aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2011-05-24 12:53:50 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2011-05-24 12:53:50 +0000
commit8b29ce3cf9a7ae91c08bfe1b7f62839bd657745d (patch)
treed32c69c9a8f6fa4c27eff3df871c71d6ae76876c
parentaeab26d98cd427c5b7effd561d230aae1515e3ea (diff)
downloadalpine_aports-8b29ce3cf9a7ae91c08bfe1b7f62839bd657745d.tar.bz2
alpine_aports-8b29ce3cf9a7ae91c08bfe1b7f62839bd657745d.tar.xz
alpine_aports-8b29ce3cf9a7ae91c08bfe1b7f62839bd657745d.zip
main/linux-grsec: move grsecurity-2.2.2-2.6.38.2-201103281752 from testing
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD14
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-2.6.38.2-201103281752.patch59296
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-2.6.38.7-201105222331.patch (renamed from testing/linux-grsec/grsecurity-2.2.2-2.6.38.7-201105222331.patch)0
-rw-r--r--main/linux-grsec/kernelconfig.x8662
-rw-r--r--main/linux-grsec/kernelconfig.x86_6412
-rw-r--r--testing/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch29
-rw-r--r--testing/linux-grsec/APKBUILD145
-rw-r--r--testing/linux-grsec/kernelconfig.x865157
-rw-r--r--testing/linux-grsec/kernelconfig.x86_645111
-rw-r--r--testing/linux-grsec/net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch98
10 files changed, 45 insertions, 69879 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 3e7a6bc50c..758226d210 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,9 +2,9 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=2.6.38.2 5pkgver=2.6.38.7
6_kernver=2.6.38 6_kernver=2.6.38
7pkgrel=3 7pkgrel=0
8pkgdesc="Linux kernel with grsecurity" 8pkgdesc="Linux kernel with grsecurity"
9url=http://grsecurity.net 9url=http://grsecurity.net
10depends="mkinitfs linux-firmware" 10depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
14install= 14install=
15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
17 grsecurity-2.2.2-2.6.38.2-201103281752.patch 17 grsecurity-2.2.2-2.6.38.7-201105222331.patch
18 18
19 0004-arp-flush-arp-cache-on-device-change.patch 19 0004-arp-flush-arp-cache-on-device-change.patch
20 net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch 20 net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
@@ -137,9 +137,9 @@ dev() {
137} 137}
138 138
139md5sums="7d471477bfa67546f902da62227fa976 linux-2.6.38.tar.bz2 139md5sums="7d471477bfa67546f902da62227fa976 linux-2.6.38.tar.bz2
140599badab31c4920d4122133208c810d7 patch-2.6.38.2.bz2 1402639b4b98a2dcfc8b7f091543f289205 patch-2.6.38.7.bz2
141fac4f5fb386192c544fae27db6db18a7 grsecurity-2.2.2-2.6.38.2-201103281752.patch 141405571538f81e3ebbe8cbfc029c52fdd grsecurity-2.2.2-2.6.38.7-201105222331.patch
142776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 142776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
143aa1b82da0cabfb41c5e6da5bddf60bab net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch 143aa1b82da0cabfb41c5e6da5bddf60bab net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
14447ff0feca681cd53a037b7f5c9b46c3d kernelconfig.x86 144f4cf5b0ddfeef7aa87fb27792aff88a4 kernelconfig.x86
1452d70a4c38d97ca1a5280ca8d4e535628 kernelconfig.x86_64" 1450a73d8d896101de90f47dae32119e7ca kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.2.2-2.6.38.2-201103281752.patch b/main/linux-grsec/grsecurity-2.2.2-2.6.38.2-201103281752.patch
deleted file mode 100644
index 190cb94594..0000000000
--- a/main/linux-grsec/grsecurity-2.2.2-2.6.38.2-201103281752.patch
+++ /dev/null
@@ -1,59296 +0,0 @@
1diff -urNp linux-2.6.38.2/arch/alpha/include/asm/dma-mapping.h linux-2.6.38.2/arch/alpha/include/asm/dma-mapping.h
2--- linux-2.6.38.2/arch/alpha/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
3+++ linux-2.6.38.2/arch/alpha/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
4@@ -3,9 +3,9 @@
5
6 #include <linux/dma-attrs.h>
7
8-extern struct dma_map_ops *dma_ops;
9+extern const struct dma_map_ops *dma_ops;
10
11-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
12+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
13 {
14 return dma_ops;
15 }
16diff -urNp linux-2.6.38.2/arch/alpha/include/asm/elf.h linux-2.6.38.2/arch/alpha/include/asm/elf.h
17--- linux-2.6.38.2/arch/alpha/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
18+++ linux-2.6.38.2/arch/alpha/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
19@@ -90,6 +90,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
20
21 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
22
23+#ifdef CONFIG_PAX_ASLR
24+#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
25+
26+#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
27+#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
28+#endif
29+
30 /* $0 is set by ld.so to a pointer to a function which might be
31 registered using atexit. This provides a mean for the dynamic
32 linker to call DT_FINI functions for shared libraries that have
33diff -urNp linux-2.6.38.2/arch/alpha/include/asm/pgtable.h linux-2.6.38.2/arch/alpha/include/asm/pgtable.h
34--- linux-2.6.38.2/arch/alpha/include/asm/pgtable.h 2011-03-14 21:20:32.000000000 -0400
35+++ linux-2.6.38.2/arch/alpha/include/asm/pgtable.h 2011-03-21 18:31:35.000000000 -0400
36@@ -101,6 +101,17 @@ struct vm_area_struct;
37 #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
38 #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
39 #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
40+
41+#ifdef CONFIG_PAX_PAGEEXEC
42+# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
43+# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
44+# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
45+#else
46+# define PAGE_SHARED_NOEXEC PAGE_SHARED
47+# define PAGE_COPY_NOEXEC PAGE_COPY
48+# define PAGE_READONLY_NOEXEC PAGE_READONLY
49+#endif
50+
51 #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
52
53 #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
54diff -urNp linux-2.6.38.2/arch/alpha/kernel/module.c linux-2.6.38.2/arch/alpha/kernel/module.c
55--- linux-2.6.38.2/arch/alpha/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
56+++ linux-2.6.38.2/arch/alpha/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
57@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs,
58
59 /* The small sections were sorted to the end of the segment.
60 The following should definitely cover them. */
61- gp = (u64)me->module_core + me->core_size - 0x8000;
62+ gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000;
63 got = sechdrs[me->arch.gotsecindex].sh_addr;
64
65 for (i = 0; i < n; i++) {
66diff -urNp linux-2.6.38.2/arch/alpha/kernel/osf_sys.c linux-2.6.38.2/arch/alpha/kernel/osf_sys.c
67--- linux-2.6.38.2/arch/alpha/kernel/osf_sys.c 2011-03-14 21:20:32.000000000 -0400
68+++ linux-2.6.38.2/arch/alpha/kernel/osf_sys.c 2011-03-21 18:31:35.000000000 -0400
69@@ -1162,7 +1162,7 @@ arch_get_unmapped_area_1(unsigned long a
70 /* At this point: (!vma || addr < vma->vm_end). */
71 if (limit - len < addr)
72 return -ENOMEM;
73- if (!vma || addr + len <= vma->vm_start)
74+ if (check_heap_stack_gap(vma, addr, len))
75 return addr;
76 addr = vma->vm_end;
77 vma = vma->vm_next;
78@@ -1198,6 +1198,10 @@ arch_get_unmapped_area(struct file *filp
79 merely specific addresses, but regions of memory -- perhaps
80 this feature should be incorporated into all ports? */
81
82+#ifdef CONFIG_PAX_RANDMMAP
83+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
84+#endif
85+
86 if (addr) {
87 addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
88 if (addr != (unsigned long) -ENOMEM)
89@@ -1205,8 +1209,8 @@ arch_get_unmapped_area(struct file *filp
90 }
91
92 /* Next, try allocating at TASK_UNMAPPED_BASE. */
93- addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
94- len, limit);
95+ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit);
96+
97 if (addr != (unsigned long) -ENOMEM)
98 return addr;
99
100diff -urNp linux-2.6.38.2/arch/alpha/kernel/pci_iommu.c linux-2.6.38.2/arch/alpha/kernel/pci_iommu.c
101--- linux-2.6.38.2/arch/alpha/kernel/pci_iommu.c 2011-03-14 21:20:32.000000000 -0400
102+++ linux-2.6.38.2/arch/alpha/kernel/pci_iommu.c 2011-03-21 18:31:35.000000000 -0400
103@@ -950,7 +950,7 @@ static int alpha_pci_set_mask(struct dev
104 return 0;
105 }
106
107-struct dma_map_ops alpha_pci_ops = {
108+const struct dma_map_ops alpha_pci_ops = {
109 .alloc_coherent = alpha_pci_alloc_coherent,
110 .free_coherent = alpha_pci_free_coherent,
111 .map_page = alpha_pci_map_page,
112@@ -962,5 +962,5 @@ struct dma_map_ops alpha_pci_ops = {
113 .set_dma_mask = alpha_pci_set_mask,
114 };
115
116-struct dma_map_ops *dma_ops = &alpha_pci_ops;
117+const struct dma_map_ops *dma_ops = &alpha_pci_ops;
118 EXPORT_SYMBOL(dma_ops);
119diff -urNp linux-2.6.38.2/arch/alpha/kernel/pci-noop.c linux-2.6.38.2/arch/alpha/kernel/pci-noop.c
120--- linux-2.6.38.2/arch/alpha/kernel/pci-noop.c 2011-03-14 21:20:32.000000000 -0400
121+++ linux-2.6.38.2/arch/alpha/kernel/pci-noop.c 2011-03-21 18:31:35.000000000 -0400
122@@ -173,7 +173,7 @@ static int alpha_noop_set_mask(struct de
123 return 0;
124 }
125
126-struct dma_map_ops alpha_noop_ops = {
127+const struct dma_map_ops alpha_noop_ops = {
128 .alloc_coherent = alpha_noop_alloc_coherent,
129 .free_coherent = alpha_noop_free_coherent,
130 .map_page = alpha_noop_map_page,
131@@ -183,7 +183,7 @@ struct dma_map_ops alpha_noop_ops = {
132 .set_dma_mask = alpha_noop_set_mask,
133 };
134
135-struct dma_map_ops *dma_ops = &alpha_noop_ops;
136+const struct dma_map_ops *dma_ops = &alpha_noop_ops;
137 EXPORT_SYMBOL(dma_ops);
138
139 void __iomem *pci_iomap(struct pci_dev *dev, int bar, unsigned long maxlen)
140diff -urNp linux-2.6.38.2/arch/alpha/mm/fault.c linux-2.6.38.2/arch/alpha/mm/fault.c
141--- linux-2.6.38.2/arch/alpha/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
142+++ linux-2.6.38.2/arch/alpha/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
143@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
144 __reload_thread(pcb);
145 }
146
147+#ifdef CONFIG_PAX_PAGEEXEC
148+/*
149+ * PaX: decide what to do with offenders (regs->pc = fault address)
150+ *
151+ * returns 1 when task should be killed
152+ * 2 when patched PLT trampoline was detected
153+ * 3 when unpatched PLT trampoline was detected
154+ */
155+static int pax_handle_fetch_fault(struct pt_regs *regs)
156+{
157+
158+#ifdef CONFIG_PAX_EMUPLT
159+ int err;
160+
161+ do { /* PaX: patched PLT emulation #1 */
162+ unsigned int ldah, ldq, jmp;
163+
164+ err = get_user(ldah, (unsigned int *)regs->pc);
165+ err |= get_user(ldq, (unsigned int *)(regs->pc+4));
166+ err |= get_user(jmp, (unsigned int *)(regs->pc+8));
167+
168+ if (err)
169+ break;
170+
171+ if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
172+ (ldq & 0xFFFF0000U) == 0xA77B0000U &&
173+ jmp == 0x6BFB0000U)
174+ {
175+ unsigned long r27, addr;
176+ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
177+ unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
178+
179+ addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
180+ err = get_user(r27, (unsigned long *)addr);
181+ if (err)
182+ break;
183+
184+ regs->r27 = r27;
185+ regs->pc = r27;
186+ return 2;
187+ }
188+ } while (0);
189+
190+ do { /* PaX: patched PLT emulation #2 */
191+ unsigned int ldah, lda, br;
192+
193+ err = get_user(ldah, (unsigned int *)regs->pc);
194+ err |= get_user(lda, (unsigned int *)(regs->pc+4));
195+ err |= get_user(br, (unsigned int *)(regs->pc+8));
196+
197+ if (err)
198+ break;
199+
200+ if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
201+ (lda & 0xFFFF0000U) == 0xA77B0000U &&
202+ (br & 0xFFE00000U) == 0xC3E00000U)
203+ {
204+ unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
205+ unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
206+ unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
207+
208+ regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
209+ regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
210+ return 2;
211+ }
212+ } while (0);
213+
214+ do { /* PaX: unpatched PLT emulation */
215+ unsigned int br;
216+
217+ err = get_user(br, (unsigned int *)regs->pc);
218+
219+ if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
220+ unsigned int br2, ldq, nop, jmp;
221+ unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
222+
223+ addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
224+ err = get_user(br2, (unsigned int *)addr);
225+ err |= get_user(ldq, (unsigned int *)(addr+4));
226+ err |= get_user(nop, (unsigned int *)(addr+8));
227+ err |= get_user(jmp, (unsigned int *)(addr+12));
228+ err |= get_user(resolver, (unsigned long *)(addr+16));
229+
230+ if (err)
231+ break;
232+
233+ if (br2 == 0xC3600000U &&
234+ ldq == 0xA77B000CU &&
235+ nop == 0x47FF041FU &&
236+ jmp == 0x6B7B0000U)
237+ {
238+ regs->r28 = regs->pc+4;
239+ regs->r27 = addr+16;
240+ regs->pc = resolver;
241+ return 3;
242+ }
243+ }
244+ } while (0);
245+#endif
246+
247+ return 1;
248+}
249+
250+void pax_report_insns(void *pc, void *sp)
251+{
252+ unsigned long i;
253+
254+ printk(KERN_ERR "PAX: bytes at PC: ");
255+ for (i = 0; i < 5; i++) {
256+ unsigned int c;
257+ if (get_user(c, (unsigned int *)pc+i))
258+ printk(KERN_CONT "???????? ");
259+ else
260+ printk(KERN_CONT "%08x ", c);
261+ }
262+ printk("\n");
263+}
264+#endif
265
266 /*
267 * This routine handles page faults. It determines the address,
268@@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns
269 good_area:
270 si_code = SEGV_ACCERR;
271 if (cause < 0) {
272- if (!(vma->vm_flags & VM_EXEC))
273+ if (!(vma->vm_flags & VM_EXEC)) {
274+
275+#ifdef CONFIG_PAX_PAGEEXEC
276+ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
277+ goto bad_area;
278+
279+ up_read(&mm->mmap_sem);
280+ switch (pax_handle_fetch_fault(regs)) {
281+
282+#ifdef CONFIG_PAX_EMUPLT
283+ case 2:
284+ case 3:
285+ return;
286+#endif
287+
288+ }
289+ pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
290+ do_group_exit(SIGKILL);
291+#else
292 goto bad_area;
293+#endif
294+
295+ }
296 } else if (!cause) {
297 /* Allow reads even for write-only mappings */
298 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
299diff -urNp linux-2.6.38.2/arch/arm/include/asm/elf.h linux-2.6.38.2/arch/arm/include/asm/elf.h
300--- linux-2.6.38.2/arch/arm/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
301+++ linux-2.6.38.2/arch/arm/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
302@@ -115,7 +115,14 @@ int dump_task_regs(struct task_struct *t
303 the loader. We need to make sure that it is out of the way of the program
304 that it will "exec", and that there is sufficient room for the brk. */
305
306-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
307+#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
308+
309+#ifdef CONFIG_PAX_ASLR
310+#define PAX_ELF_ET_DYN_BASE 0x00008000UL
311+
312+#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
313+#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
314+#endif
315
316 /* When the program starts, a1 contains a pointer to a function to be
317 registered with atexit, as per the SVR4 ABI. A value of 0 means we
318@@ -125,10 +132,6 @@ int dump_task_regs(struct task_struct *t
319 extern void elf_set_personality(const struct elf32_hdr *);
320 #define SET_PERSONALITY(ex) elf_set_personality(&(ex))
321
322-struct mm_struct;
323-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
324-#define arch_randomize_brk arch_randomize_brk
325-
326 extern int vectors_user_mapping(void);
327 #define arch_setup_additional_pages(bprm, uses_interp) vectors_user_mapping()
328 #define ARCH_HAS_SETUP_ADDITIONAL_PAGES
329diff -urNp linux-2.6.38.2/arch/arm/include/asm/kmap_types.h linux-2.6.38.2/arch/arm/include/asm/kmap_types.h
330--- linux-2.6.38.2/arch/arm/include/asm/kmap_types.h 2011-03-14 21:20:32.000000000 -0400
331+++ linux-2.6.38.2/arch/arm/include/asm/kmap_types.h 2011-03-21 18:31:35.000000000 -0400
332@@ -21,6 +21,7 @@ enum km_type {
333 KM_L1_CACHE,
334 KM_L2_CACHE,
335 KM_KDB,
336+ KM_CLEARPAGE,
337 KM_TYPE_NR
338 };
339
340diff -urNp linux-2.6.38.2/arch/arm/include/asm/uaccess.h linux-2.6.38.2/arch/arm/include/asm/uaccess.h
341--- linux-2.6.38.2/arch/arm/include/asm/uaccess.h 2011-03-14 21:20:32.000000000 -0400
342+++ linux-2.6.38.2/arch/arm/include/asm/uaccess.h 2011-03-21 18:31:35.000000000 -0400
343@@ -403,6 +403,9 @@ extern unsigned long __must_check __strn
344
345 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
346 {
347+ if ((long)n < 0)
348+ return n;
349+
350 if (access_ok(VERIFY_READ, from, n))
351 n = __copy_from_user(to, from, n);
352 else /* security hole - plug it */
353@@ -412,6 +415,9 @@ static inline unsigned long __must_check
354
355 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
356 {
357+ if ((long)n < 0)
358+ return n;
359+
360 if (access_ok(VERIFY_WRITE, to, n))
361 n = __copy_to_user(to, from, n);
362 return n;
363diff -urNp linux-2.6.38.2/arch/arm/kernel/kgdb.c linux-2.6.38.2/arch/arm/kernel/kgdb.c
364--- linux-2.6.38.2/arch/arm/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
365+++ linux-2.6.38.2/arch/arm/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
366@@ -246,7 +246,7 @@ void kgdb_arch_exit(void)
367 * and we handle the normal undef case within the do_undefinstr
368 * handler.
369 */
370-struct kgdb_arch arch_kgdb_ops = {
371+const struct kgdb_arch arch_kgdb_ops = {
372 #ifndef __ARMEB__
373 .gdb_bpt_instr = {0xfe, 0xde, 0xff, 0xe7}
374 #else /* ! __ARMEB__ */
375diff -urNp linux-2.6.38.2/arch/arm/kernel/process.c linux-2.6.38.2/arch/arm/kernel/process.c
376--- linux-2.6.38.2/arch/arm/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
377+++ linux-2.6.38.2/arch/arm/kernel/process.c 2011-03-21 18:31:35.000000000 -0400
378@@ -28,7 +28,6 @@
379 #include <linux/tick.h>
380 #include <linux/utsname.h>
381 #include <linux/uaccess.h>
382-#include <linux/random.h>
383 #include <linux/hw_breakpoint.h>
384
385 #include <asm/cacheflush.h>
386@@ -477,12 +476,6 @@ unsigned long get_wchan(struct task_stru
387 return 0;
388 }
389
390-unsigned long arch_randomize_brk(struct mm_struct *mm)
391-{
392- unsigned long range_end = mm->brk + 0x02000000;
393- return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
394-}
395-
396 #ifdef CONFIG_MMU
397 /*
398 * The vectors page is always readable from user space for the
399diff -urNp linux-2.6.38.2/arch/arm/mach-msm/last_radio_log.c linux-2.6.38.2/arch/arm/mach-msm/last_radio_log.c
400--- linux-2.6.38.2/arch/arm/mach-msm/last_radio_log.c 2011-03-14 21:20:32.000000000 -0400
401+++ linux-2.6.38.2/arch/arm/mach-msm/last_radio_log.c 2011-03-21 18:31:35.000000000 -0400
402@@ -47,7 +47,7 @@ static ssize_t last_radio_log_read(struc
403 return count;
404 }
405
406-static struct file_operations last_radio_log_fops = {
407+static struct file_operations last_radio_log_fops = { /* cannot be const, see msm_init_last_radio_log */
408 .read = last_radio_log_read,
409 .llseek = default_llseek,
410 };
411diff -urNp linux-2.6.38.2/arch/arm/mach-ux500/mbox-db5500.c linux-2.6.38.2/arch/arm/mach-ux500/mbox-db5500.c
412--- linux-2.6.38.2/arch/arm/mach-ux500/mbox-db5500.c 2011-03-14 21:20:32.000000000 -0400
413+++ linux-2.6.38.2/arch/arm/mach-ux500/mbox-db5500.c 2011-03-21 18:31:35.000000000 -0400
414@@ -168,7 +168,7 @@ static ssize_t mbox_read_fifo(struct dev
415 return sprintf(buf, "0x%X\n", mbox_value);
416 }
417
418-static DEVICE_ATTR(fifo, S_IWUGO | S_IRUGO, mbox_read_fifo, mbox_write_fifo);
419+static DEVICE_ATTR(fifo, S_IWUSR | S_IRUGO, mbox_read_fifo, mbox_write_fifo);
420
421 static int mbox_show(struct seq_file *s, void *data)
422 {
423diff -urNp linux-2.6.38.2/arch/arm/mm/fault.c linux-2.6.38.2/arch/arm/mm/fault.c
424--- linux-2.6.38.2/arch/arm/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
425+++ linux-2.6.38.2/arch/arm/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
426@@ -167,6 +167,13 @@ __do_user_fault(struct task_struct *tsk,
427 }
428 #endif
429
430+#ifdef CONFIG_PAX_PAGEEXEC
431+ if (fsr & FSR_LNX_PF) {
432+ pax_report_fault(regs, (void *)regs->ARM_pc, (void *)regs->ARM_sp);
433+ do_group_exit(SIGKILL);
434+ }
435+#endif
436+
437 tsk->thread.address = addr;
438 tsk->thread.error_code = fsr;
439 tsk->thread.trap_no = 14;
440@@ -364,6 +371,33 @@ do_page_fault(unsigned long addr, unsign
441 }
442 #endif /* CONFIG_MMU */
443
444+#ifdef CONFIG_PAX_PAGEEXEC
445+void pax_report_insns(void *pc, void *sp)
446+{
447+ long i;
448+
449+ printk(KERN_ERR "PAX: bytes at PC: ");
450+ for (i = 0; i < 20; i++) {
451+ unsigned char c;
452+ if (get_user(c, (__force unsigned char __user *)pc+i))
453+ printk(KERN_CONT "?? ");
454+ else
455+ printk(KERN_CONT "%02x ", c);
456+ }
457+ printk("\n");
458+
459+ printk(KERN_ERR "PAX: bytes at SP-4: ");
460+ for (i = -1; i < 20; i++) {
461+ unsigned long c;
462+ if (get_user(c, (__force unsigned long __user *)sp+i))
463+ printk(KERN_CONT "???????? ");
464+ else
465+ printk(KERN_CONT "%08lx ", c);
466+ }
467+ printk("\n");
468+}
469+#endif
470+
471 /*
472 * First Level Translation Fault Handler
473 *
474diff -urNp linux-2.6.38.2/arch/arm/mm/mmap.c linux-2.6.38.2/arch/arm/mm/mmap.c
475--- linux-2.6.38.2/arch/arm/mm/mmap.c 2011-03-14 21:20:32.000000000 -0400
476+++ linux-2.6.38.2/arch/arm/mm/mmap.c 2011-03-21 18:31:35.000000000 -0400
477@@ -64,6 +64,10 @@ arch_get_unmapped_area(struct file *filp
478 if (len > TASK_SIZE)
479 return -ENOMEM;
480
481+#ifdef CONFIG_PAX_RANDMMAP
482+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
483+#endif
484+
485 if (addr) {
486 if (do_align)
487 addr = COLOUR_ALIGN(addr, pgoff);
488@@ -71,15 +75,14 @@ arch_get_unmapped_area(struct file *filp
489 addr = PAGE_ALIGN(addr);
490
491 vma = find_vma(mm, addr);
492- if (TASK_SIZE - len >= addr &&
493- (!vma || addr + len <= vma->vm_start))
494+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
495 return addr;
496 }
497 if (len > mm->cached_hole_size) {
498- start_addr = addr = mm->free_area_cache;
499+ start_addr = addr = mm->free_area_cache;
500 } else {
501- start_addr = addr = TASK_UNMAPPED_BASE;
502- mm->cached_hole_size = 0;
503+ start_addr = addr = mm->mmap_base;
504+ mm->cached_hole_size = 0;
505 }
506 /* 8 bits of randomness in 20 address space bits */
507 if (current->flags & PF_RANDOMIZE)
508@@ -98,14 +101,14 @@ full_search:
509 * Start a new search - just in case we missed
510 * some holes.
511 */
512- if (start_addr != TASK_UNMAPPED_BASE) {
513- start_addr = addr = TASK_UNMAPPED_BASE;
514+ if (start_addr != mm->mmap_base) {
515+ start_addr = addr = mm->mmap_base;
516 mm->cached_hole_size = 0;
517 goto full_search;
518 }
519 return -ENOMEM;
520 }
521- if (!vma || addr + len <= vma->vm_start) {
522+ if (check_heap_stack_gap(vma, addr, len)) {
523 /*
524 * Remember the place where we stopped the search:
525 */
526diff -urNp linux-2.6.38.2/arch/avr32/include/asm/elf.h linux-2.6.38.2/arch/avr32/include/asm/elf.h
527--- linux-2.6.38.2/arch/avr32/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
528+++ linux-2.6.38.2/arch/avr32/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
529@@ -84,8 +84,14 @@ typedef struct user_fpu_struct elf_fpreg
530 the loader. We need to make sure that it is out of the way of the program
531 that it will "exec", and that there is sufficient room for the brk. */
532
533-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
534+#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
535
536+#ifdef CONFIG_PAX_ASLR
537+#define PAX_ELF_ET_DYN_BASE 0x00001000UL
538+
539+#define PAX_DELTA_MMAP_LEN 15
540+#define PAX_DELTA_STACK_LEN 15
541+#endif
542
543 /* This yields a mask that user programs can use to figure out what
544 instruction set this CPU supports. This could be done in user space,
545diff -urNp linux-2.6.38.2/arch/avr32/include/asm/kmap_types.h linux-2.6.38.2/arch/avr32/include/asm/kmap_types.h
546--- linux-2.6.38.2/arch/avr32/include/asm/kmap_types.h 2011-03-14 21:20:32.000000000 -0400
547+++ linux-2.6.38.2/arch/avr32/include/asm/kmap_types.h 2011-03-21 18:31:35.000000000 -0400
548@@ -22,7 +22,8 @@ D(10) KM_IRQ0,
549 D(11) KM_IRQ1,
550 D(12) KM_SOFTIRQ0,
551 D(13) KM_SOFTIRQ1,
552-D(14) KM_TYPE_NR
553+D(14) KM_CLEARPAGE,
554+D(15) KM_TYPE_NR
555 };
556
557 #undef D
558diff -urNp linux-2.6.38.2/arch/avr32/mm/fault.c linux-2.6.38.2/arch/avr32/mm/fault.c
559--- linux-2.6.38.2/arch/avr32/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
560+++ linux-2.6.38.2/arch/avr32/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
561@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
562
563 int exception_trace = 1;
564
565+#ifdef CONFIG_PAX_PAGEEXEC
566+void pax_report_insns(void *pc, void *sp)
567+{
568+ unsigned long i;
569+
570+ printk(KERN_ERR "PAX: bytes at PC: ");
571+ for (i = 0; i < 20; i++) {
572+ unsigned char c;
573+ if (get_user(c, (unsigned char *)pc+i))
574+ printk(KERN_CONT "???????? ");
575+ else
576+ printk(KERN_CONT "%02x ", c);
577+ }
578+ printk("\n");
579+}
580+#endif
581+
582 /*
583 * This routine handles page faults. It determines the address and the
584 * problem, and then passes it off to one of the appropriate routines.
585@@ -156,6 +173,16 @@ bad_area:
586 up_read(&mm->mmap_sem);
587
588 if (user_mode(regs)) {
589+
590+#ifdef CONFIG_PAX_PAGEEXEC
591+ if (mm->pax_flags & MF_PAX_PAGEEXEC) {
592+ if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
593+ pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
594+ do_group_exit(SIGKILL);
595+ }
596+ }
597+#endif
598+
599 if (exception_trace && printk_ratelimit())
600 printk("%s%s[%d]: segfault at %08lx pc %08lx "
601 "sp %08lx ecr %lu\n",
602diff -urNp linux-2.6.38.2/arch/blackfin/kernel/kgdb.c linux-2.6.38.2/arch/blackfin/kernel/kgdb.c
603--- linux-2.6.38.2/arch/blackfin/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
604+++ linux-2.6.38.2/arch/blackfin/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
605@@ -420,7 +420,7 @@ int kgdb_arch_handle_exception(int vecto
606 return -1; /* this means that we do not want to exit from the handler */
607 }
608
609-struct kgdb_arch arch_kgdb_ops = {
610+const struct kgdb_arch arch_kgdb_ops = {
611 .gdb_bpt_instr = {0xa1},
612 #ifdef CONFIG_SMP
613 .flags = KGDB_HW_BREAKPOINT|KGDB_THR_PROC_SWAP,
614diff -urNp linux-2.6.38.2/arch/blackfin/mm/maccess.c linux-2.6.38.2/arch/blackfin/mm/maccess.c
615--- linux-2.6.38.2/arch/blackfin/mm/maccess.c 2011-03-14 21:20:32.000000000 -0400
616+++ linux-2.6.38.2/arch/blackfin/mm/maccess.c 2011-03-21 18:31:35.000000000 -0400
617@@ -16,7 +16,7 @@ static int validate_memory_access_addres
618 return bfin_mem_access_type(addr, size);
619 }
620
621-long probe_kernel_read(void *dst, void *src, size_t size)
622+long probe_kernel_read(void *dst, const void *src, size_t size)
623 {
624 unsigned long lsrc = (unsigned long)src;
625 int mem_type;
626@@ -55,7 +55,7 @@ long probe_kernel_read(void *dst, void *
627 return -EFAULT;
628 }
629
630-long probe_kernel_write(void *dst, void *src, size_t size)
631+long probe_kernel_write(void *dst, const void *src, size_t size)
632 {
633 unsigned long ldst = (unsigned long)dst;
634 int mem_type;
635diff -urNp linux-2.6.38.2/arch/frv/include/asm/kmap_types.h linux-2.6.38.2/arch/frv/include/asm/kmap_types.h
636--- linux-2.6.38.2/arch/frv/include/asm/kmap_types.h 2011-03-14 21:20:32.000000000 -0400
637+++ linux-2.6.38.2/arch/frv/include/asm/kmap_types.h 2011-03-21 18:31:35.000000000 -0400
638@@ -23,6 +23,7 @@ enum km_type {
639 KM_IRQ1,
640 KM_SOFTIRQ0,
641 KM_SOFTIRQ1,
642+ KM_CLEARPAGE,
643 KM_TYPE_NR
644 };
645
646diff -urNp linux-2.6.38.2/arch/frv/mm/elf-fdpic.c linux-2.6.38.2/arch/frv/mm/elf-fdpic.c
647--- linux-2.6.38.2/arch/frv/mm/elf-fdpic.c 2011-03-14 21:20:32.000000000 -0400
648+++ linux-2.6.38.2/arch/frv/mm/elf-fdpic.c 2011-03-21 18:31:35.000000000 -0400
649@@ -73,8 +73,7 @@ unsigned long arch_get_unmapped_area(str
650 if (addr) {
651 addr = PAGE_ALIGN(addr);
652 vma = find_vma(current->mm, addr);
653- if (TASK_SIZE - len >= addr &&
654- (!vma || addr + len <= vma->vm_start))
655+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
656 goto success;
657 }
658
659@@ -89,7 +88,7 @@ unsigned long arch_get_unmapped_area(str
660 for (; vma; vma = vma->vm_next) {
661 if (addr > limit)
662 break;
663- if (addr + len <= vma->vm_start)
664+ if (check_heap_stack_gap(vma, addr, len))
665 goto success;
666 addr = vma->vm_end;
667 }
668@@ -104,7 +103,7 @@ unsigned long arch_get_unmapped_area(str
669 for (; vma; vma = vma->vm_next) {
670 if (addr > limit)
671 break;
672- if (addr + len <= vma->vm_start)
673+ if (check_heap_stack_gap(vma, addr, len))
674 goto success;
675 addr = vma->vm_end;
676 }
677diff -urNp linux-2.6.38.2/arch/ia64/hp/common/hwsw_iommu.c linux-2.6.38.2/arch/ia64/hp/common/hwsw_iommu.c
678--- linux-2.6.38.2/arch/ia64/hp/common/hwsw_iommu.c 2011-03-14 21:20:32.000000000 -0400
679+++ linux-2.6.38.2/arch/ia64/hp/common/hwsw_iommu.c 2011-03-21 18:31:35.000000000 -0400
680@@ -17,7 +17,7 @@
681 #include <linux/swiotlb.h>
682 #include <asm/machvec.h>
683
684-extern struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
685+extern const struct dma_map_ops sba_dma_ops, swiotlb_dma_ops;
686
687 /* swiotlb declarations & definitions: */
688 extern int swiotlb_late_init_with_default_size (size_t size);
689@@ -33,7 +33,7 @@ static inline int use_swiotlb(struct dev
690 !sba_dma_ops.dma_supported(dev, *dev->dma_mask);
691 }
692
693-struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
694+const struct dma_map_ops *hwsw_dma_get_ops(struct device *dev)
695 {
696 if (use_swiotlb(dev))
697 return &swiotlb_dma_ops;
698diff -urNp linux-2.6.38.2/arch/ia64/hp/common/sba_iommu.c linux-2.6.38.2/arch/ia64/hp/common/sba_iommu.c
699--- linux-2.6.38.2/arch/ia64/hp/common/sba_iommu.c 2011-03-14 21:20:32.000000000 -0400
700+++ linux-2.6.38.2/arch/ia64/hp/common/sba_iommu.c 2011-03-21 18:31:35.000000000 -0400
701@@ -2097,7 +2097,7 @@ static struct acpi_driver acpi_sba_ioc_d
702 },
703 };
704
705-extern struct dma_map_ops swiotlb_dma_ops;
706+extern const struct dma_map_ops swiotlb_dma_ops;
707
708 static int __init
709 sba_init(void)
710@@ -2211,7 +2211,7 @@ sba_page_override(char *str)
711
712 __setup("sbapagesize=",sba_page_override);
713
714-struct dma_map_ops sba_dma_ops = {
715+const struct dma_map_ops sba_dma_ops = {
716 .alloc_coherent = sba_alloc_coherent,
717 .free_coherent = sba_free_coherent,
718 .map_page = sba_map_page,
719diff -urNp linux-2.6.38.2/arch/ia64/include/asm/dma-mapping.h linux-2.6.38.2/arch/ia64/include/asm/dma-mapping.h
720--- linux-2.6.38.2/arch/ia64/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
721+++ linux-2.6.38.2/arch/ia64/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
722@@ -12,7 +12,7 @@
723
724 #define ARCH_HAS_DMA_GET_REQUIRED_MASK
725
726-extern struct dma_map_ops *dma_ops;
727+extern const struct dma_map_ops *dma_ops;
728 extern struct ia64_machine_vector ia64_mv;
729 extern void set_iommu_machvec(void);
730
731@@ -24,7 +24,7 @@ extern void machvec_dma_sync_sg(struct d
732 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
733 dma_addr_t *daddr, gfp_t gfp)
734 {
735- struct dma_map_ops *ops = platform_dma_get_ops(dev);
736+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
737 void *caddr;
738
739 caddr = ops->alloc_coherent(dev, size, daddr, gfp);
740@@ -35,7 +35,7 @@ static inline void *dma_alloc_coherent(s
741 static inline void dma_free_coherent(struct device *dev, size_t size,
742 void *caddr, dma_addr_t daddr)
743 {
744- struct dma_map_ops *ops = platform_dma_get_ops(dev);
745+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
746 debug_dma_free_coherent(dev, size, caddr, daddr);
747 ops->free_coherent(dev, size, caddr, daddr);
748 }
749@@ -49,13 +49,13 @@ static inline void dma_free_coherent(str
750
751 static inline int dma_mapping_error(struct device *dev, dma_addr_t daddr)
752 {
753- struct dma_map_ops *ops = platform_dma_get_ops(dev);
754+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
755 return ops->mapping_error(dev, daddr);
756 }
757
758 static inline int dma_supported(struct device *dev, u64 mask)
759 {
760- struct dma_map_ops *ops = platform_dma_get_ops(dev);
761+ const struct dma_map_ops *ops = platform_dma_get_ops(dev);
762 return ops->dma_supported(dev, mask);
763 }
764
765diff -urNp linux-2.6.38.2/arch/ia64/include/asm/elf.h linux-2.6.38.2/arch/ia64/include/asm/elf.h
766--- linux-2.6.38.2/arch/ia64/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
767+++ linux-2.6.38.2/arch/ia64/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
768@@ -42,6 +42,13 @@
769 */
770 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
771
772+#ifdef CONFIG_PAX_ASLR
773+#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
774+
775+#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
776+#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
777+#endif
778+
779 #define PT_IA_64_UNWIND 0x70000001
780
781 /* IA-64 relocations: */
782diff -urNp linux-2.6.38.2/arch/ia64/include/asm/machvec.h linux-2.6.38.2/arch/ia64/include/asm/machvec.h
783--- linux-2.6.38.2/arch/ia64/include/asm/machvec.h 2011-03-14 21:20:32.000000000 -0400
784+++ linux-2.6.38.2/arch/ia64/include/asm/machvec.h 2011-03-21 18:31:35.000000000 -0400
785@@ -45,7 +45,7 @@ typedef void ia64_mv_kernel_launch_event
786 /* DMA-mapping interface: */
787 typedef void ia64_mv_dma_init (void);
788 typedef u64 ia64_mv_dma_get_required_mask (struct device *);
789-typedef struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
790+typedef const struct dma_map_ops *ia64_mv_dma_get_ops(struct device *);
791
792 /*
793 * WARNING: The legacy I/O space is _architected_. Platforms are
794@@ -251,7 +251,7 @@ extern void machvec_init_from_cmdline(co
795 # endif /* CONFIG_IA64_GENERIC */
796
797 extern void swiotlb_dma_init(void);
798-extern struct dma_map_ops *dma_get_ops(struct device *);
799+extern const struct dma_map_ops *dma_get_ops(struct device *);
800
801 /*
802 * Define default versions so we can extend machvec for new platforms without having
803diff -urNp linux-2.6.38.2/arch/ia64/include/asm/pgtable.h linux-2.6.38.2/arch/ia64/include/asm/pgtable.h
804--- linux-2.6.38.2/arch/ia64/include/asm/pgtable.h 2011-03-14 21:20:32.000000000 -0400
805+++ linux-2.6.38.2/arch/ia64/include/asm/pgtable.h 2011-03-21 18:31:35.000000000 -0400
806@@ -12,7 +12,7 @@
807 * David Mosberger-Tang <davidm@hpl.hp.com>
808 */
809
810-
811+#include <linux/const.h>
812 #include <asm/mman.h>
813 #include <asm/page.h>
814 #include <asm/processor.h>
815@@ -143,6 +143,17 @@
816 #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
817 #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
818 #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
819+
820+#ifdef CONFIG_PAX_PAGEEXEC
821+# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
822+# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
823+# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
824+#else
825+# define PAGE_SHARED_NOEXEC PAGE_SHARED
826+# define PAGE_READONLY_NOEXEC PAGE_READONLY
827+# define PAGE_COPY_NOEXEC PAGE_COPY
828+#endif
829+
830 #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
831 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
832 #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
833diff -urNp linux-2.6.38.2/arch/ia64/include/asm/spinlock.h linux-2.6.38.2/arch/ia64/include/asm/spinlock.h
834--- linux-2.6.38.2/arch/ia64/include/asm/spinlock.h 2011-03-14 21:20:32.000000000 -0400
835+++ linux-2.6.38.2/arch/ia64/include/asm/spinlock.h 2011-03-21 18:31:35.000000000 -0400
836@@ -72,7 +72,7 @@ static __always_inline void __ticket_spi
837 unsigned short *p = (unsigned short *)&lock->lock + 1, tmp;
838
839 asm volatile ("ld2.bias %0=[%1]" : "=r"(tmp) : "r"(p));
840- ACCESS_ONCE(*p) = (tmp + 2) & ~1;
841+ ACCESS_ONCE_RW(*p) = (tmp + 2) & ~1;
842 }
843
844 static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
845diff -urNp linux-2.6.38.2/arch/ia64/include/asm/uaccess.h linux-2.6.38.2/arch/ia64/include/asm/uaccess.h
846--- linux-2.6.38.2/arch/ia64/include/asm/uaccess.h 2011-03-14 21:20:32.000000000 -0400
847+++ linux-2.6.38.2/arch/ia64/include/asm/uaccess.h 2011-03-21 18:31:35.000000000 -0400
848@@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
849 const void *__cu_from = (from); \
850 long __cu_len = (n); \
851 \
852- if (__access_ok(__cu_to, __cu_len, get_fs())) \
853+ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) \
854 __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
855 __cu_len; \
856 })
857@@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
858 long __cu_len = (n); \
859 \
860 __chk_user_ptr(__cu_from); \
861- if (__access_ok(__cu_from, __cu_len, get_fs())) \
862+ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) \
863 __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \
864 __cu_len; \
865 })
866diff -urNp linux-2.6.38.2/arch/ia64/kernel/dma-mapping.c linux-2.6.38.2/arch/ia64/kernel/dma-mapping.c
867--- linux-2.6.38.2/arch/ia64/kernel/dma-mapping.c 2011-03-14 21:20:32.000000000 -0400
868+++ linux-2.6.38.2/arch/ia64/kernel/dma-mapping.c 2011-03-21 18:31:35.000000000 -0400
869@@ -3,7 +3,7 @@
870 /* Set this to 1 if there is a HW IOMMU in the system */
871 int iommu_detected __read_mostly;
872
873-struct dma_map_ops *dma_ops;
874+const struct dma_map_ops *dma_ops;
875 EXPORT_SYMBOL(dma_ops);
876
877 #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16)
878@@ -16,7 +16,7 @@ static int __init dma_init(void)
879 }
880 fs_initcall(dma_init);
881
882-struct dma_map_ops *dma_get_ops(struct device *dev)
883+const struct dma_map_ops *dma_get_ops(struct device *dev)
884 {
885 return dma_ops;
886 }
887diff -urNp linux-2.6.38.2/arch/ia64/kernel/module.c linux-2.6.38.2/arch/ia64/kernel/module.c
888--- linux-2.6.38.2/arch/ia64/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
889+++ linux-2.6.38.2/arch/ia64/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
890@@ -315,8 +315,7 @@ module_alloc (unsigned long size)
891 void
892 module_free (struct module *mod, void *module_region)
893 {
894- if (mod && mod->arch.init_unw_table &&
895- module_region == mod->module_init) {
896+ if (mod && mod->arch.init_unw_table && module_region == mod->module_init_rx) {
897 unw_remove_unwind_table(mod->arch.init_unw_table);
898 mod->arch.init_unw_table = NULL;
899 }
900@@ -502,15 +501,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
901 }
902
903 static inline int
904+in_init_rx (const struct module *mod, uint64_t addr)
905+{
906+ return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
907+}
908+
909+static inline int
910+in_init_rw (const struct module *mod, uint64_t addr)
911+{
912+ return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
913+}
914+
915+static inline int
916 in_init (const struct module *mod, uint64_t addr)
917 {
918- return addr - (uint64_t) mod->module_init < mod->init_size;
919+ return in_init_rx(mod, addr) || in_init_rw(mod, addr);
920+}
921+
922+static inline int
923+in_core_rx (const struct module *mod, uint64_t addr)
924+{
925+ return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
926+}
927+
928+static inline int
929+in_core_rw (const struct module *mod, uint64_t addr)
930+{
931+ return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
932 }
933
934 static inline int
935 in_core (const struct module *mod, uint64_t addr)
936 {
937- return addr - (uint64_t) mod->module_core < mod->core_size;
938+ return in_core_rx(mod, addr) || in_core_rw(mod, addr);
939 }
940
941 static inline int
942@@ -693,7 +716,14 @@ do_reloc (struct module *mod, uint8_t r_
943 break;
944
945 case RV_BDREL:
946- val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
947+ if (in_init_rx(mod, val))
948+ val -= (uint64_t) mod->module_init_rx;
949+ else if (in_init_rw(mod, val))
950+ val -= (uint64_t) mod->module_init_rw;
951+ else if (in_core_rx(mod, val))
952+ val -= (uint64_t) mod->module_core_rx;
953+ else if (in_core_rw(mod, val))
954+ val -= (uint64_t) mod->module_core_rw;
955 break;
956
957 case RV_LTV:
958@@ -828,15 +858,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
959 * addresses have been selected...
960 */
961 uint64_t gp;
962- if (mod->core_size > MAX_LTOFF)
963+ if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
964 /*
965 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
966 * at the end of the module.
967 */
968- gp = mod->core_size - MAX_LTOFF / 2;
969+ gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
970 else
971- gp = mod->core_size / 2;
972- gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
973+ gp = (mod->core_size_rx + mod->core_size_rw) / 2;
974+ gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
975 mod->arch.gp = gp;
976 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
977 }
978diff -urNp linux-2.6.38.2/arch/ia64/kernel/pci-dma.c linux-2.6.38.2/arch/ia64/kernel/pci-dma.c
979--- linux-2.6.38.2/arch/ia64/kernel/pci-dma.c 2011-03-14 21:20:32.000000000 -0400
980+++ linux-2.6.38.2/arch/ia64/kernel/pci-dma.c 2011-03-21 18:31:35.000000000 -0400
981@@ -43,7 +43,7 @@ struct device fallback_dev = {
982 .dma_mask = &fallback_dev.coherent_dma_mask,
983 };
984
985-extern struct dma_map_ops intel_dma_ops;
986+extern const struct dma_map_ops intel_dma_ops;
987
988 static int __init pci_iommu_init(void)
989 {
990diff -urNp linux-2.6.38.2/arch/ia64/kernel/pci-swiotlb.c linux-2.6.38.2/arch/ia64/kernel/pci-swiotlb.c
991--- linux-2.6.38.2/arch/ia64/kernel/pci-swiotlb.c 2011-03-14 21:20:32.000000000 -0400
992+++ linux-2.6.38.2/arch/ia64/kernel/pci-swiotlb.c 2011-03-21 18:31:35.000000000 -0400
993@@ -22,7 +22,7 @@ static void *ia64_swiotlb_alloc_coherent
994 return swiotlb_alloc_coherent(dev, size, dma_handle, gfp);
995 }
996
997-struct dma_map_ops swiotlb_dma_ops = {
998+const struct dma_map_ops swiotlb_dma_ops = {
999 .alloc_coherent = ia64_swiotlb_alloc_coherent,
1000 .free_coherent = swiotlb_free_coherent,
1001 .map_page = swiotlb_map_page,
1002diff -urNp linux-2.6.38.2/arch/ia64/kernel/sys_ia64.c linux-2.6.38.2/arch/ia64/kernel/sys_ia64.c
1003--- linux-2.6.38.2/arch/ia64/kernel/sys_ia64.c 2011-03-14 21:20:32.000000000 -0400
1004+++ linux-2.6.38.2/arch/ia64/kernel/sys_ia64.c 2011-03-21 18:31:35.000000000 -0400
1005@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
1006 if (REGION_NUMBER(addr) == RGN_HPAGE)
1007 addr = 0;
1008 #endif
1009+
1010+#ifdef CONFIG_PAX_RANDMMAP
1011+ if (mm->pax_flags & MF_PAX_RANDMMAP)
1012+ addr = mm->free_area_cache;
1013+ else
1014+#endif
1015+
1016 if (!addr)
1017 addr = mm->free_area_cache;
1018
1019@@ -61,14 +68,14 @@ arch_get_unmapped_area (struct file *fil
1020 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
1021 /* At this point: (!vma || addr < vma->vm_end). */
1022 if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
1023- if (start_addr != TASK_UNMAPPED_BASE) {
1024+ if (start_addr != mm->mmap_base) {
1025 /* Start a new search --- just in case we missed some holes. */
1026- addr = TASK_UNMAPPED_BASE;
1027+ addr = mm->mmap_base;
1028 goto full_search;
1029 }
1030 return -ENOMEM;
1031 }
1032- if (!vma || addr + len <= vma->vm_start) {
1033+ if (check_heap_stack_gap(vma, addr, len)) {
1034 /* Remember the address where we stopped this search: */
1035 mm->free_area_cache = addr + len;
1036 return addr;
1037diff -urNp linux-2.6.38.2/arch/ia64/kernel/vmlinux.lds.S linux-2.6.38.2/arch/ia64/kernel/vmlinux.lds.S
1038--- linux-2.6.38.2/arch/ia64/kernel/vmlinux.lds.S 2011-03-14 21:20:32.000000000 -0400
1039+++ linux-2.6.38.2/arch/ia64/kernel/vmlinux.lds.S 2011-03-21 18:31:35.000000000 -0400
1040@@ -199,7 +199,7 @@ SECTIONS {
1041 /* Per-cpu data: */
1042 . = ALIGN(PERCPU_PAGE_SIZE);
1043 PERCPU_VADDR(PERCPU_ADDR, :percpu)
1044- __phys_per_cpu_start = __per_cpu_load;
1045+ __phys_per_cpu_start = per_cpu_load;
1046 /*
1047 * ensure percpu data fits
1048 * into percpu page size
1049diff -urNp linux-2.6.38.2/arch/ia64/mm/fault.c linux-2.6.38.2/arch/ia64/mm/fault.c
1050--- linux-2.6.38.2/arch/ia64/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
1051+++ linux-2.6.38.2/arch/ia64/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
1052@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned
1053 return pte_present(pte);
1054 }
1055
1056+#ifdef CONFIG_PAX_PAGEEXEC
1057+void pax_report_insns(void *pc, void *sp)
1058+{
1059+ unsigned long i;
1060+
1061+ printk(KERN_ERR "PAX: bytes at PC: ");
1062+ for (i = 0; i < 8; i++) {
1063+ unsigned int c;
1064+ if (get_user(c, (unsigned int *)pc+i))
1065+ printk(KERN_CONT "???????? ");
1066+ else
1067+ printk(KERN_CONT "%08x ", c);
1068+ }
1069+ printk("\n");
1070+}
1071+#endif
1072+
1073 void __kprobes
1074 ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
1075 {
1076@@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long addres
1077 mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
1078 | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
1079
1080- if ((vma->vm_flags & mask) != mask)
1081+ if ((vma->vm_flags & mask) != mask) {
1082+
1083+#ifdef CONFIG_PAX_PAGEEXEC
1084+ if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
1085+ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
1086+ goto bad_area;
1087+
1088+ up_read(&mm->mmap_sem);
1089+ pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
1090+ do_group_exit(SIGKILL);
1091+ }
1092+#endif
1093+
1094 goto bad_area;
1095
1096+ }
1097+
1098 /*
1099 * If for any reason at all we couldn't handle the fault, make
1100 * sure we exit gracefully rather than endlessly redo the
1101diff -urNp linux-2.6.38.2/arch/ia64/mm/hugetlbpage.c linux-2.6.38.2/arch/ia64/mm/hugetlbpage.c
1102--- linux-2.6.38.2/arch/ia64/mm/hugetlbpage.c 2011-03-14 21:20:32.000000000 -0400
1103+++ linux-2.6.38.2/arch/ia64/mm/hugetlbpage.c 2011-03-21 18:31:35.000000000 -0400
1104@@ -171,7 +171,7 @@ unsigned long hugetlb_get_unmapped_area(
1105 /* At this point: (!vmm || addr < vmm->vm_end). */
1106 if (REGION_OFFSET(addr) + len > RGN_MAP_LIMIT)
1107 return -ENOMEM;
1108- if (!vmm || (addr + len) <= vmm->vm_start)
1109+ if (check_heap_stack_gap(vmm, addr, len))
1110 return addr;
1111 addr = ALIGN(vmm->vm_end, HPAGE_SIZE);
1112 }
1113diff -urNp linux-2.6.38.2/arch/ia64/mm/init.c linux-2.6.38.2/arch/ia64/mm/init.c
1114--- linux-2.6.38.2/arch/ia64/mm/init.c 2011-03-14 21:20:32.000000000 -0400
1115+++ linux-2.6.38.2/arch/ia64/mm/init.c 2011-03-21 18:31:35.000000000 -0400
1116@@ -122,6 +122,19 @@ ia64_init_addr_space (void)
1117 vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
1118 vma->vm_end = vma->vm_start + PAGE_SIZE;
1119 vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
1120+
1121+#ifdef CONFIG_PAX_PAGEEXEC
1122+ if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
1123+ vma->vm_flags &= ~VM_EXEC;
1124+
1125+#ifdef CONFIG_PAX_MPROTECT
1126+ if (current->mm->pax_flags & MF_PAX_MPROTECT)
1127+ vma->vm_flags &= ~VM_MAYEXEC;
1128+#endif
1129+
1130+ }
1131+#endif
1132+
1133 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1134 down_write(&current->mm->mmap_sem);
1135 if (insert_vm_struct(current->mm, vma)) {
1136diff -urNp linux-2.6.38.2/arch/ia64/sn/pci/pci_dma.c linux-2.6.38.2/arch/ia64/sn/pci/pci_dma.c
1137--- linux-2.6.38.2/arch/ia64/sn/pci/pci_dma.c 2011-03-14 21:20:32.000000000 -0400
1138+++ linux-2.6.38.2/arch/ia64/sn/pci/pci_dma.c 2011-03-21 18:31:35.000000000 -0400
1139@@ -465,7 +465,7 @@ int sn_pci_legacy_write(struct pci_bus *
1140 return ret;
1141 }
1142
1143-static struct dma_map_ops sn_dma_ops = {
1144+static const struct dma_map_ops sn_dma_ops = {
1145 .alloc_coherent = sn_dma_alloc_coherent,
1146 .free_coherent = sn_dma_free_coherent,
1147 .map_page = sn_dma_map_page,
1148diff -urNp linux-2.6.38.2/arch/m32r/lib/usercopy.c linux-2.6.38.2/arch/m32r/lib/usercopy.c
1149--- linux-2.6.38.2/arch/m32r/lib/usercopy.c 2011-03-14 21:20:32.000000000 -0400
1150+++ linux-2.6.38.2/arch/m32r/lib/usercopy.c 2011-03-21 18:31:35.000000000 -0400
1151@@ -14,6 +14,9 @@
1152 unsigned long
1153 __generic_copy_to_user(void __user *to, const void *from, unsigned long n)
1154 {
1155+ if ((long)n < 0)
1156+ return n;
1157+
1158 prefetch(from);
1159 if (access_ok(VERIFY_WRITE, to, n))
1160 __copy_user(to,from,n);
1161@@ -23,6 +26,9 @@ __generic_copy_to_user(void __user *to,
1162 unsigned long
1163 __generic_copy_from_user(void *to, const void __user *from, unsigned long n)
1164 {
1165+ if ((long)n < 0)
1166+ return n;
1167+
1168 prefetchw(to);
1169 if (access_ok(VERIFY_READ, from, n))
1170 __copy_user_zeroing(to,from,n);
1171diff -urNp linux-2.6.38.2/arch/microblaze/include/asm/device.h linux-2.6.38.2/arch/microblaze/include/asm/device.h
1172--- linux-2.6.38.2/arch/microblaze/include/asm/device.h 2011-03-14 21:20:32.000000000 -0400
1173+++ linux-2.6.38.2/arch/microblaze/include/asm/device.h 2011-03-21 18:31:35.000000000 -0400
1174@@ -13,7 +13,7 @@ struct device_node;
1175
1176 struct dev_archdata {
1177 /* DMA operations on that device */
1178- struct dma_map_ops *dma_ops;
1179+ const struct dma_map_ops *dma_ops;
1180 void *dma_data;
1181 };
1182
1183diff -urNp linux-2.6.38.2/arch/microblaze/include/asm/dma-mapping.h linux-2.6.38.2/arch/microblaze/include/asm/dma-mapping.h
1184--- linux-2.6.38.2/arch/microblaze/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
1185+++ linux-2.6.38.2/arch/microblaze/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
1186@@ -43,14 +43,14 @@ static inline unsigned long device_to_ma
1187 return 0xfffffffful;
1188 }
1189
1190-extern struct dma_map_ops *dma_ops;
1191+extern const struct dma_map_ops *dma_ops;
1192
1193 /*
1194 * Available generic sets of operations
1195 */
1196-extern struct dma_map_ops dma_direct_ops;
1197+extern const struct dma_map_ops dma_direct_ops;
1198
1199-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
1200+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
1201 {
1202 /* We don't handle the NULL dev case for ISA for now. We could
1203 * do it via an out of line call but it is not needed for now. The
1204@@ -63,14 +63,14 @@ static inline struct dma_map_ops *get_dm
1205 return dev->archdata.dma_ops;
1206 }
1207
1208-static inline void set_dma_ops(struct device *dev, struct dma_map_ops *ops)
1209+static inline void set_dma_ops(struct device *dev, const struct dma_map_ops *ops)
1210 {
1211 dev->archdata.dma_ops = ops;
1212 }
1213
1214 static inline int dma_supported(struct device *dev, u64 mask)
1215 {
1216- struct dma_map_ops *ops = get_dma_ops(dev);
1217+ const struct dma_map_ops *ops = get_dma_ops(dev);
1218
1219 if (unlikely(!ops))
1220 return 0;
1221@@ -81,7 +81,7 @@ static inline int dma_supported(struct d
1222
1223 static inline int dma_set_mask(struct device *dev, u64 dma_mask)
1224 {
1225- struct dma_map_ops *ops = get_dma_ops(dev);
1226+ const struct dma_map_ops *ops = get_dma_ops(dev);
1227
1228 if (unlikely(ops == NULL))
1229 return -EIO;
1230@@ -97,7 +97,7 @@ static inline int dma_set_mask(struct de
1231
1232 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
1233 {
1234- struct dma_map_ops *ops = get_dma_ops(dev);
1235+ const struct dma_map_ops *ops = get_dma_ops(dev);
1236 if (ops->mapping_error)
1237 return ops->mapping_error(dev, dma_addr);
1238
1239@@ -110,7 +110,7 @@ static inline int dma_mapping_error(stru
1240 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
1241 dma_addr_t *dma_handle, gfp_t flag)
1242 {
1243- struct dma_map_ops *ops = get_dma_ops(dev);
1244+ const struct dma_map_ops *ops = get_dma_ops(dev);
1245 void *memory;
1246
1247 BUG_ON(!ops);
1248@@ -124,7 +124,7 @@ static inline void *dma_alloc_coherent(s
1249 static inline void dma_free_coherent(struct device *dev, size_t size,
1250 void *cpu_addr, dma_addr_t dma_handle)
1251 {
1252- struct dma_map_ops *ops = get_dma_ops(dev);
1253+ const struct dma_map_ops *ops = get_dma_ops(dev);
1254
1255 BUG_ON(!ops);
1256 debug_dma_free_coherent(dev, size, cpu_addr, dma_handle);
1257diff -urNp linux-2.6.38.2/arch/microblaze/include/asm/pci.h linux-2.6.38.2/arch/microblaze/include/asm/pci.h
1258--- linux-2.6.38.2/arch/microblaze/include/asm/pci.h 2011-03-14 21:20:32.000000000 -0400
1259+++ linux-2.6.38.2/arch/microblaze/include/asm/pci.h 2011-03-21 18:31:35.000000000 -0400
1260@@ -54,8 +54,8 @@ static inline void pcibios_penalize_isa_
1261 }
1262
1263 #ifdef CONFIG_PCI
1264-extern void set_pci_dma_ops(struct dma_map_ops *dma_ops);
1265-extern struct dma_map_ops *get_pci_dma_ops(void);
1266+extern void set_pci_dma_ops(const struct dma_map_ops *dma_ops);
1267+extern const struct dma_map_ops *get_pci_dma_ops(void);
1268 #else /* CONFIG_PCI */
1269 #define set_pci_dma_ops(d)
1270 #define get_pci_dma_ops() NULL
1271diff -urNp linux-2.6.38.2/arch/microblaze/kernel/dma.c linux-2.6.38.2/arch/microblaze/kernel/dma.c
1272--- linux-2.6.38.2/arch/microblaze/kernel/dma.c 2011-03-14 21:20:32.000000000 -0400
1273+++ linux-2.6.38.2/arch/microblaze/kernel/dma.c 2011-03-21 18:31:35.000000000 -0400
1274@@ -133,7 +133,7 @@ static inline void dma_direct_unmap_page
1275 __dma_sync_page(dma_address, 0 , size, direction);
1276 }
1277
1278-struct dma_map_ops dma_direct_ops = {
1279+const struct dma_map_ops dma_direct_ops = {
1280 .alloc_coherent = dma_direct_alloc_coherent,
1281 .free_coherent = dma_direct_free_coherent,
1282 .map_sg = dma_direct_map_sg,
1283diff -urNp linux-2.6.38.2/arch/microblaze/kernel/kgdb.c linux-2.6.38.2/arch/microblaze/kernel/kgdb.c
1284--- linux-2.6.38.2/arch/microblaze/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
1285+++ linux-2.6.38.2/arch/microblaze/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
1286@@ -141,10 +141,11 @@ void kgdb_arch_exit(void)
1287 /*
1288 * Global data
1289 */
1290-struct kgdb_arch arch_kgdb_ops = {
1291+const struct kgdb_arch arch_kgdb_ops = {
1292 #ifdef __MICROBLAZEEL__
1293 .gdb_bpt_instr = {0x18, 0x00, 0x0c, 0xba}, /* brki r16, 0x18 */
1294 #else
1295+>>>>>>> master
1296 .gdb_bpt_instr = {0xba, 0x0c, 0x00, 0x18}, /* brki r16, 0x18 */
1297 #endif
1298 };
1299diff -urNp linux-2.6.38.2/arch/microblaze/pci/pci-common.c linux-2.6.38.2/arch/microblaze/pci/pci-common.c
1300--- linux-2.6.38.2/arch/microblaze/pci/pci-common.c 2011-03-14 21:20:32.000000000 -0400
1301+++ linux-2.6.38.2/arch/microblaze/pci/pci-common.c 2011-03-21 18:31:35.000000000 -0400
1302@@ -47,14 +47,14 @@ resource_size_t isa_mem_base;
1303 /* Default PCI flags is 0 on ppc32, modified at boot on ppc64 */
1304 unsigned int pci_flags;
1305
1306-static struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
1307+static const struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
1308
1309-void set_pci_dma_ops(struct dma_map_ops *dma_ops)
1310+void set_pci_dma_ops(const struct dma_map_ops *dma_ops)
1311 {
1312 pci_dma_ops = dma_ops;
1313 }
1314
1315-struct dma_map_ops *get_pci_dma_ops(void)
1316+const struct dma_map_ops *get_pci_dma_ops(void)
1317 {
1318 return pci_dma_ops;
1319 }
1320diff -urNp linux-2.6.38.2/arch/mips/cavium-octeon/dma-octeon.c linux-2.6.38.2/arch/mips/cavium-octeon/dma-octeon.c
1321--- linux-2.6.38.2/arch/mips/cavium-octeon/dma-octeon.c 2011-03-14 21:20:32.000000000 -0400
1322+++ linux-2.6.38.2/arch/mips/cavium-octeon/dma-octeon.c 2011-03-21 18:31:35.000000000 -0400
1323@@ -202,7 +202,7 @@ static phys_addr_t octeon_unity_dma_to_p
1324 }
1325
1326 struct octeon_dma_map_ops {
1327- struct dma_map_ops dma_map_ops;
1328+ const struct dma_map_ops dma_map_ops;
1329 dma_addr_t (*phys_to_dma)(struct device *dev, phys_addr_t paddr);
1330 phys_addr_t (*dma_to_phys)(struct device *dev, dma_addr_t daddr);
1331 };
1332@@ -324,7 +324,7 @@ static struct octeon_dma_map_ops _octeon
1333 },
1334 };
1335
1336-struct dma_map_ops *octeon_pci_dma_map_ops;
1337+const struct dma_map_ops *octeon_pci_dma_map_ops;
1338
1339 void __init octeon_pci_dma_init(void)
1340 {
1341diff -urNp linux-2.6.38.2/arch/mips/include/asm/device.h linux-2.6.38.2/arch/mips/include/asm/device.h
1342--- linux-2.6.38.2/arch/mips/include/asm/device.h 2011-03-14 21:20:32.000000000 -0400
1343+++ linux-2.6.38.2/arch/mips/include/asm/device.h 2011-03-21 18:31:35.000000000 -0400
1344@@ -10,7 +10,7 @@ struct dma_map_ops;
1345
1346 struct dev_archdata {
1347 /* DMA operations on that device */
1348- struct dma_map_ops *dma_ops;
1349+ const struct dma_map_ops *dma_ops;
1350 };
1351
1352 struct pdev_archdata {
1353diff -urNp linux-2.6.38.2/arch/mips/include/asm/dma-mapping.h linux-2.6.38.2/arch/mips/include/asm/dma-mapping.h
1354--- linux-2.6.38.2/arch/mips/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
1355+++ linux-2.6.38.2/arch/mips/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
1356@@ -7,9 +7,9 @@
1357
1358 #include <dma-coherence.h>
1359
1360-extern struct dma_map_ops *mips_dma_map_ops;
1361+extern const struct dma_map_ops *mips_dma_map_ops;
1362
1363-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
1364+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
1365 {
1366 if (dev && dev->archdata.dma_ops)
1367 return dev->archdata.dma_ops;
1368@@ -31,13 +31,13 @@ static inline void dma_mark_clean(void *
1369
1370 static inline int dma_supported(struct device *dev, u64 mask)
1371 {
1372- struct dma_map_ops *ops = get_dma_ops(dev);
1373+ const struct dma_map_ops *ops = get_dma_ops(dev);
1374 return ops->dma_supported(dev, mask);
1375 }
1376
1377 static inline int dma_mapping_error(struct device *dev, u64 mask)
1378 {
1379- struct dma_map_ops *ops = get_dma_ops(dev);
1380+ const struct dma_map_ops *ops = get_dma_ops(dev);
1381 return ops->mapping_error(dev, mask);
1382 }
1383
1384@@ -59,7 +59,7 @@ static inline void *dma_alloc_coherent(s
1385 dma_addr_t *dma_handle, gfp_t gfp)
1386 {
1387 void *ret;
1388- struct dma_map_ops *ops = get_dma_ops(dev);
1389+ const struct dma_map_ops *ops = get_dma_ops(dev);
1390
1391 ret = ops->alloc_coherent(dev, size, dma_handle, gfp);
1392
1393@@ -71,7 +71,7 @@ static inline void *dma_alloc_coherent(s
1394 static inline void dma_free_coherent(struct device *dev, size_t size,
1395 void *vaddr, dma_addr_t dma_handle)
1396 {
1397- struct dma_map_ops *ops = get_dma_ops(dev);
1398+ const struct dma_map_ops *ops = get_dma_ops(dev);
1399
1400 ops->free_coherent(dev, size, vaddr, dma_handle);
1401
1402diff -urNp linux-2.6.38.2/arch/mips/include/asm/elf.h linux-2.6.38.2/arch/mips/include/asm/elf.h
1403--- linux-2.6.38.2/arch/mips/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
1404+++ linux-2.6.38.2/arch/mips/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
1405@@ -372,13 +372,16 @@ extern const char *__elf_platform;
1406 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
1407 #endif
1408
1409+#ifdef CONFIG_PAX_ASLR
1410+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1411+
1412+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1413+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1414+#endif
1415+
1416 #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
1417 struct linux_binprm;
1418 extern int arch_setup_additional_pages(struct linux_binprm *bprm,
1419 int uses_interp);
1420
1421-struct mm_struct;
1422-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
1423-#define arch_randomize_brk arch_randomize_brk
1424-
1425 #endif /* _ASM_ELF_H */
1426diff -urNp linux-2.6.38.2/arch/mips/include/asm/mach-cavium-octeon/dma-coherence.h linux-2.6.38.2/arch/mips/include/asm/mach-cavium-octeon/dma-coherence.h
1427--- linux-2.6.38.2/arch/mips/include/asm/mach-cavium-octeon/dma-coherence.h 2011-03-14 21:20:32.000000000 -0400
1428+++ linux-2.6.38.2/arch/mips/include/asm/mach-cavium-octeon/dma-coherence.h 2011-03-21 18:31:35.000000000 -0400
1429@@ -66,7 +66,7 @@ dma_addr_t phys_to_dma(struct device *de
1430 phys_addr_t dma_to_phys(struct device *dev, dma_addr_t daddr);
1431
1432 struct dma_map_ops;
1433-extern struct dma_map_ops *octeon_pci_dma_map_ops;
1434+extern const struct dma_map_ops *octeon_pci_dma_map_ops;
1435 extern char *octeon_swiotlb;
1436
1437 #endif /* __ASM_MACH_CAVIUM_OCTEON_DMA_COHERENCE_H */
1438diff -urNp linux-2.6.38.2/arch/mips/include/asm/page.h linux-2.6.38.2/arch/mips/include/asm/page.h
1439--- linux-2.6.38.2/arch/mips/include/asm/page.h 2011-03-14 21:20:32.000000000 -0400
1440+++ linux-2.6.38.2/arch/mips/include/asm/page.h 2011-03-21 18:31:35.000000000 -0400
1441@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct pa
1442 #ifdef CONFIG_CPU_MIPS32
1443 typedef struct { unsigned long pte_low, pte_high; } pte_t;
1444 #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
1445- #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
1446+ #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
1447 #else
1448 typedef struct { unsigned long long pte; } pte_t;
1449 #define pte_val(x) ((x).pte)
1450diff -urNp linux-2.6.38.2/arch/mips/include/asm/system.h linux-2.6.38.2/arch/mips/include/asm/system.h
1451--- linux-2.6.38.2/arch/mips/include/asm/system.h 2011-03-14 21:20:32.000000000 -0400
1452+++ linux-2.6.38.2/arch/mips/include/asm/system.h 2011-03-21 18:31:35.000000000 -0400
1453@@ -23,6 +23,7 @@
1454 #include <asm/dsp.h>
1455 #include <asm/watch.h>
1456 #include <asm/war.h>
1457+#include <asm/asm.h>
1458
1459
1460 /*
1461@@ -230,6 +231,6 @@ extern void per_cpu_trap_init(void);
1462 */
1463 #define __ARCH_WANT_UNLOCKED_CTXSW
1464
1465-extern unsigned long arch_align_stack(unsigned long sp);
1466+#define arch_align_stack(x) ((x) & ALMASK)
1467
1468 #endif /* _ASM_SYSTEM_H */
1469diff -urNp linux-2.6.38.2/arch/mips/kernel/binfmt_elfn32.c linux-2.6.38.2/arch/mips/kernel/binfmt_elfn32.c
1470--- linux-2.6.38.2/arch/mips/kernel/binfmt_elfn32.c 2011-03-14 21:20:32.000000000 -0400
1471+++ linux-2.6.38.2/arch/mips/kernel/binfmt_elfn32.c 2011-03-21 18:31:35.000000000 -0400
1472@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1473 #undef ELF_ET_DYN_BASE
1474 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1475
1476+#ifdef CONFIG_PAX_ASLR
1477+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1478+
1479+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1480+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1481+#endif
1482+
1483 #include <asm/processor.h>
1484 #include <linux/module.h>
1485 #include <linux/elfcore.h>
1486diff -urNp linux-2.6.38.2/arch/mips/kernel/binfmt_elfo32.c linux-2.6.38.2/arch/mips/kernel/binfmt_elfo32.c
1487--- linux-2.6.38.2/arch/mips/kernel/binfmt_elfo32.c 2011-03-14 21:20:32.000000000 -0400
1488+++ linux-2.6.38.2/arch/mips/kernel/binfmt_elfo32.c 2011-03-21 18:31:35.000000000 -0400
1489@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
1490 #undef ELF_ET_DYN_BASE
1491 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
1492
1493+#ifdef CONFIG_PAX_ASLR
1494+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
1495+
1496+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1497+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
1498+#endif
1499+
1500 #include <asm/processor.h>
1501
1502 /*
1503diff -urNp linux-2.6.38.2/arch/mips/kernel/kgdb.c linux-2.6.38.2/arch/mips/kernel/kgdb.c
1504--- linux-2.6.38.2/arch/mips/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
1505+++ linux-2.6.38.2/arch/mips/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
1506@@ -351,7 +351,7 @@ int kgdb_arch_handle_exception(int vecto
1507 return -1;
1508 }
1509
1510-struct kgdb_arch arch_kgdb_ops;
1511+struct kgdb_arch arch_kgdb_ops; /* cannot be const, see kgdb_arch_init */
1512
1513 /*
1514 * We use kgdb_early_setup so that functions we need to call now don't
1515diff -urNp linux-2.6.38.2/arch/mips/kernel/process.c linux-2.6.38.2/arch/mips/kernel/process.c
1516--- linux-2.6.38.2/arch/mips/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
1517+++ linux-2.6.38.2/arch/mips/kernel/process.c 2011-03-21 18:31:35.000000000 -0400
1518@@ -473,15 +473,3 @@ unsigned long get_wchan(struct task_stru
1519 out:
1520 return pc;
1521 }
1522-
1523-/*
1524- * Don't forget that the stack pointer must be aligned on a 8 bytes
1525- * boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
1526- */
1527-unsigned long arch_align_stack(unsigned long sp)
1528-{
1529- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1530- sp -= get_random_int() & ~PAGE_MASK;
1531-
1532- return sp & ALMASK;
1533-}
1534diff -urNp linux-2.6.38.2/arch/mips/kernel/syscall.c linux-2.6.38.2/arch/mips/kernel/syscall.c
1535--- linux-2.6.38.2/arch/mips/kernel/syscall.c 2011-03-14 21:20:32.000000000 -0400
1536+++ linux-2.6.38.2/arch/mips/kernel/syscall.c 2011-03-21 18:31:35.000000000 -0400
1537@@ -108,14 +108,18 @@ unsigned long arch_get_unmapped_area(str
1538 do_color_align = 0;
1539 if (filp || (flags & MAP_SHARED))
1540 do_color_align = 1;
1541+
1542+#ifdef CONFIG_PAX_RANDMMAP
1543+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
1544+#endif
1545+
1546 if (addr) {
1547 if (do_color_align)
1548 addr = COLOUR_ALIGN(addr, pgoff);
1549 else
1550 addr = PAGE_ALIGN(addr);
1551 vmm = find_vma(current->mm, addr);
1552- if (task_size - len >= addr &&
1553- (!vmm || addr + len <= vmm->vm_start))
1554+ if (task_size - len >= addr && check_heap_stack_gap(vmm, addr, len))
1555 return addr;
1556 }
1557 addr = current->mm->mmap_base;
1558@@ -128,7 +132,7 @@ unsigned long arch_get_unmapped_area(str
1559 /* At this point: (!vmm || addr < vmm->vm_end). */
1560 if (task_size - len < addr)
1561 return -ENOMEM;
1562- if (!vmm || addr + len <= vmm->vm_start)
1563+ if (check_heap_stack_gap(vmm, addr, len))
1564 return addr;
1565 addr = vmm->vm_end;
1566 if (do_color_align)
1567@@ -168,19 +172,6 @@ static inline unsigned long brk_rnd(void
1568 return rnd;
1569 }
1570
1571-unsigned long arch_randomize_brk(struct mm_struct *mm)
1572-{
1573- unsigned long base = mm->brk;
1574- unsigned long ret;
1575-
1576- ret = PAGE_ALIGN(base + brk_rnd());
1577-
1578- if (ret < mm->brk)
1579- return mm->brk;
1580-
1581- return ret;
1582-}
1583-
1584 SYSCALL_DEFINE6(mips_mmap, unsigned long, addr, unsigned long, len,
1585 unsigned long, prot, unsigned long, flags, unsigned long,
1586 fd, off_t, offset)
1587diff -urNp linux-2.6.38.2/arch/mips/mm/dma-default.c linux-2.6.38.2/arch/mips/mm/dma-default.c
1588--- linux-2.6.38.2/arch/mips/mm/dma-default.c 2011-03-14 21:20:32.000000000 -0400
1589+++ linux-2.6.38.2/arch/mips/mm/dma-default.c 2011-03-21 18:31:35.000000000 -0400
1590@@ -300,7 +300,7 @@ void dma_cache_sync(struct device *dev,
1591
1592 EXPORT_SYMBOL(dma_cache_sync);
1593
1594-static struct dma_map_ops mips_default_dma_map_ops = {
1595+static const struct dma_map_ops mips_default_dma_map_ops = {
1596 .alloc_coherent = mips_dma_alloc_coherent,
1597 .free_coherent = mips_dma_free_coherent,
1598 .map_page = mips_dma_map_page,
1599@@ -315,7 +315,7 @@ static struct dma_map_ops mips_default_d
1600 .dma_supported = mips_dma_supported
1601 };
1602
1603-struct dma_map_ops *mips_dma_map_ops = &mips_default_dma_map_ops;
1604+const struct dma_map_ops *mips_dma_map_ops = &mips_default_dma_map_ops;
1605 EXPORT_SYMBOL(mips_dma_map_ops);
1606
1607 #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16)
1608diff -urNp linux-2.6.38.2/arch/mips/mm/fault.c linux-2.6.38.2/arch/mips/mm/fault.c
1609--- linux-2.6.38.2/arch/mips/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
1610+++ linux-2.6.38.2/arch/mips/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
1611@@ -28,6 +28,23 @@
1612 #include <asm/highmem.h> /* For VMALLOC_END */
1613 #include <linux/kdebug.h>
1614
1615+#ifdef CONFIG_PAX_PAGEEXEC
1616+void pax_report_insns(void *pc, void *sp)
1617+{
1618+ unsigned long i;
1619+
1620+ printk(KERN_ERR "PAX: bytes at PC: ");
1621+ for (i = 0; i < 5; i++) {
1622+ unsigned int c;
1623+ if (get_user(c, (unsigned int *)pc+i))
1624+ printk(KERN_CONT "???????? ");
1625+ else
1626+ printk(KERN_CONT "%08x ", c);
1627+ }
1628+ printk("\n");
1629+}
1630+#endif
1631+
1632 /*
1633 * This routine handles page faults. It determines the address,
1634 * and the problem, and then passes it off to one of the appropriate
1635diff -urNp linux-2.6.38.2/arch/parisc/include/asm/elf.h linux-2.6.38.2/arch/parisc/include/asm/elf.h
1636--- linux-2.6.38.2/arch/parisc/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
1637+++ linux-2.6.38.2/arch/parisc/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
1638@@ -342,6 +342,13 @@ struct pt_regs; /* forward declaration..
