+diff -urNp linux-3.0.7/Documentation/dontdiff linux-3.0.7/Documentation/dontdiff
+--- linux-3.0.7/Documentation/dontdiff 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/Documentation/dontdiff 2011-10-07 19:07:23.000000000 -0400
+@@ -5,6 +5,7 @@
+ *.cis
+ *.cpio
+ *.csp
++*.dbg
+ *.dsp
+ *.dvi
+ *.elf
+@@ -48,9 +49,11 @@
+ *.tab.h
+ *.tex
+ *.ver
++*.vim
+ *.xml
+ *.xz
+ *_MODULES
++*_reg_safe.h
+ *_vga16.c
+ *~
+ \#*#
+@@ -70,6 +73,7 @@ Kerntypes
+ Module.markers
+ Module.symvers
+ PENDING
++PERF*
+ SCCS
+ System.map*
+ TAGS
+@@ -98,6 +102,8 @@ bzImage*
+ capability_names.h
+ capflags.c
+ classlist.h*
++clut_vga16.c
++common-cmds.h
+ comp*.log
+ compile.h*
+ conf
+@@ -126,12 +132,14 @@ fore200e_pca_fw.c*
+ gconf
+ gconf.glade.h
+ gen-devlist
++gen-kdb_cmds.c
+ gen_crc32table
+ gen_init_cpio
+ generated
+ genheaders
+ genksyms
+ *_gray256.c
++hash
+ hpet_example
+ hugepage-mmap
+ hugepage-shm
+@@ -146,7 +154,6 @@ int32.c
+ int4.c
+ int8.c
+ kallsyms
+-kconfig
+ keywords.c
+ ksym.c*
+ ksym.h*
+@@ -154,7 +161,6 @@ kxgettext
+ lkc_defs.h
+ lex.c
+ lex.*.c
+-linux
+ logo_*.c
+ logo_*_clut224.c
+ logo_*_mono.c
+@@ -166,7 +172,6 @@ machtypes.h
+ map
+ map_hugetlb
+ maui_boot.h
+-media
+ mconf
+ miboot*
+ mk_elfconfig
+@@ -174,6 +179,7 @@ mkboot
+ mkbugboot
+ mkcpustr
+ mkdep
++mkpiggy
+ mkprep
+ mkregtable
+ mktables
+@@ -209,6 +215,7 @@ r300_reg_safe.h
+ r420_reg_safe.h
+ r600_reg_safe.h
+ recordmcount
++regdb.c
+ relocs
+ rlim_names.h
+ rn50_reg_safe.h
+@@ -219,6 +226,7 @@ setup
+ setup.bin
+ setup.elf
+ sImage
++slabinfo
+ sm_tbl*
+ split-include
+ syscalltab.h
+@@ -246,7 +254,9 @@ vmlinux
+ vmlinux-*
+ vmlinux.aout
+ vmlinux.bin.all
++vmlinux.bin.bz2
+ vmlinux.lds
++vmlinux.relocs
+ vmlinuz
+ voffset.h
+ vsyscall.lds
+@@ -254,6 +264,7 @@ vsyscall_32.lds
+ wanxlfw.inc
+ uImage
+ unifdef
++utsrelease.h
+ wakeup.bin
+ wakeup.elf
+ wakeup.lds
+diff -urNp linux-3.0.7/Documentation/kernel-parameters.txt linux-3.0.7/Documentation/kernel-parameters.txt
+--- linux-3.0.7/Documentation/kernel-parameters.txt 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/Documentation/kernel-parameters.txt 2011-08-23 21:47:55.000000000 -0400
+@@ -1883,6 +1883,13 @@ bytes respectively. Such letter suffixes
+ the specified number of seconds. This is to be used if
+ your oopses keep scrolling off the screen.
+
++ pax_nouderef [X86] disables UDEREF. Most likely needed under certain
++ virtualization environments that don't cope well with the
++ expand down segment used by UDEREF on X86-32 or the frequent
++ page table updates on X86-64.
++
++ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
++
+ pcbit= [HW,ISDN]
+
+ pcd. [PARIDE]
+diff -urNp linux-3.0.7/Makefile linux-3.0.7/Makefile
+--- linux-3.0.7/Makefile 2011-10-17 23:17:08.000000000 -0400
++++ linux-3.0.7/Makefile 2011-10-17 23:17:19.000000000 -0400
+@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
+
+ HOSTCC = gcc
+ HOSTCXX = g++
+-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
+-HOSTCXXFLAGS = -O2
++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
++HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
++HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
+
+ # Decide whether to build built-in, modular, or both.
+ # Normally, just do built-in.
+@@ -365,10 +366,12 @@ LINUXINCLUDE := -I$(srctree)/arch/$(h
+ KBUILD_CPPFLAGS := -D__KERNEL__
+
+ KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
++ -W -Wno-unused-parameter -Wno-missing-field-initializers \
+ -fno-strict-aliasing -fno-common \
+ -Werror-implicit-function-declaration \
+ -Wno-format-security \
+ -fno-delete-null-pointer-checks
++KBUILD_CFLAGS += $(call cc-option, -Wno-empty-body)
+ KBUILD_AFLAGS_KERNEL :=
+ KBUILD_CFLAGS_KERNEL :=
+ KBUILD_AFLAGS := -D__ASSEMBLY__
+@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS
+ # Rules shared between *config targets and build targets
+
+ # Basic helpers built in scripts/
+-PHONY += scripts_basic
+-scripts_basic:
++PHONY += scripts_basic gcc-plugins
++scripts_basic: gcc-plugins
+ $(Q)$(MAKE) $(build)=scripts/basic
+ $(Q)rm -f .tmp_quiet_recordmcount
+
+@@ -564,6 +567,36 @@ else
+ KBUILD_CFLAGS += -O2
+ endif
+
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
++CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
++ifdef CONFIG_PAX_MEMORY_STACKLEAK
++STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
++endif
++ifdef CONFIG_KALLOCSTAT_PLUGIN
++KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
++endif
++ifdef CONFIG_PAX_KERNEXEC_PLUGIN
++KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
++endif
++ifdef CONFIG_CHECKER_PLUGIN
++ifeq ($(call cc-ifversion, -ge, 0406, y), y)
++CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
++endif
++endif
++GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
++gcc-plugins:
++ $(Q)$(MAKE) $(build)=tools/gcc
++else
++gcc-plugins:
++ifeq ($(call cc-ifversion, -ge, 0405, y), y)
++ $(error Your gcc installation does not support plugins. If the necessary headers for plugin support are missing, they should be installed. On Debian, apt-get install gcc-<ver>-plugin-dev.))
++else
++ $(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least"
++endif
++ $(Q)echo "PAX_MEMORY_STACKLEAK and constification will be less secure"
++endif
++
+ include $(srctree)/arch/$(SRCARCH)/Makefile
+
+ ifneq ($(CONFIG_FRAME_WARN),0)
+@@ -708,7 +741,7 @@ export mod_strip_cmd
+
+
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+
+ vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+@@ -932,6 +965,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
+
+ # The actual objects are generated when descending,
+ # make sure no implicit rule kicks in
++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS)
+ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+
+ # Handle descending into subdirectories listed in $(vmlinux-dirs)
+@@ -941,7 +975,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
+ # Error messages still appears in the original language
+
+ PHONY += $(vmlinux-dirs)
+-$(vmlinux-dirs): prepare scripts
++$(vmlinux-dirs): gcc-plugins prepare scripts
+ $(Q)$(MAKE) $(build)=$@
+
+ # Store (new) KERNELRELASE string in include/config/kernel.release
+@@ -986,6 +1020,7 @@ prepare0: archprepare FORCE
+ $(Q)$(MAKE) $(build)=. missing-syscalls
+
+ # All the preparing..
++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS))
+ prepare: prepare0
+
+ # Generate some files
+@@ -1087,6 +1122,7 @@ all: modules
+ # using awk while concatenating to the final file.
+
+ PHONY += modules
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
+ $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
+ @$(kecho) ' Building modules, stage 2.';
+@@ -1102,7 +1138,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
+
+ # Target to prepare building external modules
+ PHONY += modules_prepare
+-modules_prepare: prepare scripts
++modules_prepare: gcc-plugins prepare scripts
+
+ # Target to install modules
+ PHONY += modules_install
+@@ -1198,7 +1234,7 @@ distclean: mrproper
+ @find $(srctree) $(RCS_FIND_IGNORE) \
+ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
+ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
+- -o -name '.*.rej' -o -size 0 \
++ -o -name '.*.rej' -o -name '*.so' -o -size 0 \
+ -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
+ -type f -print | xargs rm -f
+
+@@ -1359,6 +1395,7 @@ PHONY += $(module-dirs) modules
+ $(module-dirs): crmodverdir $(objtree)/Module.symvers
+ $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
+
++modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
+ modules: $(module-dirs)
+ @$(kecho) ' Building modules, stage 2.';
+ $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
+@@ -1485,17 +1522,19 @@ else
+ target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
+ endif
+
+-%.s: %.c prepare scripts FORCE
++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.s: %.c gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.i: %.c prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.o: %.c prepare scripts FORCE
++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.o: %.c gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.lst: %.c prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.s: %.S prepare scripts FORCE
++%.s: %.S gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+-%.o: %.S prepare scripts FORCE
++%.o: %.S gcc-plugins prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ %.symtypes: %.c prepare scripts FORCE
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+@@ -1505,11 +1544,13 @@ endif
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%/: prepare scripts FORCE
++%/: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%/: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
+-%.ko: prepare scripts FORCE
++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS)
++%.ko: gcc-plugins prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir) $(@:.ko=.o)
diff -urNp linux-3.0.7/arch/alpha/include/asm/elf.h linux-3.0.7/arch/alpha/include/asm/elf.h
--- linux-3.0.7/arch/alpha/include/asm/elf.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/alpha/include/asm/elf.h 2011-08-23 21:47:55.000000000 -0400
{
return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
}
-diff -urNp linux-3.0.7/arch/powerpc/include/asm/page_64.h linux-3.0.7/arch/powerpc/include/asm/page_64.h
---- linux-3.0.7/arch/powerpc/include/asm/page_64.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/powerpc/include/asm/page_64.h 2011-08-23 21:47:55.000000000 -0400
-@@ -155,15 +155,18 @@ do { \
- * stack by default, so in the absence of a PT_GNU_STACK program header
- * we turn execute permission off.
- */
--#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
-- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-+#define VM_STACK_DEFAULT_FLAGS32 \
-+ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
-+ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-
- #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-
-+#ifndef CONFIG_PAX_PAGEEXEC
- #define VM_STACK_DEFAULT_FLAGS \
- (is_32bit_task() ? \
- VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
-+#endif
-
- #include <asm-generic/getorder.h>
-
diff -urNp linux-3.0.7/arch/powerpc/include/asm/page.h linux-3.0.7/arch/powerpc/include/asm/page.h
--- linux-3.0.7/arch/powerpc/include/asm/page.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/powerpc/include/asm/page.h 2011-08-23 21:47:55.000000000 -0400
#ifndef __ASSEMBLY__
#undef STRICT_MM_TYPECHECKS
+diff -urNp linux-3.0.7/arch/powerpc/include/asm/page_64.h linux-3.0.7/arch/powerpc/include/asm/page_64.h
+--- linux-3.0.7/arch/powerpc/include/asm/page_64.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/powerpc/include/asm/page_64.h 2011-08-23 21:47:55.000000000 -0400
+@@ -155,15 +155,18 @@ do { \
+ * stack by default, so in the absence of a PT_GNU_STACK program header
+ * we turn execute permission off.
+ */
+-#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
+- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
++#define VM_STACK_DEFAULT_FLAGS32 \
++ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
++ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+
+ #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
+ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+
++#ifndef CONFIG_PAX_PAGEEXEC
+ #define VM_STACK_DEFAULT_FLAGS \
+ (is_32bit_task() ? \
+ VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
++#endif
+
+ #include <asm-generic/getorder.h>
+
diff -urNp linux-3.0.7/arch/powerpc/include/asm/pgtable.h linux-3.0.7/arch/powerpc/include/asm/pgtable.h
--- linux-3.0.7/arch/powerpc/include/asm/pgtable.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/powerpc/include/asm/pgtable.h 2011-08-23 21:47:55.000000000 -0400
mr r5,r3
addi r3,r1,STACK_FRAME_OVERHEAD
lwz r4,_DAR(r1)
-diff -urNp linux-3.0.7/arch/powerpc/kernel/module_32.c linux-3.0.7/arch/powerpc/kernel/module_32.c
---- linux-3.0.7/arch/powerpc/kernel/module_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/powerpc/kernel/module_32.c 2011-08-23 21:47:55.000000000 -0400
-@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
- me->arch.core_plt_section = i;
- }
- if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
-- printk("Module doesn't contain .plt or .init.plt sections.\n");
-+ printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
- return -ENOEXEC;
- }
-
-@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
-
- DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
- /* Init, or core PLT? */
-- if (location >= mod->module_core
-- && location < mod->module_core + mod->core_size)
-+ if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
-+ (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
- entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
-- else
-+ else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
-+ (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
- entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
-+ else {
-+ printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
-+ return ~0UL;
-+ }
-
- /* Find this entry, or if that fails, the next avail. entry */
- while (entry->jump[0]) {
diff -urNp linux-3.0.7/arch/powerpc/kernel/module.c linux-3.0.7/arch/powerpc/kernel/module.c
--- linux-3.0.7/arch/powerpc/kernel/module.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/powerpc/kernel/module.c 2011-08-23 21:47:55.000000000 -0400
static const Elf_Shdr *find_section(const Elf_Ehdr *hdr,
const Elf_Shdr *sechdrs,
const char *name)
+diff -urNp linux-3.0.7/arch/powerpc/kernel/module_32.c linux-3.0.7/arch/powerpc/kernel/module_32.c
+--- linux-3.0.7/arch/powerpc/kernel/module_32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/powerpc/kernel/module_32.c 2011-08-23 21:47:55.000000000 -0400
+@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
+ me->arch.core_plt_section = i;
+ }
+ if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
+- printk("Module doesn't contain .plt or .init.plt sections.\n");
++ printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
+ return -ENOEXEC;
+ }
+
+@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
+
+ DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
+ /* Init, or core PLT? */
+- if (location >= mod->module_core
+- && location < mod->module_core + mod->core_size)
++ if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
++ (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
+ entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
+- else
++ else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
++ (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
+ entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
++ else {
++ printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
++ return ~0UL;
++ }
+
+ /* Find this entry, or if that fails, the next avail. entry */
+ while (entry->jump[0]) {
diff -urNp linux-3.0.7/arch/powerpc/kernel/process.c linux-3.0.7/arch/powerpc/kernel/process.c
--- linux-3.0.7/arch/powerpc/kernel/process.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/powerpc/kernel/process.c 2011-08-23 21:48:14.000000000 -0400
bottomup:
/*
+diff -urNp linux-3.0.7/arch/sparc/Makefile linux-3.0.7/arch/sparc/Makefile
+--- linux-3.0.7/arch/sparc/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/sparc/Makefile 2011-08-23 21:48:14.000000000 -0400
+@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
+ # Export what is needed by arch/sparc/boot/Makefile
+ export VMLINUX_INIT VMLINUX_MAIN
+ VMLINUX_INIT := $(head-y) $(init-y)
+-VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
+ VMLINUX_MAIN += $(drivers-y) $(net-y)
+
diff -urNp linux-3.0.7/arch/sparc/include/asm/atomic_64.h linux-3.0.7/arch/sparc/include/asm/atomic_64.h
--- linux-3.0.7/arch/sparc/include/asm/atomic_64.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/sparc/include/asm/atomic_64.h 2011-08-23 21:48:14.000000000 -0400
unsigned long fpregs[0] __attribute__ ((aligned(64)));
};
+diff -urNp linux-3.0.7/arch/sparc/include/asm/uaccess.h linux-3.0.7/arch/sparc/include/asm/uaccess.h
+--- linux-3.0.7/arch/sparc/include/asm/uaccess.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/sparc/include/asm/uaccess.h 2011-08-23 21:47:55.000000000 -0400
+@@ -1,5 +1,13 @@
+ #ifndef ___ASM_SPARC_UACCESS_H
+ #define ___ASM_SPARC_UACCESS_H
++
++#ifdef __KERNEL__
++#ifndef __ASSEMBLY__
++#include <linux/types.h>
++extern void check_object_size(const void *ptr, unsigned long n, bool to);
++#endif
++#endif
++
+ #if defined(__sparc__) && defined(__arch64__)
+ #include <asm/uaccess_64.h>
+ #else
diff -urNp linux-3.0.7/arch/sparc/include/asm/uaccess_32.h linux-3.0.7/arch/sparc/include/asm/uaccess_32.h
--- linux-3.0.7/arch/sparc/include/asm/uaccess_32.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/sparc/include/asm/uaccess_32.h 2011-08-23 21:47:55.000000000 -0400
if (unlikely(ret))
ret = copy_to_user_fixup(to, from, size);
return ret;
-diff -urNp linux-3.0.7/arch/sparc/include/asm/uaccess.h linux-3.0.7/arch/sparc/include/asm/uaccess.h
---- linux-3.0.7/arch/sparc/include/asm/uaccess.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/sparc/include/asm/uaccess.h 2011-08-23 21:47:55.000000000 -0400
-@@ -1,5 +1,13 @@
- #ifndef ___ASM_SPARC_UACCESS_H
- #define ___ASM_SPARC_UACCESS_H
-+
-+#ifdef __KERNEL__
-+#ifndef __ASSEMBLY__
-+#include <linux/types.h>
-+extern void check_object_size(const void *ptr, unsigned long n, bool to);
-+#endif
-+#endif
-+
- #if defined(__sparc__) && defined(__arch64__)
- #include <asm/uaccess_64.h>
- #else
diff -urNp linux-3.0.7/arch/sparc/kernel/Makefile linux-3.0.7/arch/sparc/kernel/Makefile
--- linux-3.0.7/arch/sparc/kernel/Makefile 2011-10-16 21:54:53.000000000 -0400
+++ linux-3.0.7/arch/sparc/kernel/Makefile 2011-10-16 21:55:27.000000000 -0400
regs->tpc, (void *) regs->tpc);
}
}
+diff -urNp linux-3.0.7/arch/sparc/lib/Makefile linux-3.0.7/arch/sparc/lib/Makefile
+--- linux-3.0.7/arch/sparc/lib/Makefile 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.7/arch/sparc/lib/Makefile 2011-08-23 21:47:55.000000000 -0400
+@@ -2,7 +2,7 @@
+ #
+
+ asflags-y := -ansi -DST_DIV0=0x02
+-ccflags-y := -Werror
++#ccflags-y := -Werror
+
+ lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o
+ lib-$(CONFIG_SPARC32) += memcpy.o memset.o
diff -urNp linux-3.0.7/arch/sparc/lib/atomic_64.S linux-3.0.7/arch/sparc/lib/atomic_64.S
--- linux-3.0.7/arch/sparc/lib/atomic_64.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/sparc/lib/atomic_64.S 2011-08-23 21:47:55.000000000 -0400
EXPORT_SYMBOL(atomic64_sub_ret);
/* Atomic bit operations. */
-diff -urNp linux-3.0.7/arch/sparc/lib/Makefile linux-3.0.7/arch/sparc/lib/Makefile
---- linux-3.0.7/arch/sparc/lib/Makefile 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.7/arch/sparc/lib/Makefile 2011-08-23 21:47:55.000000000 -0400
+diff -urNp linux-3.0.7/arch/sparc/mm/Makefile linux-3.0.7/arch/sparc/mm/Makefile
+--- linux-3.0.7/arch/sparc/mm/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/sparc/mm/Makefile 2011-08-23 21:47:55.000000000 -0400
@@ -2,7 +2,7 @@
#
- asflags-y := -ansi -DST_DIV0=0x02
+ asflags-y := -ansi
-ccflags-y := -Werror
+#ccflags-y := -Werror
- lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o
- lib-$(CONFIG_SPARC32) += memcpy.o memset.o
-diff -urNp linux-3.0.7/arch/sparc/Makefile linux-3.0.7/arch/sparc/Makefile
---- linux-3.0.7/arch/sparc/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/sparc/Makefile 2011-08-23 21:48:14.000000000 -0400
-@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
- # Export what is needed by arch/sparc/boot/Makefile
- export VMLINUX_INIT VMLINUX_MAIN
- VMLINUX_INIT := $(head-y) $(init-y)
--VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
- VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
- VMLINUX_MAIN += $(drivers-y) $(net-y)
-
+ obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o
+ obj-y += fault_$(BITS).o
diff -urNp linux-3.0.7/arch/sparc/mm/fault_32.c linux-3.0.7/arch/sparc/mm/fault_32.c
--- linux-3.0.7/arch/sparc/mm/fault_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/sparc/mm/fault_32.c 2011-08-23 21:47:55.000000000 -0400
protection_map[12] = PAGE_READONLY;
protection_map[13] = PAGE_READONLY;
protection_map[14] = PAGE_SHARED;
-diff -urNp linux-3.0.7/arch/sparc/mm/Makefile linux-3.0.7/arch/sparc/mm/Makefile
---- linux-3.0.7/arch/sparc/mm/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/sparc/mm/Makefile 2011-08-23 21:47:55.000000000 -0400
-@@ -2,7 +2,7 @@
- #
-
- asflags-y := -ansi
--ccflags-y := -Werror
-+#ccflags-y := -Werror
-
- obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o
- obj-y += fault_$(BITS).o
diff -urNp linux-3.0.7/arch/sparc/mm/srmmu.c linux-3.0.7/arch/sparc/mm/srmmu.c
--- linux-3.0.7/arch/sparc/mm/srmmu.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/sparc/mm/srmmu.c 2011-08-23 21:47:55.000000000 -0400
/*
* The prototype on i386 is:
*
+diff -urNp linux-3.0.7/arch/x86/Kconfig linux-3.0.7/arch/x86/Kconfig
+--- linux-3.0.7/arch/x86/Kconfig 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/Kconfig 2011-09-17 00:58:36.000000000 -0400
+@@ -229,7 +229,7 @@ config X86_HT
+
+ config X86_32_LAZY_GS
+ def_bool y
+- depends on X86_32 && !CC_STACKPROTECTOR
++ depends on X86_32 && !CC_STACKPROTECTOR && !PAX_MEMORY_UDEREF
+
+ config ARCH_HWEIGHT_CFLAGS
+ string
+@@ -1018,7 +1018,7 @@ choice
+
+ config NOHIGHMEM
+ bool "off"
+- depends on !X86_NUMAQ
++ depends on !X86_NUMAQ && !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
+ ---help---
+ Linux can use up to 64 Gigabytes of physical memory on x86 systems.
+ However, the address space of 32-bit x86 processors is only 4
+@@ -1055,7 +1055,7 @@ config NOHIGHMEM
+
+ config HIGHMEM4G
+ bool "4GB"
+- depends on !X86_NUMAQ
++ depends on !X86_NUMAQ && !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
+ ---help---
+ Select this if you have a 32-bit processor and between 1 and 4
+ gigabytes of physical RAM.
+@@ -1109,7 +1109,7 @@ config PAGE_OFFSET
+ hex
+ default 0xB0000000 if VMSPLIT_3G_OPT
+ default 0x80000000 if VMSPLIT_2G
+- default 0x78000000 if VMSPLIT_2G_OPT
++ default 0x70000000 if VMSPLIT_2G_OPT
+ default 0x40000000 if VMSPLIT_1G
+ default 0xC0000000
+ depends on X86_32
+@@ -1483,6 +1483,7 @@ config SECCOMP
+
+ config CC_STACKPROTECTOR
+ bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
++ depends on X86_64 || !PAX_MEMORY_UDEREF
+ ---help---
+ This option turns on the -fstack-protector GCC feature. This
+ feature puts, at the beginning of functions, a canary value on
+@@ -1540,6 +1541,7 @@ config KEXEC_JUMP
+ config PHYSICAL_START
+ hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
+ default "0x1000000"
++ range 0x400000 0x40000000
+ ---help---
+ This gives the physical address where the kernel is loaded.
+
+@@ -1603,6 +1605,7 @@ config X86_NEED_RELOCS
+ config PHYSICAL_ALIGN
+ hex "Alignment value to which kernel should be aligned" if X86_32
+ default "0x1000000"
++ range 0x400000 0x1000000 if PAX_KERNEXEC
+ range 0x2000 0x1000000
+ ---help---
+ This value puts the alignment restrictions on physical address
+@@ -1634,9 +1637,10 @@ config HOTPLUG_CPU
+ Say N if you want to disable CPU hotplug.
+
+ config COMPAT_VDSO
+- def_bool y
++ def_bool n
+ prompt "Compat VDSO support"
+ depends on X86_32 || IA32_EMULATION
++ depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
+ ---help---
+ Map the 32-bit VDSO to the predictable old-style address too.
+
+diff -urNp linux-3.0.7/arch/x86/Kconfig.cpu linux-3.0.7/arch/x86/Kconfig.cpu
+--- linux-3.0.7/arch/x86/Kconfig.cpu 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/Kconfig.cpu 2011-08-23 21:47:55.000000000 -0400
+@@ -338,7 +338,7 @@ config X86_PPRO_FENCE
+
+ config X86_F00F_BUG
+ def_bool y
+- depends on M586MMX || M586TSC || M586 || M486 || M386
++ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
+
+ config X86_INVD_BUG
+ def_bool y
+@@ -362,7 +362,7 @@ config X86_POPAD_OK
+
+ config X86_ALIGNMENT_16
+ def_bool y
+- depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || MELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
++ depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
+
+ config X86_INTEL_USERCOPY
+ def_bool y
+@@ -408,7 +408,7 @@ config X86_CMPXCHG64
+ # generates cmov.
+ config X86_CMOV
+ def_bool y
+- depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
++ depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
+
+ config X86_MINIMUM_CPU_FAMILY
+ int
+diff -urNp linux-3.0.7/arch/x86/Kconfig.debug linux-3.0.7/arch/x86/Kconfig.debug
+--- linux-3.0.7/arch/x86/Kconfig.debug 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/Kconfig.debug 2011-08-23 21:47:55.000000000 -0400
+@@ -81,7 +81,7 @@ config X86_PTDUMP
+ config DEBUG_RODATA
+ bool "Write protect kernel read-only data structures"
+ default y
+- depends on DEBUG_KERNEL
++ depends on DEBUG_KERNEL && BROKEN
+ ---help---
+ Mark the kernel read-only data as write-protected in the pagetables,
+ in order to catch accidental (and incorrect) writes to such const
+@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST
+
+ config DEBUG_SET_MODULE_RONX
+ bool "Set loadable kernel module data as NX and text as RO"
+- depends on MODULES
++ depends on MODULES && BROKEN
+ ---help---
+ This option helps catch unintended modifications to loadable
+ kernel module's text and read-only data. It also prevents execution
+diff -urNp linux-3.0.7/arch/x86/Makefile linux-3.0.7/arch/x86/Makefile
+--- linux-3.0.7/arch/x86/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/Makefile 2011-08-23 21:48:14.000000000 -0400
+@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y)
+ else
+ BITS := 64
+ UTS_MACHINE := x86_64
++ biarch := $(call cc-option,-m64)
+ CHECKFLAGS += -D__x86_64__ -m64
+
+ KBUILD_AFLAGS += -m64
+@@ -195,3 +196,12 @@ define archhelp
+ echo ' FDARGS="..." arguments for the booted kernel'
+ echo ' FDINITRD=file initrd for the booted kernel'
+ endef
++
++define OLD_LD
++
++*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
++*** Please upgrade your binutils to 2.18 or newer
++endef
++
++archprepare:
++ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
+diff -urNp linux-3.0.7/arch/x86/boot/Makefile linux-3.0.7/arch/x86/boot/Makefile
+--- linux-3.0.7/arch/x86/boot/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/boot/Makefile 2011-08-23 21:47:55.000000000 -0400
+@@ -69,6 +69,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os
+ $(call cc-option, -fno-stack-protector) \
+ $(call cc-option, -mpreferred-stack-boundary=2)
+ KBUILD_CFLAGS += $(call cc-option, -m32)
++ifdef CONSTIFY_PLUGIN
++KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify
++endif
+ KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
+ GCOV_PROFILE := n
+
diff -urNp linux-3.0.7/arch/x86/boot/bitops.h linux-3.0.7/arch/x86/boot/bitops.h
--- linux-3.0.7/arch/x86/boot/bitops.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/boot/bitops.h 2011-08-23 21:47:55.000000000 -0400
: "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
return diff;
}
+diff -urNp linux-3.0.7/arch/x86/boot/compressed/Makefile linux-3.0.7/arch/x86/boot/compressed/Makefile
+--- linux-3.0.7/arch/x86/boot/compressed/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/boot/compressed/Makefile 2011-08-23 21:47:55.000000000 -0400
+@@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=smal
+ KBUILD_CFLAGS += $(cflags-y)
+ KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
+ KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
++ifdef CONSTIFY_PLUGIN
++KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify
++endif
+
+ KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
+ GCOV_PROFILE := n
diff -urNp linux-3.0.7/arch/x86/boot/compressed/head_32.S linux-3.0.7/arch/x86/boot/compressed/head_32.S
--- linux-3.0.7/arch/x86/boot/compressed/head_32.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/boot/compressed/head_32.S 2011-08-23 21:47:55.000000000 -0400
#endif
/* Target address to relocate to for decompression */
-diff -urNp linux-3.0.7/arch/x86/boot/compressed/Makefile linux-3.0.7/arch/x86/boot/compressed/Makefile
---- linux-3.0.7/arch/x86/boot/compressed/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/boot/compressed/Makefile 2011-08-23 21:47:55.000000000 -0400
-@@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=smal
- KBUILD_CFLAGS += $(cflags-y)
- KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
- KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
-+ifdef CONSTIFY_PLUGIN
-+KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify
-+endif
-
- KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
- GCOV_PROFILE := n
diff -urNp linux-3.0.7/arch/x86/boot/compressed/misc.c linux-3.0.7/arch/x86/boot/compressed/misc.c
--- linux-3.0.7/arch/x86/boot/compressed/misc.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/boot/compressed/misc.c 2011-08-23 21:47:55.000000000 -0400
#define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
#define VO_INIT_SIZE (VO__end - VO__text)
-diff -urNp linux-3.0.7/arch/x86/boot/Makefile linux-3.0.7/arch/x86/boot/Makefile
---- linux-3.0.7/arch/x86/boot/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/boot/Makefile 2011-08-23 21:47:55.000000000 -0400
-@@ -69,6 +69,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os
- $(call cc-option, -fno-stack-protector) \
- $(call cc-option, -mpreferred-stack-boundary=2)
- KBUILD_CFLAGS += $(call cc-option, -m32)
-+ifdef CONSTIFY_PLUGIN
-+KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify
-+endif
- KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
- GCOV_PROFILE := n
-
diff -urNp linux-3.0.7/arch/x86/boot/memory.c linux-3.0.7/arch/x86/boot/memory.c
--- linux-3.0.7/arch/x86/boot/memory.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/boot/memory.c 2011-08-23 21:47:55.000000000 -0400
struct biosregs ireg, oreg;
struct e820entry *desc = boot_params.e820_map;
static struct e820entry buf; /* static so it is zeroed */
+diff -urNp linux-3.0.7/arch/x86/boot/video-vesa.c linux-3.0.7/arch/x86/boot/video-vesa.c
+--- linux-3.0.7/arch/x86/boot/video-vesa.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/boot/video-vesa.c 2011-08-23 21:47:55.000000000 -0400
+@@ -200,6 +200,7 @@ static void vesa_store_pm_info(void)
+
+ boot_params.screen_info.vesapm_seg = oreg.es;
+ boot_params.screen_info.vesapm_off = oreg.di;
++ boot_params.screen_info.vesapm_size = oreg.cx;
+ }
+
+ /*
diff -urNp linux-3.0.7/arch/x86/boot/video.c linux-3.0.7/arch/x86/boot/video.c
--- linux-3.0.7/arch/x86/boot/video.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/boot/video.c 2011-08-23 21:47:55.000000000 -0400
int key;
unsigned int v;
-diff -urNp linux-3.0.7/arch/x86/boot/video-vesa.c linux-3.0.7/arch/x86/boot/video-vesa.c
---- linux-3.0.7/arch/x86/boot/video-vesa.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/boot/video-vesa.c 2011-08-23 21:47:55.000000000 -0400
-@@ -200,6 +200,7 @@ static void vesa_store_pm_info(void)
-
- boot_params.screen_info.vesapm_seg = oreg.es;
- boot_params.screen_info.vesapm_off = oreg.di;
-+ boot_params.screen_info.vesapm_size = oreg.cx;
- }
-
- /*
diff -urNp linux-3.0.7/arch/x86/crypto/aes-x86_64-asm_64.S linux-3.0.7/arch/x86/crypto/aes-x86_64-asm_64.S
--- linux-3.0.7/arch/x86/crypto/aes-x86_64-asm_64.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/crypto/aes-x86_64-asm_64.S 2011-10-06 04:17:55.000000000 -0400
fs = get_fs();
set_fs(KERNEL_DS);
has_dumped = 1;
+diff -urNp linux-3.0.7/arch/x86/ia32/ia32_signal.c linux-3.0.7/arch/x86/ia32/ia32_signal.c
+--- linux-3.0.7/arch/x86/ia32/ia32_signal.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/ia32/ia32_signal.c 2011-10-06 04:17:55.000000000 -0400
+@@ -167,7 +167,7 @@ asmlinkage long sys32_sigaltstack(const
+ }
+ seg = get_fs();
+ set_fs(KERNEL_DS);
+- ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss, regs->sp);
++ ret = do_sigaltstack(uss_ptr ? (const stack_t __force_user *)&uss : NULL, (stack_t __force_user *)&uoss, regs->sp);
+ set_fs(seg);
+ if (ret >= 0 && uoss_ptr) {
+ if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t)))
+@@ -374,7 +374,7 @@ static int ia32_setup_sigcontext(struct
+ */
+ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
+ size_t frame_size,
+- void **fpstate)
++ void __user **fpstate)
+ {
+ unsigned long sp;
+
+@@ -395,7 +395,7 @@ static void __user *get_sigframe(struct
+
+ if (used_math()) {
+ sp = sp - sig_xstate_ia32_size;
+- *fpstate = (struct _fpstate_ia32 *) sp;
++ *fpstate = (struct _fpstate_ia32 __user *) sp;
+ if (save_i387_xstate_ia32(*fpstate) < 0)
+ return (void __user *) -1L;
+ }
+@@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
+ sp -= frame_size;
+ /* Align the stack pointer according to the i386 ABI,
+ * i.e. so that on function entry ((sp + 4) & 15) == 0. */
+- sp = ((sp + 4) & -16ul) - 4;
++ sp = ((sp - 12) & -16ul) - 4;
+ return (void __user *) sp;
+ }
+
+@@ -461,7 +461,7 @@ int ia32_setup_frame(int sig, struct k_s
+ * These are actually not used anymore, but left because some
+ * gdb versions depend on them as a marker.
+ */
+- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
++ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
+ } put_user_catch(err);
+
+ if (err)
+@@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct
+ 0xb8,
+ __NR_ia32_rt_sigreturn,
+ 0x80cd,
+- 0,
++ 0
+ };
+
+ frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
+@@ -533,16 +533,18 @@ int ia32_setup_rt_frame(int sig, struct
+
+ if (ka->sa.sa_flags & SA_RESTORER)
+ restorer = ka->sa.sa_restorer;
++ else if (current->mm->context.vdso)
++ /* Return stub is in 32bit vsyscall page */
++ restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
+ else
+- restorer = VDSO32_SYMBOL(current->mm->context.vdso,
+- rt_sigreturn);
++ restorer = &frame->retcode;
+ put_user_ex(ptr_to_compat(restorer), &frame->pretcode);
+
+ /*
+ * Not actually used anymore, but left because some gdb
+ * versions need it.
+ */
+- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
++ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
+ } put_user_catch(err);
+
+ if (err)
diff -urNp linux-3.0.7/arch/x86/ia32/ia32entry.S linux-3.0.7/arch/x86/ia32/ia32entry.S
--- linux-3.0.7/arch/x86/ia32/ia32entry.S 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/ia32/ia32entry.S 2011-10-11 10:44:33.000000000 -0400
ret
CFI_ENDPROC
-diff -urNp linux-3.0.7/arch/x86/ia32/ia32_signal.c linux-3.0.7/arch/x86/ia32/ia32_signal.c
---- linux-3.0.7/arch/x86/ia32/ia32_signal.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/ia32/ia32_signal.c 2011-10-06 04:17:55.000000000 -0400
-@@ -167,7 +167,7 @@ asmlinkage long sys32_sigaltstack(const
- }
- seg = get_fs();
- set_fs(KERNEL_DS);
-- ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss, regs->sp);
-+ ret = do_sigaltstack(uss_ptr ? (const stack_t __force_user *)&uss : NULL, (stack_t __force_user *)&uoss, regs->sp);
- set_fs(seg);
- if (ret >= 0 && uoss_ptr) {
- if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t)))
-@@ -374,7 +374,7 @@ static int ia32_setup_sigcontext(struct
- */
- static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
- size_t frame_size,
-- void **fpstate)
-+ void __user **fpstate)
- {
- unsigned long sp;
-
-@@ -395,7 +395,7 @@ static void __user *get_sigframe(struct
-
- if (used_math()) {
- sp = sp - sig_xstate_ia32_size;
-- *fpstate = (struct _fpstate_ia32 *) sp;
-+ *fpstate = (struct _fpstate_ia32 __user *) sp;
- if (save_i387_xstate_ia32(*fpstate) < 0)
- return (void __user *) -1L;
- }
-@@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
- sp -= frame_size;
- /* Align the stack pointer according to the i386 ABI,
- * i.e. so that on function entry ((sp + 4) & 15) == 0. */
-- sp = ((sp + 4) & -16ul) - 4;
-+ sp = ((sp - 12) & -16ul) - 4;
- return (void __user *) sp;
- }
-
-@@ -461,7 +461,7 @@ int ia32_setup_frame(int sig, struct k_s
- * These are actually not used anymore, but left because some
- * gdb versions depend on them as a marker.
- */
-- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
-+ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
- } put_user_catch(err);
-
- if (err)
-@@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct
- 0xb8,
- __NR_ia32_rt_sigreturn,
- 0x80cd,
-- 0,
-+ 0
- };
-
- frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
-@@ -533,16 +533,18 @@ int ia32_setup_rt_frame(int sig, struct
-
- if (ka->sa.sa_flags & SA_RESTORER)
- restorer = ka->sa.sa_restorer;
-+ else if (current->mm->context.vdso)
-+ /* Return stub is in 32bit vsyscall page */
-+ restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
- else
-- restorer = VDSO32_SYMBOL(current->mm->context.vdso,
-- rt_sigreturn);
-+ restorer = &frame->retcode;
- put_user_ex(ptr_to_compat(restorer), &frame->pretcode);
-
- /*
- * Not actually used anymore, but left because some gdb
- * versions need it.
- */
-- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
-+ put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
- } put_user_catch(err);
-
- if (err)
diff -urNp linux-3.0.7/arch/x86/ia32/sys_ia32.c linux-3.0.7/arch/x86/ia32/sys_ia32.c
--- linux-3.0.7/arch/x86/ia32/sys_ia32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/ia32/sys_ia32.c 2011-10-06 04:17:55.000000000 -0400
"setc %%bl\n\t"
"popl %%ebp\n\t"
"popl %%edi\n\t"
-diff -urNp linux-3.0.7/arch/x86/include/asm/atomic64_32.h linux-3.0.7/arch/x86/include/asm/atomic64_32.h
---- linux-3.0.7/arch/x86/include/asm/atomic64_32.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/atomic64_32.h 2011-08-23 21:47:55.000000000 -0400
-@@ -12,6 +12,14 @@ typedef struct {
- u64 __aligned(8) counter;
- } atomic64_t;
-
-+#ifdef CONFIG_PAX_REFCOUNT
-+typedef struct {
-+ u64 __aligned(8) counter;
-+} atomic64_unchecked_t;
-+#else
-+typedef atomic64_t atomic64_unchecked_t;
-+#endif
-+
- #define ATOMIC64_INIT(val) { (val) }
-
- #ifdef CONFIG_X86_CMPXCHG64
-@@ -38,6 +46,21 @@ static inline long long atomic64_cmpxchg
- }
-
- /**
-+ * atomic64_cmpxchg_unchecked - cmpxchg atomic64 variable
-+ * @p: pointer to type atomic64_unchecked_t
-+ * @o: expected value
-+ * @n: new value
-+ *
-+ * Atomically sets @v to @n if it was equal to @o and returns
-+ * the old value.
-+ */
-+
-+static inline long long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long long o, long long n)
-+{
-+ return cmpxchg64(&v->counter, o, n);
-+}
-+
-+/**
- * atomic64_xchg - xchg atomic64 variable
- * @v: pointer to type atomic64_t
- * @n: value to assign
-@@ -77,6 +100,24 @@ static inline void atomic64_set(atomic64
- }
-
- /**
-+ * atomic64_set_unchecked - set atomic64 variable
-+ * @v: pointer to type atomic64_unchecked_t
-+ * @n: value to assign
-+ *
-+ * Atomically sets the value of @v to @n.
-+ */
-+static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long long i)
-+{
-+ unsigned high = (unsigned)(i >> 32);
-+ unsigned low = (unsigned)i;
-+ asm volatile(ATOMIC64_ALTERNATIVE(set)
-+ : "+b" (low), "+c" (high)
-+ : "S" (v)
-+ : "eax", "edx", "memory"
-+ );
-+}
-+
-+/**
- * atomic64_read - read atomic64 variable
- * @v: pointer to type atomic64_t
- *
-@@ -93,6 +134,22 @@ static inline long long atomic64_read(at
- }
-
- /**
-+ * atomic64_read_unchecked - read atomic64 variable
-+ * @v: pointer to type atomic64_unchecked_t
-+ *
-+ * Atomically reads the value of @v and returns it.
-+ */
-+static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v)
-+{
-+ long long r;
-+ asm volatile(ATOMIC64_ALTERNATIVE(read_unchecked)
-+ : "=A" (r), "+c" (v)
-+ : : "memory"
-+ );
-+ return r;
-+ }
-+
-+/**
- * atomic64_add_return - add and return
- * @i: integer value to add
- * @v: pointer to type atomic64_t
-@@ -108,6 +165,22 @@ static inline long long atomic64_add_ret
- return i;
- }
-
-+/**
-+ * atomic64_add_return_unchecked - add and return
-+ * @i: integer value to add
-+ * @v: pointer to type atomic64_unchecked_t
-+ *
-+ * Atomically adds @i to @v and returns @i + *@v
-+ */
-+static inline long long atomic64_add_return_unchecked(long long i, atomic64_unchecked_t *v)
-+{
-+ asm volatile(ATOMIC64_ALTERNATIVE(add_return_unchecked)
-+ : "+A" (i), "+c" (v)
-+ : : "memory"
-+ );
-+ return i;
-+}
-+
- /*
- * Other variants with different arithmetic operators:
- */
-@@ -131,6 +204,17 @@ static inline long long atomic64_inc_ret
- return a;
- }
-
-+static inline long long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
-+{
-+ long long a;
-+ asm volatile(ATOMIC64_ALTERNATIVE(inc_return_unchecked)
-+ : "=A" (a)
-+ : "S" (v)
-+ : "memory", "ecx"
-+ );
-+ return a;
-+}
-+
- static inline long long atomic64_dec_return(atomic64_t *v)
- {
- long long a;
-@@ -159,6 +243,22 @@ static inline long long atomic64_add(lon
- }
-
- /**
-+ * atomic64_add_unchecked - add integer to atomic64 variable
-+ * @i: integer value to add
-+ * @v: pointer to type atomic64_unchecked_t
-+ *
-+ * Atomically adds @i to @v.
-+ */
-+static inline long long atomic64_add_unchecked(long long i, atomic64_unchecked_t *v)
-+{
-+ asm volatile(ATOMIC64_ALTERNATIVE_(add_unchecked, add_return_unchecked)
-+ : "+A" (i), "+c" (v)
-+ : : "memory"
-+ );
-+ return i;
-+}
-+
-+/**
- * atomic64_sub - subtract the atomic64 variable
- * @i: integer value to subtract
- * @v: pointer to type atomic64_t
-diff -urNp linux-3.0.7/arch/x86/include/asm/atomic64_64.h linux-3.0.7/arch/x86/include/asm/atomic64_64.h
---- linux-3.0.7/arch/x86/include/asm/atomic64_64.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/atomic64_64.h 2011-08-23 21:47:55.000000000 -0400
-@@ -18,7 +18,19 @@
+diff -urNp linux-3.0.7/arch/x86/include/asm/atomic.h linux-3.0.7/arch/x86/include/asm/atomic.h
+--- linux-3.0.7/arch/x86/include/asm/atomic.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/atomic.h 2011-08-23 21:47:55.000000000 -0400
+@@ -22,7 +22,18 @@
*/
- static inline long atomic64_read(const atomic64_t *v)
+ static inline int atomic_read(const atomic_t *v)
{
-- return (*(volatile long *)&(v)->counter);
-+ return (*(volatile const long *)&(v)->counter);
+- return (*(volatile int *)&(v)->counter);
++ return (*(volatile const int *)&(v)->counter);
+}
+
+/**
-+ * atomic64_read_unchecked - read atomic64 variable
-+ * @v: pointer of type atomic64_unchecked_t
++ * atomic_read_unchecked - read atomic variable
++ * @v: pointer of type atomic_unchecked_t
+ *
+ * Atomically reads the value of @v.
-+ * Doesn't imply a read memory barrier.
+ */
-+static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
++static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
+{
-+ return (*(volatile const long *)&(v)->counter);
++ return (*(volatile const int *)&(v)->counter);
}
/**
-@@ -34,6 +46,18 @@ static inline void atomic64_set(atomic64
+@@ -38,6 +49,18 @@ static inline void atomic_set(atomic_t *
}
/**
-+ * atomic64_set_unchecked - set atomic64 variable
-+ * @v: pointer to type atomic64_unchecked_t
++ * atomic_set_unchecked - set atomic variable
++ * @v: pointer of type atomic_unchecked_t
+ * @i: required value
+ *
+ * Atomically sets the value of @v to @i.
+ */
-+static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
++static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
+{
+ v->counter = i;
+}
+
+/**
- * atomic64_add - add integer to atomic64 variable
+ * atomic_add - add integer to atomic variable
* @i: integer value to add
- * @v: pointer to type atomic64_t
-@@ -42,6 +66,28 @@ static inline void atomic64_set(atomic64
+ * @v: pointer of type atomic_t
+@@ -46,7 +69,29 @@ static inline void atomic_set(atomic_t *
*/
- static inline void atomic64_add(long i, atomic64_t *v)
+ static inline void atomic_add(int i, atomic_t *v)
{
-+ asm volatile(LOCK_PREFIX "addq %1,%0\n"
+- asm volatile(LOCK_PREFIX "addl %1,%0"
++ asm volatile(LOCK_PREFIX "addl %1,%0\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+ "jno 0f\n"
-+ LOCK_PREFIX "subq %1,%0\n"
++ LOCK_PREFIX "subl %1,%0\n"
+ "int $4\n0:\n"
+ _ASM_EXTABLE(0b, 0b)
+#endif
+
-+ : "=m" (v->counter)
-+ : "er" (i), "m" (v->counter));
++ : "+m" (v->counter)
++ : "ir" (i));
+}
+
+/**
-+ * atomic64_add_unchecked - add integer to atomic64 variable
++ * atomic_add_unchecked - add integer to atomic variable
+ * @i: integer value to add
-+ * @v: pointer to type atomic64_unchecked_t
++ * @v: pointer of type atomic_unchecked_t
+ *
+ * Atomically adds @i to @v.
+ */
-+static inline void atomic64_add_unchecked(long i, atomic64_unchecked_t *v)
++static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
+{
- asm volatile(LOCK_PREFIX "addq %1,%0"
- : "=m" (v->counter)
- : "er" (i), "m" (v->counter));
-@@ -56,7 +102,29 @@ static inline void atomic64_add(long i,
++ asm volatile(LOCK_PREFIX "addl %1,%0\n"
+ : "+m" (v->counter)
+ : "ir" (i));
+ }
+@@ -60,7 +105,29 @@ static inline void atomic_add(int i, ato
*/
- static inline void atomic64_sub(long i, atomic64_t *v)
+ static inline void atomic_sub(int i, atomic_t *v)
{
-- asm volatile(LOCK_PREFIX "subq %1,%0"
-+ asm volatile(LOCK_PREFIX "subq %1,%0\n"
+- asm volatile(LOCK_PREFIX "subl %1,%0"
++ asm volatile(LOCK_PREFIX "subl %1,%0\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+ "jno 0f\n"
-+ LOCK_PREFIX "addq %1,%0\n"
++ LOCK_PREFIX "addl %1,%0\n"
+ "int $4\n0:\n"
+ _ASM_EXTABLE(0b, 0b)
+#endif
+
-+ : "=m" (v->counter)
-+ : "er" (i), "m" (v->counter));
++ : "+m" (v->counter)
++ : "ir" (i));
+}
+
+/**
-+ * atomic64_sub_unchecked - subtract the atomic64 variable
++ * atomic_sub_unchecked - subtract integer from atomic variable
+ * @i: integer value to subtract
-+ * @v: pointer to type atomic64_unchecked_t
++ * @v: pointer of type atomic_unchecked_t
+ *
+ * Atomically subtracts @i from @v.
+ */
-+static inline void atomic64_sub_unchecked(long i, atomic64_unchecked_t *v)
++static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
+{
-+ asm volatile(LOCK_PREFIX "subq %1,%0\n"
- : "=m" (v->counter)
- : "er" (i), "m" (v->counter));
++ asm volatile(LOCK_PREFIX "subl %1,%0\n"
+ : "+m" (v->counter)
+ : "ir" (i));
}
-@@ -74,7 +142,16 @@ static inline int atomic64_sub_and_test(
+@@ -78,7 +145,16 @@ static inline int atomic_sub_and_test(in
{
unsigned char c;
-- asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
-+ asm volatile(LOCK_PREFIX "subq %2,%0\n"
+- asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
++ asm volatile(LOCK_PREFIX "subl %2,%0\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+ "jno 0f\n"
-+ LOCK_PREFIX "addq %2,%0\n"
++ LOCK_PREFIX "addl %2,%0\n"
+ "int $4\n0:\n"
+ _ASM_EXTABLE(0b, 0b)
+#endif
+
+ "sete %1\n"
- : "=m" (v->counter), "=qm" (c)
- : "er" (i), "m" (v->counter) : "memory");
+ : "+m" (v->counter), "=qm" (c)
+ : "ir" (i) : "memory");
return c;
-@@ -88,6 +165,27 @@ static inline int atomic64_sub_and_test(
+@@ -92,7 +168,27 @@ static inline int atomic_sub_and_test(in
*/
- static inline void atomic64_inc(atomic64_t *v)
+ static inline void atomic_inc(atomic_t *v)
{
-+ asm volatile(LOCK_PREFIX "incq %0\n"
+- asm volatile(LOCK_PREFIX "incl %0"
++ asm volatile(LOCK_PREFIX "incl %0\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+ "jno 0f\n"
-+ LOCK_PREFIX "decq %0\n"
++ LOCK_PREFIX "decl %0\n"
+ "int $4\n0:\n"
+ _ASM_EXTABLE(0b, 0b)
+#endif
+
-+ : "=m" (v->counter)
-+ : "m" (v->counter));
++ : "+m" (v->counter));
+}
+
+/**
-+ * atomic64_inc_unchecked - increment atomic64 variable
-+ * @v: pointer to type atomic64_unchecked_t
++ * atomic_inc_unchecked - increment atomic variable
++ * @v: pointer of type atomic_unchecked_t
+ *
+ * Atomically increments @v by 1.
+ */
-+static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
++static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
+{
- asm volatile(LOCK_PREFIX "incq %0"
- : "=m" (v->counter)
- : "m" (v->counter));
-@@ -101,7 +199,28 @@ static inline void atomic64_inc(atomic64
++ asm volatile(LOCK_PREFIX "incl %0\n"
+ : "+m" (v->counter));
+ }
+
+@@ -104,7 +200,27 @@ static inline void atomic_inc(atomic_t *
*/
- static inline void atomic64_dec(atomic64_t *v)
+ static inline void atomic_dec(atomic_t *v)
{
-- asm volatile(LOCK_PREFIX "decq %0"
-+ asm volatile(LOCK_PREFIX "decq %0\n"
+- asm volatile(LOCK_PREFIX "decl %0"
++ asm volatile(LOCK_PREFIX "decl %0\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+ "jno 0f\n"
-+ LOCK_PREFIX "incq %0\n"
++ LOCK_PREFIX "incl %0\n"
+ "int $4\n0:\n"
+ _ASM_EXTABLE(0b, 0b)
+#endif
+
-+ : "=m" (v->counter)
-+ : "m" (v->counter));
++ : "+m" (v->counter));
+}
+
+/**
-+ * atomic64_dec_unchecked - decrement atomic64 variable
-+ * @v: pointer to type atomic64_t
-+ *
-+ * Atomically decrements @v by 1.
-+ */
-+static inline void atomic64_dec_unchecked(atomic64_unchecked_t *v)
-+{
-+ asm volatile(LOCK_PREFIX "decq %0\n"
- : "=m" (v->counter)
- : "m" (v->counter));
- }
-@@ -118,7 +237,16 @@ static inline int atomic64_dec_and_test(
- {
- unsigned char c;
-
-- asm volatile(LOCK_PREFIX "decq %0; sete %1"
-+ asm volatile(LOCK_PREFIX "decq %0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "incq %0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ "sete %1\n"
- : "=m" (v->counter), "=qm" (c)
- : "m" (v->counter) : "memory");
- return c != 0;
-@@ -136,7 +264,16 @@ static inline int atomic64_inc_and_test(
- {
- unsigned char c;
-
-- asm volatile(LOCK_PREFIX "incq %0; sete %1"
-+ asm volatile(LOCK_PREFIX "incq %0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "decq %0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ "sete %1\n"
- : "=m" (v->counter), "=qm" (c)
- : "m" (v->counter) : "memory");
- return c != 0;
-@@ -155,7 +292,16 @@ static inline int atomic64_add_negative(
- {
- unsigned char c;
-
-- asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
-+ asm volatile(LOCK_PREFIX "addq %2,%0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "subq %2,%0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ "sets %1\n"
- : "=m" (v->counter), "=qm" (c)
- : "er" (i), "m" (v->counter) : "memory");
- return c;
-@@ -171,7 +317,31 @@ static inline int atomic64_add_negative(
- static inline long atomic64_add_return(long i, atomic64_t *v)
- {
- long __i = i;
-- asm volatile(LOCK_PREFIX "xaddq %0, %1;"
-+ asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ "movq %0, %1\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ : "+r" (i), "+m" (v->counter)
-+ : : "memory");
-+ return i + __i;
-+}
-+
-+/**
-+ * atomic64_add_return_unchecked - add and return
-+ * @i: integer value to add
-+ * @v: pointer to type atomic64_unchecked_t
-+ *
-+ * Atomically adds @i to @v and returns @i + @v
-+ */
-+static inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v)
-+{
-+ long __i = i;
-+ asm volatile(LOCK_PREFIX "xaddq %0, %1"
- : "+r" (i), "+m" (v->counter)
- : : "memory");
- return i + __i;
-@@ -183,6 +353,10 @@ static inline long atomic64_sub_return(l
- }
-
- #define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
-+static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
-+{
-+ return atomic64_add_return_unchecked(1, v);
-+}
- #define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
-
- static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
-@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atom
- return cmpxchg(&v->counter, old, new);
- }
-
-+static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
-+{
-+ return cmpxchg(&v->counter, old, new);
-+}
-+
- static inline long atomic64_xchg(atomic64_t *v, long new)
- {
- return xchg(&v->counter, new);
-@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic6
- */
- static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
- {
-- long c, old;
-+ long c, old, new;
- c = atomic64_read(v);
- for (;;) {
-- if (unlikely(c == (u)))
-+ if (unlikely(c == u))
- break;
-- old = atomic64_cmpxchg((v), c, c + (a));
-+
-+ asm volatile("add %2,%0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ "sub %2,%0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ : "=r" (new)
-+ : "0" (c), "ir" (a));
-+
-+ old = atomic64_cmpxchg(v, c, new);
- if (likely(old == c))
- break;
- c = old;
- }
-- return c != (u);
-+ return c != u;
- }
-
- #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
-diff -urNp linux-3.0.7/arch/x86/include/asm/atomic.h linux-3.0.7/arch/x86/include/asm/atomic.h
---- linux-3.0.7/arch/x86/include/asm/atomic.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/atomic.h 2011-08-23 21:47:55.000000000 -0400
-@@ -22,7 +22,18 @@
- */
- static inline int atomic_read(const atomic_t *v)
- {
-- return (*(volatile int *)&(v)->counter);
-+ return (*(volatile const int *)&(v)->counter);
-+}
-+
-+/**
-+ * atomic_read_unchecked - read atomic variable
-+ * @v: pointer of type atomic_unchecked_t
-+ *
-+ * Atomically reads the value of @v.
-+ */
-+static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
-+{
-+ return (*(volatile const int *)&(v)->counter);
- }
-
- /**
-@@ -38,6 +49,18 @@ static inline void atomic_set(atomic_t *
- }
-
- /**
-+ * atomic_set_unchecked - set atomic variable
-+ * @v: pointer of type atomic_unchecked_t
-+ * @i: required value
-+ *
-+ * Atomically sets the value of @v to @i.
-+ */
-+static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
-+{
-+ v->counter = i;
-+}
-+
-+/**
- * atomic_add - add integer to atomic variable
- * @i: integer value to add
- * @v: pointer of type atomic_t
-@@ -46,7 +69,29 @@ static inline void atomic_set(atomic_t *
- */
- static inline void atomic_add(int i, atomic_t *v)
- {
-- asm volatile(LOCK_PREFIX "addl %1,%0"
-+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "subl %1,%0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ : "+m" (v->counter)
-+ : "ir" (i));
-+}
-+
-+/**
-+ * atomic_add_unchecked - add integer to atomic variable
-+ * @i: integer value to add
-+ * @v: pointer of type atomic_unchecked_t
-+ *
-+ * Atomically adds @i to @v.
-+ */
-+static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
-+{
-+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
- : "+m" (v->counter)
- : "ir" (i));
- }
-@@ -60,7 +105,29 @@ static inline void atomic_add(int i, ato
- */
- static inline void atomic_sub(int i, atomic_t *v)
- {
-- asm volatile(LOCK_PREFIX "subl %1,%0"
-+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "addl %1,%0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ : "+m" (v->counter)
-+ : "ir" (i));
-+}
-+
-+/**
-+ * atomic_sub_unchecked - subtract integer from atomic variable
-+ * @i: integer value to subtract
-+ * @v: pointer of type atomic_unchecked_t
-+ *
-+ * Atomically subtracts @i from @v.
-+ */
-+static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
-+{
-+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
- : "+m" (v->counter)
- : "ir" (i));
- }
-@@ -78,7 +145,16 @@ static inline int atomic_sub_and_test(in
- {
- unsigned char c;
-
-- asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
-+ asm volatile(LOCK_PREFIX "subl %2,%0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "addl %2,%0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ "sete %1\n"
- : "+m" (v->counter), "=qm" (c)
- : "ir" (i) : "memory");
- return c;
-@@ -92,7 +168,27 @@ static inline int atomic_sub_and_test(in
- */
- static inline void atomic_inc(atomic_t *v)
- {
-- asm volatile(LOCK_PREFIX "incl %0"
-+ asm volatile(LOCK_PREFIX "incl %0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "decl %0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ : "+m" (v->counter));
-+}
-+
-+/**
-+ * atomic_inc_unchecked - increment atomic variable
-+ * @v: pointer of type atomic_unchecked_t
-+ *
-+ * Atomically increments @v by 1.
-+ */
-+static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
-+{
-+ asm volatile(LOCK_PREFIX "incl %0\n"
- : "+m" (v->counter));
- }
-
-@@ -104,7 +200,27 @@ static inline void atomic_inc(atomic_t *
- */
- static inline void atomic_dec(atomic_t *v)
- {
-- asm volatile(LOCK_PREFIX "decl %0"
-+ asm volatile(LOCK_PREFIX "decl %0\n"
-+
-+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ LOCK_PREFIX "incl %0\n"
-+ "int $4\n0:\n"
-+ _ASM_EXTABLE(0b, 0b)
-+#endif
-+
-+ : "+m" (v->counter));
-+}
-+
-+/**
-+ * atomic_dec_unchecked - decrement atomic variable
-+ * @v: pointer of type atomic_unchecked_t
++ * atomic_dec_unchecked - decrement atomic variable
++ * @v: pointer of type atomic_unchecked_t
+ *
+ * Atomically decrements @v by 1.
