273,7 +273,7 @@ static int mpc83xx_is_pci_agent(void)
3217 -static struct platform_suspend_ops mpc83xx_suspend_ops = {
3218 +static const struct platform_suspend_ops mpc83xx_suspend_ops = {
3219 .valid = mpc83xx_suspend_valid,
3220 .begin = mpc83xx_suspend_begin,
3221 .enter = mpc83xx_suspend_enter,
3222 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c
3223 --- linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c 2009-12-02 22:51:21.000000000 -0500
3224 +++ linux-2.6.32.1/arch/powerpc/platforms/cell/iommu.c 2009-12-14 18:33:51.520887334 -0500
3225 @@ -642,7 +642,7 @@ static int dma_fixed_dma_supported(struc
3227 static int dma_set_mask_and_switch(struct device *dev, u64 dma_mask);
3229 -struct dma_map_ops dma_iommu_fixed_ops = {
3230 +const struct dma_map_ops dma_iommu_fixed_ops = {
3231 .alloc_coherent = dma_fixed_alloc_coherent,
3232 .free_coherent = dma_fixed_free_coherent,
3233 .map_sg = dma_fixed_map_sg,
3234 diff -urNp linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c
3235 --- linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c 2009-12-02 22:51:21.000000000 -0500
3236 +++ linux-2.6.32.1/arch/powerpc/platforms/ps3/system-bus.c 2009-12-14 18:33:51.536181929 -0500
3237 @@ -694,7 +694,7 @@ static int ps3_dma_supported(struct devi
3238 return mask >= DMA_BIT_MASK(32);
3241 -static struct dma_map_ops ps3_sb_dma_ops = {
3242 +static const struct dma_map_ops ps3_sb_dma_ops = {
3243 .alloc_coherent = ps3_alloc_coherent,
3244 .free_coherent = ps3_free_coherent,
3245 .map_sg = ps3_sb_map_sg,
3246 @@ -704,7 +704,7 @@ static struct dma_map_ops ps3_sb_dma_ops
3247 .unmap_page = ps3_unmap_page,
3250 -static struct dma_map_ops ps3_ioc0_dma_ops = {
3251 +static const struct dma_map_ops ps3_ioc0_dma_ops = {
3252 .alloc_coherent = ps3_alloc_coherent,
3253 .free_coherent = ps3_free_coherent,
3254 .map_sg = ps3_ioc0_map_sg,
3255 diff -urNp linux-2.6.32.1/arch/s390/include/asm/atomic.h linux-2.6.32.1/arch/s390/include/asm/atomic.h
3256 --- linux-2.6.32.1/arch/s390/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
3257 +++ linux-2.6.32.1/arch/s390/include/asm/atomic.h 2009-12-14 18:33:51.536779990 -0500
3258 @@ -61,19 +61,31 @@ static inline int atomic_read(const atom
3262 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
3264 + return atomic_read((const atomic_t *)v);
3267 static inline void atomic_set(atomic_t *v, int i)
3273 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
3275 + atomic_set((atomic_t *)v, i);
3278 static inline int atomic_add_return(int i, atomic_t *v)
3280 return __CS_LOOP(v, i, "ar");
3282 #define atomic_add(_i, _v) atomic_add_return(_i, _v)
3283 +#define atomic_add_unchecked(_i, _v) atomic_add((_i), (atomic_t *)(_v))
3284 #define atomic_add_negative(_i, _v) (atomic_add_return(_i, _v) < 0)
3285 #define atomic_inc(_v) atomic_add_return(1, _v)
3286 +#define atomic_inc_unchecked(_v) atomic_inc((atomic_t *)(_v))
3287 #define atomic_inc_return(_v) atomic_add_return(1, _v)
3288 #define atomic_inc_and_test(_v) (atomic_add_return(1, _v) == 0)
3290 @@ -82,6 +94,7 @@ static inline int atomic_sub_return(int
3291 return __CS_LOOP(v, i, "sr");
3293 #define atomic_sub(_i, _v) atomic_sub_return(_i, _v)
3294 +#define atomic_sub_unchecked(_i, _v) atomic_sub((_i), (atomic_t *)(_v))
3295 #define atomic_sub_and_test(_i, _v) (atomic_sub_return(_i, _v) == 0)
3296 #define atomic_dec(_v) atomic_sub_return(1, _v)
3297 #define atomic_dec_return(_v) atomic_sub_return(1, _v)
3298 diff -urNp linux-2.6.32.1/arch/s390/include/asm/uaccess.h linux-2.6.32.1/arch/s390/include/asm/uaccess.h
3299 --- linux-2.6.32.1/arch/s390/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
3300 +++ linux-2.6.32.1/arch/s390/include/asm/uaccess.h 2009-12-14 18:33:51.536779990 -0500
3301 @@ -232,6 +232,10 @@ static inline unsigned long __must_check
3302 copy_to_user(void __user *to, const void *from, unsigned long n)
3309 if (access_ok(VERIFY_WRITE, to, n))
3310 n = __copy_to_user(to, from, n);
3312 @@ -257,6 +261,9 @@ copy_to_user(void __user *to, const void
3313 static inline unsigned long __must_check
3314 __copy_from_user(void *to, const void __user *from, unsigned long n)
3319 if (__builtin_constant_p(n) && (n <= 256))
3320 return uaccess.copy_from_user_small(n, from, to);
3322 @@ -283,6 +290,10 @@ static inline unsigned long __must_check
3323 copy_from_user(void *to, const void __user *from, unsigned long n)
3330 if (access_ok(VERIFY_READ, from, n))
3331 n = __copy_from_user(to, from, n);
3333 diff -urNp linux-2.6.32.1/arch/s390/kernel/module.c linux-2.6.32.1/arch/s390/kernel/module.c
3334 --- linux-2.6.32.1/arch/s390/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
3335 +++ linux-2.6.32.1/arch/s390/kernel/module.c 2009-12-14 18:33:51.536779990 -0500
3336 @@ -166,11 +166,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr,
3338 /* Increase core size by size of got & plt and set start
3339 offsets for got and plt. */
3340 - me->core_size = ALIGN(me->core_size, 4);
3341 - me->arch.got_offset = me->core_size;
3342 - me->core_size += me->arch.got_size;
3343 - me->arch.plt_offset = me->core_size;
3344 - me->core_size += me->arch.plt_size;
3345 + me->core_size_rw = ALIGN(me->core_size_rw, 4);
3346 + me->arch.got_offset = me->core_size_rw;
3347 + me->core_size_rw += me->arch.got_size;
3348 + me->arch.plt_offset = me->core_size_rx;
3349 + me->core_size_rx += me->arch.plt_size;
3353 @@ -256,7 +256,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3354 if (info->got_initialized == 0) {
3357 - gotent = me->module_core + me->arch.got_offset +
3358 + gotent = me->module_core_rw + me->arch.got_offset +
3361 info->got_initialized = 1;
3362 @@ -280,7 +280,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3363 else if (r_type == R_390_GOTENT ||
3364 r_type == R_390_GOTPLTENT)
3365 *(unsigned int *) loc =
3366 - (val + (Elf_Addr) me->module_core - loc) >> 1;
3367 + (val + (Elf_Addr) me->module_core_rw - loc) >> 1;
3368 else if (r_type == R_390_GOT64 ||
3369 r_type == R_390_GOTPLT64)
3370 *(unsigned long *) loc = val;
3371 @@ -294,7 +294,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3372 case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */
3373 if (info->plt_initialized == 0) {
3375 - ip = me->module_core + me->arch.plt_offset +
3376 + ip = me->module_core_rx + me->arch.plt_offset +
3378 #ifndef CONFIG_64BIT
3379 ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */
3380 @@ -319,7 +319,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3381 val - loc + 0xffffUL < 0x1ffffeUL) ||
3382 (r_type == R_390_PLT32DBL &&
3383 val - loc + 0xffffffffULL < 0x1fffffffeULL)))
3384 - val = (Elf_Addr) me->module_core +
3385 + val = (Elf_Addr) me->module_core_rx +
3386 me->arch.plt_offset +
3388 val += rela->r_addend - loc;
3389 @@ -341,7 +341,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3390 case R_390_GOTOFF32: /* 32 bit offset to GOT. */
3391 case R_390_GOTOFF64: /* 64 bit offset to GOT. */
3392 val = val + rela->r_addend -
3393 - ((Elf_Addr) me->module_core + me->arch.got_offset);
3394 + ((Elf_Addr) me->module_core_rw + me->arch.got_offset);
3395 if (r_type == R_390_GOTOFF16)
3396 *(unsigned short *) loc = val;
3397 else if (r_type == R_390_GOTOFF32)
3398 @@ -351,7 +351,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3400 case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */
3401 case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */
3402 - val = (Elf_Addr) me->module_core + me->arch.got_offset +
3403 + val = (Elf_Addr) me->module_core_rw + me->arch.got_offset +
3404 rela->r_addend - loc;
3405 if (r_type == R_390_GOTPC)
3406 *(unsigned int *) loc = val;
3407 diff -urNp linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c
3408 --- linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c 2009-12-02 22:51:21.000000000 -0500
3409 +++ linux-2.6.32.1/arch/sh/boards/mach-hp6xx/pm.c 2009-12-14 18:33:51.536779990 -0500
3410 @@ -143,7 +143,7 @@ static int hp6x0_pm_enter(suspend_state_
3414 -static struct platform_suspend_ops hp6x0_pm_ops = {
3415 +static const struct platform_suspend_ops hp6x0_pm_ops = {
3416 .enter = hp6x0_pm_enter,
3417 .valid = suspend_valid_only_mem,
3419 diff -urNp linux-2.6.32.1/arch/sh/include/asm/atomic.h linux-2.6.32.1/arch/sh/include/asm/atomic.h
3420 --- linux-2.6.32.1/arch/sh/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
3421 +++ linux-2.6.32.1/arch/sh/include/asm/atomic.h 2009-12-14 18:33:51.536779990 -0500
3423 #define ATOMIC_INIT(i) ( (atomic_t) { (i) } )
3425 #define atomic_read(v) ((v)->counter)
3426 +#define atomic_read_unchecked(v) ((v)->counter)
3427 #define atomic_set(v,i) ((v)->counter = (i))
3428 +#define atomic_set_unchecked(v,i) ((v)->counter = (i))
3430 #if defined(CONFIG_GUSA_RB)
3431 #include <asm/atomic-grb.h>
3433 #define atomic_dec_and_test(v) (atomic_sub_return(1, (v)) == 0)
3435 #define atomic_inc(v) atomic_add(1,(v))
3436 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
3437 +#define atomic_add_unchecked(i,v) atomic_add((i),(atomic_t *)(v))
3438 +#define atomic_sub_unchecked(i,v) atomic_sub((i),(atomic_t *)(v))
3439 #define atomic_dec(v) atomic_sub(1,(v))
3441 #if !defined(CONFIG_GUSA_RB) && !defined(CONFIG_CPU_SH4A)
3442 diff -urNp linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c
3443 --- linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c 2009-12-02 22:51:21.000000000 -0500
3444 +++ linux-2.6.32.1/arch/sh/kernel/cpu/sh4/sq.c 2009-12-14 18:33:51.538190752 -0500
3445 @@ -327,7 +327,7 @@ static struct attribute *sq_sysfs_attrs[
3449 -static struct sysfs_ops sq_sysfs_ops = {
3450 +static const struct sysfs_ops sq_sysfs_ops = {
3451 .show = sq_sysfs_show,
3452 .store = sq_sysfs_store,
3454 diff -urNp linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c
3455 --- linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c 2009-12-02 22:51:21.000000000 -0500
3456 +++ linux-2.6.32.1/arch/sh/kernel/cpu/shmobile/pm.c 2009-12-14 18:33:51.538190752 -0500
3457 @@ -58,7 +58,7 @@ static int sh_pm_enter(suspend_state_t s
3461 -static struct platform_suspend_ops sh_pm_ops = {
3462 +static const struct platform_suspend_ops sh_pm_ops = {
3463 .enter = sh_pm_enter,
3464 .valid = suspend_valid_only_mem,
3466 diff -urNp linux-2.6.32.1/arch/sh/kernel/kgdb.c linux-2.6.32.1/arch/sh/kernel/kgdb.c
3467 --- linux-2.6.32.1/arch/sh/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
3468 +++ linux-2.6.32.1/arch/sh/kernel/kgdb.c 2009-12-14 18:33:51.548195505 -0500
3469 @@ -271,7 +271,7 @@ void kgdb_arch_exit(void)
3473 -struct kgdb_arch arch_kgdb_ops = {
3474 +const struct kgdb_arch arch_kgdb_ops = {
3475 /* Breakpoint instruction: trapa #0x3c */
3476 #ifdef CONFIG_CPU_LITTLE_ENDIAN
3477 .gdb_bpt_instr = { 0x3c, 0xc3 },
3478 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h
3479 --- linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h 2009-12-02 22:51:21.000000000 -0500
3480 +++ linux-2.6.32.1/arch/sparc/include/asm/atomic_32.h 2009-12-14 18:33:51.548195505 -0500
3481 @@ -24,12 +24,17 @@ extern int atomic_cmpxchg(atomic_t *, in
3482 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
3483 extern int atomic_add_unless(atomic_t *, int, int);
3484 extern void atomic_set(atomic_t *, int);
3485 +extern void atomic_set_unchecked(atomic_unchecked_t *, int);
3487 #define atomic_read(v) ((v)->counter)
3488 +#define atomic_read_unchecked(v) ((v)->counter)
3490 #define atomic_add(i, v) ((void)__atomic_add_return( (int)(i), (v)))
3491 +#define atomic_add_unchecked(i, v) atomic_add((i), (atomic_t *)(v))
3492 #define atomic_sub(i, v) ((void)__atomic_add_return(-(int)(i), (v)))
3493 +#define atomic_sub_unchecked(i, v) atomic_sub((i), (atomic_t *)(v))
3494 #define atomic_inc(v) ((void)__atomic_add_return( 1, (v)))
3495 +#define atomic_inc_unchecked(v) atomic_inc((atomic_t *)(v))
3496 #define atomic_dec(v) ((void)__atomic_add_return( -1, (v)))
3498 #define atomic_add_return(i, v) (__atomic_add_return( (int)(i), (v)))
3499 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h
3500 --- linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h 2009-12-02 22:51:21.000000000 -0500
3501 +++ linux-2.6.32.1/arch/sparc/include/asm/atomic_64.h 2009-12-14 18:33:51.549188129 -0500
3503 #define ATOMIC64_INIT(i) { (i) }
3505 #define atomic_read(v) ((v)->counter)
3506 +#define atomic_read_unchecked(v) ((v)->counter)
3507 #define atomic64_read(v) ((v)->counter)
3509 #define atomic_set(v, i) (((v)->counter) = i)
3510 +#define atomic_set_unchecked(v, i) (((v)->counter) = i)
3511 #define atomic64_set(v, i) (((v)->counter) = i)
3513 extern void atomic_add(int, atomic_t *);
3514 +extern void atomic_add_unchecked(int, atomic_unchecked_t *);
3515 extern void atomic64_add(int, atomic64_t *);
3516 extern void atomic_sub(int, atomic_t *);
3517 +extern void atomic_sub_unchecked(int, atomic_unchecked_t *);
3518 extern void atomic64_sub(int, atomic64_t *);
3520 extern int atomic_add_ret(int, atomic_t *);
3521 @@ -59,6 +63,7 @@ extern int atomic64_sub_ret(int, atomic6
3522 #define atomic64_dec_and_test(v) (atomic64_sub_ret(1, v) == 0)
3524 #define atomic_inc(v) atomic_add(1, v)
3525 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1, v)
3526 #define atomic64_inc(v) atomic64_add(1, v)
3528 #define atomic_dec(v) atomic_sub(1, v)
3529 @@ -72,17 +77,28 @@ extern int atomic64_sub_ret(int, atomic6
3531 static inline int atomic_add_unless(atomic_t *v, int a, int u)
3537 - if (unlikely(c == (u)))
3538 + if (unlikely(c == u))
3540 - old = atomic_cmpxchg((v), c, c + (a));
3542 + asm volatile("addcc %2, %0, %0\n"
3544 +#ifdef CONFIG_PAX_REFCOUNT
3549 + : "0" (c), "ir" (a)
3552 + old = atomic_cmpxchg(v, c, new);
3553 if (likely(old == c))
3561 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
3562 @@ -93,17 +109,28 @@ static inline int atomic_add_unless(atom
3564 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
3568 c = atomic64_read(v);
3570 - if (unlikely(c == (u)))
3571 + if (unlikely(c == u))
3573 - old = atomic64_cmpxchg((v), c, c + (a));
3575 + asm volatile("addcc %2, %0, %0\n"
3577 +#ifdef CONFIG_PAX_REFCOUNT
3582 + : "0" (c), "ir" (a)
3585 + old = atomic64_cmpxchg(v, c, new);
3586 if (likely(old == c))
3594 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
3595 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h
3596 --- linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
3597 +++ linux-2.6.32.1/arch/sparc/include/asm/dma-mapping.h 2009-12-14 18:33:51.549188129 -0500
3598 @@ -14,10 +14,10 @@ extern int dma_set_mask(struct device *d
3599 #define dma_free_noncoherent(d, s, v, h) dma_free_coherent(d, s, v, h)
3600 #define dma_is_consistent(d, h) (1)
3602 -extern struct dma_map_ops *dma_ops, pci32_dma_ops;
3603 +extern struct const dma_map_ops *dma_ops, pci32_dma_ops;
3604 extern struct bus_type pci_bus_type;
3606 -static inline struct dma_map_ops *get_dma_ops(struct device *dev)
3607 +static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
3609 #if defined(CONFIG_SPARC32) && defined(CONFIG_PCI)
3610 if (dev->bus == &pci_bus_type)
3611 @@ -31,7 +31,7 @@ static inline struct dma_map_ops *get_dm
3612 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
3613 dma_addr_t *dma_handle, gfp_t flag)
3615 - struct dma_map_ops *ops = get_dma_ops(dev);
3616 + const struct dma_map_ops *ops = get_dma_ops(dev);
3619 cpu_addr = ops->alloc_coherent(dev, size, dma_handle, flag);
3620 @@ -42,7 +42,7 @@ static inline void *dma_alloc_coherent(s
3621 static inline void dma_free_coherent(struct device *dev, size_t size,
3622 void *cpu_addr, dma_addr_t dma_handle)
3624 - struct dma_map_ops *ops = get_dma_ops(dev);
3625 + const struct dma_map_ops *ops = get_dma_ops(dev);
3627 debug_dma_free_coherent(dev, size, cpu_addr, dma_handle);
3628 ops->free_coherent(dev, size, cpu_addr, dma_handle);
3629 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/elf_32.h linux-2.6.32.1/arch/sparc/include/asm/elf_32.h
3630 --- linux-2.6.32.1/arch/sparc/include/asm/elf_32.h 2009-12-02 22:51:21.000000000 -0500
3631 +++ linux-2.6.32.1/arch/sparc/include/asm/elf_32.h 2009-12-14 18:33:51.549188129 -0500
3632 @@ -116,6 +116,13 @@ typedef struct {
3634 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE)
3636 +#ifdef CONFIG_PAX_ASLR
3637 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
3639 +#define PAX_DELTA_MMAP_LEN 16
3640 +#define PAX_DELTA_STACK_LEN 16
3643 /* This yields a mask that user programs can use to figure out what
3644 instruction set this cpu supports. This can NOT be done in userspace
3646 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/elf_64.h linux-2.6.32.1/arch/sparc/include/asm/elf_64.h
3647 --- linux-2.6.32.1/arch/sparc/include/asm/elf_64.h 2009-12-02 22:51:21.000000000 -0500
3648 +++ linux-2.6.32.1/arch/sparc/include/asm/elf_64.h 2009-12-14 18:33:51.549188129 -0500
3649 @@ -163,6 +163,12 @@ typedef struct {
3650 #define ELF_ET_DYN_BASE 0x0000010000000000UL
3651 #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL
3653 +#ifdef CONFIG_PAX_ASLR
3654 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL)
3656 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 14 : 28 )
3657 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 15 : 29 )
3660 /* This yields a mask that user programs can use to figure out what
3661 instruction set this cpu supports. */
3662 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h
3663 --- linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h 2009-12-02 22:51:21.000000000 -0500
3664 +++ linux-2.6.32.1/arch/sparc/include/asm/pgtable_32.h 2009-12-14 18:33:51.549188129 -0500
3665 @@ -43,6 +43,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd)
3666 BTFIXUPDEF_INT(page_none)
3667 BTFIXUPDEF_INT(page_copy)
3668 BTFIXUPDEF_INT(page_readonly)
3670 +#ifdef CONFIG_PAX_PAGEEXEC
3671 +BTFIXUPDEF_INT(page_shared_noexec)
3672 +BTFIXUPDEF_INT(page_copy_noexec)
3673 +BTFIXUPDEF_INT(page_readonly_noexec)
3676 BTFIXUPDEF_INT(page_kernel)
3678 #define PMD_SHIFT SUN4C_PMD_SHIFT
3679 @@ -64,6 +71,16 @@ extern pgprot_t PAGE_SHARED;
3680 #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy))
3681 #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly))
3683 +#ifdef CONFIG_PAX_PAGEEXEC
3684 +extern pgprot_t PAGE_SHARED_NOEXEC;
3685 +# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec))
3686 +# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec))
3688 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
3689 +# define PAGE_COPY_NOEXEC PAGE_COPY
3690 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
3693 extern unsigned long page_kernel;
3696 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h
3697 --- linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h 2009-12-02 22:51:21.000000000 -0500
3698 +++ linux-2.6.32.1/arch/sparc/include/asm/pgtsrmmu.h 2009-12-14 18:33:51.550193388 -0500
3699 @@ -115,6 +115,13 @@
3700 SRMMU_EXEC | SRMMU_REF)
3701 #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \
3702 SRMMU_EXEC | SRMMU_REF)
3704 +#ifdef CONFIG_PAX_PAGEEXEC
3705 +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF)
3706 +#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
3707 +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
3710 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
3711 SRMMU_DIRTY | SRMMU_REF)
3713 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h
3714 --- linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h 2009-12-02 22:51:21.000000000 -0500
3715 +++ linux-2.6.32.1/arch/sparc/include/asm/spinlock_64.h 2009-12-14 18:33:51.550193388 -0500
3716 @@ -99,7 +99,12 @@ static void inline arch_read_lock(raw_rw
3717 __asm__ __volatile__ (
3718 "1: ldsw [%2], %0\n"
3720 -"4: add %0, 1, %1\n"
3721 +"4: addcc %0, 1, %1\n"
3723 +#ifdef CONFIG_PAX_REFCOUNT
3727 " cas [%2], %0, %1\n"
3729 " bne,pn %%icc, 1b\n"
3730 @@ -112,7 +117,7 @@ static void inline arch_read_lock(raw_rw
3732 : "=&r" (tmp1), "=&r" (tmp2)
3735 + : "memory", "cc");
3738 static int inline arch_read_trylock(raw_rwlock_t *lock)
3739 @@ -123,7 +128,12 @@ static int inline arch_read_trylock(raw_
3740 "1: ldsw [%2], %0\n"
3741 " brlz,a,pn %0, 2f\n"
3744 +" addcc %0, 1, %1\n"
3746 +#ifdef CONFIG_PAX_REFCOUNT
3750 " cas [%2], %0, %1\n"
3752 " bne,pn %%icc, 1b\n"
3753 @@ -142,7 +152,12 @@ static void inline arch_read_unlock(raw_
3755 __asm__ __volatile__(
3756 "1: lduw [%2], %0\n"
3758 +" subcc %0, 1, %1\n"
3760 +#ifdef CONFIG_PAX_REFCOUNT
3764 " cas [%2], %0, %1\n"
3766 " bne,pn %%xcc, 1b\n"
3767 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h
3768 --- linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h 2009-12-02 22:51:21.000000000 -0500
3769 +++ linux-2.6.32.1/arch/sparc/include/asm/uaccess_32.h 2009-12-14 18:33:51.550193388 -0500
3770 @@ -249,27 +249,46 @@ extern unsigned long __copy_user(void __
3772 static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
3774 - if (n && __access_ok((unsigned long) to, n))
3778 + if (n && __access_ok((unsigned long) to, n)) {
3779 + if (!__builtin_constant_p(n))
3780 + check_object_size(from, n, true);
3781 return __copy_user(to, (__force void __user *) from, n);
3787 static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n)
3792 + if (!__builtin_constant_p(n))
3793 + check_object_size(from, n, true);
3795 return __copy_user(to, (__force void __user *) from, n);
3798 static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
3800 - if (n && __access_ok((unsigned long) from, n))
3804 + if (n && __access_ok((unsigned long) from, n)) {
3805 + if (!__builtin_constant_p(n))
3806 + check_object_size(to, n, false);
3807 return __copy_user((__force void __user *) to, from, n);
3813 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
3818 return __copy_user((__force void __user *) to, from, n);
3821 diff -urNp linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h
3822 --- linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h 2009-12-02 22:51:21.000000000 -0500
3823 +++ linux-2.6.32.1/arch/sparc/include/asm/uaccess_64.h 2009-12-14 18:33:51.551190193 -0500
3824 @@ -212,8 +212,15 @@ extern unsigned long copy_from_user_fixu
3825 static inline unsigned long __must_check
3826 copy_from_user(void *to, const void __user *from, unsigned long size)
3828 - unsigned long ret = ___copy_from_user(to, from, size);
3829 + unsigned long ret;
3831 + if ((long)size < 0 || size > INT_MAX)
3834 + if (!__builtin_constant_p(size))
3835 + check_object_size(to, size, false);
3837 + ret = ___copy_from_user(to, from, size);
3839 ret = copy_from_user_fixup(to, from, size);
3841 @@ -228,8 +235,15 @@ extern unsigned long copy_to_user_fixup(
3842 static inline unsigned long __must_check
3843 copy_to_user(void __user *to, const void *from, unsigned long size)
3845 - unsigned long ret = ___copy_to_user(to, from, size);
3846 + unsigned long ret;
3848 + if ((long)size < 0 || size > INT_MAX)
3851 + if (!__builtin_constant_p(size))
3852 + check_object_size(from, size, true);
3854 + ret = ___copy_to_user(to, from, size);
3856 ret = copy_to_user_fixup(to, from, size);
3858 diff -urNp linux-2.6.32.1/arch/sparc/kernel/iommu.c linux-2.6.32.1/arch/sparc/kernel/iommu.c
3859 --- linux-2.6.32.1/arch/sparc/kernel/iommu.c 2009-12-02 22:51:21.000000000 -0500
3860 +++ linux-2.6.32.1/arch/sparc/kernel/iommu.c 2009-12-14 18:33:51.555212162 -0500
3861 @@ -826,7 +826,7 @@ static void dma_4u_sync_sg_for_cpu(struc
3862 spin_unlock_irqrestore(&iommu->lock, flags);
3865 -static struct dma_map_ops sun4u_dma_ops = {
3866 +static const struct dma_map_ops sun4u_dma_ops = {
3867 .alloc_coherent = dma_4u_alloc_coherent,
3868 .free_coherent = dma_4u_free_coherent,
3869 .map_page = dma_4u_map_page,
3870 @@ -837,7 +837,7 @@ static struct dma_map_ops sun4u_dma_ops
3871 .sync_sg_for_cpu = dma_4u_sync_sg_for_cpu,
3874 -struct dma_map_ops *dma_ops = &sun4u_dma_ops;
3875 +const struct dma_map_ops *dma_ops = &sun4u_dma_ops;
3876 EXPORT_SYMBOL(dma_ops);
3878 extern int pci64_dma_supported(struct pci_dev *pdev, u64 device_mask);
3879 diff -urNp linux-2.6.32.1/arch/sparc/kernel/ioport.c linux-2.6.32.1/arch/sparc/kernel/ioport.c
3880 --- linux-2.6.32.1/arch/sparc/kernel/ioport.c 2009-12-02 22:51:21.000000000 -0500
3881 +++ linux-2.6.32.1/arch/sparc/kernel/ioport.c 2009-12-14 18:33:51.555212162 -0500
3882 @@ -392,7 +392,7 @@ static void sbus_sync_sg_for_device(stru
3886 -struct dma_map_ops sbus_dma_ops = {
3887 +const struct dma_map_ops sbus_dma_ops = {
3888 .alloc_coherent = sbus_alloc_coherent,
3889 .free_coherent = sbus_free_coherent,
3890 .map_page = sbus_map_page,
3891 @@ -403,7 +403,7 @@ struct dma_map_ops sbus_dma_ops = {
3892 .sync_sg_for_device = sbus_sync_sg_for_device,
3895 -struct dma_map_ops *dma_ops = &sbus_dma_ops;
3896 +const struct dma_map_ops *dma_ops = &sbus_dma_ops;
3897 EXPORT_SYMBOL(dma_ops);
3899 static int __init sparc_register_ioport(void)
3900 @@ -640,7 +640,7 @@ static void pci32_sync_sg_for_device(str
3904 -struct dma_map_ops pci32_dma_ops = {
3905 +const struct dma_map_ops pci32_dma_ops = {
3906 .alloc_coherent = pci32_alloc_coherent,
3907 .free_coherent = pci32_free_coherent,
3908 .map_page = pci32_map_page,
3909 diff -urNp linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c
3910 --- linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c 2009-12-02 22:51:21.000000000 -0500
3911 +++ linux-2.6.32.1/arch/sparc/kernel/kgdb_32.c 2009-12-14 18:33:51.556186027 -0500
3912 @@ -158,7 +158,7 @@ void kgdb_arch_exit(void)
3916 -struct kgdb_arch arch_kgdb_ops = {
3917 +const struct kgdb_arch arch_kgdb_ops = {
3918 /* Breakpoint instruction: ta 0x7d */
3919 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x7d },
3921 diff -urNp linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c
3922 --- linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c 2009-12-02 22:51:21.000000000 -0500
3923 +++ linux-2.6.32.1/arch/sparc/kernel/kgdb_64.c 2009-12-14 18:33:51.556186027 -0500
3924 @@ -180,7 +180,7 @@ void kgdb_arch_exit(void)
3928 -struct kgdb_arch arch_kgdb_ops = {
3929 +const struct kgdb_arch arch_kgdb_ops = {
3930 /* Breakpoint instruction: ta 0x72 */
3931 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x72 },
3933 diff -urNp linux-2.6.32.1/arch/sparc/kernel/Makefile linux-2.6.32.1/arch/sparc/kernel/Makefile
3934 --- linux-2.6.32.1/arch/sparc/kernel/Makefile 2009-12-02 22:51:21.000000000 -0500
3935 +++ linux-2.6.32.1/arch/sparc/kernel/Makefile 2009-12-14 18:33:51.556186027 -0500
3940 -ccflags-y := -Werror
3941 +#ccflags-y := -Werror
3943 extra-y := head_$(BITS).o
3944 extra-y += init_task.o
3945 diff -urNp linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c
3946 --- linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c 2009-12-02 22:51:21.000000000 -0500
3947 +++ linux-2.6.32.1/arch/sparc/kernel/pci_sun4v.c 2009-12-14 18:33:51.556186027 -0500
3948 @@ -525,7 +525,7 @@ static void dma_4v_unmap_sg(struct devic
3949 spin_unlock_irqrestore(&iommu->lock, flags);
3952 -static struct dma_map_ops sun4v_dma_ops = {
3953 +static const struct dma_map_ops sun4v_dma_ops = {
3954 .alloc_coherent = dma_4v_alloc_coherent,
3955 .free_coherent = dma_4v_free_coherent,
3956 .map_page = dma_4v_map_page,
3957 diff -urNp linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c
3958 --- linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c 2009-12-02 22:51:21.000000000 -0500
3959 +++ linux-2.6.32.1/arch/sparc/kernel/sys_sparc_32.c 2009-12-14 18:33:51.556186027 -0500
3960 @@ -56,7 +56,7 @@ unsigned long arch_get_unmapped_area(str
3961 if (ARCH_SUN4C && len > 0x20000000)
3964 - addr = TASK_UNMAPPED_BASE;
3965 + addr = current->mm->mmap_base;
3967 if (flags & MAP_SHARED)
3968 addr = COLOUR_ALIGN(addr);
3969 diff -urNp linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c
3970 --- linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c 2009-12-02 22:51:21.000000000 -0500
3971 +++ linux-2.6.32.1/arch/sparc/kernel/sys_sparc_64.c 2009-12-14 18:33:51.557187999 -0500
3972 @@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str
3973 /* We do not accept a shared mapping if it would violate
3974 * cache aliasing constraints.
3976 - if ((flags & MAP_SHARED) &&
3977 + if ((filp || (flags & MAP_SHARED)) &&
3978 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
3981 @@ -140,6 +140,10 @@ unsigned long arch_get_unmapped_area(str
3982 if (filp || (flags & MAP_SHARED))
3985 +#ifdef CONFIG_PAX_RANDMMAP
3986 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
3991 addr = COLOUR_ALIGN(addr, pgoff);
3992 @@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str
3995 if (len > mm->cached_hole_size) {
3996 - start_addr = addr = mm->free_area_cache;
3997 + start_addr = addr = mm->free_area_cache;
3999 - start_addr = addr = TASK_UNMAPPED_BASE;
4000 + start_addr = addr = mm->mmap_base;
4001 mm->cached_hole_size = 0;
4004 @@ -175,8 +179,8 @@ full_search:
4005 vma = find_vma(mm, VA_EXCLUDE_END);
4007 if (unlikely(task_size < addr)) {
4008 - if (start_addr != TASK_UNMAPPED_BASE) {
4009 - start_addr = addr = TASK_UNMAPPED_BASE;
4010 + if (start_addr != mm->mmap_base) {
4011 + start_addr = addr = mm->mmap_base;
4012 mm->cached_hole_size = 0;
4015 @@ -216,7 +220,7 @@ arch_get_unmapped_area_topdown(struct fi
4016 /* We do not accept a shared mapping if it would violate
4017 * cache aliasing constraints.
4019 - if ((flags & MAP_SHARED) &&
4020 + if ((filp || (flags & MAP_SHARED)) &&
4021 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
4024 @@ -380,6 +384,12 @@ void arch_pick_mmap_layout(struct mm_str
4025 current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY ||
4026 sysctl_legacy_va_layout) {
4027 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
4029 +#ifdef CONFIG_PAX_RANDMMAP
4030 + if (mm->pax_flags & MF_PAX_RANDMMAP)
4031 + mm->mmap_base += mm->delta_mmap;
4034 mm->get_unmapped_area = arch_get_unmapped_area;
4035 mm->unmap_area = arch_unmap_area;
4037 @@ -394,6 +404,12 @@ void arch_pick_mmap_layout(struct mm_str
4038 gap = (task_size / 6 * 5);
4040 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
4042 +#ifdef CONFIG_PAX_RANDMMAP
4043 + if (mm->pax_flags & MF_PAX_RANDMMAP)
4044 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
4047 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
4048 mm->unmap_area = arch_unmap_area_topdown;
4050 diff -urNp linux-2.6.32.1/arch/sparc/kernel/traps_64.c linux-2.6.32.1/arch/sparc/kernel/traps_64.c
4051 --- linux-2.6.32.1/arch/sparc/kernel/traps_64.c 2009-12-02 22:51:21.000000000 -0500
4052 +++ linux-2.6.32.1/arch/sparc/kernel/traps_64.c 2009-12-14 18:33:51.562806947 -0500
4053 @@ -93,6 +93,12 @@ void bad_trap(struct pt_regs *regs, long
4056 if (regs->tstate & TSTATE_PRIV) {
4058 +#ifdef CONFIG_PAX_REFCOUNT
4060 + pax_report_refcount_overflow(regs);
4063 sprintf(buffer, "Kernel bad sw trap %lx", lvl);
4064 die_if_kernel(buffer, regs);
4066 @@ -111,11 +117,16 @@ void bad_trap(struct pt_regs *regs, long
4067 void bad_trap_tl1(struct pt_regs *regs, long lvl)
4072 if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs,
4073 0, lvl, SIGTRAP) == NOTIFY_STOP)
4076 +#ifdef CONFIG_PAX_REFCOUNT
4078 + pax_report_refcount_overflow(regs);
4081 dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
4083 sprintf (buffer, "Bad trap %lx at tl>0", lvl);
4084 diff -urNp linux-2.6.32.1/arch/sparc/lib/atomic32.c linux-2.6.32.1/arch/sparc/lib/atomic32.c
4085 --- linux-2.6.32.1/arch/sparc/lib/atomic32.c 2009-12-02 22:51:21.000000000 -0500
4086 +++ linux-2.6.32.1/arch/sparc/lib/atomic32.c 2009-12-14 18:33:51.562806947 -0500
4087 @@ -80,6 +80,12 @@ void atomic_set(atomic_t *v, int i)
4089 EXPORT_SYMBOL(atomic_set);
4091 +void atomic_set_unchecked(atomic_unchecked_t *v, int i)
4093 + atomic_set((atomic_t *)v, i);
4095 +EXPORT_SYMBOL(atomic_set_unchecked);
4097 unsigned long ___set_bit(unsigned long *addr, unsigned long mask)
4099 unsigned long old, flags;
4100 diff -urNp linux-2.6.32.1/arch/sparc/lib/atomic_64.S linux-2.6.32.1/arch/sparc/lib/atomic_64.S
4101 --- linux-2.6.32.1/arch/sparc/lib/atomic_64.S 2009-12-02 22:51:21.000000000 -0500
4102 +++ linux-2.6.32.1/arch/sparc/lib/atomic_64.S 2009-12-14 18:33:51.562806947 -0500
4104 atomic_add: /* %o0 = increment, %o1 = atomic_ptr */
4108 + addcc %g1, %o0, %g7
4110 +#ifdef CONFIG_PAX_REFCOUNT
4117 @@ -28,12 +33,32 @@ atomic_add: /* %o0 = increment, %o1 = at
4118 2: BACKOFF_SPIN(%o2, %o3, 1b)
4119 .size atomic_add, .-atomic_add
4121 + .globl atomic_add_unchecked
4122 + .type atomic_add_unchecked,#function
4123 +atomic_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
4124 + BACKOFF_SETUP(%o2)
4127 + cas [%o1], %g1, %g7
4133 +2: BACKOFF_SPIN(%o2, %o3, 1b)
4134 + .size atomic_add_unchecked, .-atomic_add_unchecked
4137 .type atomic_sub,#function
4138 atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */
4142 + subcc %g1, %o0, %g7
4144 +#ifdef CONFIG_PAX_REFCOUNT
4151 @@ -43,12 +68,32 @@ atomic_sub: /* %o0 = decrement, %o1 = at
4152 2: BACKOFF_SPIN(%o2, %o3, 1b)
4153 .size atomic_sub, .-atomic_sub
4155 + .globl atomic_sub_unchecked
4156 + .type atomic_sub_unchecked,#function
4157 +atomic_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */
4158 + BACKOFF_SETUP(%o2)
4161 + cas [%o1], %g1, %g7
4167 +2: BACKOFF_SPIN(%o2, %o3, 1b)
4168 + .size atomic_sub_unchecked, .-atomic_sub_unchecked
4170 .globl atomic_add_ret
4171 .type atomic_add_ret,#function
4172 atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
4176 + addcc %g1, %o0, %g7
4178 +#ifdef CONFIG_PAX_REFCOUNT
4185 @@ -64,7 +109,12 @@ atomic_add_ret: /* %o0 = increment, %o1
4186 atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
4190 + subcc %g1, %o0, %g7
4192 +#ifdef CONFIG_PAX_REFCOUNT
4199 @@ -80,7 +130,12 @@ atomic_sub_ret: /* %o0 = decrement, %o1
4200 atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */
4204 + addcc %g1, %o0, %g7
4206 +#ifdef CONFIG_PAX_REFCOUNT
4210 casx [%o1], %g1, %g7
4213 @@ -95,7 +150,12 @@ atomic64_add: /* %o0 = increment, %o1 =
4214 atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */
4218 + subcc %g1, %o0, %g7
4220 +#ifdef CONFIG_PAX_REFCOUNT
4224 casx [%o1], %g1, %g7
4227 @@ -110,7 +170,12 @@ atomic64_sub: /* %o0 = decrement, %o1 =
4228 atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
4232 + addcc %g1, %o0, %g7
4234 +#ifdef CONFIG_PAX_REFCOUNT
4238 casx [%o1], %g1, %g7
4241 @@ -126,7 +191,12 @@ atomic64_add_ret: /* %o0 = increment, %o
4242 atomic64_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
4246 + subcc %g1, %o0, %g7
4248 +#ifdef CONFIG_PAX_REFCOUNT
4252 casx [%o1], %g1, %g7
4255 diff -urNp linux-2.6.32.1/arch/sparc/lib/ksyms.c linux-2.6.32.1/arch/sparc/lib/ksyms.c
4256 --- linux-2.6.32.1/arch/sparc/lib/ksyms.c 2009-12-02 22:51:21.000000000 -0500
4257 +++ linux-2.6.32.1/arch/sparc/lib/ksyms.c 2009-12-14 18:33:51.564188549 -0500
4258 @@ -144,8 +144,10 @@ EXPORT_SYMBOL(__downgrade_write);
4260 /* Atomic counter implementation. */
4261 EXPORT_SYMBOL(atomic_add);
4262 +EXPORT_SYMBOL(atomic_add_unchecked);
4263 EXPORT_SYMBOL(atomic_add_ret);
4264 EXPORT_SYMBOL(atomic_sub);
4265 +EXPORT_SYMBOL(atomic_sub_unchecked);
4266 EXPORT_SYMBOL(atomic_sub_ret);
4267 EXPORT_SYMBOL(atomic64_add);
4268 EXPORT_SYMBOL(atomic64_add_ret);
4269 diff -urNp linux-2.6.32.1/arch/sparc/lib/rwsem_64.S linux-2.6.32.1/arch/sparc/lib/rwsem_64.S
4270 --- linux-2.6.32.1/arch/sparc/lib/rwsem_64.S 2009-12-02 22:51:21.000000000 -0500
4271 +++ linux-2.6.32.1/arch/sparc/lib/rwsem_64.S 2009-12-14 18:33:51.564188549 -0500
4279 +#ifdef CONFIG_PAX_REFCOUNT
4286 @@ -33,7 +38,12 @@ __down_read:
4287 .globl __down_read_trylock
4288 __down_read_trylock:
4293 +#ifdef CONFIG_PAX_REFCOUNT
4300 @@ -51,7 +61,12 @@ __down_write:
4301 or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1
4305 + addcc %g3, %g1, %g7
4307 +#ifdef CONFIG_PAX_REFCOUNT
4314 @@ -77,7 +92,12 @@ __down_write_trylock:
4319 + addcc %g3, %g1, %g7
4321 +#ifdef CONFIG_PAX_REFCOUNT
4328 @@ -90,7 +110,12 @@ __down_write_trylock:
4335 +#ifdef CONFIG_PAX_REFCOUNT
4342 @@ -118,7 +143,12 @@ __up_write:
4343 or %g1, %lo(RWSEM_ACTIVE_WRITE_BIAS), %g1
4347 + subcc %g3, %g1, %g7
4349 +#ifdef CONFIG_PAX_REFCOUNT
4356 @@ -143,7 +173,12 @@ __downgrade_write:
4357 or %g1, %lo(RWSEM_WAITING_BIAS), %g1
4361 + subcc %g3, %g1, %g7
4363 +#ifdef CONFIG_PAX_REFCOUNT
4370 diff -urNp linux-2.6.32.1/arch/sparc/Makefile linux-2.6.32.1/arch/sparc/Makefile
4371 --- linux-2.6.32.1/arch/sparc/Makefile 2009-12-02 22:51:21.000000000 -0500
4372 +++ linux-2.6.32.1/arch/sparc/Makefile 2009-12-14 18:33:51.564188549 -0500
4373 @@ -73,7 +73,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
4374 # Export what is needed by arch/sparc/boot/Makefile
4375 export VMLINUX_INIT VMLINUX_MAIN
4376 VMLINUX_INIT := $(head-y) $(init-y)
4377 -VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
4378 +VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
4379 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
4380 VMLINUX_MAIN += $(drivers-y) $(net-y)
4382 diff -urNp linux-2.6.32.1/arch/sparc/mm/fault_32.c linux-2.6.32.1/arch/sparc/mm/fault_32.c
4383 --- linux-2.6.32.1/arch/sparc/mm/fault_32.c 2009-12-02 22:51:21.000000000 -0500
4384 +++ linux-2.6.32.1/arch/sparc/mm/fault_32.c 2009-12-14 18:33:51.565074152 -0500
4386 #include <linux/interrupt.h>
4387 #include <linux/module.h>
4388 #include <linux/kdebug.h>
4389 +#include <linux/slab.h>
4390 +#include <linux/pagemap.h>
4391 +#include <linux/compiler.h>
4393 #include <asm/system.h>
4394 #include <asm/page.h>
4395 @@ -167,6 +170,267 @@ static unsigned long compute_si_addr(str
4396 return safe_compute_effective_address(regs, insn);
4399 +#ifdef CONFIG_PAX_PAGEEXEC
4400 +#ifdef CONFIG_PAX_DLRESOLVE
4401 +static void pax_emuplt_close(struct vm_area_struct *vma)
4403 + vma->vm_mm->call_dl_resolve = 0UL;
4406 +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
4408 + unsigned int *kaddr;
4410 + vmf->page = alloc_page(GFP_HIGHUSER);
4412 + return VM_FAULT_OOM;
4414 + kaddr = kmap(vmf->page);
4415 + memset(kaddr, 0, PAGE_SIZE);
4416 + kaddr[0] = 0x9DE3BFA8U; /* save */
4417 + flush_dcache_page(vmf->page);
4418 + kunmap(vmf->page);
4419 + return VM_FAULT_MAJOR;
4422 +static const struct vm_operations_struct pax_vm_ops = {
4423 + .close = pax_emuplt_close,
4424 + .fault = pax_emuplt_fault
4427 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
4431 + vma->vm_mm = current->mm;
4432 + vma->vm_start = addr;
4433 + vma->vm_end = addr + PAGE_SIZE;
4434 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
4435 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
4436 + vma->vm_ops = &pax_vm_ops;
4438 + ret = insert_vm_struct(current->mm, vma);
4442 + ++current->mm->total_vm;
4448 + * PaX: decide what to do with offenders (regs->pc = fault address)
4450 + * returns 1 when task should be killed
4451 + * 2 when patched PLT trampoline was detected
4452 + * 3 when unpatched PLT trampoline was detected
4454 +static int pax_handle_fetch_fault(struct pt_regs *regs)
4457 +#ifdef CONFIG_PAX_EMUPLT
4460 + do { /* PaX: patched PLT emulation #1 */
4461 + unsigned int sethi1, sethi2, jmpl;
4463 + err = get_user(sethi1, (unsigned int *)regs->pc);
4464 + err |= get_user(sethi2, (unsigned int *)(regs->pc+4));
4465 + err |= get_user(jmpl, (unsigned int *)(regs->pc+8));
4470 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4471 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
4472 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
4474 + unsigned int addr;
4476 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
4477 + addr = regs->u_regs[UREG_G1];
4478 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4480 + regs->npc = addr+4;
4485 + { /* PaX: patched PLT emulation #2 */
4488 + err = get_user(ba, (unsigned int *)regs->pc);
4490 + if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
4491 + unsigned int addr;
4493 + addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
4495 + regs->npc = addr+4;
4500 + do { /* PaX: patched PLT emulation #3 */
4501 + unsigned int sethi, jmpl, nop;
4503 + err = get_user(sethi, (unsigned int *)regs->pc);
4504 + err |= get_user(jmpl, (unsigned int *)(regs->pc+4));
4505 + err |= get_user(nop, (unsigned int *)(regs->pc+8));
4510 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4511 + (jmpl & 0xFFFFE000U) == 0x81C06000U &&
4512 + nop == 0x01000000U)
4514 + unsigned int addr;
4516 + addr = (sethi & 0x003FFFFFU) << 10;
4517 + regs->u_regs[UREG_G1] = addr;
4518 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4520 + regs->npc = addr+4;
4525 + do { /* PaX: unpatched PLT emulation step 1 */
4526 + unsigned int sethi, ba, nop;
4528 + err = get_user(sethi, (unsigned int *)regs->pc);
4529 + err |= get_user(ba, (unsigned int *)(regs->pc+4));
4530 + err |= get_user(nop, (unsigned int *)(regs->pc+8));
4535 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4536 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
4537 + nop == 0x01000000U)
4539 + unsigned int addr, save, call;
4541 + if ((ba & 0xFFC00000U) == 0x30800000U)
4542 + addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
4544 + addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
4546 + err = get_user(save, (unsigned int *)addr);
4547 + err |= get_user(call, (unsigned int *)(addr+4));
4548 + err |= get_user(nop, (unsigned int *)(addr+8));
4552 +#ifdef CONFIG_PAX_DLRESOLVE
4553 + if (save == 0x9DE3BFA8U &&
4554 + (call & 0xC0000000U) == 0x40000000U &&
4555 + nop == 0x01000000U)
4557 + struct vm_area_struct *vma;
4558 + unsigned long call_dl_resolve;
4560 + down_read(¤t->mm->mmap_sem);
4561 + call_dl_resolve = current->mm->call_dl_resolve;
4562 + up_read(¤t->mm->mmap_sem);
4563 + if (likely(call_dl_resolve))
4566 + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4568 + down_write(¤t->mm->mmap_sem);
4569 + if (current->mm->call_dl_resolve) {
4570 + call_dl_resolve = current->mm->call_dl_resolve;
4571 + up_write(¤t->mm->mmap_sem);
4573 + kmem_cache_free(vm_area_cachep, vma);
4577 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
4578 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
4579 + up_write(¤t->mm->mmap_sem);
4581 + kmem_cache_free(vm_area_cachep, vma);
4585 + if (pax_insert_vma(vma, call_dl_resolve)) {
4586 + up_write(¤t->mm->mmap_sem);
4587 + kmem_cache_free(vm_area_cachep, vma);
4591 + current->mm->call_dl_resolve = call_dl_resolve;
4592 + up_write(¤t->mm->mmap_sem);
4595 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
4596 + regs->pc = call_dl_resolve;
4597 + regs->npc = addr+4;
4602 + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
4603 + if ((save & 0xFFC00000U) == 0x05000000U &&
4604 + (call & 0xFFFFE000U) == 0x85C0A000U &&
4605 + nop == 0x01000000U)
4607 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
4608 + regs->u_regs[UREG_G2] = addr + 4;
4609 + addr = (save & 0x003FFFFFU) << 10;
4610 + addr += (((call | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4612 + regs->npc = addr+4;
4618 + do { /* PaX: unpatched PLT emulation step 2 */
4619 + unsigned int save, call, nop;
4621 + err = get_user(save, (unsigned int *)(regs->pc-4));
4622 + err |= get_user(call, (unsigned int *)regs->pc);
4623 + err |= get_user(nop, (unsigned int *)(regs->pc+4));
4627 + if (save == 0x9DE3BFA8U &&
4628 + (call & 0xC0000000U) == 0x40000000U &&
4629 + nop == 0x01000000U)
4631 + unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
4633 + regs->u_regs[UREG_RETPC] = regs->pc;
4634 + regs->pc = dl_resolve;
4635 + regs->npc = dl_resolve+4;
4644 +void pax_report_insns(void *pc, void *sp)
4648 + printk(KERN_ERR "PAX: bytes at PC: ");
4649 + for (i = 0; i < 5; i++) {
4651 + if (get_user(c, (unsigned int *)pc+i))
4652 + printk(KERN_CONT "???????? ");
4654 + printk(KERN_CONT "%08x ", c);
4660 asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
4661 unsigned long address)
4663 @@ -231,6 +495,24 @@ good_area:
4664 if(!(vma->vm_flags & VM_WRITE))
4668 +#ifdef CONFIG_PAX_PAGEEXEC
4669 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
4670 + up_read(&mm->mmap_sem);
4671 + switch (pax_handle_fetch_fault(regs)) {
4673 +#ifdef CONFIG_PAX_EMUPLT
4680 + pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]);
4681 + do_group_exit(SIGKILL);
4685 /* Allow reads even for write-only mappings */
4686 if(!(vma->vm_flags & (VM_READ | VM_EXEC)))
4688 diff -urNp linux-2.6.32.1/arch/sparc/mm/fault_64.c linux-2.6.32.1/arch/sparc/mm/fault_64.c
4689 --- linux-2.6.32.1/arch/sparc/mm/fault_64.c 2009-12-02 22:51:21.000000000 -0500
4690 +++ linux-2.6.32.1/arch/sparc/mm/fault_64.c 2009-12-14 18:33:51.565074152 -0500
4692 #include <linux/kprobes.h>
4693 #include <linux/kdebug.h>
4694 #include <linux/percpu.h>
4695 +#include <linux/slab.h>
4696 +#include <linux/pagemap.h>
4697 +#include <linux/compiler.h>
4699 #include <asm/page.h>
4700 #include <asm/pgtable.h>
4701 @@ -249,6 +252,416 @@ static void noinline bogus_32bit_fault_a
4705 +#ifdef CONFIG_PAX_PAGEEXEC
4706 +#ifdef CONFIG_PAX_DLRESOLVE
4707 +static void pax_emuplt_close(struct vm_area_struct *vma)
4709 + vma->vm_mm->call_dl_resolve = 0UL;
4712 +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
4714 + unsigned int *kaddr;
4716 + vmf->page = alloc_page(GFP_HIGHUSER);
4718 + return VM_FAULT_OOM;
4720 + kaddr = kmap(vmf->page);
4721 + memset(kaddr, 0, PAGE_SIZE);
4722 + kaddr[0] = 0x9DE3BFA8U; /* save */
4723 + flush_dcache_page(vmf->page);
4724 + kunmap(vmf->page);
4725 + return VM_FAULT_MAJOR;
4728 +static const struct vm_operations_struct pax_vm_ops = {
4729 + .close = pax_emuplt_close,
4730 + .fault = pax_emuplt_fault
4733 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
4737 + vma->vm_mm = current->mm;
4738 + vma->vm_start = addr;
4739 + vma->vm_end = addr + PAGE_SIZE;
4740 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
4741 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
4742 + vma->vm_ops = &pax_vm_ops;
4744 + ret = insert_vm_struct(current->mm, vma);
4748 + ++current->mm->total_vm;
4754 + * PaX: decide what to do with offenders (regs->tpc = fault address)
4756 + * returns 1 when task should be killed
4757 + * 2 when patched PLT trampoline was detected
4758 + * 3 when unpatched PLT trampoline was detected
4760 +static int pax_handle_fetch_fault(struct pt_regs *regs)
4763 +#ifdef CONFIG_PAX_EMUPLT
4766 + do { /* PaX: patched PLT emulation #1 */
4767 + unsigned int sethi1, sethi2, jmpl;
4769 + err = get_user(sethi1, (unsigned int *)regs->tpc);
4770 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4771 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+8));
4776 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4777 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
4778 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
4780 + unsigned long addr;
4782 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
4783 + addr = regs->u_regs[UREG_G1];
4784 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4786 + if (test_thread_flag(TIF_32BIT))
4787 + addr &= 0xFFFFFFFFUL;
4790 + regs->tnpc = addr+4;
4795 + { /* PaX: patched PLT emulation #2 */
4798 + err = get_user(ba, (unsigned int *)regs->tpc);
4800 + if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
4801 + unsigned long addr;
4803 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
4805 + if (test_thread_flag(TIF_32BIT))
4806 + addr &= 0xFFFFFFFFUL;
4809 + regs->tnpc = addr+4;
4814 + do { /* PaX: patched PLT emulation #3 */
4815 + unsigned int sethi, jmpl, nop;
4817 + err = get_user(sethi, (unsigned int *)regs->tpc);
4818 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+4));
4819 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4824 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4825 + (jmpl & 0xFFFFE000U) == 0x81C06000U &&
4826 + nop == 0x01000000U)
4828 + unsigned long addr;
4830 + addr = (sethi & 0x003FFFFFU) << 10;
4831 + regs->u_regs[UREG_G1] = addr;
4832 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
4834 + if (test_thread_flag(TIF_32BIT))
4835 + addr &= 0xFFFFFFFFUL;
4838 + regs->tnpc = addr+4;
4843 + do { /* PaX: patched PLT emulation #4 */
4844 + unsigned int mov1, call, mov2;
4846 + err = get_user(mov1, (unsigned int *)regs->tpc);
4847 + err |= get_user(call, (unsigned int *)(regs->tpc+4));
4848 + err |= get_user(mov2, (unsigned int *)(regs->tpc+8));
4853 + if (mov1 == 0x8210000FU &&
4854 + (call & 0xC0000000U) == 0x40000000U &&
4855 + mov2 == 0x9E100001U)
4857 + unsigned long addr;
4859 + regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
4860 + addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
4862 + if (test_thread_flag(TIF_32BIT))
4863 + addr &= 0xFFFFFFFFUL;
4866 + regs->tnpc = addr+4;
4871 + do { /* PaX: patched PLT emulation #5 */
4872 + unsigned int sethi1, sethi2, or1, or2, sllx, jmpl, nop;
4874 + err = get_user(sethi1, (unsigned int *)regs->tpc);
4875 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4876 + err |= get_user(or1, (unsigned int *)(regs->tpc+8));
4877 + err |= get_user(or2, (unsigned int *)(regs->tpc+12));
4878 + err |= get_user(sllx, (unsigned int *)(regs->tpc+16));
4879 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+20));
4880 + err |= get_user(nop, (unsigned int *)(regs->tpc+24));
4885 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4886 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
4887 + (or1 & 0xFFFFE000U) == 0x82106000U &&
4888 + (or2 & 0xFFFFE000U) == 0x8A116000U &&
4889 + sllx == 0x83287020 &&
4890 + jmpl == 0x81C04005U &&
4891 + nop == 0x01000000U)
4893 + unsigned long addr;
4895 + regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
4896 + regs->u_regs[UREG_G1] <<= 32;
4897 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
4898 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
4900 + regs->tnpc = addr+4;
4905 + do { /* PaX: patched PLT emulation #6 */
4906 + unsigned int sethi1, sethi2, sllx, or, jmpl, nop;
4908 + err = get_user(sethi1, (unsigned int *)regs->tpc);
4909 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
4910 + err |= get_user(sllx, (unsigned int *)(regs->tpc+8));
4911 + err |= get_user(or, (unsigned int *)(regs->tpc+12));
4912 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+16));
4913 + err |= get_user(nop, (unsigned int *)(regs->tpc+20));
4918 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4919 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
4920 + sllx == 0x83287020 &&
4921 + (or & 0xFFFFE000U) == 0x8A116000U &&
4922 + jmpl == 0x81C04005U &&
4923 + nop == 0x01000000U)
4925 + unsigned long addr;
4927 + regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
4928 + regs->u_regs[UREG_G1] <<= 32;
4929 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
4930 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
4932 + regs->tnpc = addr+4;
4937 + do { /* PaX: unpatched PLT emulation step 1 */
4938 + unsigned int sethi, ba, nop;
4940 + err = get_user(sethi, (unsigned int *)regs->tpc);
4941 + err |= get_user(ba, (unsigned int *)(regs->tpc+4));
4942 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
4947 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
4948 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
4949 + nop == 0x01000000U)
4951 + unsigned long addr;
4952 + unsigned int save, call;
4954 + if ((ba & 0xFFC00000U) == 0x30800000U)
4955 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
4957 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
4959 + if (test_thread_flag(TIF_32BIT))
4960 + addr &= 0xFFFFFFFFUL;
4962 + err = get_user(save, (unsigned int *)addr);
4963 + err |= get_user(call, (unsigned int *)(addr+4));
4964 + err |= get_user(nop, (unsigned int *)(addr+8));
4968 +#ifdef CONFIG_PAX_DLRESOLVE
4969 + if (save == 0x9DE3BFA8U &&
4970 + (call & 0xC0000000U) == 0x40000000U &&
4971 + nop == 0x01000000U)
4973 + struct vm_area_struct *vma;
4974 + unsigned long call_dl_resolve;
4976 + down_read(¤t->mm->mmap_sem);
4977 + call_dl_resolve = current->mm->call_dl_resolve;
4978 + up_read(¤t->mm->mmap_sem);
4979 + if (likely(call_dl_resolve))
4982 + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4984 + down_write(¤t->mm->mmap_sem);
4985 + if (current->mm->call_dl_resolve) {
4986 + call_dl_resolve = current->mm->call_dl_resolve;
4987 + up_write(¤t->mm->mmap_sem);
4989 + kmem_cache_free(vm_area_cachep, vma);
4993 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
4994 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
4995 + up_write(¤t->mm->mmap_sem);
4997 + kmem_cache_free(vm_area_cachep, vma);
5001 + if (pax_insert_vma(vma, call_dl_resolve)) {
5002 + up_write(¤t->mm->mmap_sem);
5003 + kmem_cache_free(vm_area_cachep, vma);
5007 + current->mm->call_dl_resolve = call_dl_resolve;
5008 + up_write(¤t->mm->mmap_sem);
5011 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5012 + regs->tpc = call_dl_resolve;
5013 + regs->tnpc = addr+4;
5018 + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
5019 + if ((save & 0xFFC00000U) == 0x05000000U &&
5020 + (call & 0xFFFFE000U) == 0x85C0A000U &&
5021 + nop == 0x01000000U)
5023 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5024 + regs->u_regs[UREG_G2] = addr + 4;
5025 + addr = (save & 0x003FFFFFU) << 10;
5026 + addr += (((call | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
5028 + if (test_thread_flag(TIF_32BIT))
5029 + addr &= 0xFFFFFFFFUL;
5032 + regs->tnpc = addr+4;
5038 +#ifdef CONFIG_PAX_DLRESOLVE
5039 + do { /* PaX: unpatched PLT emulation step 2 */
5040 + unsigned int save, call, nop;
5042 + err = get_user(save, (unsigned int *)(regs->tpc-4));
5043 + err |= get_user(call, (unsigned int *)regs->tpc);
5044 + err |= get_user(nop, (unsigned int *)(regs->tpc+4));
5048 + if (save == 0x9DE3BFA8U &&
5049 + (call & 0xC0000000U) == 0x40000000U &&
5050 + nop == 0x01000000U)
5052 + unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
5054 + if (test_thread_flag(TIF_32BIT))
5055 + dl_resolve &= 0xFFFFFFFFUL;
5057 + regs->u_regs[UREG_RETPC] = regs->tpc;
5058 + regs->tpc = dl_resolve;
5059 + regs->tnpc = dl_resolve+4;
5065 + do { /* PaX: patched PLT emulation #7, must be AFTER the unpatched PLT emulation */
5066 + unsigned int sethi, ba, nop;
5068 + err = get_user(sethi, (unsigned int *)regs->tpc);
5069 + err |= get_user(ba, (unsigned int *)(regs->tpc+4));
5070 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
5075 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
5076 + (ba & 0xFFF00000U) == 0x30600000U &&
5077 + nop == 0x01000000U)
5079 + unsigned long addr;
5081 + addr = (sethi & 0x003FFFFFU) << 10;
5082 + regs->u_regs[UREG_G1] = addr;
5083 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
5085 + if (test_thread_flag(TIF_32BIT))
5086 + addr &= 0xFFFFFFFFUL;
5089 + regs->tnpc = addr+4;
5099 +void pax_report_insns(void *pc, void *sp)
5103 + printk(KERN_ERR "PAX: bytes at PC: ");
5104 + for (i = 0; i < 5; i++) {
5106 + if (get_user(c, (unsigned int *)pc+i))
5107 + printk(KERN_CONT "???????? ");
5109 + printk(KERN_CONT "%08x ", c);
5115 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
5117 struct mm_struct *mm = current->mm;
5118 @@ -315,6 +728,29 @@ asmlinkage void __kprobes do_sparc64_fau
5122 +#ifdef CONFIG_PAX_PAGEEXEC
5123 + /* PaX: detect ITLB misses on non-exec pages */
5124 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
5125 + !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
5127 + if (address != regs->tpc)
5130 + up_read(&mm->mmap_sem);
5131 + switch (pax_handle_fetch_fault(regs)) {
5133 +#ifdef CONFIG_PAX_EMUPLT
5140 + pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS));
5141 + do_group_exit(SIGKILL);
5145 /* Pure DTLB misses do not tell us whether the fault causing
5146 * load/store/atomic was a write or not, it only says that there
5147 * was no match. So in such a case we (carefully) read the
5148 diff -urNp linux-2.6.32.1/arch/sparc/mm/init_32.c linux-2.6.32.1/arch/sparc/mm/init_32.c
5149 --- linux-2.6.32.1/arch/sparc/mm/init_32.c 2009-12-02 22:51:21.000000000 -0500
5150 +++ linux-2.6.32.1/arch/sparc/mm/init_32.c 2009-12-14 18:33:51.565074152 -0500
5151 @@ -317,6 +317,9 @@ extern void device_scan(void);
5152 pgprot_t PAGE_SHARED __read_mostly;
5153 EXPORT_SYMBOL(PAGE_SHARED);
5155 +pgprot_t PAGE_SHARED_NOEXEC __read_mostly;
5156 +EXPORT_SYMBOL(PAGE_SHARED_NOEXEC);
5158 void __init paging_init(void)
5160 switch(sparc_cpu_model) {
5161 @@ -345,17 +348,17 @@ void __init paging_init(void)
5163 /* Initialize the protection map with non-constant, MMU dependent values. */
5164 protection_map[0] = PAGE_NONE;
5165 - protection_map[1] = PAGE_READONLY;
5166 - protection_map[2] = PAGE_COPY;
5167 - protection_map[3] = PAGE_COPY;
5168 + protection_map[1] = PAGE_READONLY_NOEXEC;
5169 + protection_map[2] = PAGE_COPY_NOEXEC;
5170 + protection_map[3] = PAGE_COPY_NOEXEC;
5171 protection_map[4] = PAGE_READONLY;
5172 protection_map[5] = PAGE_READONLY;
5173 protection_map[6] = PAGE_COPY;
5174 protection_map[7] = PAGE_COPY;
5175 protection_map[8] = PAGE_NONE;
5176 - protection_map[9] = PAGE_READONLY;
5177 - protection_map[10] = PAGE_SHARED;
5178 - protection_map[11] = PAGE_SHARED;
5179 + protection_map[9] = PAGE_READONLY_NOEXEC;
5180 + protection_map[10] = PAGE_SHARED_NOEXEC;
5181 + protection_map[11] = PAGE_SHARED_NOEXEC;
5182 protection_map[12] = PAGE_READONLY;
5183 protection_map[13] = PAGE_READONLY;
5184 protection_map[14] = PAGE_SHARED;
5185 diff -urNp linux-2.6.32.1/arch/sparc/mm/Makefile linux-2.6.32.1/arch/sparc/mm/Makefile
5186 --- linux-2.6.32.1/arch/sparc/mm/Makefile 2009-12-02 22:51:21.000000000 -0500
5187 +++ linux-2.6.32.1/arch/sparc/mm/Makefile 2009-12-14 18:33:51.565975886 -0500
5192 -ccflags-y := -Werror
5193 +#ccflags-y := -Werror
5195 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o
5196 obj-y += fault_$(BITS).o
5197 diff -urNp linux-2.6.32.1/arch/sparc/mm/srmmu.c linux-2.6.32.1/arch/sparc/mm/srmmu.c
5198 --- linux-2.6.32.1/arch/sparc/mm/srmmu.c 2009-12-02 22:51:21.000000000 -0500
5199 +++ linux-2.6.32.1/arch/sparc/mm/srmmu.c 2009-12-14 18:33:51.565975886 -0500
5200 @@ -2200,6 +2200,13 @@ void __init ld_mmu_srmmu(void)
5201 PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED);
5202 BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY));
5203 BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY));
5205 +#ifdef CONFIG_PAX_PAGEEXEC
5206 + PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC);
5207 + BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC));
5208 + BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC));
5211 BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL));
5212 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL);
5214 diff -urNp linux-2.6.32.1/arch/um/include/asm/kmap_types.h linux-2.6.32.1/arch/um/include/asm/kmap_types.h
5215 --- linux-2.6.32.1/arch/um/include/asm/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
5216 +++ linux-2.6.32.1/arch/um/include/asm/kmap_types.h 2009-12-14 18:33:51.566841693 -0500
5217 @@ -23,6 +23,7 @@ enum km_type {
5225 diff -urNp linux-2.6.32.1/arch/um/include/asm/page.h linux-2.6.32.1/arch/um/include/asm/page.h
5226 --- linux-2.6.32.1/arch/um/include/asm/page.h 2009-12-02 22:51:21.000000000 -0500
5227 +++ linux-2.6.32.1/arch/um/include/asm/page.h 2009-12-14 18:33:51.566841693 -0500
5229 #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT)
5230 #define PAGE_MASK (~(PAGE_SIZE-1))
5232 +#define ktla_ktva(addr) (addr)
5233 +#define ktva_ktla(addr) (addr)
5235 #ifndef __ASSEMBLY__
5238 diff -urNp linux-2.6.32.1/arch/um/sys-i386/syscalls.c linux-2.6.32.1/arch/um/sys-i386/syscalls.c
5239 --- linux-2.6.32.1/arch/um/sys-i386/syscalls.c 2009-12-02 22:51:21.000000000 -0500
5240 +++ linux-2.6.32.1/arch/um/sys-i386/syscalls.c 2009-12-14 18:33:51.577203984 -0500
5242 #include "asm/uaccess.h"
5243 #include "asm/unistd.h"
5245 +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
5247 + unsigned long pax_task_size = TASK_SIZE;
5249 +#ifdef CONFIG_PAX_SEGMEXEC
5250 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
5251 + pax_task_size = SEGMEXEC_TASK_SIZE;
5254 + if (len > pax_task_size || addr > pax_task_size - len)
5261 * Perform the select(nd, in, out, ex, tv) and mmap() system
5262 * calls. Linux/i386 didn't use to be able to handle more than
5263 diff -urNp linux-2.6.32.1/arch/x86/boot/bitops.h linux-2.6.32.1/arch/x86/boot/bitops.h
5264 --- linux-2.6.32.1/arch/x86/boot/bitops.h 2009-12-02 22:51:21.000000000 -0500
5265 +++ linux-2.6.32.1/arch/x86/boot/bitops.h 2009-12-14 18:33:51.581189750 -0500
5266 @@ -26,7 +26,7 @@ static inline int variable_test_bit(int
5268 const u32 *p = (const u32 *)addr;
5270 - asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
5271 + asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
5275 @@ -37,7 +37,7 @@ static inline int variable_test_bit(int
5277 static inline void set_bit(int nr, void *addr)
5279 - asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
5280 + asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
5283 #endif /* BOOT_BITOPS_H */
5284 diff -urNp linux-2.6.32.1/arch/x86/boot/boot.h linux-2.6.32.1/arch/x86/boot/boot.h
5285 --- linux-2.6.32.1/arch/x86/boot/boot.h 2009-12-02 22:51:21.000000000 -0500
5286 +++ linux-2.6.32.1/arch/x86/boot/boot.h 2009-12-14 18:33:51.595738615 -0500
5287 @@ -82,7 +82,7 @@ static inline void io_delay(void)
5288 static inline u16 ds(void)
5291 - asm("movw %%ds,%0" : "=rm" (seg));
5292 + asm volatile("movw %%ds,%0" : "=rm" (seg));
5296 @@ -178,7 +178,7 @@ static inline void wrgs32(u32 v, addr_t
5297 static inline int memcmp(const void *s1, const void *s2, size_t len)
5300 - asm("repe; cmpsb; setnz %0"
5301 + asm volatile("repe; cmpsb; setnz %0"
5302 : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
5305 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/head_32.S linux-2.6.32.1/arch/x86/boot/compressed/head_32.S
5306 --- linux-2.6.32.1/arch/x86/boot/compressed/head_32.S 2009-12-02 22:51:21.000000000 -0500
5307 +++ linux-2.6.32.1/arch/x86/boot/compressed/head_32.S 2009-12-14 18:33:51.595738615 -0500
5308 @@ -76,7 +76,7 @@ ENTRY(startup_32)
5312 - movl $LOAD_PHYSICAL_ADDR, %ebx
5313 + movl $____LOAD_PHYSICAL_ADDR, %ebx
5316 /* Target address to relocate to for decompression */
5317 @@ -149,7 +149,7 @@ relocated:
5318 * and where it was actually loaded.
5321 - subl $LOAD_PHYSICAL_ADDR, %ebx
5322 + subl $____LOAD_PHYSICAL_ADDR, %ebx
5323 jz 2f /* Nothing to be done if loaded at compiled addr. */
5325 * Process relocations.
5326 @@ -157,8 +157,7 @@ relocated:
5333 addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
5336 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/head_64.S linux-2.6.32.1/arch/x86/boot/compressed/head_64.S
5337 --- linux-2.6.32.1/arch/x86/boot/compressed/head_64.S 2009-12-02 22:51:21.000000000 -0500
5338 +++ linux-2.6.32.1/arch/x86/boot/compressed/head_64.S 2009-12-14 18:33:51.595738615 -0500
5339 @@ -91,7 +91,7 @@ ENTRY(startup_32)
5343 - movl $LOAD_PHYSICAL_ADDR, %ebx
5344 + movl $____LOAD_PHYSICAL_ADDR, %ebx
5347 /* Target address to relocate to for decompression */
5348 @@ -234,7 +234,7 @@ ENTRY(startup_64)
5352 - movq $LOAD_PHYSICAL_ADDR, %rbp
5353 + movq $____LOAD_PHYSICAL_ADDR, %rbp
5356 /* Target address to relocate to for decompression */
5357 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/misc.c linux-2.6.32.1/arch/x86/boot/compressed/misc.c
5358 --- linux-2.6.32.1/arch/x86/boot/compressed/misc.c 2009-12-02 22:51:21.000000000 -0500
5359 +++ linux-2.6.32.1/arch/x86/boot/compressed/misc.c 2009-12-14 18:33:51.595738615 -0500
5360 @@ -288,7 +288,7 @@ static void parse_elf(void *output)
5362 #ifdef CONFIG_RELOCATABLE
5364 - dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR);
5365 + dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR);
5367 dest = (void *)(phdr->p_paddr);
5369 @@ -335,7 +335,7 @@ asmlinkage void decompress_kernel(void *
5370 error("Destination address too large");
5372 #ifndef CONFIG_RELOCATABLE
5373 - if ((unsigned long)output != LOAD_PHYSICAL_ADDR)
5374 + if ((unsigned long)output != ____LOAD_PHYSICAL_ADDR)
5375 error("Wrong destination address");
5378 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c
5379 --- linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c 2009-12-02 22:51:21.000000000 -0500
5380 +++ linux-2.6.32.1/arch/x86/boot/compressed/mkpiggy.c 2009-12-14 18:33:51.596762216 -0500
5381 @@ -74,7 +74,7 @@ int main(int argc, char *argv[])
5383 offs = (olen > ilen) ? olen - ilen : 0;
5384 offs += olen >> 12; /* Add 8 bytes for each 32K block */
5385 - offs += 32*1024 + 18; /* Add 32K + 18 bytes slack */
5386 + offs += 64*1024; /* Add 64K bytes slack */
5387 offs = (offs+4095) & ~4095; /* Round to a 4K boundary */
5389 printf(".section \".rodata.compressed\",\"a\",@progbits\n");
5390 diff -urNp linux-2.6.32.1/arch/x86/boot/compressed/relocs.c linux-2.6.32.1/arch/x86/boot/compressed/relocs.c
5391 --- linux-2.6.32.1/arch/x86/boot/compressed/relocs.c 2009-12-02 22:51:21.000000000 -0500
5392 +++ linux-2.6.32.1/arch/x86/boot/compressed/relocs.c 2009-12-14 18:33:51.596762216 -0500
5397 +#include "../../../../include/linux/autoconf.h"
5399 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
5400 static Elf32_Ehdr ehdr;
5401 +static Elf32_Phdr *phdr;
5402 static unsigned long reloc_count, reloc_idx;
5403 static unsigned long *relocs;
5405 @@ -37,7 +40,7 @@ static const char* safe_abs_relocs[] = {
5407 static int is_safe_abs_reloc(const char* sym_name)
5412 for (i = 0; i < ARRAY_SIZE(safe_abs_relocs); i++) {
5413 if (!strcmp(sym_name, safe_abs_relocs[i]))
5414 @@ -245,9 +248,39 @@ static void read_ehdr(FILE *fp)
5418 +static void read_phdrs(FILE *fp)
5422 + phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr));
5424 + die("Unable to allocate %d program headers\n",
5427 + if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
5428 + die("Seek to %d failed: %s\n",
5429 + ehdr.e_phoff, strerror(errno));
5431 + if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) {
5432 + die("Cannot read ELF program headers: %s\n",
5435 + for(i = 0; i < ehdr.e_phnum; i++) {
5436 + phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
5437 + phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
5438 + phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
5439 + phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
5440 + phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
5441 + phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
5442 + phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
5443 + phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
5448 static void read_shdrs(FILE *fp)
5454 secs = calloc(ehdr.e_shnum, sizeof(struct section));
5455 @@ -282,7 +315,7 @@ static void read_shdrs(FILE *fp)
5457 static void read_strtabs(FILE *fp)
5461 for (i = 0; i < ehdr.e_shnum; i++) {
5462 struct section *sec = &secs[i];
5463 if (sec->shdr.sh_type != SHT_STRTAB) {
5464 @@ -307,7 +340,7 @@ static void read_strtabs(FILE *fp)
5466 static void read_symtabs(FILE *fp)
5470 for (i = 0; i < ehdr.e_shnum; i++) {
5471 struct section *sec = &secs[i];
5472 if (sec->shdr.sh_type != SHT_SYMTAB) {
5473 @@ -340,7 +373,9 @@ static void read_symtabs(FILE *fp)
5475 static void read_relocs(FILE *fp)
5481 for (i = 0; i < ehdr.e_shnum; i++) {
5482 struct section *sec = &secs[i];
5483 if (sec->shdr.sh_type != SHT_REL) {
5484 @@ -360,9 +395,18 @@ static void read_relocs(FILE *fp)
5485 die("Cannot read symbol table: %s\n",
5489 + for (j = 0; j < ehdr.e_phnum; j++) {
5490 + if (phdr[j].p_type != PT_LOAD )
5492 + if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz)
5494 + base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
5497 for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
5498 Elf32_Rel *rel = &sec->reltab[j];
5499 - rel->r_offset = elf32_to_cpu(rel->r_offset);
5500 + rel->r_offset = elf32_to_cpu(rel->r_offset) + base;
5501 rel->r_info = elf32_to_cpu(rel->r_info);
5504 @@ -371,14 +415,14 @@ static void read_relocs(FILE *fp)
5506 static void print_absolute_symbols(void)
5510 printf("Absolute symbols\n");
5511 printf(" Num: Value Size Type Bind Visibility Name\n");
5512 for (i = 0; i < ehdr.e_shnum; i++) {
5513 struct section *sec = &secs[i];
5515 Elf32_Sym *sh_symtab;
5519 if (sec->shdr.sh_type != SHT_SYMTAB) {
5521 @@ -406,14 +450,14 @@ static void print_absolute_symbols(void)
5523 static void print_absolute_relocs(void)
5525 - int i, printed = 0;
5526 + unsigned int i, printed = 0;
5528 for (i = 0; i < ehdr.e_shnum; i++) {
5529 struct section *sec = &secs[i];
5530 struct section *sec_applies, *sec_symtab;
5532 Elf32_Sym *sh_symtab;
5535 if (sec->shdr.sh_type != SHT_REL) {
5538 @@ -474,13 +518,13 @@ static void print_absolute_relocs(void)
5540 static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
5544 /* Walk through the relocations */
5545 for (i = 0; i < ehdr.e_shnum; i++) {
5547 Elf32_Sym *sh_symtab;
5548 struct section *sec_applies, *sec_symtab;
5551 struct section *sec = &secs[i];
5553 if (sec->shdr.sh_type != SHT_REL) {
5554 @@ -504,6 +548,21 @@ static void walk_relocs(void (*visit)(El
5555 if (sym->st_shndx == SHN_ABS) {
5558 + /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
5559 + if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
5562 +#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
5563 + /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
5564 + if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
5566 + if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
5568 + if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
5570 + if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
5573 if (r_type == R_386_NONE || r_type == R_386_PC32) {
5575 * NONE can be ignored and and PC relative
5576 @@ -541,7 +600,7 @@ static int cmp_relocs(const void *va, co
5578 static void emit_relocs(int as_text)
5582 /* Count how many relocations I have and allocate space for them. */
5584 walk_relocs(count_reloc);
5585 @@ -634,6 +693,7 @@ int main(int argc, char **argv)
5586 fname, strerror(errno));
5593 diff -urNp linux-2.6.32.1/arch/x86/boot/cpucheck.c linux-2.6.32.1/arch/x86/boot/cpucheck.c
5594 --- linux-2.6.32.1/arch/x86/boot/cpucheck.c 2009-12-02 22:51:21.000000000 -0500
5595 +++ linux-2.6.32.1/arch/x86/boot/cpucheck.c 2009-12-14 18:33:51.596762216 -0500
5596 @@ -74,7 +74,7 @@ static int has_fpu(void)
5597 u16 fcw = -1, fsw = -1;
5600 - asm("movl %%cr0,%0" : "=r" (cr0));
5601 + asm volatile("movl %%cr0,%0" : "=r" (cr0));
5602 if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
5603 cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
5604 asm volatile("movl %0,%%cr0" : : "r" (cr0));
5605 @@ -90,7 +90,7 @@ static int has_eflag(u32 mask)
5610 + asm volatile("pushfl ; "
5614 @@ -115,7 +115,7 @@ static void get_flags(void)
5615 set_bit(X86_FEATURE_FPU, cpu.flags);
5617 if (has_eflag(X86_EFLAGS_ID)) {
5619 + asm volatile("cpuid"
5620 : "=a" (max_intel_level),
5621 "=b" (cpu_vendor[0]),
5622 "=d" (cpu_vendor[1]),
5623 @@ -124,7 +124,7 @@ static void get_flags(void)
5625 if (max_intel_level >= 0x00000001 &&
5626 max_intel_level <= 0x0000ffff) {
5628 + asm volatile("cpuid"
5630 "=c" (cpu.flags[4]),
5632 @@ -136,7 +136,7 @@ static void get_flags(void)
5633 cpu.model += ((tfms >> 16) & 0xf) << 4;
5637 + asm volatile("cpuid"
5638 : "=a" (max_amd_level)
5640 : "ebx", "ecx", "edx");
5641 @@ -144,7 +144,7 @@ static void get_flags(void)
5642 if (max_amd_level >= 0x80000001 &&
5643 max_amd_level <= 0x8000ffff) {
5644 u32 eax = 0x80000001;
5646 + asm volatile("cpuid"
5648 "=c" (cpu.flags[6]),
5650 @@ -203,9 +203,9 @@ int check_cpu(int *cpu_level_ptr, int *r
5651 u32 ecx = MSR_K7_HWCR;
5654 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5655 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5657 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5658 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5660 get_flags(); /* Make sure it really did something */
5661 err = check_flags();
5662 @@ -218,9 +218,9 @@ int check_cpu(int *cpu_level_ptr, int *r
5663 u32 ecx = MSR_VIA_FCR;
5666 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5667 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5668 eax |= (1<<1)|(1<<7);
5669 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5670 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5672 set_bit(X86_FEATURE_CX8, cpu.flags);
5673 err = check_flags();
5674 @@ -231,12 +231,12 @@ int check_cpu(int *cpu_level_ptr, int *r
5678 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5679 - asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
5681 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
5682 + asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
5683 + asm volatile("cpuid"
5684 : "+a" (level), "=d" (cpu.flags[0])
5686 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5687 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
5689 err = check_flags();
5691 diff -urNp linux-2.6.32.1/arch/x86/boot/header.S linux-2.6.32.1/arch/x86/boot/header.S
5692 --- linux-2.6.32.1/arch/x86/boot/header.S 2009-12-02 22:51:21.000000000 -0500
5693 +++ linux-2.6.32.1/arch/x86/boot/header.S 2009-12-14 18:33:51.597950814 -0500
5694 @@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical
5695 # single linked list of
5698 -pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
5699 +pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr
5701 #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
5702 #define VO_INIT_SIZE (VO__end - VO__text)
5703 diff -urNp linux-2.6.32.1/arch/x86/boot/video-vesa.c linux-2.6.32.1/arch/x86/boot/video-vesa.c
5704 --- linux-2.6.32.1/arch/x86/boot/video-vesa.c 2009-12-02 22:51:21.000000000 -0500
5705 +++ linux-2.6.32.1/arch/x86/boot/video-vesa.c 2009-12-14 18:33:51.598742911 -0500
5706 @@ -200,6 +200,7 @@ static void vesa_store_pm_info(void)
5708 boot_params.screen_info.vesapm_seg = oreg.es;
5709 boot_params.screen_info.vesapm_off = oreg.di;
5710 + boot_params.screen_info.vesapm_size = oreg.cx;
5714 diff -urNp linux-2.6.32.1/arch/x86/ia32/ia32_signal.c linux-2.6.32.1/arch/x86/ia32/ia32_signal.c
5715 --- linux-2.6.32.1/arch/x86/ia32/ia32_signal.c 2009-12-02 22:51:21.000000000 -0500
5716 +++ linux-2.6.32.1/arch/x86/ia32/ia32_signal.c 2009-12-14 18:33:51.598742911 -0500
5717 @@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
5719 /* Align the stack pointer according to the i386 ABI,
5720 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
5721 - sp = ((sp + 4) & -16ul) - 4;
5722 + sp = ((sp - 12) & -16ul) - 4;
5723 return (void __user *) sp;
5726 @@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct
5728 __NR_ia32_rt_sigreturn,
5734 frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
5735 diff -urNp linux-2.6.32.1/arch/x86/include/asm/alternative.h linux-2.6.32.1/arch/x86/include/asm/alternative.h
5736 --- linux-2.6.32.1/arch/x86/include/asm/alternative.h 2009-12-02 22:51:21.000000000 -0500
5737 +++ linux-2.6.32.1/arch/x86/include/asm/alternative.h 2009-12-14 18:33:51.598742911 -0500
5738 @@ -85,7 +85,7 @@ static inline void alternatives_smp_swit
5739 " .byte 662b-661b\n" /* sourcelen */ \
5740 " .byte 664f-663f\n" /* replacementlen */ \
5742 - ".section .altinstr_replacement, \"ax\"\n" \
5743 + ".section .altinstr_replacement, \"a\"\n" \
5744 "663:\n\t" newinstr "\n664:\n" /* replacement */ \
5747 diff -urNp linux-2.6.32.1/arch/x86/include/asm/apm.h linux-2.6.32.1/arch/x86/include/asm/apm.h
5748 --- linux-2.6.32.1/arch/x86/include/asm/apm.h 2009-12-02 22:51:21.000000000 -0500
5749 +++ linux-2.6.32.1/arch/x86/include/asm/apm.h 2009-12-14 18:33:51.599707107 -0500
5750 @@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32
5751 __asm__ __volatile__(APM_DO_ZERO_SEGS
5754 - "lcall *%%cs:apm_bios_entry\n\t"
5755 + "lcall *%%ss:apm_bios_entry\n\t"
5759 @@ -58,7 +58,7 @@ static inline u8 apm_bios_call_simple_as
5760 __asm__ __volatile__(APM_DO_ZERO_SEGS
5763 - "lcall *%%cs:apm_bios_entry\n\t"
5764 + "lcall *%%ss:apm_bios_entry\n\t"
5768 diff -urNp linux-2.6.32.1/arch/x86/include/asm/atomic_32.h linux-2.6.32.1/arch/x86/include/asm/atomic_32.h
5769 --- linux-2.6.32.1/arch/x86/include/asm/atomic_32.h 2009-12-02 22:51:21.000000000 -0500
5770 +++ linux-2.6.32.1/arch/x86/include/asm/atomic_32.h 2009-12-14 18:33:51.599707107 -0500
5771 @@ -25,6 +25,17 @@ static inline int atomic_read(const atom
5775 + * atomic_read_unchecked - read atomic variable
5776 + * @v: pointer of type atomic_unchecked_t
5778 + * Atomically reads the value of @v.
5780 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
5782 + return v->counter;
5786 * atomic_set - set atomic variable
5787 * @v: pointer of type atomic_t
5788 * @i: required value
5789 @@ -37,6 +48,18 @@ static inline void atomic_set(atomic_t *
5793 + * atomic_set_unchecked - set atomic variable
5794 + * @v: pointer of type atomic_unchecked_t
5795 + * @i: required value
5797 + * Atomically sets the value of @v to @i.
5799 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
5805 * atomic_add - add integer to atomic variable
5806 * @i: integer value to add
5807 * @v: pointer of type atomic_t
5808 @@ -45,7 +68,29 @@ static inline void atomic_set(atomic_t *
5810 static inline void atomic_add(int i, atomic_t *v)
5812 - asm volatile(LOCK_PREFIX "addl %1,%0"
5813 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
5815 +#ifdef CONFIG_PAX_REFCOUNT
5817 + LOCK_PREFIX "subl %1,%0\n"
5819 + _ASM_EXTABLE(0b, 0b)
5822 + : "+m" (v->counter)
5827 + * atomic_add_unchecked - add integer to atomic variable
5828 + * @i: integer value to add
5829 + * @v: pointer of type atomic_unchecked_t
5831 + * Atomically adds @i to @v.
5833 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
5835 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
5839 @@ -59,7 +104,29 @@ static inline void atomic_add(int i, ato
5841 static inline void atomic_sub(int i, atomic_t *v)
5843 - asm volatile(LOCK_PREFIX "subl %1,%0"
5844 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
5846 +#ifdef CONFIG_PAX_REFCOUNT
5848 + LOCK_PREFIX "addl %1,%0\n"
5850 + _ASM_EXTABLE(0b, 0b)
5853 + : "+m" (v->counter)
5858 + * atomic_sub_unchecked - subtract integer from atomic variable
5859 + * @i: integer value to subtract
5860 + * @v: pointer of type atomic_t
5862 + * Atomically subtracts @i from @v.
5864 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
5866 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
5870 @@ -77,7 +144,16 @@ static inline int atomic_sub_and_test(in
5874 - asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
5875 + asm volatile(LOCK_PREFIX "subl %2,%0\n"
5877 +#ifdef CONFIG_PAX_REFCOUNT
5879 + LOCK_PREFIX "addl %2,%0\n"
5881 + _ASM_EXTABLE(0b, 0b)
5885 : "+m" (v->counter), "=qm" (c)
5886 : "ir" (i) : "memory");
5888 @@ -91,7 +167,30 @@ static inline int atomic_sub_and_test(in
5890 static inline void atomic_inc(atomic_t *v)
5892 - asm volatile(LOCK_PREFIX "incl %0"
5893 + asm volatile(LOCK_PREFIX "incl %0\n"
5895 +#ifdef CONFIG_PAX_REFCOUNT
5897 + ".pushsection .fixup,\"ax\"\n"
5899 + LOCK_PREFIX "decl %0\n"
5902 + _ASM_EXTABLE(0b, 1b)
5905 + : "+m" (v->counter));
5909 + * atomic_inc_unchecked - increment atomic variable
5910 + * @v: pointer of type atomic_unchecked_t
5912 + * Atomically increments @v by 1.
5914 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
5916 + asm volatile(LOCK_PREFIX "incl %0\n"
5917 : "+m" (v->counter));
5920 @@ -103,7 +202,18 @@ static inline void atomic_inc(atomic_t *
5922 static inline void atomic_dec(atomic_t *v)
5924 - asm volatile(LOCK_PREFIX "decl %0"
5925 + asm volatile(LOCK_PREFIX "decl %0\n"
5927 +#ifdef CONFIG_PAX_REFCOUNT
5929 + ".pushsection .fixup,\"ax\"\n"
5931 + LOCK_PREFIX "incl %0\n"
5934 + _ASM_EXTABLE(0b, 1b)
5937 : "+m" (v->counter));
5940 @@ -119,7 +229,19 @@ static inline int atomic_dec_and_test(at
5944 - asm volatile(LOCK_PREFIX "decl %0; sete %1"
5945 + asm volatile(LOCK_PREFIX "decl %0\n"
5947 +#ifdef CONFIG_PAX_REFCOUNT
5949 + ".pushsection .fixup,\"ax\"\n"
5951 + LOCK_PREFIX "incl %0\n"
5954 + _ASM_EXTABLE(0b, 1b)
5958 : "+m" (v->counter), "=qm" (c)
5961 @@ -137,7 +259,19 @@ static inline int atomic_inc_and_test(at
5965 - asm volatile(LOCK_PREFIX "incl %0; sete %1"
5966 + asm volatile(LOCK_PREFIX "incl %0\n"
5968 +#ifdef CONFIG_PAX_REFCOUNT
5970 + ".pushsection .fixup,\"ax\"\n"
5972 + LOCK_PREFIX "decl %0\n"
5975 + _ASM_EXTABLE(0b, 1b)
5979 : "+m" (v->counter), "=qm" (c)
5982 @@ -156,7 +290,16 @@ static inline int atomic_add_negative(in
5986 - asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
5987 + asm volatile(LOCK_PREFIX "addl %2,%0\n"
5989 +#ifdef CONFIG_PAX_REFCOUNT
5991 + LOCK_PREFIX "subl %2,%0\n"
5993 + _ASM_EXTABLE(0b, 0b)
5997 : "+m" (v->counter), "=qm" (c)
5998 : "ir" (i) : "memory");
6000 @@ -179,7 +322,15 @@ static inline int atomic_add_return(int
6002 /* Modern 486+ processor */
6004 - asm volatile(LOCK_PREFIX "xaddl %0, %1"
6005 + asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
6007 +#ifdef CONFIG_PAX_REFCOUNT
6011 + _ASM_EXTABLE(0b, 0b)
6014 : "+r" (i), "+m" (v->counter)
6017 @@ -227,17 +378,28 @@ static inline int atomic_xchg(atomic_t *
6019 static inline int atomic_add_unless(atomic_t *v, int a, int u)
6025 - if (unlikely(c == (u)))
6026 + if (unlikely(c == u))
6028 - old = atomic_cmpxchg((v), c, c + (a));
6030 + asm volatile("addl %2,%0\n"
6032 +#ifdef CONFIG_PAX_REFCOUNT
6034 + _ASM_EXTABLE(0b, 0b)
6038 + : "0" (c), "ir" (a));
6040 + old = atomic_cmpxchg(v, c, new);
6041 if (likely(old == c))
6049 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
6050 diff -urNp linux-2.6.32.1/arch/x86/include/asm/atomic_64.h linux-2.6.32.1/arch/x86/include/asm/atomic_64.h
6051 --- linux-2.6.32.1/arch/x86/include/asm/atomic_64.h 2009-12-02 22:51:21.000000000 -0500
6052 +++ linux-2.6.32.1/arch/x86/include/asm/atomic_64.h 2009-12-14 18:33:51.599707107 -0500
6053 @@ -24,6 +24,17 @@ static inline int atomic_read(const atom
6057 + * atomic_read_unchecked - read atomic variable
6058 + * @v: pointer of type atomic_unchecked_t
6060 + * Atomically reads the value of @v.
6062 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
6064 + return v->counter;
6068 * atomic_set - set atomic variable
6069 * @v: pointer of type atomic_t
6070 * @i: required value
6071 @@ -36,6 +47,18 @@ static inline void atomic_set(atomic_t *
6075 + * atomic_set_unchecked - set atomic variable
6076 + * @v: pointer of type atomic_unchecked_t
6077 + * @i: required value
6079 + * Atomically sets the value of @v to @i.
6081 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
6087 * atomic_add - add integer to atomic variable
6088 * @i: integer value to add
6089 * @v: pointer of type atomic_t
6090 @@ -44,7 +67,29 @@ static inline void atomic_set(atomic_t *
6092 static inline void atomic_add(int i, atomic_t *v)
6094 - asm volatile(LOCK_PREFIX "addl %1,%0"
6095 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
6097 +#ifdef CONFIG_PAX_REFCOUNT
6099 + LOCK_PREFIX "subl %1,%0\n"
6101 + _ASM_EXTABLE(0b, 0b)
6104 + : "=m" (v->counter)
6105 + : "ir" (i), "m" (v->counter));
6109 + * atomic_add_unchecked - add integer to atomic variable
6110 + * @i: integer value to add
6111 + * @v: pointer of type atomic_unchecked_t
6113 + * Atomically adds @i to @v.
6115 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
6117 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
6119 : "ir" (i), "m" (v->counter));
6121 @@ -58,7 +103,29 @@ static inline void atomic_add(int i, ato
6123 static inline void atomic_sub(int i, atomic_t *v)
6125 - asm volatile(LOCK_PREFIX "subl %1,%0"
6126 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
6128 +#ifdef CONFIG_PAX_REFCOUNT
6130 + LOCK_PREFIX "addl %1,%0\n"
6132 + _ASM_EXTABLE(0b, 0b)
6135 + : "=m" (v->counter)
6136 + : "ir" (i), "m" (v->counter));
6140 + * atomic_sub_unchecked - subtract the atomic variable
6141 + * @i: integer value to subtract
6142 + * @v: pointer of type atomic_unchecked_t
6144 + * Atomically subtracts @i from @v.
6146 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
6148 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
6150 : "ir" (i), "m" (v->counter));
6152 @@ -76,7 +143,16 @@ static inline int atomic_sub_and_test(in
6156 - asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
6157 + asm volatile(LOCK_PREFIX "subl %2,%0\n"
6159 +#ifdef CONFIG_PAX_REFCOUNT
6161 + LOCK_PREFIX "addl %2,%0\n"
6163 + _ASM_EXTABLE(0b, 0b)
6167 : "=m" (v->counter), "=qm" (c)
6168 : "ir" (i), "m" (v->counter) : "memory");
6170 @@ -90,7 +166,32 @@ static inline int atomic_sub_and_test(in
6172 static inline void atomic_inc(atomic_t *v)
6174 - asm volatile(LOCK_PREFIX "incl %0"
6175 + asm volatile(LOCK_PREFIX "incl %0\n"
6177 +#ifdef CONFIG_PAX_REFCOUNT
6180 + ".pushsection .fixup,\"ax\"\n"
6182 + LOCK_PREFIX "decl %0\n"
6185 + _ASM_EXTABLE(0b, 1b)
6188 + : "=m" (v->counter)
6189 + : "m" (v->counter));
6193 + * atomic_inc_unchecked - increment atomic variable
6194 + * @v: pointer of type atomic_unchecked_t
6196 + * Atomically increments @v by 1.
6198 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
6200 + asm volatile(LOCK_PREFIX "incl %0\n"
6202 : "m" (v->counter));
6204 @@ -103,7 +204,19 @@ static inline void atomic_inc(atomic_t *
6206 static inline void atomic_dec(atomic_t *v)
6208 - asm volatile(LOCK_PREFIX "decl %0"
6209 + asm volatile(LOCK_PREFIX "decl %0\n"
6211 +#ifdef CONFIG_PAX_REFCOUNT
6214 + ".pushsection .fixup,\"ax\"\n"
6216 + LOCK_PREFIX "incl %0\n"
6219 + _ASM_EXTABLE(0b, 1b)
6223 : "m" (v->counter));
6225 @@ -120,7 +233,20 @@ static inline int atomic_dec_and_test(at
6229 - asm volatile(LOCK_PREFIX "decl %0; sete %1"
6230 + asm volatile(LOCK_PREFIX "decl %0\n"
6232 +#ifdef CONFIG_PAX_REFCOUNT
6235 + ".pushsection .fixup,\"ax\"\n"
6237 + LOCK_PREFIX "incl %0\n"
6240 + _ASM_EXTABLE(0b, 1b)
6244 : "=m" (v->counter), "=qm" (c)
6245 : "m" (v->counter) : "memory");
6247 @@ -138,7 +264,20 @@ static inline int atomic_inc_and_test(at
6251 - asm volatile(LOCK_PREFIX "incl %0; sete %1"
6252 + asm volatile(LOCK_PREFIX "incl %0\n"
6254 +#ifdef CONFIG_PAX_REFCOUNT
6257 + ".pushsection .fixup,\"ax\"\n"
6259 + LOCK_PREFIX "decl %0\n"
6262 + _ASM_EXTABLE(0b, 1b)
6266 : "=m" (v->counter), "=qm" (c)
6267 : "m" (v->counter) : "memory");
6269 @@ -157,7 +296,16 @@ static inline int atomic_add_negative(in
6273 - asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
6274 + asm volatile(LOCK_PREFIX "addl %2,%0\n"
6276 +#ifdef CONFIG_PAX_REFCOUNT
6278 + LOCK_PREFIX "subl %2,%0\n"
6280 + _ASM_EXTABLE(0b, 0b)
6284 : "=m" (v->counter), "=qm" (c)
6285 : "ir" (i), "m" (v->counter) : "memory");
6287 @@ -173,7 +321,15 @@ static inline int atomic_add_negative(in
6288 static inline int atomic_add_return(int i, atomic_t *v)
6291 - asm volatile(LOCK_PREFIX "xaddl %0, %1"
6292 + asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
6294 +#ifdef CONFIG_PAX_REFCOUNT
6298 + _ASM_EXTABLE(0b, 0b)
6301 : "+r" (i), "+m" (v->counter)
6304 @@ -224,7 +380,15 @@ static inline void atomic64_set(atomic64
6306 static inline void atomic64_add(long i, atomic64_t *v)
6308 - asm volatile(LOCK_PREFIX "addq %1,%0"
6309 + asm volatile(LOCK_PREFIX "addq %1,%0\n"
6311 +#ifdef CONFIG_PAX_REFCOUNT
6313 + LOCK_PREFIX "subq %1,%0\n"
6315 + _ASM_EXTABLE(0b, 0b)
6319 : "er" (i), "m" (v->counter));
6321 @@ -238,7 +402,15 @@ static inline void atomic64_add(long i,
6323 static inline void atomic64_sub(long i, atomic64_t *v)
6325 - asm volatile(LOCK_PREFIX "subq %1,%0"
6326 + asm volatile(LOCK_PREFIX "subq %1,%0\n"
6328 +#ifdef CONFIG_PAX_REFCOUNT
6330 + LOCK_PREFIX "addq %1,%0\n"
6332 + _ASM_EXTABLE(0b, 0b)
6336 : "er" (i), "m" (v->counter));
6338 @@ -256,7 +428,16 @@ static inline int atomic64_sub_and_test(
6342 - asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
6343 + asm volatile(LOCK_PREFIX "subq %2,%0\n"
6345 +#ifdef CONFIG_PAX_REFCOUNT
6347 + LOCK_PREFIX "addq %2,%0\n"
6349 + _ASM_EXTABLE(0b, 0b)
6353 : "=m" (v->counter), "=qm" (c)
6354 : "er" (i), "m" (v->counter) : "memory");
6356 @@ -270,7 +451,19 @@ static inline int atomic64_sub_and_test(
6358 static inline void atomic64_inc(atomic64_t *v)
6360 - asm volatile(LOCK_PREFIX "incq %0"
6361 + asm volatile(LOCK_PREFIX "incq %0\n"
6363 +#ifdef CONFIG_PAX_REFCOUNT
6366 + ".pushsection .fixup,\"ax\"\n"
6368 + LOCK_PREFIX "decq %0\n"
6371 + _ASM_EXTABLE(0b, 1b)
6375 : "m" (v->counter));
6377 @@ -283,7 +476,19 @@ static inline void atomic64_inc(atomic64
6379 static inline void atomic64_dec(atomic64_t *v)
6381 - asm volatile(LOCK_PREFIX "decq %0"
6382 + asm volatile(LOCK_PREFIX "decq %0\n"
6384 +#ifdef CONFIG_PAX_REFCOUNT
6387 + ".pushsection .fixup,\"ax\"\n"
6389 + LOCK_PREFIX "incq %0\n"
6392 + _ASM_EXTABLE(0b, 1b)
6396 : "m" (v->counter));
6398 @@ -300,7 +505,20 @@ static inline int atomic64_dec_and_test(
6402 - asm volatile(LOCK_PREFIX "decq %0; sete %1"
6403 + asm volatile(LOCK_PREFIX "decq %0\n"
6405 +#ifdef CONFIG_PAX_REFCOUNT
6408 + ".pushsection .fixup,\"ax\"\n"
6410 + LOCK_PREFIX "incq %0\n"
6413 + _ASM_EXTABLE(0b, 1b)
6417 : "=m" (v->counter), "=qm" (c)
6418 : "m" (v->counter) : "memory");
6420 @@ -318,7 +536,20 @@ static inline int atomic64_inc_and_test(
6424 - asm volatile(LOCK_PREFIX "incq %0; sete %1"
6425 + asm volatile(LOCK_PREFIX "incq %0\n"
6427 +#ifdef CONFIG_PAX_REFCOUNT
6430 + ".pushsection .fixup,\"ax\"\n"
6432 + LOCK_PREFIX "decq %0\n"
6435 + _ASM_EXTABLE(0b, 1b)
6439 : "=m" (v->counter), "=qm" (c)
6440 : "m" (v->counter) : "memory");
6442 @@ -337,7 +568,16 @@ static inline int atomic64_add_negative(
6446 - asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
6447 + asm volatile(LOCK_PREFIX "addq %2,%0\n"
6449 +#ifdef CONFIG_PAX_REFCOUNT
6451 + LOCK_PREFIX "subq %2,%0\n"
6453 + _ASM_EXTABLE(0b, 0b)
6457 : "=m" (v->counter), "=qm" (c)
6458 : "er" (i), "m" (v->counter) : "memory");
6460 @@ -353,7 +593,15 @@ static inline int atomic64_add_negative(
6461 static inline long atomic64_add_return(long i, atomic64_t *v)
6464 - asm volatile(LOCK_PREFIX "xaddq %0, %1;"
6465 + asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
6467 +#ifdef CONFIG_PAX_REFCOUNT
6471 + _ASM_EXTABLE(0b, 0b)
6474 : "+r" (i), "+m" (v->counter)
6477 @@ -398,17 +646,29 @@ static inline long atomic_xchg(atomic_t
6479 static inline int atomic_add_unless(atomic_t *v, int a, int u)
6485 - if (unlikely(c == (u)))
6486 + if (unlikely(c == u))
6488 - old = atomic_cmpxchg((v), c, c + (a));
6490 + asm volatile("addl %2,%0\n"
6492 +#ifdef CONFIG_PAX_REFCOUNT
6495 + _ASM_EXTABLE(0b, 0b)
6499 + : "0" (c), "ir" (a));
6501 + old = atomic_cmpxchg(v, c, new);
6502 if (likely(old == c))
6510 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
6511 @@ -424,17 +684,29 @@ static inline int atomic_add_unless(atom
6513 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
6517 c = atomic64_read(v);
6519 - if (unlikely(c == (u)))
6520 + if (unlikely(c == u))
6522 - old = atomic64_cmpxchg((v), c, c + (a));
6524 + asm volatile("addq %2,%0\n"
6526 +#ifdef CONFIG_PAX_REFCOUNT
6529 + _ASM_EXTABLE(0b, 0b)
6533 + : "0" (c), "er" (a));
6535 + old = atomic64_cmpxchg((v), c, new);
6536 if (likely(old == c))
6545 diff -urNp linux-2.6.32.1/arch/x86/include/asm/boot.h linux-2.6.32.1/arch/x86/include/asm/boot.h
6546 --- linux-2.6.32.1/arch/x86/include/asm/boot.h 2009-12-02 22:51:21.000000000 -0500
6547 +++ linux-2.6.32.1/arch/x86/include/asm/boot.h 2009-12-14 18:33:51.599707107 -0500
6549 #include <asm/pgtable_types.h>
6551 /* Physical address where kernel should be loaded. */
6552 -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
6553 +#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
6554 + (CONFIG_PHYSICAL_ALIGN - 1)) \
6555 & ~(CONFIG_PHYSICAL_ALIGN - 1))
6557 +#ifndef __ASSEMBLY__
6558 +extern unsigned char __LOAD_PHYSICAL_ADDR[];
6559 +#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
6562 /* Minimum kernel alignment, as a power of two */
6563 #ifdef CONFIG_X86_64
6564 #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT
6565 diff -urNp linux-2.6.32.1/arch/x86/include/asm/cacheflush.h linux-2.6.32.1/arch/x86/include/asm/cacheflush.h
6566 --- linux-2.6.32.1/arch/x86/include/asm/cacheflush.h 2009-12-02 22:51:21.000000000 -0500
6567 +++ linux-2.6.32.1/arch/x86/include/asm/cacheflush.h 2009-12-15 17:05:40.612643960 -0500
6568 @@ -179,8 +179,8 @@ extern const int rodata_test_data;
6569 void set_kernel_text_rw(void);
6570 void set_kernel_text_ro(void);
6572 -static inline void set_kernel_text_rw(void) { }
6573 -static inline void set_kernel_text_ro(void) { }
6574 +static inline void set_kernel_text_rw(void) { pax_open_kernel(); }
6575 +static inline void set_kernel_text_ro(void) { pax_close_kernel(); }
6578 #ifdef CONFIG_DEBUG_RODATA_TEST
6579 diff -urNp linux-2.6.32.1/arch/x86/include/asm/cache.h linux-2.6.32.1/arch/x86/include/asm/cache.h
6580 --- linux-2.6.32.1/arch/x86/include/asm/cache.h 2009-12-02 22:51:21.000000000 -0500
6581 +++ linux-2.6.32.1/arch/x86/include/asm/cache.h 2009-12-14 18:33:51.599707107 -0500
6583 #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
6585 #define __read_mostly __attribute__((__section__(".data.read_mostly")))
6586 +#define __read_only __attribute__((__section__(".data.read_only")))
6588 #ifdef CONFIG_X86_VSMP
6589 /* vSMP Internode cacheline shift */
6590 diff -urNp linux-2.6.32.1/arch/x86/include/asm/checksum_32.h linux-2.6.32.1/arch/x86/include/asm/checksum_32.h
6591 --- linux-2.6.32.1/arch/x86/include/asm/checksum_32.h 2009-12-02 22:51:21.000000000 -0500
6592 +++ linux-2.6.32.1/arch/x86/include/asm/checksum_32.h 2009-12-14 18:33:51.605206905 -0500
6593 @@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
6594 int len, __wsum sum,
6595 int *src_err_ptr, int *dst_err_ptr);
6597 +asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
6598 + int len, __wsum sum,
6599 + int *src_err_ptr, int *dst_err_ptr);
6601 +asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
6602 + int len, __wsum sum,
6603 + int *src_err_ptr, int *dst_err_ptr);
6606 * Note: when you get a NULL pointer exception here this means someone
6607 * passed in an incorrect kernel address to one of these functions.
6608 @@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
6612 - return csum_partial_copy_generic((__force void *)src, dst,
6613 + return csum_partial_copy_generic_from_user((__force void *)src, dst,
6614 len, sum, err_ptr, NULL);
6617 @@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us
6620 if (access_ok(VERIFY_WRITE, dst, len))
6621 - return csum_partial_copy_generic(src, (__force void *)dst,
6622 + return csum_partial_copy_generic_to_user(src, (__force void *)dst,
6623 len, sum, NULL, err_ptr);
6626 diff -urNp linux-2.6.32.1/arch/x86/include/asm/desc.h linux-2.6.32.1/arch/x86/include/asm/desc.h
6627 --- linux-2.6.32.1/arch/x86/include/asm/desc.h 2009-12-02 22:51:21.000000000 -0500
6628 +++ linux-2.6.32.1/arch/x86/include/asm/desc.h 2009-12-14 18:33:51.605802803 -0500
6630 #include <asm/desc_defs.h>
6631 #include <asm/ldt.h>
6632 #include <asm/mmu.h>
6633 +#include <asm/pgtable.h>
6634 #include <linux/smp.h>
6636 static inline void fill_ldt(struct desc_struct *desc,
6637 @@ -15,6 +16,7 @@ static inline void fill_ldt(struct desc_
6638 desc->base1 = (info->base_addr & 0x00ff0000) >> 16;
6639 desc->type = (info->read_exec_only ^ 1) << 1;
6640 desc->type |= info->contents << 2;
6641 + desc->type |= info->seg_not_present ^ 1;
6644 desc->p = info->seg_not_present ^ 1;
6645 @@ -31,16 +33,12 @@ static inline void fill_ldt(struct desc_
6648 extern struct desc_ptr idt_descr;
6649 -extern gate_desc idt_table[];
6652 - struct desc_struct gdt[GDT_ENTRIES];
6653 -} __attribute__((aligned(PAGE_SIZE)));
6654 -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
6655 +extern gate_desc idt_table[256];
6657 +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
6658 static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
6660 - return per_cpu(gdt_page, cpu).gdt;
6661 + return cpu_gdt_table[cpu];
6664 #ifdef CONFIG_X86_64
6665 @@ -115,19 +113,24 @@ static inline void paravirt_free_ldt(str
6666 static inline void native_write_idt_entry(gate_desc *idt, int entry,
6667 const gate_desc *gate)
6669 + pax_open_kernel();
6670 memcpy(&idt[entry], gate, sizeof(*gate));
6671 + pax_close_kernel();
6674 static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry,
6677 + pax_open_kernel();
6678 memcpy(&ldt[entry], desc, 8);
6679 + pax_close_kernel();
6682 static inline void native_write_gdt_entry(struct desc_struct *gdt, int entry,
6683 const void *desc, int type)
6689 size = sizeof(tss_desc);
6690 @@ -139,7 +142,10 @@ static inline void native_write_gdt_entr
6691 size = sizeof(struct desc_struct);
6695 + pax_open_kernel();
6696 memcpy(&gdt[entry], desc, size);
6697 + pax_close_kernel();
6700 static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
6701 @@ -211,7 +217,9 @@ static inline void native_set_ldt(const
6703 static inline void native_load_tr_desc(void)
6705 + pax_open_kernel();
6706 asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8));
6707 + pax_close_kernel();
6710 static inline void native_load_gdt(const struct desc_ptr *dtr)
6711 @@ -246,8 +254,10 @@ static inline void native_load_tls(struc
6713 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
6715 + pax_open_kernel();
6716 for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++)
6717 gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
6718 + pax_close_kernel();
6721 #define _LDT_empty(info) \
6722 @@ -392,4 +402,16 @@ static inline void set_system_intr_gate_
6723 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
6726 +#ifdef CONFIG_X86_32
6727 +static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu)
6729 + struct desc_struct d;
6731 + if (likely(limit))
6732 + limit = (limit - 1UL) >> PAGE_SHIFT;
6733 + pack_descriptor(&d, base, limit, 0xFB, 0xC);
6734 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S);
6738 #endif /* _ASM_X86_DESC_H */
6739 diff -urNp linux-2.6.32.1/arch/x86/include/asm/device.h linux-2.6.32.1/arch/x86/include/asm/device.h
6740 --- linux-2.6.32.1/arch/x86/include/asm/device.h 2009-12-02 22:51:21.000000000 -0500
6741 +++ linux-2.6.32.1/arch/x86/include/asm/device.h 2009-12-14 18:33:51.605802803 -0500
6742 @@ -6,7 +6,7 @@ struct dev_archdata {
6745 #ifdef CONFIG_X86_64
6746 -struct dma_map_ops *dma_ops;
6747 + const struct dma_map_ops *dma_ops;
6750 void *iommu; /* hook for IOMMU specific extension */
6751 diff -urNp linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h
6752 --- linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h 2009-12-02 22:51:21.000000000 -0500
6753 +++ linux-2.6.32.1/arch/x86/include/asm/dma-mapping.h 2009-12-14 18:33:51.605802803 -0500
6754 @@ -25,9 +25,9 @@ extern int iommu_merge;
6755 extern struct device x86_dma_fallback_dev;
6756 extern int panic_on_overflow;
6758 -extern struct dma_map_ops *dma_ops;
6759 +extern const struct dma_map_ops *dma_ops;
6761 -static inline struct dma_map_ops *get_dma_ops(struct device *dev)
6762 +static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
6764 #ifdef CONFIG_X86_32
6766 @@ -44,7 +44,7 @@ static inline struct dma_map_ops *get_dm
6767 /* Make sure we keep the same behaviour */
6768 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
6770 - struct dma_map_ops *ops = get_dma_ops(dev);
6771 + const struct dma_map_ops *ops = get_dma_ops(dev);
6772 if (ops->mapping_error)
6773 return ops->mapping_error(dev, dma_addr);
6775 @@ -122,7 +122,7 @@ static inline void *
6776 dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle,
6779 - struct dma_map_ops *ops = get_dma_ops(dev);
6780 + const struct dma_map_ops *ops = get_dma_ops(dev);
6783 gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
6784 @@ -149,7 +149,7 @@ dma_alloc_coherent(struct device *dev, s
6785 static inline void dma_free_coherent(struct device *dev, size_t size,
6786 void *vaddr, dma_addr_t bus)
6788 - struct dma_map_ops *ops = get_dma_ops(dev);
6789 + const struct dma_map_ops *ops = get_dma_ops(dev);
6791 WARN_ON(irqs_disabled()); /* for portability */
6793 diff -urNp linux-2.6.32.1/arch/x86/include/asm/e820.h linux-2.6.32.1/arch/x86/include/asm/e820.h
6794 --- linux-2.6.32.1/arch/x86/include/asm/e820.h 2009-12-02 22:51:21.000000000 -0500
6795 +++ linux-2.6.32.1/arch/x86/include/asm/e820.h 2009-12-14 18:33:51.606706147 -0500
6796 @@ -133,7 +133,7 @@ extern char *default_machine_specific_me
6797 #define ISA_END_ADDRESS 0x100000
6798 #define is_ISA_range(s, e) ((s) >= ISA_START_ADDRESS && (e) < ISA_END_ADDRESS)
6800 -#define BIOS_BEGIN 0x000a0000
6801 +#define BIOS_BEGIN 0x000c0000
6802 #define BIOS_END 0x00100000
6805 diff -urNp linux-2.6.32.1/arch/x86/include/asm/elf.h linux-2.6.32.1/arch/x86/include/asm/elf.h
6806 --- linux-2.6.32.1/arch/x86/include/asm/elf.h 2009-12-02 22:51:21.000000000 -0500
6807 +++ linux-2.6.32.1/arch/x86/include/asm/elf.h 2009-12-14 18:33:51.606706147 -0500
6808 @@ -263,7 +263,25 @@ extern int force_personality32;
6809 the loader. We need to make sure that it is out of the way of the program
6810 that it will "exec", and that there is sufficient room for the brk. */
6812 +#ifdef CONFIG_PAX_SEGMEXEC
6813 +#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
6815 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
6818 +#ifdef CONFIG_PAX_ASLR
6819 +#ifdef CONFIG_X86_32
6820 +#define PAX_ELF_ET_DYN_BASE 0x10000000UL
6822 +#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
6823 +#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
6825 +#define PAX_ELF_ET_DYN_BASE 0x400000UL
6827 +#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32)
6828 +#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : 32)
6832 /* This yields a mask that user programs can use to figure out what
6833 instruction set this CPU supports. This could be done in user space,
6834 @@ -317,8 +335,7 @@ do { \
6835 #define ARCH_DLINFO \
6838 - NEW_AUX_ENT(AT_SYSINFO_EHDR, \
6839 - (unsigned long)current->mm->context.vdso); \
6840 + NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso);\
6843 #define AT_SYSINFO 32
6844 @@ -329,7 +346,7 @@ do { \
6846 #endif /* !CONFIG_X86_32 */
6848 -#define VDSO_CURRENT_BASE ((unsigned long)current->mm->context.vdso)
6849 +#define VDSO_CURRENT_BASE (current->mm->context.vdso)
6851 #define VDSO_ENTRY \
6852 ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall))
6853 @@ -343,7 +360,4 @@ extern int arch_setup_additional_pages(s
6854 extern int syscall32_setup_pages(struct linux_binprm *, int exstack);
6855 #define compat_arch_setup_additional_pages syscall32_setup_pages
6857 -extern unsigned long arch_randomize_brk(struct mm_struct *mm);
6858 -#define arch_randomize_brk arch_randomize_brk
6860 #endif /* _ASM_X86_ELF_H */
6861 diff -urNp linux-2.6.32.1/arch/x86/include/asm/futex.h linux-2.6.32.1/arch/x86/include/asm/futex.h
6862 --- linux-2.6.32.1/arch/x86/include/asm/futex.h 2009-12-02 22:51:21.000000000 -0500
6863 +++ linux-2.6.32.1/arch/x86/include/asm/futex.h 2009-12-14 18:33:51.606706147 -0500
6865 #include <asm/processor.h>
6866 #include <asm/system.h>
6868 +#ifdef CONFIG_X86_32
6869 +#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
6871 + "movw\t%w6, %%ds\n" \
6872 + "1:\t" insn "\n" \
6873 + "2:\tpushl\t%%ss\n" \
6874 + "\tpopl\t%%ds\n" \
6875 + "\t.section .fixup,\"ax\"\n" \
6876 + "3:\tmov\t%3, %1\n" \
6879 + _ASM_EXTABLE(1b, 3b) \
6880 + : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
6881 + : "i" (-EFAULT), "0" (oparg), "1" (0), "r" (__USER_DS))
6883 +#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
6884 + asm volatile("movw\t%w7, %%es\n" \
6885 + "1:\tmovl\t%%es:%2, %0\n" \
6886 + "\tmovl\t%0, %3\n" \
6888 + "2:\t" LOCK_PREFIX "cmpxchgl %3, %%es:%2\n"\
6890 + "3:\tpushl\t%%ss\n" \
6891 + "\tpopl\t%%es\n" \
6892 + "\t.section .fixup,\"ax\"\n" \
6893 + "4:\tmov\t%5, %1\n" \
6896 + _ASM_EXTABLE(1b, 4b) \
6897 + _ASM_EXTABLE(2b, 4b) \
6898 + : "=&a" (oldval), "=&r" (ret), \
6899 + "+m" (*uaddr), "=&r" (tem) \
6900 + : "r" (oparg), "i" (-EFAULT), "1" (0), "r" (__USER_DS))
6902 #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
6903 asm volatile("1:\t" insn "\n" \
6904 "2:\t.section .fixup,\"ax\"\n" \
6906 : "=&a" (oldval), "=&r" (ret), \
6907 "+m" (*uaddr), "=&r" (tem) \
6908 : "r" (oparg), "i" (-EFAULT), "1" (0))
6911 -static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
6912 +static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
6914 int op = (encoded_op >> 28) & 7;
6915 int cmp = (encoded_op >> 24) & 15;
6916 @@ -61,11 +96,20 @@ static inline int futex_atomic_op_inuser
6920 +#ifdef CONFIG_X86_32
6921 + __futex_atomic_op1("xchgl %0, %%ds:%2", ret, oldval, uaddr, oparg);
6923 __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
6927 +#ifdef CONFIG_X86_32
6928 + __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %%ds:%2", ret, oldval,
6931 __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
6936 __futex_atomic_op2("orl %4, %3", ret, oldval, uaddr, oparg);
6937 @@ -109,7 +153,7 @@ static inline int futex_atomic_op_inuser
6941 -static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval,
6942 +static inline int futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval,
6946 @@ -122,14 +166,27 @@ static inline int futex_atomic_cmpxchg_i
6947 if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
6950 - asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6952 +#ifdef CONFIG_X86_32
6953 + "\tmovw %w5, %%ds\n"
6954 + "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6955 + "2:\tpushl %%ss\n"
6957 + "\t.section .fixup, \"ax\"\n"
6959 + "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
6960 "2:\t.section .fixup, \"ax\"\n"
6965 _ASM_EXTABLE(1b, 3b)
6966 : "=a" (oldval), "+m" (*uaddr)
6967 +#ifdef CONFIG_X86_32
6968 + : "i" (-EFAULT), "r" (newval), "0" (oldval), "r" (__USER_DS)
6970 : "i" (-EFAULT), "r" (newval), "0" (oldval)
6975 diff -urNp linux-2.6.32.1/arch/x86/include/asm/i387.h linux-2.6.32.1/arch/x86/include/asm/i387.h
6976 --- linux-2.6.32.1/arch/x86/include/asm/i387.h 2009-12-02 22:51:21.000000000 -0500
6977 +++ linux-2.6.32.1/arch/x86/include/asm/i387.h 2009-12-14 18:33:51.607723418 -0500
6978 @@ -195,13 +195,8 @@ static inline int fxrstor_checking(struc
6981 /* We need a safe address that is cheap to find and that is already
6982 - in L1 during context switch. The best choices are unfortunately
6983 - different for UP and SMP */
6985 -#define safe_address (__per_cpu_offset[0])
6987 -#define safe_address (kstat_cpu(0).cpustat.user)
6989 + in L1 during context switch. */
6990 +#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
6993 * These must be called with preempt disabled
6994 diff -urNp linux-2.6.32.1/arch/x86/include/asm/io_64.h linux-2.6.32.1/arch/x86/include/asm/io_64.h
6995 --- linux-2.6.32.1/arch/x86/include/asm/io_64.h 2009-12-02 22:51:21.000000000 -0500
6996 +++ linux-2.6.32.1/arch/x86/include/asm/io_64.h 2009-12-14 18:33:51.607723418 -0500
6997 @@ -140,6 +140,17 @@ __OUTS(l)
6999 #include <linux/vmalloc.h>
7001 +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
7002 +static inline int valid_phys_addr_range (unsigned long addr, size_t count)
7004 + return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
7007 +static inline int valid_mmap_phys_addr_range (unsigned long pfn, size_t count)
7009 + return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
7012 #include <asm-generic/iomap.h>
7014 void __memcpy_fromio(void *, unsigned long, unsigned);
7015 diff -urNp linux-2.6.32.1/arch/x86/include/asm/iommu.h linux-2.6.32.1/arch/x86/include/asm/iommu.h
7016 --- linux-2.6.32.1/arch/x86/include/asm/iommu.h 2009-12-02 22:51:21.000000000 -0500
7017 +++ linux-2.6.32.1/arch/x86/include/asm/iommu.h 2009-12-14 18:33:51.607723418 -0500
7020 extern void pci_iommu_shutdown(void);
7021 extern void no_iommu_init(void);
7022 -extern struct dma_map_ops nommu_dma_ops;
7023 +extern const struct dma_map_ops nommu_dma_ops;
7024 extern int force_iommu, no_iommu;
7025 extern int iommu_detected;
7026 extern int iommu_pass_through;
7027 diff -urNp linux-2.6.32.1/arch/x86/include/asm/irqflags.h linux-2.6.32.1/arch/x86/include/asm/irqflags.h
7028 --- linux-2.6.32.1/arch/x86/include/asm/irqflags.h 2009-12-02 22:51:21.000000000 -0500
7029 +++ linux-2.6.32.1/arch/x86/include/asm/irqflags.h 2009-12-14 18:33:51.607723418 -0500
7030 @@ -146,6 +146,27 @@ static inline unsigned long __raw_local_
7031 #define INTERRUPT_RETURN iret
7032 #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
7033 #define GET_CR0_INTO_EAX movl %cr0, %eax
7035 +/* PaX: special register usage in entry_32.S, beware */
7036 +#ifdef CONFIG_PAX_KERNEXEC
7037 +#define PAX_EXIT_KERNEL \
7040 + movl %esi, %cr0; \
7043 +#define PAX_ENTER_KERNEL \
7044 + movl %cr0, %esi; \
7045 + movl %esi, %edx; \
7048 + movl %edx, %cr0; \
7051 +#define PAX_EXIT_KERNEL
7052 +#define PAX_ENTER_KERNEL
7058 diff -urNp linux-2.6.32.1/arch/x86/include/asm/kvm_host.h linux-2.6.32.1/arch/x86/include/asm/kvm_host.h
7059 --- linux-2.6.32.1/arch/x86/include/asm/kvm_host.h 2009-12-02 22:51:21.000000000 -0500
7060 +++ linux-2.6.32.1/arch/x86/include/asm/kvm_host.h 2009-12-14 18:33:51.607723418 -0500
7061 @@ -530,7 +530,7 @@ struct kvm_x86_ops {
7062 const struct trace_print_flags *exit_reasons_str;
7065 -extern struct kvm_x86_ops *kvm_x86_ops;
7066 +extern const struct kvm_x86_ops *kvm_x86_ops;
7068 int kvm_mmu_module_init(void);
7069 void kvm_mmu_module_exit(void);
7070 diff -urNp linux-2.6.32.1/arch/x86/include/asm/local.h linux-2.6.32.1/arch/x86/include/asm/local.h
7071 --- linux-2.6.32.1/arch/x86/include/asm/local.h 2009-12-02 22:51:21.000000000 -0500
7072 +++ linux-2.6.32.1/arch/x86/include/asm/local.h 2009-12-14 18:33:51.607723418 -0500
7073 @@ -18,26 +18,90 @@ typedef struct {
7075 static inline void local_inc(local_t *l)
7077 - asm volatile(_ASM_INC "%0"
7078 + asm volatile(_ASM_INC "%0\n"
7080 +#ifdef CONFIG_PAX_REFCOUNT
7081 +#ifdef CONFIG_X86_32
7087 + ".pushsection .fixup,\"ax\"\n"
7092 + _ASM_EXTABLE(0b, 1b)
7095 : "+m" (l->a.counter));
7098 static inline void local_dec(local_t *l)
7100 - asm volatile(_ASM_DEC "%0"
7101 + asm volatile(_ASM_DEC "%0\n"
7103 +#ifdef CONFIG_PAX_REFCOUNT
7104 +#ifdef CONFIG_X86_32
7110 + ".pushsection .fixup,\"ax\"\n"
7115 + _ASM_EXTABLE(0b, 1b)
7118 : "+m" (l->a.counter));
7121 static inline void local_add(long i, local_t *l)
7123 - asm volatile(_ASM_ADD "%1,%0"
7124 + asm volatile(_ASM_ADD "%1,%0\n"
7126 +#ifdef CONFIG_PAX_REFCOUNT
7127 +#ifdef CONFIG_X86_32
7133 + ".pushsection .fixup,\"ax\"\n"
7135 + _ASM_SUB "%1,%0\n"
7138 + _ASM_EXTABLE(0b, 1b)
7141 : "+m" (l->a.counter)
7145 static inline void local_sub(long i, local_t *l)
7147 - asm volatile(_ASM_SUB "%1,%0"
7148 + asm volatile(_ASM_SUB "%1,%0\n"
7150 +#ifdef CONFIG_PAX_REFCOUNT
7151 +#ifdef CONFIG_X86_32
7157 + ".pushsection .fixup,\"ax\"\n"
7159 + _ASM_ADD "%1,%0\n"
7162 + _ASM_EXTABLE(0b, 1b)
7165 : "+m" (l->a.counter)
7168 @@ -55,7 +119,24 @@ static inline int local_sub_and_test(lon
7172 - asm volatile(_ASM_SUB "%2,%0; sete %1"
7173 + asm volatile(_ASM_SUB "%2,%0\n"
7175 +#ifdef CONFIG_PAX_REFCOUNT
7176 +#ifdef CONFIG_X86_32
7182 + ".pushsection .fixup,\"ax\"\n"
7184 + _ASM_ADD "%2,%0\n"
7187 + _ASM_EXTABLE(0b, 1b)
7191 : "+m" (l->a.counter), "=qm" (c)
7192 : "ir" (i) : "memory");
7194 @@ -73,7 +154,24 @@ static inline int local_dec_and_test(loc
7198 - asm volatile(_ASM_DEC "%0; sete %1"
7199 + asm volatile(_ASM_DEC "%0\n"
7201 +#ifdef CONFIG_PAX_REFCOUNT
7202 +#ifdef CONFIG_X86_32
7208 + ".pushsection .fixup,\"ax\"\n"
7213 + _ASM_EXTABLE(0b, 1b)
7217 : "+m" (l->a.counter), "=qm" (c)
7220 @@ -91,7 +189,24 @@ static inline int local_inc_and_test(loc
7224 - asm volatile(_ASM_INC "%0; sete %1"
7225 + asm volatile(_ASM_INC "%0\n"
7227 +#ifdef CONFIG_PAX_REFCOUNT
7228 +#ifdef CONFIG_X86_32
7234 + ".pushsection .fixup,\"ax\"\n"
7239 + _ASM_EXTABLE(0b, 1b)
7243 : "+m" (l->a.counter), "=qm" (c)
7246 @@ -110,7 +225,24 @@ static inline int local_add_negative(lon
7250 - asm volatile(_ASM_ADD "%2,%0; sets %1"
7251 + asm volatile(_ASM_ADD "%2,%0\n"
7253 +#ifdef CONFIG_PAX_REFCOUNT
7254 +#ifdef CONFIG_X86_32
7260 + ".pushsection .fixup,\"ax\"\n"
7262 + _ASM_SUB "%2,%0\n"
7265 + _ASM_EXTABLE(0b, 1b)
7269 : "+m" (l->a.counter), "=qm" (c)
7270 : "ir" (i) : "memory");
7272 @@ -133,7 +265,23 @@ static inline long local_add_return(long
7274 /* Modern 486+ processor */
7276 - asm volatile(_ASM_XADD "%0, %1;"
7277 + asm volatile(_ASM_XADD "%0, %1\n"
7279 +#ifdef CONFIG_PAX_REFCOUNT
7280 +#ifdef CONFIG_X86_32
7286 + ".pushsection .fixup,\"ax\"\n"
7288 + _ASM_MOV "%0,%1\n"
7291 + _ASM_EXTABLE(0b, 1b)
7294 : "+r" (i), "+m" (l->a.counter)
7297 diff -urNp linux-2.6.32.1/arch/x86/include/asm/microcode.h linux-2.6.32.1/arch/x86/include/asm/microcode.h
7298 --- linux-2.6.32.1/arch/x86/include/asm/microcode.h 2009-12-02 22:51:21.000000000 -0500
7299 +++ linux-2.6.32.1/arch/x86/include/asm/microcode.h 2009-12-14 18:33:51.609195189 -0500
7300 @@ -12,13 +12,13 @@ struct device;
7301 enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND };
7303 struct microcode_ops {
7304 - enum ucode_state (*request_microcode_user) (int cpu,
7305 + enum ucode_state (* const request_microcode_user) (int cpu,
7306 const void __user *buf, size_t size);
7308 - enum ucode_state (*request_microcode_fw) (int cpu,
7309 + enum ucode_state (* const request_microcode_fw) (int cpu,
7310 struct device *device);
7312 - void (*microcode_fini_cpu) (int cpu);
7313 + void (* const microcode_fini_cpu) (int cpu);
7316 * The generic 'microcode_core' part guarantees that
7317 @@ -38,18 +38,18 @@ struct ucode_cpu_info {
7318 extern struct ucode_cpu_info ucode_cpu_info[];
7320 #ifdef CONFIG_MICROCODE_INTEL
7321 -extern struct microcode_ops * __init init_intel_microcode(void);
7322 +extern const struct microcode_ops * __init init_intel_microcode(void);
7324 -static inline struct microcode_ops * __init init_intel_microcode(void)
7325 +static inline const struct microcode_ops * __init init_intel_microcode(void)
7329 #endif /* CONFIG_MICROCODE_INTEL */
7331 #ifdef CONFIG_MICROCODE_AMD
7332 -extern struct microcode_ops * __init init_amd_microcode(void);
7333 +extern const struct microcode_ops * __init init_amd_microcode(void);
7335 -static inline struct microcode_ops * __init init_amd_microcode(void)
7336 +static inline const struct microcode_ops * __init init_amd_microcode(void)
7340 diff -urNp linux-2.6.32.1/arch/x86/include/asm/mman.h linux-2.6.32.1/arch/x86/include/asm/mman.h
7341 --- linux-2.6.32.1/arch/x86/include/asm/mman.h 2009-12-02 22:51:21.000000000 -0500
7342 +++ linux-2.6.32.1/arch/x86/include/asm/mman.h 2009-12-14 18:33:51.614107213 -0500
7345 #include <asm-generic/mman.h>
7348 +#ifndef __ASSEMBLY__
7349 +#ifdef CONFIG_X86_32
7350 +#define arch_mmap_check i386_mmap_check
7351 +int i386_mmap_check(unsigned long addr, unsigned long len,
7352 + unsigned long flags);
7357 #endif /* _ASM_X86_MMAN_H */
7358 diff -urNp linux-2.6.32.1/arch/x86/include/asm/mmu_context.h linux-2.6.32.1/arch/x86/include/asm/mmu_context.h
7359 --- linux-2.6.32.1/arch/x86/include/asm/mmu_context.h 2009-12-02 22:51:21.000000000 -0500
7360 +++ linux-2.6.32.1/arch/x86/include/asm/mmu_context.h 2009-12-14 18:33:51.614708658 -0500
7361 @@ -34,11 +34,17 @@ static inline void switch_mm(struct mm_s
7362 struct task_struct *tsk)
7364 unsigned cpu = smp_processor_id();
7365 +#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
7366 + int tlbstate = TLBSTATE_OK;
7369 if (likely(prev != next)) {
7370 /* stop flush ipis for the previous mm */
7371 cpumask_clear_cpu(cpu, mm_cpumask(prev));
7373 +#ifdef CONFIG_X86_32
7374 + tlbstate = percpu_read(cpu_tlbstate.state);
7376 percpu_write(cpu_tlbstate.state, TLBSTATE_OK);
7377 percpu_write(cpu_tlbstate.active_mm, next);
7379 @@ -52,6 +58,26 @@ static inline void switch_mm(struct mm_s
7381 if (unlikely(prev->context.ldt != next->context.ldt))
7382 load_LDT_nolock(&next->context);
7384 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
7385 + if (!nx_enabled) {
7386 + smp_mb__before_clear_bit();
7387 + cpu_clear(cpu, prev->context.cpu_user_cs_mask);
7388 + smp_mb__after_clear_bit();
7389 + cpu_set(cpu, next->context.cpu_user_cs_mask);
7393 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
7394 + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
7395 + prev->context.user_cs_limit != next->context.user_cs_limit))
7396 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
7398 + else if (unlikely(tlbstate != TLBSTATE_OK))
7399 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
7406 @@ -65,6 +91,19 @@ static inline void switch_mm(struct mm_s
7408 load_cr3(next->pgd);
7409 load_LDT_nolock(&next->context);
7411 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
7413 + cpu_set(cpu, next->context.cpu_user_cs_mask);
7416 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
7417 +#ifdef CONFIG_PAX_PAGEEXEC
7418 + if (!((next->pax_flags & MF_PAX_PAGEEXEC) && nx_enabled))
7420 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
7426 diff -urNp linux-2.6.32.1/arch/x86/include/asm/mmu.h linux-2.6.32.1/arch/x86/include/asm/mmu.h
7427 --- linux-2.6.32.1/arch/x86/include/asm/mmu.h 2009-12-02 22:51:21.000000000 -0500
7428 +++ linux-2.6.32.1/arch/x86/include/asm/mmu.h 2009-12-14 18:33:51.614708658 -0500
7430 * we put the segment information here.
7434 + struct desc_struct *ldt;
7438 + unsigned long vdso;
7440 +#ifdef CONFIG_X86_32
7441 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
7442 + unsigned long user_cs_base;
7443 + unsigned long user_cs_limit;
7445 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
7446 + cpumask_t cpu_user_cs_mask;
7455 diff -urNp linux-2.6.32.1/arch/x86/include/asm/module.h linux-2.6.32.1/arch/x86/include/asm/module.h
7456 --- linux-2.6.32.1/arch/x86/include/asm/module.h 2009-12-02 22:51:21.000000000 -0500
7457 +++ linux-2.6.32.1/arch/x86/include/asm/module.h 2009-12-14 18:33:51.614708658 -0500
7460 # define MODULE_STACKSIZE ""
7462 -# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE
7463 +# ifdef CONFIG_GRKERNSEC
7464 +# define MODULE_GRSEC "GRSECURITY "
7466 +# define MODULE_GRSEC ""
7468 +# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC
7471 #endif /* _ASM_X86_MODULE_H */
7472 diff -urNp linux-2.6.32.1/arch/x86/include/asm/page_32_types.h linux-2.6.32.1/arch/x86/include/asm/page_32_types.h
7473 --- linux-2.6.32.1/arch/x86/include/asm/page_32_types.h 2009-12-02 22:51:21.000000000 -0500
7474 +++ linux-2.6.32.1/arch/x86/include/asm/page_32_types.h 2009-12-14 18:33:51.614708658 -0500
7477 #define __PAGE_OFFSET _AC(CONFIG_PAGE_OFFSET, UL)
7479 +#ifdef CONFIG_PAX_PAGEEXEC
7480 +#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1
7483 #ifdef CONFIG_4KSTACKS
7484 #define THREAD_ORDER 0
7486 diff -urNp linux-2.6.32.1/arch/x86/include/asm/page_64_types.h linux-2.6.32.1/arch/x86/include/asm/page_64_types.h
7487 --- linux-2.6.32.1/arch/x86/include/asm/page_64_types.h 2009-12-02 22:51:21.000000000 -0500
7488 +++ linux-2.6.32.1/arch/x86/include/asm/page_64_types.h 2009-12-14 18:33:51.614708658 -0500
7490 #define __START_KERNEL (__START_KERNEL_map + __PHYSICAL_START)
7491 #define __START_KERNEL_map _AC(0xffffffff80000000, UL)
7493 +#define ktla_ktva(addr) (addr)
7494 +#define ktva_ktla(addr) (addr)
7496 /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */
7497 #define __PHYSICAL_MASK_SHIFT 46
7498 #define __VIRTUAL_MASK_SHIFT 47
7499 diff -urNp linux-2.6.32.1/arch/x86/include/asm/paravirt.h linux-2.6.32.1/arch/x86/include/asm/paravirt.h
7500 --- linux-2.6.32.1/arch/x86/include/asm/paravirt.h 2009-12-02 22:51:21.000000000 -0500
7501 +++ linux-2.6.32.1/arch/x86/include/asm/paravirt.h 2009-12-14 18:33:51.615757710 -0500
7502 @@ -729,6 +729,21 @@ static inline void __set_fixmap(unsigned
7503 pv_mmu_ops.set_fixmap(idx, phys, flags);
7506 +#ifdef CONFIG_PAX_KERNEXEC
7507 +static inline unsigned long pax_open_kernel(void)
7509 + return pv_mmu_ops.pax_open_kernel();
7512 +static inline unsigned long pax_close_kernel(void)
7514 + return pv_mmu_ops.pax_close_kernel();
7517 +static inline unsigned long pax_open_kernel(void) { return 0; }
7518 +static inline unsigned long pax_close_kernel(void) { return 0; }
7521 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
7523 static inline int __raw_spin_is_locked(struct raw_spinlock *lock)
7524 @@ -845,7 +860,7 @@ static inline unsigned long __raw_local_
7526 static inline void raw_local_irq_restore(unsigned long f)
7528 - PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
7529 + return PVOP_VCALLEE1(pv_irq_ops.restore_fl, f);
7532 static inline void raw_local_irq_disable(void)
7533 @@ -945,7 +960,7 @@ extern void default_banner(void);
7535 #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
7536 #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
7537 -#define PARA_INDIRECT(addr) *%cs:addr
7538 +#define PARA_INDIRECT(addr) *%ss:addr
7541 #define INTERRUPT_RETURN \
7542 @@ -970,6 +985,31 @@ extern void default_banner(void);
7543 jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret32))
7545 #ifdef CONFIG_X86_32
7547 +#ifdef CONFIG_PAX_KERNEXEC
7548 +#define PAX_EXIT_KERNEL \
7551 + push %eax; push %ecx; \
7552 + movl %esi, %eax; \
7553 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\
7554 + pop %ecx; pop %eax; \
7557 +#define PAX_ENTER_KERNEL \
7558 + push %eax; push %ecx; \
7559 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
7560 + movl %eax, %esi; \
7563 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);\
7565 + pop %ecx; pop %eax;
7567 +#define PAX_EXIT_KERNEL
7568 +#define PAX_ENTER_KERNEL
7571 #define GET_CR0_INTO_EAX \
7572 push %ecx; push %edx; \
7573 call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
7574 diff -urNp linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h
7575 --- linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h 2009-12-02 22:51:21.000000000 -0500
7576 +++ linux-2.6.32.1/arch/x86/include/asm/paravirt_types.h 2009-12-14 18:33:51.615757710 -0500
7577 @@ -316,6 +316,12 @@ struct pv_mmu_ops {
7578 an mfn. We can tell which is which from the index. */
7579 void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx,
7580 phys_addr_t phys, pgprot_t flags);
7582 +#ifdef CONFIG_PAX_KERNEXEC
7583 + unsigned long (*pax_open_kernel)(void);
7584 + unsigned long (*pax_close_kernel)(void);
7589 struct raw_spinlock;
7590 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pci_x86.h linux-2.6.32.1/arch/x86/include/asm/pci_x86.h
7591 --- linux-2.6.32.1/arch/x86/include/asm/pci_x86.h 2009-12-02 22:51:21.000000000 -0500
7592 +++ linux-2.6.32.1/arch/x86/include/asm/pci_x86.h 2009-12-14 18:33:51.615757710 -0500
7593 @@ -89,16 +89,16 @@ extern int (*pcibios_enable_irq)(struct
7594 extern void (*pcibios_disable_irq)(struct pci_dev *dev);
7596 struct pci_raw_ops {
7597 - int (*read)(unsigned int domain, unsigned int bus, unsigned int devfn,
7598 + int (* const read)(unsigned int domain, unsigned int bus, unsigned int devfn,
7599 int reg, int len, u32 *val);
7600 - int (*write)(unsigned int domain, unsigned int bus, unsigned int devfn,
7601 + int (* const write)(unsigned int domain, unsigned int bus, unsigned int devfn,
7602 int reg, int len, u32 val);
7605 -extern struct pci_raw_ops *raw_pci_ops;
7606 -extern struct pci_raw_ops *raw_pci_ext_ops;
7607 +extern const struct pci_raw_ops *raw_pci_ops;
7608 +extern const struct pci_raw_ops *raw_pci_ext_ops;
7610 -extern struct pci_raw_ops pci_direct_conf1;
7611 +extern const struct pci_raw_ops pci_direct_conf1;
7612 extern bool port_cf9_safe;
7614 /* arch_initcall level */
7615 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgalloc.h linux-2.6.32.1/arch/x86/include/asm/pgalloc.h
7616 --- linux-2.6.32.1/arch/x86/include/asm/pgalloc.h 2009-12-02 22:51:21.000000000 -0500
7617 +++ linux-2.6.32.1/arch/x86/include/asm/pgalloc.h 2009-12-14 18:33:51.616774776 -0500
7618 @@ -58,6 +58,13 @@ static inline void pmd_populate_kernel(s
7619 pmd_t *pmd, pte_t *pte)
7621 paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
7622 + set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
7625 +static inline void pmd_populate_user(struct mm_struct *mm,
7626 + pmd_t *pmd, pte_t *pte)
7628 + paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
7629 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
7632 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h
7633 --- linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h 2009-12-02 22:51:21.000000000 -0500
7634 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable-2level.h 2009-12-14 18:33:51.616774776 -0500
7635 @@ -18,7 +18,9 @@ static inline void native_set_pte(pte_t
7637 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7639 + pax_open_kernel();
7641 + pax_close_kernel();
7644 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
7645 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h
7646 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h 2009-12-02 22:51:21.000000000 -0500
7647 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_32.h 2009-12-14 18:33:51.616774776 -0500
7650 struct vm_area_struct;
7652 -extern pgd_t swapper_pg_dir[1024];
7654 static inline void pgtable_cache_init(void) { }
7655 static inline void check_pgt_cache(void) { }
7656 void paging_init(void);
7657 @@ -48,6 +46,11 @@ extern void set_pmd_pfn(unsigned long, u
7658 # include <asm/pgtable-2level.h>
7661 +extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
7662 +#ifdef CONFIG_X86_PAE
7663 +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
7666 #if defined(CONFIG_HIGHPTE)
7668 (in_nmi() ? KM_NMI_PTE : \
7669 @@ -72,7 +75,9 @@ extern void set_pmd_pfn(unsigned long, u
7670 /* Clear a kernel PTE and flush it from the TLB */
7671 #define kpte_clear_flush(ptep, vaddr) \
7673 + pax_open_kernel(); \
7674 pte_clear(&init_mm, (vaddr), (ptep)); \
7675 + pax_close_kernel(); \
7676 __flush_tlb_one((vaddr)); \
7679 @@ -84,6 +89,9 @@ do { \
7681 #endif /* !__ASSEMBLY__ */
7683 +#define HAVE_ARCH_UNMAPPED_AREA
7684 +#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
7687 * kern_addr_valid() is (1) for FLATMEM and (0) for
7688 * SPARSEMEM and DISCONTIGMEM
7689 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h
7690 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h 2009-12-02 22:51:21.000000000 -0500
7691 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_32_types.h 2009-12-14 18:33:51.616774776 -0500
7694 #ifdef CONFIG_X86_PAE
7695 # include <asm/pgtable-3level_types.h>
7696 -# define PMD_SIZE (1UL << PMD_SHIFT)
7697 +# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
7698 # define PMD_MASK (~(PMD_SIZE - 1))
7700 # include <asm/pgtable-2level_types.h>
7701 @@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set
7702 # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
7705 +#ifdef CONFIG_PAX_KERNEXEC
7706 +#ifndef __ASSEMBLY__
7707 +extern unsigned char MODULES_EXEC_VADDR[];
7708 +extern unsigned char MODULES_EXEC_END[];
7710 +#include <asm/boot.h>
7711 +#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET)
7712 +#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET)
7714 +#define ktla_ktva(addr) (addr)
7715 +#define ktva_ktla(addr) (addr)
7718 #define MODULES_VADDR VMALLOC_START
7719 #define MODULES_END VMALLOC_END
7720 #define MODULES_LEN (MODULES_VADDR - MODULES_END)
7721 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h
7722 --- linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h 2009-12-02 22:51:21.000000000 -0500
7723 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable-3level.h 2009-12-14 18:33:51.616774776 -0500
7724 @@ -38,12 +38,16 @@ static inline void native_set_pte_atomic
7726 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7728 + pax_open_kernel();
7729 set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd));
7730 + pax_close_kernel();
7733 static inline void native_set_pud(pud_t *pudp, pud_t pud)
7735 + pax_open_kernel();
7736 set_64bit((unsigned long long *)(pudp), native_pud_val(pud));
7737 + pax_close_kernel();
7741 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h
7742 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h 2009-12-02 22:51:21.000000000 -0500
7743 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_64.h 2009-12-14 18:33:51.616774776 -0500
7746 extern pud_t level3_kernel_pgt[512];
7747 extern pud_t level3_ident_pgt[512];
7748 +extern pud_t level3_vmalloc_pgt[512];
7749 +extern pud_t level3_vmemmap_pgt[512];
7750 +extern pud_t level2_vmemmap_pgt[512];
7751 extern pmd_t level2_kernel_pgt[512];
7752 extern pmd_t level2_fixmap_pgt[512];
7753 -extern pmd_t level2_ident_pgt[512];
7754 +extern pmd_t level2_ident_pgt[512*4];
7755 extern pgd_t init_level4_pgt[];
7757 #define swapper_pg_dir init_level4_pgt
7758 @@ -74,7 +77,9 @@ static inline pte_t native_ptep_get_and_
7760 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
7762 + pax_open_kernel();
7764 + pax_close_kernel();
7767 static inline void native_pmd_clear(pmd_t *pmd)
7768 @@ -94,7 +99,9 @@ static inline void native_pud_clear(pud_
7770 static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
7772 + pax_open_kernel();
7774 + pax_close_kernel();
7777 static inline void native_pgd_clear(pgd_t *pgd)
7778 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable.h linux-2.6.32.1/arch/x86/include/asm/pgtable.h
7779 --- linux-2.6.32.1/arch/x86/include/asm/pgtable.h 2009-12-02 22:51:21.000000000 -0500
7780 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable.h 2009-12-14 18:33:51.616774776 -0500
7781 @@ -74,12 +74,51 @@ extern struct list_head pgd_list;
7783 #define arch_end_context_switch(prev) do {} while(0)
7785 +#define pax_open_kernel() native_pax_open_kernel()
7786 +#define pax_close_kernel() native_pax_close_kernel()
7787 #endif /* CONFIG_PARAVIRT */
7789 +#define __HAVE_ARCH_PAX_OPEN_KERNEL
7790 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL
7792 +#ifdef CONFIG_PAX_KERNEXEC
7793 +static inline unsigned long native_pax_open_kernel(void)
7795 + unsigned long cr0;
7797 + preempt_disable();
7800 + if (likely(cr0 & X86_CR0_WP))
7801 + write_cr0(cr0 & ~X86_CR0_WP);
7805 +static inline unsigned long native_pax_close_kernel(void)
7807 + unsigned long cr0;
7810 + if (likely(!(cr0 & X86_CR0_WP)))
7811 + write_cr0(cr0 | X86_CR0_WP);
7813 + preempt_enable_no_resched();
7817 +static inline unsigned long native_pax_open_kernel(void) { return 0; }
7818 +static inline unsigned long native_pax_close_kernel(void) { return 0; }
7822 * The following only work if pte_present() is true.
7823 * Undefined behaviour if not..
7825 +static inline int pte_user(pte_t pte)
7827 + return pte_val(pte) & _PAGE_USER;
7830 static inline int pte_dirty(pte_t pte)
7832 return pte_flags(pte) & _PAGE_DIRTY;
7833 @@ -167,9 +206,29 @@ static inline pte_t pte_wrprotect(pte_t
7834 return pte_clear_flags(pte, _PAGE_RW);
7837 +static inline pte_t pte_mkread(pte_t pte)
7839 + return __pte(pte_val(pte) | _PAGE_USER);
7842 static inline pte_t pte_mkexec(pte_t pte)
7844 - return pte_clear_flags(pte, _PAGE_NX);
7845 +#ifdef CONFIG_X86_PAE
7846 + if (__supported_pte_mask & _PAGE_NX)
7847 + return pte_clear_flags(pte, _PAGE_NX);
7850 + return pte_set_flags(pte, _PAGE_USER);
7853 +static inline pte_t pte_exprotect(pte_t pte)
7855 +#ifdef CONFIG_X86_PAE
7856 + if (__supported_pte_mask & _PAGE_NX)
7857 + return pte_set_flags(pte, _PAGE_NX);
7860 + return pte_clear_flags(pte, _PAGE_USER);
7863 static inline pte_t pte_mkdirty(pte_t pte)
7864 @@ -472,7 +531,7 @@ static inline pud_t *pud_offset(pgd_t *p
7866 static inline int pgd_bad(pgd_t pgd)
7868 - return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE;
7869 + return (pgd_flags(pgd) & ~(_PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
7872 static inline int pgd_none(pgd_t pgd)
7873 @@ -613,7 +672,9 @@ static inline void ptep_set_wrprotect(st
7875 static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
7877 - memcpy(dst, src, count * sizeof(pgd_t));
7878 + pax_open_kernel();
7879 + memcpy(dst, src, count * sizeof(pgd_t));
7880 + pax_close_kernel();
7884 diff -urNp linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h
7885 --- linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h 2009-12-02 22:51:21.000000000 -0500
7886 +++ linux-2.6.32.1/arch/x86/include/asm/pgtable_types.h 2009-12-14 18:33:51.618196576 -0500
7888 #define _PAGE_BIT_PSE 7 /* 4 MB (or 2MB) page */
7889 #define _PAGE_BIT_PAT 7 /* on 4KB pages */
7890 #define _PAGE_BIT_GLOBAL 8 /* Global TLB entry PPro+ */
7891 -#define _PAGE_BIT_UNUSED1 9 /* available for programmer */
7892 +#define _PAGE_BIT_SPECIAL 9 /* special mappings, no associated struct page */
7893 #define _PAGE_BIT_IOMAP 10 /* flag used to indicate IO mapping */
7894 #define _PAGE_BIT_HIDDEN 11 /* hidden by kmemcheck */
7895 #define _PAGE_BIT_PAT_LARGE 12 /* On 2MB or 1GB pages */
7896 -#define _PAGE_BIT_SPECIAL _PAGE_BIT_UNUSED1
7897 -#define _PAGE_BIT_CPA_TEST _PAGE_BIT_UNUSED1
7898 +#define _PAGE_BIT_CPA_TEST _PAGE_BIT_SPECIAL
7899 #define _PAGE_BIT_NX 63 /* No execute: only valid after cpuid check */
7901 /* If _PAGE_BIT_PRESENT is clear, we use these: */
7903 #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
7904 #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE)
7905 #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
7906 -#define _PAGE_UNUSED1 (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
7907 #define _PAGE_IOMAP (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
7908 #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
7909 #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE)
7912 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
7913 #define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX)
7915 +#elif defined(CONFIG_KMEMCHECK)
7916 #define _PAGE_NX (_AT(pteval_t, 0))
7918 +#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN)
7921 #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE)
7923 #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
7926 +#define PAGE_READONLY_NOEXEC PAGE_READONLY
7927 +#define PAGE_SHARED_NOEXEC PAGE_SHARED
7929 #define __PAGE_KERNEL_EXEC \
7930 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
7931 #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
7933 #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC)
7934 #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT)
7935 #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD)
7936 -#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RX | _PAGE_USER)
7937 -#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_VSYSCALL | _PAGE_PCD | _PAGE_PWT)
7938 +#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RO | _PAGE_USER)
7939 +#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_RO | _PAGE_PCD | _PAGE_PWT | _PAGE_USER)
7940 #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
7941 #define __PAGE_KERNEL_LARGE_NOCACHE (__PAGE_KERNEL | _PAGE_CACHE_UC | _PAGE_PSE)
7942 #define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE)
7944 * bits are combined, this will alow user to access the high address mapped
7945 * VDSO in the presence of CONFIG_COMPAT_VDSO
7947 -#define PTE_IDENT_ATTR 0x003 /* PRESENT+RW */
7948 -#define PDE_IDENT_ATTR 0x067 /* PRESENT+RW+USER+DIRTY+ACCESSED */
7949 +#define PTE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
7950 +#define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
7951 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
7954 @@ -278,7 +281,16 @@ typedef struct page *pgtable_t;
7956 extern pteval_t __supported_pte_mask;
7957 extern void set_nx(void);
7959 +#ifdef CONFIG_X86_32
7960 +#ifdef CONFIG_X86_PAE
7961 extern int nx_enabled;
7963 +#define nx_enabled (0)
7966 +#define nx_enabled (1)
7969 #define pgprot_writecombine pgprot_writecombine
7970 extern pgprot_t pgprot_writecombine(pgprot_t prot);
7971 diff -urNp linux-2.6.32.1/arch/x86/include/asm/processor.h linux-2.6.32.1/arch/x86/include/asm/processor.h
7972 --- linux-2.6.32.1/arch/x86/include/asm/processor.h 2009-12-02 22:51:21.000000000 -0500
7973 +++ linux-2.6.32.1/arch/x86/include/asm/processor.h 2009-12-14 18:33:51.628704378 -0500
7974 @@ -272,7 +272,7 @@ struct tss_struct {
7976 } ____cacheline_aligned;
7978 -DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss);
7979 +extern struct tss_struct init_tss[NR_CPUS];
7982 * Save the original ist values for checking stack pointers during debugging
7983 @@ -911,8 +911,17 @@ static inline void spin_lock_prefetch(co
7985 #define TASK_SIZE PAGE_OFFSET
7986 #define TASK_SIZE_MAX TASK_SIZE
7988 +#ifdef CONFIG_PAX_SEGMEXEC
7989 +#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2)
7992 +#ifdef CONFIG_PAX_SEGMEXEC
7993 +#define STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE)
7995 #define STACK_TOP TASK_SIZE
7996 -#define STACK_TOP_MAX STACK_TOP
7998 +#define STACK_TOP_MAX TASK_SIZE
8000 #define INIT_THREAD { \
8001 .sp0 = sizeof(init_stack) + (long)&init_stack, \
8002 @@ -929,7 +938,7 @@ static inline void spin_lock_prefetch(co
8004 #define INIT_TSS { \
8006 - .sp0 = sizeof(init_stack) + (long)&init_stack, \
8007 + .sp0 = sizeof(init_stack) + (long)&init_stack - 8, \
8008 .ss0 = __KERNEL_DS, \
8009 .ss1 = __KERNEL_CS, \
8010 .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
8011 @@ -940,11 +949,7 @@ static inline void spin_lock_prefetch(co
8012 extern unsigned long thread_saved_pc(struct task_struct *tsk);
8014 #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
8015 -#define KSTK_TOP(info) \
8017 - unsigned long *__ptr = (unsigned long *)(info); \
8018 - (unsigned long)(&__ptr[THREAD_SIZE_LONGS]); \
8020 +#define KSTK_TOP(info) ((info)->task.thread.sp0)
8023 * The below -8 is to reserve 8 bytes on top of the ring0 stack.
8024 @@ -959,7 +964,7 @@ extern unsigned long thread_saved_pc(str
8025 #define task_pt_regs(task) \
8027 struct pt_regs *__regs__; \
8028 - __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \
8029 + __regs__ = (struct pt_regs *)((task)->thread.sp0); \
8033 @@ -975,7 +980,7 @@ extern unsigned long thread_saved_pc(str
8034 * space during mmap's.
8036 #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \
8037 - 0xc0000000 : 0xFFFFe000)
8038 + 0xc0000000 : 0xFFFFf000)
8040 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \
8041 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
8042 @@ -1012,6 +1017,10 @@ extern void start_thread(struct pt_regs
8044 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
8046 +#ifdef CONFIG_PAX_SEGMEXEC
8047 +#define SEGMEXEC_TASK_UNMAPPED_BASE (PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3))
8050 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
8052 /* Get/set a process' ability to use the timestamp counter instruction */
8053 diff -urNp linux-2.6.32.1/arch/x86/include/asm/ptrace.h linux-2.6.32.1/arch/x86/include/asm/ptrace.h
8054 --- linux-2.6.32.1/arch/x86/include/asm/ptrace.h 2009-12-02 22:51:21.000000000 -0500
8055 +++ linux-2.6.32.1/arch/x86/include/asm/ptrace.h 2009-12-14 18:33:51.628704378 -0500
8056 @@ -151,28 +151,29 @@ static inline unsigned long regs_return_
8060 - * user_mode_vm(regs) determines whether a register set came from user mode.
8061 + * user_mode(regs) determines whether a register set came from user mode.
8062 * This is true if V8086 mode was enabled OR if the register set was from
8063 * protected mode with RPL-3 CS value. This tricky test checks that with
8064 * one comparison. Many places in the kernel can bypass this full check
8065 - * if they have already ruled out V8086 mode, so user_mode(regs) can be used.
8066 + * if they have already ruled out V8086 mode, so user_mode_novm(regs) can
8069 -static inline int user_mode(struct pt_regs *regs)
8070 +static inline int user_mode_novm(struct pt_regs *regs)
8072 #ifdef CONFIG_X86_32
8073 return (regs->cs & SEGMENT_RPL_MASK) == USER_RPL;
8075 - return !!(regs->cs & 3);
8076 + return !!(regs->cs & SEGMENT_RPL_MASK);
8080 -static inline int user_mode_vm(struct pt_regs *regs)
8081 +static inline int user_mode(struct pt_regs *regs)
8083 #ifdef CONFIG_X86_32
8084 return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK)) >=
8087 - return user_mode(regs);
8088 + return user_mode_novm(regs);
8092 diff -urNp linux-2.6.32.1/arch/x86/include/asm/reboot.h linux-2.6.32.1/arch/x86/include/asm/reboot.h
8093 --- linux-2.6.32.1/arch/x86/include/asm/reboot.h 2009-12-02 22:51:21.000000000 -0500
8094 +++ linux-2.6.32.1/arch/x86/include/asm/reboot.h 2009-12-14 18:33:51.630145569 -0500
8095 @@ -18,7 +18,7 @@ extern struct machine_ops machine_ops;
8097 void native_machine_crash_shutdown(struct pt_regs *regs);
8098 void native_machine_shutdown(void);
8099 -void machine_real_restart(const unsigned char *code, int length);
8100 +void machine_real_restart(const unsigned char *code, unsigned int length);
8102 typedef void (*nmi_shootdown_cb)(int, struct die_args*);
8103 void nmi_shootdown_cpus(nmi_shootdown_cb callback);
8104 diff -urNp linux-2.6.32.1/arch/x86/include/asm/rwsem.h linux-2.6.32.1/arch/x86/include/asm/rwsem.h
8105 --- linux-2.6.32.1/arch/x86/include/asm/rwsem.h 2009-12-02 22:51:21.000000000 -0500
8106 +++ linux-2.6.32.1/arch/x86/include/asm/rwsem.h 2009-12-14 18:33:51.630145569 -0500
8107 @@ -106,10 +106,26 @@ static inline void __down_read(struct rw
8109 asm volatile("# beginning down_read\n\t"
8110 LOCK_PREFIX " incl (%%eax)\n\t"
8112 +#ifdef CONFIG_PAX_REFCOUNT
8113 +#ifdef CONFIG_X86_32
8119 + ".pushsection .fixup,\"ax\"\n"
8121 + LOCK_PREFIX "decl (%%eax)\n"
8124 + _ASM_EXTABLE(0b, 1b)
8127 /* adds 0x00000001, returns the old value */
8130 " call call_rwsem_down_read_failed\n"
8133 "# ending down_read\n\t"
8136 @@ -124,13 +140,29 @@ static inline int __down_read_trylock(st
8138 asm volatile("# beginning __down_read_trylock\n\t"
8146 +#ifdef CONFIG_PAX_REFCOUNT
8147 +#ifdef CONFIG_X86_32
8153 + ".pushsection .fixup,\"ax\"\n"
8158 + _ASM_EXTABLE(0b, 1b)
8162 LOCK_PREFIX " cmpxchgl %2,%0\n\t"
8167 "# ending __down_read_trylock\n\t"
8168 : "+m" (sem->count), "=&a" (result), "=&r" (tmp)
8169 : "i" (RWSEM_ACTIVE_READ_BIAS)
8170 @@ -148,12 +180,28 @@ static inline void __down_write_nested(s
8171 tmp = RWSEM_ACTIVE_WRITE_BIAS;
8172 asm volatile("# beginning down_write\n\t"
8173 LOCK_PREFIX " xadd %%edx,(%%eax)\n\t"
8175 +#ifdef CONFIG_PAX_REFCOUNT
8176 +#ifdef CONFIG_X86_32
8182 + ".pushsection .fixup,\"ax\"\n"
8184 + "movl %%edx,(%%eax)\n"
8187 + _ASM_EXTABLE(0b, 1b)
8190 /* subtract 0x0000ffff, returns the old value */
8191 " testl %%edx,%%edx\n\t"
8192 /* was the count 0 before? */
8195 " call call_rwsem_down_write_failed\n"
8198 "# ending down_write"
8199 : "+m" (sem->count), "=d" (tmp)
8200 : "a" (sem), "1" (tmp)
8201 @@ -186,10 +234,26 @@ static inline void __up_read(struct rw_s
8202 __s32 tmp = -RWSEM_ACTIVE_READ_BIAS;
8203 asm volatile("# beginning __up_read\n\t"
8204 LOCK_PREFIX " xadd %%edx,(%%eax)\n\t"
8206 +#ifdef CONFIG_PAX_REFCOUNT
8207 +#ifdef CONFIG_X86_32
8213 + ".pushsection .fixup,\"ax\"\n"
8215 + "movl %%edx,(%%eax)\n"
8218 + _ASM_EXTABLE(0b, 1b)
8221 /* subtracts 1, returns the old value */
8224 " call call_rwsem_wake\n"
8227 "# ending __up_read\n"
8228 : "+m" (sem->count), "=d" (tmp)
8229 : "a" (sem), "1" (tmp)
8230 @@ -204,11 +268,27 @@ static inline void __up_write(struct rw_
8231 asm volatile("# beginning __up_write\n\t"
8232 " movl %2,%%edx\n\t"
8233 LOCK_PREFIX " xaddl %%edx,(%%eax)\n\t"
8235 +#ifdef CONFIG_PAX_REFCOUNT
8236 +#ifdef CONFIG_X86_32
8242 + ".pushsection .fixup,\"ax\"\n"
8244 + "movl %%edx,(%%eax)\n"
8247 + _ASM_EXTABLE(0b, 1b)
8250 /* tries to transition
8251 0xffff0001 -> 0x00000000 */
8254 " call call_rwsem_wake\n"
8257 "# ending __up_write\n"
8259 : "a" (sem), "i" (-RWSEM_ACTIVE_WRITE_BIAS)
8260 @@ -222,10 +302,26 @@ static inline void __downgrade_write(str
8262 asm volatile("# beginning __downgrade_write\n\t"
8263 LOCK_PREFIX " addl %2,(%%eax)\n\t"
8265 +#ifdef CONFIG_PAX_REFCOUNT
8266 +#ifdef CONFIG_X86_32
8272 + ".pushsection .fixup,\"ax\"\n"
8274 + LOCK_PREFIX "subl %2,(%%eax)\n"
8277 + _ASM_EXTABLE(0b, 1b)
8280 /* transitions 0xZZZZ0001 -> 0xYYYY0001 */
8283 " call call_rwsem_downgrade_wake\n"
8286 "# ending __downgrade_write\n"
8288 : "a" (sem), "i" (-RWSEM_WAITING_BIAS)
8289 @@ -237,7 +333,23 @@ static inline void __downgrade_write(str
8291 static inline void rwsem_atomic_add(int delta, struct rw_semaphore *sem)
8293 - asm volatile(LOCK_PREFIX "addl %1,%0"
8294 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
8296 +#ifdef CONFIG_PAX_REFCOUNT
8297 +#ifdef CONFIG_X86_32
8303 + ".pushsection .fixup,\"ax\"\n"
8305 + LOCK_PREFIX "subl %1,%0\n"
8308 + _ASM_EXTABLE(0b, 1b)
8314 @@ -249,7 +361,23 @@ static inline int rwsem_atomic_update(in
8318 - asm volatile(LOCK_PREFIX "xadd %0,%1"
8319 + asm volatile(LOCK_PREFIX "xadd %0,%1\n"
8321 +#ifdef CONFIG_PAX_REFCOUNT
8322 +#ifdef CONFIG_X86_32
8328 + ".pushsection .fixup,\"ax\"\n"
8333 + _ASM_EXTABLE(0b, 1b)
8336 : "+r" (tmp), "+m" (sem->count)
8339 diff -urNp linux-2.6.32.1/arch/x86/include/asm/segment.h linux-2.6.32.1/arch/x86/include/asm/segment.h
8340 --- linux-2.6.32.1/arch/x86/include/asm/segment.h 2009-12-02 22:51:21.000000000 -0500
8341 +++ linux-2.6.32.1/arch/x86/include/asm/segment.h 2009-12-14 18:33:51.630750090 -0500
8343 #define GDT_ENTRY_ESPFIX_SS (GDT_ENTRY_KERNEL_BASE + 14)
8344 #define __ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)
8346 -#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15)
8347 +#define GDT_ENTRY_PERCPU (GDT_ENTRY_KERNEL_BASE + 15)
8349 #define __KERNEL_PERCPU (GDT_ENTRY_PERCPU * 8)
8351 @@ -102,6 +102,12 @@
8352 #define __KERNEL_STACK_CANARY 0
8355 +#define GDT_ENTRY_PCIBIOS_CS (GDT_ENTRY_KERNEL_BASE + 17)
8356 +#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8)
8358 +#define GDT_ENTRY_PCIBIOS_DS (GDT_ENTRY_KERNEL_BASE + 18)
8359 +#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8)
8361 #define GDT_ENTRY_DOUBLEFAULT_TSS 31
8367 /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
8368 -#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8)
8369 +#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16)
8373 diff -urNp linux-2.6.32.1/arch/x86/include/asm/spinlock.h linux-2.6.32.1/arch/x86/include/asm/spinlock.h
8374 --- linux-2.6.32.1/arch/x86/include/asm/spinlock.h 2009-12-02 22:51:21.000000000 -0500
8375 +++ linux-2.6.32.1/arch/x86/include/asm/spinlock.h 2009-12-14 18:33:51.630750090 -0500
8376 @@ -249,18 +249,50 @@ static inline int __raw_write_can_lock(r
8377 static inline void __raw_read_lock(raw_rwlock_t *rw)
8379 asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t"
8381 - "call __read_lock_failed\n\t"
8383 +#ifdef CONFIG_PAX_REFCOUNT
8384 +#ifdef CONFIG_X86_32
8390 + ".pushsection .fixup,\"ax\"\n"
8392 + LOCK_PREFIX " addl $1,(%0)\n"
8395 + _ASM_EXTABLE(0b, 1b)
8399 + "call __read_lock_failed\n\t"
8401 ::LOCK_PTR_REG (rw) : "memory");
8404 static inline void __raw_write_lock(raw_rwlock_t *rw)
8406 asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t"
8408 - "call __write_lock_failed\n\t"
8410 +#ifdef CONFIG_PAX_REFCOUNT
8411 +#ifdef CONFIG_X86_32
8417 + ".pushsection .fixup,\"ax\"\n"
8419 + LOCK_PREFIX " addl %1,(%0)\n"
8422 + _ASM_EXTABLE(0b, 1b)
8426 + "call __write_lock_failed\n\t"
8428 ::LOCK_PTR_REG (rw), "i" (RW_LOCK_BIAS) : "memory");
8431 @@ -286,12 +318,45 @@ static inline int __raw_write_trylock(ra
8433 static inline void __raw_read_unlock(raw_rwlock_t *rw)
8435 - asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory");
8436 + asm volatile(LOCK_PREFIX "incl %0\n"
8438 +#ifdef CONFIG_PAX_REFCOUNT
8439 +#ifdef CONFIG_X86_32
8445 + ".pushsection .fixup,\"ax\"\n"
8447 + LOCK_PREFIX "decl %0\n"
8450 + _ASM_EXTABLE(0b, 1b)
8453 + :"+m" (rw->lock) : : "memory");
8456 static inline void __raw_write_unlock(raw_rwlock_t *rw)
8458 - asm volatile(LOCK_PREFIX "addl %1, %0"
8459 + asm volatile(LOCK_PREFIX "addl %1, %0\n"
8461 +#ifdef CONFIG_PAX_REFCOUNT
8462 +#ifdef CONFIG_X86_32
8468 + ".pushsection .fixup,\"ax\"\n"
8470 + LOCK_PREFIX "subl %1,%0\n"
8473 + _ASM_EXTABLE(0b, 1b)
8476 : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory");
8479 diff -urNp linux-2.6.32.1/arch/x86/include/asm/system.h linux-2.6.32.1/arch/x86/include/asm/system.h
8480 --- linux-2.6.32.1/arch/x86/include/asm/system.h 2009-12-02 22:51:21.000000000 -0500
8481 +++ linux-2.6.32.1/arch/x86/include/asm/system.h 2009-12-14 18:33:51.630750090 -0500
8482 @@ -200,7 +200,7 @@ static inline unsigned long get_limit(un
8484 unsigned long __limit;
8485 asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
8486 - return __limit + 1;
8490 static inline void native_clts(void)
8491 @@ -340,7 +340,7 @@ void enable_hlt(void);
8493 void cpu_idle_wait(void);
8495 -extern unsigned long arch_align_stack(unsigned long sp);
8496 +#define arch_align_stack(x) ((x) & ~0xfUL)
8497 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
8499 void default_idle(void);
8500 diff -urNp linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h
8501 --- linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h 2009-12-02 22:51:21.000000000 -0500
8502 +++ linux-2.6.32.1/arch/x86/include/asm/uaccess_32.h 2009-12-14 18:33:51.630750090 -0500
8503 @@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u
8504 static __always_inline unsigned long __must_check
8505 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
8510 if (__builtin_constant_p(n)) {
8513 @@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to,
8517 + if (!__builtin_constant_p(n))
8518 + check_object_size(from, n, true);
8519 return __copy_to_user_ll(to, from, n);
8522 @@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo
8523 static __always_inline unsigned long
8524 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
8529 /* Avoid zeroing the tail if the copy fails..
8530 * If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
8531 * but as the zeroing behaviour is only significant when n is not
8532 @@ -138,6 +146,10 @@ static __always_inline unsigned long
8533 __copy_from_user(void *to, const void __user *from, unsigned long n)
8540 if (__builtin_constant_p(n)) {
8543 @@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __
8547 + if (!__builtin_constant_p(n))
8548 + check_object_size(to, n, false);
8549 return __copy_from_user_ll(to, from, n);
8552 @@ -160,6 +174,10 @@ static __always_inline unsigned long __c
8553 const void __user *from, unsigned long n)
8560 if (__builtin_constant_p(n)) {
8563 @@ -182,14 +200,62 @@ static __always_inline unsigned long
8564 __copy_from_user_inatomic_nocache(void *to, const void __user *from,
8567 - return __copy_from_user_ll_nocache_nozero(to, from, n);
8571 + return __copy_from_user_ll_nocache_nozero(to, from, n);
8575 + * copy_to_user: - Copy a block of data into user space.
8576 + * @to: Destination address, in user space.
8577 + * @from: Source address, in kernel space.
8578 + * @n: Number of bytes to copy.
8580 + * Context: User context only. This function may sleep.
8582 + * Copy data from kernel space to user space.
8584 + * Returns number of bytes that could not be copied.
8585 + * On success, this will be zero.
8587 +static __always_inline unsigned long __must_check
8588 +copy_to_user(void __user *to, const void *from, unsigned long n)
8590 + if (access_ok(VERIFY_WRITE, to, n))
8591 + n = __copy_to_user(to, from, n);
8596 + * copy_from_user: - Copy a block of data from user space.
8597 + * @to: Destination address, in kernel space.
8598 + * @from: Source address, in user space.
8599 + * @n: Number of bytes to copy.
8601 + * Context: User context only. This function may sleep.
8603 + * Copy data from user space to kernel space.
8605 + * Returns number of bytes that could not be copied.
8606 + * On success, this will be zero.
8608 + * If some data could not be copied, this function will pad the copied
8609 + * data to the requested size using zero bytes.
8611 +static __always_inline unsigned long __must_check
8612 +copy_from_user(void *to, const void __user *from, unsigned long n)
8614 + if (access_ok(VERIFY_READ, from, n))
8615 + n = __copy_from_user(to, from, n);
8616 + else if ((long)n > 0) {
8617 + if (!__builtin_constant_p(n))
8618 + check_object_size(to, n, false);
8624 -unsigned long __must_check copy_to_user(void __user *to,
8625 - const void *from, unsigned long n);
8626 -unsigned long __must_check copy_from_user(void *to,
8627 - const void __user *from,
8629 long __must_check strncpy_from_user(char *dst, const char __user *src,
8631 long __must_check __strncpy_from_user(char *dst,
8632 diff -urNp linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h
8633 --- linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h 2009-12-02 22:51:21.000000000 -0500
8634 +++ linux-2.6.32.1/arch/x86/include/asm/uaccess_64.h 2009-12-14 18:33:51.632016363 -0500
8636 #include <linux/lockdep.h>
8637 #include <asm/page.h>
8639 +#define set_fs(x) (current_thread_info()->addr_limit = (x))
8642 * Copy To/From Userspace
8644 @@ -19,20 +21,22 @@ __must_check unsigned long
8645 copy_user_generic(void *to, const void *from, unsigned len);
8647 __must_check unsigned long
8648 -copy_to_user(void __user *to, const void *from, unsigned len);
8649 -__must_check unsigned long
8650 -copy_from_user(void *to, const void __user *from, unsigned len);
8651 -__must_check unsigned long
8652 copy_in_user(void __user *to, const void __user *from, unsigned len);
8654 static __always_inline __must_check
8655 -int __copy_from_user(void *dst, const void __user *src, unsigned size)
8656 +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size)
8662 - if (!__builtin_constant_p(size))
8664 + if ((int)size < 0)
8667 + if (!__builtin_constant_p(size)) {
8668 + check_object_size(dst, size, false);
8669 return copy_user_generic(dst, (__force void *)src, size);
8672 case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
8673 ret, "b", "b", "=q", 1);
8674 @@ -70,13 +74,19 @@ int __copy_from_user(void *dst, const vo
8677 static __always_inline __must_check
8678 -int __copy_to_user(void __user *dst, const void *src, unsigned size)
8679 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size)
8685 - if (!__builtin_constant_p(size))
8687 + if ((int)size < 0)
8690 + if (!__builtin_constant_p(size)) {
8691 + check_object_size(src, size, true);
8692 return copy_user_generic((__force void *)dst, src, size);
8695 case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
8696 ret, "b", "b", "iq", 1);
8697 @@ -114,11 +124,39 @@ int __copy_to_user(void __user *dst, con
8700 static __always_inline __must_check
8701 -int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
8702 +unsigned long copy_to_user(void __user *to, const void *from, unsigned len)
8705 + if (access_ok(VERIFY_WRITE, to, len))
8706 + len = __copy_to_user(to, from, len);
8710 +static __always_inline __must_check
8711 +unsigned long copy_from_user(void *to, const void __user *from, unsigned len)
8716 + if (access_ok(VERIFY_READ, from, len))
8717 + len = __copy_from_user(to, from, len);
8718 + else if ((int)len > 0) {
8719 + if (!__builtin_constant_p(len))
8720 + check_object_size(to, len, false);
8721 + memset(to, 0, len);
8726 +static __always_inline __must_check
8727 +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
8733 + if ((int)size < 0)
8736 if (!__builtin_constant_p(size))
8737 return copy_user_generic((__force void *)dst,
8738 (__force void *)src, size);
8739 @@ -179,30 +217,38 @@ __must_check unsigned long __clear_user(
8740 __must_check long __copy_from_user_inatomic(void *dst, const void __user *src,
8743 -static __must_check __always_inline int
8744 +static __must_check __always_inline unsigned long
8745 __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
8747 + if ((int)size < 0)
8750 return copy_user_generic((__force void *)dst, src, size);
8753 -extern long __copy_user_nocache(void *dst, const void __user *src,
8754 +extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
8755 unsigned size, int zerorest);
8758 -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
8759 +static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
8763 + if ((int)size < 0)
8766 return __copy_user_nocache(dst, src, size, 1);
8770 -__copy_from_user_inatomic_nocache(void *dst, const void __user *src,
8771 +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
8774 + if ((int)size < 0)
8777 return __copy_user_nocache(dst, src, size, 0);
8781 +extern unsigned long
8782 copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
8784 #endif /* _ASM_X86_UACCESS_64_H */
8785 diff -urNp linux-2.6.32.1/arch/x86/include/asm/uaccess.h linux-2.6.32.1/arch/x86/include/asm/uaccess.h
8786 --- linux-2.6.32.1/arch/x86/include/asm/uaccess.h 2009-12-02 22:51:21.000000000 -0500
8787 +++ linux-2.6.32.1/arch/x86/include/asm/uaccess.h 2009-12-14 18:33:51.632016363 -0500
8789 #include <linux/thread_info.h>
8790 #include <linux/prefetch.h>
8791 #include <linux/string.h>
8792 +#include <linux/sched.h>
8793 +#include <linux/slab.h>
8794 #include <asm/asm.h>
8795 #include <asm/page.h>
8796 +#include <asm/segment.h>
8798 #define VERIFY_READ 0
8799 #define VERIFY_WRITE 1
8802 #define get_ds() (KERNEL_DS)
8803 #define get_fs() (current_thread_info()->addr_limit)
8804 +#ifdef CONFIG_X86_32
8805 +void __set_fs(mm_segment_t x, int cpu);
8806 +void set_fs(mm_segment_t x);
8808 #define set_fs(x) (current_thread_info()->addr_limit = (x))
8811 #define segment_eq(a, b) ((a).seg == (b).seg)
8814 * checks that the pointer is in the user space range - after calling
8815 * this function, memory access functions may still return -EFAULT.
8817 -#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
8818 +#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
8819 +#define access_ok(type, addr, size) \
8821 + long __size = size; \
8822 + unsigned long __addr = (unsigned long)addr; \
8823 + unsigned long __addr_ao = __addr & PAGE_MASK; \
8824 + unsigned long __end_ao = __addr + __size - 1; \
8825 + bool __ret_ao = __range_not_ok(__addr, __size) == 0; \
8826 + if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
8827 + for (; __addr_ao <= __end_ao; __addr_ao += PAGE_SIZE) { \
8829 + if (__size > PAGE_SIZE) \
8831 + if (__get_user(__c_ao, (char __user *)__addr_ao))\
8833 + if (type != VERIFY_WRITE) \
8835 + if (__put_user(__c_ao, (char __user *)__addr_ao))\
8843 * The exception table consists of pairs of addresses: the first is the
8844 @@ -183,13 +213,21 @@ extern int __get_user_bad(void);
8845 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
8846 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
8849 +#ifdef CONFIG_X86_32
8850 +#define _ASM_LOAD_USER_DS(ds) "movw %w" #ds ",%%ds\n"
8851 +#define _ASM_LOAD_KERNEL_DS "pushl %%ss; popl %%ds\n"
8853 +#define _ASM_LOAD_USER_DS(ds)
8854 +#define _ASM_LOAD_KERNEL_DS
8857 #ifdef CONFIG_X86_32
8858 #define __put_user_asm_u64(x, addr, err, errret) \
8859 - asm volatile("1: movl %%eax,0(%2)\n" \
8860 - "2: movl %%edx,4(%2)\n" \
8861 + asm volatile(_ASM_LOAD_USER_DS(5) \
8862 + "1: movl %%eax,%%ds:0(%2)\n" \
8863 + "2: movl %%edx,%%ds:4(%2)\n" \
8865 + _ASM_LOAD_KERNEL_DS \
8866 ".section .fixup,\"ax\"\n" \
8869 @@ -197,15 +235,18 @@ extern int __get_user_bad(void);
8870 _ASM_EXTABLE(1b, 4b) \
8871 _ASM_EXTABLE(2b, 4b) \
8873 - : "A" (x), "r" (addr), "i" (errret), "0" (err))
8874 + : "A" (x), "r" (addr), "i" (errret), "0" (err), \
8877 #define __put_user_asm_ex_u64(x, addr) \
8878 - asm volatile("1: movl %%eax,0(%1)\n" \
8879 - "2: movl %%edx,4(%1)\n" \
8880 + asm volatile(_ASM_LOAD_USER_DS(2) \
8881 + "1: movl %%eax,%%ds:0(%1)\n" \
8882 + "2: movl %%edx,%%ds:4(%1)\n" \
8884 + _ASM_LOAD_KERNEL_DS \
8885 _ASM_EXTABLE(1b, 2b - 1b) \
8886 _ASM_EXTABLE(2b, 3b - 2b) \
8887 - : : "A" (x), "r" (addr))
8888 + : : "A" (x), "r" (addr), "r"(__USER_DS))
8890 #define __put_user_x8(x, ptr, __ret_pu) \
8891 asm volatile("call __put_user_8" : "=a" (__ret_pu) \
8892 @@ -374,16 +415,18 @@ do { \
8895 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
8896 - asm volatile("1: mov"itype" %2,%"rtype"1\n" \
8897 + asm volatile(_ASM_LOAD_USER_DS(5) \
8898 + "1: mov"itype" %%ds:%2,%"rtype"1\n" \
8900 + _ASM_LOAD_KERNEL_DS \
8901 ".section .fixup,\"ax\"\n" \
8903 " xor"itype" %"rtype"1,%"rtype"1\n" \
8906 _ASM_EXTABLE(1b, 3b) \
8907 - : "=r" (err), ltype(x) \
8908 - : "m" (__m(addr)), "i" (errret), "0" (err))
8909 + : "=r" (err), ltype (x) \
8910 + : "m" (__m(addr)), "i" (errret), "0" (err), "r"(__USER_DS))
8912 #define __get_user_size_ex(x, ptr, size) \
8914 @@ -407,10 +450,12 @@ do { \
8917 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
8918 - asm volatile("1: mov"itype" %1,%"rtype"0\n" \
8919 + asm volatile(_ASM_LOAD_USER_DS(2) \
8920 + "1: mov"itype" %%ds:%1,%"rtype"0\n" \
8922 + _ASM_LOAD_KERNEL_DS \
8923 _ASM_EXTABLE(1b, 2b - 1b) \
8924 - : ltype(x) : "m" (__m(addr)))
8925 + : ltype(x) : "m" (__m(addr)), "r"(__USER_DS))
8927 #define __put_user_nocheck(x, ptr, size) \
8929 @@ -424,7 +469,7 @@ do { \
8931 unsigned long __gu_val; \
8932 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
8933 - (x) = (__force __typeof__(*(ptr)))__gu_val; \
8934 + (x) = (__typeof__(*(ptr)))__gu_val; \
8938 @@ -438,21 +483,26 @@ struct __large_struct { unsigned long bu
8941 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
8942 - asm volatile("1: mov"itype" %"rtype"1,%2\n" \
8943 + asm volatile(_ASM_LOAD_USER_DS(5) \
8944 + "1: mov"itype" %"rtype"1,%%ds:%2\n" \
8946 + _ASM_LOAD_KERNEL_DS \
8947 ".section .fixup,\"ax\"\n" \
8951 _ASM_EXTABLE(1b, 3b) \
8953 - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
8954 + : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err),\
8957 #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
8958 - asm volatile("1: mov"itype" %"rtype"0,%1\n" \
8959 + asm volatile(_ASM_LOAD_USER_DS(2) \
8960 + "1: mov"itype" %"rtype"0,%%ds:%1\n" \
8962 + _ASM_LOAD_KERNEL_DS \
8963 _ASM_EXTABLE(1b, 2b - 1b) \
8964 - : : ltype(x), "m" (__m(addr)))
8965 + : : ltype(x), "m" (__m(addr)), "r"(__USER_DS))
8968 * uaccess_try and catch
8969 @@ -530,7 +580,7 @@ struct __large_struct { unsigned long bu
8970 #define get_user_ex(x, ptr) do { \
8971 unsigned long __gue_val; \
8972 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
8973 - (x) = (__force __typeof__(*(ptr)))__gue_val; \
8974 + (x) = (__typeof__(*(ptr)))__gue_val; \
8977 #ifdef CONFIG_X86_WP_WORKS_OK
8978 @@ -567,6 +617,7 @@ extern struct movsl_mask {
8980 #define ARCH_HAS_NOCACHE_UACCESS 1
8982 +#define ARCH_HAS_SORT_EXTABLE
8983 #ifdef CONFIG_X86_32
8984 # include "uaccess_32.h"
8986 diff -urNp linux-2.6.32.1/arch/x86/include/asm/vgtod.h linux-2.6.32.1/arch/x86/include/asm/vgtod.h
8987 --- linux-2.6.32.1/arch/x86/include/asm/vgtod.h 2009-12-02 22:51:21.000000000 -0500
8988 +++ linux-2.6.32.1/arch/x86/include/asm/vgtod.h 2009-12-14 18:33:51.632749980 -0500
8989 @@ -14,6 +14,7 @@ struct vsyscall_gtod_data {
8991 struct timezone sys_tz;
8992 struct { /* extract of a clocksource struct */
8994 cycle_t (*vread)(void);
8997 diff -urNp linux-2.6.32.1/arch/x86/include/asm/vmi.h linux-2.6.32.1/arch/x86/include/asm/vmi.h
8998 --- linux-2.6.32.1/arch/x86/include/asm/vmi.h 2009-12-02 22:51:21.000000000 -0500
8999 +++ linux-2.6.32.1/arch/x86/include/asm/vmi.h 2009-12-14 18:33:51.632749980 -0500
9000 @@ -191,6 +191,7 @@ struct vrom_header {
9001 u8 reserved[96]; /* Reserved for headers */
9002 char vmi_init[8]; /* VMI_Init jump point */
9003 char get_reloc[8]; /* VMI_GetRelocationInfo jump point */
9004 + char rom_data[8048]; /* rest of the option ROM */
9005 } __attribute__((packed));
9008 diff -urNp linux-2.6.32.1/arch/x86/include/asm/vsyscall.h linux-2.6.32.1/arch/x86/include/asm/vsyscall.h
9009 --- linux-2.6.32.1/arch/x86/include/asm/vsyscall.h 2009-12-02 22:51:21.000000000 -0500
9010 +++ linux-2.6.32.1/arch/x86/include/asm/vsyscall.h 2009-12-14 18:33:51.632749980 -0500
9011 @@ -15,9 +15,10 @@ enum vsyscall_num {
9014 #include <linux/seqlock.h>
9015 +#include <linux/getcpu.h>
9016 +#include <linux/time.h>
9018 #define __section_vgetcpu_mode __attribute__ ((unused, __section__ (".vgetcpu_mode"), aligned(16)))
9019 -#define __section_jiffies __attribute__ ((unused, __section__ (".jiffies"), aligned(16)))
9021 /* Definitions for CONFIG_GENERIC_TIME definitions */
9022 #define __section_vsyscall_gtod_data __attribute__ \
9023 @@ -31,7 +32,6 @@ enum vsyscall_num {
9024 #define VGETCPU_LSL 2
9026 extern int __vgetcpu_mode;
9027 -extern volatile unsigned long __jiffies;
9029 /* kernel space (writeable) */
9030 extern int vgetcpu_mode;
9031 @@ -39,6 +39,9 @@ extern struct timezone sys_tz;
9033 extern void map_vsyscall(void);
9035 +extern int vgettimeofday(struct timeval * tv, struct timezone * tz);
9036 +extern time_t vtime(time_t *t);
9037 +extern long vgetcpu(unsigned *cpu, unsigned *node, struct getcpu_cache *tcache);
9038 #endif /* __KERNEL__ */
9040 #endif /* _ASM_X86_VSYSCALL_H */
9041 diff -urNp linux-2.6.32.1/arch/x86/Kconfig linux-2.6.32.1/arch/x86/Kconfig
9042 --- linux-2.6.32.1/arch/x86/Kconfig 2009-12-02 22:51:21.000000000 -0500
9043 +++ linux-2.6.32.1/arch/x86/Kconfig 2009-12-14 18:33:51.633828180 -0500
9044 @@ -1089,7 +1089,7 @@ config PAGE_OFFSET
9046 default 0xB0000000 if VMSPLIT_3G_OPT
9047 default 0x80000000 if VMSPLIT_2G
9048 - default 0x78000000 if VMSPLIT_2G_OPT
9049 + default 0x70000000 if VMSPLIT_2G_OPT
9050 default 0x40000000 if VMSPLIT_1G
9053 @@ -1415,7 +1415,7 @@ config ARCH_USES_PG_UNCACHED
9056 bool "EFI runtime service support"
9058 + depends on ACPI && !PAX_KERNEXEC
9060 This enables the kernel to use EFI runtime services that are
9061 available (such as the EFI variable services).
9062 @@ -1502,6 +1502,7 @@ config KEXEC_JUMP
9063 config PHYSICAL_START
9064 hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
9066 + range 0x400000 0x40000000
9068 This gives the physical address where the kernel is loaded.
9070 @@ -1566,6 +1567,7 @@ config PHYSICAL_ALIGN
9072 prompt "Alignment value to which kernel should be aligned" if X86_32
9074 + range 0x400000 0x1000000 if PAX_KERNEXEC
9075 range 0x2000 0x1000000
9077 This value puts the alignment restrictions on physical address
9078 @@ -1597,9 +1599,10 @@ config HOTPLUG_CPU
9079 Say N if you want to disable CPU hotplug.
9084 prompt "Compat VDSO support"
9085 depends on X86_32 || IA32_EMULATION
9086 + depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
9088 Map the 32-bit VDSO to the predictable old-style address too.
9090 diff -urNp linux-2.6.32.1/arch/x86/Kconfig.cpu linux-2.6.32.1/arch/x86/Kconfig.cpu
9091 --- linux-2.6.32.1/arch/x86/Kconfig.cpu 2009-12-02 22:51:21.000000000 -0500
9092 +++ linux-2.6.32.1/arch/x86/Kconfig.cpu 2009-12-14 18:33:51.633828180 -0500
9093 @@ -340,7 +340,7 @@ config X86_PPRO_FENCE
9097 - depends on M586MMX || M586TSC || M586 || M486 || M386
9098 + depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
9100 config X86_WP_WORKS_OK
9102 @@ -360,7 +360,7 @@ config X86_POPAD_OK
9104 config X86_ALIGNMENT_16
9106 - depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
9107 + depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
9109 config X86_INTEL_USERCOPY
9111 @@ -406,7 +406,7 @@ config X86_CMPXCHG64
9115 - depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
9116 + depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM)
9118 config X86_MINIMUM_CPU_FAMILY
9120 diff -urNp linux-2.6.32.1/arch/x86/Kconfig.debug linux-2.6.32.1/arch/x86/Kconfig.debug
9121 --- linux-2.6.32.1/arch/x86/Kconfig.debug 2009-12-02 22:51:21.000000000 -0500
9122 +++ linux-2.6.32.1/arch/x86/Kconfig.debug 2009-12-14 18:33:51.633828180 -0500
9123 @@ -99,7 +99,7 @@ config X86_PTDUMP
9125 bool "Write protect kernel read-only data structures"
9127 - depends on DEBUG_KERNEL
9128 + depends on DEBUG_KERNEL && BROKEN
9130 Mark the kernel read-only data as write-protected in the pagetables,
9131 in order to catch accidental (and incorrect) writes to such const
9132 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/boot.c linux-2.6.32.1/arch/x86/kernel/acpi/boot.c
9133 --- linux-2.6.32.1/arch/x86/kernel/acpi/boot.c 2009-12-02 22:51:21.000000000 -0500
9134 +++ linux-2.6.32.1/arch/x86/kernel/acpi/boot.c 2009-12-14 18:33:51.634726600 -0500
9135 @@ -1508,7 +1508,7 @@ static struct dmi_system_id __initdata a
9136 DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"),
9140 + { NULL, NULL, {{0, {0}}}, NULL}
9144 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S
9145 --- linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S 2009-12-02 22:51:21.000000000 -0500
9146 +++ linux-2.6.32.1/arch/x86/kernel/acpi/realmode/wakeup.S 2009-12-14 18:33:51.634726600 -0500
9147 @@ -104,7 +104,7 @@ _start:
9151 - movl $0xc0000080, %ecx
9152 + mov $MSR_EFER, %ecx
9156 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c
9157 --- linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c 2009-12-02 22:51:21.000000000 -0500
9158 +++ linux-2.6.32.1/arch/x86/kernel/acpi/sleep.c 2009-12-14 18:33:51.634726600 -0500
9160 #include <linux/cpumask.h>
9161 #include <asm/segment.h>
9162 #include <asm/desc.h>
9163 +#include <asm/e820.h>
9165 #include "realmode/wakeup.h"
9168 -unsigned long acpi_wakeup_address;
9169 +unsigned long acpi_wakeup_address = 0x2000;
9170 unsigned long acpi_realmode_flags;
9172 /* address in low memory of the wakeup routine. */
9173 @@ -99,8 +100,12 @@ int acpi_save_state_mem(void)
9174 header->trampoline_segment = setup_trampoline() >> 4;
9176 stack_start.sp = temp_stack + sizeof(temp_stack);
9178 + pax_open_kernel();
9179 early_gdt_descr.address =
9180 (unsigned long)get_cpu_gdt_table(smp_processor_id());
9181 + pax_close_kernel();
9183 initial_gs = per_cpu_offset(smp_processor_id());
9185 initial_code = (unsigned long)wakeup_long64;
9186 @@ -134,14 +139,8 @@ void __init acpi_reserve_bootmem(void)
9190 - acpi_realmode = (unsigned long)alloc_bootmem_low(WAKEUP_SIZE);
9192 - if (!acpi_realmode) {
9193 - printk(KERN_ERR "ACPI: Cannot allocate lowmem, S3 disabled.\n");
9197 - acpi_wakeup_address = virt_to_phys((void *)acpi_realmode);
9198 + reserve_early(acpi_wakeup_address, acpi_wakeup_address + WAKEUP_SIZE, "ACPI Wakeup Code");
9199 + acpi_realmode = (unsigned long)__va(acpi_wakeup_address);;
9203 diff -urNp linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S
9204 --- linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S 2009-12-02 22:51:21.000000000 -0500
9205 +++ linux-2.6.32.1/arch/x86/kernel/acpi/wakeup_32.S 2009-12-14 18:33:51.635713362 -0500
9206 @@ -30,13 +30,11 @@ wakeup_pmode_return:
9207 # and restore the stack ... but you need gdt for this to work
9208 movl saved_context_esp, %esp
9210 - movl %cs:saved_magic, %eax
9211 - cmpl $0x12345678, %eax
9212 + cmpl $0x12345678, saved_magic
9215 # jump to place where we left off
9216 - movl saved_eip, %eax
9222 diff -urNp linux-2.6.32.1/arch/x86/kernel/alternative.c linux-2.6.32.1/arch/x86/kernel/alternative.c
9223 --- linux-2.6.32.1/arch/x86/kernel/alternative.c 2009-12-02 22:51:21.000000000 -0500
9224 +++ linux-2.6.32.1/arch/x86/kernel/alternative.c 2009-12-14 18:33:51.636713026 -0500
9225 @@ -407,7 +407,7 @@ void __init_or_module apply_paravirt(str
9227 BUG_ON(p->len > MAX_PATCH_LEN);
9228 /* prep the buffer with the original instructions */
9229 - memcpy(insnbuf, p->instr, p->len);
9230 + memcpy(insnbuf, ktla_ktva(p->instr), p->len);
9231 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
9232 (unsigned long)p->instr, p->len);
9234 @@ -497,7 +497,11 @@ static void *__init_or_module text_poke_
9236 unsigned long flags;
9237 local_irq_save(flags);
9238 - memcpy(addr, opcode, len);
9240 + pax_open_kernel();
9241 + memcpy(ktla_ktva(addr), opcode, len);
9242 + pax_close_kernel();
9245 local_irq_restore(flags);
9246 /* Could also do a CLFLUSH here to speed up CPU recovery; but
9247 @@ -520,35 +524,21 @@ static void *__init_or_module text_poke_
9249 void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
9251 - unsigned long flags;
9253 + unsigned char *vaddr = ktla_ktva(addr);
9254 struct page *pages[2];
9258 if (!core_kernel_text((unsigned long)addr)) {
9259 - pages[0] = vmalloc_to_page(addr);
9260 - pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
9261 + pages[0] = vmalloc_to_page(vaddr);
9262 + pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE);
9264 - pages[0] = virt_to_page(addr);
9265 + pages[0] = virt_to_page(vaddr);
9266 WARN_ON(!PageReserved(pages[0]));
9267 - pages[1] = virt_to_page(addr + PAGE_SIZE);
9268 + pages[1] = virt_to_page(vaddr + PAGE_SIZE);
9271 - local_irq_save(flags);
9272 - set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
9274 - set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1]));
9275 - vaddr = (char *)fix_to_virt(FIX_TEXT_POKE0);
9276 - memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
9277 - clear_fixmap(FIX_TEXT_POKE0);
9279 - clear_fixmap(FIX_TEXT_POKE1);
9280 - local_flush_tlb();
9282 - /* Could also do a CLFLUSH here to speed up CPU recovery; but
9283 - that causes hangs on some VIA CPUs. */
9284 + text_poke_early(addr, opcode, len);
9285 for (i = 0; i < len; i++)
9286 - BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
9287 - local_irq_restore(flags);
9288 + BUG_ON(((char *)vaddr)[i] != ((char *)opcode)[i]);
9291 diff -urNp linux-2.6.32.1/arch/x86/kernel/amd_iommu.c linux-2.6.32.1/arch/x86/kernel/amd_iommu.c
9292 --- linux-2.6.32.1/arch/x86/kernel/amd_iommu.c 2009-12-02 22:51:21.000000000 -0500
9293 +++ linux-2.6.32.1/arch/x86/kernel/amd_iommu.c 2009-12-14 18:33:51.637702583 -0500
9294 @@ -2069,7 +2069,7 @@ static void prealloc_protection_domains(
9298 -static struct dma_map_ops amd_iommu_dma_ops = {
9299 +static const struct dma_map_ops amd_iommu_dma_ops = {
9300 .alloc_coherent = alloc_coherent,
9301 .free_coherent = free_coherent,
9302 .map_page = map_page,
9303 diff -urNp linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c
9304 --- linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c 2009-12-02 22:51:21.000000000 -0500
9305 +++ linux-2.6.32.1/arch/x86/kernel/apic/io_apic.c 2009-12-14 18:33:51.639703158 -0500
9306 @@ -711,7 +711,7 @@ struct IO_APIC_route_entry **alloc_ioapi
9307 ioapic_entries = kzalloc(sizeof(*ioapic_entries) * nr_ioapics,
9309 if (!ioapic_entries)
9313 for (apic = 0; apic < nr_ioapics; apic++) {
9314 ioapic_entries[apic] =
9315 @@ -728,7 +728,7 @@ nomem:
9316 kfree(ioapic_entries[apic]);
9317 kfree(ioapic_entries);
9324 @@ -1145,7 +1145,7 @@ int IO_APIC_get_PCI_irq_vector(int bus,
9326 EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector);
9328 -void lock_vector_lock(void)
9329 +void lock_vector_lock(void) __acquires(vector_lock)
9331 /* Used to the online set of cpus does not change
9332 * during assign_irq_vector.
9333 @@ -1153,7 +1153,7 @@ void lock_vector_lock(void)
9334 spin_lock(&vector_lock);
9337 -void unlock_vector_lock(void)
9338 +void unlock_vector_lock(void) __releases(vector_lock)
9340 spin_unlock(&vector_lock);
9342 diff -urNp linux-2.6.32.1/arch/x86/kernel/apm_32.c linux-2.6.32.1/arch/x86/kernel/apm_32.c
9343 --- linux-2.6.32.1/arch/x86/kernel/apm_32.c 2009-12-02 22:51:21.000000000 -0500
9344 +++ linux-2.6.32.1/arch/x86/kernel/apm_32.c 2009-12-14 18:33:51.650727711 -0500
9345 @@ -410,7 +410,7 @@ static DEFINE_SPINLOCK(user_list_lock);
9346 * This is for buggy BIOS's that refer to (real mode) segment 0x40
9347 * even though they are called in protected mode.
9349 -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
9350 +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
9351 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
9353 static const char driver_version[] = "1.16ac"; /* no spaces */
9354 @@ -588,7 +588,10 @@ static long __apm_bios_call(void *_call)
9356 gdt = get_cpu_gdt_table(cpu);
9357 save_desc_40 = gdt[0x40 / 8];
9359 + pax_open_kernel();
9360 gdt[0x40 / 8] = bad_bios_desc;
9361 + pax_close_kernel();
9363 apm_irq_save(flags);
9365 @@ -597,7 +600,11 @@ static long __apm_bios_call(void *_call)
9367 APM_DO_RESTORE_SEGS;
9368 apm_irq_restore(flags);
9370 + pax_open_kernel();
9371 gdt[0x40 / 8] = save_desc_40;
9372 + pax_close_kernel();
9376 return call->eax & 0xff;
9377 @@ -664,7 +671,10 @@ static long __apm_bios_call_simple(void
9379 gdt = get_cpu_gdt_table(cpu);
9380 save_desc_40 = gdt[0x40 / 8];
9382 + pax_open_kernel();
9383 gdt[0x40 / 8] = bad_bios_desc;
9384 + pax_close_kernel();
9386 apm_irq_save(flags);
9388 @@ -672,7 +682,11 @@ static long __apm_bios_call_simple(void
9390 APM_DO_RESTORE_SEGS;
9391 apm_irq_restore(flags);
9393 + pax_open_kernel();
9394 gdt[0x40 / 8] = save_desc_40;
9395 + pax_close_kernel();
9400 @@ -975,7 +989,7 @@ recalc:
9402 static void apm_power_off(void)
9404 - unsigned char po_bios_call[] = {
9405 + const unsigned char po_bios_call[] = {
9406 0xb8, 0x00, 0x10, /* movw $0x1000,ax */
9407 0x8e, 0xd0, /* movw ax,ss */
9408 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */
9409 @@ -1933,7 +1947,10 @@ static const struct file_operations apm_
9410 static struct miscdevice apm_device = {
9421 @@ -2254,7 +2271,7 @@ static struct dmi_system_id __initdata a
9422 { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
9426 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
9430 @@ -2357,12 +2374,15 @@ static int __init apm_init(void)
9433 gdt = get_cpu_gdt_table(0);
9435 + pax_open_kernel();
9436 set_desc_base(&gdt[APM_CS >> 3],
9437 (unsigned long)__va((unsigned long)apm_info.bios.cseg << 4));
9438 set_desc_base(&gdt[APM_CS_16 >> 3],
9439 (unsigned long)__va((unsigned long)apm_info.bios.cseg_16 << 4));
9440 set_desc_base(&gdt[APM_DS >> 3],
9441 (unsigned long)__va((unsigned long)apm_info.bios.dseg << 4));
9442 + pax_close_kernel();
9444 proc_create("apm", 0, NULL, &apm_file_ops);
9446 diff -urNp linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c
9447 --- linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c 2009-12-02 22:51:21.000000000 -0500
9448 +++ linux-2.6.32.1/arch/x86/kernel/asm-offsets_32.c 2009-12-14 18:33:51.650727711 -0500
9449 @@ -115,6 +115,11 @@ void foo(void)
9450 OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
9451 OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
9452 OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
9454 +#ifdef CONFIG_PAX_KERNEXEC
9455 + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
9461 diff -urNp linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c
9462 --- linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c 2009-12-02 22:51:21.000000000 -0500
9463 +++ linux-2.6.32.1/arch/x86/kernel/asm-offsets_64.c 2009-12-14 18:33:51.651715474 -0500
9464 @@ -115,6 +115,7 @@ int main(void)
9468 + DEFINE(TSS_size, sizeof(struct tss_struct));
9469 DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
9471 DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
9472 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/common.c linux-2.6.32.1/arch/x86/kernel/cpu/common.c
9473 --- linux-2.6.32.1/arch/x86/kernel/cpu/common.c 2009-12-02 22:51:21.000000000 -0500
9474 +++ linux-2.6.32.1/arch/x86/kernel/cpu/common.c 2009-12-14 18:33:51.651715474 -0500
9475 @@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitcon
9477 static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
9479 -DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
9480 -#ifdef CONFIG_X86_64
9482 - * We need valid kernel segments for data and code in long mode too
9483 - * IRET will check the segment types kkeil 2000/10/28
9484 - * Also sysret mandates a special GDT layout
9486 - * TLS descriptors are currently at a different place compared to i386.
9487 - * Hopefully nobody expects them at a fixed place (Wine?)
9489 - [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff),
9490 - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff),
9491 - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc093, 0, 0xfffff),
9492 - [GDT_ENTRY_DEFAULT_USER32_CS] = GDT_ENTRY_INIT(0xc0fb, 0, 0xfffff),
9493 - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f3, 0, 0xfffff),
9494 - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xa0fb, 0, 0xfffff),
9496 - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xc09a, 0, 0xfffff),
9497 - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
9498 - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xc0fa, 0, 0xfffff),
9499 - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f2, 0, 0xfffff),
9501 - * Segments used for calling PnP BIOS have byte granularity.
9502 - * They code segments and data segments have fixed 64k limits,
9503 - * the transfer segment sizes are set at run time.
9506 - [GDT_ENTRY_PNPBIOS_CS32] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
9508 - [GDT_ENTRY_PNPBIOS_CS16] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
9510 - [GDT_ENTRY_PNPBIOS_DS] = GDT_ENTRY_INIT(0x0092, 0, 0xffff),
9512 - [GDT_ENTRY_PNPBIOS_TS1] = GDT_ENTRY_INIT(0x0092, 0, 0),
9514 - [GDT_ENTRY_PNPBIOS_TS2] = GDT_ENTRY_INIT(0x0092, 0, 0),
9516 - * The APM segments have byte granularity and their bases
9517 - * are set at run time. All have 64k limits.
9520 - [GDT_ENTRY_APMBIOS_BASE] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
9522 - [GDT_ENTRY_APMBIOS_BASE+1] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
9524 - [GDT_ENTRY_APMBIOS_BASE+2] = GDT_ENTRY_INIT(0x4092, 0, 0xffff),
9526 - [GDT_ENTRY_ESPFIX_SS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
9527 - [GDT_ENTRY_PERCPU] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
9528 - GDT_STACK_CANARY_INIT
9531 -EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
9533 static int __init x86_xsave_setup(char *s)
9535 setup_clear_cpu_cap(X86_FEATURE_XSAVE);
9536 @@ -344,7 +290,7 @@ void switch_to_new_gdt(int cpu)
9538 struct desc_ptr gdt_descr;
9540 - gdt_descr.address = (long)get_cpu_gdt_table(cpu);
9541 + gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
9542 gdt_descr.size = GDT_SIZE - 1;
9543 load_gdt(&gdt_descr);
9544 /* Reload the per-cpu base */
9545 @@ -798,6 +744,10 @@ static void __cpuinit identify_cpu(struc
9546 /* Filter out anything that depends on CPUID levels we don't have */
9547 filter_cpuid_features(c, true);
9549 +#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
9550 + setup_clear_cpu_cap(X86_FEATURE_SEP);
9553 /* If the model name is still unset, do table lookup. */
9554 if (!c->x86_model_id[0]) {
9556 @@ -1101,7 +1051,7 @@ void __cpuinit cpu_init(void)
9559 cpu = stack_smp_processor_id();
9560 - t = &per_cpu(init_tss, cpu);
9561 + t = init_tss + cpu;
9562 orig_ist = &per_cpu(orig_ist, cpu);
9565 @@ -1199,7 +1149,7 @@ void __cpuinit cpu_init(void)
9567 int cpu = smp_processor_id();
9568 struct task_struct *curr = current;
9569 - struct tss_struct *t = &per_cpu(init_tss, cpu);
9570 + struct tss_struct *t = init_tss + cpu;
9571 struct thread_struct *thread = &curr->thread;
9573 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
9574 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
9575 --- linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2009-12-02 22:51:21.000000000 -0500
9576 +++ linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2009-12-14 18:33:51.651715474 -0500
9577 @@ -521,7 +521,7 @@ static const struct dmi_system_id sw_any
9578 DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"),
9582 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
9585 static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c)
9586 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
9587 --- linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2009-12-02 22:51:21.000000000 -0500
9588 +++ linux-2.6.32.1/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2009-12-14 18:33:51.651715474 -0500
9589 @@ -225,7 +225,7 @@ static struct cpu_model models[] =
9590 { &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL },
9591 { &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL },
9594 + { NULL, NULL, 0, NULL}
9598 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/intel.c linux-2.6.32.1/arch/x86/kernel/cpu/intel.c
9599 --- linux-2.6.32.1/arch/x86/kernel/cpu/intel.c 2009-12-02 22:51:21.000000000 -0500
9600 +++ linux-2.6.32.1/arch/x86/kernel/cpu/intel.c 2009-12-14 18:33:51.652916887 -0500
9601 @@ -140,7 +140,7 @@ static void __cpuinit trap_init_f00f_bug
9602 * Update the IDT descriptor and reload the IDT so that
9603 * it uses the read-only mapped virtual address.
9605 - idt_descr.address = fix_to_virt(FIX_F00F_IDT);
9606 + idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
9607 load_idt(&idt_descr);
9610 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c
9611 --- linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c 2009-12-02 22:51:21.000000000 -0500
9612 +++ linux-2.6.32.1/arch/x86/kernel/cpu/intel_cacheinfo.c 2009-12-14 18:33:51.654157859 -0500
9613 @@ -860,7 +860,7 @@ static ssize_t store(struct kobject *kob
9617 -static struct sysfs_ops sysfs_ops = {
9618 +static const struct sysfs_ops sysfs_ops = {
9622 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/Makefile linux-2.6.32.1/arch/x86/kernel/cpu/Makefile
9623 --- linux-2.6.32.1/arch/x86/kernel/cpu/Makefile 2009-12-02 22:51:21.000000000 -0500
9624 +++ linux-2.6.32.1/arch/x86/kernel/cpu/Makefile 2009-12-14 18:33:51.654722553 -0500
9625 @@ -7,10 +7,6 @@ ifdef CONFIG_FUNCTION_TRACER
9626 CFLAGS_REMOVE_common.o = -pg
9629 -# Make sure load_percpu_segment has no stackprotector
9630 -nostackp := $(call cc-option, -fno-stack-protector)
9631 -CFLAGS_common.o := $(nostackp)
9633 obj-y := intel_cacheinfo.o addon_cpuid_features.o
9634 obj-y += proc.o capflags.o powerflags.o common.o
9635 obj-y += vmware.o hypervisor.o sched.o
9636 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c
9637 --- linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c 2009-12-02 22:51:21.000000000 -0500
9638 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce_amd.c 2009-12-14 18:33:51.654722553 -0500
9639 @@ -388,7 +388,7 @@ static ssize_t store(struct kobject *kob
9643 -static struct sysfs_ops threshold_ops = {
9644 +static const struct sysfs_ops threshold_ops = {
9648 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c
9649 --- linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c 2009-12-02 22:51:21.000000000 -0500
9650 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mcheck/mce.c 2009-12-14 18:33:51.654722553 -0500
9651 @@ -1428,14 +1428,14 @@ void __cpuinit mcheck_init(struct cpuinf
9654 static DEFINE_SPINLOCK(mce_state_lock);
9655 -static int open_count; /* #times opened */
9656 +static atomic_t open_count; /* #times opened */
9657 static int open_exclu; /* already open exclusive? */
9659 static int mce_open(struct inode *inode, struct file *file)
9661 spin_lock(&mce_state_lock);
9663 - if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
9664 + if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) {
9665 spin_unlock(&mce_state_lock);
9668 @@ -1443,7 +1443,7 @@ static int mce_open(struct inode *inode,
9670 if (file->f_flags & O_EXCL)
9673 + atomic_inc(&open_count);
9675 spin_unlock(&mce_state_lock);
9677 @@ -1454,7 +1454,7 @@ static int mce_release(struct inode *ino
9679 spin_lock(&mce_state_lock);
9682 + atomic_dec(&open_count);
9685 spin_unlock(&mce_state_lock);
9686 @@ -1594,6 +1594,7 @@ static struct miscdevice mce_log_device
9690 + {NULL, NULL}, NULL, NULL
9694 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c
9695 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c 2009-12-02 22:51:21.000000000 -0500
9696 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/amd.c 2009-12-14 18:33:51.655699526 -0500
9697 @@ -108,7 +108,7 @@ amd_validate_add_page(unsigned long base
9701 -static struct mtrr_ops amd_mtrr_ops = {
9702 +static const struct mtrr_ops amd_mtrr_ops = {
9703 .vendor = X86_VENDOR_AMD,
9704 .set = amd_set_mtrr,
9705 .get = amd_get_mtrr,
9706 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c
9707 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c 2009-12-02 22:51:21.000000000 -0500
9708 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/centaur.c 2009-12-14 18:33:51.655699526 -0500
9709 @@ -110,7 +110,7 @@ centaur_validate_add_page(unsigned long
9713 -static struct mtrr_ops centaur_mtrr_ops = {
9714 +static const struct mtrr_ops centaur_mtrr_ops = {
9715 .vendor = X86_VENDOR_CENTAUR,
9716 .set = centaur_set_mcr,
9717 .get = centaur_get_mcr,
9718 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c
9719 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c 2009-12-02 22:51:21.000000000 -0500
9720 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/cyrix.c 2009-12-14 18:33:51.655699526 -0500
9721 @@ -265,7 +265,7 @@ static void cyrix_set_all(void)
9725 -static struct mtrr_ops cyrix_mtrr_ops = {
9726 +static const struct mtrr_ops cyrix_mtrr_ops = {
9727 .vendor = X86_VENDOR_CYRIX,
9728 .set_all = cyrix_set_all,
9729 .set = cyrix_set_arr,
9730 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c
9731 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c 2009-12-02 22:51:21.000000000 -0500
9732 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/generic.c 2009-12-14 18:33:51.655699526 -0500
9733 @@ -29,7 +29,7 @@ static struct fixed_range_block fixed_ra
9734 { MSR_MTRRfix64K_00000, 1 }, /* one 64k MTRR */
9735 { MSR_MTRRfix16K_80000, 2 }, /* two 16k MTRRs */
9736 { MSR_MTRRfix4K_C0000, 8 }, /* eight 4k MTRRs */
9741 static unsigned long smp_changes_mask;
9742 @@ -752,7 +752,7 @@ int positive_have_wrcomb(void)
9744 * Generic structure...