1639
1640 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
1641
1642+#ifdef CONFIG_PAX_ASLR
1643+#define PAX_ELF_ET_DYN_BASE 0x10000UL
1644+
1645+#define PAX_DELTA_MMAP_LEN 16
1646+#define PAX_DELTA_STACK_LEN 16
1647+#endif
1648+
1649 /* This yields a mask that user programs can use to figure out what
1650 instruction set this CPU supports. This could be done in user space,
1651 but it's not easy, and we've already done it here. */
1652diff -urNp linux-2.6.38.2/arch/parisc/include/asm/pgtable.h linux-2.6.38.2/arch/parisc/include/asm/pgtable.h
1653--- linux-2.6.38.2/arch/parisc/include/asm/pgtable.h 2011-03-14 21:20:32.000000000 -0400
1654+++ linux-2.6.38.2/arch/parisc/include/asm/pgtable.h 2011-03-21 18:31:35.000000000 -0400
1655@@ -209,6 +209,17 @@ struct vm_area_struct;
1656 #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
1657 #define PAGE_COPY PAGE_EXECREAD
1658 #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
1659+
1660+#ifdef CONFIG_PAX_PAGEEXEC
1661+# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
1662+# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1663+# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
1664+#else
1665+# define PAGE_SHARED_NOEXEC PAGE_SHARED
1666+# define PAGE_COPY_NOEXEC PAGE_COPY
1667+# define PAGE_READONLY_NOEXEC PAGE_READONLY
1668+#endif
1669+
1670 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
1671 #define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
1672 #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
1673diff -urNp linux-2.6.38.2/arch/parisc/kernel/module.c linux-2.6.38.2/arch/parisc/kernel/module.c
1674--- linux-2.6.38.2/arch/parisc/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
1675+++ linux-2.6.38.2/arch/parisc/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
1676@@ -96,16 +96,38 @@
1677
1678 /* three functions to determine where in the module core
1679 * or init pieces the location is */
1680+static inline int in_init_rx(struct module *me, void *loc)
1681+{
1682+ return (loc >= me->module_init_rx &&
1683+ loc < (me->module_init_rx + me->init_size_rx));
1684+}
1685+
1686+static inline int in_init_rw(struct module *me, void *loc)
1687+{
1688+ return (loc >= me->module_init_rw &&
1689+ loc < (me->module_init_rw + me->init_size_rw));
1690+}
1691+
1692 static inline int in_init(struct module *me, void *loc)
1693 {
1694- return (loc >= me->module_init &&
1695- loc <= (me->module_init + me->init_size));
1696+ return in_init_rx(me, loc) || in_init_rw(me, loc);
1697+}
1698+
1699+static inline int in_core_rx(struct module *me, void *loc)
1700+{
1701+ return (loc >= me->module_core_rx &&
1702+ loc < (me->module_core_rx + me->core_size_rx));
1703+}
1704+
1705+static inline int in_core_rw(struct module *me, void *loc)
1706+{
1707+ return (loc >= me->module_core_rw &&
1708+ loc < (me->module_core_rw + me->core_size_rw));
1709 }
1710
1711 static inline int in_core(struct module *me, void *loc)
1712 {
1713- return (loc >= me->module_core &&
1714- loc <= (me->module_core + me->core_size));
1715+ return in_core_rx(me, loc) || in_core_rw(me, loc);
1716 }
1717
1718 static inline int in_local(struct module *me, void *loc)
1719@@ -365,13 +387,13 @@ int module_frob_arch_sections(CONST Elf_
1720 }
1721
1722 /* align things a bit */
1723- me->core_size = ALIGN(me->core_size, 16);
1724- me->arch.got_offset = me->core_size;
1725- me->core_size += gots * sizeof(struct got_entry);
1726-
1727- me->core_size = ALIGN(me->core_size, 16);
1728- me->arch.fdesc_offset = me->core_size;
1729- me->core_size += fdescs * sizeof(Elf_Fdesc);
1730+ me->core_size_rw = ALIGN(me->core_size_rw, 16);
1731+ me->arch.got_offset = me->core_size_rw;
1732+ me->core_size_rw += gots * sizeof(struct got_entry);
1733+
1734+ me->core_size_rw = ALIGN(me->core_size_rw, 16);
1735+ me->arch.fdesc_offset = me->core_size_rw;
1736+ me->core_size_rw += fdescs * sizeof(Elf_Fdesc);
1737
1738 me->arch.got_max = gots;
1739 me->arch.fdesc_max = fdescs;
1740@@ -389,7 +411,7 @@ static Elf64_Word get_got(struct module
1741
1742 BUG_ON(value == 0);
1743
1744- got = me->module_core + me->arch.got_offset;
1745+ got = me->module_core_rw + me->arch.got_offset;
1746 for (i = 0; got[i].addr; i++)
1747 if (got[i].addr == value)
1748 goto out;
1749@@ -407,7 +429,7 @@ static Elf64_Word get_got(struct module
1750 #ifdef CONFIG_64BIT
1751 static Elf_Addr get_fdesc(struct module *me, unsigned long value)
1752 {
1753- Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset;
1754+ Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset;
1755
1756 if (!value) {
1757 printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
1758@@ -425,7 +447,7 @@ static Elf_Addr get_fdesc(struct module
1759
1760 /* Create new one */
1761 fdesc->addr = value;
1762- fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset;
1763+ fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
1764 return (Elf_Addr)fdesc;
1765 }
1766 #endif /* CONFIG_64BIT */
1767@@ -849,7 +871,7 @@ register_unwind_table(struct module *me,
1768
1769 table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
1770 end = table + sechdrs[me->arch.unwind_section].sh_size;
1771- gp = (Elf_Addr)me->module_core + me->arch.got_offset;
1772+ gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
1773
1774 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
1775 me->arch.unwind_section, table, end, gp);
1776diff -urNp linux-2.6.38.2/arch/parisc/kernel/sys_parisc.c linux-2.6.38.2/arch/parisc/kernel/sys_parisc.c
1777--- linux-2.6.38.2/arch/parisc/kernel/sys_parisc.c 2011-03-14 21:20:32.000000000 -0400
1778+++ linux-2.6.38.2/arch/parisc/kernel/sys_parisc.c 2011-03-21 18:31:35.000000000 -0400
1779@@ -43,7 +43,7 @@ static unsigned long get_unshared_area(u
1780 /* At this point: (!vma || addr < vma->vm_end). */
1781 if (TASK_SIZE - len < addr)
1782 return -ENOMEM;
1783- if (!vma || addr + len <= vma->vm_start)
1784+ if (check_heap_stack_gap(vma, addr, len))
1785 return addr;
1786 addr = vma->vm_end;
1787 }
1788@@ -79,7 +79,7 @@ static unsigned long get_shared_area(str
1789 /* At this point: (!vma || addr < vma->vm_end). */
1790 if (TASK_SIZE - len < addr)
1791 return -ENOMEM;
1792- if (!vma || addr + len <= vma->vm_start)
1793+ if (check_heap_stack_gap(vma, addr, len))
1794 return addr;
1795 addr = DCACHE_ALIGN(vma->vm_end - offset) + offset;
1796 if (addr < vma->vm_end) /* handle wraparound */
1797@@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
1798 if (flags & MAP_FIXED)
1799 return addr;
1800 if (!addr)
1801- addr = TASK_UNMAPPED_BASE;
1802+ addr = current->mm->mmap_base;
1803
1804 if (filp) {
1805 addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
1806diff -urNp linux-2.6.38.2/arch/parisc/kernel/traps.c linux-2.6.38.2/arch/parisc/kernel/traps.c
1807--- linux-2.6.38.2/arch/parisc/kernel/traps.c 2011-03-14 21:20:32.000000000 -0400
1808+++ linux-2.6.38.2/arch/parisc/kernel/traps.c 2011-03-21 18:31:35.000000000 -0400
1809@@ -733,9 +733,7 @@ void notrace handle_interruption(int cod
1810
1811 down_read(&current->mm->mmap_sem);
1812 vma = find_vma(current->mm,regs->iaoq[0]);
1813- if (vma && (regs->iaoq[0] >= vma->vm_start)
1814- && (vma->vm_flags & VM_EXEC)) {
1815-
1816+ if (vma && (regs->iaoq[0] >= vma->vm_start)) {
1817 fault_address = regs->iaoq[0];
1818 fault_space = regs->iasq[0];
1819
1820diff -urNp linux-2.6.38.2/arch/parisc/mm/fault.c linux-2.6.38.2/arch/parisc/mm/fault.c
1821--- linux-2.6.38.2/arch/parisc/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
1822+++ linux-2.6.38.2/arch/parisc/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
1823@@ -15,6 +15,7 @@
1824 #include <linux/sched.h>
1825 #include <linux/interrupt.h>
1826 #include <linux/module.h>
1827+#include <linux/unistd.h>
1828
1829 #include <asm/uaccess.h>
1830 #include <asm/traps.h>
1831@@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, ex
1832 static unsigned long
1833 parisc_acctyp(unsigned long code, unsigned int inst)
1834 {
1835- if (code == 6 || code == 16)
1836+ if (code == 6 || code == 7 || code == 16)
1837 return VM_EXEC;
1838
1839 switch (inst & 0xf0000000) {
1840@@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsign
1841 }
1842 #endif
1843
1844+#ifdef CONFIG_PAX_PAGEEXEC
1845+/*
1846+ * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
1847+ *
1848+ * returns 1 when task should be killed
1849+ * 2 when rt_sigreturn trampoline was detected
1850+ * 3 when unpatched PLT trampoline was detected
1851+ */
1852+static int pax_handle_fetch_fault(struct pt_regs *regs)
1853+{
1854+
1855+#ifdef CONFIG_PAX_EMUPLT
1856+ int err;
1857+
1858+ do { /* PaX: unpatched PLT emulation */
1859+ unsigned int bl, depwi;
1860+
1861+ err = get_user(bl, (unsigned int *)instruction_pointer(regs));
1862+ err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4));
1863+
1864+ if (err)
1865+ break;
1866+
1867+ if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
1868+ unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
1869+
1870+ err = get_user(ldw, (unsigned int *)addr);
1871+ err |= get_user(bv, (unsigned int *)(addr+4));
1872+ err |= get_user(ldw2, (unsigned int *)(addr+8));
1873+
1874+ if (err)
1875+ break;
1876+
1877+ if (ldw == 0x0E801096U &&
1878+ bv == 0xEAC0C000U &&
1879+ ldw2 == 0x0E881095U)
1880+ {
1881+ unsigned int resolver, map;
1882+
1883+ err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8));
1884+ err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12));
1885+ if (err)
1886+ break;
1887+
1888+ regs->gr[20] = instruction_pointer(regs)+8;
1889+ regs->gr[21] = map;
1890+ regs->gr[22] = resolver;
1891+ regs->iaoq[0] = resolver | 3UL;
1892+ regs->iaoq[1] = regs->iaoq[0] + 4;
1893+ return 3;
1894+ }
1895+ }
1896+ } while (0);
1897+#endif
1898+
1899+#ifdef CONFIG_PAX_EMUTRAMP
1900+
1901+#ifndef CONFIG_PAX_EMUSIGRT
1902+ if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
1903+ return 1;
1904+#endif
1905+
1906+ do { /* PaX: rt_sigreturn emulation */
1907+ unsigned int ldi1, ldi2, bel, nop;
1908+
1909+ err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
1910+ err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
1911+ err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
1912+ err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
1913+
1914+ if (err)
1915+ break;
1916+
1917+ if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
1918+ ldi2 == 0x3414015AU &&
1919+ bel == 0xE4008200U &&
1920+ nop == 0x08000240U)
1921+ {
1922+ regs->gr[25] = (ldi1 & 2) >> 1;
1923+ regs->gr[20] = __NR_rt_sigreturn;
1924+ regs->gr[31] = regs->iaoq[1] + 16;
1925+ regs->sr[0] = regs->iasq[1];
1926+ regs->iaoq[0] = 0x100UL;
1927+ regs->iaoq[1] = regs->iaoq[0] + 4;
1928+ regs->iasq[0] = regs->sr[2];
1929+ regs->iasq[1] = regs->sr[2];
1930+ return 2;
1931+ }
1932+ } while (0);
1933+#endif
1934+
1935+ return 1;
1936+}
1937+
1938+void pax_report_insns(void *pc, void *sp)
1939+{
1940+ unsigned long i;
1941+
1942+ printk(KERN_ERR "PAX: bytes at PC: ");
1943+ for (i = 0; i < 5; i++) {
1944+ unsigned int c;
1945+ if (get_user(c, (unsigned int *)pc+i))
1946+ printk(KERN_CONT "???????? ");
1947+ else
1948+ printk(KERN_CONT "%08x ", c);
1949+ }
1950+ printk("\n");
1951+}
1952+#endif
1953+
1954 int fixup_exception(struct pt_regs *regs)
1955 {
1956 const struct exception_table_entry *fix;
1957@@ -192,8 +303,33 @@ good_area:
1958
1959 acc_type = parisc_acctyp(code,regs->iir);
1960
1961- if ((vma->vm_flags & acc_type) != acc_type)
1962+ if ((vma->vm_flags & acc_type) != acc_type) {
1963+
1964+#ifdef CONFIG_PAX_PAGEEXEC
1965+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
1966+ (address & ~3UL) == instruction_pointer(regs))
1967+ {
1968+ up_read(&mm->mmap_sem);
1969+ switch (pax_handle_fetch_fault(regs)) {
1970+
1971+#ifdef CONFIG_PAX_EMUPLT
1972+ case 3:
1973+ return;
1974+#endif
1975+
1976+#ifdef CONFIG_PAX_EMUTRAMP
1977+ case 2:
1978+ return;
1979+#endif
1980+
1981+ }
1982+ pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]);
1983+ do_group_exit(SIGKILL);
1984+ }
1985+#endif
1986+
1987 goto bad_area;
1988+ }
1989
1990 /*
1991 * If for any reason at all we couldn't handle the fault, make
1992diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/device.h linux-2.6.38.2/arch/powerpc/include/asm/device.h
1993--- linux-2.6.38.2/arch/powerpc/include/asm/device.h 2011-03-14 21:20:32.000000000 -0400
1994+++ linux-2.6.38.2/arch/powerpc/include/asm/device.h 2011-03-21 18:31:35.000000000 -0400
1995@@ -17,7 +17,7 @@ struct device_node;
1996 */
1997 struct dev_archdata {
1998 /* DMA operations on that device */
1999- struct dma_map_ops *dma_ops;
2000+ const struct dma_map_ops *dma_ops;
2001
2002 /*
2003 * When an iommu is in use, dma_data is used as a ptr to the base of the
2004diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/dma-mapping.h linux-2.6.38.2/arch/powerpc/include/asm/dma-mapping.h
2005--- linux-2.6.38.2/arch/powerpc/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
2006+++ linux-2.6.38.2/arch/powerpc/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
2007@@ -66,12 +66,13 @@ static inline unsigned long device_to_ma
2008 /*
2009 * Available generic sets of operations
2010 */
2011+/* cannot be const */
2012 #ifdef CONFIG_PPC64
2013-extern struct dma_map_ops dma_iommu_ops;
2014+extern const struct dma_map_ops dma_iommu_ops;
2015 #endif
2016-extern struct dma_map_ops dma_direct_ops;
2017+extern const struct dma_map_ops dma_direct_ops;
2018
2019-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
2020+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
2021 {
2022 /* We don't handle the NULL dev case for ISA for now. We could
2023 * do it via an out of line call but it is not needed for now. The
2024@@ -84,7 +85,7 @@ static inline struct dma_map_ops *get_dm
2025 return dev->archdata.dma_ops;
2026 }
2027
2028-static inline void set_dma_ops(struct device *dev, struct dma_map_ops *ops)
2029+static inline void set_dma_ops(struct device *dev, const struct dma_map_ops *ops)
2030 {
2031 dev->archdata.dma_ops = ops;
2032 }
2033@@ -118,7 +119,7 @@ static inline void set_dma_offset(struct
2034
2035 static inline int dma_supported(struct device *dev, u64 mask)
2036 {
2037- struct dma_map_ops *dma_ops = get_dma_ops(dev);
2038+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2039
2040 if (unlikely(dma_ops == NULL))
2041 return 0;
2042@@ -132,7 +133,7 @@ extern int dma_set_mask(struct device *d
2043 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
2044 dma_addr_t *dma_handle, gfp_t flag)
2045 {
2046- struct dma_map_ops *dma_ops = get_dma_ops(dev);
2047+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2048 void *cpu_addr;
2049
2050 BUG_ON(!dma_ops);
2051@@ -147,7 +148,7 @@ static inline void *dma_alloc_coherent(s
2052 static inline void dma_free_coherent(struct device *dev, size_t size,
2053 void *cpu_addr, dma_addr_t dma_handle)
2054 {
2055- struct dma_map_ops *dma_ops = get_dma_ops(dev);
2056+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2057
2058 BUG_ON(!dma_ops);
2059
2060@@ -158,7 +159,7 @@ static inline void dma_free_coherent(str
2061
2062 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
2063 {
2064- struct dma_map_ops *dma_ops = get_dma_ops(dev);
2065+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2066
2067 if (dma_ops->mapping_error)
2068 return dma_ops->mapping_error(dev, dma_addr);
2069diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/elf.h linux-2.6.38.2/arch/powerpc/include/asm/elf.h
2070--- linux-2.6.38.2/arch/powerpc/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
2071+++ linux-2.6.38.2/arch/powerpc/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
2072@@ -178,8 +178,19 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E
2073 the loader. We need to make sure that it is out of the way of the program
2074 that it will "exec", and that there is sufficient room for the brk. */
2075
2076-extern unsigned long randomize_et_dyn(unsigned long base);
2077-#define ELF_ET_DYN_BASE (randomize_et_dyn(0x20000000))
2078+#define ELF_ET_DYN_BASE (0x20000000)
2079+
2080+#ifdef CONFIG_PAX_ASLR
2081+#define PAX_ELF_ET_DYN_BASE (0x10000000UL)
2082+
2083+#ifdef __powerpc64__
2084+#define PAX_DELTA_MMAP_LEN (is_32bit_task() ? 16 : 28)
2085+#define PAX_DELTA_STACK_LEN (is_32bit_task() ? 16 : 28)
2086+#else
2087+#define PAX_DELTA_MMAP_LEN 15
2088+#define PAX_DELTA_STACK_LEN 15
2089+#endif
2090+#endif
2091
2092 /*
2093 * Our registers are always unsigned longs, whether we're a 32 bit
2094@@ -274,9 +285,6 @@ extern int arch_setup_additional_pages(s
2095 (0x7ff >> (PAGE_SHIFT - 12)) : \
2096 (0x3ffff >> (PAGE_SHIFT - 12)))
2097
2098-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
2099-#define arch_randomize_brk arch_randomize_brk
2100-
2101 #endif /* __KERNEL__ */
2102
2103 /*
2104diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/iommu.h linux-2.6.38.2/arch/powerpc/include/asm/iommu.h
2105--- linux-2.6.38.2/arch/powerpc/include/asm/iommu.h 2011-03-14 21:20:32.000000000 -0400
2106+++ linux-2.6.38.2/arch/powerpc/include/asm/iommu.h 2011-03-21 18:31:35.000000000 -0400
2107@@ -116,6 +116,9 @@ extern void iommu_init_early_iSeries(voi
2108 extern void iommu_init_early_dart(void);
2109 extern void iommu_init_early_pasemi(void);
2110
2111+/* dma-iommu.c */
2112+extern int dma_iommu_dma_supported(struct device *dev, u64 mask);
2113+
2114 #ifdef CONFIG_PCI
2115 extern void pci_iommu_init(void);
2116 extern void pci_direct_iommu_init(void);
2117diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/kmap_types.h linux-2.6.38.2/arch/powerpc/include/asm/kmap_types.h
2118--- linux-2.6.38.2/arch/powerpc/include/asm/kmap_types.h 2011-03-14 21:20:32.000000000 -0400
2119+++ linux-2.6.38.2/arch/powerpc/include/asm/kmap_types.h 2011-03-21 18:31:35.000000000 -0400
2120@@ -27,6 +27,7 @@ enum km_type {
2121 KM_PPC_SYNC_PAGE,
2122 KM_PPC_SYNC_ICACHE,
2123 KM_KDB,
2124+ KM_CLEARPAGE,
2125 KM_TYPE_NR
2126 };
2127
2128diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/page_64.h linux-2.6.38.2/arch/powerpc/include/asm/page_64.h
2129--- linux-2.6.38.2/arch/powerpc/include/asm/page_64.h 2011-03-14 21:20:32.000000000 -0400
2130+++ linux-2.6.38.2/arch/powerpc/include/asm/page_64.h 2011-03-21 18:31:35.000000000 -0400
2131@@ -172,15 +172,18 @@ do { \
2132 * stack by default, so in the absense of a PT_GNU_STACK program header
2133 * we turn execute permission off.
2134 */
2135-#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
2136- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2137+#define VM_STACK_DEFAULT_FLAGS32 \
2138+ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
2139+ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2140
2141 #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
2142 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2143
2144+#ifndef CONFIG_PAX_PAGEEXEC
2145 #define VM_STACK_DEFAULT_FLAGS \
2146 (is_32bit_task() ? \
2147 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
2148+#endif
2149
2150 #include <asm-generic/getorder.h>
2151
2152diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/page.h linux-2.6.38.2/arch/powerpc/include/asm/page.h
2153--- linux-2.6.38.2/arch/powerpc/include/asm/page.h 2011-03-14 21:20:32.000000000 -0400
2154+++ linux-2.6.38.2/arch/powerpc/include/asm/page.h 2011-03-21 18:31:35.000000000 -0400
2155@@ -129,8 +129,9 @@ extern phys_addr_t kernstart_addr;
2156 * and needs to be executable. This means the whole heap ends
2157 * up being executable.
2158 */
2159-#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
2160- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2161+#define VM_DATA_DEFAULT_FLAGS32 \
2162+ (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
2163+ VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2164
2165 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
2166 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
2167@@ -158,6 +159,9 @@ extern phys_addr_t kernstart_addr;
2168 #define is_kernel_addr(x) ((x) >= PAGE_OFFSET)
2169 #endif
2170
2171+#define ktla_ktva(addr) (addr)
2172+#define ktva_ktla(addr) (addr)
2173+
2174 #ifndef __ASSEMBLY__
2175
2176 #undef STRICT_MM_TYPECHECKS
2177diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/pci.h linux-2.6.38.2/arch/powerpc/include/asm/pci.h
2178--- linux-2.6.38.2/arch/powerpc/include/asm/pci.h 2011-03-14 21:20:32.000000000 -0400
2179+++ linux-2.6.38.2/arch/powerpc/include/asm/pci.h 2011-03-21 18:31:35.000000000 -0400
2180@@ -65,8 +65,8 @@ static inline int pci_get_legacy_ide_irq
2181 }
2182
2183 #ifdef CONFIG_PCI
2184-extern void set_pci_dma_ops(struct dma_map_ops *dma_ops);
2185-extern struct dma_map_ops *get_pci_dma_ops(void);
2186+extern void set_pci_dma_ops(const struct dma_map_ops *dma_ops);
2187+extern const struct dma_map_ops *get_pci_dma_ops(void);
2188 #else /* CONFIG_PCI */
2189 #define set_pci_dma_ops(d)
2190 #define get_pci_dma_ops() NULL
2191diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/pgtable.h linux-2.6.38.2/arch/powerpc/include/asm/pgtable.h
2192--- linux-2.6.38.2/arch/powerpc/include/asm/pgtable.h 2011-03-14 21:20:32.000000000 -0400
2193+++ linux-2.6.38.2/arch/powerpc/include/asm/pgtable.h 2011-03-21 18:31:35.000000000 -0400
2194@@ -2,6 +2,7 @@
2195 #define _ASM_POWERPC_PGTABLE_H
2196 #ifdef __KERNEL__
2197
2198+#include <linux/const.h>
2199 #ifndef __ASSEMBLY__
2200 #include <asm/processor.h> /* For TASK_SIZE */
2201 #include <asm/mmu.h>
2202diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/pte-hash32.h linux-2.6.38.2/arch/powerpc/include/asm/pte-hash32.h
2203--- linux-2.6.38.2/arch/powerpc/include/asm/pte-hash32.h 2011-03-14 21:20:32.000000000 -0400
2204+++ linux-2.6.38.2/arch/powerpc/include/asm/pte-hash32.h 2011-03-21 18:31:35.000000000 -0400
2205@@ -21,6 +21,7 @@
2206 #define _PAGE_FILE 0x004 /* when !present: nonlinear file mapping */
2207 #define _PAGE_USER 0x004 /* usermode access allowed */
2208 #define _PAGE_GUARDED 0x008 /* G: prohibit speculative access */
2209+#define _PAGE_EXEC _PAGE_GUARDED
2210 #define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
2211 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
2212 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
2213diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/reg.h linux-2.6.38.2/arch/powerpc/include/asm/reg.h
2214--- linux-2.6.38.2/arch/powerpc/include/asm/reg.h 2011-03-23 17:20:06.000000000 -0400
2215+++ linux-2.6.38.2/arch/powerpc/include/asm/reg.h 2011-03-23 17:21:43.000000000 -0400
2216@@ -191,6 +191,7 @@
2217 #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
2218 #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
2219 #define DSISR_NOHPTE 0x40000000 /* no translation found */
2220+#define DSISR_GUARDED 0x10000000 /* fetch from guarded storage */
2221 #define DSISR_PROTFAULT 0x08000000 /* protection fault */
2222 #define DSISR_ISSTORE 0x02000000 /* access was a store */
2223 #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
2224diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/swiotlb.h linux-2.6.38.2/arch/powerpc/include/asm/swiotlb.h
2225--- linux-2.6.38.2/arch/powerpc/include/asm/swiotlb.h 2011-03-14 21:20:32.000000000 -0400
2226+++ linux-2.6.38.2/arch/powerpc/include/asm/swiotlb.h 2011-03-21 18:31:35.000000000 -0400
2227@@ -13,7 +13,7 @@
2228
2229 #include <linux/swiotlb.h>
2230
2231-extern struct dma_map_ops swiotlb_dma_ops;
2232+extern const struct dma_map_ops swiotlb_dma_ops;
2233
2234 static inline void dma_mark_clean(void *addr, size_t size) {}
2235
2236diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/system.h linux-2.6.38.2/arch/powerpc/include/asm/system.h
2237--- linux-2.6.38.2/arch/powerpc/include/asm/system.h 2011-03-14 21:20:32.000000000 -0400
2238+++ linux-2.6.38.2/arch/powerpc/include/asm/system.h 2011-03-21 18:31:35.000000000 -0400
2239@@ -533,7 +533,7 @@ __cmpxchg_local(volatile void *ptr, unsi
2240 #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n))
2241 #endif
2242
2243-extern unsigned long arch_align_stack(unsigned long sp);
2244+#define arch_align_stack(x) ((x) & ~0xfUL)
2245
2246 /* Used in very early kernel initialization. */
2247 extern unsigned long reloc_offset(void);
2248diff -urNp linux-2.6.38.2/arch/powerpc/include/asm/uaccess.h linux-2.6.38.2/arch/powerpc/include/asm/uaccess.h
2249--- linux-2.6.38.2/arch/powerpc/include/asm/uaccess.h 2011-03-14 21:20:32.000000000 -0400
2250+++ linux-2.6.38.2/arch/powerpc/include/asm/uaccess.h 2011-03-21 18:31:35.000000000 -0400
2251@@ -13,6 +13,8 @@
2252 #define VERIFY_READ 0
2253 #define VERIFY_WRITE 1
2254
2255+extern void check_object_size(const void *ptr, unsigned long n, bool to);
2256+
2257 /*
2258 * The fs value determines whether argument validity checking should be
2259 * performed or not. If get_fs() == USER_DS, checking is performed, with
2260@@ -327,52 +329,6 @@ do { \
2261 extern unsigned long __copy_tofrom_user(void __user *to,
2262 const void __user *from, unsigned long size);
2263
2264-#ifndef __powerpc64__
2265-
2266-static inline unsigned long copy_from_user(void *to,
2267- const void __user *from, unsigned long n)
2268-{
2269- unsigned long over;
2270-
2271- if (access_ok(VERIFY_READ, from, n))
2272- return __copy_tofrom_user((__force void __user *)to, from, n);
2273- if ((unsigned long)from < TASK_SIZE) {
2274- over = (unsigned long)from + n - TASK_SIZE;
2275- return __copy_tofrom_user((__force void __user *)to, from,
2276- n - over) + over;
2277- }
2278- return n;
2279-}
2280-
2281-static inline unsigned long copy_to_user(void __user *to,
2282- const void *from, unsigned long n)
2283-{
2284- unsigned long over;
2285-
2286- if (access_ok(VERIFY_WRITE, to, n))
2287- return __copy_tofrom_user(to, (__force void __user *)from, n);
2288- if ((unsigned long)to < TASK_SIZE) {
2289- over = (unsigned long)to + n - TASK_SIZE;
2290- return __copy_tofrom_user(to, (__force void __user *)from,
2291- n - over) + over;
2292- }
2293- return n;
2294-}
2295-
2296-#else /* __powerpc64__ */
2297-
2298-#define __copy_in_user(to, from, size) \
2299- __copy_tofrom_user((to), (from), (size))
2300-
2301-extern unsigned long copy_from_user(void *to, const void __user *from,
2302- unsigned long n);
2303-extern unsigned long copy_to_user(void __user *to, const void *from,
2304- unsigned long n);
2305-extern unsigned long copy_in_user(void __user *to, const void __user *from,
2306- unsigned long n);
2307-
2308-#endif /* __powerpc64__ */
2309-
2310 static inline unsigned long __copy_from_user_inatomic(void *to,
2311 const void __user *from, unsigned long n)
2312 {
2313@@ -396,6 +352,10 @@ static inline unsigned long __copy_from_
2314 if (ret == 0)
2315 return 0;
2316 }
2317+
2318+ if (!__builtin_constant_p(n))
2319+ check_object_size(to, n, false);
2320+
2321 return __copy_tofrom_user((__force void __user *)to, from, n);
2322 }
2323
2324@@ -422,6 +382,10 @@ static inline unsigned long __copy_to_us
2325 if (ret == 0)
2326 return 0;
2327 }
2328+
2329+ if (!__builtin_constant_p(n))
2330+ check_object_size(from, n, true);
2331+
2332 return __copy_tofrom_user(to, (__force const void __user *)from, n);
2333 }
2334
2335@@ -439,6 +403,92 @@ static inline unsigned long __copy_to_us
2336 return __copy_to_user_inatomic(to, from, size);
2337 }
2338
2339+#ifndef __powerpc64__
2340+
2341+static inline unsigned long __must_check copy_from_user(void *to,
2342+ const void __user *from, unsigned long n)
2343+{
2344+ unsigned long over;
2345+
2346+ if ((long)n < 0)
2347+ return n;
2348+
2349+ if (access_ok(VERIFY_READ, from, n)) {
2350+ if (!__builtin_constant_p(n))
2351+ check_object_size(to, n, false);
2352+ return __copy_tofrom_user((__force void __user *)to, from, n);
2353+ }
2354+ if ((unsigned long)from < TASK_SIZE) {
2355+ over = (unsigned long)from + n - TASK_SIZE;
2356+ if (!__builtin_constant_p(n - over))
2357+ check_object_size(to, n - over, false);
2358+ return __copy_tofrom_user((__force void __user *)to, from,
2359+ n - over) + over;
2360+ }
2361+ return n;
2362+}
2363+
2364+static inline unsigned long __must_check copy_to_user(void __user *to,
2365+ const void *from, unsigned long n)
2366+{
2367+ unsigned long over;
2368+
2369+ if ((long)n < 0)
2370+ return n;
2371+
2372+ if (access_ok(VERIFY_WRITE, to, n)) {
2373+ if (!__builtin_constant_p(n))
2374+ check_object_size(from, n, true);
2375+ return __copy_tofrom_user(to, (__force void __user *)from, n);
2376+ }
2377+ if ((unsigned long)to < TASK_SIZE) {
2378+ over = (unsigned long)to + n - TASK_SIZE;
2379+ if (!__builtin_constant_p(n))
2380+ check_object_size(from, n - over, true);
2381+ return __copy_tofrom_user(to, (__force void __user *)from,
2382+ n - over) + over;
2383+ }
2384+ return n;
2385+}
2386+
2387+#else /* __powerpc64__ */
2388+
2389+#define __copy_in_user(to, from, size) \
2390+ __copy_tofrom_user((to), (from), (size))
2391+
2392+static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
2393+{
2394+ if ((long)n < 0 || n > INT_MAX)
2395+ return n;
2396+
2397+ if (!__builtin_constant_p(n))
2398+ check_object_size(to, n, false);
2399+
2400+ if (likely(access_ok(VERIFY_READ, from, n)))
2401+ n = __copy_from_user(to, from, n);
2402+ else
2403+ memset(to, 0, n);
2404+ return n;
2405+}
2406+
2407+static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
2408+{
2409+ if ((long)n < 0 || n > INT_MAX)
2410+ return n;
2411+
2412+ if (likely(access_ok(VERIFY_WRITE, to, n))) {
2413+ if (!__builtin_constant_p(n))
2414+ check_object_size(from, n, true);
2415+ n = __copy_to_user(to, from, n);
2416+ }
2417+ return n;
2418+}
2419+
2420+extern unsigned long copy_in_user(void __user *to, const void __user *from,
2421+ unsigned long n);
2422+
2423+#endif /* __powerpc64__ */
2424+
2425 extern unsigned long __clear_user(void __user *addr, unsigned long size);
2426
2427 static inline unsigned long clear_user(void __user *addr, unsigned long size)
2428diff -urNp linux-2.6.38.2/arch/powerpc/kernel/dma.c linux-2.6.38.2/arch/powerpc/kernel/dma.c
2429--- linux-2.6.38.2/arch/powerpc/kernel/dma.c 2011-03-14 21:20:32.000000000 -0400
2430+++ linux-2.6.38.2/arch/powerpc/kernel/dma.c 2011-03-21 18:31:35.000000000 -0400
2431@@ -136,7 +136,7 @@ static inline void dma_direct_sync_singl
2432 }
2433 #endif
2434
2435-struct dma_map_ops dma_direct_ops = {
2436+const struct dma_map_ops dma_direct_ops = {
2437 .alloc_coherent = dma_direct_alloc_coherent,
2438 .free_coherent = dma_direct_free_coherent,
2439 .map_sg = dma_direct_map_sg,
2440@@ -157,7 +157,7 @@ EXPORT_SYMBOL(dma_direct_ops);
2441
2442 int dma_set_mask(struct device *dev, u64 dma_mask)
2443 {
2444- struct dma_map_ops *dma_ops = get_dma_ops(dev);
2445+ const struct dma_map_ops *dma_ops = get_dma_ops(dev);
2446
2447 if (ppc_md.dma_set_mask)
2448 return ppc_md.dma_set_mask(dev, dma_mask);
2449diff -urNp linux-2.6.38.2/arch/powerpc/kernel/dma-iommu.c linux-2.6.38.2/arch/powerpc/kernel/dma-iommu.c
2450--- linux-2.6.38.2/arch/powerpc/kernel/dma-iommu.c 2011-03-14 21:20:32.000000000 -0400
2451+++ linux-2.6.38.2/arch/powerpc/kernel/dma-iommu.c 2011-03-21 18:31:35.000000000 -0400
2452@@ -70,7 +70,7 @@ static void dma_iommu_unmap_sg(struct de
2453 }
2454
2455 /* We support DMA to/from any memory page via the iommu */
2456-static int dma_iommu_dma_supported(struct device *dev, u64 mask)
2457+int dma_iommu_dma_supported(struct device *dev, u64 mask)
2458 {
2459 struct iommu_table *tbl = get_iommu_table_base(dev);
2460
2461@@ -90,7 +90,7 @@ static int dma_iommu_dma_supported(struc
2462 return 1;
2463 }
2464
2465-struct dma_map_ops dma_iommu_ops = {
2466+struct dma_map_ops dma_iommu_ops = { /* cannot be const, see arch/powerpc/platforms/cell/iommu.c */
2467 .alloc_coherent = dma_iommu_alloc_coherent,
2468 .free_coherent = dma_iommu_free_coherent,
2469 .map_sg = dma_iommu_map_sg,
2470diff -urNp linux-2.6.38.2/arch/powerpc/kernel/dma-swiotlb.c linux-2.6.38.2/arch/powerpc/kernel/dma-swiotlb.c
2471--- linux-2.6.38.2/arch/powerpc/kernel/dma-swiotlb.c 2011-03-14 21:20:32.000000000 -0400
2472+++ linux-2.6.38.2/arch/powerpc/kernel/dma-swiotlb.c 2011-03-21 18:31:35.000000000 -0400
2473@@ -31,7 +31,7 @@ unsigned int ppc_swiotlb_enable;
2474 * map_page, and unmap_page on highmem, use normal dma_ops
2475 * for everything else.
2476 */
2477-struct dma_map_ops swiotlb_dma_ops = {
2478+const struct dma_map_ops swiotlb_dma_ops = {
2479 .alloc_coherent = dma_direct_alloc_coherent,
2480 .free_coherent = dma_direct_free_coherent,
2481 .map_sg = swiotlb_map_sg_attrs,
2482diff -urNp linux-2.6.38.2/arch/powerpc/kernel/exceptions-64e.S linux-2.6.38.2/arch/powerpc/kernel/exceptions-64e.S
2483--- linux-2.6.38.2/arch/powerpc/kernel/exceptions-64e.S 2011-03-14 21:20:32.000000000 -0400
2484+++ linux-2.6.38.2/arch/powerpc/kernel/exceptions-64e.S 2011-03-21 18:31:35.000000000 -0400
2485@@ -495,6 +495,7 @@ storage_fault_common:
2486 std r14,_DAR(r1)
2487 std r15,_DSISR(r1)
2488 addi r3,r1,STACK_FRAME_OVERHEAD
2489+ bl .save_nvgprs
2490 mr r4,r14
2491 mr r5,r15
2492 ld r14,PACA_EXGEN+EX_R14(r13)
2493@@ -504,8 +505,7 @@ storage_fault_common:
2494 cmpdi r3,0
2495 bne- 1f
2496 b .ret_from_except_lite
2497-1: bl .save_nvgprs
2498- mr r5,r3
2499+1: mr r5,r3
2500 addi r3,r1,STACK_FRAME_OVERHEAD
2501 ld r4,_DAR(r1)
2502 bl .bad_page_fault
2503diff -urNp linux-2.6.38.2/arch/powerpc/kernel/exceptions-64s.S linux-2.6.38.2/arch/powerpc/kernel/exceptions-64s.S
2504--- linux-2.6.38.2/arch/powerpc/kernel/exceptions-64s.S 2011-03-14 21:20:32.000000000 -0400
2505+++ linux-2.6.38.2/arch/powerpc/kernel/exceptions-64s.S 2011-03-21 18:31:35.000000000 -0400
2506@@ -848,10 +848,10 @@ handle_page_fault:
2507 11: ld r4,_DAR(r1)
2508 ld r5,_DSISR(r1)
2509 addi r3,r1,STACK_FRAME_OVERHEAD
2510+ bl .save_nvgprs
2511 bl .do_page_fault
2512 cmpdi r3,0
2513 beq+ 13f
2514- bl .save_nvgprs
2515 mr r5,r3
2516 addi r3,r1,STACK_FRAME_OVERHEAD
2517 lwz r4,_DAR(r1)
2518diff -urNp linux-2.6.38.2/arch/powerpc/kernel/ibmebus.c linux-2.6.38.2/arch/powerpc/kernel/ibmebus.c
2519--- linux-2.6.38.2/arch/powerpc/kernel/ibmebus.c 2011-03-14 21:20:32.000000000 -0400
2520+++ linux-2.6.38.2/arch/powerpc/kernel/ibmebus.c 2011-03-21 18:31:35.000000000 -0400
2521@@ -128,7 +128,7 @@ static int ibmebus_dma_supported(struct
2522 return 1;
2523 }
2524
2525-static struct dma_map_ops ibmebus_dma_ops = {
2526+static const struct dma_map_ops ibmebus_dma_ops = {
2527 .alloc_coherent = ibmebus_alloc_coherent,
2528 .free_coherent = ibmebus_free_coherent,
2529 .map_sg = ibmebus_map_sg,
2530diff -urNp linux-2.6.38.2/arch/powerpc/kernel/kgdb.c linux-2.6.38.2/arch/powerpc/kernel/kgdb.c
2531--- linux-2.6.38.2/arch/powerpc/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
2532+++ linux-2.6.38.2/arch/powerpc/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
2533@@ -422,7 +422,7 @@ int kgdb_arch_handle_exception(int vecto
2534 /*
2535 * Global data
2536 */
2537-struct kgdb_arch arch_kgdb_ops = {
2538+const struct kgdb_arch arch_kgdb_ops = {
2539 .gdb_bpt_instr = {0x7d, 0x82, 0x10, 0x08},
2540 };
2541
2542diff -urNp linux-2.6.38.2/arch/powerpc/kernel/module_32.c linux-2.6.38.2/arch/powerpc/kernel/module_32.c
2543--- linux-2.6.38.2/arch/powerpc/kernel/module_32.c 2011-03-14 21:20:32.000000000 -0400
2544+++ linux-2.6.38.2/arch/powerpc/kernel/module_32.c 2011-03-21 18:31:35.000000000 -0400
2545@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
2546 me->arch.core_plt_section = i;
2547 }
2548 if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
2549- printk("Module doesn't contain .plt or .init.plt sections.\n");
2550+ printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
2551 return -ENOEXEC;
2552 }
2553
2554@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
2555
2556 DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
2557 /* Init, or core PLT? */
2558- if (location >= mod->module_core
2559- && location < mod->module_core + mod->core_size)
2560+ if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
2561+ (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
2562 entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
2563- else
2564+ else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
2565+ (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
2566 entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
2567+ else {
2568+ printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
2569+ return ~0UL;
2570+ }
2571
2572 /* Find this entry, or if that fails, the next avail. entry */
2573 while (entry->jump[0]) {
2574diff -urNp linux-2.6.38.2/arch/powerpc/kernel/module.c linux-2.6.38.2/arch/powerpc/kernel/module.c
2575--- linux-2.6.38.2/arch/powerpc/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
2576+++ linux-2.6.38.2/arch/powerpc/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
2577@@ -31,11 +31,24 @@
2578
2579 LIST_HEAD(module_bug_list);
2580
2581+#ifdef CONFIG_PAX_KERNEXEC
2582 void *module_alloc(unsigned long size)
2583 {
2584 if (size == 0)
2585 return NULL;
2586
2587+ return vmalloc(size);
2588+}
2589+
2590+void *module_alloc_exec(unsigned long size)
2591+#else
2592+void *module_alloc(unsigned long size)
2593+#endif
2594+
2595+{
2596+ if (size == 0)
2597+ return NULL;
2598+
2599 return vmalloc_exec(size);
2600 }
2601
2602@@ -45,6 +58,13 @@ void module_free(struct module *mod, voi
2603 vfree(module_region);
2604 }
2605
2606+#ifdef CONFIG_PAX_KERNEXEC
2607+void module_free_exec(struct module *mod, void *module_region)
2608+{
2609+ module_free(mod, module_region);
2610+}
2611+#endif
2612+
2613 static const Elf_Shdr *find_section(const Elf_Ehdr *hdr,
2614 const Elf_Shdr *sechdrs,
2615 const char *name)
2616diff -urNp linux-2.6.38.2/arch/powerpc/kernel/pci-common.c linux-2.6.38.2/arch/powerpc/kernel/pci-common.c
2617--- linux-2.6.38.2/arch/powerpc/kernel/pci-common.c 2011-03-14 21:20:32.000000000 -0400
2618+++ linux-2.6.38.2/arch/powerpc/kernel/pci-common.c 2011-03-21 18:31:35.000000000 -0400
2619@@ -52,14 +52,14 @@ resource_size_t isa_mem_base;
2620 unsigned int ppc_pci_flags = 0;
2621
2622
2623-static struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2624+static const struct dma_map_ops *pci_dma_ops = &dma_direct_ops;
2625
2626-void set_pci_dma_ops(struct dma_map_ops *dma_ops)
2627+void set_pci_dma_ops(const struct dma_map_ops *dma_ops)
2628 {
2629 pci_dma_ops = dma_ops;
2630 }
2631
2632-struct dma_map_ops *get_pci_dma_ops(void)
2633+const struct dma_map_ops *get_pci_dma_ops(void)
2634 {
2635 return pci_dma_ops;
2636 }
2637diff -urNp linux-2.6.38.2/arch/powerpc/kernel/process.c linux-2.6.38.2/arch/powerpc/kernel/process.c
2638--- linux-2.6.38.2/arch/powerpc/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
2639+++ linux-2.6.38.2/arch/powerpc/kernel/process.c 2011-03-21 18:31:35.000000000 -0400
2640@@ -655,8 +655,8 @@ void show_regs(struct pt_regs * regs)
2641 * Lookup NIP late so we have the best change of getting the
2642 * above info out without failing
2643 */
2644- printk("NIP ["REG"] %pS\n", regs->nip, (void *)regs->nip);
2645- printk("LR ["REG"] %pS\n", regs->link, (void *)regs->link);
2646+ printk("NIP ["REG"] %pA\n", regs->nip, (void *)regs->nip);
2647+ printk("LR ["REG"] %pA\n", regs->link, (void *)regs->link);
2648 #endif
2649 show_stack(current, (unsigned long *) regs->gpr[1]);
2650 if (!user_mode(regs))
2651@@ -1146,10 +1146,10 @@ void show_stack(struct task_struct *tsk,
2652 newsp = stack[0];
2653 ip = stack[STACK_FRAME_LR_SAVE];
2654 if (!firstframe || ip != lr) {
2655- printk("["REG"] ["REG"] %pS", sp, ip, (void *)ip);
2656+ printk("["REG"] ["REG"] %pA", sp, ip, (void *)ip);
2657 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
2658 if ((ip == rth || ip == mrth) && curr_frame >= 0) {
2659- printk(" (%pS)",
2660+ printk(" (%pA)",
2661 (void *)current->ret_stack[curr_frame].ret);
2662 curr_frame--;
2663 }
2664@@ -1169,7 +1169,7 @@ void show_stack(struct task_struct *tsk,
2665 struct pt_regs *regs = (struct pt_regs *)
2666 (sp + STACK_FRAME_OVERHEAD);
2667 lr = regs->link;
2668- printk("--- Exception: %lx at %pS\n LR = %pS\n",
2669+ printk("--- Exception: %lx at %pA\n LR = %pA\n",
2670 regs->trap, (void *)regs->nip, (void *)lr);
2671 firstframe = 1;
2672 }
2673@@ -1244,58 +1244,3 @@ void thread_info_cache_init(void)
2674 }
2675
2676 #endif /* THREAD_SHIFT < PAGE_SHIFT */
2677-
2678-unsigned long arch_align_stack(unsigned long sp)
2679-{
2680- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
2681- sp -= get_random_int() & ~PAGE_MASK;
2682- return sp & ~0xf;
2683-}
2684-
2685-static inline unsigned long brk_rnd(void)
2686-{
2687- unsigned long rnd = 0;
2688-
2689- /* 8MB for 32bit, 1GB for 64bit */
2690- if (is_32bit_task())
2691- rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
2692- else
2693- rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
2694-
2695- return rnd << PAGE_SHIFT;
2696-}
2697-
2698-unsigned long arch_randomize_brk(struct mm_struct *mm)
2699-{
2700- unsigned long base = mm->brk;
2701- unsigned long ret;
2702-
2703-#ifdef CONFIG_PPC_STD_MMU_64
2704- /*
2705- * If we are using 1TB segments and we are allowed to randomise
2706- * the heap, we can put it above 1TB so it is backed by a 1TB
2707- * segment. Otherwise the heap will be in the bottom 1TB
2708- * which always uses 256MB segments and this may result in a
2709- * performance penalty.