+ */
/*
* atomic_dec_if_positive - decrement by 1 if old value positive
* @v: pointer of type atomic_t
-diff -urNp linux-3.0.7/arch/x86/include/asm/bitops.h linux-3.0.7/arch/x86/include/asm/bitops.h
---- linux-3.0.7/arch/x86/include/asm/bitops.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/bitops.h 2011-08-23 21:47:55.000000000 -0400
-@@ -38,7 +38,7 @@
- * a mask operation on a byte.
- */
- #define IS_IMMEDIATE(nr) (__builtin_constant_p(nr))
--#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((void *)(addr) + ((nr)>>3))
-+#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((volatile void *)(addr) + ((nr)>>3))
- #define CONST_MASK(nr) (1 << ((nr) & 7))
-
- /**
-diff -urNp linux-3.0.7/arch/x86/include/asm/boot.h linux-3.0.7/arch/x86/include/asm/boot.h
---- linux-3.0.7/arch/x86/include/asm/boot.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/boot.h 2011-08-23 21:47:55.000000000 -0400
-@@ -11,10 +11,15 @@
- #include <asm/pgtable_types.h>
-
- /* Physical address where kernel should be loaded. */
--#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
-+#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
- + (CONFIG_PHYSICAL_ALIGN - 1)) \
- & ~(CONFIG_PHYSICAL_ALIGN - 1))
+diff -urNp linux-3.0.7/arch/x86/include/asm/atomic64_32.h linux-3.0.7/arch/x86/include/asm/atomic64_32.h
+--- linux-3.0.7/arch/x86/include/asm/atomic64_32.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/atomic64_32.h 2011-08-23 21:47:55.000000000 -0400
+@@ -12,6 +12,14 @@ typedef struct {
+ u64 __aligned(8) counter;
+ } atomic64_t;
-+#ifndef __ASSEMBLY__
-+extern unsigned char __LOAD_PHYSICAL_ADDR[];
-+#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
++#ifdef CONFIG_PAX_REFCOUNT
++typedef struct {
++ u64 __aligned(8) counter;
++} atomic64_unchecked_t;
++#else
++typedef atomic64_t atomic64_unchecked_t;
+#endif
+
- /* Minimum kernel alignment, as a power of two */
- #ifdef CONFIG_X86_64
- #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT
-diff -urNp linux-3.0.7/arch/x86/include/asm/cacheflush.h linux-3.0.7/arch/x86/include/asm/cacheflush.h
---- linux-3.0.7/arch/x86/include/asm/cacheflush.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/cacheflush.h 2011-08-23 21:47:55.000000000 -0400
-@@ -26,7 +26,7 @@ static inline unsigned long get_page_mem
- unsigned long pg_flags = pg->flags & _PGMT_MASK;
-
- if (pg_flags == _PGMT_DEFAULT)
-- return -1;
-+ return ~0UL;
- else if (pg_flags == _PGMT_WC)
- return _PAGE_CACHE_WC;
- else if (pg_flags == _PGMT_UC_MINUS)
-diff -urNp linux-3.0.7/arch/x86/include/asm/cache.h linux-3.0.7/arch/x86/include/asm/cache.h
---- linux-3.0.7/arch/x86/include/asm/cache.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/cache.h 2011-08-23 21:47:55.000000000 -0400
-@@ -5,12 +5,13 @@
-
- /* L1 cache line size */
- #define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT)
--#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
-+#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
+ #define ATOMIC64_INIT(val) { (val) }
- #define __read_mostly __attribute__((__section__(".data..read_mostly")))
-+#define __read_only __attribute__((__section__(".data..read_only")))
+ #ifdef CONFIG_X86_CMPXCHG64
+@@ -38,6 +46,21 @@ static inline long long atomic64_cmpxchg
+ }
- #define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
--#define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
-+#define INTERNODE_CACHE_BYTES (_AC(1,UL) << INTERNODE_CACHE_SHIFT)
+ /**
++ * atomic64_cmpxchg_unchecked - cmpxchg atomic64 variable
++ * @p: pointer to type atomic64_unchecked_t
++ * @o: expected value
++ * @n: new value
++ *
++ * Atomically sets @v to @n if it was equal to @o and returns
++ * the old value.
++ */
++
++static inline long long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long long o, long long n)
++{
++ return cmpxchg64(&v->counter, o, n);
++}
++
++/**
+ * atomic64_xchg - xchg atomic64 variable
+ * @v: pointer to type atomic64_t
+ * @n: value to assign
+@@ -77,6 +100,24 @@ static inline void atomic64_set(atomic64
+ }
- #ifdef CONFIG_X86_VSMP
- #ifdef CONFIG_SMP
-diff -urNp linux-3.0.7/arch/x86/include/asm/checksum_32.h linux-3.0.7/arch/x86/include/asm/checksum_32.h
---- linux-3.0.7/arch/x86/include/asm/checksum_32.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/checksum_32.h 2011-08-23 21:47:55.000000000 -0400
-@@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
- int len, __wsum sum,
- int *src_err_ptr, int *dst_err_ptr);
+ /**
++ * atomic64_set_unchecked - set atomic64 variable
++ * @v: pointer to type atomic64_unchecked_t
++ * @n: value to assign
++ *
++ * Atomically sets the value of @v to @n.
++ */
++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long long i)
++{
++ unsigned high = (unsigned)(i >> 32);
++ unsigned low = (unsigned)i;
++ asm volatile(ATOMIC64_ALTERNATIVE(set)
++ : "+b" (low), "+c" (high)
++ : "S" (v)
++ : "eax", "edx", "memory"
++ );
++}
++
++/**
+ * atomic64_read - read atomic64 variable
+ * @v: pointer to type atomic64_t
+ *
+@@ -93,6 +134,22 @@ static inline long long atomic64_read(at
+ }
-+asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
-+ int len, __wsum sum,
-+ int *src_err_ptr, int *dst_err_ptr);
+ /**
++ * atomic64_read_unchecked - read atomic64 variable
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically reads the value of @v and returns it.
++ */
++static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v)
++{
++ long long r;
++ asm volatile(ATOMIC64_ALTERNATIVE(read_unchecked)
++ : "=A" (r), "+c" (v)
++ : : "memory"
++ );
++ return r;
++ }
+
-+asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
-+ int len, __wsum sum,
-+ int *src_err_ptr, int *dst_err_ptr);
++/**
+ * atomic64_add_return - add and return
+ * @i: integer value to add
+ * @v: pointer to type atomic64_t
+@@ -108,6 +165,22 @@ static inline long long atomic64_add_ret
+ return i;
+ }
+
++/**
++ * atomic64_add_return_unchecked - add and return
++ * @i: integer value to add
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically adds @i to @v and returns @i + *@v
++ */
++static inline long long atomic64_add_return_unchecked(long long i, atomic64_unchecked_t *v)
++{
++ asm volatile(ATOMIC64_ALTERNATIVE(add_return_unchecked)
++ : "+A" (i), "+c" (v)
++ : : "memory"
++ );
++ return i;
++}
+
/*
- * Note: when you get a NULL pointer exception here this means someone
- * passed in an incorrect kernel address to one of these functions.
-@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
- int *err_ptr)
- {
- might_sleep();
-- return csum_partial_copy_generic((__force void *)src, dst,
-+ return csum_partial_copy_generic_from_user((__force void *)src, dst,
- len, sum, err_ptr, NULL);
+ * Other variants with different arithmetic operators:
+ */
+@@ -131,6 +204,17 @@ static inline long long atomic64_inc_ret
+ return a;
}
-@@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us
- {
- might_sleep();
- if (access_ok(VERIFY_WRITE, dst, len))
-- return csum_partial_copy_generic(src, (__force void *)dst,
-+ return csum_partial_copy_generic_to_user(src, (__force void *)dst,
++static inline long long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
++{
++ long long a;
++ asm volatile(ATOMIC64_ALTERNATIVE(inc_return_unchecked)
++ : "=A" (a)
++ : "S" (v)
++ : "memory", "ecx"
++ );
++ return a;
++}
++
+ static inline long long atomic64_dec_return(atomic64_t *v)
+ {
+ long long a;
+@@ -159,6 +243,22 @@ static inline long long atomic64_add(lon
+ }
+
+ /**
++ * atomic64_add_unchecked - add integer to atomic64 variable
++ * @i: integer value to add
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically adds @i to @v.
++ */
++static inline long long atomic64_add_unchecked(long long i, atomic64_unchecked_t *v)
++{
++ asm volatile(ATOMIC64_ALTERNATIVE_(add_unchecked, add_return_unchecked)
++ : "+A" (i), "+c" (v)
++ : : "memory"
++ );
++ return i;
++}
++
++/**
+ * atomic64_sub - subtract the atomic64 variable
+ * @i: integer value to subtract
+ * @v: pointer to type atomic64_t
+diff -urNp linux-3.0.7/arch/x86/include/asm/atomic64_64.h linux-3.0.7/arch/x86/include/asm/atomic64_64.h
+--- linux-3.0.7/arch/x86/include/asm/atomic64_64.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/atomic64_64.h 2011-08-23 21:47:55.000000000 -0400
+@@ -18,7 +18,19 @@
+ */
+ static inline long atomic64_read(const atomic64_t *v)
+ {
+- return (*(volatile long *)&(v)->counter);
++ return (*(volatile const long *)&(v)->counter);
++}
++
++/**
++ * atomic64_read_unchecked - read atomic64 variable
++ * @v: pointer of type atomic64_unchecked_t
++ *
++ * Atomically reads the value of @v.
++ * Doesn't imply a read memory barrier.
++ */
++static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
++{
++ return (*(volatile const long *)&(v)->counter);
+ }
+
+ /**
+@@ -34,6 +46,18 @@ static inline void atomic64_set(atomic64
+ }
+
+ /**
++ * atomic64_set_unchecked - set atomic64 variable
++ * @v: pointer to type atomic64_unchecked_t
++ * @i: required value
++ *
++ * Atomically sets the value of @v to @i.
++ */
++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
++{
++ v->counter = i;
++}
++
++/**
+ * atomic64_add - add integer to atomic64 variable
+ * @i: integer value to add
+ * @v: pointer to type atomic64_t
+@@ -42,6 +66,28 @@ static inline void atomic64_set(atomic64
+ */
+ static inline void atomic64_add(long i, atomic64_t *v)
+ {
++ asm volatile(LOCK_PREFIX "addq %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "subq %1,%0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ : "=m" (v->counter)
++ : "er" (i), "m" (v->counter));
++}
++
++/**
++ * atomic64_add_unchecked - add integer to atomic64 variable
++ * @i: integer value to add
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically adds @i to @v.
++ */
++static inline void atomic64_add_unchecked(long i, atomic64_unchecked_t *v)
++{
+ asm volatile(LOCK_PREFIX "addq %1,%0"
+ : "=m" (v->counter)
+ : "er" (i), "m" (v->counter));
+@@ -56,7 +102,29 @@ static inline void atomic64_add(long i,
+ */
+ static inline void atomic64_sub(long i, atomic64_t *v)
+ {
+- asm volatile(LOCK_PREFIX "subq %1,%0"
++ asm volatile(LOCK_PREFIX "subq %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "addq %1,%0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ : "=m" (v->counter)
++ : "er" (i), "m" (v->counter));
++}
++
++/**
++ * atomic64_sub_unchecked - subtract the atomic64 variable
++ * @i: integer value to subtract
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically subtracts @i from @v.
++ */
++static inline void atomic64_sub_unchecked(long i, atomic64_unchecked_t *v)
++{
++ asm volatile(LOCK_PREFIX "subq %1,%0\n"
+ : "=m" (v->counter)
+ : "er" (i), "m" (v->counter));
+ }
+@@ -74,7 +142,16 @@ static inline int atomic64_sub_and_test(
+ {
+ unsigned char c;
+
+- asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
++ asm volatile(LOCK_PREFIX "subq %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "addq %2,%0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ "sete %1\n"
+ : "=m" (v->counter), "=qm" (c)
+ : "er" (i), "m" (v->counter) : "memory");
+ return c;
+@@ -88,6 +165,27 @@ static inline int atomic64_sub_and_test(
+ */
+ static inline void atomic64_inc(atomic64_t *v)
+ {
++ asm volatile(LOCK_PREFIX "incq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "decq %0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ : "=m" (v->counter)
++ : "m" (v->counter));
++}
++
++/**
++ * atomic64_inc_unchecked - increment atomic64 variable
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically increments @v by 1.
++ */
++static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
++{
+ asm volatile(LOCK_PREFIX "incq %0"
+ : "=m" (v->counter)
+ : "m" (v->counter));
+@@ -101,7 +199,28 @@ static inline void atomic64_inc(atomic64
+ */
+ static inline void atomic64_dec(atomic64_t *v)
+ {
+- asm volatile(LOCK_PREFIX "decq %0"
++ asm volatile(LOCK_PREFIX "decq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "incq %0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ : "=m" (v->counter)
++ : "m" (v->counter));
++}
++
++/**
++ * atomic64_dec_unchecked - decrement atomic64 variable
++ * @v: pointer to type atomic64_t
++ *
++ * Atomically decrements @v by 1.
++ */
++static inline void atomic64_dec_unchecked(atomic64_unchecked_t *v)
++{
++ asm volatile(LOCK_PREFIX "decq %0\n"
+ : "=m" (v->counter)
+ : "m" (v->counter));
+ }
+@@ -118,7 +237,16 @@ static inline int atomic64_dec_and_test(
+ {
+ unsigned char c;
+
+- asm volatile(LOCK_PREFIX "decq %0; sete %1"
++ asm volatile(LOCK_PREFIX "decq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "incq %0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ "sete %1\n"
+ : "=m" (v->counter), "=qm" (c)
+ : "m" (v->counter) : "memory");
+ return c != 0;
+@@ -136,7 +264,16 @@ static inline int atomic64_inc_and_test(
+ {
+ unsigned char c;
+
+- asm volatile(LOCK_PREFIX "incq %0; sete %1"
++ asm volatile(LOCK_PREFIX "incq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "decq %0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ "sete %1\n"
+ : "=m" (v->counter), "=qm" (c)
+ : "m" (v->counter) : "memory");
+ return c != 0;
+@@ -155,7 +292,16 @@ static inline int atomic64_add_negative(
+ {
+ unsigned char c;
+
+- asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
++ asm volatile(LOCK_PREFIX "addq %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ LOCK_PREFIX "subq %2,%0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ "sets %1\n"
+ : "=m" (v->counter), "=qm" (c)
+ : "er" (i), "m" (v->counter) : "memory");
+ return c;
+@@ -171,7 +317,31 @@ static inline int atomic64_add_negative(
+ static inline long atomic64_add_return(long i, atomic64_t *v)
+ {
+ long __i = i;
+- asm volatile(LOCK_PREFIX "xaddq %0, %1;"
++ asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ "movq %0, %1\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ : "+r" (i), "+m" (v->counter)
++ : : "memory");
++ return i + __i;
++}
++
++/**
++ * atomic64_add_return_unchecked - add and return
++ * @i: integer value to add
++ * @v: pointer to type atomic64_unchecked_t
++ *
++ * Atomically adds @i to @v and returns @i + @v
++ */
++static inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v)
++{
++ long __i = i;
++ asm volatile(LOCK_PREFIX "xaddq %0, %1"
+ : "+r" (i), "+m" (v->counter)
+ : : "memory");
+ return i + __i;
+@@ -183,6 +353,10 @@ static inline long atomic64_sub_return(l
+ }
+
+ #define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
++static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
++{
++ return atomic64_add_return_unchecked(1, v);
++}
+ #define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
+
+ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
+@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atom
+ return cmpxchg(&v->counter, old, new);
+ }
+
++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
++{
++ return cmpxchg(&v->counter, old, new);
++}
++
+ static inline long atomic64_xchg(atomic64_t *v, long new)
+ {
+ return xchg(&v->counter, new);
+@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic6
+ */
+ static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
+ {
+- long c, old;
++ long c, old, new;
+ c = atomic64_read(v);
+ for (;;) {
+- if (unlikely(c == (u)))
++ if (unlikely(c == u))
+ break;
+- old = atomic64_cmpxchg((v), c, c + (a));
++
++ asm volatile("add %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ "jno 0f\n"
++ "sub %2,%0\n"
++ "int $4\n0:\n"
++ _ASM_EXTABLE(0b, 0b)
++#endif
++
++ : "=r" (new)
++ : "0" (c), "ir" (a));
++
++ old = atomic64_cmpxchg(v, c, new);
+ if (likely(old == c))
+ break;
+ c = old;
+ }
+- return c != (u);
++ return c != u;
+ }
+
+ #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
+diff -urNp linux-3.0.7/arch/x86/include/asm/bitops.h linux-3.0.7/arch/x86/include/asm/bitops.h
+--- linux-3.0.7/arch/x86/include/asm/bitops.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/bitops.h 2011-08-23 21:47:55.000000000 -0400
+@@ -38,7 +38,7 @@
+ * a mask operation on a byte.
+ */
+ #define IS_IMMEDIATE(nr) (__builtin_constant_p(nr))
+-#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((void *)(addr) + ((nr)>>3))
++#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((volatile void *)(addr) + ((nr)>>3))
+ #define CONST_MASK(nr) (1 << ((nr) & 7))
+
+ /**
+diff -urNp linux-3.0.7/arch/x86/include/asm/boot.h linux-3.0.7/arch/x86/include/asm/boot.h
+--- linux-3.0.7/arch/x86/include/asm/boot.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/boot.h 2011-08-23 21:47:55.000000000 -0400
+@@ -11,10 +11,15 @@
+ #include <asm/pgtable_types.h>
+
+ /* Physical address where kernel should be loaded. */
+-#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
++#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
+ + (CONFIG_PHYSICAL_ALIGN - 1)) \
+ & ~(CONFIG_PHYSICAL_ALIGN - 1))
+
++#ifndef __ASSEMBLY__
++extern unsigned char __LOAD_PHYSICAL_ADDR[];
++#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
++#endif
++
+ /* Minimum kernel alignment, as a power of two */
+ #ifdef CONFIG_X86_64
+ #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT
+diff -urNp linux-3.0.7/arch/x86/include/asm/cache.h linux-3.0.7/arch/x86/include/asm/cache.h
+--- linux-3.0.7/arch/x86/include/asm/cache.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/cache.h 2011-08-23 21:47:55.000000000 -0400
+@@ -5,12 +5,13 @@
+
+ /* L1 cache line size */
+ #define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT)
+-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
+
+ #define __read_mostly __attribute__((__section__(".data..read_mostly")))
++#define __read_only __attribute__((__section__(".data..read_only")))
+
+ #define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
+-#define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
++#define INTERNODE_CACHE_BYTES (_AC(1,UL) << INTERNODE_CACHE_SHIFT)
+
+ #ifdef CONFIG_X86_VSMP
+ #ifdef CONFIG_SMP
+diff -urNp linux-3.0.7/arch/x86/include/asm/cacheflush.h linux-3.0.7/arch/x86/include/asm/cacheflush.h
+--- linux-3.0.7/arch/x86/include/asm/cacheflush.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/cacheflush.h 2011-08-23 21:47:55.000000000 -0400
+@@ -26,7 +26,7 @@ static inline unsigned long get_page_mem
+ unsigned long pg_flags = pg->flags & _PGMT_MASK;
+
+ if (pg_flags == _PGMT_DEFAULT)
+- return -1;
++ return ~0UL;
+ else if (pg_flags == _PGMT_WC)
+ return _PAGE_CACHE_WC;
+ else if (pg_flags == _PGMT_UC_MINUS)
+diff -urNp linux-3.0.7/arch/x86/include/asm/checksum_32.h linux-3.0.7/arch/x86/include/asm/checksum_32.h
+--- linux-3.0.7/arch/x86/include/asm/checksum_32.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/checksum_32.h 2011-08-23 21:47:55.000000000 -0400
+@@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
+ int len, __wsum sum,
+ int *src_err_ptr, int *dst_err_ptr);
+
++asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
++ int len, __wsum sum,
++ int *src_err_ptr, int *dst_err_ptr);
++
++asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
++ int len, __wsum sum,
++ int *src_err_ptr, int *dst_err_ptr);
++
+ /*
+ * Note: when you get a NULL pointer exception here this means someone
+ * passed in an incorrect kernel address to one of these functions.
+@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
+ int *err_ptr)
+ {
+ might_sleep();
+- return csum_partial_copy_generic((__force void *)src, dst,
++ return csum_partial_copy_generic_from_user((__force void *)src, dst,
+ len, sum, err_ptr, NULL);
+ }
+
+@@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us
+ {
+ might_sleep();
+ if (access_ok(VERIFY_WRITE, dst, len))
+- return csum_partial_copy_generic(src, (__force void *)dst,
++ return csum_partial_copy_generic_to_user(src, (__force void *)dst,
len, sum, NULL, err_ptr);
if (len)
"3: movb $1,%0\n"
"4:\n"
".previous\n"
-diff -urNp linux-3.0.7/arch/x86/include/asm/desc_defs.h linux-3.0.7/arch/x86/include/asm/desc_defs.h
---- linux-3.0.7/arch/x86/include/asm/desc_defs.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/desc_defs.h 2011-08-23 21:47:55.000000000 -0400
-@@ -31,6 +31,12 @@ struct desc_struct {
- unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;
- unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;
- };
-+ struct {
-+ u16 offset_low;
-+ u16 seg;
-+ unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1;
-+ unsigned offset_high: 16;
-+ } gate;
- };
- } __attribute__((packed));
-
diff -urNp linux-3.0.7/arch/x86/include/asm/desc.h linux-3.0.7/arch/x86/include/asm/desc.h
--- linux-3.0.7/arch/x86/include/asm/desc.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/desc.h 2011-08-23 21:47:55.000000000 -0400
+#endif
+
#endif /* _ASM_X86_DESC_H */
+diff -urNp linux-3.0.7/arch/x86/include/asm/desc_defs.h linux-3.0.7/arch/x86/include/asm/desc_defs.h
+--- linux-3.0.7/arch/x86/include/asm/desc_defs.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/desc_defs.h 2011-08-23 21:47:55.000000000 -0400
+@@ -31,6 +31,12 @@ struct desc_struct {
+ unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;
+ unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;
+ };
++ struct {
++ u16 offset_low;
++ u16 seg;
++ unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1;
++ unsigned offset_high: 16;
++ } gate;
+ };
+ } __attribute__((packed));
+
diff -urNp linux-3.0.7/arch/x86/include/asm/e820.h linux-3.0.7/arch/x86/include/asm/e820.h
--- linux-3.0.7/arch/x86/include/asm/e820.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/e820.h 2011-08-23 21:47:55.000000000 -0400
+#endif
+
#endif /* _ASM_X86_MMAN_H */
-diff -urNp linux-3.0.7/arch/x86/include/asm/mmu_context.h linux-3.0.7/arch/x86/include/asm/mmu_context.h
---- linux-3.0.7/arch/x86/include/asm/mmu_context.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/mmu_context.h 2011-08-23 21:48:14.000000000 -0400
-@@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *m
+diff -urNp linux-3.0.7/arch/x86/include/asm/mmu.h linux-3.0.7/arch/x86/include/asm/mmu.h
+--- linux-3.0.7/arch/x86/include/asm/mmu.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/mmu.h 2011-08-23 21:47:55.000000000 -0400
+@@ -9,7 +9,7 @@
+ * we put the segment information here.
+ */
+ typedef struct {
+- void *ldt;
++ struct desc_struct *ldt;
+ int size;
- static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
- {
+ #ifdef CONFIG_X86_64
+@@ -18,7 +18,19 @@ typedef struct {
+ #endif
+
+ struct mutex lock;
+- void *vdso;
++ unsigned long vdso;
++
++#ifdef CONFIG_X86_32
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++ unsigned long user_cs_base;
++ unsigned long user_cs_limit;
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++ cpumask_t cpu_user_cs_mask;
++#endif
++
++#endif
++#endif
+ } mm_context_t;
+
+ #ifdef CONFIG_SMP
+diff -urNp linux-3.0.7/arch/x86/include/asm/mmu_context.h linux-3.0.7/arch/x86/include/asm/mmu_context.h
+--- linux-3.0.7/arch/x86/include/asm/mmu_context.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/mmu_context.h 2011-08-23 21:48:14.000000000 -0400
+@@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *m
+
+ static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
+ {
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+ unsigned int i;
}
#define activate_mm(prev, next) \
-diff -urNp linux-3.0.7/arch/x86/include/asm/mmu.h linux-3.0.7/arch/x86/include/asm/mmu.h
---- linux-3.0.7/arch/x86/include/asm/mmu.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/mmu.h 2011-08-23 21:47:55.000000000 -0400
-@@ -9,7 +9,7 @@
- * we put the segment information here.
- */
- typedef struct {
-- void *ldt;
-+ struct desc_struct *ldt;
- int size;
-
- #ifdef CONFIG_X86_64
-@@ -18,7 +18,19 @@ typedef struct {
- #endif
-
- struct mutex lock;
-- void *vdso;
-+ unsigned long vdso;
-+
-+#ifdef CONFIG_X86_32
-+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
-+ unsigned long user_cs_base;
-+ unsigned long user_cs_limit;
-+
-+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
-+ cpumask_t cpu_user_cs_mask;
-+#endif
-+
-+#endif
-+#endif
- } mm_context_t;
-
- #ifdef CONFIG_SMP
diff -urNp linux-3.0.7/arch/x86/include/asm/module.h linux-3.0.7/arch/x86/include/asm/module.h
--- linux-3.0.7/arch/x86/include/asm/module.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/module.h 2011-10-07 19:24:31.000000000 -0400
}
static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
-diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_32.h linux-3.0.7/arch/x86/include/asm/pgtable_32.h
---- linux-3.0.7/arch/x86/include/asm/pgtable_32.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/pgtable_32.h 2011-08-23 21:47:55.000000000 -0400
-@@ -25,9 +25,6 @@
- struct mm_struct;
- struct vm_area_struct;
-
--extern pgd_t swapper_pg_dir[1024];
--extern pgd_t initial_page_table[1024];
--
- static inline void pgtable_cache_init(void) { }
- static inline void check_pgt_cache(void) { }
- void paging_init(void);
-@@ -48,6 +45,12 @@ extern void set_pmd_pfn(unsigned long, u
- # include <asm/pgtable-2level.h>
- #endif
-
-+extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
-+extern pgd_t initial_page_table[PTRS_PER_PGD];
-+#ifdef CONFIG_X86_PAE
-+extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
-+#endif
-+
- #if defined(CONFIG_HIGHPTE)
- #define pte_offset_map(dir, address) \
- ((pte_t *)kmap_atomic(pmd_page(*(dir))) + \
-@@ -62,7 +65,9 @@ extern void set_pmd_pfn(unsigned long, u
- /* Clear a kernel PTE and flush it from the TLB */
- #define kpte_clear_flush(ptep, vaddr) \
- do { \
-+ pax_open_kernel(); \
- pte_clear(&init_mm, (vaddr), (ptep)); \
-+ pax_close_kernel(); \
- __flush_tlb_one((vaddr)); \
- } while (0)
-
-@@ -74,6 +79,9 @@ do { \
-
- #endif /* !__ASSEMBLY__ */
-
-+#define HAVE_ARCH_UNMAPPED_AREA
-+#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
-+
- /*
- * kern_addr_valid() is (1) for FLATMEM and (0) for
- * SPARSEMEM and DISCONTIGMEM
-diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h
---- linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h 2011-08-23 21:47:55.000000000 -0400
-@@ -8,7 +8,7 @@
- */
- #ifdef CONFIG_X86_PAE
- # include <asm/pgtable-3level_types.h>
--# define PMD_SIZE (1UL << PMD_SHIFT)
-+# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
- # define PMD_MASK (~(PMD_SIZE - 1))
- #else
- # include <asm/pgtable-2level_types.h>
-@@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set
- # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
- #endif
-
-+#ifdef CONFIG_PAX_KERNEXEC
-+#ifndef __ASSEMBLY__
-+extern unsigned char MODULES_EXEC_VADDR[];
-+extern unsigned char MODULES_EXEC_END[];
-+#endif
-+#include <asm/boot.h>
-+#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET)
-+#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET)
-+#else
-+#define ktla_ktva(addr) (addr)
-+#define ktva_ktla(addr) (addr)
-+#endif
-+
- #define MODULES_VADDR VMALLOC_START
- #define MODULES_END VMALLOC_END
- #define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable-3level.h linux-3.0.7/arch/x86/include/asm/pgtable-3level.h
--- linux-3.0.7/arch/x86/include/asm/pgtable-3level.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/pgtable-3level.h 2011-08-23 21:47:55.000000000 -0400
}
/*
-diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_64.h linux-3.0.7/arch/x86/include/asm/pgtable_64.h
---- linux-3.0.7/arch/x86/include/asm/pgtable_64.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/pgtable_64.h 2011-08-23 21:47:55.000000000 -0400
-@@ -16,10 +16,13 @@
-
- extern pud_t level3_kernel_pgt[512];
- extern pud_t level3_ident_pgt[512];
-+extern pud_t level3_vmalloc_pgt[512];
-+extern pud_t level3_vmemmap_pgt[512];
-+extern pud_t level2_vmemmap_pgt[512];
- extern pmd_t level2_kernel_pgt[512];
- extern pmd_t level2_fixmap_pgt[512];
--extern pmd_t level2_ident_pgt[512];
--extern pgd_t init_level4_pgt[];
-+extern pmd_t level2_ident_pgt[512*2];
-+extern pgd_t init_level4_pgt[512];
-
- #define swapper_pg_dir init_level4_pgt
-
-@@ -61,7 +64,9 @@ static inline void native_set_pte_atomic
-
- static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
- {
-+ pax_open_kernel();
- *pmdp = pmd;
-+ pax_close_kernel();
- }
-
- static inline void native_pmd_clear(pmd_t *pmd)
-@@ -107,6 +112,13 @@ static inline void native_pud_clear(pud_
-
- static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
- {
-+ pax_open_kernel();
-+ *pgdp = pgd;
-+ pax_close_kernel();
-+}
-+
-+static inline void native_set_pgd_batched(pgd_t *pgdp, pgd_t pgd)
-+{
- *pgdp = pgd;
- }
-
-diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h
---- linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h 2011-08-23 21:47:55.000000000 -0400
-@@ -59,5 +59,10 @@ typedef struct { pteval_t pte; } pte_t;
- #define MODULES_VADDR _AC(0xffffffffa0000000, UL)
- #define MODULES_END _AC(0xffffffffff000000, UL)
- #define MODULES_LEN (MODULES_END - MODULES_VADDR)
-+#define MODULES_EXEC_VADDR MODULES_VADDR
-+#define MODULES_EXEC_END MODULES_END
-+
-+#define ktla_ktva(addr) (addr)
-+#define ktva_ktla(addr) (addr)
-
- #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable.h linux-3.0.7/arch/x86/include/asm/pgtable.h
--- linux-3.0.7/arch/x86/include/asm/pgtable.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/pgtable.h 2011-08-23 21:47:55.000000000 -0400
#include <asm-generic/pgtable.h>
#endif /* __ASSEMBLY__ */
+diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_32.h linux-3.0.7/arch/x86/include/asm/pgtable_32.h
+--- linux-3.0.7/arch/x86/include/asm/pgtable_32.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/pgtable_32.h 2011-08-23 21:47:55.000000000 -0400
+@@ -25,9 +25,6 @@
+ struct mm_struct;
+ struct vm_area_struct;
+
+-extern pgd_t swapper_pg_dir[1024];
+-extern pgd_t initial_page_table[1024];
+-
+ static inline void pgtable_cache_init(void) { }
+ static inline void check_pgt_cache(void) { }
+ void paging_init(void);
+@@ -48,6 +45,12 @@ extern void set_pmd_pfn(unsigned long, u
+ # include <asm/pgtable-2level.h>
+ #endif
+
++extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
++extern pgd_t initial_page_table[PTRS_PER_PGD];
++#ifdef CONFIG_X86_PAE
++extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
++#endif
++
+ #if defined(CONFIG_HIGHPTE)
+ #define pte_offset_map(dir, address) \
+ ((pte_t *)kmap_atomic(pmd_page(*(dir))) + \
+@@ -62,7 +65,9 @@ extern void set_pmd_pfn(unsigned long, u
+ /* Clear a kernel PTE and flush it from the TLB */
+ #define kpte_clear_flush(ptep, vaddr) \
+ do { \
++ pax_open_kernel(); \
+ pte_clear(&init_mm, (vaddr), (ptep)); \
++ pax_close_kernel(); \
+ __flush_tlb_one((vaddr)); \
+ } while (0)
+
+@@ -74,6 +79,9 @@ do { \
+
+ #endif /* !__ASSEMBLY__ */
+
++#define HAVE_ARCH_UNMAPPED_AREA
++#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
++
+ /*
+ * kern_addr_valid() is (1) for FLATMEM and (0) for
+ * SPARSEMEM and DISCONTIGMEM
+diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h
+--- linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/pgtable_32_types.h 2011-08-23 21:47:55.000000000 -0400
+@@ -8,7 +8,7 @@
+ */
+ #ifdef CONFIG_X86_PAE
+ # include <asm/pgtable-3level_types.h>
+-# define PMD_SIZE (1UL << PMD_SHIFT)
++# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
+ # define PMD_MASK (~(PMD_SIZE - 1))
+ #else
+ # include <asm/pgtable-2level_types.h>
+@@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set
+ # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
+ #endif
+
++#ifdef CONFIG_PAX_KERNEXEC
++#ifndef __ASSEMBLY__
++extern unsigned char MODULES_EXEC_VADDR[];
++extern unsigned char MODULES_EXEC_END[];
++#endif
++#include <asm/boot.h>
++#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET)
++#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET)
++#else
++#define ktla_ktva(addr) (addr)
++#define ktva_ktla(addr) (addr)
++#endif
++
+ #define MODULES_VADDR VMALLOC_START
+ #define MODULES_END VMALLOC_END
+ #define MODULES_LEN (MODULES_VADDR - MODULES_END)
+diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_64.h linux-3.0.7/arch/x86/include/asm/pgtable_64.h
+--- linux-3.0.7/arch/x86/include/asm/pgtable_64.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/pgtable_64.h 2011-08-23 21:47:55.000000000 -0400
+@@ -16,10 +16,13 @@
+
+ extern pud_t level3_kernel_pgt[512];
+ extern pud_t level3_ident_pgt[512];
++extern pud_t level3_vmalloc_pgt[512];
++extern pud_t level3_vmemmap_pgt[512];
++extern pud_t level2_vmemmap_pgt[512];
+ extern pmd_t level2_kernel_pgt[512];
+ extern pmd_t level2_fixmap_pgt[512];
+-extern pmd_t level2_ident_pgt[512];
+-extern pgd_t init_level4_pgt[];
++extern pmd_t level2_ident_pgt[512*2];
++extern pgd_t init_level4_pgt[512];
+
+ #define swapper_pg_dir init_level4_pgt
+
+@@ -61,7 +64,9 @@ static inline void native_set_pte_atomic
+
+ static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
+ {
++ pax_open_kernel();
+ *pmdp = pmd;
++ pax_close_kernel();
+ }
+
+ static inline void native_pmd_clear(pmd_t *pmd)
+@@ -107,6 +112,13 @@ static inline void native_pud_clear(pud_
+
+ static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
+ {
++ pax_open_kernel();
++ *pgdp = pgd;
++ pax_close_kernel();
++}
++
++static inline void native_set_pgd_batched(pgd_t *pgdp, pgd_t pgd)
++{
+ *pgdp = pgd;
+ }
+
+diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h
+--- linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/pgtable_64_types.h 2011-08-23 21:47:55.000000000 -0400
+@@ -59,5 +59,10 @@ typedef struct { pteval_t pte; } pte_t;
+ #define MODULES_VADDR _AC(0xffffffffa0000000, UL)
+ #define MODULES_END _AC(0xffffffffff000000, UL)
+ #define MODULES_LEN (MODULES_END - MODULES_VADDR)
++#define MODULES_EXEC_VADDR MODULES_VADDR
++#define MODULES_EXEC_END MODULES_END
++
++#define ktla_ktva(addr) (addr)
++#define ktva_ktla(addr) (addr)
+
+ #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff -urNp linux-3.0.7/arch/x86/include/asm/pgtable_types.h linux-3.0.7/arch/x86/include/asm/pgtable_types.h
--- linux-3.0.7/arch/x86/include/asm/pgtable_types.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/pgtable_types.h 2011-08-23 21:47:55.000000000 -0400
+
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
+diff -urNp linux-3.0.7/arch/x86/include/asm/uaccess.h linux-3.0.7/arch/x86/include/asm/uaccess.h
+--- linux-3.0.7/arch/x86/include/asm/uaccess.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/include/asm/uaccess.h 2011-10-06 04:17:55.000000000 -0400
+@@ -7,12 +7,15 @@
+ #include <linux/compiler.h>
+ #include <linux/thread_info.h>
+ #include <linux/string.h>
++#include <linux/sched.h>
+ #include <asm/asm.h>
+ #include <asm/page.h>
+
+ #define VERIFY_READ 0
+ #define VERIFY_WRITE 1
+
++extern void check_object_size(const void *ptr, unsigned long n, bool to);
++
+ /*
+ * The fs value determines whether argument validity checking should be
+ * performed or not. If get_fs() == USER_DS, checking is performed, with
+@@ -28,7 +31,12 @@
+
+ #define get_ds() (KERNEL_DS)
+ #define get_fs() (current_thread_info()->addr_limit)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
++void __set_fs(mm_segment_t x);
++void set_fs(mm_segment_t x);
++#else
+ #define set_fs(x) (current_thread_info()->addr_limit = (x))
++#endif
+
+ #define segment_eq(a, b) ((a).seg == (b).seg)
+
+@@ -76,7 +84,33 @@
+ * checks that the pointer is in the user space range - after calling
+ * this function, memory access functions may still return -EFAULT.
+ */
+-#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
++#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
++#define access_ok(type, addr, size) \
++({ \
++ long __size = size; \
++ unsigned long __addr = (unsigned long)addr; \
++ unsigned long __addr_ao = __addr & PAGE_MASK; \
++ unsigned long __end_ao = __addr + __size - 1; \
++ bool __ret_ao = __range_not_ok(__addr, __size) == 0; \
++ if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
++ while(__addr_ao <= __end_ao) { \
++ char __c_ao; \
++ __addr_ao += PAGE_SIZE; \
++ if (__size > PAGE_SIZE) \
++ cond_resched(); \
++ if (__get_user(__c_ao, (char __user *)__addr)) \
++ break; \
++ if (type != VERIFY_WRITE) { \
++ __addr = __addr_ao; \
++ continue; \
++ } \
++ if (__put_user(__c_ao, (char __user *)__addr)) \
++ break; \
++ __addr = __addr_ao; \
++ } \
++ } \
++ __ret_ao; \
++})
+
+ /*
+ * The exception table consists of pairs of addresses: the first is the
+@@ -182,12 +216,20 @@ extern int __get_user_bad(void);
+ asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
+ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
+
+-
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#define __copyuser_seg "gs;"
++#define __COPYUSER_SET_ES "pushl %%gs; popl %%es\n"
++#define __COPYUSER_RESTORE_ES "pushl %%ss; popl %%es\n"
++#else
++#define __copyuser_seg
++#define __COPYUSER_SET_ES
++#define __COPYUSER_RESTORE_ES
++#endif
+
+ #ifdef CONFIG_X86_32
+ #define __put_user_asm_u64(x, addr, err, errret) \
+- asm volatile("1: movl %%eax,0(%2)\n" \
+- "2: movl %%edx,4(%2)\n" \
++ asm volatile("1: "__copyuser_seg"movl %%eax,0(%2)\n" \
++ "2: "__copyuser_seg"movl %%edx,4(%2)\n" \
+ "3:\n" \
+ ".section .fixup,\"ax\"\n" \
+ "4: movl %3,%0\n" \
+@@ -199,8 +241,8 @@ extern int __get_user_bad(void);
+ : "A" (x), "r" (addr), "i" (errret), "0" (err))
+
+ #define __put_user_asm_ex_u64(x, addr) \
+- asm volatile("1: movl %%eax,0(%1)\n" \
+- "2: movl %%edx,4(%1)\n" \
++ asm volatile("1: "__copyuser_seg"movl %%eax,0(%1)\n" \
++ "2: "__copyuser_seg"movl %%edx,4(%1)\n" \
+ "3:\n" \
+ _ASM_EXTABLE(1b, 2b - 1b) \
+ _ASM_EXTABLE(2b, 3b - 2b) \
+@@ -252,7 +294,7 @@ extern void __put_user_8(void);
+ __typeof__(*(ptr)) __pu_val; \
+ __chk_user_ptr(ptr); \
+ might_fault(); \
+- __pu_val = x; \
++ __pu_val = (x); \
+ switch (sizeof(*(ptr))) { \
+ case 1: \
+ __put_user_x(1, __pu_val, ptr, __ret_pu); \
+@@ -373,7 +415,7 @@ do { \
+ } while (0)
+
+ #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
+- asm volatile("1: mov"itype" %2,%"rtype"1\n" \
++ asm volatile("1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\
+ "2:\n" \
+ ".section .fixup,\"ax\"\n" \
+ "3: mov %3,%0\n" \
+@@ -381,7 +423,7 @@ do { \
+ " jmp 2b\n" \
+ ".previous\n" \
+ _ASM_EXTABLE(1b, 3b) \
+- : "=r" (err), ltype(x) \
++ : "=r" (err), ltype (x) \
+ : "m" (__m(addr)), "i" (errret), "0" (err))
+
+ #define __get_user_size_ex(x, ptr, size) \
+@@ -406,7 +448,7 @@ do { \
+ } while (0)
+
+ #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
+- asm volatile("1: mov"itype" %1,%"rtype"0\n" \
++ asm volatile("1: "__copyuser_seg"mov"itype" %1,%"rtype"0\n"\
+ "2:\n" \
+ _ASM_EXTABLE(1b, 2b - 1b) \
+ : ltype(x) : "m" (__m(addr)))
+@@ -423,13 +465,24 @@ do { \
+ int __gu_err; \
+ unsigned long __gu_val; \
+ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
+- (x) = (__force __typeof__(*(ptr)))__gu_val; \
++ (x) = (__typeof__(*(ptr)))__gu_val; \
+ __gu_err; \
+ })
+
+ /* FIXME: this hack is definitely wrong -AK */
+ struct __large_struct { unsigned long buf[100]; };
+-#define __m(x) (*(struct __large_struct __user *)(x))
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#define ____m(x) \
++({ \
++ unsigned long ____x = (unsigned long)(x); \
++ if (____x < PAX_USER_SHADOW_BASE) \
++ ____x += PAX_USER_SHADOW_BASE; \
++ (void __user *)____x; \
++})
++#else
++#define ____m(x) (x)
++#endif
++#define __m(x) (*(struct __large_struct __user *)____m(x))
+
+ /*
+ * Tell gcc we read from memory instead of writing: this is because
+@@ -437,7 +490,7 @@ struct __large_struct { unsigned long bu
+ * aliasing issues.
+ */
+ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
+- asm volatile("1: mov"itype" %"rtype"1,%2\n" \
++ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\
+ "2:\n" \
+ ".section .fixup,\"ax\"\n" \
+ "3: mov %3,%0\n" \
+@@ -445,10 +498,10 @@ struct __large_struct { unsigned long bu
+ ".previous\n" \
+ _ASM_EXTABLE(1b, 3b) \
+ : "=r"(err) \
+- : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
++ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err))
+
+ #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
+- asm volatile("1: mov"itype" %"rtype"0,%1\n" \
++ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"0,%1\n"\
+ "2:\n" \
+ _ASM_EXTABLE(1b, 2b - 1b) \
+ : : ltype(x), "m" (__m(addr)))
+@@ -487,8 +540,12 @@ struct __large_struct { unsigned long bu
+ * On error, the variable @x is set to zero.
+ */
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#define __get_user(x, ptr) get_user((x), (ptr))
++#else
+ #define __get_user(x, ptr) \
+ __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
++#endif
+
+ /**
+ * __put_user: - Write a simple value into user space, with less checking.
+@@ -510,8 +567,12 @@ struct __large_struct { unsigned long bu
+ * Returns zero on success, or -EFAULT on error.
+ */
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#define __put_user(x, ptr) put_user((x), (ptr))
++#else
+ #define __put_user(x, ptr) \
+ __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
++#endif
+
+ #define __get_user_unaligned __get_user
+ #define __put_user_unaligned __put_user
+@@ -529,7 +590,7 @@ struct __large_struct { unsigned long bu
+ #define get_user_ex(x, ptr) do { \
+ unsigned long __gue_val; \
+ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
+- (x) = (__force __typeof__(*(ptr)))__gue_val; \
++ (x) = (__typeof__(*(ptr)))__gue_val; \
+ } while (0)
+
+ #ifdef CONFIG_X86_WP_WORKS_OK
diff -urNp linux-3.0.7/arch/x86/include/asm/uaccess_32.h linux-3.0.7/arch/x86/include/asm/uaccess_32.h
--- linux-3.0.7/arch/x86/include/asm/uaccess_32.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/uaccess_32.h 2011-08-23 21:48:14.000000000 -0400
+copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest);
#endif /* _ASM_X86_UACCESS_64_H */
-diff -urNp linux-3.0.7/arch/x86/include/asm/uaccess.h linux-3.0.7/arch/x86/include/asm/uaccess.h
---- linux-3.0.7/arch/x86/include/asm/uaccess.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/include/asm/uaccess.h 2011-10-06 04:17:55.000000000 -0400
-@@ -7,12 +7,15 @@
- #include <linux/compiler.h>
- #include <linux/thread_info.h>
- #include <linux/string.h>
-+#include <linux/sched.h>
- #include <asm/asm.h>
- #include <asm/page.h>
-
- #define VERIFY_READ 0
- #define VERIFY_WRITE 1
-
-+extern void check_object_size(const void *ptr, unsigned long n, bool to);
-+
- /*
- * The fs value determines whether argument validity checking should be
- * performed or not. If get_fs() == USER_DS, checking is performed, with
-@@ -28,7 +31,12 @@
-
- #define get_ds() (KERNEL_DS)
- #define get_fs() (current_thread_info()->addr_limit)
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+void __set_fs(mm_segment_t x);
-+void set_fs(mm_segment_t x);
-+#else
- #define set_fs(x) (current_thread_info()->addr_limit = (x))
-+#endif
-
- #define segment_eq(a, b) ((a).seg == (b).seg)
-
-@@ -76,7 +84,33 @@
- * checks that the pointer is in the user space range - after calling
- * this function, memory access functions may still return -EFAULT.
- */
--#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
-+#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
-+#define access_ok(type, addr, size) \
-+({ \
-+ long __size = size; \
-+ unsigned long __addr = (unsigned long)addr; \
-+ unsigned long __addr_ao = __addr & PAGE_MASK; \
-+ unsigned long __end_ao = __addr + __size - 1; \
-+ bool __ret_ao = __range_not_ok(__addr, __size) == 0; \
-+ if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
-+ while(__addr_ao <= __end_ao) { \
-+ char __c_ao; \
-+ __addr_ao += PAGE_SIZE; \
-+ if (__size > PAGE_SIZE) \
-+ cond_resched(); \
-+ if (__get_user(__c_ao, (char __user *)__addr)) \
-+ break; \
-+ if (type != VERIFY_WRITE) { \
-+ __addr = __addr_ao; \
-+ continue; \
-+ } \
-+ if (__put_user(__c_ao, (char __user *)__addr)) \
-+ break; \
-+ __addr = __addr_ao; \
-+ } \
-+ } \
-+ __ret_ao; \
-+})
-
- /*
- * The exception table consists of pairs of addresses: the first is the
-@@ -182,12 +216,20 @@ extern int __get_user_bad(void);
- asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
- : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
-
--
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+#define __copyuser_seg "gs;"
-+#define __COPYUSER_SET_ES "pushl %%gs; popl %%es\n"
-+#define __COPYUSER_RESTORE_ES "pushl %%ss; popl %%es\n"
-+#else
-+#define __copyuser_seg
-+#define __COPYUSER_SET_ES
-+#define __COPYUSER_RESTORE_ES
-+#endif
-
- #ifdef CONFIG_X86_32
- #define __put_user_asm_u64(x, addr, err, errret) \
-- asm volatile("1: movl %%eax,0(%2)\n" \
-- "2: movl %%edx,4(%2)\n" \
-+ asm volatile("1: "__copyuser_seg"movl %%eax,0(%2)\n" \
-+ "2: "__copyuser_seg"movl %%edx,4(%2)\n" \
- "3:\n" \
- ".section .fixup,\"ax\"\n" \
- "4: movl %3,%0\n" \
-@@ -199,8 +241,8 @@ extern int __get_user_bad(void);
- : "A" (x), "r" (addr), "i" (errret), "0" (err))
-
- #define __put_user_asm_ex_u64(x, addr) \
-- asm volatile("1: movl %%eax,0(%1)\n" \
-- "2: movl %%edx,4(%1)\n" \
-+ asm volatile("1: "__copyuser_seg"movl %%eax,0(%1)\n" \
-+ "2: "__copyuser_seg"movl %%edx,4(%1)\n" \
- "3:\n" \
- _ASM_EXTABLE(1b, 2b - 1b) \
- _ASM_EXTABLE(2b, 3b - 2b) \
-@@ -252,7 +294,7 @@ extern void __put_user_8(void);
- __typeof__(*(ptr)) __pu_val; \
- __chk_user_ptr(ptr); \
- might_fault(); \
-- __pu_val = x; \
-+ __pu_val = (x); \
- switch (sizeof(*(ptr))) { \
- case 1: \
- __put_user_x(1, __pu_val, ptr, __ret_pu); \
-@@ -373,7 +415,7 @@ do { \
- } while (0)
-
- #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
-- asm volatile("1: mov"itype" %2,%"rtype"1\n" \
-+ asm volatile("1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\
- "2:\n" \
- ".section .fixup,\"ax\"\n" \
- "3: mov %3,%0\n" \
-@@ -381,7 +423,7 @@ do { \
- " jmp 2b\n" \
- ".previous\n" \
- _ASM_EXTABLE(1b, 3b) \
-- : "=r" (err), ltype(x) \
-+ : "=r" (err), ltype (x) \
- : "m" (__m(addr)), "i" (errret), "0" (err))
-
- #define __get_user_size_ex(x, ptr, size) \
-@@ -406,7 +448,7 @@ do { \
- } while (0)
-
- #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
-- asm volatile("1: mov"itype" %1,%"rtype"0\n" \
-+ asm volatile("1: "__copyuser_seg"mov"itype" %1,%"rtype"0\n"\
- "2:\n" \
- _ASM_EXTABLE(1b, 2b - 1b) \
- : ltype(x) : "m" (__m(addr)))
-@@ -423,13 +465,24 @@ do { \
- int __gu_err; \
- unsigned long __gu_val; \
- __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
-- (x) = (__force __typeof__(*(ptr)))__gu_val; \
-+ (x) = (__typeof__(*(ptr)))__gu_val; \
- __gu_err; \
- })
-
- /* FIXME: this hack is definitely wrong -AK */
- struct __large_struct { unsigned long buf[100]; };
--#define __m(x) (*(struct __large_struct __user *)(x))
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+#define ____m(x) \
-+({ \
-+ unsigned long ____x = (unsigned long)(x); \
-+ if (____x < PAX_USER_SHADOW_BASE) \
-+ ____x += PAX_USER_SHADOW_BASE; \
-+ (void __user *)____x; \
-+})
-+#else
-+#define ____m(x) (x)
-+#endif
-+#define __m(x) (*(struct __large_struct __user *)____m(x))
-
- /*
- * Tell gcc we read from memory instead of writing: this is because
-@@ -437,7 +490,7 @@ struct __large_struct { unsigned long bu
- * aliasing issues.
- */
- #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
-- asm volatile("1: mov"itype" %"rtype"1,%2\n" \
-+ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\
- "2:\n" \
- ".section .fixup,\"ax\"\n" \
- "3: mov %3,%0\n" \
-@@ -445,10 +498,10 @@ struct __large_struct { unsigned long bu
- ".previous\n" \
- _ASM_EXTABLE(1b, 3b) \
- : "=r"(err) \
-- : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
-+ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err))
-
- #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
-- asm volatile("1: mov"itype" %"rtype"0,%1\n" \
-+ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"0,%1\n"\
- "2:\n" \
- _ASM_EXTABLE(1b, 2b - 1b) \
- : : ltype(x), "m" (__m(addr)))
-@@ -487,8 +540,12 @@ struct __large_struct { unsigned long bu
- * On error, the variable @x is set to zero.
- */
-
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+#define __get_user(x, ptr) get_user((x), (ptr))
-+#else
- #define __get_user(x, ptr) \
- __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
-+#endif
-
- /**
- * __put_user: - Write a simple value into user space, with less checking.
-@@ -510,8 +567,12 @@ struct __large_struct { unsigned long bu
- * Returns zero on success, or -EFAULT on error.
- */
-
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+#define __put_user(x, ptr) put_user((x), (ptr))
-+#else
- #define __put_user(x, ptr) \
- __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
-+#endif
-
- #define __get_user_unaligned __get_user
- #define __put_user_unaligned __put_user
-@@ -529,7 +590,7 @@ struct __large_struct { unsigned long bu
- #define get_user_ex(x, ptr) do { \
- unsigned long __gue_val; \
- __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
-- (x) = (__force __typeof__(*(ptr)))__gue_val; \
-+ (x) = (__typeof__(*(ptr)))__gue_val; \
- } while (0)
-
- #ifdef CONFIG_X86_WP_WORKS_OK
diff -urNp linux-3.0.7/arch/x86/include/asm/vdso.h linux-3.0.7/arch/x86/include/asm/vdso.h
--- linux-3.0.7/arch/x86/include/asm/vdso.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/include/asm/vdso.h 2011-10-06 04:17:55.000000000 -0400
__asm__ __volatile__("1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n"
"2:\n"
".section .fixup,\"ax\"\n"
-diff -urNp linux-3.0.7/arch/x86/Kconfig linux-3.0.7/arch/x86/Kconfig
---- linux-3.0.7/arch/x86/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/Kconfig 2011-09-17 00:58:36.000000000 -0400
-@@ -229,7 +229,7 @@ config X86_HT
-
- config X86_32_LAZY_GS
- def_bool y
-- depends on X86_32 && !CC_STACKPROTECTOR
-+ depends on X86_32 && !CC_STACKPROTECTOR && !PAX_MEMORY_UDEREF
-
- config ARCH_HWEIGHT_CFLAGS
- string
-@@ -1018,7 +1018,7 @@ choice
-
- config NOHIGHMEM
- bool "off"
-- depends on !X86_NUMAQ
-+ depends on !X86_NUMAQ && !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
- ---help---
- Linux can use up to 64 Gigabytes of physical memory on x86 systems.
- However, the address space of 32-bit x86 processors is only 4
-@@ -1055,7 +1055,7 @@ config NOHIGHMEM
-
- config HIGHMEM4G
- bool "4GB"
-- depends on !X86_NUMAQ
-+ depends on !X86_NUMAQ && !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
- ---help---
- Select this if you have a 32-bit processor and between 1 and 4
- gigabytes of physical RAM.
-@@ -1109,7 +1109,7 @@ config PAGE_OFFSET
- hex
- default 0xB0000000 if VMSPLIT_3G_OPT
- default 0x80000000 if VMSPLIT_2G
-- default 0x78000000 if VMSPLIT_2G_OPT
-+ default 0x70000000 if VMSPLIT_2G_OPT
- default 0x40000000 if VMSPLIT_1G
- default 0xC0000000
- depends on X86_32
-@@ -1483,6 +1483,7 @@ config SECCOMP
-
- config CC_STACKPROTECTOR
- bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
-+ depends on X86_64 || !PAX_MEMORY_UDEREF
- ---help---
- This option turns on the -fstack-protector GCC feature. This
- feature puts, at the beginning of functions, a canary value on
-@@ -1540,6 +1541,7 @@ config KEXEC_JUMP
- config PHYSICAL_START
- hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
- default "0x1000000"
-+ range 0x400000 0x40000000
- ---help---
- This gives the physical address where the kernel is loaded.
-
-@@ -1603,6 +1605,7 @@ config X86_NEED_RELOCS
- config PHYSICAL_ALIGN
- hex "Alignment value to which kernel should be aligned" if X86_32
- default "0x1000000"
-+ range 0x400000 0x1000000 if PAX_KERNEXEC
- range 0x2000 0x1000000
- ---help---
- This value puts the alignment restrictions on physical address
-@@ -1634,9 +1637,10 @@ config HOTPLUG_CPU
- Say N if you want to disable CPU hotplug.
-
- config COMPAT_VDSO
-- def_bool y
-+ def_bool n
- prompt "Compat VDSO support"
- depends on X86_32 || IA32_EMULATION
-+ depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
- ---help---
- Map the 32-bit VDSO to the predictable old-style address too.
-
-diff -urNp linux-3.0.7/arch/x86/Kconfig.cpu linux-3.0.7/arch/x86/Kconfig.cpu
---- linux-3.0.7/arch/x86/Kconfig.cpu 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/Kconfig.cpu 2011-08-23 21:47:55.000000000 -0400
-@@ -338,7 +338,7 @@ config X86_PPRO_FENCE
-
- config X86_F00F_BUG
- def_bool y
-- depends on M586MMX || M586TSC || M586 || M486 || M386
-+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
-
- config X86_INVD_BUG
- def_bool y
-@@ -362,7 +362,7 @@ config X86_POPAD_OK
-
- config X86_ALIGNMENT_16
- def_bool y
-- depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || MELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
-+ depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
-
- config X86_INTEL_USERCOPY
- def_bool y
-@@ -408,7 +408,7 @@ config X86_CMPXCHG64
- # generates cmov.