9746 -struct mtrr_ops generic_mtrr_ops = {
9747 +const struct mtrr_ops generic_mtrr_ops = {
9749 .set_all = generic_set_all,
9750 .get = generic_get_mtrr,
9751 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c
9752 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c 2009-12-02 22:51:21.000000000 -0500
9753 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/main.c 2009-12-14 18:33:51.655699526 -0500
9754 @@ -60,14 +60,14 @@ static DEFINE_MUTEX(mtrr_mutex);
9755 u64 size_or_mask, size_and_mask;
9756 static bool mtrr_aps_delayed_init;
9758 -static struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM];
9759 +static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __read_only;
9761 -struct mtrr_ops *mtrr_if;
9762 +const struct mtrr_ops *mtrr_if;
9764 static void set_mtrr(unsigned int reg, unsigned long base,
9765 unsigned long size, mtrr_type type);
9767 -void set_mtrr_ops(struct mtrr_ops *ops)
9768 +void set_mtrr_ops(const struct mtrr_ops *ops)
9770 if (ops->vendor && ops->vendor < X86_VENDOR_NUM)
9771 mtrr_ops[ops->vendor] = ops;
9772 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h
9773 --- linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h 2009-12-02 22:51:21.000000000 -0500
9774 +++ linux-2.6.32.1/arch/x86/kernel/cpu/mtrr/mtrr.h 2009-12-14 18:33:51.657105851 -0500
9776 extern unsigned int mtrr_usage_table[MTRR_MAX_VAR_RANGES];
9781 - void (*set)(unsigned int reg, unsigned long base,
9783 + const u32 use_intel_if;
9784 + void (* const set)(unsigned int reg, unsigned long base,
9785 unsigned long size, mtrr_type type);
9786 - void (*set_all)(void);
9787 + void (* const set_all)(void);
9789 - void (*get)(unsigned int reg, unsigned long *base,
9790 + void (* const get)(unsigned int reg, unsigned long *base,
9791 unsigned long *size, mtrr_type *type);
9792 - int (*get_free_region)(unsigned long base, unsigned long size,
9793 + int (* const get_free_region)(unsigned long base, unsigned long size,
9795 - int (*validate_add_page)(unsigned long base, unsigned long size,
9796 + int (* const validate_add_page)(unsigned long base, unsigned long size,
9798 - int (*have_wrcomb)(void);
9799 + int (* const have_wrcomb)(void);
9802 extern int generic_get_free_region(unsigned long base, unsigned long size,
9803 @@ -32,7 +32,7 @@ extern int generic_get_free_region(unsig
9804 extern int generic_validate_add_page(unsigned long base, unsigned long size,
9807 -extern struct mtrr_ops generic_mtrr_ops;
9808 +extern const struct mtrr_ops generic_mtrr_ops;
9810 extern int positive_have_wrcomb(void);
9812 @@ -53,10 +53,10 @@ void fill_mtrr_var_range(unsigned int in
9813 u32 base_lo, u32 base_hi, u32 mask_lo, u32 mask_hi);
9814 void get_mtrr_state(void);
9816 -extern void set_mtrr_ops(struct mtrr_ops *ops);
9817 +extern void set_mtrr_ops(const struct mtrr_ops *ops);
9819 extern u64 size_or_mask, size_and_mask;
9820 -extern struct mtrr_ops *mtrr_if;
9821 +extern const struct mtrr_ops *mtrr_if;
9823 #define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd)
9824 #define use_intel() (mtrr_if && mtrr_if->use_intel_if == 1)
9825 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c
9826 --- linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c 2009-12-02 22:51:21.000000000 -0500
9827 +++ linux-2.6.32.1/arch/x86/kernel/cpu/perfctr-watchdog.c 2009-12-14 18:33:51.657724494 -0500
9828 @@ -30,11 +30,11 @@ struct nmi_watchdog_ctlblk {
9830 /* Interface defining a CPU specific perfctr watchdog */
9832 - int (*reserve)(void);
9833 - void (*unreserve)(void);
9834 - int (*setup)(unsigned nmi_hz);
9835 - void (*rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz);
9836 - void (*stop)(void);
9837 + int (* const reserve)(void);
9838 + void (* const unreserve)(void);
9839 + int (* const setup)(unsigned nmi_hz);
9840 + void (* const rearm)(struct nmi_watchdog_ctlblk *wd, unsigned nmi_hz);
9841 + void (* const stop)(void);
9845 @@ -645,6 +645,7 @@ static const struct wd_ops p4_wd_ops = {
9846 #define ARCH_PERFMON_NMI_EVENT_SEL ARCH_PERFMON_UNHALTED_CORE_CYCLES_SEL
9847 #define ARCH_PERFMON_NMI_EVENT_UMASK ARCH_PERFMON_UNHALTED_CORE_CYCLES_UMASK
9849 +/* cannot be const */
9850 static struct wd_ops intel_arch_wd_ops;
9852 static int setup_intel_arch_watchdog(unsigned nmi_hz)
9853 @@ -697,6 +698,7 @@ static int setup_intel_arch_watchdog(uns
9857 +/* cannot be const */
9858 static struct wd_ops intel_arch_wd_ops __read_mostly = {
9859 .reserve = single_msr_reserve,
9860 .unreserve = single_msr_unreserve,
9861 diff -urNp linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c
9862 --- linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c 2009-12-02 22:51:21.000000000 -0500
9863 +++ linux-2.6.32.1/arch/x86/kernel/cpu/perf_event.c 2009-12-14 18:33:51.657724494 -0500
9864 @@ -2252,7 +2252,7 @@ perf_callchain_user(struct pt_regs *regs
9867 callchain_store(entry, frame.return_address);
9868 - fp = frame.next_frame;
9869 + fp = (__force const void __user *)frame.next_frame;
9873 diff -urNp linux-2.6.32.1/arch/x86/kernel/crash.c linux-2.6.32.1/arch/x86/kernel/crash.c
9874 --- linux-2.6.32.1/arch/x86/kernel/crash.c 2009-12-02 22:51:21.000000000 -0500
9875 +++ linux-2.6.32.1/arch/x86/kernel/crash.c 2009-12-14 18:33:51.657724494 -0500
9876 @@ -42,7 +42,7 @@ static void kdump_nmi_callback(int cpu,
9879 #ifdef CONFIG_X86_32
9880 - if (!user_mode_vm(regs)) {
9881 + if (!user_mode(regs)) {
9882 crash_fixup_ss_esp(&fixed_regs, regs);
9885 diff -urNp linux-2.6.32.1/arch/x86/kernel/doublefault_32.c linux-2.6.32.1/arch/x86/kernel/doublefault_32.c
9886 --- linux-2.6.32.1/arch/x86/kernel/doublefault_32.c 2009-12-02 22:51:21.000000000 -0500
9887 +++ linux-2.6.32.1/arch/x86/kernel/doublefault_32.c 2009-12-14 18:33:51.657724494 -0500
9890 #define DOUBLEFAULT_STACKSIZE (1024)
9891 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
9892 -#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
9893 +#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2)
9895 #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
9897 @@ -21,7 +21,7 @@ static void doublefault_fn(void)
9898 unsigned long gdt, tss;
9900 store_gdt(&gdt_desc);
9901 - gdt = gdt_desc.address;
9902 + gdt = (unsigned long)gdt_desc.address;
9904 printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
9906 @@ -58,10 +58,10 @@ struct tss_struct doublefault_tss __cach
9907 /* 0x2 bit is always set */
9908 .flags = X86_EFLAGS_SF | 0x2,
9911 + .es = __KERNEL_DS,
9915 + .ds = __KERNEL_DS,
9916 .fs = __KERNEL_PERCPU,
9918 .__cr3 = __pa_nodebug(swapper_pg_dir),
9919 diff -urNp linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c
9920 --- linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c 2009-12-02 22:51:21.000000000 -0500
9921 +++ linux-2.6.32.1/arch/x86/kernel/dumpstack_32.c 2009-12-14 18:33:51.658747364 -0500
9922 @@ -112,11 +112,12 @@ void show_registers(struct pt_regs *regs
9923 * When in-kernel, we also print out the stack and code at the
9924 * time of the fault..
9926 - if (!user_mode_vm(regs)) {
9927 + if (!user_mode(regs)) {
9928 unsigned int code_prologue = code_bytes * 43 / 64;
9929 unsigned int code_len = code_bytes;
9932 + unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
9934 printk(KERN_EMERG "Stack:\n");
9935 show_stack_log_lvl(NULL, regs, ®s->sp,
9936 @@ -124,10 +125,10 @@ void show_registers(struct pt_regs *regs
9938 printk(KERN_EMERG "Code: ");
9940 - ip = (u8 *)regs->ip - code_prologue;
9941 + ip = (u8 *)regs->ip - code_prologue + cs_base;
9942 if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
9943 /* try starting at IP */
9944 - ip = (u8 *)regs->ip;
9945 + ip = (u8 *)regs->ip + cs_base;
9946 code_len = code_len - code_prologue + 1;
9948 for (i = 0; i < code_len; i++, ip++) {
9949 @@ -136,7 +137,7 @@ void show_registers(struct pt_regs *regs
9950 printk(" Bad EIP value.");
9953 - if (ip == (u8 *)regs->ip)
9954 + if (ip == (u8 *)regs->ip + cs_base)
9955 printk("<%02x> ", c);
9958 @@ -149,6 +150,7 @@ int is_valid_bugaddr(unsigned long ip)
9962 + ip = ktla_ktva(ip);
9963 if (ip < PAGE_OFFSET)
9965 if (probe_kernel_address((unsigned short *)ip, ud2))
9966 diff -urNp linux-2.6.32.1/arch/x86/kernel/dumpstack.c linux-2.6.32.1/arch/x86/kernel/dumpstack.c
9967 --- linux-2.6.32.1/arch/x86/kernel/dumpstack.c 2009-12-02 22:51:21.000000000 -0500
9968 +++ linux-2.6.32.1/arch/x86/kernel/dumpstack.c 2009-12-14 18:33:51.658747364 -0500
9969 @@ -180,7 +180,7 @@ void dump_stack(void)
9972 printk("Pid: %d, comm: %.20s xid: #%u %s %s %.*s\n",
9973 - current->pid, current->comm, current->xid, print_tainted(),
9974 + task_pid_nr(current), current->comm, current->xid, print_tainted(),
9975 init_utsname()->release,
9976 (int)strcspn(init_utsname()->version, " "),
9977 init_utsname()->version);
9978 @@ -241,7 +241,7 @@ void __kprobes oops_end(unsigned long fl
9979 panic("Fatal exception in interrupt");
9981 panic("Fatal exception");
9983 + do_group_exit(signr);
9986 int __kprobes __die(const char *str, struct pt_regs *regs, long err)
9987 @@ -295,7 +295,7 @@ void die(const char *str, struct pt_regs
9988 unsigned long flags = oops_begin();
9991 - if (!user_mode_vm(regs))
9992 + if (!user_mode(regs))
9993 report_bug(regs->ip, regs);
9995 if (__die(str, regs, err))
9996 diff -urNp linux-2.6.32.1/arch/x86/kernel/e820.c linux-2.6.32.1/arch/x86/kernel/e820.c
9997 --- linux-2.6.32.1/arch/x86/kernel/e820.c 2009-12-02 22:51:21.000000000 -0500
9998 +++ linux-2.6.32.1/arch/x86/kernel/e820.c 2009-12-14 18:33:51.663700965 -0500
9999 @@ -733,7 +733,10 @@ struct early_res {
10001 static struct early_res early_res[MAX_EARLY_RES] __initdata = {
10002 { 0, PAGE_SIZE, "BIOS data page" }, /* BIOS data page */
10004 +#ifdef CONFIG_VM86
10005 + { PAGE_SIZE, ISA_START_ADDRESS, "V86 mode memory", 1 },
10010 static int __init find_overlapped_early(u64 start, u64 end)
10011 diff -urNp linux-2.6.32.1/arch/x86/kernel/efi_32.c linux-2.6.32.1/arch/x86/kernel/efi_32.c
10012 --- linux-2.6.32.1/arch/x86/kernel/efi_32.c 2009-12-02 22:51:21.000000000 -0500
10013 +++ linux-2.6.32.1/arch/x86/kernel/efi_32.c 2009-12-14 18:33:51.663700965 -0500
10014 @@ -38,70 +38,38 @@
10017 static unsigned long efi_rt_eflags;
10018 -static pgd_t efi_bak_pg_dir_pointer[2];
10019 +static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS];
10021 -void efi_call_phys_prelog(void)
10022 +void __init efi_call_phys_prelog(void)
10024 - unsigned long cr4;
10025 - unsigned long temp;
10026 struct desc_ptr gdt_descr;
10028 local_irq_save(efi_rt_eflags);
10031 - * If I don't have PAE, I should just duplicate two entries in page
10032 - * directory. If I have PAE, I just need to duplicate one entry in
10033 - * page directory.
10035 - cr4 = read_cr4_safe();
10037 - if (cr4 & X86_CR4_PAE) {
10038 - efi_bak_pg_dir_pointer[0].pgd =
10039 - swapper_pg_dir[pgd_index(0)].pgd;
10040 - swapper_pg_dir[0].pgd =
10041 - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
10043 - efi_bak_pg_dir_pointer[0].pgd =
10044 - swapper_pg_dir[pgd_index(0)].pgd;
10045 - efi_bak_pg_dir_pointer[1].pgd =
10046 - swapper_pg_dir[pgd_index(0x400000)].pgd;
10047 - swapper_pg_dir[pgd_index(0)].pgd =
10048 - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
10049 - temp = PAGE_OFFSET + 0x400000;
10050 - swapper_pg_dir[pgd_index(0x400000)].pgd =
10051 - swapper_pg_dir[pgd_index(temp)].pgd;
10053 + clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS);
10054 + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
10055 + min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
10058 * After the lock is released, the original page table is restored.
10062 - gdt_descr.address = __pa(get_cpu_gdt_table(0));
10063 + gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
10064 gdt_descr.size = GDT_SIZE - 1;
10065 load_gdt(&gdt_descr);
10068 -void efi_call_phys_epilog(void)
10069 +void __init efi_call_phys_epilog(void)
10071 - unsigned long cr4;
10072 struct desc_ptr gdt_descr;
10074 - gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
10075 + gdt_descr.address = get_cpu_gdt_table(0);
10076 gdt_descr.size = GDT_SIZE - 1;
10077 load_gdt(&gdt_descr);
10079 - cr4 = read_cr4_safe();
10081 - if (cr4 & X86_CR4_PAE) {
10082 - swapper_pg_dir[pgd_index(0)].pgd =
10083 - efi_bak_pg_dir_pointer[0].pgd;
10085 - swapper_pg_dir[pgd_index(0)].pgd =
10086 - efi_bak_pg_dir_pointer[0].pgd;
10087 - swapper_pg_dir[pgd_index(0x400000)].pgd =
10088 - efi_bak_pg_dir_pointer[1].pgd;
10090 + clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS);
10093 * After the lock is released, the original page table is restored.
10094 diff -urNp linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S
10095 --- linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S 2009-12-02 22:51:21.000000000 -0500
10096 +++ linux-2.6.32.1/arch/x86/kernel/efi_stub_32.S 2009-12-14 18:33:51.664705034 -0500
10100 #include <linux/linkage.h>
10101 +#include <linux/init.h>
10102 #include <asm/page_types.h>
10106 * service functions will comply with gcc calling convention, too.
10111 ENTRY(efi_call_phys)
10113 * 0. The function can only be called in Linux kernel. So CS has been
10114 @@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
10115 * The mapping of lower virtual memory has been created in prelog and
10119 - subl $__PAGE_OFFSET, %edx
10121 + jmp 1f-__PAGE_OFFSET
10125 @@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
10126 * parameter 2, ..., param n. To make things easy, we save the return
10127 * address of efi_call_phys in a global variable.
10130 - movl %edx, saved_return_addr
10131 - /* get the function pointer into ECX*/
10133 - movl %ecx, efi_rt_function_ptr
10135 - subl $__PAGE_OFFSET, %edx
10137 + popl (saved_return_addr)
10138 + popl (efi_rt_function_ptr)
10141 * 3. Clear PG bit in %CR0.
10142 @@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
10144 * 5. Call the physical function.
10147 + call *(efi_rt_function_ptr-__PAGE_OFFSET)
10151 * 6. After EFI runtime service returns, control will return to
10152 * following instruction. We'd better readjust stack pointer first.
10153 @@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
10155 orl $0x80000000, %edx
10161 * 8. Now restore the virtual mode from flat mode by
10162 * adding EIP with PAGE_OFFSET.
10166 + jmp 1f+__PAGE_OFFSET
10170 * 9. Balance the stack. And because EAX contain the return value,
10171 * we'd better not clobber it.
10173 - leal efi_rt_function_ptr, %edx
10174 - movl (%edx), %ecx
10176 + pushl (efi_rt_function_ptr)
10179 - * 10. Push the saved return address onto the stack and return.
10180 + * 10. Return to the saved return address.
10182 - leal saved_return_addr, %edx
10183 - movl (%edx), %ecx
10186 + jmpl *(saved_return_addr)
10187 ENDPROC(efi_call_phys)
10194 efi_rt_function_ptr:
10195 diff -urNp linux-2.6.32.1/arch/x86/kernel/entry_32.S linux-2.6.32.1/arch/x86/kernel/entry_32.S
10196 --- linux-2.6.32.1/arch/x86/kernel/entry_32.S 2009-12-02 22:51:21.000000000 -0500
10197 +++ linux-2.6.32.1/arch/x86/kernel/entry_32.S 2009-12-14 18:33:51.664705034 -0500
10198 @@ -191,7 +191,7 @@
10200 #endif /* CONFIG_X86_32_LAZY_GS */
10203 +.macro __SAVE_ALL _DS
10207 @@ -224,7 +224,7 @@
10209 CFI_ADJUST_CFA_OFFSET 4
10210 CFI_REL_OFFSET ebx, 0
10211 - movl $(__USER_DS), %edx
10215 movl $(__KERNEL_PERCPU), %edx
10216 @@ -232,6 +232,15 @@
10221 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
10222 + __SAVE_ALL __KERNEL_DS
10225 + __SAVE_ALL __USER_DS
10229 .macro RESTORE_INT_REGS
10231 CFI_ADJUST_CFA_OFFSET -4
10232 @@ -352,7 +361,15 @@ check_userspace:
10233 movb PT_CS(%esp), %al
10234 andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
10235 cmpl $USER_RPL, %eax
10237 +#ifdef CONFIG_PAX_KERNEXEC
10238 + jae resume_userspace
10241 + jmp resume_kernel
10243 jb resume_kernel # not returning to v8086 or userspace
10246 ENTRY(resume_userspace)
10248 @@ -414,10 +431,9 @@ sysenter_past_esp:
10249 /*CFI_REL_OFFSET cs, 0*/
10251 * Push current_thread_info()->sysenter_return to the stack.
10252 - * A tiny bit of offset fixup is necessary - 4*4 means the 4 words
10253 - * pushed above; +8 corresponds to copy_thread's esp0 setting.
10255 - pushl (TI_sysenter_return-THREAD_SIZE+8+4*4)(%esp)
10256 + GET_THREAD_INFO(%ebp)
10257 + pushl TI_sysenter_return(%ebp)
10258 CFI_ADJUST_CFA_OFFSET 4
10259 CFI_REL_OFFSET eip, 0
10261 @@ -430,9 +446,19 @@ sysenter_past_esp:
10262 * Load the potential sixth argument from user stack.
10263 * Careful about security.
10265 + movl PT_OLDESP(%esp),%ebp
10267 +#ifdef CONFIG_PAX_MEMORY_UDEREF
10268 + mov PT_OLDSS(%esp),%ds
10269 +1: movl %ds:(%ebp),%ebp
10273 cmpl $__PAGE_OFFSET-3,%ebp
10275 1: movl (%ebp),%ebp
10278 movl %ebp,PT_EBP(%esp)
10279 .section __ex_table,"a"
10281 @@ -455,12 +481,23 @@ sysenter_do_call:
10282 testl $_TIF_ALLWORK_MASK, %ecx
10286 +#ifdef CONFIG_PAX_RANDKSTACK
10288 + CFI_ADJUST_CFA_OFFSET 4
10289 + call pax_randomize_kstack
10291 + CFI_ADJUST_CFA_OFFSET -4
10294 /* if something modifies registers it must also disable sysexit */
10295 movl PT_EIP(%esp), %edx
10296 movl PT_OLDESP(%esp), %ecx
10299 1: mov PT_FS(%esp), %fs
10300 +2: mov PT_DS(%esp), %ds
10301 +3: mov PT_ES(%esp), %es
10303 ENABLE_INTERRUPTS_SYSEXIT
10305 @@ -504,11 +541,17 @@ sysexit_audit:
10308 .pushsection .fixup,"ax"
10309 -2: movl $0,PT_FS(%esp)
10310 +4: movl $0,PT_FS(%esp)
10312 +5: movl $0,PT_DS(%esp)
10314 +6: movl $0,PT_ES(%esp)
10316 .section __ex_table,"a"
10324 ENDPROC(ia32_sysenter_target)
10325 @@ -538,6 +581,10 @@ syscall_exit:
10326 testl $_TIF_ALLWORK_MASK, %ecx # current->work
10327 jne syscall_exit_work
10329 +#ifdef CONFIG_PAX_RANDKSTACK
10330 + call pax_randomize_kstack
10335 restore_all_notrace:
10336 @@ -602,7 +649,13 @@ ldt_ss:
10337 mov PT_OLDESP(%esp), %eax /* load userspace esp */
10338 mov %dx, %ax /* eax: new kernel esp */
10339 sub %eax, %edx /* offset (low word is 0) */
10340 - PER_CPU(gdt_page, %ebx)
10342 + movl PER_CPU_VAR(cpu_number), %ebx
10343 + shll $PAGE_SHIFT_asm, %ebx
10344 + addl $cpu_gdt_table, %ebx
10346 + movl $cpu_gdt_table, %ebx
10349 mov %dl, GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx) /* bits 16..23 */
10350 mov %dh, GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx) /* bits 24..31 */
10351 @@ -642,25 +695,19 @@ work_resched:
10353 work_notifysig: # deal with pending signals and
10354 # notify-resume requests
10357 testl $X86_EFLAGS_VM, PT_EFLAGS(%esp)
10359 - jne work_notifysig_v86 # returning to kernel-space or
10360 + jz 1f # returning to kernel-space or
10363 - call do_notify_resume
10364 - jmp resume_userspace_sig
10367 -work_notifysig_v86:
10368 pushl %ecx # save ti_flags for do_notify_resume
10369 CFI_ADJUST_CFA_OFFSET 4
10370 call save_v86_state # %eax contains pt_regs pointer
10372 CFI_ADJUST_CFA_OFFSET -4
10379 call do_notify_resume
10380 @@ -695,6 +742,10 @@ END(syscall_exit_work)
10382 RING0_INT_FRAME # can't unwind into user space anyway
10384 +#ifdef CONFIG_PAX_MEMORY_UDEREF
10388 GET_THREAD_INFO(%ebp)
10389 movl $-EFAULT,PT_EAX(%esp)
10390 jmp resume_userspace
10391 @@ -735,7 +786,13 @@ PTREGSCALL(vm86old)
10392 * normal stack and adjusts ESP with the matching offset.
10394 /* fixup the stack */
10395 - PER_CPU(gdt_page, %ebx)
10397 + movl PER_CPU_VAR(cpu_number), %ebx
10398 + shll $PAGE_SHIFT_asm, %ebx
10399 + addl $cpu_gdt_table, %ebx
10401 + movl $cpu_gdt_table, %ebx
10403 mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */
10404 mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */
10406 @@ -1198,7 +1255,6 @@ return_to_handler:
10410 -.section .rodata,"a"
10411 #include "syscall_table_32.S"
10413 syscall_table_size=(.-sys_call_table)
10414 @@ -1250,12 +1306,15 @@ error_code:
10416 UNWIND_ESPFIX_STACK
10421 movl PT_GS(%esp), %edi # get the function address
10422 movl PT_ORIG_EAX(%esp), %edx # get the error code
10423 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
10426 - movl $(__USER_DS), %ecx
10427 + movl $(__KERNEL_DS), %ecx
10431 @@ -1351,6 +1410,9 @@ nmi_stack_correct:
10432 xorl %edx,%edx # zero error code
10433 movl %esp,%eax # pt_regs pointer
10438 jmp restore_all_notrace
10441 @@ -1391,6 +1453,9 @@ nmi_espfix_stack:
10442 FIXUP_ESPFIX_STACK # %eax == %esp
10443 xorl %edx,%edx # zero error code
10449 lss 12+4(%esp), %esp # back to espfix stack
10450 CFI_ADJUST_CFA_OFFSET -24
10451 diff -urNp linux-2.6.32.1/arch/x86/kernel/entry_64.S linux-2.6.32.1/arch/x86/kernel/entry_64.S
10452 --- linux-2.6.32.1/arch/x86/kernel/entry_64.S 2009-12-02 22:51:21.000000000 -0500
10453 +++ linux-2.6.32.1/arch/x86/kernel/entry_64.S 2009-12-14 18:33:51.664705034 -0500
10454 @@ -1068,7 +1068,12 @@ ENTRY(\sym)
10456 movq %rsp,%rdi /* pt_regs pointer */
10457 xorl %esi,%esi /* no error code */
10458 - PER_CPU(init_tss, %rbp)
10460 + imul $TSS_size, PER_CPU_VAR(cpu_number), %ebp
10461 + lea init_tss(%rbp), %rbp
10463 + lea init_tss(%rip), %rbp
10465 subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
10467 addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
10468 diff -urNp linux-2.6.32.1/arch/x86/kernel/ftrace.c linux-2.6.32.1/arch/x86/kernel/ftrace.c
10469 --- linux-2.6.32.1/arch/x86/kernel/ftrace.c 2009-12-02 22:51:21.000000000 -0500
10470 +++ linux-2.6.32.1/arch/x86/kernel/ftrace.c 2009-12-15 17:05:40.572633226 -0500
10471 @@ -215,7 +215,7 @@ do_ftrace_mod_code(unsigned long ip, voi
10475 -static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
10476 +static unsigned char ftrace_nop[MCOUNT_INSN_SIZE] __read_only;
10478 static unsigned char *ftrace_nop_replace(void)
10480 @@ -228,6 +228,8 @@ ftrace_modify_code(unsigned long ip, uns
10482 unsigned char replaced[MCOUNT_INSN_SIZE];
10484 + ip = ktla_ktva(ip);
10487 * Note: Due to modules and __init, code can
10488 * disappear and change, we need to protect against faulting
10489 @@ -284,7 +286,7 @@ int ftrace_update_ftrace_func(ftrace_fun
10490 unsigned char old[MCOUNT_INSN_SIZE], *new;
10493 - memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
10494 + memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
10495 new = ftrace_call_replace(ip, (unsigned long)func);
10496 ret = ftrace_modify_code(ip, old, new);
10498 @@ -337,15 +339,15 @@ int __init ftrace_dyn_arch_init(void *da
10501 pr_info("ftrace: converting mcount calls to 0f 1f 44 00 00\n");
10502 - memcpy(ftrace_nop, ftrace_test_p6nop, MCOUNT_INSN_SIZE);
10503 + memcpy(ftrace_nop, ktla_ktva(ftrace_test_p6nop), MCOUNT_INSN_SIZE);
10506 pr_info("ftrace: converting mcount calls to 66 66 66 66 90\n");
10507 - memcpy(ftrace_nop, ftrace_test_nop5, MCOUNT_INSN_SIZE);
10508 + memcpy(ftrace_nop, ktla_ktva(ftrace_test_nop5), MCOUNT_INSN_SIZE);
10511 pr_info("ftrace: converting mcount calls to jmp . + 5\n");
10512 - memcpy(ftrace_nop, ftrace_test_jmp, MCOUNT_INSN_SIZE);
10513 + memcpy(ftrace_nop, ktla_ktva(ftrace_test_jmp), MCOUNT_INSN_SIZE);
10517 diff -urNp linux-2.6.32.1/arch/x86/kernel/head32.c linux-2.6.32.1/arch/x86/kernel/head32.c
10518 --- linux-2.6.32.1/arch/x86/kernel/head32.c 2009-12-02 22:51:21.000000000 -0500
10519 +++ linux-2.6.32.1/arch/x86/kernel/head32.c 2009-12-14 18:33:51.665756688 -0500
10521 #include <asm/apic.h>
10522 #include <asm/io_apic.h>
10523 #include <asm/bios_ebda.h>
10524 +#include <asm/boot.h>
10526 static void __init i386_default_early_setup(void)
10528 @@ -31,7 +32,7 @@ void __init i386_start_kernel(void)
10530 reserve_trampoline_memory();
10532 - reserve_early(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
10533 + reserve_early(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS");
10535 #ifdef CONFIG_BLK_DEV_INITRD
10536 /* Reserve INITRD */
10537 diff -urNp linux-2.6.32.1/arch/x86/kernel/head_32.S linux-2.6.32.1/arch/x86/kernel/head_32.S
10538 --- linux-2.6.32.1/arch/x86/kernel/head_32.S 2009-12-02 22:51:21.000000000 -0500
10539 +++ linux-2.6.32.1/arch/x86/kernel/head_32.S 2009-12-14 18:33:51.698704673 -0500
10540 @@ -19,10 +19,17 @@
10541 #include <asm/setup.h>
10542 #include <asm/processor-flags.h>
10543 #include <asm/percpu.h>
10544 +#include <asm/msr-index.h>
10546 /* Physical address */
10547 #define pa(X) ((X) - __PAGE_OFFSET)
10549 +#ifdef CONFIG_PAX_KERNEXEC
10552 +#define ta(X) ((X) - __PAGE_OFFSET)
10556 * References to members of the new_cpu_data structure.
10559 * and small than max_low_pfn, otherwise will waste some page table entries
10562 -#if PTRS_PER_PMD > 1
10563 -#define PAGE_TABLE_SIZE(pages) (((pages) / PTRS_PER_PMD) + PTRS_PER_PGD)
10565 -#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PGD)
10567 +#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PTE)
10569 /* Enough space to fit pagetables for the low memory linear map */
10570 MAPPING_BEYOND_END = \
10571 @@ -73,6 +76,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_P
10572 RESERVE_BRK(pagetables, INIT_MAP_SIZE)
10575 + * Real beginning of normal "text" segment
10581 * 32-bit kernel entrypoint; only used by the boot CPU. On entry,
10582 * %esi points to the real-mode code as a 32-bit pointer.
10583 * CS and DS must be 4 GB flat segments, but we don't depend on
10584 @@ -80,6 +89,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
10589 +#ifdef CONFIG_PAX_KERNEXEC
10591 +/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
10592 +.fill PAGE_SIZE-5,1,0xcc
10596 /* test KEEP_SEGMENTS flag to see if the bootloader is asking
10597 us to not reload segments */
10598 @@ -97,6 +113,52 @@ ENTRY(startup_32)
10603 + movl $pa(cpu_gdt_table),%edi
10604 + movl $__per_cpu_load,%eax
10605 + movw %ax,__KERNEL_PERCPU + 2(%edi)
10607 + movb %al,__KERNEL_PERCPU + 4(%edi)
10608 + movb %ah,__KERNEL_PERCPU + 7(%edi)
10609 + movl $__per_cpu_end - 1,%eax
10610 + subl $__per_cpu_start,%eax
10611 + movw %ax,__KERNEL_PERCPU + 0(%edi)
10614 +#ifdef CONFIG_PAX_MEMORY_UDEREF
10615 + movl $NR_CPUS,%ecx
10616 + movl $pa(cpu_gdt_table),%edi
10618 + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
10619 + addl $PAGE_SIZE_asm,%edi
10623 +#ifdef CONFIG_PAX_KERNEXEC
10624 + movl $pa(boot_gdt),%edi
10625 + movl $__LOAD_PHYSICAL_ADDR,%eax
10626 + movw %ax,__BOOT_CS + 2(%edi)
10628 + movb %al,__BOOT_CS + 4(%edi)
10629 + movb %ah,__BOOT_CS + 7(%edi)
10632 + ljmp $(__BOOT_CS),$1f
10635 + movl $NR_CPUS,%ecx
10636 + movl $pa(cpu_gdt_table),%edi
10637 + addl $__PAGE_OFFSET,%eax
10639 + movw %ax,__KERNEL_CS + 2(%edi)
10641 + movb %al,__KERNEL_CS + 4(%edi)
10642 + movb %ah,__KERNEL_CS + 7(%edi)
10644 + addl $PAGE_SIZE_asm,%edi
10649 * Clear BSS first so that there are no surprises...
10651 @@ -140,9 +202,7 @@ ENTRY(startup_32)
10652 cmpl $num_subarch_entries, %eax
10655 - movl pa(subarch_entries)(,%eax,4), %eax
10656 - subl $__PAGE_OFFSET, %eax
10658 + jmp *pa(subarch_entries)(,%eax,4)
10662 @@ -154,10 +214,10 @@ WEAK(xen_entry)
10666 - .long default_entry /* normal x86/PC */
10667 - .long lguest_entry /* lguest hypervisor */
10668 - .long xen_entry /* Xen hypervisor */
10669 - .long default_entry /* Moorestown MID */
10670 + .long ta(default_entry) /* normal x86/PC */
10671 + .long ta(lguest_entry) /* lguest hypervisor */
10672 + .long ta(xen_entry) /* Xen hypervisor */
10673 + .long ta(default_entry) /* Moorestown MID */
10674 num_subarch_entries = (. - subarch_entries) / 4
10676 #endif /* CONFIG_PARAVIRT */
10677 @@ -218,8 +278,11 @@ default_entry:
10678 movl %eax, pa(max_pfn_mapped)
10680 /* Do early initialization of the fixmap area */
10681 - movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
10682 - movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10683 +#ifdef CONFIG_COMPAT_VDSO
10684 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10686 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
10688 #else /* Not PAE */
10690 page_pde_offset = (__PAGE_OFFSET >> 20);
10691 @@ -249,8 +312,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
10692 movl %eax, pa(max_pfn_mapped)
10694 /* Do early initialization of the fixmap area */
10695 - movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
10696 - movl %eax,pa(swapper_pg_dir+0xffc)
10697 +#ifdef CONFIG_COMPAT_VDSO
10698 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
10700 + movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
10705 @@ -297,6 +363,7 @@ ENTRY(startup_32_smp)
10709 +#ifdef CONFIG_X86_PAE
10710 btl $5, %eax # check if PAE is enabled
10713 @@ -312,13 +379,17 @@ ENTRY(startup_32_smp)
10716 /* Setup EFER (Extended Feature Enable Register) */
10717 - movl $0xc0000080, %ecx
10718 + movl $MSR_EFER, %ecx
10722 /* Make changes effective */
10725 + btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
10726 + movl $1,pa(nx_enabled)
10732 @@ -344,9 +415,7 @@ ENTRY(startup_32_smp)
10736 - jz 1f /* Initial CPU cleans BSS */
10739 + jnz checkCPUtype /* Initial CPU cleans BSS */
10740 #endif /* CONFIG_SMP */
10743 @@ -424,7 +493,7 @@ is386: movl $2,%ecx # set MP
10744 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
10745 movl %eax,%ss # after changing gdt.
10747 - movl $(__USER_DS),%eax # DS/ES contains default USER segment
10748 +# movl $(__KERNEL_DS),%eax # DS/ES contains default KERNEL segment
10752 @@ -438,8 +507,11 @@ is386: movl $2,%ecx # set MP
10756 - movl $per_cpu__gdt_page,%eax
10757 + movl $cpu_gdt_table,%eax
10758 movl $per_cpu__stack_canary,%ecx
10760 + addl $__per_cpu_load,%ecx
10762 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
10764 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
10765 @@ -457,10 +529,6 @@ is386: movl $2,%ecx # set MP
10769 - cmpb $0,%cl # the first CPU calls start_kernel
10771 - movl (stack_start), %esp
10773 #endif /* CONFIG_SMP */
10774 jmp *(initial_code)
10776 @@ -546,22 +614,22 @@ early_page_fault:
10781 #ifdef CONFIG_PRINTK
10782 + cmpl $1,%ss:early_recursion_flag
10784 + incl %ss:early_recursion_flag
10787 movl $(__KERNEL_DS),%eax
10790 - cmpl $2,early_recursion_flag
10792 - incl early_recursion_flag
10795 pushl %edx /* trapno */
10804 @@ -569,8 +637,11 @@ hlt_loop:
10805 /* This is the default interrupt "handler" :-) */
10809 #ifdef CONFIG_PRINTK
10810 + cmpl $2,%ss:early_recursion_flag
10812 + incl %ss:early_recursion_flag
10817 @@ -579,9 +650,6 @@ ignore_int:
10818 movl $(__KERNEL_DS),%eax
10821 - cmpl $2,early_recursion_flag
10823 - incl early_recursion_flag
10827 @@ -608,27 +676,37 @@ ENTRY(initial_code)
10831 -__PAGE_ALIGNED_BSS
10832 - .align PAGE_SIZE_asm
10833 #ifdef CONFIG_X86_PAE
10834 +.section .swapper_pg_pmd,"a",@progbits
10836 .fill 1024*KPMDS,4,0
10838 +.section .swapper_pg_dir,"a",@progbits
10839 ENTRY(swapper_pg_dir)
10846 +.section .empty_zero_page,"a",@progbits
10847 ENTRY(empty_zero_page)
10851 + * The IDT has to be page-aligned to simplify the Pentium
10852 + * F0 0F bug workaround.. We have a special link segment
10855 +.section .idt,"a",@progbits
10860 * This starts the data section.
10862 #ifdef CONFIG_X86_PAE
10863 -__PAGE_ALIGNED_DATA
10864 - /* Page-aligned for the benefit of paravirt? */
10865 - .align PAGE_SIZE_asm
10866 +.section .swapper_pg_dir,"a",@progbits
10867 ENTRY(swapper_pg_dir)
10868 .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
10870 @@ -651,11 +729,12 @@ ENTRY(swapper_pg_dir)
10874 - .long init_thread_union+THREAD_SIZE
10875 + .long init_thread_union+THREAD_SIZE-8
10880 +.section .rodata,"a",@progbits
10881 early_recursion_flag:
10884 @@ -691,7 +770,7 @@ fault_msg:
10885 .word 0 # 32 bit align gdt_desc.address
10888 - .long boot_gdt - __PAGE_OFFSET
10889 + .long pa(boot_gdt)
10891 .word 0 # 32-bit align idt_desc.address
10893 @@ -702,7 +781,7 @@ idt_descr:
10894 .word 0 # 32 bit align gdt_desc.address
10895 ENTRY(early_gdt_descr)
10896 .word GDT_ENTRIES*8-1
10897 - .long per_cpu__gdt_page /* Overwritten for secondary CPUs */
10898 + .long cpu_gdt_table /* Overwritten for secondary CPUs */
10901 * The boot_gdt must mirror the equivalent in setup.S and is
10902 @@ -711,5 +790,59 @@ ENTRY(early_gdt_descr)
10903 .align L1_CACHE_BYTES
10905 .fill GDT_ENTRY_BOOT_CS,8,0
10906 - .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */
10907 - .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */
10908 + .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */
10909 + .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */
10911 + .align PAGE_SIZE_asm
10912 +ENTRY(cpu_gdt_table)
10914 + .quad 0x0000000000000000 /* NULL descriptor */
10915 + .quad 0x0000000000000000 /* 0x0b reserved */
10916 + .quad 0x0000000000000000 /* 0x13 reserved */
10917 + .quad 0x0000000000000000 /* 0x1b reserved */
10918 + .quad 0x0000000000000000 /* 0x20 unused */
10919 + .quad 0x0000000000000000 /* 0x28 unused */
10920 + .quad 0x0000000000000000 /* 0x33 TLS entry 1 */
10921 + .quad 0x0000000000000000 /* 0x3b TLS entry 2 */
10922 + .quad 0x0000000000000000 /* 0x43 TLS entry 3 */
10923 + .quad 0x0000000000000000 /* 0x4b reserved */
10924 + .quad 0x0000000000000000 /* 0x53 reserved */
10925 + .quad 0x0000000000000000 /* 0x5b reserved */
10927 + .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
10928 + .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
10929 + .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */
10930 + .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */
10932 + .quad 0x0000000000000000 /* 0x80 TSS descriptor */
10933 + .quad 0x0000000000000000 /* 0x88 LDT descriptor */
10936 + * Segments used for calling PnP BIOS have byte granularity.
10937 + * The code segments and data segments have fixed 64k limits,
10938 + * the transfer segment sizes are set at run time.
10940 + .quad 0x00409b000000ffff /* 0x90 32-bit code */
10941 + .quad 0x00009b000000ffff /* 0x98 16-bit code */
10942 + .quad 0x000093000000ffff /* 0xa0 16-bit data */
10943 + .quad 0x0000930000000000 /* 0xa8 16-bit data */
10944 + .quad 0x0000930000000000 /* 0xb0 16-bit data */
10947 + * The APM segments have byte granularity and their bases
10948 + * are set at run time. All have 64k limits.
10950 + .quad 0x00409b000000ffff /* 0xb8 APM CS code */
10951 + .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */
10952 + .quad 0x004093000000ffff /* 0xc8 APM DS data */
10954 + .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */
10955 + .quad 0x0040930000000000 /* 0xd8 - PERCPU */
10956 + .quad 0x0040930000000018 /* 0xe0 - STACK_CANARY */
10957 + .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */
10958 + .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */
10959 + .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */
10961 + /* Be sure this is zeroed to avoid false validations in Xen */
10962 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0
10964 diff -urNp linux-2.6.32.1/arch/x86/kernel/head_64.S linux-2.6.32.1/arch/x86/kernel/head_64.S
10965 --- linux-2.6.32.1/arch/x86/kernel/head_64.S 2009-12-02 22:51:21.000000000 -0500
10966 +++ linux-2.6.32.1/arch/x86/kernel/head_64.S 2009-12-14 18:33:51.698704673 -0500
10967 @@ -38,6 +38,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
10968 L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
10969 L4_START_KERNEL = pgd_index(__START_KERNEL_map)
10970 L3_START_KERNEL = pud_index(__START_KERNEL_map)
10971 +L4_VMALLOC_START = pgd_index(VMALLOC_START)
10972 +L3_VMALLOC_START = pud_index(VMALLOC_START)
10973 +L4_VMEMMAP_START = pgd_index(VMEMMAP_START)
10974 +L3_VMEMMAP_START = pud_index(VMEMMAP_START)
10978 @@ -85,35 +89,22 @@ startup_64:
10980 addq %rbp, init_level4_pgt + 0(%rip)
10981 addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
10982 + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
10983 + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
10984 addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
10986 addq %rbp, level3_ident_pgt + 0(%rip)
10987 + addq %rbp, level3_ident_pgt + 8(%rip)
10988 + addq %rbp, level3_ident_pgt + 16(%rip)
10989 + addq %rbp, level3_ident_pgt + 24(%rip)
10991 - addq %rbp, level3_kernel_pgt + (510*8)(%rip)
10992 - addq %rbp, level3_kernel_pgt + (511*8)(%rip)
10993 + addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
10995 - addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
10996 + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
10997 + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
10999 - /* Add an Identity mapping if I am above 1G */
11000 - leaq _text(%rip), %rdi
11001 - andq $PMD_PAGE_MASK, %rdi
11004 - shrq $PUD_SHIFT, %rax
11005 - andq $(PTRS_PER_PUD - 1), %rax
11006 - jz ident_complete
11008 - leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
11009 - leaq level3_ident_pgt(%rip), %rbx
11010 - movq %rdx, 0(%rbx, %rax, 8)
11013 - shrq $PMD_SHIFT, %rax
11014 - andq $(PTRS_PER_PMD - 1), %rax
11015 - leaq __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
11016 - leaq level2_spare_pgt(%rip), %rbx
11017 - movq %rdx, 0(%rbx, %rax, 8)
11019 + addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
11020 + addq %rbp, level2_fixmap_pgt + (507*8)(%rip)
11023 * Fixup the kernel text+data virtual addresses. Note that
11024 @@ -187,6 +178,10 @@ ENTRY(secondary_startup_64)
11025 btl $20,%edi /* No Execute supported? */
11027 btsl $_EFER_NX, %eax
11028 + leaq init_level4_pgt(%rip), %rdi
11029 + btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi)
11030 + btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi)
11031 + btsq $_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi)
11032 1: wrmsr /* Make changes effective */
11035 @@ -262,16 +257,16 @@ ENTRY(secondary_startup_64)
11036 .quad x86_64_start_kernel
11038 .quad INIT_PER_CPU_VAR(irq_stack_union)
11042 .quad init_thread_union+THREAD_SIZE-8
11049 - .section ".init.text","ax"
11051 #ifdef CONFIG_EARLY_PRINTK
11052 .globl early_idt_handlers
11053 early_idt_handlers:
11054 @@ -316,18 +311,23 @@ ENTRY(early_idt_handler)
11055 #endif /* EARLY_PRINTK */
11060 #ifdef CONFIG_EARLY_PRINTK
11062 early_recursion_flag:
11066 + .section .rodata,"a",@progbits
11068 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
11071 -#endif /* CONFIG_EARLY_PRINTK */
11073 +#endif /* CONFIG_EARLY_PRINTK */
11075 + .section .rodata,"a",@progbits
11076 #define NEXT_PAGE(name) \
11077 .balign PAGE_SIZE; \
11079 @@ -350,13 +350,31 @@ NEXT_PAGE(init_level4_pgt)
11080 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
11081 .org init_level4_pgt + L4_PAGE_OFFSET*8, 0
11082 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
11083 + .org init_level4_pgt + L4_VMALLOC_START*8, 0
11084 + .quad level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE
11085 + .org init_level4_pgt + L4_VMEMMAP_START*8, 0
11086 + .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
11087 .org init_level4_pgt + L4_START_KERNEL*8, 0
11088 /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
11089 .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
11091 NEXT_PAGE(level3_ident_pgt)
11092 .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
11096 + .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
11097 + .quad level2_ident_pgt + 2*PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
11098 + .quad level2_ident_pgt + 3*PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
11102 +NEXT_PAGE(level3_vmalloc_pgt)
11105 +NEXT_PAGE(level3_vmemmap_pgt)
11106 + .fill L3_VMEMMAP_START,8,0
11107 + .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
11109 NEXT_PAGE(level3_kernel_pgt)
11110 .fill L3_START_KERNEL,8,0
11111 @@ -364,20 +382,23 @@ NEXT_PAGE(level3_kernel_pgt)
11112 .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
11113 .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
11115 +NEXT_PAGE(level2_vmemmap_pgt)
11118 NEXT_PAGE(level2_fixmap_pgt)
11120 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
11121 - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
11124 + .quad level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
11125 + /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
11128 -NEXT_PAGE(level1_fixmap_pgt)
11129 +NEXT_PAGE(level1_vsyscall_pgt)
11132 -NEXT_PAGE(level2_ident_pgt)
11133 - /* Since I easily can, map the first 1G.
11134 + /* Since I easily can, map the first 4G.
11135 * Don't set NX because code runs from these pages.
11137 - PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
11138 +NEXT_PAGE(level2_ident_pgt)
11139 + PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 4*PTRS_PER_PMD)
11141 NEXT_PAGE(level2_kernel_pgt)
11143 @@ -390,33 +411,49 @@ NEXT_PAGE(level2_kernel_pgt)
11144 * If you want to increase this then increase MODULES_VADDR
11147 - PMDS(0, __PAGE_KERNEL_LARGE_EXEC,
11148 - KERNEL_IMAGE_SIZE/PMD_SIZE)
11150 -NEXT_PAGE(level2_spare_pgt)
11152 + PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE)
11159 +ENTRY(cpu_gdt_table)
11161 + .quad 0x0000000000000000 /* NULL descriptor */
11162 + .quad 0x00cf9b000000ffff /* __KERNEL32_CS */
11163 + .quad 0x00af9b000000ffff /* __KERNEL_CS */
11164 + .quad 0x00cf93000000ffff /* __KERNEL_DS */
11165 + .quad 0x00cffb000000ffff /* __USER32_CS */
11166 + .quad 0x00cff3000000ffff /* __USER_DS, __USER32_DS */
11167 + .quad 0x00affb000000ffff /* __USER_CS */
11168 + .quad 0x0 /* unused */
11169 + .quad 0,0 /* TSS */
11170 + .quad 0,0 /* LDT */
11171 + .quad 0,0,0 /* three TLS descriptors */
11172 + .quad 0x0000f40000000000 /* node/CPU stored in limit */
11173 + /* asm/segment.h:GDT_ENTRIES must match this */
11175 + /* zero the remaining page */
11176 + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
11180 .globl early_gdt_descr
11182 .word GDT_ENTRIES*8-1
11183 early_gdt_descr_base:
11184 - .quad INIT_PER_CPU_VAR(gdt_page)
11185 + .quad cpu_gdt_table
11188 /* This must match the first entry in level2_kernel_pgt */
11189 .quad 0x0000000000000000
11191 #include "../../x86/xen/xen-head.S"
11193 - .section .bss, "aw", @nobits
11195 + .section .rodata,"a",@progbits
11196 .align L1_CACHE_BYTES
11198 - .skip IDT_ENTRIES * 16
11203 diff -urNp linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c
11204 --- linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c 2009-12-02 22:51:21.000000000 -0500
11205 +++ linux-2.6.32.1/arch/x86/kernel/i386_ksyms_32.c 2009-12-14 18:33:51.698704673 -0500
11206 @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void);
11207 EXPORT_SYMBOL(cmpxchg8b_emu);
11210 +EXPORT_SYMBOL_GPL(cpu_gdt_table);
11212 /* Networking helper routines. */
11213 EXPORT_SYMBOL(csum_partial_copy_generic);
11214 +EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
11215 +EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
11217 EXPORT_SYMBOL(__get_user_1);
11218 EXPORT_SYMBOL(__get_user_2);
11219 @@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr);
11221 EXPORT_SYMBOL(csum_partial);
11222 EXPORT_SYMBOL(empty_zero_page);
11224 +#ifdef CONFIG_PAX_KERNEXEC
11225 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
11227 diff -urNp linux-2.6.32.1/arch/x86/kernel/init_task.c linux-2.6.32.1/arch/x86/kernel/init_task.c
11228 --- linux-2.6.32.1/arch/x86/kernel/init_task.c 2009-12-02 22:51:21.000000000 -0500
11229 +++ linux-2.6.32.1/arch/x86/kernel/init_task.c 2009-12-14 18:33:51.698704673 -0500
11230 @@ -38,5 +38,5 @@ EXPORT_SYMBOL(init_task);
11231 * section. Since TSS's are completely CPU-local, we want them
11232 * on exact cacheline boundaries, to eliminate cacheline ping-pong.
11234 -DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS;
11236 +struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS };
11237 +EXPORT_SYMBOL(init_tss);
11238 diff -urNp linux-2.6.32.1/arch/x86/kernel/ioport.c linux-2.6.32.1/arch/x86/kernel/ioport.c
11239 --- linux-2.6.32.1/arch/x86/kernel/ioport.c 2009-12-02 22:51:21.000000000 -0500
11240 +++ linux-2.6.32.1/arch/x86/kernel/ioport.c 2009-12-14 18:33:51.711705213 -0500
11242 #include <linux/sched.h>
11243 #include <linux/kernel.h>
11244 #include <linux/capability.h>
11245 +#include <linux/security.h>
11246 #include <linux/errno.h>
11247 #include <linux/types.h>
11248 #include <linux/ioport.h>
11249 @@ -41,6 +42,12 @@ asmlinkage long sys_ioperm(unsigned long
11251 if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
11253 +#ifdef CONFIG_GRKERNSEC_IO
11255 + gr_handle_ioperm();
11259 if (turn_on && !capable(CAP_SYS_RAWIO))
11262 @@ -67,7 +74,7 @@ asmlinkage long sys_ioperm(unsigned long
11263 * because the ->io_bitmap_max value must match the bitmap
11266 - tss = &per_cpu(init_tss, get_cpu());
11267 + tss = init_tss + get_cpu();
11269 set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
11271 @@ -111,8 +118,13 @@ static int do_iopl(unsigned int level, s
11273 /* Trying to gain more privileges? */
11275 +#ifdef CONFIG_GRKERNSEC_IO
11276 + gr_handle_iopl();
11279 if (!capable(CAP_SYS_RAWIO))
11283 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
11285 diff -urNp linux-2.6.32.1/arch/x86/kernel/irq_32.c linux-2.6.32.1/arch/x86/kernel/irq_32.c
11286 --- linux-2.6.32.1/arch/x86/kernel/irq_32.c 2009-12-02 22:51:21.000000000 -0500
11287 +++ linux-2.6.32.1/arch/x86/kernel/irq_32.c 2009-12-14 18:33:51.712725194 -0500
11288 @@ -94,7 +94,7 @@ execute_on_irq_stack(int overflow, struc
11291 /* build the stack frame on the IRQ stack */
11292 - isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
11293 + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
11294 irqctx->tinfo.task = curctx->tinfo.task;
11295 irqctx->tinfo.previous_esp = current_stack_pointer;
11297 @@ -175,7 +175,7 @@ asmlinkage void do_softirq(void)
11298 irqctx->tinfo.previous_esp = current_stack_pointer;
11300 /* build the stack frame on the softirq stack */
11301 - isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
11302 + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
11304 call_on_stack(__do_softirq, isp);
11306 diff -urNp linux-2.6.32.1/arch/x86/kernel/kgdb.c linux-2.6.32.1/arch/x86/kernel/kgdb.c
11307 --- linux-2.6.32.1/arch/x86/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
11308 +++ linux-2.6.32.1/arch/x86/kernel/kgdb.c 2009-12-14 18:33:51.712725194 -0500
11309 @@ -573,7 +573,7 @@ unsigned long kgdb_arch_pc(int exception
11310 return instruction_pointer(regs);
11313 -struct kgdb_arch arch_kgdb_ops = {
11314 +const struct kgdb_arch arch_kgdb_ops = {
11315 /* Breakpoint instruction: */
11316 .gdb_bpt_instr = { 0xcc },
11317 .flags = KGDB_HW_BREAKPOINT,
11318 diff -urNp linux-2.6.32.1/arch/x86/kernel/kprobes.c linux-2.6.32.1/arch/x86/kernel/kprobes.c
11319 --- linux-2.6.32.1/arch/x86/kernel/kprobes.c 2009-12-02 22:51:21.000000000 -0500
11320 +++ linux-2.6.32.1/arch/x86/kernel/kprobes.c 2009-12-14 18:33:51.713708818 -0500
11321 @@ -166,9 +166,13 @@ static void __kprobes set_jmp_op(void *f
11324 } __attribute__((packed)) * jop;
11325 - jop = (struct __arch_jmp_op *)from;
11327 + jop = (struct __arch_jmp_op *)(ktla_ktva(from));
11329 + pax_open_kernel();
11330 jop->raddr = (s32)((long)(to) - ((long)(from) + 5));
11331 jop->op = RELATIVEJUMP_INSTRUCTION;
11332 + pax_close_kernel();
11336 @@ -345,16 +349,18 @@ static void __kprobes fix_riprel(struct
11338 static void __kprobes arch_copy_kprobe(struct kprobe *p)
11340 - memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
11341 + pax_open_kernel();
11342 + memcpy(p->ainsn.insn, ktla_ktva(p->addr), MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
11343 + pax_close_kernel();
11347 - if (can_boost(p->addr))
11348 + if (can_boost(ktla_ktva(p->addr)))
11349 p->ainsn.boostable = 0;
11351 p->ainsn.boostable = -1;
11353 - p->opcode = *p->addr;
11354 + p->opcode = *(ktla_ktva(p->addr));
11357 int __kprobes arch_prepare_kprobe(struct kprobe *p)
11358 @@ -432,7 +438,7 @@ static void __kprobes prepare_singlestep
11359 if (p->opcode == BREAKPOINT_INSTRUCTION)
11360 regs->ip = (unsigned long)p->addr;
11362 - regs->ip = (unsigned long)p->ainsn.insn;
11363 + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
11366 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
11367 @@ -453,7 +459,7 @@ static void __kprobes setup_singlestep(s
11368 if (p->ainsn.boostable == 1 && !p->post_handler) {
11369 /* Boost up -- we can execute copied instructions directly */
11370 reset_current_kprobe();
11371 - regs->ip = (unsigned long)p->ainsn.insn;
11372 + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
11373 preempt_enable_no_resched();
11376 @@ -523,7 +529,7 @@ static int __kprobes kprobe_handler(stru
11377 struct kprobe_ctlblk *kcb;
11379 addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t));
11380 - if (*addr != BREAKPOINT_INSTRUCTION) {
11381 + if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) {
11383 * The breakpoint instruction was removed right
11384 * after we hit it. Another cpu has removed
11385 @@ -775,7 +781,7 @@ static void __kprobes resume_execution(s
11386 struct pt_regs *regs, struct kprobe_ctlblk *kcb)
11388 unsigned long *tos = stack_addr(regs);
11389 - unsigned long copy_ip = (unsigned long)p->ainsn.insn;
11390 + unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn);
11391 unsigned long orig_ip = (unsigned long)p->addr;
11392 kprobe_opcode_t *insn = p->ainsn.insn;
11394 @@ -958,7 +964,7 @@ int __kprobes kprobe_exceptions_notify(s
11395 struct die_args *args = data;
11396 int ret = NOTIFY_DONE;
11398 - if (args->regs && user_mode_vm(args->regs))
11399 + if (args->regs && user_mode(args->regs))
11403 diff -urNp linux-2.6.32.1/arch/x86/kernel/ldt.c linux-2.6.32.1/arch/x86/kernel/ldt.c
11404 --- linux-2.6.32.1/arch/x86/kernel/ldt.c 2009-12-02 22:51:21.000000000 -0500
11405 +++ linux-2.6.32.1/arch/x86/kernel/ldt.c 2009-12-14 18:33:51.713708818 -0500
11406 @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, i
11411 + load_LDT_nolock(pc);
11412 if (!cpumask_equal(mm_cpumask(current->mm),
11413 cpumask_of(smp_processor_id())))
11414 smp_call_function(flush_ldt, current->mm, 1);
11418 + load_LDT_nolock(pc);
11422 @@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t
11425 for (i = 0; i < old->size; i++)
11426 - write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
11427 + write_ldt_entry(new->ldt, i, old->ldt + i);
11431 @@ -115,6 +115,24 @@ int init_new_context(struct task_struct
11432 retval = copy_ldt(&mm->context, &old_mm->context);
11433 mutex_unlock(&old_mm->context.lock);
11436 + if (tsk == current) {
11437 + mm->context.vdso = ~0UL;
11439 +#ifdef CONFIG_X86_32
11440 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
11441 + mm->context.user_cs_base = 0UL;
11442 + mm->context.user_cs_limit = ~0UL;
11444 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
11445 + cpus_clear(mm->context.cpu_user_cs_mask);
11456 @@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, u
11460 +#ifdef CONFIG_PAX_SEGMEXEC
11461 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) {
11467 fill_ldt(&ldt, &ldt_info);
11470 diff -urNp linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c
11471 --- linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c 2009-12-02 22:51:21.000000000 -0500
11472 +++ linux-2.6.32.1/arch/x86/kernel/machine_kexec_32.c 2009-12-14 18:33:51.713708818 -0500
11474 #include <asm/system.h>
11475 #include <asm/cacheflush.h>
11477 -static void set_idt(void *newidt, __u16 limit)
11478 +static void set_idt(struct desc_struct *newidt, __u16 limit)
11480 struct desc_ptr curidt;
11482 @@ -38,7 +38,7 @@ static void set_idt(void *newidt, __u16
11486 -static void set_gdt(void *newgdt, __u16 limit)
11487 +static void set_gdt(struct desc_struct *newgdt, __u16 limit)
11489 struct desc_ptr curgdt;
11491 @@ -217,7 +217,7 @@ void machine_kexec(struct kimage *image)
11494 control_page = page_address(image->control_code_page);
11495 - memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
11496 + memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE);
11498 relocate_kernel_ptr = control_page;
11499 page_list[PA_CONTROL_PAGE] = __pa(control_page);
11500 diff -urNp linux-2.6.32.1/arch/x86/kernel/microcode_amd.c linux-2.6.32.1/arch/x86/kernel/microcode_amd.c
11501 --- linux-2.6.32.1/arch/x86/kernel/microcode_amd.c 2009-12-02 22:51:21.000000000 -0500
11502 +++ linux-2.6.32.1/arch/x86/kernel/microcode_amd.c 2009-12-14 18:33:51.720706008 -0500
11503 @@ -346,7 +346,7 @@ static void microcode_fini_cpu_amd(int c
11507 -static struct microcode_ops microcode_amd_ops = {
11508 +static const struct microcode_ops microcode_amd_ops = {
11509 .request_microcode_user = request_microcode_user,
11510 .request_microcode_fw = request_microcode_fw,
11511 .collect_cpu_info = collect_cpu_info_amd,
11512 @@ -354,7 +354,7 @@ static struct microcode_ops microcode_am
11513 .microcode_fini_cpu = microcode_fini_cpu_amd,
11516 -struct microcode_ops * __init init_amd_microcode(void)
11517 +const struct microcode_ops * __init init_amd_microcode(void)
11519 return µcode_amd_ops;
11521 diff -urNp linux-2.6.32.1/arch/x86/kernel/microcode_core.c linux-2.6.32.1/arch/x86/kernel/microcode_core.c
11522 --- linux-2.6.32.1/arch/x86/kernel/microcode_core.c 2009-12-02 22:51:21.000000000 -0500
11523 +++ linux-2.6.32.1/arch/x86/kernel/microcode_core.c 2009-12-14 18:33:51.720706008 -0500
11524 @@ -90,7 +90,7 @@ MODULE_LICENSE("GPL");
11526 #define MICROCODE_VERSION "2.00"
11528 -static struct microcode_ops *microcode_ops;
11529 +static const struct microcode_ops *microcode_ops;
11533 diff -urNp linux-2.6.32.1/arch/x86/kernel/microcode_intel.c linux-2.6.32.1/arch/x86/kernel/microcode_intel.c
11534 --- linux-2.6.32.1/arch/x86/kernel/microcode_intel.c 2009-12-02 22:51:21.000000000 -0500
11535 +++ linux-2.6.32.1/arch/x86/kernel/microcode_intel.c 2009-12-14 18:33:51.720706008 -0500
11536 @@ -443,13 +443,13 @@ static enum ucode_state request_microcod
11538 static int get_ucode_user(void *to, const void *from, size_t n)
11540 - return copy_from_user(to, from, n);
11541 + return copy_from_user(to, (__force const void __user *)from, n);
11544 static enum ucode_state
11545 request_microcode_user(int cpu, const void __user *buf, size_t size)
11547 - return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
11548 + return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user);
11551 static void microcode_fini_cpu(int cpu)
11552 @@ -460,7 +460,7 @@ static void microcode_fini_cpu(int cpu)
11556 -static struct microcode_ops microcode_intel_ops = {
11557 +static const struct microcode_ops microcode_intel_ops = {
11558 .request_microcode_user = request_microcode_user,
11559 .request_microcode_fw = request_microcode_fw,
11560 .collect_cpu_info = collect_cpu_info,
11561 @@ -468,7 +468,7 @@ static struct microcode_ops microcode_in
11562 .microcode_fini_cpu = microcode_fini_cpu,
11565 -struct microcode_ops * __init init_intel_microcode(void)
11566 +const struct microcode_ops * __init init_intel_microcode(void)
11568 return µcode_intel_ops;
11570 diff -urNp linux-2.6.32.1/arch/x86/kernel/module.c linux-2.6.32.1/arch/x86/kernel/module.c
11571 --- linux-2.6.32.1/arch/x86/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
11572 +++ linux-2.6.32.1/arch/x86/kernel/module.c 2009-12-14 18:33:51.721716979 -0500
11574 #define DEBUGP(fmt...)
11577 -void *module_alloc(unsigned long size)
11578 +static void *__module_alloc(unsigned long size, pgprot_t prot)
11580 struct vm_struct *area;
11582 @@ -48,9 +48,90 @@ void *module_alloc(unsigned long size)
11586 - return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM,
11587 - PAGE_KERNEL_EXEC);
11588 + return __vmalloc_area(area, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, prot);
11591 +#ifdef CONFIG_PAX_KERNEXEC
11592 +#ifdef CONFIG_X86_32
11593 +void *module_alloc(unsigned long size)
11595 + return __module_alloc(size, PAGE_KERNEL);
11598 +void *module_alloc_exec(unsigned long size)
11600 + struct vm_struct *area;
11605 + area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_EXEC_VADDR, (unsigned long)&MODULES_EXEC_END);
11607 + return area->addr;
11611 +EXPORT_SYMBOL(module_alloc_exec);
11613 +void module_free_exec(struct module *mod, void *module_region)
11615 + struct vm_struct **p, *tmp;
11617 + if (!module_region)
11620 + if ((PAGE_SIZE-1) & (unsigned long)module_region) {
11621 + printk(KERN_ERR "Trying to module_free_exec() bad address (%p)\n", module_region);
11626 + write_lock(&vmlist_lock);
11627 + for (p = &vmlist; (tmp = *p) != NULL; p = &tmp->next)
11628 + if (tmp->addr == module_region)
11632 + pax_open_kernel();
11633 + memset(tmp->addr, 0xCC, tmp->size);
11634 + pax_close_kernel();
11639 + write_unlock(&vmlist_lock);
11642 + printk(KERN_ERR "Trying to module_free_exec() nonexistent vm area (%p)\n",
11647 +EXPORT_SYMBOL(module_free_exec);
11649 +void *module_alloc(unsigned long size)
11651 + return __module_alloc(size, PAGE_KERNEL);
11654 +void module_free_exec(struct module *mod, void *module_region)
11656 + module_free(mod, module_region);
11658 +EXPORT_SYMBOL(module_free_exec);
11660 +void *module_alloc_exec(unsigned long size)
11662 + return __module_alloc(size, PAGE_KERNEL_RX);
11664 +EXPORT_SYMBOL(module_alloc_exec);
11667 +void *module_alloc(unsigned long size)
11669 + return __module_alloc(size, PAGE_KERNEL_EXEC);
11673 /* Free memory returned from module_alloc */
11674 void module_free(struct module *mod, void *module_region)
11675 @@ -77,14 +158,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
11677 Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
11679 - uint32_t *location;
11680 + uint32_t *plocation, location;
11682 DEBUGP("Applying relocate section %u to %u\n", relsec,
11683 sechdrs[relsec].sh_info);
11684 for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
11685 /* This is where to make the change */
11686 - location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
11687 - + rel[i].r_offset;
11688 + plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset;
11689 + location = (uint32_t)plocation;
11690 + if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR)
11691 + plocation = ktla_ktva((void *)plocation);
11692 /* This is the symbol it is referring to. Note that all
11693 undefined symbols have been resolved. */
11694 sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
11695 @@ -93,11 +176,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
11696 switch (ELF32_R_TYPE(rel[i].r_info)) {
11698 /* We add the value into the location given */
11699 - *location += sym->st_value;
11700 + pax_open_kernel();
11701 + *plocation += sym->st_value;
11702 + pax_close_kernel();
11705 /* Add the value, subtract its postition */
11706 - *location += sym->st_value - (uint32_t)location;
11707 + pax_open_kernel();
11708 + *plocation += sym->st_value - location;
11709 + pax_close_kernel();
11712 printk(KERN_ERR "module %s: Unknown relocation: %u\n",
11713 @@ -153,21 +240,30 @@ int apply_relocate_add(Elf64_Shdr *sechd
11714 case R_X86_64_NONE:
11717 + pax_open_kernel();
11719 + pax_close_kernel();
11722 + pax_open_kernel();
11724 + pax_close_kernel();
11725 if (val != *(u32 *)loc)
11729 + pax_open_kernel();
11731 + pax_close_kernel();
11732 if ((s64)val != *(s32 *)loc)
11735 case R_X86_64_PC32:
11737 + pax_open_kernel();
11739 + pax_close_kernel();
11742 if ((s64)val != *(s32 *)loc)
11744 diff -urNp linux-2.6.32.1/arch/x86/kernel/paravirt.c linux-2.6.32.1/arch/x86/kernel/paravirt.c
11745 --- linux-2.6.32.1/arch/x86/kernel/paravirt.c 2009-12-02 22:51:21.000000000 -0500
11746 +++ linux-2.6.32.1/arch/x86/kernel/paravirt.c 2009-12-14 18:33:51.721716979 -0500
11747 @@ -120,9 +120,9 @@ unsigned paravirt_patch_jmp(void *insnbu
11749 /* Neat trick to map patch type back to the call within the
11750 * corresponding structure. */
11751 -static void *get_call_destination(u8 type)
11752 +static const void *get_call_destination(u8 type)
11754 - struct paravirt_patch_template tmpl = {
11755 + const struct paravirt_patch_template tmpl = {
11756 .pv_init_ops = pv_init_ops,
11757 .pv_time_ops = pv_time_ops,
11758 .pv_cpu_ops = pv_cpu_ops,
11759 @@ -133,13 +133,13 @@ static void *get_call_destination(u8 typ
11760 .pv_lock_ops = pv_lock_ops,
11763 - return *((void **)&tmpl + type);
11764 + return *((const void **)&tmpl + type);
11767 unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf,
11768 unsigned long addr, unsigned len)
11770 - void *opfunc = get_call_destination(type);
11771 + const void *opfunc = get_call_destination(type);
11774 if (opfunc == NULL)
11775 @@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn
11776 if (insn_len > len || start == NULL)
11779 - memcpy(insnbuf, start, insn_len);
11780 + memcpy(insnbuf, ktla_ktva(start), insn_len);
11784 @@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void)
11788 -struct pv_info pv_info = {
11789 +struct pv_info pv_info __read_only = {
11790 .name = "bare hardware",
11791 .paravirt_enabled = 0,
11793 .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */
11796 -struct pv_init_ops pv_init_ops = {
11797 +struct pv_init_ops pv_init_ops __read_only = {
11798 .patch = native_patch,
11801 -struct pv_time_ops pv_time_ops = {
11802 +struct pv_time_ops pv_time_ops __read_only = {
11803 .sched_clock = native_sched_clock,
11806 -struct pv_irq_ops pv_irq_ops = {
11807 +struct pv_irq_ops pv_irq_ops __read_only = {
11808 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
11809 .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
11810 .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
11811 @@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops = {
11815 -struct pv_cpu_ops pv_cpu_ops = {
11816 +struct pv_cpu_ops pv_cpu_ops __read_only = {
11817 .cpuid = native_cpuid,
11818 .get_debugreg = native_get_debugreg,
11819 .set_debugreg = native_set_debugreg,
11820 @@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops = {
11821 .end_context_switch = paravirt_nop,
11824 -struct pv_apic_ops pv_apic_ops = {
11825 +struct pv_apic_ops pv_apic_ops __read_only = {
11826 #ifdef CONFIG_X86_LOCAL_APIC
11827 .startup_ipi_hook = paravirt_nop,
11829 @@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops = {
11830 #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64)
11833 -struct pv_mmu_ops pv_mmu_ops = {
11834 +struct pv_mmu_ops pv_mmu_ops __read_only = {
11836 .read_cr2 = native_read_cr2,
11837 .write_cr2 = native_write_cr2,
11838 @@ -467,6 +467,12 @@ struct pv_mmu_ops pv_mmu_ops = {
11841 .set_fixmap = native_set_fixmap,
11843 +#ifdef CONFIG_PAX_KERNEXEC
11844 + .pax_open_kernel = native_pax_open_kernel,
11845 + .pax_close_kernel = native_pax_close_kernel,
11850 EXPORT_SYMBOL_GPL(pv_time_ops);
11851 diff -urNp linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c
11852 --- linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c 2009-12-02 22:51:21.000000000 -0500
11853 +++ linux-2.6.32.1/arch/x86/kernel/paravirt-spinlocks.c 2009-12-14 18:33:51.721716979 -0500
11854 @@ -13,7 +13,7 @@ default_spin_lock_flags(raw_spinlock_t *
11855 __raw_spin_lock(lock);
11858 -struct pv_lock_ops pv_lock_ops = {
11859 +struct pv_lock_ops pv_lock_ops __read_only = {
11861 .spin_is_locked = __ticket_spin_is_locked,
11862 .spin_is_contended = __ticket_spin_is_contended,
11863 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c
11864 --- linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c 2009-12-02 22:51:21.000000000 -0500
11865 +++ linux-2.6.32.1/arch/x86/kernel/pci-calgary_64.c 2009-12-14 18:33:51.722702563 -0500
11866 @@ -470,7 +470,7 @@ static void calgary_free_coherent(struct
11867 free_pages((unsigned long)vaddr, get_order(size));
11870 -static struct dma_map_ops calgary_dma_ops = {
11871 +static const struct dma_map_ops calgary_dma_ops = {
11872 .alloc_coherent = calgary_alloc_coherent,
11873 .free_coherent = calgary_free_coherent,
11874 .map_sg = calgary_map_sg,
11875 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-dma.c linux-2.6.32.1/arch/x86/kernel/pci-dma.c
11876 --- linux-2.6.32.1/arch/x86/kernel/pci-dma.c 2009-12-02 22:51:21.000000000 -0500
11877 +++ linux-2.6.32.1/arch/x86/kernel/pci-dma.c 2009-12-14 18:33:51.722702563 -0500
11880 static int forbid_dac __read_mostly;
11882 -struct dma_map_ops *dma_ops;
11883 +const struct dma_map_ops *dma_ops;
11884 EXPORT_SYMBOL(dma_ops);
11886 static int iommu_sac_force __read_mostly;
11887 @@ -243,7 +243,7 @@ early_param("iommu", iommu_setup);
11889 int dma_supported(struct device *dev, u64 mask)
11891 - struct dma_map_ops *ops = get_dma_ops(dev);
11892 + const struct dma_map_ops *ops = get_dma_ops(dev);
11895 if (mask > 0xffffffff && forbid_dac > 0) {
11896 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c
11897 --- linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c 2009-12-02 22:51:21.000000000 -0500
11898 +++ linux-2.6.32.1/arch/x86/kernel/pci-gart_64.c 2009-12-14 18:33:51.722702563 -0500
11899 @@ -679,7 +679,7 @@ static __init int init_k8_gatt(struct ag
11903 -static struct dma_map_ops gart_dma_ops = {
11904 +static const struct dma_map_ops gart_dma_ops = {
11905 .map_sg = gart_map_sg,
11906 .unmap_sg = gart_unmap_sg,
11907 .map_page = gart_map_page,
11908 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-nommu.c linux-2.6.32.1/arch/x86/kernel/pci-nommu.c
11909 --- linux-2.6.32.1/arch/x86/kernel/pci-nommu.c 2009-12-02 22:51:21.000000000 -0500
11910 +++ linux-2.6.32.1/arch/x86/kernel/pci-nommu.c 2009-12-14 18:33:51.723705512 -0500
11911 @@ -94,7 +94,7 @@ static void nommu_sync_sg_for_device(str
11912 flush_write_buffers();
11915 -struct dma_map_ops nommu_dma_ops = {
11916 +const struct dma_map_ops nommu_dma_ops = {
11917 .alloc_coherent = dma_generic_alloc_coherent,
11918 .free_coherent = nommu_free_coherent,
11919 .map_sg = nommu_map_sg,
11920 diff -urNp linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c
11921 --- linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c 2009-12-02 22:51:21.000000000 -0500
11922 +++ linux-2.6.32.1/arch/x86/kernel/pci-swiotlb.c 2009-12-14 18:33:51.723705512 -0500
11923 @@ -25,7 +25,7 @@ static void *x86_swiotlb_alloc_coherent(
11924 return swiotlb_alloc_coherent(hwdev, size, dma_handle, flags);
11927 -static struct dma_map_ops swiotlb_dma_ops = {
11928 +static const struct dma_map_ops swiotlb_dma_ops = {
11929 .mapping_error = swiotlb_dma_mapping_error,
11930 .alloc_coherent = x86_swiotlb_alloc_coherent,
11931 .free_coherent = swiotlb_free_coherent,
11932 diff -urNp linux-2.6.32.1/arch/x86/kernel/process_32.c linux-2.6.32.1/arch/x86/kernel/process_32.c
11933 --- linux-2.6.32.1/arch/x86/kernel/process_32.c 2009-12-02 22:51:21.000000000 -0500
11934 +++ linux-2.6.32.1/arch/x86/kernel/process_32.c 2009-12-14 18:33:51.723705512 -0500
11935 @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __as
11936 unsigned long thread_saved_pc(struct task_struct *tsk)
11938 return ((unsigned long *)tsk->thread.sp)[3];
11939 +//XXX return tsk->thread.eip;
11943 @@ -129,7 +130,7 @@ void __show_regs(struct pt_regs *regs, i
11944 unsigned short ss, gs;
11947 - if (user_mode_vm(regs)) {
11948 + if (user_mode(regs)) {
11950 ss = regs->ss & 0xffff;
11951 gs = get_user_gs(regs);
11952 @@ -210,8 +211,8 @@ int kernel_thread(int (*fn)(void *), voi
11953 regs.bx = (unsigned long) fn;
11954 regs.dx = (unsigned long) arg;
11956 - regs.ds = __USER_DS;
11957 - regs.es = __USER_DS;
11958 + regs.ds = __KERNEL_DS;
11959 + regs.es = __KERNEL_DS;
11960 regs.fs = __KERNEL_PERCPU;
11961 regs.gs = __KERNEL_STACK_CANARY;
11963 @@ -247,7 +248,7 @@ int copy_thread(unsigned long clone_flag
11964 struct task_struct *tsk;
11967 - childregs = task_pt_regs(p);
11968 + childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
11969 *childregs = *regs;
11971 childregs->sp = sp;
11972 @@ -276,6 +277,7 @@ int copy_thread(unsigned long clone_flag
11973 * Set a new TLS for the child thread?
11975 if (clone_flags & CLONE_SETTLS)
11976 +//XXX needs set_fs()?
11977 err = do_set_thread_area(p, -1,
11978 (struct user_desc __user *)childregs->si, 0);
11980 @@ -346,7 +348,7 @@ __switch_to(struct task_struct *prev_p,
11981 struct thread_struct *prev = &prev_p->thread,
11982 *next = &next_p->thread;
11983 int cpu = smp_processor_id();
11984 - struct tss_struct *tss = &per_cpu(init_tss, cpu);
11985 + struct tss_struct *tss = init_tss + cpu;
11988 /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
11989 @@ -381,6 +383,11 @@ __switch_to(struct task_struct *prev_p,
11991 lazy_save_gs(prev->gs);
11993 +#ifdef CONFIG_PAX_MEMORY_UDEREF
11994 + if (!segment_eq(task_thread_info(prev_p)->addr_limit, task_thread_info(next_p)->addr_limit))
11995 + __set_fs(task_thread_info(next_p)->addr_limit, cpu);
11999 * Load the per-thread Thread-Local Storage descriptor.
12001 @@ -497,3 +504,27 @@ unsigned long get_wchan(struct task_stru
12005 +#ifdef CONFIG_PAX_RANDKSTACK
12006 +asmlinkage void pax_randomize_kstack(void)
12008 + struct thread_struct *thread = ¤t->thread;
12009 + unsigned long time;
12011 + if (!randomize_va_space)
12016 + /* P4 seems to return a 0 LSB, ignore it */
12017 +#ifdef CONFIG_MPENTIUM4
12025 + thread->sp0 ^= time;
12026 + load_sp0(init_tss + smp_processor_id(), thread);
12029 diff -urNp linux-2.6.32.1/arch/x86/kernel/process_64.c linux-2.6.32.1/arch/x86/kernel/process_64.c
12030 --- linux-2.6.32.1/arch/x86/kernel/process_64.c 2009-12-02 22:51:21.000000000 -0500
12031 +++ linux-2.6.32.1/arch/x86/kernel/process_64.c 2009-12-14 18:33:51.724703151 -0500
12032 @@ -91,7 +91,7 @@ static void __exit_idle(void)
12033 void exit_idle(void)
12035 /* idle loop has pid 0 */
12036 - if (current->pid)
12037 + if (task_pid_nr(current))
12041 @@ -170,7 +170,7 @@ void __show_regs(struct pt_regs *regs, i
12044 printk(KERN_INFO "Pid: %d, comm: %.20s xid: #%u %s %s %.*s %s\n",
12045 - current->pid, current->comm, current->xid, print_tainted(),
12046 + task_pid_nr(current), current->comm, current->xid, print_tainted(),
12047 init_utsname()->release,
12048 (int)strcspn(init_utsname()->version, " "),
12049 init_utsname()->version, board);
12050 @@ -381,7 +381,7 @@ __switch_to(struct task_struct *prev_p,
12051 struct thread_struct *prev = &prev_p->thread;
12052 struct thread_struct *next = &next_p->thread;
12053 int cpu = smp_processor_id();
12054 - struct tss_struct *tss = &per_cpu(init_tss, cpu);
12055 + struct tss_struct *tss = init_tss + cpu;
12056 unsigned fsindex, gsindex;
12059 @@ -549,12 +549,11 @@ unsigned long get_wchan(struct task_stru
12060 if (!p || p == current || p->state == TASK_RUNNING)
12062 stack = (unsigned long)task_stack_page(p);
12063 - if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
12064 + if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE-8-sizeof(u64))
12066 fp = *(u64 *)(p->thread.sp);
12068 - if (fp < (unsigned long)stack ||
12069 - fp >= (unsigned long)stack+THREAD_SIZE)
12070 + if (fp < stack || fp > stack+THREAD_SIZE-8-sizeof(u64))
12072 ip = *(u64 *)(fp+8);
12073 if (!in_sched_functions(ip))
12074 diff -urNp linux-2.6.32.1/arch/x86/kernel/process.c linux-2.6.32.1/arch/x86/kernel/process.c
12075 --- linux-2.6.32.1/arch/x86/kernel/process.c 2009-12-02 22:51:21.000000000 -0500
12076 +++ linux-2.6.32.1/arch/x86/kernel/process.c 2009-12-14 18:33:51.734707193 -0500
12077 @@ -73,7 +73,7 @@ void exit_thread(void)
12078 unsigned long *bp = t->io_bitmap_ptr;
12081 - struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
12082 + struct tss_struct *tss = init_tss + get_cpu();
12084 t->io_bitmap_ptr = NULL;
12085 clear_thread_flag(TIF_IO_BITMAP);
12086 @@ -105,6 +105,9 @@ void flush_thread(void)
12088 clear_tsk_thread_flag(tsk, TIF_DEBUG);
12090 +#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR)
12091 + loadsegment(gs, 0);
12093 tsk->thread.debugreg0 = 0;
12094 tsk->thread.debugreg1 = 0;
12095 tsk->thread.debugreg2 = 0;
12096 @@ -596,17 +599,3 @@ static int __init idle_setup(char *str)
12099 early_param("idle", idle_setup);
12101 -unsigned long arch_align_stack(unsigned long sp)
12103 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
12104 - sp -= get_random_int() % 8192;
12105 - return sp & ~0xf;
12108 -unsigned long arch_randomize_brk(struct mm_struct *mm)
12110 - unsigned long range_end = mm->brk + 0x02000000;
12111 - return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
12114 diff -urNp linux-2.6.32.1/arch/x86/kernel/ptrace.c linux-2.6.32.1/arch/x86/kernel/ptrace.c
12115 --- linux-2.6.32.1/arch/x86/kernel/ptrace.c 2009-12-02 22:51:21.000000000 -0500
12116 +++ linux-2.6.32.1/arch/x86/kernel/ptrace.c 2009-12-14 18:33:51.734707193 -0500
12117 @@ -925,7 +925,7 @@ static const struct user_regset_view use
12118 long arch_ptrace(struct task_struct *child, long request, long addr, long data)
12121 - unsigned long __user *datap = (unsigned long __user *)data;
12122 + unsigned long __user *datap = (__force unsigned long __user *)data;
12125 /* read the word at location addr in the USER area. */
12126 @@ -1012,14 +1012,14 @@ long arch_ptrace(struct task_struct *chi
12129 ret = do_get_thread_area(child, addr,
12130 - (struct user_desc __user *) data);
12131 + (__force struct user_desc __user *) data);
12134 case PTRACE_SET_THREAD_AREA:
12137 ret = do_set_thread_area(child, addr,
12138 - (struct user_desc __user *) data, 0);
12139 + (__force struct user_desc __user *) data, 0);
12143 @@ -1038,12 +1038,12 @@ long arch_ptrace(struct task_struct *chi
12144 #ifdef CONFIG_X86_PTRACE_BTS
12145 case PTRACE_BTS_CONFIG:
12146 ret = ptrace_bts_config
12147 - (child, data, (struct ptrace_bts_config __user *)addr);
12148 + (child, data, (__force struct ptrace_bts_config __user *)addr);
12151 case PTRACE_BTS_STATUS:
12152 ret = ptrace_bts_status
12153 - (child, data, (struct ptrace_bts_config __user *)addr);
12154 + (child, data, (__force struct ptrace_bts_config __user *)addr);
12157 case PTRACE_BTS_SIZE:
12158 @@ -1052,7 +1052,7 @@ long arch_ptrace(struct task_struct *chi
12160 case PTRACE_BTS_GET:
12161 ret = ptrace_bts_read_record
12162 - (child, data, (struct bts_struct __user *) addr);
12163 + (child, data, (__force struct bts_struct __user *) addr);
12166 case PTRACE_BTS_CLEAR:
12167 @@ -1061,7 +1061,7 @@ long arch_ptrace(struct task_struct *chi
12169 case PTRACE_BTS_DRAIN:
12170 ret = ptrace_bts_drain
12171 - (child, data, (struct bts_struct __user *) addr);
12172 + (child, data, (__force struct bts_struct __user *) addr);
12174 #endif /* CONFIG_X86_PTRACE_BTS */
12176 @@ -1450,7 +1450,7 @@ void send_sigtrap(struct task_struct *ts
12177 info.si_code = si_code;
12179 /* User-mode ip? */
12180 - info.si_addr = user_mode_vm(regs) ? (void __user *) regs->ip : NULL;
12181 + info.si_addr = user_mode(regs) ? (__force void __user *) regs->ip : NULL;
12183 /* Send us the fake SIGTRAP */
12184 force_sig_info(SIGTRAP, &info, tsk);
12185 diff -urNp linux-2.6.32.1/arch/x86/kernel/reboot.c linux-2.6.32.1/arch/x86/kernel/reboot.c
12186 --- linux-2.6.32.1/arch/x86/kernel/reboot.c 2009-12-02 22:51:21.000000000 -0500
12187 +++ linux-2.6.32.1/arch/x86/kernel/reboot.c 2009-12-14 18:33:51.734707193 -0500
12188 @@ -33,7 +33,7 @@ void (*pm_power_off)(void);
12189 EXPORT_SYMBOL(pm_power_off);
12191 static const struct desc_ptr no_idt = {};
12192 -static int reboot_mode;
12193 +static unsigned short reboot_mode;
12194 enum reboot_type reboot_type = BOOT_KBD;
12197 @@ -259,7 +259,7 @@ static struct dmi_system_id __initdata r
12198 DMI_MATCH(DMI_PRODUCT_NAME, "SBC-FITPC2"),
12202 + { NULL, NULL, {{0, {0}}}, NULL}
12205 static int __init reboot_init(void)
12206 @@ -275,12 +275,12 @@ core_initcall(reboot_init);
12207 controller to pulse the CPU reset line, which is more thorough, but
12208 doesn't work with at least one type of 486 motherboard. It is easy
12209 to stop this code working; hence the copious comments. */
12210 -static const unsigned long long
12211 -real_mode_gdt_entries [3] =
12212 +static struct desc_struct
12213 +real_mode_gdt_entries [3] __read_only =
12215 - 0x0000000000000000ULL, /* Null descriptor */
12216 - 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */
12217 - 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */
12218 + GDT_ENTRY_INIT(0, 0, 0), /* Null descriptor */
12219 + GDT_ENTRY_INIT(0x9b, 0, 0xffff), /* 16-bit real-mode 64k code at 0x00000000 */
12220 + GDT_ENTRY_INIT(0x93, 0x100, 0xffff) /* 16-bit real-mode 64k data at 0x00000100 */
12223 static const struct desc_ptr
12224 @@ -329,7 +329,7 @@ static const unsigned char jump_to_bios
12225 * specified by the code and length parameters.
12226 * We assume that length will aways be less that 100!
12228 -void machine_real_restart(const unsigned char *code, int length)
12229 +void machine_real_restart(const unsigned char *code, unsigned int length)
12231 local_irq_disable();
12233 @@ -349,8 +349,8 @@ void machine_real_restart(const unsigned
12234 /* Remap the kernel at virtual address zero, as well as offset zero
12235 from the kernel segment. This assumes the kernel segment starts at
12236 virtual address PAGE_OFFSET. */
12237 - memcpy(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
12238 - sizeof(swapper_pg_dir [0]) * KERNEL_PGD_PTRS);
12239 + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
12240 + min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
12243 * Use `swapper_pg_dir' as our page directory.
12244 @@ -362,16 +362,15 @@ void machine_real_restart(const unsigned
12245 boot)". This seems like a fairly standard thing that gets set by
12246 REBOOT.COM programs, and the previous reset routine did this
12248 - *((unsigned short *)0x472) = reboot_mode;
12249 + *(unsigned short *)(__va(0x472)) = reboot_mode;
12251 /* For the switch to real mode, copy some code to low memory. It has
12252 to be in the first 64k because it is running in 16-bit mode, and it
12253 has to have the same physical and virtual address, because it turns
12254 off paging. Copy it near the end of the first page, out of the way
12255 of BIOS variables. */
12256 - memcpy((void *)(0x1000 - sizeof(real_mode_switch) - 100),
12257 - real_mode_switch, sizeof (real_mode_switch));
12258 - memcpy((void *)(0x1000 - 100), code, length);
12259 + memcpy(__va(0x1000 - sizeof (real_mode_switch) - 100), real_mode_switch, sizeof (real_mode_switch));
12260 + memcpy(__va(0x1000 - 100), code, length);
12262 /* Set up the IDT for real mode. */
12263 load_idt(&real_mode_idt);
12264 diff -urNp linux-2.6.32.1/arch/x86/kernel/setup.c linux-2.6.32.1/arch/x86/kernel/setup.c
12265 --- linux-2.6.32.1/arch/x86/kernel/setup.c 2009-12-02 22:51:21.000000000 -0500
12266 +++ linux-2.6.32.1/arch/x86/kernel/setup.c 2009-12-14 18:33:51.735708242 -0500
12267 @@ -762,14 +762,14 @@ void __init setup_arch(char **cmdline_p)
12269 if (!boot_params.hdr.root_flags)
12270 root_mountflags &= ~MS_RDONLY;
12271 - init_mm.start_code = (unsigned long) _text;
12272 - init_mm.end_code = (unsigned long) _etext;
12273 + init_mm.start_code = ktla_ktva((unsigned long) _text);
12274 + init_mm.end_code = ktla_ktva((unsigned long) _etext);
12275 init_mm.end_data = (unsigned long) _edata;
12276 init_mm.brk = _brk_end;
12278 - code_resource.start = virt_to_phys(_text);
12279 - code_resource.end = virt_to_phys(_etext)-1;
12280 - data_resource.start = virt_to_phys(_etext);
12281 + code_resource.start = virt_to_phys(ktla_ktva(_text));
12282 + code_resource.end = virt_to_phys(ktla_ktva(_etext))-1;
12283 + data_resource.start = virt_to_phys(_sdata);
12284 data_resource.end = virt_to_phys(_edata)-1;
12285 bss_resource.start = virt_to_phys(&__bss_start);
12286 bss_resource.end = virt_to_phys(&__bss_stop)-1;
12287 diff -urNp linux-2.6.32.1/arch/x86/kernel/setup_percpu.c linux-2.6.32.1/arch/x86/kernel/setup_percpu.c
12288 --- linux-2.6.32.1/arch/x86/kernel/setup_percpu.c 2009-12-02 22:51:21.000000000 -0500
12289 +++ linux-2.6.32.1/arch/x86/kernel/setup_percpu.c 2009-12-14 18:33:51.735708242 -0500
12290 @@ -25,19 +25,17 @@
12295 DEFINE_PER_CPU(int, cpu_number);
12296 EXPORT_PER_CPU_SYMBOL(cpu_number);
12299 -#ifdef CONFIG_X86_64
12300 #define BOOT_PERCPU_OFFSET ((unsigned long)__per_cpu_load)
12302 -#define BOOT_PERCPU_OFFSET 0
12305 DEFINE_PER_CPU(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET;
12306 EXPORT_PER_CPU_SYMBOL(this_cpu_off);
12308 -unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = {
12309 +unsigned long __per_cpu_offset[NR_CPUS] __read_only = {
12310 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
12312 EXPORT_SYMBOL(__per_cpu_offset);
12313 @@ -158,13 +156,15 @@ static void __init pcpup_populate_pte(un
12314 static inline void setup_percpu_segment(int cpu)
12316 #ifdef CONFIG_X86_32
12317 - struct desc_struct gdt;
12318 + struct desc_struct d, *gdt = get_cpu_gdt_table(cpu);
12319 + unsigned long base = per_cpu_offset(cpu);
12320 + const unsigned long limit = VMALLOC_END - base - 1;
12322 - pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF,
12323 - 0x2 | DESCTYPE_S, 0x8);
12325 - write_gdt_entry(get_cpu_gdt_table(cpu),
12326 - GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
12327 + if (limit < 64*1024)
12328 + pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4);
12330 + pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
12331 + write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
12335 @@ -212,6 +212,11 @@ void __init setup_per_cpu_areas(void)
12336 /* alrighty, percpu areas up and running */
12337 delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
12338 for_each_possible_cpu(cpu) {
12339 +#ifdef CONFIG_CC_STACKPROTECTOR
12340 +#ifdef CONFIG_x86_32
12341 + unsigned long canary = per_cpu(stack_canary, cpu);
12344 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
12345 per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
12346 per_cpu(cpu_number, cpu) = cpu;
12347 @@ -239,6 +244,12 @@ void __init setup_per_cpu_areas(void)
12348 early_per_cpu_map(x86_cpu_to_node_map, cpu);
12351 +#ifdef CONFIG_CC_STACKPROTECTOR
12352 +#ifdef CONFIG_x86_32
12353 + if (cpu == boot_cpu_id)
12354 + per_cpu(stack_canary, cpu) = canary;
12358 * Up to this point, the boot CPU has been using .data.init
12359 * area. Reload any changed state for the boot CPU.
12360 diff -urNp linux-2.6.32.1/arch/x86/kernel/signal.c linux-2.6.32.1/arch/x86/kernel/signal.c
12361 --- linux-2.6.32.1/arch/x86/kernel/signal.c 2009-12-02 22:51:21.000000000 -0500
12362 +++ linux-2.6.32.1/arch/x86/kernel/signal.c 2009-12-14 18:33:51.735708242 -0500
12363 @@ -197,7 +197,7 @@ static unsigned long align_sigframe(unsi
12364 * Align the stack pointer according to the i386 ABI,
12365 * i.e. so that on function entry ((sp + 4) & 15) == 0.
12367 - sp = ((sp + 4) & -16ul) - 4;
12368 + sp = ((sp - 12) & -16ul) - 4;
12369 #else /* !CONFIG_X86_32 */
12370 sp = round_down(sp, 16) - 8;
12372 @@ -248,11 +248,11 @@ get_sigframe(struct k_sigaction *ka, str
12373 * Return an always-bogus address instead so we will die with SIGSEGV.
12375 if (onsigstack && !likely(on_sig_stack(sp)))
12376 - return (void __user *)-1L;
12377 + return (__force void __user *)-1L;
12379 /* save i387 state */
12380 if (used_math() && save_i387_xstate(*fpstate) < 0)
12381 - return (void __user *)-1L;
12382 + return (__force void __user *)-1L;
12384 return (void __user *)sp;
12386 @@ -307,9 +307,9 @@ __setup_frame(int sig, struct k_sigactio
12389 if (current->mm->context.vdso)
12390 - restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
12391 + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
12393 - restorer = &frame->retcode;
12394 + restorer = (void __user *)&frame->retcode;
12395 if (ka->sa.sa_flags & SA_RESTORER)
12396 restorer = ka->sa.sa_restorer;
12398 @@ -323,7 +323,7 @@ __setup_frame(int sig, struct k_sigactio
12399 * reasons and because gdb uses it as a signature to notice
12400 * signal handler stack frames.
12402 - err |= __put_user(*((u64 *)&retcode), (u64 *)frame->retcode);
12403 + err |= __put_user(*((u64 *)&retcode), (u64 __user *)frame->retcode);
12407 @@ -377,7 +377,7 @@ static int __setup_rt_frame(int sig, str
12408 err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
12410 /* Set up to return from userspace. */
12411 - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
12412 + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
12413 if (ka->sa.sa_flags & SA_RESTORER)
12414 restorer = ka->sa.sa_restorer;
12415 put_user_ex(restorer, &frame->pretcode);
12416 @@ -389,7 +389,7 @@ static int __setup_rt_frame(int sig, str
12417 * reasons and because gdb uses it as a signature to notice
12418 * signal handler stack frames.
12420 - put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode);
12421 + put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode);
12422 } put_user_catch(err);
12425 @@ -789,7 +789,7 @@ static void do_signal(struct pt_regs *re
12426 * X86_32: vm86 regs switched out by assembly code before reaching
12427 * here, so testing against kernel CS suffices.
12429 - if (!user_mode(regs))
12430 + if (!user_mode_novm(regs))
12433 if (current_thread_info()->status & TS_RESTORE_SIGMASK)
12434 diff -urNp linux-2.6.32.1/arch/x86/kernel/smpboot.c linux-2.6.32.1/arch/x86/kernel/smpboot.c
12435 --- linux-2.6.32.1/arch/x86/kernel/smpboot.c 2009-12-02 22:51:21.000000000 -0500
12436 +++ linux-2.6.32.1/arch/x86/kernel/smpboot.c 2009-12-14 18:33:51.752708412 -0500
12437 @@ -729,7 +729,11 @@ do_rest:
12438 (unsigned long)task_stack_page(c_idle.idle) -
12439 KERNEL_STACK_OFFSET + THREAD_SIZE;
12442 + pax_open_kernel();
12443 early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
12444 + pax_close_kernel();
12446 initial_code = (unsigned long)start_secondary;
12447 stack_start.sp = (void *) c_idle.idle->thread.sp;
12449 diff -urNp linux-2.6.32.1/arch/x86/kernel/step.c linux-2.6.32.1/arch/x86/kernel/step.c
12450 --- linux-2.6.32.1/arch/x86/kernel/step.c 2009-12-02 22:51:21.000000000 -0500
12451 +++ linux-2.6.32.1/arch/x86/kernel/step.c 2009-12-14 18:33:51.752708412 -0500
12452 @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struc
12453 struct desc_struct *desc;
12454 unsigned long base;
12459 mutex_lock(&child->mm->context.lock);
12460 - if (unlikely((seg >> 3) >= child->mm->context.size))
12461 + if (unlikely(seg >= child->mm->context.size))
12462 addr = -1L; /* bogus selector, access would fault */
12464 desc = child->mm->context.ldt + seg;
12465 @@ -53,6 +53,9 @@ static int is_setting_trap_flag(struct t
12466 unsigned char opcode[15];
12467 unsigned long addr = convert_ip_to_linear(child, regs);
12469 + if (addr == -EINVAL)
12472 copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
12473 for (i = 0; i < copied; i++) {
12474 switch (opcode[i]) {
12475 @@ -74,7 +77,7 @@ static int is_setting_trap_flag(struct t
12477 #ifdef CONFIG_X86_64
12478 case 0x40 ... 0x4f:
12479 - if (regs->cs != __USER_CS)
12480 + if ((regs->cs & 0xffff) != __USER_CS)
12481 /* 32-bit mode: register increment */
12483 /* 64-bit mode: REX prefix */
12484 diff -urNp linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S
12485 --- linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S 2009-12-02 22:51:21.000000000 -0500
12486 +++ linux-2.6.32.1/arch/x86/kernel/syscall_table_32.S 2009-12-14 18:33:51.753706275 -0500
12488 +.section .rodata,"a",@progbits
12489 ENTRY(sys_call_table)
12490 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
12492 diff -urNp linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c
12493 --- linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c 2009-12-02 22:51:21.000000000 -0500
12494 +++ linux-2.6.32.1/arch/x86/kernel/sys_i386_32.c 2009-12-14 18:33:51.753706275 -0500
12497 #include <asm/syscalls.h>
12499 +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
12501 + unsigned long pax_task_size = TASK_SIZE;
12503 +#ifdef CONFIG_PAX_SEGMEXEC
12504 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
12505 + pax_task_size = SEGMEXEC_TASK_SIZE;
12508 + if (len > pax_task_size || addr > pax_task_size - len)
12514 asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
12515 unsigned long prot, unsigned long flags,
12516 unsigned long fd, unsigned long pgoff)
12517 @@ -83,6 +98,205 @@ out:
12522 +arch_get_unmapped_area(struct file *filp, unsigned long addr,
12523 + unsigned long len, unsigned long pgoff, unsigned long flags)
12525 + struct mm_struct *mm = current->mm;
12526 + struct vm_area_struct *vma;
12527 + unsigned long start_addr, pax_task_size = TASK_SIZE;
12529 +#ifdef CONFIG_PAX_SEGMEXEC
12530 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
12531 + pax_task_size = SEGMEXEC_TASK_SIZE;
12534 + if (len > pax_task_size)
12537 + if (flags & MAP_FIXED)
12540 +#ifdef CONFIG_PAX_RANDMMAP
12541 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12545 + addr = PAGE_ALIGN(addr);
12546 + vma = find_vma(mm, addr);
12547 + if (pax_task_size - len >= addr &&
12548 + (!vma || addr + len <= vma->vm_start))
12551 + if (len > mm->cached_hole_size) {
12552 + start_addr = addr = mm->free_area_cache;
12554 + start_addr = addr = mm->mmap_base;
12555 + mm->cached_hole_size = 0;
12558 +#ifdef CONFIG_PAX_PAGEEXEC
12559 + if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) {
12560 + start_addr = 0x00110000UL;
12562 +#ifdef CONFIG_PAX_RANDMMAP
12563 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12564 + start_addr += mm->delta_mmap & 0x03FFF000UL;
12567 + if (mm->start_brk <= start_addr && start_addr < mm->mmap_base)
12568 + start_addr = addr = mm->mmap_base;
12570 + addr = start_addr;
12575 + for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
12576 + /* At this point: (!vma || addr < vma->vm_end). */
12577 + if (pax_task_size - len < addr) {
12579 + * Start a new search - just in case we missed
12582 + if (start_addr != mm->mmap_base) {
12583 + start_addr = addr = mm->mmap_base;
12584 + mm->cached_hole_size = 0;
12585 + goto full_search;
12589 + if (!vma || addr + len <= vma->vm_start) {
12591 + * Remember the place where we stopped the search:
12593 + mm->free_area_cache = addr + len;
12596 + if (addr + mm->cached_hole_size < vma->vm_start)
12597 + mm->cached_hole_size = vma->vm_start - addr;
12598 + addr = vma->vm_end;
12599 + if (mm->start_brk <= addr && addr < mm->mmap_base) {
12600 + start_addr = addr = mm->mmap_base;
12601 + mm->cached_hole_size = 0;
12602 + goto full_search;
12608 +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
12609 + const unsigned long len, const unsigned long pgoff,
12610 + const unsigned long flags)
12612 + struct vm_area_struct *vma;
12613 + struct mm_struct *mm = current->mm;
12614 + unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE;
12616 +#ifdef CONFIG_PAX_SEGMEXEC
12617 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
12618 + pax_task_size = SEGMEXEC_TASK_SIZE;
12621 + /* requested length too big for entire address space */
12622 + if (len > pax_task_size)
12625 + if (flags & MAP_FIXED)
12628 +#ifdef CONFIG_PAX_PAGEEXEC
12629 + if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE))
12633 +#ifdef CONFIG_PAX_RANDMMAP
12634 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12637 + /* requesting a specific address */
12639 + addr = PAGE_ALIGN(addr);
12640 + vma = find_vma(mm, addr);
12641 + if (pax_task_size - len >= addr &&
12642 + (!vma || addr + len <= vma->vm_start))
12646 + /* check if free_area_cache is useful for us */
12647 + if (len <= mm->cached_hole_size) {
12648 + mm->cached_hole_size = 0;
12649 + mm->free_area_cache = mm->mmap_base;
12652 + /* either no address requested or can't fit in requested address hole */
12653 + addr = mm->free_area_cache;
12655 + /* make sure it can fit in the remaining address space */
12656 + if (addr > len) {
12657 + vma = find_vma(mm, addr-len);
12658 + if (!vma || addr <= vma->vm_start)
12659 + /* remember the address as a hint for next time */
12660 + return (mm->free_area_cache = addr-len);
12663 + if (mm->mmap_base < len)
12666 + addr = mm->mmap_base-len;
12670 + * Lookup failure means no vma is above this address,
12671 + * else if new region fits below vma->vm_start,
12672 + * return with success:
12674 + vma = find_vma(mm, addr);
12675 + if (!vma || addr+len <= vma->vm_start)
12676 + /* remember the address as a hint for next time */
12677 + return (mm->free_area_cache = addr);
12679 + /* remember the largest hole we saw so far */
12680 + if (addr + mm->cached_hole_size < vma->vm_start)
12681 + mm->cached_hole_size = vma->vm_start - addr;
12683 + /* try just below the current vma->vm_start */
12684 + addr = vma->vm_start-len;
12685 + } while (len < vma->vm_start);
12689 + * A failed mmap() very likely causes application failure,
12690 + * so fall back to the bottom-up function here. This scenario
12691 + * can happen with large stack limits and large mmap()
12695 +#ifdef CONFIG_PAX_SEGMEXEC
12696 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
12697 + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
12701 + mm->mmap_base = TASK_UNMAPPED_BASE;
12703 +#ifdef CONFIG_PAX_RANDMMAP
12704 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12705 + mm->mmap_base += mm->delta_mmap;
12708 + mm->free_area_cache = mm->mmap_base;
12709 + mm->cached_hole_size = ~0UL;
12710 + addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
12712 + * Restore the topdown base:
12714 + mm->mmap_base = base;
12715 + mm->free_area_cache = base;
12716 + mm->cached_hole_size = ~0UL;
12721 struct sel_arg_struct {
12723 @@ -118,7 +332,7 @@ asmlinkage int sys_ipc(uint call, int fi
12724 return sys_semtimedop(first, (struct sembuf __user *)ptr, second, NULL);
12726 return sys_semtimedop(first, (struct sembuf __user *)ptr, second,
12727 - (const struct timespec __user *)fifth);
12728 + (__force const struct timespec __user *)fifth);
12731 return sys_semget(first, second, third);
12732 @@ -165,7 +379,7 @@ asmlinkage int sys_ipc(uint call, int fi
12733 ret = do_shmat(first, (char __user *) ptr, second, &raddr);
12736 - return put_user(raddr, (ulong __user *) third);
12737 + return put_user(raddr, (__force ulong __user *) third);
12739 case 1: /* iBCS2 emulator entry point */
12740 if (!segment_eq(get_fs(), get_ds()))
12741 diff -urNp linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c
12742 --- linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c 2009-12-02 22:51:21.000000000 -0500
12743 +++ linux-2.6.32.1/arch/x86/kernel/sys_x86_64.c 2009-12-14 18:33:51.754713106 -0500
12744 @@ -47,8 +47,8 @@ out:
12748 -static void find_start_end(unsigned long flags, unsigned long *begin,
12749 - unsigned long *end)
12750 +static void find_start_end(struct mm_struct *mm, unsigned long flags,
12751 + unsigned long *begin, unsigned long *end)
12753 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) {
12754 unsigned long new_begin;
12755 @@ -67,7 +67,7 @@ static void find_start_end(unsigned long
12756 *begin = new_begin;
12759 - *begin = TASK_UNMAPPED_BASE;
12760 + *begin = mm->mmap_base;
12764 @@ -84,11 +84,15 @@ arch_get_unmapped_area(struct file *filp
12765 if (flags & MAP_FIXED)
12768 - find_start_end(flags, &begin, &end);
12769 + find_start_end(mm, flags, &begin, &end);
12774 +#ifdef CONFIG_PAX_RANDMMAP
12775 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12779 addr = PAGE_ALIGN(addr);
12780 vma = find_vma(mm, addr);
12781 @@ -143,7 +147,7 @@ arch_get_unmapped_area_topdown(struct fi
12783 struct vm_area_struct *vma;
12784 struct mm_struct *mm = current->mm;
12785 - unsigned long addr = addr0;
12786 + unsigned long base = mm->mmap_base, addr = addr0;
12788 /* requested length too big for entire address space */
12789 if (len > TASK_SIZE)
12790 @@ -156,6 +160,10 @@ arch_get_unmapped_area_topdown(struct fi
12791 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
12794 +#ifdef CONFIG_PAX_RANDMMAP
12795 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12798 /* requesting a specific address */
12800 addr = PAGE_ALIGN(addr);
12801 @@ -213,13 +221,21 @@ bottomup:
12802 * can happen with large stack limits and large mmap()
12805 + mm->mmap_base = TASK_UNMAPPED_BASE;
12807 +#ifdef CONFIG_PAX_RANDMMAP
12808 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12809 + mm->mmap_base += mm->delta_mmap;
12812 + mm->free_area_cache = mm->mmap_base;
12813 mm->cached_hole_size = ~0UL;
12814 - mm->free_area_cache = TASK_UNMAPPED_BASE;
12815 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
12817 * Restore the topdown base:
12819 - mm->free_area_cache = mm->mmap_base;
12820 + mm->mmap_base = base;
12821 + mm->free_area_cache = base;
12822 mm->cached_hole_size = ~0UL;
12825 diff -urNp linux-2.6.32.1/arch/x86/kernel/time.c linux-2.6.32.1/arch/x86/kernel/time.c
12826 --- linux-2.6.32.1/arch/x86/kernel/time.c 2009-12-02 22:51:21.000000000 -0500
12827 +++ linux-2.6.32.1/arch/x86/kernel/time.c 2009-12-14 18:33:51.754713106 -0500
12828 @@ -26,17 +26,13 @@
12832 -#ifdef CONFIG_X86_64
12833 -volatile unsigned long __jiffies __section_jiffies = INITIAL_JIFFIES;
12836 unsigned long profile_pc(struct pt_regs *regs)
12838 unsigned long pc = instruction_pointer(regs);
12840 - if (!user_mode_vm(regs) && in_lock_functions(pc)) {
12841 + if (!user_mode(regs) && in_lock_functions(pc)) {
12842 #ifdef CONFIG_FRAME_POINTER
12843 - return *(unsigned long *)(regs->bp + sizeof(long));
12844 + return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long)));
12846 unsigned long *sp =
12847 (unsigned long *)kernel_stack_pointer(regs);
12848 @@ -45,11 +41,17 @@ unsigned long profile_pc(struct pt_regs
12849 * or above a saved flags. Eflags has bits 22-31 zero,
12850 * kernel addresses don't.
12853 +#ifdef CONFIG_PAX_KERNEXEC
12854 + return ktla_ktva(sp[0]);
12866 diff -urNp linux-2.6.32.1/arch/x86/kernel/tls.c linux-2.6.32.1/arch/x86/kernel/tls.c
12867 --- linux-2.6.32.1/arch/x86/kernel/tls.c 2009-12-02 22:51:21.000000000 -0500
12868 +++ linux-2.6.32.1/arch/x86/kernel/tls.c 2009-12-14 18:33:51.754713106 -0500
12869 @@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struc
12870 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
12873 +#ifdef CONFIG_PAX_SEGMEXEC
12874 + if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE))
12878 set_tls_desc(p, idx, &info, 1);
12881 diff -urNp linux-2.6.32.1/arch/x86/kernel/trampoline_32.S linux-2.6.32.1/arch/x86/kernel/trampoline_32.S
12882 --- linux-2.6.32.1/arch/x86/kernel/trampoline_32.S 2009-12-02 22:51:21.000000000 -0500
12883 +++ linux-2.6.32.1/arch/x86/kernel/trampoline_32.S 2009-12-14 18:33:51.754713106 -0500
12885 #include <asm/segment.h>
12886 #include <asm/page_types.h>
12888 +#ifdef CONFIG_PAX_KERNEXEC
12891 +#define ta(X) ((X) - __PAGE_OFFSET)
12894 /* We can free up trampoline after bootup if cpu hotplug is not supported. */
12897 @@ -60,7 +66,7 @@ r_base = .
12898 inc %ax # protected mode (PE) bit
12899 lmsw %ax # into protected mode
12900 # flush prefetch and jump to startup_32_smp in arch/i386/kernel/head.S
12901 - ljmpl $__BOOT_CS, $(startup_32_smp-__PAGE_OFFSET)
12902 + ljmpl $__BOOT_CS, $ta(startup_32_smp)
12904 # These need to be in the same 64K segment as the above;
12905 # hence we don't use the boot_gdt_descr defined in head.S
12906 diff -urNp linux-2.6.32.1/arch/x86/kernel/traps.c linux-2.6.32.1/arch/x86/kernel/traps.c
12907 --- linux-2.6.32.1/arch/x86/kernel/traps.c 2009-12-02 22:51:21.000000000 -0500
12908 +++ linux-2.6.32.1/arch/x86/kernel/traps.c 2009-12-14 18:33:51.755710508 -0500
12909 @@ -69,12 +69,6 @@ asmlinkage int system_call(void);
12911 /* Do we ignore FPU interrupts ? */
12912 char ignore_fpu_irq;
12915 - * The IDT has to be page-aligned to simplify the Pentium
12916 - * F0 0F bug workaround.
12918 -gate_desc idt_table[NR_VECTORS] __page_aligned_data = { { { { 0, 0 } } }, };
12921 DECLARE_BITMAP(used_vectors, NR_VECTORS);
12922 @@ -112,7 +106,7 @@ static inline void preempt_conditional_c
12924 die_if_kernel(const char *str, struct pt_regs *regs, long err)
12926 - if (!user_mode_vm(regs))
12927 + if (!user_mode(regs))
12928 die(str, regs, err);
12931 @@ -124,7 +118,7 @@ do_trap(int trapnr, int signr, char *str
12932 struct task_struct *tsk = current;
12934 #ifdef CONFIG_X86_32
12935 - if (regs->flags & X86_VM_MASK) {
12936 + if (v8086_mode(regs)) {
12938 * traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
12939 * On nmi (interrupt 2), do_trap should not be called.
12940 @@ -135,7 +129,7 @@ do_trap(int trapnr, int signr, char *str
12944 - if (!user_mode(regs))
12945 + if (!user_mode_novm(regs))
12948 #ifdef CONFIG_X86_32
12949 @@ -158,7 +152,7 @@ trap_signal:
12950 printk_ratelimit()) {
12952 "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
12953 - tsk->comm, tsk->pid, str,
12954 + tsk->comm, task_pid_nr(tsk), str,
12955 regs->ip, regs->sp, error_code);
12956 print_vma_addr(" in ", regs->ip);
12958 @@ -177,6 +171,12 @@ kernel_trap:
12959 tsk->thread.trap_no = trapnr;
12960 die(str, regs, error_code);
12963 +#ifdef CONFIG_PAX_REFCOUNT
12965 + pax_report_refcount_overflow(regs);
12970 #ifdef CONFIG_X86_32
12971 @@ -265,14 +265,30 @@ do_general_protection(struct pt_regs *re
12972 conditional_sti(regs);
12974 #ifdef CONFIG_X86_32
12975 - if (regs->flags & X86_VM_MASK)
12976 + if (v8086_mode(regs))
12981 - if (!user_mode(regs))
12982 + if (!user_mode_novm(regs))
12985 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
12986 + if (!nx_enabled && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
12987 + struct mm_struct *mm = tsk->mm;
12988 + unsigned long limit;
12990 + down_write(&mm->mmap_sem);
12991 + limit = mm->context.user_cs_limit;
12992 + if (limit < TASK_SIZE) {
12993 + track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC);
12994 + up_write(&mm->mmap_sem);
12997 + up_write(&mm->mmap_sem);
13001 tsk->thread.error_code = error_code;
13002 tsk->thread.trap_no = 13;
13004 @@ -305,6 +321,13 @@ gp_in_kernel:
13005 if (notify_die(DIE_GPF, "general protection fault", regs,
13006 error_code, 13, SIGSEGV) == NOTIFY_STOP)
13009 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13010 + if ((regs->cs & 0xFFFF) == __KERNEL_CS)
13011 + die("PAX: suspicious general protection fault", regs, error_code);
13015 die("general protection fault", regs, error_code);
13018 @@ -558,7 +581,7 @@ dotraplinkage void __kprobes do_debug(st
13021 #ifdef CONFIG_X86_32
13022 - if (regs->flags & X86_VM_MASK)
13023 + if (v8086_mode(regs))
13027 @@ -570,7 +593,7 @@ dotraplinkage void __kprobes do_debug(st
13028 * kernel space (but re-enable TF when returning to user mode).
13030 if (condition & DR_STEP) {
13031 - if (!user_mode(regs))
13032 + if (!user_mode_novm(regs))
13033 goto clear_TF_reenable;
13036 @@ -757,7 +780,7 @@ do_simd_coprocessor_error(struct pt_regs
13037 * Handle strange cache flush from user space exception
13038 * in all other cases. This is undocumented behaviour.
13040 - if (regs->flags & X86_VM_MASK) {
13041 + if (v8086_mode(regs)) {
13042 handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code);
13045 diff -urNp linux-2.6.32.1/arch/x86/kernel/tsc.c linux-2.6.32.1/arch/x86/kernel/tsc.c
13046 --- linux-2.6.32.1/arch/x86/kernel/tsc.c 2009-12-02 22:51:21.000000000 -0500
13047 +++ linux-2.6.32.1/arch/x86/kernel/tsc.c 2009-12-14 18:33:51.755710508 -0500
13048 @@ -794,7 +794,7 @@ static struct dmi_system_id __initdata b
13049 DMI_MATCH(DMI_BOARD_NAME, "2635FA0"),
13053 + { NULL, NULL, {{0, {0}}}, NULL}
13056 static void __init check_system_tsc_reliable(void)
13057 diff -urNp linux-2.6.32.1/arch/x86/kernel/vm86_32.c linux-2.6.32.1/arch/x86/kernel/vm86_32.c
13058 --- linux-2.6.32.1/arch/x86/kernel/vm86_32.c 2009-12-02 22:51:21.000000000 -0500
13059 +++ linux-2.6.32.1/arch/x86/kernel/vm86_32.c 2009-12-14 18:33:51.755710508 -0500
13061 #include <linux/ptrace.h>
13062 #include <linux/audit.h>
13063 #include <linux/stddef.h>
13064 +#include <linux/grsecurity.h>
13066 #include <asm/uaccess.h>
13067 #include <asm/io.h>
13068 @@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct ke
13072 - tss = &per_cpu(init_tss, get_cpu());
13073 + tss = init_tss + get_cpu();
13074 current->thread.sp0 = current->thread.saved_sp0;
13075 current->thread.sysenter_cs = __KERNEL_CS;
13076 load_sp0(tss, ¤t->thread);
13077 @@ -208,6 +209,13 @@ int sys_vm86old(struct pt_regs *regs)
13078 struct task_struct *tsk;
13079 int tmp, ret = -EPERM;
13081 +#ifdef CONFIG_GRKERNSEC_VM86
13082 + if (!capable(CAP_SYS_RAWIO)) {
13083 + gr_handle_vm86();
13089 if (tsk->thread.saved_sp0)
13091 @@ -238,6 +246,14 @@ int sys_vm86(struct pt_regs *regs)
13093 struct vm86plus_struct __user *v86;
13095 +#ifdef CONFIG_GRKERNSEC_VM86
13096 + if (!capable(CAP_SYS_RAWIO)) {
13097 + gr_handle_vm86();
13104 switch (regs->bx) {
13105 case VM86_REQUEST_IRQ:
13106 @@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm
13107 tsk->thread.saved_fs = info->regs32->fs;
13108 tsk->thread.saved_gs = get_user_gs(info->regs32);
13110 - tss = &per_cpu(init_tss, get_cpu());
13111 + tss = init_tss + get_cpu();
13112 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
13114 tsk->thread.sysenter_cs = 0;
13115 @@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_re
13116 goto cannot_handle;
13117 if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
13118 goto cannot_handle;
13119 - intr_ptr = (unsigned long __user *) (i << 2);
13120 + intr_ptr = (__force unsigned long __user *) (i << 2);
13121 if (get_user(segoffs, intr_ptr))
13122 goto cannot_handle;
13123 if ((segoffs >> 16) == BIOSSEG)
13124 diff -urNp linux-2.6.32.1/arch/x86/kernel/vmi_32.c linux-2.6.32.1/arch/x86/kernel/vmi_32.c
13125 --- linux-2.6.32.1/arch/x86/kernel/vmi_32.c 2009-12-02 22:51:21.000000000 -0500
13126 +++ linux-2.6.32.1/arch/x86/kernel/vmi_32.c 2009-12-14 18:33:51.762711460 -0500
13127 @@ -44,12 +44,17 @@ typedef u32 __attribute__((regparm(1)))
13128 typedef u64 __attribute__((regparm(2))) (VROMLONGFUNC)(int);
13130 #define call_vrom_func(rom,func) \
13131 - (((VROMFUNC *)(rom->func))())
13132 + (((VROMFUNC *)(ktva_ktla(rom.func)))())
13134 #define call_vrom_long_func(rom,func,arg) \
13135 - (((VROMLONGFUNC *)(rom->func)) (arg))
13137 + u64 __reloc = ((VROMLONGFUNC *)(ktva_ktla(rom.func))) (arg);\
13138 + struct vmi_relocation_info *const __rel = (struct vmi_relocation_info *)&__reloc;\
13139 + __rel->eip = (unsigned char *)ktva_ktla((unsigned long)__rel->eip);\
13143 -static struct vrom_header *vmi_rom;
13144 +static struct vrom_header vmi_rom __attribute((__section__(".vmi.rom"), __aligned__(PAGE_SIZE)));
13145 static int disable_pge;
13146 static int disable_pse;
13147 static int disable_sep;
13148 @@ -76,10 +81,10 @@ static struct {
13149 void (*set_initial_ap_state)(int, int);
13150 void (*halt)(void);
13151 void (*set_lazy_mode)(int mode);
13153 +} vmi_ops __read_only;
13155 /* Cached VMI operations */
13156 -struct vmi_timer_ops vmi_timer_ops;
13157 +struct vmi_timer_ops vmi_timer_ops __read_only;
13160 * VMI patching routines.
13161 @@ -94,7 +99,7 @@ struct vmi_timer_ops vmi_timer_ops;
13162 static inline void patch_offset(void *insnbuf,
13163 unsigned long ip, unsigned long dest)
13165 - *(unsigned long *)(insnbuf+1) = dest-ip-5;
13166 + *(unsigned long *)(insnbuf+1) = dest-ip-5;
13169 static unsigned patch_internal(int call, unsigned len, void *insnbuf,
13170 @@ -102,6 +107,7 @@ static unsigned patch_internal(int call,
13173 struct vmi_relocation_info *const rel = (struct vmi_relocation_info *)&reloc;
13175 reloc = call_vrom_long_func(vmi_rom, get_reloc, call);
13176 switch(rel->type) {
13177 case VMI_RELOCATION_CALL_REL:
13178 @@ -404,13 +410,13 @@ static void vmi_set_pud(pud_t *pudp, pud
13180 static void vmi_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
13182 - const pte_t pte = { .pte = 0 };
13183 + const pte_t pte = __pte(0ULL);
13184 vmi_ops.set_pte(pte, ptep, vmi_flags_addr(mm, addr, VMI_PAGE_PT, 0));
13187 static void vmi_pmd_clear(pmd_t *pmd)
13189 - const pte_t pte = { .pte = 0 };
13190 + const pte_t pte = __pte(0ULL);
13191 vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD);
13194 @@ -438,8 +444,8 @@ vmi_startup_ipi_hook(int phys_apicid, un
13195 ap.ss = __KERNEL_DS;
13196 ap.esp = (unsigned long) start_esp;
13198 - ap.ds = __USER_DS;
13199 - ap.es = __USER_DS;
13200 + ap.ds = __KERNEL_DS;
13201 + ap.es = __KERNEL_DS;
13202 ap.fs = __KERNEL_PERCPU;
13203 ap.gs = __KERNEL_STACK_CANARY;
13205 @@ -486,6 +492,18 @@ static void vmi_leave_lazy_mmu(void)
13206 paravirt_leave_lazy_mmu();
13209 +#ifdef CONFIG_PAX_KERNEXEC
13210 +static unsigned long vmi_pax_open_kernel(void)
13215 +static unsigned long vmi_pax_close_kernel(void)
13221 static inline int __init check_vmi_rom(struct vrom_header *rom)
13223 struct pci_header *pci;
13224 @@ -498,6 +516,10 @@ static inline int __init check_vmi_rom(s
13226 if (rom->vrom_signature != VMI_SIGNATURE)
13228 + if (rom->rom_length * 512 > sizeof(*rom)) {
13229 + printk(KERN_WARNING "PAX: VMI: ROM size too big: %x\n", rom->rom_length * 512);
13232 if (rom->api_version_maj != VMI_API_REV_MAJOR ||
13233 rom->api_version_min+1 < VMI_API_REV_MINOR+1) {
13234 printk(KERN_WARNING "VMI: Found mismatched rom version %d.%d\n",
13235 @@ -562,7 +584,7 @@ static inline int __init probe_vmi_rom(v
13236 struct vrom_header *romstart;
13237 romstart = (struct vrom_header *)isa_bus_to_virt(base);
13238 if (check_vmi_rom(romstart)) {
13239 - vmi_rom = romstart;
13240 + vmi_rom = *romstart;
13244 @@ -836,6 +858,11 @@ static inline int __init activate_vmi(vo
13246 para_fill(pv_irq_ops.safe_halt, Halt);
13248 +#ifdef CONFIG_PAX_KERNEXEC
13249 + pv_mmu_ops.pax_open_kernel = vmi_pax_open_kernel;
13250 + pv_mmu_ops.pax_close_kernel = vmi_pax_close_kernel;
13254 * Alternative instruction rewriting doesn't happen soon enough
13255 * to convert VMI_IRET to a call instead of a jump; so we have
13256 @@ -853,16 +880,16 @@ static inline int __init activate_vmi(vo
13258 void __init vmi_init(void)
13261 + if (!vmi_rom.rom_signature)
13264 - check_vmi_rom(vmi_rom);
13265 + check_vmi_rom(&vmi_rom);
13267 /* In case probing for or validating the ROM failed, basil */
13269 + if (!vmi_rom.rom_signature)
13272 - reserve_top_address(-vmi_rom->virtual_top);
13273 + reserve_top_address(-vmi_rom.virtual_top);
13275 #ifdef CONFIG_X86_IO_APIC
13276 /* This is virtual hardware; timer routing is wired correctly */
13277 @@ -874,7 +901,7 @@ void __init vmi_activate(void)
13279 unsigned long flags;
13282 + if (!vmi_rom.rom_signature)
13285 local_irq_save(flags);
13286 diff -urNp linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S
13287 --- linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S 2009-12-02 22:51:21.000000000 -0500
13288 +++ linux-2.6.32.1/arch/x86/kernel/vmlinux.lds.S 2009-12-14 18:33:51.762711460 -0500
13290 #include <asm/page_types.h>
13291 #include <asm/cache.h>
13292 #include <asm/boot.h>
13293 +#include <asm/segment.h>
13297 +#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
13298 +#define PMD_SHIFT 21
13300 +#define PMD_SHIFT 22
13302 +#define PMD_SIZE (1 << PMD_SHIFT)
13304 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13305 +#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR)
13307 +#define __KERNEL_TEXT_OFFSET 0
13310 #undef i386 /* in case the preprocessor is a 32bit one */
13312 @@ -34,40 +50,49 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF
13313 #ifdef CONFIG_X86_32
13315 ENTRY(phys_startup_32)
13316 -jiffies = jiffies_64;
13318 OUTPUT_ARCH(i386:x86-64)
13319 ENTRY(phys_startup_64)
13320 -jiffies_64 = jiffies;
13323 +jiffies = jiffies_64;
13326 text PT_LOAD FLAGS(5); /* R_E */
13327 - data PT_LOAD FLAGS(7); /* RWE */
13328 + rodata PT_LOAD FLAGS(4); /* R__ */
13329 + module PT_LOAD FLAGS(5); /* R_E */
13330 + data PT_LOAD FLAGS(6); /* RW_ */
13331 #ifdef CONFIG_X86_64
13332 user PT_LOAD FLAGS(5); /* R_E */
13334 + init.begin PT_LOAD FLAGS(6); /* RW_ */
13336 percpu PT_LOAD FLAGS(6); /* RW_ */
13338 + text.init PT_LOAD FLAGS(5); /* R_E */
13339 + text.exit PT_LOAD FLAGS(5); /* R_E */
13340 init PT_LOAD FLAGS(7); /* RWE */
13342 note PT_NOTE FLAGS(0); /* ___ */
13347 #ifdef CONFIG_X86_32
13348 - . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
13349 - phys_startup_32 = startup_32 - LOAD_OFFSET;
13350 + . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
13352 - . = __START_KERNEL;
13353 - phys_startup_64 = startup_64 - LOAD_OFFSET;
13354 + . = __START_KERNEL;
13357 /* Text and read-only data */
13358 - .text : AT(ADDR(.text) - LOAD_OFFSET) {
13360 + .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
13361 /* bootstrapping code */
13362 +#ifdef CONFIG_X86_32
13363 + phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
13365 + phys_startup_64 = startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
13367 + __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
13370 #ifdef CONFIG_X86_32
13371 . = ALIGN(PAGE_SIZE);
13372 @@ -82,28 +107,64 @@ SECTIONS
13376 - /* End of text section */
13380 - NOTES :text :note
13381 + . += __KERNEL_TEXT_OFFSET;
13383 + . = ALIGN(PAGE_SIZE);
13384 + NOTES :rodata :note
13386 - EXCEPTION_TABLE(16) :text = 0x9090
13387 + EXCEPTION_TABLE(16) :rodata
13391 +#ifdef CONFIG_X86_32
13392 + . = ALIGN(PAGE_SIZE);
13393 + .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
13395 + . = ALIGN(PAGE_SIZE);
13396 + *(.empty_zero_page)
13397 + *(.swapper_pg_pmd)
13398 + *(.swapper_pg_dir)
13402 + . = ALIGN(PAGE_SIZE);
13403 + .vmi.rom : AT(ADDR(.vmi.rom) - LOAD_OFFSET) {
13407 + . = ALIGN(PAGE_SIZE);
13408 + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
13410 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
13411 + MODULES_EXEC_VADDR = .;
13413 + . += (8 * 1024 * 1024);
13414 + . = ALIGN(PMD_SIZE);
13415 + MODULES_EXEC_END = . - 1;
13418 + /* End of text section */
13419 + _etext = . - __KERNEL_TEXT_OFFSET;
13423 .data : AT(ADDR(.data) - LOAD_OFFSET) {
13425 +#ifdef CONFIG_PAX_KERNEXEC
13426 + . = ALIGN(PMD_SIZE);
13428 + . = ALIGN(PAGE_SIZE);
13431 /* Start of data section */
13435 INIT_TASK_DATA(THREAD_SIZE)
13437 -#ifdef CONFIG_X86_32
13438 - /* 32 bit has nosave before _edata */
13442 PAGE_ALIGNED_DATA(PAGE_SIZE)
13444 @@ -166,12 +227,6 @@ SECTIONS
13446 vgetcpu_mode = VVIRT(.vgetcpu_mode);
13448 - . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
13449 - .jiffies : AT(VLOAD(.jiffies)) {
13452 - jiffies = VVIRT(.jiffies);
13454 .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
13457 @@ -187,12 +242,19 @@ SECTIONS
13458 #endif /* CONFIG_X86_64 */
13460 /* Init code and data - will be freed after init */
13461 - . = ALIGN(PAGE_SIZE);
13462 .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) {
13465 +#ifdef CONFIG_PAX_KERNEXEC
13466 + . = ALIGN(PMD_SIZE);
13468 + . = ALIGN(PAGE_SIZE);
13471 __init_begin = .; /* paired with __init_end */
13475 -#if defined(CONFIG_X86_64) && defined(CONFIG_SMP)
13478 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
13479 * output PHDR, so the next output section - .init.text - should
13480 @@ -201,12 +263,25 @@ SECTIONS
13481 PERCPU_VADDR(0, :percpu)
13484 - INIT_TEXT_SECTION(PAGE_SIZE)
13485 -#ifdef CONFIG_X86_64
13488 + . = ALIGN(PAGE_SIZE);
13490 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
13491 + VMLINUX_SYMBOL(_sinittext) = .;
13493 + VMLINUX_SYMBOL(_einittext) = .;
13496 - INIT_DATA_SECTION(16)
13498 + * .exit.text is discard at runtime, not link time, to deal with
13499 + * references from .altinstructions and .eh_frame
13501 + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
13505 + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
13507 + INIT_DATA_SECTION(16) :init
13509 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
13510 __x86_cpu_dev_start = .;
13511 @@ -232,19 +307,11 @@ SECTIONS
13512 *(.altinstr_replacement)
13516 - * .exit.text is discard at runtime, not link time, to deal with
13517 - * references from .altinstructions and .eh_frame
13519 - .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
13523 .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) {
13527 -#if !defined(CONFIG_X86_64) || !defined(CONFIG_SMP)
13528 +#ifndef CONFIG_SMP
13532 @@ -267,12 +334,6 @@ SECTIONS
13533 . = ALIGN(PAGE_SIZE);
13536 -#ifdef CONFIG_X86_64
13537 - .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
13543 . = ALIGN(PAGE_SIZE);
13544 .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
13545 @@ -288,6 +349,7 @@ SECTIONS
13547 . += 64 * 1024; /* 64k alignment slop space */
13548 *(.brk_reservation) /* areas brk users have reserved */
13549 + . = ALIGN(PMD_SIZE);
13553 @@ -316,13 +378,12 @@ SECTIONS
13554 * for the boot processor.
13556 #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load
13557 -INIT_PER_CPU(gdt_page);
13558 INIT_PER_CPU(irq_stack_union);
13561 * Build-time check on the image size:
13563 -. = ASSERT((_end - _text <= KERNEL_IMAGE_SIZE),
13564 +. = ASSERT((_end - _text - __KERNEL_TEXT_OFFSET <= KERNEL_IMAGE_SIZE),
13565 "kernel image bigger than KERNEL_IMAGE_SIZE");
13568 diff -urNp linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c
13569 --- linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c 2009-12-02 22:51:21.000000000 -0500
13570 +++ linux-2.6.32.1/arch/x86/kernel/vsyscall_64.c 2009-12-14 18:33:51.763712039 -0500
13571 @@ -79,6 +79,7 @@ void update_vsyscall(struct timespec *wa
13573 write_seqlock_irqsave(&vsyscall_gtod_data.lock, flags);
13574 /* copy vsyscall data */
13575 + strlcpy(vsyscall_gtod_data.clock.name, clock->name, sizeof vsyscall_gtod_data.clock.name);
13576 vsyscall_gtod_data.clock.vread = clock->vread;
13577 vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
13578 vsyscall_gtod_data.clock.mask = clock->mask;
13579 @@ -202,7 +203,7 @@ vgetcpu(unsigned *cpu, unsigned *node, s
13580 We do this here because otherwise user space would do it on
13581 its own in a likely inferior way (no access to jiffies).
13582 If you don't like it pass NULL. */
13583 - if (tcache && tcache->blob[0] == (j = __jiffies)) {
13584 + if (tcache && tcache->blob[0] == (j = jiffies)) {
13585 p = tcache->blob[1];
13586 } else if (__vgetcpu_mode == VGETCPU_RDTSCP) {
13587 /* Load per CPU data from RDTSCP */
13588 @@ -233,13 +234,13 @@ static ctl_table kernel_table2[] = {
13589 .data = &vsyscall_gtod_data.sysctl_enabled, .maxlen = sizeof(int),
13591 .proc_handler = proc_dointvec },
13593 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
13596 static ctl_table kernel_root_table2[] = {
13597 { .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555,
13598 .child = kernel_table2 },
13600 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
13604 diff -urNp linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c
13605 --- linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c 2009-12-02 22:51:21.000000000 -0500
13606 +++ linux-2.6.32.1/arch/x86/kernel/x8664_ksyms_64.c 2009-12-14 18:33:51.763712039 -0500
13607 @@ -30,8 +30,6 @@ EXPORT_SYMBOL(__put_user_8);
13609 EXPORT_SYMBOL(copy_user_generic);
13610 EXPORT_SYMBOL(__copy_user_nocache);
13611 -EXPORT_SYMBOL(copy_from_user);
13612 -EXPORT_SYMBOL(copy_to_user);
13613 EXPORT_SYMBOL(__copy_from_user_inatomic);
13615 EXPORT_SYMBOL(copy_page);
13616 diff -urNp linux-2.6.32.1/arch/x86/kernel/xsave.c linux-2.6.32.1/arch/x86/kernel/xsave.c
13617 --- linux-2.6.32.1/arch/x86/kernel/xsave.c 2009-12-02 22:51:21.000000000 -0500
13618 +++ linux-2.6.32.1/arch/x86/kernel/xsave.c 2009-12-14 18:33:51.763712039 -0500
13619 @@ -54,7 +54,7 @@ int check_for_xstate(struct i387_fxsave_
13620 fx_sw_user->xstate_size > fx_sw_user->extended_size)
13623 - err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
13624 + err = __get_user(magic2, (__u32 __user *) (((void __user *)fpstate) +
13625 fx_sw_user->extended_size -
13626 FP_XSTATE_MAGIC2_SIZE));
13628 @@ -196,7 +196,7 @@ fx_only:
13629 * the other extended state.
13631 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
13632 - return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
13633 + return fxrstor_checking((struct i387_fxsave_struct __user *)buf);
13637 @@ -228,7 +228,7 @@ int restore_i387_xstate(void __user *buf
13638 if (task_thread_info(tsk)->status & TS_XSAVE)
13639 err = restore_user_xstate(buf);
13641 - err = fxrstor_checking((__force struct i387_fxsave_struct *)
13642 + err = fxrstor_checking((struct i387_fxsave_struct __user *)
13644 if (unlikely(err)) {
13646 diff -urNp linux-2.6.32.1/arch/x86/kvm/emulate.c linux-2.6.32.1/arch/x86/kvm/emulate.c
13647 --- linux-2.6.32.1/arch/x86/kvm/emulate.c 2009-12-02 22:51:21.000000000 -0500
13648 +++ linux-2.6.32.1/arch/x86/kvm/emulate.c 2009-12-14 18:33:51.764710507 -0500
13649 @@ -389,6 +389,7 @@ static u32 group2_table[] = {
13651 #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix) \
13653 + unsigned long _tmp; \
13654 __asm__ __volatile__ ( \
13655 _PRE_EFLAGS("0", "4", "2") \
13656 _op _suffix " %"_x"3,%1; " \
13657 @@ -402,8 +403,6 @@ static u32 group2_table[] = {
13658 /* Raw emulation: instruction has two explicit operands. */
13659 #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
13661 - unsigned long _tmp; \
13663 switch ((_dst).bytes) { \
13665 ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w"); \
13666 @@ -419,7 +418,6 @@ static u32 group2_table[] = {
13668 #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
13670 - unsigned long _tmp; \
13671 switch ((_dst).bytes) { \
13673 ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b"); \
13674 diff -urNp linux-2.6.32.1/arch/x86/kvm/svm.c linux-2.6.32.1/arch/x86/kvm/svm.c
13675 --- linux-2.6.32.1/arch/x86/kvm/svm.c 2009-12-02 22:51:21.000000000 -0500
13676 +++ linux-2.6.32.1/arch/x86/kvm/svm.c 2009-12-14 18:33:51.764710507 -0500
13677 @@ -2389,9 +2389,12 @@ static int handle_exit(struct kvm_run *k
13678 static void reload_tss(struct kvm_vcpu *vcpu)
13680 int cpu = raw_smp_processor_id();
13682 struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);
13684 + pax_open_kernel();
13685 svm_data->tss_desc->type = 9; /* available 32/64-bit TSS */
13686 + pax_close_kernel();
13691 @@ -2839,7 +2842,7 @@ static bool svm_gb_page_enable(void)
13695 -static struct kvm_x86_ops svm_x86_ops = {
13696 +static const struct kvm_x86_ops svm_x86_ops = {
13697 .cpu_has_kvm_support = has_svm,
13698 .disabled_by_bios = is_disabled,
13699 .hardware_setup = svm_hardware_setup,
13700 diff -urNp linux-2.6.32.1/arch/x86/kvm/vmx.c linux-2.6.32.1/arch/x86/kvm/vmx.c
13701 --- linux-2.6.32.1/arch/x86/kvm/vmx.c 2009-12-02 22:51:21.000000000 -0500
13702 +++ linux-2.6.32.1/arch/x86/kvm/vmx.c 2009-12-14 18:33:51.765712280 -0500
13703 @@ -566,7 +566,11 @@ static void reload_tss(void)
13706 descs = (void *)gdt.base;
13708 + pax_open_kernel();
13709 descs[GDT_ENTRY_TSS].type = 9; /* available TSS */
13710 + pax_close_kernel();
13715 @@ -1388,8 +1392,11 @@ static __init int hardware_setup(void)
13716 if (!cpu_has_vmx_flexpriority())
13717 flexpriority_enabled = 0;
13719 - if (!cpu_has_vmx_tpr_shadow())
13720 - kvm_x86_ops->update_cr8_intercept = NULL;
13721 + if (!cpu_has_vmx_tpr_shadow()) {
13722 + pax_open_kernel();
13723 + *(void **)&kvm_x86_ops->update_cr8_intercept = NULL;
13724 + pax_close_kernel();
13727 if (enable_ept && !cpu_has_vmx_ept_2m_page())
13728 kvm_disable_largepages();
13729 @@ -2339,7 +2346,7 @@ static int vmx_vcpu_setup(struct vcpu_vm
13730 vmcs_writel(HOST_IDTR_BASE, dt.base); /* 22.2.4 */
13732 asm("mov $.Lkvm_vmx_return, %0" : "=r"(kvm_vmx_return));
13733 - vmcs_writel(HOST_RIP, kvm_vmx_return); /* 22.2.5 */
13734 + vmcs_writel(HOST_RIP, ktla_ktva(kvm_vmx_return)); /* 22.2.5 */
13735 vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
13736 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
13737 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
13738 @@ -3682,6 +3689,12 @@ static void vmx_vcpu_run(struct kvm_vcpu
13739 "jmp .Lkvm_vmx_return \n\t"
13740 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
13741 ".Lkvm_vmx_return: "
13743 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13744 + "ljmp %[cs],$.Lkvm_vmx_return2\n\t"
13745 + ".Lkvm_vmx_return2: "
13748 /* Save guest registers, load host registers, keep flags */
13749 "xchg %0, (%%"R"sp) \n\t"
13750 "mov %%"R"ax, %c[rax](%0) \n\t"
13751 @@ -3728,6 +3741,11 @@ static void vmx_vcpu_run(struct kvm_vcpu
13752 [r15]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])),
13754 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2))
13756 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13757 + ,[cs]"i"(__KERNEL_CS)
13761 , R"bx", R"di", R"si"
13762 #ifdef CONFIG_X86_64
13763 @@ -3746,7 +3764,7 @@ static void vmx_vcpu_run(struct kvm_vcpu
13764 if (vmx->rmode.irq.pending)
13765 fixup_rmode_irq(vmx);
13767 - asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS));
13768 + asm("mov %0, %%ds; mov %0, %%es" : : "r"(__KERNEL_DS));
13771 vmx_complete_interrupts(vmx);
13772 @@ -3921,7 +3939,7 @@ static bool vmx_gb_page_enable(void)
13776 -static struct kvm_x86_ops vmx_x86_ops = {
13777 +static const struct kvm_x86_ops vmx_x86_ops = {
13778 .cpu_has_kvm_support = cpu_has_kvm_support,
13779 .disabled_by_bios = vmx_disabled_by_bios,
13780 .hardware_setup = hardware_setup,
13781 diff -urNp linux-2.6.32.1/arch/x86/kvm/x86.c linux-2.6.32.1/arch/x86/kvm/x86.c
13782 --- linux-2.6.32.1/arch/x86/kvm/x86.c 2009-12-02 22:51:21.000000000 -0500
13783 +++ linux-2.6.32.1/arch/x86/kvm/x86.c 2009-12-14 18:33:51.819714318 -0500
13784 @@ -81,45 +81,45 @@ static void update_cr8_intercept(struct
13785 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
13786 struct kvm_cpuid_entry2 __user *entries);
13788 -struct kvm_x86_ops *kvm_x86_ops;
13789 +const struct kvm_x86_ops *kvm_x86_ops;
13790 EXPORT_SYMBOL_GPL(kvm_x86_ops);
13792 int ignore_msrs = 0;
13793 module_param_named(ignore_msrs, ignore_msrs, bool, S_IRUGO | S_IWUSR);
13795 struct kvm_stats_debugfs_item debugfs_entries[] = {
13796 - { "pf_fixed", VCPU_STAT(pf_fixed) },
13797 - { "pf_guest", VCPU_STAT(pf_guest) },
13798 - { "tlb_flush", VCPU_STAT(tlb_flush) },
13799 - { "invlpg", VCPU_STAT(invlpg) },
13800 - { "exits", VCPU_STAT(exits) },
13801 - { "io_exits", VCPU_STAT(io_exits) },
13802 - { "mmio_exits", VCPU_STAT(mmio_exits) },
13803 - { "signal_exits", VCPU_STAT(signal_exits) },
13804 - { "irq_window", VCPU_STAT(irq_window_exits) },
13805 - { "nmi_window", VCPU_STAT(nmi_window_exits) },
13806 - { "halt_exits", VCPU_STAT(halt_exits) },
13807 - { "halt_wakeup", VCPU_STAT(halt_wakeup) },
13808 - { "hypercalls", VCPU_STAT(hypercalls) },
13809 - { "request_irq", VCPU_STAT(request_irq_exits) },
13810 - { "irq_exits", VCPU_STAT(irq_exits) },
13811 - { "host_state_reload", VCPU_STAT(host_state_reload) },
13812 - { "efer_reload", VCPU_STAT(efer_reload) },
13813 - { "fpu_reload", VCPU_STAT(fpu_reload) },
13814 - { "insn_emulation", VCPU_STAT(insn_emulation) },
13815 - { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
13816 - { "irq_injections", VCPU_STAT(irq_injections) },
13817 - { "nmi_injections", VCPU_STAT(nmi_injections) },
13818 - { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
13819 - { "mmu_pte_write", VM_STAT(mmu_pte_write) },
13820 - { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
13821 - { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
13822 - { "mmu_flooded", VM_STAT(mmu_flooded) },
13823 - { "mmu_recycled", VM_STAT(mmu_recycled) },
13824 - { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
13825 - { "mmu_unsync", VM_STAT(mmu_unsync) },
13826 - { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
13827 - { "largepages", VM_STAT(lpages) },
13828 + { "pf_fixed", VCPU_STAT(pf_fixed), NULL },
13829 + { "pf_guest", VCPU_STAT(pf_guest), NULL },
13830 + { "tlb_flush", VCPU_STAT(tlb_flush), NULL },
13831 + { "invlpg", VCPU_STAT(invlpg), NULL },
13832 + { "exits", VCPU_STAT(exits), NULL },
13833 + { "io_exits", VCPU_STAT(io_exits), NULL },
13834 + { "mmio_exits", VCPU_STAT(mmio_exits), NULL },
13835 + { "signal_exits", VCPU_STAT(signal_exits), NULL },
13836 + { "irq_window", VCPU_STAT(irq_window_exits), NULL },
13837 + { "nmi_window", VCPU_STAT(nmi_window_exits), NULL },
13838 + { "halt_exits", VCPU_STAT(halt_exits), NULL },
13839 + { "halt_wakeup", VCPU_STAT(halt_wakeup), NULL },
13840 + { "hypercalls", VCPU_STAT(hypercalls), NULL },
13841 + { "request_irq", VCPU_STAT(request_irq_exits), NULL },
13842 + { "irq_exits", VCPU_STAT(irq_exits), NULL },
13843 + { "host_state_reload", VCPU_STAT(host_state_reload), NULL },
13844 + { "efer_reload", VCPU_STAT(efer_reload), NULL },
13845 + { "fpu_reload", VCPU_STAT(fpu_reload), NULL },
13846 + { "insn_emulation", VCPU_STAT(insn_emulation), NULL },
13847 + { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail), NULL },
13848 + { "irq_injections", VCPU_STAT(irq_injections), NULL },
13849 + { "nmi_injections", VCPU_STAT(nmi_injections), NULL },
13850 + { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped), NULL },
13851 + { "mmu_pte_write", VM_STAT(mmu_pte_write), NULL },
13852 + { "mmu_pte_updated", VM_STAT(mmu_pte_updated), NULL },
13853 + { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped), NULL },
13854 + { "mmu_flooded", VM_STAT(mmu_flooded), NULL },
13855 + { "mmu_recycled", VM_STAT(mmu_recycled), NULL },
13856 + { "mmu_cache_miss", VM_STAT(mmu_cache_miss), NULL },
13857 + { "mmu_unsync", VM_STAT(mmu_unsync), NULL },
13858 + { "remote_tlb_flush", VM_STAT(remote_tlb_flush), NULL },
13859 + { "largepages", VM_STAT(lpages), NULL },
13863 @@ -1654,7 +1654,7 @@ static int kvm_vcpu_ioctl_set_lapic(stru
13864 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
13865 struct kvm_interrupt *irq)
13867 - if (irq->irq < 0 || irq->irq >= 256)
13868 + if (irq->irq >= 256)
13870 if (irqchip_in_kernel(vcpu->kvm))
13872 @@ -3127,10 +3127,10 @@ static struct notifier_block kvmclock_cp
13873 .notifier_call = kvmclock_cpufreq_notifier
13876 -int kvm_arch_init(void *opaque)
13877 +int kvm_arch_init(const void *opaque)
13880 - struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
13881 + const struct kvm_x86_ops *ops = (const struct kvm_x86_ops *)opaque;
13884 printk(KERN_ERR "kvm: already loaded the other module\n");
13885 diff -urNp linux-2.6.32.1/arch/x86/lib/checksum_32.S linux-2.6.32.1/arch/x86/lib/checksum_32.S
13886 --- linux-2.6.32.1/arch/x86/lib/checksum_32.S 2009-12-02 22:51:21.000000000 -0500
13887 +++ linux-2.6.32.1/arch/x86/lib/checksum_32.S 2009-12-14 18:33:51.829715057 -0500
13889 #include <linux/linkage.h>
13890 #include <asm/dwarf2.h>
13891 #include <asm/errno.h>
13893 +#include <asm/segment.h>
13896 * computes a partial checksum, e.g. for TCP/UDP fragments
13898 @@ -304,9 +305,22 @@ unsigned int csum_partial_copy_generic (
13903 -ENTRY(csum_partial_copy_generic)
13905 +ENTRY(csum_partial_copy_generic_to_user)
13907 + pushl $(__USER_DS)
13908 + CFI_ADJUST_CFA_OFFSET 4
13910 + CFI_ADJUST_CFA_OFFSET -4
13911 + jmp csum_partial_copy_generic
13913 +ENTRY(csum_partial_copy_generic_from_user)
13914 + pushl $(__USER_DS)
13915 + CFI_ADJUST_CFA_OFFSET 4
13917 + CFI_ADJUST_CFA_OFFSET -4
13919 +ENTRY(csum_partial_copy_generic)
13921 CFI_ADJUST_CFA_OFFSET 4
13923 @@ -331,7 +345,7 @@ ENTRY(csum_partial_copy_generic)
13925 SRC(1: movw (%esi), %bx )
13927 -DST( movw %bx, (%edi) )
13928 +DST( movw %bx, %es:(%edi) )
13932 @@ -343,30 +357,30 @@ DST( movw %bx, (%edi) )
13933 SRC(1: movl (%esi), %ebx )
13934 SRC( movl 4(%esi), %edx )
13936 -DST( movl %ebx, (%edi) )
13937 +DST( movl %ebx, %es:(%edi) )
13939 -DST( movl %edx, 4(%edi) )
13940 +DST( movl %edx, %es:4(%edi) )
13942 SRC( movl 8(%esi), %ebx )
13943 SRC( movl 12(%esi), %edx )
13945 -DST( movl %ebx, 8(%edi) )
13946 +DST( movl %ebx, %es:8(%edi) )
13948 -DST( movl %edx, 12(%edi) )
13949 +DST( movl %edx, %es:12(%edi) )
13951 SRC( movl 16(%esi), %ebx )
13952 SRC( movl 20(%esi), %edx )
13954 -DST( movl %ebx, 16(%edi) )
13955 +DST( movl %ebx, %es:16(%edi) )
13957 -DST( movl %edx, 20(%edi) )
13958 +DST( movl %edx, %es:20(%edi) )
13960 SRC( movl 24(%esi), %ebx )
13961 SRC( movl 28(%esi), %edx )
13963 -DST( movl %ebx, 24(%edi) )
13964 +DST( movl %ebx, %es:24(%edi) )
13966 -DST( movl %edx, 28(%edi) )
13967 +DST( movl %edx, %es:28(%edi) )
13971 @@ -380,7 +394,7 @@ DST( movl %edx, 28(%edi) )
13972 shrl $2, %edx # This clears CF
13973 SRC(3: movl (%esi), %ebx )
13975 -DST( movl %ebx, (%edi) )
13976 +DST( movl %ebx, %es:(%edi) )
13980 @@ -392,12 +406,12 @@ DST( movl %ebx, (%edi) )
13982 SRC( movw (%esi), %cx )
13984 -DST( movw %cx, (%edi) )
13985 +DST( movw %cx, %es:(%edi) )
13989 SRC(5: movb (%esi), %cl )
13990 -DST( movb %cl, (%edi) )
13991 +DST( movb %cl, %es:(%edi) )
13995 @@ -408,7 +422,7 @@ DST( movb %cl, (%edi) )
13998 movl ARGBASE+20(%esp), %ebx # src_err_ptr
13999 - movl $-EFAULT, (%ebx)
14000 + movl $-EFAULT, %ss:(%ebx)
14002 # zero the complete destination - computing the rest
14004 @@ -421,11 +435,19 @@ DST( movb %cl, (%edi) )
14007 movl ARGBASE+24(%esp), %ebx # dst_err_ptr
14008 - movl $-EFAULT,(%ebx)
14009 + movl $-EFAULT,%ss:(%ebx)
14015 + CFI_ADJUST_CFA_OFFSET 4
14017 + CFI_ADJUST_CFA_OFFSET -4
14019 + CFI_ADJUST_CFA_OFFSET 4
14021 + CFI_ADJUST_CFA_OFFSET -4
14023 CFI_ADJUST_CFA_OFFSET -4
14025 @@ -439,26 +461,41 @@ DST( movb %cl, (%edi) )
14026 CFI_ADJUST_CFA_OFFSET -4
14029 -ENDPROC(csum_partial_copy_generic)
14030 +ENDPROC(csum_partial_copy_generic_to_user)
14034 /* Version for PentiumII/PPro */
14036 #define ROUND1(x) \
14038 SRC(movl x(%esi), %ebx ) ; \
14039 addl %ebx, %eax ; \
14040 - DST(movl %ebx, x(%edi) ) ;
14041 + DST(movl %ebx, %es:x(%edi)) ;
14045 SRC(movl x(%esi), %ebx ) ; \
14046 adcl %ebx, %eax ; \
14047 - DST(movl %ebx, x(%edi) ) ;
14048 + DST(movl %ebx, %es:x(%edi)) ;
14052 -ENTRY(csum_partial_copy_generic)
14054 +ENTRY(csum_partial_copy_generic_to_user)
14056 + pushl $(__USER_DS)
14057 + CFI_ADJUST_CFA_OFFSET 4
14059 + CFI_ADJUST_CFA_OFFSET -4
14060 + jmp csum_partial_copy_generic
14062 +ENTRY(csum_partial_copy_generic_from_user)
14063 + pushl $(__USER_DS)
14064 + CFI_ADJUST_CFA_OFFSET 4
14066 + CFI_ADJUST_CFA_OFFSET -4
14068 +ENTRY(csum_partial_copy_generic)
14070 CFI_ADJUST_CFA_OFFSET 4
14071 CFI_REL_OFFSET ebx, 0
14072 @@ -482,7 +519,7 @@ ENTRY(csum_partial_copy_generic)
14076 - lea 3f(%ebx,%ebx), %ebx
14077 + lea 3f(%ebx,%ebx,2), %ebx
14081 @@ -503,19 +540,19 @@ ENTRY(csum_partial_copy_generic)
14083 SRC( movw (%esi), %dx )
14085 -DST( movw %dx, (%edi) )
14086 +DST( movw %dx, %es:(%edi) )
14091 SRC( movb (%esi), %dl )
14092 -DST( movb %dl, (%edi) )
14093 +DST( movb %dl, %es:(%edi) )
14097 .section .fixup, "ax"
14098 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr
14099 - movl $-EFAULT, (%ebx)
14100 + movl $-EFAULT, %ss:(%ebx)
14101 # zero the complete destination (computing the rest is too much work)
14102 movl ARGBASE+8(%esp),%edi # dst
14103 movl ARGBASE+12(%esp),%ecx # len
14104 @@ -523,10 +560,18 @@ DST( movb %dl, (%edi) )
14107 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr
14108 - movl $-EFAULT, (%ebx)
14109 + movl $-EFAULT, %ss:(%ebx)
14114 + CFI_ADJUST_CFA_OFFSET 4
14116 + CFI_ADJUST_CFA_OFFSET -4
14118 + CFI_ADJUST_CFA_OFFSET 4
14120 + CFI_ADJUST_CFA_OFFSET -4
14122 CFI_ADJUST_CFA_OFFSET -4
14124 @@ -538,7 +583,7 @@ DST( movb %dl, (%edi) )
14128 -ENDPROC(csum_partial_copy_generic)
14129 +ENDPROC(csum_partial_copy_generic_to_user)
14133 diff -urNp linux-2.6.32.1/arch/x86/lib/clear_page_64.S linux-2.6.32.1/arch/x86/lib/clear_page_64.S
14134 --- linux-2.6.32.1/arch/x86/lib/clear_page_64.S 2009-12-02 22:51:21.000000000 -0500
14135 +++ linux-2.6.32.1/arch/x86/lib/clear_page_64.S 2009-12-14 18:33:51.829715057 -0500
14136 @@ -43,7 +43,7 @@ ENDPROC(clear_page)
14138 #include <asm/cpufeature.h>
14140 - .section .altinstr_replacement,"ax"
14141 + .section .altinstr_replacement,"a"
14142 1: .byte 0xeb /* jmp <disp8> */
14143 .byte (clear_page_c - clear_page) - (2f - 1b) /* offset */
14145 diff -urNp linux-2.6.32.1/arch/x86/lib/copy_page_64.S linux-2.6.32.1/arch/x86/lib/copy_page_64.S
14146 --- linux-2.6.32.1/arch/x86/lib/copy_page_64.S 2009-12-02 22:51:21.000000000 -0500
14147 +++ linux-2.6.32.1/arch/x86/lib/copy_page_64.S 2009-12-14 18:33:51.832709314 -0500
14148 @@ -104,7 +104,7 @@ ENDPROC(copy_page)
14150 #include <asm/cpufeature.h>
14152 - .section .altinstr_replacement,"ax"
14153 + .section .altinstr_replacement,"a"
14154 1: .byte 0xeb /* jmp <disp8> */
14155 .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */
14157 diff -urNp linux-2.6.32.1/arch/x86/lib/copy_user_64.S linux-2.6.32.1/arch/x86/lib/copy_user_64.S
14158 --- linux-2.6.32.1/arch/x86/lib/copy_user_64.S 2009-12-02 22:51:21.000000000 -0500
14159 +++ linux-2.6.32.1/arch/x86/lib/copy_user_64.S 2009-12-14 18:33:51.832709314 -0500
14161 .byte 0xe9 /* 32bit jump */
14162 .long \orig-1f /* by default jump to orig */
14164 - .section .altinstr_replacement,"ax"
14165 + .section .altinstr_replacement,"a"
14166 2: .byte 0xe9 /* near jump with 32bit immediate */
14167 .long \alt-1b /* offset */ /* or alternatively to alt */
14173 -/* Standard copy_to_user with segment limit checking */
14174 -ENTRY(copy_to_user)
14176 - GET_THREAD_INFO(%rax)
14180 - cmpq TI_addr_limit(%rax),%rcx
14182 - ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
14184 -ENDPROC(copy_to_user)
14186 -/* Standard copy_from_user with segment limit checking */
14187 -ENTRY(copy_from_user)
14189 - GET_THREAD_INFO(%rax)
14193 - cmpq TI_addr_limit(%rax),%rcx
14194 - jae bad_from_user
14195 - ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
14197 -ENDPROC(copy_from_user)
14199 ENTRY(copy_user_generic)
14201 ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
14202 @@ -107,6 +81,8 @@ ENDPROC(__copy_from_user_inatomic)
14203 ENTRY(bad_from_user)
14211 diff -urNp linux-2.6.32.1/arch/x86/lib/getuser.S linux-2.6.32.1/arch/x86/lib/getuser.S
14212 --- linux-2.6.32.1/arch/x86/lib/getuser.S 2009-12-02 22:51:21.000000000 -0500
14213 +++ linux-2.6.32.1/arch/x86/lib/getuser.S 2009-12-14 18:33:51.832709314 -0500
14215 #include <asm/asm-offsets.h>
14216 #include <asm/thread_info.h>
14217 #include <asm/asm.h>
14218 +#include <asm/segment.h>
14221 ENTRY(__get_user_1)
14222 @@ -40,7 +41,19 @@ ENTRY(__get_user_1)
14223 GET_THREAD_INFO(%_ASM_DX)
14224 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
14227 +#ifdef CONFIG_X86_32
14228 + pushl $(__USER_DS)
14232 1: movzb (%_ASM_AX),%edx
14234 +#ifdef CONFIG_X86_32
14242 @@ -53,7 +66,19 @@ ENTRY(__get_user_2)
14243 GET_THREAD_INFO(%_ASM_DX)
14244 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
14247 +#ifdef CONFIG_X86_32
14248 + pushl $(__USER_DS)
14252 2: movzwl -1(%_ASM_AX),%edx
14254 +#ifdef CONFIG_X86_32
14262 @@ -66,7 +91,19 @@ ENTRY(__get_user_4)
14263 GET_THREAD_INFO(%_ASM_DX)
14264 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
14267 +#ifdef CONFIG_X86_32
14268 + pushl $(__USER_DS)
14272 3: mov -3(%_ASM_AX),%edx
14274 +#ifdef CONFIG_X86_32
14282 @@ -89,6 +126,12 @@ ENDPROC(__get_user_8)
14287 +#ifdef CONFIG_X86_32
14293 mov $(-EFAULT),%_ASM_AX
14295 diff -urNp linux-2.6.32.1/arch/x86/lib/memcpy_64.S linux-2.6.32.1/arch/x86/lib/memcpy_64.S
14296 --- linux-2.6.32.1/arch/x86/lib/memcpy_64.S 2009-12-02 22:51:21.000000000 -0500
14297 +++ linux-2.6.32.1/arch/x86/lib/memcpy_64.S 2009-12-14 18:33:51.833719440 -0500
14298 @@ -128,7 +128,7 @@ ENDPROC(__memcpy)
14299 * It is also a lot simpler. Use this when possible:
14302 - .section .altinstr_replacement, "ax"
14303 + .section .altinstr_replacement, "a"
14304 1: .byte 0xeb /* jmp <disp8> */
14305 .byte (memcpy_c - memcpy) - (2f - 1b) /* offset */
14307 diff -urNp linux-2.6.32.1/arch/x86/lib/memset_64.S linux-2.6.32.1/arch/x86/lib/memset_64.S
14308 --- linux-2.6.32.1/arch/x86/lib/memset_64.S 2009-12-02 22:51:21.000000000 -0500
14309 +++ linux-2.6.32.1/arch/x86/lib/memset_64.S 2009-12-14 18:33:51.833719440 -0500
14310 @@ -118,7 +118,7 @@ ENDPROC(__memset)
14312 #include <asm/cpufeature.h>
14314 - .section .altinstr_replacement,"ax"
14315 + .section .altinstr_replacement,"a"
14316 1: .byte 0xeb /* jmp <disp8> */
14317 .byte (memset_c - memset) - (2f - 1b) /* offset */
14319 diff -urNp linux-2.6.32.1/arch/x86/lib/mmx_32.c linux-2.6.32.1/arch/x86/lib/mmx_32.c
14320 --- linux-2.6.32.1/arch/x86/lib/mmx_32.c 2009-12-02 22:51:21.000000000 -0500
14321 +++ linux-2.6.32.1/arch/x86/lib/mmx_32.c 2009-12-14 18:33:51.837714253 -0500
14322 @@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void *
14326 + unsigned long cr0;
14328 if (unlikely(in_interrupt()))
14329 return __memcpy(to, from, len);
14330 @@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void *
14331 kernel_fpu_begin();
14333 __asm__ __volatile__ (
14334 - "1: prefetch (%0)\n" /* This set is 28 bytes */
14335 - " prefetch 64(%0)\n"
14336 - " prefetch 128(%0)\n"
14337 - " prefetch 192(%0)\n"
14338 - " prefetch 256(%0)\n"
14339 + "1: prefetch (%1)\n" /* This set is 28 bytes */
14340 + " prefetch 64(%1)\n"
14341 + " prefetch 128(%1)\n"
14342 + " prefetch 192(%1)\n"
14343 + " prefetch 256(%1)\n"
14345 ".section .fixup, \"ax\"\n"
14346 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14349 +#ifdef CONFIG_PAX_KERNEXEC
14350 + " movl %%cr0, %0\n"
14351 + " movl %0, %%eax\n"
14352 + " andl $0xFFFEFFFF, %%eax\n"
14353 + " movl %%eax, %%cr0\n"
14356 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14358 +#ifdef CONFIG_PAX_KERNEXEC
14359 + " movl %0, %%cr0\n"
14364 _ASM_EXTABLE(1b, 3b)
14366 + : "=&r" (cr0) : "r" (from) : "ax");
14368 for ( ; i > 5; i--) {
14369 __asm__ __volatile__ (
14370 - "1: prefetch 320(%0)\n"
14371 - "2: movq (%0), %%mm0\n"
14372 - " movq 8(%0), %%mm1\n"
14373 - " movq 16(%0), %%mm2\n"
14374 - " movq 24(%0), %%mm3\n"
14375 - " movq %%mm0, (%1)\n"
14376 - " movq %%mm1, 8(%1)\n"
14377 - " movq %%mm2, 16(%1)\n"
14378 - " movq %%mm3, 24(%1)\n"
14379 - " movq 32(%0), %%mm0\n"
14380 - " movq 40(%0), %%mm1\n"
14381 - " movq 48(%0), %%mm2\n"
14382 - " movq 56(%0), %%mm3\n"
14383 - " movq %%mm0, 32(%1)\n"
14384 - " movq %%mm1, 40(%1)\n"
14385 - " movq %%mm2, 48(%1)\n"
14386 - " movq %%mm3, 56(%1)\n"
14387 + "1: prefetch 320(%1)\n"
14388 + "2: movq (%1), %%mm0\n"
14389 + " movq 8(%1), %%mm1\n"
14390 + " movq 16(%1), %%mm2\n"
14391 + " movq 24(%1), %%mm3\n"
14392 + " movq %%mm0, (%2)\n"
14393 + " movq %%mm1, 8(%2)\n"
14394 + " movq %%mm2, 16(%2)\n"
14395 + " movq %%mm3, 24(%2)\n"
14396 + " movq 32(%1), %%mm0\n"
14397 + " movq 40(%1), %%mm1\n"
14398 + " movq 48(%1), %%mm2\n"
14399 + " movq 56(%1), %%mm3\n"
14400 + " movq %%mm0, 32(%2)\n"
14401 + " movq %%mm1, 40(%2)\n"
14402 + " movq %%mm2, 48(%2)\n"
14403 + " movq %%mm3, 56(%2)\n"
14404 ".section .fixup, \"ax\"\n"
14405 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14408 +#ifdef CONFIG_PAX_KERNEXEC
14409 + " movl %%cr0, %0\n"
14410 + " movl %0, %%eax\n"
14411 + " andl $0xFFFEFFFF, %%eax\n"
14412 + " movl %%eax, %%cr0\n"
14415 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14417 +#ifdef CONFIG_PAX_KERNEXEC
14418 + " movl %0, %%cr0\n"
14423 _ASM_EXTABLE(1b, 3b)
14424 - : : "r" (from), "r" (to) : "memory");
14425 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14429 @@ -158,6 +187,7 @@ static void fast_clear_page(void *page)
14430 static void fast_copy_page(void *to, void *from)
14433 + unsigned long cr0;
14435 kernel_fpu_begin();
14437 @@ -166,42 +196,70 @@ static void fast_copy_page(void *to, voi
14438 * but that is for later. -AV
14440 __asm__ __volatile__(
14441 - "1: prefetch (%0)\n"
14442 - " prefetch 64(%0)\n"
14443 - " prefetch 128(%0)\n"
14444 - " prefetch 192(%0)\n"
14445 - " prefetch 256(%0)\n"
14446 + "1: prefetch (%1)\n"
14447 + " prefetch 64(%1)\n"
14448 + " prefetch 128(%1)\n"
14449 + " prefetch 192(%1)\n"
14450 + " prefetch 256(%1)\n"
14452 ".section .fixup, \"ax\"\n"
14453 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14456 +#ifdef CONFIG_PAX_KERNEXEC
14457 + " movl %%cr0, %0\n"
14458 + " movl %0, %%eax\n"
14459 + " andl $0xFFFEFFFF, %%eax\n"
14460 + " movl %%eax, %%cr0\n"
14463 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14465 +#ifdef CONFIG_PAX_KERNEXEC
14466 + " movl %0, %%cr0\n"
14471 - _ASM_EXTABLE(1b, 3b) : : "r" (from));
14472 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
14474 for (i = 0; i < (4096-320)/64; i++) {
14475 __asm__ __volatile__ (
14476 - "1: prefetch 320(%0)\n"
14477 - "2: movq (%0), %%mm0\n"
14478 - " movntq %%mm0, (%1)\n"
14479 - " movq 8(%0), %%mm1\n"
14480 - " movntq %%mm1, 8(%1)\n"
14481 - " movq 16(%0), %%mm2\n"
14482 - " movntq %%mm2, 16(%1)\n"
14483 - " movq 24(%0), %%mm3\n"
14484 - " movntq %%mm3, 24(%1)\n"
14485 - " movq 32(%0), %%mm4\n"
14486 - " movntq %%mm4, 32(%1)\n"
14487 - " movq 40(%0), %%mm5\n"
14488 - " movntq %%mm5, 40(%1)\n"
14489 - " movq 48(%0), %%mm6\n"
14490 - " movntq %%mm6, 48(%1)\n"
14491 - " movq 56(%0), %%mm7\n"
14492 - " movntq %%mm7, 56(%1)\n"
14493 + "1: prefetch 320(%1)\n"
14494 + "2: movq (%1), %%mm0\n"
14495 + " movntq %%mm0, (%2)\n"
14496 + " movq 8(%1), %%mm1\n"
14497 + " movntq %%mm1, 8(%2)\n"
14498 + " movq 16(%1), %%mm2\n"
14499 + " movntq %%mm2, 16(%2)\n"
14500 + " movq 24(%1), %%mm3\n"
14501 + " movntq %%mm3, 24(%2)\n"
14502 + " movq 32(%1), %%mm4\n"
14503 + " movntq %%mm4, 32(%2)\n"
14504 + " movq 40(%1), %%mm5\n"
14505 + " movntq %%mm5, 40(%2)\n"
14506 + " movq 48(%1), %%mm6\n"
14507 + " movntq %%mm6, 48(%2)\n"
14508 + " movq 56(%1), %%mm7\n"
14509 + " movntq %%mm7, 56(%2)\n"
14510 ".section .fixup, \"ax\"\n"
14511 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14514 +#ifdef CONFIG_PAX_KERNEXEC
14515 + " movl %%cr0, %0\n"
14516 + " movl %0, %%eax\n"
14517 + " andl $0xFFFEFFFF, %%eax\n"
14518 + " movl %%eax, %%cr0\n"
14521 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14523 +#ifdef CONFIG_PAX_KERNEXEC
14524 + " movl %0, %%cr0\n"
14529 - _ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory");
14530 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14534 @@ -280,47 +338,76 @@ static void fast_clear_page(void *page)
14535 static void fast_copy_page(void *to, void *from)
14538 + unsigned long cr0;
14540 kernel_fpu_begin();
14542 __asm__ __volatile__ (
14543 - "1: prefetch (%0)\n"
14544 - " prefetch 64(%0)\n"
14545 - " prefetch 128(%0)\n"
14546 - " prefetch 192(%0)\n"
14547 - " prefetch 256(%0)\n"
14548 + "1: prefetch (%1)\n"
14549 + " prefetch 64(%1)\n"
14550 + " prefetch 128(%1)\n"
14551 + " prefetch 192(%1)\n"
14552 + " prefetch 256(%1)\n"
14554 ".section .fixup, \"ax\"\n"
14555 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14558 +#ifdef CONFIG_PAX_KERNEXEC
14559 + " movl %%cr0, %0\n"
14560 + " movl %0, %%eax\n"
14561 + " andl $0xFFFEFFFF, %%eax\n"
14562 + " movl %%eax, %%cr0\n"
14565 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
14567 +#ifdef CONFIG_PAX_KERNEXEC
14568 + " movl %0, %%cr0\n"
14573 - _ASM_EXTABLE(1b, 3b) : : "r" (from));
14574 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
14576 for (i = 0; i < 4096/64; i++) {
14577 __asm__ __volatile__ (
14578 - "1: prefetch 320(%0)\n"
14579 - "2: movq (%0), %%mm0\n"
14580 - " movq 8(%0), %%mm1\n"
14581 - " movq 16(%0), %%mm2\n"
14582 - " movq 24(%0), %%mm3\n"
14583 - " movq %%mm0, (%1)\n"
14584 - " movq %%mm1, 8(%1)\n"
14585 - " movq %%mm2, 16(%1)\n"
14586 - " movq %%mm3, 24(%1)\n"
14587 - " movq 32(%0), %%mm0\n"
14588 - " movq 40(%0), %%mm1\n"
14589 - " movq 48(%0), %%mm2\n"
14590 - " movq 56(%0), %%mm3\n"
14591 - " movq %%mm0, 32(%1)\n"
14592 - " movq %%mm1, 40(%1)\n"
14593 - " movq %%mm2, 48(%1)\n"
14594 - " movq %%mm3, 56(%1)\n"
14595 + "1: prefetch 320(%1)\n"
14596 + "2: movq (%1), %%mm0\n"
14597 + " movq 8(%1), %%mm1\n"
14598 + " movq 16(%1), %%mm2\n"
14599 + " movq 24(%1), %%mm3\n"
14600 + " movq %%mm0, (%2)\n"
14601 + " movq %%mm1, 8(%2)\n"
14602 + " movq %%mm2, 16(%2)\n"
14603 + " movq %%mm3, 24(%2)\n"
14604 + " movq 32(%1), %%mm0\n"
14605 + " movq 40(%1), %%mm1\n"
14606 + " movq 48(%1), %%mm2\n"
14607 + " movq 56(%1), %%mm3\n"
14608 + " movq %%mm0, 32(%2)\n"
14609 + " movq %%mm1, 40(%2)\n"
14610 + " movq %%mm2, 48(%2)\n"
14611 + " movq %%mm3, 56(%2)\n"
14612 ".section .fixup, \"ax\"\n"
14613 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14616 +#ifdef CONFIG_PAX_KERNEXEC
14617 + " movl %%cr0, %0\n"
14618 + " movl %0, %%eax\n"
14619 + " andl $0xFFFEFFFF, %%eax\n"
14620 + " movl %%eax, %%cr0\n"
14623 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
14625 +#ifdef CONFIG_PAX_KERNEXEC
14626 + " movl %0, %%cr0\n"
14631 _ASM_EXTABLE(1b, 3b)
14632 - : : "r" (from), "r" (to) : "memory");
14633 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
14637 diff -urNp linux-2.6.32.1/arch/x86/lib/putuser.S linux-2.6.32.1/arch/x86/lib/putuser.S
14638 --- linux-2.6.32.1/arch/x86/lib/putuser.S 2009-12-02 22:51:21.000000000 -0500
14639 +++ linux-2.6.32.1/arch/x86/lib/putuser.S 2009-12-14 18:33:51.838703272 -0500
14641 #include <asm/thread_info.h>
14642 #include <asm/errno.h>
14643 #include <asm/asm.h>
14644 +#include <asm/segment.h>
14648 @@ -39,7 +40,19 @@ ENTRY(__put_user_1)
14650 cmp TI_addr_limit(%_ASM_BX),%_ASM_CX
14653 +#ifdef CONFIG_X86_32
14654 + pushl $(__USER_DS)
14658 1: movb %al,(%_ASM_CX)
14660 +#ifdef CONFIG_X86_32
14667 ENDPROC(__put_user_1)
14668 @@ -50,7 +63,19 @@ ENTRY(__put_user_2)
14670 cmp %_ASM_BX,%_ASM_CX
14673 +#ifdef CONFIG_X86_32
14674 + pushl $(__USER_DS)
14678 2: movw %ax,(%_ASM_CX)
14680 +#ifdef CONFIG_X86_32
14687 ENDPROC(__put_user_2)
14688 @@ -61,7 +86,19 @@ ENTRY(__put_user_4)
14690 cmp %_ASM_BX,%_ASM_CX
14693 +#ifdef CONFIG_X86_32
14694 + pushl $(__USER_DS)
14698 3: movl %eax,(%_ASM_CX)
14700 +#ifdef CONFIG_X86_32
14707 ENDPROC(__put_user_4)
14708 @@ -72,16 +109,34 @@ ENTRY(__put_user_8)
14710 cmp %_ASM_BX,%_ASM_CX
14713 +#ifdef CONFIG_X86_32
14714 + pushl $(__USER_DS)
14718 4: mov %_ASM_AX,(%_ASM_CX)
14719 #ifdef CONFIG_X86_32
14720 5: movl %edx,4(%_ASM_CX)
14723 +#ifdef CONFIG_X86_32
14730 ENDPROC(__put_user_8)
14735 +#ifdef CONFIG_X86_32
14743 diff -urNp linux-2.6.32.1/arch/x86/lib/usercopy_32.c linux-2.6.32.1/arch/x86/lib/usercopy_32.c
14744 --- linux-2.6.32.1/arch/x86/lib/usercopy_32.c 2009-12-02 22:51:21.000000000 -0500
14745 +++ linux-2.6.32.1/arch/x86/lib/usercopy_32.c 2009-12-14 18:33:51.839717995 -0500
14746 @@ -36,31 +36,38 @@ static inline int __movsl_is_ok(unsigned
14747 * Copy a null terminated string from userspace.
14750 -#define __do_strncpy_from_user(dst, src, count, res) \
14752 - int __d0, __d1, __d2; \
14754 - __asm__ __volatile__( \
14755 - " testl %1,%1\n" \
14759 - " testb %%al,%%al\n" \
14763 - "1: subl %1,%0\n" \
14765 - ".section .fixup,\"ax\"\n" \
14766 - "3: movl %5,%0\n" \
14769 - _ASM_EXTABLE(0b,3b) \
14770 - : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \
14772 - : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
14775 +static long __do_strncpy_from_user(char *dst, const char __user *src, long count)
14777 + int __d0, __d1, __d2;
14778 + long res = -EFAULT;
14781 + __asm__ __volatile__(
14782 + " movw %w10,%%ds\n"
14787 + " testb %%al,%%al\n"
14791 + "1: subl %1,%0\n"
14795 + ".section .fixup,\"ax\"\n"
14796 + "3: movl %5,%0\n"
14799 + _ASM_EXTABLE(0b,3b)
14800 + : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),
14802 + : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst),
14809 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
14810 @@ -85,9 +92,7 @@ do { \
14812 __strncpy_from_user(char *dst, const char __user *src, long count)
14815 - __do_strncpy_from_user(dst, src, count, res);
14817 + return __do_strncpy_from_user(dst, src, count);
14819 EXPORT_SYMBOL(__strncpy_from_user);
14821 @@ -114,7 +119,7 @@ strncpy_from_user(char *dst, const char
14823 long res = -EFAULT;
14824 if (access_ok(VERIFY_READ, src, 1))
14825 - __do_strncpy_from_user(dst, src, count, res);
14826 + res = __do_strncpy_from_user(dst, src, count);
14829 EXPORT_SYMBOL(strncpy_from_user);
14830 @@ -123,24 +128,30 @@ EXPORT_SYMBOL(strncpy_from_user);
14834 -#define __do_clear_user(addr,size) \
14838 - __asm__ __volatile__( \
14839 - "0: rep; stosl\n" \
14840 - " movl %2,%0\n" \
14841 - "1: rep; stosb\n" \
14843 - ".section .fixup,\"ax\"\n" \
14844 - "3: lea 0(%2,%0,4),%0\n" \
14847 - _ASM_EXTABLE(0b,3b) \
14848 - _ASM_EXTABLE(1b,2b) \
14849 - : "=&c"(size), "=&D" (__d0) \
14850 - : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \
14852 +static unsigned long __do_clear_user(void __user *addr, unsigned long size)
14857 + __asm__ __volatile__(
14858 + " movw %w6,%%es\n"
14859 + "0: rep; stosl\n"
14861 + "1: rep; stosb\n"
14865 + ".section .fixup,\"ax\"\n"
14866 + "3: lea 0(%2,%0,4),%0\n"
14869 + _ASM_EXTABLE(0b,3b)
14870 + _ASM_EXTABLE(1b,2b)
14871 + : "=&c"(size), "=&D" (__d0)
14872 + : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0),
14878 * clear_user: - Zero a block of memory in user space.
14879 @@ -157,7 +168,7 @@ clear_user(void __user *to, unsigned lon
14882 if (access_ok(VERIFY_WRITE, to, n))
14883 - __do_clear_user(to, n);
14884 + n = __do_clear_user(to, n);
14887 EXPORT_SYMBOL(clear_user);
14888 @@ -176,8 +187,7 @@ EXPORT_SYMBOL(clear_user);
14890 __clear_user(void __user *to, unsigned long n)
14892 - __do_clear_user(to, n);
14894 + return __do_clear_user(to, n);
14896 EXPORT_SYMBOL(__clear_user);
14898 @@ -200,14 +210,17 @@ long strnlen_user(const char __user *s,
14901 __asm__ __volatile__(
14902 + " movw %w8,%%es\n"
14905 - " andl %0,%%ecx\n"
14906 + " movl %0,%%ecx\n"
14907 "0: repne; scasb\n"
14914 ".section .fixup,\"ax\"\n"
14915 "2: xorl %%eax,%%eax\n"
14917 @@ -219,7 +232,7 @@ long strnlen_user(const char __user *s,
14920 :"=&r" (n), "=&D" (s), "=&a" (res), "=&c" (tmp)
14921 - :"0" (n), "1" (s), "2" (0), "3" (mask)
14922 + :"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS)
14926 @@ -227,10 +240,11 @@ EXPORT_SYMBOL(strnlen_user);
14928 #ifdef CONFIG_X86_INTEL_USERCOPY
14929 static unsigned long
14930 -__copy_user_intel(void __user *to, const void *from, unsigned long size)
14931 +__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size)
14934 __asm__ __volatile__(
14935 + " movw %w6, %%es\n"
14937 "1: movl 32(%4), %%eax\n"
14939 @@ -239,36 +253,36 @@ __copy_user_intel(void __user *to, const
14941 "3: movl 0(%4), %%eax\n"
14942 "4: movl 4(%4), %%edx\n"
14943 - "5: movl %%eax, 0(%3)\n"
14944 - "6: movl %%edx, 4(%3)\n"
14945 + "5: movl %%eax, %%es:0(%3)\n"
14946 + "6: movl %%edx, %%es:4(%3)\n"
14947 "7: movl 8(%4), %%eax\n"
14948 "8: movl 12(%4),%%edx\n"
14949 - "9: movl %%eax, 8(%3)\n"
14950 - "10: movl %%edx, 12(%3)\n"
14951 + "9: movl %%eax, %%es:8(%3)\n"
14952 + "10: movl %%edx, %%es:12(%3)\n"
14953 "11: movl 16(%4), %%eax\n"
14954 "12: movl 20(%4), %%edx\n"
14955 - "13: movl %%eax, 16(%3)\n"
14956 - "14: movl %%edx, 20(%3)\n"
14957 + "13: movl %%eax, %%es:16(%3)\n"
14958 + "14: movl %%edx, %%es:20(%3)\n"
14959 "15: movl 24(%4), %%eax\n"
14960 "16: movl 28(%4), %%edx\n"
14961 - "17: movl %%eax, 24(%3)\n"
14962 - "18: movl %%edx, 28(%3)\n"
14963 + "17: movl %%eax, %%es:24(%3)\n"
14964 + "18: movl %%edx, %%es:28(%3)\n"
14965 "19: movl 32(%4), %%eax\n"
14966 "20: movl 36(%4), %%edx\n"
14967 - "21: movl %%eax, 32(%3)\n"
14968 - "22: movl %%edx, 36(%3)\n"
14969 + "21: movl %%eax, %%es:32(%3)\n"
14970 + "22: movl %%edx, %%es:36(%3)\n"
14971 "23: movl 40(%4), %%eax\n"
14972 "24: movl 44(%4), %%edx\n"
14973 - "25: movl %%eax, 40(%3)\n"
14974 - "26: movl %%edx, 44(%3)\n"
14975 + "25: movl %%eax, %%es:40(%3)\n"
14976 + "26: movl %%edx, %%es:44(%3)\n"
14977 "27: movl 48(%4), %%eax\n"
14978 "28: movl 52(%4), %%edx\n"
14979 - "29: movl %%eax, 48(%3)\n"
14980 - "30: movl %%edx, 52(%3)\n"
14981 + "29: movl %%eax, %%es:48(%3)\n"
14982 + "30: movl %%edx, %%es:52(%3)\n"
14983 "31: movl 56(%4), %%eax\n"
14984 "32: movl 60(%4), %%edx\n"
14985 - "33: movl %%eax, 56(%3)\n"
14986 - "34: movl %%edx, 60(%3)\n"
14987 + "33: movl %%eax, %%es:56(%3)\n"
14988 + "34: movl %%edx, %%es:60(%3)\n"
14992 @@ -282,6 +296,8 @@ __copy_user_intel(void __user *to, const
14993 "36: movl %%eax, %0\n"
14998 ".section .fixup,\"ax\"\n"
14999 "101: lea 0(%%eax,%0,4),%0\n"
15001 @@ -328,7 +344,117 @@ __copy_user_intel(void __user *to, const
15002 " .long 99b,101b\n"
15004 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15005 - : "1"(to), "2"(from), "0"(size)
15006 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15007 + : "eax", "edx", "memory");
15011 +static unsigned long
15012 +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
15015 + __asm__ __volatile__(
15016 + " movw %w6, %%ds\n"
15017 + " .align 2,0x90\n"
15018 + "1: movl 32(%4), %%eax\n"
15019 + " cmpl $67, %0\n"
15021 + "2: movl 64(%4), %%eax\n"
15022 + " .align 2,0x90\n"
15023 + "3: movl 0(%4), %%eax\n"
15024 + "4: movl 4(%4), %%edx\n"
15025 + "5: movl %%eax, %%es:0(%3)\n"
15026 + "6: movl %%edx, %%es:4(%3)\n"
15027 + "7: movl 8(%4), %%eax\n"
15028 + "8: movl 12(%4),%%edx\n"
15029 + "9: movl %%eax, %%es:8(%3)\n"
15030 + "10: movl %%edx, %%es:12(%3)\n"
15031 + "11: movl 16(%4), %%eax\n"
15032 + "12: movl 20(%4), %%edx\n"
15033 + "13: movl %%eax, %%es:16(%3)\n"
15034 + "14: movl %%edx, %%es:20(%3)\n"
15035 + "15: movl 24(%4), %%eax\n"
15036 + "16: movl 28(%4), %%edx\n"
15037 + "17: movl %%eax, %%es:24(%3)\n"
15038 + "18: movl %%edx, %%es:28(%3)\n"
15039 + "19: movl 32(%4), %%eax\n"
15040 + "20: movl 36(%4), %%edx\n"
15041 + "21: movl %%eax, %%es:32(%3)\n"
15042 + "22: movl %%edx, %%es:36(%3)\n"
15043 + "23: movl 40(%4), %%eax\n"
15044 + "24: movl 44(%4), %%edx\n"
15045 + "25: movl %%eax, %%es:40(%3)\n"
15046 + "26: movl %%edx, %%es:44(%3)\n"
15047 + "27: movl 48(%4), %%eax\n"
15048 + "28: movl 52(%4), %%edx\n"
15049 + "29: movl %%eax, %%es:48(%3)\n"
15050 + "30: movl %%edx, %%es:52(%3)\n"
15051 + "31: movl 56(%4), %%eax\n"
15052 + "32: movl 60(%4), %%edx\n"
15053 + "33: movl %%eax, %%es:56(%3)\n"
15054 + "34: movl %%edx, %%es:60(%3)\n"
15055 + " addl $-64, %0\n"
15056 + " addl $64, %4\n"
15057 + " addl $64, %3\n"
15058 + " cmpl $63, %0\n"
15060 + "35: movl %0, %%eax\n"
15062 + " andl $3, %%eax\n"
15064 + "99: rep; movsl\n"
15065 + "36: movl %%eax, %0\n"
15066 + "37: rep; movsb\n"
15070 + ".section .fixup,\"ax\"\n"
15071 + "101: lea 0(%%eax,%0,4),%0\n"
15074 + ".section __ex_table,\"a\"\n"
15076 + " .long 1b,100b\n"
15077 + " .long 2b,100b\n"
15078 + " .long 3b,100b\n"
15079 + " .long 4b,100b\n"
15080 + " .long 5b,100b\n"
15081 + " .long 6b,100b\n"
15082 + " .long 7b,100b\n"
15083 + " .long 8b,100b\n"
15084 + " .long 9b,100b\n"
15085 + " .long 10b,100b\n"
15086 + " .long 11b,100b\n"
15087 + " .long 12b,100b\n"
15088 + " .long 13b,100b\n"
15089 + " .long 14b,100b\n"
15090 + " .long 15b,100b\n"
15091 + " .long 16b,100b\n"
15092 + " .long 17b,100b\n"
15093 + " .long 18b,100b\n"
15094 + " .long 19b,100b\n"
15095 + " .long 20b,100b\n"
15096 + " .long 21b,100b\n"
15097 + " .long 22b,100b\n"
15098 + " .long 23b,100b\n"
15099 + " .long 24b,100b\n"
15100 + " .long 25b,100b\n"
15101 + " .long 26b,100b\n"
15102 + " .long 27b,100b\n"
15103 + " .long 28b,100b\n"
15104 + " .long 29b,100b\n"
15105 + " .long 30b,100b\n"
15106 + " .long 31b,100b\n"
15107 + " .long 32b,100b\n"
15108 + " .long 33b,100b\n"
15109 + " .long 34b,100b\n"
15110 + " .long 35b,100b\n"
15111 + " .long 36b,100b\n"
15112 + " .long 37b,100b\n"
15113 + " .long 99b,101b\n"
15115 + : "=&c"(size), "=&D" (d0), "=&S" (d1)
15116 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15117 : "eax", "edx", "memory");
15120 @@ -338,6 +464,7 @@ __copy_user_zeroing_intel(void *to, cons
15123 __asm__ __volatile__(
15124 + " movw %w6, %%ds\n"
15126 "0: movl 32(%4), %%eax\n"
15128 @@ -346,36 +473,36 @@ __copy_user_zeroing_intel(void *to, cons
15130 "2: movl 0(%4), %%eax\n"
15131 "21: movl 4(%4), %%edx\n"
15132 - " movl %%eax, 0(%3)\n"
15133 - " movl %%edx, 4(%3)\n"
15134 + " movl %%eax, %%es:0(%3)\n"
15135 + " movl %%edx, %%es:4(%3)\n"
15136 "3: movl 8(%4), %%eax\n"
15137 "31: movl 12(%4),%%edx\n"
15138 - " movl %%eax, 8(%3)\n"
15139 - " movl %%edx, 12(%3)\n"
15140 + " movl %%eax, %%es:8(%3)\n"
15141 + " movl %%edx, %%es:12(%3)\n"
15142 "4: movl 16(%4), %%eax\n"
15143 "41: movl 20(%4), %%edx\n"
15144 - " movl %%eax, 16(%3)\n"
15145 - " movl %%edx, 20(%3)\n"
15146 + " movl %%eax, %%es:16(%3)\n"
15147 + " movl %%edx, %%es:20(%3)\n"
15148 "10: movl 24(%4), %%eax\n"
15149 "51: movl 28(%4), %%edx\n"
15150 - " movl %%eax, 24(%3)\n"
15151 - " movl %%edx, 28(%3)\n"
15152 + " movl %%eax, %%es:24(%3)\n"
15153 + " movl %%edx, %%es:28(%3)\n"
15154 "11: movl 32(%4), %%eax\n"
15155 "61: movl 36(%4), %%edx\n"
15156 - " movl %%eax, 32(%3)\n"
15157 - " movl %%edx, 36(%3)\n"
15158 + " movl %%eax, %%es:32(%3)\n"
15159 + " movl %%edx, %%es:36(%3)\n"
15160 "12: movl 40(%4), %%eax\n"
15161 "71: movl 44(%4), %%edx\n"
15162 - " movl %%eax, 40(%3)\n"
15163 - " movl %%edx, 44(%3)\n"
15164 + " movl %%eax, %%es:40(%3)\n"
15165 + " movl %%edx, %%es:44(%3)\n"
15166 "13: movl 48(%4), %%eax\n"
15167 "81: movl 52(%4), %%edx\n"
15168 - " movl %%eax, 48(%3)\n"
15169 - " movl %%edx, 52(%3)\n"
15170 + " movl %%eax, %%es:48(%3)\n"
15171 + " movl %%edx, %%es:52(%3)\n"
15172 "14: movl 56(%4), %%eax\n"
15173 "91: movl 60(%4), %%edx\n"
15174 - " movl %%eax, 56(%3)\n"
15175 - " movl %%edx, 60(%3)\n"
15176 + " movl %%eax, %%es:56(%3)\n"
15177 + " movl %%edx, %%es:60(%3)\n"
15181 @@ -389,6 +516,8 @@ __copy_user_zeroing_intel(void *to, cons
15187 ".section .fixup,\"ax\"\n"
15188 "9: lea 0(%%eax,%0,4),%0\n"
15190 @@ -423,7 +552,7 @@ __copy_user_zeroing_intel(void *to, cons
15193 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15194 - : "1"(to), "2"(from), "0"(size)
15195 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15196 : "eax", "edx", "memory");
15199 @@ -439,6 +568,7 @@ static unsigned long __copy_user_zeroing
15202 __asm__ __volatile__(
15203 + " movw %w6, %%ds\n"
15205 "0: movl 32(%4), %%eax\n"
15207 @@ -447,36 +577,36 @@ static unsigned long __copy_user_zeroing
15209 "2: movl 0(%4), %%eax\n"
15210 "21: movl 4(%4), %%edx\n"
15211 - " movnti %%eax, 0(%3)\n"
15212 - " movnti %%edx, 4(%3)\n"
15213 + " movnti %%eax, %%es:0(%3)\n"
15214 + " movnti %%edx, %%es:4(%3)\n"
15215 "3: movl 8(%4), %%eax\n"
15216 "31: movl 12(%4),%%edx\n"
15217 - " movnti %%eax, 8(%3)\n"
15218 - " movnti %%edx, 12(%3)\n"
15219 + " movnti %%eax, %%es:8(%3)\n"
15220 + " movnti %%edx, %%es:12(%3)\n"
15221 "4: movl 16(%4), %%eax\n"
15222 "41: movl 20(%4), %%edx\n"
15223 - " movnti %%eax, 16(%3)\n"
15224 - " movnti %%edx, 20(%3)\n"
15225 + " movnti %%eax, %%es:16(%3)\n"
15226 + " movnti %%edx, %%es:20(%3)\n"
15227 "10: movl 24(%4), %%eax\n"
15228 "51: movl 28(%4), %%edx\n"
15229 - " movnti %%eax, 24(%3)\n"
15230 - " movnti %%edx, 28(%3)\n"
15231 + " movnti %%eax, %%es:24(%3)\n"
15232 + " movnti %%edx, %%es:28(%3)\n"
15233 "11: movl 32(%4), %%eax\n"
15234 "61: movl 36(%4), %%edx\n"
15235 - " movnti %%eax, 32(%3)\n"
15236 - " movnti %%edx, 36(%3)\n"
15237 + " movnti %%eax, %%es:32(%3)\n"
15238 + " movnti %%edx, %%es:36(%3)\n"
15239 "12: movl 40(%4), %%eax\n"
15240 "71: movl 44(%4), %%edx\n"
15241 - " movnti %%eax, 40(%3)\n"
15242 - " movnti %%edx, 44(%3)\n"
15243 + " movnti %%eax, %%es:40(%3)\n"
15244 + " movnti %%edx, %%es:44(%3)\n"
15245 "13: movl 48(%4), %%eax\n"
15246 "81: movl 52(%4), %%edx\n"
15247 - " movnti %%eax, 48(%3)\n"
15248 - " movnti %%edx, 52(%3)\n"
15249 + " movnti %%eax, %%es:48(%3)\n"
15250 + " movnti %%edx, %%es:52(%3)\n"
15251 "14: movl 56(%4), %%eax\n"
15252 "91: movl 60(%4), %%edx\n"
15253 - " movnti %%eax, 56(%3)\n"
15254 - " movnti %%edx, 60(%3)\n"
15255 + " movnti %%eax, %%es:56(%3)\n"
15256 + " movnti %%edx, %%es:60(%3)\n"
15260 @@ -491,6 +621,8 @@ static unsigned long __copy_user_zeroing
15266 ".section .fixup,\"ax\"\n"
15267 "9: lea 0(%%eax,%0,4),%0\n"
15269 @@ -525,7 +657,7 @@ static unsigned long __copy_user_zeroing
15272 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15273 - : "1"(to), "2"(from), "0"(size)
15274 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15275 : "eax", "edx", "memory");
15278 @@ -536,6 +668,7 @@ static unsigned long __copy_user_intel_n
15281 __asm__ __volatile__(
15282 + " movw %w6, %%ds\n"
15284 "0: movl 32(%4), %%eax\n"
15286 @@ -544,36 +677,36 @@ static unsigned long __copy_user_intel_n
15288 "2: movl 0(%4), %%eax\n"
15289 "21: movl 4(%4), %%edx\n"
15290 - " movnti %%eax, 0(%3)\n"
15291 - " movnti %%edx, 4(%3)\n"
15292 + " movnti %%eax, %%es:0(%3)\n"
15293 + " movnti %%edx, %%es:4(%3)\n"
15294 "3: movl 8(%4), %%eax\n"
15295 "31: movl 12(%4),%%edx\n"
15296 - " movnti %%eax, 8(%3)\n"
15297 - " movnti %%edx, 12(%3)\n"
15298 + " movnti %%eax, %%es:8(%3)\n"
15299 + " movnti %%edx, %%es:12(%3)\n"
15300 "4: movl 16(%4), %%eax\n"
15301 "41: movl 20(%4), %%edx\n"
15302 - " movnti %%eax, 16(%3)\n"
15303 - " movnti %%edx, 20(%3)\n"
15304 + " movnti %%eax, %%es:16(%3)\n"
15305 + " movnti %%edx, %%es:20(%3)\n"
15306 "10: movl 24(%4), %%eax\n"
15307 "51: movl 28(%4), %%edx\n"
15308 - " movnti %%eax, 24(%3)\n"
15309 - " movnti %%edx, 28(%3)\n"
15310 + " movnti %%eax, %%es:24(%3)\n"
15311 + " movnti %%edx, %%es:28(%3)\n"
15312 "11: movl 32(%4), %%eax\n"
15313 "61: movl 36(%4), %%edx\n"
15314 - " movnti %%eax, 32(%3)\n"
15315 - " movnti %%edx, 36(%3)\n"
15316 + " movnti %%eax, %%es:32(%3)\n"
15317 + " movnti %%edx, %%es:36(%3)\n"
15318 "12: movl 40(%4), %%eax\n"
15319 "71: movl 44(%4), %%edx\n"
15320 - " movnti %%eax, 40(%3)\n"
15321 - " movnti %%edx, 44(%3)\n"
15322 + " movnti %%eax, %%es:40(%3)\n"
15323 + " movnti %%edx, %%es:44(%3)\n"
15324 "13: movl 48(%4), %%eax\n"
15325 "81: movl 52(%4), %%edx\n"
15326 - " movnti %%eax, 48(%3)\n"
15327 - " movnti %%edx, 52(%3)\n"
15328 + " movnti %%eax, %%es:48(%3)\n"
15329 + " movnti %%edx, %%es:52(%3)\n"
15330 "14: movl 56(%4), %%eax\n"
15331 "91: movl 60(%4), %%edx\n"
15332 - " movnti %%eax, 56(%3)\n"
15333 - " movnti %%edx, 60(%3)\n"
15334 + " movnti %%eax, %%es:56(%3)\n"
15335 + " movnti %%edx, %%es:60(%3)\n"
15339 @@ -588,6 +721,8 @@ static unsigned long __copy_user_intel_n
15345 ".section .fixup,\"ax\"\n"
15346 "9: lea 0(%%eax,%0,4),%0\n"
15348 @@ -616,7 +751,7 @@ static unsigned long __copy_user_intel_n
15351 : "=&c"(size), "=&D" (d0), "=&S" (d1)
15352 - : "1"(to), "2"(from), "0"(size)
15353 + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
15354 : "eax", "edx", "memory");
15357 @@ -629,90 +764,146 @@ static unsigned long __copy_user_intel_n
15359 unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
15360 unsigned long size);
15361 -unsigned long __copy_user_intel(void __user *to, const void *from,
15362 +unsigned long __generic_copy_to_user_intel(void __user *to, const void *from,
15363 + unsigned long size);
15364 +unsigned long __generic_copy_from_user_intel(void *to, const void __user *from,
15365 unsigned long size);
15366 unsigned long __copy_user_zeroing_intel_nocache(void *to,
15367 const void __user *from, unsigned long size);
15368 #endif /* CONFIG_X86_INTEL_USERCOPY */
15370 /* Generic arbitrary sized copy. */
15371 -#define __copy_user(to, from, size) \
15373 - int __d0, __d1, __d2; \
15374 - __asm__ __volatile__( \
15377 - " movl %1,%0\n" \
15379 - " andl $7,%0\n" \
15380 - " subl %0,%3\n" \
15381 - "4: rep; movsb\n" \
15382 - " movl %3,%0\n" \
15383 - " shrl $2,%0\n" \
15384 - " andl $3,%3\n" \
15385 - " .align 2,0x90\n" \
15386 - "0: rep; movsl\n" \
15387 - " movl %3,%0\n" \
15388 - "1: rep; movsb\n" \
15390 - ".section .fixup,\"ax\"\n" \
15391 - "5: addl %3,%0\n" \
15393 - "3: lea 0(%3,%0,4),%0\n" \
15396 - ".section __ex_table,\"a\"\n" \
15398 - " .long 4b,5b\n" \
15399 - " .long 0b,3b\n" \
15400 - " .long 1b,2b\n" \
15402 - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
15403 - : "3"(size), "0"(size), "1"(to), "2"(from) \
15407 -#define __copy_user_zeroing(to, from, size) \
15409 - int __d0, __d1, __d2; \
15410 - __asm__ __volatile__( \
15413 - " movl %1,%0\n" \
15415 - " andl $7,%0\n" \
15416 - " subl %0,%3\n" \
15417 - "4: rep; movsb\n" \
15418 - " movl %3,%0\n" \
15419 - " shrl $2,%0\n" \
15420 - " andl $3,%3\n" \
15421 - " .align 2,0x90\n" \
15422 - "0: rep; movsl\n" \
15423 - " movl %3,%0\n" \
15424 - "1: rep; movsb\n" \
15426 - ".section .fixup,\"ax\"\n" \
15427 - "5: addl %3,%0\n" \
15429 - "3: lea 0(%3,%0,4),%0\n" \
15430 - "6: pushl %0\n" \
15431 - " pushl %%eax\n" \
15432 - " xorl %%eax,%%eax\n" \
15433 - " rep; stosb\n" \
15434 - " popl %%eax\n" \
15438 - ".section __ex_table,\"a\"\n" \
15440 - " .long 4b,5b\n" \
15441 - " .long 0b,3b\n" \
15442 - " .long 1b,6b\n" \
15444 - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
15445 - : "3"(size), "0"(size), "1"(to), "2"(from) \
15448 +static unsigned long
15449 +__generic_copy_to_user(void __user *to, const void *from, unsigned long size)
15451 + int __d0, __d1, __d2;
15453 + __asm__ __volatile__(
15454 + " movw %w8,%%es\n"
15461 + "4: rep; movsb\n"
15465 + " .align 2,0x90\n"
15466 + "0: rep; movsl\n"
15468 + "1: rep; movsb\n"
15472 + ".section .fixup,\"ax\"\n"
15473 + "5: addl %3,%0\n"
15475 + "3: lea 0(%3,%0,4),%0\n"
15478 + ".section __ex_table,\"a\"\n"
15484 + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15485 + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15490 +static unsigned long
15491 +__generic_copy_from_user(void *to, const void __user *from, unsigned long size)
15493 + int __d0, __d1, __d2;
15495 + __asm__ __volatile__(
15496 + " movw %w8,%%ds\n"
15503 + "4: rep; movsb\n"
15507 + " .align 2,0x90\n"
15508 + "0: rep; movsl\n"
15510 + "1: rep; movsb\n"
15514 + ".section .fixup,\"ax\"\n"
15515 + "5: addl %3,%0\n"
15517 + "3: lea 0(%3,%0,4),%0\n"
15520 + ".section __ex_table,\"a\"\n"
15526 + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15527 + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15532 +static unsigned long
15533 +__copy_user_zeroing(void *to, const void __user *from, unsigned long size)
15535 + int __d0, __d1, __d2;
15537 + __asm__ __volatile__(
15538 + " movw %w8,%%ds\n"
15545 + "4: rep; movsb\n"
15549 + " .align 2,0x90\n"
15550 + "0: rep; movsl\n"
15552 + "1: rep; movsb\n"
15556 + ".section .fixup,\"ax\"\n"
15557 + "5: addl %3,%0\n"
15559 + "3: lea 0(%3,%0,4),%0\n"
15562 + " xorl %%eax,%%eax\n"
15568 + ".section __ex_table,\"a\"\n"
15574 + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
15575 + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
15580 unsigned long __copy_to_user_ll(void __user *to, const void *from,
15582 @@ -775,9 +966,9 @@ survive:
15585 if (movsl_is_ok(to, from, n))
15586 - __copy_user(to, from, n);
15587 + n = __generic_copy_to_user(to, from, n);
15589 - n = __copy_user_intel(to, from, n);
15590 + n = __generic_copy_to_user_intel(to, from, n);
15593 EXPORT_SYMBOL(__copy_to_user_ll);
15594 @@ -786,7 +977,7 @@ unsigned long __copy_from_user_ll(void *
15597 if (movsl_is_ok(to, from, n))
15598 - __copy_user_zeroing(to, from, n);
15599 + n = __copy_user_zeroing(to, from, n);
15601 n = __copy_user_zeroing_intel(to, from, n);
15603 @@ -797,10 +988,9 @@ unsigned long __copy_from_user_ll_nozero
15606 if (movsl_is_ok(to, from, n))
15607 - __copy_user(to, from, n);
15608 + n = __generic_copy_from_user(to, from, n);
15610 - n = __copy_user_intel((void __user *)to,
15611 - (const void *)from, n);
15612 + n = __generic_copy_from_user_intel(to, from, n);
15615 EXPORT_SYMBOL(__copy_from_user_ll_nozero);
15616 @@ -812,9 +1002,9 @@ unsigned long __copy_from_user_ll_nocach
15617 if (n > 64 && cpu_has_xmm2)
15618 n = __copy_user_zeroing_intel_nocache(to, from, n);
15620 - __copy_user_zeroing(to, from, n);
15621 + n = __copy_user_zeroing(to, from, n);
15623 - __copy_user_zeroing(to, from, n);
15624 + n = __copy_user_zeroing(to, from, n);
15628 @@ -827,59 +1017,40 @@ unsigned long __copy_from_user_ll_nocach
15629 if (n > 64 && cpu_has_xmm2)
15630 n = __copy_user_intel_nocache(to, from, n);
15632 - __copy_user(to, from, n);
15633 + n = __generic_copy_from_user(to, from, n);
15635 - __copy_user(to, from, n);
15636 + n = __generic_copy_from_user(to, from, n);
15640 EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
15643 - * copy_to_user: - Copy a block of data into user space.
15644 - * @to: Destination address, in user space.
15645 - * @from: Source address, in kernel space.
15646 - * @n: Number of bytes to copy.
15648 - * Context: User context only. This function may sleep.
15650 - * Copy data from kernel space to user space.
15652 - * Returns number of bytes that could not be copied.
15653 - * On success, this will be zero.
15656 -copy_to_user(void __user *to, const void *from, unsigned long n)
15657 +#ifdef CONFIG_PAX_MEMORY_UDEREF
15658 +void __set_fs(mm_segment_t x, int cpu)
15660 - if (access_ok(VERIFY_WRITE, to, n))
15661 - n = __copy_to_user(to, from, n);
15663 + unsigned long limit = x.seg;
15664 + struct desc_struct d;
15666 + current_thread_info()->addr_limit = x;
15667 + if (unlikely(paravirt_enabled()))
15670 + if (likely(limit))
15671 + limit = (limit - 1UL) >> PAGE_SHIFT;
15672 + pack_descriptor(&d, 0UL, limit, 0xF3, 0xC);
15673 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_DS, &d, DESCTYPE_S);
15675 -EXPORT_SYMBOL(copy_to_user);
15678 - * copy_from_user: - Copy a block of data from user space.
15679 - * @to: Destination address, in kernel space.
15680 - * @from: Source address, in user space.
15681 - * @n: Number of bytes to copy.
15683 - * Context: User context only. This function may sleep.
15685 - * Copy data from user space to kernel space.
15687 - * Returns number of bytes that could not be copied.
15688 - * On success, this will be zero.
15690 - * If some data could not be copied, this function will pad the copied
15691 - * data to the requested size using zero bytes.
15694 -copy_from_user(void *to, const void __user *from, unsigned long n)
15695 +void set_fs(mm_segment_t x)
15697 - if (access_ok(VERIFY_READ, from, n))
15698 - n = __copy_from_user(to, from, n);
15700 - memset(to, 0, n);
15702 + __set_fs(x, get_cpu());
15705 -EXPORT_SYMBOL(copy_from_user);
15707 +void set_fs(mm_segment_t x)
15709 + current_thread_info()->addr_limit = x;
15713 +EXPORT_SYMBOL(set_fs);
15714 diff -urNp linux-2.6.32.1/arch/x86/Makefile linux-2.6.32.1/arch/x86/Makefile
15715 --- linux-2.6.32.1/arch/x86/Makefile 2009-12-02 22:51:21.000000000 -0500
15716 +++ linux-2.6.32.1/arch/x86/Makefile 2009-12-14 18:33:51.839717995 -0500
15717 @@ -189,3 +189,12 @@ define archhelp
15718 echo ' FDARGS="..." arguments for the booted kernel'
15719 echo ' FDINITRD=file initrd for the booted kernel'
15724 +*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
15725 +*** Please upgrade your binutils to 2.18 or newer
15729 + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
15730 diff -urNp linux-2.6.32.1/arch/x86/mm/extable.c linux-2.6.32.1/arch/x86/mm/extable.c
15731 --- linux-2.6.32.1/arch/x86/mm/extable.c 2009-12-02 22:51:21.000000000 -0500
15732 +++ linux-2.6.32.1/arch/x86/mm/extable.c 2009-12-14 18:33:51.840719324 -0500
15734 #include <linux/module.h>
15735 #include <linux/spinlock.h>
15736 +#include <linux/sort.h>
15737 #include <asm/uaccess.h>
15738 +#include <asm/pgtable.h>
15741 + * The exception table needs to be sorted so that the binary
15742 + * search that we use to find entries in it works properly.
15743 + * This is used both for the kernel exception table and for
15744 + * the exception tables of modules that get loaded.
15746 +static int cmp_ex(const void *a, const void *b)
15748 + const struct exception_table_entry *x = a, *y = b;
15750 + /* avoid overflow */
15751 + if (x->insn > y->insn)
15753 + if (x->insn < y->insn)
15758 +static void swap_ex(void *a, void *b, int size)
15760 + struct exception_table_entry t, *x = a, *y = b;
15764 + pax_open_kernel();
15767 + pax_close_kernel();
15770 +void sort_extable(struct exception_table_entry *start,
15771 + struct exception_table_entry *finish)
15773 + sort(start, finish - start, sizeof(struct exception_table_entry),
15774 + cmp_ex, swap_ex);
15777 +#ifdef CONFIG_MODULES
15779 + * If the exception table is sorted, any referring to the module init
15780 + * will be at the beginning or the end.
15782 +void trim_init_extable(struct module *m)
15784 + /*trim the beginning*/
15785 + while (m->num_exentries && within_module_init(m->extable[0].insn, m)) {
15787 + m->num_exentries--;
15790 + while (m->num_exentries &&
15791 + within_module_init(m->extable[m->num_exentries-1].insn, m))
15792 + m->num_exentries--;
15794 +#endif /* CONFIG_MODULES */
15796 int fixup_exception(struct pt_regs *regs)
15798 const struct exception_table_entry *fixup;
15800 #ifdef CONFIG_PNPBIOS
15801 - if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
15802 + if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) {
15803 extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
15804 extern u32 pnp_bios_is_utter_crap;
15805 pnp_bios_is_utter_crap = 1;
15806 diff -urNp linux-2.6.32.1/arch/x86/mm/fault.c linux-2.6.32.1/arch/x86/mm/fault.c
15807 --- linux-2.6.32.1/arch/x86/mm/fault.c 2009-12-02 22:51:21.000000000 -0500
15808 +++ linux-2.6.32.1/arch/x86/mm/fault.c 2009-12-14 18:33:51.851713993 -0500
15809 @@ -11,10 +11,14 @@
15810 #include <linux/kprobes.h> /* __kprobes, ... */
15811 #include <linux/mmiotrace.h> /* kmmio_handler, ... */
15812 #include <linux/perf_event.h> /* perf_sw_event */
15813 +#include <linux/unistd.h>
15814 +#include <linux/compiler.h>
15816 #include <asm/traps.h> /* dotraplinkage, ... */
15817 #include <asm/pgalloc.h> /* pgd_*(), ... */
15818 #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */
15819 +#include <asm/vsyscall.h>
15820 +#include <asm/tlbflush.h>
15823 * Page fault error code bits:
15824 @@ -51,7 +55,7 @@ static inline int notify_page_fault(stru
15827 /* kprobe_running() needs smp_processor_id() */
15828 - if (kprobes_built_in() && !user_mode_vm(regs)) {
15829 + if (kprobes_built_in() && !user_mode(regs)) {
15831 if (kprobe_running() && kprobe_fault_handler(regs, 14))
15833 @@ -172,6 +176,30 @@ force_sig_info_fault(int si_signo, int s
15834 force_sig_info(si_signo, &info, tsk);
15837 +#ifdef CONFIG_PAX_EMUTRAMP
15838 +static int pax_handle_fetch_fault(struct pt_regs *regs);
15841 +#ifdef CONFIG_PAX_PAGEEXEC
15842 +static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address)
15848 + pgd = pgd_offset(mm, address);
15849 + if (!pgd_present(*pgd))
15851 + pud = pud_offset(pgd, address);
15852 + if (!pud_present(*pud))
15854 + pmd = pmd_offset(pud, address);
15855 + if (!pmd_present(*pmd))
15861 DEFINE_SPINLOCK(pgd_lock);
15862 LIST_HEAD(pgd_list);
15864 @@ -535,7 +563,7 @@ static int is_errata93(struct pt_regs *r
15865 static int is_errata100(struct pt_regs *regs, unsigned long address)
15867 #ifdef CONFIG_X86_64
15868 - if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32))
15869 + if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) && (address >> 32))
15873 @@ -562,7 +590,7 @@ static int is_f00f_bug(struct pt_regs *r
15876 static const char nx_warning[] = KERN_CRIT
15877 -"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n";
15878 +"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n";
15881 show_fault_oops(struct pt_regs *regs, unsigned long error_code,
15882 @@ -571,15 +599,26 @@ show_fault_oops(struct pt_regs *regs, un
15883 if (!oops_may_print())
15886 - if (error_code & PF_INSTR) {
15887 + if (nx_enabled && (error_code & PF_INSTR)) {
15888 unsigned int level;
15890 pte_t *pte = lookup_address(address, &level);
15892 if (pte && pte_present(*pte) && !pte_exec(*pte))
15893 - printk(nx_warning, current_uid());
15894 + printk(nx_warning, current_uid(), current->comm, task_pid_nr(current));
15897 +#ifdef CONFIG_PAX_KERNEXEC
15898 + if (init_mm.start_code <= address && address < init_mm.end_code) {
15899 + if (current->signal->curr_ip)
15900 + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
15901 + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
15903 + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
15904 + current->comm, task_pid_nr(current), current_uid(), current_euid());
15908 printk(KERN_ALERT "BUG: unable to handle kernel ");
15909 if (address < PAGE_SIZE)
15910 printk(KERN_CONT "NULL pointer dereference");
15911 @@ -704,6 +743,68 @@ __bad_area_nosemaphore(struct pt_regs *r
15912 unsigned long address, int si_code)
15914 struct task_struct *tsk = current;
15915 + struct mm_struct *mm = tsk->mm;
15917 +#ifdef CONFIG_X86_64
15918 + if (mm && (error_code & PF_INSTR)) {
15919 + if (regs->ip == (unsigned long)vgettimeofday) {
15920 + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_gettimeofday);
15922 + } else if (regs->ip == (unsigned long)vtime) {
15923 + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_time);
15925 + } else if (regs->ip == (unsigned long)vgetcpu) {
15926 + regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, getcpu);
15932 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
15933 + if (mm && (error_code & PF_USER)) {
15934 + unsigned long ip = regs->ip;
15936 + if (v8086_mode(regs))
15937 + ip = ((regs->cs & 0xffff) << 4) + (regs->ip & 0xffff);
15940 + * It's possible to have interrupts off here:
15942 + local_irq_enable();
15944 +#ifdef CONFIG_PAX_PAGEEXEC
15945 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) &&
15946 + ((nx_enabled && (error_code & PF_INSTR)) || (!(error_code & (PF_PROT | PF_WRITE)) && regs->ip == address))) {
15948 +#ifdef CONFIG_PAX_EMUTRAMP
15949 + switch (pax_handle_fetch_fault(regs)) {
15955 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15956 + do_group_exit(SIGKILL);
15960 +#ifdef CONFIG_PAX_SEGMEXEC
15961 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & (PF_PROT | PF_WRITE)) && (regs->ip + SEGMEXEC_TASK_SIZE == address)) {
15963 +#ifdef CONFIG_PAX_EMUTRAMP
15964 + switch (pax_handle_fetch_fault(regs)) {
15970 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
15971 + do_group_exit(SIGKILL);
15978 /* User mode accesses just cause a SIGSEGV */
15979 if (error_code & PF_USER) {
15980 @@ -848,6 +949,106 @@ static int spurious_fault_check(unsigned
15984 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
15985 +static int pax_handle_pageexec_fault(struct pt_regs *regs, struct mm_struct *mm, unsigned long address, unsigned long error_code)
15990 + unsigned char pte_mask;
15992 + if (nx_enabled || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) ||
15993 + !(mm->pax_flags & MF_PAX_PAGEEXEC))
15996 + /* PaX: it's our fault, let's handle it if we can */
15998 + /* PaX: take a look at read faults before acquiring any locks */
15999 + if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) {
16000 + /* instruction fetch attempt from a protected page in user mode */
16001 + up_read(&mm->mmap_sem);
16003 +#ifdef CONFIG_PAX_EMUTRAMP
16004 + switch (pax_handle_fetch_fault(regs)) {
16010 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
16011 + do_group_exit(SIGKILL);
16014 + pmd = pax_get_pmd(mm, address);
16015 + if (unlikely(!pmd))
16018 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
16019 + if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) {
16020 + pte_unmap_unlock(pte, ptl);
16024 + if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) {
16025 + /* write attempt to a protected page in user mode */
16026 + pte_unmap_unlock(pte, ptl);
16031 + if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
16033 + if (likely(address > get_limit(regs->cs)))
16036 + set_pte(pte, pte_mkread(*pte));
16037 + __flush_tlb_one(address);
16038 + pte_unmap_unlock(pte, ptl);
16039 + up_read(&mm->mmap_sem);
16043 + pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1));
16046 + * PaX: fill DTLB with user rights and retry
16048 + __asm__ __volatile__ (
16049 +#ifdef CONFIG_PAX_MEMORY_UDEREF
16050 + "movw %w4,%%es\n"
16053 +#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
16055 + * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
16056 + * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
16057 + * page fault when examined during a TLB load attempt. this is true not only
16058 + * for PTEs holding a non-present entry but also present entries that will
16059 + * raise a page fault (such as those set up by PaX, or the copy-on-write
16060 + * mechanism). in effect it means that we do *not* need to flush the TLBs
16061 + * for our target pages since their PTEs are simply not in the TLBs at all.