2710- */
2711- if (!is_32bit_task() && (mmu_highuser_ssize == MMU_SEGSIZE_1T))
2712- base = max_t(unsigned long, mm->brk, 1UL << SID_SHIFT_1T);
2713-#endif
2714-
2715- ret = PAGE_ALIGN(base + brk_rnd());
2716-
2717- if (ret < mm->brk)
2718- return mm->brk;
2719-
2720- return ret;
2721-}
2722-
2723-unsigned long randomize_et_dyn(unsigned long base)
2724-{
2725- unsigned long ret = PAGE_ALIGN(base + brk_rnd());
2726-
2727- if (ret < base)
2728- return base;
2729-
2730- return ret;
2731-}
2732diff -urNp linux-2.6.38.2/arch/powerpc/kernel/signal_32.c linux-2.6.38.2/arch/powerpc/kernel/signal_32.c
2733--- linux-2.6.38.2/arch/powerpc/kernel/signal_32.c 2011-03-14 21:20:32.000000000 -0400
2734+++ linux-2.6.38.2/arch/powerpc/kernel/signal_32.c 2011-03-21 18:31:35.000000000 -0400
2735@@ -858,7 +858,7 @@ int handle_rt_signal32(unsigned long sig
2736 /* Save user registers on the stack */
2737 frame = &rt_sf->uc.uc_mcontext;
2738 addr = frame;
2739- if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
2740+ if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2741 if (save_user_regs(regs, frame, 0, 1))
2742 goto badframe;
2743 regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
2744diff -urNp linux-2.6.38.2/arch/powerpc/kernel/signal_64.c linux-2.6.38.2/arch/powerpc/kernel/signal_64.c
2745--- linux-2.6.38.2/arch/powerpc/kernel/signal_64.c 2011-03-14 21:20:32.000000000 -0400
2746+++ linux-2.6.38.2/arch/powerpc/kernel/signal_64.c 2011-03-21 18:31:35.000000000 -0400
2747@@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct
2748 current->thread.fpscr.val = 0;
2749
2750 /* Set up to return from userspace. */
2751- if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
2752+ if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
2753 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
2754 } else {
2755 err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
2756diff -urNp linux-2.6.38.2/arch/powerpc/kernel/vdso.c linux-2.6.38.2/arch/powerpc/kernel/vdso.c
2757--- linux-2.6.38.2/arch/powerpc/kernel/vdso.c 2011-03-14 21:20:32.000000000 -0400
2758+++ linux-2.6.38.2/arch/powerpc/kernel/vdso.c 2011-03-21 18:31:35.000000000 -0400
2759@@ -36,6 +36,7 @@
2760 #include <asm/firmware.h>
2761 #include <asm/vdso.h>
2762 #include <asm/vdso_datapage.h>
2763+#include <asm/mman.h>
2764
2765 #include "setup.h"
2766
2767@@ -220,7 +221,7 @@ int arch_setup_additional_pages(struct l
2768 vdso_base = VDSO32_MBASE;
2769 #endif
2770
2771- current->mm->context.vdso_base = 0;
2772+ current->mm->context.vdso_base = ~0UL;
2773
2774 /* vDSO has a problem and was disabled, just don't "enable" it for the
2775 * process
2776@@ -240,7 +241,7 @@ int arch_setup_additional_pages(struct l
2777 vdso_base = get_unmapped_area(NULL, vdso_base,
2778 (vdso_pages << PAGE_SHIFT) +
2779 ((VDSO_ALIGNMENT - 1) & PAGE_MASK),
2780- 0, 0);
2781+ 0, MAP_PRIVATE | MAP_EXECUTABLE);
2782 if (IS_ERR_VALUE(vdso_base)) {
2783 rc = vdso_base;
2784 goto fail_mmapsem;
2785diff -urNp linux-2.6.38.2/arch/powerpc/kernel/vio.c linux-2.6.38.2/arch/powerpc/kernel/vio.c
2786--- linux-2.6.38.2/arch/powerpc/kernel/vio.c 2011-03-14 21:20:32.000000000 -0400
2787+++ linux-2.6.38.2/arch/powerpc/kernel/vio.c 2011-03-21 18:31:35.000000000 -0400
2788@@ -605,11 +605,12 @@ static int vio_dma_iommu_dma_supported(s
2789 return dma_iommu_ops.dma_supported(dev, mask);
2790 }
2791
2792-struct dma_map_ops vio_dma_mapping_ops = {
2793+const struct dma_map_ops vio_dma_mapping_ops = {
2794 .alloc_coherent = vio_dma_iommu_alloc_coherent,
2795 .free_coherent = vio_dma_iommu_free_coherent,
2796 .map_sg = vio_dma_iommu_map_sg,
2797 .unmap_sg = vio_dma_iommu_unmap_sg,
2798+ .dma_supported = dma_iommu_dma_supported,
2799 .map_page = vio_dma_iommu_map_page,
2800 .unmap_page = vio_dma_iommu_unmap_page,
2801 .dma_supported = vio_dma_iommu_dma_supported,
2802diff -urNp linux-2.6.38.2/arch/powerpc/lib/usercopy_64.c linux-2.6.38.2/arch/powerpc/lib/usercopy_64.c
2803--- linux-2.6.38.2/arch/powerpc/lib/usercopy_64.c 2011-03-14 21:20:32.000000000 -0400
2804+++ linux-2.6.38.2/arch/powerpc/lib/usercopy_64.c 2011-03-21 18:31:35.000000000 -0400
2805@@ -9,22 +9,6 @@
2806 #include <linux/module.h>
2807 #include <asm/uaccess.h>
2808
2809-unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
2810-{
2811- if (likely(access_ok(VERIFY_READ, from, n)))
2812- n = __copy_from_user(to, from, n);
2813- else
2814- memset(to, 0, n);
2815- return n;
2816-}
2817-
2818-unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
2819-{
2820- if (likely(access_ok(VERIFY_WRITE, to, n)))
2821- n = __copy_to_user(to, from, n);
2822- return n;
2823-}
2824-
2825 unsigned long copy_in_user(void __user *to, const void __user *from,
2826 unsigned long n)
2827 {
2828@@ -35,7 +19,5 @@ unsigned long copy_in_user(void __user *
2829 return n;
2830 }
2831
2832-EXPORT_SYMBOL(copy_from_user);
2833-EXPORT_SYMBOL(copy_to_user);
2834 EXPORT_SYMBOL(copy_in_user);
2835
2836diff -urNp linux-2.6.38.2/arch/powerpc/mm/fault.c linux-2.6.38.2/arch/powerpc/mm/fault.c
2837--- linux-2.6.38.2/arch/powerpc/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
2838+++ linux-2.6.38.2/arch/powerpc/mm/fault.c 2011-03-21 18:31:35.000000000 -0400
2839@@ -31,6 +31,10 @@
2840 #include <linux/kdebug.h>
2841 #include <linux/perf_event.h>
2842 #include <linux/magic.h>
2843+#include <linux/slab.h>
2844+#include <linux/pagemap.h>
2845+#include <linux/compiler.h>
2846+#include <linux/unistd.h>
2847
2848 #include <asm/firmware.h>
2849 #include <asm/page.h>
2850@@ -42,6 +46,7 @@
2851 #include <asm/tlbflush.h>
2852 #include <asm/siginfo.h>
2853 #include <mm/mmu_decl.h>
2854+#include <asm/ptrace.h>
2855
2856 #ifdef CONFIG_KPROBES
2857 static inline int notify_page_fault(struct pt_regs *regs)
2858@@ -65,6 +70,33 @@ static inline int notify_page_fault(stru
2859 }
2860 #endif
2861
2862+#ifdef CONFIG_PAX_PAGEEXEC
2863+/*
2864+ * PaX: decide what to do with offenders (regs->nip = fault address)
2865+ *
2866+ * returns 1 when task should be killed
2867+ */
2868+static int pax_handle_fetch_fault(struct pt_regs *regs)
2869+{
2870+ return 1;
2871+}
2872+
2873+void pax_report_insns(void *pc, void *sp)
2874+{
2875+ unsigned long i;
2876+
2877+ printk(KERN_ERR "PAX: bytes at PC: ");
2878+ for (i = 0; i < 5; i++) {
2879+ unsigned int c;
2880+ if (get_user(c, (unsigned int __user *)pc+i))
2881+ printk(KERN_CONT "???????? ");
2882+ else
2883+ printk(KERN_CONT "%08x ", c);
2884+ }
2885+ printk("\n");
2886+}
2887+#endif
2888+
2889 /*
2890 * Check whether the instruction at regs->nip is a store using
2891 * an update addressing form which will update r1.
2892@@ -135,7 +167,7 @@ int __kprobes do_page_fault(struct pt_re
2893 * indicate errors in DSISR but can validly be set in SRR1.
2894 */
2895 if (trap == 0x400)
2896- error_code &= 0x48200000;
2897+ error_code &= 0x58200000;
2898 else
2899 is_write = error_code & DSISR_ISSTORE;
2900 #else
2901@@ -258,7 +290,7 @@ good_area:
2902 * "undefined". Of those that can be set, this is the only
2903 * one which seems bad.
2904 */
2905- if (error_code & 0x10000000)
2906+ if (error_code & DSISR_GUARDED)
2907 /* Guarded storage error. */
2908 goto bad_area;
2909 #endif /* CONFIG_8xx */
2910@@ -273,7 +305,7 @@ good_area:
2911 * processors use the same I/D cache coherency mechanism
2912 * as embedded.
2913 */
2914- if (error_code & DSISR_PROTFAULT)
2915+ if (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))
2916 goto bad_area;
2917 #endif /* CONFIG_PPC_STD_MMU */
2918
2919@@ -342,6 +374,23 @@ bad_area:
2920 bad_area_nosemaphore:
2921 /* User mode accesses cause a SIGSEGV */
2922 if (user_mode(regs)) {
2923+
2924+#ifdef CONFIG_PAX_PAGEEXEC
2925+ if (mm->pax_flags & MF_PAX_PAGEEXEC) {
2926+#ifdef CONFIG_PPC_STD_MMU
2927+ if (is_exec && (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))) {
2928+#else
2929+ if (is_exec && regs->nip == address) {
2930+#endif
2931+ switch (pax_handle_fetch_fault(regs)) {
2932+ }
2933+
2934+ pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]);
2935+ do_group_exit(SIGKILL);
2936+ }
2937+ }
2938+#endif
2939+
2940 _exception(SIGSEGV, regs, code, address);
2941 return 0;
2942 }
2943diff -urNp linux-2.6.38.2/arch/powerpc/mm/mmap_64.c linux-2.6.38.2/arch/powerpc/mm/mmap_64.c
2944--- linux-2.6.38.2/arch/powerpc/mm/mmap_64.c 2011-03-14 21:20:32.000000000 -0400
2945+++ linux-2.6.38.2/arch/powerpc/mm/mmap_64.c 2011-03-21 18:31:35.000000000 -0400
2946@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_str
2947 */
2948 if (mmap_is_legacy()) {
2949 mm->mmap_base = TASK_UNMAPPED_BASE;
2950+
2951+#ifdef CONFIG_PAX_RANDMMAP
2952+ if (mm->pax_flags & MF_PAX_RANDMMAP)
2953+ mm->mmap_base += mm->delta_mmap;
2954+#endif
2955+
2956 mm->get_unmapped_area = arch_get_unmapped_area;
2957 mm->unmap_area = arch_unmap_area;
2958 } else {
2959 mm->mmap_base = mmap_base();
2960+
2961+#ifdef CONFIG_PAX_RANDMMAP
2962+ if (mm->pax_flags & MF_PAX_RANDMMAP)
2963+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
2964+#endif
2965+
2966 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
2967 mm->unmap_area = arch_unmap_area_topdown;
2968 }
2969diff -urNp linux-2.6.38.2/arch/powerpc/mm/slice.c linux-2.6.38.2/arch/powerpc/mm/slice.c
2970--- linux-2.6.38.2/arch/powerpc/mm/slice.c 2011-03-14 21:20:32.000000000 -0400
2971+++ linux-2.6.38.2/arch/powerpc/mm/slice.c 2011-03-21 23:47:41.000000000 -0400
2972@@ -98,7 +98,7 @@ static int slice_area_is_free(struct mm_
2973 if ((mm->task_size - len) < addr)
2974 return 0;
2975 vma = find_vma(mm, addr);
2976- return (!vma || (addr + len) <= vma->vm_start);
2977+ return check_heap_stack_gap(vma, addr, len);
2978 }
2979
2980 static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice)
2981@@ -256,7 +256,7 @@ full_search:
2982 addr = _ALIGN_UP(addr + 1, 1ul << SLICE_HIGH_SHIFT);
2983 continue;
2984 }
2985- if (!vma || addr + len <= vma->vm_start) {
2986+ if (check_heap_stack_gap(vma, addr, len)) {
2987 /*
2988 * Remember the place where we stopped the search:
2989 */
2990@@ -313,10 +313,14 @@ static unsigned long slice_find_area_top
2991 }
2992 }
2993
2994- addr = mm->mmap_base;
2995- while (addr > len) {
2996+ if (mm->mmap_base < len)
2997+ addr = -ENOMEM;
2998+ else
2999+ addr = mm->mmap_base - len;
3000+
3001+ while (!IS_ERR_VALUE(addr)) {
3002 /* Go down by chunk size */
3003- addr = _ALIGN_DOWN(addr - len, 1ul << pshift);
3004+ addr = _ALIGN_DOWN(addr, 1ul << pshift);
3005
3006 /* Check for hit with different page size */
3007 mask = slice_range_to_mask(addr, len);
3008@@ -336,7 +340,7 @@ static unsigned long slice_find_area_top
3009 * return with success:
3010 */
3011 vma = find_vma(mm, addr);
3012- if (!vma || (addr + len) <= vma->vm_start) {
3013+ if (check_heap_stack_gap(vma, addr, len)) {
3014 /* remember the address as a hint for next time */
3015 if (use_cache)
3016 mm->free_area_cache = addr;
3017@@ -348,7 +352,7 @@ static unsigned long slice_find_area_top
3018 mm->cached_hole_size = vma->vm_start - addr;
3019
3020 /* try just below the current vma->vm_start */
3021- addr = vma->vm_start;
3022+ addr = skip_heap_stack_gap(vma, len);
3023 }
3024
3025 /*
3026@@ -426,6 +430,11 @@ unsigned long slice_get_unmapped_area(un
3027 if (fixed && addr > (mm->task_size - len))
3028 return -EINVAL;
3029
3030+#ifdef CONFIG_PAX_RANDMMAP
3031+ if (!fixed && (mm->pax_flags & MF_PAX_RANDMMAP))
3032+ addr = 0;
3033+#endif
3034+
3035 /* If hint, make sure it matches our alignment restrictions */
3036 if (!fixed && addr) {
3037 addr = _ALIGN_UP(addr, 1ul << pshift);
3038diff -urNp linux-2.6.38.2/arch/powerpc/platforms/cell/iommu.c linux-2.6.38.2/arch/powerpc/platforms/cell/iommu.c
3039--- linux-2.6.38.2/arch/powerpc/platforms/cell/iommu.c 2011-03-14 21:20:32.000000000 -0400
3040+++ linux-2.6.38.2/arch/powerpc/platforms/cell/iommu.c 2011-03-21 18:31:35.000000000 -0400
3041@@ -642,7 +642,7 @@ static int dma_fixed_dma_supported(struc
3042
3043 static int dma_set_mask_and_switch(struct device *dev, u64 dma_mask);
3044
3045-struct dma_map_ops dma_iommu_fixed_ops = {
3046+const struct dma_map_ops dma_iommu_fixed_ops = {
3047 .alloc_coherent = dma_fixed_alloc_coherent,
3048 .free_coherent = dma_fixed_free_coherent,
3049 .map_sg = dma_fixed_map_sg,
3050diff -urNp linux-2.6.38.2/arch/powerpc/platforms/ps3/system-bus.c linux-2.6.38.2/arch/powerpc/platforms/ps3/system-bus.c
3051--- linux-2.6.38.2/arch/powerpc/platforms/ps3/system-bus.c 2011-03-14 21:20:32.000000000 -0400
3052+++ linux-2.6.38.2/arch/powerpc/platforms/ps3/system-bus.c 2011-03-21 18:31:35.000000000 -0400
3053@@ -695,7 +695,7 @@ static int ps3_dma_supported(struct devi
3054 return mask >= DMA_BIT_MASK(32);
3055 }
3056
3057-static struct dma_map_ops ps3_sb_dma_ops = {
3058+static const struct dma_map_ops ps3_sb_dma_ops = {
3059 .alloc_coherent = ps3_alloc_coherent,
3060 .free_coherent = ps3_free_coherent,
3061 .map_sg = ps3_sb_map_sg,
3062@@ -705,7 +705,7 @@ static struct dma_map_ops ps3_sb_dma_ops
3063 .unmap_page = ps3_unmap_page,
3064 };
3065
3066-static struct dma_map_ops ps3_ioc0_dma_ops = {
3067+static const struct dma_map_ops ps3_ioc0_dma_ops = {
3068 .alloc_coherent = ps3_alloc_coherent,
3069 .free_coherent = ps3_free_coherent,
3070 .map_sg = ps3_ioc0_map_sg,
3071diff -urNp linux-2.6.38.2/arch/powerpc/sysdev/ppc4xx_cpm.c linux-2.6.38.2/arch/powerpc/sysdev/ppc4xx_cpm.c
3072--- linux-2.6.38.2/arch/powerpc/sysdev/ppc4xx_cpm.c 2011-03-14 21:20:32.000000000 -0400
3073+++ linux-2.6.38.2/arch/powerpc/sysdev/ppc4xx_cpm.c 2011-03-21 18:31:35.000000000 -0400
3074@@ -240,7 +240,7 @@ static int cpm_suspend_enter(suspend_sta
3075 return 0;
3076 }
3077
3078-static struct platform_suspend_ops cpm_suspend_ops = {
3079+static const struct platform_suspend_ops cpm_suspend_ops = {
3080 .valid = cpm_suspend_valid,
3081 .enter = cpm_suspend_enter,
3082 };
3083diff -urNp linux-2.6.38.2/arch/s390/include/asm/elf.h linux-2.6.38.2/arch/s390/include/asm/elf.h
3084--- linux-2.6.38.2/arch/s390/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
3085+++ linux-2.6.38.2/arch/s390/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
3086@@ -162,8 +162,14 @@ extern unsigned int vdso_enabled;
3087 the loader. We need to make sure that it is out of the way of the program
3088 that it will "exec", and that there is sufficient room for the brk. */
3089
3090-extern unsigned long randomize_et_dyn(unsigned long base);
3091-#define ELF_ET_DYN_BASE (randomize_et_dyn(STACK_TOP / 3 * 2))
3092+#define ELF_ET_DYN_BASE (STACK_TOP / 3 * 2)
3093+
3094+#ifdef CONFIG_PAX_ASLR
3095+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_31BIT) ? 0x10000UL : 0x80000000UL)
3096+
3097+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_31BIT) ? 15 : 26 )
3098+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_31BIT) ? 15 : 26 )
3099+#endif
3100
3101 /* This yields a mask that user programs can use to figure out what
3102 instruction set this CPU supports. */
3103@@ -222,7 +228,4 @@ struct linux_binprm;
3104 #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
3105 int arch_setup_additional_pages(struct linux_binprm *, int);
3106
3107-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
3108-#define arch_randomize_brk arch_randomize_brk
3109-
3110 #endif
3111diff -urNp linux-2.6.38.2/arch/s390/include/asm/system.h linux-2.6.38.2/arch/s390/include/asm/system.h
3112--- linux-2.6.38.2/arch/s390/include/asm/system.h 2011-03-14 21:20:32.000000000 -0400
3113+++ linux-2.6.38.2/arch/s390/include/asm/system.h 2011-03-21 18:31:35.000000000 -0400
3114@@ -449,7 +449,7 @@ extern void (*_machine_restart)(char *co
3115 extern void (*_machine_halt)(void);
3116 extern void (*_machine_power_off)(void);
3117
3118-extern unsigned long arch_align_stack(unsigned long sp);
3119+#define arch_align_stack(x) ((x) & ~0xfUL)
3120
3121 static inline int tprot(unsigned long addr)
3122 {
3123diff -urNp linux-2.6.38.2/arch/s390/include/asm/uaccess.h linux-2.6.38.2/arch/s390/include/asm/uaccess.h
3124--- linux-2.6.38.2/arch/s390/include/asm/uaccess.h 2011-03-14 21:20:32.000000000 -0400
3125+++ linux-2.6.38.2/arch/s390/include/asm/uaccess.h 2011-03-21 18:31:35.000000000 -0400
3126@@ -234,6 +234,10 @@ static inline unsigned long __must_check
3127 copy_to_user(void __user *to, const void *from, unsigned long n)
3128 {
3129 might_fault();
3130+
3131+ if ((long)n < 0)
3132+ return n;
3133+
3134 if (access_ok(VERIFY_WRITE, to, n))
3135 n = __copy_to_user(to, from, n);
3136 return n;
3137@@ -259,6 +263,9 @@ copy_to_user(void __user *to, const void
3138 static inline unsigned long __must_check
3139 __copy_from_user(void *to, const void __user *from, unsigned long n)
3140 {
3141+ if ((long)n < 0)
3142+ return n;
3143+
3144 if (__builtin_constant_p(n) && (n <= 256))
3145 return uaccess.copy_from_user_small(n, from, to);
3146 else
3147@@ -293,6 +300,10 @@ copy_from_user(void *to, const void __us
3148 unsigned int sz = __compiletime_object_size(to);
3149
3150 might_fault();
3151+
3152+ if ((long)n < 0)
3153+ return n;
3154+
3155 if (unlikely(sz != -1 && sz < n)) {
3156 copy_from_user_overflow();
3157 return n;
3158diff -urNp linux-2.6.38.2/arch/s390/Kconfig linux-2.6.38.2/arch/s390/Kconfig
3159--- linux-2.6.38.2/arch/s390/Kconfig 2011-03-14 21:20:32.000000000 -0400
3160+++ linux-2.6.38.2/arch/s390/Kconfig 2011-03-21 18:31:35.000000000 -0400
3161@@ -233,11 +233,9 @@ config S390_EXEC_PROTECT
3162 prompt "Data execute protection"
3163 help
3164 This option allows to enable a buffer overflow protection for user
3165- space programs and it also selects the addressing mode option above.
3166- The kernel parameter noexec=on will enable this feature and also
3167- switch the addressing modes, default is disabled. Enabling this (via
3168- kernel parameter) on machines earlier than IBM System z9 this will
3169- reduce system performance.
3170+ space programs.
3171+ Enabling this (via kernel parameter) on machines earlier than IBM
3172+ System z9 this will reduce system performance.
3173
3174 comment "Code generation options"
3175
3176diff -urNp linux-2.6.38.2/arch/s390/kernel/module.c linux-2.6.38.2/arch/s390/kernel/module.c
3177--- linux-2.6.38.2/arch/s390/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
3178+++ linux-2.6.38.2/arch/s390/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
3179@@ -168,11 +168,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr,
3180
3181 /* Increase core size by size of got & plt and set start
3182 offsets for got and plt. */
3183- me->core_size = ALIGN(me->core_size, 4);
3184- me->arch.got_offset = me->core_size;
3185- me->core_size += me->arch.got_size;
3186- me->arch.plt_offset = me->core_size;
3187- me->core_size += me->arch.plt_size;
3188+ me->core_size_rw = ALIGN(me->core_size_rw, 4);
3189+ me->arch.got_offset = me->core_size_rw;
3190+ me->core_size_rw += me->arch.got_size;
3191+ me->arch.plt_offset = me->core_size_rx;
3192+ me->core_size_rx += me->arch.plt_size;
3193 return 0;
3194 }
3195
3196@@ -258,7 +258,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3197 if (info->got_initialized == 0) {
3198 Elf_Addr *gotent;
3199
3200- gotent = me->module_core + me->arch.got_offset +
3201+ gotent = me->module_core_rw + me->arch.got_offset +
3202 info->got_offset;
3203 *gotent = val;
3204 info->got_initialized = 1;
3205@@ -282,7 +282,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3206 else if (r_type == R_390_GOTENT ||
3207 r_type == R_390_GOTPLTENT)
3208 *(unsigned int *) loc =
3209- (val + (Elf_Addr) me->module_core - loc) >> 1;
3210+ (val + (Elf_Addr) me->module_core_rw - loc) >> 1;
3211 else if (r_type == R_390_GOT64 ||
3212 r_type == R_390_GOTPLT64)
3213 *(unsigned long *) loc = val;
3214@@ -296,7 +296,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3215 case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */
3216 if (info->plt_initialized == 0) {
3217 unsigned int *ip;
3218- ip = me->module_core + me->arch.plt_offset +
3219+ ip = me->module_core_rx + me->arch.plt_offset +
3220 info->plt_offset;
3221 #ifndef CONFIG_64BIT
3222 ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */
3223@@ -321,7 +321,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3224 val - loc + 0xffffUL < 0x1ffffeUL) ||
3225 (r_type == R_390_PLT32DBL &&
3226 val - loc + 0xffffffffULL < 0x1fffffffeULL)))
3227- val = (Elf_Addr) me->module_core +
3228+ val = (Elf_Addr) me->module_core_rx +
3229 me->arch.plt_offset +
3230 info->plt_offset;
3231 val += rela->r_addend - loc;
3232@@ -343,7 +343,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3233 case R_390_GOTOFF32: /* 32 bit offset to GOT. */
3234 case R_390_GOTOFF64: /* 64 bit offset to GOT. */
3235 val = val + rela->r_addend -
3236- ((Elf_Addr) me->module_core + me->arch.got_offset);
3237+ ((Elf_Addr) me->module_core_rw + me->arch.got_offset);
3238 if (r_type == R_390_GOTOFF16)
3239 *(unsigned short *) loc = val;
3240 else if (r_type == R_390_GOTOFF32)
3241@@ -353,7 +353,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
3242 break;
3243 case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */
3244 case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */
3245- val = (Elf_Addr) me->module_core + me->arch.got_offset +
3246+ val = (Elf_Addr) me->module_core_rw + me->arch.got_offset +
3247 rela->r_addend - loc;
3248 if (r_type == R_390_GOTPC)
3249 *(unsigned int *) loc = val;
3250diff -urNp linux-2.6.38.2/arch/s390/kernel/process.c linux-2.6.38.2/arch/s390/kernel/process.c
3251--- linux-2.6.38.2/arch/s390/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
3252+++ linux-2.6.38.2/arch/s390/kernel/process.c 2011-03-21 18:31:35.000000000 -0400
3253@@ -334,39 +334,3 @@ unsigned long get_wchan(struct task_stru
3254 }
3255 return 0;
3256 }
3257-
3258-unsigned long arch_align_stack(unsigned long sp)
3259-{
3260- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
3261- sp -= get_random_int() & ~PAGE_MASK;
3262- return sp & ~0xf;
3263-}
3264-
3265-static inline unsigned long brk_rnd(void)
3266-{
3267- /* 8MB for 32bit, 1GB for 64bit */
3268- if (is_32bit_task())
3269- return (get_random_int() & 0x7ffUL) << PAGE_SHIFT;
3270- else
3271- return (get_random_int() & 0x3ffffUL) << PAGE_SHIFT;
3272-}
3273-
3274-unsigned long arch_randomize_brk(struct mm_struct *mm)
3275-{
3276- unsigned long ret = PAGE_ALIGN(mm->brk + brk_rnd());
3277-
3278- if (ret < mm->brk)
3279- return mm->brk;
3280- return ret;
3281-}
3282-
3283-unsigned long randomize_et_dyn(unsigned long base)
3284-{
3285- unsigned long ret = PAGE_ALIGN(base + brk_rnd());
3286-
3287- if (!(current->flags & PF_RANDOMIZE))
3288- return base;
3289- if (ret < base)
3290- return base;
3291- return ret;
3292-}
3293diff -urNp linux-2.6.38.2/arch/s390/kernel/setup.c linux-2.6.38.2/arch/s390/kernel/setup.c
3294--- linux-2.6.38.2/arch/s390/kernel/setup.c 2011-03-14 21:20:32.000000000 -0400
3295+++ linux-2.6.38.2/arch/s390/kernel/setup.c 2011-03-21 18:31:35.000000000 -0400
3296@@ -281,7 +281,7 @@ static int __init early_parse_mem(char *
3297 }
3298 early_param("mem", early_parse_mem);
3299
3300-unsigned int user_mode = HOME_SPACE_MODE;
3301+unsigned int user_mode = SECONDARY_SPACE_MODE;
3302 EXPORT_SYMBOL_GPL(user_mode);
3303
3304 static int set_amode_and_uaccess(unsigned long user_amode,
3305@@ -310,17 +310,6 @@ static int set_amode_and_uaccess(unsigne
3306 }
3307 }
3308
3309-/*
3310- * Switch kernel/user addressing modes?
3311- */
3312-static int __init early_parse_switch_amode(char *p)
3313-{
3314- if (user_mode != SECONDARY_SPACE_MODE)
3315- user_mode = PRIMARY_SPACE_MODE;
3316- return 0;
3317-}
3318-early_param("switch_amode", early_parse_switch_amode);
3319-
3320 static int __init early_parse_user_mode(char *p)
3321 {
3322 if (p && strcmp(p, "primary") == 0)
3323@@ -337,20 +326,6 @@ static int __init early_parse_user_mode(
3324 }
3325 early_param("user_mode", early_parse_user_mode);
3326
3327-#ifdef CONFIG_S390_EXEC_PROTECT
3328-/*
3329- * Enable execute protection?
3330- */
3331-static int __init early_parse_noexec(char *p)
3332-{
3333- if (!strncmp(p, "off", 3))
3334- return 0;
3335- user_mode = SECONDARY_SPACE_MODE;
3336- return 0;
3337-}
3338-early_param("noexec", early_parse_noexec);
3339-#endif /* CONFIG_S390_EXEC_PROTECT */
3340-
3341 static void setup_addressing_mode(void)
3342 {
3343 if (user_mode == SECONDARY_SPACE_MODE) {
3344diff -urNp linux-2.6.38.2/arch/s390/mm/maccess.c linux-2.6.38.2/arch/s390/mm/maccess.c
3345--- linux-2.6.38.2/arch/s390/mm/maccess.c 2011-03-14 21:20:32.000000000 -0400
3346+++ linux-2.6.38.2/arch/s390/mm/maccess.c 2011-03-21 18:31:35.000000000 -0400
3347@@ -45,7 +45,7 @@ static long probe_kernel_write_odd(void
3348 return rc ? rc : count;
3349 }
3350
3351-long probe_kernel_write(void *dst, void *src, size_t size)
3352+long probe_kernel_write(void *dst, const void *src, size_t size)
3353 {
3354 long copied = 0;
3355
3356diff -urNp linux-2.6.38.2/arch/s390/mm/mmap.c linux-2.6.38.2/arch/s390/mm/mmap.c
3357--- linux-2.6.38.2/arch/s390/mm/mmap.c 2011-03-14 21:20:32.000000000 -0400
3358+++ linux-2.6.38.2/arch/s390/mm/mmap.c 2011-03-21 18:31:35.000000000 -0400
3359@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_str
3360 */
3361 if (mmap_is_legacy()) {
3362 mm->mmap_base = TASK_UNMAPPED_BASE;
3363+
3364+#ifdef CONFIG_PAX_RANDMMAP
3365+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3366+ mm->mmap_base += mm->delta_mmap;
3367+#endif
3368+
3369 mm->get_unmapped_area = arch_get_unmapped_area;
3370 mm->unmap_area = arch_unmap_area;
3371 } else {
3372 mm->mmap_base = mmap_base();
3373+
3374+#ifdef CONFIG_PAX_RANDMMAP
3375+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3376+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
3377+#endif
3378+
3379 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
3380 mm->unmap_area = arch_unmap_area_topdown;
3381 }
3382@@ -166,10 +178,22 @@ void arch_pick_mmap_layout(struct mm_str
3383 */
3384 if (mmap_is_legacy()) {
3385 mm->mmap_base = TASK_UNMAPPED_BASE;
3386+
3387+#ifdef CONFIG_PAX_RANDMMAP
3388+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3389+ mm->mmap_base += mm->delta_mmap;
3390+#endif
3391+
3392 mm->get_unmapped_area = s390_get_unmapped_area;
3393 mm->unmap_area = arch_unmap_area;
3394 } else {
3395 mm->mmap_base = mmap_base();
3396+
3397+#ifdef CONFIG_PAX_RANDMMAP
3398+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3399+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
3400+#endif
3401+
3402 mm->get_unmapped_area = s390_get_unmapped_area_topdown;
3403 mm->unmap_area = arch_unmap_area_topdown;
3404 }
3405diff -urNp linux-2.6.38.2/arch/score/include/asm/system.h linux-2.6.38.2/arch/score/include/asm/system.h
3406--- linux-2.6.38.2/arch/score/include/asm/system.h 2011-03-14 21:20:32.000000000 -0400
3407+++ linux-2.6.38.2/arch/score/include/asm/system.h 2011-03-21 18:31:35.000000000 -0400
3408@@ -17,7 +17,7 @@ do { \
3409 #define finish_arch_switch(prev) do {} while (0)
3410
3411 typedef void (*vi_handler_t)(void);
3412-extern unsigned long arch_align_stack(unsigned long sp);
3413+#define arch_align_stack(x) (x)
3414
3415 #define mb() barrier()
3416 #define rmb() barrier()
3417diff -urNp linux-2.6.38.2/arch/score/kernel/process.c linux-2.6.38.2/arch/score/kernel/process.c
3418--- linux-2.6.38.2/arch/score/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
3419+++ linux-2.6.38.2/arch/score/kernel/process.c 2011-03-21 18:31:35.000000000 -0400
3420@@ -161,8 +161,3 @@ unsigned long get_wchan(struct task_stru
3421
3422 return task_pt_regs(task)->cp0_epc;
3423 }
3424-
3425-unsigned long arch_align_stack(unsigned long sp)
3426-{
3427- return sp;
3428-}
3429diff -urNp linux-2.6.38.2/arch/sh/include/asm/dma-mapping.h linux-2.6.38.2/arch/sh/include/asm/dma-mapping.h
3430--- linux-2.6.38.2/arch/sh/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
3431+++ linux-2.6.38.2/arch/sh/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
3432@@ -1,10 +1,10 @@
3433 #ifndef __ASM_SH_DMA_MAPPING_H
3434 #define __ASM_SH_DMA_MAPPING_H
3435
3436-extern struct dma_map_ops *dma_ops;
3437+extern const struct dma_map_ops *dma_ops;
3438 extern void no_iommu_init(void);
3439
3440-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
3441+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
3442 {
3443 return dma_ops;
3444 }
3445@@ -14,7 +14,7 @@ static inline struct dma_map_ops *get_dm
3446
3447 static inline int dma_supported(struct device *dev, u64 mask)
3448 {
3449- struct dma_map_ops *ops = get_dma_ops(dev);
3450+ const struct dma_map_ops *ops = get_dma_ops(dev);
3451
3452 if (ops->dma_supported)
3453 return ops->dma_supported(dev, mask);
3454@@ -24,7 +24,7 @@ static inline int dma_supported(struct d
3455
3456 static inline int dma_set_mask(struct device *dev, u64 mask)
3457 {
3458- struct dma_map_ops *ops = get_dma_ops(dev);
3459+ const struct dma_map_ops *ops = get_dma_ops(dev);
3460
3461 if (!dev->dma_mask || !dma_supported(dev, mask))
3462 return -EIO;
3463@@ -44,7 +44,7 @@ void dma_cache_sync(struct device *dev,
3464
3465 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
3466 {
3467- struct dma_map_ops *ops = get_dma_ops(dev);
3468+ const struct dma_map_ops *ops = get_dma_ops(dev);
3469
3470 if (ops->mapping_error)
3471 return ops->mapping_error(dev, dma_addr);
3472@@ -55,7 +55,7 @@ static inline int dma_mapping_error(stru
3473 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
3474 dma_addr_t *dma_handle, gfp_t gfp)
3475 {
3476- struct dma_map_ops *ops = get_dma_ops(dev);
3477+ const struct dma_map_ops *ops = get_dma_ops(dev);
3478 void *memory;
3479
3480 if (dma_alloc_from_coherent(dev, size, dma_handle, &memory))
3481@@ -72,7 +72,7 @@ static inline void *dma_alloc_coherent(s
3482 static inline void dma_free_coherent(struct device *dev, size_t size,
3483 void *vaddr, dma_addr_t dma_handle)
3484 {
3485- struct dma_map_ops *ops = get_dma_ops(dev);
3486+ const struct dma_map_ops *ops = get_dma_ops(dev);
3487
3488 if (dma_release_from_coherent(dev, get_order(size), vaddr))
3489 return;
3490diff -urNp linux-2.6.38.2/arch/sh/kernel/dma-nommu.c linux-2.6.38.2/arch/sh/kernel/dma-nommu.c
3491--- linux-2.6.38.2/arch/sh/kernel/dma-nommu.c 2011-03-14 21:20:32.000000000 -0400
3492+++ linux-2.6.38.2/arch/sh/kernel/dma-nommu.c 2011-03-21 18:31:35.000000000 -0400
3493@@ -62,7 +62,7 @@ static void nommu_sync_sg(struct device
3494 }
3495 #endif
3496
3497-struct dma_map_ops nommu_dma_ops = {
3498+const struct dma_map_ops nommu_dma_ops = {
3499 .alloc_coherent = dma_generic_alloc_coherent,
3500 .free_coherent = dma_generic_free_coherent,
3501 .map_page = nommu_map_page,
3502diff -urNp linux-2.6.38.2/arch/sh/kernel/kgdb.c linux-2.6.38.2/arch/sh/kernel/kgdb.c
3503--- linux-2.6.38.2/arch/sh/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
3504+++ linux-2.6.38.2/arch/sh/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
3505@@ -319,7 +319,7 @@ void kgdb_arch_exit(void)
3506 unregister_die_notifier(&kgdb_notifier);
3507 }
3508
3509-struct kgdb_arch arch_kgdb_ops = {
3510+const struct kgdb_arch arch_kgdb_ops = {
3511 /* Breakpoint instruction: trapa #0x3c */
3512 #ifdef CONFIG_CPU_LITTLE_ENDIAN
3513 .gdb_bpt_instr = { 0x3c, 0xc3 },
3514diff -urNp linux-2.6.38.2/arch/sh/mm/consistent.c linux-2.6.38.2/arch/sh/mm/consistent.c
3515--- linux-2.6.38.2/arch/sh/mm/consistent.c 2011-03-14 21:20:32.000000000 -0400
3516+++ linux-2.6.38.2/arch/sh/mm/consistent.c 2011-03-21 18:31:35.000000000 -0400
3517@@ -22,7 +22,7 @@
3518
3519 #define PREALLOC_DMA_DEBUG_ENTRIES 4096
3520
3521-struct dma_map_ops *dma_ops;
3522+const struct dma_map_ops *dma_ops;
3523 EXPORT_SYMBOL(dma_ops);
3524
3525 static int __init dma_init(void)
3526diff -urNp linux-2.6.38.2/arch/sh/mm/mmap.c linux-2.6.38.2/arch/sh/mm/mmap.c
3527--- linux-2.6.38.2/arch/sh/mm/mmap.c 2011-03-14 21:20:32.000000000 -0400
3528+++ linux-2.6.38.2/arch/sh/mm/mmap.c 2011-03-21 23:47:41.000000000 -0400
3529@@ -74,8 +74,7 @@ unsigned long arch_get_unmapped_area(str
3530 addr = PAGE_ALIGN(addr);
3531
3532 vma = find_vma(mm, addr);
3533- if (TASK_SIZE - len >= addr &&
3534- (!vma || addr + len <= vma->vm_start))
3535+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
3536 return addr;
3537 }
3538
3539@@ -106,7 +105,7 @@ full_search:
3540 }
3541 return -ENOMEM;
3542 }
3543- if (likely(!vma || addr + len <= vma->vm_start)) {
3544+ if (likely(check_heap_stack_gap(vma, addr, len))) {
3545 /*
3546 * Remember the place where we stopped the search:
3547 */
3548@@ -157,8 +156,7 @@ arch_get_unmapped_area_topdown(struct fi
3549 addr = PAGE_ALIGN(addr);
3550
3551 vma = find_vma(mm, addr);
3552- if (TASK_SIZE - len >= addr &&
3553- (!vma || addr + len <= vma->vm_start))
3554+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len))
3555 return addr;
3556 }
3557
3558@@ -179,7 +177,7 @@ arch_get_unmapped_area_topdown(struct fi
3559 /* make sure it can fit in the remaining address space */
3560 if (likely(addr > len)) {
3561 vma = find_vma(mm, addr-len);
3562- if (!vma || addr <= vma->vm_start) {
3563+ if (check_heap_stack_gap(vma, addr - len, len)) {
3564 /* remember the address as a hint for next time */
3565 return (mm->free_area_cache = addr-len);
3566 }
3567@@ -188,18 +186,18 @@ arch_get_unmapped_area_topdown(struct fi
3568 if (unlikely(mm->mmap_base < len))
3569 goto bottomup;
3570
3571- addr = mm->mmap_base-len;
3572- if (do_colour_align)
3573- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
3574+ addr = mm->mmap_base - len;
3575
3576 do {
3577+ if (do_colour_align)
3578+ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
3579 /*
3580 * Lookup failure means no vma is above this address,
3581 * else if new region fits below vma->vm_start,
3582 * return with success:
3583 */
3584 vma = find_vma(mm, addr);
3585- if (likely(!vma || addr+len <= vma->vm_start)) {
3586+ if (likely(check_heap_stack_gap(vma, addr, len))) {
3587 /* remember the address as a hint for next time */
3588 return (mm->free_area_cache = addr);
3589 }
3590@@ -209,10 +207,8 @@ arch_get_unmapped_area_topdown(struct fi
3591 mm->cached_hole_size = vma->vm_start - addr;
3592
3593 /* try just below the current vma->vm_start */
3594- addr = vma->vm_start-len;
3595- if (do_colour_align)
3596- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
3597- } while (likely(len < vma->vm_start));
3598+ addr = skip_heap_stack_gap(vma, len);
3599+ } while (!IS_ERR_VALUE(addr));
3600
3601 bottomup:
3602 /*
3603diff -urNp linux-2.6.38.2/arch/sparc/include/asm/atomic_64.h linux-2.6.38.2/arch/sparc/include/asm/atomic_64.h
3604--- linux-2.6.38.2/arch/sparc/include/asm/atomic_64.h 2011-03-14 21:20:32.000000000 -0400
3605+++ linux-2.6.38.2/arch/sparc/include/asm/atomic_64.h 2011-03-21 18:31:35.000000000 -0400
3606@@ -14,18 +14,40 @@
3607 #define ATOMIC64_INIT(i) { (i) }
3608
3609 #define atomic_read(v) (*(volatile int *)&(v)->counter)
3610+static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
3611+{
3612+ return v->counter;
3613+}
3614 #define atomic64_read(v) (*(volatile long *)&(v)->counter)
3615+static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
3616+{
3617+ return v->counter;
3618+}
3619
3620 #define atomic_set(v, i) (((v)->counter) = i)
3621+static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
3622+{
3623+ v->counter = i;
3624+}
3625 #define atomic64_set(v, i) (((v)->counter) = i)
3626+static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
3627+{
3628+ v->counter = i;
3629+}
3630
3631 extern void atomic_add(int, atomic_t *);
3632+extern void atomic_add_unchecked(int, atomic_unchecked_t *);
3633 extern void atomic64_add(long, atomic64_t *);
3634+extern void atomic64_add_unchecked(long, atomic64_unchecked_t *);
3635 extern void atomic_sub(int, atomic_t *);
3636+extern void atomic_sub_unchecked(int, atomic_unchecked_t *);
3637 extern void atomic64_sub(long, atomic64_t *);
3638+extern void atomic64_sub_unchecked(long, atomic64_unchecked_t *);
3639
3640 extern int atomic_add_ret(int, atomic_t *);
3641+extern int atomic_add_ret_unchecked(int, atomic_unchecked_t *);
3642 extern long atomic64_add_ret(long, atomic64_t *);
3643+extern long atomic64_add_ret_unchecked(long, atomic64_unchecked_t *);
3644 extern int atomic_sub_ret(int, atomic_t *);
3645 extern long atomic64_sub_ret(long, atomic64_t *);
3646
3647@@ -33,12 +55,24 @@ extern long atomic64_sub_ret(long, atomi
3648 #define atomic64_dec_return(v) atomic64_sub_ret(1, v)
3649
3650 #define atomic_inc_return(v) atomic_add_ret(1, v)
3651+static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
3652+{
3653+ return atomic_add_ret_unchecked(1, v);
3654+}
3655 #define atomic64_inc_return(v) atomic64_add_ret(1, v)
3656+static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
3657+{
3658+ return atomic64_add_ret_unchecked(1, v);
3659+}
3660
3661 #define atomic_sub_return(i, v) atomic_sub_ret(i, v)
3662 #define atomic64_sub_return(i, v) atomic64_sub_ret(i, v)
3663
3664 #define atomic_add_return(i, v) atomic_add_ret(i, v)
3665+static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
3666+{
3667+ return atomic_add_ret_unchecked(i, v);
3668+}
3669 #define atomic64_add_return(i, v) atomic64_add_ret(i, v)
3670
3671 /*
3672@@ -59,10 +93,26 @@ extern long atomic64_sub_ret(long, atomi
3673 #define atomic64_dec_and_test(v) (atomic64_sub_ret(1, v) == 0)
3674
3675 #define atomic_inc(v) atomic_add(1, v)
3676+static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
3677+{
3678+ atomic_add_unchecked(1, v);
3679+}
3680 #define atomic64_inc(v) atomic64_add(1, v)
3681+static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
3682+{
3683+ atomic64_add_unchecked(1, v);
3684+}
3685
3686 #define atomic_dec(v) atomic_sub(1, v)
3687+static inline void atomic_dec_unchecked(atomic_unchecked_t *v)
3688+{
3689+ atomic_sub_unchecked(1, v);
3690+}
3691 #define atomic64_dec(v) atomic64_sub(1, v)
3692+static inline void atomic64_dec_unchecked(atomic64_unchecked_t *v)
3693+{
3694+ atomic64_sub_unchecked(1, v);
3695+}
3696
3697 #define atomic_add_negative(i, v) (atomic_add_ret(i, v) < 0)
3698 #define atomic64_add_negative(i, v) (atomic64_add_ret(i, v) < 0)
3699@@ -72,17 +122,28 @@ extern long atomic64_sub_ret(long, atomi
3700
3701 static inline int atomic_add_unless(atomic_t *v, int a, int u)
3702 {
3703- int c, old;
3704+ int c, old, new;
3705 c = atomic_read(v);
3706 for (;;) {
3707- if (unlikely(c == (u)))
3708+ if (unlikely(c == u))
3709 break;
3710- old = atomic_cmpxchg((v), c, c + (a));
3711+
3712+ asm volatile("addcc %2, %0, %0\n"
3713+
3714+#ifdef CONFIG_PAX_REFCOUNT
3715+ "tvs %%icc, 6\n"
3716+#endif
3717+
3718+ : "=r" (new)
3719+ : "0" (c), "ir" (a)
3720+ : "cc");
3721+
3722+ old = atomic_cmpxchg(v, c, new);
3723 if (likely(old == c))
3724 break;
3725 c = old;
3726 }
3727- return c != (u);
3728+ return c != u;
3729 }
3730
3731 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
3732@@ -93,17 +154,28 @@ static inline int atomic_add_unless(atom
3733
3734 static inline long atomic64_add_unless(atomic64_t *v, long a, long u)
3735 {
3736- long c, old;
3737+ long c, old, new;
3738 c = atomic64_read(v);
3739 for (;;) {
3740- if (unlikely(c == (u)))
3741+ if (unlikely(c == u))
3742 break;
3743- old = atomic64_cmpxchg((v), c, c + (a));
3744+
3745+ asm volatile("addcc %2, %0, %0\n"
3746+
3747+#ifdef CONFIG_PAX_REFCOUNT
3748+ "tvs %%xcc, 6\n"
3749+#endif
3750+
3751+ : "=r" (new)
3752+ : "0" (c), "ir" (a)
3753+ : "cc");
3754+
3755+ old = atomic64_cmpxchg(v, c, new);
3756 if (likely(old == c))
3757 break;
3758 c = old;
3759 }
3760- return c != (u);
3761+ return c != u;
3762 }
3763
3764 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
3765diff -urNp linux-2.6.38.2/arch/sparc/include/asm/dma-mapping.h linux-2.6.38.2/arch/sparc/include/asm/dma-mapping.h
3766--- linux-2.6.38.2/arch/sparc/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
3767+++ linux-2.6.38.2/arch/sparc/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
3768@@ -12,10 +12,10 @@ extern int dma_supported(struct device *
3769 #define dma_alloc_noncoherent(d, s, h, f) dma_alloc_coherent(d, s, h, f)
3770 #define dma_free_noncoherent(d, s, v, h) dma_free_coherent(d, s, v, h)
3771
3772-extern struct dma_map_ops *dma_ops, pci32_dma_ops;
3773+extern const struct dma_map_ops *dma_ops, pci32_dma_ops;
3774 extern struct bus_type pci_bus_type;
3775
3776-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
3777+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
3778 {
3779 #if defined(CONFIG_SPARC32) && defined(CONFIG_PCI)
3780 if (dev->bus == &pci_bus_type)
3781@@ -29,7 +29,7 @@ static inline struct dma_map_ops *get_dm
3782 static inline void *dma_alloc_coherent(struct device *dev, size_t size,
3783 dma_addr_t *dma_handle, gfp_t flag)
3784 {
3785- struct dma_map_ops *ops = get_dma_ops(dev);
3786+ const struct dma_map_ops *ops = get_dma_ops(dev);
3787 void *cpu_addr;
3788
3789 cpu_addr = ops->alloc_coherent(dev, size, dma_handle, flag);
3790@@ -40,7 +40,7 @@ static inline void *dma_alloc_coherent(s
3791 static inline void dma_free_coherent(struct device *dev, size_t size,
3792 void *cpu_addr, dma_addr_t dma_handle)
3793 {
3794- struct dma_map_ops *ops = get_dma_ops(dev);
3795+ const struct dma_map_ops *ops = get_dma_ops(dev);
3796
3797 debug_dma_free_coherent(dev, size, cpu_addr, dma_handle);
3798 ops->free_coherent(dev, size, cpu_addr, dma_handle);
3799diff -urNp linux-2.6.38.2/arch/sparc/include/asm/elf_32.h linux-2.6.38.2/arch/sparc/include/asm/elf_32.h
3800--- linux-2.6.38.2/arch/sparc/include/asm/elf_32.h 2011-03-14 21:20:32.000000000 -0400
3801+++ linux-2.6.38.2/arch/sparc/include/asm/elf_32.h 2011-03-21 18:31:35.000000000 -0400
3802@@ -114,6 +114,13 @@ typedef struct {
3803
3804 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE)
3805
3806+#ifdef CONFIG_PAX_ASLR
3807+#define PAX_ELF_ET_DYN_BASE 0x10000UL
3808+
3809+#define PAX_DELTA_MMAP_LEN 16
3810+#define PAX_DELTA_STACK_LEN 16
3811+#endif
3812+
3813 /* This yields a mask that user programs can use to figure out what
3814 instruction set this cpu supports. This can NOT be done in userspace
3815 on Sparc. */
3816diff -urNp linux-2.6.38.2/arch/sparc/include/asm/elf_64.h linux-2.6.38.2/arch/sparc/include/asm/elf_64.h
3817--- linux-2.6.38.2/arch/sparc/include/asm/elf_64.h 2011-03-14 21:20:32.000000000 -0400
3818+++ linux-2.6.38.2/arch/sparc/include/asm/elf_64.h 2011-03-21 18:31:35.000000000 -0400
3819@@ -162,6 +162,12 @@ typedef struct {
3820 #define ELF_ET_DYN_BASE 0x0000010000000000UL
3821 #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL
3822
3823+#ifdef CONFIG_PAX_ASLR
3824+#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL)
3825+
3826+#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 14 : 28)
3827+#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 15 : 29)
3828+#endif
3829
3830 /* This yields a mask that user programs can use to figure out what
3831 instruction set this cpu supports. */
3832diff -urNp linux-2.6.38.2/arch/sparc/include/asm/pgtable_32.h linux-2.6.38.2/arch/sparc/include/asm/pgtable_32.h
3833--- linux-2.6.38.2/arch/sparc/include/asm/pgtable_32.h 2011-03-14 21:20:32.000000000 -0400
3834+++ linux-2.6.38.2/arch/sparc/include/asm/pgtable_32.h 2011-03-21 18:31:35.000000000 -0400
3835@@ -43,6 +43,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd)
3836 BTFIXUPDEF_INT(page_none)
3837 BTFIXUPDEF_INT(page_copy)
3838 BTFIXUPDEF_INT(page_readonly)
3839+
3840+#ifdef CONFIG_PAX_PAGEEXEC
3841+BTFIXUPDEF_INT(page_shared_noexec)
3842+BTFIXUPDEF_INT(page_copy_noexec)
3843+BTFIXUPDEF_INT(page_readonly_noexec)
3844+#endif
3845+
3846 BTFIXUPDEF_INT(page_kernel)
3847
3848 #define PMD_SHIFT SUN4C_PMD_SHIFT
3849@@ -64,6 +71,16 @@ extern pgprot_t PAGE_SHARED;
3850 #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy))
3851 #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly))
3852
3853+#ifdef CONFIG_PAX_PAGEEXEC
3854+extern pgprot_t PAGE_SHARED_NOEXEC;
3855+# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec))
3856+# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec))
3857+#else
3858+# define PAGE_SHARED_NOEXEC PAGE_SHARED
3859+# define PAGE_COPY_NOEXEC PAGE_COPY
3860+# define PAGE_READONLY_NOEXEC PAGE_READONLY
3861+#endif
3862+
3863 extern unsigned long page_kernel;
3864
3865 #ifdef MODULE
3866diff -urNp linux-2.6.38.2/arch/sparc/include/asm/pgtsrmmu.h linux-2.6.38.2/arch/sparc/include/asm/pgtsrmmu.h
3867--- linux-2.6.38.2/arch/sparc/include/asm/pgtsrmmu.h 2011-03-14 21:20:32.000000000 -0400
3868+++ linux-2.6.38.2/arch/sparc/include/asm/pgtsrmmu.h 2011-03-21 18:31:35.000000000 -0400
3869@@ -115,6 +115,13 @@
3870 SRMMU_EXEC | SRMMU_REF)
3871 #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \
3872 SRMMU_EXEC | SRMMU_REF)
3873+
3874+#ifdef CONFIG_PAX_PAGEEXEC
3875+#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF)
3876+#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
3877+#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
3878+#endif
3879+
3880 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
3881 SRMMU_DIRTY | SRMMU_REF)
3882
3883diff -urNp linux-2.6.38.2/arch/sparc/include/asm/spinlock_64.h linux-2.6.38.2/arch/sparc/include/asm/spinlock_64.h
3884--- linux-2.6.38.2/arch/sparc/include/asm/spinlock_64.h 2011-03-14 21:20:32.000000000 -0400
3885+++ linux-2.6.38.2/arch/sparc/include/asm/spinlock_64.h 2011-03-21 18:31:35.000000000 -0400
3886@@ -99,7 +99,12 @@ static void inline arch_read_lock(arch_r
3887 __asm__ __volatile__ (
3888 "1: ldsw [%2], %0\n"
3889 " brlz,pn %0, 2f\n"
3890-"4: add %0, 1, %1\n"
3891+"4: addcc %0, 1, %1\n"
3892+
3893+#ifdef CONFIG_PAX_REFCOUNT
3894+" tvs %%icc, 6\n"
3895+#endif
3896+
3897 " cas [%2], %0, %1\n"
3898 " cmp %0, %1\n"
3899 " bne,pn %%icc, 1b\n"
3900@@ -112,7 +117,7 @@ static void inline arch_read_lock(arch_r
3901 " .previous"
3902 : "=&r" (tmp1), "=&r" (tmp2)
3903 : "r" (lock)
3904- : "memory");
3905+ : "memory", "cc");
3906 }
3907
3908 static int inline arch_read_trylock(arch_rwlock_t *lock)
3909@@ -123,7 +128,12 @@ static int inline arch_read_trylock(arch
3910 "1: ldsw [%2], %0\n"
3911 " brlz,a,pn %0, 2f\n"
3912 " mov 0, %0\n"
3913-" add %0, 1, %1\n"
3914+" addcc %0, 1, %1\n"
3915+
3916+#ifdef CONFIG_PAX_REFCOUNT
3917+" tvs %%icc, 6\n"
3918+#endif
3919+
3920 " cas [%2], %0, %1\n"
3921 " cmp %0, %1\n"
3922 " bne,pn %%icc, 1b\n"
3923@@ -142,7 +152,12 @@ static void inline arch_read_unlock(arch
3924
3925 __asm__ __volatile__(
3926 "1: lduw [%2], %0\n"
3927-" sub %0, 1, %1\n"
3928+" subcc %0, 1, %1\n"
3929+
3930+#ifdef CONFIG_PAX_REFCOUNT
3931+" tvs %%icc, 6\n"
3932+#endif
3933+
3934 " cas [%2], %0, %1\n"
3935 " cmp %0, %1\n"
3936 " bne,pn %%xcc, 1b\n"
3937diff -urNp linux-2.6.38.2/arch/sparc/include/asm/uaccess_32.h linux-2.6.38.2/arch/sparc/include/asm/uaccess_32.h
3938--- linux-2.6.38.2/arch/sparc/include/asm/uaccess_32.h 2011-03-14 21:20:32.000000000 -0400
3939+++ linux-2.6.38.2/arch/sparc/include/asm/uaccess_32.h 2011-03-21 18:31:35.000000000 -0400
3940@@ -249,27 +249,46 @@ extern unsigned long __copy_user(void __
3941
3942 static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
3943 {
3944- if (n && __access_ok((unsigned long) to, n))
3945+ if ((long)n < 0)
3946+ return n;
3947+
3948+ if (n && __access_ok((unsigned long) to, n)) {
3949+ if (!__builtin_constant_p(n))
3950+ check_object_size(from, n, true);
3951 return __copy_user(to, (__force void __user *) from, n);
3952- else
3953+ } else
3954 return n;
3955 }
3956
3957 static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n)
3958 {
3959+ if ((long)n < 0)
3960+ return n;
3961+
3962+ if (!__builtin_constant_p(n))
3963+ check_object_size(from, n, true);
3964+
3965 return __copy_user(to, (__force void __user *) from, n);
3966 }
3967
3968 static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
3969 {
3970- if (n && __access_ok((unsigned long) from, n))
3971+ if ((long)n < 0)
3972+ return n;
3973+
3974+ if (n && __access_ok((unsigned long) from, n)) {
3975+ if (!__builtin_constant_p(n))
3976+ check_object_size(to, n, false);
3977 return __copy_user((__force void __user *) to, from, n);
3978- else
3979+ } else
3980 return n;
3981 }
3982
3983 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
3984 {
3985+ if ((long)n < 0)
3986+ return n;
3987+
3988 return __copy_user((__force void __user *) to, from, n);
3989 }
3990
3991diff -urNp linux-2.6.38.2/arch/sparc/include/asm/uaccess_64.h linux-2.6.38.2/arch/sparc/include/asm/uaccess_64.h
3992--- linux-2.6.38.2/arch/sparc/include/asm/uaccess_64.h 2011-03-14 21:20:32.000000000 -0400
3993+++ linux-2.6.38.2/arch/sparc/include/asm/uaccess_64.h 2011-03-21 18:31:35.000000000 -0400
3994@@ -10,6 +10,7 @@
3995 #include <linux/compiler.h>
3996 #include <linux/string.h>
3997 #include <linux/thread_info.h>
3998+#include <linux/kernel.h>
3999 #include <asm/asi.h>
4000 #include <asm/system.h>
4001 #include <asm/spitfire.h>
4002@@ -213,8 +214,15 @@ extern unsigned long copy_from_user_fixu
4003 static inline unsigned long __must_check
4004 copy_from_user(void *to, const void __user *from, unsigned long size)
4005 {
4006- unsigned long ret = ___copy_from_user(to, from, size);
4007+ unsigned long ret;
4008
4009+ if ((long)size < 0 || size > INT_MAX)
4010+ return size;
4011+
4012+ if (!__builtin_constant_p(size))
4013+ check_object_size(to, size, false);
4014+
4015+ ret = ___copy_from_user(to, from, size);
4016 if (unlikely(ret))
4017 ret = copy_from_user_fixup(to, from, size);
4018
4019@@ -230,8 +238,15 @@ extern unsigned long copy_to_user_fixup(
4020 static inline unsigned long __must_check
4021 copy_to_user(void __user *to, const void *from, unsigned long size)
4022 {
4023- unsigned long ret = ___copy_to_user(to, from, size);
4024+ unsigned long ret;
4025+
4026+ if ((long)size < 0 || size > INT_MAX)
4027+ return size;
4028+
4029+ if (!__builtin_constant_p(size))
4030+ check_object_size(from, size, true);
4031
4032+ ret = ___copy_to_user(to, from, size);
4033 if (unlikely(ret))
4034 ret = copy_to_user_fixup(to, from, size);
4035 return ret;
4036diff -urNp linux-2.6.38.2/arch/sparc/include/asm/uaccess.h linux-2.6.38.2/arch/sparc/include/asm/uaccess.h
4037--- linux-2.6.38.2/arch/sparc/include/asm/uaccess.h 2011-03-14 21:20:32.000000000 -0400
4038+++ linux-2.6.38.2/arch/sparc/include/asm/uaccess.h 2011-03-21 18:31:35.000000000 -0400
4039@@ -1,5 +1,13 @@
4040 #ifndef ___ASM_SPARC_UACCESS_H
4041 #define ___ASM_SPARC_UACCESS_H
4042+
4043+#ifdef __KERNEL__
4044+#ifndef __ASSEMBLY__
4045+#include <linux/types.h>
4046+extern void check_object_size(const void *ptr, unsigned long n, bool to);
4047+#endif
4048+#endif
4049+
4050 #if defined(__sparc__) && defined(__arch64__)
4051 #include <asm/uaccess_64.h>
4052 #else
4053diff -urNp linux-2.6.38.2/arch/sparc/kernel/iommu.c linux-2.6.38.2/arch/sparc/kernel/iommu.c
4054--- linux-2.6.38.2/arch/sparc/kernel/iommu.c 2011-03-14 21:20:32.000000000 -0400
4055+++ linux-2.6.38.2/arch/sparc/kernel/iommu.c 2011-03-21 18:31:35.000000000 -0400
4056@@ -827,7 +827,7 @@ static void dma_4u_sync_sg_for_cpu(struc
4057 spin_unlock_irqrestore(&iommu->lock, flags);
4058 }
4059
4060-static struct dma_map_ops sun4u_dma_ops = {
4061+static const struct dma_map_ops sun4u_dma_ops = {
4062 .alloc_coherent = dma_4u_alloc_coherent,
4063 .free_coherent = dma_4u_free_coherent,
4064 .map_page = dma_4u_map_page,
4065@@ -838,7 +838,7 @@ static struct dma_map_ops sun4u_dma_ops
4066 .sync_sg_for_cpu = dma_4u_sync_sg_for_cpu,
4067 };
4068
4069-struct dma_map_ops *dma_ops = &sun4u_dma_ops;
4070+const struct dma_map_ops *dma_ops = &sun4u_dma_ops;
4071 EXPORT_SYMBOL(dma_ops);
4072
4073 extern int pci64_dma_supported(struct pci_dev *pdev, u64 device_mask);
4074diff -urNp linux-2.6.38.2/arch/sparc/kernel/ioport.c linux-2.6.38.2/arch/sparc/kernel/ioport.c
4075--- linux-2.6.38.2/arch/sparc/kernel/ioport.c 2011-03-14 21:20:32.000000000 -0400
4076+++ linux-2.6.38.2/arch/sparc/kernel/ioport.c 2011-03-21 18:31:35.000000000 -0400
4077@@ -397,7 +397,7 @@ static void sbus_sync_sg_for_device(stru
4078 BUG();
4079 }
4080
4081-struct dma_map_ops sbus_dma_ops = {
4082+const struct dma_map_ops sbus_dma_ops = {
4083 .alloc_coherent = sbus_alloc_coherent,
4084 .free_coherent = sbus_free_coherent,
4085 .map_page = sbus_map_page,
4086@@ -408,7 +408,7 @@ struct dma_map_ops sbus_dma_ops = {
4087 .sync_sg_for_device = sbus_sync_sg_for_device,
4088 };
4089
4090-struct dma_map_ops *dma_ops = &sbus_dma_ops;
4091+const struct dma_map_ops *dma_ops = &sbus_dma_ops;
4092 EXPORT_SYMBOL(dma_ops);
4093
4094 static int __init sparc_register_ioport(void)
4095@@ -645,7 +645,7 @@ static void pci32_sync_sg_for_device(str
4096 }
4097 }
4098
4099-struct dma_map_ops pci32_dma_ops = {
4100+const struct dma_map_ops pci32_dma_ops = {
4101 .alloc_coherent = pci32_alloc_coherent,
4102 .free_coherent = pci32_free_coherent,
4103 .map_page = pci32_map_page,
4104diff -urNp linux-2.6.38.2/arch/sparc/kernel/kgdb_32.c linux-2.6.38.2/arch/sparc/kernel/kgdb_32.c
4105--- linux-2.6.38.2/arch/sparc/kernel/kgdb_32.c 2011-03-14 21:20:32.000000000 -0400
4106+++ linux-2.6.38.2/arch/sparc/kernel/kgdb_32.c 2011-03-21 18:31:35.000000000 -0400
4107@@ -164,7 +164,7 @@ void kgdb_arch_set_pc(struct pt_regs *re
4108 regs->npc = regs->pc + 4;
4109 }
4110
4111-struct kgdb_arch arch_kgdb_ops = {
4112+const struct kgdb_arch arch_kgdb_ops = {
4113 /* Breakpoint instruction: ta 0x7d */
4114 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x7d },
4115 };
4116diff -urNp linux-2.6.38.2/arch/sparc/kernel/kgdb_64.c linux-2.6.38.2/arch/sparc/kernel/kgdb_64.c
4117--- linux-2.6.38.2/arch/sparc/kernel/kgdb_64.c 2011-03-14 21:20:32.000000000 -0400
4118+++ linux-2.6.38.2/arch/sparc/kernel/kgdb_64.c 2011-03-21 18:31:35.000000000 -0400
4119@@ -187,7 +187,7 @@ void kgdb_arch_set_pc(struct pt_regs *re
4120 regs->tnpc = regs->tpc + 4;
4121 }
4122
4123-struct kgdb_arch arch_kgdb_ops = {
4124+const struct kgdb_arch arch_kgdb_ops = {
4125 /* Breakpoint instruction: ta 0x72 */
4126 .gdb_bpt_instr = { 0x91, 0xd0, 0x20, 0x72 },
4127 };
4128diff -urNp linux-2.6.38.2/arch/sparc/kernel/Makefile linux-2.6.38.2/arch/sparc/kernel/Makefile
4129--- linux-2.6.38.2/arch/sparc/kernel/Makefile 2011-03-14 21:20:32.000000000 -0400
4130+++ linux-2.6.38.2/arch/sparc/kernel/Makefile 2011-03-21 18:31:35.000000000 -0400
4131@@ -3,7 +3,7 @@
4132 #
4133
4134 asflags-y := -ansi
4135-ccflags-y := -Werror
4136+#ccflags-y := -Werror
4137
4138 extra-y := head_$(BITS).o
4139 extra-y += init_task.o
4140diff -urNp linux-2.6.38.2/arch/sparc/kernel/pci_sun4v.c linux-2.6.38.2/arch/sparc/kernel/pci_sun4v.c
4141--- linux-2.6.38.2/arch/sparc/kernel/pci_sun4v.c 2011-03-14 21:20:32.000000000 -0400
4142+++ linux-2.6.38.2/arch/sparc/kernel/pci_sun4v.c 2011-03-21 18:31:35.000000000 -0400
4143@@ -525,7 +525,7 @@ static void dma_4v_unmap_sg(struct devic
4144 spin_unlock_irqrestore(&iommu->lock, flags);
4145 }
4146
4147-static struct dma_map_ops sun4v_dma_ops = {
4148+static const struct dma_map_ops sun4v_dma_ops = {
4149 .alloc_coherent = dma_4v_alloc_coherent,
4150 .free_coherent = dma_4v_free_coherent,
4151 .map_page = dma_4v_map_page,
4152diff -urNp linux-2.6.38.2/arch/sparc/kernel/process_32.c linux-2.6.38.2/arch/sparc/kernel/process_32.c
4153--- linux-2.6.38.2/arch/sparc/kernel/process_32.c 2011-03-14 21:20:32.000000000 -0400
4154+++ linux-2.6.38.2/arch/sparc/kernel/process_32.c 2011-03-21 18:31:35.000000000 -0400
4155@@ -196,7 +196,7 @@ void __show_backtrace(unsigned long fp)
4156 rw->ins[4], rw->ins[5],
4157 rw->ins[6],
4158 rw->ins[7]);
4159- printk("%pS\n", (void *) rw->ins[7]);
4160+ printk("%pA\n", (void *) rw->ins[7]);
4161 rw = (struct reg_window32 *) rw->ins[6];
4162 }
4163 spin_unlock_irqrestore(&sparc_backtrace_lock, flags);
4164@@ -263,14 +263,14 @@ void show_regs(struct pt_regs *r)
4165
4166 printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n",
4167 r->psr, r->pc, r->npc, r->y, print_tainted());
4168- printk("PC: <%pS>\n", (void *) r->pc);
4169+ printk("PC: <%pA>\n", (void *) r->pc);
4170 printk("%%G: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
4171 r->u_regs[0], r->u_regs[1], r->u_regs[2], r->u_regs[3],
4172 r->u_regs[4], r->u_regs[5], r->u_regs[6], r->u_regs[7]);
4173 printk("%%O: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
4174 r->u_regs[8], r->u_regs[9], r->u_regs[10], r->u_regs[11],
4175 r->u_regs[12], r->u_regs[13], r->u_regs[14], r->u_regs[15]);
4176- printk("RPC: <%pS>\n", (void *) r->u_regs[15]);
4177+ printk("RPC: <%pA>\n", (void *) r->u_regs[15]);
4178
4179 printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
4180 rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3],
4181@@ -305,7 +305,7 @@ void show_stack(struct task_struct *tsk,
4182 rw = (struct reg_window32 *) fp;
4183 pc = rw->ins[7];
4184 printk("[%08lx : ", pc);
4185- printk("%pS ] ", (void *) pc);
4186+ printk("%pA ] ", (void *) pc);
4187 fp = rw->ins[6];
4188 } while (++count < 16);
4189 printk("\n");
4190diff -urNp linux-2.6.38.2/arch/sparc/kernel/process_64.c linux-2.6.38.2/arch/sparc/kernel/process_64.c
4191--- linux-2.6.38.2/arch/sparc/kernel/process_64.c 2011-03-14 21:20:32.000000000 -0400
4192+++ linux-2.6.38.2/arch/sparc/kernel/process_64.c 2011-03-21 18:31:35.000000000 -0400
4193@@ -180,14 +180,14 @@ static void show_regwindow(struct pt_reg
4194 printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n",
4195 rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]);
4196 if (regs->tstate & TSTATE_PRIV)
4197- printk("I7: <%pS>\n", (void *) rwk->ins[7]);
4198+ printk("I7: <%pA>\n", (void *) rwk->ins[7]);
4199 }
4200
4201 void show_regs(struct pt_regs *regs)
4202 {
4203 printk("TSTATE: %016lx TPC: %016lx TNPC: %016lx Y: %08x %s\n", regs->tstate,
4204 regs->tpc, regs->tnpc, regs->y, print_tainted());
4205- printk("TPC: <%pS>\n", (void *) regs->tpc);
4206+ printk("TPC: <%pA>\n", (void *) regs->tpc);
4207 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n",
4208 regs->u_regs[0], regs->u_regs[1], regs->u_regs[2],
4209 regs->u_regs[3]);
4210@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs)
4211 printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n",
4212 regs->u_regs[12], regs->u_regs[13], regs->u_regs[14],
4213 regs->u_regs[15]);
4214- printk("RPC: <%pS>\n", (void *) regs->u_regs[15]);
4215+ printk("RPC: <%pA>\n", (void *) regs->u_regs[15]);
4216 show_regwindow(regs);
4217 show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]);
4218 }
4219@@ -285,7 +285,7 @@ void arch_trigger_all_cpu_backtrace(void
4220 ((tp && tp->task) ? tp->task->pid : -1));
4221
4222 if (gp->tstate & TSTATE_PRIV) {
4223- printk(" TPC[%pS] O7[%pS] I7[%pS] RPC[%pS]\n",
4224+ printk(" TPC[%pA] O7[%pA] I7[%pA] RPC[%pA]\n",
4225 (void *) gp->tpc,
4226 (void *) gp->o7,
4227 (void *) gp->i7,
4228diff -urNp linux-2.6.38.2/arch/sparc/kernel/sys_sparc_32.c linux-2.6.38.2/arch/sparc/kernel/sys_sparc_32.c
4229--- linux-2.6.38.2/arch/sparc/kernel/sys_sparc_32.c 2011-03-14 21:20:32.000000000 -0400
4230+++ linux-2.6.38.2/arch/sparc/kernel/sys_sparc_32.c 2011-03-21 18:31:35.000000000 -0400
4231@@ -56,7 +56,7 @@ unsigned long arch_get_unmapped_area(str
4232 if (ARCH_SUN4C && len > 0x20000000)
4233 return -ENOMEM;
4234 if (!addr)
4235- addr = TASK_UNMAPPED_BASE;
4236+ addr = current->mm->mmap_base;
4237
4238 if (flags & MAP_SHARED)
4239 addr = COLOUR_ALIGN(addr);
4240@@ -71,7 +71,7 @@ unsigned long arch_get_unmapped_area(str
4241 }
4242 if (TASK_SIZE - PAGE_SIZE - len < addr)
4243 return -ENOMEM;
4244- if (!vmm || addr + len <= vmm->vm_start)
4245+ if (check_heap_stack_gap(vmm, addr, len))
4246 return addr;
4247 addr = vmm->vm_end;
4248 if (flags & MAP_SHARED)
4249diff -urNp linux-2.6.38.2/arch/sparc/kernel/sys_sparc_64.c linux-2.6.38.2/arch/sparc/kernel/sys_sparc_64.c
4250--- linux-2.6.38.2/arch/sparc/kernel/sys_sparc_64.c 2011-03-14 21:20:32.000000000 -0400
4251+++ linux-2.6.38.2/arch/sparc/kernel/sys_sparc_64.c 2011-03-21 23:47:41.000000000 -0400
4252@@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(str
4253 /* We do not accept a shared mapping if it would violate
4254 * cache aliasing constraints.