- config X86_CMOV
- def_bool y
-- depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
-+ depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
-
- config X86_MINIMUM_CPU_FAMILY
- int
-diff -urNp linux-3.0.7/arch/x86/Kconfig.debug linux-3.0.7/arch/x86/Kconfig.debug
---- linux-3.0.7/arch/x86/Kconfig.debug 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/Kconfig.debug 2011-08-23 21:47:55.000000000 -0400
-@@ -81,7 +81,7 @@ config X86_PTDUMP
- config DEBUG_RODATA
- bool "Write protect kernel read-only data structures"
- default y
-- depends on DEBUG_KERNEL
-+ depends on DEBUG_KERNEL && BROKEN
- ---help---
- Mark the kernel read-only data as write-protected in the pagetables,
- in order to catch accidental (and incorrect) writes to such const
-@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST
-
- config DEBUG_SET_MODULE_RONX
- bool "Set loadable kernel module data as NX and text as RO"
-- depends on MODULES
-+ depends on MODULES && BROKEN
- ---help---
- This option helps catch unintended modifications to loadable
- kernel module's text and read-only data. It also prevents execution
diff -urNp linux-3.0.7/arch/x86/kernel/acpi/realmode/Makefile linux-3.0.7/arch/x86/kernel/acpi/realmode/Makefile
--- linux-3.0.7/arch/x86/kernel/acpi/realmode/Makefile 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/acpi/realmode/Makefile 2011-08-23 21:47:55.000000000 -0400
proc_create("apm", 0, NULL, &apm_file_ops);
-diff -urNp linux-3.0.7/arch/x86/kernel/asm-offsets_64.c linux-3.0.7/arch/x86/kernel/asm-offsets_64.c
---- linux-3.0.7/arch/x86/kernel/asm-offsets_64.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/asm-offsets_64.c 2011-08-23 21:47:55.000000000 -0400
-@@ -69,6 +69,7 @@ int main(void)
- BLANK();
- #undef ENTRY
-
-+ DEFINE(TSS_size, sizeof(struct tss_struct));
- OFFSET(TSS_ist, tss_struct, x86_tss.ist);
- BLANK();
-
diff -urNp linux-3.0.7/arch/x86/kernel/asm-offsets.c linux-3.0.7/arch/x86/kernel/asm-offsets.c
--- linux-3.0.7/arch/x86/kernel/asm-offsets.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/asm-offsets.c 2011-08-23 21:47:55.000000000 -0400
#ifdef CONFIG_XEN
BLANK();
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
+diff -urNp linux-3.0.7/arch/x86/kernel/asm-offsets_64.c linux-3.0.7/arch/x86/kernel/asm-offsets_64.c
+--- linux-3.0.7/arch/x86/kernel/asm-offsets_64.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/asm-offsets_64.c 2011-08-23 21:47:55.000000000 -0400
+@@ -69,6 +69,7 @@ int main(void)
+ BLANK();
+ #undef ENTRY
+
++ DEFINE(TSS_size, sizeof(struct tss_struct));
+ OFFSET(TSS_ist, tss_struct, x86_tss.ist);
+ BLANK();
+
+diff -urNp linux-3.0.7/arch/x86/kernel/cpu/Makefile linux-3.0.7/arch/x86/kernel/cpu/Makefile
+--- linux-3.0.7/arch/x86/kernel/cpu/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/cpu/Makefile 2011-08-23 21:47:55.000000000 -0400
+@@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg
+ CFLAGS_REMOVE_perf_event.o = -pg
+ endif
+
+-# Make sure load_percpu_segment has no stackprotector
+-nostackp := $(call cc-option, -fno-stack-protector)
+-CFLAGS_common.o := $(nostackp)
+-
+ obj-y := intel_cacheinfo.o scattered.o topology.o
+ obj-y += proc.o capflags.o powerflags.o common.o
+ obj-y += vmware.o hypervisor.o sched.o mshyperv.o
diff -urNp linux-3.0.7/arch/x86/kernel/cpu/amd.c linux-3.0.7/arch/x86/kernel/cpu/amd.c
--- linux-3.0.7/arch/x86/kernel/cpu/amd.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/cpu/amd.c 2011-08-23 21:47:55.000000000 -0400
load_idt(&idt_descr);
}
#endif
-diff -urNp linux-3.0.7/arch/x86/kernel/cpu/Makefile linux-3.0.7/arch/x86/kernel/cpu/Makefile
---- linux-3.0.7/arch/x86/kernel/cpu/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/cpu/Makefile 2011-08-23 21:47:55.000000000 -0400
-@@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg
- CFLAGS_REMOVE_perf_event.o = -pg
- endif
-
--# Make sure load_percpu_segment has no stackprotector
--nostackp := $(call cc-option, -fno-stack-protector)
--CFLAGS_common.o := $(nostackp)
--
- obj-y := intel_cacheinfo.o scattered.o topology.o
- obj-y += proc.o capflags.o powerflags.o common.o
- obj-y += vmware.o hypervisor.o sched.o mshyperv.o
+diff -urNp linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c
+--- linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c 2011-08-23 21:47:55.000000000 -0400
+@@ -215,7 +215,9 @@ static int inject_init(void)
+ if (!alloc_cpumask_var(&mce_inject_cpumask, GFP_KERNEL))
+ return -ENOMEM;
+ printk(KERN_INFO "Machine check injector initialized\n");
+- mce_chrdev_ops.write = mce_write;
++ pax_open_kernel();
++ *(void **)&mce_chrdev_ops.write = mce_write;
++ pax_close_kernel();
+ register_die_notifier(&mce_raise_nb);
+ return 0;
+ }
diff -urNp linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce.c linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce.c
--- linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce.c 2011-08-23 21:47:55.000000000 -0400
atomic_set(&mce_executing, 0);
atomic_set(&mce_callin, 0);
atomic_set(&global_nwo, 0);
-diff -urNp linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c
---- linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/cpu/mcheck/mce-inject.c 2011-08-23 21:47:55.000000000 -0400
-@@ -215,7 +215,9 @@ static int inject_init(void)
- if (!alloc_cpumask_var(&mce_inject_cpumask, GFP_KERNEL))
- return -ENOMEM;
- printk(KERN_INFO "Machine check injector initialized\n");
-- mce_chrdev_ops.write = mce_write;
-+ pax_open_kernel();
-+ *(void **)&mce_chrdev_ops.write = mce_write;
-+ pax_close_kernel();
- register_die_notifier(&mce_raise_nb);
- return 0;
- }
diff -urNp linux-3.0.7/arch/x86/kernel/cpu/mtrr/main.c linux-3.0.7/arch/x86/kernel/cpu/mtrr/main.c
--- linux-3.0.7/arch/x86/kernel/cpu/mtrr/main.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:21.000000000 -0400
.fs = __KERNEL_PERCPU,
.__cr3 = __pa_nodebug(swapper_pg_dir),
-diff -urNp linux-3.0.7/arch/x86/kernel/dumpstack_32.c linux-3.0.7/arch/x86/kernel/dumpstack_32.c
---- linux-3.0.7/arch/x86/kernel/dumpstack_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/dumpstack_32.c 2011-08-23 21:47:55.000000000 -0400
-@@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task
- bp = stack_frame(task, regs);
-
- for (;;) {
-- struct thread_info *context;
-+ void *stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
-
-- context = (struct thread_info *)
-- ((unsigned long)stack & (~(THREAD_SIZE - 1)));
-- bp = ops->walk_stack(context, stack, bp, ops, data, NULL, &graph);
-+ bp = ops->walk_stack(task, stack_start, stack, bp, ops, data, NULL, &graph);
-
-- stack = (unsigned long *)context->previous_esp;
-- if (!stack)
-+ if (stack_start == task_stack_page(task))
- break;
-+ stack = *(unsigned long **)stack_start;
- if (ops->stack(data, "IRQ") < 0)
- break;
- touch_nmi_watchdog();
-@@ -96,21 +94,22 @@ void show_registers(struct pt_regs *regs
- * When in-kernel, we also print out the stack and code at the
- * time of the fault..
- */
-- if (!user_mode_vm(regs)) {
-+ if (!user_mode(regs)) {
- unsigned int code_prologue = code_bytes * 43 / 64;
- unsigned int code_len = code_bytes;
- unsigned char c;
- u8 *ip;
-+ unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
-
- printk(KERN_EMERG "Stack:\n");
- show_stack_log_lvl(NULL, regs, ®s->sp, 0, KERN_EMERG);
-
- printk(KERN_EMERG "Code: ");
-
-- ip = (u8 *)regs->ip - code_prologue;
-+ ip = (u8 *)regs->ip - code_prologue + cs_base;
- if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
- /* try starting at IP */
-- ip = (u8 *)regs->ip;
-+ ip = (u8 *)regs->ip + cs_base;
- code_len = code_len - code_prologue + 1;
- }
- for (i = 0; i < code_len; i++, ip++) {
-@@ -119,7 +118,7 @@ void show_registers(struct pt_regs *regs
- printk(" Bad EIP value.");
- break;
- }
-- if (ip == (u8 *)regs->ip)
-+ if (ip == (u8 *)regs->ip + cs_base)
- printk("<%02x> ", c);
- else
- printk("%02x ", c);
-@@ -132,6 +131,7 @@ int is_valid_bugaddr(unsigned long ip)
- {
- unsigned short ud2;
-
-+ ip = ktla_ktva(ip);
- if (ip < PAGE_OFFSET)
- return 0;
- if (probe_kernel_address((unsigned short *)ip, ud2))
-diff -urNp linux-3.0.7/arch/x86/kernel/dumpstack_64.c linux-3.0.7/arch/x86/kernel/dumpstack_64.c
---- linux-3.0.7/arch/x86/kernel/dumpstack_64.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/dumpstack_64.c 2011-08-23 21:47:55.000000000 -0400
-@@ -147,9 +147,9 @@ void dump_trace(struct task_struct *task
- unsigned long *irq_stack_end =
- (unsigned long *)per_cpu(irq_stack_ptr, cpu);
- unsigned used = 0;
-- struct thread_info *tinfo;
- int graph = 0;
- unsigned long dummy;
-+ void *stack_start;
-
- if (!task)
- task = current;
-@@ -167,10 +167,10 @@ void dump_trace(struct task_struct *task
- * current stack address. If the stacks consist of nested
- * exceptions
- */
-- tinfo = task_thread_info(task);
- for (;;) {
- char *id;
- unsigned long *estack_end;
-+
- estack_end = in_exception_stack(cpu, (unsigned long)stack,
- &used, &id);
-
-@@ -178,7 +178,7 @@ void dump_trace(struct task_struct *task
- if (ops->stack(data, id) < 0)
- break;
-
-- bp = ops->walk_stack(tinfo, stack, bp, ops,
-+ bp = ops->walk_stack(task, estack_end - EXCEPTION_STKSZ, stack, bp, ops,
- data, estack_end, &graph);
- ops->stack(data, "<EOE>");
- /*
-@@ -197,7 +197,7 @@ void dump_trace(struct task_struct *task
- if (in_irq_stack(stack, irq_stack, irq_stack_end)) {
- if (ops->stack(data, "IRQ") < 0)
- break;
-- bp = ops->walk_stack(tinfo, stack, bp,
-+ bp = ops->walk_stack(task, irq_stack, stack, bp,
- ops, data, irq_stack_end, &graph);
- /*
- * We link to the next stack (which would be
-@@ -218,7 +218,8 @@ void dump_trace(struct task_struct *task
- /*
- * This handles the process stack:
- */
-- bp = ops->walk_stack(tinfo, stack, bp, ops, data, NULL, &graph);
-+ stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
-+ bp = ops->walk_stack(task, stack_start, stack, bp, ops, data, NULL, &graph);
- put_cpu();
- }
- EXPORT_SYMBOL(dump_trace);
diff -urNp linux-3.0.7/arch/x86/kernel/dumpstack.c linux-3.0.7/arch/x86/kernel/dumpstack.c
--- linux-3.0.7/arch/x86/kernel/dumpstack.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/dumpstack.c 2011-08-23 21:48:14.000000000 -0400
report_bug(regs->ip, regs);
if (__die(str, regs, err))
+diff -urNp linux-3.0.7/arch/x86/kernel/dumpstack_32.c linux-3.0.7/arch/x86/kernel/dumpstack_32.c
+--- linux-3.0.7/arch/x86/kernel/dumpstack_32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/dumpstack_32.c 2011-08-23 21:47:55.000000000 -0400
+@@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task
+ bp = stack_frame(task, regs);
+
+ for (;;) {
+- struct thread_info *context;
++ void *stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
+
+- context = (struct thread_info *)
+- ((unsigned long)stack & (~(THREAD_SIZE - 1)));
+- bp = ops->walk_stack(context, stack, bp, ops, data, NULL, &graph);
++ bp = ops->walk_stack(task, stack_start, stack, bp, ops, data, NULL, &graph);
+
+- stack = (unsigned long *)context->previous_esp;
+- if (!stack)
++ if (stack_start == task_stack_page(task))
+ break;
++ stack = *(unsigned long **)stack_start;
+ if (ops->stack(data, "IRQ") < 0)
+ break;
+ touch_nmi_watchdog();
+@@ -96,21 +94,22 @@ void show_registers(struct pt_regs *regs
+ * When in-kernel, we also print out the stack and code at the
+ * time of the fault..
+ */
+- if (!user_mode_vm(regs)) {
++ if (!user_mode(regs)) {
+ unsigned int code_prologue = code_bytes * 43 / 64;
+ unsigned int code_len = code_bytes;
+ unsigned char c;
+ u8 *ip;
++ unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
+
+ printk(KERN_EMERG "Stack:\n");
+ show_stack_log_lvl(NULL, regs, ®s->sp, 0, KERN_EMERG);
+
+ printk(KERN_EMERG "Code: ");
+
+- ip = (u8 *)regs->ip - code_prologue;
++ ip = (u8 *)regs->ip - code_prologue + cs_base;
+ if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
+ /* try starting at IP */
+- ip = (u8 *)regs->ip;
++ ip = (u8 *)regs->ip + cs_base;
+ code_len = code_len - code_prologue + 1;
+ }
+ for (i = 0; i < code_len; i++, ip++) {
+@@ -119,7 +118,7 @@ void show_registers(struct pt_regs *regs
+ printk(" Bad EIP value.");
+ break;
+ }
+- if (ip == (u8 *)regs->ip)
++ if (ip == (u8 *)regs->ip + cs_base)
+ printk("<%02x> ", c);
+ else
+ printk("%02x ", c);
+@@ -132,6 +131,7 @@ int is_valid_bugaddr(unsigned long ip)
+ {
+ unsigned short ud2;
+
++ ip = ktla_ktva(ip);
+ if (ip < PAGE_OFFSET)
+ return 0;
+ if (probe_kernel_address((unsigned short *)ip, ud2))
+diff -urNp linux-3.0.7/arch/x86/kernel/dumpstack_64.c linux-3.0.7/arch/x86/kernel/dumpstack_64.c
+--- linux-3.0.7/arch/x86/kernel/dumpstack_64.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/dumpstack_64.c 2011-08-23 21:47:55.000000000 -0400
+@@ -147,9 +147,9 @@ void dump_trace(struct task_struct *task
+ unsigned long *irq_stack_end =
+ (unsigned long *)per_cpu(irq_stack_ptr, cpu);
+ unsigned used = 0;
+- struct thread_info *tinfo;
+ int graph = 0;
+ unsigned long dummy;
++ void *stack_start;
+
+ if (!task)
+ task = current;
+@@ -167,10 +167,10 @@ void dump_trace(struct task_struct *task
+ * current stack address. If the stacks consist of nested
+ * exceptions
+ */
+- tinfo = task_thread_info(task);
+ for (;;) {
+ char *id;
+ unsigned long *estack_end;
++
+ estack_end = in_exception_stack(cpu, (unsigned long)stack,
+ &used, &id);
+
+@@ -178,7 +178,7 @@ void dump_trace(struct task_struct *task
+ if (ops->stack(data, id) < 0)
+ break;
+
+- bp = ops->walk_stack(tinfo, stack, bp, ops,
++ bp = ops->walk_stack(task, estack_end - EXCEPTION_STKSZ, stack, bp, ops,
+ data, estack_end, &graph);
+ ops->stack(data, "<EOE>");
+ /*
+@@ -197,7 +197,7 @@ void dump_trace(struct task_struct *task
+ if (in_irq_stack(stack, irq_stack, irq_stack_end)) {
+ if (ops->stack(data, "IRQ") < 0)
+ break;
+- bp = ops->walk_stack(tinfo, stack, bp,
++ bp = ops->walk_stack(task, irq_stack, stack, bp,
+ ops, data, irq_stack_end, &graph);
+ /*
+ * We link to the next stack (which would be
+@@ -218,7 +218,8 @@ void dump_trace(struct task_struct *task
+ /*
+ * This handles the process stack:
+ */
+- bp = ops->walk_stack(tinfo, stack, bp, ops, data, NULL, &graph);
++ stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
++ bp = ops->walk_stack(task, stack_start, stack, bp, ops, data, NULL, &graph);
+ put_cpu();
+ }
+ EXPORT_SYMBOL(dump_trace);
diff -urNp linux-3.0.7/arch/x86/kernel/early_printk.c linux-3.0.7/arch/x86/kernel/early_printk.c
--- linux-3.0.7/arch/x86/kernel/early_printk.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/early_printk.c 2011-08-23 21:48:14.000000000 -0400
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
}
-diff -urNp linux-3.0.7/arch/x86/kernel/irq_32.c linux-3.0.7/arch/x86/kernel/irq_32.c
---- linux-3.0.7/arch/x86/kernel/irq_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/irq_32.c 2011-08-23 21:47:55.000000000 -0400
-@@ -36,7 +36,7 @@ static int check_stack_overflow(void)
- __asm__ __volatile__("andl %%esp,%0" :
- "=r" (sp) : "0" (THREAD_SIZE - 1));
-
-- return sp < (sizeof(struct thread_info) + STACK_WARN);
-+ return sp < STACK_WARN;
- }
-
- static void print_stack_overflow(void)
-@@ -54,8 +54,8 @@ static inline void print_stack_overflow(
- * per-CPU IRQ handling contexts (thread information and stack)
- */
- union irq_ctx {
-- struct thread_info tinfo;
-- u32 stack[THREAD_SIZE/sizeof(u32)];
-+ unsigned long previous_esp;
-+ u32 stack[THREAD_SIZE/sizeof(u32)];
- } __attribute__((aligned(THREAD_SIZE)));
-
- static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx);
-@@ -75,10 +75,9 @@ static void call_on_stack(void *func, vo
- static inline int
- execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
- {
-- union irq_ctx *curctx, *irqctx;
-+ union irq_ctx *irqctx;
- u32 *isp, arg1, arg2;
-
-- curctx = (union irq_ctx *) current_thread_info();
- irqctx = __this_cpu_read(hardirq_ctx);
-
- /*
-@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struc
- * handler) we can't do that and just have to keep using the
- * current stack (which is the irq stack already after all)
- */
-- if (unlikely(curctx == irqctx))
-+ if (unlikely((void *)current_stack_pointer - (void *)irqctx < THREAD_SIZE))
- return 0;
-
- /* build the stack frame on the IRQ stack */
-- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
-- irqctx->tinfo.task = curctx->tinfo.task;
-- irqctx->tinfo.previous_esp = current_stack_pointer;
-+ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
-+ irqctx->previous_esp = current_stack_pointer;
-
-- /*
-- * Copy the softirq bits in preempt_count so that the
-- * softirq checks work in the hardirq context.
-- */
-- irqctx->tinfo.preempt_count =
-- (irqctx->tinfo.preempt_count & ~SOFTIRQ_MASK) |
-- (curctx->tinfo.preempt_count & SOFTIRQ_MASK);
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ __set_fs(MAKE_MM_SEG(0));
-+#endif
-
- if (unlikely(overflow))
- call_on_stack(print_stack_overflow, isp);
-@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struc
- : "0" (irq), "1" (desc), "2" (isp),
- "D" (desc->handle_irq)
- : "memory", "cc", "ecx");
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ __set_fs(current_thread_info()->addr_limit);
-+#endif
-+
- return 1;
- }
-
-@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struc
- */
- void __cpuinit irq_ctx_init(int cpu)
- {
-- union irq_ctx *irqctx;
--
- if (per_cpu(hardirq_ctx, cpu))
- return;
-
-- irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
-- THREAD_FLAGS,
-- THREAD_ORDER));
-- memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
-- irqctx->tinfo.cpu = cpu;
-- irqctx->tinfo.preempt_count = HARDIRQ_OFFSET;
-- irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
--
-- per_cpu(hardirq_ctx, cpu) = irqctx;
--
-- irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
-- THREAD_FLAGS,
-- THREAD_ORDER));
-- memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
-- irqctx->tinfo.cpu = cpu;
-- irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
--
-- per_cpu(softirq_ctx, cpu) = irqctx;
-+ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREAD_FLAGS, THREAD_ORDER));
-+ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREAD_FLAGS, THREAD_ORDER));
-
- printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
- cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu));
-@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu)
- asmlinkage void do_softirq(void)
- {
- unsigned long flags;
-- struct thread_info *curctx;
- union irq_ctx *irqctx;
- u32 *isp;
-
-@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void)
- local_irq_save(flags);
-
- if (local_softirq_pending()) {
-- curctx = current_thread_info();
- irqctx = __this_cpu_read(softirq_ctx);
-- irqctx->tinfo.task = curctx->task;
-- irqctx->tinfo.previous_esp = current_stack_pointer;
-+ irqctx->previous_esp = current_stack_pointer;
-
- /* build the stack frame on the softirq stack */
-- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
-+ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ __set_fs(MAKE_MM_SEG(0));
-+#endif
-
- call_on_stack(__do_softirq, isp);
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ __set_fs(current_thread_info()->addr_limit);
-+#endif
-+
- /*
- * Shouldn't happen, we returned above if in_interrupt():
- */
diff -urNp linux-3.0.7/arch/x86/kernel/irq.c linux-3.0.7/arch/x86/kernel/irq.c
--- linux-3.0.7/arch/x86/kernel/irq.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/irq.c 2011-08-23 21:47:55.000000000 -0400
#endif
return sum;
}
+diff -urNp linux-3.0.7/arch/x86/kernel/irq_32.c linux-3.0.7/arch/x86/kernel/irq_32.c
+--- linux-3.0.7/arch/x86/kernel/irq_32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/irq_32.c 2011-08-23 21:47:55.000000000 -0400
+@@ -36,7 +36,7 @@ static int check_stack_overflow(void)
+ __asm__ __volatile__("andl %%esp,%0" :
+ "=r" (sp) : "0" (THREAD_SIZE - 1));
+
+- return sp < (sizeof(struct thread_info) + STACK_WARN);
++ return sp < STACK_WARN;
+ }
+
+ static void print_stack_overflow(void)
+@@ -54,8 +54,8 @@ static inline void print_stack_overflow(
+ * per-CPU IRQ handling contexts (thread information and stack)
+ */
+ union irq_ctx {
+- struct thread_info tinfo;
+- u32 stack[THREAD_SIZE/sizeof(u32)];
++ unsigned long previous_esp;
++ u32 stack[THREAD_SIZE/sizeof(u32)];
+ } __attribute__((aligned(THREAD_SIZE)));
+
+ static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx);
+@@ -75,10 +75,9 @@ static void call_on_stack(void *func, vo
+ static inline int
+ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+ {
+- union irq_ctx *curctx, *irqctx;
++ union irq_ctx *irqctx;
+ u32 *isp, arg1, arg2;
+
+- curctx = (union irq_ctx *) current_thread_info();
+ irqctx = __this_cpu_read(hardirq_ctx);
+
+ /*
+@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struc
+ * handler) we can't do that and just have to keep using the
+ * current stack (which is the irq stack already after all)
+ */
+- if (unlikely(curctx == irqctx))
++ if (unlikely((void *)current_stack_pointer - (void *)irqctx < THREAD_SIZE))
+ return 0;
+
+ /* build the stack frame on the IRQ stack */
+- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
+- irqctx->tinfo.task = curctx->tinfo.task;
+- irqctx->tinfo.previous_esp = current_stack_pointer;
++ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
++ irqctx->previous_esp = current_stack_pointer;
+
+- /*
+- * Copy the softirq bits in preempt_count so that the
+- * softirq checks work in the hardirq context.
+- */
+- irqctx->tinfo.preempt_count =
+- (irqctx->tinfo.preempt_count & ~SOFTIRQ_MASK) |
+- (curctx->tinfo.preempt_count & SOFTIRQ_MASK);
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ __set_fs(MAKE_MM_SEG(0));
++#endif
+
+ if (unlikely(overflow))
+ call_on_stack(print_stack_overflow, isp);
+@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struc
+ : "0" (irq), "1" (desc), "2" (isp),
+ "D" (desc->handle_irq)
+ : "memory", "cc", "ecx");
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ __set_fs(current_thread_info()->addr_limit);
++#endif
++
+ return 1;
+ }
+
+@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struc
+ */
+ void __cpuinit irq_ctx_init(int cpu)
+ {
+- union irq_ctx *irqctx;
+-
+ if (per_cpu(hardirq_ctx, cpu))
+ return;
+
+- irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
+- THREAD_FLAGS,
+- THREAD_ORDER));
+- memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
+- irqctx->tinfo.cpu = cpu;
+- irqctx->tinfo.preempt_count = HARDIRQ_OFFSET;
+- irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
+-
+- per_cpu(hardirq_ctx, cpu) = irqctx;
+-
+- irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
+- THREAD_FLAGS,
+- THREAD_ORDER));
+- memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
+- irqctx->tinfo.cpu = cpu;
+- irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
+-
+- per_cpu(softirq_ctx, cpu) = irqctx;
++ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREAD_FLAGS, THREAD_ORDER));
++ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREAD_FLAGS, THREAD_ORDER));
+
+ printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
+ cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu));
+@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu)
+ asmlinkage void do_softirq(void)
+ {
+ unsigned long flags;
+- struct thread_info *curctx;
+ union irq_ctx *irqctx;
+ u32 *isp;
+
+@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void)
+ local_irq_save(flags);
+
+ if (local_softirq_pending()) {
+- curctx = current_thread_info();
+ irqctx = __this_cpu_read(softirq_ctx);
+- irqctx->tinfo.task = curctx->task;
+- irqctx->tinfo.previous_esp = current_stack_pointer;
++ irqctx->previous_esp = current_stack_pointer;
+
+ /* build the stack frame on the softirq stack */
+- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
++ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ __set_fs(MAKE_MM_SEG(0));
++#endif
+
+ call_on_stack(__do_softirq, isp);
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ __set_fs(current_thread_info()->addr_limit);
++#endif
++
+ /*
+ * Shouldn't happen, we returned above if in_interrupt():
+ */
diff -urNp linux-3.0.7/arch/x86/kernel/kgdb.c linux-3.0.7/arch/x86/kernel/kgdb.c
--- linux-3.0.7/arch/x86/kernel/kgdb.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/kgdb.c 2011-08-23 21:47:55.000000000 -0400
#if 0
if ((s64)val != *(s32 *)loc)
goto overflow;
+diff -urNp linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c
+--- linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c 2011-08-23 21:47:55.000000000 -0400
+@@ -13,7 +13,7 @@ default_spin_lock_flags(arch_spinlock_t
+ arch_spin_lock(lock);
+ }
+
+-struct pv_lock_ops pv_lock_ops = {
++struct pv_lock_ops pv_lock_ops __read_only = {
+ #ifdef CONFIG_SMP
+ .spin_is_locked = __ticket_spin_is_locked,
+ .spin_is_contended = __ticket_spin_is_contended,
diff -urNp linux-3.0.7/arch/x86/kernel/paravirt.c linux-3.0.7/arch/x86/kernel/paravirt.c
--- linux-3.0.7/arch/x86/kernel/paravirt.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/paravirt.c 2011-08-23 21:48:14.000000000 -0400
};
EXPORT_SYMBOL_GPL(pv_time_ops);
-diff -urNp linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c
---- linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/paravirt-spinlocks.c 2011-08-23 21:47:55.000000000 -0400
-@@ -13,7 +13,7 @@ default_spin_lock_flags(arch_spinlock_t
- arch_spin_lock(lock);
- }
-
--struct pv_lock_ops pv_lock_ops = {
-+struct pv_lock_ops pv_lock_ops __read_only = {
- #ifdef CONFIG_SMP
- .spin_is_locked = __ticket_spin_is_locked,
- .spin_is_contended = __ticket_spin_is_contended,
diff -urNp linux-3.0.7/arch/x86/kernel/pci-iommu_table.c linux-3.0.7/arch/x86/kernel/pci-iommu_table.c
--- linux-3.0.7/arch/x86/kernel/pci-iommu_table.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/pci-iommu_table.c 2011-08-23 21:48:14.000000000 -0400
/* Simple cyclic dependency checker. */
for (p = start; p < finish; p++) {
q = find_dependents_of(start, finish, p);
+diff -urNp linux-3.0.7/arch/x86/kernel/process.c linux-3.0.7/arch/x86/kernel/process.c
+--- linux-3.0.7/arch/x86/kernel/process.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/process.c 2011-08-30 18:23:52.000000000 -0400
+@@ -48,16 +48,33 @@ void free_thread_xstate(struct task_stru
+
+ void free_thread_info(struct thread_info *ti)
+ {
+- free_thread_xstate(ti->task);
+ free_pages((unsigned long)ti, get_order(THREAD_SIZE));
+ }
+
++static struct kmem_cache *task_struct_cachep;
++
+ void arch_task_cache_init(void)
+ {
+- task_xstate_cachep =
+- kmem_cache_create("task_xstate", xstate_size,
++ /* create a slab on which task_structs can be allocated */
++ task_struct_cachep =
++ kmem_cache_create("task_struct", sizeof(struct task_struct),
++ ARCH_MIN_TASKALIGN, SLAB_PANIC | SLAB_NOTRACK, NULL);
++
++ task_xstate_cachep =
++ kmem_cache_create("task_xstate", xstate_size,
+ __alignof__(union thread_xstate),
+- SLAB_PANIC | SLAB_NOTRACK, NULL);
++ SLAB_PANIC | SLAB_NOTRACK | SLAB_USERCOPY, NULL);
++}
++
++struct task_struct *alloc_task_struct_node(int node)
++{
++ return kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node);
++}
++
++void free_task_struct(struct task_struct *task)
++{
++ free_thread_xstate(task);
++ kmem_cache_free(task_struct_cachep, task);
+ }
+
+ /*
+@@ -70,7 +87,7 @@ void exit_thread(void)
+ unsigned long *bp = t->io_bitmap_ptr;
+
+ if (bp) {
+- struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
++ struct tss_struct *tss = init_tss + get_cpu();
+
+ t->io_bitmap_ptr = NULL;
+ clear_thread_flag(TIF_IO_BITMAP);
+@@ -106,7 +123,7 @@ void show_regs_common(void)
+
+ printk(KERN_CONT "\n");
+ printk(KERN_DEFAULT "Pid: %d, xid: #%u, comm: %.20s %s %s %.*s",
+- current->pid, current->xid, current->comm, print_tainted(),
++ task_pid_nr(current), current->xid, current->comm, print_tainted(),
+ init_utsname()->release,
+ (int)strcspn(init_utsname()->version, " "),
+ init_utsname()->version);
+@@ -120,6 +137,9 @@ void flush_thread(void)
+ {
+ struct task_struct *tsk = current;
+
++#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_PAX_MEMORY_UDEREF)
++ loadsegment(gs, 0);
++#endif
+ flush_ptrace_hw_breakpoint(tsk);
+ memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
+ /*
+@@ -282,10 +302,10 @@ int kernel_thread(int (*fn)(void *), voi
+ regs.di = (unsigned long) arg;
+
+ #ifdef CONFIG_X86_32
+- regs.ds = __USER_DS;
+- regs.es = __USER_DS;
++ regs.ds = __KERNEL_DS;
++ regs.es = __KERNEL_DS;
+ regs.fs = __KERNEL_PERCPU;
+- regs.gs = __KERNEL_STACK_CANARY;
++ savesegment(gs, regs.gs);
+ #else
+ regs.ss = __KERNEL_DS;
+ #endif
+@@ -403,7 +423,7 @@ void default_idle(void)
+ EXPORT_SYMBOL(default_idle);
+ #endif
+
+-void stop_this_cpu(void *dummy)
++__noreturn void stop_this_cpu(void *dummy)
+ {
+ local_irq_disable();
+ /*
+@@ -668,16 +688,37 @@ static int __init idle_setup(char *str)
+ }
+ early_param("idle", idle_setup);
+
+-unsigned long arch_align_stack(unsigned long sp)
++#ifdef CONFIG_PAX_RANDKSTACK
++void pax_randomize_kstack(struct pt_regs *regs)
+ {
+- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
+- sp -= get_random_int() % 8192;
+- return sp & ~0xf;
+-}
++ struct thread_struct *thread = ¤t->thread;
++ unsigned long time;
+
+-unsigned long arch_randomize_brk(struct mm_struct *mm)
+-{
+- unsigned long range_end = mm->brk + 0x02000000;
+- return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
+-}
++ if (!randomize_va_space)
++ return;
++
++ if (v8086_mode(regs))
++ return;
+
++ rdtscl(time);
++
++ /* P4 seems to return a 0 LSB, ignore it */
++#ifdef CONFIG_MPENTIUM4
++ time &= 0x3EUL;
++ time <<= 2;
++#elif defined(CONFIG_X86_64)
++ time &= 0xFUL;
++ time <<= 4;
++#else
++ time &= 0x1FUL;
++ time <<= 3;
++#endif
++
++ thread->sp0 ^= time;
++ load_sp0(init_tss + smp_processor_id(), thread);
++
++#ifdef CONFIG_X86_64
++ percpu_write(kernel_stack, thread->sp0);
++#endif
++}
++#endif
diff -urNp linux-3.0.7/arch/x86/kernel/process_32.c linux-3.0.7/arch/x86/kernel/process_32.c
--- linux-3.0.7/arch/x86/kernel/process_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/process_32.c 2011-08-23 21:47:55.000000000 -0400
return 0;
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
-diff -urNp linux-3.0.7/arch/x86/kernel/process.c linux-3.0.7/arch/x86/kernel/process.c
---- linux-3.0.7/arch/x86/kernel/process.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/process.c 2011-08-30 18:23:52.000000000 -0400
-@@ -48,16 +48,33 @@ void free_thread_xstate(struct task_stru
-
- void free_thread_info(struct thread_info *ti)
- {
-- free_thread_xstate(ti->task);
- free_pages((unsigned long)ti, get_order(THREAD_SIZE));
- }
-
-+static struct kmem_cache *task_struct_cachep;
-+
- void arch_task_cache_init(void)
- {
-- task_xstate_cachep =
-- kmem_cache_create("task_xstate", xstate_size,
-+ /* create a slab on which task_structs can be allocated */
-+ task_struct_cachep =
-+ kmem_cache_create("task_struct", sizeof(struct task_struct),
-+ ARCH_MIN_TASKALIGN, SLAB_PANIC | SLAB_NOTRACK, NULL);
-+
-+ task_xstate_cachep =
-+ kmem_cache_create("task_xstate", xstate_size,
- __alignof__(union thread_xstate),
-- SLAB_PANIC | SLAB_NOTRACK, NULL);
-+ SLAB_PANIC | SLAB_NOTRACK | SLAB_USERCOPY, NULL);
-+}
-+
-+struct task_struct *alloc_task_struct_node(int node)
-+{
-+ return kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node);
-+}
-+
-+void free_task_struct(struct task_struct *task)
-+{
-+ free_thread_xstate(task);
-+ kmem_cache_free(task_struct_cachep, task);
- }
-
- /*
-@@ -70,7 +87,7 @@ void exit_thread(void)
- unsigned long *bp = t->io_bitmap_ptr;
-
- if (bp) {
-- struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
-+ struct tss_struct *tss = init_tss + get_cpu();
-
- t->io_bitmap_ptr = NULL;
- clear_thread_flag(TIF_IO_BITMAP);
-@@ -106,7 +123,7 @@ void show_regs_common(void)
-
- printk(KERN_CONT "\n");
- printk(KERN_DEFAULT "Pid: %d, xid: #%u, comm: %.20s %s %s %.*s",
-- current->pid, current->xid, current->comm, print_tainted(),
-+ task_pid_nr(current), current->xid, current->comm, print_tainted(),
- init_utsname()->release,
- (int)strcspn(init_utsname()->version, " "),
- init_utsname()->version);
-@@ -120,6 +137,9 @@ void flush_thread(void)
- {
- struct task_struct *tsk = current;
-
-+#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_PAX_MEMORY_UDEREF)
-+ loadsegment(gs, 0);
-+#endif
- flush_ptrace_hw_breakpoint(tsk);
- memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
- /*
-@@ -282,10 +302,10 @@ int kernel_thread(int (*fn)(void *), voi
- regs.di = (unsigned long) arg;
-
- #ifdef CONFIG_X86_32
-- regs.ds = __USER_DS;
-- regs.es = __USER_DS;
-+ regs.ds = __KERNEL_DS;
-+ regs.es = __KERNEL_DS;
- regs.fs = __KERNEL_PERCPU;
-- regs.gs = __KERNEL_STACK_CANARY;
-+ savesegment(gs, regs.gs);
- #else
- regs.ss = __KERNEL_DS;
- #endif
-@@ -403,7 +423,7 @@ void default_idle(void)
- EXPORT_SYMBOL(default_idle);
- #endif
-
--void stop_this_cpu(void *dummy)
-+__noreturn void stop_this_cpu(void *dummy)
- {
- local_irq_disable();
- /*
-@@ -668,16 +688,37 @@ static int __init idle_setup(char *str)
- }
- early_param("idle", idle_setup);
-
--unsigned long arch_align_stack(unsigned long sp)
-+#ifdef CONFIG_PAX_RANDKSTACK
-+void pax_randomize_kstack(struct pt_regs *regs)
- {
-- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
-- sp -= get_random_int() % 8192;
-- return sp & ~0xf;
--}
-+ struct thread_struct *thread = ¤t->thread;
-+ unsigned long time;
-
--unsigned long arch_randomize_brk(struct mm_struct *mm)
--{
-- unsigned long range_end = mm->brk + 0x02000000;
-- return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
--}
-+ if (!randomize_va_space)
-+ return;
-+
-+ if (v8086_mode(regs))
-+ return;
-
-+ rdtscl(time);
-+
-+ /* P4 seems to return a 0 LSB, ignore it */
-+#ifdef CONFIG_MPENTIUM4
-+ time &= 0x3EUL;
-+ time <<= 2;
-+#elif defined(CONFIG_X86_64)
-+ time &= 0xFUL;
-+ time <<= 4;
-+#else
-+ time &= 0x1FUL;
-+ time <<= 3;
-+#endif
-+
-+ thread->sp0 ^= time;
-+ load_sp0(init_tss + smp_processor_id(), thread);
-+
-+#ifdef CONFIG_X86_64
-+ percpu_write(kernel_stack, thread->sp0);
-+#endif
-+}
-+#endif
diff -urNp linux-3.0.7/arch/x86/kernel/ptrace.c linux-3.0.7/arch/x86/kernel/ptrace.c
--- linux-3.0.7/arch/x86/kernel/ptrace.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/ptrace.c 2011-08-23 21:47:55.000000000 -0400
/* 32-bit mode: register increment */
return 0;
/* 64-bit mode: REX prefix */
-diff -urNp linux-3.0.7/arch/x86/kernel/syscall_table_32.S linux-3.0.7/arch/x86/kernel/syscall_table_32.S
---- linux-3.0.7/arch/x86/kernel/syscall_table_32.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/kernel/syscall_table_32.S 2011-08-23 21:47:55.000000000 -0400
-@@ -1,3 +1,4 @@
-+.section .rodata,"a",@progbits
- ENTRY(sys_call_table)
- .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
- .long sys_exit
diff -urNp linux-3.0.7/arch/x86/kernel/sys_i386_32.c linux-3.0.7/arch/x86/kernel/sys_i386_32.c
--- linux-3.0.7/arch/x86/kernel/sys_i386_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/sys_i386_32.c 2011-08-23 21:47:55.000000000 -0400
mm->cached_hole_size = ~0UL;
return addr;
+diff -urNp linux-3.0.7/arch/x86/kernel/syscall_table_32.S linux-3.0.7/arch/x86/kernel/syscall_table_32.S
+--- linux-3.0.7/arch/x86/kernel/syscall_table_32.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/kernel/syscall_table_32.S 2011-08-23 21:47:55.000000000 -0400
+@@ -1,3 +1,4 @@
++.section .rodata,"a",@progbits
+ ENTRY(sys_call_table)
+ .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
+ .long sys_exit
diff -urNp linux-3.0.7/arch/x86/kernel/tboot.c linux-3.0.7/arch/x86/kernel/tboot.c
--- linux-3.0.7/arch/x86/kernel/tboot.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/kernel/tboot.c 2011-08-23 21:47:55.000000000 -0400
{
char c;
unsigned zero_len;
-diff -urNp linux-3.0.7/arch/x86/Makefile linux-3.0.7/arch/x86/Makefile
---- linux-3.0.7/arch/x86/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/Makefile 2011-08-23 21:48:14.000000000 -0400
-@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y)
- else
- BITS := 64
- UTS_MACHINE := x86_64
-+ biarch := $(call cc-option,-m64)
- CHECKFLAGS += -D__x86_64__ -m64
-
- KBUILD_AFLAGS += -m64
-@@ -195,3 +196,12 @@ define archhelp
- echo ' FDARGS="..." arguments for the booted kernel'
- echo ' FDINITRD=file initrd for the booted kernel'
- endef
-+
-+define OLD_LD
-+
-+*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
-+*** Please upgrade your binutils to 2.18 or newer
-+endef
-+
-+archprepare:
-+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
diff -urNp linux-3.0.7/arch/x86/mm/extable.c linux-3.0.7/arch/x86/mm/extable.c
--- linux-3.0.7/arch/x86/mm/extable.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/extable.c 2011-08-23 21:47:55.000000000 -0400
return addr;
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
+diff -urNp linux-3.0.7/arch/x86/mm/init.c linux-3.0.7/arch/x86/mm/init.c
+--- linux-3.0.7/arch/x86/mm/init.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/mm/init.c 2011-08-23 21:48:14.000000000 -0400
+@@ -31,7 +31,7 @@ int direct_gbpages
+ static void __init find_early_table_space(unsigned long end, int use_pse,
+ int use_gbpages)
+ {
+- unsigned long puds, pmds, ptes, tables, start = 0, good_end = end;
++ unsigned long puds, pmds, ptes, tables, start = 0x100000, good_end = end;
+ phys_addr_t base;
+
+ puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
+@@ -313,12 +313,34 @@ unsigned long __init_refok init_memory_m
+ */
+ int devmem_is_allowed(unsigned long pagenr)
+ {
+- if (pagenr <= 256)
++#ifdef CONFIG_GRKERNSEC_KMEM
++ /* allow BDA */
++ if (!pagenr)
++ return 1;
++ /* allow EBDA */
++ if ((0x9f000 >> PAGE_SHIFT) == pagenr)
++ return 1;
++#else
++ if (!pagenr)
++ return 1;
++#ifdef CONFIG_VM86
++ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
++ return 1;
++#endif
++#endif
++
++ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
+ return 1;
++#ifdef CONFIG_GRKERNSEC_KMEM
++ /* throw out everything else below 1MB */
++ if (pagenr <= 256)
++ return 0;
++#endif
+ if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
+ return 0;
+ if (!page_is_ram(pagenr))
+ return 1;
++
+ return 0;
+ }
+
+@@ -373,6 +395,86 @@ void free_init_pages(char *what, unsigne
+
+ void free_initmem(void)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++#ifdef CONFIG_X86_32
++ /* PaX: limit KERNEL_CS to actual size */
++ unsigned long addr, limit;
++ struct desc_struct d;
++ int cpu;
++
++ limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
++ limit = (limit - 1UL) >> PAGE_SHIFT;
++
++ memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
++ for (cpu = 0; cpu < NR_CPUS; cpu++) {
++ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++ }
++
++ /* PaX: make KERNEL_CS read-only */
++ addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
++ if (!paravirt_enabled())
++ set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
++/*
++ for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++ }
++*/
++#ifdef CONFIG_X86_PAE
++ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
++/*
++ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++ }
++*/
++#endif
++
++#ifdef CONFIG_MODULES
++ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
++#endif
++
++#else
++ pgd_t *pgd;
++ pud_t *pud;
++ pmd_t *pmd;
++ unsigned long addr, end;
++
++ /* PaX: make kernel code/rodata read-only, rest non-executable */
++ for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ if (!pmd_present(*pmd))
++ continue;
++ if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
++ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++ else
++ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++ }
++
++ addr = (unsigned long)__va(__pa(__START_KERNEL_map));
++ end = addr + KERNEL_IMAGE_SIZE;
++ for (; addr < end; addr += PMD_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ if (!pmd_present(*pmd))
++ continue;
++ if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
++ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++ }
++#endif
++
++ flush_tlb_all();
++#endif
++
+ free_init_pages("unused kernel memory",
+ (unsigned long)(&__init_begin),
+ (unsigned long)(&__init_end));
diff -urNp linux-3.0.7/arch/x86/mm/init_32.c linux-3.0.7/arch/x86/mm/init_32.c
--- linux-3.0.7/arch/x86/mm/init_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/init_32.c 2011-08-23 21:47:55.000000000 -0400
return "[vdso]";
if (vma == &gate_vma)
return "[vsyscall]";
-diff -urNp linux-3.0.7/arch/x86/mm/init.c linux-3.0.7/arch/x86/mm/init.c
---- linux-3.0.7/arch/x86/mm/init.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/mm/init.c 2011-08-23 21:48:14.000000000 -0400
-@@ -31,7 +31,7 @@ int direct_gbpages
- static void __init find_early_table_space(unsigned long end, int use_pse,
- int use_gbpages)
- {
-- unsigned long puds, pmds, ptes, tables, start = 0, good_end = end;
-+ unsigned long puds, pmds, ptes, tables, start = 0x100000, good_end = end;
- phys_addr_t base;
-
- puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
-@@ -313,12 +313,34 @@ unsigned long __init_refok init_memory_m
- */
- int devmem_is_allowed(unsigned long pagenr)
- {
-- if (pagenr <= 256)
-+#ifdef CONFIG_GRKERNSEC_KMEM
-+ /* allow BDA */
-+ if (!pagenr)
-+ return 1;
-+ /* allow EBDA */
-+ if ((0x9f000 >> PAGE_SHIFT) == pagenr)
-+ return 1;
-+#else
-+ if (!pagenr)
-+ return 1;
-+#ifdef CONFIG_VM86
-+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
-+ return 1;
-+#endif
-+#endif
-+
-+ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
- return 1;
-+#ifdef CONFIG_GRKERNSEC_KMEM
-+ /* throw out everything else below 1MB */
-+ if (pagenr <= 256)
-+ return 0;
-+#endif
- if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
- return 0;
- if (!page_is_ram(pagenr))
- return 1;
-+
- return 0;
- }
-
-@@ -373,6 +395,86 @@ void free_init_pages(char *what, unsigne
-
- void free_initmem(void)
- {
-+
-+#ifdef CONFIG_PAX_KERNEXEC
-+#ifdef CONFIG_X86_32
-+ /* PaX: limit KERNEL_CS to actual size */
-+ unsigned long addr, limit;
-+ struct desc_struct d;
-+ int cpu;
-+
-+ limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
-+ limit = (limit - 1UL) >> PAGE_SHIFT;
-+
-+ memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
-+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
-+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
-+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
-+ }
-+
-+ /* PaX: make KERNEL_CS read-only */
-+ addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
-+ if (!paravirt_enabled())
-+ set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
-+/*
-+ for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+ }
-+*/
-+#ifdef CONFIG_X86_PAE
-+ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
-+/*
-+ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
-+ }
-+*/
-+#endif
-+
-+#ifdef CONFIG_MODULES
-+ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
-+#endif
-+
-+#else
-+ pgd_t *pgd;
-+ pud_t *pud;
-+ pmd_t *pmd;
-+ unsigned long addr, end;
-+
-+ /* PaX: make kernel code/rodata read-only, rest non-executable */
-+ for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ if (!pmd_present(*pmd))
-+ continue;
-+ if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+ else
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
-+ }
-+
-+ addr = (unsigned long)__va(__pa(__START_KERNEL_map));
-+ end = addr + KERNEL_IMAGE_SIZE;
-+ for (; addr < end; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ if (!pmd_present(*pmd))
-+ continue;
-+ if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+ }
-+#endif
-+
-+ flush_tlb_all();
-+#endif
-+
- free_init_pages("unused kernel memory",
- (unsigned long)(&__init_begin),
- (unsigned long)(&__init_end));
diff -urNp linux-3.0.7/arch/x86/mm/iomap_32.c linux-3.0.7/arch/x86/mm/iomap_32.c
--- linux-3.0.7/arch/x86/mm/iomap_32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/iomap_32.c 2011-08-23 21:47:55.000000000 -0400
};
map.map_id = trace->id;
+diff -urNp linux-3.0.7/arch/x86/mm/pageattr-test.c linux-3.0.7/arch/x86/mm/pageattr-test.c
+--- linux-3.0.7/arch/x86/mm/pageattr-test.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/mm/pageattr-test.c 2011-08-23 21:47:55.000000000 -0400
+@@ -36,7 +36,7 @@ enum {
+
+ static int pte_testbit(pte_t pte)
+ {
+- return pte_flags(pte) & _PAGE_UNUSED1;
++ return pte_flags(pte) & _PAGE_CPA_TEST;
+ }
+
+ struct split_state {
diff -urNp linux-3.0.7/arch/x86/mm/pageattr.c linux-3.0.7/arch/x86/mm/pageattr.c
--- linux-3.0.7/arch/x86/mm/pageattr.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/pageattr.c 2011-08-23 21:47:55.000000000 -0400
}
static int
-diff -urNp linux-3.0.7/arch/x86/mm/pageattr-test.c linux-3.0.7/arch/x86/mm/pageattr-test.c
---- linux-3.0.7/arch/x86/mm/pageattr-test.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/mm/pageattr-test.c 2011-08-23 21:47:55.000000000 -0400
-@@ -36,7 +36,7 @@ enum {
-
- static int pte_testbit(pte_t pte)
- {
-- return pte_flags(pte) & _PAGE_UNUSED1;
-+ return pte_flags(pte) & _PAGE_CPA_TEST;
- }
-
- struct split_state {
diff -urNp linux-3.0.7/arch/x86/mm/pat.c linux-3.0.7/arch/x86/mm/pat.c
--- linux-3.0.7/arch/x86/mm/pat.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/pat.c 2011-08-23 21:47:55.000000000 -0400
p += skip_prefix(p, &prf);
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
-diff -urNp linux-3.0.7/arch/x86/mm/pgtable_32.c linux-3.0.7/arch/x86/mm/pgtable_32.c
---- linux-3.0.7/arch/x86/mm/pgtable_32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/mm/pgtable_32.c 2011-08-23 21:47:55.000000000 -0400
-@@ -48,10 +48,13 @@ void set_pte_vaddr(unsigned long vaddr,
- return;
- }
- pte = pte_offset_kernel(pmd, vaddr);
-+
-+ pax_open_kernel();
- if (pte_val(pteval))
- set_pte_at(&init_mm, vaddr, pte, pteval);
- else
- pte_clear(&init_mm, vaddr, pte);
-+ pax_close_kernel();
-
- /*
- * It's enough to flush this one mapping.
diff -urNp linux-3.0.7/arch/x86/mm/pgtable.c linux-3.0.7/arch/x86/mm/pgtable.c
--- linux-3.0.7/arch/x86/mm/pgtable.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/pgtable.c 2011-08-23 21:47:55.000000000 -0400
pgd_dtor(pgd);
paravirt_pgd_free(mm, pgd);
free_page((unsigned long)pgd);
+diff -urNp linux-3.0.7/arch/x86/mm/pgtable_32.c linux-3.0.7/arch/x86/mm/pgtable_32.c
+--- linux-3.0.7/arch/x86/mm/pgtable_32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/mm/pgtable_32.c 2011-08-23 21:47:55.000000000 -0400
+@@ -48,10 +48,13 @@ void set_pte_vaddr(unsigned long vaddr,
+ return;
+ }
+ pte = pte_offset_kernel(pmd, vaddr);
++
++ pax_open_kernel();
+ if (pte_val(pteval))
+ set_pte_at(&init_mm, vaddr, pte, pteval);
+ else
+ pte_clear(&init_mm, vaddr, pte);
++ pax_close_kernel();
+
+ /*
+ * It's enough to flush this one mapping.
diff -urNp linux-3.0.7/arch/x86/mm/setup_nx.c linux-3.0.7/arch/x86/mm/setup_nx.c
--- linux-3.0.7/arch/x86/mm/setup_nx.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/mm/setup_nx.c 2011-08-23 21:47:55.000000000 -0400
}
EXPORT_SYMBOL_GPL(leave_mm);
+diff -urNp linux-3.0.7/arch/x86/net/bpf_jit.S linux-3.0.7/arch/x86/net/bpf_jit.S
+--- linux-3.0.7/arch/x86/net/bpf_jit.S 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/arch/x86/net/bpf_jit.S 2011-10-07 19:07:28.000000000 -0400
+@@ -9,6 +9,7 @@
+ */
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
++#include <asm/alternative-asm.h>
+
+ /*
+ * Calling convention :
+@@ -35,6 +36,7 @@ sk_load_word:
+ jle bpf_slow_path_word
+ mov (SKBDATA,%rsi),%eax
+ bswap %eax /* ntohl() */
++ pax_force_retaddr
+ ret
+
+
+@@ -53,6 +55,7 @@ sk_load_half:
+ jle bpf_slow_path_half
+ movzwl (SKBDATA,%rsi),%eax
+ rol $8,%ax # ntohs()
++ pax_force_retaddr
+ ret
+
+ sk_load_byte_ind:
+@@ -66,6 +69,7 @@ sk_load_byte:
+ cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */
+ jle bpf_slow_path_byte
+ movzbl (SKBDATA,%rsi),%eax
++ pax_force_retaddr
+ ret
+
+ /**
+@@ -82,6 +86,7 @@ ENTRY(sk_load_byte_msh)
+ movzbl (SKBDATA,%rsi),%ebx
+ and $15,%bl
+ shl $2,%bl
++ pax_force_retaddr
+ ret
+ CFI_ENDPROC
+ ENDPROC(sk_load_byte_msh)
+@@ -91,6 +96,7 @@ bpf_error:
+ xor %eax,%eax
+ mov -8(%rbp),%rbx
+ leaveq
++ pax_force_retaddr
+ ret
+
+ /* rsi contains offset and can be scratched */
+@@ -113,6 +119,7 @@ bpf_slow_path_word:
+ js bpf_error
+ mov -12(%rbp),%eax
+ bswap %eax
++ pax_force_retaddr
+ ret
+
+ bpf_slow_path_half:
+@@ -121,12 +128,14 @@ bpf_slow_path_half:
+ mov -12(%rbp),%ax
+ rol $8,%ax
+ movzwl %ax,%eax
++ pax_force_retaddr
+ ret
+
+ bpf_slow_path_byte:
+ bpf_slow_path_common(1)
+ js bpf_error
+ movzbl -12(%rbp),%eax
++ pax_force_retaddr
+ ret
+
+ bpf_slow_path_byte_msh:
+@@ -137,4 +146,5 @@ bpf_slow_path_byte_msh:
+ and $15,%al
+ shl $2,%al
+ xchg %eax,%ebx
++ pax_force_retaddr
+ ret
diff -urNp linux-3.0.7/arch/x86/net/bpf_jit_comp.c linux-3.0.7/arch/x86/net/bpf_jit_comp.c
--- linux-3.0.7/arch/x86/net/bpf_jit_comp.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/arch/x86/net/bpf_jit_comp.c 2011-08-23 21:47:55.000000000 -0400
proglen,
sizeof(struct work_struct)));
if (!image)
-diff -urNp linux-3.0.7/arch/x86/net/bpf_jit.S linux-3.0.7/arch/x86/net/bpf_jit.S
---- linux-3.0.7/arch/x86/net/bpf_jit.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/arch/x86/net/bpf_jit.S 2011-10-07 19:07:28.000000000 -0400
-@@ -9,6 +9,7 @@
- */
- #include <linux/linkage.h>
- #include <asm/dwarf2.h>
-+#include <asm/alternative-asm.h>
-
- /*
- * Calling convention :
-@@ -35,6 +36,7 @@ sk_load_word:
- jle bpf_slow_path_word
- mov (SKBDATA,%rsi),%eax
- bswap %eax /* ntohl() */
-+ pax_force_retaddr
- ret
-
-
-@@ -53,6 +55,7 @@ sk_load_half:
- jle bpf_slow_path_half
- movzwl (SKBDATA,%rsi),%eax
- rol $8,%ax # ntohs()
-+ pax_force_retaddr
- ret
-
- sk_load_byte_ind:
-@@ -66,6 +69,7 @@ sk_load_byte:
- cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */
- jle bpf_slow_path_byte
- movzbl (SKBDATA,%rsi),%eax
-+ pax_force_retaddr
- ret
-
- /**
-@@ -82,6 +86,7 @@ ENTRY(sk_load_byte_msh)
- movzbl (SKBDATA,%rsi),%ebx
- and $15,%bl
- shl $2,%bl
-+ pax_force_retaddr
- ret
- CFI_ENDPROC
- ENDPROC(sk_load_byte_msh)
-@@ -91,6 +96,7 @@ bpf_error:
- xor %eax,%eax
- mov -8(%rbp),%rbx
- leaveq
-+ pax_force_retaddr
- ret
-
- /* rsi contains offset and can be scratched */
-@@ -113,6 +119,7 @@ bpf_slow_path_word:
- js bpf_error
- mov -12(%rbp),%eax
- bswap %eax
-+ pax_force_retaddr
- ret
-
- bpf_slow_path_half:
-@@ -121,12 +128,14 @@ bpf_slow_path_half:
- mov -12(%rbp),%ax
- rol $8,%ax
- movzwl %ax,%eax
-+ pax_force_retaddr
- ret
-
- bpf_slow_path_byte:
- bpf_slow_path_common(1)
- js bpf_error
- movzbl -12(%rbp),%eax
-+ pax_force_retaddr
- ret
-
- bpf_slow_path_byte_msh:
-@@ -137,4 +146,5 @@ bpf_slow_path_byte_msh:
- and $15,%al
- shl $2,%al
- xchg %eax,%ebx
-+ pax_force_retaddr
- ret
diff -urNp linux-3.0.7/arch/x86/oprofile/backtrace.c linux-3.0.7/arch/x86/oprofile/backtrace.c
--- linux-3.0.7/arch/x86/oprofile/backtrace.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.7/arch/x86/oprofile/backtrace.c 2011-10-06 04:17:55.000000000 -0400
/* Copy key, add padding */
for (i = 0; i < keylen; ++i)
-diff -urNp linux-3.0.7/Documentation/dontdiff linux-3.0.7/Documentation/dontdiff
---- linux-3.0.7/Documentation/dontdiff 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/Documentation/dontdiff 2011-10-07 19:07:23.000000000 -0400
-@@ -5,6 +5,7 @@
- *.cis
- *.cpio
- *.csp
-+*.dbg
- *.dsp
- *.dvi
- *.elf
-@@ -48,9 +49,11 @@
- *.tab.h
- *.tex
- *.ver
-+*.vim
- *.xml
- *.xz
- *_MODULES
-+*_reg_safe.h
- *_vga16.c
- *~
- \#*#
-@@ -70,6 +73,7 @@ Kerntypes
- Module.markers
- Module.symvers
- PENDING
-+PERF*
- SCCS
- System.map*
- TAGS
-@@ -98,6 +102,8 @@ bzImage*
- capability_names.h
- capflags.c
- classlist.h*
-+clut_vga16.c
-+common-cmds.h
- comp*.log
- compile.h*
- conf
-@@ -126,12 +132,14 @@ fore200e_pca_fw.c*
- gconf
- gconf.glade.h
- gen-devlist
-+gen-kdb_cmds.c
- gen_crc32table
- gen_init_cpio
- generated
- genheaders
- genksyms
- *_gray256.c
-+hash
- hpet_example
- hugepage-mmap
- hugepage-shm
-@@ -146,7 +154,6 @@ int32.c
- int4.c
- int8.c
- kallsyms
--kconfig
- keywords.c
- ksym.c*
- ksym.h*
-@@ -154,7 +161,6 @@ kxgettext
- lkc_defs.h
- lex.c
- lex.*.c
--linux
- logo_*.c
- logo_*_clut224.c
- logo_*_mono.c
-@@ -166,7 +172,6 @@ machtypes.h
- map
- map_hugetlb
- maui_boot.h
--media
- mconf
- miboot*
- mk_elfconfig
-@@ -174,6 +179,7 @@ mkboot
- mkbugboot
- mkcpustr
- mkdep
-+mkpiggy
- mkprep
- mkregtable
- mktables
-@@ -209,6 +215,7 @@ r300_reg_safe.h
- r420_reg_safe.h
- r600_reg_safe.h
- recordmcount
-+regdb.c
- relocs
- rlim_names.h
- rn50_reg_safe.h
-@@ -219,6 +226,7 @@ setup
- setup.bin
- setup.elf
- sImage
-+slabinfo
- sm_tbl*
- split-include
- syscalltab.h
-@@ -246,7 +254,9 @@ vmlinux
- vmlinux-*
- vmlinux.aout
- vmlinux.bin.all
-+vmlinux.bin.bz2
- vmlinux.lds
-+vmlinux.relocs
- vmlinuz
- voffset.h
- vsyscall.lds
-@@ -254,6 +264,7 @@ vsyscall_32.lds
- wanxlfw.inc
- uImage
- unifdef
-+utsrelease.h
- wakeup.bin
- wakeup.elf
- wakeup.lds
-diff -urNp linux-3.0.7/Documentation/kernel-parameters.txt linux-3.0.7/Documentation/kernel-parameters.txt
---- linux-3.0.7/Documentation/kernel-parameters.txt 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/Documentation/kernel-parameters.txt 2011-08-23 21:47:55.000000000 -0400
-@@ -1883,6 +1883,13 @@ bytes respectively. Such letter suffixes
- the specified number of seconds. This is to be used if
- your oopses keep scrolling off the screen.
-
-+ pax_nouderef [X86] disables UDEREF. Most likely needed under certain
-+ virtualization environments that don't cope well with the
-+ expand down segment used by UDEREF on X86-32 or the frequent
-+ page table updates on X86-64.