16063 + * the best thing in omitting it is that we gain around 15-20% speed in the
16064 + * fast path of the page fault handler and can get rid of tracing since we
16065 + * can no longer flush unintended entries.
16069 + "testb $0,%%es:(%0)\n"
16071 +#ifdef CONFIG_PAX_MEMORY_UDEREF
16076 + : "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS)
16077 + : "memory", "cc");
16078 + pte_unmap_unlock(pte, ptl);
16079 + up_read(&mm->mmap_sem);
16085 * Handle a spurious fault caused by a stale TLB entry.
16087 @@ -914,6 +1115,9 @@ int show_unhandled_signals = 1;
16089 access_error(unsigned long error_code, int write, struct vm_area_struct *vma)
16091 + if (nx_enabled && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
16095 /* write, present and write, not present: */
16096 if (unlikely(!(vma->vm_flags & VM_WRITE)))
16097 @@ -947,17 +1151,16 @@ do_page_fault(struct pt_regs *regs, unsi
16099 struct vm_area_struct *vma;
16100 struct task_struct *tsk;
16101 - unsigned long address;
16102 struct mm_struct *mm;
16106 + /* Get the faulting address: */
16107 + const unsigned long address = read_cr2();
16112 - /* Get the faulting address: */
16113 - address = read_cr2();
16116 * Detect and handle instructions that would cause a page fault for
16117 * both a tracked kernel page and a userspace page.
16118 @@ -1017,7 +1220,7 @@ do_page_fault(struct pt_regs *regs, unsi
16119 * User-mode registers count as a user access even for any
16120 * potential system fault or CPU buglet:
16122 - if (user_mode_vm(regs)) {
16123 + if (user_mode(regs)) {
16124 local_irq_enable();
16125 error_code |= PF_USER;
16127 @@ -1071,6 +1274,11 @@ do_page_fault(struct pt_regs *regs, unsi
16131 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
16132 + if (pax_handle_pageexec_fault(regs, mm, address, error_code))
16136 vma = find_vma(mm, address);
16137 if (unlikely(!vma)) {
16138 bad_area(regs, error_code, address);
16139 @@ -1082,18 +1290,24 @@ do_page_fault(struct pt_regs *regs, unsi
16140 bad_area(regs, error_code, address);
16143 - if (error_code & PF_USER) {
16145 - * Accessing the stack below %sp is always a bug.
16146 - * The large cushion allows instructions like enter
16147 - * and pusha to work. ("enter $65535, $31" pushes
16148 - * 32 pointers and then decrements %sp by 65535.)
16150 - if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
16151 - bad_area(regs, error_code, address);
16155 + * Accessing the stack below %sp is always a bug.
16156 + * The large cushion allows instructions like enter
16157 + * and pusha to work. ("enter $65535, $31" pushes
16158 + * 32 pointers and then decrements %sp by 65535.)
16160 + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
16161 + bad_area(regs, error_code, address);
16165 +#ifdef CONFIG_PAX_SEGMEXEC
16166 + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
16167 + bad_area(regs, error_code, address);
16172 if (unlikely(expand_stack(vma, address))) {
16173 bad_area(regs, error_code, address);
16175 @@ -1137,3 +1351,174 @@ good_area:
16177 up_read(&mm->mmap_sem);
16180 +#ifdef CONFIG_PAX_EMUTRAMP
16181 +static int pax_handle_fetch_fault_32(struct pt_regs *regs)
16185 + do { /* PaX: gcc trampoline emulation #1 */
16186 + unsigned char mov1, mov2;
16187 + unsigned short jmp;
16188 + unsigned int addr1, addr2;
16190 +#ifdef CONFIG_X86_64
16191 + if ((regs->ip + 11) >> 32)
16195 + err = get_user(mov1, (unsigned char __user *)regs->ip);
16196 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
16197 + err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5));
16198 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
16199 + err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10));
16204 + if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) {
16205 + regs->cx = addr1;
16206 + regs->ax = addr2;
16207 + regs->ip = addr2;
16212 + do { /* PaX: gcc trampoline emulation #2 */
16213 + unsigned char mov, jmp;
16214 + unsigned int addr1, addr2;
16216 +#ifdef CONFIG_X86_64
16217 + if ((regs->ip + 9) >> 32)
16221 + err = get_user(mov, (unsigned char __user *)regs->ip);
16222 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
16223 + err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
16224 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
16229 + if (mov == 0xB9 && jmp == 0xE9) {
16230 + regs->cx = addr1;
16231 + regs->ip = (unsigned int)(regs->ip + addr2 + 10);
16236 + return 1; /* PaX in action */
16239 +#ifdef CONFIG_X86_64
16240 +static int pax_handle_fetch_fault_64(struct pt_regs *regs)
16244 + do { /* PaX: gcc trampoline emulation #1 */
16245 + unsigned short mov1, mov2, jmp1;
16246 + unsigned char jmp2;
16247 + unsigned int addr1;
16248 + unsigned long addr2;
16250 + err = get_user(mov1, (unsigned short __user *)regs->ip);
16251 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2));
16252 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6));
16253 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8));
16254 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16));
16255 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18));
16260 + if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
16261 + regs->r11 = addr1;
16262 + regs->r10 = addr2;
16263 + regs->ip = addr1;
16268 + do { /* PaX: gcc trampoline emulation #2 */
16269 + unsigned short mov1, mov2, jmp1;
16270 + unsigned char jmp2;
16271 + unsigned long addr1, addr2;
16273 + err = get_user(mov1, (unsigned short __user *)regs->ip);
16274 + err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
16275 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
16276 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
16277 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20));
16278 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22));
16283 + if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
16284 + regs->r11 = addr1;
16285 + regs->r10 = addr2;
16286 + regs->ip = addr1;
16291 + return 1; /* PaX in action */
16296 + * PaX: decide what to do with offenders (regs->ip = fault address)
16298 + * returns 1 when task should be killed
16299 + * 2 when gcc trampoline was detected
16301 +static int pax_handle_fetch_fault(struct pt_regs *regs)
16303 + if (v8086_mode(regs))
16306 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
16309 +#ifdef CONFIG_X86_32
16310 + return pax_handle_fetch_fault_32(regs);
16312 + if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))
16313 + return pax_handle_fetch_fault_32(regs);
16315 + return pax_handle_fetch_fault_64(regs);
16320 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
16321 +void pax_report_insns(void *pc, void *sp)
16325 + printk(KERN_ERR "PAX: bytes at PC: ");
16326 + for (i = 0; i < 20; i++) {
16328 + if (get_user(c, (__force unsigned char __user *)pc+i))
16329 + printk(KERN_CONT "?? ");
16331 + printk(KERN_CONT "%02x ", c);
16335 + printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
16336 + for (i = -1; i < 80 / sizeof(long); i++) {
16338 + if (get_user(c, (__force unsigned long __user *)sp+i))
16339 +#ifdef CONFIG_X86_32
16340 + printk(KERN_CONT "???????? ");
16342 + printk(KERN_CONT "???????????????? ");
16345 + printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c);
16350 diff -urNp linux-2.6.32.1/arch/x86/mm/gup.c linux-2.6.32.1/arch/x86/mm/gup.c
16351 --- linux-2.6.32.1/arch/x86/mm/gup.c 2009-12-02 22:51:21.000000000 -0500
16352 +++ linux-2.6.32.1/arch/x86/mm/gup.c 2009-12-14 18:33:51.851713993 -0500
16353 @@ -237,7 +237,7 @@ int __get_user_pages_fast(unsigned long
16355 len = (unsigned long) nr_pages << PAGE_SHIFT;
16357 - if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
16358 + if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
16359 (void __user *)start, len)))
16362 diff -urNp linux-2.6.32.1/arch/x86/mm/highmem_32.c linux-2.6.32.1/arch/x86/mm/highmem_32.c
16363 --- linux-2.6.32.1/arch/x86/mm/highmem_32.c 2009-12-02 22:51:21.000000000 -0500
16364 +++ linux-2.6.32.1/arch/x86/mm/highmem_32.c 2009-12-14 18:33:51.851713993 -0500
16365 @@ -43,7 +43,10 @@ void *kmap_atomic_prot(struct page *page
16366 idx = type + KM_TYPE_NR*smp_processor_id();
16367 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
16368 BUG_ON(!pte_none(*(kmap_pte-idx)));
16370 + pax_open_kernel();
16371 set_pte(kmap_pte-idx, mk_pte(page, prot));
16372 + pax_close_kernel();
16374 return (void *)vaddr;
16376 diff -urNp linux-2.6.32.1/arch/x86/mm/hugetlbpage.c linux-2.6.32.1/arch/x86/mm/hugetlbpage.c
16377 --- linux-2.6.32.1/arch/x86/mm/hugetlbpage.c 2009-12-02 22:51:21.000000000 -0500
16378 +++ linux-2.6.32.1/arch/x86/mm/hugetlbpage.c 2009-12-14 18:33:51.852719320 -0500
16379 @@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe
16380 struct hstate *h = hstate_file(file);
16381 struct mm_struct *mm = current->mm;
16382 struct vm_area_struct *vma;
16383 - unsigned long start_addr;
16384 + unsigned long start_addr, pax_task_size = TASK_SIZE;
16386 +#ifdef CONFIG_PAX_SEGMEXEC
16387 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
16388 + pax_task_size = SEGMEXEC_TASK_SIZE;
16391 if (len > mm->cached_hole_size) {
16392 - start_addr = mm->free_area_cache;
16393 + start_addr = mm->free_area_cache;
16395 - start_addr = TASK_UNMAPPED_BASE;
16396 - mm->cached_hole_size = 0;
16397 + start_addr = mm->mmap_base;
16398 + mm->cached_hole_size = 0;
16402 @@ -281,13 +286,13 @@ full_search:
16404 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
16405 /* At this point: (!vma || addr < vma->vm_end). */
16406 - if (TASK_SIZE - len < addr) {
16407 + if (pax_task_size - len < addr) {
16409 * Start a new search - just in case we missed
16412 - if (start_addr != TASK_UNMAPPED_BASE) {
16413 - start_addr = TASK_UNMAPPED_BASE;
16414 + if (start_addr != mm->mmap_base) {
16415 + start_addr = mm->mmap_base;
16416 mm->cached_hole_size = 0;
16419 @@ -310,9 +315,8 @@ static unsigned long hugetlb_get_unmappe
16420 struct hstate *h = hstate_file(file);
16421 struct mm_struct *mm = current->mm;
16422 struct vm_area_struct *vma, *prev_vma;
16423 - unsigned long base = mm->mmap_base, addr = addr0;
16424 + unsigned long base = mm->mmap_base, addr;
16425 unsigned long largest_hole = mm->cached_hole_size;
16426 - int first_time = 1;
16428 /* don't allow allocations above current base */
16429 if (mm->free_area_cache > base)
16430 @@ -322,7 +326,7 @@ static unsigned long hugetlb_get_unmappe
16432 mm->free_area_cache = base;
16436 /* make sure it can fit in the remaining address space */
16437 if (mm->free_area_cache < len)
16439 @@ -364,22 +368,26 @@ try_again:
16443 - * if hint left us with no space for the requested
16444 - * mapping then try again:
16446 - if (first_time) {
16447 - mm->free_area_cache = base;
16448 - largest_hole = 0;
16453 * A failed mmap() very likely causes application failure,
16454 * so fall back to the bottom-up function here. This scenario
16455 * can happen with large stack limits and large mmap()
16458 - mm->free_area_cache = TASK_UNMAPPED_BASE;
16460 +#ifdef CONFIG_PAX_SEGMEXEC
16461 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
16462 + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
16466 + mm->mmap_base = TASK_UNMAPPED_BASE;
16468 +#ifdef CONFIG_PAX_RANDMMAP
16469 + if (mm->pax_flags & MF_PAX_RANDMMAP)
16470 + mm->mmap_base += mm->delta_mmap;
16473 + mm->free_area_cache = mm->mmap_base;
16474 mm->cached_hole_size = ~0UL;
16475 addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
16476 len, pgoff, flags);
16477 @@ -387,6 +395,7 @@ fail:
16479 * Restore the topdown base:
16481 + mm->mmap_base = base;
16482 mm->free_area_cache = base;
16483 mm->cached_hole_size = ~0UL;
16485 @@ -400,10 +409,17 @@ hugetlb_get_unmapped_area(struct file *f
16486 struct hstate *h = hstate_file(file);
16487 struct mm_struct *mm = current->mm;
16488 struct vm_area_struct *vma;
16489 + unsigned long pax_task_size = TASK_SIZE;
16491 if (len & ~huge_page_mask(h))
16493 - if (len > TASK_SIZE)
16495 +#ifdef CONFIG_PAX_SEGMEXEC
16496 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
16497 + pax_task_size = SEGMEXEC_TASK_SIZE;
16500 + if (len > pax_task_size)
16503 if (flags & MAP_FIXED) {
16504 @@ -415,7 +431,7 @@ hugetlb_get_unmapped_area(struct file *f
16506 addr = ALIGN(addr, huge_page_size(h));
16507 vma = find_vma(mm, addr);
16508 - if (TASK_SIZE - len >= addr &&
16509 + if (pax_task_size - len >= addr &&
16510 (!vma || addr + len <= vma->vm_start))
16513 diff -urNp linux-2.6.32.1/arch/x86/mm/init_32.c linux-2.6.32.1/arch/x86/mm/init_32.c
16514 --- linux-2.6.32.1/arch/x86/mm/init_32.c 2009-12-02 22:51:21.000000000 -0500
16515 +++ linux-2.6.32.1/arch/x86/mm/init_32.c 2009-12-15 17:05:40.583629988 -0500
16516 @@ -72,36 +72,6 @@ static __init void *alloc_low_page(void)
16520 - * Creates a middle page table and puts a pointer to it in the
16521 - * given global directory entry. This only returns the gd entry
16522 - * in non-PAE compilation mode, since the middle layer is folded.
16524 -static pmd_t * __init one_md_table_init(pgd_t *pgd)
16527 - pmd_t *pmd_table;
16529 -#ifdef CONFIG_X86_PAE
16530 - if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
16531 - if (after_bootmem)
16532 - pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE);
16534 - pmd_table = (pmd_t *)alloc_low_page();
16535 - paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
16536 - set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
16537 - pud = pud_offset(pgd, 0);
16538 - BUG_ON(pmd_table != pmd_offset(pud, 0));
16540 - return pmd_table;
16543 - pud = pud_offset(pgd, 0);
16544 - pmd_table = pmd_offset(pud, 0);
16546 - return pmd_table;
16550 * Create a page table and place a pointer to it in a middle page
16553 @@ -121,13 +91,28 @@ static pte_t * __init one_page_table_ini
16554 page_table = (pte_t *)alloc_low_page();
16556 paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
16557 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
16558 + set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE));
16560 set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE));
16562 BUG_ON(page_table != pte_offset_kernel(pmd, 0));
16565 return pte_offset_kernel(pmd, 0);
16568 +static pmd_t * __init one_md_table_init(pgd_t *pgd)
16571 + pmd_t *pmd_table;
16573 + pud = pud_offset(pgd, 0);
16574 + pmd_table = pmd_offset(pud, 0);
16576 + return pmd_table;
16579 pmd_t * __init populate_extra_pmd(unsigned long vaddr)
16581 int pgd_idx = pgd_index(vaddr);
16582 @@ -201,6 +186,7 @@ page_table_range_init(unsigned long star
16583 int pgd_idx, pmd_idx;
16584 unsigned long vaddr;
16590 @@ -210,8 +196,13 @@ page_table_range_init(unsigned long star
16591 pgd = pgd_base + pgd_idx;
16593 for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
16594 - pmd = one_md_table_init(pgd);
16595 - pmd = pmd + pmd_index(vaddr);
16596 + pud = pud_offset(pgd, vaddr);
16597 + pmd = pmd_offset(pud, vaddr);
16599 +#ifdef CONFIG_X86_PAE
16600 + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
16603 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
16604 pmd++, pmd_idx++) {
16605 pte = page_table_kmap_check(one_page_table_init(pmd),
16606 @@ -223,11 +214,20 @@ page_table_range_init(unsigned long star
16610 -static inline int is_kernel_text(unsigned long addr)
16611 +static inline int is_kernel_text(unsigned long start, unsigned long end)
16613 - if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end)
16616 + if ((start > ktla_ktva((unsigned long)_etext) ||
16617 + end <= ktla_ktva((unsigned long)_stext)) &&
16618 + (start > ktla_ktva((unsigned long)_einittext) ||
16619 + end <= ktla_ktva((unsigned long)_sinittext)) &&
16621 +#ifdef CONFIG_ACPI_SLEEP
16622 + (start > (unsigned long)__va(acpi_wakeup_address) + 0x4000 || end <= (unsigned long)__va(acpi_wakeup_address)) &&
16625 + (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000)))
16631 @@ -243,9 +243,10 @@ kernel_physical_mapping_init(unsigned lo
16632 int use_pse = page_size_mask == (1<<PG_LEVEL_2M);
16633 unsigned long start_pfn, end_pfn;
16634 pgd_t *pgd_base = swapper_pg_dir;
16635 - int pgd_idx, pmd_idx, pte_ofs;
16636 + unsigned int pgd_idx, pmd_idx, pte_ofs;
16642 unsigned pages_2m, pages_4k;
16643 @@ -278,8 +279,13 @@ repeat:
16645 pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
16646 pgd = pgd_base + pgd_idx;
16647 - for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) {
16648 - pmd = one_md_table_init(pgd);
16649 + for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) {
16650 + pud = pud_offset(pgd, 0);
16651 + pmd = pmd_offset(pud, 0);
16653 +#ifdef CONFIG_X86_PAE
16654 + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
16657 if (pfn >= end_pfn)
16659 @@ -291,14 +297,13 @@ repeat:
16661 for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
16662 pmd++, pmd_idx++) {
16663 - unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET;
16664 + unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET;
16667 * Map with big pages if possible, otherwise
16668 * create normal page tables:
16671 - unsigned int addr2;
16672 pgprot_t prot = PAGE_KERNEL_LARGE;
16674 * first pass will use the same initial
16675 @@ -308,11 +313,7 @@ repeat:
16676 __pgprot(PTE_IDENT_ATTR |
16679 - addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
16680 - PAGE_OFFSET + PAGE_SIZE-1;
16682 - if (is_kernel_text(addr) ||
16683 - is_kernel_text(addr2))
16684 + if (is_kernel_text(address, address + PMD_SIZE))
16685 prot = PAGE_KERNEL_LARGE_EXEC;
16688 @@ -329,7 +330,7 @@ repeat:
16689 pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
16691 for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
16692 - pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
16693 + pte++, pfn++, pte_ofs++, address += PAGE_SIZE) {
16694 pgprot_t prot = PAGE_KERNEL;
16696 * first pass will use the same initial
16697 @@ -337,7 +338,7 @@ repeat:
16699 pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
16701 - if (is_kernel_text(addr))
16702 + if (is_kernel_text(address, address + PAGE_SIZE))
16703 prot = PAGE_KERNEL_EXEC;
16706 @@ -489,7 +490,7 @@ void __init native_pagetable_setup_start
16708 pud = pud_offset(pgd, va);
16709 pmd = pmd_offset(pud, va);
16710 - if (!pmd_present(*pmd))
16711 + if (!pmd_present(*pmd) || pmd_huge(*pmd))
16714 pte = pte_offset_kernel(pmd, va);
16715 @@ -541,9 +542,7 @@ void __init early_ioremap_page_table_ran
16717 static void __init pagetable_init(void)
16719 - pgd_t *pgd_base = swapper_pg_dir;
16721 - permanent_kmaps_init(pgd_base);
16722 + permanent_kmaps_init(swapper_pg_dir);
16725 #ifdef CONFIG_ACPI_SLEEP
16726 @@ -551,12 +550,12 @@ static void __init pagetable_init(void)
16727 * ACPI suspend needs this for resume, because things like the intel-agp
16728 * driver might have split up a kernel 4MB mapping.
16730 -char swsusp_pg_dir[PAGE_SIZE]
16731 +pgd_t swsusp_pg_dir[PTRS_PER_PGD]
16732 __attribute__ ((aligned(PAGE_SIZE)));
16734 static inline void save_pg_dir(void)
16736 - memcpy(swsusp_pg_dir, swapper_pg_dir, PAGE_SIZE);
16737 + clone_pgd_range(swsusp_pg_dir, swapper_pg_dir, PTRS_PER_PGD);
16739 #else /* !CONFIG_ACPI_SLEEP */
16740 static inline void save_pg_dir(void)
16741 @@ -588,7 +587,7 @@ void zap_low_mappings(bool early)
16745 -pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
16746 +pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
16747 EXPORT_SYMBOL_GPL(__supported_pte_mask);
16749 /* user-defined highmem size */
16750 @@ -881,7 +880,7 @@ void __init mem_init(void)
16751 set_highmem_pages_init();
16753 codesize = (unsigned long) &_etext - (unsigned long) &_text;
16754 - datasize = (unsigned long) &_edata - (unsigned long) &_etext;
16755 + datasize = (unsigned long) &_edata - (unsigned long) &_sdata;
16756 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
16758 printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
16759 @@ -923,10 +922,10 @@ void __init mem_init(void)
16760 ((unsigned long)&__init_end -
16761 (unsigned long)&__init_begin) >> 10,
16763 - (unsigned long)&_etext, (unsigned long)&_edata,
16764 - ((unsigned long)&_edata - (unsigned long)&_etext) >> 10,
16765 + (unsigned long)&_sdata, (unsigned long)&_edata,
16766 + ((unsigned long)&_edata - (unsigned long)&_sdata) >> 10,
16768 - (unsigned long)&_text, (unsigned long)&_etext,
16769 + ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext),
16770 ((unsigned long)&_etext - (unsigned long)&_text) >> 10);
16773 @@ -1007,6 +1006,7 @@ void set_kernel_text_rw(void)
16774 if (!kernel_set_to_readonly)
16777 + start = ktla_ktva(start);
16778 pr_debug("Set kernel text: %lx - %lx for read write\n",
16779 start, start+size);
16781 @@ -1021,6 +1021,7 @@ void set_kernel_text_ro(void)
16782 if (!kernel_set_to_readonly)
16785 + start = ktla_ktva(start);
16786 pr_debug("Set kernel text: %lx - %lx for read only\n",
16787 start, start+size);
16789 @@ -1032,6 +1033,7 @@ void mark_rodata_ro(void)
16790 unsigned long start = PFN_ALIGN(_text);
16791 unsigned long size = PFN_ALIGN(_etext) - start;
16793 + start = ktla_ktva(start);
16794 set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
16795 printk(KERN_INFO "Write protecting the kernel text: %luk\n",
16797 diff -urNp linux-2.6.32.1/arch/x86/mm/init_64.c linux-2.6.32.1/arch/x86/mm/init_64.c
16798 --- linux-2.6.32.1/arch/x86/mm/init_64.c 2009-12-02 22:51:21.000000000 -0500
16799 +++ linux-2.6.32.1/arch/x86/mm/init_64.c 2009-12-14 18:33:51.855716926 -0500
16800 @@ -163,7 +163,9 @@ void set_pte_vaddr_pud(pud_t *pud_page,
16801 pmd = fill_pmd(pud, vaddr);
16802 pte = fill_pte(pmd, vaddr);
16804 + pax_open_kernel();
16805 set_pte(pte, new_pte);
16806 + pax_close_kernel();
16809 * It's enough to flush this one mapping.
16810 @@ -222,14 +224,12 @@ static void __init __init_extra_mapping(
16811 pgd = pgd_offset_k((unsigned long)__va(phys));
16812 if (pgd_none(*pgd)) {
16813 pud = (pud_t *) spp_getpage();
16814 - set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE |
16816 + set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE));
16818 pud = pud_offset(pgd, (unsigned long)__va(phys));
16819 if (pud_none(*pud)) {
16820 pmd = (pmd_t *) spp_getpage();
16821 - set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE |
16823 + set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE));
16825 pmd = pmd_offset(pud, phys);
16826 BUG_ON(!pmd_none(*pmd));
16827 @@ -842,8 +842,8 @@ int kern_addr_valid(unsigned long addr)
16828 static struct vm_area_struct gate_vma = {
16829 .vm_start = VSYSCALL_START,
16830 .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
16831 - .vm_page_prot = PAGE_READONLY_EXEC,
16832 - .vm_flags = VM_READ | VM_EXEC
16833 + .vm_page_prot = PAGE_READONLY,
16834 + .vm_flags = VM_READ
16837 struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
16838 @@ -877,7 +877,7 @@ int in_gate_area_no_task(unsigned long a
16840 const char *arch_vma_name(struct vm_area_struct *vma)
16842 - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
16843 + if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
16845 if (vma == &gate_vma)
16846 return "[vsyscall]";
16847 diff -urNp linux-2.6.32.1/arch/x86/mm/init.c linux-2.6.32.1/arch/x86/mm/init.c
16848 --- linux-2.6.32.1/arch/x86/mm/init.c 2009-12-02 22:51:21.000000000 -0500
16849 +++ linux-2.6.32.1/arch/x86/mm/init.c 2009-12-14 18:33:51.855716926 -0500
16850 @@ -331,7 +331,13 @@ unsigned long __init_refok init_memory_m
16852 int devmem_is_allowed(unsigned long pagenr)
16854 - if (pagenr <= 256)
16857 +#ifdef CONFIG_VM86
16858 + if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
16861 + if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
16863 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
16865 @@ -379,6 +385,83 @@ void free_init_pages(char *what, unsigne
16867 void free_initmem(void)
16870 +#ifdef CONFIG_PAX_KERNEXEC
16875 +#ifdef CONFIG_X86_32
16876 + /* PaX: limit KERNEL_CS to actual size */
16877 + unsigned long addr, limit;
16878 + struct desc_struct d;
16881 + limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
16882 + limit = (limit - 1UL) >> PAGE_SHIFT;
16884 + memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
16885 + for (cpu = 0; cpu < NR_CPUS; cpu++) {
16886 + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
16887 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
16890 + /* PaX: make KERNEL_CS read-only */
16891 + addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
16892 + if (!paravirt_enabled())
16893 + set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
16895 + for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
16896 + pgd = pgd_offset_k(addr);
16897 + pud = pud_offset(pgd, addr);
16898 + pmd = pmd_offset(pud, addr);
16899 + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16902 +#ifdef CONFIG_X86_PAE
16903 + set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
16904 + for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
16905 + pgd = pgd_offset_k(addr);
16906 + pud = pud_offset(pgd, addr);
16907 + pmd = pmd_offset(pud, addr);
16908 + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16912 +#ifdef CONFIG_MODULES
16913 + set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
16917 + unsigned long addr, end;
16919 + /* PaX: make kernel code/rodata read-only, rest non-executable */
16920 + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
16921 + pgd = pgd_offset_k(addr);
16922 + pud = pud_offset(pgd, addr);
16923 + pmd = pmd_offset(pud, addr);
16924 + if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
16925 + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16927 + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16930 + addr = (unsigned long)__va(__pa(__START_KERNEL_map));
16931 + end = addr + KERNEL_IMAGE_SIZE;
16932 + for (; addr < end; addr += PMD_SIZE) {
16933 + pgd = pgd_offset_k(addr);
16934 + pud = pud_offset(pgd, addr);
16935 + pmd = pmd_offset(pud, addr);
16936 + if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
16937 + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
16939 + set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
16946 free_init_pages("unused kernel memory",
16947 (unsigned long)(&__init_begin),
16948 (unsigned long)(&__init_end));
16949 diff -urNp linux-2.6.32.1/arch/x86/mm/iomap_32.c linux-2.6.32.1/arch/x86/mm/iomap_32.c
16950 --- linux-2.6.32.1/arch/x86/mm/iomap_32.c 2009-12-02 22:51:21.000000000 -0500
16951 +++ linux-2.6.32.1/arch/x86/mm/iomap_32.c 2009-12-14 18:33:51.855716926 -0500
16952 @@ -65,7 +65,11 @@ void *kmap_atomic_prot_pfn(unsigned long
16953 debug_kmap_atomic(type);
16954 idx = type + KM_TYPE_NR * smp_processor_id();
16955 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
16957 + pax_open_kernel();
16958 set_pte(kmap_pte - idx, pfn_pte(pfn, prot));
16959 + pax_close_kernel();
16961 arch_flush_lazy_mmu_mode();
16963 return (void *)vaddr;
16964 diff -urNp linux-2.6.32.1/arch/x86/mm/ioremap.c linux-2.6.32.1/arch/x86/mm/ioremap.c
16965 --- linux-2.6.32.1/arch/x86/mm/ioremap.c 2009-12-02 22:51:21.000000000 -0500
16966 +++ linux-2.6.32.1/arch/x86/mm/ioremap.c 2009-12-14 18:33:51.857713707 -0500
16967 @@ -41,8 +41,8 @@ int page_is_ram(unsigned long pagenr)
16968 * Second special case: Some BIOSen report the PC BIOS
16969 * area (640->1Mb) as ram even though it is not.
16971 - if (pagenr >= (BIOS_BEGIN >> PAGE_SHIFT) &&
16972 - pagenr < (BIOS_END >> PAGE_SHIFT))
16973 + if (pagenr >= (ISA_START_ADDRESS >> PAGE_SHIFT) &&
16974 + pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
16977 for (i = 0; i < e820.nr_map; i++) {
16978 @@ -137,10 +137,7 @@ static void __iomem *__ioremap_caller(re
16980 * Don't allow anybody to remap normal RAM that we're using..
16982 - for (pfn = phys_addr >> PAGE_SHIFT;
16983 - (pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK);
16986 + for (pfn = phys_addr >> PAGE_SHIFT; ((resource_size_t)pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK); pfn++) {
16987 int is_ram = page_is_ram(pfn);
16989 if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
16990 @@ -191,6 +188,8 @@ static void __iomem *__ioremap_caller(re
16994 + prot = canon_pgprot(prot);
16999 @@ -407,7 +406,7 @@ static int __init early_ioremap_debug_se
17000 early_param("early_ioremap_debug", early_ioremap_debug_setup);
17002 static __initdata int after_paging_init;
17003 -static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
17004 +static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE);
17006 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
17008 @@ -439,8 +438,7 @@ void __init early_ioremap_init(void)
17009 slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
17011 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
17012 - memset(bm_pte, 0, sizeof(bm_pte));
17013 - pmd_populate_kernel(&init_mm, pmd, bm_pte);
17014 + pmd_populate_user(&init_mm, pmd, bm_pte);
17017 * The boot-ioremap range spans multiple pmds, for which
17018 diff -urNp linux-2.6.32.1/arch/x86/mm/mmap.c linux-2.6.32.1/arch/x86/mm/mmap.c
17019 --- linux-2.6.32.1/arch/x86/mm/mmap.c 2009-12-02 22:51:21.000000000 -0500
17020 +++ linux-2.6.32.1/arch/x86/mm/mmap.c 2009-12-14 18:33:51.857713707 -0500
17021 @@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size
17022 * Leave an at least ~128 MB hole with possible stack randomization.
17024 #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
17025 -#define MAX_GAP (TASK_SIZE/6*5)
17026 +#define MAX_GAP (pax_task_size/6*5)
17029 * True on X86_32 or when emulating IA32 on X86_64
17030 @@ -94,27 +94,40 @@ static unsigned long mmap_rnd(void)
17031 return rnd << PAGE_SHIFT;
17034 -static unsigned long mmap_base(void)
17035 +static unsigned long mmap_base(struct mm_struct *mm)
17037 unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
17038 + unsigned long pax_task_size = TASK_SIZE;
17040 +#ifdef CONFIG_PAX_SEGMEXEC
17041 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
17042 + pax_task_size = SEGMEXEC_TASK_SIZE;
17047 else if (gap > MAX_GAP)
17050 - return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
17051 + return PAGE_ALIGN(pax_task_size - gap - mmap_rnd());
17055 * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
17056 * does, but not when emulating X86_32
17058 -static unsigned long mmap_legacy_base(void)
17059 +static unsigned long mmap_legacy_base(struct mm_struct *mm)
17061 - if (mmap_is_ia32())
17062 + if (mmap_is_ia32()) {
17064 +#ifdef CONFIG_PAX_SEGMEXEC
17065 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
17066 + return SEGMEXEC_TASK_UNMAPPED_BASE;
17070 return TASK_UNMAPPED_BASE;
17073 return TASK_UNMAPPED_BASE + mmap_rnd();
17076 @@ -125,11 +138,23 @@ static unsigned long mmap_legacy_base(vo
17077 void arch_pick_mmap_layout(struct mm_struct *mm)
17079 if (mmap_is_legacy()) {
17080 - mm->mmap_base = mmap_legacy_base();
17081 + mm->mmap_base = mmap_legacy_base(mm);
17083 +#ifdef CONFIG_PAX_RANDMMAP
17084 + if (mm->pax_flags & MF_PAX_RANDMMAP)
17085 + mm->mmap_base += mm->delta_mmap;
17088 mm->get_unmapped_area = arch_get_unmapped_area;
17089 mm->unmap_area = arch_unmap_area;
17091 - mm->mmap_base = mmap_base();
17092 + mm->mmap_base = mmap_base(mm);
17094 +#ifdef CONFIG_PAX_RANDMMAP
17095 + if (mm->pax_flags & MF_PAX_RANDMMAP)
17096 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
17099 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
17100 mm->unmap_area = arch_unmap_area_topdown;
17102 diff -urNp linux-2.6.32.1/arch/x86/mm/numa_32.c linux-2.6.32.1/arch/x86/mm/numa_32.c
17103 --- linux-2.6.32.1/arch/x86/mm/numa_32.c 2009-12-02 22:51:21.000000000 -0500
17104 +++ linux-2.6.32.1/arch/x86/mm/numa_32.c 2009-12-14 18:33:51.858716642 -0500
17105 @@ -98,7 +98,6 @@ unsigned long node_memmap_size_bytes(int
17109 -extern unsigned long find_max_low_pfn(void);
17110 extern unsigned long highend_pfn, highstart_pfn;
17112 #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
17113 diff -urNp linux-2.6.32.1/arch/x86/mm/pageattr.c linux-2.6.32.1/arch/x86/mm/pageattr.c
17114 --- linux-2.6.32.1/arch/x86/mm/pageattr.c 2009-12-02 22:51:21.000000000 -0500
17115 +++ linux-2.6.32.1/arch/x86/mm/pageattr.c 2009-12-14 18:33:51.858716642 -0500
17116 @@ -268,9 +268,10 @@ static inline pgprot_t static_protection
17117 * Does not cover __inittext since that is gone later on. On
17118 * 64bit we do not enforce !NX on the low mapping
17120 - if (within(address, (unsigned long)_text, (unsigned long)_etext))
17121 + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
17122 pgprot_val(forbidden) |= _PAGE_NX;
17124 +#ifdef CONFIG_DEBUG_RODATA
17126 * The .rodata section needs to be read-only. Using the pfn
17127 * catches all aliases.
17128 @@ -278,6 +279,7 @@ static inline pgprot_t static_protection
17129 if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
17130 __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
17131 pgprot_val(forbidden) |= _PAGE_RW;
17134 prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
17136 @@ -331,7 +333,10 @@ EXPORT_SYMBOL_GPL(lookup_address);
17137 static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
17139 /* change init_mm */
17140 + pax_open_kernel();
17141 set_pte_atomic(kpte, pte);
17142 + pax_close_kernel();
17144 #ifdef CONFIG_X86_32
17145 if (!SHARED_KERNEL_PMD) {
17147 diff -urNp linux-2.6.32.1/arch/x86/mm/pageattr-test.c linux-2.6.32.1/arch/x86/mm/pageattr-test.c
17148 --- linux-2.6.32.1/arch/x86/mm/pageattr-test.c 2009-12-02 22:51:21.000000000 -0500
17149 +++ linux-2.6.32.1/arch/x86/mm/pageattr-test.c 2009-12-14 18:33:51.858716642 -0500
17150 @@ -36,7 +36,7 @@ enum {
17152 static int pte_testbit(pte_t pte)
17154 - return pte_flags(pte) & _PAGE_UNUSED1;
17155 + return pte_flags(pte) & _PAGE_CPA_TEST;
17158 struct split_state {
17159 diff -urNp linux-2.6.32.1/arch/x86/mm/pat.c linux-2.6.32.1/arch/x86/mm/pat.c
17160 --- linux-2.6.32.1/arch/x86/mm/pat.c 2009-12-02 22:51:21.000000000 -0500
17161 +++ linux-2.6.32.1/arch/x86/mm/pat.c 2009-12-14 18:33:51.860715150 -0500
17162 @@ -258,7 +258,7 @@ chk_conflict(struct memtype *new, struct
17165 printk(KERN_INFO "%s:%d conflicting memory types "
17166 - "%Lx-%Lx %s<->%s\n", current->comm, current->pid, new->start,
17167 + "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), new->start,
17168 new->end, cattr_name(new->type), cattr_name(entry->type));
17171 @@ -559,7 +559,7 @@ unlock_ret:
17174 printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n",
17175 - current->comm, current->pid, start, end);
17176 + current->comm, task_pid_nr(current), start, end);
17179 dprintk("free_memtype request 0x%Lx-0x%Lx\n", start, end);
17180 @@ -755,7 +755,7 @@ int kernel_map_sync_memtype(u64 base, un
17182 "%s:%d ioremap_change_attr failed %s "
17184 - current->comm, current->pid,
17185 + current->comm, task_pid_nr(current),
17187 base, (unsigned long long)(base + size));
17189 @@ -813,7 +813,7 @@ static int reserve_pfn_range(u64 paddr,
17190 free_memtype(paddr, paddr + size);
17191 printk(KERN_ERR "%s:%d map pfn expected mapping type %s"
17192 " for %Lx-%Lx, got %s\n",
17193 - current->comm, current->pid,
17194 + current->comm, task_pid_nr(current),
17195 cattr_name(want_flags),
17196 (unsigned long long)paddr,
17197 (unsigned long long)(paddr + size),
17198 diff -urNp linux-2.6.32.1/arch/x86/mm/pgtable_32.c linux-2.6.32.1/arch/x86/mm/pgtable_32.c
17199 --- linux-2.6.32.1/arch/x86/mm/pgtable_32.c 2009-12-02 22:51:21.000000000 -0500
17200 +++ linux-2.6.32.1/arch/x86/mm/pgtable_32.c 2009-12-14 18:33:51.860715150 -0500
17201 @@ -49,10 +49,13 @@ void set_pte_vaddr(unsigned long vaddr,
17204 pte = pte_offset_kernel(pmd, vaddr);
17206 + pax_open_kernel();
17207 if (pte_val(pteval))
17208 set_pte_at(&init_mm, vaddr, pte, pteval);
17210 pte_clear(&init_mm, vaddr, pte);
17211 + pax_close_kernel();
17214 * It's enough to flush this one mapping.
17215 diff -urNp linux-2.6.32.1/arch/x86/mm/setup_nx.c linux-2.6.32.1/arch/x86/mm/setup_nx.c
17216 --- linux-2.6.32.1/arch/x86/mm/setup_nx.c 2009-12-02 22:51:21.000000000 -0500
17217 +++ linux-2.6.32.1/arch/x86/mm/setup_nx.c 2009-12-14 18:33:51.860715150 -0500
17220 #include <asm/pgtable.h>
17222 +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
17225 -#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
17226 -static int disable_nx __cpuinitdata;
17228 +#ifndef CONFIG_PAX_PAGEEXEC
17232 @@ -22,32 +21,26 @@ static int __init noexec_setup(char *str
17235 if (!strncmp(str, "on", 2)) {
17236 - __supported_pte_mask |= _PAGE_NX;
17239 } else if (!strncmp(str, "off", 3)) {
17241 - __supported_pte_mask &= ~_PAGE_NX;
17246 early_param("noexec", noexec_setup);
17250 #ifdef CONFIG_X86_PAE
17251 void __init set_nx(void)
17253 - unsigned int v[4], l, h;
17254 + if (!nx_enabled && cpu_has_nx) {
17257 - if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
17258 - cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
17260 - if ((v[3] & (1 << 20)) && !disable_nx) {
17261 - rdmsr(MSR_EFER, l, h);
17263 - wrmsr(MSR_EFER, l, h);
17265 - __supported_pte_mask |= _PAGE_NX;
17267 + __supported_pte_mask &= ~_PAGE_NX;
17268 + rdmsr(MSR_EFER, l, h);
17270 + wrmsr(MSR_EFER, l, h);
17274 @@ -62,7 +55,7 @@ void __cpuinit check_efer(void)
17275 unsigned long efer;
17277 rdmsrl(MSR_EFER, efer);
17278 - if (!(efer & EFER_NX) || disable_nx)
17279 + if (!(efer & EFER_NX) || !nx_enabled)
17280 __supported_pte_mask &= ~_PAGE_NX;
17283 diff -urNp linux-2.6.32.1/arch/x86/mm/tlb.c linux-2.6.32.1/arch/x86/mm/tlb.c
17284 --- linux-2.6.32.1/arch/x86/mm/tlb.c 2009-12-02 22:51:21.000000000 -0500
17285 +++ linux-2.6.32.1/arch/x86/mm/tlb.c 2009-12-14 18:33:51.860715150 -0500
17287 #include <asm/uv/uv.h>
17289 DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate)
17290 - = { &init_mm, 0, };
17291 + = { &init_mm, 0 };
17294 * Smarter SMP flushing macros.
17295 diff -urNp linux-2.6.32.1/arch/x86/oprofile/backtrace.c linux-2.6.32.1/arch/x86/oprofile/backtrace.c
17296 --- linux-2.6.32.1/arch/x86/oprofile/backtrace.c 2009-12-02 22:51:21.000000000 -0500
17297 +++ linux-2.6.32.1/arch/x86/oprofile/backtrace.c 2009-12-14 18:33:51.860715150 -0500
17298 @@ -37,7 +37,7 @@ static void backtrace_address(void *data
17299 unsigned int *depth = data;
17302 - oprofile_add_trace(addr);
17303 + oprofile_add_trace(ktla_ktva(addr));
17306 static struct stacktrace_ops backtrace_ops = {
17307 @@ -57,7 +57,7 @@ static struct frame_head *dump_user_back
17308 struct frame_head bufhead[2];
17310 /* Also check accessibility of one struct frame_head beyond */
17311 - if (!access_ok(VERIFY_READ, head, sizeof(bufhead)))
17312 + if (!__access_ok(VERIFY_READ, head, sizeof(bufhead)))
17314 if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead)))
17316 @@ -77,7 +77,7 @@ x86_backtrace(struct pt_regs * const reg
17318 struct frame_head *head = (struct frame_head *)frame_pointer(regs);
17320 - if (!user_mode_vm(regs)) {
17321 + if (!user_mode(regs)) {
17322 unsigned long stack = kernel_stack_pointer(regs);
17324 dump_trace(NULL, regs, (unsigned long *)stack, 0,
17325 diff -urNp linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c
17326 --- linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c 2009-12-02 22:51:21.000000000 -0500
17327 +++ linux-2.6.32.1/arch/x86/oprofile/op_model_p4.c 2009-12-14 18:33:51.861723486 -0500
17328 @@ -50,7 +50,7 @@ static inline void setup_num_counters(vo
17332 -static int inline addr_increment(void)
17333 +static inline int addr_increment(void)
17336 return smp_num_siblings == 2 ? 2 : 1;
17337 diff -urNp linux-2.6.32.1/arch/x86/pci/common.c linux-2.6.32.1/arch/x86/pci/common.c
17338 --- linux-2.6.32.1/arch/x86/pci/common.c 2009-12-02 22:51:21.000000000 -0500
17339 +++ linux-2.6.32.1/arch/x86/pci/common.c 2009-12-14 18:33:51.861723486 -0500
17340 @@ -31,8 +31,8 @@ int noioapicreroute = 1;
17341 int pcibios_last_bus = -1;
17342 unsigned long pirq_table_addr;
17343 struct pci_bus *pci_root_bus;
17344 -struct pci_raw_ops *raw_pci_ops;
17345 -struct pci_raw_ops *raw_pci_ext_ops;
17346 +const struct pci_raw_ops *raw_pci_ops;
17347 +const struct pci_raw_ops *raw_pci_ext_ops;
17349 int raw_pci_read(unsigned int domain, unsigned int bus, unsigned int devfn,
17350 int reg, int len, u32 *val)
17351 @@ -370,7 +370,7 @@ static const struct dmi_system_id __devi
17352 DMI_MATCH(DMI_PRODUCT_NAME, "ProLiant DL585 G2"),
17356 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
17359 void __init dmi_check_pciprobe(void)
17360 diff -urNp linux-2.6.32.1/arch/x86/pci/direct.c linux-2.6.32.1/arch/x86/pci/direct.c
17361 --- linux-2.6.32.1/arch/x86/pci/direct.c 2009-12-02 22:51:21.000000000 -0500
17362 +++ linux-2.6.32.1/arch/x86/pci/direct.c 2009-12-14 18:33:51.862717608 -0500
17363 @@ -79,7 +79,7 @@ static int pci_conf1_write(unsigned int
17365 #undef PCI_CONF1_ADDRESS
17367 -struct pci_raw_ops pci_direct_conf1 = {
17368 +const struct pci_raw_ops pci_direct_conf1 = {
17369 .read = pci_conf1_read,
17370 .write = pci_conf1_write,
17372 @@ -173,7 +173,7 @@ static int pci_conf2_write(unsigned int
17374 #undef PCI_CONF2_ADDRESS
17376 -struct pci_raw_ops pci_direct_conf2 = {
17377 +const struct pci_raw_ops pci_direct_conf2 = {
17378 .read = pci_conf2_read,
17379 .write = pci_conf2_write,
17381 @@ -189,7 +189,7 @@ struct pci_raw_ops pci_direct_conf2 = {
17382 * This should be close to trivial, but it isn't, because there are buggy
17383 * chipsets (yes, you guessed it, by Intel and Compaq) that have no class ID.
17385 -static int __init pci_sanity_check(struct pci_raw_ops *o)
17386 +static int __init pci_sanity_check(const struct pci_raw_ops *o)
17390 diff -urNp linux-2.6.32.1/arch/x86/pci/fixup.c linux-2.6.32.1/arch/x86/pci/fixup.c
17391 --- linux-2.6.32.1/arch/x86/pci/fixup.c 2009-12-02 22:51:21.000000000 -0500
17392 +++ linux-2.6.32.1/arch/x86/pci/fixup.c 2009-12-14 18:33:51.862717608 -0500
17393 @@ -364,7 +364,7 @@ static const struct dmi_system_id __devi
17394 DMI_MATCH(DMI_PRODUCT_NAME, "MS-6702E"),
17398 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
17402 @@ -435,7 +435,7 @@ static const struct dmi_system_id __devi
17403 DMI_MATCH(DMI_PRODUCT_VERSION, "PSA40U"),
17407 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
17410 static void __devinit pci_pre_fixup_toshiba_ohci1394(struct pci_dev *dev)
17411 diff -urNp linux-2.6.32.1/arch/x86/pci/irq.c linux-2.6.32.1/arch/x86/pci/irq.c
17412 --- linux-2.6.32.1/arch/x86/pci/irq.c 2009-12-02 22:51:21.000000000 -0500
17413 +++ linux-2.6.32.1/arch/x86/pci/irq.c 2009-12-14 18:33:51.863721838 -0500
17414 @@ -543,7 +543,7 @@ static __init int intel_router_probe(str
17415 static struct pci_device_id __initdata pirq_440gx[] = {
17416 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0) },
17417 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_2) },
17419 + { PCI_DEVICE(0, 0) }
17422 /* 440GX has a proprietary PIRQ router -- don't use it */
17423 @@ -1107,7 +1107,7 @@ static struct dmi_system_id __initdata p
17424 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
17428 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
17431 int __init pcibios_irq_init(void)
17432 diff -urNp linux-2.6.32.1/arch/x86/pci/mmconfig_32.c linux-2.6.32.1/arch/x86/pci/mmconfig_32.c
17433 --- linux-2.6.32.1/arch/x86/pci/mmconfig_32.c 2009-12-02 22:51:21.000000000 -0500
17434 +++ linux-2.6.32.1/arch/x86/pci/mmconfig_32.c 2009-12-14 18:33:51.863721838 -0500
17435 @@ -125,7 +125,7 @@ static int pci_mmcfg_write(unsigned int
17439 -static struct pci_raw_ops pci_mmcfg = {
17440 +static const struct pci_raw_ops pci_mmcfg = {
17441 .read = pci_mmcfg_read,
17442 .write = pci_mmcfg_write,
17444 diff -urNp linux-2.6.32.1/arch/x86/pci/mmconfig_64.c linux-2.6.32.1/arch/x86/pci/mmconfig_64.c
17445 --- linux-2.6.32.1/arch/x86/pci/mmconfig_64.c 2009-12-02 22:51:21.000000000 -0500
17446 +++ linux-2.6.32.1/arch/x86/pci/mmconfig_64.c 2009-12-14 18:33:51.863721838 -0500
17447 @@ -104,7 +104,7 @@ static int pci_mmcfg_write(unsigned int
17451 -static struct pci_raw_ops pci_mmcfg = {
17452 +static const struct pci_raw_ops pci_mmcfg = {
17453 .read = pci_mmcfg_read,
17454 .write = pci_mmcfg_write,
17456 diff -urNp linux-2.6.32.1/arch/x86/pci/numaq_32.c linux-2.6.32.1/arch/x86/pci/numaq_32.c
17457 --- linux-2.6.32.1/arch/x86/pci/numaq_32.c 2009-12-02 22:51:21.000000000 -0500
17458 +++ linux-2.6.32.1/arch/x86/pci/numaq_32.c 2009-12-14 18:33:51.863721838 -0500
17459 @@ -112,7 +112,7 @@ static int pci_conf1_mq_write(unsigned i
17461 #undef PCI_CONF1_MQ_ADDRESS
17463 -static struct pci_raw_ops pci_direct_conf1_mq = {
17464 +static const struct pci_raw_ops pci_direct_conf1_mq = {
17465 .read = pci_conf1_mq_read,
17466 .write = pci_conf1_mq_write
17468 diff -urNp linux-2.6.32.1/arch/x86/pci/olpc.c linux-2.6.32.1/arch/x86/pci/olpc.c
17469 --- linux-2.6.32.1/arch/x86/pci/olpc.c 2009-12-02 22:51:21.000000000 -0500
17470 +++ linux-2.6.32.1/arch/x86/pci/olpc.c 2009-12-14 18:33:51.863721838 -0500
17471 @@ -297,7 +297,7 @@ static int pci_olpc_write(unsigned int s
17475 -static struct pci_raw_ops pci_olpc_conf = {
17476 +static const struct pci_raw_ops pci_olpc_conf = {
17477 .read = pci_olpc_read,
17478 .write = pci_olpc_write,
17480 diff -urNp linux-2.6.32.1/arch/x86/pci/pcbios.c linux-2.6.32.1/arch/x86/pci/pcbios.c
17481 --- linux-2.6.32.1/arch/x86/pci/pcbios.c 2009-12-02 22:51:21.000000000 -0500
17482 +++ linux-2.6.32.1/arch/x86/pci/pcbios.c 2009-12-14 18:33:51.864725360 -0500
17483 @@ -56,50 +56,93 @@ union bios32 {
17485 unsigned long address;
17486 unsigned short segment;
17487 -} bios32_indirect = { 0, __KERNEL_CS };
17488 +} bios32_indirect __read_only = { 0, __PCIBIOS_CS };
17491 * Returns the entry point for the given service, NULL on error
17494 -static unsigned long bios32_service(unsigned long service)
17495 +static unsigned long __devinit bios32_service(unsigned long service)
17497 unsigned char return_code; /* %al */
17498 unsigned long address; /* %ebx */
17499 unsigned long length; /* %ecx */
17500 unsigned long entry; /* %edx */
17501 unsigned long flags;
17502 + struct desc_struct d, *gdt;
17504 local_irq_save(flags);
17505 - __asm__("lcall *(%%edi); cld"
17507 + gdt = get_cpu_gdt_table(smp_processor_id());
17509 + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC);
17510 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
17511 + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC);
17512 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
17514 + __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
17515 : "=a" (return_code),
17521 - "D" (&bios32_indirect));
17522 + "D" (&bios32_indirect),
17523 + "r"(__PCIBIOS_DS)
17526 + pax_open_kernel();
17527 + gdt[GDT_ENTRY_PCIBIOS_CS].a = 0;
17528 + gdt[GDT_ENTRY_PCIBIOS_CS].b = 0;
17529 + gdt[GDT_ENTRY_PCIBIOS_DS].a = 0;
17530 + gdt[GDT_ENTRY_PCIBIOS_DS].b = 0;
17531 + pax_close_kernel();
17533 local_irq_restore(flags);
17535 switch (return_code) {
17537 - return address + entry;
17538 - case 0x80: /* Not present */
17539 - printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
17541 - default: /* Shouldn't happen */
17542 - printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
17543 - service, return_code);
17546 + unsigned char flags;
17548 + printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
17549 + if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) {
17550 + printk(KERN_WARNING "bios32_service: not valid\n");
17553 + address = address + PAGE_OFFSET;
17554 + length += 16UL; /* some BIOSs underreport this... */
17556 + if (length >= 64*1024*1024) {
17557 + length >>= PAGE_SHIFT;
17561 + for (cpu = 0; cpu < NR_CPUS; cpu++) {
17562 + gdt = get_cpu_gdt_table(cpu);
17563 + pack_descriptor(&d, address, length, 0x9b, flags);
17564 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
17565 + pack_descriptor(&d, address, length, 0x93, flags);
17566 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
17570 + case 0x80: /* Not present */
17571 + printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
17573 + default: /* Shouldn't happen */
17574 + printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
17575 + service, return_code);
17581 unsigned long address;
17582 unsigned short segment;
17583 -} pci_indirect = { 0, __KERNEL_CS };
17584 +} pci_indirect __read_only = { 0, __PCIBIOS_CS };
17586 -static int pci_bios_present;
17587 +static int pci_bios_present __read_only;
17589 static int __devinit check_pcibios(void)
17591 @@ -108,11 +151,13 @@ static int __devinit check_pcibios(void)
17592 unsigned long flags, pcibios_entry;
17594 if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
17595 - pci_indirect.address = pcibios_entry + PAGE_OFFSET;
17596 + pci_indirect.address = pcibios_entry;
17598 local_irq_save(flags);
17600 - "lcall *(%%edi); cld\n\t"
17601 + __asm__("movw %w6, %%ds\n\t"
17602 + "lcall *%%ss:(%%edi); cld\n\t"
17608 @@ -121,7 +166,8 @@ static int __devinit check_pcibios(void)
17611 : "1" (PCIBIOS_PCI_BIOS_PRESENT),
17612 - "D" (&pci_indirect)
17613 + "D" (&pci_indirect),
17614 + "r" (__PCIBIOS_DS)
17616 local_irq_restore(flags);
17618 @@ -165,7 +211,10 @@ static int pci_bios_read(unsigned int se
17622 - __asm__("lcall *(%%esi); cld\n\t"
17623 + __asm__("movw %w6, %%ds\n\t"
17624 + "lcall *%%ss:(%%esi); cld\n\t"
17630 @@ -174,7 +223,8 @@ static int pci_bios_read(unsigned int se
17631 : "1" (PCIBIOS_READ_CONFIG_BYTE),
17634 - "S" (&pci_indirect));
17635 + "S" (&pci_indirect),
17636 + "r" (__PCIBIOS_DS));
17638 * Zero-extend the result beyond 8 bits, do not trust the
17639 * BIOS having done it:
17640 @@ -182,7 +232,10 @@ static int pci_bios_read(unsigned int se
17644 - __asm__("lcall *(%%esi); cld\n\t"
17645 + __asm__("movw %w6, %%ds\n\t"
17646 + "lcall *%%ss:(%%esi); cld\n\t"
17652 @@ -191,7 +244,8 @@ static int pci_bios_read(unsigned int se
17653 : "1" (PCIBIOS_READ_CONFIG_WORD),
17656 - "S" (&pci_indirect));
17657 + "S" (&pci_indirect),
17658 + "r" (__PCIBIOS_DS));
17660 * Zero-extend the result beyond 16 bits, do not trust the
17661 * BIOS having done it:
17662 @@ -199,7 +253,10 @@ static int pci_bios_read(unsigned int se
17666 - __asm__("lcall *(%%esi); cld\n\t"
17667 + __asm__("movw %w6, %%ds\n\t"
17668 + "lcall *%%ss:(%%esi); cld\n\t"
17674 @@ -208,7 +265,8 @@ static int pci_bios_read(unsigned int se
17675 : "1" (PCIBIOS_READ_CONFIG_DWORD),
17678 - "S" (&pci_indirect));
17679 + "S" (&pci_indirect),
17680 + "r" (__PCIBIOS_DS));
17684 @@ -231,7 +289,10 @@ static int pci_bios_write(unsigned int s
17688 - __asm__("lcall *(%%esi); cld\n\t"
17689 + __asm__("movw %w6, %%ds\n\t"
17690 + "lcall *%%ss:(%%esi); cld\n\t"
17696 @@ -240,10 +301,14 @@ static int pci_bios_write(unsigned int s
17700 - "S" (&pci_indirect));
17701 + "S" (&pci_indirect),
17702 + "r" (__PCIBIOS_DS));
17705 - __asm__("lcall *(%%esi); cld\n\t"
17706 + __asm__("movw %w6, %%ds\n\t"
17707 + "lcall *%%ss:(%%esi); cld\n\t"
17713 @@ -252,10 +317,14 @@ static int pci_bios_write(unsigned int s
17717 - "S" (&pci_indirect));
17718 + "S" (&pci_indirect),
17719 + "r" (__PCIBIOS_DS));
17722 - __asm__("lcall *(%%esi); cld\n\t"
17723 + __asm__("movw %w6, %%ds\n\t"
17724 + "lcall *%%ss:(%%esi); cld\n\t"
17730 @@ -264,7 +333,8 @@ static int pci_bios_write(unsigned int s
17734 - "S" (&pci_indirect));
17735 + "S" (&pci_indirect),
17736 + "r" (__PCIBIOS_DS));
17740 @@ -278,7 +348,7 @@ static int pci_bios_write(unsigned int s
17741 * Function table for BIOS32 access
17744 -static struct pci_raw_ops pci_bios_access = {
17745 +static const struct pci_raw_ops pci_bios_access = {
17746 .read = pci_bios_read,
17747 .write = pci_bios_write
17749 @@ -287,7 +357,7 @@ static struct pci_raw_ops pci_bios_acces
17750 * Try to find PCI BIOS.
17753 -static struct pci_raw_ops * __devinit pci_find_bios(void)
17754 +static const struct pci_raw_ops * __devinit pci_find_bios(void)
17756 union bios32 *check;
17758 @@ -368,10 +438,13 @@ struct irq_routing_table * pcibios_get_i
17760 DBG("PCI: Fetching IRQ routing table... ");
17761 __asm__("push %%es\n\t"
17762 + "movw %w8, %%ds\n\t"
17765 - "lcall *(%%esi); cld\n\t"
17766 + "lcall *%%ss:(%%esi); cld\n\t"
17773 @@ -382,7 +455,8 @@ struct irq_routing_table * pcibios_get_i
17776 "S" (&pci_indirect),
17779 + "r" (__PCIBIOS_DS)
17781 DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map);
17783 @@ -406,7 +480,10 @@ int pcibios_set_irq_routing(struct pci_d
17787 - __asm__("lcall *(%%esi); cld\n\t"
17788 + __asm__("movw %w5, %%ds\n\t"
17789 + "lcall *%%ss:(%%esi); cld\n\t"
17795 @@ -414,7 +491,8 @@ int pcibios_set_irq_routing(struct pci_d
17796 : "0" (PCIBIOS_SET_PCI_HW_INT),
17797 "b" ((dev->bus->number << 8) | dev->devfn),
17798 "c" ((irq << 8) | (pin + 10)),
17799 - "S" (&pci_indirect));
17800 + "S" (&pci_indirect),
17801 + "r" (__PCIBIOS_DS));
17802 return !(ret & 0xff00);
17804 EXPORT_SYMBOL(pcibios_set_irq_routing);
17805 diff -urNp linux-2.6.32.1/arch/x86/power/cpu.c linux-2.6.32.1/arch/x86/power/cpu.c
17806 --- linux-2.6.32.1/arch/x86/power/cpu.c 2009-12-02 22:51:21.000000000 -0500
17807 +++ linux-2.6.32.1/arch/x86/power/cpu.c 2009-12-14 18:33:51.865717511 -0500
17808 @@ -126,7 +126,7 @@ static void do_fpu_end(void)
17809 static void fix_processor_context(void)
17811 int cpu = smp_processor_id();
17812 - struct tss_struct *t = &per_cpu(init_tss, cpu);
17813 + struct tss_struct *t = init_tss + cpu;
17815 set_tss_desc(cpu, t); /*
17816 * This just modifies memory; should not be
17817 @@ -136,7 +136,9 @@ static void fix_processor_context(void)
17820 #ifdef CONFIG_X86_64
17821 + pax_open_kernel();
17822 get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
17823 + pax_close_kernel();
17825 syscall_init(); /* This sets MSR_*STAR and related */
17827 diff -urNp linux-2.6.32.1/arch/x86/vdso/Makefile linux-2.6.32.1/arch/x86/vdso/Makefile
17828 --- linux-2.6.32.1/arch/x86/vdso/Makefile 2009-12-02 22:51:21.000000000 -0500
17829 +++ linux-2.6.32.1/arch/x86/vdso/Makefile 2009-12-14 18:33:51.866722911 -0500
17830 @@ -122,7 +122,7 @@ quiet_cmd_vdso = VDSO $@
17831 $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
17832 -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^)
17834 -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
17835 +VDSO_LDFLAGS = -fPIC -shared --no-undefined $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
17839 diff -urNp linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c
17840 --- linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c 2009-12-02 22:51:21.000000000 -0500
17841 +++ linux-2.6.32.1/arch/x86/vdso/vclock_gettime.c 2009-12-14 18:33:51.866722911 -0500
17842 @@ -22,24 +22,48 @@
17843 #include <asm/hpet.h>
17844 #include <asm/unistd.h>
17845 #include <asm/io.h>
17846 +#include <asm/fixmap.h>
17847 #include "vextern.h"
17849 #define gtod vdso_vsyscall_gtod_data
17851 +notrace noinline long __vdso_fallback_time(long *t)
17854 + asm volatile("syscall"
17856 + : "0" (__NR_time),"D" (t) : "r11", "cx", "memory");
17860 notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
17863 asm("syscall" : "=a" (ret) :
17864 - "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory");
17865 + "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "r11", "cx", "memory");
17869 +notrace static inline cycle_t __vdso_vread_hpet(void)
17871 + return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + 0xf0);
17874 +notrace static inline cycle_t __vdso_vread_tsc(void)
17876 + cycle_t ret = (cycle_t)vget_cycles();
17878 + return ret >= gtod->clock.cycle_last ? ret : gtod->clock.cycle_last;
17881 notrace static inline long vgetns(void)
17884 - cycles_t (*vread)(void);
17885 - vread = gtod->clock.vread;
17886 - v = (vread() - gtod->clock.cycle_last) & gtod->clock.mask;
17887 + if (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])
17888 + v = __vdso_vread_tsc();
17890 + v = __vdso_vread_hpet();
17891 + v = (v - gtod->clock.cycle_last) & gtod->clock.mask;
17892 return (v * gtod->clock.mult) >> gtod->clock.shift;
17895 @@ -113,7 +137,9 @@ notrace static noinline int do_monotonic
17897 notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
17899 - if (likely(gtod->sysctl_enabled))
17900 + if (likely(gtod->sysctl_enabled &&
17901 + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
17902 + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
17904 case CLOCK_REALTIME:
17905 if (likely(gtod->clock.vread))
17906 @@ -133,10 +159,20 @@ notrace int __vdso_clock_gettime(clockid
17907 int clock_gettime(clockid_t, struct timespec *)
17908 __attribute__((weak, alias("__vdso_clock_gettime")));
17910 -notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
17911 +notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz)
17914 - if (likely(gtod->sysctl_enabled && gtod->clock.vread)) {
17915 + asm("syscall" : "=a" (ret) :
17916 + "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory");
17920 +notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
17922 + if (likely(gtod->sysctl_enabled &&
17923 + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
17924 + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
17926 if (likely(tv != NULL)) {
17927 BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
17928 offsetof(struct timespec, tv_nsec) ||
17929 @@ -151,9 +187,7 @@ notrace int __vdso_gettimeofday(struct t
17933 - asm("syscall" : "=a" (ret) :
17934 - "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
17936 + return __vdso_fallback_gettimeofday(tv, tz);
17938 int gettimeofday(struct timeval *, struct timezone *)
17939 __attribute__((weak, alias("__vdso_gettimeofday")));
17940 diff -urNp linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c
17941 --- linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c 2009-12-02 22:51:21.000000000 -0500
17942 +++ linux-2.6.32.1/arch/x86/vdso/vdso32-setup.c 2009-12-14 18:33:51.866722911 -0500
17944 #include <asm/tlbflush.h>
17945 #include <asm/vdso.h>
17946 #include <asm/proto.h>
17947 +#include <asm/mman.h>
17951 @@ -226,7 +227,7 @@ static inline void map_compat_vdso(int m
17952 void enable_sep_cpu(void)
17954 int cpu = get_cpu();
17955 - struct tss_struct *tss = &per_cpu(init_tss, cpu);
17956 + struct tss_struct *tss = init_tss + cpu;
17958 if (!boot_cpu_has(X86_FEATURE_SEP)) {
17960 @@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
17961 gate_vma.vm_start = FIXADDR_USER_START;
17962 gate_vma.vm_end = FIXADDR_USER_END;
17963 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
17964 - gate_vma.vm_page_prot = __P101;
17965 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
17967 * Make sure the vDSO gets into every core dump.
17968 * Dumping its contents makes post-mortem fully interpretable later
17969 @@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct l
17971 addr = VDSO_HIGH_BASE;
17973 - addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
17974 + addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE);
17975 if (IS_ERR_VALUE(addr)) {
17981 - current->mm->context.vdso = (void *)addr;
17982 + current->mm->context.vdso = addr;
17984 if (compat_uses_vma || !compat) {
17986 @@ -361,11 +362,11 @@ int arch_setup_additional_pages(struct l
17989 current_thread_info()->sysenter_return =
17990 - VDSO32_SYMBOL(addr, SYSENTER_RETURN);
17991 + (__force void __user *)VDSO32_SYMBOL(addr, SYSENTER_RETURN);
17995 - current->mm->context.vdso = NULL;
17996 + current->mm->context.vdso = 0;
17998 up_write(&mm->mmap_sem);
18000 @@ -388,7 +389,7 @@ static ctl_table abi_table2[] = {
18002 .proc_handler = proc_dointvec
18005 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
18008 static ctl_table abi_root_table2[] = {
18009 @@ -398,7 +399,7 @@ static ctl_table abi_root_table2[] = {
18011 .child = abi_table2
18014 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
18017 static __init int ia32_binfmt_init(void)
18018 @@ -413,8 +414,14 @@ __initcall(ia32_binfmt_init);
18020 const char *arch_vma_name(struct vm_area_struct *vma)
18022 - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
18023 + if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
18026 +#ifdef CONFIG_PAX_SEGMEXEC
18027 + if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
18034 @@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(stru
18035 struct mm_struct *mm = tsk->mm;
18037 /* Check to see if this task was created in compat vdso mode */
18038 - if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE)
18039 + if (mm && mm->context.vdso == VDSO_HIGH_BASE)
18043 diff -urNp linux-2.6.32.1/arch/x86/vdso/vdso.lds.S linux-2.6.32.1/arch/x86/vdso/vdso.lds.S
18044 --- linux-2.6.32.1/arch/x86/vdso/vdso.lds.S 2009-12-02 22:51:21.000000000 -0500
18045 +++ linux-2.6.32.1/arch/x86/vdso/vdso.lds.S 2009-12-14 18:33:51.866722911 -0500
18046 @@ -35,3 +35,9 @@ VDSO64_PRELINK = VDSO_PRELINK;
18047 #define VEXTERN(x) VDSO64_ ## x = vdso_ ## x;
18048 #include "vextern.h"
18051 +#define VEXTERN(x) VDSO64_ ## x = __vdso_ ## x;
18052 +VEXTERN(fallback_gettimeofday)
18053 +VEXTERN(fallback_time)
18056 diff -urNp linux-2.6.32.1/arch/x86/vdso/vextern.h linux-2.6.32.1/arch/x86/vdso/vextern.h
18057 --- linux-2.6.32.1/arch/x86/vdso/vextern.h 2009-12-02 22:51:21.000000000 -0500
18058 +++ linux-2.6.32.1/arch/x86/vdso/vextern.h 2009-12-14 18:33:51.867702060 -0500
18060 put into vextern.h and be referenced as a pointer with vdso prefix.
18061 The main kernel later fills in the values. */
18064 VEXTERN(vgetcpu_mode)
18065 VEXTERN(vsyscall_gtod_data)
18066 diff -urNp linux-2.6.32.1/arch/x86/vdso/vma.c linux-2.6.32.1/arch/x86/vdso/vma.c
18067 --- linux-2.6.32.1/arch/x86/vdso/vma.c 2009-12-02 22:51:21.000000000 -0500
18068 +++ linux-2.6.32.1/arch/x86/vdso/vma.c 2009-12-14 18:33:51.867702060 -0500
18069 @@ -57,7 +57,7 @@ static int __init init_vdso_vars(void)
18073 - if (memcmp(vbase, "\177ELF", 4)) {
18074 + if (memcmp(vbase, ELFMAG, SELFMAG)) {
18075 printk("VDSO: I'm broken; not ELF\n");
18078 @@ -66,6 +66,7 @@ static int __init init_vdso_vars(void)
18079 *(typeof(__ ## x) **) var_ref(VDSO64_SYMBOL(vbase, x), #x) = &__ ## x;
18080 #include "vextern.h"
18086 @@ -116,7 +117,7 @@ int arch_setup_additional_pages(struct l
18090 - current->mm->context.vdso = (void *)addr;
18091 + current->mm->context.vdso = addr;
18093 ret = install_special_mapping(mm, addr, vdso_size,
18095 @@ -124,7 +125,7 @@ int arch_setup_additional_pages(struct l
18099 - current->mm->context.vdso = NULL;
18100 + current->mm->context.vdso = 0;
18104 @@ -132,10 +133,3 @@ up_fail:
18105 up_write(&mm->mmap_sem);
18109 -static __init int vdso_setup(char *s)
18111 - vdso_enabled = simple_strtoul(s, NULL, 0);
18114 -__setup("vdso=", vdso_setup);
18115 diff -urNp linux-2.6.32.1/arch/x86/xen/enlighten.c linux-2.6.32.1/arch/x86/xen/enlighten.c
18116 --- linux-2.6.32.1/arch/x86/xen/enlighten.c 2009-12-02 22:51:21.000000000 -0500
18117 +++ linux-2.6.32.1/arch/x86/xen/enlighten.c 2009-12-14 18:33:51.867702060 -0500
18118 @@ -70,8 +70,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
18120 struct shared_info xen_dummy_shared_info;
18122 -void *xen_initial_gdt;
18125 * Point at some empty memory to start with. We map the real shared_info
18126 * page as soon as fixmap is up and running.
18127 @@ -548,7 +546,7 @@ static void xen_write_idt_entry(gate_des
18131 - start = __get_cpu_var(idt_desc).address;
18132 + start = (unsigned long)__get_cpu_var(idt_desc).address;
18133 end = start + __get_cpu_var(idt_desc).size + 1;
18136 @@ -1127,13 +1125,6 @@ asmlinkage void __init xen_start_kernel(
18138 machine_ops = xen_machine_ops;
18141 - * The only reliable way to retain the initial address of the
18142 - * percpu gdt_page is to remember it here, so we can go and
18143 - * mark it RW later, when the initial percpu area is freed.
18145 - xen_initial_gdt = &per_cpu(gdt_page, 0);
18149 pgd = (pgd_t *)xen_start_info->pt_base;
18150 diff -urNp linux-2.6.32.1/arch/x86/xen/mmu.c linux-2.6.32.1/arch/x86/xen/mmu.c
18151 --- linux-2.6.32.1/arch/x86/xen/mmu.c 2009-12-02 22:51:21.000000000 -0500
18152 +++ linux-2.6.32.1/arch/x86/xen/mmu.c 2009-12-14 18:33:51.868718427 -0500
18153 @@ -1710,6 +1710,8 @@ __init pgd_t *xen_setup_kernel_pagetable
18154 convert_pfn_mfn(init_level4_pgt);
18155 convert_pfn_mfn(level3_ident_pgt);
18156 convert_pfn_mfn(level3_kernel_pgt);
18157 + convert_pfn_mfn(level3_vmalloc_pgt);
18158 + convert_pfn_mfn(level3_vmemmap_pgt);
18160 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
18161 l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
18162 @@ -1728,7 +1730,10 @@ __init pgd_t *xen_setup_kernel_pagetable
18163 set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
18164 set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
18165 set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
18166 + set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO);
18167 + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
18168 set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
18169 + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
18170 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
18171 set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
18173 diff -urNp linux-2.6.32.1/arch/x86/xen/smp.c linux-2.6.32.1/arch/x86/xen/smp.c
18174 --- linux-2.6.32.1/arch/x86/xen/smp.c 2009-12-02 22:51:21.000000000 -0500
18175 +++ linux-2.6.32.1/arch/x86/xen/smp.c 2009-12-14 18:33:51.868718427 -0500
18176 @@ -167,11 +167,6 @@ static void __init xen_smp_prepare_boot_
18178 BUG_ON(smp_processor_id() != 0);
18179 native_smp_prepare_boot_cpu();
18181 - /* We've switched to the "real" per-cpu gdt, so make sure the
18182 - old memory can be recycled */
18183 - make_lowmem_page_readwrite(xen_initial_gdt);
18185 xen_setup_vcpu_info_placement();
18188 @@ -231,8 +226,8 @@ cpu_initialize_context(unsigned int cpu,
18189 gdt = get_cpu_gdt_table(cpu);
18191 ctxt->flags = VGCF_IN_KERNEL;
18192 - ctxt->user_regs.ds = __USER_DS;
18193 - ctxt->user_regs.es = __USER_DS;
18194 + ctxt->user_regs.ds = __KERNEL_DS;
18195 + ctxt->user_regs.es = __KERNEL_DS;
18196 ctxt->user_regs.ss = __KERNEL_DS;
18197 #ifdef CONFIG_X86_32
18198 ctxt->user_regs.fs = __KERNEL_PERCPU;
18199 diff -urNp linux-2.6.32.1/arch/x86/xen/xen-ops.h linux-2.6.32.1/arch/x86/xen/xen-ops.h
18200 --- linux-2.6.32.1/arch/x86/xen/xen-ops.h 2009-12-02 22:51:21.000000000 -0500
18201 +++ linux-2.6.32.1/arch/x86/xen/xen-ops.h 2009-12-14 18:33:51.868718427 -0500
18203 extern const char xen_hypervisor_callback[];
18204 extern const char xen_failsafe_callback[];
18206 -extern void *xen_initial_gdt;
18209 void xen_copy_trap_info(struct trap_info *traps);
18211 diff -urNp linux-2.6.32.1/arch/xtensa/include/asm/atomic.h linux-2.6.32.1/arch/xtensa/include/asm/atomic.h
18212 --- linux-2.6.32.1/arch/xtensa/include/asm/atomic.h 2009-12-02 22:51:21.000000000 -0500
18213 +++ linux-2.6.32.1/arch/xtensa/include/asm/atomic.h 2009-12-14 18:33:51.869718599 -0500
18215 #define atomic_read(v) ((v)->counter)
18218 + * atomic_read_unchecked - read atomic variable
18219 + * @v: pointer of type atomic_unchecked_t
18221 + * Atomically reads the value of @v.
18223 +#define atomic_read_unchecked(v) ((v)->counter)
18226 * atomic_set - set atomic variable
18227 * @v: pointer of type atomic_t
18228 * @i: required value
18230 #define atomic_set(v,i) ((v)->counter = (i))
18233 + * atomic_set_unchecked - set atomic variable
18234 + * @v: pointer of type atomic_unchecked_t
18235 + * @i: required value
18237 + * Atomically sets the value of @v to @i.
18239 +#define atomic_set_unchecked(v,i) ((v)->counter = (i))
18242 * atomic_add - add integer to atomic variable
18243 * @i: integer value to add
18244 * @v: pointer of type atomic_t
18245 @@ -81,6 +98,11 @@ static inline void atomic_add(int i, ato
18249 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t * v)
18251 + atomic_add(i, (atomic_t *)v);
18255 * atomic_sub - subtract the atomic variable
18256 * @i: integer value to subtract
18257 @@ -105,6 +127,11 @@ static inline void atomic_sub(int i, ato
18261 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
18263 + atomic_sub(i, (atomic_t *)v);
18267 * We use atomic_{add|sub}_return to define other functions.
18269 @@ -165,6 +192,7 @@ static inline int atomic_sub_return(int
18270 * Atomically increments @v by 1.
18272 #define atomic_inc(v) atomic_add(1,(v))
18273 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1,(v))
18276 * atomic_inc - increment atomic variable
18277 diff -urNp linux-2.6.32.1/block/blk-integrity.c linux-2.6.32.1/block/blk-integrity.c
18278 --- linux-2.6.32.1/block/blk-integrity.c 2009-12-02 22:51:21.000000000 -0500
18279 +++ linux-2.6.32.1/block/blk-integrity.c 2009-12-14 18:33:51.869718599 -0500
18280 @@ -278,7 +278,7 @@ static struct attribute *integrity_attrs
18284 -static struct sysfs_ops integrity_ops = {
18285 +static const struct sysfs_ops integrity_ops = {
18286 .show = &integrity_attr_show,
18287 .store = &integrity_attr_store,
18289 diff -urNp linux-2.6.32.1/block/blk-map.c linux-2.6.32.1/block/blk-map.c
18290 --- linux-2.6.32.1/block/blk-map.c 2009-12-02 22:51:21.000000000 -0500
18291 +++ linux-2.6.32.1/block/blk-map.c 2009-12-14 18:33:51.869718599 -0500
18292 @@ -54,7 +54,7 @@ static int __blk_rq_map_user(struct requ
18293 * direct dma. else, set up kernel bounce buffers
18295 uaddr = (unsigned long) ubuf;
18296 - if (blk_rq_aligned(q, ubuf, len) && !map_data)
18297 + if (blk_rq_aligned(q, (__force void *)ubuf, len) && !map_data)
18298 bio = bio_map_user(q, NULL, uaddr, len, reading, gfp_mask);
18300 bio = bio_copy_user(q, map_data, uaddr, len, reading, gfp_mask);
18301 @@ -297,7 +297,7 @@ int blk_rq_map_kern(struct request_queue
18305 - do_copy = !blk_rq_aligned(q, kbuf, len) || object_is_on_stack(kbuf);
18306 + do_copy = !blk_rq_aligned(q, kbuf, len) || object_starts_on_stack(kbuf);
18308 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
18310 diff -urNp linux-2.6.32.1/block/blk-sysfs.c linux-2.6.32.1/block/blk-sysfs.c
18311 --- linux-2.6.32.1/block/blk-sysfs.c 2009-12-02 22:51:21.000000000 -0500
18312 +++ linux-2.6.32.1/block/blk-sysfs.c 2009-12-14 18:33:51.870723177 -0500
18313 @@ -414,7 +414,7 @@ static void blk_release_queue(struct kob
18314 kmem_cache_free(blk_requestq_cachep, q);
18317 -static struct sysfs_ops queue_sysfs_ops = {
18318 +static const struct sysfs_ops queue_sysfs_ops = {
18319 .show = queue_attr_show,
18320 .store = queue_attr_store,
18322 diff -urNp linux-2.6.32.1/block/elevator.c linux-2.6.32.1/block/elevator.c
18323 --- linux-2.6.32.1/block/elevator.c 2009-12-02 22:51:21.000000000 -0500
18324 +++ linux-2.6.32.1/block/elevator.c 2009-12-14 18:33:51.870723177 -0500
18325 @@ -889,7 +889,7 @@ elv_attr_store(struct kobject *kobj, str
18329 -static struct sysfs_ops elv_sysfs_ops = {
18330 +static const struct sysfs_ops elv_sysfs_ops = {
18331 .show = elv_attr_show,
18332 .store = elv_attr_store,
18334 diff -urNp linux-2.6.32.1/crypto/lrw.c linux-2.6.32.1/crypto/lrw.c
18335 --- linux-2.6.32.1/crypto/lrw.c 2009-12-02 22:51:21.000000000 -0500
18336 +++ linux-2.6.32.1/crypto/lrw.c 2009-12-14 18:33:51.870723177 -0500
18337 @@ -60,7 +60,7 @@ static int setkey(struct crypto_tfm *par
18338 struct priv *ctx = crypto_tfm_ctx(parent);
18339 struct crypto_cipher *child = ctx->child;
18341 - be128 tmp = { 0 };
18342 + be128 tmp = { 0, 0 };
18343 int bsize = crypto_cipher_blocksize(child);
18345 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
18346 diff -urNp linux-2.6.32.1/Documentation/dontdiff linux-2.6.32.1/Documentation/dontdiff
18347 --- linux-2.6.32.1/Documentation/dontdiff 2009-12-02 22:51:21.000000000 -0500
18348 +++ linux-2.6.32.1/Documentation/dontdiff 2009-12-14 18:33:51.870723177 -0500
18365 @@ -49,11 +51,16 @@
18382 @@ -76,7 +83,9 @@ btfixupprep
18392 @@ -103,13 +112,14 @@ gen_crc32table
18399 initramfs_data.cpio
18400 +initramfs_data.cpio.bz2
18401 initramfs_data.cpio.gz
18408 @@ -133,7 +143,9 @@ mkboot
18418 @@ -149,6 +161,7 @@ patches*
18426 @@ -163,6 +176,7 @@ setup
18434 @@ -186,14 +200,20 @@ version.h*
18455 diff -urNp linux-2.6.32.1/Documentation/kernel-parameters.txt linux-2.6.32.1/Documentation/kernel-parameters.txt
18456 --- linux-2.6.32.1/Documentation/kernel-parameters.txt 2009-12-02 22:51:21.000000000 -0500
18457 +++ linux-2.6.32.1/Documentation/kernel-parameters.txt 2009-12-14 18:33:51.895721525 -0500
18458 @@ -1833,6 +1833,12 @@ and is between 256 and 4096 characters.
18459 the specified number of seconds. This is to be used if
18460 your oopses keep scrolling off the screen.
18462 + pax_nouderef [X86-32] disables UDEREF. Most likely needed under certain
18463 + virtualization environments that don't cope well with the
18464 + expand down segment used by UDEREF on X86-32.
18466 + pax_softmode= [X86-32] 0/1 to disable/enable PaX softmode on boot already.
18471 diff -urNp linux-2.6.32.1/drivers/acpi/battery.c linux-2.6.32.1/drivers/acpi/battery.c
18472 --- linux-2.6.32.1/drivers/acpi/battery.c 2009-12-02 22:51:21.000000000 -0500
18473 +++ linux-2.6.32.1/drivers/acpi/battery.c 2009-12-14 18:33:51.922822435 -0500
18474 @@ -763,7 +763,7 @@ DECLARE_FILE_FUNCTIONS(alarm);
18477 static struct battery_file {
18478 - struct file_operations ops;
18479 + const struct file_operations ops;
18482 } acpi_battery_file[] = {
18483 diff -urNp linux-2.6.32.1/drivers/acpi/blacklist.c linux-2.6.32.1/drivers/acpi/blacklist.c
18484 --- linux-2.6.32.1/drivers/acpi/blacklist.c 2009-12-02 22:51:21.000000000 -0500
18485 +++ linux-2.6.32.1/drivers/acpi/blacklist.c 2009-12-14 18:33:51.932727870 -0500
18486 @@ -73,7 +73,7 @@ static struct acpi_blacklist_item acpi_b
18487 {"IBM ", "TP600E ", 0x00000105, ACPI_SIG_DSDT, less_than_or_equal,
18488 "Incorrect _ADR", 1},
18491 + {"", "", 0, NULL, all_versions, NULL, 0}
18494 #if CONFIG_ACPI_BLACKLIST_YEAR
18495 diff -urNp linux-2.6.32.1/drivers/acpi/dock.c linux-2.6.32.1/drivers/acpi/dock.c
18496 --- linux-2.6.32.1/drivers/acpi/dock.c 2009-12-02 22:51:21.000000000 -0500
18497 +++ linux-2.6.32.1/drivers/acpi/dock.c 2009-12-14 18:33:51.940740929 -0500
18498 @@ -77,7 +77,7 @@ struct dock_dependent_device {
18499 struct list_head list;
18500 struct list_head hotplug_list;
18501 acpi_handle handle;
18502 - struct acpi_dock_ops *ops;
18503 + const struct acpi_dock_ops *ops;
18507 @@ -605,7 +605,7 @@ EXPORT_SYMBOL_GPL(unregister_dock_notifi
18508 * the dock driver after _DCK is executed.
18511 -register_hotplug_dock_device(acpi_handle handle, struct acpi_dock_ops *ops,
18512 +register_hotplug_dock_device(acpi_handle handle, const struct acpi_dock_ops *ops,
18515 struct dock_dependent_device *dd;
18516 diff -urNp linux-2.6.32.1/drivers/acpi/osl.c linux-2.6.32.1/drivers/acpi/osl.c
18517 --- linux-2.6.32.1/drivers/acpi/osl.c 2009-12-02 22:51:21.000000000 -0500
18518 +++ linux-2.6.32.1/drivers/acpi/osl.c 2009-12-14 18:33:51.941733597 -0500
18519 @@ -523,6 +523,8 @@ acpi_os_read_memory(acpi_physical_addres
18520 void __iomem *virt_addr;
18522 virt_addr = ioremap(phys_addr, width);
18524 + return AE_NO_MEMORY;
18528 @@ -551,6 +553,8 @@ acpi_os_write_memory(acpi_physical_addre
18529 void __iomem *virt_addr;
18531 virt_addr = ioremap(phys_addr, width);
18533 + return AE_NO_MEMORY;
18537 diff -urNp linux-2.6.32.1/drivers/acpi/processor_core.c linux-2.6.32.1/drivers/acpi/processor_core.c
18538 --- linux-2.6.32.1/drivers/acpi/processor_core.c 2009-12-02 22:51:21.000000000 -0500
18539 +++ linux-2.6.32.1/drivers/acpi/processor_core.c 2009-12-14 18:33:51.952727517 -0500
18540 @@ -796,7 +796,7 @@ static int __cpuinit acpi_processor_add(
18544 - BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0));
18545 + BUG_ON(pr->id >= nr_cpu_ids);
18549 diff -urNp linux-2.6.32.1/drivers/acpi/processor_idle.c linux-2.6.32.1/drivers/acpi/processor_idle.c
18550 --- linux-2.6.32.1/drivers/acpi/processor_idle.c 2009-12-02 22:51:21.000000000 -0500
18551 +++ linux-2.6.32.1/drivers/acpi/processor_idle.c 2009-12-14 18:33:51.999788867 -0500
18552 @@ -110,7 +110,7 @@ static struct dmi_system_id __cpuinitdat
18553 DMI_MATCH(DMI_BIOS_VENDOR,"Phoenix Technologies LTD"),
18554 DMI_MATCH(DMI_BIOS_VERSION,"SHE845M0.86C.0013.D.0302131307")},
18557 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL},
18561 diff -urNp linux-2.6.32.1/drivers/acpi/sleep.c linux-2.6.32.1/drivers/acpi/sleep.c
18562 --- linux-2.6.32.1/drivers/acpi/sleep.c 2009-12-02 22:51:21.000000000 -0500
18563 +++ linux-2.6.32.1/drivers/acpi/sleep.c 2009-12-14 18:33:52.051735935 -0500
18564 @@ -297,7 +297,7 @@ static int acpi_suspend_state_valid(susp
18568 -static struct platform_suspend_ops acpi_suspend_ops = {
18569 +static const struct platform_suspend_ops acpi_suspend_ops = {
18570 .valid = acpi_suspend_state_valid,
18571 .begin = acpi_suspend_begin,
18572 .prepare_late = acpi_pm_prepare,
18573 @@ -325,7 +325,7 @@ static int acpi_suspend_begin_old(suspen
18574 * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has
18577 -static struct platform_suspend_ops acpi_suspend_ops_old = {
18578 +static const struct platform_suspend_ops acpi_suspend_ops_old = {
18579 .valid = acpi_suspend_state_valid,
18580 .begin = acpi_suspend_begin_old,
18581 .prepare_late = acpi_pm_disable_gpes,
18582 @@ -552,7 +552,7 @@ static void acpi_pm_enable_gpes(void)
18583 acpi_enable_all_runtime_gpes();
18586 -static struct platform_hibernation_ops acpi_hibernation_ops = {
18587 +static const struct platform_hibernation_ops acpi_hibernation_ops = {
18588 .begin = acpi_hibernation_begin,
18589 .end = acpi_pm_end,
18590 .pre_snapshot = acpi_hibernation_pre_snapshot,
18591 @@ -605,7 +605,7 @@ static int acpi_hibernation_pre_snapshot
18592 * The following callbacks are used if the pre-ACPI 2.0 suspend ordering has
18595 -static struct platform_hibernation_ops acpi_hibernation_ops_old = {
18596 +static const struct platform_hibernation_ops acpi_hibernation_ops_old = {
18597 .begin = acpi_hibernation_begin_old,
18598 .end = acpi_pm_end,
18599 .pre_snapshot = acpi_hibernation_pre_snapshot_old,
18600 diff -urNp linux-2.6.32.1/drivers/acpi/video.c linux-2.6.32.1/drivers/acpi/video.c
18601 --- linux-2.6.32.1/drivers/acpi/video.c 2009-12-02 22:51:21.000000000 -0500
18602 +++ linux-2.6.32.1/drivers/acpi/video.c 2009-12-14 18:33:52.083741050 -0500
18603 @@ -359,7 +359,7 @@ static int acpi_video_set_brightness(str
18604 vd->brightness->levels[request_level]);
18607 -static struct backlight_ops acpi_backlight_ops = {
18608 +static const struct backlight_ops acpi_backlight_ops = {
18609 .get_brightness = acpi_video_get_brightness,
18610 .update_status = acpi_video_set_brightness,
18612 diff -urNp linux-2.6.32.1/drivers/ata/ahci.c linux-2.6.32.1/drivers/ata/ahci.c
18613 --- linux-2.6.32.1/drivers/ata/ahci.c 2009-12-02 22:51:21.000000000 -0500
18614 +++ linux-2.6.32.1/drivers/ata/ahci.c 2009-12-14 18:33:52.113752354 -0500
18615 @@ -385,7 +385,7 @@ static struct scsi_host_template ahci_sh
18616 .sdev_attrs = ahci_sdev_attrs,
18619 -static struct ata_port_operations ahci_ops = {
18620 +static const struct ata_port_operations ahci_ops = {
18621 .inherits = &sata_pmp_port_ops,
18623 .qc_defer = sata_pmp_qc_defer_cmd_switch,
18624 @@ -422,17 +422,17 @@ static struct ata_port_operations ahci_o
18625 .port_stop = ahci_port_stop,
18628 -static struct ata_port_operations ahci_vt8251_ops = {
18629 +static const struct ata_port_operations ahci_vt8251_ops = {
18630 .inherits = &ahci_ops,
18631 .hardreset = ahci_vt8251_hardreset,
18634 -static struct ata_port_operations ahci_p5wdh_ops = {
18635 +static const struct ata_port_operations ahci_p5wdh_ops = {
18636 .inherits = &ahci_ops,
18637 .hardreset = ahci_p5wdh_hardreset,
18640 -static struct ata_port_operations ahci_sb600_ops = {
18641 +static const struct ata_port_operations ahci_sb600_ops = {
18642 .inherits = &ahci_ops,
18643 .softreset = ahci_sb600_softreset,
18644 .pmp_softreset = ahci_sb600_softreset,
18645 @@ -671,7 +671,7 @@ static const struct pci_device_id ahci_p
18646 { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
18647 PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci },
18649 - { } /* terminate list */
18650 + { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
18654 diff -urNp linux-2.6.32.1/drivers/ata/ata_generic.c linux-2.6.32.1/drivers/ata/ata_generic.c
18655 --- linux-2.6.32.1/drivers/ata/ata_generic.c 2009-12-02 22:51:21.000000000 -0500
18656 +++ linux-2.6.32.1/drivers/ata/ata_generic.c 2009-12-14 18:33:52.134785743 -0500
18657 @@ -95,7 +95,7 @@ static struct scsi_host_template generic
18658 ATA_BMDMA_SHT(DRV_NAME),
18661 -static struct ata_port_operations generic_port_ops = {
18662 +static const struct ata_port_operations generic_port_ops = {
18663 .inherits = &ata_bmdma_port_ops,
18664 .cable_detect = ata_cable_unknown,
18665 .set_mode = generic_set_mode,
18666 diff -urNp linux-2.6.32.1/drivers/ata/ata_piix.c linux-2.6.32.1/drivers/ata/ata_piix.c
18667 --- linux-2.6.32.1/drivers/ata/ata_piix.c 2009-12-02 22:51:21.000000000 -0500
18668 +++ linux-2.6.32.1/drivers/ata/ata_piix.c 2009-12-14 18:33:52.151742687 -0500
18669 @@ -291,7 +291,7 @@ static const struct pci_device_id piix_p
18670 { 0x8086, 0x3b2d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
18671 /* SATA Controller IDE (PCH) */
18672 { 0x8086, 0x3b2e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata },
18673 - { } /* terminate list */
18674 + { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
18677 static struct pci_driver piix_pci_driver = {
18678 @@ -309,7 +309,7 @@ static struct scsi_host_template piix_sh
18679 ATA_BMDMA_SHT(DRV_NAME),
18682 -static struct ata_port_operations piix_pata_ops = {
18683 +static const struct ata_port_operations piix_pata_ops = {
18684 .inherits = &ata_bmdma32_port_ops,
18685 .cable_detect = ata_cable_40wire,
18686 .set_piomode = piix_set_piomode,
18687 @@ -317,22 +317,22 @@ static struct ata_port_operations piix_p
18688 .prereset = piix_pata_prereset,
18691 -static struct ata_port_operations piix_vmw_ops = {
18692 +static const struct ata_port_operations piix_vmw_ops = {
18693 .inherits = &piix_pata_ops,
18694 .bmdma_status = piix_vmw_bmdma_status,
18697 -static struct ata_port_operations ich_pata_ops = {
18698 +static const struct ata_port_operations ich_pata_ops = {
18699 .inherits = &piix_pata_ops,
18700 .cable_detect = ich_pata_cable_detect,
18701 .set_dmamode = ich_set_dmamode,
18704 -static struct ata_port_operations piix_sata_ops = {
18705 +static const struct ata_port_operations piix_sata_ops = {
18706 .inherits = &ata_bmdma_port_ops,
18709 -static struct ata_port_operations piix_sidpr_sata_ops = {
18710 +static const struct ata_port_operations piix_sidpr_sata_ops = {
18711 .inherits = &piix_sata_ops,
18712 .hardreset = sata_std_hardreset,
18713 .scr_read = piix_sidpr_scr_read,
18714 @@ -608,7 +608,7 @@ static const struct ich_laptop ich_lapto
18715 { 0x2653, 0x1043, 0x82D8 }, /* ICH6M on Asus Eee 701 */
18716 { 0x27df, 0x104d, 0x900e }, /* ICH7 on Sony TZ-90 */
18723 @@ -1086,7 +1086,7 @@ static int piix_broken_suspend(void)
18727 - { } /* terminate list */
18728 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } /* terminate list */
18730 static const char *oemstrs[] = {
18732 diff -urNp linux-2.6.32.1/drivers/ata/libata-acpi.c linux-2.6.32.1/drivers/ata/libata-acpi.c
18733 --- linux-2.6.32.1/drivers/ata/libata-acpi.c 2009-12-02 22:51:21.000000000 -0500
18734 +++ linux-2.6.32.1/drivers/ata/libata-acpi.c 2009-12-14 18:33:52.171749832 -0500
18735 @@ -223,12 +223,12 @@ static void ata_acpi_dev_uevent(acpi_han
18736 ata_acpi_uevent(dev->link->ap, dev, event);
18739 -static struct acpi_dock_ops ata_acpi_dev_dock_ops = {
18740 +static const struct acpi_dock_ops ata_acpi_dev_dock_ops = {
18741 .handler = ata_acpi_dev_notify_dock,
18742 .uevent = ata_acpi_dev_uevent,
18745 -static struct acpi_dock_ops ata_acpi_ap_dock_ops = {
18746 +static const struct acpi_dock_ops ata_acpi_ap_dock_ops = {
18747 .handler = ata_acpi_ap_notify_dock,
18748 .uevent = ata_acpi_ap_uevent,
18750 diff -urNp linux-2.6.32.1/drivers/ata/libata-core.c linux-2.6.32.1/drivers/ata/libata-core.c
18751 --- linux-2.6.32.1/drivers/ata/libata-core.c 2009-12-02 22:51:21.000000000 -0500
18752 +++ linux-2.6.32.1/drivers/ata/libata-core.c 2009-12-14 18:33:52.206710619 -0500
18753 @@ -896,7 +896,7 @@ static const struct ata_xfer_ent {
18754 { ATA_SHIFT_PIO, ATA_NR_PIO_MODES, XFER_PIO_0 },
18755 { ATA_SHIFT_MWDMA, ATA_NR_MWDMA_MODES, XFER_MW_DMA_0 },
18756 { ATA_SHIFT_UDMA, ATA_NR_UDMA_MODES, XFER_UDMA_0 },
18762 @@ -3163,7 +3163,7 @@ static const struct ata_timing ata_timin
18763 { XFER_UDMA_5, 0, 0, 0, 0, 0, 0, 0, 0, 20 },
18764 { XFER_UDMA_6, 0, 0, 0, 0, 0, 0, 0, 0, 15 },
18767 + { 0xFF, 0, 0, 0, 0, 0, 0, 0, 0 }
18770 #define ENOUGH(v, unit) (((v)-1)/(unit)+1)
18771 @@ -4361,7 +4361,7 @@ static const struct ata_blacklist_entry
18772 { "PIONEER DVD-RW DVRTD08", "1.00", ATA_HORKAGE_NOSETXFER },
18776 + { NULL, NULL, 0 }
18779 static int strn_pattern_cmp(const char *patt, const char *name, int wildchar)
18780 @@ -5937,7 +5937,7 @@ static void ata_host_stop(struct device
18784 -static void ata_finalize_port_ops(struct ata_port_operations *ops)
18785 +static void ata_finalize_port_ops(const struct ata_port_operations *ops)
18787 static DEFINE_SPINLOCK(lock);
18788 const struct ata_port_operations *cur;
18789 @@ -5949,6 +5949,7 @@ static void ata_finalize_port_ops(struct
18793 + pax_open_kernel();
18795 for (cur = ops->inherits; cur; cur = cur->inherits) {
18796 void **inherit = (void **)cur;
18797 @@ -5962,8 +5963,9 @@ static void ata_finalize_port_ops(struct
18801 - ops->inherits = NULL;
18802 + ((struct ata_port_operations *)ops)->inherits = NULL;
18804 + pax_close_kernel();
18805 spin_unlock(&lock);
18808 @@ -6060,7 +6062,7 @@ int ata_host_start(struct ata_host *host
18810 /* KILLME - the only user left is ipr */
18811 void ata_host_init(struct ata_host *host, struct device *dev,
18812 - unsigned long flags, struct ata_port_operations *ops)
18813 + unsigned long flags, const struct ata_port_operations *ops)
18815 spin_lock_init(&host->lock);
18817 @@ -6723,7 +6725,7 @@ static void ata_dummy_error_handler(stru
18821 -struct ata_port_operations ata_dummy_port_ops = {
18822 +const struct ata_port_operations ata_dummy_port_ops = {
18823 .qc_prep = ata_noop_qc_prep,
18824 .qc_issue = ata_dummy_qc_issue,
18825 .error_handler = ata_dummy_error_handler,
18826 diff -urNp linux-2.6.32.1/drivers/ata/libata-eh.c linux-2.6.32.1/drivers/ata/libata-eh.c
18827 --- linux-2.6.32.1/drivers/ata/libata-eh.c 2009-12-02 22:51:21.000000000 -0500
18828 +++ linux-2.6.32.1/drivers/ata/libata-eh.c 2009-12-14 18:33:52.227756101 -0500
18829 @@ -3580,7 +3580,7 @@ void ata_do_eh(struct ata_port *ap, ata_
18831 void ata_std_error_handler(struct ata_port *ap)
18833 - struct ata_port_operations *ops = ap->ops;
18834 + const struct ata_port_operations *ops = ap->ops;
18835 ata_reset_fn_t hardreset = ops->hardreset;
18837 /* ignore built-in hardreset if SCR access is not available */
18838 diff -urNp linux-2.6.32.1/drivers/ata/libata-pmp.c linux-2.6.32.1/drivers/ata/libata-pmp.c
18839 --- linux-2.6.32.1/drivers/ata/libata-pmp.c 2009-12-02 22:51:21.000000000 -0500
18840 +++ linux-2.6.32.1/drivers/ata/libata-pmp.c 2009-12-14 18:33:52.228753266 -0500
18841 @@ -841,7 +841,7 @@ static int sata_pmp_handle_link_fail(str
18843 static int sata_pmp_eh_recover(struct ata_port *ap)
18845 - struct ata_port_operations *ops = ap->ops;
18846 + const struct ata_port_operations *ops = ap->ops;
18847 int pmp_tries, link_tries[SATA_PMP_MAX_PORTS];
18848 struct ata_link *pmp_link = &ap->link;
18849 struct ata_device *pmp_dev = pmp_link->device;
18850 diff -urNp linux-2.6.32.1/drivers/ata/pata_acpi.c linux-2.6.32.1/drivers/ata/pata_acpi.c
18851 --- linux-2.6.32.1/drivers/ata/pata_acpi.c 2009-12-02 22:51:21.000000000 -0500
18852 +++ linux-2.6.32.1/drivers/ata/pata_acpi.c 2009-12-14 18:33:52.229715215 -0500
18853 @@ -215,7 +215,7 @@ static struct scsi_host_template pacpi_s
18854 ATA_BMDMA_SHT(DRV_NAME),
18857 -static struct ata_port_operations pacpi_ops = {
18858 +static const struct ata_port_operations pacpi_ops = {
18859 .inherits = &ata_bmdma_port_ops,
18860 .qc_issue = pacpi_qc_issue,
18861 .cable_detect = pacpi_cable_detect,
18862 diff -urNp linux-2.6.32.1/drivers/ata/pata_ali.c linux-2.6.32.1/drivers/ata/pata_ali.c
18863 --- linux-2.6.32.1/drivers/ata/pata_ali.c 2009-12-02 22:51:21.000000000 -0500
18864 +++ linux-2.6.32.1/drivers/ata/pata_ali.c 2009-12-14 18:33:52.231780997 -0500
18865 @@ -365,7 +365,7 @@ static struct scsi_host_template ali_sht
18866 * Port operations for PIO only ALi
18869 -static struct ata_port_operations ali_early_port_ops = {
18870 +static const struct ata_port_operations ali_early_port_ops = {
18871 .inherits = &ata_sff_port_ops,
18872 .cable_detect = ata_cable_40wire,
18873 .set_piomode = ali_set_piomode,
18874 @@ -382,7 +382,7 @@ static const struct ata_port_operations
18875 * Port operations for DMA capable ALi without cable
18878 -static struct ata_port_operations ali_20_port_ops = {
18879 +static const struct ata_port_operations ali_20_port_ops = {
18880 .inherits = &ali_dma_base_ops,
18881 .cable_detect = ata_cable_40wire,
18882 .mode_filter = ali_20_filter,
18883 @@ -393,7 +393,7 @@ static struct ata_port_operations ali_20
18885 * Port operations for DMA capable ALi with cable detect
18887 -static struct ata_port_operations ali_c2_port_ops = {
18888 +static const struct ata_port_operations ali_c2_port_ops = {
18889 .inherits = &ali_dma_base_ops,
18890 .check_atapi_dma = ali_check_atapi_dma,
18891 .cable_detect = ali_c2_cable_detect,
18892 @@ -404,7 +404,7 @@ static struct ata_port_operations ali_c2
18894 * Port operations for DMA capable ALi with cable detect
18896 -static struct ata_port_operations ali_c4_port_ops = {
18897 +static const struct ata_port_operations ali_c4_port_ops = {
18898 .inherits = &ali_dma_base_ops,
18899 .check_atapi_dma = ali_check_atapi_dma,
18900 .cable_detect = ali_c2_cable_detect,
18901 @@ -414,7 +414,7 @@ static struct ata_port_operations ali_c4
18903 * Port operations for DMA capable ALi with cable detect and LBA48
18905 -static struct ata_port_operations ali_c5_port_ops = {
18906 +static const struct ata_port_operations ali_c5_port_ops = {
18907 .inherits = &ali_dma_base_ops,
18908 .check_atapi_dma = ali_check_atapi_dma,
18909 .dev_config = ali_warn_atapi_dma,
18910 diff -urNp linux-2.6.32.1/drivers/ata/pata_amd.c linux-2.6.32.1/drivers/ata/pata_amd.c
18911 --- linux-2.6.32.1/drivers/ata/pata_amd.c 2009-12-02 22:51:21.000000000 -0500
18912 +++ linux-2.6.32.1/drivers/ata/pata_amd.c 2009-12-14 18:33:52.233757048 -0500
18913 @@ -397,28 +397,28 @@ static const struct ata_port_operations
18914 .prereset = amd_pre_reset,
18917 -static struct ata_port_operations amd33_port_ops = {
18918 +static const struct ata_port_operations amd33_port_ops = {
18919 .inherits = &amd_base_port_ops,
18920 .cable_detect = ata_cable_40wire,
18921 .set_piomode = amd33_set_piomode,
18922 .set_dmamode = amd33_set_dmamode,
18925 -static struct ata_port_operations amd66_port_ops = {
18926 +static const struct ata_port_operations amd66_port_ops = {
18927 .inherits = &amd_base_port_ops,
18928 .cable_detect = ata_cable_unknown,
18929 .set_piomode = amd66_set_piomode,
18930 .set_dmamode = amd66_set_dmamode,
18933 -static struct ata_port_operations amd100_port_ops = {
18934 +static const struct ata_port_operations amd100_port_ops = {
18935 .inherits = &amd_base_port_ops,
18936 .cable_detect = ata_cable_unknown,
18937 .set_piomode = amd100_set_piomode,
18938 .set_dmamode = amd100_set_dmamode,
18941 -static struct ata_port_operations amd133_port_ops = {
18942 +static const struct ata_port_operations amd133_port_ops = {
18943 .inherits = &amd_base_port_ops,
18944 .cable_detect = amd_cable_detect,
18945 .set_piomode = amd133_set_piomode,
18946 @@ -433,13 +433,13 @@ static const struct ata_port_operations
18947 .host_stop = nv_host_stop,
18950 -static struct ata_port_operations nv100_port_ops = {
18951 +static const struct ata_port_operations nv100_port_ops = {
18952 .inherits = &nv_base_port_ops,
18953 .set_piomode = nv100_set_piomode,
18954 .set_dmamode = nv100_set_dmamode,
18957 -static struct ata_port_operations nv133_port_ops = {
18958 +static const struct ata_port_operations nv133_port_ops = {
18959 .inherits = &nv_base_port_ops,
18960 .set_piomode = nv133_set_piomode,
18961 .set_dmamode = nv133_set_dmamode,
18962 diff -urNp linux-2.6.32.1/drivers/ata/pata_artop.c linux-2.6.32.1/drivers/ata/pata_artop.c
18963 --- linux-2.6.32.1/drivers/ata/pata_artop.c 2009-12-02 22:51:21.000000000 -0500
18964 +++ linux-2.6.32.1/drivers/ata/pata_artop.c 2009-12-14 18:33:52.236749783 -0500
18965 @@ -311,7 +311,7 @@ static struct scsi_host_template artop_s
18966 ATA_BMDMA_SHT(DRV_NAME),
18969 -static struct ata_port_operations artop6210_ops = {
18970 +static const struct ata_port_operations artop6210_ops = {
18971 .inherits = &ata_bmdma_port_ops,
18972 .cable_detect = ata_cable_40wire,
18973 .set_piomode = artop6210_set_piomode,
18974 @@ -320,7 +320,7 @@ static struct ata_port_operations artop6
18975 .qc_defer = artop6210_qc_defer,
18978 -static struct ata_port_operations artop6260_ops = {
18979 +static const struct ata_port_operations artop6260_ops = {
18980 .inherits = &ata_bmdma_port_ops,
18981 .cable_detect = artop6260_cable_detect,
18982 .set_piomode = artop6260_set_piomode,
18983 diff -urNp linux-2.6.32.1/drivers/ata/pata_at32.c linux-2.6.32.1/drivers/ata/pata_at32.c
18984 --- linux-2.6.32.1/drivers/ata/pata_at32.c 2009-12-02 22:51:21.000000000 -0500
18985 +++ linux-2.6.32.1/drivers/ata/pata_at32.c 2009-12-14 18:33:52.237769323 -0500
18986 @@ -172,7 +172,7 @@ static struct scsi_host_template at32_sh
18987 ATA_PIO_SHT(DRV_NAME),
18990 -static struct ata_port_operations at32_port_ops = {
18991 +static const struct ata_port_operations at32_port_ops = {
18992 .inherits = &ata_sff_port_ops,
18993 .cable_detect = ata_cable_40wire,
18994 .set_piomode = pata_at32_set_piomode,
18995 diff -urNp linux-2.6.32.1/drivers/ata/pata_at91.c linux-2.6.32.1/drivers/ata/pata_at91.c
18996 --- linux-2.6.32.1/drivers/ata/pata_at91.c 2009-12-02 22:51:21.000000000 -0500
18997 +++ linux-2.6.32.1/drivers/ata/pata_at91.c 2009-12-14 18:33:52.239752383 -0500
18998 @@ -195,7 +195,7 @@ static struct scsi_host_template pata_at
18999 ATA_PIO_SHT(DRV_NAME),
19002 -static struct ata_port_operations pata_at91_port_ops = {
19003 +static const struct ata_port_operations pata_at91_port_ops = {
19004 .inherits = &ata_sff_port_ops,
19006 .sff_data_xfer = pata_at91_data_xfer_noirq,
19007 diff -urNp linux-2.6.32.1/drivers/ata/pata_atiixp.c linux-2.6.32.1/drivers/ata/pata_atiixp.c
19008 --- linux-2.6.32.1/drivers/ata/pata_atiixp.c 2009-12-02 22:51:21.000000000 -0500
19009 +++ linux-2.6.32.1/drivers/ata/pata_atiixp.c 2009-12-14 18:33:52.271764550 -0500
19010 @@ -205,7 +205,7 @@ static struct scsi_host_template atiixp_
19011 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19014 -static struct ata_port_operations atiixp_port_ops = {
19015 +static const struct ata_port_operations atiixp_port_ops = {
19016 .inherits = &ata_bmdma_port_ops,
19018 .qc_prep = ata_sff_dumb_qc_prep,
19019 diff -urNp linux-2.6.32.1/drivers/ata/pata_atp867x.c linux-2.6.32.1/drivers/ata/pata_atp867x.c
19020 --- linux-2.6.32.1/drivers/ata/pata_atp867x.c 2009-12-02 22:51:21.000000000 -0500
19021 +++ linux-2.6.32.1/drivers/ata/pata_atp867x.c 2009-12-14 18:33:52.272740638 -0500
19022 @@ -274,7 +274,7 @@ static struct scsi_host_template atp867x
19023 ATA_BMDMA_SHT(DRV_NAME),
19026 -static struct ata_port_operations atp867x_ops = {
19027 +static const struct ata_port_operations atp867x_ops = {
19028 .inherits = &ata_bmdma_port_ops,
19029 .cable_detect = atp867x_cable_detect,
19030 .set_piomode = atp867x_set_piomode,
19031 diff -urNp linux-2.6.32.1/drivers/ata/pata_bf54x.c linux-2.6.32.1/drivers/ata/pata_bf54x.c
19032 --- linux-2.6.32.1/drivers/ata/pata_bf54x.c 2009-12-02 22:51:21.000000000 -0500
19033 +++ linux-2.6.32.1/drivers/ata/pata_bf54x.c 2009-12-14 18:33:52.283762923 -0500
19034 @@ -1464,7 +1464,7 @@ static struct scsi_host_template bfin_sh
19035 .dma_boundary = ATA_DMA_BOUNDARY,
19038 -static struct ata_port_operations bfin_pata_ops = {
19039 +static const struct ata_port_operations bfin_pata_ops = {
19040 .inherits = &ata_sff_port_ops,
19042 .set_piomode = bfin_set_piomode,
19043 diff -urNp linux-2.6.32.1/drivers/ata/pata_cmd640.c linux-2.6.32.1/drivers/ata/pata_cmd640.c
19044 --- linux-2.6.32.1/drivers/ata/pata_cmd640.c 2009-12-02 22:51:21.000000000 -0500
19045 +++ linux-2.6.32.1/drivers/ata/pata_cmd640.c 2009-12-14 18:33:52.286758439 -0500
19046 @@ -168,7 +168,7 @@ static struct scsi_host_template cmd640_
19047 ATA_BMDMA_SHT(DRV_NAME),
19050 -static struct ata_port_operations cmd640_port_ops = {
19051 +static const struct ata_port_operations cmd640_port_ops = {
19052 .inherits = &ata_bmdma_port_ops,
19053 /* In theory xfer_noirq is not needed once we kill the prefetcher */
19054 .sff_data_xfer = ata_sff_data_xfer_noirq,
19055 diff -urNp linux-2.6.32.1/drivers/ata/pata_cmd64x.c linux-2.6.32.1/drivers/ata/pata_cmd64x.c
19056 --- linux-2.6.32.1/drivers/ata/pata_cmd64x.c 2009-12-02 22:51:21.000000000 -0500
19057 +++ linux-2.6.32.1/drivers/ata/pata_cmd64x.c 2009-12-14 18:33:52.287766497 -0500
19058 @@ -275,18 +275,18 @@ static const struct ata_port_operations
19059 .set_dmamode = cmd64x_set_dmamode,
19062 -static struct ata_port_operations cmd64x_port_ops = {
19063 +static const struct ata_port_operations cmd64x_port_ops = {
19064 .inherits = &cmd64x_base_ops,
19065 .cable_detect = ata_cable_40wire,
19068 -static struct ata_port_operations cmd646r1_port_ops = {
19069 +static const struct ata_port_operations cmd646r1_port_ops = {
19070 .inherits = &cmd64x_base_ops,
19071 .bmdma_stop = cmd646r1_bmdma_stop,
19072 .cable_detect = ata_cable_40wire,
19075 -static struct ata_port_operations cmd648_port_ops = {
19076 +static const struct ata_port_operations cmd648_port_ops = {
19077 .inherits = &cmd64x_base_ops,
19078 .bmdma_stop = cmd648_bmdma_stop,
19079 .cable_detect = cmd648_cable_detect,
19080 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5520.c linux-2.6.32.1/drivers/ata/pata_cs5520.c
19081 --- linux-2.6.32.1/drivers/ata/pata_cs5520.c 2009-12-02 22:51:21.000000000 -0500
19082 +++ linux-2.6.32.1/drivers/ata/pata_cs5520.c 2009-12-14 18:33:52.288759601 -0500
19083 @@ -144,7 +144,7 @@ static struct scsi_host_template cs5520_
19084 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19087 -static struct ata_port_operations cs5520_port_ops = {
19088 +static const struct ata_port_operations cs5520_port_ops = {
19089 .inherits = &ata_bmdma_port_ops,
19090 .qc_prep = ata_sff_dumb_qc_prep,
19091 .cable_detect = ata_cable_40wire,
19092 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5530.c linux-2.6.32.1/drivers/ata/pata_cs5530.c
19093 --- linux-2.6.32.1/drivers/ata/pata_cs5530.c 2009-12-02 22:51:21.000000000 -0500
19094 +++ linux-2.6.32.1/drivers/ata/pata_cs5530.c 2009-12-14 18:33:52.290726192 -0500
19095 @@ -164,7 +164,7 @@ static struct scsi_host_template cs5530_
19096 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19099 -static struct ata_port_operations cs5530_port_ops = {
19100 +static const struct ata_port_operations cs5530_port_ops = {
19101 .inherits = &ata_bmdma_port_ops,
19103 .qc_prep = ata_sff_dumb_qc_prep,
19104 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5535.c linux-2.6.32.1/drivers/ata/pata_cs5535.c
19105 --- linux-2.6.32.1/drivers/ata/pata_cs5535.c 2009-12-02 22:51:21.000000000 -0500
19106 +++ linux-2.6.32.1/drivers/ata/pata_cs5535.c 2009-12-14 18:33:52.291730001 -0500
19107 @@ -160,7 +160,7 @@ static struct scsi_host_template cs5535_
19108 ATA_BMDMA_SHT(DRV_NAME),
19111 -static struct ata_port_operations cs5535_port_ops = {
19112 +static const struct ata_port_operations cs5535_port_ops = {
19113 .inherits = &ata_bmdma_port_ops,
19114 .cable_detect = cs5535_cable_detect,
19115 .set_piomode = cs5535_set_piomode,
19116 diff -urNp linux-2.6.32.1/drivers/ata/pata_cs5536.c linux-2.6.32.1/drivers/ata/pata_cs5536.c
19117 --- linux-2.6.32.1/drivers/ata/pata_cs5536.c 2009-12-02 22:51:21.000000000 -0500
19118 +++ linux-2.6.32.1/drivers/ata/pata_cs5536.c 2009-12-14 18:33:52.292713572 -0500
19119 @@ -223,7 +223,7 @@ static struct scsi_host_template cs5536_
19120 ATA_BMDMA_SHT(DRV_NAME),
19123 -static struct ata_port_operations cs5536_port_ops = {
19124 +static const struct ata_port_operations cs5536_port_ops = {
19125 .inherits = &ata_bmdma_port_ops,
19126 .cable_detect = cs5536_cable_detect,
19127 .set_piomode = cs5536_set_piomode,
19128 diff -urNp linux-2.6.32.1/drivers/ata/pata_cypress.c linux-2.6.32.1/drivers/ata/pata_cypress.c
19129 --- linux-2.6.32.1/drivers/ata/pata_cypress.c 2009-12-02 22:51:21.000000000 -0500
19130 +++ linux-2.6.32.1/drivers/ata/pata_cypress.c 2009-12-14 18:33:52.294739940 -0500
19131 @@ -113,7 +113,7 @@ static struct scsi_host_template cy82c69
19132 ATA_BMDMA_SHT(DRV_NAME),
19135 -static struct ata_port_operations cy82c693_port_ops = {
19136 +static const struct ata_port_operations cy82c693_port_ops = {
19137 .inherits = &ata_bmdma_port_ops,
19138 .cable_detect = ata_cable_40wire,
19139 .set_piomode = cy82c693_set_piomode,
19140 diff -urNp linux-2.6.32.1/drivers/ata/pata_efar.c linux-2.6.32.1/drivers/ata/pata_efar.c
19141 --- linux-2.6.32.1/drivers/ata/pata_efar.c 2009-12-02 22:51:21.000000000 -0500
19142 +++ linux-2.6.32.1/drivers/ata/pata_efar.c 2009-12-14 18:33:52.295745767 -0500
19143 @@ -222,7 +222,7 @@ static struct scsi_host_template efar_sh
19144 ATA_BMDMA_SHT(DRV_NAME),
19147 -static struct ata_port_operations efar_ops = {
19148 +static const struct ata_port_operations efar_ops = {
19149 .inherits = &ata_bmdma_port_ops,
19150 .cable_detect = efar_cable_detect,
19151 .set_piomode = efar_set_piomode,
19152 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt366.c linux-2.6.32.1/drivers/ata/pata_hpt366.c
19153 --- linux-2.6.32.1/drivers/ata/pata_hpt366.c 2009-12-02 22:51:21.000000000 -0500
19154 +++ linux-2.6.32.1/drivers/ata/pata_hpt366.c 2009-12-14 18:33:52.296706549 -0500
19155 @@ -282,7 +282,7 @@ static struct scsi_host_template hpt36x_
19156 * Configuration for HPT366/68
19159 -static struct ata_port_operations hpt366_port_ops = {
19160 +static const struct ata_port_operations hpt366_port_ops = {
19161 .inherits = &ata_bmdma_port_ops,
19162 .cable_detect = hpt36x_cable_detect,
19163 .mode_filter = hpt366_filter,
19164 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt37x.c linux-2.6.32.1/drivers/ata/pata_hpt37x.c
19165 --- linux-2.6.32.1/drivers/ata/pata_hpt37x.c 2009-12-02 22:51:21.000000000 -0500
19166 +++ linux-2.6.32.1/drivers/ata/pata_hpt37x.c 2009-12-14 18:33:52.297723734 -0500
19167 @@ -578,7 +578,7 @@ static struct scsi_host_template hpt37x_
19168 * Configuration for HPT370
19171 -static struct ata_port_operations hpt370_port_ops = {
19172 +static const struct ata_port_operations hpt370_port_ops = {
19173 .inherits = &ata_bmdma_port_ops,
19175 .bmdma_stop = hpt370_bmdma_stop,
19176 @@ -593,7 +593,7 @@ static struct ata_port_operations hpt370
19177 * Configuration for HPT370A. Close to 370 but less filters
19180 -static struct ata_port_operations hpt370a_port_ops = {
19181 +static const struct ata_port_operations hpt370a_port_ops = {
19182 .inherits = &hpt370_port_ops,
19183 .mode_filter = hpt370a_filter,
19185 @@ -603,7 +603,7 @@ static struct ata_port_operations hpt370
19186 * and DMA mode setting functionality.
19189 -static struct ata_port_operations hpt372_port_ops = {
19190 +static const struct ata_port_operations hpt372_port_ops = {
19191 .inherits = &ata_bmdma_port_ops,
19193 .bmdma_stop = hpt37x_bmdma_stop,
19194 @@ -618,7 +618,7 @@ static struct ata_port_operations hpt372
19195 * but we have a different cable detection procedure for function 1.
19198 -static struct ata_port_operations hpt374_fn1_port_ops = {
19199 +static const struct ata_port_operations hpt374_fn1_port_ops = {
19200 .inherits = &hpt372_port_ops,
19201 .prereset = hpt374_fn1_pre_reset,
19203 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c
19204 --- linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c 2009-12-02 22:51:21.000000000 -0500
19205 +++ linux-2.6.32.1/drivers/ata/pata_hpt3x2n.c 2009-12-14 18:33:52.311764085 -0500
19206 @@ -334,7 +334,7 @@ static struct scsi_host_template hpt3x2n
19207 * Configuration for HPT3x2n.
19210 -static struct ata_port_operations hpt3x2n_port_ops = {
19211 +static const struct ata_port_operations hpt3x2n_port_ops = {
19212 .inherits = &ata_bmdma_port_ops,
19214 .bmdma_stop = hpt3x2n_bmdma_stop,
19215 diff -urNp linux-2.6.32.1/drivers/ata/pata_hpt3x3.c linux-2.6.32.1/drivers/ata/pata_hpt3x3.c
19216 --- linux-2.6.32.1/drivers/ata/pata_hpt3x3.c 2009-12-02 22:51:21.000000000 -0500
19217 +++ linux-2.6.32.1/drivers/ata/pata_hpt3x3.c 2009-12-14 18:33:52.320715637 -0500
19218 @@ -141,7 +141,7 @@ static struct scsi_host_template hpt3x3_
19219 ATA_BMDMA_SHT(DRV_NAME),
19222 -static struct ata_port_operations hpt3x3_port_ops = {
19223 +static const struct ata_port_operations hpt3x3_port_ops = {
19224 .inherits = &ata_bmdma_port_ops,
19225 .cable_detect = ata_cable_40wire,
19226 .set_piomode = hpt3x3_set_piomode,
19227 diff -urNp linux-2.6.32.1/drivers/ata/pata_icside.c linux-2.6.32.1/drivers/ata/pata_icside.c
19228 --- linux-2.6.32.1/drivers/ata/pata_icside.c 2009-12-02 22:51:21.000000000 -0500
19229 +++ linux-2.6.32.1/drivers/ata/pata_icside.c 2009-12-14 18:33:52.329748602 -0500
19230 @@ -319,7 +319,7 @@ static void pata_icside_postreset(struct
19234 -static struct ata_port_operations pata_icside_port_ops = {
19235 +static const struct ata_port_operations pata_icside_port_ops = {
19236 .inherits = &ata_sff_port_ops,
19237 /* no need to build any PRD tables for DMA */
19238 .qc_prep = ata_noop_qc_prep,
19239 diff -urNp linux-2.6.32.1/drivers/ata/pata_isapnp.c linux-2.6.32.1/drivers/ata/pata_isapnp.c
19240 --- linux-2.6.32.1/drivers/ata/pata_isapnp.c 2009-12-02 22:51:21.000000000 -0500
19241 +++ linux-2.6.32.1/drivers/ata/pata_isapnp.c 2009-12-14 18:33:52.330730401 -0500
19242 @@ -23,12 +23,12 @@ static struct scsi_host_template isapnp_
19243 ATA_PIO_SHT(DRV_NAME),
19246 -static struct ata_port_operations isapnp_port_ops = {
19247 +static const struct ata_port_operations isapnp_port_ops = {
19248 .inherits = &ata_sff_port_ops,
19249 .cable_detect = ata_cable_40wire,
19252 -static struct ata_port_operations isapnp_noalt_port_ops = {
19253 +static const struct ata_port_operations isapnp_noalt_port_ops = {
19254 .inherits = &ata_sff_port_ops,
19255 .cable_detect = ata_cable_40wire,
19256 /* No altstatus so we don't want to use the lost interrupt poll */
19257 diff -urNp linux-2.6.32.1/drivers/ata/pata_it8213.c linux-2.6.32.1/drivers/ata/pata_it8213.c
19258 --- linux-2.6.32.1/drivers/ata/pata_it8213.c 2009-12-02 22:51:21.000000000 -0500
19259 +++ linux-2.6.32.1/drivers/ata/pata_it8213.c 2009-12-14 18:33:52.340712269 -0500
19260 @@ -234,7 +234,7 @@ static struct scsi_host_template it8213_
19264 -static struct ata_port_operations it8213_ops = {
19265 +static const struct ata_port_operations it8213_ops = {
19266 .inherits = &ata_bmdma_port_ops,
19267 .cable_detect = it8213_cable_detect,
19268 .set_piomode = it8213_set_piomode,
19269 diff -urNp linux-2.6.32.1/drivers/ata/pata_it821x.c linux-2.6.32.1/drivers/ata/pata_it821x.c
19270 --- linux-2.6.32.1/drivers/ata/pata_it821x.c 2009-12-02 22:51:21.000000000 -0500
19271 +++ linux-2.6.32.1/drivers/ata/pata_it821x.c 2009-12-14 18:33:52.352710516 -0500
19272 @@ -800,7 +800,7 @@ static struct scsi_host_template it821x_
19273 ATA_BMDMA_SHT(DRV_NAME),
19276 -static struct ata_port_operations it821x_smart_port_ops = {
19277 +static const struct ata_port_operations it821x_smart_port_ops = {
19278 .inherits = &ata_bmdma_port_ops,
19280 .check_atapi_dma= it821x_check_atapi_dma,
19281 @@ -814,7 +814,7 @@ static struct ata_port_operations it821x
19282 .port_start = it821x_port_start,
19285 -static struct ata_port_operations it821x_passthru_port_ops = {
19286 +static const struct ata_port_operations it821x_passthru_port_ops = {
19287 .inherits = &ata_bmdma_port_ops,
19289 .check_atapi_dma= it821x_check_atapi_dma,
19290 @@ -830,7 +830,7 @@ static struct ata_port_operations it821x
19291 .port_start = it821x_port_start,
19294 -static struct ata_port_operations it821x_rdc_port_ops = {
19295 +static const struct ata_port_operations it821x_rdc_port_ops = {
19296 .inherits = &ata_bmdma_port_ops,
19298 .check_atapi_dma= it821x_check_atapi_dma,
19299 diff -urNp linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c
19300 --- linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c 2009-12-02 22:51:21.000000000 -0500
19301 +++ linux-2.6.32.1/drivers/ata/pata_ixp4xx_cf.c 2009-12-14 18:33:52.365770715 -0500
19302 @@ -89,7 +89,7 @@ static struct scsi_host_template ixp4xx_
19303 ATA_PIO_SHT(DRV_NAME),
19306 -static struct ata_port_operations ixp4xx_port_ops = {
19307 +static const struct ata_port_operations ixp4xx_port_ops = {
19308 .inherits = &ata_sff_port_ops,
19309 .sff_data_xfer = ixp4xx_mmio_data_xfer,
19310 .cable_detect = ata_cable_40wire,
19311 diff -urNp linux-2.6.32.1/drivers/ata/pata_jmicron.c linux-2.6.32.1/drivers/ata/pata_jmicron.c
19312 --- linux-2.6.32.1/drivers/ata/pata_jmicron.c 2009-12-02 22:51:21.000000000 -0500
19313 +++ linux-2.6.32.1/drivers/ata/pata_jmicron.c 2009-12-14 18:33:52.372728592 -0500
19314 @@ -111,7 +111,7 @@ static struct scsi_host_template jmicron
19315 ATA_BMDMA_SHT(DRV_NAME),
19318 -static struct ata_port_operations jmicron_ops = {
19319 +static const struct ata_port_operations jmicron_ops = {
19320 .inherits = &ata_bmdma_port_ops,
19321 .prereset = jmicron_pre_reset,
19323 diff -urNp linux-2.6.32.1/drivers/ata/pata_legacy.c linux-2.6.32.1/drivers/ata/pata_legacy.c
19324 --- linux-2.6.32.1/drivers/ata/pata_legacy.c 2009-12-02 22:51:21.000000000 -0500
19325 +++ linux-2.6.32.1/drivers/ata/pata_legacy.c 2009-12-14 18:33:52.388771890 -0500
19326 @@ -106,7 +106,7 @@ struct legacy_probe {
19328 struct legacy_controller {
19330 - struct ata_port_operations *ops;
19331 + const struct ata_port_operations *ops;
19332 unsigned int pio_mask;
19333 unsigned int flags;
19334 unsigned int pflags;
19335 @@ -223,12 +223,12 @@ static const struct ata_port_operations
19336 * pio_mask as well.
19339 -static struct ata_port_operations simple_port_ops = {
19340 +static const struct ata_port_operations simple_port_ops = {
19341 .inherits = &legacy_base_port_ops,
19342 .sff_data_xfer = ata_sff_data_xfer_noirq,
19345 -static struct ata_port_operations legacy_port_ops = {
19346 +static const struct ata_port_operations legacy_port_ops = {
19347 .inherits = &legacy_base_port_ops,
19348 .sff_data_xfer = ata_sff_data_xfer_noirq,
19349 .set_mode = legacy_set_mode,
19350 @@ -324,7 +324,7 @@ static unsigned int pdc_data_xfer_vlb(st
19354 -static struct ata_port_operations pdc20230_port_ops = {
19355 +static const struct ata_port_operations pdc20230_port_ops = {
19356 .inherits = &legacy_base_port_ops,
19357 .set_piomode = pdc20230_set_piomode,
19358 .sff_data_xfer = pdc_data_xfer_vlb,
19359 @@ -357,7 +357,7 @@ static void ht6560a_set_piomode(struct a
19360 ioread8(ap->ioaddr.status_addr);
19363 -static struct ata_port_operations ht6560a_port_ops = {
19364 +static const struct ata_port_operations ht6560a_port_ops = {
19365 .inherits = &legacy_base_port_ops,
19366 .set_piomode = ht6560a_set_piomode,
19368 @@ -400,7 +400,7 @@ static void ht6560b_set_piomode(struct a
19369 ioread8(ap->ioaddr.status_addr);
19372 -static struct ata_port_operations ht6560b_port_ops = {
19373 +static const struct ata_port_operations ht6560b_port_ops = {
19374 .inherits = &legacy_base_port_ops,
19375 .set_piomode = ht6560b_set_piomode,
19377 @@ -499,7 +499,7 @@ static void opti82c611a_set_piomode(stru
19381 -static struct ata_port_operations opti82c611a_port_ops = {
19382 +static const struct ata_port_operations opti82c611a_port_ops = {
19383 .inherits = &legacy_base_port_ops,
19384 .set_piomode = opti82c611a_set_piomode,
19386 @@ -609,7 +609,7 @@ static unsigned int opti82c46x_qc_issue(
19387 return ata_sff_qc_issue(qc);
19390 -static struct ata_port_operations opti82c46x_port_ops = {
19391 +static const struct ata_port_operations opti82c46x_port_ops = {
19392 .inherits = &legacy_base_port_ops,
19393 .set_piomode = opti82c46x_set_piomode,
19394 .qc_issue = opti82c46x_qc_issue,
19395 @@ -771,20 +771,20 @@ static int qdi_port(struct platform_devi
19399 -static struct ata_port_operations qdi6500_port_ops = {
19400 +static const struct ata_port_operations qdi6500_port_ops = {
19401 .inherits = &legacy_base_port_ops,
19402 .set_piomode = qdi6500_set_piomode,
19403 .qc_issue = qdi_qc_issue,
19404 .sff_data_xfer = vlb32_data_xfer,
19407 -static struct ata_port_operations qdi6580_port_ops = {
19408 +static const struct ata_port_operations qdi6580_port_ops = {
19409 .inherits = &legacy_base_port_ops,
19410 .set_piomode = qdi6580_set_piomode,
19411 .sff_data_xfer = vlb32_data_xfer,
19414 -static struct ata_port_operations qdi6580dp_port_ops = {
19415 +static const struct ata_port_operations qdi6580dp_port_ops = {
19416 .inherits = &legacy_base_port_ops,
19417 .set_piomode = qdi6580dp_set_piomode,
19418 .sff_data_xfer = vlb32_data_xfer,
19419 @@ -855,7 +855,7 @@ static int winbond_port(struct platform_
19423 -static struct ata_port_operations winbond_port_ops = {
19424 +static const struct ata_port_operations winbond_port_ops = {
19425 .inherits = &legacy_base_port_ops,
19426 .set_piomode = winbond_set_piomode,
19427 .sff_data_xfer = vlb32_data_xfer,
19428 @@ -978,7 +978,7 @@ static __init int legacy_init_one(struct
19429 int pio_modes = controller->pio_mask;
19430 unsigned long io = probe->port;
19431 u32 mask = (1 << probe->slot);
19432 - struct ata_port_operations *ops = controller->ops;
19433 + const struct ata_port_operations *ops = controller->ops;
19434 struct legacy_data *ld = &legacy_data[probe->slot];
19435 struct ata_host *host = NULL;
19436 struct ata_port *ap;
19437 diff -urNp linux-2.6.32.1/drivers/ata/pata_marvell.c linux-2.6.32.1/drivers/ata/pata_marvell.c
19438 --- linux-2.6.32.1/drivers/ata/pata_marvell.c 2009-12-02 22:51:21.000000000 -0500
19439 +++ linux-2.6.32.1/drivers/ata/pata_marvell.c 2009-12-14 18:33:52.404773618 -0500
19440 @@ -100,7 +100,7 @@ static struct scsi_host_template marvell
19441 ATA_BMDMA_SHT(DRV_NAME),
19444 -static struct ata_port_operations marvell_ops = {
19445 +static const struct ata_port_operations marvell_ops = {
19446 .inherits = &ata_bmdma_port_ops,
19447 .cable_detect = marvell_cable_detect,
19448 .prereset = marvell_pre_reset,
19449 diff -urNp linux-2.6.32.1/drivers/ata/pata_mpc52xx.c linux-2.6.32.1/drivers/ata/pata_mpc52xx.c
19450 --- linux-2.6.32.1/drivers/ata/pata_mpc52xx.c 2009-12-02 22:51:21.000000000 -0500
19451 +++ linux-2.6.32.1/drivers/ata/pata_mpc52xx.c 2009-12-14 18:33:52.405776770 -0500
19452 @@ -609,7 +609,7 @@ static struct scsi_host_template mpc52xx
19453 ATA_PIO_SHT(DRV_NAME),
19456 -static struct ata_port_operations mpc52xx_ata_port_ops = {
19457 +static const struct ata_port_operations mpc52xx_ata_port_ops = {
19458 .inherits = &ata_sff_port_ops,
19459 .sff_dev_select = mpc52xx_ata_dev_select,
19460 .set_piomode = mpc52xx_ata_set_piomode,
19461 diff -urNp linux-2.6.32.1/drivers/ata/pata_mpiix.c linux-2.6.32.1/drivers/ata/pata_mpiix.c
19462 --- linux-2.6.32.1/drivers/ata/pata_mpiix.c 2009-12-02 22:51:21.000000000 -0500
19463 +++ linux-2.6.32.1/drivers/ata/pata_mpiix.c 2009-12-14 18:33:52.412777557 -0500
19464 @@ -140,7 +140,7 @@ static struct scsi_host_template mpiix_s
19465 ATA_PIO_SHT(DRV_NAME),
19468 -static struct ata_port_operations mpiix_port_ops = {
19469 +static const struct ata_port_operations mpiix_port_ops = {
19470 .inherits = &ata_sff_port_ops,
19471 .qc_issue = mpiix_qc_issue,
19472 .cable_detect = ata_cable_40wire,
19473 diff -urNp linux-2.6.32.1/drivers/ata/pata_netcell.c linux-2.6.32.1/drivers/ata/pata_netcell.c
19474 --- linux-2.6.32.1/drivers/ata/pata_netcell.c 2009-12-02 22:51:21.000000000 -0500
19475 +++ linux-2.6.32.1/drivers/ata/pata_netcell.c 2009-12-14 18:33:52.435775797 -0500
19476 @@ -34,7 +34,7 @@ static struct scsi_host_template netcell
19477 ATA_BMDMA_SHT(DRV_NAME),
19480 -static struct ata_port_operations netcell_ops = {
19481 +static const struct ata_port_operations netcell_ops = {
19482 .inherits = &ata_bmdma_port_ops,
19483 .cable_detect = ata_cable_80wire,
19484 .read_id = netcell_read_id,
19485 diff -urNp linux-2.6.32.1/drivers/ata/pata_ninja32.c linux-2.6.32.1/drivers/ata/pata_ninja32.c
19486 --- linux-2.6.32.1/drivers/ata/pata_ninja32.c 2009-12-02 22:51:21.000000000 -0500
19487 +++ linux-2.6.32.1/drivers/ata/pata_ninja32.c 2009-12-14 18:33:52.437780205 -0500
19488 @@ -81,7 +81,7 @@ static struct scsi_host_template ninja32
19489 ATA_BMDMA_SHT(DRV_NAME),
19492 -static struct ata_port_operations ninja32_port_ops = {
19493 +static const struct ata_port_operations ninja32_port_ops = {
19494 .inherits = &ata_bmdma_port_ops,
19495 .sff_dev_select = ninja32_dev_select,
19496 .cable_detect = ata_cable_40wire,
19497 diff -urNp linux-2.6.32.1/drivers/ata/pata_ns87410.c linux-2.6.32.1/drivers/ata/pata_ns87410.c
19498 --- linux-2.6.32.1/drivers/ata/pata_ns87410.c 2009-12-02 22:51:21.000000000 -0500
19499 +++ linux-2.6.32.1/drivers/ata/pata_ns87410.c 2009-12-14 18:33:52.452753530 -0500
19500 @@ -132,7 +132,7 @@ static struct scsi_host_template ns87410
19501 ATA_PIO_SHT(DRV_NAME),
19504 -static struct ata_port_operations ns87410_port_ops = {
19505 +static const struct ata_port_operations ns87410_port_ops = {
19506 .inherits = &ata_sff_port_ops,
19507 .qc_issue = ns87410_qc_issue,
19508 .cable_detect = ata_cable_40wire,
19509 diff -urNp linux-2.6.32.1/drivers/ata/pata_ns87415.c linux-2.6.32.1/drivers/ata/pata_ns87415.c
19510 --- linux-2.6.32.1/drivers/ata/pata_ns87415.c 2009-12-02 22:51:21.000000000 -0500
19511 +++ linux-2.6.32.1/drivers/ata/pata_ns87415.c 2009-12-14 18:33:52.453740321 -0500
19512 @@ -299,7 +299,7 @@ static u8 ns87560_bmdma_status(struct at
19514 #endif /* 87560 SuperIO Support */
19516 -static struct ata_port_operations ns87415_pata_ops = {
19517 +static const struct ata_port_operations ns87415_pata_ops = {
19518 .inherits = &ata_bmdma_port_ops,
19520 .check_atapi_dma = ns87415_check_atapi_dma,
19521 @@ -313,7 +313,7 @@ static struct ata_port_operations ns8741
19524 #if defined(CONFIG_SUPERIO)
19525 -static struct ata_port_operations ns87560_pata_ops = {
19526 +static const struct ata_port_operations ns87560_pata_ops = {
19527 .inherits = &ns87415_pata_ops,
19528 .sff_tf_read = ns87560_tf_read,
19529 .sff_check_status = ns87560_check_status,
19530 diff -urNp linux-2.6.32.1/drivers/ata/pata_octeon_cf.c linux-2.6.32.1/drivers/ata/pata_octeon_cf.c
19531 --- linux-2.6.32.1/drivers/ata/pata_octeon_cf.c 2009-12-02 22:51:21.000000000 -0500
19532 +++ linux-2.6.32.1/drivers/ata/pata_octeon_cf.c 2009-12-14 18:33:52.461780616 -0500
19533 @@ -801,6 +801,7 @@ static unsigned int octeon_cf_qc_issue(s
19537 +/* cannot be const */
19538 static struct ata_port_operations octeon_cf_ops = {
19539 .inherits = &ata_sff_port_ops,
19540 .check_atapi_dma = octeon_cf_check_atapi_dma,
19541 diff -urNp linux-2.6.32.1/drivers/ata/pata_oldpiix.c linux-2.6.32.1/drivers/ata/pata_oldpiix.c
19542 --- linux-2.6.32.1/drivers/ata/pata_oldpiix.c 2009-12-02 22:51:21.000000000 -0500
19543 +++ linux-2.6.32.1/drivers/ata/pata_oldpiix.c 2009-12-14 18:33:52.488777624 -0500
19544 @@ -208,7 +208,7 @@ static struct scsi_host_template oldpiix
19545 ATA_BMDMA_SHT(DRV_NAME),
19548 -static struct ata_port_operations oldpiix_pata_ops = {
19549 +static const struct ata_port_operations oldpiix_pata_ops = {
19550 .inherits = &ata_bmdma_port_ops,
19551 .qc_issue = oldpiix_qc_issue,
19552 .cable_detect = ata_cable_40wire,
19553 diff -urNp linux-2.6.32.1/drivers/ata/pata_opti.c linux-2.6.32.1/drivers/ata/pata_opti.c
19554 --- linux-2.6.32.1/drivers/ata/pata_opti.c 2009-12-02 22:51:21.000000000 -0500
19555 +++ linux-2.6.32.1/drivers/ata/pata_opti.c 2009-12-14 18:33:52.490712194 -0500
19556 @@ -152,7 +152,7 @@ static struct scsi_host_template opti_sh
19557 ATA_PIO_SHT(DRV_NAME),
19560 -static struct ata_port_operations opti_port_ops = {
19561 +static const struct ata_port_operations opti_port_ops = {
19562 .inherits = &ata_sff_port_ops,
19563 .cable_detect = ata_cable_40wire,
19564 .set_piomode = opti_set_piomode,
19565 diff -urNp linux-2.6.32.1/drivers/ata/pata_optidma.c linux-2.6.32.1/drivers/ata/pata_optidma.c
19566 --- linux-2.6.32.1/drivers/ata/pata_optidma.c 2009-12-02 22:51:21.000000000 -0500
19567 +++ linux-2.6.32.1/drivers/ata/pata_optidma.c 2009-12-14 18:33:52.497787330 -0500
19568 @@ -337,7 +337,7 @@ static struct scsi_host_template optidma
19569 ATA_BMDMA_SHT(DRV_NAME),
19572 -static struct ata_port_operations optidma_port_ops = {
19573 +static const struct ata_port_operations optidma_port_ops = {
19574 .inherits = &ata_bmdma_port_ops,
19575 .cable_detect = ata_cable_40wire,
19576 .set_piomode = optidma_set_pio_mode,
19577 @@ -346,7 +346,7 @@ static struct ata_port_operations optidm
19578 .prereset = optidma_pre_reset,
19581 -static struct ata_port_operations optiplus_port_ops = {
19582 +static const struct ata_port_operations optiplus_port_ops = {
19583 .inherits = &optidma_port_ops,
19584 .set_piomode = optiplus_set_pio_mode,
19585 .set_dmamode = optiplus_set_dma_mode,
19586 diff -urNp linux-2.6.32.1/drivers/ata/pata_palmld.c linux-2.6.32.1/drivers/ata/pata_palmld.c
19587 --- linux-2.6.32.1/drivers/ata/pata_palmld.c 2009-12-02 22:51:21.000000000 -0500
19588 +++ linux-2.6.32.1/drivers/ata/pata_palmld.c 2009-12-14 18:33:52.499703226 -0500
19589 @@ -37,7 +37,7 @@ static struct scsi_host_template palmld_
19590 ATA_PIO_SHT(DRV_NAME),
19593 -static struct ata_port_operations palmld_port_ops = {
19594 +static const struct ata_port_operations palmld_port_ops = {
19595 .inherits = &ata_sff_port_ops,
19596 .sff_data_xfer = ata_sff_data_xfer_noirq,
19597 .cable_detect = ata_cable_40wire,
19598 diff -urNp linux-2.6.32.1/drivers/ata/pata_pcmcia.c linux-2.6.32.1/drivers/ata/pata_pcmcia.c
19599 --- linux-2.6.32.1/drivers/ata/pata_pcmcia.c 2009-12-02 22:51:21.000000000 -0500
19600 +++ linux-2.6.32.1/drivers/ata/pata_pcmcia.c 2009-12-14 18:33:52.508737710 -0500
19601 @@ -162,14 +162,14 @@ static struct scsi_host_template pcmcia_
19602 ATA_PIO_SHT(DRV_NAME),
19605 -static struct ata_port_operations pcmcia_port_ops = {
19606 +static const struct ata_port_operations pcmcia_port_ops = {
19607 .inherits = &ata_sff_port_ops,
19608 .sff_data_xfer = ata_sff_data_xfer_noirq,
19609 .cable_detect = ata_cable_40wire,
19610 .set_mode = pcmcia_set_mode,
19613 -static struct ata_port_operations pcmcia_8bit_port_ops = {
19614 +static const struct ata_port_operations pcmcia_8bit_port_ops = {
19615 .inherits = &ata_sff_port_ops,
19616 .sff_data_xfer = ata_data_xfer_8bit,
19617 .cable_detect = ata_cable_40wire,
19618 @@ -256,7 +256,7 @@ static int pcmcia_init_one(struct pcmcia
19619 unsigned long io_base, ctl_base;
19620 void __iomem *io_addr, *ctl_addr;
19622 - struct ata_port_operations *ops = &pcmcia_port_ops;
19623 + const struct ata_port_operations *ops = &pcmcia_port_ops;
19625 info = kzalloc(sizeof(*info), GFP_KERNEL);
19627 diff -urNp linux-2.6.32.1/drivers/ata/pata_pdc2027x.c linux-2.6.32.1/drivers/ata/pata_pdc2027x.c
19628 --- linux-2.6.32.1/drivers/ata/pata_pdc2027x.c 2009-12-02 22:51:21.000000000 -0500
19629 +++ linux-2.6.32.1/drivers/ata/pata_pdc2027x.c 2009-12-14 18:33:52.513816405 -0500
19630 @@ -132,14 +132,14 @@ static struct scsi_host_template pdc2027
19631 ATA_BMDMA_SHT(DRV_NAME),
19634 -static struct ata_port_operations pdc2027x_pata100_ops = {
19635 +static const struct ata_port_operations pdc2027x_pata100_ops = {
19636 .inherits = &ata_bmdma_port_ops,
19637 .check_atapi_dma = pdc2027x_check_atapi_dma,
19638 .cable_detect = pdc2027x_cable_detect,
19639 .prereset = pdc2027x_prereset,
19642 -static struct ata_port_operations pdc2027x_pata133_ops = {
19643 +static const struct ata_port_operations pdc2027x_pata133_ops = {
19644 .inherits = &pdc2027x_pata100_ops,
19645 .mode_filter = pdc2027x_mode_filter,
19646 .set_piomode = pdc2027x_set_piomode,
19647 diff -urNp linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c
19648 --- linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c 2009-12-02 22:51:21.000000000 -0500
19649 +++ linux-2.6.32.1/drivers/ata/pata_pdc202xx_old.c 2009-12-14 18:33:52.519782684 -0500
19650 @@ -265,7 +265,7 @@ static struct scsi_host_template pdc202x
19651 ATA_BMDMA_SHT(DRV_NAME),
19654 -static struct ata_port_operations pdc2024x_port_ops = {
19655 +static const struct ata_port_operations pdc2024x_port_ops = {
19656 .inherits = &ata_bmdma_port_ops,
19658 .cable_detect = ata_cable_40wire,
19659 @@ -273,7 +273,7 @@ static struct ata_port_operations pdc202
19660 .set_dmamode = pdc202xx_set_dmamode,
19663 -static struct ata_port_operations pdc2026x_port_ops = {
19664 +static const struct ata_port_operations pdc2026x_port_ops = {
19665 .inherits = &pdc2024x_port_ops,
19667 .check_atapi_dma = pdc2026x_check_atapi_dma,
19668 diff -urNp linux-2.6.32.1/drivers/ata/pata_platform.c linux-2.6.32.1/drivers/ata/pata_platform.c
19669 --- linux-2.6.32.1/drivers/ata/pata_platform.c 2009-12-02 22:51:21.000000000 -0500
19670 +++ linux-2.6.32.1/drivers/ata/pata_platform.c 2009-12-14 18:33:52.537747965 -0500
19671 @@ -48,7 +48,7 @@ static struct scsi_host_template pata_pl
19672 ATA_PIO_SHT(DRV_NAME),
19675 -static struct ata_port_operations pata_platform_port_ops = {
19676 +static const struct ata_port_operations pata_platform_port_ops = {
19677 .inherits = &ata_sff_port_ops,
19678 .sff_data_xfer = ata_sff_data_xfer_noirq,
19679 .cable_detect = ata_cable_unknown,
19680 diff -urNp linux-2.6.32.1/drivers/ata/pata_qdi.c linux-2.6.32.1/drivers/ata/pata_qdi.c
19681 --- linux-2.6.32.1/drivers/ata/pata_qdi.c 2009-12-02 22:51:21.000000000 -0500
19682 +++ linux-2.6.32.1/drivers/ata/pata_qdi.c 2009-12-14 18:33:52.546712944 -0500
19683 @@ -157,7 +157,7 @@ static struct scsi_host_template qdi_sht
19684 ATA_PIO_SHT(DRV_NAME),
19687 -static struct ata_port_operations qdi6500_port_ops = {
19688 +static const struct ata_port_operations qdi6500_port_ops = {
19689 .inherits = &ata_sff_port_ops,
19690 .qc_issue = qdi_qc_issue,
19691 .sff_data_xfer = qdi_data_xfer,
19692 @@ -165,7 +165,7 @@ static struct ata_port_operations qdi650
19693 .set_piomode = qdi6500_set_piomode,
19696 -static struct ata_port_operations qdi6580_port_ops = {
19697 +static const struct ata_port_operations qdi6580_port_ops = {
19698 .inherits = &qdi6500_port_ops,
19699 .set_piomode = qdi6580_set_piomode,
19701 diff -urNp linux-2.6.32.1/drivers/ata/pata_radisys.c linux-2.6.32.1/drivers/ata/pata_radisys.c
19702 --- linux-2.6.32.1/drivers/ata/pata_radisys.c 2009-12-02 22:51:21.000000000 -0500
19703 +++ linux-2.6.32.1/drivers/ata/pata_radisys.c 2009-12-14 18:33:52.547762477 -0500
19704 @@ -187,7 +187,7 @@ static struct scsi_host_template radisys
19705 ATA_BMDMA_SHT(DRV_NAME),
19708 -static struct ata_port_operations radisys_pata_ops = {
19709 +static const struct ata_port_operations radisys_pata_ops = {
19710 .inherits = &ata_bmdma_port_ops,
19711 .qc_issue = radisys_qc_issue,
19712 .cable_detect = ata_cable_unknown,
19713 diff -urNp linux-2.6.32.1/drivers/ata/pata_rb532_cf.c linux-2.6.32.1/drivers/ata/pata_rb532_cf.c
19714 --- linux-2.6.32.1/drivers/ata/pata_rb532_cf.c 2009-12-02 22:51:21.000000000 -0500
19715 +++ linux-2.6.32.1/drivers/ata/pata_rb532_cf.c 2009-12-14 18:33:52.548735147 -0500
19716 @@ -68,7 +68,7 @@ static irqreturn_t rb532_pata_irq_handle
19717 return IRQ_HANDLED;
19720 -static struct ata_port_operations rb532_pata_port_ops = {
19721 +static const struct ata_port_operations rb532_pata_port_ops = {
19722 .inherits = &ata_sff_port_ops,
19723 .sff_data_xfer = ata_sff_data_xfer32,
19725 diff -urNp linux-2.6.32.1/drivers/ata/pata_rdc.c linux-2.6.32.1/drivers/ata/pata_rdc.c
19726 --- linux-2.6.32.1/drivers/ata/pata_rdc.c 2009-12-02 22:51:21.000000000 -0500
19727 +++ linux-2.6.32.1/drivers/ata/pata_rdc.c 2009-12-14 18:33:52.567802368 -0500
19728 @@ -272,7 +272,7 @@ static void rdc_set_dmamode(struct ata_p
19729 pci_write_config_byte(dev, 0x48, udma_enable);
19732 -static struct ata_port_operations rdc_pata_ops = {
19733 +static const struct ata_port_operations rdc_pata_ops = {
19734 .inherits = &ata_bmdma32_port_ops,
19735 .cable_detect = rdc_pata_cable_detect,
19736 .set_piomode = rdc_set_piomode,
19737 diff -urNp linux-2.6.32.1/drivers/ata/pata_rz1000.c linux-2.6.32.1/drivers/ata/pata_rz1000.c
19738 --- linux-2.6.32.1/drivers/ata/pata_rz1000.c 2009-12-02 22:51:21.000000000 -0500
19739 +++ linux-2.6.32.1/drivers/ata/pata_rz1000.c 2009-12-14 18:33:52.567802368 -0500
19740 @@ -54,7 +54,7 @@ static struct scsi_host_template rz1000_
19741 ATA_PIO_SHT(DRV_NAME),
19744 -static struct ata_port_operations rz1000_port_ops = {
19745 +static const struct ata_port_operations rz1000_port_ops = {
19746 .inherits = &ata_sff_port_ops,
19747 .cable_detect = ata_cable_40wire,
19748 .set_mode = rz1000_set_mode,
19749 diff -urNp linux-2.6.32.1/drivers/ata/pata_sc1200.c linux-2.6.32.1/drivers/ata/pata_sc1200.c
19750 --- linux-2.6.32.1/drivers/ata/pata_sc1200.c 2009-12-02 22:51:21.000000000 -0500
19751 +++ linux-2.6.32.1/drivers/ata/pata_sc1200.c 2009-12-14 18:33:52.572791092 -0500
19752 @@ -207,7 +207,7 @@ static struct scsi_host_template sc1200_
19753 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
19756 -static struct ata_port_operations sc1200_port_ops = {
19757 +static const struct ata_port_operations sc1200_port_ops = {
19758 .inherits = &ata_bmdma_port_ops,
19759 .qc_prep = ata_sff_dumb_qc_prep,
19760 .qc_issue = sc1200_qc_issue,
19761 diff -urNp linux-2.6.32.1/drivers/ata/pata_scc.c linux-2.6.32.1/drivers/ata/pata_scc.c
19762 --- linux-2.6.32.1/drivers/ata/pata_scc.c 2009-12-02 22:51:21.000000000 -0500
19763 +++ linux-2.6.32.1/drivers/ata/pata_scc.c 2009-12-14 18:33:52.575757473 -0500
19764 @@ -965,7 +965,7 @@ static struct scsi_host_template scc_sht
19765 ATA_BMDMA_SHT(DRV_NAME),
19768 -static struct ata_port_operations scc_pata_ops = {
19769 +static const struct ata_port_operations scc_pata_ops = {
19770 .inherits = &ata_bmdma_port_ops,
19772 .set_piomode = scc_set_piomode,
19773 diff -urNp linux-2.6.32.1/drivers/ata/pata_sch.c linux-2.6.32.1/drivers/ata/pata_sch.c
19774 --- linux-2.6.32.1/drivers/ata/pata_sch.c 2009-12-02 22:51:21.000000000 -0500
19775 +++ linux-2.6.32.1/drivers/ata/pata_sch.c 2009-12-14 18:33:52.590795896 -0500
19776 @@ -75,7 +75,7 @@ static struct scsi_host_template sch_sht
19777 ATA_BMDMA_SHT(DRV_NAME),
19780 -static struct ata_port_operations sch_pata_ops = {
19781 +static const struct ata_port_operations sch_pata_ops = {
19782 .inherits = &ata_bmdma_port_ops,
19783 .cable_detect = ata_cable_unknown,
19784 .set_piomode = sch_set_piomode,
19785 diff -urNp linux-2.6.32.1/drivers/ata/pata_serverworks.c linux-2.6.32.1/drivers/ata/pata_serverworks.c
19786 --- linux-2.6.32.1/drivers/ata/pata_serverworks.c 2009-12-02 22:51:21.000000000 -0500
19787 +++ linux-2.6.32.1/drivers/ata/pata_serverworks.c 2009-12-14 18:33:52.608788179 -0500
19788 @@ -299,7 +299,7 @@ static struct scsi_host_template serverw
19789 ATA_BMDMA_SHT(DRV_NAME),
19792 -static struct ata_port_operations serverworks_osb4_port_ops = {
19793 +static const struct ata_port_operations serverworks_osb4_port_ops = {
19794 .inherits = &ata_bmdma_port_ops,
19795 .cable_detect = serverworks_cable_detect,
19796 .mode_filter = serverworks_osb4_filter,
19797 @@ -307,7 +307,7 @@ static struct ata_port_operations server
19798 .set_dmamode = serverworks_set_dmamode,
19801 -static struct ata_port_operations serverworks_csb_port_ops = {
19802 +static const struct ata_port_operations serverworks_csb_port_ops = {
19803 .inherits = &serverworks_osb4_port_ops,
19804 .mode_filter = serverworks_csb_filter,
19806 diff -urNp linux-2.6.32.1/drivers/ata/pata_sil680.c linux-2.6.32.1/drivers/ata/pata_sil680.c
19807 --- linux-2.6.32.1/drivers/ata/pata_sil680.c 2009-12-02 22:51:21.000000000 -0500
19808 +++ linux-2.6.32.1/drivers/ata/pata_sil680.c 2009-12-14 18:33:52.616795701 -0500
19809 @@ -194,7 +194,7 @@ static struct scsi_host_template sil680_
19810 ATA_BMDMA_SHT(DRV_NAME),
19813 -static struct ata_port_operations sil680_port_ops = {
19814 +static const struct ata_port_operations sil680_port_ops = {
19815 .inherits = &ata_bmdma32_port_ops,
19816 .cable_detect = sil680_cable_detect,
19817 .set_piomode = sil680_set_piomode,
19818 diff -urNp linux-2.6.32.1/drivers/ata/pata_sis.c linux-2.6.32.1/drivers/ata/pata_sis.c
19819 --- linux-2.6.32.1/drivers/ata/pata_sis.c 2009-12-02 22:51:21.000000000 -0500
19820 +++ linux-2.6.32.1/drivers/ata/pata_sis.c 2009-12-14 18:33:52.617796446 -0500
19821 @@ -503,47 +503,47 @@ static struct scsi_host_template sis_sht
19822 ATA_BMDMA_SHT(DRV_NAME),
19825 -static struct ata_port_operations sis_133_for_sata_ops = {
19826 +static const struct ata_port_operations sis_133_for_sata_ops = {
19827 .inherits = &ata_bmdma_port_ops,
19828 .set_piomode = sis_133_set_piomode,
19829 .set_dmamode = sis_133_set_dmamode,
19830 .cable_detect = sis_133_cable_detect,
19833 -static struct ata_port_operations sis_base_ops = {
19834 +static const struct ata_port_operations sis_base_ops = {
19835 .inherits = &ata_bmdma_port_ops,
19836 .prereset = sis_pre_reset,
19839 -static struct ata_port_operations sis_133_ops = {
19840 +static const struct ata_port_operations sis_133_ops = {
19841 .inherits = &sis_base_ops,
19842 .set_piomode = sis_133_set_piomode,
19843 .set_dmamode = sis_133_set_dmamode,
19844 .cable_detect = sis_133_cable_detect,
19847 -static struct ata_port_operations sis_133_early_ops = {
19848 +static const struct ata_port_operations sis_133_early_ops = {
19849 .inherits = &sis_base_ops,
19850 .set_piomode = sis_100_set_piomode,
19851 .set_dmamode = sis_133_early_set_dmamode,
19852 .cable_detect = sis_66_cable_detect,
19855 -static struct ata_port_operations sis_100_ops = {
19856 +static const struct ata_port_operations sis_100_ops = {
19857 .inherits = &sis_base_ops,
19858 .set_piomode = sis_100_set_piomode,
19859 .set_dmamode = sis_100_set_dmamode,
19860 .cable_detect = sis_66_cable_detect,
19863 -static struct ata_port_operations sis_66_ops = {
19864 +static const struct ata_port_operations sis_66_ops = {
19865 .inherits = &sis_base_ops,
19866 .set_piomode = sis_old_set_piomode,
19867 .set_dmamode = sis_66_set_dmamode,
19868 .cable_detect = sis_66_cable_detect,
19871 -static struct ata_port_operations sis_old_ops = {
19872 +static const struct ata_port_operations sis_old_ops = {
19873 .inherits = &sis_base_ops,
19874 .set_piomode = sis_old_set_piomode,
19875 .set_dmamode = sis_old_set_dmamode,
19876 diff -urNp linux-2.6.32.1/drivers/ata/pata_sl82c105.c linux-2.6.32.1/drivers/ata/pata_sl82c105.c
19877 --- linux-2.6.32.1/drivers/ata/pata_sl82c105.c 2009-12-02 22:51:21.000000000 -0500
19878 +++ linux-2.6.32.1/drivers/ata/pata_sl82c105.c 2009-12-14 18:33:52.618796044 -0500
19879 @@ -231,7 +231,7 @@ static struct scsi_host_template sl82c10
19880 ATA_BMDMA_SHT(DRV_NAME),
19883 -static struct ata_port_operations sl82c105_port_ops = {
19884 +static const struct ata_port_operations sl82c105_port_ops = {
19885 .inherits = &ata_bmdma_port_ops,
19886 .qc_defer = sl82c105_qc_defer,
19887 .bmdma_start = sl82c105_bmdma_start,
19888 diff -urNp linux-2.6.32.1/drivers/ata/pata_triflex.c linux-2.6.32.1/drivers/ata/pata_triflex.c
19889 --- linux-2.6.32.1/drivers/ata/pata_triflex.c 2009-12-02 22:51:21.000000000 -0500
19890 +++ linux-2.6.32.1/drivers/ata/pata_triflex.c 2009-12-14 18:33:52.619803170 -0500
19891 @@ -178,7 +178,7 @@ static struct scsi_host_template triflex
19892 ATA_BMDMA_SHT(DRV_NAME),
19895 -static struct ata_port_operations triflex_port_ops = {
19896 +static const struct ata_port_operations triflex_port_ops = {
19897 .inherits = &ata_bmdma_port_ops,
19898 .bmdma_start = triflex_bmdma_start,
19899 .bmdma_stop = triflex_bmdma_stop,
19900 diff -urNp linux-2.6.32.1/drivers/ata/pata_via.c linux-2.6.32.1/drivers/ata/pata_via.c
19901 --- linux-2.6.32.1/drivers/ata/pata_via.c 2009-12-02 22:51:21.000000000 -0500
19902 +++ linux-2.6.32.1/drivers/ata/pata_via.c 2009-12-14 18:33:52.620780452 -0500
19903 @@ -419,7 +419,7 @@ static struct scsi_host_template via_sht
19904 ATA_BMDMA_SHT(DRV_NAME),
19907 -static struct ata_port_operations via_port_ops = {
19908 +static const struct ata_port_operations via_port_ops = {
19909 .inherits = &ata_bmdma_port_ops,
19910 .cable_detect = via_cable_detect,
19911 .set_piomode = via_set_piomode,
19912 @@ -429,7 +429,7 @@ static struct ata_port_operations via_po
19913 .port_start = via_port_start,
19916 -static struct ata_port_operations via_port_ops_noirq = {
19917 +static const struct ata_port_operations via_port_ops_noirq = {
19918 .inherits = &via_port_ops,
19919 .sff_data_xfer = ata_sff_data_xfer_noirq,
19921 diff -urNp linux-2.6.32.1/drivers/ata/pata_winbond.c linux-2.6.32.1/drivers/ata/pata_winbond.c
19922 --- linux-2.6.32.1/drivers/ata/pata_winbond.c 2009-12-02 22:51:21.000000000 -0500
19923 +++ linux-2.6.32.1/drivers/ata/pata_winbond.c 2009-12-14 18:33:52.626715963 -0500
19924 @@ -125,7 +125,7 @@ static struct scsi_host_template winbond
19925 ATA_PIO_SHT(DRV_NAME),
19928 -static struct ata_port_operations winbond_port_ops = {
19929 +static const struct ata_port_operations winbond_port_ops = {
19930 .inherits = &ata_sff_port_ops,
19931 .sff_data_xfer = winbond_data_xfer,
19932 .cable_detect = ata_cable_40wire,
19933 diff -urNp linux-2.6.32.1/drivers/ata/pdc_adma.c linux-2.6.32.1/drivers/ata/pdc_adma.c
19934 --- linux-2.6.32.1/drivers/ata/pdc_adma.c 2009-12-02 22:51:21.000000000 -0500
19935 +++ linux-2.6.32.1/drivers/ata/pdc_adma.c 2009-12-14 18:33:52.627794824 -0500
19936 @@ -145,7 +145,7 @@ static struct scsi_host_template adma_at
19937 .dma_boundary = ADMA_DMA_BOUNDARY,
19940 -static struct ata_port_operations adma_ata_ops = {
19941 +static const struct ata_port_operations adma_ata_ops = {
19942 .inherits = &ata_sff_port_ops,
19944 .lost_interrupt = ATA_OP_NULL,
19945 diff -urNp linux-2.6.32.1/drivers/ata/sata_fsl.c linux-2.6.32.1/drivers/ata/sata_fsl.c
19946 --- linux-2.6.32.1/drivers/ata/sata_fsl.c 2009-12-02 22:51:21.000000000 -0500
19947 +++ linux-2.6.32.1/drivers/ata/sata_fsl.c 2009-12-14 18:33:52.637747586 -0500
19948 @@ -1258,7 +1258,7 @@ static struct scsi_host_template sata_fs
19949 .dma_boundary = ATA_DMA_BOUNDARY,
19952 -static struct ata_port_operations sata_fsl_ops = {
19953 +static const struct ata_port_operations sata_fsl_ops = {
19954 .inherits = &sata_pmp_port_ops,
19956 .qc_defer = ata_std_qc_defer,
19957 diff -urNp linux-2.6.32.1/drivers/ata/sata_inic162x.c linux-2.6.32.1/drivers/ata/sata_inic162x.c
19958 --- linux-2.6.32.1/drivers/ata/sata_inic162x.c 2009-12-02 22:51:21.000000000 -0500
19959 +++ linux-2.6.32.1/drivers/ata/sata_inic162x.c 2009-12-14 18:33:52.639706652 -0500
19960 @@ -721,7 +721,7 @@ static int inic_port_start(struct ata_po
19964 -static struct ata_port_operations inic_port_ops = {
19965 +static const struct ata_port_operations inic_port_ops = {
19966 .inherits = &sata_port_ops,
19968 .check_atapi_dma = inic_check_atapi_dma,
19969 diff -urNp linux-2.6.32.1/drivers/ata/sata_mv.c linux-2.6.32.1/drivers/ata/sata_mv.c
19970 --- linux-2.6.32.1/drivers/ata/sata_mv.c 2009-12-02 22:51:21.000000000 -0500
19971 +++ linux-2.6.32.1/drivers/ata/sata_mv.c 2009-12-14 18:33:52.658704306 -0500
19972 @@ -656,7 +656,7 @@ static struct scsi_host_template mv6_sht
19973 .dma_boundary = MV_DMA_BOUNDARY,
19976 -static struct ata_port_operations mv5_ops = {
19977 +static const struct ata_port_operations mv5_ops = {
19978 .inherits = &ata_sff_port_ops,
19980 .lost_interrupt = ATA_OP_NULL,
19981 @@ -678,7 +678,7 @@ static struct ata_port_operations mv5_op
19982 .port_stop = mv_port_stop,
19985 -static struct ata_port_operations mv6_ops = {
19986 +static const struct ata_port_operations mv6_ops = {
19987 .inherits = &mv5_ops,
19988 .dev_config = mv6_dev_config,
19989 .scr_read = mv_scr_read,
19990 @@ -698,7 +698,7 @@ static struct ata_port_operations mv6_op
19991 .bmdma_status = mv_bmdma_status,
19994 -static struct ata_port_operations mv_iie_ops = {
19995 +static const struct ata_port_operations mv_iie_ops = {
19996 .inherits = &mv6_ops,
19997 .dev_config = ATA_OP_NULL,
19998 .qc_prep = mv_qc_prep_iie,
19999 diff -urNp linux-2.6.32.1/drivers/ata/sata_nv.c linux-2.6.32.1/drivers/ata/sata_nv.c
20000 --- linux-2.6.32.1/drivers/ata/sata_nv.c 2009-12-02 22:51:21.000000000 -0500
20001 +++ linux-2.6.32.1/drivers/ata/sata_nv.c 2009-12-14 18:33:52.696718019 -0500
20002 @@ -464,7 +464,7 @@ static struct scsi_host_template nv_swnc
20003 * cases. Define nv_hardreset() which only kicks in for post-boot
20004 * probing and use it for all variants.
20006 -static struct ata_port_operations nv_generic_ops = {
20007 +static const struct ata_port_operations nv_generic_ops = {
20008 .inherits = &ata_bmdma_port_ops,
20009 .lost_interrupt = ATA_OP_NULL,
20010 .scr_read = nv_scr_read,
20011 @@ -472,20 +472,20 @@ static struct ata_port_operations nv_gen
20012 .hardreset = nv_hardreset,
20015 -static struct ata_port_operations nv_nf2_ops = {
20016 +static const struct ata_port_operations nv_nf2_ops = {
20017 .inherits = &nv_generic_ops,
20018 .freeze = nv_nf2_freeze,
20019 .thaw = nv_nf2_thaw,
20022 -static struct ata_port_operations nv_ck804_ops = {
20023 +static const struct ata_port_operations nv_ck804_ops = {
20024 .inherits = &nv_generic_ops,
20025 .freeze = nv_ck804_freeze,
20026 .thaw = nv_ck804_thaw,
20027 .host_stop = nv_ck804_host_stop,
20030 -static struct ata_port_operations nv_adma_ops = {
20031 +static const struct ata_port_operations nv_adma_ops = {
20032 .inherits = &nv_ck804_ops,
20034 .check_atapi_dma = nv_adma_check_atapi_dma,
20035 @@ -509,7 +509,7 @@ static struct ata_port_operations nv_adm
20036 .host_stop = nv_adma_host_stop,
20039 -static struct ata_port_operations nv_swncq_ops = {
20040 +static const struct ata_port_operations nv_swncq_ops = {
20041 .inherits = &nv_generic_ops,
20043 .qc_defer = ata_std_qc_defer,
20044 diff -urNp linux-2.6.32.1/drivers/ata/sata_promise.c linux-2.6.32.1/drivers/ata/sata_promise.c
20045 --- linux-2.6.32.1/drivers/ata/sata_promise.c 2009-12-02 22:51:21.000000000 -0500
20046 +++ linux-2.6.32.1/drivers/ata/sata_promise.c 2009-12-14 18:33:52.698752470 -0500
20047 @@ -195,7 +195,7 @@ static const struct ata_port_operations
20048 .error_handler = pdc_error_handler,
20051 -static struct ata_port_operations pdc_sata_ops = {
20052 +static const struct ata_port_operations pdc_sata_ops = {
20053 .inherits = &pdc_common_ops,
20054 .cable_detect = pdc_sata_cable_detect,
20055 .freeze = pdc_sata_freeze,
20056 @@ -208,14 +208,14 @@ static struct ata_port_operations pdc_sa
20058 /* First-generation chips need a more restrictive ->check_atapi_dma op,
20059 and ->freeze/thaw that ignore the hotplug controls. */
20060 -static struct ata_port_operations pdc_old_sata_ops = {
20061 +static const struct ata_port_operations pdc_old_sata_ops = {
20062 .inherits = &pdc_sata_ops,
20063 .freeze = pdc_freeze,
20065 .check_atapi_dma = pdc_old_sata_check_atapi_dma,
20068 -static struct ata_port_operations pdc_pata_ops = {
20069 +static const struct ata_port_operations pdc_pata_ops = {
20070 .inherits = &pdc_common_ops,
20071 .cable_detect = pdc_pata_cable_detect,
20072 .freeze = pdc_freeze,
20073 diff -urNp linux-2.6.32.1/drivers/ata/sata_qstor.c linux-2.6.32.1/drivers/ata/sata_qstor.c
20074 --- linux-2.6.32.1/drivers/ata/sata_qstor.c 2009-12-02 22:51:21.000000000 -0500
20075 +++ linux-2.6.32.1/drivers/ata/sata_qstor.c 2009-12-14 18:33:52.699808658 -0500
20076 @@ -132,7 +132,7 @@ static struct scsi_host_template qs_ata_
20077 .dma_boundary = QS_DMA_BOUNDARY,
20080 -static struct ata_port_operations qs_ata_ops = {
20081 +static const struct ata_port_operations qs_ata_ops = {
20082 .inherits = &ata_sff_port_ops,
20084 .check_atapi_dma = qs_check_atapi_dma,
20085 diff -urNp linux-2.6.32.1/drivers/ata/sata_sil24.c linux-2.6.32.1/drivers/ata/sata_sil24.c
20086 --- linux-2.6.32.1/drivers/ata/sata_sil24.c 2009-12-02 22:51:21.000000000 -0500
20087 +++ linux-2.6.32.1/drivers/ata/sata_sil24.c 2009-12-14 18:33:52.705762950 -0500
20088 @@ -388,7 +388,7 @@ static struct scsi_host_template sil24_s
20089 .dma_boundary = ATA_DMA_BOUNDARY,
20092 -static struct ata_port_operations sil24_ops = {
20093 +static const struct ata_port_operations sil24_ops = {
20094 .inherits = &sata_pmp_port_ops,
20096 .qc_defer = sil24_qc_defer,
20097 diff -urNp linux-2.6.32.1/drivers/ata/sata_sil.c linux-2.6.32.1/drivers/ata/sata_sil.c
20098 --- linux-2.6.32.1/drivers/ata/sata_sil.c 2009-12-02 22:51:21.000000000 -0500
20099 +++ linux-2.6.32.1/drivers/ata/sata_sil.c 2009-12-14 18:33:52.707805475 -0500
20100 @@ -182,7 +182,7 @@ static struct scsi_host_template sil_sht
20101 .sg_tablesize = ATA_MAX_PRD
20104 -static struct ata_port_operations sil_ops = {
20105 +static const struct ata_port_operations sil_ops = {
20106 .inherits = &ata_bmdma32_port_ops,
20107 .dev_config = sil_dev_config,
20108 .set_mode = sil_set_mode,
20109 diff -urNp linux-2.6.32.1/drivers/ata/sata_sis.c linux-2.6.32.1/drivers/ata/sata_sis.c
20110 --- linux-2.6.32.1/drivers/ata/sata_sis.c 2009-12-02 22:51:21.000000000 -0500
20111 +++ linux-2.6.32.1/drivers/ata/sata_sis.c 2009-12-14 18:33:52.714800469 -0500
20112 @@ -89,7 +89,7 @@ static struct scsi_host_template sis_sht
20113 ATA_BMDMA_SHT(DRV_NAME),
20116 -static struct ata_port_operations sis_ops = {
20117 +static const struct ata_port_operations sis_ops = {
20118 .inherits = &ata_bmdma_port_ops,
20119 .scr_read = sis_scr_read,
20120 .scr_write = sis_scr_write,
20121 diff -urNp linux-2.6.32.1/drivers/ata/sata_svw.c linux-2.6.32.1/drivers/ata/sata_svw.c
20122 --- linux-2.6.32.1/drivers/ata/sata_svw.c 2009-12-02 22:51:21.000000000 -0500
20123 +++ linux-2.6.32.1/drivers/ata/sata_svw.c 2009-12-14 18:33:52.715787586 -0500
20124 @@ -344,7 +344,7 @@ static struct scsi_host_template k2_sata
20128 -static struct ata_port_operations k2_sata_ops = {
20129 +static const struct ata_port_operations k2_sata_ops = {
20130 .inherits = &ata_bmdma_port_ops,
20131 .sff_tf_load = k2_sata_tf_load,
20132 .sff_tf_read = k2_sata_tf_read,
20133 diff -urNp linux-2.6.32.1/drivers/ata/sata_sx4.c linux-2.6.32.1/drivers/ata/sata_sx4.c
20134 --- linux-2.6.32.1/drivers/ata/sata_sx4.c 2009-12-02 22:51:21.000000000 -0500
20135 +++ linux-2.6.32.1/drivers/ata/sata_sx4.c 2009-12-14 18:33:52.727821368 -0500
20136 @@ -248,7 +248,7 @@ static struct scsi_host_template pdc_sat
20139 /* TODO: inherit from base port_ops after converting to new EH */
20140 -static struct ata_port_operations pdc_20621_ops = {
20141 +static const struct ata_port_operations pdc_20621_ops = {
20142 .inherits = &ata_sff_port_ops,
20144 .check_atapi_dma = pdc_check_atapi_dma,
20145 diff -urNp linux-2.6.32.1/drivers/ata/sata_uli.c linux-2.6.32.1/drivers/ata/sata_uli.c
20146 --- linux-2.6.32.1/drivers/ata/sata_uli.c 2009-12-02 22:51:21.000000000 -0500
20147 +++ linux-2.6.32.1/drivers/ata/sata_uli.c 2009-12-14 18:33:52.734813932 -0500
20148 @@ -79,7 +79,7 @@ static struct scsi_host_template uli_sht
20149 ATA_BMDMA_SHT(DRV_NAME),
20152 -static struct ata_port_operations uli_ops = {
20153 +static const struct ata_port_operations uli_ops = {
20154 .inherits = &ata_bmdma_port_ops,
20155 .scr_read = uli_scr_read,
20156 .scr_write = uli_scr_write,
20157 diff -urNp linux-2.6.32.1/drivers/ata/sata_via.c linux-2.6.32.1/drivers/ata/sata_via.c
20158 --- linux-2.6.32.1/drivers/ata/sata_via.c 2009-12-02 22:51:21.000000000 -0500
20159 +++ linux-2.6.32.1/drivers/ata/sata_via.c 2009-12-14 18:33:52.739786675 -0500
20160 @@ -112,31 +112,31 @@ static struct scsi_host_template svia_sh
20161 ATA_BMDMA_SHT(DRV_NAME),
20164 -static struct ata_port_operations svia_base_ops = {
20165 +static const struct ata_port_operations svia_base_ops = {
20166 .inherits = &ata_bmdma_port_ops,
20167 .sff_tf_load = svia_tf_load,
20170 -static struct ata_port_operations vt6420_sata_ops = {
20171 +static const struct ata_port_operations vt6420_sata_ops = {
20172 .inherits = &svia_base_ops,
20173 .freeze = svia_noop_freeze,
20174 .prereset = vt6420_prereset,
20177 -static struct ata_port_operations vt6421_pata_ops = {
20178 +static const struct ata_port_operations vt6421_pata_ops = {
20179 .inherits = &svia_base_ops,
20180 .cable_detect = vt6421_pata_cable_detect,
20181 .set_piomode = vt6421_set_pio_mode,
20182 .set_dmamode = vt6421_set_dma_mode,
20185 -static struct ata_port_operations vt6421_sata_ops = {
20186 +static const struct ata_port_operations vt6421_sata_ops = {
20187 .inherits = &svia_base_ops,
20188 .scr_read = svia_scr_read,
20189 .scr_write = svia_scr_write,
20192 -static struct ata_port_operations vt8251_ops = {
20193 +static const struct ata_port_operations vt8251_ops = {
20194 .inherits = &svia_base_ops,
20195 .hardreset = sata_std_hardreset,
20196 .scr_read = vt8251_scr_read,
20197 diff -urNp linux-2.6.32.1/drivers/ata/sata_vsc.c linux-2.6.32.1/drivers/ata/sata_vsc.c
20198 --- linux-2.6.32.1/drivers/ata/sata_vsc.c 2009-12-02 22:51:21.000000000 -0500
20199 +++ linux-2.6.32.1/drivers/ata/sata_vsc.c 2009-12-14 18:33:52.750768010 -0500
20200 @@ -306,7 +306,7 @@ static struct scsi_host_template vsc_sat
20204 -static struct ata_port_operations vsc_sata_ops = {
20205 +static const struct ata_port_operations vsc_sata_ops = {
20206 .inherits = &ata_bmdma_port_ops,
20207 /* The IRQ handling is not quite standard SFF behaviour so we
20208 cannot use the default lost interrupt handler */
20209 diff -urNp linux-2.6.32.1/drivers/atm/adummy.c linux-2.6.32.1/drivers/atm/adummy.c
20210 --- linux-2.6.32.1/drivers/atm/adummy.c 2009-12-02 22:51:21.000000000 -0500
20211 +++ linux-2.6.32.1/drivers/atm/adummy.c 2009-12-14 18:33:52.758818499 -0500
20212 @@ -77,7 +77,7 @@ adummy_send(struct atm_vcc *vcc, struct
20213 vcc->pop(vcc, skb);
20215 dev_kfree_skb_any(skb);
20216 - atomic_inc(&vcc->stats->tx);
20217 + atomic_inc_unchecked(&vcc->stats->tx);
20221 diff -urNp linux-2.6.32.1/drivers/atm/ambassador.c linux-2.6.32.1/drivers/atm/ambassador.c
20222 --- linux-2.6.32.1/drivers/atm/ambassador.c 2009-12-02 22:51:21.000000000 -0500
20223 +++ linux-2.6.32.1/drivers/atm/ambassador.c 2009-12-14 18:33:52.788804348 -0500
20224 @@ -453,7 +453,7 @@ static void tx_complete (amb_dev * dev,
20225 PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx);
20228 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
20229 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
20231 // free the descriptor
20233 @@ -494,7 +494,7 @@ static void rx_complete (amb_dev * dev,
20234 dump_skb ("<<<", vc, skb);
20237 - atomic_inc(&atm_vcc->stats->rx);
20238 + atomic_inc_unchecked(&atm_vcc->stats->rx);
20239 __net_timestamp(skb);
20240 // end of our responsability
20241 atm_vcc->push (atm_vcc, skb);
20242 @@ -509,7 +509,7 @@ static void rx_complete (amb_dev * dev,
20244 PRINTK (KERN_INFO, "dropped over-size frame");
20245 // should we count this?
20246 - atomic_inc(&atm_vcc->stats->rx_drop);
20247 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
20251 @@ -1341,7 +1341,7 @@ static int amb_send (struct atm_vcc * at
20254 if (check_area (skb->data, skb->len)) {
20255 - atomic_inc(&atm_vcc->stats->tx_err);
20256 + atomic_inc_unchecked(&atm_vcc->stats->tx_err);
20257 return -ENOMEM; // ?
20260 diff -urNp linux-2.6.32.1/drivers/atm/atmtcp.c linux-2.6.32.1/drivers/atm/atmtcp.c
20261 --- linux-2.6.32.1/drivers/atm/atmtcp.c 2009-12-02 22:51:21.000000000 -0500
20262 +++ linux-2.6.32.1/drivers/atm/atmtcp.c 2009-12-14 18:33:52.803786695 -0500
20263 @@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc
20264 if (vcc->pop) vcc->pop(vcc,skb);
20265 else dev_kfree_skb(skb);
20266 if (dev_data) return 0;
20267 - atomic_inc(&vcc->stats->tx_err);
20268 + atomic_inc_unchecked(&vcc->stats->tx_err);
20271 size = skb->len+sizeof(struct atmtcp_hdr);
20272 @@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc
20274 if (vcc->pop) vcc->pop(vcc,skb);
20275 else dev_kfree_skb(skb);
20276 - atomic_inc(&vcc->stats->tx_err);
20277 + atomic_inc_unchecked(&vcc->stats->tx_err);
20280 hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
20281 @@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc
20282 if (vcc->pop) vcc->pop(vcc,skb);
20283 else dev_kfree_skb(skb);
20284 out_vcc->push(out_vcc,new_skb);
20285 - atomic_inc(&vcc->stats->tx);
20286 - atomic_inc(&out_vcc->stats->rx);
20287 + atomic_inc_unchecked(&vcc->stats->tx);
20288 + atomic_inc_unchecked(&out_vcc->stats->rx);
20292 @@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc
20293 out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci));
20294 read_unlock(&vcc_sklist_lock);
20296 - atomic_inc(&vcc->stats->tx_err);
20297 + atomic_inc_unchecked(&vcc->stats->tx_err);
20300 skb_pull(skb,sizeof(struct atmtcp_hdr));
20301 @@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc
20302 __net_timestamp(new_skb);
20303 skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
20304 out_vcc->push(out_vcc,new_skb);
20305 - atomic_inc(&vcc->stats->tx);
20306 - atomic_inc(&out_vcc->stats->rx);
20307 + atomic_inc_unchecked(&vcc->stats->tx);
20308 + atomic_inc_unchecked(&out_vcc->stats->rx);
20310 if (vcc->pop) vcc->pop(vcc,skb);
20311 else dev_kfree_skb(skb);
20312 diff -urNp linux-2.6.32.1/drivers/atm/eni.c linux-2.6.32.1/drivers/atm/eni.c
20313 --- linux-2.6.32.1/drivers/atm/eni.c 2009-12-02 22:51:21.000000000 -0500
20314 +++ linux-2.6.32.1/drivers/atm/eni.c 2009-12-14 18:33:52.820819840 -0500
20315 @@ -525,7 +525,7 @@ static int rx_aal0(struct atm_vcc *vcc)
20316 DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n",
20319 - atomic_inc(&vcc->stats->rx_err);
20320 + atomic_inc_unchecked(&vcc->stats->rx_err);
20323 length = ATM_CELL_SIZE-1; /* no HEC */
20324 @@ -580,7 +580,7 @@ static int rx_aal5(struct atm_vcc *vcc)
20328 - atomic_inc(&vcc->stats->rx_err);
20329 + atomic_inc_unchecked(&vcc->stats->rx_err);
20332 size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2);
20333 @@ -597,7 +597,7 @@ static int rx_aal5(struct atm_vcc *vcc)
20334 "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n",
20335 vcc->dev->number,vcc->vci,length,size << 2,descr);
20337 - atomic_inc(&vcc->stats->rx_err);
20338 + atomic_inc_unchecked(&vcc->stats->rx_err);
20341 skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL;
20342 @@ -770,7 +770,7 @@ rx_dequeued++;
20343 vcc->push(vcc,skb);
20346 - atomic_inc(&vcc->stats->rx);
20347 + atomic_inc_unchecked(&vcc->stats->rx);
20349 wake_up(&eni_dev->rx_wait);
20351 @@ -1227,7 +1227,7 @@ static void dequeue_tx(struct atm_dev *d
20353 if (vcc->pop) vcc->pop(vcc,skb);
20354 else dev_kfree_skb_irq(skb);
20355 - atomic_inc(&vcc->stats->tx);
20356 + atomic_inc_unchecked(&vcc->stats->tx);
20357 wake_up(&eni_dev->tx_wait);
20360 diff -urNp linux-2.6.32.1/drivers/atm/firestream.c linux-2.6.32.1/drivers/atm/firestream.c
20361 --- linux-2.6.32.1/drivers/atm/firestream.c 2009-12-02 22:51:21.000000000 -0500
20362 +++ linux-2.6.32.1/drivers/atm/firestream.c 2009-12-14 18:33:52.841814340 -0500
20363 @@ -748,7 +748,7 @@ static void process_txdone_queue (struct
20367 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
20368 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
20370 fs_dprintk (FS_DEBUG_TXMEM, "i");
20371 fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
20372 @@ -815,7 +815,7 @@ static void process_incoming (struct fs_
20374 skb_put (skb, qe->p1 & 0xffff);
20375 ATM_SKB(skb)->vcc = atm_vcc;
20376 - atomic_inc(&atm_vcc->stats->rx);
20377 + atomic_inc_unchecked(&atm_vcc->stats->rx);
20378 __net_timestamp(skb);
20379 fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
20380 atm_vcc->push (atm_vcc, skb);
20381 @@ -836,12 +836,12 @@ static void process_incoming (struct fs_
20385 - atomic_inc(&atm_vcc->stats->rx_drop);
20386 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
20388 case 0x1f: /* Reassembly abort: no buffers. */
20389 /* Silently increment error counter. */
20391 - atomic_inc(&atm_vcc->stats->rx_drop);
20392 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
20394 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
20395 printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n",
20396 diff -urNp linux-2.6.32.1/drivers/atm/fore200e.c linux-2.6.32.1/drivers/atm/fore200e.c
20397 --- linux-2.6.32.1/drivers/atm/fore200e.c 2009-12-02 22:51:21.000000000 -0500
20398 +++ linux-2.6.32.1/drivers/atm/fore200e.c 2009-12-14 18:33:52.843812882 -0500
20399 @@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200
20401 /* check error condition */
20402 if (*entry->status & STATUS_ERROR)
20403 - atomic_inc(&vcc->stats->tx_err);
20404 + atomic_inc_unchecked(&vcc->stats->tx_err);
20406 - atomic_inc(&vcc->stats->tx);
20407 + atomic_inc_unchecked(&vcc->stats->tx);
20411 @@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore2
20413 DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
20415 - atomic_inc(&vcc->stats->rx_drop);
20416 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20420 @@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore2
20422 dev_kfree_skb_any(skb);
20424 - atomic_inc(&vcc->stats->rx_drop);
20425 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20429 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
20431 vcc->push(vcc, skb);
20432 - atomic_inc(&vcc->stats->rx);
20433 + atomic_inc_unchecked(&vcc->stats->rx);
20435 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
20437 @@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200
20438 DPRINTK(2, "damaged PDU on %d.%d.%d\n",
20439 fore200e->atm_dev->number,
20440 entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
20441 - atomic_inc(&vcc->stats->rx_err);
20442 + atomic_inc_unchecked(&vcc->stats->rx_err);
20446 @@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struc
20450 - atomic_inc(&vcc->stats->tx_err);
20451 + atomic_inc_unchecked(&vcc->stats->tx_err);
20453 fore200e->tx_sat++;
20454 DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
20455 diff -urNp linux-2.6.32.1/drivers/atm/he.c linux-2.6.32.1/drivers/atm/he.c
20456 --- linux-2.6.32.1/drivers/atm/he.c 2009-12-02 22:51:21.000000000 -0500
20457 +++ linux-2.6.32.1/drivers/atm/he.c 2009-12-14 18:33:52.878739381 -0500
20458 @@ -1769,7 +1769,7 @@ he_service_rbrq(struct he_dev *he_dev, i
20460 if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
20461 hprintk("HBUF_ERR! (cid 0x%x)\n", cid);
20462 - atomic_inc(&vcc->stats->rx_drop);
20463 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20464 goto return_host_buffers;
20467 @@ -1802,7 +1802,7 @@ he_service_rbrq(struct he_dev *he_dev, i
20468 RBRQ_LEN_ERR(he_dev->rbrq_head)
20470 vcc->vpi, vcc->vci);
20471 - atomic_inc(&vcc->stats->rx_err);
20472 + atomic_inc_unchecked(&vcc->stats->rx_err);
20473 goto return_host_buffers;
20476 @@ -1861,7 +1861,7 @@ he_service_rbrq(struct he_dev *he_dev, i
20477 vcc->push(vcc, skb);
20478 spin_lock(&he_dev->global_lock);
20480 - atomic_inc(&vcc->stats->rx);
20481 + atomic_inc_unchecked(&vcc->stats->rx);
20483 return_host_buffers:
20485 @@ -2206,7 +2206,7 @@ __enqueue_tpd(struct he_dev *he_dev, str
20486 tpd->vcc->pop(tpd->vcc, tpd->skb);
20488 dev_kfree_skb_any(tpd->skb);
20489 - atomic_inc(&tpd->vcc->stats->tx_err);
20490 + atomic_inc_unchecked(&tpd->vcc->stats->tx_err);
20492 pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
20494 @@ -2618,7 +2618,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20495 vcc->pop(vcc, skb);
20497 dev_kfree_skb_any(skb);
20498 - atomic_inc(&vcc->stats->tx_err);
20499 + atomic_inc_unchecked(&vcc->stats->tx_err);
20503 @@ -2629,7 +2629,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20504 vcc->pop(vcc, skb);
20506 dev_kfree_skb_any(skb);
20507 - atomic_inc(&vcc->stats->tx_err);
20508 + atomic_inc_unchecked(&vcc->stats->tx_err);
20512 @@ -2641,7 +2641,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20513 vcc->pop(vcc, skb);
20515 dev_kfree_skb_any(skb);
20516 - atomic_inc(&vcc->stats->tx_err);
20517 + atomic_inc_unchecked(&vcc->stats->tx_err);
20518 spin_unlock_irqrestore(&he_dev->global_lock, flags);
20521 @@ -2683,7 +2683,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20522 vcc->pop(vcc, skb);
20524 dev_kfree_skb_any(skb);
20525 - atomic_inc(&vcc->stats->tx_err);
20526 + atomic_inc_unchecked(&vcc->stats->tx_err);
20527 spin_unlock_irqrestore(&he_dev->global_lock, flags);
20530 @@ -2714,7 +2714,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
20531 __enqueue_tpd(he_dev, tpd, cid);
20532 spin_unlock_irqrestore(&he_dev->global_lock, flags);
20534 - atomic_inc(&vcc->stats->tx);
20535 + atomic_inc_unchecked(&vcc->stats->tx);
20539 diff -urNp linux-2.6.32.1/drivers/atm/horizon.c linux-2.6.32.1/drivers/atm/horizon.c
20540 --- linux-2.6.32.1/drivers/atm/horizon.c 2009-12-02 22:51:21.000000000 -0500
20541 +++ linux-2.6.32.1/drivers/atm/horizon.c 2009-12-14 18:33:52.909829659 -0500
20542 @@ -1033,7 +1033,7 @@ static void rx_schedule (hrz_dev * dev,
20544 struct atm_vcc * vcc = ATM_SKB(skb)->vcc;
20546 - atomic_inc(&vcc->stats->rx);
20547 + atomic_inc_unchecked(&vcc->stats->rx);
20548 __net_timestamp(skb);
20549 // end of our responsability
20550 vcc->push (vcc, skb);
20551 @@ -1185,7 +1185,7 @@ static void tx_schedule (hrz_dev * const
20552 dev->tx_iovec = NULL;
20555 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
20556 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
20559 hrz_kfree_skb (skb);
20560 diff -urNp linux-2.6.32.1/drivers/atm/idt77252.c linux-2.6.32.1/drivers/atm/idt77252.c
20561 --- linux-2.6.32.1/drivers/atm/idt77252.c 2009-12-02 22:51:21.000000000 -0500
20562 +++ linux-2.6.32.1/drivers/atm/idt77252.c 2009-12-14 18:33:52.921825790 -0500
20563 @@ -810,7 +810,7 @@ drain_scq(struct idt77252_dev *card, str
20565 dev_kfree_skb(skb);
20567 - atomic_inc(&vcc->stats->tx);
20568 + atomic_inc_unchecked(&vcc->stats->tx);
20571 atomic_dec(&scq->used);
20572 @@ -1073,13 +1073,13 @@ dequeue_rx(struct idt77252_dev *card, st
20573 if ((sb = dev_alloc_skb(64)) == NULL) {
20574 printk("%s: Can't allocate buffers for aal0.\n",
20576 - atomic_add(i, &vcc->stats->rx_drop);
20577 + atomic_add_unchecked(i, &vcc->stats->rx_drop);
20580 if (!atm_charge(vcc, sb->truesize)) {
20581 RXPRINTK("%s: atm_charge() dropped aal0 packets.\n",
20583 - atomic_add(i - 1, &vcc->stats->rx_drop);
20584 + atomic_add_unchecked(i - 1, &vcc->stats->rx_drop);
20588 @@ -1096,7 +1096,7 @@ dequeue_rx(struct idt77252_dev *card, st
20589 ATM_SKB(sb)->vcc = vcc;
20590 __net_timestamp(sb);
20591 vcc->push(vcc, sb);
20592 - atomic_inc(&vcc->stats->rx);
20593 + atomic_inc_unchecked(&vcc->stats->rx);
20595 cell += ATM_CELL_PAYLOAD;
20597 @@ -1133,13 +1133,13 @@ dequeue_rx(struct idt77252_dev *card, st
20599 card->name, len, rpp->len, readl(SAR_REG_CDC));
20600 recycle_rx_pool_skb(card, rpp);
20601 - atomic_inc(&vcc->stats->rx_err);
20602 + atomic_inc_unchecked(&vcc->stats->rx_err);
20605 if (stat & SAR_RSQE_CRC) {
20606 RXPRINTK("%s: AAL5 CRC error.\n", card->name);
20607 recycle_rx_pool_skb(card, rpp);
20608 - atomic_inc(&vcc->stats->rx_err);
20609 + atomic_inc_unchecked(&vcc->stats->rx_err);
20612 if (skb_queue_len(&rpp->queue) > 1) {
20613 @@ -1150,7 +1150,7 @@ dequeue_rx(struct idt77252_dev *card, st
20614 RXPRINTK("%s: Can't alloc RX skb.\n",
20616 recycle_rx_pool_skb(card, rpp);
20617 - atomic_inc(&vcc->stats->rx_err);
20618 + atomic_inc_unchecked(&vcc->stats->rx_err);
20621 if (!atm_charge(vcc, skb->truesize)) {
20622 @@ -1169,7 +1169,7 @@ dequeue_rx(struct idt77252_dev *card, st
20623 __net_timestamp(skb);
20625 vcc->push(vcc, skb);
20626 - atomic_inc(&vcc->stats->rx);
20627 + atomic_inc_unchecked(&vcc->stats->rx);
20631 @@ -1191,7 +1191,7 @@ dequeue_rx(struct idt77252_dev *card, st
20632 __net_timestamp(skb);
20634 vcc->push(vcc, skb);
20635 - atomic_inc(&vcc->stats->rx);
20636 + atomic_inc_unchecked(&vcc->stats->rx);
20638 if (skb->truesize > SAR_FB_SIZE_3)
20639 add_rx_skb(card, 3, SAR_FB_SIZE_3, 1);
20640 @@ -1303,14 +1303,14 @@ idt77252_rx_raw(struct idt77252_dev *car
20641 if (vcc->qos.aal != ATM_AAL0) {
20642 RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n",
20643 card->name, vpi, vci);
20644 - atomic_inc(&vcc->stats->rx_drop);
20645 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20649 if ((sb = dev_alloc_skb(64)) == NULL) {
20650 printk("%s: Can't allocate buffers for AAL0.\n",
20652 - atomic_inc(&vcc->stats->rx_err);
20653 + atomic_inc_unchecked(&vcc->stats->rx_err);
20657 @@ -1329,7 +1329,7 @@ idt77252_rx_raw(struct idt77252_dev *car
20658 ATM_SKB(sb)->vcc = vcc;
20659 __net_timestamp(sb);
20660 vcc->push(vcc, sb);
20661 - atomic_inc(&vcc->stats->rx);
20662 + atomic_inc_unchecked(&vcc->stats->rx);
20665 skb_pull(queue, 64);
20666 @@ -1954,13 +1954,13 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20669 printk("%s: NULL connection in send().\n", card->name);
20670 - atomic_inc(&vcc->stats->tx_err);
20671 + atomic_inc_unchecked(&vcc->stats->tx_err);
20672 dev_kfree_skb(skb);
20675 if (!test_bit(VCF_TX, &vc->flags)) {
20676 printk("%s: Trying to transmit on a non-tx VC.\n", card->name);
20677 - atomic_inc(&vcc->stats->tx_err);
20678 + atomic_inc_unchecked(&vcc->stats->tx_err);
20679 dev_kfree_skb(skb);
20682 @@ -1972,14 +1972,14 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20685 printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal);
20686 - atomic_inc(&vcc->stats->tx_err);
20687 + atomic_inc_unchecked(&vcc->stats->tx_err);
20688 dev_kfree_skb(skb);
20692 if (skb_shinfo(skb)->nr_frags != 0) {
20693 printk("%s: No scatter-gather yet.\n", card->name);
20694 - atomic_inc(&vcc->stats->tx_err);
20695 + atomic_inc_unchecked(&vcc->stats->tx_err);
20696 dev_kfree_skb(skb);
20699 @@ -1987,7 +1987,7 @@ idt77252_send_skb(struct atm_vcc *vcc, s
20701 err = queue_skb(card, vc, skb, oam);
20703 - atomic_inc(&vcc->stats->tx_err);
20704 + atomic_inc_unchecked(&vcc->stats->tx_err);
20705 dev_kfree_skb(skb);
20708 @@ -2010,7 +2010,7 @@ idt77252_send_oam(struct atm_vcc *vcc, v
20709 skb = dev_alloc_skb(64);
20711 printk("%s: Out of memory in send_oam().\n", card->name);
20712 - atomic_inc(&vcc->stats->tx_err);
20713 + atomic_inc_unchecked(&vcc->stats->tx_err);
20716 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
20717 diff -urNp linux-2.6.32.1/drivers/atm/iphase.c linux-2.6.32.1/drivers/atm/iphase.c
20718 --- linux-2.6.32.1/drivers/atm/iphase.c 2009-12-02 22:51:21.000000000 -0500
20719 +++ linux-2.6.32.1/drivers/atm/iphase.c 2009-12-14 18:33:52.935769926 -0500
20720 @@ -1123,7 +1123,7 @@ static int rx_pkt(struct atm_dev *dev)
20721 status = (u_short) (buf_desc_ptr->desc_mode);
20722 if (status & (RX_CER | RX_PTE | RX_OFL))
20724 - atomic_inc(&vcc->stats->rx_err);
20725 + atomic_inc_unchecked(&vcc->stats->rx_err);
20726 IF_ERR(printk("IA: bad packet, dropping it");)
20727 if (status & RX_CER) {
20728 IF_ERR(printk(" cause: packet CRC error\n");)
20729 @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
20730 len = dma_addr - buf_addr;
20731 if (len > iadev->rx_buf_sz) {
20732 printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz);
20733 - atomic_inc(&vcc->stats->rx_err);
20734 + atomic_inc_unchecked(&vcc->stats->rx_err);
20735 goto out_free_desc;
20738 @@ -1296,7 +1296,7 @@ static void rx_dle_intr(struct atm_dev *
20739 ia_vcc = INPH_IA_VCC(vcc);
20740 if (ia_vcc == NULL)
20742 - atomic_inc(&vcc->stats->rx_err);
20743 + atomic_inc_unchecked(&vcc->stats->rx_err);
20744 dev_kfree_skb_any(skb);
20745 atm_return(vcc, atm_guess_pdu2truesize(len));
20747 @@ -1308,7 +1308,7 @@ static void rx_dle_intr(struct atm_dev *
20748 if ((length > iadev->rx_buf_sz) || (length >
20749 (skb->len - sizeof(struct cpcs_trailer))))
20751 - atomic_inc(&vcc->stats->rx_err);
20752 + atomic_inc_unchecked(&vcc->stats->rx_err);
20753 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
20754 length, skb->len);)
20755 dev_kfree_skb_any(skb);
20756 @@ -1324,7 +1324,7 @@ static void rx_dle_intr(struct atm_dev *
20758 IF_RX(printk("rx_dle_intr: skb push");)
20759 vcc->push(vcc,skb);
20760 - atomic_inc(&vcc->stats->rx);
20761 + atomic_inc_unchecked(&vcc->stats->rx);
20762 iadev->rx_pkt_cnt++;
20765 @@ -2806,15 +2806,15 @@ static int ia_ioctl(struct atm_dev *dev,
20767 struct k_sonet_stats *stats;
20768 stats = &PRIV(_ia_dev[board])->sonet_stats;
20769 - printk("section_bip: %d\n", atomic_read(&stats->section_bip));
20770 - printk("line_bip : %d\n", atomic_read(&stats->line_bip));
20771 - printk("path_bip : %d\n", atomic_read(&stats->path_bip));
20772 - printk("line_febe : %d\n", atomic_read(&stats->line_febe));
20773 - printk("path_febe : %d\n", atomic_read(&stats->path_febe));
20774 - printk("corr_hcs : %d\n", atomic_read(&stats->corr_hcs));
20775 - printk("uncorr_hcs : %d\n", atomic_read(&stats->uncorr_hcs));
20776 - printk("tx_cells : %d\n", atomic_read(&stats->tx_cells));
20777 - printk("rx_cells : %d\n", atomic_read(&stats->rx_cells));
20778 + printk("section_bip: %d\n", atomic_read_unchecked(&stats->section_bip));
20779 + printk("line_bip : %d\n", atomic_read_unchecked(&stats->line_bip));
20780 + printk("path_bip : %d\n", atomic_read_unchecked(&stats->path_bip));
20781 + printk("line_febe : %d\n", atomic_read_unchecked(&stats->line_febe));
20782 + printk("path_febe : %d\n", atomic_read_unchecked(&stats->path_febe));
20783 + printk("corr_hcs : %d\n", atomic_read_unchecked(&stats->corr_hcs));
20784 + printk("uncorr_hcs : %d\n", atomic_read_unchecked(&stats->uncorr_hcs));
20785 + printk("tx_cells : %d\n", atomic_read_unchecked(&stats->tx_cells));
20786 + printk("rx_cells : %d\n", atomic_read_unchecked(&stats->rx_cells));
20788 ia_cmds.status = 0;
20790 @@ -2919,7 +2919,7 @@ static int ia_pkt_tx (struct atm_vcc *vc
20791 if ((desc == 0) || (desc > iadev->num_tx_desc))
20793 IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);)
20794 - atomic_inc(&vcc->stats->tx);
20795 + atomic_inc_unchecked(&vcc->stats->tx);
20797 vcc->pop(vcc, skb);
20799 @@ -3024,14 +3024,14 @@ static int ia_pkt_tx (struct atm_vcc *vc
20800 ATM_DESC(skb) = vcc->vci;
20801 skb_queue_tail(&iadev->tx_dma_q, skb);
20803 - atomic_inc(&vcc->stats->tx);
20804 + atomic_inc_unchecked(&vcc->stats->tx);
20805 iadev->tx_pkt_cnt++;
20806 /* Increment transaction counter */
20807 writel(2, iadev->dma+IPHASE5575_TX_COUNTER);
20810 /* add flow control logic */
20811 - if (atomic_read(&vcc->stats->tx) % 20 == 0) {
20812 + if (atomic_read_unchecked(&vcc->stats->tx) % 20 == 0) {
20813 if (iavcc->vc_desc_cnt > 10) {
20814 vcc->tx_quota = vcc->tx_quota * 3 / 4;
20815 printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota );
20816 diff -urNp linux-2.6.32.1/drivers/atm/lanai.c linux-2.6.32.1/drivers/atm/lanai.c
20817 --- linux-2.6.32.1/drivers/atm/lanai.c 2009-12-02 22:51:21.000000000 -0500
20818 +++ linux-2.6.32.1/drivers/atm/lanai.c 2009-12-14 18:33:52.937829310 -0500
20819 @@ -1305,7 +1305,7 @@ static void lanai_send_one_aal5(struct l
20820 vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0);
20821 lanai_endtx(lanai, lvcc);
20822 lanai_free_skb(lvcc->tx.atmvcc, skb);
20823 - atomic_inc(&lvcc->tx.atmvcc->stats->tx);
20824 + atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx);
20827 /* Try to fill the buffer - don't call unless there is backlog */
20828 @@ -1428,7 +1428,7 @@ static void vcc_rx_aal5(struct lanai_vcc
20829 ATM_SKB(skb)->vcc = lvcc->rx.atmvcc;
20830 __net_timestamp(skb);
20831 lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb);
20832 - atomic_inc(&lvcc->rx.atmvcc->stats->rx);
20833 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx);
20835 lvcc->rx.buf.ptr = end;
20836 cardvcc_write(lvcc, endptr, vcc_rxreadptr);
20837 @@ -1670,7 +1670,7 @@ static int handle_service(struct lanai_d
20838 DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 "
20839 "vcc %d\n", lanai->number, (unsigned int) s, vci);
20840 lanai->stats.service_rxnotaal5++;
20841 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20842 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20845 if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) {
20846 @@ -1682,7 +1682,7 @@ static int handle_service(struct lanai_d
20848 read_unlock(&vcc_sklist_lock);
20849 DPRINTK("got trashed rx pdu on vci %d\n", vci);
20850 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20851 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20852 lvcc->stats.x.aal5.service_trash++;
20853 bytes = (SERVICE_GET_END(s) * 16) -
20854 (((unsigned long) lvcc->rx.buf.ptr) -
20855 @@ -1694,7 +1694,7 @@ static int handle_service(struct lanai_d
20857 if (s & SERVICE_STREAM) {
20858 read_unlock(&vcc_sklist_lock);
20859 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20860 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20861 lvcc->stats.x.aal5.service_stream++;
20862 printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream "
20863 "PDU on VCI %d!\n", lanai->number, vci);
20864 @@ -1702,7 +1702,7 @@ static int handle_service(struct lanai_d
20867 DPRINTK("got rx crc error on vci %d\n", vci);
20868 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
20869 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
20870 lvcc->stats.x.aal5.service_rxcrc++;
20871 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
20872 cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
20873 diff -urNp linux-2.6.32.1/drivers/atm/nicstar.c linux-2.6.32.1/drivers/atm/nicstar.c
20874 --- linux-2.6.32.1/drivers/atm/nicstar.c 2009-12-02 22:51:21.000000000 -0500
20875 +++ linux-2.6.32.1/drivers/atm/nicstar.c 2009-12-14 18:33:52.964758233 -0500
20876 @@ -1723,7 +1723,7 @@ static int ns_send(struct atm_vcc *vcc,
20877 if ((vc = (vc_map *) vcc->dev_data) == NULL)
20879 printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n", card->index);
20880 - atomic_inc(&vcc->stats->tx_err);
20881 + atomic_inc_unchecked(&vcc->stats->tx_err);
20882 dev_kfree_skb_any(skb);
20885 @@ -1731,7 +1731,7 @@ static int ns_send(struct atm_vcc *vcc,
20888 printk("nicstar%d: Trying to transmit on a non-tx VC.\n", card->index);
20889 - atomic_inc(&vcc->stats->tx_err);
20890 + atomic_inc_unchecked(&vcc->stats->tx_err);
20891 dev_kfree_skb_any(skb);
20894 @@ -1739,7 +1739,7 @@ static int ns_send(struct atm_vcc *vcc,
20895 if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0)
20897 printk("nicstar%d: Only AAL0 and AAL5 are supported.\n", card->index);
20898 - atomic_inc(&vcc->stats->tx_err);
20899 + atomic_inc_unchecked(&vcc->stats->tx_err);
20900 dev_kfree_skb_any(skb);
20903 @@ -1747,7 +1747,7 @@ static int ns_send(struct atm_vcc *vcc,
20904 if (skb_shinfo(skb)->nr_frags != 0)
20906 printk("nicstar%d: No scatter-gather yet.\n", card->index);
20907 - atomic_inc(&vcc->stats->tx_err);
20908 + atomic_inc_unchecked(&vcc->stats->tx_err);
20909 dev_kfree_skb_any(skb);
20912 @@ -1792,11 +1792,11 @@ static int ns_send(struct atm_vcc *vcc,
20914 if (push_scqe(card, vc, scq, &scqe, skb) != 0)
20916 - atomic_inc(&vcc->stats->tx_err);
20917 + atomic_inc_unchecked(&vcc->stats->tx_err);
20918 dev_kfree_skb_any(skb);
20921 - atomic_inc(&vcc->stats->tx);
20922 + atomic_inc_unchecked(&vcc->stats->tx);
20926 @@ -2111,14 +2111,14 @@ static void dequeue_rx(ns_dev *card, ns_
20928 printk("nicstar%d: Can't allocate buffers for aal0.\n",
20930 - atomic_add(i,&vcc->stats->rx_drop);
20931 + atomic_add_unchecked(i,&vcc->stats->rx_drop);
20934 if (!atm_charge(vcc, sb->truesize))
20936 RXPRINTK("nicstar%d: atm_charge() dropped aal0 packets.\n",
20938 - atomic_add(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
20939 + atomic_add_unchecked(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
20940 dev_kfree_skb_any(sb);
20943 @@ -2133,7 +2133,7 @@ static void dequeue_rx(ns_dev *card, ns_
20944 ATM_SKB(sb)->vcc = vcc;
20945 __net_timestamp(sb);
20946 vcc->push(vcc, sb);
20947 - atomic_inc(&vcc->stats->rx);
20948 + atomic_inc_unchecked(&vcc->stats->rx);
20949 cell += ATM_CELL_PAYLOAD;
20952 @@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev *card, ns_
20955 printk("nicstar%d: Out of iovec buffers.\n", card->index);
20956 - atomic_inc(&vcc->stats->rx_drop);
20957 + atomic_inc_unchecked(&vcc->stats->rx_drop);
20958 recycle_rx_buf(card, skb);
20961 @@ -2182,7 +2182,7 @@ static void dequeue_rx(ns_dev *card, ns_
20962 else if (NS_SKB(iovb)->iovcnt >= NS_MAX_IOVECS)
20964 printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
20965 - atomic_inc(&vcc->stats->rx_err);
20966 + atomic_inc_unchecked(&vcc->stats->rx_err);
20967 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, NS_MAX_IOVECS);
20968 NS_SKB(iovb)->iovcnt = 0;
20970 @@ -2202,7 +2202,7 @@ static void dequeue_rx(ns_dev *card, ns_
20971 printk("nicstar%d: Expected a small buffer, and this is not one.\n",
20973 which_list(card, skb);
20974 - atomic_inc(&vcc->stats->rx_err);
20975 + atomic_inc_unchecked(&vcc->stats->rx_err);
20976 recycle_rx_buf(card, skb);
20978 recycle_iov_buf(card, iovb);
20979 @@ -2216,7 +2216,7 @@ static void dequeue_rx(ns_dev *card, ns_
20980 printk("nicstar%d: Expected a large buffer, and this is not one.\n",
20982 which_list(card, skb);
20983 - atomic_inc(&vcc->stats->rx_err);
20984 + atomic_inc_unchecked(&vcc->stats->rx_err);
20985 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20986 NS_SKB(iovb)->iovcnt);
20988 @@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev *card, ns_
20989 printk(" - PDU size mismatch.\n");
20992 - atomic_inc(&vcc->stats->rx_err);
20993 + atomic_inc_unchecked(&vcc->stats->rx_err);
20994 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
20995 NS_SKB(iovb)->iovcnt);
20997 @@ -2256,7 +2256,7 @@ static void dequeue_rx(ns_dev *card, ns_
20998 if (!atm_charge(vcc, skb->truesize))
21000 push_rxbufs(card, skb);
21001 - atomic_inc(&vcc->stats->rx_drop);
21002 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21006 @@ -2268,7 +2268,7 @@ static void dequeue_rx(ns_dev *card, ns_
21007 ATM_SKB(skb)->vcc = vcc;
21008 __net_timestamp(skb);
21009 vcc->push(vcc, skb);
21010 - atomic_inc(&vcc->stats->rx);
21011 + atomic_inc_unchecked(&vcc->stats->rx);
21014 else if (NS_SKB(iovb)->iovcnt == 2) /* One small plus one large buffer */
21015 @@ -2283,7 +2283,7 @@ static void dequeue_rx(ns_dev *card, ns_
21016 if (!atm_charge(vcc, sb->truesize))
21018 push_rxbufs(card, sb);
21019 - atomic_inc(&vcc->stats->rx_drop);
21020 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21024 @@ -2295,7 +2295,7 @@ static void dequeue_rx(ns_dev *card, ns_
21025 ATM_SKB(sb)->vcc = vcc;
21026 __net_timestamp(sb);
21027 vcc->push(vcc, sb);
21028 - atomic_inc(&vcc->stats->rx);
21029 + atomic_inc_unchecked(&vcc->stats->rx);
21032 push_rxbufs(card, skb);
21033 @@ -2306,7 +2306,7 @@ static void dequeue_rx(ns_dev *card, ns_
21034 if (!atm_charge(vcc, skb->truesize))
21036 push_rxbufs(card, skb);
21037 - atomic_inc(&vcc->stats->rx_drop);
21038 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21042 @@ -2320,7 +2320,7 @@ static void dequeue_rx(ns_dev *card, ns_
21043 ATM_SKB(skb)->vcc = vcc;
21044 __net_timestamp(skb);
21045 vcc->push(vcc, skb);
21046 - atomic_inc(&vcc->stats->rx);
21047 + atomic_inc_unchecked(&vcc->stats->rx);
21050 push_rxbufs(card, sb);
21051 @@ -2342,7 +2342,7 @@ static void dequeue_rx(ns_dev *card, ns_
21054 printk("nicstar%d: Out of huge buffers.\n", card->index);
21055 - atomic_inc(&vcc->stats->rx_drop);
21056 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21057 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
21058 NS_SKB(iovb)->iovcnt);
21060 @@ -2393,7 +2393,7 @@ static void dequeue_rx(ns_dev *card, ns_
21063 dev_kfree_skb_any(hb);
21064 - atomic_inc(&vcc->stats->rx_drop);
21065 + atomic_inc_unchecked(&vcc->stats->rx_drop);
21069 @@ -2427,7 +2427,7 @@ static void dequeue_rx(ns_dev *card, ns_
21070 #endif /* NS_USE_DESTRUCTORS */
21071 __net_timestamp(hb);
21072 vcc->push(vcc, hb);
21073 - atomic_inc(&vcc->stats->rx);
21074 + atomic_inc_unchecked(&vcc->stats->rx);
21078 diff -urNp linux-2.6.32.1/drivers/atm/solos-pci.c linux-2.6.32.1/drivers/atm/solos-pci.c
21079 --- linux-2.6.32.1/drivers/atm/solos-pci.c 2009-12-02 22:51:21.000000000 -0500
21080 +++ linux-2.6.32.1/drivers/atm/solos-pci.c 2009-12-14 18:33:52.977834437 -0500
21081 @@ -708,7 +708,7 @@ void solos_bh(unsigned long card_arg)
21083 atm_charge(vcc, skb->truesize);
21084 vcc->push(vcc, skb);
21085 - atomic_inc(&vcc->stats->rx);
21086 + atomic_inc_unchecked(&vcc->stats->rx);
21090 @@ -1011,7 +1011,7 @@ static uint32_t fpga_tx(struct solos_car
21091 vcc = SKB_CB(oldskb)->vcc;
21094 - atomic_inc(&vcc->stats->tx);
21095 + atomic_inc_unchecked(&vcc->stats->tx);
21096 solos_pop(vcc, oldskb);
21098 dev_kfree_skb_irq(oldskb);
21099 diff -urNp linux-2.6.32.1/drivers/atm/suni.c linux-2.6.32.1/drivers/atm/suni.c
21100 --- linux-2.6.32.1/drivers/atm/suni.c 2009-12-02 22:51:21.000000000 -0500
21101 +++ linux-2.6.32.1/drivers/atm/suni.c 2009-12-14 18:33:52.980022643 -0500
21102 @@ -49,8 +49,8 @@ static DEFINE_SPINLOCK(sunis_lock);
21105 #define ADD_LIMITED(s,v) \
21106 - atomic_add((v),&stats->s); \
21107 - if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX);
21108 + atomic_add_unchecked((v),&stats->s); \
21109 + if (atomic_read_unchecked(&stats->s) < 0) atomic_set_unchecked(&stats->s,INT_MAX);
21112 static void suni_hz(unsigned long from_timer)
21113 diff -urNp linux-2.6.32.1/drivers/atm/uPD98402.c linux-2.6.32.1/drivers/atm/uPD98402.c
21114 --- linux-2.6.32.1/drivers/atm/uPD98402.c 2009-12-02 22:51:21.000000000 -0500
21115 +++ linux-2.6.32.1/drivers/atm/uPD98402.c 2009-12-14 18:33:52.990842947 -0500
21116 @@ -41,7 +41,7 @@ static int fetch_stats(struct atm_dev *d
21117 struct sonet_stats tmp;
21120 - atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
21121 + atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
21122 sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp);
21123 if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp));
21124 if (zero && !error) {
21125 @@ -160,9 +160,9 @@ static int uPD98402_ioctl(struct atm_dev
21128 #define ADD_LIMITED(s,v) \
21129 - { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \
21130 - if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \
21131 - atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); }
21132 + { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \
21133 + if (atomic_read_unchecked(&PRIV(dev)->sonet_stats.s) < 0) \
21134 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.s,INT_MAX); }
21137 static void stat_event(struct atm_dev *dev)
21138 @@ -193,7 +193,7 @@ static void uPD98402_int(struct atm_dev
21139 if (reason & uPD98402_INT_PFM) stat_event(dev);
21140 if (reason & uPD98402_INT_PCO) {
21141 (void) GET(PCOCR); /* clear interrupt cause */
21142 - atomic_add(GET(HECCT),
21143 + atomic_add_unchecked(GET(HECCT),
21144 &PRIV(dev)->sonet_stats.uncorr_hcs);
21146 if ((reason & uPD98402_INT_RFO) &&
21147 @@ -221,9 +221,9 @@ static int uPD98402_start(struct atm_dev
21148 PUT(~(uPD98402_INT_PFM | uPD98402_INT_ALM | uPD98402_INT_RFO |
21149 uPD98402_INT_LOS),PIMR); /* enable them */
21150 (void) fetch_stats(dev,NULL,1); /* clear kernel counters */
21151 - atomic_set(&PRIV(dev)->sonet_stats.corr_hcs,-1);
21152 - atomic_set(&PRIV(dev)->sonet_stats.tx_cells,-1);
21153 - atomic_set(&PRIV(dev)->sonet_stats.rx_cells,-1);
21154 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.corr_hcs,-1);
21155 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.tx_cells,-1);
21156 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.rx_cells,-1);
21160 diff -urNp linux-2.6.32.1/drivers/atm/zatm.c linux-2.6.32.1/drivers/atm/zatm.c
21161 --- linux-2.6.32.1/drivers/atm/zatm.c 2009-12-02 22:51:21.000000000 -0500
21162 +++ linux-2.6.32.1/drivers/atm/zatm.c 2009-12-14 18:33:53.018842028 -0500
21163 @@ -458,7 +458,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
21166 dev_kfree_skb_irq(skb);
21167 - if (vcc) atomic_inc(&vcc->stats->rx_err);
21168 + if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err);
21171 if (!atm_charge(vcc,skb->truesize)) {
21172 @@ -468,7 +468,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
21174 ATM_SKB(skb)->vcc = vcc;
21175 vcc->push(vcc,skb);
21176 - atomic_inc(&vcc->stats->rx);
21177 + atomic_inc_unchecked(&vcc->stats->rx);
21179 zout(pos & 0xffff,MTA(mbx));
21180 #if 0 /* probably a stupid idea */
21181 @@ -732,7 +732,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD
21182 skb_queue_head(&zatm_vcc->backlog,skb);
21185 - atomic_inc(&vcc->stats->tx);
21186 + atomic_inc_unchecked(&vcc->stats->tx);
21187 wake_up(&zatm_vcc->tx_wait);
21190 diff -urNp linux-2.6.32.1/drivers/base/bus.c linux-2.6.32.1/drivers/base/bus.c
21191 --- linux-2.6.32.1/drivers/base/bus.c 2009-12-02 22:51:21.000000000 -0500
21192 +++ linux-2.6.32.1/drivers/base/bus.c 2009-12-14 18:33:53.036833038 -0500
21193 @@ -70,7 +70,7 @@ static ssize_t drv_attr_store(struct kob
21197 -static struct sysfs_ops driver_sysfs_ops = {
21198 +static const struct sysfs_ops driver_sysfs_ops = {
21199 .show = drv_attr_show,
21200 .store = drv_attr_store,
21202 @@ -115,7 +115,7 @@ static ssize_t bus_attr_store(struct kob
21206 -static struct sysfs_ops bus_sysfs_ops = {
21207 +static const struct sysfs_ops bus_sysfs_ops = {
21208 .show = bus_attr_show,
21209 .store = bus_attr_store,
21211 @@ -154,7 +154,7 @@ static int bus_uevent_filter(struct kset
21215 -static struct kset_uevent_ops bus_uevent_ops = {
21216 +static const struct kset_uevent_ops bus_uevent_ops = {
21217 .filter = bus_uevent_filter,
21220 diff -urNp linux-2.6.32.1/drivers/base/class.c linux-2.6.32.1/drivers/base/class.c
21221 --- linux-2.6.32.1/drivers/base/class.c 2009-12-02 22:51:21.000000000 -0500
21222 +++ linux-2.6.32.1/drivers/base/class.c 2009-12-14 18:33:53.047749139 -0500
21223 @@ -61,7 +61,7 @@ static void class_release(struct kobject
21224 "be careful\n", class->name);
21227 -static struct sysfs_ops class_sysfs_ops = {
21228 +static const struct sysfs_ops class_sysfs_ops = {
21229 .show = class_attr_show,
21230 .store = class_attr_store,
21232 diff -urNp linux-2.6.32.1/drivers/base/core.c linux-2.6.32.1/drivers/base/core.c
21233 --- linux-2.6.32.1/drivers/base/core.c 2009-12-02 22:51:21.000000000 -0500
21234 +++ linux-2.6.32.1/drivers/base/core.c 2009-12-14 18:33:53.048851470 -0500
21235 @@ -93,7 +93,7 @@ static ssize_t dev_attr_store(struct kob
21239 -static struct sysfs_ops dev_sysfs_ops = {
21240 +static const struct sysfs_ops dev_sysfs_ops = {
21241 .show = dev_attr_show,
21242 .store = dev_attr_store,
21244 @@ -245,7 +245,7 @@ static int dev_uevent(struct kset *kset,
21248 -static struct kset_uevent_ops device_uevent_ops = {
21249 +static const struct kset_uevent_ops device_uevent_ops = {
21250 .filter = dev_uevent_filter,
21251 .name = dev_uevent_name,
21252 .uevent = dev_uevent,
21253 diff -urNp linux-2.6.32.1/drivers/base/memory.c linux-2.6.32.1/drivers/base/memory.c
21254 --- linux-2.6.32.1/drivers/base/memory.c 2009-12-02 22:51:21.000000000 -0500
21255 +++ linux-2.6.32.1/drivers/base/memory.c 2009-12-14 18:33:53.049701321 -0500
21256 @@ -44,7 +44,7 @@ static int memory_uevent(struct kset *ks
21260 -static struct kset_uevent_ops memory_uevent_ops = {
21261 +static const struct kset_uevent_ops memory_uevent_ops = {
21262 .name = memory_uevent_name,
21263 .uevent = memory_uevent,
21265 diff -urNp linux-2.6.32.1/drivers/base/sys.c linux-2.6.32.1/drivers/base/sys.c
21266 --- linux-2.6.32.1/drivers/base/sys.c 2009-12-02 22:51:21.000000000 -0500
21267 +++ linux-2.6.32.1/drivers/base/sys.c 2009-12-14 18:33:53.055789510 -0500
21268 @@ -54,7 +54,7 @@ sysdev_store(struct kobject *kobj, struc
21272 -static struct sysfs_ops sysfs_ops = {
21273 +static const struct sysfs_ops sysfs_ops = {
21274 .show = sysdev_show,
21275 .store = sysdev_store,
21277 @@ -104,7 +104,7 @@ static ssize_t sysdev_class_store(struct
21281 -static struct sysfs_ops sysfs_class_ops = {
21282 +static const struct sysfs_ops sysfs_class_ops = {
21283 .show = sysdev_class_show,
21284 .store = sysdev_class_store,
21286 diff -urNp linux-2.6.32.1/drivers/block/pktcdvd.c linux-2.6.32.1/drivers/block/pktcdvd.c
21287 --- linux-2.6.32.1/drivers/block/pktcdvd.c 2009-12-02 22:51:21.000000000 -0500
21288 +++ linux-2.6.32.1/drivers/block/pktcdvd.c 2009-12-14 18:33:53.078842134 -0500
21289 @@ -284,7 +284,7 @@ static ssize_t kobj_pkt_store(struct kob
21293 -static struct sysfs_ops kobj_pkt_ops = {
21294 +static const struct sysfs_ops kobj_pkt_ops = {
21295 .show = kobj_pkt_show,
21296 .store = kobj_pkt_store
21298 diff -urNp linux-2.6.32.1/drivers/char/agp/frontend.c linux-2.6.32.1/drivers/char/agp/frontend.c
21299 --- linux-2.6.32.1/drivers/char/agp/frontend.c 2009-12-02 22:51:21.000000000 -0500
21300 +++ linux-2.6.32.1/drivers/char/agp/frontend.c 2009-12-14 18:33:53.097861880 -0500
21301 @@ -824,7 +824,7 @@ static int agpioc_reserve_wrap(struct ag
21302 if (copy_from_user(&reserve, arg, sizeof(struct agp_region)))
21305 - if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment))
21306 + if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv))
21309 client = agp_find_client_by_pid(reserve.pid);
21310 diff -urNp linux-2.6.32.1/drivers/char/agp/intel-agp.c linux-2.6.32.1/drivers/char/agp/intel-agp.c
21311 --- linux-2.6.32.1/drivers/char/agp/intel-agp.c 2009-12-02 22:51:21.000000000 -0500
21312 +++ linux-2.6.32.1/drivers/char/agp/intel-agp.c 2009-12-14 18:33:53.120769030 -0500
21313 @@ -2566,7 +2566,7 @@ static struct pci_device_id agp_intel_pc
21314 ID(PCI_DEVICE_ID_INTEL_IGDNG_M_HB),
21315 ID(PCI_DEVICE_ID_INTEL_IGDNG_MA_HB),
21316 ID(PCI_DEVICE_ID_INTEL_IGDNG_MC2_HB),
21318 + { 0, 0, 0, 0, 0, 0, 0 }
21321 MODULE_DEVICE_TABLE(pci, agp_intel_pci_table);
21322 diff -urNp linux-2.6.32.1/drivers/char/hpet.c linux-2.6.32.1/drivers/char/hpet.c
21323 --- linux-2.6.32.1/drivers/char/hpet.c 2009-12-02 22:51:21.000000000 -0500
21324 +++ linux-2.6.32.1/drivers/char/hpet.c 2009-12-14 18:33:53.133710539 -0500
21325 @@ -998,7 +998,7 @@ static struct acpi_driver hpet_acpi_driv
21329 -static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops };
21330 +static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops, {NULL, NULL}, NULL, NULL };
21332 static int __init hpet_init(void)
21334 diff -urNp linux-2.6.32.1/drivers/char/hvc_beat.c linux-2.6.32.1/drivers/char/hvc_beat.c
21335 --- linux-2.6.32.1/drivers/char/hvc_beat.c 2009-12-02 22:51:21.000000000 -0500
21336 +++ linux-2.6.32.1/drivers/char/hvc_beat.c 2009-12-14 18:33:53.135759194 -0500
21337 @@ -84,7 +84,7 @@ static int hvc_beat_put_chars(uint32_t v
21341 -static struct hv_ops hvc_beat_get_put_ops = {
21342 +static const struct hv_ops hvc_beat_get_put_ops = {
21343 .get_chars = hvc_beat_get_chars,
21344 .put_chars = hvc_beat_put_chars,
21346 diff -urNp linux-2.6.32.1/drivers/char/hvc_console.c linux-2.6.32.1/drivers/char/hvc_console.c
21347 --- linux-2.6.32.1/drivers/char/hvc_console.c 2009-12-02 22:51:21.000000000 -0500
21348 +++ linux-2.6.32.1/drivers/char/hvc_console.c 2009-12-14 18:33:53.144859541 -0500
21349 @@ -125,7 +125,7 @@ static struct hvc_struct *hvc_get_by_ind
21350 * console interfaces but can still be used as a tty device. This has to be
21351 * static because kmalloc will not work during early console init.