4255 */
4256- if ((flags & MAP_SHARED) &&
4257+ if ((filp || (flags & MAP_SHARED)) &&
4258 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
4259 return -EINVAL;
4260 return addr;
4261@@ -139,6 +139,10 @@ unsigned long arch_get_unmapped_area(str
4262 if (filp || (flags & MAP_SHARED))
4263 do_color_align = 1;
4264
4265+#ifdef CONFIG_PAX_RANDMMAP
4266+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
4267+#endif
4268+
4269 if (addr) {
4270 if (do_color_align)
4271 addr = COLOUR_ALIGN(addr, pgoff);
4272@@ -146,15 +150,14 @@ unsigned long arch_get_unmapped_area(str
4273 addr = PAGE_ALIGN(addr);
4274
4275 vma = find_vma(mm, addr);
4276- if (task_size - len >= addr &&
4277- (!vma || addr + len <= vma->vm_start))
4278+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
4279 return addr;
4280 }
4281
4282 if (len > mm->cached_hole_size) {
4283- start_addr = addr = mm->free_area_cache;
4284+ start_addr = addr = mm->free_area_cache;
4285 } else {
4286- start_addr = addr = TASK_UNMAPPED_BASE;
4287+ start_addr = addr = mm->mmap_base;
4288 mm->cached_hole_size = 0;
4289 }
4290
4291@@ -174,14 +177,14 @@ full_search:
4292 vma = find_vma(mm, VA_EXCLUDE_END);
4293 }
4294 if (unlikely(task_size < addr)) {
4295- if (start_addr != TASK_UNMAPPED_BASE) {
4296- start_addr = addr = TASK_UNMAPPED_BASE;
4297+ if (start_addr != mm->mmap_base) {
4298+ start_addr = addr = mm->mmap_base;
4299 mm->cached_hole_size = 0;
4300 goto full_search;
4301 }
4302 return -ENOMEM;
4303 }
4304- if (likely(!vma || addr + len <= vma->vm_start)) {
4305+ if (likely(check_heap_stack_gap(vma, addr, len))) {
4306 /*
4307 * Remember the place where we stopped the search:
4308 */
4309@@ -215,7 +218,7 @@ arch_get_unmapped_area_topdown(struct fi
4310 /* We do not accept a shared mapping if it would violate
4311 * cache aliasing constraints.
4312 */
4313- if ((flags & MAP_SHARED) &&
4314+ if ((filp || (flags & MAP_SHARED)) &&
4315 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
4316 return -EINVAL;
4317 return addr;
4318@@ -236,8 +239,7 @@ arch_get_unmapped_area_topdown(struct fi
4319 addr = PAGE_ALIGN(addr);
4320
4321 vma = find_vma(mm, addr);
4322- if (task_size - len >= addr &&
4323- (!vma || addr + len <= vma->vm_start))
4324+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
4325 return addr;
4326 }
4327
4328@@ -258,7 +260,7 @@ arch_get_unmapped_area_topdown(struct fi
4329 /* make sure it can fit in the remaining address space */
4330 if (likely(addr > len)) {
4331 vma = find_vma(mm, addr-len);
4332- if (!vma || addr <= vma->vm_start) {
4333+ if (check_heap_stack_gap(vma, addr - len, len)) {
4334 /* remember the address as a hint for next time */
4335 return (mm->free_area_cache = addr-len);
4336 }
4337@@ -267,18 +269,18 @@ arch_get_unmapped_area_topdown(struct fi
4338 if (unlikely(mm->mmap_base < len))
4339 goto bottomup;
4340
4341- addr = mm->mmap_base-len;
4342- if (do_color_align)
4343- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
4344+ addr = mm->mmap_base - len;
4345
4346 do {
4347+ if (do_color_align)
4348+ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
4349 /*
4350 * Lookup failure means no vma is above this address,
4351 * else if new region fits below vma->vm_start,
4352 * return with success:
4353 */
4354 vma = find_vma(mm, addr);
4355- if (likely(!vma || addr+len <= vma->vm_start)) {
4356+ if (likely(check_heap_stack_gap(vma, addr, len))) {
4357 /* remember the address as a hint for next time */
4358 return (mm->free_area_cache = addr);
4359 }
4360@@ -288,10 +290,8 @@ arch_get_unmapped_area_topdown(struct fi
4361 mm->cached_hole_size = vma->vm_start - addr;
4362
4363 /* try just below the current vma->vm_start */
4364- addr = vma->vm_start-len;
4365- if (do_color_align)
4366- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
4367- } while (likely(len < vma->vm_start));
4368+ addr = skip_heap_stack_gap(vma, len);
4369+ } while (!IS_ERR_VALUE(addr));
4370
4371 bottomup:
4372 /*
4373@@ -385,6 +385,12 @@ void arch_pick_mmap_layout(struct mm_str
4374 gap == RLIM_INFINITY ||
4375 sysctl_legacy_va_layout) {
4376 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
4377+
4378+#ifdef CONFIG_PAX_RANDMMAP
4379+ if (mm->pax_flags & MF_PAX_RANDMMAP)
4380+ mm->mmap_base += mm->delta_mmap;
4381+#endif
4382+
4383 mm->get_unmapped_area = arch_get_unmapped_area;
4384 mm->unmap_area = arch_unmap_area;
4385 } else {
4386@@ -397,6 +403,12 @@ void arch_pick_mmap_layout(struct mm_str
4387 gap = (task_size / 6 * 5);
4388
4389 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
4390+
4391+#ifdef CONFIG_PAX_RANDMMAP
4392+ if (mm->pax_flags & MF_PAX_RANDMMAP)
4393+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
4394+#endif
4395+
4396 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
4397 mm->unmap_area = arch_unmap_area_topdown;
4398 }
4399diff -urNp linux-2.6.38.2/arch/sparc/kernel/traps_32.c linux-2.6.38.2/arch/sparc/kernel/traps_32.c
4400--- linux-2.6.38.2/arch/sparc/kernel/traps_32.c 2011-03-14 21:20:32.000000000 -0400
4401+++ linux-2.6.38.2/arch/sparc/kernel/traps_32.c 2011-03-21 18:31:35.000000000 -0400
4402@@ -76,7 +76,7 @@ void die_if_kernel(char *str, struct pt_
4403 count++ < 30 &&
4404 (((unsigned long) rw) >= PAGE_OFFSET) &&
4405 !(((unsigned long) rw) & 0x7)) {
4406- printk("Caller[%08lx]: %pS\n", rw->ins[7],
4407+ printk("Caller[%08lx]: %pA\n", rw->ins[7],
4408 (void *) rw->ins[7]);
4409 rw = (struct reg_window32 *)rw->ins[6];
4410 }
4411diff -urNp linux-2.6.38.2/arch/sparc/kernel/traps_64.c linux-2.6.38.2/arch/sparc/kernel/traps_64.c
4412--- linux-2.6.38.2/arch/sparc/kernel/traps_64.c 2011-03-14 21:20:32.000000000 -0400
4413+++ linux-2.6.38.2/arch/sparc/kernel/traps_64.c 2011-03-21 18:31:35.000000000 -0400
4414@@ -75,7 +75,7 @@ static void dump_tl1_traplog(struct tl1_
4415 i + 1,
4416 p->trapstack[i].tstate, p->trapstack[i].tpc,
4417 p->trapstack[i].tnpc, p->trapstack[i].tt);
4418- printk("TRAPLOG: TPC<%pS>\n", (void *) p->trapstack[i].tpc);
4419+ printk("TRAPLOG: TPC<%pA>\n", (void *) p->trapstack[i].tpc);
4420 }
4421 }
4422
4423@@ -95,6 +95,12 @@ void bad_trap(struct pt_regs *regs, long
4424
4425 lvl -= 0x100;
4426 if (regs->tstate & TSTATE_PRIV) {
4427+
4428+#ifdef CONFIG_PAX_REFCOUNT
4429+ if (lvl == 6)
4430+ pax_report_refcount_overflow(regs);
4431+#endif
4432+
4433 sprintf(buffer, "Kernel bad sw trap %lx", lvl);
4434 die_if_kernel(buffer, regs);
4435 }
4436@@ -113,11 +119,16 @@ void bad_trap(struct pt_regs *regs, long
4437 void bad_trap_tl1(struct pt_regs *regs, long lvl)
4438 {
4439 char buffer[32];
4440-
4441+
4442 if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs,
4443 0, lvl, SIGTRAP) == NOTIFY_STOP)
4444 return;
4445
4446+#ifdef CONFIG_PAX_REFCOUNT
4447+ if (lvl == 6)
4448+ pax_report_refcount_overflow(regs);
4449+#endif
4450+
4451 dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
4452
4453 sprintf (buffer, "Bad trap %lx at tl>0", lvl);
4454@@ -1141,7 +1152,7 @@ static void cheetah_log_errors(struct pt
4455 regs->tpc, regs->tnpc, regs->u_regs[UREG_I7], regs->tstate);
4456 printk("%s" "ERROR(%d): ",
4457 (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id());
4458- printk("TPC<%pS>\n", (void *) regs->tpc);
4459+ printk("TPC<%pA>\n", (void *) regs->tpc);
4460 printk("%s" "ERROR(%d): M_SYND(%lx), E_SYND(%lx)%s%s\n",
4461 (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id(),
4462 (afsr & CHAFSR_M_SYNDROME) >> CHAFSR_M_SYNDROME_SHIFT,
4463@@ -1748,7 +1759,7 @@ void cheetah_plus_parity_error(int type,
4464 smp_processor_id(),
4465 (type & 0x1) ? 'I' : 'D',
4466 regs->tpc);
4467- printk(KERN_EMERG "TPC<%pS>\n", (void *) regs->tpc);
4468+ printk(KERN_EMERG "TPC<%pA>\n", (void *) regs->tpc);
4469 panic("Irrecoverable Cheetah+ parity error.");
4470 }
4471
4472@@ -1756,7 +1767,7 @@ void cheetah_plus_parity_error(int type,
4473 smp_processor_id(),
4474 (type & 0x1) ? 'I' : 'D',
4475 regs->tpc);
4476- printk(KERN_WARNING "TPC<%pS>\n", (void *) regs->tpc);
4477+ printk(KERN_WARNING "TPC<%pA>\n", (void *) regs->tpc);
4478 }
4479
4480 struct sun4v_error_entry {
4481@@ -1963,9 +1974,9 @@ void sun4v_itlb_error_report(struct pt_r
4482
4483 printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
4484 regs->tpc, tl);
4485- printk(KERN_EMERG "SUN4V-ITLB: TPC<%pS>\n", (void *) regs->tpc);
4486+ printk(KERN_EMERG "SUN4V-ITLB: TPC<%pA>\n", (void *) regs->tpc);
4487 printk(KERN_EMERG "SUN4V-ITLB: O7[%lx]\n", regs->u_regs[UREG_I7]);
4488- printk(KERN_EMERG "SUN4V-ITLB: O7<%pS>\n",
4489+ printk(KERN_EMERG "SUN4V-ITLB: O7<%pA>\n",
4490 (void *) regs->u_regs[UREG_I7]);
4491 printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] "
4492 "pte[%lx] error[%lx]\n",
4493@@ -1987,9 +1998,9 @@ void sun4v_dtlb_error_report(struct pt_r
4494
4495 printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
4496 regs->tpc, tl);
4497- printk(KERN_EMERG "SUN4V-DTLB: TPC<%pS>\n", (void *) regs->tpc);
4498+ printk(KERN_EMERG "SUN4V-DTLB: TPC<%pA>\n", (void *) regs->tpc);
4499 printk(KERN_EMERG "SUN4V-DTLB: O7[%lx]\n", regs->u_regs[UREG_I7]);
4500- printk(KERN_EMERG "SUN4V-DTLB: O7<%pS>\n",
4501+ printk(KERN_EMERG "SUN4V-DTLB: O7<%pA>\n",
4502 (void *) regs->u_regs[UREG_I7]);
4503 printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] "
4504 "pte[%lx] error[%lx]\n",
4505@@ -2196,13 +2207,13 @@ void show_stack(struct task_struct *tsk,
4506 fp = (unsigned long)sf->fp + STACK_BIAS;
4507 }
4508
4509- printk(" [%016lx] %pS\n", pc, (void *) pc);
4510+ printk(" [%016lx] %pA\n", pc, (void *) pc);
4511 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
4512 if ((pc + 8UL) == (unsigned long) &return_to_handler) {
4513 int index = tsk->curr_ret_stack;
4514 if (tsk->ret_stack && index >= graph) {
4515 pc = tsk->ret_stack[index - graph].ret;
4516- printk(" [%016lx] %pS\n", pc, (void *) pc);
4517+ printk(" [%016lx] %pA\n", pc, (void *) pc);
4518 graph++;
4519 }
4520 }
4521@@ -2255,7 +2266,7 @@ void die_if_kernel(char *str, struct pt_
4522 while (rw &&
4523 count++ < 30 &&
4524 kstack_valid(tp, (unsigned long) rw)) {
4525- printk("Caller[%016lx]: %pS\n", rw->ins[7],
4526+ printk("Caller[%016lx]: %pA\n", rw->ins[7],
4527 (void *) rw->ins[7]);
4528
4529 rw = kernel_stack_up(rw);
4530diff -urNp linux-2.6.38.2/arch/sparc/kernel/unaligned_64.c linux-2.6.38.2/arch/sparc/kernel/unaligned_64.c
4531--- linux-2.6.38.2/arch/sparc/kernel/unaligned_64.c 2011-03-14 21:20:32.000000000 -0400
4532+++ linux-2.6.38.2/arch/sparc/kernel/unaligned_64.c 2011-03-21 18:31:35.000000000 -0400
4533@@ -278,7 +278,7 @@ static void log_unaligned(struct pt_regs
4534 static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
4535
4536 if (__ratelimit(&ratelimit)) {
4537- printk("Kernel unaligned access at TPC[%lx] %pS\n",
4538+ printk("Kernel unaligned access at TPC[%lx] %pA\n",
4539 regs->tpc, (void *) regs->tpc);
4540 }
4541 }
4542diff -urNp linux-2.6.38.2/arch/sparc/lib/atomic_64.S linux-2.6.38.2/arch/sparc/lib/atomic_64.S
4543--- linux-2.6.38.2/arch/sparc/lib/atomic_64.S 2011-03-14 21:20:32.000000000 -0400
4544+++ linux-2.6.38.2/arch/sparc/lib/atomic_64.S 2011-03-21 18:31:35.000000000 -0400
4545@@ -18,7 +18,12 @@
4546 atomic_add: /* %o0 = increment, %o1 = atomic_ptr */
4547 BACKOFF_SETUP(%o2)
4548 1: lduw [%o1], %g1
4549- add %g1, %o0, %g7
4550+ addcc %g1, %o0, %g7
4551+
4552+#ifdef CONFIG_PAX_REFCOUNT
4553+ tvs %icc, 6
4554+#endif
4555+
4556 cas [%o1], %g1, %g7
4557 cmp %g1, %g7
4558 bne,pn %icc, BACKOFF_LABEL(2f, 1b)
4559@@ -28,12 +33,32 @@ atomic_add: /* %o0 = increment, %o1 = at
4560 2: BACKOFF_SPIN(%o2, %o3, 1b)
4561 .size atomic_add, .-atomic_add
4562
4563+ .globl atomic_add_unchecked
4564+ .type atomic_add_unchecked,#function
4565+atomic_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
4566+ BACKOFF_SETUP(%o2)
4567+1: lduw [%o1], %g1
4568+ add %g1, %o0, %g7
4569+ cas [%o1], %g1, %g7
4570+ cmp %g1, %g7
4571+ bne,pn %icc, 2f
4572+ nop
4573+ retl
4574+ nop
4575+2: BACKOFF_SPIN(%o2, %o3, 1b)
4576+ .size atomic_add_unchecked, .-atomic_add_unchecked
4577+
4578 .globl atomic_sub
4579 .type atomic_sub,#function
4580 atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */
4581 BACKOFF_SETUP(%o2)
4582 1: lduw [%o1], %g1
4583- sub %g1, %o0, %g7
4584+ subcc %g1, %o0, %g7
4585+
4586+#ifdef CONFIG_PAX_REFCOUNT
4587+ tvs %icc, 6
4588+#endif
4589+
4590 cas [%o1], %g1, %g7
4591 cmp %g1, %g7
4592 bne,pn %icc, BACKOFF_LABEL(2f, 1b)
4593@@ -43,12 +68,32 @@ atomic_sub: /* %o0 = decrement, %o1 = at
4594 2: BACKOFF_SPIN(%o2, %o3, 1b)
4595 .size atomic_sub, .-atomic_sub
4596
4597+ .globl atomic_sub_unchecked
4598+ .type atomic_sub_unchecked,#function
4599+atomic_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */
4600+ BACKOFF_SETUP(%o2)
4601+1: lduw [%o1], %g1
4602+ sub %g1, %o0, %g7
4603+ cas [%o1], %g1, %g7
4604+ cmp %g1, %g7
4605+ bne,pn %icc, 2f
4606+ nop
4607+ retl
4608+ nop
4609+2: BACKOFF_SPIN(%o2, %o3, 1b)
4610+ .size atomic_sub_unchecked, .-atomic_sub_unchecked
4611+
4612 .globl atomic_add_ret
4613 .type atomic_add_ret,#function
4614 atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
4615 BACKOFF_SETUP(%o2)
4616 1: lduw [%o1], %g1
4617- add %g1, %o0, %g7
4618+ addcc %g1, %o0, %g7
4619+
4620+#ifdef CONFIG_PAX_REFCOUNT
4621+ tvs %icc, 6
4622+#endif
4623+
4624 cas [%o1], %g1, %g7
4625 cmp %g1, %g7
4626 bne,pn %icc, BACKOFF_LABEL(2f, 1b)
4627@@ -58,12 +103,33 @@ atomic_add_ret: /* %o0 = increment, %o1
4628 2: BACKOFF_SPIN(%o2, %o3, 1b)
4629 .size atomic_add_ret, .-atomic_add_ret
4630
4631+ .globl atomic_add_ret_unchecked
4632+ .type atomic_add_ret_unchecked,#function
4633+atomic_add_ret_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
4634+ BACKOFF_SETUP(%o2)
4635+1: lduw [%o1], %g1
4636+ addcc %g1, %o0, %g7
4637+ cas [%o1], %g1, %g7
4638+ cmp %g1, %g7
4639+ bne,pn %icc, 2f
4640+ add %g7, %o0, %g7
4641+ sra %g7, 0, %o0
4642+ retl
4643+ nop
4644+2: BACKOFF_SPIN(%o2, %o3, 1b)
4645+ .size atomic_add_ret_unchecked, .-atomic_add_ret_unchecked
4646+
4647 .globl atomic_sub_ret
4648 .type atomic_sub_ret,#function
4649 atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
4650 BACKOFF_SETUP(%o2)
4651 1: lduw [%o1], %g1
4652- sub %g1, %o0, %g7
4653+ subcc %g1, %o0, %g7
4654+
4655+#ifdef CONFIG_PAX_REFCOUNT
4656+ tvs %icc, 6
4657+#endif
4658+
4659 cas [%o1], %g1, %g7
4660 cmp %g1, %g7
4661 bne,pn %icc, BACKOFF_LABEL(2f, 1b)
4662@@ -78,7 +144,12 @@ atomic_sub_ret: /* %o0 = decrement, %o1
4663 atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */
4664 BACKOFF_SETUP(%o2)
4665 1: ldx [%o1], %g1
4666- add %g1, %o0, %g7
4667+ addcc %g1, %o0, %g7
4668+
4669+#ifdef CONFIG_PAX_REFCOUNT
4670+ tvs %xcc, 6
4671+#endif
4672+
4673 casx [%o1], %g1, %g7
4674 cmp %g1, %g7
4675 bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
4676@@ -88,12 +159,32 @@ atomic64_add: /* %o0 = increment, %o1 =
4677 2: BACKOFF_SPIN(%o2, %o3, 1b)
4678 .size atomic64_add, .-atomic64_add
4679
4680+ .globl atomic64_add_unchecked
4681+ .type atomic64_add_unchecked,#function
4682+atomic64_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
4683+ BACKOFF_SETUP(%o2)
4684+1: ldx [%o1], %g1
4685+ addcc %g1, %o0, %g7
4686+ casx [%o1], %g1, %g7
4687+ cmp %g1, %g7
4688+ bne,pn %xcc, 2f
4689+ nop
4690+ retl
4691+ nop
4692+2: BACKOFF_SPIN(%o2, %o3, 1b)
4693+ .size atomic64_add_unchecked, .-atomic64_add_unchecked
4694+
4695 .globl atomic64_sub
4696 .type atomic64_sub,#function
4697 atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */
4698 BACKOFF_SETUP(%o2)
4699 1: ldx [%o1], %g1
4700- sub %g1, %o0, %g7
4701+ subcc %g1, %o0, %g7
4702+
4703+#ifdef CONFIG_PAX_REFCOUNT
4704+ tvs %xcc, 6
4705+#endif
4706+
4707 casx [%o1], %g1, %g7
4708 cmp %g1, %g7
4709 bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
4710@@ -103,12 +194,32 @@ atomic64_sub: /* %o0 = decrement, %o1 =
4711 2: BACKOFF_SPIN(%o2, %o3, 1b)
4712 .size atomic64_sub, .-atomic64_sub
4713
4714+ .globl atomic64_sub_unchecked
4715+ .type atomic64_sub_unchecked,#function
4716+atomic64_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */
4717+ BACKOFF_SETUP(%o2)
4718+1: ldx [%o1], %g1
4719+ subcc %g1, %o0, %g7
4720+ casx [%o1], %g1, %g7
4721+ cmp %g1, %g7
4722+ bne,pn %xcc, 2f
4723+ nop
4724+ retl
4725+ nop
4726+2: BACKOFF_SPIN(%o2, %o3, 1b)
4727+ .size atomic64_sub_unchecked, .-atomic64_sub_unchecked
4728+
4729 .globl atomic64_add_ret
4730 .type atomic64_add_ret,#function
4731 atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */
4732 BACKOFF_SETUP(%o2)
4733 1: ldx [%o1], %g1
4734- add %g1, %o0, %g7
4735+ addcc %g1, %o0, %g7
4736+
4737+#ifdef CONFIG_PAX_REFCOUNT
4738+ tvs %xcc, 6
4739+#endif
4740+
4741 casx [%o1], %g1, %g7
4742 cmp %g1, %g7
4743 bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
4744@@ -118,12 +229,33 @@ atomic64_add_ret: /* %o0 = increment, %o
4745 2: BACKOFF_SPIN(%o2, %o3, 1b)
4746 .size atomic64_add_ret, .-atomic64_add_ret
4747
4748+ .globl atomic64_add_ret_unchecked
4749+ .type atomic64_add_ret_unchecked,#function
4750+atomic64_add_ret_unchecked: /* %o0 = increment, %o1 = atomic_ptr */
4751+ BACKOFF_SETUP(%o2)
4752+1: ldx [%o1], %g1
4753+ addcc %g1, %o0, %g7
4754+ casx [%o1], %g1, %g7
4755+ cmp %g1, %g7
4756+ bne,pn %xcc, 2f
4757+ add %g7, %o0, %g7
4758+ mov %g7, %o0
4759+ retl
4760+ nop
4761+2: BACKOFF_SPIN(%o2, %o3, 1b)
4762+ .size atomic64_add_ret_unchecked, .-atomic64_add_ret_unchecked
4763+
4764 .globl atomic64_sub_ret
4765 .type atomic64_sub_ret,#function
4766 atomic64_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */
4767 BACKOFF_SETUP(%o2)
4768 1: ldx [%o1], %g1
4769- sub %g1, %o0, %g7
4770+ subcc %g1, %o0, %g7
4771+
4772+#ifdef CONFIG_PAX_REFCOUNT
4773+ tvs %xcc, 6
4774+#endif
4775+
4776 casx [%o1], %g1, %g7
4777 cmp %g1, %g7
4778 bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
4779diff -urNp linux-2.6.38.2/arch/sparc/lib/ksyms.c linux-2.6.38.2/arch/sparc/lib/ksyms.c
4780--- linux-2.6.38.2/arch/sparc/lib/ksyms.c 2011-03-14 21:20:32.000000000 -0400
4781+++ linux-2.6.38.2/arch/sparc/lib/ksyms.c 2011-03-21 18:31:35.000000000 -0400
4782@@ -142,12 +142,17 @@ EXPORT_SYMBOL(__downgrade_write);
4783
4784 /* Atomic counter implementation. */
4785 EXPORT_SYMBOL(atomic_add);
4786+EXPORT_SYMBOL(atomic_add_unchecked);
4787 EXPORT_SYMBOL(atomic_add_ret);
4788 EXPORT_SYMBOL(atomic_sub);
4789+EXPORT_SYMBOL(atomic_sub_unchecked);
4790 EXPORT_SYMBOL(atomic_sub_ret);
4791 EXPORT_SYMBOL(atomic64_add);
4792+EXPORT_SYMBOL(atomic64_add_unchecked);
4793 EXPORT_SYMBOL(atomic64_add_ret);
4794+EXPORT_SYMBOL(atomic64_add_ret_unchecked);
4795 EXPORT_SYMBOL(atomic64_sub);
4796+EXPORT_SYMBOL(atomic64_sub_unchecked);
4797 EXPORT_SYMBOL(atomic64_sub_ret);
4798
4799 /* Atomic bit operations. */
4800diff -urNp linux-2.6.38.2/arch/sparc/Makefile linux-2.6.38.2/arch/sparc/Makefile
4801--- linux-2.6.38.2/arch/sparc/Makefile 2011-03-14 21:20:32.000000000 -0400
4802+++ linux-2.6.38.2/arch/sparc/Makefile 2011-03-21 18:31:35.000000000 -0400
4803@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
4804 # Export what is needed by arch/sparc/boot/Makefile
4805 export VMLINUX_INIT VMLINUX_MAIN
4806 VMLINUX_INIT := $(head-y) $(init-y)
4807-VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
4808+VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
4809 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
4810 VMLINUX_MAIN += $(drivers-y) $(net-y)
4811
4812diff -urNp linux-2.6.38.2/arch/sparc/mm/fault_32.c linux-2.6.38.2/arch/sparc/mm/fault_32.c
4813--- linux-2.6.38.2/arch/sparc/mm/fault_32.c 2011-03-14 21:20:32.000000000 -0400
4814+++ linux-2.6.38.2/arch/sparc/mm/fault_32.c 2011-03-21 18:31:35.000000000 -0400
4815@@ -22,6 +22,9 @@
4816 #include <linux/interrupt.h>
4817 #include <linux/module.h>
4818 #include <linux/kdebug.h>
4819+#include <linux/slab.h>
4820+#include <linux/pagemap.h>
4821+#include <linux/compiler.h>
4822
4823 #include <asm/system.h>
4824 #include <asm/page.h>
4825@@ -209,6 +212,268 @@ static unsigned long compute_si_addr(str
4826 return safe_compute_effective_address(regs, insn);
4827 }
4828
4829+#ifdef CONFIG_PAX_PAGEEXEC
4830+#ifdef CONFIG_PAX_DLRESOLVE
4831+static void pax_emuplt_close(struct vm_area_struct *vma)
4832+{
4833+ vma->vm_mm->call_dl_resolve = 0UL;
4834+}
4835+
4836+static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
4837+{
4838+ unsigned int *kaddr;
4839+
4840+ vmf->page = alloc_page(GFP_HIGHUSER);
4841+ if (!vmf->page)
4842+ return VM_FAULT_OOM;
4843+
4844+ kaddr = kmap(vmf->page);
4845+ memset(kaddr, 0, PAGE_SIZE);
4846+ kaddr[0] = 0x9DE3BFA8U; /* save */
4847+ flush_dcache_page(vmf->page);
4848+ kunmap(vmf->page);
4849+ return VM_FAULT_MAJOR;
4850+}
4851+
4852+static const struct vm_operations_struct pax_vm_ops = {
4853+ .close = pax_emuplt_close,
4854+ .fault = pax_emuplt_fault
4855+};
4856+
4857+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
4858+{
4859+ int ret;
4860+
4861+ INIT_LIST_HEAD(&vma->anon_vma_chain);
4862+ vma->vm_mm = current->mm;
4863+ vma->vm_start = addr;
4864+ vma->vm_end = addr + PAGE_SIZE;
4865+ vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
4866+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
4867+ vma->vm_ops = &pax_vm_ops;
4868+
4869+ ret = insert_vm_struct(current->mm, vma);
4870+ if (ret)
4871+ return ret;
4872+
4873+ ++current->mm->total_vm;
4874+ return 0;
4875+}
4876+#endif
4877+
4878+/*
4879+ * PaX: decide what to do with offenders (regs->pc = fault address)
4880+ *
4881+ * returns 1 when task should be killed
4882+ * 2 when patched PLT trampoline was detected
4883+ * 3 when unpatched PLT trampoline was detected
4884+ */
4885+static int pax_handle_fetch_fault(struct pt_regs *regs)
4886+{
4887+
4888+#ifdef CONFIG_PAX_EMUPLT
4889+ int err;
4890+
4891+ do { /* PaX: patched PLT emulation #1 */
4892+ unsigned int sethi1, sethi2, jmpl;
4893+
4894+ err = get_user(sethi1, (unsigned int *)regs->pc);
4895+ err |= get_user(sethi2, (unsigned int *)(regs->pc+4));
4896+ err |= get_user(jmpl, (unsigned int *)(regs->pc+8));
4897+
4898+ if (err)
4899+ break;
4900+
4901+ if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
4902+ (sethi2 & 0xFFC00000U) == 0x03000000U &&
4903+ (jmpl & 0xFFFFE000U) == 0x81C06000U)
4904+ {
4905+ unsigned int addr;
4906+
4907+ regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
4908+ addr = regs->u_regs[UREG_G1];
4909+ addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4910+ regs->pc = addr;
4911+ regs->npc = addr+4;
4912+ return 2;
4913+ }
4914+ } while (0);
4915+
4916+ { /* PaX: patched PLT emulation #2 */
4917+ unsigned int ba;
4918+
4919+ err = get_user(ba, (unsigned int *)regs->pc);
4920+
4921+ if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
4922+ unsigned int addr;
4923+
4924+ addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
4925+ regs->pc = addr;
4926+ regs->npc = addr+4;
4927+ return 2;
4928+ }
4929+ }
4930+
4931+ do { /* PaX: patched PLT emulation #3 */
4932+ unsigned int sethi, jmpl, nop;
4933+
4934+ err = get_user(sethi, (unsigned int *)regs->pc);
4935+ err |= get_user(jmpl, (unsigned int *)(regs->pc+4));
4936+ err |= get_user(nop, (unsigned int *)(regs->pc+8));
4937+
4938+ if (err)
4939+ break;
4940+
4941+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
4942+ (jmpl & 0xFFFFE000U) == 0x81C06000U &&
4943+ nop == 0x01000000U)
4944+ {
4945+ unsigned int addr;
4946+
4947+ addr = (sethi & 0x003FFFFFU) << 10;
4948+ regs->u_regs[UREG_G1] = addr;
4949+ addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
4950+ regs->pc = addr;
4951+ regs->npc = addr+4;
4952+ return 2;
4953+ }
4954+ } while (0);
4955+
4956+ do { /* PaX: unpatched PLT emulation step 1 */
4957+ unsigned int sethi, ba, nop;
4958+
4959+ err = get_user(sethi, (unsigned int *)regs->pc);
4960+ err |= get_user(ba, (unsigned int *)(regs->pc+4));
4961+ err |= get_user(nop, (unsigned int *)(regs->pc+8));
4962+
4963+ if (err)
4964+ break;
4965+
4966+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
4967+ ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
4968+ nop == 0x01000000U)
4969+ {
4970+ unsigned int addr, save, call;
4971+
4972+ if ((ba & 0xFFC00000U) == 0x30800000U)
4973+ addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
4974+ else
4975+ addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
4976+
4977+ err = get_user(save, (unsigned int *)addr);
4978+ err |= get_user(call, (unsigned int *)(addr+4));
4979+ err |= get_user(nop, (unsigned int *)(addr+8));
4980+ if (err)
4981+ break;
4982+
4983+#ifdef CONFIG_PAX_DLRESOLVE
4984+ if (save == 0x9DE3BFA8U &&
4985+ (call & 0xC0000000U) == 0x40000000U &&
4986+ nop == 0x01000000U)
4987+ {
4988+ struct vm_area_struct *vma;
4989+ unsigned long call_dl_resolve;
4990+
4991+ down_read(&current->mm->mmap_sem);
4992+ call_dl_resolve = current->mm->call_dl_resolve;
4993+ up_read(&current->mm->mmap_sem);
4994+ if (likely(call_dl_resolve))
4995+ goto emulate;
4996+
4997+ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4998+
4999+ down_write(&current->mm->mmap_sem);
5000+ if (current->mm->call_dl_resolve) {
5001+ call_dl_resolve = current->mm->call_dl_resolve;
5002+ up_write(&current->mm->mmap_sem);
5003+ if (vma)
5004+ kmem_cache_free(vm_area_cachep, vma);
5005+ goto emulate;
5006+ }
5007+
5008+ call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
5009+ if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
5010+ up_write(&current->mm->mmap_sem);
5011+ if (vma)
5012+ kmem_cache_free(vm_area_cachep, vma);
5013+ return 1;
5014+ }
5015+
5016+ if (pax_insert_vma(vma, call_dl_resolve)) {
5017+ up_write(&current->mm->mmap_sem);
5018+ kmem_cache_free(vm_area_cachep, vma);
5019+ return 1;
5020+ }
5021+
5022+ current->mm->call_dl_resolve = call_dl_resolve;
5023+ up_write(&current->mm->mmap_sem);
5024+
5025+emulate:
5026+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5027+ regs->pc = call_dl_resolve;
5028+ regs->npc = addr+4;
5029+ return 3;
5030+ }
5031+#endif
5032+
5033+ /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
5034+ if ((save & 0xFFC00000U) == 0x05000000U &&
5035+ (call & 0xFFFFE000U) == 0x85C0A000U &&
5036+ nop == 0x01000000U)
5037+ {
5038+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5039+ regs->u_regs[UREG_G2] = addr + 4;
5040+ addr = (save & 0x003FFFFFU) << 10;
5041+ addr += (((call | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
5042+ regs->pc = addr;
5043+ regs->npc = addr+4;
5044+ return 3;
5045+ }
5046+ }
5047+ } while (0);
5048+
5049+ do { /* PaX: unpatched PLT emulation step 2 */
5050+ unsigned int save, call, nop;
5051+
5052+ err = get_user(save, (unsigned int *)(regs->pc-4));
5053+ err |= get_user(call, (unsigned int *)regs->pc);
5054+ err |= get_user(nop, (unsigned int *)(regs->pc+4));
5055+ if (err)
5056+ break;
5057+
5058+ if (save == 0x9DE3BFA8U &&
5059+ (call & 0xC0000000U) == 0x40000000U &&
5060+ nop == 0x01000000U)
5061+ {
5062+ unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
5063+
5064+ regs->u_regs[UREG_RETPC] = regs->pc;
5065+ regs->pc = dl_resolve;
5066+ regs->npc = dl_resolve+4;
5067+ return 3;
5068+ }
5069+ } while (0);
5070+#endif
5071+
5072+ return 1;
5073+}
5074+
5075+void pax_report_insns(void *pc, void *sp)
5076+{
5077+ unsigned long i;
5078+
5079+ printk(KERN_ERR "PAX: bytes at PC: ");
5080+ for (i = 0; i < 8; i++) {
5081+ unsigned int c;
5082+ if (get_user(c, (unsigned int *)pc+i))
5083+ printk(KERN_CONT "???????? ");
5084+ else
5085+ printk(KERN_CONT "%08x ", c);
5086+ }
5087+ printk("\n");
5088+}
5089+#endif
5090+
5091 static noinline void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
5092 int text_fault)
5093 {
5094@@ -282,6 +547,24 @@ good_area:
5095 if(!(vma->vm_flags & VM_WRITE))
5096 goto bad_area;
5097 } else {
5098+
5099+#ifdef CONFIG_PAX_PAGEEXEC
5100+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
5101+ up_read(&mm->mmap_sem);
5102+ switch (pax_handle_fetch_fault(regs)) {
5103+
5104+#ifdef CONFIG_PAX_EMUPLT
5105+ case 2:
5106+ case 3:
5107+ return;
5108+#endif
5109+
5110+ }
5111+ pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]);
5112+ do_group_exit(SIGKILL);
5113+ }
5114+#endif
5115+
5116 /* Allow reads even for write-only mappings */
5117 if(!(vma->vm_flags & (VM_READ | VM_EXEC)))
5118 goto bad_area;
5119diff -urNp linux-2.6.38.2/arch/sparc/mm/fault_64.c linux-2.6.38.2/arch/sparc/mm/fault_64.c
5120--- linux-2.6.38.2/arch/sparc/mm/fault_64.c 2011-03-14 21:20:32.000000000 -0400
5121+++ linux-2.6.38.2/arch/sparc/mm/fault_64.c 2011-03-21 18:31:35.000000000 -0400
5122@@ -21,6 +21,9 @@
5123 #include <linux/kprobes.h>
5124 #include <linux/kdebug.h>
5125 #include <linux/percpu.h>
5126+#include <linux/slab.h>
5127+#include <linux/pagemap.h>
5128+#include <linux/compiler.h>
5129
5130 #include <asm/page.h>
5131 #include <asm/pgtable.h>
5132@@ -74,7 +77,7 @@ static void __kprobes bad_kernel_pc(stru
5133 printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n",
5134 regs->tpc);
5135 printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]);
5136- printk("OOPS: RPC <%pS>\n", (void *) regs->u_regs[15]);
5137+ printk("OOPS: RPC <%pA>\n", (void *) regs->u_regs[15]);
5138 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
5139 dump_stack();
5140 unhandled_fault(regs->tpc, current, regs);
5141@@ -272,6 +275,457 @@ static void noinline __kprobes bogus_32b
5142 show_regs(regs);
5143 }
5144
5145+#ifdef CONFIG_PAX_PAGEEXEC
5146+#ifdef CONFIG_PAX_DLRESOLVE
5147+static void pax_emuplt_close(struct vm_area_struct *vma)
5148+{
5149+ vma->vm_mm->call_dl_resolve = 0UL;
5150+}
5151+
5152+static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
5153+{
5154+ unsigned int *kaddr;
5155+
5156+ vmf->page = alloc_page(GFP_HIGHUSER);
5157+ if (!vmf->page)
5158+ return VM_FAULT_OOM;
5159+
5160+ kaddr = kmap(vmf->page);
5161+ memset(kaddr, 0, PAGE_SIZE);
5162+ kaddr[0] = 0x9DE3BFA8U; /* save */
5163+ flush_dcache_page(vmf->page);
5164+ kunmap(vmf->page);
5165+ return VM_FAULT_MAJOR;
5166+}
5167+
5168+static const struct vm_operations_struct pax_vm_ops = {
5169+ .close = pax_emuplt_close,
5170+ .fault = pax_emuplt_fault
5171+};
5172+
5173+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
5174+{
5175+ int ret;
5176+
5177+ INIT_LIST_HEAD(&vma->anon_vma_chain);
5178+ vma->vm_mm = current->mm;
5179+ vma->vm_start = addr;
5180+ vma->vm_end = addr + PAGE_SIZE;
5181+ vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
5182+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
5183+ vma->vm_ops = &pax_vm_ops;
5184+
5185+ ret = insert_vm_struct(current->mm, vma);
5186+ if (ret)
5187+ return ret;
5188+
5189+ ++current->mm->total_vm;
5190+ return 0;
5191+}
5192+#endif
5193+
5194+/*
5195+ * PaX: decide what to do with offenders (regs->tpc = fault address)
5196+ *
5197+ * returns 1 when task should be killed
5198+ * 2 when patched PLT trampoline was detected
5199+ * 3 when unpatched PLT trampoline was detected
5200+ */
5201+static int pax_handle_fetch_fault(struct pt_regs *regs)
5202+{
5203+
5204+#ifdef CONFIG_PAX_EMUPLT
5205+ int err;
5206+
5207+ do { /* PaX: patched PLT emulation #1 */
5208+ unsigned int sethi1, sethi2, jmpl;
5209+
5210+ err = get_user(sethi1, (unsigned int *)regs->tpc);
5211+ err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
5212+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+8));
5213+
5214+ if (err)
5215+ break;
5216+
5217+ if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
5218+ (sethi2 & 0xFFC00000U) == 0x03000000U &&
5219+ (jmpl & 0xFFFFE000U) == 0x81C06000U)
5220+ {
5221+ unsigned long addr;
5222+
5223+ regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
5224+ addr = regs->u_regs[UREG_G1];
5225+ addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
5226+
5227+ if (test_thread_flag(TIF_32BIT))
5228+ addr &= 0xFFFFFFFFUL;
5229+
5230+ regs->tpc = addr;
5231+ regs->tnpc = addr+4;
5232+ return 2;
5233+ }
5234+ } while (0);
5235+
5236+ { /* PaX: patched PLT emulation #2 */
5237+ unsigned int ba;
5238+
5239+ err = get_user(ba, (unsigned int *)regs->tpc);
5240+
5241+ if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
5242+ unsigned long addr;
5243+
5244+ addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
5245+
5246+ if (test_thread_flag(TIF_32BIT))
5247+ addr &= 0xFFFFFFFFUL;
5248+
5249+ regs->tpc = addr;
5250+ regs->tnpc = addr+4;
5251+ return 2;
5252+ }
5253+ }
5254+
5255+ do { /* PaX: patched PLT emulation #3 */
5256+ unsigned int sethi, jmpl, nop;
5257+
5258+ err = get_user(sethi, (unsigned int *)regs->tpc);
5259+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+4));
5260+ err |= get_user(nop, (unsigned int *)(regs->tpc+8));
5261+
5262+ if (err)
5263+ break;
5264+
5265+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
5266+ (jmpl & 0xFFFFE000U) == 0x81C06000U &&
5267+ nop == 0x01000000U)
5268+ {
5269+ unsigned long addr;
5270+
5271+ addr = (sethi & 0x003FFFFFU) << 10;
5272+ regs->u_regs[UREG_G1] = addr;
5273+ addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
5274+
5275+ if (test_thread_flag(TIF_32BIT))
5276+ addr &= 0xFFFFFFFFUL;
5277+
5278+ regs->tpc = addr;
5279+ regs->tnpc = addr+4;
5280+ return 2;
5281+ }
5282+ } while (0);
5283+
5284+ do { /* PaX: patched PLT emulation #4 */
5285+ unsigned int sethi, mov1, call, mov2;
5286+
5287+ err = get_user(sethi, (unsigned int *)regs->tpc);
5288+ err |= get_user(mov1, (unsigned int *)(regs->tpc+4));
5289+ err |= get_user(call, (unsigned int *)(regs->tpc+8));
5290+ err |= get_user(mov2, (unsigned int *)(regs->tpc+12));
5291+
5292+ if (err)
5293+ break;
5294+
5295+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
5296+ mov1 == 0x8210000FU &&
5297+ (call & 0xC0000000U) == 0x40000000U &&
5298+ mov2 == 0x9E100001U)
5299+ {
5300+ unsigned long addr;
5301+
5302+ regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
5303+ addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
5304+
5305+ if (test_thread_flag(TIF_32BIT))
5306+ addr &= 0xFFFFFFFFUL;
5307+
5308+ regs->tpc = addr;
5309+ regs->tnpc = addr+4;
5310+ return 2;
5311+ }
5312+ } while (0);
5313+
5314+ do { /* PaX: patched PLT emulation #5 */
5315+ unsigned int sethi, sethi1, sethi2, or1, or2, sllx, jmpl, nop;
5316+
5317+ err = get_user(sethi, (unsigned int *)regs->tpc);
5318+ err |= get_user(sethi1, (unsigned int *)(regs->tpc+4));
5319+ err |= get_user(sethi2, (unsigned int *)(regs->tpc+8));
5320+ err |= get_user(or1, (unsigned int *)(regs->tpc+12));
5321+ err |= get_user(or2, (unsigned int *)(regs->tpc+16));
5322+ err |= get_user(sllx, (unsigned int *)(regs->tpc+20));
5323+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+24));
5324+ err |= get_user(nop, (unsigned int *)(regs->tpc+28));
5325+
5326+ if (err)
5327+ break;
5328+
5329+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
5330+ (sethi1 & 0xFFC00000U) == 0x03000000U &&
5331+ (sethi2 & 0xFFC00000U) == 0x0B000000U &&
5332+ (or1 & 0xFFFFE000U) == 0x82106000U &&
5333+ (or2 & 0xFFFFE000U) == 0x8A116000U &&
5334+ sllx == 0x83287020U &&
5335+ jmpl == 0x81C04005U &&
5336+ nop == 0x01000000U)
5337+ {
5338+ unsigned long addr;
5339+
5340+ regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
5341+ regs->u_regs[UREG_G1] <<= 32;
5342+ regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
5343+ addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
5344+ regs->tpc = addr;
5345+ regs->tnpc = addr+4;
5346+ return 2;
5347+ }
5348+ } while (0);
5349+
5350+ do { /* PaX: patched PLT emulation #6 */
5351+ unsigned int sethi, sethi1, sethi2, sllx, or, jmpl, nop;
5352+
5353+ err = get_user(sethi, (unsigned int *)regs->tpc);
5354+ err |= get_user(sethi1, (unsigned int *)(regs->tpc+4));
5355+ err |= get_user(sethi2, (unsigned int *)(regs->tpc+8));
5356+ err |= get_user(sllx, (unsigned int *)(regs->tpc+12));
5357+ err |= get_user(or, (unsigned int *)(regs->tpc+16));
5358+ err |= get_user(jmpl, (unsigned int *)(regs->tpc+20));
5359+ err |= get_user(nop, (unsigned int *)(regs->tpc+24));
5360+
5361+ if (err)
5362+ break;
5363+
5364+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
5365+ (sethi1 & 0xFFC00000U) == 0x03000000U &&
5366+ (sethi2 & 0xFFC00000U) == 0x0B000000U &&
5367+ sllx == 0x83287020U &&
5368+ (or & 0xFFFFE000U) == 0x8A116000U &&
5369+ jmpl == 0x81C04005U &&
5370+ nop == 0x01000000U)
5371+ {
5372+ unsigned long addr;
5373+
5374+ regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
5375+ regs->u_regs[UREG_G1] <<= 32;
5376+ regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
5377+ addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
5378+ regs->tpc = addr;
5379+ regs->tnpc = addr+4;
5380+ return 2;
5381+ }
5382+ } while (0);
5383+
5384+ do { /* PaX: unpatched PLT emulation step 1 */
5385+ unsigned int sethi, ba, nop;
5386+
5387+ err = get_user(sethi, (unsigned int *)regs->tpc);
5388+ err |= get_user(ba, (unsigned int *)(regs->tpc+4));
5389+ err |= get_user(nop, (unsigned int *)(regs->tpc+8));
5390+
5391+ if (err)
5392+ break;
5393+
5394+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
5395+ ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
5396+ nop == 0x01000000U)
5397+ {
5398+ unsigned long addr;
5399+ unsigned int save, call;
5400+ unsigned int sethi1, sethi2, or1, or2, sllx, add, jmpl;
5401+
5402+ if ((ba & 0xFFC00000U) == 0x30800000U)
5403+ addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
5404+ else
5405+ addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
5406+
5407+ if (test_thread_flag(TIF_32BIT))
5408+ addr &= 0xFFFFFFFFUL;
5409+
5410+ err = get_user(save, (unsigned int *)addr);
5411+ err |= get_user(call, (unsigned int *)(addr+4));
5412+ err |= get_user(nop, (unsigned int *)(addr+8));
5413+ if (err)
5414+ break;
5415+
5416+#ifdef CONFIG_PAX_DLRESOLVE
5417+ if (save == 0x9DE3BFA8U &&
5418+ (call & 0xC0000000U) == 0x40000000U &&
5419+ nop == 0x01000000U)
5420+ {
5421+ struct vm_area_struct *vma;
5422+ unsigned long call_dl_resolve;
5423+
5424+ down_read(&current->mm->mmap_sem);
5425+ call_dl_resolve = current->mm->call_dl_resolve;
5426+ up_read(&current->mm->mmap_sem);
5427+ if (likely(call_dl_resolve))
5428+ goto emulate;
5429+
5430+ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
5431+
5432+ down_write(&current->mm->mmap_sem);
5433+ if (current->mm->call_dl_resolve) {
5434+ call_dl_resolve = current->mm->call_dl_resolve;
5435+ up_write(&current->mm->mmap_sem);
5436+ if (vma)
5437+ kmem_cache_free(vm_area_cachep, vma);
5438+ goto emulate;
5439+ }
5440+
5441+ call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
5442+ if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
5443+ up_write(&current->mm->mmap_sem);
5444+ if (vma)
5445+ kmem_cache_free(vm_area_cachep, vma);
5446+ return 1;
5447+ }
5448+
5449+ if (pax_insert_vma(vma, call_dl_resolve)) {
5450+ up_write(&current->mm->mmap_sem);
5451+ kmem_cache_free(vm_area_cachep, vma);
5452+ return 1;
5453+ }
5454+
5455+ current->mm->call_dl_resolve = call_dl_resolve;
5456+ up_write(&current->mm->mmap_sem);
5457+
5458+emulate:
5459+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5460+ regs->tpc = call_dl_resolve;
5461+ regs->tnpc = addr+4;
5462+ return 3;
5463+ }
5464+#endif
5465+
5466+ /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
5467+ if ((save & 0xFFC00000U) == 0x05000000U &&
5468+ (call & 0xFFFFE000U) == 0x85C0A000U &&
5469+ nop == 0x01000000U)
5470+ {
5471+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5472+ regs->u_regs[UREG_G2] = addr + 4;
5473+ addr = (save & 0x003FFFFFU) << 10;
5474+ addr += (((call | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
5475+
5476+ if (test_thread_flag(TIF_32BIT))
5477+ addr &= 0xFFFFFFFFUL;
5478+
5479+ regs->tpc = addr;
5480+ regs->tnpc = addr+4;
5481+ return 3;
5482+ }
5483+
5484+ /* PaX: 64-bit PLT stub */
5485+ err = get_user(sethi1, (unsigned int *)addr);
5486+ err |= get_user(sethi2, (unsigned int *)(addr+4));
5487+ err |= get_user(or1, (unsigned int *)(addr+8));
5488+ err |= get_user(or2, (unsigned int *)(addr+12));
5489+ err |= get_user(sllx, (unsigned int *)(addr+16));
5490+ err |= get_user(add, (unsigned int *)(addr+20));
5491+ err |= get_user(jmpl, (unsigned int *)(addr+24));
5492+ err |= get_user(nop, (unsigned int *)(addr+28));
5493+ if (err)
5494+ break;
5495+
5496+ if ((sethi1 & 0xFFC00000U) == 0x09000000U &&
5497+ (sethi2 & 0xFFC00000U) == 0x0B000000U &&
5498+ (or1 & 0xFFFFE000U) == 0x88112000U &&
5499+ (or2 & 0xFFFFE000U) == 0x8A116000U &&
5500+ sllx == 0x89293020U &&
5501+ add == 0x8A010005U &&
5502+ jmpl == 0x89C14000U &&
5503+ nop == 0x01000000U)
5504+ {
5505+ regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
5506+ regs->u_regs[UREG_G4] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
5507+ regs->u_regs[UREG_G4] <<= 32;
5508+ regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
5509+ regs->u_regs[UREG_G5] += regs->u_regs[UREG_G4];
5510+ regs->u_regs[UREG_G4] = addr + 24;
5511+ addr = regs->u_regs[UREG_G5];
5512+ regs->tpc = addr;
5513+ regs->tnpc = addr+4;
5514+ return 3;
5515+ }
5516+ }
5517+ } while (0);
5518+
5519+#ifdef CONFIG_PAX_DLRESOLVE
5520+ do { /* PaX: unpatched PLT emulation step 2 */
5521+ unsigned int save, call, nop;
5522+
5523+ err = get_user(save, (unsigned int *)(regs->tpc-4));
5524+ err |= get_user(call, (unsigned int *)regs->tpc);
5525+ err |= get_user(nop, (unsigned int *)(regs->tpc+4));
5526+ if (err)
5527+ break;
5528+
5529+ if (save == 0x9DE3BFA8U &&
5530+ (call & 0xC0000000U) == 0x40000000U &&
5531+ nop == 0x01000000U)
5532+ {
5533+ unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
5534+
5535+ if (test_thread_flag(TIF_32BIT))
5536+ dl_resolve &= 0xFFFFFFFFUL;
5537+
5538+ regs->u_regs[UREG_RETPC] = regs->tpc;
5539+ regs->tpc = dl_resolve;
5540+ regs->tnpc = dl_resolve+4;
5541+ return 3;
5542+ }
5543+ } while (0);
5544+#endif
5545+
5546+ do { /* PaX: patched PLT emulation #7, must be AFTER the unpatched PLT emulation */
5547+ unsigned int sethi, ba, nop;
5548+
5549+ err = get_user(sethi, (unsigned int *)regs->tpc);
5550+ err |= get_user(ba, (unsigned int *)(regs->tpc+4));
5551+ err |= get_user(nop, (unsigned int *)(regs->tpc+8));
5552+
5553+ if (err)
5554+ break;
5555+
5556+ if ((sethi & 0xFFC00000U) == 0x03000000U &&
5557+ (ba & 0xFFF00000U) == 0x30600000U &&
5558+ nop == 0x01000000U)
5559+ {
5560+ unsigned long addr;
5561+
5562+ addr = (sethi & 0x003FFFFFU) << 10;
5563+ regs->u_regs[UREG_G1] = addr;
5564+ addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
5565+
5566+ if (test_thread_flag(TIF_32BIT))
5567+ addr &= 0xFFFFFFFFUL;
5568+
5569+ regs->tpc = addr;
5570+ regs->tnpc = addr+4;
5571+ return 2;
5572+ }
5573+ } while (0);
5574+
5575+#endif
5576+
5577+ return 1;
5578+}
5579+
5580+void pax_report_insns(void *pc, void *sp)
5581+{
5582+ unsigned long i;
5583+
5584+ printk(KERN_ERR "PAX: bytes at PC: ");
5585+ for (i = 0; i < 8; i++) {
5586+ unsigned int c;
5587+ if (get_user(c, (unsigned int *)pc+i))
5588+ printk(KERN_CONT "???????? ");
5589+ else
5590+ printk(KERN_CONT "%08x ", c);
5591+ }
5592+ printk("\n");
5593+}
5594+#endif
5595+
5596 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
5597 {
5598 struct mm_struct *mm = current->mm;
5599@@ -340,6 +794,29 @@ asmlinkage void __kprobes do_sparc64_fau
5600 if (!vma)
5601 goto bad_area;
5602
5603+#ifdef CONFIG_PAX_PAGEEXEC
5604+ /* PaX: detect ITLB misses on non-exec pages */
5605+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
5606+ !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
5607+ {
5608+ if (address != regs->tpc)
5609+ goto good_area;
5610+
5611+ up_read(&mm->mmap_sem);
5612+ switch (pax_handle_fetch_fault(regs)) {
5613+
5614+#ifdef CONFIG_PAX_EMUPLT
5615+ case 2:
5616+ case 3:
5617+ return;
5618+#endif
5619+
5620+ }
5621+ pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS));
5622+ do_group_exit(SIGKILL);
5623+ }
5624+#endif
5625+
5626 /* Pure DTLB misses do not tell us whether the fault causing
5627 * load/store/atomic was a write or not, it only says that there
5628 * was no match. So in such a case we (carefully) read the
5629diff -urNp linux-2.6.38.2/arch/sparc/mm/hugetlbpage.c linux-2.6.38.2/arch/sparc/mm/hugetlbpage.c
5630--- linux-2.6.38.2/arch/sparc/mm/hugetlbpage.c 2011-03-14 21:20:32.000000000 -0400
5631+++ linux-2.6.38.2/arch/sparc/mm/hugetlbpage.c 2011-03-21 23:47:41.000000000 -0400
5632@@ -68,7 +68,7 @@ full_search:
5633 }
5634 return -ENOMEM;
5635 }
5636- if (likely(!vma || addr + len <= vma->vm_start)) {
5637+ if (likely(check_heap_stack_gap(vma, addr, len))) {
5638 /*
5639 * Remember the place where we stopped the search:
5640 */
5641@@ -107,7 +107,7 @@ hugetlb_get_unmapped_area_topdown(struct
5642 /* make sure it can fit in the remaining address space */
5643 if (likely(addr > len)) {
5644 vma = find_vma(mm, addr-len);
5645- if (!vma || addr <= vma->vm_start) {
5646+ if (check_heap_stack_gap(vma, addr - len, len)) {
5647 /* remember the address as a hint for next time */
5648 return (mm->free_area_cache = addr-len);
5649 }
5650@@ -116,16 +116,17 @@ hugetlb_get_unmapped_area_topdown(struct
5651 if (unlikely(mm->mmap_base < len))
5652 goto bottomup;
5653
5654- addr = (mm->mmap_base-len) & HPAGE_MASK;
5655+ addr = mm->mmap_base - len;
5656
5657 do {
5658+ addr &= HPAGE_MASK;
5659 /*
5660 * Lookup failure means no vma is above this address,
5661 * else if new region fits below vma->vm_start,
5662 * return with success:
5663 */
5664 vma = find_vma(mm, addr);
5665- if (likely(!vma || addr+len <= vma->vm_start)) {
5666+ if (likely(check_heap_stack_gap(vma, addr, len))) {
5667 /* remember the address as a hint for next time */
5668 return (mm->free_area_cache = addr);
5669 }
5670@@ -135,8 +136,8 @@ hugetlb_get_unmapped_area_topdown(struct
5671 mm->cached_hole_size = vma->vm_start - addr;
5672
5673 /* try just below the current vma->vm_start */
5674- addr = (vma->vm_start-len) & HPAGE_MASK;
5675- } while (likely(len < vma->vm_start));
5676+ addr = skip_heap_stack_gap(vma, len);
5677+ } while (!IS_ERR_VALUE(addr));
5678
5679 bottomup:
5680 /*
5681@@ -182,8 +183,7 @@ hugetlb_get_unmapped_area(struct file *f
5682 if (addr) {
5683 addr = ALIGN(addr, HPAGE_SIZE);
5684 vma = find_vma(mm, addr);
5685- if (task_size - len >= addr &&
5686- (!vma || addr + len <= vma->vm_start))
5687+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
5688 return addr;
5689 }
5690 if (mm->get_unmapped_area == arch_get_unmapped_area)
5691diff -urNp linux-2.6.38.2/arch/sparc/mm/init_32.c linux-2.6.38.2/arch/sparc/mm/init_32.c
5692--- linux-2.6.38.2/arch/sparc/mm/init_32.c 2011-03-14 21:20:32.000000000 -0400
5693+++ linux-2.6.38.2/arch/sparc/mm/init_32.c 2011-03-21 18:31:35.000000000 -0400
5694@@ -318,6 +318,9 @@ extern void device_scan(void);
5695 pgprot_t PAGE_SHARED __read_mostly;
5696 EXPORT_SYMBOL(PAGE_SHARED);
5697
5698+pgprot_t PAGE_SHARED_NOEXEC __read_mostly;
5699+EXPORT_SYMBOL(PAGE_SHARED_NOEXEC);
5700+
5701 void __init paging_init(void)
5702 {
5703 switch(sparc_cpu_model) {
5704@@ -346,17 +349,17 @@ void __init paging_init(void)
5705
5706 /* Initialize the protection map with non-constant, MMU dependent values. */
5707 protection_map[0] = PAGE_NONE;
5708- protection_map[1] = PAGE_READONLY;
5709- protection_map[2] = PAGE_COPY;
5710- protection_map[3] = PAGE_COPY;
5711+ protection_map[1] = PAGE_READONLY_NOEXEC;
5712+ protection_map[2] = PAGE_COPY_NOEXEC;
5713+ protection_map[3] = PAGE_COPY_NOEXEC;
5714 protection_map[4] = PAGE_READONLY;
5715 protection_map[5] = PAGE_READONLY;
5716 protection_map[6] = PAGE_COPY;
5717 protection_map[7] = PAGE_COPY;
5718 protection_map[8] = PAGE_NONE;
5719- protection_map[9] = PAGE_READONLY;
5720- protection_map[10] = PAGE_SHARED;
5721- protection_map[11] = PAGE_SHARED;
5722+ protection_map[9] = PAGE_READONLY_NOEXEC;
5723+ protection_map[10] = PAGE_SHARED_NOEXEC;
5724+ protection_map[11] = PAGE_SHARED_NOEXEC;
5725 protection_map[12] = PAGE_READONLY;
5726 protection_map[13] = PAGE_READONLY;
5727 protection_map[14] = PAGE_SHARED;
5728diff -urNp linux-2.6.38.2/arch/sparc/mm/Makefile linux-2.6.38.2/arch/sparc/mm/Makefile
5729--- linux-2.6.38.2/arch/sparc/mm/Makefile 2011-03-14 21:20:32.000000000 -0400
5730+++ linux-2.6.38.2/arch/sparc/mm/Makefile 2011-03-21 18:31:35.000000000 -0400
5731@@ -2,7 +2,7 @@
5732 #
5733
5734 asflags-y := -ansi
5735-ccflags-y := -Werror
5736+#ccflags-y := -Werror
5737
5738 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o
5739 obj-y += fault_$(BITS).o
5740diff -urNp linux-2.6.38.2/arch/sparc/mm/srmmu.c linux-2.6.38.2/arch/sparc/mm/srmmu.c
5741--- linux-2.6.38.2/arch/sparc/mm/srmmu.c 2011-03-14 21:20:32.000000000 -0400
5742+++ linux-2.6.38.2/arch/sparc/mm/srmmu.c 2011-03-21 18:31:35.000000000 -0400
5743@@ -2200,6 +2200,13 @@ void __init ld_mmu_srmmu(void)
5744 PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED);
5745 BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY));
5746 BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY));
5747+
5748+#ifdef CONFIG_PAX_PAGEEXEC
5749+ PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC);
5750+ BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC));
5751+ BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC));
5752+#endif
5753+
5754 BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL));
5755 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL);
5756
5757diff -urNp linux-2.6.38.2/arch/um/include/asm/kmap_types.h linux-2.6.38.2/arch/um/include/asm/kmap_types.h
5758--- linux-2.6.38.2/arch/um/include/asm/kmap_types.h 2011-03-14 21:20:32.000000000 -0400
5759+++ linux-2.6.38.2/arch/um/include/asm/kmap_types.h 2011-03-21 18:31:35.000000000 -0400
5760@@ -23,6 +23,7 @@ enum km_type {
5761 KM_IRQ1,
5762 KM_SOFTIRQ0,
5763 KM_SOFTIRQ1,
5764+ KM_CLEARPAGE,
5765 KM_TYPE_NR
5766 };
5767
5768diff -urNp linux-2.6.38.2/arch/um/include/asm/page.h linux-2.6.38.2/arch/um/include/asm/page.h
5769--- linux-2.6.38.2/arch/um/include/asm/page.h 2011-03-14 21:20:32.000000000 -0400
5770+++ linux-2.6.38.2/arch/um/include/asm/page.h 2011-03-21 18:31:35.000000000 -0400
5771@@ -14,6 +14,9 @@
5772 #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT)
5773 #define PAGE_MASK (~(PAGE_SIZE-1))
5774
5775+#define ktla_ktva(addr) (addr)
5776+#define ktva_ktla(addr) (addr)
5777+
5778 #ifndef __ASSEMBLY__
5779
5780 struct page;
5781diff -urNp linux-2.6.38.2/arch/um/kernel/process.c linux-2.6.38.2/arch/um/kernel/process.c
5782--- linux-2.6.38.2/arch/um/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
5783+++ linux-2.6.38.2/arch/um/kernel/process.c 2011-03-21 18:31:35.000000000 -0400
5784@@ -404,22 +404,6 @@ int singlestepping(void * t)
5785 return 2;
5786 }
5787
5788-/*
5789- * Only x86 and x86_64 have an arch_align_stack().