-+
-+ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
-+
- pcbit= [HW,ISDN]
-
- pcd. [PARIDE]
diff -urNp linux-3.0.7/drivers/acpi/apei/cper.c linux-3.0.7/drivers/acpi/apei/cper.c
--- linux-3.0.7/drivers/acpi/apei/cper.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/acpi/apei/cper.c 2011-08-23 21:47:55.000000000 -0400
}
/**
+diff -urNp linux-3.0.7/drivers/block/DAC960.c linux-3.0.7/drivers/block/DAC960.c
+--- linux-3.0.7/drivers/block/DAC960.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/block/DAC960.c 2011-08-23 21:48:14.000000000 -0400
+@@ -1980,6 +1980,8 @@ static bool DAC960_V1_ReadDeviceConfigur
+ unsigned long flags;
+ int Channel, TargetID;
+
++ pax_track_stack();
++
+ if (!init_dma_loaf(Controller->PCIDevice, &local_dma,
+ DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) +
+ sizeof(DAC960_SCSI_Inquiry_T) +
diff -urNp linux-3.0.7/drivers/block/cciss.c linux-3.0.7/drivers/block/cciss.c
--- linux-3.0.7/drivers/block/cciss.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/block/cciss.c 2011-08-23 21:48:14.000000000 -0400
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
-diff -urNp linux-3.0.7/drivers/block/DAC960.c linux-3.0.7/drivers/block/DAC960.c
---- linux-3.0.7/drivers/block/DAC960.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/block/DAC960.c 2011-08-23 21:48:14.000000000 -0400
-@@ -1980,6 +1980,8 @@ static bool DAC960_V1_ReadDeviceConfigur
- unsigned long flags;
- int Channel, TargetID;
-
-+ pax_track_stack();
-+
- if (!init_dma_loaf(Controller->PCIDevice, &local_dma,
- DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) +
- sizeof(DAC960_SCSI_Inquiry_T) +
diff -urNp linux-3.0.7/drivers/block/drbd/drbd_int.h linux-3.0.7/drivers/block/drbd/drbd_int.h
--- linux-3.0.7/drivers/block/drbd/drbd_int.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/block/drbd/drbd_int.h 2011-10-06 04:17:55.000000000 -0400
switch (cmd) {
case NBD_DISCONNECT: {
struct request sreq;
+diff -urNp linux-3.0.7/drivers/char/Kconfig linux-3.0.7/drivers/char/Kconfig
+--- linux-3.0.7/drivers/char/Kconfig 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/char/Kconfig 2011-08-23 21:48:14.000000000 -0400
+@@ -8,7 +8,8 @@ source "drivers/tty/Kconfig"
+
+ config DEVKMEM
+ bool "/dev/kmem virtual device support"
+- default y
++ default n
++ depends on !GRKERNSEC_KMEM
+ help
+ Say Y here if you want to support the /dev/kmem device. The
+ /dev/kmem device is rarely used, but can be used for certain
+@@ -596,6 +597,7 @@ config DEVPORT
+ bool
+ depends on !M68K
+ depends on ISA || PCI
++ depends on !GRKERNSEC_KMEM
+ default y
+
+ source "drivers/s390/char/Kconfig"
diff -urNp linux-3.0.7/drivers/char/agp/frontend.c linux-3.0.7/drivers/char/agp/frontend.c
--- linux-3.0.7/drivers/char/agp/frontend.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/char/agp/frontend.c 2011-08-23 21:47:55.000000000 -0400
new_smi->interrupt_disabled = 1;
atomic_set(&new_smi->stop_operation, 0);
-diff -urNp linux-3.0.7/drivers/char/Kconfig linux-3.0.7/drivers/char/Kconfig
---- linux-3.0.7/drivers/char/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/char/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -8,7 +8,8 @@ source "drivers/tty/Kconfig"
-
- config DEVKMEM
- bool "/dev/kmem virtual device support"
-- default y
-+ default n
-+ depends on !GRKERNSEC_KMEM
- help
- Say Y here if you want to support the /dev/kmem device. The
- /dev/kmem device is rarely used, but can be used for certain
-@@ -596,6 +597,7 @@ config DEVPORT
- bool
- depends on !M68K
- depends on ISA || PCI
-+ depends on !GRKERNSEC_KMEM
- default y
-
- source "drivers/s390/char/Kconfig"
diff -urNp linux-3.0.7/drivers/char/mbcs.c linux-3.0.7/drivers/char/mbcs.c
--- linux-3.0.7/drivers/char/mbcs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/char/mbcs.c 2011-10-11 10:44:33.000000000 -0400
mutex_unlock(&sonypi_device.lock);
return 0;
+diff -urNp linux-3.0.7/drivers/char/tpm/tpm.c linux-3.0.7/drivers/char/tpm/tpm.c
+--- linux-3.0.7/drivers/char/tpm/tpm.c 2011-10-16 21:54:53.000000000 -0400
++++ linux-3.0.7/drivers/char/tpm/tpm.c 2011-10-16 21:55:27.000000000 -0400
+@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_c
+ chip->vendor.req_complete_val)
+ goto out_recv;
+
+- if ((status == chip->vendor.req_canceled)) {
++ if (status == chip->vendor.req_canceled) {
+ dev_err(chip->dev, "Operation Canceled\n");
+ rc = -ECANCELED;
+ goto out;
+@@ -847,6 +847,8 @@ ssize_t tpm_show_pubek(struct device *de
+
+ struct tpm_chip *chip = dev_get_drvdata(dev);
+
++ pax_track_stack();
++
+ tpm_cmd.header.in = tpm_readpubek_header;
+ err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
+ "attempting to read the PUBEK");
diff -urNp linux-3.0.7/drivers/char/tpm/tpm_bios.c linux-3.0.7/drivers/char/tpm/tpm_bios.c
--- linux-3.0.7/drivers/char/tpm/tpm_bios.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/char/tpm/tpm_bios.c 2011-10-06 04:17:55.000000000 -0400
acpi_os_unmap_memory(virt, len);
return 0;
-diff -urNp linux-3.0.7/drivers/char/tpm/tpm.c linux-3.0.7/drivers/char/tpm/tpm.c
---- linux-3.0.7/drivers/char/tpm/tpm.c 2011-10-16 21:54:53.000000000 -0400
-+++ linux-3.0.7/drivers/char/tpm/tpm.c 2011-10-16 21:55:27.000000000 -0400
-@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_c
- chip->vendor.req_complete_val)
- goto out_recv;
-
-- if ((status == chip->vendor.req_canceled)) {
-+ if (status == chip->vendor.req_canceled) {
- dev_err(chip->dev, "Operation Canceled\n");
- rc = -ECANCELED;
- goto out;
-@@ -847,6 +847,8 @@ ssize_t tpm_show_pubek(struct device *de
-
- struct tpm_chip *chip = dev_get_drvdata(dev);
-
-+ pax_track_stack();
-+
- tpm_cmd.header.in = tpm_readpubek_header;
- err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
- "attempting to read the PUBEK");
diff -urNp linux-3.0.7/drivers/char/virtio_console.c linux-3.0.7/drivers/char/virtio_console.c
--- linux-3.0.7/drivers/char/virtio_console.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/char/virtio_console.c 2011-10-06 04:17:55.000000000 -0400
return -EINVAL;
r = kmalloc(sizeof(*r), GFP_KERNEL);
-diff -urNp linux-3.0.7/drivers/firewire/core.h linux-3.0.7/drivers/firewire/core.h
---- linux-3.0.7/drivers/firewire/core.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/firewire/core.h 2011-08-23 21:47:55.000000000 -0400
-@@ -101,6 +101,7 @@ struct fw_card_driver {
-
- int (*stop_iso)(struct fw_iso_context *ctx);
- };
-+typedef struct fw_card_driver __no_const fw_card_driver_no_const;
-
- void fw_card_initialize(struct fw_card *card,
- const struct fw_card_driver *driver, struct device *device);
diff -urNp linux-3.0.7/drivers/firewire/core-transaction.c linux-3.0.7/drivers/firewire/core-transaction.c
--- linux-3.0.7/drivers/firewire/core-transaction.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/firewire/core-transaction.c 2011-08-23 21:48:14.000000000 -0400
init_timer_on_stack(&t.split_timeout_timer);
init_completion(&d.done);
d.payload = payload;
+diff -urNp linux-3.0.7/drivers/firewire/core.h linux-3.0.7/drivers/firewire/core.h
+--- linux-3.0.7/drivers/firewire/core.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/firewire/core.h 2011-08-23 21:47:55.000000000 -0400
+@@ -101,6 +101,7 @@ struct fw_card_driver {
+
+ int (*stop_iso)(struct fw_iso_context *ctx);
+ };
++typedef struct fw_card_driver __no_const fw_card_driver_no_const;
+
+ void fw_card_initialize(struct fw_card *card,
+ const struct fw_card_driver *driver, struct device *device);
diff -urNp linux-3.0.7/drivers/firmware/dmi_scan.c linux-3.0.7/drivers/firmware/dmi_scan.c
--- linux-3.0.7/drivers/firmware/dmi_scan.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/firmware/dmi_scan.c 2011-10-06 04:17:55.000000000 -0400
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
+diff -urNp linux-3.0.7/drivers/gpu/drm/radeon/radeon.h linux-3.0.7/drivers/gpu/drm/radeon/radeon.h
+--- linux-3.0.7/drivers/gpu/drm/radeon/radeon.h 2011-10-16 21:54:53.000000000 -0400
++++ linux-3.0.7/drivers/gpu/drm/radeon/radeon.h 2011-10-16 21:55:27.000000000 -0400
+@@ -191,7 +191,7 @@ extern int sumo_get_temp(struct radeon_d
+ */
+ struct radeon_fence_driver {
+ uint32_t scratch_reg;
+- atomic_t seq;
++ atomic_unchecked_t seq;
+ uint32_t last_seq;
+ unsigned long last_jiffies;
+ unsigned long last_timeout;
+@@ -961,7 +961,7 @@ struct radeon_asic {
+ void (*pre_page_flip)(struct radeon_device *rdev, int crtc);
+ u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base);
+ void (*post_page_flip)(struct radeon_device *rdev, int crtc);
+-};
++} __no_const;
+
+ /*
+ * Asic structures
diff -urNp linux-3.0.7/drivers/gpu/drm/radeon/radeon_atombios.c linux-3.0.7/drivers/gpu/drm/radeon/radeon_atombios.c
--- linux-3.0.7/drivers/gpu/drm/radeon/radeon_atombios.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/gpu/drm/radeon/radeon_atombios.c 2011-08-23 21:48:14.000000000 -0400
INIT_LIST_HEAD(&rdev->fence_drv.created);
INIT_LIST_HEAD(&rdev->fence_drv.emited);
INIT_LIST_HEAD(&rdev->fence_drv.signaled);
-diff -urNp linux-3.0.7/drivers/gpu/drm/radeon/radeon.h linux-3.0.7/drivers/gpu/drm/radeon/radeon.h
---- linux-3.0.7/drivers/gpu/drm/radeon/radeon.h 2011-10-16 21:54:53.000000000 -0400
-+++ linux-3.0.7/drivers/gpu/drm/radeon/radeon.h 2011-10-16 21:55:27.000000000 -0400
-@@ -191,7 +191,7 @@ extern int sumo_get_temp(struct radeon_d
- */
- struct radeon_fence_driver {
- uint32_t scratch_reg;
-- atomic_t seq;
-+ atomic_unchecked_t seq;
- uint32_t last_seq;
- unsigned long last_jiffies;
- unsigned long last_timeout;
-@@ -961,7 +961,7 @@ struct radeon_asic {
- void (*pre_page_flip)(struct radeon_device *rdev, int crtc);
- u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base);
- void (*post_page_flip)(struct radeon_device *rdev, int crtc);
--};
-+} __no_const;
-
- /*
- * Asic structures
diff -urNp linux-3.0.7/drivers/gpu/drm/radeon/radeon_ioc32.c linux-3.0.7/drivers/gpu/drm/radeon/radeon_ioc32.c
--- linux-3.0.7/drivers/gpu/drm/radeon/radeon_ioc32.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/gpu/drm/radeon/radeon_ioc32.c 2011-08-23 21:47:55.000000000 -0400
/* Free the control structures */
+diff -urNp linux-3.0.7/drivers/infiniband/hw/nes/nes.h linux-3.0.7/drivers/infiniband/hw/nes/nes.h
+--- linux-3.0.7/drivers/infiniband/hw/nes/nes.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/infiniband/hw/nes/nes.h 2011-08-23 21:47:55.000000000 -0400
+@@ -175,17 +175,17 @@ extern unsigned int nes_debug_level;
+ extern unsigned int wqm_quanta;
+ extern struct list_head nes_adapter_list;
+
+-extern atomic_t cm_connects;
+-extern atomic_t cm_accepts;
+-extern atomic_t cm_disconnects;
+-extern atomic_t cm_closes;
+-extern atomic_t cm_connecteds;
+-extern atomic_t cm_connect_reqs;
+-extern atomic_t cm_rejects;
+-extern atomic_t mod_qp_timouts;
+-extern atomic_t qps_created;
+-extern atomic_t qps_destroyed;
+-extern atomic_t sw_qps_destroyed;
++extern atomic_unchecked_t cm_connects;
++extern atomic_unchecked_t cm_accepts;
++extern atomic_unchecked_t cm_disconnects;
++extern atomic_unchecked_t cm_closes;
++extern atomic_unchecked_t cm_connecteds;
++extern atomic_unchecked_t cm_connect_reqs;
++extern atomic_unchecked_t cm_rejects;
++extern atomic_unchecked_t mod_qp_timouts;
++extern atomic_unchecked_t qps_created;
++extern atomic_unchecked_t qps_destroyed;
++extern atomic_unchecked_t sw_qps_destroyed;
+ extern u32 mh_detected;
+ extern u32 mh_pauses_sent;
+ extern u32 cm_packets_sent;
+@@ -194,14 +194,14 @@ extern u32 cm_packets_created;
+ extern u32 cm_packets_received;
+ extern u32 cm_packets_dropped;
+ extern u32 cm_packets_retrans;
+-extern atomic_t cm_listens_created;
+-extern atomic_t cm_listens_destroyed;
++extern atomic_unchecked_t cm_listens_created;
++extern atomic_unchecked_t cm_listens_destroyed;
+ extern u32 cm_backlog_drops;
+-extern atomic_t cm_loopbacks;
+-extern atomic_t cm_nodes_created;
+-extern atomic_t cm_nodes_destroyed;
+-extern atomic_t cm_accel_dropped_pkts;
+-extern atomic_t cm_resets_recvd;
++extern atomic_unchecked_t cm_loopbacks;
++extern atomic_unchecked_t cm_nodes_created;
++extern atomic_unchecked_t cm_nodes_destroyed;
++extern atomic_unchecked_t cm_accel_dropped_pkts;
++extern atomic_unchecked_t cm_resets_recvd;
+
+ extern u32 int_mod_timer_init;
+ extern u32 int_mod_cq_depth_256;
diff -urNp linux-3.0.7/drivers/infiniband/hw/nes/nes_cm.c linux-3.0.7/drivers/infiniband/hw/nes/nes_cm.c
--- linux-3.0.7/drivers/infiniband/hw/nes/nes_cm.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/infiniband/hw/nes/nes_cm.c 2011-08-23 21:47:55.000000000 -0400
nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n",
cm_node, cm_id, jiffies);
-diff -urNp linux-3.0.7/drivers/infiniband/hw/nes/nes.h linux-3.0.7/drivers/infiniband/hw/nes/nes.h
---- linux-3.0.7/drivers/infiniband/hw/nes/nes.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/infiniband/hw/nes/nes.h 2011-08-23 21:47:55.000000000 -0400
-@@ -175,17 +175,17 @@ extern unsigned int nes_debug_level;
- extern unsigned int wqm_quanta;
- extern struct list_head nes_adapter_list;
-
--extern atomic_t cm_connects;
--extern atomic_t cm_accepts;
--extern atomic_t cm_disconnects;
--extern atomic_t cm_closes;
--extern atomic_t cm_connecteds;
--extern atomic_t cm_connect_reqs;
--extern atomic_t cm_rejects;
--extern atomic_t mod_qp_timouts;
--extern atomic_t qps_created;
--extern atomic_t qps_destroyed;
--extern atomic_t sw_qps_destroyed;
-+extern atomic_unchecked_t cm_connects;
-+extern atomic_unchecked_t cm_accepts;
-+extern atomic_unchecked_t cm_disconnects;
-+extern atomic_unchecked_t cm_closes;
-+extern atomic_unchecked_t cm_connecteds;
-+extern atomic_unchecked_t cm_connect_reqs;
-+extern atomic_unchecked_t cm_rejects;
-+extern atomic_unchecked_t mod_qp_timouts;
-+extern atomic_unchecked_t qps_created;
-+extern atomic_unchecked_t qps_destroyed;
-+extern atomic_unchecked_t sw_qps_destroyed;
- extern u32 mh_detected;
- extern u32 mh_pauses_sent;
- extern u32 cm_packets_sent;
-@@ -194,14 +194,14 @@ extern u32 cm_packets_created;
- extern u32 cm_packets_received;
- extern u32 cm_packets_dropped;
- extern u32 cm_packets_retrans;
--extern atomic_t cm_listens_created;
--extern atomic_t cm_listens_destroyed;
-+extern atomic_unchecked_t cm_listens_created;
-+extern atomic_unchecked_t cm_listens_destroyed;
- extern u32 cm_backlog_drops;
--extern atomic_t cm_loopbacks;
--extern atomic_t cm_nodes_created;
--extern atomic_t cm_nodes_destroyed;
--extern atomic_t cm_accel_dropped_pkts;
--extern atomic_t cm_resets_recvd;
-+extern atomic_unchecked_t cm_loopbacks;
-+extern atomic_unchecked_t cm_nodes_created;
-+extern atomic_unchecked_t cm_nodes_destroyed;
-+extern atomic_unchecked_t cm_accel_dropped_pkts;
-+extern atomic_unchecked_t cm_resets_recvd;
-
- extern u32 int_mod_timer_init;
- extern u32 int_mod_cq_depth_256;
diff -urNp linux-3.0.7/drivers/infiniband/hw/nes/nes_nic.c linux-3.0.7/drivers/infiniband/hw/nes/nes_nic.c
--- linux-3.0.7/drivers/infiniband/hw/nes/nes_nic.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/infiniband/hw/nes/nes_nic.c 2011-08-23 21:47:55.000000000 -0400
.vendor = PCI_VENDOR_ID_APPLE,
.device = PCI_ANY_ID,
.subvendor = PCI_ANY_ID,
-diff -urNp linux-3.0.7/drivers/md/dm.c linux-3.0.7/drivers/md/dm.c
---- linux-3.0.7/drivers/md/dm.c 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.7/drivers/md/dm.c 2011-08-23 21:47:55.000000000 -0400
-@@ -164,9 +164,9 @@ struct mapped_device {
- /*
- * Event handling.
- */
-- atomic_t event_nr;
-+ atomic_unchecked_t event_nr;
- wait_queue_head_t eventq;
-- atomic_t uevent_seq;
-+ atomic_unchecked_t uevent_seq;
- struct list_head uevent_list;
- spinlock_t uevent_lock; /* Protect access to uevent_list */
-
-@@ -1842,8 +1842,8 @@ static struct mapped_device *alloc_dev(i
- rwlock_init(&md->map_lock);
- atomic_set(&md->holders, 1);
- atomic_set(&md->open_count, 0);
-- atomic_set(&md->event_nr, 0);
-- atomic_set(&md->uevent_seq, 0);
-+ atomic_set_unchecked(&md->event_nr, 0);
-+ atomic_set_unchecked(&md->uevent_seq, 0);
- INIT_LIST_HEAD(&md->uevent_list);
- spin_lock_init(&md->uevent_lock);
-
-@@ -1977,7 +1977,7 @@ static void event_callback(void *context
-
- dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
-
-- atomic_inc(&md->event_nr);
-+ atomic_inc_unchecked(&md->event_nr);
- wake_up(&md->eventq);
- }
-
-@@ -2553,18 +2553,18 @@ int dm_kobject_uevent(struct mapped_devi
-
- uint32_t dm_next_uevent_seq(struct mapped_device *md)
- {
-- return atomic_add_return(1, &md->uevent_seq);
-+ return atomic_add_return_unchecked(1, &md->uevent_seq);
- }
-
- uint32_t dm_get_event_nr(struct mapped_device *md)
- {
-- return atomic_read(&md->event_nr);
-+ return atomic_read_unchecked(&md->event_nr);
- }
-
- int dm_wait_event(struct mapped_device *md, int event_nr)
- {
- return wait_event_interruptible(md->eventq,
-- (event_nr != atomic_read(&md->event_nr)));
-+ (event_nr != atomic_read_unchecked(&md->event_nr)));
- }
-
- void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff -urNp linux-3.0.7/drivers/md/dm-ioctl.c linux-3.0.7/drivers/md/dm-ioctl.c
--- linux-3.0.7/drivers/md/dm-ioctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/md/dm-ioctl.c 2011-08-23 21:47:55.000000000 -0400
DMWARN("%s: %s too small for target: "
"start=%llu, len=%llu, dev_size=%llu",
dm_device_name(ti->table->md), bdevname(bdev, b),
+diff -urNp linux-3.0.7/drivers/md/dm.c linux-3.0.7/drivers/md/dm.c
+--- linux-3.0.7/drivers/md/dm.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.7/drivers/md/dm.c 2011-08-23 21:47:55.000000000 -0400
+@@ -164,9 +164,9 @@ struct mapped_device {
+ /*
+ * Event handling.
+ */
+- atomic_t event_nr;
++ atomic_unchecked_t event_nr;
+ wait_queue_head_t eventq;
+- atomic_t uevent_seq;
++ atomic_unchecked_t uevent_seq;
+ struct list_head uevent_list;
+ spinlock_t uevent_lock; /* Protect access to uevent_list */
+
+@@ -1842,8 +1842,8 @@ static struct mapped_device *alloc_dev(i
+ rwlock_init(&md->map_lock);
+ atomic_set(&md->holders, 1);
+ atomic_set(&md->open_count, 0);
+- atomic_set(&md->event_nr, 0);
+- atomic_set(&md->uevent_seq, 0);
++ atomic_set_unchecked(&md->event_nr, 0);
++ atomic_set_unchecked(&md->uevent_seq, 0);
+ INIT_LIST_HEAD(&md->uevent_list);
+ spin_lock_init(&md->uevent_lock);
+
+@@ -1977,7 +1977,7 @@ static void event_callback(void *context
+
+ dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
+
+- atomic_inc(&md->event_nr);
++ atomic_inc_unchecked(&md->event_nr);
+ wake_up(&md->eventq);
+ }
+
+@@ -2553,18 +2553,18 @@ int dm_kobject_uevent(struct mapped_devi
+
+ uint32_t dm_next_uevent_seq(struct mapped_device *md)
+ {
+- return atomic_add_return(1, &md->uevent_seq);
++ return atomic_add_return_unchecked(1, &md->uevent_seq);
+ }
+
+ uint32_t dm_get_event_nr(struct mapped_device *md)
+ {
+- return atomic_read(&md->event_nr);
++ return atomic_read_unchecked(&md->event_nr);
+ }
+
+ int dm_wait_event(struct mapped_device *md, int event_nr)
+ {
+ return wait_event_interruptible(md->eventq,
+- (event_nr != atomic_read(&md->event_nr)));
++ (event_nr != atomic_read_unchecked(&md->event_nr)));
+ }
+
+ void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff -urNp linux-3.0.7/drivers/md/md.c linux-3.0.7/drivers/md/md.c
--- linux-3.0.7/drivers/md/md.c 2011-10-17 23:17:09.000000000 -0400
+++ linux-3.0.7/drivers/md/md.c 2011-10-17 23:17:19.000000000 -0400
}
struct mdk_personality
+diff -urNp linux-3.0.7/drivers/md/raid1.c linux-3.0.7/drivers/md/raid1.c
+--- linux-3.0.7/drivers/md/raid1.c 2011-10-17 23:17:09.000000000 -0400
++++ linux-3.0.7/drivers/md/raid1.c 2011-10-17 23:17:19.000000000 -0400
+@@ -1263,7 +1263,7 @@ static int fix_sync_read_error(r1bio_t *
+ rdev_dec_pending(rdev, mddev);
+ md_error(mddev, rdev);
+ } else
+- atomic_add(s, &rdev->corrected_errors);
++ atomic_add_unchecked(s, &rdev->corrected_errors);
+ }
+ d = start;
+ while (d != r1_bio->read_disk) {
+@@ -1492,7 +1492,7 @@ static void fix_read_error(conf_t *conf,
+ /* Well, this device is dead */
+ md_error(mddev, rdev);
+ else {
+- atomic_add(s, &rdev->corrected_errors);
++ atomic_add_unchecked(s, &rdev->corrected_errors);
+ printk(KERN_INFO
+ "md/raid1:%s: read error corrected "
+ "(%d sectors at %llu on %s)\n",
diff -urNp linux-3.0.7/drivers/md/raid10.c linux-3.0.7/drivers/md/raid10.c
--- linux-3.0.7/drivers/md/raid10.c 2011-10-17 23:17:09.000000000 -0400
+++ linux-3.0.7/drivers/md/raid10.c 2011-10-17 23:17:19.000000000 -0400
if (sync_page_io(rdev,
r10_bio->devs[sl].addr +
sect,
-diff -urNp linux-3.0.7/drivers/md/raid1.c linux-3.0.7/drivers/md/raid1.c
---- linux-3.0.7/drivers/md/raid1.c 2011-10-17 23:17:09.000000000 -0400
-+++ linux-3.0.7/drivers/md/raid1.c 2011-10-17 23:17:19.000000000 -0400
-@@ -1263,7 +1263,7 @@ static int fix_sync_read_error(r1bio_t *
- rdev_dec_pending(rdev, mddev);
- md_error(mddev, rdev);
- } else
-- atomic_add(s, &rdev->corrected_errors);
-+ atomic_add_unchecked(s, &rdev->corrected_errors);
- }
- d = start;
- while (d != r1_bio->read_disk) {
-@@ -1492,7 +1492,7 @@ static void fix_read_error(conf_t *conf,
- /* Well, this device is dead */
- md_error(mddev, rdev);
- else {
-- atomic_add(s, &rdev->corrected_errors);
-+ atomic_add_unchecked(s, &rdev->corrected_errors);
- printk(KERN_INFO
- "md/raid1:%s: read error corrected "
- "(%d sectors at %llu on %s)\n",
diff -urNp linux-3.0.7/drivers/md/raid5.c linux-3.0.7/drivers/md/raid5.c
--- linux-3.0.7/drivers/md/raid5.c 2011-10-17 23:17:09.000000000 -0400
+++ linux-3.0.7/drivers/md/raid5.c 2011-10-17 23:17:19.000000000 -0400
} while (0)
#ifdef CONFIG_SGI_GRU_DEBUG
+diff -urNp linux-3.0.7/drivers/misc/sgi-xp/xp.h linux-3.0.7/drivers/misc/sgi-xp/xp.h
+--- linux-3.0.7/drivers/misc/sgi-xp/xp.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/misc/sgi-xp/xp.h 2011-08-23 21:47:55.000000000 -0400
+@@ -289,7 +289,7 @@ struct xpc_interface {
+ xpc_notify_func, void *);
+ void (*received) (short, int, void *);
+ enum xp_retval (*partid_to_nasids) (short, void *);
+-};
++} __no_const;
+
+ extern struct xpc_interface xpc_interface;
+
diff -urNp linux-3.0.7/drivers/misc/sgi-xp/xpc.h linux-3.0.7/drivers/misc/sgi-xp/xpc.h
--- linux-3.0.7/drivers/misc/sgi-xp/xpc.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/misc/sgi-xp/xpc.h 2011-10-11 10:44:33.000000000 -0400
/*
* Timer function to enforce the timelimit on the partition disengage.
-diff -urNp linux-3.0.7/drivers/misc/sgi-xp/xp.h linux-3.0.7/drivers/misc/sgi-xp/xp.h
---- linux-3.0.7/drivers/misc/sgi-xp/xp.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/misc/sgi-xp/xp.h 2011-08-23 21:47:55.000000000 -0400
-@@ -289,7 +289,7 @@ struct xpc_interface {
- xpc_notify_func, void *);
- void (*received) (short, int, void *);
- enum xp_retval (*partid_to_nasids) (short, void *);
--};
-+} __no_const;
-
- extern struct xpc_interface xpc_interface;
-
diff -urNp linux-3.0.7/drivers/mmc/host/sdhci-pci.c linux-3.0.7/drivers/mmc/host/sdhci-pci.c
--- linux-3.0.7/drivers/mmc/host/sdhci-pci.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/mmc/host/sdhci-pci.c 2011-10-11 10:44:33.000000000 -0400
/* Get stats out of the card */
clear_bit(JOB_WSTATS, &local->jobs);
if (local->power.event) {
+diff -urNp linux-3.0.7/drivers/net/wireless/ath/ath.h linux-3.0.7/drivers/net/wireless/ath/ath.h
+--- linux-3.0.7/drivers/net/wireless/ath/ath.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/net/wireless/ath/ath.h 2011-08-23 21:47:55.000000000 -0400
+@@ -121,6 +121,7 @@ struct ath_ops {
+ void (*write_flush) (void *);
+ u32 (*rmw)(void *, u32 reg_offset, u32 set, u32 clr);
+ };
++typedef struct ath_ops __no_const ath_ops_no_const;
+
+ struct ath_common;
+ struct ath_bus_ops;
diff -urNp linux-3.0.7/drivers/net/wireless/ath/ath5k/debug.c linux-3.0.7/drivers/net/wireless/ath/ath5k/debug.c
--- linux-3.0.7/drivers/net/wireless/ath/ath5k/debug.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/net/wireless/ath/ath5k/debug.c 2011-08-23 21:48:14.000000000 -0400
struct ieee80211_hw *hw;
struct ath_common common;
-diff -urNp linux-3.0.7/drivers/net/wireless/ath/ath.h linux-3.0.7/drivers/net/wireless/ath/ath.h
---- linux-3.0.7/drivers/net/wireless/ath/ath.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/net/wireless/ath/ath.h 2011-08-23 21:47:55.000000000 -0400
-@@ -121,6 +121,7 @@ struct ath_ops {
- void (*write_flush) (void *);
- u32 (*rmw)(void *, u32 reg_offset, u32 set, u32 clr);
- };
-+typedef struct ath_ops __no_const ath_ops_no_const;
-
- struct ath_common;
- struct ath_bus_ops;
diff -urNp linux-3.0.7/drivers/net/wireless/ipw2x00/ipw2100.c linux-3.0.7/drivers/net/wireless/ipw2x00/ipw2100.c
--- linux-3.0.7/drivers/net/wireless/ipw2x00/ipw2100.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/net/wireless/ipw2x00/ipw2100.c 2011-08-23 21:48:14.000000000 -0400
/* Override starting rate (index 0) if needed for debug purposes */
rs_dbgfs_set_mcs(lq_sta, &new_rate, index);
+diff -urNp linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h
+--- linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-08-23 21:47:55.000000000 -0400
+@@ -68,8 +68,8 @@ do {
+ } while (0)
+
+ #else
+-#define IWL_DEBUG(__priv, level, fmt, args...)
+-#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...)
++#define IWL_DEBUG(__priv, level, fmt, args...) do {} while (0)
++#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...) do {} while (0)
+ static inline void iwl_print_hex_dump(struct iwl_priv *priv, int level,
+ const void *p, u32 len)
+ {}
diff -urNp linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debugfs.c linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debugfs.c
--- linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debugfs.c 2011-08-23 21:48:14.000000000 -0400
for_each_context(priv, ctx) {
pos += scnprintf(buf + pos, bufsz - pos, "context %d:\n",
ctx->ctxid);
-diff -urNp linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h
---- linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-08-23 21:47:55.000000000 -0400
-@@ -68,8 +68,8 @@ do {
- } while (0)
-
- #else
--#define IWL_DEBUG(__priv, level, fmt, args...)
--#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...)
-+#define IWL_DEBUG(__priv, level, fmt, args...) do {} while (0)
-+#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...) do {} while (0)
- static inline void iwl_print_hex_dump(struct iwl_priv *priv, int level,
- const void *p, u32 len)
- {}
diff -urNp linux-3.0.7/drivers/net/wireless/iwmc3200wifi/debugfs.c linux-3.0.7/drivers/net/wireless/iwmc3200wifi/debugfs.c
--- linux-3.0.7/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/net/wireless/iwmc3200wifi/debugfs.c 2011-08-23 21:48:14.000000000 -0400
start_switch_worker();
}
-diff -urNp linux-3.0.7/drivers/oprofile/oprofilefs.c linux-3.0.7/drivers/oprofile/oprofilefs.c
---- linux-3.0.7/drivers/oprofile/oprofilefs.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/oprofile/oprofilefs.c 2011-08-23 21:47:55.000000000 -0400
-@@ -186,7 +186,7 @@ static const struct file_operations atom
-
-
- int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
-- char const *name, atomic_t *val)
-+ char const *name, atomic_unchecked_t *val)
- {
- return __oprofilefs_create_file(sb, root, name,
- &atomic_ro_fops, 0444, val);
diff -urNp linux-3.0.7/drivers/oprofile/oprofile_stats.c linux-3.0.7/drivers/oprofile/oprofile_stats.c
--- linux-3.0.7/drivers/oprofile/oprofile_stats.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/oprofile/oprofile_stats.c 2011-08-23 21:47:55.000000000 -0400
};
extern struct oprofile_stat_struct oprofile_stats;
+diff -urNp linux-3.0.7/drivers/oprofile/oprofilefs.c linux-3.0.7/drivers/oprofile/oprofilefs.c
+--- linux-3.0.7/drivers/oprofile/oprofilefs.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/oprofile/oprofilefs.c 2011-08-23 21:47:55.000000000 -0400
+@@ -186,7 +186,7 @@ static const struct file_operations atom
+
+
+ int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
+- char const *name, atomic_t *val)
++ char const *name, atomic_unchecked_t *val)
+ {
+ return __oprofilefs_create_file(sb, root, name,
+ &atomic_ro_fops, 0444, val);
diff -urNp linux-3.0.7/drivers/parport/procfs.c linux-3.0.7/drivers/parport/procfs.c
--- linux-3.0.7/drivers/parport/procfs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/parport/procfs.c 2011-08-23 21:47:55.000000000 -0400
return rtc_set_time(rtc, &tm);
case RTC_PIE_ON:
+diff -urNp linux-3.0.7/drivers/scsi/BusLogic.c linux-3.0.7/drivers/scsi/BusLogic.c
+--- linux-3.0.7/drivers/scsi/BusLogic.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/scsi/BusLogic.c 2011-08-23 21:48:14.000000000 -0400
+@@ -962,6 +962,8 @@ static int __init BusLogic_InitializeFla
+ static void __init BusLogic_InitializeProbeInfoList(struct BusLogic_HostAdapter
+ *PrototypeHostAdapter)
+ {
++ pax_track_stack();
++
+ /*
+ If a PCI BIOS is present, interrogate it for MultiMaster and FlashPoint
+ Host Adapters; otherwise, default to the standard ISA MultiMaster probe.
diff -urNp linux-3.0.7/drivers/scsi/aacraid/aacraid.h linux-3.0.7/drivers/scsi/aacraid/aacraid.h
--- linux-3.0.7/drivers/scsi/aacraid/aacraid.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/scsi/aacraid/aacraid.h 2011-08-23 21:47:55.000000000 -0400
{PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x410),0, 0, 1},
{PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x412),0, 0, 1},
{PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x416),0, 0, 1},
-diff -urNp linux-3.0.7/drivers/scsi/bfa/bfad.c linux-3.0.7/drivers/scsi/bfa/bfad.c
---- linux-3.0.7/drivers/scsi/bfa/bfad.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/scsi/bfa/bfad.c 2011-08-23 21:48:14.000000000 -0400
-@@ -1032,6 +1032,8 @@ bfad_start_ops(struct bfad_s *bfad) {
- struct bfad_vport_s *vport, *vport_new;
- struct bfa_fcs_driver_info_s driver_info;
+diff -urNp linux-3.0.7/drivers/scsi/bfa/bfa.h linux-3.0.7/drivers/scsi/bfa/bfa.h
+--- linux-3.0.7/drivers/scsi/bfa/bfa.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/scsi/bfa/bfa.h 2011-08-23 21:47:55.000000000 -0400
+@@ -238,7 +238,7 @@ struct bfa_hwif_s {
+ u32 *nvecs, u32 *maxvec);
+ void (*hw_msix_get_rme_range) (struct bfa_s *bfa, u32 *start,
+ u32 *end);
+-};
++} __no_const;
+ typedef void (*bfa_cb_iocfc_t) (void *cbarg, enum bfa_status status);
-+ pax_track_stack();
-+
- /* Fill the driver_info info to fcs*/
- memset(&driver_info, 0, sizeof(driver_info));
- strncpy(driver_info.version, BFAD_DRIVER_VERSION,
+ struct bfa_iocfc_s {
diff -urNp linux-3.0.7/drivers/scsi/bfa/bfa_fcs_lport.c linux-3.0.7/drivers/scsi/bfa/bfa_fcs_lport.c
--- linux-3.0.7/drivers/scsi/bfa/bfa_fcs_lport.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/scsi/bfa/bfa_fcs_lport.c 2011-08-23 21:48:14.000000000 -0400
bfa_trc(port->fcs, rx_fchs->s_id);
bfa_trc(port->fcs, rx_fchs->d_id);
-diff -urNp linux-3.0.7/drivers/scsi/bfa/bfa.h linux-3.0.7/drivers/scsi/bfa/bfa.h
---- linux-3.0.7/drivers/scsi/bfa/bfa.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/scsi/bfa/bfa.h 2011-08-23 21:47:55.000000000 -0400
-@@ -238,7 +238,7 @@ struct bfa_hwif_s {
- u32 *nvecs, u32 *maxvec);
- void (*hw_msix_get_rme_range) (struct bfa_s *bfa, u32 *start,
- u32 *end);
--};
-+} __no_const;
- typedef void (*bfa_cb_iocfc_t) (void *cbarg, enum bfa_status status);
-
- struct bfa_iocfc_s {
diff -urNp linux-3.0.7/drivers/scsi/bfa/bfa_ioc.h linux-3.0.7/drivers/scsi/bfa/bfa_ioc.h
--- linux-3.0.7/drivers/scsi/bfa/bfa_ioc.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/scsi/bfa/bfa_ioc.h 2011-08-23 21:47:55.000000000 -0400
#define bfa_ioc_pcifn(__ioc) ((__ioc)->pcidev.pci_func)
#define bfa_ioc_devid(__ioc) ((__ioc)->pcidev.device_id)
-diff -urNp linux-3.0.7/drivers/scsi/BusLogic.c linux-3.0.7/drivers/scsi/BusLogic.c
---- linux-3.0.7/drivers/scsi/BusLogic.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/scsi/BusLogic.c 2011-08-23 21:48:14.000000000 -0400
-@@ -962,6 +962,8 @@ static int __init BusLogic_InitializeFla
- static void __init BusLogic_InitializeProbeInfoList(struct BusLogic_HostAdapter
- *PrototypeHostAdapter)
- {
+diff -urNp linux-3.0.7/drivers/scsi/bfa/bfad.c linux-3.0.7/drivers/scsi/bfa/bfad.c
+--- linux-3.0.7/drivers/scsi/bfa/bfad.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/scsi/bfa/bfad.c 2011-08-23 21:48:14.000000000 -0400
+@@ -1032,6 +1032,8 @@ bfad_start_ops(struct bfad_s *bfad) {
+ struct bfad_vport_s *vport, *vport_new;
+ struct bfa_fcs_driver_info_s driver_info;
+
+ pax_track_stack();
+
- /*
- If a PCI BIOS is present, interrogate it for MultiMaster and FlashPoint
- Host Adapters; otherwise, default to the standard ISA MultiMaster probe.
+ /* Fill the driver_info info to fcs*/
+ memset(&driver_info, 0, sizeof(driver_info));
+ strncpy(driver_info.version, BFAD_DRIVER_VERSION,
diff -urNp linux-3.0.7/drivers/scsi/dpt_i2o.c linux-3.0.7/drivers/scsi/dpt_i2o.c
--- linux-3.0.7/drivers/scsi/dpt_i2o.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/scsi/dpt_i2o.c 2011-08-23 21:48:14.000000000 -0400
.qc_prep = ata_noop_qc_prep,
.qc_issue = sas_ata_qc_issue,
.qc_fill_rtf = sas_ata_qc_fill_rtf,
+diff -urNp linux-3.0.7/drivers/scsi/lpfc/lpfc.h linux-3.0.7/drivers/scsi/lpfc/lpfc.h
+--- linux-3.0.7/drivers/scsi/lpfc/lpfc.h 2011-10-16 21:54:54.000000000 -0400
++++ linux-3.0.7/drivers/scsi/lpfc/lpfc.h 2011-10-16 21:55:27.000000000 -0400
+@@ -425,7 +425,7 @@ struct lpfc_vport {
+ struct dentry *debug_nodelist;
+ struct dentry *vport_debugfs_root;
+ struct lpfc_debugfs_trc *disc_trc;
+- atomic_t disc_trc_cnt;
++ atomic_unchecked_t disc_trc_cnt;
+ #endif
+ uint8_t stat_data_enabled;
+ uint8_t stat_data_blocked;
+@@ -832,8 +832,8 @@ struct lpfc_hba {
+ struct timer_list fabric_block_timer;
+ unsigned long bit_flags;
+ #define FABRIC_COMANDS_BLOCKED 0
+- atomic_t num_rsrc_err;
+- atomic_t num_cmd_success;
++ atomic_unchecked_t num_rsrc_err;
++ atomic_unchecked_t num_cmd_success;
+ unsigned long last_rsrc_error_time;
+ unsigned long last_ramp_down_time;
+ unsigned long last_ramp_up_time;
+@@ -847,7 +847,7 @@ struct lpfc_hba {
+ struct dentry *debug_dumpDif; /* BlockGuard BPL*/
+ struct dentry *debug_slow_ring_trc;
+ struct lpfc_debugfs_trc *slow_ring_trc;
+- atomic_t slow_ring_trc_cnt;
++ atomic_unchecked_t slow_ring_trc_cnt;
+ /* iDiag debugfs sub-directory */
+ struct dentry *idiag_root;
+ struct dentry *idiag_pci_cfg;
diff -urNp linux-3.0.7/drivers/scsi/lpfc/lpfc_debugfs.c linux-3.0.7/drivers/scsi/lpfc/lpfc_debugfs.c
--- linux-3.0.7/drivers/scsi/lpfc/lpfc_debugfs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/scsi/lpfc/lpfc_debugfs.c 2011-08-23 21:48:14.000000000 -0400
snprintf(name, sizeof(name), "discovery_trace");
vport->debug_disc_trc =
-diff -urNp linux-3.0.7/drivers/scsi/lpfc/lpfc.h linux-3.0.7/drivers/scsi/lpfc/lpfc.h
---- linux-3.0.7/drivers/scsi/lpfc/lpfc.h 2011-10-16 21:54:54.000000000 -0400
-+++ linux-3.0.7/drivers/scsi/lpfc/lpfc.h 2011-10-16 21:55:27.000000000 -0400
-@@ -425,7 +425,7 @@ struct lpfc_vport {
- struct dentry *debug_nodelist;
- struct dentry *vport_debugfs_root;
- struct lpfc_debugfs_trc *disc_trc;
-- atomic_t disc_trc_cnt;
-+ atomic_unchecked_t disc_trc_cnt;
- #endif
- uint8_t stat_data_enabled;
- uint8_t stat_data_blocked;
-@@ -832,8 +832,8 @@ struct lpfc_hba {
- struct timer_list fabric_block_timer;
- unsigned long bit_flags;
- #define FABRIC_COMANDS_BLOCKED 0
-- atomic_t num_rsrc_err;
-- atomic_t num_cmd_success;
-+ atomic_unchecked_t num_rsrc_err;
-+ atomic_unchecked_t num_cmd_success;
- unsigned long last_rsrc_error_time;
- unsigned long last_ramp_down_time;
- unsigned long last_ramp_up_time;
-@@ -847,7 +847,7 @@ struct lpfc_hba {
- struct dentry *debug_dumpDif; /* BlockGuard BPL*/
- struct dentry *debug_slow_ring_trc;
- struct lpfc_debugfs_trc *slow_ring_trc;
-- atomic_t slow_ring_trc_cnt;
-+ atomic_unchecked_t slow_ring_trc_cnt;
- /* iDiag debugfs sub-directory */
- struct dentry *idiag_root;
- struct dentry *idiag_pci_cfg;
diff -urNp linux-3.0.7/drivers/scsi/lpfc/lpfc_init.c linux-3.0.7/drivers/scsi/lpfc/lpfc_init.c
--- linux-3.0.7/drivers/scsi/lpfc/lpfc_init.c 2011-10-16 21:54:54.000000000 -0400
+++ linux-3.0.7/drivers/scsi/lpfc/lpfc_init.c 2011-10-16 21:55:27.000000000 -0400
struct iio_ring_setup_ops {
int (*preenable)(struct iio_dev *);
-diff -urNp linux-3.0.7/drivers/staging/octeon/ethernet.c linux-3.0.7/drivers/staging/octeon/ethernet.c
---- linux-3.0.7/drivers/staging/octeon/ethernet.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/drivers/staging/octeon/ethernet.c 2011-08-23 21:47:56.000000000 -0400
-@@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_
- * since the RX tasklet also increments it.
- */
- #ifdef CONFIG_64BIT
-- atomic64_add(rx_status.dropped_packets,
-- (atomic64_t *)&priv->stats.rx_dropped);
-+ atomic64_add_unchecked(rx_status.dropped_packets,
-+ (atomic64_unchecked_t *)&priv->stats.rx_dropped);
- #else
-- atomic_add(rx_status.dropped_packets,
-- (atomic_t *)&priv->stats.rx_dropped);
-+ atomic_add_unchecked(rx_status.dropped_packets,
-+ (atomic_unchecked_t *)&priv->stats.rx_dropped);
- #endif
- }
-
diff -urNp linux-3.0.7/drivers/staging/octeon/ethernet-rx.c linux-3.0.7/drivers/staging/octeon/ethernet-rx.c
--- linux-3.0.7/drivers/staging/octeon/ethernet-rx.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/staging/octeon/ethernet-rx.c 2011-08-23 21:47:56.000000000 -0400
#endif
dev_kfree_skb_irq(skb);
}
+diff -urNp linux-3.0.7/drivers/staging/octeon/ethernet.c linux-3.0.7/drivers/staging/octeon/ethernet.c
+--- linux-3.0.7/drivers/staging/octeon/ethernet.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/drivers/staging/octeon/ethernet.c 2011-08-23 21:47:56.000000000 -0400
+@@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_
+ * since the RX tasklet also increments it.
+ */
+ #ifdef CONFIG_64BIT
+- atomic64_add(rx_status.dropped_packets,
+- (atomic64_t *)&priv->stats.rx_dropped);
++ atomic64_add_unchecked(rx_status.dropped_packets,
++ (atomic64_unchecked_t *)&priv->stats.rx_dropped);
+ #else
+- atomic_add(rx_status.dropped_packets,
+- (atomic_t *)&priv->stats.rx_dropped);
++ atomic_add_unchecked(rx_status.dropped_packets,
++ (atomic_unchecked_t *)&priv->stats.rx_dropped);
+ #endif
+ }
+
diff -urNp linux-3.0.7/drivers/staging/pohmelfs/inode.c linux-3.0.7/drivers/staging/pohmelfs/inode.c
--- linux-3.0.7/drivers/staging/pohmelfs/inode.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/drivers/staging/pohmelfs/inode.c 2011-08-23 21:47:56.000000000 -0400
P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
IS_ERR(s) ? "<error>" : s);
+diff -urNp linux-3.0.7/fs/Kconfig.binfmt linux-3.0.7/fs/Kconfig.binfmt
+--- linux-3.0.7/fs/Kconfig.binfmt 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/fs/Kconfig.binfmt 2011-08-23 21:47:56.000000000 -0400
+@@ -86,7 +86,7 @@ config HAVE_AOUT
+
+ config BINFMT_AOUT
+ tristate "Kernel support for a.out and ECOFF binaries"
+- depends on HAVE_AOUT
++ depends on HAVE_AOUT && BROKEN
+ ---help---
+ A.out (Assembler.OUTput) is a set of formats for libraries and
+ executables used in the earliest versions of UNIX. Linux used
diff -urNp linux-3.0.7/fs/aio.c linux-3.0.7/fs/aio.c
--- linux-3.0.7/fs/aio.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/aio.c 2011-08-23 21:48:14.000000000 -0400
spin_unlock(&cii->c_lock);
return hit;
-diff -urNp linux-3.0.7/fs/compat_binfmt_elf.c linux-3.0.7/fs/compat_binfmt_elf.c
---- linux-3.0.7/fs/compat_binfmt_elf.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/compat_binfmt_elf.c 2011-08-23 21:47:56.000000000 -0400
-@@ -30,11 +30,13 @@
- #undef elf_phdr
- #undef elf_shdr
- #undef elf_note
-+#undef elf_dyn
- #undef elf_addr_t
- #define elfhdr elf32_hdr
- #define elf_phdr elf32_phdr
- #define elf_shdr elf32_shdr
- #define elf_note elf32_note
-+#define elf_dyn Elf32_Dyn
- #define elf_addr_t Elf32_Addr
-
- /*
diff -urNp linux-3.0.7/fs/compat.c linux-3.0.7/fs/compat.c
--- linux-3.0.7/fs/compat.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/compat.c 2011-10-06 04:17:55.000000000 -0400
set_fs(oldfs);
if (err)
+diff -urNp linux-3.0.7/fs/compat_binfmt_elf.c linux-3.0.7/fs/compat_binfmt_elf.c
+--- linux-3.0.7/fs/compat_binfmt_elf.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/fs/compat_binfmt_elf.c 2011-08-23 21:47:56.000000000 -0400
+@@ -30,11 +30,13 @@
+ #undef elf_phdr
+ #undef elf_shdr
+ #undef elf_note
++#undef elf_dyn
+ #undef elf_addr_t
+ #define elfhdr elf32_hdr
+ #define elf_phdr elf32_phdr
+ #define elf_shdr elf32_shdr
+ #define elf_note elf32_note
++#define elf_dyn Elf32_Dyn
+ #define elf_addr_t Elf32_Addr
+
+ /*
diff -urNp linux-3.0.7/fs/compat_ioctl.c linux-3.0.7/fs/compat_ioctl.c
--- linux-3.0.7/fs/compat_ioctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/compat_ioctl.c 2011-10-06 04:17:55.000000000 -0400
fs = __get_fs_type(name, len);
if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
+diff -urNp linux-3.0.7/fs/fs_struct.c linux-3.0.7/fs/fs_struct.c
+--- linux-3.0.7/fs/fs_struct.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/fs/fs_struct.c 2011-08-23 21:48:14.000000000 -0400
+@@ -4,6 +4,7 @@
+ #include <linux/path.h>
+ #include <linux/slab.h>
+ #include <linux/fs_struct.h>
++#include <linux/grsecurity.h>
+ #include <linux/vserver/global.h>
+ #include "internal.h"
+
+@@ -31,6 +32,7 @@ void set_fs_root(struct fs_struct *fs, s
+ old_root = fs->root;
+ fs->root = *path;
+ path_get_longterm(path);
++ gr_set_chroot_entries(current, path);
+ write_seqcount_end(&fs->seq);
+ spin_unlock(&fs->lock);
+ if (old_root.dentry)
+@@ -74,6 +76,7 @@ void chroot_fs_refs(struct path *old_roo
+ && fs->root.mnt == old_root->mnt) {
+ path_get_longterm(new_root);
+ fs->root = *new_root;
++ gr_set_chroot_entries(p, new_root);
+ count++;
+ }
+ if (fs->pwd.dentry == old_root->dentry
+@@ -109,7 +112,8 @@ void exit_fs(struct task_struct *tsk)
+ spin_lock(&fs->lock);
+ write_seqcount_begin(&fs->seq);
+ tsk->fs = NULL;
+- kill = !--fs->users;
++ gr_clear_chroot_entries(tsk);
++ kill = !atomic_dec_return(&fs->users);
+ write_seqcount_end(&fs->seq);
+ spin_unlock(&fs->lock);
+ task_unlock(tsk);
+@@ -123,7 +127,7 @@ struct fs_struct *copy_fs_struct(struct
+ struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
+ /* We don't need to lock fs - think why ;-) */
+ if (fs) {
+- fs->users = 1;
++ atomic_set(&fs->users, 1);
+ fs->in_exec = 0;
+ spin_lock_init(&fs->lock);
+ seqcount_init(&fs->seq);
+@@ -132,6 +136,9 @@ struct fs_struct *copy_fs_struct(struct
+ spin_lock(&old->lock);
+ fs->root = old->root;
+ path_get_longterm(&fs->root);
++ /* instead of calling gr_set_chroot_entries here,
++ we call it from every caller of this function
++ */
+ fs->pwd = old->pwd;
+ path_get_longterm(&fs->pwd);
+ spin_unlock(&old->lock);
+@@ -150,8 +157,9 @@ int unshare_fs_struct(void)
+
+ task_lock(current);
+ spin_lock(&fs->lock);
+- kill = !--fs->users;
++ kill = !atomic_dec_return(&fs->users);
+ current->fs = new_fs;
++ gr_set_chroot_entries(current, &new_fs->root);
+ spin_unlock(&fs->lock);
+ task_unlock(current);
+
+@@ -170,7 +178,7 @@ EXPORT_SYMBOL(current_umask);
+
+ /* to be mentioned only in INIT_TASK */
+ struct fs_struct init_fs = {
+- .users = 1,
++ .users = ATOMIC_INIT(1),
+ .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock),
+ .seq = SEQCNT_ZERO,
+ .umask = 0022,
+@@ -186,12 +194,13 @@ void daemonize_fs_struct(void)
+ task_lock(current);
+
+ spin_lock(&init_fs.lock);
+- init_fs.users++;
++ atomic_inc(&init_fs.users);
+ spin_unlock(&init_fs.lock);
+
+ spin_lock(&fs->lock);
+ current->fs = &init_fs;
+- kill = !--fs->users;
++ gr_set_chroot_entries(current, ¤t->fs->root);
++ kill = !atomic_dec_return(&fs->users);
+ spin_unlock(&fs->lock);
+
+ task_unlock(current);
diff -urNp linux-3.0.7/fs/fscache/cookie.c linux-3.0.7/fs/fscache/cookie.c
--- linux-3.0.7/fs/fscache/cookie.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/fscache/cookie.c 2011-08-23 21:47:56.000000000 -0400
seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n",
atomic_read(&fscache_n_cop_alloc_object),
-diff -urNp linux-3.0.7/fs/fs_struct.c linux-3.0.7/fs/fs_struct.c
---- linux-3.0.7/fs/fs_struct.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/fs_struct.c 2011-08-23 21:48:14.000000000 -0400
-@@ -4,6 +4,7 @@
- #include <linux/path.h>
- #include <linux/slab.h>
- #include <linux/fs_struct.h>
-+#include <linux/grsecurity.h>
- #include <linux/vserver/global.h>
- #include "internal.h"
-
-@@ -31,6 +32,7 @@ void set_fs_root(struct fs_struct *fs, s
- old_root = fs->root;
- fs->root = *path;
- path_get_longterm(path);
-+ gr_set_chroot_entries(current, path);
- write_seqcount_end(&fs->seq);
- spin_unlock(&fs->lock);
- if (old_root.dentry)
-@@ -74,6 +76,7 @@ void chroot_fs_refs(struct path *old_roo
- && fs->root.mnt == old_root->mnt) {
- path_get_longterm(new_root);
- fs->root = *new_root;
-+ gr_set_chroot_entries(p, new_root);
- count++;
- }
- if (fs->pwd.dentry == old_root->dentry
-@@ -109,7 +112,8 @@ void exit_fs(struct task_struct *tsk)
- spin_lock(&fs->lock);
- write_seqcount_begin(&fs->seq);
- tsk->fs = NULL;
-- kill = !--fs->users;
-+ gr_clear_chroot_entries(tsk);
-+ kill = !atomic_dec_return(&fs->users);
- write_seqcount_end(&fs->seq);
- spin_unlock(&fs->lock);
- task_unlock(tsk);
-@@ -123,7 +127,7 @@ struct fs_struct *copy_fs_struct(struct
- struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
- /* We don't need to lock fs - think why ;-) */
- if (fs) {
-- fs->users = 1;
-+ atomic_set(&fs->users, 1);
- fs->in_exec = 0;
- spin_lock_init(&fs->lock);
- seqcount_init(&fs->seq);
-@@ -132,6 +136,9 @@ struct fs_struct *copy_fs_struct(struct
- spin_lock(&old->lock);
- fs->root = old->root;
- path_get_longterm(&fs->root);
-+ /* instead of calling gr_set_chroot_entries here,
-+ we call it from every caller of this function
-+ */
- fs->pwd = old->pwd;
- path_get_longterm(&fs->pwd);
- spin_unlock(&old->lock);
-@@ -150,8 +157,9 @@ int unshare_fs_struct(void)
-
- task_lock(current);
- spin_lock(&fs->lock);
-- kill = !--fs->users;
-+ kill = !atomic_dec_return(&fs->users);
- current->fs = new_fs;
-+ gr_set_chroot_entries(current, &new_fs->root);
- spin_unlock(&fs->lock);
- task_unlock(current);
-
-@@ -170,7 +178,7 @@ EXPORT_SYMBOL(current_umask);
-
- /* to be mentioned only in INIT_TASK */
- struct fs_struct init_fs = {
-- .users = 1,
-+ .users = ATOMIC_INIT(1),
- .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock),
- .seq = SEQCNT_ZERO,
- .umask = 0022,
-@@ -186,12 +194,13 @@ void daemonize_fs_struct(void)
- task_lock(current);
-
- spin_lock(&init_fs.lock);
-- init_fs.users++;
-+ atomic_inc(&init_fs.users);
- spin_unlock(&init_fs.lock);
-
- spin_lock(&fs->lock);
- current->fs = &init_fs;
-- kill = !--fs->users;
-+ gr_set_chroot_entries(current, ¤t->fs->root);
-+ kill = !atomic_dec_return(&fs->users);
- spin_unlock(&fs->lock);
-
- task_unlock(current);
diff -urNp linux-3.0.7/fs/fuse/cuse.c linux-3.0.7/fs/fuse/cuse.c
--- linux-3.0.7/fs/fuse/cuse.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/fuse/cuse.c 2011-08-23 21:47:56.000000000 -0400
init_once);
if (jfs_inode_cachep == NULL)
return -ENOMEM;
-diff -urNp linux-3.0.7/fs/Kconfig.binfmt linux-3.0.7/fs/Kconfig.binfmt
---- linux-3.0.7/fs/Kconfig.binfmt 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/Kconfig.binfmt 2011-08-23 21:47:56.000000000 -0400
-@@ -86,7 +86,7 @@ config HAVE_AOUT
-
- config BINFMT_AOUT
- tristate "Kernel support for a.out and ECOFF binaries"
-- depends on HAVE_AOUT
-+ depends on HAVE_AOUT && BROKEN
- ---help---
- A.out (Assembler.OUTput) is a set of formats for libraries and
- executables used in the earliest versions of UNIX. Linux used
diff -urNp linux-3.0.7/fs/libfs.c linux-3.0.7/fs/libfs.c
--- linux-3.0.7/fs/libfs.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/libfs.c 2011-08-23 21:47:56.000000000 -0400
if (err)
diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
--- linux-3.0.7/fs/namei.c 2011-10-16 21:54:54.000000000 -0400
-+++ linux-3.0.7/fs/namei.c 2011-10-16 21:55:28.000000000 -0400
-@@ -237,21 +237,31 @@ int generic_permission(struct inode *ino
++++ linux-3.0.7/fs/namei.c 2011-10-19 10:09:26.000000000 -0400
+@@ -237,21 +237,23 @@ int generic_permission(struct inode *ino
return ret;
/*
- if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
+ mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
+ if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) {
-+#ifdef CONFIG_GRKERNSEC
-+ if (flags & IPERM_FLAG_RCU)
-+ return -ECHILD;
-+#endif
+ if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
return 0;
+ }
- if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
- if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
+ if (!(mask & MAY_EXEC) || execute_ok(inode)) {
-+#ifdef CONFIG_GRKERNSEC
-+ if (flags & IPERM_FLAG_RCU)
-+ return -ECHILD;
-+#endif
+ if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
return 0;
+ }
return -EACCES;
}
-@@ -547,6 +557,9 @@ static int complete_walk(struct nameidat
- br_read_unlock(vfsmount_lock);
- }
-
-+ if (!(nd->flags & LOOKUP_PARENT) && !gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
-+ return -ENOENT;
-+
- if (likely(!(nd->flags & LOOKUP_JUMPED)))
- return 0;
-
-@@ -593,9 +606,16 @@ static inline int exec_permission(struct
+@@ -593,9 +595,12 @@ static inline int exec_permission(struct
if (ret == -ECHILD)
return ret;
+ if (ns_capable_nolog(ns, CAP_DAC_OVERRIDE))
goto ok;
+ else {
-+#ifdef CONFIG_GRKERNSEC
-+ if (flags & IPERM_FLAG_RCU)
-+ return -ECHILD;
-+#endif
+ if (ns_capable(ns, CAP_DAC_READ_SEARCH) || ns_capable(ns, CAP_DAC_OVERRIDE))
+ goto ok;
+ }
return ret;
ok:
-@@ -703,11 +723,26 @@ follow_link(struct path *link, struct na
+@@ -703,11 +708,19 @@ follow_link(struct path *link, struct na
return error;
}
+ path_put(&nd->path);
+ return error;
+ }
-+
-+ if (!gr_acl_handle_hidden_file(dentry, nd->path.mnt)) {
-+ error = -ENOENT;
-+ *p = ERR_PTR(error); /* no ->put_link(), please */
-+ path_put(&nd->path);
-+ return error;
-+ }
+
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = 0;
if (s)
error = __vfs_follow_link(nd, s);
-@@ -1625,6 +1660,9 @@ static int do_path_lookup(int dfd, const
+@@ -1598,6 +1611,12 @@ static int path_lookupat(int dfd, const
+ if (!err)
+ err = complete_walk(nd);
+
++ if (!(nd->flags & LOOKUP_PARENT) && !gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
++ if (!err)
++ path_put(&nd->path);
++ err = -ENOENT;
++ }
++
+ if (!err && nd->flags & LOOKUP_DIRECTORY) {
+ if (!nd->inode->i_op->lookup) {
+ path_put(&nd->path);
+@@ -1625,6 +1644,9 @@ static int do_path_lookup(int dfd, const
retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
if (likely(!retval)) {
if (unlikely(!audit_dummy_context())) {
if (nd->path.dentry && nd->inode)
audit_inode(name, nd->path.dentry);
-@@ -1935,6 +1973,30 @@ int vfs_create(struct inode *dir, struct
+@@ -1935,6 +1957,30 @@ int vfs_create(struct inode *dir, struct
return error;
}
static int may_open(struct path *path, int acc_mode, int flag)
{
struct dentry *dentry = path->dentry;
-@@ -1987,7 +2049,27 @@ static int may_open(struct path *path, i
+@@ -1987,7 +2033,27 @@ static int may_open(struct path *path, i
/*
* Ensure there are no outstanding leases on the file.