21353 -static struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES];
21354 +static const struct hv_ops *cons_ops[MAX_NR_HVC_CONSOLES];
21355 static uint32_t vtermnos[MAX_NR_HVC_CONSOLES] =
21356 {[0 ... MAX_NR_HVC_CONSOLES - 1] = -1};
21358 @@ -247,7 +247,7 @@ static void destroy_hvc_struct(struct kr
21359 * vty adapters do NOT get an hvc_instantiate() callback since they
21360 * appear after early console init.
21362 -int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops)
21363 +int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops)
21365 struct hvc_struct *hp;
21367 @@ -749,7 +749,7 @@ static const struct tty_operations hvc_o
21370 struct hvc_struct __devinit *hvc_alloc(uint32_t vtermno, int data,
21371 - struct hv_ops *ops, int outbuf_size)
21372 + const struct hv_ops *ops, int outbuf_size)
21374 struct hvc_struct *hp;
21376 diff -urNp linux-2.6.32.1/drivers/char/hvc_console.h linux-2.6.32.1/drivers/char/hvc_console.h
21377 --- linux-2.6.32.1/drivers/char/hvc_console.h 2009-12-02 22:51:21.000000000 -0500
21378 +++ linux-2.6.32.1/drivers/char/hvc_console.h 2009-12-14 18:33:53.161871330 -0500
21379 @@ -55,7 +55,7 @@ struct hvc_struct {
21383 - struct hv_ops *ops;
21384 + const struct hv_ops *ops;
21388 @@ -76,11 +76,11 @@ struct hv_ops {
21391 /* Register a vterm and a slot index for use as a console (console_init) */
21392 -extern int hvc_instantiate(uint32_t vtermno, int index, struct hv_ops *ops);
21393 +extern int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops);
21395 /* register a vterm for hvc tty operation (module_init or hotplug add) */
21396 extern struct hvc_struct * __devinit hvc_alloc(uint32_t vtermno, int data,
21397 - struct hv_ops *ops, int outbuf_size);
21398 + const struct hv_ops *ops, int outbuf_size);
21399 /* remove a vterm from hvc tty operation (module_exit or hotplug remove) */
21400 extern int hvc_remove(struct hvc_struct *hp);
21402 diff -urNp linux-2.6.32.1/drivers/char/hvc_iseries.c linux-2.6.32.1/drivers/char/hvc_iseries.c
21403 --- linux-2.6.32.1/drivers/char/hvc_iseries.c 2009-12-02 22:51:21.000000000 -0500
21404 +++ linux-2.6.32.1/drivers/char/hvc_iseries.c 2009-12-14 18:33:53.163850005 -0500
21405 @@ -197,7 +197,7 @@ done:
21409 -static struct hv_ops hvc_get_put_ops = {
21410 +static const struct hv_ops hvc_get_put_ops = {
21411 .get_chars = get_chars,
21412 .put_chars = put_chars,
21413 .notifier_add = notifier_add_irq,
21414 diff -urNp linux-2.6.32.1/drivers/char/hvc_iucv.c linux-2.6.32.1/drivers/char/hvc_iucv.c
21415 --- linux-2.6.32.1/drivers/char/hvc_iucv.c 2009-12-02 22:51:21.000000000 -0500
21416 +++ linux-2.6.32.1/drivers/char/hvc_iucv.c 2009-12-14 18:33:53.165859858 -0500
21417 @@ -922,7 +922,7 @@ static int hvc_iucv_pm_restore_thaw(stru
21420 /* HVC operations */
21421 -static struct hv_ops hvc_iucv_ops = {
21422 +static const struct hv_ops hvc_iucv_ops = {
21423 .get_chars = hvc_iucv_get_chars,
21424 .put_chars = hvc_iucv_put_chars,
21425 .notifier_add = hvc_iucv_notifier_add,
21426 diff -urNp linux-2.6.32.1/drivers/char/hvc_rtas.c linux-2.6.32.1/drivers/char/hvc_rtas.c
21427 --- linux-2.6.32.1/drivers/char/hvc_rtas.c 2009-12-02 22:51:21.000000000 -0500
21428 +++ linux-2.6.32.1/drivers/char/hvc_rtas.c 2009-12-14 18:33:53.176782143 -0500
21429 @@ -71,7 +71,7 @@ static int hvc_rtas_read_console(uint32_
21433 -static struct hv_ops hvc_rtas_get_put_ops = {
21434 +static const struct hv_ops hvc_rtas_get_put_ops = {
21435 .get_chars = hvc_rtas_read_console,
21436 .put_chars = hvc_rtas_write_console,
21438 diff -urNp linux-2.6.32.1/drivers/char/hvcs.c linux-2.6.32.1/drivers/char/hvcs.c
21439 --- linux-2.6.32.1/drivers/char/hvcs.c 2009-12-02 22:51:21.000000000 -0500
21440 +++ linux-2.6.32.1/drivers/char/hvcs.c 2009-12-14 18:33:53.181857316 -0500
21441 @@ -269,7 +269,7 @@ struct hvcs_struct {
21442 unsigned int index;
21444 struct tty_struct *tty;
21446 + atomic_t open_count;
21449 * Used to tell the driver kernel_thread what operations need to take
21450 @@ -419,7 +419,7 @@ static ssize_t hvcs_vterm_state_store(st
21452 spin_lock_irqsave(&hvcsd->lock, flags);
21454 - if (hvcsd->open_count > 0) {
21455 + if (atomic_read(&hvcsd->open_count) > 0) {
21456 spin_unlock_irqrestore(&hvcsd->lock, flags);
21457 printk(KERN_INFO "HVCS: vterm state unchanged. "
21458 "The hvcs device node is still in use.\n");
21459 @@ -1135,7 +1135,7 @@ static int hvcs_open(struct tty_struct *
21460 if ((retval = hvcs_partner_connect(hvcsd)))
21461 goto error_release;
21463 - hvcsd->open_count = 1;
21464 + atomic_set(&hvcsd->open_count, 1);
21466 tty->driver_data = hvcsd;
21468 @@ -1169,7 +1169,7 @@ fast_open:
21470 spin_lock_irqsave(&hvcsd->lock, flags);
21471 kref_get(&hvcsd->kref);
21472 - hvcsd->open_count++;
21473 + atomic_inc(&hvcsd->open_count);
21474 hvcsd->todo_mask |= HVCS_SCHED_READ;
21475 spin_unlock_irqrestore(&hvcsd->lock, flags);
21477 @@ -1213,7 +1213,7 @@ static void hvcs_close(struct tty_struct
21478 hvcsd = tty->driver_data;
21480 spin_lock_irqsave(&hvcsd->lock, flags);
21481 - if (--hvcsd->open_count == 0) {
21482 + if (atomic_dec_and_test(&hvcsd->open_count)) {
21484 vio_disable_interrupts(hvcsd->vdev);
21486 @@ -1239,10 +1239,10 @@ static void hvcs_close(struct tty_struct
21487 free_irq(irq, hvcsd);
21488 kref_put(&hvcsd->kref, destroy_hvcs_struct);
21490 - } else if (hvcsd->open_count < 0) {
21491 + } else if (atomic_read(&hvcsd->open_count) < 0) {
21492 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
21493 " is missmanaged.\n",
21494 - hvcsd->vdev->unit_address, hvcsd->open_count);
21495 + hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count));
21498 spin_unlock_irqrestore(&hvcsd->lock, flags);
21499 @@ -1258,7 +1258,7 @@ static void hvcs_hangup(struct tty_struc
21501 spin_lock_irqsave(&hvcsd->lock, flags);
21502 /* Preserve this so that we know how many kref refs to put */
21503 - temp_open_count = hvcsd->open_count;
21504 + temp_open_count = atomic_read(&hvcsd->open_count);
21507 * Don't kref put inside the spinlock because the destruction
21508 @@ -1273,7 +1273,7 @@ static void hvcs_hangup(struct tty_struc
21509 hvcsd->tty->driver_data = NULL;
21512 - hvcsd->open_count = 0;
21513 + atomic_set(&hvcsd->open_count, 0);
21515 /* This will drop any buffered data on the floor which is OK in a hangup
21517 @@ -1344,7 +1344,7 @@ static int hvcs_write(struct tty_struct
21518 * the middle of a write operation? This is a crummy place to do this
21519 * but we want to keep it all in the spinlock.
21521 - if (hvcsd->open_count <= 0) {
21522 + if (atomic_read(&hvcsd->open_count) <= 0) {
21523 spin_unlock_irqrestore(&hvcsd->lock, flags);
21526 @@ -1418,7 +1418,7 @@ static int hvcs_write_room(struct tty_st
21528 struct hvcs_struct *hvcsd = tty->driver_data;
21530 - if (!hvcsd || hvcsd->open_count <= 0)
21531 + if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0)
21534 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
21535 diff -urNp linux-2.6.32.1/drivers/char/hvc_udbg.c linux-2.6.32.1/drivers/char/hvc_udbg.c
21536 --- linux-2.6.32.1/drivers/char/hvc_udbg.c 2009-12-02 22:51:21.000000000 -0500
21537 +++ linux-2.6.32.1/drivers/char/hvc_udbg.c 2009-12-14 18:33:53.182718847 -0500
21538 @@ -58,7 +58,7 @@ static int hvc_udbg_get(uint32_t vtermno
21542 -static struct hv_ops hvc_udbg_ops = {
21543 +static const struct hv_ops hvc_udbg_ops = {
21544 .get_chars = hvc_udbg_get,
21545 .put_chars = hvc_udbg_put,
21547 diff -urNp linux-2.6.32.1/drivers/char/hvc_vio.c linux-2.6.32.1/drivers/char/hvc_vio.c
21548 --- linux-2.6.32.1/drivers/char/hvc_vio.c 2009-12-02 22:51:21.000000000 -0500
21549 +++ linux-2.6.32.1/drivers/char/hvc_vio.c 2009-12-14 18:33:53.192868106 -0500
21550 @@ -77,7 +77,7 @@ static int filtered_get_chars(uint32_t v
21554 -static struct hv_ops hvc_get_put_ops = {
21555 +static const struct hv_ops hvc_get_put_ops = {
21556 .get_chars = filtered_get_chars,
21557 .put_chars = hvc_put_chars,
21558 .notifier_add = notifier_add_irq,
21559 diff -urNp linux-2.6.32.1/drivers/char/hvc_xen.c linux-2.6.32.1/drivers/char/hvc_xen.c
21560 --- linux-2.6.32.1/drivers/char/hvc_xen.c 2009-12-02 22:51:21.000000000 -0500
21561 +++ linux-2.6.32.1/drivers/char/hvc_xen.c 2009-12-14 18:33:53.199722723 -0500
21562 @@ -120,7 +120,7 @@ static int read_console(uint32_t vtermno
21566 -static struct hv_ops hvc_ops = {
21567 +static const struct hv_ops hvc_ops = {
21568 .get_chars = read_console,
21569 .put_chars = write_console,
21570 .notifier_add = notifier_add_irq,
21571 diff -urNp linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c
21572 --- linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c 2009-12-02 22:51:21.000000000 -0500
21573 +++ linux-2.6.32.1/drivers/char/ipmi/ipmi_msghandler.c 2009-12-14 18:33:53.217765021 -0500
21574 @@ -414,7 +414,7 @@ struct ipmi_smi {
21575 struct proc_dir_entry *proc_dir;
21576 char proc_dir_name[10];
21578 - atomic_t stats[IPMI_NUM_STATS];
21579 + atomic_unchecked_t stats[IPMI_NUM_STATS];
21582 * run_to_completion duplicate of smb_info, smi_info
21583 @@ -447,9 +447,9 @@ static DEFINE_MUTEX(smi_watchers_mutex);
21586 #define ipmi_inc_stat(intf, stat) \
21587 - atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
21588 + atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])
21589 #define ipmi_get_stat(intf, stat) \
21590 - ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
21591 + ((unsigned int) atomic_read_unchecked(&(intf)->stats[IPMI_STAT_ ## stat]))
21593 static int is_lan_addr(struct ipmi_addr *addr)
21595 @@ -2808,7 +2808,7 @@ int ipmi_register_smi(struct ipmi_smi_ha
21596 INIT_LIST_HEAD(&intf->cmd_rcvrs);
21597 init_waitqueue_head(&intf->waitq);
21598 for (i = 0; i < IPMI_NUM_STATS; i++)
21599 - atomic_set(&intf->stats[i], 0);
21600 + atomic_set_unchecked(&intf->stats[i], 0);
21602 intf->proc_dir = NULL;
21604 diff -urNp linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c
21605 --- linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c 2009-12-02 22:51:21.000000000 -0500
21606 +++ linux-2.6.32.1/drivers/char/ipmi/ipmi_si_intf.c 2009-12-14 18:33:53.230726881 -0500
21607 @@ -277,7 +277,7 @@ struct smi_info {
21608 unsigned char slave_addr;
21610 /* Counters and things for the proc filesystem. */
21611 - atomic_t stats[SI_NUM_STATS];
21612 + atomic_unchecked_t stats[SI_NUM_STATS];
21614 struct task_struct *thread;
21616 @@ -285,9 +285,9 @@ struct smi_info {
21619 #define smi_inc_stat(smi, stat) \
21620 - atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
21621 + atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat])
21622 #define smi_get_stat(smi, stat) \
21623 - ((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
21624 + ((unsigned int) atomic_read_unchecked(&(smi)->stats[SI_STAT_ ## stat]))
21626 #define SI_MAX_PARMS 4
21628 @@ -2926,7 +2926,7 @@ static int try_smi_init(struct smi_info
21629 atomic_set(&new_smi->req_events, 0);
21630 new_smi->run_to_completion = 0;
21631 for (i = 0; i < SI_NUM_STATS; i++)
21632 - atomic_set(&new_smi->stats[i], 0);
21633 + atomic_set_unchecked(&new_smi->stats[i], 0);
21635 new_smi->interrupt_disabled = 0;
21636 atomic_set(&new_smi->stop_operation, 0);
21637 diff -urNp linux-2.6.32.1/drivers/char/keyboard.c linux-2.6.32.1/drivers/char/keyboard.c
21638 --- linux-2.6.32.1/drivers/char/keyboard.c 2009-12-02 22:51:21.000000000 -0500
21639 +++ linux-2.6.32.1/drivers/char/keyboard.c 2009-12-14 18:33:53.232853602 -0500
21640 @@ -635,6 +635,16 @@ static void k_spec(struct vc_data *vc, u
21641 kbd->kbdmode == VC_MEDIUMRAW) &&
21642 value != KVAL(K_SAK))
21643 return; /* SAK is allowed even in raw mode */
21645 +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
21647 + void *func = fn_handler[value];
21648 + if (func == fn_show_state || func == fn_show_ptregs ||
21649 + func == fn_show_mem)
21654 fn_handler[value](vc);
21657 @@ -1386,7 +1396,7 @@ static const struct input_device_id kbd_
21658 .evbit = { BIT_MASK(EV_SND) },
21661 - { }, /* Terminating entry */
21662 + { 0 }, /* Terminating entry */
21665 MODULE_DEVICE_TABLE(input, kbd_ids);
21666 diff -urNp linux-2.6.32.1/drivers/char/mem.c linux-2.6.32.1/drivers/char/mem.c
21667 --- linux-2.6.32.1/drivers/char/mem.c 2009-12-02 22:51:21.000000000 -0500
21668 +++ linux-2.6.32.1/drivers/char/mem.c 2009-12-14 18:33:53.242721386 -0500
21670 #include <linux/raw.h>
21671 #include <linux/tty.h>
21672 #include <linux/capability.h>
21673 +#include <linux/security.h>
21674 #include <linux/ptrace.h>
21675 #include <linux/device.h>
21676 #include <linux/highmem.h>
21678 # include <linux/efi.h>
21681 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
21682 +extern struct file_operations grsec_fops;
21686 * Architectures vary in how they handle caching for addresses
21687 * outside of main memory.
21688 @@ -192,6 +197,11 @@ static ssize_t write_mem(struct file * f
21689 if (!valid_phys_addr_range(p, count))
21692 +#ifdef CONFIG_GRKERNSEC_KMEM
21693 + gr_handle_mem_write();
21699 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
21700 @@ -324,6 +334,11 @@ static int mmap_mem(struct file * file,
21701 &vma->vm_page_prot))
21704 +#ifdef CONFIG_GRKERNSEC_KMEM
21705 + if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma))
21709 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
21711 vma->vm_page_prot);
21712 @@ -558,6 +573,11 @@ static ssize_t write_kmem(struct file *
21714 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
21716 +#ifdef CONFIG_GRKERNSEC_KMEM
21717 + gr_handle_kmem_write();
21721 if (p < (unsigned long) high_memory) {
21724 @@ -763,6 +783,16 @@ static loff_t memory_lseek(struct file *
21726 static int open_port(struct inode * inode, struct file * filp)
21728 +#ifdef CONFIG_GRKERNSEC_KMEM
21729 + gr_handle_open_port();
21733 + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
21736 +static int open_mem(struct inode * inode, struct file * filp)
21738 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
21741 @@ -770,7 +800,6 @@ static int open_port(struct inode * inod
21742 #define full_lseek null_lseek
21743 #define write_zero write_null
21744 #define read_full read_zero
21745 -#define open_mem open_port
21746 #define open_kmem open_mem
21747 #define open_oldmem open_mem
21749 @@ -886,6 +915,9 @@ static const struct memdev {
21750 #ifdef CONFIG_CRASH_DUMP
21751 [12] = { "oldmem", 0, &oldmem_fops, NULL },
21753 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
21754 + [13] = { "grsec",S_IRUSR | S_IWUGO, &grsec_fops, NULL },
21758 static int memory_open(struct inode *inode, struct file *filp)
21759 diff -urNp linux-2.6.32.1/drivers/char/nvram.c linux-2.6.32.1/drivers/char/nvram.c
21760 --- linux-2.6.32.1/drivers/char/nvram.c 2009-12-02 22:51:21.000000000 -0500
21761 +++ linux-2.6.32.1/drivers/char/nvram.c 2009-12-14 18:33:53.252874352 -0500
21762 @@ -429,7 +429,10 @@ static const struct file_operations nvra
21763 static struct miscdevice nvram_dev = {
21773 static int __init nvram_init(void)
21774 diff -urNp linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c
21775 --- linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c 2009-12-02 22:51:21.000000000 -0500
21776 +++ linux-2.6.32.1/drivers/char/pcmcia/ipwireless/tty.c 2009-12-14 18:33:53.254793634 -0500
21777 @@ -51,7 +51,7 @@ struct ipw_tty {
21779 struct ipw_network *network;
21780 struct tty_struct *linux_tty;
21782 + atomic_t open_count;
21783 unsigned int control_lines;
21784 struct mutex ipw_tty_mutex;
21785 int tx_bytes_queued;
21786 @@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l
21787 mutex_unlock(&tty->ipw_tty_mutex);
21790 - if (tty->open_count == 0)
21791 + if (atomic_read(&tty->open_count) == 0)
21792 tty->tx_bytes_queued = 0;
21794 - tty->open_count++;
21795 + atomic_inc(&tty->open_count);
21797 tty->linux_tty = linux_tty;
21798 linux_tty->driver_data = tty;
21799 @@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l
21801 static void do_ipw_close(struct ipw_tty *tty)
21803 - tty->open_count--;
21805 - if (tty->open_count == 0) {
21806 + if (atomic_dec_return(&tty->open_count) == 0) {
21807 struct tty_struct *linux_tty = tty->linux_tty;
21809 if (linux_tty != NULL) {
21810 @@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct
21813 mutex_lock(&tty->ipw_tty_mutex);
21814 - if (tty->open_count == 0) {
21815 + if (atomic_read(&tty->open_count) == 0) {
21816 mutex_unlock(&tty->ipw_tty_mutex);
21819 @@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_
21823 - if (!tty->open_count) {
21824 + if (!atomic_read(&tty->open_count)) {
21825 mutex_unlock(&tty->ipw_tty_mutex);
21828 @@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct *
21831 mutex_lock(&tty->ipw_tty_mutex);
21832 - if (!tty->open_count) {
21833 + if (!atomic_read(&tty->open_count)) {
21834 mutex_unlock(&tty->ipw_tty_mutex);
21837 @@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str
21841 - if (!tty->open_count)
21842 + if (!atomic_read(&tty->open_count))
21845 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
21846 @@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt
21850 - if (!tty->open_count)
21851 + if (!atomic_read(&tty->open_count))
21854 return tty->tx_bytes_queued;
21855 @@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc
21859 - if (!tty->open_count)
21860 + if (!atomic_read(&tty->open_count))
21863 return get_control_lines(tty);
21864 @@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
21868 - if (!tty->open_count)
21869 + if (!atomic_read(&tty->open_count))
21872 return set_control_lines(tty, set, clear);
21873 @@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct *
21877 - if (!tty->open_count)
21878 + if (!atomic_read(&tty->open_count))
21881 /* FIXME: Exactly how is the tty object locked here .. */
21882 @@ -591,7 +589,7 @@ void ipwireless_tty_free(struct ipw_tty
21883 against a parallel ioctl etc */
21884 mutex_lock(&ttyj->ipw_tty_mutex);
21886 - while (ttyj->open_count)
21887 + while (atomic_read(&ttyj->open_count))
21888 do_ipw_close(ttyj);
21889 ipwireless_disassociate_network_ttys(network,
21890 ttyj->channel_idx);
21891 diff -urNp linux-2.6.32.1/drivers/char/pty.c linux-2.6.32.1/drivers/char/pty.c
21892 --- linux-2.6.32.1/drivers/char/pty.c 2009-12-02 22:51:21.000000000 -0500
21893 +++ linux-2.6.32.1/drivers/char/pty.c 2009-12-14 18:33:53.256868256 -0500
21894 @@ -682,7 +682,18 @@ static int ptmx_open(struct inode *inode
21898 -static struct file_operations ptmx_fops;
21899 +static const struct file_operations ptmx_fops = {
21900 + .llseek = no_llseek,
21901 + .read = tty_read,
21902 + .write = tty_write,
21903 + .poll = tty_poll,
21904 + .unlocked_ioctl = tty_ioctl,
21905 + .compat_ioctl = tty_compat_ioctl,
21906 + .open = ptmx_open,
21907 + .release = tty_release,
21908 + .fasync = tty_fasync,
21912 static void __init unix98_pty_init(void)
21914 @@ -736,9 +747,6 @@ static void __init unix98_pty_init(void)
21915 register_sysctl_table(pty_root_table);
21917 /* Now create the /dev/ptmx special device */
21918 - tty_default_fops(&ptmx_fops);
21919 - ptmx_fops.open = ptmx_open;
21921 cdev_init(&ptmx_cdev, &ptmx_fops);
21922 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
21923 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
21924 diff -urNp linux-2.6.32.1/drivers/char/random.c linux-2.6.32.1/drivers/char/random.c
21925 --- linux-2.6.32.1/drivers/char/random.c 2009-12-02 22:51:21.000000000 -0500
21926 +++ linux-2.6.32.1/drivers/char/random.c 2009-12-14 18:33:53.284775572 -0500
21927 @@ -254,8 +254,13 @@
21929 * Configuration information
21931 +#ifdef CONFIG_GRKERNSEC_RANDNET
21932 +#define INPUT_POOL_WORDS 512
21933 +#define OUTPUT_POOL_WORDS 128
21935 #define INPUT_POOL_WORDS 128
21936 #define OUTPUT_POOL_WORDS 32
21938 #define SEC_XFER_SIZE 512
21941 @@ -292,10 +297,17 @@ static struct poolinfo {
21943 int tap1, tap2, tap3, tap4, tap5;
21944 } poolinfo_table[] = {
21945 +#ifdef CONFIG_GRKERNSEC_RANDNET
21946 + /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
21947 + { 512, 411, 308, 208, 104, 1 },
21948 + /* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
21949 + { 128, 103, 76, 51, 25, 1 },
21951 /* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
21952 { 128, 103, 76, 51, 25, 1 },
21953 /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
21954 { 32, 26, 20, 14, 7, 1 },
21957 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
21958 { 2048, 1638, 1231, 819, 411, 1 },
21959 @@ -1218,7 +1230,7 @@ EXPORT_SYMBOL(generate_random_uuid);
21960 #include <linux/sysctl.h>
21962 static int min_read_thresh = 8, min_write_thresh;
21963 -static int max_read_thresh = INPUT_POOL_WORDS * 32;
21964 +static int max_read_thresh = OUTPUT_POOL_WORDS * 32;
21965 static int max_write_thresh = INPUT_POOL_WORDS * 32;
21966 static char sysctl_bootid[16];
21968 diff -urNp linux-2.6.32.1/drivers/char/sonypi.c linux-2.6.32.1/drivers/char/sonypi.c
21969 --- linux-2.6.32.1/drivers/char/sonypi.c 2009-12-02 22:51:21.000000000 -0500
21970 +++ linux-2.6.32.1/drivers/char/sonypi.c 2009-12-14 18:33:53.304842135 -0500
21971 @@ -491,7 +491,7 @@ static struct sonypi_device {
21972 spinlock_t fifo_lock;
21973 wait_queue_head_t fifo_proc_list;
21974 struct fasync_struct *fifo_async;
21976 + atomic_t open_count;
21978 struct input_dev *input_jog_dev;
21979 struct input_dev *input_key_dev;
21980 @@ -895,7 +895,7 @@ static int sonypi_misc_fasync(int fd, st
21981 static int sonypi_misc_release(struct inode *inode, struct file *file)
21983 mutex_lock(&sonypi_device.lock);
21984 - sonypi_device.open_count--;
21985 + atomic_dec(&sonypi_device.open_count);
21986 mutex_unlock(&sonypi_device.lock);
21989 @@ -905,9 +905,9 @@ static int sonypi_misc_open(struct inode
21991 mutex_lock(&sonypi_device.lock);
21992 /* Flush input queue on first open */
21993 - if (!sonypi_device.open_count)
21994 + if (!atomic_read(&sonypi_device.open_count))
21995 kfifo_reset(sonypi_device.fifo);
21996 - sonypi_device.open_count++;
21997 + atomic_inc(&sonypi_device.open_count);
21998 mutex_unlock(&sonypi_device.lock);
22001 diff -urNp linux-2.6.32.1/drivers/char/tpm/tpm_bios.c linux-2.6.32.1/drivers/char/tpm/tpm_bios.c
22002 --- linux-2.6.32.1/drivers/char/tpm/tpm_bios.c 2009-12-02 22:51:21.000000000 -0500
22003 +++ linux-2.6.32.1/drivers/char/tpm/tpm_bios.c 2009-12-14 18:33:53.329724049 -0500
22004 @@ -172,7 +172,7 @@ static void *tpm_bios_measurements_start
22007 if ((event->event_type == 0 && event->event_size == 0) ||
22008 - ((addr + sizeof(struct tcpa_event) + event->event_size) >= limit))
22009 + (event->event_size >= limit - addr - sizeof(struct tcpa_event)))
22013 @@ -197,7 +197,7 @@ static void *tpm_bios_measurements_next(
22016 if ((event->event_type == 0 && event->event_size == 0) ||
22017 - ((v + sizeof(struct tcpa_event) + event->event_size) >= limit))
22018 + (event->event_size >= limit - v - sizeof(struct tcpa_event)))
22022 @@ -290,7 +290,8 @@ static int tpm_binary_bios_measurements_
22025 for (i = 0; i < sizeof(struct tcpa_event) + event->event_size; i++)
22026 - seq_putc(m, data[i]);
22027 + if (!seq_putc(m, data[i]))
22032 @@ -409,6 +410,11 @@ static int read_log(struct tpm_bios_log
22033 log->bios_event_log_end = log->bios_event_log + len;
22035 virt = acpi_os_map_memory(start, len);
22037 + kfree(log->bios_event_log);
22038 + log->bios_event_log = NULL;
22042 memcpy(log->bios_event_log, virt, len);
22044 diff -urNp linux-2.6.32.1/drivers/char/tty_io.c linux-2.6.32.1/drivers/char/tty_io.c
22045 --- linux-2.6.32.1/drivers/char/tty_io.c 2009-12-02 22:51:21.000000000 -0500
22046 +++ linux-2.6.32.1/drivers/char/tty_io.c 2009-12-14 18:33:53.362910089 -0500
22047 @@ -136,21 +136,10 @@ LIST_HEAD(tty_drivers); /* linked list
22048 DEFINE_MUTEX(tty_mutex);
22049 EXPORT_SYMBOL(tty_mutex);
22051 -static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
22052 -static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
22053 ssize_t redirected_tty_write(struct file *, const char __user *,
22055 -static unsigned int tty_poll(struct file *, poll_table *);
22056 static int tty_open(struct inode *, struct file *);
22057 -static int tty_release(struct inode *, struct file *);
22058 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
22059 -#ifdef CONFIG_COMPAT
22060 -static long tty_compat_ioctl(struct file *file, unsigned int cmd,
22061 - unsigned long arg);
22063 -#define tty_compat_ioctl NULL
22065 -static int tty_fasync(int fd, struct file *filp, int on);
22066 static void release_tty(struct tty_struct *tty, int idx);
22067 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
22068 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
22069 @@ -870,7 +859,7 @@ EXPORT_SYMBOL(start_tty);
22070 * read calls may be outstanding in parallel.
22073 -static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
22074 +ssize_t tty_read(struct file *file, char __user *buf, size_t count,
22078 @@ -1045,7 +1034,7 @@ void tty_write_message(struct tty_struct
22079 * write method will not be invoked in parallel for each device.
22082 -static ssize_t tty_write(struct file *file, const char __user *buf,
22083 +ssize_t tty_write(struct file *file, const char __user *buf,
22084 size_t count, loff_t *ppos)
22086 struct tty_struct *tty;
22087 @@ -1865,7 +1854,7 @@ static int tty_open(struct inode *inode,
22088 * Takes bkl. See tty_release_dev
22091 -static int tty_release(struct inode *inode, struct file *filp)
22092 +int tty_release(struct inode *inode, struct file *filp)
22095 tty_release_dev(filp);
22096 @@ -1885,7 +1874,7 @@ static int tty_release(struct inode *ino
22097 * may be re-entered freely by other callers.
22100 -static unsigned int tty_poll(struct file *filp, poll_table *wait)
22101 +unsigned int tty_poll(struct file *filp, poll_table *wait)
22103 struct tty_struct *tty;
22104 struct tty_ldisc *ld;
22105 @@ -1902,7 +1891,7 @@ static unsigned int tty_poll(struct file
22109 -static int tty_fasync(int fd, struct file *filp, int on)
22110 +int tty_fasync(int fd, struct file *filp, int on)
22112 struct tty_struct *tty;
22113 unsigned long flags;
22114 @@ -2579,7 +2568,7 @@ long tty_ioctl(struct file *file, unsign
22117 #ifdef CONFIG_COMPAT
22118 -static long tty_compat_ioctl(struct file *file, unsigned int cmd,
22119 +long tty_compat_ioctl(struct file *file, unsigned int cmd,
22122 struct inode *inode = file->f_dentry->d_inode;
22123 @@ -3046,11 +3035,6 @@ struct tty_struct *get_current_tty(void)
22125 EXPORT_SYMBOL_GPL(get_current_tty);
22127 -void tty_default_fops(struct file_operations *fops)
22129 - *fops = tty_fops;
22133 * Initialize the console device. This is called *early*, so
22134 * we can't necessarily depend on lots of kernel help here.
22135 diff -urNp linux-2.6.32.1/drivers/char/tty_ldisc.c linux-2.6.32.1/drivers/char/tty_ldisc.c
22136 --- linux-2.6.32.1/drivers/char/tty_ldisc.c 2009-12-02 22:51:21.000000000 -0500
22137 +++ linux-2.6.32.1/drivers/char/tty_ldisc.c 2009-12-14 18:33:53.372863425 -0500
22138 @@ -73,7 +73,7 @@ static void put_ldisc(struct tty_ldisc *
22139 if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
22140 struct tty_ldisc_ops *ldo = ld->ops;
22143 + atomic_dec(&ldo->refcount);
22144 module_put(ldo->owner);
22145 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
22147 @@ -107,7 +107,7 @@ int tty_register_ldisc(int disc, struct
22148 spin_lock_irqsave(&tty_ldisc_lock, flags);
22149 tty_ldiscs[disc] = new_ldisc;
22150 new_ldisc->num = disc;
22151 - new_ldisc->refcount = 0;
22152 + atomic_set(&new_ldisc->refcount, 0);
22153 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
22156 @@ -135,7 +135,7 @@ int tty_unregister_ldisc(int disc)
22159 spin_lock_irqsave(&tty_ldisc_lock, flags);
22160 - if (tty_ldiscs[disc]->refcount)
22161 + if (atomic_read(&tty_ldiscs[disc]->refcount))
22164 tty_ldiscs[disc] = NULL;
22165 @@ -156,7 +156,7 @@ static struct tty_ldisc_ops *get_ldops(i
22167 ret = ERR_PTR(-EAGAIN);
22168 if (try_module_get(ldops->owner)) {
22169 - ldops->refcount++;
22170 + atomic_inc(&ldops->refcount);
22174 @@ -169,7 +169,7 @@ static void put_ldops(struct tty_ldisc_o
22175 unsigned long flags;
22177 spin_lock_irqsave(&tty_ldisc_lock, flags);
22178 - ldops->refcount--;
22179 + atomic_dec(&ldops->refcount);
22180 module_put(ldops->owner);
22181 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
22183 diff -urNp linux-2.6.32.1/drivers/char/virtio_console.c linux-2.6.32.1/drivers/char/virtio_console.c
22184 --- linux-2.6.32.1/drivers/char/virtio_console.c 2009-12-02 22:51:21.000000000 -0500
22185 +++ linux-2.6.32.1/drivers/char/virtio_console.c 2009-12-14 18:33:53.380875003 -0500
22186 @@ -44,6 +44,7 @@ static unsigned int in_len;
22187 static char *in, *inbuf;
22189 /* The operations for our console. */
22190 +/* cannot be const */
22191 static struct hv_ops virtio_cons;
22193 /* The hvc device */
22194 diff -urNp linux-2.6.32.1/drivers/char/vt_ioctl.c linux-2.6.32.1/drivers/char/vt_ioctl.c
22195 --- linux-2.6.32.1/drivers/char/vt_ioctl.c 2009-12-02 22:51:21.000000000 -0500
22196 +++ linux-2.6.32.1/drivers/char/vt_ioctl.c 2009-12-14 18:33:53.381790968 -0500
22197 @@ -226,6 +226,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __
22202 +#ifdef CONFIG_GRKERNSEC
22203 + if (!capable(CAP_SYS_TTY_CONFIG))
22207 if (!i && v == K_NOSUCHMAP) {
22208 /* deallocate map */
22209 key_map = key_maps[s];
22210 @@ -366,6 +372,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
22214 +#ifdef CONFIG_GRKERNSEC
22215 + if (!capable(CAP_SYS_TTY_CONFIG)) {
22222 first_free = funcbufptr + (funcbufsize - funcbufleft);
22223 for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++)
22224 diff -urNp linux-2.6.32.1/drivers/cpufreq/cpufreq.c linux-2.6.32.1/drivers/cpufreq/cpufreq.c
22225 --- linux-2.6.32.1/drivers/cpufreq/cpufreq.c 2009-12-02 22:51:21.000000000 -0500
22226 +++ linux-2.6.32.1/drivers/cpufreq/cpufreq.c 2009-12-14 18:33:53.428873908 -0500
22227 @@ -750,7 +750,7 @@ static void cpufreq_sysfs_release(struct
22228 complete(&policy->kobj_unregister);
22231 -static struct sysfs_ops sysfs_ops = {
22232 +static const struct sysfs_ops sysfs_ops = {
22236 diff -urNp linux-2.6.32.1/drivers/cpuidle/sysfs.c linux-2.6.32.1/drivers/cpuidle/sysfs.c
22237 --- linux-2.6.32.1/drivers/cpuidle/sysfs.c 2009-12-02 22:51:21.000000000 -0500
22238 +++ linux-2.6.32.1/drivers/cpuidle/sysfs.c 2009-12-14 18:33:53.453879656 -0500
22239 @@ -191,7 +191,7 @@ static ssize_t cpuidle_store(struct kobj
22243 -static struct sysfs_ops cpuidle_sysfs_ops = {
22244 +static const struct sysfs_ops cpuidle_sysfs_ops = {
22245 .show = cpuidle_show,
22246 .store = cpuidle_store,
22248 @@ -277,7 +277,7 @@ static ssize_t cpuidle_state_show(struct
22252 -static struct sysfs_ops cpuidle_state_sysfs_ops = {
22253 +static const struct sysfs_ops cpuidle_state_sysfs_ops = {
22254 .show = cpuidle_state_show,
22257 diff -urNp linux-2.6.32.1/drivers/dma/ioat/dma.c linux-2.6.32.1/drivers/dma/ioat/dma.c
22258 --- linux-2.6.32.1/drivers/dma/ioat/dma.c 2009-12-02 22:51:21.000000000 -0500
22259 +++ linux-2.6.32.1/drivers/dma/ioat/dma.c 2009-12-14 18:33:53.470726264 -0500
22260 @@ -1146,7 +1146,7 @@ ioat_attr_show(struct kobject *kobj, str
22261 return entry->show(&chan->common, page);
22264 -struct sysfs_ops ioat_sysfs_ops = {
22265 +const struct sysfs_ops ioat_sysfs_ops = {
22266 .show = ioat_attr_show,
22269 diff -urNp linux-2.6.32.1/drivers/dma/ioat/dma.h linux-2.6.32.1/drivers/dma/ioat/dma.h
22270 --- linux-2.6.32.1/drivers/dma/ioat/dma.h 2009-12-02 22:51:21.000000000 -0500
22271 +++ linux-2.6.32.1/drivers/dma/ioat/dma.h 2009-12-14 18:33:53.470726264 -0500
22272 @@ -329,7 +329,7 @@ bool ioat_cleanup_preamble(struct ioat_c
22273 unsigned long *phys_complete);
22274 void ioat_kobject_add(struct ioatdma_device *device, struct kobj_type *type);
22275 void ioat_kobject_del(struct ioatdma_device *device);
22276 -extern struct sysfs_ops ioat_sysfs_ops;
22277 +extern const struct sysfs_ops ioat_sysfs_ops;
22278 extern struct ioat_sysfs_entry ioat_version_attr;
22279 extern struct ioat_sysfs_entry ioat_cap_attr;
22280 #endif /* IOATDMA_H */
22281 diff -urNp linux-2.6.32.1/drivers/edac/edac_core.h linux-2.6.32.1/drivers/edac/edac_core.h
22282 --- linux-2.6.32.1/drivers/edac/edac_core.h 2009-12-02 22:51:21.000000000 -0500
22283 +++ linux-2.6.32.1/drivers/edac/edac_core.h 2009-12-14 18:33:53.485857498 -0500
22284 @@ -99,11 +99,11 @@ extern int edac_debug_level;
22286 #else /* !CONFIG_EDAC_DEBUG */
22288 -#define debugf0( ... )
22289 -#define debugf1( ... )
22290 -#define debugf2( ... )
22291 -#define debugf3( ... )
22292 -#define debugf4( ... )
22293 +#define debugf0( ... ) do {} while (0)
22294 +#define debugf1( ... ) do {} while (0)
22295 +#define debugf2( ... ) do {} while (0)
22296 +#define debugf3( ... ) do {} while (0)
22297 +#define debugf4( ... ) do {} while (0)
22299 #endif /* !CONFIG_EDAC_DEBUG */
22301 diff -urNp linux-2.6.32.1/drivers/edac/edac_device_sysfs.c linux-2.6.32.1/drivers/edac/edac_device_sysfs.c
22302 --- linux-2.6.32.1/drivers/edac/edac_device_sysfs.c 2009-12-02 22:51:21.000000000 -0500
22303 +++ linux-2.6.32.1/drivers/edac/edac_device_sysfs.c 2009-12-14 18:33:53.495749328 -0500
22304 @@ -137,7 +137,7 @@ static ssize_t edac_dev_ctl_info_store(s
22307 /* edac_dev file operations for an 'ctl_info' */
22308 -static struct sysfs_ops device_ctl_info_ops = {
22309 +static const struct sysfs_ops device_ctl_info_ops = {
22310 .show = edac_dev_ctl_info_show,
22311 .store = edac_dev_ctl_info_store
22313 @@ -373,7 +373,7 @@ static ssize_t edac_dev_instance_store(s
22316 /* edac_dev file operations for an 'instance' */
22317 -static struct sysfs_ops device_instance_ops = {
22318 +static const struct sysfs_ops device_instance_ops = {
22319 .show = edac_dev_instance_show,
22320 .store = edac_dev_instance_store
22322 @@ -476,7 +476,7 @@ static ssize_t edac_dev_block_store(stru
22325 /* edac_dev file operations for a 'block' */
22326 -static struct sysfs_ops device_block_ops = {
22327 +static const struct sysfs_ops device_block_ops = {
22328 .show = edac_dev_block_show,
22329 .store = edac_dev_block_store
22331 diff -urNp linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c
22332 --- linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c 2009-12-02 22:51:21.000000000 -0500
22333 +++ linux-2.6.32.1/drivers/edac/edac_mc_sysfs.c 2009-12-14 18:33:53.501894531 -0500
22334 @@ -245,7 +245,7 @@ static ssize_t csrowdev_store(struct kob
22338 -static struct sysfs_ops csrowfs_ops = {
22339 +static const struct sysfs_ops csrowfs_ops = {
22340 .show = csrowdev_show,
22341 .store = csrowdev_store
22343 @@ -575,7 +575,7 @@ static ssize_t mcidev_store(struct kobje
22346 /* Intermediate show/store table */
22347 -static struct sysfs_ops mci_ops = {
22348 +static const struct sysfs_ops mci_ops = {
22349 .show = mcidev_show,
22350 .store = mcidev_store
22352 diff -urNp linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c
22353 --- linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c 2009-12-02 22:51:21.000000000 -0500
22354 +++ linux-2.6.32.1/drivers/edac/edac_pci_sysfs.c 2009-12-14 18:33:53.510878837 -0500
22355 @@ -121,7 +121,7 @@ static ssize_t edac_pci_instance_store(s
22359 -static struct sysfs_ops pci_instance_ops = {
22360 +static const struct sysfs_ops pci_instance_ops = {
22361 .show = edac_pci_instance_show,
22362 .store = edac_pci_instance_store
22364 @@ -261,7 +261,7 @@ static ssize_t edac_pci_dev_store(struct
22368 -static struct sysfs_ops edac_pci_sysfs_ops = {
22369 +static const struct sysfs_ops edac_pci_sysfs_ops = {
22370 .show = edac_pci_dev_show,
22371 .store = edac_pci_dev_store
22373 diff -urNp linux-2.6.32.1/drivers/firmware/dmi_scan.c linux-2.6.32.1/drivers/firmware/dmi_scan.c
22374 --- linux-2.6.32.1/drivers/firmware/dmi_scan.c 2009-12-02 22:51:21.000000000 -0500
22375 +++ linux-2.6.32.1/drivers/firmware/dmi_scan.c 2009-12-14 18:33:53.521738420 -0500
22376 @@ -391,11 +391,6 @@ void __init dmi_scan_machine(void)
22381 - * no iounmap() for that ioremap(); it would be a no-op, but
22382 - * it's so early in setup that sucker gets confused into doing
22383 - * what it shouldn't if we actually call it.
22385 p = dmi_ioremap(0xF0000, 0x10000);
22388 diff -urNp linux-2.6.32.1/drivers/firmware/edd.c linux-2.6.32.1/drivers/firmware/edd.c
22389 --- linux-2.6.32.1/drivers/firmware/edd.c 2009-12-02 22:51:21.000000000 -0500
22390 +++ linux-2.6.32.1/drivers/firmware/edd.c 2009-12-14 18:33:53.521738420 -0500
22391 @@ -122,7 +122,7 @@ edd_attr_show(struct kobject * kobj, str
22395 -static struct sysfs_ops edd_attr_ops = {
22396 +static const struct sysfs_ops edd_attr_ops = {
22397 .show = edd_attr_show,
22400 diff -urNp linux-2.6.32.1/drivers/firmware/efivars.c linux-2.6.32.1/drivers/firmware/efivars.c
22401 --- linux-2.6.32.1/drivers/firmware/efivars.c 2009-12-02 22:51:21.000000000 -0500
22402 +++ linux-2.6.32.1/drivers/firmware/efivars.c 2009-12-14 18:33:53.532799691 -0500
22403 @@ -362,7 +362,7 @@ static ssize_t efivar_attr_store(struct
22407 -static struct sysfs_ops efivar_attr_ops = {
22408 +static const struct sysfs_ops efivar_attr_ops = {
22409 .show = efivar_attr_show,
22410 .store = efivar_attr_store,
22412 diff -urNp linux-2.6.32.1/drivers/firmware/iscsi_ibft.c linux-2.6.32.1/drivers/firmware/iscsi_ibft.c
22413 --- linux-2.6.32.1/drivers/firmware/iscsi_ibft.c 2009-12-02 22:51:21.000000000 -0500
22414 +++ linux-2.6.32.1/drivers/firmware/iscsi_ibft.c 2009-12-14 18:33:53.551823841 -0500
22415 @@ -525,7 +525,7 @@ static ssize_t ibft_show_attribute(struc
22419 -static struct sysfs_ops ibft_attr_ops = {
22420 +static const struct sysfs_ops ibft_attr_ops = {
22421 .show = ibft_show_attribute,
22424 diff -urNp linux-2.6.32.1/drivers/firmware/memmap.c linux-2.6.32.1/drivers/firmware/memmap.c
22425 --- linux-2.6.32.1/drivers/firmware/memmap.c 2009-12-02 22:51:21.000000000 -0500
22426 +++ linux-2.6.32.1/drivers/firmware/memmap.c 2009-12-14 18:33:53.553727803 -0500
22427 @@ -74,7 +74,7 @@ static struct attribute *def_attrs[] = {
22431 -static struct sysfs_ops memmap_attr_ops = {
22432 +static const struct sysfs_ops memmap_attr_ops = {
22433 .show = memmap_attr_show,
22436 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_drv.c linux-2.6.32.1/drivers/gpu/drm/drm_drv.c
22437 --- linux-2.6.32.1/drivers/gpu/drm/drm_drv.c 2009-12-02 22:51:21.000000000 -0500
22438 +++ linux-2.6.32.1/drivers/gpu/drm/drm_drv.c 2009-12-14 18:33:53.572891729 -0500
22439 @@ -417,7 +417,7 @@ int drm_ioctl(struct inode *inode, struc
22440 char *kdata = NULL;
22442 atomic_inc(&dev->ioctl_count);
22443 - atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]);
22444 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]);
22445 ++file_priv->ioctl_count;
22447 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
22448 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_fops.c linux-2.6.32.1/drivers/gpu/drm/drm_fops.c
22449 --- linux-2.6.32.1/drivers/gpu/drm/drm_fops.c 2009-12-02 22:51:21.000000000 -0500
22450 +++ linux-2.6.32.1/drivers/gpu/drm/drm_fops.c 2009-12-14 18:33:53.588910549 -0500
22451 @@ -66,7 +66,7 @@ static int drm_setup(struct drm_device *
22454 for (i = 0; i < ARRAY_SIZE(dev->counts); i++)
22455 - atomic_set(&dev->counts[i], 0);
22456 + atomic_set_unchecked(&dev->counts[i], 0);
22458 dev->sigdata.lock = NULL;
22460 @@ -130,9 +130,9 @@ int drm_open(struct inode *inode, struct
22462 retcode = drm_open_helper(inode, filp, dev);
22464 - atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
22465 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
22466 spin_lock(&dev->count_lock);
22467 - if (!dev->open_count++) {
22468 + if (atomic_inc_return(&dev->open_count) == 1) {
22469 spin_unlock(&dev->count_lock);
22470 retcode = drm_setup(dev);
22472 @@ -433,7 +433,7 @@ int drm_release(struct inode *inode, str
22476 - DRM_DEBUG("open_count = %d\n", dev->open_count);
22477 + DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count));
22479 if (dev->driver->preclose)
22480 dev->driver->preclose(dev, file_priv);
22481 @@ -445,7 +445,7 @@ int drm_release(struct inode *inode, str
22482 DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
22483 task_pid_nr(current),
22484 (long)old_encode_dev(file_priv->minor->device),
22485 - dev->open_count);
22486 + atomic_read(&dev->open_count));
22488 /* if the master has gone away we can't do anything with the lock */
22489 if (file_priv->minor->master)
22490 @@ -522,9 +522,9 @@ int drm_release(struct inode *inode, str
22491 * End inline drm_release
22494 - atomic_inc(&dev->counts[_DRM_STAT_CLOSES]);
22495 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
22496 spin_lock(&dev->count_lock);
22497 - if (!--dev->open_count) {
22498 + if (atomic_dec_and_test(&dev->open_count)) {
22499 if (atomic_read(&dev->ioctl_count)) {
22500 DRM_ERROR("Device busy: %d\n",
22501 atomic_read(&dev->ioctl_count));
22502 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c
22503 --- linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c 2009-12-02 22:51:21.000000000 -0500
22504 +++ linux-2.6.32.1/drivers/gpu/drm/drm_ioctl.c 2009-12-14 18:33:53.608913123 -0500
22505 @@ -283,7 +283,7 @@ int drm_getstats(struct drm_device *dev,
22506 stats->data[i].value =
22507 (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0);
22509 - stats->data[i].value = atomic_read(&dev->counts[i]);
22510 + stats->data[i].value = atomic_read_unchecked(&dev->counts[i]);
22511 stats->data[i].type = dev->types[i];
22514 diff -urNp linux-2.6.32.1/drivers/gpu/drm/drm_lock.c linux-2.6.32.1/drivers/gpu/drm/drm_lock.c
22515 --- linux-2.6.32.1/drivers/gpu/drm/drm_lock.c 2009-12-02 22:51:21.000000000 -0500
22516 +++ linux-2.6.32.1/drivers/gpu/drm/drm_lock.c 2009-12-14 18:33:53.616909727 -0500
22517 @@ -87,7 +87,7 @@ int drm_lock(struct drm_device *dev, voi
22518 if (drm_lock_take(&master->lock, lock->context)) {
22519 master->lock.file_priv = file_priv;
22520 master->lock.lock_time = jiffies;
22521 - atomic_inc(&dev->counts[_DRM_STAT_LOCKS]);
22522 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_LOCKS]);
22523 break; /* Got lock */
22526 @@ -165,7 +165,7 @@ int drm_unlock(struct drm_device *dev, v
22530 - atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
22531 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_UNLOCKS]);
22533 /* kernel_context_switch isn't used by any of the x86 drm
22534 * modules but is required by the Sparc driver.
22535 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c
22536 --- linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c 2009-12-02 22:51:21.000000000 -0500
22537 +++ linux-2.6.32.1/drivers/gpu/drm/i810/i810_dma.c 2009-12-14 18:33:53.638897561 -0500
22538 @@ -952,8 +952,8 @@ static int i810_dma_vertex(struct drm_de
22539 dma->buflist[vertex->idx],
22540 vertex->discard, vertex->used);
22542 - atomic_add(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
22543 - atomic_inc(&dev->counts[_DRM_STAT_DMA]);
22544 + atomic_add_unchecked(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
22545 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
22546 sarea_priv->last_enqueue = dev_priv->counter - 1;
22547 sarea_priv->last_dispatch = (int)hw_status[5];
22549 @@ -1115,8 +1115,8 @@ static int i810_dma_mc(struct drm_device
22550 i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
22553 - atomic_add(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
22554 - atomic_inc(&dev->counts[_DRM_STAT_DMA]);
22555 + atomic_add_unchecked(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
22556 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
22557 sarea_priv->last_enqueue = dev_priv->counter - 1;
22558 sarea_priv->last_dispatch = (int)hw_status[5];
22560 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c
22561 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c 2009-12-02 22:51:21.000000000 -0500
22562 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7017.c 2009-12-14 18:33:53.639841412 -0500
22563 @@ -443,7 +443,7 @@ static void ch7017_destroy(struct intel_
22567 -struct intel_dvo_dev_ops ch7017_ops = {
22568 +const struct intel_dvo_dev_ops ch7017_ops = {
22569 .init = ch7017_init,
22570 .detect = ch7017_detect,
22571 .mode_valid = ch7017_mode_valid,
22572 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c
22573 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c 2009-12-02 22:51:21.000000000 -0500
22574 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ch7xxx.c 2009-12-14 18:33:53.649915069 -0500
22575 @@ -356,7 +356,7 @@ static void ch7xxx_destroy(struct intel_
22579 -struct intel_dvo_dev_ops ch7xxx_ops = {
22580 +const struct intel_dvo_dev_ops ch7xxx_ops = {
22581 .init = ch7xxx_init,
22582 .detect = ch7xxx_detect,
22583 .mode_valid = ch7xxx_mode_valid,
22584 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h
22585 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h 2009-12-02 22:51:21.000000000 -0500
22586 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo.h 2009-12-14 18:33:53.651903938 -0500
22587 @@ -135,23 +135,23 @@ struct intel_dvo_dev_ops {
22589 * \return singly-linked list of modes or NULL if no modes found.
22591 - struct drm_display_mode *(*get_modes)(struct intel_dvo_device *dvo);
22592 + struct drm_display_mode *(* const get_modes)(struct intel_dvo_device *dvo);
22595 * Clean up driver-specific bits of the output
22597 - void (*destroy) (struct intel_dvo_device *dvo);
22598 + void (* const destroy) (struct intel_dvo_device *dvo);
22601 * Debugging hook to dump device registers to log file
22603 - void (*dump_regs)(struct intel_dvo_device *dvo);
22604 + void (* const dump_regs)(struct intel_dvo_device *dvo);
22607 -extern struct intel_dvo_dev_ops sil164_ops;
22608 -extern struct intel_dvo_dev_ops ch7xxx_ops;
22609 -extern struct intel_dvo_dev_ops ivch_ops;
22610 -extern struct intel_dvo_dev_ops tfp410_ops;
22611 -extern struct intel_dvo_dev_ops ch7017_ops;
22612 +extern const struct intel_dvo_dev_ops sil164_ops;
22613 +extern const struct intel_dvo_dev_ops ch7xxx_ops;
22614 +extern const struct intel_dvo_dev_ops ivch_ops;
22615 +extern const struct intel_dvo_dev_ops tfp410_ops;
22616 +extern const struct intel_dvo_dev_ops ch7017_ops;
22618 #endif /* _INTEL_DVO_H */
22619 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c
22620 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c 2009-12-02 22:51:21.000000000 -0500
22621 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_ivch.c 2009-12-14 18:33:53.652837364 -0500
22622 @@ -430,7 +430,7 @@ static void ivch_destroy(struct intel_dv
22626 -struct intel_dvo_dev_ops ivch_ops= {
22627 +const struct intel_dvo_dev_ops ivch_ops= {
22631 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c
22632 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c 2009-12-02 22:51:21.000000000 -0500
22633 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_sil164.c 2009-12-14 18:33:53.653698666 -0500
22634 @@ -290,7 +290,7 @@ static void sil164_destroy(struct intel_
22638 -struct intel_dvo_dev_ops sil164_ops = {
22639 +const struct intel_dvo_dev_ops sil164_ops = {
22640 .init = sil164_init,
22641 .detect = sil164_detect,
22642 .mode_valid = sil164_mode_valid,
22643 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c
22644 --- linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c 2009-12-02 22:51:21.000000000 -0500
22645 +++ linux-2.6.32.1/drivers/gpu/drm/i915/dvo_tfp410.c 2009-12-14 18:33:53.657792583 -0500
22646 @@ -323,7 +323,7 @@ static void tfp410_destroy(struct intel_
22650 -struct intel_dvo_dev_ops tfp410_ops = {
22651 +const struct intel_dvo_dev_ops tfp410_ops = {
22652 .init = tfp410_init,
22653 .detect = tfp410_detect,
22654 .mode_valid = tfp410_mode_valid,
22655 diff -urNp linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c
22656 --- linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c 2009-12-02 22:51:21.000000000 -0500
22657 +++ linux-2.6.32.1/drivers/gpu/drm/i915/i915_drv.c 2009-12-14 18:33:53.666913342 -0500
22658 @@ -284,7 +284,7 @@ i915_pci_resume(struct pci_dev *pdev)
22659 return i915_resume(dev);
22662 -static struct vm_operations_struct i915_gem_vm_ops = {
22663 +static const struct vm_operations_struct i915_gem_vm_ops = {
22664 .fault = i915_gem_fault,
22665 .open = drm_gem_vm_open,
22666 .close = drm_gem_vm_close,
22667 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c
22668 --- linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c 2009-12-02 22:51:21.000000000 -0500
22669 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/mkregtable.c 2009-12-14 18:33:53.695940128 -0500
22670 @@ -637,14 +637,14 @@ static int parser_auth(struct table *t,
22672 regmatch_t match[4];
22680 struct offset *offset;
22681 char last_reg_s[10];
22683 + unsigned long last_reg;
22686 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
22687 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c
22688 --- linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c 2009-12-02 22:51:21.000000000 -0500
22689 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_atombios.c 2009-12-14 18:33:53.710935550 -0500
22690 @@ -496,13 +496,13 @@ static uint16_t atombios_get_connector_o
22694 -struct bios_connector {
22695 +static struct bios_connector {
22699 int connector_type;
22700 struct radeon_i2c_bus_rec ddc_bus;
22702 +} bios_connectors[ATOM_MAX_SUPPORTED_DEVICE];
22704 bool radeon_get_atom_connector_info_from_supported_devices_table(struct
22706 @@ -518,7 +518,6 @@ bool radeon_get_atom_connector_info_from
22708 union atom_supported_devices *supported_devices;
22710 - struct bios_connector bios_connectors[ATOM_MAX_SUPPORTED_DEVICE];
22712 atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset);
22714 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c
22715 --- linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c 2009-12-02 22:51:21.000000000 -0500
22716 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_state.c 2009-12-14 18:33:53.753040028 -0500
22717 @@ -3014,7 +3014,7 @@ static int radeon_cp_getparam(struct drm
22719 drm_radeon_private_t *dev_priv = dev->dev_private;
22720 drm_radeon_getparam_t *param = data;
22724 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
22726 diff -urNp linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c
22727 --- linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c 2009-12-02 22:51:21.000000000 -0500
22728 +++ linux-2.6.32.1/drivers/gpu/drm/radeon/radeon_ttm.c 2009-12-14 18:33:53.759914568 -0500
22729 @@ -535,27 +535,10 @@ void radeon_ttm_fini(struct radeon_devic
22730 DRM_INFO("radeon: ttm finalized\n");
22733 -static struct vm_operations_struct radeon_ttm_vm_ops;
22734 -static const struct vm_operations_struct *ttm_vm_ops = NULL;
22736 -static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
22738 - struct ttm_buffer_object *bo;
22741 - bo = (struct ttm_buffer_object *)vma->vm_private_data;
22742 - if (bo == NULL) {
22743 - return VM_FAULT_NOPAGE;
22745 - r = ttm_vm_ops->fault(vma, vmf);
22749 int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
22751 struct drm_file *file_priv;
22752 struct radeon_device *rdev;
22755 if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) {
22756 return drm_mmap(filp, vma);
22757 @@ -563,20 +546,9 @@ int radeon_mmap(struct file *filp, struc
22759 file_priv = (struct drm_file *)filp->private_data;
22760 rdev = file_priv->minor->dev->dev_private;
22761 - if (rdev == NULL) {
22765 - r = ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
22766 - if (unlikely(r != 0)) {
22769 - if (unlikely(ttm_vm_ops == NULL)) {
22770 - ttm_vm_ops = vma->vm_ops;
22771 - radeon_ttm_vm_ops = *ttm_vm_ops;
22772 - radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
22774 - vma->vm_ops = &radeon_ttm_vm_ops;
22776 + return ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
22780 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c
22781 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c 2009-12-02 22:51:21.000000000 -0500
22782 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo.c 2009-12-14 18:33:53.790952799 -0500
22783 @@ -67,7 +67,7 @@ static struct attribute *ttm_bo_global_a
22787 -static struct sysfs_ops ttm_bo_global_ops = {
22788 +static const struct sysfs_ops ttm_bo_global_ops = {
22789 .show = &ttm_bo_global_show
22792 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c
22793 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c 2009-12-02 22:51:21.000000000 -0500
22794 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_bo_vm.c 2009-12-14 18:33:53.799846277 -0500
22795 @@ -73,7 +73,7 @@ static int ttm_bo_vm_fault(struct vm_are
22797 struct ttm_buffer_object *bo = (struct ttm_buffer_object *)
22798 vma->vm_private_data;
22799 - struct ttm_bo_device *bdev = bo->bdev;
22800 + struct ttm_bo_device *bdev;
22801 unsigned long bus_base;
22802 unsigned long bus_offset;
22803 unsigned long bus_size;
22804 @@ -88,6 +88,10 @@ static int ttm_bo_vm_fault(struct vm_are
22805 unsigned long address = (unsigned long)vmf->virtual_address;
22806 int retval = VM_FAULT_NOPAGE;
22809 + return VM_FAULT_NOPAGE;
22813 * Work around locking order reversal in fault / nopfn
22814 * between mmap_sem and bo_reserve: Perform a trylock operation
22815 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c
22816 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c 2009-12-02 22:51:21.000000000 -0500
22817 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_global.c 2009-12-14 18:33:53.800702145 -0500
22819 struct ttm_global_item {
22820 struct mutex mutex;
22823 + atomic_t refcount;
22826 static struct ttm_global_item glob[TTM_GLOBAL_NUM];
22827 @@ -49,7 +49,7 @@ void ttm_global_init(void)
22828 struct ttm_global_item *item = &glob[i];
22829 mutex_init(&item->mutex);
22830 item->object = NULL;
22831 - item->refcount = 0;
22832 + atomic_set(&item->refcount, 0);
22836 @@ -59,7 +59,7 @@ void ttm_global_release(void)
22837 for (i = 0; i < TTM_GLOBAL_NUM; ++i) {
22838 struct ttm_global_item *item = &glob[i];
22839 BUG_ON(item->object != NULL);
22840 - BUG_ON(item->refcount != 0);
22841 + BUG_ON(atomic_read(&item->refcount) != 0);
22845 @@ -70,7 +70,7 @@ int ttm_global_item_ref(struct ttm_globa
22848 mutex_lock(&item->mutex);
22849 - if (item->refcount == 0) {
22850 + if (atomic_read(&item->refcount) == 0) {
22851 item->object = kzalloc(ref->size, GFP_KERNEL);
22852 if (unlikely(item->object == NULL)) {
22854 @@ -83,7 +83,7 @@ int ttm_global_item_ref(struct ttm_globa
22858 - ++item->refcount;
22859 + atomic_inc(&item->refcount);
22860 ref->object = item->object;
22861 object = item->object;
22862 mutex_unlock(&item->mutex);
22863 @@ -100,9 +100,9 @@ void ttm_global_item_unref(struct ttm_gl
22864 struct ttm_global_item *item = &glob[ref->global_type];
22866 mutex_lock(&item->mutex);
22867 - BUG_ON(item->refcount == 0);
22868 + BUG_ON(atomic_read(&item->refcount) == 0);
22869 BUG_ON(ref->object != item->object);
22870 - if (--item->refcount == 0) {
22871 + if (atomic_dec_and_test(&item->refcount)) {
22873 item->object = NULL;
22875 diff -urNp linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c
22876 --- linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c 2009-12-02 22:51:21.000000000 -0500
22877 +++ linux-2.6.32.1/drivers/gpu/drm/ttm/ttm_memory.c 2009-12-14 18:33:53.815912678 -0500
22878 @@ -152,7 +152,7 @@ static struct attribute *ttm_mem_zone_at
22882 -static struct sysfs_ops ttm_mem_zone_ops = {
22883 +static const struct sysfs_ops ttm_mem_zone_ops = {
22884 .show = &ttm_mem_zone_show,
22885 .store = &ttm_mem_zone_store
22887 diff -urNp linux-2.6.32.1/drivers/hwmon/k8temp.c linux-2.6.32.1/drivers/hwmon/k8temp.c
22888 --- linux-2.6.32.1/drivers/hwmon/k8temp.c 2009-12-02 22:51:21.000000000 -0500
22889 +++ linux-2.6.32.1/drivers/hwmon/k8temp.c 2009-12-14 18:33:53.837839651 -0500
22890 @@ -138,7 +138,7 @@ static DEVICE_ATTR(name, S_IRUGO, show_n
22892 static struct pci_device_id k8temp_ids[] = {
22893 { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) },
22895 + { 0, 0, 0, 0, 0, 0, 0 },
22898 MODULE_DEVICE_TABLE(pci, k8temp_ids);
22899 diff -urNp linux-2.6.32.1/drivers/hwmon/sis5595.c linux-2.6.32.1/drivers/hwmon/sis5595.c
22900 --- linux-2.6.32.1/drivers/hwmon/sis5595.c 2009-12-02 22:51:21.000000000 -0500
22901 +++ linux-2.6.32.1/drivers/hwmon/sis5595.c 2009-12-14 18:33:53.850721491 -0500
22902 @@ -699,7 +699,7 @@ static struct sis5595_data *sis5595_upda
22904 static struct pci_device_id sis5595_pci_ids[] = {
22905 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
22907 + { 0, 0, 0, 0, 0, 0, 0 }
22910 MODULE_DEVICE_TABLE(pci, sis5595_pci_ids);
22911 diff -urNp linux-2.6.32.1/drivers/hwmon/via686a.c linux-2.6.32.1/drivers/hwmon/via686a.c
22912 --- linux-2.6.32.1/drivers/hwmon/via686a.c 2009-12-02 22:51:21.000000000 -0500
22913 +++ linux-2.6.32.1/drivers/hwmon/via686a.c 2009-12-14 18:33:53.854780877 -0500
22914 @@ -769,7 +769,7 @@ static struct via686a_data *via686a_upda
22916 static struct pci_device_id via686a_pci_ids[] = {
22917 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_82C686_4) },
22919 + { 0, 0, 0, 0, 0, 0, 0 }
22922 MODULE_DEVICE_TABLE(pci, via686a_pci_ids);
22923 diff -urNp linux-2.6.32.1/drivers/hwmon/vt8231.c linux-2.6.32.1/drivers/hwmon/vt8231.c
22924 --- linux-2.6.32.1/drivers/hwmon/vt8231.c 2009-12-02 22:51:21.000000000 -0500
22925 +++ linux-2.6.32.1/drivers/hwmon/vt8231.c 2009-12-14 18:33:53.875735911 -0500
22926 @@ -699,7 +699,7 @@ static struct platform_driver vt8231_dri
22928 static struct pci_device_id vt8231_pci_ids[] = {
22929 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_8231_4) },
22931 + { 0, 0, 0, 0, 0, 0, 0 }
22934 MODULE_DEVICE_TABLE(pci, vt8231_pci_ids);
22935 diff -urNp linux-2.6.32.1/drivers/hwmon/w83791d.c linux-2.6.32.1/drivers/hwmon/w83791d.c
22936 --- linux-2.6.32.1/drivers/hwmon/w83791d.c 2009-12-02 22:51:21.000000000 -0500
22937 +++ linux-2.6.32.1/drivers/hwmon/w83791d.c 2009-12-14 18:33:53.884931052 -0500
22938 @@ -330,8 +330,8 @@ static int w83791d_detect(struct i2c_cli
22939 struct i2c_board_info *info);
22940 static int w83791d_remove(struct i2c_client *client);
22942 -static int w83791d_read(struct i2c_client *client, u8 register);
22943 -static int w83791d_write(struct i2c_client *client, u8 register, u8 value);
22944 +static int w83791d_read(struct i2c_client *client, u8 reg);
22945 +static int w83791d_write(struct i2c_client *client, u8 reg, u8 value);
22946 static struct w83791d_data *w83791d_update_device(struct device *dev);
22949 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c
22950 --- linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c 2009-12-02 22:51:21.000000000 -0500
22951 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-i801.c 2009-12-14 18:33:53.906972021 -0500
22952 @@ -578,7 +578,7 @@ static struct pci_device_id i801_ids[] =
22953 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_4) },
22954 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_5) },
22955 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PCH_SMBUS) },
22957 + { 0, 0, 0, 0, 0, 0, 0 }
22960 MODULE_DEVICE_TABLE (pci, i801_ids);
22961 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c
22962 --- linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c 2009-12-02 22:51:21.000000000 -0500
22963 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-piix4.c 2009-12-14 18:33:53.918718926 -0500
22964 @@ -124,7 +124,7 @@ static struct dmi_system_id __devinitdat
22966 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
22969 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
22972 static int __devinit piix4_setup(struct pci_dev *PIIX4_dev,
22973 @@ -491,7 +491,7 @@ static struct pci_device_id piix4_ids[]
22974 PCI_DEVICE_ID_SERVERWORKS_HT1000SB) },
22975 { PCI_DEVICE(PCI_VENDOR_ID_SERVERWORKS,
22976 PCI_DEVICE_ID_SERVERWORKS_HT1100LD) },
22978 + { 0, 0, 0, 0, 0, 0, 0 }
22981 MODULE_DEVICE_TABLE (pci, piix4_ids);
22982 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c
22983 --- linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c 2009-12-02 22:51:21.000000000 -0500
22984 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-sis630.c 2009-12-14 18:33:53.925070570 -0500
22985 @@ -471,7 +471,7 @@ static struct i2c_adapter sis630_adapter
22986 static struct pci_device_id sis630_ids[] __devinitdata = {
22987 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
22988 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_LPC) },
22990 + { 0, 0, 0, 0, 0, 0, 0 }
22993 MODULE_DEVICE_TABLE (pci, sis630_ids);
22994 diff -urNp linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c
22995 --- linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c 2009-12-02 22:51:21.000000000 -0500
22996 +++ linux-2.6.32.1/drivers/i2c/busses/i2c-sis96x.c 2009-12-14 18:33:53.931866082 -0500
22997 @@ -247,7 +247,7 @@ static struct i2c_adapter sis96x_adapter
22999 static struct pci_device_id sis96x_ids[] = {
23000 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_SMBUS) },
23002 + { 0, 0, 0, 0, 0, 0, 0 }
23005 MODULE_DEVICE_TABLE (pci, sis96x_ids);
23006 diff -urNp linux-2.6.32.1/drivers/ide/ide-cd.c linux-2.6.32.1/drivers/ide/ide-cd.c
23007 --- linux-2.6.32.1/drivers/ide/ide-cd.c 2009-12-02 22:51:21.000000000 -0500
23008 +++ linux-2.6.32.1/drivers/ide/ide-cd.c 2009-12-14 18:33:53.955714837 -0500
23009 @@ -766,7 +766,7 @@ static void cdrom_do_block_pc(ide_drive_
23010 alignment = queue_dma_alignment(q) | q->dma_pad_mask;
23011 if ((unsigned long)buf & alignment
23012 || blk_rq_bytes(rq) & q->dma_pad_mask
23013 - || object_is_on_stack(buf))
23014 + || object_starts_on_stack(buf))
23018 diff -urNp linux-2.6.32.1/drivers/ieee1394/dv1394.c linux-2.6.32.1/drivers/ieee1394/dv1394.c
23019 --- linux-2.6.32.1/drivers/ieee1394/dv1394.c 2009-12-02 22:51:21.000000000 -0500
23020 +++ linux-2.6.32.1/drivers/ieee1394/dv1394.c 2009-12-14 18:33:53.975925674 -0500
23021 @@ -739,7 +739,7 @@ static void frame_prepare(struct video_c
23022 based upon DIF section and sequence
23025 -static void inline
23026 +static inline void
23027 frame_put_packet (struct frame *f, struct packet *p)
23029 int section_type = p->data[0] >> 5; /* section type is in bits 5 - 7 */
23030 @@ -2178,7 +2178,7 @@ static const struct ieee1394_device_id d
23031 .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
23032 .version = AVC_SW_VERSION_ENTRY & 0xffffff
23035 + { 0, 0, 0, 0, 0, 0 }
23038 MODULE_DEVICE_TABLE(ieee1394, dv1394_id_table);
23039 diff -urNp linux-2.6.32.1/drivers/ieee1394/eth1394.c linux-2.6.32.1/drivers/ieee1394/eth1394.c
23040 --- linux-2.6.32.1/drivers/ieee1394/eth1394.c 2009-12-02 22:51:21.000000000 -0500
23041 +++ linux-2.6.32.1/drivers/ieee1394/eth1394.c 2009-12-14 18:33:53.990866635 -0500
23042 @@ -446,7 +446,7 @@ static const struct ieee1394_device_id e
23043 .specifier_id = ETHER1394_GASP_SPECIFIER_ID,
23044 .version = ETHER1394_GASP_VERSION,
23047 + { 0, 0, 0, 0, 0, 0 }
23050 MODULE_DEVICE_TABLE(ieee1394, eth1394_id_table);
23051 diff -urNp linux-2.6.32.1/drivers/ieee1394/hosts.c linux-2.6.32.1/drivers/ieee1394/hosts.c
23052 --- linux-2.6.32.1/drivers/ieee1394/hosts.c 2009-12-02 22:51:21.000000000 -0500
23053 +++ linux-2.6.32.1/drivers/ieee1394/hosts.c 2009-12-14 18:33:53.993836998 -0500
23054 @@ -78,6 +78,7 @@ static int dummy_isoctl(struct hpsb_iso
23057 static struct hpsb_host_driver dummy_driver = {
23059 .transmit_packet = dummy_transmit_packet,
23060 .devctl = dummy_devctl,
23061 .isoctl = dummy_isoctl
23062 diff -urNp linux-2.6.32.1/drivers/ieee1394/ohci1394.c linux-2.6.32.1/drivers/ieee1394/ohci1394.c
23063 --- linux-2.6.32.1/drivers/ieee1394/ohci1394.c 2009-12-02 22:51:21.000000000 -0500
23064 +++ linux-2.6.32.1/drivers/ieee1394/ohci1394.c 2009-12-14 18:33:54.019740665 -0500
23065 @@ -147,9 +147,9 @@ printk(level "%s: " fmt "\n" , OHCI1394_
23066 printk(level "%s: fw-host%d: " fmt "\n" , OHCI1394_DRIVER_NAME, ohci->host->id , ## args)
23068 /* Module Parameters */
23069 -static int phys_dma = 1;
23070 +static int phys_dma;
23071 module_param(phys_dma, int, 0444);
23072 -MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 1).");
23073 +MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 0).");
23075 static void dma_trm_tasklet(unsigned long data);
23076 static void dma_trm_reset(struct dma_trm_ctx *d);
23077 @@ -3449,7 +3449,7 @@ static struct pci_device_id ohci1394_pci
23078 .subvendor = PCI_ANY_ID,
23079 .subdevice = PCI_ANY_ID,
23082 + { 0, 0, 0, 0, 0, 0, 0 },
23085 MODULE_DEVICE_TABLE(pci, ohci1394_pci_tbl);
23086 diff -urNp linux-2.6.32.1/drivers/ieee1394/raw1394.c linux-2.6.32.1/drivers/ieee1394/raw1394.c
23087 --- linux-2.6.32.1/drivers/ieee1394/raw1394.c 2009-12-02 22:51:21.000000000 -0500
23088 +++ linux-2.6.32.1/drivers/ieee1394/raw1394.c 2009-12-14 18:33:54.021823202 -0500
23089 @@ -3002,7 +3002,7 @@ static const struct ieee1394_device_id r
23090 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
23091 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
23092 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
23094 + { 0, 0, 0, 0, 0, 0 }
23097 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
23098 diff -urNp linux-2.6.32.1/drivers/ieee1394/sbp2.c linux-2.6.32.1/drivers/ieee1394/sbp2.c
23099 --- linux-2.6.32.1/drivers/ieee1394/sbp2.c 2009-12-02 22:51:21.000000000 -0500
23100 +++ linux-2.6.32.1/drivers/ieee1394/sbp2.c 2009-12-14 18:33:54.041973386 -0500
23101 @@ -290,7 +290,7 @@ static const struct ieee1394_device_id s
23102 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
23103 .specifier_id = SBP2_UNIT_SPEC_ID_ENTRY & 0xffffff,
23104 .version = SBP2_SW_VERSION_ENTRY & 0xffffff},
23106 + { 0, 0, 0, 0, 0, 0 }
23108 MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);
23110 @@ -2111,7 +2111,7 @@ MODULE_DESCRIPTION("IEEE-1394 SBP-2 prot
23111 MODULE_SUPPORTED_DEVICE(SBP2_DEVICE_NAME);
23112 MODULE_LICENSE("GPL");
23114 -static int sbp2_module_init(void)
23115 +static int __init sbp2_module_init(void)
23119 diff -urNp linux-2.6.32.1/drivers/ieee1394/video1394.c linux-2.6.32.1/drivers/ieee1394/video1394.c
23120 --- linux-2.6.32.1/drivers/ieee1394/video1394.c 2009-12-02 22:51:21.000000000 -0500
23121 +++ linux-2.6.32.1/drivers/ieee1394/video1394.c 2009-12-14 18:33:54.056833945 -0500
23122 @@ -1311,7 +1311,7 @@ static const struct ieee1394_device_id v
23123 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
23124 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff
23127 + { 0, 0, 0, 0, 0, 0 }
23130 MODULE_DEVICE_TABLE(ieee1394, video1394_id_table);
23131 diff -urNp linux-2.6.32.1/drivers/infiniband/core/cm.c linux-2.6.32.1/drivers/infiniband/core/cm.c
23132 --- linux-2.6.32.1/drivers/infiniband/core/cm.c 2009-12-02 22:51:21.000000000 -0500
23133 +++ linux-2.6.32.1/drivers/infiniband/core/cm.c 2009-12-14 18:33:54.074829229 -0500
23134 @@ -3597,7 +3597,7 @@ static ssize_t cm_show_counter(struct ko
23135 atomic_long_read(&group->counter[cm_attr->index]));
23138 -static struct sysfs_ops cm_counter_ops = {
23139 +static const struct sysfs_ops cm_counter_ops = {
23140 .show = cm_show_counter
23143 diff -urNp linux-2.6.32.1/drivers/infiniband/core/sysfs.c linux-2.6.32.1/drivers/infiniband/core/sysfs.c
23144 --- linux-2.6.32.1/drivers/infiniband/core/sysfs.c 2009-12-02 22:51:21.000000000 -0500
23145 +++ linux-2.6.32.1/drivers/infiniband/core/sysfs.c 2009-12-14 18:33:54.090967930 -0500
23146 @@ -79,7 +79,7 @@ static ssize_t port_attr_show(struct kob
23147 return port_attr->show(p, port_attr, buf);
23150 -static struct sysfs_ops port_sysfs_ops = {
23151 +static const struct sysfs_ops port_sysfs_ops = {
23152 .show = port_attr_show
23155 diff -urNp linux-2.6.32.1/drivers/input/keyboard/atkbd.c linux-2.6.32.1/drivers/input/keyboard/atkbd.c
23156 --- linux-2.6.32.1/drivers/input/keyboard/atkbd.c 2009-12-02 22:51:21.000000000 -0500
23157 +++ linux-2.6.32.1/drivers/input/keyboard/atkbd.c 2009-12-14 18:33:54.119950593 -0500
23158 @@ -1212,7 +1212,7 @@ static struct serio_device_id atkbd_seri
23160 .extra = SERIO_ANY,
23166 MODULE_DEVICE_TABLE(serio, atkbd_serio_ids);
23167 diff -urNp linux-2.6.32.1/drivers/input/mouse/lifebook.c linux-2.6.32.1/drivers/input/mouse/lifebook.c
23168 --- linux-2.6.32.1/drivers/input/mouse/lifebook.c 2009-12-02 22:51:21.000000000 -0500
23169 +++ linux-2.6.32.1/drivers/input/mouse/lifebook.c 2009-12-14 18:33:54.128740292 -0500
23170 @@ -115,7 +115,7 @@ static const struct dmi_system_id lifebo
23171 DMI_MATCH(DMI_PRODUCT_NAME, "LifeBook B142"),
23175 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
23178 static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
23179 diff -urNp linux-2.6.32.1/drivers/input/mouse/psmouse-base.c linux-2.6.32.1/drivers/input/mouse/psmouse-base.c
23180 --- linux-2.6.32.1/drivers/input/mouse/psmouse-base.c 2009-12-02 22:51:21.000000000 -0500
23181 +++ linux-2.6.32.1/drivers/input/mouse/psmouse-base.c 2009-12-14 18:33:54.140878695 -0500
23182 @@ -1407,7 +1407,7 @@ static struct serio_device_id psmouse_se
23184 .extra = SERIO_ANY,
23190 MODULE_DEVICE_TABLE(serio, psmouse_serio_ids);
23191 diff -urNp linux-2.6.32.1/drivers/input/mouse/synaptics.c linux-2.6.32.1/drivers/input/mouse/synaptics.c
23192 --- linux-2.6.32.1/drivers/input/mouse/synaptics.c 2009-12-02 22:51:21.000000000 -0500
23193 +++ linux-2.6.32.1/drivers/input/mouse/synaptics.c 2009-12-14 18:33:54.160959318 -0500
23194 @@ -437,7 +437,7 @@ static void synaptics_process_packet(str
23197 if (SYN_MODEL_PEN(priv->model_id))
23198 - ; /* Nothing, treat a pen as a single finger */
23199 + break; /* Nothing, treat a pen as a single finger */
23202 if (SYN_CAP_PALMDETECT(priv->capabilities))
23203 @@ -652,7 +652,6 @@ static const struct dmi_system_id toshib
23204 DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
23205 DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE M300"),
23210 .ident = "Toshiba Portege M300",
23211 @@ -661,9 +660,8 @@ static const struct dmi_system_id toshib
23212 DMI_MATCH(DMI_PRODUCT_NAME, "Portable PC"),
23213 DMI_MATCH(DMI_PRODUCT_VERSION, "Version 1.0"),
23218 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23222 diff -urNp linux-2.6.32.1/drivers/input/mousedev.c linux-2.6.32.1/drivers/input/mousedev.c
23223 --- linux-2.6.32.1/drivers/input/mousedev.c 2009-12-02 22:51:21.000000000 -0500
23224 +++ linux-2.6.32.1/drivers/input/mousedev.c 2009-12-14 18:33:54.205808151 -0500
23225 @@ -1057,7 +1057,7 @@ static struct input_handler mousedev_han
23227 #ifdef CONFIG_INPUT_MOUSEDEV_PSAUX
23228 static struct miscdevice psaux_mouse = {
23229 - PSMOUSE_MINOR, "psaux", &mousedev_fops
23230 + PSMOUSE_MINOR, "psaux", &mousedev_fops, {NULL, NULL}, NULL, NULL
23232 static int psaux_registered;
23234 diff -urNp linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h
23235 --- linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h 2009-12-02 22:51:21.000000000 -0500
23236 +++ linux-2.6.32.1/drivers/input/serio/i8042-x86ia64io.h 2009-12-14 18:33:54.222735325 -0500
23237 @@ -167,7 +167,7 @@ static struct dmi_system_id __initdata i
23238 DMI_MATCH(DMI_PRODUCT_VERSION, "Rev 1"),
23242 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23246 @@ -401,7 +401,7 @@ static struct dmi_system_id __initdata i
23247 DMI_MATCH(DMI_PRODUCT_VERSION, "0100"),
23251 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23254 static struct dmi_system_id __initdata i8042_dmi_reset_table[] = {
23255 @@ -468,7 +468,7 @@ static struct dmi_system_id __initdata i
23256 DMI_MATCH(DMI_PRODUCT_NAME, "Vostro 1720"),
23260 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23264 @@ -487,7 +487,7 @@ static struct dmi_system_id __initdata i
23265 DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"),
23269 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23272 static struct dmi_system_id __initdata i8042_dmi_laptop_table[] = {
23273 @@ -515,7 +515,7 @@ static struct dmi_system_id __initdata i
23274 DMI_MATCH(DMI_CHASSIS_TYPE, "14"), /* Sub-Notebook */
23278 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23282 @@ -582,7 +582,7 @@ static struct dmi_system_id __initdata i
23283 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 4280"),
23287 + { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
23290 #endif /* CONFIG_X86 */
23291 diff -urNp linux-2.6.32.1/drivers/input/serio/serio_raw.c linux-2.6.32.1/drivers/input/serio/serio_raw.c
23292 --- linux-2.6.32.1/drivers/input/serio/serio_raw.c 2009-12-02 22:51:21.000000000 -0500
23293 +++ linux-2.6.32.1/drivers/input/serio/serio_raw.c 2009-12-14 18:33:54.231961669 -0500
23294 @@ -377,7 +377,7 @@ static struct serio_device_id serio_raw_
23296 .extra = SERIO_ANY,
23302 MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
23303 diff -urNp linux-2.6.32.1/drivers/isdn/gigaset/common.c linux-2.6.32.1/drivers/isdn/gigaset/common.c
23304 --- linux-2.6.32.1/drivers/isdn/gigaset/common.c 2009-12-02 22:51:21.000000000 -0500
23305 +++ linux-2.6.32.1/drivers/isdn/gigaset/common.c 2009-12-14 18:33:54.250965221 -0500
23306 @@ -712,7 +712,7 @@ struct cardstate *gigaset_initcs(struct
23307 cs->commands_pending = 0;
23308 cs->cur_at_seq = 0;
23310 - cs->open_count = 0;
23311 + atomic_set(&cs->open_count, 0);
23314 cs->tty_dev = NULL;
23315 diff -urNp linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h
23316 --- linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h 2009-12-02 22:51:21.000000000 -0500
23317 +++ linux-2.6.32.1/drivers/isdn/gigaset/gigaset.h 2009-12-14 18:33:54.271752322 -0500
23318 @@ -446,7 +446,7 @@ struct cardstate {
23319 spinlock_t cmdlock;
23320 unsigned curlen, cmdbytes;
23322 - unsigned open_count;
23323 + atomic_t open_count;
23324 struct tty_struct *tty;
23325 struct tasklet_struct if_wake_tasklet;
23326 unsigned control_state;
23327 diff -urNp linux-2.6.32.1/drivers/isdn/gigaset/interface.c linux-2.6.32.1/drivers/isdn/gigaset/interface.c
23328 --- linux-2.6.32.1/drivers/isdn/gigaset/interface.c 2009-12-02 22:51:21.000000000 -0500
23329 +++ linux-2.6.32.1/drivers/isdn/gigaset/interface.c 2009-12-14 18:33:54.279961033 -0500
23330 @@ -165,9 +165,7 @@ static int if_open(struct tty_struct *tt
23331 return -ERESTARTSYS; // FIXME -EINTR?
23332 tty->driver_data = cs;
23334 - ++cs->open_count;
23336 - if (cs->open_count == 1) {
23337 + if (atomic_inc_return(&cs->open_count) == 1) {
23338 spin_lock_irqsave(&cs->lock, flags);
23340 spin_unlock_irqrestore(&cs->lock, flags);
23341 @@ -195,10 +193,10 @@ static void if_close(struct tty_struct *
23343 if (!cs->connected)
23344 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23345 - else if (!cs->open_count)
23346 + else if (!atomic_read(&cs->open_count))
23347 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23349 - if (!--cs->open_count) {
23350 + if (!atomic_dec_return(&cs->open_count)) {
23351 spin_lock_irqsave(&cs->lock, flags);
23353 spin_unlock_irqrestore(&cs->lock, flags);
23354 @@ -233,7 +231,7 @@ static int if_ioctl(struct tty_struct *t
23355 if (!cs->connected) {
23356 gig_dbg(DEBUG_IF, "not connected");
23358 - } else if (!cs->open_count)
23359 + } else if (!atomic_read(&cs->open_count))
23360 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23363 @@ -361,7 +359,7 @@ static int if_write(struct tty_struct *t
23364 if (!cs->connected) {
23365 gig_dbg(DEBUG_IF, "not connected");
23367 - } else if (!cs->open_count)
23368 + } else if (!atomic_read(&cs->open_count))
23369 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23370 else if (cs->mstate != MS_LOCKED) {
23371 dev_warn(cs->dev, "can't write to unlocked device\n");
23372 @@ -395,7 +393,7 @@ static int if_write_room(struct tty_stru
23373 if (!cs->connected) {
23374 gig_dbg(DEBUG_IF, "not connected");
23376 - } else if (!cs->open_count)
23377 + } else if (!atomic_read(&cs->open_count))
23378 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23379 else if (cs->mstate != MS_LOCKED) {
23380 dev_warn(cs->dev, "can't write to unlocked device\n");
23381 @@ -425,7 +423,7 @@ static int if_chars_in_buffer(struct tty
23383 if (!cs->connected)
23384 gig_dbg(DEBUG_IF, "not connected");
23385 - else if (!cs->open_count)
23386 + else if (!atomic_read(&cs->open_count))
23387 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23388 else if (cs->mstate != MS_LOCKED)
23389 dev_warn(cs->dev, "can't write to unlocked device\n");
23390 @@ -453,7 +451,7 @@ static void if_throttle(struct tty_struc
23392 if (!cs->connected)
23393 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23394 - else if (!cs->open_count)
23395 + else if (!atomic_read(&cs->open_count))
23396 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23399 @@ -478,7 +476,7 @@ static void if_unthrottle(struct tty_str
23401 if (!cs->connected)
23402 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
23403 - else if (!cs->open_count)
23404 + else if (!atomic_read(&cs->open_count))
23405 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23408 @@ -510,7 +508,7 @@ static void if_set_termios(struct tty_st
23412 - if (!cs->open_count) {
23413 + if (!atomic_read(&cs->open_count)) {
23414 dev_warn(cs->dev, "%s: device not opened\n", __func__);
23417 diff -urNp linux-2.6.32.1/drivers/lguest/core.c linux-2.6.32.1/drivers/lguest/core.c
23418 --- linux-2.6.32.1/drivers/lguest/core.c 2009-12-02 22:51:21.000000000 -0500
23419 +++ linux-2.6.32.1/drivers/lguest/core.c 2009-12-14 18:33:54.292924242 -0500
23420 @@ -91,9 +91,17 @@ static __init int map_switcher(void)
23421 * it's worked so far. The end address needs +1 because __get_vm_area
23422 * allocates an extra guard page, so we need space for that.
23425 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
23426 + switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
23427 + VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
23428 + + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
23430 switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
23431 VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR
23432 + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
23435 if (!switcher_vma) {
23437 printk("lguest: could not map switcher pages high\n");
23438 diff -urNp linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c
23439 --- linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c 2009-12-02 22:51:21.000000000 -0500
23440 +++ linux-2.6.32.1/drivers/macintosh/via-pmu-backlight.c 2009-12-14 18:33:54.302875688 -0500
23443 #define MAX_PMU_LEVEL 0xFF
23445 -static struct backlight_ops pmu_backlight_data;
23446 +static const struct backlight_ops pmu_backlight_data;
23447 static DEFINE_SPINLOCK(pmu_backlight_lock);
23448 static int sleeping, uses_pmu_bl;
23449 static u8 bl_curve[FB_BACKLIGHT_LEVELS];
23450 @@ -115,7 +115,7 @@ static int pmu_backlight_get_brightness(
23451 return bd->props.brightness;
23454 -static struct backlight_ops pmu_backlight_data = {
23455 +static const struct backlight_ops pmu_backlight_data = {
23456 .get_brightness = pmu_backlight_get_brightness,
23457 .update_status = pmu_backlight_update_status,
23459 diff -urNp linux-2.6.32.1/drivers/macintosh/via-pmu.c linux-2.6.32.1/drivers/macintosh/via-pmu.c
23460 --- linux-2.6.32.1/drivers/macintosh/via-pmu.c 2009-12-02 22:51:21.000000000 -0500
23461 +++ linux-2.6.32.1/drivers/macintosh/via-pmu.c 2009-12-14 18:33:54.313973800 -0500
23462 @@ -2232,7 +2232,7 @@ static int pmu_sleep_valid(suspend_state
23463 && (pmac_call_feature(PMAC_FTR_SLEEP_STATE, NULL, 0, -1) >= 0);
23466 -static struct platform_suspend_ops pmu_pm_ops = {
23467 +static const struct platform_suspend_ops pmu_pm_ops = {
23468 .enter = powerbook_sleep,
23469 .valid = pmu_sleep_valid,
23471 diff -urNp linux-2.6.32.1/drivers/md/bitmap.c linux-2.6.32.1/drivers/md/bitmap.c
23472 --- linux-2.6.32.1/drivers/md/bitmap.c 2009-12-02 22:51:21.000000000 -0500
23473 +++ linux-2.6.32.1/drivers/md/bitmap.c 2009-12-14 18:33:54.330968642 -0500
23476 # define PRINTK(x...) printk(KERN_DEBUG x)
23478 -# define PRINTK(x...)
23479 +# define PRINTK(x...) do {} while (0)
23483 diff -urNp linux-2.6.32.1/drivers/md/dm-sysfs.c linux-2.6.32.1/drivers/md/dm-sysfs.c
23484 --- linux-2.6.32.1/drivers/md/dm-sysfs.c 2009-12-02 22:51:21.000000000 -0500
23485 +++ linux-2.6.32.1/drivers/md/dm-sysfs.c 2009-12-14 18:33:54.342792361 -0500
23486 @@ -75,7 +75,7 @@ static struct attribute *dm_attrs[] = {
23490 -static struct sysfs_ops dm_sysfs_ops = {
23491 +static const struct sysfs_ops dm_sysfs_ops = {
23492 .show = dm_attr_show,
23495 diff -urNp linux-2.6.32.1/drivers/md/dm-table.c linux-2.6.32.1/drivers/md/dm-table.c
23496 --- linux-2.6.32.1/drivers/md/dm-table.c 2009-12-02 22:51:21.000000000 -0500
23497 +++ linux-2.6.32.1/drivers/md/dm-table.c 2009-12-14 18:33:54.365795777 -0500
23498 @@ -359,7 +359,7 @@ static int device_area_is_invalid(struct
23502 - if ((start >= dev_size) || (start + len > dev_size)) {
23503 + if ((start >= dev_size) || (len > dev_size - start)) {
23504 DMWARN("%s: %s too small for target: "
23505 "start=%llu, len=%llu, dev_size=%llu",
23506 dm_device_name(ti->table->md), bdevname(bdev, b),
23507 diff -urNp linux-2.6.32.1/drivers/md/md.c linux-2.6.32.1/drivers/md/md.c
23508 --- linux-2.6.32.1/drivers/md/md.c 2009-12-02 22:51:21.000000000 -0500
23509 +++ linux-2.6.32.1/drivers/md/md.c 2009-12-14 18:33:54.386883422 -0500
23510 @@ -2505,7 +2505,7 @@ static void rdev_free(struct kobject *ko
23511 mdk_rdev_t *rdev = container_of(ko, mdk_rdev_t, kobj);
23514 -static struct sysfs_ops rdev_sysfs_ops = {
23515 +static const struct sysfs_ops rdev_sysfs_ops = {
23516 .show = rdev_attr_show,
23517 .store = rdev_attr_store,
23519 @@ -3875,7 +3875,7 @@ static void md_free(struct kobject *ko)
23523 -static struct sysfs_ops md_sysfs_ops = {
23524 +static const struct sysfs_ops md_sysfs_ops = {
23525 .show = md_attr_show,
23526 .store = md_attr_store,
23528 @@ -5997,7 +5997,7 @@ static int md_seq_show(struct seq_file *
23529 chunk_kb ? "KB" : "B");
23530 if (bitmap->file) {
23531 seq_printf(seq, ", file: ");
23532 - seq_path(seq, &bitmap->file->f_path, " \t\n");
23533 + seq_path(seq, &bitmap->file->f_path, " \t\n\\");
23536 seq_printf(seq, "\n");
23537 @@ -6091,7 +6091,7 @@ static int is_mddev_idle(mddev_t *mddev,
23538 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
23539 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
23540 (int)part_stat_read(&disk->part0, sectors[1]) -
23541 - atomic_read(&disk->sync_io);
23542 + atomic_read_unchecked(&disk->sync_io);
23543 /* sync IO will cause sync_io to increase before the disk_stats
23544 * as sync_io is counted when a request starts, and
23545 * disk_stats is counted when it completes.
23546 diff -urNp linux-2.6.32.1/drivers/md/md.h linux-2.6.32.1/drivers/md/md.h
23547 --- linux-2.6.32.1/drivers/md/md.h 2009-12-02 22:51:21.000000000 -0500
23548 +++ linux-2.6.32.1/drivers/md/md.h 2009-12-14 18:33:54.388809345 -0500
23549 @@ -303,7 +303,7 @@ static inline void rdev_dec_pending(mdk_
23551 static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
23553 - atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
23554 + atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
23557 struct mdk_personality
23558 diff -urNp linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c
23559 --- linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c 2009-12-02 22:51:21.000000000 -0500
23560 +++ linux-2.6.32.1/drivers/media/dvb/dvb-core/dvbdev.c 2009-12-14 18:33:54.409940682 -0500
23561 @@ -191,6 +191,7 @@ int dvb_register_device(struct dvb_adapt
23562 const struct dvb_device *template, void *priv, int type)
23564 struct dvb_device *dvbdev;
23565 + /* cannot be const */
23566 struct file_operations *dvbdevfops;
23567 struct device *clsdev;
23569 diff -urNp linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c
23570 --- linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c 2009-12-02 22:51:21.000000000 -0500
23571 +++ linux-2.6.32.1/drivers/media/video/usbvideo/konicawc.c 2009-12-14 18:33:54.431094016 -0500
23572 @@ -225,7 +225,7 @@ static void konicawc_register_input(stru
23575 usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
23576 - strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23577 + strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23579 cam->input = input_dev = input_allocate_device();
23581 diff -urNp linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c
23582 --- linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c 2009-12-02 22:51:21.000000000 -0500
23583 +++ linux-2.6.32.1/drivers/media/video/usbvideo/quickcam_messenger.c 2009-12-14 18:33:54.442710420 -0500
23584 @@ -89,7 +89,7 @@ static void qcm_register_input(struct qc
23587 usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
23588 - strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23589 + strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
23591 cam->input = input_dev = input_allocate_device();
23593 diff -urNp linux-2.6.32.1/drivers/message/i2o/i2o_proc.c linux-2.6.32.1/drivers/message/i2o/i2o_proc.c
23594 --- linux-2.6.32.1/drivers/message/i2o/i2o_proc.c 2009-12-02 22:51:21.000000000 -0500
23595 +++ linux-2.6.32.1/drivers/message/i2o/i2o_proc.c 2009-12-14 18:33:54.453974267 -0500
23596 @@ -259,13 +259,6 @@ static char *scsi_devices[] = {
23597 "Array Controller Device"
23600 -static char *chtostr(u8 * chars, int n)
23604 - return strncat(tmp, (char *)chars, n);
23607 static int i2o_report_query_status(struct seq_file *seq, int block_status,
23610 @@ -842,8 +835,7 @@ static int i2o_seq_show_ddm_table(struct
23612 seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id);
23613 seq_printf(seq, "%-#8x", ddm_table.module_id);
23614 - seq_printf(seq, "%-29s",
23615 - chtostr(ddm_table.module_name_version, 28));
23616 + seq_printf(seq, "%-.28s", ddm_table.module_name_version);
23617 seq_printf(seq, "%9d ", ddm_table.data_size);
23618 seq_printf(seq, "%8d", ddm_table.code_size);
23620 @@ -944,8 +936,8 @@ static int i2o_seq_show_drivers_stored(s
23622 seq_printf(seq, "%-#7x", dst->i2o_vendor_id);
23623 seq_printf(seq, "%-#8x", dst->module_id);
23624 - seq_printf(seq, "%-29s", chtostr(dst->module_name_version, 28));
23625 - seq_printf(seq, "%-9s", chtostr(dst->date, 8));
23626 + seq_printf(seq, "%-.28s", dst->module_name_version);
23627 + seq_printf(seq, "%-.8s", dst->date);
23628 seq_printf(seq, "%8d ", dst->module_size);
23629 seq_printf(seq, "%8d ", dst->mpb_size);
23630 seq_printf(seq, "0x%04x", dst->module_flags);
23631 @@ -1276,14 +1268,10 @@ static int i2o_seq_show_dev_identity(str
23632 seq_printf(seq, "Device Class : %s\n", i2o_get_class_name(work16[0]));
23633 seq_printf(seq, "Owner TID : %0#5x\n", work16[2]);
23634 seq_printf(seq, "Parent TID : %0#5x\n", work16[3]);
23635 - seq_printf(seq, "Vendor info : %s\n",
23636 - chtostr((u8 *) (work32 + 2), 16));
23637 - seq_printf(seq, "Product info : %s\n",
23638 - chtostr((u8 *) (work32 + 6), 16));
23639 - seq_printf(seq, "Description : %s\n",
23640 - chtostr((u8 *) (work32 + 10), 16));
23641 - seq_printf(seq, "Product rev. : %s\n",
23642 - chtostr((u8 *) (work32 + 14), 8));
23643 + seq_printf(seq, "Vendor info : %.16s\n", (u8 *) (work32 + 2));
23644 + seq_printf(seq, "Product info : %.16s\n", (u8 *) (work32 + 6));
23645 + seq_printf(seq, "Description : %.16s\n", (u8 *) (work32 + 10));
23646 + seq_printf(seq, "Product rev. : %.8s\n", (u8 *) (work32 + 14));
23648 seq_printf(seq, "Serial number : ");
23649 print_serial_number(seq, (u8 *) (work32 + 16),
23650 @@ -1328,10 +1316,8 @@ static int i2o_seq_show_ddm_identity(str
23653 seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid);
23654 - seq_printf(seq, "Module name : %s\n",
23655 - chtostr(result.module_name, 24));
23656 - seq_printf(seq, "Module revision : %s\n",
23657 - chtostr(result.module_rev, 8));
23658 + seq_printf(seq, "Module name : %.24s\n", result.module_name);
23659 + seq_printf(seq, "Module revision : %.8s\n", result.module_rev);
23661 seq_printf(seq, "Serial number : ");
23662 print_serial_number(seq, result.serial_number, sizeof(result) - 36);
23663 @@ -1362,14 +1348,10 @@ static int i2o_seq_show_uinfo(struct seq
23667 - seq_printf(seq, "Device name : %s\n",
23668 - chtostr(result.device_name, 64));
23669 - seq_printf(seq, "Service name : %s\n",
23670 - chtostr(result.service_name, 64));
23671 - seq_printf(seq, "Physical name : %s\n",
23672 - chtostr(result.physical_location, 64));
23673 - seq_printf(seq, "Instance number : %s\n",
23674 - chtostr(result.instance_number, 4));
23675 + seq_printf(seq, "Device name : %.64s\n", result.device_name);
23676 + seq_printf(seq, "Service name : %.64s\n", result.service_name);
23677 + seq_printf(seq, "Physical name : %.64s\n", result.physical_location);
23678 + seq_printf(seq, "Instance number : %.4s\n", result.instance_number);
23682 diff -urNp linux-2.6.32.1/drivers/misc/kgdbts.c linux-2.6.32.1/drivers/misc/kgdbts.c
23683 --- linux-2.6.32.1/drivers/misc/kgdbts.c 2009-12-02 22:51:21.000000000 -0500
23684 +++ linux-2.6.32.1/drivers/misc/kgdbts.c 2009-12-14 18:33:54.463717800 -0500
23685 @@ -118,7 +118,7 @@
23687 #define MAX_CONFIG_LEN 40
23689 -static struct kgdb_io kgdbts_io_ops;
23690 +static const struct kgdb_io kgdbts_io_ops;
23691 static char get_buf[BUFMAX];
23692 static int get_buf_cnt;
23693 static char put_buf[BUFMAX];
23694 @@ -1102,7 +1102,7 @@ static void kgdbts_post_exp_handler(void
23695 module_put(THIS_MODULE);
23698 -static struct kgdb_io kgdbts_io_ops = {
23699 +static const struct kgdb_io kgdbts_io_ops = {
23701 .read_char = kgdbts_get_char,
23702 .write_char = kgdbts_put_char,
23703 diff -urNp linux-2.6.32.1/drivers/mtd/devices/doc2000.c linux-2.6.32.1/drivers/mtd/devices/doc2000.c
23704 --- linux-2.6.32.1/drivers/mtd/devices/doc2000.c 2009-12-02 22:51:21.000000000 -0500
23705 +++ linux-2.6.32.1/drivers/mtd/devices/doc2000.c 2009-12-14 18:33:54.472983018 -0500
23706 @@ -776,7 +776,7 @@ static int doc_write(struct mtd_info *mt
23708 /* The ECC will not be calculated correctly if less than 512 is written */
23710 - if (len != 0x200 && eccbuf)
23711 + if (len != 0x200)
23712 printk(KERN_WARNING
23713 "ECC needs a full sector write (adr: %lx size %lx)\n",
23714 (long) to, (long) len);
23715 diff -urNp linux-2.6.32.1/drivers/mtd/devices/doc2001.c linux-2.6.32.1/drivers/mtd/devices/doc2001.c
23716 --- linux-2.6.32.1/drivers/mtd/devices/doc2001.c 2009-12-02 22:51:21.000000000 -0500
23717 +++ linux-2.6.32.1/drivers/mtd/devices/doc2001.c 2009-12-14 18:33:54.488932859 -0500
23718 @@ -395,6 +395,8 @@ static int doc_read (struct mtd_info *mt
23719 /* Don't allow read past end of device */
23720 if (from >= this->totlen)
23725 /* Don't allow a single read to cross a 512-byte block boundary */
23726 if (from + len > ((from | 0x1ff) + 1))
23727 diff -urNp linux-2.6.32.1/drivers/mtd/ubi/build.c linux-2.6.32.1/drivers/mtd/ubi/build.c
23728 --- linux-2.6.32.1/drivers/mtd/ubi/build.c 2009-12-02 22:51:21.000000000 -0500
23729 +++ linux-2.6.32.1/drivers/mtd/ubi/build.c 2009-12-14 18:33:54.535765236 -0500
23730 @@ -1255,7 +1255,7 @@ module_exit(ubi_exit);
23731 static int __init bytes_str_to_int(const char *str)
23734 - unsigned long result;
23735 + unsigned long result, scale = 1;
23737 result = simple_strtoul(str, &endp, 0);
23738 if (str == endp || result >= INT_MAX) {
23739 @@ -1266,11 +1266,11 @@ static int __init bytes_str_to_int(const
23751 if (endp[1] == 'i' && endp[2] == 'B')
23754 @@ -1281,7 +1281,13 @@ static int __init bytes_str_to_int(const
23759 + if ((intoverflow_t)result*scale >= INT_MAX) {
23760 + printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
23765 + return result*scale;
23769 diff -urNp linux-2.6.32.1/drivers/net/e1000e/82571.c linux-2.6.32.1/drivers/net/e1000e/82571.c
23770 --- linux-2.6.32.1/drivers/net/e1000e/82571.c 2009-12-02 22:51:21.000000000 -0500
23771 +++ linux-2.6.32.1/drivers/net/e1000e/82571.c 2009-12-14 18:33:54.554992954 -0500
23772 @@ -212,6 +212,7 @@ static s32 e1000_init_mac_params_82571(s
23774 struct e1000_hw *hw = &adapter->hw;
23775 struct e1000_mac_info *mac = &hw->mac;
23776 + /* cannot be const */
23777 struct e1000_mac_operations *func = &mac->ops;
23780 @@ -1656,7 +1657,7 @@ static void e1000_clear_hw_cntrs_82571(s
23781 temp = er32(ICRXDMTC);
23784 -static struct e1000_mac_operations e82571_mac_ops = {
23785 +static const struct e1000_mac_operations e82571_mac_ops = {
23786 /* .check_mng_mode: mac type dependent */
23787 /* .check_for_link: media type dependent */
23788 .id_led_init = e1000e_id_led_init,
23789 @@ -1674,7 +1675,7 @@ static struct e1000_mac_operations e8257
23790 .setup_led = e1000e_setup_led_generic,
23793 -static struct e1000_phy_operations e82_phy_ops_igp = {
23794 +static const struct e1000_phy_operations e82_phy_ops_igp = {
23795 .acquire_phy = e1000_get_hw_semaphore_82571,
23796 .check_reset_block = e1000e_check_reset_block_generic,
23797 .commit_phy = NULL,
23798 @@ -1691,7 +1692,7 @@ static struct e1000_phy_operations e82_p
23799 .cfg_on_link_up = NULL,
23802 -static struct e1000_phy_operations e82_phy_ops_m88 = {
23803 +static const struct e1000_phy_operations e82_phy_ops_m88 = {
23804 .acquire_phy = e1000_get_hw_semaphore_82571,
23805 .check_reset_block = e1000e_check_reset_block_generic,
23806 .commit_phy = e1000e_phy_sw_reset,
23807 @@ -1708,7 +1709,7 @@ static struct e1000_phy_operations e82_p
23808 .cfg_on_link_up = NULL,
23811 -static struct e1000_phy_operations e82_phy_ops_bm = {
23812 +static const struct e1000_phy_operations e82_phy_ops_bm = {
23813 .acquire_phy = e1000_get_hw_semaphore_82571,
23814 .check_reset_block = e1000e_check_reset_block_generic,
23815 .commit_phy = e1000e_phy_sw_reset,
23816 @@ -1725,7 +1726,7 @@ static struct e1000_phy_operations e82_p
23817 .cfg_on_link_up = NULL,
23820 -static struct e1000_nvm_operations e82571_nvm_ops = {
23821 +static const struct e1000_nvm_operations e82571_nvm_ops = {
23822 .acquire_nvm = e1000_acquire_nvm_82571,
23823 .read_nvm = e1000e_read_nvm_eerd,
23824 .release_nvm = e1000_release_nvm_82571,
23825 diff -urNp linux-2.6.32.1/drivers/net/e1000e/e1000.h linux-2.6.32.1/drivers/net/e1000e/e1000.h
23826 --- linux-2.6.32.1/drivers/net/e1000e/e1000.h 2009-12-02 22:51:21.000000000 -0500
23827 +++ linux-2.6.32.1/drivers/net/e1000e/e1000.h 2009-12-14 18:33:54.558819487 -0500
23828 @@ -375,9 +375,9 @@ struct e1000_info {
23830 u32 max_hw_frame_size;
23831 s32 (*get_variants)(struct e1000_adapter *);
23832 - struct e1000_mac_operations *mac_ops;
23833 - struct e1000_phy_operations *phy_ops;
23834 - struct e1000_nvm_operations *nvm_ops;
23835 + const struct e1000_mac_operations *mac_ops;
23836 + const struct e1000_phy_operations *phy_ops;
23837 + const struct e1000_nvm_operations *nvm_ops;
23840 /* hardware capability, feature, and workaround flags */
23841 diff -urNp linux-2.6.32.1/drivers/net/e1000e/es2lan.c linux-2.6.32.1/drivers/net/e1000e/es2lan.c
23842 --- linux-2.6.32.1/drivers/net/e1000e/es2lan.c 2009-12-02 22:51:21.000000000 -0500
23843 +++ linux-2.6.32.1/drivers/net/e1000e/es2lan.c 2009-12-14 18:33:54.568711876 -0500
23844 @@ -207,6 +207,7 @@ static s32 e1000_init_mac_params_80003es
23846 struct e1000_hw *hw = &adapter->hw;
23847 struct e1000_mac_info *mac = &hw->mac;
23848 + /* cannot be const */
23849 struct e1000_mac_operations *func = &mac->ops;
23851 /* Set media type */
23852 @@ -1365,7 +1366,7 @@ static void e1000_clear_hw_cntrs_80003es
23853 temp = er32(ICRXDMTC);
23856 -static struct e1000_mac_operations es2_mac_ops = {
23857 +static const struct e1000_mac_operations es2_mac_ops = {
23858 .id_led_init = e1000e_id_led_init,
23859 .check_mng_mode = e1000e_check_mng_mode_generic,
23860 /* check_for_link dependent on media type */
23861 @@ -1383,7 +1384,7 @@ static struct e1000_mac_operations es2_m
23862 .setup_led = e1000e_setup_led_generic,
23865 -static struct e1000_phy_operations es2_phy_ops = {
23866 +static const struct e1000_phy_operations es2_phy_ops = {
23867 .acquire_phy = e1000_acquire_phy_80003es2lan,
23868 .check_reset_block = e1000e_check_reset_block_generic,
23869 .commit_phy = e1000e_phy_sw_reset,
23870 @@ -1400,7 +1401,7 @@ static struct e1000_phy_operations es2_p
23871 .cfg_on_link_up = e1000_cfg_on_link_up_80003es2lan,
23874 -static struct e1000_nvm_operations es2_nvm_ops = {
23875 +static const struct e1000_nvm_operations es2_nvm_ops = {
23876 .acquire_nvm = e1000_acquire_nvm_80003es2lan,
23877 .read_nvm = e1000e_read_nvm_eerd,
23878 .release_nvm = e1000_release_nvm_80003es2lan,
23879 diff -urNp linux-2.6.32.1/drivers/net/e1000e/hw.h linux-2.6.32.1/drivers/net/e1000e/hw.h
23880 --- linux-2.6.32.1/drivers/net/e1000e/hw.h 2009-12-02 22:51:21.000000000 -0500
23881 +++ linux-2.6.32.1/drivers/net/e1000e/hw.h 2009-12-14 18:33:54.574854371 -0500
23882 @@ -755,34 +755,34 @@ struct e1000_mac_operations {
23884 /* Function pointers for the PHY. */
23885 struct e1000_phy_operations {
23886 - s32 (*acquire_phy)(struct e1000_hw *);
23887 - s32 (*check_polarity)(struct e1000_hw *);
23888 - s32 (*check_reset_block)(struct e1000_hw *);
23889 - s32 (*commit_phy)(struct e1000_hw *);
23890 - s32 (*force_speed_duplex)(struct e1000_hw *);
23891 - s32 (*get_cfg_done)(struct e1000_hw *hw);
23892 - s32 (*get_cable_length)(struct e1000_hw *);
23893 - s32 (*get_phy_info)(struct e1000_hw *);
23894 - s32 (*read_phy_reg)(struct e1000_hw *, u32, u16 *);
23895 - s32 (*read_phy_reg_locked)(struct e1000_hw *, u32, u16 *);
23896 - void (*release_phy)(struct e1000_hw *);
23897 - s32 (*reset_phy)(struct e1000_hw *);
23898 - s32 (*set_d0_lplu_state)(struct e1000_hw *, bool);
23899 - s32 (*set_d3_lplu_state)(struct e1000_hw *, bool);
23900 - s32 (*write_phy_reg)(struct e1000_hw *, u32, u16);
23901 - s32 (*write_phy_reg_locked)(struct e1000_hw *, u32, u16);
23902 - s32 (*cfg_on_link_up)(struct e1000_hw *);
23903 + s32 (* acquire_phy)(struct e1000_hw *);
23904 + s32 (* check_polarity)(struct e1000_hw *);
23905 + s32 (* check_reset_block)(struct e1000_hw *);
23906 + s32 (* commit_phy)(struct e1000_hw *);
23907 + s32 (* force_speed_duplex)(struct e1000_hw *);
23908 + s32 (* get_cfg_done)(struct e1000_hw *hw);
23909 + s32 (* get_cable_length)(struct e1000_hw *);
23910 + s32 (* get_phy_info)(struct e1000_hw *);
23911 + s32 (* read_phy_reg)(struct e1000_hw *, u32, u16 *);
23912 + s32 (* read_phy_reg_locked)(struct e1000_hw *, u32, u16 *);
23913 + void (* release_phy)(struct e1000_hw *);
23914 + s32 (* reset_phy)(struct e1000_hw *);
23915 + s32 (* set_d0_lplu_state)(struct e1000_hw *, bool);
23916 + s32 (* set_d3_lplu_state)(struct e1000_hw *, bool);
23917 + s32 (* write_phy_reg)(struct e1000_hw *, u32, u16);
23918 + s32 (* write_phy_reg_locked)(struct e1000_hw *, u32, u16);
23919 + s32 (* cfg_on_link_up)(struct e1000_hw *);
23922 /* Function pointers for the NVM. */
23923 struct e1000_nvm_operations {
23924 - s32 (*acquire_nvm)(struct e1000_hw *);
23925 - s32 (*read_nvm)(struct e1000_hw *, u16, u16, u16 *);
23926 - void (*release_nvm)(struct e1000_hw *);
23927 - s32 (*update_nvm)(struct e1000_hw *);
23928 - s32 (*valid_led_default)(struct e1000_hw *, u16 *);
23929 - s32 (*validate_nvm)(struct e1000_hw *);
23930 - s32 (*write_nvm)(struct e1000_hw *, u16, u16, u16 *);
23931 + s32 (* const acquire_nvm)(struct e1000_hw *);
23932 + s32 (* const read_nvm)(struct e1000_hw *, u16, u16, u16 *);
23933 + void (* const release_nvm)(struct e1000_hw *);
23934 + s32 (* const update_nvm)(struct e1000_hw *);
23935 + s32 (* const valid_led_default)(struct e1000_hw *, u16 *);
23936 + s32 (* const validate_nvm)(struct e1000_hw *);
23937 + s32 (* const write_nvm)(struct e1000_hw *, u16, u16, u16 *);
23940 struct e1000_mac_info {
23941 @@ -856,7 +856,7 @@ struct e1000_phy_info {
23944 struct e1000_nvm_info {
23945 - struct e1000_nvm_operations ops;
23946 + const struct e1000_nvm_operations ops;
23948 enum e1000_nvm_type type;
23949 enum e1000_nvm_override override;
23950 diff -urNp linux-2.6.32.1/drivers/net/e1000e/ich8lan.c linux-2.6.32.1/drivers/net/e1000e/ich8lan.c
23951 --- linux-2.6.32.1/drivers/net/e1000e/ich8lan.c 2009-12-02 22:51:21.000000000 -0500
23952 +++ linux-2.6.32.1/drivers/net/e1000e/ich8lan.c 2009-12-14 18:33:54.613837127 -0500
23953 @@ -3451,7 +3451,7 @@ static void e1000_clear_hw_cntrs_ich8lan
23957 -static struct e1000_mac_operations ich8_mac_ops = {
23958 +static const struct e1000_mac_operations ich8_mac_ops = {
23959 .id_led_init = e1000e_id_led_init,
23960 .check_mng_mode = e1000_check_mng_mode_ich8lan,
23961 .check_for_link = e1000_check_for_copper_link_ich8lan,
23962 @@ -3469,7 +3469,7 @@ static struct e1000_mac_operations ich8_
23963 /* id_led_init dependent on mac type */
23966 -static struct e1000_phy_operations ich8_phy_ops = {
23967 +static const struct e1000_phy_operations ich8_phy_ops = {
23968 .acquire_phy = e1000_acquire_swflag_ich8lan,
23969 .check_reset_block = e1000_check_reset_block_ich8lan,
23970 .commit_phy = NULL,
23971 @@ -3485,7 +3485,7 @@ static struct e1000_phy_operations ich8_
23972 .write_phy_reg = e1000e_write_phy_reg_igp,
23975 -static struct e1000_nvm_operations ich8_nvm_ops = {
23976 +static const struct e1000_nvm_operations ich8_nvm_ops = {
23977 .acquire_nvm = e1000_acquire_nvm_ich8lan,
23978 .read_nvm = e1000_read_nvm_ich8lan,
23979 .release_nvm = e1000_release_nvm_ich8lan,
23980 diff -urNp linux-2.6.32.1/drivers/net/ibmveth.c linux-2.6.32.1/drivers/net/ibmveth.c
23981 --- linux-2.6.32.1/drivers/net/ibmveth.c 2009-12-02 22:51:21.000000000 -0500
23982 +++ linux-2.6.32.1/drivers/net/ibmveth.c 2009-12-14 18:33:54.635712840 -0500
23983 @@ -1577,7 +1577,7 @@ static struct attribute * veth_pool_attr
23987 -static struct sysfs_ops veth_pool_ops = {
23988 +static const struct sysfs_ops veth_pool_ops = {
23989 .show = veth_pool_show,
23990 .store = veth_pool_store,
23992 diff -urNp linux-2.6.32.1/drivers/net/igb/e1000_82575.c linux-2.6.32.1/drivers/net/igb/e1000_82575.c
23993 --- linux-2.6.32.1/drivers/net/igb/e1000_82575.c 2009-12-02 22:51:21.000000000 -0500
23994 +++ linux-2.6.32.1/drivers/net/igb/e1000_82575.c 2009-12-14 18:33:54.645995272 -0500
23995 @@ -1400,7 +1400,7 @@ void igb_vmdq_set_replication_pf(struct
23996 wr32(E1000_VT_CTL, vt_ctl);
23999 -static struct e1000_mac_operations e1000_mac_ops_82575 = {
24000 +static const struct e1000_mac_operations e1000_mac_ops_82575 = {
24001 .reset_hw = igb_reset_hw_82575,
24002 .init_hw = igb_init_hw_82575,
24003 .check_for_link = igb_check_for_link_82575,
24004 @@ -1409,13 +1409,13 @@ static struct e1000_mac_operations e1000
24005 .get_speed_and_duplex = igb_get_speed_and_duplex_copper,
24008 -static struct e1000_phy_operations e1000_phy_ops_82575 = {
24009 +static const struct e1000_phy_operations e1000_phy_ops_82575 = {
24010 .acquire = igb_acquire_phy_82575,
24011 .get_cfg_done = igb_get_cfg_done_82575,
24012 .release = igb_release_phy_82575,
24015 -static struct e1000_nvm_operations e1000_nvm_ops_82575 = {
24016 +static const struct e1000_nvm_operations e1000_nvm_ops_82575 = {
24017 .acquire = igb_acquire_nvm_82575,
24018 .read = igb_read_nvm_eerd,
24019 .release = igb_release_nvm_82575,
24020 diff -urNp linux-2.6.32.1/drivers/net/igb/e1000_hw.h linux-2.6.32.1/drivers/net/igb/e1000_hw.h
24021 --- linux-2.6.32.1/drivers/net/igb/e1000_hw.h 2009-12-02 22:51:21.000000000 -0500
24022 +++ linux-2.6.32.1/drivers/net/igb/e1000_hw.h 2009-12-14 18:33:54.647922615 -0500
24023 @@ -302,17 +302,17 @@ struct e1000_phy_operations {
24026 struct e1000_nvm_operations {
24027 - s32 (*acquire)(struct e1000_hw *);
24028 - s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
24029 - void (*release)(struct e1000_hw *);
24030 - s32 (*write)(struct e1000_hw *, u16, u16, u16 *);
24031 + s32 (* const acquire)(struct e1000_hw *);
24032 + s32 (* const read)(struct e1000_hw *, u16, u16, u16 *);
24033 + void (* const release)(struct e1000_hw *);
24034 + s32 (* const write)(struct e1000_hw *, u16, u16, u16 *);
24037 struct e1000_info {
24038 s32 (*get_invariants)(struct e1000_hw *);
24039 - struct e1000_mac_operations *mac_ops;
24040 - struct e1000_phy_operations *phy_ops;
24041 - struct e1000_nvm_operations *nvm_ops;
24042 + const struct e1000_mac_operations *mac_ops;
24043 + const struct e1000_phy_operations *phy_ops;
24044 + const struct e1000_nvm_operations *nvm_ops;
24047 extern const struct e1000_info e1000_82575_info;
24048 @@ -397,7 +397,7 @@ struct e1000_phy_info {
24051 struct e1000_nvm_info {
24052 - struct e1000_nvm_operations ops;
24053 + const struct e1000_nvm_operations ops;
24055 enum e1000_nvm_type type;
24056 enum e1000_nvm_override override;
24057 diff -urNp linux-2.6.32.1/drivers/net/irda/vlsi_ir.c linux-2.6.32.1/drivers/net/irda/vlsi_ir.c
24058 --- linux-2.6.32.1/drivers/net/irda/vlsi_ir.c 2009-12-02 22:51:21.000000000 -0500
24059 +++ linux-2.6.32.1/drivers/net/irda/vlsi_ir.c 2009-12-14 18:33:54.675752420 -0500
24060 @@ -907,13 +907,12 @@ static netdev_tx_t vlsi_hard_start_xmit(
24061 /* no race - tx-ring already empty */
24062 vlsi_set_baud(idev, iobase);
24063 netif_wake_queue(ndev);
24068 /* keep the speed change pending like it would
24069 * for any len>0 packet. tx completion interrupt
24070 * will apply it when the tx ring becomes empty.
24073 spin_unlock_irqrestore(&idev->lock, flags);
24074 dev_kfree_skb_any(skb);
24075 return NETDEV_TX_OK;
24076 diff -urNp linux-2.6.32.1/drivers/net/iseries_veth.c linux-2.6.32.1/drivers/net/iseries_veth.c
24077 --- linux-2.6.32.1/drivers/net/iseries_veth.c 2009-12-02 22:51:21.000000000 -0500
24078 +++ linux-2.6.32.1/drivers/net/iseries_veth.c 2009-12-14 18:33:54.725001471 -0500
24079 @@ -384,7 +384,7 @@ static struct attribute *veth_cnx_defaul
24083 -static struct sysfs_ops veth_cnx_sysfs_ops = {
24084 +static const struct sysfs_ops veth_cnx_sysfs_ops = {
24085 .show = veth_cnx_attribute_show
24088 @@ -441,7 +441,7 @@ static struct attribute *veth_port_defau
24092 -static struct sysfs_ops veth_port_sysfs_ops = {
24093 +static const struct sysfs_ops veth_port_sysfs_ops = {
24094 .show = veth_port_attribute_show
24097 diff -urNp linux-2.6.32.1/drivers/net/pcnet32.c linux-2.6.32.1/drivers/net/pcnet32.c
24098 --- linux-2.6.32.1/drivers/net/pcnet32.c 2009-12-02 22:51:21.000000000 -0500
24099 +++ linux-2.6.32.1/drivers/net/pcnet32.c 2009-12-14 18:33:54.740854853 -0500
24100 @@ -79,7 +79,7 @@ static int cards_found;
24102 * VLB I/O addresses
24104 -static unsigned int pcnet32_portlist[] __initdata =
24105 +static unsigned int pcnet32_portlist[] __devinitdata =
24106 { 0x300, 0x320, 0x340, 0x360, 0 };
24108 static int pcnet32_debug = 0;
24109 diff -urNp linux-2.6.32.1/drivers/net/tg3.h linux-2.6.32.1/drivers/net/tg3.h
24110 --- linux-2.6.32.1/drivers/net/tg3.h 2009-12-02 22:51:21.000000000 -0500
24111 +++ linux-2.6.32.1/drivers/net/tg3.h 2009-12-14 18:33:54.763788650 -0500
24113 #define CHIPREV_ID_5750_A0 0x4000
24114 #define CHIPREV_ID_5750_A1 0x4001
24115 #define CHIPREV_ID_5750_A3 0x4003
24116 +#define CHIPREV_ID_5750_C1 0x4201
24117 #define CHIPREV_ID_5750_C2 0x4202
24118 #define CHIPREV_ID_5752_A0_HW 0x5000
24119 #define CHIPREV_ID_5752_A0 0x6000
24120 diff -urNp linux-2.6.32.1/drivers/net/usb/hso.c linux-2.6.32.1/drivers/net/usb/hso.c
24121 --- linux-2.6.32.1/drivers/net/usb/hso.c 2009-12-02 22:51:21.000000000 -0500
24122 +++ linux-2.6.32.1/drivers/net/usb/hso.c 2009-12-14 18:33:54.775796419 -0500
24123 @@ -258,7 +258,7 @@ struct hso_serial {
24125 /* from usb_serial_port */
24126 struct tty_struct *tty;
24128 + atomic_t open_count;
24129 spinlock_t serial_lock;
24131 int (*write_data) (struct hso_serial *serial);
24132 @@ -1180,7 +1180,7 @@ static void put_rxbuf_data_and_resubmit_
24135 urb = serial->rx_urb[0];
24136 - if (serial->open_count > 0) {
24137 + if (atomic_read(&serial->open_count) > 0) {
24138 count = put_rxbuf_data(urb, serial);
24141 @@ -1216,7 +1216,7 @@ static void hso_std_serial_read_bulk_cal
24142 DUMP1(urb->transfer_buffer, urb->actual_length);
24144 /* Anyone listening? */
24145 - if (serial->open_count == 0)
24146 + if (atomic_read(&serial->open_count) == 0)
24150 @@ -1311,8 +1311,7 @@ static int hso_serial_open(struct tty_st
24151 spin_unlock_irq(&serial->serial_lock);
24153 /* check for port already opened, if not set the termios */
24154 - serial->open_count++;
24155 - if (serial->open_count == 1) {
24156 + if (atomic_inc_return(&serial->open_count) == 1) {
24157 tty->low_latency = 1;
24158 serial->rx_state = RX_IDLE;
24159 /* Force default termio settings */
24160 @@ -1325,7 +1324,7 @@ static int hso_serial_open(struct tty_st
24161 result = hso_start_serial_device(serial->parent, GFP_KERNEL);
24163 hso_stop_serial_device(serial->parent);
24164 - serial->open_count--;
24165 + atomic_dec(&serial->open_count);
24166 kref_put(&serial->parent->ref, hso_serial_ref_free);
24169 @@ -1362,10 +1361,10 @@ static void hso_serial_close(struct tty_
24171 /* reset the rts and dtr */
24172 /* do the actual close */
24173 - serial->open_count--;
24174 + atomic_dec(&serial->open_count);
24176 - if (serial->open_count <= 0) {
24177 - serial->open_count = 0;
24178 + if (atomic_read(&serial->open_count) <= 0) {
24179 + atomic_set(&serial->open_count, 0);
24180 spin_lock_irq(&serial->serial_lock);
24181 if (serial->tty == tty) {
24182 serial->tty->driver_data = NULL;
24183 @@ -1447,7 +1446,7 @@ static void hso_serial_set_termios(struc
24185 /* the actual setup */
24186 spin_lock_irqsave(&serial->serial_lock, flags);
24187 - if (serial->open_count)
24188 + if (atomic_read(&serial->open_count))
24189 _hso_serial_set_termios(tty, old);
24191 tty->termios = old;
24192 @@ -3095,7 +3094,7 @@ static int hso_resume(struct usb_interfa
24193 /* Start all serial ports */
24194 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
24195 if (serial_table[i] && (serial_table[i]->interface == iface)) {
24196 - if (dev2ser(serial_table[i])->open_count) {
24197 + if (atomic_read(&dev2ser(serial_table[i])->open_count)) {
24199 hso_start_serial_device(serial_table[i], GFP_NOIO);
24200 hso_kick_transmit(dev2ser(serial_table[i]));
24201 diff -urNp linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c
24202 --- linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c 2009-12-02 22:51:21.000000000 -0500
24203 +++ linux-2.6.32.1/drivers/net/wireless/b43/debugfs.c 2009-12-14 18:33:54.787830196 -0500
24204 @@ -43,7 +43,7 @@ static struct dentry *rootdir;
24205 struct b43_debugfs_fops {
24206 ssize_t (*read)(struct b43_wldev *dev, char *buf, size_t bufsize);
24207 int (*write)(struct b43_wldev *dev, const char *buf, size_t count);
24208 - struct file_operations fops;
24209 + const struct file_operations fops;
24210 /* Offset of struct b43_dfs_file in struct b43_dfsentry */
24211 size_t file_struct_offset;
24213 diff -urNp linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c
24214 --- linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c 2009-12-02 22:51:21.000000000 -0500
24215 +++ linux-2.6.32.1/drivers/net/wireless/b43legacy/debugfs.c 2009-12-14 18:33:54.798021293 -0500
24216 @@ -44,7 +44,7 @@ static struct dentry *rootdir;
24217 struct b43legacy_debugfs_fops {
24218 ssize_t (*read)(struct b43legacy_wldev *dev, char *buf, size_t bufsize);
24219 int (*write)(struct b43legacy_wldev *dev, const char *buf, size_t count);
24220 - struct file_operations fops;
24221 + const struct file_operations fops;
24222 /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */
24223 size_t file_struct_offset;
24224 /* Take wl->irq_lock before calling read/write? */
24225 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c
24226 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c 2009-12-02 22:51:21.000000000 -0500
24227 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-1000.c 2009-12-14 18:33:54.803959723 -0500
24228 @@ -137,7 +137,7 @@ static struct iwl_lib_ops iwl1000_lib =
24232 -static struct iwl_ops iwl1000_ops = {
24233 +static const struct iwl_ops iwl1000_ops = {
24234 .ucode = &iwl5000_ucode,
24235 .lib = &iwl1000_lib,
24236 .hcmd = &iwl5000_hcmd,
24237 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c
24238 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c 2009-12-02 22:51:21.000000000 -0500
24239 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-3945.c 2009-12-14 18:33:54.847028145 -0500
24240 @@ -2876,7 +2876,7 @@ static struct iwl_hcmd_utils_ops iwl3945
24241 .build_addsta_hcmd = iwl3945_build_addsta_hcmd,
24244 -static struct iwl_ops iwl3945_ops = {
24245 +static const struct iwl_ops iwl3945_ops = {
24246 .ucode = &iwl3945_ucode,
24247 .lib = &iwl3945_lib,
24248 .hcmd = &iwl3945_hcmd,
24249 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c
24250 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c 2009-12-02 22:51:21.000000000 -0500
24251 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-4965.c 2009-12-14 18:33:54.862730732 -0500
24252 @@ -2335,7 +2335,7 @@ static struct iwl_lib_ops iwl4965_lib =
24256 -static struct iwl_ops iwl4965_ops = {
24257 +static const struct iwl_ops iwl4965_ops = {
24258 .ucode = &iwl4965_ucode,
24259 .lib = &iwl4965_lib,
24260 .hcmd = &iwl4965_hcmd,
24261 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c
24262 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c 2009-12-02 22:51:21.000000000 -0500
24263 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-5000.c 2009-12-14 18:33:54.876020816 -0500
24264 @@ -1627,14 +1627,14 @@ static struct iwl_lib_ops iwl5150_lib =
24268 -struct iwl_ops iwl5000_ops = {
24269 +const struct iwl_ops iwl5000_ops = {
24270 .ucode = &iwl5000_ucode,
24271 .lib = &iwl5000_lib,
24272 .hcmd = &iwl5000_hcmd,
24273 .utils = &iwl5000_hcmd_utils,
24276 -static struct iwl_ops iwl5150_ops = {
24277 +static const struct iwl_ops iwl5150_ops = {
24278 .ucode = &iwl5000_ucode,
24279 .lib = &iwl5150_lib,
24280 .hcmd = &iwl5000_hcmd,
24281 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c
24282 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c 2009-12-02 22:51:21.000000000 -0500
24283 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-6000.c 2009-12-14 18:33:54.906800344 -0500
24284 @@ -146,7 +146,7 @@ static struct iwl_hcmd_utils_ops iwl6000
24285 .calc_rssi = iwl5000_calc_rssi,
24288 -static struct iwl_ops iwl6000_ops = {
24289 +static const struct iwl_ops iwl6000_ops = {
24290 .ucode = &iwl5000_ucode,
24291 .lib = &iwl6000_lib,
24292 .hcmd = &iwl5000_hcmd,
24293 diff -urNp linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h
24294 --- linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h 2009-12-02 22:51:21.000000000 -0500
24295 +++ linux-2.6.32.1/drivers/net/wireless/iwlwifi/iwl-dev.h 2009-12-14 18:33:55.011809667 -0500
24296 @@ -67,7 +67,7 @@ struct iwl_tx_queue;
24298 /* shared structures from iwl-5000.c */
24299 extern struct iwl_mod_params iwl50_mod_params;
24300 -extern struct iwl_ops iwl5000_ops;
24301 +extern const struct iwl_ops iwl5000_ops;
24302 extern struct iwl_ucode_ops iwl5000_ucode;
24303 extern struct iwl_lib_ops iwl5000_lib;
24304 extern struct iwl_hcmd_ops iwl5000_hcmd;
24305 diff -urNp linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c
24306 --- linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c 2009-12-02 22:51:21.000000000 -0500
24307 +++ linux-2.6.32.1/drivers/net/wireless/libertas/debugfs.c 2009-12-14 18:33:55.023739193 -0500
24308 @@ -708,7 +708,7 @@ out_unlock:
24309 struct lbs_debugfs_files {
24312 - struct file_operations fops;
24313 + const struct file_operations fops;
24316 static const struct lbs_debugfs_files debugfs_files[] = {
24317 diff -urNp linux-2.6.32.1/drivers/oprofile/buffer_sync.c linux-2.6.32.1/drivers/oprofile/buffer_sync.c
24318 --- linux-2.6.32.1/drivers/oprofile/buffer_sync.c 2009-12-02 22:51:21.000000000 -0500
24319 +++ linux-2.6.32.1/drivers/oprofile/buffer_sync.c 2009-12-14 18:33:55.029055185 -0500
24320 @@ -340,7 +340,7 @@ static void add_data(struct op_entry *en
24321 if (cookie == NO_COOKIE)
24323 if (cookie == INVALID_COOKIE) {
24324 - atomic_inc(&oprofile_stats.sample_lost_no_mapping);
24325 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
24328 if (cookie != last_cookie) {
24329 @@ -384,14 +384,14 @@ add_sample(struct mm_struct *mm, struct
24330 /* add userspace sample */
24333 - atomic_inc(&oprofile_stats.sample_lost_no_mm);
24334 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm);
24338 cookie = lookup_dcookie(mm, s->eip, &offset);
24340 if (cookie == INVALID_COOKIE) {
24341 - atomic_inc(&oprofile_stats.sample_lost_no_mapping);
24342 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
24346 @@ -560,7 +560,7 @@ void sync_buffer(int cpu)
24347 /* ignore backtraces if failed to add a sample */
24348 if (state == sb_bt_start) {
24349 state = sb_bt_ignore;
24350 - atomic_inc(&oprofile_stats.bt_lost_no_mapping);
24351 + atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping);
24355 diff -urNp linux-2.6.32.1/drivers/oprofile/event_buffer.c linux-2.6.32.1/drivers/oprofile/event_buffer.c
24356 --- linux-2.6.32.1/drivers/oprofile/event_buffer.c 2009-12-02 22:51:21.000000000 -0500
24357 +++ linux-2.6.32.1/drivers/oprofile/event_buffer.c 2009-12-14 18:33:55.032768369 -0500
24358 @@ -53,7 +53,7 @@ void add_event_entry(unsigned long value
24361 if (buffer_pos == buffer_size) {
24362 - atomic_inc(&oprofile_stats.event_lost_overflow);
24363 + atomic_inc_unchecked(&oprofile_stats.event_lost_overflow);
24367 diff -urNp linux-2.6.32.1/drivers/oprofile/oprof.c linux-2.6.32.1/drivers/oprofile/oprof.c
24368 --- linux-2.6.32.1/drivers/oprofile/oprof.c 2009-12-02 22:51:21.000000000 -0500
24369 +++ linux-2.6.32.1/drivers/oprofile/oprof.c 2009-12-14 18:33:55.035044562 -0500
24370 @@ -110,7 +110,7 @@ static void switch_worker(struct work_st
24371 if (oprofile_ops.switch_events())
24374 - atomic_inc(&oprofile_stats.multiplex_counter);
24375 + atomic_inc_unchecked(&oprofile_stats.multiplex_counter);
24376 start_switch_worker();
24379 diff -urNp linux-2.6.32.1/drivers/oprofile/oprofilefs.c linux-2.6.32.1/drivers/oprofile/oprofilefs.c
24380 --- linux-2.6.32.1/drivers/oprofile/oprofilefs.c 2009-12-02 22:51:21.000000000 -0500
24381 +++ linux-2.6.32.1/drivers/oprofile/oprofilefs.c 2009-12-14 18:33:55.035853152 -0500
24382 @@ -187,7 +187,7 @@ static const struct file_operations atom
24385 int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
24386 - char const *name, atomic_t *val)
24387 + char const *name, atomic_unchecked_t *val)
24389 struct dentry *d = __oprofilefs_create_file(sb, root, name,
24390 &atomic_ro_fops, 0444);
24391 diff -urNp linux-2.6.32.1/drivers/oprofile/oprofile_stats.c linux-2.6.32.1/drivers/oprofile/oprofile_stats.c
24392 --- linux-2.6.32.1/drivers/oprofile/oprofile_stats.c 2009-12-02 22:51:21.000000000 -0500
24393 +++ linux-2.6.32.1/drivers/oprofile/oprofile_stats.c 2009-12-14 18:33:55.037978961 -0500
24394 @@ -30,11 +30,11 @@ void oprofile_reset_stats(void)
24395 cpu_buf->sample_invalid_eip = 0;
24398 - atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
24399 - atomic_set(&oprofile_stats.sample_lost_no_mapping, 0);
24400 - atomic_set(&oprofile_stats.event_lost_overflow, 0);
24401 - atomic_set(&oprofile_stats.bt_lost_no_mapping, 0);
24402 - atomic_set(&oprofile_stats.multiplex_counter, 0);
24403 + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mm, 0);
24404 + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mapping, 0);
24405 + atomic_set_unchecked(&oprofile_stats.event_lost_overflow, 0);
24406 + atomic_set_unchecked(&oprofile_stats.bt_lost_no_mapping, 0);
24407 + atomic_set_unchecked(&oprofile_stats.multiplex_counter, 0);
24411 diff -urNp linux-2.6.32.1/drivers/oprofile/oprofile_stats.h linux-2.6.32.1/drivers/oprofile/oprofile_stats.h
24412 --- linux-2.6.32.1/drivers/oprofile/oprofile_stats.h 2009-12-02 22:51:21.000000000 -0500
24413 +++ linux-2.6.32.1/drivers/oprofile/oprofile_stats.h 2009-12-14 18:33:55.142844045 -0500
24414 @@ -13,11 +13,11 @@
24415 #include <asm/atomic.h>
24417 struct oprofile_stat_struct {
24418 - atomic_t sample_lost_no_mm;
24419 - atomic_t sample_lost_no_mapping;
24420 - atomic_t bt_lost_no_mapping;
24421 - atomic_t event_lost_overflow;
24422 - atomic_t multiplex_counter;
24423 + atomic_unchecked_t sample_lost_no_mm;
24424 + atomic_unchecked_t sample_lost_no_mapping;
24425 + atomic_unchecked_t bt_lost_no_mapping;
24426 + atomic_unchecked_t event_lost_overflow;
24427 + atomic_unchecked_t multiplex_counter;
24430 extern struct oprofile_stat_struct oprofile_stats;
24431 diff -urNp linux-2.6.32.1/drivers/parisc/pdc_stable.c linux-2.6.32.1/drivers/parisc/pdc_stable.c
24432 --- linux-2.6.32.1/drivers/parisc/pdc_stable.c 2009-12-02 22:51:21.000000000 -0500
24433 +++ linux-2.6.32.1/drivers/parisc/pdc_stable.c 2009-12-14 18:33:55.266828951 -0500
24434 @@ -481,7 +481,7 @@ pdcspath_attr_store(struct kobject *kobj
24438 -static struct sysfs_ops pdcspath_attr_ops = {
24439 +static const struct sysfs_ops pdcspath_attr_ops = {
24440 .show = pdcspath_attr_show,
24441 .store = pdcspath_attr_store,
24443 diff -urNp linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c
24444 --- linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c 2009-12-02 22:51:21.000000000 -0500
24445 +++ linux-2.6.32.1/drivers/pci/hotplug/acpiphp_glue.c 2009-12-14 18:33:55.489082621 -0500
24446 @@ -111,7 +111,7 @@ static int post_dock_fixups(struct notif
24450 -static struct acpi_dock_ops acpiphp_dock_ops = {
24451 +static const struct acpi_dock_ops acpiphp_dock_ops = {
24452 .handler = handle_hotplug_event_func,
24455 diff -urNp linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c
24456 --- linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c 2009-12-02 22:51:21.000000000 -0500
24457 +++ linux-2.6.32.1/drivers/pci/hotplug/cpqphp_nvram.c 2009-12-14 18:33:55.492016288 -0500
24458 @@ -428,9 +428,13 @@ static u32 store_HRT (void __iomem *rom_
24460 void compaq_nvram_init (void __iomem *rom_start)
24463 +#ifndef CONFIG_PAX_KERNEXEC
24465 compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
24469 dbg("int15 entry = %p\n", compaq_int15_entry_point);
24471 /* initialize our int15 lock */
24472 diff -urNp linux-2.6.32.1/drivers/pci/hotplug/fakephp.c linux-2.6.32.1/drivers/pci/hotplug/fakephp.c
24473 --- linux-2.6.32.1/drivers/pci/hotplug/fakephp.c 2009-12-02 22:51:21.000000000 -0500
24474 +++ linux-2.6.32.1/drivers/pci/hotplug/fakephp.c 2009-12-14 18:33:55.492799690 -0500
24475 @@ -73,7 +73,7 @@ static void legacy_release(struct kobjec
24478 static struct kobj_type legacy_ktype = {
24479 - .sysfs_ops = &(struct sysfs_ops){
24480 + .sysfs_ops = &(const struct sysfs_ops){
24481 .store = legacy_store, .show = legacy_show
24483 .release = &legacy_release,
24484 diff -urNp linux-2.6.32.1/drivers/pci/intel-iommu.c linux-2.6.32.1/drivers/pci/intel-iommu.c
24485 --- linux-2.6.32.1/drivers/pci/intel-iommu.c 2009-12-02 22:51:21.000000000 -0500
24486 +++ linux-2.6.32.1/drivers/pci/intel-iommu.c 2009-12-14 18:33:55.520095156 -0500
24487 @@ -2937,7 +2937,7 @@ static int intel_mapping_error(struct de
24491 -struct dma_map_ops intel_dma_ops = {
24492 +const struct dma_map_ops intel_dma_ops = {
24493 .alloc_coherent = intel_alloc_coherent,
24494 .free_coherent = intel_free_coherent,
24495 .map_sg = intel_map_sg,
24496 diff -urNp linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c
24497 --- linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c 2009-12-02 22:51:21.000000000 -0500
24498 +++ linux-2.6.32.1/drivers/pci/pcie/portdrv_pci.c 2009-12-14 18:33:55.629114556 -0500
24499 @@ -249,7 +249,7 @@ static void pcie_portdrv_err_resume(stru
24500 static const struct pci_device_id port_pci_ids[] = { {
24501 /* handle any PCI-Express port */
24502 PCI_DEVICE_CLASS(((PCI_CLASS_BRIDGE_PCI << 8) | 0x00), ~0),
24503 - }, { /* end: all zeroes */ }
24504 + }, { 0, 0, 0, 0, 0, 0, 0 }
24506 MODULE_DEVICE_TABLE(pci, port_pci_ids);
24508 diff -urNp linux-2.6.32.1/drivers/pci/proc.c linux-2.6.32.1/drivers/pci/proc.c
24509 --- linux-2.6.32.1/drivers/pci/proc.c 2009-12-02 22:51:21.000000000 -0500
24510 +++ linux-2.6.32.1/drivers/pci/proc.c 2009-12-14 18:33:55.739118344 -0500
24511 @@ -480,7 +480,16 @@ static const struct file_operations proc
24512 static int __init pci_proc_init(void)
24514 struct pci_dev *dev = NULL;
24516 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
24517 +#ifdef CONFIG_GRKERNSEC_PROC_USER
24518 + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
24519 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
24520 + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
24523 proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
24525 proc_create("devices", 0, proc_bus_pci_dir,
24526 &proc_bus_pci_dev_operations);
24527 proc_initialized = 1;
24528 diff -urNp linux-2.6.32.1/drivers/pci/slot.c linux-2.6.32.1/drivers/pci/slot.c
24529 --- linux-2.6.32.1/drivers/pci/slot.c 2009-12-02 22:51:21.000000000 -0500
24530 +++ linux-2.6.32.1/drivers/pci/slot.c 2009-12-14 18:33:55.739882201 -0500
24531 @@ -29,7 +29,7 @@ static ssize_t pci_slot_attr_store(struc
24532 return attribute->store ? attribute->store(slot, buf, len) : -EIO;
24535 -static struct sysfs_ops pci_slot_sysfs_ops = {
24536 +static const struct sysfs_ops pci_slot_sysfs_ops = {
24537 .show = pci_slot_attr_show,
24538 .store = pci_slot_attr_store,
24540 diff -urNp linux-2.6.32.1/drivers/pcmcia/ti113x.h linux-2.6.32.1/drivers/pcmcia/ti113x.h
24541 --- linux-2.6.32.1/drivers/pcmcia/ti113x.h 2009-12-02 22:51:21.000000000 -0500
24542 +++ linux-2.6.32.1/drivers/pcmcia/ti113x.h 2009-12-14 18:33:55.749622860 -0500
24543 @@ -903,7 +903,7 @@ static struct pci_device_id ene_tune_tbl
24544 DEVID(PCI_VENDOR_ID_MOTOROLA, 0x3410, 0xECC0, PCI_ANY_ID,
24545 ENE_TEST_C9_TLTENABLE | ENE_TEST_C9_PFENABLE, ENE_TEST_C9_TLTENABLE),
24548 + { 0, 0, 0, 0, 0, 0, 0 }
24551 static void ene_tune_bridge(struct pcmcia_socket *sock, struct pci_bus *bus)
24552 diff -urNp linux-2.6.32.1/drivers/pcmcia/yenta_socket.c linux-2.6.32.1/drivers/pcmcia/yenta_socket.c
24553 --- linux-2.6.32.1/drivers/pcmcia/yenta_socket.c 2009-12-02 22:51:21.000000000 -0500
24554 +++ linux-2.6.32.1/drivers/pcmcia/yenta_socket.c 2009-12-14 18:33:55.800130505 -0500
24555 @@ -1387,7 +1387,7 @@ static struct pci_device_id yenta_table
24557 /* match any cardbus bridge */
24558 CB_ID(PCI_ANY_ID, PCI_ANY_ID, DEFAULT),
24559 - { /* all zeroes */ }
24560 + { 0, 0, 0, 0, 0, 0, 0 }
24562 MODULE_DEVICE_TABLE(pci, yenta_table);
24564 diff -urNp linux-2.6.32.1/drivers/platform/x86/acer-wmi.c linux-2.6.32.1/drivers/platform/x86/acer-wmi.c
24565 --- linux-2.6.32.1/drivers/platform/x86/acer-wmi.c 2009-12-02 22:51:21.000000000 -0500
24566 +++ linux-2.6.32.1/drivers/platform/x86/acer-wmi.c 2009-12-14 18:33:55.834859500 -0500
24567 @@ -918,7 +918,7 @@ static int update_bl_status(struct backl
24571 -static struct backlight_ops acer_bl_ops = {
24572 +static const struct backlight_ops acer_bl_ops = {
24573 .get_brightness = read_brightness,
24574 .update_status = update_bl_status,
24576 diff -urNp linux-2.6.32.1/drivers/platform/x86/asus_acpi.c linux-2.6.32.1/drivers/platform/x86/asus_acpi.c
24577 --- linux-2.6.32.1/drivers/platform/x86/asus_acpi.c 2009-12-02 22:51:21.000000000 -0500
24578 +++ linux-2.6.32.1/drivers/platform/x86/asus_acpi.c 2009-12-14 18:33:55.836770614 -0500
24579 @@ -1402,7 +1402,7 @@ static int asus_hotk_remove(struct acpi_
24583 -static struct backlight_ops asus_backlight_data = {
24584 +static const struct backlight_ops asus_backlight_data = {
24585 .get_brightness = read_brightness,
24586 .update_status = set_brightness_status,
24588 diff -urNp linux-2.6.32.1/drivers/platform/x86/asus-laptop.c linux-2.6.32.1/drivers/platform/x86/asus-laptop.c
24589 --- linux-2.6.32.1/drivers/platform/x86/asus-laptop.c 2009-12-02 22:51:21.000000000 -0500
24590 +++ linux-2.6.32.1/drivers/platform/x86/asus-laptop.c 2009-12-14 18:33:55.837827310 -0500
24591 @@ -249,7 +249,7 @@ static struct backlight_device *asus_bac
24593 static int read_brightness(struct backlight_device *bd);
24594 static int update_bl_status(struct backlight_device *bd);
24595 -static struct backlight_ops asusbl_ops = {
24596 +static const struct backlight_ops asusbl_ops = {
24597 .get_brightness = read_brightness,
24598 .update_status = update_bl_status,
24600 diff -urNp linux-2.6.32.1/drivers/platform/x86/compal-laptop.c linux-2.6.32.1/drivers/platform/x86/compal-laptop.c
24601 --- linux-2.6.32.1/drivers/platform/x86/compal-laptop.c 2009-12-02 22:51:21.000000000 -0500
24602 +++ linux-2.6.32.1/drivers/platform/x86/compal-laptop.c 2009-12-14 18:33:55.838707580 -0500
24603 @@ -163,7 +163,7 @@ static int bl_update_status(struct backl
24604 return set_lcd_level(b->props.brightness);
24607 -static struct backlight_ops compalbl_ops = {
24608 +static const struct backlight_ops compalbl_ops = {
24609 .get_brightness = bl_get_brightness,
24610 .update_status = bl_update_status,
24612 diff -urNp linux-2.6.32.1/drivers/platform/x86/dell-laptop.c linux-2.6.32.1/drivers/platform/x86/dell-laptop.c
24613 --- linux-2.6.32.1/drivers/platform/x86/dell-laptop.c 2009-12-02 22:51:21.000000000 -0500
24614 +++ linux-2.6.32.1/drivers/platform/x86/dell-laptop.c 2009-12-14 18:33:55.838707580 -0500
24615 @@ -305,7 +305,7 @@ static int dell_get_intensity(struct bac
24616 return buffer.output[1];
24619 -static struct backlight_ops dell_ops = {
24620 +static const struct backlight_ops dell_ops = {
24621 .get_brightness = dell_get_intensity,
24622 .update_status = dell_send_intensity,
24624 diff -urNp linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c
24625 --- linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c 2009-12-02 22:51:21.000000000 -0500
24626 +++ linux-2.6.32.1/drivers/platform/x86/eeepc-laptop.c 2009-12-14 18:33:55.844122126 -0500
24627 @@ -242,7 +242,7 @@ static struct device *eeepc_hwmon_device
24629 static int read_brightness(struct backlight_device *bd);
24630 static int update_bl_status(struct backlight_device *bd);
24631 -static struct backlight_ops eeepcbl_ops = {
24632 +static const struct backlight_ops eeepcbl_ops = {
24633 .get_brightness = read_brightness,
24634 .update_status = update_bl_status,
24636 diff -urNp linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c
24637 --- linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c 2009-12-02 22:51:21.000000000 -0500
24638 +++ linux-2.6.32.1/drivers/platform/x86/fujitsu-laptop.c 2009-12-14 18:33:55.866968187 -0500
24639 @@ -436,7 +436,7 @@ static int bl_update_status(struct backl
24643 -static struct backlight_ops fujitsubl_ops = {
24644 +static const struct backlight_ops fujitsubl_ops = {
24645 .get_brightness = bl_get_brightness,
24646 .update_status = bl_update_status,
24648 diff -urNp linux-2.6.32.1/drivers/platform/x86/msi-laptop.c linux-2.6.32.1/drivers/platform/x86/msi-laptop.c
24649 --- linux-2.6.32.1/drivers/platform/x86/msi-laptop.c 2009-12-02 22:51:21.000000000 -0500
24650 +++ linux-2.6.32.1/drivers/platform/x86/msi-laptop.c 2009-12-14 18:33:55.870749582 -0500
24651 @@ -161,7 +161,7 @@ static int bl_update_status(struct backl
24652 return set_lcd_level(b->props.brightness);
24655 -static struct backlight_ops msibl_ops = {
24656 +static const struct backlight_ops msibl_ops = {
24657 .get_brightness = bl_get_brightness,
24658 .update_status = bl_update_status,
24660 diff -urNp linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c
24661 --- linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c 2009-12-02 22:51:21.000000000 -0500
24662 +++ linux-2.6.32.1/drivers/platform/x86/panasonic-laptop.c 2009-12-14 18:33:55.872005065 -0500
24663 @@ -352,7 +352,7 @@ static int bl_set_status(struct backligh
24664 return acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, bright);
24667 -static struct backlight_ops pcc_backlight_ops = {
24668 +static const struct backlight_ops pcc_backlight_ops = {
24669 .get_brightness = bl_get,
24670 .update_status = bl_set_status,
24672 diff -urNp linux-2.6.32.1/drivers/platform/x86/sony-laptop.c linux-2.6.32.1/drivers/platform/x86/sony-laptop.c
24673 --- linux-2.6.32.1/drivers/platform/x86/sony-laptop.c 2009-12-02 22:51:21.000000000 -0500
24674 +++ linux-2.6.32.1/drivers/platform/x86/sony-laptop.c 2009-12-14 18:33:55.895049235 -0500
24675 @@ -850,7 +850,7 @@ static int sony_backlight_get_brightness
24678 static struct backlight_device *sony_backlight_device;
24679 -static struct backlight_ops sony_backlight_ops = {
24680 +static const struct backlight_ops sony_backlight_ops = {
24681 .update_status = sony_backlight_update_status,
24682 .get_brightness = sony_backlight_get_brightness,
24684 diff -urNp linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c
24685 --- linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c 2009-12-02 22:51:21.000000000 -0500
24686 +++ linux-2.6.32.1/drivers/platform/x86/thinkpad_acpi.c 2009-12-14 18:33:55.935705037 -0500
24687 @@ -6095,7 +6095,7 @@ static int brightness_get(struct backlig
24688 return status & TP_EC_BACKLIGHT_LVLMSK;
24691 -static struct backlight_ops ibm_backlight_data = {
24692 +static const struct backlight_ops ibm_backlight_data = {
24693 .get_brightness = brightness_get,
24694 .update_status = brightness_update_status,
24696 diff -urNp linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c
24697 --- linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c 2009-12-02 22:51:21.000000000 -0500
24698 +++ linux-2.6.32.1/drivers/platform/x86/toshiba_acpi.c 2009-12-14 18:33:55.944748123 -0500
24699 @@ -671,7 +671,7 @@ static acpi_status remove_device(void)
24703 -static struct backlight_ops toshiba_backlight_data = {
24704 +static const struct backlight_ops toshiba_backlight_data = {
24705 .get_brightness = get_lcd,
24706 .update_status = set_lcd_status,
24708 diff -urNp linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c
24709 --- linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c 2009-12-02 22:51:21.000000000 -0500
24710 +++ linux-2.6.32.1/drivers/pnp/pnpbios/bioscalls.c 2009-12-14 18:33:55.952133531 -0500
24711 @@ -60,7 +60,7 @@ do { \
24712 set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \
24715 -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
24716 +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
24717 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
24720 @@ -97,7 +97,10 @@ static inline u16 call_pnp_bios(u16 func
24723 save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8];
24725 + pax_open_kernel();
24726 get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc;
24727 + pax_close_kernel();
24729 /* On some boxes IRQ's during PnP BIOS calls are deadly. */
24730 spin_lock_irqsave(&pnp_bios_lock, flags);
24731 @@ -135,7 +138,10 @@ static inline u16 call_pnp_bios(u16 func
24733 spin_unlock_irqrestore(&pnp_bios_lock, flags);
24735 + pax_open_kernel();
24736 get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40;
24737 + pax_close_kernel();
24741 /* If we get here and this is set then the PnP BIOS faulted on us. */
24742 @@ -469,7 +475,7 @@ int pnp_bios_read_escd(char *data, u32 n
24746 -void pnpbios_calls_init(union pnp_bios_install_struct *header)
24747 +void __init pnpbios_calls_init(union pnp_bios_install_struct *header)
24751 @@ -477,6 +483,8 @@ void pnpbios_calls_init(union pnp_bios_i
24752 pnp_bios_callpoint.offset = header->fields.pm16offset;
24753 pnp_bios_callpoint.segment = PNP_CS16;
24755 + pax_open_kernel();
24757 for_each_possible_cpu(i) {
24758 struct desc_struct *gdt = get_cpu_gdt_table(i);
24760 @@ -488,4 +496,6 @@ void pnpbios_calls_init(union pnp_bios_i
24761 set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS],
24762 (unsigned long)__va(header->fields.pm16dseg));
24765 + pax_close_kernel();
24767 diff -urNp linux-2.6.32.1/drivers/pnp/quirks.c linux-2.6.32.1/drivers/pnp/quirks.c
24768 --- linux-2.6.32.1/drivers/pnp/quirks.c 2009-12-02 22:51:21.000000000 -0500
24769 +++ linux-2.6.32.1/drivers/pnp/quirks.c 2009-12-14 18:33:55.970988084 -0500
24770 @@ -327,7 +327,7 @@ static struct pnp_fixup pnp_fixups[] = {
24771 /* PnP resources that might overlap PCI BARs */
24772 {"PNP0c01", quirk_system_pci_resources},
24773 {"PNP0c02", quirk_system_pci_resources},
24778 void pnp_fixup_device(struct pnp_dev *dev)
24779 diff -urNp linux-2.6.32.1/drivers/pnp/resource.c linux-2.6.32.1/drivers/pnp/resource.c
24780 --- linux-2.6.32.1/drivers/pnp/resource.c 2009-12-02 22:51:21.000000000 -0500
24781 +++ linux-2.6.32.1/drivers/pnp/resource.c 2009-12-14 18:33:55.979764165 -0500
24782 @@ -355,7 +355,7 @@ int pnp_check_irq(struct pnp_dev *dev, s
24785 /* check if the resource is valid */
24786 - if (*irq < 0 || *irq > 15)
24790 /* check if the resource is reserved */
24791 @@ -419,7 +419,7 @@ int pnp_check_dma(struct pnp_dev *dev, s
24794 /* check if the resource is valid */
24795 - if (*dma < 0 || *dma == 4 || *dma > 7)
24796 + if (*dma == 4 || *dma > 7)
24799 /* check if the resource is reserved */
24800 diff -urNp linux-2.6.32.1/drivers/scsi/ipr.c linux-2.6.32.1/drivers/scsi/ipr.c
24801 --- linux-2.6.32.1/drivers/scsi/ipr.c 2009-12-02 22:51:21.000000000 -0500
24802 +++ linux-2.6.32.1/drivers/scsi/ipr.c 2009-12-14 18:33:56.022142074 -0500
24803 @@ -5286,7 +5286,7 @@ static bool ipr_qc_fill_rtf(struct ata_q
24807 -static struct ata_port_operations ipr_sata_ops = {
24808 +static const struct ata_port_operations ipr_sata_ops = {
24809 .phy_reset = ipr_ata_phy_reset,
24810 .hardreset = ipr_sata_reset,
24811 .post_internal_cmd = ipr_ata_post_internal,
24812 diff -urNp linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c
24813 --- linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c 2009-12-02 22:51:21.000000000 -0500
24814 +++ linux-2.6.32.1/drivers/scsi/libfc/fc_exch.c 2009-12-14 18:33:56.040784122 -0500
24815 @@ -86,12 +86,12 @@ struct fc_exch_mgr {
24816 * all together if not used XXX
24819 - atomic_t no_free_exch;
24820 - atomic_t no_free_exch_xid;
24821 - atomic_t xid_not_found;
24822 - atomic_t xid_busy;
24823 - atomic_t seq_not_found;
24824 - atomic_t non_bls_resp;
24825 + atomic_unchecked_t no_free_exch;
24826 + atomic_unchecked_t no_free_exch_xid;
24827 + atomic_unchecked_t xid_not_found;
24828 + atomic_unchecked_t xid_busy;
24829 + atomic_unchecked_t seq_not_found;
24830 + atomic_unchecked_t non_bls_resp;
24833 #define fc_seq_exch(sp) container_of(sp, struct fc_exch, seq)
24834 @@ -510,7 +510,7 @@ static struct fc_exch *fc_exch_em_alloc(
24835 /* allocate memory for exchange */
24836 ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
24838 - atomic_inc(&mp->stats.no_free_exch);
24839 + atomic_inc_unchecked(&mp->stats.no_free_exch);
24842 memset(ep, 0, sizeof(*ep));
24843 @@ -557,7 +557,7 @@ out:
24846 spin_unlock_bh(&pool->lock);
24847 - atomic_inc(&mp->stats.no_free_exch_xid);
24848 + atomic_inc_unchecked(&mp->stats.no_free_exch_xid);
24849 mempool_free(ep, mp->ep_pool);
24852 @@ -690,7 +690,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24853 xid = ntohs(fh->fh_ox_id); /* we originated exch */
24854 ep = fc_exch_find(mp, xid);
24856 - atomic_inc(&mp->stats.xid_not_found);
24857 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24858 reject = FC_RJT_OX_ID;
24861 @@ -720,7 +720,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24862 ep = fc_exch_find(mp, xid);
24863 if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
24865 - atomic_inc(&mp->stats.xid_busy);
24866 + atomic_inc_unchecked(&mp->stats.xid_busy);
24867 reject = FC_RJT_RX_ID;
24870 @@ -731,7 +731,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24872 xid = ep->xid; /* get our XID */
24874 - atomic_inc(&mp->stats.xid_not_found);
24875 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24876 reject = FC_RJT_RX_ID; /* XID not found */
24879 @@ -752,7 +752,7 @@ static enum fc_pf_rjt_reason fc_seq_look
24882 if (sp->id != fh->fh_seq_id) {
24883 - atomic_inc(&mp->stats.seq_not_found);
24884 + atomic_inc_unchecked(&mp->stats.seq_not_found);
24885 reject = FC_RJT_SEQ_ID; /* sequence/exch should exist */
24888 @@ -1163,22 +1163,22 @@ static void fc_exch_recv_seq_resp(struct
24890 ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
24892 - atomic_inc(&mp->stats.xid_not_found);
24893 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24896 if (ep->esb_stat & ESB_ST_COMPLETE) {
24897 - atomic_inc(&mp->stats.xid_not_found);
24898 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24901 if (ep->rxid == FC_XID_UNKNOWN)
24902 ep->rxid = ntohs(fh->fh_rx_id);
24903 if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) {
24904 - atomic_inc(&mp->stats.xid_not_found);
24905 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24908 if (ep->did != ntoh24(fh->fh_s_id) &&
24909 ep->did != FC_FID_FLOGI) {
24910 - atomic_inc(&mp->stats.xid_not_found);
24911 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24915 @@ -1189,7 +1189,7 @@ static void fc_exch_recv_seq_resp(struct
24918 if (sp->id != fh->fh_seq_id) {
24919 - atomic_inc(&mp->stats.seq_not_found);
24920 + atomic_inc_unchecked(&mp->stats.seq_not_found);
24924 @@ -1249,9 +1249,9 @@ static void fc_exch_recv_resp(struct fc_
24925 sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
24928 - atomic_inc(&mp->stats.xid_not_found);
24929 + atomic_inc_unchecked(&mp->stats.xid_not_found);
24931 - atomic_inc(&mp->stats.non_bls_resp);
24932 + atomic_inc_unchecked(&mp->stats.non_bls_resp);
24936 diff -urNp linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c
24937 --- linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c 2009-12-02 22:51:21.000000000 -0500
24938 +++ linux-2.6.32.1/drivers/scsi/libsas/sas_ata.c 2009-12-14 18:33:56.072817664 -0500
24939 @@ -343,7 +343,7 @@ static int sas_ata_scr_read(struct ata_l
24943 -static struct ata_port_operations sas_sata_ops = {
24944 +static const struct ata_port_operations sas_sata_ops = {
24945 .phy_reset = sas_ata_phy_reset,
24946 .post_internal_cmd = sas_ata_post_internal,
24947 .qc_prep = ata_noop_qc_prep,
24948 diff -urNp linux-2.6.32.1/drivers/scsi/scsi_logging.h linux-2.6.32.1/drivers/scsi/scsi_logging.h
24949 --- linux-2.6.32.1/drivers/scsi/scsi_logging.h 2009-12-02 22:51:21.000000000 -0500
24950 +++ linux-2.6.32.1/drivers/scsi/scsi_logging.h 2009-12-14 18:33:56.082745190 -0500
24951 @@ -51,7 +51,7 @@ do { \
24955 -#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD)
24956 +#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0)
24957 #endif /* CONFIG_SCSI_LOGGING */
24960 diff -urNp linux-2.6.32.1/drivers/scsi/sg.c linux-2.6.32.1/drivers/scsi/sg.c
24961 --- linux-2.6.32.1/drivers/scsi/sg.c 2009-12-02 22:51:21.000000000 -0500
24962 +++ linux-2.6.32.1/drivers/scsi/sg.c 2009-12-14 18:33:56.095153533 -0500
24963 @@ -2292,7 +2292,7 @@ struct sg_proc_leaf {
24964 const struct file_operations * fops;
24967 -static struct sg_proc_leaf sg_proc_leaf_arr[] = {
24968 +static const struct sg_proc_leaf sg_proc_leaf_arr[] = {
24969 {"allow_dio", &adio_fops},
24970 {"debug", &debug_fops},
24971 {"def_reserved_size", &dressz_fops},
24972 @@ -2307,7 +2307,7 @@ sg_proc_init(void)
24975 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
24976 - struct sg_proc_leaf * leaf;
24977 + const struct sg_proc_leaf * leaf;
24979 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
24981 diff -urNp linux-2.6.32.1/drivers/serial/8250_pci.c linux-2.6.32.1/drivers/serial/8250_pci.c
24982 --- linux-2.6.32.1/drivers/serial/8250_pci.c 2009-12-02 22:51:21.000000000 -0500
24983 +++ linux-2.6.32.1/drivers/serial/8250_pci.c 2009-12-14 18:33:56.124714120 -0500
24984 @@ -3664,7 +3664,7 @@ static struct pci_device_id serial_pci_t
24985 PCI_ANY_ID, PCI_ANY_ID,
24986 PCI_CLASS_COMMUNICATION_MULTISERIAL << 8,
24987 0xffff00, pbn_default },
24989 + { 0, 0, 0, 0, 0, 0, 0 }
24992 static struct pci_driver serial_pci_driver = {
24993 diff -urNp linux-2.6.32.1/drivers/serial/kgdboc.c linux-2.6.32.1/drivers/serial/kgdboc.c
24994 --- linux-2.6.32.1/drivers/serial/kgdboc.c 2009-12-02 22:51:21.000000000 -0500
24995 +++ linux-2.6.32.1/drivers/serial/kgdboc.c 2009-12-14 18:33:56.136250252 -0500
24998 #define MAX_CONFIG_LEN 40
25000 -static struct kgdb_io kgdboc_io_ops;
25001 +static const struct kgdb_io kgdboc_io_ops;
25003 /* -1 = init not run yet, 0 = unconfigured, 1 = configured. */
25004 static int configured = -1;
25005 @@ -154,7 +154,7 @@ static void kgdboc_post_exp_handler(void
25006 module_put(THIS_MODULE);
25009 -static struct kgdb_io kgdboc_io_ops = {
25010 +static const struct kgdb_io kgdboc_io_ops = {
25012 .read_char = kgdboc_get_char,
25013 .write_char = kgdboc_put_char,
25014 diff -urNp linux-2.6.32.1/drivers/staging/android/binder.c linux-2.6.32.1/drivers/staging/android/binder.c
25015 --- linux-2.6.32.1/drivers/staging/android/binder.c 2009-12-02 22:51:21.000000000 -0500
25016 +++ linux-2.6.32.1/drivers/staging/android/binder.c 2009-12-14 18:33:56.151914823 -0500
25017 @@ -2756,7 +2756,7 @@ static void binder_vma_close(struct vm_a
25018 binder_defer_work(proc, BINDER_DEFERRED_PUT_FILES);
25021 -static struct vm_operations_struct binder_vm_ops = {
25022 +static const struct vm_operations_struct binder_vm_ops = {
25023 .open = binder_vma_open,
25024 .close = binder_vma_close,
25026 diff -urNp linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c
25027 --- linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c 2009-12-02 22:51:21.000000000 -0500
25028 +++ linux-2.6.32.1/drivers/staging/b3dfg/b3dfg.c 2009-12-14 18:33:56.180829699 -0500
25029 @@ -455,7 +455,7 @@ static int b3dfg_vma_fault(struct vm_are
25030 return VM_FAULT_NOPAGE;
25033 -static struct vm_operations_struct b3dfg_vm_ops = {
25034 +static const struct vm_operations_struct b3dfg_vm_ops = {
25035 .fault = b3dfg_vma_fault,
25038 @@ -848,7 +848,7 @@ static int b3dfg_mmap(struct file *filp,
25042 -static struct file_operations b3dfg_fops = {
25043 +static const struct file_operations b3dfg_fops = {
25044 .owner = THIS_MODULE,
25045 .open = b3dfg_open,
25046 .release = b3dfg_release,
25047 diff -urNp linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c
25048 --- linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c 2009-12-02 22:51:21.000000000 -0500
25049 +++ linux-2.6.32.1/drivers/staging/comedi/comedi_fops.c 2009-12-14 18:33:56.204759560 -0500
25050 @@ -1389,7 +1389,7 @@ void comedi_unmap(struct vm_area_struct
25051 mutex_unlock(&dev->mutex);
25054 -static struct vm_operations_struct comedi_vm_ops = {
25055 +static const struct vm_operations_struct comedi_vm_ops = {
25056 .close = comedi_unmap,
25059 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c
25060 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c 2009-12-02 22:51:21.000000000 -0500
25061 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/adsp_driver.c 2009-12-14 18:33:56.217730751 -0500
25062 @@ -576,7 +576,7 @@ static struct adsp_device *inode_to_devi
25063 static dev_t adsp_devno;
25064 static struct class *adsp_class;
25066 -static struct file_operations adsp_fops = {
25067 +static const struct file_operations adsp_fops = {
25068 .owner = THIS_MODULE,
25070 .unlocked_ioctl = adsp_ioctl,
25071 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c
25072 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c 2009-12-02 22:51:21.000000000 -0500
25073 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_aac.c 2009-12-14 18:33:56.243755442 -0500
25074 @@ -1022,7 +1022,7 @@ done:
25078 -static struct file_operations audio_aac_fops = {
25079 +static const struct file_operations audio_aac_fops = {
25080 .owner = THIS_MODULE,
25081 .open = audio_open,
25082 .release = audio_release,
25083 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c
25084 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c 2009-12-02 22:51:21.000000000 -0500
25085 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_amrnb.c 2009-12-14 18:33:56.266835744 -0500
25086 @@ -833,7 +833,7 @@ done:
25090 -static struct file_operations audio_amrnb_fops = {
25091 +static const struct file_operations audio_amrnb_fops = {
25092 .owner = THIS_MODULE,
25093 .open = audamrnb_open,
25094 .release = audamrnb_release,
25095 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c
25096 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c 2009-12-02 22:51:21.000000000 -0500
25097 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_evrc.c 2009-12-14 18:33:56.267703597 -0500
25098 @@ -805,7 +805,7 @@ dma_fail:
25102 -static struct file_operations audio_evrc_fops = {
25103 +static const struct file_operations audio_evrc_fops = {
25104 .owner = THIS_MODULE,
25105 .open = audevrc_open,
25106 .release = audevrc_release,
25107 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c
25108 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c 2009-12-02 22:51:21.000000000 -0500
25109 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_in.c 2009-12-14 18:33:56.268741974 -0500
25110 @@ -913,7 +913,7 @@ static int audpre_open(struct inode *ino
25114 -static struct file_operations audio_fops = {
25115 +static const struct file_operations audio_fops = {
25116 .owner = THIS_MODULE,
25117 .open = audio_in_open,
25118 .release = audio_in_release,
25119 @@ -922,7 +922,7 @@ static struct file_operations audio_fops
25120 .unlocked_ioctl = audio_in_ioctl,
25123 -static struct file_operations audpre_fops = {
25124 +static const struct file_operations audpre_fops = {
25125 .owner = THIS_MODULE,
25126 .open = audpre_open,
25127 .unlocked_ioctl = audpre_ioctl,
25128 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c
25129 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c 2009-12-02 22:51:21.000000000 -0500
25130 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_mp3.c 2009-12-14 18:33:56.270777115 -0500
25131 @@ -941,7 +941,7 @@ done:
25135 -static struct file_operations audio_mp3_fops = {
25136 +static const struct file_operations audio_mp3_fops = {
25137 .owner = THIS_MODULE,
25138 .open = audio_open,
25139 .release = audio_release,
25140 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c
25141 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c 2009-12-02 22:51:21.000000000 -0500
25142 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_out.c 2009-12-14 18:33:56.272703386 -0500
25143 @@ -810,7 +810,7 @@ static int audpp_open(struct inode *inod
25147 -static struct file_operations audio_fops = {
25148 +static const struct file_operations audio_fops = {
25149 .owner = THIS_MODULE,
25150 .open = audio_open,
25151 .release = audio_release,
25152 @@ -819,7 +819,7 @@ static struct file_operations audio_fops
25153 .unlocked_ioctl = audio_ioctl,
25156 -static struct file_operations audpp_fops = {
25157 +static const struct file_operations audpp_fops = {
25158 .owner = THIS_MODULE,
25159 .open = audpp_open,
25160 .unlocked_ioctl = audpp_ioctl,
25161 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c
25162 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c 2009-12-02 22:51:21.000000000 -0500
25163 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/audio_qcelp.c 2009-12-14 18:33:56.275989683 -0500
25164 @@ -816,7 +816,7 @@ err:
25168 -static struct file_operations audio_qcelp_fops = {
25169 +static const struct file_operations audio_qcelp_fops = {
25170 .owner = THIS_MODULE,
25171 .open = audqcelp_open,
25172 .release = audqcelp_release,
25173 diff -urNp linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c
25174 --- linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c 2009-12-02 22:51:21.000000000 -0500
25175 +++ linux-2.6.32.1/drivers/staging/dream/qdsp5/snd.c 2009-12-14 18:33:56.276744780 -0500
25176 @@ -242,7 +242,7 @@ err:
25180 -static struct file_operations snd_fops = {
25181 +static const struct file_operations snd_fops = {
25182 .owner = THIS_MODULE,
25184 .release = snd_release,
25185 diff -urNp linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c
25186 --- linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c 2009-12-02 22:51:21.000000000 -0500
25187 +++ linux-2.6.32.1/drivers/staging/dream/smd/smd_qmi.c 2009-12-14 18:33:56.288069638 -0500
25188 @@ -793,7 +793,7 @@ static int qmi_release(struct inode *ip,
25192 -static struct file_operations qmi_fops = {
25193 +static const struct file_operations qmi_fops = {
25194 .owner = THIS_MODULE,
25196 .write = qmi_write,
25197 diff -urNp linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c
25198 --- linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c 2009-12-02 22:51:21.000000000 -0500
25199 +++ linux-2.6.32.1/drivers/staging/dream/smd/smd_rpcrouter_device.c 2009-12-14 18:33:56.294817718 -0500
25200 @@ -214,7 +214,7 @@ static long rpcrouter_ioctl(struct file
25204 -static struct file_operations rpcrouter_server_fops = {
25205 +static const struct file_operations rpcrouter_server_fops = {
25206 .owner = THIS_MODULE,
25207 .open = rpcrouter_open,
25208 .release = rpcrouter_release,
25209 @@ -224,7 +224,7 @@ static struct file_operations rpcrouter_
25210 .unlocked_ioctl = rpcrouter_ioctl,
25213 -static struct file_operations rpcrouter_router_fops = {
25214 +static const struct file_operations rpcrouter_router_fops = {
25215 .owner = THIS_MODULE,
25216 .open = rpcrouter_open,
25217 .release = rpcrouter_release,
25218 diff -urNp linux-2.6.32.1/drivers/staging/dst/dcore.c linux-2.6.32.1/drivers/staging/dst/dcore.c
25219 --- linux-2.6.32.1/drivers/staging/dst/dcore.c 2009-12-02 22:51:21.000000000 -0500
25220 +++ linux-2.6.32.1/drivers/staging/dst/dcore.c 2009-12-14 18:33:56.304159431 -0500
25221 @@ -149,7 +149,7 @@ static int dst_bdev_release(struct gendi
25225 -static struct block_device_operations dst_blk_ops = {
25226 +static const struct block_device_operations dst_blk_ops = {
25227 .open = dst_bdev_open,
25228 .release = dst_bdev_release,
25229 .owner = THIS_MODULE,
25230 diff -urNp linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c
25231 --- linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c 2009-12-02 22:51:21.000000000 -0500
25232 +++ linux-2.6.32.1/drivers/staging/go7007/go7007-v4l2.c 2009-12-14 18:33:56.318778895 -0500
25233 @@ -1700,7 +1700,7 @@ static int go7007_vm_fault(struct vm_are
25237 -static struct vm_operations_struct go7007_vm_ops = {
25238 +static const struct vm_operations_struct go7007_vm_ops = {
25239 .open = go7007_vm_open,
25240 .close = go7007_vm_close,
25241 .fault = go7007_vm_fault,
25242 diff -urNp linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c
25243 --- linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c 2009-12-02 22:51:21.000000000 -0500
25244 +++ linux-2.6.32.1/drivers/staging/hv/blkvsc_drv.c 2009-12-14 18:33:56.334798643 -0500
25245 @@ -153,7 +153,7 @@ static int blkvsc_ringbuffer_size = BLKV
25246 /* The one and only one */
25247 static struct blkvsc_driver_context g_blkvsc_drv;
25249 -static struct block_device_operations block_ops = {
25250 +static const struct block_device_operations block_ops = {
25251 .owner = THIS_MODULE,
25252 .open = blkvsc_open,
25253 .release = blkvsc_release,
25254 diff -urNp linux-2.6.32.1/drivers/staging/panel/panel.c linux-2.6.32.1/drivers/staging/panel/panel.c
25255 --- linux-2.6.32.1/drivers/staging/panel/panel.c 2009-12-02 22:51:21.000000000 -0500
25256 +++ linux-2.6.32.1/drivers/staging/panel/panel.c 2009-12-14 18:33:56.357797047 -0500
25257 @@ -1305,7 +1305,7 @@ static int lcd_release(struct inode *ino
25261 -static struct file_operations lcd_fops = {
25262 +static const struct file_operations lcd_fops = {
25263 .write = lcd_write,
25265 .release = lcd_release,
25266 @@ -1565,7 +1565,7 @@ static int keypad_release(struct inode *
25270 -static struct file_operations keypad_fops = {
25271 +static const struct file_operations keypad_fops = {
25272 .read = keypad_read, /* read */
25273 .open = keypad_open, /* open */
25274 .release = keypad_release, /* close */
25275 diff -urNp linux-2.6.32.1/drivers/staging/phison/phison.c linux-2.6.32.1/drivers/staging/phison/phison.c
25276 --- linux-2.6.32.1/drivers/staging/phison/phison.c 2009-12-02 22:51:21.000000000 -0500
25277 +++ linux-2.6.32.1/drivers/staging/phison/phison.c 2009-12-14 18:33:56.364170212 -0500
25278 @@ -43,7 +43,7 @@ static struct scsi_host_template phison_
25279 ATA_BMDMA_SHT(DRV_NAME),
25282 -static struct ata_port_operations phison_ops = {
25283 +static const struct ata_port_operations phison_ops = {
25284 .inherits = &ata_bmdma_port_ops,
25285 .prereset = phison_pre_reset,
25287 diff -urNp linux-2.6.32.1/drivers/staging/poch/poch.c linux-2.6.32.1/drivers/staging/poch/poch.c
25288 --- linux-2.6.32.1/drivers/staging/poch/poch.c 2009-12-02 22:51:21.000000000 -0500
25289 +++ linux-2.6.32.1/drivers/staging/poch/poch.c 2009-12-14 18:33:56.386724820 -0500
25290 @@ -1057,7 +1057,7 @@ static int poch_ioctl(struct inode *inod
25294 -static struct file_operations poch_fops = {
25295 +static const struct file_operations poch_fops = {
25296 .owner = THIS_MODULE,
25298 .release = poch_release,
25299 diff -urNp linux-2.6.32.1/drivers/staging/sep/sep_driver.c linux-2.6.32.1/drivers/staging/sep/sep_driver.c
25300 --- linux-2.6.32.1/drivers/staging/sep/sep_driver.c 2009-12-02 22:51:21.000000000 -0500
25301 +++ linux-2.6.32.1/drivers/staging/sep/sep_driver.c 2009-12-14 18:33:56.412957243 -0500
25302 @@ -2603,7 +2603,7 @@ static struct pci_driver sep_pci_driver
25303 static dev_t sep_devno;
25305 /* the files operations structure of the driver */
25306 -static struct file_operations sep_file_operations = {
25307 +static const struct file_operations sep_file_operations = {
25308 .owner = THIS_MODULE,
25309 .ioctl = sep_ioctl,
25311 diff -urNp linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c
25312 --- linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c 2009-12-02 22:51:21.000000000 -0500
25313 +++ linux-2.6.32.1/drivers/staging/vme/devices/vme_user.c 2009-12-14 18:33:56.422918835 -0500
25314 @@ -136,7 +136,7 @@ static int vme_user_ioctl(struct inode *
25315 static int __init vme_user_probe(struct device *, int, int);
25316 static int __exit vme_user_remove(struct device *, int, int);
25318 -static struct file_operations vme_user_fops = {
25319 +static const struct file_operations vme_user_fops = {
25320 .open = vme_user_open,
25321 .release = vme_user_release,
25322 .read = vme_user_read,
25323 diff -urNp linux-2.6.32.1/drivers/uio/uio.c linux-2.6.32.1/drivers/uio/uio.c
25324 --- linux-2.6.32.1/drivers/uio/uio.c 2009-12-02 22:51:21.000000000 -0500
25325 +++ linux-2.6.32.1/drivers/uio/uio.c 2009-12-14 18:33:56.434748271 -0500
25326 @@ -129,7 +129,7 @@ static ssize_t map_type_show(struct kobj
25327 return entry->show(mem, buf);
25330 -static struct sysfs_ops map_sysfs_ops = {
25331 +static const struct sysfs_ops map_sysfs_ops = {
25332 .show = map_type_show,
25335 @@ -217,7 +217,7 @@ static ssize_t portio_type_show(struct k
25336 return entry->show(port, buf);
25339 -static struct sysfs_ops portio_sysfs_ops = {
25340 +static const struct sysfs_ops portio_sysfs_ops = {
25341 .show = portio_type_show,
25344 diff -urNp linux-2.6.32.1/drivers/usb/atm/usbatm.c linux-2.6.32.1/drivers/usb/atm/usbatm.c
25345 --- linux-2.6.32.1/drivers/usb/atm/usbatm.c 2009-12-02 22:51:21.000000000 -0500
25346 +++ linux-2.6.32.1/drivers/usb/atm/usbatm.c 2009-12-14 18:33:56.441756007 -0500
25347 @@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(stru
25348 if (printk_ratelimit())
25349 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
25350 __func__, vpi, vci);
25351 - atomic_inc(&vcc->stats->rx_err);
25352 + atomic_inc_unchecked(&vcc->stats->rx_err);
25356 @@ -361,7 +361,7 @@ static void usbatm_extract_one_cell(stru
25357 if (length > ATM_MAX_AAL5_PDU) {
25358 atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
25359 __func__, length, vcc);
25360 - atomic_inc(&vcc->stats->rx_err);
25361 + atomic_inc_unchecked(&vcc->stats->rx_err);
25365 @@ -370,14 +370,14 @@ static void usbatm_extract_one_cell(stru
25366 if (sarb->len < pdu_length) {
25367 atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
25368 __func__, pdu_length, sarb->len, vcc);
25369 - atomic_inc(&vcc->stats->rx_err);
25370 + atomic_inc_unchecked(&vcc->stats->rx_err);
25374 if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) {
25375 atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
25377 - atomic_inc(&vcc->stats->rx_err);
25378 + atomic_inc_unchecked(&vcc->stats->rx_err);
25382 @@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(stru
25383 if (printk_ratelimit())
25384 atm_err(instance, "%s: no memory for skb (length: %u)!\n",
25386 - atomic_inc(&vcc->stats->rx_drop);
25387 + atomic_inc_unchecked(&vcc->stats->rx_drop);
25391 @@ -412,7 +412,7 @@ static void usbatm_extract_one_cell(stru
25393 vcc->push(vcc, skb);
25395 - atomic_inc(&vcc->stats->rx);
25396 + atomic_inc_unchecked(&vcc->stats->rx);
25400 @@ -616,7 +616,7 @@ static void usbatm_tx_process(unsigned l
25401 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
25403 usbatm_pop(vcc, skb);
25404 - atomic_inc(&vcc->stats->tx);
25405 + atomic_inc_unchecked(&vcc->stats->tx);
25407 skb = skb_dequeue(&instance->sndqueue);
25409 @@ -775,11 +775,11 @@ static int usbatm_atm_proc_read(struct a
25411 return sprintf(page,
25412 "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
25413 - atomic_read(&atm_dev->stats.aal5.tx),
25414 - atomic_read(&atm_dev->stats.aal5.tx_err),
25415 - atomic_read(&atm_dev->stats.aal5.rx),
25416 - atomic_read(&atm_dev->stats.aal5.rx_err),
25417 - atomic_read(&atm_dev->stats.aal5.rx_drop));
25418 + atomic_read_unchecked(&atm_dev->stats.aal5.tx),
25419 + atomic_read_unchecked(&atm_dev->stats.aal5.tx_err),
25420 + atomic_read_unchecked(&atm_dev->stats.aal5.rx),
25421 + atomic_read_unchecked(&atm_dev->stats.aal5.rx_err),
25422 + atomic_read_unchecked(&atm_dev->stats.aal5.rx_drop));
25425 if (instance->disconnected)
25426 diff -urNp linux-2.6.32.1/drivers/usb/class/cdc-acm.c linux-2.6.32.1/drivers/usb/class/cdc-acm.c
25427 --- linux-2.6.32.1/drivers/usb/class/cdc-acm.c 2009-12-02 22:51:21.000000000 -0500
25428 +++ linux-2.6.32.1/drivers/usb/class/cdc-acm.c 2009-12-14 18:33:56.449082389 -0500
25429 @@ -1534,7 +1534,7 @@ static struct usb_device_id acm_ids[] =
25430 USB_CDC_ACM_PROTO_AT_CDMA) },
25432 /* NOTE: COMM/ACM/0xff is likely MSFT RNDIS ... NOT a modem!! */
25434 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
25437 MODULE_DEVICE_TABLE(usb, acm_ids);
25438 diff -urNp linux-2.6.32.1/drivers/usb/class/usblp.c linux-2.6.32.1/drivers/usb/class/usblp.c
25439 --- linux-2.6.32.1/drivers/usb/class/usblp.c 2009-12-02 22:51:21.000000000 -0500
25440 +++ linux-2.6.32.1/drivers/usb/class/usblp.c 2009-12-14 18:33:56.450737102 -0500
25441 @@ -228,7 +228,7 @@ static const struct quirk_printer_struct
25442 { 0x0482, 0x0010, USBLP_QUIRK_BIDIR }, /* Kyocera Mita FS 820, by zut <kernel@zut.de> */
25443 { 0x04f9, 0x000d, USBLP_QUIRK_BIDIR }, /* Brother Industries, Ltd HL-1440 Laser Printer */
25444 { 0x04b8, 0x0202, USBLP_QUIRK_BAD_CLASS }, /* Seiko Epson Receipt Printer M129C */
25449 static int usblp_wwait(struct usblp *usblp, int nonblock);
25450 @@ -1412,7 +1412,7 @@ static struct usb_device_id usblp_ids []
25451 { USB_INTERFACE_INFO(7, 1, 2) },
25452 { USB_INTERFACE_INFO(7, 1, 3) },
25453 { USB_DEVICE(0x04b8, 0x0202) }, /* Seiko Epson Receipt Printer M129C */
25454 - { } /* Terminating entry */
25455 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25458 MODULE_DEVICE_TABLE (usb, usblp_ids);
25459 diff -urNp linux-2.6.32.1/drivers/usb/core/hcd.c linux-2.6.32.1/drivers/usb/core/hcd.c
25460 --- linux-2.6.32.1/drivers/usb/core/hcd.c 2009-12-02 22:51:21.000000000 -0500
25461 +++ linux-2.6.32.1/drivers/usb/core/hcd.c 2009-12-14 18:33:56.472711446 -0500
25462 @@ -2216,7 +2216,7 @@ EXPORT_SYMBOL_GPL(usb_hcd_platform_shutd
25464 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
25466 -struct usb_mon_operations *mon_ops;
25467 +const struct usb_mon_operations *mon_ops;
25470 * The registration is unlocked.
25471 @@ -2226,7 +2226,7 @@ struct usb_mon_operations *mon_ops;
25472 * symbols from usbcore, usbcore gets referenced and cannot be unloaded first.
25475 -int usb_mon_register (struct usb_mon_operations *ops)
25476 +int usb_mon_register (const struct usb_mon_operations *ops)
25480 diff -urNp linux-2.6.32.1/drivers/usb/core/hcd.h linux-2.6.32.1/drivers/usb/core/hcd.h
25481 --- linux-2.6.32.1/drivers/usb/core/hcd.h 2009-12-02 22:51:21.000000000 -0500
25482 +++ linux-2.6.32.1/drivers/usb/core/hcd.h 2009-12-14 18:33:56.482754672 -0500
25483 @@ -486,13 +486,13 @@ static inline void usbfs_cleanup(void) {
25484 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
25486 struct usb_mon_operations {
25487 - void (*urb_submit)(struct usb_bus *bus, struct urb *urb);
25488 - void (*urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err);
25489 - void (*urb_complete)(struct usb_bus *bus, struct urb *urb, int status);
25490 + void (* const urb_submit)(struct usb_bus *bus, struct urb *urb);
25491 + void (* const urb_submit_error)(struct usb_bus *bus, struct urb *urb, int err);
25492 + void (* const urb_complete)(struct usb_bus *bus, struct urb *urb, int status);
25493 /* void (*urb_unlink)(struct usb_bus *bus, struct urb *urb); */
25496 -extern struct usb_mon_operations *mon_ops;
25497 +extern const struct usb_mon_operations *mon_ops;
25499 static inline void usbmon_urb_submit(struct usb_bus *bus, struct urb *urb)
25501 @@ -514,7 +514,7 @@ static inline void usbmon_urb_complete(s
25502 (*mon_ops->urb_complete)(bus, urb, status);
25505 -int usb_mon_register(struct usb_mon_operations *ops);
25506 +int usb_mon_register(const struct usb_mon_operations *ops);
25507 void usb_mon_deregister(void);
25510 diff -urNp linux-2.6.32.1/drivers/usb/core/hub.c linux-2.6.32.1/drivers/usb/core/hub.c
25511 --- linux-2.6.32.1/drivers/usb/core/hub.c 2009-12-02 22:51:21.000000000 -0500
25512 +++ linux-2.6.32.1/drivers/usb/core/hub.c 2009-12-14 18:33:56.501728320 -0500
25513 @@ -3374,7 +3374,7 @@ static struct usb_device_id hub_id_table
25514 .bDeviceClass = USB_CLASS_HUB},
25515 { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
25516 .bInterfaceClass = USB_CLASS_HUB},
25517 - { } /* Terminating entry */
25518 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25521 MODULE_DEVICE_TABLE (usb, hub_id_table);
25522 diff -urNp linux-2.6.32.1/drivers/usb/core/message.c linux-2.6.32.1/drivers/usb/core/message.c
25523 --- linux-2.6.32.1/drivers/usb/core/message.c 2009-12-02 22:51:21.000000000 -0500
25524 +++ linux-2.6.32.1/drivers/usb/core/message.c 2009-12-14 18:33:56.525197755 -0500
25525 @@ -914,8 +914,8 @@ char *usb_cache_string(struct usb_device
25526 buf = kmalloc(MAX_USB_STRING_SIZE, GFP_KERNEL);
25528 len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE);
25530 - smallbuf = kmalloc(++len, GFP_KERNEL);
25532 + smallbuf = kmalloc(len, GFP_KERNEL);
25535 memcpy(smallbuf, buf, len);
25536 diff -urNp linux-2.6.32.1/drivers/usb/host/ehci-pci.c linux-2.6.32.1/drivers/usb/host/ehci-pci.c
25537 --- linux-2.6.32.1/drivers/usb/host/ehci-pci.c 2009-12-02 22:51:21.000000000 -0500
25538 +++ linux-2.6.32.1/drivers/usb/host/ehci-pci.c 2009-12-14 18:33:56.538757991 -0500
25539 @@ -422,7 +422,7 @@ static const struct pci_device_id pci_id
25540 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_EHCI, ~0),
25541 .driver_data = (unsigned long) &ehci_pci_hc_driver,
25543 - { /* end: all zeroes */ }
25544 + { 0, 0, 0, 0, 0, 0, 0 }
25546 MODULE_DEVICE_TABLE(pci, pci_ids);
25548 diff -urNp linux-2.6.32.1/drivers/usb/host/uhci-hcd.c linux-2.6.32.1/drivers/usb/host/uhci-hcd.c
25549 --- linux-2.6.32.1/drivers/usb/host/uhci-hcd.c 2009-12-02 22:51:21.000000000 -0500
25550 +++ linux-2.6.32.1/drivers/usb/host/uhci-hcd.c 2009-12-14 18:33:56.549987695 -0500
25551 @@ -927,7 +927,7 @@ static const struct pci_device_id uhci_p
25552 /* handle any USB UHCI controller */
25553 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_UHCI, ~0),
25554 .driver_data = (unsigned long) &uhci_driver,
25555 - }, { /* end: all zeroes */ }
25556 + }, { 0, 0, 0, 0, 0, 0, 0 }
25559 MODULE_DEVICE_TABLE(pci, uhci_pci_ids);
25560 diff -urNp linux-2.6.32.1/drivers/usb/misc/appledisplay.c linux-2.6.32.1/drivers/usb/misc/appledisplay.c
25561 --- linux-2.6.32.1/drivers/usb/misc/appledisplay.c 2009-12-02 22:51:21.000000000 -0500
25562 +++ linux-2.6.32.1/drivers/usb/misc/appledisplay.c 2009-12-14 18:33:56.570702896 -0500
25563 @@ -178,7 +178,7 @@ static int appledisplay_bl_get_brightnes
25564 return pdata->msgdata[1];
25567 -static struct backlight_ops appledisplay_bl_data = {
25568 +static const struct backlight_ops appledisplay_bl_data = {
25569 .get_brightness = appledisplay_bl_get_brightness,
25570 .update_status = appledisplay_bl_update_status,
25572 diff -urNp linux-2.6.32.1/drivers/usb/mon/mon_main.c linux-2.6.32.1/drivers/usb/mon/mon_main.c
25573 --- linux-2.6.32.1/drivers/usb/mon/mon_main.c 2009-12-02 22:51:21.000000000 -0500
25574 +++ linux-2.6.32.1/drivers/usb/mon/mon_main.c 2009-12-14 18:33:56.586891486 -0500
25575 @@ -238,7 +238,7 @@ static struct notifier_block mon_nb = {
25579 -static struct usb_mon_operations mon_ops_0 = {
25580 +static const struct usb_mon_operations mon_ops_0 = {
25581 .urb_submit = mon_submit,
25582 .urb_submit_error = mon_submit_error,
25583 .urb_complete = mon_complete,
25584 diff -urNp linux-2.6.32.1/drivers/usb/storage/debug.h linux-2.6.32.1/drivers/usb/storage/debug.h
25585 --- linux-2.6.32.1/drivers/usb/storage/debug.h 2009-12-02 22:51:21.000000000 -0500
25586 +++ linux-2.6.32.1/drivers/usb/storage/debug.h 2009-12-14 18:33:56.602740203 -0500
25587 @@ -54,9 +54,9 @@ void usb_stor_show_sense( unsigned char
25588 #define US_DEBUGPX(x...) printk( x )
25589 #define US_DEBUG(x) x
25591 -#define US_DEBUGP(x...)
25592 -#define US_DEBUGPX(x...)