5790- * All other arches have "#define arch_align_stack(x) (x)"
5791- * in their asm/system.h
5792- * As this is included in UML from asm-um/system-generic.h,
5793- * we can use it to behave as the subarch does.
5794- */
5795-#ifndef arch_align_stack
5796-unsigned long arch_align_stack(unsigned long sp)
5797-{
5798- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
5799- sp -= get_random_int() % 8192;
5800- return sp & ~0xf;
5801-}
5802-#endif
5803-
5804 unsigned long get_wchan(struct task_struct *p)
5805 {
5806 unsigned long stack_page, sp, ip;
5807diff -urNp linux-2.6.38.2/arch/um/sys-i386/syscalls.c linux-2.6.38.2/arch/um/sys-i386/syscalls.c
5808--- linux-2.6.38.2/arch/um/sys-i386/syscalls.c 2011-03-14 21:20:32.000000000 -0400
5809+++ linux-2.6.38.2/arch/um/sys-i386/syscalls.c 2011-03-21 18:31:35.000000000 -0400
5810@@ -11,6 +11,21 @@
5811 #include "asm/uaccess.h"
5812 #include "asm/unistd.h"
5813
5814+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
5815+{
5816+ unsigned long pax_task_size = TASK_SIZE;
5817+
5818+#ifdef CONFIG_PAX_SEGMEXEC
5819+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
5820+ pax_task_size = SEGMEXEC_TASK_SIZE;
5821+#endif
5822+
5823+ if (len > pax_task_size || addr > pax_task_size - len)
5824+ return -EINVAL;
5825+
5826+ return 0;
5827+}
5828+
5829 /*
5830 * The prototype on i386 is:
5831 *
5832diff -urNp linux-2.6.38.2/arch/x86/boot/bitops.h linux-2.6.38.2/arch/x86/boot/bitops.h
5833--- linux-2.6.38.2/arch/x86/boot/bitops.h 2011-03-14 21:20:32.000000000 -0400
5834+++ linux-2.6.38.2/arch/x86/boot/bitops.h 2011-03-21 18:31:35.000000000 -0400
5835@@ -26,7 +26,7 @@ static inline int variable_test_bit(int
5836 u8 v;
5837 const u32 *p = (const u32 *)addr;
5838
5839- asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
5840+ asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
5841 return v;
5842 }
5843
5844@@ -37,7 +37,7 @@ static inline int variable_test_bit(int
5845
5846 static inline void set_bit(int nr, void *addr)
5847 {
5848- asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
5849+ asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
5850 }
5851
5852 #endif /* BOOT_BITOPS_H */
5853diff -urNp linux-2.6.38.2/arch/x86/boot/boot.h linux-2.6.38.2/arch/x86/boot/boot.h
5854--- linux-2.6.38.2/arch/x86/boot/boot.h 2011-03-14 21:20:32.000000000 -0400
5855+++ linux-2.6.38.2/arch/x86/boot/boot.h 2011-03-21 18:31:35.000000000 -0400
5856@@ -85,7 +85,7 @@ static inline void io_delay(void)
5857 static inline u16 ds(void)
5858 {
5859 u16 seg;
5860- asm("movw %%ds,%0" : "=rm" (seg));
5861+ asm volatile("movw %%ds,%0" : "=rm" (seg));
5862 return seg;
5863 }
5864
5865@@ -181,7 +181,7 @@ static inline void wrgs32(u32 v, addr_t
5866 static inline int memcmp(const void *s1, const void *s2, size_t len)
5867 {
5868 u8 diff;
5869- asm("repe; cmpsb; setnz %0"
5870+ asm volatile("repe; cmpsb; setnz %0"
5871 : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
5872 return diff;
5873 }
5874diff -urNp linux-2.6.38.2/arch/x86/boot/compressed/head_32.S linux-2.6.38.2/arch/x86/boot/compressed/head_32.S
5875--- linux-2.6.38.2/arch/x86/boot/compressed/head_32.S 2011-03-14 21:20:32.000000000 -0400
5876+++ linux-2.6.38.2/arch/x86/boot/compressed/head_32.S 2011-03-21 18:31:35.000000000 -0400
5877@@ -76,7 +76,7 @@ ENTRY(startup_32)
5878 notl %eax
5879 andl %eax, %ebx
5880 #else
5881- movl $LOAD_PHYSICAL_ADDR, %ebx
5882+ movl $____LOAD_PHYSICAL_ADDR, %ebx
5883 #endif
5884
5885 /* Target address to relocate to for decompression */
5886@@ -162,7 +162,7 @@ relocated:
5887 * and where it was actually loaded.
5888 */
5889 movl %ebp, %ebx
5890- subl $LOAD_PHYSICAL_ADDR, %ebx
5891+ subl $____LOAD_PHYSICAL_ADDR, %ebx
5892 jz 2f /* Nothing to be done if loaded at compiled addr. */
5893 /*
5894 * Process relocations.
5895@@ -170,8 +170,7 @@ relocated:
5896
5897 1: subl $4, %edi
5898 movl (%edi), %ecx
5899- testl %ecx, %ecx
5900- jz 2f
5901+ jecxz 2f
5902 addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
5903 jmp 1b
5904 2:
5905diff -urNp linux-2.6.38.2/arch/x86/boot/compressed/head_64.S linux-2.6.38.2/arch/x86/boot/compressed/head_64.S
5906--- linux-2.6.38.2/arch/x86/boot/compressed/head_64.S 2011-03-14 21:20:32.000000000 -0400
5907+++ linux-2.6.38.2/arch/x86/boot/compressed/head_64.S 2011-03-21 18:31:35.000000000 -0400
5908@@ -91,7 +91,7 @@ ENTRY(startup_32)
5909 notl %eax
5910 andl %eax, %ebx
5911 #else
5912- movl $LOAD_PHYSICAL_ADDR, %ebx
5913+ movl $____LOAD_PHYSICAL_ADDR, %ebx
5914 #endif
5915
5916 /* Target address to relocate to for decompression */
5917@@ -233,7 +233,7 @@ ENTRY(startup_64)
5918 notq %rax
5919 andq %rax, %rbp
5920 #else
5921- movq $LOAD_PHYSICAL_ADDR, %rbp
5922+ movq $____LOAD_PHYSICAL_ADDR, %rbp
5923 #endif
5924
5925 /* Target address to relocate to for decompression */
5926diff -urNp linux-2.6.38.2/arch/x86/boot/compressed/misc.c linux-2.6.38.2/arch/x86/boot/compressed/misc.c
5927--- linux-2.6.38.2/arch/x86/boot/compressed/misc.c 2011-03-14 21:20:32.000000000 -0400
5928+++ linux-2.6.38.2/arch/x86/boot/compressed/misc.c 2011-03-21 18:31:35.000000000 -0400
5929@@ -310,7 +310,7 @@ static void parse_elf(void *output)
5930 case PT_LOAD:
5931 #ifdef CONFIG_RELOCATABLE
5932 dest = output;
5933- dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR);
5934+ dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR);
5935 #else
5936 dest = (void *)(phdr->p_paddr);
5937 #endif
5938@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *
5939 error("Destination address too large");
5940 #endif
5941 #ifndef CONFIG_RELOCATABLE
5942- if ((unsigned long)output != LOAD_PHYSICAL_ADDR)
5943+ if ((unsigned long)output != ____LOAD_PHYSICAL_ADDR)
5944 error("Wrong destination address");
5945 #endif
5946
5947diff -urNp linux-2.6.38.2/arch/x86/boot/compressed/relocs.c linux-2.6.38.2/arch/x86/boot/compressed/relocs.c
5948--- linux-2.6.38.2/arch/x86/boot/compressed/relocs.c 2011-03-14 21:20:32.000000000 -0400
5949+++ linux-2.6.38.2/arch/x86/boot/compressed/relocs.c 2011-03-21 18:31:35.000000000 -0400
5950@@ -13,8 +13,11 @@
5951
5952 static void die(char *fmt, ...);
5953
5954+#include "../../../../include/generated/autoconf.h"
5955+
5956 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
5957 static Elf32_Ehdr ehdr;
5958+static Elf32_Phdr *phdr;
5959 static unsigned long reloc_count, reloc_idx;
5960 static unsigned long *relocs;
5961
5962@@ -270,9 +273,39 @@ static void read_ehdr(FILE *fp)
5963 }
5964 }
5965
5966+static void read_phdrs(FILE *fp)
5967+{
5968+ unsigned int i;
5969+
5970+ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr));
5971+ if (!phdr) {
5972+ die("Unable to allocate %d program headers\n",
5973+ ehdr.e_phnum);
5974+ }
5975+ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
5976+ die("Seek to %d failed: %s\n",
5977+ ehdr.e_phoff, strerror(errno));
5978+ }
5979+ if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) {
5980+ die("Cannot read ELF program headers: %s\n",
5981+ strerror(errno));
5982+ }
5983+ for(i = 0; i < ehdr.e_phnum; i++) {
5984+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
5985+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
5986+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
5987+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
5988+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
5989+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
5990+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
5991+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
5992+ }
5993+
5994+}
5995+
5996 static void read_shdrs(FILE *fp)
5997 {
5998- int i;
5999+ unsigned int i;
6000 Elf32_Shdr shdr;
6001
6002 secs = calloc(ehdr.e_shnum, sizeof(struct section));
6003@@ -307,7 +340,7 @@ static void read_shdrs(FILE *fp)
6004
6005 static void read_strtabs(FILE *fp)
6006 {
6007- int i;
6008+ unsigned int i;
6009 for (i = 0; i < ehdr.e_shnum; i++) {
6010 struct section *sec = &secs[i];
6011 if (sec->shdr.sh_type != SHT_STRTAB) {
6012@@ -332,7 +365,7 @@ static void read_strtabs(FILE *fp)
6013
6014 static void read_symtabs(FILE *fp)
6015 {
6016- int i,j;
6017+ unsigned int i,j;
6018 for (i = 0; i < ehdr.e_shnum; i++) {
6019 struct section *sec = &secs[i];
6020 if (sec->shdr.sh_type != SHT_SYMTAB) {
6021@@ -365,7 +398,9 @@ static void read_symtabs(FILE *fp)
6022
6023 static void read_relocs(FILE *fp)
6024 {
6025- int i,j;
6026+ unsigned int i,j;
6027+ uint32_t base;
6028+
6029 for (i = 0; i < ehdr.e_shnum; i++) {
6030 struct section *sec = &secs[i];
6031 if (sec->shdr.sh_type != SHT_REL) {
6032@@ -385,9 +420,18 @@ static void read_relocs(FILE *fp)
6033 die("Cannot read symbol table: %s\n",
6034 strerror(errno));
6035 }
6036+ base = 0;
6037+ for (j = 0; j < ehdr.e_phnum; j++) {
6038+ if (phdr[j].p_type != PT_LOAD )
6039+ continue;
6040+ if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz)
6041+ continue;
6042+ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
6043+ break;
6044+ }
6045 for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
6046 Elf32_Rel *rel = &sec->reltab[j];
6047- rel->r_offset = elf32_to_cpu(rel->r_offset);
6048+ rel->r_offset = elf32_to_cpu(rel->r_offset) + base;
6049 rel->r_info = elf32_to_cpu(rel->r_info);
6050 }
6051 }
6052@@ -396,14 +440,14 @@ static void read_relocs(FILE *fp)
6053
6054 static void print_absolute_symbols(void)
6055 {
6056- int i;
6057+ unsigned int i;
6058 printf("Absolute symbols\n");
6059 printf(" Num: Value Size Type Bind Visibility Name\n");
6060 for (i = 0; i < ehdr.e_shnum; i++) {
6061 struct section *sec = &secs[i];
6062 char *sym_strtab;
6063 Elf32_Sym *sh_symtab;
6064- int j;
6065+ unsigned int j;
6066
6067 if (sec->shdr.sh_type != SHT_SYMTAB) {
6068 continue;
6069@@ -431,14 +475,14 @@ static void print_absolute_symbols(void)
6070
6071 static void print_absolute_relocs(void)
6072 {
6073- int i, printed = 0;
6074+ unsigned int i, printed = 0;
6075
6076 for (i = 0; i < ehdr.e_shnum; i++) {
6077 struct section *sec = &secs[i];
6078 struct section *sec_applies, *sec_symtab;
6079 char *sym_strtab;
6080 Elf32_Sym *sh_symtab;
6081- int j;
6082+ unsigned int j;
6083 if (sec->shdr.sh_type != SHT_REL) {
6084 continue;
6085 }
6086@@ -499,13 +543,13 @@ static void print_absolute_relocs(void)
6087
6088 static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
6089 {
6090- int i;
6091+ unsigned int i;
6092 /* Walk through the relocations */
6093 for (i = 0; i < ehdr.e_shnum; i++) {
6094 char *sym_strtab;
6095 Elf32_Sym *sh_symtab;
6096 struct section *sec_applies, *sec_symtab;
6097- int j;
6098+ unsigned int j;
6099 struct section *sec = &secs[i];
6100
6101 if (sec->shdr.sh_type != SHT_REL) {
6102@@ -530,6 +574,22 @@ static void walk_relocs(void (*visit)(El
6103 !is_rel_reloc(sym_name(sym_strtab, sym))) {
6104 continue;
6105 }
6106+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
6107+ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
6108+ continue;
6109+
6110+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
6111+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
6112+ if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
6113+ continue;
6114+ if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
6115+ continue;
6116+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
6117+ continue;
6118+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
6119+ continue;
6120+#endif
6121+
6122 switch (r_type) {
6123 case R_386_NONE:
6124 case R_386_PC32:
6125@@ -571,7 +631,7 @@ static int cmp_relocs(const void *va, co
6126
6127 static void emit_relocs(int as_text)
6128 {
6129- int i;
6130+ unsigned int i;
6131 /* Count how many relocations I have and allocate space for them. */
6132 reloc_count = 0;
6133 walk_relocs(count_reloc);
6134@@ -665,6 +725,7 @@ int main(int argc, char **argv)
6135 fname, strerror(errno));
6136 }
6137 read_ehdr(fp);
6138+ read_phdrs(fp);
6139 read_shdrs(fp);
6140 read_strtabs(fp);
6141 read_symtabs(fp);
6142diff -urNp linux-2.6.38.2/arch/x86/boot/cpucheck.c linux-2.6.38.2/arch/x86/boot/cpucheck.c
6143--- linux-2.6.38.2/arch/x86/boot/cpucheck.c 2011-03-14 21:20:32.000000000 -0400
6144+++ linux-2.6.38.2/arch/x86/boot/cpucheck.c 2011-03-21 18:31:35.000000000 -0400
6145@@ -74,7 +74,7 @@ static int has_fpu(void)
6146 u16 fcw = -1, fsw = -1;
6147 u32 cr0;
6148
6149- asm("movl %%cr0,%0" : "=r" (cr0));
6150+ asm volatile("movl %%cr0,%0" : "=r" (cr0));
6151 if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
6152 cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
6153 asm volatile("movl %0,%%cr0" : : "r" (cr0));
6154@@ -90,7 +90,7 @@ static int has_eflag(u32 mask)
6155 {
6156 u32 f0, f1;
6157
6158- asm("pushfl ; "
6159+ asm volatile("pushfl ; "
6160 "pushfl ; "
6161 "popl %0 ; "
6162 "movl %0,%1 ; "
6163@@ -115,7 +115,7 @@ static void get_flags(void)
6164 set_bit(X86_FEATURE_FPU, cpu.flags);
6165
6166 if (has_eflag(X86_EFLAGS_ID)) {
6167- asm("cpuid"
6168+ asm volatile("cpuid"
6169 : "=a" (max_intel_level),
6170 "=b" (cpu_vendor[0]),
6171 "=d" (cpu_vendor[1]),
6172@@ -124,7 +124,7 @@ static void get_flags(void)
6173
6174 if (max_intel_level >= 0x00000001 &&
6175 max_intel_level <= 0x0000ffff) {
6176- asm("cpuid"
6177+ asm volatile("cpuid"
6178 : "=a" (tfms),
6179 "=c" (cpu.flags[4]),
6180 "=d" (cpu.flags[0])
6181@@ -136,7 +136,7 @@ static void get_flags(void)
6182 cpu.model += ((tfms >> 16) & 0xf) << 4;
6183 }
6184
6185- asm("cpuid"
6186+ asm volatile("cpuid"
6187 : "=a" (max_amd_level)
6188 : "a" (0x80000000)
6189 : "ebx", "ecx", "edx");
6190@@ -144,7 +144,7 @@ static void get_flags(void)
6191 if (max_amd_level >= 0x80000001 &&
6192 max_amd_level <= 0x8000ffff) {
6193 u32 eax = 0x80000001;
6194- asm("cpuid"
6195+ asm volatile("cpuid"
6196 : "+a" (eax),
6197 "=c" (cpu.flags[6]),
6198 "=d" (cpu.flags[1])
6199@@ -203,9 +203,9 @@ int check_cpu(int *cpu_level_ptr, int *r
6200 u32 ecx = MSR_K7_HWCR;
6201 u32 eax, edx;
6202
6203- asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
6204+ asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
6205 eax &= ~(1 << 15);
6206- asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
6207+ asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
6208
6209 get_flags(); /* Make sure it really did something */
6210 err = check_flags();
6211@@ -218,9 +218,9 @@ int check_cpu(int *cpu_level_ptr, int *r
6212 u32 ecx = MSR_VIA_FCR;
6213 u32 eax, edx;
6214
6215- asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
6216+ asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
6217 eax |= (1<<1)|(1<<7);
6218- asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
6219+ asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
6220
6221 set_bit(X86_FEATURE_CX8, cpu.flags);
6222 err = check_flags();
6223@@ -231,12 +231,12 @@ int check_cpu(int *cpu_level_ptr, int *r
6224 u32 eax, edx;
6225 u32 level = 1;
6226
6227- asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
6228- asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
6229- asm("cpuid"
6230+ asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
6231+ asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
6232+ asm volatile("cpuid"
6233 : "+a" (level), "=d" (cpu.flags[0])
6234 : : "ecx", "ebx");
6235- asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
6236+ asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
6237
6238 err = check_flags();
6239 }
6240diff -urNp linux-2.6.38.2/arch/x86/boot/header.S linux-2.6.38.2/arch/x86/boot/header.S
6241--- linux-2.6.38.2/arch/x86/boot/header.S 2011-03-14 21:20:32.000000000 -0400
6242+++ linux-2.6.38.2/arch/x86/boot/header.S 2011-03-21 18:31:35.000000000 -0400
6243@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical
6244 # single linked list of
6245 # struct setup_data
6246
6247-pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
6248+pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr
6249
6250 #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
6251 #define VO_INIT_SIZE (VO__end - VO__text)
6252diff -urNp linux-2.6.38.2/arch/x86/boot/memory.c linux-2.6.38.2/arch/x86/boot/memory.c
6253--- linux-2.6.38.2/arch/x86/boot/memory.c 2011-03-14 21:20:32.000000000 -0400
6254+++ linux-2.6.38.2/arch/x86/boot/memory.c 2011-03-21 18:31:35.000000000 -0400
6255@@ -19,7 +19,7 @@
6256
6257 static int detect_memory_e820(void)
6258 {
6259- int count = 0;
6260+ unsigned int count = 0;
6261 struct biosregs ireg, oreg;
6262 struct e820entry *desc = boot_params.e820_map;
6263 static struct e820entry buf; /* static so it is zeroed */
6264diff -urNp linux-2.6.38.2/arch/x86/boot/video.c linux-2.6.38.2/arch/x86/boot/video.c
6265--- linux-2.6.38.2/arch/x86/boot/video.c 2011-03-14 21:20:32.000000000 -0400
6266+++ linux-2.6.38.2/arch/x86/boot/video.c 2011-03-21 18:31:35.000000000 -0400
6267@@ -96,7 +96,7 @@ static void store_mode_params(void)
6268 static unsigned int get_entry(void)
6269 {
6270 char entry_buf[4];
6271- int i, len = 0;
6272+ unsigned int i, len = 0;
6273 int key;
6274 unsigned int v;
6275
6276diff -urNp linux-2.6.38.2/arch/x86/boot/video-vesa.c linux-2.6.38.2/arch/x86/boot/video-vesa.c
6277--- linux-2.6.38.2/arch/x86/boot/video-vesa.c 2011-03-14 21:20:32.000000000 -0400
6278+++ linux-2.6.38.2/arch/x86/boot/video-vesa.c 2011-03-21 18:31:35.000000000 -0400
6279@@ -200,6 +200,7 @@ static void vesa_store_pm_info(void)
6280
6281 boot_params.screen_info.vesapm_seg = oreg.es;
6282 boot_params.screen_info.vesapm_off = oreg.di;
6283+ boot_params.screen_info.vesapm_size = oreg.cx;
6284 }
6285
6286 /*
6287diff -urNp linux-2.6.38.2/arch/x86/ia32/ia32_aout.c linux-2.6.38.2/arch/x86/ia32/ia32_aout.c
6288--- linux-2.6.38.2/arch/x86/ia32/ia32_aout.c 2011-03-14 21:20:32.000000000 -0400
6289+++ linux-2.6.38.2/arch/x86/ia32/ia32_aout.c 2011-03-21 18:31:35.000000000 -0400
6290@@ -162,6 +162,8 @@ static int aout_core_dump(long signr, st
6291 unsigned long dump_start, dump_size;
6292 struct user32 dump;
6293
6294+ memset(&dump, 0, sizeof(dump));
6295+
6296 fs = get_fs();
6297 set_fs(KERNEL_DS);
6298 has_dumped = 1;
6299diff -urNp linux-2.6.38.2/arch/x86/ia32/ia32entry.S linux-2.6.38.2/arch/x86/ia32/ia32entry.S
6300--- linux-2.6.38.2/arch/x86/ia32/ia32entry.S 2011-03-14 21:20:32.000000000 -0400
6301+++ linux-2.6.38.2/arch/x86/ia32/ia32entry.S 2011-03-21 18:31:35.000000000 -0400
6302@@ -13,6 +13,7 @@
6303 #include <asm/thread_info.h>
6304 #include <asm/segment.h>
6305 #include <asm/irqflags.h>
6306+#include <asm/pgtable.h>
6307 #include <linux/linkage.h>
6308
6309 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
6310@@ -93,6 +94,18 @@ ENTRY(native_irq_enable_sysexit)
6311 ENDPROC(native_irq_enable_sysexit)
6312 #endif
6313
6314+ .macro pax_enter_kernel_user
6315+#ifdef CONFIG_PAX_MEMORY_UDEREF
6316+ call pax_enter_kernel_user
6317+#endif
6318+ .endm
6319+
6320+ .macro pax_exit_kernel_user
6321+#ifdef CONFIG_PAX_MEMORY_UDEREF
6322+ call pax_exit_kernel_user
6323+#endif
6324+ .endm
6325+
6326 /*
6327 * 32bit SYSENTER instruction entry.
6328 *
6329@@ -120,6 +133,7 @@ ENTRY(ia32_sysenter_target)
6330 SWAPGS_UNSAFE_STACK
6331 movq PER_CPU_VAR(kernel_stack), %rsp
6332 addq $(KERNEL_STACK_OFFSET),%rsp
6333+ pax_enter_kernel_user
6334 /*
6335 * No need to follow this irqs on/off section: the syscall
6336 * disabled irqs, here we enable it straight after entry:
6337@@ -150,6 +164,12 @@ ENTRY(ia32_sysenter_target)
6338 SAVE_ARGS 0,0,1
6339 /* no need to do an access_ok check here because rbp has been
6340 32bit zero extended */
6341+
6342+#ifdef CONFIG_PAX_MEMORY_UDEREF
6343+ mov $PAX_USER_SHADOW_BASE,%r10
6344+ add %r10,%rbp
6345+#endif
6346+
6347 1: movl (%rbp),%ebp
6348 .section __ex_table,"a"
6349 .quad 1b,ia32_badarg
6350@@ -172,6 +192,7 @@ sysenter_dispatch:
6351 testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
6352 jnz sysexit_audit
6353 sysexit_from_sys_call:
6354+ pax_exit_kernel_user
6355 andl $~TS_COMPAT,TI_status(%r10)
6356 /* clear IF, that popfq doesn't enable interrupts early */
6357 andl $~0x200,EFLAGS-R11(%rsp)
6358@@ -290,6 +311,11 @@ ENTRY(ia32_cstar_target)
6359 movl %esp,%r8d
6360 CFI_REGISTER rsp,r8
6361 movq PER_CPU_VAR(kernel_stack),%rsp
6362+
6363+#ifdef CONFIG_PAX_MEMORY_UDEREF
6364+ pax_enter_kernel_user
6365+#endif
6366+
6367 /*
6368 * No need to follow this irqs on/off section: the syscall
6369 * disabled irqs and here we enable it straight after entry:
6370@@ -311,6 +337,12 @@ ENTRY(ia32_cstar_target)
6371 /* no need to do an access_ok check here because r8 has been
6372 32bit zero extended */
6373 /* hardware stack frame is complete now */
6374+
6375+#ifdef CONFIG_PAX_MEMORY_UDEREF
6376+ mov $PAX_USER_SHADOW_BASE,%r10
6377+ add %r10,%r8
6378+#endif
6379+
6380 1: movl (%r8),%r9d
6381 .section __ex_table,"a"
6382 .quad 1b,ia32_badarg
6383@@ -333,6 +365,7 @@ cstar_dispatch:
6384 testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
6385 jnz sysretl_audit
6386 sysretl_from_sys_call:
6387+ pax_exit_kernel_user
6388 andl $~TS_COMPAT,TI_status(%r10)
6389 RESTORE_ARGS 1,-ARG_SKIP,1,1,1
6390 movl RIP-ARGOFFSET(%rsp),%ecx
6391@@ -415,6 +448,7 @@ ENTRY(ia32_syscall)
6392 CFI_REL_OFFSET rip,RIP-RIP
6393 PARAVIRT_ADJUST_EXCEPTION_FRAME
6394 SWAPGS
6395+ pax_enter_kernel_user
6396 /*
6397 * No need to follow this irqs on/off section: the syscall
6398 * disabled irqs and here we enable it straight after entry:
6399diff -urNp linux-2.6.38.2/arch/x86/ia32/ia32_signal.c linux-2.6.38.2/arch/x86/ia32/ia32_signal.c
6400--- linux-2.6.38.2/arch/x86/ia32/ia32_signal.c 2011-03-14 21:20:32.000000000 -0400
6401+++ linux-2.6.38.2/arch/x86/ia32/ia32_signal.c 2011-03-21 18:31:35.000000000 -0400
6402@@ -403,7 +403,7 @@ static void __user *get_sigframe(struct
6403 sp -= frame_size;
6404 /* Align the stack pointer according to the i386 ABI,
6405 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
6406- sp = ((sp + 4) & -16ul) - 4;
6407+ sp = ((sp - 12) & -16ul) - 4;
6408 return (void __user *) sp;
6409 }
6410
6411@@ -461,7 +461,7 @@ int ia32_setup_frame(int sig, struct k_s
6412 * These are actually not used anymore, but left because some
6413 * gdb versions depend on them as a marker.
6414 */
6415- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
6416+ put_user_ex(*((const u64 *)&code), (u64 *)frame->retcode);
6417 } put_user_catch(err);
6418
6419 if (err)
6420@@ -503,7 +503,7 @@ int ia32_setup_rt_frame(int sig, struct
6421 0xb8,
6422 __NR_ia32_rt_sigreturn,
6423 0x80cd,
6424- 0,
6425+ 0
6426 };
6427
6428 frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
6429@@ -533,16 +533,18 @@ int ia32_setup_rt_frame(int sig, struct
6430
6431 if (ka->sa.sa_flags & SA_RESTORER)
6432 restorer = ka->sa.sa_restorer;
6433+ else if (current->mm->context.vdso)
6434+ /* Return stub is in 32bit vsyscall page */
6435+ restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
6436 else
6437- restorer = VDSO32_SYMBOL(current->mm->context.vdso,
6438- rt_sigreturn);
6439+ restorer = &frame->retcode;
6440 put_user_ex(ptr_to_compat(restorer), &frame->pretcode);
6441
6442 /*
6443 * Not actually used anymore, but left because some gdb
6444 * versions need it.
6445 */
6446- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode);
6447+ put_user_ex(*((const u64 *)&code), (u64 *)frame->retcode);
6448 } put_user_catch(err);
6449
6450 if (err)
6451diff -urNp linux-2.6.38.2/arch/x86/include/asm/alternative.h linux-2.6.38.2/arch/x86/include/asm/alternative.h
6452--- linux-2.6.38.2/arch/x86/include/asm/alternative.h 2011-03-14 21:20:32.000000000 -0400
6453+++ linux-2.6.38.2/arch/x86/include/asm/alternative.h 2011-03-21 18:31:35.000000000 -0400
6454@@ -94,7 +94,7 @@ static inline int alternatives_text_rese
6455 ".section .discard,\"aw\",@progbits\n" \
6456 " .byte 0xff + (664f-663f) - (662b-661b)\n" /* rlen <= slen */ \
6457 ".previous\n" \
6458- ".section .altinstr_replacement, \"ax\"\n" \
6459+ ".section .altinstr_replacement, \"a\"\n" \
6460 "663:\n\t" newinstr "\n664:\n" /* replacement */ \
6461 ".previous"
6462
6463diff -urNp linux-2.6.38.2/arch/x86/include/asm/apm.h linux-2.6.38.2/arch/x86/include/asm/apm.h
6464--- linux-2.6.38.2/arch/x86/include/asm/apm.h 2011-03-14 21:20:32.000000000 -0400
6465+++ linux-2.6.38.2/arch/x86/include/asm/apm.h 2011-03-21 18:31:35.000000000 -0400
6466@@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32
6467 __asm__ __volatile__(APM_DO_ZERO_SEGS
6468 "pushl %%edi\n\t"
6469 "pushl %%ebp\n\t"
6470- "lcall *%%cs:apm_bios_entry\n\t"
6471+ "lcall *%%ss:apm_bios_entry\n\t"
6472 "setc %%al\n\t"
6473 "popl %%ebp\n\t"
6474 "popl %%edi\n\t"
6475@@ -58,7 +58,7 @@ static inline u8 apm_bios_call_simple_as
6476 __asm__ __volatile__(APM_DO_ZERO_SEGS
6477 "pushl %%edi\n\t"
6478 "pushl %%ebp\n\t"
6479- "lcall *%%cs:apm_bios_entry\n\t"
6480+ "lcall *%%ss:apm_bios_entry\n\t"
6481 "setc %%bl\n\t"
6482 "popl %%ebp\n\t"
6483 "popl %%edi\n\t"
6484diff -urNp linux-2.6.38.2/arch/x86/include/asm/atomic64_32.h linux-2.6.38.2/arch/x86/include/asm/atomic64_32.h
6485--- linux-2.6.38.2/arch/x86/include/asm/atomic64_32.h 2011-03-14 21:20:32.000000000 -0400
6486+++ linux-2.6.38.2/arch/x86/include/asm/atomic64_32.h 2011-03-21 18:31:35.000000000 -0400
6487@@ -12,6 +12,14 @@ typedef struct {
6488 u64 __aligned(8) counter;
6489 } atomic64_t;
6490
6491+#ifdef CONFIG_PAX_REFCOUNT
6492+typedef struct {
6493+ u64 __aligned(8) counter;
6494+} atomic64_unchecked_t;
6495+#else
6496+typedef atomic64_t atomic64_unchecked_t;
6497+#endif
6498+
6499 #define ATOMIC64_INIT(val) { (val) }
6500
6501 #ifdef CONFIG_X86_CMPXCHG64
6502diff -urNp linux-2.6.38.2/arch/x86/include/asm/atomic64_64.h linux-2.6.38.2/arch/x86/include/asm/atomic64_64.h
6503--- linux-2.6.38.2/arch/x86/include/asm/atomic64_64.h 2011-03-14 21:20:32.000000000 -0400
6504+++ linux-2.6.38.2/arch/x86/include/asm/atomic64_64.h 2011-03-21 18:31:35.000000000 -0400
6505@@ -18,7 +18,19 @@
6506 */
6507 static inline long atomic64_read(const atomic64_t *v)
6508 {
6509- return (*(volatile long *)&(v)->counter);
6510+ return (*(volatile const long *)&(v)->counter);
6511+}
6512+
6513+/**
6514+ * atomic64_read_unchecked - read atomic64 variable
6515+ * @v: pointer of type atomic64_unchecked_t
6516+ *
6517+ * Atomically reads the value of @v.
6518+ * Doesn't imply a read memory barrier.
6519+ */
6520+static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
6521+{
6522+ return (*(volatile const long *)&(v)->counter);
6523 }
6524
6525 /**
6526@@ -34,6 +46,18 @@ static inline void atomic64_set(atomic64
6527 }
6528
6529 /**
6530+ * atomic64_set_unchecked - set atomic64 variable
6531+ * @v: pointer to type atomic64_unchecked_t
6532+ * @i: required value
6533+ *
6534+ * Atomically sets the value of @v to @i.
6535+ */
6536+static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
6537+{
6538+ v->counter = i;
6539+}
6540+
6541+/**
6542 * atomic64_add - add integer to atomic64 variable
6543 * @i: integer value to add
6544 * @v: pointer to type atomic64_t
6545@@ -42,6 +66,28 @@ static inline void atomic64_set(atomic64
6546 */
6547 static inline void atomic64_add(long i, atomic64_t *v)
6548 {
6549+ asm volatile(LOCK_PREFIX "addq %1,%0\n"
6550+
6551+#ifdef CONFIG_PAX_REFCOUNT
6552+ "jno 0f\n"
6553+ LOCK_PREFIX "subq %1,%0\n"
6554+ "int $4\n0:\n"
6555+ _ASM_EXTABLE(0b, 0b)
6556+#endif
6557+
6558+ : "=m" (v->counter)
6559+ : "er" (i), "m" (v->counter));
6560+}
6561+
6562+/**
6563+ * atomic64_add_unchecked - add integer to atomic64 variable
6564+ * @i: integer value to add
6565+ * @v: pointer to type atomic64_unchecked_t
6566+ *
6567+ * Atomically adds @i to @v.
6568+ */
6569+static inline void atomic64_add_unchecked(long i, atomic64_unchecked_t *v)
6570+{
6571 asm volatile(LOCK_PREFIX "addq %1,%0"
6572 : "=m" (v->counter)
6573 : "er" (i), "m" (v->counter));
6574@@ -56,7 +102,29 @@ static inline void atomic64_add(long i,
6575 */
6576 static inline void atomic64_sub(long i, atomic64_t *v)
6577 {
6578- asm volatile(LOCK_PREFIX "subq %1,%0"
6579+ asm volatile(LOCK_PREFIX "subq %1,%0\n"
6580+
6581+#ifdef CONFIG_PAX_REFCOUNT
6582+ "jno 0f\n"
6583+ LOCK_PREFIX "addq %1,%0\n"
6584+ "int $4\n0:\n"
6585+ _ASM_EXTABLE(0b, 0b)
6586+#endif
6587+
6588+ : "=m" (v->counter)
6589+ : "er" (i), "m" (v->counter));
6590+}
6591+
6592+/**
6593+ * atomic64_sub_unchecked - subtract the atomic64 variable
6594+ * @i: integer value to subtract
6595+ * @v: pointer to type atomic64_unchecked_t
6596+ *
6597+ * Atomically subtracts @i from @v.
6598+ */
6599+static inline void atomic64_sub_unchecked(long i, atomic64_unchecked_t *v)
6600+{
6601+ asm volatile(LOCK_PREFIX "subq %1,%0\n"
6602 : "=m" (v->counter)
6603 : "er" (i), "m" (v->counter));
6604 }
6605@@ -74,7 +142,16 @@ static inline int atomic64_sub_and_test(
6606 {
6607 unsigned char c;
6608
6609- asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
6610+ asm volatile(LOCK_PREFIX "subq %2,%0\n"
6611+
6612+#ifdef CONFIG_PAX_REFCOUNT
6613+ "jno 0f\n"
6614+ LOCK_PREFIX "addq %2,%0\n"
6615+ "int $4\n0:\n"
6616+ _ASM_EXTABLE(0b, 0b)
6617+#endif
6618+
6619+ "sete %1\n"
6620 : "=m" (v->counter), "=qm" (c)
6621 : "er" (i), "m" (v->counter) : "memory");
6622 return c;
6623@@ -88,6 +165,27 @@ static inline int atomic64_sub_and_test(
6624 */
6625 static inline void atomic64_inc(atomic64_t *v)
6626 {
6627+ asm volatile(LOCK_PREFIX "incq %0\n"
6628+
6629+#ifdef CONFIG_PAX_REFCOUNT
6630+ "jno 0f\n"
6631+ LOCK_PREFIX "decq %0\n"
6632+ "int $4\n0:\n"
6633+ _ASM_EXTABLE(0b, 0b)
6634+#endif
6635+
6636+ : "=m" (v->counter)
6637+ : "m" (v->counter));
6638+}
6639+
6640+/**
6641+ * atomic64_inc_unchecked - increment atomic64 variable
6642+ * @v: pointer to type atomic64_unchecked_t
6643+ *
6644+ * Atomically increments @v by 1.
6645+ */
6646+static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
6647+{
6648 asm volatile(LOCK_PREFIX "incq %0"
6649 : "=m" (v->counter)
6650 : "m" (v->counter));
6651@@ -101,7 +199,28 @@ static inline void atomic64_inc(atomic64
6652 */
6653 static inline void atomic64_dec(atomic64_t *v)
6654 {
6655- asm volatile(LOCK_PREFIX "decq %0"
6656+ asm volatile(LOCK_PREFIX "decq %0\n"
6657+
6658+#ifdef CONFIG_PAX_REFCOUNT
6659+ "jno 0f\n"
6660+ LOCK_PREFIX "incq %0\n"
6661+ "int $4\n0:\n"
6662+ _ASM_EXTABLE(0b, 0b)
6663+#endif
6664+
6665+ : "=m" (v->counter)
6666+ : "m" (v->counter));
6667+}
6668+
6669+/**
6670+ * atomic64_dec_unchecked - decrement atomic64 variable
6671+ * @v: pointer to type atomic64_t
6672+ *
6673+ * Atomically decrements @v by 1.
6674+ */
6675+static inline void atomic64_dec_unchecked(atomic64_unchecked_t *v)
6676+{
6677+ asm volatile(LOCK_PREFIX "decq %0\n"
6678 : "=m" (v->counter)
6679 : "m" (v->counter));
6680 }
6681@@ -118,7 +237,16 @@ static inline int atomic64_dec_and_test(
6682 {
6683 unsigned char c;
6684
6685- asm volatile(LOCK_PREFIX "decq %0; sete %1"
6686+ asm volatile(LOCK_PREFIX "decq %0\n"
6687+
6688+#ifdef CONFIG_PAX_REFCOUNT
6689+ "jno 0f\n"
6690+ LOCK_PREFIX "incq %0\n"
6691+ "int $4\n0:\n"
6692+ _ASM_EXTABLE(0b, 0b)
6693+#endif
6694+
6695+ "sete %1\n"
6696 : "=m" (v->counter), "=qm" (c)
6697 : "m" (v->counter) : "memory");
6698 return c != 0;
6699@@ -136,7 +264,16 @@ static inline int atomic64_inc_and_test(
6700 {
6701 unsigned char c;
6702
6703- asm volatile(LOCK_PREFIX "incq %0; sete %1"
6704+ asm volatile(LOCK_PREFIX "incq %0\n"
6705+
6706+#ifdef CONFIG_PAX_REFCOUNT
6707+ "jno 0f\n"
6708+ LOCK_PREFIX "decq %0\n"
6709+ "int $4\n0:\n"
6710+ _ASM_EXTABLE(0b, 0b)
6711+#endif
6712+
6713+ "sete %1\n"
6714 : "=m" (v->counter), "=qm" (c)
6715 : "m" (v->counter) : "memory");
6716 return c != 0;
6717@@ -155,7 +292,16 @@ static inline int atomic64_add_negative(
6718 {
6719 unsigned char c;
6720
6721- asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
6722+ asm volatile(LOCK_PREFIX "addq %2,%0\n"
6723+
6724+#ifdef CONFIG_PAX_REFCOUNT
6725+ "jno 0f\n"
6726+ LOCK_PREFIX "subq %2,%0\n"
6727+ "int $4\n0:\n"
6728+ _ASM_EXTABLE(0b, 0b)
6729+#endif
6730+
6731+ "sets %1\n"
6732 : "=m" (v->counter), "=qm" (c)
6733 : "er" (i), "m" (v->counter) : "memory");
6734 return c;
6735@@ -171,7 +317,31 @@ static inline int atomic64_add_negative(
6736 static inline long atomic64_add_return(long i, atomic64_t *v)
6737 {
6738 long __i = i;
6739- asm volatile(LOCK_PREFIX "xaddq %0, %1;"
6740+ asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
6741+
6742+#ifdef CONFIG_PAX_REFCOUNT
6743+ "jno 0f\n"
6744+ "movq %0, %1\n"
6745+ "int $4\n0:\n"
6746+ _ASM_EXTABLE(0b, 0b)
6747+#endif
6748+
6749+ : "+r" (i), "+m" (v->counter)
6750+ : : "memory");
6751+ return i + __i;
6752+}
6753+
6754+/**
6755+ * atomic64_add_return_unchecked - add and return
6756+ * @i: integer value to add
6757+ * @v: pointer to type atomic64_unchecked_t
6758+ *
6759+ * Atomically adds @i to @v and returns @i + @v
6760+ */
6761+static inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v)
6762+{
6763+ long __i = i;
6764+ asm volatile(LOCK_PREFIX "xaddq %0, %1"
6765 : "+r" (i), "+m" (v->counter)
6766 : : "memory");
6767 return i + __i;
6768@@ -183,6 +353,10 @@ static inline long atomic64_sub_return(l
6769 }
6770
6771 #define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
6772+static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
6773+{
6774+ return atomic64_add_return_unchecked(1, v);
6775+}
6776 #define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
6777
6778 static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
6779@@ -206,17 +380,30 @@ static inline long atomic64_xchg(atomic6
6780 */
6781 static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
6782 {
6783- long c, old;
6784+ long c, old, new;
6785 c = atomic64_read(v);
6786 for (;;) {
6787- if (unlikely(c == (u)))
6788+ if (unlikely(c == u))
6789 break;
6790- old = atomic64_cmpxchg((v), c, c + (a));
6791+
6792+ asm volatile("add %2,%0\n"
6793+
6794+#ifdef CONFIG_PAX_REFCOUNT
6795+ "jno 0f\n"
6796+ "sub %2,%0\n"
6797+ "int $4\n0:\n"
6798+ _ASM_EXTABLE(0b, 0b)
6799+#endif
6800+
6801+ : "=r" (new)
6802+ : "0" (c), "ir" (a));
6803+
6804+ old = atomic64_cmpxchg(v, c, new);
6805 if (likely(old == c))
6806 break;
6807 c = old;
6808 }
6809- return c != (u);
6810+ return c != u;
6811 }
6812
6813 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
6814diff -urNp linux-2.6.38.2/arch/x86/include/asm/atomic.h linux-2.6.38.2/arch/x86/include/asm/atomic.h
6815--- linux-2.6.38.2/arch/x86/include/asm/atomic.h 2011-03-14 21:20:32.000000000 -0400
6816+++ linux-2.6.38.2/arch/x86/include/asm/atomic.h 2011-03-21 18:31:35.000000000 -0400
6817@@ -22,7 +22,18 @@
6818 */
6819 static inline int atomic_read(const atomic_t *v)
6820 {
6821- return (*(volatile int *)&(v)->counter);
6822+ return (*(volatile const int *)&(v)->counter);
6823+}
6824+
6825+/**
6826+ * atomic_read_unchecked - read atomic variable
6827+ * @v: pointer of type atomic_unchecked_t
6828+ *
6829+ * Atomically reads the value of @v.
6830+ */
6831+static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
6832+{
6833+ return (*(volatile const int *)&(v)->counter);
6834 }
6835
6836 /**
6837@@ -38,6 +49,18 @@ static inline void atomic_set(atomic_t *
6838 }
6839
6840 /**
6841+ * atomic_set_unchecked - set atomic variable
6842+ * @v: pointer of type atomic_unchecked_t
6843+ * @i: required value
6844+ *
6845+ * Atomically sets the value of @v to @i.
6846+ */
6847+static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
6848+{
6849+ v->counter = i;
6850+}
6851+
6852+/**
6853 * atomic_add - add integer to atomic variable
6854 * @i: integer value to add
6855 * @v: pointer of type atomic_t
6856@@ -46,7 +69,29 @@ static inline void atomic_set(atomic_t *
6857 */
6858 static inline void atomic_add(int i, atomic_t *v)
6859 {
6860- asm volatile(LOCK_PREFIX "addl %1,%0"
6861+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
6862+
6863+#ifdef CONFIG_PAX_REFCOUNT
6864+ "jno 0f\n"
6865+ LOCK_PREFIX "subl %1,%0\n"
6866+ "int $4\n0:\n"
6867+ _ASM_EXTABLE(0b, 0b)
6868+#endif
6869+
6870+ : "+m" (v->counter)
6871+ : "ir" (i));
6872+}
6873+
6874+/**
6875+ * atomic_add_unchecked - add integer to atomic variable
6876+ * @i: integer value to add
6877+ * @v: pointer of type atomic_unchecked_t
6878+ *
6879+ * Atomically adds @i to @v.
6880+ */
6881+static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
6882+{
6883+ asm volatile(LOCK_PREFIX "addl %1,%0\n"
6884 : "+m" (v->counter)
6885 : "ir" (i));
6886 }
6887@@ -60,7 +105,29 @@ static inline void atomic_add(int i, ato
6888 */
6889 static inline void atomic_sub(int i, atomic_t *v)
6890 {
6891- asm volatile(LOCK_PREFIX "subl %1,%0"
6892+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
6893+
6894+#ifdef CONFIG_PAX_REFCOUNT
6895+ "jno 0f\n"
6896+ LOCK_PREFIX "addl %1,%0\n"
6897+ "int $4\n0:\n"
6898+ _ASM_EXTABLE(0b, 0b)
6899+#endif
6900+
6901+ : "+m" (v->counter)
6902+ : "ir" (i));
6903+}
6904+
6905+/**
6906+ * atomic_sub_unchecked - subtract integer from atomic variable
6907+ * @i: integer value to subtract
6908+ * @v: pointer of type atomic_t
6909+ *
6910+ * Atomically subtracts @i from @v.