*/
}
static int handle_truncate(struct file *filp)
-@@ -2013,30 +2095,6 @@ static int handle_truncate(struct file *
+@@ -2013,30 +2079,6 @@ static int handle_truncate(struct file *
}
/*
* Handle the last step of open()
*/
static struct file *do_last(struct nameidata *nd, struct path *path,
-@@ -2045,6 +2103,7 @@ static struct file *do_last(struct namei
+@@ -2045,6 +2087,7 @@ static struct file *do_last(struct namei
struct dentry *dir = nd->path.dentry;
struct dentry *dentry;
int open_flag = op->open_flag;
int will_truncate = open_flag & O_TRUNC;
int want_write = 0;
int acc_mode = op->acc_mode;
-@@ -2132,6 +2191,12 @@ static struct file *do_last(struct namei
+@@ -2065,6 +2108,10 @@ static struct file *do_last(struct namei
+ error = complete_walk(nd);
+ if (error)
+ return ERR_PTR(error);
++ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
++ error = -ENOENT;
++ goto exit;
++ }
+ audit_inode(pathname, nd->path.dentry);
+ if (open_flag & O_CREAT) {
+ error = -EISDIR;
+@@ -2075,6 +2122,10 @@ static struct file *do_last(struct namei
+ error = complete_walk(nd);
+ if (error)
+ return ERR_PTR(error);
++ if (!gr_acl_handle_hidden_file(dir, nd->path.mnt)) {
++ error = -ENOENT;
++ goto exit;
++ }
+ audit_inode(pathname, dir);
+ goto ok;
+ }
+@@ -2097,6 +2148,11 @@ static struct file *do_last(struct namei
+ if (error)
+ return ERR_PTR(-ECHILD);
+
++ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
++ error = -ENOENT;
++ goto exit;
++ }
++
+ error = -ENOTDIR;
+ if (nd->flags & LOOKUP_DIRECTORY) {
+ if (!nd->inode->i_op->lookup)
+@@ -2132,6 +2188,12 @@ static struct file *do_last(struct namei
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
int mode = op->mode;
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2155,6 +2220,8 @@ static struct file *do_last(struct namei
+@@ -2155,6 +2217,8 @@ static struct file *do_last(struct namei
error = vfs_create(dir->d_inode, dentry, mode, nd);
if (error)
goto exit_mutex_unlock;
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
nd->path.dentry = dentry;
-@@ -2164,6 +2231,14 @@ static struct file *do_last(struct namei
+@@ -2164,6 +2228,19 @@ static struct file *do_last(struct namei
/*
* It already exists.
*/
+
++ if (!gr_acl_handle_hidden_file(dentry, nd->path.mnt)) {
++ error = -ENOENT;
++ goto exit_mutex_unlock;
++ }
++
+ /* only check if O_CREAT is specified, all other checks need to go
+ into may_open */
+ if (gr_handle_fifo(path->dentry, path->mnt, dir, flag, acc_mode)) {
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2450,6 +2525,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2373,6 +2450,10 @@ struct dentry *lookup_create(struct name
+ }
+ return dentry;
+ eexist:
++ if (!gr_acl_handle_hidden_file(dentry, nd->path.mnt)) {
++ dput(dentry);
++ return ERR_PTR(-ENOENT);
++ }
+ dput(dentry);
+ dentry = ERR_PTR(-EEXIST);
+ fail:
+@@ -2450,6 +2531,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
error = may_mknod(mode);
if (error)
goto out_dput;
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2470,6 +2556,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2470,6 +2562,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
}
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
dput(dentry);
out_unlock:
-@@ -2522,6 +2611,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2522,6 +2617,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
if (IS_ERR(dentry))
goto out_unlock;
if (!IS_POSIXACL(nd.path.dentry->d_inode))
mode &= ~current_umask();
error = mnt_want_write(nd.path.mnt);
-@@ -2533,6 +2627,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2533,6 +2633,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
dput(dentry);
out_unlock:
-@@ -2615,6 +2713,8 @@ static long do_rmdir(int dfd, const char
+@@ -2615,6 +2719,8 @@ static long do_rmdir(int dfd, const char
char * name;
struct dentry *dentry;
struct nameidata nd;
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2643,6 +2743,17 @@ static long do_rmdir(int dfd, const char
+@@ -2643,6 +2749,17 @@ static long do_rmdir(int dfd, const char
error = -ENOENT;
goto exit3;
}
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2650,6 +2761,8 @@ static long do_rmdir(int dfd, const char
+@@ -2650,6 +2767,8 @@ static long do_rmdir(int dfd, const char
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2712,6 +2825,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2712,6 +2831,8 @@ static long do_unlinkat(int dfd, const c
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2734,6 +2849,16 @@ static long do_unlinkat(int dfd, const c
+@@ -2734,6 +2855,16 @@ static long do_unlinkat(int dfd, const c
if (!inode)
goto slashes;
ihold(inode);
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2741,6 +2866,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2741,6 +2872,8 @@ static long do_unlinkat(int dfd, const c
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2818,6 +2945,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2818,6 +2951,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
if (IS_ERR(dentry))
goto out_unlock;
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2825,6 +2957,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2825,6 +2963,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
if (error)
goto out_drop_write;
error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -2933,6 +3067,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2933,6 +3073,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out_unlock;
error = mnt_want_write(nd.path.mnt);
if (error)
goto out_dput;
-@@ -2940,6 +3088,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2940,6 +3094,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
if (error)
goto out_drop_write;
error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
out_drop_write:
mnt_drop_write(nd.path.mnt);
out_dput:
-@@ -3117,6 +3267,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3117,6 +3273,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
char *to;
int error;
error = user_path_parent(olddfd, oldname, &oldnd, &from);
if (error)
goto exit;
-@@ -3173,6 +3325,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3173,6 +3331,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
if (new_dentry == trap)
goto exit5;
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -3182,6 +3340,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3182,6 +3346,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -3207,6 +3368,8 @@ SYSCALL_DEFINE2(rename, const char __use
+@@ -3207,6 +3374,8 @@ SYSCALL_DEFINE2(rename, const char __use
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
int len;
len = PTR_ERR(link);
-@@ -3216,7 +3379,14 @@ int vfs_readlink(struct dentry *dentry,
+@@ -3216,7 +3385,14 @@ int vfs_readlink(struct dentry *dentry,
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
inode->i_fop = &rdwr_pipefifo_fops;
/*
+diff -urNp linux-3.0.7/fs/proc/Kconfig linux-3.0.7/fs/proc/Kconfig
+--- linux-3.0.7/fs/proc/Kconfig 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/fs/proc/Kconfig 2011-08-23 21:48:14.000000000 -0400
+@@ -30,12 +30,12 @@ config PROC_FS
+
+ config PROC_KCORE
+ bool "/proc/kcore support" if !ARM
+- depends on PROC_FS && MMU
++ depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
+
+ config PROC_VMCORE
+ bool "/proc/vmcore support"
+- depends on PROC_FS && CRASH_DUMP
+- default y
++ depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
++ default n
+ help
+ Exports the dump image of crashed kernel in ELF format.
+
+@@ -59,8 +59,8 @@ config PROC_SYSCTL
+ limited in memory.
+
+ config PROC_PAGE_MONITOR
+- default y
+- depends on PROC_FS && MMU
++ default n
++ depends on PROC_FS && MMU && !GRKERNSEC
+ bool "Enable /proc page monitoring" if EXPERT
+ help
+ Various /proc files exist to monitor process memory utilization:
diff -urNp linux-3.0.7/fs/proc/array.c linux-3.0.7/fs/proc/array.c
--- linux-3.0.7/fs/proc/array.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/proc/array.c 2011-08-23 21:48:14.000000000 -0400
+#endif
diff -urNp linux-3.0.7/fs/proc/base.c linux-3.0.7/fs/proc/base.c
--- linux-3.0.7/fs/proc/base.c 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.7/fs/proc/base.c 2011-10-17 06:38:10.000000000 -0400
++++ linux-3.0.7/fs/proc/base.c 2011-10-19 03:59:32.000000000 -0400
@@ -107,6 +107,22 @@ struct pid_entry {
union proc_op op;
};
if (!IS_ERR(s))
__putname(s);
}
-@@ -2656,6 +2771,9 @@ static struct dentry *proc_base_instanti
+@@ -2656,6 +2771,7 @@ static struct dentry *proc_base_instanti
if (p->fop)
inode->i_fop = p->fop;
ei->op = p->op;
-+
-+ gr_handle_proc_create(dentry, inode);
+
d_add(dentry, inode);
error = NULL;
out:
-@@ -2795,7 +2913,7 @@ static const struct pid_entry tgid_base_
+@@ -2795,7 +2911,7 @@ static const struct pid_entry tgid_base_
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2820,10 +2938,10 @@ static const struct pid_entry tgid_base_
+@@ -2820,10 +2936,10 @@ static const struct pid_entry tgid_base_
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2857,6 +2975,9 @@ static const struct pid_entry tgid_base_
+@@ -2857,6 +2973,9 @@ static const struct pid_entry tgid_base_
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
ONE("nsproxy", S_IRUGO, proc_pid_nsproxy),
};
static int proc_tgid_base_readdir(struct file * filp,
-@@ -2982,7 +3103,14 @@ static struct dentry *proc_pid_instantia
+@@ -2982,7 +3101,14 @@ static struct dentry *proc_pid_instantia
if (!inode)
goto out;
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -3024,7 +3152,14 @@ struct dentry *proc_pid_lookup(struct in
+@@ -3024,7 +3150,14 @@ struct dentry *proc_pid_lookup(struct in
if (!task)
goto out;
put_task_struct(task);
out:
return result;
-@@ -3089,6 +3224,11 @@ int proc_pid_readdir(struct file * filp,
+@@ -3089,6 +3222,11 @@ int proc_pid_readdir(struct file * filp,
{
unsigned int nr;
struct task_struct *reaper;
struct tgid_iter iter;
struct pid_namespace *ns;
-@@ -3112,8 +3252,27 @@ int proc_pid_readdir(struct file * filp,
+@@ -3112,8 +3250,27 @@ int proc_pid_readdir(struct file * filp,
for (iter = next_tgid(ns, iter);
iter.task;
iter.tgid += 1, iter = next_tgid(ns, iter)) {
- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
put_task_struct(iter.task);
-@@ -3141,7 +3300,7 @@ static const struct pid_entry tid_base_s
+@@ -3141,7 +3298,7 @@ static const struct pid_entry tid_base_s
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -3165,10 +3324,10 @@ static const struct pid_entry tid_base_s
+@@ -3165,10 +3322,10 @@ static const struct pid_entry tid_base_s
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
module_init(proc_devices_init);
diff -urNp linux-3.0.7/fs/proc/inode.c linux-3.0.7/fs/proc/inode.c
--- linux-3.0.7/fs/proc/inode.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/proc/inode.c 2011-10-17 06:56:02.000000000 -0400
-@@ -18,6 +18,7 @@
++++ linux-3.0.7/fs/proc/inode.c 2011-10-19 03:59:32.000000000 -0400
+@@ -18,12 +18,18 @@
#include <linux/module.h>
#include <linux/sysctl.h>
#include <linux/slab.h>
#include <asm/system.h>
#include <asm/uaccess.h>
-@@ -102,10 +103,16 @@ void __init proc_init_inodecache(void)
- init_once);
- }
-+static int proc_drop_inode(struct inode *inode)
-+{
-+ gr_handle_delete(inode->i_ino, inode->i_sb->s_dev);
-+ return generic_delete_inode(inode);
-+}
+ #include "internal.h"
+
++#ifdef CONFIG_PROC_SYSCTL
++extern const struct inode_operations proc_sys_inode_operations;
++extern const struct inode_operations proc_sys_dir_operations;
++#endif
+
- static const struct super_operations proc_sops = {
- .alloc_inode = proc_alloc_inode,
- .destroy_inode = proc_destroy_inode,
-- .drop_inode = generic_delete_inode,
-+ .drop_inode = proc_drop_inode,
- .evict_inode = proc_evict_inode,
- .statfs = simple_statfs,
- };
-@@ -440,7 +447,11 @@ struct inode *proc_get_inode(struct supe
+ static void proc_evict_inode(struct inode *inode)
+ {
+ struct proc_dir_entry *de;
+@@ -49,6 +55,13 @@ static void proc_evict_inode(struct inod
+ ns_ops = PROC_I(inode)->ns_ops;
+ if (ns_ops && ns_ops->put)
+ ns_ops->put(PROC_I(inode)->ns);
++
++#ifdef CONFIG_PROC_SYSCTL
++ if (inode->i_op == &proc_sys_inode_operations ||
++ inode->i_op == &proc_sys_dir_operations)
++ gr_handle_delete(inode->i_ino, inode->i_sb->s_dev);
++#endif
++
+ }
+
+ static struct kmem_cache * proc_inode_cachep;
+@@ -440,7 +453,11 @@ struct inode *proc_get_inode(struct supe
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
extern int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task);
-diff -urNp linux-3.0.7/fs/proc/Kconfig linux-3.0.7/fs/proc/Kconfig
---- linux-3.0.7/fs/proc/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/proc/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -30,12 +30,12 @@ config PROC_FS
-
- config PROC_KCORE
- bool "/proc/kcore support" if !ARM
-- depends on PROC_FS && MMU
-+ depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
-
- config PROC_VMCORE
- bool "/proc/vmcore support"
-- depends on PROC_FS && CRASH_DUMP
-- default y
-+ depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
-+ default n
- help
- Exports the dump image of crashed kernel in ELF format.
-
-@@ -59,8 +59,8 @@ config PROC_SYSCTL
- limited in memory.
-
- config PROC_PAGE_MONITOR
-- default y
-- depends on PROC_FS && MMU
-+ default n
-+ depends on PROC_FS && MMU && !GRKERNSEC
- bool "Enable /proc page monitoring" if EXPERT
- help
- Various /proc files exist to monitor process memory utilization:
diff -urNp linux-3.0.7/fs/proc/kcore.c linux-3.0.7/fs/proc/kcore.c
--- linux-3.0.7/fs/proc/kcore.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/proc/kcore.c 2011-08-23 21:48:14.000000000 -0400
task = pid_task(proc_pid(dir), PIDTYPE_PID);
diff -urNp linux-3.0.7/fs/proc/proc_sysctl.c linux-3.0.7/fs/proc/proc_sysctl.c
--- linux-3.0.7/fs/proc/proc_sysctl.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/proc/proc_sysctl.c 2011-10-17 06:39:12.000000000 -0400
-@@ -8,6 +8,8 @@
++++ linux-3.0.7/fs/proc/proc_sysctl.c 2011-10-19 03:59:32.000000000 -0400
+@@ -8,11 +8,13 @@
#include <linux/namei.h>
#include "internal.h"
+
static const struct dentry_operations proc_sys_dentry_operations;
static const struct file_operations proc_sys_file_operations;
- static const struct inode_operations proc_sys_inode_operations;
-@@ -111,6 +113,9 @@ static struct dentry *proc_sys_lookup(st
- if (!p)
- goto out;
+-static const struct inode_operations proc_sys_inode_operations;
++const struct inode_operations proc_sys_inode_operations;
+ static const struct file_operations proc_sys_dir_file_operations;
+-static const struct inode_operations proc_sys_dir_operations;
++const struct inode_operations proc_sys_dir_operations;
-+ if (gr_handle_sysctl(p, MAY_EXEC))
-+ goto out;
-+
- err = ERR_PTR(-ENOMEM);
- inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
- if (h)
-@@ -121,6 +126,9 @@ static struct dentry *proc_sys_lookup(st
+ static struct inode *proc_sys_make_inode(struct super_block *sb,
+ struct ctl_table_header *head, struct ctl_table *table)
+@@ -121,8 +123,14 @@ static struct dentry *proc_sys_lookup(st
err = NULL;
d_set_d_op(dentry, &proc_sys_dentry_operations);
+
d_add(dentry, inode);
++ if (gr_handle_sysctl(p, MAY_EXEC))
++ err = ERR_PTR(-ENOENT);
++
out:
+ sysctl_head_finish(head);
+ return err;
@@ -202,6 +210,9 @@ static int proc_sys_fill_cache(struct fi
return -ENOMEM;
} else {
generic_fillattr(inode, stat);
if (table)
stat->mode = (stat->mode & S_IFMT) | table->mode;
+@@ -374,13 +391,13 @@ static const struct file_operations proc
+ .llseek = generic_file_llseek,
+ };
+
+-static const struct inode_operations proc_sys_inode_operations = {
++const struct inode_operations proc_sys_inode_operations = {
+ .permission = proc_sys_permission,
+ .setattr = proc_sys_setattr,
+ .getattr = proc_sys_getattr,
+ };
+
+-static const struct inode_operations proc_sys_dir_operations = {
++const struct inode_operations proc_sys_dir_operations = {
+ .lookup = proc_sys_lookup,
+ .permission = proc_sys_permission,
+ .setattr = proc_sys_setattr,
diff -urNp linux-3.0.7/fs/proc/root.c linux-3.0.7/fs/proc/root.c
--- linux-3.0.7/fs/proc/root.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/proc/root.c 2011-08-23 21:48:14.000000000 -0400
mutex_lock(&inode->i_mutex);
error = notify_change(path->dentry, &newattrs);
mutex_unlock(&inode->i_mutex);
-diff -urNp linux-3.0.7/fs/xattr_acl.c linux-3.0.7/fs/xattr_acl.c
---- linux-3.0.7/fs/xattr_acl.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/xattr_acl.c 2011-08-23 21:47:56.000000000 -0400
-@@ -17,8 +17,8 @@
- struct posix_acl *
- posix_acl_from_xattr(const void *value, size_t size)
- {
-- posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
-- posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
-+ const posix_acl_xattr_header *header = (const posix_acl_xattr_header *)value;
-+ const posix_acl_xattr_entry *entry = (const posix_acl_xattr_entry *)(header+1), *end;
- int count;
- struct posix_acl *acl;
- struct posix_acl_entry *acl_e;
diff -urNp linux-3.0.7/fs/xattr.c linux-3.0.7/fs/xattr.c
--- linux-3.0.7/fs/xattr.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/xattr.c 2011-08-23 21:48:14.000000000 -0400
mnt_drop_write(f->f_path.mnt);
}
fput(f);
-diff -urNp linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c
---- linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c 2011-08-23 21:48:14.000000000 -0400
-@@ -73,6 +73,7 @@ xfs_compat_ioc_fsgeometry_v1(
- xfs_fsop_geom_t fsgeo;
- int error;
-
-+ memset(&fsgeo, 0, sizeof(fsgeo));
- error = xfs_fs_geometry(mp, &fsgeo, 3);
- if (error)
- return -error;
+diff -urNp linux-3.0.7/fs/xattr_acl.c linux-3.0.7/fs/xattr_acl.c
+--- linux-3.0.7/fs/xattr_acl.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/fs/xattr_acl.c 2011-08-23 21:47:56.000000000 -0400
+@@ -17,8 +17,8 @@
+ struct posix_acl *
+ posix_acl_from_xattr(const void *value, size_t size)
+ {
+- posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
+- posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
++ const posix_acl_xattr_header *header = (const posix_acl_xattr_header *)value;
++ const posix_acl_xattr_entry *entry = (const posix_acl_xattr_entry *)(header+1), *end;
+ int count;
+ struct posix_acl *acl;
+ struct posix_acl_entry *acl_e;
diff -urNp linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl.c linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl.c
--- linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl.c 2011-08-23 21:47:56.000000000 -0400
copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
goto out_put;
+diff -urNp linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c
+--- linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/fs/xfs/linux-2.6/xfs_ioctl32.c 2011-08-23 21:48:14.000000000 -0400
+@@ -73,6 +73,7 @@ xfs_compat_ioc_fsgeometry_v1(
+ xfs_fsop_geom_t fsgeo;
+ int error;
+
++ memset(&fsgeo, 0, sizeof(fsgeo));
+ error = xfs_fs_geometry(mp, &fsgeo, 3);
+ if (error)
+ return -error;
diff -urNp linux-3.0.7/fs/xfs/linux-2.6/xfs_iops.c linux-3.0.7/fs/xfs/linux-2.6/xfs_iops.c
--- linux-3.0.7/fs/xfs/linux-2.6/xfs_iops.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/fs/xfs/linux-2.6/xfs_iops.c 2011-08-23 21:47:56.000000000 -0400
off & 0x7fffffff, ino, DT_UNKNOWN)) {
*offset = off & 0x7fffffff;
return 0;
-diff -urNp linux-3.0.7/grsecurity/gracl_alloc.c linux-3.0.7/grsecurity/gracl_alloc.c
---- linux-3.0.7/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/gracl_alloc.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,105 @@
-+#include <linux/kernel.h>
-+#include <linux/mm.h>
-+#include <linux/slab.h>
-+#include <linux/vmalloc.h>
-+#include <linux/gracl.h>
-+#include <linux/grsecurity.h>
-+
-+static unsigned long alloc_stack_next = 1;
-+static unsigned long alloc_stack_size = 1;
-+static void **alloc_stack;
+diff -urNp linux-3.0.7/grsecurity/Kconfig linux-3.0.7/grsecurity/Kconfig
+--- linux-3.0.7/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/Kconfig 2011-09-15 00:00:57.000000000 -0400
+@@ -0,0 +1,1038 @@
++#
++# grecurity configuration
++#
+
-+static __inline__ int
-+alloc_pop(void)
-+{
-+ if (alloc_stack_next == 1)
-+ return 0;
++menu "Grsecurity"
+
-+ kfree(alloc_stack[alloc_stack_next - 2]);
++config GRKERNSEC
++ bool "Grsecurity"
++ select CRYPTO
++ select CRYPTO_SHA256
++ help
++ If you say Y here, you will be able to configure many features
++ that will enhance the security of your system. It is highly
++ recommended that you say Y here and read through the help
++ for each option so that you fully understand the features and
++ can evaluate their usefulness for your machine.
+
-+ alloc_stack_next--;
++choice
++ prompt "Security Level"
++ depends on GRKERNSEC
++ default GRKERNSEC_CUSTOM
+
-+ return 1;
-+}
++config GRKERNSEC_LOW
++ bool "Low"
++ select GRKERNSEC_LINK
++ select GRKERNSEC_FIFO
++ select GRKERNSEC_RANDNET
++ select GRKERNSEC_DMESG
++ select GRKERNSEC_CHROOT
++ select GRKERNSEC_CHROOT_CHDIR
+
-+static __inline__ int
-+alloc_push(void *buf)
-+{
-+ if (alloc_stack_next >= alloc_stack_size)
-+ return 1;
++ help
++ If you choose this option, several of the grsecurity options will
++ be enabled that will give you greater protection against a number
++ of attacks, while assuring that none of your software will have any
++ conflicts with the additional security measures. If you run a lot
++ of unusual software, or you are having problems with the higher
++ security levels, you should say Y here. With this option, the
++ following features are enabled:
+
-+ alloc_stack[alloc_stack_next - 1] = buf;
++ - Linking restrictions
++ - FIFO restrictions
++ - Restricted dmesg
++ - Enforced chdir("/") on chroot
++ - Runtime module disabling
+
-+ alloc_stack_next++;
++config GRKERNSEC_MEDIUM
++ bool "Medium"
++ select PAX
++ select PAX_EI_PAX
++ select PAX_PT_PAX_FLAGS
++ select PAX_HAVE_ACL_FLAGS
++ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
++ select GRKERNSEC_CHROOT
++ select GRKERNSEC_CHROOT_SYSCTL
++ select GRKERNSEC_LINK
++ select GRKERNSEC_FIFO
++ select GRKERNSEC_DMESG
++ select GRKERNSEC_RANDNET
++ select GRKERNSEC_FORKFAIL
++ select GRKERNSEC_TIME
++ select GRKERNSEC_SIGNAL
++ select GRKERNSEC_CHROOT
++ select GRKERNSEC_CHROOT_UNIX
++ select GRKERNSEC_CHROOT_MOUNT
++ select GRKERNSEC_CHROOT_PIVOT
++ select GRKERNSEC_CHROOT_DOUBLE
++ select GRKERNSEC_CHROOT_CHDIR
++ select GRKERNSEC_CHROOT_MKNOD
++ select GRKERNSEC_PROC
++ select GRKERNSEC_PROC_USERGROUP
++ select PAX_RANDUSTACK
++ select PAX_ASLR
++ select PAX_RANDMMAP
++ select PAX_REFCOUNT if (X86 || SPARC64)
++ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
+
-+ return 0;
-+}
++ help
++ If you say Y here, several features in addition to those included
++ in the low additional security level will be enabled. These
++ features provide even more security to your system, though in rare
++ cases they may be incompatible with very old or poorly written
++ software. If you enable this option, make sure that your auth
++ service (identd) is running as gid 1001. With this option,
++ the following features (in addition to those provided in the
++ low additional security level) will be enabled:
+
-+void *
-+acl_alloc(unsigned long len)
-+{
-+ void *ret = NULL;
++ - Failed fork logging
++ - Time change logging
++ - Signal logging
++ - Deny mounts in chroot
++ - Deny double chrooting
++ - Deny sysctl writes in chroot
++ - Deny mknod in chroot
++ - Deny access to abstract AF_UNIX sockets out of chroot
++ - Deny pivot_root in chroot
++ - Denied writes of /dev/kmem, /dev/mem, and /dev/port
++ - /proc restrictions with special GID set to 10 (usually wheel)
++ - Address Space Layout Randomization (ASLR)
++ - Prevent exploitation of most refcount overflows
++ - Bounds checking of copying between the kernel and userland
+
-+ if (!len || len > PAGE_SIZE)
-+ goto out;
++config GRKERNSEC_HIGH
++ bool "High"
++ select GRKERNSEC_LINK
++ select GRKERNSEC_FIFO
++ select GRKERNSEC_DMESG
++ select GRKERNSEC_FORKFAIL
++ select GRKERNSEC_TIME
++ select GRKERNSEC_SIGNAL
++ select GRKERNSEC_CHROOT
++ select GRKERNSEC_CHROOT_SHMAT
++ select GRKERNSEC_CHROOT_UNIX
++ select GRKERNSEC_CHROOT_MOUNT
++ select GRKERNSEC_CHROOT_FCHDIR
++ select GRKERNSEC_CHROOT_PIVOT
++ select GRKERNSEC_CHROOT_DOUBLE
++ select GRKERNSEC_CHROOT_CHDIR
++ select GRKERNSEC_CHROOT_MKNOD
++ select GRKERNSEC_CHROOT_CAPS
++ select GRKERNSEC_CHROOT_SYSCTL
++ select GRKERNSEC_CHROOT_FINDTASK
++ select GRKERNSEC_SYSFS_RESTRICT
++ select GRKERNSEC_PROC
++ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
++ select GRKERNSEC_HIDESYM
++ select GRKERNSEC_BRUTE
++ select GRKERNSEC_PROC_USERGROUP
++ select GRKERNSEC_KMEM
++ select GRKERNSEC_RESLOG
++ select GRKERNSEC_RANDNET
++ select GRKERNSEC_PROC_ADD
++ select GRKERNSEC_CHROOT_CHMOD
++ select GRKERNSEC_CHROOT_NICE
++ select GRKERNSEC_AUDIT_MOUNT
++ select GRKERNSEC_MODHARDEN if (MODULES)
++ select GRKERNSEC_HARDEN_PTRACE
++ select GRKERNSEC_VM86 if (X86_32)
++ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
++ select PAX
++ select PAX_RANDUSTACK
++ select PAX_ASLR
++ select PAX_RANDMMAP
++ select PAX_NOEXEC
++ select PAX_MPROTECT
++ select PAX_EI_PAX
++ select PAX_PT_PAX_FLAGS
++ select PAX_HAVE_ACL_FLAGS
++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
++ select PAX_RANDKSTACK if (X86_TSC && X86)
++ select PAX_SEGMEXEC if (X86_32)
++ select PAX_PAGEEXEC
++ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
++ select PAX_EMUTRAMP if (PARISC)
++ select PAX_EMUSIGRT if (PARISC)
++ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
++ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
++ select PAX_REFCOUNT if (X86 || SPARC64)
++ select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
++ help
++ If you say Y here, many of the features of grsecurity will be
++ enabled, which will protect you against many kinds of attacks
++ against your system. The heightened security comes at a cost
++ of an increased chance of incompatibilities with rare software
++ on your machine. Since this security level enables PaX, you should
++ view <http://pax.grsecurity.net> and read about the PaX
++ project. While you are there, download chpax and run it on
++ binaries that cause problems with PaX. Also remember that
++ since the /proc restrictions are enabled, you must run your
++ identd as gid 1001. This security level enables the following
++ features in addition to those listed in the low and medium
++ security levels:
+
-+ ret = kmalloc(len, GFP_KERNEL);
++ - Additional /proc restrictions
++ - Chmod restrictions in chroot
++ - No signals, ptrace, or viewing of processes outside of chroot
++ - Capability restrictions in chroot
++ - Deny fchdir out of chroot
++ - Priority restrictions in chroot
++ - Segmentation-based implementation of PaX
++ - Mprotect restrictions
++ - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
++ - Kernel stack randomization
++ - Mount/unmount/remount logging
++ - Kernel symbol hiding
++ - Prevention of memory exhaustion-based exploits
++ - Hardening of module auto-loading
++ - Ptrace restrictions
++ - Restricted vm86 mode
++ - Restricted sysfs/debugfs
++ - Active kernel exploit response
+
-+ if (ret) {
-+ if (alloc_push(ret)) {
-+ kfree(ret);
-+ ret = NULL;
-+ }
-+ }
++config GRKERNSEC_CUSTOM
++ bool "Custom"
++ help
++ If you say Y here, you will be able to configure every grsecurity
++ option, which allows you to enable many more features that aren't
++ covered in the basic security levels. These additional features
++ include TPE, socket restrictions, and the sysctl system for
++ grsecurity. It is advised that you read through the help for
++ each option to determine its usefulness in your situation.
+
-+out:
-+ return ret;
-+}
++endchoice
+
-+void *
-+acl_alloc_num(unsigned long num, unsigned long len)
-+{
-+ if (!len || (num > (PAGE_SIZE / len)))
-+ return NULL;
++menu "Address Space Protection"
++depends on GRKERNSEC
+
-+ return acl_alloc(num * len);
-+}
++config GRKERNSEC_KMEM
++ bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
++ select STRICT_DEVMEM if (X86 || ARM || TILE || S390)
++ help
++ If you say Y here, /dev/kmem and /dev/mem won't be allowed to
++ be written to via mmap or otherwise to modify the running kernel.
++ /dev/port will also not be allowed to be opened. If you have module
++ support disabled, enabling this will close up four ways that are
++ currently used to insert malicious code into the running kernel.
++ Even with all these features enabled, we still highly recommend that
++ you use the RBAC system, as it is still possible for an attacker to
++ modify the running kernel through privileged I/O granted by ioperm/iopl.
++ If you are not using XFree86, you may be able to stop this additional
++ case by enabling the 'Disable privileged I/O' option. Though nothing
++ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
++ but only to video memory, which is the only writing we allow in this
++ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
++ not be allowed to mprotect it with PROT_WRITE later.
++ It is highly recommended that you say Y here if you meet all the
++ conditions above.
+
-+void
-+acl_free_all(void)
-+{
-+ if (gr_acl_is_enabled() || !alloc_stack)
-+ return;
++config GRKERNSEC_VM86
++ bool "Restrict VM86 mode"
++ depends on X86_32
+
-+ while (alloc_pop()) ;
++ help
++ If you say Y here, only processes with CAP_SYS_RAWIO will be able to
++ make use of a special execution mode on 32bit x86 processors called
++ Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
++ video cards and will still work with this option enabled. The purpose
++ of the option is to prevent exploitation of emulation errors in
++ virtualization of vm86 mode like the one discovered in VMWare in 2009.
++ Nearly all users should be able to enable this option.
+
-+ if (alloc_stack) {
-+ if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
-+ kfree(alloc_stack);
-+ else
-+ vfree(alloc_stack);
-+ }
++config GRKERNSEC_IO
++ bool "Disable privileged I/O"
++ depends on X86
++ select RTC_CLASS
++ select RTC_INTF_DEV
++ select RTC_DRV_CMOS
+
-+ alloc_stack = NULL;
-+ alloc_stack_size = 1;
-+ alloc_stack_next = 1;
++ help
++ If you say Y here, all ioperm and iopl calls will return an error.
++ Ioperm and iopl can be used to modify the running kernel.
++ Unfortunately, some programs need this access to operate properly,
++ the most notable of which are XFree86 and hwclock. hwclock can be
++ remedied by having RTC support in the kernel, so real-time
++ clock support is enabled if this option is enabled, to ensure
++ that hwclock operates correctly. XFree86 still will not
++ operate correctly with this option enabled, so DO NOT CHOOSE Y
++ IF YOU USE XFree86. If you use XFree86 and you still want to
++ protect your kernel against modification, use the RBAC system.
+
-+ return;
-+}
++config GRKERNSEC_PROC_MEMMAP
++ bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
++ default y if (PAX_NOEXEC || PAX_ASLR)
++ depends on PAX_NOEXEC || PAX_ASLR
++ help
++ If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
++ give no information about the addresses of its mappings if
++ PaX features that rely on random addresses are enabled on the task.
++ If you use PaX it is greatly recommended that you say Y here as it
++ closes up a hole that makes the full ASLR useless for suid
++ binaries.
+
-+int
-+acl_alloc_stack_init(unsigned long size)
-+{
-+ if ((size * sizeof (void *)) <= PAGE_SIZE)
-+ alloc_stack =
-+ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
-+ else
-+ alloc_stack = (void **) vmalloc(size * sizeof (void *));
++config GRKERNSEC_BRUTE
++ bool "Deter exploit bruteforcing"
++ help
++ If you say Y here, attempts to bruteforce exploits against forking
++ daemons such as apache or sshd, as well as against suid/sgid binaries
++ will be deterred. When a child of a forking daemon is killed by PaX
++ or crashes due to an illegal instruction or other suspicious signal,
++ the parent process will be delayed 30 seconds upon every subsequent
++ fork until the administrator is able to assess the situation and
++ restart the daemon.
++ In the suid/sgid case, the attempt is logged, the user has all their
++ processes terminated, and they are prevented from executing any further
++ processes for 15 minutes.
++ It is recommended that you also enable signal logging in the auditing
++ section so that logs are generated when a process triggers a suspicious
++ signal.
++ If the sysctl option is enabled, a sysctl option with name
++ "deter_bruteforce" is created.
+
-+ alloc_stack_size = size;
+
-+ if (!alloc_stack)
-+ return 0;
-+ else
-+ return 1;
-+}
-diff -urNp linux-3.0.7/grsecurity/gracl.c linux-3.0.7/grsecurity/gracl.c
---- linux-3.0.7/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/gracl.c 2011-10-17 06:42:59.000000000 -0400
-@@ -0,0 +1,4154 @@
-+#include <linux/kernel.h>
-+#include <linux/module.h>
-+#include <linux/sched.h>
-+#include <linux/mm.h>
-+#include <linux/file.h>
-+#include <linux/fs.h>
-+#include <linux/namei.h>
-+#include <linux/mount.h>
-+#include <linux/tty.h>
-+#include <linux/proc_fs.h>
-+#include <linux/lglock.h>
-+#include <linux/slab.h>
-+#include <linux/vmalloc.h>
-+#include <linux/types.h>
-+#include <linux/sysctl.h>
-+#include <linux/netdevice.h>
-+#include <linux/ptrace.h>
-+#include <linux/gracl.h>
-+#include <linux/gralloc.h>
-+#include <linux/grsecurity.h>
-+#include <linux/grinternal.h>
-+#include <linux/pid_namespace.h>
-+#include <linux/fdtable.h>
-+#include <linux/percpu.h>
++config GRKERNSEC_MODHARDEN
++ bool "Harden module auto-loading"
++ depends on MODULES
++ help
++ If you say Y here, module auto-loading in response to use of some
++ feature implemented by an unloaded module will be restricted to
++ root users. Enabling this option helps defend against attacks
++ by unprivileged users who abuse the auto-loading behavior to
++ cause a vulnerable module to load that is then exploited.
+
-+#include <asm/uaccess.h>
-+#include <asm/errno.h>
-+#include <asm/mman.h>
++ If this option prevents a legitimate use of auto-loading for a
++ non-root user, the administrator can execute modprobe manually
++ with the exact name of the module mentioned in the alert log.
++ Alternatively, the administrator can add the module to the list
++ of modules loaded at boot by modifying init scripts.
+
-+static struct acl_role_db acl_role_set;
-+static struct name_db name_set;
-+static struct inodev_db inodev_set;
++ Modification of init scripts will most likely be needed on
++ Ubuntu servers with encrypted home directory support enabled,
++ as the first non-root user logging in will cause the ecb(aes),
++ ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
+
-+/* for keeping track of userspace pointers used for subjects, so we
-+ can share references in the kernel as well
-+*/
++config GRKERNSEC_HIDESYM
++ bool "Hide kernel symbols"
++ help
++ If you say Y here, getting information on loaded modules, and
++ displaying all kernel symbols through a syscall will be restricted
++ to users with CAP_SYS_MODULE. For software compatibility reasons,
++ /proc/kallsyms will be restricted to the root user. The RBAC
++ system can hide that entry even from root.
+
-+static struct path real_root;
++ This option also prevents leaking of kernel addresses through
++ several /proc entries.
+
-+static struct acl_subj_map_db subj_map_set;
++ Note that this option is only effective provided the following
++ conditions are met:
++ 1) The kernel using grsecurity is not precompiled by some distribution
++ 2) You have also enabled GRKERNSEC_DMESG
++ 3) You are using the RBAC system and hiding other files such as your
++ kernel image and System.map. Alternatively, enabling this option
++ causes the permissions on /boot, /lib/modules, and the kernel
++ source directory to change at compile time to prevent
++ reading by non-root users.
++ If the above conditions are met, this option will aid in providing a
++ useful protection against local kernel exploitation of overflows
++ and arbitrary read/write vulnerabilities.
+
-+static struct acl_role_label *default_role;
++config GRKERNSEC_KERN_LOCKOUT
++ bool "Active kernel exploit response"
++ depends on X86 || ARM || PPC || SPARC
++ help
++ If you say Y here, when a PaX alert is triggered due to suspicious
++ activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
++ or an OOPs occurs due to bad memory accesses, instead of just
++ terminating the offending process (and potentially allowing
++ a subsequent exploit from the same user), we will take one of two
++ actions:
++ If the user was root, we will panic the system
++ If the user was non-root, we will log the attempt, terminate
++ all processes owned by the user, then prevent them from creating
++ any new processes until the system is restarted
++ This deters repeated kernel exploitation/bruteforcing attempts
++ and is useful for later forensics.
+
-+static struct acl_role_label *role_list;
++endmenu
++menu "Role Based Access Control Options"
++depends on GRKERNSEC
+
-+static u16 acl_sp_role_value;
++config GRKERNSEC_RBAC_DEBUG
++ bool
+
-+extern char *gr_shared_page[4];
-+static DEFINE_MUTEX(gr_dev_mutex);
-+DEFINE_RWLOCK(gr_inode_lock);
++config GRKERNSEC_NO_RBAC
++ bool "Disable RBAC system"
++ help
++ If you say Y here, the /dev/grsec device will be removed from the kernel,
++ preventing the RBAC system from being enabled. You should only say Y
++ here if you have no intention of using the RBAC system, so as to prevent
++ an attacker with root access from misusing the RBAC system to hide files
++ and processes when loadable module support and /dev/[k]mem have been
++ locked down.
+
-+struct gr_arg *gr_usermode;
++config GRKERNSEC_ACL_HIDEKERN
++ bool "Hide kernel processes"
++ help
++ If you say Y here, all kernel threads will be hidden to all
++ processes but those whose subject has the "view hidden processes"
++ flag.
+
-+static unsigned int gr_status __read_only = GR_STATUS_INIT;
++config GRKERNSEC_ACL_MAXTRIES
++ int "Maximum tries before password lockout"
++ default 3
++ help
++ This option enforces the maximum number of times a user can attempt
++ to authorize themselves with the grsecurity RBAC system before being
++ denied the ability to attempt authorization again for a specified time.
++ The lower the number, the harder it will be to brute-force a password.
+
-+extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
-+extern void gr_clear_learn_entries(void);
++config GRKERNSEC_ACL_TIMEOUT
++ int "Time to wait after max password tries, in seconds"
++ default 30
++ help
++ This option specifies the time the user must wait after attempting to
++ authorize to the RBAC system with the maximum number of invalid
++ passwords. The higher the number, the harder it will be to brute-force
++ a password.
+
-+#ifdef CONFIG_GRKERNSEC_RESLOG
-+extern void gr_log_resource(const struct task_struct *task,
-+ const int res, const unsigned long wanted, const int gt);
-+#endif
++endmenu
++menu "Filesystem Protections"
++depends on GRKERNSEC
+
-+unsigned char *gr_system_salt;
-+unsigned char *gr_system_sum;
++config GRKERNSEC_PROC
++ bool "Proc restrictions"
++ help
++ If you say Y here, the permissions of the /proc filesystem
++ will be altered to enhance system security and privacy. You MUST
++ choose either a user only restriction or a user and group restriction.
++ Depending upon the option you choose, you can either restrict users to
++ see only the processes they themselves run, or choose a group that can
++ view all processes and files normally restricted to root if you choose
++ the "restrict to user only" option. NOTE: If you're running identd as
++ a non-root user, you will have to run it as the group you specify here.
+
-+static struct sprole_pw **acl_special_roles = NULL;
-+static __u16 num_sprole_pws = 0;
++config GRKERNSEC_PROC_USER
++ bool "Restrict /proc to user only"
++ depends on GRKERNSEC_PROC
++ help
++ If you say Y here, non-root users will only be able to view their own
++ processes, and restricts them from viewing network-related information,
++ and viewing kernel symbol and module information.
+
-+static struct acl_role_label *kernel_role = NULL;
++config GRKERNSEC_PROC_USERGROUP
++ bool "Allow special group"
++ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
++ help
++ If you say Y here, you will be able to select a group that will be
++ able to view all processes and network-related information. If you've
++ enabled GRKERNSEC_HIDESYM, kernel and symbol information may still
++ remain hidden. This option is useful if you want to run identd as
++ a non-root user.
+
-+static unsigned int gr_auth_attempts = 0;
-+static unsigned long gr_auth_expires = 0UL;
++config GRKERNSEC_PROC_GID
++ int "GID for special group"
++ depends on GRKERNSEC_PROC_USERGROUP
++ default 1001
+
-+#ifdef CONFIG_NET
-+extern struct vfsmount *sock_mnt;
-+#endif
++config GRKERNSEC_PROC_ADD
++ bool "Additional restrictions"
++ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
++ help
++ If you say Y here, additional restrictions will be placed on
++ /proc that keep normal users from viewing device information and
++ slabinfo information that could be useful for exploits.
+
-+extern struct vfsmount *pipe_mnt;
-+extern struct vfsmount *shm_mnt;
-+#ifdef CONFIG_HUGETLBFS
-+extern struct vfsmount *hugetlbfs_vfsmount;
-+#endif
++config GRKERNSEC_LINK
++ bool "Linking restrictions"
++ help
++ If you say Y here, /tmp race exploits will be prevented, since users
++ will no longer be able to follow symlinks owned by other users in
++ world-writable +t directories (e.g. /tmp), unless the owner of the
++ symlink is the owner of the directory. users will also not be
++ able to hardlink to files they do not own. If the sysctl option is
++ enabled, a sysctl option with name "linking_restrictions" is created.
+
-+static struct acl_object_label *fakefs_obj_rw;
-+static struct acl_object_label *fakefs_obj_rwx;
++config GRKERNSEC_FIFO
++ bool "FIFO restrictions"
++ help
++ If you say Y here, users will not be able to write to FIFOs they don't
++ own in world-writable +t directories (e.g. /tmp), unless the owner of
++ the FIFO is the same owner of the directory it's held in. If the sysctl
++ option is enabled, a sysctl option with name "fifo_restrictions" is
++ created.
+
-+extern int gr_init_uidset(void);
-+extern void gr_free_uidset(void);
-+extern void gr_remove_uid(uid_t uid);
-+extern int gr_find_uid(uid_t uid);
++config GRKERNSEC_SYSFS_RESTRICT
++ bool "Sysfs/debugfs restriction"
++ depends on SYSFS
++ help
++ If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
++ any filesystem normally mounted under it (e.g. debugfs) will only
++ be accessible by root. These filesystems generally provide access
++ to hardware and debug information that isn't appropriate for unprivileged
++ users of the system. Sysfs and debugfs have also become a large source
++ of new vulnerabilities, ranging from infoleaks to local compromise.
++ There has been very little oversight with an eye toward security involved
++ in adding new exporters of information to these filesystems, so their
++ use is discouraged.
++ This option is equivalent to a chmod 0700 of the mount paths.
+
-+DECLARE_BRLOCK(vfsmount_lock);
++config GRKERNSEC_ROFS
++ bool "Runtime read-only mount protection"
++ help
++ If you say Y here, a sysctl option with name "romount_protect" will
++ be created. By setting this option to 1 at runtime, filesystems
++ will be protected in the following ways:
++ * No new writable mounts will be allowed
++ * Existing read-only mounts won't be able to be remounted read/write
++ * Write operations will be denied on all block devices
++ This option acts independently of grsec_lock: once it is set to 1,
++ it cannot be turned off. Therefore, please be mindful of the resulting
++ behavior if this option is enabled in an init script on a read-only
++ filesystem. This feature is mainly intended for secure embedded systems.
+
-+__inline__ int
-+gr_acl_is_enabled(void)
-+{
-+ return (gr_status & GR_READY);
-+}
++config GRKERNSEC_CHROOT
++ bool "Chroot jail restrictions"
++ help
++ If you say Y here, you will be able to choose several options that will
++ make breaking out of a chrooted jail much more difficult. If you
++ encounter no software incompatibilities with the following options, it
++ is recommended that you enable each one.
+
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
++config GRKERNSEC_CHROOT_MOUNT
++ bool "Deny mounts"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to
++ mount or remount filesystems. If the sysctl option is enabled, a
++ sysctl option with name "chroot_deny_mount" is created.
+
-+static inline dev_t __get_dev(const struct dentry *dentry)
-+{
-+#ifdef CONFIG_BTRFS_FS
-+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+ return get_btrfs_dev_from_inode(dentry->d_inode);
-+ else
-+#endif
-+ return dentry->d_inode->i_sb->s_dev;
-+}
++config GRKERNSEC_CHROOT_DOUBLE
++ bool "Deny double-chroots"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to chroot
++ again outside the chroot. This is a widely used method of breaking
++ out of a chroot jail and should not be allowed. If the sysctl
++ option is enabled, a sysctl option with name
++ "chroot_deny_chroot" is created.
+
-+dev_t gr_get_dev_from_dentry(struct dentry *dentry)
-+{
-+ return __get_dev(dentry);
-+}
++config GRKERNSEC_CHROOT_PIVOT
++ bool "Deny pivot_root in chroot"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to use
++ a function called pivot_root() that was introduced in Linux 2.3.41. It
++ works similar to chroot in that it changes the root filesystem. This
++ function could be misused in a chrooted process to attempt to break out
++ of the chroot, and therefore should not be allowed. If the sysctl
++ option is enabled, a sysctl option with name "chroot_deny_pivot" is
++ created.
+
-+static char gr_task_roletype_to_char(struct task_struct *task)
-+{
-+ switch (task->role->roletype &
-+ (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
-+ GR_ROLE_SPECIAL)) {
-+ case GR_ROLE_DEFAULT:
-+ return 'D';
-+ case GR_ROLE_USER:
-+ return 'U';
-+ case GR_ROLE_GROUP:
-+ return 'G';
-+ case GR_ROLE_SPECIAL:
-+ return 'S';
-+ }
++config GRKERNSEC_CHROOT_CHDIR
++ bool "Enforce chdir(\"/\") on all chroots"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, the current working directory of all newly-chrooted
++ applications will be set to the the root directory of the chroot.
++ The man page on chroot(2) states:
++ Note that this call does not change the current working
++ directory, so that `.' can be outside the tree rooted at
++ `/'. In particular, the super-user can escape from a
++ `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
+
-+ return 'X';
-+}
++ It is recommended that you say Y here, since it's not known to break
++ any software. If the sysctl option is enabled, a sysctl option with
++ name "chroot_enforce_chdir" is created.
+
-+char gr_roletype_to_char(void)
-+{
-+ return gr_task_roletype_to_char(current);
-+}
++config GRKERNSEC_CHROOT_CHMOD
++ bool "Deny (f)chmod +s"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to chmod
++ or fchmod files to make them have suid or sgid bits. This protects
++ against another published method of breaking a chroot. If the sysctl
++ option is enabled, a sysctl option with name "chroot_deny_chmod" is
++ created.
+
-+__inline__ int
-+gr_acl_tpe_check(void)
-+{
-+ if (unlikely(!(gr_status & GR_READY)))
-+ return 0;
-+ if (current->role->roletype & GR_ROLE_TPE)
-+ return 1;
-+ else
-+ return 0;
-+}
++config GRKERNSEC_CHROOT_FCHDIR
++ bool "Deny fchdir out of chroot"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, a well-known method of breaking chroots by fchdir'ing
++ to a file descriptor of the chrooting process that points to a directory
++ outside the filesystem will be stopped. If the sysctl option
++ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
+
-+int
-+gr_handle_rawio(const struct inode *inode)
-+{
-+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (inode && S_ISBLK(inode->i_mode) &&
-+ grsec_enable_chroot_caps && proc_is_chrooted(current) &&
-+ !capable(CAP_SYS_RAWIO))
-+ return 1;
-+#endif
-+ return 0;
-+}
++config GRKERNSEC_CHROOT_MKNOD
++ bool "Deny mknod"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be allowed to
++ mknod. The problem with using mknod inside a chroot is that it
++ would allow an attacker to create a device entry that is the same
++ as one on the physical root of your system, which could range from
++ anything from the console device to a device for your harddrive (which
++ they could then use to wipe the drive or steal data). It is recommended
++ that you say Y here, unless you run into software incompatibilities.
++ If the sysctl option is enabled, a sysctl option with name
++ "chroot_deny_mknod" is created.
+
-+static int
-+gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
-+{
-+ if (likely(lena != lenb))
-+ return 0;
++config GRKERNSEC_CHROOT_SHMAT
++ bool "Deny shmat() out of chroot"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to attach
++ to shared memory segments that were created outside of the chroot jail.
++ It is recommended that you say Y here. If the sysctl option is enabled,
++ a sysctl option with name "chroot_deny_shmat" is created.
+
-+ return !memcmp(a, b, lena);
-+}
++config GRKERNSEC_CHROOT_UNIX
++ bool "Deny access to abstract AF_UNIX sockets out of chroot"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to
++ connect to abstract (meaning not belonging to a filesystem) Unix
++ domain sockets that were bound outside of a chroot. It is recommended
++ that you say Y here. If the sysctl option is enabled, a sysctl option
++ with name "chroot_deny_unix" is created.
+
-+static int prepend(char **buffer, int *buflen, const char *str, int namelen)
-+{
-+ *buflen -= namelen;
-+ if (*buflen < 0)
-+ return -ENAMETOOLONG;
-+ *buffer -= namelen;
-+ memcpy(*buffer, str, namelen);
-+ return 0;
-+}
++config GRKERNSEC_CHROOT_FINDTASK
++ bool "Protect outside processes"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to
++ kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
++ getsid, or view any process outside of the chroot. If the sysctl
++ option is enabled, a sysctl option with name "chroot_findtask" is
++ created.
+
-+static int prepend_name(char **buffer, int *buflen, struct qstr *name)
-+{
-+ return prepend(buffer, buflen, name->name, name->len);
-+}
++config GRKERNSEC_CHROOT_NICE
++ bool "Restrict priority changes"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, processes inside a chroot will not be able to raise
++ the priority of processes in the chroot, or alter the priority of
++ processes outside the chroot. This provides more security than simply
++ removing CAP_SYS_NICE from the process' capability set. If the
++ sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
++ is created.
+
-+static int prepend_path(const struct path *path, struct path *root,
-+ char **buffer, int *buflen)
-+{
-+ struct dentry *dentry = path->dentry;
-+ struct vfsmount *vfsmnt = path->mnt;
-+ bool slash = false;
-+ int error = 0;
++config GRKERNSEC_CHROOT_SYSCTL
++ bool "Deny sysctl writes"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, an attacker in a chroot will not be able to
++ write to sysctl entries, either by sysctl(2) or through a /proc
++ interface. It is strongly recommended that you say Y here. If the
++ sysctl option is enabled, a sysctl option with name
++ "chroot_deny_sysctl" is created.
+
-+ while (dentry != root->dentry || vfsmnt != root->mnt) {
-+ struct dentry * parent;
++config GRKERNSEC_CHROOT_CAPS
++ bool "Capability restrictions"
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, the capabilities on all processes within a
++ chroot jail will be lowered to stop module insertion, raw i/o,
++ system and net admin tasks, rebooting the system, modifying immutable
++ files, modifying IPC owned by another, and changing the system time.
++ This is left an option because it can break some apps. Disable this
++ if your chrooted apps are having problems performing those kinds of
++ tasks. If the sysctl option is enabled, a sysctl option with
++ name "chroot_caps" is created.
+
-+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
-+ /* Global root? */
-+ if (vfsmnt->mnt_parent == vfsmnt) {
-+ goto out;
-+ }
-+ dentry = vfsmnt->mnt_mountpoint;
-+ vfsmnt = vfsmnt->mnt_parent;
-+ continue;
-+ }
-+ parent = dentry->d_parent;
-+ prefetch(parent);
-+ spin_lock(&dentry->d_lock);
-+ error = prepend_name(buffer, buflen, &dentry->d_name);
-+ spin_unlock(&dentry->d_lock);
-+ if (!error)
-+ error = prepend(buffer, buflen, "/", 1);
-+ if (error)
-+ break;
++endmenu
++menu "Kernel Auditing"
++depends on GRKERNSEC
+
-+ slash = true;
-+ dentry = parent;
-+ }
++config GRKERNSEC_AUDIT_GROUP
++ bool "Single group for auditing"
++ help
++ If you say Y here, the exec, chdir, and (un)mount logging features
++ will only operate on a group you specify. This option is recommended
++ if you only want to watch certain users instead of having a large
++ amount of logs from the entire system. If the sysctl option is enabled,
++ a sysctl option with name "audit_group" is created.
+
-+out:
-+ if (!error && !slash)
-+ error = prepend(buffer, buflen, "/", 1);
++config GRKERNSEC_AUDIT_GID
++ int "GID for auditing"
++ depends on GRKERNSEC_AUDIT_GROUP
++ default 1007
+
-+ return error;
-+}
++config GRKERNSEC_EXECLOG
++ bool "Exec logging"
++ help
++ If you say Y here, all execve() calls will be logged (since the
++ other exec*() calls are frontends to execve(), all execution
++ will be logged). Useful for shell-servers that like to keep track
++ of their users. If the sysctl option is enabled, a sysctl option with
++ name "exec_logging" is created.
++ WARNING: This option when enabled will produce a LOT of logs, especially
++ on an active system.
+
-+/* this must be called with vfsmount_lock and rename_lock held */
++config GRKERNSEC_RESLOG
++ bool "Resource logging"
++ help
++ If you say Y here, all attempts to overstep resource limits will
++ be logged with the resource name, the requested size, and the current
++ limit. It is highly recommended that you say Y here. If the sysctl
++ option is enabled, a sysctl option with name "resource_logging" is
++ created. If the RBAC system is enabled, the sysctl value is ignored.
+
-+static char *__our_d_path(const struct path *path, struct path *root,
-+ char *buf, int buflen)
-+{
-+ char *res = buf + buflen;
-+ int error;
++config GRKERNSEC_CHROOT_EXECLOG
++ bool "Log execs within chroot"
++ help
++ If you say Y here, all executions inside a chroot jail will be logged
++ to syslog. This can cause a large amount of logs if certain
++ applications (eg. djb's daemontools) are installed on the system, and
++ is therefore left as an option. If the sysctl option is enabled, a
++ sysctl option with name "chroot_execlog" is created.
+
-+ prepend(&res, &buflen, "\0", 1);
-+ error = prepend_path(path, root, &res, &buflen);
-+ if (error)
-+ return ERR_PTR(error);
++config GRKERNSEC_AUDIT_PTRACE
++ bool "Ptrace logging"
++ help
++ If you say Y here, all attempts to attach to a process via ptrace
++ will be logged. If the sysctl option is enabled, a sysctl option
++ with name "audit_ptrace" is created.
+
-+ return res;
-+}
++config GRKERNSEC_AUDIT_CHDIR
++ bool "Chdir logging"
++ help
++ If you say Y here, all chdir() calls will be logged. If the sysctl
++ option is enabled, a sysctl option with name "audit_chdir" is created.
+
-+static char *
-+gen_full_path(struct path *path, struct path *root, char *buf, int buflen)
-+{
-+ char *retval;
++config GRKERNSEC_AUDIT_MOUNT
++ bool "(Un)Mount logging"
++ help
++ If you say Y here, all mounts and unmounts will be logged. If the
++ sysctl option is enabled, a sysctl option with name "audit_mount" is
++ created.
+
-+ retval = __our_d_path(path, root, buf, buflen);
-+ if (unlikely(IS_ERR(retval)))
-+ retval = strcpy(buf, "<path too long>");
-+ else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
-+ retval[1] = '\0';
++config GRKERNSEC_SIGNAL
++ bool "Signal logging"
++ help
++ If you say Y here, certain important signals will be logged, such as
++ SIGSEGV, which will as a result inform you of when a error in a program
++ occurred, which in some cases could mean a possible exploit attempt.
++ If the sysctl option is enabled, a sysctl option with name
++ "signal_logging" is created.
+
-+ return retval;
-+}
++config GRKERNSEC_FORKFAIL
++ bool "Fork failure logging"
++ help
++ If you say Y here, all failed fork() attempts will be logged.
++ This could suggest a fork bomb, or someone attempting to overstep
++ their process limit. If the sysctl option is enabled, a sysctl option
++ with name "forkfail_logging" is created.
+
-+static char *
-+__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
-+ char *buf, int buflen)
-+{
-+ struct path path;
-+ char *res;
++config GRKERNSEC_TIME
++ bool "Time change logging"
++ help
++ If you say Y here, any changes of the system clock will be logged.
++ If the sysctl option is enabled, a sysctl option with name
++ "timechange_logging" is created.
+
-+ path.dentry = (struct dentry *)dentry;
-+ path.mnt = (struct vfsmount *)vfsmnt;
++config GRKERNSEC_PROC_IPADDR
++ bool "/proc/<pid>/ipaddr support"
++ help
++ If you say Y here, a new entry will be added to each /proc/<pid>
++ directory that contains the IP address of the person using the task.
++ The IP is carried across local TCP and AF_UNIX stream sockets.
++ This information can be useful for IDS/IPSes to perform remote response
++ to a local attack. The entry is readable by only the owner of the
++ process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
++ the RBAC system), and thus does not create privacy concerns.
+
-+ /* we can use real_root.dentry, real_root.mnt, because this is only called
-+ by the RBAC system */
-+ res = gen_full_path(&path, &real_root, buf, buflen);
++config GRKERNSEC_RWXMAP_LOG
++ bool 'Denied RWX mmap/mprotect logging'
++ depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
++ help
++ If you say Y here, calls to mmap() and mprotect() with explicit
++ usage of PROT_WRITE and PROT_EXEC together will be logged when
++ denied by the PAX_MPROTECT feature. If the sysctl option is
++ enabled, a sysctl option with name "rwxmap_logging" is created.
+
-+ return res;
-+}
++config GRKERNSEC_AUDIT_TEXTREL
++ bool 'ELF text relocations logging (READ HELP)'
++ depends on PAX_MPROTECT
++ help
++ If you say Y here, text relocations will be logged with the filename
++ of the offending library or binary. The purpose of the feature is
++ to help Linux distribution developers get rid of libraries and
++ binaries that need text relocations which hinder the future progress
++ of PaX. Only Linux distribution developers should say Y here, and
++ never on a production machine, as this option creates an information
++ leak that could aid an attacker in defeating the randomization of
++ a single memory region. If the sysctl option is enabled, a sysctl
++ option with name "audit_textrel" is created.