25593 -#define US_DEBUG(x)
25594 +#define US_DEBUGP(x...) do {} while (0)
25595 +#define US_DEBUGPX(x...) do {} while (0)
25596 +#define US_DEBUG(x) do {} while (0)
25600 diff -urNp linux-2.6.32.1/drivers/usb/storage/usb.c linux-2.6.32.1/drivers/usb/storage/usb.c
25601 --- linux-2.6.32.1/drivers/usb/storage/usb.c 2009-12-02 22:51:21.000000000 -0500
25602 +++ linux-2.6.32.1/drivers/usb/storage/usb.c 2009-12-14 18:33:56.635722053 -0500
25603 @@ -118,7 +118,7 @@ MODULE_PARM_DESC(quirks, "supplemental l
25605 static struct us_unusual_dev us_unusual_dev_list[] = {
25606 # include "unusual_devs.h"
25607 - { } /* Terminating entry */
25608 + { NULL, NULL, 0, 0, NULL } /* Terminating entry */
25612 diff -urNp linux-2.6.32.1/drivers/usb/storage/usual-tables.c linux-2.6.32.1/drivers/usb/storage/usual-tables.c
25613 --- linux-2.6.32.1/drivers/usb/storage/usual-tables.c 2009-12-02 22:51:21.000000000 -0500
25614 +++ linux-2.6.32.1/drivers/usb/storage/usual-tables.c 2009-12-14 18:33:56.646183562 -0500
25617 struct usb_device_id usb_storage_usb_ids[] = {
25618 # include "unusual_devs.h"
25619 - { } /* Terminating entry */
25620 + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
25622 EXPORT_SYMBOL_GPL(usb_storage_usb_ids);
25624 diff -urNp linux-2.6.32.1/drivers/uwb/wlp/messages.c linux-2.6.32.1/drivers/uwb/wlp/messages.c
25625 --- linux-2.6.32.1/drivers/uwb/wlp/messages.c 2009-12-02 22:51:21.000000000 -0500
25626 +++ linux-2.6.32.1/drivers/uwb/wlp/messages.c 2009-12-14 18:33:56.670723254 -0500
25627 @@ -903,7 +903,7 @@ int wlp_parse_f0(struct wlp *wlp, struct
25628 size_t len = skb->len;
25631 - struct wlp_nonce enonce, rnonce;
25632 + struct wlp_nonce enonce = {{0}}, rnonce = {{0}};
25633 enum wlp_assc_error assc_err;
25634 char enonce_buf[WLP_WSS_NONCE_STRSIZE];
25635 char rnonce_buf[WLP_WSS_NONCE_STRSIZE];
25636 diff -urNp linux-2.6.32.1/drivers/uwb/wlp/sysfs.c linux-2.6.32.1/drivers/uwb/wlp/sysfs.c
25637 --- linux-2.6.32.1/drivers/uwb/wlp/sysfs.c 2009-12-02 22:51:21.000000000 -0500
25638 +++ linux-2.6.32.1/drivers/uwb/wlp/sysfs.c 2009-12-14 18:33:56.671714141 -0500
25639 @@ -615,8 +615,7 @@ ssize_t wlp_wss_attr_store(struct kobjec
25644 -struct sysfs_ops wss_sysfs_ops = {
25645 +static const struct sysfs_ops wss_sysfs_ops = {
25646 .show = wlp_wss_attr_show,
25647 .store = wlp_wss_attr_store,
25649 diff -urNp linux-2.6.32.1/drivers/video/atmel_lcdfb.c linux-2.6.32.1/drivers/video/atmel_lcdfb.c
25650 --- linux-2.6.32.1/drivers/video/atmel_lcdfb.c 2009-12-02 22:51:21.000000000 -0500
25651 +++ linux-2.6.32.1/drivers/video/atmel_lcdfb.c 2009-12-14 18:33:56.675713473 -0500
25652 @@ -110,7 +110,7 @@ static int atmel_bl_get_brightness(struc
25653 return lcdc_readl(sinfo, ATMEL_LCDC_CONTRAST_VAL);
25656 -static struct backlight_ops atmel_lcdc_bl_ops = {
25657 +static const struct backlight_ops atmel_lcdc_bl_ops = {
25658 .update_status = atmel_bl_update_status,
25659 .get_brightness = atmel_bl_get_brightness,
25661 diff -urNp linux-2.6.32.1/drivers/video/aty/aty128fb.c linux-2.6.32.1/drivers/video/aty/aty128fb.c
25662 --- linux-2.6.32.1/drivers/video/aty/aty128fb.c 2009-12-02 22:51:21.000000000 -0500
25663 +++ linux-2.6.32.1/drivers/video/aty/aty128fb.c 2009-12-14 18:33:56.696705893 -0500
25664 @@ -1787,7 +1787,7 @@ static int aty128_bl_get_brightness(stru
25665 return bd->props.brightness;
25668 -static struct backlight_ops aty128_bl_data = {
25669 +static const struct backlight_ops aty128_bl_data = {
25670 .get_brightness = aty128_bl_get_brightness,
25671 .update_status = aty128_bl_update_status,
25673 diff -urNp linux-2.6.32.1/drivers/video/aty/atyfb_base.c linux-2.6.32.1/drivers/video/aty/atyfb_base.c
25674 --- linux-2.6.32.1/drivers/video/aty/atyfb_base.c 2009-12-02 22:51:21.000000000 -0500
25675 +++ linux-2.6.32.1/drivers/video/aty/atyfb_base.c 2009-12-14 18:33:56.707707438 -0500
25676 @@ -2225,7 +2225,7 @@ static int aty_bl_get_brightness(struct
25677 return bd->props.brightness;
25680 -static struct backlight_ops aty_bl_data = {
25681 +static const struct backlight_ops aty_bl_data = {
25682 .get_brightness = aty_bl_get_brightness,
25683 .update_status = aty_bl_update_status,
25685 diff -urNp linux-2.6.32.1/drivers/video/aty/radeon_backlight.c linux-2.6.32.1/drivers/video/aty/radeon_backlight.c
25686 --- linux-2.6.32.1/drivers/video/aty/radeon_backlight.c 2009-12-02 22:51:21.000000000 -0500
25687 +++ linux-2.6.32.1/drivers/video/aty/radeon_backlight.c 2009-12-14 18:33:56.732719574 -0500
25688 @@ -127,7 +127,7 @@ static int radeon_bl_get_brightness(stru
25689 return bd->props.brightness;
25692 -static struct backlight_ops radeon_bl_data = {
25693 +static const struct backlight_ops radeon_bl_data = {
25694 .get_brightness = radeon_bl_get_brightness,
25695 .update_status = radeon_bl_update_status,
25697 diff -urNp linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c
25698 --- linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c 2009-12-02 22:51:21.000000000 -0500
25699 +++ linux-2.6.32.1/drivers/video/backlight/adp5520_bl.c 2009-12-14 18:33:56.734719374 -0500
25700 @@ -84,7 +84,7 @@ static int adp5520_bl_get_brightness(str
25701 return error ? data->current_brightness : reg_val;
25704 -static struct backlight_ops adp5520_bl_ops = {
25705 +static const struct backlight_ops adp5520_bl_ops = {
25706 .update_status = adp5520_bl_update_status,
25707 .get_brightness = adp5520_bl_get_brightness,
25709 diff -urNp linux-2.6.32.1/drivers/video/backlight/adx_bl.c linux-2.6.32.1/drivers/video/backlight/adx_bl.c
25710 --- linux-2.6.32.1/drivers/video/backlight/adx_bl.c 2009-12-02 22:51:21.000000000 -0500
25711 +++ linux-2.6.32.1/drivers/video/backlight/adx_bl.c 2009-12-14 18:33:56.735716250 -0500
25712 @@ -61,7 +61,7 @@ static int adx_backlight_check_fb(struct
25716 -static struct backlight_ops adx_backlight_ops = {
25717 +static const struct backlight_ops adx_backlight_ops = {
25719 .update_status = adx_backlight_update_status,
25720 .get_brightness = adx_backlight_get_brightness,
25721 diff -urNp linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c
25722 --- linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c 2009-12-02 22:51:21.000000000 -0500
25723 +++ linux-2.6.32.1/drivers/video/backlight/atmel-pwm-bl.c 2009-12-14 18:33:56.764711094 -0500
25724 @@ -113,7 +113,7 @@ static int atmel_pwm_bl_init_pwm(struct
25725 return pwm_channel_enable(&pwmbl->pwmc);
25728 -static struct backlight_ops atmel_pwm_bl_ops = {
25729 +static const struct backlight_ops atmel_pwm_bl_ops = {
25730 .get_brightness = atmel_pwm_bl_get_intensity,
25731 .update_status = atmel_pwm_bl_set_intensity,
25733 diff -urNp linux-2.6.32.1/drivers/video/backlight/backlight.c linux-2.6.32.1/drivers/video/backlight/backlight.c
25734 --- linux-2.6.32.1/drivers/video/backlight/backlight.c 2009-12-02 22:51:21.000000000 -0500
25735 +++ linux-2.6.32.1/drivers/video/backlight/backlight.c 2009-12-14 18:33:56.776707570 -0500
25736 @@ -269,7 +269,7 @@ EXPORT_SYMBOL(backlight_force_update);
25737 * ERR_PTR() or a pointer to the newly allocated device.
25739 struct backlight_device *backlight_device_register(const char *name,
25740 - struct device *parent, void *devdata, struct backlight_ops *ops)
25741 + struct device *parent, void *devdata, const struct backlight_ops *ops)
25743 struct backlight_device *new_bd;
25745 diff -urNp linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c
25746 --- linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c 2009-12-02 22:51:21.000000000 -0500
25747 +++ linux-2.6.32.1/drivers/video/backlight/corgi_lcd.c 2009-12-14 18:33:56.798711248 -0500
25748 @@ -451,7 +451,7 @@ void corgi_lcd_limit_intensity(int limit
25750 EXPORT_SYMBOL(corgi_lcd_limit_intensity);
25752 -static struct backlight_ops corgi_bl_ops = {
25753 +static const struct backlight_ops corgi_bl_ops = {
25754 .get_brightness = corgi_bl_get_intensity,
25755 .update_status = corgi_bl_update_status,
25757 diff -urNp linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c
25758 --- linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c 2009-12-02 22:51:21.000000000 -0500
25759 +++ linux-2.6.32.1/drivers/video/backlight/cr_bllcd.c 2009-12-14 18:33:56.799713192 -0500
25760 @@ -108,7 +108,7 @@ static int cr_backlight_get_intensity(st
25764 -static struct backlight_ops cr_backlight_ops = {
25765 +static const struct backlight_ops cr_backlight_ops = {
25766 .get_brightness = cr_backlight_get_intensity,
25767 .update_status = cr_backlight_set_intensity,
25769 diff -urNp linux-2.6.32.1/drivers/video/backlight/da903x_bl.c linux-2.6.32.1/drivers/video/backlight/da903x_bl.c
25770 --- linux-2.6.32.1/drivers/video/backlight/da903x_bl.c 2009-12-02 22:51:21.000000000 -0500
25771 +++ linux-2.6.32.1/drivers/video/backlight/da903x_bl.c 2009-12-14 18:33:56.801716801 -0500
25772 @@ -94,7 +94,7 @@ static int da903x_backlight_get_brightne
25773 return data->current_brightness;
25776 -static struct backlight_ops da903x_backlight_ops = {
25777 +static const struct backlight_ops da903x_backlight_ops = {
25778 .update_status = da903x_backlight_update_status,
25779 .get_brightness = da903x_backlight_get_brightness,
25781 diff -urNp linux-2.6.32.1/drivers/video/backlight/generic_bl.c linux-2.6.32.1/drivers/video/backlight/generic_bl.c
25782 --- linux-2.6.32.1/drivers/video/backlight/generic_bl.c 2009-12-02 22:51:21.000000000 -0500
25783 +++ linux-2.6.32.1/drivers/video/backlight/generic_bl.c 2009-12-14 18:33:56.801716801 -0500
25784 @@ -70,7 +70,7 @@ void corgibl_limit_intensity(int limit)
25786 EXPORT_SYMBOL(corgibl_limit_intensity);
25788 -static struct backlight_ops genericbl_ops = {
25789 +static const struct backlight_ops genericbl_ops = {
25790 .options = BL_CORE_SUSPENDRESUME,
25791 .get_brightness = genericbl_get_intensity,
25792 .update_status = genericbl_send_intensity,
25793 diff -urNp linux-2.6.32.1/drivers/video/backlight/hp680_bl.c linux-2.6.32.1/drivers/video/backlight/hp680_bl.c
25794 --- linux-2.6.32.1/drivers/video/backlight/hp680_bl.c 2009-12-02 22:51:21.000000000 -0500
25795 +++ linux-2.6.32.1/drivers/video/backlight/hp680_bl.c 2009-12-14 18:33:56.828721688 -0500
25796 @@ -98,7 +98,7 @@ static int hp680bl_get_intensity(struct
25797 return current_intensity;
25800 -static struct backlight_ops hp680bl_ops = {
25801 +static const struct backlight_ops hp680bl_ops = {
25802 .get_brightness = hp680bl_get_intensity,
25803 .update_status = hp680bl_set_intensity,
25805 diff -urNp linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c
25806 --- linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c 2009-12-02 22:51:21.000000000 -0500
25807 +++ linux-2.6.32.1/drivers/video/backlight/jornada720_bl.c 2009-12-14 18:33:56.849756143 -0500
25808 @@ -93,7 +93,7 @@ out:
25812 -static struct backlight_ops jornada_bl_ops = {
25813 +static const struct backlight_ops jornada_bl_ops = {
25814 .get_brightness = jornada_bl_get_brightness,
25815 .update_status = jornada_bl_update_status,
25816 .options = BL_CORE_SUSPENDRESUME,
25817 diff -urNp linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c
25818 --- linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c 2009-12-02 22:51:21.000000000 -0500
25819 +++ linux-2.6.32.1/drivers/video/backlight/kb3886_bl.c 2009-12-14 18:33:56.850723993 -0500
25820 @@ -134,7 +134,7 @@ static int kb3886bl_get_intensity(struct
25821 return kb3886bl_intensity;
25824 -static struct backlight_ops kb3886bl_ops = {
25825 +static const struct backlight_ops kb3886bl_ops = {
25826 .get_brightness = kb3886bl_get_intensity,
25827 .update_status = kb3886bl_send_intensity,
25829 diff -urNp linux-2.6.32.1/drivers/video/backlight/locomolcd.c linux-2.6.32.1/drivers/video/backlight/locomolcd.c
25830 --- linux-2.6.32.1/drivers/video/backlight/locomolcd.c 2009-12-02 22:51:21.000000000 -0500
25831 +++ linux-2.6.32.1/drivers/video/backlight/locomolcd.c 2009-12-14 18:33:56.852706003 -0500
25832 @@ -141,7 +141,7 @@ static int locomolcd_get_intensity(struc
25833 return current_intensity;
25836 -static struct backlight_ops locomobl_data = {
25837 +static const struct backlight_ops locomobl_data = {
25838 .get_brightness = locomolcd_get_intensity,
25839 .update_status = locomolcd_set_intensity,
25841 diff -urNp linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c
25842 --- linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c 2009-12-02 22:51:21.000000000 -0500
25843 +++ linux-2.6.32.1/drivers/video/backlight/mbp_nvidia_bl.c 2009-12-14 18:33:56.873731630 -0500
25844 @@ -33,7 +33,7 @@ struct dmi_match_data {
25845 unsigned long iostart;
25846 unsigned long iolen;
25847 /* Backlight operations structure. */
25848 - struct backlight_ops backlight_ops;
25849 + const struct backlight_ops backlight_ops;
25852 /* Module parameters. */
25853 diff -urNp linux-2.6.32.1/drivers/video/backlight/omap1_bl.c linux-2.6.32.1/drivers/video/backlight/omap1_bl.c
25854 --- linux-2.6.32.1/drivers/video/backlight/omap1_bl.c 2009-12-02 22:51:21.000000000 -0500
25855 +++ linux-2.6.32.1/drivers/video/backlight/omap1_bl.c 2009-12-14 18:33:56.876733224 -0500
25856 @@ -125,7 +125,7 @@ static int omapbl_get_intensity(struct b
25857 return bl->current_intensity;
25860 -static struct backlight_ops omapbl_ops = {
25861 +static const struct backlight_ops omapbl_ops = {
25862 .get_brightness = omapbl_get_intensity,
25863 .update_status = omapbl_update_status,
25865 diff -urNp linux-2.6.32.1/drivers/video/backlight/progear_bl.c linux-2.6.32.1/drivers/video/backlight/progear_bl.c
25866 --- linux-2.6.32.1/drivers/video/backlight/progear_bl.c 2009-12-02 22:51:21.000000000 -0500
25867 +++ linux-2.6.32.1/drivers/video/backlight/progear_bl.c 2009-12-14 18:33:56.884958873 -0500
25868 @@ -54,7 +54,7 @@ static int progearbl_get_intensity(struc
25869 return intensity - HW_LEVEL_MIN;
25872 -static struct backlight_ops progearbl_ops = {
25873 +static const struct backlight_ops progearbl_ops = {
25874 .get_brightness = progearbl_get_intensity,
25875 .update_status = progearbl_set_intensity,
25877 diff -urNp linux-2.6.32.1/drivers/video/backlight/pwm_bl.c linux-2.6.32.1/drivers/video/backlight/pwm_bl.c
25878 --- linux-2.6.32.1/drivers/video/backlight/pwm_bl.c 2009-12-02 22:51:21.000000000 -0500
25879 +++ linux-2.6.32.1/drivers/video/backlight/pwm_bl.c 2009-12-14 18:33:56.902731746 -0500
25880 @@ -56,7 +56,7 @@ static int pwm_backlight_get_brightness(
25881 return bl->props.brightness;
25884 -static struct backlight_ops pwm_backlight_ops = {
25885 +static const struct backlight_ops pwm_backlight_ops = {
25886 .update_status = pwm_backlight_update_status,
25887 .get_brightness = pwm_backlight_get_brightness,
25889 diff -urNp linux-2.6.32.1/drivers/video/backlight/tosa_bl.c linux-2.6.32.1/drivers/video/backlight/tosa_bl.c
25890 --- linux-2.6.32.1/drivers/video/backlight/tosa_bl.c 2009-12-02 22:51:21.000000000 -0500
25891 +++ linux-2.6.32.1/drivers/video/backlight/tosa_bl.c 2009-12-14 18:33:56.908727779 -0500
25892 @@ -72,7 +72,7 @@ static int tosa_bl_get_brightness(struct
25893 return props->brightness;
25896 -static struct backlight_ops bl_ops = {
25897 +static const struct backlight_ops bl_ops = {
25898 .get_brightness = tosa_bl_get_brightness,
25899 .update_status = tosa_bl_update_status,
25901 diff -urNp linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c
25902 --- linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c 2009-12-02 22:51:21.000000000 -0500
25903 +++ linux-2.6.32.1/drivers/video/backlight/wm831x_bl.c 2009-12-14 18:33:56.909707606 -0500
25904 @@ -112,7 +112,7 @@ static int wm831x_backlight_get_brightne
25905 return data->current_brightness;
25908 -static struct backlight_ops wm831x_backlight_ops = {
25909 +static const struct backlight_ops wm831x_backlight_ops = {
25910 .options = BL_CORE_SUSPENDRESUME,
25911 .update_status = wm831x_backlight_update_status,
25912 .get_brightness = wm831x_backlight_get_brightness,
25913 diff -urNp linux-2.6.32.1/drivers/video/bf54x-lq043fb.c linux-2.6.32.1/drivers/video/bf54x-lq043fb.c
25914 --- linux-2.6.32.1/drivers/video/bf54x-lq043fb.c 2009-12-02 22:51:21.000000000 -0500
25915 +++ linux-2.6.32.1/drivers/video/bf54x-lq043fb.c 2009-12-14 18:33:56.914735019 -0500
25916 @@ -463,7 +463,7 @@ static int bl_get_brightness(struct back
25920 -static struct backlight_ops bfin_lq043fb_bl_ops = {
25921 +static const struct backlight_ops bfin_lq043fb_bl_ops = {
25922 .get_brightness = bl_get_brightness,
25925 diff -urNp linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c
25926 --- linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c 2009-12-02 22:51:21.000000000 -0500
25927 +++ linux-2.6.32.1/drivers/video/bfin-t350mcqb-fb.c 2009-12-14 18:33:56.931742721 -0500
25928 @@ -381,7 +381,7 @@ static int bl_get_brightness(struct back
25932 -static struct backlight_ops bfin_lq043fb_bl_ops = {
25933 +static const struct backlight_ops bfin_lq043fb_bl_ops = {
25934 .get_brightness = bl_get_brightness,
25937 diff -urNp linux-2.6.32.1/drivers/video/fbmem.c linux-2.6.32.1/drivers/video/fbmem.c
25938 --- linux-2.6.32.1/drivers/video/fbmem.c 2009-12-02 22:51:21.000000000 -0500
25939 +++ linux-2.6.32.1/drivers/video/fbmem.c 2009-12-14 18:33:56.939773066 -0500
25940 @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in
25941 image->dx += image->width + 8;
25943 } else if (rotate == FB_ROTATE_UD) {
25944 - for (x = 0; x < num && image->dx >= 0; x++) {
25945 + for (x = 0; x < num && (__s32)image->dx >= 0; x++) {
25946 info->fbops->fb_imageblit(info, image);
25947 image->dx -= image->width + 8;
25949 @@ -415,7 +415,7 @@ static void fb_do_show_logo(struct fb_in
25950 image->dy += image->height + 8;
25952 } else if (rotate == FB_ROTATE_CCW) {
25953 - for (x = 0; x < num && image->dy >= 0; x++) {
25954 + for (x = 0; x < num && (__s32)image->dy >= 0; x++) {
25955 info->fbops->fb_imageblit(info, image);
25956 image->dy -= image->height + 8;
25958 @@ -1119,7 +1119,7 @@ static long do_fb_ioctl(struct fb_info *
25960 if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
25962 - if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX)
25963 + if (con2fb.framebuffer >= FB_MAX)
25965 if (!registered_fb[con2fb.framebuffer])
25966 request_module("fb%d", con2fb.framebuffer);
25967 diff -urNp linux-2.6.32.1/drivers/video/fbmon.c linux-2.6.32.1/drivers/video/fbmon.c
25968 --- linux-2.6.32.1/drivers/video/fbmon.c 2009-12-02 22:51:21.000000000 -0500
25969 +++ linux-2.6.32.1/drivers/video/fbmon.c 2009-12-14 18:33:56.942716871 -0500
25972 #define DPRINTK(fmt, args...) printk(fmt,## args)
25974 -#define DPRINTK(fmt, args...)
25975 +#define DPRINTK(fmt, args...) do {} while (0)
25978 #define FBMON_FIX_HEADER 1
25979 diff -urNp linux-2.6.32.1/drivers/video/i810/i810_accel.c linux-2.6.32.1/drivers/video/i810/i810_accel.c
25980 --- linux-2.6.32.1/drivers/video/i810/i810_accel.c 2009-12-02 22:51:21.000000000 -0500
25981 +++ linux-2.6.32.1/drivers/video/i810/i810_accel.c 2009-12-14 18:33:56.945157258 -0500
25982 @@ -73,6 +73,7 @@ static inline int wait_for_space(struct
25985 printk("ringbuffer lockup!!!\n");
25986 + printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space);
25987 i810_report_error(mmio);
25988 par->dev_flags |= LOCKUP;
25989 info->pixmap.scan_align = 1;
25990 diff -urNp linux-2.6.32.1/drivers/video/i810/i810_main.c linux-2.6.32.1/drivers/video/i810/i810_main.c
25991 --- linux-2.6.32.1/drivers/video/i810/i810_main.c 2009-12-02 22:51:21.000000000 -0500
25992 +++ linux-2.6.32.1/drivers/video/i810/i810_main.c 2009-12-14 18:33:56.946738123 -0500
25993 @@ -120,7 +120,7 @@ static struct pci_device_id i810fb_pci_t
25994 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 4 },
25995 { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82815_CGC,
25996 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 5 },
25998 + { 0, 0, 0, 0, 0, 0, 0 },
26001 static struct pci_driver i810fb_driver = {
26002 diff -urNp linux-2.6.32.1/drivers/video/modedb.c linux-2.6.32.1/drivers/video/modedb.c
26003 --- linux-2.6.32.1/drivers/video/modedb.c 2009-12-02 22:51:21.000000000 -0500
26004 +++ linux-2.6.32.1/drivers/video/modedb.c 2009-12-14 18:33:56.949716425 -0500
26005 @@ -38,240 +38,240 @@ static const struct fb_videomode modedb[
26007 /* 640x400 @ 70 Hz, 31.5 kHz hsync */
26008 NULL, 70, 640, 400, 39721, 40, 24, 39, 9, 96, 2,
26009 - 0, FB_VMODE_NONINTERLACED
26010 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26012 /* 640x480 @ 60 Hz, 31.5 kHz hsync */
26013 NULL, 60, 640, 480, 39721, 40, 24, 32, 11, 96, 2,
26014 - 0, FB_VMODE_NONINTERLACED
26015 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26017 /* 800x600 @ 56 Hz, 35.15 kHz hsync */
26018 NULL, 56, 800, 600, 27777, 128, 24, 22, 1, 72, 2,
26019 - 0, FB_VMODE_NONINTERLACED
26020 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26022 /* 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync */
26023 NULL, 87, 1024, 768, 22271, 56, 24, 33, 8, 160, 8,
26024 - 0, FB_VMODE_INTERLACED
26025 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26027 /* 640x400 @ 85 Hz, 37.86 kHz hsync */
26028 NULL, 85, 640, 400, 31746, 96, 32, 41, 1, 64, 3,
26029 - FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26030 + FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26032 /* 640x480 @ 72 Hz, 36.5 kHz hsync */
26033 NULL, 72, 640, 480, 31746, 144, 40, 30, 8, 40, 3,
26034 - 0, FB_VMODE_NONINTERLACED
26035 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26037 /* 640x480 @ 75 Hz, 37.50 kHz hsync */
26038 NULL, 75, 640, 480, 31746, 120, 16, 16, 1, 64, 3,
26039 - 0, FB_VMODE_NONINTERLACED
26040 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26042 /* 800x600 @ 60 Hz, 37.8 kHz hsync */
26043 NULL, 60, 800, 600, 25000, 88, 40, 23, 1, 128, 4,
26044 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26045 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26047 /* 640x480 @ 85 Hz, 43.27 kHz hsync */
26048 NULL, 85, 640, 480, 27777, 80, 56, 25, 1, 56, 3,
26049 - 0, FB_VMODE_NONINTERLACED
26050 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26052 /* 1152x864 @ 89 Hz interlaced, 44 kHz hsync */
26053 NULL, 89, 1152, 864, 15384, 96, 16, 110, 1, 216, 10,
26054 - 0, FB_VMODE_INTERLACED
26055 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26057 /* 800x600 @ 72 Hz, 48.0 kHz hsync */
26058 NULL, 72, 800, 600, 20000, 64, 56, 23, 37, 120, 6,
26059 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26060 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26062 /* 1024x768 @ 60 Hz, 48.4 kHz hsync */
26063 NULL, 60, 1024, 768, 15384, 168, 8, 29, 3, 144, 6,
26064 - 0, FB_VMODE_NONINTERLACED
26065 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26067 /* 640x480 @ 100 Hz, 53.01 kHz hsync */
26068 NULL, 100, 640, 480, 21834, 96, 32, 36, 8, 96, 6,
26069 - 0, FB_VMODE_NONINTERLACED
26070 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26072 /* 1152x864 @ 60 Hz, 53.5 kHz hsync */
26073 NULL, 60, 1152, 864, 11123, 208, 64, 16, 4, 256, 8,
26074 - 0, FB_VMODE_NONINTERLACED
26075 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26077 /* 800x600 @ 85 Hz, 55.84 kHz hsync */
26078 NULL, 85, 800, 600, 16460, 160, 64, 36, 16, 64, 5,
26079 - 0, FB_VMODE_NONINTERLACED
26080 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26082 /* 1024x768 @ 70 Hz, 56.5 kHz hsync */
26083 NULL, 70, 1024, 768, 13333, 144, 24, 29, 3, 136, 6,
26084 - 0, FB_VMODE_NONINTERLACED
26085 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26087 /* 1280x1024 @ 87 Hz interlaced, 51 kHz hsync */
26088 NULL, 87, 1280, 1024, 12500, 56, 16, 128, 1, 216, 12,
26089 - 0, FB_VMODE_INTERLACED
26090 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26092 /* 800x600 @ 100 Hz, 64.02 kHz hsync */
26093 NULL, 100, 800, 600, 14357, 160, 64, 30, 4, 64, 6,
26094 - 0, FB_VMODE_NONINTERLACED
26095 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26097 /* 1024x768 @ 76 Hz, 62.5 kHz hsync */
26098 NULL, 76, 1024, 768, 11764, 208, 8, 36, 16, 120, 3,
26099 - 0, FB_VMODE_NONINTERLACED
26100 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26102 /* 1152x864 @ 70 Hz, 62.4 kHz hsync */
26103 NULL, 70, 1152, 864, 10869, 106, 56, 20, 1, 160, 10,
26104 - 0, FB_VMODE_NONINTERLACED
26105 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26107 /* 1280x1024 @ 61 Hz, 64.2 kHz hsync */
26108 NULL, 61, 1280, 1024, 9090, 200, 48, 26, 1, 184, 3,
26109 - 0, FB_VMODE_NONINTERLACED
26110 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26112 /* 1400x1050 @ 60Hz, 63.9 kHz hsync */
26113 NULL, 60, 1400, 1050, 9259, 136, 40, 13, 1, 112, 3,
26114 - 0, FB_VMODE_NONINTERLACED
26115 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26117 /* 1400x1050 @ 75,107 Hz, 82,392 kHz +hsync +vsync*/
26118 NULL, 75, 1400, 1050, 7190, 120, 56, 23, 10, 112, 13,
26119 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26120 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26122 /* 1400x1050 @ 60 Hz, ? kHz +hsync +vsync*/
26123 NULL, 60, 1400, 1050, 9259, 128, 40, 12, 0, 112, 3,
26124 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26125 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26127 /* 1024x768 @ 85 Hz, 70.24 kHz hsync */
26128 NULL, 85, 1024, 768, 10111, 192, 32, 34, 14, 160, 6,
26129 - 0, FB_VMODE_NONINTERLACED
26130 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26132 /* 1152x864 @ 78 Hz, 70.8 kHz hsync */
26133 NULL, 78, 1152, 864, 9090, 228, 88, 32, 0, 84, 12,
26134 - 0, FB_VMODE_NONINTERLACED
26135 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26137 /* 1280x1024 @ 70 Hz, 74.59 kHz hsync */
26138 NULL, 70, 1280, 1024, 7905, 224, 32, 28, 8, 160, 8,
26139 - 0, FB_VMODE_NONINTERLACED
26140 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26142 /* 1600x1200 @ 60Hz, 75.00 kHz hsync */
26143 NULL, 60, 1600, 1200, 6172, 304, 64, 46, 1, 192, 3,
26144 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26145 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26147 /* 1152x864 @ 84 Hz, 76.0 kHz hsync */
26148 NULL, 84, 1152, 864, 7407, 184, 312, 32, 0, 128, 12,
26149 - 0, FB_VMODE_NONINTERLACED
26150 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26152 /* 1280x1024 @ 74 Hz, 78.85 kHz hsync */
26153 NULL, 74, 1280, 1024, 7407, 256, 32, 34, 3, 144, 3,
26154 - 0, FB_VMODE_NONINTERLACED
26155 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26157 /* 1024x768 @ 100Hz, 80.21 kHz hsync */
26158 NULL, 100, 1024, 768, 8658, 192, 32, 21, 3, 192, 10,
26159 - 0, FB_VMODE_NONINTERLACED
26160 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26162 /* 1280x1024 @ 76 Hz, 81.13 kHz hsync */
26163 NULL, 76, 1280, 1024, 7407, 248, 32, 34, 3, 104, 3,
26164 - 0, FB_VMODE_NONINTERLACED
26165 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26167 /* 1600x1200 @ 70 Hz, 87.50 kHz hsync */
26168 NULL, 70, 1600, 1200, 5291, 304, 64, 46, 1, 192, 3,
26169 - 0, FB_VMODE_NONINTERLACED
26170 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26172 /* 1152x864 @ 100 Hz, 89.62 kHz hsync */
26173 NULL, 100, 1152, 864, 7264, 224, 32, 17, 2, 128, 19,
26174 - 0, FB_VMODE_NONINTERLACED
26175 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26177 /* 1280x1024 @ 85 Hz, 91.15 kHz hsync */
26178 NULL, 85, 1280, 1024, 6349, 224, 64, 44, 1, 160, 3,
26179 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26180 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26182 /* 1600x1200 @ 75 Hz, 93.75 kHz hsync */
26183 NULL, 75, 1600, 1200, 4938, 304, 64, 46, 1, 192, 3,
26184 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26185 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26187 /* 1680x1050 @ 60 Hz, 65.191 kHz hsync */
26188 NULL, 60, 1680, 1050, 6848, 280, 104, 30, 3, 176, 6,
26189 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26190 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26192 /* 1600x1200 @ 85 Hz, 105.77 kHz hsync */
26193 NULL, 85, 1600, 1200, 4545, 272, 16, 37, 4, 192, 3,
26194 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26195 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26197 /* 1280x1024 @ 100 Hz, 107.16 kHz hsync */
26198 NULL, 100, 1280, 1024, 5502, 256, 32, 26, 7, 128, 15,
26199 - 0, FB_VMODE_NONINTERLACED
26200 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26202 /* 1800x1440 @ 64Hz, 96.15 kHz hsync */
26203 NULL, 64, 1800, 1440, 4347, 304, 96, 46, 1, 192, 3,
26204 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26205 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26207 /* 1800x1440 @ 70Hz, 104.52 kHz hsync */
26208 NULL, 70, 1800, 1440, 4000, 304, 96, 46, 1, 192, 3,
26209 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26210 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26212 /* 512x384 @ 78 Hz, 31.50 kHz hsync */
26213 NULL, 78, 512, 384, 49603, 48, 16, 16, 1, 64, 3,
26214 - 0, FB_VMODE_NONINTERLACED
26215 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26217 /* 512x384 @ 85 Hz, 34.38 kHz hsync */
26218 NULL, 85, 512, 384, 45454, 48, 16, 16, 1, 64, 3,
26219 - 0, FB_VMODE_NONINTERLACED
26220 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26222 /* 320x200 @ 70 Hz, 31.5 kHz hsync, 8:5 aspect ratio */
26223 NULL, 70, 320, 200, 79440, 16, 16, 20, 4, 48, 1,
26224 - 0, FB_VMODE_DOUBLE
26225 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26227 /* 320x240 @ 60 Hz, 31.5 kHz hsync, 4:3 aspect ratio */
26228 NULL, 60, 320, 240, 79440, 16, 16, 16, 5, 48, 1,
26229 - 0, FB_VMODE_DOUBLE
26230 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26232 /* 320x240 @ 72 Hz, 36.5 kHz hsync */
26233 NULL, 72, 320, 240, 63492, 16, 16, 16, 4, 48, 2,
26234 - 0, FB_VMODE_DOUBLE
26235 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26237 /* 400x300 @ 56 Hz, 35.2 kHz hsync, 4:3 aspect ratio */
26238 NULL, 56, 400, 300, 55555, 64, 16, 10, 1, 32, 1,
26239 - 0, FB_VMODE_DOUBLE
26240 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26242 /* 400x300 @ 60 Hz, 37.8 kHz hsync */
26243 NULL, 60, 400, 300, 50000, 48, 16, 11, 1, 64, 2,
26244 - 0, FB_VMODE_DOUBLE
26245 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26247 /* 400x300 @ 72 Hz, 48.0 kHz hsync */
26248 NULL, 72, 400, 300, 40000, 32, 24, 11, 19, 64, 3,
26249 - 0, FB_VMODE_DOUBLE
26250 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26252 /* 480x300 @ 56 Hz, 35.2 kHz hsync, 8:5 aspect ratio */
26253 NULL, 56, 480, 300, 46176, 80, 16, 10, 1, 40, 1,
26254 - 0, FB_VMODE_DOUBLE
26255 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26257 /* 480x300 @ 60 Hz, 37.8 kHz hsync */
26258 NULL, 60, 480, 300, 41858, 56, 16, 11, 1, 80, 2,
26259 - 0, FB_VMODE_DOUBLE
26260 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26262 /* 480x300 @ 63 Hz, 39.6 kHz hsync */
26263 NULL, 63, 480, 300, 40000, 56, 16, 11, 1, 80, 2,
26264 - 0, FB_VMODE_DOUBLE
26265 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26267 /* 480x300 @ 72 Hz, 48.0 kHz hsync */
26268 NULL, 72, 480, 300, 33386, 40, 24, 11, 19, 80, 3,
26269 - 0, FB_VMODE_DOUBLE
26270 + 0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
26272 /* 1920x1200 @ 60 Hz, 74.5 Khz hsync */
26273 NULL, 60, 1920, 1200, 5177, 128, 336, 1, 38, 208, 3,
26274 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
26275 - FB_VMODE_NONINTERLACED
26276 + FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26278 /* 1152x768, 60 Hz, PowerBook G4 Titanium I and II */
26279 NULL, 60, 1152, 768, 14047, 158, 26, 29, 3, 136, 6,
26280 - FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
26281 + FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26283 /* 1366x768, 60 Hz, 47.403 kHz hsync, WXGA 16:9 aspect ratio */
26284 NULL, 60, 1366, 768, 13806, 120, 10, 14, 3, 32, 5,
26285 - 0, FB_VMODE_NONINTERLACED
26286 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26288 /* 1280x800, 60 Hz, 47.403 kHz hsync, WXGA 16:10 aspect ratio */
26289 NULL, 60, 1280, 800, 12048, 200, 64, 24, 1, 136, 3,
26290 - 0, FB_VMODE_NONINTERLACED
26291 + 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
26293 /* 720x576i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
26294 NULL, 50, 720, 576, 74074, 64, 16, 39, 5, 64, 5,
26295 - 0, FB_VMODE_INTERLACED
26296 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26298 /* 800x520i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
26299 NULL, 50, 800, 520, 58823, 144, 64, 72, 28, 80, 5,
26300 - 0, FB_VMODE_INTERLACED
26301 + 0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
26305 diff -urNp linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c
26306 --- linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c 2009-12-02 22:51:21.000000000 -0500
26307 +++ linux-2.6.32.1/drivers/video/nvidia/nv_backlight.c 2009-12-14 18:33:56.959735130 -0500
26308 @@ -87,7 +87,7 @@ static int nvidia_bl_get_brightness(stru
26309 return bd->props.brightness;
26312 -static struct backlight_ops nvidia_bl_ops = {
26313 +static const struct backlight_ops nvidia_bl_ops = {
26314 .get_brightness = nvidia_bl_get_brightness,
26315 .update_status = nvidia_bl_update_status,
26317 diff -urNp linux-2.6.32.1/drivers/video/riva/fbdev.c linux-2.6.32.1/drivers/video/riva/fbdev.c
26318 --- linux-2.6.32.1/drivers/video/riva/fbdev.c 2009-12-02 22:51:21.000000000 -0500
26319 +++ linux-2.6.32.1/drivers/video/riva/fbdev.c 2009-12-14 18:33:56.982743557 -0500
26320 @@ -331,7 +331,7 @@ static int riva_bl_get_brightness(struct
26321 return bd->props.brightness;
26324 -static struct backlight_ops riva_bl_ops = {
26325 +static const struct backlight_ops riva_bl_ops = {
26326 .get_brightness = riva_bl_get_brightness,
26327 .update_status = riva_bl_update_status,
26329 diff -urNp linux-2.6.32.1/drivers/video/uvesafb.c linux-2.6.32.1/drivers/video/uvesafb.c
26330 --- linux-2.6.32.1/drivers/video/uvesafb.c 2009-12-02 22:51:21.000000000 -0500
26331 +++ linux-2.6.32.1/drivers/video/uvesafb.c 2009-12-14 18:33:57.012741789 -0500
26333 #include <linux/fb.h>
26334 #include <linux/io.h>
26335 #include <linux/mutex.h>
26336 +#include <linux/moduleloader.h>
26337 #include <video/edid.h>
26338 #include <video/uvesafb.h>
26340 @@ -120,7 +121,7 @@ static int uvesafb_helper_start(void)
26344 - return call_usermodehelper(v86d_path, argv, envp, 1);
26345 + return call_usermodehelper(v86d_path, argv, envp, UMH_WAIT_PROC);
26349 @@ -568,10 +569,32 @@ static int __devinit uvesafb_vbe_getpmi(
26350 if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
26351 par->pmi_setpal = par->ypan = 0;
26354 +#ifdef CONFIG_PAX_KERNEXEC
26355 +#ifdef CONFIG_MODULES
26356 + par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx);
26358 + if (!par->pmi_code) {
26359 + par->pmi_setpal = par->ypan = 0;
26364 par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4)
26365 + task->t.regs.edi);
26367 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26368 + pax_open_kernel();
26369 + memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx);
26370 + pax_close_kernel();
26372 + par->pmi_start = ktva_ktla(par->pmi_code + par->pmi_base[1]);
26373 + par->pmi_pal = ktva_ktla(par->pmi_code + par->pmi_base[2]);
26375 par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1];
26376 par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2];
26379 printk(KERN_INFO "uvesafb: protected mode interface info at "
26381 (u16)task->t.regs.es, (u16)task->t.regs.edi);
26382 @@ -1799,6 +1822,11 @@ out:
26383 if (par->vbe_modes)
26384 kfree(par->vbe_modes);
26386 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26387 + if (par->pmi_code)
26388 + module_free_exec(NULL, par->pmi_code);
26391 framebuffer_release(info);
26394 @@ -1825,6 +1853,12 @@ static int uvesafb_remove(struct platfor
26395 kfree(par->vbe_state_orig);
26396 if (par->vbe_state_saved)
26397 kfree(par->vbe_state_saved);
26399 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26400 + if (par->pmi_code)
26401 + module_free_exec(NULL, par->pmi_code);
26406 framebuffer_release(info);
26407 diff -urNp linux-2.6.32.1/drivers/video/vesafb.c linux-2.6.32.1/drivers/video/vesafb.c
26408 --- linux-2.6.32.1/drivers/video/vesafb.c 2009-12-02 22:51:21.000000000 -0500
26409 +++ linux-2.6.32.1/drivers/video/vesafb.c 2009-12-14 18:33:57.027725518 -0500
26413 #include <linux/module.h>
26414 +#include <linux/moduleloader.h>
26415 #include <linux/kernel.h>
26416 #include <linux/errno.h>
26417 #include <linux/string.h>
26418 @@ -53,8 +54,8 @@ static int vram_remap __initdata; /*
26419 static int vram_total __initdata; /* Set total amount of memory */
26420 static int pmi_setpal __read_mostly = 1; /* pmi for palette changes ??? */
26421 static int ypan __read_mostly; /* 0..nothing, 1..ypan, 2..ywrap */
26422 -static void (*pmi_start)(void) __read_mostly;
26423 -static void (*pmi_pal) (void) __read_mostly;
26424 +static void (*pmi_start)(void) __read_only;
26425 +static void (*pmi_pal) (void) __read_only;
26426 static int depth __read_mostly;
26427 static int vga_compat __read_mostly;
26428 /* --------------------------------------------------------------------- */
26429 @@ -233,6 +234,7 @@ static int __init vesafb_probe(struct pl
26430 unsigned int size_vmode;
26431 unsigned int size_remap;
26432 unsigned int size_total;
26433 + void *pmi_code = NULL;
26435 if (screen_info.orig_video_isVGA != VIDEO_TYPE_VLFB)
26437 @@ -275,10 +277,6 @@ static int __init vesafb_probe(struct pl
26438 size_remap = size_total;
26439 vesafb_fix.smem_len = size_remap;
26442 - screen_info.vesapm_seg = 0;
26445 if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) {
26446 printk(KERN_WARNING
26447 "vesafb: cannot reserve video memory at 0x%lx\n",
26448 @@ -315,9 +313,21 @@ static int __init vesafb_probe(struct pl
26449 printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n",
26450 vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages);
26454 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26455 + pmi_code = module_alloc_exec(screen_info.vesapm_size);
26457 +#elif !defined(CONFIG_PAX_KERNEXEC)
26462 + screen_info.vesapm_seg = 0;
26464 if (screen_info.vesapm_seg) {
26465 - printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n",
26466 - screen_info.vesapm_seg,screen_info.vesapm_off);
26467 + printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n",
26468 + screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size);
26471 if (screen_info.vesapm_seg < 0xc000)
26472 @@ -325,9 +335,25 @@ static int __init vesafb_probe(struct pl
26474 if (ypan || pmi_setpal) {
26475 unsigned short *pmi_base;
26476 - pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
26477 - pmi_start = (void*)((char*)pmi_base + pmi_base[1]);
26478 - pmi_pal = (void*)((char*)pmi_base + pmi_base[2]);
26480 + pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
26482 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26483 + pax_open_kernel();
26484 + memcpy(pmi_code, pmi_base, screen_info.vesapm_size);
26486 + pmi_code = pmi_base;
26489 + pmi_start = (void*)((char*)pmi_code + pmi_base[1]);
26490 + pmi_pal = (void*)((char*)pmi_code + pmi_base[2]);
26492 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26493 + pmi_start = ktva_ktla(pmi_start);
26494 + pmi_pal = ktva_ktla(pmi_pal);
26495 + pax_close_kernel();
26498 printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
26500 printk(KERN_INFO "vesafb: pmi: ports = ");
26501 @@ -469,6 +495,11 @@ static int __init vesafb_probe(struct pl
26502 info->node, info->fix.id);
26506 +#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
26507 + module_free_exec(NULL, pmi_code);
26510 if (info->screen_base)
26511 iounmap(info->screen_base);
26512 framebuffer_release(info);
26513 diff -urNp linux-2.6.32.1/drivers/xen/sys-hypervisor.c linux-2.6.32.1/drivers/xen/sys-hypervisor.c
26514 --- linux-2.6.32.1/drivers/xen/sys-hypervisor.c 2009-12-02 22:51:21.000000000 -0500
26515 +++ linux-2.6.32.1/drivers/xen/sys-hypervisor.c 2009-12-14 18:33:57.043739049 -0500
26516 @@ -425,7 +425,7 @@ static ssize_t hyp_sysfs_store(struct ko
26520 -static struct sysfs_ops hyp_sysfs_ops = {
26521 +static const struct sysfs_ops hyp_sysfs_ops = {
26522 .show = hyp_sysfs_show,
26523 .store = hyp_sysfs_store,
26525 diff -urNp linux-2.6.32.1/fs/9p/vfs_inode.c linux-2.6.32.1/fs/9p/vfs_inode.c
26526 --- linux-2.6.32.1/fs/9p/vfs_inode.c 2009-12-02 22:51:21.000000000 -0500
26527 +++ linux-2.6.32.1/fs/9p/vfs_inode.c 2009-12-14 18:33:57.059749105 -0500
26528 @@ -1079,7 +1079,7 @@ static void *v9fs_vfs_follow_link(struct
26530 v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
26532 - char *s = nd_get_link(nd);
26533 + const char *s = nd_get_link(nd);
26535 P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
26536 IS_ERR(s) ? "<error>" : s);
26537 diff -urNp linux-2.6.32.1/fs/aio.c linux-2.6.32.1/fs/aio.c
26538 --- linux-2.6.32.1/fs/aio.c 2009-12-02 22:51:21.000000000 -0500
26539 +++ linux-2.6.32.1/fs/aio.c 2009-12-14 18:33:57.095723301 -0500
26540 @@ -115,7 +115,7 @@ static int aio_setup_ring(struct kioctx
26541 size += sizeof(struct io_event) * nr_events;
26542 nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
26544 - if (nr_pages < 0)
26545 + if (nr_pages <= 0)
26548 nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
26549 diff -urNp linux-2.6.32.1/fs/attr.c linux-2.6.32.1/fs/attr.c
26550 --- linux-2.6.32.1/fs/attr.c 2009-12-02 22:51:21.000000000 -0500
26551 +++ linux-2.6.32.1/fs/attr.c 2009-12-14 18:33:57.104750823 -0500
26552 @@ -83,6 +83,7 @@ int inode_newsize_ok(const struct inode
26553 unsigned long limit;
26555 limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
26556 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1);
26557 if (limit != RLIM_INFINITY && offset > limit)
26559 if (offset > inode->i_sb->s_maxbytes)
26560 diff -urNp linux-2.6.32.1/fs/autofs/root.c linux-2.6.32.1/fs/autofs/root.c
26561 --- linux-2.6.32.1/fs/autofs/root.c 2009-12-02 22:51:21.000000000 -0500
26562 +++ linux-2.6.32.1/fs/autofs/root.c 2009-12-14 18:33:57.125758241 -0500
26563 @@ -299,7 +299,8 @@ static int autofs_root_symlink(struct in
26564 set_bit(n,sbi->symlink_bitmap);
26565 sl = &sbi->symlink[n];
26566 sl->len = strlen(symname);
26567 - sl->data = kmalloc(slsize = sl->len+1, GFP_KERNEL);
26568 + slsize = sl->len+1;
26569 + sl->data = kmalloc(slsize, GFP_KERNEL);
26571 clear_bit(n,sbi->symlink_bitmap);
26573 diff -urNp linux-2.6.32.1/fs/autofs4/symlink.c linux-2.6.32.1/fs/autofs4/symlink.c
26574 --- linux-2.6.32.1/fs/autofs4/symlink.c 2009-12-02 22:51:21.000000000 -0500
26575 +++ linux-2.6.32.1/fs/autofs4/symlink.c 2009-12-14 18:33:57.134749675 -0500
26577 static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd)
26579 struct autofs_info *ino = autofs4_dentry_ino(dentry);
26580 - nd_set_link(nd, (char *)ino->u.symlink);
26581 + nd_set_link(nd, ino->u.symlink);
26585 diff -urNp linux-2.6.32.1/fs/befs/linuxvfs.c linux-2.6.32.1/fs/befs/linuxvfs.c
26586 --- linux-2.6.32.1/fs/befs/linuxvfs.c 2009-12-02 22:51:21.000000000 -0500
26587 +++ linux-2.6.32.1/fs/befs/linuxvfs.c 2009-12-14 18:33:57.142702421 -0500
26588 @@ -493,7 +493,7 @@ static void befs_put_link(struct dentry
26590 befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
26591 if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
26592 - char *link = nd_get_link(nd);
26593 + const char *link = nd_get_link(nd);
26597 diff -urNp linux-2.6.32.1/fs/binfmt_aout.c linux-2.6.32.1/fs/binfmt_aout.c
26598 --- linux-2.6.32.1/fs/binfmt_aout.c 2009-12-02 22:51:21.000000000 -0500
26599 +++ linux-2.6.32.1/fs/binfmt_aout.c 2009-12-14 18:33:57.161757136 -0500
26601 #include <linux/string.h>
26602 #include <linux/fs.h>
26603 #include <linux/file.h>
26604 +#include <linux/security.h>
26605 #include <linux/stat.h>
26606 #include <linux/fcntl.h>
26607 #include <linux/ptrace.h>
26608 @@ -113,10 +114,12 @@ static int aout_core_dump(long signr, st
26610 /* If the size of the dump file exceeds the rlimit, then see what would happen
26611 if we wrote the stack, but not the data area. */
26612 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1);
26613 if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > limit)
26616 /* Make sure we have enough room to write the stack and data areas. */
26617 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1);
26618 if ((dump.u_ssize + 1) * PAGE_SIZE > limit)
26621 @@ -249,6 +252,8 @@ static int load_aout_binary(struct linux
26622 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
26623 if (rlim >= RLIM_INFINITY)
26626 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
26627 if (ex.a_data + ex.a_bss > rlim)
26630 @@ -276,6 +281,27 @@ static int load_aout_binary(struct linux
26631 install_exec_creds(bprm);
26632 current->flags &= ~PF_FORKNOEXEC;
26634 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
26635 + current->mm->pax_flags = 0UL;
26638 +#ifdef CONFIG_PAX_PAGEEXEC
26639 + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
26640 + current->mm->pax_flags |= MF_PAX_PAGEEXEC;
26642 +#ifdef CONFIG_PAX_EMUTRAMP
26643 + if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
26644 + current->mm->pax_flags |= MF_PAX_EMUTRAMP;
26647 +#ifdef CONFIG_PAX_MPROTECT
26648 + if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
26649 + current->mm->pax_flags |= MF_PAX_MPROTECT;
26655 if (N_MAGIC(ex) == OMAGIC) {
26656 unsigned long text_addr, map_size;
26658 @@ -348,7 +374,7 @@ static int load_aout_binary(struct linux
26660 down_write(¤t->mm->mmap_sem);
26661 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
26662 - PROT_READ | PROT_WRITE | PROT_EXEC,
26663 + PROT_READ | PROT_WRITE,
26664 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
26665 fd_offset + ex.a_text);
26666 up_write(¤t->mm->mmap_sem);
26667 diff -urNp linux-2.6.32.1/fs/binfmt_elf.c linux-2.6.32.1/fs/binfmt_elf.c
26668 --- linux-2.6.32.1/fs/binfmt_elf.c 2009-12-02 22:51:21.000000000 -0500
26669 +++ linux-2.6.32.1/fs/binfmt_elf.c 2009-12-14 18:33:57.172753346 -0500
26670 @@ -50,6 +50,10 @@ static int elf_core_dump(long signr, str
26671 #define elf_core_dump NULL
26674 +#ifdef CONFIG_PAX_MPROTECT
26675 +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
26678 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
26679 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
26681 @@ -69,6 +73,11 @@ static struct linux_binfmt elf_format =
26682 .load_binary = load_elf_binary,
26683 .load_shlib = load_elf_library,
26684 .core_dump = elf_core_dump,
26686 +#ifdef CONFIG_PAX_MPROTECT
26687 + .handle_mprotect= elf_handle_mprotect,
26690 .min_coredump = ELF_EXEC_PAGESIZE,
26693 @@ -77,6 +86,8 @@ static struct linux_binfmt elf_format =
26695 static int set_brk(unsigned long start, unsigned long end)
26697 + unsigned long e = end;
26699 start = ELF_PAGEALIGN(start);
26700 end = ELF_PAGEALIGN(end);
26702 @@ -87,7 +98,7 @@ static int set_brk(unsigned long start,
26703 if (BAD_ADDR(addr))
26706 - current->mm->start_brk = current->mm->brk = end;
26707 + current->mm->start_brk = current->mm->brk = e;
26711 @@ -148,7 +159,7 @@ create_elf_tables(struct linux_binprm *b
26712 elf_addr_t __user *u_rand_bytes;
26713 const char *k_platform = ELF_PLATFORM;
26714 const char *k_base_platform = ELF_BASE_PLATFORM;
26715 - unsigned char k_rand_bytes[16];
26716 + u32 k_rand_bytes[4];
26718 elf_addr_t *elf_info;
26720 @@ -195,6 +206,10 @@ create_elf_tables(struct linux_binprm *b
26721 * Generate 16 random bytes for userspace PRNG seeding.
26723 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
26724 + srandom32(k_rand_bytes[0] ^ random32());
26725 + srandom32(k_rand_bytes[1] ^ random32());
26726 + srandom32(k_rand_bytes[2] ^ random32());
26727 + srandom32(k_rand_bytes[3] ^ random32());
26728 u_rand_bytes = (elf_addr_t __user *)
26729 STACK_ALLOC(p, sizeof(k_rand_bytes));
26730 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
26731 @@ -385,10 +400,10 @@ static unsigned long load_elf_interp(str
26733 struct elf_phdr *elf_phdata;
26734 struct elf_phdr *eppnt;
26735 - unsigned long load_addr = 0;
26736 + unsigned long load_addr = 0, pax_task_size = TASK_SIZE;
26737 int load_addr_set = 0;
26738 unsigned long last_bss = 0, elf_bss = 0;
26739 - unsigned long error = ~0UL;
26740 + unsigned long error = -EINVAL;
26741 unsigned long total_size;
26742 int retval, i, size;
26744 @@ -434,6 +449,11 @@ static unsigned long load_elf_interp(str
26748 +#ifdef CONFIG_PAX_SEGMEXEC
26749 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
26750 + pax_task_size = SEGMEXEC_TASK_SIZE;
26753 eppnt = elf_phdata;
26754 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
26755 if (eppnt->p_type == PT_LOAD) {
26756 @@ -477,8 +497,8 @@ static unsigned long load_elf_interp(str
26757 k = load_addr + eppnt->p_vaddr;
26759 eppnt->p_filesz > eppnt->p_memsz ||
26760 - eppnt->p_memsz > TASK_SIZE ||
26761 - TASK_SIZE - eppnt->p_memsz < k) {
26762 + eppnt->p_memsz > pax_task_size ||
26763 + pax_task_size - eppnt->p_memsz < k) {
26767 @@ -532,6 +552,177 @@ out:
26771 +#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
26772 +static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
26774 + unsigned long pax_flags = 0UL;
26776 +#ifdef CONFIG_PAX_PAGEEXEC
26777 + if (elf_phdata->p_flags & PF_PAGEEXEC)
26778 + pax_flags |= MF_PAX_PAGEEXEC;
26781 +#ifdef CONFIG_PAX_SEGMEXEC
26782 + if (elf_phdata->p_flags & PF_SEGMEXEC)
26783 + pax_flags |= MF_PAX_SEGMEXEC;
26786 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26787 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26789 + pax_flags &= ~MF_PAX_SEGMEXEC;
26791 + pax_flags &= ~MF_PAX_PAGEEXEC;
26795 +#ifdef CONFIG_PAX_EMUTRAMP
26796 + if (elf_phdata->p_flags & PF_EMUTRAMP)
26797 + pax_flags |= MF_PAX_EMUTRAMP;
26800 +#ifdef CONFIG_PAX_MPROTECT
26801 + if (elf_phdata->p_flags & PF_MPROTECT)
26802 + pax_flags |= MF_PAX_MPROTECT;
26805 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
26806 + if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP))
26807 + pax_flags |= MF_PAX_RANDMMAP;
26810 + return pax_flags;
26814 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
26815 +static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
26817 + unsigned long pax_flags = 0UL;
26819 +#ifdef CONFIG_PAX_PAGEEXEC
26820 + if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
26821 + pax_flags |= MF_PAX_PAGEEXEC;
26824 +#ifdef CONFIG_PAX_SEGMEXEC
26825 + if (!(elf_phdata->p_flags & PF_NOSEGMEXEC))
26826 + pax_flags |= MF_PAX_SEGMEXEC;
26829 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26830 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26832 + pax_flags &= ~MF_PAX_SEGMEXEC;
26834 + pax_flags &= ~MF_PAX_PAGEEXEC;
26838 +#ifdef CONFIG_PAX_EMUTRAMP
26839 + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
26840 + pax_flags |= MF_PAX_EMUTRAMP;
26843 +#ifdef CONFIG_PAX_MPROTECT
26844 + if (!(elf_phdata->p_flags & PF_NOMPROTECT))
26845 + pax_flags |= MF_PAX_MPROTECT;
26848 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
26849 + if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP))
26850 + pax_flags |= MF_PAX_RANDMMAP;
26853 + return pax_flags;
26857 +#ifdef CONFIG_PAX_EI_PAX
26858 +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
26860 + unsigned long pax_flags = 0UL;
26862 +#ifdef CONFIG_PAX_PAGEEXEC
26863 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
26864 + pax_flags |= MF_PAX_PAGEEXEC;
26867 +#ifdef CONFIG_PAX_SEGMEXEC
26868 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
26869 + pax_flags |= MF_PAX_SEGMEXEC;
26872 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
26873 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
26875 + pax_flags &= ~MF_PAX_SEGMEXEC;
26877 + pax_flags &= ~MF_PAX_PAGEEXEC;
26881 +#ifdef CONFIG_PAX_EMUTRAMP
26882 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
26883 + pax_flags |= MF_PAX_EMUTRAMP;
26886 +#ifdef CONFIG_PAX_MPROTECT
26887 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
26888 + pax_flags |= MF_PAX_MPROTECT;
26891 +#ifdef CONFIG_PAX_ASLR
26892 + if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
26893 + pax_flags |= MF_PAX_RANDMMAP;
26896 + return pax_flags;
26900 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
26901 +static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
26903 + unsigned long pax_flags = 0UL;
26905 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
26909 +#ifdef CONFIG_PAX_EI_PAX
26910 + pax_flags = pax_parse_ei_pax(elf_ex);
26913 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
26914 + for (i = 0UL; i < elf_ex->e_phnum; i++)
26915 + if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
26916 + if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
26917 + ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
26918 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
26919 + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
26920 + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
26923 +#ifdef CONFIG_PAX_SOFTMODE
26924 + if (pax_softmode)
26925 + pax_flags = pax_parse_softmode(&elf_phdata[i]);
26929 + pax_flags = pax_parse_hardmode(&elf_phdata[i]);
26934 + if (0 > pax_check_flags(&pax_flags))
26937 + current->mm->pax_flags = pax_flags;
26943 * These are the functions used to load ELF style executables and shared
26944 * libraries. There is no binary dependent code anywhere else.
26945 @@ -548,6 +739,11 @@ static unsigned long randomize_stack_top
26947 unsigned int random_variable = 0;
26949 +#ifdef CONFIG_PAX_RANDUSTACK
26950 + if (randomize_va_space)
26951 + return stack_top - current->mm->delta_stack;
26954 if ((current->flags & PF_RANDOMIZE) &&
26955 !(current->personality & ADDR_NO_RANDOMIZE)) {
26956 random_variable = get_random_int() & STACK_RND_MASK;
26957 @@ -566,7 +762,7 @@ static int load_elf_binary(struct linux_
26958 unsigned long load_addr = 0, load_bias = 0;
26959 int load_addr_set = 0;
26960 char * elf_interpreter = NULL;
26961 - unsigned long error;
26962 + unsigned long error = 0;
26963 struct elf_phdr *elf_ppnt, *elf_phdata;
26964 unsigned long elf_bss, elf_brk;
26966 @@ -576,11 +772,11 @@ static int load_elf_binary(struct linux_
26967 unsigned long start_code, end_code, start_data, end_data;
26968 unsigned long reloc_func_desc = 0;
26969 int executable_stack = EXSTACK_DEFAULT;
26970 - unsigned long def_flags = 0;
26972 struct elfhdr elf_ex;
26973 struct elfhdr interp_elf_ex;
26975 + unsigned long pax_task_size = TASK_SIZE;
26977 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
26979 @@ -742,11 +938,80 @@ static int load_elf_binary(struct linux_
26981 /* OK, This is the point of no return */
26982 current->flags &= ~PF_FORKNOEXEC;
26983 - current->mm->def_flags = def_flags;
26985 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
26986 + current->mm->pax_flags = 0UL;
26989 +#ifdef CONFIG_PAX_DLRESOLVE
26990 + current->mm->call_dl_resolve = 0UL;
26993 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
26994 + current->mm->call_syscall = 0UL;
26997 +#ifdef CONFIG_PAX_ASLR
26998 + current->mm->delta_mmap = 0UL;
26999 + current->mm->delta_stack = 0UL;
27002 + current->mm->def_flags = 0;
27004 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
27005 + if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
27006 + send_sig(SIGKILL, current, 0);
27007 + goto out_free_dentry;
27011 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
27012 + pax_set_initial_flags(bprm);
27013 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
27014 + if (pax_set_initial_flags_func)
27015 + (pax_set_initial_flags_func)(bprm);
27018 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
27019 + if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !nx_enabled) {
27020 + current->mm->context.user_cs_limit = PAGE_SIZE;
27021 + current->mm->def_flags |= VM_PAGEEXEC;
27025 +#ifdef CONFIG_PAX_SEGMEXEC
27026 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
27027 + current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE;
27028 + current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
27029 + pax_task_size = SEGMEXEC_TASK_SIZE;
27033 +#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
27034 + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27035 + set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
27040 +#ifdef CONFIG_PAX_ASLR
27041 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
27042 + current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
27043 + current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
27047 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
27048 may depend on the personality. */
27049 SET_PERSONALITY(loc->elf_ex);
27051 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
27052 + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27053 + executable_stack = EXSTACK_DISABLE_X;
27054 + current->personality &= ~READ_IMPLIES_EXEC;
27058 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
27059 current->personality |= READ_IMPLIES_EXEC;
27061 @@ -827,6 +1092,20 @@ static int load_elf_binary(struct linux_
27063 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
27066 +#ifdef CONFIG_PAX_RANDMMAP
27067 + /* PaX: randomize base address at the default exe base if requested */
27068 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
27069 +#ifdef CONFIG_SPARC64
27070 + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
27072 + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
27074 + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
27075 + elf_flags |= MAP_FIXED;
27081 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
27082 @@ -859,9 +1138,9 @@ static int load_elf_binary(struct linux_
27083 * allowed task size. Note that p_filesz must always be
27084 * <= p_memsz so it is only necessary to check p_memsz.
27086 - if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
27087 - elf_ppnt->p_memsz > TASK_SIZE ||
27088 - TASK_SIZE - elf_ppnt->p_memsz < k) {
27089 + if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
27090 + elf_ppnt->p_memsz > pax_task_size ||
27091 + pax_task_size - elf_ppnt->p_memsz < k) {
27092 /* set_brk can never work. Avoid overflows. */
27093 send_sig(SIGKILL, current, 0);
27095 @@ -889,6 +1168,11 @@ static int load_elf_binary(struct linux_
27096 start_data += load_bias;
27097 end_data += load_bias;
27099 +#ifdef CONFIG_PAX_RANDMMAP
27100 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
27101 + elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
27104 /* Calling set_brk effectively mmaps the pages that we need
27105 * for the bss and break sections. We must do this before
27106 * mapping in the interpreter, to make sure it doesn't wind
27107 @@ -900,9 +1184,11 @@ static int load_elf_binary(struct linux_
27108 goto out_free_dentry;
27110 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
27111 - send_sig(SIGSEGV, current, 0);
27112 - retval = -EFAULT; /* Nobody gets to see this, but.. */
27113 - goto out_free_dentry;
27115 + * This bss-zeroing can fail if the ELF
27116 + * file specifies odd protections. So
27117 + * we don't check the return value
27121 if (elf_interpreter) {
27122 @@ -1135,8 +1421,10 @@ static int dump_seek(struct file *file,
27123 unsigned long n = off;
27126 - if (!dump_write(file, buf, n))
27127 + if (!dump_write(file, buf, n)) {
27128 + free_page((unsigned long)buf);
27133 free_page((unsigned long)buf);
27134 @@ -1148,7 +1436,7 @@ static int dump_seek(struct file *file,
27135 * Decide what to dump of a segment, part, all or none.
27137 static unsigned long vma_dump_size(struct vm_area_struct *vma,
27138 - unsigned long mm_flags)
27139 + unsigned long mm_flags, long signr)
27141 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
27143 @@ -1182,7 +1470,7 @@ static unsigned long vma_dump_size(struc
27144 if (vma->vm_file == NULL)
27147 - if (FILTER(MAPPED_PRIVATE))
27148 + if (signr == SIGKILL || FILTER(MAPPED_PRIVATE))
27152 @@ -1278,8 +1566,11 @@ static int writenote(struct memelfnote *
27155 #define DUMP_WRITE(addr, nr) \
27157 + gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \
27158 if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
27159 - goto end_coredump;
27160 + goto end_coredump; \
27163 static void fill_elf_header(struct elfhdr *elf, int segs,
27164 u16 machine, u32 flags, u8 osabi)
27165 @@ -1408,9 +1699,9 @@ static void fill_auxv_note(struct memelf
27167 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
27172 - while (auxv[i - 2] != AT_NULL);
27173 + } while (auxv[i - 2] != AT_NULL);
27174 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
27177 @@ -1996,7 +2287,7 @@ static int elf_core_dump(long signr, str
27178 phdr.p_offset = offset;
27179 phdr.p_vaddr = vma->vm_start;
27181 - phdr.p_filesz = vma_dump_size(vma, mm_flags);
27182 + phdr.p_filesz = vma_dump_size(vma, mm_flags, signr);
27183 phdr.p_memsz = vma->vm_end - vma->vm_start;
27184 offset += phdr.p_filesz;
27185 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
27186 @@ -2029,7 +2320,7 @@ static int elf_core_dump(long signr, str
27187 unsigned long addr;
27190 - end = vma->vm_start + vma_dump_size(vma, mm_flags);
27191 + end = vma->vm_start + vma_dump_size(vma, mm_flags, signr);
27193 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
27195 @@ -2038,6 +2329,7 @@ static int elf_core_dump(long signr, str
27196 page = get_dump_page(addr);
27198 void *kaddr = kmap(page);
27199 + gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1);
27200 stop = ((size += PAGE_SIZE) > limit) ||
27201 !dump_write(file, kaddr, PAGE_SIZE);
27203 @@ -2065,6 +2357,97 @@ out:
27205 #endif /* USE_ELF_CORE_DUMP */
27207 +#ifdef CONFIG_PAX_MPROTECT
27208 +/* PaX: non-PIC ELF libraries need relocations on their executable segments
27209 + * therefore we'll grant them VM_MAYWRITE once during their life. Similarly
27210 + * we'll remove VM_MAYWRITE for good on RELRO segments.
27212 + * The checks favour ld-linux.so behaviour which operates on a per ELF segment
27213 + * basis because we want to allow the common case and not the special ones.
27215 +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags)
27217 + struct elfhdr elf_h;
27218 + struct elf_phdr elf_p;
27220 + unsigned long oldflags;
27221 + bool is_textrel_rw, is_textrel_rx, is_relro;
27223 + if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT))
27226 + oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
27227 + newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ;
27229 +#ifdef CONFIG_PAX_NOELFRELOCS
27230 + is_textrel_rw = false;
27231 + is_textrel_rx = false;
27233 + /* possible TEXTREL */
27234 + is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
27235 + is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
27238 + /* possible RELRO */
27239 + is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
27241 + if (!is_textrel_rw && !is_textrel_rx && !is_relro)
27244 + if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
27245 + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
27247 +#ifdef CONFIG_PAX_ETEXECRELOCS
27248 + ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
27250 + ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) ||
27253 + (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
27254 + !elf_check_arch(&elf_h) ||
27255 + elf_h.e_phentsize != sizeof(struct elf_phdr) ||
27256 + elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
27259 + for (i = 0UL; i < elf_h.e_phnum; i++) {
27260 + if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
27262 + switch (elf_p.p_type) {
27264 + if (!is_textrel_rw && !is_textrel_rx)
27267 + while ((i+1) * sizeof(elf_dyn) <= elf_p.p_filesz) {
27270 + if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
27272 + if (dyn.d_tag == DT_NULL)
27274 + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
27275 + gr_log_textrel(vma);
27276 + if (is_textrel_rw)
27277 + vma->vm_flags |= VM_MAYWRITE;
27279 + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
27280 + vma->vm_flags &= ~VM_MAYWRITE;
27287 + case PT_GNU_RELRO:
27290 + if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start)
27291 + vma->vm_flags &= ~VM_MAYWRITE;
27298 static int __init init_elf_binfmt(void)
27300 return register_binfmt(&elf_format);
27301 diff -urNp linux-2.6.32.1/fs/binfmt_flat.c linux-2.6.32.1/fs/binfmt_flat.c
27302 --- linux-2.6.32.1/fs/binfmt_flat.c 2009-12-02 22:51:21.000000000 -0500
27303 +++ linux-2.6.32.1/fs/binfmt_flat.c 2009-12-14 18:33:57.183755156 -0500
27304 @@ -563,7 +563,9 @@ static int load_flat_file(struct linux_b
27305 realdatastart = (unsigned long) -ENOMEM;
27306 printk("Unable to allocate RAM for process data, errno %d\n",
27307 (int)-realdatastart);
27308 + down_write(¤t->mm->mmap_sem);
27309 do_munmap(current->mm, textpos, text_len);
27310 + up_write(¤t->mm->mmap_sem);
27311 ret = realdatastart;
27314 @@ -587,8 +589,10 @@ static int load_flat_file(struct linux_b
27316 if (IS_ERR_VALUE(result)) {
27317 printk("Unable to read data+bss, errno %d\n", (int)-result);
27318 + down_write(¤t->mm->mmap_sem);
27319 do_munmap(current->mm, textpos, text_len);
27320 do_munmap(current->mm, realdatastart, data_len + extra);
27321 + up_write(¤t->mm->mmap_sem);
27325 @@ -657,8 +661,10 @@ static int load_flat_file(struct linux_b
27327 if (IS_ERR_VALUE(result)) {
27328 printk("Unable to read code+data+bss, errno %d\n",(int)-result);
27329 + down_write(¤t->mm->mmap_sem);
27330 do_munmap(current->mm, textpos, text_len + data_len + extra +
27331 MAX_SHARED_LIBS * sizeof(unsigned long));
27332 + up_write(¤t->mm->mmap_sem);
27336 diff -urNp linux-2.6.32.1/fs/binfmt_misc.c linux-2.6.32.1/fs/binfmt_misc.c
27337 --- linux-2.6.32.1/fs/binfmt_misc.c 2009-12-02 22:51:21.000000000 -0500
27338 +++ linux-2.6.32.1/fs/binfmt_misc.c 2009-12-14 18:33:57.183755156 -0500
27339 @@ -693,7 +693,7 @@ static int bm_fill_super(struct super_bl
27340 static struct tree_descr bm_files[] = {
27341 [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO},
27342 [3] = {"register", &bm_register_operations, S_IWUSR},
27343 - /* last one */ {""}
27344 + /* last one */ {"", NULL, 0}
27346 int err = simple_fill_super(sb, 0x42494e4d, bm_files);
27348 diff -urNp linux-2.6.32.1/fs/bio.c linux-2.6.32.1/fs/bio.c
27349 --- linux-2.6.32.1/fs/bio.c 2009-12-02 22:51:21.000000000 -0500
27350 +++ linux-2.6.32.1/fs/bio.c 2009-12-14 18:33:57.192749405 -0500
27351 @@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_cr
27354 while (i < bio_slab_nr) {
27355 - struct bio_slab *bslab = &bio_slabs[i];
27356 + bslab = &bio_slabs[i];
27358 if (!bslab->slab && entry == -1)
27360 @@ -1212,7 +1212,7 @@ static void bio_copy_kern_endio(struct b
27361 const int read = bio_data_dir(bio) == READ;
27362 struct bio_map_data *bmd = bio->bi_private;
27364 - char *p = bmd->sgvecs[0].iov_base;
27365 + char *p = (__force char *)bmd->sgvecs[0].iov_base;
27367 __bio_for_each_segment(bvec, bio, i, 0) {
27368 char *addr = page_address(bvec->bv_page);
27369 diff -urNp linux-2.6.32.1/fs/btrfs/ctree.c linux-2.6.32.1/fs/btrfs/ctree.c
27370 --- linux-2.6.32.1/fs/btrfs/ctree.c 2009-12-02 22:51:21.000000000 -0500
27371 +++ linux-2.6.32.1/fs/btrfs/ctree.c 2009-12-14 18:33:57.212701813 -0500
27372 @@ -3568,7 +3568,6 @@ setup_items_for_insert(struct btrfs_tran
27376 - struct btrfs_disk_key disk_key;
27377 btrfs_cpu_key_to_disk(&disk_key, cpu_key);
27378 ret = fixup_low_keys(trans, root, path, &disk_key, 1);
27380 diff -urNp linux-2.6.32.1/fs/btrfs/disk-io.c linux-2.6.32.1/fs/btrfs/disk-io.c
27381 --- linux-2.6.32.1/fs/btrfs/disk-io.c 2009-12-02 22:51:21.000000000 -0500
27382 +++ linux-2.6.32.1/fs/btrfs/disk-io.c 2009-12-14 18:33:57.230771869 -0500
27384 #include "tree-log.h"
27385 #include "free-space-cache.h"
27387 -static struct extent_io_ops btree_extent_io_ops;
27388 +static const struct extent_io_ops btree_extent_io_ops;
27389 static void end_workqueue_fn(struct btrfs_work *work);
27390 static void free_fs_root(struct btrfs_root *root);
27392 @@ -2585,7 +2585,7 @@ out:
27396 -static struct extent_io_ops btree_extent_io_ops = {
27397 +static const struct extent_io_ops btree_extent_io_ops = {
27398 .write_cache_pages_lock_hook = btree_lock_page_hook,
27399 .readpage_end_io_hook = btree_readpage_end_io_hook,
27400 .submit_bio_hook = btree_submit_bio_hook,
27401 diff -urNp linux-2.6.32.1/fs/btrfs/extent_io.h linux-2.6.32.1/fs/btrfs/extent_io.h
27402 --- linux-2.6.32.1/fs/btrfs/extent_io.h 2009-12-02 22:51:21.000000000 -0500
27403 +++ linux-2.6.32.1/fs/btrfs/extent_io.h 2009-12-14 18:33:57.244757099 -0500
27404 @@ -49,36 +49,36 @@ typedef int (extent_submit_bio_hook_t)(s
27405 struct bio *bio, int mirror_num,
27406 unsigned long bio_flags);
27407 struct extent_io_ops {
27408 - int (*fill_delalloc)(struct inode *inode, struct page *locked_page,
27409 + int (* const fill_delalloc)(struct inode *inode, struct page *locked_page,
27410 u64 start, u64 end, int *page_started,
27411 unsigned long *nr_written);
27412 - int (*writepage_start_hook)(struct page *page, u64 start, u64 end);
27413 - int (*writepage_io_hook)(struct page *page, u64 start, u64 end);
27414 + int (* const writepage_start_hook)(struct page *page, u64 start, u64 end);
27415 + int (* const writepage_io_hook)(struct page *page, u64 start, u64 end);
27416 extent_submit_bio_hook_t *submit_bio_hook;
27417 - int (*merge_bio_hook)(struct page *page, unsigned long offset,
27418 + int (* const merge_bio_hook)(struct page *page, unsigned long offset,
27419 size_t size, struct bio *bio,
27420 unsigned long bio_flags);
27421 - int (*readpage_io_hook)(struct page *page, u64 start, u64 end);
27422 - int (*readpage_io_failed_hook)(struct bio *bio, struct page *page,
27423 + int (* const readpage_io_hook)(struct page *page, u64 start, u64 end);
27424 + int (* const readpage_io_failed_hook)(struct bio *bio, struct page *page,
27425 u64 start, u64 end,
27426 struct extent_state *state);
27427 - int (*writepage_io_failed_hook)(struct bio *bio, struct page *page,
27428 + int (* const writepage_io_failed_hook)(struct bio *bio, struct page *page,
27429 u64 start, u64 end,
27430 struct extent_state *state);
27431 - int (*readpage_end_io_hook)(struct page *page, u64 start, u64 end,
27432 + int (* const readpage_end_io_hook)(struct page *page, u64 start, u64 end,
27433 struct extent_state *state);
27434 - int (*writepage_end_io_hook)(struct page *page, u64 start, u64 end,
27435 + int (* const writepage_end_io_hook)(struct page *page, u64 start, u64 end,
27436 struct extent_state *state, int uptodate);
27437 - int (*set_bit_hook)(struct inode *inode, u64 start, u64 end,
27438 + int (* const set_bit_hook)(struct inode *inode, u64 start, u64 end,
27439 unsigned long old, unsigned long bits);
27440 - int (*clear_bit_hook)(struct inode *inode, struct extent_state *state,
27441 + int (* const clear_bit_hook)(struct inode *inode, struct extent_state *state,
27442 unsigned long bits);
27443 - int (*merge_extent_hook)(struct inode *inode,
27444 + int (* const merge_extent_hook)(struct inode *inode,
27445 struct extent_state *new,
27446 struct extent_state *other);
27447 - int (*split_extent_hook)(struct inode *inode,
27448 + int (* const split_extent_hook)(struct inode *inode,
27449 struct extent_state *orig, u64 split);
27450 - int (*write_cache_pages_lock_hook)(struct page *page);
27451 + int (* const write_cache_pages_lock_hook)(struct page *page);
27454 struct extent_io_tree {
27455 @@ -88,7 +88,7 @@ struct extent_io_tree {
27458 spinlock_t buffer_lock;
27459 - struct extent_io_ops *ops;
27460 + const struct extent_io_ops *ops;
27463 struct extent_state {
27464 diff -urNp linux-2.6.32.1/fs/btrfs/free-space-cache.c linux-2.6.32.1/fs/btrfs/free-space-cache.c
27465 --- linux-2.6.32.1/fs/btrfs/free-space-cache.c 2009-12-02 22:51:21.000000000 -0500
27466 +++ linux-2.6.32.1/fs/btrfs/free-space-cache.c 2009-12-14 18:33:57.281770959 -0500
27467 @@ -1074,8 +1074,6 @@ u64 btrfs_alloc_from_cluster(struct btrf
27470 if (entry->bytes < bytes || entry->offset < min_start) {
27471 - struct rb_node *node;
27473 node = rb_next(&entry->offset_index);
27476 @@ -1226,7 +1224,7 @@ again:
27478 while (entry->bitmap || found_bitmap ||
27479 (!entry->bitmap && entry->bytes < min_bytes)) {
27480 - struct rb_node *node = rb_next(&entry->offset_index);
27481 + node = rb_next(&entry->offset_index);
27483 if (entry->bitmap && entry->bytes > bytes + empty_size) {
27484 ret = btrfs_bitmap_cluster(block_group, entry, cluster,
27485 diff -urNp linux-2.6.32.1/fs/btrfs/inode.c linux-2.6.32.1/fs/btrfs/inode.c
27486 --- linux-2.6.32.1/fs/btrfs/inode.c 2009-12-02 22:51:21.000000000 -0500
27487 +++ linux-2.6.32.1/fs/btrfs/inode.c 2009-12-14 18:33:57.312774084 -0500
27488 @@ -63,7 +63,7 @@ static const struct inode_operations btr
27489 static const struct address_space_operations btrfs_aops;
27490 static const struct address_space_operations btrfs_symlink_aops;
27491 static const struct file_operations btrfs_dir_file_operations;
27492 -static struct extent_io_ops btrfs_extent_io_ops;
27493 +static const struct extent_io_ops btrfs_extent_io_ops;
27495 static struct kmem_cache *btrfs_inode_cachep;
27496 struct kmem_cache *btrfs_trans_handle_cachep;
27497 @@ -5854,7 +5854,7 @@ static const struct file_operations btrf
27498 .fsync = btrfs_sync_file,
27501 -static struct extent_io_ops btrfs_extent_io_ops = {
27502 +static const struct extent_io_ops btrfs_extent_io_ops = {
27503 .fill_delalloc = run_delalloc_range,
27504 .submit_bio_hook = btrfs_submit_bio_hook,
27505 .merge_bio_hook = btrfs_merge_bio_hook,
27506 diff -urNp linux-2.6.32.1/fs/btrfs/sysfs.c linux-2.6.32.1/fs/btrfs/sysfs.c
27507 --- linux-2.6.32.1/fs/btrfs/sysfs.c 2009-12-02 22:51:21.000000000 -0500
27508 +++ linux-2.6.32.1/fs/btrfs/sysfs.c 2009-12-14 18:33:57.315769270 -0500
27509 @@ -164,12 +164,12 @@ static void btrfs_root_release(struct ko
27510 complete(&root->kobj_unregister);
27513 -static struct sysfs_ops btrfs_super_attr_ops = {
27514 +static const struct sysfs_ops btrfs_super_attr_ops = {
27515 .show = btrfs_super_attr_show,
27516 .store = btrfs_super_attr_store,
27519 -static struct sysfs_ops btrfs_root_attr_ops = {
27520 +static const struct sysfs_ops btrfs_root_attr_ops = {
27521 .show = btrfs_root_attr_show,
27522 .store = btrfs_root_attr_store,
27524 diff -urNp linux-2.6.32.1/fs/buffer.c linux-2.6.32.1/fs/buffer.c
27525 --- linux-2.6.32.1/fs/buffer.c 2009-12-02 22:51:21.000000000 -0500
27526 +++ linux-2.6.32.1/fs/buffer.c 2009-12-14 18:33:57.344773102 -0500
27528 #include <linux/percpu.h>
27529 #include <linux/slab.h>
27530 #include <linux/capability.h>
27531 +#include <linux/security.h>
27532 #include <linux/blkdev.h>
27533 #include <linux/file.h>
27534 #include <linux/quotaops.h>
27535 diff -urNp linux-2.6.32.1/fs/cachefiles/rdwr.c linux-2.6.32.1/fs/cachefiles/rdwr.c
27536 --- linux-2.6.32.1/fs/cachefiles/rdwr.c 2009-12-02 22:51:21.000000000 -0500
27537 +++ linux-2.6.32.1/fs/cachefiles/rdwr.c 2009-12-14 18:33:57.350797598 -0500
27538 @@ -946,7 +946,7 @@ int cachefiles_write_page(struct fscache
27541 ret = file->f_op->write(
27542 - file, (const void __user *) data, len, &pos);
27543 + file, (__force const void __user *) data, len, &pos);
27547 diff -urNp linux-2.6.32.1/fs/cifs/cifs_uniupr.h linux-2.6.32.1/fs/cifs/cifs_uniupr.h
27548 --- linux-2.6.32.1/fs/cifs/cifs_uniupr.h 2009-12-02 22:51:21.000000000 -0500
27549 +++ linux-2.6.32.1/fs/cifs/cifs_uniupr.h 2009-12-14 18:33:57.352714715 -0500
27550 @@ -132,7 +132,7 @@ const struct UniCaseRange CifsUniUpperRa
27551 {0x0490, 0x04cc, UniCaseRangeU0490},
27552 {0x1e00, 0x1ffc, UniCaseRangeU1e00},
27553 {0xff40, 0xff5a, UniCaseRangeUff40},
27559 diff -urNp linux-2.6.32.1/fs/cifs/link.c linux-2.6.32.1/fs/cifs/link.c
27560 --- linux-2.6.32.1/fs/cifs/link.c 2009-12-02 22:51:21.000000000 -0500
27561 +++ linux-2.6.32.1/fs/cifs/link.c 2009-12-14 18:33:57.352714715 -0500
27562 @@ -215,7 +215,7 @@ cifs_symlink(struct inode *inode, struct
27564 void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
27566 - char *p = nd_get_link(nd);
27567 + const char *p = nd_get_link(nd);
27571 diff -urNp linux-2.6.32.1/fs/compat_binfmt_elf.c linux-2.6.32.1/fs/compat_binfmt_elf.c
27572 --- linux-2.6.32.1/fs/compat_binfmt_elf.c 2009-12-02 22:51:21.000000000 -0500
27573 +++ linux-2.6.32.1/fs/compat_binfmt_elf.c 2009-12-14 18:33:57.353774760 -0500
27574 @@ -29,10 +29,12 @@
27580 #define elfhdr elf32_hdr
27581 #define elf_phdr elf32_phdr
27582 #define elf_note elf32_note
27583 +#define elf_dyn Elf32_Dyn
27584 #define elf_addr_t Elf32_Addr
27587 diff -urNp linux-2.6.32.1/fs/compat.c linux-2.6.32.1/fs/compat.c
27588 --- linux-2.6.32.1/fs/compat.c 2009-12-02 22:51:21.000000000 -0500
27589 +++ linux-2.6.32.1/fs/compat.c 2009-12-14 18:33:57.385706728 -0500
27590 @@ -1410,14 +1410,12 @@ static int compat_copy_strings(int argc,
27591 if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
27594 -#ifdef CONFIG_STACK_GROWSUP
27595 ret = expand_stack_downwards(bprm->vma, pos);
27597 /* We've exceed the stack rlimit. */
27602 ret = get_user_pages(current, bprm->mm, pos,
27603 1, 1, 1, &page, NULL);
27605 @@ -1463,6 +1461,11 @@ int compat_do_execve(char * filename,
27606 compat_uptr_t __user *envp,
27607 struct pt_regs * regs)
27609 +#ifdef CONFIG_GRKERNSEC
27610 + struct file *old_exec_file;
27611 + struct acl_subject_label *old_acl;
27612 + struct rlimit old_rlim[RLIM_NLIMITS];
27614 struct linux_binprm *bprm;
27616 struct files_struct *displaced;
27617 @@ -1499,6 +1502,14 @@ int compat_do_execve(char * filename,
27618 bprm->filename = filename;
27619 bprm->interp = filename;
27621 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1);
27622 + retval = -EAGAIN;
27623 + if (gr_handle_nproc())
27625 + retval = -EACCES;
27626 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt))
27629 retval = bprm_mm_init(bprm);
27632 @@ -1528,9 +1539,40 @@ int compat_do_execve(char * filename,
27636 + if (!gr_tpe_allow(file)) {
27637 + retval = -EACCES;
27641 + if (gr_check_crash_exec(file)) {
27642 + retval = -EACCES;
27646 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
27648 + gr_handle_exec_args(bprm, (char __user * __user *)argv);
27650 +#ifdef CONFIG_GRKERNSEC
27651 + old_acl = current->acl;
27652 + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
27653 + old_exec_file = current->exec_file;
27655 + current->exec_file = file;
27658 + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
27659 + bprm->unsafe & LSM_UNSAFE_SHARE);
27663 retval = search_binary_handler(bprm, regs);
27667 +#ifdef CONFIG_GRKERNSEC
27668 + if (old_exec_file)
27669 + fput(old_exec_file);
27672 current->stack_start = current->mm->start_stack;
27674 @@ -1543,6 +1585,14 @@ int compat_do_execve(char * filename,
27675 put_files_struct(displaced);
27679 +#ifdef CONFIG_GRKERNSEC
27680 + current->acl = old_acl;
27681 + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
27682 + fput(current->exec_file);
27683 + current->exec_file = old_exec_file;
27689 diff -urNp linux-2.6.32.1/fs/compat_ioctl.c linux-2.6.32.1/fs/compat_ioctl.c
27690 --- linux-2.6.32.1/fs/compat_ioctl.c 2009-12-02 22:51:21.000000000 -0500
27691 +++ linux-2.6.32.1/fs/compat_ioctl.c 2009-12-14 18:33:57.407779827 -0500
27692 @@ -1827,15 +1827,15 @@ struct ioctl_trans {
27695 #define HANDLE_IOCTL(cmd,handler) \
27696 - { (cmd), (ioctl_trans_handler_t)(handler) },
27697 + { (cmd), (ioctl_trans_handler_t)(handler), NULL },
27699 /* pointer to compatible structure or no argument */
27700 #define COMPATIBLE_IOCTL(cmd) \
27701 - { (cmd), do_ioctl32_pointer },
27702 + { (cmd), do_ioctl32_pointer, NULL },
27704 /* argument is an unsigned long integer, not a pointer */
27705 #define ULONG_IOCTL(cmd) \
27706 - { (cmd), (ioctl_trans_handler_t)sys_ioctl },
27707 + { (cmd), (ioctl_trans_handler_t)sys_ioctl, NULL },
27709 /* ioctl should not be warned about even if it's not implemented.
27710 Valid reasons to use this:
27711 diff -urNp linux-2.6.32.1/fs/debugfs/inode.c linux-2.6.32.1/fs/debugfs/inode.c
27712 --- linux-2.6.32.1/fs/debugfs/inode.c 2009-12-02 22:51:21.000000000 -0500
27713 +++ linux-2.6.32.1/fs/debugfs/inode.c 2009-12-14 18:33:57.427775570 -0500
27714 @@ -118,7 +118,7 @@ static inline int debugfs_positive(struc
27716 static int debug_fill_super(struct super_block *sb, void *data, int silent)
27718 - static struct tree_descr debug_files[] = {{""}};
27719 + static struct tree_descr debug_files[] = {{"", NULL, 0}};
27721 return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files);
27723 diff -urNp linux-2.6.32.1/fs/dlm/lockspace.c linux-2.6.32.1/fs/dlm/lockspace.c
27724 --- linux-2.6.32.1/fs/dlm/lockspace.c 2009-12-02 22:51:21.000000000 -0500
27725 +++ linux-2.6.32.1/fs/dlm/lockspace.c 2009-12-14 18:33:57.438783661 -0500
27726 @@ -148,7 +148,7 @@ static void lockspace_kobj_release(struc
27730 -static struct sysfs_ops dlm_attr_ops = {
27731 +static const struct sysfs_ops dlm_attr_ops = {
27732 .show = dlm_attr_show,
27733 .store = dlm_attr_store,
27735 diff -urNp linux-2.6.32.1/fs/ecryptfs/inode.c linux-2.6.32.1/fs/ecryptfs/inode.c
27736 --- linux-2.6.32.1/fs/ecryptfs/inode.c 2009-12-02 22:51:21.000000000 -0500
27737 +++ linux-2.6.32.1/fs/ecryptfs/inode.c 2009-12-14 18:33:57.465783113 -0500
27738 @@ -676,7 +676,7 @@ ecryptfs_readlink(struct dentry *dentry,
27741 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
27742 - (char __user *)lower_buf,
27743 + (__force char __user *)lower_buf,
27747 @@ -720,7 +720,7 @@ static void *ecryptfs_follow_link(struct
27751 - rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
27752 + rc = dentry->d_inode->i_op->readlink(dentry, (__force char __user *)buf, len);
27756 diff -urNp linux-2.6.32.1/fs/exec.c linux-2.6.32.1/fs/exec.c
27757 --- linux-2.6.32.1/fs/exec.c 2009-12-02 22:51:21.000000000 -0500
27758 +++ linux-2.6.32.1/fs/exec.c 2009-12-14 18:33:57.485728461 -0500
27759 @@ -56,12 +56,24 @@
27760 #include <linux/fsnotify.h>
27761 #include <linux/fs_struct.h>
27762 #include <linux/pipe_fs_i.h>
27763 +#include <linux/random.h>
27764 +#include <linux/seq_file.h>
27766 +#ifdef CONFIG_PAX_REFCOUNT
27767 +#include <linux/kallsyms.h>
27768 +#include <linux/kdebug.h>
27771 #include <asm/uaccess.h>
27772 #include <asm/mmu_context.h>
27773 #include <asm/tlb.h>
27774 #include "internal.h"
27776 +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
27777 +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
27778 +EXPORT_SYMBOL(pax_set_initial_flags_func);
27782 char core_pattern[CORENAME_MAX_SIZE] = "core";
27783 unsigned int core_pipe_limit;
27784 @@ -115,7 +127,7 @@ SYSCALL_DEFINE1(uselib, const char __use
27787 file = do_filp_open(AT_FDCWD, tmp,
27788 - O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
27789 + O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0,
27790 MAY_READ | MAY_EXEC | MAY_OPEN);
27792 error = PTR_ERR(file);
27793 @@ -163,18 +175,10 @@ static struct page *get_arg_page(struct
27799 -#ifdef CONFIG_STACK_GROWSUP
27801 - ret = expand_stack_downwards(bprm->vma, pos);
27806 - ret = get_user_pages(current, bprm->mm, pos,
27807 - 1, write, 1, &page, NULL);
27809 + if (0 > expand_stack_downwards(bprm->vma, pos))
27811 + if (0 >= get_user_pages(current, bprm->mm, pos, 1, write, 1, &page, NULL))
27815 @@ -246,6 +250,11 @@ static int __bprm_mm_init(struct linux_b
27816 vma->vm_end = STACK_TOP_MAX;
27817 vma->vm_start = vma->vm_end - PAGE_SIZE;
27818 vma->vm_flags = VM_STACK_FLAGS;
27820 +#ifdef CONFIG_PAX_SEGMEXEC
27821 + vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
27824 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
27825 err = insert_vm_struct(mm, vma);
27827 @@ -254,6 +263,12 @@ static int __bprm_mm_init(struct linux_b
27828 mm->stack_vm = mm->total_vm = 1;
27829 up_write(&mm->mmap_sem);
27830 bprm->p = vma->vm_end - sizeof(void *);
27832 +#ifdef CONFIG_PAX_RANDUSTACK
27833 + if (randomize_va_space)
27834 + bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK;
27839 up_write(&mm->mmap_sem);
27840 @@ -475,7 +490,7 @@ int copy_strings_kernel(int argc,char **
27842 mm_segment_t oldfs = get_fs();
27844 - r = copy_strings(argc, (char __user * __user *)argv, bprm);
27845 + r = copy_strings(argc, (__force char __user * __user *)argv, bprm);
27849 @@ -505,7 +520,8 @@ static int shift_arg_pages(struct vm_are
27850 unsigned long new_end = old_end - shift;
27851 struct mmu_gather *tlb;
27853 - BUG_ON(new_start > new_end);
27854 + if (new_start >= new_end || new_start < mmap_min_addr)
27858 * ensure there are no vmas between where we want to go
27859 @@ -514,6 +530,10 @@ static int shift_arg_pages(struct vm_are
27860 if (vma != find_vma(mm, new_start))
27863 +#ifdef CONFIG_PAX_SEGMEXEC
27864 + BUG_ON(pax_find_mirror_vma(vma));
27868 * cover the whole range: [new_start, old_end)
27870 @@ -602,6 +622,14 @@ int setup_arg_pages(struct linux_binprm
27871 bprm->exec -= stack_shift;
27873 down_write(&mm->mmap_sem);
27875 + /* Move stack pages down in memory. */
27876 + if (stack_shift) {
27877 + ret = shift_arg_pages(vma, stack_shift);
27882 vm_flags = VM_STACK_FLAGS;
27885 @@ -615,19 +643,24 @@ int setup_arg_pages(struct linux_binprm
27886 vm_flags &= ~VM_EXEC;
27887 vm_flags |= mm->def_flags;
27889 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
27890 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
27891 + vm_flags &= ~VM_EXEC;
27893 +#ifdef CONFIG_PAX_MPROTECT
27894 + if (mm->pax_flags & MF_PAX_MPROTECT)
27895 + vm_flags &= ~VM_MAYEXEC;
27901 ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end,
27905 BUG_ON(prev != vma);
27907 - /* Move stack pages down in memory. */
27908 - if (stack_shift) {
27909 - ret = shift_arg_pages(vma, stack_shift);
27914 #ifdef CONFIG_STACK_GROWSUP
27915 stack_base = vma->vm_end + EXTRA_STACK_VM_PAGES * PAGE_SIZE;
27917 @@ -651,7 +684,7 @@ struct file *open_exec(const char *name)
27920 file = do_filp_open(AT_FDCWD, name,
27921 - O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
27922 + O_LARGEFILE | O_RDONLY | FMODE_EXEC | FMODE_GREXEC, 0,
27923 MAY_EXEC | MAY_OPEN);
27926 @@ -688,7 +721,7 @@ int kernel_read(struct file *file, loff_
27929 /* The cast to a user pointer is valid due to the set_fs() */
27930 - result = vfs_read(file, (void __user *)addr, count, &pos);
27931 + result = vfs_read(file, (__force void __user *)addr, count, &pos);
27935 @@ -1088,7 +1121,7 @@ int check_unsafe_exec(struct linux_binpr
27939 - if (p->fs->users > n_fs) {
27940 + if (atomic_read(&p->fs->users) > n_fs) {
27941 bprm->unsafe |= LSM_UNSAFE_SHARE;
27944 @@ -1287,6 +1320,11 @@ int do_execve(char * filename,
27945 char __user *__user *envp,
27946 struct pt_regs * regs)
27948 +#ifdef CONFIG_GRKERNSEC
27949 + struct file *old_exec_file;
27950 + struct acl_subject_label *old_acl;
27951 + struct rlimit old_rlim[RLIM_NLIMITS];
27953 struct linux_binprm *bprm;
27955 struct files_struct *displaced;
27956 @@ -1323,6 +1361,18 @@ int do_execve(char * filename,
27957 bprm->filename = filename;
27958 bprm->interp = filename;
27960 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1);
27962 + if (gr_handle_nproc()) {
27963 + retval = -EAGAIN;
27967 + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
27968 + retval = -EACCES;
27972 retval = bprm_mm_init(bprm);
27975 @@ -1352,10 +1402,41 @@ int do_execve(char * filename,
27979 + if (!gr_tpe_allow(file)) {
27980 + retval = -EACCES;
27984 + if (gr_check_crash_exec(file)) {
27985 + retval = -EACCES;
27989 + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
27991 + gr_handle_exec_args(bprm, argv);
27993 +#ifdef CONFIG_GRKERNSEC
27994 + old_acl = current->acl;
27995 + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
27996 + old_exec_file = current->exec_file;
27998 + current->exec_file = file;
28001 + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
28002 + bprm->unsafe & LSM_UNSAFE_SHARE);
28006 current->flags &= ~PF_KTHREAD;
28007 retval = search_binary_handler(bprm,regs);
28011 +#ifdef CONFIG_GRKERNSEC
28012 + if (old_exec_file)
28013 + fput(old_exec_file);
28016 current->stack_start = current->mm->start_stack;
28018 @@ -1368,6 +1449,14 @@ int do_execve(char * filename,
28019 put_files_struct(displaced);
28023 +#ifdef CONFIG_GRKERNSEC
28024 + current->acl = old_acl;
28025 + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
28026 + fput(current->exec_file);
28027 + current->exec_file = old_exec_file;
28033 @@ -1531,6 +1620,169 @@ out:
28037 +int pax_check_flags(unsigned long *flags)
28041 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC)
28042 + if (*flags & MF_PAX_SEGMEXEC)
28044 + *flags &= ~MF_PAX_SEGMEXEC;
28045 + retval = -EINVAL;
28049 + if ((*flags & MF_PAX_PAGEEXEC)
28051 +#ifdef CONFIG_PAX_PAGEEXEC
28052 + && (*flags & MF_PAX_SEGMEXEC)
28057 + *flags &= ~MF_PAX_PAGEEXEC;
28058 + retval = -EINVAL;
28061 + if ((*flags & MF_PAX_MPROTECT)
28063 +#ifdef CONFIG_PAX_MPROTECT
28064 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
28069 + *flags &= ~MF_PAX_MPROTECT;
28070 + retval = -EINVAL;
28073 + if ((*flags & MF_PAX_EMUTRAMP)
28075 +#ifdef CONFIG_PAX_EMUTRAMP
28076 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
28081 + *flags &= ~MF_PAX_EMUTRAMP;
28082 + retval = -EINVAL;
28088 +EXPORT_SYMBOL(pax_check_flags);
28090 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
28091 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
28093 + struct task_struct *tsk = current;
28094 + struct mm_struct *mm = current->mm;
28095 + char *buffer_exec = (char *)__get_free_page(GFP_KERNEL);
28096 + char *buffer_fault = (char *)__get_free_page(GFP_KERNEL);
28097 + char *path_exec = NULL;
28098 + char *path_fault = NULL;
28099 + unsigned long start = 0UL, end = 0UL, offset = 0UL;
28101 + if (buffer_exec && buffer_fault) {
28102 + struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL;
28104 + down_read(&mm->mmap_sem);
28106 + while (vma && (!vma_exec || !vma_fault)) {
28107 + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file)
28109 + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
28111 + vma = vma->vm_next;
28114 + path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
28115 + if (IS_ERR(path_exec))
28116 + path_exec = "<path too long>";
28118 + path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\");
28121 + path_exec = buffer_exec;
28123 + path_exec = "<path too long>";
28127 + start = vma_fault->vm_start;
28128 + end = vma_fault->vm_end;
28129 + offset = vma_fault->vm_pgoff << PAGE_SHIFT;
28130 + if (vma_fault->vm_file) {
28131 + path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
28132 + if (IS_ERR(path_fault))
28133 + path_fault = "<path too long>";
28135 + path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\");
28136 + if (path_fault) {
28138 + path_fault = buffer_fault;
28140 + path_fault = "<path too long>";
28143 + path_fault = "<anonymous mapping>";
28145 + up_read(&mm->mmap_sem);
28147 + if (tsk->signal->curr_ip)
28148 + printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset);
28150 + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
28151 + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
28152 + "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
28153 + task_uid(tsk), task_euid(tsk), pc, sp);
28154 + free_page((unsigned long)buffer_exec);
28155 + free_page((unsigned long)buffer_fault);
28156 + pax_report_insns(pc, sp);
28157 + do_coredump(SIGKILL, SIGKILL, regs);
28161 +#ifdef CONFIG_PAX_REFCOUNT
28162 +void pax_report_refcount_overflow(struct pt_regs *regs)
28164 + if (current->signal->curr_ip)
28165 + printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
28166 + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
28168 + printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
28169 + current->comm, task_pid_nr(current), current_uid(), current_euid());
28170 + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
28172 + force_sig_specific(SIGKILL, current);
28176 +#ifdef CONFIG_PAX_USERCOPY
28177 +void pax_report_leak_to_user(const void *ptr, unsigned long len)
28179 + if (current->signal->curr_ip)
28180 + printk(KERN_ERR "PAX: From %pI4: kernel memory leak attempt detected from %p (%lu bytes)\n",
28181 + ¤t->signal->curr_ip, ptr, len);
28183 + printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len);
28185 + do_group_exit(SIGKILL);
28188 +void pax_report_overflow_from_user(const void *ptr, unsigned long len)
28190 + if (current->signal->curr_ip)
28191 + printk(KERN_ERR "PAX: From %pI4: kernel memory overflow attempt detected to %p (%lu bytes)\n",
28192 + ¤t->signal->curr_ip, ptr, len);
28194 + printk(KERN_ERR "PAX: kernel memory overflow attempt detected to %p (%lu bytes)\n", ptr, len);
28196 + do_group_exit(SIGKILL);
28200 static int zap_process(struct task_struct *start)
28202 struct task_struct *t;
28203 @@ -1733,17 +1985,17 @@ static void wait_for_dump_helpers(struct
28204 pipe = file->f_path.dentry->d_inode->i_pipe;
28209 + atomic_inc(&pipe->readers);
28210 + atomic_dec(&pipe->writers);
28212 - while ((pipe->readers > 1) && (!signal_pending(current))) {
28213 + while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) {
28214 wake_up_interruptible_sync(&pipe->wait);
28215 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
28221 + atomic_dec(&pipe->readers);
28222 + atomic_inc(&pipe->writers);
28226 @@ -1814,6 +2066,10 @@ void do_coredump(long signr, int exit_co
28228 clear_thread_flag(TIF_SIGPENDING);
28230 + if (signr == SIGKILL || signr == SIGILL)
28231 + gr_handle_brute_attach(current);
28232 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
28235 * lock_kernel() because format_corename() is controlled by sysctl, which
28236 * uses lock_kernel()
28237 diff -urNp linux-2.6.32.1/fs/ext2/balloc.c linux-2.6.32.1/fs/ext2/balloc.c
28238 --- linux-2.6.32.1/fs/ext2/balloc.c 2009-12-02 22:51:21.000000000 -0500
28239 +++ linux-2.6.32.1/fs/ext2/balloc.c 2009-12-14 18:33:57.486736846 -0500
28240 @@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct e
28242 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
28243 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
28244 - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
28245 + if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
28246 sbi->s_resuid != current_fsuid() &&
28247 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
28249 diff -urNp linux-2.6.32.1/fs/ext3/balloc.c linux-2.6.32.1/fs/ext3/balloc.c
28250 --- linux-2.6.32.1/fs/ext3/balloc.c 2009-12-02 22:51:21.000000000 -0500
28251 +++ linux-2.6.32.1/fs/ext3/balloc.c 2009-12-14 18:33:57.509718920 -0500
28252 @@ -1421,7 +1421,7 @@ static int ext3_has_free_blocks(struct e
28254 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
28255 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
28256 - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
28257 + if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
28258 sbi->s_resuid != current_fsuid() &&
28259 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
28261 diff -urNp linux-2.6.32.1/fs/ext3/namei.c linux-2.6.32.1/fs/ext3/namei.c
28262 --- linux-2.6.32.1/fs/ext3/namei.c 2009-12-02 22:51:21.000000000 -0500
28263 +++ linux-2.6.32.1/fs/ext3/namei.c 2009-12-14 18:33:57.534788141 -0500
28264 @@ -1168,7 +1168,7 @@ static struct ext3_dir_entry_2 *do_split
28265 char *data1 = (*bh)->b_data, *data2;
28266 unsigned split, move, size;
28267 struct ext3_dir_entry_2 *de = NULL, *de2;
28271 bh2 = ext3_append (handle, dir, &newblock, &err);
28273 diff -urNp linux-2.6.32.1/fs/ext3/xattr.c linux-2.6.32.1/fs/ext3/xattr.c
28274 --- linux-2.6.32.1/fs/ext3/xattr.c 2009-12-02 22:51:21.000000000 -0500
28275 +++ linux-2.6.32.1/fs/ext3/xattr.c 2009-12-14 18:33:57.545729588 -0500
28280 -# define ea_idebug(f...)
28281 -# define ea_bdebug(f...)
28282 +# define ea_idebug(f...) do {} while (0)
28283 +# define ea_bdebug(f...) do {} while (0)
28286 static void ext3_xattr_cache_insert(struct buffer_head *);
28287 diff -urNp linux-2.6.32.1/fs/ext4/balloc.c linux-2.6.32.1/fs/ext4/balloc.c
28288 --- linux-2.6.32.1/fs/ext4/balloc.c 2009-12-14 18:30:08.624952361 -0500
28289 +++ linux-2.6.32.1/fs/ext4/balloc.c 2009-12-14 18:33:57.550794725 -0500
28290 @@ -573,7 +573,7 @@ int ext4_has_free_blocks(struct ext4_sb_
28291 /* Hm, nope. Are (enough) root reserved blocks available? */
28292 if (sbi->s_resuid == current_fsuid() ||
28293 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
28294 - capable(CAP_SYS_RESOURCE)) {
28295 + capable_nolog(CAP_SYS_RESOURCE)) {
28296 if (free_blocks >= (nblocks + dirty_blocks))
28299 diff -urNp linux-2.6.32.1/fs/ext4/ioctl.c linux-2.6.32.1/fs/ext4/ioctl.c
28300 --- linux-2.6.32.1/fs/ext4/ioctl.c 2009-12-14 18:30:08.691941121 -0500
28301 +++ linux-2.6.32.1/fs/ext4/ioctl.c 2009-12-14 18:34:40.201102490 -0500
28302 @@ -221,6 +221,9 @@ setversion_out:
28303 struct file *donor_filp;
28306 + /* temporary workaround for bugs in here */
28307 + return -EOPNOTSUPP;
28309 if (!(filp->f_mode & FMODE_READ) ||
28310 !(filp->f_mode & FMODE_WRITE))
28312 diff -urNp linux-2.6.32.1/fs/ext4/namei.c linux-2.6.32.1/fs/ext4/namei.c
28313 --- linux-2.6.32.1/fs/ext4/namei.c 2009-12-14 18:30:08.723951546 -0500
28314 +++ linux-2.6.32.1/fs/ext4/namei.c 2009-12-14 18:33:57.586796568 -0500
28315 @@ -1203,7 +1203,7 @@ static struct ext4_dir_entry_2 *do_split
28316 char *data1 = (*bh)->b_data, *data2;
28317 unsigned split, move, size;
28318 struct ext4_dir_entry_2 *de = NULL, *de2;
28322 bh2 = ext4_append (handle, dir, &newblock, &err);
28324 diff -urNp linux-2.6.32.1/fs/ext4/super.c linux-2.6.32.1/fs/ext4/super.c
28325 --- linux-2.6.32.1/fs/ext4/super.c 2009-12-14 18:30:08.738961620 -0500
28326 +++ linux-2.6.32.1/fs/ext4/super.c 2009-12-14 18:33:57.594709686 -0500
28327 @@ -2271,7 +2271,7 @@ static void ext4_sb_release(struct kobje
28331 -static struct sysfs_ops ext4_attr_ops = {
28332 +static const struct sysfs_ops ext4_attr_ops = {
28333 .show = ext4_attr_show,
28334 .store = ext4_attr_store,
28336 diff -urNp linux-2.6.32.1/fs/fcntl.c linux-2.6.32.1/fs/fcntl.c
28337 --- linux-2.6.32.1/fs/fcntl.c 2009-12-02 22:51:21.000000000 -0500
28338 +++ linux-2.6.32.1/fs/fcntl.c 2009-12-14 18:33:57.701815425 -0500
28339 @@ -344,6 +344,7 @@ static long do_fcntl(int fd, unsigned in
28342 case F_DUPFD_CLOEXEC:
28343 + gr_learn_resource(current, RLIMIT_NOFILE, arg, 0);
28344 if (arg >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
28346 err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0);
28347 @@ -500,7 +501,8 @@ static inline int sigio_perm(struct task
28348 ret = ((fown->euid == 0 ||
28349 fown->euid == cred->suid || fown->euid == cred->uid ||
28350 fown->uid == cred->suid || fown->uid == cred->uid) &&
28351 - !security_file_send_sigiotask(p, fown, sig));
28352 + !security_file_send_sigiotask(p, fown, sig) &&
28353 + !gr_check_protected_task(p) && !gr_pid_is_chrooted(p));
28357 diff -urNp linux-2.6.32.1/fs/fifo.c linux-2.6.32.1/fs/fifo.c
28358 --- linux-2.6.32.1/fs/fifo.c 2009-12-02 22:51:21.000000000 -0500
28359 +++ linux-2.6.32.1/fs/fifo.c 2009-12-14 18:33:57.701815425 -0500
28360 @@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode
28362 filp->f_op = &read_pipefifo_fops;
28364 - if (pipe->readers++ == 0)
28365 + if (atomic_inc_return(&pipe->readers) == 1)
28366 wake_up_partner(inode);
28368 - if (!pipe->writers) {
28369 + if (!atomic_read(&pipe->writers)) {
28370 if ((filp->f_flags & O_NONBLOCK)) {
28371 /* suppress POLLHUP until we have
28373 @@ -83,15 +83,15 @@ static int fifo_open(struct inode *inode
28374 * errno=ENXIO when there is no process reading the FIFO.
28377 - if ((filp->f_flags & O_NONBLOCK) && !pipe->readers)
28378 + if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
28381 filp->f_op = &write_pipefifo_fops;
28383 - if (!pipe->writers++)
28384 + if (atomic_inc_return(&pipe->writers) == 1)
28385 wake_up_partner(inode);
28387 - if (!pipe->readers) {
28388 + if (!atomic_read(&pipe->readers)) {
28389 wait_for_partner(inode, &pipe->r_counter);
28390 if (signal_pending(current))
28392 @@ -107,11 +107,11 @@ static int fifo_open(struct inode *inode
28394 filp->f_op = &rdwr_pipefifo_fops;
28398 + atomic_inc(&pipe->readers);
28399 + atomic_inc(&pipe->writers);
28402 - if (pipe->readers == 1 || pipe->writers == 1)
28403 + if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
28404 wake_up_partner(inode);
28407 @@ -125,19 +125,19 @@ static int fifo_open(struct inode *inode
28411 - if (!--pipe->readers)
28412 + if (atomic_dec_and_test(&pipe->readers))
28413 wake_up_interruptible(&pipe->wait);
28414 ret = -ERESTARTSYS;
28418 - if (!--pipe->writers)
28419 + if (atomic_dec_and_test(&pipe->writers))
28420 wake_up_interruptible(&pipe->wait);
28421 ret = -ERESTARTSYS;
28425 - if (!pipe->readers && !pipe->writers)
28426 + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers))
28427 free_pipe_info(inode);
28430 diff -urNp linux-2.6.32.1/fs/file.c linux-2.6.32.1/fs/file.c
28431 --- linux-2.6.32.1/fs/file.c 2009-12-02 22:51:21.000000000 -0500
28432 +++ linux-2.6.32.1/fs/file.c 2009-12-14 18:33:57.775828221 -0500
28434 #include <linux/slab.h>
28435 #include <linux/vmalloc.h>
28436 #include <linux/file.h>
28437 +#include <linux/security.h>
28438 #include <linux/fdtable.h>
28439 #include <linux/bitops.h>
28440 #include <linux/interrupt.h>
28441 @@ -257,6 +258,8 @@ int expand_files(struct files_struct *fi
28442 * N.B. For clone tasks sharing a files structure, this test
28443 * will limit the total number of files that can be opened.
28446 + gr_learn_resource(current, RLIMIT_NOFILE, nr, 0);
28447 if (nr >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
28450 diff -urNp linux-2.6.32.1/fs/fs_struct.c linux-2.6.32.1/fs/fs_struct.c
28451 --- linux-2.6.32.1/fs/fs_struct.c 2009-12-02 22:51:21.000000000 -0500
28452 +++ linux-2.6.32.1/fs/fs_struct.c 2009-12-14 18:33:57.827823406 -0500
28453 @@ -89,7 +89,7 @@ void exit_fs(struct task_struct *tsk)
28455 write_lock(&fs->lock);
28457 - kill = !--fs->users;
28458 + kill = !atomic_dec_return(&fs->users);
28459 write_unlock(&fs->lock);
28462 @@ -102,7 +102,7 @@ struct fs_struct *copy_fs_struct(struct
28463 struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
28464 /* We don't need to lock fs - think why ;-) */
28467 + atomic_set(&fs->users, 1);
28469 rwlock_init(&fs->lock);
28470 fs->umask = old->umask;
28471 @@ -127,7 +127,7 @@ int unshare_fs_struct(void)
28473 task_lock(current);
28474 write_lock(&fs->lock);
28475 - kill = !--fs->users;
28476 + kill = !atomic_dec_return(&fs->users);
28477 current->fs = new_fs;
28478 write_unlock(&fs->lock);
28479 task_unlock(current);
28480 @@ -147,7 +147,7 @@ EXPORT_SYMBOL(current_umask);
28482 /* to be mentioned only in INIT_TASK */
28483 struct fs_struct init_fs = {
28485 + .users = ATOMIC_INIT(1),
28486 .lock = __RW_LOCK_UNLOCKED(init_fs.lock),
28489 @@ -162,12 +162,12 @@ void daemonize_fs_struct(void)
28490 task_lock(current);
28492 write_lock(&init_fs.lock);
28494 + atomic_inc(&init_fs.users);
28495 write_unlock(&init_fs.lock);
28497 write_lock(&fs->lock);
28498 current->fs = &init_fs;
28499 - kill = !--fs->users;
28500 + kill = !atomic_dec_return(&fs->users);
28501 write_unlock(&fs->lock);
28503 task_unlock(current);
28504 diff -urNp linux-2.6.32.1/fs/fuse/control.c linux-2.6.32.1/fs/fuse/control.c
28505 --- linux-2.6.32.1/fs/fuse/control.c 2009-12-02 22:51:21.000000000 -0500
28506 +++ linux-2.6.32.1/fs/fuse/control.c 2009-12-14 18:33:57.828823523 -0500
28507 @@ -293,7 +293,7 @@ void fuse_ctl_remove_conn(struct fuse_co
28509 static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)
28511 - struct tree_descr empty_descr = {""};
28512 + struct tree_descr empty_descr = {"", NULL, 0};
28513 struct fuse_conn *fc;
28516 diff -urNp linux-2.6.32.1/fs/fuse/cuse.c linux-2.6.32.1/fs/fuse/cuse.c
28517 --- linux-2.6.32.1/fs/fuse/cuse.c 2009-12-02 22:51:21.000000000 -0500
28518 +++ linux-2.6.32.1/fs/fuse/cuse.c 2009-12-14 18:33:57.829806378 -0500
28519 @@ -528,8 +528,18 @@ static int cuse_channel_release(struct i
28523 -static struct file_operations cuse_channel_fops; /* initialized during init */
28525 +static const struct file_operations cuse_channel_fops = { /* initialized during init */
28526 + .owner = THIS_MODULE,
28527 + .llseek = no_llseek,
28528 + .read = do_sync_read,
28529 + .aio_read = fuse_dev_read,
28530 + .write = do_sync_write,
28531 + .aio_write = fuse_dev_write,
28532 + .poll = fuse_dev_poll,
28533 + .open = cuse_channel_open,
28534 + .release = cuse_channel_release,
28535 + .fasync = fuse_dev_fasync,
28538 /**************************************************************************
28539 * Misc stuff and module initializatiion
28540 @@ -575,12 +585,6 @@ static int __init cuse_init(void)
28541 for (i = 0; i < CUSE_CONNTBL_LEN; i++)
28542 INIT_LIST_HEAD(&cuse_conntbl[i]);
28544 - /* inherit and extend fuse_dev_operations */
28545 - cuse_channel_fops = fuse_dev_operations;
28546 - cuse_channel_fops.owner = THIS_MODULE;
28547 - cuse_channel_fops.open = cuse_channel_open;
28548 - cuse_channel_fops.release = cuse_channel_release;
28550 cuse_class = class_create(THIS_MODULE, "cuse");
28551 if (IS_ERR(cuse_class))
28552 return PTR_ERR(cuse_class);
28553 diff -urNp linux-2.6.32.1/fs/fuse/dev.c linux-2.6.32.1/fs/fuse/dev.c
28554 --- linux-2.6.32.1/fs/fuse/dev.c 2009-12-02 22:51:21.000000000 -0500
28555 +++ linux-2.6.32.1/fs/fuse/dev.c 2009-12-14 18:33:57.839750335 -0500
28556 @@ -745,7 +745,7 @@ __releases(&fc->lock)
28557 * request_end(). Otherwise add it to the processing list, and set
28560 -static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28561 +ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28562 unsigned long nr_segs, loff_t pos)
28565 @@ -885,7 +885,7 @@ static int fuse_notify_inval_entry(struc
28567 struct fuse_notify_inval_entry_out outarg;
28569 - char buf[FUSE_NAME_MAX+1];
28570 + char *buf = NULL;
28573 if (size < sizeof(outarg))
28574 @@ -899,6 +899,11 @@ static int fuse_notify_inval_entry(struc
28575 if (outarg.namelen > FUSE_NAME_MAX)
28579 + buf = kmalloc(FUSE_NAME_MAX+1, GFP_KERNEL);
28584 name.len = outarg.namelen;
28585 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
28586 @@ -910,17 +915,15 @@ static int fuse_notify_inval_entry(struc
28588 down_read(&fc->killsb);
28593 - err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
28597 + err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
28598 up_read(&fc->killsb);
28603 fuse_copy_finish(cs);
28608 @@ -987,7 +990,7 @@ static int copy_out_args(struct fuse_cop
28609 * it from the list and copy the rest of the buffer to the request.
28610 * The request is finished by calling request_end()
28612 -static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28613 +ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28614 unsigned long nr_segs, loff_t pos)
28617 @@ -1084,7 +1087,7 @@ static ssize_t fuse_dev_write(struct kio
28621 -static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
28622 +unsigned fuse_dev_poll(struct file *file, poll_table *wait)
28624 unsigned mask = POLLOUT | POLLWRNORM;
28625 struct fuse_conn *fc = fuse_get_conn(file);
28626 @@ -1210,7 +1213,7 @@ int fuse_dev_release(struct inode *inode
28628 EXPORT_SYMBOL_GPL(fuse_dev_release);
28630 -static int fuse_dev_fasync(int fd, struct file *file, int on)
28631 +int fuse_dev_fasync(int fd, struct file *file, int on)
28633 struct fuse_conn *fc = fuse_get_conn(file);
28635 diff -urNp linux-2.6.32.1/fs/fuse/dir.c linux-2.6.32.1/fs/fuse/dir.c
28636 --- linux-2.6.32.1/fs/fuse/dir.c 2009-12-02 22:51:21.000000000 -0500
28637 +++ linux-2.6.32.1/fs/fuse/dir.c 2009-12-14 18:33:57.853826263 -0500
28638 @@ -1127,7 +1127,7 @@ static char *read_link(struct dentry *de
28642 -static void free_link(char *link)
28643 +static void free_link(const char *link)
28646 free_page((unsigned long) link);
28647 diff -urNp linux-2.6.32.1/fs/fuse/fuse_i.h linux-2.6.32.1/fs/fuse/fuse_i.h
28648 --- linux-2.6.32.1/fs/fuse/fuse_i.h 2009-12-02 22:51:21.000000000 -0500
28649 +++ linux-2.6.32.1/fs/fuse/fuse_i.h 2009-12-14 18:33:57.853826263 -0500
28650 @@ -521,6 +521,16 @@ extern const struct file_operations fuse
28652 extern const struct dentry_operations fuse_dentry_operations;
28654 +extern ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
28655 + unsigned long nr_segs, loff_t pos);
28657 +extern ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
28658 + unsigned long nr_segs, loff_t pos);
28660 +extern unsigned fuse_dev_poll(struct file *file, poll_table *wait);
28662 +extern int fuse_dev_fasync(int fd, struct file *file, int on);
28665 * Inode to nodeid comparison.
28667 diff -urNp linux-2.6.32.1/fs/gfs2/sys.c linux-2.6.32.1/fs/gfs2/sys.c
28668 --- linux-2.6.32.1/fs/gfs2/sys.c 2009-12-02 22:51:21.000000000 -0500
28669 +++ linux-2.6.32.1/fs/gfs2/sys.c 2009-12-14 18:33:57.859828938 -0500
28670 @@ -49,7 +49,7 @@ static ssize_t gfs2_attr_store(struct ko
28671 return a->store ? a->store(sdp, buf, len) : len;
28674 -static struct sysfs_ops gfs2_attr_ops = {
28675 +static const struct sysfs_ops gfs2_attr_ops = {
28676 .show = gfs2_attr_show,
28677 .store = gfs2_attr_store,
28679 @@ -584,7 +584,7 @@ static int gfs2_uevent(struct kset *kset
28683 -static struct kset_uevent_ops gfs2_uevent_ops = {
28684 +static const struct kset_uevent_ops gfs2_uevent_ops = {
28685 .uevent = gfs2_uevent,
28688 diff -urNp linux-2.6.32.1/fs/hfs/inode.c linux-2.6.32.1/fs/hfs/inode.c
28689 --- linux-2.6.32.1/fs/hfs/inode.c 2009-12-02 22:51:21.000000000 -0500
28690 +++ linux-2.6.32.1/fs/hfs/inode.c 2009-12-14 18:33:57.885855349 -0500
28691 @@ -423,7 +423,7 @@ int hfs_write_inode(struct inode *inode,
28693 if (S_ISDIR(main_inode->i_mode)) {
28694 if (fd.entrylength < sizeof(struct hfs_cat_dir))
28697 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
28698 sizeof(struct hfs_cat_dir));
28699 if (rec.type != HFS_CDR_DIR ||
28700 @@ -444,7 +444,7 @@ int hfs_write_inode(struct inode *inode,
28701 sizeof(struct hfs_cat_file));
28703 if (fd.entrylength < sizeof(struct hfs_cat_file))
28706 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
28707 sizeof(struct hfs_cat_file));
28708 if (rec.type != HFS_CDR_FIL ||
28709 diff -urNp linux-2.6.32.1/fs/hfsplus/inode.c linux-2.6.32.1/fs/hfsplus/inode.c
28710 --- linux-2.6.32.1/fs/hfsplus/inode.c 2009-12-02 22:51:21.000000000 -0500
28711 +++ linux-2.6.32.1/fs/hfsplus/inode.c 2009-12-14 18:33:57.895847427 -0500
28712 @@ -406,7 +406,7 @@ int hfsplus_cat_read_inode(struct inode
28713 struct hfsplus_cat_folder *folder = &entry.folder;
28715 if (fd->entrylength < sizeof(struct hfsplus_cat_folder))
28718 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
28719 sizeof(struct hfsplus_cat_folder));
28720 hfsplus_get_perms(inode, &folder->permissions, 1);
28721 @@ -423,7 +423,7 @@ int hfsplus_cat_read_inode(struct inode
28722 struct hfsplus_cat_file *file = &entry.file;
28724 if (fd->entrylength < sizeof(struct hfsplus_cat_file))
28727 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
28728 sizeof(struct hfsplus_cat_file));
28730 @@ -479,7 +479,7 @@ int hfsplus_cat_write_inode(struct inode
28731 struct hfsplus_cat_folder *folder = &entry.folder;
28733 if (fd.entrylength < sizeof(struct hfsplus_cat_folder))
28736 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
28737 sizeof(struct hfsplus_cat_folder));
28738 /* simple node checks? */
28739 @@ -501,7 +501,7 @@ int hfsplus_cat_write_inode(struct inode
28740 struct hfsplus_cat_file *file = &entry.file;
28742 if (fd.entrylength < sizeof(struct hfsplus_cat_file))
28745 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
28746 sizeof(struct hfsplus_cat_file));
28747 hfsplus_inode_write_fork(inode, &file->data_fork);
28748 diff -urNp linux-2.6.32.1/fs/ioctl.c linux-2.6.32.1/fs/ioctl.c
28749 --- linux-2.6.32.1/fs/ioctl.c 2009-12-02 22:51:21.000000000 -0500
28750 +++ linux-2.6.32.1/fs/ioctl.c 2009-12-14 18:33:57.904832927 -0500
28751 @@ -97,7 +97,7 @@ int fiemap_fill_next_extent(struct fiema
28752 u64 phys, u64 len, u32 flags)
28754 struct fiemap_extent extent;
28755 - struct fiemap_extent *dest = fieinfo->fi_extents_start;
28756 + struct fiemap_extent __user *dest = fieinfo->fi_extents_start;
28758 /* only count the extents */
28759 if (fieinfo->fi_extents_max == 0) {
28760 @@ -207,7 +207,7 @@ static int ioctl_fiemap(struct file *fil
28762 fieinfo.fi_flags = fiemap.fm_flags;
28763 fieinfo.fi_extents_max = fiemap.fm_extent_count;
28764 - fieinfo.fi_extents_start = (struct fiemap_extent *)(arg + sizeof(fiemap));
28765 + fieinfo.fi_extents_start = (struct fiemap_extent __user *)(arg + sizeof(fiemap));
28767 if (fiemap.fm_extent_count != 0 &&
28768 !access_ok(VERIFY_WRITE, fieinfo.fi_extents_start,
28769 @@ -220,7 +220,7 @@ static int ioctl_fiemap(struct file *fil
28770 error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, len);
28771 fiemap.fm_flags = fieinfo.fi_flags;
28772 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
28773 - if (copy_to_user((char *)arg, &fiemap, sizeof(fiemap)))
28774 + if (copy_to_user((__force char __user *)arg, &fiemap, sizeof(fiemap)))
28778 diff -urNp linux-2.6.32.1/fs/jffs2/debug.h linux-2.6.32.1/fs/jffs2/debug.h
28779 --- linux-2.6.32.1/fs/jffs2/debug.h 2009-12-02 22:51:21.000000000 -0500
28780 +++ linux-2.6.32.1/fs/jffs2/debug.h 2009-12-14 18:33:57.904832927 -0500
28781 @@ -52,13 +52,13 @@
28782 #if CONFIG_JFFS2_FS_DEBUG > 0
28786 +#define D1(x) do {} while (0);
28789 #if CONFIG_JFFS2_FS_DEBUG > 1
28793 +#define D2(x) do {} while (0);
28796 /* The prefixes of JFFS2 messages */
28797 @@ -114,73 +114,73 @@
28798 #ifdef JFFS2_DBG_READINODE_MESSAGES
28799 #define dbg_readinode(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28801 -#define dbg_readinode(fmt, ...)
28802 +#define dbg_readinode(fmt, ...) do {} while (0)
28804 #ifdef JFFS2_DBG_READINODE2_MESSAGES
28805 #define dbg_readinode2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28807 -#define dbg_readinode2(fmt, ...)
28808 +#define dbg_readinode2(fmt, ...) do {} while (0)
28811 /* Fragtree build debugging messages */
28812 #ifdef JFFS2_DBG_FRAGTREE_MESSAGES
28813 #define dbg_fragtree(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28815 -#define dbg_fragtree(fmt, ...)
28816 +#define dbg_fragtree(fmt, ...) do {} while (0)
28818 #ifdef JFFS2_DBG_FRAGTREE2_MESSAGES
28819 #define dbg_fragtree2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28821 -#define dbg_fragtree2(fmt, ...)
28822 +#define dbg_fragtree2(fmt, ...) do {} while (0)
28825 /* Directory entry list manilulation debugging messages */
28826 #ifdef JFFS2_DBG_DENTLIST_MESSAGES
28827 #define dbg_dentlist(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28829 -#define dbg_dentlist(fmt, ...)
28830 +#define dbg_dentlist(fmt, ...) do {} while (0)
28833 /* Print the messages about manipulating node_refs */
28834 #ifdef JFFS2_DBG_NODEREF_MESSAGES
28835 #define dbg_noderef(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28837 -#define dbg_noderef(fmt, ...)
28838 +#define dbg_noderef(fmt, ...) do {} while (0)
28841 /* Manipulations with the list of inodes (JFFS2 inocache) */
28842 #ifdef JFFS2_DBG_INOCACHE_MESSAGES
28843 #define dbg_inocache(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28845 -#define dbg_inocache(fmt, ...)
28846 +#define dbg_inocache(fmt, ...) do {} while (0)
28849 /* Summary debugging messages */
28850 #ifdef JFFS2_DBG_SUMMARY_MESSAGES
28851 #define dbg_summary(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28853 -#define dbg_summary(fmt, ...)
28854 +#define dbg_summary(fmt, ...) do {} while (0)
28857 /* File system build messages */
28858 #ifdef JFFS2_DBG_FSBUILD_MESSAGES
28859 #define dbg_fsbuild(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28861 -#define dbg_fsbuild(fmt, ...)
28862 +#define dbg_fsbuild(fmt, ...) do {} while (0)
28865 /* Watch the object allocations */
28866 #ifdef JFFS2_DBG_MEMALLOC_MESSAGES
28867 #define dbg_memalloc(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28869 -#define dbg_memalloc(fmt, ...)
28870 +#define dbg_memalloc(fmt, ...) do {} while (0)
28873 /* Watch the XATTR subsystem */
28874 #ifdef JFFS2_DBG_XATTR_MESSAGES
28875 #define dbg_xattr(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
28877 -#define dbg_xattr(fmt, ...)
28878 +#define dbg_xattr(fmt, ...) do {} while (0)
28881 /* "Sanity" checks */
28882 diff -urNp linux-2.6.32.1/fs/jffs2/erase.c linux-2.6.32.1/fs/jffs2/erase.c
28883 --- linux-2.6.32.1/fs/jffs2/erase.c 2009-12-02 22:51:21.000000000 -0500
28884 +++ linux-2.6.32.1/fs/jffs2/erase.c 2009-12-14 18:33:57.905843834 -0500
28885 @@ -434,7 +434,8 @@ static void jffs2_mark_erased_block(stru
28886 struct jffs2_unknown_node marker = {
28887 .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
28888 .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
28889 - .totlen = cpu_to_je32(c->cleanmarker_size)
28890 + .totlen = cpu_to_je32(c->cleanmarker_size),
28891 + .hdr_crc = cpu_to_je32(0)
28894 jffs2_prealloc_raw_node_refs(c, jeb, 1);
28895 diff -urNp linux-2.6.32.1/fs/jffs2/summary.h linux-2.6.32.1/fs/jffs2/summary.h
28896 --- linux-2.6.32.1/fs/jffs2/summary.h 2009-12-02 22:51:21.000000000 -0500
28897 +++ linux-2.6.32.1/fs/jffs2/summary.h 2009-12-14 18:33:57.905843834 -0500
28898 @@ -194,18 +194,18 @@ int jffs2_sum_scan_sumnode(struct jffs2_
28900 #define jffs2_sum_active() (0)
28901 #define jffs2_sum_init(a) (0)
28902 -#define jffs2_sum_exit(a)
28903 -#define jffs2_sum_disable_collecting(a)
28904 +#define jffs2_sum_exit(a) do {} while (0)
28905 +#define jffs2_sum_disable_collecting(a) do {} while (0)
28906 #define jffs2_sum_is_disabled(a) (0)
28907 -#define jffs2_sum_reset_collected(a)
28908 +#define jffs2_sum_reset_collected(a) do {} while (0)
28909 #define jffs2_sum_add_kvec(a,b,c,d) (0)
28910 -#define jffs2_sum_move_collected(a,b)
28911 +#define jffs2_sum_move_collected(a,b) do {} while (0)
28912 #define jffs2_sum_write_sumnode(a) (0)
28913 -#define jffs2_sum_add_padding_mem(a,b)
28914 -#define jffs2_sum_add_inode_mem(a,b,c)
28915 -#define jffs2_sum_add_dirent_mem(a,b,c)
28916 -#define jffs2_sum_add_xattr_mem(a,b,c)
28917 -#define jffs2_sum_add_xref_mem(a,b,c)
28918 +#define jffs2_sum_add_padding_mem(a,b) do {} while (0)
28919 +#define jffs2_sum_add_inode_mem(a,b,c) do {} while (0)
28920 +#define jffs2_sum_add_dirent_mem(a,b,c) do {} while (0)
28921 +#define jffs2_sum_add_xattr_mem(a,b,c) do {} while (0)
28922 +#define jffs2_sum_add_xref_mem(a,b,c) do {} while (0)
28923 #define jffs2_sum_scan_sumnode(a,b,c,d,e) (0)
28925 #endif /* CONFIG_JFFS2_SUMMARY */
28926 diff -urNp linux-2.6.32.1/fs/jffs2/wbuf.c linux-2.6.32.1/fs/jffs2/wbuf.c
28927 --- linux-2.6.32.1/fs/jffs2/wbuf.c 2009-12-02 22:51:21.000000000 -0500
28928 +++ linux-2.6.32.1/fs/jffs2/wbuf.c 2009-12-14 18:33:57.905843834 -0500
28929 @@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node o
28931 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
28932 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
28933 - .totlen = constant_cpu_to_je32(8)
28934 + .totlen = constant_cpu_to_je32(8),
28935 + .hdr_crc = constant_cpu_to_je32(0)
28939 diff -urNp linux-2.6.32.1/fs/lockd/svc.c linux-2.6.32.1/fs/lockd/svc.c
28940 --- linux-2.6.32.1/fs/lockd/svc.c 2009-12-02 22:51:21.000000000 -0500
28941 +++ linux-2.6.32.1/fs/lockd/svc.c 2009-12-14 18:33:57.906758976 -0500
28944 static struct svc_program nlmsvc_program;
28946 -struct nlmsvc_binding * nlmsvc_ops;
28947 +const struct nlmsvc_binding * nlmsvc_ops;
28948 EXPORT_SYMBOL_GPL(nlmsvc_ops);
28950 static DEFINE_MUTEX(nlmsvc_mutex);
28951 diff -urNp linux-2.6.32.1/fs/locks.c linux-2.6.32.1/fs/locks.c
28952 --- linux-2.6.32.1/fs/locks.c 2009-12-02 22:51:21.000000000 -0500
28953 +++ linux-2.6.32.1/fs/locks.c 2009-12-14 18:33:57.909722690 -0500
28954 @@ -2007,16 +2007,16 @@ void locks_remove_flock(struct file *fil
28957 if (filp->f_op && filp->f_op->flock) {
28958 - struct file_lock fl = {
28959 + struct file_lock flock = {
28960 .fl_pid = current->tgid,
28962 .fl_flags = FL_FLOCK,
28963 .fl_type = F_UNLCK,
28964 .fl_end = OFFSET_MAX,
28966 - filp->f_op->flock(filp, F_SETLKW, &fl);
28967 - if (fl.fl_ops && fl.fl_ops->fl_release_private)
28968 - fl.fl_ops->fl_release_private(&fl);
28969 + filp->f_op->flock(filp, F_SETLKW, &flock);
28970 + if (flock.fl_ops && flock.fl_ops->fl_release_private)
28971 + flock.fl_ops->fl_release_private(&flock);
28975 diff -urNp linux-2.6.32.1/fs/namei.c linux-2.6.32.1/fs/namei.c
28976 --- linux-2.6.32.1/fs/namei.c 2009-12-02 22:51:21.000000000 -0500
28977 +++ linux-2.6.32.1/fs/namei.c 2009-12-14 18:33:57.940839156 -0500
28978 @@ -637,7 +637,7 @@ static __always_inline int __do_follow_l
28979 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
28980 error = PTR_ERR(cookie);
28981 if (!IS_ERR(cookie)) {
28982 - char *s = nd_get_link(nd);
28983 + const char *s = nd_get_link(nd);
28986 error = __vfs_follow_link(nd, s);
28987 @@ -668,6 +668,13 @@ static inline int do_follow_link(struct
28988 err = security_inode_follow_link(path->dentry, nd);
28992 + if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
28993 + path->dentry->d_inode, path->dentry, nd->path.mnt)) {
28998 current->link_count++;
28999 current->total_link_count++;
29001 @@ -1005,11 +1012,18 @@ return_reval:
29005 + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
29006 + path_put(&nd->path);
29011 path_put_conditional(&next, nd);
29014 + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
29017 path_put(&nd->path);
29020 @@ -1610,12 +1624,19 @@ static int __open_namei_create(struct na
29022 struct dentry *dir = nd->path.dentry;
29024 + if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, nd->path.mnt, flag, mode)) {
29029 if (!IS_POSIXACL(dir->d_inode))
29030 mode &= ~current_umask();
29031 error = security_path_mknod(&nd->path, path->dentry, mode, 0);
29034 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
29036 + gr_handle_create(path->dentry, nd->path.mnt);
29038 mutex_unlock(&dir->d_inode->i_mutex);
29039 dput(nd->path.dentry);
29040 @@ -1698,6 +1719,22 @@ struct file *do_filp_open(int dfd, const
29043 return ERR_PTR(error);
29045 + if (gr_handle_rofs_blockwrite(nd.path.dentry, nd.path.mnt, acc_mode)) {
29050 + if (gr_handle_rawio(nd.path.dentry->d_inode)) {
29055 + if (!gr_acl_handle_open(nd.path.dentry, nd.path.mnt, flag)) {
29063 @@ -1784,6 +1821,24 @@ do_last:
29065 * It already exists.
29068 + if (gr_handle_rofs_blockwrite(path.dentry, nd.path.mnt, acc_mode)) {
29070 + goto exit_mutex_unlock;
29072 + if (gr_handle_rawio(path.dentry->d_inode)) {
29074 + goto exit_mutex_unlock;
29076 + if (!gr_acl_handle_open(path.dentry, nd.path.mnt, flag)) {
29078 + goto exit_mutex_unlock;
29080 + if (gr_handle_fifo(path.dentry, nd.path.mnt, dir, flag, acc_mode)) {
29082 + goto exit_mutex_unlock;
29085 mutex_unlock(&dir->d_inode->i_mutex);
29086 audit_inode(pathname, path.dentry);
29088 @@ -1876,6 +1931,13 @@ do_link:
29089 error = security_inode_follow_link(path.dentry, &nd);
29093 + if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode,
29094 + path.dentry, nd.path.mnt)) {
29099 error = __do_follow_link(&path, &nd);
29101 /* Does someone understand code flow here? Or it is only
29102 @@ -2050,6 +2112,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
29103 error = may_mknod(mode);
29107 + if (gr_handle_chroot_mknod(dentry, nd.path.mnt, mode)) {
29112 + if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
29117 error = mnt_want_write(nd.path.mnt);
29120 @@ -2070,6 +2143,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
29123 mnt_drop_write(nd.path.mnt);
29126 + gr_handle_create(dentry, nd.path.mnt);
29130 @@ -2123,6 +2199,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
29131 if (IS_ERR(dentry))
29134 + if (!gr_acl_handle_mkdir(dentry, nd.path.dentry, nd.path.mnt)) {
29139 if (!IS_POSIXACL(nd.path.dentry->d_inode))
29140 mode &= ~current_umask();
29141 error = mnt_want_write(nd.path.mnt);
29142 @@ -2134,6 +2215,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
29143 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
29145 mnt_drop_write(nd.path.mnt);
29148 + gr_handle_create(dentry, nd.path.mnt);
29153 @@ -2215,6 +2300,8 @@ static long do_rmdir(int dfd, const char
29155 struct dentry *dentry;
29156 struct nameidata nd;
29157 + ino_t saved_ino = 0;
29158 + dev_t saved_dev = 0;
29160 error = user_path_parent(dfd, pathname, &nd, &name);
29162 @@ -2239,6 +2326,19 @@ static long do_rmdir(int dfd, const char
29163 error = PTR_ERR(dentry);
29164 if (IS_ERR(dentry))
29167 + if (dentry->d_inode != NULL) {
29168 + if (dentry->d_inode->i_nlink <= 1) {
29169 + saved_ino = dentry->d_inode->i_ino;
29170 + saved_dev = dentry->d_inode->i_sb->s_dev;
29173 + if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
29179 error = mnt_want_write(nd.path.mnt);
29182 @@ -2246,6 +2346,8 @@ static long do_rmdir(int dfd, const char
29185 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
29186 + if (!error && (saved_dev || saved_ino))
29187 + gr_handle_delete(saved_ino, saved_dev);
29189 mnt_drop_write(nd.path.mnt);
29191 @@ -2307,6 +2409,8 @@ static long do_unlinkat(int dfd, const c
29192 struct dentry *dentry;
29193 struct nameidata nd;
29194 struct inode *inode = NULL;
29195 + ino_t saved_ino = 0;
29196 + dev_t saved_dev = 0;
29198 error = user_path_parent(dfd, pathname, &nd, &name);
29200 @@ -2326,8 +2430,19 @@ static long do_unlinkat(int dfd, const c
29201 if (nd.last.name[nd.last.len])
29203 inode = dentry->d_inode;
29206 + if (inode->i_nlink <= 1) {
29207 + saved_ino = inode->i_ino;
29208 + saved_dev = inode->i_sb->s_dev;
29211 atomic_inc(&inode->i_count);
29213 + if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
29218 error = mnt_want_write(nd.path.mnt);
29221 @@ -2335,6 +2450,8 @@ static long do_unlinkat(int dfd, const c
29224 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
29225 + if (!error && (saved_ino || saved_dev))
29226 + gr_handle_delete(saved_ino, saved_dev);
29228 mnt_drop_write(nd.path.mnt);
29230 @@ -2413,6 +2530,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
29231 if (IS_ERR(dentry))
29234 + if (!gr_acl_handle_symlink(dentry, nd.path.dentry, nd.path.mnt, from)) {
29239 error = mnt_want_write(nd.path.mnt);
29242 @@ -2420,6 +2542,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
29244 goto out_drop_write;
29245 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
29247 + gr_handle_create(dentry, nd.path.mnt);
29249 mnt_drop_write(nd.path.mnt);
29251 @@ -2513,6 +2637,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
29252 error = PTR_ERR(new_dentry);
29253 if (IS_ERR(new_dentry))
29256 + if (gr_handle_hardlink(old_path.dentry, old_path.mnt,
29257 + old_path.dentry->d_inode,
29258 + old_path.dentry->d_inode->i_mode, to)) {
29263 + if (!gr_acl_handle_link(new_dentry, nd.path.dentry, nd.path.mnt,
29264 + old_path.dentry, old_path.mnt, to)) {
29269 error = mnt_want_write(nd.path.mnt);
29272 @@ -2520,6 +2658,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
29274 goto out_drop_write;
29275 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
29277 + gr_handle_create(new_dentry, nd.path.mnt);
29279 mnt_drop_write(nd.path.mnt);
29281 @@ -2753,6 +2893,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
29282 if (new_dentry == trap)
29285 + error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt,
29286 + old_dentry, old_dir->d_inode, oldnd.path.mnt,
29291 error = mnt_want_write(oldnd.path.mnt);
29294 @@ -2762,6 +2908,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
29296 error = vfs_rename(old_dir->d_inode, old_dentry,
29297 new_dir->d_inode, new_dentry);
29299 + gr_handle_rename(old_dir->d_inode, new_dir->d_inode, old_dentry,
29300 + new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0);
29302 mnt_drop_write(oldnd.path.mnt);
29304 diff -urNp linux-2.6.32.1/fs/namespace.c linux-2.6.32.1/fs/namespace.c
29305 --- linux-2.6.32.1/fs/namespace.c 2009-12-02 22:51:21.000000000 -0500
29306 +++ linux-2.6.32.1/fs/namespace.c 2009-12-14 18:33:57.945802364 -0500
29307 @@ -1083,6 +1083,9 @@ static int do_umount(struct vfsmount *mn
29308 if (!(sb->s_flags & MS_RDONLY))
29309 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
29310 up_write(&sb->s_umount);
29312 + gr_log_remount(mnt->mnt_devname, retval);
29317 @@ -1104,6 +1107,9 @@ static int do_umount(struct vfsmount *mn
29318 security_sb_umount_busy(mnt);
29319 up_write(&namespace_sem);
29320 release_mounts(&umount_list);
29322 + gr_log_unmount(mnt->mnt_devname, retval);
29327 @@ -1955,6 +1961,16 @@ long do_mount(char *dev_name, char *dir_
29331 + if (gr_handle_rofs_mount(path.dentry, path.mnt, mnt_flags)) {
29336 + if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) {
29341 if (flags & MS_REMOUNT)
29342 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
29344 @@ -1969,6 +1985,9 @@ long do_mount(char *dev_name, char *dir_
29345 dev_name, data_page);
29349 + gr_log_mount(dev_name, dir_name, retval);
29354 @@ -2175,6 +2194,12 @@ SYSCALL_DEFINE2(pivot_root, const char _
29358 + if (gr_handle_chroot_pivot()) {
29364 read_lock(¤t->fs->lock);
29365 root = current->fs->root;
29366 path_get(¤t->fs->root);
29367 diff -urNp linux-2.6.32.1/fs/nfs/nfs4proc.c linux-2.6.32.1/fs/nfs/nfs4proc.c
29368 --- linux-2.6.32.1/fs/nfs/nfs4proc.c 2009-12-02 22:51:21.000000000 -0500
29369 +++ linux-2.6.32.1/fs/nfs/nfs4proc.c 2009-12-14 18:33:57.971842965 -0500
29370 @@ -1131,7 +1131,7 @@ static int _nfs4_do_open_reclaim(struct
29371 static int nfs4_do_open_reclaim(struct nfs_open_context *ctx, struct nfs4_state *state)
29373 struct nfs_server *server = NFS_SERVER(state->inode);
29374 - struct nfs4_exception exception = { };
29375 + struct nfs4_exception exception = {0, 0};
29378 err = _nfs4_do_open_reclaim(ctx, state);
29379 @@ -1173,7 +1173,7 @@ static int _nfs4_open_delegation_recall(
29381 int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
29383 - struct nfs4_exception exception = { };
29384 + struct nfs4_exception exception = {0, 0};
29385 struct nfs_server *server = NFS_SERVER(state->inode);
29388 @@ -1491,7 +1491,7 @@ static int _nfs4_open_expired(struct nfs
29389 static inline int nfs4_do_open_expired(struct nfs_open_context *ctx, struct nfs4_state *state)
29391 struct nfs_server *server = NFS_SERVER(state->inode);
29392 - struct nfs4_exception exception = { };
29393 + struct nfs4_exception exception = {0, 0};
29397 @@ -1589,7 +1589,7 @@ out_err:
29399 static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, fmode_t fmode, int flags, struct iattr *sattr, struct rpc_cred *cred)
29401 - struct nfs4_exception exception = { };
29402 + struct nfs4_exception exception = {0, 0};
29403 struct nfs4_state *res;
29406 @@ -1680,7 +1680,7 @@ static int nfs4_do_setattr(struct inode
29407 struct nfs4_state *state)
29409 struct nfs_server *server = NFS_SERVER(inode);
29410 - struct nfs4_exception exception = { };
29411 + struct nfs4_exception exception = {0, 0};
29414 err = nfs4_handle_exception(server,
29415 @@ -2046,7 +2046,7 @@ static int _nfs4_server_capabilities(str
29417 int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle)
29419 - struct nfs4_exception exception = { };
29420 + struct nfs4_exception exception = {0, 0};
29423 err = nfs4_handle_exception(server,
29424 @@ -2080,7 +2080,7 @@ static int _nfs4_lookup_root(struct nfs_
29425 static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
29426 struct nfs_fsinfo *info)
29428 - struct nfs4_exception exception = { };
29429 + struct nfs4_exception exception = {0, 0};
29432 err = nfs4_handle_exception(server,
29433 @@ -2169,7 +2169,7 @@ static int _nfs4_proc_getattr(struct nfs
29435 static int nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
29437 - struct nfs4_exception exception = { };
29438 + struct nfs4_exception exception = {0, 0};
29441 err = nfs4_handle_exception(server,
29442 @@ -2257,7 +2257,7 @@ static int nfs4_proc_lookupfh(struct nfs
29443 struct qstr *name, struct nfs_fh *fhandle,
29444 struct nfs_fattr *fattr)
29446 - struct nfs4_exception exception = { };
29447 + struct nfs4_exception exception = {0, 0};
29450 err = _nfs4_proc_lookupfh(server, dirfh, name, fhandle, fattr);
29451 @@ -2286,7 +2286,7 @@ static int _nfs4_proc_lookup(struct inod
29453 static int nfs4_proc_lookup(struct inode *dir, struct qstr *name, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
29455 - struct nfs4_exception exception = { };
29456 + struct nfs4_exception exception = {0, 0};
29459 err = nfs4_handle_exception(NFS_SERVER(dir),
29460 @@ -2350,7 +2350,7 @@ static int _nfs4_proc_access(struct inod
29462 static int nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry)
29464 - struct nfs4_exception exception = { };
29465 + struct nfs4_exception exception = {0, 0};
29468 err = nfs4_handle_exception(NFS_SERVER(inode),
29469 @@ -2406,7 +2406,7 @@ static int _nfs4_proc_readlink(struct in
29470 static int nfs4_proc_readlink(struct inode *inode, struct page *page,
29471 unsigned int pgbase, unsigned int pglen)
29473 - struct nfs4_exception exception = { };
29474 + struct nfs4_exception exception = {0, 0};
29477 err = nfs4_handle_exception(NFS_SERVER(inode),
29478 @@ -2504,7 +2504,7 @@ static int _nfs4_proc_remove(struct inod
29480 static int nfs4_proc_remove(struct inode *dir, struct qstr *name)
29482 - struct nfs4_exception exception = { };
29483 + struct nfs4_exception exception = {0, 0};
29486 err = nfs4_handle_exception(NFS_SERVER(dir),
29487 @@ -2578,7 +2578,7 @@ static int _nfs4_proc_rename(struct inod
29488 static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name,
29489 struct inode *new_dir, struct qstr *new_name)
29491 - struct nfs4_exception exception = { };
29492 + struct nfs4_exception exception = {0, 0};
29495 err = nfs4_handle_exception(NFS_SERVER(old_dir),
29496 @@ -2625,7 +2625,7 @@ static int _nfs4_proc_link(struct inode
29498 static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
29500 - struct nfs4_exception exception = { };
29501 + struct nfs4_exception exception = {0, 0};
29504 err = nfs4_handle_exception(NFS_SERVER(inode),
29505 @@ -2717,7 +2717,7 @@ out:
29506 static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
29507 struct page *page, unsigned int len, struct iattr *sattr)
29509 - struct nfs4_exception exception = { };
29510 + struct nfs4_exception exception = {0, 0};
29513 err = nfs4_handle_exception(NFS_SERVER(dir),
29514 @@ -2748,7 +2748,7 @@ out:
29515 static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
29516 struct iattr *sattr)
29518 - struct nfs4_exception exception = { };
29519 + struct nfs4_exception exception = {0, 0};
29522 err = nfs4_handle_exception(NFS_SERVER(dir),
29523 @@ -2797,7 +2797,7 @@ static int _nfs4_proc_readdir(struct den
29524 static int nfs4_proc_readdir(struct dentry *dentry, struct rpc_cred *cred,
29525 u64 cookie, struct page *page, unsigned int count, int plus)
29527 - struct nfs4_exception exception = { };
29528 + struct nfs4_exception exception = {0, 0};
29531 err = nfs4_handle_exception(NFS_SERVER(dentry->d_inode),
29532 @@ -2845,7 +2845,7 @@ out:
29533 static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
29534 struct iattr *sattr, dev_t rdev)
29536 - struct nfs4_exception exception = { };
29537 + struct nfs4_exception exception = {0, 0};
29540 err = nfs4_handle_exception(NFS_SERVER(dir),
29541 @@ -2877,7 +2877,7 @@ static int _nfs4_proc_statfs(struct nfs_
29543 static int nfs4_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsstat *fsstat)
29545 - struct nfs4_exception exception = { };
29546 + struct nfs4_exception exception = {0, 0};
29549 err = nfs4_handle_exception(server,
29550 @@ -2908,7 +2908,7 @@ static int _nfs4_do_fsinfo(struct nfs_se
29552 static int nfs4_do_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsinfo *fsinfo)
29554 - struct nfs4_exception exception = { };
29555 + struct nfs4_exception exception = {0, 0};
29559 @@ -2954,7 +2954,7 @@ static int _nfs4_proc_pathconf(struct nf
29560 static int nfs4_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
29561 struct nfs_pathconf *pathconf)
29563 - struct nfs4_exception exception = { };
29564 + struct nfs4_exception exception = {0, 0};
29568 @@ -3253,7 +3253,7 @@ out_free:
29570 static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
29572 - struct nfs4_exception exception = { };
29573 + struct nfs4_exception exception = {0, 0};
29576 ret = __nfs4_get_acl_uncached(inode, buf, buflen);
29577 @@ -3309,7 +3309,7 @@ static int __nfs4_proc_set_acl(struct in
29579 static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
29581 - struct nfs4_exception exception = { };
29582 + struct nfs4_exception exception = {0, 0};
29585 err = nfs4_handle_exception(NFS_SERVER(inode),
29586 @@ -3574,7 +3574,7 @@ out:
29587 int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync)
29589 struct nfs_server *server = NFS_SERVER(inode);
29590 - struct nfs4_exception exception = { };
29591 + struct nfs4_exception exception = {0, 0};
29594 err = _nfs4_proc_delegreturn(inode, cred, stateid, issync);
29595 @@ -3647,7 +3647,7 @@ out:
29597 static int nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock *request)
29599 - struct nfs4_exception exception = { };
29600 + struct nfs4_exception exception = {0, 0};
29604 @@ -4021,7 +4021,7 @@ static int _nfs4_do_setlk(struct nfs4_st
29605 static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request)
29607 struct nfs_server *server = NFS_SERVER(state->inode);
29608 - struct nfs4_exception exception = { };
29609 + struct nfs4_exception exception = {0, 0};
29613 @@ -4039,7 +4039,7 @@ static int nfs4_lock_reclaim(struct nfs4
29614 static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request)
29616 struct nfs_server *server = NFS_SERVER(state->inode);
29617 - struct nfs4_exception exception = { };
29618 + struct nfs4_exception exception = {0, 0};
29621 err = nfs4_set_lock_state(state, request);
29622 @@ -4094,7 +4094,7 @@ out:
29624 static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock *request)
29626 - struct nfs4_exception exception = { };
29627 + struct nfs4_exception exception = {0, 0};
29631 @@ -4154,7 +4154,7 @@ nfs4_proc_lock(struct file *filp, int cm
29632 int nfs4_lock_delegation_recall(struct nfs4_state *state, struct file_lock *fl)
29634 struct nfs_server *server = NFS_SERVER(state->inode);
29635 - struct nfs4_exception exception = { };
29636 + struct nfs4_exception exception = {0, 0};
29639 err = nfs4_set_lock_state(state, fl);
29640 diff -urNp linux-2.6.32.1/fs/nfsd/lockd.c linux-2.6.32.1/fs/nfsd/lockd.c
29641 --- linux-2.6.32.1/fs/nfsd/lockd.c 2009-12-02 22:51:21.000000000 -0500
29642 +++ linux-2.6.32.1/fs/nfsd/lockd.c 2009-12-14 18:33:57.979842084 -0500
29643 @@ -67,7 +67,7 @@ nlm_fclose(struct file *filp)
29647 -static struct nlmsvc_binding nfsd_nlm_ops = {
29648 +static const struct nlmsvc_binding nfsd_nlm_ops = {
29649 .fopen = nlm_fopen, /* open file for locking */
29650 .fclose = nlm_fclose, /* close file */
29652 diff -urNp linux-2.6.32.1/fs/nfsd/vfs.c linux-2.6.32.1/fs/nfsd/vfs.c
29653 --- linux-2.6.32.1/fs/nfsd/vfs.c 2009-12-02 22:51:21.000000000 -0500
29654 +++ linux-2.6.32.1/fs/nfsd/vfs.c 2009-12-14 18:33:57.989771739 -0500
29655 @@ -940,7 +940,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st
29659 - host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset);
29660 + host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset);
29664 @@ -1063,7 +1063,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s
29666 /* Write the data. */
29667 oldfs = get_fs(); set_fs(KERNEL_DS);
29668 - host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset);
29669 + host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset);
29673 @@ -1538,7 +1538,7 @@ nfsd_readlink(struct svc_rqst *rqstp, st
29676 oldfs = get_fs(); set_fs(KERNEL_DS);
29677 - host_err = inode->i_op->readlink(dentry, buf, *lenp);
29678 + host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp);
29682 diff -urNp linux-2.6.32.1/fs/nls/nls_base.c linux-2.6.32.1/fs/nls/nls_base.c
29683 --- linux-2.6.32.1/fs/nls/nls_base.c 2009-12-02 22:51:21.000000000 -0500
29684 +++ linux-2.6.32.1/fs/nls/nls_base.c 2009-12-14 18:33:58.003745323 -0500
29685 @@ -41,7 +41,7 @@ static const struct utf8_table utf8_tabl
29686 {0xF8, 0xF0, 3*6, 0x1FFFFF, 0x10000, /* 4 byte sequence */},
29687 {0xFC, 0xF8, 4*6, 0x3FFFFFF, 0x200000, /* 5 byte sequence */},
29688 {0xFE, 0xFC, 5*6, 0x7FFFFFFF, 0x4000000, /* 6 byte sequence */},
29689 - {0, /* end of table */}
29690 + {0, 0, 0, 0, 0, /* end of table */}
29693 #define UNICODE_MAX 0x0010ffff
29694 diff -urNp linux-2.6.32.1/fs/ntfs/file.c linux-2.6.32.1/fs/ntfs/file.c
29695 --- linux-2.6.32.1/fs/ntfs/file.c 2009-12-02 22:51:21.000000000 -0500
29696 +++ linux-2.6.32.1/fs/ntfs/file.c 2009-12-14 18:33:58.017886590 -0500
29697 @@ -2243,6 +2243,6 @@ const struct inode_operations ntfs_file_
29698 #endif /* NTFS_RW */
29701 -const struct file_operations ntfs_empty_file_ops = {};
29702 +const struct file_operations ntfs_empty_file_ops __read_only;
29704 -const struct inode_operations ntfs_empty_inode_ops = {};
29705 +const struct inode_operations ntfs_empty_inode_ops __read_only;
29706 diff -urNp linux-2.6.32.1/fs/ocfs2/cluster/masklog.c linux-2.6.32.1/fs/ocfs2/cluster/masklog.c
29707 --- linux-2.6.32.1/fs/ocfs2/cluster/masklog.c 2009-12-02 22:51:21.000000000 -0500
29708 +++ linux-2.6.32.1/fs/ocfs2/cluster/masklog.c 2009-12-14 18:33:58.046723305 -0500
29709 @@ -135,7 +135,7 @@ static ssize_t mlog_store(struct kobject
29710 return mlog_mask_store(mlog_attr->mask, buf, count);
29713 -static struct sysfs_ops mlog_attr_ops = {
29714 +static const struct sysfs_ops mlog_attr_ops = {
29716 .store = mlog_store,
29718 diff -urNp linux-2.6.32.1/fs/ocfs2/localalloc.c linux-2.6.32.1/fs/ocfs2/localalloc.c
29719 --- linux-2.6.32.1/fs/ocfs2/localalloc.c 2009-12-02 22:51:21.000000000 -0500
29720 +++ linux-2.6.32.1/fs/ocfs2/localalloc.c 2009-12-14 18:33:58.070813486 -0500
29721 @@ -1188,7 +1188,7 @@ static int ocfs2_local_alloc_slide_windo
29725 - atomic_inc(&osb->alloc_stats.moves);
29726 + atomic_inc_unchecked(&osb->alloc_stats.moves);
29730 diff -urNp linux-2.6.32.1/fs/ocfs2/ocfs2.h linux-2.6.32.1/fs/ocfs2/ocfs2.h
29731 --- linux-2.6.32.1/fs/ocfs2/ocfs2.h 2009-12-02 22:51:21.000000000 -0500
29732 +++ linux-2.6.32.1/fs/ocfs2/ocfs2.h 2009-12-14 18:33:58.081752152 -0500
29733 @@ -217,11 +217,11 @@ enum ocfs2_vol_state
29735 struct ocfs2_alloc_stats
29738 - atomic_t local_data;
29739 - atomic_t bitmap_data;
29740 - atomic_t bg_allocs;
29741 - atomic_t bg_extends;
29742 + atomic_unchecked_t moves;
29743 + atomic_unchecked_t local_data;
29744 + atomic_unchecked_t bitmap_data;
29745 + atomic_unchecked_t bg_allocs;
29746 + atomic_unchecked_t bg_extends;
29749 enum ocfs2_local_alloc_state
29750 diff -urNp linux-2.6.32.1/fs/ocfs2/suballoc.c linux-2.6.32.1/fs/ocfs2/suballoc.c
29751 --- linux-2.6.32.1/fs/ocfs2/suballoc.c 2009-12-02 22:51:21.000000000 -0500
29752 +++ linux-2.6.32.1/fs/ocfs2/suballoc.c 2009-12-14 18:33:58.112763271 -0500
29753 @@ -620,7 +620,7 @@ static int ocfs2_reserve_suballoc_bits(s
29754 mlog_errno(status);
29757 - atomic_inc(&osb->alloc_stats.bg_extends);
29758 + atomic_inc_unchecked(&osb->alloc_stats.bg_extends);
29760 /* You should never ask for this much metadata */
29761 BUG_ON(bits_wanted >
29762 @@ -1651,7 +1651,7 @@ int ocfs2_claim_metadata(struct ocfs2_su
29763 mlog_errno(status);
29766 - atomic_inc(&osb->alloc_stats.bg_allocs);
29767 + atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
29769 *blkno_start = bg_blkno + (u64) *suballoc_bit_start;
29770 ac->ac_bits_given += (*num_bits);
29771 @@ -1725,7 +1725,7 @@ int ocfs2_claim_new_inode(struct ocfs2_s
29772 mlog_errno(status);
29775 - atomic_inc(&osb->alloc_stats.bg_allocs);
29776 + atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
29778 BUG_ON(num_bits != 1);
29780 @@ -1827,7 +1827,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
29784 - atomic_inc(&osb->alloc_stats.local_data);
29785 + atomic_inc_unchecked(&osb->alloc_stats.local_data);
29787 if (min_clusters > (osb->bitmap_cpg - 1)) {
29788 /* The only paths asking for contiguousness
29789 @@ -1855,7 +1855,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
29790 ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
29793 - atomic_inc(&osb->alloc_stats.bitmap_data);
29794 + atomic_inc_unchecked(&osb->alloc_stats.bitmap_data);
29798 diff -urNp linux-2.6.32.1/fs/ocfs2/super.c linux-2.6.32.1/fs/ocfs2/super.c
29799 --- linux-2.6.32.1/fs/ocfs2/super.c 2009-12-02 22:51:21.000000000 -0500
29800 +++ linux-2.6.32.1/fs/ocfs2/super.c 2009-12-14 18:33:58.129850125 -0500
29801 @@ -284,11 +284,11 @@ static int ocfs2_osb_dump(struct ocfs2_s
29802 "%10s => GlobalAllocs: %d LocalAllocs: %d "
29803 "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n",
29805 - atomic_read(&osb->alloc_stats.bitmap_data),
29806 - atomic_read(&osb->alloc_stats.local_data),
29807 - atomic_read(&osb->alloc_stats.bg_allocs),
29808 - atomic_read(&osb->alloc_stats.moves),
29809 - atomic_read(&osb->alloc_stats.bg_extends));
29810 + atomic_read_unchecked(&osb->alloc_stats.bitmap_data),
29811 + atomic_read_unchecked(&osb->alloc_stats.local_data),
29812 + atomic_read_unchecked(&osb->alloc_stats.bg_allocs),
29813 + atomic_read_unchecked(&osb->alloc_stats.moves),
29814 + atomic_read_unchecked(&osb->alloc_stats.bg_extends));
29816 out += snprintf(buf + out, len - out,
29817 "%10s => State: %u Descriptor: %llu Size: %u bits "
29818 @@ -1998,11 +1998,11 @@ static int ocfs2_initialize_super(struct
29819 spin_lock_init(&osb->osb_xattr_lock);
29820 ocfs2_init_inode_steal_slot(osb);
29822 - atomic_set(&osb->alloc_stats.moves, 0);
29823 - atomic_set(&osb->alloc_stats.local_data, 0);
29824 - atomic_set(&osb->alloc_stats.bitmap_data, 0);
29825 - atomic_set(&osb->alloc_stats.bg_allocs, 0);
29826 - atomic_set(&osb->alloc_stats.bg_extends, 0);
29827 + atomic_set_unchecked(&osb->alloc_stats.moves, 0);
29828 + atomic_set_unchecked(&osb->alloc_stats.local_data, 0);
29829 + atomic_set_unchecked(&osb->alloc_stats.bitmap_data, 0);
29830 + atomic_set_unchecked(&osb->alloc_stats.bg_allocs, 0);
29831 + atomic_set_unchecked(&osb->alloc_stats.bg_extends, 0);
29833 /* Copy the blockcheck stats from the superblock probe */
29834 osb->osb_ecc_stats = *stats;
29835 diff -urNp linux-2.6.32.1/fs/open.c linux-2.6.32.1/fs/open.c
29836 --- linux-2.6.32.1/fs/open.c 2009-12-02 22:51:21.000000000 -0500
29837 +++ linux-2.6.32.1/fs/open.c 2009-12-14 18:33:58.165729130 -0500
29838 @@ -206,6 +206,9 @@ int do_truncate(struct dentry *dentry, l
29842 + if (filp && !gr_acl_handle_truncate(dentry, filp->f_path.mnt))
29845 newattrs.ia_size = length;
29846 newattrs.ia_valid = ATTR_SIZE | time_attrs;
29848 @@ -511,6 +514,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, con
29849 if (__mnt_is_readonly(path.mnt))
29852 + if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode))
29858 @@ -537,6 +543,8 @@ SYSCALL_DEFINE1(chdir, const char __user
29862 + gr_log_chdir(path.dentry, path.mnt);
29864 set_fs_pwd(current->fs, &path);
29867 @@ -563,6 +571,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd
29870 error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
29872 + if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt))
29876 + gr_log_chdir(file->f_path.dentry, file->f_path.mnt);
29879 set_fs_pwd(current->fs, &file->f_path);
29881 @@ -588,7 +603,18 @@ SYSCALL_DEFINE1(chroot, const char __use
29882 if (!capable(CAP_SYS_CHROOT))
29885 + if (gr_handle_chroot_chroot(path.dentry, path.mnt))
29886 + goto dput_and_out;
29888 + if (gr_handle_chroot_caps(&path)) {
29890 + goto dput_and_out;
29893 set_fs_root(current->fs, &path);
29895 + gr_handle_chroot_chdir(&path);
29900 @@ -616,13 +642,28 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
29901 err = mnt_want_write_file(file);
29905 + if (!gr_acl_handle_fchmod(dentry, file->f_path.mnt, mode)) {
29907 + goto out_drop_write;
29910 mutex_lock(&inode->i_mutex);
29911 if (mode == (mode_t) -1)
29912 mode = inode->i_mode;
29914 + if (gr_handle_chroot_chmod(dentry, file->f_path.mnt, mode)) {
29916 + mutex_unlock(&inode->i_mutex);
29917 + goto out_drop_write;
29920 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
29921 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
29922 err = notify_change(dentry, &newattrs);
29923 mutex_unlock(&inode->i_mutex);
29926 mnt_drop_write(file->f_path.mnt);
29929 @@ -645,13 +686,28 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
29930 error = mnt_want_write(path.mnt);
29934 + if (!gr_acl_handle_chmod(path.dentry, path.mnt, mode)) {
29936 + goto out_drop_write;
29939 mutex_lock(&inode->i_mutex);
29940 if (mode == (mode_t) -1)
29941 mode = inode->i_mode;
29943 + if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
29945 + mutex_unlock(&inode->i_mutex);
29946 + goto out_drop_write;
29949 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
29950 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
29951 error = notify_change(path.dentry, &newattrs);
29952 mutex_unlock(&inode->i_mutex);
29955 mnt_drop_write(path.mnt);
29958 @@ -664,12 +720,15 @@ SYSCALL_DEFINE2(chmod, const char __user
29959 return sys_fchmodat(AT_FDCWD, filename, mode);
29962 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
29963 +static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
29965 struct inode *inode = dentry->d_inode;
29967 struct iattr newattrs;
29969 + if (!gr_acl_handle_chown(dentry, mnt))
29972 newattrs.ia_valid = ATTR_CTIME;
29973 if (user != (uid_t) -1) {
29974 newattrs.ia_valid |= ATTR_UID;
29975 @@ -770,17 +770,17 @@ SYSCALL_DEFINE3(chown, const char __user
29977 error = mnt_want_write(path.mnt);
29980 #ifdef CONFIG_VSERVER_COWBL
29981 error = cow_check_and_break(&path);
29984 - error = chown_common(path.dentry, user, group);
29985 + error = chown_common(path.dentry, user, group, path.mnt);
29986 mnt_drop_write(path.mnt);
29993 SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
29994 @@ -799,17 +799,17 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
29996 error = mnt_want_write(path.mnt);
29999 #ifdef CONFIG_VSERVER_COWBL
30000 error = cow_check_and_break(&path);
30003 - error = chown_common(path.dentry, user, group);
30004 + error = chown_common(path.dentry, user, group, path.mnt);
30005 mnt_drop_write(path.mnt);
30012 SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group)
30013 @@ -827,7 +827,7 @@ SYSCALL_DEFINE3(lchown, const char __use
30014 error = cow_check_and_break(&path);
30017 - error = chown_common(path.dentry, user, group);
30018 + error = chown_common(path.dentry, user, group, path.nmt);
30019 mnt_drop_write(path.mnt);
30022 @@ -850,7 +850,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
30024 dentry = file->f_path.dentry;
30025 audit_inode(NULL, dentry);
30026 - error = chown_common(dentry, user, group);
30027 + error = chown_common(dentry, user, group, file->f_path.mnt);
30028 mnt_drop_write(file->f_path.mnt);
30031 diff -urNp linux-2.6.32.1/fs/pipe.c linux-2.6.32.1/fs/pipe.c
30032 --- linux-2.6.32.1/fs/pipe.c 2009-12-02 22:51:21.000000000 -0500
30033 +++ linux-2.6.32.1/fs/pipe.c 2009-12-14 18:33:58.165729130 -0500
30034 @@ -401,9 +401,9 @@ redo:
30036 if (bufs) /* More to do? */
30038 - if (!pipe->writers)
30039 + if (!atomic_read(&pipe->writers))
30041 - if (!pipe->waiting_writers) {
30042 + if (!atomic_read(&pipe->waiting_writers)) {
30043 /* syscall merging: Usually we must not sleep
30044 * if O_NONBLOCK is set, or if we got some data.
30045 * But if a writer sleeps in kernel space, then
30046 @@ -462,7 +462,7 @@ pipe_write(struct kiocb *iocb, const str
30047 mutex_lock(&inode->i_mutex);
30048 pipe = inode->i_pipe;
30050 - if (!pipe->readers) {
30051 + if (!atomic_read(&pipe->readers)) {
30052 send_sig(SIGPIPE, current, 0);
30055 @@ -511,7 +511,7 @@ redo1:
30059 - if (!pipe->readers) {
30060 + if (!atomic_read(&pipe->readers)) {
30061 send_sig(SIGPIPE, current, 0);
30064 @@ -597,9 +597,9 @@ redo2:
30065 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
30068 - pipe->waiting_writers++;
30069 + atomic_inc(&pipe->waiting_writers);
30071 - pipe->waiting_writers--;
30072 + atomic_dec(&pipe->waiting_writers);
30075 mutex_unlock(&inode->i_mutex);
30076 @@ -666,7 +666,7 @@ pipe_poll(struct file *filp, poll_table
30078 if (filp->f_mode & FMODE_READ) {
30079 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
30080 - if (!pipe->writers && filp->f_version != pipe->w_counter)
30081 + if (!atomic_read(&pipe->writers) && filp->f_version != pipe->w_counter)
30085 @@ -676,7 +676,7 @@ pipe_poll(struct file *filp, poll_table
30086 * Most Unices do not set POLLERR for FIFOs but on Linux they
30087 * behave exactly like pipes for poll().
30089 - if (!pipe->readers)
30090 + if (!atomic_read(&pipe->readers))
30094 @@ -690,10 +690,10 @@ pipe_release(struct inode *inode, int de
30096 mutex_lock(&inode->i_mutex);
30097 pipe = inode->i_pipe;
30098 - pipe->readers -= decr;
30099 - pipe->writers -= decw;
30100 + atomic_sub(decr, &pipe->readers);
30101 + atomic_sub(decw, &pipe->writers);
30103 - if (!pipe->readers && !pipe->writers) {
30104 + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
30105 free_pipe_info(inode);
30107 wake_up_interruptible_sync(&pipe->wait);
30108 @@ -783,7 +783,7 @@ pipe_read_open(struct inode *inode, stru
30110 if (inode->i_pipe) {
30112 - inode->i_pipe->readers++;
30113 + atomic_inc(&inode->i_pipe->readers);
30116 mutex_unlock(&inode->i_mutex);
30117 @@ -800,7 +800,7 @@ pipe_write_open(struct inode *inode, str
30119 if (inode->i_pipe) {
30121 - inode->i_pipe->writers++;
30122 + atomic_inc(&inode->i_pipe->writers);
30125 mutex_unlock(&inode->i_mutex);
30126 @@ -818,9 +818,9 @@ pipe_rdwr_open(struct inode *inode, stru
30127 if (inode->i_pipe) {
30129 if (filp->f_mode & FMODE_READ)
30130 - inode->i_pipe->readers++;
30131 + atomic_inc(&inode->i_pipe->readers);
30132 if (filp->f_mode & FMODE_WRITE)
30133 - inode->i_pipe->writers++;
30134 + atomic_inc(&inode->i_pipe->writers);
30137 mutex_unlock(&inode->i_mutex);
30138 @@ -905,7 +905,7 @@ void free_pipe_info(struct inode *inode)
30139 inode->i_pipe = NULL;
30142 -static struct vfsmount *pipe_mnt __read_mostly;
30143 +struct vfsmount *pipe_mnt __read_mostly;
30144 static int pipefs_delete_dentry(struct dentry *dentry)
30147 @@ -945,7 +945,8 @@ static struct inode * get_pipe_inode(voi
30149 inode->i_pipe = pipe;
30151 - pipe->readers = pipe->writers = 1;
30152 + atomic_set(&pipe->readers, 1);
30153 + atomic_set(&pipe->writers, 1);
30154 inode->i_fop = &rdwr_pipefifo_fops;
30157 diff -urNp linux-2.6.32.1/fs/proc/array.c linux-2.6.32.1/fs/proc/array.c
30158 --- linux-2.6.32.1/fs/proc/array.c 2009-12-02 22:51:21.000000000 -0500
30159 +++ linux-2.6.32.1/fs/proc/array.c 2009-12-14 18:33:58.212989652 -0500
30160 @@ -410,6 +410,21 @@ static void task_show_stack_usage(struct
30162 #endif /* CONFIG_MMU */
30164 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
30165 +static inline void task_pax(struct seq_file *m, struct task_struct *p)
30168 + seq_printf(m, "PaX:\t%c%c%c%c%c\n",
30169 + p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
30170 + p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
30171 + p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
30172 + p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
30173 + p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
30175 + seq_printf(m, "PaX:\t-----\n");
30179 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
30180 struct pid *pid, struct task_struct *task)
30182 @@ -430,9 +445,20 @@ int proc_pid_status(struct seq_file *m,
30184 task_context_switch_counts(m, task);
30185 task_show_stack_usage(m, task);
30187 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
30188 + task_pax(m, task);
30194 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30195 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30196 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
30197 + _mm->pax_flags & MF_PAX_SEGMEXEC))
30200 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
30201 struct pid *pid, struct task_struct *task, int whole)
30203 @@ -529,6 +555,19 @@ static int do_task_stat(struct seq_file
30204 gtime = task_gtime(task);
30207 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30208 + if (PAX_RAND_FLAGS(mm)) {
30214 +#ifdef CONFIG_GRKERNSEC_HIDESYM
30220 /* scale priority and nice values from timeslices to -20..20 */
30221 /* to make it look like a "normal" Unix priority/nice value */
30222 priority = task_prio(task);
30223 @@ -569,9 +608,15 @@ static int do_task_stat(struct seq_file
30225 mm ? get_mm_rss(mm) : 0,
30227 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30228 + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0),
30229 + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0),
30230 + PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? task->stack_start : 0),
30232 mm ? mm->start_code : 0,
30233 mm ? mm->end_code : 0,
30234 (permitted && mm) ? task->stack_start : 0,
30238 /* The signal information here is obsolete.
30239 @@ -624,3 +669,10 @@ int proc_pid_statm(struct seq_file *m, s
30244 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30245 +int proc_pid_ipaddr(struct task_struct *task, char *buffer)
30247 + return sprintf(buffer, "%pI4\n", &task->signal->curr_ip);
30250 diff -urNp linux-2.6.32.1/fs/proc/base.c linux-2.6.32.1/fs/proc/base.c
30251 --- linux-2.6.32.1/fs/proc/base.c 2009-12-02 22:51:21.000000000 -0500
30252 +++ linux-2.6.32.1/fs/proc/base.c 2009-12-14 18:33:58.441707899 -0500
30253 @@ -211,10 +211,13 @@ static int check_mem_permission(struct t
30254 * to use system calls instead of load instructions.
30256 if (task == current)
30259 + if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))
30263 * If current is actively ptrace'ing, and would also be
30264 * permitted to freshly attach with ptrace now, permit it.
30266 if (task_is_stopped_or_traced(task)) {
30267 @@ -258,10 +261,13 @@ static int proc_pid_cmdline(struct task_
30271 goto out_mm; /* Shh! No looking before we're done */
30273 + if (gr_acl_handle_procpidmem(task))
30276 len = mm->arg_end - mm->arg_start;
30278 if (len > PAGE_SIZE)
30281 @@ -285,16 +291,30 @@ out_mm:
30287 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30288 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30289 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
30290 + _mm->pax_flags & MF_PAX_SEGMEXEC))
30293 static int proc_pid_auxv(struct task_struct *task, char *buffer)
30296 struct mm_struct *mm = get_task_mm(task);
30298 unsigned int nwords = 0;
30300 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30301 + if (PAX_RAND_FLAGS(mm)) {
30309 } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
30310 res = nwords * sizeof(mm->saved_auxv[0]);
30311 if (res > PAGE_SIZE)
30312 @@ -326,11 +346,11 @@ static int proc_pid_wchan(struct task_st
30314 return sprintf(buffer, "%s", symname);
30316 #endif /* CONFIG_KALLSYMS */
30318 -#ifdef CONFIG_STACKTRACE
30319 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30321 #define MAX_STACK_TRACE_DEPTH 64
30323 static int proc_pid_stack(struct seq_file *m, struct pid_namespace *ns,
30324 struct pid *pid, struct task_struct *task)
30325 @@ -519,11 +539,11 @@ static int proc_pid_limits(struct task_s
30331 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30332 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30333 static int proc_pid_syscall(struct task_struct *task, char *buffer)
30336 unsigned long args[6], sp, pc;
30338 @@ -933,10 +953,13 @@ static ssize_t environ_read(struct file
30339 struct mm_struct *mm;
30344 + if (gr_acl_handle_procpidmem(task))
30347 if (!ptrace_may_access(task, PTRACE_MODE_READ))
30351 page = (char *)__get_free_page(GFP_TEMPORARY);
30352 @@ -1483,11 +1483,15 @@ static struct inode *proc_pid_make_inode
30354 if (task_dumpable(task)) {
30356 cred = __task_cred(task);
30357 inode->i_uid = cred->euid;
30358 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30359 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30361 inode->i_gid = cred->egid;
30365 /* procfs is xid tagged */
30366 inode->i_tag = (tag_t)vx_task_xid(task);
30367 security_task_to_inode(task, inode);
30368 @@ -1471,23 +1498,48 @@ out_unlock:
30369 static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
30371 struct inode *inode = dentry->d_inode;
30372 struct task_struct *task;
30373 const struct cred *cred;
30374 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30375 + const struct cred *tmpcred = current_cred();
30378 generic_fillattr(inode, stat);
30383 task = pid_task(proc_pid(inode), PIDTYPE_PID);
30385 + if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
30386 + rcu_read_unlock();
30391 + cred = __task_cred(task);
30392 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30393 + if (!tmpcred->uid || (tmpcred->uid == cred->uid)
30394 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30395 + || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
30399 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
30400 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30401 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
30402 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30403 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
30405 task_dumpable(task)) {
30406 - cred = __task_cred(task);
30407 stat->uid = cred->euid;
30408 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30409 + stat->gid = CONFIG_GRKERNSEC_PROC_GID;
30411 stat->gid = cred->egid;
30418 @@ -1515,15 +1567,24 @@ static int pid_revalidate(struct dentry
30419 struct task_struct *task = get_proc_task(inode);
30420 const struct cred *cred;
30423 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
30424 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30425 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
30426 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30427 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
30429 task_dumpable(task)) {
30431 cred = __task_cred(task);
30432 inode->i_uid = cred->euid;
30433 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30434 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30436 inode->i_gid = cred->egid;
30443 @@ -1640,11 +1701,12 @@ static int proc_fd_info(struct inode *in
30444 struct files_struct *files = NULL;
30446 int fd = proc_fd(inode);
30449 - files = get_files_struct(task);
30450 + if (!gr_acl_handle_procpidmem(task))
30451 + files = get_files_struct(task);
30452 put_task_struct(task);
30456 * We are not taking a ref to the file structure, so we must
30457 @@ -1892,16 +1954,26 @@ static const struct file_operations proc
30458 * access /proc/self/fd after it has executed a setuid().
30460 static int proc_fd_permission(struct inode *inode, int mask)
30463 + struct task_struct *task;
30465 rv = generic_permission(inode, mask, NULL);
30469 if (task_pid(current) == proc_pid(inode))
30472 + task = get_proc_task(inode);
30473 + if (task == NULL)
30476 + if (gr_acl_handle_procpidmem(task))
30479 + put_task_struct(task);
30485 * proc directories can do almost nothing..
30486 @@ -2094,10 +2094,13 @@ static struct dentry *proc_pident_lookup
30487 (dentry->d_name.len == 5) &&
30488 (!memcmp(dentry->d_name.name, "vinfo", 5) ||
30489 !memcmp(dentry->d_name.name, "ninfo", 5)))
30492 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30496 * Yes, it does not scale. And it should not. Don't add
30497 * new entries into /proc/<tgid>/ without very good reasons.
30499 last = &ents[nents - 1];
30500 @@ -2050,10 +2125,13 @@ static int proc_pident_readdir(struct fi
30506 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30513 ino = inode->i_ino;
30514 @@ -2416,10 +2494,13 @@ static struct dentry *proc_base_lookup(s
30520 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
30523 error = proc_base_instantiate(dir, dentry, task, p);
30526 put_task_struct(task);
30528 @@ -2502,11 +2583,11 @@ static const struct pid_entry tgid_base_
30529 ONE("personality", S_IRUSR, proc_pid_personality),
30530 INF("limits", S_IRUSR, proc_pid_limits),
30531 #ifdef CONFIG_SCHED_DEBUG
30532 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
30534 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30535 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30536 INF("syscall", S_IRUSR, proc_pid_syscall),
30538 INF("cmdline", S_IRUGO, proc_pid_cmdline),
30539 ONE("stat", S_IRUGO, proc_tgid_stat),
30540 ONE("statm", S_IRUGO, proc_pid_statm),
30541 @@ -2530,11 +2611,11 @@ static const struct pid_entry tgid_base_
30542 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
30544 #ifdef CONFIG_KALLSYMS
30545 INF("wchan", S_IRUGO, proc_pid_wchan),
30547 -#ifdef CONFIG_STACKTRACE
30548 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30549 ONE("stack", S_IRUSR, proc_pid_stack),
30551 #ifdef CONFIG_SCHEDSTATS
30552 INF("schedstat", S_IRUGO, proc_pid_schedstat),
30554 @@ -2662,10 +2662,13 @@ static const struct pid_entry tgid_base_
30555 REG("coredump_filter", S_IRUGO|S_IWUSR, proc_coredump_filter_operations),
30557 #ifdef CONFIG_TASK_IO_ACCOUNTING
30558 INF("io", S_IRUGO, proc_tgid_io_accounting),
30560 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30561 + INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
30563 ONE("nsproxy", S_IRUGO, proc_pid_nsproxy),
30566 static int proc_tgid_base_readdir(struct file * filp,
30567 void * dirent, filldir_t filldir)
30568 @@ -2684,11 +2768,18 @@ static struct dentry *proc_pid_instantia
30570 inode = proc_pid_make_inode(dir->i_sb, task);
30574 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30575 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
30576 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30577 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30578 + inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
30580 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
30582 inode->i_op = &proc_tgid_base_inode_operations;
30583 inode->i_fop = &proc_tgid_base_operations;
30584 inode->i_flags|=S_IMMUTABLE;
30586 inode->i_nlink = 2 + pid_entry_count_dirs(tgid_base_stuff,
30587 @@ -2726,11 +2817,15 @@ struct dentry *proc_pid_lookup(struct in
30588 get_task_struct(task);
30593 + if (gr_check_hidden_task(task))
30594 + goto out_put_task;
30596 result = proc_pid_instantiate(dir, dentry, task, NULL);
30598 put_task_struct(task);
30603 @@ -2908,10 +2908,14 @@ static int proc_pid_fill_cache(struct fi
30604 /* for the /proc/ directory itself, after non-process stuff has been done */
30605 int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
30607 unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
30608 struct task_struct *reaper = get_proc_task_real(filp->f_path.dentry->d_inode);
30609 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30610 + const struct cred *tmpcred = current_cred();
30611 + const struct cred *itercred;
30613 struct tgid_iter iter;
30614 struct pid_namespace *ns;
30618 @@ -2930,10 +2930,23 @@ int proc_pid_readdir(struct file * filp,
30620 iter.tgid = filp->f_pos - TGID_OFFSET;
30621 for (iter = next_tgid(ns, iter);
30623 iter.tgid += 1, iter = next_tgid(ns, iter)) {
30624 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30625 + itercred = __task_cred(iter.task);
30627 + if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
30628 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30629 + || (tmpcred->uid && (itercred->uid != tmpcred->uid)
30630 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30631 + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
30637 filp->f_pos = iter.tgid + TGID_OFFSET;
30638 if (!vx_proc_task_visible(iter.task))
30640 if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
30641 put_task_struct(iter.task);
30642 @@ -2836,11 +2949,11 @@ static const struct pid_entry tid_base_s
30643 ONE("personality", S_IRUSR, proc_pid_personality),
30644 INF("limits", S_IRUSR, proc_pid_limits),
30645 #ifdef CONFIG_SCHED_DEBUG
30646 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
30648 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
30649 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
30650 INF("syscall", S_IRUSR, proc_pid_syscall),
30652 INF("cmdline", S_IRUGO, proc_pid_cmdline),
30653 ONE("stat", S_IRUGO, proc_tid_stat),
30654 ONE("statm", S_IRUGO, proc_pid_statm),
30655 @@ -2863,11 +2976,11 @@ static const struct pid_entry tid_base_s
30656 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
30658 #ifdef CONFIG_KALLSYMS
30659 INF("wchan", S_IRUGO, proc_pid_wchan),
30661 -#ifdef CONFIG_STACKTRACE
30662 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
30663 ONE("stack", S_IRUSR, proc_pid_stack),
30665 #ifdef CONFIG_SCHEDSTATS
30666 INF("schedstat", S_IRUGO, proc_pid_schedstat),
30668 diff -urNp linux-2.6.32.1/fs/proc/cmdline.c linux-2.6.32.1/fs/proc/cmdline.c
30669 --- linux-2.6.32.1/fs/proc/cmdline.c 2009-12-02 22:51:21.000000000 -0500
30670 +++ linux-2.6.32.1/fs/proc/cmdline.c 2009-12-14 18:33:58.645698553 -0500
30671 @@ -23,7 +23,11 @@ static const struct file_operations cmdl
30673 static int __init proc_cmdline_init(void)
30675 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
30676 + proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops);
30678 proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
30682 module_init(proc_cmdline_init);
30683 diff -urNp linux-2.6.32.1/fs/proc/devices.c linux-2.6.32.1/fs/proc/devices.c
30684 --- linux-2.6.32.1/fs/proc/devices.c 2009-12-02 22:51:21.000000000 -0500
30685 +++ linux-2.6.32.1/fs/proc/devices.c 2009-12-14 18:33:58.654900501 -0500
30686 @@ -64,7 +64,11 @@ static const struct file_operations proc
30688 static int __init proc_devices_init(void)
30690 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
30691 + proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations);
30693 proc_create("devices", 0, NULL, &proc_devinfo_operations);
30697 module_init(proc_devices_init);
30698 diff -urNp linux-2.6.32.1/fs/proc/inode.c linux-2.6.32.1/fs/proc/inode.c
30699 --- linux-2.6.32.1/fs/proc/inode.c 2009-12-02 22:51:21.000000000 -0500
30700 +++ linux-2.6.32.1/fs/proc/inode.c 2009-12-14 18:33:58.671805678 -0500
30701 @@ -457,7 +457,11 @@ struct inode *proc_get_inode(struct supe
30703 inode->i_mode = de->mode;
30704 inode->i_uid = de->uid;
30705 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
30706 + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
30708 inode->i_gid = de->gid;
30712 inode->i_size = de->size;
30713 diff -urNp linux-2.6.32.1/fs/proc/internal.h linux-2.6.32.1/fs/proc/internal.h
30714 --- linux-2.6.32.1/fs/proc/internal.h 2009-12-02 22:51:21.000000000 -0500
30715 +++ linux-2.6.32.1/fs/proc/internal.h 2009-12-14 18:33:58.676829168 -0500
30717 struct pid *pid, struct task_struct *task);
30718 extern int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
30719 struct pid *pid, struct task_struct *task);
30720 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
30721 +extern int proc_pid_ipaddr(struct task_struct *task, char *buffer);
30724 extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
30726 diff -urNp linux-2.6.32.1/fs/proc/Kconfig linux-2.6.32.1/fs/proc/Kconfig
30727 --- linux-2.6.32.1/fs/proc/Kconfig 2009-12-02 22:51:21.000000000 -0500
30728 +++ linux-2.6.32.1/fs/proc/Kconfig 2009-12-14 18:33:58.690702376 -0500
30729 @@ -30,12 +30,12 @@ config PROC_FS
30732 bool "/proc/kcore support" if !ARM
30733 - depends on PROC_FS && MMU
30734 + depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
30737 bool "/proc/vmcore support (EXPERIMENTAL)"
30738 - depends on PROC_FS && CRASH_DUMP
30740 + depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
30743 Exports the dump image of crashed kernel in ELF format.
30745 @@ -59,8 +59,8 @@ config PROC_SYSCTL
30748 config PROC_PAGE_MONITOR
30750 - depends on PROC_FS && MMU
30752 + depends on PROC_FS && MMU && !GRKERNSEC
30753 bool "Enable /proc page monitoring" if EMBEDDED
30755 Various /proc files exist to monitor process memory utilization:
30756 diff -urNp linux-2.6.32.1/fs/proc/kcore.c linux-2.6.32.1/fs/proc/kcore.c
30757 --- linux-2.6.32.1/fs/proc/kcore.c 2009-12-02 22:51:21.000000000 -0500
30758 +++ linux-2.6.32.1/fs/proc/kcore.c 2009-12-14 18:33:58.701784947 -0500
30759 @@ -541,6 +541,9 @@ read_kcore(struct file *file, char __use
30761 static int open_kcore(struct inode *inode, struct file *filp)
30763 +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
30766 if (!capable(CAP_SYS_RAWIO))
30768 if (kcore_need_update)
30769 diff -urNp linux-2.6.32.1/fs/proc/nommu.c linux-2.6.32.1/fs/proc/nommu.c
30770 --- linux-2.6.32.1/fs/proc/nommu.c 2009-12-02 22:51:21.000000000 -0500
30771 +++ linux-2.6.32.1/fs/proc/nommu.c 2009-12-14 18:33:58.710714170 -0500
30772 @@ -67,7 +67,7 @@ static int nommu_region_show(struct seq_
30775 seq_printf(m, "%*c", len, ' ');
30776 - seq_path(m, &file->f_path, "");
30777 + seq_path(m, &file->f_path, "\n\\");
30781 diff -urNp linux-2.6.32.1/fs/proc/proc_net.c linux-2.6.32.1/fs/proc/proc_net.c
30782 --- linux-2.6.32.1/fs/proc/proc_net.c 2009-12-02 22:51:21.000000000 -0500
30783 +++ linux-2.6.32.1/fs/proc/proc_net.c 2009-12-14 18:33:58.722912684 -0500
30784 @@ -104,6 +104,17 @@ static struct net *get_proc_task_net(str
30785 struct task_struct *task;
30786 struct nsproxy *ns;
30787 struct net *net = NULL;
30788 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30789 + const struct cred *cred = current_cred();
30792 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30795 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30796 + if (cred->fsuid && !in_group_p(CONFIG_GRKERNSEC_PROC_GID))
30801 task = pid_task(proc_pid(dir), PIDTYPE_PID);
30802 diff -urNp linux-2.6.32.1/fs/proc/proc_sysctl.c linux-2.6.32.1/fs/proc/proc_sysctl.c
30803 --- linux-2.6.32.1/fs/proc/proc_sysctl.c 2009-12-02 22:51:21.000000000 -0500
30804 +++ linux-2.6.32.1/fs/proc/proc_sysctl.c 2009-12-14 18:33:58.723752171 -0500
30806 #include <linux/security.h>
30807 #include "internal.h"
30809 +extern __u32 gr_handle_sysctl(const struct ctl_table *table, const int op);
30811 static const struct dentry_operations proc_sys_dentry_operations;
30812 static const struct file_operations proc_sys_file_operations;
30813 static const struct inode_operations proc_sys_inode_operations;
30814 @@ -109,6 +111,9 @@ static struct dentry *proc_sys_lookup(st
30818 + if (gr_handle_sysctl(p, MAY_EXEC))
30821 err = ERR_PTR(-ENOMEM);
30822 inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
30824 @@ -228,6 +233,9 @@ static int scan(struct ctl_table_header
30825 if (*pos < file->f_pos)
30828 + if (gr_handle_sysctl(table, 0))
30831 res = proc_sys_fill_cache(file, dirent, filldir, head, table);
30834 @@ -344,6 +352,9 @@ static int proc_sys_getattr(struct vfsmo
30836 return PTR_ERR(head);
30838 + if (table && gr_handle_sysctl(table, MAY_EXEC))
30841 generic_fillattr(inode, stat);
30843 stat->mode = (stat->mode & S_IFMT) | table->mode;
30844 diff -urNp linux-2.6.32.1/fs/proc/root.c linux-2.6.32.1/fs/proc/root.c
30845 --- linux-2.6.32.1/fs/proc/root.c 2009-12-02 22:51:21.000000000 -0500
30846 +++ linux-2.6.32.1/fs/proc/root.c 2009-12-14 18:33:58.724743723 -0500
30847 @@ -134,7 +134,15 @@ void __init proc_root_init(void)
30848 #ifdef CONFIG_PROC_DEVICETREE
30849 proc_device_tree_init();
30851 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
30852 +#ifdef CONFIG_GRKERNSEC_PROC_USER
30853 + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
30854 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
30855 + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
30858 proc_mkdir("bus", NULL);
30863 diff -urNp linux-2.6.32.1/fs/proc/task_mmu.c linux-2.6.32.1/fs/proc/task_mmu.c
30864 --- linux-2.6.32.1/fs/proc/task_mmu.c 2009-12-02 22:51:21.000000000 -0500
30865 +++ linux-2.6.32.1/fs/proc/task_mmu.c 2009-12-14 18:33:58.725699048 -0500
30866 @@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct
30867 "VmStk:\t%8lu kB\n"
30868 "VmExe:\t%8lu kB\n"
30869 "VmLib:\t%8lu kB\n"
30870 - "VmPTE:\t%8lu kB\n",
30871 - hiwater_vm << (PAGE_SHIFT-10),
30872 + "VmPTE:\t%8lu kB\n"
30874 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
30875 + "CsBase:\t%8lx\nCsLim:\t%8lx\n"
30878 + ,hiwater_vm << (PAGE_SHIFT-10),
30879 (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10),
30880 mm->locked_vm << (PAGE_SHIFT-10),
30881 hiwater_rss << (PAGE_SHIFT-10),
30882 total_rss << (PAGE_SHIFT-10),
30883 data << (PAGE_SHIFT-10),
30884 mm->stack_vm << (PAGE_SHIFT-10), text, lib,
30885 - (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10);
30886 + (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10
30888 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
30889 + , mm->context.user_cs_base, mm->context.user_cs_limit
30895 unsigned long task_vsize(struct mm_struct *mm)
30896 @@ -199,6 +210,12 @@ static int do_maps_open(struct inode *in
30900 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30901 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
30902 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
30903 + _mm->pax_flags & MF_PAX_SEGMEXEC))
30906 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma)
30908 struct mm_struct *mm = vma->vm_mm;
30909 @@ -217,13 +234,22 @@ static void show_map_vma(struct seq_file
30912 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
30913 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30914 + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start,
30915 + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end,
30920 flags & VM_READ ? 'r' : '-',
30921 flags & VM_WRITE ? 'w' : '-',
30922 flags & VM_EXEC ? 'x' : '-',
30923 flags & VM_MAYSHARE ? 's' : 'p',
30924 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30925 + PAX_RAND_FLAGS(mm) ? 0UL : pgoff,
30929 MAJOR(dev), MINOR(dev), ino, &len);
30932 @@ -232,16 +258,16 @@ static void show_map_vma(struct seq_file
30935 pad_len_spaces(m, len);
30936 - seq_path(m, &file->f_path, "\n");
30937 + seq_path(m, &file->f_path, "\n\\");
30939 const char *name = arch_vma_name(vma);
30942 - if (vma->vm_start <= mm->start_brk &&
30943 - vma->vm_end >= mm->brk) {
30944 + if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
30946 - } else if (vma->vm_start <= mm->start_stack &&
30947 - vma->vm_end >= mm->start_stack) {
30948 + } else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ||
30949 + (vma->vm_start <= mm->start_stack &&
30950 + vma->vm_end >= mm->start_stack)) {
30953 unsigned long stack_start;
30954 @@ -403,9 +429,16 @@ static int show_smap(struct seq_file *m,
30957 memset(&mss, 0, sizeof mss);
30959 - if (vma->vm_mm && !is_vm_hugetlb_page(vma))
30960 - walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
30962 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30963 + if (!PAX_RAND_FLAGS(vma->vm_mm)) {
30966 + if (vma->vm_mm && !is_vm_hugetlb_page(vma))
30967 + walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
30968 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30972 show_map_vma(m, vma);
30974 @@ -421,7 +454,11 @@ static int show_smap(struct seq_file *m,
30976 "KernelPageSize: %8lu kB\n"
30977 "MMUPageSize: %8lu kB\n",
30978 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
30979 + PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
30981 (vma->vm_end - vma->vm_start) >> 10,
30983 mss.resident >> 10,
30984 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
30985 mss.shared_clean >> 10,
30986 diff -urNp linux-2.6.32.1/fs/proc/task_nommu.c linux-2.6.32.1/fs/proc/task_nommu.c
30987 --- linux-2.6.32.1/fs/proc/task_nommu.c 2009-12-02 22:51:21.000000000 -0500
30988 +++ linux-2.6.32.1/fs/proc/task_nommu.c 2009-12-14 18:33:58.743919113 -0500
30989 @@ -50,7 +50,7 @@ void task_mem(struct seq_file *m, struct
30991 bytes += kobjsize(mm);
30993 - if (current->fs && current->fs->users > 1)
30994 + if (current->fs && atomic_read(¤t->fs->users) > 1)
30995 sbytes += kobjsize(current->fs);
30997 bytes += kobjsize(current->fs);
30998 @@ -154,7 +154,7 @@ static int nommu_vma_show(struct seq_fil
31001 seq_printf(m, "%*c", len, ' ');
31002 - seq_path(m, &file->f_path, "");
31003 + seq_path(m, &file->f_path, "\n\\");
31007 diff -urNp linux-2.6.32.1/fs/readdir.c linux-2.6.32.1/fs/readdir.c
31008 --- linux-2.6.32.1/fs/readdir.c 2009-12-02 22:51:21.000000000 -0500
31009 +++ linux-2.6.32.1/fs/readdir.c 2009-12-14 18:33:58.777911377 -0500
31011 #include <linux/security.h>
31012 #include <linux/syscalls.h>
31013 #include <linux/unistd.h>
31014 +#include <linux/namei.h>
31016 #include <asm/uaccess.h>
31018 @@ -67,6 +68,7 @@ struct old_linux_dirent {
31020 struct readdir_callback {
31021 struct old_linux_dirent __user * dirent;
31022 + struct file * file;
31026 @@ -84,6 +86,10 @@ static int fillonedir(void * __buf, cons
31027 buf->result = -EOVERFLOW;
31031 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
31035 dirent = buf->dirent;
31036 if (!access_ok(VERIFY_WRITE, dirent,
31037 @@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned in
31040 buf.dirent = dirent;
31043 error = vfs_readdir(file, fillonedir, &buf);
31045 @@ -142,6 +149,7 @@ struct linux_dirent {
31046 struct getdents_callback {
31047 struct linux_dirent __user * current_dir;
31048 struct linux_dirent __user * previous;
31049 + struct file * file;
31053 @@ -162,6 +170,10 @@ static int filldir(void * __buf, const c
31054 buf->error = -EOVERFLOW;
31058 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
31061 dirent = buf->previous;
31063 if (__put_user(offset, &dirent->d_off))
31064 @@ -209,6 +221,7 @@ SYSCALL_DEFINE3(getdents, unsigned int,
31065 buf.previous = NULL;
31070 error = vfs_readdir(file, filldir, &buf);
31072 @@ -228,6 +241,7 @@ out:
31073 struct getdents_callback64 {
31074 struct linux_dirent64 __user * current_dir;
31075 struct linux_dirent64 __user * previous;
31076 + struct file *file;
31080 @@ -242,6 +256,10 @@ static int filldir64(void * __buf, const
31081 buf->error = -EINVAL; /* only used if we fail.. */
31082 if (reclen > buf->count)
31085 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
31088 dirent = buf->previous;
31090 if (__put_user(offset, &dirent->d_off))
31091 @@ -289,6 +307,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
31093 buf.current_dir = dirent;
31094 buf.previous = NULL;
31099 diff -urNp linux-2.6.32.1/fs/reiserfs/do_balan.c linux-2.6.32.1/fs/reiserfs/do_balan.c
31100 --- linux-2.6.32.1/fs/reiserfs/do_balan.c 2009-12-02 22:51:21.000000000 -0500
31101 +++ linux-2.6.32.1/fs/reiserfs/do_balan.c 2009-12-14 18:33:58.799059616 -0500
31102 @@ -2058,7 +2058,7 @@ void do_balance(struct tree_balance *tb,
31106 - atomic_inc(&(fs_generation(tb->tb_sb)));
31107 + atomic_inc_unchecked(&(fs_generation(tb->tb_sb)));
31108 do_balance_starts(tb);
31110 /* balance leaf returns 0 except if combining L R and S into
31111 diff -urNp linux-2.6.32.1/fs/reiserfs/item_ops.c linux-2.6.32.1/fs/reiserfs/item_ops.c
31112 --- linux-2.6.32.1/fs/reiserfs/item_ops.c 2009-12-02 22:51:21.000000000 -0500
31113 +++ linux-2.6.32.1/fs/reiserfs/item_ops.c 2009-12-14 18:33:58.811923055 -0500
31114 @@ -102,7 +102,7 @@ static void sd_print_vi(struct virtual_i
31115 vi->vi_index, vi->vi_type, vi->vi_ih);
31118 -static struct item_operations stat_data_ops = {
31119 +static const struct item_operations stat_data_ops = {
31120 .bytes_number = sd_bytes_number,
31121 .decrement_key = sd_decrement_key,
31122 .is_left_mergeable = sd_is_left_mergeable,
31123 @@ -196,7 +196,7 @@ static void direct_print_vi(struct virtu
31124 vi->vi_index, vi->vi_type, vi->vi_ih);
31127 -static struct item_operations direct_ops = {
31128 +static const struct item_operations direct_ops = {
31129 .bytes_number = direct_bytes_number,
31130 .decrement_key = direct_decrement_key,
31131 .is_left_mergeable = direct_is_left_mergeable,
31132 @@ -341,7 +341,7 @@ static void indirect_print_vi(struct vir
31133 vi->vi_index, vi->vi_type, vi->vi_ih);
31136 -static struct item_operations indirect_ops = {
31137 +static const struct item_operations indirect_ops = {
31138 .bytes_number = indirect_bytes_number,
31139 .decrement_key = indirect_decrement_key,
31140 .is_left_mergeable = indirect_is_left_mergeable,
31141 @@ -628,7 +628,7 @@ static void direntry_print_vi(struct vir
31145 -static struct item_operations direntry_ops = {
31146 +static const struct item_operations direntry_ops = {
31147 .bytes_number = direntry_bytes_number,
31148 .decrement_key = direntry_decrement_key,
31149 .is_left_mergeable = direntry_is_left_mergeable,
31150 @@ -724,7 +724,7 @@ static void errcatch_print_vi(struct vir
31151 "Invalid item type observed, run fsck ASAP");
31154 -static struct item_operations errcatch_ops = {
31155 +static const struct item_operations errcatch_ops = {
31156 errcatch_bytes_number,
31157 errcatch_decrement_key,
31158 errcatch_is_left_mergeable,
31159 @@ -746,7 +746,7 @@ static struct item_operations errcatch_o
31160 #error Item types must use disk-format assigned values.
31163 -struct item_operations *item_ops[TYPE_ANY + 1] = {
31164 +const struct item_operations * const item_ops[TYPE_ANY + 1] = {
31168 diff -urNp linux-2.6.32.1/fs/reiserfs/procfs.c linux-2.6.32.1/fs/reiserfs/procfs.c
31169 --- linux-2.6.32.1/fs/reiserfs/procfs.c 2009-12-02 22:51:21.000000000 -0500
31170 +++ linux-2.6.32.1/fs/reiserfs/procfs.c 2009-12-14 18:33:58.821898756 -0500
31171 @@ -123,7 +123,7 @@ static int show_super(struct seq_file *m
31172 "SMALL_TAILS " : "NO_TAILS ",
31173 replay_only(sb) ? "REPLAY_ONLY " : "",
31174 convert_reiserfs(sb) ? "CONV " : "",
31175 - atomic_read(&r->s_generation_counter),
31176 + atomic_read_unchecked(&r->s_generation_counter),
31177 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes),
31178 SF(s_do_balance), SF(s_unneeded_left_neighbor),
31179 SF(s_good_search_by_key_reada), SF(s_bmaps),
31180 diff -urNp linux-2.6.32.1/fs/select.c linux-2.6.32.1/fs/select.c
31181 --- linux-2.6.32.1/fs/select.c 2009-12-02 22:51:21.000000000 -0500
31182 +++ linux-2.6.32.1/fs/select.c 2009-12-14 18:33:58.838927885 -0500
31184 #include <linux/module.h>
31185 #include <linux/slab.h>
31186 #include <linux/poll.h>
31187 +#include <linux/security.h>
31188 #include <linux/personality.h> /* for STICKY_TIMEOUTS */
31189 #include <linux/file.h>
31190 #include <linux/fdtable.h>
31191 @@ -821,6 +822,7 @@ int do_sys_poll(struct pollfd __user *uf
31192 struct poll_list *walk = head;
31193 unsigned long todo = nfds;
31195 + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1);
31196 if (nfds > current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
31199 diff -urNp linux-2.6.32.1/fs/seq_file.c linux-2.6.32.1/fs/seq_file.c
31200 --- linux-2.6.32.1/fs/seq_file.c 2009-12-02 22:51:21.000000000 -0500
31201 +++ linux-2.6.32.1/fs/seq_file.c 2009-12-14 18:33:58.866936952 -0500
31202 @@ -76,7 +76,8 @@ static int traverse(struct seq_file *m,
31206 - m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
31207 + m->size = PAGE_SIZE;
31208 + m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
31212 @@ -116,7 +117,8 @@ static int traverse(struct seq_file *m,
31216 - m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
31218 + m->buf = kmalloc(m->size, GFP_KERNEL);
31219 return !m->buf ? -ENOMEM : -EAGAIN;
31222 @@ -169,7 +171,8 @@ ssize_t seq_read(struct file *file, char
31223 m->version = file->f_version;
31224 /* grab buffer if we didn't have one */
31226 - m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
31227 + m->size = PAGE_SIZE;
31228 + m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
31232 @@ -210,7 +213,8 @@ ssize_t seq_read(struct file *file, char
31236 - m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
31238 + m->buf = kmalloc(m->size, GFP_KERNEL);
31242 diff -urNp linux-2.6.32.1/fs/smbfs/symlink.c linux-2.6.32.1/fs/smbfs/symlink.c
31243 --- linux-2.6.32.1/fs/smbfs/symlink.c 2009-12-02 22:51:21.000000000 -0500
31244 +++ linux-2.6.32.1/fs/smbfs/symlink.c 2009-12-14 18:33:58.889860804 -0500
31245 @@ -55,7 +55,7 @@ static void *smb_follow_link(struct dent
31247 static void smb_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
31249 - char *s = nd_get_link(nd);
31250 + const char *s = nd_get_link(nd);
31254 diff -urNp linux-2.6.32.1/fs/splice.c linux-2.6.32.1/fs/splice.c
31255 --- linux-2.6.32.1/fs/splice.c 2009-12-02 22:51:21.000000000 -0500
31256 +++ linux-2.6.32.1/fs/splice.c 2009-12-14 18:33:58.896934814 -0500
31257 @@ -185,7 +185,7 @@ ssize_t splice_to_pipe(struct pipe_inode
31261 - if (!pipe->readers) {
31262 + if (!atomic_read(&pipe->readers)) {
31263 send_sig(SIGPIPE, current, 0);
31266 @@ -239,9 +239,9 @@ ssize_t splice_to_pipe(struct pipe_inode
31270 - pipe->waiting_writers++;
31271 + atomic_inc(&pipe->waiting_writers);
31273 - pipe->waiting_writers--;
31274 + atomic_dec(&pipe->waiting_writers);
31278 @@ -531,7 +531,7 @@ static ssize_t kernel_readv(struct file
31281 /* The cast to a user pointer is valid due to the set_fs() */
31282 - res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos);
31283 + res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos);
31287 @@ -546,7 +546,7 @@ static ssize_t kernel_write(struct file
31290 /* The cast to a user pointer is valid due to the set_fs() */
31291 - res = vfs_write(file, (const char __user *)buf, count, &pos);
31292 + res = vfs_write(file, (__force const char __user *)buf, count, &pos);
31296 @@ -588,7 +588,7 @@ ssize_t default_file_splice_read(struct
31299 this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
31300 - vec[i].iov_base = (void __user *) page_address(page);
31301 + vec[i].iov_base = (__force void __user *) page_address(page);
31302 vec[i].iov_len = this_len;
31305 @@ -808,10 +808,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
31306 int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
31308 while (!pipe->nrbufs) {
31309 - if (!pipe->writers)
31310 + if (!atomic_read(&pipe->writers))
31313 - if (!pipe->waiting_writers && sd->num_spliced)
31314 + if (!atomic_read(&pipe->waiting_writers) && sd->num_spliced)
31317 if (sd->flags & SPLICE_F_NONBLOCK)
31318 @@ -1146,7 +1146,7 @@ ssize_t splice_direct_to_actor(struct fi
31319 * out of the pipe right after the splice_to_pipe(). So set
31320 * PIPE_READERS appropriately.