6911+ */
6912+static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
6913+{
6914+ asm volatile(LOCK_PREFIX "subl %1,%0\n"
6915 : "+m" (v->counter)
6916 : "ir" (i));
6917 }
6918@@ -78,7 +145,16 @@ static inline int atomic_sub_and_test(in
6919 {
6920 unsigned char c;
6921
6922- asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
6923+ asm volatile(LOCK_PREFIX "subl %2,%0\n"
6924+
6925+#ifdef CONFIG_PAX_REFCOUNT
6926+ "jno 0f\n"
6927+ LOCK_PREFIX "addl %2,%0\n"
6928+ "int $4\n0:\n"
6929+ _ASM_EXTABLE(0b, 0b)
6930+#endif
6931+
6932+ "sete %1\n"
6933 : "+m" (v->counter), "=qm" (c)
6934 : "ir" (i) : "memory");
6935 return c;
6936@@ -92,7 +168,27 @@ static inline int atomic_sub_and_test(in
6937 */
6938 static inline void atomic_inc(atomic_t *v)
6939 {
6940- asm volatile(LOCK_PREFIX "incl %0"
6941+ asm volatile(LOCK_PREFIX "incl %0\n"
6942+
6943+#ifdef CONFIG_PAX_REFCOUNT
6944+ "jno 0f\n"
6945+ LOCK_PREFIX "decl %0\n"
6946+ "int $4\n0:\n"
6947+ _ASM_EXTABLE(0b, 0b)
6948+#endif
6949+
6950+ : "+m" (v->counter));
6951+}
6952+
6953+/**
6954+ * atomic_inc_unchecked - increment atomic variable
6955+ * @v: pointer of type atomic_unchecked_t
6956+ *
6957+ * Atomically increments @v by 1.
6958+ */
6959+static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
6960+{
6961+ asm volatile(LOCK_PREFIX "incl %0\n"
6962 : "+m" (v->counter));
6963 }
6964
6965@@ -104,7 +200,27 @@ static inline void atomic_inc(atomic_t *
6966 */
6967 static inline void atomic_dec(atomic_t *v)
6968 {
6969- asm volatile(LOCK_PREFIX "decl %0"
6970+ asm volatile(LOCK_PREFIX "decl %0\n"
6971+
6972+#ifdef CONFIG_PAX_REFCOUNT
6973+ "jno 0f\n"
6974+ LOCK_PREFIX "incl %0\n"
6975+ "int $4\n0:\n"
6976+ _ASM_EXTABLE(0b, 0b)
6977+#endif
6978+
6979+ : "+m" (v->counter));
6980+}
6981+
6982+/**
6983+ * atomic_dec_unchecked - decrement atomic variable
6984+ * @v: pointer of type atomic_t
6985+ *
6986+ * Atomically decrements @v by 1.
6987+ */
6988+static inline void atomic_dec_unchecked(atomic_unchecked_t *v)
6989+{
6990+ asm volatile(LOCK_PREFIX "decl %0\n"
6991 : "+m" (v->counter));
6992 }
6993
6994@@ -120,7 +236,16 @@ static inline int atomic_dec_and_test(at
6995 {
6996 unsigned char c;
6997
6998- asm volatile(LOCK_PREFIX "decl %0; sete %1"
6999+ asm volatile(LOCK_PREFIX "decl %0\n"
7000+
7001+#ifdef CONFIG_PAX_REFCOUNT
7002+ "jno 0f\n"
7003+ LOCK_PREFIX "incl %0\n"
7004+ "int $4\n0:\n"
7005+ _ASM_EXTABLE(0b, 0b)
7006+#endif
7007+
7008+ "sete %1\n"
7009 : "+m" (v->counter), "=qm" (c)
7010 : : "memory");
7011 return c != 0;
7012@@ -138,7 +263,16 @@ static inline int atomic_inc_and_test(at
7013 {
7014 unsigned char c;
7015
7016- asm volatile(LOCK_PREFIX "incl %0; sete %1"
7017+ asm volatile(LOCK_PREFIX "incl %0\n"
7018+
7019+#ifdef CONFIG_PAX_REFCOUNT
7020+ "jno 0f\n"
7021+ LOCK_PREFIX "decl %0\n"
7022+ "int $4\n0:\n"
7023+ _ASM_EXTABLE(0b, 0b)
7024+#endif
7025+
7026+ "sete %1\n"
7027 : "+m" (v->counter), "=qm" (c)
7028 : : "memory");
7029 return c != 0;
7030@@ -157,7 +291,16 @@ static inline int atomic_add_negative(in
7031 {
7032 unsigned char c;
7033
7034- asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
7035+ asm volatile(LOCK_PREFIX "addl %2,%0\n"
7036+
7037+#ifdef CONFIG_PAX_REFCOUNT
7038+ "jno 0f\n"
7039+ LOCK_PREFIX "subl %2,%0\n"
7040+ "int $4\n0:\n"
7041+ _ASM_EXTABLE(0b, 0b)
7042+#endif
7043+
7044+ "sets %1\n"
7045 : "+m" (v->counter), "=qm" (c)
7046 : "ir" (i) : "memory");
7047 return c;
7048@@ -180,6 +323,46 @@ static inline int atomic_add_return(int
7049 #endif
7050 /* Modern 486+ processor */
7051 __i = i;
7052+ asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
7053+
7054+#ifdef CONFIG_PAX_REFCOUNT
7055+ "jno 0f\n"
7056+ "movl %0, %1\n"
7057+ "int $4\n0:\n"
7058+ _ASM_EXTABLE(0b, 0b)
7059+#endif
7060+
7061+ : "+r" (i), "+m" (v->counter)
7062+ : : "memory");
7063+ return i + __i;
7064+
7065+#ifdef CONFIG_M386
7066+no_xadd: /* Legacy 386 processor */
7067+ local_irq_save(flags);
7068+ __i = atomic_read(v);
7069+ atomic_set(v, i + __i);
7070+ local_irq_restore(flags);
7071+ return i + __i;
7072+#endif
7073+}
7074+
7075+/**
7076+ * atomic_add_return_unchecked - add integer and return
7077+ * @v: pointer of type atomic_unchecked_t
7078+ * @i: integer value to add
7079+ *
7080+ * Atomically adds @i to @v and returns @i + @v
7081+ */
7082+static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
7083+{
7084+ int __i;
7085+#ifdef CONFIG_M386
7086+ unsigned long flags;
7087+ if (unlikely(boot_cpu_data.x86 <= 3))
7088+ goto no_xadd;
7089+#endif
7090+ /* Modern 486+ processor */
7091+ __i = i;
7092 asm volatile(LOCK_PREFIX "xaddl %0, %1"
7093 : "+r" (i), "+m" (v->counter)
7094 : : "memory");
7095@@ -208,6 +391,10 @@ static inline int atomic_sub_return(int
7096 }
7097
7098 #define atomic_inc_return(v) (atomic_add_return(1, v))
7099+static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
7100+{
7101+ return atomic_add_return_unchecked(1, v);
7102+}
7103 #define atomic_dec_return(v) (atomic_sub_return(1, v))
7104
7105 static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
7106@@ -231,21 +418,77 @@ static inline int atomic_xchg(atomic_t *
7107 */
7108 static inline int atomic_add_unless(atomic_t *v, int a, int u)
7109 {
7110- int c, old;
7111+ int c, old, new;
7112 c = atomic_read(v);
7113 for (;;) {
7114- if (unlikely(c == (u)))
7115+ if (unlikely(c == u))
7116 break;
7117- old = atomic_cmpxchg((v), c, c + (a));
7118+
7119+ asm volatile("addl %2,%0\n"
7120+
7121+#ifdef CONFIG_PAX_REFCOUNT
7122+ "jno 0f\n"
7123+ "subl %2,%0\n"
7124+ "int $4\n0:\n"
7125+ _ASM_EXTABLE(0b, 0b)
7126+#endif
7127+
7128+ : "=r" (new)
7129+ : "0" (c), "ir" (a));
7130+
7131+ old = atomic_cmpxchg(v, c, new);
7132 if (likely(old == c))
7133 break;
7134 c = old;
7135 }
7136- return c != (u);
7137+ return c != u;
7138 }
7139
7140 #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
7141
7142+/**
7143+ * atomic_inc_not_zero_hint - increment if not null
7144+ * @v: pointer of type atomic_t
7145+ * @hint: probable value of the atomic before the increment
7146+ *
7147+ * This version of atomic_inc_not_zero() gives a hint of probable
7148+ * value of the atomic. This helps processor to not read the memory
7149+ * before doing the atomic read/modify/write cycle, lowering
7150+ * number of bus transactions on some arches.
7151+ *
7152+ * Returns: 0 if increment was not done, 1 otherwise.
7153+ */
7154+#define atomic_inc_not_zero_hint atomic_inc_not_zero_hint
7155+static inline int atomic_inc_not_zero_hint(atomic_t *v, int hint)
7156+{
7157+ int val, c = hint, new;
7158+
7159+ /* sanity test, should be removed by compiler if hint is a constant */
7160+ if (!hint)
7161+ return atomic_inc_not_zero(v);
7162+
7163+ do {
7164+ asm volatile("incl %0\n"
7165+
7166+#ifdef CONFIG_PAX_REFCOUNT
7167+ "jno 0f\n"
7168+ "decl %0\n"
7169+ "int $4\n0:\n"
7170+ _ASM_EXTABLE(0b, 0b)
7171+#endif
7172+
7173+ : "=r" (new)
7174+ : "0" (c));
7175+
7176+ val = atomic_cmpxchg(v, c, new);
7177+ if (val == c)
7178+ return 1;
7179+ c = val;
7180+ } while (c);
7181+
7182+ return 0;
7183+}
7184+
7185 /*
7186 * atomic_dec_if_positive - decrement by 1 if old value positive
7187 * @v: pointer of type atomic_t
7188diff -urNp linux-2.6.38.2/arch/x86/include/asm/bitops.h linux-2.6.38.2/arch/x86/include/asm/bitops.h
7189--- linux-2.6.38.2/arch/x86/include/asm/bitops.h 2011-03-14 21:20:32.000000000 -0400
7190+++ linux-2.6.38.2/arch/x86/include/asm/bitops.h 2011-03-21 18:31:35.000000000 -0400
7191@@ -38,7 +38,7 @@
7192 * a mask operation on a byte.
7193 */
7194 #define IS_IMMEDIATE(nr) (__builtin_constant_p(nr))
7195-#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((void *)(addr) + ((nr)>>3))
7196+#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((volatile void *)(addr) + ((nr)>>3))
7197 #define CONST_MASK(nr) (1 << ((nr) & 7))
7198
7199 /**
7200diff -urNp linux-2.6.38.2/arch/x86/include/asm/boot.h linux-2.6.38.2/arch/x86/include/asm/boot.h
7201--- linux-2.6.38.2/arch/x86/include/asm/boot.h 2011-03-14 21:20:32.000000000 -0400
7202+++ linux-2.6.38.2/arch/x86/include/asm/boot.h 2011-03-21 18:31:35.000000000 -0400
7203@@ -11,10 +11,15 @@
7204 #include <asm/pgtable_types.h>
7205
7206 /* Physical address where kernel should be loaded. */
7207-#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
7208+#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
7209 + (CONFIG_PHYSICAL_ALIGN - 1)) \
7210 & ~(CONFIG_PHYSICAL_ALIGN - 1))
7211
7212+#ifndef __ASSEMBLY__
7213+extern unsigned char __LOAD_PHYSICAL_ADDR[];
7214+#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
7215+#endif
7216+
7217 /* Minimum kernel alignment, as a power of two */
7218 #ifdef CONFIG_X86_64
7219 #define MIN_KERNEL_ALIGN_LG2 PMD_SHIFT
7220diff -urNp linux-2.6.38.2/arch/x86/include/asm/cacheflush.h linux-2.6.38.2/arch/x86/include/asm/cacheflush.h
7221--- linux-2.6.38.2/arch/x86/include/asm/cacheflush.h 2011-03-14 21:20:32.000000000 -0400
7222+++ linux-2.6.38.2/arch/x86/include/asm/cacheflush.h 2011-03-21 18:31:35.000000000 -0400
7223@@ -26,7 +26,7 @@ static inline unsigned long get_page_mem
7224 unsigned long pg_flags = pg->flags & _PGMT_MASK;
7225
7226 if (pg_flags == _PGMT_DEFAULT)
7227- return -1;
7228+ return ~0UL;
7229 else if (pg_flags == _PGMT_WC)
7230 return _PAGE_CACHE_WC;
7231 else if (pg_flags == _PGMT_UC_MINUS)
7232diff -urNp linux-2.6.38.2/arch/x86/include/asm/cache.h linux-2.6.38.2/arch/x86/include/asm/cache.h
7233--- linux-2.6.38.2/arch/x86/include/asm/cache.h 2011-03-14 21:20:32.000000000 -0400
7234+++ linux-2.6.38.2/arch/x86/include/asm/cache.h 2011-03-21 18:31:35.000000000 -0400
7235@@ -8,6 +8,7 @@
7236 #define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
7237
7238 #define __read_mostly __attribute__((__section__(".data..read_mostly")))
7239+#define __read_only __attribute__((__section__(".data..read_only")))
7240
7241 #define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
7242 #define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
7243diff -urNp linux-2.6.38.2/arch/x86/include/asm/checksum_32.h linux-2.6.38.2/arch/x86/include/asm/checksum_32.h
7244--- linux-2.6.38.2/arch/x86/include/asm/checksum_32.h 2011-03-14 21:20:32.000000000 -0400
7245+++ linux-2.6.38.2/arch/x86/include/asm/checksum_32.h 2011-03-21 18:31:35.000000000 -0400
7246@@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
7247 int len, __wsum sum,
7248 int *src_err_ptr, int *dst_err_ptr);
7249
7250+asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
7251+ int len, __wsum sum,
7252+ int *src_err_ptr, int *dst_err_ptr);
7253+
7254+asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
7255+ int len, __wsum sum,
7256+ int *src_err_ptr, int *dst_err_ptr);
7257+
7258 /*
7259 * Note: when you get a NULL pointer exception here this means someone
7260 * passed in an incorrect kernel address to one of these functions.
7261@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
7262 int *err_ptr)
7263 {
7264 might_sleep();
7265- return csum_partial_copy_generic((__force void *)src, dst,
7266+ return csum_partial_copy_generic_from_user((__force void *)src, dst,
7267 len, sum, err_ptr, NULL);
7268 }
7269
7270@@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_us
7271 {
7272 might_sleep();
7273 if (access_ok(VERIFY_WRITE, dst, len))
7274- return csum_partial_copy_generic(src, (__force void *)dst,
7275+ return csum_partial_copy_generic_to_user(src, (__force void *)dst,
7276 len, sum, NULL, err_ptr);
7277
7278 if (len)
7279diff -urNp linux-2.6.38.2/arch/x86/include/asm/cpufeature.h linux-2.6.38.2/arch/x86/include/asm/cpufeature.h
7280--- linux-2.6.38.2/arch/x86/include/asm/cpufeature.h 2011-03-14 21:20:32.000000000 -0400
7281+++ linux-2.6.38.2/arch/x86/include/asm/cpufeature.h 2011-03-21 18:31:35.000000000 -0400
7282@@ -349,7 +349,7 @@ static __always_inline __pure bool __sta
7283 ".section .discard,\"aw\",@progbits\n"
7284 " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
7285 ".previous\n"
7286- ".section .altinstr_replacement,\"ax\"\n"
7287+ ".section .altinstr_replacement,\"a\"\n"
7288 "3: movb $1,%0\n"
7289 "4:\n"
7290 ".previous\n"
7291diff -urNp linux-2.6.38.2/arch/x86/include/asm/desc_defs.h linux-2.6.38.2/arch/x86/include/asm/desc_defs.h
7292--- linux-2.6.38.2/arch/x86/include/asm/desc_defs.h 2011-03-14 21:20:32.000000000 -0400
7293+++ linux-2.6.38.2/arch/x86/include/asm/desc_defs.h 2011-03-21 18:31:35.000000000 -0400
7294@@ -31,6 +31,12 @@ struct desc_struct {
7295 unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;
7296 unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;
7297 };
7298+ struct {
7299+ u16 offset_low;
7300+ u16 seg;
7301+ unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1;
7302+ unsigned offset_high: 16;
7303+ } gate;
7304 };
7305 } __attribute__((packed));
7306
7307diff -urNp linux-2.6.38.2/arch/x86/include/asm/desc.h linux-2.6.38.2/arch/x86/include/asm/desc.h
7308--- linux-2.6.38.2/arch/x86/include/asm/desc.h 2011-03-14 21:20:32.000000000 -0400
7309+++ linux-2.6.38.2/arch/x86/include/asm/desc.h 2011-03-21 18:31:35.000000000 -0400
7310@@ -4,6 +4,7 @@
7311 #include <asm/desc_defs.h>
7312 #include <asm/ldt.h>
7313 #include <asm/mmu.h>
7314+#include <asm/pgtable.h>
7315 #include <linux/smp.h>
7316
7317 static inline void fill_ldt(struct desc_struct *desc,
7318@@ -15,6 +16,7 @@ static inline void fill_ldt(struct desc_
7319 desc->base1 = (info->base_addr & 0x00ff0000) >> 16;
7320 desc->type = (info->read_exec_only ^ 1) << 1;
7321 desc->type |= info->contents << 2;
7322+ desc->type |= info->seg_not_present ^ 1;
7323 desc->s = 1;
7324 desc->dpl = 0x3;
7325 desc->p = info->seg_not_present ^ 1;
7326@@ -31,16 +33,12 @@ static inline void fill_ldt(struct desc_
7327 }
7328
7329 extern struct desc_ptr idt_descr;
7330-extern gate_desc idt_table[];
7331-
7332-struct gdt_page {
7333- struct desc_struct gdt[GDT_ENTRIES];
7334-} __attribute__((aligned(PAGE_SIZE)));
7335-DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
7336+extern gate_desc idt_table[256];
7337
7338+extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
7339 static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
7340 {
7341- return per_cpu(gdt_page, cpu).gdt;
7342+ return cpu_gdt_table[cpu];
7343 }
7344
7345 #ifdef CONFIG_X86_64
7346@@ -65,9 +63,14 @@ static inline void pack_gate(gate_desc *
7347 unsigned long base, unsigned dpl, unsigned flags,
7348 unsigned short seg)
7349 {
7350- gate->a = (seg << 16) | (base & 0xffff);
7351- gate->b = (base & 0xffff0000) |
7352- (((0x80 | type | (dpl << 5)) & 0xff) << 8);
7353+ gate->gate.offset_low = base;
7354+ gate->gate.seg = seg;
7355+ gate->gate.reserved = 0;
7356+ gate->gate.type = type;
7357+ gate->gate.s = 0;
7358+ gate->gate.dpl = dpl;
7359+ gate->gate.p = 1;
7360+ gate->gate.offset_high = base >> 16;
7361 }
7362
7363 #endif
7364@@ -115,19 +118,24 @@ static inline void paravirt_free_ldt(str
7365 static inline void native_write_idt_entry(gate_desc *idt, int entry,
7366 const gate_desc *gate)
7367 {
7368+ pax_open_kernel();
7369 memcpy(&idt[entry], gate, sizeof(*gate));
7370+ pax_close_kernel();
7371 }
7372
7373 static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry,
7374 const void *desc)
7375 {
7376+ pax_open_kernel();
7377 memcpy(&ldt[entry], desc, 8);
7378+ pax_close_kernel();
7379 }
7380
7381 static inline void native_write_gdt_entry(struct desc_struct *gdt, int entry,
7382 const void *desc, int type)
7383 {
7384 unsigned int size;
7385+
7386 switch (type) {
7387 case DESC_TSS:
7388 size = sizeof(tss_desc);
7389@@ -139,7 +147,10 @@ static inline void native_write_gdt_entr
7390 size = sizeof(struct desc_struct);
7391 break;
7392 }
7393+
7394+ pax_open_kernel();
7395 memcpy(&gdt[entry], desc, size);
7396+ pax_close_kernel();
7397 }
7398
7399 static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
7400@@ -211,7 +222,9 @@ static inline void native_set_ldt(const
7401
7402 static inline void native_load_tr_desc(void)
7403 {
7404+ pax_open_kernel();
7405 asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8));
7406+ pax_close_kernel();
7407 }
7408
7409 static inline void native_load_gdt(const struct desc_ptr *dtr)
7410@@ -246,8 +259,10 @@ static inline void native_load_tls(struc
7411 unsigned int i;
7412 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
7413
7414+ pax_open_kernel();
7415 for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++)
7416 gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
7417+ pax_close_kernel();
7418 }
7419
7420 #define _LDT_empty(info) \
7421@@ -309,7 +324,7 @@ static inline void set_desc_limit(struct
7422 desc->limit = (limit >> 16) & 0xf;
7423 }
7424
7425-static inline void _set_gate(int gate, unsigned type, void *addr,
7426+static inline void _set_gate(int gate, unsigned type, const void *addr,
7427 unsigned dpl, unsigned ist, unsigned seg)
7428 {
7429 gate_desc s;
7430@@ -327,7 +342,7 @@ static inline void _set_gate(int gate, u
7431 * Pentium F0 0F bugfix can have resulted in the mapped
7432 * IDT being write-protected.
7433 */
7434-static inline void set_intr_gate(unsigned int n, void *addr)
7435+static inline void set_intr_gate(unsigned int n, const void *addr)
7436 {
7437 BUG_ON((unsigned)n > 0xFF);
7438 _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS);
7439@@ -356,19 +371,19 @@ static inline void alloc_intr_gate(unsig
7440 /*
7441 * This routine sets up an interrupt gate at directory privilege level 3.
7442 */
7443-static inline void set_system_intr_gate(unsigned int n, void *addr)
7444+static inline void set_system_intr_gate(unsigned int n, const void *addr)
7445 {
7446 BUG_ON((unsigned)n > 0xFF);
7447 _set_gate(n, GATE_INTERRUPT, addr, 0x3, 0, __KERNEL_CS);
7448 }
7449
7450-static inline void set_system_trap_gate(unsigned int n, void *addr)
7451+static inline void set_system_trap_gate(unsigned int n, const void *addr)
7452 {
7453 BUG_ON((unsigned)n > 0xFF);
7454 _set_gate(n, GATE_TRAP, addr, 0x3, 0, __KERNEL_CS);
7455 }
7456
7457-static inline void set_trap_gate(unsigned int n, void *addr)
7458+static inline void set_trap_gate(unsigned int n, const void *addr)
7459 {
7460 BUG_ON((unsigned)n > 0xFF);
7461 _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
7462@@ -377,19 +392,31 @@ static inline void set_trap_gate(unsigne
7463 static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
7464 {
7465 BUG_ON((unsigned)n > 0xFF);
7466- _set_gate(n, GATE_TASK, (void *)0, 0, 0, (gdt_entry<<3));
7467+ _set_gate(n, GATE_TASK, (const void *)0, 0, 0, (gdt_entry<<3));
7468 }
7469
7470-static inline void set_intr_gate_ist(int n, void *addr, unsigned ist)
7471+static inline void set_intr_gate_ist(int n, const void *addr, unsigned ist)
7472 {
7473 BUG_ON((unsigned)n > 0xFF);
7474 _set_gate(n, GATE_INTERRUPT, addr, 0, ist, __KERNEL_CS);
7475 }
7476
7477-static inline void set_system_intr_gate_ist(int n, void *addr, unsigned ist)
7478+static inline void set_system_intr_gate_ist(int n, const void *addr, unsigned ist)
7479 {
7480 BUG_ON((unsigned)n > 0xFF);
7481 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
7482 }
7483
7484+#ifdef CONFIG_X86_32
7485+static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu)
7486+{
7487+ struct desc_struct d;
7488+
7489+ if (likely(limit))
7490+ limit = (limit - 1UL) >> PAGE_SHIFT;
7491+ pack_descriptor(&d, base, limit, 0xFB, 0xC);
7492+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S);
7493+}
7494+#endif
7495+
7496 #endif /* _ASM_X86_DESC_H */
7497diff -urNp linux-2.6.38.2/arch/x86/include/asm/device.h linux-2.6.38.2/arch/x86/include/asm/device.h
7498--- linux-2.6.38.2/arch/x86/include/asm/device.h 2011-03-14 21:20:32.000000000 -0400
7499+++ linux-2.6.38.2/arch/x86/include/asm/device.h 2011-03-21 18:31:35.000000000 -0400
7500@@ -6,7 +6,7 @@ struct dev_archdata {
7501 void *acpi_handle;
7502 #endif
7503 #ifdef CONFIG_X86_64
7504-struct dma_map_ops *dma_ops;
7505+ const struct dma_map_ops *dma_ops;
7506 #endif
7507 #if defined(CONFIG_DMAR) || defined(CONFIG_AMD_IOMMU)
7508 void *iommu; /* hook for IOMMU specific extension */
7509diff -urNp linux-2.6.38.2/arch/x86/include/asm/dma-mapping.h linux-2.6.38.2/arch/x86/include/asm/dma-mapping.h
7510--- linux-2.6.38.2/arch/x86/include/asm/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
7511+++ linux-2.6.38.2/arch/x86/include/asm/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
7512@@ -26,9 +26,9 @@ extern int iommu_merge;
7513 extern struct device x86_dma_fallback_dev;
7514 extern int panic_on_overflow;
7515
7516-extern struct dma_map_ops *dma_ops;
7517+extern const struct dma_map_ops *dma_ops;
7518
7519-static inline struct dma_map_ops *get_dma_ops(struct device *dev)
7520+static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
7521 {
7522 #ifdef CONFIG_X86_32
7523 return dma_ops;
7524@@ -45,7 +45,7 @@ static inline struct dma_map_ops *get_dm
7525 /* Make sure we keep the same behaviour */
7526 static inline int dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
7527 {
7528- struct dma_map_ops *ops = get_dma_ops(dev);
7529+ const struct dma_map_ops *ops = get_dma_ops(dev);
7530 if (ops->mapping_error)
7531 return ops->mapping_error(dev, dma_addr);
7532
7533@@ -115,7 +115,7 @@ static inline void *
7534 dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle,
7535 gfp_t gfp)
7536 {
7537- struct dma_map_ops *ops = get_dma_ops(dev);
7538+ const struct dma_map_ops *ops = get_dma_ops(dev);
7539 void *memory;
7540
7541 gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
7542@@ -142,7 +142,7 @@ dma_alloc_coherent(struct device *dev, s
7543 static inline void dma_free_coherent(struct device *dev, size_t size,
7544 void *vaddr, dma_addr_t bus)
7545 {
7546- struct dma_map_ops *ops = get_dma_ops(dev);
7547+ const struct dma_map_ops *ops = get_dma_ops(dev);
7548
7549 WARN_ON(irqs_disabled()); /* for portability */
7550
7551diff -urNp linux-2.6.38.2/arch/x86/include/asm/e820.h linux-2.6.38.2/arch/x86/include/asm/e820.h
7552--- linux-2.6.38.2/arch/x86/include/asm/e820.h 2011-03-14 21:20:32.000000000 -0400
7553+++ linux-2.6.38.2/arch/x86/include/asm/e820.h 2011-03-21 18:31:35.000000000 -0400
7554@@ -69,7 +69,7 @@ struct e820map {
7555 #define ISA_START_ADDRESS 0xa0000
7556 #define ISA_END_ADDRESS 0x100000
7557
7558-#define BIOS_BEGIN 0x000a0000
7559+#define BIOS_BEGIN 0x000c0000
7560 #define BIOS_END 0x00100000
7561
7562 #define BIOS_ROM_BASE 0xffe00000
7563diff -urNp linux-2.6.38.2/arch/x86/include/asm/elf.h linux-2.6.38.2/arch/x86/include/asm/elf.h
7564--- linux-2.6.38.2/arch/x86/include/asm/elf.h 2011-03-14 21:20:32.000000000 -0400
7565+++ linux-2.6.38.2/arch/x86/include/asm/elf.h 2011-03-21 18:31:35.000000000 -0400
7566@@ -237,7 +237,25 @@ extern int force_personality32;
7567 the loader. We need to make sure that it is out of the way of the program
7568 that it will "exec", and that there is sufficient room for the brk. */
7569
7570+#ifdef CONFIG_PAX_SEGMEXEC
7571+#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
7572+#else
7573 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
7574+#endif
7575+
7576+#ifdef CONFIG_PAX_ASLR
7577+#ifdef CONFIG_X86_32
7578+#define PAX_ELF_ET_DYN_BASE 0x10000000UL
7579+
7580+#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
7581+#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
7582+#else
7583+#define PAX_ELF_ET_DYN_BASE 0x400000UL
7584+
7585+#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3)
7586+#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3)
7587+#endif
7588+#endif
7589
7590 /* This yields a mask that user programs can use to figure out what
7591 instruction set this CPU supports. This could be done in user space,
7592@@ -291,8 +309,7 @@ do { \
7593 #define ARCH_DLINFO \
7594 do { \
7595 if (vdso_enabled) \
7596- NEW_AUX_ENT(AT_SYSINFO_EHDR, \
7597- (unsigned long)current->mm->context.vdso); \
7598+ NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso);\
7599 } while (0)
7600
7601 #define AT_SYSINFO 32
7602@@ -303,7 +320,7 @@ do { \
7603
7604 #endif /* !CONFIG_X86_32 */
7605
7606-#define VDSO_CURRENT_BASE ((unsigned long)current->mm->context.vdso)
7607+#define VDSO_CURRENT_BASE (current->mm->context.vdso)
7608
7609 #define VDSO_ENTRY \
7610 ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall))
7611@@ -317,7 +334,4 @@ extern int arch_setup_additional_pages(s
7612 extern int syscall32_setup_pages(struct linux_binprm *, int exstack);
7613 #define compat_arch_setup_additional_pages syscall32_setup_pages
7614
7615-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
7616-#define arch_randomize_brk arch_randomize_brk
7617-
7618 #endif /* _ASM_X86_ELF_H */
7619diff -urNp linux-2.6.38.2/arch/x86/include/asm/futex.h linux-2.6.38.2/arch/x86/include/asm/futex.h
7620--- linux-2.6.38.2/arch/x86/include/asm/futex.h 2011-03-14 21:20:32.000000000 -0400
7621+++ linux-2.6.38.2/arch/x86/include/asm/futex.h 2011-03-21 18:31:35.000000000 -0400
7622@@ -12,16 +12,18 @@
7623 #include <asm/system.h>
7624
7625 #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
7626+ typecheck(u32 *, uaddr); \
7627 asm volatile("1:\t" insn "\n" \
7628 "2:\t.section .fixup,\"ax\"\n" \
7629 "3:\tmov\t%3, %1\n" \
7630 "\tjmp\t2b\n" \
7631 "\t.previous\n" \
7632 _ASM_EXTABLE(1b, 3b) \
7633- : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
7634+ : "=r" (oldval), "=r" (ret), "+m" (*(u32 *)____m(uaddr))\
7635 : "i" (-EFAULT), "0" (oparg), "1" (0))
7636
7637 #define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
7638+ typecheck(u32 *, uaddr); \
7639 asm volatile("1:\tmovl %2, %0\n" \
7640 "\tmovl\t%0, %3\n" \
7641 "\t" insn "\n" \
7642@@ -34,10 +36,10 @@
7643 _ASM_EXTABLE(1b, 4b) \
7644 _ASM_EXTABLE(2b, 4b) \
7645 : "=&a" (oldval), "=&r" (ret), \
7646- "+m" (*uaddr), "=&r" (tem) \
7647+ "+m" (*(u32 *)____m(uaddr)), "=&r" (tem) \
7648 : "r" (oparg), "i" (-EFAULT), "1" (0))
7649
7650-static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
7651+static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
7652 {
7653 int op = (encoded_op >> 28) & 7;
7654 int cmp = (encoded_op >> 24) & 15;
7655@@ -61,10 +63,10 @@ static inline int futex_atomic_op_inuser
7656
7657 switch (op) {
7658 case FUTEX_OP_SET:
7659- __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
7660+ __futex_atomic_op1(__copyuser_seg"xchgl %0, %2", ret, oldval, uaddr, oparg);
7661 break;
7662 case FUTEX_OP_ADD:
7663- __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
7664+ __futex_atomic_op1(LOCK_PREFIX __copyuser_seg"xaddl %0, %2", ret, oldval,
7665 uaddr, oparg);
7666 break;
7667 case FUTEX_OP_OR:
7668@@ -109,7 +111,7 @@ static inline int futex_atomic_op_inuser
7669 return ret;
7670 }
7671
7672-static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval,
7673+static inline int futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval,
7674 int newval)
7675 {
7676
7677@@ -119,16 +121,16 @@ static inline int futex_atomic_cmpxchg_i
7678 return -ENOSYS;
7679 #endif
7680
7681- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
7682+ if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
7683 return -EFAULT;
7684
7685- asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
7686+ asm volatile("1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %3, %1\n"
7687 "2:\t.section .fixup, \"ax\"\n"
7688 "3:\tmov %2, %0\n"
7689 "\tjmp 2b\n"
7690 "\t.previous\n"
7691 _ASM_EXTABLE(1b, 3b)
7692- : "=a" (oldval), "+m" (*uaddr)
7693+ : "=a" (oldval), "+m" (*(u32 *)____m(uaddr))
7694 : "i" (-EFAULT), "r" (newval), "0" (oldval)
7695 : "memory"
7696 );
7697diff -urNp linux-2.6.38.2/arch/x86/include/asm/i387.h linux-2.6.38.2/arch/x86/include/asm/i387.h
7698--- linux-2.6.38.2/arch/x86/include/asm/i387.h 2011-03-14 21:20:32.000000000 -0400
7699+++ linux-2.6.38.2/arch/x86/include/asm/i387.h 2011-03-21 18:31:35.000000000 -0400
7700@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struc
7701 {
7702 int err;
7703
7704+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
7705+ if ((unsigned long)fx < PAX_USER_SHADOW_BASE)
7706+ fx = (struct i387_fxsave_struct *)((void *)fx + PAX_USER_SHADOW_BASE);
7707+#endif
7708+
7709 /* See comment in fxsave() below. */
7710 #ifdef CONFIG_AS_FXSAVEQ
7711 asm volatile("1: fxrstorq %[fx]\n\t"
7712@@ -121,6 +126,11 @@ static inline int fxsave_user(struct i38
7713 {
7714 int err;
7715
7716+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
7717+ if ((unsigned long)fx < PAX_USER_SHADOW_BASE)
7718+ fx = (struct i387_fxsave_struct __user *)((void __user *)fx + PAX_USER_SHADOW_BASE);
7719+#endif
7720+
7721 /*
7722 * Clear the bytes not touched by the fxsave and reserved
7723 * for the SW usage.
7724@@ -213,13 +223,8 @@ static inline void fpu_fxsave(struct fpu
7725 #endif /* CONFIG_X86_64 */
7726
7727 /* We need a safe address that is cheap to find and that is already
7728- in L1 during context switch. The best choices are unfortunately
7729- different for UP and SMP */
7730-#ifdef CONFIG_SMP
7731-#define safe_address (__per_cpu_offset[0])
7732-#else
7733-#define safe_address (kstat_cpu(0).cpustat.user)
7734-#endif
7735+ in L1 during context switch. */
7736+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
7737
7738 /*
7739 * These must be called with preempt disabled
7740diff -urNp linux-2.6.38.2/arch/x86/include/asm/io.h linux-2.6.38.2/arch/x86/include/asm/io.h
7741--- linux-2.6.38.2/arch/x86/include/asm/io.h 2011-03-14 21:20:32.000000000 -0400
7742+++ linux-2.6.38.2/arch/x86/include/asm/io.h 2011-03-21 18:31:35.000000000 -0400
7743@@ -216,6 +216,17 @@ extern void set_iounmap_nonlazy(void);
7744
7745 #include <linux/vmalloc.h>
7746
7747+#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
7748+static inline int valid_phys_addr_range(unsigned long addr, size_t count)
7749+{
7750+ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
7751+}
7752+
7753+static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
7754+{
7755+ return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
7756+}
7757+
7758 /*
7759 * Convert a virtual cached pointer to an uncached pointer
7760 */
7761diff -urNp linux-2.6.38.2/arch/x86/include/asm/iommu.h linux-2.6.38.2/arch/x86/include/asm/iommu.h
7762--- linux-2.6.38.2/arch/x86/include/asm/iommu.h 2011-03-14 21:20:32.000000000 -0400
7763+++ linux-2.6.38.2/arch/x86/include/asm/iommu.h 2011-03-21 18:31:35.000000000 -0400
7764@@ -1,7 +1,7 @@
7765 #ifndef _ASM_X86_IOMMU_H
7766 #define _ASM_X86_IOMMU_H
7767
7768-extern struct dma_map_ops nommu_dma_ops;
7769+extern const struct dma_map_ops nommu_dma_ops;
7770 extern int force_iommu, no_iommu;
7771 extern int iommu_detected;
7772 extern int iommu_pass_through;
7773diff -urNp linux-2.6.38.2/arch/x86/include/asm/irqflags.h linux-2.6.38.2/arch/x86/include/asm/irqflags.h
7774--- linux-2.6.38.2/arch/x86/include/asm/irqflags.h 2011-03-14 21:20:32.000000000 -0400
7775+++ linux-2.6.38.2/arch/x86/include/asm/irqflags.h 2011-03-21 18:31:35.000000000 -0400
7776@@ -140,6 +140,11 @@ static inline unsigned long arch_local_i
7777 sti; \
7778 sysexit
7779
7780+#define GET_CR0_INTO_RDI mov %cr0, %rdi
7781+#define SET_RDI_INTO_CR0 mov %rdi, %cr0
7782+#define GET_CR3_INTO_RDI mov %cr3, %rdi
7783+#define SET_RDI_INTO_CR3 mov %rdi, %cr3
7784+
7785 #else
7786 #define INTERRUPT_RETURN iret
7787 #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
7788diff -urNp linux-2.6.38.2/arch/x86/include/asm/kvm_host.h linux-2.6.38.2/arch/x86/include/asm/kvm_host.h
7789--- linux-2.6.38.2/arch/x86/include/asm/kvm_host.h 2011-03-14 21:20:32.000000000 -0400
7790+++ linux-2.6.38.2/arch/x86/include/asm/kvm_host.h 2011-03-21 18:31:35.000000000 -0400
7791@@ -603,7 +603,7 @@ struct kvm_arch_async_pf {
7792 bool direct_map;
7793 };
7794
7795-extern struct kvm_x86_ops *kvm_x86_ops;
7796+extern const struct kvm_x86_ops *kvm_x86_ops;
7797
7798 int kvm_mmu_module_init(void);
7799 void kvm_mmu_module_exit(void);
7800diff -urNp linux-2.6.38.2/arch/x86/include/asm/local.h linux-2.6.38.2/arch/x86/include/asm/local.h
7801--- linux-2.6.38.2/arch/x86/include/asm/local.h 2011-03-14 21:20:32.000000000 -0400
7802+++ linux-2.6.38.2/arch/x86/include/asm/local.h 2011-03-21 18:31:35.000000000 -0400
7803@@ -18,26 +18,58 @@ typedef struct {
7804
7805 static inline void local_inc(local_t *l)
7806 {
7807- asm volatile(_ASM_INC "%0"
7808+ asm volatile(_ASM_INC "%0\n"
7809+
7810+#ifdef CONFIG_PAX_REFCOUNT
7811+ "jno 0f\n"
7812+ _ASM_DEC "%0\n"
7813+ "int $4\n0:\n"
7814+ _ASM_EXTABLE(0b, 0b)
7815+#endif
7816+
7817 : "+m" (l->a.counter));
7818 }
7819
7820 static inline void local_dec(local_t *l)
7821 {
7822- asm volatile(_ASM_DEC "%0"
7823+ asm volatile(_ASM_DEC "%0\n"
7824+
7825+#ifdef CONFIG_PAX_REFCOUNT
7826+ "jno 0f\n"
7827+ _ASM_INC "%0\n"
7828+ "int $4\n0:\n"
7829+ _ASM_EXTABLE(0b, 0b)
7830+#endif
7831+
7832 : "+m" (l->a.counter));
7833 }
7834
7835 static inline void local_add(long i, local_t *l)
7836 {
7837- asm volatile(_ASM_ADD "%1,%0"
7838+ asm volatile(_ASM_ADD "%1,%0\n"
7839+
7840+#ifdef CONFIG_PAX_REFCOUNT
7841+ "jno 0f\n"
7842+ _ASM_SUB "%1,%0\n"
7843+ "int $4\n0:\n"
7844+ _ASM_EXTABLE(0b, 0b)
7845+#endif
7846+
7847 : "+m" (l->a.counter)
7848 : "ir" (i));
7849 }
7850
7851 static inline void local_sub(long i, local_t *l)
7852 {
7853- asm volatile(_ASM_SUB "%1,%0"
7854+ asm volatile(_ASM_SUB "%1,%0\n"
7855+
7856+#ifdef CONFIG_PAX_REFCOUNT
7857+ "jno 0f\n"
7858+ _ASM_ADD "%1,%0\n"
7859+ "int $4\n0:\n"
7860+ _ASM_EXTABLE(0b, 0b)
7861+#endif
7862+
7863 : "+m" (l->a.counter)
7864 : "ir" (i));
7865 }
7866@@ -55,7 +87,16 @@ static inline int local_sub_and_test(lon
7867 {
7868 unsigned char c;
7869
7870- asm volatile(_ASM_SUB "%2,%0; sete %1"
7871+ asm volatile(_ASM_SUB "%2,%0\n"
7872+
7873+#ifdef CONFIG_PAX_REFCOUNT
7874+ "jno 0f\n"
7875+ _ASM_ADD "%2,%0\n"
7876+ "int $4\n0:\n"
7877+ _ASM_EXTABLE(0b, 0b)
7878+#endif
7879+
7880+ "sete %1\n"
7881 : "+m" (l->a.counter), "=qm" (c)
7882 : "ir" (i) : "memory");
7883 return c;
7884@@ -73,7 +114,16 @@ static inline int local_dec_and_test(loc
7885 {
7886 unsigned char c;
7887
7888- asm volatile(_ASM_DEC "%0; sete %1"
7889+ asm volatile(_ASM_DEC "%0\n"
7890+
7891+#ifdef CONFIG_PAX_REFCOUNT
7892+ "jno 0f\n"
7893+ _ASM_INC "%0\n"
7894+ "int $4\n0:\n"
7895+ _ASM_EXTABLE(0b, 0b)
7896+#endif
7897+
7898+ "sete %1\n"
7899 : "+m" (l->a.counter), "=qm" (c)
7900 : : "memory");
7901 return c != 0;
7902@@ -91,7 +141,16 @@ static inline int local_inc_and_test(loc
7903 {
7904 unsigned char c;
7905
7906- asm volatile(_ASM_INC "%0; sete %1"
7907+ asm volatile(_ASM_INC "%0\n"
7908+
7909+#ifdef CONFIG_PAX_REFCOUNT
7910+ "jno 0f\n"
7911+ _ASM_DEC "%0\n"
7912+ "int $4\n0:\n"
7913+ _ASM_EXTABLE(0b, 0b)
7914+#endif
7915+
7916+ "sete %1\n"
7917 : "+m" (l->a.counter), "=qm" (c)
7918 : : "memory");
7919 return c != 0;
7920@@ -110,7 +169,16 @@ static inline int local_add_negative(lon
7921 {
7922 unsigned char c;
7923
7924- asm volatile(_ASM_ADD "%2,%0; sets %1"
7925+ asm volatile(_ASM_ADD "%2,%0\n"
7926+
7927+#ifdef CONFIG_PAX_REFCOUNT
7928+ "jno 0f\n"
7929+ _ASM_SUB "%2,%0\n"
7930+ "int $4\n0:\n"
7931+ _ASM_EXTABLE(0b, 0b)
7932+#endif
7933+
7934+ "sets %1\n"
7935 : "+m" (l->a.counter), "=qm" (c)
7936 : "ir" (i) : "memory");
7937 return c;
7938@@ -133,7 +201,15 @@ static inline long local_add_return(long
7939 #endif
7940 /* Modern 486+ processor */
7941 __i = i;
7942- asm volatile(_ASM_XADD "%0, %1;"
7943+ asm volatile(_ASM_XADD "%0, %1\n"
7944+
7945+#ifdef CONFIG_PAX_REFCOUNT
7946+ "jno 0f\n"
7947+ _ASM_MOV "%0,%1\n"
7948+ "int $4\n0:\n"
7949+ _ASM_EXTABLE(0b, 0b)
7950+#endif
7951+
7952 : "+r" (i), "+m" (l->a.counter)
7953 : : "memory");
7954 return i + __i;
7955diff -urNp linux-2.6.38.2/arch/x86/include/asm/mc146818rtc.h linux-2.6.38.2/arch/x86/include/asm/mc146818rtc.h
7956--- linux-2.6.38.2/arch/x86/include/asm/mc146818rtc.h 2011-03-14 21:20:32.000000000 -0400
7957+++ linux-2.6.38.2/arch/x86/include/asm/mc146818rtc.h 2011-03-21 18:31:35.000000000 -0400
7958@@ -81,8 +81,8 @@ static inline unsigned char current_lock
7959 #else
7960 #define lock_cmos_prefix(reg) do {} while (0)
7961 #define lock_cmos_suffix(reg) do {} while (0)
7962-#define lock_cmos(reg)
7963-#define unlock_cmos()
7964+#define lock_cmos(reg) do {} while (0)
7965+#define unlock_cmos() do {} while (0)
7966 #define do_i_have_lock_cmos() 0
7967 #define current_lock_cmos_reg() 0
7968 #endif
7969diff -urNp linux-2.6.38.2/arch/x86/include/asm/mce.h linux-2.6.38.2/arch/x86/include/asm/mce.h
7970--- linux-2.6.38.2/arch/x86/include/asm/mce.h 2011-03-14 21:20:32.000000000 -0400
7971+++ linux-2.6.38.2/arch/x86/include/asm/mce.h 2011-03-21 18:31:35.000000000 -0400
7972@@ -198,7 +198,7 @@ int mce_notify_irq(void);
7973 void mce_notify_process(void);
7974
7975 DECLARE_PER_CPU(struct mce, injectm);
7976-extern struct file_operations mce_chrdev_ops;
7977+extern struct file_operations mce_chrdev_ops; /* cannot be const, see arch/x86/kernel/cpu/mcheck/mce. */
7978
7979 /*
7980 * Exception handler
7981diff -urNp linux-2.6.38.2/arch/x86/include/asm/microcode.h linux-2.6.38.2/arch/x86/include/asm/microcode.h
7982--- linux-2.6.38.2/arch/x86/include/asm/microcode.h 2011-03-14 21:20:32.000000000 -0400
7983+++ linux-2.6.38.2/arch/x86/include/asm/microcode.h 2011-03-21 18:31:35.000000000 -0400
7984@@ -12,13 +12,13 @@ struct device;
7985 enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND };
7986
7987 struct microcode_ops {
7988- enum ucode_state (*request_microcode_user) (int cpu,
7989+ enum ucode_state (* const request_microcode_user) (int cpu,
7990 const void __user *buf, size_t size);
7991
7992- enum ucode_state (*request_microcode_fw) (int cpu,
7993+ enum ucode_state (* const request_microcode_fw) (int cpu,
7994 struct device *device);
7995
7996- void (*microcode_fini_cpu) (int cpu);
7997+ void (* const microcode_fini_cpu) (int cpu);
7998
7999 /*
8000 * The generic 'microcode_core' part guarantees that
8001@@ -38,16 +38,16 @@ struct ucode_cpu_info {
8002 extern struct ucode_cpu_info ucode_cpu_info[];
8003
8004 #ifdef CONFIG_MICROCODE_INTEL
8005-extern struct microcode_ops * __init init_intel_microcode(void);
8006+extern const struct microcode_ops * __init init_intel_microcode(void);
8007 #else
8008-static inline struct microcode_ops * __init init_intel_microcode(void)
8009+static inline const struct microcode_ops * __init init_intel_microcode(void)
8010 {
8011 return NULL;
8012 }
8013 #endif /* CONFIG_MICROCODE_INTEL */
8014
8015 #ifdef CONFIG_MICROCODE_AMD
8016-extern struct microcode_ops * __init init_amd_microcode(void);
8017+extern const struct microcode_ops * __init init_amd_microcode(void);
8018
8019 static inline void get_ucode_data(void *to, const u8 *from, size_t n)
8020 {
8021@@ -55,7 +55,7 @@ static inline void get_ucode_data(void *
8022 }
8023
8024 #else
8025-static inline struct microcode_ops * __init init_amd_microcode(void)
8026+static inline const struct microcode_ops * __init init_amd_microcode(void)
8027 {
8028 return NULL;
8029 }
8030diff -urNp linux-2.6.38.2/arch/x86/include/asm/mman.h linux-2.6.38.2/arch/x86/include/asm/mman.h
8031--- linux-2.6.38.2/arch/x86/include/asm/mman.h 2011-03-14 21:20:32.000000000 -0400
8032+++ linux-2.6.38.2/arch/x86/include/asm/mman.h 2011-03-21 18:31:35.000000000 -0400
8033@@ -5,4 +5,14 @@
8034
8035 #include <asm-generic/mman.h>
8036
8037+#ifdef __KERNEL__
8038+#ifndef __ASSEMBLY__
8039+#ifdef CONFIG_X86_32
8040+#define arch_mmap_check i386_mmap_check
8041+int i386_mmap_check(unsigned long addr, unsigned long len,
8042+ unsigned long flags);
8043+#endif
8044+#endif
8045+#endif
8046+
8047 #endif /* _ASM_X86_MMAN_H */
8048diff -urNp linux-2.6.38.2/arch/x86/include/asm/mmu_context.h linux-2.6.38.2/arch/x86/include/asm/mmu_context.h
8049--- linux-2.6.38.2/arch/x86/include/asm/mmu_context.h 2011-03-14 21:20:32.000000000 -0400
8050+++ linux-2.6.38.2/arch/x86/include/asm/mmu_context.h 2011-03-28 16:54:16.000000000 -0400
8051@@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m
8052
8053 static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
8054 {
8055+
8056+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
8057+ unsigned int i;
8058+ pgd_t *pgd;
8059+
8060+ pax_open_kernel();
8061+ pgd = get_cpu_pgd(smp_processor_id());
8062+ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i)
8063+ if (paravirt_enabled())
8064+ set_pgd(pgd+i, native_make_pgd(0));
8065+ else
8066+ pgd[i] = native_make_pgd(0);
8067+ pax_close_kernel();
8068+#endif
8069+
8070 #ifdef CONFIG_SMP
8071 if (percpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
8072 percpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
8073@@ -34,16 +49,30 @@ static inline void switch_mm(struct mm_s
8074 struct task_struct *tsk)
8075 {
8076 unsigned cpu = smp_processor_id();
8077+#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
8078+ int tlbstate = TLBSTATE_OK;
8079+#endif
8080
8081 if (likely(prev != next)) {
8082 #ifdef CONFIG_SMP
8083+#ifdef CONFIG_X86_32
8084+ tlbstate = percpu_read(cpu_tlbstate.state);
8085+#endif
8086 percpu_write(cpu_tlbstate.state, TLBSTATE_OK);
8087 percpu_write(cpu_tlbstate.active_mm, next);
8088 #endif
8089 cpumask_set_cpu(cpu, mm_cpumask(next));
8090
8091 /* Re-load page tables */
8092+#ifdef CONFIG_PAX_PER_CPU_PGD
8093+ pax_open_kernel();
8094+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd, USER_PGD_PTRS);
8095+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd, USER_PGD_PTRS);
8096+ pax_close_kernel();
8097+ load_cr3(get_cpu_pgd(cpu));
8098+#else
8099 load_cr3(next->pgd);
8100+#endif
8101
8102 /* stop flush ipis for the previous mm */
8103 cpumask_clear_cpu(cpu, mm_cpumask(prev));
8104@@ -53,9 +82,38 @@ static inline void switch_mm(struct mm_s
8105 */
8106 if (unlikely(prev->context.ldt != next->context.ldt))
8107 load_LDT_nolock(&next->context);
8108- }
8109+
8110+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
8111+ if (!(__supported_pte_mask & _PAGE_NX)) {
8112+ smp_mb__before_clear_bit();
8113+ cpu_clear(cpu, prev->context.cpu_user_cs_mask);
8114+ smp_mb__after_clear_bit();
8115+ cpu_set(cpu, next->context.cpu_user_cs_mask);
8116+ }
8117+#endif
8118+
8119+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
8120+ if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
8121+ prev->context.user_cs_limit != next->context.user_cs_limit))
8122+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
8123 #ifdef CONFIG_SMP
8124+ else if (unlikely(tlbstate != TLBSTATE_OK))
8125+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
8126+#endif
8127+#endif
8128+
8129+ }
8130 else {
8131+
8132+#ifdef CONFIG_PAX_PER_CPU_PGD
8133+ pax_open_kernel();
8134+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd, USER_PGD_PTRS);
8135+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd, USER_PGD_PTRS);
8136+ pax_close_kernel();
8137+ load_cr3(get_cpu_pgd(cpu));
8138+#endif
8139+
8140+#ifdef CONFIG_SMP
8141 percpu_write(cpu_tlbstate.state, TLBSTATE_OK);
8142 BUG_ON(percpu_read(cpu_tlbstate.active_mm) != next);
8143
8144@@ -64,11 +122,28 @@ static inline void switch_mm(struct mm_s
8145 * tlb flush IPI delivery. We must reload CR3
8146 * to make sure to use no freed page tables.
8147 */
8148+
8149+#ifndef CONFIG_PAX_PER_CPU_PGD
8150 load_cr3(next->pgd);
8151+#endif
8152+
8153 load_LDT_nolock(&next->context);
8154+
8155+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
8156+ if (!(__supported_pte_mask & _PAGE_NX))
8157+ cpu_set(cpu, next->context.cpu_user_cs_mask);
8158+#endif
8159+
8160+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
8161+#ifdef CONFIG_PAX_PAGEEXEC
8162+ if (!((next->pax_flags & MF_PAX_PAGEEXEC) && (__supported_pte_mask & _PAGE_NX)))
8163+#endif
8164+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
8165+#endif
8166+
8167 }
8168- }
8169 #endif
8170+ }
8171 }
8172
8173 #define activate_mm(prev, next) \
8174diff -urNp linux-2.6.38.2/arch/x86/include/asm/mmu.h linux-2.6.38.2/arch/x86/include/asm/mmu.h
8175--- linux-2.6.38.2/arch/x86/include/asm/mmu.h 2011-03-14 21:20:32.000000000 -0400
8176+++ linux-2.6.38.2/arch/x86/include/asm/mmu.h 2011-03-21 18:31:35.000000000 -0400
8177@@ -9,10 +9,23 @@
8178 * we put the segment information here.