+
-+static char *
-+d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
-+ char *buf, int buflen)
-+{
-+ char *res;
-+ struct path path;
-+ struct path root;
-+ struct task_struct *reaper = &init_task;
++endmenu
+
-+ path.dentry = (struct dentry *)dentry;
-+ path.mnt = (struct vfsmount *)vfsmnt;
++menu "Executable Protections"
++depends on GRKERNSEC
+
-+ /* we can't use real_root.dentry, real_root.mnt, because they belong only to the RBAC system */
-+ get_fs_root(reaper->fs, &root);
++config GRKERNSEC_DMESG
++ bool "Dmesg(8) restriction"
++ help
++ If you say Y here, non-root users will not be able to use dmesg(8)
++ to view up to the last 4kb of messages in the kernel's log buffer.
++ The kernel's log buffer often contains kernel addresses and other
++ identifying information useful to an attacker in fingerprinting a
++ system for a targeted exploit.
++ If the sysctl option is enabled, a sysctl option with name "dmesg" is
++ created.
+
-+ write_seqlock(&rename_lock);
-+ br_read_lock(vfsmount_lock);
-+ res = gen_full_path(&path, &root, buf, buflen);
-+ br_read_unlock(vfsmount_lock);
-+ write_sequnlock(&rename_lock);
++config GRKERNSEC_HARDEN_PTRACE
++ bool "Deter ptrace-based process snooping"
++ help
++ If you say Y here, TTY sniffers and other malicious monitoring
++ programs implemented through ptrace will be defeated. If you
++ have been using the RBAC system, this option has already been
++ enabled for several years for all users, with the ability to make
++ fine-grained exceptions.
+
-+ path_put(&root);
-+ return res;
-+}
++ This option only affects the ability of non-root users to ptrace
++ processes that are not a descendent of the ptracing process.
++ This means that strace ./binary and gdb ./binary will still work,
++ but attaching to arbitrary processes will not. If the sysctl
++ option is enabled, a sysctl option with name "harden_ptrace" is
++ created.
+
-+static char *
-+gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ char *ret;
-+ write_seqlock(&rename_lock);
-+ br_read_lock(vfsmount_lock);
-+ ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
-+ PAGE_SIZE);
-+ br_read_unlock(vfsmount_lock);
-+ write_sequnlock(&rename_lock);
-+ return ret;
-+}
++config GRKERNSEC_TPE
++ bool "Trusted Path Execution (TPE)"
++ help
++ If you say Y here, you will be able to choose a gid to add to the
++ supplementary groups of users you want to mark as "untrusted."
++ These users will not be able to execute any files that are not in
++ root-owned directories writable only by root. If the sysctl option
++ is enabled, a sysctl option with name "tpe" is created.
+
-+static char *
-+gr_to_proc_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ char *ret;
-+ char *buf;
-+ int buflen;
++config GRKERNSEC_TPE_ALL
++ bool "Partially restrict all non-root users"
++ depends on GRKERNSEC_TPE
++ help
++ If you say Y here, all non-root users will be covered under
++ a weaker TPE restriction. This is separate from, and in addition to,
++ the main TPE options that you have selected elsewhere. Thus, if a
++ "trusted" GID is chosen, this restriction applies to even that GID.
++ Under this restriction, all non-root users will only be allowed to
++ execute files in directories they own that are not group or
++ world-writable, or in directories owned by root and writable only by
++ root. If the sysctl option is enabled, a sysctl option with name
++ "tpe_restrict_all" is created.
+
-+ write_seqlock(&rename_lock);
-+ br_read_lock(vfsmount_lock);
-+ buf = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
-+ ret = __d_real_path(dentry, mnt, buf, PAGE_SIZE - 6);
-+ buflen = (int)(ret - buf);
-+ if (buflen >= 5)
-+ prepend(&ret, &buflen, "/proc", 5);
-+ else
-+ ret = strcpy(buf, "<path too long>");
-+ br_read_unlock(vfsmount_lock);
-+ write_sequnlock(&rename_lock);
-+ return ret;
-+}
++config GRKERNSEC_TPE_INVERT
++ bool "Invert GID option"
++ depends on GRKERNSEC_TPE
++ help
++ If you say Y here, the group you specify in the TPE configuration will
++ decide what group TPE restrictions will be *disabled* for. This
++ option is useful if you want TPE restrictions to be applied to most
++ users on the system. If the sysctl option is enabled, a sysctl option
++ with name "tpe_invert" is created. Unlike other sysctl options, this
++ entry will default to on for backward-compatibility.
+
-+char *
-+gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
-+ PAGE_SIZE);
-+}
++config GRKERNSEC_TPE_GID
++ int "GID for untrusted users"
++ depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
++ default 1005
++ help
++ Setting this GID determines what group TPE restrictions will be
++ *enabled* for. If the sysctl option is enabled, a sysctl option
++ with name "tpe_gid" is created.
+
-+char *
-+gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
-+ PAGE_SIZE);
-+}
++config GRKERNSEC_TPE_GID
++ int "GID for trusted users"
++ depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
++ default 1005
++ help
++ Setting this GID determines what group TPE restrictions will be
++ *disabled* for. If the sysctl option is enabled, a sysctl option
++ with name "tpe_gid" is created.
+
-+char *
-+gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
-+ PAGE_SIZE);
-+}
++endmenu
++menu "Network Protections"
++depends on GRKERNSEC
+
-+char *
-+gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
-+ PAGE_SIZE);
-+}
++config GRKERNSEC_RANDNET
++ bool "Larger entropy pools"
++ help
++ If you say Y here, the entropy pools used for many features of Linux
++ and grsecurity will be doubled in size. Since several grsecurity
++ features use additional randomness, it is recommended that you say Y
++ here. Saying Y here has a similar effect as modifying
++ /proc/sys/kernel/random/poolsize.
+
-+char *
-+gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
-+{
-+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
-+ PAGE_SIZE);
-+}
++config GRKERNSEC_BLACKHOLE
++ bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
++ depends on NET
++ help
++ If you say Y here, neither TCP resets nor ICMP
++ destination-unreachable packets will be sent in response to packets
++ sent to ports for which no associated listening process exists.
++ This feature supports both IPV4 and IPV6 and exempts the
++ loopback interface from blackholing. Enabling this feature
++ makes a host more resilient to DoS attacks and reduces network
++ visibility against scanners.
+
-+__inline__ __u32
-+to_gr_audit(const __u32 reqmode)
-+{
-+ /* masks off auditable permission flags, then shifts them to create
-+ auditing flags, and adds the special case of append auditing if
-+ we're requesting write */
-+ return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
-+}
++ The blackhole feature as-implemented is equivalent to the FreeBSD
++ blackhole feature, as it prevents RST responses to all packets, not
++ just SYNs. Under most application behavior this causes no
++ problems, but applications (like haproxy) may not close certain
++ connections in a way that cleanly terminates them on the remote
++ end, leaving the remote host in LAST_ACK state. Because of this
++ side-effect and to prevent intentional LAST_ACK DoSes, this
++ feature also adds automatic mitigation against such attacks.
++ The mitigation drastically reduces the amount of time a socket
++ can spend in LAST_ACK state. If you're using haproxy and not
++ all servers it connects to have this option enabled, consider
++ disabling this feature on the haproxy host.
+
-+struct acl_subject_label *
-+lookup_subject_map(const struct acl_subject_label *userp)
-+{
-+ unsigned int index = shash(userp, subj_map_set.s_size);
-+ struct subject_map *match;
++ If the sysctl option is enabled, two sysctl options with names
++ "ip_blackhole" and "lastack_retries" will be created.
++ While "ip_blackhole" takes the standard zero/non-zero on/off
++ toggle, "lastack_retries" uses the same kinds of values as
++ "tcp_retries1" and "tcp_retries2". The default value of 4
++ prevents a socket from lasting more than 45 seconds in LAST_ACK
++ state.
+
-+ match = subj_map_set.s_hash[index];
++config GRKERNSEC_SOCKET
++ bool "Socket restrictions"
++ depends on NET
++ help
++ If you say Y here, you will be able to choose from several options.
++ If you assign a GID on your system and add it to the supplementary
++ groups of users you want to restrict socket access to, this patch
++ will perform up to three things, based on the option(s) you choose.
+
-+ while (match && match->user != userp)
-+ match = match->next;
++config GRKERNSEC_SOCKET_ALL
++ bool "Deny any sockets to group"
++ depends on GRKERNSEC_SOCKET
++ help
++ If you say Y here, you will be able to choose a GID of whose users will
++ be unable to connect to other hosts from your machine or run server
++ applications from your machine. If the sysctl option is enabled, a
++ sysctl option with name "socket_all" is created.
+
-+ if (match != NULL)
-+ return match->kernel;
-+ else
-+ return NULL;
-+}
++config GRKERNSEC_SOCKET_ALL_GID
++ int "GID to deny all sockets for"
++ depends on GRKERNSEC_SOCKET_ALL
++ default 1004
++ help
++ Here you can choose the GID to disable socket access for. Remember to
++ add the users you want socket access disabled for to the GID
++ specified here. If the sysctl option is enabled, a sysctl option
++ with name "socket_all_gid" is created.
+
-+static void
-+insert_subj_map_entry(struct subject_map *subjmap)
-+{
-+ unsigned int index = shash(subjmap->user, subj_map_set.s_size);
-+ struct subject_map **curr;
++config GRKERNSEC_SOCKET_CLIENT
++ bool "Deny client sockets to group"
++ depends on GRKERNSEC_SOCKET
++ help
++ If you say Y here, you will be able to choose a GID of whose users will
++ be unable to connect to other hosts from your machine, but will be
++ able to run servers. If this option is enabled, all users in the group
++ you specify will have to use passive mode when initiating ftp transfers
++ from the shell on your machine. If the sysctl option is enabled, a
++ sysctl option with name "socket_client" is created.
+
-+ subjmap->prev = NULL;
++config GRKERNSEC_SOCKET_CLIENT_GID
++ int "GID to deny client sockets for"
++ depends on GRKERNSEC_SOCKET_CLIENT
++ default 1003
++ help
++ Here you can choose the GID to disable client socket access for.
++ Remember to add the users you want client socket access disabled for to
++ the GID specified here. If the sysctl option is enabled, a sysctl
++ option with name "socket_client_gid" is created.
+
-+ curr = &subj_map_set.s_hash[index];
-+ if (*curr != NULL)
-+ (*curr)->prev = subjmap;
++config GRKERNSEC_SOCKET_SERVER
++ bool "Deny server sockets to group"
++ depends on GRKERNSEC_SOCKET
++ help
++ If you say Y here, you will be able to choose a GID of whose users will
++ be unable to run server applications from your machine. If the sysctl
++ option is enabled, a sysctl option with name "socket_server" is created.
+
-+ subjmap->next = *curr;
-+ *curr = subjmap;
++config GRKERNSEC_SOCKET_SERVER_GID
++ int "GID to deny server sockets for"
++ depends on GRKERNSEC_SOCKET_SERVER
++ default 1002
++ help
++ Here you can choose the GID to disable server socket access for.
++ Remember to add the users you want server socket access disabled for to
++ the GID specified here. If the sysctl option is enabled, a sysctl
++ option with name "socket_server_gid" is created.
+
-+ return;
-+}
++endmenu
++menu "Sysctl support"
++depends on GRKERNSEC && SYSCTL
+
-+static struct acl_role_label *
-+lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
-+ const gid_t gid)
-+{
-+ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
-+ struct acl_role_label *match;
-+ struct role_allowed_ip *ipp;
-+ unsigned int x;
-+ u32 curr_ip = task->signal->curr_ip;
++config GRKERNSEC_SYSCTL
++ bool "Sysctl support"
++ help
++ If you say Y here, you will be able to change the options that
++ grsecurity runs with at bootup, without having to recompile your
++ kernel. You can echo values to files in /proc/sys/kernel/grsecurity
++ to enable (1) or disable (0) various features. All the sysctl entries
++ are mutable until the "grsec_lock" entry is set to a non-zero value.
++ All features enabled in the kernel configuration are disabled at boot
++ if you do not say Y to the "Turn on features by default" option.
++ All options should be set at startup, and the grsec_lock entry should
++ be set to a non-zero value after all the options are set.
++ *THIS IS EXTREMELY IMPORTANT*
+
-+ task->signal->saved_ip = curr_ip;
++config GRKERNSEC_SYSCTL_DISTRO
++ bool "Extra sysctl support for distro makers (READ HELP)"
++ depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO
++ help
++ If you say Y here, additional sysctl options will be created
++ for features that affect processes running as root. Therefore,
++ it is critical when using this option that the grsec_lock entry be
++ enabled after boot. Only distros with prebuilt kernel packages
++ with this option enabled that can ensure grsec_lock is enabled
++ after boot should use this option.
++ *Failure to set grsec_lock after boot makes all grsec features
++ this option covers useless*
+
-+ match = acl_role_set.r_hash[index];
++ Currently this option creates the following sysctl entries:
++ "Disable Privileged I/O": "disable_priv_io"
+
-+ while (match) {
-+ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
-+ for (x = 0; x < match->domain_child_num; x++) {
-+ if (match->domain_children[x] == uid)
-+ goto found;
-+ }
-+ } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
-+ break;
-+ match = match->next;
-+ }
-+found:
-+ if (match == NULL) {
-+ try_group:
-+ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
-+ match = acl_role_set.r_hash[index];
++config GRKERNSEC_SYSCTL_ON
++ bool "Turn on features by default"
++ depends on GRKERNSEC_SYSCTL
++ help
++ If you say Y here, instead of having all features enabled in the
++ kernel configuration disabled at boot time, the features will be
++ enabled at boot time. It is recommended you say Y here unless
++ there is some reason you would want all sysctl-tunable features to
++ be disabled by default. As mentioned elsewhere, it is important
++ to enable the grsec_lock entry once you have finished modifying
++ the sysctl entries.
+
-+ while (match) {
-+ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
-+ for (x = 0; x < match->domain_child_num; x++) {
-+ if (match->domain_children[x] == gid)
-+ goto found2;
-+ }
-+ } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
-+ break;
-+ match = match->next;
-+ }
-+found2:
-+ if (match == NULL)
-+ match = default_role;
-+ if (match->allowed_ips == NULL)
-+ return match;
-+ else {
-+ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
-+ if (likely
-+ ((ntohl(curr_ip) & ipp->netmask) ==
-+ (ntohl(ipp->addr) & ipp->netmask)))
-+ return match;
-+ }
-+ match = default_role;
-+ }
-+ } else if (match->allowed_ips == NULL) {
-+ return match;
-+ } else {
-+ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
-+ if (likely
-+ ((ntohl(curr_ip) & ipp->netmask) ==
-+ (ntohl(ipp->addr) & ipp->netmask)))
-+ return match;
-+ }
-+ goto try_group;
-+ }
++endmenu
++menu "Logging Options"
++depends on GRKERNSEC
+
-+ return match;
-+}
++config GRKERNSEC_FLOODTIME
++ int "Seconds in between log messages (minimum)"
++ default 10
++ help
++ This option allows you to enforce the number of seconds between
++ grsecurity log messages. The default should be suitable for most
++ people, however, if you choose to change it, choose a value small enough
++ to allow informative logs to be produced, but large enough to
++ prevent flooding.
+
-+struct acl_subject_label *
-+lookup_acl_subj_label(const ino_t ino, const dev_t dev,
-+ const struct acl_role_label *role)
-+{
-+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
-+ struct acl_subject_label *match;
++config GRKERNSEC_FLOODBURST
++ int "Number of messages in a burst (maximum)"
++ default 6
++ help
++ This option allows you to choose the maximum number of messages allowed
++ within the flood time interval you chose in a separate option. The
++ default should be suitable for most people, however if you find that
++ many of your logs are being interpreted as flooding, you may want to
++ raise this value.
+
-+ match = role->subj_hash[index];
++endmenu
+
-+ while (match && (match->inode != ino || match->device != dev ||
-+ (match->mode & GR_DELETED))) {
-+ match = match->next;
-+ }
++endmenu
+diff -urNp linux-3.0.7/grsecurity/Makefile linux-3.0.7/grsecurity/Makefile
+--- linux-3.0.7/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/Makefile 2011-10-17 06:45:43.000000000 -0400
+@@ -0,0 +1,36 @@
++# grsecurity's ACL system was originally written in 2001 by Michael Dalton
++# during 2001-2009 it has been completely redesigned by Brad Spengler
++# into an RBAC system
++#
++# All code in this directory and various hooks inserted throughout the kernel
++# are copyright Brad Spengler - Open Source Security, Inc., and released
++# under the GPL v2 or higher
+
-+ if (match && !(match->mode & GR_DELETED))
-+ return match;
-+ else
-+ return NULL;
-+}
++obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
++ grsec_mount.o grsec_sig.o grsec_sysctl.o \
++ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
+
-+struct acl_subject_label *
-+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
-+ const struct acl_role_label *role)
-+{
-+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
-+ struct acl_subject_label *match;
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
++ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
++ gracl_learn.o grsec_log.o
++obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
+
-+ match = role->subj_hash[index];
++ifdef CONFIG_NET
++obj-y += grsec_sock.o
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
++endif
+
-+ while (match && (match->inode != ino || match->device != dev ||
-+ !(match->mode & GR_DELETED))) {
-+ match = match->next;
-+ }
++ifndef CONFIG_GRKERNSEC
++obj-y += grsec_disabled.o
++endif
+
-+ if (match && (match->mode & GR_DELETED))
-+ return match;
-+ else
-+ return NULL;
-+}
++ifdef CONFIG_GRKERNSEC_HIDESYM
++extra-y := grsec_hidesym.o
++$(obj)/grsec_hidesym.o:
++ @-chmod -f 500 /boot
++ @-chmod -f 500 /lib/modules
++ @-chmod -f 500 /lib64/modules
++ @-chmod -f 500 /lib32/modules
++ @-chmod -f 700 .
++ @echo ' grsec: protected kernel image paths'
++endif
+diff -urNp linux-3.0.7/grsecurity/gracl.c linux-3.0.7/grsecurity/gracl.c
+--- linux-3.0.7/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/gracl.c 2011-10-17 06:42:59.000000000 -0400
+@@ -0,0 +1,4154 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/namei.h>
++#include <linux/mount.h>
++#include <linux/tty.h>
++#include <linux/proc_fs.h>
++#include <linux/lglock.h>
++#include <linux/slab.h>
++#include <linux/vmalloc.h>
++#include <linux/types.h>
++#include <linux/sysctl.h>
++#include <linux/netdevice.h>
++#include <linux/ptrace.h>
++#include <linux/gracl.h>
++#include <linux/gralloc.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++#include <linux/pid_namespace.h>
++#include <linux/fdtable.h>
++#include <linux/percpu.h>
+
-+static struct acl_object_label *
-+lookup_acl_obj_label(const ino_t ino, const dev_t dev,
-+ const struct acl_subject_label *subj)
-+{
-+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
-+ struct acl_object_label *match;
++#include <asm/uaccess.h>
++#include <asm/errno.h>
++#include <asm/mman.h>
+
-+ match = subj->obj_hash[index];
++static struct acl_role_db acl_role_set;
++static struct name_db name_set;
++static struct inodev_db inodev_set;
+
-+ while (match && (match->inode != ino || match->device != dev ||
-+ (match->mode & GR_DELETED))) {
-+ match = match->next;
-+ }
++/* for keeping track of userspace pointers used for subjects, so we
++ can share references in the kernel as well
++*/
+
-+ if (match && !(match->mode & GR_DELETED))
-+ return match;
-+ else
-+ return NULL;
-+}
++static struct path real_root;
+
-+static struct acl_object_label *
-+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
-+ const struct acl_subject_label *subj)
-+{
-+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
-+ struct acl_object_label *match;
++static struct acl_subj_map_db subj_map_set;
+
-+ match = subj->obj_hash[index];
++static struct acl_role_label *default_role;
+
-+ while (match && (match->inode != ino || match->device != dev ||
-+ !(match->mode & GR_DELETED))) {
-+ match = match->next;
-+ }
++static struct acl_role_label *role_list;
+
-+ if (match && (match->mode & GR_DELETED))
-+ return match;
++static u16 acl_sp_role_value;
+
-+ match = subj->obj_hash[index];
++extern char *gr_shared_page[4];
++static DEFINE_MUTEX(gr_dev_mutex);
++DEFINE_RWLOCK(gr_inode_lock);
+
-+ while (match && (match->inode != ino || match->device != dev ||
-+ (match->mode & GR_DELETED))) {
-+ match = match->next;
-+ }
++struct gr_arg *gr_usermode;
+
-+ if (match && !(match->mode & GR_DELETED))
-+ return match;
-+ else
-+ return NULL;
-+}
++static unsigned int gr_status __read_only = GR_STATUS_INIT;
+
-+static struct name_entry *
-+lookup_name_entry(const char *name)
-+{
-+ unsigned int len = strlen(name);
-+ unsigned int key = full_name_hash(name, len);
-+ unsigned int index = key % name_set.n_size;
-+ struct name_entry *match;
++extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
++extern void gr_clear_learn_entries(void);
+
-+ match = name_set.n_hash[index];
++#ifdef CONFIG_GRKERNSEC_RESLOG
++extern void gr_log_resource(const struct task_struct *task,
++ const int res, const unsigned long wanted, const int gt);
++#endif
+
-+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
-+ match = match->next;
++unsigned char *gr_system_salt;
++unsigned char *gr_system_sum;
+
-+ return match;
-+}
++static struct sprole_pw **acl_special_roles = NULL;
++static __u16 num_sprole_pws = 0;
+
-+static struct name_entry *
-+lookup_name_entry_create(const char *name)
-+{
-+ unsigned int len = strlen(name);
-+ unsigned int key = full_name_hash(name, len);
-+ unsigned int index = key % name_set.n_size;
-+ struct name_entry *match;
++static struct acl_role_label *kernel_role = NULL;
+
-+ match = name_set.n_hash[index];
++static unsigned int gr_auth_attempts = 0;
++static unsigned long gr_auth_expires = 0UL;
+
-+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
-+ !match->deleted))
-+ match = match->next;
++#ifdef CONFIG_NET
++extern struct vfsmount *sock_mnt;
++#endif
+
-+ if (match && match->deleted)
-+ return match;
++extern struct vfsmount *pipe_mnt;
++extern struct vfsmount *shm_mnt;
++#ifdef CONFIG_HUGETLBFS
++extern struct vfsmount *hugetlbfs_vfsmount;
++#endif
+
-+ match = name_set.n_hash[index];
++static struct acl_object_label *fakefs_obj_rw;
++static struct acl_object_label *fakefs_obj_rwx;
+
-+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
-+ match->deleted))
-+ match = match->next;
++extern int gr_init_uidset(void);
++extern void gr_free_uidset(void);
++extern void gr_remove_uid(uid_t uid);
++extern int gr_find_uid(uid_t uid);
+
-+ if (match && !match->deleted)
-+ return match;
-+ else
-+ return NULL;
-+}
++DECLARE_BRLOCK(vfsmount_lock);
+
-+static struct inodev_entry *
-+lookup_inodev_entry(const ino_t ino, const dev_t dev)
++__inline__ int
++gr_acl_is_enabled(void)
+{
-+ unsigned int index = fhash(ino, dev, inodev_set.i_size);
-+ struct inodev_entry *match;
-+
-+ match = inodev_set.i_hash[index];
-+
-+ while (match && (match->nentry->inode != ino || match->nentry->device != dev))
-+ match = match->next;
-+
-+ return match;
++ return (gr_status & GR_READY);
+}
+
-+static void
-+insert_inodev_entry(struct inodev_entry *entry)
-+{
-+ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
-+ inodev_set.i_size);
-+ struct inodev_entry **curr;
-+
-+ entry->prev = NULL;
-+
-+ curr = &inodev_set.i_hash[index];
-+ if (*curr != NULL)
-+ (*curr)->prev = entry;
-+
-+ entry->next = *curr;
-+ *curr = entry;
++#ifdef CONFIG_BTRFS_FS
++extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
++extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
++#endif
+
-+ return;
++static inline dev_t __get_dev(const struct dentry *dentry)
++{
++#ifdef CONFIG_BTRFS_FS
++ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
++ return get_btrfs_dev_from_inode(dentry->d_inode);
++ else
++#endif
++ return dentry->d_inode->i_sb->s_dev;
+}
+
-+static void
-+__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
++dev_t gr_get_dev_from_dentry(struct dentry *dentry)
+{
-+ unsigned int index =
-+ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
-+ struct acl_role_label **curr;
-+ struct acl_role_label *tmp;
-+
-+ curr = &acl_role_set.r_hash[index];
-+
-+ /* if role was already inserted due to domains and already has
-+ a role in the same bucket as it attached, then we need to
-+ combine these two buckets
-+ */
-+ if (role->next) {
-+ tmp = role->next;
-+ while (tmp->next)
-+ tmp = tmp->next;
-+ tmp->next = *curr;
-+ } else
-+ role->next = *curr;
-+ *curr = role;
-+
-+ return;
++ return __get_dev(dentry);
+}
+
-+static void
-+insert_acl_role_label(struct acl_role_label *role)
++static char gr_task_roletype_to_char(struct task_struct *task)
+{
-+ int i;
-+
-+ if (role_list == NULL) {
-+ role_list = role;
-+ role->prev = NULL;
-+ } else {
-+ role->prev = role_list;
-+ role_list = role;
++ switch (task->role->roletype &
++ (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
++ GR_ROLE_SPECIAL)) {
++ case GR_ROLE_DEFAULT:
++ return 'D';
++ case GR_ROLE_USER:
++ return 'U';
++ case GR_ROLE_GROUP:
++ return 'G';
++ case GR_ROLE_SPECIAL:
++ return 'S';
+ }
-+
-+ /* used for hash chains */
-+ role->next = NULL;
+
-+ if (role->roletype & GR_ROLE_DOMAIN) {
-+ for (i = 0; i < role->domain_child_num; i++)
-+ __insert_acl_role_label(role, role->domain_children[i]);
-+ } else
-+ __insert_acl_role_label(role, role->uidgid);
++ return 'X';
+}
-+
-+static int
-+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
-+{
-+ struct name_entry **curr, *nentry;
-+ struct inodev_entry *ientry;
-+ unsigned int len = strlen(name);
-+ unsigned int key = full_name_hash(name, len);
-+ unsigned int index = key % name_set.n_size;
-+
-+ curr = &name_set.n_hash[index];
-+
-+ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
-+ curr = &((*curr)->next);
+
-+ if (*curr != NULL)
-+ return 1;
++char gr_roletype_to_char(void)
++{
++ return gr_task_roletype_to_char(current);
++}
+
-+ nentry = acl_alloc(sizeof (struct name_entry));
-+ if (nentry == NULL)
++__inline__ int
++gr_acl_tpe_check(void)
++{
++ if (unlikely(!(gr_status & GR_READY)))
+ return 0;
-+ ientry = acl_alloc(sizeof (struct inodev_entry));
-+ if (ientry == NULL)
++ if (current->role->roletype & GR_ROLE_TPE)
++ return 1;
++ else
+ return 0;
-+ ientry->nentry = nentry;
-+
-+ nentry->key = key;
-+ nentry->name = name;
-+ nentry->inode = inode;
-+ nentry->device = device;
-+ nentry->len = len;
-+ nentry->deleted = deleted;
-+
-+ nentry->prev = NULL;
-+ curr = &name_set.n_hash[index];
-+ if (*curr != NULL)
-+ (*curr)->prev = nentry;
-+ nentry->next = *curr;
-+ *curr = nentry;
-+
-+ /* insert us into the table searchable by inode/dev */
-+ insert_inodev_entry(ientry);
-+
-+ return 1;
+}
+
-+static void
-+insert_acl_obj_label(struct acl_object_label *obj,
-+ struct acl_subject_label *subj)
++int
++gr_handle_rawio(const struct inode *inode)
+{
-+ unsigned int index =
-+ fhash(obj->inode, obj->device, subj->obj_hash_size);
-+ struct acl_object_label **curr;
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ if (inode && S_ISBLK(inode->i_mode) &&
++ grsec_enable_chroot_caps && proc_is_chrooted(current) &&
++ !capable(CAP_SYS_RAWIO))
++ return 1;
++#endif
++ return 0;
++}
+
-+
-+ obj->prev = NULL;
++static int
++gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
++{
++ if (likely(lena != lenb))
++ return 0;
+
-+ curr = &subj->obj_hash[index];
-+ if (*curr != NULL)
-+ (*curr)->prev = obj;
++ return !memcmp(a, b, lena);
++}
+
-+ obj->next = *curr;
-+ *curr = obj;
++static int prepend(char **buffer, int *buflen, const char *str, int namelen)
++{
++ *buflen -= namelen;
++ if (*buflen < 0)
++ return -ENAMETOOLONG;
++ *buffer -= namelen;
++ memcpy(*buffer, str, namelen);
++ return 0;
++}
+
-+ return;
++static int prepend_name(char **buffer, int *buflen, struct qstr *name)
++{
++ return prepend(buffer, buflen, name->name, name->len);
+}
+
-+static void
-+insert_acl_subj_label(struct acl_subject_label *obj,
-+ struct acl_role_label *role)
++static int prepend_path(const struct path *path, struct path *root,
++ char **buffer, int *buflen)
+{
-+ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
-+ struct acl_subject_label **curr;
++ struct dentry *dentry = path->dentry;
++ struct vfsmount *vfsmnt = path->mnt;
++ bool slash = false;
++ int error = 0;
+
-+ obj->prev = NULL;
++ while (dentry != root->dentry || vfsmnt != root->mnt) {
++ struct dentry * parent;
+
-+ curr = &role->subj_hash[index];
-+ if (*curr != NULL)
-+ (*curr)->prev = obj;
++ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
++ /* Global root? */
++ if (vfsmnt->mnt_parent == vfsmnt) {
++ goto out;
++ }
++ dentry = vfsmnt->mnt_mountpoint;
++ vfsmnt = vfsmnt->mnt_parent;
++ continue;
++ }
++ parent = dentry->d_parent;
++ prefetch(parent);
++ spin_lock(&dentry->d_lock);
++ error = prepend_name(buffer, buflen, &dentry->d_name);
++ spin_unlock(&dentry->d_lock);
++ if (!error)
++ error = prepend(buffer, buflen, "/", 1);
++ if (error)
++ break;
+
-+ obj->next = *curr;
-+ *curr = obj;
++ slash = true;
++ dentry = parent;
++ }
+
-+ return;
++out:
++ if (!error && !slash)
++ error = prepend(buffer, buflen, "/", 1);
++
++ return error;
+}
+
-+/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
++/* this must be called with vfsmount_lock and rename_lock held */
+
-+static void *
-+create_table(__u32 * len, int elementsize)
++static char *__our_d_path(const struct path *path, struct path *root,
++ char *buf, int buflen)
+{
-+ unsigned int table_sizes[] = {
-+ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
-+ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
-+ 4194301, 8388593, 16777213, 33554393, 67108859
-+ };
-+ void *newtable = NULL;
-+ unsigned int pwr = 0;
++ char *res = buf + buflen;
++ int error;
+
-+ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
-+ table_sizes[pwr] <= *len)
-+ pwr++;
++ prepend(&res, &buflen, "\0", 1);
++ error = prepend_path(path, root, &res, &buflen);
++ if (error)
++ return ERR_PTR(error);
+
-+ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
-+ return newtable;
++ return res;
++}
+
-+ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
-+ newtable =
-+ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
-+ else
-+ newtable = vmalloc(table_sizes[pwr] * elementsize);
++static char *
++gen_full_path(struct path *path, struct path *root, char *buf, int buflen)
++{
++ char *retval;
+
-+ *len = table_sizes[pwr];
++ retval = __our_d_path(path, root, buf, buflen);
++ if (unlikely(IS_ERR(retval)))
++ retval = strcpy(buf, "<path too long>");
++ else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
++ retval[1] = '\0';
+
-+ return newtable;
++ return retval;
+}
+
-+static int
-+init_variables(const struct gr_arg *arg)
++static char *
++__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
++ char *buf, int buflen)
+{
-+ struct task_struct *reaper = &init_task;
-+ unsigned int stacksize;
++ struct path path;
++ char *res;
+
-+ subj_map_set.s_size = arg->role_db.num_subjects;
-+ acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
-+ name_set.n_size = arg->role_db.num_objects;
-+ inodev_set.i_size = arg->role_db.num_objects;
++ path.dentry = (struct dentry *)dentry;
++ path.mnt = (struct vfsmount *)vfsmnt;
+
-+ if (!subj_map_set.s_size || !acl_role_set.r_size ||
-+ !name_set.n_size || !inodev_set.i_size)
-+ return 1;
++ /* we can use real_root.dentry, real_root.mnt, because this is only called
++ by the RBAC system */
++ res = gen_full_path(&path, &real_root, buf, buflen);
+
-+ if (!gr_init_uidset())
-+ return 1;
++ return res;
++}
+
-+ /* set up the stack that holds allocation info */
++static char *
++d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
++ char *buf, int buflen)
++{
++ char *res;
++ struct path path;
++ struct path root;
++ struct task_struct *reaper = &init_task;
+
-+ stacksize = arg->role_db.num_pointers + 5;
++ path.dentry = (struct dentry *)dentry;
++ path.mnt = (struct vfsmount *)vfsmnt;
+
-+ if (!acl_alloc_stack_init(stacksize))
-+ return 1;
++ /* we can't use real_root.dentry, real_root.mnt, because they belong only to the RBAC system */
++ get_fs_root(reaper->fs, &root);
+
-+ /* grab reference for the real root dentry and vfsmount */
-+ get_fs_root(reaper->fs, &real_root);
-+
-+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
-+ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(real_root.dentry), real_root.dentry->d_inode->i_ino);
-+#endif
++ write_seqlock(&rename_lock);
++ br_read_lock(vfsmount_lock);
++ res = gen_full_path(&path, &root, buf, buflen);
++ br_read_unlock(vfsmount_lock);
++ write_sequnlock(&rename_lock);
+
-+ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
-+ if (fakefs_obj_rw == NULL)
-+ return 1;
-+ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
++ path_put(&root);
++ return res;
++}
+
-+ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
-+ if (fakefs_obj_rwx == NULL)
-+ return 1;
-+ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
++static char *
++gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ char *ret;
++ write_seqlock(&rename_lock);
++ br_read_lock(vfsmount_lock);
++ ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
++ PAGE_SIZE);
++ br_read_unlock(vfsmount_lock);
++ write_sequnlock(&rename_lock);
++ return ret;
++}
+
-+ subj_map_set.s_hash =
-+ (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
-+ acl_role_set.r_hash =
-+ (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
-+ name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
-+ inodev_set.i_hash =
-+ (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
++static char *
++gr_to_proc_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ char *ret;
++ char *buf;
++ int buflen;
+
-+ if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
-+ !name_set.n_hash || !inodev_set.i_hash)
-+ return 1;
++ write_seqlock(&rename_lock);
++ br_read_lock(vfsmount_lock);
++ buf = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
++ ret = __d_real_path(dentry, mnt, buf, PAGE_SIZE - 6);
++ buflen = (int)(ret - buf);
++ if (buflen >= 5)
++ prepend(&ret, &buflen, "/proc", 5);
++ else
++ ret = strcpy(buf, "<path too long>");
++ br_read_unlock(vfsmount_lock);
++ write_sequnlock(&rename_lock);
++ return ret;
++}
+
-+ memset(subj_map_set.s_hash, 0,
-+ sizeof(struct subject_map *) * subj_map_set.s_size);
-+ memset(acl_role_set.r_hash, 0,
-+ sizeof (struct acl_role_label *) * acl_role_set.r_size);
-+ memset(name_set.n_hash, 0,
-+ sizeof (struct name_entry *) * name_set.n_size);
-+ memset(inodev_set.i_hash, 0,
-+ sizeof (struct inodev_entry *) * inodev_set.i_size);
++char *
++gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
++ PAGE_SIZE);
++}
+
-+ return 0;
++char *
++gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
++ PAGE_SIZE);
+}
+
-+/* free information not needed after startup
-+ currently contains user->kernel pointer mappings for subjects
-+*/
++char *
++gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
++ PAGE_SIZE);
++}
+
-+static void
-+free_init_variables(void)
++char *
++gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
+{
-+ __u32 i;
++ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
++ PAGE_SIZE);
++}
+
-+ if (subj_map_set.s_hash) {
-+ for (i = 0; i < subj_map_set.s_size; i++) {
-+ if (subj_map_set.s_hash[i]) {
-+ kfree(subj_map_set.s_hash[i]);
-+ subj_map_set.s_hash[i] = NULL;
-+ }
-+ }
++char *
++gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
++ PAGE_SIZE);
++}
+
-+ if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
-+ PAGE_SIZE)
-+ kfree(subj_map_set.s_hash);
-+ else
-+ vfree(subj_map_set.s_hash);
-+ }
++__inline__ __u32
++to_gr_audit(const __u32 reqmode)
++{
++ /* masks off auditable permission flags, then shifts them to create
++ auditing flags, and adds the special case of append auditing if
++ we're requesting write */
++ return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
++}
+
-+ return;
++struct acl_subject_label *
++lookup_subject_map(const struct acl_subject_label *userp)
++{
++ unsigned int index = shash(userp, subj_map_set.s_size);
++ struct subject_map *match;
++
++ match = subj_map_set.s_hash[index];
++
++ while (match && match->user != userp)
++ match = match->next;
++
++ if (match != NULL)
++ return match->kernel;
++ else
++ return NULL;
+}
+
+static void
-+free_variables(void)
++insert_subj_map_entry(struct subject_map *subjmap)
+{
-+ struct acl_subject_label *s;
-+ struct acl_role_label *r;
-+ struct task_struct *task, *task2;
-+ unsigned int x;
++ unsigned int index = shash(subjmap->user, subj_map_set.s_size);
++ struct subject_map **curr;
+
-+ gr_clear_learn_entries();
++ subjmap->prev = NULL;
+
-+ read_lock(&tasklist_lock);
-+ do_each_thread(task2, task) {
-+ task->acl_sp_role = 0;
-+ task->acl_role_id = 0;
-+ task->acl = NULL;
-+ task->role = NULL;
-+ } while_each_thread(task2, task);
-+ read_unlock(&tasklist_lock);
++ curr = &subj_map_set.s_hash[index];
++ if (*curr != NULL)
++ (*curr)->prev = subjmap;
+
-+ /* release the reference to the real root dentry and vfsmount */
-+ path_put(&real_root);
++ subjmap->next = *curr;
++ *curr = subjmap;
+
-+ /* free all object hash tables */
++ return;
++}
+
-+ FOR_EACH_ROLE_START(r)
-+ if (r->subj_hash == NULL)
-+ goto next_role;
-+ FOR_EACH_SUBJECT_START(r, s, x)
-+ if (s->obj_hash == NULL)
-+ break;
-+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
-+ kfree(s->obj_hash);
-+ else
-+ vfree(s->obj_hash);
-+ FOR_EACH_SUBJECT_END(s, x)
-+ FOR_EACH_NESTED_SUBJECT_START(r, s)
-+ if (s->obj_hash == NULL)
-+ break;
-+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
-+ kfree(s->obj_hash);
-+ else
-+ vfree(s->obj_hash);
-+ FOR_EACH_NESTED_SUBJECT_END(s)
-+ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
-+ kfree(r->subj_hash);
-+ else
-+ vfree(r->subj_hash);
-+ r->subj_hash = NULL;
-+next_role:
-+ FOR_EACH_ROLE_END(r)
++static struct acl_role_label *
++lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
++ const gid_t gid)
++{
++ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
++ struct acl_role_label *match;
++ struct role_allowed_ip *ipp;
++ unsigned int x;
++ u32 curr_ip = task->signal->curr_ip;
+
-+ acl_free_all();
++ task->signal->saved_ip = curr_ip;
+
-+ if (acl_role_set.r_hash) {
-+ if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
-+ PAGE_SIZE)
-+ kfree(acl_role_set.r_hash);
-+ else
-+ vfree(acl_role_set.r_hash);
-+ }
-+ if (name_set.n_hash) {
-+ if ((name_set.n_size * sizeof (struct name_entry *)) <=
-+ PAGE_SIZE)
-+ kfree(name_set.n_hash);
-+ else
-+ vfree(name_set.n_hash);
++ match = acl_role_set.r_hash[index];
++
++ while (match) {
++ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
++ for (x = 0; x < match->domain_child_num; x++) {
++ if (match->domain_children[x] == uid)
++ goto found;
++ }
++ } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
++ break;
++ match = match->next;
+ }
++found:
++ if (match == NULL) {
++ try_group:
++ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
++ match = acl_role_set.r_hash[index];
+
-+ if (inodev_set.i_hash) {
-+ if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
-+ PAGE_SIZE)
-+ kfree(inodev_set.i_hash);
-+ else
-+ vfree(inodev_set.i_hash);
++ while (match) {
++ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
++ for (x = 0; x < match->domain_child_num; x++) {
++ if (match->domain_children[x] == gid)
++ goto found2;
++ }
++ } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
++ break;
++ match = match->next;
++ }
++found2:
++ if (match == NULL)
++ match = default_role;
++ if (match->allowed_ips == NULL)
++ return match;
++ else {
++ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
++ if (likely
++ ((ntohl(curr_ip) & ipp->netmask) ==
++ (ntohl(ipp->addr) & ipp->netmask)))
++ return match;
++ }
++ match = default_role;
++ }
++ } else if (match->allowed_ips == NULL) {
++ return match;
++ } else {
++ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
++ if (likely
++ ((ntohl(curr_ip) & ipp->netmask) ==
++ (ntohl(ipp->addr) & ipp->netmask)))
++ return match;
++ }
++ goto try_group;
+ }
+
-+ gr_free_uidset();
++ return match;
++}
+
-+ memset(&name_set, 0, sizeof (struct name_db));
-+ memset(&inodev_set, 0, sizeof (struct inodev_db));
-+ memset(&acl_role_set, 0, sizeof (struct acl_role_db));
-+ memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
++struct acl_subject_label *
++lookup_acl_subj_label(const ino_t ino, const dev_t dev,
++ const struct acl_role_label *role)
++{
++ unsigned int index = fhash(ino, dev, role->subj_hash_size);
++ struct acl_subject_label *match;
+
-+ default_role = NULL;
-+ role_list = NULL;
++ match = role->subj_hash[index];
+
-+ return;
++ while (match && (match->inode != ino || match->device != dev ||
++ (match->mode & GR_DELETED))) {
++ match = match->next;
++ }
++
++ if (match && !(match->mode & GR_DELETED))
++ return match;
++ else
++ return NULL;
+}
+
-+static __u32
-+count_user_objs(struct acl_object_label *userp)
++struct acl_subject_label *
++lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
++ const struct acl_role_label *role)
+{
-+ struct acl_object_label o_tmp;
-+ __u32 num = 0;
++ unsigned int index = fhash(ino, dev, role->subj_hash_size);
++ struct acl_subject_label *match;
+
-+ while (userp) {
-+ if (copy_from_user(&o_tmp, userp,
-+ sizeof (struct acl_object_label)))
-+ break;
++ match = role->subj_hash[index];
+
-+ userp = o_tmp.prev;
-+ num++;
++ while (match && (match->inode != ino || match->device != dev ||
++ !(match->mode & GR_DELETED))) {
++ match = match->next;
+ }
+
-+ return num;
++ if (match && (match->mode & GR_DELETED))
++ return match;
++ else
++ return NULL;
+}
+
-+static struct acl_subject_label *
-+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
-+
-+static int
-+copy_user_glob(struct acl_object_label *obj)
++static struct acl_object_label *
++lookup_acl_obj_label(const ino_t ino, const dev_t dev,
++ const struct acl_subject_label *subj)
+{
-+ struct acl_object_label *g_tmp, **guser;
-+ unsigned int len;
-+ char *tmp;
++ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
++ struct acl_object_label *match;
+
-+ if (obj->globbed == NULL)
-+ return 0;
++ match = subj->obj_hash[index];
+
-+ guser = &obj->globbed;
-+ while (*guser) {
-+ g_tmp = (struct acl_object_label *)
-+ acl_alloc(sizeof (struct acl_object_label));
-+ if (g_tmp == NULL)
-+ return -ENOMEM;
++ while (match && (match->inode != ino || match->device != dev ||
++ (match->mode & GR_DELETED))) {
++ match = match->next;
++ }
+
-+ if (copy_from_user(g_tmp, *guser,
-+ sizeof (struct acl_object_label)))
-+ return -EFAULT;
++ if (match && !(match->mode & GR_DELETED))
++ return match;
++ else
++ return NULL;
++}
+
-+ len = strnlen_user(g_tmp->filename, PATH_MAX);
++static struct acl_object_label *
++lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
++ const struct acl_subject_label *subj)
++{
++ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
++ struct acl_object_label *match;
+
-+ if (!len || len >= PATH_MAX)
-+ return -EINVAL;
++ match = subj->obj_hash[index];
+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return -ENOMEM;
++ while (match && (match->inode != ino || match->device != dev ||
++ !(match->mode & GR_DELETED))) {
++ match = match->next;
++ }
+
-+ if (copy_from_user(tmp, g_tmp->filename, len))
-+ return -EFAULT;
-+ tmp[len-1] = '\0';
-+ g_tmp->filename = tmp;
++ if (match && (match->mode & GR_DELETED))
++ return match;
+
-+ *guser = g_tmp;
-+ guser = &(g_tmp->next);
++ match = subj->obj_hash[index];
++
++ while (match && (match->inode != ino || match->device != dev ||
++ (match->mode & GR_DELETED))) {
++ match = match->next;
+ }
+
-+ return 0;
++ if (match && !(match->mode & GR_DELETED))
++ return match;
++ else
++ return NULL;
+}
+
-+static int
-+copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
-+ struct acl_role_label *role)
++static struct name_entry *
++lookup_name_entry(const char *name)
++{
++ unsigned int len = strlen(name);
++ unsigned int key = full_name_hash(name, len);
++ unsigned int index = key % name_set.n_size;
++ struct name_entry *match;
++
++ match = name_set.n_hash[index];
++
++ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
++ match = match->next;
++
++ return match;
++}
++
++static struct name_entry *
++lookup_name_entry_create(const char *name)
++{
++ unsigned int len = strlen(name);
++ unsigned int key = full_name_hash(name, len);
++ unsigned int index = key % name_set.n_size;
++ struct name_entry *match;
++
++ match = name_set.n_hash[index];
++
++ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
++ !match->deleted))
++ match = match->next;
++
++ if (match && match->deleted)
++ return match;
++
++ match = name_set.n_hash[index];
++
++ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
++ match->deleted))
++ match = match->next;
++
++ if (match && !match->deleted)
++ return match;
++ else
++ return NULL;
++}
++
++static struct inodev_entry *
++lookup_inodev_entry(const ino_t ino, const dev_t dev)
++{
++ unsigned int index = fhash(ino, dev, inodev_set.i_size);
++ struct inodev_entry *match;
++
++ match = inodev_set.i_hash[index];
++
++ while (match && (match->nentry->inode != ino || match->nentry->device != dev))
++ match = match->next;
++
++ return match;
++}
++
++static void
++insert_inodev_entry(struct inodev_entry *entry)
++{
++ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
++ inodev_set.i_size);
++ struct inodev_entry **curr;
++
++ entry->prev = NULL;
++
++ curr = &inodev_set.i_hash[index];
++ if (*curr != NULL)
++ (*curr)->prev = entry;
++
++ entry->next = *curr;
++ *curr = entry;
++
++ return;
++}
++
++static void
++__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
++{
++ unsigned int index =
++ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
++ struct acl_role_label **curr;
++ struct acl_role_label *tmp;
++
++ curr = &acl_role_set.r_hash[index];
++
++ /* if role was already inserted due to domains and already has
++ a role in the same bucket as it attached, then we need to
++ combine these two buckets
++ */
++ if (role->next) {
++ tmp = role->next;
++ while (tmp->next)
++ tmp = tmp->next;
++ tmp->next = *curr;
++ } else
++ role->next = *curr;
++ *curr = role;
++
++ return;
++}
++
++static void
++insert_acl_role_label(struct acl_role_label *role)
++{
++ int i;
++
++ if (role_list == NULL) {
++ role_list = role;
++ role->prev = NULL;
++ } else {
++ role->prev = role_list;
++ role_list = role;
++ }
++
++ /* used for hash chains */
++ role->next = NULL;
++
++ if (role->roletype & GR_ROLE_DOMAIN) {
++ for (i = 0; i < role->domain_child_num; i++)
++ __insert_acl_role_label(role, role->domain_children[i]);
++ } else
++ __insert_acl_role_label(role, role->uidgid);
++}
++
++static int
++insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
++{
++ struct name_entry **curr, *nentry;
++ struct inodev_entry *ientry;
++ unsigned int len = strlen(name);
++ unsigned int key = full_name_hash(name, len);
++ unsigned int index = key % name_set.n_size;
++
++ curr = &name_set.n_hash[index];
++
++ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
++ curr = &((*curr)->next);
++
++ if (*curr != NULL)
++ return 1;
++
++ nentry = acl_alloc(sizeof (struct name_entry));
++ if (nentry == NULL)
++ return 0;
++ ientry = acl_alloc(sizeof (struct inodev_entry));
++ if (ientry == NULL)
++ return 0;
++ ientry->nentry = nentry;
++
++ nentry->key = key;
++ nentry->name = name;
++ nentry->inode = inode;
++ nentry->device = device;
++ nentry->len = len;
++ nentry->deleted = deleted;
++
++ nentry->prev = NULL;
++ curr = &name_set.n_hash[index];
++ if (*curr != NULL)
++ (*curr)->prev = nentry;
++ nentry->next = *curr;
++ *curr = nentry;
++
++ /* insert us into the table searchable by inode/dev */
++ insert_inodev_entry(ientry);
++
++ return 1;
++}
++
++static void
++insert_acl_obj_label(struct acl_object_label *obj,
++ struct acl_subject_label *subj)
++{
++ unsigned int index =
++ fhash(obj->inode, obj->device, subj->obj_hash_size);
++ struct acl_object_label **curr;
++
++
++ obj->prev = NULL;
++
++ curr = &subj->obj_hash[index];
++ if (*curr != NULL)
++ (*curr)->prev = obj;
++
++ obj->next = *curr;
++ *curr = obj;
++
++ return;
++}
++
++static void
++insert_acl_subj_label(struct acl_subject_label *obj,
++ struct acl_role_label *role)
++{
++ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
++ struct acl_subject_label **curr;
++
++ obj->prev = NULL;
++
++ curr = &role->subj_hash[index];
++ if (*curr != NULL)
++ (*curr)->prev = obj;
++
++ obj->next = *curr;
++ *curr = obj;
++
++ return;
++}
++
++/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
++
++static void *
++create_table(__u32 * len, int elementsize)
++{
++ unsigned int table_sizes[] = {
++ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
++ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
++ 4194301, 8388593, 16777213, 33554393, 67108859
++ };
++ void *newtable = NULL;
++ unsigned int pwr = 0;
++
++ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
++ table_sizes[pwr] <= *len)
++ pwr++;
++
++ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
++ return newtable;
++
++ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
++ newtable =
++ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
++ else
++ newtable = vmalloc(table_sizes[pwr] * elementsize);
++
++ *len = table_sizes[pwr];
++
++ return newtable;
++}
++
++static int
++init_variables(const struct gr_arg *arg)
++{
++ struct task_struct *reaper = &init_task;
++ unsigned int stacksize;
++
++ subj_map_set.s_size = arg->role_db.num_subjects;
++ acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
++ name_set.n_size = arg->role_db.num_objects;
++ inodev_set.i_size = arg->role_db.num_objects;
++
++ if (!subj_map_set.s_size || !acl_role_set.r_size ||
++ !name_set.n_size || !inodev_set.i_size)
++ return 1;
++
++ if (!gr_init_uidset())
++ return 1;
++
++ /* set up the stack that holds allocation info */
++
++ stacksize = arg->role_db.num_pointers + 5;
++
++ if (!acl_alloc_stack_init(stacksize))
++ return 1;
++
++ /* grab reference for the real root dentry and vfsmount */
++ get_fs_root(reaper->fs, &real_root);
++
++#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
++ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(real_root.dentry), real_root.dentry->d_inode->i_ino);
++#endif
++
++ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
++ if (fakefs_obj_rw == NULL)
++ return 1;
++ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
++
++ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
++ if (fakefs_obj_rwx == NULL)
++ return 1;
++ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
++
++ subj_map_set.s_hash =
++ (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
++ acl_role_set.r_hash =
++ (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
++ name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
++ inodev_set.i_hash =
++ (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
++
++ if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
++ !name_set.n_hash || !inodev_set.i_hash)
++ return 1;
++
++ memset(subj_map_set.s_hash, 0,
++ sizeof(struct subject_map *) * subj_map_set.s_size);
++ memset(acl_role_set.r_hash, 0,
++ sizeof (struct acl_role_label *) * acl_role_set.r_size);
++ memset(name_set.n_hash, 0,
++ sizeof (struct name_entry *) * name_set.n_size);
++ memset(inodev_set.i_hash, 0,
++ sizeof (struct inodev_entry *) * inodev_set.i_size);
++
++ return 0;
++}
++
++/* free information not needed after startup
++ currently contains user->kernel pointer mappings for subjects
++*/
++
++static void
++free_init_variables(void)
++{
++ __u32 i;
++
++ if (subj_map_set.s_hash) {
++ for (i = 0; i < subj_map_set.s_size; i++) {
++ if (subj_map_set.s_hash[i]) {
++ kfree(subj_map_set.s_hash[i]);
++ subj_map_set.s_hash[i] = NULL;
++ }
++ }
++
++ if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
++ PAGE_SIZE)
++ kfree(subj_map_set.s_hash);
++ else
++ vfree(subj_map_set.s_hash);
++ }
++
++ return;
++}
++
++static void
++free_variables(void)
++{
++ struct acl_subject_label *s;
++ struct acl_role_label *r;
++ struct task_struct *task, *task2;
++ unsigned int x;
++
++ gr_clear_learn_entries();
++
++ read_lock(&tasklist_lock);
++ do_each_thread(task2, task) {
++ task->acl_sp_role = 0;
++ task->acl_role_id = 0;
++ task->acl = NULL;
++ task->role = NULL;
++ } while_each_thread(task2, task);
++ read_unlock(&tasklist_lock);
++
++ /* release the reference to the real root dentry and vfsmount */
++ path_put(&real_root);
++
++ /* free all object hash tables */
++
++ FOR_EACH_ROLE_START(r)
++ if (r->subj_hash == NULL)
++ goto next_role;
++ FOR_EACH_SUBJECT_START(r, s, x)
++ if (s->obj_hash == NULL)
++ break;
++ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
++ kfree(s->obj_hash);
++ else
++ vfree(s->obj_hash);
++ FOR_EACH_SUBJECT_END(s, x)
++ FOR_EACH_NESTED_SUBJECT_START(r, s)
++ if (s->obj_hash == NULL)
++ break;
++ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
++ kfree(s->obj_hash);
++ else
++ vfree(s->obj_hash);
++ FOR_EACH_NESTED_SUBJECT_END(s)
++ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
++ kfree(r->subj_hash);
++ else
++ vfree(r->subj_hash);
++ r->subj_hash = NULL;
++next_role:
++ FOR_EACH_ROLE_END(r)
++
++ acl_free_all();
++
++ if (acl_role_set.r_hash) {
++ if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
++ PAGE_SIZE)
++ kfree(acl_role_set.r_hash);
++ else
++ vfree(acl_role_set.r_hash);
++ }
++ if (name_set.n_hash) {
++ if ((name_set.n_size * sizeof (struct name_entry *)) <=
++ PAGE_SIZE)
++ kfree(name_set.n_hash);
++ else
++ vfree(name_set.n_hash);
++ }
++
++ if (inodev_set.i_hash) {
++ if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
++ PAGE_SIZE)
++ kfree(inodev_set.i_hash);
++ else
++ vfree(inodev_set.i_hash);
++ }
++
++ gr_free_uidset();
++
++ memset(&name_set, 0, sizeof (struct name_db));
++ memset(&inodev_set, 0, sizeof (struct inodev_db));
++ memset(&acl_role_set, 0, sizeof (struct acl_role_db));
++ memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
++
++ default_role = NULL;
++ role_list = NULL;
++
++ return;
++}
++
++static __u32
++count_user_objs(struct acl_object_label *userp)
++{
++ struct acl_object_label o_tmp;
++ __u32 num = 0;
++
++ while (userp) {
++ if (copy_from_user(&o_tmp, userp,
++ sizeof (struct acl_object_label)))
++ break;
++
++ userp = o_tmp.prev;
++ num++;
++ }
++
++ return num;
++}
++
++static struct acl_subject_label *
++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
++
++static int
++copy_user_glob(struct acl_object_label *obj)
++{
++ struct acl_object_label *g_tmp, **guser;
++ unsigned int len;
++ char *tmp;
++
++ if (obj->globbed == NULL)
++ return 0;
++
++ guser = &obj->globbed;
++ while (*guser) {
++ g_tmp = (struct acl_object_label *)
++ acl_alloc(sizeof (struct acl_object_label));
++ if (g_tmp == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(g_tmp, *guser,
++ sizeof (struct acl_object_label)))
++ return -EFAULT;
++
++ len = strnlen_user(g_tmp->filename, PATH_MAX);
++
++ if (!len || len >= PATH_MAX)
++ return -EINVAL;
++
++ if ((tmp = (char *) acl_alloc(len)) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(tmp, g_tmp->filename, len))
++ return -EFAULT;
++ tmp[len-1] = '\0';
++ g_tmp->filename = tmp;
++
++ *guser = g_tmp;
++ guser = &(g_tmp->next);
++ }
++
++ return 0;
++}
++
++static int
++copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
++ struct acl_role_label *role)
+{
+ struct acl_object_label *o_tmp;
+ unsigned int len;
+EXPORT_SYMBOL(gr_check_group_change);
+#endif
+
+diff -urNp linux-3.0.7/grsecurity/gracl_alloc.c linux-3.0.7/grsecurity/gracl_alloc.c
+--- linux-3.0.7/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/gracl_alloc.c 2011-08-23 21:48:14.000000000 -0400
+@@ -0,0 +1,105 @@
++#include <linux/kernel.h>
++#include <linux/mm.h>
++#include <linux/slab.h>
++#include <linux/vmalloc.h>
++#include <linux/gracl.h>
++#include <linux/grsecurity.h>
++
++static unsigned long alloc_stack_next = 1;
++static unsigned long alloc_stack_size = 1;
++static void **alloc_stack;
++
++static __inline__ int
++alloc_pop(void)
++{
++ if (alloc_stack_next == 1)
++ return 0;
++
++ kfree(alloc_stack[alloc_stack_next - 2]);
++
++ alloc_stack_next--;
++
++ return 1;
++}
++
++static __inline__ int
++alloc_push(void *buf)
++{
++ if (alloc_stack_next >= alloc_stack_size)
++ return 1;
++
++ alloc_stack[alloc_stack_next - 1] = buf;
++
++ alloc_stack_next++;
++
++ return 0;
++}
++
++void *
++acl_alloc(unsigned long len)
++{
++ void *ret = NULL;
++
++ if (!len || len > PAGE_SIZE)
++ goto out;
++
++ ret = kmalloc(len, GFP_KERNEL);
++
++ if (ret) {
++ if (alloc_push(ret)) {
++ kfree(ret);
++ ret = NULL;
++ }
++ }
++
++out:
++ return ret;
++}
++
++void *
++acl_alloc_num(unsigned long num, unsigned long len)
++{
++ if (!len || (num > (PAGE_SIZE / len)))
++ return NULL;
++
++ return acl_alloc(num * len);
++}
++
++void
++acl_free_all(void)
++{
++ if (gr_acl_is_enabled() || !alloc_stack)
++ return;
++
++ while (alloc_pop()) ;
++
++ if (alloc_stack) {
++ if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
++ kfree(alloc_stack);
++ else
++ vfree(alloc_stack);
++ }
++
++ alloc_stack = NULL;
++ alloc_stack_size = 1;
++ alloc_stack_next = 1;
++
++ return;
++}
++
++int
++acl_alloc_stack_init(unsigned long size)
++{
++ if ((size * sizeof (void *)) <= PAGE_SIZE)
++ alloc_stack =
++ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
++ else
++ alloc_stack = (void **) vmalloc(size * sizeof (void *));
++
++ alloc_stack_size = size;
++
++ if (!alloc_stack)
++ return 0;
++ else
++ return 1;
++}
diff -urNp linux-3.0.7/grsecurity/gracl_cap.c linux-3.0.7/grsecurity/gracl_cap.c
--- linux-3.0.7/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.7/grsecurity/gracl_cap.c 2011-09-14 09:21:24.000000000 -0400
+#endif
diff -urNp linux-3.0.7/grsecurity/grsec_exec.c linux-3.0.7/grsecurity/grsec_exec.c
--- linux-3.0.7/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/grsec_exec.c 2011-09-14 09:20:28.000000000 -0400
-@@ -0,0 +1,145 @@
++++ linux-3.0.7/grsecurity/grsec_exec.c 2011-10-20 00:50:54.000000000 -0400
+@@ -0,0 +1,146 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
+ "CAP_SETFCAP",
+ "CAP_MAC_OVERRIDE",
+ "CAP_MAC_ADMIN",
-+ "CAP_SYSLOG"
++ "CAP_SYSLOG",
++ "CAP_WAKE_ALARM"
+};
+
+int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
+ .procname = "chroot_findtask",
+ .data = &grsec_enable_chroot_findtask,
+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
-+#ifdef CONFIG_GRKERNSEC_RESLOG
-+ {
-+ .procname = "resource_logging",
-+ .data = &grsec_resource_logging,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
-+#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
-+ {
-+ .procname = "audit_ptrace",
-+ .data = &grsec_enable_audit_ptrace,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
-+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
-+ {
-+ .procname = "harden_ptrace",
-+ .data = &grsec_enable_harden_ptrace,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
-+ {
-+ .procname = "grsec_lock",
-+ .data = &grsec_lock,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
-+#ifdef CONFIG_GRKERNSEC_ROFS
-+ {
-+ .procname = "romount_protect",
-+ .data = &grsec_enable_rofs,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec_minmax,
-+ .extra1 = &one,
-+ .extra2 = &one,
-+ },
-+#endif
-+ { }
-+};
-+#endif
-diff -urNp linux-3.0.7/grsecurity/grsec_time.c linux-3.0.7/grsecurity/grsec_time.c
---- linux-3.0.7/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/grsec_time.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,16 @@
-+#include <linux/kernel.h>
-+#include <linux/sched.h>
-+#include <linux/grinternal.h>
-+#include <linux/module.h>
-+
-+void
-+gr_log_timechange(void)
-+{
-+#ifdef CONFIG_GRKERNSEC_TIME
-+ if (grsec_enable_time)
-+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
-+#endif
-+ return;
-+}
-+
-+EXPORT_SYMBOL(gr_log_timechange);
-diff -urNp linux-3.0.7/grsecurity/grsec_tpe.c linux-3.0.7/grsecurity/grsec_tpe.c
---- linux-3.0.7/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/grsec_tpe.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,39 @@
-+#include <linux/kernel.h>
-+#include <linux/sched.h>
-+#include <linux/file.h>
-+#include <linux/fs.h>
-+#include <linux/grinternal.h>
-+
-+extern int gr_acl_tpe_check(void);
-+
-+int
-+gr_tpe_allow(const struct file *file)
-+{
-+#ifdef CONFIG_GRKERNSEC
-+ struct inode *inode = file->f_path.dentry->d_parent->d_inode;
-+ const struct cred *cred = current_cred();
-+
-+ if (cred->uid && ((grsec_enable_tpe &&
-+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
-+ ((grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid)) ||
-+ (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid)))
-+#else
-+ in_group_p(grsec_tpe_gid)
-+#endif
-+ ) || gr_acl_tpe_check()) &&
-+ (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
-+ (inode->i_mode & S_IWOTH))))) {
-+ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
-+ return 0;
-+ }
-+#ifdef CONFIG_GRKERNSEC_TPE_ALL
-+ if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
-+ ((inode->i_uid && (inode->i_uid != cred->uid)) ||
-+ (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
-+ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
-+ return 0;
-+ }
-+#endif
-+#endif
-+ return 1;
-+}
-diff -urNp linux-3.0.7/grsecurity/grsum.c linux-3.0.7/grsecurity/grsum.c
---- linux-3.0.7/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/grsum.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,61 @@
-+#include <linux/err.h>
-+#include <linux/kernel.h>
-+#include <linux/sched.h>
-+#include <linux/mm.h>
-+#include <linux/scatterlist.h>
-+#include <linux/crypto.h>
-+#include <linux/gracl.h>
-+
-+
-+#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
-+#error "crypto and sha256 must be built into the kernel"
-+#endif
-+
-+int
-+chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
-+{
-+ char *p;
-+ struct crypto_hash *tfm;
-+ struct hash_desc desc;
-+ struct scatterlist sg;
-+ unsigned char temp_sum[GR_SHA_LEN];
-+ volatile int retval = 0;
-+ volatile int dummy = 0;
-+ unsigned int i;
-+
-+ sg_init_table(&sg, 1);
-+
-+ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
-+ if (IS_ERR(tfm)) {
-+ /* should never happen, since sha256 should be built in */
-+ return 1;
-+ }
-+
-+ desc.tfm = tfm;
-+ desc.flags = 0;
-+
-+ crypto_hash_init(&desc);
-+
-+ p = salt;
-+ sg_set_buf(&sg, p, GR_SALT_LEN);
-+ crypto_hash_update(&desc, &sg, sg.length);
-+
-+ p = entry->pw;
-+ sg_set_buf(&sg, p, strlen(p));
-+
-+ crypto_hash_update(&desc, &sg, sg.length);
-+
-+ crypto_hash_final(&desc, temp_sum);
-+
-+ memset(entry->pw, 0, GR_PW_LEN);
-+
-+ for (i = 0; i < GR_SHA_LEN; i++)
-+ if (sum[i] != temp_sum[i])
-+ retval = 1;
-+ else
-+ dummy = 1; // waste a cycle
-+
-+ crypto_free_hash(tfm);
-+
-+ return retval;
-+}
-diff -urNp linux-3.0.7/grsecurity/Kconfig linux-3.0.7/grsecurity/Kconfig
---- linux-3.0.7/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/Kconfig 2011-09-15 00:00:57.000000000 -0400
-@@ -0,0 +1,1038 @@
-+#
-+# grecurity configuration
-+#
-+
-+menu "Grsecurity"
-+
-+config GRKERNSEC
-+ bool "Grsecurity"
-+ select CRYPTO
-+ select CRYPTO_SHA256
-+ help
-+ If you say Y here, you will be able to configure many features
-+ that will enhance the security of your system. It is highly
-+ recommended that you say Y here and read through the help
-+ for each option so that you fully understand the features and
-+ can evaluate their usefulness for your machine.