31322 - pipe->readers = 1;
31323 + atomic_set(&pipe->readers, 1);
31325 current->splice_pipe = pipe;
31327 @@ -1704,9 +1704,9 @@ static int ipipe_prep(struct pipe_inode_
31328 ret = -ERESTARTSYS;
31331 - if (!pipe->writers)
31332 + if (!atomic_read(&pipe->writers))
31334 - if (!pipe->waiting_writers) {
31335 + if (!atomic_read(&pipe->waiting_writers)) {
31336 if (flags & SPLICE_F_NONBLOCK) {
31339 @@ -1738,7 +1738,7 @@ static int opipe_prep(struct pipe_inode_
31342 while (pipe->nrbufs >= PIPE_BUFFERS) {
31343 - if (!pipe->readers) {
31344 + if (!atomic_read(&pipe->readers)) {
31345 send_sig(SIGPIPE, current, 0);
31348 @@ -1751,9 +1751,9 @@ static int opipe_prep(struct pipe_inode_
31349 ret = -ERESTARTSYS;
31352 - pipe->waiting_writers++;
31353 + atomic_inc(&pipe->waiting_writers);
31355 - pipe->waiting_writers--;
31356 + atomic_dec(&pipe->waiting_writers);
31360 @@ -1789,14 +1789,14 @@ retry:
31361 pipe_double_lock(ipipe, opipe);
31364 - if (!opipe->readers) {
31365 + if (!atomic_read(&opipe->readers)) {
31366 send_sig(SIGPIPE, current, 0);
31372 - if (!ipipe->nrbufs && !ipipe->writers)
31373 + if (!ipipe->nrbufs && !atomic_read(&ipipe->writers))
31377 @@ -1896,7 +1896,7 @@ static int link_pipe(struct pipe_inode_i
31378 pipe_double_lock(ipipe, opipe);
31381 - if (!opipe->readers) {
31382 + if (!atomic_read(&opipe->readers)) {
31383 send_sig(SIGPIPE, current, 0);
31386 @@ -1941,7 +1941,7 @@ static int link_pipe(struct pipe_inode_i
31387 * return EAGAIN if we have the potential of some data in the
31388 * future, otherwise just return 0
31390 - if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
31391 + if (!ret && atomic_read(&ipipe->waiting_writers) && (flags & SPLICE_F_NONBLOCK))
31394 pipe_unlock(ipipe);
31395 diff -urNp linux-2.6.32.1/fs/sysfs/file.c linux-2.6.32.1/fs/sysfs/file.c
31396 --- linux-2.6.32.1/fs/sysfs/file.c 2009-12-02 22:51:21.000000000 -0500
31397 +++ linux-2.6.32.1/fs/sysfs/file.c 2009-12-14 18:33:58.901960508 -0500
31398 @@ -53,7 +53,7 @@ struct sysfs_buffer {
31402 - struct sysfs_ops * ops;
31403 + const struct sysfs_ops * ops;
31404 struct mutex mutex;
31405 int needs_read_fill;
31407 @@ -75,7 +75,7 @@ static int fill_read_buffer(struct dentr
31409 struct sysfs_dirent *attr_sd = dentry->d_fsdata;
31410 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31411 - struct sysfs_ops * ops = buffer->ops;
31412 + const struct sysfs_ops * ops = buffer->ops;
31416 @@ -199,7 +199,7 @@ flush_write_buffer(struct dentry * dentr
31418 struct sysfs_dirent *attr_sd = dentry->d_fsdata;
31419 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31420 - struct sysfs_ops * ops = buffer->ops;
31421 + const struct sysfs_ops * ops = buffer->ops;
31424 /* need attr_sd for attr and ops, its parent for kobj */
31425 @@ -335,7 +335,7 @@ static int sysfs_open_file(struct inode
31426 struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata;
31427 struct kobject *kobj = attr_sd->s_parent->s_dir.kobj;
31428 struct sysfs_buffer *buffer;
31429 - struct sysfs_ops *ops;
31430 + const struct sysfs_ops *ops;
31431 int error = -EACCES;
31434 diff -urNp linux-2.6.32.1/fs/sysfs/symlink.c linux-2.6.32.1/fs/sysfs/symlink.c
31435 --- linux-2.6.32.1/fs/sysfs/symlink.c 2009-12-02 22:51:21.000000000 -0500
31436 +++ linux-2.6.32.1/fs/sysfs/symlink.c 2009-12-14 18:33:58.916015474 -0500
31437 @@ -204,7 +204,7 @@ static void *sysfs_follow_link(struct de
31439 static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
31441 - char *page = nd_get_link(nd);
31442 + const char *page = nd_get_link(nd);
31444 free_page((unsigned long)page);
31446 diff -urNp linux-2.6.32.1/fs/udf/balloc.c linux-2.6.32.1/fs/udf/balloc.c
31447 --- linux-2.6.32.1/fs/udf/balloc.c 2009-12-02 22:51:21.000000000 -0500
31448 +++ linux-2.6.32.1/fs/udf/balloc.c 2009-12-14 18:33:58.938944893 -0500
31449 @@ -172,9 +172,7 @@ static void udf_bitmap_free_blocks(struc
31451 mutex_lock(&sbi->s_alloc_mutex);
31452 partmap = &sbi->s_partmaps[bloc->partitionReferenceNum];
31453 - if (bloc->logicalBlockNum < 0 ||
31454 - (bloc->logicalBlockNum + count) >
31455 - partmap->s_partition_len) {
31456 + if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) {
31457 udf_debug("%d < %d || %d + %d > %d\n",
31458 bloc->logicalBlockNum, 0, bloc->logicalBlockNum,
31459 count, partmap->s_partition_len);
31460 @@ -436,9 +434,7 @@ static void udf_table_free_blocks(struct
31462 mutex_lock(&sbi->s_alloc_mutex);
31463 partmap = &sbi->s_partmaps[bloc->partitionReferenceNum];
31464 - if (bloc->logicalBlockNum < 0 ||
31465 - (bloc->logicalBlockNum + count) >
31466 - partmap->s_partition_len) {
31467 + if ((bloc->logicalBlockNum + count) > partmap->s_partition_len) {
31468 udf_debug("%d < %d || %d + %d > %d\n",
31469 bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count,
31470 partmap->s_partition_len);
31471 diff -urNp linux-2.6.32.1/fs/utimes.c linux-2.6.32.1/fs/utimes.c
31472 --- linux-2.6.32.1/fs/utimes.c 2009-12-02 22:51:21.000000000 -0500
31473 +++ linux-2.6.32.1/fs/utimes.c 2009-12-14 18:33:58.940732997 -0500
31475 #include <linux/compiler.h>
31476 #include <linux/file.h>
31477 #include <linux/fs.h>
31478 +#include <linux/security.h>
31479 #include <linux/linkage.h>
31480 #include <linux/mount.h>
31481 #include <linux/namei.h>
31482 @@ -101,6 +102,12 @@ static int utimes_common(struct path *pa
31483 goto mnt_drop_write_and_out;
31487 + if (!gr_acl_handle_utime(path->dentry, path->mnt)) {
31489 + goto mnt_drop_write_and_out;
31492 mutex_lock(&inode->i_mutex);
31493 error = notify_change(path->dentry, &newattrs);
31494 mutex_unlock(&inode->i_mutex);
31495 diff -urNp linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c
31496 --- linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c 2009-12-02 22:51:21.000000000 -0500
31497 +++ linux-2.6.32.1/fs/xfs/linux-2.6/xfs_iops.c 2009-12-14 18:33:58.941748344 -0500
31498 @@ -468,7 +468,7 @@ xfs_vn_put_link(
31499 struct nameidata *nd,
31502 - char *s = nd_get_link(nd);
31503 + const char *s = nd_get_link(nd);
31507 diff -urNp linux-2.6.32.1/fs/xfs/xfs_bmap.c linux-2.6.32.1/fs/xfs/xfs_bmap.c
31508 --- linux-2.6.32.1/fs/xfs/xfs_bmap.c 2009-12-02 22:51:21.000000000 -0500
31509 +++ linux-2.6.32.1/fs/xfs/xfs_bmap.c 2009-12-14 18:33:58.958720392 -0500
31510 @@ -360,7 +360,7 @@ xfs_bmap_validate_ret(
31514 -#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
31515 +#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0)
31518 #if defined(XFS_RW_TRACE)
31519 diff -urNp linux-2.6.32.1/grsecurity/gracl_alloc.c linux-2.6.32.1/grsecurity/gracl_alloc.c
31520 --- linux-2.6.32.1/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
31521 +++ linux-2.6.32.1/grsecurity/gracl_alloc.c 2009-12-14 18:33:58.958720392 -0500
31523 +#include <linux/kernel.h>
31524 +#include <linux/mm.h>
31525 +#include <linux/slab.h>
31526 +#include <linux/vmalloc.h>
31527 +#include <linux/gracl.h>
31528 +#include <linux/grsecurity.h>
31530 +static unsigned long alloc_stack_next = 1;
31531 +static unsigned long alloc_stack_size = 1;
31532 +static void **alloc_stack;
31534 +static __inline__ int
31537 + if (alloc_stack_next == 1)
31540 + kfree(alloc_stack[alloc_stack_next - 2]);
31542 + alloc_stack_next--;
31547 +static __inline__ int
31548 +alloc_push(void *buf)
31550 + if (alloc_stack_next >= alloc_stack_size)
31553 + alloc_stack[alloc_stack_next - 1] = buf;
31555 + alloc_stack_next++;
31561 +acl_alloc(unsigned long len)
31563 + void *ret = NULL;
31565 + if (!len || len > PAGE_SIZE)
31568 + ret = kmalloc(len, GFP_KERNEL);
31571 + if (alloc_push(ret)) {
31582 +acl_alloc_num(unsigned long num, unsigned long len)
31584 + if (!len || (num > (PAGE_SIZE / len)))
31587 + return acl_alloc(num * len);
31591 +acl_free_all(void)
31593 + if (gr_acl_is_enabled() || !alloc_stack)
31596 + while (alloc_pop()) ;
31598 + if (alloc_stack) {
31599 + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
31600 + kfree(alloc_stack);
31602 + vfree(alloc_stack);
31605 + alloc_stack = NULL;
31606 + alloc_stack_size = 1;
31607 + alloc_stack_next = 1;
31613 +acl_alloc_stack_init(unsigned long size)
31615 + if ((size * sizeof (void *)) <= PAGE_SIZE)
31617 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
31619 + alloc_stack = (void **) vmalloc(size * sizeof (void *));
31621 + alloc_stack_size = size;
31623 + if (!alloc_stack)
31628 diff -urNp linux-2.6.32.1/grsecurity/gracl.c linux-2.6.32.1/grsecurity/gracl.c
31629 --- linux-2.6.32.1/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
31630 +++ linux-2.6.32.1/grsecurity/gracl.c 2009-12-14 18:33:58.960821027 -0500
31632 +#include <linux/kernel.h>
31633 +#include <linux/module.h>
31634 +#include <linux/sched.h>
31635 +#include <linux/mm.h>
31636 +#include <linux/file.h>
31637 +#include <linux/fs.h>
31638 +#include <linux/namei.h>
31639 +#include <linux/mount.h>
31640 +#include <linux/tty.h>
31641 +#include <linux/proc_fs.h>
31642 +#include <linux/smp_lock.h>
31643 +#include <linux/slab.h>
31644 +#include <linux/vmalloc.h>
31645 +#include <linux/types.h>
31646 +#include <linux/sysctl.h>
31647 +#include <linux/netdevice.h>
31648 +#include <linux/ptrace.h>
31649 +#include <linux/gracl.h>
31650 +#include <linux/gralloc.h>
31651 +#include <linux/grsecurity.h>
31652 +#include <linux/grinternal.h>
31653 +#include <linux/pid_namespace.h>
31654 +#include <linux/fdtable.h>
31655 +#include <linux/percpu.h>
31657 +#include <asm/uaccess.h>
31658 +#include <asm/errno.h>
31659 +#include <asm/mman.h>
31661 +static struct acl_role_db acl_role_set;
31662 +static struct name_db name_set;
31663 +static struct inodev_db inodev_set;
31665 +/* for keeping track of userspace pointers used for subjects, so we
31666 + can share references in the kernel as well
31669 +static struct dentry *real_root;
31670 +static struct vfsmount *real_root_mnt;
31672 +static struct acl_subj_map_db subj_map_set;
31674 +static struct acl_role_label *default_role;
31676 +static struct acl_role_label *role_list;
31678 +static u16 acl_sp_role_value;
31680 +extern char *gr_shared_page[4];
31681 +static DECLARE_MUTEX(gr_dev_sem);
31682 +DEFINE_RWLOCK(gr_inode_lock);
31684 +struct gr_arg *gr_usermode;
31686 +static unsigned int gr_status __read_only = GR_STATUS_INIT;
31688 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
31689 +extern void gr_clear_learn_entries(void);
31691 +#ifdef CONFIG_GRKERNSEC_RESLOG
31692 +extern void gr_log_resource(const struct task_struct *task,
31693 + const int res, const unsigned long wanted, const int gt);
31696 +unsigned char *gr_system_salt;
31697 +unsigned char *gr_system_sum;
31699 +static struct sprole_pw **acl_special_roles = NULL;
31700 +static __u16 num_sprole_pws = 0;
31702 +static struct acl_role_label *kernel_role = NULL;
31704 +static unsigned int gr_auth_attempts = 0;
31705 +static unsigned long gr_auth_expires = 0UL;
31707 +extern struct vfsmount *sock_mnt;
31708 +extern struct vfsmount *pipe_mnt;
31709 +extern struct vfsmount *shm_mnt;
31710 +static struct acl_object_label *fakefs_obj;
31712 +extern int gr_init_uidset(void);
31713 +extern void gr_free_uidset(void);
31714 +extern void gr_remove_uid(uid_t uid);
31715 +extern int gr_find_uid(uid_t uid);
31718 +gr_acl_is_enabled(void)
31720 + return (gr_status & GR_READY);
31723 +char gr_roletype_to_char(void)
31725 + switch (current->role->roletype &
31726 + (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
31727 + GR_ROLE_SPECIAL)) {
31728 + case GR_ROLE_DEFAULT:
31730 + case GR_ROLE_USER:
31732 + case GR_ROLE_GROUP:
31734 + case GR_ROLE_SPECIAL:
31742 +gr_acl_tpe_check(void)
31744 + if (unlikely(!(gr_status & GR_READY)))
31746 + if (current->role->roletype & GR_ROLE_TPE)
31753 +gr_handle_rawio(const struct inode *inode)
31755 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
31756 + if (inode && S_ISBLK(inode->i_mode) &&
31757 + grsec_enable_chroot_caps && proc_is_chrooted(current) &&
31758 + !capable(CAP_SYS_RAWIO))
31765 +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
31768 + unsigned long *l1;
31769 + unsigned long *l2;
31770 + unsigned char *c1;
31771 + unsigned char *c2;
31774 + if (likely(lena != lenb))
31777 + l1 = (unsigned long *)a;
31778 + l2 = (unsigned long *)b;
31780 + num_longs = lena / sizeof(unsigned long);
31782 + for (i = num_longs; i--; l1++, l2++) {
31783 + if (unlikely(*l1 != *l2))
31787 + c1 = (unsigned char *) l1;
31788 + c2 = (unsigned char *) l2;
31790 + i = lena - (num_longs * sizeof(unsigned long));
31792 + for (; i--; c1++, c2++) {
31793 + if (unlikely(*c1 != *c2))
31800 +static char * __our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
31801 + struct dentry *root, struct vfsmount *rootmnt,
31802 + char *buffer, int buflen)
31804 + char * end = buffer+buflen;
31813 + /* Get '/' right */
31818 + struct dentry * parent;
31820 + if (dentry == root && vfsmnt == rootmnt)
31822 + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
31823 + /* Global root? */
31824 + spin_lock(&vfsmount_lock);
31825 + if (vfsmnt->mnt_parent == vfsmnt) {
31826 + spin_unlock(&vfsmount_lock);
31827 + goto global_root;
31829 + dentry = vfsmnt->mnt_mountpoint;
31830 + vfsmnt = vfsmnt->mnt_parent;
31831 + spin_unlock(&vfsmount_lock);
31834 + parent = dentry->d_parent;
31835 + prefetch(parent);
31836 + namelen = dentry->d_name.len;
31837 + buflen -= namelen + 1;
31841 + memcpy(end, dentry->d_name.name, namelen);
31850 + namelen = dentry->d_name.len;
31851 + buflen -= namelen;
31854 + retval -= namelen-1; /* hit the slash */
31855 + memcpy(retval, dentry->d_name.name, namelen);
31858 + return ERR_PTR(-ENAMETOOLONG);
31862 +gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt,
31863 + struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen)
31867 + retval = __our_d_path(dentry, vfsmnt, root, rootmnt, buf, buflen);
31868 + if (unlikely(IS_ERR(retval)))
31869 + retval = strcpy(buf, "<path too long>");
31870 + else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
31871 + retval[1] = '\0';
31877 +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
31878 + char *buf, int buflen)
31882 + /* we can use real_root, real_root_mnt, because this is only called
31883 + by the RBAC system */
31884 + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen);
31890 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
31891 + char *buf, int buflen)
31894 + struct dentry *root;
31895 + struct vfsmount *rootmnt;
31896 + struct task_struct *reaper = &init_task;
31898 + /* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */
31899 + read_lock(&reaper->fs->lock);
31900 + root = dget(reaper->fs->root.dentry);
31901 + rootmnt = mntget(reaper->fs->root.mnt);
31902 + read_unlock(&reaper->fs->lock);
31904 + spin_lock(&dcache_lock);
31905 + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen);
31906 + spin_unlock(&dcache_lock);
31914 +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
31917 + spin_lock(&dcache_lock);
31918 + ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
31920 + spin_unlock(&dcache_lock);
31925 +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
31927 + return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
31932 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
31934 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
31939 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
31941 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
31946 +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
31948 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
31953 +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
31955 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
31960 +to_gr_audit(const __u32 reqmode)
31962 + /* masks off auditable permission flags, then shifts them to create
31963 + auditing flags, and adds the special case of append auditing if
31964 + we're requesting write */
31965 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
31968 +struct acl_subject_label *
31969 +lookup_subject_map(const struct acl_subject_label *userp)
31971 + unsigned int index = shash(userp, subj_map_set.s_size);
31972 + struct subject_map *match;
31974 + match = subj_map_set.s_hash[index];
31976 + while (match && match->user != userp)
31977 + match = match->next;
31979 + if (match != NULL)
31980 + return match->kernel;
31986 +insert_subj_map_entry(struct subject_map *subjmap)
31988 + unsigned int index = shash(subjmap->user, subj_map_set.s_size);
31989 + struct subject_map **curr;
31991 + subjmap->prev = NULL;
31993 + curr = &subj_map_set.s_hash[index];
31994 + if (*curr != NULL)
31995 + (*curr)->prev = subjmap;
31997 + subjmap->next = *curr;
32003 +static struct acl_role_label *
32004 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
32007 + unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
32008 + struct acl_role_label *match;
32009 + struct role_allowed_ip *ipp;
32012 + match = acl_role_set.r_hash[index];
32015 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
32016 + for (x = 0; x < match->domain_child_num; x++) {
32017 + if (match->domain_children[x] == uid)
32020 + } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
32022 + match = match->next;
32025 + if (match == NULL) {
32027 + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
32028 + match = acl_role_set.r_hash[index];
32031 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
32032 + for (x = 0; x < match->domain_child_num; x++) {
32033 + if (match->domain_children[x] == gid)
32036 + } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
32038 + match = match->next;
32041 + if (match == NULL)
32042 + match = default_role;
32043 + if (match->allowed_ips == NULL)
32046 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
32048 + ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
32049 + (ntohl(ipp->addr) & ipp->netmask)))
32052 + match = default_role;
32054 + } else if (match->allowed_ips == NULL) {
32057 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
32059 + ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
32060 + (ntohl(ipp->addr) & ipp->netmask)))
32069 +struct acl_subject_label *
32070 +lookup_acl_subj_label(const ino_t ino, const dev_t dev,
32071 + const struct acl_role_label *role)
32073 + unsigned int index = fhash(ino, dev, role->subj_hash_size);
32074 + struct acl_subject_label *match;
32076 + match = role->subj_hash[index];
32078 + while (match && (match->inode != ino || match->device != dev ||
32079 + (match->mode & GR_DELETED))) {
32080 + match = match->next;
32083 + if (match && !(match->mode & GR_DELETED))
32089 +struct acl_subject_label *
32090 +lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
32091 + const struct acl_role_label *role)
32093 + unsigned int index = fhash(ino, dev, role->subj_hash_size);
32094 + struct acl_subject_label *match;
32096 + match = role->subj_hash[index];
32098 + while (match && (match->inode != ino || match->device != dev ||
32099 + !(match->mode & GR_DELETED))) {
32100 + match = match->next;
32103 + if (match && (match->mode & GR_DELETED))
32109 +static struct acl_object_label *
32110 +lookup_acl_obj_label(const ino_t ino, const dev_t dev,
32111 + const struct acl_subject_label *subj)
32113 + unsigned int index = fhash(ino, dev, subj->obj_hash_size);
32114 + struct acl_object_label *match;
32116 + match = subj->obj_hash[index];
32118 + while (match && (match->inode != ino || match->device != dev ||
32119 + (match->mode & GR_DELETED))) {
32120 + match = match->next;
32123 + if (match && !(match->mode & GR_DELETED))
32129 +static struct acl_object_label *
32130 +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
32131 + const struct acl_subject_label *subj)
32133 + unsigned int index = fhash(ino, dev, subj->obj_hash_size);
32134 + struct acl_object_label *match;
32136 + match = subj->obj_hash[index];
32138 + while (match && (match->inode != ino || match->device != dev ||
32139 + !(match->mode & GR_DELETED))) {
32140 + match = match->next;
32143 + if (match && (match->mode & GR_DELETED))
32146 + match = subj->obj_hash[index];
32148 + while (match && (match->inode != ino || match->device != dev ||
32149 + (match->mode & GR_DELETED))) {
32150 + match = match->next;
32153 + if (match && !(match->mode & GR_DELETED))
32159 +static struct name_entry *
32160 +lookup_name_entry(const char *name)
32162 + unsigned int len = strlen(name);
32163 + unsigned int key = full_name_hash(name, len);
32164 + unsigned int index = key % name_set.n_size;
32165 + struct name_entry *match;
32167 + match = name_set.n_hash[index];
32169 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
32170 + match = match->next;
32175 +static struct name_entry *
32176 +lookup_name_entry_create(const char *name)
32178 + unsigned int len = strlen(name);
32179 + unsigned int key = full_name_hash(name, len);
32180 + unsigned int index = key % name_set.n_size;
32181 + struct name_entry *match;
32183 + match = name_set.n_hash[index];
32185 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
32186 + !match->deleted))
32187 + match = match->next;
32189 + if (match && match->deleted)
32192 + match = name_set.n_hash[index];
32194 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
32196 + match = match->next;
32198 + if (match && !match->deleted)
32204 +static struct inodev_entry *
32205 +lookup_inodev_entry(const ino_t ino, const dev_t dev)
32207 + unsigned int index = fhash(ino, dev, inodev_set.i_size);
32208 + struct inodev_entry *match;
32210 + match = inodev_set.i_hash[index];
32212 + while (match && (match->nentry->inode != ino || match->nentry->device != dev))
32213 + match = match->next;
32219 +insert_inodev_entry(struct inodev_entry *entry)
32221 + unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
32222 + inodev_set.i_size);
32223 + struct inodev_entry **curr;
32225 + entry->prev = NULL;
32227 + curr = &inodev_set.i_hash[index];
32228 + if (*curr != NULL)
32229 + (*curr)->prev = entry;
32231 + entry->next = *curr;
32238 +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
32240 + unsigned int index =
32241 + rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
32242 + struct acl_role_label **curr;
32243 + struct acl_role_label *tmp;
32245 + curr = &acl_role_set.r_hash[index];
32247 + /* if role was already inserted due to domains and already has
32248 + a role in the same bucket as it attached, then we need to
32249 + combine these two buckets
32251 + if (role->next) {
32252 + tmp = role->next;
32253 + while (tmp->next)
32255 + tmp->next = *curr;
32257 + role->next = *curr;
32264 +insert_acl_role_label(struct acl_role_label *role)
32268 + if (role_list == NULL) {
32269 + role_list = role;
32270 + role->prev = NULL;
32272 + role->prev = role_list;
32273 + role_list = role;
32276 + /* used for hash chains */
32277 + role->next = NULL;
32279 + if (role->roletype & GR_ROLE_DOMAIN) {
32280 + for (i = 0; i < role->domain_child_num; i++)
32281 + __insert_acl_role_label(role, role->domain_children[i]);
32283 + __insert_acl_role_label(role, role->uidgid);
32287 +insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
32289 + struct name_entry **curr, *nentry;
32290 + struct inodev_entry *ientry;
32291 + unsigned int len = strlen(name);
32292 + unsigned int key = full_name_hash(name, len);
32293 + unsigned int index = key % name_set.n_size;
32295 + curr = &name_set.n_hash[index];
32297 + while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
32298 + curr = &((*curr)->next);
32300 + if (*curr != NULL)
32303 + nentry = acl_alloc(sizeof (struct name_entry));
32304 + if (nentry == NULL)
32306 + ientry = acl_alloc(sizeof (struct inodev_entry));
32307 + if (ientry == NULL)
32309 + ientry->nentry = nentry;
32311 + nentry->key = key;
32312 + nentry->name = name;
32313 + nentry->inode = inode;
32314 + nentry->device = device;
32315 + nentry->len = len;
32316 + nentry->deleted = deleted;
32318 + nentry->prev = NULL;
32319 + curr = &name_set.n_hash[index];
32320 + if (*curr != NULL)
32321 + (*curr)->prev = nentry;
32322 + nentry->next = *curr;
32325 + /* insert us into the table searchable by inode/dev */
32326 + insert_inodev_entry(ientry);
32332 +insert_acl_obj_label(struct acl_object_label *obj,
32333 + struct acl_subject_label *subj)
32335 + unsigned int index =
32336 + fhash(obj->inode, obj->device, subj->obj_hash_size);
32337 + struct acl_object_label **curr;
32340 + obj->prev = NULL;
32342 + curr = &subj->obj_hash[index];
32343 + if (*curr != NULL)
32344 + (*curr)->prev = obj;
32346 + obj->next = *curr;
32353 +insert_acl_subj_label(struct acl_subject_label *obj,
32354 + struct acl_role_label *role)
32356 + unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
32357 + struct acl_subject_label **curr;
32359 + obj->prev = NULL;
32361 + curr = &role->subj_hash[index];
32362 + if (*curr != NULL)
32363 + (*curr)->prev = obj;
32365 + obj->next = *curr;
32371 +/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
32374 +create_table(__u32 * len, int elementsize)
32376 + unsigned int table_sizes[] = {
32377 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
32378 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
32379 + 4194301, 8388593, 16777213, 33554393, 67108859
32381 + void *newtable = NULL;
32382 + unsigned int pwr = 0;
32384 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
32385 + table_sizes[pwr] <= *len)
32388 + if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
32391 + if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
32393 + kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
32395 + newtable = vmalloc(table_sizes[pwr] * elementsize);
32397 + *len = table_sizes[pwr];
32403 +init_variables(const struct gr_arg *arg)
32405 + struct task_struct *reaper = &init_task;
32406 + unsigned int stacksize;
32408 + subj_map_set.s_size = arg->role_db.num_subjects;
32409 + acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
32410 + name_set.n_size = arg->role_db.num_objects;
32411 + inodev_set.i_size = arg->role_db.num_objects;
32413 + if (!subj_map_set.s_size || !acl_role_set.r_size ||
32414 + !name_set.n_size || !inodev_set.i_size)
32417 + if (!gr_init_uidset())
32420 + /* set up the stack that holds allocation info */
32422 + stacksize = arg->role_db.num_pointers + 5;
32424 + if (!acl_alloc_stack_init(stacksize))
32427 + /* grab reference for the real root dentry and vfsmount */
32428 + read_lock(&reaper->fs->lock);
32429 + real_root_mnt = mntget(reaper->fs->root.mnt);
32430 + real_root = dget(reaper->fs->root.dentry);
32431 + read_unlock(&reaper->fs->lock);
32433 + fakefs_obj = acl_alloc(sizeof(struct acl_object_label));
32434 + if (fakefs_obj == NULL)
32436 + fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
32438 + subj_map_set.s_hash =
32439 + (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
32440 + acl_role_set.r_hash =
32441 + (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
32442 + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
32443 + inodev_set.i_hash =
32444 + (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
32446 + if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
32447 + !name_set.n_hash || !inodev_set.i_hash)
32450 + memset(subj_map_set.s_hash, 0,
32451 + sizeof(struct subject_map *) * subj_map_set.s_size);
32452 + memset(acl_role_set.r_hash, 0,
32453 + sizeof (struct acl_role_label *) * acl_role_set.r_size);
32454 + memset(name_set.n_hash, 0,
32455 + sizeof (struct name_entry *) * name_set.n_size);
32456 + memset(inodev_set.i_hash, 0,
32457 + sizeof (struct inodev_entry *) * inodev_set.i_size);
32462 +/* free information not needed after startup
32463 + currently contains user->kernel pointer mappings for subjects
32467 +free_init_variables(void)
32471 + if (subj_map_set.s_hash) {
32472 + for (i = 0; i < subj_map_set.s_size; i++) {
32473 + if (subj_map_set.s_hash[i]) {
32474 + kfree(subj_map_set.s_hash[i]);
32475 + subj_map_set.s_hash[i] = NULL;
32479 + if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
32481 + kfree(subj_map_set.s_hash);
32483 + vfree(subj_map_set.s_hash);
32490 +free_variables(void)
32492 + struct acl_subject_label *s;
32493 + struct acl_role_label *r;
32494 + struct task_struct *task, *task2;
32497 + gr_clear_learn_entries();
32499 + read_lock(&tasklist_lock);
32500 + do_each_thread(task2, task) {
32501 + task->acl_sp_role = 0;
32502 + task->acl_role_id = 0;
32503 + task->acl = NULL;
32504 + task->role = NULL;
32505 + } while_each_thread(task2, task);
32506 + read_unlock(&tasklist_lock);
32508 + /* release the reference to the real root dentry and vfsmount */
32511 + real_root = NULL;
32512 + if (real_root_mnt)
32513 + mntput(real_root_mnt);
32514 + real_root_mnt = NULL;
32516 + /* free all object hash tables */
32518 + FOR_EACH_ROLE_START(r)
32519 + if (r->subj_hash == NULL)
32521 + FOR_EACH_SUBJECT_START(r, s, x)
32522 + if (s->obj_hash == NULL)
32524 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
32525 + kfree(s->obj_hash);
32527 + vfree(s->obj_hash);
32528 + FOR_EACH_SUBJECT_END(s, x)
32529 + FOR_EACH_NESTED_SUBJECT_START(r, s)
32530 + if (s->obj_hash == NULL)
32532 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
32533 + kfree(s->obj_hash);
32535 + vfree(s->obj_hash);
32536 + FOR_EACH_NESTED_SUBJECT_END(s)
32537 + if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
32538 + kfree(r->subj_hash);
32540 + vfree(r->subj_hash);
32541 + r->subj_hash = NULL;
32543 + FOR_EACH_ROLE_END(r)
32547 + if (acl_role_set.r_hash) {
32548 + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
32550 + kfree(acl_role_set.r_hash);
32552 + vfree(acl_role_set.r_hash);
32554 + if (name_set.n_hash) {
32555 + if ((name_set.n_size * sizeof (struct name_entry *)) <=
32557 + kfree(name_set.n_hash);
32559 + vfree(name_set.n_hash);
32562 + if (inodev_set.i_hash) {
32563 + if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
32565 + kfree(inodev_set.i_hash);
32567 + vfree(inodev_set.i_hash);
32570 + gr_free_uidset();
32572 + memset(&name_set, 0, sizeof (struct name_db));
32573 + memset(&inodev_set, 0, sizeof (struct inodev_db));
32574 + memset(&acl_role_set, 0, sizeof (struct acl_role_db));
32575 + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
32577 + default_role = NULL;
32578 + role_list = NULL;
32584 +count_user_objs(struct acl_object_label *userp)
32586 + struct acl_object_label o_tmp;
32590 + if (copy_from_user(&o_tmp, userp,
32591 + sizeof (struct acl_object_label)))
32594 + userp = o_tmp.prev;
32601 +static struct acl_subject_label *
32602 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
32605 +copy_user_glob(struct acl_object_label *obj)
32607 + struct acl_object_label *g_tmp, **guser;
32608 + unsigned int len;
32611 + if (obj->globbed == NULL)
32614 + guser = &obj->globbed;
32616 + g_tmp = (struct acl_object_label *)
32617 + acl_alloc(sizeof (struct acl_object_label));
32618 + if (g_tmp == NULL)
32621 + if (copy_from_user(g_tmp, *guser,
32622 + sizeof (struct acl_object_label)))
32625 + len = strnlen_user(g_tmp->filename, PATH_MAX);
32627 + if (!len || len >= PATH_MAX)
32630 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32633 + if (copy_from_user(tmp, g_tmp->filename, len))
32635 + tmp[len-1] = '\0';
32636 + g_tmp->filename = tmp;
32639 + guser = &(g_tmp->next);
32646 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
32647 + struct acl_role_label *role)
32649 + struct acl_object_label *o_tmp;
32650 + unsigned int len;
32655 + if ((o_tmp = (struct acl_object_label *)
32656 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
32659 + if (copy_from_user(o_tmp, userp,
32660 + sizeof (struct acl_object_label)))
32663 + userp = o_tmp->prev;
32665 + len = strnlen_user(o_tmp->filename, PATH_MAX);
32667 + if (!len || len >= PATH_MAX)
32670 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32673 + if (copy_from_user(tmp, o_tmp->filename, len))
32675 + tmp[len-1] = '\0';
32676 + o_tmp->filename = tmp;
32678 + insert_acl_obj_label(o_tmp, subj);
32679 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
32680 + o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
32683 + ret = copy_user_glob(o_tmp);
32687 + if (o_tmp->nested) {
32688 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
32689 + if (IS_ERR(o_tmp->nested))
32690 + return PTR_ERR(o_tmp->nested);
32692 + /* insert into nested subject list */
32693 + o_tmp->nested->next = role->hash->first;
32694 + role->hash->first = o_tmp->nested;
32702 +count_user_subjs(struct acl_subject_label *userp)
32704 + struct acl_subject_label s_tmp;
32708 + if (copy_from_user(&s_tmp, userp,
32709 + sizeof (struct acl_subject_label)))
32712 + userp = s_tmp.prev;
32713 + /* do not count nested subjects against this count, since
32714 + they are not included in the hash table, but are
32715 + attached to objects. We have already counted
32716 + the subjects in userspace for the allocation
32719 + if (!(s_tmp.mode & GR_NESTED))
32727 +copy_user_allowedips(struct acl_role_label *rolep)
32729 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
32731 + ruserip = rolep->allowed_ips;
32733 + while (ruserip) {
32736 + if ((rtmp = (struct role_allowed_ip *)
32737 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
32740 + if (copy_from_user(rtmp, ruserip,
32741 + sizeof (struct role_allowed_ip)))
32744 + ruserip = rtmp->prev;
32747 + rtmp->prev = NULL;
32748 + rolep->allowed_ips = rtmp;
32750 + rlast->next = rtmp;
32751 + rtmp->prev = rlast;
32755 + rtmp->next = NULL;
32762 +copy_user_transitions(struct acl_role_label *rolep)
32764 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
32766 + unsigned int len;
32769 + rusertp = rolep->transitions;
32771 + while (rusertp) {
32774 + if ((rtmp = (struct role_transition *)
32775 + acl_alloc(sizeof (struct role_transition))) == NULL)
32778 + if (copy_from_user(rtmp, rusertp,
32779 + sizeof (struct role_transition)))
32782 + rusertp = rtmp->prev;
32784 + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
32786 + if (!len || len >= GR_SPROLE_LEN)
32789 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32792 + if (copy_from_user(tmp, rtmp->rolename, len))
32794 + tmp[len-1] = '\0';
32795 + rtmp->rolename = tmp;
32798 + rtmp->prev = NULL;
32799 + rolep->transitions = rtmp;
32801 + rlast->next = rtmp;
32802 + rtmp->prev = rlast;
32806 + rtmp->next = NULL;
32812 +static struct acl_subject_label *
32813 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
32815 + struct acl_subject_label *s_tmp = NULL, *s_tmp2;
32816 + unsigned int len;
32819 + struct acl_ip_label **i_tmp, *i_utmp2;
32820 + struct gr_hash_struct ghash;
32821 + struct subject_map *subjmap;
32822 + unsigned int i_num;
32825 + s_tmp = lookup_subject_map(userp);
32827 + /* we've already copied this subject into the kernel, just return
32828 + the reference to it, and don't copy it over again
32833 + if ((s_tmp = (struct acl_subject_label *)
32834 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
32835 + return ERR_PTR(-ENOMEM);
32837 + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
32838 + if (subjmap == NULL)
32839 + return ERR_PTR(-ENOMEM);
32841 + subjmap->user = userp;
32842 + subjmap->kernel = s_tmp;
32843 + insert_subj_map_entry(subjmap);
32845 + if (copy_from_user(s_tmp, userp,
32846 + sizeof (struct acl_subject_label)))
32847 + return ERR_PTR(-EFAULT);
32849 + len = strnlen_user(s_tmp->filename, PATH_MAX);
32851 + if (!len || len >= PATH_MAX)
32852 + return ERR_PTR(-EINVAL);
32854 + if ((tmp = (char *) acl_alloc(len)) == NULL)
32855 + return ERR_PTR(-ENOMEM);
32857 + if (copy_from_user(tmp, s_tmp->filename, len))
32858 + return ERR_PTR(-EFAULT);
32859 + tmp[len-1] = '\0';
32860 + s_tmp->filename = tmp;
32862 + if (!strcmp(s_tmp->filename, "/"))
32863 + role->root_label = s_tmp;
32865 + if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
32866 + return ERR_PTR(-EFAULT);
32868 + /* copy user and group transition tables */
32870 + if (s_tmp->user_trans_num) {
32873 + uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
32874 + if (uidlist == NULL)
32875 + return ERR_PTR(-ENOMEM);
32876 + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
32877 + return ERR_PTR(-EFAULT);
32879 + s_tmp->user_transitions = uidlist;
32882 + if (s_tmp->group_trans_num) {
32885 + gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
32886 + if (gidlist == NULL)
32887 + return ERR_PTR(-ENOMEM);
32888 + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
32889 + return ERR_PTR(-EFAULT);
32891 + s_tmp->group_transitions = gidlist;
32894 + /* set up object hash table */
32895 + num_objs = count_user_objs(ghash.first);
32897 + s_tmp->obj_hash_size = num_objs;
32898 + s_tmp->obj_hash =
32899 + (struct acl_object_label **)
32900 + create_table(&(s_tmp->obj_hash_size), sizeof(void *));
32902 + if (!s_tmp->obj_hash)
32903 + return ERR_PTR(-ENOMEM);
32905 + memset(s_tmp->obj_hash, 0,
32906 + s_tmp->obj_hash_size *
32907 + sizeof (struct acl_object_label *));
32909 + /* add in objects */
32910 + err = copy_user_objs(ghash.first, s_tmp, role);
32913 + return ERR_PTR(err);
32915 + /* set pointer for parent subject */
32916 + if (s_tmp->parent_subject) {
32917 + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
32919 + if (IS_ERR(s_tmp2))
32922 + s_tmp->parent_subject = s_tmp2;
32925 + /* add in ip acls */
32927 + if (!s_tmp->ip_num) {
32928 + s_tmp->ips = NULL;
32933 + (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
32934 + sizeof (struct acl_ip_label *));
32937 + return ERR_PTR(-ENOMEM);
32939 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
32940 + *(i_tmp + i_num) =
32941 + (struct acl_ip_label *)
32942 + acl_alloc(sizeof (struct acl_ip_label));
32943 + if (!*(i_tmp + i_num))
32944 + return ERR_PTR(-ENOMEM);
32946 + if (copy_from_user
32947 + (&i_utmp2, s_tmp->ips + i_num,
32948 + sizeof (struct acl_ip_label *)))
32949 + return ERR_PTR(-EFAULT);
32951 + if (copy_from_user
32952 + (*(i_tmp + i_num), i_utmp2,
32953 + sizeof (struct acl_ip_label)))
32954 + return ERR_PTR(-EFAULT);
32956 + if ((*(i_tmp + i_num))->iface == NULL)
32959 + len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
32960 + if (!len || len >= IFNAMSIZ)
32961 + return ERR_PTR(-EINVAL);
32962 + tmp = acl_alloc(len);
32964 + return ERR_PTR(-ENOMEM);
32965 + if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
32966 + return ERR_PTR(-EFAULT);
32967 + (*(i_tmp + i_num))->iface = tmp;
32970 + s_tmp->ips = i_tmp;
32973 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
32974 + s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
32975 + return ERR_PTR(-ENOMEM);
32981 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
32983 + struct acl_subject_label s_pre;
32984 + struct acl_subject_label * ret;
32988 + if (copy_from_user(&s_pre, userp,
32989 + sizeof (struct acl_subject_label)))
32992 + /* do not add nested subjects here, add
32993 + while parsing objects
32996 + if (s_pre.mode & GR_NESTED) {
32997 + userp = s_pre.prev;
33001 + ret = do_copy_user_subj(userp, role);
33003 + err = PTR_ERR(ret);
33007 + insert_acl_subj_label(ret, role);
33009 + userp = s_pre.prev;
33016 +copy_user_acl(struct gr_arg *arg)
33018 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
33019 + struct sprole_pw *sptmp;
33020 + struct gr_hash_struct *ghash;
33021 + uid_t *domainlist;
33022 + unsigned int r_num;
33023 + unsigned int len;
33029 + /* we need a default and kernel role */
33030 + if (arg->role_db.num_roles < 2)
33033 + /* copy special role authentication info from userspace */
33035 + num_sprole_pws = arg->num_sprole_pws;
33036 + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
33038 + if (!acl_special_roles) {
33043 + for (i = 0; i < num_sprole_pws; i++) {
33044 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
33049 + if (copy_from_user(sptmp, arg->sprole_pws + i,
33050 + sizeof (struct sprole_pw))) {
33056 + strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
33058 + if (!len || len >= GR_SPROLE_LEN) {
33063 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
33068 + if (copy_from_user(tmp, sptmp->rolename, len)) {
33072 + tmp[len-1] = '\0';
33073 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
33074 + printk(KERN_ALERT "Copying special role %s\n", tmp);
33076 + sptmp->rolename = tmp;
33077 + acl_special_roles[i] = sptmp;
33080 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
33082 + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
33083 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
33090 + if (copy_from_user(&r_utmp2, r_utmp + r_num,
33091 + sizeof (struct acl_role_label *))) {
33096 + if (copy_from_user(r_tmp, r_utmp2,
33097 + sizeof (struct acl_role_label))) {
33102 + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
33104 + if (!len || len >= PATH_MAX) {
33109 + if ((tmp = (char *) acl_alloc(len)) == NULL) {
33113 + if (copy_from_user(tmp, r_tmp->rolename, len)) {
33117 + tmp[len-1] = '\0';
33118 + r_tmp->rolename = tmp;
33120 + if (!strcmp(r_tmp->rolename, "default")
33121 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
33122 + default_role = r_tmp;
33123 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
33124 + kernel_role = r_tmp;
33127 + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
33131 + if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
33136 + r_tmp->hash = ghash;
33138 + num_subjs = count_user_subjs(r_tmp->hash->first);
33140 + r_tmp->subj_hash_size = num_subjs;
33141 + r_tmp->subj_hash =
33142 + (struct acl_subject_label **)
33143 + create_table(&(r_tmp->subj_hash_size), sizeof(void *));
33145 + if (!r_tmp->subj_hash) {
33150 + err = copy_user_allowedips(r_tmp);
33154 + /* copy domain info */
33155 + if (r_tmp->domain_children != NULL) {
33156 + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
33157 + if (domainlist == NULL) {
33161 + if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
33165 + r_tmp->domain_children = domainlist;
33168 + err = copy_user_transitions(r_tmp);
33172 + memset(r_tmp->subj_hash, 0,
33173 + r_tmp->subj_hash_size *
33174 + sizeof (struct acl_subject_label *));
33176 + err = copy_user_subjs(r_tmp->hash->first, r_tmp);
33181 + /* set nested subject list to null */
33182 + r_tmp->hash->first = NULL;
33184 + insert_acl_role_label(r_tmp);
33189 + free_variables();
33196 +gracl_init(struct gr_arg *args)
33200 + memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
33201 + memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
33203 + if (init_variables(args)) {
33204 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
33206 + free_variables();
33210 + error = copy_user_acl(args);
33211 + free_init_variables();
33213 + free_variables();
33217 + if ((error = gr_set_acls(0))) {
33218 + free_variables();
33222 + pax_open_kernel();
33223 + gr_status |= GR_READY;
33224 + pax_close_kernel();
33230 +/* derived from glibc fnmatch() 0: match, 1: no match*/
33233 +glob_match(const char *p, const char *n)
33237 + while ((c = *p++) != '\0') {
33242 + else if (*n == '/')
33250 + for (c = *p++; c == '?' || c == '*'; c = *p++) {
33253 + else if (c == '?') {
33263 + const char *endp;
33265 + if ((endp = strchr(n, '/')) == NULL)
33266 + endp = n + strlen(n);
33269 + for (--p; n < endp; ++n)
33270 + if (!glob_match(p, n))
33272 + } else if (c == '/') {
33273 + while (*n != '\0' && *n != '/')
33275 + if (*n == '/' && !glob_match(p, n + 1))
33278 + for (--p; n < endp; ++n)
33279 + if (*n == c && !glob_match(p, n))
33290 + if (*n == '\0' || *n == '/')
33293 + not = (*p == '!' || *p == '^');
33299 + unsigned char fn = (unsigned char)*n;
33309 + if (c == '-' && *p != ']') {
33310 + unsigned char cend = *p++;
33312 + if (cend == '\0')
33315 + if (cold <= fn && fn <= cend)
33329 + while (c != ']') {
33356 +static struct acl_object_label *
33357 +chk_glob_label(struct acl_object_label *globbed,
33358 + struct dentry *dentry, struct vfsmount *mnt, char **path)
33360 + struct acl_object_label *tmp;
33362 + if (*path == NULL)
33363 + *path = gr_to_filename_nolock(dentry, mnt);
33368 + if (!glob_match(tmp->filename, *path))
33376 +static struct acl_object_label *
33377 +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
33378 + const ino_t curr_ino, const dev_t curr_dev,
33379 + const struct acl_subject_label *subj, char **path, const int checkglob)
33381 + struct acl_subject_label *tmpsubj;
33382 + struct acl_object_label *retval;
33383 + struct acl_object_label *retval2;
33385 + tmpsubj = (struct acl_subject_label *) subj;
33386 + read_lock(&gr_inode_lock);
33388 + retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
33390 + if (checkglob && retval->globbed) {
33391 + retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry,
33392 + (struct vfsmount *)orig_mnt, path);
33394 + retval = retval2;
33398 + } while ((tmpsubj = tmpsubj->parent_subject));
33399 + read_unlock(&gr_inode_lock);
33404 +static __inline__ struct acl_object_label *
33405 +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
33406 + const struct dentry *curr_dentry,
33407 + const struct acl_subject_label *subj, char **path, const int checkglob)
33409 + return __full_lookup(orig_dentry, orig_mnt,
33410 + curr_dentry->d_inode->i_ino,
33411 + curr_dentry->d_inode->i_sb->s_dev, subj, path, checkglob);
33414 +static struct acl_object_label *
33415 +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33416 + const struct acl_subject_label *subj, char *path, const int checkglob)
33418 + struct dentry *dentry = (struct dentry *) l_dentry;
33419 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
33420 + struct acl_object_label *retval;
33422 + spin_lock(&dcache_lock);
33424 + if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
33425 + /* ignore Eric Biederman */
33426 + IS_PRIVATE(l_dentry->d_inode))) {
33427 + retval = fakefs_obj;
33432 + if (dentry == real_root && mnt == real_root_mnt)
33435 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
33436 + if (mnt->mnt_parent == mnt)
33439 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33440 + if (retval != NULL)
33443 + dentry = mnt->mnt_mountpoint;
33444 + mnt = mnt->mnt_parent;
33448 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33449 + if (retval != NULL)
33452 + dentry = dentry->d_parent;
33455 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
33457 + if (retval == NULL)
33458 + retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path, checkglob);
33460 + spin_unlock(&dcache_lock);
33464 +static __inline__ struct acl_object_label *
33465 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33466 + const struct acl_subject_label *subj)
33468 + char *path = NULL;
33469 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
33472 +static __inline__ struct acl_object_label *
33473 +chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33474 + const struct acl_subject_label *subj)
33476 + char *path = NULL;
33477 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 0);
33480 +static __inline__ struct acl_object_label *
33481 +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33482 + const struct acl_subject_label *subj, char *path)
33484 + return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
33487 +static struct acl_subject_label *
33488 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
33489 + const struct acl_role_label *role)
33491 + struct dentry *dentry = (struct dentry *) l_dentry;
33492 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
33493 + struct acl_subject_label *retval;
33495 + spin_lock(&dcache_lock);
33498 + if (dentry == real_root && mnt == real_root_mnt)
33500 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
33501 + if (mnt->mnt_parent == mnt)
33504 + read_lock(&gr_inode_lock);
33506 + lookup_acl_subj_label(dentry->d_inode->i_ino,
33507 + dentry->d_inode->i_sb->s_dev, role);
33508 + read_unlock(&gr_inode_lock);
33509 + if (retval != NULL)
33512 + dentry = mnt->mnt_mountpoint;
33513 + mnt = mnt->mnt_parent;
33517 + read_lock(&gr_inode_lock);
33518 + retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
33519 + dentry->d_inode->i_sb->s_dev, role);
33520 + read_unlock(&gr_inode_lock);
33521 + if (retval != NULL)
33524 + dentry = dentry->d_parent;
33527 + read_lock(&gr_inode_lock);
33528 + retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
33529 + dentry->d_inode->i_sb->s_dev, role);
33530 + read_unlock(&gr_inode_lock);
33532 + if (unlikely(retval == NULL)) {
33533 + read_lock(&gr_inode_lock);
33534 + retval = lookup_acl_subj_label(real_root->d_inode->i_ino,
33535 + real_root->d_inode->i_sb->s_dev, role);
33536 + read_unlock(&gr_inode_lock);
33539 + spin_unlock(&dcache_lock);
33545 +gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
33547 + struct task_struct *task = current;
33548 + const struct cred *cred = current_cred();
33550 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
33551 + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33552 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33553 + 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->curr_ip);
33559 +gr_log_learn_sysctl(const char *path, const __u32 mode)
33561 + struct task_struct *task = current;
33562 + const struct cred *cred = current_cred();
33564 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
33565 + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33566 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33567 + 1UL, 1UL, path, (unsigned long) mode, &task->signal->curr_ip);
33573 +gr_log_learn_id_change(const char type, const unsigned int real,
33574 + const unsigned int effective, const unsigned int fs)
33576 + struct task_struct *task = current;
33577 + const struct cred *cred = current_cred();
33579 + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
33580 + cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
33581 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
33582 + type, real, effective, fs, &task->signal->curr_ip);
33588 +gr_check_link(const struct dentry * new_dentry,
33589 + const struct dentry * parent_dentry,
33590 + const struct vfsmount * parent_mnt,
33591 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
33593 + struct acl_object_label *obj;
33594 + __u32 oldmode, newmode;
33597 + if (unlikely(!(gr_status & GR_READY)))
33598 + return (GR_CREATE | GR_LINK);
33600 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
33601 + oldmode = obj->mode;
33603 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33604 + oldmode |= (GR_CREATE | GR_LINK);
33606 + needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS;
33607 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
33608 + needmode |= GR_SETID | GR_AUDIT_SETID;
33611 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
33612 + oldmode | needmode);
33614 + needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC |
33615 + GR_SETID | GR_READ | GR_FIND | GR_DELETE |
33616 + GR_INHERIT | GR_AUDIT_INHERIT);
33618 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID))
33621 + if ((oldmode & needmode) != needmode)
33624 + needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
33625 + if ((newmode & needmode) != needmode)
33628 + if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
33631 + needmode = oldmode;
33632 + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
33633 + needmode |= GR_SETID;
33635 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
33636 + gr_log_learn(old_dentry, old_mnt, needmode);
33637 + return (GR_CREATE | GR_LINK);
33638 + } else if (newmode & GR_SUPPRESS)
33639 + return GR_SUPPRESS;
33645 +gr_search_file(const struct dentry * dentry, const __u32 mode,
33646 + const struct vfsmount * mnt)
33648 + __u32 retval = mode;
33649 + struct acl_subject_label *curracl;
33650 + struct acl_object_label *currobj;
33652 + if (unlikely(!(gr_status & GR_READY)))
33653 + return (mode & ~GR_AUDITS);
33655 + curracl = current->acl;
33657 + currobj = chk_obj_label(dentry, mnt, curracl);
33658 + retval = currobj->mode & mode;
33661 + ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
33662 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
33663 + __u32 new_mode = mode;
33665 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33667 + retval = new_mode;
33669 + if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
33670 + new_mode |= GR_INHERIT;
33672 + if (!(mode & GR_NOLEARN))
33673 + gr_log_learn(dentry, mnt, new_mode);
33680 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
33681 + const struct vfsmount * mnt, const __u32 mode)
33683 + struct name_entry *match;
33684 + struct acl_object_label *matchpo;
33685 + struct acl_subject_label *curracl;
33689 + if (unlikely(!(gr_status & GR_READY)))
33690 + return (mode & ~GR_AUDITS);
33692 + preempt_disable();
33693 + path = gr_to_filename_rbac(new_dentry, mnt);
33694 + match = lookup_name_entry_create(path);
33697 + goto check_parent;
33699 + curracl = current->acl;
33701 + read_lock(&gr_inode_lock);
33702 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
33703 + read_unlock(&gr_inode_lock);
33706 + if ((matchpo->mode & mode) !=
33707 + (mode & ~(GR_AUDITS | GR_SUPPRESS))
33708 + && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
33709 + __u32 new_mode = mode;
33711 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33713 + gr_log_learn(new_dentry, mnt, new_mode);
33715 + preempt_enable();
33718 + preempt_enable();
33719 + return (matchpo->mode & mode);
33723 + curracl = current->acl;
33725 + matchpo = chk_obj_create_label(parent, mnt, curracl, path);
33726 + retval = matchpo->mode & mode;
33728 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
33729 + && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) {
33730 + __u32 new_mode = mode;
33732 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
33734 + gr_log_learn(new_dentry, mnt, new_mode);
33735 + preempt_enable();
33739 + preempt_enable();
33744 +gr_check_hidden_task(const struct task_struct *task)
33746 + if (unlikely(!(gr_status & GR_READY)))
33749 + if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
33756 +gr_check_protected_task(const struct task_struct *task)
33758 + if (unlikely(!(gr_status & GR_READY) || !task))
33761 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
33762 + task->acl != current->acl)
33769 +gr_copy_label(struct task_struct *tsk)
33771 + tsk->signal->used_accept = 0;
33772 + tsk->acl_sp_role = 0;
33773 + tsk->acl_role_id = current->acl_role_id;
33774 + tsk->acl = current->acl;
33775 + tsk->role = current->role;
33776 + tsk->signal->curr_ip = current->signal->curr_ip;
33777 + if (current->exec_file)
33778 + get_file(current->exec_file);
33779 + tsk->exec_file = current->exec_file;
33780 + tsk->is_writable = current->is_writable;
33781 + if (unlikely(current->signal->used_accept))
33782 + current->signal->curr_ip = 0;
33788 +gr_set_proc_res(struct task_struct *task)
33790 + struct acl_subject_label *proc;
33791 + unsigned short i;
33793 + proc = task->acl;
33795 + if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
33798 + for (i = 0; i < RLIM_NLIMITS; i++) {
33799 + if (!(proc->resmask & (1 << i)))
33802 + task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
33803 + task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
33810 +gr_check_user_change(int real, int effective, int fs)
33817 + int effectiveok = 0;
33820 + if (unlikely(!(gr_status & GR_READY)))
33823 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33824 + gr_log_learn_id_change('u', real, effective, fs);
33826 + num = current->acl->user_trans_num;
33827 + uidlist = current->acl->user_transitions;
33829 + if (uidlist == NULL)
33834 + if (effective == -1)
33839 + if (current->acl->user_trans_type & GR_ID_ALLOW) {
33840 + for (i = 0; i < num; i++) {
33841 + curuid = (int)uidlist[i];
33842 + if (real == curuid)
33844 + if (effective == curuid)
33846 + if (fs == curuid)
33849 + } else if (current->acl->user_trans_type & GR_ID_DENY) {
33850 + for (i = 0; i < num; i++) {
33851 + curuid = (int)uidlist[i];
33852 + if (real == curuid)
33854 + if (effective == curuid)
33856 + if (fs == curuid)
33859 + /* not in deny list */
33867 + if (realok && effectiveok && fsok)
33870 + gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
33876 +gr_check_group_change(int real, int effective, int fs)
33883 + int effectiveok = 0;
33886 + if (unlikely(!(gr_status & GR_READY)))
33889 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
33890 + gr_log_learn_id_change('g', real, effective, fs);
33892 + num = current->acl->group_trans_num;
33893 + gidlist = current->acl->group_transitions;
33895 + if (gidlist == NULL)
33900 + if (effective == -1)
33905 + if (current->acl->group_trans_type & GR_ID_ALLOW) {
33906 + for (i = 0; i < num; i++) {
33907 + curgid = (int)gidlist[i];
33908 + if (real == curgid)
33910 + if (effective == curgid)
33912 + if (fs == curgid)
33915 + } else if (current->acl->group_trans_type & GR_ID_DENY) {
33916 + for (i = 0; i < num; i++) {
33917 + curgid = (int)gidlist[i];
33918 + if (real == curgid)
33920 + if (effective == curgid)
33922 + if (fs == curgid)
33925 + /* not in deny list */
33933 + if (realok && effectiveok && fsok)
33936 + gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
33942 +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
33944 + struct acl_role_label *role = task->role;
33945 + struct acl_subject_label *subj = NULL;
33946 + struct acl_object_label *obj;
33947 + struct file *filp;
33949 + if (unlikely(!(gr_status & GR_READY)))
33952 + filp = task->exec_file;
33954 + /* kernel process, we'll give them the kernel role */
33955 + if (unlikely(!filp)) {
33956 + task->role = kernel_role;
33957 + task->acl = kernel_role->root_label;
33959 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
33960 + role = lookup_acl_role_label(task, uid, gid);
33962 + /* perform subject lookup in possibly new role
33963 + we can use this result below in the case where role == task->role
33965 + subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
33967 + /* if we changed uid/gid, but result in the same role
33968 + and are using inheritance, don't lose the inherited subject
33969 + if current subject is other than what normal lookup
33970 + would result in, we arrived via inheritance, don't
33973 + if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
33974 + (subj == task->acl)))
33975 + task->acl = subj;
33977 + task->role = role;
33979 + task->is_writable = 0;
33981 + /* ignore additional mmap checks for processes that are writable
33982 + by the default ACL */
33983 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
33984 + if (unlikely(obj->mode & GR_WRITE))
33985 + task->is_writable = 1;
33986 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
33987 + if (unlikely(obj->mode & GR_WRITE))
33988 + task->is_writable = 1;
33990 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
33991 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
33994 + gr_set_proc_res(task);
34000 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
34001 + const int unsafe_share)
34003 + struct task_struct *task = current;
34004 + struct acl_subject_label *newacl;
34005 + struct acl_object_label *obj;
34008 + if (unlikely(!(gr_status & GR_READY)))
34011 + newacl = chk_subj_label(dentry, mnt, task->role);
34014 + if ((((task->ptrace & PT_PTRACED) || unsafe_share) &&
34015 + !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
34016 + !(task->role->roletype & GR_ROLE_GOD) &&
34017 + !gr_search_file(dentry, GR_PTRACERD, mnt) &&
34018 + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) {
34019 + task_unlock(task);
34020 + if (unsafe_share)
34021 + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
34023 + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
34026 + task_unlock(task);
34028 + obj = chk_obj_label(dentry, mnt, task->acl);
34029 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
34031 + if (!(task->acl->mode & GR_INHERITLEARN) &&
34032 + ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
34034 + task->acl = obj->nested;
34036 + task->acl = newacl;
34037 + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
34038 + gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
34040 + task->is_writable = 0;
34042 + /* ignore additional mmap checks for processes that are writable
34043 + by the default ACL */
34044 + obj = chk_obj_label(dentry, mnt, default_role->root_label);
34045 + if (unlikely(obj->mode & GR_WRITE))
34046 + task->is_writable = 1;
34047 + obj = chk_obj_label(dentry, mnt, task->role->root_label);
34048 + if (unlikely(obj->mode & GR_WRITE))
34049 + task->is_writable = 1;
34051 + gr_set_proc_res(task);
34053 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34054 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
34059 +/* always called with valid inodev ptr */
34061 +do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
34063 + struct acl_object_label *matchpo;
34064 + struct acl_subject_label *matchps;
34065 + struct acl_subject_label *subj;
34066 + struct acl_role_label *role;
34069 + FOR_EACH_ROLE_START(role)
34070 + FOR_EACH_SUBJECT_START(role, subj, x)
34071 + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
34072 + matchpo->mode |= GR_DELETED;
34073 + FOR_EACH_SUBJECT_END(subj,x)
34074 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
34075 + if (subj->inode == ino && subj->device == dev)
34076 + subj->mode |= GR_DELETED;
34077 + FOR_EACH_NESTED_SUBJECT_END(subj)
34078 + if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
34079 + matchps->mode |= GR_DELETED;
34080 + FOR_EACH_ROLE_END(role)
34082 + inodev->nentry->deleted = 1;
34088 +gr_handle_delete(const ino_t ino, const dev_t dev)
34090 + struct inodev_entry *inodev;
34092 + if (unlikely(!(gr_status & GR_READY)))
34095 + write_lock(&gr_inode_lock);
34096 + inodev = lookup_inodev_entry(ino, dev);
34097 + if (inodev != NULL)
34098 + do_handle_delete(inodev, ino, dev);
34099 + write_unlock(&gr_inode_lock);
34105 +update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
34106 + const ino_t newinode, const dev_t newdevice,
34107 + struct acl_subject_label *subj)
34109 + unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
34110 + struct acl_object_label *match;
34112 + match = subj->obj_hash[index];
34114 + while (match && (match->inode != oldinode ||
34115 + match->device != olddevice ||
34116 + !(match->mode & GR_DELETED)))
34117 + match = match->next;
34119 + if (match && (match->inode == oldinode)
34120 + && (match->device == olddevice)
34121 + && (match->mode & GR_DELETED)) {
34122 + if (match->prev == NULL) {
34123 + subj->obj_hash[index] = match->next;
34124 + if (match->next != NULL)
34125 + match->next->prev = NULL;
34127 + match->prev->next = match->next;
34128 + if (match->next != NULL)
34129 + match->next->prev = match->prev;
34131 + match->prev = NULL;
34132 + match->next = NULL;
34133 + match->inode = newinode;
34134 + match->device = newdevice;
34135 + match->mode &= ~GR_DELETED;
34137 + insert_acl_obj_label(match, subj);
34144 +update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
34145 + const ino_t newinode, const dev_t newdevice,
34146 + struct acl_role_label *role)
34148 + unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
34149 + struct acl_subject_label *match;
34151 + match = role->subj_hash[index];
34153 + while (match && (match->inode != oldinode ||
34154 + match->device != olddevice ||
34155 + !(match->mode & GR_DELETED)))
34156 + match = match->next;
34158 + if (match && (match->inode == oldinode)
34159 + && (match->device == olddevice)
34160 + && (match->mode & GR_DELETED)) {
34161 + if (match->prev == NULL) {
34162 + role->subj_hash[index] = match->next;
34163 + if (match->next != NULL)
34164 + match->next->prev = NULL;
34166 + match->prev->next = match->next;
34167 + if (match->next != NULL)
34168 + match->next->prev = match->prev;
34170 + match->prev = NULL;
34171 + match->next = NULL;
34172 + match->inode = newinode;
34173 + match->device = newdevice;
34174 + match->mode &= ~GR_DELETED;
34176 + insert_acl_subj_label(match, role);
34183 +update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
34184 + const ino_t newinode, const dev_t newdevice)
34186 + unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
34187 + struct inodev_entry *match;
34189 + match = inodev_set.i_hash[index];
34191 + while (match && (match->nentry->inode != oldinode ||
34192 + match->nentry->device != olddevice || !match->nentry->deleted))
34193 + match = match->next;
34195 + if (match && (match->nentry->inode == oldinode)
34196 + && (match->nentry->device == olddevice) &&
34197 + match->nentry->deleted) {
34198 + if (match->prev == NULL) {
34199 + inodev_set.i_hash[index] = match->next;
34200 + if (match->next != NULL)
34201 + match->next->prev = NULL;
34203 + match->prev->next = match->next;
34204 + if (match->next != NULL)
34205 + match->next->prev = match->prev;
34207 + match->prev = NULL;
34208 + match->next = NULL;
34209 + match->nentry->inode = newinode;
34210 + match->nentry->device = newdevice;
34211 + match->nentry->deleted = 0;
34213 + insert_inodev_entry(match);
34220 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
34221 + const struct vfsmount *mnt)
34223 + struct acl_subject_label *subj;
34224 + struct acl_role_label *role;
34227 + FOR_EACH_ROLE_START(role)
34228 + update_acl_subj_label(matchn->inode, matchn->device,
34229 + dentry->d_inode->i_ino,
34230 + dentry->d_inode->i_sb->s_dev, role);
34232 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
34233 + if ((subj->inode == dentry->d_inode->i_ino) &&
34234 + (subj->device == dentry->d_inode->i_sb->s_dev)) {
34235 + subj->inode = dentry->d_inode->i_ino;
34236 + subj->device = dentry->d_inode->i_sb->s_dev;
34238 + FOR_EACH_NESTED_SUBJECT_END(subj)
34239 + FOR_EACH_SUBJECT_START(role, subj, x)
34240 + update_acl_obj_label(matchn->inode, matchn->device,
34241 + dentry->d_inode->i_ino,
34242 + dentry->d_inode->i_sb->s_dev, subj);
34243 + FOR_EACH_SUBJECT_END(subj,x)
34244 + FOR_EACH_ROLE_END(role)
34246 + update_inodev_entry(matchn->inode, matchn->device,
34247 + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev);
34253 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
34255 + struct name_entry *matchn;
34257 + if (unlikely(!(gr_status & GR_READY)))
34260 + preempt_disable();
34261 + matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
34263 + if (unlikely((unsigned long)matchn)) {
34264 + write_lock(&gr_inode_lock);
34265 + do_handle_create(matchn, dentry, mnt);
34266 + write_unlock(&gr_inode_lock);
34268 + preempt_enable();
34274 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
34275 + struct dentry *old_dentry,
34276 + struct dentry *new_dentry,
34277 + struct vfsmount *mnt, const __u8 replace)
34279 + struct name_entry *matchn;
34280 + struct inodev_entry *inodev;
34282 + /* vfs_rename swaps the name and parent link for old_dentry and
34284 + at this point, old_dentry has the new name, parent link, and inode
34285 + for the renamed file
34286 + if a file is being replaced by a rename, new_dentry has the inode
34287 + and name for the replaced file
34290 + if (unlikely(!(gr_status & GR_READY)))
34293 + preempt_disable();
34294 + matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
34296 + /* we wouldn't have to check d_inode if it weren't for
34297 + NFS silly-renaming
34300 + write_lock(&gr_inode_lock);
34301 + if (unlikely(replace && new_dentry->d_inode)) {
34302 + inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino,
34303 + new_dentry->d_inode->i_sb->s_dev);
34304 + if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1))
34305 + do_handle_delete(inodev, new_dentry->d_inode->i_ino,
34306 + new_dentry->d_inode->i_sb->s_dev);
34309 + inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino,
34310 + old_dentry->d_inode->i_sb->s_dev);
34311 + if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
34312 + do_handle_delete(inodev, old_dentry->d_inode->i_ino,
34313 + old_dentry->d_inode->i_sb->s_dev);
34315 + if (unlikely((unsigned long)matchn))
34316 + do_handle_create(matchn, old_dentry, mnt);
34318 + write_unlock(&gr_inode_lock);
34319 + preempt_enable();
34325 +lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
34326 + unsigned char **sum)
34328 + struct acl_role_label *r;
34329 + struct role_allowed_ip *ipp;
34330 + struct role_transition *trans;
34334 + /* check transition table */
34336 + for (trans = current->role->transitions; trans; trans = trans->next) {
34337 + if (!strcmp(rolename, trans->rolename)) {
34346 + /* handle special roles that do not require authentication
34349 + FOR_EACH_ROLE_START(r)
34350 + if (!strcmp(rolename, r->rolename) &&
34351 + (r->roletype & GR_ROLE_SPECIAL)) {
34353 + if (r->allowed_ips != NULL) {
34354 + for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
34355 + if ((ntohl(current->signal->curr_ip) & ipp->netmask) ==
34356 + (ntohl(ipp->addr) & ipp->netmask))
34364 + if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
34365 + ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
34371 + FOR_EACH_ROLE_END(r)
34373 + for (i = 0; i < num_sprole_pws; i++) {
34374 + if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
34375 + *salt = acl_special_roles[i]->salt;
34376 + *sum = acl_special_roles[i]->sum;
34385 +assign_special_role(char *rolename)
34387 + struct acl_object_label *obj;
34388 + struct acl_role_label *r;
34389 + struct acl_role_label *assigned = NULL;
34390 + struct task_struct *tsk;
34391 + struct file *filp;
34393 + FOR_EACH_ROLE_START(r)
34394 + if (!strcmp(rolename, r->rolename) &&
34395 + (r->roletype & GR_ROLE_SPECIAL)) {
34399 + FOR_EACH_ROLE_END(r)
34404 + read_lock(&tasklist_lock);
34405 + read_lock(&grsec_exec_file_lock);
34407 + tsk = current->parent;
34411 + filp = tsk->exec_file;
34412 + if (filp == NULL)
34415 + tsk->is_writable = 0;
34417 + tsk->acl_sp_role = 1;
34418 + tsk->acl_role_id = ++acl_sp_role_value;
34419 + tsk->role = assigned;
34420 + tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
34422 + /* ignore additional mmap checks for processes that are writable
34423 + by the default ACL */
34424 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34425 + if (unlikely(obj->mode & GR_WRITE))
34426 + tsk->is_writable = 1;
34427 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
34428 + if (unlikely(obj->mode & GR_WRITE))
34429 + tsk->is_writable = 1;
34431 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34432 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
34436 + read_unlock(&grsec_exec_file_lock);
34437 + read_unlock(&tasklist_lock);
34441 +int gr_check_secure_terminal(struct task_struct *task)
34443 + struct task_struct *p, *p2, *p3;
34444 + struct files_struct *files;
34445 + struct fdtable *fdt;
34446 + struct file *our_file = NULL, *file;
34449 + if (task->signal->tty == NULL)
34452 + files = get_files_struct(task);
34453 + if (files != NULL) {
34455 + fdt = files_fdtable(files);
34456 + for (i=0; i < fdt->max_fds; i++) {
34457 + file = fcheck_files(files, i);
34458 + if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
34463 + rcu_read_unlock();
34464 + put_files_struct(files);
34467 + if (our_file == NULL)
34470 + read_lock(&tasklist_lock);
34471 + do_each_thread(p2, p) {
34472 + files = get_files_struct(p);
34473 + if (files == NULL ||
34474 + (p->signal && p->signal->tty == task->signal->tty)) {
34475 + if (files != NULL)
34476 + put_files_struct(files);
34480 + fdt = files_fdtable(files);
34481 + for (i=0; i < fdt->max_fds; i++) {
34482 + file = fcheck_files(files, i);
34483 + if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
34484 + file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
34486 + while (p3->pid > 0) {
34493 + gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
34494 + gr_handle_alertkill(p);
34495 + rcu_read_unlock();
34496 + put_files_struct(files);
34497 + read_unlock(&tasklist_lock);
34502 + rcu_read_unlock();
34503 + put_files_struct(files);
34504 + } while_each_thread(p2, p);
34505 + read_unlock(&tasklist_lock);
34512 +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
34514 + struct gr_arg_wrapper uwrap;
34515 + unsigned char *sprole_salt = NULL;
34516 + unsigned char *sprole_sum = NULL;
34517 + int error = sizeof (struct gr_arg_wrapper);
34520 + down(&gr_dev_sem);
34522 + if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
34527 + if (count != sizeof (struct gr_arg_wrapper)) {
34528 + gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
34534 + if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
34535 + gr_auth_expires = 0;
34536 + gr_auth_attempts = 0;
34539 + if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
34544 + if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
34549 + if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
34554 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
34555 + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
34556 + time_after(gr_auth_expires, get_seconds())) {
34561 + /* if non-root trying to do anything other than use a special role,
34562 + do not attempt authentication, do not count towards authentication
34566 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
34567 + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
34573 + /* ensure pw and special role name are null terminated */
34575 + gr_usermode->pw[GR_PW_LEN - 1] = '\0';
34576 + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
34579 + * We have our enough of the argument structure..(we have yet
34580 + * to copy_from_user the tables themselves) . Copy the tables
34581 + * only if we need them, i.e. for loading operations. */
34583 + switch (gr_usermode->mode) {
34585 + if (gr_status & GR_READY) {
34587 + if (!gr_check_secure_terminal(current))
34592 + case GR_SHUTDOWN:
34593 + if ((gr_status & GR_READY)
34594 + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34595 + pax_open_kernel();
34596 + gr_status &= ~GR_READY;
34597 + pax_close_kernel();
34599 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
34600 + free_variables();
34601 + memset(gr_usermode, 0, sizeof (struct gr_arg));
34602 + memset(gr_system_salt, 0, GR_SALT_LEN);
34603 + memset(gr_system_sum, 0, GR_SHA_LEN);
34604 + } else if (gr_status & GR_READY) {
34605 + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
34608 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
34613 + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
34614 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
34616 + if (gr_status & GR_READY)
34620 + gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
34624 + if (!(gr_status & GR_READY)) {
34625 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
34627 + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34630 + pax_open_kernel();
34631 + gr_status &= ~GR_READY;
34632 + pax_close_kernel();
34634 + free_variables();
34635 + if (!(error2 = gracl_init(gr_usermode))) {
34637 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
34641 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
34644 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
34649 + if (unlikely(!(gr_status & GR_READY))) {
34650 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
34655 + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
34656 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
34657 + if (gr_usermode->segv_device && gr_usermode->segv_inode) {
34658 + struct acl_subject_label *segvacl;
34660 + lookup_acl_subj_label(gr_usermode->segv_inode,
34661 + gr_usermode->segv_device,
34664 + segvacl->crashes = 0;
34665 + segvacl->expires = 0;
34667 + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
34668 + gr_remove_uid(gr_usermode->segv_uid);
34671 + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
34676 + case GR_SPROLEPAM:
34677 + if (unlikely(!(gr_status & GR_READY))) {
34678 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
34683 + if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
34684 + current->role->expires = 0;
34685 + current->role->auth_attempts = 0;
34688 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
34689 + time_after(current->role->expires, get_seconds())) {
34694 + if (lookup_special_role_auth
34695 + (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
34696 + && ((!sprole_salt && !sprole_sum)
34697 + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
34699 + assign_special_role(gr_usermode->sp_role);
34700 + read_lock(&tasklist_lock);
34701 + if (current->parent)
34702 + p = current->parent->role->rolename;
34703 + read_unlock(&tasklist_lock);
34704 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
34705 + p, acl_sp_role_value);
34707 + gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
34709 + if(!(current->role->auth_attempts++))
34710 + current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
34715 + case GR_UNSPROLE:
34716 + if (unlikely(!(gr_status & GR_READY))) {
34717 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
34722 + if (current->role->roletype & GR_ROLE_SPECIAL) {
34726 + read_lock(&tasklist_lock);
34727 + if (current->parent) {
34728 + p = current->parent->role->rolename;
34729 + i = current->parent->acl_role_id;
34731 + read_unlock(&tasklist_lock);
34733 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
34736 + gr_log_str(GR_DONT_AUDIT, GR_UNSPROLEF_ACL_MSG, current->role->rolename);
34742 + gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
34747 + if (error != -EPERM)
34750 + if(!(gr_auth_attempts++))
34751 + gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
34759 +gr_set_acls(const int type)
34761 + struct acl_object_label *obj;
34762 + struct task_struct *task, *task2;
34763 + struct file *filp;
34764 + struct acl_role_label *role = current->role;
34765 + __u16 acl_role_id = current->acl_role_id;
34766 + const struct cred *cred;
34768 + struct name_entry *nmatch;
34769 + struct acl_subject_label *tmpsubj;
34771 + read_lock(&tasklist_lock);
34772 + read_lock(&grsec_exec_file_lock);
34773 + do_each_thread(task2, task) {
34774 + /* check to see if we're called from the exit handler,
34775 + if so, only replace ACLs that have inherited the admin
34778 + if (type && (task->role != role ||
34779 + task->acl_role_id != acl_role_id))
34782 + task->acl_role_id = 0;
34783 + task->acl_sp_role = 0;
34785 + if ((filp = task->exec_file)) {
34786 + cred = __task_cred(task);
34787 + task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
34789 + /* the following is to apply the correct subject
34790 + on binaries running when the RBAC system
34791 + is enabled, when the binaries have been
34792 + replaced or deleted since their execution
34794 + when the RBAC system starts, the inode/dev
34795 + from exec_file will be one the RBAC system
34796 + is unaware of. It only knows the inode/dev
34797 + of the present file on disk, or the absence
34800 + preempt_disable();
34801 + tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
34803 + nmatch = lookup_name_entry(tmpname);
34804 + preempt_enable();
34807 + if (nmatch->deleted)
34808 + tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
34810 + tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
34811 + if (tmpsubj != NULL)
34812 + task->acl = tmpsubj;
34814 + if (tmpsubj == NULL)
34815 + task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
34818 + struct acl_subject_label *curr;
34819 + curr = task->acl;
34821 + task->is_writable = 0;
34822 + /* ignore additional mmap checks for processes that are writable
34823 + by the default ACL */
34824 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
34825 + if (unlikely(obj->mode & GR_WRITE))
34826 + task->is_writable = 1;
34827 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
34828 + if (unlikely(obj->mode & GR_WRITE))
34829 + task->is_writable = 1;
34831 + gr_set_proc_res(task);
34833 +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
34834 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
34837 + read_unlock(&grsec_exec_file_lock);
34838 + read_unlock(&tasklist_lock);
34839 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
34843 + // it's a kernel process
34844 + task->role = kernel_role;
34845 + task->acl = kernel_role->root_label;
34846 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
34847 + task->acl->mode &= ~GR_PROCFIND;
34850 + } while_each_thread(task2, task);
34851 + read_unlock(&grsec_exec_file_lock);
34852 + read_unlock(&tasklist_lock);
34857 +gr_learn_resource(const struct task_struct *task,
34858 + const int res, const unsigned long wanted, const int gt)
34860 + struct acl_subject_label *acl;
34861 + const struct cred *cred;
34863 + if (unlikely((gr_status & GR_READY) &&
34864 + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
34865 + goto skip_reslog;
34867 +#ifdef CONFIG_GRKERNSEC_RESLOG
34868 + gr_log_resource(task, res, wanted, gt);
34872 + if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
34877 + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
34878 + !(acl->resmask & (1 << (unsigned short) res))))
34881 + if (wanted >= acl->res[res].rlim_cur) {
34882 + unsigned long res_add;
34884 + res_add = wanted;
34887 + res_add += GR_RLIM_CPU_BUMP;
34889 + case RLIMIT_FSIZE:
34890 + res_add += GR_RLIM_FSIZE_BUMP;
34892 + case RLIMIT_DATA:
34893 + res_add += GR_RLIM_DATA_BUMP;
34895 + case RLIMIT_STACK:
34896 + res_add += GR_RLIM_STACK_BUMP;
34898 + case RLIMIT_CORE:
34899 + res_add += GR_RLIM_CORE_BUMP;
34902 + res_add += GR_RLIM_RSS_BUMP;
34904 + case RLIMIT_NPROC:
34905 + res_add += GR_RLIM_NPROC_BUMP;
34907 + case RLIMIT_NOFILE:
34908 + res_add += GR_RLIM_NOFILE_BUMP;
34910 + case RLIMIT_MEMLOCK:
34911 + res_add += GR_RLIM_MEMLOCK_BUMP;
34914 + res_add += GR_RLIM_AS_BUMP;
34916 + case RLIMIT_LOCKS:
34917 + res_add += GR_RLIM_LOCKS_BUMP;
34919 + case RLIMIT_SIGPENDING:
34920 + res_add += GR_RLIM_SIGPENDING_BUMP;
34922 + case RLIMIT_MSGQUEUE:
34923 + res_add += GR_RLIM_MSGQUEUE_BUMP;
34925 + case RLIMIT_NICE:
34926 + res_add += GR_RLIM_NICE_BUMP;
34928 + case RLIMIT_RTPRIO:
34929 + res_add += GR_RLIM_RTPRIO_BUMP;
34931 + case RLIMIT_RTTIME:
34932 + res_add += GR_RLIM_RTTIME_BUMP;
34936 + acl->res[res].rlim_cur = res_add;
34938 + if (wanted > acl->res[res].rlim_max)
34939 + acl->res[res].rlim_max = res_add;
34941 + /* only log the subject filename, since resource logging is supported for
34942 + single-subject learning only */
34943 + cred = __task_cred(task);
34944 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
34945 + task->role->roletype, cred->uid, cred->gid, acl->filename,
34946 + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
34947 + "", (unsigned long) res, &task->signal->curr_ip);
34953 +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
34955 +pax_set_initial_flags(struct linux_binprm *bprm)
34957 + struct task_struct *task = current;
34958 + struct acl_subject_label *proc;
34959 + unsigned long flags;
34961 + if (unlikely(!(gr_status & GR_READY)))
34964 + flags = pax_get_flags(task);
34966 + proc = task->acl;
34968 + if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
34969 + flags &= ~MF_PAX_PAGEEXEC;
34970 + if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
34971 + flags &= ~MF_PAX_SEGMEXEC;
34972 + if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
34973 + flags &= ~MF_PAX_RANDMMAP;
34974 + if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
34975 + flags &= ~MF_PAX_EMUTRAMP;
34976 + if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
34977 + flags &= ~MF_PAX_MPROTECT;
34979 + if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
34980 + flags |= MF_PAX_PAGEEXEC;
34981 + if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
34982 + flags |= MF_PAX_SEGMEXEC;
34983 + if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
34984 + flags |= MF_PAX_RANDMMAP;
34985 + if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
34986 + flags |= MF_PAX_EMUTRAMP;
34987 + if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
34988 + flags |= MF_PAX_MPROTECT;
34990 + pax_set_flags(task, flags);
34996 +#ifdef CONFIG_SYSCTL
34997 +/* Eric Biederman likes breaking userland ABI and every inode-based security
34998 + system to save 35kb of memory */
35000 +/* we modify the passed in filename, but adjust it back before returning */
35001 +static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
35003 + struct name_entry *nmatch;
35004 + char *p, *lastp = NULL;
35005 + struct acl_object_label *obj = NULL, *tmp;
35006 + struct acl_subject_label *tmpsubj;
35009 + read_lock(&gr_inode_lock);
35011 + p = name + len - 1;
35013 + nmatch = lookup_name_entry(name);
35014 + if (lastp != NULL)
35017 + if (nmatch == NULL)
35018 + goto next_component;
35019 + tmpsubj = current->acl;
35021 + obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
35022 + if (obj != NULL) {
35023 + tmp = obj->globbed;
35025 + if (!glob_match(tmp->filename, name)) {
35033 + } while ((tmpsubj = tmpsubj->parent_subject));
35039 + while (*p != '/')
35051 + read_unlock(&gr_inode_lock);
35052 + /* obj returned will always be non-null */
35056 +/* returns 0 when allowing, non-zero on error
35057 + op of 0 is used for readdir, so we don't log the names of hidden files
35060 +gr_handle_sysctl(const struct ctl_table *table, const int op)
35063 + const char *proc_sys = "/proc/sys";
35065 + struct acl_object_label *obj;
35066 + unsigned short len = 0, pos = 0, depth = 0, i;
35070 + if (unlikely(!(gr_status & GR_READY)))
35073 + /* for now, ignore operations on non-sysctl entries if it's not a
35075 + if (table->child != NULL && op != 0)
35079 + /* it's only a read if it's an entry, read on dirs is for readdir */
35080 + if (op & MAY_READ)
35082 + if (op & MAY_WRITE)
35083 + mode |= GR_WRITE;
35085 + preempt_disable();
35087 + path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
35089 + /* it's only a read/write if it's an actual entry, not a dir
35090 + (which are opened for readdir)
35093 + /* convert the requested sysctl entry into a pathname */
35095 + for (tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
35096 + len += strlen(tmp->procname);
35101 + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
35106 + memset(path, 0, PAGE_SIZE);
35108 + memcpy(path, proc_sys, strlen(proc_sys));
35110 + pos += strlen(proc_sys);
35112 + for (; depth > 0; depth--) {
35115 + for (i = 1, tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
35116 + if (depth == i) {
35117 + memcpy(path + pos, tmp->procname,
35118 + strlen(tmp->procname));
35119 + pos += strlen(tmp->procname);
35125 + obj = gr_lookup_by_name(path, pos);
35126 + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
35128 + if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
35129 + ((err & mode) != mode))) {
35130 + __u32 new_mode = mode;
35132 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
35135 + gr_log_learn_sysctl(path, new_mode);
35136 + } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
35137 + gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
35139 + } else if (!(err & GR_FIND)) {
35141 + } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
35142 + gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
35143 + path, (mode & GR_READ) ? " reading" : "",
35144 + (mode & GR_WRITE) ? " writing" : "");
35146 + } else if ((err & mode) != mode) {
35148 + } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
35149 + gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
35150 + path, (mode & GR_READ) ? " reading" : "",
35151 + (mode & GR_WRITE) ? " writing" : "");
35157 + preempt_enable();
35164 +gr_handle_proc_ptrace(struct task_struct *task)
35166 + struct file *filp;
35167 + struct task_struct *tmp = task;
35168 + struct task_struct *curtemp = current;
35171 +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
35172 + if (unlikely(!(gr_status & GR_READY)))
35176 + read_lock(&tasklist_lock);
35177 + read_lock(&grsec_exec_file_lock);
35178 + filp = task->exec_file;
35180 + while (tmp->pid > 0) {
35181 + if (tmp == curtemp)
35183 + tmp = tmp->parent;
35186 + if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
35187 + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
35188 + read_unlock(&grsec_exec_file_lock);
35189 + read_unlock(&tasklist_lock);
35193 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
35194 + if (!(gr_status & GR_READY)) {
35195 + read_unlock(&grsec_exec_file_lock);
35196 + read_unlock(&tasklist_lock);
35201 + retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
35202 + read_unlock(&grsec_exec_file_lock);
35203 + read_unlock(&tasklist_lock);
35205 + if (retmode & GR_NOPTRACE)
35208 + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
35209 + && (current->acl != task->acl || (current->acl != current->role->root_label
35210 + && current->pid != task->pid)))
35217 +gr_handle_ptrace(struct task_struct *task, const long request)
35219 + struct task_struct *tmp = task;
35220 + struct task_struct *curtemp = current;
35223 +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
35224 + if (unlikely(!(gr_status & GR_READY)))
35228 + read_lock(&tasklist_lock);
35229 + while (tmp->pid > 0) {
35230 + if (tmp == curtemp)
35232 + tmp = tmp->parent;
35235 + if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
35236 + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
35237 + read_unlock(&tasklist_lock);
35238 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35241 + read_unlock(&tasklist_lock);
35243 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
35244 + if (!(gr_status & GR_READY))
35248 + read_lock(&grsec_exec_file_lock);
35249 + if (unlikely(!task->exec_file)) {
35250 + read_unlock(&grsec_exec_file_lock);
35254 + retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
35255 + read_unlock(&grsec_exec_file_lock);
35257 + if (retmode & GR_NOPTRACE) {
35258 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35262 + if (retmode & GR_PTRACERD) {
35263 + switch (request) {
35264 + case PTRACE_POKETEXT:
35265 + case PTRACE_POKEDATA:
35266 + case PTRACE_POKEUSR:
35267 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
35268 + case PTRACE_SETREGS:
35269 + case PTRACE_SETFPREGS:
35272 + case PTRACE_SETFPXREGS:
35274 +#ifdef CONFIG_ALTIVEC
35275 + case PTRACE_SETVRREGS:
35281 + } else if (!(current->acl->mode & GR_POVERRIDE) &&
35282 + !(current->role->roletype & GR_ROLE_GOD) &&
35283 + (current->acl != task->acl)) {
35284 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
35291 +static int is_writable_mmap(const struct file *filp)
35293 + struct task_struct *task = current;
35294 + struct acl_object_label *obj, *obj2;
35296 + if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
35297 + !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode)) {
35298 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
35299 + obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
35300 + task->role->root_label);
35301 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
35302 + gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
35310 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
35314 + if (unlikely(!file || !(prot & PROT_EXEC)))
35317 + if (is_writable_mmap(file))
35321 + gr_search_file(file->f_path.dentry,
35322 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
35323 + file->f_path.mnt);
35325 + if (!gr_tpe_allow(file))
35328 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
35329 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35331 + } else if (unlikely(!(mode & GR_EXEC))) {
35333 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
35334 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35342 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
35346 + if (unlikely(!file || !(prot & PROT_EXEC)))
35349 + if (is_writable_mmap(file))
35353 + gr_search_file(file->f_path.dentry,
35354 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
35355 + file->f_path.mnt);
35357 + if (!gr_tpe_allow(file))
35360 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
35361 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35363 + } else if (unlikely(!(mode & GR_EXEC))) {
35365 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
35366 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
35374 +gr_acl_handle_psacct(struct task_struct *task, const long code)
35376 + unsigned long runtime;
35377 + unsigned long cputime;
35378 + unsigned int wday, cday;
35382 + struct timespec timeval;
35384 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
35385 + !(task->acl->mode & GR_PROCACCT)))
35388 + do_posix_clock_monotonic_gettime(&timeval);
35389 + runtime = timeval.tv_sec - task->start_time.tv_sec;
35390 + wday = runtime / (3600 * 24);
35391 + runtime -= wday * (3600 * 24);
35392 + whr = runtime / 3600;
35393 + runtime -= whr * 3600;
35394 + wmin = runtime / 60;
35395 + runtime -= wmin * 60;
35398 + cputime = (task->utime + task->stime) / HZ;
35399 + cday = cputime / (3600 * 24);
35400 + cputime -= cday * (3600 * 24);
35401 + chr = cputime / 3600;
35402 + cputime -= chr * 3600;
35403 + cmin = cputime / 60;
35404 + cputime -= cmin * 60;
35407 + gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
35412 +void gr_set_kernel_label(struct task_struct *task)
35414 + if (gr_status & GR_READY) {
35415 + task->role = kernel_role;
35416 + task->acl = kernel_role->root_label;
35421 +#ifdef CONFIG_TASKSTATS
35422 +int gr_is_taskstats_denied(int pid)
35424 + struct task_struct *task;
35425 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35426 + const struct cred *cred;
35430 + /* restrict taskstats viewing to un-chrooted root users
35431 + who have the 'view' subject flag if the RBAC system is enabled
35434 + read_lock(&tasklist_lock);
35435 + task = find_task_by_vpid(pid);
35438 +#ifdef CONFIG_GRKERNSEC_CHROOT
35439 + if (proc_is_chrooted(task))
35442 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35443 + cred = __task_cred(task);
35444 +#ifdef CONFIG_GRKERNSEC_PROC_USER
35445 + if (cred->uid != 0)
35447 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
35448 + if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID))
35452 + if (gr_status & GR_READY) {
35453 + if (!(task->acl->mode & GR_VIEW))
35457 + task_unlock(task);
35461 + read_unlock(&tasklist_lock);
35467 +int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
35469 + struct task_struct *task = current;
35470 + struct dentry *dentry = file->f_path.dentry;
35471 + struct vfsmount *mnt = file->f_path.mnt;
35472 + struct acl_object_label *obj, *tmp;
35473 + struct acl_subject_label *subj;
35474 + unsigned int bufsize;
35478 + if (unlikely(!(gr_status & GR_READY)))
35481 + if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
35484 + /* ignore Eric Biederman */
35485 + if (IS_PRIVATE(dentry->d_inode))
35488 + subj = task->acl;
35490 + obj = lookup_acl_obj_label(ino, dentry->d_inode->i_sb->s_dev, subj);
35492 + return (obj->mode & GR_FIND) ? 1 : 0;
35493 + } while ((subj = subj->parent_subject));
35495 + /* this is purely an optimization since we're looking for an object
35496 + for the directory we're doing a readdir on
35497 + if it's possible for any globbed object to match the entry we're
35498 + filling into the directory, then the object we find here will be
35499 + an anchor point with attached globbed objects
35501 + obj = chk_obj_label_noglob(dentry, mnt, task->acl);
35502 + if (obj->globbed == NULL)
35503 + return (obj->mode & GR_FIND) ? 1 : 0;
35505 + is_not_root = ((obj->filename[0] == '/') &&
35506 + (obj->filename[1] == '\0')) ? 0 : 1;
35507 + bufsize = PAGE_SIZE - namelen - is_not_root;
35509 + /* check bufsize > PAGE_SIZE || bufsize == 0 */
35510 + if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
35513 + preempt_disable();
35514 + path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
35517 + bufsize = strlen(path);
35519 + /* if base is "/", don't append an additional slash */
35521 + *(path + bufsize) = '/';
35522 + memcpy(path + bufsize + is_not_root, name, namelen);
35523 + *(path + bufsize + namelen + is_not_root) = '\0';
35525 + tmp = obj->globbed;
35527 + if (!glob_match(tmp->filename, path)) {
35528 + preempt_enable();
35529 + return (tmp->mode & GR_FIND) ? 1 : 0;
35533 + preempt_enable();
35534 + return (obj->mode & GR_FIND) ? 1 : 0;
35537 +EXPORT_SYMBOL(gr_learn_resource);
35538 +EXPORT_SYMBOL(gr_set_kernel_label);
35539 +#ifdef CONFIG_SECURITY
35540 +EXPORT_SYMBOL(gr_check_user_change);
35541 +EXPORT_SYMBOL(gr_check_group_change);
35544 diff -urNp linux-2.6.32.1/grsecurity/gracl_cap.c linux-2.6.32.1/grsecurity/gracl_cap.c
35545 --- linux-2.6.32.1/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
35546 +++ linux-2.6.32.1/grsecurity/gracl_cap.c 2009-12-14 18:33:58.960821027 -0500
35548 +#include <linux/kernel.h>
35549 +#include <linux/module.h>
35550 +#include <linux/sched.h>
35551 +#include <linux/gracl.h>
35552 +#include <linux/grsecurity.h>
35553 +#include <linux/grinternal.h>
35555 +static const char *captab_log[] = {
35557 + "CAP_DAC_OVERRIDE",
35558 + "CAP_DAC_READ_SEARCH",
35565 + "CAP_LINUX_IMMUTABLE",
35566 + "CAP_NET_BIND_SERVICE",
35567 + "CAP_NET_BROADCAST",
35572 + "CAP_SYS_MODULE",
35574 + "CAP_SYS_CHROOT",
35575 + "CAP_SYS_PTRACE",
35580 + "CAP_SYS_RESOURCE",
35582 + "CAP_SYS_TTY_CONFIG",
35585 + "CAP_AUDIT_WRITE",
35586 + "CAP_AUDIT_CONTROL",
35588 + "CAP_MAC_OVERRIDE",
35592 +EXPORT_SYMBOL(gr_is_capable);
35593 +EXPORT_SYMBOL(gr_is_capable_nolog);
35596 +gr_is_capable(const int cap)
35598 + struct task_struct *task = current;
35599 + const struct cred *cred = current_cred();
35600 + struct acl_subject_label *curracl;
35601 + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
35603 + if (!gr_acl_is_enabled())
35606 + curracl = task->acl;
35608 + cap_drop = curracl->cap_lower;
35609 + cap_mask = curracl->cap_mask;
35611 + while ((curracl = curracl->parent_subject)) {
35612 + /* if the cap isn't specified in the current computed mask but is specified in the
35613 + current level subject, and is lowered in the current level subject, then add
35614 + it to the set of dropped capabilities
35615 + otherwise, add the current level subject's mask to the current computed mask
35617 + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
35618 + cap_raise(cap_mask, cap);
35619 + if (cap_raised(curracl->cap_lower, cap))
35620 + cap_raise(cap_drop, cap);
35624 + if (!cap_raised(cap_drop, cap))
35627 + curracl = task->acl;
35629 + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
35630 + && cap_raised(cred->cap_effective, cap)) {
35631 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
35632 + task->role->roletype, cred->uid,
35633 + cred->gid, task->exec_file ?
35634 + gr_to_filename(task->exec_file->f_path.dentry,
35635 + task->exec_file->f_path.mnt) : curracl->filename,
35636 + curracl->filename, 0UL,
35637 + 0UL, "", (unsigned long) cap, &task->signal->curr_ip);
35641 + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap))
35642 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
35647 +gr_is_capable_nolog(const int cap)
35649 + struct acl_subject_label *curracl;
35650 + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
35652 + if (!gr_acl_is_enabled())
35655 + curracl = current->acl;
35657 + cap_drop = curracl->cap_lower;
35658 + cap_mask = curracl->cap_mask;
35660 + while ((curracl = curracl->parent_subject)) {
35661 + /* if the cap isn't specified in the current computed mask but is specified in the
35662 + current level subject, and is lowered in the current level subject, then add
35663 + it to the set of dropped capabilities
35664 + otherwise, add the current level subject's mask to the current computed mask
35666 + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
35667 + cap_raise(cap_mask, cap);
35668 + if (cap_raised(curracl->cap_lower, cap))
35669 + cap_raise(cap_drop, cap);
35673 + if (!cap_raised(cap_drop, cap))
35679 diff -urNp linux-2.6.32.1/grsecurity/gracl_fs.c linux-2.6.32.1/grsecurity/gracl_fs.c
35680 --- linux-2.6.32.1/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
35681 +++ linux-2.6.32.1/grsecurity/gracl_fs.c 2009-12-14 18:33:58.960821027 -0500
35683 +#include <linux/kernel.h>
35684 +#include <linux/sched.h>
35685 +#include <linux/types.h>
35686 +#include <linux/fs.h>
35687 +#include <linux/file.h>
35688 +#include <linux/stat.h>
35689 +#include <linux/grsecurity.h>
35690 +#include <linux/grinternal.h>
35691 +#include <linux/gracl.h>
35694 +gr_acl_handle_hidden_file(const struct dentry * dentry,
35695 + const struct vfsmount * mnt)
35699 + if (unlikely(!dentry->d_inode))
35703 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
35705 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
35706 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
35708 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
35709 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
35711 + } else if (unlikely(!(mode & GR_FIND)))
35718 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
35721 + __u32 reqmode = GR_FIND;
35724 + if (unlikely(!dentry->d_inode))
35727 + if (unlikely(fmode & O_APPEND))
35728 + reqmode |= GR_APPEND;
35729 + else if (unlikely(fmode & FMODE_WRITE))
35730 + reqmode |= GR_WRITE;
35731 + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
35732 + reqmode |= GR_READ;
35733 + if ((fmode & FMODE_GREXEC) && (fmode & FMODE_EXEC))
35734 + reqmode &= ~GR_READ;
35736 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
35739 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35740 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
35741 + reqmode & GR_READ ? " reading" : "",
35742 + reqmode & GR_WRITE ? " writing" : reqmode &
35743 + GR_APPEND ? " appending" : "");
35746 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35748 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
35749 + reqmode & GR_READ ? " reading" : "",
35750 + reqmode & GR_WRITE ? " writing" : reqmode &
35751 + GR_APPEND ? " appending" : "");
35753 + } else if (unlikely((mode & reqmode) != reqmode))
35760 +gr_acl_handle_creat(const struct dentry * dentry,
35761 + const struct dentry * p_dentry,
35762 + const struct vfsmount * p_mnt, const int fmode,
35765 + __u32 reqmode = GR_WRITE | GR_CREATE;
35768 + if (unlikely(fmode & O_APPEND))
35769 + reqmode |= GR_APPEND;
35770 + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
35771 + reqmode |= GR_READ;
35772 + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
35773 + reqmode |= GR_SETID;
35776 + gr_check_create(dentry, p_dentry, p_mnt,
35777 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
35779 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35780 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
35781 + reqmode & GR_READ ? " reading" : "",
35782 + reqmode & GR_WRITE ? " writing" : reqmode &
35783 + GR_APPEND ? " appending" : "");
35786 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35788 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
35789 + reqmode & GR_READ ? " reading" : "",
35790 + reqmode & GR_WRITE ? " writing" : reqmode &
35791 + GR_APPEND ? " appending" : "");
35793 + } else if (unlikely((mode & reqmode) != reqmode))
35800 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
35803 + __u32 mode, reqmode = GR_FIND;
35805 + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
35806 + reqmode |= GR_EXEC;
35807 + if (fmode & S_IWOTH)
35808 + reqmode |= GR_WRITE;
35809 + if (fmode & S_IROTH)
35810 + reqmode |= GR_READ;
35813 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
35816 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
35817 + gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
35818 + reqmode & GR_READ ? " reading" : "",
35819 + reqmode & GR_WRITE ? " writing" : "",
35820 + reqmode & GR_EXEC ? " executing" : "");
35823 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
35825 + gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
35826 + reqmode & GR_READ ? " reading" : "",
35827 + reqmode & GR_WRITE ? " writing" : "",
35828 + reqmode & GR_EXEC ? " executing" : "");
35830 + } else if (unlikely((mode & reqmode) != reqmode))
35836 +static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
35840 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
35842 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
35843 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
35845 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
35846 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
35848 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
35851 + return (reqmode);
35855 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
35857 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
35861 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
35863 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
35867 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
35869 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
35873 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
35875 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
35879 +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
35882 + if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
35885 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
35886 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
35887 + GR_FCHMOD_ACL_MSG);
35889 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
35894 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
35897 + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
35898 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
35899 + GR_CHMOD_ACL_MSG);
35901 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
35906 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
35908 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
35912 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
35914 + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
35918 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
35920 + return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
35921 + GR_UNIXCONNECT_ACL_MSG);
35924 +/* hardlinks require at minimum create permission,
35925 + any additional privilege required is based on the
35926 + privilege of the file being linked to
35929 +gr_acl_handle_link(const struct dentry * new_dentry,
35930 + const struct dentry * parent_dentry,
35931 + const struct vfsmount * parent_mnt,
35932 + const struct dentry * old_dentry,
35933 + const struct vfsmount * old_mnt, const char *to)
35936 + __u32 needmode = GR_CREATE | GR_LINK;
35937 + __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
35940 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
35943 + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
35944 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
35946 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
35947 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
35949 + } else if (unlikely((mode & needmode) != needmode))
35956 +gr_acl_handle_symlink(const struct dentry * new_dentry,
35957 + const struct dentry * parent_dentry,
35958 + const struct vfsmount * parent_mnt, const char *from)
35960 + __u32 needmode = GR_WRITE | GR_CREATE;
35964 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
35965 + GR_CREATE | GR_AUDIT_CREATE |
35966 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
35968 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
35969 + gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
35971 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
35972 + gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
35974 + } else if (unlikely((mode & needmode) != needmode))
35977 + return (GR_WRITE | GR_CREATE);
35980 +static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
35984 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
35986 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
35987 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
35989 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
35990 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
35992 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
35995 + return (reqmode);
35999 +gr_acl_handle_mknod(const struct dentry * new_dentry,
36000 + const struct dentry * parent_dentry,
36001 + const struct vfsmount * parent_mnt,
36004 + __u32 reqmode = GR_WRITE | GR_CREATE;
36005 + if (unlikely(mode & (S_ISUID | S_ISGID)))
36006 + reqmode |= GR_SETID;
36008 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
36009 + reqmode, GR_MKNOD_ACL_MSG);
36013 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
36014 + const struct dentry *parent_dentry,
36015 + const struct vfsmount *parent_mnt)
36017 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
36018 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
36021 +#define RENAME_CHECK_SUCCESS(old, new) \
36022 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
36023 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
36026 +gr_acl_handle_rename(struct dentry *new_dentry,
36027 + struct dentry *parent_dentry,
36028 + const struct vfsmount *parent_mnt,
36029 + struct dentry *old_dentry,
36030 + struct inode *old_parent_inode,
36031 + struct vfsmount *old_mnt, const char *newname)
36033 + __u32 comp1, comp2;
36036 + if (unlikely(!gr_acl_is_enabled()))
36039 + if (!new_dentry->d_inode) {
36040 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
36041 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
36042 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
36043 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
36044 + GR_DELETE | GR_AUDIT_DELETE |
36045 + GR_AUDIT_READ | GR_AUDIT_WRITE |
36046 + GR_SUPPRESS, old_mnt);
36048 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
36049 + GR_CREATE | GR_DELETE |
36050 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
36051 + GR_AUDIT_READ | GR_AUDIT_WRITE |
36052 + GR_SUPPRESS, parent_mnt);
36054 + gr_search_file(old_dentry,
36055 + GR_READ | GR_WRITE | GR_AUDIT_READ |
36056 + GR_DELETE | GR_AUDIT_DELETE |
36057 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
36060 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
36061 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
36062 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
36063 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
36064 + && !(comp2 & GR_SUPPRESS)) {
36065 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
36067 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
36074 +gr_acl_handle_exit(void)
36078 + struct file *exec_file;
36080 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
36081 + id = current->acl_role_id;
36082 + rolename = current->role->rolename;
36084 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
36087 + write_lock(&grsec_exec_file_lock);
36088 + exec_file = current->exec_file;
36089 + current->exec_file = NULL;
36090 + write_unlock(&grsec_exec_file_lock);
36097 +gr_acl_handle_procpidmem(const struct task_struct *task)
36099 + if (unlikely(!gr_acl_is_enabled()))
36102 + if (task != current && task->acl->mode & GR_PROTPROCFD)
36107 diff -urNp linux-2.6.32.1/grsecurity/gracl_ip.c linux-2.6.32.1/grsecurity/gracl_ip.c
36108 --- linux-2.6.32.1/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
36109 +++ linux-2.6.32.1/grsecurity/gracl_ip.c 2009-12-14 18:33:58.961941417 -0500
36111 +#include <linux/kernel.h>
36112 +#include <asm/uaccess.h>
36113 +#include <asm/errno.h>
36114 +#include <net/sock.h>
36115 +#include <linux/file.h>
36116 +#include <linux/fs.h>
36117 +#include <linux/net.h>
36118 +#include <linux/in.h>
36119 +#include <linux/skbuff.h>
36120 +#include <linux/ip.h>
36121 +#include <linux/udp.h>
36122 +#include <linux/smp_lock.h>
36123 +#include <linux/types.h>
36124 +#include <linux/sched.h>
36125 +#include <linux/netdevice.h>
36126 +#include <linux/inetdevice.h>
36127 +#include <linux/gracl.h>
36128 +#include <linux/grsecurity.h>
36129 +#include <linux/grinternal.h>
36131 +#define GR_BIND 0x01
36132 +#define GR_CONNECT 0x02
36133 +#define GR_INVERT 0x04
36134 +#define GR_BINDOVERRIDE 0x08
36135 +#define GR_CONNECTOVERRIDE 0x10
36137 +static const char * gr_protocols[256] = {
36138 + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
36139 + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
36140 + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
36141 + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
36142 + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
36143 + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
36144 + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
36145 + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
36146 + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
36147 + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
36148 + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
36149 + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
36150 + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
36151 + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
36152 + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
36153 + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
36154 + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
36155 + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
36156 + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
36157 + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
36158 + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
36159 + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
36160 + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
36161 + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
36162 + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
36163 + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
36164 + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
36165 + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
36166 + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
36167 + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
36168 + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
36169 + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
36172 +static const char * gr_socktypes[11] = {
36173 + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
36174 + "unknown:7", "unknown:8", "unknown:9", "packet"
36178 +gr_proto_to_name(unsigned char proto)
36180 + return gr_protocols[proto];
36184 +gr_socktype_to_name(unsigned char type)
36186 + return gr_socktypes[type];
36190 +gr_search_socket(const int domain, const int type, const int protocol)
36192 + struct acl_subject_label *curr;
36193 + const struct cred *cred = current_cred();
36195 + if (unlikely(!gr_acl_is_enabled()))
36198 + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
36199 + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
36200 + goto exit; // let the kernel handle it
36202 + curr = current->acl;
36207 + if ((curr->ip_type & (1 << type)) &&
36208 + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
36211 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
36212 + /* we don't place acls on raw sockets , and sometimes
36213 + dgram/ip sockets are opened for ioctl and not
36214 + bind/connect, so we'll fake a bind learn log */
36215 + if (type == SOCK_RAW || type == SOCK_PACKET) {
36216 + __u32 fakeip = 0;
36217 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36218 + current->role->roletype, cred->uid,
36219 + cred->gid, current->exec_file ?
36220 + gr_to_filename(current->exec_file->f_path.dentry,
36221 + current->exec_file->f_path.mnt) :
36222 + curr->filename, curr->filename,
36223 + &fakeip, 0, type,
36224 + protocol, GR_CONNECT, ¤t->signal->curr_ip);
36225 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
36226 + __u32 fakeip = 0;
36227 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36228 + current->role->roletype, cred->uid,
36229 + cred->gid, current->exec_file ?
36230 + gr_to_filename(current->exec_file->f_path.dentry,
36231 + current->exec_file->f_path.mnt) :
36232 + curr->filename, curr->filename,
36233 + &fakeip, 0, type,
36234 + protocol, GR_BIND, ¤t->signal->curr_ip);
36236 + /* we'll log when they use connect or bind */
36240 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet",
36241 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
36248 +int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
36250 + if ((ip->mode & mode) &&
36251 + (ip_port >= ip->low) &&
36252 + (ip_port <= ip->high) &&
36253 + ((ntohl(ip_addr) & our_netmask) ==
36254 + (ntohl(our_addr) & our_netmask))
36255 + && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
36256 + && (ip->type & (1 << type))) {
36257 + if (ip->mode & GR_INVERT)
36258 + return 2; // specifically denied
36260 + return 1; // allowed
36263 + return 0; // not specifically allowed, may continue parsing
36267 +gr_search_connectbind(const int full_mode, struct sock *sk,
36268 + struct sockaddr_in *addr, const int type)
36270 + char iface[IFNAMSIZ] = {0};
36271 + struct acl_subject_label *curr;
36272 + struct acl_ip_label *ip;
36273 + struct inet_sock *isk;
36274 + struct net_device *dev;
36275 + struct in_device *idev;
36278 + int mode = full_mode & (GR_BIND | GR_CONNECT);
36279 + __u32 ip_addr = 0;
36281 + __u32 our_netmask;
36283 + __u16 ip_port = 0;
36284 + const struct cred *cred = current_cred();
36286 + if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
36289 + curr = current->acl;
36290 + isk = inet_sk(sk);
36292 + /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
36293 + if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
36294 + addr->sin_addr.s_addr = curr->inaddr_any_override;
36295 + if ((full_mode & GR_CONNECT) && isk->saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
36296 + struct sockaddr_in saddr;
36299 + saddr.sin_family = AF_INET;
36300 + saddr.sin_addr.s_addr = curr->inaddr_any_override;
36301 + saddr.sin_port = isk->sport;
36303 + err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
36307 + err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
36315 + ip_addr = addr->sin_addr.s_addr;
36316 + ip_port = ntohs(addr->sin_port);
36318 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
36319 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
36320 + current->role->roletype, cred->uid,
36321 + cred->gid, current->exec_file ?
36322 + gr_to_filename(current->exec_file->f_path.dentry,
36323 + current->exec_file->f_path.mnt) :
36324 + curr->filename, curr->filename,
36325 + &ip_addr, ip_port, type,
36326 + sk->sk_protocol, mode, ¤t->signal->curr_ip);
36330 + for (i = 0; i < curr->ip_num; i++) {
36331 + ip = *(curr->ips + i);
36332 + if (ip->iface != NULL) {
36333 + strncpy(iface, ip->iface, IFNAMSIZ - 1);
36334 + p = strchr(iface, ':');
36337 + dev = dev_get_by_name(sock_net(sk), iface);
36340 + idev = in_dev_get(dev);
36341 + if (idev == NULL) {
36347 + if (!strcmp(ip->iface, ifa->ifa_label)) {
36348 + our_addr = ifa->ifa_address;
36349 + our_netmask = 0xffffffff;
36350 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
36352 + rcu_read_unlock();
36353 + in_dev_put(idev);
36356 + } else if (ret == 2) {
36357 + rcu_read_unlock();
36358 + in_dev_put(idev);
36363 + } endfor_ifa(idev);
36364 + rcu_read_unlock();
36365 + in_dev_put(idev);
36368 + our_addr = ip->addr;
36369 + our_netmask = ip->netmask;
36370 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
36373 + else if (ret == 2)
36379 + if (mode == GR_BIND)
36380 + gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
36381 + else if (mode == GR_CONNECT)
36382 + gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
36388 +gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
36390 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
36394 +gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
36396 + return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
36399 +int gr_search_listen(struct socket *sock)
36401 + struct sock *sk = sock->sk;
36402 + struct sockaddr_in addr;
36404 + addr.sin_addr.s_addr = inet_sk(sk)->saddr;
36405 + addr.sin_port = inet_sk(sk)->sport;
36407 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
36410 +int gr_search_accept(struct socket *sock)
36412 + struct sock *sk = sock->sk;
36413 + struct sockaddr_in addr;
36415 + addr.sin_addr.s_addr = inet_sk(sk)->saddr;
36416 + addr.sin_port = inet_sk(sk)->sport;
36418 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
36422 +gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
36425 + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
36427 + struct sockaddr_in sin;
36428 + const struct inet_sock *inet = inet_sk(sk);
36430 + sin.sin_addr.s_addr = inet->daddr;
36431 + sin.sin_port = inet->dport;
36433 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
36438 +gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
36440 + struct sockaddr_in sin;
36442 + if (unlikely(skb->len < sizeof (struct udphdr)))
36443 + return 0; // skip this packet
36445 + sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
36446 + sin.sin_port = udp_hdr(skb)->source;
36448 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
36450 diff -urNp linux-2.6.32.1/grsecurity/gracl_learn.c linux-2.6.32.1/grsecurity/gracl_learn.c
36451 --- linux-2.6.32.1/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
36452 +++ linux-2.6.32.1/grsecurity/gracl_learn.c 2009-12-14 18:33:58.961941417 -0500
36454 +#include <linux/kernel.h>
36455 +#include <linux/mm.h>
36456 +#include <linux/sched.h>
36457 +#include <linux/poll.h>
36458 +#include <linux/smp_lock.h>
36459 +#include <linux/string.h>
36460 +#include <linux/file.h>
36461 +#include <linux/types.h>
36462 +#include <linux/vmalloc.h>
36463 +#include <linux/grinternal.h>
36465 +extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
36466 + size_t count, loff_t *ppos);
36467 +extern int gr_acl_is_enabled(void);
36469 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
36470 +static int gr_learn_attached;
36472 +/* use a 512k buffer */
36473 +#define LEARN_BUFFER_SIZE (512 * 1024)
36475 +static DEFINE_SPINLOCK(gr_learn_lock);
36476 +static DECLARE_MUTEX(gr_learn_user_sem);
36478 +/* we need to maintain two buffers, so that the kernel context of grlearn
36479 + uses a semaphore around the userspace copying, and the other kernel contexts
36480 + use a spinlock when copying into the buffer, since they cannot sleep
36482 +static char *learn_buffer;
36483 +static char *learn_buffer_user;
36484 +static int learn_buffer_len;
36485 +static int learn_buffer_user_len;
36488 +read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
36490 + DECLARE_WAITQUEUE(wait, current);
36491 + ssize_t retval = 0;
36493 + add_wait_queue(&learn_wait, &wait);
36494 + set_current_state(TASK_INTERRUPTIBLE);
36496 + down(&gr_learn_user_sem);
36497 + spin_lock(&gr_learn_lock);
36498 + if (learn_buffer_len)
36500 + spin_unlock(&gr_learn_lock);
36501 + up(&gr_learn_user_sem);
36502 + if (file->f_flags & O_NONBLOCK) {
36503 + retval = -EAGAIN;
36506 + if (signal_pending(current)) {
36507 + retval = -ERESTARTSYS;
36514 + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
36515 + learn_buffer_user_len = learn_buffer_len;
36516 + retval = learn_buffer_len;
36517 + learn_buffer_len = 0;
36519 + spin_unlock(&gr_learn_lock);
36521 + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
36522 + retval = -EFAULT;
36524 + up(&gr_learn_user_sem);
36526 + set_current_state(TASK_RUNNING);
36527 + remove_wait_queue(&learn_wait, &wait);
36531 +static unsigned int
36532 +poll_learn(struct file * file, poll_table * wait)
36534 + poll_wait(file, &learn_wait, wait);
36536 + if (learn_buffer_len)
36537 + return (POLLIN | POLLRDNORM);
36543 +gr_clear_learn_entries(void)
36547 + down(&gr_learn_user_sem);
36548 + if (learn_buffer != NULL) {
36549 + spin_lock(&gr_learn_lock);
36550 + tmp = learn_buffer;
36551 + learn_buffer = NULL;
36552 + spin_unlock(&gr_learn_lock);
36553 + vfree(learn_buffer);
36555 + if (learn_buffer_user != NULL) {
36556 + vfree(learn_buffer_user);
36557 + learn_buffer_user = NULL;
36559 + learn_buffer_len = 0;
36560 + up(&gr_learn_user_sem);
36566 +gr_add_learn_entry(const char *fmt, ...)
36569 + unsigned int len;
36571 + if (!gr_learn_attached)
36574 + spin_lock(&gr_learn_lock);
36576 + /* leave a gap at the end so we know when it's "full" but don't have to
36577 + compute the exact length of the string we're trying to append
36579 + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
36580 + spin_unlock(&gr_learn_lock);
36581 + wake_up_interruptible(&learn_wait);
36584 + if (learn_buffer == NULL) {
36585 + spin_unlock(&gr_learn_lock);
36589 + va_start(args, fmt);
36590 + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
36593 + learn_buffer_len += len + 1;
36595 + spin_unlock(&gr_learn_lock);
36596 + wake_up_interruptible(&learn_wait);
36602 +open_learn(struct inode *inode, struct file *file)
36604 + if (file->f_mode & FMODE_READ && gr_learn_attached)
36606 + if (file->f_mode & FMODE_READ) {
36608 + down(&gr_learn_user_sem);
36609 + if (learn_buffer == NULL)
36610 + learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
36611 + if (learn_buffer_user == NULL)
36612 + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
36613 + if (learn_buffer == NULL) {
36614 + retval = -ENOMEM;
36617 + if (learn_buffer_user == NULL) {
36618 + retval = -ENOMEM;
36621 + learn_buffer_len = 0;
36622 + learn_buffer_user_len = 0;
36623 + gr_learn_attached = 1;
36625 + up(&gr_learn_user_sem);
36632 +close_learn(struct inode *inode, struct file *file)
36636 + if (file->f_mode & FMODE_READ) {
36637 + down(&gr_learn_user_sem);
36638 + if (learn_buffer != NULL) {
36639 + spin_lock(&gr_learn_lock);
36640 + tmp = learn_buffer;
36641 + learn_buffer = NULL;
36642 + spin_unlock(&gr_learn_lock);
36645 + if (learn_buffer_user != NULL) {
36646 + vfree(learn_buffer_user);
36647 + learn_buffer_user = NULL;
36649 + learn_buffer_len = 0;
36650 + learn_buffer_user_len = 0;
36651 + gr_learn_attached = 0;
36652 + up(&gr_learn_user_sem);
36658 +const struct file_operations grsec_fops = {
36659 + .read = read_learn,
36660 + .write = write_grsec_handler,
36661 + .open = open_learn,
36662 + .release = close_learn,
36663 + .poll = poll_learn,
36665 diff -urNp linux-2.6.32.1/grsecurity/gracl_res.c linux-2.6.32.1/grsecurity/gracl_res.c
36666 --- linux-2.6.32.1/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
36667 +++ linux-2.6.32.1/grsecurity/gracl_res.c 2009-12-14 18:33:58.961941417 -0500
36669 +#include <linux/kernel.h>
36670 +#include <linux/sched.h>
36671 +#include <linux/gracl.h>
36672 +#include <linux/grinternal.h>
36674 +static const char *restab_log[] = {
36675 + [RLIMIT_CPU] = "RLIMIT_CPU",
36676 + [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
36677 + [RLIMIT_DATA] = "RLIMIT_DATA",
36678 + [RLIMIT_STACK] = "RLIMIT_STACK",
36679 + [RLIMIT_CORE] = "RLIMIT_CORE",
36680 + [RLIMIT_RSS] = "RLIMIT_RSS",
36681 + [RLIMIT_NPROC] = "RLIMIT_NPROC",
36682 + [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
36683 + [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
36684 + [RLIMIT_AS] = "RLIMIT_AS",
36685 + [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
36686 + [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
36687 + [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
36688 + [RLIMIT_NICE] = "RLIMIT_NICE",
36689 + [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
36690 + [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
36691 + [GR_CRASH_RES] = "RLIMIT_CRASH"
36695 +gr_log_resource(const struct task_struct *task,
36696 + const int res, const unsigned long wanted, const int gt)
36698 + const struct cred *cred = __task_cred(task);
36700 + if (res == RLIMIT_NPROC &&
36701 + (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
36702 + cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
36704 + else if (res == RLIMIT_MEMLOCK &&
36705 + cap_raised(cred->cap_effective, CAP_IPC_LOCK))
36707 + else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
36710 + if (!gr_acl_is_enabled() && !grsec_resource_logging)
36713 + // not yet supported resource
36714 + if (!restab_log[res])
36717 + preempt_disable();
36719 + if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) ||
36720 + (!gt && wanted >= task->signal->rlim[res].rlim_cur)) &&
36721 + task->signal->rlim[res].rlim_cur != RLIM_INFINITY))
36722 + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur);
36723 + preempt_enable_no_resched();
36727 diff -urNp linux-2.6.32.1/grsecurity/gracl_segv.c linux-2.6.32.1/grsecurity/gracl_segv.c
36728 --- linux-2.6.32.1/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
36729 +++ linux-2.6.32.1/grsecurity/gracl_segv.c 2009-12-14 18:33:58.961941417 -0500
36731 +#include <linux/kernel.h>
36732 +#include <linux/mm.h>
36733 +#include <asm/uaccess.h>
36734 +#include <asm/errno.h>
36735 +#include <asm/mman.h>
36736 +#include <net/sock.h>
36737 +#include <linux/file.h>
36738 +#include <linux/fs.h>
36739 +#include <linux/net.h>
36740 +#include <linux/in.h>
36741 +#include <linux/smp_lock.h>
36742 +#include <linux/slab.h>
36743 +#include <linux/types.h>
36744 +#include <linux/sched.h>
36745 +#include <linux/timer.h>
36746 +#include <linux/gracl.h>
36747 +#include <linux/grsecurity.h>
36748 +#include <linux/grinternal.h>
36750 +static struct crash_uid *uid_set;
36751 +static unsigned short uid_used;
36752 +static DEFINE_SPINLOCK(gr_uid_lock);
36753 +extern rwlock_t gr_inode_lock;
36754 +extern struct acl_subject_label *
36755 + lookup_acl_subj_label(const ino_t inode, const dev_t dev,
36756 + struct acl_role_label *role);
36757 +extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t);
36760 +gr_init_uidset(void)
36763 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
36766 + return uid_set ? 1 : 0;
36770 +gr_free_uidset(void)
36779 +gr_find_uid(const uid_t uid)
36781 + struct crash_uid *tmp = uid_set;
36783 + int low = 0, high = uid_used - 1, mid;
36785 + while (high >= low) {
36786 + mid = (low + high) >> 1;
36787 + buid = tmp[mid].uid;
36799 +static __inline__ void
36800 +gr_insertsort(void)
36802 + unsigned short i, j;
36803 + struct crash_uid index;
36805 + for (i = 1; i < uid_used; i++) {
36806 + index = uid_set[i];
36808 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
36809 + uid_set[j] = uid_set[j - 1];
36812 + uid_set[j] = index;
36818 +static __inline__ void
36819 +gr_insert_uid(const uid_t uid, const unsigned long expires)
36823 + if (uid_used == GR_UIDTABLE_MAX)
36826 + loc = gr_find_uid(uid);
36829 + uid_set[loc].expires = expires;
36833 + uid_set[uid_used].uid = uid;
36834 + uid_set[uid_used].expires = expires;
36843 +gr_remove_uid(const unsigned short loc)
36845 + unsigned short i;
36847 + for (i = loc + 1; i < uid_used; i++)
36848 + uid_set[i - 1] = uid_set[i];
36856 +gr_check_crash_uid(const uid_t uid)
36861 + if (unlikely(!gr_acl_is_enabled()))
36864 + spin_lock(&gr_uid_lock);
36865 + loc = gr_find_uid(uid);
36870 + if (time_before_eq(uid_set[loc].expires, get_seconds()))
36871 + gr_remove_uid(loc);
36876 + spin_unlock(&gr_uid_lock);
36880 +static __inline__ int
36881 +proc_is_setxid(const struct cred *cred)
36883 + if (cred->uid != cred->euid || cred->uid != cred->suid ||
36884 + cred->uid != cred->fsuid)
36886 + if (cred->gid != cred->egid || cred->gid != cred->sgid ||
36887 + cred->gid != cred->fsgid)
36892 +static __inline__ int
36893 +gr_fake_force_sig(int sig, struct task_struct *t)
36895 + unsigned long int flags;
36896 + int ret, blocked, ignored;
36897 + struct k_sigaction *action;
36899 + spin_lock_irqsave(&t->sighand->siglock, flags);
36900 + action = &t->sighand->action[sig-1];
36901 + ignored = action->sa.sa_handler == SIG_IGN;
36902 + blocked = sigismember(&t->blocked, sig);
36903 + if (blocked || ignored) {
36904 + action->sa.sa_handler = SIG_DFL;
36906 + sigdelset(&t->blocked, sig);
36907 + recalc_sigpending_and_wake(t);
36910 + if (action->sa.sa_handler == SIG_DFL)
36911 + t->signal->flags &= ~SIGNAL_UNKILLABLE;
36912 + ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t);
36914 + spin_unlock_irqrestore(&t->sighand->siglock, flags);
36920 +gr_handle_crash(struct task_struct *task, const int sig)
36922 + struct acl_subject_label *curr;
36923 + struct acl_subject_label *curr2;
36924 + struct task_struct *tsk, *tsk2;
36925 + const struct cred *cred = __task_cred(task);
36926 + const struct cred *cred2;
36928 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
36931 + if (unlikely(!gr_acl_is_enabled()))
36934 + curr = task->acl;
36936 + if (!(curr->resmask & (1 << GR_CRASH_RES)))
36939 + if (time_before_eq(curr->expires, get_seconds())) {
36940 + curr->expires = 0;
36941 + curr->crashes = 0;
36946 + if (!curr->expires)
36947 + curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
36949 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
36950 + time_after(curr->expires, get_seconds())) {
36951 + if (cred->uid && proc_is_setxid(cred)) {
36952 + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
36953 + spin_lock(&gr_uid_lock);
36954 + gr_insert_uid(cred->uid, curr->expires);
36955 + spin_unlock(&gr_uid_lock);
36956 + curr->expires = 0;
36957 + curr->crashes = 0;
36958 + read_lock(&tasklist_lock);
36959 + do_each_thread(tsk2, tsk) {
36960 + cred2 = __task_cred(tsk);
36961 + if (tsk != task && cred2->uid == cred->uid)
36962 + gr_fake_force_sig(SIGKILL, tsk);
36963 + } while_each_thread(tsk2, tsk);
36964 + read_unlock(&tasklist_lock);
36966 + gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
36967 + read_lock(&tasklist_lock);
36968 + do_each_thread(tsk2, tsk) {
36969 + if (likely(tsk != task)) {
36970 + curr2 = tsk->acl;
36972 + if (curr2->device == curr->device &&
36973 + curr2->inode == curr->inode)
36974 + gr_fake_force_sig(SIGKILL, tsk);
36976 + } while_each_thread(tsk2, tsk);
36977 + read_unlock(&tasklist_lock);
36985 +gr_check_crash_exec(const struct file *filp)
36987 + struct acl_subject_label *curr;
36989 + if (unlikely(!gr_acl_is_enabled()))
36992 + read_lock(&gr_inode_lock);
36993 + curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
36994 + filp->f_path.dentry->d_inode->i_sb->s_dev,
36996 + read_unlock(&gr_inode_lock);
36998 + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
36999 + (!curr->crashes && !curr->expires))
37002 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
37003 + time_after(curr->expires, get_seconds()))
37005 + else if (time_before_eq(curr->expires, get_seconds())) {
37006 + curr->crashes = 0;
37007 + curr->expires = 0;
37014 +gr_handle_alertkill(struct task_struct *task)
37016 + struct acl_subject_label *curracl;
37018 + struct task_struct *p, *p2;
37020 + if (unlikely(!gr_acl_is_enabled()))
37023 + curracl = task->acl;
37024 + curr_ip = task->signal->curr_ip;
37026 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
37027 + read_lock(&tasklist_lock);
37028 + do_each_thread(p2, p) {
37029 + if (p->signal->curr_ip == curr_ip)
37030 + gr_fake_force_sig(SIGKILL, p);
37031 + } while_each_thread(p2, p);
37032 + read_unlock(&tasklist_lock);
37033 + } else if (curracl->mode & GR_KILLPROC)
37034 + gr_fake_force_sig(SIGKILL, task);
37038 diff -urNp linux-2.6.32.1/grsecurity/gracl_shm.c linux-2.6.32.1/grsecurity/gracl_shm.c
37039 --- linux-2.6.32.1/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
37040 +++ linux-2.6.32.1/grsecurity/gracl_shm.c 2009-12-14 18:33:58.962849385 -0500
37042 +#include <linux/kernel.h>
37043 +#include <linux/mm.h>
37044 +#include <linux/sched.h>
37045 +#include <linux/file.h>
37046 +#include <linux/ipc.h>
37047 +#include <linux/gracl.h>
37048 +#include <linux/grsecurity.h>
37049 +#include <linux/grinternal.h>
37052 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37053 + const time_t shm_createtime, const uid_t cuid, const int shmid)
37055 + struct task_struct *task;
37057 + if (!gr_acl_is_enabled())
37060 + read_lock(&tasklist_lock);
37062 + task = find_task_by_vpid(shm_cprid);
37064 + if (unlikely(!task))
37065 + task = find_task_by_vpid(shm_lapid);
37067 + if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
37068 + (task->pid == shm_lapid)) &&
37069 + (task->acl->mode & GR_PROTSHM) &&
37070 + (task->acl != current->acl))) {
37071 + read_unlock(&tasklist_lock);
37072 + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
37075 + read_unlock(&tasklist_lock);
37079 diff -urNp linux-2.6.32.1/grsecurity/grsec_chdir.c linux-2.6.32.1/grsecurity/grsec_chdir.c
37080 --- linux-2.6.32.1/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
37081 +++ linux-2.6.32.1/grsecurity/grsec_chdir.c 2009-12-14 18:33:58.962849385 -0500
37083 +#include <linux/kernel.h>
37084 +#include <linux/sched.h>
37085 +#include <linux/fs.h>
37086 +#include <linux/file.h>
37087 +#include <linux/grsecurity.h>
37088 +#include <linux/grinternal.h>
37091 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
37093 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
37094 + if ((grsec_enable_chdir && grsec_enable_group &&
37095 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
37096 + !grsec_enable_group)) {
37097 + gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
37102 diff -urNp linux-2.6.32.1/grsecurity/grsec_chroot.c linux-2.6.32.1/grsecurity/grsec_chroot.c
37103 --- linux-2.6.32.1/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
37104 +++ linux-2.6.32.1/grsecurity/grsec_chroot.c 2009-12-14 18:33:58.962849385 -0500
37106 +#include <linux/kernel.h>
37107 +#include <linux/module.h>
37108 +#include <linux/sched.h>
37109 +#include <linux/file.h>
37110 +#include <linux/fs.h>
37111 +#include <linux/mount.h>
37112 +#include <linux/types.h>
37113 +#include <linux/pid_namespace.h>
37114 +#include <linux/grsecurity.h>
37115 +#include <linux/grinternal.h>
37118 +gr_handle_chroot_unix(const pid_t pid)
37120 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
37121 + struct pid *spid = NULL;
37123 + if (unlikely(!grsec_enable_chroot_unix))
37126 + if (likely(!proc_is_chrooted(current)))
37129 + read_lock(&tasklist_lock);
37131 + spid = find_vpid(pid);
37133 + struct task_struct *p;
37134 + p = pid_task(spid, PIDTYPE_PID);
37136 + if (unlikely(!have_same_root(current, p))) {
37138 + read_unlock(&tasklist_lock);
37139 + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
37144 + read_unlock(&tasklist_lock);
37150 +gr_handle_chroot_nice(void)
37152 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
37153 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
37154 + gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
37162 +gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
37164 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
37165 + if (grsec_enable_chroot_nice && (niceval < task_nice(p))
37166 + && proc_is_chrooted(current)) {
37167 + gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
37175 +gr_handle_chroot_rawio(const struct inode *inode)
37177 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
37178 + if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
37179 + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
37186 +gr_pid_is_chrooted(struct task_struct *p)
37188 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
37189 + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL)
37193 + if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) ||
37194 + !have_same_root(current, p)) {
37203 +EXPORT_SYMBOL(gr_pid_is_chrooted);
37205 +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
37206 +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
37208 + struct dentry *dentry = (struct dentry *)u_dentry;
37209 + struct vfsmount *mnt = (struct vfsmount *)u_mnt;
37210 + struct dentry *realroot;
37211 + struct vfsmount *realrootmnt;
37212 + struct dentry *currentroot;
37213 + struct vfsmount *currentmnt;
37214 + struct task_struct *reaper = &init_task;
37217 + read_lock(&reaper->fs->lock);
37218 + realrootmnt = mntget(reaper->fs->root.mnt);
37219 + realroot = dget(reaper->fs->root.dentry);
37220 + read_unlock(&reaper->fs->lock);
37222 + read_lock(¤t->fs->lock);
37223 + currentmnt = mntget(current->fs->root.mnt);
37224 + currentroot = dget(current->fs->root.dentry);
37225 + read_unlock(¤t->fs->lock);
37227 + spin_lock(&dcache_lock);
37229 + if (unlikely((dentry == realroot && mnt == realrootmnt)
37230 + || (dentry == currentroot && mnt == currentmnt)))
37232 + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
37233 + if (mnt->mnt_parent == mnt)
37235 + dentry = mnt->mnt_mountpoint;
37236 + mnt = mnt->mnt_parent;
37239 + dentry = dentry->d_parent;
37241 + spin_unlock(&dcache_lock);
37243 + dput(currentroot);
37244 + mntput(currentmnt);
37246 + /* access is outside of chroot */
37247 + if (dentry == realroot && mnt == realrootmnt)
37251 + mntput(realrootmnt);
37257 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
37259 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
37260 + if (!grsec_enable_chroot_fchdir)
37263 + if (!proc_is_chrooted(current))
37265 + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
37266 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
37274 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37275 + const time_t shm_createtime)
37277 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
37278 + struct pid *pid = NULL;
37279 + time_t starttime;
37281 + if (unlikely(!grsec_enable_chroot_shmat))
37284 + if (likely(!proc_is_chrooted(current)))
37287 + read_lock(&tasklist_lock);
37289 + pid = find_vpid(shm_cprid);
37291 + struct task_struct *p;
37292 + p = pid_task(pid, PIDTYPE_PID);
37294 + starttime = p->start_time.tv_sec;
37295 + if (unlikely(!have_same_root(current, p) &&
37296 + time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
37298 + read_unlock(&tasklist_lock);
37299 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
37304 + pid = find_vpid(shm_lapid);
37306 + struct task_struct *p;
37307 + p = pid_task(pid, PIDTYPE_PID);
37309 + if (unlikely(!have_same_root(current, p))) {
37311 + read_unlock(&tasklist_lock);
37312 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
37319 + read_unlock(&tasklist_lock);
37325 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
37327 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
37328 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
37329 + gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
37335 +gr_handle_chroot_mknod(const struct dentry *dentry,
37336 + const struct vfsmount *mnt, const int mode)
37338 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
37339 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) &&
37340 + proc_is_chrooted(current)) {
37341 + gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
37349 +gr_handle_chroot_mount(const struct dentry *dentry,
37350 + const struct vfsmount *mnt, const char *dev_name)
37352 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
37353 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
37354 + gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
37362 +gr_handle_chroot_pivot(void)
37364 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
37365 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
37366 + gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
37374 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
37376 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
37377 + if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
37378 + !gr_is_outside_chroot(dentry, mnt)) {
37379 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
37387 +gr_handle_chroot_caps(struct path *path)
37389 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
37390 + if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
37391 + (init_task.fs->root.dentry != path->dentry) &&
37392 + (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
37394 + kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
37395 + const struct cred *old = current_cred();
37396 + struct cred *new = prepare_creds();
37400 + new->cap_permitted = cap_drop(old->cap_permitted,
37402 + new->cap_inheritable = cap_drop(old->cap_inheritable,
37404 + new->cap_effective = cap_drop(old->cap_effective,
37407 + commit_creds(new);
37416 +gr_handle_chroot_sysctl(const int op)
37418 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
37419 + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
37420 + && (op & MAY_WRITE))
37427 +gr_handle_chroot_chdir(struct path *path)
37429 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
37430 + if (grsec_enable_chroot_chdir)
37431 + set_fs_pwd(current->fs, path);
37437 +gr_handle_chroot_chmod(const struct dentry *dentry,
37438 + const struct vfsmount *mnt, const int mode)
37440 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
37441 + if (grsec_enable_chroot_chmod &&
37442 + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
37443 + proc_is_chrooted(current)) {
37444 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
37451 +#ifdef CONFIG_SECURITY
37452 +EXPORT_SYMBOL(gr_handle_chroot_caps);
37454 diff -urNp linux-2.6.32.1/grsecurity/grsec_disabled.c linux-2.6.32.1/grsecurity/grsec_disabled.c
37455 --- linux-2.6.32.1/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
37456 +++ linux-2.6.32.1/grsecurity/grsec_disabled.c 2009-12-14 18:33:58.962849385 -0500
37458 +#include <linux/kernel.h>
37459 +#include <linux/module.h>
37460 +#include <linux/sched.h>
37461 +#include <linux/file.h>
37462 +#include <linux/fs.h>
37463 +#include <linux/kdev_t.h>
37464 +#include <linux/net.h>
37465 +#include <linux/in.h>
37466 +#include <linux/ip.h>
37467 +#include <linux/skbuff.h>
37468 +#include <linux/sysctl.h>
37470 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
37472 +pax_set_initial_flags(struct linux_binprm *bprm)
37478 +#ifdef CONFIG_SYSCTL
37480 +gr_handle_sysctl(const struct ctl_table * table, const int op)
37486 +#ifdef CONFIG_TASKSTATS
37487 +int gr_is_taskstats_denied(int pid)
37494 +gr_acl_is_enabled(void)
37500 +gr_handle_rawio(const struct inode *inode)
37506 +gr_acl_handle_psacct(struct task_struct *task, const long code)
37512 +gr_handle_ptrace(struct task_struct *task, const long request)
37518 +gr_handle_proc_ptrace(struct task_struct *task)
37524 +gr_learn_resource(const struct task_struct *task,
37525 + const int res, const unsigned long wanted, const int gt)
37531 +gr_set_acls(const int type)
37537 +gr_check_hidden_task(const struct task_struct *tsk)
37543 +gr_check_protected_task(const struct task_struct *task)
37549 +gr_copy_label(struct task_struct *tsk)
37555 +gr_set_pax_flags(struct task_struct *task)
37561 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
37562 + const int unsafe_share)
37568 +gr_handle_delete(const ino_t ino, const dev_t dev)
37574 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
37580 +gr_handle_crash(struct task_struct *task, const int sig)
37586 +gr_check_crash_exec(const struct file *filp)
37592 +gr_check_crash_uid(const uid_t uid)
37598 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
37599 + struct dentry *old_dentry,
37600 + struct dentry *new_dentry,
37601 + struct vfsmount *mnt, const __u8 replace)
37607 +gr_search_socket(const int family, const int type, const int protocol)
37613 +gr_search_connectbind(const int mode, const struct socket *sock,
37614 + const struct sockaddr_in *addr)
37620 +gr_is_capable(const int cap)
37626 +gr_is_capable_nolog(const int cap)
37632 +gr_handle_alertkill(struct task_struct *task)
37638 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
37644 +gr_acl_handle_hidden_file(const struct dentry * dentry,
37645 + const struct vfsmount * mnt)
37651 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
37658 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
37664 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
37670 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
37671 + unsigned int *vm_flags)
37677 +gr_acl_handle_truncate(const struct dentry * dentry,
37678 + const struct vfsmount * mnt)
37684 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
37690 +gr_acl_handle_access(const struct dentry * dentry,
37691 + const struct vfsmount * mnt, const int fmode)
37697 +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
37704 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
37711 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
37717 +grsecurity_init(void)
37723 +gr_acl_handle_mknod(const struct dentry * new_dentry,
37724 + const struct dentry * parent_dentry,
37725 + const struct vfsmount * parent_mnt,
37732 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
37733 + const struct dentry * parent_dentry,
37734 + const struct vfsmount * parent_mnt)
37740 +gr_acl_handle_symlink(const struct dentry * new_dentry,
37741 + const struct dentry * parent_dentry,
37742 + const struct vfsmount * parent_mnt, const char *from)
37748 +gr_acl_handle_link(const struct dentry * new_dentry,
37749 + const struct dentry * parent_dentry,
37750 + const struct vfsmount * parent_mnt,
37751 + const struct dentry * old_dentry,
37752 + const struct vfsmount * old_mnt, const char *to)
37758 +gr_acl_handle_rename(const struct dentry *new_dentry,
37759 + const struct dentry *parent_dentry,
37760 + const struct vfsmount *parent_mnt,
37761 + const struct dentry *old_dentry,
37762 + const struct inode *old_parent_inode,
37763 + const struct vfsmount *old_mnt, const char *newname)
37769 +gr_acl_handle_filldir(const struct file *file, const char *name,
37770 + const int namelen, const ino_t ino)
37776 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
37777 + const time_t shm_createtime, const uid_t cuid, const int shmid)
37783 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
37789 +gr_search_accept(const struct socket *sock)
37795 +gr_search_listen(const struct socket *sock)
37801 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
37807 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
37813 +gr_acl_handle_creat(const struct dentry * dentry,
37814 + const struct dentry * p_dentry,
37815 + const struct vfsmount * p_mnt, const int fmode,
37822 +gr_acl_handle_exit(void)
37828 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
37834 +gr_set_role_label(const uid_t uid, const gid_t gid)
37840 +gr_acl_handle_procpidmem(const struct task_struct *task)
37846 +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
37852 +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
37858 +gr_set_kernel_label(struct task_struct *task)
37864 +gr_check_user_change(int real, int effective, int fs)
37870 +gr_check_group_change(int real, int effective, int fs)
37876 +EXPORT_SYMBOL(gr_is_capable);
37877 +EXPORT_SYMBOL(gr_is_capable_nolog);
37878 +EXPORT_SYMBOL(gr_learn_resource);
37879 +EXPORT_SYMBOL(gr_set_kernel_label);
37880 +#ifdef CONFIG_SECURITY
37881 +EXPORT_SYMBOL(gr_check_user_change);
37882 +EXPORT_SYMBOL(gr_check_group_change);
37884 diff -urNp linux-2.6.32.1/grsecurity/grsec_exec.c linux-2.6.32.1/grsecurity/grsec_exec.c
37885 --- linux-2.6.32.1/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
37886 +++ linux-2.6.32.1/grsecurity/grsec_exec.c 2009-12-14 18:33:58.962849385 -0500
37888 +#include <linux/kernel.h>
37889 +#include <linux/sched.h>
37890 +#include <linux/file.h>
37891 +#include <linux/binfmts.h>
37892 +#include <linux/smp_lock.h>
37893 +#include <linux/fs.h>
37894 +#include <linux/types.h>
37895 +#include <linux/grdefs.h>
37896 +#include <linux/grinternal.h>
37897 +#include <linux/capability.h>
37899 +#include <asm/uaccess.h>
37901 +#ifdef CONFIG_GRKERNSEC_EXECLOG
37902 +static char gr_exec_arg_buf[132];
37903 +static DECLARE_MUTEX(gr_exec_arg_sem);
37907 +gr_handle_nproc(void)
37909 +#ifdef CONFIG_GRKERNSEC_EXECVE
37910 + const struct cred *cred = current_cred();
37911 + if (grsec_enable_execve && cred->user &&
37912 + (atomic_read(&cred->user->processes) >
37913 + current->signal->rlim[RLIMIT_NPROC].rlim_cur) &&
37914 + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
37915 + gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
37923 +gr_handle_exec_args(struct linux_binprm *bprm, const char __user *__user *argv)
37925 +#ifdef CONFIG_GRKERNSEC_EXECLOG
37926 + char *grarg = gr_exec_arg_buf;
37927 + unsigned int i, x, execlen = 0;
37930 + if (!((grsec_enable_execlog && grsec_enable_group &&
37931 + in_group_p(grsec_audit_gid))
37932 + || (grsec_enable_execlog && !grsec_enable_group)))
37935 + down(&gr_exec_arg_sem);
37936 + memset(grarg, 0, sizeof(gr_exec_arg_buf));
37938 + if (unlikely(argv == NULL))
37941 + for (i = 0; i < bprm->argc && execlen < 128; i++) {
37942 + const char __user *p;
37943 + unsigned int len;
37945 + if (copy_from_user(&p, argv + i, sizeof(p)))
37949 + len = strnlen_user(p, 128 - execlen);
37950 + if (len > 128 - execlen)
37951 + len = 128 - execlen;
37952 + else if (len > 0)
37954 + if (copy_from_user(grarg + execlen, p, len))
37957 + /* rewrite unprintable characters */
37958 + for (x = 0; x < len; x++) {
37959 + c = *(grarg + execlen + x);
37960 + if (c < 32 || c > 126)
37961 + *(grarg + execlen + x) = ' ';
37965 + *(grarg + execlen) = ' ';
37966 + *(grarg + execlen + 1) = '\0';
37971 + gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
37972 + bprm->file->f_path.mnt, grarg);
37973 + up(&gr_exec_arg_sem);
37977 diff -urNp linux-2.6.32.1/grsecurity/grsec_fifo.c linux-2.6.32.1/grsecurity/grsec_fifo.c
37978 --- linux-2.6.32.1/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
37979 +++ linux-2.6.32.1/grsecurity/grsec_fifo.c 2009-12-14 18:33:58.962849385 -0500
37981 +#include <linux/kernel.h>
37982 +#include <linux/sched.h>
37983 +#include <linux/fs.h>
37984 +#include <linux/file.h>
37985 +#include <linux/grinternal.h>
37988 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
37989 + const struct dentry *dir, const int flag, const int acc_mode)
37991 +#ifdef CONFIG_GRKERNSEC_FIFO
37992 + const struct cred *cred = current_cred();
37994 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
37995 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
37996 + (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
37997 + (cred->fsuid != dentry->d_inode->i_uid)) {
37998 + if (!generic_permission(dentry->d_inode, acc_mode, NULL))
37999 + gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
38005 diff -urNp linux-2.6.32.1/grsecurity/grsec_fork.c linux-2.6.32.1/grsecurity/grsec_fork.c
38006 --- linux-2.6.32.1/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
38007 +++ linux-2.6.32.1/grsecurity/grsec_fork.c 2009-12-14 18:33:58.962849385 -0500
38009 +#include <linux/kernel.h>
38010 +#include <linux/sched.h>
38011 +#include <linux/grsecurity.h>
38012 +#include <linux/grinternal.h>
38013 +#include <linux/errno.h>
38016 +gr_log_forkfail(const int retval)
38018 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
38019 + if (grsec_enable_forkfail && retval != -ERESTARTNOINTR)
38020 + gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval);
38024 diff -urNp linux-2.6.32.1/grsecurity/grsec_init.c linux-2.6.32.1/grsecurity/grsec_init.c
38025 --- linux-2.6.32.1/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
38026 +++ linux-2.6.32.1/grsecurity/grsec_init.c 2009-12-14 18:33:58.963935544 -0500
38028 +#include <linux/kernel.h>
38029 +#include <linux/sched.h>
38030 +#include <linux/mm.h>
38031 +#include <linux/smp_lock.h>
38032 +#include <linux/gracl.h>
38033 +#include <linux/slab.h>
38034 +#include <linux/vmalloc.h>
38035 +#include <linux/percpu.h>
38037 +int grsec_enable_link;
38038 +int grsec_enable_dmesg;
38039 +int grsec_enable_harden_ptrace;
38040 +int grsec_enable_fifo;
38041 +int grsec_enable_execve;
38042 +int grsec_enable_execlog;
38043 +int grsec_enable_signal;
38044 +int grsec_enable_forkfail;
38045 +int grsec_enable_time;
38046 +int grsec_enable_audit_textrel;
38047 +int grsec_enable_group;
38048 +int grsec_audit_gid;
38049 +int grsec_enable_chdir;
38050 +int grsec_enable_mount;
38051 +int grsec_enable_rofs;
38052 +int grsec_enable_chroot_findtask;
38053 +int grsec_enable_chroot_mount;
38054 +int grsec_enable_chroot_shmat;
38055 +int grsec_enable_chroot_fchdir;
38056 +int grsec_enable_chroot_double;
38057 +int grsec_enable_chroot_pivot;
38058 +int grsec_enable_chroot_chdir;
38059 +int grsec_enable_chroot_chmod;
38060 +int grsec_enable_chroot_mknod;
38061 +int grsec_enable_chroot_nice;
38062 +int grsec_enable_chroot_execlog;
38063 +int grsec_enable_chroot_caps;
38064 +int grsec_enable_chroot_sysctl;
38065 +int grsec_enable_chroot_unix;
38066 +int grsec_enable_tpe;
38067 +int grsec_tpe_gid;
38068 +int grsec_enable_tpe_all;
38069 +int grsec_enable_socket_all;
38070 +int grsec_socket_all_gid;
38071 +int grsec_enable_socket_client;
38072 +int grsec_socket_client_gid;
38073 +int grsec_enable_socket_server;
38074 +int grsec_socket_server_gid;
38075 +int grsec_resource_logging;
38078 +DEFINE_SPINLOCK(grsec_alert_lock);
38079 +unsigned long grsec_alert_wtime = 0;
38080 +unsigned long grsec_alert_fyet = 0;
38082 +DEFINE_SPINLOCK(grsec_audit_lock);
38084 +DEFINE_RWLOCK(grsec_exec_file_lock);
38086 +char *gr_shared_page[4];
38088 +char *gr_alert_log_fmt;
38089 +char *gr_audit_log_fmt;
38090 +char *gr_alert_log_buf;
38091 +char *gr_audit_log_buf;
38093 +extern struct gr_arg *gr_usermode;
38094 +extern unsigned char *gr_system_salt;
38095 +extern unsigned char *gr_system_sum;
38098 +grsecurity_init(void)
38101 + /* create the per-cpu shared pages */
38104 + memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
38107 + for (j = 0; j < 4; j++) {
38108 + gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(unsigned long long));
38109 + if (gr_shared_page[j] == NULL) {
38110 + panic("Unable to allocate grsecurity shared page");
38115 + /* allocate log buffers */
38116 + gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
38117 + if (!gr_alert_log_fmt) {
38118 + panic("Unable to allocate grsecurity alert log format buffer");
38121 + gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
38122 + if (!gr_audit_log_fmt) {
38123 + panic("Unable to allocate grsecurity audit log format buffer");
38126 + gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
38127 + if (!gr_alert_log_buf) {
38128 + panic("Unable to allocate grsecurity alert log buffer");
38131 + gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
38132 + if (!gr_audit_log_buf) {
38133 + panic("Unable to allocate grsecurity audit log buffer");
38137 + /* allocate memory for authentication structure */
38138 + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
38139 + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
38140 + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
38142 + if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
38143 + panic("Unable to allocate grsecurity authentication structure");
38147 +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
38148 +#ifndef CONFIG_GRKERNSEC_SYSCTL
38151 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
38152 + grsec_enable_audit_textrel = 1;
38154 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
38155 + grsec_enable_group = 1;
38156 + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
38158 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
38159 + grsec_enable_chdir = 1;
38161 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
38162 + grsec_enable_harden_ptrace = 1;
38164 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38165 + grsec_enable_mount = 1;
38167 +#ifdef CONFIG_GRKERNSEC_LINK
38168 + grsec_enable_link = 1;
38170 +#ifdef CONFIG_GRKERNSEC_DMESG
38171 + grsec_enable_dmesg = 1;
38173 +#ifdef CONFIG_GRKERNSEC_FIFO
38174 + grsec_enable_fifo = 1;
38176 +#ifdef CONFIG_GRKERNSEC_EXECVE
38177 + grsec_enable_execve = 1;
38179 +#ifdef CONFIG_GRKERNSEC_EXECLOG
38180 + grsec_enable_execlog = 1;
38182 +#ifdef CONFIG_GRKERNSEC_SIGNAL
38183 + grsec_enable_signal = 1;
38185 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
38186 + grsec_enable_forkfail = 1;
38188 +#ifdef CONFIG_GRKERNSEC_TIME
38189 + grsec_enable_time = 1;
38191 +#ifdef CONFIG_GRKERNSEC_RESLOG
38192 + grsec_resource_logging = 1;
38194 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
38195 + grsec_enable_chroot_findtask = 1;
38197 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
38198 + grsec_enable_chroot_unix = 1;
38200 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
38201 + grsec_enable_chroot_mount = 1;
38203 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
38204 + grsec_enable_chroot_fchdir = 1;
38206 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
38207 + grsec_enable_chroot_shmat = 1;
38209 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
38210 + grsec_enable_chroot_double = 1;
38212 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
38213 + grsec_enable_chroot_pivot = 1;
38215 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
38216 + grsec_enable_chroot_chdir = 1;
38218 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
38219 + grsec_enable_chroot_chmod = 1;
38221 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
38222 + grsec_enable_chroot_mknod = 1;
38224 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
38225 + grsec_enable_chroot_nice = 1;
38227 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
38228 + grsec_enable_chroot_execlog = 1;
38230 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
38231 + grsec_enable_chroot_caps = 1;
38233 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
38234 + grsec_enable_chroot_sysctl = 1;
38236 +#ifdef CONFIG_GRKERNSEC_TPE
38237 + grsec_enable_tpe = 1;
38238 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
38239 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
38240 + grsec_enable_tpe_all = 1;
38243 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
38244 + grsec_enable_socket_all = 1;
38245 + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
38247 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
38248 + grsec_enable_socket_client = 1;
38249 + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
38251 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
38252 + grsec_enable_socket_server = 1;
38253 + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
38259 diff -urNp linux-2.6.32.1/grsecurity/grsec_link.c linux-2.6.32.1/grsecurity/grsec_link.c
38260 --- linux-2.6.32.1/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
38261 +++ linux-2.6.32.1/grsecurity/grsec_link.c 2009-12-14 18:33:58.963935544 -0500
38263 +#include <linux/kernel.h>
38264 +#include <linux/sched.h>
38265 +#include <linux/fs.h>
38266 +#include <linux/file.h>
38267 +#include <linux/grinternal.h>
38270 +gr_handle_follow_link(const struct inode *parent,
38271 + const struct inode *inode,
38272 + const struct dentry *dentry, const struct vfsmount *mnt)
38274 +#ifdef CONFIG_GRKERNSEC_LINK
38275 + const struct cred *cred = current_cred();
38277 + if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
38278 + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
38279 + (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) {
38280 + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid);
38288 +gr_handle_hardlink(const struct dentry *dentry,
38289 + const struct vfsmount *mnt,
38290 + struct inode *inode, const int mode, const char *to)
38292 +#ifdef CONFIG_GRKERNSEC_LINK
38293 + const struct cred *cred = current_cred();
38295 + if (grsec_enable_link && cred->fsuid != inode->i_uid &&
38296 + (!S_ISREG(mode) || (mode & S_ISUID) ||
38297 + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
38298 + (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) &&
38299 + !capable(CAP_FOWNER) && cred->uid) {
38300 + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
38306 diff -urNp linux-2.6.32.1/grsecurity/grsec_log.c linux-2.6.32.1/grsecurity/grsec_log.c
38307 --- linux-2.6.32.1/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
38308 +++ linux-2.6.32.1/grsecurity/grsec_log.c 2009-12-14 18:33:58.963935544 -0500
38310 +#include <linux/kernel.h>
38311 +#include <linux/sched.h>
38312 +#include <linux/file.h>
38313 +#include <linux/tty.h>
38314 +#include <linux/fs.h>
38315 +#include <linux/grinternal.h>
38317 +#define BEGIN_LOCKS(x) \
38318 + read_lock(&tasklist_lock); \
38319 + read_lock(&grsec_exec_file_lock); \
38320 + if (x != GR_DO_AUDIT) \
38321 + spin_lock(&grsec_alert_lock); \
38323 + spin_lock(&grsec_audit_lock)
38325 +#define END_LOCKS(x) \
38326 + if (x != GR_DO_AUDIT) \
38327 + spin_unlock(&grsec_alert_lock); \
38329 + spin_unlock(&grsec_audit_lock); \
38330 + read_unlock(&grsec_exec_file_lock); \
38331 + read_unlock(&tasklist_lock); \
38332 + if (x == GR_DONT_AUDIT) \
38333 + gr_handle_alertkill(current)
38340 +extern char *gr_alert_log_fmt;
38341 +extern char *gr_audit_log_fmt;
38342 +extern char *gr_alert_log_buf;
38343 +extern char *gr_audit_log_buf;
38345 +static int gr_log_start(int audit)
38347 + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
38348 + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
38349 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38351 + if (audit == GR_DO_AUDIT)
38354 + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
38355 + grsec_alert_wtime = jiffies;
38356 + grsec_alert_fyet = 0;
38357 + } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
38358 + grsec_alert_fyet++;
38359 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
38360 + grsec_alert_wtime = jiffies;
38361 + grsec_alert_fyet++;
38362 + printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
38364 + } else return FLOODING;
38367 + memset(buf, 0, PAGE_SIZE);
38368 + if (current->signal->curr_ip && gr_acl_is_enabled()) {
38369 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
38370 + snprintf(buf, PAGE_SIZE - 1, fmt, ¤t->signal->curr_ip, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
38371 + } else if (current->signal->curr_ip) {
38372 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: ");
38373 + snprintf(buf, PAGE_SIZE - 1, fmt, ¤t->signal->curr_ip);
38374 + } else if (gr_acl_is_enabled()) {
38375 + sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
38376 + snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
38378 + sprintf(fmt, "%s%s", loglevel, "grsec: ");
38379 + strcpy(buf, fmt);
38382 + return NO_FLOODING;
38385 +static void gr_log_middle(int audit, const char *msg, va_list ap)
38386 + __attribute__ ((format (printf, 2, 0)));
38388 +static void gr_log_middle(int audit, const char *msg, va_list ap)
38390 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38391 + unsigned int len = strlen(buf);
38393 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
38398 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
38399 + __attribute__ ((format (printf, 2, 3)));
38401 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
38403 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38404 + unsigned int len = strlen(buf);
38407 + va_start(ap, msg);
38408 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
38414 +static void gr_log_end(int audit)
38416 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
38417 + unsigned int len = strlen(buf);
38419 + snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->parent)));
38420 + printk("%s\n", buf);
38425 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
38428 + char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
38429 + char *str1, *str2, *str3;
38432 + unsigned long ulong1, ulong2;
38433 + struct dentry *dentry;
38434 + struct vfsmount *mnt;
38435 + struct file *file;
38436 + struct task_struct *task;
38437 + const struct cred *cred, *pcred;
38440 + BEGIN_LOCKS(audit);
38441 + logtype = gr_log_start(audit);
38442 + if (logtype == FLOODING) {
38443 + END_LOCKS(audit);
38446 + va_start(ap, argtypes);
38447 + switch (argtypes) {
38448 + case GR_TTYSNIFF:
38449 + task = va_arg(ap, struct task_struct *);
38450 + gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid);
38452 + case GR_SYSCTL_HIDDEN:
38453 + str1 = va_arg(ap, char *);
38454 + gr_log_middle_varargs(audit, msg, result, str1);
38457 + dentry = va_arg(ap, struct dentry *);
38458 + mnt = va_arg(ap, struct vfsmount *);
38459 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
38461 + case GR_RBAC_STR:
38462 + dentry = va_arg(ap, struct dentry *);
38463 + mnt = va_arg(ap, struct vfsmount *);
38464 + str1 = va_arg(ap, char *);
38465 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
38467 + case GR_STR_RBAC:
38468 + str1 = va_arg(ap, char *);
38469 + dentry = va_arg(ap, struct dentry *);
38470 + mnt = va_arg(ap, struct vfsmount *);
38471 + gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
38473 + case GR_RBAC_MODE2:
38474 + dentry = va_arg(ap, struct dentry *);
38475 + mnt = va_arg(ap, struct vfsmount *);
38476 + str1 = va_arg(ap, char *);
38477 + str2 = va_arg(ap, char *);
38478 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
38480 + case GR_RBAC_MODE3:
38481 + dentry = va_arg(ap, struct dentry *);
38482 + mnt = va_arg(ap, struct vfsmount *);
38483 + str1 = va_arg(ap, char *);
38484 + str2 = va_arg(ap, char *);
38485 + str3 = va_arg(ap, char *);
38486 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
38488 + case GR_FILENAME:
38489 + dentry = va_arg(ap, struct dentry *);
38490 + mnt = va_arg(ap, struct vfsmount *);
38491 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
38493 + case GR_STR_FILENAME:
38494 + str1 = va_arg(ap, char *);
38495 + dentry = va_arg(ap, struct dentry *);
38496 + mnt = va_arg(ap, struct vfsmount *);
38497 + gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
38499 + case GR_FILENAME_STR:
38500 + dentry = va_arg(ap, struct dentry *);
38501 + mnt = va_arg(ap, struct vfsmount *);
38502 + str1 = va_arg(ap, char *);
38503 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
38505 + case GR_FILENAME_TWO_INT:
38506 + dentry = va_arg(ap, struct dentry *);
38507 + mnt = va_arg(ap, struct vfsmount *);
38508 + num1 = va_arg(ap, int);
38509 + num2 = va_arg(ap, int);
38510 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
38512 + case GR_FILENAME_TWO_INT_STR:
38513 + dentry = va_arg(ap, struct dentry *);
38514 + mnt = va_arg(ap, struct vfsmount *);
38515 + num1 = va_arg(ap, int);
38516 + num2 = va_arg(ap, int);
38517 + str1 = va_arg(ap, char *);
38518 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
38521 + file = va_arg(ap, struct file *);
38522 + ulong1 = va_arg(ap, unsigned long);
38523 + ulong2 = va_arg(ap, unsigned long);
38524 + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
38527 + task = va_arg(ap, struct task_struct *);
38528 + gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid);
38530 + case GR_RESOURCE:
38531 + task = va_arg(ap, struct task_struct *);
38532 + cred = __task_cred(task);
38533 + pcred = __task_cred(task->parent);
38534 + ulong1 = va_arg(ap, unsigned long);
38535 + str1 = va_arg(ap, char *);
38536 + ulong2 = va_arg(ap, unsigned long);
38537 + gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38540 + task = va_arg(ap, struct task_struct *);
38541 + cred = __task_cred(task);
38542 + pcred = __task_cred(task->parent);
38543 + str1 = va_arg(ap, char *);
38544 + gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38547 + str1 = va_arg(ap, char *);
38548 + voidptr = va_arg(ap, void *);
38549 + gr_log_middle_varargs(audit, msg, str1, voidptr);
38552 + task = va_arg(ap, struct task_struct *);
38553 + cred = __task_cred(task);
38554 + pcred = __task_cred(task->parent);
38555 + num1 = va_arg(ap, int);
38556 + gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38559 + task = va_arg(ap, struct task_struct *);
38560 + cred = __task_cred(task);
38561 + pcred = __task_cred(task->parent);
38562 + ulong1 = va_arg(ap, unsigned long);
38563 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1);
38566 + task = va_arg(ap, struct task_struct *);
38567 + cred = __task_cred(task);
38568 + pcred = __task_cred(task->parent);
38569 + ulong1 = va_arg(ap, unsigned long);
38570 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1);
38574 + unsigned int wday, cday;
38578 + char cur_tty[64] = { 0 };
38579 + char parent_tty[64] = { 0 };
38581 + task = va_arg(ap, struct task_struct *);
38582 + wday = va_arg(ap, unsigned int);
38583 + cday = va_arg(ap, unsigned int);
38584 + whr = va_arg(ap, int);
38585 + chr = va_arg(ap, int);
38586 + wmin = va_arg(ap, int);
38587 + cmin = va_arg(ap, int);
38588 + wsec = va_arg(ap, int);
38589 + csec = va_arg(ap, int);
38590 + ulong1 = va_arg(ap, unsigned long);
38591 + cred = __task_cred(task);
38592 + pcred = __task_cred(task->parent);
38594 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, &task->parent->signal->curr_ip, tty_name(task->parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid);
38598 + gr_log_middle(audit, msg, ap);
38601 + gr_log_end(audit);
38602 + END_LOCKS(audit);
38604 diff -urNp linux-2.6.32.1/grsecurity/grsec_mem.c linux-2.6.32.1/grsecurity/grsec_mem.c
38605 --- linux-2.6.32.1/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
38606 +++ linux-2.6.32.1/grsecurity/grsec_mem.c 2009-12-14 18:33:58.963935544 -0500
38608 +#include <linux/kernel.h>
38609 +#include <linux/sched.h>
38610 +#include <linux/mm.h>
38611 +#include <linux/mman.h>
38612 +#include <linux/grinternal.h>
38615 +gr_handle_ioperm(void)
38617 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
38622 +gr_handle_iopl(void)
38624 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
38629 +gr_handle_mem_write(void)
38631 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG);
38636 +gr_handle_kmem_write(void)
38638 + gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG);
38643 +gr_handle_open_port(void)
38645 + gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG);
38650 +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
38652 + unsigned long start, end;
38655 + end = start + vma->vm_end - vma->vm_start;
38657 + if (start > end) {
38658 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
38662 + /* allowed ranges : ISA I/O BIOS */
38663 + if ((start >= __pa(high_memory))
38664 +#if defined(CONFIG_X86) || defined(CONFIG_PPC)
38665 + || (start >= 0x000a0000 && end <= 0x00100000)
38666 + || (start >= 0x00000000 && end <= 0x00001000)
38671 + if (vma->vm_flags & VM_WRITE) {
38672 + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
38675 + vma->vm_flags &= ~VM_MAYWRITE;
38681 +gr_log_nonroot_mod_load(const char *modname)
38683 + gr_log_str(GR_DONT_AUDIT, GR_NONROOT_MODLOAD_MSG, modname);
38688 +gr_handle_vm86(void)
38690 + gr_log_noargs(GR_DONT_AUDIT, GR_VM86_MSG);
38693 diff -urNp linux-2.6.32.1/grsecurity/grsec_mount.c linux-2.6.32.1/grsecurity/grsec_mount.c
38694 --- linux-2.6.32.1/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
38695 +++ linux-2.6.32.1/grsecurity/grsec_mount.c 2009-12-14 18:33:58.963935544 -0500
38697 +#include <linux/kernel.h>
38698 +#include <linux/sched.h>
38699 +#include <linux/mount.h>
38700 +#include <linux/grsecurity.h>
38701 +#include <linux/grinternal.h>
38704 +gr_log_remount(const char *devname, const int retval)
38706 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38707 + if (grsec_enable_mount && (retval >= 0))
38708 + gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
38714 +gr_log_unmount(const char *devname, const int retval)
38716 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38717 + if (grsec_enable_mount && (retval >= 0))
38718 + gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
38724 +gr_log_mount(const char *from, const char *to, const int retval)
38726 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
38727 + if (grsec_enable_mount && (retval >= 0))
38728 + gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
38734 +gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags)
38736 +#ifdef CONFIG_GRKERNSEC_ROFS
38737 + if (grsec_enable_rofs && !(mnt_flags & MNT_READONLY)) {
38738 + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_MOUNT_MSG, dentry, mnt);
38747 +gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode)
38749 +#ifdef CONFIG_GRKERNSEC_ROFS
38750 + if (grsec_enable_rofs && (acc_mode & MAY_WRITE) &&
38751 + dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) {
38752 + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt);
38759 diff -urNp linux-2.6.32.1/grsecurity/grsec_sig.c linux-2.6.32.1/grsecurity/grsec_sig.c
38760 --- linux-2.6.32.1/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
38761 +++ linux-2.6.32.1/grsecurity/grsec_sig.c 2009-12-14 18:33:58.963935544 -0500
38763 +#include <linux/kernel.h>
38764 +#include <linux/sched.h>
38765 +#include <linux/delay.h>
38766 +#include <linux/grsecurity.h>
38767 +#include <linux/grinternal.h>
38769 +char *signames[] = {
38770 + [SIGSEGV] = "Segmentation fault",
38771 + [SIGILL] = "Illegal instruction",
38772 + [SIGABRT] = "Abort",
38773 + [SIGBUS] = "Invalid alignment/Bus error"
38777 +gr_log_signal(const int sig, const void *addr, const struct task_struct *t)
38779 +#ifdef CONFIG_GRKERNSEC_SIGNAL
38780 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
38781 + (sig == SIGABRT) || (sig == SIGBUS))) {
38782 + if (t->pid == current->pid) {
38783 + gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr);
38785 + gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
38793 +gr_handle_signal(const struct task_struct *p, const int sig)
38795 +#ifdef CONFIG_GRKERNSEC
38796 + if (current->pid > 1 && gr_check_protected_task(p)) {
38797 + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
38799 + } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
38806 +void gr_handle_brute_attach(struct task_struct *p)
38808 +#ifdef CONFIG_GRKERNSEC_BRUTE
38809 + read_lock(&tasklist_lock);
38810 + read_lock(&grsec_exec_file_lock);
38811 + if (p->parent && p->parent->exec_file == p->exec_file)
38812 + p->parent->brute = 1;
38813 + read_unlock(&grsec_exec_file_lock);
38814 + read_unlock(&tasklist_lock);
38819 +void gr_handle_brute_check(void)
38821 +#ifdef CONFIG_GRKERNSEC_BRUTE
38822 + if (current->brute)
38823 + msleep(30 * 1000);
38828 diff -urNp linux-2.6.32.1/grsecurity/grsec_sock.c linux-2.6.32.1/grsecurity/grsec_sock.c
38829 --- linux-2.6.32.1/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
38830 +++ linux-2.6.32.1/grsecurity/grsec_sock.c 2009-12-14 18:33:58.964938626 -0500
38832 +#include <linux/kernel.h>
38833 +#include <linux/module.h>
38834 +#include <linux/sched.h>
38835 +#include <linux/file.h>
38836 +#include <linux/net.h>
38837 +#include <linux/in.h>
38838 +#include <linux/ip.h>
38839 +#include <net/sock.h>
38840 +#include <net/inet_sock.h>
38841 +#include <linux/grsecurity.h>
38842 +#include <linux/grinternal.h>
38843 +#include <linux/gracl.h>
38845 +kernel_cap_t gr_cap_rtnetlink(struct sock *sock);
38846 +EXPORT_SYMBOL(gr_cap_rtnetlink);
38848 +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
38849 +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
38851 +EXPORT_SYMBOL(gr_search_udp_recvmsg);
38852 +EXPORT_SYMBOL(gr_search_udp_sendmsg);
38854 +#ifdef CONFIG_UNIX_MODULE
38855 +EXPORT_SYMBOL(gr_acl_handle_unix);
38856 +EXPORT_SYMBOL(gr_acl_handle_mknod);
38857 +EXPORT_SYMBOL(gr_handle_chroot_unix);
38858 +EXPORT_SYMBOL(gr_handle_create);
38861 +#ifdef CONFIG_GRKERNSEC
38862 +#define gr_conn_table_size 32749
38863 +struct conn_table_entry {
38864 + struct conn_table_entry *next;
38865 + struct signal_struct *sig;
38868 +struct conn_table_entry *gr_conn_table[gr_conn_table_size];
38869 +DEFINE_SPINLOCK(gr_conn_table_lock);
38871 +extern const char * gr_socktype_to_name(unsigned char type);
38872 +extern const char * gr_proto_to_name(unsigned char proto);
38874 +static __inline__ int
38875 +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
38877 + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
38880 +static __inline__ int
38881 +conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr,
38882 + __u16 sport, __u16 dport)
38884 + if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr &&
38885 + sig->gr_sport == sport && sig->gr_dport == dport))
38891 +static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent)
38893 + struct conn_table_entry **match;
38894 + unsigned int index;
38896 + index = conn_hash(sig->gr_saddr, sig->gr_daddr,
38897 + sig->gr_sport, sig->gr_dport,
38898 + gr_conn_table_size);
38900 + newent->sig = sig;
38902 + match = &gr_conn_table[index];
38903 + newent->next = *match;
38909 +static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig)
38911 + struct conn_table_entry *match, *last = NULL;
38912 + unsigned int index;
38914 + index = conn_hash(sig->gr_saddr, sig->gr_daddr,
38915 + sig->gr_sport, sig->gr_dport,
38916 + gr_conn_table_size);
38918 + match = gr_conn_table[index];
38919 + while (match && !conn_match(match->sig,
38920 + sig->gr_saddr, sig->gr_daddr, sig->gr_sport,
38921 + sig->gr_dport)) {
38923 + match = match->next;
38928 + last->next = match->next;
38930 + gr_conn_table[index] = NULL;
38937 +static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
38938 + __u16 sport, __u16 dport)
38940 + struct conn_table_entry *match;
38941 + unsigned int index;
38943 + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
38945 + match = gr_conn_table[index];
38946 + while (match && !conn_match(match->sig, saddr, daddr, sport, dport))
38947 + match = match->next;
38950 + return match->sig;
38957 +void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
38959 +#ifdef CONFIG_GRKERNSEC
38960 + struct signal_struct *sig = task->signal;
38961 + struct conn_table_entry *newent;
38963 + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
38964 + if (newent == NULL)
38966 + /* no bh lock needed since we are called with bh disabled */
38967 + spin_lock(&gr_conn_table_lock);
38968 + gr_del_task_from_ip_table_nolock(sig);
38969 + sig->gr_saddr = inet->rcv_saddr;
38970 + sig->gr_daddr = inet->daddr;
38971 + sig->gr_sport = inet->sport;
38972 + sig->gr_dport = inet->dport;
38973 + gr_add_to_task_ip_table_nolock(sig, newent);
38974 + spin_unlock(&gr_conn_table_lock);
38979 +void gr_del_task_from_ip_table(struct task_struct *task)
38981 +#ifdef CONFIG_GRKERNSEC
38982 + spin_lock_bh(&gr_conn_table_lock);
38983 + gr_del_task_from_ip_table_nolock(task->signal);
38984 + spin_unlock_bh(&gr_conn_table_lock);
38990 +gr_attach_curr_ip(const struct sock *sk)
38992 +#ifdef CONFIG_GRKERNSEC
38993 + struct signal_struct *p, *set;
38994 + const struct inet_sock *inet = inet_sk(sk);
38996 + if (unlikely(sk->sk_protocol != IPPROTO_TCP))
38999 + set = current->signal;
39001 + spin_lock_bh(&gr_conn_table_lock);
39002 + p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr,
39003 + inet->dport, inet->sport);
39004 + if (unlikely(p != NULL)) {
39005 + set->curr_ip = p->curr_ip;
39006 + set->used_accept = 1;
39007 + gr_del_task_from_ip_table_nolock(p);
39008 + spin_unlock_bh(&gr_conn_table_lock);
39011 + spin_unlock_bh(&gr_conn_table_lock);
39013 + set->curr_ip = inet->daddr;
39014 + set->used_accept = 1;
39020 +gr_handle_sock_all(const int family, const int type, const int protocol)
39022 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
39023 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
39024 + (family != AF_UNIX) && (family != AF_LOCAL)) {
39025 + gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol));
39033 +gr_handle_sock_server(const struct sockaddr *sck)
39035 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39036 + if (grsec_enable_socket_server &&
39037 + in_group_p(grsec_socket_server_gid) &&
39038 + sck && (sck->sa_family != AF_UNIX) &&
39039 + (sck->sa_family != AF_LOCAL)) {
39040 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
39048 +gr_handle_sock_server_other(const struct sock *sck)
39050 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39051 + if (grsec_enable_socket_server &&
39052 + in_group_p(grsec_socket_server_gid) &&
39053 + sck && (sck->sk_family != AF_UNIX) &&
39054 + (sck->sk_family != AF_LOCAL)) {
39055 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
39063 +gr_handle_sock_client(const struct sockaddr *sck)
39065 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
39066 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
39067 + sck && (sck->sa_family != AF_UNIX) &&
39068 + (sck->sa_family != AF_LOCAL)) {
39069 + gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
39077 +gr_cap_rtnetlink(struct sock *sock)
39079 +#ifdef CONFIG_GRKERNSEC
39080 + if (!gr_acl_is_enabled())
39081 + return current_cap();
39082 + else if (sock->sk_protocol == NETLINK_ISCSI &&
39083 + cap_raised(current_cap(), CAP_SYS_ADMIN) &&
39084 + gr_is_capable(CAP_SYS_ADMIN))
39085 + return current_cap();
39086 + else if (sock->sk_protocol == NETLINK_AUDIT &&
39087 + cap_raised(current_cap(), CAP_AUDIT_WRITE) &&
39088 + gr_is_capable(CAP_AUDIT_WRITE) &&
39089 + cap_raised(current_cap(), CAP_AUDIT_CONTROL) &&
39090 + gr_is_capable(CAP_AUDIT_CONTROL))
39091 + return current_cap();
39092 + else if (cap_raised(current_cap(), CAP_NET_ADMIN) &&
39093 + gr_is_capable(CAP_NET_ADMIN))
39094 + return current_cap();
39096 + return __cap_empty_set;
39098 + return current_cap();
39101 diff -urNp linux-2.6.32.1/grsecurity/grsec_sysctl.c linux-2.6.32.1/grsecurity/grsec_sysctl.c
39102 --- linux-2.6.32.1/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
39103 +++ linux-2.6.32.1/grsecurity/grsec_sysctl.c 2009-12-14 18:33:58.964938626 -0500
39105 +#include <linux/kernel.h>
39106 +#include <linux/sched.h>
39107 +#include <linux/sysctl.h>
39108 +#include <linux/grsecurity.h>
39109 +#include <linux/grinternal.h>
39112 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
39114 +#ifdef CONFIG_GRKERNSEC_SYSCTL
39115 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) {
39116 + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
39123 +#ifdef CONFIG_GRKERNSEC_ROFS
39124 +static int __maybe_unused one = 1;
39127 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
39128 +ctl_table grsecurity_table[] = {
39129 +#ifdef CONFIG_GRKERNSEC_SYSCTL
39130 +#ifdef CONFIG_GRKERNSEC_LINK
39132 + .ctl_name = CTL_UNNUMBERED,
39133 + .procname = "linking_restrictions",
39134 + .data = &grsec_enable_link,
39135 + .maxlen = sizeof(int),
39137 + .proc_handler = &proc_dointvec,
39140 +#ifdef CONFIG_GRKERNSEC_FIFO
39142 + .ctl_name = CTL_UNNUMBERED,
39143 + .procname = "fifo_restrictions",
39144 + .data = &grsec_enable_fifo,
39145 + .maxlen = sizeof(int),
39147 + .proc_handler = &proc_dointvec,
39150 +#ifdef CONFIG_GRKERNSEC_EXECVE
39152 + .ctl_name = CTL_UNNUMBERED,
39153 + .procname = "execve_limiting",
39154 + .data = &grsec_enable_execve,
39155 + .maxlen = sizeof(int),
39157 + .proc_handler = &proc_dointvec,
39160 +#ifdef CONFIG_GRKERNSEC_EXECLOG
39162 + .ctl_name = CTL_UNNUMBERED,
39163 + .procname = "exec_logging",
39164 + .data = &grsec_enable_execlog,
39165 + .maxlen = sizeof(int),
39167 + .proc_handler = &proc_dointvec,
39170 +#ifdef CONFIG_GRKERNSEC_SIGNAL
39172 + .ctl_name = CTL_UNNUMBERED,
39173 + .procname = "signal_logging",
39174 + .data = &grsec_enable_signal,
39175 + .maxlen = sizeof(int),
39177 + .proc_handler = &proc_dointvec,
39180 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
39182 + .ctl_name = CTL_UNNUMBERED,
39183 + .procname = "forkfail_logging",
39184 + .data = &grsec_enable_forkfail,
39185 + .maxlen = sizeof(int),
39187 + .proc_handler = &proc_dointvec,
39190 +#ifdef CONFIG_GRKERNSEC_TIME
39192 + .ctl_name = CTL_UNNUMBERED,
39193 + .procname = "timechange_logging",
39194 + .data = &grsec_enable_time,
39195 + .maxlen = sizeof(int),
39197 + .proc_handler = &proc_dointvec,
39200 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
39202 + .ctl_name = CTL_UNNUMBERED,
39203 + .procname = "chroot_deny_shmat",
39204 + .data = &grsec_enable_chroot_shmat,
39205 + .maxlen = sizeof(int),
39207 + .proc_handler = &proc_dointvec,
39210 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
39212 + .ctl_name = CTL_UNNUMBERED,
39213 + .procname = "chroot_deny_unix",
39214 + .data = &grsec_enable_chroot_unix,
39215 + .maxlen = sizeof(int),
39217 + .proc_handler = &proc_dointvec,
39220 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
39222 + .ctl_name = CTL_UNNUMBERED,
39223 + .procname = "chroot_deny_mount",
39224 + .data = &grsec_enable_chroot_mount,
39225 + .maxlen = sizeof(int),
39227 + .proc_handler = &proc_dointvec,
39230 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
39232 + .ctl_name = CTL_UNNUMBERED,
39233 + .procname = "chroot_deny_fchdir",
39234 + .data = &grsec_enable_chroot_fchdir,
39235 + .maxlen = sizeof(int),
39237 + .proc_handler = &proc_dointvec,
39240 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
39242 + .ctl_name = CTL_UNNUMBERED,
39243 + .procname = "chroot_deny_chroot",
39244 + .data = &grsec_enable_chroot_double,
39245 + .maxlen = sizeof(int),
39247 + .proc_handler = &proc_dointvec,
39250 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
39252 + .ctl_name = CTL_UNNUMBERED,
39253 + .procname = "chroot_deny_pivot",
39254 + .data = &grsec_enable_chroot_pivot,
39255 + .maxlen = sizeof(int),
39257 + .proc_handler = &proc_dointvec,
39260 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
39262 + .ctl_name = CTL_UNNUMBERED,
39263 + .procname = "chroot_enforce_chdir",
39264 + .data = &grsec_enable_chroot_chdir,
39265 + .maxlen = sizeof(int),
39267 + .proc_handler = &proc_dointvec,
39270 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
39272 + .ctl_name = CTL_UNNUMBERED,
39273 + .procname = "chroot_deny_chmod",
39274 + .data = &grsec_enable_chroot_chmod,
39275 + .maxlen = sizeof(int),
39277 + .proc_handler = &proc_dointvec,
39280 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
39282 + .ctl_name = CTL_UNNUMBERED,
39283 + .procname = "chroot_deny_mknod",
39284 + .data = &grsec_enable_chroot_mknod,
39285 + .maxlen = sizeof(int),
39287 + .proc_handler = &proc_dointvec,
39290 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
39292 + .ctl_name = CTL_UNNUMBERED,
39293 + .procname = "chroot_restrict_nice",
39294 + .data = &grsec_enable_chroot_nice,
39295 + .maxlen = sizeof(int),
39297 + .proc_handler = &proc_dointvec,
39300 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
39302 + .ctl_name = CTL_UNNUMBERED,
39303 + .procname = "chroot_execlog",
39304 + .data = &grsec_enable_chroot_execlog,
39305 + .maxlen = sizeof(int),
39307 + .proc_handler = &proc_dointvec,
39310 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
39312 + .ctl_name = CTL_UNNUMBERED,
39313 + .procname = "chroot_caps",
39314 + .data = &grsec_enable_chroot_caps,
39315 + .maxlen = sizeof(int),
39317 + .proc_handler = &proc_dointvec,
39320 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
39322 + .ctl_name = CTL_UNNUMBERED,
39323 + .procname = "chroot_deny_sysctl",
39324 + .data = &grsec_enable_chroot_sysctl,
39325 + .maxlen = sizeof(int),
39327 + .proc_handler = &proc_dointvec,
39330 +#ifdef CONFIG_GRKERNSEC_TPE
39332 + .ctl_name = CTL_UNNUMBERED,
39333 + .procname = "tpe",
39334 + .data = &grsec_enable_tpe,
39335 + .maxlen = sizeof(int),
39337 + .proc_handler = &proc_dointvec,
39340 + .ctl_name = CTL_UNNUMBERED,
39341 + .procname = "tpe_gid",
39342 + .data = &grsec_tpe_gid,
39343 + .maxlen = sizeof(int),
39345 + .proc_handler = &proc_dointvec,
39348 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
39350 + .ctl_name = CTL_UNNUMBERED,
39351 + .procname = "tpe_restrict_all",
39352 + .data = &grsec_enable_tpe_all,
39353 + .maxlen = sizeof(int),
39355 + .proc_handler = &proc_dointvec,
39358 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
39360 + .ctl_name = CTL_UNNUMBERED,
39361 + .procname = "socket_all",
39362 + .data = &grsec_enable_socket_all,
39363 + .maxlen = sizeof(int),
39365 + .proc_handler = &proc_dointvec,
39368 + .ctl_name = CTL_UNNUMBERED,
39369 + .procname = "socket_all_gid",
39370 + .data = &grsec_socket_all_gid,
39371 + .maxlen = sizeof(int),
39373 + .proc_handler = &proc_dointvec,
39376 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
39378 + .ctl_name = CTL_UNNUMBERED,
39379 + .procname = "socket_client",
39380 + .data = &grsec_enable_socket_client,
39381 + .maxlen = sizeof(int),
39383 + .proc_handler = &proc_dointvec,
39386 + .ctl_name = CTL_UNNUMBERED,
39387 + .procname = "socket_client_gid",
39388 + .data = &grsec_socket_client_gid,
39389 + .maxlen = sizeof(int),
39391 + .proc_handler = &proc_dointvec,
39394 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
39396 + .ctl_name = CTL_UNNUMBERED,
39397 + .procname = "socket_server",
39398 + .data = &grsec_enable_socket_server,
39399 + .maxlen = sizeof(int),
39401 + .proc_handler = &proc_dointvec,
39404 + .ctl_name = CTL_UNNUMBERED,
39405 + .procname = "socket_server_gid",
39406 + .data = &grsec_socket_server_gid,
39407 + .maxlen = sizeof(int),
39409 + .proc_handler = &proc_dointvec,
39412 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
39414 + .ctl_name = CTL_UNNUMBERED,
39415 + .procname = "audit_group",
39416 + .data = &grsec_enable_group,
39417 + .maxlen = sizeof(int),
39419 + .proc_handler = &proc_dointvec,
39422 + .ctl_name = CTL_UNNUMBERED,
39423 + .procname = "audit_gid",
39424 + .data = &grsec_audit_gid,
39425 + .maxlen = sizeof(int),
39427 + .proc_handler = &proc_dointvec,
39430 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
39432 + .ctl_name = CTL_UNNUMBERED,
39433 + .procname = "audit_chdir",
39434 + .data = &grsec_enable_chdir,
39435 + .maxlen = sizeof(int),
39437 + .proc_handler = &proc_dointvec,
39440 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
39442 + .ctl_name = CTL_UNNUMBERED,
39443 + .procname = "audit_mount",
39444 + .data = &grsec_enable_mount,
39445 + .maxlen = sizeof(int),
39447 + .proc_handler = &proc_dointvec,
39450 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
39452 + .ctl_name = CTL_UNNUMBERED,
39453 + .procname = "audit_textrel",
39454 + .data = &grsec_enable_audit_textrel,
39455 + .maxlen = sizeof(int),
39457 + .proc_handler = &proc_dointvec,
39460 +#ifdef CONFIG_GRKERNSEC_DMESG
39462 + .ctl_name = CTL_UNNUMBERED,
39463 + .procname = "dmesg",
39464 + .data = &grsec_enable_dmesg,
39465 + .maxlen = sizeof(int),
39467 + .proc_handler = &proc_dointvec,
39470 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
39472 + .ctl_name = CTL_UNNUMBERED,
39473 + .procname = "chroot_findtask",
39474 + .data = &grsec_enable_chroot_findtask,
39475 + .maxlen = sizeof(int),
39477 + .proc_handler = &proc_dointvec,
39480 +#ifdef CONFIG_GRKERNSEC_RESLOG
39482 + .ctl_name = CTL_UNNUMBERED,
39483 + .procname = "resource_logging",
39484 + .data = &grsec_resource_logging,
39485 + .maxlen = sizeof(int),
39487 + .proc_handler = &proc_dointvec,
39490 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
39492 + .ctl_name = CTL_UNNUMBERED,
39493 + .procname = "harden_ptrace",
39494 + .data = &grsec_enable_harden_ptrace,
39495 + .maxlen = sizeof(int),
39497 + .proc_handler = &proc_dointvec,
39501 + .ctl_name = CTL_UNNUMBERED,
39502 + .procname = "grsec_lock",
39503 + .data = &grsec_lock,
39504 + .maxlen = sizeof(int),
39506 + .proc_handler = &proc_dointvec,
39509 +#ifdef CONFIG_GRKERNSEC_ROFS
39511 + .ctl_name = CTL_UNNUMBERED,
39512 + .procname = "romount_protect",
39513 + .data = &grsec_enable_rofs,
39514 + .maxlen = sizeof(int),
39516 + .proc_handler = &proc_dointvec_minmax,
39521 + { .ctl_name = 0 }
39524 diff -urNp linux-2.6.32.1/grsecurity/grsec_textrel.c linux-2.6.32.1/grsecurity/grsec_textrel.c
39525 --- linux-2.6.32.1/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500
39526 +++ linux-2.6.32.1/grsecurity/grsec_textrel.c 2009-12-14 18:33:58.964938626 -0500
39528 +#include <linux/kernel.h>
39529 +#include <linux/sched.h>
39530 +#include <linux/mm.h>
39531 +#include <linux/file.h>
39532 +#include <linux/grinternal.h>
39533 +#include <linux/grsecurity.h>
39536 +gr_log_textrel(struct vm_area_struct * vma)
39538 +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
39539 + if (grsec_enable_audit_textrel)
39540 + gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
39544 diff -urNp linux-2.6.32.1/grsecurity/grsec_time.c linux-2.6.32.1/grsecurity/grsec_time.c
39545 --- linux-2.6.32.1/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
39546 +++ linux-2.6.32.1/grsecurity/grsec_time.c 2009-12-14 18:33:58.964938626 -0500
39548 +#include <linux/kernel.h>
39549 +#include <linux/sched.h>
39550 +#include <linux/grinternal.h>
39553 +gr_log_timechange(void)
39555 +#ifdef CONFIG_GRKERNSEC_TIME
39556 + if (grsec_enable_time)
39557 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
39561 diff -urNp linux-2.6.32.1/grsecurity/grsec_tpe.c linux-2.6.32.1/grsecurity/grsec_tpe.c
39562 --- linux-2.6.32.1/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
39563 +++ linux-2.6.32.1/grsecurity/grsec_tpe.c 2009-12-14 18:33:58.964938626 -0500
39565 +#include <linux/kernel.h>
39566 +#include <linux/sched.h>
39567 +#include <linux/file.h>
39568 +#include <linux/fs.h>
39569 +#include <linux/grinternal.h>
39571 +extern int gr_acl_tpe_check(void);
39574 +gr_tpe_allow(const struct file *file)
39576 +#ifdef CONFIG_GRKERNSEC
39577 + struct inode *inode = file->f_path.dentry->d_parent->d_inode;
39578 + const struct cred *cred = current_cred();
39580 + if (cred->uid && ((grsec_enable_tpe &&
39581 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
39582 + !in_group_p(grsec_tpe_gid)
39584 + in_group_p(grsec_tpe_gid)
39586 + ) || gr_acl_tpe_check()) &&
39587 + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
39588 + (inode->i_mode & S_IWOTH))))) {
39589 + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
39592 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
39593 + if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
39594 + ((inode->i_uid && (inode->i_uid != cred->uid)) ||
39595 + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
39596 + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
39603 diff -urNp linux-2.6.32.1/grsecurity/grsum.c linux-2.6.32.1/grsecurity/grsum.c
39604 --- linux-2.6.32.1/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
39605 +++ linux-2.6.32.1/grsecurity/grsum.c 2009-12-14 18:33:58.964938626 -0500
39607 +#include <linux/err.h>
39608 +#include <linux/kernel.h>
39609 +#include <linux/sched.h>
39610 +#include <linux/mm.h>
39611 +#include <linux/scatterlist.h>
39612 +#include <linux/crypto.h>
39613 +#include <linux/gracl.h>
39616 +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
39617 +#error "crypto and sha256 must be built into the kernel"
39621 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
39624 + struct crypto_hash *tfm;
39625 + struct hash_desc desc;
39626 + struct scatterlist sg;
39627 + unsigned char temp_sum[GR_SHA_LEN];
39628 + volatile int retval = 0;
39629 + volatile int dummy = 0;
39632 + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
39633 + if (IS_ERR(tfm)) {
39634 + /* should never happen, since sha256 should be built in */
39641 + crypto_hash_init(&desc);
39644 + sg_set_buf(&sg, p, GR_SALT_LEN);
39645 + crypto_hash_update(&desc, &sg, sg.length);
39648 + sg_set_buf(&sg, p, strlen(p));
39650 + crypto_hash_update(&desc, &sg, sg.length);
39652 + crypto_hash_final(&desc, temp_sum);
39654 + memset(entry->pw, 0, GR_PW_LEN);
39656 + for (i = 0; i < GR_SHA_LEN; i++)
39657 + if (sum[i] != temp_sum[i])
39660 + dummy = 1; // waste a cycle
39662 + crypto_free_hash(tfm);
39666 diff -urNp linux-2.6.32.1/grsecurity/Kconfig linux-2.6.32.1/grsecurity/Kconfig
39667 --- linux-2.6.32.1/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
39668 +++ linux-2.6.32.1/grsecurity/Kconfig 2009-12-14 18:33:58.971930129 -0500
39671 +# grecurity configuration
39677 + bool "Grsecurity"
39679 + select CRYPTO_SHA256
39681 + If you say Y here, you will be able to configure many features
39682 + that will enhance the security of your system. It is highly
39683 + recommended that you say Y here and read through the help
39684 + for each option so that you fully understand the features and
39685 + can evaluate their usefulness for your machine.
39688 + prompt "Security Level"
39689 + depends on GRKERNSEC
39690 + default GRKERNSEC_CUSTOM
39692 +config GRKERNSEC_LOW
39694 + select GRKERNSEC_LINK
39695 + select GRKERNSEC_FIFO
39696 + select GRKERNSEC_EXECVE
39697 + select GRKERNSEC_RANDNET
39698 + select GRKERNSEC_DMESG
39699 + select GRKERNSEC_CHROOT
39700 + select GRKERNSEC_CHROOT_CHDIR
39703 + If you choose this option, several of the grsecurity options will
39704 + be enabled that will give you greater protection against a number
39705 + of attacks, while assuring that none of your software will have any
39706 + conflicts with the additional security measures. If you run a lot
39707 + of unusual software, or you are having problems with the higher
39708 + security levels, you should say Y here. With this option, the
39709 + following features are enabled:
39711 + - Linking restrictions
39712 + - FIFO restrictions
39713 + - Enforcing RLIMIT_NPROC on execve
39714 + - Restricted dmesg
39715 + - Enforced chdir("/") on chroot
39716 + - Runtime module disabling
39718 +config GRKERNSEC_MEDIUM
39721 + select PAX_EI_PAX
39722 + select PAX_PT_PAX_FLAGS
39723 + select PAX_HAVE_ACL_FLAGS
39724 + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
39725 + select GRKERNSEC_CHROOT
39726 + select GRKERNSEC_CHROOT_SYSCTL
39727 + select GRKERNSEC_LINK
39728 + select GRKERNSEC_FIFO
39729 + select GRKERNSEC_EXECVE
39730 + select GRKERNSEC_DMESG
39731 + select GRKERNSEC_RANDNET
39732 + select GRKERNSEC_FORKFAIL
39733 + select GRKERNSEC_TIME
39734 + select GRKERNSEC_SIGNAL
39735 + select GRKERNSEC_CHROOT
39736 + select GRKERNSEC_CHROOT_UNIX
39737 + select GRKERNSEC_CHROOT_MOUNT
39738 + select GRKERNSEC_CHROOT_PIVOT
39739 + select GRKERNSEC_CHROOT_DOUBLE
39740 + select GRKERNSEC_CHROOT_CHDIR
39741 + select GRKERNSEC_CHROOT_MKNOD
39742 + select GRKERNSEC_PROC
39743 + select GRKERNSEC_PROC_USERGROUP
39744 + select PAX_RANDUSTACK
39746 + select PAX_RANDMMAP
39747 + select PAX_REFCOUNT if (X86 || SPARC64)
39748 + select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC32 || PPC64) && (SLAB || SLUB || SLOB))
39751 + If you say Y here, several features in addition to those included
39752 + in the low additional security level will be enabled. These
39753 + features provide even more security to your system, though in rare
39754 + cases they may be incompatible with very old or poorly written
39755 + software. If you enable this option, make sure that your auth
39756 + service (identd) is running as gid 1001. With this option,
39757 + the following features (in addition to those provided in the
39758 + low additional security level) will be enabled:
39760 + - Failed fork logging
39761 + - Time change logging
39763 + - Deny mounts in chroot
39764 + - Deny double chrooting
39765 + - Deny sysctl writes in chroot
39766 + - Deny mknod in chroot
39767 + - Deny access to abstract AF_UNIX sockets out of chroot
39768 + - Deny pivot_root in chroot
39769 + - Denied writes of /dev/kmem, /dev/mem, and /dev/port
39770 + - /proc restrictions with special GID set to 10 (usually wheel)
39771 + - Address Space Layout Randomization (ASLR)
39772 + - Prevent exploitation of most refcount overflows
39773 + - Bounds checking of copying between the kernel and userland
39775 +config GRKERNSEC_HIGH
39777 + select GRKERNSEC_LINK
39778 + select GRKERNSEC_FIFO
39779 + select GRKERNSEC_EXECVE
39780 + select GRKERNSEC_DMESG
39781 + select GRKERNSEC_FORKFAIL
39782 + select GRKERNSEC_TIME
39783 + select GRKERNSEC_SIGNAL
39784 + select GRKERNSEC_CHROOT
39785 + select GRKERNSEC_CHROOT_SHMAT
39786 + select GRKERNSEC_CHROOT_UNIX
39787 + select GRKERNSEC_CHROOT_MOUNT
39788 + select GRKERNSEC_CHROOT_FCHDIR
39789 + select GRKERNSEC_CHROOT_PIVOT
39790 + select GRKERNSEC_CHROOT_DOUBLE
39791 + select GRKERNSEC_CHROOT_CHDIR
39792 + select GRKERNSEC_CHROOT_MKNOD
39793 + select GRKERNSEC_CHROOT_CAPS
39794 + select GRKERNSEC_CHROOT_SYSCTL
39795 + select GRKERNSEC_CHROOT_FINDTASK
39796 + select GRKERNSEC_PROC
39797 + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
39798 + select GRKERNSEC_HIDESYM
39799 + select GRKERNSEC_BRUTE
39800 + select GRKERNSEC_PROC_USERGROUP
39801 + select GRKERNSEC_KMEM
39802 + select GRKERNSEC_RESLOG
39803 + select GRKERNSEC_RANDNET
39804 + select GRKERNSEC_PROC_ADD
39805 + select GRKERNSEC_CHROOT_CHMOD
39806 + select GRKERNSEC_CHROOT_NICE
39807 + select GRKERNSEC_AUDIT_MOUNT
39808 + select GRKERNSEC_MODHARDEN if (MODULES)
39809 + select GRKERNSEC_HARDEN_PTRACE
39810 + select GRKERNSEC_VM86 if (X86_32)
39812 + select PAX_RANDUSTACK
39814 + select PAX_RANDMMAP
39815 + select PAX_NOEXEC
39816 + select PAX_MPROTECT
39817 + select PAX_EI_PAX
39818 + select PAX_PT_PAX_FLAGS
39819 + select PAX_HAVE_ACL_FLAGS
39820 + select PAX_KERNEXEC if (X86 && (!X86_32 || X86_WP_WORKS_OK))
39821 + select PAX_MEMORY_UDEREF if (X86_32)
39822 + select PAX_RANDKSTACK if (X86_TSC && !X86_64)
39823 + select PAX_SEGMEXEC if (X86_32)
39824 + select PAX_PAGEEXEC
39825 + select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
39826 + select PAX_EMUTRAMP if (PARISC)
39827 + select PAX_EMUSIGRT if (PARISC)
39828 + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
39829 + select PAX_REFCOUNT if (X86 || SPARC64)
39830 + select PAX_USERCOPY if ((X86 || PPC32 || PPC64 || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
39832 + If you say Y here, many of the features of grsecurity will be
39833 + enabled, which will protect you against many kinds of attacks
39834 + against your system. The heightened security comes at a cost
39835 + of an increased chance of incompatibilities with rare software
39836 + on your machine. Since this security level enables PaX, you should
39837 + view <http://pax.grsecurity.net> and read about the PaX
39838 + project. While you are there, download chpax and run it on
39839 + binaries that cause problems with PaX. Also remember that
39840 + since the /proc restrictions are enabled, you must run your
39841 + identd as gid 1001. This security level enables the following
39842 + features in addition to those listed in the low and medium
39845 + - Additional /proc restrictions
39846 + - Chmod restrictions in chroot
39847 + - No signals, ptrace, or viewing of processes outside of chroot
39848 + - Capability restrictions in chroot
39849 + - Deny fchdir out of chroot
39850 + - Priority restrictions in chroot
39851 + - Segmentation-based implementation of PaX
39852 + - Mprotect restrictions
39853 + - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
39854 + - Kernel stack randomization
39855 + - Mount/unmount/remount logging
39856 + - Kernel symbol hiding
39857 + - Prevention of memory exhaustion-based exploits
39858 + - Hardening of module auto-loading
39859 + - Ptrace restrictions
39860 + - Restricted vm86 mode
39862 +config GRKERNSEC_CUSTOM
39865 + If you say Y here, you will be able to configure every grsecurity
39866 + option, which allows you to enable many more features that aren't
39867 + covered in the basic security levels. These additional features
39868 + include TPE, socket restrictions, and the sysctl system for
39869 + grsecurity. It is advised that you read through the help for
39870 + each option to determine its usefulness in your situation.
39874 +menu "Address Space Protection"
39875 +depends on GRKERNSEC
39877 +config GRKERNSEC_KMEM
39878 + bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
39880 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
39881 + be written to via mmap or otherwise to modify the running kernel.
39882 + /dev/port will also not be allowed to be opened. If you have module
39883 + support disabled, enabling this will close up four ways that are
39884 + currently used to insert malicious code into the running kernel.
39885 + Even with all these features enabled, we still highly recommend that
39886 + you use the RBAC system, as it is still possible for an attacker to
39887 + modify the running kernel through privileged I/O granted by ioperm/iopl.
39888 + If you are not using XFree86, you may be able to stop this additional
39889 + case by enabling the 'Disable privileged I/O' option. Though nothing
39890 + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
39891 + but only to video memory, which is the only writing we allow in this
39892 + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
39893 + not be allowed to mprotect it with PROT_WRITE later.
39894 + It is highly recommended that you say Y here if you meet all the
39895 + conditions above.
39897 +config GRKERNSEC_VM86
39898 + bool "Restrict VM86 mode"
39899 + depends on X86_32
39902 + If you say Y here, only processes with CAP_SYS_RAWIO will be able to
39903 + make use of a special execution mode on 32bit x86 processors called
39904 + Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
39905 + video cards and will still work with this option enabled. The purpose
39906 + of the option is to prevent exploitation of emulation errors in
39907 + virtualization of vm86 mode like the one discovered in VMWare in 2009.
39908 + Nearly all users should be able to enable this option.
39910 +config GRKERNSEC_IO
39911 + bool "Disable privileged I/O"
39914 + select RTC_INTF_DEV
39915 + select RTC_DRV_CMOS
39918 + If you say Y here, all ioperm and iopl calls will return an error.
39919 + Ioperm and iopl can be used to modify the running kernel.
39920 + Unfortunately, some programs need this access to operate properly,
39921 + the most notable of which are XFree86 and hwclock. hwclock can be
39922 + remedied by having RTC support in the kernel, so real-time
39923 + clock support is enabled if this option is enabled, to ensure
39924 + that hwclock operates correctly. XFree86 still will not
39925 + operate correctly with this option enabled, so DO NOT CHOOSE Y
39926 + IF YOU USE XFree86. If you use XFree86 and you still want to
39927 + protect your kernel against modification, use the RBAC system.
39929 +config GRKERNSEC_PROC_MEMMAP
39930 + bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
39931 + default y if (PAX_NOEXEC || PAX_ASLR)
39932 + depends on PAX_NOEXEC || PAX_ASLR
39934 + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
39935 + give no information about the addresses of its mappings if
39936 + PaX features that rely on random addresses are enabled on the task.
39937 + If you use PaX it is greatly recommended that you say Y here as it
39938 + closes up a hole that makes the full ASLR useless for suid
39941 +config GRKERNSEC_BRUTE
39942 + bool "Deter exploit bruteforcing"
39944 + If you say Y here, attempts to bruteforce exploits against forking
39945 + daemons such as apache or sshd will be deterred. When a child of a
39946 + forking daemon is killed by PaX or crashes due to an illegal
39947 + instruction, the parent process will be delayed 30 seconds upon every
39948 + subsequent fork until the administrator is able to assess the
39949 + situation and restart the daemon. It is recommended that you also
39950 + enable signal logging in the auditing section so that logs are
39951 + generated when a process performs an illegal instruction.
39953 +config GRKERNSEC_MODHARDEN
39954 + bool "Harden module auto-loading"
39955 + depends on MODULES
39957 + If you say Y here, module auto-loading in response to use of some
39958 + feature implemented by an unloaded module will be restricted to
39959 + root users. Enabling this option helps defend against attacks
39960 + by unprivileged users who abuse the auto-loading behavior to
39961 + cause a vulnerable module to load that is then exploited.
39963 + If this option prevents a legitimate use of auto-loading for a
39964 + non-root user, the administrator can execute modprobe manually
39965 + with the exact name of the module mentioned in the alert log.
39966 + Alternatively, the administrator can add the module to the list
39967 + of modules loaded at boot by modifying init scripts.
39969 + Modification of init scripts will most likely be needed on
39970 + Ubuntu servers with encrypted home directory support enabled,
39971 + as the first non-root user logging in will cause the ecb(aes),
39972 + ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
39974 +config GRKERNSEC_HIDESYM
39975 + bool "Hide kernel symbols"
39977 + If you say Y here, getting information on loaded modules, and
39978 + displaying all kernel symbols through a syscall will be restricted
39979 + to users with CAP_SYS_MODULE. For software compatibility reasons,
39980 + /proc/kallsyms will be restricted to the root user. The RBAC
39981 + system can hide that entry even from root. Note that this option
39982 + is only effective provided the following conditions are met:
39983 + 1) The kernel using grsecurity is not precompiled by some distribution
39984 + 2) You are using the RBAC system and hiding other files such as your
39985 + kernel image and System.map. Alternatively, enabling this option
39986 + causes the permissions on /boot, /lib/modules, and the kernel
39987 + source directory to change at compile time to prevent
39988 + reading by non-root users.
39989 + If the above conditions are met, this option will aid in providing a
39990 + useful protection against local kernel exploitation of overflows
39991 + and arbitrary read/write vulnerabilities.
39994 +menu "Role Based Access Control Options"
39995 +depends on GRKERNSEC
39997 +config GRKERNSEC_NO_RBAC
39998 + bool "Disable RBAC system"
40000 + If you say Y here, the /dev/grsec device will be removed from the kernel,
40001 + preventing the RBAC system from being enabled. You should only say Y
40002 + here if you have no intention of using the RBAC system, so as to prevent
40003 + an attacker with root access from misusing the RBAC system to hide files
40004 + and processes when loadable module support and /dev/[k]mem have been
40007 +config GRKERNSEC_ACL_HIDEKERN
40008 + bool "Hide kernel processes"
40010 + If you say Y here, all kernel threads will be hidden to all
40011 + processes but those whose subject has the "view hidden processes"
40014 +config GRKERNSEC_ACL_MAXTRIES
40015 + int "Maximum tries before password lockout"
40018 + This option enforces the maximum number of times a user can attempt
40019 + to authorize themselves with the grsecurity RBAC system before being
40020 + denied the ability to attempt authorization again for a specified time.
40021 + The lower the number, the harder it will be to brute-force a password.
40023 +config GRKERNSEC_ACL_TIMEOUT
40024 + int "Time to wait after max password tries, in seconds"
40027 + This option specifies the time the user must wait after attempting to
40028 + authorize to the RBAC system with the maximum number of invalid
40029 + passwords. The higher the number, the harder it will be to brute-force
40033 +menu "Filesystem Protections"
40034 +depends on GRKERNSEC
40036 +config GRKERNSEC_PROC
40037 + bool "Proc restrictions"
40039 + If you say Y here, the permissions of the /proc filesystem
40040 + will be altered to enhance system security and privacy. You MUST
40041 + choose either a user only restriction or a user and group restriction.
40042 + Depending upon the option you choose, you can either restrict users to
40043 + see only the processes they themselves run, or choose a group that can
40044 + view all processes and files normally restricted to root if you choose
40045 + the "restrict to user only" option. NOTE: If you're running identd as
40046 + a non-root user, you will have to run it as the group you specify here.
40048 +config GRKERNSEC_PROC_USER
40049 + bool "Restrict /proc to user only"
40050 + depends on GRKERNSEC_PROC
40052 + If you say Y here, non-root users will only be able to view their own
40053 + processes, and restricts them from viewing network-related information,
40054 + and viewing kernel symbol and module information.
40056 +config GRKERNSEC_PROC_USERGROUP
40057 + bool "Allow special group"
40058 + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
40060 + If you say Y here, you will be able to select a group that will be
40061 + able to view all processes, network-related information, and
40062 + kernel and symbol information. This option is useful if you want
40063 + to run identd as a non-root user.
40065 +config GRKERNSEC_PROC_GID
40066 + int "GID for special group"
40067 + depends on GRKERNSEC_PROC_USERGROUP
40070 +config GRKERNSEC_PROC_ADD
40071 + bool "Additional restrictions"
40072 + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
40074 + If you say Y here, additional restrictions will be placed on
40075 + /proc that keep normal users from viewing device information and
40076 + slabinfo information that could be useful for exploits.
40078 +config GRKERNSEC_LINK
40079 + bool "Linking restrictions"
40081 + If you say Y here, /tmp race exploits will be prevented, since users
40082 + will no longer be able to follow symlinks owned by other users in
40083 + world-writable +t directories (i.e. /tmp), unless the owner of the
40084 + symlink is the owner of the directory. users will also not be
40085 + able to hardlink to files they do not own. If the sysctl option is
40086 + enabled, a sysctl option with name "linking_restrictions" is created.
40088 +config GRKERNSEC_FIFO
40089 + bool "FIFO restrictions"
40091 + If you say Y here, users will not be able to write to FIFOs they don't
40092 + own in world-writable +t directories (i.e. /tmp), unless the owner of
40093 + the FIFO is the same owner of the directory it's held in. If the sysctl
40094 + option is enabled, a sysctl option with name "fifo_restrictions" is
40097 +config GRKERNSEC_ROFS
40098 + bool "Runtime read-only mount protection"
40100 + If you say Y here, a sysctl option with name "romount_protect" will
40101 + be created. By setting this option to 1 at runtime, filesystems
40102 + will be protected in the following ways:
40103 + * No new writable mounts will be allowed
40104 + * Existing read-only mounts won't be able to be remounted read/write
40105 + * Write operations will be denied on all block devices
40106 + This option acts independently of grsec_lock: once it is set to 1,
40107 + it cannot be turned off. Therefore, please be mindful of the resulting
40108 + behavior if this option is enabled in an init script on a read-only
40109 + filesystem. This feature is mainly intended for secure embedded systems.
40111 +config GRKERNSEC_CHROOT
40112 + bool "Chroot jail restrictions"
40114 + If you say Y here, you will be able to choose several options that will
40115 + make breaking out of a chrooted jail much more difficult. If you
40116 + encounter no software incompatibilities with the following options, it
40117 + is recommended that you enable each one.
40119 +config GRKERNSEC_CHROOT_MOUNT
40120 + bool "Deny mounts"
40121 + depends on GRKERNSEC_CHROOT
40123 + If you say Y here, processes inside a chroot will not be able to
40124 + mount or remount filesystems. If the sysctl option is enabled, a
40125 + sysctl option with name "chroot_deny_mount" is created.
40127 +config GRKERNSEC_CHROOT_DOUBLE
40128 + bool "Deny double-chroots"
40129 + depends on GRKERNSEC_CHROOT
40131 + If you say Y here, processes inside a chroot will not be able to chroot
40132 + again outside the chroot. This is a widely used method of breaking
40133 + out of a chroot jail and should not be allowed. If the sysctl
40134 + option is enabled, a sysctl option with name
40135 + "chroot_deny_chroot" is created.
40137 +config GRKERNSEC_CHROOT_PIVOT
40138 + bool "Deny pivot_root in chroot"
40139 + depends on GRKERNSEC_CHROOT
40141 + If you say Y here, processes inside a chroot will not be able to use
40142 + a function called pivot_root() that was introduced in Linux 2.3.41. It
40143 + works similar to chroot in that it changes the root filesystem. This
40144 + function could be misused in a chrooted process to attempt to break out
40145 + of the chroot, and therefore should not be allowed. If the sysctl
40146 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
40149 +config GRKERNSEC_CHROOT_CHDIR
40150 + bool "Enforce chdir(\"/\") on all chroots"
40151 + depends on GRKERNSEC_CHROOT
40153 + If you say Y here, the current working directory of all newly-chrooted
40154 + applications will be set to the the root directory of the chroot.
40155 + The man page on chroot(2) states:
40156 + Note that this call does not change the current working
40157 + directory, so that `.' can be outside the tree rooted at
40158 + `/'. In particular, the super-user can escape from a
40159 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
40161 + It is recommended that you say Y here, since it's not known to break
40162 + any software. If the sysctl option is enabled, a sysctl option with
40163 + name "chroot_enforce_chdir" is created.
40165 +config GRKERNSEC_CHROOT_CHMOD
40166 + bool "Deny (f)chmod +s"
40167 + depends on GRKERNSEC_CHROOT
40169 + If you say Y here, processes inside a chroot will not be able to chmod
40170 + or fchmod files to make them have suid or sgid bits. This protects
40171 + against another published method of breaking a chroot. If the sysctl
40172 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
40175 +config GRKERNSEC_CHROOT_FCHDIR
40176 + bool "Deny fchdir out of chroot"
40177 + depends on GRKERNSEC_CHROOT
40179 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
40180 + to a file descriptor of the chrooting process that points to a directory
40181 + outside the filesystem will be stopped. If the sysctl option
40182 + is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
40184 +config GRKERNSEC_CHROOT_MKNOD
40185 + bool "Deny mknod"
40186 + depends on GRKERNSEC_CHROOT
40188 + If you say Y here, processes inside a chroot will not be allowed to
40189 + mknod. The problem with using mknod inside a chroot is that it
40190 + would allow an attacker to create a device entry that is the same
40191 + as one on the physical root of your system, which could range from
40192 + anything from the console device to a device for your harddrive (which
40193 + they could then use to wipe the drive or steal data). It is recommended
40194 + that you say Y here, unless you run into software incompatibilities.
40195 + If the sysctl option is enabled, a sysctl option with name
40196 + "chroot_deny_mknod" is created.
40198 +config GRKERNSEC_CHROOT_SHMAT
40199 + bool "Deny shmat() out of chroot"
40200 + depends on GRKERNSEC_CHROOT
40202 + If you say Y here, processes inside a chroot will not be able to attach
40203 + to shared memory segments that were created outside of the chroot jail.
40204 + It is recommended that you say Y here. If the sysctl option is enabled,
40205 + a sysctl option with name "chroot_deny_shmat" is created.
40207 +config GRKERNSEC_CHROOT_UNIX
40208 + bool "Deny access to abstract AF_UNIX sockets out of chroot"
40209 + depends on GRKERNSEC_CHROOT
40211 + If you say Y here, processes inside a chroot will not be able to
40212 + connect to abstract (meaning not belonging to a filesystem) Unix
40213 + domain sockets that were bound outside of a chroot. It is recommended
40214 + that you say Y here. If the sysctl option is enabled, a sysctl option
40215 + with name "chroot_deny_unix" is created.
40217 +config GRKERNSEC_CHROOT_FINDTASK
40218 + bool "Protect outside processes"
40219 + depends on GRKERNSEC_CHROOT
40221 + If you say Y here, processes inside a chroot will not be able to
40222 + kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
40223 + getsid, or view any process outside of the chroot. If the sysctl
40224 + option is enabled, a sysctl option with name "chroot_findtask" is
40227 +config GRKERNSEC_CHROOT_NICE
40228 + bool "Restrict priority changes"
40229 + depends on GRKERNSEC_CHROOT
40231 + If you say Y here, processes inside a chroot will not be able to raise
40232 + the priority of processes in the chroot, or alter the priority of
40233 + processes outside the chroot. This provides more security than simply
40234 + removing CAP_SYS_NICE from the process' capability set. If the
40235 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
40238 +config GRKERNSEC_CHROOT_SYSCTL
40239 + bool "Deny sysctl writes"
40240 + depends on GRKERNSEC_CHROOT
40242 + If you say Y here, an attacker in a chroot will not be able to
40243 + write to sysctl entries, either by sysctl(2) or through a /proc
40244 + interface. It is strongly recommended that you say Y here. If the
40245 + sysctl option is enabled, a sysctl option with name
40246 + "chroot_deny_sysctl" is created.
40248 +config GRKERNSEC_CHROOT_CAPS
40249 + bool "Capability restrictions"
40250 + depends on GRKERNSEC_CHROOT
40252 + If you say Y here, the capabilities on all root processes within a
40253 + chroot jail will be lowered to stop module insertion, raw i/o,
40254 + system and net admin tasks, rebooting the system, modifying immutable
40255 + files, modifying IPC owned by another, and changing the system time.
40256 + This is left an option because it can break some apps. Disable this
40257 + if your chrooted apps are having problems performing those kinds of
40258 + tasks. If the sysctl option is enabled, a sysctl option with
40259 + name "chroot_caps" is created.
40262 +menu "Kernel Auditing"
40263 +depends on GRKERNSEC
40265 +config GRKERNSEC_AUDIT_GROUP
40266 + bool "Single group for auditing"
40268 + If you say Y here, the exec, chdir, and (un)mount logging features
40269 + will only operate on a group you specify. This option is recommended
40270 + if you only want to watch certain users instead of having a large
40271 + amount of logs from the entire system. If the sysctl option is enabled,
40272 + a sysctl option with name "audit_group" is created.
40274 +config GRKERNSEC_AUDIT_GID
40275 + int "GID for auditing"
40276 + depends on GRKERNSEC_AUDIT_GROUP
40279 +config GRKERNSEC_EXECLOG
40280 + bool "Exec logging"
40282 + If you say Y here, all execve() calls will be logged (since the
40283 + other exec*() calls are frontends to execve(), all execution
40284 + will be logged). Useful for shell-servers that like to keep track
40285 + of their users. If the sysctl option is enabled, a sysctl option with
40286 + name "exec_logging" is created.
40287 + WARNING: This option when enabled will produce a LOT of logs, especially
40288 + on an active system.
40290 +config GRKERNSEC_RESLOG
40291 + bool "Resource logging"
40293 + If you say Y here, all attempts to overstep resource limits will
40294 + be logged with the resource name, the requested size, and the current
40295 + limit. It is highly recommended that you say Y here. If the sysctl
40296 + option is enabled, a sysctl option with name "resource_logging" is
40297 + created. If the RBAC system is enabled, the sysctl value is ignored.
40299 +config GRKERNSEC_CHROOT_EXECLOG
40300 + bool "Log execs within chroot"
40302 + If you say Y here, all executions inside a chroot jail will be logged
40303 + to syslog. This can cause a large amount of logs if certain
40304 + applications (eg. djb's daemontools) are installed on the system, and
40305 + is therefore left as an option. If the sysctl option is enabled, a
40306 + sysctl option with name "chroot_execlog" is created.
40308 +config GRKERNSEC_AUDIT_CHDIR
40309 + bool "Chdir logging"
40311 + If you say Y here, all chdir() calls will be logged. If the sysctl
40312 + option is enabled, a sysctl option with name "audit_chdir" is created.
40314 +config GRKERNSEC_AUDIT_MOUNT
40315 + bool "(Un)Mount logging"
40317 + If you say Y here, all mounts and unmounts will be logged. If the
40318 + sysctl option is enabled, a sysctl option with name "audit_mount" is
40321 +config GRKERNSEC_SIGNAL
40322 + bool "Signal logging"
40324 + If you say Y here, certain important signals will be logged, such as
40325 + SIGSEGV, which will as a result inform you of when a error in a program
40326 + occurred, which in some cases could mean a possible exploit attempt.
40327 + If the sysctl option is enabled, a sysctl option with name
40328 + "signal_logging" is created.
40330 +config GRKERNSEC_FORKFAIL
40331 + bool "Fork failure logging"
40333 + If you say Y here, all failed fork() attempts will be logged.
40334 + This could suggest a fork bomb, or someone attempting to overstep
40335 + their process limit. If the sysctl option is enabled, a sysctl option
40336 + with name "forkfail_logging" is created.
40338 +config GRKERNSEC_TIME
40339 + bool "Time change logging"
40341 + If you say Y here, any changes of the system clock will be logged.
40342 + If the sysctl option is enabled, a sysctl option with name
40343 + "timechange_logging" is created.
40345 +config GRKERNSEC_PROC_IPADDR
40346 + bool "/proc/<pid>/ipaddr support"
40348 + If you say Y here, a new entry will be added to each /proc/<pid>
40349 + directory that contains the IP address of the person using the task.
40350 + The IP is carried across local TCP and AF_UNIX stream sockets.
40351 + This information can be useful for IDS/IPSes to perform remote response
40352 + to a local attack. The entry is readable by only the owner of the
40353 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
40354 + the RBAC system), and thus does not create privacy concerns.
40356 +config GRKERNSEC_AUDIT_TEXTREL
40357 + bool 'ELF text relocations logging (READ HELP)'
40358 + depends on PAX_MPROTECT
40360 + If you say Y here, text relocations will be logged with the filename
40361 + of the offending library or binary. The purpose of the feature is
40362 + to help Linux distribution developers get rid of libraries and
40363 + binaries that need text relocations which hinder the future progress
40364 + of PaX. Only Linux distribution developers should say Y here, and
40365 + never on a production machine, as this option creates an information
40366 + leak that could aid an attacker in defeating the randomization of
40367 + a single memory region. If the sysctl option is enabled, a sysctl
40368 + option with name "audit_textrel" is created.
40372 +menu "Executable Protections"
40373 +depends on GRKERNSEC
40375 +config GRKERNSEC_EXECVE
40376 + bool "Enforce RLIMIT_NPROC on execs"
40378 + If you say Y here, users with a resource limit on processes will
40379 + have the value checked during execve() calls. The current system
40380 + only checks the system limit during fork() calls. If the sysctl option
40381 + is enabled, a sysctl option with name "execve_limiting" is created.
40383 +config GRKERNSEC_DMESG
40384 + bool "Dmesg(8) restriction"
40386 + If you say Y here, non-root users will not be able to use dmesg(8)
40387 + to view up to the last 4kb of messages in the kernel's log buffer.
40388 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
40391 +config GRKERNSEC_HARDEN_PTRACE
40392 + bool "Deter ptrace-based process snooping"
40394 + If you say Y here, TTY sniffers and other malicious monitoring
40395 + programs implemented through ptrace will be defeated. If you
40396 + have been using the RBAC system, this option has already been
40397 + enabled for several years for all users, with the ability to make
40398 + fine-grained exceptions.
40400 + This option only affects the ability of non-root users to ptrace
40401 + processes that are not a descendent of the ptracing process.
40402 + This means that strace ./binary and gdb ./binary will still work,
40403 + but attaching to arbitrary processes will not. If the sysctl
40404 + option is enabled, a sysctl option with name "harden_ptrace" is
40407 +config GRKERNSEC_TPE
40408 + bool "Trusted Path Execution (TPE)"
40410 + If you say Y here, you will be able to choose a gid to add to the
40411 + supplementary groups of users you want to mark as "untrusted."
40412 + These users will not be able to execute any files that are not in
40413 + root-owned directories writable only by root. If the sysctl option
40414 + is enabled, a sysctl option with name "tpe" is created.