8179 */
8180 typedef struct {
8181- void *ldt;
8182+ struct desc_struct *ldt;
8183 int size;
8184 struct mutex lock;
8185- void *vdso;
8186+ unsigned long vdso;
8187+
8188+#ifdef CONFIG_X86_32
8189+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
8190+ unsigned long user_cs_base;
8191+ unsigned long user_cs_limit;
8192+
8193+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
8194+ cpumask_t cpu_user_cs_mask;
8195+#endif
8196+
8197+#endif
8198+#endif
8199+
8200 } mm_context_t;
8201
8202 #ifdef CONFIG_SMP
8203diff -urNp linux-2.6.38.2/arch/x86/include/asm/module.h linux-2.6.38.2/arch/x86/include/asm/module.h
8204--- linux-2.6.38.2/arch/x86/include/asm/module.h 2011-03-14 21:20:32.000000000 -0400
8205+++ linux-2.6.38.2/arch/x86/include/asm/module.h 2011-03-21 18:31:35.000000000 -0400
8206@@ -59,8 +59,26 @@
8207 #error unknown processor family
8208 #endif
8209
8210+#ifdef CONFIG_PAX_MEMORY_UDEREF
8211+#define MODULE_PAX_UDEREF "UDEREF "
8212+#else
8213+#define MODULE_PAX_UDEREF ""
8214+#endif
8215+
8216 #ifdef CONFIG_X86_32
8217-# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY
8218+# ifdef CONFIG_PAX_KERNEXEC
8219+# define MODULE_PAX_KERNEXEC "KERNEXEC "
8220+# else
8221+# define MODULE_PAX_KERNEXEC ""
8222+# endif
8223+# ifdef CONFIG_GRKERNSEC
8224+# define MODULE_GRSEC "GRSECURITY "
8225+# else
8226+# define MODULE_GRSEC ""
8227+# endif
8228+# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_GRSEC MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF
8229+#else
8230+# define MODULE_ARCH_VERMAGIC MODULE_PAX_UDEREF
8231 #endif
8232
8233 #endif /* _ASM_X86_MODULE_H */
8234diff -urNp linux-2.6.38.2/arch/x86/include/asm/page_64_types.h linux-2.6.38.2/arch/x86/include/asm/page_64_types.h
8235--- linux-2.6.38.2/arch/x86/include/asm/page_64_types.h 2011-03-14 21:20:32.000000000 -0400
8236+++ linux-2.6.38.2/arch/x86/include/asm/page_64_types.h 2011-03-21 18:31:35.000000000 -0400
8237@@ -56,7 +56,7 @@ void copy_page(void *to, void *from);
8238
8239 /* duplicated to the one in bootmem.h */
8240 extern unsigned long max_pfn;
8241-extern unsigned long phys_base;
8242+extern const unsigned long phys_base;
8243
8244 extern unsigned long __phys_addr(unsigned long);
8245 #define __phys_reloc_hide(x) (x)
8246diff -urNp linux-2.6.38.2/arch/x86/include/asm/paravirt.h linux-2.6.38.2/arch/x86/include/asm/paravirt.h
8247--- linux-2.6.38.2/arch/x86/include/asm/paravirt.h 2011-03-14 21:20:32.000000000 -0400
8248+++ linux-2.6.38.2/arch/x86/include/asm/paravirt.h 2011-03-21 18:31:35.000000000 -0400
8249@@ -739,6 +739,21 @@ static inline void __set_fixmap(unsigned
8250 pv_mmu_ops.set_fixmap(idx, phys, flags);
8251 }
8252
8253+#ifdef CONFIG_PAX_KERNEXEC
8254+static inline unsigned long pax_open_kernel(void)
8255+{
8256+ return PVOP_CALL0(unsigned long, pv_mmu_ops.pax_open_kernel);
8257+}
8258+
8259+static inline unsigned long pax_close_kernel(void)
8260+{
8261+ return PVOP_CALL0(unsigned long, pv_mmu_ops.pax_close_kernel);
8262+}
8263+#else
8264+static inline unsigned long pax_open_kernel(void) { return 0; }
8265+static inline unsigned long pax_close_kernel(void) { return 0; }
8266+#endif
8267+
8268 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
8269
8270 static inline int arch_spin_is_locked(struct arch_spinlock *lock)
8271@@ -955,7 +970,7 @@ extern void default_banner(void);
8272
8273 #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
8274 #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
8275-#define PARA_INDIRECT(addr) *%cs:addr
8276+#define PARA_INDIRECT(addr) *%ss:addr
8277 #endif
8278
8279 #define INTERRUPT_RETURN \
8280@@ -1032,6 +1047,21 @@ extern void default_banner(void);
8281 PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \
8282 CLBR_NONE, \
8283 jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit))
8284+
8285+#define GET_CR0_INTO_RDI \
8286+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
8287+ mov %rax,%rdi
8288+
8289+#define SET_RDI_INTO_CR0 \
8290+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
8291+
8292+#define GET_CR3_INTO_RDI \
8293+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3); \
8294+ mov %rax,%rdi
8295+
8296+#define SET_RDI_INTO_CR3 \
8297+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3)
8298+
8299 #endif /* CONFIG_X86_32 */
8300
8301 #endif /* __ASSEMBLY__ */
8302diff -urNp linux-2.6.38.2/arch/x86/include/asm/paravirt_types.h linux-2.6.38.2/arch/x86/include/asm/paravirt_types.h
8303--- linux-2.6.38.2/arch/x86/include/asm/paravirt_types.h 2011-03-14 21:20:32.000000000 -0400
8304+++ linux-2.6.38.2/arch/x86/include/asm/paravirt_types.h 2011-03-21 18:31:35.000000000 -0400
8305@@ -317,6 +317,12 @@ struct pv_mmu_ops {
8306 an mfn. We can tell which is which from the index. */
8307 void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx,
8308 phys_addr_t phys, pgprot_t flags);
8309+
8310+#ifdef CONFIG_PAX_KERNEXEC
8311+ unsigned long (*pax_open_kernel)(void);
8312+ unsigned long (*pax_close_kernel)(void);
8313+#endif
8314+
8315 };
8316
8317 struct arch_spinlock;
8318diff -urNp linux-2.6.38.2/arch/x86/include/asm/pci_x86.h linux-2.6.38.2/arch/x86/include/asm/pci_x86.h
8319--- linux-2.6.38.2/arch/x86/include/asm/pci_x86.h 2011-03-14 21:20:32.000000000 -0400
8320+++ linux-2.6.38.2/arch/x86/include/asm/pci_x86.h 2011-03-21 18:31:35.000000000 -0400
8321@@ -93,16 +93,16 @@ extern int (*pcibios_enable_irq)(struct
8322 extern void (*pcibios_disable_irq)(struct pci_dev *dev);
8323
8324 struct pci_raw_ops {
8325- int (*read)(unsigned int domain, unsigned int bus, unsigned int devfn,
8326+ int (* const read)(unsigned int domain, unsigned int bus, unsigned int devfn,
8327 int reg, int len, u32 *val);
8328- int (*write)(unsigned int domain, unsigned int bus, unsigned int devfn,
8329+ int (* const write)(unsigned int domain, unsigned int bus, unsigned int devfn,
8330 int reg, int len, u32 val);
8331 };
8332
8333-extern struct pci_raw_ops *raw_pci_ops;
8334-extern struct pci_raw_ops *raw_pci_ext_ops;
8335+extern const struct pci_raw_ops *raw_pci_ops;
8336+extern const struct pci_raw_ops *raw_pci_ext_ops;
8337
8338-extern struct pci_raw_ops pci_direct_conf1;
8339+extern const struct pci_raw_ops pci_direct_conf1;
8340 extern bool port_cf9_safe;
8341
8342 /* arch_initcall level */
8343diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgalloc.h linux-2.6.38.2/arch/x86/include/asm/pgalloc.h
8344--- linux-2.6.38.2/arch/x86/include/asm/pgalloc.h 2011-03-14 21:20:32.000000000 -0400
8345+++ linux-2.6.38.2/arch/x86/include/asm/pgalloc.h 2011-03-21 18:31:35.000000000 -0400
8346@@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(s
8347 pmd_t *pmd, pte_t *pte)
8348 {
8349 paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
8350+ set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
8351+}
8352+
8353+static inline void pmd_populate_user(struct mm_struct *mm,
8354+ pmd_t *pmd, pte_t *pte)
8355+{
8356+ paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
8357 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
8358 }
8359
8360diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable-2level.h linux-2.6.38.2/arch/x86/include/asm/pgtable-2level.h
8361--- linux-2.6.38.2/arch/x86/include/asm/pgtable-2level.h 2011-03-14 21:20:32.000000000 -0400
8362+++ linux-2.6.38.2/arch/x86/include/asm/pgtable-2level.h 2011-03-21 18:31:35.000000000 -0400
8363@@ -18,7 +18,9 @@ static inline void native_set_pte(pte_t
8364
8365 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
8366 {
8367+ pax_open_kernel();
8368 *pmdp = pmd;
8369+ pax_close_kernel();
8370 }
8371
8372 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
8373diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable_32.h linux-2.6.38.2/arch/x86/include/asm/pgtable_32.h
8374--- linux-2.6.38.2/arch/x86/include/asm/pgtable_32.h 2011-03-14 21:20:32.000000000 -0400
8375+++ linux-2.6.38.2/arch/x86/include/asm/pgtable_32.h 2011-03-21 18:31:35.000000000 -0400
8376@@ -25,9 +25,6 @@
8377 struct mm_struct;
8378 struct vm_area_struct;
8379
8380-extern pgd_t swapper_pg_dir[1024];
8381-extern pgd_t initial_page_table[1024];
8382-
8383 static inline void pgtable_cache_init(void) { }
8384 static inline void check_pgt_cache(void) { }
8385 void paging_init(void);
8386@@ -48,6 +45,12 @@ extern void set_pmd_pfn(unsigned long, u
8387 # include <asm/pgtable-2level.h>
8388 #endif
8389
8390+extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
8391+extern pgd_t initial_page_table[PTRS_PER_PGD];
8392+#ifdef CONFIG_X86_PAE
8393+extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
8394+#endif
8395+
8396 #if defined(CONFIG_HIGHPTE)
8397 #define pte_offset_map(dir, address) \
8398 ((pte_t *)kmap_atomic(pmd_page(*(dir))) + \
8399@@ -62,7 +65,9 @@ extern void set_pmd_pfn(unsigned long, u
8400 /* Clear a kernel PTE and flush it from the TLB */
8401 #define kpte_clear_flush(ptep, vaddr) \
8402 do { \
8403+ pax_open_kernel(); \
8404 pte_clear(&init_mm, (vaddr), (ptep)); \
8405+ pax_close_kernel(); \
8406 __flush_tlb_one((vaddr)); \
8407 } while (0)
8408
8409@@ -74,6 +79,9 @@ do { \
8410
8411 #endif /* !__ASSEMBLY__ */
8412
8413+#define HAVE_ARCH_UNMAPPED_AREA
8414+#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
8415+
8416 /*
8417 * kern_addr_valid() is (1) for FLATMEM and (0) for
8418 * SPARSEMEM and DISCONTIGMEM
8419diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable_32_types.h linux-2.6.38.2/arch/x86/include/asm/pgtable_32_types.h
8420--- linux-2.6.38.2/arch/x86/include/asm/pgtable_32_types.h 2011-03-14 21:20:32.000000000 -0400
8421+++ linux-2.6.38.2/arch/x86/include/asm/pgtable_32_types.h 2011-03-21 18:31:35.000000000 -0400
8422@@ -8,7 +8,7 @@
8423 */
8424 #ifdef CONFIG_X86_PAE
8425 # include <asm/pgtable-3level_types.h>
8426-# define PMD_SIZE (1UL << PMD_SHIFT)
8427+# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
8428 # define PMD_MASK (~(PMD_SIZE - 1))
8429 #else
8430 # include <asm/pgtable-2level_types.h>
8431@@ -46,6 +46,19 @@ extern bool __vmalloc_start_set; /* set
8432 # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
8433 #endif
8434
8435+#ifdef CONFIG_PAX_KERNEXEC
8436+#ifndef __ASSEMBLY__
8437+extern unsigned char MODULES_EXEC_VADDR[];
8438+extern unsigned char MODULES_EXEC_END[];
8439+#endif
8440+#include <asm/boot.h>
8441+#define ktla_ktva(addr) (addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET)
8442+#define ktva_ktla(addr) (addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET)
8443+#else
8444+#define ktla_ktva(addr) (addr)
8445+#define ktva_ktla(addr) (addr)
8446+#endif
8447+
8448 #define MODULES_VADDR VMALLOC_START
8449 #define MODULES_END VMALLOC_END
8450 #define MODULES_LEN (MODULES_VADDR - MODULES_END)
8451diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable-3level.h linux-2.6.38.2/arch/x86/include/asm/pgtable-3level.h
8452--- linux-2.6.38.2/arch/x86/include/asm/pgtable-3level.h 2011-03-23 17:20:06.000000000 -0400
8453+++ linux-2.6.38.2/arch/x86/include/asm/pgtable-3level.h 2011-03-23 17:21:43.000000000 -0400
8454@@ -38,12 +38,16 @@ static inline void native_set_pte_atomic
8455
8456 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
8457 {
8458+ pax_open_kernel();
8459 set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd));
8460+ pax_close_kernel();
8461 }
8462
8463 static inline void native_set_pud(pud_t *pudp, pud_t pud)
8464 {
8465+ pax_open_kernel();
8466 set_64bit((unsigned long long *)(pudp), native_pud_val(pud));
8467+ pax_close_kernel();
8468 }
8469
8470 /*
8471diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable_64.h linux-2.6.38.2/arch/x86/include/asm/pgtable_64.h
8472--- linux-2.6.38.2/arch/x86/include/asm/pgtable_64.h 2011-03-14 21:20:32.000000000 -0400
8473+++ linux-2.6.38.2/arch/x86/include/asm/pgtable_64.h 2011-03-21 18:31:35.000000000 -0400
8474@@ -16,10 +16,13 @@
8475
8476 extern pud_t level3_kernel_pgt[512];
8477 extern pud_t level3_ident_pgt[512];
8478+extern pud_t level3_vmalloc_pgt[512];
8479+extern pud_t level3_vmemmap_pgt[512];
8480+extern pud_t level2_vmemmap_pgt[512];
8481 extern pmd_t level2_kernel_pgt[512];
8482 extern pmd_t level2_fixmap_pgt[512];
8483-extern pmd_t level2_ident_pgt[512];
8484-extern pgd_t init_level4_pgt[];
8485+extern pmd_t level2_ident_pgt[512*2];
8486+extern pgd_t init_level4_pgt[512];
8487
8488 #define swapper_pg_dir init_level4_pgt
8489
8490@@ -61,7 +64,9 @@ static inline void native_set_pte_atomic
8491
8492 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
8493 {
8494+ pax_open_kernel();
8495 *pmdp = pmd;
8496+ pax_close_kernel();
8497 }
8498
8499 static inline void native_pmd_clear(pmd_t *pmd)
8500@@ -107,7 +112,9 @@ static inline void native_pud_clear(pud_
8501
8502 static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
8503 {
8504+ pax_open_kernel();
8505 *pgdp = pgd;
8506+ pax_close_kernel();
8507 }
8508
8509 static inline void native_pgd_clear(pgd_t *pgd)
8510diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable_64_types.h linux-2.6.38.2/arch/x86/include/asm/pgtable_64_types.h
8511--- linux-2.6.38.2/arch/x86/include/asm/pgtable_64_types.h 2011-03-14 21:20:32.000000000 -0400
8512+++ linux-2.6.38.2/arch/x86/include/asm/pgtable_64_types.h 2011-03-21 18:31:35.000000000 -0400
8513@@ -59,5 +59,10 @@ typedef struct { pteval_t pte; } pte_t;
8514 #define MODULES_VADDR _AC(0xffffffffa0000000, UL)
8515 #define MODULES_END _AC(0xffffffffff000000, UL)
8516 #define MODULES_LEN (MODULES_END - MODULES_VADDR)
8517+#define MODULES_EXEC_VADDR MODULES_VADDR
8518+#define MODULES_EXEC_END MODULES_END
8519+
8520+#define ktla_ktva(addr) (addr)
8521+#define ktva_ktla(addr) (addr)
8522
8523 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
8524diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable.h linux-2.6.38.2/arch/x86/include/asm/pgtable.h
8525--- linux-2.6.38.2/arch/x86/include/asm/pgtable.h 2011-03-14 21:20:32.000000000 -0400
8526+++ linux-2.6.38.2/arch/x86/include/asm/pgtable.h 2011-03-21 18:31:35.000000000 -0400
8527@@ -81,12 +81,51 @@ extern struct mm_struct *pgd_page_get_mm
8528
8529 #define arch_end_context_switch(prev) do {} while(0)
8530
8531+#define pax_open_kernel() native_pax_open_kernel()
8532+#define pax_close_kernel() native_pax_close_kernel()
8533 #endif /* CONFIG_PARAVIRT */
8534
8535+#define __HAVE_ARCH_PAX_OPEN_KERNEL
8536+#define __HAVE_ARCH_PAX_CLOSE_KERNEL
8537+
8538+#ifdef CONFIG_PAX_KERNEXEC
8539+static inline unsigned long native_pax_open_kernel(void)
8540+{
8541+ unsigned long cr0;
8542+
8543+ preempt_disable();
8544+ barrier();
8545+ cr0 = read_cr0() ^ X86_CR0_WP;
8546+ BUG_ON(unlikely(cr0 & X86_CR0_WP));
8547+ write_cr0(cr0);
8548+ return cr0 ^ X86_CR0_WP;
8549+}
8550+
8551+static inline unsigned long native_pax_close_kernel(void)
8552+{
8553+ unsigned long cr0;
8554+
8555+ cr0 = read_cr0() ^ X86_CR0_WP;
8556+ BUG_ON(unlikely(!(cr0 & X86_CR0_WP)));
8557+ write_cr0(cr0);
8558+ barrier();
8559+ preempt_enable_no_resched();
8560+ return cr0 ^ X86_CR0_WP;
8561+}
8562+#else
8563+static inline unsigned long native_pax_open_kernel(void) { return 0; }
8564+static inline unsigned long native_pax_close_kernel(void) { return 0; }
8565+#endif
8566+
8567 /*
8568 * The following only work if pte_present() is true.
8569 * Undefined behaviour if not..
8570 */
8571+static inline int pte_user(pte_t pte)
8572+{
8573+ return pte_val(pte) & _PAGE_USER;
8574+}
8575+
8576 static inline int pte_dirty(pte_t pte)
8577 {
8578 return pte_flags(pte) & _PAGE_DIRTY;
8579@@ -196,9 +235,29 @@ static inline pte_t pte_wrprotect(pte_t
8580 return pte_clear_flags(pte, _PAGE_RW);
8581 }
8582
8583+static inline pte_t pte_mkread(pte_t pte)
8584+{
8585+ return __pte(pte_val(pte) | _PAGE_USER);
8586+}
8587+
8588 static inline pte_t pte_mkexec(pte_t pte)
8589 {
8590- return pte_clear_flags(pte, _PAGE_NX);
8591+#ifdef CONFIG_X86_PAE
8592+ if (__supported_pte_mask & _PAGE_NX)
8593+ return pte_clear_flags(pte, _PAGE_NX);
8594+ else
8595+#endif
8596+ return pte_set_flags(pte, _PAGE_USER);
8597+}
8598+
8599+static inline pte_t pte_exprotect(pte_t pte)
8600+{
8601+#ifdef CONFIG_X86_PAE
8602+ if (__supported_pte_mask & _PAGE_NX)
8603+ return pte_set_flags(pte, _PAGE_NX);
8604+ else
8605+#endif
8606+ return pte_clear_flags(pte, _PAGE_USER);
8607 }
8608
8609 static inline pte_t pte_mkdirty(pte_t pte)
8610@@ -390,6 +449,15 @@ pte_t *populate_extra_pte(unsigned long
8611 #endif
8612
8613 #ifndef __ASSEMBLY__
8614+
8615+#ifdef CONFIG_PAX_PER_CPU_PGD
8616+extern pgd_t cpu_pgd[NR_CPUS][PTRS_PER_PGD];
8617+static inline pgd_t *get_cpu_pgd(unsigned int cpu)
8618+{
8619+ return cpu_pgd[cpu];
8620+}
8621+#endif
8622+
8623 #include <linux/mm_types.h>
8624
8625 static inline int pte_none(pte_t pte)
8626@@ -560,7 +628,7 @@ static inline pud_t *pud_offset(pgd_t *p
8627
8628 static inline int pgd_bad(pgd_t pgd)
8629 {
8630- return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE;
8631+ return (pgd_flags(pgd) & ~(_PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
8632 }
8633
8634 static inline int pgd_none(pgd_t pgd)
8635@@ -583,7 +651,12 @@ static inline int pgd_none(pgd_t pgd)
8636 * pgd_offset() returns a (pgd_t *)
8637 * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
8638 */
8639-#define pgd_offset(mm, address) ((mm)->pgd + pgd_index((address)))
8640+#define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address))
8641+
8642+#ifdef CONFIG_PAX_PER_CPU_PGD
8643+#define pgd_offset_cpu(cpu, address) (get_cpu_pgd(cpu) + pgd_index(address))
8644+#endif
8645+
8646 /*
8647 * a shortcut which implies the use of the kernel's pgd, instead
8648 * of a process's
8649@@ -594,6 +667,20 @@ static inline int pgd_none(pgd_t pgd)
8650 #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
8651 #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
8652
8653+#ifdef CONFIG_X86_32
8654+#define USER_PGD_PTRS KERNEL_PGD_BOUNDARY
8655+#else
8656+#define TASK_SIZE_MAX_SHIFT CONFIG_TASK_SIZE_MAX_SHIFT
8657+#define USER_PGD_PTRS (_AC(1,UL) << (TASK_SIZE_MAX_SHIFT - PGDIR_SHIFT))
8658+
8659+#ifdef CONFIG_PAX_MEMORY_UDEREF
8660+#define PAX_USER_SHADOW_BASE (_AC(1,UL) << TASK_SIZE_MAX_SHIFT)
8661+#else
8662+#define PAX_USER_SHADOW_BASE (_AC(0,UL))
8663+#endif
8664+
8665+#endif
8666+
8667 #ifndef __ASSEMBLY__
8668
8669 extern int direct_gbpages;
8670@@ -758,11 +845,23 @@ static inline void pmdp_set_wrprotect(st
8671 * dst and src can be on the same page, but the range must not overlap,
8672 * and must not cross a page boundary.
8673 */
8674-static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
8675+static inline void clone_pgd_range(pgd_t *dst, const pgd_t *src, int count)
8676 {
8677- memcpy(dst, src, count * sizeof(pgd_t));
8678+ pax_open_kernel();
8679+ while (count--)
8680+ *dst++ = *src++;
8681+ pax_close_kernel();
8682 }
8683
8684+#ifdef CONFIG_PAX_PER_CPU_PGD
8685+extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count);
8686+#endif
8687+
8688+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
8689+extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count);
8690+#else
8691+static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {}
8692+#endif
8693
8694 #include <asm-generic/pgtable.h>
8695 #endif /* __ASSEMBLY__ */
8696diff -urNp linux-2.6.38.2/arch/x86/include/asm/pgtable_types.h linux-2.6.38.2/arch/x86/include/asm/pgtable_types.h
8697--- linux-2.6.38.2/arch/x86/include/asm/pgtable_types.h 2011-03-14 21:20:32.000000000 -0400
8698+++ linux-2.6.38.2/arch/x86/include/asm/pgtable_types.h 2011-03-21 18:31:35.000000000 -0400
8699@@ -16,13 +16,12 @@
8700 #define _PAGE_BIT_PSE 7 /* 4 MB (or 2MB) page */
8701 #define _PAGE_BIT_PAT 7 /* on 4KB pages */
8702 #define _PAGE_BIT_GLOBAL 8 /* Global TLB entry PPro+ */
8703-#define _PAGE_BIT_UNUSED1 9 /* available for programmer */
8704+#define _PAGE_BIT_SPECIAL 9 /* special mappings, no associated struct page */
8705 #define _PAGE_BIT_IOMAP 10 /* flag used to indicate IO mapping */
8706 #define _PAGE_BIT_HIDDEN 11 /* hidden by kmemcheck */
8707 #define _PAGE_BIT_PAT_LARGE 12 /* On 2MB or 1GB pages */
8708-#define _PAGE_BIT_SPECIAL _PAGE_BIT_UNUSED1
8709-#define _PAGE_BIT_CPA_TEST _PAGE_BIT_UNUSED1
8710-#define _PAGE_BIT_SPLITTING _PAGE_BIT_UNUSED1 /* only valid on a PSE pmd */
8711+#define _PAGE_BIT_CPA_TEST _PAGE_BIT_SPECIAL
8712+#define _PAGE_BIT_SPLITTING _PAGE_BIT_SPECIAL /* only valid on a PSE pmd */
8713 #define _PAGE_BIT_NX 63 /* No execute: only valid after cpuid check */
8714
8715 /* If _PAGE_BIT_PRESENT is clear, we use these: */
8716@@ -40,7 +39,6 @@
8717 #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
8718 #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE)
8719 #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
8720-#define _PAGE_UNUSED1 (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
8721 #define _PAGE_IOMAP (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
8722 #define _PAGE_PAT (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
8723 #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE)
8724@@ -57,8 +55,10 @@
8725
8726 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
8727 #define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX)
8728-#else
8729+#elif defined(CONFIG_KMEMCHECK)
8730 #define _PAGE_NX (_AT(pteval_t, 0))
8731+#else
8732+#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN)
8733 #endif
8734
8735 #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE)
8736@@ -96,6 +96,9 @@
8737 #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
8738 _PAGE_ACCESSED)
8739
8740+#define PAGE_READONLY_NOEXEC PAGE_READONLY
8741+#define PAGE_SHARED_NOEXEC PAGE_SHARED
8742+
8743 #define __PAGE_KERNEL_EXEC \
8744 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
8745 #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
8746@@ -106,8 +109,8 @@
8747 #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC)
8748 #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT)
8749 #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD)
8750-#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RX | _PAGE_USER)
8751-#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_VSYSCALL | _PAGE_PCD | _PAGE_PWT)
8752+#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RO | _PAGE_USER)
8753+#define __PAGE_KERNEL_VSYSCALL_NOCACHE (__PAGE_KERNEL_RO | _PAGE_PCD | _PAGE_PWT | _PAGE_USER)
8754 #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
8755 #define __PAGE_KERNEL_LARGE_NOCACHE (__PAGE_KERNEL | _PAGE_CACHE_UC | _PAGE_PSE)
8756 #define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE)
8757@@ -166,8 +169,8 @@
8758 * bits are combined, this will alow user to access the high address mapped
8759 * VDSO in the presence of CONFIG_COMPAT_VDSO
8760 */
8761-#define PTE_IDENT_ATTR 0x003 /* PRESENT+RW */
8762-#define PDE_IDENT_ATTR 0x067 /* PRESENT+RW+USER+DIRTY+ACCESSED */
8763+#define PTE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
8764+#define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
8765 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
8766 #endif
8767
8768@@ -205,7 +208,17 @@ static inline pgdval_t pgd_flags(pgd_t p
8769 {
8770 return native_pgd_val(pgd) & PTE_FLAGS_MASK;
8771 }
8772+#endif
8773
8774+#if PAGETABLE_LEVELS == 3
8775+#include <asm-generic/pgtable-nopud.h>
8776+#endif
8777+
8778+#if PAGETABLE_LEVELS == 2
8779+#include <asm-generic/pgtable-nopmd.h>
8780+#endif
8781+
8782+#ifndef __ASSEMBLY__
8783 #if PAGETABLE_LEVELS > 3
8784 typedef struct { pudval_t pud; } pud_t;
8785
8786@@ -219,8 +232,6 @@ static inline pudval_t native_pud_val(pu
8787 return pud.pud;
8788 }
8789 #else
8790-#include <asm-generic/pgtable-nopud.h>
8791-
8792 static inline pudval_t native_pud_val(pud_t pud)
8793 {
8794 return native_pgd_val(pud.pgd);
8795@@ -240,8 +251,6 @@ static inline pmdval_t native_pmd_val(pm
8796 return pmd.pmd;
8797 }
8798 #else
8799-#include <asm-generic/pgtable-nopmd.h>
8800-
8801 static inline pmdval_t native_pmd_val(pmd_t pmd)
8802 {
8803 return native_pgd_val(pmd.pud.pgd);
8804@@ -281,7 +290,6 @@ typedef struct page *pgtable_t;
8805
8806 extern pteval_t __supported_pte_mask;
8807 extern void set_nx(void);
8808-extern int nx_enabled;
8809
8810 #define pgprot_writecombine pgprot_writecombine
8811 extern pgprot_t pgprot_writecombine(pgprot_t prot);
8812diff -urNp linux-2.6.38.2/arch/x86/include/asm/processor.h linux-2.6.38.2/arch/x86/include/asm/processor.h
8813--- linux-2.6.38.2/arch/x86/include/asm/processor.h 2011-03-14 21:20:32.000000000 -0400
8814+++ linux-2.6.38.2/arch/x86/include/asm/processor.h 2011-03-21 18:31:35.000000000 -0400
8815@@ -270,7 +270,7 @@ struct tss_struct {
8816
8817 } ____cacheline_aligned;
8818
8819-DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss);
8820+extern struct tss_struct init_tss[NR_CPUS];
8821
8822 /*
8823 * Save the original ist values for checking stack pointers during debugging
8824@@ -864,8 +864,15 @@ static inline void spin_lock_prefetch(co
8825 */
8826 #define TASK_SIZE PAGE_OFFSET
8827 #define TASK_SIZE_MAX TASK_SIZE
8828+
8829+#ifdef CONFIG_PAX_SEGMEXEC
8830+#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2)
8831+#define STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE)
8832+#else
8833 #define STACK_TOP TASK_SIZE
8834-#define STACK_TOP_MAX STACK_TOP
8835+#endif
8836+
8837+#define STACK_TOP_MAX TASK_SIZE
8838
8839 #define INIT_THREAD { \
8840 .sp0 = sizeof(init_stack) + (long)&init_stack, \
8841@@ -882,7 +889,7 @@ static inline void spin_lock_prefetch(co
8842 */
8843 #define INIT_TSS { \
8844 .x86_tss = { \
8845- .sp0 = sizeof(init_stack) + (long)&init_stack, \
8846+ .sp0 = sizeof(init_stack) + (long)&init_stack - 8, \
8847 .ss0 = __KERNEL_DS, \
8848 .ss1 = __KERNEL_CS, \
8849 .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
8850@@ -893,11 +900,7 @@ static inline void spin_lock_prefetch(co
8851 extern unsigned long thread_saved_pc(struct task_struct *tsk);
8852
8853 #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
8854-#define KSTK_TOP(info) \
8855-({ \
8856- unsigned long *__ptr = (unsigned long *)(info); \
8857- (unsigned long)(&__ptr[THREAD_SIZE_LONGS]); \
8858-})
8859+#define KSTK_TOP(info) ((info)->task.thread.sp0)
8860
8861 /*
8862 * The below -8 is to reserve 8 bytes on top of the ring0 stack.
8863@@ -912,7 +915,7 @@ extern unsigned long thread_saved_pc(str
8864 #define task_pt_regs(task) \
8865 ({ \
8866 struct pt_regs *__regs__; \
8867- __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \
8868+ __regs__ = (struct pt_regs *)((task)->thread.sp0); \
8869 __regs__ - 1; \
8870 })
8871
8872@@ -922,13 +925,13 @@ extern unsigned long thread_saved_pc(str
8873 /*
8874 * User space process size. 47bits minus one guard page.
8875 */
8876-#define TASK_SIZE_MAX ((1UL << 47) - PAGE_SIZE)
8877+#define TASK_SIZE_MAX ((1UL << TASK_SIZE_MAX_SHIFT) - PAGE_SIZE)
8878
8879 /* This decides where the kernel will search for a free chunk of vm
8880 * space during mmap's.
8881 */
8882 #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \
8883- 0xc0000000 : 0xFFFFe000)
8884+ 0xc0000000 : 0xFFFFf000)
8885
8886 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \
8887 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
8888@@ -965,6 +968,10 @@ extern void start_thread(struct pt_regs
8889 */
8890 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
8891
8892+#ifdef CONFIG_PAX_SEGMEXEC
8893+#define SEGMEXEC_TASK_UNMAPPED_BASE (PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3))
8894+#endif
8895+
8896 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
8897
8898 /* Get/set a process' ability to use the timestamp counter instruction */
8899diff -urNp linux-2.6.38.2/arch/x86/include/asm/ptrace.h linux-2.6.38.2/arch/x86/include/asm/ptrace.h
8900--- linux-2.6.38.2/arch/x86/include/asm/ptrace.h 2011-03-14 21:20:32.000000000 -0400
8901+++ linux-2.6.38.2/arch/x86/include/asm/ptrace.h 2011-03-21 18:31:35.000000000 -0400
8902@@ -152,28 +152,29 @@ static inline unsigned long regs_return_
8903 }
8904
8905 /*
8906- * user_mode_vm(regs) determines whether a register set came from user mode.
8907+ * user_mode(regs) determines whether a register set came from user mode.
8908 * This is true if V8086 mode was enabled OR if the register set was from
8909 * protected mode with RPL-3 CS value. This tricky test checks that with
8910 * one comparison. Many places in the kernel can bypass this full check
8911- * if they have already ruled out V8086 mode, so user_mode(regs) can be used.
8912+ * if they have already ruled out V8086 mode, so user_mode_novm(regs) can
8913+ * be used.
8914 */
8915-static inline int user_mode(struct pt_regs *regs)
8916+static inline int user_mode_novm(struct pt_regs *regs)
8917 {
8918 #ifdef CONFIG_X86_32
8919 return (regs->cs & SEGMENT_RPL_MASK) == USER_RPL;
8920 #else
8921- return !!(regs->cs & 3);
8922+ return !!(regs->cs & SEGMENT_RPL_MASK);
8923 #endif
8924 }
8925
8926-static inline int user_mode_vm(struct pt_regs *regs)
8927+static inline int user_mode(struct pt_regs *regs)
8928 {
8929 #ifdef CONFIG_X86_32
8930 return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK)) >=
8931 USER_RPL;
8932 #else
8933- return user_mode(regs);
8934+ return user_mode_novm(regs);
8935 #endif
8936 }
8937
8938diff -urNp linux-2.6.38.2/arch/x86/include/asm/reboot.h linux-2.6.38.2/arch/x86/include/asm/reboot.h
8939--- linux-2.6.38.2/arch/x86/include/asm/reboot.h 2011-03-14 21:20:32.000000000 -0400
8940+++ linux-2.6.38.2/arch/x86/include/asm/reboot.h 2011-03-21 18:31:35.000000000 -0400
8941@@ -18,7 +18,7 @@ extern struct machine_ops machine_ops;
8942
8943 void native_machine_crash_shutdown(struct pt_regs *regs);
8944 void native_machine_shutdown(void);
8945-void machine_real_restart(const unsigned char *code, int length);
8946+void machine_real_restart(const unsigned char *code, unsigned int length);
8947
8948 typedef void (*nmi_shootdown_cb)(int, struct die_args*);
8949 void nmi_shootdown_cpus(nmi_shootdown_cb callback);
8950diff -urNp linux-2.6.38.2/arch/x86/include/asm/rwsem.h linux-2.6.38.2/arch/x86/include/asm/rwsem.h
8951--- linux-2.6.38.2/arch/x86/include/asm/rwsem.h 2011-03-14 21:20:32.000000000 -0400
8952+++ linux-2.6.38.2/arch/x86/include/asm/rwsem.h 2011-03-21 18:31:35.000000000 -0400
8953@@ -118,6 +118,14 @@ static inline void __down_read(struct rw
8954 {
8955 asm volatile("# beginning down_read\n\t"
8956 LOCK_PREFIX _ASM_INC "(%1)\n\t"
8957+
8958+#ifdef CONFIG_PAX_REFCOUNT
8959+ "jno 0f\n"
8960+ LOCK_PREFIX _ASM_DEC "(%1)\n"
8961+ "int $4\n0:\n"
8962+ _ASM_EXTABLE(0b, 0b)
8963+#endif
8964+
8965 /* adds 0x00000001 */
8966 " jns 1f\n"
8967 " call call_rwsem_down_read_failed\n"
8968@@ -139,6 +147,14 @@ static inline int __down_read_trylock(st
8969 "1:\n\t"
8970 " mov %1,%2\n\t"
8971 " add %3,%2\n\t"
8972+
8973+#ifdef CONFIG_PAX_REFCOUNT
8974+ "jno 0f\n"
8975+ "sub %3,%2\n"
8976+ "int $4\n0:\n"
8977+ _ASM_EXTABLE(0b, 0b)
8978+#endif
8979+
8980 " jle 2f\n\t"
8981 LOCK_PREFIX " cmpxchg %2,%0\n\t"
8982 " jnz 1b\n\t"
8983@@ -158,6 +174,14 @@ static inline void __down_write_nested(s
8984 rwsem_count_t tmp;
8985 asm volatile("# beginning down_write\n\t"
8986 LOCK_PREFIX " xadd %1,(%2)\n\t"
8987+
8988+#ifdef CONFIG_PAX_REFCOUNT
8989+ "jno 0f\n"
8990+ "mov %1,(%2)\n"
8991+ "int $4\n0:\n"
8992+ _ASM_EXTABLE(0b, 0b)
8993+#endif
8994+
8995 /* adds 0xffff0001, returns the old value */
8996 " test %1,%1\n\t"
8997 /* was the count 0 before? */
8998@@ -196,6 +220,14 @@ static inline void __up_read(struct rw_s
8999 rwsem_count_t tmp;
9000 asm volatile("# beginning __up_read\n\t"
9001 LOCK_PREFIX " xadd %1,(%2)\n\t"
9002+
9003+#ifdef CONFIG_PAX_REFCOUNT
9004+ "jno 0f\n"
9005+ "mov %1,(%2)\n"
9006+ "int $4\n0:\n"
9007+ _ASM_EXTABLE(0b, 0b)
9008+#endif
9009+
9010 /* subtracts 1, returns the old value */
9011 " jns 1f\n\t"
9012 " call call_rwsem_wake\n" /* expects old value in %edx */
9013@@ -214,6 +246,14 @@ static inline void __up_write(struct rw_
9014 rwsem_count_t tmp;
9015 asm volatile("# beginning __up_write\n\t"
9016 LOCK_PREFIX " xadd %1,(%2)\n\t"
9017+
9018+#ifdef CONFIG_PAX_REFCOUNT
9019+ "jno 0f\n"
9020+ "mov %1,(%2)\n"
9021+ "int $4\n0:\n"
9022+ _ASM_EXTABLE(0b, 0b)
9023+#endif
9024+
9025 /* subtracts 0xffff0001, returns the old value */
9026 " jns 1f\n\t"
9027 " call call_rwsem_wake\n" /* expects old value in %edx */
9028@@ -231,6 +271,14 @@ static inline void __downgrade_write(str
9029 {
9030 asm volatile("# beginning __downgrade_write\n\t"
9031 LOCK_PREFIX _ASM_ADD "%2,(%1)\n\t"
9032+
9033+#ifdef CONFIG_PAX_REFCOUNT
9034+ "jno 0f\n"
9035+ LOCK_PREFIX _ASM_SUB "%2,(%1)\n"
9036+ "int $4\n0:\n"
9037+ _ASM_EXTABLE(0b, 0b)
9038+#endif
9039+
9040 /*
9041 * transitions 0xZZZZ0001 -> 0xYYYY0001 (i386)
9042 * 0xZZZZZZZZ00000001 -> 0xYYYYYYYY00000001 (x86_64)
9043@@ -250,7 +298,15 @@ static inline void __downgrade_write(str
9044 static inline void rwsem_atomic_add(rwsem_count_t delta,
9045 struct rw_semaphore *sem)
9046 {
9047- asm volatile(LOCK_PREFIX _ASM_ADD "%1,%0"
9048+ asm volatile(LOCK_PREFIX _ASM_ADD "%1,%0\n"
9049+
9050+#ifdef CONFIG_PAX_REFCOUNT
9051+ "jno 0f\n"
9052+ LOCK_PREFIX _ASM_SUB "%1,%0\n"
9053+ "int $4\n0:\n"
9054+ _ASM_EXTABLE(0b, 0b)
9055+#endif
9056+
9057 : "+m" (sem->count)
9058 : "er" (delta));
9059 }
9060@@ -263,7 +319,15 @@ static inline rwsem_count_t rwsem_atomic
9061 {
9062 rwsem_count_t tmp = delta;
9063
9064- asm volatile(LOCK_PREFIX "xadd %0,%1"
9065+ asm volatile(LOCK_PREFIX "xadd %0,%1\n"
9066+
9067+#ifdef CONFIG_PAX_REFCOUNT
9068+ "jno 0f\n"
9069+ "mov %0,%1\n"
9070+ "int $4\n0:\n"
9071+ _ASM_EXTABLE(0b, 0b)
9072+#endif
9073+
9074 : "+r" (tmp), "+m" (sem->count)
9075 : : "memory");
9076
9077diff -urNp linux-2.6.38.2/arch/x86/include/asm/segment.h linux-2.6.38.2/arch/x86/include/asm/segment.h
9078--- linux-2.6.38.2/arch/x86/include/asm/segment.h 2011-03-14 21:20:32.000000000 -0400
9079+++ linux-2.6.38.2/arch/x86/include/asm/segment.h 2011-03-21 18:31:35.000000000 -0400
9080@@ -62,8 +62,8 @@
9081 * 26 - ESPFIX small SS
9082 * 27 - per-cpu [ offset to per-cpu data area ]
9083 * 28 - stack_canary-20 [ for stack protector ]
9084- * 29 - unused
9085- * 30 - unused
9086+ * 29 - PCI BIOS CS
9087+ * 30 - PCI BIOS DS
9088 * 31 - TSS for double fault handler
9089 */
9090 #define GDT_ENTRY_TLS_MIN 6
9091@@ -77,6 +77,8 @@
9092
9093 #define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE+0)
9094
9095+#define GDT_ENTRY_KERNEXEC_KERNEL_CS (4)
9096+
9097 #define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE+1)
9098
9099 #define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE+4)
9100@@ -102,6 +104,12 @@
9101 #define __KERNEL_STACK_CANARY 0
9102 #endif
9103
9104+#define GDT_ENTRY_PCIBIOS_CS (GDT_ENTRY_KERNEL_BASE+17)
9105+#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8)
9106+
9107+#define GDT_ENTRY_PCIBIOS_DS (GDT_ENTRY_KERNEL_BASE+18)
9108+#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8)
9109+
9110 #define GDT_ENTRY_DOUBLEFAULT_TSS 31
9111
9112 /*
9113@@ -139,7 +147,7 @@
9114 */
9115
9116 /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
9117-#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8)
9118+#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16)
9119
9120
9121 #else
9122@@ -163,6 +171,8 @@
9123 #define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS * 8 + 3)
9124 #define __USER32_DS __USER_DS
9125
9126+#define GDT_ENTRY_KERNEXEC_KERNEL_CS 7
9127+
9128 #define GDT_ENTRY_TSS 8 /* needs two entries */
9129 #define GDT_ENTRY_LDT 10 /* needs two entries */
9130 #define GDT_ENTRY_TLS_MIN 12
9131@@ -183,6 +193,7 @@
9132 #endif
9133
9134 #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
9135+#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8)
9136 #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8)
9137 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3)
9138 #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3)
9139diff -urNp linux-2.6.38.2/arch/x86/include/asm/smp.h linux-2.6.38.2/arch/x86/include/asm/smp.h
9140--- linux-2.6.38.2/arch/x86/include/asm/smp.h 2011-03-14 21:20:32.000000000 -0400
9141+++ linux-2.6.38.2/arch/x86/include/asm/smp.h 2011-03-21 18:31:35.000000000 -0400
9142@@ -24,7 +24,7 @@ extern unsigned int num_processors;
9143 DECLARE_PER_CPU(cpumask_var_t, cpu_sibling_map);
9144 DECLARE_PER_CPU(cpumask_var_t, cpu_core_map);
9145 DECLARE_PER_CPU(u16, cpu_llc_id);
9146-DECLARE_PER_CPU(int, cpu_number);
9147+DECLARE_PER_CPU(unsigned int, cpu_number);
9148
9149 static inline struct cpumask *cpu_sibling_mask(int cpu)
9150 {
9151diff -urNp linux-2.6.38.2/arch/x86/include/asm/spinlock.h linux-2.6.38.2/arch/x86/include/asm/spinlock.h
9152--- linux-2.6.38.2/arch/x86/include/asm/spinlock.h 2011-03-14 21:20:32.000000000 -0400
9153+++ linux-2.6.38.2/arch/x86/include/asm/spinlock.h 2011-03-21 18:31:35.000000000 -0400
9154@@ -249,6 +249,14 @@ static inline int arch_write_can_lock(ar
9155 static inline void arch_read_lock(arch_rwlock_t *rw)
9156 {
9157 asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t"
9158+
9159+#ifdef CONFIG_PAX_REFCOUNT
9160+ "jno 0f\n"
9161+ LOCK_PREFIX " addl $1,(%0)\n"
9162+ "int $4\n0:\n"
9163+ _ASM_EXTABLE(0b, 0b)
9164+#endif
9165+
9166 "jns 1f\n"
9167 "call __read_lock_failed\n\t"
9168 "1:\n"
9169@@ -258,6 +266,14 @@ static inline void arch_read_lock(arch_r
9170 static inline void arch_write_lock(arch_rwlock_t *rw)
9171 {
9172 asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t"
9173+
9174+#ifdef CONFIG_PAX_REFCOUNT
9175+ "jno 0f\n"
9176+ LOCK_PREFIX " addl %1,(%0)\n"
9177+ "int $4\n0:\n"
9178+ _ASM_EXTABLE(0b, 0b)
9179+#endif
9180+
9181 "jz 1f\n"
9182 "call __write_lock_failed\n\t"
9183 "1:\n"
9184@@ -286,12 +302,29 @@ static inline int arch_write_trylock(arc
9185
9186 static inline void arch_read_unlock(arch_rwlock_t *rw)
9187 {
9188- asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory");
9189+ asm volatile(LOCK_PREFIX "incl %0\n"
9190+
9191+#ifdef CONFIG_PAX_REFCOUNT
9192+ "jno 0f\n"
9193+ LOCK_PREFIX "decl %0\n"
9194+ "int $4\n0:\n"
9195+ _ASM_EXTABLE(0b, 0b)
9196+#endif
9197+
9198+ :"+m" (rw->lock) : : "memory");
9199 }
9200
9201 static inline void arch_write_unlock(arch_rwlock_t *rw)
9202 {
9203- asm volatile(LOCK_PREFIX "addl %1, %0"
9204+ asm volatile(LOCK_PREFIX "addl %1, %0\n"
9205+
9206+#ifdef CONFIG_PAX_REFCOUNT
9207+ "jno 0f\n"
9208+ LOCK_PREFIX "subl %1, %0\n"
9209+ "int $4\n0:\n"
9210+ _ASM_EXTABLE(0b, 0b)
9211+#endif
9212+
9213 : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory");
9214 }
9215
9216diff -urNp linux-2.6.38.2/arch/x86/include/asm/stackprotector.h linux-2.6.38.2/arch/x86/include/asm/stackprotector.h
9217--- linux-2.6.38.2/arch/x86/include/asm/stackprotector.h 2011-03-14 21:20:32.000000000 -0400
9218+++ linux-2.6.38.2/arch/x86/include/asm/stackprotector.h 2011-03-21 18:31:35.000000000 -0400
9219@@ -113,7 +113,7 @@ static inline void setup_stack_canary_se
9220
9221 static inline void load_stack_canary_segment(void)
9222 {
9223-#ifdef CONFIG_X86_32
9224+#if defined(CONFIG_X86_32) && !defined(CONFIG_PAX_MEMORY_UDEREF)
9225 asm volatile ("mov %0, %%gs" : : "r" (0));
9226 #endif
9227 }
9228diff -urNp linux-2.6.38.2/arch/x86/include/asm/system.h linux-2.6.38.2/arch/x86/include/asm/system.h
9229--- linux-2.6.38.2/arch/x86/include/asm/system.h 2011-03-14 21:20:32.000000000 -0400
9230+++ linux-2.6.38.2/arch/x86/include/asm/system.h 2011-03-21 18:31:35.000000000 -0400
9231@@ -202,7 +202,7 @@ static inline unsigned long get_limit(un
9232 {
9233 unsigned long __limit;
9234 asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
9235- return __limit + 1;
9236+ return __limit;
9237 }
9238
9239 static inline void native_clts(void)
9240@@ -342,7 +342,7 @@ void enable_hlt(void);
9241
9242 void cpu_idle_wait(void);
9243
9244-extern unsigned long arch_align_stack(unsigned long sp);
9245+#define arch_align_stack(x) ((x) & ~0xfUL)
9246 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
9247
9248 void default_idle(void);
9249diff -urNp linux-2.6.38.2/arch/x86/include/asm/uaccess_32.h linux-2.6.38.2/arch/x86/include/asm/uaccess_32.h
9250--- linux-2.6.38.2/arch/x86/include/asm/uaccess_32.h 2011-03-14 21:20:32.000000000 -0400
9251+++ linux-2.6.38.2/arch/x86/include/asm/uaccess_32.h 2011-03-21 18:31:35.000000000 -0400
9252@@ -44,6 +44,9 @@ unsigned long __must_check __copy_from_u
9253 static __always_inline unsigned long __must_check
9254 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
9255 {
9256+ if ((long)n < 0)
9257+ return n;
9258+
9259 if (__builtin_constant_p(n)) {
9260 unsigned long ret;
9261
9262@@ -62,6 +65,8 @@ __copy_to_user_inatomic(void __user *to,
9263 return ret;
9264 }
9265 }
9266+ if (!__builtin_constant_p(n))
9267+ check_object_size(from, n, true);
9268 return __copy_to_user_ll(to, from, n);
9269 }
9270
9271@@ -89,6 +94,9 @@ __copy_to_user(void __user *to, const vo
9272 static __always_inline unsigned long
9273 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
9274 {
9275+ if ((long)n < 0)
9276+ return n;
9277+
9278 /* Avoid zeroing the tail if the copy fails..
9279 * If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
9280 * but as the zeroing behaviour is only significant when n is not
9281@@ -138,6 +146,10 @@ static __always_inline unsigned long
9282 __copy_from_user(void *to, const void __user *from, unsigned long n)
9283 {
9284 might_fault();
9285+
9286+ if ((long)n < 0)
9287+ return n;
9288+
9289 if (__builtin_constant_p(n)) {
9290 unsigned long ret;
9291
9292@@ -153,6 +165,8 @@ __copy_from_user(void *to, const void __
9293 return ret;
9294 }
9295 }
9296+ if (!__builtin_constant_p(n))
9297+ check_object_size(to, n, false);
9298 return __copy_from_user_ll(to, from, n);
9299 }
9300
9301@@ -160,6 +174,10 @@ static __always_inline unsigned long __c
9302 const void __user *from, unsigned long n)
9303 {
9304 might_fault();
9305+
9306+ if ((long)n < 0)
9307+ return n;
9308+
9309 if (__builtin_constant_p(n)) {
9310 unsigned long ret;
9311
9312@@ -182,15 +200,19 @@ static __always_inline unsigned long
9313 __copy_from_user_inatomic_nocache(void *to, const void __user *from,
9314 unsigned long n)
9315 {
9316- return __copy_from_user_ll_nocache_nozero(to, from, n);
9317-}
9318+ if ((long)n < 0)
9319+ return n;
9320
9321-unsigned long __must_check copy_to_user(void __user *to,
9322- const void *from, unsigned long n);
9323-unsigned long __must_check _copy_from_user(void *to,
9324- const void __user *from,
9325- unsigned long n);
9326+ return __copy_from_user_ll_nocache_nozero(to, from, n);
9327+}
9328
9329+extern void copy_to_user_overflow(void)
9330+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
9331+ __compiletime_error("copy_to_user() buffer size is not provably correct")
9332+#else
9333+ __compiletime_warning("copy_to_user() buffer size is not provably correct")
9334+#endif
9335+;
9336
9337 extern void copy_from_user_overflow(void)
9338 #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
9339@@ -200,17 +222,61 @@ extern void copy_from_user_overflow(void
9340 #endif
9341 ;
9342
9343-static inline unsigned long __must_check copy_from_user(void *to,
9344- const void __user *from,
9345- unsigned long n)
9346+/**
9347+ * copy_to_user: - Copy a block of data into user space.
9348+ * @to: Destination address, in user space.
9349+ * @from: Source address, in kernel space.
9350+ * @n: Number of bytes to copy.
9351+ *
9352+ * Context: User context only. This function may sleep.
9353+ *
9354+ * Copy data from kernel space to user space.
9355+ *
9356+ * Returns number of bytes that could not be copied.
9357+ * On success, this will be zero.
9358+ */
9359+static inline unsigned long __must_check
9360+copy_to_user(void __user *to, const void *from, unsigned long n)
9361+{
9362+ int sz = __compiletime_object_size(from);
9363+
9364+ if (unlikely(sz != -1 && sz < n))
9365+ copy_to_user_overflow();
9366+ else if (access_ok(VERIFY_WRITE, to, n))
9367+ n = __copy_to_user(to, from, n);
9368+ return n;
9369+}
9370+
9371+/**
9372+ * copy_from_user: - Copy a block of data from user space.
9373+ * @to: Destination address, in kernel space.
9374+ * @from: Source address, in user space.
9375+ * @n: Number of bytes to copy.
9376+ *
9377+ * Context: User context only. This function may sleep.
9378+ *
9379+ * Copy data from user space to kernel space.
9380+ *
9381+ * Returns number of bytes that could not be copied.
9382+ * On success, this will be zero.
9383+ *
9384+ * If some data could not be copied, this function will pad the copied
9385+ * data to the requested size using zero bytes.
9386+ */
9387+static inline unsigned long __must_check
9388+copy_from_user(void *to, const void __user *from, unsigned long n)
9389 {
9390 int sz = __compiletime_object_size(to);
9391
9392- if (likely(sz == -1 || sz >= n))
9393- n = _copy_from_user(to, from, n);
9394- else
9395+ if (unlikely(sz != -1 && sz < n))
9396 copy_from_user_overflow();
9397-
9398+ else if (access_ok(VERIFY_READ, from, n))
9399+ n = __copy_from_user(to, from, n);
9400+ else if ((long)n > 0) {
9401+ if (!__builtin_constant_p(n))
9402+ check_object_size(to, n, false);
9403+ memset(to, 0, n);
9404+ }
9405 return n;
9406 }
9407
9408diff -urNp linux-2.6.38.2/arch/x86/include/asm/uaccess_64.h linux-2.6.38.2/arch/x86/include/asm/uaccess_64.h
9409--- linux-2.6.38.2/arch/x86/include/asm/uaccess_64.h 2011-03-14 21:20:32.000000000 -0400
9410+++ linux-2.6.38.2/arch/x86/include/asm/uaccess_64.h 2011-03-21 18:31:35.000000000 -0400
9411@@ -11,6 +11,9 @@
9412 #include <asm/alternative.h>
9413 #include <asm/cpufeature.h>
9414 #include <asm/page.h>
9415+#include <asm/pgtable.h>
9416+
9417+#define set_fs(x) (current_thread_info()->addr_limit = (x))
9418
9419 /*
9420 * Copy To/From Userspace
9421@@ -37,26 +40,26 @@ copy_user_generic(void *to, const void *
9422 return ret;
9423 }
9424
9425-__must_check unsigned long
9426-_copy_to_user(void __user *to, const void *from, unsigned len);
9427-__must_check unsigned long
9428-_copy_from_user(void *to, const void __user *from, unsigned len);
9429+static __always_inline __must_check unsigned long
9430+__copy_to_user(void __user *to, const void *from, unsigned len);
9431+static __always_inline __must_check unsigned long
9432+__copy_from_user(void *to, const void __user *from, unsigned len);
9433 __must_check unsigned long
9434 copy_in_user(void __user *to, const void __user *from, unsigned len);
9435
9436 static inline unsigned long __must_check copy_from_user(void *to,
9437 const void __user *from,
9438- unsigned long n)
9439+ unsigned n)
9440 {
9441- int sz = __compiletime_object_size(to);
9442-
9443 might_fault();
9444- if (likely(sz == -1 || sz >= n))
9445- n = _copy_from_user(to, from, n);
9446-#ifdef CONFIG_DEBUG_VM
9447- else
9448- WARN(1, "Buffer overflow detected!\n");
9449-#endif
9450+
9451+ if (access_ok(VERIFY_READ, from, n))
9452+ n = __copy_from_user(to, from, n);
9453+ else if ((int)n > 0) {
9454+ if (!__builtin_constant_p(n))
9455+ check_object_size(to, n, false);
9456+ memset(to, 0, n);
9457+ }
9458 return n;
9459 }
9460
9461@@ -65,110 +68,174 @@ int copy_to_user(void __user *dst, const
9462 {
9463 might_fault();
9464
9465- return _copy_to_user(dst, src, size);
9466+ if (access_ok(VERIFY_WRITE, dst, size))
9467+ size = __copy_to_user(dst, src, size);
9468+ return size;
9469 }
9470
9471 static __always_inline __must_check
9472-int __copy_from_user(void *dst, const void __user *src, unsigned size)
9473+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size)
9474 {
9475- int ret = 0;
9476+ int sz = __compiletime_object_size(dst);
9477+ unsigned ret = 0;
9478
9479 might_fault();
9480- if (!__builtin_constant_p(size))
9481- return copy_user_generic(dst, (__force void *)src, size);
9482+
9483+ if ((int)size < 0)
9484+ return size;
9485+
9486+#ifdef CONFIG_PAX_MEMORY_UDEREF
9487+ if (!__access_ok(VERIFY_READ, src, size))
9488+ return size;
9489+#endif
9490+
9491+ if (unlikely(sz != -1 && sz < size)) {
9492+#ifdef CONFIG_DEBUG_VM
9493+ WARN(1, "Buffer overflow detected!\n");
9494+#endif
9495+ return size;
9496+ }
9497+
9498+ if (!__builtin_constant_p(size)) {
9499+ check_object_size(dst, size, false);
9500+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
9501+ src += PAX_USER_SHADOW_BASE;
9502+ return copy_user_generic(dst, (__force const void *)src, size);
9503+ }
9504 switch (size) {
9505- case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
9506+ case 1:__get_user_asm(*(u8 *)dst, (const u8 __user *)src,
9507 ret, "b", "b", "=q", 1);
9508 return ret;
9509- case 2:__get_user_asm(*(u16 *)dst, (u16 __user *)src,
9510+ case 2:__get_user_asm(*(u16 *)dst, (const u16 __user *)src,
9511 ret, "w", "w", "=r", 2);
9512 return ret;
9513- case 4:__get_user_asm(*(u32 *)dst, (u32 __user *)src,
9514+ case 4:__get_user_asm(*(u32 *)dst, (const u32 __user *)src,
9515 ret, "l", "k", "=r", 4);
9516 return ret;
9517- case 8:__get_user_asm(*(u64 *)dst, (u64 __user *)src,
9518+ case 8:__get_user_asm(*(u64 *)dst, (const u64 __user *)src,
9519 ret, "q", "", "=r", 8);
9520 return ret;
9521 case 10:
9522- __get_user_asm(*(u64 *)dst, (u64 __user *)src,
9523+ __get_user_asm(*(u64 *)dst, (const u64 __user *)src,
9524 ret, "q", "", "=r", 10);
9525 if (unlikely(ret))
9526 return ret;
9527 __get_user_asm(*(u16 *)(8 + (char *)dst),
9528- (u16 __user *)(8 + (char __user *)src),
9529+ (const u16 __user *)(8 + (const char __user *)src),
9530 ret, "w", "w", "=r", 2);
9531 return ret;
9532 case 16:
9533- __get_user_asm(*(u64 *)dst, (u64 __user *)src,
9534+ __get_user_asm(*(u64 *)dst, (const u64 __user *)src,
9535 ret, "q", "", "=r", 16);
9536 if (unlikely(ret))
9537 return ret;
9538 __get_user_asm(*(u64 *)(8 + (char *)dst),
9539- (u64 __user *)(8 + (char __user *)src),
9540+ (const u64 __user *)(8 + (const char __user *)src),
9541 ret, "q", "", "=r", 8);
9542 return ret;
9543 default:
9544- return copy_user_generic(dst, (__force void *)src, size);
9545+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
9546+ src += PAX_USER_SHADOW_BASE;
9547+ return copy_user_generic(dst, (__force const void *)src, size);
9548 }
9549 }
9550
9551 static __always_inline __must_check
9552-int __copy_to_user(void __user *dst, const void *src, unsigned size)
9553+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size)
9554 {
9555- int ret = 0;
9556+ int sz = __compiletime_object_size(src);
9557+ unsigned ret = 0;
9558
9559 might_fault();
9560- if (!__builtin_constant_p(size))
9561+
9562+ if ((int)size < 0)
9563+ return size;
9564+
9565+#ifdef CONFIG_PAX_MEMORY_UDEREF
9566+ if (!__access_ok(VERIFY_WRITE, dst, size))
9567+ return size;
9568+#endif
9569+
9570+ if (unlikely(sz != -1 && sz < size)) {
9571+#ifdef CONFIG_DEBUG_VM
9572+ WARN(1, "Buffer overflow detected!\n");
9573+#endif
9574+ return size;
9575+ }
9576+
9577+ if (!__builtin_constant_p(size)) {
9578+ check_object_size(src, size, true);
9579+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
9580+ dst += PAX_USER_SHADOW_BASE;
9581 return copy_user_generic((__force void *)dst, src, size);
9582+ }
9583 switch (size) {
9584- case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
9585+ case 1:__put_user_asm(*(const u8 *)src, (u8 __user *)dst,
9586 ret, "b", "b", "iq", 1);
9587 return ret;
9588- case 2:__put_user_asm(*(u16 *)src, (u16 __user *)dst,
9589+ case 2:__put_user_asm(*(const u16 *)src, (u16 __user *)dst,
9590 ret, "w", "w", "ir", 2);
9591 return ret;
9592- case 4:__put_user_asm(*(u32 *)src, (u32 __user *)dst,
9593+ case 4:__put_user_asm(*(const u32 *)src, (u32 __user *)dst,
9594 ret, "l", "k", "ir", 4);
9595 return ret;
9596- case 8:__put_user_asm(*(u64 *)src, (u64 __user *)dst,
9597+ case 8:__put_user_asm(*(const u64 *)src, (u64 __user *)dst,
9598 ret, "q", "", "er", 8);
9599 return ret;
9600 case 10:
9601- __put_user_asm(*(u64 *)src, (u64 __user *)dst,
9602+ __put_user_asm(*(const u64 *)src, (u64 __user *)dst,
9603 ret, "q", "", "er", 10);
9604 if (unlikely(ret))
9605 return ret;
9606 asm("":::"memory");
9607- __put_user_asm(4[(u16 *)src], 4 + (u16 __user *)dst,
9608+ __put_user_asm(4[(const u16 *)src], 4 + (u16 __user *)dst,
9609 ret, "w", "w", "ir", 2);
9610 return ret;
9611 case 16:
9612- __put_user_asm(*(u64 *)src, (u64 __user *)dst,
9613+ __put_user_asm(*(const u64 *)src, (u64 __user *)dst,
9614 ret, "q", "", "er", 16);
9615 if (unlikely(ret))
9616 return ret;
9617 asm("":::"memory");
9618- __put_user_asm(1[(u64 *)src], 1 + (u64 __user *)dst,
9619+ __put_user_asm(1[(const u64 *)src], 1 + (u64 __user *)dst,
9620 ret, "q", "", "er", 8);
9621 return ret;
9622 default:
9623+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
9624+ dst += PAX_USER_SHADOW_BASE;
9625 return copy_user_generic((__force void *)dst, src, size);
9626 }
9627 }
9628
9629 static __always_inline __must_check
9630-int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
9631+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
9632 {
9633- int ret = 0;
9634+ unsigned ret = 0;
9635
9636 might_fault();
9637- if (!__builtin_constant_p(size))
9638+
9639+ if ((int)size < 0)
9640+ return size;
9641+
9642+#ifdef CONFIG_PAX_MEMORY_UDEREF
9643+ if (!__access_ok(VERIFY_READ, src, size))
9644+ return size;
9645+ if (!__access_ok(VERIFY_WRITE, dst, size))
9646+ return size;
9647+#endif
9648+
9649+ if (!__builtin_constant_p(size)) {
9650+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
9651+ src += PAX_USER_SHADOW_BASE;
9652+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
9653+ dst += PAX_USER_SHADOW_BASE;
9654 return copy_user_generic((__force void *)dst,
9655- (__force void *)src, size);
9656+ (__force const void *)src, size);
9657+ }
9658 switch (size) {
9659 case 1: {
9660 u8 tmp;
9661- __get_user_asm(tmp, (u8 __user *)src,
9662+ __get_user_asm(tmp, (const u8 __user *)src,
9663 ret, "b", "b", "=q", 1);
9664 if (likely(!ret))
9665 __put_user_asm(tmp, (u8 __user *)dst,
9666@@ -177,7 +244,7 @@ int __copy_in_user(void __user *dst, con
9667 }
9668 case 2: {
9669 u16 tmp;
9670- __get_user_asm(tmp, (u16 __user *)src,
9671+ __get_user_asm(tmp, (const u16 __user *)src,
9672 ret, "w", "w", "=r", 2);
9673 if (likely(!ret))
9674 __put_user_asm(tmp, (u16 __user *)dst,
9675@@ -187,7 +254,7 @@ int __copy_in_user(void __user *dst, con
9676
9677 case 4: {
9678 u32 tmp;
9679- __get_user_asm(tmp, (u32 __user *)src,
9680+ __get_user_asm(tmp, (const u32 __user *)src,
9681 ret, "l", "k", "=r", 4);
9682 if (likely(!ret))
9683 __put_user_asm(tmp, (u32 __user *)dst,
9684@@ -196,7 +263,7 @@ int __copy_in_user(void __user *dst, con
9685 }
9686 case 8: {
9687 u64 tmp;
9688- __get_user_asm(tmp, (u64 __user *)src,
9689+ __get_user_asm(tmp, (const u64 __user *)src,
9690 ret, "q", "", "=r", 8);
9691 if (likely(!ret))
9692 __put_user_asm(tmp, (u64 __user *)dst,
9693@@ -204,8 +271,12 @@ int __copy_in_user(void __user *dst, con
9694 return ret;
9695 }
9696 default:
9697+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
9698+ src += PAX_USER_SHADOW_BASE;
9699+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
9700+ dst += PAX_USER_SHADOW_BASE;
9701 return copy_user_generic((__force void *)dst,
9702- (__force void *)src, size);
9703+ (__force const void *)src, size);
9704 }
9705 }
9706
9707@@ -222,33 +293,68 @@ __must_check unsigned long __clear_user(
9708 static __must_check __always_inline int
9709 __copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
9710 {
9711+ if ((int)size < 0)
9712+ return size;
9713+
9714+#ifdef CONFIG_PAX_MEMORY_UDEREF
9715+ if (!__access_ok(VERIFY_READ, src, size))
9716+ return size;
9717+#endif
9718+
9719+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
9720+ src += PAX_USER_SHADOW_BASE;
9721 return copy_user_generic(dst, (__force const void *)src, size);
9722 }
9723
9724-static __must_check __always_inline int
9725+static __must_check __always_inline unsigned long
9726 __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
9727 {
9728+ if ((int)size < 0)
9729+ return size;
9730+
9731+#ifdef CONFIG_PAX_MEMORY_UDEREF
9732+ if (!__access_ok(VERIFY_WRITE, dst, size))
9733+ return size;
9734+#endif
9735+
9736+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
9737+ dst += PAX_USER_SHADOW_BASE;
9738 return copy_user_generic((__force void *)dst, src, size);
9739 }
9740
9741-extern long __copy_user_nocache(void *dst, const void __user *src,
9742+extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
9743 unsigned size, int zerorest);
9744
9745-static inline int
9746-__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
9747+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
9748 {
9749 might_sleep();
9750+
9751+ if ((int)size < 0)
9752+ return size;
9753+
9754+#ifdef CONFIG_PAX_MEMORY_UDEREF
9755+ if (!__access_ok(VERIFY_READ, src, size))
9756+ return size;
9757+#endif
9758+
9759 return __copy_user_nocache(dst, src, size, 1);
9760 }
9761
9762-static inline int
9763-__copy_from_user_inatomic_nocache(void *dst, const void __user *src,
9764+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
9765 unsigned size)
9766 {
9767+ if ((int)size < 0)
9768+ return size;
9769+
9770+#ifdef CONFIG_PAX_MEMORY_UDEREF
9771+ if (!__access_ok(VERIFY_READ, src, size))
9772+ return size;
9773+#endif
9774+
9775 return __copy_user_nocache(dst, src, size, 0);
9776 }
9777
9778-unsigned long
9779+extern unsigned long
9780 copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
9781
9782 #endif /* _ASM_X86_UACCESS_64_H */
9783diff -urNp linux-2.6.38.2/arch/x86/include/asm/uaccess.h linux-2.6.38.2/arch/x86/include/asm/uaccess.h
9784--- linux-2.6.38.2/arch/x86/include/asm/uaccess.h 2011-03-14 21:20:32.000000000 -0400
9785+++ linux-2.6.38.2/arch/x86/include/asm/uaccess.h 2011-03-21 18:31:35.000000000 -0400
9786@@ -8,12 +8,15 @@
9787 #include <linux/thread_info.h>
9788 #include <linux/prefetch.h>
9789 #include <linux/string.h>
9790+#include <linux/sched.h>
9791 #include <asm/asm.h>
9792 #include <asm/page.h>
9793
9794 #define VERIFY_READ 0
9795 #define VERIFY_WRITE 1
9796
9797+extern void check_object_size(const void *ptr, unsigned long n, bool to);
9798+
9799 /*
9800 * The fs value determines whether argument validity checking should be
9801 * performed or not. If get_fs() == USER_DS, checking is performed, with
9802@@ -29,7 +32,12 @@
9803
9804 #define get_ds() (KERNEL_DS)
9805 #define get_fs() (current_thread_info()->addr_limit)
9806+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
9807+void __set_fs(mm_segment_t x);
9808+void set_fs(mm_segment_t x);
9809+#else
9810 #define set_fs(x) (current_thread_info()->addr_limit = (x))
9811+#endif
9812
9813 #define segment_eq(a, b) ((a).seg == (b).seg)
9814
9815@@ -77,7 +85,33 @@
9816 * checks that the pointer is in the user space range - after calling
9817 * this function, memory access functions may still return -EFAULT.