-+
-+choice
-+ prompt "Security Level"
-+ depends on GRKERNSEC
-+ default GRKERNSEC_CUSTOM
-+
-+config GRKERNSEC_LOW
-+ bool "Low"
-+ select GRKERNSEC_LINK
-+ select GRKERNSEC_FIFO
-+ select GRKERNSEC_RANDNET
-+ select GRKERNSEC_DMESG
-+ select GRKERNSEC_CHROOT
-+ select GRKERNSEC_CHROOT_CHDIR
-+
-+ help
-+ If you choose this option, several of the grsecurity options will
-+ be enabled that will give you greater protection against a number
-+ of attacks, while assuring that none of your software will have any
-+ conflicts with the additional security measures. If you run a lot
-+ of unusual software, or you are having problems with the higher
-+ security levels, you should say Y here. With this option, the
-+ following features are enabled:
-+
-+ - Linking restrictions
-+ - FIFO restrictions
-+ - Restricted dmesg
-+ - Enforced chdir("/") on chroot
-+ - Runtime module disabling
-+
-+config GRKERNSEC_MEDIUM
-+ bool "Medium"
-+ select PAX
-+ select PAX_EI_PAX
-+ select PAX_PT_PAX_FLAGS
-+ select PAX_HAVE_ACL_FLAGS
-+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
-+ select GRKERNSEC_CHROOT
-+ select GRKERNSEC_CHROOT_SYSCTL
-+ select GRKERNSEC_LINK
-+ select GRKERNSEC_FIFO
-+ select GRKERNSEC_DMESG
-+ select GRKERNSEC_RANDNET
-+ select GRKERNSEC_FORKFAIL
-+ select GRKERNSEC_TIME
-+ select GRKERNSEC_SIGNAL
-+ select GRKERNSEC_CHROOT
-+ select GRKERNSEC_CHROOT_UNIX
-+ select GRKERNSEC_CHROOT_MOUNT
-+ select GRKERNSEC_CHROOT_PIVOT
-+ select GRKERNSEC_CHROOT_DOUBLE
-+ select GRKERNSEC_CHROOT_CHDIR
-+ select GRKERNSEC_CHROOT_MKNOD
-+ select GRKERNSEC_PROC
-+ select GRKERNSEC_PROC_USERGROUP
-+ select PAX_RANDUSTACK
-+ select PAX_ASLR
-+ select PAX_RANDMMAP
-+ select PAX_REFCOUNT if (X86 || SPARC64)
-+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
-+
-+ help
-+ If you say Y here, several features in addition to those included
-+ in the low additional security level will be enabled. These
-+ features provide even more security to your system, though in rare
-+ cases they may be incompatible with very old or poorly written
-+ software. If you enable this option, make sure that your auth
-+ service (identd) is running as gid 1001. With this option,
-+ the following features (in addition to those provided in the
-+ low additional security level) will be enabled:
-+
-+ - Failed fork logging
-+ - Time change logging
-+ - Signal logging
-+ - Deny mounts in chroot
-+ - Deny double chrooting
-+ - Deny sysctl writes in chroot
-+ - Deny mknod in chroot
-+ - Deny access to abstract AF_UNIX sockets out of chroot
-+ - Deny pivot_root in chroot
-+ - Denied writes of /dev/kmem, /dev/mem, and /dev/port
-+ - /proc restrictions with special GID set to 10 (usually wheel)
-+ - Address Space Layout Randomization (ASLR)
-+ - Prevent exploitation of most refcount overflows
-+ - Bounds checking of copying between the kernel and userland
-+
-+config GRKERNSEC_HIGH
-+ bool "High"
-+ select GRKERNSEC_LINK
-+ select GRKERNSEC_FIFO
-+ select GRKERNSEC_DMESG
-+ select GRKERNSEC_FORKFAIL
-+ select GRKERNSEC_TIME
-+ select GRKERNSEC_SIGNAL
-+ select GRKERNSEC_CHROOT
-+ select GRKERNSEC_CHROOT_SHMAT
-+ select GRKERNSEC_CHROOT_UNIX
-+ select GRKERNSEC_CHROOT_MOUNT
-+ select GRKERNSEC_CHROOT_FCHDIR
-+ select GRKERNSEC_CHROOT_PIVOT
-+ select GRKERNSEC_CHROOT_DOUBLE
-+ select GRKERNSEC_CHROOT_CHDIR
-+ select GRKERNSEC_CHROOT_MKNOD
-+ select GRKERNSEC_CHROOT_CAPS
-+ select GRKERNSEC_CHROOT_SYSCTL
-+ select GRKERNSEC_CHROOT_FINDTASK
-+ select GRKERNSEC_SYSFS_RESTRICT
-+ select GRKERNSEC_PROC
-+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
-+ select GRKERNSEC_HIDESYM
-+ select GRKERNSEC_BRUTE
-+ select GRKERNSEC_PROC_USERGROUP
-+ select GRKERNSEC_KMEM
-+ select GRKERNSEC_RESLOG
-+ select GRKERNSEC_RANDNET
-+ select GRKERNSEC_PROC_ADD
-+ select GRKERNSEC_CHROOT_CHMOD
-+ select GRKERNSEC_CHROOT_NICE
-+ select GRKERNSEC_AUDIT_MOUNT
-+ select GRKERNSEC_MODHARDEN if (MODULES)
-+ select GRKERNSEC_HARDEN_PTRACE
-+ select GRKERNSEC_VM86 if (X86_32)
-+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
-+ select PAX
-+ select PAX_RANDUSTACK
-+ select PAX_ASLR
-+ select PAX_RANDMMAP
-+ select PAX_NOEXEC
-+ select PAX_MPROTECT
-+ select PAX_EI_PAX
-+ select PAX_PT_PAX_FLAGS
-+ select PAX_HAVE_ACL_FLAGS
-+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
-+ select PAX_MEMORY_UDEREF if (X86 && !XEN)
-+ select PAX_RANDKSTACK if (X86_TSC && X86)
-+ select PAX_SEGMEXEC if (X86_32)
-+ select PAX_PAGEEXEC
-+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
-+ select PAX_EMUTRAMP if (PARISC)
-+ select PAX_EMUSIGRT if (PARISC)
-+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
-+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
-+ select PAX_REFCOUNT if (X86 || SPARC64)
-+ select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
-+ help
-+ If you say Y here, many of the features of grsecurity will be
-+ enabled, which will protect you against many kinds of attacks
-+ against your system. The heightened security comes at a cost
-+ of an increased chance of incompatibilities with rare software
-+ on your machine. Since this security level enables PaX, you should
-+ view <http://pax.grsecurity.net> and read about the PaX
-+ project. While you are there, download chpax and run it on
-+ binaries that cause problems with PaX. Also remember that
-+ since the /proc restrictions are enabled, you must run your
-+ identd as gid 1001. This security level enables the following
-+ features in addition to those listed in the low and medium
-+ security levels:
-+
-+ - Additional /proc restrictions
-+ - Chmod restrictions in chroot
-+ - No signals, ptrace, or viewing of processes outside of chroot
-+ - Capability restrictions in chroot
-+ - Deny fchdir out of chroot
-+ - Priority restrictions in chroot
-+ - Segmentation-based implementation of PaX
-+ - Mprotect restrictions
-+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
-+ - Kernel stack randomization
-+ - Mount/unmount/remount logging
-+ - Kernel symbol hiding
-+ - Prevention of memory exhaustion-based exploits
-+ - Hardening of module auto-loading
-+ - Ptrace restrictions
-+ - Restricted vm86 mode
-+ - Restricted sysfs/debugfs
-+ - Active kernel exploit response
-+
-+config GRKERNSEC_CUSTOM
-+ bool "Custom"
-+ help
-+ If you say Y here, you will be able to configure every grsecurity
-+ option, which allows you to enable many more features that aren't
-+ covered in the basic security levels. These additional features
-+ include TPE, socket restrictions, and the sysctl system for
-+ grsecurity. It is advised that you read through the help for
-+ each option to determine its usefulness in your situation.
-+
-+endchoice
-+
-+menu "Address Space Protection"
-+depends on GRKERNSEC
-+
-+config GRKERNSEC_KMEM
-+ bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
-+ select STRICT_DEVMEM if (X86 || ARM || TILE || S390)
-+ help
-+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to
-+ be written to via mmap or otherwise to modify the running kernel.
-+ /dev/port will also not be allowed to be opened. If you have module
-+ support disabled, enabling this will close up four ways that are
-+ currently used to insert malicious code into the running kernel.
-+ Even with all these features enabled, we still highly recommend that
-+ you use the RBAC system, as it is still possible for an attacker to
-+ modify the running kernel through privileged I/O granted by ioperm/iopl.
-+ If you are not using XFree86, you may be able to stop this additional
-+ case by enabling the 'Disable privileged I/O' option. Though nothing
-+ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
-+ but only to video memory, which is the only writing we allow in this
-+ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
-+ not be allowed to mprotect it with PROT_WRITE later.
-+ It is highly recommended that you say Y here if you meet all the
-+ conditions above.
-+
-+config GRKERNSEC_VM86
-+ bool "Restrict VM86 mode"
-+ depends on X86_32
-+
-+ help
-+ If you say Y here, only processes with CAP_SYS_RAWIO will be able to
-+ make use of a special execution mode on 32bit x86 processors called
-+ Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
-+ video cards and will still work with this option enabled. The purpose
-+ of the option is to prevent exploitation of emulation errors in
-+ virtualization of vm86 mode like the one discovered in VMWare in 2009.
-+ Nearly all users should be able to enable this option.
-+
-+config GRKERNSEC_IO
-+ bool "Disable privileged I/O"
-+ depends on X86
-+ select RTC_CLASS
-+ select RTC_INTF_DEV
-+ select RTC_DRV_CMOS
-+
-+ help
-+ If you say Y here, all ioperm and iopl calls will return an error.
-+ Ioperm and iopl can be used to modify the running kernel.
-+ Unfortunately, some programs need this access to operate properly,
-+ the most notable of which are XFree86 and hwclock. hwclock can be
-+ remedied by having RTC support in the kernel, so real-time
-+ clock support is enabled if this option is enabled, to ensure
-+ that hwclock operates correctly. XFree86 still will not
-+ operate correctly with this option enabled, so DO NOT CHOOSE Y
-+ IF YOU USE XFree86. If you use XFree86 and you still want to
-+ protect your kernel against modification, use the RBAC system.
-+
-+config GRKERNSEC_PROC_MEMMAP
-+ bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
-+ default y if (PAX_NOEXEC || PAX_ASLR)
-+ depends on PAX_NOEXEC || PAX_ASLR
-+ help
-+ If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
-+ give no information about the addresses of its mappings if
-+ PaX features that rely on random addresses are enabled on the task.
-+ If you use PaX it is greatly recommended that you say Y here as it
-+ closes up a hole that makes the full ASLR useless for suid
-+ binaries.
-+
-+config GRKERNSEC_BRUTE
-+ bool "Deter exploit bruteforcing"
-+ help
-+ If you say Y here, attempts to bruteforce exploits against forking
-+ daemons such as apache or sshd, as well as against suid/sgid binaries
-+ will be deterred. When a child of a forking daemon is killed by PaX
-+ or crashes due to an illegal instruction or other suspicious signal,
-+ the parent process will be delayed 30 seconds upon every subsequent
-+ fork until the administrator is able to assess the situation and
-+ restart the daemon.
-+ In the suid/sgid case, the attempt is logged, the user has all their
-+ processes terminated, and they are prevented from executing any further
-+ processes for 15 minutes.
-+ It is recommended that you also enable signal logging in the auditing
-+ section so that logs are generated when a process triggers a suspicious
-+ signal.
-+ If the sysctl option is enabled, a sysctl option with name
-+ "deter_bruteforce" is created.
-+
-+
-+config GRKERNSEC_MODHARDEN
-+ bool "Harden module auto-loading"
-+ depends on MODULES
-+ help
-+ If you say Y here, module auto-loading in response to use of some
-+ feature implemented by an unloaded module will be restricted to
-+ root users. Enabling this option helps defend against attacks
-+ by unprivileged users who abuse the auto-loading behavior to
-+ cause a vulnerable module to load that is then exploited.
-+
-+ If this option prevents a legitimate use of auto-loading for a
-+ non-root user, the administrator can execute modprobe manually
-+ with the exact name of the module mentioned in the alert log.
-+ Alternatively, the administrator can add the module to the list
-+ of modules loaded at boot by modifying init scripts.
-+
-+ Modification of init scripts will most likely be needed on
-+ Ubuntu servers with encrypted home directory support enabled,
-+ as the first non-root user logging in will cause the ecb(aes),
-+ ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
-+
-+config GRKERNSEC_HIDESYM
-+ bool "Hide kernel symbols"
-+ help
-+ If you say Y here, getting information on loaded modules, and
-+ displaying all kernel symbols through a syscall will be restricted
-+ to users with CAP_SYS_MODULE. For software compatibility reasons,
-+ /proc/kallsyms will be restricted to the root user. The RBAC
-+ system can hide that entry even from root.
-+
-+ This option also prevents leaking of kernel addresses through
-+ several /proc entries.
-+
-+ Note that this option is only effective provided the following
-+ conditions are met:
-+ 1) The kernel using grsecurity is not precompiled by some distribution
-+ 2) You have also enabled GRKERNSEC_DMESG
-+ 3) You are using the RBAC system and hiding other files such as your
-+ kernel image and System.map. Alternatively, enabling this option
-+ causes the permissions on /boot, /lib/modules, and the kernel
-+ source directory to change at compile time to prevent
-+ reading by non-root users.
-+ If the above conditions are met, this option will aid in providing a
-+ useful protection against local kernel exploitation of overflows
-+ and arbitrary read/write vulnerabilities.
-+
-+config GRKERNSEC_KERN_LOCKOUT
-+ bool "Active kernel exploit response"
-+ depends on X86 || ARM || PPC || SPARC
-+ help
-+ If you say Y here, when a PaX alert is triggered due to suspicious
-+ activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
-+ or an OOPs occurs due to bad memory accesses, instead of just
-+ terminating the offending process (and potentially allowing
-+ a subsequent exploit from the same user), we will take one of two
-+ actions:
-+ If the user was root, we will panic the system
-+ If the user was non-root, we will log the attempt, terminate
-+ all processes owned by the user, then prevent them from creating
-+ any new processes until the system is restarted
-+ This deters repeated kernel exploitation/bruteforcing attempts
-+ and is useful for later forensics.
-+
-+endmenu
-+menu "Role Based Access Control Options"
-+depends on GRKERNSEC
-+
-+config GRKERNSEC_RBAC_DEBUG
-+ bool
-+
-+config GRKERNSEC_NO_RBAC
-+ bool "Disable RBAC system"
-+ help
-+ If you say Y here, the /dev/grsec device will be removed from the kernel,
-+ preventing the RBAC system from being enabled. You should only say Y
-+ here if you have no intention of using the RBAC system, so as to prevent
-+ an attacker with root access from misusing the RBAC system to hide files
-+ and processes when loadable module support and /dev/[k]mem have been
-+ locked down.
-+
-+config GRKERNSEC_ACL_HIDEKERN
-+ bool "Hide kernel processes"
-+ help
-+ If you say Y here, all kernel threads will be hidden to all
-+ processes but those whose subject has the "view hidden processes"
-+ flag.
-+
-+config GRKERNSEC_ACL_MAXTRIES
-+ int "Maximum tries before password lockout"
-+ default 3
-+ help
-+ This option enforces the maximum number of times a user can attempt
-+ to authorize themselves with the grsecurity RBAC system before being
-+ denied the ability to attempt authorization again for a specified time.
-+ The lower the number, the harder it will be to brute-force a password.
-+
-+config GRKERNSEC_ACL_TIMEOUT
-+ int "Time to wait after max password tries, in seconds"
-+ default 30
-+ help
-+ This option specifies the time the user must wait after attempting to
-+ authorize to the RBAC system with the maximum number of invalid
-+ passwords. The higher the number, the harder it will be to brute-force
-+ a password.
-+
-+endmenu
-+menu "Filesystem Protections"
-+depends on GRKERNSEC
-+
-+config GRKERNSEC_PROC
-+ bool "Proc restrictions"
-+ help
-+ If you say Y here, the permissions of the /proc filesystem
-+ will be altered to enhance system security and privacy. You MUST
-+ choose either a user only restriction or a user and group restriction.
-+ Depending upon the option you choose, you can either restrict users to
-+ see only the processes they themselves run, or choose a group that can
-+ view all processes and files normally restricted to root if you choose
-+ the "restrict to user only" option. NOTE: If you're running identd as
-+ a non-root user, you will have to run it as the group you specify here.
-+
-+config GRKERNSEC_PROC_USER
-+ bool "Restrict /proc to user only"
-+ depends on GRKERNSEC_PROC
-+ help
-+ If you say Y here, non-root users will only be able to view their own
-+ processes, and restricts them from viewing network-related information,
-+ and viewing kernel symbol and module information.
-+
-+config GRKERNSEC_PROC_USERGROUP
-+ bool "Allow special group"
-+ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
-+ help
-+ If you say Y here, you will be able to select a group that will be
-+ able to view all processes and network-related information. If you've
-+ enabled GRKERNSEC_HIDESYM, kernel and symbol information may still
-+ remain hidden. This option is useful if you want to run identd as
-+ a non-root user.
-+
-+config GRKERNSEC_PROC_GID
-+ int "GID for special group"
-+ depends on GRKERNSEC_PROC_USERGROUP
-+ default 1001
-+
-+config GRKERNSEC_PROC_ADD
-+ bool "Additional restrictions"
-+ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
-+ help
-+ If you say Y here, additional restrictions will be placed on
-+ /proc that keep normal users from viewing device information and
-+ slabinfo information that could be useful for exploits.
-+
-+config GRKERNSEC_LINK
-+ bool "Linking restrictions"
-+ help
-+ If you say Y here, /tmp race exploits will be prevented, since users
-+ will no longer be able to follow symlinks owned by other users in
-+ world-writable +t directories (e.g. /tmp), unless the owner of the
-+ symlink is the owner of the directory. users will also not be
-+ able to hardlink to files they do not own. If the sysctl option is
-+ enabled, a sysctl option with name "linking_restrictions" is created.
-+
-+config GRKERNSEC_FIFO
-+ bool "FIFO restrictions"
-+ help
-+ If you say Y here, users will not be able to write to FIFOs they don't
-+ own in world-writable +t directories (e.g. /tmp), unless the owner of
-+ the FIFO is the same owner of the directory it's held in. If the sysctl
-+ option is enabled, a sysctl option with name "fifo_restrictions" is
-+ created.
-+
-+config GRKERNSEC_SYSFS_RESTRICT
-+ bool "Sysfs/debugfs restriction"
-+ depends on SYSFS
-+ help
-+ If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
-+ any filesystem normally mounted under it (e.g. debugfs) will only
-+ be accessible by root. These filesystems generally provide access
-+ to hardware and debug information that isn't appropriate for unprivileged
-+ users of the system. Sysfs and debugfs have also become a large source
-+ of new vulnerabilities, ranging from infoleaks to local compromise.
-+ There has been very little oversight with an eye toward security involved
-+ in adding new exporters of information to these filesystems, so their
-+ use is discouraged.
-+ This option is equivalent to a chmod 0700 of the mount paths.
-+
-+config GRKERNSEC_ROFS
-+ bool "Runtime read-only mount protection"
-+ help
-+ If you say Y here, a sysctl option with name "romount_protect" will
-+ be created. By setting this option to 1 at runtime, filesystems
-+ will be protected in the following ways:
-+ * No new writable mounts will be allowed
-+ * Existing read-only mounts won't be able to be remounted read/write
-+ * Write operations will be denied on all block devices
-+ This option acts independently of grsec_lock: once it is set to 1,
-+ it cannot be turned off. Therefore, please be mindful of the resulting
-+ behavior if this option is enabled in an init script on a read-only
-+ filesystem. This feature is mainly intended for secure embedded systems.
-+
-+config GRKERNSEC_CHROOT
-+ bool "Chroot jail restrictions"
-+ help
-+ If you say Y here, you will be able to choose several options that will
-+ make breaking out of a chrooted jail much more difficult. If you
-+ encounter no software incompatibilities with the following options, it
-+ is recommended that you enable each one.
-+
-+config GRKERNSEC_CHROOT_MOUNT
-+ bool "Deny mounts"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to
-+ mount or remount filesystems. If the sysctl option is enabled, a
-+ sysctl option with name "chroot_deny_mount" is created.
-+
-+config GRKERNSEC_CHROOT_DOUBLE
-+ bool "Deny double-chroots"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to chroot
-+ again outside the chroot. This is a widely used method of breaking
-+ out of a chroot jail and should not be allowed. If the sysctl
-+ option is enabled, a sysctl option with name
-+ "chroot_deny_chroot" is created.
-+
-+config GRKERNSEC_CHROOT_PIVOT
-+ bool "Deny pivot_root in chroot"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to use
-+ a function called pivot_root() that was introduced in Linux 2.3.41. It
-+ works similar to chroot in that it changes the root filesystem. This
-+ function could be misused in a chrooted process to attempt to break out
-+ of the chroot, and therefore should not be allowed. If the sysctl
-+ option is enabled, a sysctl option with name "chroot_deny_pivot" is
-+ created.
-+
-+config GRKERNSEC_CHROOT_CHDIR
-+ bool "Enforce chdir(\"/\") on all chroots"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, the current working directory of all newly-chrooted
-+ applications will be set to the the root directory of the chroot.
-+ The man page on chroot(2) states:
-+ Note that this call does not change the current working
-+ directory, so that `.' can be outside the tree rooted at
-+ `/'. In particular, the super-user can escape from a
-+ `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
-+
-+ It is recommended that you say Y here, since it's not known to break
-+ any software. If the sysctl option is enabled, a sysctl option with
-+ name "chroot_enforce_chdir" is created.
-+
-+config GRKERNSEC_CHROOT_CHMOD
-+ bool "Deny (f)chmod +s"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to chmod
-+ or fchmod files to make them have suid or sgid bits. This protects
-+ against another published method of breaking a chroot. If the sysctl
-+ option is enabled, a sysctl option with name "chroot_deny_chmod" is
-+ created.
-+
-+config GRKERNSEC_CHROOT_FCHDIR
-+ bool "Deny fchdir out of chroot"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, a well-known method of breaking chroots by fchdir'ing
-+ to a file descriptor of the chrooting process that points to a directory
-+ outside the filesystem will be stopped. If the sysctl option
-+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
-+
-+config GRKERNSEC_CHROOT_MKNOD
-+ bool "Deny mknod"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be allowed to
-+ mknod. The problem with using mknod inside a chroot is that it
-+ would allow an attacker to create a device entry that is the same
-+ as one on the physical root of your system, which could range from
-+ anything from the console device to a device for your harddrive (which
-+ they could then use to wipe the drive or steal data). It is recommended
-+ that you say Y here, unless you run into software incompatibilities.
-+ If the sysctl option is enabled, a sysctl option with name
-+ "chroot_deny_mknod" is created.
-+
-+config GRKERNSEC_CHROOT_SHMAT
-+ bool "Deny shmat() out of chroot"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to attach
-+ to shared memory segments that were created outside of the chroot jail.
-+ It is recommended that you say Y here. If the sysctl option is enabled,
-+ a sysctl option with name "chroot_deny_shmat" is created.
-+
-+config GRKERNSEC_CHROOT_UNIX
-+ bool "Deny access to abstract AF_UNIX sockets out of chroot"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to
-+ connect to abstract (meaning not belonging to a filesystem) Unix
-+ domain sockets that were bound outside of a chroot. It is recommended
-+ that you say Y here. If the sysctl option is enabled, a sysctl option
-+ with name "chroot_deny_unix" is created.
-+
-+config GRKERNSEC_CHROOT_FINDTASK
-+ bool "Protect outside processes"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to
-+ kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
-+ getsid, or view any process outside of the chroot. If the sysctl
-+ option is enabled, a sysctl option with name "chroot_findtask" is
-+ created.
-+
-+config GRKERNSEC_CHROOT_NICE
-+ bool "Restrict priority changes"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, processes inside a chroot will not be able to raise
-+ the priority of processes in the chroot, or alter the priority of
-+ processes outside the chroot. This provides more security than simply
-+ removing CAP_SYS_NICE from the process' capability set. If the
-+ sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
-+ is created.
-+
-+config GRKERNSEC_CHROOT_SYSCTL
-+ bool "Deny sysctl writes"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, an attacker in a chroot will not be able to
-+ write to sysctl entries, either by sysctl(2) or through a /proc
-+ interface. It is strongly recommended that you say Y here. If the
-+ sysctl option is enabled, a sysctl option with name
-+ "chroot_deny_sysctl" is created.
-+
-+config GRKERNSEC_CHROOT_CAPS
-+ bool "Capability restrictions"
-+ depends on GRKERNSEC_CHROOT
-+ help
-+ If you say Y here, the capabilities on all processes within a
-+ chroot jail will be lowered to stop module insertion, raw i/o,
-+ system and net admin tasks, rebooting the system, modifying immutable
-+ files, modifying IPC owned by another, and changing the system time.
-+ This is left an option because it can break some apps. Disable this
-+ if your chrooted apps are having problems performing those kinds of
-+ tasks. If the sysctl option is enabled, a sysctl option with
-+ name "chroot_caps" is created.
-+
-+endmenu
-+menu "Kernel Auditing"
-+depends on GRKERNSEC
-+
-+config GRKERNSEC_AUDIT_GROUP
-+ bool "Single group for auditing"
-+ help
-+ If you say Y here, the exec, chdir, and (un)mount logging features
-+ will only operate on a group you specify. This option is recommended
-+ if you only want to watch certain users instead of having a large
-+ amount of logs from the entire system. If the sysctl option is enabled,
-+ a sysctl option with name "audit_group" is created.
-+
-+config GRKERNSEC_AUDIT_GID
-+ int "GID for auditing"
-+ depends on GRKERNSEC_AUDIT_GROUP
-+ default 1007
-+
-+config GRKERNSEC_EXECLOG
-+ bool "Exec logging"
-+ help
-+ If you say Y here, all execve() calls will be logged (since the
-+ other exec*() calls are frontends to execve(), all execution
-+ will be logged). Useful for shell-servers that like to keep track
-+ of their users. If the sysctl option is enabled, a sysctl option with
-+ name "exec_logging" is created.
-+ WARNING: This option when enabled will produce a LOT of logs, especially
-+ on an active system.
-+
-+config GRKERNSEC_RESLOG
-+ bool "Resource logging"
-+ help
-+ If you say Y here, all attempts to overstep resource limits will
-+ be logged with the resource name, the requested size, and the current
-+ limit. It is highly recommended that you say Y here. If the sysctl
-+ option is enabled, a sysctl option with name "resource_logging" is
-+ created. If the RBAC system is enabled, the sysctl value is ignored.
-+
-+config GRKERNSEC_CHROOT_EXECLOG
-+ bool "Log execs within chroot"
-+ help
-+ If you say Y here, all executions inside a chroot jail will be logged
-+ to syslog. This can cause a large amount of logs if certain
-+ applications (eg. djb's daemontools) are installed on the system, and
-+ is therefore left as an option. If the sysctl option is enabled, a
-+ sysctl option with name "chroot_execlog" is created.
-+
-+config GRKERNSEC_AUDIT_PTRACE
-+ bool "Ptrace logging"
-+ help
-+ If you say Y here, all attempts to attach to a process via ptrace
-+ will be logged. If the sysctl option is enabled, a sysctl option
-+ with name "audit_ptrace" is created.
-+
-+config GRKERNSEC_AUDIT_CHDIR
-+ bool "Chdir logging"
-+ help
-+ If you say Y here, all chdir() calls will be logged. If the sysctl
-+ option is enabled, a sysctl option with name "audit_chdir" is created.
-+
-+config GRKERNSEC_AUDIT_MOUNT
-+ bool "(Un)Mount logging"
-+ help
-+ If you say Y here, all mounts and unmounts will be logged. If the
-+ sysctl option is enabled, a sysctl option with name "audit_mount" is
-+ created.
-+
-+config GRKERNSEC_SIGNAL
-+ bool "Signal logging"
-+ help
-+ If you say Y here, certain important signals will be logged, such as
-+ SIGSEGV, which will as a result inform you of when a error in a program
-+ occurred, which in some cases could mean a possible exploit attempt.
-+ If the sysctl option is enabled, a sysctl option with name
-+ "signal_logging" is created.
-+
-+config GRKERNSEC_FORKFAIL
-+ bool "Fork failure logging"
-+ help
-+ If you say Y here, all failed fork() attempts will be logged.
-+ This could suggest a fork bomb, or someone attempting to overstep
-+ their process limit. If the sysctl option is enabled, a sysctl option
-+ with name "forkfail_logging" is created.
-+
-+config GRKERNSEC_TIME
-+ bool "Time change logging"
-+ help
-+ If you say Y here, any changes of the system clock will be logged.
-+ If the sysctl option is enabled, a sysctl option with name
-+ "timechange_logging" is created.
-+
-+config GRKERNSEC_PROC_IPADDR
-+ bool "/proc/<pid>/ipaddr support"
-+ help
-+ If you say Y here, a new entry will be added to each /proc/<pid>
-+ directory that contains the IP address of the person using the task.
-+ The IP is carried across local TCP and AF_UNIX stream sockets.
-+ This information can be useful for IDS/IPSes to perform remote response
-+ to a local attack. The entry is readable by only the owner of the
-+ process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
-+ the RBAC system), and thus does not create privacy concerns.
-+
-+config GRKERNSEC_RWXMAP_LOG
-+ bool 'Denied RWX mmap/mprotect logging'
-+ depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
-+ help
-+ If you say Y here, calls to mmap() and mprotect() with explicit
-+ usage of PROT_WRITE and PROT_EXEC together will be logged when
-+ denied by the PAX_MPROTECT feature. If the sysctl option is
-+ enabled, a sysctl option with name "rwxmap_logging" is created.
-+
-+config GRKERNSEC_AUDIT_TEXTREL
-+ bool 'ELF text relocations logging (READ HELP)'
-+ depends on PAX_MPROTECT
-+ help
-+ If you say Y here, text relocations will be logged with the filename
-+ of the offending library or binary. The purpose of the feature is
-+ to help Linux distribution developers get rid of libraries and
-+ binaries that need text relocations which hinder the future progress
-+ of PaX. Only Linux distribution developers should say Y here, and
-+ never on a production machine, as this option creates an information
-+ leak that could aid an attacker in defeating the randomization of
-+ a single memory region. If the sysctl option is enabled, a sysctl
-+ option with name "audit_textrel" is created.
-+
-+endmenu
-+
-+menu "Executable Protections"
-+depends on GRKERNSEC
-+
-+config GRKERNSEC_DMESG
-+ bool "Dmesg(8) restriction"
-+ help
-+ If you say Y here, non-root users will not be able to use dmesg(8)
-+ to view up to the last 4kb of messages in the kernel's log buffer.
-+ The kernel's log buffer often contains kernel addresses and other
-+ identifying information useful to an attacker in fingerprinting a
-+ system for a targeted exploit.
-+ If the sysctl option is enabled, a sysctl option with name "dmesg" is
-+ created.
-+
-+config GRKERNSEC_HARDEN_PTRACE
-+ bool "Deter ptrace-based process snooping"
-+ help
-+ If you say Y here, TTY sniffers and other malicious monitoring
-+ programs implemented through ptrace will be defeated. If you
-+ have been using the RBAC system, this option has already been
-+ enabled for several years for all users, with the ability to make
-+ fine-grained exceptions.
-+
-+ This option only affects the ability of non-root users to ptrace
-+ processes that are not a descendent of the ptracing process.
-+ This means that strace ./binary and gdb ./binary will still work,
-+ but attaching to arbitrary processes will not. If the sysctl
-+ option is enabled, a sysctl option with name "harden_ptrace" is
-+ created.
-+
-+config GRKERNSEC_TPE
-+ bool "Trusted Path Execution (TPE)"
-+ help
-+ If you say Y here, you will be able to choose a gid to add to the
-+ supplementary groups of users you want to mark as "untrusted."
-+ These users will not be able to execute any files that are not in
-+ root-owned directories writable only by root. If the sysctl option
-+ is enabled, a sysctl option with name "tpe" is created.
-+
-+config GRKERNSEC_TPE_ALL
-+ bool "Partially restrict all non-root users"
-+ depends on GRKERNSEC_TPE
-+ help
-+ If you say Y here, all non-root users will be covered under
-+ a weaker TPE restriction. This is separate from, and in addition to,
-+ the main TPE options that you have selected elsewhere. Thus, if a
-+ "trusted" GID is chosen, this restriction applies to even that GID.
-+ Under this restriction, all non-root users will only be allowed to
-+ execute files in directories they own that are not group or
-+ world-writable, or in directories owned by root and writable only by
-+ root. If the sysctl option is enabled, a sysctl option with name
-+ "tpe_restrict_all" is created.
-+
-+config GRKERNSEC_TPE_INVERT
-+ bool "Invert GID option"
-+ depends on GRKERNSEC_TPE
-+ help
-+ If you say Y here, the group you specify in the TPE configuration will
-+ decide what group TPE restrictions will be *disabled* for. This
-+ option is useful if you want TPE restrictions to be applied to most
-+ users on the system. If the sysctl option is enabled, a sysctl option
-+ with name "tpe_invert" is created. Unlike other sysctl options, this
-+ entry will default to on for backward-compatibility.
-+
-+config GRKERNSEC_TPE_GID
-+ int "GID for untrusted users"
-+ depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
-+ default 1005
-+ help
-+ Setting this GID determines what group TPE restrictions will be
-+ *enabled* for. If the sysctl option is enabled, a sysctl option
-+ with name "tpe_gid" is created.
-+
-+config GRKERNSEC_TPE_GID
-+ int "GID for trusted users"
-+ depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
-+ default 1005
-+ help
-+ Setting this GID determines what group TPE restrictions will be
-+ *disabled* for. If the sysctl option is enabled, a sysctl option
-+ with name "tpe_gid" is created.
-+
-+endmenu
-+menu "Network Protections"
-+depends on GRKERNSEC
-+
-+config GRKERNSEC_RANDNET
-+ bool "Larger entropy pools"
-+ help
-+ If you say Y here, the entropy pools used for many features of Linux
-+ and grsecurity will be doubled in size. Since several grsecurity
-+ features use additional randomness, it is recommended that you say Y
-+ here. Saying Y here has a similar effect as modifying
-+ /proc/sys/kernel/random/poolsize.
-+
-+config GRKERNSEC_BLACKHOLE
-+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
-+ depends on NET
-+ help
-+ If you say Y here, neither TCP resets nor ICMP
-+ destination-unreachable packets will be sent in response to packets
-+ sent to ports for which no associated listening process exists.
-+ This feature supports both IPV4 and IPV6 and exempts the
-+ loopback interface from blackholing. Enabling this feature
-+ makes a host more resilient to DoS attacks and reduces network
-+ visibility against scanners.
-+
-+ The blackhole feature as-implemented is equivalent to the FreeBSD
-+ blackhole feature, as it prevents RST responses to all packets, not
-+ just SYNs. Under most application behavior this causes no
-+ problems, but applications (like haproxy) may not close certain
-+ connections in a way that cleanly terminates them on the remote
-+ end, leaving the remote host in LAST_ACK state. Because of this
-+ side-effect and to prevent intentional LAST_ACK DoSes, this
-+ feature also adds automatic mitigation against such attacks.
-+ The mitigation drastically reduces the amount of time a socket
-+ can spend in LAST_ACK state. If you're using haproxy and not
-+ all servers it connects to have this option enabled, consider
-+ disabling this feature on the haproxy host.
-+
-+ If the sysctl option is enabled, two sysctl options with names
-+ "ip_blackhole" and "lastack_retries" will be created.
-+ While "ip_blackhole" takes the standard zero/non-zero on/off
-+ toggle, "lastack_retries" uses the same kinds of values as
-+ "tcp_retries1" and "tcp_retries2". The default value of 4
-+ prevents a socket from lasting more than 45 seconds in LAST_ACK
-+ state.
-+
-+config GRKERNSEC_SOCKET
-+ bool "Socket restrictions"
-+ depends on NET
-+ help
-+ If you say Y here, you will be able to choose from several options.
-+ If you assign a GID on your system and add it to the supplementary
-+ groups of users you want to restrict socket access to, this patch
-+ will perform up to three things, based on the option(s) you choose.
-+
-+config GRKERNSEC_SOCKET_ALL
-+ bool "Deny any sockets to group"
-+ depends on GRKERNSEC_SOCKET
-+ help
-+ If you say Y here, you will be able to choose a GID of whose users will
-+ be unable to connect to other hosts from your machine or run server
-+ applications from your machine. If the sysctl option is enabled, a
-+ sysctl option with name "socket_all" is created.
-+
-+config GRKERNSEC_SOCKET_ALL_GID
-+ int "GID to deny all sockets for"
-+ depends on GRKERNSEC_SOCKET_ALL
-+ default 1004
-+ help
-+ Here you can choose the GID to disable socket access for. Remember to
-+ add the users you want socket access disabled for to the GID
-+ specified here. If the sysctl option is enabled, a sysctl option
-+ with name "socket_all_gid" is created.
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++#ifdef CONFIG_GRKERNSEC_RESLOG
++ {
++ .procname = "resource_logging",
++ .data = &grsec_resource_logging,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
++ {
++ .procname = "audit_ptrace",
++ .data = &grsec_enable_audit_ptrace,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
++ {
++ .procname = "harden_ptrace",
++ .data = &grsec_enable_harden_ptrace,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++ {
++ .procname = "grsec_lock",
++ .data = &grsec_lock,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
++#ifdef CONFIG_GRKERNSEC_ROFS
++ {
++ .procname = "romount_protect",
++ .data = &grsec_enable_rofs,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec_minmax,
++ .extra1 = &one,
++ .extra2 = &one,
++ },
++#endif
++ { }
++};
++#endif
+diff -urNp linux-3.0.7/grsecurity/grsec_time.c linux-3.0.7/grsecurity/grsec_time.c
+--- linux-3.0.7/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/grsec_time.c 2011-08-23 21:48:14.000000000 -0400
+@@ -0,0 +1,16 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/grinternal.h>
++#include <linux/module.h>
+
-+config GRKERNSEC_SOCKET_CLIENT
-+ bool "Deny client sockets to group"
-+ depends on GRKERNSEC_SOCKET
-+ help
-+ If you say Y here, you will be able to choose a GID of whose users will
-+ be unable to connect to other hosts from your machine, but will be
-+ able to run servers. If this option is enabled, all users in the group
-+ you specify will have to use passive mode when initiating ftp transfers
-+ from the shell on your machine. If the sysctl option is enabled, a
-+ sysctl option with name "socket_client" is created.
++void
++gr_log_timechange(void)
++{
++#ifdef CONFIG_GRKERNSEC_TIME
++ if (grsec_enable_time)
++ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
++#endif
++ return;
++}
+
-+config GRKERNSEC_SOCKET_CLIENT_GID
-+ int "GID to deny client sockets for"
-+ depends on GRKERNSEC_SOCKET_CLIENT
-+ default 1003
-+ help
-+ Here you can choose the GID to disable client socket access for.
-+ Remember to add the users you want client socket access disabled for to
-+ the GID specified here. If the sysctl option is enabled, a sysctl
-+ option with name "socket_client_gid" is created.
++EXPORT_SYMBOL(gr_log_timechange);
+diff -urNp linux-3.0.7/grsecurity/grsec_tpe.c linux-3.0.7/grsecurity/grsec_tpe.c
+--- linux-3.0.7/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/grsec_tpe.c 2011-08-23 21:48:14.000000000 -0400
+@@ -0,0 +1,39 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/grinternal.h>
+
-+config GRKERNSEC_SOCKET_SERVER
-+ bool "Deny server sockets to group"
-+ depends on GRKERNSEC_SOCKET
-+ help
-+ If you say Y here, you will be able to choose a GID of whose users will
-+ be unable to run server applications from your machine. If the sysctl
-+ option is enabled, a sysctl option with name "socket_server" is created.
++extern int gr_acl_tpe_check(void);
+
-+config GRKERNSEC_SOCKET_SERVER_GID
-+ int "GID to deny server sockets for"
-+ depends on GRKERNSEC_SOCKET_SERVER
-+ default 1002
-+ help
-+ Here you can choose the GID to disable server socket access for.
-+ Remember to add the users you want server socket access disabled for to
-+ the GID specified here. If the sysctl option is enabled, a sysctl
-+ option with name "socket_server_gid" is created.
++int
++gr_tpe_allow(const struct file *file)
++{
++#ifdef CONFIG_GRKERNSEC
++ struct inode *inode = file->f_path.dentry->d_parent->d_inode;
++ const struct cred *cred = current_cred();
+
-+endmenu
-+menu "Sysctl support"
-+depends on GRKERNSEC && SYSCTL
++ if (cred->uid && ((grsec_enable_tpe &&
++#ifdef CONFIG_GRKERNSEC_TPE_INVERT
++ ((grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid)) ||
++ (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid)))
++#else
++ in_group_p(grsec_tpe_gid)
++#endif
++ ) || gr_acl_tpe_check()) &&
++ (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
++ (inode->i_mode & S_IWOTH))))) {
++ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
++ return 0;
++ }
++#ifdef CONFIG_GRKERNSEC_TPE_ALL
++ if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
++ ((inode->i_uid && (inode->i_uid != cred->uid)) ||
++ (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
++ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
++ return 0;
++ }
++#endif
++#endif
++ return 1;
++}
+diff -urNp linux-3.0.7/grsecurity/grsum.c linux-3.0.7/grsecurity/grsum.c
+--- linux-3.0.7/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/grsecurity/grsum.c 2011-08-23 21:48:14.000000000 -0400
+@@ -0,0 +1,61 @@
++#include <linux/err.h>
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/scatterlist.h>
++#include <linux/crypto.h>
++#include <linux/gracl.h>
+
-+config GRKERNSEC_SYSCTL
-+ bool "Sysctl support"
-+ help
-+ If you say Y here, you will be able to change the options that
-+ grsecurity runs with at bootup, without having to recompile your
-+ kernel. You can echo values to files in /proc/sys/kernel/grsecurity
-+ to enable (1) or disable (0) various features. All the sysctl entries
-+ are mutable until the "grsec_lock" entry is set to a non-zero value.
-+ All features enabled in the kernel configuration are disabled at boot
-+ if you do not say Y to the "Turn on features by default" option.
-+ All options should be set at startup, and the grsec_lock entry should
-+ be set to a non-zero value after all the options are set.
-+ *THIS IS EXTREMELY IMPORTANT*
+
-+config GRKERNSEC_SYSCTL_DISTRO
-+ bool "Extra sysctl support for distro makers (READ HELP)"
-+ depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO
-+ help
-+ If you say Y here, additional sysctl options will be created
-+ for features that affect processes running as root. Therefore,
-+ it is critical when using this option that the grsec_lock entry be
-+ enabled after boot. Only distros with prebuilt kernel packages
-+ with this option enabled that can ensure grsec_lock is enabled
-+ after boot should use this option.
-+ *Failure to set grsec_lock after boot makes all grsec features
-+ this option covers useless*
++#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
++#error "crypto and sha256 must be built into the kernel"
++#endif
+
-+ Currently this option creates the following sysctl entries:
-+ "Disable Privileged I/O": "disable_priv_io"
++int
++chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
++{
++ char *p;
++ struct crypto_hash *tfm;
++ struct hash_desc desc;
++ struct scatterlist sg;
++ unsigned char temp_sum[GR_SHA_LEN];
++ volatile int retval = 0;
++ volatile int dummy = 0;
++ unsigned int i;
+
-+config GRKERNSEC_SYSCTL_ON
-+ bool "Turn on features by default"
-+ depends on GRKERNSEC_SYSCTL
-+ help
-+ If you say Y here, instead of having all features enabled in the
-+ kernel configuration disabled at boot time, the features will be
-+ enabled at boot time. It is recommended you say Y here unless
-+ there is some reason you would want all sysctl-tunable features to
-+ be disabled by default. As mentioned elsewhere, it is important
-+ to enable the grsec_lock entry once you have finished modifying
-+ the sysctl entries.
++ sg_init_table(&sg, 1);
+
-+endmenu
-+menu "Logging Options"
-+depends on GRKERNSEC
++ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
++ if (IS_ERR(tfm)) {
++ /* should never happen, since sha256 should be built in */
++ return 1;
++ }
+
-+config GRKERNSEC_FLOODTIME
-+ int "Seconds in between log messages (minimum)"
-+ default 10
-+ help
-+ This option allows you to enforce the number of seconds between
-+ grsecurity log messages. The default should be suitable for most
-+ people, however, if you choose to change it, choose a value small enough
-+ to allow informative logs to be produced, but large enough to
-+ prevent flooding.
++ desc.tfm = tfm;
++ desc.flags = 0;
+
-+config GRKERNSEC_FLOODBURST
-+ int "Number of messages in a burst (maximum)"
-+ default 6
-+ help
-+ This option allows you to choose the maximum number of messages allowed
-+ within the flood time interval you chose in a separate option. The
-+ default should be suitable for most people, however if you find that
-+ many of your logs are being interpreted as flooding, you may want to
-+ raise this value.
++ crypto_hash_init(&desc);
+
-+endmenu
++ p = salt;
++ sg_set_buf(&sg, p, GR_SALT_LEN);
++ crypto_hash_update(&desc, &sg, sg.length);
+
-+endmenu
-diff -urNp linux-3.0.7/grsecurity/Makefile linux-3.0.7/grsecurity/Makefile
---- linux-3.0.7/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/grsecurity/Makefile 2011-10-17 06:45:43.000000000 -0400
-@@ -0,0 +1,36 @@
-+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
-+# during 2001-2009 it has been completely redesigned by Brad Spengler
-+# into an RBAC system
-+#
-+# All code in this directory and various hooks inserted throughout the kernel
-+# are copyright Brad Spengler - Open Source Security, Inc., and released
-+# under the GPL v2 or higher
++ p = entry->pw;
++ sg_set_buf(&sg, p, strlen(p));
++
++ crypto_hash_update(&desc, &sg, sg.length);
+
-+obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
-+ grsec_mount.o grsec_sig.o grsec_sysctl.o \
-+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
++ crypto_hash_final(&desc, temp_sum);
+
-+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
-+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
-+ gracl_learn.o grsec_log.o
-+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
++ memset(entry->pw, 0, GR_PW_LEN);
+
-+ifdef CONFIG_NET
-+obj-y += grsec_sock.o
-+obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
-+endif
++ for (i = 0; i < GR_SHA_LEN; i++)
++ if (sum[i] != temp_sum[i])
++ retval = 1;
++ else
++ dummy = 1; // waste a cycle
+
-+ifndef CONFIG_GRKERNSEC
-+obj-y += grsec_disabled.o
-+endif
++ crypto_free_hash(tfm);
+
-+ifdef CONFIG_GRKERNSEC_HIDESYM
-+extra-y := grsec_hidesym.o
-+$(obj)/grsec_hidesym.o:
-+ @-chmod -f 500 /boot
-+ @-chmod -f 500 /lib/modules
-+ @-chmod -f 500 /lib64/modules
-+ @-chmod -f 500 /lib32/modules
-+ @-chmod -f 700 .
-+ @echo ' grsec: protected kernel image paths'
-+endif
++ return retval;
++}
diff -urNp linux-3.0.7/include/acpi/acpi_bus.h linux-3.0.7/include/acpi/acpi_bus.h
--- linux-3.0.7/include/acpi/acpi_bus.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/acpi/acpi_bus.h 2011-08-23 21:47:56.000000000 -0400
};
#undef KMAP_D
-diff -urNp linux-3.0.7/include/asm-generic/pgtable.h linux-3.0.7/include/asm-generic/pgtable.h
---- linux-3.0.7/include/asm-generic/pgtable.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/include/asm-generic/pgtable.h 2011-08-23 21:47:56.000000000 -0400
-@@ -443,6 +443,14 @@ static inline int pmd_write(pmd_t pmd)
- #endif /* __HAVE_ARCH_PMD_WRITE */
- #endif
-
-+#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
-+static inline unsigned long pax_open_kernel(void) { return 0; }
-+#endif
-+
-+#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
-+static inline unsigned long pax_close_kernel(void) { return 0; }
-+#endif
-+
- #endif /* !__ASSEMBLY__ */
-
- #endif /* _ASM_GENERIC_PGTABLE_H */
diff -urNp linux-3.0.7/include/asm-generic/pgtable-nopmd.h linux-3.0.7/include/asm-generic/pgtable-nopmd.h
--- linux-3.0.7/include/asm-generic/pgtable-nopmd.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/asm-generic/pgtable-nopmd.h 2011-08-23 21:47:56.000000000 -0400
/*
* The "pgd_xxx()" functions here are trivial for a folded two-level
* setup: the pud is never bad, and a pud always exists (as it's folded
+diff -urNp linux-3.0.7/include/asm-generic/pgtable.h linux-3.0.7/include/asm-generic/pgtable.h
+--- linux-3.0.7/include/asm-generic/pgtable.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/include/asm-generic/pgtable.h 2011-08-23 21:47:56.000000000 -0400
+@@ -443,6 +443,14 @@ static inline int pmd_write(pmd_t pmd)
+ #endif /* __HAVE_ARCH_PMD_WRITE */
+ #endif
+
++#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
++static inline unsigned long pax_open_kernel(void) { return 0; }
++#endif
++
++#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
++static inline unsigned long pax_close_kernel(void) { return 0; }
++#endif
++
+ #endif /* !__ASSEMBLY__ */
+
+ #endif /* _ASM_GENERIC_PGTABLE_H */
diff -urNp linux-3.0.7/include/asm-generic/vmlinux.lds.h linux-3.0.7/include/asm-generic/vmlinux.lds.h
--- linux-3.0.7/include/asm-generic/vmlinux.lds.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/asm-generic/vmlinux.lds.h 2011-08-23 21:47:56.000000000 -0400
/**
* PERCPU_SECTION - define output section for percpu area, simple version
-diff -urNp linux-3.0.7/include/drm/drm_crtc_helper.h linux-3.0.7/include/drm/drm_crtc_helper.h
---- linux-3.0.7/include/drm/drm_crtc_helper.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/include/drm/drm_crtc_helper.h 2011-08-23 21:47:56.000000000 -0400
-@@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs {
-
- /* disable crtc when not in use - more explicit than dpms off */
- void (*disable)(struct drm_crtc *crtc);
--};
-+} __no_const;
-
- struct drm_encoder_helper_funcs {
- void (*dpms)(struct drm_encoder *encoder, int mode);
-@@ -95,7 +95,7 @@ struct drm_encoder_helper_funcs {
- struct drm_connector *connector);
- /* disable encoder when not in use - more explicit than dpms off */
- void (*disable)(struct drm_encoder *encoder);
--};
-+} __no_const;
-
- struct drm_connector_helper_funcs {
- int (*get_modes)(struct drm_connector *connector);
diff -urNp linux-3.0.7/include/drm/drmP.h linux-3.0.7/include/drm/drmP.h
--- linux-3.0.7/include/drm/drmP.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/drm/drmP.h 2011-08-23 21:47:56.000000000 -0400
/*@} */
struct list_head filelist;
+diff -urNp linux-3.0.7/include/drm/drm_crtc_helper.h linux-3.0.7/include/drm/drm_crtc_helper.h
+--- linux-3.0.7/include/drm/drm_crtc_helper.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/include/drm/drm_crtc_helper.h 2011-08-23 21:47:56.000000000 -0400
+@@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs {
+
+ /* disable crtc when not in use - more explicit than dpms off */
+ void (*disable)(struct drm_crtc *crtc);
+-};
++} __no_const;
+
+ struct drm_encoder_helper_funcs {
+ void (*dpms)(struct drm_encoder *encoder, int mode);
+@@ -95,7 +95,7 @@ struct drm_encoder_helper_funcs {
+ struct drm_connector *connector);
+ /* disable encoder when not in use - more explicit than dpms off */
+ void (*disable)(struct drm_encoder *encoder);
+-};
++} __no_const;
+
+ struct drm_connector_helper_funcs {
+ int (*get_modes)(struct drm_connector *connector);
diff -urNp linux-3.0.7/include/drm/ttm/ttm_memory.h linux-3.0.7/include/drm/ttm/ttm_memory.h
--- linux-3.0.7/include/drm/ttm/ttm_memory.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/drm/ttm/ttm_memory.h 2011-08-23 21:47:56.000000000 -0400
void *callback_data;
};
-diff -urNp linux-3.0.7/include/linux/fscache-cache.h linux-3.0.7/include/linux/fscache-cache.h
---- linux-3.0.7/include/linux/fscache-cache.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/include/linux/fscache-cache.h 2011-08-23 21:47:56.000000000 -0400
-@@ -102,7 +102,7 @@ struct fscache_operation {
- fscache_operation_release_t release;
- };
-
--extern atomic_t fscache_op_debug_id;
-+extern atomic_unchecked_t fscache_op_debug_id;
- extern void fscache_op_work_func(struct work_struct *work);
-
- extern void fscache_enqueue_operation(struct fscache_operation *);
-@@ -122,7 +122,7 @@ static inline void fscache_operation_ini
- {
- INIT_WORK(&op->work, fscache_op_work_func);
- atomic_set(&op->usage, 1);
-- op->debug_id = atomic_inc_return(&fscache_op_debug_id);
-+ op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id);
- op->processor = processor;
- op->release = release;
- INIT_LIST_HEAD(&op->pend_link);
diff -urNp linux-3.0.7/include/linux/fs.h linux-3.0.7/include/linux/fs.h
--- linux-3.0.7/include/linux/fs.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/fs.h 2011-08-26 19:49:56.000000000 -0400
#define IPERM_FLAG_RCU 0x0001
-diff -urNp linux-3.0.7/include/linux/fsnotify.h linux-3.0.7/include/linux/fsnotify.h
---- linux-3.0.7/include/linux/fsnotify.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/include/linux/fsnotify.h 2011-08-24 18:10:29.000000000 -0400
-@@ -314,7 +314,7 @@ static inline void fsnotify_change(struc
- */
- static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name)
- {
-- return kstrdup(name, GFP_KERNEL);
-+ return (const unsigned char *)kstrdup((const char *)name, GFP_KERNEL);
- }
-
- /*
diff -urNp linux-3.0.7/include/linux/fs_struct.h linux-3.0.7/include/linux/fs_struct.h
--- linux-3.0.7/include/linux/fs_struct.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/fs_struct.h 2011-08-23 21:47:56.000000000 -0400
spinlock_t lock;
seqcount_t seq;
int umask;
+diff -urNp linux-3.0.7/include/linux/fscache-cache.h linux-3.0.7/include/linux/fscache-cache.h
+--- linux-3.0.7/include/linux/fscache-cache.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/include/linux/fscache-cache.h 2011-08-23 21:47:56.000000000 -0400
+@@ -102,7 +102,7 @@ struct fscache_operation {
+ fscache_operation_release_t release;
+ };
+
+-extern atomic_t fscache_op_debug_id;
++extern atomic_unchecked_t fscache_op_debug_id;
+ extern void fscache_op_work_func(struct work_struct *work);
+
+ extern void fscache_enqueue_operation(struct fscache_operation *);
+@@ -122,7 +122,7 @@ static inline void fscache_operation_ini
+ {
+ INIT_WORK(&op->work, fscache_op_work_func);
+ atomic_set(&op->usage, 1);
+- op->debug_id = atomic_inc_return(&fscache_op_debug_id);
++ op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id);
+ op->processor = processor;
+ op->release = release;
+ INIT_LIST_HEAD(&op->pend_link);
+diff -urNp linux-3.0.7/include/linux/fsnotify.h linux-3.0.7/include/linux/fsnotify.h
+--- linux-3.0.7/include/linux/fsnotify.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/include/linux/fsnotify.h 2011-08-24 18:10:29.000000000 -0400
+@@ -314,7 +314,7 @@ static inline void fsnotify_change(struc
+ */
+ static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name)
+ {
+- return kstrdup(name, GFP_KERNEL);
++ return (const unsigned char *)kstrdup((const char *)name, GFP_KERNEL);
+ }
+
+ /*
diff -urNp linux-3.0.7/include/linux/ftrace_event.h linux-3.0.7/include/linux/ftrace_event.h
--- linux-3.0.7/include/linux/ftrace_event.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/ftrace_event.h 2011-08-23 21:47:56.000000000 -0400
+#endif
diff -urNp linux-3.0.7/include/linux/grinternal.h linux-3.0.7/include/linux/grinternal.h
--- linux-3.0.7/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/include/linux/grinternal.h 2011-10-17 00:25:19.000000000 -0400
-@@ -0,0 +1,219 @@
++++ linux-3.0.7/include/linux/grinternal.h 2011-10-20 00:47:28.000000000 -0400
+@@ -0,0 +1,220 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
+
+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
-+ CAP_TO_MASK(CAP_IPC_OWNER) , CAP_TO_MASK(CAP_SYSLOG) }}
++ CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
++ CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
+
+#define security_learn(normal_msg,args...) \
+({ \
#define SEQ_SKIP 1
-diff -urNp linux-3.0.7/include/linux/shmem_fs.h linux-3.0.7/include/linux/shmem_fs.h
---- linux-3.0.7/include/linux/shmem_fs.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/include/linux/shmem_fs.h 2011-08-23 21:47:56.000000000 -0400
-@@ -10,7 +10,7 @@
-
- #define SHMEM_NR_DIRECT 16
-
--#define SHMEM_SYMLINK_INLINE_LEN (SHMEM_NR_DIRECT * sizeof(swp_entry_t))
-+#define SHMEM_SYMLINK_INLINE_LEN 64
-
- struct shmem_inode_info {
- spinlock_t lock;
diff -urNp linux-3.0.7/include/linux/shm.h linux-3.0.7/include/linux/shm.h
--- linux-3.0.7/include/linux/shm.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/shm.h 2011-08-23 21:48:14.000000000 -0400
};
/* shm_mode upper byte flags */
+diff -urNp linux-3.0.7/include/linux/shmem_fs.h linux-3.0.7/include/linux/shmem_fs.h
+--- linux-3.0.7/include/linux/shmem_fs.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/include/linux/shmem_fs.h 2011-08-23 21:47:56.000000000 -0400
+@@ -10,7 +10,7 @@
+
+ #define SHMEM_NR_DIRECT 16
+
+-#define SHMEM_SYMLINK_INLINE_LEN (SHMEM_NR_DIRECT * sizeof(swp_entry_t))
++#define SHMEM_SYMLINK_INLINE_LEN 64
+
+ struct shmem_inode_info {
+ spinlock_t lock;
diff -urNp linux-3.0.7/include/linux/skbuff.h linux-3.0.7/include/linux/skbuff.h
--- linux-3.0.7/include/linux/skbuff.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/skbuff.h 2011-08-23 21:47:56.000000000 -0400
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-diff -urNp linux-3.0.7/include/linux/slab_def.h linux-3.0.7/include/linux/slab_def.h
---- linux-3.0.7/include/linux/slab_def.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/include/linux/slab_def.h 2011-08-23 21:47:56.000000000 -0400
-@@ -96,10 +96,10 @@ struct kmem_cache {
- unsigned long node_allocs;
- unsigned long node_frees;
- unsigned long node_overflow;
-- atomic_t allochit;
-- atomic_t allocmiss;
-- atomic_t freehit;
-- atomic_t freemiss;
-+ atomic_unchecked_t allochit;
-+ atomic_unchecked_t allocmiss;
-+ atomic_unchecked_t freehit;
-+ atomic_unchecked_t freemiss;
-
- /*
- * If debugging is enabled, then the allocator can add additional
diff -urNp linux-3.0.7/include/linux/slab.h linux-3.0.7/include/linux/slab.h
--- linux-3.0.7/include/linux/slab.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/slab.h 2011-08-23 21:47:56.000000000 -0400
+})
+
#endif /* _LINUX_SLAB_H */
+diff -urNp linux-3.0.7/include/linux/slab_def.h linux-3.0.7/include/linux/slab_def.h
+--- linux-3.0.7/include/linux/slab_def.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/include/linux/slab_def.h 2011-08-23 21:47:56.000000000 -0400
+@@ -96,10 +96,10 @@ struct kmem_cache {
+ unsigned long node_allocs;
+ unsigned long node_frees;
+ unsigned long node_overflow;
+- atomic_t allochit;
+- atomic_t allocmiss;
+- atomic_t freehit;
+- atomic_t freemiss;
++ atomic_unchecked_t allochit;
++ atomic_unchecked_t allocmiss;
++ atomic_unchecked_t freehit;
++ atomic_unchecked_t freemiss;
+
+ /*
+ * If debugging is enabled, then the allocator can add additional
diff -urNp linux-3.0.7/include/linux/slub_def.h linux-3.0.7/include/linux/slub_def.h
--- linux-3.0.7/include/linux/slub_def.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/include/linux/slub_def.h 2011-08-23 21:47:56.000000000 -0400
void *pmi_start;
void *pmi_pal;
u8 *vbe_state_orig; /*
+diff -urNp linux-3.0.7/init/Kconfig linux-3.0.7/init/Kconfig
+--- linux-3.0.7/init/Kconfig 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/init/Kconfig 2011-08-23 21:47:56.000000000 -0400
+@@ -1195,7 +1195,7 @@ config SLUB_DEBUG
+
+ config COMPAT_BRK
+ bool "Disable heap randomization"
+- default y
++ default n
+ help
+ Randomizing heap placement makes heap exploits harder, but it
+ also breaks ancient binaries (including anything libc5 based).
diff -urNp linux-3.0.7/init/do_mounts.c linux-3.0.7/init/do_mounts.c
--- linux-3.0.7/init/do_mounts.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/init/do_mounts.c 2011-10-06 04:17:55.000000000 -0400
state = SkipIt;
next_state = Reset;
return 0;
-diff -urNp linux-3.0.7/init/Kconfig linux-3.0.7/init/Kconfig
---- linux-3.0.7/init/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/init/Kconfig 2011-08-23 21:47:56.000000000 -0400
-@@ -1195,7 +1195,7 @@ config SLUB_DEBUG
-
- config COMPAT_BRK
- bool "Disable heap randomization"
-- default y
-+ default n
- help
- Randomizing heap placement makes heap exploits harder, but it
- also breaks ancient binaries (including anything libc5 based).
diff -urNp linux-3.0.7/init/main.c linux-3.0.7/init/main.c
--- linux-3.0.7/init/main.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/init/main.c 2011-10-06 04:17:55.000000000 -0400
mod = NULL;
}
return mod;
-diff -urNp linux-3.0.7/kernel/mutex.c linux-3.0.7/kernel/mutex.c
---- linux-3.0.7/kernel/mutex.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/kernel/mutex.c 2011-08-23 21:47:56.000000000 -0400
-@@ -198,7 +198,7 @@ __mutex_lock_common(struct mutex *lock,
- spin_lock_mutex(&lock->wait_lock, flags);
-
- debug_mutex_lock_common(lock, &waiter);
-- debug_mutex_add_waiter(lock, &waiter, task_thread_info(task));
-+ debug_mutex_add_waiter(lock, &waiter, task);
-
- /* add waiting tasks to the end of the waitqueue (FIFO): */
- list_add_tail(&waiter.list, &lock->wait_list);
-@@ -227,8 +227,7 @@ __mutex_lock_common(struct mutex *lock,
- * TASK_UNINTERRUPTIBLE case.)