40416 +config GRKERNSEC_TPE_ALL
40417 + bool "Partially restrict non-root users"
40418 + depends on GRKERNSEC_TPE
40420 + If you say Y here, All non-root users other than the ones in the
40421 + group specified in the main TPE option will only be allowed to
40422 + execute files in directories they own that are not group or
40423 + world-writable, or in directories owned by root and writable only by
40424 + root. If the sysctl option is enabled, a sysctl option with name
40425 + "tpe_restrict_all" is created.
40427 +config GRKERNSEC_TPE_INVERT
40428 + bool "Invert GID option"
40429 + depends on GRKERNSEC_TPE
40431 + If you say Y here, the group you specify in the TPE configuration will
40432 + decide what group TPE restrictions will be *disabled* for. This
40433 + option is useful if you want TPE restrictions to be applied to most
40434 + users on the system.
40436 +config GRKERNSEC_TPE_GID
40437 + int "GID for untrusted users"
40438 + depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
40441 + If you have selected the "Invert GID option" above, setting this
40442 + GID determines what group TPE restrictions will be *disabled* for.
40443 + If you have not selected the "Invert GID option" above, setting this
40444 + GID determines what group TPE restrictions will be *enabled* for.
40445 + If the sysctl option is enabled, a sysctl option with name "tpe_gid"
40448 +config GRKERNSEC_TPE_GID
40449 + int "GID for trusted users"
40450 + depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
40453 + If you have selected the "Invert GID option" above, setting this
40454 + GID determines what group TPE restrictions will be *disabled* for.
40455 + If you have not selected the "Invert GID option" above, setting this
40456 + GID determines what group TPE restrictions will be *enabled* for.
40457 + If the sysctl option is enabled, a sysctl option with name "tpe_gid"
40461 +menu "Network Protections"
40462 +depends on GRKERNSEC
40464 +config GRKERNSEC_RANDNET
40465 + bool "Larger entropy pools"
40467 + If you say Y here, the entropy pools used for many features of Linux
40468 + and grsecurity will be doubled in size. Since several grsecurity
40469 + features use additional randomness, it is recommended that you say Y
40470 + here. Saying Y here has a similar effect as modifying
40471 + /proc/sys/kernel/random/poolsize.
40473 +config GRKERNSEC_BLACKHOLE
40474 + bool "TCP/UDP blackhole"
40476 + If you say Y here, neither TCP resets nor ICMP
40477 + destination-unreachable packets will be sent in response to packets
40478 + send to ports for which no associated listening process exists.
40479 + This feature supports both IPV4 and IPV6 and exempts the
40480 + loopback interface from blackholing. Enabling this feature
40481 + makes a host more resilient to DoS attacks and reduces network
40482 + visibility against scanners.
40484 +config GRKERNSEC_SOCKET
40485 + bool "Socket restrictions"
40487 + If you say Y here, you will be able to choose from several options.
40488 + If you assign a GID on your system and add it to the supplementary
40489 + groups of users you want to restrict socket access to, this patch
40490 + will perform up to three things, based on the option(s) you choose.
40492 +config GRKERNSEC_SOCKET_ALL
40493 + bool "Deny any sockets to group"
40494 + depends on GRKERNSEC_SOCKET
40496 + If you say Y here, you will be able to choose a GID of whose users will
40497 + be unable to connect to other hosts from your machine or run server
40498 + applications from your machine. If the sysctl option is enabled, a
40499 + sysctl option with name "socket_all" is created.
40501 +config GRKERNSEC_SOCKET_ALL_GID
40502 + int "GID to deny all sockets for"
40503 + depends on GRKERNSEC_SOCKET_ALL
40506 + Here you can choose the GID to disable socket access for. Remember to
40507 + add the users you want socket access disabled for to the GID
40508 + specified here. If the sysctl option is enabled, a sysctl option
40509 + with name "socket_all_gid" is created.
40511 +config GRKERNSEC_SOCKET_CLIENT
40512 + bool "Deny client sockets to group"
40513 + depends on GRKERNSEC_SOCKET
40515 + If you say Y here, you will be able to choose a GID of whose users will
40516 + be unable to connect to other hosts from your machine, but will be
40517 + able to run servers. If this option is enabled, all users in the group
40518 + you specify will have to use passive mode when initiating ftp transfers
40519 + from the shell on your machine. If the sysctl option is enabled, a
40520 + sysctl option with name "socket_client" is created.
40522 +config GRKERNSEC_SOCKET_CLIENT_GID
40523 + int "GID to deny client sockets for"
40524 + depends on GRKERNSEC_SOCKET_CLIENT
40527 + Here you can choose the GID to disable client socket access for.
40528 + Remember to add the users you want client socket access disabled for to
40529 + the GID specified here. If the sysctl option is enabled, a sysctl
40530 + option with name "socket_client_gid" is created.
40532 +config GRKERNSEC_SOCKET_SERVER
40533 + bool "Deny server sockets to group"
40534 + depends on GRKERNSEC_SOCKET
40536 + If you say Y here, you will be able to choose a GID of whose users will
40537 + be unable to run server applications from your machine. If the sysctl
40538 + option is enabled, a sysctl option with name "socket_server" is created.
40540 +config GRKERNSEC_SOCKET_SERVER_GID
40541 + int "GID to deny server sockets for"
40542 + depends on GRKERNSEC_SOCKET_SERVER
40545 + Here you can choose the GID to disable server socket access for.
40546 + Remember to add the users you want server socket access disabled for to
40547 + the GID specified here. If the sysctl option is enabled, a sysctl
40548 + option with name "socket_server_gid" is created.
40551 +menu "Sysctl support"
40552 +depends on GRKERNSEC && SYSCTL
40554 +config GRKERNSEC_SYSCTL
40555 + bool "Sysctl support"
40557 + If you say Y here, you will be able to change the options that
40558 + grsecurity runs with at bootup, without having to recompile your
40559 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
40560 + to enable (1) or disable (0) various features. All the sysctl entries
40561 + are mutable until the "grsec_lock" entry is set to a non-zero value.
40562 + All features enabled in the kernel configuration are disabled at boot
40563 + if you do not say Y to the "Turn on features by default" option.
40564 + All options should be set at startup, and the grsec_lock entry should
40565 + be set to a non-zero value after all the options are set.
40566 + *THIS IS EXTREMELY IMPORTANT*
40568 +config GRKERNSEC_SYSCTL_ON
40569 + bool "Turn on features by default"
40570 + depends on GRKERNSEC_SYSCTL
40572 + If you say Y here, instead of having all features enabled in the
40573 + kernel configuration disabled at boot time, the features will be
40574 + enabled at boot time. It is recommended you say Y here unless
40575 + there is some reason you would want all sysctl-tunable features to
40576 + be disabled by default. As mentioned elsewhere, it is important
40577 + to enable the grsec_lock entry once you have finished modifying
40578 + the sysctl entries.
40581 +menu "Logging Options"
40582 +depends on GRKERNSEC
40584 +config GRKERNSEC_FLOODTIME
40585 + int "Seconds in between log messages (minimum)"
40588 + This option allows you to enforce the number of seconds between
40589 + grsecurity log messages. The default should be suitable for most
40590 + people, however, if you choose to change it, choose a value small enough
40591 + to allow informative logs to be produced, but large enough to
40592 + prevent flooding.
40594 +config GRKERNSEC_FLOODBURST
40595 + int "Number of messages in a burst (maximum)"
40598 + This option allows you to choose the maximum number of messages allowed
40599 + within the flood time interval you chose in a separate option. The
40600 + default should be suitable for most people, however if you find that
40601 + many of your logs are being interpreted as flooding, you may want to
40602 + raise this value.
40607 diff -urNp linux-2.6.32.1/grsecurity/Makefile linux-2.6.32.1/grsecurity/Makefile
40608 --- linux-2.6.32.1/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
40609 +++ linux-2.6.32.1/grsecurity/Makefile 2009-12-14 18:33:58.971930129 -0500
40611 +# grsecurity's ACL system was originally written in 2001 by Michael Dalton
40612 +# during 2001-2009 it has been completely redesigned by Brad Spengler
40613 +# into an RBAC system
40615 +# All code in this directory and various hooks inserted throughout the kernel
40616 +# are copyright Brad Spengler - Open Source Security, Inc., and released
40617 +# under the GPL v2 or higher
40619 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
40620 + grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
40621 + grsec_time.o grsec_tpe.o grsec_link.o grsec_textrel.o
40623 +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
40624 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
40625 + gracl_learn.o grsec_log.o
40626 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
40628 +ifndef CONFIG_GRKERNSEC
40629 +obj-y += grsec_disabled.o
40632 +ifdef CONFIG_GRKERNSEC_HIDESYM
40633 +extra-y := grsec_hidesym.o
40634 +$(obj)/grsec_hidesym.o:
40635 + @-chmod -f 500 /boot
40636 + @-chmod -f 500 /lib/modules
40638 + @echo ' grsec: protected kernel image paths'
40640 diff -urNp linux-2.6.32.1/include/acpi/acpi_drivers.h linux-2.6.32.1/include/acpi/acpi_drivers.h
40641 --- linux-2.6.32.1/include/acpi/acpi_drivers.h 2009-12-02 22:51:21.000000000 -0500
40642 +++ linux-2.6.32.1/include/acpi/acpi_drivers.h 2009-12-14 18:33:58.986975322 -0500
40643 @@ -119,8 +119,8 @@ int acpi_processor_set_thermal_limit(acp
40645 -------------------------------------------------------------------------- */
40646 struct acpi_dock_ops {
40647 - acpi_notify_handler handler;
40648 - acpi_notify_handler uevent;
40649 + const acpi_notify_handler handler;
40650 + const acpi_notify_handler uevent;
40653 #if defined(CONFIG_ACPI_DOCK) || defined(CONFIG_ACPI_DOCK_MODULE)
40654 @@ -128,7 +128,7 @@ extern int is_dock_device(acpi_handle ha
40655 extern int register_dock_notifier(struct notifier_block *nb);
40656 extern void unregister_dock_notifier(struct notifier_block *nb);
40657 extern int register_hotplug_dock_device(acpi_handle handle,
40658 - struct acpi_dock_ops *ops,
40659 + const struct acpi_dock_ops *ops,
40661 extern void unregister_hotplug_dock_device(acpi_handle handle);
40663 @@ -144,7 +144,7 @@ static inline void unregister_dock_notif
40666 static inline int register_hotplug_dock_device(acpi_handle handle,
40667 - struct acpi_dock_ops *ops,
40668 + const struct acpi_dock_ops *ops,
40672 diff -urNp linux-2.6.32.1/include/asm-generic/atomic.h linux-2.6.32.1/include/asm-generic/atomic.h
40673 --- linux-2.6.32.1/include/asm-generic/atomic.h 2009-12-02 22:51:21.000000000 -0500
40674 +++ linux-2.6.32.1/include/asm-generic/atomic.h 2009-12-14 18:33:58.986975322 -0500
40676 #define atomic_read(v) ((v)->counter)
40679 + * atomic_read_unchecked - read atomic variable
40680 + * @v: pointer of type atomic_unchecked_t
40682 + * Atomically reads the value of @v. Note that the guaranteed
40683 + * useful range of an atomic_unchecked_t is only 24 bits.
40685 +#define atomic_read_unchecked(v) ((v)->counter)
40688 * atomic_set - set atomic variable
40689 * @v: pointer of type atomic_t
40690 * @i: required value
40693 #define atomic_set(v, i) (((v)->counter) = (i))
40696 + * atomic_set_unchecked - set atomic variable
40697 + * @v: pointer of type atomic_unchecked_t
40698 + * @i: required value
40700 + * Atomically sets the value of @v to @i. Note that the guaranteed
40701 + * useful range of an atomic_unchecked_t is only 24 bits.
40703 +#define atomic_set_unchecked(v, i) (((v)->counter) = (i))
40705 #include <asm/system.h>
40708 @@ -101,16 +120,31 @@ static inline void atomic_add(int i, ato
40709 atomic_add_return(i, v);
40712 +static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
40714 + atomic_add_return(i, (atomic_t *)v);
40717 static inline void atomic_sub(int i, atomic_t *v)
40719 atomic_sub_return(i, v);
40722 +static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
40724 + atomic_sub_return(i, (atomic_t *)v);
40727 static inline void atomic_inc(atomic_t *v)
40729 atomic_add_return(1, v);
40732 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
40734 + atomic_add_return(1, (atomic_t *)v);
40737 static inline void atomic_dec(atomic_t *v)
40739 atomic_sub_return(1, v);
40740 diff -urNp linux-2.6.32.1/include/asm-generic/dma-mapping-common.h linux-2.6.32.1/include/asm-generic/dma-mapping-common.h
40741 --- linux-2.6.32.1/include/asm-generic/dma-mapping-common.h 2009-12-02 22:51:21.000000000 -0500
40742 +++ linux-2.6.32.1/include/asm-generic/dma-mapping-common.h 2009-12-14 18:33:58.987946019 -0500
40743 @@ -11,7 +11,7 @@ static inline dma_addr_t dma_map_single_
40744 enum dma_data_direction dir,
40745 struct dma_attrs *attrs)
40747 - struct dma_map_ops *ops = get_dma_ops(dev);
40748 + const struct dma_map_ops *ops = get_dma_ops(dev);
40751 kmemcheck_mark_initialized(ptr, size);
40752 @@ -30,7 +30,7 @@ static inline void dma_unmap_single_attr
40753 enum dma_data_direction dir,
40754 struct dma_attrs *attrs)
40756 - struct dma_map_ops *ops = get_dma_ops(dev);
40757 + const struct dma_map_ops *ops = get_dma_ops(dev);
40759 BUG_ON(!valid_dma_direction(dir));
40760 if (ops->unmap_page)
40761 @@ -42,7 +42,7 @@ static inline int dma_map_sg_attrs(struc
40762 int nents, enum dma_data_direction dir,
40763 struct dma_attrs *attrs)
40765 - struct dma_map_ops *ops = get_dma_ops(dev);
40766 + const struct dma_map_ops *ops = get_dma_ops(dev);
40768 struct scatterlist *s;
40770 @@ -59,7 +59,7 @@ static inline void dma_unmap_sg_attrs(st
40771 int nents, enum dma_data_direction dir,
40772 struct dma_attrs *attrs)
40774 - struct dma_map_ops *ops = get_dma_ops(dev);
40775 + const struct dma_map_ops *ops = get_dma_ops(dev);
40777 BUG_ON(!valid_dma_direction(dir));
40778 debug_dma_unmap_sg(dev, sg, nents, dir);
40779 @@ -71,7 +71,7 @@ static inline dma_addr_t dma_map_page(st
40780 size_t offset, size_t size,
40781 enum dma_data_direction dir)
40783 - struct dma_map_ops *ops = get_dma_ops(dev);
40784 + const struct dma_map_ops *ops = get_dma_ops(dev);
40787 kmemcheck_mark_initialized(page_address(page) + offset, size);
40788 @@ -85,7 +85,7 @@ static inline dma_addr_t dma_map_page(st
40789 static inline void dma_unmap_page(struct device *dev, dma_addr_t addr,
40790 size_t size, enum dma_data_direction dir)
40792 - struct dma_map_ops *ops = get_dma_ops(dev);
40793 + const struct dma_map_ops *ops = get_dma_ops(dev);
40795 BUG_ON(!valid_dma_direction(dir));
40796 if (ops->unmap_page)
40797 @@ -97,7 +97,7 @@ static inline void dma_sync_single_for_c
40799 enum dma_data_direction dir)
40801 - struct dma_map_ops *ops = get_dma_ops(dev);
40802 + const struct dma_map_ops *ops = get_dma_ops(dev);
40804 BUG_ON(!valid_dma_direction(dir));
40805 if (ops->sync_single_for_cpu)
40806 @@ -109,7 +109,7 @@ static inline void dma_sync_single_for_d
40807 dma_addr_t addr, size_t size,
40808 enum dma_data_direction dir)
40810 - struct dma_map_ops *ops = get_dma_ops(dev);
40811 + const struct dma_map_ops *ops = get_dma_ops(dev);
40813 BUG_ON(!valid_dma_direction(dir));
40814 if (ops->sync_single_for_device)
40815 @@ -123,7 +123,7 @@ static inline void dma_sync_single_range
40817 enum dma_data_direction dir)
40819 - struct dma_map_ops *ops = get_dma_ops(dev);
40820 + const struct dma_map_ops *ops = get_dma_ops(dev);
40822 BUG_ON(!valid_dma_direction(dir));
40823 if (ops->sync_single_range_for_cpu) {
40824 @@ -140,7 +140,7 @@ static inline void dma_sync_single_range
40826 enum dma_data_direction dir)
40828 - struct dma_map_ops *ops = get_dma_ops(dev);
40829 + const struct dma_map_ops *ops = get_dma_ops(dev);
40831 BUG_ON(!valid_dma_direction(dir));
40832 if (ops->sync_single_range_for_device) {
40833 @@ -155,7 +155,7 @@ static inline void
40834 dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sg,
40835 int nelems, enum dma_data_direction dir)
40837 - struct dma_map_ops *ops = get_dma_ops(dev);
40838 + const struct dma_map_ops *ops = get_dma_ops(dev);
40840 BUG_ON(!valid_dma_direction(dir));
40841 if (ops->sync_sg_for_cpu)
40842 @@ -167,7 +167,7 @@ static inline void
40843 dma_sync_sg_for_device(struct device *dev, struct scatterlist *sg,
40844 int nelems, enum dma_data_direction dir)
40846 - struct dma_map_ops *ops = get_dma_ops(dev);
40847 + const struct dma_map_ops *ops = get_dma_ops(dev);
40849 BUG_ON(!valid_dma_direction(dir));
40850 if (ops->sync_sg_for_device)
40851 diff -urNp linux-2.6.32.1/include/asm-generic/futex.h linux-2.6.32.1/include/asm-generic/futex.h
40852 --- linux-2.6.32.1/include/asm-generic/futex.h 2009-12-02 22:51:21.000000000 -0500
40853 +++ linux-2.6.32.1/include/asm-generic/futex.h 2009-12-14 18:33:58.987946019 -0500
40855 #include <asm/errno.h>
40858 -futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
40859 +futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
40861 int op = (encoded_op >> 28) & 7;
40862 int cmp = (encoded_op >> 24) & 15;
40863 @@ -48,7 +48,7 @@ futex_atomic_op_inuser (int encoded_op,
40867 -futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
40868 +futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, int newval)
40872 diff -urNp linux-2.6.32.1/include/asm-generic/int-l64.h linux-2.6.32.1/include/asm-generic/int-l64.h
40873 --- linux-2.6.32.1/include/asm-generic/int-l64.h 2009-12-02 22:51:21.000000000 -0500
40874 +++ linux-2.6.32.1/include/asm-generic/int-l64.h 2009-12-14 18:33:58.987946019 -0500
40875 @@ -46,6 +46,8 @@ typedef unsigned int u32;
40876 typedef signed long s64;
40877 typedef unsigned long u64;
40879 +typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
40882 #define U8_C(x) x ## U
40884 diff -urNp linux-2.6.32.1/include/asm-generic/int-ll64.h linux-2.6.32.1/include/asm-generic/int-ll64.h
40885 --- linux-2.6.32.1/include/asm-generic/int-ll64.h 2009-12-02 22:51:21.000000000 -0500
40886 +++ linux-2.6.32.1/include/asm-generic/int-ll64.h 2009-12-14 18:33:58.987946019 -0500
40887 @@ -51,6 +51,8 @@ typedef unsigned int u32;
40888 typedef signed long long s64;
40889 typedef unsigned long long u64;
40891 +typedef unsigned long long intoverflow_t;
40894 #define U8_C(x) x ## U
40896 diff -urNp linux-2.6.32.1/include/asm-generic/kmap_types.h linux-2.6.32.1/include/asm-generic/kmap_types.h
40897 --- linux-2.6.32.1/include/asm-generic/kmap_types.h 2009-12-02 22:51:21.000000000 -0500
40898 +++ linux-2.6.32.1/include/asm-generic/kmap_types.h 2009-12-14 18:33:58.987946019 -0500
40899 @@ -28,7 +28,8 @@ KMAP_D(15) KM_UML_USERCOPY,
40900 KMAP_D(16) KM_IRQ_PTE,
40902 KMAP_D(18) KM_NMI_PTE,
40903 -KMAP_D(19) KM_TYPE_NR
40904 +KMAP_D(19) KM_CLEARPAGE,
40905 +KMAP_D(20) KM_TYPE_NR
40909 diff -urNp linux-2.6.32.1/include/asm-generic/pgtable.h linux-2.6.32.1/include/asm-generic/pgtable.h
40910 --- linux-2.6.32.1/include/asm-generic/pgtable.h 2009-12-02 22:51:21.000000000 -0500
40911 +++ linux-2.6.32.1/include/asm-generic/pgtable.h 2009-12-14 18:33:58.988946269 -0500
40912 @@ -344,6 +344,14 @@ extern void untrack_pfn_vma(struct vm_ar
40913 unsigned long size);
40916 +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
40917 +static inline unsigned long pax_open_kernel(void) { return 0; }
40920 +#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
40921 +static inline unsigned long pax_close_kernel(void) { return 0; }
40924 #endif /* !__ASSEMBLY__ */
40926 #endif /* _ASM_GENERIC_PGTABLE_H */
40927 diff -urNp linux-2.6.32.1/include/asm-generic/vmlinux.lds.h linux-2.6.32.1/include/asm-generic/vmlinux.lds.h
40928 --- linux-2.6.32.1/include/asm-generic/vmlinux.lds.h 2009-12-02 22:51:21.000000000 -0500
40929 +++ linux-2.6.32.1/include/asm-generic/vmlinux.lds.h 2009-12-14 18:33:59.005958426 -0500
40930 @@ -199,6 +199,7 @@
40931 .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
40932 VMLINUX_SYMBOL(__start_rodata) = .; \
40933 *(.rodata) *(.rodata.*) \
40934 + *(.data.read_only) \
40935 *(__vermagic) /* Kernel version magic */ \
40936 *(__markers_strings) /* Markers: strings */ \
40937 *(__tracepoints_strings)/* Tracepoints: strings */ \
40938 @@ -656,22 +657,24 @@
40939 * section in the linker script will go there too. @phdr should have
40942 - * Note that this macros defines __per_cpu_load as an absolute symbol.
40943 + * Note that this macros defines per_cpu_load as an absolute symbol.
40944 * If there is no need to put the percpu section at a predetermined
40945 * address, use PERCPU().
40947 #define PERCPU_VADDR(vaddr, phdr) \
40948 - VMLINUX_SYMBOL(__per_cpu_load) = .; \
40949 - .data.percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \
40950 + per_cpu_load = .; \
40951 + .data.percpu vaddr : AT(VMLINUX_SYMBOL(per_cpu_load) \
40953 + VMLINUX_SYMBOL(__per_cpu_load) = . + per_cpu_load; \
40954 VMLINUX_SYMBOL(__per_cpu_start) = .; \
40955 *(.data.percpu.first) \
40956 - *(.data.percpu.page_aligned) \
40958 + . = ALIGN(PAGE_SIZE); \
40959 + *(.data.percpu.page_aligned) \
40960 *(.data.percpu.shared_aligned) \
40961 VMLINUX_SYMBOL(__per_cpu_end) = .; \
40963 - . = VMLINUX_SYMBOL(__per_cpu_load) + SIZEOF(.data.percpu);
40964 + . = VMLINUX_SYMBOL(per_cpu_load) + SIZEOF(.data.percpu);
40967 * PERCPU - define output section for percpu area, simple version
40968 diff -urNp linux-2.6.32.1/include/drm/drm_pciids.h linux-2.6.32.1/include/drm/drm_pciids.h
40969 --- linux-2.6.32.1/include/drm/drm_pciids.h 2009-12-02 22:51:21.000000000 -0500
40970 +++ linux-2.6.32.1/include/drm/drm_pciids.h 2009-12-14 18:33:59.025760956 -0500
40971 @@ -375,7 +375,7 @@
40972 {0x1002, 0x9712, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
40973 {0x1002, 0x9713, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
40974 {0x1002, 0x9714, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
40976 + {0, 0, 0, 0, 0, 0}
40978 #define r128_PCI_IDS \
40979 {0x1002, 0x4c45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40980 @@ -415,14 +415,14 @@
40981 {0x1002, 0x5446, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40982 {0x1002, 0x544C, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40983 {0x1002, 0x5452, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40985 + {0, 0, 0, 0, 0, 0}
40987 #define mga_PCI_IDS \
40988 {0x102b, 0x0520, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
40989 {0x102b, 0x0521, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
40990 {0x102b, 0x0525, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G400}, \
40991 {0x102b, 0x2527, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G550}, \
40993 + {0, 0, 0, 0, 0, 0}
40995 #define mach64_PCI_IDS \
40996 {0x1002, 0x4749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40997 @@ -445,7 +445,7 @@
40998 {0x1002, 0x4c53, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
40999 {0x1002, 0x4c4d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41000 {0x1002, 0x4c4e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41002 + {0, 0, 0, 0, 0, 0}
41004 #define sisdrv_PCI_IDS \
41005 {0x1039, 0x0300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41006 @@ -456,7 +456,7 @@
41007 {0x1039, 0x7300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41008 {0x18CA, 0x0040, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
41009 {0x18CA, 0x0042, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
41011 + {0, 0, 0, 0, 0, 0}
41013 #define tdfx_PCI_IDS \
41014 {0x121a, 0x0003, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41015 @@ -465,7 +465,7 @@
41016 {0x121a, 0x0007, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41017 {0x121a, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41018 {0x121a, 0x000b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41020 + {0, 0, 0, 0, 0, 0}
41022 #define viadrv_PCI_IDS \
41023 {0x1106, 0x3022, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41024 @@ -477,14 +477,14 @@
41025 {0x1106, 0x3343, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41026 {0x1106, 0x3230, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_DX9_0}, \
41027 {0x1106, 0x3157, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_PRO_GROUP_A}, \
41029 + {0, 0, 0, 0, 0, 0}
41031 #define i810_PCI_IDS \
41032 {0x8086, 0x7121, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41033 {0x8086, 0x7123, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41034 {0x8086, 0x7125, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41035 {0x8086, 0x1132, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41037 + {0, 0, 0, 0, 0, 0}
41039 #define i830_PCI_IDS \
41040 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41041 @@ -492,11 +492,11 @@
41042 {0x8086, 0x3582, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41043 {0x8086, 0x2572, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41044 {0x8086, 0x358e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41046 + {0, 0, 0, 0, 0, 0}
41048 #define gamma_PCI_IDS \
41049 {0x3d3d, 0x0008, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
41051 + {0, 0, 0, 0, 0, 0}
41053 #define savage_PCI_IDS \
41054 {0x5333, 0x8a20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_SAVAGE3D}, \
41055 @@ -522,10 +522,10 @@
41056 {0x5333, 0x8d02, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_TWISTER}, \
41057 {0x5333, 0x8d03, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
41058 {0x5333, 0x8d04, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
41060 + {0, 0, 0, 0, 0, 0}
41062 #define ffb_PCI_IDS \
41064 + {0, 0, 0, 0, 0, 0}
41066 #define i915_PCI_IDS \
41067 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41068 @@ -558,4 +558,4 @@
41069 {0x8086, 0x35e8, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41070 {0x8086, 0x0042, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41071 {0x8086, 0x0046, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
41073 + {0, 0, 0, 0, 0, 0}
41074 diff -urNp linux-2.6.32.1/include/drm/drmP.h linux-2.6.32.1/include/drm/drmP.h
41075 --- linux-2.6.32.1/include/drm/drmP.h 2009-12-02 22:51:21.000000000 -0500
41076 +++ linux-2.6.32.1/include/drm/drmP.h 2009-12-14 18:33:59.025760956 -0500
41077 @@ -814,7 +814,7 @@ struct drm_driver {
41078 void (*vgaarb_irq)(struct drm_device *dev, bool state);
41080 /* Driver private ops for this object */
41081 - struct vm_operations_struct *gem_vm_ops;
41082 + const struct vm_operations_struct *gem_vm_ops;
41086 @@ -917,7 +917,7 @@ struct drm_device {
41088 /** \name Usage Counters */
41090 - int open_count; /**< Outstanding files open */
41091 + atomic_t open_count; /**< Outstanding files open */
41092 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
41093 atomic_t vma_count; /**< Outstanding vma areas open */
41094 int buf_use; /**< Buffers in use -- cannot alloc */
41095 @@ -928,7 +928,7 @@ struct drm_device {
41097 unsigned long counters;
41098 enum drm_stat_type types[15];
41099 - atomic_t counts[15];
41100 + atomic_unchecked_t counts[15];
41103 struct list_head filelist;
41104 diff -urNp linux-2.6.32.1/include/linux/a.out.h linux-2.6.32.1/include/linux/a.out.h
41105 --- linux-2.6.32.1/include/linux/a.out.h 2009-12-02 22:51:21.000000000 -0500
41106 +++ linux-2.6.32.1/include/linux/a.out.h 2009-12-14 18:33:59.025760956 -0500
41107 @@ -39,6 +39,14 @@ enum machine_type {
41108 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
41111 +/* Constants for the N_FLAGS field */
41112 +#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
41113 +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
41114 +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
41115 +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
41116 +/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
41117 +#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
41119 #if !defined (N_MAGIC)
41120 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
41122 diff -urNp linux-2.6.32.1/include/linux/atmdev.h linux-2.6.32.1/include/linux/atmdev.h
41123 --- linux-2.6.32.1/include/linux/atmdev.h 2009-12-02 22:51:21.000000000 -0500
41124 +++ linux-2.6.32.1/include/linux/atmdev.h 2009-12-14 18:33:59.026954386 -0500
41125 @@ -237,7 +237,7 @@ struct compat_atm_iobuf {
41128 struct k_atm_aal_stats {
41129 -#define __HANDLE_ITEM(i) atomic_t i
41130 +#define __HANDLE_ITEM(i) atomic_unchecked_t i
41132 #undef __HANDLE_ITEM
41134 diff -urNp linux-2.6.32.1/include/linux/backlight.h linux-2.6.32.1/include/linux/backlight.h
41135 --- linux-2.6.32.1/include/linux/backlight.h 2009-12-02 22:51:21.000000000 -0500
41136 +++ linux-2.6.32.1/include/linux/backlight.h 2009-12-14 18:33:59.026954386 -0500
41137 @@ -36,18 +36,18 @@ struct backlight_device;
41140 struct backlight_ops {
41141 - unsigned int options;
41142 + const unsigned int options;
41144 #define BL_CORE_SUSPENDRESUME (1 << 0)
41146 /* Notify the backlight driver some property has changed */
41147 - int (*update_status)(struct backlight_device *);
41148 + int (* const update_status)(struct backlight_device *);
41149 /* Return the current backlight brightness (accounting for power,
41151 - int (*get_brightness)(struct backlight_device *);
41152 + int (* const get_brightness)(struct backlight_device *);
41153 /* Check if given framebuffer device is the one bound to this backlight;
41154 return 0 if not, !=0 if it is. If NULL, backlight always matches the fb. */
41155 - int (*check_fb)(struct fb_info *);
41156 + int (* const check_fb)(struct fb_info *);
41159 /* This structure defines all the properties of a backlight */
41160 @@ -86,7 +86,7 @@ struct backlight_device {
41161 registered this device has been unloaded, and if class_get_devdata()
41162 points to something in the body of that driver, it is also invalid. */
41163 struct mutex ops_lock;
41164 - struct backlight_ops *ops;
41165 + const struct backlight_ops *ops;
41167 /* The framebuffer notifier block */
41168 struct notifier_block fb_notif;
41169 @@ -103,7 +103,7 @@ static inline void backlight_update_stat
41172 extern struct backlight_device *backlight_device_register(const char *name,
41173 - struct device *dev, void *devdata, struct backlight_ops *ops);
41174 + struct device *dev, void *devdata, const struct backlight_ops *ops);
41175 extern void backlight_device_unregister(struct backlight_device *bd);
41176 extern void backlight_force_update(struct backlight_device *bd,
41177 enum backlight_update_reason reason);
41178 diff -urNp linux-2.6.32.1/include/linux/binfmts.h linux-2.6.32.1/include/linux/binfmts.h
41179 --- linux-2.6.32.1/include/linux/binfmts.h 2009-12-02 22:51:21.000000000 -0500
41180 +++ linux-2.6.32.1/include/linux/binfmts.h 2009-12-14 18:33:59.026954386 -0500
41181 @@ -78,6 +78,7 @@ struct linux_binfmt {
41182 int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
41183 int (*load_shlib)(struct file *);
41184 int (*core_dump)(long signr, struct pt_regs *regs, struct file *file, unsigned long limit);
41185 + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
41186 unsigned long min_coredump; /* minimal dump size */
41189 diff -urNp linux-2.6.32.1/include/linux/blkdev.h linux-2.6.32.1/include/linux/blkdev.h
41190 --- linux-2.6.32.1/include/linux/blkdev.h 2009-12-02 22:51:21.000000000 -0500
41191 +++ linux-2.6.32.1/include/linux/blkdev.h 2009-12-14 18:33:59.026954386 -0500
41192 @@ -1253,19 +1253,19 @@ static inline int blk_integrity_rq(struc
41193 #endif /* CONFIG_BLK_DEV_INTEGRITY */
41195 struct block_device_operations {
41196 - int (*open) (struct block_device *, fmode_t);
41197 - int (*release) (struct gendisk *, fmode_t);
41198 - int (*locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41199 - int (*ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41200 - int (*compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41201 - int (*direct_access) (struct block_device *, sector_t,
41202 + int (* const open) (struct block_device *, fmode_t);
41203 + int (* const release) (struct gendisk *, fmode_t);
41204 + int (* const locked_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41205 + int (* const ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41206 + int (* const compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
41207 + int (* const direct_access) (struct block_device *, sector_t,
41208 void **, unsigned long *);
41209 - int (*media_changed) (struct gendisk *);
41210 - unsigned long long (*set_capacity) (struct gendisk *,
41211 + int (* const media_changed) (struct gendisk *);
41212 + unsigned long long (* const set_capacity) (struct gendisk *,
41213 unsigned long long);
41214 - int (*revalidate_disk) (struct gendisk *);
41215 - int (*getgeo)(struct block_device *, struct hd_geometry *);
41216 - struct module *owner;
41217 + int (* const revalidate_disk) (struct gendisk *);
41218 + int (*const getgeo)(struct block_device *, struct hd_geometry *);
41219 + struct module * const owner;
41222 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int,
41223 diff -urNp linux-2.6.32.1/include/linux/cache.h linux-2.6.32.1/include/linux/cache.h
41224 --- linux-2.6.32.1/include/linux/cache.h 2009-12-02 22:51:21.000000000 -0500
41225 +++ linux-2.6.32.1/include/linux/cache.h 2009-12-14 18:33:59.027947208 -0500
41227 #define __read_mostly
41230 +#ifndef __read_only
41231 +#define __read_only __read_mostly
41234 #ifndef ____cacheline_aligned
41235 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
41237 diff -urNp linux-2.6.32.1/include/linux/capability.h linux-2.6.32.1/include/linux/capability.h
41238 --- linux-2.6.32.1/include/linux/capability.h 2009-12-02 22:51:21.000000000 -0500
41239 +++ linux-2.6.32.1/include/linux/capability.h 2009-12-14 18:33:59.027947208 -0500
41240 @@ -563,6 +563,7 @@ extern const kernel_cap_t __cap_init_eff
41241 (security_real_capable_noaudit((t), (cap)) == 0)
41243 extern int capable(int cap);
41244 +int capable_nolog(int cap);
41246 /* audit system wants to get cap info from files as well */
41248 diff -urNp linux-2.6.32.1/include/linux/compiler-gcc4.h linux-2.6.32.1/include/linux/compiler-gcc4.h
41249 --- linux-2.6.32.1/include/linux/compiler-gcc4.h 2009-12-02 22:51:21.000000000 -0500
41250 +++ linux-2.6.32.1/include/linux/compiler-gcc4.h 2009-12-14 18:33:59.027947208 -0500
41252 the kernel context */
41253 #define __cold __attribute__((__cold__))
41255 +#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__)))
41256 +#define __bos(ptr, arg) __builtin_object_size((ptr), (arg))
41257 +#define __bos0(ptr) __bos((ptr), 0)
41258 +#define __bos1(ptr) __bos((ptr), 1)
41260 diff -urNp linux-2.6.32.1/include/linux/compiler.h linux-2.6.32.1/include/linux/compiler.h
41261 --- linux-2.6.32.1/include/linux/compiler.h 2009-12-02 22:51:21.000000000 -0500
41262 +++ linux-2.6.32.1/include/linux/compiler.h 2009-12-14 18:33:59.027947208 -0500
41263 @@ -256,6 +256,22 @@ void ftrace_likely_update(struct ftrace_
41267 +#ifndef __alloc_size
41268 +#define __alloc_size
41283 /* Simple shorthand for a section definition */
41285 # define __section(S) __attribute__ ((__section__(#S)))
41286 diff -urNp linux-2.6.32.1/include/linux/decompress/mm.h linux-2.6.32.1/include/linux/decompress/mm.h
41287 --- linux-2.6.32.1/include/linux/decompress/mm.h 2009-12-02 22:51:21.000000000 -0500
41288 +++ linux-2.6.32.1/include/linux/decompress/mm.h 2009-12-14 18:33:59.028944187 -0500
41289 @@ -68,7 +68,7 @@ static void free(void *where)
41290 * warnings when not needed (indeed large_malloc / large_free are not
41291 * needed by inflate */
41293 -#define malloc(a) kmalloc(a, GFP_KERNEL)
41294 +#define malloc(a) kmalloc((a), GFP_KERNEL)
41295 #define free(a) kfree(a)
41297 #define large_malloc(a) vmalloc(a)
41298 diff -urNp linux-2.6.32.1/include/linux/elf.h linux-2.6.32.1/include/linux/elf.h
41299 --- linux-2.6.32.1/include/linux/elf.h 2009-12-02 22:51:21.000000000 -0500
41300 +++ linux-2.6.32.1/include/linux/elf.h 2009-12-14 18:33:59.028944187 -0500
41301 @@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword;
41302 #define PT_GNU_EH_FRAME 0x6474e550
41304 #define PT_GNU_STACK (PT_LOOS + 0x474e551)
41305 +#define PT_GNU_RELRO (PT_LOOS + 0x474e552)
41307 +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580)
41309 +/* Constants for the e_flags field */
41310 +#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
41311 +#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */
41312 +#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */
41313 +#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */
41314 +/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
41315 +#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
41317 /* These constants define the different elf file types */
41319 @@ -84,6 +95,8 @@ typedef __s64 Elf64_Sxword;
41320 #define DT_DEBUG 21
41321 #define DT_TEXTREL 22
41322 #define DT_JMPREL 23
41323 +#define DT_FLAGS 30
41324 + #define DF_TEXTREL 0x00000004
41325 #define DT_ENCODING 32
41326 #define OLD_DT_LOOS 0x60000000
41327 #define DT_LOOS 0x6000000d
41328 @@ -230,6 +243,19 @@ typedef struct elf64_hdr {
41332 +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */
41333 +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */
41334 +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */
41335 +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */
41336 +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */
41337 +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */
41338 +/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */
41339 +/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */
41340 +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */
41341 +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */
41342 +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */
41343 +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */
41345 typedef struct elf32_phdr{
41347 Elf32_Off p_offset;
41348 @@ -322,6 +348,8 @@ typedef struct elf64_shdr {
41354 #define ELFMAG0 0x7f /* EI_MAG */
41355 #define ELFMAG1 'E'
41356 #define ELFMAG2 'L'
41357 @@ -386,6 +414,7 @@ extern Elf32_Dyn _DYNAMIC [];
41358 #define elf_phdr elf32_phdr
41359 #define elf_note elf32_note
41360 #define elf_addr_t Elf32_Off
41361 +#define elf_dyn Elf32_Dyn
41365 @@ -394,6 +423,7 @@ extern Elf64_Dyn _DYNAMIC [];
41366 #define elf_phdr elf64_phdr
41367 #define elf_note elf64_note
41368 #define elf_addr_t Elf64_Off
41369 +#define elf_dyn Elf64_Dyn
41373 diff -urNp linux-2.6.32.1/include/linux/fs.h linux-2.6.32.1/include/linux/fs.h
41374 --- linux-2.6.32.1/include/linux/fs.h 2009-12-02 22:51:21.000000000 -0500
41375 +++ linux-2.6.32.1/include/linux/fs.h 2009-12-14 18:33:59.059779887 -0500
41376 @@ -87,6 +87,10 @@ struct inodes_stat_t {
41378 #define FMODE_NOCMTIME ((__force fmode_t)2048)
41380 +/* Hack for grsec so as not to require read permission simply to execute
41382 +#define FMODE_GREXEC ((__force fmode_t)8192)
41385 * The below are the various read and write types that we support. Some of
41386 * them include behavioral modifiers that send information down to the
41387 @@ -565,41 +569,41 @@ typedef int (*read_actor_t)(read_descrip
41388 unsigned long, unsigned long);
41390 struct address_space_operations {
41391 - int (*writepage)(struct page *page, struct writeback_control *wbc);
41392 - int (*readpage)(struct file *, struct page *);
41393 - void (*sync_page)(struct page *);
41394 + int (* const writepage)(struct page *page, struct writeback_control *wbc);
41395 + int (* const readpage)(struct file *, struct page *);
41396 + void (* const sync_page)(struct page *);
41398 /* Write back some dirty pages from this mapping. */
41399 - int (*writepages)(struct address_space *, struct writeback_control *);
41400 + int (* const writepages)(struct address_space *, struct writeback_control *);
41402 /* Set a page dirty. Return true if this dirtied it */
41403 - int (*set_page_dirty)(struct page *page);
41404 + int (* const set_page_dirty)(struct page *page);
41406 - int (*readpages)(struct file *filp, struct address_space *mapping,
41407 + int (* const readpages)(struct file *filp, struct address_space *mapping,
41408 struct list_head *pages, unsigned nr_pages);
41410 - int (*write_begin)(struct file *, struct address_space *mapping,
41411 + int (* const write_begin)(struct file *, struct address_space *mapping,
41412 loff_t pos, unsigned len, unsigned flags,
41413 struct page **pagep, void **fsdata);
41414 - int (*write_end)(struct file *, struct address_space *mapping,
41415 + int (* const write_end)(struct file *, struct address_space *mapping,
41416 loff_t pos, unsigned len, unsigned copied,
41417 struct page *page, void *fsdata);
41419 /* Unfortunately this kludge is needed for FIBMAP. Don't use it */
41420 - sector_t (*bmap)(struct address_space *, sector_t);
41421 - void (*invalidatepage) (struct page *, unsigned long);
41422 - int (*releasepage) (struct page *, gfp_t);
41423 - ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
41424 + sector_t (* const bmap)(struct address_space *, sector_t);
41425 + void (* const invalidatepage) (struct page *, unsigned long);
41426 + int (* const releasepage) (struct page *, gfp_t);
41427 + ssize_t (* const direct_IO)(int, struct kiocb *, const struct iovec *iov,
41428 loff_t offset, unsigned long nr_segs);
41429 - int (*get_xip_mem)(struct address_space *, pgoff_t, int,
41430 + int (* const get_xip_mem)(struct address_space *, pgoff_t, int,
41431 void **, unsigned long *);
41432 /* migrate the contents of a page to the specified target */
41433 - int (*migratepage) (struct address_space *,
41434 + int (* const migratepage) (struct address_space *,
41435 struct page *, struct page *);
41436 - int (*launder_page) (struct page *);
41437 - int (*is_partially_uptodate) (struct page *, read_descriptor_t *,
41438 + int (* const launder_page) (struct page *);
41439 + int (* const is_partially_uptodate) (struct page *, read_descriptor_t *,
41441 - int (*error_remove_page)(struct address_space *, struct page *);
41442 + int (* const error_remove_page)(struct address_space *, struct page *);
41446 @@ -1027,19 +1031,19 @@ static inline int file_check_writeable(s
41447 typedef struct files_struct *fl_owner_t;
41449 struct file_lock_operations {
41450 - void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
41451 - void (*fl_release_private)(struct file_lock *);
41452 + void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
41453 + void (* const fl_release_private)(struct file_lock *);
41456 struct lock_manager_operations {
41457 - int (*fl_compare_owner)(struct file_lock *, struct file_lock *);
41458 - void (*fl_notify)(struct file_lock *); /* unblock callback */
41459 - int (*fl_grant)(struct file_lock *, struct file_lock *, int);
41460 - void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
41461 - void (*fl_release_private)(struct file_lock *);
41462 - void (*fl_break)(struct file_lock *);
41463 - int (*fl_mylease)(struct file_lock *, struct file_lock *);
41464 - int (*fl_change)(struct file_lock **, int);
41465 + int (* const fl_compare_owner)(struct file_lock *, struct file_lock *);
41466 + void (* const fl_notify)(struct file_lock *); /* unblock callback */
41467 + int (* const fl_grant)(struct file_lock *, struct file_lock *, int);
41468 + void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
41469 + void (* const fl_release_private)(struct file_lock *);
41470 + void (* const fl_break)(struct file_lock *);
41471 + int (* const fl_mylease)(struct file_lock *, struct file_lock *);
41472 + int (* const fl_change)(struct file_lock **, int);
41475 struct lock_manager {
41476 @@ -1436,7 +1440,7 @@ struct fiemap_extent_info {
41477 unsigned int fi_flags; /* Flags as passed from user */
41478 unsigned int fi_extents_mapped; /* Number of mapped extents */
41479 unsigned int fi_extents_max; /* Size of fiemap_extent array */
41480 - struct fiemap_extent *fi_extents_start; /* Start of fiemap_extent
41481 + struct fiemap_extent __user *fi_extents_start; /* Start of fiemap_extent
41484 int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical,
41485 @@ -1607,32 +1607,32 @@
41486 ssize_t vfs_sendfile(struct file *, struct file *, loff_t *, size_t, loff_t);
41488 struct super_operations {
41489 - struct inode *(*alloc_inode)(struct super_block *sb);
41490 - void (*destroy_inode)(struct inode *);
41491 + struct inode *(* const alloc_inode)(struct super_block *sb);
41492 + void (* const destroy_inode)(struct inode *);
41494 - void (*dirty_inode) (struct inode *);
41495 - int (*write_inode) (struct inode *, int);
41496 - void (*drop_inode) (struct inode *);
41497 - void (*delete_inode) (struct inode *);
41498 - void (*put_super) (struct super_block *);
41499 - void (*write_super) (struct super_block *);
41500 - int (*sync_fs)(struct super_block *sb, int wait);
41501 - int (*freeze_fs) (struct super_block *);
41502 - int (*unfreeze_fs) (struct super_block *);
41503 - int (*statfs) (struct dentry *, struct kstatfs *);
41504 - int (*remount_fs) (struct super_block *, int *, char *);
41505 - void (*clear_inode) (struct inode *);
41506 - void (*umount_begin) (struct super_block *);
41507 + void (* const dirty_inode) (struct inode *);
41508 + int (* const write_inode) (struct inode *, int);
41509 + void (* const drop_inode) (struct inode *);
41510 + void (* const delete_inode) (struct inode *);
41511 + void (* const put_super) (struct super_block *);
41512 + void (* const write_super) (struct super_block *);
41513 + int (* const sync_fs)(struct super_block *sb, int wait);
41514 + int (* const freeze_fs) (struct super_block *);
41515 + int (* const unfreeze_fs) (struct super_block *);
41516 + int (* const statfs) (struct dentry *, struct kstatfs *);
41517 + int (* const remount_fs) (struct super_block *, int *, char *);
41518 + void (* const clear_inode) (struct inode *);
41519 + void (* const umount_begin) (struct super_block *);
41521 - void (*sync_inodes)(struct super_block *sb,
41522 + void (* const sync_inodes)(struct super_block *sb,
41523 struct writeback_control *wbc);
41524 - int (*show_options)(struct seq_file *, struct vfsmount *);
41525 - int (*show_stats)(struct seq_file *, struct vfsmount *);
41526 + int (* const show_options)(struct seq_file *, struct vfsmount *);
41527 + int (* const show_stats)(struct seq_file *, struct vfsmount *);
41528 #ifdef CONFIG_QUOTA
41529 - ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t);
41530 - ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t);
41531 + ssize_t (* const quota_read)(struct super_block *, int, char *, size_t, loff_t);
41532 + ssize_t (* const quota_write)(struct super_block *, int, const char *, size_t, loff_t);
41534 - int (*bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
41535 + int (* const bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
41539 diff -urNp linux-2.6.32.1/include/linux/fs_struct.h linux-2.6.32.1/include/linux/fs_struct.h
41540 --- linux-2.6.32.1/include/linux/fs_struct.h 2009-12-02 22:51:21.000000000 -0500
41541 +++ linux-2.6.32.1/include/linux/fs_struct.h 2009-12-14 18:33:59.059779887 -0500
41543 #include <linux/path.h>
41551 diff -urNp linux-2.6.32.1/include/linux/genhd.h linux-2.6.32.1/include/linux/genhd.h
41552 --- linux-2.6.32.1/include/linux/genhd.h 2009-12-02 22:51:21.000000000 -0500
41553 +++ linux-2.6.32.1/include/linux/genhd.h 2009-12-14 18:33:59.069828957 -0500
41554 @@ -161,7 +161,7 @@ struct gendisk {
41556 struct timer_rand_state *random;
41558 - atomic_t sync_io; /* RAID */
41559 + atomic_unchecked_t sync_io; /* RAID */
41560 struct work_struct async_notify;
41561 #ifdef CONFIG_BLK_DEV_INTEGRITY
41562 struct blk_integrity *integrity;
41563 diff -urNp linux-2.6.32.1/include/linux/gracl.h linux-2.6.32.1/include/linux/gracl.h
41564 --- linux-2.6.32.1/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
41565 +++ linux-2.6.32.1/include/linux/gracl.h 2009-12-14 18:33:59.069828957 -0500
41570 +#include <linux/grdefs.h>
41571 +#include <linux/resource.h>
41572 +#include <linux/capability.h>
41573 +#include <linux/dcache.h>
41574 +#include <asm/resource.h>
41576 +/* Major status information */
41578 +#define GR_VERSION "grsecurity 2.1.14"
41579 +#define GRSECURITY_VERSION 0x2114
41590 + GR_SPROLEPAM = 8,
41593 +/* Password setup definitions
41594 + * kernel/grhash.c */
41597 + GR_SALT_LEN = 16,
41602 + GR_SPROLE_LEN = 64,
41605 +#define GR_NLIMITS 32
41607 +/* Begin Data Structures */
41609 +struct sprole_pw {
41610 + unsigned char *rolename;
41611 + unsigned char salt[GR_SALT_LEN];
41612 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
41615 +struct name_entry {
41622 + struct name_entry *prev;
41623 + struct name_entry *next;
41626 +struct inodev_entry {
41627 + struct name_entry *nentry;
41628 + struct inodev_entry *prev;
41629 + struct inodev_entry *next;
41632 +struct acl_role_db {
41633 + struct acl_role_label **r_hash;
41637 +struct inodev_db {
41638 + struct inodev_entry **i_hash;
41643 + struct name_entry **n_hash;
41647 +struct crash_uid {
41649 + unsigned long expires;
41652 +struct gr_hash_struct {
41654 + void **nametable;
41656 + __u32 table_size;
41661 +/* Userspace Grsecurity ACL data structures */
41663 +struct acl_subject_label {
41668 + kernel_cap_t cap_mask;
41669 + kernel_cap_t cap_lower;
41671 + struct rlimit res[GR_NLIMITS];
41674 + __u8 user_trans_type;
41675 + __u8 group_trans_type;
41676 + uid_t *user_transitions;
41677 + gid_t *group_transitions;
41678 + __u16 user_trans_num;
41679 + __u16 group_trans_num;
41681 + __u32 ip_proto[8];
41683 + struct acl_ip_label **ips;
41685 + __u32 inaddr_any_override;
41688 + unsigned long expires;
41690 + struct acl_subject_label *parent_subject;
41691 + struct gr_hash_struct *hash;
41692 + struct acl_subject_label *prev;
41693 + struct acl_subject_label *next;
41695 + struct acl_object_label **obj_hash;
41696 + __u32 obj_hash_size;
41700 +struct role_allowed_ip {
41704 + struct role_allowed_ip *prev;
41705 + struct role_allowed_ip *next;
41708 +struct role_transition {
41711 + struct role_transition *prev;
41712 + struct role_transition *next;
41715 +struct acl_role_label {
41720 + __u16 auth_attempts;
41721 + unsigned long expires;
41723 + struct acl_subject_label *root_label;
41724 + struct gr_hash_struct *hash;
41726 + struct acl_role_label *prev;
41727 + struct acl_role_label *next;
41729 + struct role_transition *transitions;
41730 + struct role_allowed_ip *allowed_ips;
41731 + uid_t *domain_children;
41732 + __u16 domain_child_num;
41734 + struct acl_subject_label **subj_hash;
41735 + __u32 subj_hash_size;
41738 +struct user_acl_role_db {
41739 + struct acl_role_label **r_table;
41740 + __u32 num_pointers; /* Number of allocations to track */
41741 + __u32 num_roles; /* Number of roles */
41742 + __u32 num_domain_children; /* Number of domain children */
41743 + __u32 num_subjects; /* Number of subjects */
41744 + __u32 num_objects; /* Number of objects */
41747 +struct acl_object_label {
41753 + struct acl_subject_label *nested;
41754 + struct acl_object_label *globbed;
41756 + /* next two structures not used */
41758 + struct acl_object_label *prev;
41759 + struct acl_object_label *next;
41762 +struct acl_ip_label {
41771 + /* next two structures not used */
41773 + struct acl_ip_label *prev;
41774 + struct acl_ip_label *next;
41778 + struct user_acl_role_db role_db;
41779 + unsigned char pw[GR_PW_LEN];
41780 + unsigned char salt[GR_SALT_LEN];
41781 + unsigned char sum[GR_SHA_LEN];
41782 + unsigned char sp_role[GR_SPROLE_LEN];
41783 + struct sprole_pw *sprole_pws;
41784 + dev_t segv_device;
41785 + ino_t segv_inode;
41787 + __u16 num_sprole_pws;
41791 +struct gr_arg_wrapper {
41792 + struct gr_arg *arg;
41797 +struct subject_map {
41798 + struct acl_subject_label *user;
41799 + struct acl_subject_label *kernel;
41800 + struct subject_map *prev;
41801 + struct subject_map *next;
41804 +struct acl_subj_map_db {
41805 + struct subject_map **s_hash;
41809 +/* End Data Structures Section */
41811 +/* Hash functions generated by empirical testing by Brad Spengler
41812 + Makes good use of the low bits of the inode. Generally 0-1 times
41813 + in loop for successful match. 0-3 for unsuccessful match.
41814 + Shift/add algorithm with modulus of table size and an XOR*/
41816 +static __inline__ unsigned int
41817 +rhash(const uid_t uid, const __u16 type, const unsigned int sz)
41819 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
41822 + static __inline__ unsigned int
41823 +shash(const struct acl_subject_label *userp, const unsigned int sz)
41825 + return ((const unsigned long)userp % sz);
41828 +static __inline__ unsigned int
41829 +fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
41831 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
41834 +static __inline__ unsigned int
41835 +nhash(const char *name, const __u16 len, const unsigned int sz)
41837 + return full_name_hash((const unsigned char *)name, len) % sz;
41840 +#define FOR_EACH_ROLE_START(role) \
41841 + role = role_list; \
41844 +#define FOR_EACH_ROLE_END(role) \
41845 + role = role->prev; \
41848 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
41851 + while (iter < role->subj_hash_size) { \
41852 + if (subj == NULL) \
41853 + subj = role->subj_hash[iter]; \
41854 + if (subj == NULL) { \
41859 +#define FOR_EACH_SUBJECT_END(subj,iter) \
41860 + subj = subj->next; \
41861 + if (subj == NULL) \
41866 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
41867 + subj = role->hash->first; \
41868 + while (subj != NULL) {
41870 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
41871 + subj = subj->next; \
41876 diff -urNp linux-2.6.32.1/include/linux/gralloc.h linux-2.6.32.1/include/linux/gralloc.h
41877 --- linux-2.6.32.1/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
41878 +++ linux-2.6.32.1/include/linux/gralloc.h 2009-12-14 18:33:59.069828957 -0500
41880 +#ifndef __GRALLOC_H
41881 +#define __GRALLOC_H
41883 +void acl_free_all(void);
41884 +int acl_alloc_stack_init(unsigned long size);
41885 +void *acl_alloc(unsigned long len);
41886 +void *acl_alloc_num(unsigned long num, unsigned long len);
41889 diff -urNp linux-2.6.32.1/include/linux/grdefs.h linux-2.6.32.1/include/linux/grdefs.h
41890 --- linux-2.6.32.1/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
41891 +++ linux-2.6.32.1/include/linux/grdefs.h 2009-12-14 18:33:59.069828957 -0500
41896 +/* Begin grsecurity status declarations */
41900 + GR_STATUS_INIT = 0x00 // disabled state
41903 +/* Begin ACL declarations */
41908 + GR_ROLE_USER = 0x0001,
41909 + GR_ROLE_GROUP = 0x0002,
41910 + GR_ROLE_DEFAULT = 0x0004,
41911 + GR_ROLE_SPECIAL = 0x0008,
41912 + GR_ROLE_AUTH = 0x0010,
41913 + GR_ROLE_NOPW = 0x0020,
41914 + GR_ROLE_GOD = 0x0040,
41915 + GR_ROLE_LEARN = 0x0080,
41916 + GR_ROLE_TPE = 0x0100,
41917 + GR_ROLE_DOMAIN = 0x0200,
41918 + GR_ROLE_PAM = 0x0400
41921 +/* ACL Subject and Object mode flags */
41923 + GR_DELETED = 0x80000000
41926 +/* ACL Object-only mode flags */
41928 + GR_READ = 0x00000001,
41929 + GR_APPEND = 0x00000002,
41930 + GR_WRITE = 0x00000004,
41931 + GR_EXEC = 0x00000008,
41932 + GR_FIND = 0x00000010,
41933 + GR_INHERIT = 0x00000020,
41934 + GR_SETID = 0x00000040,
41935 + GR_CREATE = 0x00000080,
41936 + GR_DELETE = 0x00000100,
41937 + GR_LINK = 0x00000200,
41938 + GR_AUDIT_READ = 0x00000400,
41939 + GR_AUDIT_APPEND = 0x00000800,
41940 + GR_AUDIT_WRITE = 0x00001000,
41941 + GR_AUDIT_EXEC = 0x00002000,
41942 + GR_AUDIT_FIND = 0x00004000,
41943 + GR_AUDIT_INHERIT= 0x00008000,
41944 + GR_AUDIT_SETID = 0x00010000,
41945 + GR_AUDIT_CREATE = 0x00020000,
41946 + GR_AUDIT_DELETE = 0x00040000,
41947 + GR_AUDIT_LINK = 0x00080000,
41948 + GR_PTRACERD = 0x00100000,
41949 + GR_NOPTRACE = 0x00200000,
41950 + GR_SUPPRESS = 0x00400000,
41951 + GR_NOLEARN = 0x00800000
41954 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
41955 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
41956 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
41958 +/* ACL subject-only mode flags */
41960 + GR_KILL = 0x00000001,
41961 + GR_VIEW = 0x00000002,
41962 + GR_PROTECTED = 0x00000004,
41963 + GR_LEARN = 0x00000008,
41964 + GR_OVERRIDE = 0x00000010,
41965 + /* just a placeholder, this mode is only used in userspace */
41966 + GR_DUMMY = 0x00000020,
41967 + GR_PROTSHM = 0x00000040,
41968 + GR_KILLPROC = 0x00000080,
41969 + GR_KILLIPPROC = 0x00000100,
41970 + /* just a placeholder, this mode is only used in userspace */
41971 + GR_NOTROJAN = 0x00000200,
41972 + GR_PROTPROCFD = 0x00000400,
41973 + GR_PROCACCT = 0x00000800,
41974 + GR_RELAXPTRACE = 0x00001000,
41975 + GR_NESTED = 0x00002000,
41976 + GR_INHERITLEARN = 0x00004000,
41977 + GR_PROCFIND = 0x00008000,
41978 + GR_POVERRIDE = 0x00010000,
41979 + GR_KERNELAUTH = 0x00020000,
41983 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
41984 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
41985 + GR_PAX_ENABLE_MPROTECT = 0x0004,
41986 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
41987 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
41988 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
41989 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
41990 + GR_PAX_DISABLE_MPROTECT = 0x0400,
41991 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
41992 + GR_PAX_DISABLE_EMUTRAMP = 0x1000,
41996 + GR_ID_USER = 0x01,
41997 + GR_ID_GROUP = 0x02,
42001 + GR_ID_ALLOW = 0x01,
42002 + GR_ID_DENY = 0x02,
42005 +#define GR_CRASH_RES 31
42006 +#define GR_UIDTABLE_MAX 500
42008 +/* begin resource learning section */
42010 + GR_RLIM_CPU_BUMP = 60,
42011 + GR_RLIM_FSIZE_BUMP = 50000,
42012 + GR_RLIM_DATA_BUMP = 10000,
42013 + GR_RLIM_STACK_BUMP = 1000,
42014 + GR_RLIM_CORE_BUMP = 10000,
42015 + GR_RLIM_RSS_BUMP = 500000,
42016 + GR_RLIM_NPROC_BUMP = 1,
42017 + GR_RLIM_NOFILE_BUMP = 5,
42018 + GR_RLIM_MEMLOCK_BUMP = 50000,
42019 + GR_RLIM_AS_BUMP = 500000,
42020 + GR_RLIM_LOCKS_BUMP = 2,
42021 + GR_RLIM_SIGPENDING_BUMP = 5,
42022 + GR_RLIM_MSGQUEUE_BUMP = 10000,
42023 + GR_RLIM_NICE_BUMP = 1,
42024 + GR_RLIM_RTPRIO_BUMP = 1,
42025 + GR_RLIM_RTTIME_BUMP = 1000000
42029 diff -urNp linux-2.6.32.1/include/linux/grinternal.h linux-2.6.32.1/include/linux/grinternal.h
42030 --- linux-2.6.32.1/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
42031 +++ linux-2.6.32.1/include/linux/grinternal.h 2009-12-14 18:33:59.069828957 -0500
42033 +#ifndef __GRINTERNAL_H
42034 +#define __GRINTERNAL_H
42036 +#ifdef CONFIG_GRKERNSEC
42038 +#include <linux/fs.h>
42039 +#include <linux/mnt_namespace.h>
42040 +#include <linux/nsproxy.h>
42041 +#include <linux/gracl.h>
42042 +#include <linux/grdefs.h>
42043 +#include <linux/grmsg.h>
42045 +void gr_add_learn_entry(const char *fmt, ...)
42046 + __attribute__ ((format (printf, 1, 2)));
42047 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
42048 + const struct vfsmount *mnt);
42049 +__u32 gr_check_create(const struct dentry *new_dentry,
42050 + const struct dentry *parent,
42051 + const struct vfsmount *mnt, const __u32 mode);
42052 +int gr_check_protected_task(const struct task_struct *task);
42053 +__u32 to_gr_audit(const __u32 reqmode);
42054 +int gr_set_acls(const int type);
42056 +int gr_acl_is_enabled(void);
42057 +char gr_roletype_to_char(void);
42059 +void gr_handle_alertkill(struct task_struct *task);
42060 +char *gr_to_filename(const struct dentry *dentry,
42061 + const struct vfsmount *mnt);
42062 +char *gr_to_filename1(const struct dentry *dentry,
42063 + const struct vfsmount *mnt);
42064 +char *gr_to_filename2(const struct dentry *dentry,
42065 + const struct vfsmount *mnt);
42066 +char *gr_to_filename3(const struct dentry *dentry,
42067 + const struct vfsmount *mnt);
42069 +extern int grsec_enable_harden_ptrace;
42070 +extern int grsec_enable_link;
42071 +extern int grsec_enable_fifo;
42072 +extern int grsec_enable_execve;
42073 +extern int grsec_enable_shm;
42074 +extern int grsec_enable_execlog;
42075 +extern int grsec_enable_signal;
42076 +extern int grsec_enable_forkfail;
42077 +extern int grsec_enable_time;
42078 +extern int grsec_enable_rofs;
42079 +extern int grsec_enable_chroot_shmat;
42080 +extern int grsec_enable_chroot_findtask;
42081 +extern int grsec_enable_chroot_mount;
42082 +extern int grsec_enable_chroot_double;
42083 +extern int grsec_enable_chroot_pivot;
42084 +extern int grsec_enable_chroot_chdir;
42085 +extern int grsec_enable_chroot_chmod;
42086 +extern int grsec_enable_chroot_mknod;
42087 +extern int grsec_enable_chroot_fchdir;
42088 +extern int grsec_enable_chroot_nice;
42089 +extern int grsec_enable_chroot_execlog;
42090 +extern int grsec_enable_chroot_caps;
42091 +extern int grsec_enable_chroot_sysctl;
42092 +extern int grsec_enable_chroot_unix;
42093 +extern int grsec_enable_tpe;
42094 +extern int grsec_tpe_gid;
42095 +extern int grsec_enable_tpe_all;
42096 +extern int grsec_enable_sidcaps;
42097 +extern int grsec_enable_socket_all;
42098 +extern int grsec_socket_all_gid;
42099 +extern int grsec_enable_socket_client;
42100 +extern int grsec_socket_client_gid;
42101 +extern int grsec_enable_socket_server;
42102 +extern int grsec_socket_server_gid;
42103 +extern int grsec_audit_gid;
42104 +extern int grsec_enable_group;
42105 +extern int grsec_enable_audit_textrel;
42106 +extern int grsec_enable_mount;
42107 +extern int grsec_enable_chdir;
42108 +extern int grsec_resource_logging;
42109 +extern int grsec_lock;
42111 +extern spinlock_t grsec_alert_lock;
42112 +extern unsigned long grsec_alert_wtime;
42113 +extern unsigned long grsec_alert_fyet;
42115 +extern spinlock_t grsec_audit_lock;
42117 +extern rwlock_t grsec_exec_file_lock;
42119 +#define gr_task_fullpath(tsk) (tsk->exec_file ? \
42120 + gr_to_filename2(tsk->exec_file->f_path.dentry, \
42121 + tsk->exec_file->f_vfsmnt) : "/")
42123 +#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \
42124 + gr_to_filename3(tsk->parent->exec_file->f_path.dentry, \
42125 + tsk->parent->exec_file->f_vfsmnt) : "/")
42127 +#define gr_task_fullpath0(tsk) (tsk->exec_file ? \
42128 + gr_to_filename(tsk->exec_file->f_path.dentry, \
42129 + tsk->exec_file->f_vfsmnt) : "/")
42131 +#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \
42132 + gr_to_filename1(tsk->parent->exec_file->f_path.dentry, \
42133 + tsk->parent->exec_file->f_vfsmnt) : "/")
42135 +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \
42136 + ((init_task.fs->root.dentry != tsk_a->fs->root.dentry) && \
42137 + (tsk_a->nsproxy->mnt_ns->root->mnt_root != \
42138 + tsk_a->fs->root.dentry)))
42140 +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL) && (tsk_b->fs != NULL) && \
42141 + (tsk_a->fs->root.dentry == tsk_b->fs->root.dentry))
42143 +#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), task->comm, \
42144 + task->pid, cred->uid, \
42145 + cred->euid, cred->gid, cred->egid, \
42146 + gr_parent_task_fullpath(task), \
42147 + task->parent->comm, task->parent->pid, \
42148 + pcred->uid, pcred->euid, \
42149 + pcred->gid, pcred->egid
42151 +#define GR_CHROOT_CAPS {{ \
42152 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
42153 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
42154 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
42155 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
42156 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
42157 + CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
42159 +#define security_learn(normal_msg,args...) \
42161 + read_lock(&grsec_exec_file_lock); \
42162 + gr_add_learn_entry(normal_msg "\n", ## args); \
42163 + read_unlock(&grsec_exec_file_lock); \
42169 + GR_DONT_AUDIT_GOOD
42180 + GR_SYSCTL_HIDDEN,
42183 + GR_ONE_INT_TWO_STR,
42188 + GR_FIVE_INT_TWO_STR,
42194 + GR_FILENAME_TWO_INT,
42195 + GR_FILENAME_TWO_INT_STR,
42207 +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
42208 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
42209 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
42210 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
42211 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
42212 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
42213 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
42214 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
42215 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
42216 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
42217 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
42218 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
42219 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
42220 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
42221 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
42222 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
42223 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
42224 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
42225 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
42226 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
42227 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
42228 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
42229 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
42230 +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
42231 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
42232 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
42233 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
42234 +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
42235 +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
42236 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
42237 +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
42238 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
42240 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
42245 diff -urNp linux-2.6.32.1/include/linux/grmsg.h linux-2.6.32.1/include/linux/grmsg.h
42246 --- linux-2.6.32.1/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
42247 +++ linux-2.6.32.1/include/linux/grmsg.h 2009-12-14 18:33:59.070957757 -0500
42249 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
42250 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
42251 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
42252 +#define GR_STOPMOD_MSG "denied modification of module state by "
42253 +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
42254 +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
42255 +#define GR_IOPERM_MSG "denied use of ioperm() by "
42256 +#define GR_IOPL_MSG "denied use of iopl() by "
42257 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
42258 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
42259 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
42260 +#define GR_KMEM_MSG "denied write of /dev/kmem by "
42261 +#define GR_PORT_OPEN_MSG "denied open of /dev/port by "
42262 +#define GR_MEM_WRITE_MSG "denied write of /dev/mem by "
42263 +#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by "
42264 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
42265 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
42266 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
42267 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
42268 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
42269 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
42270 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
42271 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
42272 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
42273 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
42274 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
42275 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
42276 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
42277 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
42278 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
42279 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
42280 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
42281 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
42282 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
42283 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
42284 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
42285 +#define GR_NPROC_MSG "denied overstep of process limit by "
42286 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
42287 +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
42288 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
42289 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
42290 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
42291 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
42292 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
42293 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
42294 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
42295 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
42296 +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by "
42297 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
42298 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
42299 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
42300 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
42301 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
42302 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
42303 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
42304 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by "
42305 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
42306 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
42307 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
42308 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
42309 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
42310 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
42311 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
42312 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
42313 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
42314 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
42315 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
42316 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
42317 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
42318 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
42319 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
42320 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
42321 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
42322 +#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for "
42323 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
42324 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
42325 +#define GR_FAILFORK_MSG "failed fork with errno %d by "
42326 +#define GR_NICE_CHROOT_MSG "denied priority change by "
42327 +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
42328 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
42329 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
42330 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
42331 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
42332 +#define GR_TIME_MSG "time set by "
42333 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
42334 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
42335 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
42336 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
42337 +#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by "
42338 +#define GR_BIND_MSG "denied bind() by "
42339 +#define GR_CONNECT_MSG "denied connect() by "
42340 +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
42341 +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
42342 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
42343 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
42344 +#define GR_CAP_ACL_MSG "use of %s denied for "
42345 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
42346 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
42347 +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
42348 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
42349 +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
42350 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
42351 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
42352 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
42353 +#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
42354 +#define GR_NONROOT_MODLOAD_MSG "denied kernel module auto-load of %.64s by "
42355 +#define GR_VM86_MSG "denied use of vm86 by "
42356 diff -urNp linux-2.6.32.1/include/linux/grsecurity.h linux-2.6.32.1/include/linux/grsecurity.h
42357 --- linux-2.6.32.1/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
42358 +++ linux-2.6.32.1/include/linux/grsecurity.h 2009-12-14 18:33:59.070957757 -0500
42360 +#ifndef GR_SECURITY_H
42361 +#define GR_SECURITY_H
42362 +#include <linux/fs.h>
42363 +#include <linux/fs_struct.h>
42364 +#include <linux/binfmts.h>
42365 +#include <linux/gracl.h>
42367 +/* notify of brain-dead configs */
42368 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
42369 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
42371 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
42372 +#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
42374 +#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
42375 +#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
42377 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
42378 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
42380 +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
42381 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
42384 +void gr_handle_brute_attach(struct task_struct *p);
42385 +void gr_handle_brute_check(void);
42387 +char gr_roletype_to_char(void);
42389 +int gr_check_user_change(int real, int effective, int fs);
42390 +int gr_check_group_change(int real, int effective, int fs);
42392 +void gr_del_task_from_ip_table(struct task_struct *p);
42394 +int gr_pid_is_chrooted(struct task_struct *p);
42395 +int gr_handle_chroot_nice(void);
42396 +int gr_handle_chroot_sysctl(const int op);
42397 +int gr_handle_chroot_setpriority(struct task_struct *p,
42398 + const int niceval);
42399 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
42400 +int gr_handle_chroot_chroot(const struct dentry *dentry,
42401 + const struct vfsmount *mnt);
42402 +int gr_handle_chroot_caps(struct path *path);
42403 +void gr_handle_chroot_chdir(struct path *path);
42404 +int gr_handle_chroot_chmod(const struct dentry *dentry,
42405 + const struct vfsmount *mnt, const int mode);
42406 +int gr_handle_chroot_mknod(const struct dentry *dentry,
42407 + const struct vfsmount *mnt, const int mode);
42408 +int gr_handle_chroot_mount(const struct dentry *dentry,
42409 + const struct vfsmount *mnt,
42410 + const char *dev_name);
42411 +int gr_handle_chroot_pivot(void);
42412 +int gr_handle_chroot_unix(const pid_t pid);
42414 +int gr_handle_rawio(const struct inode *inode);
42415 +int gr_handle_nproc(void);
42417 +void gr_handle_ioperm(void);
42418 +void gr_handle_iopl(void);
42420 +int gr_tpe_allow(const struct file *file);
42422 +int gr_random_pid(void);
42424 +void gr_log_forkfail(const int retval);
42425 +void gr_log_timechange(void);
42426 +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
42427 +void gr_log_chdir(const struct dentry *dentry,
42428 + const struct vfsmount *mnt);
42429 +void gr_log_chroot_exec(const struct dentry *dentry,
42430 + const struct vfsmount *mnt);
42431 +void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
42432 +void gr_log_remount(const char *devname, const int retval);
42433 +void gr_log_unmount(const char *devname, const int retval);
42434 +void gr_log_mount(const char *from, const char *to, const int retval);
42435 +void gr_log_textrel(struct vm_area_struct *vma);
42437 +int gr_handle_follow_link(const struct inode *parent,
42438 + const struct inode *inode,
42439 + const struct dentry *dentry,
42440 + const struct vfsmount *mnt);
42441 +int gr_handle_fifo(const struct dentry *dentry,
42442 + const struct vfsmount *mnt,
42443 + const struct dentry *dir, const int flag,
42444 + const int acc_mode);
42445 +int gr_handle_hardlink(const struct dentry *dentry,
42446 + const struct vfsmount *mnt,
42447 + struct inode *inode,
42448 + const int mode, const char *to);
42450 +int gr_is_capable(const int cap);
42451 +int gr_is_capable_nolog(const int cap);
42452 +void gr_learn_resource(const struct task_struct *task, const int limit,
42453 + const unsigned long wanted, const int gt);
42454 +void gr_copy_label(struct task_struct *tsk);
42455 +void gr_handle_crash(struct task_struct *task, const int sig);
42456 +int gr_handle_signal(const struct task_struct *p, const int sig);
42457 +int gr_check_crash_uid(const uid_t uid);
42458 +int gr_check_protected_task(const struct task_struct *task);
42459 +int gr_acl_handle_mmap(const struct file *file,
42460 + const unsigned long prot);
42461 +int gr_acl_handle_mprotect(const struct file *file,
42462 + const unsigned long prot);
42463 +int gr_check_hidden_task(const struct task_struct *tsk);
42464 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
42465 + const struct vfsmount *mnt);
42466 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
42467 + const struct vfsmount *mnt);
42468 +__u32 gr_acl_handle_access(const struct dentry *dentry,
42469 + const struct vfsmount *mnt, const int fmode);
42470 +__u32 gr_acl_handle_fchmod(const struct dentry *dentry,
42471 + const struct vfsmount *mnt, mode_t mode);
42472 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
42473 + const struct vfsmount *mnt, mode_t mode);
42474 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
42475 + const struct vfsmount *mnt);
42476 +int gr_handle_ptrace(struct task_struct *task, const long request);
42477 +int gr_handle_proc_ptrace(struct task_struct *task);
42478 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
42479 + const struct vfsmount *mnt);
42480 +int gr_check_crash_exec(const struct file *filp);
42481 +int gr_acl_is_enabled(void);
42482 +void gr_set_kernel_label(struct task_struct *task);
42483 +void gr_set_role_label(struct task_struct *task, const uid_t uid,
42484 + const gid_t gid);
42485 +int gr_set_proc_label(const struct dentry *dentry,
42486 + const struct vfsmount *mnt,
42487 + const int unsafe_share);
42488 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
42489 + const struct vfsmount *mnt);
42490 +__u32 gr_acl_handle_open(const struct dentry *dentry,
42491 + const struct vfsmount *mnt, const int fmode);
42492 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
42493 + const struct dentry *p_dentry,
42494 + const struct vfsmount *p_mnt, const int fmode,
42495 + const int imode);
42496 +void gr_handle_create(const struct dentry *dentry,
42497 + const struct vfsmount *mnt);
42498 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
42499 + const struct dentry *parent_dentry,
42500 + const struct vfsmount *parent_mnt,
42502 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
42503 + const struct dentry *parent_dentry,
42504 + const struct vfsmount *parent_mnt);
42505 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
42506 + const struct vfsmount *mnt);
42507 +void gr_handle_delete(const ino_t ino, const dev_t dev);
42508 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
42509 + const struct vfsmount *mnt);
42510 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
42511 + const struct dentry *parent_dentry,
42512 + const struct vfsmount *parent_mnt,
42513 + const char *from);
42514 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
42515 + const struct dentry *parent_dentry,
42516 + const struct vfsmount *parent_mnt,
42517 + const struct dentry *old_dentry,
42518 + const struct vfsmount *old_mnt, const char *to);
42519 +int gr_acl_handle_rename(struct dentry *new_dentry,
42520 + struct dentry *parent_dentry,
42521 + const struct vfsmount *parent_mnt,
42522 + struct dentry *old_dentry,
42523 + struct inode *old_parent_inode,
42524 + struct vfsmount *old_mnt, const char *newname);
42525 +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
42526 + struct dentry *old_dentry,
42527 + struct dentry *new_dentry,
42528 + struct vfsmount *mnt, const __u8 replace);
42529 +__u32 gr_check_link(const struct dentry *new_dentry,
42530 + const struct dentry *parent_dentry,
42531 + const struct vfsmount *parent_mnt,
42532 + const struct dentry *old_dentry,
42533 + const struct vfsmount *old_mnt);
42534 +int gr_acl_handle_filldir(const struct file *file, const char *name,
42535 + const unsigned int namelen, const ino_t ino);
42537 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
42538 + const struct vfsmount *mnt);
42539 +void gr_acl_handle_exit(void);
42540 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
42541 +int gr_acl_handle_procpidmem(const struct task_struct *task);
42542 +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
42543 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
42545 +#ifdef CONFIG_GRKERNSEC
42546 +void gr_log_nonroot_mod_load(const char *modname);
42547 +void gr_handle_vm86(void);
42548 +void gr_handle_mem_write(void);
42549 +void gr_handle_kmem_write(void);
42550 +void gr_handle_open_port(void);
42551 +int gr_handle_mem_mmap(const unsigned long offset,
42552 + struct vm_area_struct *vma);
42554 +extern int grsec_enable_dmesg;
42555 +extern int grsec_enable_randsrc;
42556 +extern int grsec_enable_shm;
42560 diff -urNp linux-2.6.32.1/include/linux/hdpu_features.h linux-2.6.32.1/include/linux/hdpu_features.h
42561 --- linux-2.6.32.1/include/linux/hdpu_features.h 2009-12-02 22:51:21.000000000 -0500
42562 +++ linux-2.6.32.1/include/linux/hdpu_features.h 2009-12-14 18:33:59.070957757 -0500
42564 struct cpustate_t {
42568 + atomic_t open_count;
42569 unsigned char cached_val;
42571 unsigned long *set_addr;
42572 diff -urNp linux-2.6.32.1/include/linux/highmem.h linux-2.6.32.1/include/linux/highmem.h
42573 --- linux-2.6.32.1/include/linux/highmem.h 2009-12-02 22:51:21.000000000 -0500
42574 +++ linux-2.6.32.1/include/linux/highmem.h 2009-12-14 18:33:59.079962146 -0500
42575 @@ -137,6 +137,18 @@ static inline void clear_highpage(struct
42576 kunmap_atomic(kaddr, KM_USER0);
42579 +static inline void sanitize_highpage(struct page *page)
42582 + unsigned long flags;
42584 + local_irq_save(flags);
42585 + kaddr = kmap_atomic(page, KM_CLEARPAGE);
42586 + clear_page(kaddr);
42587 + kunmap_atomic(kaddr, KM_CLEARPAGE);
42588 + local_irq_restore(flags);
42591 static inline void zero_user_segments(struct page *page,
42592 unsigned start1, unsigned end1,
42593 unsigned start2, unsigned end2)
42594 diff -urNp linux-2.6.32.1/include/linux/interrupt.h linux-2.6.32.1/include/linux/interrupt.h
42595 --- linux-2.6.32.1/include/linux/interrupt.h 2009-12-02 22:51:21.000000000 -0500
42596 +++ linux-2.6.32.1/include/linux/interrupt.h 2009-12-14 18:33:59.093720869 -0500
42597 @@ -357,7 +357,7 @@ enum
42598 /* map softirq index to softirq name. update 'softirq_to_name' in
42599 * kernel/softirq.c when adding a new softirq.
42601 -extern char *softirq_to_name[NR_SOFTIRQS];
42602 +extern const char * const softirq_to_name[NR_SOFTIRQS];
42604 /* softirq mask and active fields moved to irq_cpustat_t in
42605 * asm/hardirq.h to get better cache usage. KAO
42606 diff -urNp linux-2.6.32.1/include/linux/jbd2.h linux-2.6.32.1/include/linux/jbd2.h
42607 --- linux-2.6.32.1/include/linux/jbd2.h 2009-12-02 22:51:21.000000000 -0500
42608 +++ linux-2.6.32.1/include/linux/jbd2.h 2009-12-14 18:33:59.093720869 -0500
42609 @@ -66,7 +66,7 @@ extern u8 jbd2_journal_enable_debug;
42613 -#define jbd_debug(f, a...) /**/
42614 +#define jbd_debug(f, a...) do {} while (0)
42617 static inline void *jbd2_alloc(size_t size, gfp_t flags)
42618 diff -urNp linux-2.6.32.1/include/linux/jbd.h linux-2.6.32.1/include/linux/jbd.h
42619 --- linux-2.6.32.1/include/linux/jbd.h 2009-12-02 22:51:21.000000000 -0500
42620 +++ linux-2.6.32.1/include/linux/jbd.h 2009-12-14 18:33:59.112966652 -0500
42621 @@ -66,7 +66,7 @@ extern u8 journal_enable_debug;
42625 -#define jbd_debug(f, a...) /**/
42626 +#define jbd_debug(f, a...) do {} while (0)
42629 static inline void *jbd_alloc(size_t size, gfp_t flags)
42630 diff -urNp linux-2.6.32.1/include/linux/kallsyms.h linux-2.6.32.1/include/linux/kallsyms.h
42631 --- linux-2.6.32.1/include/linux/kallsyms.h 2009-12-02 22:51:21.000000000 -0500
42632 +++ linux-2.6.32.1/include/linux/kallsyms.h 2009-12-14 18:33:59.113955783 -0500
42637 -#ifdef CONFIG_KALLSYMS
42638 +#ifndef __INCLUDED_BY_HIDESYM
42639 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
42640 /* Lookup the address for a symbol. Returns 0 if not found. */
42641 unsigned long kallsyms_lookup_name(const char *name);
42643 @@ -92,6 +93,9 @@ static inline int lookup_symbol_attrs(un
42644 /* Stupid that this does nothing, but I didn't create this mess. */
42645 #define __print_symbol(fmt, addr)
42646 #endif /*CONFIG_KALLSYMS*/
42647 +#else /* when included by kallsyms.c, with HIDESYM enabled */
42648 +extern void __print_symbol(const char *fmt, unsigned long address);
42651 /* This macro allows us to keep printk typechecking */
42652 static void __check_printsym_format(const char *fmt, ...)
42653 diff -urNp linux-2.6.32.1/include/linux/kgdb.h linux-2.6.32.1/include/linux/kgdb.h
42654 --- linux-2.6.32.1/include/linux/kgdb.h 2009-12-02 22:51:21.000000000 -0500
42655 +++ linux-2.6.32.1/include/linux/kgdb.h 2009-12-14 18:33:59.113955783 -0500
42656 @@ -251,20 +251,20 @@ struct kgdb_arch {
42660 - int (*read_char) (void);
42661 - void (*write_char) (u8);
42662 - void (*flush) (void);
42663 - int (*init) (void);
42664 - void (*pre_exception) (void);
42665 - void (*post_exception) (void);
42666 + int (* const read_char) (void);
42667 + void (* const write_char) (u8);
42668 + void (* const flush) (void);
42669 + int (* const init) (void);
42670 + void (* const pre_exception) (void);
42671 + void (* const post_exception) (void);
42674 -extern struct kgdb_arch arch_kgdb_ops;
42675 +extern const struct kgdb_arch arch_kgdb_ops;
42677 extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
42679 -extern int kgdb_register_io_module(struct kgdb_io *local_kgdb_io_ops);
42680 -extern void kgdb_unregister_io_module(struct kgdb_io *local_kgdb_io_ops);
42681 +extern int kgdb_register_io_module(const struct kgdb_io *local_kgdb_io_ops);
42682 +extern void kgdb_unregister_io_module(const struct kgdb_io *local_kgdb_io_ops);
42684 extern int kgdb_hex2long(char **ptr, unsigned long *long_val);
42685 extern int kgdb_mem2hex(char *mem, char *buf, int count);
42686 diff -urNp linux-2.6.32.1/include/linux/kobject.h linux-2.6.32.1/include/linux/kobject.h
42687 --- linux-2.6.32.1/include/linux/kobject.h 2009-12-02 22:51:21.000000000 -0500
42688 +++ linux-2.6.32.1/include/linux/kobject.h 2009-12-14 18:33:59.130982398 -0500
42689 @@ -106,7 +106,7 @@ extern char *kobject_get_path(struct kob
42692 void (*release)(struct kobject *kobj);
42693 - struct sysfs_ops *sysfs_ops;
42694 + const struct sysfs_ops *sysfs_ops;
42695 struct attribute **default_attrs;
42698 @@ -118,9 +118,9 @@ struct kobj_uevent_env {
42701 struct kset_uevent_ops {
42702 - int (*filter)(struct kset *kset, struct kobject *kobj);
42703 - const char *(*name)(struct kset *kset, struct kobject *kobj);
42704 - int (*uevent)(struct kset *kset, struct kobject *kobj,
42705 + int (* const filter)(struct kset *kset, struct kobject *kobj);
42706 + const char *(* const name)(struct kset *kset, struct kobject *kobj);
42707 + int (* const uevent)(struct kset *kset, struct kobject *kobj,
42708 struct kobj_uevent_env *env);
42711 @@ -132,7 +132,7 @@ struct kobj_attribute {
42712 const char *buf, size_t count);
42715 -extern struct sysfs_ops kobj_sysfs_ops;
42716 +extern const struct sysfs_ops kobj_sysfs_ops;
42719 * struct kset - a set of kobjects of a specific type, belonging to a specific subsystem.
42720 @@ -155,14 +155,14 @@ struct kset {
42721 struct list_head list;
42722 spinlock_t list_lock;
42723 struct kobject kobj;
42724 - struct kset_uevent_ops *uevent_ops;
42725 + const struct kset_uevent_ops *uevent_ops;
42728 extern void kset_init(struct kset *kset);
42729 extern int __must_check kset_register(struct kset *kset);
42730 extern void kset_unregister(struct kset *kset);
42731 extern struct kset * __must_check kset_create_and_add(const char *name,
42732 - struct kset_uevent_ops *u,
42733 + const struct kset_uevent_ops *u,
42734 struct kobject *parent_kobj);
42736 static inline struct kset *to_kset(struct kobject *kobj)
42737 diff -urNp linux-2.6.32.1/include/linux/kvm_host.h linux-2.6.32.1/include/linux/kvm_host.h
42738 --- linux-2.6.32.1/include/linux/kvm_host.h 2009-12-02 22:51:21.000000000 -0500
42739 +++ linux-2.6.32.1/include/linux/kvm_host.h 2009-12-14 18:33:59.130982398 -0500
42740 @@ -205,7 +205,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vc
42741 void vcpu_load(struct kvm_vcpu *vcpu);
42742 void vcpu_put(struct kvm_vcpu *vcpu);
42744 -int kvm_init(void *opaque, unsigned int vcpu_size,
42745 +int kvm_init(const void *opaque, unsigned int vcpu_size,
42746 struct module *module);
42747 void kvm_exit(void);
42749 @@ -311,7 +311,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(
42750 struct kvm_guest_debug *dbg);
42751 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
42753 -int kvm_arch_init(void *opaque);
42754 +int kvm_arch_init(const void *opaque);
42755 void kvm_arch_exit(void);
42757 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
42758 diff -urNp linux-2.6.32.1/include/linux/libata.h linux-2.6.32.1/include/linux/libata.h
42759 --- linux-2.6.32.1/include/linux/libata.h 2009-12-02 22:51:21.000000000 -0500
42760 +++ linux-2.6.32.1/include/linux/libata.h 2009-12-14 18:33:59.153957201 -0500
42761 @@ -64,11 +64,11 @@
42762 #ifdef ATA_VERBOSE_DEBUG
42763 #define VPRINTK(fmt, args...) printk(KERN_ERR "%s: " fmt, __func__, ## args)
42765 -#define VPRINTK(fmt, args...)
42766 +#define VPRINTK(fmt, args...) do {} while (0)
42767 #endif /* ATA_VERBOSE_DEBUG */
42769 -#define DPRINTK(fmt, args...)
42770 -#define VPRINTK(fmt, args...)
42771 +#define DPRINTK(fmt, args...) do {} while (0)
42772 +#define VPRINTK(fmt, args...) do {} while (0)
42773 #endif /* ATA_DEBUG */
42775 #define BPRINTK(fmt, args...) if (ap->flags & ATA_FLAG_DEBUGMSG) printk(KERN_ERR "%s: " fmt, __func__, ## args)
42776 @@ -521,11 +521,11 @@ struct ata_ioports {
42780 - struct device *dev;
42781 + struct device *dev;
42782 void __iomem * const *iomap;
42783 unsigned int n_ports;
42784 void *private_data;
42785 - struct ata_port_operations *ops;
42786 + const struct ata_port_operations *ops;
42787 unsigned long flags;
42788 #ifdef CONFIG_ATA_ACPI
42789 acpi_handle acpi_handle;
42790 @@ -706,7 +706,7 @@ struct ata_link {
42793 struct Scsi_Host *scsi_host; /* our co-allocated scsi host */
42794 - struct ata_port_operations *ops;
42795 + const struct ata_port_operations *ops;
42797 /* Flags owned by the EH context. Only EH should touch these once the
42799 @@ -888,7 +888,7 @@ struct ata_port_info {
42800 unsigned long pio_mask;
42801 unsigned long mwdma_mask;
42802 unsigned long udma_mask;
42803 - struct ata_port_operations *port_ops;
42804 + const struct ata_port_operations *port_ops;
42805 void *private_data;
42808 @@ -912,7 +912,7 @@ extern const unsigned long sata_deb_timi
42809 extern const unsigned long sata_deb_timing_hotplug[];
42810 extern const unsigned long sata_deb_timing_long[];
42812 -extern struct ata_port_operations ata_dummy_port_ops;
42813 +extern const struct ata_port_operations ata_dummy_port_ops;
42814 extern const struct ata_port_info ata_dummy_port_info;
42816 static inline const unsigned long *
42817 @@ -958,7 +958,7 @@ extern int ata_host_activate(struct ata_
42818 struct scsi_host_template *sht);
42819 extern void ata_host_detach(struct ata_host *host);
42820 extern void ata_host_init(struct ata_host *, struct device *,
42821 - unsigned long, struct ata_port_operations *);
42822 + unsigned long, const struct ata_port_operations *);
42823 extern int ata_scsi_detect(struct scsi_host_template *sht);
42824 extern int ata_scsi_ioctl(struct scsi_device *dev, int cmd, void __user *arg);
42825 extern int ata_scsi_queuecmd(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd *));
42826 diff -urNp linux-2.6.32.1/include/linux/lockd/bind.h linux-2.6.32.1/include/linux/lockd/bind.h
42827 --- linux-2.6.32.1/include/linux/lockd/bind.h 2009-12-02 22:51:21.000000000 -0500
42828 +++ linux-2.6.32.1/include/linux/lockd/bind.h 2009-12-14 18:33:59.154959590 -0500
42829 @@ -23,13 +23,13 @@ struct svc_rqst;
42830 * This is the set of functions for lockd->nfsd communication
42832 struct nlmsvc_binding {
42833 - __be32 (*fopen)(struct svc_rqst *,
42834 + __be32 (* const fopen)(struct svc_rqst *,
42837 - void (*fclose)(struct file *);
42838 + void (* const fclose)(struct file *);
42841 -extern struct nlmsvc_binding * nlmsvc_ops;
42842 +extern const struct nlmsvc_binding * nlmsvc_ops;
42845 * Similar to nfs_client_initdata, but without the NFS-specific
42846 diff -urNp linux-2.6.32.1/include/linux/mm.h linux-2.6.32.1/include/linux/mm.h
42847 --- linux-2.6.32.1/include/linux/mm.h 2009-12-02 22:51:21.000000000 -0500
42848 +++ linux-2.6.32.1/include/linux/mm.h 2009-12-14 18:33:59.160822367 -0500
42849 @@ -106,6 +106,10 @@ extern unsigned int kobjsize(const void
42850 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */
42851 #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */
42853 +#ifdef CONFIG_PAX_PAGEEXEC
42854 +#define VM_PAGEEXEC 0x80000000 /* vma->vm_page_prot needs special handling */
42857 #ifndef VM_STACK_DEFAULT_FLAGS /* arch can override this */
42858 #define VM_STACK_DEFAULT_FLAGS VM_DATA_DEFAULT_FLAGS
42860 @@ -880,6 +884,8 @@ struct shrinker {
42861 extern void register_shrinker(struct shrinker *);
42862 extern void unregister_shrinker(struct shrinker *);
42864 +pgprot_t vm_get_page_prot(unsigned long vm_flags);
42866 int vma_wants_writenotify(struct vm_area_struct *vma);
42868 extern pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlock_t **ptl);
42869 @@ -1152,6 +1158,7 @@ out:
42872 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
42873 +extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
42875 extern unsigned long do_brk(unsigned long, unsigned long);
42877 @@ -1206,6 +1213,10 @@ extern struct vm_area_struct * find_vma(
42878 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
42879 struct vm_area_struct **pprev);
42881 +extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma);
42882 +extern void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma);
42883 +extern void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl);
42885 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
42886 NULL if none. Assume start_addr < end_addr. */
42887 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
42888 @@ -1222,7 +1233,6 @@ static inline unsigned long vma_pages(st
42889 return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
42892 -pgprot_t vm_get_page_prot(unsigned long vm_flags);
42893 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
42894 int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
42895 unsigned long pfn, unsigned long size, pgprot_t);
42896 @@ -1322,5 +1332,11 @@ extern int sysctl_memory_failure_early_k
42897 extern int sysctl_memory_failure_recovery;
42898 extern atomic_long_t mce_bad_pages;
42900 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
42901 +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
42903 +static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {}
42906 #endif /* __KERNEL__ */
42907 #endif /* _LINUX_MM_H */
42908 diff -urNp linux-2.6.32.1/include/linux/mm_types.h linux-2.6.32.1/include/linux/mm_types.h
42909 --- linux-2.6.32.1/include/linux/mm_types.h 2009-12-02 22:51:21.000000000 -0500
42910 +++ linux-2.6.32.1/include/linux/mm_types.h 2009-12-14 18:33:59.172960740 -0500
42911 @@ -186,6 +186,8 @@ struct vm_area_struct {
42913 struct mempolicy *vm_policy; /* NUMA policy for the VMA */
42916 + struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */
42919 struct core_thread {
42920 @@ -287,6 +289,24 @@ struct mm_struct {
42921 #ifdef CONFIG_MMU_NOTIFIER
42922 struct mmu_notifier_mm *mmu_notifier_mm;
42925 +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
42926 + unsigned long pax_flags;
42929 +#ifdef CONFIG_PAX_DLRESOLVE
42930 + unsigned long call_dl_resolve;
42933 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
42934 + unsigned long call_syscall;
42937 +#ifdef CONFIG_PAX_ASLR
42938 + unsigned long delta_mmap; /* randomized offset */
42939 + unsigned long delta_stack; /* randomized offset */
42944 /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */
42945 diff -urNp linux-2.6.32.1/include/linux/mmu_notifier.h linux-2.6.32.1/include/linux/mmu_notifier.h
42946 --- linux-2.6.32.1/include/linux/mmu_notifier.h 2009-12-02 22:51:21.000000000 -0500
42947 +++ linux-2.6.32.1/include/linux/mmu_notifier.h 2009-12-14 18:33:59.193970523 -0500
42948 @@ -235,12 +235,12 @@ static inline void mmu_notifier_mm_destr
42950 #define ptep_clear_flush_notify(__vma, __address, __ptep) \
42954 struct vm_area_struct *___vma = __vma; \
42955 unsigned long ___address = __address; \
42956 - __pte = ptep_clear_flush(___vma, ___address, __ptep); \
42957 + ___pte = ptep_clear_flush(___vma, ___address, __ptep); \
42958 mmu_notifier_invalidate_page(___vma->vm_mm, ___address); \
42963 #define ptep_clear_flush_young_notify(__vma, __address, __ptep) \
42964 diff -urNp linux-2.6.32.1/include/linux/mod_devicetable.h linux-2.6.32.1/include/linux/mod_devicetable.h
42965 --- linux-2.6.32.1/include/linux/mod_devicetable.h 2009-12-02 22:51:21.000000000 -0500
42966 +++ linux-2.6.32.1/include/linux/mod_devicetable.h 2009-12-14 18:33:59.194758859 -0500
42968 typedef unsigned long kernel_ulong_t;
42971 -#define PCI_ANY_ID (~0)
42972 +#define PCI_ANY_ID ((__u16)~0)
42974 struct pci_device_id {
42975 __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/
42976 @@ -131,7 +131,7 @@ struct usb_device_id {
42977 #define USB_DEVICE_ID_MATCH_INT_SUBCLASS 0x0100
42978 #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
42980 -#define HID_ANY_ID (~0)
42981 +#define HID_ANY_ID (~0U)
42983 struct hid_device_id {
42985 diff -urNp linux-2.6.32.1/include/linux/module.h linux-2.6.32.1/include/linux/module.h
42986 --- linux-2.6.32.1/include/linux/module.h 2009-12-02 22:51:21.000000000 -0500
42987 +++ linux-2.6.32.1/include/linux/module.h 2009-12-14 18:33:59.194758859 -0500
42988 @@ -287,16 +287,16 @@ struct module
42991 /* If this is non-NULL, vfree after init() returns */
42992 - void *module_init;
42993 + void *module_init_rx, *module_init_rw;
42995 /* Here is the actual code + data, vfree'd on unload. */
42996 - void *module_core;
42997 + void *module_core_rx, *module_core_rw;
42999 /* Here are the sizes of the init and core sections */
43000 - unsigned int init_size, core_size;
43001 + unsigned int init_size_rw, core_size_rw;
43003 /* The size of the executable code in each section. */
43004 - unsigned int init_text_size, core_text_size;
43005 + unsigned int init_size_rx, core_size_rx;
43007 /* Arch-specific module values */
43008 struct mod_arch_specific arch;
43009 @@ -393,16 +393,46 @@ struct module *__module_address(unsigned
43010 bool is_module_address(unsigned long addr);
43011 bool is_module_text_address(unsigned long addr);
43013 +static inline int within_module_range(unsigned long addr, void *start, unsigned long size)
43016 +#ifdef CONFIG_PAX_KERNEXEC
43017 + if (ktla_ktva(addr) >= (unsigned long)start &&
43018 + ktla_ktva(addr) < (unsigned long)start + size)
43022 + return ((void *)addr >= start && (void *)addr < start + size);
43025 +static inline int within_module_core_rx(unsigned long addr, struct module *mod)
43027 + return within_module_range(addr, mod->module_core_rx, mod->core_size_rx);
43030 +static inline int within_module_core_rw(unsigned long addr, struct module *mod)
43032 + return within_module_range(addr, mod->module_core_rw, mod->core_size_rw);
43035 +static inline int within_module_init_rx(unsigned long addr, struct module *mod)
43037 + return within_module_range(addr, mod->module_init_rx, mod->init_size_rx);
43040 +static inline int within_module_init_rw(unsigned long addr, struct module *mod)
43042 + return within_module_range(addr, mod->module_init_rw, mod->init_size_rw);
43045 static inline int within_module_core(unsigned long addr, struct module *mod)
43047 - return (unsigned long)mod->module_core <= addr &&
43048 - addr < (unsigned long)mod->module_core + mod->core_size;
43049 + return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod);
43052 static inline int within_module_init(unsigned long addr, struct module *mod)
43054 - return (unsigned long)mod->module_init <= addr &&
43055 - addr < (unsigned long)mod->module_init + mod->init_size;
43056 + return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod);
43059 /* Search for module by name: must hold module_mutex. */
43060 diff -urNp linux-2.6.32.1/include/linux/moduleloader.h linux-2.6.32.1/include/linux/moduleloader.h
43061 --- linux-2.6.32.1/include/linux/moduleloader.h 2009-12-02 22:51:21.000000000 -0500
43062 +++ linux-2.6.32.1/include/linux/moduleloader.h 2009-12-14 18:33:59.194758859 -0500
43063 @@ -20,9 +20,21 @@ unsigned int arch_mod_section_prepend(st
43064 sections. Returns NULL on failure. */
43065 void *module_alloc(unsigned long size);
43067 +#ifdef CONFIG_PAX_KERNEXEC
43068 +void *module_alloc_exec(unsigned long size);
43070 +#define module_alloc_exec(x) module_alloc(x)
43073 /* Free memory returned from module_alloc. */
43074 void module_free(struct module *mod, void *module_region);
43076 +#ifdef CONFIG_PAX_KERNEXEC
43077 +void module_free_exec(struct module *mod, void *module_region);
43079 +#define module_free_exec(x, y) module_free(x, y)
43082 /* Apply the given relocation to the (simplified) ELF. Return -error
43084 int apply_relocate(Elf_Shdr *sechdrs,
43085 diff -urNp linux-2.6.32.1/include/linux/namei.h linux-2.6.32.1/include/linux/namei.h
43086 --- linux-2.6.32.1/include/linux/namei.h 2009-12-02 22:51:21.000000000 -0500
43087 +++ linux-2.6.32.1/include/linux/namei.h 2009-12-14 18:33:59.194758859 -0500
43088 @@ -22,7 +22,7 @@ struct nameidata {
43089 unsigned int flags;
43092 - char *saved_names[MAX_NESTED_LINKS + 1];
43093 + const char *saved_names[MAX_NESTED_LINKS + 1];
43097 @@ -84,12 +84,12 @@ extern int follow_up(struct path *);
43098 extern struct dentry *lock_rename(struct dentry *, struct dentry *);
43099 extern void unlock_rename(struct dentry *, struct dentry *);
43101 -static inline void nd_set_link(struct nameidata *nd, char *path)
43102 +static inline void nd_set_link(struct nameidata *nd, const char *path)
43104 nd->saved_names[nd->depth] = path;
43107 -static inline char *nd_get_link(struct nameidata *nd)
43108 +static inline const char *nd_get_link(const struct nameidata *nd)
43110 return nd->saved_names[nd->depth];
43112 diff -urNp linux-2.6.32.1/include/linux/nodemask.h linux-2.6.32.1/include/linux/nodemask.h
43113 --- linux-2.6.32.1/include/linux/nodemask.h 2009-12-02 22:51:21.000000000 -0500
43114 +++ linux-2.6.32.1/include/linux/nodemask.h 2009-12-14 18:33:59.195853346 -0500
43115 @@ -464,11 +464,11 @@ static inline int num_node_state(enum no
43117 #define any_online_node(mask) \
43120 - for_each_node_mask(node, (mask)) \
43121 - if (node_online(node)) \
43123 + for_each_node_mask(__node, (mask)) \
43124 + if (node_online(__node)) \
43130 #define num_online_nodes() num_node_state(N_ONLINE)
43131 diff -urNp linux-2.6.32.1/include/linux/oprofile.h linux-2.6.32.1/include/linux/oprofile.h
43132 --- linux-2.6.32.1/include/linux/oprofile.h 2009-12-02 22:51:21.000000000 -0500
43133 +++ linux-2.6.32.1/include/linux/oprofile.h 2009-12-14 18:33:59.195853346 -0500
43134 @@ -129,9 +129,9 @@ int oprofilefs_create_ulong(struct super
43135 int oprofilefs_create_ro_ulong(struct super_block * sb, struct dentry * root,
43136 char const * name, ulong * val);
43138 -/** Create a file for read-only access to an atomic_t. */
43139 +/** Create a file for read-only access to an atomic_unchecked_t. */
43140 int oprofilefs_create_ro_atomic(struct super_block * sb, struct dentry * root,
43141 - char const * name, atomic_t * val);
43142 + char const * name, atomic_unchecked_t * val);
43144 /** create a directory */
43145 struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
43146 diff -urNp linux-2.6.32.1/include/linux/pipe_fs_i.h linux-2.6.32.1/include/linux/pipe_fs_i.h
43147 --- linux-2.6.32.1/include/linux/pipe_fs_i.h 2009-12-02 22:51:21.000000000 -0500
43148 +++ linux-2.6.32.1/include/linux/pipe_fs_i.h 2009-12-14 18:33:59.195853346 -0500
43149 @@ -46,9 +46,9 @@ struct pipe_inode_info {
43150 wait_queue_head_t wait;
43151 unsigned int nrbufs, curbuf;
43152 struct page *tmp_page;
43153 - unsigned int readers;
43154 - unsigned int writers;
43155 - unsigned int waiting_writers;
43156 + atomic_t readers;
43157 + atomic_t writers;
43158 + atomic_t waiting_writers;
43159 unsigned int r_counter;
43160 unsigned int w_counter;
43161 struct fasync_struct *fasync_readers;
43162 diff -urNp linux-2.6.32.1/include/linux/poison.h linux-2.6.32.1/include/linux/poison.h
43163 --- linux-2.6.32.1/include/linux/poison.h 2009-12-02 22:51:21.000000000 -0500
43164 +++ linux-2.6.32.1/include/linux/poison.h 2009-12-14 18:33:59.196817227 -0500
43166 * under normal circumstances, used to verify that nobody uses
43167 * non-initialized list entries.
43169 -#define LIST_POISON1 ((void *) 0x00100100)
43170 -#define LIST_POISON2 ((void *) 0x00200200)
43171 +#define LIST_POISON1 ((void *) (long)0xFFFFFF01)
43172 +#define LIST_POISON2 ((void *) (long)0xFFFFFF02)
43174 /********** include/linux/timer.h **********/
43176 diff -urNp linux-2.6.32.1/include/linux/proc_fs.h linux-2.6.32.1/include/linux/proc_fs.h
43177 --- linux-2.6.32.1/include/linux/proc_fs.h 2009-12-02 22:51:21.000000000 -0500
43178 +++ linux-2.6.32.1/include/linux/proc_fs.h 2009-12-14 18:33:59.196817227 -0500
43179 @@ -155,6 +155,19 @@ static inline struct proc_dir_entry *pro
43180 return proc_create_data(name, mode, parent, proc_fops, NULL);
43183 +static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
43184 + struct proc_dir_entry *parent, const struct file_operations *proc_fops)
43186 +#ifdef CONFIG_GRKERNSEC_PROC_USER
43187 + return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL);
43188 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
43189 + return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL);
43191 + return proc_create_data(name, mode, parent, proc_fops, NULL);
43196 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
43197 mode_t mode, struct proc_dir_entry *base,
43198 read_proc_t *read_proc, void * data)
43199 diff -urNp linux-2.6.32.1/include/linux/random.h linux-2.6.32.1/include/linux/random.h
43200 --- linux-2.6.32.1/include/linux/random.h 2009-12-02 22:51:21.000000000 -0500
43201 +++ linux-2.6.32.1/include/linux/random.h 2009-12-14 18:33:59.212953772 -0500
43202 @@ -74,6 +74,11 @@ unsigned long randomize_range(unsigned l
43203 u32 random32(void);
43204 void srandom32(u32 seed);
43206 +static inline unsigned long pax_get_random_long(void)
43208 + return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
43211 #endif /* __KERNEL___ */
43213 #endif /* _LINUX_RANDOM_H */
43214 diff -urNp linux-2.6.32.1/include/linux/reiserfs_fs.h linux-2.6.32.1/include/linux/reiserfs_fs.h
43215 --- linux-2.6.32.1/include/linux/reiserfs_fs.h 2009-12-02 22:51:21.000000000 -0500
43216 +++ linux-2.6.32.1/include/linux/reiserfs_fs.h 2009-12-14 18:33:59.213968537 -0500
43217 @@ -1326,7 +1326,7 @@ static inline loff_t max_reiserfs_offset
43218 #define REISERFS_USER_MEM 1 /* reiserfs user memory mode */
43220 #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter)
43221 -#define get_generation(s) atomic_read (&fs_generation(s))
43222 +#define get_generation(s) atomic_read_unchecked (&fs_generation(s))
43223 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen)
43224 #define __fs_changed(gen,s) (gen != get_generation (s))
43225 #define fs_changed(gen,s) ({cond_resched(); __fs_changed(gen, s);})
43226 @@ -1534,24 +1534,24 @@ static inline struct super_block *sb_fro
43229 struct item_operations {
43230 - int (*bytes_number) (struct item_head * ih, int block_size);
43231 - void (*decrement_key) (struct cpu_key *);
43232 - int (*is_left_mergeable) (struct reiserfs_key * ih,
43233 + int (* const bytes_number) (struct item_head * ih, int block_size);
43234 + void (* const decrement_key) (struct cpu_key *);
43235 + int (* const is_left_mergeable) (struct reiserfs_key * ih,
43236 unsigned long bsize);
43237 - void (*print_item) (struct item_head *, char *item);
43238 - void (*check_item) (struct item_head *, char *item);
43239 + void (* const print_item) (struct item_head *, char *item);
43240 + void (* const check_item) (struct item_head *, char *item);
43242 - int (*create_vi) (struct virtual_node * vn, struct virtual_item * vi,
43243 + int (* const create_vi) (struct virtual_node * vn, struct virtual_item * vi,
43244 int is_affected, int insert_size);
43245 - int (*check_left) (struct virtual_item * vi, int free,
43246 + int (* const check_left) (struct virtual_item * vi, int free,
43247 int start_skip, int end_skip);
43248 - int (*check_right) (struct virtual_item * vi, int free);
43249 - int (*part_size) (struct virtual_item * vi, int from, int to);
43250 - int (*unit_num) (struct virtual_item * vi);
43251 - void (*print_vi) (struct virtual_item * vi);
43252 + int (* const check_right) (struct virtual_item * vi, int free);
43253 + int (* const part_size) (struct virtual_item * vi, int from, int to);
43254 + int (* const unit_num) (struct virtual_item * vi);
43255 + void (* const print_vi) (struct virtual_item * vi);
43258 -extern struct item_operations *item_ops[TYPE_ANY + 1];
43259 +extern const struct item_operations * const item_ops[TYPE_ANY + 1];
43261 #define op_bytes_number(ih,bsize) item_ops[le_ih_k_type (ih)]->bytes_number (ih, bsize)
43262 #define op_is_left_mergeable(key,bsize) item_ops[le_key_k_type (le_key_version (key), key)]->is_left_mergeable (key, bsize)
43263 diff -urNp linux-2.6.32.1/include/linux/reiserfs_fs_sb.h linux-2.6.32.1/include/linux/reiserfs_fs_sb.h
43264 --- linux-2.6.32.1/include/linux/reiserfs_fs_sb.h 2009-12-02 22:51:21.000000000 -0500
43265 +++ linux-2.6.32.1/include/linux/reiserfs_fs_sb.h 2009-12-14 18:33:59.213968537 -0500
43266 @@ -377,7 +377,7 @@ struct reiserfs_sb_info {
43267 /* Comment? -Hans */
43268 wait_queue_head_t s_wait;
43269 /* To be obsoleted soon by per buffer seals.. -Hans */
43270 - atomic_t s_generation_counter; // increased by one every time the
43271 + atomic_unchecked_t s_generation_counter; // increased by one every time the
43272 // tree gets re-balanced
43273 unsigned long s_properties; /* File system properties. Currently holds
43274 on-disk FS format */
43275 diff -urNp linux-2.6.32.1/include/linux/sched.h linux-2.6.32.1/include/linux/sched.h
43276 --- linux-2.6.32.1/include/linux/sched.h 2009-12-14 18:30:08.774964280 -0500
43277 +++ linux-2.6.32.1/include/linux/sched.h 2009-12-14 18:33:59.214964682 -0500
43278 @@ -101,6 +101,7 @@ struct bio;
43280 struct bts_context;
43281 struct perf_event_context;
43282 +struct linux_binprm;
43285 * List of flags we want to share for kernel threads,
43286 @@ -664,6 +665,15 @@ struct signal_struct {
43287 struct tty_audit_buf *tty_audit_buf;
43290 +#ifdef CONFIG_GRKERNSEC
43296 + u8 used_accept:1;
43299 int oom_adj; /* OOM kill score adjustment (bit shift) */
43302 @@ -1214,7 +1224,7 @@ struct rcu_node;
43304 struct task_struct {
43305 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
43307 + struct thread_info *stack;
43309 unsigned int flags; /* per process flags, defined below */
43310 unsigned int ptrace;
43311 @@ -1326,8 +1336,8 @@ struct task_struct {
43312 struct list_head thread_group;
43314 struct completion *vfork_done; /* for vfork() */
43315 - int __user *set_child_tid; /* CLONE_CHILD_SETTID */
43316 - int __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
43317 + pid_t __user *set_child_tid; /* CLONE_CHILD_SETTID */
43318 + pid_t __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
43320 cputime_t utime, stime, utimescaled, stimescaled;
43322 @@ -1341,16 +1351,6 @@ struct task_struct {
43323 struct task_cputime cputime_expires;
43324 struct list_head cpu_timers[3];
43326 -/* process credentials */
43327 - const struct cred *real_cred; /* objective and real subjective task
43328 - * credentials (COW) */
43329 - const struct cred *cred; /* effective (overridable) subjective task
43330 - * credentials (COW) */
43331 - struct mutex cred_guard_mutex; /* guard against foreign influences on
43332 - * credential calculations
43333 - * (notably. ptrace) */
43334 - struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
43336 char comm[TASK_COMM_LEN]; /* executable name excluding path
43337 - access with [gs]et_task_comm (which lock
43338 it with task_lock())
43339 @@ -1434,6 +1434,15 @@ struct task_struct {
43340 int hardirq_context;
43341 int softirq_context;
43344 +/* process credentials */
43345 + const struct cred *real_cred; /* objective and real subjective task
43346 + * credentials (COW) */
43347 + struct mutex cred_guard_mutex; /* guard against foreign influences on
43348 + * credential calculations
43349 + * (notably. ptrace) */
43350 + struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
43352 #ifdef CONFIG_LOCKDEP
43353 # define MAX_LOCK_DEPTH 48UL
43354 u64 curr_chain_key;
43355 @@ -1454,6 +1463,9 @@ struct task_struct {
43357 struct backing_dev_info *backing_dev_info;
43359 + const struct cred *cred; /* effective (overridable) subjective task
43360 + * credentials (COW) */
43362 struct io_context *io_context;
43364 unsigned long ptrace_message;
43365 @@ -1517,6 +1529,18 @@ struct task_struct {
43366 unsigned long default_timer_slack_ns;
43368 struct list_head *scm_work_list;
43370 +#ifdef CONFIG_GRKERNSEC
43372 + struct acl_subject_label *acl;
43373 + struct acl_role_label *role;
43374 + struct file *exec_file;
43381 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
43382 /* Index of current stored adress in ret_stack */
43383 int curr_ret_stack;
43384 @@ -1541,6 +1565,52 @@ struct task_struct {
43385 unsigned long stack_start;
43388 +#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */
43389 +#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */
43390 +#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */
43391 +#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */
43392 +/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */
43393 +#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */
43395 +#ifdef CONFIG_PAX_SOFTMODE
43396 +extern unsigned int pax_softmode;
43399 +extern int pax_check_flags(unsigned long *);
43401 +/* if tsk != current then task_lock must be held on it */
43402 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
43403 +static inline unsigned long pax_get_flags(struct task_struct *tsk)
43405 + if (likely(tsk->mm))
43406 + return tsk->mm->pax_flags;
43411 +/* if tsk != current then task_lock must be held on it */
43412 +static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
43414 + if (likely(tsk->mm)) {
43415 + tsk->mm->pax_flags = flags;
43422 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
43423 +extern void pax_set_initial_flags(struct linux_binprm *bprm);
43424 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
43425 +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
43428 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
43429 +void pax_report_insns(void *pc, void *sp);
43430 +void pax_report_refcount_overflow(struct pt_regs *regs);
43431 +void pax_report_leak_to_user(const void *ptr, unsigned long len);
43432 +void pax_report_overflow_from_user(const void *ptr, unsigned long len);
43434 /* Future-safe accessor for struct task_struct's cpus_allowed. */
43435 #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed)
43437 @@ -2140,7 +2210,7 @@ extern void __cleanup_sighand(struct sig
43438 extern void exit_itimers(struct signal_struct *);
43439 extern void flush_itimer_signals(void);
43441 -extern NORET_TYPE void do_group_exit(int);
43442 +extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET;
43444 extern void daemonize(const char *, ...);
43445 extern int allow_signal(int);
43446 @@ -2253,8 +2323,8 @@ static inline void unlock_task_sighand(s
43448 #ifndef __HAVE_THREAD_FUNCTIONS
43450 -#define task_thread_info(task) ((struct thread_info *)(task)->stack)
43451 -#define task_stack_page(task) ((task)->stack)
43452 +#define task_thread_info(task) ((task)->stack)
43453 +#define task_stack_page(task) ((void *)(task)->stack)
43455 static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
43457 @@ -2269,13 +2339,31 @@ static inline unsigned long *end_of_stac
43461 -static inline int object_is_on_stack(void *obj)
43462 +static inline int object_starts_on_stack(void *obj)
43464 - void *stack = task_stack_page(current);
43465 + const void *stack = task_stack_page(current);
43467 return (obj >= stack) && (obj < (stack + THREAD_SIZE));
43470 +/* 0: not at all, 1: fully, -1: partially (implies an error) */
43471 +static inline int object_is_on_stack(const void *obj, unsigned long len)
43473 + const void *stack = task_stack_page(current);
43474 + const void *stackend = stack + THREAD_SIZE;
43476 + if (obj + len < obj)
43479 + if (stack <= obj && obj + len <= stackend)
43482 + if (obj + len <= stack || stackend <= obj)
43488 extern void thread_info_cache_init(void);
43490 #ifdef CONFIG_DEBUG_STACK_USAGE
43491 diff -urNp linux-2.6.32.1/include/linux/screen_info.h linux-2.6.32.1/include/linux/screen_info.h
43492 --- linux-2.6.32.1/include/linux/screen_info.h 2009-12-02 22:51:21.000000000 -0500
43493 +++ linux-2.6.32.1/include/linux/screen_info.h 2009-12-14 18:33:59.214964682 -0500
43494 @@ -42,7 +42,8 @@ struct screen_info {
43495 __u16 pages; /* 0x32 */
43496 __u16 vesa_attributes; /* 0x34 */
43497 __u32 capabilities; /* 0x36 */
43498 - __u8 _reserved[6]; /* 0x3a */
43499 + __u16 vesapm_size; /* 0x3a */
43500 + __u8 _reserved[4]; /* 0x3c */
43501 } __attribute__((packed));
43503 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
43504 diff -urNp linux-2.6.32.1/include/linux/security.h linux-2.6.32.1/include/linux/security.h
43505 --- linux-2.6.32.1/include/linux/security.h 2009-12-02 22:51:21.000000000 -0500
43506 +++ linux-2.6.32.1/include/linux/security.h 2009-12-14 18:33:59.237195018 -0500
43508 #include <linux/key.h>
43509 #include <linux/xfrm.h>
43510 #include <linux/gfp.h>
43511 +#include <linux/grsecurity.h>
43512 #include <net/flow.h>
43514 /* Maximum number of letters for an LSM name string */
43515 diff -urNp linux-2.6.32.1/include/linux/shm.h linux-2.6.32.1/include/linux/shm.h
43516 --- linux-2.6.32.1/include/linux/shm.h 2009-12-02 22:51:21.000000000 -0500
43517 +++ linux-2.6.32.1/include/linux/shm.h 2009-12-14 18:33:59.237969220 -0500
43518 @@ -95,6 +95,10 @@ struct shmid_kernel /* private to the ke
43521 struct user_struct *mlock_user;
43522 +#ifdef CONFIG_GRKERNSEC
43523 + time_t shm_createtime;
43528 /* shm_mode upper byte flags */
43529 diff -urNp linux-2.6.32.1/include/linux/slab.h linux-2.6.32.1/include/linux/slab.h
43530 --- linux-2.6.32.1/include/linux/slab.h 2009-12-02 22:51:21.000000000 -0500
43531 +++ linux-2.6.32.1/include/linux/slab.h 2009-12-14 18:33:59.242714604 -0500
43534 #include <linux/gfp.h>
43535 #include <linux/types.h>
43536 +#include <linux/err.h>
43539 * Flags to pass to kmem_cache_create().
43540 @@ -82,10 +83,13 @@
43541 * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
43542 * Both make kfree a no-op.
43544 -#define ZERO_SIZE_PTR ((void *)16)
43545 +#define ZERO_SIZE_PTR \
43547 + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
43548 + (void *)(-MAX_ERRNO-1L); \
43551 -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
43552 - (unsigned long)ZERO_SIZE_PTR)
43553 +#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR)
43556 * struct kmem_cache related prototypes
43557 @@ -138,6 +142,7 @@ void * __must_check krealloc(const void
43558 void kfree(const void *);
43559 void kzfree(const void *);
43560 size_t ksize(const void *);
43561 +void check_object_size(const void *ptr, unsigned long n, bool to);
43564 * Allocator specific definitions. These are mainly used to establish optimized
43565 @@ -328,4 +333,37 @@ static inline void *kzalloc_node(size_t
43567 void __init kmem_cache_init_late(void);
43569 +#define kmalloc(x, y) \
43571 + void *___retval; \
43572 + intoverflow_t ___x = (intoverflow_t)x; \
43573 + if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n"))\
43574 + ___retval = NULL; \
43576 + ___retval = kmalloc((size_t)___x, (y)); \
43580 +#define kmalloc_node(x, y, z) \
43582 + void *___retval; \
43583 + intoverflow_t ___x = (intoverflow_t)x; \
43584 + if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\
43585 + ___retval = NULL; \
43587 + ___retval = kmalloc_node((size_t)___x, (y), (z));\
43591 +#define kzalloc(x, y) \
43593 + void *___retval; \
43594 + intoverflow_t ___x = (intoverflow_t)x; \
43595 + if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n"))\
43596 + ___retval = NULL; \
43598 + ___retval = kzalloc((size_t)___x, (y)); \
43602 #endif /* _LINUX_SLAB_H */
43603 diff -urNp linux-2.6.32.1/include/linux/slub_def.h linux-2.6.32.1/include/linux/slub_def.h
43604 --- linux-2.6.32.1/include/linux/slub_def.h 2009-12-02 22:51:21.000000000 -0500
43605 +++ linux-2.6.32.1/include/linux/slub_def.h 2009-12-14 18:33:59.257903937 -0500
43606 @@ -86,7 +86,7 @@ struct kmem_cache {
43607 struct kmem_cache_order_objects max;
43608 struct kmem_cache_order_objects min;
43609 gfp_t allocflags; /* gfp flags to use on each alloc */
43610 - int refcount; /* Refcount for slab cache destroy */
43611 + atomic_t refcount; /* Refcount for slab cache destroy */
43612 void (*ctor)(void *);
43613 int inuse; /* Offset to metadata */
43614 int align; /* Alignment */
43615 diff -urNp linux-2.6.32.1/include/linux/sonet.h linux-2.6.32.1/include/linux/sonet.h
43616 --- linux-2.6.32.1/include/linux/sonet.h 2009-12-02 22:51:21.000000000 -0500
43617 +++ linux-2.6.32.1/include/linux/sonet.h 2009-12-14 18:33:59.257903937 -0500
43618 @@ -61,7 +61,7 @@ struct sonet_stats {
43619 #include <asm/atomic.h>
43621 struct k_sonet_stats {
43622 -#define __HANDLE_ITEM(i) atomic_t i
43623 +#define __HANDLE_ITEM(i) atomic_unchecked_t i
43625 #undef __HANDLE_ITEM
43627 diff -urNp linux-2.6.32.1/include/linux/suspend.h linux-2.6.32.1/include/linux/suspend.h
43628 --- linux-2.6.32.1/include/linux/suspend.h 2009-12-02 22:51:21.000000000 -0500
43629 +++ linux-2.6.32.1/include/linux/suspend.h 2009-12-14 18:33:59.257903937 -0500
43630 @@ -104,15 +104,15 @@ typedef int __bitwise suspend_state_t;
43631 * which require special recovery actions in that situation.
43633 struct platform_suspend_ops {
43634 - int (*valid)(suspend_state_t state);
43635 - int (*begin)(suspend_state_t state);
43636 - int (*prepare)(void);
43637 - int (*prepare_late)(void);
43638 - int (*enter)(suspend_state_t state);
43639 - void (*wake)(void);
43640 - void (*finish)(void);
43641 - void (*end)(void);
43642 - void (*recover)(void);
43643 + int (* const valid)(suspend_state_t state);
43644 + int (* const begin)(suspend_state_t state);
43645 + int (* const prepare)(void);
43646 + int (* const prepare_late)(void);
43647 + int (* const enter)(suspend_state_t state);
43648 + void (* const wake)(void);
43649 + void (* const finish)(void);
43650 + void (* const end)(void);
43651 + void (* const recover)(void);
43654 #ifdef CONFIG_SUSPEND
43655 @@ -120,7 +120,7 @@ struct platform_suspend_ops {
43656 * suspend_set_ops - set platform dependent suspend operations
43657 * @ops: The new suspend operations to set.
43659 -extern void suspend_set_ops(struct platform_suspend_ops *ops);
43660 +extern void suspend_set_ops(const struct platform_suspend_ops *ops);
43661 extern int suspend_valid_only_mem(suspend_state_t state);
43664 @@ -145,7 +145,7 @@ extern int pm_suspend(suspend_state_t st
43665 #else /* !CONFIG_SUSPEND */
43666 #define suspend_valid_only_mem NULL
43668 -static inline void suspend_set_ops(struct platform_suspend_ops *ops) {}
43669 +static inline void suspend_set_ops(const struct platform_suspend_ops *ops) {}
43670 static inline int pm_suspend(suspend_state_t state) { return -ENOSYS; }
43671 #endif /* !CONFIG_SUSPEND */
43673 @@ -215,16 +215,16 @@ extern void mark_free_pages(struct zone
43674 * platforms which require special recovery actions in that situation.
43676 struct platform_hibernation_ops {
43677 - int (*begin)(void);
43678 - void (*end)(void);
43679 - int (*pre_snapshot)(void);
43680 - void (*finish)(void);
43681 - int (*prepare)(void);
43682 - int (*enter)(void);
43683 - void (*leave)(void);
43684 - int (*pre_restore)(void);
43685 - void (*restore_cleanup)(void);
43686 - void (*recover)(void);
43687 + int (* const begin)(void);
43688 + void (* const end)(void);
43689 + int (* const pre_snapshot)(void);
43690 + void (* const finish)(void);
43691 + int (* const prepare)(void);
43692 + int (* const enter)(void);
43693 + void (* const leave)(void);
43694 + int (* const pre_restore)(void);
43695 + void (* const restore_cleanup)(void);
43696 + void (* const recover)(void);
43699 #ifdef CONFIG_HIBERNATION
43700 @@ -243,7 +243,7 @@ extern void swsusp_set_page_free(struct
43701 extern void swsusp_unset_page_free(struct page *);
43702 extern unsigned long get_safe_page(gfp_t gfp_mask);
43704 -extern void hibernation_set_ops(struct platform_hibernation_ops *ops);
43705 +extern void hibernation_set_ops(const struct platform_hibernation_ops *ops);
43706 extern int hibernate(void);
43707 extern bool system_entering_hibernation(void);
43708 #else /* CONFIG_HIBERNATION */
43709 @@ -251,7 +251,7 @@ static inline int swsusp_page_is_forbidd
43710 static inline void swsusp_set_page_free(struct page *p) {}
43711 static inline void swsusp_unset_page_free(struct page *p) {}
43713 -static inline void hibernation_set_ops(struct platform_hibernation_ops *ops) {}
43714 +static inline void hibernation_set_ops(const struct platform_hibernation_ops *ops) {}
43715 static inline int hibernate(void) { return -ENOSYS; }
43716 static inline bool system_entering_hibernation(void) { return false; }
43717 #endif /* CONFIG_HIBERNATION */
43718 diff -urNp linux-2.6.32.1/include/linux/sysctl.h linux-2.6.32.1/include/linux/sysctl.h
43719 --- linux-2.6.32.1/include/linux/sysctl.h 2009-12-02 22:51:21.000000000 -0500
43720 +++ linux-2.6.32.1/include/linux/sysctl.h 2009-12-14 18:33:59.275781673 -0500
43721 @@ -164,7 +164,11 @@ enum
43722 KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
43726 +#ifdef CONFIG_PAX_SOFTMODE
43728 + PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
43732 /* CTL_VM names: */
43734 diff -urNp linux-2.6.32.1/include/linux/sysfs.h linux-2.6.32.1/include/linux/sysfs.h
43735 --- linux-2.6.32.1/include/linux/sysfs.h 2009-12-02 22:51:21.000000000 -0500
43736 +++ linux-2.6.32.1/include/linux/sysfs.h 2009-12-14 18:33:59.276833110 -0500
43737 @@ -75,8 +75,8 @@ struct bin_attribute {
43741 - ssize_t (*show)(struct kobject *, struct attribute *,char *);
43742 - ssize_t (*store)(struct kobject *,struct attribute *,const char *, size_t);
43743 + ssize_t (* const show)(struct kobject *, struct attribute *,char *);
43744 + ssize_t (* const store)(struct kobject *,struct attribute *,const char *, size_t);
43747 struct sysfs_dirent;
43748 diff -urNp linux-2.6.32.1/include/linux/thread_info.h linux-2.6.32.1/include/linux/thread_info.h
43749 --- linux-2.6.32.1/include/linux/thread_info.h 2009-12-02 22:51:21.000000000 -0500
43750 +++ linux-2.6.32.1/include/linux/thread_info.h 2009-12-14 18:33:59.276833110 -0500
43751 @@ -23,7 +23,7 @@ struct restart_block {
43753 /* For futex_wait and futex_wait_requeue_pi */
43756 + u32 __user *uaddr;
43760 diff -urNp linux-2.6.32.1/include/linux/tty.h linux-2.6.32.1/include/linux/tty.h
43761 --- linux-2.6.32.1/include/linux/tty.h 2009-12-02 22:51:21.000000000 -0500
43762 +++ linux-2.6.32.1/include/linux/tty.h 2009-12-14 18:33:59.297408994 -0500
43764 #include <linux/tty_driver.h>
43765 #include <linux/tty_ldisc.h>
43766 #include <linux/mutex.h>
43767 +#include <linux/poll.h>
43769 #include <asm/system.h>
43771 @@ -432,7 +433,6 @@ extern int tty_perform_flush(struct tty_
43772 extern dev_t tty_devnum(struct tty_struct *tty);
43773 extern void proc_clear_tty(struct task_struct *p);
43774 extern struct tty_struct *get_current_tty(void);
43775 -extern void tty_default_fops(struct file_operations *fops);
43776 extern struct tty_struct *alloc_tty_struct(void);
43777 extern void free_tty_struct(struct tty_struct *tty);
43778 extern void initialize_tty_struct(struct tty_struct *tty,
43779 @@ -482,6 +482,18 @@ extern void tty_ldisc_begin(void);
43780 /* This last one is just for the tty layer internals and shouldn't be used elsewhere */
43781 extern void tty_ldisc_enable(struct tty_struct *tty);
43784 +extern ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
43785 +extern ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
43786 +extern unsigned int tty_poll(struct file *, poll_table *);
43787 +#ifdef CONFIG_COMPAT
43788 +extern long tty_compat_ioctl(struct file *file, unsigned int cmd,
43789 + unsigned long arg);
43791 +#define tty_compat_ioctl NULL
43793 +extern int tty_release(struct inode *, struct file *);
43794 +extern int tty_fasync(int fd, struct file *filp, int on);
43797 extern struct tty_ldisc_ops tty_ldisc_N_TTY;
43798 diff -urNp linux-2.6.32.1/include/linux/tty_ldisc.h linux-2.6.32.1/include/linux/tty_ldisc.h
43799 --- linux-2.6.32.1/include/linux/tty_ldisc.h 2009-12-02 22:51:21.000000000 -0500
43800 +++ linux-2.6.32.1/include/linux/tty_ldisc.h 2009-12-14 18:33:59.297408994 -0500
43801 @@ -139,7 +139,7 @@ struct tty_ldisc_ops {
43803 struct module *owner;
43806 + atomic_t refcount;
43810 diff -urNp linux-2.6.32.1/include/linux/types.h linux-2.6.32.1/include/linux/types.h
43811 --- linux-2.6.32.1/include/linux/types.h 2009-12-02 22:51:21.000000000 -0500
43812 +++ linux-2.6.32.1/include/linux/types.h 2009-12-14 18:33:59.297969004 -0500
43813 @@ -191,10 +191,26 @@ typedef struct {
43814 volatile int counter;
43817 +#ifdef CONFIG_PAX_REFCOUNT
43819 + volatile int counter;
43820 +} atomic_unchecked_t;
43822 +typedef atomic_t atomic_unchecked_t;
43825 #ifdef CONFIG_64BIT
43827 volatile long counter;
43830 +#ifdef CONFIG_PAX_REFCOUNT
43832 + volatile long counter;
43833 +} atomic64_unchecked_t;
43835 +typedef atomic64_t atomic64_unchecked_t;
43840 diff -urNp linux-2.6.32.1/include/linux/uaccess.h linux-2.6.32.1/include/linux/uaccess.h
43841 --- linux-2.6.32.1/include/linux/uaccess.h 2009-12-02 22:51:21.000000000 -0500
43842 +++ linux-2.6.32.1/include/linux/uaccess.h 2009-12-14 18:33:59.297969004 -0500
43843 @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
43845 mm_segment_t old_fs = get_fs(); \
43847 - set_fs(KERNEL_DS); \
43848 pagefault_disable(); \
43849 + set_fs(KERNEL_DS); \
43850 ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
43851 - pagefault_enable(); \
43853 + pagefault_enable(); \
43857 @@ -93,7 +93,7 @@ static inline unsigned long __copy_from_
43858 * Safely read from address @src to the buffer at @dst. If a kernel fault
43859 * happens, handle that and return -EFAULT.
43861 -extern long probe_kernel_read(void *dst, void *src, size_t size);
43862 +extern long probe_kernel_read(void *dst, const void *src, size_t size);
43865 * probe_kernel_write(): safely attempt to write to a location
43866 @@ -104,6 +104,6 @@ extern long probe_kernel_read(void *dst,
43867 * Safely write to address @dst from the buffer at @src. If a kernel fault
43868 * happens, handle that and return -EFAULT.
43870 -extern long probe_kernel_write(void *dst, void *src, size_t size);
43871 +extern long probe_kernel_write(void *dst, const void *src, size_t size);
43873 #endif /* __LINUX_UACCESS_H__ */
43874 diff -urNp linux-2.6.32.1/include/linux/vmalloc.h linux-2.6.32.1/include/linux/vmalloc.h
43875 --- linux-2.6.32.1/include/linux/vmalloc.h 2009-12-02 22:51:21.000000000 -0500
43876 +++ linux-2.6.32.1/include/linux/vmalloc.h 2009-12-14 18:33:59.297969004 -0500
43877 @@ -13,6 +13,11 @@ struct vm_area_struct; /* vma defining
43878 #define VM_MAP 0x00000004 /* vmap()ed pages */
43879 #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
43880 #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
43882 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
43883 +#define VM_KERNEXEC 0x00000020 /* allocate from executable kernel memory range */
43886 /* bits [20..32] reserved for arch specific ioremap internals */
43889 @@ -121,4 +126,81 @@ struct vm_struct **pcpu_get_vm_areas(con
43891 void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms);
43893 +#define vmalloc(x) \
43895 + void *___retval; \
43896 + intoverflow_t ___x = (intoverflow_t)x; \
43897 + if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \
43898 + ___retval = NULL; \
43900 + ___retval = vmalloc((unsigned long)___x); \
43904 +#define __vmalloc(x, y, z) \
43906 + void *___retval; \
43907 + intoverflow_t ___x = (intoverflow_t)x; \
43908 + if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\
43909 + ___retval = NULL; \
43911 + ___retval = __vmalloc((unsigned long)___x, (y), (z));\
43915 +#define vmalloc_user(x) \
43917 + void *___retval; \
43918 + intoverflow_t ___x = (intoverflow_t)x; \
43919 + if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\
43920 + ___retval = NULL; \
43922 + ___retval = vmalloc_user((unsigned long)___x); \
43926 +#define vmalloc_exec(x) \
43928 + void *___retval; \
43929 + intoverflow_t ___x = (intoverflow_t)x; \
43930 + if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\
43931 + ___retval = NULL; \
43933 + ___retval = vmalloc_exec((unsigned long)___x); \
43937 +#define vmalloc_node(x, y) \
43939 + void *___retval; \
43940 + intoverflow_t ___x = (intoverflow_t)x; \
43941 + if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\
43942 + ___retval = NULL; \
43944 + ___retval = vmalloc_node((unsigned long)___x, (y));\
43948 +#define vmalloc_32(x) \
43950 + void *___retval; \
43951 + intoverflow_t ___x = (intoverflow_t)x; \
43952 + if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\
43953 + ___retval = NULL; \
43955 + ___retval = vmalloc_32((unsigned long)___x); \
43959 +#define vmalloc_32_user(x) \
43961 + void *___retval; \
43962 + intoverflow_t ___x = (intoverflow_t)x; \
43963 + if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\
43964 + ___retval = NULL; \
43966 + ___retval = vmalloc_32_user((unsigned long)___x);\
43970 #endif /* _LINUX_VMALLOC_H */
43971 diff -urNp linux-2.6.32.1/include/net/irda/ircomm_tty.h linux-2.6.32.1/include/net/irda/ircomm_tty.h
43972 --- linux-2.6.32.1/include/net/irda/ircomm_tty.h 2009-12-02 22:51:21.000000000 -0500
43973 +++ linux-2.6.32.1/include/net/irda/ircomm_tty.h 2009-12-14 18:33:59.297969004 -0500
43974 @@ -105,8 +105,8 @@ struct ircomm_tty_cb {
43975 unsigned short close_delay;
43976 unsigned short closing_wait; /* time to wait before closing */
43979 - int blocked_open; /* # of blocked opens */
43980 + atomic_t open_count;
43981 + atomic_t blocked_open; /* # of blocked opens */
43983 /* Protect concurent access to :
43984 * o self->open_count
43985 diff -urNp linux-2.6.32.1/include/net/neighbour.h linux-2.6.32.1/include/net/neighbour.h
43986 --- linux-2.6.32.1/include/net/neighbour.h 2009-12-02 22:51:21.000000000 -0500
43987 +++ linux-2.6.32.1/include/net/neighbour.h 2009-12-14 18:33:59.297969004 -0500
43988 @@ -125,12 +125,12 @@ struct neighbour
43992 - void (*solicit)(struct neighbour *, struct sk_buff*);
43993 - void (*error_report)(struct neighbour *, struct sk_buff*);
43994 - int (*output)(struct sk_buff*);
43995 - int (*connected_output)(struct sk_buff*);
43996 - int (*hh_output)(struct sk_buff*);
43997 - int (*queue_xmit)(struct sk_buff*);
43998 + void (* const solicit)(struct neighbour *, struct sk_buff*);
43999 + void (* const error_report)(struct neighbour *, struct sk_buff*);
44000 + int (* const output)(struct sk_buff*);
44001 + int (* const connected_output)(struct sk_buff*);
44002 + int (* const hh_output)(struct sk_buff*);
44003 + int (* const queue_xmit)(struct sk_buff*);
44006 struct pneigh_entry
44007 diff -urNp linux-2.6.32.1/include/net/sctp/sctp.h linux-2.6.32.1/include/net/sctp/sctp.h
44008 --- linux-2.6.32.1/include/net/sctp/sctp.h 2009-12-02 22:51:21.000000000 -0500
44009 +++ linux-2.6.32.1/include/net/sctp/sctp.h 2009-12-14 18:33:59.298976256 -0500
44010 @@ -305,8 +305,8 @@ extern int sctp_debug_flag;
44012 #else /* SCTP_DEBUG */
44014 -#define SCTP_DEBUG_PRINTK(whatever...)
44015 -#define SCTP_DEBUG_PRINTK_IPADDR(whatever...)
44016 +#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0)
44017 +#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0)
44018 #define SCTP_ENABLE_DEBUG
44019 #define SCTP_DISABLE_DEBUG
44020 #define SCTP_ASSERT(expr, str, func)
44021 diff -urNp linux-2.6.32.1/include/net/tcp.h linux-2.6.32.1/include/net/tcp.h
44022 --- linux-2.6.32.1/include/net/tcp.h 2009-12-02 22:51:21.000000000 -0500
44023 +++ linux-2.6.32.1/include/net/tcp.h 2009-12-14 18:33:59.298976256 -0500
44024 @@ -1414,6 +1414,7 @@ enum tcp_seq_states {
44025 struct tcp_seq_afinfo {
44027 sa_family_t family;
44028 + /* cannot be const */
44029 struct file_operations seq_fops;
44030 struct seq_operations seq_ops;
44032 diff -urNp linux-2.6.32.1/include/net/udp.h linux-2.6.32.1/include/net/udp.h
44033 --- linux-2.6.32.1/include/net/udp.h 2009-12-02 22:51:21.000000000 -0500
44034 +++ linux-2.6.32.1/include/net/udp.h 2009-12-14 18:33:59.298976256 -0500
44035 @@ -187,6 +187,7 @@ struct udp_seq_afinfo {
44037 sa_family_t family;
44038 struct udp_table *udp_table;
44039 + /* cannot be const */
44040 struct file_operations seq_fops;
44041 struct seq_operations seq_ops;
44043 diff -urNp linux-2.6.32.1/include/sound/ac97_codec.h linux-2.6.32.1/include/sound/ac97_codec.h
44044 --- linux-2.6.32.1/include/sound/ac97_codec.h 2009-12-02 22:51:21.000000000 -0500
44045 +++ linux-2.6.32.1/include/sound/ac97_codec.h 2009-12-14 18:33:59.310891709 -0500
44046 @@ -419,15 +419,15 @@
44049 struct snd_ac97_build_ops {
44050 - int (*build_3d) (struct snd_ac97 *ac97);
44051 - int (*build_specific) (struct snd_ac97 *ac97);
44052 - int (*build_spdif) (struct snd_ac97 *ac97);
44053 - int (*build_post_spdif) (struct snd_ac97 *ac97);
44054 + int (* const build_3d) (struct snd_ac97 *ac97);
44055 + int (* const build_specific) (struct snd_ac97 *ac97);
44056 + int (* const build_spdif) (struct snd_ac97 *ac97);
44057 + int (* const build_post_spdif) (struct snd_ac97 *ac97);
44059 - void (*suspend) (struct snd_ac97 *ac97);
44060 - void (*resume) (struct snd_ac97 *ac97);
44061 + void (* const suspend) (struct snd_ac97 *ac97);
44062 + void (* const resume) (struct snd_ac97 *ac97);
44064 - void (*update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
44065 + void (* const update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
44068 struct snd_ac97_bus_ops {
44069 @@ -477,7 +477,7 @@ struct snd_ac97_template {
44072 /* -- lowlevel (hardware) driver specific -- */
44073 - struct snd_ac97_build_ops * build_ops;
44074 + const struct snd_ac97_build_ops * build_ops;
44075 void *private_data;
44076 void (*private_free) (struct snd_ac97 *ac97);
44078 diff -urNp linux-2.6.32.1/include/video/uvesafb.h linux-2.6.32.1/include/video/uvesafb.h
44079 --- linux-2.6.32.1/include/video/uvesafb.h 2009-12-02 22:51:21.000000000 -0500
44080 +++ linux-2.6.32.1/include/video/uvesafb.h 2009-12-14 18:33:59.310891709 -0500
44081 @@ -177,6 +177,7 @@ struct uvesafb_par {
44082 u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */
44083 u8 pmi_setpal; /* PMI for palette changes */
44084 u16 *pmi_base; /* protected mode interface location */
44085 + u8 *pmi_code; /* protected mode code location */
44088 u8 *vbe_state_orig; /*
44089 diff -urNp linux-2.6.32.1/init/do_mounts.c linux-2.6.32.1/init/do_mounts.c
44090 --- linux-2.6.32.1/init/do_mounts.c 2009-12-02 22:51:21.000000000 -0500
44091 +++ linux-2.6.32.1/init/do_mounts.c 2009-12-14 18:33:59.318885471 -0500
44092 @@ -216,11 +216,11 @@ static void __init get_fs_names(char *pa
44094 static int __init do_mount_root(char *name, char *fs, int flags, void *data)
44096 - int err = sys_mount(name, "/root", fs, flags, data);
44097 + int err = sys_mount((__force char __user *)name, (__force char __user *)"/root", (__force char __user *)fs, flags, (__force void __user *)data);
44101 - sys_chdir("/root");
44102 + sys_chdir((__force char __user *)"/root");
44103 ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
44104 printk("VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
44105 current->fs->pwd.mnt->mnt_sb->s_type->name,
44106 @@ -311,18 +311,18 @@ void __init change_floppy(char *fmt, ...
44107 va_start(args, fmt);
44108 vsprintf(buf, fmt, args);
44110 - fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0);
44111 + fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0);
44113 sys_ioctl(fd, FDEJECT, 0);
44116 printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf);
44117 - fd = sys_open("/dev/console", O_RDWR, 0);
44118 + fd = sys_open((char __user *)"/dev/console", O_RDWR, 0);
44120 sys_ioctl(fd, TCGETS, (long)&termios);
44121 termios.c_lflag &= ~ICANON;
44122 sys_ioctl(fd, TCSETSF, (long)&termios);
44123 - sys_read(fd, &c, 1);
44124 + sys_read(fd, (char __user *)&c, 1);
44125 termios.c_lflag |= ICANON;
44126 sys_ioctl(fd, TCSETSF, (long)&termios);
44128 @@ -416,6 +416,6 @@ void __init prepare_namespace(void)
44131 devtmpfs_mount("dev");
44132 - sys_mount(".", "/", NULL, MS_MOVE, NULL);
44134 + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
44135 + sys_chroot((__force char __user *)".");
44137 diff -urNp linux-2.6.32.1/init/do_mounts.h linux-2.6.32.1/init/do_mounts.h
44138 --- linux-2.6.32.1/init/do_mounts.h 2009-12-02 22:51:21.000000000 -0500
44139 +++ linux-2.6.32.1/init/do_mounts.h 2009-12-14 18:33:59.336104253 -0500
44140 @@ -15,15 +15,15 @@ extern int root_mountflags;
44142 static inline int create_dev(char *name, dev_t dev)
44144 - sys_unlink(name);
44145 - return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
44146 + sys_unlink((__force char __user *)name);
44147 + return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
44150 #if BITS_PER_LONG == 32
44151 static inline u32 bstat(char *name)
44153 struct stat64 stat;
44154 - if (sys_stat64(name, &stat) != 0)
44155 + if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0)
44157 if (!S_ISBLK(stat.st_mode))
44159 diff -urNp linux-2.6.32.1/init/do_mounts_initrd.c linux-2.6.32.1/init/do_mounts_initrd.c
44160 --- linux-2.6.32.1/init/do_mounts_initrd.c 2009-12-02 22:51:21.000000000 -0500
44161 +++ linux-2.6.32.1/init/do_mounts_initrd.c 2009-12-14 18:33:59.343788319 -0500
44162 @@ -32,7 +32,7 @@ static int __init do_linuxrc(void * shel
44163 sys_close(old_fd);sys_close(root_fd);
44164 sys_close(0);sys_close(1);sys_close(2);
44166 - (void) sys_open("/dev/console",O_RDWR,0);
44167 + (void) sys_open((__force const char __user *)"/dev/console",O_RDWR,0);
44170 return kernel_execve(shell, argv, envp_init);
44171 @@ -47,13 +47,13 @@ static void __init handle_initrd(void)
44172 create_dev("/dev/root.old", Root_RAM0);
44173 /* mount initrd on rootfs' /root */
44174 mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
44175 - sys_mkdir("/old", 0700);
44176 - root_fd = sys_open("/", 0, 0);
44177 - old_fd = sys_open("/old", 0, 0);
44178 + sys_mkdir((__force const char __user *)"/old", 0700);
44179 + root_fd = sys_open((__force const char __user *)"/", 0, 0);
44180 + old_fd = sys_open((__force const char __user *)"/old", 0, 0);
44181 /* move initrd over / and chdir/chroot in initrd root */
44182 - sys_chdir("/root");
44183 - sys_mount(".", "/", NULL, MS_MOVE, NULL);
44185 + sys_chdir((__force const char __user *)"/root");
44186 + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
44187 + sys_chroot((__force const char __user *)".");
44190 * In case that a resume from disk is carried out by linuxrc or one of
44191 @@ -70,15 +70,15 @@ static void __init handle_initrd(void)
44193 /* move initrd to rootfs' /old */
44194 sys_fchdir(old_fd);
44195 - sys_mount("/", ".", NULL, MS_MOVE, NULL);
44196 + sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL);
44197 /* switch root and cwd back to / of rootfs */
44198 sys_fchdir(root_fd);
44200 + sys_chroot((__force const char __user *)".");
44202 sys_close(root_fd);
44204 if (new_decode_dev(real_root_dev) == Root_RAM0) {
44205 - sys_chdir("/old");
44206 + sys_chdir((__force const char __user *)"/old");
44210 @@ -86,17 +86,17 @@ static void __init handle_initrd(void)
44213 printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
44214 - error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
44215 + error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
44219 - int fd = sys_open("/dev/root.old", O_RDWR, 0);
44220 + int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0);
44221 if (error == -ENOENT)
44222 printk("/initrd does not exist. Ignored.\n");
44224 printk("failed\n");
44225 printk(KERN_NOTICE "Unmounting old root\n");
44226 - sys_umount("/old", MNT_DETACH);
44227 + sys_umount((__force char __user *)"/old", MNT_DETACH);
44228 printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
44231 @@ -119,11 +119,11 @@ int __init initrd_load(void)
44232 * mounted in the normal path.
44234 if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
44235 - sys_unlink("/initrd.image");
44236 + sys_unlink((__force const char __user *)"/initrd.image");
44241 - sys_unlink("/initrd.image");
44242 + sys_unlink((__force const char __user *)"/initrd.image");
44245 diff -urNp linux-2.6.32.1/init/do_mounts_md.c linux-2.6.32.1/init/do_mounts_md.c
44246 --- linux-2.6.32.1/init/do_mounts_md.c 2009-12-02 22:51:21.000000000 -0500
44247 +++ linux-2.6.32.1/init/do_mounts_md.c 2009-12-14 18:33:59.351385043 -0500
44248 @@ -170,7 +170,7 @@ static void __init md_setup_drive(void)
44249 partitioned ? "_d" : "", minor,
44250 md_setup_args[ent].device_names);
44252 - fd = sys_open(name, 0, 0);
44253 + fd = sys_open((__force char __user *)name, 0, 0);
44255 printk(KERN_ERR "md: open failed - cannot start "
44256 "array %s\n", name);
44257 @@ -233,7 +233,7 @@ static void __init md_setup_drive(void)
44261 - fd = sys_open(name, 0, 0);
44262 + fd = sys_open((__force char __user *)name, 0, 0);
44263 sys_ioctl(fd, BLKRRPART, 0);
44266 @@ -283,7 +283,7 @@ static void __init autodetect_raid(void)
44268 wait_for_device_probe();
44270 - fd = sys_open("/dev/md0", 0, 0);
44271 + fd = sys_open((__force char __user *)"/dev/md0", 0, 0);
44273 sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
44275 diff -urNp linux-2.6.32.1/init/initramfs.c linux-2.6.32.1/init/initramfs.c
44276 --- linux-2.6.32.1/init/initramfs.c 2009-12-02 22:51:21.000000000 -0500
44277 +++ linux-2.6.32.1/init/initramfs.c 2009-12-14 18:33:59.361708906 -0500
44278 @@ -74,7 +74,7 @@ static void __init free_hash(void)
44282 -static long __init do_utime(char __user *filename, time_t mtime)
44283 +static long __init do_utime(__force char __user *filename, time_t mtime)
44285 struct timespec t[2];
44287 @@ -109,7 +109,7 @@ static void __init dir_utime(void)
44288 struct dir_entry *de, *tmp;
44289 list_for_each_entry_safe(de, tmp, &dir_list, list) {
44290 list_del(&de->list);
44291 - do_utime(de->name, de->mtime);
44292 + do_utime((__force char __user *)de->name, de->mtime);
44296 @@ -271,7 +271,7 @@ static int __init maybe_link(void)
44298 char *old = find_link(major, minor, ino, mode, collected);
44300 - return (sys_link(old, collected) < 0) ? -1 : 1;
44301 + return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1;
44305 @@ -280,11 +280,11 @@ static void __init clean_path(char *path
44309 - if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
44310 + if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
44311 if (S_ISDIR(st.st_mode))
44313 + sys_rmdir((__force char __user *)path);
44315 - sys_unlink(path);
44316 + sys_unlink((__force char __user *)path);
44320 @@ -305,7 +305,7 @@ static int __init do_name(void)
44321 int openflags = O_WRONLY|O_CREAT;
44323 openflags |= O_TRUNC;
44324 - wfd = sys_open(collected, openflags, mode);
44325 + wfd = sys_open((__force char __user *)collected, openflags, mode);
44328 sys_fchown(wfd, uid, gid);
44329 @@ -317,17 +317,17 @@ static int __init do_name(void)
44332 } else if (S_ISDIR(mode)) {
44333 - sys_mkdir(collected, mode);
44334 - sys_chown(collected, uid, gid);
44335 - sys_chmod(collected, mode);
44336 + sys_mkdir((__force char __user *)collected, mode);
44337 + sys_chown((__force char __user *)collected, uid, gid);
44338 + sys_chmod((__force char __user *)collected, mode);
44339 dir_add(collected, mtime);
44340 } else if (S_ISBLK(mode) || S_ISCHR(mode) ||
44341 S_ISFIFO(mode) || S_ISSOCK(mode)) {
44342 if (maybe_link() == 0) {
44343 - sys_mknod(collected, mode, rdev);
44344 - sys_chown(collected, uid, gid);
44345 - sys_chmod(collected, mode);
44346 - do_utime(collected, mtime);
44347 + sys_mknod((__force char __user *)collected, mode, rdev);
44348 + sys_chown((__force char __user *)collected, uid, gid);
44349 + sys_chmod((__force char __user *)collected, mode);
44350 + do_utime((__force char __user *)collected, mtime);
44354 @@ -336,15 +336,15 @@ static int __init do_name(void)
44355 static int __init do_copy(void)
44357 if (count >= body_len) {
44358 - sys_write(wfd, victim, body_len);
44359 + sys_write(wfd, (__force char __user *)victim, body_len);
44361 - do_utime(vcollected, mtime);
44362 + do_utime((__force char __user *)vcollected, mtime);
44368 - sys_write(wfd, victim, count);
44369 + sys_write(wfd, (__force char __user *)victim, count);
44373 @@ -355,9 +355,9 @@ static int __init do_symlink(void)
44375 collected[N_ALIGN(name_len) + body_len] = '\0';
44376 clean_path(collected, 0);
44377 - sys_symlink(collected + N_ALIGN(name_len), collected);
44378 - sys_lchown(collected, uid, gid);
44379 - do_utime(collected, mtime);
44380 + sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected);
44381 + sys_lchown((__force char __user *)collected, uid, gid);
44382 + do_utime((__force char __user *)collected, mtime);
44384 next_state = Reset;
44386 diff -urNp linux-2.6.32.1/init/Kconfig linux-2.6.32.1/init/Kconfig
44387 --- linux-2.6.32.1/init/Kconfig 2009-12-02 22:51:21.000000000 -0500
44388 +++ linux-2.6.32.1/init/Kconfig 2009-12-14 18:33:59.372736129 -0500
44389 @@ -1026,7 +1026,7 @@ config SLUB_DEBUG
44392 bool "Disable heap randomization"
44396 Randomizing heap placement makes heap exploits harder, but it
44397 also breaks ancient binaries (including anything libc5 based).
44398 @@ -1116,9 +1116,9 @@ config HAVE_GENERIC_DMA_COHERENT
44402 - depends on PROC_FS
44403 + depends on PROC_FS && !GRKERNSEC_PROC_ADD
44404 depends on SLAB || SLUB_DEBUG
44410 diff -urNp linux-2.6.32.1/init/main.c linux-2.6.32.1/init/main.c
44411 --- linux-2.6.32.1/init/main.c 2009-12-02 22:51:21.000000000 -0500
44412 +++ linux-2.6.32.1/init/main.c 2009-12-14 18:33:59.389911000 -0500
44413 @@ -97,6 +97,7 @@ static inline void mark_rodata_ro(void)
44415 extern void tc_init(void);
44417 +extern void grsecurity_init(void);
44419 enum system_states system_state __read_mostly;
44420 EXPORT_SYMBOL(system_state);
44421 @@ -183,6 +184,35 @@ static int __init set_reset_devices(char
44423 __setup("reset_devices", set_reset_devices);
44425 +#if defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32)
44426 +static int __init setup_pax_nouderef(char *str)
44428 + unsigned int cpu;
44430 + for (cpu = 0; cpu < NR_CPUS; cpu++) {
44431 + get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3;
44432 + get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf;
44434 + asm("mov %0, %%ds" : : "r" (__KERNEL_DS) : "memory");
44435 + asm("mov %0, %%es" : : "r" (__KERNEL_DS) : "memory");
44436 + asm("mov %0, %%ss" : : "r" (__KERNEL_DS) : "memory");
44440 +early_param("pax_nouderef", setup_pax_nouderef);
44443 +#ifdef CONFIG_PAX_SOFTMODE
44444 +unsigned int pax_softmode;
44446 +static int __init setup_pax_softmode(char *str)
44448 + get_option(&str, &pax_softmode);
44451 +__setup("pax_softmode=", setup_pax_softmode);
44454 static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
44455 char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
44456 static const char *panic_later, *panic_param;
44457 @@ -702,52 +732,53 @@ int initcall_debug;
44458 core_param(initcall_debug, initcall_debug, bool, 0644);
44460 static char msgbuf[64];
44461 -static struct boot_trace_call call;
44462 -static struct boot_trace_ret ret;
44463 +static struct boot_trace_call trace_call;
44464 +static struct boot_trace_ret trace_ret;
44466 int do_one_initcall(initcall_t fn)
44468 int count = preempt_count();
44469 ktime_t calltime, delta, rettime;
44470 + const char *msg1 = "", *msg2 = "";
44472 if (initcall_debug) {
44473 - call.caller = task_pid_nr(current);
44474 - printk("calling %pF @ %i\n", fn, call.caller);
44475 + trace_call.caller = task_pid_nr(current);
44476 + printk("calling %pF @ %i\n", fn, trace_call.caller);
44477 calltime = ktime_get();
44478 - trace_boot_call(&call, fn);
44479 + trace_boot_call(&trace_call, fn);
44480 enable_boot_trace();
44483 - ret.result = fn();
44484 + trace_ret.result = fn();
44486 if (initcall_debug) {
44487 disable_boot_trace();
44488 rettime = ktime_get();
44489 delta = ktime_sub(rettime, calltime);
44490 - ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10;
44491 - trace_boot_ret(&ret, fn);
44492 + trace_ret.duration = (unsigned long long) ktime_to_ns(delta) >> 10;
44493 + trace_boot_ret(&trace_ret, fn);
44494 printk("initcall %pF returned %d after %Ld usecs\n", fn,
44495 - ret.result, ret.duration);
44496 + trace_ret.result, trace_ret.duration);
44501 - if (ret.result && ret.result != -ENODEV && initcall_debug)
44502 - sprintf(msgbuf, "error code %d ", ret.result);
44503 + if (trace_ret.result && trace_ret.result != -ENODEV && initcall_debug)
44504 + sprintf(msgbuf, "error code %d ", trace_ret.result);
44506 if (preempt_count() != count) {
44507 - strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf));
44508 + msg1 = " preemption imbalance";
44509 preempt_count() = count;
44511 if (irqs_disabled()) {
44512 - strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
44513 + msg2 = " disabled interrupts";
44514 local_irq_enable();
44517 - printk("initcall %pF returned with %s\n", fn, msgbuf);
44518 + if (msgbuf[0] || *msg1 || *msg2) {
44519 + printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2);
44522 - return ret.result;
44523 + return trace_ret.result;
44527 @@ -886,11 +917,13 @@ static int __init kernel_init(void * unu
44528 if (!ramdisk_execute_command)
44529 ramdisk_execute_command = "/init";
44531 - if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
44532 + if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) {
44533 ramdisk_execute_command = NULL;
44534 prepare_namespace();
44537 + grsecurity_init();
44540 * Ok, we have completed the initial bootup, and
44541 * we're essentially up and running. Get rid of the
44542 diff -urNp linux-2.6.32.1/init/noinitramfs.c linux-2.6.32.1/init/noinitramfs.c
44543 --- linux-2.6.32.1/init/noinitramfs.c 2009-12-02 22:51:21.000000000 -0500
44544 +++ linux-2.6.32.1/init/noinitramfs.c 2009-12-14 18:33:59.390888592 -0500
44545 @@ -29,7 +29,7 @@ static int __init default_rootfs(void)
44549 - err = sys_mkdir("/dev", 0755);
44550 + err = sys_mkdir((const char __user *)"/dev", 0755);
44554 @@ -39,7 +39,7 @@ static int __init default_rootfs(void)
44558 - err = sys_mkdir("/root", 0700);
44559 + err = sys_mkdir((const char __user *)"/root", 0700);
44563 diff -urNp linux-2.6.32.1/ipc/ipc_sysctl.c linux-2.6.32.1/ipc/ipc_sysctl.c
44564 --- linux-2.6.32.1/ipc/ipc_sysctl.c 2009-12-02 22:51:21.000000000 -0500
44565 +++ linux-2.6.32.1/ipc/ipc_sysctl.c 2009-12-14 18:33:59.390888592 -0500
44566 @@ -267,7 +267,7 @@ static struct ctl_table ipc_kern_table[]
44571 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
44574 static struct ctl_table ipc_root_table[] = {
44575 @@ -277,7 +277,7 @@ static struct ctl_table ipc_root_table[]
44577 .child = ipc_kern_table,
44580 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
44583 static int __init ipc_sysctl_init(void)
44584 diff -urNp linux-2.6.32.1/ipc/mqueue.c linux-2.6.32.1/ipc/mqueue.c
44585 --- linux-2.6.32.1/ipc/mqueue.c 2009-12-02 22:51:21.000000000 -0500
44586 +++ linux-2.6.32.1/ipc/mqueue.c 2009-12-14 18:33:59.391720347 -0500
44587 @@ -150,6 +150,7 @@ static struct inode *mqueue_get_inode(st
44588 mq_bytes = (mq_msg_tblsz +
44589 (info->attr.mq_maxmsg * info->attr.mq_msgsize));
44591 + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
44592 spin_lock(&mq_lock);
44593 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
44594 u->mq_bytes + mq_bytes >
44595 diff -urNp linux-2.6.32.1/ipc/shm.c linux-2.6.32.1/ipc/shm.c
44596 --- linux-2.6.32.1/ipc/shm.c 2009-12-02 22:51:21.000000000 -0500
44597 +++ linux-2.6.32.1/ipc/shm.c 2009-12-14 18:33:59.391720347 -0500
44598 @@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
44599 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
44602 +#ifdef CONFIG_GRKERNSEC
44603 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
44604 + const time_t shm_createtime, const uid_t cuid,
44605 + const int shmid);
44606 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
44607 + const time_t shm_createtime);
44610 void shm_init_ns(struct ipc_namespace *ns)
44612 ns->shm_ctlmax = SHMMAX;
44613 @@ -395,6 +403,14 @@ static int newseg(struct ipc_namespace *
44614 shp->shm_lprid = 0;
44615 shp->shm_atim = shp->shm_dtim = 0;
44616 shp->shm_ctim = get_seconds();
44617 +#ifdef CONFIG_GRKERNSEC
44619 + struct timespec timeval;
44620 + do_posix_clock_monotonic_gettime(&timeval);
44622 + shp->shm_createtime = timeval.tv_sec;
44625 shp->shm_segsz = size;
44626 shp->shm_nattch = 0;
44627 shp->shm_file = file;
44628 @@ -878,9 +894,21 @@ long do_shmat(int shmid, char __user *sh
44632 +#ifdef CONFIG_GRKERNSEC
44633 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
44634 + shp->shm_perm.cuid, shmid) ||
44635 + !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
44641 path.dentry = dget(shp->shm_file->f_path.dentry);
44642 path.mnt = shp->shm_file->f_path.mnt;
44644 +#ifdef CONFIG_GRKERNSEC
44645 + shp->shm_lapid = current->pid;
44647 size = i_size_read(path.dentry->d_inode);
44650 diff -urNp linux-2.6.32.1/kernel/acct.c linux-2.6.32.1/kernel/acct.c
44651 --- linux-2.6.32.1/kernel/acct.c 2009-12-02 22:51:21.000000000 -0500
44652 +++ linux-2.6.32.1/kernel/acct.c 2009-12-14 18:33:59.391720347 -0500
44653 @@ -578,7 +578,7 @@ static void do_acct_process(struct bsd_a
44655 flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
44656 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
44657 - file->f_op->write(file, (char *)&ac,
44658 + file->f_op->write(file, (__force char __user *)&ac,
44659 sizeof(acct_t), &file->f_pos);
44660 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
44662 diff -urNp linux-2.6.32.1/kernel/capability.c linux-2.6.32.1/kernel/capability.c
44663 --- linux-2.6.32.1/kernel/capability.c 2009-12-02 22:51:21.000000000 -0500
44664 +++ linux-2.6.32.1/kernel/capability.c 2009-12-14 18:33:59.392777275 -0500
44665 @@ -306,10 +306,21 @@ int capable(int cap)
44669 - if (security_capable(cap) == 0) {
44670 + if (security_capable(cap) == 0 && gr_is_capable(cap)) {
44671 current->flags |= PF_SUPERPRIV;
44677 +int capable_nolog(int cap)
44679 + if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {
44680 + current->flags |= PF_SUPERPRIV;
44686 EXPORT_SYMBOL(capable);
44687 +EXPORT_SYMBOL(capable_nolog);
44688 diff -urNp linux-2.6.32.1/kernel/configs.c linux-2.6.32.1/kernel/configs.c
44689 --- linux-2.6.32.1/kernel/configs.c 2009-12-02 22:51:21.000000000 -0500
44690 +++ linux-2.6.32.1/kernel/configs.c 2009-12-14 18:33:59.392777275 -0500
44691 @@ -73,8 +73,19 @@ static int __init ikconfig_init(void)
44692 struct proc_dir_entry *entry;
44694 /* create the current config file */
44695 +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
44696 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_HIDESYM)
44697 + entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL,
44698 + &ikconfig_file_ops);
44699 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
44700 + entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL,
44701 + &ikconfig_file_ops);
44704 entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL,
44705 &ikconfig_file_ops);
44711 diff -urNp linux-2.6.32.1/kernel/cpu.c linux-2.6.32.1/kernel/cpu.c
44712 --- linux-2.6.32.1/kernel/cpu.c 2009-12-02 22:51:21.000000000 -0500
44713 +++ linux-2.6.32.1/kernel/cpu.c 2009-12-14 18:33:59.421104502 -0500
44715 /* Serializes the updates to cpu_online_mask, cpu_present_mask */
44716 static DEFINE_MUTEX(cpu_add_remove_lock);
44718 -static __cpuinitdata RAW_NOTIFIER_HEAD(cpu_chain);
44719 +static RAW_NOTIFIER_HEAD(cpu_chain);
44721 /* If set, cpu_up and cpu_down will return -EBUSY and do nothing.
44722 * Should always be manipulated under cpu_add_remove_lock
44723 diff -urNp linux-2.6.32.1/kernel/cred.c linux-2.6.32.1/kernel/cred.c
44724 --- linux-2.6.32.1/kernel/cred.c 2009-12-02 22:51:21.000000000 -0500
44725 +++ linux-2.6.32.1/kernel/cred.c 2009-12-14 18:33:59.433855426 -0500
44726 @@ -520,6 +520,8 @@ int commit_creds(struct cred *new)
44728 get_cred(new); /* we will require a ref for the subj creds too */
44730 + gr_set_role_label(task, new->uid, new->gid);
44732 /* dumpability changes */
44733 if (old->euid != new->euid ||
44734 old->egid != new->egid ||
44735 diff -urNp linux-2.6.32.1/kernel/exit.c linux-2.6.32.1/kernel/exit.c
44736 --- linux-2.6.32.1/kernel/exit.c 2009-12-02 22:51:21.000000000 -0500
44737 +++ linux-2.6.32.1/kernel/exit.c 2009-12-14 18:33:59.433855426 -0500
44739 #include <asm/mmu_context.h>
44740 #include "cred-internals.h"
44742 +#ifdef CONFIG_GRKERNSEC
44743 +extern rwlock_t grsec_exec_file_lock;
44746 static void exit_mm(struct task_struct * tsk);
44748 static void __unhash_process(struct task_struct *p)
44749 @@ -167,6 +171,8 @@ void release_task(struct task_struct * p
44750 struct task_struct *leader;
44753 + gr_del_task_from_ip_table(p);
44755 tracehook_prepare_release_task(p);
44756 /* don't need to get the RCU readlock here - the process is dead and
44757 * can't be modifying its own credentials */
44758 @@ -334,11 +340,22 @@ static void reparent_to_kthreadd(void)
44760 write_lock_irq(&tasklist_lock);
44762 +#ifdef CONFIG_GRKERNSEC
44763 + write_lock(&grsec_exec_file_lock);
44764 + if (current->exec_file) {
44765 + fput(current->exec_file);
44766 + current->exec_file = NULL;
44768 + write_unlock(&grsec_exec_file_lock);
44771 ptrace_unlink(current);
44772 /* Reparent to init */
44773 current->real_parent = current->parent = kthreadd_task;
44774 list_move_tail(¤t->sibling, ¤t->real_parent->children);
44776 + gr_set_kernel_label(current);
44778 /* Set the exit signal to SIGCHLD so we signal init on exit */
44779 current->exit_signal = SIGCHLD;
44781 @@ -390,7 +407,7 @@ int allow_signal(int sig)
44782 * know it'll be handled, so that they don't get converted to
44783 * SIGKILL or just silently dropped.
44785 - current->sighand->action[(sig)-1].sa.sa_handler = (void __user *)2;
44786 + current->sighand->action[(sig)-1].sa.sa_handler = (__force void __user *)2;
44787 recalc_sigpending();
44788 spin_unlock_irq(¤t->sighand->siglock);
44790 @@ -426,6 +443,17 @@ void daemonize(const char *name, ...)
44791 vsnprintf(current->comm, sizeof(current->comm), name, args);
44794 +#ifdef CONFIG_GRKERNSEC
44795 + write_lock(&grsec_exec_file_lock);
44796 + if (current->exec_file) {
44797 + fput(current->exec_file);
44798 + current->exec_file = NULL;
44800 + write_unlock(&grsec_exec_file_lock);
44803 + gr_set_kernel_label(current);
44806 * If we were started as result of loading a module, close all of the
44807 * user space pages. We don't need them, and if we didn't close them
44808 @@ -957,6 +985,9 @@ NORET_TYPE void do_exit(long code)
44809 tsk->exit_code = code;
44810 taskstats_exit(tsk, group_dead);
44812 + gr_acl_handle_psacct(tsk, code);
44813 + gr_acl_handle_exit();
44818 @@ -1172,7 +1203,7 @@ static int wait_task_zombie(struct wait_
44820 if (unlikely(wo->wo_flags & WNOWAIT)) {
44821 int exit_code = p->exit_code;
44825 get_task_struct(p);
44826 read_unlock(&tasklist_lock);
44827 diff -urNp linux-2.6.32.1/kernel/fork.c linux-2.6.32.1/kernel/fork.c
44828 --- linux-2.6.32.1/kernel/fork.c 2009-12-02 22:51:21.000000000 -0500
44829 +++ linux-2.6.32.1/kernel/fork.c 2009-12-14 18:33:59.434987332 -0500
44830 @@ -253,7 +253,7 @@ static struct task_struct *dup_task_stru
44831 *stackend = STACK_END_MAGIC; /* for overflow detection */
44833 #ifdef CONFIG_CC_STACKPROTECTOR
44834 - tsk->stack_canary = get_random_int();
44835 + tsk->stack_canary = pax_get_random_long();
44838 /* One for us, one for whoever does the "release_task()" (usually parent) */
44839 @@ -293,8 +293,8 @@ static int dup_mmap(struct mm_struct *mm
44842 mm->mmap_cache = NULL;
44843 - mm->free_area_cache = oldmm->mmap_base;
44844 - mm->cached_hole_size = ~0UL;
44845 + mm->free_area_cache = oldmm->free_area_cache;
44846 + mm->cached_hole_size = oldmm->cached_hole_size;
44848 cpumask_clear(mm_cpumask(mm));
44849 mm->mm_rb = RB_ROOT;
44850 @@ -334,6 +334,7 @@ static int dup_mmap(struct mm_struct *mm
44851 tmp->vm_flags &= ~VM_LOCKED;
44853 tmp->vm_next = NULL;
44854 + tmp->vm_mirror = NULL;
44855 anon_vma_link(tmp);
44856 file = tmp->vm_file;
44858 @@ -381,6 +382,31 @@ static int dup_mmap(struct mm_struct *mm
44863 +#ifdef CONFIG_PAX_SEGMEXEC
44864 + if (oldmm->pax_flags & MF_PAX_SEGMEXEC) {
44865 + struct vm_area_struct *mpnt_m;
44867 + for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next, mpnt_m = mpnt_m->vm_next) {
44868 + BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm);
44870 + if (!mpnt->vm_mirror)
44873 + if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) {
44874 + BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt);
44875 + mpnt->vm_mirror = mpnt_m;
44877 + BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm);
44878 + mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror;
44879 + mpnt_m->vm_mirror->vm_mirror = mpnt_m;
44880 + mpnt->vm_mirror->vm_mirror = mpnt;
44887 /* a new mm has just been created */
44888 arch_dup_mmap(oldmm, mm);
44890 @@ -731,7 +757,7 @@ static int copy_fs(unsigned long clone_f
44891 write_unlock(&fs->lock);
44895 + atomic_inc(&fs->users);
44896 write_unlock(&fs->lock);
44899 @@ -1084,6 +1084,9 @@ static struct task_struct *copy_process(
44901 if (!vx_nproc_avail(1))
44902 goto bad_fork_cleanup_vm;
44904 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0);
44906 if (atomic_read(&p->real_cred->user->processes) >=
44907 p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
44908 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
44909 @@ -1179,6 +1208,8 @@ static struct task_struct *copy_process(
44910 goto bad_fork_free_pid;
44913 + gr_copy_label(p);
44915 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
44917 * Clear TID on mm_release()?
44918 @@ -1344,6 +1375,8 @@ bad_fork_cleanup_count:
44922 + gr_log_forkfail(retval);
44924 return ERR_PTR(retval);
44927 @@ -1437,6 +1470,8 @@ long do_fork(unsigned long clone_flags,
44928 if (clone_flags & CLONE_PARENT_SETTID)
44929 put_user(nr, parent_tidptr);
44931 + gr_handle_brute_check();
44933 if (clone_flags & CLONE_VFORK) {
44934 p->vfork_done = &vfork;
44935 init_completion(&vfork);
44936 @@ -1569,7 +1604,7 @@ static int unshare_fs(unsigned long unsh
44939 /* don't need lock here; in the worst case we'll do useless copy */
44940 - if (fs->users == 1)
44941 + if (atomic_read(&fs->users) == 1)
44944 *new_fsp = copy_fs_struct(fs);
44945 @@ -1692,7 +1727,7 @@ SYSCALL_DEFINE1(unshare, unsigned long,
44947 write_lock(&fs->lock);
44948 current->fs = new_fs;
44950 + if (atomic_dec_return(&fs->users))
44954 diff -urNp linux-2.6.32.1/kernel/futex.c linux-2.6.32.1/kernel/futex.c
44955 --- linux-2.6.32.1/kernel/futex.c 2009-12-02 22:51:21.000000000 -0500
44956 +++ linux-2.6.32.1/kernel/futex.c 2009-12-14 18:33:59.435994462 -0500
44958 #include <linux/mount.h>
44959 #include <linux/pagemap.h>
44960 #include <linux/syscalls.h>
44961 +#include <linux/ptrace.h>
44962 #include <linux/signal.h>
44963 #include <linux/module.h>
44964 #include <linux/magic.h>
44965 @@ -223,6 +224,11 @@ get_futex_key(u32 __user *uaddr, int fsh
44969 +#ifdef CONFIG_PAX_SEGMEXEC
44970 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE)
44975 * The futex address must be "naturally" aligned.
44977 @@ -1825,7 +1831,7 @@ retry:
44979 restart = ¤t_thread_info()->restart_block;
44980 restart->fn = futex_wait_restart;
44981 - restart->futex.uaddr = (u32 *)uaddr;
44982 + restart->futex.uaddr = uaddr;
44983 restart->futex.val = val;
44984 restart->futex.time = abs_time->tv64;
44985 restart->futex.bitset = bitset;
44986 @@ -2358,7 +2364,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
44988 struct robust_list_head __user *head;
44990 - const struct cred *cred = current_cred(), *pcred;
44991 +#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
44992 + const struct cred *cred = current_cred();
44993 + const struct cred *pcred;
44996 if (!futex_cmpxchg_enabled)
44998 @@ -2374,11 +2383,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
45002 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
45003 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
45006 pcred = __task_cred(p);
45007 if (cred->euid != pcred->euid &&
45008 cred->euid != pcred->uid &&
45009 !capable(CAP_SYS_PTRACE))
45012 head = p->robust_list;
45015 @@ -2440,7 +2454,7 @@ retry:
45017 static inline int fetch_robust_entry(struct robust_list __user **entry,
45018 struct robust_list __user * __user *head,
45020 + unsigned int *pi)
45022 unsigned long uentry;
45024 diff -urNp linux-2.6.32.1/kernel/futex_compat.c linux-2.6.32.1/kernel/futex_compat.c
45025 --- linux-2.6.32.1/kernel/futex_compat.c 2009-12-02 22:51:21.000000000 -0500
45026 +++ linux-2.6.32.1/kernel/futex_compat.c 2009-12-14 18:33:59.435994462 -0500
45028 #include <linux/compat.h>
45029 #include <linux/nsproxy.h>
45030 #include <linux/futex.h>
45031 +#include <linux/ptrace.h>
45033 #include <asm/uaccess.h>
45035 @@ -135,7 +136,10 @@ compat_sys_get_robust_list(int pid, comp
45037 struct compat_robust_list_head __user *head;
45039 - const struct cred *cred = current_cred(), *pcred;
45040 + const struct cred *cred = current_cred();
45041 +#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
45042 + const struct cred *pcred;
45045 if (!futex_cmpxchg_enabled)
45047 @@ -151,11 +155,16 @@ compat_sys_get_robust_list(int pid, comp
45051 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
45052 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
45055 pcred = __task_cred(p);
45056 if (cred->euid != pcred->euid &&
45057 cred->euid != pcred->uid &&
45058 !capable(CAP_SYS_PTRACE))
45061 head = p->compat_robust_list;
45062 read_unlock(&tasklist_lock);
45064 diff -urNp linux-2.6.32.1/kernel/gcov/base.c linux-2.6.32.1/kernel/gcov/base.c
45065 --- linux-2.6.32.1/kernel/gcov/base.c 2009-12-02 22:51:21.000000000 -0500
45066 +++ linux-2.6.32.1/kernel/gcov/base.c 2009-12-14 18:33:59.435994462 -0500
45067 @@ -102,11 +102,6 @@ void gcov_enable_events(void)
45070 #ifdef CONFIG_MODULES
45071 -static inline int within(void *addr, void *start, unsigned long size)
45073 - return ((addr >= start) && (addr < start + size));
45076 /* Update list and generate events when modules are unloaded. */
45077 static int gcov_module_notifier(struct notifier_block *nb, unsigned long event,
45079 @@ -121,7 +116,7 @@ static int gcov_module_notifier(struct n
45081 /* Remove entries located in module from linked list. */
45082 for (info = gcov_info_head; info; info = info->next) {
45083 - if (within(info, mod->module_core, mod->core_size)) {
45084 + if (within_module_core_rw((unsigned long)info, mod)) {
45086 prev->next = info->next;
45088 diff -urNp linux-2.6.32.1/kernel/kallsyms.c linux-2.6.32.1/kernel/kallsyms.c
45089 --- linux-2.6.32.1/kernel/kallsyms.c 2009-12-02 22:51:21.000000000 -0500
45090 +++ linux-2.6.32.1/kernel/kallsyms.c 2009-12-14 18:33:59.435994462 -0500
45092 * Changed the compression method from stem compression to "table lookup"
45093 * compression (see scripts/kallsyms.c for a more complete description)
45095 +#ifdef CONFIG_GRKERNSEC_HIDESYM
45096 +#define __INCLUDED_BY_HIDESYM 1
45098 #include <linux/kallsyms.h>
45099 #include <linux/module.h>
45100 #include <linux/init.h>
45101 @@ -51,6 +54,9 @@ extern const unsigned long kallsyms_mark
45103 static inline int is_kernel_inittext(unsigned long addr)
45105 + if (system_state != SYSTEM_BOOTING)
45108 if (addr >= (unsigned long)_sinittext
45109 && addr <= (unsigned long)_einittext)
45111 @@ -67,6 +73,9 @@ static inline int is_kernel_text(unsigne
45113 static inline int is_kernel(unsigned long addr)
45115 + if (is_kernel_inittext(addr))
45118 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
45120 return in_gate_area_no_task(addr);
45121 @@ -413,7 +422,6 @@ static unsigned long get_ksymbol_core(st
45123 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
45125 - iter->name[0] = '\0';
45126 iter->nameoff = get_symbol_offset(new_pos);
45127 iter->pos = new_pos;
45129 @@ -461,6 +469,11 @@ static int s_show(struct seq_file *m, vo
45131 struct kallsym_iter *iter = m->private;
45133 +#ifdef CONFIG_GRKERNSEC_HIDESYM
45134 + if (current_uid())
45138 /* Some debugging symbols have no name. Ignore them. */
45139 if (!iter->name[0])
45141 @@ -501,7 +514,7 @@ static int kallsyms_open(struct inode *i
45142 struct kallsym_iter *iter;
45145 - iter = kmalloc(sizeof(*iter), GFP_KERNEL);
45146 + iter = kzalloc(sizeof(*iter), GFP_KERNEL);
45149 reset_iter(iter, 0);
45150 diff -urNp linux-2.6.32.1/kernel/kgdb.c linux-2.6.32.1/kernel/kgdb.c
45151 --- linux-2.6.32.1/kernel/kgdb.c 2009-12-02 22:51:21.000000000 -0500
45152 +++ linux-2.6.32.1/kernel/kgdb.c 2009-12-14 18:33:59.437005376 -0500
45153 @@ -86,7 +86,7 @@ static int kgdb_io_module_registered;
45154 /* Guard for recursive entry */
45155 static int exception_level;
45157 -static struct kgdb_io *kgdb_io_ops;
45158 +static const struct kgdb_io *kgdb_io_ops;
45159 static DEFINE_SPINLOCK(kgdb_registration_lock);
45161 /* kgdb console driver is loaded */
45162 @@ -1637,7 +1637,7 @@ static void kgdb_initial_breakpoint(void
45164 * Register it with the KGDB core.
45166 -int kgdb_register_io_module(struct kgdb_io *new_kgdb_io_ops)
45167 +int kgdb_register_io_module(const struct kgdb_io *new_kgdb_io_ops)
45171 @@ -1682,7 +1682,7 @@ EXPORT_SYMBOL_GPL(kgdb_register_io_modul
45173 * Unregister it with the KGDB core.
45175 -void kgdb_unregister_io_module(struct kgdb_io *old_kgdb_io_ops)
45176 +void kgdb_unregister_io_module(const struct kgdb_io *old_kgdb_io_ops)
45178 BUG_ON(kgdb_connected);
45180 diff -urNp linux-2.6.32.1/kernel/kmod.c linux-2.6.32.1/kernel/kmod.c
45181 --- linux-2.6.32.1/kernel/kmod.c 2009-12-02 22:51:21.000000000 -0500
45182 +++ linux-2.6.32.1/kernel/kmod.c 2009-12-14 18:33:59.437005376 -0500
45183 @@ -90,6 +90,18 @@ int __request_module(bool wait, const ch
45184 if (ret >= MODULE_NAME_LEN)
45185 return -ENAMETOOLONG;
45187 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
45188 + /* we could do a tighter check here, but some distros
45189 + are taking it upon themselves to remove CAP_SYS_MODULE
45190 + from even root-running apps which cause modules to be
45193 + if (current_uid()) {
45194 + gr_log_nonroot_mod_load(module_name);
45199 /* If modprobe needs a service that is in a module, we get a recursive
45200 * loop. Limit the number of running kmod threads to max_threads/2 or
45201 * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
45202 diff -urNp linux-2.6.32.1/kernel/kprobes.c linux-2.6.32.1/kernel/kprobes.c
45203 --- linux-2.6.32.1/kernel/kprobes.c 2009-12-02 22:51:21.000000000 -0500
45204 +++ linux-2.6.32.1/kernel/kprobes.c 2009-12-14 18:33:59.437005376 -0500
45205 @@ -183,7 +183,7 @@ static kprobe_opcode_t __kprobes *__get_
45206 * kernel image and loaded module images reside. This is required
45207 * so x86_64 can correctly handle the %rip-relative fixups.
45209 - kip->insns = module_alloc(PAGE_SIZE);
45210 + kip->insns = module_alloc_exec(PAGE_SIZE);
45214 @@ -220,7 +220,7 @@ static int __kprobes collect_one_slot(st
45216 if (!list_is_singular(&kprobe_insn_pages)) {
45217 list_del(&kip->list);
45218 - module_free(NULL, kip->insns);
45219 + module_free_exec(NULL, kip->insns);
45223 diff -urNp linux-2.6.32.1/kernel/lockdep.c linux-2.6.32.1/kernel/lockdep.c
45224 --- linux-2.6.32.1/kernel/lockdep.c 2009-12-02 22:51:21.000000000 -0500
45225 +++ linux-2.6.32.1/kernel/lockdep.c 2009-12-14 18:33:59.437984082 -0500
45226 @@ -577,6 +577,10 @@ static int static_obj(void *obj)
45230 +#ifdef CONFIG_PAX_KERNEXEC
45231 + start = ktla_ktva(start);
45237 @@ -592,8 +596,7 @@ static int static_obj(void *obj)
45239 for_each_possible_cpu(i) {
45240 start = (unsigned long) &__per_cpu_start + per_cpu_offset(i);
45241 - end = (unsigned long) &__per_cpu_start + PERCPU_ENOUGH_ROOM
45242 - + per_cpu_offset(i);
45243 + end = start + PERCPU_ENOUGH_ROOM;
45245 if ((addr >= start) && (addr < end))
45247 @@ -710,6 +713,7 @@ register_lock_class(struct lockdep_map *
45248 if (!static_obj(lock->key)) {
45250 printk("INFO: trying to register non-static key.\n");
45251 + printk("lock:%pS key:%pS.\n", lock, lock->key);
45252 printk("the code is fine but needs lockdep annotation.\n");
45253 printk("turning off the locking correctness validator.\n");
45255 diff -urNp linux-2.6.32.1/kernel/module.c linux-2.6.32.1/kernel/module.c
45256 --- linux-2.6.32.1/kernel/module.c 2009-12-02 22:51:21.000000000 -0500
45257 +++ linux-2.6.32.1/kernel/module.c 2009-12-14 18:33:59.438865919 -0500
45258 @@ -89,7 +89,8 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq
45259 static BLOCKING_NOTIFIER_HEAD(module_notify_list);
45261 /* Bounds of module allocation, for speeding __module_address */
45262 -static unsigned long module_addr_min = -1UL, module_addr_max = 0;
45263 +static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0;
45264 +static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0;
45266 int register_module_notifier(struct notifier_block * nb)
45268 @@ -245,7 +246,7 @@ bool each_symbol(bool (*fn)(const struct
45271 list_for_each_entry_rcu(mod, &modules, list) {
45272 - struct symsearch arr[] = {
45273 + struct symsearch modarr[] = {
45274 { mod->syms, mod->syms + mod->num_syms, mod->crcs,
45275 NOT_GPL_ONLY, false },
45276 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
45277 @@ -267,7 +268,7 @@ bool each_symbol(bool (*fn)(const struct
45281 - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
45282 + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
45286 @@ -442,7 +443,7 @@ static void *percpu_modalloc(unsigned lo
45290 - if (align > PAGE_SIZE) {
45291 + if (align-1 >= PAGE_SIZE) {
45292 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
45293 name, align, PAGE_SIZE);
45295 @@ -555,7 +556,11 @@ static void percpu_modcopy(void *pcpudes
45298 for_each_possible_cpu(cpu)
45299 +#ifdef CONFIG_X86_32
45300 + memcpy(pcpudest + __per_cpu_offset[cpu], from, size);
45302 memcpy(pcpudest + per_cpu_offset(cpu), from, size);
45306 #else /* ... !CONFIG_SMP */
45307 @@ -1526,7 +1531,8 @@ static void free_module(struct module *m
45308 destroy_params(mod->kp, mod->num_kp);
45310 /* This may be NULL, but that's OK */
45311 - module_free(mod, mod->module_init);
45312 + module_free(mod, mod->module_init_rw);
45313 + module_free_exec(mod, mod->module_init_rx);
45316 percpu_modfree(mod->percpu);
45317 @@ -1535,10 +1541,12 @@ static void free_module(struct module *m
45318 percpu_modfree(mod->refptr);
45320 /* Free lock-classes: */
45321 - lockdep_free_key_range(mod->module_core, mod->core_size);
45322 + lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx);
45323 + lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw);
45325 /* Finally, free the core (containing the module structure) */
45326 - module_free(mod, mod->module_core);
45327 + module_free_exec(mod, mod->module_core_rx);
45328 + module_free(mod, mod->module_core_rw);
45331 update_protections(current->mm);
45332 @@ -1632,7 +1640,9 @@ static int simplify_symbols(Elf_Shdr *se
45333 strtab + sym[i].st_name, mod);
45334 /* Ok if resolved. */
45336 + pax_open_kernel();
45337 sym[i].st_value = ksym->value;
45338 + pax_close_kernel();
45342 @@ -1651,7 +1661,9 @@ static int simplify_symbols(Elf_Shdr *se
45343 secbase = (unsigned long)mod->percpu;
45345 secbase = sechdrs[sym[i].st_shndx].sh_addr;
45346 + pax_open_kernel();
45347 sym[i].st_value += secbase;
45348 + pax_close_kernel();
45352 @@ -1712,11 +1724,12 @@ static void layout_sections(struct modul
45353 || s->sh_entsize != ~0UL
45354 || strstarts(secstrings + s->sh_name, ".init"))
45356 - s->sh_entsize = get_offset(mod, &mod->core_size, s, i);
45357 + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
45358 + s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
45360 + s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
45361 DEBUGP("\t%s\n", secstrings + s->sh_name);
45364 - mod->core_text_size = mod->core_size;
45367 DEBUGP("Init section allocation order:\n");
45368 @@ -1729,12 +1742,13 @@ static void layout_sections(struct modul
45369 || s->sh_entsize != ~0UL
45370 || !strstarts(secstrings + s->sh_name, ".init"))
45372 - s->sh_entsize = (get_offset(mod, &mod->init_size, s, i)
45373 - | INIT_OFFSET_MASK);
45374 + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
45375 + s->sh_entsize = get_offset(mod, &mod->init_size_rw, s, i);
45377 + s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
45378 + s->sh_entsize |= INIT_OFFSET_MASK;
45379 DEBUGP("\t%s\n", secstrings + s->sh_name);
45382 - mod->init_text_size = mod->init_size;
45386 @@ -1838,9 +1852,8 @@ static int is_exported(const char *name,
45389 static char elf_type(const Elf_Sym *sym,
45390 - Elf_Shdr *sechdrs,
45391 - const char *secstrings,
45392 - struct module *mod)
45393 + const Elf_Shdr *sechdrs,
45394 + const char *secstrings)
45396 if (ELF_ST_BIND(sym->st_info) == STB_WEAK) {
45397 if (ELF_ST_TYPE(sym->st_info) == STT_OBJECT)
45398 @@ -1915,7 +1928,7 @@ static unsigned long layout_symtab(struc
45400 /* Put symbol section at end of init part of module. */
45401 symsect->sh_flags |= SHF_ALLOC;
45402 - symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,
45403 + symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect,
45404 symindex) | INIT_OFFSET_MASK;
45405 DEBUGP("\t%s\n", secstrings + symsect->sh_name);
45407 @@ -1932,19 +1945,19 @@ static unsigned long layout_symtab(struc
45410 /* Append room for core symbols at end of core part. */
45411 - symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
45412 - mod->core_size = symoffs + ndst * sizeof(Elf_Sym);
45413 + symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1);
45414 + mod->core_size_rx = symoffs + ndst * sizeof(Elf_Sym);
45416 /* Put string table section at end of init part of module. */
45417 strsect->sh_flags |= SHF_ALLOC;
45418 - strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
45419 + strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect,
45420 strindex) | INIT_OFFSET_MASK;
45421 DEBUGP("\t%s\n", secstrings + strsect->sh_name);
45423 /* Append room for core symbols' strings at end of core part. */
45424 - *pstroffs = mod->core_size;
45425 + *pstroffs = mod->core_size_rx;
45426 __set_bit(0, strmap);
45427 - mod->core_size += bitmap_weight(strmap, strsect->sh_size);
45428 + mod->core_size_rx += bitmap_weight(strmap, strsect->sh_size);
45432 @@ -1968,12 +1981,14 @@ static void add_kallsyms(struct module *
45433 mod->num_symtab = sechdrs[symindex].sh_size / sizeof(Elf_Sym);
45434 mod->strtab = (void *)sechdrs[strindex].sh_addr;
45436 + pax_open_kernel();
45438 /* Set types up while we still have access to sections. */
45439 for (i = 0; i < mod->num_symtab; i++)
45440 mod->symtab[i].st_info
45441 - = elf_type(&mod->symtab[i], sechdrs, secstrings, mod);
45442 + = elf_type(&mod->symtab[i], sechdrs, secstrings);
45444 - mod->core_symtab = dst = mod->module_core + symoffs;
45445 + mod->core_symtab = dst = mod->module_core_rx + symoffs;
45448 for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
45449 @@ -1985,10 +2000,12 @@ static void add_kallsyms(struct module *
45451 mod->core_num_syms = ndst;
45453 - mod->core_strtab = s = mod->module_core + stroffs;
45454 + mod->core_strtab = s = mod->module_core_rx + stroffs;
45455 for (*s = 0, i = 1; i < sechdrs[strindex].sh_size; ++i)
45456 if (test_bit(i, strmap))
45457 *++s = mod->strtab[i];
45459 + pax_close_kernel();
45462 static inline unsigned long layout_symtab(struct module *mod,
45463 @@ -2025,16 +2042,30 @@ static void dynamic_debug_setup(struct _
45467 -static void *module_alloc_update_bounds(unsigned long size)
45468 +static void *module_alloc_update_bounds_rw(unsigned long size)
45470 void *ret = module_alloc(size);
45473 /* Update module bounds. */
45474 - if ((unsigned long)ret < module_addr_min)
45475 - module_addr_min = (unsigned long)ret;
45476 - if ((unsigned long)ret + size > module_addr_max)
45477 - module_addr_max = (unsigned long)ret + size;
45478 + if ((unsigned long)ret < module_addr_min_rw)
45479 + module_addr_min_rw = (unsigned long)ret;
45480 + if ((unsigned long)ret + size > module_addr_max_rw)
45481 + module_addr_max_rw = (unsigned long)ret + size;
45486 +static void *module_alloc_update_bounds_rx(unsigned long size)
45488 + void *ret = module_alloc_exec(size);
45491 + /* Update module bounds. */
45492 + if ((unsigned long)ret < module_addr_min_rx)
45493 + module_addr_min_rx = (unsigned long)ret;
45494 + if ((unsigned long)ret + size > module_addr_max_rx)
45495 + module_addr_max_rx = (unsigned long)ret + size;
45499 @@ -2046,8 +2077,8 @@ static void kmemleak_load_module(struct
45502 /* only scan the sections containing data */
45503 - kmemleak_scan_area(mod->module_core, (unsigned long)mod -
45504 - (unsigned long)mod->module_core,
45505 + kmemleak_scan_area(mod->module_core_rw, (unsigned long)mod -
45506 + (unsigned long)mod->module_core_rw,
45507 sizeof(struct module), GFP_KERNEL);
45509 for (i = 1; i < hdr->e_shnum; i++) {
45510 @@ -2057,8 +2088,8 @@ static void kmemleak_load_module(struct
45511 && strncmp(secstrings + sechdrs[i].sh_name, ".bss", 4) != 0)
45514 - kmemleak_scan_area(mod->module_core, sechdrs[i].sh_addr -
45515 - (unsigned long)mod->module_core,
45516 + kmemleak_scan_area(mod->module_core_rw, sechdrs[i].sh_addr -
45517 + (unsigned long)mod->module_core_rw,
45518 sechdrs[i].sh_size, GFP_KERNEL);
45521 @@ -2244,7 +2275,7 @@ static noinline struct module *load_modu
45522 secstrings, &stroffs, strmap);
45524 /* Do the allocs. */
45525 - ptr = module_alloc_update_bounds(mod->core_size);
45526 + ptr = module_alloc_update_bounds_rw(mod->core_size_rw);
45528 * The pointer to this block is stored in the module structure
45529 * which is inside the block. Just mark it as not being a
45530 @@ -2255,23 +2286,47 @@ static noinline struct module *load_modu
45534 - memset(ptr, 0, mod->core_size);
45535 - mod->module_core = ptr;
45536 + memset(ptr, 0, mod->core_size_rw);
45537 + mod->module_core_rw = ptr;
45539 - ptr = module_alloc_update_bounds(mod->init_size);
45540 + ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
45542 * The pointer to this block is stored in the module structure
45543 * which is inside the block. This block doesn't need to be
45544 * scanned as it contains data and code that will be freed
45545 * after the module is initialized.
45547 - kmemleak_ignore(ptr);
45548 - if (!ptr && mod->init_size) {
45549 + kmemleak_not_leak(ptr);
45550 + if (!ptr && mod->init_size_rw) {
45552 + goto free_core_rw;
45554 + memset(ptr, 0, mod->init_size_rw);
45555 + mod->module_init_rw = ptr;
45557 + ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
45558 + kmemleak_not_leak(ptr);
45561 + goto free_init_rw;
45564 + pax_open_kernel();
45565 + memset(ptr, 0, mod->core_size_rx);
45566 + pax_close_kernel();
45567 + mod->module_core_rx = ptr;
45569 + ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
45570 + kmemleak_not_leak(ptr);
45571 + if (!ptr && mod->init_size_rx) {
45574 + goto free_core_rx;
45576 - memset(ptr, 0, mod->init_size);
45577 - mod->module_init = ptr;
45579 + pax_open_kernel();
45580 + memset(ptr, 0, mod->init_size_rx);
45581 + pax_close_kernel();
45582 + mod->module_init_rx = ptr;
45584 /* Transfer each section which specifies SHF_ALLOC */
45585 DEBUGP("final section addresses:\n");
45586 @@ -2281,17 +2336,41 @@ static noinline struct module *load_modu
45587 if (!(sechdrs[i].sh_flags & SHF_ALLOC))
45590 - if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK)
45591 - dest = mod->module_init
45592 - + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
45594 - dest = mod->module_core + sechdrs[i].sh_entsize;
45595 + if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) {
45596 + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
45597 + dest = mod->module_init_rw
45598 + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
45600 + dest = mod->module_init_rx
45601 + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
45603 + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
45604 + dest = mod->module_core_rw + sechdrs[i].sh_entsize;
45606 + dest = mod->module_core_rx + sechdrs[i].sh_entsize;
45609 + if (sechdrs[i].sh_type != SHT_NOBITS) {
45611 - if (sechdrs[i].sh_type != SHT_NOBITS)
45612 - memcpy(dest, (void *)sechdrs[i].sh_addr,
45613 - sechdrs[i].sh_size);
45614 +#ifdef CONFIG_PAX_KERNEXEC
45615 + if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) {
45616 + pax_open_kernel();
45617 + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
45618 + pax_close_kernel();
45622 + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
45624 /* Update sh_addr to point to copy in image. */
45625 - sechdrs[i].sh_addr = (unsigned long)dest;
45627 +#ifdef CONFIG_PAX_KERNEXEC
45628 + if (sechdrs[i].sh_flags & SHF_EXECINSTR)
45629 + sechdrs[i].sh_addr = ktva_ktla((unsigned long)dest);
45633 + sechdrs[i].sh_addr = (unsigned long)dest;
45634 DEBUGP("\t0x%lx %s\n", sechdrs[i].sh_addr, secstrings + sechdrs[i].sh_name);
45636 /* Module has been moved. */
45637 @@ -2303,7 +2382,7 @@ static noinline struct module *load_modu
45639 if (!mod->refptr) {
45642 + goto free_init_rx;
45645 /* Now we've moved module, initialize linked lists, etc. */
45646 @@ -2412,8 +2491,8 @@ static noinline struct module *load_modu
45648 /* Now do relocations. */
45649 for (i = 1; i < hdr->e_shnum; i++) {
45650 - const char *strtab = (char *)sechdrs[strindex].sh_addr;
45651 unsigned int info = sechdrs[i].sh_info;
45652 + strtab = (char *)sechdrs[strindex].sh_addr;
45654 /* Not a valid relocation section? */
45655 if (info >= hdr->e_shnum)
45656 @@ -2474,12 +2553,12 @@ static noinline struct module *load_modu
45657 * Do it before processing of module parameters, so the module
45658 * can provide parameter accessor functions of its own.
45660 - if (mod->module_init)
45661 - flush_icache_range((unsigned long)mod->module_init,
45662 - (unsigned long)mod->module_init
45663 - + mod->init_size);
45664 - flush_icache_range((unsigned long)mod->module_core,
45665 - (unsigned long)mod->module_core + mod->core_size);
45666 + if (mod->module_init_rx)
45667 + flush_icache_range((unsigned long)mod->module_init_rx,
45668 + (unsigned long)mod->module_init_rx
45669 + + mod->init_size_rx);
45670 + flush_icache_range((unsigned long)mod->module_core_rx,
45671 + (unsigned long)mod->module_core_rx + mod->core_size_rx);
45675 @@ -2527,12 +2606,16 @@ static noinline struct module *load_modu
45677 module_unload_free(mod);
45678 #if defined(CONFIG_MODULE_UNLOAD) && defined(CONFIG_SMP)
45680 percpu_modfree(mod->refptr);
45683 - module_free(mod, mod->module_init);
45685 - module_free(mod, mod->module_core);
45686 + module_free_exec(mod, mod->module_init_rx);
45688 + module_free_exec(mod, mod->module_core_rx);
45690 + module_free(mod, mod->module_init_rw);
45692 + module_free(mod, mod->module_core_rw);
45693 /* mod will be freed with core. Don't access it beyond this line! */
45696 @@ -2634,10 +2717,12 @@ SYSCALL_DEFINE3(init_module, void __user
45697 mod->symtab = mod->core_symtab;
45698 mod->strtab = mod->core_strtab;
45700 - module_free(mod, mod->module_init);
45701 - mod->module_init = NULL;
45702 - mod->init_size = 0;
45703 - mod->init_text_size = 0;
45704 + module_free(mod, mod->module_init_rw);
45705 + module_free_exec(mod, mod->module_init_rx);
45706 + mod->module_init_rw = NULL;
45707 + mod->module_init_rx = NULL;
45708 + mod->init_size_rw = 0;
45709 + mod->init_size_rx = 0;
45710 mutex_unlock(&module_mutex);
45713 @@ -2668,10 +2753,16 @@ static const char *get_ksymbol(struct mo
45714 unsigned long nextval;
45716 /* At worse, next value is at end of module */
45717 - if (within_module_init(addr, mod))
45718 - nextval = (unsigned long)mod->module_init+mod->init_text_size;
45719 + if (within_module_init_rx(addr, mod))
45720 + nextval = (unsigned long)mod->module_init_rx+mod->init_size_rx;
45721 + else if (within_module_init_rw(addr, mod))
45722 + nextval = (unsigned long)mod->module_init_rw+mod->init_size_rw;
45723 + else if (within_module_core_rx(addr, mod))
45724 + nextval = (unsigned long)mod->module_core_rx+mod->core_size_rx;
45725 + else if (within_module_core_rw(addr, mod))
45726 + nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw;
45728 - nextval = (unsigned long)mod->module_core+mod->core_text_size;
45731 /* Scan for closest preceeding symbol, and next symbol. (ELF
45732 starts real symbols at 1). */
45733 @@ -2917,7 +3008,7 @@ static int m_show(struct seq_file *m, vo
45736 seq_printf(m, "%s %u",
45737 - mod->name, mod->init_size + mod->core_size);
45738 + mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw);
45739 print_unload_info(m, mod);
45741 /* Informative for users. */
45742 @@ -2926,7 +3017,7 @@ static int m_show(struct seq_file *m, vo
45743 mod->state == MODULE_STATE_COMING ? "Loading":
45745 /* Used by oprofile and other similar tools. */
45746 - seq_printf(m, " 0x%p", mod->module_core);
45747 + seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw);
45751 @@ -2962,7 +3053,17 @@ static const struct file_operations proc
45753 static int __init proc_modules_init(void)
45755 +#ifndef CONFIG_GRKERNSEC_HIDESYM
45756 +#ifdef CONFIG_GRKERNSEC_PROC_USER
45757 + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
45758 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
45759 + proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
45761 proc_create("modules", 0, NULL, &proc_modules_operations);
45764 + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
45768 module_init(proc_modules_init);
45769 @@ -3021,12 +3122,12 @@ struct module *__module_address(unsigned
45771 struct module *mod;
45773 - if (addr < module_addr_min || addr > module_addr_max)
45774 + if ((addr < module_addr_min_rx || addr > module_addr_max_rx) &&
45775 + (addr < module_addr_min_rw || addr > module_addr_max_rw))
45778 list_for_each_entry_rcu(mod, &modules, list)
45779 - if (within_module_core(addr, mod)
45780 - || within_module_init(addr, mod))
45781 + if (within_module_init(addr, mod) || within_module_core(addr, mod))
45785 @@ -3060,11 +3161,20 @@ bool is_module_text_address(unsigned lon
45787 struct module *__module_text_address(unsigned long addr)
45789 - struct module *mod = __module_address(addr);
45790 + struct module *mod;
45792 +#ifdef CONFIG_X86_32
45793 + addr = ktla_ktva(addr);
45796 + if (addr < module_addr_min_rx || addr > module_addr_max_rx)
45799 + mod = __module_address(addr);
45802 /* Make sure it's within the text section. */
45803 - if (!within(addr, mod->module_init, mod->init_text_size)
45804 - && !within(addr, mod->module_core, mod->core_text_size))
45805 + if (!within_module_init_rx(addr, mod) && !within_module_core_rx(addr, mod))
45809 diff -urNp linux-2.6.32.1/kernel/panic.c linux-2.6.32.1/kernel/panic.c
45810 --- linux-2.6.32.1/kernel/panic.c 2009-12-02 22:51:21.000000000 -0500
45811 +++ linux-2.6.32.1/kernel/panic.c 2009-12-14 18:33:59.439743212 -0500
45812 @@ -392,7 +392,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
45814 void __stack_chk_fail(void)
45816 - panic("stack-protector: Kernel stack is corrupted in: %p\n",
45818 + panic("stack-protector: Kernel stack is corrupted in: %pS\n",
45819 __builtin_return_address(0));
45821 EXPORT_SYMBOL(__stack_chk_fail);
45822 diff -urNp linux-2.6.32.1/kernel/params.c linux-2.6.32.1/kernel/params.c
45823 --- linux-2.6.32.1/kernel/params.c 2009-12-02 22:51:21.000000000 -0500
45824 +++ linux-2.6.32.1/kernel/params.c 2009-12-14 18:33:59.439743212 -0500
45825 @@ -725,7 +725,7 @@ static ssize_t module_attr_store(struct
45829 -static struct sysfs_ops module_sysfs_ops = {
45830 +static const struct sysfs_ops module_sysfs_ops = {
45831 .show = module_attr_show,
45832 .store = module_attr_store,
45834 @@ -739,7 +739,7 @@ static int uevent_filter(struct kset *ks
45838 -static struct kset_uevent_ops module_uevent_ops = {
45839 +static const struct kset_uevent_ops module_uevent_ops = {
45840 .filter = uevent_filter,
45843 diff -urNp linux-2.6.32.1/kernel/pid.c linux-2.6.32.1/kernel/pid.c
45844 --- linux-2.6.32.1/kernel/pid.c 2009-12-02 22:51:21.000000000 -0500
45845 +++ linux-2.6.32.1/kernel/pid.c 2009-12-14 18:33:59.439743212 -0500
45847 #include <linux/rculist.h>
45848 #include <linux/bootmem.h>
45849 #include <linux/hash.h>
45850 +#include <linux/security.h>
45851 #include <linux/pid_namespace.h>
45852 #include <linux/init_task.h>
45853 #include <linux/syscalls.h>
45854 @@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT
45856 int pid_max = PID_MAX_DEFAULT;
45858 -#define RESERVED_PIDS 300
45859 +#define RESERVED_PIDS 500
45861 int pid_max_min = RESERVED_PIDS + 1;
45862 int pid_max_max = PID_MAX_LIMIT;
45863 @@ -385,7 +385,14 @@ EXPORT_SYMBOL(pid_task);
45865 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
45867 - return pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID);
45868 + struct task_struct *task;
45870 + task = pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID);
45872 + if (gr_pid_is_chrooted(task))
45877 EXPORT_SYMBOL_GPL(find_task_by_pid_ns);
45879 diff -urNp linux-2.6.32.1/kernel/posix-cpu-timers.c linux-2.6.32.1/kernel/posix-cpu-timers.c
45880 --- linux-2.6.32.1/kernel/posix-cpu-timers.c 2009-12-02 22:51:21.000000000 -0500
45881 +++ linux-2.6.32.1/kernel/posix-cpu-timers.c 2009-12-14 18:33:59.440994299 -0500
45883 #include <linux/posix-timers.h>
45884 #include <linux/errno.h>
45885 #include <linux/math64.h>
45886 +#include <linux/security.h>
45887 #include <asm/uaccess.h>
45888 #include <linux/kernel_stat.h>
45889 #include <trace/events/timer.h>
45890 @@ -1044,6 +1045,7 @@ static void check_thread_timers(struct t
45891 __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
45894 + gr_learn_resource(tsk, RLIMIT_RTTIME, tsk->rt.timeout, 1);
45895 if (tsk->rt.timeout > DIV_ROUND_UP(*soft, USEC_PER_SEC/HZ)) {
45897 * At the soft limit, send a SIGXCPU every second.
45898 @@ -1206,6 +1208,7 @@ static void check_process_timers(struct
45899 __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
45902 + gr_learn_resource(tsk, RLIMIT_CPU, psecs, 0);
45903 if (psecs >= sig->rlim[RLIMIT_CPU].rlim_cur) {
45905 * At the soft limit, send a SIGXCPU every second.
45906 diff -urNp linux-2.6.32.1/kernel/power/hibernate.c linux-2.6.32.1/kernel/power/hibernate.c
45907 --- linux-2.6.32.1/kernel/power/hibernate.c 2009-12-02 22:51:21.000000000 -0500
45908 +++ linux-2.6.32.1/kernel/power/hibernate.c 2009-12-14 18:33:59.440994299 -0500
45909 @@ -48,14 +48,14 @@ enum {
45911 static int hibernation_mode = HIBERNATION_SHUTDOWN;
45913 -static struct platform_hibernation_ops *hibernation_ops;
45914 +static const struct platform_hibernation_ops *hibernation_ops;
45917 * hibernation_set_ops - set the global hibernate operations
45918 * @ops: the hibernation operations to use in subsequent hibernation transitions
45921 -void hibernation_set_ops(struct platform_hibernation_ops *ops)
45922 +void hibernation_set_ops(const struct platform_hibernation_ops *ops)
45924 if (ops && !(ops->begin && ops->end && ops->pre_snapshot
45925 && ops->prepare && ops->finish && ops->enter && ops->pre_restore
45926 diff -urNp linux-2.6.32.1/kernel/power/poweroff.c linux-2.6.32.1/kernel/power/poweroff.c
45927 --- linux-2.6.32.1/kernel/power/poweroff.c 2009-12-02 22:51:21.000000000 -0500
45928 +++ linux-2.6.32.1/kernel/power/poweroff.c 2009-12-14 18:33:59.440994299 -0500
45929 @@ -37,7 +37,7 @@ static struct sysrq_key_op sysrq_powerof
45930 .enable_mask = SYSRQ_ENABLE_BOOT,
45933 -static int pm_sysrq_init(void)
45934 +static int __init pm_sysrq_init(void)
45936 register_sysrq_key('o', &sysrq_poweroff_op);
45938 diff -urNp linux-2.6.32.1/kernel/power/process.c linux-2.6.32.1/kernel/power/process.c
45939 --- linux-2.6.32.1/kernel/power/process.c 2009-12-02 22:51:21.000000000 -0500
45940 +++ linux-2.6.32.1/kernel/power/process.c 2009-12-14 18:33:59.440994299 -0500
45941 @@ -37,12 +37,15 @@ static int try_to_freeze_tasks(bool sig_
45942 struct timeval start, end;
45943 u64 elapsed_csecs64;
45944 unsigned int elapsed_csecs;
45945 + bool timedout = false;
45947 do_gettimeofday(&start);
45949 end_time = jiffies + TIMEOUT;
45952 + if (time_after(jiffies, end_time))
45954 read_lock(&tasklist_lock);
45955 do_each_thread(g, p) {
45956 if (frozen(p) || !freezeable(p))
45957 @@ -57,15 +60,17 @@ static int try_to_freeze_tasks(bool sig_
45958 * It is "frozen enough". If the task does wake
45959 * up, it will immediately call try_to_freeze.
45961 - if (!task_is_stopped_or_traced(p) &&
45962 - !freezer_should_skip(p))
45963 + if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) {
45966 + printk(KERN_ERR "Task refusing to freeze:\n");
45967 + sched_show_task(p);
45970 } while_each_thread(g, p);
45971 read_unlock(&tasklist_lock);
45972 yield(); /* Yield is okay here */
45973 - if (time_after(jiffies, end_time))
45976 + } while (todo && !timedout);
45978 do_gettimeofday(&end);
45979 elapsed_csecs64 = timeval_to_ns(&end) - timeval_to_ns(&start);
45980 diff -urNp linux-2.6.32.1/kernel/power/suspend.c linux-2.6.32.1/kernel/power/suspend.c
45981 --- linux-2.6.32.1/kernel/power/suspend.c 2009-12-02 22:51:21.000000000 -0500
45982 +++ linux-2.6.32.1/kernel/power/suspend.c 2009-12-14 18:33:59.441985104 -0500
45983 @@ -23,13 +23,13 @@ const char *const pm_states[PM_SUSPEND_M
45984 [PM_SUSPEND_MEM] = "mem",
45987 -static struct platform_suspend_ops *suspend_ops;
45988 +static const struct platform_suspend_ops *suspend_ops;
45991 * suspend_set_ops - Set the global suspend method table.
45992 * @ops: Pointer to ops structure.