- */
- if (unlikely(signal_pending_state(state, task))) {
-- mutex_remove_waiter(lock, &waiter,
-- task_thread_info(task));
-+ mutex_remove_waiter(lock, &waiter, task);
- mutex_release(&lock->dep_map, 1, ip);
- spin_unlock_mutex(&lock->wait_lock, flags);
-
-@@ -249,7 +248,7 @@ __mutex_lock_common(struct mutex *lock,
- done:
- lock_acquired(&lock->dep_map, ip);
- /* got the lock - rejoice! */
-- mutex_remove_waiter(lock, &waiter, current_thread_info());
-+ mutex_remove_waiter(lock, &waiter, task);
- mutex_set_owner(lock);
-
- /* set it to 0 if there are no waiters left: */
diff -urNp linux-3.0.7/kernel/mutex-debug.c linux-3.0.7/kernel/mutex-debug.c
--- linux-3.0.7/kernel/mutex-debug.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/kernel/mutex-debug.c 2011-08-23 21:47:56.000000000 -0400
extern void debug_mutex_unlock(struct mutex *lock);
extern void debug_mutex_init(struct mutex *lock, const char *name,
struct lock_class_key *key);
+diff -urNp linux-3.0.7/kernel/mutex.c linux-3.0.7/kernel/mutex.c
+--- linux-3.0.7/kernel/mutex.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/kernel/mutex.c 2011-08-23 21:47:56.000000000 -0400
+@@ -198,7 +198,7 @@ __mutex_lock_common(struct mutex *lock,
+ spin_lock_mutex(&lock->wait_lock, flags);
+
+ debug_mutex_lock_common(lock, &waiter);
+- debug_mutex_add_waiter(lock, &waiter, task_thread_info(task));
++ debug_mutex_add_waiter(lock, &waiter, task);
+
+ /* add waiting tasks to the end of the waitqueue (FIFO): */
+ list_add_tail(&waiter.list, &lock->wait_list);
+@@ -227,8 +227,7 @@ __mutex_lock_common(struct mutex *lock,
+ * TASK_UNINTERRUPTIBLE case.)
+ */
+ if (unlikely(signal_pending_state(state, task))) {
+- mutex_remove_waiter(lock, &waiter,
+- task_thread_info(task));
++ mutex_remove_waiter(lock, &waiter, task);
+ mutex_release(&lock->dep_map, 1, ip);
+ spin_unlock_mutex(&lock->wait_lock, flags);
+
+@@ -249,7 +248,7 @@ __mutex_lock_common(struct mutex *lock,
+ done:
+ lock_acquired(&lock->dep_map, ip);
+ /* got the lock - rejoice! */
+- mutex_remove_waiter(lock, &waiter, current_thread_info());
++ mutex_remove_waiter(lock, &waiter, task);
+ mutex_set_owner(lock);
+
+ /* set it to 0 if there are no waiters left: */
diff -urNp linux-3.0.7/kernel/padata.c linux-3.0.7/kernel/padata.c
--- linux-3.0.7/kernel/padata.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/kernel/padata.c 2011-08-23 21:47:56.000000000 -0400
return;
default:
-diff -urNp linux-3.0.7/kernel/sched_autogroup.c linux-3.0.7/kernel/sched_autogroup.c
---- linux-3.0.7/kernel/sched_autogroup.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/kernel/sched_autogroup.c 2011-08-23 21:47:56.000000000 -0400
-@@ -7,7 +7,7 @@
-
- unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
- static struct autogroup autogroup_default;
--static atomic_t autogroup_seq_nr;
-+static atomic_unchecked_t autogroup_seq_nr;
-
- static void __init autogroup_init(struct task_struct *init_task)
- {
-@@ -78,7 +78,7 @@ static inline struct autogroup *autogrou
-
- kref_init(&ag->kref);
- init_rwsem(&ag->lock);
-- ag->id = atomic_inc_return(&autogroup_seq_nr);
-+ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
- ag->tg = tg;
- #ifdef CONFIG_RT_GROUP_SCHED
- /*
diff -urNp linux-3.0.7/kernel/sched.c linux-3.0.7/kernel/sched.c
--- linux-3.0.7/kernel/sched.c 2011-10-17 23:17:09.000000000 -0400
+++ linux-3.0.7/kernel/sched.c 2011-10-17 23:17:19.000000000 -0400
/* can't set/change the rt policy */
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
+diff -urNp linux-3.0.7/kernel/sched_autogroup.c linux-3.0.7/kernel/sched_autogroup.c
+--- linux-3.0.7/kernel/sched_autogroup.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/kernel/sched_autogroup.c 2011-08-23 21:47:56.000000000 -0400
+@@ -7,7 +7,7 @@
+
+ unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
+ static struct autogroup autogroup_default;
+-static atomic_t autogroup_seq_nr;
++static atomic_unchecked_t autogroup_seq_nr;
+
+ static void __init autogroup_init(struct task_struct *init_task)
+ {
+@@ -78,7 +78,7 @@ static inline struct autogroup *autogrou
+
+ kref_init(&ag->kref);
+ init_rwsem(&ag->lock);
+- ag->id = atomic_inc_return(&autogroup_seq_nr);
++ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
+ ag->tg = tg;
+ #ifdef CONFIG_RT_GROUP_SCHED
+ /*
diff -urNp linux-3.0.7/kernel/sched_fair.c linux-3.0.7/kernel/sched_fair.c
--- linux-3.0.7/kernel/sched_fair.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/kernel/sched_fair.c 2011-08-23 21:47:56.000000000 -0400
error = -EINVAL;
break;
}
-diff -urNp linux-3.0.7/kernel/sysctl_binary.c linux-3.0.7/kernel/sysctl_binary.c
---- linux-3.0.7/kernel/sysctl_binary.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/kernel/sysctl_binary.c 2011-10-06 04:17:55.000000000 -0400
-@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *f
- int i;
-
- set_fs(KERNEL_DS);
-- result = vfs_read(file, buffer, BUFSZ - 1, &pos);
-+ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out_kfree;
-@@ -1034,7 +1034,7 @@ static ssize_t bin_intvec(struct file *f
- }
-
- set_fs(KERNEL_DS);
-- result = vfs_write(file, buffer, str - buffer, &pos);
-+ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out_kfree;
-@@ -1067,7 +1067,7 @@ static ssize_t bin_ulongvec(struct file
- int i;
-
- set_fs(KERNEL_DS);
-- result = vfs_read(file, buffer, BUFSZ - 1, &pos);
-+ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out_kfree;
-@@ -1112,7 +1112,7 @@ static ssize_t bin_ulongvec(struct file
- }
-
- set_fs(KERNEL_DS);
-- result = vfs_write(file, buffer, str - buffer, &pos);
-+ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out_kfree;
-@@ -1138,7 +1138,7 @@ static ssize_t bin_uuid(struct file *fil
- int i;
-
- set_fs(KERNEL_DS);
-- result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
-+ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out;
-@@ -1185,7 +1185,7 @@ static ssize_t bin_dn_node_address(struc
- __le16 dnaddr;
-
- set_fs(KERNEL_DS);
-- result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
-+ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out;
-@@ -1233,7 +1233,7 @@ static ssize_t bin_dn_node_address(struc
- le16_to_cpu(dnaddr) & 0x3ff);
-
- set_fs(KERNEL_DS);
-- result = vfs_write(file, buf, len, &pos);
-+ result = vfs_write(file, (const char __force_user *)buf, len, &pos);
- set_fs(old_fs);
- if (result < 0)
- goto out;
diff -urNp linux-3.0.7/kernel/sysctl.c linux-3.0.7/kernel/sysctl.c
--- linux-3.0.7/kernel/sysctl.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/kernel/sysctl.c 2011-08-23 21:48:14.000000000 -0400
EXPORT_SYMBOL(proc_doulongvec_minmax);
EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
EXPORT_SYMBOL(register_sysctl_table);
+diff -urNp linux-3.0.7/kernel/sysctl_binary.c linux-3.0.7/kernel/sysctl_binary.c
+--- linux-3.0.7/kernel/sysctl_binary.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/kernel/sysctl_binary.c 2011-10-06 04:17:55.000000000 -0400
+@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *f
+ int i;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buffer, BUFSZ - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1034,7 +1034,7 @@ static ssize_t bin_intvec(struct file *f
+ }
+
+ set_fs(KERNEL_DS);
+- result = vfs_write(file, buffer, str - buffer, &pos);
++ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1067,7 +1067,7 @@ static ssize_t bin_ulongvec(struct file
+ int i;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buffer, BUFSZ - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1112,7 +1112,7 @@ static ssize_t bin_ulongvec(struct file
+ }
+
+ set_fs(KERNEL_DS);
+- result = vfs_write(file, buffer, str - buffer, &pos);
++ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out_kfree;
+@@ -1138,7 +1138,7 @@ static ssize_t bin_uuid(struct file *fil
+ int i;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out;
+@@ -1185,7 +1185,7 @@ static ssize_t bin_dn_node_address(struc
+ __le16 dnaddr;
+
+ set_fs(KERNEL_DS);
+- result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
++ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out;
+@@ -1233,7 +1233,7 @@ static ssize_t bin_dn_node_address(struc
+ le16_to_cpu(dnaddr) & 0x3ff);
+
+ set_fs(KERNEL_DS);
+- result = vfs_write(file, buf, len, &pos);
++ result = vfs_write(file, (const char __force_user *)buf, len, &pos);
+ set_fs(old_fs);
+ if (result < 0)
+ goto out;
diff -urNp linux-3.0.7/kernel/sysctl_check.c linux-3.0.7/kernel/sysctl_check.c
--- linux-3.0.7/kernel/sysctl_check.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/kernel/sysctl_check.c 2011-08-23 21:48:14.000000000 -0400
tsk->comm);
put_task_struct(tsk);
}
+diff -urNp linux-3.0.7/lib/Kconfig.debug linux-3.0.7/lib/Kconfig.debug
+--- linux-3.0.7/lib/Kconfig.debug 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/lib/Kconfig.debug 2011-08-23 21:48:14.000000000 -0400
+@@ -1088,6 +1088,7 @@ config LATENCYTOP
+ depends on DEBUG_KERNEL
+ depends on STACKTRACE_SUPPORT
+ depends on PROC_FS
++ depends on !GRKERNSEC_HIDESYM
+ select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE
+ select KALLSYMS
+ select KALLSYMS_ALL
diff -urNp linux-3.0.7/lib/bitmap.c linux-3.0.7/lib/bitmap.c
--- linux-3.0.7/lib/bitmap.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/lib/bitmap.c 2011-10-06 04:17:55.000000000 -0400
#define free(a) kfree(a)
#endif
-diff -urNp linux-3.0.7/lib/Kconfig.debug linux-3.0.7/lib/Kconfig.debug
---- linux-3.0.7/lib/Kconfig.debug 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/lib/Kconfig.debug 2011-08-23 21:48:14.000000000 -0400
-@@ -1088,6 +1088,7 @@ config LATENCYTOP
- depends on DEBUG_KERNEL
- depends on STACKTRACE_SUPPORT
- depends on PROC_FS
-+ depends on !GRKERNSEC_HIDESYM
- select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE
- select KALLSYMS
- select KALLSYMS_ALL
diff -urNp linux-3.0.7/lib/kref.c linux-3.0.7/lib/kref.c
--- linux-3.0.7/lib/kref.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/lib/kref.c 2011-08-23 21:47:56.000000000 -0400
+++ linux-3.0.7/localversion-grsec 2011-08-23 21:48:14.000000000 -0400
@@ -0,0 +1 @@
+-grsec
-diff -urNp linux-3.0.7/Makefile linux-3.0.7/Makefile
---- linux-3.0.7/Makefile 2011-10-17 23:17:08.000000000 -0400
-+++ linux-3.0.7/Makefile 2011-10-17 23:17:19.000000000 -0400
-@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
-
- HOSTCC = gcc
- HOSTCXX = g++
--HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
--HOSTCXXFLAGS = -O2
-+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
-+HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
-+HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
-
- # Decide whether to build built-in, modular, or both.
- # Normally, just do built-in.
-@@ -365,10 +366,12 @@ LINUXINCLUDE := -I$(srctree)/arch/$(h
- KBUILD_CPPFLAGS := -D__KERNEL__
-
- KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-+ -W -Wno-unused-parameter -Wno-missing-field-initializers \
- -fno-strict-aliasing -fno-common \
- -Werror-implicit-function-declaration \
- -Wno-format-security \
- -fno-delete-null-pointer-checks
-+KBUILD_CFLAGS += $(call cc-option, -Wno-empty-body)
- KBUILD_AFLAGS_KERNEL :=
- KBUILD_CFLAGS_KERNEL :=
- KBUILD_AFLAGS := -D__ASSEMBLY__
-@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS
- # Rules shared between *config targets and build targets
-
- # Basic helpers built in scripts/
--PHONY += scripts_basic
--scripts_basic:
-+PHONY += scripts_basic gcc-plugins
-+scripts_basic: gcc-plugins
- $(Q)$(MAKE) $(build)=scripts/basic
- $(Q)rm -f .tmp_quiet_recordmcount
-
-@@ -564,6 +567,36 @@ else
- KBUILD_CFLAGS += -O2
- endif
-
-+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
-+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
-+ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -fplugin-arg-stackleak_plugin-track-lowest-sp=100
-+endif
-+ifdef CONFIG_KALLOCSTAT_PLUGIN
-+KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
-+endif
-+ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
-+endif
-+ifdef CONFIG_CHECKER_PLUGIN
-+ifeq ($(call cc-ifversion, -ge, 0406, y), y)
-+CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
-+endif
-+endif
-+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
-+gcc-plugins:
-+ $(Q)$(MAKE) $(build)=tools/gcc
-+else
-+gcc-plugins:
-+ifeq ($(call cc-ifversion, -ge, 0405, y), y)
-+ $(error Your gcc installation does not support plugins. If the necessary headers for plugin support are missing, they should be installed. On Debian, apt-get install gcc-<ver>-plugin-dev.))
-+else
-+ $(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least"
-+endif
-+ $(Q)echo "PAX_MEMORY_STACKLEAK and constification will be less secure"
-+endif
-+
- include $(srctree)/arch/$(SRCARCH)/Makefile
-
- ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +741,7 @@ export mod_strip_cmd
-
-
- ifeq ($(KBUILD_EXTMOD),)
--core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
-
- vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
- $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +965,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
-
- # The actual objects are generated when descending,
- # make sure no implicit rule kicks in
-+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS)
- $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
-
- # Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +975,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
- # Error messages still appears in the original language
-
- PHONY += $(vmlinux-dirs)
--$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): gcc-plugins prepare scripts
- $(Q)$(MAKE) $(build)=$@
-
- # Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -986,6 +1020,7 @@ prepare0: archprepare FORCE
- $(Q)$(MAKE) $(build)=. missing-syscalls
-
- # All the preparing..
-+prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS))
- prepare: prepare0
-
- # Generate some files
-@@ -1087,6 +1122,7 @@ all: modules
- # using awk while concatenating to the final file.
-
- PHONY += modules
-+modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
- modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
- $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
- @$(kecho) ' Building modules, stage 2.';
-@@ -1102,7 +1138,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
-
- # Target to prepare building external modules
- PHONY += modules_prepare
--modules_prepare: prepare scripts
-+modules_prepare: gcc-plugins prepare scripts
-
- # Target to install modules
- PHONY += modules_install
-@@ -1198,7 +1234,7 @@ distclean: mrproper
- @find $(srctree) $(RCS_FIND_IGNORE) \
- \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
- -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-- -o -name '.*.rej' -o -size 0 \
-+ -o -name '.*.rej' -o -name '*.so' -o -size 0 \
- -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
- -type f -print | xargs rm -f
-
-@@ -1359,6 +1395,7 @@ PHONY += $(module-dirs) modules
- $(module-dirs): crmodverdir $(objtree)/Module.symvers
- $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
-
-+modules: KBUILD_CFLAGS += $(GCC_PLUGINS)
- modules: $(module-dirs)
- @$(kecho) ' Building modules, stage 2.';
- $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1485,17 +1522,19 @@ else
- target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
- endif
-
--%.s: %.c prepare scripts FORCE
-+%.s: KBUILD_CFLAGS += $(GCC_PLUGINS)
-+%.s: %.c gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.i: %.c prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
--%.o: %.c prepare scripts FORCE
-+%.o: KBUILD_CFLAGS += $(GCC_PLUGINS)
-+%.o: %.c gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.lst: %.c prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
--%.s: %.S prepare scripts FORCE
-+%.s: %.S gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
--%.o: %.S prepare scripts FORCE
-+%.o: %.S gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.symtypes: %.c prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1505,11 +1544,13 @@ endif
- $(cmd_crmodverdir)
- $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
- $(build)=$(build-dir)
--%/: prepare scripts FORCE
-+%/: KBUILD_CFLAGS += $(GCC_PLUGINS)
-+%/: gcc-plugins prepare scripts FORCE
- $(cmd_crmodverdir)
- $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
- $(build)=$(build-dir)
--%.ko: prepare scripts FORCE
-+%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS)
-+%.ko: gcc-plugins prepare scripts FORCE
- $(cmd_crmodverdir)
- $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
- $(build)=$(build-dir) $(@:.ko=.o)
+diff -urNp linux-3.0.7/mm/Kconfig linux-3.0.7/mm/Kconfig
+--- linux-3.0.7/mm/Kconfig 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/mm/Kconfig 2011-08-23 21:48:14.000000000 -0400
+@@ -240,7 +240,7 @@ config KSM
+ config DEFAULT_MMAP_MIN_ADDR
+ int "Low address space to protect from user allocation"
+ depends on MMU
+- default 4096
++ default 65536
+ help
+ This is the portion of low virtual memory which should be protected
+ from userspace allocation. Keeping a user from writing to low pages
diff -urNp linux-3.0.7/mm/filemap.c linux-3.0.7/mm/filemap.c
--- linux-3.0.7/mm/filemap.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/mm/filemap.c 2011-08-23 21:48:14.000000000 -0400
extern void prep_compound_page(struct page *page, unsigned long order);
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
-diff -urNp linux-3.0.7/mm/Kconfig linux-3.0.7/mm/Kconfig
---- linux-3.0.7/mm/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/mm/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -240,7 +240,7 @@ config KSM
- config DEFAULT_MMAP_MIN_ADDR
- int "Low address space to protect from user allocation"
- depends on MMU
-- default 4096
-+ default 65536
- help
- This is the portion of low virtual memory which should be protected
- from userspace allocation. Keeping a user from writing to low pages
diff -urNp linux-3.0.7/mm/kmemleak.c linux-3.0.7/mm/kmemleak.c
--- linux-3.0.7/mm/kmemleak.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/mm/kmemleak.c 2011-08-23 21:48:14.000000000 -0400
error = 0;
if (end == start)
goto out;
+diff -urNp linux-3.0.7/mm/memory-failure.c linux-3.0.7/mm/memory-failure.c
+--- linux-3.0.7/mm/memory-failure.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/mm/memory-failure.c 2011-10-06 04:17:55.000000000 -0400
+@@ -59,7 +59,7 @@ int sysctl_memory_failure_early_kill __r
+
+ int sysctl_memory_failure_recovery __read_mostly = 1;
+
+-atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
++atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
+
+ #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE)
+
+@@ -200,7 +200,7 @@ static int kill_proc_ao(struct task_stru
+ si.si_signo = SIGBUS;
+ si.si_errno = 0;
+ si.si_code = BUS_MCEERR_AO;
+- si.si_addr = (void *)addr;
++ si.si_addr = (void __user *)addr;
+ #ifdef __ARCH_SI_TRAPNO
+ si.si_trapno = trapno;
+ #endif
+@@ -1008,7 +1008,7 @@ int __memory_failure(unsigned long pfn,
+ }
+
+ nr_pages = 1 << compound_trans_order(hpage);
+- atomic_long_add(nr_pages, &mce_bad_pages);
++ atomic_long_add_unchecked(nr_pages, &mce_bad_pages);
+
+ /*
+ * We need/can do nothing about count=0 pages.
+@@ -1038,7 +1038,7 @@ int __memory_failure(unsigned long pfn,
+ if (!PageHWPoison(hpage)
+ || (hwpoison_filter(p) && TestClearPageHWPoison(p))
+ || (p != hpage && TestSetPageHWPoison(hpage))) {
+- atomic_long_sub(nr_pages, &mce_bad_pages);
++ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+ return 0;
+ }
+ set_page_hwpoison_huge_page(hpage);
+@@ -1096,7 +1096,7 @@ int __memory_failure(unsigned long pfn,
+ }
+ if (hwpoison_filter(p)) {
+ if (TestClearPageHWPoison(p))
+- atomic_long_sub(nr_pages, &mce_bad_pages);
++ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+ unlock_page(hpage);
+ put_page(hpage);
+ return 0;
+@@ -1222,7 +1222,7 @@ int unpoison_memory(unsigned long pfn)
+ return 0;
+ }
+ if (TestClearPageHWPoison(p))
+- atomic_long_sub(nr_pages, &mce_bad_pages);
++ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+ pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
+ return 0;
+ }
+@@ -1236,7 +1236,7 @@ int unpoison_memory(unsigned long pfn)
+ */
+ if (TestClearPageHWPoison(page)) {
+ pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
+- atomic_long_sub(nr_pages, &mce_bad_pages);
++ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+ freeit = 1;
+ if (PageHuge(page))
+ clear_page_hwpoison_huge_page(page);
+@@ -1349,7 +1349,7 @@ static int soft_offline_huge_page(struct
+ }
+ done:
+ if (!PageHWPoison(hpage))
+- atomic_long_add(1 << compound_trans_order(hpage), &mce_bad_pages);
++ atomic_long_add_unchecked(1 << compound_trans_order(hpage), &mce_bad_pages);
+ set_page_hwpoison_huge_page(hpage);
+ dequeue_hwpoisoned_huge_page(hpage);
+ /* keep elevated page count for bad page */
+@@ -1480,7 +1480,7 @@ int soft_offline_page(struct page *page,
+ return ret;
+
+ done:
+- atomic_long_add(1, &mce_bad_pages);
++ atomic_long_add_unchecked(1, &mce_bad_pages);
+ SetPageHWPoison(page);
+ /* keep elevated page count for bad page */
+ return ret;
diff -urNp linux-3.0.7/mm/memory.c linux-3.0.7/mm/memory.c
--- linux-3.0.7/mm/memory.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.7/mm/memory.c 2011-08-23 21:47:56.000000000 -0400
/*
* Make sure the vDSO gets into every core dump.
* Dumping its contents makes post-mortem fully interpretable later
-diff -urNp linux-3.0.7/mm/memory-failure.c linux-3.0.7/mm/memory-failure.c
---- linux-3.0.7/mm/memory-failure.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/mm/memory-failure.c 2011-10-06 04:17:55.000000000 -0400
-@@ -59,7 +59,7 @@ int sysctl_memory_failure_early_kill __r
-
- int sysctl_memory_failure_recovery __read_mostly = 1;
-
--atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
-+atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
-
- #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE)
-
-@@ -200,7 +200,7 @@ static int kill_proc_ao(struct task_stru
- si.si_signo = SIGBUS;
- si.si_errno = 0;
- si.si_code = BUS_MCEERR_AO;
-- si.si_addr = (void *)addr;
-+ si.si_addr = (void __user *)addr;
- #ifdef __ARCH_SI_TRAPNO
- si.si_trapno = trapno;
- #endif
-@@ -1008,7 +1008,7 @@ int __memory_failure(unsigned long pfn,
- }
-
- nr_pages = 1 << compound_trans_order(hpage);
-- atomic_long_add(nr_pages, &mce_bad_pages);
-+ atomic_long_add_unchecked(nr_pages, &mce_bad_pages);
-
- /*
- * We need/can do nothing about count=0 pages.
-@@ -1038,7 +1038,7 @@ int __memory_failure(unsigned long pfn,
- if (!PageHWPoison(hpage)
- || (hwpoison_filter(p) && TestClearPageHWPoison(p))
- || (p != hpage && TestSetPageHWPoison(hpage))) {
-- atomic_long_sub(nr_pages, &mce_bad_pages);
-+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
- return 0;
- }
- set_page_hwpoison_huge_page(hpage);
-@@ -1096,7 +1096,7 @@ int __memory_failure(unsigned long pfn,
- }
- if (hwpoison_filter(p)) {
- if (TestClearPageHWPoison(p))
-- atomic_long_sub(nr_pages, &mce_bad_pages);
-+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
- unlock_page(hpage);
- put_page(hpage);
- return 0;
-@@ -1222,7 +1222,7 @@ int unpoison_memory(unsigned long pfn)
- return 0;
- }
- if (TestClearPageHWPoison(p))
-- atomic_long_sub(nr_pages, &mce_bad_pages);
-+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
- pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
- return 0;
- }
-@@ -1236,7 +1236,7 @@ int unpoison_memory(unsigned long pfn)
- */
- if (TestClearPageHWPoison(page)) {
- pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
-- atomic_long_sub(nr_pages, &mce_bad_pages);
-+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
- freeit = 1;
- if (PageHuge(page))
- clear_page_hwpoison_huge_page(page);
-@@ -1349,7 +1349,7 @@ static int soft_offline_huge_page(struct
- }
- done:
- if (!PageHWPoison(hpage))
-- atomic_long_add(1 << compound_trans_order(hpage), &mce_bad_pages);
-+ atomic_long_add_unchecked(1 << compound_trans_order(hpage), &mce_bad_pages);
- set_page_hwpoison_huge_page(hpage);
- dequeue_hwpoisoned_huge_page(hpage);
- /* keep elevated page count for bad page */
-@@ -1480,7 +1480,7 @@ int soft_offline_page(struct page *page,
- return ret;
-
- done:
-- atomic_long_add(1, &mce_bad_pages);
-+ atomic_long_add_unchecked(1, &mce_bad_pages);
- SetPageHWPoison(page);
- /* keep elevated page count for bad page */
- return ret;
diff -urNp linux-3.0.7/mm/mempolicy.c linux-3.0.7/mm/mempolicy.c
--- linux-3.0.7/mm/mempolicy.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/mm/mempolicy.c 2011-08-23 21:48:14.000000000 -0400
p->tcp_ts_stamp = 0;
p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
p->rate_tokens = 0;
-diff -urNp linux-3.0.7/net/ipv4/ipconfig.c linux-3.0.7/net/ipv4/ipconfig.c
---- linux-3.0.7/net/ipv4/ipconfig.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/net/ipv4/ipconfig.c 2011-10-06 04:17:55.000000000 -0400
-@@ -313,7 +313,7 @@ static int __init ic_devinet_ioctl(unsig
-
- mm_segment_t oldfs = get_fs();
- set_fs(get_ds());
-- res = devinet_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
-+ res = devinet_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
- set_fs(oldfs);
- return res;
- }
-@@ -324,7 +324,7 @@ static int __init ic_dev_ioctl(unsigned
-
- mm_segment_t oldfs = get_fs();
- set_fs(get_ds());
-- res = dev_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
-+ res = dev_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
- set_fs(oldfs);
- return res;
- }
-@@ -335,7 +335,7 @@ static int __init ic_route_ioctl(unsigne
-
- mm_segment_t oldfs = get_fs();
- set_fs(get_ds());
-- res = ip_rt_ioctl(&init_net, cmd, (void __user *) arg);
-+ res = ip_rt_ioctl(&init_net, cmd, (void __force_user *) arg);
- set_fs(oldfs);
- return res;
- }
diff -urNp linux-3.0.7/net/ipv4/ip_fragment.c linux-3.0.7/net/ipv4/ip_fragment.c
--- linux-3.0.7/net/ipv4/ip_fragment.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/ipv4/ip_fragment.c 2011-08-23 21:47:56.000000000 -0400
msg.msg_controllen = len;
msg.msg_flags = 0;
+diff -urNp linux-3.0.7/net/ipv4/ipconfig.c linux-3.0.7/net/ipv4/ipconfig.c
+--- linux-3.0.7/net/ipv4/ipconfig.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/net/ipv4/ipconfig.c 2011-10-06 04:17:55.000000000 -0400
+@@ -313,7 +313,7 @@ static int __init ic_devinet_ioctl(unsig
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = devinet_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
++ res = devinet_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
+@@ -324,7 +324,7 @@ static int __init ic_dev_ioctl(unsigned
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = dev_ioctl(&init_net, cmd, (struct ifreq __user *) arg);
++ res = dev_ioctl(&init_net, cmd, (struct ifreq __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
+@@ -335,7 +335,7 @@ static int __init ic_route_ioctl(unsigne
+
+ mm_segment_t oldfs = get_fs();
+ set_fs(get_ds());
+- res = ip_rt_ioctl(&init_net, cmd, (void __user *) arg);
++ res = ip_rt_ioctl(&init_net, cmd, (void __force_user *) arg);
+ set_fs(oldfs);
+ return res;
+ }
diff -urNp linux-3.0.7/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-3.0.7/net/ipv4/netfilter/nf_nat_snmp_basic.c
--- linux-3.0.7/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-08-23 21:47:56.000000000 -0400
/*
* Upon resume hardware can sometimes be goofy due to
* various platform / driver / bus issues, so restarting
+diff -urNp linux-3.0.7/net/netfilter/Kconfig linux-3.0.7/net/netfilter/Kconfig
+--- linux-3.0.7/net/netfilter/Kconfig 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/net/netfilter/Kconfig 2011-08-23 21:48:14.000000000 -0400
+@@ -781,6 +781,16 @@ config NETFILTER_XT_MATCH_ESP
+
+ To compile it as a module, choose M here. If unsure, say N.
+
++config NETFILTER_XT_MATCH_GRADM
++ tristate '"gradm" match support'
++ depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
++ depends on GRKERNSEC && !GRKERNSEC_NO_RBAC
++ ---help---
++ The gradm match allows to match on grsecurity RBAC being enabled.
++ It is useful when iptables rules are applied early on bootup to
++ prevent connections to the machine (except from a trusted host)
++ while the RBAC system is disabled.
++
+ config NETFILTER_XT_MATCH_HASHLIMIT
+ tristate '"hashlimit" match support'
+ depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
+diff -urNp linux-3.0.7/net/netfilter/Makefile linux-3.0.7/net/netfilter/Makefile
+--- linux-3.0.7/net/netfilter/Makefile 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/net/netfilter/Makefile 2011-08-23 21:48:14.000000000 -0400
+@@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) +=
+ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
++obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) += xt_gradm.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
diff -urNp linux-3.0.7/net/netfilter/ipvs/ip_vs_conn.c linux-3.0.7/net/netfilter/ipvs/ip_vs_conn.c
--- linux-3.0.7/net/netfilter/ipvs/ip_vs_conn.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/netfilter/ipvs/ip_vs_conn.c 2011-08-23 21:47:56.000000000 -0400
goto out;
}
-diff -urNp linux-3.0.7/net/netfilter/Kconfig linux-3.0.7/net/netfilter/Kconfig
---- linux-3.0.7/net/netfilter/Kconfig 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/net/netfilter/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -781,6 +781,16 @@ config NETFILTER_XT_MATCH_ESP
-
- To compile it as a module, choose M here. If unsure, say N.
-
-+config NETFILTER_XT_MATCH_GRADM
-+ tristate '"gradm" match support'
-+ depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
-+ depends on GRKERNSEC && !GRKERNSEC_NO_RBAC
-+ ---help---
-+ The gradm match allows to match on grsecurity RBAC being enabled.
-+ It is useful when iptables rules are applied early on bootup to
-+ prevent connections to the machine (except from a trusted host)
-+ while the RBAC system is disabled.
-+
- config NETFILTER_XT_MATCH_HASHLIMIT
- tristate '"hashlimit" match support'
- depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
-diff -urNp linux-3.0.7/net/netfilter/Makefile linux-3.0.7/net/netfilter/Makefile
---- linux-3.0.7/net/netfilter/Makefile 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/net/netfilter/Makefile 2011-08-23 21:48:14.000000000 -0400
-@@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) +=
- obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
-+obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) += xt_gradm.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
diff -urNp linux-3.0.7/net/netfilter/nfnetlink_log.c linux-3.0.7/net/netfilter/nfnetlink_log.c
--- linux-3.0.7/net/netfilter/nfnetlink_log.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/netfilter/nfnetlink_log.c 2011-08-23 21:47:56.000000000 -0400
if (likely(*recent == gen))
return 0;
-diff -urNp linux-3.0.7/net/rds/ib_cm.c linux-3.0.7/net/rds/ib_cm.c
---- linux-3.0.7/net/rds/ib_cm.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/net/rds/ib_cm.c 2011-08-23 21:47:56.000000000 -0400
-@@ -720,7 +720,7 @@ void rds_ib_conn_shutdown(struct rds_con
- /* Clear the ACK state */
- clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
- #ifdef KERNEL_HAS_ATOMIC64
-- atomic64_set(&ic->i_ack_next, 0);
-+ atomic64_set_unchecked(&ic->i_ack_next, 0);
- #else
- ic->i_ack_next = 0;
- #endif
diff -urNp linux-3.0.7/net/rds/ib.h linux-3.0.7/net/rds/ib.h
--- linux-3.0.7/net/rds/ib.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/rds/ib.h 2011-08-23 21:47:56.000000000 -0400
#else
spinlock_t i_ack_lock; /* protect i_ack_next */
u64 i_ack_next; /* next ACK to send */
+diff -urNp linux-3.0.7/net/rds/ib_cm.c linux-3.0.7/net/rds/ib_cm.c
+--- linux-3.0.7/net/rds/ib_cm.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/net/rds/ib_cm.c 2011-08-23 21:47:56.000000000 -0400
+@@ -720,7 +720,7 @@ void rds_ib_conn_shutdown(struct rds_con
+ /* Clear the ACK state */
+ clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
+ #ifdef KERNEL_HAS_ATOMIC64
+- atomic64_set(&ic->i_ack_next, 0);
++ atomic64_set_unchecked(&ic->i_ack_next, 0);
+ #else
+ ic->i_ack_next = 0;
+ #endif
diff -urNp linux-3.0.7/net/rds/ib_recv.c linux-3.0.7/net/rds/ib_recv.c
--- linux-3.0.7/net/rds/ib_recv.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/rds/ib_recv.c 2011-08-23 21:47:56.000000000 -0400
}
#endif
-diff -urNp linux-3.0.7/net/rds/iw_cm.c linux-3.0.7/net/rds/iw_cm.c
---- linux-3.0.7/net/rds/iw_cm.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/net/rds/iw_cm.c 2011-08-23 21:47:56.000000000 -0400
-@@ -664,7 +664,7 @@ void rds_iw_conn_shutdown(struct rds_con
- /* Clear the ACK state */
- clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
- #ifdef KERNEL_HAS_ATOMIC64
-- atomic64_set(&ic->i_ack_next, 0);
-+ atomic64_set_unchecked(&ic->i_ack_next, 0);
- #else
- ic->i_ack_next = 0;
- #endif
diff -urNp linux-3.0.7/net/rds/iw.h linux-3.0.7/net/rds/iw.h
--- linux-3.0.7/net/rds/iw.h 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/rds/iw.h 2011-08-23 21:47:56.000000000 -0400
#else
spinlock_t i_ack_lock; /* protect i_ack_next */
u64 i_ack_next; /* next ACK to send */
+diff -urNp linux-3.0.7/net/rds/iw_cm.c linux-3.0.7/net/rds/iw_cm.c
+--- linux-3.0.7/net/rds/iw_cm.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/net/rds/iw_cm.c 2011-08-23 21:47:56.000000000 -0400
+@@ -664,7 +664,7 @@ void rds_iw_conn_shutdown(struct rds_con
+ /* Clear the ACK state */
+ clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
+ #ifdef KERNEL_HAS_ATOMIC64
+- atomic64_set(&ic->i_ack_next, 0);
++ atomic64_set_unchecked(&ic->i_ack_next, 0);
+ #else
+ ic->i_ack_next = 0;
+ #endif
diff -urNp linux-3.0.7/net/rds/iw_rdma.c linux-3.0.7/net/rds/iw_rdma.c
--- linux-3.0.7/net/rds/iw_rdma.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/net/rds/iw_rdma.c 2011-08-23 21:48:14.000000000 -0400
if (attrs[XFRMA_MIGRATE] == NULL)
return -EINVAL;
+diff -urNp linux-3.0.7/scripts/Makefile.build linux-3.0.7/scripts/Makefile.build
+--- linux-3.0.7/scripts/Makefile.build 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/scripts/Makefile.build 2011-08-23 21:47:56.000000000 -0400
+@@ -109,7 +109,7 @@ endif
+ endif
+
+ # Do not include host rules unless needed
+-ifneq ($(hostprogs-y)$(hostprogs-m),)
++ifneq ($(hostprogs-y)$(hostprogs-m)$(hostlibs-y)$(hostlibs-m),)
+ include scripts/Makefile.host
+ endif
+
+diff -urNp linux-3.0.7/scripts/Makefile.clean linux-3.0.7/scripts/Makefile.clean
+--- linux-3.0.7/scripts/Makefile.clean 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/scripts/Makefile.clean 2011-08-23 21:47:56.000000000 -0400
+@@ -43,7 +43,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subd
+ __clean-files := $(extra-y) $(always) \
+ $(targets) $(clean-files) \
+ $(host-progs) \
+- $(hostprogs-y) $(hostprogs-m) $(hostprogs-)
++ $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \
++ $(hostlibs-y) $(hostlibs-m) $(hostlibs-)
+
+ __clean-files := $(filter-out $(no-clean-files), $(__clean-files))
+
+diff -urNp linux-3.0.7/scripts/Makefile.host linux-3.0.7/scripts/Makefile.host
+--- linux-3.0.7/scripts/Makefile.host 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/scripts/Makefile.host 2011-08-23 21:47:56.000000000 -0400
+@@ -31,6 +31,7 @@
+ # Note: Shared libraries consisting of C++ files are not supported
+
+ __hostprogs := $(sort $(hostprogs-y) $(hostprogs-m))
++__hostlibs := $(sort $(hostlibs-y) $(hostlibs-m))
+
+ # C code
+ # Executables compiled from a single .c file
+@@ -54,6 +55,7 @@ host-cxxobjs := $(sort $(foreach m,$(hos
+ # Shared libaries (only .c supported)
+ # Shared libraries (.so) - all .so files referenced in "xxx-objs"
+ host-cshlib := $(sort $(filter %.so, $(host-cobjs)))
++host-cshlib += $(sort $(filter %.so, $(__hostlibs)))
+ # Remove .so files from "xxx-objs"
+ host-cobjs := $(filter-out %.so,$(host-cobjs))
+
diff -urNp linux-3.0.7/scripts/basic/fixdep.c linux-3.0.7/scripts/basic/fixdep.c
--- linux-3.0.7/scripts/basic/fixdep.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/scripts/basic/fixdep.c 2011-10-06 04:17:55.000000000 -0400
@@ -0,0 +1,2 @@
+#!/bin/sh
+echo "#include \"gcc-plugin.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
-diff -urNp linux-3.0.7/scripts/Makefile.build linux-3.0.7/scripts/Makefile.build
---- linux-3.0.7/scripts/Makefile.build 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/scripts/Makefile.build 2011-08-23 21:47:56.000000000 -0400
-@@ -109,7 +109,7 @@ endif
- endif
-
- # Do not include host rules unless needed
--ifneq ($(hostprogs-y)$(hostprogs-m),)
-+ifneq ($(hostprogs-y)$(hostprogs-m)$(hostlibs-y)$(hostlibs-m),)
- include scripts/Makefile.host
- endif
-
-diff -urNp linux-3.0.7/scripts/Makefile.clean linux-3.0.7/scripts/Makefile.clean
---- linux-3.0.7/scripts/Makefile.clean 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/scripts/Makefile.clean 2011-08-23 21:47:56.000000000 -0400
-@@ -43,7 +43,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subd
- __clean-files := $(extra-y) $(always) \
- $(targets) $(clean-files) \
- $(host-progs) \
-- $(hostprogs-y) $(hostprogs-m) $(hostprogs-)
-+ $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \
-+ $(hostlibs-y) $(hostlibs-m) $(hostlibs-)
-
- __clean-files := $(filter-out $(no-clean-files), $(__clean-files))
-
-diff -urNp linux-3.0.7/scripts/Makefile.host linux-3.0.7/scripts/Makefile.host
---- linux-3.0.7/scripts/Makefile.host 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/scripts/Makefile.host 2011-08-23 21:47:56.000000000 -0400
-@@ -31,6 +31,7 @@
- # Note: Shared libraries consisting of C++ files are not supported
-
- __hostprogs := $(sort $(hostprogs-y) $(hostprogs-m))
-+__hostlibs := $(sort $(hostlibs-y) $(hostlibs-m))
-
- # C code
- # Executables compiled from a single .c file
-@@ -54,6 +55,7 @@ host-cxxobjs := $(sort $(foreach m,$(hos
- # Shared libaries (only .c supported)
- # Shared libraries (.so) - all .so files referenced in "xxx-objs"
- host-cshlib := $(sort $(filter %.so, $(host-cobjs)))
-+host-cshlib += $(sort $(filter %.so, $(__hostlibs)))
- # Remove .so files from "xxx-objs"
- host-cobjs := $(filter-out %.so,$(host-cobjs))
-
diff -urNp linux-3.0.7/scripts/mod/file2alias.c linux-3.0.7/scripts/mod/file2alias.c
--- linux-3.0.7/scripts/mod/file2alias.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/scripts/mod/file2alias.c 2011-10-06 04:17:55.000000000 -0400
logoname);
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
-diff -urNp linux-3.0.7/security/apparmor/lsm.c linux-3.0.7/security/apparmor/lsm.c
---- linux-3.0.7/security/apparmor/lsm.c 2011-09-02 18:11:21.000000000 -0400
-+++ linux-3.0.7/security/apparmor/lsm.c 2011-08-23 21:48:14.000000000 -0400
-@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struc
- return error;
- }
-
--static struct security_operations apparmor_ops = {
-+static struct security_operations apparmor_ops __read_only = {
- .name = "apparmor",
-
- .ptrace_access_check = apparmor_ptrace_access_check,
-diff -urNp linux-3.0.7/security/commoncap.c linux-3.0.7/security/commoncap.c
---- linux-3.0.7/security/commoncap.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/security/commoncap.c 2011-08-23 21:48:14.000000000 -0400
-@@ -28,6 +28,7 @@
- #include <linux/prctl.h>
- #include <linux/securebits.h>
- #include <linux/user_namespace.h>
-+#include <net/sock.h>
-
- /*
- * If a non-root user executes a setuid-root binary in
-@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, st
-
- int cap_netlink_recv(struct sk_buff *skb, int cap)
- {
-- if (!cap_raised(current_cap(), cap))
-+ if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap))
- return -EPERM;
- return 0;
- }
-@@ -575,6 +576,9 @@ int cap_bprm_secureexec(struct linux_bin
- {
- const struct cred *cred = current_cred();
-
-+ if (gr_acl_enable_at_secure())
-+ return 1;
-+
- if (cred->uid != 0) {
- if (bprm->cap_effective)
- return 1;
-diff -urNp linux-3.0.7/security/integrity/ima/ima_api.c linux-3.0.7/security/integrity/ima/ima_api.c
---- linux-3.0.7/security/integrity/ima/ima_api.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/security/integrity/ima/ima_api.c 2011-08-23 21:47:56.000000000 -0400
-@@ -75,7 +75,7 @@ void ima_add_violation(struct inode *ino
- int result;
-
- /* can overflow, only indicator */
-- atomic_long_inc(&ima_htable.violations);
-+ atomic_long_inc_unchecked(&ima_htable.violations);
-
- entry = kmalloc(sizeof(*entry), GFP_KERNEL);
- if (!entry) {
-diff -urNp linux-3.0.7/security/integrity/ima/ima_fs.c linux-3.0.7/security/integrity/ima/ima_fs.c
---- linux-3.0.7/security/integrity/ima/ima_fs.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/security/integrity/ima/ima_fs.c 2011-08-23 21:47:56.000000000 -0400
-@@ -28,12 +28,12 @@
- static int valid_policy = 1;
- #define TMPBUFLEN 12
- static ssize_t ima_show_htable_value(char __user *buf, size_t count,
-- loff_t *ppos, atomic_long_t *val)
-+ loff_t *ppos, atomic_long_unchecked_t *val)
- {
- char tmpbuf[TMPBUFLEN];
- ssize_t len;
-
-- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
-+ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val));
- return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
- }
-
-diff -urNp linux-3.0.7/security/integrity/ima/ima.h linux-3.0.7/security/integrity/ima/ima.h
---- linux-3.0.7/security/integrity/ima/ima.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/security/integrity/ima/ima.h 2011-08-23 21:47:56.000000000 -0400
-@@ -85,8 +85,8 @@ void ima_add_violation(struct inode *ino
- extern spinlock_t ima_queue_lock;
-
- struct ima_h_table {
-- atomic_long_t len; /* number of stored measurements in the list */
-- atomic_long_t violations;
-+ atomic_long_unchecked_t len; /* number of stored measurements in the list */
-+ atomic_long_unchecked_t violations;
- struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
- };
- extern struct ima_h_table ima_htable;
-diff -urNp linux-3.0.7/security/integrity/ima/ima_queue.c linux-3.0.7/security/integrity/ima/ima_queue.c
---- linux-3.0.7/security/integrity/ima/ima_queue.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.7/security/integrity/ima/ima_queue.c 2011-08-23 21:47:56.000000000 -0400
-@@ -79,7 +79,7 @@ static int ima_add_digest_entry(struct i
- INIT_LIST_HEAD(&qe->later);
- list_add_tail_rcu(&qe->later, &ima_measurements);
-
-- atomic_long_inc(&ima_htable.len);
-+ atomic_long_inc_unchecked(&ima_htable.len);
- key = ima_hash_key(entry->digest);
- hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
- return 0;
diff -urNp linux-3.0.7/security/Kconfig linux-3.0.7/security/Kconfig
--- linux-3.0.7/security/Kconfig 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/security/Kconfig 2011-10-06 04:19:25.000000000 -0400
default 65536
help
This is the portion of low virtual memory which should be protected
+diff -urNp linux-3.0.7/security/apparmor/lsm.c linux-3.0.7/security/apparmor/lsm.c
+--- linux-3.0.7/security/apparmor/lsm.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.7/security/apparmor/lsm.c 2011-08-23 21:48:14.000000000 -0400
+@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struc
+ return error;
+ }
+
+-static struct security_operations apparmor_ops = {
++static struct security_operations apparmor_ops __read_only = {
+ .name = "apparmor",
+
+ .ptrace_access_check = apparmor_ptrace_access_check,
+diff -urNp linux-3.0.7/security/commoncap.c linux-3.0.7/security/commoncap.c
+--- linux-3.0.7/security/commoncap.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/security/commoncap.c 2011-08-23 21:48:14.000000000 -0400
+@@ -28,6 +28,7 @@
+ #include <linux/prctl.h>
+ #include <linux/securebits.h>
+ #include <linux/user_namespace.h>
++#include <net/sock.h>
+
+ /*
+ * If a non-root user executes a setuid-root binary in
+@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, st
+
+ int cap_netlink_recv(struct sk_buff *skb, int cap)
+ {
+- if (!cap_raised(current_cap(), cap))
++ if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap))
+ return -EPERM;
+ return 0;
+ }
+@@ -575,6 +576,9 @@ int cap_bprm_secureexec(struct linux_bin
+ {
+ const struct cred *cred = current_cred();
+
++ if (gr_acl_enable_at_secure())
++ return 1;
++
+ if (cred->uid != 0) {
+ if (bprm->cap_effective)
+ return 1;
+diff -urNp linux-3.0.7/security/integrity/ima/ima.h linux-3.0.7/security/integrity/ima/ima.h
+--- linux-3.0.7/security/integrity/ima/ima.h 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/security/integrity/ima/ima.h 2011-08-23 21:47:56.000000000 -0400
+@@ -85,8 +85,8 @@ void ima_add_violation(struct inode *ino
+ extern spinlock_t ima_queue_lock;
+
+ struct ima_h_table {
+- atomic_long_t len; /* number of stored measurements in the list */
+- atomic_long_t violations;
++ atomic_long_unchecked_t len; /* number of stored measurements in the list */
++ atomic_long_unchecked_t violations;
+ struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
+ };
+ extern struct ima_h_table ima_htable;
+diff -urNp linux-3.0.7/security/integrity/ima/ima_api.c linux-3.0.7/security/integrity/ima/ima_api.c
+--- linux-3.0.7/security/integrity/ima/ima_api.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/security/integrity/ima/ima_api.c 2011-08-23 21:47:56.000000000 -0400
+@@ -75,7 +75,7 @@ void ima_add_violation(struct inode *ino
+ int result;
+
+ /* can overflow, only indicator */
+- atomic_long_inc(&ima_htable.violations);
++ atomic_long_inc_unchecked(&ima_htable.violations);
+
+ entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+ if (!entry) {
+diff -urNp linux-3.0.7/security/integrity/ima/ima_fs.c linux-3.0.7/security/integrity/ima/ima_fs.c
+--- linux-3.0.7/security/integrity/ima/ima_fs.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/security/integrity/ima/ima_fs.c 2011-08-23 21:47:56.000000000 -0400
+@@ -28,12 +28,12 @@
+ static int valid_policy = 1;
+ #define TMPBUFLEN 12
+ static ssize_t ima_show_htable_value(char __user *buf, size_t count,
+- loff_t *ppos, atomic_long_t *val)
++ loff_t *ppos, atomic_long_unchecked_t *val)
+ {
+ char tmpbuf[TMPBUFLEN];
+ ssize_t len;
+
+- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
++ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val));
+ return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
+ }
+
+diff -urNp linux-3.0.7/security/integrity/ima/ima_queue.c linux-3.0.7/security/integrity/ima/ima_queue.c
+--- linux-3.0.7/security/integrity/ima/ima_queue.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.7/security/integrity/ima/ima_queue.c 2011-08-23 21:47:56.000000000 -0400
+@@ -79,7 +79,7 @@ static int ima_add_digest_entry(struct i
+ INIT_LIST_HEAD(&qe->later);
+ list_add_tail_rcu(&qe->later, &ima_measurements);
+
+- atomic_long_inc(&ima_htable.len);
++ atomic_long_inc_unchecked(&ima_htable.len);
+ key = ima_hash_key(entry->digest);
+ hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
+ return 0;
diff -urNp linux-3.0.7/security/keys/compat.c linux-3.0.7/security/keys/compat.c
--- linux-3.0.7/security/keys/compat.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.7/security/keys/compat.c 2011-10-06 04:17:55.000000000 -0400
};
struct snd_usb_stream {
+diff -urNp linux-3.0.7/tools/gcc/Makefile linux-3.0.7/tools/gcc/Makefile
+--- linux-3.0.7/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
++++ linux-3.0.7/tools/gcc/Makefile 2011-10-06 04:17:55.000000000 -0400
+@@ -0,0 +1,21 @@
++#CC := gcc
++#PLUGIN_SOURCE_FILES := pax_plugin.c
++#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
++GCCPLUGINS_DIR := $(shell $(HOSTCC) -print-file-name=plugin)
++#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W
++
++HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
++
++hostlibs-y := constify_plugin.so
++hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
++hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
++hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
++hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
++
++always := $(hostlibs-y)
++
++stackleak_plugin-objs := stackleak_plugin.o
++constify_plugin-objs := constify_plugin.o
++kallocstat_plugin-objs := kallocstat_plugin.o
++kernexec_plugin-objs := kernexec_plugin.o
++checker_plugin-objs := checker_plugin.o
diff -urNp linux-3.0.7/tools/gcc/checker_plugin.c linux-3.0.7/tools/gcc/checker_plugin.c
--- linux-3.0.7/tools/gcc/checker_plugin.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.7/tools/gcc/checker_plugin.c 2011-10-06 04:17:55.000000000 -0400
+
+ return 0;
+}
-diff -urNp linux-3.0.7/tools/gcc/Makefile linux-3.0.7/tools/gcc/Makefile
---- linux-3.0.7/tools/gcc/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.7/tools/gcc/Makefile 2011-10-06 04:17:55.000000000 -0400
-@@ -0,0 +1,21 @@
-+#CC := gcc
-+#PLUGIN_SOURCE_FILES := pax_plugin.c
-+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
-+GCCPLUGINS_DIR := $(shell $(HOSTCC) -print-file-name=plugin)
-+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W
-+
-+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include
-+
-+hostlibs-y := constify_plugin.so
-+hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
-+hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
-+hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
-+hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
-+
-+always := $(hostlibs-y)
-+
-+stackleak_plugin-objs := stackleak_plugin.o
-+constify_plugin-objs := constify_plugin.o
-+kallocstat_plugin-objs := kallocstat_plugin.o
-+kernexec_plugin-objs := kernexec_plugin.o
-+checker_plugin-objs := checker_plugin.o
diff -urNp linux-3.0.7/tools/gcc/stackleak_plugin.c linux-3.0.7/tools/gcc/stackleak_plugin.c
--- linux-3.0.7/tools/gcc/stackleak_plugin.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.7/tools/gcc/stackleak_plugin.c 2011-09-17 00:53:44.000000000 -0400
projects / packages / kernel.git / commitdiff