45994 -void suspend_set_ops(struct platform_suspend_ops *ops)
45995 +void suspend_set_ops(const struct platform_suspend_ops *ops)
45997 mutex_lock(&pm_mutex);
45999 diff -urNp linux-2.6.32.1/kernel/printk.c linux-2.6.32.1/kernel/printk.c
46000 --- linux-2.6.32.1/kernel/printk.c 2009-12-02 22:51:21.000000000 -0500
46001 +++ linux-2.6.32.1/kernel/printk.c 2009-12-14 18:33:59.441985104 -0500
46002 @@ -278,6 +278,11 @@ int do_syslog(int type, char __user *buf
46006 +#ifdef CONFIG_GRKERNSEC_DMESG
46007 + if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN))
46011 error = security_syslog(type);
46014 diff -urNp linux-2.6.32.1/kernel/ptrace.c linux-2.6.32.1/kernel/ptrace.c
46015 --- linux-2.6.32.1/kernel/ptrace.c 2009-12-02 22:51:21.000000000 -0500
46016 +++ linux-2.6.32.1/kernel/ptrace.c 2009-12-14 18:33:59.441985104 -0500
46017 @@ -141,7 +141,7 @@ int __ptrace_may_access(struct task_stru
46018 cred->gid != tcred->egid ||
46019 cred->gid != tcred->sgid ||
46020 cred->gid != tcred->gid) &&
46021 - !capable(CAP_SYS_PTRACE)) {
46022 + !capable_nolog(CAP_SYS_PTRACE)) {
46026 @@ -149,7 +149,7 @@ int __ptrace_may_access(struct task_stru
46029 dumpable = get_dumpable(task->mm);
46030 - if (!dumpable && !capable(CAP_SYS_PTRACE))
46031 + if (!dumpable && !capable_nolog(CAP_SYS_PTRACE))
46034 return security_ptrace_access_check(task, mode);
46035 @@ -199,7 +199,7 @@ int ptrace_attach(struct task_struct *ta
46036 goto unlock_tasklist;
46038 task->ptrace = PT_PTRACED;
46039 - if (capable(CAP_SYS_PTRACE))
46040 + if (capable_nolog(CAP_SYS_PTRACE))
46041 task->ptrace |= PT_PTRACE_CAP;
46043 __ptrace_link(task, current);
46044 @@ -532,18 +532,18 @@ int ptrace_request(struct task_struct *c
46045 ret = ptrace_setoptions(child, data);
46047 case PTRACE_GETEVENTMSG:
46048 - ret = put_user(child->ptrace_message, (unsigned long __user *) data);
46049 + ret = put_user(child->ptrace_message, (__force unsigned long __user *) data);
46052 case PTRACE_GETSIGINFO:
46053 ret = ptrace_getsiginfo(child, &siginfo);
46055 - ret = copy_siginfo_to_user((siginfo_t __user *) data,
46056 + ret = copy_siginfo_to_user((__force siginfo_t __user *) data,
46060 case PTRACE_SETSIGINFO:
46061 - if (copy_from_user(&siginfo, (siginfo_t __user *) data,
46062 + if (copy_from_user(&siginfo, (__force siginfo_t __user *) data,
46066 @@ -621,6 +621,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
46070 + if (gr_handle_ptrace(child, request)) {
46072 + goto out_put_task_struct;
46075 if (request == PTRACE_ATTACH) {
46076 ret = ptrace_attach(child);
46078 --- l/kernel/ptrace.c~ 2009-12-16 10:30:10.024443147 +0100
46079 +++ l/kernel/ptrace.c 2009-12-16 10:31:34.308392396 +0100
46080 @@ -654,25 +654,25 @@ SYSCALL_DEFINE4(ptrace, long, request, l
46085 int generic_ptrace_peekdata(struct task_struct *tsk, long addr, long data)
46090 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
46091 if (copied != sizeof(tmp))
46093 - return put_user(tmp, (unsigned long __user *)data);
46094 + return put_user(tmp, (__force unsigned long __user *)data);
46097 int generic_ptrace_pokedata(struct task_struct *tsk, long addr, long data)
46101 copied = access_process_vm(tsk, addr, &data, sizeof(data), 1);
46102 return (copied == sizeof(data)) ? 0 : -EIO;
46105 #if defined CONFIG_COMPAT
46106 #include <linux/compat.h>
46107 diff -urNp linux-2.6.32.1/kernel/relay.c linux-2.6.32.1/kernel/relay.c
46108 --- linux-2.6.32.1/kernel/relay.c 2009-12-02 22:51:21.000000000 -0500
46109 +++ linux-2.6.32.1/kernel/relay.c 2009-12-14 18:33:59.442723685 -0500
46110 @@ -1292,7 +1292,7 @@ static int subbuf_splice_actor(struct fi
46113 ret = *nonpad_ret = splice_to_pipe(pipe, &spd);
46114 - if (ret < 0 || ret < total_len)
46115 + if ((int)ret < 0 || ret < total_len)
46118 if (read_start + ret == nonpad_end)
46119 diff -urNp linux-2.6.32.1/kernel/resource.c linux-2.6.32.1/kernel/resource.c
46120 --- linux-2.6.32.1/kernel/resource.c 2009-12-02 22:51:21.000000000 -0500
46121 +++ linux-2.6.32.1/kernel/resource.c 2009-12-14 18:33:59.442723685 -0500
46122 @@ -132,8 +132,18 @@ static const struct file_operations proc
46124 static int __init ioresources_init(void)
46126 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
46127 +#ifdef CONFIG_GRKERNSEC_PROC_USER
46128 + proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations);
46129 + proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations);
46130 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
46131 + proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations);
46132 + proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations);
46135 proc_create("ioports", 0, NULL, &proc_ioports_operations);
46136 proc_create("iomem", 0, NULL, &proc_iomem_operations);
46140 __initcall(ioresources_init);
46141 diff -urNp linux-2.6.32.1/kernel/sched.c linux-2.6.32.1/kernel/sched.c
46142 --- linux-2.6.32.1/kernel/sched.c 2009-12-02 22:51:21.000000000 -0500
46143 +++ linux-2.6.32.1/kernel/sched.c 2009-12-14 18:33:59.472984930 -0500
46144 @@ -6072,6 +6072,8 @@ int can_nice(const struct task_struct *p
46145 /* convert nice value [19,-20] to rlimit style value [1,40] */
46146 int nice_rlim = 20 - nice;
46148 + gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1);
46150 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
46151 capable(CAP_SYS_NICE));
46153 @@ -6319,7 +6319,7 @@ SYSCALL_DEFINE1(nice, int, increment)
46157 - if (increment < 0 && !can_nice(current, nice))
46158 + if (increment < 0 && (!can_nice(current, nice) || gr_handle_chroot_nice()))
46159 return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
46161 retval = security_task_setnice(current, nice);
46162 @@ -6255,6 +6258,8 @@ recheck:
46163 if (rt_policy(policy)) {
46164 unsigned long rlim_rtprio;
46166 + gr_learn_resource(p, RLIMIT_RTPRIO, param->sched_priority, 1);
46168 if (!lock_task_sighand(p, &flags))
46170 rlim_rtprio = p->signal->rlim[RLIMIT_RTPRIO].rlim_cur;
46171 @@ -7406,7 +7411,7 @@ static struct ctl_table sd_ctl_dir[] = {
46172 .procname = "sched_domain",
46176 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46179 static struct ctl_table sd_ctl_root[] = {
46180 @@ -7416,7 +7421,7 @@ static struct ctl_table sd_ctl_root[] =
46182 .child = sd_ctl_dir,
46185 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46188 static struct ctl_table *sd_alloc_ctl_entry(int n)
46189 diff -urNp linux-2.6.32.1/kernel/signal.c linux-2.6.32.1/kernel/signal.c
46190 --- linux-2.6.32.1/kernel/signal.c 2009-12-02 22:51:21.000000000 -0500
46191 +++ linux-2.6.32.1/kernel/signal.c 2009-12-14 18:33:59.473715661 -0500
46192 @@ -207,6 +207,9 @@ static struct sigqueue *__sigqueue_alloc
46194 user = get_uid(__task_cred(t)->user);
46195 atomic_inc(&user->sigpending);
46197 + if (!override_rlimit)
46198 + gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1);
46199 if (override_rlimit ||
46200 atomic_read(&user->sigpending) <=
46201 t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur)
46202 @@ -651,6 +651,10 @@
46203 sig, info, t, vx_task_xid(t), t->pid, current->xid);
46207 + if (gr_handle_signal(t, sig))
46211 return security_task_kill(t, info, sig, 0);
46213 @@ -939,8 +945,8 @@ static void print_fatal_signal(struct pt
46214 for (i = 0; i < 16; i++) {
46215 unsigned char insn;
46217 - __get_user(insn, (unsigned char *)(regs->ip + i));
46218 - printk("%02x ", insn);
46219 + if (!get_user(insn, (unsigned char __user *)(regs->ip + i)))
46220 + printk("%02x ", insn);
46224 @@ -965,7 +971,7 @@ __group_send_sig_info(int sig, struct si
46225 return send_signal(sig, info, p, 1);
46230 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
46232 return send_signal(sig, info, t, 0);
46233 @@ -1019,6 +1025,9 @@ force_sig_info(int sig, struct siginfo *
46234 ret = specific_send_sig_info(sig, info, t);
46235 spin_unlock_irqrestore(&t->sighand->siglock, flags);
46237 + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
46238 + gr_handle_crash(t, sig);
46243 @@ -1078,8 +1087,11 @@ int group_send_sig_info(int sig, struct
46245 int ret = check_kill_permission(sig, info, p);
46248 + if (!ret && sig) {
46249 ret = do_send_sig_info(sig, info, p, true);
46251 + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, p);
46256 diff -urNp linux-2.6.32.1/kernel/smp.c linux-2.6.32.1/kernel/smp.c
46257 --- linux-2.6.32.1/kernel/smp.c 2009-12-02 22:51:21.000000000 -0500
46258 +++ linux-2.6.32.1/kernel/smp.c 2009-12-14 18:33:59.487900127 -0500
46259 @@ -459,22 +459,22 @@ int smp_call_function(void (*func)(void
46261 EXPORT_SYMBOL(smp_call_function);
46263 -void ipi_call_lock(void)
46264 +void ipi_call_lock(void) __acquires(call_function.lock)
46266 spin_lock(&call_function.lock);
46269 -void ipi_call_unlock(void)
46270 +void ipi_call_unlock(void) __releases(call_function.lock)
46272 spin_unlock(&call_function.lock);
46275 -void ipi_call_lock_irq(void)
46276 +void ipi_call_lock_irq(void) __acquires(call_function.lock)
46278 spin_lock_irq(&call_function.lock);
46281 -void ipi_call_unlock_irq(void)
46282 +void ipi_call_unlock_irq(void) __releases(call_function.lock)
46284 spin_unlock_irq(&call_function.lock);
46286 diff -urNp linux-2.6.32.1/kernel/softirq.c linux-2.6.32.1/kernel/softirq.c
46287 --- linux-2.6.32.1/kernel/softirq.c 2009-12-02 22:51:21.000000000 -0500
46288 +++ linux-2.6.32.1/kernel/softirq.c 2009-12-14 18:33:59.488764183 -0500
46289 @@ -56,7 +56,7 @@ static struct softirq_action softirq_vec
46291 static DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
46293 -char *softirq_to_name[NR_SOFTIRQS] = {
46294 +const char * const softirq_to_name[NR_SOFTIRQS] = {
46295 "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL",
46296 "TASKLET", "SCHED", "HRTIMER", "RCU"
46298 diff -urNp linux-2.6.32.1/kernel/sys.c linux-2.6.32.1/kernel/sys.c
46299 --- linux-2.6.32.1/kernel/sys.c 2009-12-02 22:51:21.000000000 -0500
46300 +++ linux-2.6.32.1/kernel/sys.c 2009-12-14 18:33:59.488764183 -0500
46301 @@ -133,6 +133,12 @@ static int set_one_prio(struct task_stru
46306 + if (gr_handle_chroot_setpriority(p, niceval)) {
46311 no_nice = security_task_setnice(p, niceval);
46314 @@ -190,10 +196,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
46315 !(user = find_user(who)))
46316 goto out_unlock; /* No processes for this user */
46318 - do_each_thread(g, p)
46319 + do_each_thread(g, p) {
46320 if (__task_cred(p)->uid == who)
46321 error = set_one_prio(p, niceval, error);
46322 - while_each_thread(g, p);
46323 + } while_each_thread(g, p);
46324 if (who != cred->uid)
46325 free_uid(user); /* For find_user() */
46327 @@ -253,13 +259,13 @@ SYSCALL_DEFINE2(getpriority, int, which,
46328 !(user = find_user(who)))
46329 goto out_unlock; /* No processes for this user */
46331 - do_each_thread(g, p)
46332 + do_each_thread(g, p) {
46333 if (__task_cred(p)->uid == who) {
46334 niceval = 20 - task_nice(p);
46335 if (niceval > retval)
46338 - while_each_thread(g, p);
46339 + } while_each_thread(g, p);
46340 if (who != cred->uid)
46341 free_uid(user); /* for find_user() */
46343 @@ -509,6 +515,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g
46347 + if (gr_check_group_change(new->gid, new->egid, -1))
46350 if (rgid != (gid_t) -1 ||
46351 (egid != (gid_t) -1 && egid != old->gid))
46352 new->sgid = new->egid;
46353 @@ -542,6 +551,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
46358 + if (gr_check_group_change(gid, gid, gid))
46361 if (capable(CAP_SETGID))
46362 new->gid = new->egid = new->sgid = new->fsgid = gid;
46363 else if (gid == old->gid || gid == old->sgid)
46364 @@ -632,6 +645,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
46368 + if (gr_check_user_change(new->uid, new->euid, -1))
46371 if (new->uid != old->uid) {
46372 retval = set_user(new);
46374 @@ -680,6 +696,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
46379 + if (gr_check_crash_uid(uid))
46381 + if (gr_check_user_change(uid, uid, uid))
46384 if (capable(CAP_SETUID)) {
46385 new->suid = new->uid = uid;
46386 if (uid != old->uid) {
46387 @@ -737,6 +759,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid,
46391 + if (gr_check_user_change(ruid, euid, -1))
46394 if (ruid != (uid_t) -1) {
46396 if (ruid != old->uid) {
46397 @@ -805,6 +830,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid,
46401 + if (gr_check_group_change(rgid, egid, -1))
46404 if (rgid != (gid_t) -1)
46406 if (egid != (gid_t) -1)
46407 @@ -854,6 +882,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
46408 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
46411 + if (gr_check_user_change(-1, -1, uid))
46414 if (uid == old->uid || uid == old->euid ||
46415 uid == old->suid || uid == old->fsuid ||
46416 capable(CAP_SETUID)) {
46417 @@ -894,6 +925,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
46418 if (gid == old->gid || gid == old->egid ||
46419 gid == old->sgid || gid == old->fsgid ||
46420 capable(CAP_SETGID)) {
46421 + if (gr_check_group_change(-1, -1, gid))
46424 if (gid != old_fsgid) {
46427 @@ -1459,7 +1493,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
46428 error = get_dumpable(me->mm);
46430 case PR_SET_DUMPABLE:
46431 - if (arg2 < 0 || arg2 > 1) {
46436 diff -urNp linux-2.6.32.1/kernel/sysctl.c linux-2.6.32.1/kernel/sysctl.c
46437 --- linux-2.6.32.1/kernel/sysctl.c 2009-12-02 22:51:21.000000000 -0500
46438 +++ linux-2.6.32.1/kernel/sysctl.c 2009-12-14 18:33:59.489992453 -0500
46440 static int deprecated_sysctl_warning(struct __sysctl_args *args);
46442 #if defined(CONFIG_SYSCTL)
46443 +#include <linux/grsecurity.h>
46444 +#include <linux/grinternal.h>
46446 +extern __u32 gr_handle_sysctl(const ctl_table *table, const int op);
46447 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name,
46449 +extern int gr_handle_chroot_sysctl(const int op);
46451 /* External variables not in a header file. */
46453 @@ -168,6 +175,7 @@ static int proc_do_cad_pid(struct ctl_ta
46454 static int proc_taint(struct ctl_table *table, int write,
46455 void __user *buffer, size_t *lenp, loff_t *ppos);
46457 +extern ctl_table grsecurity_table[];
46459 static struct ctl_table root_table[];
46460 static struct ctl_table_root sysctl_table_root;
46461 @@ -200,6 +208,21 @@ extern struct ctl_table epoll_table[];
46462 int sysctl_legacy_va_layout;
46465 +#ifdef CONFIG_PAX_SOFTMODE
46466 +static ctl_table pax_table[] = {
46468 + .ctl_name = CTL_UNNUMBERED,
46469 + .procname = "softmode",
46470 + .data = &pax_softmode,
46471 + .maxlen = sizeof(unsigned int),
46473 + .proc_handler = &proc_dointvec,
46476 + { .ctl_name = 0 }
46480 extern int prove_locking;
46481 extern int lock_stat;
46483 @@ -251,6 +274,24 @@ static int max_wakeup_granularity_ns = N
46486 static struct ctl_table kern_table[] = {
46487 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
46489 + .ctl_name = CTL_UNNUMBERED,
46490 + .procname = "grsecurity",
46492 + .child = grsecurity_table,
46496 +#ifdef CONFIG_PAX_SOFTMODE
46498 + .ctl_name = CTL_UNNUMBERED,
46499 + .procname = "pax",
46501 + .child = pax_table,
46506 .ctl_name = CTL_UNNUMBERED,
46507 .procname = "sched_child_runs_first",
46508 @@ -1800,6 +1841,8 @@ static int do_sysctl_strategy(struct ctl
46512 +static int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op);
46514 static int parse_table(int __user *name, int nlen,
46515 void __user *oldval, size_t __user *oldlenp,
46516 void __user *newval, size_t newlen,
46517 @@ -1818,7 +1861,7 @@ repeat:
46518 if (n == table->ctl_name) {
46520 if (table->child) {
46521 - if (sysctl_perm(root, table, MAY_EXEC))
46522 + if (sysctl_perm_nochk(root, table, MAY_EXEC))
46526 @@ -1903,6 +1946,33 @@ int sysctl_perm(struct ctl_table_root *r
46530 + if (table->parent != NULL && table->parent->procname != NULL &&
46531 + table->procname != NULL &&
46532 + gr_handle_sysctl_mod(table->parent->procname, table->procname, op))
46534 + if (gr_handle_chroot_sysctl(op))
46536 + error = gr_handle_sysctl(table, op);
46540 + error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
46544 + if (root->permissions)
46545 + mode = root->permissions(root, current->nsproxy, table);
46547 + mode = table->mode;
46549 + return test_perm(mode, op);
46552 +int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op)
46557 error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
46560 diff -urNp linux-2.6.32.1/kernel/taskstats.c linux-2.6.32.1/kernel/taskstats.c
46561 --- linux-2.6.32.1/kernel/taskstats.c 2009-12-02 22:51:21.000000000 -0500
46562 +++ linux-2.6.32.1/kernel/taskstats.c 2009-12-14 18:33:59.489992453 -0500
46564 #include <linux/cgroup.h>
46565 #include <linux/fs.h>
46566 #include <linux/file.h>
46567 +#include <linux/grsecurity.h>
46568 #include <net/genetlink.h>
46569 #include <asm/atomic.h>
46571 +extern int gr_is_taskstats_denied(int pid);
46574 * Maximum length of a cpumask that can be specified in
46575 * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute
46576 @@ -433,6 +436,9 @@ static int taskstats_user_cmd(struct sk_
46578 cpumask_var_t mask;
46580 + if (gr_is_taskstats_denied(current->pid))
46583 if (!alloc_cpumask_var(&mask, GFP_KERNEL))
46586 diff -urNp linux-2.6.32.1/kernel/time/tick-broadcast.c linux-2.6.32.1/kernel/time/tick-broadcast.c
46587 --- linux-2.6.32.1/kernel/time/tick-broadcast.c 2009-12-02 22:51:21.000000000 -0500
46588 +++ linux-2.6.32.1/kernel/time/tick-broadcast.c 2009-12-14 18:33:59.491005145 -0500
46589 @@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct cl
46590 * then clear the broadcast bit.
46592 if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
46593 - int cpu = smp_processor_id();
46594 + cpu = smp_processor_id();
46596 cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
46597 tick_broadcast_clear_oneshot(cpu);
46598 diff -urNp linux-2.6.32.1/kernel/time.c linux-2.6.32.1/kernel/time.c
46599 --- linux-2.6.32.1/kernel/time.c 2009-12-02 22:51:21.000000000 -0500
46600 +++ linux-2.6.32.1/kernel/time.c 2009-12-14 18:33:59.491005145 -0500
46601 @@ -95,6 +95,9 @@ SYSCALL_DEFINE1(stime, time_t __user *,
46604 vx_settimeofday(&tv);
46606 + gr_log_timechange();
46611 @@ -202,6 +205,8 @@ SYSCALL_DEFINE2(settimeofday, struct tim
46615 + gr_log_timechange();
46617 return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL);
46620 @@ -240,7 +245,7 @@ EXPORT_SYMBOL(current_fs_time);
46621 * Avoid unnecessary multiplications/divisions in the
46622 * two most common HZ cases:
46624 -unsigned int inline jiffies_to_msecs(const unsigned long j)
46625 +inline unsigned int jiffies_to_msecs(const unsigned long j)
46627 #if HZ <= MSEC_PER_SEC && !(MSEC_PER_SEC % HZ)
46628 return (MSEC_PER_SEC / HZ) * j;
46629 @@ -256,7 +261,7 @@ unsigned int inline jiffies_to_msecs(con
46631 EXPORT_SYMBOL(jiffies_to_msecs);
46633 -unsigned int inline jiffies_to_usecs(const unsigned long j)
46634 +inline unsigned int jiffies_to_usecs(const unsigned long j)
46636 #if HZ <= USEC_PER_SEC && !(USEC_PER_SEC % HZ)
46637 return (USEC_PER_SEC / HZ) * j;
46638 diff -urNp linux-2.6.32.1/kernel/trace/Kconfig linux-2.6.32.1/kernel/trace/Kconfig
46639 --- linux-2.6.32.1/kernel/trace/Kconfig 2009-12-02 22:51:21.000000000 -0500
46640 +++ linux-2.6.32.1/kernel/trace/Kconfig 2009-12-14 18:33:59.491005145 -0500
46641 @@ -126,6 +126,7 @@ if FTRACE
46642 config FUNCTION_TRACER
46643 bool "Kernel Function Tracer"
46644 depends on HAVE_FUNCTION_TRACER
46645 + depends on !PAX_KERNEXEC
46646 select FRAME_POINTER
46648 select GENERIC_TRACER
46649 @@ -343,6 +344,7 @@ config POWER_TRACER
46650 config STACK_TRACER
46651 bool "Trace max stack"
46652 depends on HAVE_FUNCTION_TRACER
46653 + depends on !PAX_KERNEXEC
46654 select FUNCTION_TRACER
46657 diff -urNp linux-2.6.32.1/kernel/trace/trace.c linux-2.6.32.1/kernel/trace/trace.c
46658 --- linux-2.6.32.1/kernel/trace/trace.c 2009-12-02 22:51:21.000000000 -0500
46659 +++ linux-2.6.32.1/kernel/trace/trace.c 2009-12-14 18:33:59.491783207 -0500
46660 @@ -3792,10 +3792,9 @@ static const struct file_operations trac
46664 -static struct dentry *d_tracer;
46666 struct dentry *tracing_init_dentry(void)
46668 + static struct dentry *d_tracer;
46672 @@ -3815,10 +3814,9 @@ struct dentry *tracing_init_dentry(void)
46676 -static struct dentry *d_percpu;
46678 struct dentry *tracing_dentry_percpu(void)
46680 + static struct dentry *d_percpu;
46682 struct dentry *d_tracer;
46684 diff -urNp linux-2.6.32.1/kernel/trace/trace_events.c linux-2.6.32.1/kernel/trace/trace_events.c
46685 --- linux-2.6.32.1/kernel/trace/trace_events.c 2009-12-02 22:51:21.000000000 -0500
46686 +++ linux-2.6.32.1/kernel/trace/trace_events.c 2009-12-14 18:33:59.492790402 -0500
46687 @@ -951,6 +951,8 @@ static LIST_HEAD(ftrace_module_file_list
46688 * Modules must own their file_operations to keep up with
46689 * reference counting.
46692 +/* cannot be const */
46693 struct ftrace_module_file_ops {
46694 struct list_head list;
46695 struct module *mod;
46696 diff -urNp linux-2.6.32.1/kernel/trace/trace_output.c linux-2.6.32.1/kernel/trace/trace_output.c
46697 --- linux-2.6.32.1/kernel/trace/trace_output.c 2009-12-02 22:51:21.000000000 -0500
46698 +++ linux-2.6.32.1/kernel/trace/trace_output.c 2009-12-14 18:33:59.494733676 -0500
46699 @@ -237,7 +237,7 @@ int trace_seq_path(struct trace_seq *s,
46701 p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len);
46703 - p = mangle_path(s->buffer + s->len, p, "\n");
46704 + p = mangle_path(s->buffer + s->len, p, "\n\\");
46706 s->len = p - s->buffer;
46708 diff -urNp linux-2.6.32.1/kernel/trace/trace_stack.c linux-2.6.32.1/kernel/trace/trace_stack.c
46709 --- linux-2.6.32.1/kernel/trace/trace_stack.c 2009-12-02 22:51:21.000000000 -0500
46710 +++ linux-2.6.32.1/kernel/trace/trace_stack.c 2009-12-14 18:33:59.495722482 -0500
46711 @@ -50,7 +50,7 @@ static inline void check_stack(void)
46714 /* we do not handle interrupt stacks yet */
46715 - if (!object_is_on_stack(&this_size))
46716 + if (!object_starts_on_stack(&this_size))
46719 local_irq_save(flags);
46720 diff -urNp linux-2.6.32.1/kernel/utsname_sysctl.c linux-2.6.32.1/kernel/utsname_sysctl.c
46721 --- linux-2.6.32.1/kernel/utsname_sysctl.c 2009-12-02 22:51:21.000000000 -0500
46722 +++ linux-2.6.32.1/kernel/utsname_sysctl.c 2009-12-14 18:33:59.495722482 -0500
46723 @@ -123,7 +123,7 @@ static struct ctl_table uts_kern_table[]
46724 .proc_handler = proc_do_uts_string,
46725 .strategy = sysctl_uts_string,
46728 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46731 static struct ctl_table uts_root_table[] = {
46732 @@ -133,7 +133,7 @@ static struct ctl_table uts_root_table[]
46734 .child = uts_kern_table,
46737 + { 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
46740 static int __init utsname_sysctl_init(void)
46741 diff -urNp linux-2.6.32.1/lib/bug.c linux-2.6.32.1/lib/bug.c
46742 --- linux-2.6.32.1/lib/bug.c 2009-12-02 22:51:21.000000000 -0500
46743 +++ linux-2.6.32.1/lib/bug.c 2009-12-14 18:33:59.495722482 -0500
46744 @@ -135,6 +135,8 @@ enum bug_trap_type report_bug(unsigned l
46745 return BUG_TRAP_TYPE_NONE;
46747 bug = find_bug(bugaddr);
46749 + return BUG_TRAP_TYPE_NONE;
46751 printk(KERN_EMERG "------------[ cut here ]------------\n");
46753 diff -urNp linux-2.6.32.1/lib/debugobjects.c linux-2.6.32.1/lib/debugobjects.c
46754 --- linux-2.6.32.1/lib/debugobjects.c 2009-12-02 22:51:21.000000000 -0500
46755 +++ linux-2.6.32.1/lib/debugobjects.c 2009-12-14 18:33:59.495722482 -0500
46756 @@ -277,7 +277,7 @@ static void debug_object_is_on_stack(voi
46760 - is_on_stack = object_is_on_stack(addr);
46761 + is_on_stack = object_starts_on_stack(addr);
46762 if (is_on_stack == onstack)
46765 diff -urNp linux-2.6.32.1/lib/dma-debug.c linux-2.6.32.1/lib/dma-debug.c
46766 --- linux-2.6.32.1/lib/dma-debug.c 2009-12-02 22:51:21.000000000 -0500
46767 +++ linux-2.6.32.1/lib/dma-debug.c 2009-12-14 18:33:59.495722482 -0500
46768 @@ -857,7 +857,7 @@ out:
46770 static void check_for_stack(struct device *dev, void *addr)
46772 - if (object_is_on_stack(addr))
46773 + if (object_starts_on_stack(addr))
46774 err_printk(dev, NULL, "DMA-API: device driver maps memory from"
46775 "stack [addr=%p]\n", addr);
46777 diff -urNp linux-2.6.32.1/lib/inflate.c linux-2.6.32.1/lib/inflate.c
46778 --- linux-2.6.32.1/lib/inflate.c 2009-12-02 22:51:21.000000000 -0500
46779 +++ linux-2.6.32.1/lib/inflate.c 2009-12-14 18:33:59.497106042 -0500
46780 @@ -266,7 +266,7 @@ static void free(void *where)
46781 malloc_ptr = free_mem_ptr;
46784 -#define malloc(a) kmalloc(a, GFP_KERNEL)
46785 +#define malloc(a) kmalloc((a), GFP_KERNEL)
46786 #define free(a) kfree(a)
46789 diff -urNp linux-2.6.32.1/lib/Kconfig.debug linux-2.6.32.1/lib/Kconfig.debug
46790 --- linux-2.6.32.1/lib/Kconfig.debug 2009-12-02 22:51:21.000000000 -0500
46791 +++ linux-2.6.32.1/lib/Kconfig.debug 2009-12-14 18:33:59.497106042 -0500
46792 @@ -905,7 +905,7 @@ config LATENCYTOP
46796 - depends on HAVE_LATENCYTOP_SUPPORT
46797 + depends on HAVE_LATENCYTOP_SUPPORT && !GRKERNSEC_HIDESYM
46799 Enable this option if you want to use the LatencyTOP tool
46800 to find out which userspace is blocking on what kernel operations.
46801 diff -urNp linux-2.6.32.1/lib/kobject.c linux-2.6.32.1/lib/kobject.c
46802 --- linux-2.6.32.1/lib/kobject.c 2009-12-02 22:51:21.000000000 -0500
46803 +++ linux-2.6.32.1/lib/kobject.c 2009-12-14 18:33:59.497106042 -0500
46804 @@ -700,7 +700,7 @@ static ssize_t kobj_attr_store(struct ko
46808 -struct sysfs_ops kobj_sysfs_ops = {
46809 +const struct sysfs_ops kobj_sysfs_ops = {
46810 .show = kobj_attr_show,
46811 .store = kobj_attr_store,
46813 @@ -789,7 +789,7 @@ static struct kobj_type kset_ktype = {
46814 * If the kset was not able to be created, NULL will be returned.
46816 static struct kset *kset_create(const char *name,
46817 - struct kset_uevent_ops *uevent_ops,
46818 + const struct kset_uevent_ops *uevent_ops,
46819 struct kobject *parent_kobj)
46822 @@ -832,7 +832,7 @@ static struct kset *kset_create(const ch
46823 * If the kset was not able to be created, NULL will be returned.
46825 struct kset *kset_create_and_add(const char *name,
46826 - struct kset_uevent_ops *uevent_ops,
46827 + const struct kset_uevent_ops *uevent_ops,
46828 struct kobject *parent_kobj)
46831 diff -urNp linux-2.6.32.1/lib/kobject_uevent.c linux-2.6.32.1/lib/kobject_uevent.c
46832 --- linux-2.6.32.1/lib/kobject_uevent.c 2009-12-02 22:51:21.000000000 -0500
46833 +++ linux-2.6.32.1/lib/kobject_uevent.c 2009-12-14 18:33:59.497992692 -0500
46834 @@ -95,7 +95,7 @@ int kobject_uevent_env(struct kobject *k
46835 const char *subsystem;
46836 struct kobject *top_kobj;
46838 - struct kset_uevent_ops *uevent_ops;
46839 + const struct kset_uevent_ops *uevent_ops;
46843 diff -urNp linux-2.6.32.1/lib/parser.c linux-2.6.32.1/lib/parser.c
46844 --- linux-2.6.32.1/lib/parser.c 2009-12-02 22:51:21.000000000 -0500
46845 +++ linux-2.6.32.1/lib/parser.c 2009-12-14 18:33:59.497992692 -0500
46846 @@ -126,7 +126,7 @@ static int match_number(substring_t *s,
46850 - buf = kmalloc(s->to - s->from + 1, GFP_KERNEL);
46851 + buf = kmalloc((s->to - s->from) + 1, GFP_KERNEL);
46854 memcpy(buf, s->from, s->to - s->from);
46855 diff -urNp linux-2.6.32.1/lib/radix-tree.c linux-2.6.32.1/lib/radix-tree.c
46856 --- linux-2.6.32.1/lib/radix-tree.c 2009-12-02 22:51:21.000000000 -0500
46857 +++ linux-2.6.32.1/lib/radix-tree.c 2009-12-14 18:33:59.497992692 -0500
46858 @@ -81,7 +81,7 @@ struct radix_tree_preload {
46860 struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
46862 -static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
46863 +static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads);
46865 static inline gfp_t root_gfp_mask(struct radix_tree_root *root)
46867 diff -urNp linux-2.6.32.1/lib/random32.c linux-2.6.32.1/lib/random32.c
46868 --- linux-2.6.32.1/lib/random32.c 2009-12-02 22:51:21.000000000 -0500
46869 +++ linux-2.6.32.1/lib/random32.c 2009-12-14 18:33:59.497992692 -0500
46870 @@ -61,7 +61,7 @@ static u32 __random32(struct rnd_state *
46872 static inline u32 __seed(u32 x, u32 m)
46874 - return (x < m) ? x + m : x;
46875 + return (x <= m) ? x + m + 1 : x;
46879 diff -urNp linux-2.6.32.1/localversion-grsec linux-2.6.32.1/localversion-grsec
46880 --- linux-2.6.32.1/localversion-grsec 1969-12-31 19:00:00.000000000 -0500
46881 +++ linux-2.6.32.1/localversion-grsec 2009-12-14 18:33:59.497992692 -0500
46884 diff -urNp linux-2.6.32.1/Makefile linux-2.6.32.1/Makefile
46885 --- linux-2.6.32.1/Makefile 2009-12-14 18:30:08.541937518 -0500
46886 +++ linux-2.6.32.1/Makefile 2009-12-14 18:33:59.536904304 -0500
46887 @@ -221,8 +221,8 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
46891 -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
46892 -HOSTCXXFLAGS = -O2
46893 +HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
46894 +HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
46896 # Decide whether to build built-in, modular, or both.
46897 # Normally, just do built-in.
46898 @@ -644,7 +644,7 @@ export mod_strip_cmd
46901 ifeq ($(KBUILD_EXTMOD),)
46902 -core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
46903 +core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
46905 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
46906 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
46907 diff -urNp linux-2.6.32.1/mm/filemap.c linux-2.6.32.1/mm/filemap.c
46908 --- linux-2.6.32.1/mm/filemap.c 2009-12-02 22:51:21.000000000 -0500
46909 +++ linux-2.6.32.1/mm/filemap.c 2009-12-14 18:33:59.546876618 -0500
46910 @@ -1622,7 +1622,7 @@ int generic_file_mmap(struct file * file
46911 struct address_space *mapping = file->f_mapping;
46913 if (!mapping->a_ops->readpage)
46916 file_accessed(file);
46917 vma->vm_ops = &generic_file_vm_ops;
46918 vma->vm_flags |= VM_CAN_NONLINEAR;
46919 @@ -1982,6 +1982,7 @@ inline int generic_write_checks(struct f
46920 *pos = i_size_read(inode);
46922 if (limit != RLIM_INFINITY) {
46923 + gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0);
46924 if (*pos >= limit) {
46925 send_sig(SIGXFSZ, current, 0);
46927 diff -urNp linux-2.6.32.1/mm/fremap.c linux-2.6.32.1/mm/fremap.c
46928 --- linux-2.6.32.1/mm/fremap.c 2009-12-02 22:51:21.000000000 -0500
46929 +++ linux-2.6.32.1/mm/fremap.c 2009-12-14 18:33:59.558713378 -0500
46930 @@ -153,6 +153,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
46932 vma = find_vma(mm, start);
46934 +#ifdef CONFIG_PAX_SEGMEXEC
46935 + if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC))
46940 * Make sure the vma is shared, that it supports prefaulting,
46941 * and that the remapped range is valid and fully within
46942 diff -urNp linux-2.6.32.1/mm/highmem.c linux-2.6.32.1/mm/highmem.c
46943 --- linux-2.6.32.1/mm/highmem.c 2009-12-02 22:51:21.000000000 -0500
46944 +++ linux-2.6.32.1/mm/highmem.c 2009-12-14 18:33:59.558713378 -0500
46945 @@ -116,9 +116,10 @@ static void flush_all_zero_pkmaps(void)
46946 * So no dangers, even with speculative execution.
46948 page = pte_page(pkmap_page_table[i]);
46949 + pax_open_kernel();
46950 pte_clear(&init_mm, (unsigned long)page_address(page),
46951 &pkmap_page_table[i]);
46953 + pax_close_kernel();
46954 set_page_address(page, NULL);
46957 @@ -177,9 +178,11 @@ start:
46960 vaddr = PKMAP_ADDR(last_pkmap_nr);
46962 + pax_open_kernel();
46963 set_pte_at(&init_mm, vaddr,
46964 &(pkmap_page_table[last_pkmap_nr]), mk_pte(page, kmap_prot));
46966 + pax_close_kernel();
46967 pkmap_count[last_pkmap_nr] = 1;
46968 set_page_address(page, (void *)vaddr);
46970 diff -urNp linux-2.6.32.1/mm/hugetlb.c linux-2.6.32.1/mm/hugetlb.c
46971 --- linux-2.6.32.1/mm/hugetlb.c 2009-12-02 22:51:21.000000000 -0500
46972 +++ linux-2.6.32.1/mm/hugetlb.c 2009-12-14 18:33:59.593103514 -0500
46973 @@ -1924,6 +1924,26 @@ static int unmap_ref_private(struct mm_s
46977 +#ifdef CONFIG_PAX_SEGMEXEC
46978 +static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m)
46980 + struct mm_struct *mm = vma->vm_mm;
46981 + struct vm_area_struct *vma_m;
46982 + unsigned long address_m;
46985 + vma_m = pax_find_mirror_vma(vma);
46989 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
46990 + address_m = address + SEGMEXEC_TASK_SIZE;
46991 + ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK);
46992 + get_page(page_m);
46993 + set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0));
46997 static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
46998 unsigned long address, pte_t *ptep, pte_t pte,
46999 struct page *pagecache_page)
47000 @@ -1995,6 +2015,11 @@ retry_avoidcopy:
47001 huge_ptep_clear_flush(vma, address, ptep);
47002 set_huge_pte_at(mm, address, ptep,
47003 make_huge_pte(vma, new_page, 1));
47005 +#ifdef CONFIG_PAX_SEGMEXEC
47006 + pax_mirror_huge_pte(vma, address, new_page);
47009 /* Make the old page be freed below */
47010 new_page = old_page;
47012 @@ -2124,6 +2149,10 @@ retry:
47013 && (vma->vm_flags & VM_SHARED)));
47014 set_huge_pte_at(mm, address, ptep, new_pte);
47016 +#ifdef CONFIG_PAX_SEGMEXEC
47017 + pax_mirror_huge_pte(vma, address, page);
47020 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
47021 /* Optimization, do the COW without a second fault */
47022 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
47023 @@ -2152,6 +2181,28 @@ int hugetlb_fault(struct mm_struct *mm,
47024 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
47025 struct hstate *h = hstate_vma(vma);
47027 +#ifdef CONFIG_PAX_SEGMEXEC
47028 + struct vm_area_struct *vma_m;
47030 + vma_m = pax_find_mirror_vma(vma);
47032 + unsigned long address_m;
47034 + if (vma->vm_start > vma_m->vm_start) {
47035 + address_m = address;
47036 + address -= SEGMEXEC_TASK_SIZE;
47038 + h = hstate_vma(vma);
47040 + address_m = address + SEGMEXEC_TASK_SIZE;
47042 + if (!huge_pte_alloc(mm, address_m, huge_page_size(h)))
47043 + return VM_FAULT_OOM;
47044 + address_m &= HPAGE_MASK;
47045 + unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL);
47049 ptep = huge_pte_alloc(mm, address, huge_page_size(h));
47051 return VM_FAULT_OOM;
47052 diff -urNp linux-2.6.32.1/mm/Kconfig linux-2.6.32.1/mm/Kconfig
47053 --- linux-2.6.32.1/mm/Kconfig 2009-12-02 22:51:21.000000000 -0500
47054 +++ linux-2.6.32.1/mm/Kconfig 2009-12-14 18:33:59.593103514 -0500
47055 @@ -227,7 +227,7 @@ config KSM
47057 config DEFAULT_MMAP_MIN_ADDR
47058 int "Low address space to protect from user allocation"
47062 This is the portion of low virtual memory which should be protected
47063 from userspace allocation. Keeping a user from writing to low pages
47064 diff -urNp linux-2.6.32.1/mm/maccess.c linux-2.6.32.1/mm/maccess.c
47065 --- linux-2.6.32.1/mm/maccess.c 2009-12-02 22:51:21.000000000 -0500
47066 +++ linux-2.6.32.1/mm/maccess.c 2009-12-14 18:33:59.593999829 -0500
47068 * Safely read from address @src to the buffer at @dst. If a kernel fault
47069 * happens, handle that and return -EFAULT.
47071 -long probe_kernel_read(void *dst, void *src, size_t size)
47072 +long probe_kernel_read(void *dst, const void *src, size_t size)
47075 mm_segment_t old_fs = get_fs();
47076 @@ -39,7 +39,7 @@ EXPORT_SYMBOL_GPL(probe_kernel_read);
47077 * Safely write to address @dst from the buffer at @src. If a kernel fault
47078 * happens, handle that and return -EFAULT.
47080 -long notrace __weak probe_kernel_write(void *dst, void *src, size_t size)
47081 +long notrace __weak probe_kernel_write(void *dst, const void *src, size_t size)
47084 mm_segment_t old_fs = get_fs();
47085 diff -urNp linux-2.6.32.1/mm/madvise.c linux-2.6.32.1/mm/madvise.c
47086 --- linux-2.6.32.1/mm/madvise.c 2009-12-02 22:51:21.000000000 -0500
47087 +++ linux-2.6.32.1/mm/madvise.c 2009-12-14 18:33:59.593999829 -0500
47088 @@ -44,6 +44,10 @@ static long madvise_behavior(struct vm_a
47090 unsigned long new_flags = vma->vm_flags;
47092 +#ifdef CONFIG_PAX_SEGMEXEC
47093 + struct vm_area_struct *vma_m;
47096 switch (behavior) {
47098 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
47099 @@ -103,6 +107,13 @@ success:
47101 * vm_flags is protected by the mmap_sem held in write mode.
47104 +#ifdef CONFIG_PAX_SEGMEXEC
47105 + vma_m = pax_find_mirror_vma(vma);
47107 + vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT);
47110 vma->vm_flags = new_flags;
47113 @@ -161,6 +172,11 @@ static long madvise_dontneed(struct vm_a
47114 struct vm_area_struct ** prev,
47115 unsigned long start, unsigned long end)
47118 +#ifdef CONFIG_PAX_SEGMEXEC
47119 + struct vm_area_struct *vma_m;
47123 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
47125 @@ -173,6 +189,21 @@ static long madvise_dontneed(struct vm_a
47126 zap_page_range(vma, start, end - start, &details);
47128 zap_page_range(vma, start, end - start, NULL);
47130 +#ifdef CONFIG_PAX_SEGMEXEC
47131 + vma_m = pax_find_mirror_vma(vma);
47133 + if (unlikely(vma->vm_flags & VM_NONLINEAR)) {
47134 + struct zap_details details = {
47135 + .nonlinear_vma = vma_m,
47136 + .last_index = ULONG_MAX,
47138 + zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, &details);
47140 + zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, NULL);
47147 @@ -359,6 +390,16 @@ SYSCALL_DEFINE3(madvise, unsigned long,
47151 +#ifdef CONFIG_PAX_SEGMEXEC
47152 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
47153 + if (end > SEGMEXEC_TASK_SIZE)
47158 + if (end > TASK_SIZE)
47164 diff -urNp linux-2.6.32.1/mm/memory.c linux-2.6.32.1/mm/memory.c
47165 --- linux-2.6.32.1/mm/memory.c 2009-12-02 22:51:21.000000000 -0500
47166 +++ linux-2.6.32.1/mm/memory.c 2009-12-14 18:33:59.619848437 -0500
47168 #include <linux/ksm.h>
47169 #include <linux/rmap.h>
47170 #include <linux/module.h>
47171 +#include <linux/security.h>
47172 #include <linux/delayacct.h>
47173 #include <linux/init.h>
47174 #include <linux/writeback.h>
47175 @@ -1251,10 +1252,10 @@ int __get_user_pages(struct task_struct
47176 (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
47180 + while (nr_pages) {
47181 struct vm_area_struct *vma;
47183 - vma = find_extend_vma(mm, start);
47184 + vma = find_vma(mm, start);
47185 if (!vma && in_gate_area(tsk, start)) {
47186 unsigned long pg = start & PAGE_MASK;
47187 struct vm_area_struct *gate_vma = get_gate_vma(tsk);
47188 @@ -1296,7 +1297,7 @@ int __get_user_pages(struct task_struct
47193 + if (!vma || start < vma->vm_start ||
47194 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
47195 !(vm_flags & vma->vm_flags))
47196 return i ? : -EFAULT;
47197 @@ -1371,7 +1372,7 @@ int __get_user_pages(struct task_struct
47198 start += PAGE_SIZE;
47200 } while (nr_pages && start < vma->vm_end);
47201 - } while (nr_pages);
47206 @@ -1967,6 +1968,186 @@ static inline void cow_user_page(struct
47207 copy_user_highpage(dst, src, va, vma);
47210 +#ifdef CONFIG_PAX_SEGMEXEC
47211 +static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd)
47213 + struct mm_struct *mm = vma->vm_mm;
47215 + pte_t *pte, entry;
47217 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
47219 + if (!pte_present(entry)) {
47220 + if (!pte_none(entry)) {
47221 + BUG_ON(pte_file(entry));
47222 + free_swap_and_cache(pte_to_swp_entry(entry));
47223 + pte_clear_not_present_full(mm, address, pte, 0);
47226 + struct page *page;
47228 + flush_cache_page(vma, address, pte_pfn(entry));
47229 + entry = ptep_clear_flush(vma, address, pte);
47230 + BUG_ON(pte_dirty(entry));
47231 + page = vm_normal_page(vma, address, entry);
47233 + update_hiwater_rss(mm);
47234 + if (PageAnon(page))
47235 + dec_mm_counter(mm, anon_rss);
47237 + dec_mm_counter(mm, file_rss);
47238 + page_remove_rmap(page);
47239 + page_cache_release(page);
47242 + pte_unmap_unlock(pte, ptl);
47245 +/* PaX: if vma is mirrored, synchronize the mirror's PTE
47247 + * the ptl of the lower mapped page is held on entry and is not released on exit
47248 + * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
47250 +static void pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
47252 + struct mm_struct *mm = vma->vm_mm;
47253 + unsigned long address_m;
47254 + spinlock_t *ptl_m;
47255 + struct vm_area_struct *vma_m;
47257 + pte_t *pte_m, entry_m;
47259 + BUG_ON(!page_m || !PageAnon(page_m));
47261 + vma_m = pax_find_mirror_vma(vma);
47265 + BUG_ON(!PageLocked(page_m));
47266 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47267 + address_m = address + SEGMEXEC_TASK_SIZE;
47268 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47269 + pte_m = pte_offset_map_nested(pmd_m, address_m);
47270 + ptl_m = pte_lockptr(mm, pmd_m);
47271 + if (ptl != ptl_m) {
47272 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47273 + if (!pte_none(*pte_m))
47277 + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
47278 + page_cache_get(page_m);
47279 + page_add_anon_rmap(page_m, vma_m, address_m);
47280 + inc_mm_counter(mm, anon_rss);
47281 + set_pte_at(mm, address_m, pte_m, entry_m);
47282 + update_mmu_cache(vma_m, address_m, entry_m);
47284 + if (ptl != ptl_m)
47285 + spin_unlock(ptl_m);
47286 + pte_unmap_nested(pte_m);
47287 + unlock_page(page_m);
47290 +void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
47292 + struct mm_struct *mm = vma->vm_mm;
47293 + unsigned long address_m;
47294 + spinlock_t *ptl_m;
47295 + struct vm_area_struct *vma_m;
47297 + pte_t *pte_m, entry_m;
47299 + BUG_ON(!page_m || PageAnon(page_m));
47301 + vma_m = pax_find_mirror_vma(vma);
47305 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47306 + address_m = address + SEGMEXEC_TASK_SIZE;
47307 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47308 + pte_m = pte_offset_map_nested(pmd_m, address_m);
47309 + ptl_m = pte_lockptr(mm, pmd_m);
47310 + if (ptl != ptl_m) {
47311 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47312 + if (!pte_none(*pte_m))
47316 + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
47317 + page_cache_get(page_m);
47318 + page_add_file_rmap(page_m);
47319 + inc_mm_counter(mm, file_rss);
47320 + set_pte_at(mm, address_m, pte_m, entry_m);
47321 + update_mmu_cache(vma_m, address_m, entry_m);
47323 + if (ptl != ptl_m)
47324 + spin_unlock(ptl_m);
47325 + pte_unmap_nested(pte_m);
47328 +static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl)
47330 + struct mm_struct *mm = vma->vm_mm;
47331 + unsigned long address_m;
47332 + spinlock_t *ptl_m;
47333 + struct vm_area_struct *vma_m;
47335 + pte_t *pte_m, entry_m;
47337 + vma_m = pax_find_mirror_vma(vma);
47341 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
47342 + address_m = address + SEGMEXEC_TASK_SIZE;
47343 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
47344 + pte_m = pte_offset_map_nested(pmd_m, address_m);
47345 + ptl_m = pte_lockptr(mm, pmd_m);
47346 + if (ptl != ptl_m) {
47347 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
47348 + if (!pte_none(*pte_m))
47352 + entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot);
47353 + set_pte_at(mm, address_m, pte_m, entry_m);
47355 + if (ptl != ptl_m)
47356 + spin_unlock(ptl_m);
47357 + pte_unmap_nested(pte_m);
47360 +static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl)
47362 + struct page *page_m;
47365 + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC))
47369 + page_m = vm_normal_page(vma, address, entry);
47371 + pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl);
47372 + else if (PageAnon(page_m)) {
47373 + if (pax_find_mirror_vma(vma)) {
47374 + pte_unmap_unlock(pte, ptl);
47375 + lock_page(page_m);
47376 + pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
47377 + if (pte_same(entry, *pte))
47378 + pax_mirror_anon_pte(vma, address, page_m, ptl);
47380 + unlock_page(page_m);
47383 + pax_mirror_file_pte(vma, address, page_m, ptl);
47386 + pte_unmap_unlock(pte, ptl);
47391 * This routine handles present pages, when users try to write
47392 * to a shared page. It is done by copying the page to a new address
47393 @@ -2146,6 +2327,12 @@ gotten:
47395 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
47396 if (likely(pte_same(*page_table, orig_pte))) {
47398 +#ifdef CONFIG_PAX_SEGMEXEC
47399 + if (pax_find_mirror_vma(vma))
47400 + BUG_ON(!trylock_page(new_page));
47404 if (!PageAnon(old_page)) {
47405 dec_mm_counter(mm, file_rss);
47406 @@ -2197,6 +2384,10 @@ gotten:
47407 page_remove_rmap(old_page);
47410 +#ifdef CONFIG_PAX_SEGMEXEC
47411 + pax_mirror_anon_pte(vma, address, new_page, ptl);
47414 /* Free the old page.. */
47415 new_page = old_page;
47416 ret |= VM_FAULT_WRITE;
47417 @@ -2594,6 +2785,11 @@ static int do_swap_page(struct mm_struct
47419 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
47420 try_to_free_swap(page);
47422 +#ifdef CONFIG_PAX_SEGMEXEC
47423 + if ((flags & FAULT_FLAG_WRITE) || !pax_find_mirror_vma(vma))
47428 if (flags & FAULT_FLAG_WRITE) {
47429 @@ -2605,6 +2801,11 @@ static int do_swap_page(struct mm_struct
47431 /* No need to invalidate - it was non-present before */
47432 update_mmu_cache(vma, address, pte);
47434 +#ifdef CONFIG_PAX_SEGMEXEC
47435 + pax_mirror_anon_pte(vma, address, page, ptl);
47439 pte_unmap_unlock(page_table, ptl);
47441 @@ -2628,7 +2829,7 @@ static int do_anonymous_page(struct mm_s
47442 unsigned long address, pte_t *page_table, pmd_t *pmd,
47443 unsigned int flags)
47445 - struct page *page;
47446 + struct page *page = NULL;
47450 @@ -2663,6 +2864,11 @@ static int do_anonymous_page(struct mm_s
47451 if (!pte_none(*page_table))
47454 +#ifdef CONFIG_PAX_SEGMEXEC
47455 + if (pax_find_mirror_vma(vma))
47456 + BUG_ON(!trylock_page(page));
47459 inc_mm_counter(mm, anon_rss);
47460 page_add_new_anon_rmap(page, vma, address);
47462 @@ -2670,6 +2876,12 @@ setpte:
47464 /* No need to invalidate - it was non-present before */
47465 update_mmu_cache(vma, address, entry);
47467 +#ifdef CONFIG_PAX_SEGMEXEC
47469 + pax_mirror_anon_pte(vma, address, page, ptl);
47473 pte_unmap_unlock(page_table, ptl);
47475 @@ -2812,6 +3024,12 @@ static int __do_fault(struct mm_struct *
47477 /* Only go through if we didn't race with anybody else... */
47478 if (likely(pte_same(*page_table, orig_pte))) {
47480 +#ifdef CONFIG_PAX_SEGMEXEC
47481 + if (anon && pax_find_mirror_vma(vma))
47482 + BUG_ON(!trylock_page(page));
47485 flush_icache_page(vma, page);
47486 entry = mk_pte(page, vma->vm_page_prot);
47487 if (flags & FAULT_FLAG_WRITE)
47488 @@ -2831,6 +3049,14 @@ static int __do_fault(struct mm_struct *
47490 /* no need to invalidate: a not-present page won't be cached */
47491 update_mmu_cache(vma, address, entry);
47493 +#ifdef CONFIG_PAX_SEGMEXEC
47495 + pax_mirror_anon_pte(vma, address, page, ptl);
47497 + pax_mirror_file_pte(vma, address, page, ptl);
47502 mem_cgroup_uncharge_page(page);
47503 @@ -2978,6 +3204,12 @@ static inline int handle_pte_fault(struc
47504 if (flags & FAULT_FLAG_WRITE)
47505 flush_tlb_page(vma, address);
47508 +#ifdef CONFIG_PAX_SEGMEXEC
47509 + pax_mirror_pte(vma, address, pte, pmd, ptl);
47514 pte_unmap_unlock(pte, ptl);
47516 @@ -2994,6 +3226,10 @@ int handle_mm_fault(struct mm_struct *mm
47520 +#ifdef CONFIG_PAX_SEGMEXEC
47521 + struct vm_area_struct *vma_m;
47524 __set_current_state(TASK_RUNNING);
47526 count_vm_event(PGFAULT);
47527 @@ -3001,6 +3237,34 @@ int handle_mm_fault(struct mm_struct *mm
47528 if (unlikely(is_vm_hugetlb_page(vma)))
47529 return hugetlb_fault(mm, vma, address, flags);
47531 +#ifdef CONFIG_PAX_SEGMEXEC
47532 + vma_m = pax_find_mirror_vma(vma);
47534 + unsigned long address_m;
47539 + if (vma->vm_start > vma_m->vm_start) {
47540 + address_m = address;
47541 + address -= SEGMEXEC_TASK_SIZE;
47544 + address_m = address + SEGMEXEC_TASK_SIZE;
47546 + pgd_m = pgd_offset(mm, address_m);
47547 + pud_m = pud_alloc(mm, pgd_m, address_m);
47549 + return VM_FAULT_OOM;
47550 + pmd_m = pmd_alloc(mm, pud_m, address_m);
47552 + return VM_FAULT_OOM;
47553 + if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m))
47554 + return VM_FAULT_OOM;
47555 + pax_unmap_mirror_pte(vma_m, address_m, pmd_m);
47559 pgd = pgd_offset(mm, address);
47560 pud = pud_alloc(mm, pgd, address);
47562 @@ -3098,7 +3362,7 @@ static int __init gate_vma_init(void)
47563 gate_vma.vm_start = FIXADDR_USER_START;
47564 gate_vma.vm_end = FIXADDR_USER_END;
47565 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
47566 - gate_vma.vm_page_prot = __P101;
47567 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
47569 * Make sure the vDSO gets into every core dump.
47570 * Dumping its contents makes post-mortem fully interpretable later
47571 diff -urNp linux-2.6.32.1/mm/mempolicy.c linux-2.6.32.1/mm/mempolicy.c
47572 --- linux-2.6.32.1/mm/mempolicy.c 2009-12-02 22:51:21.000000000 -0500
47573 +++ linux-2.6.32.1/mm/mempolicy.c 2009-12-14 18:33:59.643010411 -0500
47574 @@ -573,6 +573,10 @@ static int mbind_range(struct vm_area_st
47575 struct vm_area_struct *next;
47578 +#ifdef CONFIG_PAX_SEGMEXEC
47579 + struct vm_area_struct *vma_m;
47583 for (; vma && vma->vm_start < end; vma = next) {
47584 next = vma->vm_next;
47585 @@ -584,6 +588,16 @@ static int mbind_range(struct vm_area_st
47586 err = policy_vma(vma, new);
47590 +#ifdef CONFIG_PAX_SEGMEXEC
47591 + vma_m = pax_find_mirror_vma(vma);
47593 + err = policy_vma(vma_m, new);
47602 @@ -1002,6 +1016,17 @@ static long do_mbind(unsigned long start
47607 +#ifdef CONFIG_PAX_SEGMEXEC
47608 + if (mm->pax_flags & MF_PAX_SEGMEXEC) {
47609 + if (end > SEGMEXEC_TASK_SIZE)
47614 + if (end > TASK_SIZE)
47620 @@ -1207,6 +1232,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
47624 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
47625 + if (mm != current->mm &&
47626 + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
47633 * Check if this process has the right to modify the specified
47634 * process. The right exists if the process has administrative
47635 @@ -1216,8 +1249,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
47637 tcred = __task_cred(task);
47638 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
47639 - cred->uid != tcred->suid && cred->uid != tcred->uid &&
47640 - !capable(CAP_SYS_NICE)) {
47641 + cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
47645 @@ -2386,7 +2418,7 @@ int show_numa_map(struct seq_file *m, vo
47648 seq_printf(m, " file=");
47649 - seq_path(m, &file->f_path, "\n\t= ");
47650 + seq_path(m, &file->f_path, "\n\t\\= ");
47651 } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
47652 seq_printf(m, " heap");
47653 } else if (vma->vm_start <= mm->start_stack &&
47654 diff -urNp linux-2.6.32.1/mm/migrate.c linux-2.6.32.1/mm/migrate.c
47655 --- linux-2.6.32.1/mm/migrate.c 2009-12-02 22:51:21.000000000 -0500
47656 +++ linux-2.6.32.1/mm/migrate.c 2009-12-14 18:33:59.657922600 -0500
47657 @@ -1103,6 +1103,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
47661 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
47662 + if (mm != current->mm &&
47663 + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
47670 * Check if this process has the right to modify the specified
47671 * process. The right exists if the process has administrative
47672 @@ -1112,8 +1120,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
47674 tcred = __task_cred(task);
47675 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
47676 - cred->uid != tcred->suid && cred->uid != tcred->uid &&
47677 - !capable(CAP_SYS_NICE)) {
47678 + cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
47682 diff -urNp linux-2.6.32.1/mm/mlock.c linux-2.6.32.1/mm/mlock.c
47683 --- linux-2.6.32.1/mm/mlock.c 2009-12-02 22:51:21.000000000 -0500
47684 +++ linux-2.6.32.1/mm/mlock.c 2009-12-14 18:33:59.667982949 -0500
47686 #include <linux/pagemap.h>
47687 #include <linux/mempolicy.h>
47688 #include <linux/syscalls.h>
47689 +#include <linux/security.h>
47690 #include <linux/sched.h>
47691 #include <linux/module.h>
47692 #include <linux/rmap.h>
47693 @@ -435,6 +436,17 @@ static int do_mlock(unsigned long start,
47698 +#ifdef CONFIG_PAX_SEGMEXEC
47699 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
47700 + if (end > SEGMEXEC_TASK_SIZE)
47705 + if (end > TASK_SIZE)
47708 vma = find_vma_prev(current->mm, start, &prev);
47709 if (!vma || vma->vm_start > start)
47711 @@ -494,6 +506,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
47712 lock_limit >>= PAGE_SHIFT;
47714 /* check against resource limits */
47715 + gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
47716 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
47717 error = do_mlock(start, len, 1);
47718 up_write(¤t->mm->mmap_sem);
47719 @@ -515,10 +528,10 @@ SYSCALL_DEFINE2(munlock, unsigned long,
47720 static int do_mlockall(int flags)
47722 struct vm_area_struct * vma, * prev = NULL;
47723 - unsigned int def_flags = 0;
47724 + unsigned int def_flags = current->mm->def_flags & ~VM_LOCKED;
47726 if (flags & MCL_FUTURE)
47727 - def_flags = VM_LOCKED;
47728 + def_flags |= VM_LOCKED;
47729 current->mm->def_flags = def_flags;
47730 if (flags == MCL_FUTURE)
47732 @@ -526,6 +539,12 @@ static int do_mlockall(int flags)
47733 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
47734 unsigned int newflags;
47736 +#ifdef CONFIG_PAX_SEGMEXEC
47737 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
47741 + BUG_ON(vma->vm_end > TASK_SIZE);
47742 newflags = vma->vm_flags | VM_LOCKED;
47743 if (!(flags & MCL_CURRENT))
47744 newflags &= ~VM_LOCKED;
47745 @@ -582,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
47747 if (!vx_vmlocked_avail(current->mm, current->mm->total_vm))
47749 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
47750 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
47751 capable(CAP_IPC_LOCK))
47752 ret = do_mlockall(flags);
47753 diff -urNp linux-2.6.32.1/mm/mmap.c linux-2.6.32.1/mm/mmap.c
47754 --- linux-2.6.32.1/mm/mmap.c 2009-12-02 22:51:21.000000000 -0500
47755 +++ linux-2.6.32.1/mm/mmap.c 2009-12-14 18:33:59.681733190 -0500
47757 #define arch_rebalance_pgtables(addr, len) (addr)
47760 +static inline void verify_mm_writelocked(struct mm_struct *mm)
47762 +#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX)
47763 + if (unlikely(down_read_trylock(&mm->mmap_sem))) {
47764 + up_read(&mm->mmap_sem);
47770 static void unmap_region(struct mm_struct *mm,
47771 struct vm_area_struct *vma, struct vm_area_struct *prev,
47772 unsigned long start, unsigned long end);
47773 @@ -70,16 +80,25 @@ static void unmap_region(struct mm_struc
47774 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes
47777 -pgprot_t protection_map[16] = {
47778 +pgprot_t protection_map[16] __read_only = {
47779 __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
47780 __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
47783 pgprot_t vm_get_page_prot(unsigned long vm_flags)
47785 - return __pgprot(pgprot_val(protection_map[vm_flags &
47786 + pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags &
47787 (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
47788 pgprot_val(arch_vm_get_page_prot(vm_flags)));
47790 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
47791 + if (!nx_enabled &&
47792 + (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC &&
47793 + (vm_flags & (VM_READ | VM_WRITE)))
47794 + prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot)))));
47799 EXPORT_SYMBOL(vm_get_page_prot);
47801 @@ -231,6 +250,7 @@ static struct vm_area_struct *remove_vma
47802 struct vm_area_struct *next = vma->vm_next;
47805 + BUG_ON(vma->vm_mirror);
47806 if (vma->vm_ops && vma->vm_ops->close)
47807 vma->vm_ops->close(vma);
47808 if (vma->vm_file) {
47809 @@ -267,6 +287,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
47810 * not page aligned -Ram Gupta
47812 rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
47813 + gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
47814 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
47815 (mm->end_data - mm->start_data) > rlim)
47817 @@ -694,6 +715,12 @@ static int
47818 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
47819 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
47822 +#ifdef CONFIG_PAX_SEGMEXEC
47823 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE)
47827 if (is_mergeable_vma(vma, file, vm_flags) &&
47828 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
47829 if (vma->vm_pgoff == vm_pgoff)
47830 @@ -713,6 +740,12 @@ static int
47831 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
47832 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
47835 +#ifdef CONFIG_PAX_SEGMEXEC
47836 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE)
47840 if (is_mergeable_vma(vma, file, vm_flags) &&
47841 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
47843 @@ -755,12 +788,19 @@ can_vma_merge_after(struct vm_area_struc
47844 struct vm_area_struct *vma_merge(struct mm_struct *mm,
47845 struct vm_area_struct *prev, unsigned long addr,
47846 unsigned long end, unsigned long vm_flags,
47847 - struct anon_vma *anon_vma, struct file *file,
47848 + struct anon_vma *anon_vma, struct file *file,
47849 pgoff_t pgoff, struct mempolicy *policy)
47851 pgoff_t pglen = (end - addr) >> PAGE_SHIFT;
47852 struct vm_area_struct *area, *next;
47854 +#ifdef CONFIG_PAX_SEGMEXEC
47855 + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE;
47856 + struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL;
47858 + BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end);
47862 * We later require that vma->vm_flags == vm_flags,
47863 * so this tests vma->vm_flags & VM_SPECIAL, too.
47864 @@ -776,6 +816,15 @@ struct vm_area_struct *vma_merge(struct
47865 if (next && next->vm_end == end) /* cases 6, 7, 8 */
47866 next = next->vm_next;
47868 +#ifdef CONFIG_PAX_SEGMEXEC
47870 + prev_m = pax_find_mirror_vma(prev);
47872 + area_m = pax_find_mirror_vma(area);
47874 + next_m = pax_find_mirror_vma(next);
47878 * Can it merge with the predecessor?
47880 @@ -795,9 +844,24 @@ struct vm_area_struct *vma_merge(struct
47882 vma_adjust(prev, prev->vm_start,
47883 next->vm_end, prev->vm_pgoff, NULL);
47884 - } else /* cases 2, 5, 7 */
47886 +#ifdef CONFIG_PAX_SEGMEXEC
47888 + vma_adjust(prev_m, prev_m->vm_start,
47889 + next_m->vm_end, prev_m->vm_pgoff, NULL);
47892 + } else { /* cases 2, 5, 7 */
47893 vma_adjust(prev, prev->vm_start,
47894 end, prev->vm_pgoff, NULL);
47896 +#ifdef CONFIG_PAX_SEGMEXEC
47898 + vma_adjust(prev_m, prev_m->vm_start,
47899 + end_m, prev_m->vm_pgoff, NULL);
47906 @@ -808,12 +872,27 @@ struct vm_area_struct *vma_merge(struct
47907 mpol_equal(policy, vma_policy(next)) &&
47908 can_vma_merge_before(next, vm_flags,
47909 anon_vma, file, pgoff+pglen)) {
47910 - if (prev && addr < prev->vm_end) /* case 4 */
47911 + if (prev && addr < prev->vm_end) { /* case 4 */
47912 vma_adjust(prev, prev->vm_start,
47913 addr, prev->vm_pgoff, NULL);
47914 - else /* cases 3, 8 */
47916 +#ifdef CONFIG_PAX_SEGMEXEC
47918 + vma_adjust(prev_m, prev_m->vm_start,
47919 + addr_m, prev_m->vm_pgoff, NULL);
47922 + } else { /* cases 3, 8 */
47923 vma_adjust(area, addr, next->vm_end,
47924 next->vm_pgoff - pglen, NULL);
47926 +#ifdef CONFIG_PAX_SEGMEXEC
47928 + vma_adjust(area_m, addr_m, next_m->vm_end,
47929 + next_m->vm_pgoff - pglen, NULL);
47936 @@ -888,14 +967,11 @@ none:
47937 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
47938 struct file *file, long pages)
47940 - const unsigned long stack_flags
47941 - = VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN);
47944 mm->shared_vm += pages;
47945 if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
47946 mm->exec_vm += pages;
47947 - } else if (flags & stack_flags)
47948 + } else if (flags & (VM_GROWSUP|VM_GROWSDOWN))
47949 mm->stack_vm += pages;
47950 if (flags & (VM_RESERVED|VM_IO))
47951 mm->reserved_vm += pages;
47952 @@ -922,7 +998,7 @@ unsigned long do_mmap_pgoff(struct file
47953 * (the exception is when the underlying filesystem is noexec
47954 * mounted, in which case we dont add PROT_EXEC.)
47956 - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
47957 + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
47958 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
47961 @@ -932,15 +1008,15 @@ unsigned long do_mmap_pgoff(struct file
47962 if (!(flags & MAP_FIXED))
47963 addr = round_hint_to_min(addr);
47965 - error = arch_mmap_check(addr, len, flags);
47969 /* Careful about overflows.. */
47970 len = PAGE_ALIGN(len);
47971 if (!len || len > TASK_SIZE)
47974 + error = arch_mmap_check(addr, len, flags);
47978 /* offset overflow? */
47979 if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
47981 @@ -970,7 +1046,7 @@ unsigned long do_mmap_pgoff(struct file
47982 /* Obtain the address to map to. we verify (or select) it and ensure
47983 * that it represents a valid section of the address space.
47985 - addr = get_unmapped_area(file, addr, len, pgoff, flags);
47986 + addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0));
47987 if (addr & ~PAGE_MASK)
47990 @@ -981,6 +1057,26 @@ unsigned long do_mmap_pgoff(struct file
47991 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
47992 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
47994 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
47995 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
47997 +#ifdef CONFIG_PAX_MPROTECT
47998 + if (mm->pax_flags & MF_PAX_MPROTECT) {
47999 + if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
48000 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
48002 + vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
48009 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
48010 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file)
48011 + vm_flags &= ~VM_PAGEEXEC;
48014 if (flags & MAP_LOCKED)
48015 if (!can_do_mlock())
48017 @@ -992,6 +1088,7 @@ unsigned long do_mmap_pgoff(struct file
48018 locked += mm->locked_vm;
48019 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
48020 lock_limit >>= PAGE_SHIFT;
48021 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48022 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
48025 @@ -1065,6 +1162,9 @@ unsigned long do_mmap_pgoff(struct file
48029 + if (!gr_acl_handle_mmap(file, prot))
48032 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
48034 EXPORT_SYMBOL(do_mmap_pgoff);
48035 @@ -1077,10 +1177,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
48037 int vma_wants_writenotify(struct vm_area_struct *vma)
48039 - unsigned int vm_flags = vma->vm_flags;
48040 + unsigned long vm_flags = vma->vm_flags;
48042 /* If it was private or non-writable, the write bit is already clear */
48043 - if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED)))
48044 + if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED))
48047 /* The backer wishes to know when pages are first written to? */
48048 @@ -1129,14 +1229,24 @@ unsigned long mmap_region(struct file *f
48049 unsigned long charged = 0;
48050 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
48052 +#ifdef CONFIG_PAX_SEGMEXEC
48053 + struct vm_area_struct *vma_m = NULL;
48057 + * mm->mmap_sem is required to protect against another thread
48058 + * changing the mappings in case we sleep.
48060 + verify_mm_writelocked(mm);
48062 /* Clear old maps */
48065 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48066 if (vma && vma->vm_start < addr + len) {
48067 if (do_munmap(mm, addr, len))
48069 - goto munmap_back;
48070 + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48071 + BUG_ON(vma && vma->vm_start < addr + len);
48074 /* Check against address space limit. */
48075 @@ -1185,6 +1295,16 @@ munmap_back:
48079 +#ifdef CONFIG_PAX_SEGMEXEC
48080 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) {
48081 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48090 vma->vm_start = addr;
48091 vma->vm_end = addr + len;
48092 @@ -1207,6 +1327,19 @@ munmap_back:
48093 error = file->f_op->mmap(file, vma);
48095 goto unmap_and_free_vma;
48097 +#ifdef CONFIG_PAX_SEGMEXEC
48098 + if (vma_m && (vm_flags & VM_EXECUTABLE))
48099 + added_exe_file_vma(mm);
48102 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
48103 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) {
48104 + vma->vm_flags |= VM_PAGEEXEC;
48105 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
48109 if (vm_flags & VM_EXECUTABLE)
48110 added_exe_file_vma(mm);
48112 @@ -1230,6 +1363,11 @@ munmap_back:
48113 vma_link(mm, vma, prev, rb_link, rb_parent);
48114 file = vma->vm_file;
48116 +#ifdef CONFIG_PAX_SEGMEXEC
48118 + pax_mirror_vma(vma_m, vma);
48121 /* Once vma denies write, undo our temporary denial count */
48122 if (correct_wcount)
48123 atomic_inc(&inode->i_writecount);
48124 @@ -1238,6 +1376,7 @@ out:
48126 mm->total_vm += len >> PAGE_SHIFT;
48127 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
48128 + track_exec_limit(mm, addr, addr + len, vm_flags);
48129 if (vm_flags & VM_LOCKED) {
48131 * makes pages present; downgrades, drops, reacquires mmap_sem
48132 @@ -1260,6 +1399,12 @@ unmap_and_free_vma:
48133 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
48137 +#ifdef CONFIG_PAX_SEGMEXEC
48139 + kmem_cache_free(vm_area_cachep, vma_m);
48142 kmem_cache_free(vm_area_cachep, vma);
48145 @@ -1293,6 +1438,10 @@ arch_get_unmapped_area(struct file *filp
48146 if (flags & MAP_FIXED)
48149 +#ifdef CONFIG_PAX_RANDMMAP
48150 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
48154 addr = PAGE_ALIGN(addr);
48155 vma = find_vma(mm, addr);
48156 @@ -1301,10 +1450,10 @@ arch_get_unmapped_area(struct file *filp
48159 if (len > mm->cached_hole_size) {
48160 - start_addr = addr = mm->free_area_cache;
48161 + start_addr = addr = mm->free_area_cache;
48163 - start_addr = addr = TASK_UNMAPPED_BASE;
48164 - mm->cached_hole_size = 0;
48165 + start_addr = addr = mm->mmap_base;
48166 + mm->cached_hole_size = 0;
48170 @@ -1315,9 +1464,8 @@ full_search:
48171 * Start a new search - just in case we missed
48174 - if (start_addr != TASK_UNMAPPED_BASE) {
48175 - addr = TASK_UNMAPPED_BASE;
48176 - start_addr = addr;
48177 + if (start_addr != mm->mmap_base) {
48178 + start_addr = addr = mm->mmap_base;
48179 mm->cached_hole_size = 0;
48182 @@ -1339,10 +1487,16 @@ full_search:
48184 void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
48187 +#ifdef CONFIG_PAX_SEGMEXEC
48188 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
48193 * Is this a new hole at the lowest possible address?
48195 - if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) {
48196 + if (addr >= mm->mmap_base && addr < mm->free_area_cache) {
48197 mm->free_area_cache = addr;
48198 mm->cached_hole_size = ~0UL;
48200 @@ -1360,7 +1514,7 @@ arch_get_unmapped_area_topdown(struct fi
48202 struct vm_area_struct *vma;
48203 struct mm_struct *mm = current->mm;
48204 - unsigned long addr = addr0;
48205 + unsigned long base = mm->mmap_base, addr = addr0;
48207 /* requested length too big for entire address space */
48208 if (len > TASK_SIZE)
48209 @@ -1369,6 +1523,10 @@ arch_get_unmapped_area_topdown(struct fi
48210 if (flags & MAP_FIXED)
48213 +#ifdef CONFIG_PAX_RANDMMAP
48214 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
48217 /* requesting a specific address */
48219 addr = PAGE_ALIGN(addr);
48220 @@ -1426,13 +1584,21 @@ bottomup:
48221 * can happen with large stack limits and large mmap()
48224 + mm->mmap_base = TASK_UNMAPPED_BASE;
48226 +#ifdef CONFIG_PAX_RANDMMAP
48227 + if (mm->pax_flags & MF_PAX_RANDMMAP)
48228 + mm->mmap_base += mm->delta_mmap;
48231 + mm->free_area_cache = mm->mmap_base;
48232 mm->cached_hole_size = ~0UL;
48233 - mm->free_area_cache = TASK_UNMAPPED_BASE;
48234 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
48236 * Restore the topdown base:
48238 - mm->free_area_cache = mm->mmap_base;
48239 + mm->mmap_base = base;
48240 + mm->free_area_cache = base;
48241 mm->cached_hole_size = ~0UL;
48244 @@ -1441,6 +1607,12 @@ bottomup:
48246 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
48249 +#ifdef CONFIG_PAX_SEGMEXEC
48250 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
48255 * Is this a new hole at the highest possible address?
48257 @@ -1448,8 +1620,10 @@ void arch_unmap_area_topdown(struct mm_s
48258 mm->free_area_cache = addr;
48260 /* dont allow allocations above current base */
48261 - if (mm->free_area_cache > mm->mmap_base)
48262 + if (mm->free_area_cache > mm->mmap_base) {
48263 mm->free_area_cache = mm->mmap_base;
48264 + mm->cached_hole_size = ~0UL;
48269 @@ -1549,6 +1723,27 @@ out:
48270 return prev ? prev->vm_next : vma;
48273 +#ifdef CONFIG_PAX_SEGMEXEC
48274 +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
48276 + struct vm_area_struct *vma_m;
48278 + BUG_ON(!vma || vma->vm_start >= vma->vm_end);
48279 + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
48280 + BUG_ON(vma->vm_mirror);
48283 + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end);
48284 + vma_m = vma->vm_mirror;
48285 + BUG_ON(!vma_m || vma_m->vm_mirror != vma);
48286 + BUG_ON(vma->vm_file != vma_m->vm_file);
48287 + BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
48288 + BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma);
48289 + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED));
48295 * Verify that the stack growth is acceptable and
48296 * update accounting. This is shared with both the
48297 @@ -1565,6 +1760,7 @@ static int acct_stack_growth(struct vm_a
48300 /* Stack limit test */
48301 + gr_learn_resource(current, RLIMIT_STACK, size, 1);
48302 if (size > rlim[RLIMIT_STACK].rlim_cur)
48305 @@ -1574,6 +1770,7 @@ static int acct_stack_growth(struct vm_a
48306 unsigned long limit;
48307 locked = mm->locked_vm + grow;
48308 limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
48309 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48310 if (locked > limit && !capable(CAP_IPC_LOCK))
48313 @@ -1609,35 +1806,40 @@ static
48315 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
48318 + int error, locknext;
48320 if (!(vma->vm_flags & VM_GROWSUP))
48323 + /* Also guard against wrapping around to address 0. */
48324 + if (address < PAGE_ALIGN(address+1))
48325 + address = PAGE_ALIGN(address+1);
48330 * We must make sure the anon_vma is allocated
48331 * so that the anon_vma locking is not a noop.
48333 if (unlikely(anon_vma_prepare(vma)))
48335 + locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
48336 + if (locknext && unlikely(anon_vma_prepare(vma->vm_next)))
48338 anon_vma_lock(vma);
48340 + anon_vma_lock(vma->vm_next);
48343 * vma->vm_start/vm_end cannot change under us because the caller
48344 * is required to hold the mmap_sem in read mode. We need the
48345 - * anon_vma lock to serialize against concurrent expand_stacks.
48346 - * Also guard against wrapping around to address 0.
48347 + * anon_vma locks to serialize against concurrent expand_stacks
48348 + * and expand_upwards.
48350 - if (address < PAGE_ALIGN(address+4))
48351 - address = PAGE_ALIGN(address+4);
48353 - anon_vma_unlock(vma);
48358 /* Somebody else might have raced and expanded it already */
48359 - if (address > vma->vm_end) {
48360 + if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
48361 unsigned long size, grow;
48363 size = address - vma->vm_start;
48364 @@ -1647,6 +1849,8 @@ int expand_upwards(struct vm_area_struct
48366 vma->vm_end = address;
48369 + anon_vma_unlock(vma->vm_next);
48370 anon_vma_unlock(vma);
48373 @@ -1658,7 +1862,8 @@ int expand_upwards(struct vm_area_struct
48374 static int expand_downwards(struct vm_area_struct *vma,
48375 unsigned long address)
48378 + int error, lockprev = 0;
48379 + struct vm_area_struct *prev = NULL;
48382 * We must make sure the anon_vma is allocated
48383 @@ -1672,6 +1877,15 @@ static int expand_downwards(struct vm_ar
48387 +#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
48388 + find_vma_prev(vma->vm_mm, address, &prev);
48389 + lockprev = prev && (prev->vm_flags & VM_GROWSUP);
48391 + if (lockprev && unlikely(anon_vma_prepare(prev)))
48394 + anon_vma_lock(prev);
48396 anon_vma_lock(vma);
48399 @@ -1681,9 +1895,15 @@ static int expand_downwards(struct vm_ar
48402 /* Somebody else might have raced and expanded it already */
48403 - if (address < vma->vm_start) {
48404 + if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
48405 unsigned long size, grow;
48407 +#ifdef CONFIG_PAX_SEGMEXEC
48408 + struct vm_area_struct *vma_m;
48410 + vma_m = pax_find_mirror_vma(vma);
48413 size = vma->vm_end - address;
48414 grow = (vma->vm_start - address) >> PAGE_SHIFT;
48416 @@ -1691,9 +1911,20 @@ static int expand_downwards(struct vm_ar
48418 vma->vm_start = address;
48419 vma->vm_pgoff -= grow;
48420 + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
48422 +#ifdef CONFIG_PAX_SEGMEXEC
48424 + vma_m->vm_start -= grow << PAGE_SHIFT;
48425 + vma_m->vm_pgoff -= grow;
48431 anon_vma_unlock(vma);
48433 + anon_vma_unlock(prev);
48437 @@ -2002,6 +2002,13 @@ static void remove_vma_list(struct mm_st
48439 long nrpages = vma_pages(vma);
48441 +#ifdef CONFIG_PAX_SEGMEXEC
48442 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) {
48443 + vma = remove_vma(vma);
48448 // mm->total_vm -= nrpages;
48449 vx_vmpages_sub(mm, nrpages);
48450 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
48451 @@ -1813,6 +2051,16 @@ detach_vmas_to_be_unmapped(struct mm_str
48453 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
48456 +#ifdef CONFIG_PAX_SEGMEXEC
48457 + if (vma->vm_mirror) {
48458 + BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma);
48459 + vma->vm_mirror->vm_mirror = NULL;
48460 + vma->vm_mirror->vm_flags &= ~VM_EXEC;
48461 + vma->vm_mirror = NULL;
48465 rb_erase(&vma->vm_rb, &mm->mm_rb);
48468 @@ -1832,6 +2080,108 @@ detach_vmas_to_be_unmapped(struct mm_str
48469 * Split a vma into two pieces at address 'addr', a new vma is allocated
48470 * either for the first part or the tail.
48473 +#ifdef CONFIG_PAX_SEGMEXEC
48474 +int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
48475 + unsigned long addr, int new_below)
48477 + struct mempolicy *pol;
48478 + struct vm_area_struct *new, *vma_m, *new_m = NULL;
48479 + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE;
48481 + if (is_vm_hugetlb_page(vma) && (addr & ~HPAGE_MASK))
48484 + vma_m = pax_find_mirror_vma(vma);
48486 + BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE);
48487 + if (mm->map_count >= sysctl_max_map_count-1)
48489 + } else if (mm->map_count >= sysctl_max_map_count)
48492 + new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
48497 + new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
48499 + kmem_cache_free(vm_area_cachep, new);
48504 + /* most fields are the same, copy all, and then fixup */
48508 + new->vm_end = addr;
48510 + new->vm_start = addr;
48511 + new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
48516 + new_m->vm_mirror = new;
48517 + new->vm_mirror = new_m;
48520 + new_m->vm_end = addr_m;
48522 + new_m->vm_start = addr_m;
48523 + new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT);
48527 + pol = mpol_dup(vma_policy(vma));
48528 + if (IS_ERR(pol)) {
48530 + kmem_cache_free(vm_area_cachep, new_m);
48531 + kmem_cache_free(vm_area_cachep, new);
48532 + return PTR_ERR(pol);
48534 + vma_set_policy(new, pol);
48536 + if (new->vm_file) {
48537 + get_file(new->vm_file);
48538 + if (vma->vm_flags & VM_EXECUTABLE)
48539 + added_exe_file_vma(mm);
48542 + if (new->vm_ops && new->vm_ops->open)
48543 + new->vm_ops->open(new);
48546 + vma_adjust(vma, addr, vma->vm_end, vma->vm_pgoff +
48547 + ((addr - new->vm_start) >> PAGE_SHIFT), new);
48549 + vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
48553 + vma_set_policy(new_m, pol);
48555 + if (new_m->vm_file) {
48556 + get_file(new_m->vm_file);
48557 + if (vma_m->vm_flags & VM_EXECUTABLE)
48558 + added_exe_file_vma(mm);
48561 + if (new_m->vm_ops && new_m->vm_ops->open)
48562 + new_m->vm_ops->open(new_m);
48565 + vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff +
48566 + ((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m);
48568 + vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m);
48574 int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
48575 unsigned long addr, int new_below)
48577 @@ -1883,17 +2233,37 @@ int split_vma(struct mm_struct * mm, str
48583 /* Munmap is split into 2 main parts -- this part which finds
48584 * what needs doing, and the areas themselves, which do the
48585 * work. This now handles partial unmappings.
48586 * Jeremy Fitzhardinge <jeremy@goop.org>
48588 +#ifdef CONFIG_PAX_SEGMEXEC
48589 int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
48591 + int ret = __do_munmap(mm, start, len);
48592 + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
48595 + return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len);
48598 +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
48600 +int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
48604 struct vm_area_struct *vma, *prev, *last;
48607 + * mm->mmap_sem is required to protect against another thread
48608 + * changing the mappings in case we sleep.
48610 + verify_mm_writelocked(mm);
48612 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
48615 @@ -1957,6 +2327,8 @@ int do_munmap(struct mm_struct *mm, unsi
48616 /* Fix up all other VM information */
48617 remove_vma_list(mm, vma);
48619 + track_exec_limit(mm, start, end, 0UL);
48624 @@ -1969,22 +2341,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
48626 profile_munmap(addr);
48628 +#ifdef CONFIG_PAX_SEGMEXEC
48629 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
48630 + (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len))
48634 down_write(&mm->mmap_sem);
48635 ret = do_munmap(mm, addr, len);
48636 up_write(&mm->mmap_sem);
48640 -static inline void verify_mm_writelocked(struct mm_struct *mm)
48642 -#ifdef CONFIG_DEBUG_VM
48643 - if (unlikely(down_read_trylock(&mm->mmap_sem))) {
48645 - up_read(&mm->mmap_sem);
48651 * this is really a simplified "do_mmap". it only handles
48652 * anonymous maps. eventually we may be able to do some
48653 @@ -1998,6 +2366,11 @@ unsigned long do_brk(unsigned long addr,
48654 struct rb_node ** rb_link, * rb_parent;
48655 pgoff_t pgoff = addr >> PAGE_SHIFT;
48657 + unsigned long charged;
48659 +#ifdef CONFIG_PAX_SEGMEXEC
48660 + struct vm_area_struct *vma_m = NULL;
48663 len = PAGE_ALIGN(len);
48665 @@ -2015,19 +2388,34 @@ unsigned long do_brk(unsigned long addr,
48667 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
48669 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
48670 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
48671 + flags &= ~VM_EXEC;
48673 +#ifdef CONFIG_PAX_MPROTECT
48674 + if (mm->pax_flags & MF_PAX_MPROTECT)
48675 + flags &= ~VM_MAYEXEC;
48681 error = arch_mmap_check(addr, len, flags);
48685 + charged = len >> PAGE_SHIFT;
48688 * mlock MCL_FUTURE?
48690 if (mm->def_flags & VM_LOCKED) {
48691 unsigned long locked, lock_limit;
48692 - locked = len >> PAGE_SHIFT;
48693 + locked = charged;
48694 locked += mm->locked_vm;
48695 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
48696 lock_limit >>= PAGE_SHIFT;
48697 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
48698 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
48701 @@ -2435,23 +2435,23 @@ unsigned long do_brk(unsigned long addr,
48703 * Clear old maps. this also does some error checking for us
48706 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48707 if (vma && vma->vm_start < addr + len) {
48708 if (do_munmap(mm, addr, len))
48710 - goto munmap_back;
48711 + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
48712 + BUG_ON(vma && vma->vm_start < addr + len);
48715 /* Check against address space limits *after* clearing old maps... */
48716 - if (!may_expand_vm(mm, len >> PAGE_SHIFT))
48717 + if (!may_expand_vm(mm, charged))
48720 if (mm->map_count > sysctl_max_map_count)
48723 - if (security_vm_enough_memory(len >> PAGE_SHIFT) ||
48724 - !vx_vmpages_avail(mm, len >> PAGE_SHIFT))
48725 + if (security_vm_enough_memory(charged) ||
48726 + !vx_vmpages_avail(mm, charged))
48729 /* Can we just expand an old private anonymous mapping? */
48730 @@ -2070,10 +2458,21 @@ unsigned long do_brk(unsigned long addr,
48732 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48734 - vm_unacct_memory(len >> PAGE_SHIFT);
48735 + vm_unacct_memory(charged);
48739 +#ifdef CONFIG_PAX_SEGMEXEC
48740 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (flags & VM_EXEC)) {
48741 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48743 + kmem_cache_free(vm_area_cachep, vma);
48744 + vm_unacct_memory(charged);
48751 vma->vm_start = addr;
48752 vma->vm_end = addr + len;
48753 @@ -2488,14 +2488,15 @@ unsigned long do_brk(unsigned long addr,
48754 vma->vm_page_prot = vm_get_page_prot(flags);
48755 vma_link(mm, vma, prev, rb_link, rb_parent);
48757 - // mm->total_vm += len >> PAGE_SHIFT;
48758 - vx_vmpages_add(mm, len >> PAGE_SHIFT);
48759 + // mm->total_vm += charged;
48760 + vx_vmpages_add(mm, charged);
48762 if (flags & VM_LOCKED) {
48763 if (!mlock_vma_pages_range(vma, addr, addr + len))
48764 - // mm->locked_vm += (len >> PAGE_SHIFT);
48765 - vx_vmlocked_add(mm, len >> PAGE_SHIFT);
48766 + // mm->locked_vm += (charged);
48767 + vx_vmlocked_add(mm, charged);
48769 + track_exec_limit(mm, addr, addr + len, flags);
48773 @@ -2133,8 +2533,10 @@ void exit_mmap(struct mm_struct *mm)
48774 * Walk the list again, actually closing and freeing it,
48775 * with preemption enabled, without holding any MM locks.
48779 + vma->vm_mirror = NULL;
48780 vma = remove_vma(vma);
48783 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
48785 @@ -2148,6 +2550,10 @@ int insert_vm_struct(struct mm_struct *
48786 struct vm_area_struct * __vma, * prev;
48787 struct rb_node ** rb_link, * rb_parent;
48789 +#ifdef CONFIG_PAX_SEGMEXEC
48790 + struct vm_area_struct *vma_m = NULL;
48794 * The vm_pgoff of a purely anonymous vma should be irrelevant
48795 * until its first write fault, when page's anon_vma and index
48796 @@ -2170,7 +2576,22 @@ int insert_vm_struct(struct mm_struct *
48797 if ((vma->vm_flags & VM_ACCOUNT) &&
48798 security_vm_enough_memory_mm(mm, vma_pages(vma)))
48801 +#ifdef CONFIG_PAX_SEGMEXEC
48802 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) {
48803 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
48809 vma_link(mm, vma, prev, rb_link, rb_parent);
48811 +#ifdef CONFIG_PAX_SEGMEXEC
48813 + pax_mirror_vma(vma_m, vma);
48819 @@ -2188,6 +2609,8 @@ struct vm_area_struct *copy_vma(struct v
48820 struct rb_node **rb_link, *rb_parent;
48821 struct mempolicy *pol;
48823 + BUG_ON(vma->vm_mirror);
48826 * If anonymous vma has not yet been faulted, update new pgoff
48827 * to match new location, to increase its chance of merging.
48828 @@ -2231,6 +2654,35 @@ struct vm_area_struct *copy_vma(struct v
48832 +#ifdef CONFIG_PAX_SEGMEXEC
48833 +void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma)
48835 + struct vm_area_struct *prev_m;
48836 + struct rb_node **rb_link_m, *rb_parent_m;
48837 + struct mempolicy *pol_m;
48839 + BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC));
48840 + BUG_ON(vma->vm_mirror || vma_m->vm_mirror);
48841 + BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m)));
48843 + pol_m = vma_policy(vma_m);
48845 + vma_set_policy(vma_m, pol_m);
48846 + vma_m->vm_start += SEGMEXEC_TASK_SIZE;
48847 + vma_m->vm_end += SEGMEXEC_TASK_SIZE;
48848 + vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED);
48849 + vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags);
48850 + if (vma_m->vm_file)
48851 + get_file(vma_m->vm_file);
48852 + if (vma_m->vm_ops && vma_m->vm_ops->open)
48853 + vma_m->vm_ops->open(vma_m);
48854 + find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m);
48855 + vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m);
48856 + vma_m->vm_mirror = vma;
48857 + vma->vm_mirror = vma_m;
48862 * Return true if the calling process may expand its vm space by the passed
48864 @@ -2241,7 +2693,7 @@ int may_expand_vm(struct mm_struct *mm,
48867 lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
48869 + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
48870 if (cur + npages > lim)
48873 @@ -2310,6 +2762,15 @@ int install_special_mapping(struct mm_st
48874 vma->vm_start = addr;
48875 vma->vm_end = addr + len;
48877 +#ifdef CONFIG_PAX_MPROTECT
48878 + if (mm->pax_flags & MF_PAX_MPROTECT) {
48879 + if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
48880 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
48882 + vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
48886 vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
48887 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
48889 diff -urNp linux-2.6.32.1/mm/mprotect.c linux-2.6.32.1/mm/mprotect.c
48890 --- linux-2.6.32.1/mm/mprotect.c 2009-12-02 22:51:21.000000000 -0500
48891 +++ linux-2.6.32.1/mm/mprotect.c 2009-12-14 18:33:59.682784735 -0500
48892 @@ -24,10 +24,16 @@
48893 #include <linux/mmu_notifier.h>
48894 #include <linux/migrate.h>
48895 #include <linux/perf_event.h>
48897 +#ifdef CONFIG_PAX_MPROTECT
48898 +#include <linux/elf.h>
48901 #include <asm/uaccess.h>
48902 #include <asm/pgtable.h>
48903 #include <asm/cacheflush.h>
48904 #include <asm/tlbflush.h>
48905 +#include <asm/mmu_context.h>
48907 #ifndef pgprot_modify
48908 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
48909 @@ -132,6 +138,48 @@ static void change_protection(struct vm_
48910 flush_tlb_range(vma, start, end);
48913 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
48914 +/* called while holding the mmap semaphor for writing except stack expansion */
48915 +void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot)
48917 + unsigned long oldlimit, newlimit = 0UL;
48919 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || nx_enabled)
48922 + spin_lock(&mm->page_table_lock);
48923 + oldlimit = mm->context.user_cs_limit;
48924 + if ((prot & VM_EXEC) && oldlimit < end)
48925 + /* USER_CS limit moved up */
48927 + else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end)
48928 + /* USER_CS limit moved down */
48929 + newlimit = start;
48932 + mm->context.user_cs_limit = newlimit;
48936 + cpus_clear(mm->context.cpu_user_cs_mask);
48937 + cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
48940 + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
48942 + spin_unlock(&mm->page_table_lock);
48943 + if (newlimit == end) {
48944 + struct vm_area_struct *vma = find_vma(mm, oldlimit);
48946 + for (; vma && vma->vm_start < end; vma = vma->vm_next)
48947 + if (is_vm_hugetlb_page(vma))
48948 + hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
48950 + change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma));
48956 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
48957 unsigned long start, unsigned long end, unsigned long newflags)
48958 @@ -144,6 +192,14 @@ mprotect_fixup(struct vm_area_struct *vm
48960 int dirty_accountable = 0;
48962 +#ifdef CONFIG_PAX_SEGMEXEC
48963 + struct vm_area_struct *vma_m = NULL;
48964 + unsigned long start_m, end_m;
48966 + start_m = start + SEGMEXEC_TASK_SIZE;
48967 + end_m = end + SEGMEXEC_TASK_SIZE;
48970 if (newflags == oldflags) {
48973 @@ -165,6 +221,38 @@ mprotect_fixup(struct vm_area_struct *vm
48977 +#ifdef CONFIG_PAX_SEGMEXEC
48978 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) {
48979 + if (start != vma->vm_start) {
48980 + error = split_vma(mm, vma, start, 1);
48983 + BUG_ON(!*pprev || (*pprev)->vm_next == vma);
48984 + *pprev = (*pprev)->vm_next;
48987 + if (end != vma->vm_end) {
48988 + error = split_vma(mm, vma, end, 0);
48993 + if (pax_find_mirror_vma(vma)) {
48994 + error = __do_munmap(mm, start_m, end_m - start_m);
48998 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
49003 + vma->vm_flags = newflags;
49004 + pax_mirror_vma(vma_m, vma);
49010 * First try to merge with previous and/or next vma.
49012 @@ -196,8 +284,14 @@ success:
49013 * held in write mode.
49015 vma->vm_flags = newflags;
49017 +#ifdef CONFIG_PAX_MPROTECT
49018 + if (mm->binfmt && mm->binfmt->handle_mprotect)
49019 + mm->binfmt->handle_mprotect(vma, newflags);
49022 vma->vm_page_prot = pgprot_modify(vma->vm_page_prot,
49023 - vm_get_page_prot(newflags));
49024 + vm_get_page_prot(vma->vm_flags));
49026 if (vma_wants_writenotify(vma)) {
49027 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
49028 @@ -238,6 +332,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49033 +#ifdef CONFIG_PAX_SEGMEXEC
49034 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
49035 + if (end > SEGMEXEC_TASK_SIZE)
49040 + if (end > TASK_SIZE)
49043 if (!arch_validate_prot(prot))
49046 @@ -245,7 +350,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49048 * Does the application expect PROT_READ to imply PROT_EXEC:
49050 - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
49051 + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
49054 vm_flags = calc_vm_prot_bits(prot);
49055 @@ -277,6 +382,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49056 if (start > vma->vm_start)
49059 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
49064 +#ifdef CONFIG_PAX_MPROTECT
49065 + if (current->mm->binfmt && current->mm->binfmt->handle_mprotect)
49066 + current->mm->binfmt->handle_mprotect(vma, vm_flags);
49069 for (nstart = start ; ; ) {
49070 unsigned long newflags;
49072 @@ -301,6 +416,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
49075 perf_event_mmap(vma);
49077 + track_exec_limit(current->mm, nstart, tmp, vm_flags);
49081 if (nstart < prev->vm_end)
49082 diff -urNp linux-2.6.32.1/mm/mremap.c linux-2.6.32.1/mm/mremap.c
49083 --- linux-2.6.32.1/mm/mremap.c 2009-12-02 22:51:21.000000000 -0500
49084 +++ linux-2.6.32.1/mm/mremap.c 2009-12-14 18:33:59.682784735 -0500
49085 @@ -114,6 +114,12 @@ static void move_ptes(struct vm_area_str
49087 pte = ptep_clear_flush(vma, old_addr, old_pte);
49088 pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
49090 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
49091 + if (!nx_enabled && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC)
49092 + pte = pte_exprotect(pte);
49095 set_pte_at(mm, new_addr, new_pte, pte);
49098 @@ -276,6 +282,7 @@ unsigned long do_mremap(unsigned long ad
49099 struct vm_area_struct *vma;
49100 unsigned long ret = -EINVAL;
49101 unsigned long charged = 0;
49102 + unsigned long pax_task_size = TASK_SIZE;
49104 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
49106 @@ -294,6 +301,15 @@ unsigned long do_mremap(unsigned long ad
49110 +#ifdef CONFIG_PAX_SEGMEXEC
49111 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
49112 + pax_task_size = SEGMEXEC_TASK_SIZE;
49115 + if (new_len > pax_task_size || addr > pax_task_size-new_len ||
49116 + old_len > pax_task_size || addr > pax_task_size-old_len)
49119 /* new_addr is only valid if MREMAP_FIXED is specified */
49120 if (flags & MREMAP_FIXED) {
49121 if (new_addr & ~PAGE_MASK)
49122 @@ -301,16 +317,13 @@ unsigned long do_mremap(unsigned long ad
49123 if (!(flags & MREMAP_MAYMOVE))
49126 - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
49127 + if (new_addr > pax_task_size - new_len)
49130 /* Check if the location we're moving into overlaps the
49131 * old location at all, and fail if it does.
49133 - if ((new_addr <= addr) && (new_addr+new_len) > addr)
49136 - if ((addr <= new_addr) && (addr+old_len) > new_addr)
49137 + if (addr + old_len > new_addr && new_addr + new_len > addr)
49140 ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
49141 @@ -348,6 +361,14 @@ unsigned long do_mremap(unsigned long ad
49146 +#ifdef CONFIG_PAX_SEGMEXEC
49147 + if (pax_find_mirror_vma(vma)) {
49153 /* We can't remap across vm area boundaries */
49154 if (old_len > vma->vm_end - addr)
49156 @@ -381,7 +402,7 @@ unsigned long do_mremap(unsigned long ad
49157 if (old_len == vma->vm_end - addr &&
49158 !((flags & MREMAP_FIXED) && (addr != new_addr)) &&
49159 (old_len != new_len || !(flags & MREMAP_MAYMOVE))) {
49160 - unsigned long max_addr = TASK_SIZE;
49161 + unsigned long max_addr = pax_task_size;
49163 max_addr = vma->vm_next->vm_start;
49164 /* can we just expand the current mapping? */
49165 @@ -399,6 +420,7 @@ unsigned long do_mremap(unsigned long ad
49169 + track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
49173 @@ -409,8 +431,8 @@ unsigned long do_mremap(unsigned long ad
49176 if (flags & MREMAP_MAYMOVE) {
49177 + unsigned long map_flags = 0;
49178 if (!(flags & MREMAP_FIXED)) {
49179 - unsigned long map_flags = 0;
49180 if (vma->vm_flags & VM_MAYSHARE)
49181 map_flags |= MAP_SHARED;
49183 @@ -425,7 +447,12 @@ unsigned long do_mremap(unsigned long ad
49187 + map_flags = vma->vm_flags;
49188 ret = move_vma(vma, addr, old_len, new_len, new_addr);
49189 + if (!(ret & ~PAGE_MASK)) {
49190 + track_exec_limit(current->mm, addr, addr + old_len, 0UL);
49191 + track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
49195 if (ret & ~PAGE_MASK)
49196 diff -urNp linux-2.6.32.1/mm/nommu.c linux-2.6.32.1/mm/nommu.c
49197 --- linux-2.6.32.1/mm/nommu.c 2009-12-02 22:51:21.000000000 -0500
49198 +++ linux-2.6.32.1/mm/nommu.c 2009-12-14 18:33:59.684765804 -0500
49199 @@ -758,15 +758,6 @@ struct vm_area_struct *find_vma(struct m
49200 EXPORT_SYMBOL(find_vma);
49204 - * - we don't extend stack VMAs under NOMMU conditions
49206 -struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
49208 - return find_vma(mm, addr);
49212 * expand a stack to a given address
49213 * - not supported under NOMMU conditions
49215 diff -urNp linux-2.6.32.1/mm/page_alloc.c linux-2.6.32.1/mm/page_alloc.c
49216 --- linux-2.6.32.1/mm/page_alloc.c 2009-12-02 22:51:21.000000000 -0500
49217 +++ linux-2.6.32.1/mm/page_alloc.c 2009-12-14 18:33:59.698890426 -0500
49218 @@ -585,6 +585,10 @@ static void __free_pages_ok(struct page
49220 int wasMlocked = __TestClearPageMlocked(page);
49222 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
49223 + unsigned long index = 1UL << order;
49226 kmemcheck_free_shadow(page, order);
49228 for (i = 0 ; i < (1 << order) ; ++i)
49229 @@ -597,6 +601,12 @@ static void __free_pages_ok(struct page
49230 debug_check_no_obj_freed(page_address(page),
49231 PAGE_SIZE << order);
49234 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
49235 + for (; index; --index)
49236 + sanitize_highpage(page + index - 1);
49239 arch_free_page(page, order);
49240 kernel_map_pages(page, 1 << order, 0);
49242 @@ -700,8 +710,10 @@ static int prep_new_page(struct page *pa
49243 arch_alloc_page(page, order);
49244 kernel_map_pages(page, 1 << order, 1);
49246 +#ifndef CONFIG_PAX_MEMORY_SANITIZE
49247 if (gfp_flags & __GFP_ZERO)
49248 prep_zero_page(page, order, gfp_flags);
49251 if (order && (gfp_flags & __GFP_COMP))
49252 prep_compound_page(page, order);
49253 @@ -1095,6 +1107,11 @@ static void free_hot_cold_page(struct pa
49254 debug_check_no_locks_freed(page_address(page), PAGE_SIZE);
49255 debug_check_no_obj_freed(page_address(page), PAGE_SIZE);
49258 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
49259 + sanitize_highpage(page);
49262 arch_free_page(page, 0);
49263 kernel_map_pages(page, 1, 0);
49265 diff -urNp linux-2.6.32.1/mm/percpu.c linux-2.6.32.1/mm/percpu.c
49266 --- linux-2.6.32.1/mm/percpu.c 2009-12-02 22:51:21.000000000 -0500
49267 +++ linux-2.6.32.1/mm/percpu.c 2009-12-14 18:33:59.698890426 -0500
49268 @@ -115,7 +115,7 @@ static unsigned int pcpu_first_unit_cpu
49269 static unsigned int pcpu_last_unit_cpu __read_mostly;
49271 /* the address of the first chunk which starts with the kernel static area */
49272 -void *pcpu_base_addr __read_mostly;
49273 +void *pcpu_base_addr __read_only;
49274 EXPORT_SYMBOL_GPL(pcpu_base_addr);
49276 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
49277 diff -urNp linux-2.6.32.1/mm/rmap.c linux-2.6.32.1/mm/rmap.c
49278 --- linux-2.6.32.1/mm/rmap.c 2009-12-02 22:51:21.000000000 -0500
49279 +++ linux-2.6.32.1/mm/rmap.c 2009-12-14 18:33:59.706888957 -0500
49280 @@ -108,6 +108,10 @@ int anon_vma_prepare(struct vm_area_stru
49281 struct mm_struct *mm = vma->vm_mm;
49282 struct anon_vma *allocated;
49284 +#ifdef CONFIG_PAX_SEGMEXEC
49285 + struct vm_area_struct *vma_m;
49288 anon_vma = find_mergeable_anon_vma(vma);
49291 @@ -121,6 +125,15 @@ int anon_vma_prepare(struct vm_area_stru
49292 /* page_table_lock to protect against threads */
49293 spin_lock(&mm->page_table_lock);
49294 if (likely(!vma->anon_vma)) {
49296 +#ifdef CONFIG_PAX_SEGMEXEC
49297 + vma_m = pax_find_mirror_vma(vma);
49299 + vma_m->anon_vma = anon_vma;
49300 + __anon_vma_link(vma_m);
49304 vma->anon_vma = anon_vma;
49305 list_add_tail(&vma->anon_vma_node, &anon_vma->head);
49307 diff -urNp linux-2.6.32.1/mm/shmem.c linux-2.6.32.1/mm/shmem.c
49308 --- linux-2.6.32.1/mm/shmem.c 2009-12-02 22:51:21.000000000 -0500
49309 +++ linux-2.6.32.1/mm/shmem.c 2009-12-14 18:33:59.706888957 -0500
49311 #include <linux/swap.h>
49312 #include <linux/ima.h>
49314 -static struct vfsmount *shm_mnt;
49315 +struct vfsmount *shm_mnt;
49317 #ifdef CONFIG_SHMEM
49319 diff -urNp linux-2.6.32.1/mm/slab.c linux-2.6.32.1/mm/slab.c
49320 --- linux-2.6.32.1/mm/slab.c 2009-12-02 22:51:21.000000000 -0500
49321 +++ linux-2.6.32.1/mm/slab.c 2009-12-14 18:33:59.734793293 -0500
49322 @@ -308,7 +308,7 @@ struct kmem_list3 {
49323 * Need this for bootstrapping a per node allocator.
49325 #define NUM_INIT_LISTS (3 * MAX_NUMNODES)
49326 -struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
49327 +struct kmem_list3 initkmem_list3[NUM_INIT_LISTS];
49328 #define CACHE_CACHE 0
49329 #define SIZE_AC MAX_NUMNODES
49330 #define SIZE_L3 (2 * MAX_NUMNODES)
49331 @@ -558,7 +558,7 @@ static inline void *index_to_obj(struct
49332 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
49334 static inline unsigned int obj_to_index(const struct kmem_cache *cache,
49335 - const struct slab *slab, void *obj)
49336 + const struct slab *slab, const void *obj)
49338 u32 offset = (obj - slab->s_mem);
49339 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
49340 @@ -584,14 +584,14 @@ struct cache_names {
49341 static struct cache_names __initdata cache_names[] = {
49342 #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
49343 #include <linux/kmalloc_sizes.h>
49349 static struct arraycache_init initarray_cache __initdata =
49350 - { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
49351 + { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
49352 static struct arraycache_init initarray_generic =
49353 - { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
49354 + { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
49356 /* internal cache of cache description objs */
49357 static struct kmem_cache cache_cache = {
49358 @@ -4084,7 +4084,7 @@ out:
49359 schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_CPUC));
49362 -#ifdef CONFIG_SLABINFO
49363 +#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
49365 static void print_slabinfo_header(struct seq_file *m)
49367 @@ -4482,6 +4482,51 @@ static int __init slab_proc_init(void)
49368 module_init(slab_proc_init);
49371 +void check_object_size(const void *ptr, unsigned long n, bool to)
49374 +#ifdef CONFIG_PAX_USERCOPY
49375 + struct kmem_cache *cachep;
49376 + struct slab *slabp;
49377 + struct page *page;
49378 + unsigned int objnr;
49379 + unsigned long offset;
49384 + if (ZERO_OR_NULL_PTR(ptr))
49387 + if (!virt_addr_valid(ptr))
49390 + page = virt_to_head_page(ptr);
49392 + if (!PageSlab(page)) {
49393 + if (object_is_on_stack(ptr, n) == -1)
49398 + cachep = page_get_cache(page);
49399 + slabp = page_get_slab(page);
49400 + objnr = obj_to_index(cachep, slabp, ptr);
49401 + BUG_ON(objnr >= cachep->num);
49402 + offset = ptr - index_to_obj(cachep, slabp, objnr) - obj_offset(cachep);
49403 + if (offset <= obj_size(cachep) && n <= obj_size(cachep) - offset)
49408 + pax_report_leak_to_user(ptr, n);
49410 + pax_report_overflow_from_user(ptr, n);
49414 +EXPORT_SYMBOL(check_object_size);
49417 * ksize - get the actual amount of memory allocated for a given object
49418 * @objp: Pointer to the object
49419 diff -urNp linux-2.6.32.1/mm/slob.c linux-2.6.32.1/mm/slob.c
49420 --- linux-2.6.32.1/mm/slob.c 2009-12-02 22:51:21.000000000 -0500
49421 +++ linux-2.6.32.1/mm/slob.c 2009-12-14 18:33:59.736004820 -0500
49423 * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
49424 * alloc_pages() directly, allocating compound pages so the page order
49425 * does not have to be separately tracked, and also stores the exact
49426 - * allocation size in page->private so that it can be used to accurately
49427 + * allocation size in slob_page->size so that it can be used to accurately
49428 * provide ksize(). These objects are detected in kfree() because slob_page()
49429 * is false for them.
49434 #include <linux/kernel.h>
49435 +#include <linux/sched.h>
49436 #include <linux/slab.h>
49437 #include <linux/mm.h>
49438 #include <linux/swap.h> /* struct reclaim_state */
49439 @@ -100,7 +101,8 @@ struct slob_page {
49440 unsigned long flags; /* mandatory */
49441 atomic_t _count; /* mandatory */
49442 slobidx_t units; /* free units left in page */
49443 - unsigned long pad[2];
49444 + unsigned long pad[1];
49445 + unsigned long size; /* size when >=PAGE_SIZE */
49446 slob_t *free; /* first free slob_t in page */
49447 struct list_head list; /* linked list of free pages */
49449 @@ -133,7 +135,7 @@ static LIST_HEAD(free_slob_large);
49451 static inline int is_slob_page(struct slob_page *sp)
49453 - return PageSlab((struct page *)sp);
49454 + return PageSlab((struct page *)sp) && !sp->size;
49457 static inline void set_slob_page(struct slob_page *sp)
49458 @@ -148,7 +150,7 @@ static inline void clear_slob_page(struc
49460 static inline struct slob_page *slob_page(const void *addr)
49462 - return (struct slob_page *)virt_to_page(addr);
49463 + return (struct slob_page *)virt_to_head_page(addr);
49467 @@ -208,7 +210,7 @@ static void set_slob(slob_t *s, slobidx_
49469 * Return the size of a slob block.
49471 -static slobidx_t slob_units(slob_t *s)
49472 +static slobidx_t slob_units(const slob_t *s)
49476 @@ -218,7 +220,7 @@ static slobidx_t slob_units(slob_t *s)
49478 * Return the next free slob block pointer after this one.
49480 -static slob_t *slob_next(slob_t *s)
49481 +static slob_t *slob_next(const slob_t *s)
49483 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
49485 @@ -233,7 +235,7 @@ static slob_t *slob_next(slob_t *s)
49487 * Returns true if s is the last free block in its page.
49489 -static int slob_last(slob_t *s)
49490 +static int slob_last(const slob_t *s)
49492 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
49494 @@ -252,6 +254,7 @@ static void *slob_new_pages(gfp_t gfp, i
49498 + set_slob_page(page);
49499 return page_address(page);
49502 @@ -368,11 +371,11 @@ static void *slob_alloc(size_t size, gfp
49506 - set_slob_page(sp);
49508 spin_lock_irqsave(&slob_lock, flags);
49509 sp->units = SLOB_UNITS(PAGE_SIZE);
49512 INIT_LIST_HEAD(&sp->list);
49513 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
49514 set_slob_page_free(sp, slob_list);
49515 @@ -475,10 +478,9 @@ out:
49516 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long)
49519 -void *__kmalloc_node(size_t size, gfp_t gfp, int node)
49520 +static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align)
49523 - int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49527 lockdep_trace_alloc(gfp);
49528 @@ -491,7 +493,10 @@ void *__kmalloc_node(size_t size, gfp_t
49533 + BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT);
49534 + BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT);
49535 + m[0].units = size;
49536 + m[1].units = align;
49537 ret = (void *)m + align;
49539 trace_kmalloc_node(_RET_IP_, ret,
49540 @@ -501,9 +506,9 @@ void *__kmalloc_node(size_t size, gfp_t
49542 ret = slob_new_pages(gfp | __GFP_COMP, get_order(size), node);
49544 - struct page *page;
49545 - page = virt_to_page(ret);
49546 - page->private = size;
49547 + struct slob_page *sp;
49548 + sp = slob_page(ret);
49552 trace_kmalloc_node(_RET_IP_, ret,
49553 @@ -513,6 +518,13 @@ void *__kmalloc_node(size_t size, gfp_t
49554 kmemleak_alloc(ret, size, 1, gfp);
49558 +void *__kmalloc_node(size_t size, gfp_t gfp, int node)
49560 + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49562 + return __kmalloc_node_align(size, gfp, node, align);
49564 EXPORT_SYMBOL(__kmalloc_node);
49566 void kfree(const void *block)
49567 @@ -528,13 +540,84 @@ void kfree(const void *block)
49568 sp = slob_page(block);
49569 if (is_slob_page(sp)) {
49570 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49571 - unsigned int *m = (unsigned int *)(block - align);
49572 - slob_free(m, *m + align);
49574 + slob_t *m = (slob_t *)(block - align);
49575 + slob_free(m, m[0].units + align);
49577 + clear_slob_page(sp);
49578 + free_slob_page(sp);
49580 put_page(&sp->page);
49583 EXPORT_SYMBOL(kfree);
49585 +void check_object_size(const void *ptr, unsigned long n, bool to)
49588 +#ifdef CONFIG_PAX_USERCOPY
49589 + struct slob_page *sp;
49590 + const slob_t *free;
49591 + const void *base;
49596 + if (ZERO_OR_NULL_PTR(ptr))
49599 + if (!virt_addr_valid(ptr))
49602 + sp = slob_page(ptr);
49603 + if (!PageSlab((struct page*)sp)) {
49604 + if (object_is_on_stack(ptr, n) == -1)
49610 + base = page_address(&sp->page);
49611 + if (base <= ptr && n <= sp->size - (ptr - base))
49616 + /* some tricky double walking to find the chunk */
49617 + base = (void *)((unsigned long)ptr & PAGE_MASK);
49620 + while (!slob_last(free) && (void *)free <= ptr) {
49621 + base = free + slob_units(free);
49622 + free = slob_next(free);
49625 + while (base < (void *)free) {
49626 + slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units;
49627 + int size = SLOB_UNIT * SLOB_UNITS(m + align);
49630 + if (ptr < base + align)
49633 + offset = ptr - base - align;
49634 + if (offset < m) {
49635 + if (n <= m - offset)
49644 + pax_report_leak_to_user(ptr, n);
49646 + pax_report_overflow_from_user(ptr, n);
49650 +EXPORT_SYMBOL(check_object_size);
49652 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
49653 size_t ksize(const void *block)
49655 @@ -547,10 +630,10 @@ size_t ksize(const void *block)
49656 sp = slob_page(block);
49657 if (is_slob_page(sp)) {
49658 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
49659 - unsigned int *m = (unsigned int *)(block - align);
49660 - return SLOB_UNITS(*m) * SLOB_UNIT;
49661 + slob_t *m = (slob_t *)(block - align);
49662 + return SLOB_UNITS(m[0].units) * SLOB_UNIT;
49664 - return sp->page.private;
49667 EXPORT_SYMBOL(ksize);
49669 @@ -605,17 +688,25 @@ void *kmem_cache_alloc_node(struct kmem_
49673 +#ifdef CONFIG_PAX_USERCOPY
49674 + b = __kmalloc_node_align(c->size, flags, node, c->align);
49676 if (c->size < PAGE_SIZE) {
49677 b = slob_alloc(c->size, flags, c->align, node);
49678 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
49679 SLOB_UNITS(c->size) * SLOB_UNIT,
49682 + struct slob_page *sp;
49684 b = slob_new_pages(flags, get_order(c->size), node);
49685 + sp = slob_page(b);
49686 + sp->size = c->size;
49687 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
49688 PAGE_SIZE << get_order(c->size),
49695 @@ -627,10 +718,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
49697 static void __kmem_cache_free(void *b, int size)
49699 - if (size < PAGE_SIZE)
49700 + struct slob_page *sp = slob_page(b);
49702 + if (is_slob_page(sp))
49703 slob_free(b, size);
49706 + clear_slob_page(sp);
49707 + free_slob_page(sp);
49709 slob_free_pages(b, get_order(size));
49713 static void kmem_rcu_free(struct rcu_head *head)
49714 @@ -643,15 +740,24 @@ static void kmem_rcu_free(struct rcu_hea
49716 void kmem_cache_free(struct kmem_cache *c, void *b)
49718 + int size = c->size;
49720 +#ifdef CONFIG_PAX_USERCOPY
49721 + if (size + c->align < PAGE_SIZE) {
49722 + size += c->align;
49727 kmemleak_free_recursive(b, c->flags);
49728 if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
49729 struct slob_rcu *slob_rcu;
49730 - slob_rcu = b + (c->size - sizeof(struct slob_rcu));
49731 + slob_rcu = b + (size - sizeof(struct slob_rcu));
49732 INIT_RCU_HEAD(&slob_rcu->head);
49733 - slob_rcu->size = c->size;
49734 + slob_rcu->size = size;
49735 call_rcu(&slob_rcu->head, kmem_rcu_free);
49737 - __kmem_cache_free(b, c->size);
49738 + __kmem_cache_free(b, size);
49741 trace_kmem_cache_free(_RET_IP_, b);
49742 diff -urNp linux-2.6.32.1/mm/slub.c linux-2.6.32.1/mm/slub.c
49743 --- linux-2.6.32.1/mm/slub.c 2009-12-02 22:51:21.000000000 -0500
49744 +++ linux-2.6.32.1/mm/slub.c 2009-12-14 18:33:59.747817639 -0500
49745 @@ -1937,7 +1937,7 @@ static int slub_min_objects;
49746 * Merge control. If this is set then no merging of slab caches will occur.
49747 * (Could be removed. This was introduced to pacify the merge skeptics.)
49749 -static int slub_nomerge;
49750 +static int slub_nomerge = 1;
49753 * Calculate the order of allocation given an slab object size.
49754 @@ -2493,7 +2493,7 @@ static int kmem_cache_open(struct kmem_c
49755 * list to avoid pounding the page allocator excessively.
49757 set_min_partial(s, ilog2(s->size));
49759 + atomic_set(&s->refcount, 1);
49761 s->remote_node_defrag_ratio = 1000;
49763 @@ -2630,8 +2630,7 @@ static inline int kmem_cache_close(struc
49764 void kmem_cache_destroy(struct kmem_cache *s)
49766 down_write(&slub_lock);
49768 - if (!s->refcount) {
49769 + if (atomic_dec_and_test(&s->refcount)) {
49770 list_del(&s->list);
49771 up_write(&slub_lock);
49772 if (kmem_cache_close(s)) {
49773 @@ -2915,6 +2914,46 @@ void *__kmalloc_node(size_t size, gfp_t
49774 EXPORT_SYMBOL(__kmalloc_node);
49777 +void check_object_size(const void *ptr, unsigned long n, bool to)
49780 +#ifdef CONFIG_PAX_USERCOPY
49781 + struct page *page;
49782 + struct kmem_cache *s;
49783 + unsigned long offset;
49788 + if (ZERO_OR_NULL_PTR(ptr))
49791 + if (!virt_addr_valid(ptr))
49794 + page = get_object_page(ptr);
49797 + if (object_is_on_stack(ptr, n) == -1)
49803 + offset = (ptr - page_address(page)) % s->size;
49804 + if (offset <= s->objsize && n <= s->objsize - offset)
49809 + pax_report_leak_to_user(ptr, n);
49811 + pax_report_overflow_from_user(ptr, n);
49815 +EXPORT_SYMBOL(check_object_size);
49817 size_t ksize(const void *object)
49820 @@ -3186,7 +3225,7 @@ void __init kmem_cache_init(void)
49822 create_kmalloc_cache(&kmalloc_caches[0], "kmem_cache_node",
49823 sizeof(struct kmem_cache_node), GFP_NOWAIT);
49824 - kmalloc_caches[0].refcount = -1;
49825 + atomic_set(&kmalloc_caches[0].refcount, -1);
49828 hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI);
49829 @@ -3293,7 +3332,7 @@ static int slab_unmergeable(struct kmem_
49831 * We may have set a slab to be unmergeable during bootstrap.
49833 - if (s->refcount < 0)
49834 + if (atomic_read(&s->refcount) < 0)
49838 @@ -3353,7 +3392,7 @@ struct kmem_cache *kmem_cache_create(con
49843 + atomic_inc(&s->refcount);
49845 * Adjust the object sizes so that we clear
49846 * the complete object on kzalloc.
49847 @@ -3372,7 +3411,7 @@ struct kmem_cache *kmem_cache_create(con
49849 if (sysfs_slab_alias(s, name)) {
49850 down_write(&slub_lock);
49852 + atomic_dec(&s->refcount);
49853 up_write(&slub_lock);
49856 @@ -4101,7 +4140,7 @@ SLAB_ATTR_RO(ctor);
49858 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
49860 - return sprintf(buf, "%d\n", s->refcount - 1);
49861 + return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1);
49863 SLAB_ATTR_RO(aliases);
49865 @@ -4503,7 +4542,7 @@ static void kmem_cache_release(struct ko
49869 -static struct sysfs_ops slab_sysfs_ops = {
49870 +static const struct sysfs_ops slab_sysfs_ops = {
49871 .show = slab_attr_show,
49872 .store = slab_attr_store,
49874 @@ -4522,7 +4561,7 @@ static int uevent_filter(struct kset *ks
49878 -static struct kset_uevent_ops slab_uevent_ops = {
49879 +static const struct kset_uevent_ops slab_uevent_ops = {
49880 .filter = uevent_filter,
49883 @@ -4696,7 +4735,7 @@ __initcall(slab_sysfs_init);
49885 * The /proc/slabinfo ABI
49887 -#ifdef CONFIG_SLABINFO
49888 +#if defined(CONFIG_SLABINFO) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
49889 static void print_slabinfo_header(struct seq_file *m)
49891 seq_puts(m, "slabinfo - version: 2.1\n");
49892 diff -urNp linux-2.6.32.1/mm/util.c linux-2.6.32.1/mm/util.c
49893 --- linux-2.6.32.1/mm/util.c 2009-12-02 22:51:21.000000000 -0500
49894 +++ linux-2.6.32.1/mm/util.c 2009-12-14 18:33:59.747817639 -0500
49895 @@ -224,6 +224,12 @@ EXPORT_SYMBOL(strndup_user);
49896 void arch_pick_mmap_layout(struct mm_struct *mm)
49898 mm->mmap_base = TASK_UNMAPPED_BASE;
49900 +#ifdef CONFIG_PAX_RANDMMAP
49901 + if (mm->pax_flags & MF_PAX_RANDMMAP)
49902 + mm->mmap_base += mm->delta_mmap;
49905 mm->get_unmapped_area = arch_get_unmapped_area;
49906 mm->unmap_area = arch_unmap_area;
49908 diff -urNp linux-2.6.32.1/mm/vmalloc.c linux-2.6.32.1/mm/vmalloc.c
49909 --- linux-2.6.32.1/mm/vmalloc.c 2009-12-02 22:51:21.000000000 -0500
49910 +++ linux-2.6.32.1/mm/vmalloc.c 2009-12-14 18:33:59.758761810 -0500
49911 @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd,
49913 pte = pte_offset_kernel(pmd, addr);
49915 - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
49916 - WARN_ON(!pte_none(ptent) && !pte_present(ptent));
49918 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49919 + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
49920 + BUG_ON(!pte_exec(*pte));
49921 + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
49927 + pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
49928 + WARN_ON(!pte_none(ptent) && !pte_present(ptent));
49930 } while (pte++, addr += PAGE_SIZE, addr != end);
49933 @@ -92,6 +103,7 @@ static int vmap_pte_range(pmd_t *pmd, un
49934 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
49937 + int ret = -ENOMEM;
49940 * nr is a running index into the array which helps higher level
49941 @@ -101,17 +113,30 @@ static int vmap_pte_range(pmd_t *pmd, un
49942 pte = pte_alloc_kernel(pmd, addr);
49946 + pax_open_kernel();
49948 struct page *page = pages[*nr];
49950 - if (WARN_ON(!pte_none(*pte)))
49952 - if (WARN_ON(!page))
49954 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49955 + if (pgprot_val(prot) & _PAGE_NX)
49958 + if (WARN_ON(!pte_none(*pte))) {
49962 + if (WARN_ON(!page)) {
49966 set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
49968 } while (pte++, addr += PAGE_SIZE, addr != end);
49972 + pax_close_kernel();
49976 static int vmap_pmd_range(pud_t *pud, unsigned long addr,
49977 @@ -192,11 +217,20 @@ int is_vmalloc_or_module_addr(const void
49978 * and fall back on vmalloc() if that fails. Others
49979 * just put it in the vmalloc space.
49981 -#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
49982 +#ifdef CONFIG_MODULES
49983 +#ifdef MODULES_VADDR
49984 unsigned long addr = (unsigned long)x;
49985 if (addr >= MODULES_VADDR && addr < MODULES_END)
49989 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
49990 + if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END)
49996 return is_vmalloc_addr(x);
49999 @@ -292,13 +326,13 @@ static void __insert_vmap_area(struct vm
50000 struct rb_node *tmp;
50003 - struct vmap_area *tmp;
50004 + struct vmap_area *varea;
50007 - tmp = rb_entry(parent, struct vmap_area, rb_node);
50008 - if (va->va_start < tmp->va_end)
50009 + varea = rb_entry(parent, struct vmap_area, rb_node);
50010 + if (va->va_start < varea->va_end)
50011 p = &(*p)->rb_left;
50012 - else if (va->va_end > tmp->va_start)
50013 + else if (va->va_end > varea->va_start)
50014 p = &(*p)->rb_right;
50017 @@ -1164,6 +1198,16 @@ static struct vm_struct *__get_vm_area_n
50018 struct vm_struct *area;
50020 BUG_ON(in_interrupt());
50022 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50023 + if (flags & VM_KERNEXEC) {
50024 + if (start != VMALLOC_START || end != VMALLOC_END)
50026 + start = (unsigned long)&MODULES_EXEC_VADDR;
50027 + end = (unsigned long)&MODULES_EXEC_END;
50031 if (flags & VM_IOREMAP) {
50032 int bit = fls(size);
50034 @@ -1389,6 +1433,11 @@ void *vmap(struct page **pages, unsigned
50035 if (count > totalram_pages)
50038 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50039 + if (!(pgprot_val(prot) & _PAGE_NX))
50040 + flags |= VM_KERNEXEC;
50043 area = get_vm_area_caller((count << PAGE_SHIFT), flags,
50044 __builtin_return_address(0));
50046 @@ -1499,6 +1548,13 @@ static void *__vmalloc_node(unsigned lon
50047 if (!size || (size >> PAGE_SHIFT) > totalram_pages)
50050 +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50051 + if (!(pgprot_val(prot) & _PAGE_NX))
50052 + area = __get_vm_area_node(size, align, VM_ALLOC | VM_KERNEXEC, VMALLOC_START, VMALLOC_END,
50053 + node, gfp_mask, caller);
50057 area = __get_vm_area_node(size, align, VM_ALLOC, VMALLOC_START,
50058 VMALLOC_END, node, gfp_mask, caller);
50060 @@ -1517,6 +1573,7 @@ static void *__vmalloc_node(unsigned lon
50065 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
50067 return __vmalloc_node(size, 1, gfp_mask, prot, -1,
50068 @@ -1533,6 +1590,7 @@ EXPORT_SYMBOL(__vmalloc);
50069 * For tight control over page level allocator and protection flags
50070 * use __vmalloc() instead.
50073 void *vmalloc(unsigned long size)
50075 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
50076 @@ -1547,6 +1605,7 @@ EXPORT_SYMBOL(vmalloc);
50077 * The resulting memory area is zeroed so it can be mapped to userspace
50078 * without leaking data.
50080 +#undef vmalloc_user
50081 void *vmalloc_user(unsigned long size)
50083 struct vm_struct *area;
50084 @@ -1574,6 +1633,7 @@ EXPORT_SYMBOL(vmalloc_user);
50085 * For tight control over page level allocator and protection flags
50086 * use __vmalloc() instead.
50088 +#undef vmalloc_node
50089 void *vmalloc_node(unsigned long size, int node)
50091 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
50092 @@ -1596,10 +1656,10 @@ EXPORT_SYMBOL(vmalloc_node);
50093 * For tight control over page level allocator and protection flags
50094 * use __vmalloc() instead.
50097 +#undef vmalloc_exec
50098 void *vmalloc_exec(unsigned long size)
50100 - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
50101 + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
50102 -1, __builtin_return_address(0));
50105 @@ -1618,6 +1678,7 @@ void *vmalloc_exec(unsigned long size)
50106 * Allocate enough 32bit PA addressable pages to cover @size from the
50107 * page level allocator and map them into contiguous kernel virtual space.
50110 void *vmalloc_32(unsigned long size)
50112 return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
50113 @@ -1632,6 +1693,7 @@ EXPORT_SYMBOL(vmalloc_32);
50114 * The resulting memory area is 32bit addressable and zeroed so it can be
50115 * mapped to userspace without leaking data.
50117 +#undef vmalloc_32_user
50118 void *vmalloc_32_user(unsigned long size)
50120 struct vm_struct *area;
50121 diff -urNp linux-2.6.32.1/net/atm/atm_misc.c linux-2.6.32.1/net/atm/atm_misc.c
50122 --- linux-2.6.32.1/net/atm/atm_misc.c 2009-12-02 22:51:21.000000000 -0500
50123 +++ linux-2.6.32.1/net/atm/atm_misc.c 2009-12-14 18:33:59.758761810 -0500
50124 @@ -19,7 +19,7 @@ int atm_charge(struct atm_vcc *vcc,int t
50125 if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf)
50127 atm_return(vcc,truesize);
50128 - atomic_inc(&vcc->stats->rx_drop);
50129 + atomic_inc_unchecked(&vcc->stats->rx_drop);
50133 @@ -41,7 +41,7 @@ struct sk_buff *atm_alloc_charge(struct
50136 atm_return(vcc,guess);
50137 - atomic_inc(&vcc->stats->rx_drop);
50138 + atomic_inc_unchecked(&vcc->stats->rx_drop);
50142 @@ -88,7 +88,7 @@ int atm_pcr_goal(const struct atm_trafpr
50144 void sonet_copy_stats(struct k_sonet_stats *from,struct sonet_stats *to)
50146 -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
50147 +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
50149 #undef __HANDLE_ITEM
50151 @@ -96,7 +96,7 @@ void sonet_copy_stats(struct k_sonet_sta
50153 void sonet_subtract_stats(struct k_sonet_stats *from,struct sonet_stats *to)
50155 -#define __HANDLE_ITEM(i) atomic_sub(to->i,&from->i)
50156 +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i)
50158 #undef __HANDLE_ITEM
50160 diff -urNp linux-2.6.32.1/net/atm/proc.c linux-2.6.32.1/net/atm/proc.c
50161 --- linux-2.6.32.1/net/atm/proc.c 2009-12-02 22:51:21.000000000 -0500
50162 +++ linux-2.6.32.1/net/atm/proc.c 2009-12-14 18:33:59.758761810 -0500
50163 @@ -43,9 +43,9 @@ static void add_stats(struct seq_file *s
50164 const struct k_atm_aal_stats *stats)
50166 seq_printf(seq, "%s ( %d %d %d %d %d )", aal,
50167 - atomic_read(&stats->tx),atomic_read(&stats->tx_err),
50168 - atomic_read(&stats->rx),atomic_read(&stats->rx_err),
50169 - atomic_read(&stats->rx_drop));
50170 + atomic_read_unchecked(&stats->tx),atomic_read_unchecked(&stats->tx_err),
50171 + atomic_read_unchecked(&stats->rx),atomic_read_unchecked(&stats->rx_err),
50172 + atomic_read_unchecked(&stats->rx_drop));
50175 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
50176 diff -urNp linux-2.6.32.1/net/atm/resources.c linux-2.6.32.1/net/atm/resources.c
50177 --- linux-2.6.32.1/net/atm/resources.c 2009-12-02 22:51:21.000000000 -0500
50178 +++ linux-2.6.32.1/net/atm/resources.c 2009-12-14 18:33:59.760020359 -0500
50179 @@ -161,7 +161,7 @@ void atm_dev_deregister(struct atm_dev *
50180 static void copy_aal_stats(struct k_atm_aal_stats *from,
50181 struct atm_aal_stats *to)
50183 -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
50184 +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
50186 #undef __HANDLE_ITEM
50188 @@ -170,7 +170,7 @@ static void copy_aal_stats(struct k_atm_
50189 static void subtract_aal_stats(struct k_atm_aal_stats *from,
50190 struct atm_aal_stats *to)
50192 -#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
50193 +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i)
50195 #undef __HANDLE_ITEM
50197 diff -urNp linux-2.6.32.1/net/bridge/br_private.h linux-2.6.32.1/net/bridge/br_private.h
50198 --- linux-2.6.32.1/net/bridge/br_private.h 2009-12-02 22:51:21.000000000 -0500
50199 +++ linux-2.6.32.1/net/bridge/br_private.h 2009-12-14 18:33:59.760020359 -0500
50200 @@ -254,7 +254,7 @@ extern void br_ifinfo_notify(int event,
50202 #ifdef CONFIG_SYSFS
50203 /* br_sysfs_if.c */
50204 -extern struct sysfs_ops brport_sysfs_ops;
50205 +extern const struct sysfs_ops brport_sysfs_ops;
50206 extern int br_sysfs_addif(struct net_bridge_port *p);
50208 /* br_sysfs_br.c */
50209 diff -urNp linux-2.6.32.1/net/bridge/br_stp_if.c linux-2.6.32.1/net/bridge/br_stp_if.c
50210 --- linux-2.6.32.1/net/bridge/br_stp_if.c 2009-12-02 22:51:21.000000000 -0500
50211 +++ linux-2.6.32.1/net/bridge/br_stp_if.c 2009-12-14 18:33:59.760020359 -0500
50212 @@ -146,7 +146,7 @@ static void br_stp_stop(struct net_bridg
50213 char *envp[] = { NULL };
50215 if (br->stp_enabled == BR_USER_STP) {
50216 - r = call_usermodehelper(BR_STP_PROG, argv, envp, 1);
50217 + r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
50218 printk(KERN_INFO "%s: userspace STP stopped, return code %d\n",
50221 diff -urNp linux-2.6.32.1/net/bridge/br_sysfs_if.c linux-2.6.32.1/net/bridge/br_sysfs_if.c
50222 --- linux-2.6.32.1/net/bridge/br_sysfs_if.c 2009-12-02 22:51:21.000000000 -0500
50223 +++ linux-2.6.32.1/net/bridge/br_sysfs_if.c 2009-12-14 18:33:59.760020359 -0500
50224 @@ -220,7 +220,7 @@ static ssize_t brport_store(struct kobje
50228 -struct sysfs_ops brport_sysfs_ops = {
50229 +const struct sysfs_ops brport_sysfs_ops = {
50230 .show = brport_show,
50231 .store = brport_store,
50233 diff -urNp linux-2.6.32.1/net/core/flow.c linux-2.6.32.1/net/core/flow.c
50234 --- linux-2.6.32.1/net/core/flow.c 2009-12-02 22:51:21.000000000 -0500
50235 +++ linux-2.6.32.1/net/core/flow.c 2009-12-14 18:33:59.761153862 -0500
50236 @@ -39,7 +39,7 @@ atomic_t flow_cache_genid = ATOMIC_INIT(
50238 static u32 flow_hash_shift;
50239 #define flow_hash_size (1 << flow_hash_shift)
50240 -static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
50241 +static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables);
50243 #define flow_table(cpu) (per_cpu(flow_tables, cpu))
50245 @@ -52,7 +52,7 @@ struct flow_percpu_info {
50249 -static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
50250 +static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info);
50252 #define flow_hash_rnd_recalc(cpu) \
50253 (per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
50254 @@ -69,7 +69,7 @@ struct flow_flush_info {
50256 struct completion completion;
50258 -static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
50259 +static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets);
50261 #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
50263 diff -urNp linux-2.6.32.1/net/dccp/ccids/ccid3.c linux-2.6.32.1/net/dccp/ccids/ccid3.c
50264 --- linux-2.6.32.1/net/dccp/ccids/ccid3.c 2009-12-02 22:51:21.000000000 -0500
50265 +++ linux-2.6.32.1/net/dccp/ccids/ccid3.c 2009-12-14 18:33:59.786042312 -0500
50267 static int ccid3_debug;
50268 #define ccid3_pr_debug(format, a...) DCCP_PR_DEBUG(ccid3_debug, format, ##a)
50270 -#define ccid3_pr_debug(format, a...)
50271 +#define ccid3_pr_debug(format, a...) do {} while (0)
50275 diff -urNp linux-2.6.32.1/net/dccp/dccp.h linux-2.6.32.1/net/dccp/dccp.h
50276 --- linux-2.6.32.1/net/dccp/dccp.h 2009-12-02 22:51:21.000000000 -0500
50277 +++ linux-2.6.32.1/net/dccp/dccp.h 2009-12-14 18:33:59.792017972 -0500
50278 @@ -44,9 +44,9 @@ extern int dccp_debug;
50279 #define dccp_pr_debug_cat(format, a...) DCCP_PRINTK(dccp_debug, format, ##a)
50280 #define dccp_debug(fmt, a...) dccp_pr_debug_cat(KERN_DEBUG fmt, ##a)
50282 -#define dccp_pr_debug(format, a...)
50283 -#define dccp_pr_debug_cat(format, a...)
50284 -#define dccp_debug(format, a...)
50285 +#define dccp_pr_debug(format, a...) do {} while (0)
50286 +#define dccp_pr_debug_cat(format, a...) do {} while (0)
50287 +#define dccp_debug(format, a...) do {} while (0)
50290 extern struct inet_hashinfo dccp_hashinfo;
50291 diff -urNp linux-2.6.32.1/net/ipv4/inet_hashtables.c linux-2.6.32.1/net/ipv4/inet_hashtables.c
50292 --- linux-2.6.32.1/net/ipv4/inet_hashtables.c 2009-12-02 22:51:21.000000000 -0500
50293 +++ linux-2.6.32.1/net/ipv4/inet_hashtables.c 2009-12-14 18:33:59.792017972 -0500
50294 @@ -18,12 +18,15 @@
50295 #include <linux/sched.h>
50296 #include <linux/slab.h>
50297 #include <linux/wait.h>
50298 +#include <linux/security.h>
50300 #include <net/inet_connection_sock.h>
50301 #include <net/inet_hashtables.h>
50302 #include <net/route.h>
50303 #include <net/ip.h>
50305 +extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
50308 * Allocate and initialize a new local port bind bucket.
50309 * The bindhash mutex for snum's hash chain must be held here.
50310 @@ -490,6 +493,8 @@ ok:
50312 spin_unlock(&head->lock);
50314 + gr_update_task_in_ip_table(current, inet_sk(sk));
50317 inet_twsk_deschedule(tw, death_row);
50319 diff -urNp linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c
50320 --- linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c 2009-12-02 22:51:21.000000000 -0500
50321 +++ linux-2.6.32.1/net/ipv4/netfilter/nf_nat_snmp_basic.c 2009-12-14 18:33:59.792928382 -0500
50322 @@ -397,7 +397,7 @@ static unsigned char asn1_octets_decode(
50326 - *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
50327 + *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
50328 if (*octets == NULL) {
50329 if (net_ratelimit())
50330 printk("OOM in bsalg (%d)\n", __LINE__);
50331 diff -urNp linux-2.6.32.1/net/ipv4/tcp_ipv4.c linux-2.6.32.1/net/ipv4/tcp_ipv4.c
50332 --- linux-2.6.32.1/net/ipv4/tcp_ipv4.c 2009-12-02 22:51:21.000000000 -0500
50333 +++ linux-2.6.32.1/net/ipv4/tcp_ipv4.c 2009-12-14 18:33:59.808022502 -0500
50334 @@ -1542,6 +1542,9 @@ int tcp_v4_do_rcv(struct sock *sk, struc
50338 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50339 + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
50341 tcp_v4_send_reset(rsk, skb);
50344 @@ -1650,6 +1653,9 @@ no_tcp_socket:
50346 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
50348 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50349 + if (skb->dev->flags & IFF_LOOPBACK)
50351 tcp_v4_send_reset(NULL, skb);
50354 diff -urNp linux-2.6.32.1/net/ipv4/tcp_minisocks.c linux-2.6.32.1/net/ipv4/tcp_minisocks.c
50355 --- linux-2.6.32.1/net/ipv4/tcp_minisocks.c 2009-12-02 22:51:21.000000000 -0500
50356 +++ linux-2.6.32.1/net/ipv4/tcp_minisocks.c 2009-12-14 18:33:59.809026856 -0500
50357 @@ -672,8 +672,11 @@ listen_overflow:
50360 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
50362 +#ifndef CONFIG_GRKERNSEC_BLACKHOLE
50363 if (!(flg & TCP_FLAG_RST))
50364 req->rsk_ops->send_reset(sk, skb);
50367 inet_csk_reqsk_queue_drop(sk, req, prev);
50369 diff -urNp linux-2.6.32.1/net/ipv4/udp.c linux-2.6.32.1/net/ipv4/udp.c
50370 --- linux-2.6.32.1/net/ipv4/udp.c 2009-12-02 22:51:21.000000000 -0500
50371 +++ linux-2.6.32.1/net/ipv4/udp.c 2009-12-14 18:33:59.809736357 -0500
50373 #include <linux/types.h>
50374 #include <linux/fcntl.h>
50375 #include <linux/module.h>
50376 +#include <linux/security.h>
50377 #include <linux/socket.h>
50378 #include <linux/sockios.h>
50379 #include <linux/igmp.h>
50380 @@ -371,6 +372,9 @@ found:
50384 +extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
50385 +extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
50388 * This routine is called by the ICMP module when it gets some
50389 * sort of error condition. If err < 0 then the socket should
50390 @@ -639,9 +643,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
50391 dport = usin->sin_port;
50395 + err = gr_search_udp_sendmsg(sk, usin);
50399 if (sk->sk_state != TCP_ESTABLISHED)
50400 return -EDESTADDRREQ;
50402 + err = gr_search_udp_sendmsg(sk, NULL);
50406 daddr = inet->daddr;
50407 dport = inet->dport;
50408 /* Open fast path for connected socket.
50409 @@ -945,6 +958,10 @@ try_again:
50413 + err = gr_search_udp_recvmsg(sk, skb);
50417 ulen = skb->len - sizeof(struct udphdr);
50420 @@ -1335,6 +1352,9 @@ int __udp4_lib_rcv(struct sk_buff *skb,
50423 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
50424 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50425 + if (skb->dev->flags & IFF_LOOPBACK)
50427 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
50430 diff -urNp linux-2.6.32.1/net/ipv6/exthdrs.c linux-2.6.32.1/net/ipv6/exthdrs.c
50431 --- linux-2.6.32.1/net/ipv6/exthdrs.c 2009-12-02 22:51:21.000000000 -0500
50432 +++ linux-2.6.32.1/net/ipv6/exthdrs.c 2009-12-14 18:33:59.809736357 -0500
50433 @@ -630,7 +630,7 @@ static struct tlvtype_proc tlvprochopopt
50434 .type = IPV6_TLV_JUMBO,
50435 .func = ipv6_hop_jumbo,
50441 int ipv6_parse_hopopts(struct sk_buff *skb)
50442 diff -urNp linux-2.6.32.1/net/ipv6/raw.c linux-2.6.32.1/net/ipv6/raw.c
50443 --- linux-2.6.32.1/net/ipv6/raw.c 2009-12-02 22:51:21.000000000 -0500
50444 +++ linux-2.6.32.1/net/ipv6/raw.c 2009-12-14 18:33:59.810773987 -0500
50445 @@ -600,7 +600,7 @@ out:
50449 -static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
50450 +static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length,
50451 struct flowi *fl, struct rt6_info *rt,
50452 unsigned int flags)
50454 diff -urNp linux-2.6.32.1/net/ipv6/tcp_ipv6.c linux-2.6.32.1/net/ipv6/tcp_ipv6.c
50455 --- linux-2.6.32.1/net/ipv6/tcp_ipv6.c 2009-12-02 22:51:21.000000000 -0500
50456 +++ linux-2.6.32.1/net/ipv6/tcp_ipv6.c 2009-12-14 18:33:59.811741482 -0500
50457 @@ -1578,6 +1578,9 @@ static int tcp_v6_do_rcv(struct sock *sk
50461 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50462 + if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
50464 tcp_v6_send_reset(sk, skb);
50467 @@ -1700,6 +1703,9 @@ no_tcp_socket:
50469 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
50471 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50472 + if (skb->dev->flags & IFF_LOOPBACK)
50474 tcp_v6_send_reset(NULL, skb);
50477 diff -urNp linux-2.6.32.1/net/ipv6/udp.c linux-2.6.32.1/net/ipv6/udp.c
50478 --- linux-2.6.32.1/net/ipv6/udp.c 2009-12-02 22:51:21.000000000 -0500
50479 +++ linux-2.6.32.1/net/ipv6/udp.c 2009-12-14 18:33:59.825023725 -0500
50480 @@ -587,6 +587,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
50481 UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
50482 proto == IPPROTO_UDPLITE);
50484 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
50485 + if (skb->dev->flags & IFF_LOOPBACK)
50487 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
50490 diff -urNp linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c
50491 --- linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c 2009-12-02 22:51:21.000000000 -0500
50492 +++ linux-2.6.32.1/net/irda/ircomm/ircomm_tty.c 2009-12-14 18:33:59.825023725 -0500
50493 @@ -280,16 +280,16 @@ static int ircomm_tty_block_til_ready(st
50494 add_wait_queue(&self->open_wait, &wait);
50496 IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
50497 - __FILE__,__LINE__, tty->driver->name, self->open_count );
50498 + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
50500 /* As far as I can see, we protect open_count - Jean II */
50501 spin_lock_irqsave(&self->spinlock, flags);
50502 if (!tty_hung_up_p(filp)) {
50504 - self->open_count--;
50505 + atomic_dec(&self->open_count);
50507 spin_unlock_irqrestore(&self->spinlock, flags);
50508 - self->blocked_open++;
50509 + atomic_inc(&self->blocked_open);
50512 if (tty->termios->c_cflag & CBAUD) {
50513 @@ -329,7 +329,7 @@ static int ircomm_tty_block_til_ready(st
50516 IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
50517 - __FILE__,__LINE__, tty->driver->name, self->open_count );
50518 + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
50522 @@ -340,13 +340,13 @@ static int ircomm_tty_block_til_ready(st
50524 /* ++ is not atomic, so this should be protected - Jean II */
50525 spin_lock_irqsave(&self->spinlock, flags);
50526 - self->open_count++;
50527 + atomic_inc(&self->open_count);
50528 spin_unlock_irqrestore(&self->spinlock, flags);
50530 - self->blocked_open--;
50531 + atomic_dec(&self->blocked_open);
50533 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
50534 - __FILE__,__LINE__, tty->driver->name, self->open_count);
50535 + __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count));
50538 self->flags |= ASYNC_NORMAL_ACTIVE;
50539 @@ -415,14 +415,14 @@ static int ircomm_tty_open(struct tty_st
50541 /* ++ is not atomic, so this should be protected - Jean II */
50542 spin_lock_irqsave(&self->spinlock, flags);
50543 - self->open_count++;
50544 + atomic_inc(&self->open_count);
50546 tty->driver_data = self;
50548 spin_unlock_irqrestore(&self->spinlock, flags);
50550 IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name,
50551 - self->line, self->open_count);
50552 + self->line, atomic_read(&self->open_count));
50554 /* Not really used by us, but lets do it anyway */
50555 self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
50556 @@ -511,7 +511,7 @@ static void ircomm_tty_close(struct tty_
50560 - if ((tty->count == 1) && (self->open_count != 1)) {
50561 + if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) {
50563 * Uh, oh. tty->count is 1, which means that the tty
50564 * structure will be freed. state->count should always
50565 @@ -521,16 +521,16 @@ static void ircomm_tty_close(struct tty_
50567 IRDA_DEBUG(0, "%s(), bad serial port count; "
50568 "tty->count is 1, state->count is %d\n", __func__ ,
50569 - self->open_count);
50570 - self->open_count = 1;
50571 + atomic_read(&self->open_count));
50572 + atomic_set(&self->open_count, 1);
50575 - if (--self->open_count < 0) {
50576 + if (atomic_dec_return(&self->open_count) < 0) {
50577 IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n",
50578 - __func__, self->line, self->open_count);
50579 - self->open_count = 0;
50580 + __func__, self->line, atomic_read(&self->open_count));
50581 + atomic_set(&self->open_count, 0);
50583 - if (self->open_count) {
50584 + if (atomic_read(&self->open_count)) {
50585 spin_unlock_irqrestore(&self->spinlock, flags);
50587 IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ );
50588 @@ -562,7 +562,7 @@ static void ircomm_tty_close(struct tty_
50592 - if (self->blocked_open) {
50593 + if (atomic_read(&self->blocked_open)) {
50594 if (self->close_delay)
50595 schedule_timeout_interruptible(self->close_delay);
50596 wake_up_interruptible(&self->open_wait);
50597 @@ -1017,7 +1017,7 @@ static void ircomm_tty_hangup(struct tty
50598 spin_lock_irqsave(&self->spinlock, flags);
50599 self->flags &= ~ASYNC_NORMAL_ACTIVE;
50601 - self->open_count = 0;
50602 + atomic_set(&self->open_count, 0);
50603 spin_unlock_irqrestore(&self->spinlock, flags);
50605 wake_up_interruptible(&self->open_wait);
50606 @@ -1369,7 +1369,7 @@ static void ircomm_tty_line_info(struct
50609 seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
50610 - seq_printf(m, "Open count: %d\n", self->open_count);
50611 + seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count));
50612 seq_printf(m, "Max data size: %d\n", self->max_data_size);
50613 seq_printf(m, "Max header size: %d\n", self->max_header_size);
50615 diff -urNp linux-2.6.32.1/net/mac80211/ieee80211_i.h linux-2.6.32.1/net/mac80211/ieee80211_i.h
50616 --- linux-2.6.32.1/net/mac80211/ieee80211_i.h 2009-12-02 22:51:21.000000000 -0500
50617 +++ linux-2.6.32.1/net/mac80211/ieee80211_i.h 2009-12-14 18:33:59.826034535 -0500
50618 @@ -634,7 +634,7 @@ struct ieee80211_local {
50619 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
50620 spinlock_t queue_stop_reason_lock;
50623 + atomic_t open_count;
50624 int monitors, cooked_mntrs;
50625 /* number of interfaces with corresponding FIF_ flags */
50626 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll;
50627 diff -urNp linux-2.6.32.1/net/mac80211/iface.c linux-2.6.32.1/net/mac80211/iface.c
50628 --- linux-2.6.32.1/net/mac80211/iface.c 2009-12-02 22:51:21.000000000 -0500
50629 +++ linux-2.6.32.1/net/mac80211/iface.c 2009-12-14 18:33:59.826034535 -0500
50630 @@ -164,7 +164,7 @@ static int ieee80211_open(struct net_dev
50634 - if (local->open_count == 0) {
50635 + if (atomic_read(&local->open_count) == 0) {
50636 res = drv_start(local);
50639 @@ -194,7 +194,7 @@ static int ieee80211_open(struct net_dev
50640 * Validate the MAC address for this device.
50642 if (!is_valid_ether_addr(dev->dev_addr)) {
50643 - if (!local->open_count)
50644 + if (!atomic_read(&local->open_count))
50646 return -EADDRNOTAVAIL;
50648 @@ -290,7 +290,7 @@ static int ieee80211_open(struct net_dev
50650 hw_reconf_flags |= __ieee80211_recalc_idle(local);
50652 - local->open_count++;
50653 + atomic_inc(&local->open_count);
50654 if (hw_reconf_flags) {
50655 ieee80211_hw_config(local, hw_reconf_flags);
50657 @@ -318,7 +318,7 @@ static int ieee80211_open(struct net_dev
50659 drv_remove_interface(local, &conf);
50661 - if (!local->open_count)
50662 + if (!atomic_read(&local->open_count))
50666 @@ -418,7 +418,7 @@ static int ieee80211_stop(struct net_dev
50667 WARN_ON(!list_empty(&sdata->u.ap.vlans));
50670 - local->open_count--;
50671 + atomic_dec(&local->open_count);
50673 switch (sdata->vif.type) {
50674 case NL80211_IFTYPE_AP_VLAN:
50675 @@ -524,7 +524,7 @@ static int ieee80211_stop(struct net_dev
50677 ieee80211_recalc_ps(local, -1);
50679 - if (local->open_count == 0) {
50680 + if (atomic_read(&local->open_count) == 0) {
50681 ieee80211_clear_tx_pending(local);
50682 ieee80211_stop_device(local);
50684 diff -urNp linux-2.6.32.1/net/mac80211/main.c linux-2.6.32.1/net/mac80211/main.c
50685 --- linux-2.6.32.1/net/mac80211/main.c 2009-12-02 22:51:21.000000000 -0500
50686 +++ linux-2.6.32.1/net/mac80211/main.c 2009-12-14 18:33:59.826034535 -0500
50687 @@ -145,7 +145,7 @@ int ieee80211_hw_config(struct ieee80211
50688 local->hw.conf.power_level = power;
50691 - if (changed && local->open_count) {
50692 + if (changed && atomic_read(&local->open_count)) {
50693 ret = drv_config(local, changed);
50696 diff -urNp linux-2.6.32.1/net/mac80211/pm.c linux-2.6.32.1/net/mac80211/pm.c
50697 --- linux-2.6.32.1/net/mac80211/pm.c 2009-12-02 22:51:21.000000000 -0500
50698 +++ linux-2.6.32.1/net/mac80211/pm.c 2009-12-14 18:33:59.826034535 -0500
50699 @@ -107,7 +107,7 @@ int __ieee80211_suspend(struct ieee80211
50702 /* stop hardware - this must stop RX */
50703 - if (local->open_count)
50704 + if (atomic_read(&local->open_count))
50705 ieee80211_stop_device(local);
50707 local->suspended = true;
50708 diff -urNp linux-2.6.32.1/net/mac80211/rate.c linux-2.6.32.1/net/mac80211/rate.c
50709 --- linux-2.6.32.1/net/mac80211/rate.c 2009-12-02 22:51:21.000000000 -0500
50710 +++ linux-2.6.32.1/net/mac80211/rate.c 2009-12-14 18:33:59.827036180 -0500
50711 @@ -287,7 +287,7 @@ int ieee80211_init_rate_ctrl_alg(struct
50712 struct rate_control_ref *ref, *old;
50715 - if (local->open_count)
50716 + if (atomic_read(&local->open_count))
50719 ref = rate_control_alloc(name, local);
50720 diff -urNp linux-2.6.32.1/net/mac80211/util.c linux-2.6.32.1/net/mac80211/util.c
50721 --- linux-2.6.32.1/net/mac80211/util.c 2009-12-02 22:51:21.000000000 -0500
50722 +++ linux-2.6.32.1/net/mac80211/util.c 2009-12-14 18:33:59.827036180 -0500
50723 @@ -1030,7 +1030,7 @@ int ieee80211_reconfig(struct ieee80211_
50724 local->resuming = true;
50726 /* restart hardware */
50727 - if (local->open_count) {
50728 + if (atomic_read(&local->open_count)) {
50729 res = drv_start(local);
50731 ieee80211_led_radio(local, true);
50732 diff -urNp linux-2.6.32.1/net/sctp/socket.c linux-2.6.32.1/net/sctp/socket.c
50733 --- linux-2.6.32.1/net/sctp/socket.c 2009-12-02 22:51:21.000000000 -0500
50734 +++ linux-2.6.32.1/net/sctp/socket.c 2009-12-14 18:33:59.843026638 -0500
50735 @@ -1482,7 +1482,7 @@ SCTP_STATIC int sctp_sendmsg(struct kioc
50736 struct sctp_sndrcvinfo *sinfo;
50737 struct sctp_initmsg *sinit;
50738 sctp_assoc_t associd = 0;
50739 - sctp_cmsgs_t cmsgs = { NULL };
50740 + sctp_cmsgs_t cmsgs = { NULL, NULL };
50742 sctp_scope_t scope;
50744 @@ -5802,7 +5802,6 @@ pp_found:
50746 int reuse = sk->sk_reuse;
50748 - struct hlist_node *node;
50750 SCTP_DEBUG_PRINTK("sctp_get_port() found a possible match\n");
50751 if (pp->fastreuse && sk->sk_reuse &&
50752 diff -urNp linux-2.6.32.1/net/socket.c linux-2.6.32.1/net/socket.c
50753 --- linux-2.6.32.1/net/socket.c 2009-12-02 22:51:21.000000000 -0500
50754 +++ linux-2.6.32.1/net/socket.c 2009-12-14 18:33:59.862720742 -0500
50756 #include <linux/wireless.h>
50757 #include <linux/nsproxy.h>
50758 #include <linux/magic.h>
50759 +#include <linux/in.h>
50761 #include <asm/uaccess.h>
50762 #include <asm/unistd.h>
50764 #include <net/sock.h>
50765 #include <linux/netfilter.h>
50767 +extern void gr_attach_curr_ip(const struct sock *sk);
50768 +extern int gr_handle_sock_all(const int family, const int type,
50769 + const int protocol);
50770 +extern int gr_handle_sock_server(const struct sockaddr *sck);
50771 +extern int gr_handle_sock_server_other(const struct socket *sck);
50772 +extern int gr_handle_sock_client(const struct sockaddr *sck);
50773 +extern int gr_search_connect(struct socket * sock,
50774 + struct sockaddr_in * addr);
50775 +extern int gr_search_bind(struct socket * sock,
50776 + struct sockaddr_in * addr);
50777 +extern int gr_search_listen(struct socket * sock);
50778 +extern int gr_search_accept(struct socket * sock);
50779 +extern int gr_search_socket(const int domain, const int type,
50780 + const int protocol);
50782 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
50783 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
50784 unsigned long nr_segs, loff_t pos);
50785 @@ -298,7 +314,7 @@ static int sockfs_get_sb(struct file_sys
50789 -static struct vfsmount *sock_mnt __read_mostly;
50790 +struct vfsmount *sock_mnt __read_mostly;
50792 static struct file_system_type sock_fs_type = {
50794 @@ -1283,6 +1299,16 @@ SYSCALL_DEFINE3(socket, int, family, int
50795 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
50796 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
50798 + if(!gr_search_socket(family, type, protocol)) {
50799 + retval = -EACCES;
50803 + if (gr_handle_sock_all(family, type, protocol)) {
50804 + retval = -EACCES;
50808 retval = sock_create(family, type, protocol, &sock);
50811 @@ -1415,6 +1441,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
50813 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
50815 + if (gr_handle_sock_server((struct sockaddr *)&address)) {
50819 + err = gr_search_bind(sock, (struct sockaddr_in *)&address);
50823 err = security_socket_bind(sock,
50824 (struct sockaddr *)&address,
50826 @@ -1423,6 +1457,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
50827 (struct sockaddr *)
50828 &address, addrlen);
50831 fput_light(sock->file, fput_needed);
50834 @@ -1446,10 +1481,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
50835 if ((unsigned)backlog > somaxconn)
50836 backlog = somaxconn;
50838 + if (gr_handle_sock_server_other(sock)) {
50843 + err = gr_search_listen(sock);
50847 err = security_socket_listen(sock, backlog);
50849 err = sock->ops->listen(sock, backlog);
50852 fput_light(sock->file, fput_needed);
50855 @@ -1492,6 +1537,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
50856 newsock->type = sock->type;
50857 newsock->ops = sock->ops;
50859 + if (gr_handle_sock_server_other(sock)) {
50861 + sock_release(newsock);
50865 + err = gr_search_accept(sock);
50867 + sock_release(newsock);
50872 * We don't need try_module_get here, as the listening socket (sock)
50873 * has the protocol module (sock->ops->owner) held.
50874 @@ -1534,6 +1591,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
50875 fd_install(newfd, newfile);
50878 + gr_attach_curr_ip(newsock->sk);
50881 fput_light(sock->file, fput_needed);
50883 @@ -1571,6 +1630,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct
50886 struct socket *sock;
50887 + struct sockaddr *sck;
50888 struct sockaddr_storage address;
50889 int err, fput_needed;
50891 @@ -1581,6 +1641,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct
50895 + sck = (struct sockaddr *)&address;
50897 + if (gr_handle_sock_client(sck)) {
50902 + err = gr_search_connect(sock, (struct sockaddr_in *)sck);
50907 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
50909 diff -urNp linux-2.6.32.1/net/unix/af_unix.c linux-2.6.32.1/net/unix/af_unix.c
50910 --- linux-2.6.32.1/net/unix/af_unix.c 2009-12-02 22:51:21.000000000 -0500
50911 +++ linux-2.6.32.1/net/unix/af_unix.c 2009-12-14 18:33:59.863907744 -0500
50912 @@ -734,6 +734,12 @@ static struct sock *unix_find_other(stru
50913 err = -ECONNREFUSED;
50914 if (!S_ISSOCK(inode->i_mode))
50917 + if (!gr_acl_handle_unix(path.dentry, path.mnt)) {
50922 u = unix_find_socket_byinode(net, inode);
50925 @@ -754,6 +760,13 @@ static struct sock *unix_find_other(stru
50927 struct dentry *dentry;
50928 dentry = unix_sk(u)->dentry;
50930 + if (!gr_handle_chroot_unix(u->sk_peercred.pid)) {
50937 touch_atime(unix_sk(u)->mnt, dentry);
50939 @@ -839,11 +852,18 @@ static int unix_bind(struct socket *sock
50940 err = security_path_mknod(&nd.path, dentry, mode, 0);
50942 goto out_mknod_drop_write;
50943 + if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
50945 + goto out_mknod_drop_write;
50947 err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
50948 out_mknod_drop_write:
50949 mnt_drop_write(nd.path.mnt);
50951 goto out_mknod_dput;
50953 + gr_handle_create(dentry, nd.path.mnt);
50955 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
50956 dput(nd.path.dentry);
50957 nd.path.dentry = dentry;
50958 @@ -861,6 +881,10 @@ out_mknod_drop_write:
50962 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
50963 + sk->sk_peercred.pid = current->pid;
50966 list = &unix_socket_table[addr->hash];
50968 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
50969 diff -urNp linux-2.6.32.1/samples/kobject/kset-example.c linux-2.6.32.1/samples/kobject/kset-example.c
50970 --- linux-2.6.32.1/samples/kobject/kset-example.c 2009-12-02 22:51:21.000000000 -0500
50971 +++ linux-2.6.32.1/samples/kobject/kset-example.c 2009-12-14 18:33:59.878798344 -0500
50972 @@ -87,7 +87,7 @@ static ssize_t foo_attr_store(struct kob
50975 /* Our custom sysfs_ops that we will associate with our ktype later on */
50976 -static struct sysfs_ops foo_sysfs_ops = {
50977 +static const struct sysfs_ops foo_sysfs_ops = {
50978 .show = foo_attr_show,
50979 .store = foo_attr_store,
50981 diff -urNp linux-2.6.32.1/scripts/basic/fixdep.c linux-2.6.32.1/scripts/basic/fixdep.c
50982 --- linux-2.6.32.1/scripts/basic/fixdep.c 2009-12-02 22:51:21.000000000 -0500
50983 +++ linux-2.6.32.1/scripts/basic/fixdep.c 2009-12-14 18:33:59.896971606 -0500
50984 @@ -222,9 +222,9 @@ static void use_config(char *m, int slen
50986 static void parse_config_file(char *map, size_t len)
50988 - int *end = (int *) (map + len);
50989 + unsigned int *end = (unsigned int *) (map + len);
50990 /* start at +1, so that p can never be < map */
50991 - int *m = (int *) map + 1;
50992 + unsigned int *m = (unsigned int *) map + 1;
50995 for (; m < end; m++) {
50996 @@ -371,7 +371,7 @@ static void print_deps(void)
50997 static void traps(void)
50999 static char test[] __attribute__((aligned(sizeof(int)))) = "CONF";
51000 - int *p = (int *)test;
51001 + unsigned int *p = (unsigned int *)test;
51003 if (*p != INT_CONF) {
51004 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
51005 diff -urNp linux-2.6.32.1/scripts/kallsyms.c linux-2.6.32.1/scripts/kallsyms.c
51006 --- linux-2.6.32.1/scripts/kallsyms.c 2009-12-02 22:51:21.000000000 -0500
51007 +++ linux-2.6.32.1/scripts/kallsyms.c 2009-12-14 18:33:59.897716621 -0500
51008 @@ -43,10 +43,10 @@ struct text_range {
51010 static unsigned long long _text;
51011 static struct text_range text_ranges[] = {
51012 - { "_stext", "_etext" },
51013 - { "_sinittext", "_einittext" },
51014 - { "_stext_l1", "_etext_l1" }, /* Blackfin on-chip L1 inst SRAM */
51015 - { "_stext_l2", "_etext_l2" }, /* Blackfin on-chip L2 SRAM */
51016 + { "_stext", "_etext", 0, 0 },
51017 + { "_sinittext", "_einittext", 0, 0 },
51018 + { "_stext_l1", "_etext_l1", 0, 0 }, /* Blackfin on-chip L1 inst SRAM */
51019 + { "_stext_l2", "_etext_l2", 0, 0 }, /* Blackfin on-chip L2 SRAM */
51021 #define text_range_text (&text_ranges[0])
51022 #define text_range_inittext (&text_ranges[1])
51023 diff -urNp linux-2.6.32.1/scripts/mod/file2alias.c linux-2.6.32.1/scripts/mod/file2alias.c
51024 --- linux-2.6.32.1/scripts/mod/file2alias.c 2009-12-02 22:51:21.000000000 -0500
51025 +++ linux-2.6.32.1/scripts/mod/file2alias.c 2009-12-14 18:33:59.898724620 -0500
51026 @@ -72,7 +72,7 @@ static void device_id_check(const char *
51027 unsigned long size, unsigned long id_size,
51033 if (size % id_size || size < id_size) {
51034 if (cross_build != 0)
51035 @@ -102,7 +102,7 @@ static void device_id_check(const char *
51036 /* USB is special because the bcdDevice can be matched against a numeric range */
51037 /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */
51038 static void do_usb_entry(struct usb_device_id *id,
51039 - unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
51040 + unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
51041 unsigned char range_lo, unsigned char range_hi,
51042 struct module *mod)
51044 @@ -368,7 +368,7 @@ static void do_pnp_device_entry(void *sy
51045 for (i = 0; i < count; i++) {
51046 const char *id = (char *)devs[i].id;
51047 char acpi_id[sizeof(devs[0].id)];
51051 buf_printf(&mod->dev_table_buf,
51052 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
51053 @@ -398,7 +398,7 @@ static void do_pnp_card_entries(void *sy
51055 for (j = 0; j < PNP_MAX_DEVICES; j++) {
51056 const char *id = (char *)card->devs[j].id;
51058 + unsigned int i2, j2;
51062 @@ -424,7 +424,7 @@ static void do_pnp_card_entries(void *sy
51063 /* add an individual alias for every device entry */
51065 char acpi_id[sizeof(card->devs[0].id)];
51069 buf_printf(&mod->dev_table_buf,
51070 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
51071 @@ -699,7 +699,7 @@ static void dmi_ascii_filter(char *d, co
51072 static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
51076 + unsigned int i, j;
51078 sprintf(alias, "dmi*");
51080 diff -urNp linux-2.6.32.1/scripts/mod/modpost.c linux-2.6.32.1/scripts/mod/modpost.c
51081 --- linux-2.6.32.1/scripts/mod/modpost.c 2009-12-02 22:51:21.000000000 -0500
51082 +++ linux-2.6.32.1/scripts/mod/modpost.c 2009-12-14 18:33:59.899799564 -0500
51083 @@ -835,6 +835,7 @@ enum mismatch {
51086 EXPORT_TO_INIT_EXIT,
51090 struct sectioncheck {
51091 @@ -920,6 +921,12 @@ const struct sectioncheck sectioncheck[]
51092 .fromsec = { "__ksymtab*", NULL },
51093 .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
51094 .mismatch = EXPORT_TO_INIT_EXIT
51096 +/* Do not reference code from writable data */
51098 + .fromsec = { DATA_SECTIONS, NULL },
51099 + .tosec = { TEXT_SECTIONS, NULL },
51100 + .mismatch = DATA_TO_TEXT
51104 @@ -1024,10 +1031,10 @@ static Elf_Sym *find_elf_symbol(struct e
51106 if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
51108 - if (sym->st_value == addr)
51110 /* Find a symbol nearby - addr are maybe negative */
51111 d = sym->st_value - addr;
51115 d = addr - sym->st_value;
51116 if (d < distance) {
51117 @@ -1268,6 +1275,14 @@ static void report_sec_mismatch(const ch
51118 "Fix this by removing the %sannotation of %s "
51119 "or drop the export.\n",
51120 tosym, sec2annotation(tosec), sec2annotation(tosec), tosym);
51121 + case DATA_TO_TEXT:
51124 + "The variable %s references\n"
51125 + "the %s %s%s%s\n",
51126 + fromsym, to, sec2annotation(tosec), tosym, to_p);
51130 /* To get warnings on missing members */
51132 @@ -1651,7 +1666,7 @@ void __attribute__((format(printf, 2, 3)
51136 -void buf_write(struct buffer *buf, const char *s, int len)
51137 +void buf_write(struct buffer *buf, const char *s, unsigned int len)
51139 if (buf->size - buf->pos < len) {
51140 buf->size += len + SZ;
51141 @@ -1863,7 +1878,7 @@ static void write_if_changed(struct buff
51142 if (fstat(fileno(file), &st) < 0)
51145 - if (st.st_size != b->pos)
51146 + if (st.st_size != (off_t)b->pos)
51149 tmp = NOFAIL(malloc(b->pos));
51150 diff -urNp linux-2.6.32.1/scripts/mod/modpost.h linux-2.6.32.1/scripts/mod/modpost.h
51151 --- linux-2.6.32.1/scripts/mod/modpost.h 2009-12-02 22:51:21.000000000 -0500
51152 +++ linux-2.6.32.1/scripts/mod/modpost.h 2009-12-14 18:33:59.899799564 -0500
51153 @@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *e
51159 + unsigned int pos;
51160 + unsigned int size;
51163 void __attribute__((format(printf, 2, 3)))
51164 buf_printf(struct buffer *buf, const char *fmt, ...);
51167 -buf_write(struct buffer *buf, const char *s, int len);
51168 +buf_write(struct buffer *buf, const char *s, unsigned int len);
51171 struct module *next;
51172 diff -urNp linux-2.6.32.1/scripts/mod/sumversion.c linux-2.6.32.1/scripts/mod/sumversion.c
51173 --- linux-2.6.32.1/scripts/mod/sumversion.c 2009-12-02 22:51:21.000000000 -0500
51174 +++ linux-2.6.32.1/scripts/mod/sumversion.c 2009-12-14 18:33:59.899799564 -0500
51175 @@ -455,7 +455,7 @@ static void write_version(const char *fi
51179 - if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) {
51180 + if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) {
51181 warn("writing sum in %s failed: %s\n",
51182 filename, strerror(errno));
51184 diff -urNp linux-2.6.32.1/scripts/pnmtologo.c linux-2.6.32.1/scripts/pnmtologo.c
51185 --- linux-2.6.32.1/scripts/pnmtologo.c 2009-12-02 22:51:21.000000000 -0500
51186 +++ linux-2.6.32.1/scripts/pnmtologo.c 2009-12-14 18:33:59.900867041 -0500
51187 @@ -237,14 +237,14 @@ static void write_header(void)
51188 fprintf(out, " * Linux logo %s\n", logoname);
51189 fputs(" */\n\n", out);
51190 fputs("#include <linux/linux_logo.h>\n\n", out);
51191 - fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
51192 + fprintf(out, "static unsigned char %s_data[] = {\n",
51196 static void write_footer(void)
51198 fputs("\n};\n\n", out);
51199 - fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname);
51200 + fprintf(out, "const struct linux_logo %s = {\n", logoname);
51201 fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
51202 fprintf(out, "\t.width\t\t= %d,\n", logo_width);
51203 fprintf(out, "\t.height\t\t= %d,\n", logo_height);
51204 @@ -374,7 +374,7 @@ static void write_logo_clut224(void)
51205 fputs("\n};\n\n", out);
51207 /* write logo clut */
51208 - fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
51209 + fprintf(out, "static unsigned char %s_clut[] = {\n",
51212 for (i = 0; i < logo_clutsize; i++) {
51213 diff -urNp linux-2.6.32.1/security/commoncap.c linux-2.6.32.1/security/commoncap.c
51214 --- linux-2.6.32.1/security/commoncap.c 2009-12-02 22:51:21.000000000 -0500
51215 +++ linux-2.6.32.1/security/commoncap.c 2009-12-14 18:33:59.901789717 -0500
51217 #include <linux/securebits.h>
51218 #include <linux/vs_context.h>
51220 +#include <net/sock.h>
51223 * If a non-root user executes a setuid-root binary in
51224 * !secure(SECURE_NOROOT) mode, then we raise capabilities.
51225 @@ -53,7 +55,7 @@ static void warn_setuid_and_fcaps_mixed(
51227 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
51229 - NETLINK_CB(skb).eff_cap = vx_mbcaps(current_cap());
51230 + NETLINK_CB(skb).eff_cap = vx_mbcaps(gr_cap_rtnetlink(sk));
51234 diff -urNp linux-2.6.32.1/security/Kconfig linux-2.6.32.1/security/Kconfig
51235 --- linux-2.6.32.1/security/Kconfig 2009-12-02 22:51:21.000000000 -0500
51236 +++ linux-2.6.32.1/security/Kconfig 2009-12-14 18:33:59.911723002 -0500
51239 menu "Security options"
51241 +source grsecurity/Kconfig
51246 + bool "Enable various PaX features"
51247 + depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
51249 + This allows you to enable various PaX features. PaX adds
51250 + intrusion prevention mechanisms to the kernel that reduce
51251 + the risks posed by exploitable memory corruption bugs.
51253 +menu "PaX Control"
51256 +config PAX_SOFTMODE
51257 + bool 'Support soft mode'
51259 + Enabling this option will allow you to run PaX in soft mode, that
51260 + is, PaX features will not be enforced by default, only on executables
51261 + marked explicitly. You must also enable PT_PAX_FLAGS support as it
51262 + is the only way to mark executables for soft mode use.
51264 + Soft mode can be activated by using the "pax_softmode=1" kernel command
51265 + line option on boot. Furthermore you can control various PaX features
51266 + at runtime via the entries in /proc/sys/kernel/pax.
51269 + bool 'Use legacy ELF header marking'
51271 + Enabling this option will allow you to control PaX features on
51272 + a per executable basis via the 'chpax' utility available at
51273 + http://pax.grsecurity.net/. The control flags will be read from
51274 + an otherwise reserved part of the ELF header. This marking has
51275 + numerous drawbacks (no support for soft-mode, toolchain does not
51276 + know about the non-standard use of the ELF header) therefore it
51277 + has been deprecated in favour of PT_PAX_FLAGS support.
51279 + If you have applications not marked by the PT_PAX_FLAGS ELF
51280 + program header then you MUST enable this option otherwise they
51281 + will not get any protection.
51283 + Note that if you enable PT_PAX_FLAGS marking support as well,
51284 + the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
51286 +config PAX_PT_PAX_FLAGS
51287 + bool 'Use ELF program header marking'
51289 + Enabling this option will allow you to control PaX features on
51290 + a per executable basis via the 'paxctl' utility available at
51291 + http://pax.grsecurity.net/. The control flags will be read from
51292 + a PaX specific ELF program header (PT_PAX_FLAGS). This marking
51293 + has the benefits of supporting both soft mode and being fully
51294 + integrated into the toolchain (the binutils patch is available
51295 + from http://pax.grsecurity.net).
51297 + If you have applications not marked by the PT_PAX_FLAGS ELF
51298 + program header then you MUST enable the EI_PAX marking support
51299 + otherwise they will not get any protection.
51301 + Note that if you enable the legacy EI_PAX marking support as well,
51302 + the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
51305 + prompt 'MAC system integration'
51306 + default PAX_HAVE_ACL_FLAGS
51308 + Mandatory Access Control systems have the option of controlling
51309 + PaX flags on a per executable basis, choose the method supported
51310 + by your particular system.
51312 + - "none": if your MAC system does not interact with PaX,
51313 + - "direct": if your MAC system defines pax_set_initial_flags() itself,
51314 + - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
51316 + NOTE: this option is for developers/integrators only.
51318 + config PAX_NO_ACL_FLAGS
51321 + config PAX_HAVE_ACL_FLAGS
51324 + config PAX_HOOK_ACL_FLAGS
51330 +menu "Non-executable pages"
51334 + bool "Enforce non-executable pages"
51335 + depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
51337 + By design some architectures do not allow for protecting memory
51338 + pages against execution or even if they do, Linux does not make
51339 + use of this feature. In practice this means that if a page is
51340 + readable (such as the stack or heap) it is also executable.
51342 + There is a well known exploit technique that makes use of this
51343 + fact and a common programming mistake where an attacker can
51344 + introduce code of his choice somewhere in the attacked program's
51345 + memory (typically the stack or the heap) and then execute it.
51347 + If the attacked program was running with different (typically
51348 + higher) privileges than that of the attacker, then he can elevate
51349 + his own privilege level (e.g. get a root shell, write to files for
51350 + which he does not have write access to, etc).
51352 + Enabling this option will let you choose from various features
51353 + that prevent the injection and execution of 'foreign' code in
51356 + This will also break programs that rely on the old behaviour and
51357 + expect that dynamically allocated memory via the malloc() family
51358 + of functions is executable (which it is not). Notable examples
51359 + are the XFree86 4.x server, the java runtime and wine.
51361 +config PAX_PAGEEXEC
51362 + bool "Paging based non-executable pages"
51363 + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
51365 + This implementation is based on the paging feature of the CPU.
51366 + On i386 without hardware non-executable bit support there is a
51367 + variable but usually low performance impact, however on Intel's
51368 + P4 core based CPUs it is very high so you should not enable this
51369 + for kernels meant to be used on such CPUs.
51371 + On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
51372 + with hardware non-executable bit support there is no performance
51373 + impact, on ppc the impact is negligible.
51375 + Note that several architectures require various emulations due to
51376 + badly designed userland ABIs, this will cause a performance impact
51377 + but will disappear as soon as userland is fixed. For example, ppc
51378 + userland MUST have been built with secure-plt by a recent toolchain.
51380 +config PAX_SEGMEXEC
51381 + bool "Segmentation based non-executable pages"
51382 + depends on PAX_NOEXEC && X86_32
51384 + This implementation is based on the segmentation feature of the
51385 + CPU and has a very small performance impact, however applications
51386 + will be limited to a 1.5 GB address space instead of the normal
51389 +config PAX_EMUTRAMP
51390 + bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
51391 + default y if PARISC
51393 + There are some programs and libraries that for one reason or
51394 + another attempt to execute special small code snippets from
51395 + non-executable memory pages. Most notable examples are the
51396 + signal handler return code generated by the kernel itself and
51397 + the GCC trampolines.
51399 + If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
51400 + such programs will no longer work under your kernel.
51402 + As a remedy you can say Y here and use the 'chpax' or 'paxctl'
51403 + utilities to enable trampoline emulation for the affected programs
51404 + yet still have the protection provided by the non-executable pages.
51406 + On parisc you MUST enable this option and EMUSIGRT as well, otherwise
51407 + your system will not even boot.
51409 + Alternatively you can say N here and use the 'chpax' or 'paxctl'
51410 + utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
51411 + for the affected files.
51413 + NOTE: enabling this feature *may* open up a loophole in the
51414 + protection provided by non-executable pages that an attacker
51415 + could abuse. Therefore the best solution is to not have any
51416 + files on your system that would require this option. This can
51417 + be achieved by not using libc5 (which relies on the kernel
51418 + signal handler return code) and not using or rewriting programs
51419 + that make use of the nested function implementation of GCC.
51420 + Skilled users can just fix GCC itself so that it implements
51421 + nested function calls in a way that does not interfere with PaX.
51423 +config PAX_EMUSIGRT
51424 + bool "Automatically emulate sigreturn trampolines"
51425 + depends on PAX_EMUTRAMP && PARISC
51428 + Enabling this option will have the kernel automatically detect
51429 + and emulate signal return trampolines executing on the stack
51430 + that would otherwise lead to task termination.
51432 + This solution is intended as a temporary one for users with
51433 + legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
51434 + Modula-3 runtime, etc) or executables linked to such, basically
51435 + everything that does not specify its own SA_RESTORER function in
51436 + normal executable memory like glibc 2.1+ does.
51438 + On parisc you MUST enable this option, otherwise your system will
51441 + NOTE: this feature cannot be disabled on a per executable basis
51442 + and since it *does* open up a loophole in the protection provided
51443 + by non-executable pages, the best solution is to not have any
51444 + files on your system that would require this option.
51446 +config PAX_MPROTECT
51447 + bool "Restrict mprotect()"
51448 + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
51450 + Enabling this option will prevent programs from
51451 + - changing the executable status of memory pages that were
51452 + not originally created as executable,
51453 + - making read-only executable pages writable again,
51454 + - creating executable pages from anonymous memory.
51456 + You should say Y here to complete the protection provided by
51457 + the enforcement of non-executable pages.
51459 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control
51460 + this feature on a per file basis.
51462 +config PAX_NOELFRELOCS
51463 + bool "Disallow ELF text relocations"
51464 + depends on PAX_MPROTECT && !PAX_ETEXECRELOCS && (IA64 || PPC || X86)
51466 + Non-executable pages and mprotect() restrictions are effective
51467 + in preventing the introduction of new executable code into an
51468 + attacked task's address space. There remain only two venues
51469 + for this kind of attack: if the attacker can execute already
51470 + existing code in the attacked task then he can either have it
51471 + create and mmap() a file containing his code or have it mmap()
51472 + an already existing ELF library that does not have position
51473 + independent code in it and use mprotect() on it to make it
51474 + writable and copy his code there. While protecting against
51475 + the former approach is beyond PaX, the latter can be prevented
51476 + by having only PIC ELF libraries on one's system (which do not
51477 + need to relocate their code). If you are sure this is your case,
51478 + then enable this option otherwise be careful as you may not even
51479 + be able to boot or log on your system (for example, some PAM
51480 + modules are erroneously compiled as non-PIC by default).
51482 + NOTE: if you are using dynamic ELF executables (as suggested
51483 + when using ASLR) then you must have made sure that you linked
51484 + your files using the PIC version of crt1 (the et_dyn.tar.gz package
51485 + referenced there has already been updated to support this).
51487 +config PAX_ETEXECRELOCS
51488 + bool "Allow ELF ET_EXEC text relocations"
51489 + depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
51492 + On some architectures there are incorrectly created applications
51493 + that require text relocations and would not work without enabling
51494 + this option. If you are an alpha, ia64 or parisc user, you should
51495 + enable this option and disable it once you have made sure that
51496 + none of your applications need it.
51499 + bool "Automatically emulate ELF PLT"
51500 + depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC32 || SPARC64)
51503 + Enabling this option will have the kernel automatically detect
51504 + and emulate the Procedure Linkage Table entries in ELF files.
51505 + On some architectures such entries are in writable memory, and
51506 + become non-executable leading to task termination. Therefore
51507 + it is mandatory that you enable this option on alpha, parisc,
51508 + sparc and sparc64, otherwise your system would not even boot.
51510 + NOTE: this feature *does* open up a loophole in the protection
51511 + provided by the non-executable pages, therefore the proper
51512 + solution is to modify the toolchain to produce a PLT that does
51513 + not need to be writable.
51515 +config PAX_DLRESOLVE
51516 + bool 'Emulate old glibc resolver stub'
51517 + depends on PAX_EMUPLT && (SPARC32 || SPARC64)
51520 + This option is needed if userland has an old glibc (before 2.4)
51521 + that puts a 'save' instruction into the runtime generated resolver
51522 + stub that needs special emulation.
51524 +config PAX_KERNEXEC
51525 + bool "Enforce non-executable kernel pages"
51526 + depends on PAX_NOEXEC && X86 && (!X86_32 || X86_WP_WORKS_OK)
51528 + This is the kernel land equivalent of PAGEEXEC and MPROTECT,
51529 + that is, enabling this option will make it harder to inject
51530 + and execute 'foreign' code in kernel memory itself.
51534 +menu "Address Space Layout Randomization"
51538 + bool "Address Space Layout Randomization"
51539 + depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
51541 + Many if not most exploit techniques rely on the knowledge of
51542 + certain addresses in the attacked program. The following options
51543 + will allow the kernel to apply a certain amount of randomization
51544 + to specific parts of the program thereby forcing an attacker to
51545 + guess them in most cases. Any failed guess will most likely crash
51546 + the attacked program which allows the kernel to detect such attempts
51547 + and react on them. PaX itself provides no reaction mechanisms,
51548 + instead it is strongly encouraged that you make use of Nergal's
51549 + segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's
51550 + (http://www.grsecurity.net/) built-in crash detection features or
51551 + develop one yourself.
51553 + By saying Y here you can choose to randomize the following areas:
51554 + - top of the task's kernel stack
51555 + - top of the task's userland stack
51556 + - base address for mmap() requests that do not specify one
51557 + (this includes all libraries)
51558 + - base address of the main executable
51560 + It is strongly recommended to say Y here as address space layout
51561 + randomization has negligible impact on performance yet it provides
51562 + a very effective protection.
51564 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control
51565 + this feature on a per file basis.
51567 +config PAX_RANDKSTACK
51568 + bool "Randomize kernel stack base"
51569 + depends on PAX_ASLR && X86_TSC && X86_32
51571 + By saying Y here the kernel will randomize every task's kernel
51572 + stack on every system call. This will not only force an attacker
51573 + to guess it but also prevent him from making use of possible
51574 + leaked information about it.
51576 + Since the kernel stack is a rather scarce resource, randomization
51577 + may cause unexpected stack overflows, therefore you should very
51578 + carefully test your system. Note that once enabled in the kernel
51579 + configuration, this feature cannot be disabled on a per file basis.
51581 +config PAX_RANDUSTACK
51582 + bool "Randomize user stack base"
51583 + depends on PAX_ASLR
51585 + By saying Y here the kernel will randomize every task's userland
51586 + stack. The randomization is done in two steps where the second
51587 + one may apply a big amount of shift to the top of the stack and
51588 + cause problems for programs that want to use lots of memory (more
51589 + than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
51590 + For this reason the second step can be controlled by 'chpax' or
51591 + 'paxctl' on a per file basis.
51593 +config PAX_RANDMMAP
51594 + bool "Randomize mmap() base"
51595 + depends on PAX_ASLR
51597 + By saying Y here the kernel will use a randomized base address for
51598 + mmap() requests that do not specify one themselves. As a result
51599 + all dynamically loaded libraries will appear at random addresses
51600 + and therefore be harder to exploit by a technique where an attacker
51601 + attempts to execute library code for his purposes (e.g. spawn a
51602 + shell from an exploited program that is running at an elevated
51603 + privilege level).
51605 + Furthermore, if a program is relinked as a dynamic ELF file, its
51606 + base address will be randomized as well, completing the full
51607 + randomization of the address space layout. Attacking such programs
51608 + becomes a guess game. You can find an example of doing this at
51609 + http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
51610 + http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
51612 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
51613 + feature on a per file basis.
51617 +menu "Miscellaneous hardening features"
51619 +config PAX_MEMORY_SANITIZE
51620 + bool "Sanitize all freed memory"
51622 + By saying Y here the kernel will erase memory pages as soon as they
51623 + are freed. This in turn reduces the lifetime of data stored in the
51624 + pages, making it less likely that sensitive information such as
51625 + passwords, cryptographic secrets, etc stay in memory for too long.
51627 + This is especially useful for programs whose runtime is short, long
51628 + lived processes and the kernel itself benefit from this as long as
51629 + they operate on whole memory pages and ensure timely freeing of pages
51630 + that may hold sensitive information.
51632 + The tradeoff is performance impact, on a single CPU system kernel
51633 + compilation sees a 3% slowdown, other systems and workloads may vary
51634 + and you are advised to test this feature on your expected workload
51635 + before deploying it.
51637 + Note that this feature does not protect data stored in live pages,
51638 + e.g., process memory swapped to disk may stay there for a long time.
51640 +config PAX_MEMORY_UDEREF
51641 + bool "Prevent invalid userland pointer dereference"
51642 + depends on X86_32 && !UML_X86
51644 + By saying Y here the kernel will be prevented from dereferencing
51645 + userland pointers in contexts where the kernel expects only kernel
51646 + pointers. This is both a useful runtime debugging feature and a
51647 + security measure that prevents exploiting a class of kernel bugs.
51649 + The tradeoff is that some virtualization solutions may experience
51650 + a huge slowdown and therefore you should not enable this feature
51651 + for kernels meant to run in such environments. Whether a given VM
51652 + solution is affected or not is best determined by simply trying it
51653 + out, the performance impact will be obvious right on boot as this
51654 + mechanism engages from very early on. A good rule of thumb is that
51655 + VMs running on CPUs without hardware virtualization support (i.e.,
51656 + the majority of IA-32 CPUs) will likely experience the slowdown.
51658 +config PAX_REFCOUNT
51659 + bool "Prevent various kernel object reference counter overflows"
51660 + depends on GRKERNSEC && (X86 || SPARC64)
51662 + By saying Y here the kernel will detect and prevent overflowing
51663 + various (but not all) kinds of object reference counters. Such
51664 + overflows can normally occur due to bugs only and are often, if
51665 + not always, exploitable.
51667 + The tradeoff is that data structures protected by an overflowed
51668 + refcount will never be freed and therefore will leak memory. Note
51669 + that this leak also happens even without this protection but in
51670 + that case the overflow can eventually trigger the freeing of the
51671 + data structure while it is still being used elsewhere, resulting
51672 + in the exploitable situation that this feature prevents.
51674 + Since this has a negligible performance impact, you should enable
51677 +config PAX_USERCOPY
51678 + bool "Bounds check heap object copies between kernel and userland"
51679 + depends on X86 || PPC32 || PPC64 || SPARC32 || SPARC64
51680 + depends on GRKERNSEC && (SLAB || SLUB || SLOB)
51682 + By saying Y here the kernel will enforce the size of heap objects
51683 + when they are copied in either direction between the kernel and
51684 + userland, even if only a part of the heap object is copied.
51686 + Specifically, this checking prevents information leaking from the
51687 + kernel heap during kernel to userland copies (if the kernel heap
51688 + object is otherwise fully initialized) and prevents kernel heap
51689 + overflows during userland to kernel copies.
51691 + Note that the current implementation provides the strictest checks
51692 + for the SLUB allocator.
51694 + Since this has a negligible performance impact, you should enable
51701 bool "Enable access key retention support"
51703 @@ -146,7 +605,7 @@ config INTEL_TXT
51704 config LSM_MMAP_MIN_ADDR
51705 int "Low address space for LSM to protect from user allocation"
51706 depends on SECURITY && SECURITY_SELINUX
51710 This is the portion of low virtual memory which should be protected
51711 from userspace allocation. Keeping a user from writing to low pages
51712 diff -urNp linux-2.6.32.1/security/min_addr.c linux-2.6.32.1/security/min_addr.c
51713 --- linux-2.6.32.1/security/min_addr.c 2009-12-02 22:51:21.000000000 -0500
51714 +++ linux-2.6.32.1/security/min_addr.c 2009-12-14 18:33:59.911723002 -0500
51715 @@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG
51717 static void update_mmap_min_addr(void)
51720 #ifdef CONFIG_LSM_MMAP_MIN_ADDR
51721 if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
51722 mmap_min_addr = dac_mmap_min_addr;
51723 @@ -22,6 +23,7 @@ static void update_mmap_min_addr(void)
51725 mmap_min_addr = dac_mmap_min_addr;
51731 @@ -33,6 +35,9 @@ int mmap_min_addr_handler(struct ctl_tab
51735 + if (!capable(CAP_SYS_RAWIO))
51738 ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
51740 update_mmap_min_addr();
51741 diff -urNp linux-2.6.32.1/sound/aoa/codecs/onyx.c linux-2.6.32.1/sound/aoa/codecs/onyx.c
51742 --- linux-2.6.32.1/sound/aoa/codecs/onyx.c 2009-12-02 22:51:21.000000000 -0500
51743 +++ linux-2.6.32.1/sound/aoa/codecs/onyx.c 2009-12-14 18:33:59.922037934 -0500
51744 @@ -53,7 +53,7 @@ struct onyx {
51749 + atomic_t open_count;
51750 struct codec_info *codec_info;
51752 /* mutex serializes concurrent access to the device
51753 @@ -752,7 +752,7 @@ static int onyx_open(struct codec_info_i
51754 struct onyx *onyx = cii->codec_data;
51756 mutex_lock(&onyx->mutex);
51757 - onyx->open_count++;
51758 + atomic_inc(&onyx->open_count);
51759 mutex_unlock(&onyx->mutex);
51762 @@ -764,8 +764,7 @@ static int onyx_close(struct codec_info_
51763 struct onyx *onyx = cii->codec_data;
51765 mutex_lock(&onyx->mutex);
51766 - onyx->open_count--;
51767 - if (!onyx->open_count)
51768 + if (atomic_dec_and_test(&onyx->open_count))
51769 onyx->spdif_locked = onyx->analog_locked = 0;
51770 mutex_unlock(&onyx->mutex);
51772 diff -urNp linux-2.6.32.1/sound/core/oss/pcm_oss.c linux-2.6.32.1/sound/core/oss/pcm_oss.c
51773 --- linux-2.6.32.1/sound/core/oss/pcm_oss.c 2009-12-02 22:51:21.000000000 -0500
51774 +++ linux-2.6.32.1/sound/core/oss/pcm_oss.c 2009-12-14 18:33:59.948708067 -0500
51775 @@ -2949,8 +2949,8 @@ static void snd_pcm_oss_proc_done(struct
51778 #else /* !CONFIG_SND_VERBOSE_PROCFS */
51779 -#define snd_pcm_oss_proc_init(pcm)
51780 -#define snd_pcm_oss_proc_done(pcm)
51781 +#define snd_pcm_oss_proc_init(pcm) do {} while (0)
51782 +#define snd_pcm_oss_proc_done(pcm) do {} while (0)
51783 #endif /* CONFIG_SND_VERBOSE_PROCFS */
51786 diff -urNp linux-2.6.32.1/sound/core/seq/seq_lock.h linux-2.6.32.1/sound/core/seq/seq_lock.h
51787 --- linux-2.6.32.1/sound/core/seq/seq_lock.h 2009-12-02 22:51:21.000000000 -0500
51788 +++ linux-2.6.32.1/sound/core/seq/seq_lock.h 2009-12-14 18:33:59.957992355 -0500
51789 @@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo
51790 #else /* SMP || CONFIG_SND_DEBUG */
51792 typedef spinlock_t snd_use_lock_t; /* dummy */
51793 -#define snd_use_lock_init(lockp) /**/
51794 -#define snd_use_lock_use(lockp) /**/
51795 -#define snd_use_lock_free(lockp) /**/
51796 -#define snd_use_lock_sync(lockp) /**/
51797 +#define snd_use_lock_init(lockp) do {} while (0)
51798 +#define snd_use_lock_use(lockp) do {} while (0)
51799 +#define snd_use_lock_free(lockp) do {} while (0)
51800 +#define snd_use_lock_sync(lockp) do {} while (0)
51802 #endif /* SMP || CONFIG_SND_DEBUG */
51804 diff -urNp linux-2.6.32.1/sound/drivers/mts64.c linux-2.6.32.1/sound/drivers/mts64.c
51805 --- linux-2.6.32.1/sound/drivers/mts64.c 2009-12-02 22:51:21.000000000 -0500
51806 +++ linux-2.6.32.1/sound/drivers/mts64.c 2009-12-14 18:33:59.979956196 -0500
51807 @@ -65,7 +65,7 @@ struct mts64 {
51808 struct pardevice *pardev;
51809 int pardev_claimed;
51812 + atomic_t open_count;
51813 int current_midi_output_port;
51814 int current_midi_input_port;
51815 u8 mode[MTS64_NUM_INPUT_PORTS];
51816 @@ -695,7 +695,7 @@ static int snd_mts64_rawmidi_open(struct
51818 struct mts64 *mts = substream->rmidi->private_data;
51820 - if (mts->open_count == 0) {
51821 + if (atomic_read(&mts->open_count) == 0) {
51822 /* We don't need a spinlock here, because this is just called
51823 if the device has not been opened before.
51824 So there aren't any IRQs from the device */
51825 @@ -703,7 +703,7 @@ static int snd_mts64_rawmidi_open(struct
51829 - ++(mts->open_count);
51830 + atomic_inc(&mts->open_count);
51834 @@ -713,8 +713,7 @@ static int snd_mts64_rawmidi_close(struc
51835 struct mts64 *mts = substream->rmidi->private_data;
51836 unsigned long flags;
51838 - --(mts->open_count);
51839 - if (mts->open_count == 0) {
51840 + if (atomic_dec_return(&mts->open_count) == 0) {
51841 /* We need the spinlock_irqsave here because we can still
51842 have IRQs at this point */
51843 spin_lock_irqsave(&mts->lock, flags);
51844 @@ -723,8 +722,8 @@ static int snd_mts64_rawmidi_close(struc
51848 - } else if (mts->open_count < 0)
51849 - mts->open_count = 0;
51850 + } else if (atomic_read(&mts->open_count) < 0)
51851 + atomic_set(&mts->open_count, 0);
51855 diff -urNp linux-2.6.32.1/sound/drivers/portman2x4.c linux-2.6.32.1/sound/drivers/portman2x4.c
51856 --- linux-2.6.32.1/sound/drivers/portman2x4.c 2009-12-02 22:51:21.000000000 -0500
51857 +++ linux-2.6.32.1/sound/drivers/portman2x4.c 2009-12-14 18:33:59.981731399 -0500
51858 @@ -83,7 +83,7 @@ struct portman {
51859 struct pardevice *pardev;
51860 int pardev_claimed;
51863 + atomic_t open_count;
51864 int mode[PORTMAN_NUM_INPUT_PORTS];
51865 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
51867 diff -urNp linux-2.6.32.1/sound/pci/ac97/ac97_codec.c linux-2.6.32.1/sound/pci/ac97/ac97_codec.c
51868 --- linux-2.6.32.1/sound/pci/ac97/ac97_codec.c 2009-12-02 22:51:21.000000000 -0500
51869 +++ linux-2.6.32.1/sound/pci/ac97/ac97_codec.c 2009-12-14 18:33:59.996911247 -0500
51870 @@ -1952,7 +1952,7 @@ static int snd_ac97_dev_disconnect(struc
51873 /* build_ops to do nothing */
51874 -static struct snd_ac97_build_ops null_build_ops;
51875 +static const struct snd_ac97_build_ops null_build_ops;
51877 #ifdef CONFIG_SND_AC97_POWER_SAVE
51878 static void do_update_power(struct work_struct *work)
51879 diff -urNp linux-2.6.32.1/sound/pci/ac97/ac97_patch.c linux-2.6.32.1/sound/pci/ac97/ac97_patch.c
51880 --- linux-2.6.32.1/sound/pci/ac97/ac97_patch.c 2009-12-02 22:51:21.000000000 -0500
51881 +++ linux-2.6.32.1/sound/pci/ac97/ac97_patch.c 2009-12-14 18:34:00.010722092 -0500
51882 @@ -371,7 +371,7 @@ static int patch_yamaha_ymf743_build_spd
51886 -static struct snd_ac97_build_ops patch_yamaha_ymf743_ops = {
51887 +static const struct snd_ac97_build_ops patch_yamaha_ymf743_ops = {
51888 .build_spdif = patch_yamaha_ymf743_build_spdif,
51889 .build_3d = patch_yamaha_ymf7x3_3d,
51891 @@ -455,7 +455,7 @@ static int patch_yamaha_ymf753_post_spdi
51895 -static struct snd_ac97_build_ops patch_yamaha_ymf753_ops = {
51896 +static const struct snd_ac97_build_ops patch_yamaha_ymf753_ops = {
51897 .build_3d = patch_yamaha_ymf7x3_3d,
51898 .build_post_spdif = patch_yamaha_ymf753_post_spdif
51900 @@ -502,7 +502,7 @@ static int patch_wolfson_wm9703_specific
51904 -static struct snd_ac97_build_ops patch_wolfson_wm9703_ops = {
51905 +static const struct snd_ac97_build_ops patch_wolfson_wm9703_ops = {
51906 .build_specific = patch_wolfson_wm9703_specific,
51909 @@ -533,7 +533,7 @@ static int patch_wolfson_wm9704_specific
51913 -static struct snd_ac97_build_ops patch_wolfson_wm9704_ops = {
51914 +static const struct snd_ac97_build_ops patch_wolfson_wm9704_ops = {
51915 .build_specific = patch_wolfson_wm9704_specific,
51918 @@ -555,7 +555,7 @@ static int patch_wolfson_wm9705_specific
51922 -static struct snd_ac97_build_ops patch_wolfson_wm9705_ops = {
51923 +static const struct snd_ac97_build_ops patch_wolfson_wm9705_ops = {
51924 .build_specific = patch_wolfson_wm9705_specific,
51927 @@ -692,7 +692,7 @@ static int patch_wolfson_wm9711_specific
51931 -static struct snd_ac97_build_ops patch_wolfson_wm9711_ops = {
51932 +static const struct snd_ac97_build_ops patch_wolfson_wm9711_ops = {
51933 .build_specific = patch_wolfson_wm9711_specific,
51936 @@ -886,7 +886,7 @@ static void patch_wolfson_wm9713_resume
51940 -static struct snd_ac97_build_ops patch_wolfson_wm9713_ops = {
51941 +static const struct snd_ac97_build_ops patch_wolfson_wm9713_ops = {
51942 .build_specific = patch_wolfson_wm9713_specific,
51943 .build_3d = patch_wolfson_wm9713_3d,
51945 @@ -991,7 +991,7 @@ static int patch_sigmatel_stac97xx_speci
51949 -static struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = {
51950 +static const struct snd_ac97_build_ops patch_sigmatel_stac9700_ops = {
51951 .build_3d = patch_sigmatel_stac9700_3d,
51952 .build_specific = patch_sigmatel_stac97xx_specific
51954 @@ -1038,7 +1038,7 @@ static int patch_sigmatel_stac9708_speci
51955 return patch_sigmatel_stac97xx_specific(ac97);
51958 -static struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = {
51959 +static const struct snd_ac97_build_ops patch_sigmatel_stac9708_ops = {
51960 .build_3d = patch_sigmatel_stac9708_3d,
51961 .build_specific = patch_sigmatel_stac9708_specific
51963 @@ -1267,7 +1267,7 @@ static int patch_sigmatel_stac9758_speci
51967 -static struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = {
51968 +static const struct snd_ac97_build_ops patch_sigmatel_stac9758_ops = {
51969 .build_3d = patch_sigmatel_stac9700_3d,
51970 .build_specific = patch_sigmatel_stac9758_specific
51972 @@ -1342,7 +1342,7 @@ static int patch_cirrus_build_spdif(stru
51976 -static struct snd_ac97_build_ops patch_cirrus_ops = {
51977 +static const struct snd_ac97_build_ops patch_cirrus_ops = {
51978 .build_spdif = patch_cirrus_build_spdif
51981 @@ -1399,7 +1399,7 @@ static int patch_conexant_build_spdif(st
51985 -static struct snd_ac97_build_ops patch_conexant_ops = {
51986 +static const struct snd_ac97_build_ops patch_conexant_ops = {
51987 .build_spdif = patch_conexant_build_spdif
51990 @@ -1501,7 +1501,7 @@ static const struct snd_ac97_res_table a
51991 { AC97_VIDEO, 0x9f1f },
51992 { AC97_AUX, 0x9f1f },
51993 { AC97_PCM, 0x9f1f },
51994 - { } /* terminator */
51995 + { 0, 0 } /* terminator */
51998 static int patch_ad1819(struct snd_ac97 * ac97)
51999 @@ -1575,7 +1575,7 @@ static void patch_ad1881_chained(struct
52003 -static struct snd_ac97_build_ops patch_ad1881_build_ops = {
52004 +static const struct snd_ac97_build_ops patch_ad1881_build_ops = {
52006 .resume = ad18xx_resume
52008 @@ -1662,7 +1662,7 @@ static int patch_ad1885_specific(struct
52012 -static struct snd_ac97_build_ops patch_ad1885_build_ops = {
52013 +static const struct snd_ac97_build_ops patch_ad1885_build_ops = {
52014 .build_specific = &patch_ad1885_specific,
52016 .resume = ad18xx_resume
52017 @@ -1689,7 +1689,7 @@ static int patch_ad1886_specific(struct
52021 -static struct snd_ac97_build_ops patch_ad1886_build_ops = {
52022 +static const struct snd_ac97_build_ops patch_ad1886_build_ops = {
52023 .build_specific = &patch_ad1886_specific,
52025 .resume = ad18xx_resume
52026 @@ -1893,7 +1893,7 @@ static int patch_ad1981a_specific(struct
52027 ARRAY_SIZE(snd_ac97_ad1981x_jack_sense));
52030 -static struct snd_ac97_build_ops patch_ad1981a_build_ops = {
52031 +static const struct snd_ac97_build_ops patch_ad1981a_build_ops = {
52032 .build_post_spdif = patch_ad198x_post_spdif,
52033 .build_specific = patch_ad1981a_specific,
52035 @@ -1948,7 +1948,7 @@ static int patch_ad1981b_specific(struct
52036 ARRAY_SIZE(snd_ac97_ad1981x_jack_sense));
52039 -static struct snd_ac97_build_ops patch_ad1981b_build_ops = {
52040 +static const struct snd_ac97_build_ops patch_ad1981b_build_ops = {
52041 .build_post_spdif = patch_ad198x_post_spdif,
52042 .build_specific = patch_ad1981b_specific,
52044 @@ -2087,7 +2087,7 @@ static int patch_ad1888_specific(struct
52045 return patch_build_controls(ac97, snd_ac97_ad1888_controls, ARRAY_SIZE(snd_ac97_ad1888_controls));
52048 -static struct snd_ac97_build_ops patch_ad1888_build_ops = {
52049 +static const struct snd_ac97_build_ops patch_ad1888_build_ops = {
52050 .build_post_spdif = patch_ad198x_post_spdif,
52051 .build_specific = patch_ad1888_specific,
52053 @@ -2136,7 +2136,7 @@ static int patch_ad1980_specific(struct
52054 return patch_build_controls(ac97, &snd_ac97_ad198x_2cmic, 1);
52057 -static struct snd_ac97_build_ops patch_ad1980_build_ops = {
52058 +static const struct snd_ac97_build_ops patch_ad1980_build_ops = {
52059 .build_post_spdif = patch_ad198x_post_spdif,
52060 .build_specific = patch_ad1980_specific,
52062 @@ -2251,7 +2251,7 @@ static int patch_ad1985_specific(struct
52063 ARRAY_SIZE(snd_ac97_ad1985_controls));
52066 -static struct snd_ac97_build_ops patch_ad1985_build_ops = {
52067 +static const struct snd_ac97_build_ops patch_ad1985_build_ops = {
52068 .build_post_spdif = patch_ad198x_post_spdif,
52069 .build_specific = patch_ad1985_specific,
52071 @@ -2543,7 +2543,7 @@ static int patch_ad1986_specific(struct
52072 ARRAY_SIZE(snd_ac97_ad1985_controls));
52075 -static struct snd_ac97_build_ops patch_ad1986_build_ops = {
52076 +static const struct snd_ac97_build_ops patch_ad1986_build_ops = {
52077 .build_post_spdif = patch_ad198x_post_spdif,
52078 .build_specific = patch_ad1986_specific,
52080 @@ -2648,7 +2648,7 @@ static int patch_alc650_specific(struct
52084 -static struct snd_ac97_build_ops patch_alc650_ops = {
52085 +static const struct snd_ac97_build_ops patch_alc650_ops = {
52086 .build_specific = patch_alc650_specific,
52087 .update_jacks = alc650_update_jacks
52089 @@ -2800,7 +2800,7 @@ static int patch_alc655_specific(struct
52093 -static struct snd_ac97_build_ops patch_alc655_ops = {
52094 +static const struct snd_ac97_build_ops patch_alc655_ops = {
52095 .build_specific = patch_alc655_specific,
52096 .update_jacks = alc655_update_jacks
52098 @@ -2912,7 +2912,7 @@ static int patch_alc850_specific(struct
52102 -static struct snd_ac97_build_ops patch_alc850_ops = {
52103 +static const struct snd_ac97_build_ops patch_alc850_ops = {
52104 .build_specific = patch_alc850_specific,
52105 .update_jacks = alc850_update_jacks
52107 @@ -2974,7 +2974,7 @@ static int patch_cm9738_specific(struct
52108 return patch_build_controls(ac97, snd_ac97_cm9738_controls, ARRAY_SIZE(snd_ac97_cm9738_controls));
52111 -static struct snd_ac97_build_ops patch_cm9738_ops = {
52112 +static const struct snd_ac97_build_ops patch_cm9738_ops = {
52113 .build_specific = patch_cm9738_specific,
52114 .update_jacks = cm9738_update_jacks
52116 @@ -3065,7 +3065,7 @@ static int patch_cm9739_post_spdif(struc
52117 return patch_build_controls(ac97, snd_ac97_cm9739_controls_spdif, ARRAY_SIZE(snd_ac97_cm9739_controls_spdif));
52120 -static struct snd_ac97_build_ops patch_cm9739_ops = {
52121 +static const struct snd_ac97_build_ops patch_cm9739_ops = {
52122 .build_specific = patch_cm9739_specific,
52123 .build_post_spdif = patch_cm9739_post_spdif,
52124 .update_jacks = cm9739_update_jacks
52125 @@ -3239,7 +3239,7 @@ static int patch_cm9761_specific(struct
52126 return patch_build_controls(ac97, snd_ac97_cm9761_controls, ARRAY_SIZE(snd_ac97_cm9761_controls));
52129 -static struct snd_ac97_build_ops patch_cm9761_ops = {
52130 +static const struct snd_ac97_build_ops patch_cm9761_ops = {
52131 .build_specific = patch_cm9761_specific,
52132 .build_post_spdif = patch_cm9761_post_spdif,
52133 .update_jacks = cm9761_update_jacks
52134 @@ -3335,7 +3335,7 @@ static int patch_cm9780_specific(struct
52135 return patch_build_controls(ac97, cm9780_controls, ARRAY_SIZE(cm9780_controls));
52138 -static struct snd_ac97_build_ops patch_cm9780_ops = {
52139 +static const struct snd_ac97_build_ops patch_cm9780_ops = {
52140 .build_specific = patch_cm9780_specific,
52141 .build_post_spdif = patch_cm9761_post_spdif /* identical with CM9761 */
52143 @@ -3455,7 +3455,7 @@ static int patch_vt1616_specific(struct
52147 -static struct snd_ac97_build_ops patch_vt1616_ops = {
52148 +static const struct snd_ac97_build_ops patch_vt1616_ops = {
52149 .build_specific = patch_vt1616_specific
52152 @@ -3809,7 +3809,7 @@ static int patch_it2646_specific(struct
52156 -static struct snd_ac97_build_ops patch_it2646_ops = {
52157 +static const struct snd_ac97_build_ops patch_it2646_ops = {
52158 .build_specific = patch_it2646_specific,
52159 .update_jacks = it2646_update_jacks
52161 @@ -3843,7 +3843,7 @@ static int patch_si3036_specific(struct
52165 -static struct snd_ac97_build_ops patch_si3036_ops = {
52166 +static const struct snd_ac97_build_ops patch_si3036_ops = {
52167 .build_specific = patch_si3036_specific,
52170 @@ -3876,7 +3876,7 @@ static struct snd_ac97_res_table lm4550_
52171 { AC97_AUX, 0x1f1f },
52172 { AC97_PCM, 0x1f1f },
52173 { AC97_REC_GAIN, 0x0f0f },
52174 - { } /* terminator */
52175 + { 0, 0 } /* terminator */
52178 static int patch_lm4550(struct snd_ac97 *ac97)
52179 @@ -3910,7 +3910,7 @@ static int patch_ucb1400_specific(struct
52183 -static struct snd_ac97_build_ops patch_ucb1400_ops = {
52184 +static const struct snd_ac97_build_ops patch_ucb1400_ops = {
52185 .build_specific = patch_ucb1400_specific,
52188 diff -urNp linux-2.6.32.1/sound/pci/ens1370.c linux-2.6.32.1/sound/pci/ens1370.c
52189 --- linux-2.6.32.1/sound/pci/ens1370.c 2009-12-02 22:51:21.000000000 -0500
52190 +++ linux-2.6.32.1/sound/pci/ens1370.c 2009-12-14 18:34:00.020737821 -0500
52191 @@ -452,7 +452,7 @@ static struct pci_device_id snd_audiopci
52192 { PCI_VDEVICE(ENSONIQ, 0x5880), 0, }, /* ES1373 - CT5880 */
52193 { PCI_VDEVICE(ECTIVA, 0x8938), 0, }, /* Ectiva EV1938 */
52196 + { 0, 0, 0, 0, 0, 0, 0 }
52199 MODULE_DEVICE_TABLE(pci, snd_audiopci_ids);
52200 diff -urNp linux-2.6.32.1/sound/pci/intel8x0.c linux-2.6.32.1/sound/pci/intel8x0.c
52201 --- linux-2.6.32.1/sound/pci/intel8x0.c 2009-12-02 22:51:21.000000000 -0500
52202 +++ linux-2.6.32.1/sound/pci/intel8x0.c 2009-12-14 18:34:00.038929833 -0500
52203 @@ -444,7 +444,7 @@ static struct pci_device_id snd_intel8x0
52204 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
52205 { PCI_VDEVICE(AMD, 0x7445), DEVICE_INTEL }, /* AMD768 */
52206 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
52208 + { 0, 0, 0, 0, 0, 0, 0 }
52211 MODULE_DEVICE_TABLE(pci, snd_intel8x0_ids);
52212 @@ -2123,7 +2123,7 @@ static struct ac97_quirk ac97_quirks[] _
52213 .type = AC97_TUNE_HP_ONLY
52216 - { } /* terminator */
52217 + { 0, 0, 0, 0, NULL, 0 } /* terminator */
52220 static int __devinit snd_intel8x0_mixer(struct intel8x0 *chip, int ac97_clock,
52221 diff -urNp linux-2.6.32.1/sound/pci/intel8x0m.c linux-2.6.32.1/sound/pci/intel8x0m.c
52222 --- linux-2.6.32.1/sound/pci/intel8x0m.c 2009-12-02 22:51:21.000000000 -0500
52223 +++ linux-2.6.32.1/sound/pci/intel8x0m.c 2009-12-14 18:34:00.051044558 -0500
52224 @@ -239,7 +239,7 @@ static struct pci_device_id snd_intel8x0
52225 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
52226 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
52229 + { 0, 0, 0, 0, 0, 0, 0 }
52232 MODULE_DEVICE_TABLE(pci, snd_intel8x0m_ids);
52233 @@ -1264,7 +1264,7 @@ static struct shortname_table {
52234 { 0x5455, "ALi M5455" },
52235 { 0x746d, "AMD AMD8111" },
52241 static int __devinit snd_intel8x0m_probe(struct pci_dev *pci,
52242 diff -urNp linux-2.6.32.1/usr/gen_init_cpio.c linux-2.6.32.1/usr/gen_init_cpio.c
52243 --- linux-2.6.32.1/usr/gen_init_cpio.c 2009-12-02 22:51:21.000000000 -0500
52244 +++ linux-2.6.32.1/usr/gen_init_cpio.c 2009-12-14 18:34:00.051906262 -0500
52245 @@ -299,7 +299,7 @@ static int cpio_mkfile(const char *name,
52254 @@ -383,9 +383,10 @@ static char *cpio_replace_env(char *new_
52255 *env_var = *expanded = '\0';
52256 strncat(env_var, start + 2, end - start - 2);
52257 strncat(expanded, new_location, start - new_location);
52258 - strncat(expanded, getenv(env_var), PATH_MAX);
52259 - strncat(expanded, end + 1, PATH_MAX);
52260 + strncat(expanded, getenv(env_var), PATH_MAX - strlen(expanded));
52261 + strncat(expanded, end + 1, PATH_MAX - strlen(expanded));
52262 strncpy(new_location, expanded, PATH_MAX);
52263 + new_location[PATH_MAX] = 0;
52267 diff -urNp linux-2.6.32.1/virt/kvm/kvm_main.c linux-2.6.32.1/virt/kvm/kvm_main.c
52268 --- linux-2.6.32.1/virt/kvm/kvm_main.c 2009-12-02 22:51:21.000000000 -0500
52269 +++ linux-2.6.32.1/virt/kvm/kvm_main.c 2009-12-14 18:34:00.063810240 -0500
52270 @@ -1745,6 +1745,7 @@ static int kvm_vcpu_release(struct inode
52274 +/* cannot be const */
52275 static struct file_operations kvm_vcpu_fops = {
52276 .release = kvm_vcpu_release,
52277 .unlocked_ioctl = kvm_vcpu_ioctl,
52278 @@ -2341,6 +2342,7 @@ static int kvm_vm_mmap(struct file *file
52282 +/* cannot be const */
52283 static struct file_operations kvm_vm_fops = {
52284 .release = kvm_vm_release,
52285 .unlocked_ioctl = kvm_vm_ioctl,
52286 @@ -2428,6 +2430,7 @@ out:
52290 +/* cannot be const */
52291 static struct file_operations kvm_chardev_ops = {
52292 .unlocked_ioctl = kvm_dev_ioctl,
52293 .compat_ioctl = kvm_dev_ioctl,
52294 @@ -2437,6 +2440,9 @@ static struct miscdevice kvm_dev = {
52303 static void hardware_enable(void *junk)
52304 @@ -2711,7 +2717,7 @@ static void kvm_sched_out(struct preempt
52305 kvm_arch_vcpu_put(vcpu);
52308 -int kvm_init(void *opaque, unsigned int vcpu_size,
52309 +int kvm_init(const void *opaque, unsigned int vcpu_size,
52310 struct module *module)