9818 */
9819-#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
9820+#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
9821+#define access_ok(type, addr, size) \
9822+({ \
9823+ long __size = size; \
9824+ unsigned long __addr = (unsigned long)addr; \
9825+ unsigned long __addr_ao = __addr & PAGE_MASK; \
9826+ unsigned long __end_ao = __addr + __size - 1; \
9827+ bool __ret_ao = __range_not_ok(__addr, __size) == 0; \
9828+ if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
9829+ while(__addr_ao <= __end_ao) { \
9830+ char __c_ao; \
9831+ __addr_ao += PAGE_SIZE; \
9832+ if (__size > PAGE_SIZE) \
9833+ cond_resched(); \
9834+ if (__get_user(__c_ao, (char __user *)__addr)) \
9835+ break; \
9836+ if (type != VERIFY_WRITE) { \
9837+ __addr = __addr_ao; \
9838+ continue; \
9839+ } \
9840+ if (__put_user(__c_ao, (char __user *)__addr)) \
9841+ break; \
9842+ __addr = __addr_ao; \
9843+ } \
9844+ } \
9845+ __ret_ao; \
9846+})
9847
9848 /*
9849 * The exception table consists of pairs of addresses: the first is the
9850@@ -183,12 +217,20 @@ extern int __get_user_bad(void);
9851 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
9852 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
9853
9854-
9855+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
9856+#define __copyuser_seg "gs;"
9857+#define __COPYUSER_SET_ES "pushl %%gs; popl %%es\n"
9858+#define __COPYUSER_RESTORE_ES "pushl %%ss; popl %%es\n"
9859+#else
9860+#define __copyuser_seg
9861+#define __COPYUSER_SET_ES
9862+#define __COPYUSER_RESTORE_ES
9863+#endif
9864
9865 #ifdef CONFIG_X86_32
9866 #define __put_user_asm_u64(x, addr, err, errret) \
9867- asm volatile("1: movl %%eax,0(%2)\n" \
9868- "2: movl %%edx,4(%2)\n" \
9869+ asm volatile("1: "__copyuser_seg"movl %%eax,0(%2)\n" \
9870+ "2: "__copyuser_seg"movl %%edx,4(%2)\n" \
9871 "3:\n" \
9872 ".section .fixup,\"ax\"\n" \
9873 "4: movl %3,%0\n" \
9874@@ -200,8 +242,8 @@ extern int __get_user_bad(void);
9875 : "A" (x), "r" (addr), "i" (errret), "0" (err))
9876
9877 #define __put_user_asm_ex_u64(x, addr) \
9878- asm volatile("1: movl %%eax,0(%1)\n" \
9879- "2: movl %%edx,4(%1)\n" \
9880+ asm volatile("1: "__copyuser_seg"movl %%eax,0(%1)\n" \
9881+ "2: "__copyuser_seg"movl %%edx,4(%1)\n" \
9882 "3:\n" \
9883 _ASM_EXTABLE(1b, 2b - 1b) \
9884 _ASM_EXTABLE(2b, 3b - 2b) \
9885@@ -374,7 +416,7 @@ do { \
9886 } while (0)
9887
9888 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
9889- asm volatile("1: mov"itype" %2,%"rtype"1\n" \
9890+ asm volatile("1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\
9891 "2:\n" \
9892 ".section .fixup,\"ax\"\n" \
9893 "3: mov %3,%0\n" \
9894@@ -382,7 +424,7 @@ do { \
9895 " jmp 2b\n" \
9896 ".previous\n" \
9897 _ASM_EXTABLE(1b, 3b) \
9898- : "=r" (err), ltype(x) \
9899+ : "=r" (err), ltype (x) \
9900 : "m" (__m(addr)), "i" (errret), "0" (err))
9901
9902 #define __get_user_size_ex(x, ptr, size) \
9903@@ -407,7 +449,7 @@ do { \
9904 } while (0)
9905
9906 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
9907- asm volatile("1: mov"itype" %1,%"rtype"0\n" \
9908+ asm volatile("1: "__copyuser_seg"mov"itype" %1,%"rtype"0\n"\
9909 "2:\n" \
9910 _ASM_EXTABLE(1b, 2b - 1b) \
9911 : ltype(x) : "m" (__m(addr)))
9912@@ -424,13 +466,24 @@ do { \
9913 int __gu_err; \
9914 unsigned long __gu_val; \
9915 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
9916- (x) = (__force __typeof__(*(ptr)))__gu_val; \
9917+ (x) = (__typeof__(*(ptr)))__gu_val; \
9918 __gu_err; \
9919 })
9920
9921 /* FIXME: this hack is definitely wrong -AK */
9922 struct __large_struct { unsigned long buf[100]; };
9923-#define __m(x) (*(struct __large_struct __user *)(x))
9924+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
9925+#define ____m(x) \
9926+({ \
9927+ unsigned long ____x = (unsigned long)(x); \
9928+ if (____x < PAX_USER_SHADOW_BASE) \
9929+ ____x += PAX_USER_SHADOW_BASE; \
9930+ (void __user *)____x; \
9931+})
9932+#else
9933+#define ____m(x) (x)
9934+#endif
9935+#define __m(x) (*(struct __large_struct __user *)____m(x))
9936
9937 /*
9938 * Tell gcc we read from memory instead of writing: this is because
9939@@ -438,7 +491,7 @@ struct __large_struct { unsigned long bu
9940 * aliasing issues.
9941 */
9942 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
9943- asm volatile("1: mov"itype" %"rtype"1,%2\n" \
9944+ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\
9945 "2:\n" \
9946 ".section .fixup,\"ax\"\n" \
9947 "3: mov %3,%0\n" \
9948@@ -446,10 +499,10 @@ struct __large_struct { unsigned long bu
9949 ".previous\n" \
9950 _ASM_EXTABLE(1b, 3b) \
9951 : "=r"(err) \
9952- : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
9953+ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err))
9954
9955 #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
9956- asm volatile("1: mov"itype" %"rtype"0,%1\n" \
9957+ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"0,%1\n"\
9958 "2:\n" \
9959 _ASM_EXTABLE(1b, 2b - 1b) \
9960 : : ltype(x), "m" (__m(addr)))
9961@@ -488,8 +541,12 @@ struct __large_struct { unsigned long bu
9962 * On error, the variable @x is set to zero.
9963 */
9964
9965+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
9966+#define __get_user(x, ptr) get_user((x), (ptr))
9967+#else
9968 #define __get_user(x, ptr) \
9969 __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
9970+#endif
9971
9972 /**
9973 * __put_user: - Write a simple value into user space, with less checking.
9974@@ -511,8 +568,12 @@ struct __large_struct { unsigned long bu
9975 * Returns zero on success, or -EFAULT on error.
9976 */
9977
9978+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
9979+#define __put_user(x, ptr) put_user((x), (ptr))
9980+#else
9981 #define __put_user(x, ptr) \
9982 __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
9983+#endif
9984
9985 #define __get_user_unaligned __get_user
9986 #define __put_user_unaligned __put_user
9987@@ -530,7 +591,7 @@ struct __large_struct { unsigned long bu
9988 #define get_user_ex(x, ptr) do { \
9989 unsigned long __gue_val; \
9990 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
9991- (x) = (__force __typeof__(*(ptr)))__gue_val; \
9992+ (x) = (__typeof__(*(ptr)))__gue_val; \
9993 } while (0)
9994
9995 #ifdef CONFIG_X86_WP_WORKS_OK
9996@@ -567,6 +628,7 @@ extern struct movsl_mask {
9997
9998 #define ARCH_HAS_NOCACHE_UACCESS 1
9999
10000+#define ARCH_HAS_SORT_EXTABLE
10001 #ifdef CONFIG_X86_32
10002 # include "uaccess_32.h"
10003 #else
10004diff -urNp linux-2.6.38.2/arch/x86/include/asm/vgtod.h linux-2.6.38.2/arch/x86/include/asm/vgtod.h
10005--- linux-2.6.38.2/arch/x86/include/asm/vgtod.h 2011-03-14 21:20:32.000000000 -0400
10006+++ linux-2.6.38.2/arch/x86/include/asm/vgtod.h 2011-03-21 18:31:35.000000000 -0400
10007@@ -14,6 +14,7 @@ struct vsyscall_gtod_data {
10008 int sysctl_enabled;
10009 struct timezone sys_tz;
10010 struct { /* extract of a clocksource struct */
10011+ char name[8];
10012 cycle_t (*vread)(void);
10013 cycle_t cycle_last;
10014 cycle_t mask;
10015diff -urNp linux-2.6.38.2/arch/x86/include/asm/vsyscall.h linux-2.6.38.2/arch/x86/include/asm/vsyscall.h
10016--- linux-2.6.38.2/arch/x86/include/asm/vsyscall.h 2011-03-14 21:20:32.000000000 -0400
10017+++ linux-2.6.38.2/arch/x86/include/asm/vsyscall.h 2011-03-21 18:31:35.000000000 -0400
10018@@ -15,9 +15,10 @@ enum vsyscall_num {
10019
10020 #ifdef __KERNEL__
10021 #include <linux/seqlock.h>
10022+#include <linux/getcpu.h>
10023+#include <linux/time.h>
10024
10025 #define __section_vgetcpu_mode __attribute__ ((unused, __section__ (".vgetcpu_mode"), aligned(16)))
10026-#define __section_jiffies __attribute__ ((unused, __section__ (".jiffies"), aligned(16)))
10027
10028 /* Definitions for CONFIG_GENERIC_TIME definitions */
10029 #define __section_vsyscall_gtod_data __attribute__ \
10030@@ -31,7 +32,6 @@ enum vsyscall_num {
10031 #define VGETCPU_LSL 2
10032
10033 extern int __vgetcpu_mode;
10034-extern volatile unsigned long __jiffies;
10035
10036 /* kernel space (writeable) */
10037 extern int vgetcpu_mode;
10038@@ -39,6 +39,9 @@ extern struct timezone sys_tz;
10039
10040 extern void map_vsyscall(void);
10041
10042+extern int vgettimeofday(struct timeval * tv, struct timezone * tz);
10043+extern time_t vtime(time_t *t);
10044+extern long vgetcpu(unsigned *cpu, unsigned *node, struct getcpu_cache *tcache);
10045 #endif /* __KERNEL__ */
10046
10047 #endif /* _ASM_X86_VSYSCALL_H */
10048diff -urNp linux-2.6.38.2/arch/x86/include/asm/xsave.h linux-2.6.38.2/arch/x86/include/asm/xsave.h
10049--- linux-2.6.38.2/arch/x86/include/asm/xsave.h 2011-03-14 21:20:32.000000000 -0400
10050+++ linux-2.6.38.2/arch/x86/include/asm/xsave.h 2011-03-21 18:31:35.000000000 -0400
10051@@ -65,6 +65,11 @@ static inline int xsave_user(struct xsav
10052 {
10053 int err;
10054
10055+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
10056+ if ((unsigned long)buf < PAX_USER_SHADOW_BASE)
10057+ buf = (struct xsave_struct __user *)((void __user*)buf + PAX_USER_SHADOW_BASE);
10058+#endif
10059+
10060 /*
10061 * Clear the xsave header first, so that reserved fields are
10062 * initialized to zero.
10063@@ -100,6 +105,11 @@ static inline int xrestore_user(struct x
10064 u32 lmask = mask;
10065 u32 hmask = mask >> 32;
10066
10067+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
10068+ if ((unsigned long)xstate < PAX_USER_SHADOW_BASE)
10069+ xstate = (struct xsave_struct *)((void *)xstate + PAX_USER_SHADOW_BASE);
10070+#endif
10071+
10072 __asm__ __volatile__("1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n"
10073 "2:\n"
10074 ".section .fixup,\"ax\"\n"
10075diff -urNp linux-2.6.38.2/arch/x86/Kconfig linux-2.6.38.2/arch/x86/Kconfig
10076--- linux-2.6.38.2/arch/x86/Kconfig 2011-03-14 21:20:32.000000000 -0400
10077+++ linux-2.6.38.2/arch/x86/Kconfig 2011-03-21 18:31:35.000000000 -0400
10078@@ -223,7 +223,7 @@ config X86_TRAMPOLINE
10079
10080 config X86_32_LAZY_GS
10081 def_bool y
10082- depends on X86_32 && !CC_STACKPROTECTOR
10083+ depends on X86_32 && !CC_STACKPROTECTOR && !PAX_MEMORY_UDEREF
10084
10085 config ARCH_HWEIGHT_CFLAGS
10086 string
10087@@ -1019,7 +1019,7 @@ choice
10088
10089 config NOHIGHMEM
10090 bool "off"
10091- depends on !X86_NUMAQ
10092+ depends on !X86_NUMAQ && !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
10093 ---help---
10094 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
10095 However, the address space of 32-bit x86 processors is only 4
10096@@ -1056,7 +1056,7 @@ config NOHIGHMEM
10097
10098 config HIGHMEM4G
10099 bool "4GB"
10100- depends on !X86_NUMAQ
10101+ depends on !X86_NUMAQ && !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
10102 ---help---
10103 Select this if you have a 32-bit processor and between 1 and 4
10104 gigabytes of physical RAM.
10105@@ -1110,7 +1110,7 @@ config PAGE_OFFSET
10106 hex
10107 default 0xB0000000 if VMSPLIT_3G_OPT
10108 default 0x80000000 if VMSPLIT_2G
10109- default 0x78000000 if VMSPLIT_2G_OPT
10110+ default 0x70000000 if VMSPLIT_2G_OPT
10111 default 0x40000000 if VMSPLIT_1G
10112 default 0xC0000000
10113 depends on X86_32
10114@@ -1454,7 +1454,7 @@ config ARCH_USES_PG_UNCACHED
10115
10116 config EFI
10117 bool "EFI runtime service support"
10118- depends on ACPI
10119+ depends on ACPI && !PAX_KERNEXEC
10120 ---help---
10121 This enables the kernel to use EFI runtime services that are
10122 available (such as the EFI variable services).
10123@@ -1484,6 +1484,7 @@ config SECCOMP
10124
10125 config CC_STACKPROTECTOR
10126 bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
10127+ depends on X86_64 || !PAX_MEMORY_UDEREF
10128 ---help---
10129 This option turns on the -fstack-protector GCC feature. This
10130 feature puts, at the beginning of functions, a canary value on
10131@@ -1541,6 +1542,7 @@ config KEXEC_JUMP
10132 config PHYSICAL_START
10133 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
10134 default "0x1000000"
10135+ range 0x400000 0x40000000
10136 ---help---
10137 This gives the physical address where the kernel is loaded.
10138
10139@@ -1604,6 +1606,7 @@ config X86_NEED_RELOCS
10140 config PHYSICAL_ALIGN
10141 hex "Alignment value to which kernel should be aligned" if X86_32
10142 default "0x1000000"
10143+ range 0x400000 0x1000000 if PAX_KERNEXEC
10144 range 0x2000 0x1000000
10145 ---help---
10146 This value puts the alignment restrictions on physical address
10147@@ -1635,9 +1638,10 @@ config HOTPLUG_CPU
10148 Say N if you want to disable CPU hotplug.
10149
10150 config COMPAT_VDSO
10151- def_bool y
10152+ def_bool n
10153 prompt "Compat VDSO support"
10154 depends on X86_32 || IA32_EMULATION
10155+ depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
10156 ---help---
10157 Map the 32-bit VDSO to the predictable old-style address too.
10158
10159diff -urNp linux-2.6.38.2/arch/x86/Kconfig.cpu linux-2.6.38.2/arch/x86/Kconfig.cpu
10160--- linux-2.6.38.2/arch/x86/Kconfig.cpu 2011-03-14 21:20:32.000000000 -0400
10161+++ linux-2.6.38.2/arch/x86/Kconfig.cpu 2011-03-21 18:31:35.000000000 -0400
10162@@ -339,7 +339,7 @@ config X86_PPRO_FENCE
10163
10164 config X86_F00F_BUG
10165 def_bool y
10166- depends on M586MMX || M586TSC || M586 || M486 || M386
10167+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
10168
10169 config X86_INVD_BUG
10170 def_bool y
10171@@ -363,7 +363,7 @@ config X86_POPAD_OK
10172
10173 config X86_ALIGNMENT_16
10174 def_bool y
10175- depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
10176+ depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
10177
10178 config X86_INTEL_USERCOPY
10179 def_bool y
10180@@ -409,7 +409,7 @@ config X86_CMPXCHG64
10181 # generates cmov.
10182 config X86_CMOV
10183 def_bool y
10184- depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
10185+ depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
10186
10187 config X86_MINIMUM_CPU_FAMILY
10188 int
10189diff -urNp linux-2.6.38.2/arch/x86/Kconfig.debug linux-2.6.38.2/arch/x86/Kconfig.debug
10190--- linux-2.6.38.2/arch/x86/Kconfig.debug 2011-03-14 21:20:32.000000000 -0400
10191+++ linux-2.6.38.2/arch/x86/Kconfig.debug 2011-03-21 18:31:35.000000000 -0400
10192@@ -101,7 +101,7 @@ config X86_PTDUMP
10193 config DEBUG_RODATA
10194 bool "Write protect kernel read-only data structures"
10195 default y
10196- depends on DEBUG_KERNEL
10197+ depends on DEBUG_KERNEL && BROKEN
10198 ---help---
10199 Mark the kernel read-only data as write-protected in the pagetables,
10200 in order to catch accidental (and incorrect) writes to such const
10201@@ -119,7 +119,7 @@ config DEBUG_RODATA_TEST
10202
10203 config DEBUG_SET_MODULE_RONX
10204 bool "Set loadable kernel module data as NX and text as RO"
10205- depends on MODULES
10206+ depends on MODULES && BROKEN
10207 ---help---
10208 This option helps catch unintended modifications to loadable
10209 kernel module's text and read-only data. It also prevents execution
10210diff -urNp linux-2.6.38.2/arch/x86/kernel/acpi/boot.c linux-2.6.38.2/arch/x86/kernel/acpi/boot.c
10211--- linux-2.6.38.2/arch/x86/kernel/acpi/boot.c 2011-03-14 21:20:32.000000000 -0400
10212+++ linux-2.6.38.2/arch/x86/kernel/acpi/boot.c 2011-03-21 18:31:35.000000000 -0400
10213@@ -1472,7 +1472,7 @@ static struct dmi_system_id __initdata a
10214 DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"),
10215 },
10216 },
10217- {}
10218+ { NULL, NULL, {{0, {0}}}, NULL}
10219 };
10220
10221 /*
10222diff -urNp linux-2.6.38.2/arch/x86/kernel/acpi/sleep.c linux-2.6.38.2/arch/x86/kernel/acpi/sleep.c
10223--- linux-2.6.38.2/arch/x86/kernel/acpi/sleep.c 2011-03-14 21:20:32.000000000 -0400
10224+++ linux-2.6.38.2/arch/x86/kernel/acpi/sleep.c 2011-03-21 18:31:35.000000000 -0400
10225@@ -18,7 +18,7 @@
10226 #include "realmode/wakeup.h"
10227 #include "sleep.h"
10228
10229-unsigned long acpi_wakeup_address;
10230+unsigned long acpi_wakeup_address = 0x2000;
10231 unsigned long acpi_realmode_flags;
10232
10233 /* address in low memory of the wakeup routine. */
10234@@ -99,8 +99,12 @@ int acpi_save_state_mem(void)
10235 header->trampoline_segment = setup_trampoline() >> 4;
10236 #ifdef CONFIG_SMP
10237 stack_start = (unsigned long)temp_stack + sizeof(temp_stack);
10238+
10239+ pax_open_kernel();
10240 early_gdt_descr.address =
10241 (unsigned long)get_cpu_gdt_table(smp_processor_id());
10242+ pax_close_kernel();
10243+
10244 initial_gs = per_cpu_offset(smp_processor_id());
10245 #endif
10246 initial_code = (unsigned long)wakeup_long64;
10247diff -urNp linux-2.6.38.2/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.38.2/arch/x86/kernel/acpi/wakeup_32.S
10248--- linux-2.6.38.2/arch/x86/kernel/acpi/wakeup_32.S 2011-03-14 21:20:32.000000000 -0400
10249+++ linux-2.6.38.2/arch/x86/kernel/acpi/wakeup_32.S 2011-03-21 18:31:35.000000000 -0400
10250@@ -30,13 +30,11 @@ wakeup_pmode_return:
10251 # and restore the stack ... but you need gdt for this to work
10252 movl saved_context_esp, %esp
10253
10254- movl %cs:saved_magic, %eax
10255- cmpl $0x12345678, %eax
10256+ cmpl $0x12345678, saved_magic
10257 jne bogus_magic
10258
10259 # jump to place where we left off
10260- movl saved_eip, %eax
10261- jmp *%eax
10262+ jmp *(saved_eip)
10263
10264 bogus_magic:
10265 jmp bogus_magic
10266diff -urNp linux-2.6.38.2/arch/x86/kernel/alternative.c linux-2.6.38.2/arch/x86/kernel/alternative.c
10267--- linux-2.6.38.2/arch/x86/kernel/alternative.c 2011-03-23 17:20:06.000000000 -0400
10268+++ linux-2.6.38.2/arch/x86/kernel/alternative.c 2011-03-28 16:55:19.000000000 -0400
10269@@ -248,7 +248,7 @@ static void alternatives_smp_lock(const
10270 if (!*poff || ptr < text || ptr >= text_end)
10271 continue;
10272 /* turn DS segment override prefix into lock prefix */
10273- if (*ptr == 0x3e)
10274+ if (*ktla_ktva(ptr) == 0x3e)
10275 text_poke(ptr, ((unsigned char []){0xf0}), 1);
10276 };
10277 mutex_unlock(&text_mutex);
10278@@ -269,7 +269,7 @@ static void alternatives_smp_unlock(cons
10279 if (!*poff || ptr < text || ptr >= text_end)
10280 continue;
10281 /* turn lock prefix into DS segment override prefix */
10282- if (*ptr == 0xf0)
10283+ if (*ktla_ktva(ptr) == 0xf0)
10284 text_poke(ptr, ((unsigned char []){0x3E}), 1);
10285 };
10286 mutex_unlock(&text_mutex);
10287@@ -438,7 +438,7 @@ void __init_or_module apply_paravirt(str
10288
10289 BUG_ON(p->len > MAX_PATCH_LEN);
10290 /* prep the buffer with the original instructions */
10291- memcpy(insnbuf, p->instr, p->len);
10292+ memcpy(insnbuf, ktla_ktva(p->instr), p->len);
10293 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
10294 (unsigned long)p->instr, p->len);
10295
10296@@ -506,7 +506,7 @@ void __init alternative_instructions(voi
10297 if (smp_alt_once)
10298 free_init_pages("SMP alternatives",
10299 (unsigned long)__smp_locks,
10300- (unsigned long)__smp_locks_end);
10301+ PAGE_ALIGN((unsigned long)__smp_locks_end));
10302
10303 restart_nmi();
10304 }
10305@@ -523,13 +523,17 @@ void __init alternative_instructions(voi
10306 * instructions. And on the local CPU you need to be protected again NMI or MCE
10307 * handlers seeing an inconsistent instruction while you patch.
10308 */
10309-void *__init_or_module text_poke_early(void *addr, const void *opcode,
10310+void *__kprobes text_poke_early(void *addr, const void *opcode,
10311 size_t len)
10312 {
10313 unsigned long flags;
10314 local_irq_save(flags);
10315- memcpy(addr, opcode, len);
10316+
10317+ pax_open_kernel();
10318+ memcpy(ktla_ktva(addr), opcode, len);
10319 sync_core();
10320+ pax_close_kernel();
10321+
10322 local_irq_restore(flags);
10323 /* Could also do a CLFLUSH here to speed up CPU recovery; but
10324 that causes hangs on some VIA CPUs. */
10325@@ -551,36 +555,22 @@ void *__init_or_module text_poke_early(v
10326 */
10327 void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
10328 {
10329- unsigned long flags;
10330- char *vaddr;
10331+ unsigned char *vaddr = ktla_ktva(addr);
10332 struct page *pages[2];
10333- int i;
10334+ size_t i;
10335
10336 if (!core_kernel_text((unsigned long)addr)) {
10337- pages[0] = vmalloc_to_page(addr);
10338- pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
10339+ pages[0] = vmalloc_to_page(vaddr);
10340+ pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE);
10341 } else {
10342- pages[0] = virt_to_page(addr);
10343+ pages[0] = virt_to_page(vaddr);
10344 WARN_ON(!PageReserved(pages[0]));
10345- pages[1] = virt_to_page(addr + PAGE_SIZE);
10346+ pages[1] = virt_to_page(vaddr + PAGE_SIZE);
10347 }
10348 BUG_ON(!pages[0]);
10349- local_irq_save(flags);
10350- set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
10351- if (pages[1])
10352- set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1]));
10353- vaddr = (char *)fix_to_virt(FIX_TEXT_POKE0);
10354- memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
10355- clear_fixmap(FIX_TEXT_POKE0);
10356- if (pages[1])
10357- clear_fixmap(FIX_TEXT_POKE1);
10358- local_flush_tlb();
10359- sync_core();
10360- /* Could also do a CLFLUSH here to speed up CPU recovery; but
10361- that causes hangs on some VIA CPUs. */
10362+ text_poke_early(addr, opcode, len);
10363 for (i = 0; i < len; i++)
10364- BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
10365- local_irq_restore(flags);
10366+ BUG_ON((vaddr)[i] != ((const unsigned char *)opcode)[i]);
10367 return addr;
10368 }
10369
10370@@ -682,9 +672,9 @@ void __kprobes text_poke_smp_batch(struc
10371 #if defined(CONFIG_DYNAMIC_FTRACE) || defined(HAVE_JUMP_LABEL)
10372
10373 #ifdef CONFIG_X86_64
10374-unsigned char ideal_nop5[5] = { 0x66, 0x66, 0x66, 0x66, 0x90 };
10375+unsigned char ideal_nop5[5] __read_only = { 0x66, 0x66, 0x66, 0x66, 0x90 };
10376 #else
10377-unsigned char ideal_nop5[5] = { 0x3e, 0x8d, 0x74, 0x26, 0x00 };
10378+unsigned char ideal_nop5[5] __read_only = { 0x3e, 0x8d, 0x74, 0x26, 0x00 };
10379 #endif
10380
10381 void __init arch_init_ideal_nop5(void)
10382diff -urNp linux-2.6.38.2/arch/x86/kernel/amd_iommu.c linux-2.6.38.2/arch/x86/kernel/amd_iommu.c
10383--- linux-2.6.38.2/arch/x86/kernel/amd_iommu.c 2011-03-14 21:20:32.000000000 -0400
10384+++ linux-2.6.38.2/arch/x86/kernel/amd_iommu.c 2011-03-21 18:31:35.000000000 -0400
10385@@ -2286,7 +2286,7 @@ static void prealloc_protection_domains(
10386 }
10387 }
10388
10389-static struct dma_map_ops amd_iommu_dma_ops = {
10390+static const struct dma_map_ops amd_iommu_dma_ops = {
10391 .alloc_coherent = alloc_coherent,
10392 .free_coherent = free_coherent,
10393 .map_page = map_page,
10394diff -urNp linux-2.6.38.2/arch/x86/kernel/apic/io_apic.c linux-2.6.38.2/arch/x86/kernel/apic/io_apic.c
10395--- linux-2.6.38.2/arch/x86/kernel/apic/io_apic.c 2011-03-14 21:20:32.000000000 -0400
10396+++ linux-2.6.38.2/arch/x86/kernel/apic/io_apic.c 2011-03-21 18:31:35.000000000 -0400
10397@@ -617,7 +617,7 @@ struct IO_APIC_route_entry **alloc_ioapi
10398 ioapic_entries = kzalloc(sizeof(*ioapic_entries) * nr_ioapics,
10399 GFP_KERNEL);
10400 if (!ioapic_entries)
10401- return 0;
10402+ return NULL;
10403
10404 for (apic = 0; apic < nr_ioapics; apic++) {
10405 ioapic_entries[apic] =
10406@@ -634,7 +634,7 @@ nomem:
10407 kfree(ioapic_entries[apic]);
10408 kfree(ioapic_entries);
10409
10410- return 0;
10411+ return NULL;
10412 }
10413
10414 /*
10415@@ -1044,7 +1044,7 @@ int IO_APIC_get_PCI_irq_vector(int bus,
10416 }
10417 EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector);
10418
10419-void lock_vector_lock(void)
10420+void lock_vector_lock(void) __acquires(vector_lock)
10421 {
10422 /* Used to the online set of cpus does not change
10423 * during assign_irq_vector.
10424@@ -1052,7 +1052,7 @@ void lock_vector_lock(void)
10425 raw_spin_lock(&vector_lock);
10426 }
10427
10428-void unlock_vector_lock(void)
10429+void unlock_vector_lock(void) __releases(vector_lock)
10430 {
10431 raw_spin_unlock(&vector_lock);
10432 }
10433diff -urNp linux-2.6.38.2/arch/x86/kernel/apm_32.c linux-2.6.38.2/arch/x86/kernel/apm_32.c
10434--- linux-2.6.38.2/arch/x86/kernel/apm_32.c 2011-03-14 21:20:32.000000000 -0400
10435+++ linux-2.6.38.2/arch/x86/kernel/apm_32.c 2011-03-21 18:31:35.000000000 -0400
10436@@ -410,7 +410,7 @@ static DEFINE_MUTEX(apm_mutex);
10437 * This is for buggy BIOS's that refer to (real mode) segment 0x40
10438 * even though they are called in protected mode.
10439 */
10440-static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
10441+static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
10442 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
10443
10444 static const char driver_version[] = "1.16ac"; /* no spaces */
10445@@ -588,7 +588,10 @@ static long __apm_bios_call(void *_call)
10446 BUG_ON(cpu != 0);
10447 gdt = get_cpu_gdt_table(cpu);
10448 save_desc_40 = gdt[0x40 / 8];
10449+
10450+ pax_open_kernel();
10451 gdt[0x40 / 8] = bad_bios_desc;
10452+ pax_close_kernel();
10453
10454 apm_irq_save(flags);
10455 APM_DO_SAVE_SEGS;
10456@@ -597,7 +600,11 @@ static long __apm_bios_call(void *_call)
10457 &call->esi);
10458 APM_DO_RESTORE_SEGS;
10459 apm_irq_restore(flags);
10460+
10461+ pax_open_kernel();
10462 gdt[0x40 / 8] = save_desc_40;
10463+ pax_close_kernel();
10464+
10465 put_cpu();
10466
10467 return call->eax & 0xff;
10468@@ -664,7 +671,10 @@ static long __apm_bios_call_simple(void
10469 BUG_ON(cpu != 0);
10470 gdt = get_cpu_gdt_table(cpu);
10471 save_desc_40 = gdt[0x40 / 8];
10472+
10473+ pax_open_kernel();
10474 gdt[0x40 / 8] = bad_bios_desc;
10475+ pax_close_kernel();
10476
10477 apm_irq_save(flags);
10478 APM_DO_SAVE_SEGS;
10479@@ -672,7 +682,11 @@ static long __apm_bios_call_simple(void
10480 &call->eax);
10481 APM_DO_RESTORE_SEGS;
10482 apm_irq_restore(flags);
10483+
10484+ pax_open_kernel();
10485 gdt[0x40 / 8] = save_desc_40;
10486+ pax_close_kernel();
10487+
10488 put_cpu();
10489 return error;
10490 }
10491@@ -975,7 +989,7 @@ recalc:
10492
10493 static void apm_power_off(void)
10494 {
10495- unsigned char po_bios_call[] = {
10496+ const unsigned char po_bios_call[] = {
10497 0xb8, 0x00, 0x10, /* movw $0x1000,ax */
10498 0x8e, 0xd0, /* movw ax,ss */
10499 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */
10500@@ -1932,7 +1946,10 @@ static const struct file_operations apm_
10501 static struct miscdevice apm_device = {
10502 APM_MINOR_DEV,
10503 "apm_bios",
10504- &apm_bios_fops
10505+ &apm_bios_fops,
10506+ {NULL, NULL},
10507+ NULL,
10508+ NULL
10509 };
10510
10511
10512@@ -2253,7 +2270,7 @@ static struct dmi_system_id __initdata a
10513 { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
10514 },
10515
10516- { }
10517+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
10518 };
10519
10520 /*
10521@@ -2356,12 +2373,15 @@ static int __init apm_init(void)
10522 * code to that CPU.
10523 */
10524 gdt = get_cpu_gdt_table(0);
10525+
10526+ pax_open_kernel();
10527 set_desc_base(&gdt[APM_CS >> 3],
10528 (unsigned long)__va((unsigned long)apm_info.bios.cseg << 4));
10529 set_desc_base(&gdt[APM_CS_16 >> 3],
10530 (unsigned long)__va((unsigned long)apm_info.bios.cseg_16 << 4));
10531 set_desc_base(&gdt[APM_DS >> 3],
10532 (unsigned long)__va((unsigned long)apm_info.bios.dseg << 4));
10533+ pax_close_kernel();
10534
10535 proc_create("apm", 0, NULL, &apm_file_ops);
10536
10537diff -urNp linux-2.6.38.2/arch/x86/kernel/asm-offsets_32.c linux-2.6.38.2/arch/x86/kernel/asm-offsets_32.c
10538--- linux-2.6.38.2/arch/x86/kernel/asm-offsets_32.c 2011-03-14 21:20:32.000000000 -0400
10539+++ linux-2.6.38.2/arch/x86/kernel/asm-offsets_32.c 2011-03-21 18:31:35.000000000 -0400
10540@@ -113,6 +113,11 @@ void foo(void)
10541 OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
10542 OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
10543 OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
10544+
10545+#ifdef CONFIG_PAX_KERNEXEC
10546+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
10547+#endif
10548+
10549 #endif
10550
10551 #ifdef CONFIG_XEN
10552diff -urNp linux-2.6.38.2/arch/x86/kernel/asm-offsets_64.c linux-2.6.38.2/arch/x86/kernel/asm-offsets_64.c
10553--- linux-2.6.38.2/arch/x86/kernel/asm-offsets_64.c 2011-03-14 21:20:32.000000000 -0400
10554+++ linux-2.6.38.2/arch/x86/kernel/asm-offsets_64.c 2011-03-21 18:31:35.000000000 -0400
10555@@ -63,6 +63,18 @@ int main(void)
10556 OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
10557 OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs);
10558 OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
10559+
10560+#ifdef CONFIG_PAX_KERNEXEC
10561+ OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
10562+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
10563+#endif
10564+
10565+#ifdef CONFIG_PAX_MEMORY_UDEREF
10566+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
10567+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
10568+ OFFSET(PV_MMU_set_pgd, pv_mmu_ops, set_pgd);
10569+#endif
10570+
10571 #endif
10572
10573
10574@@ -115,6 +127,7 @@ int main(void)
10575 ENTRY(cr8);
10576 BLANK();
10577 #undef ENTRY
10578+ DEFINE(TSS_size, sizeof(struct tss_struct));
10579 DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
10580 BLANK();
10581 DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
10582diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/common.c linux-2.6.38.2/arch/x86/kernel/cpu/common.c
10583--- linux-2.6.38.2/arch/x86/kernel/cpu/common.c 2011-03-14 21:20:32.000000000 -0400
10584+++ linux-2.6.38.2/arch/x86/kernel/cpu/common.c 2011-03-21 18:31:35.000000000 -0400
10585@@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitcon
10586
10587 static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
10588
10589-DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
10590-#ifdef CONFIG_X86_64
10591- /*
10592- * We need valid kernel segments for data and code in long mode too
10593- * IRET will check the segment types kkeil 2000/10/28
10594- * Also sysret mandates a special GDT layout
10595- *
10596- * TLS descriptors are currently at a different place compared to i386.
10597- * Hopefully nobody expects them at a fixed place (Wine?)
10598- */
10599- [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff),
10600- [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff),
10601- [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc093, 0, 0xfffff),
10602- [GDT_ENTRY_DEFAULT_USER32_CS] = GDT_ENTRY_INIT(0xc0fb, 0, 0xfffff),
10603- [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f3, 0, 0xfffff),
10604- [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xa0fb, 0, 0xfffff),
10605-#else
10606- [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xc09a, 0, 0xfffff),
10607- [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
10608- [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xc0fa, 0, 0xfffff),
10609- [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f2, 0, 0xfffff),
10610- /*
10611- * Segments used for calling PnP BIOS have byte granularity.
10612- * They code segments and data segments have fixed 64k limits,
10613- * the transfer segment sizes are set at run time.
10614- */
10615- /* 32-bit code */
10616- [GDT_ENTRY_PNPBIOS_CS32] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
10617- /* 16-bit code */
10618- [GDT_ENTRY_PNPBIOS_CS16] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
10619- /* 16-bit data */
10620- [GDT_ENTRY_PNPBIOS_DS] = GDT_ENTRY_INIT(0x0092, 0, 0xffff),
10621- /* 16-bit data */
10622- [GDT_ENTRY_PNPBIOS_TS1] = GDT_ENTRY_INIT(0x0092, 0, 0),
10623- /* 16-bit data */
10624- [GDT_ENTRY_PNPBIOS_TS2] = GDT_ENTRY_INIT(0x0092, 0, 0),
10625- /*
10626- * The APM segments have byte granularity and their bases
10627- * are set at run time. All have 64k limits.
10628- */
10629- /* 32-bit code */
10630- [GDT_ENTRY_APMBIOS_BASE] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
10631- /* 16-bit code */
10632- [GDT_ENTRY_APMBIOS_BASE+1] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
10633- /* data */
10634- [GDT_ENTRY_APMBIOS_BASE+2] = GDT_ENTRY_INIT(0x4092, 0, 0xffff),
10635-
10636- [GDT_ENTRY_ESPFIX_SS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
10637- [GDT_ENTRY_PERCPU] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
10638- GDT_STACK_CANARY_INIT
10639-#endif
10640-} };
10641-EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
10642-
10643 static int __init x86_xsave_setup(char *s)
10644 {
10645 setup_clear_cpu_cap(X86_FEATURE_XSAVE);
10646@@ -352,7 +298,7 @@ void switch_to_new_gdt(int cpu)
10647 {
10648 struct desc_ptr gdt_descr;
10649
10650- gdt_descr.address = (long)get_cpu_gdt_table(cpu);
10651+ gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
10652 gdt_descr.size = GDT_SIZE - 1;
10653 load_gdt(&gdt_descr);
10654 /* Reload the per-cpu base */
10655@@ -825,6 +771,10 @@ static void __cpuinit identify_cpu(struc
10656 /* Filter out anything that depends on CPUID levels we don't have */
10657 filter_cpuid_features(c, true);
10658
10659+#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || (defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32))
10660+ setup_clear_cpu_cap(X86_FEATURE_SEP);
10661+#endif
10662+
10663 /* If the model name is still unset, do table lookup. */
10664 if (!c->x86_model_id[0]) {
10665 const char *p;
10666@@ -1084,7 +1034,7 @@ struct pt_regs * __cpuinit idle_regs(str
10667 {
10668 memset(regs, 0, sizeof(struct pt_regs));
10669 regs->fs = __KERNEL_PERCPU;
10670- regs->gs = __KERNEL_STACK_CANARY;
10671+ savesegment(gs, regs->gs);
10672
10673 return regs;
10674 }
10675@@ -1139,7 +1089,7 @@ void __cpuinit cpu_init(void)
10676 int i;
10677
10678 cpu = stack_smp_processor_id();
10679- t = &per_cpu(init_tss, cpu);
10680+ t = init_tss + cpu;
10681 oist = &per_cpu(orig_ist, cpu);
10682
10683 #ifdef CONFIG_NUMA
10684@@ -1165,7 +1115,7 @@ void __cpuinit cpu_init(void)
10685 switch_to_new_gdt(cpu);
10686 loadsegment(fs, 0);
10687
10688- load_idt((const struct desc_ptr *)&idt_descr);
10689+ load_idt(&idt_descr);
10690
10691 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
10692 syscall_init();
10693@@ -1174,7 +1124,6 @@ void __cpuinit cpu_init(void)
10694 wrmsrl(MSR_KERNEL_GS_BASE, 0);
10695 barrier();
10696
10697- x86_configure_nx();
10698 if (cpu != 0)
10699 enable_x2apic();
10700
10701@@ -1228,7 +1177,7 @@ void __cpuinit cpu_init(void)
10702 {
10703 int cpu = smp_processor_id();
10704 struct task_struct *curr = current;
10705- struct tss_struct *t = &per_cpu(init_tss, cpu);
10706+ struct tss_struct *t = init_tss + cpu;
10707 struct thread_struct *thread = &curr->thread;
10708
10709 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
10710diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
10711--- linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2011-03-14 21:20:32.000000000 -0400
10712+++ linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c 2011-03-21 18:31:35.000000000 -0400
10713@@ -481,7 +481,7 @@ static const struct dmi_system_id sw_any
10714 DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"),
10715 },
10716 },
10717- { }
10718+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
10719 };
10720
10721 static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c)
10722diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
10723--- linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2011-03-14 21:20:32.000000000 -0400
10724+++ linux-2.6.38.2/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c 2011-03-21 18:31:35.000000000 -0400
10725@@ -226,7 +226,7 @@ static struct cpu_model models[] =
10726 { &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL },
10727 { &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL },
10728
10729- { NULL, }
10730+ { NULL, NULL, 0, NULL}
10731 };
10732 #undef _BANIAS
10733 #undef BANIAS
10734diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/intel.c linux-2.6.38.2/arch/x86/kernel/cpu/intel.c
10735--- linux-2.6.38.2/arch/x86/kernel/cpu/intel.c 2011-03-14 21:20:32.000000000 -0400
10736+++ linux-2.6.38.2/arch/x86/kernel/cpu/intel.c 2011-03-21 18:31:35.000000000 -0400
10737@@ -161,7 +161,7 @@ static void __cpuinit trap_init_f00f_bug
10738 * Update the IDT descriptor and reload the IDT so that
10739 * it uses the read-only mapped virtual address.
10740 */
10741- idt_descr.address = fix_to_virt(FIX_F00F_IDT);
10742+ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
10743 load_idt(&idt_descr);
10744 }
10745 #endif
10746diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/Makefile linux-2.6.38.2/arch/x86/kernel/cpu/Makefile
10747--- linux-2.6.38.2/arch/x86/kernel/cpu/Makefile 2011-03-14 21:20:32.000000000 -0400
10748+++ linux-2.6.38.2/arch/x86/kernel/cpu/Makefile 2011-03-21 18:31:35.000000000 -0400
10749@@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg
10750 CFLAGS_REMOVE_perf_event.o = -pg
10751 endif
10752
10753-# Make sure load_percpu_segment has no stackprotector
10754-nostackp := $(call cc-option, -fno-stack-protector)
10755-CFLAGS_common.o := $(nostackp)
10756-
10757 obj-y := intel_cacheinfo.o scattered.o topology.o
10758 obj-y += proc.o capflags.o powerflags.o common.o
10759 obj-y += vmware.o hypervisor.o sched.o mshyperv.o
10760diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.38.2/arch/x86/kernel/cpu/mcheck/mce.c
10761--- linux-2.6.38.2/arch/x86/kernel/cpu/mcheck/mce.c 2011-03-14 21:20:32.000000000 -0400
10762+++ linux-2.6.38.2/arch/x86/kernel/cpu/mcheck/mce.c 2011-03-21 18:31:35.000000000 -0400
10763@@ -45,6 +45,7 @@
10764 #include <asm/ipi.h>
10765 #include <asm/mce.h>
10766 #include <asm/msr.h>
10767+#include <asm/local.h>
10768
10769 #include "mce-internal.h"
10770
10771@@ -219,7 +220,7 @@ static void print_mce(struct mce *m)
10772 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
10773 m->cs, m->ip);
10774
10775- if (m->cs == __KERNEL_CS)
10776+ if (m->cs == __KERNEL_CS || m->cs == __KERNEXEC_KERNEL_CS)
10777 print_symbol("{%s}", m->ip);
10778 pr_cont("\n");
10779 }
10780@@ -1460,14 +1461,14 @@ void __cpuinit mcheck_cpu_init(struct cp
10781 */
10782
10783 static DEFINE_SPINLOCK(mce_state_lock);
10784-static int open_count; /* #times opened */
10785+static local_t open_count; /* #times opened */
10786 static int open_exclu; /* already open exclusive? */
10787
10788 static int mce_open(struct inode *inode, struct file *file)
10789 {
10790 spin_lock(&mce_state_lock);
10791
10792- if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
10793+ if (open_exclu || (local_read(&open_count) && (file->f_flags & O_EXCL))) {
10794 spin_unlock(&mce_state_lock);
10795
10796 return -EBUSY;
10797@@ -1475,7 +1476,7 @@ static int mce_open(struct inode *inode,
10798
10799 if (file->f_flags & O_EXCL)
10800 open_exclu = 1;
10801- open_count++;
10802+ local_inc(&open_count);
10803
10804 spin_unlock(&mce_state_lock);
10805
10806@@ -1486,7 +1487,7 @@ static int mce_release(struct inode *ino
10807 {
10808 spin_lock(&mce_state_lock);
10809
10810- open_count--;
10811+ local_dec(&open_count);
10812 open_exclu = 0;
10813
10814 spin_unlock(&mce_state_lock);
10815@@ -1658,8 +1659,7 @@ static long mce_ioctl(struct file *f, un
10816 }
10817 }
10818
10819-/* Modified in mce-inject.c, so not static or const */
10820-struct file_operations mce_chrdev_ops = {
10821+struct file_operations mce_chrdev_ops = { /* Modified in mce-inject.c, so not static or const */
10822 .open = mce_open,
10823 .release = mce_release,
10824 .read = mce_read,
10825@@ -1673,6 +1673,7 @@ static struct miscdevice mce_log_device
10826 MISC_MCELOG_MINOR,
10827 "mcelog",
10828 &mce_chrdev_ops,
10829+ {NULL, NULL}, NULL, NULL
10830 };
10831
10832 /*
10833diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/generic.c linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/generic.c
10834--- linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/generic.c 2011-03-14 21:20:32.000000000 -0400
10835+++ linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/generic.c 2011-03-21 18:31:35.000000000 -0400
10836@@ -28,7 +28,7 @@ static struct fixed_range_block fixed_ra
10837 { MSR_MTRRfix64K_00000, 1 }, /* one 64k MTRR */
10838 { MSR_MTRRfix16K_80000, 2 }, /* two 16k MTRRs */
10839 { MSR_MTRRfix4K_C0000, 8 }, /* eight 4k MTRRs */
10840- {}
10841+ { 0, 0 }
10842 };
10843
10844 static unsigned long smp_changes_mask;
10845diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/main.c linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/main.c
10846--- linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/main.c 2011-03-14 21:20:32.000000000 -0400
10847+++ linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/main.c 2011-03-21 18:31:35.000000000 -0400
10848@@ -61,7 +61,7 @@ static DEFINE_MUTEX(mtrr_mutex);
10849 u64 size_or_mask, size_and_mask;
10850 static bool mtrr_aps_delayed_init;
10851
10852-static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM];
10853+static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __read_only;
10854
10855 const struct mtrr_ops *mtrr_if;
10856
10857diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/mtrr.h linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/mtrr.h
10858--- linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/mtrr.h 2011-03-14 21:20:32.000000000 -0400
10859+++ linux-2.6.38.2/arch/x86/kernel/cpu/mtrr/mtrr.h 2011-03-21 18:31:35.000000000 -0400
10860@@ -12,19 +12,19 @@
10861 extern unsigned int mtrr_usage_table[MTRR_MAX_VAR_RANGES];
10862
10863 struct mtrr_ops {
10864- u32 vendor;
10865- u32 use_intel_if;
10866- void (*set)(unsigned int reg, unsigned long base,
10867+ const u32 vendor;
10868+ const u32 use_intel_if;
10869+ void (* const set)(unsigned int reg, unsigned long base,
10870 unsigned long size, mtrr_type type);
10871- void (*set_all)(void);
10872+ void (* const set_all)(void);
10873
10874- void (*get)(unsigned int reg, unsigned long *base,
10875+ void (* const get)(unsigned int reg, unsigned long *base,
10876 unsigned long *size, mtrr_type *type);
10877- int (*get_free_region)(unsigned long base, unsigned long size,
10878+ int (* const get_free_region)(unsigned long base, unsigned long size,
10879 int replace_reg);
10880- int (*validate_add_page)(unsigned long base, unsigned long size,
10881+ int (* const validate_add_page)(unsigned long base, unsigned long size,
10882 unsigned int type);
10883- int (*have_wrcomb)(void);
10884+ int (* const have_wrcomb)(void);
10885 };
10886
10887 extern int generic_get_free_region(unsigned long base, unsigned long size,
10888diff -urNp linux-2.6.38.2/arch/x86/kernel/cpu/perf_event.c linux-2.6.38.2/arch/x86/kernel/cpu/perf_event.c
10889--- linux-2.6.38.2/arch/x86/kernel/cpu/perf_event.c 2011-03-14 21:20:32.000000000 -0400
10890+++ linux-2.6.38.2/arch/x86/kernel/cpu/perf_event.c 2011-03-21 18:31:35.000000000 -0400
10891@@ -1781,7 +1781,7 @@ perf_callchain_user(struct perf_callchai
10892 break;
10893
10894 perf_callchain_store(entry, frame.return_address);
10895- fp = frame.next_frame;
10896+ fp = (__force const void __user *)frame.next_frame;
10897 }
10898 }
10899
10900diff -urNp linux-2.6.38.2/arch/x86/kernel/crash.c linux-2.6.38.2/arch/x86/kernel/crash.c
10901--- linux-2.6.38.2/arch/x86/kernel/crash.c 2011-03-14 21:20:32.000000000 -0400
10902+++ linux-2.6.38.2/arch/x86/kernel/crash.c 2011-03-21 18:31:35.000000000 -0400
10903@@ -42,7 +42,7 @@ static void kdump_nmi_callback(int cpu,
10904 regs = args->regs;
10905
10906 #ifdef CONFIG_X86_32
10907- if (!user_mode_vm(regs)) {
10908+ if (!user_mode(regs)) {
10909 crash_fixup_ss_esp(&fixed_regs, regs);
10910 regs = &fixed_regs;
10911 }
10912diff -urNp linux-2.6.38.2/arch/x86/kernel/doublefault_32.c linux-2.6.38.2/arch/x86/kernel/doublefault_32.c
10913--- linux-2.6.38.2/arch/x86/kernel/doublefault_32.c 2011-03-14 21:20:32.000000000 -0400
10914+++ linux-2.6.38.2/arch/x86/kernel/doublefault_32.c 2011-03-21 18:31:35.000000000 -0400
10915@@ -11,7 +11,7 @@
10916
10917 #define DOUBLEFAULT_STACKSIZE (1024)
10918 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
10919-#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
10920+#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2)
10921
10922 #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
10923
10924@@ -21,7 +21,7 @@ static void doublefault_fn(void)
10925 unsigned long gdt, tss;
10926
10927 store_gdt(&gdt_desc);
10928- gdt = gdt_desc.address;
10929+ gdt = (unsigned long)gdt_desc.address;
10930
10931 printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
10932
10933@@ -58,10 +58,10 @@ struct tss_struct doublefault_tss __cach
10934 /* 0x2 bit is always set */
10935 .flags = X86_EFLAGS_SF | 0x2,
10936 .sp = STACK_START,
10937- .es = __USER_DS,
10938+ .es = __KERNEL_DS,
10939 .cs = __KERNEL_CS,
10940 .ss = __KERNEL_DS,
10941- .ds = __USER_DS,
10942+ .ds = __KERNEL_DS,
10943 .fs = __KERNEL_PERCPU,
10944
10945 .__cr3 = __pa_nodebug(swapper_pg_dir),
10946diff -urNp linux-2.6.38.2/arch/x86/kernel/dumpstack_32.c linux-2.6.38.2/arch/x86/kernel/dumpstack_32.c
10947--- linux-2.6.38.2/arch/x86/kernel/dumpstack_32.c 2011-03-14 21:20:32.000000000 -0400
10948+++ linux-2.6.38.2/arch/x86/kernel/dumpstack_32.c 2011-03-21 18:31:35.000000000 -0400
10949@@ -95,21 +95,22 @@ void show_registers(struct pt_regs *regs
10950 * When in-kernel, we also print out the stack and code at the
10951 * time of the fault..
10952 */
10953- if (!user_mode_vm(regs)) {
10954+ if (!user_mode(regs)) {
10955 unsigned int code_prologue = code_bytes * 43 / 64;
10956 unsigned int code_len = code_bytes;
10957 unsigned char c;
10958 u8 *ip;
10959+ unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
10960
10961 printk(KERN_EMERG "Stack:\n");
10962 show_stack_log_lvl(NULL, regs, &regs->sp, KERN_EMERG);
10963
10964 printk(KERN_EMERG "Code: ");
10965
10966- ip = (u8 *)regs->ip - code_prologue;
10967+ ip = (u8 *)regs->ip - code_prologue + cs_base;
10968 if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
10969 /* try starting at IP */
10970- ip = (u8 *)regs->ip;
10971+ ip = (u8 *)regs->ip + cs_base;
10972 code_len = code_len - code_prologue + 1;
10973 }
10974 for (i = 0; i < code_len; i++, ip++) {
10975@@ -118,7 +119,7 @@ void show_registers(struct pt_regs *regs
10976 printk(" Bad EIP value.");
10977 break;
10978 }
10979- if (ip == (u8 *)regs->ip)
10980+ if (ip == (u8 *)regs->ip + cs_base)
10981 printk("<%02x> ", c);
10982 else
10983 printk("%02x ", c);
10984@@ -131,6 +132,7 @@ int is_valid_bugaddr(unsigned long ip)
10985 {
10986 unsigned short ud2;
10987
10988+ ip = ktla_ktva(ip);
10989 if (ip < PAGE_OFFSET)
10990 return 0;
10991 if (probe_kernel_address((unsigned short *)ip, ud2))
10992diff -urNp linux-2.6.38.2/arch/x86/kernel/dumpstack.c linux-2.6.38.2/arch/x86/kernel/dumpstack.c
10993--- linux-2.6.38.2/arch/x86/kernel/dumpstack.c 2011-03-14 21:20:32.000000000 -0400
10994+++ linux-2.6.38.2/arch/x86/kernel/dumpstack.c 2011-03-21 18:31:35.000000000 -0400
10995@@ -2,6 +2,9 @@
10996 * Copyright (C) 1991, 1992 Linus Torvalds
10997 * Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
10998 */
10999+#ifdef CONFIG_GRKERNSEC_HIDESYM
11000+#define __INCLUDED_BY_HIDESYM 1
11001+#endif
11002 #include <linux/kallsyms.h>
11003 #include <linux/kprobes.h>
11004 #include <linux/uaccess.h>
11005@@ -27,7 +30,7 @@ static int die_counter;
11006
11007 void printk_address(unsigned long address, int reliable)
11008 {
11009- printk(" [<%p>] %s%pS\n", (void *) address,
11010+ printk(" [<%p>] %s%pA\n", (void *) address,
11011 reliable ? "" : "? ", (void *) address);
11012 }
11013
11014@@ -200,7 +203,7 @@ void dump_stack(void)
11015 unsigned long stack;
11016
11017 printk("Pid: %d, comm: %.20s %s %s %.*s\n",
11018- current->pid, current->comm, print_tainted(),
11019+ task_pid_nr(current), current->comm, print_tainted(),
11020 init_utsname()->release,
11021 (int)strcspn(init_utsname()->version, " "),
11022 init_utsname()->version);
11023@@ -257,7 +260,7 @@ void __kprobes oops_end(unsigned long fl
11024 panic("Fatal exception in interrupt");
11025 if (panic_on_oops)
11026 panic("Fatal exception");
11027- do_exit(signr);
11028+ do_group_exit(signr);
11029 }
11030
11031 int __kprobes __die(const char *str, struct pt_regs *regs, long err)
11032@@ -284,7 +287,7 @@ int __kprobes __die(const char *str, str
11033
11034 show_registers(regs);
11035 #ifdef CONFIG_X86_32
11036- if (user_mode_vm(regs)) {
11037+ if (user_mode(regs)) {
11038 sp = regs->sp;
11039 ss = regs->ss & 0xffff;
11040 } else {
11041@@ -312,7 +315,7 @@ void die(const char *str, struct pt_regs
11042 unsigned long flags = oops_begin();
11043 int sig = SIGSEGV;
11044
11045- if (!user_mode_vm(regs))
11046+ if (!user_mode(regs))
11047 report_bug(regs->ip, regs);
11048
11049 if (__die(str, regs, err))
11050diff -urNp linux-2.6.38.2/arch/x86/kernel/entry_32.S linux-2.6.38.2/arch/x86/kernel/entry_32.S
11051--- linux-2.6.38.2/arch/x86/kernel/entry_32.S 2011-03-28 17:42:40.000000000 -0400
11052+++ linux-2.6.38.2/arch/x86/kernel/entry_32.S 2011-03-28 17:42:53.000000000 -0400
11053@@ -183,13 +183,81 @@
11054 /*CFI_REL_OFFSET gs, PT_GS*/
11055 .endm
11056 .macro SET_KERNEL_GS reg
11057+
11058+#ifdef CONFIG_CC_STACKPROTECTOR
11059 movl $(__KERNEL_STACK_CANARY), \reg
11060+#elif defined(CONFIG_PAX_MEMORY_UDEREF)
11061+ movl $(__USER_DS), \reg
11062+#else
11063+ xorl \reg, \reg
11064+#endif
11065+
11066 movl \reg, %gs
11067 .endm
11068
11069 #endif /* CONFIG_X86_32_LAZY_GS */
11070
11071-.macro SAVE_ALL
11072+.macro PAX_EXIT_KERNEL
11073+#ifdef CONFIG_PAX_KERNEXEC
11074+#ifdef CONFIG_PARAVIRT
11075+ push %eax; push %ecx
11076+#endif
11077+ mov %cs, %esi
11078+ cmp $__KERNEXEC_KERNEL_CS, %esi
11079+ jnz 2f
11080+#ifdef CONFIG_PARAVIRT
11081+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0);
11082+ mov %eax, %esi
11083+#else
11084+ mov %cr0, %esi
11085+#endif
11086+ btr $16, %esi
11087+ ljmp $__KERNEL_CS, $1f
11088+1:
11089+#ifdef CONFIG_PARAVIRT
11090+ mov %esi, %eax
11091+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);
11092+#else
11093+ mov %esi, %cr0
11094+#endif
11095+2:
11096+#ifdef CONFIG_PARAVIRT
11097+ pop %ecx; pop %eax
11098+#endif
11099+#endif
11100+.endm
11101+
11102+.macro PAX_ENTER_KERNEL
11103+#ifdef CONFIG_PAX_KERNEXEC
11104+#ifdef CONFIG_PARAVIRT
11105+ push %eax; push %ecx
11106+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
11107+ mov %eax, %esi
11108+#else
11109+ mov %cr0, %esi
11110+#endif
11111+ bts $16, %esi
11112+ jnc 1f
11113+ mov %cs, %esi
11114+ cmp $__KERNEL_CS, %esi
11115+ jz 3f
11116+ ljmp $__KERNEL_CS, $3f
11117+1: ljmp $__KERNEXEC_KERNEL_CS, $2f
11118+2:
11119+#ifdef CONFIG_PARAVIRT
11120+ mov %esi, %eax
11121+ call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
11122+#else
11123+ mov %esi, %cr0
11124+#endif
11125+3:
11126+#ifdef CONFIG_PARAVIRT
11127+ pop %ecx; pop %eax
11128+#endif
11129+#endif
11130+.endm
11131+
11132+.macro __SAVE_ALL _DS
11133 cld
11134 PUSH_GS
11135 pushl_cfi %fs
11136@@ -212,7 +280,7 @@
11137 CFI_REL_OFFSET ecx, 0
11138 pushl_cfi %ebx
11139 CFI_REL_OFFSET ebx, 0
11140- movl $(__USER_DS), %edx
11141+ movl $\_DS, %edx
11142 movl %edx, %ds
11143 movl %edx, %es
11144 movl $(__KERNEL_PERCPU), %edx
11145@@ -220,6 +288,15 @@
11146 SET_KERNEL_GS %edx
11147 .endm
11148
11149+.macro SAVE_ALL
11150+#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
11151+ __SAVE_ALL __KERNEL_DS
11152+ PAX_ENTER_KERNEL
11153+#else
11154+ __SAVE_ALL __USER_DS
11155+#endif
11156+.endm
11157+
11158 .macro RESTORE_INT_REGS
11159 popl_cfi %ebx
11160 CFI_RESTORE ebx
11161@@ -330,7 +407,15 @@ check_userspace:
11162 movb PT_CS(%esp), %al
11163 andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
11164 cmpl $USER_RPL, %eax
11165+
11166+#ifdef CONFIG_PAX_KERNEXEC
11167+ jae resume_userspace
11168+
11169+ PAX_EXIT_KERNEL
11170+ jmp resume_kernel
11171+#else
11172 jb resume_kernel # not returning to v8086 or userspace
11173+#endif
11174
11175 ENTRY(resume_userspace)
11176 LOCKDEP_SYS_EXIT
11177@@ -392,10 +477,9 @@ sysenter_past_esp:
11178 /*CFI_REL_OFFSET cs, 0*/
11179 /*
11180 * Push current_thread_info()->sysenter_return to the stack.
11181- * A tiny bit of offset fixup is necessary - 4*4 means the 4 words
11182- * pushed above; +8 corresponds to copy_thread's esp0 setting.
11183 */
11184- pushl_cfi ((TI_sysenter_return)-THREAD_SIZE_asm+8+4*4)(%esp)
11185+ GET_THREAD_INFO(%ebp)
11186+ pushl_cfi TI_sysenter_return(%ebp)
11187 CFI_REL_OFFSET eip, 0
11188
11189 pushl_cfi %eax
11190@@ -406,9 +490,19 @@ sysenter_past_esp:
11191 * Load the potential sixth argument from user stack.
11192 * Careful about security.
11193 */
11194+ movl PT_OLDESP(%esp),%ebp
11195+
11196+#ifdef CONFIG_PAX_MEMORY_UDEREF
11197+ mov PT_OLDSS(%esp),%ds
11198+1: movl %ds:(%ebp),%ebp
11199+ push %ss
11200+ pop %ds
11201+#else
11202 cmpl $__PAGE_OFFSET-3,%ebp
11203 jae syscall_fault
11204 1: movl (%ebp),%ebp
11205+#endif
11206+
11207 movl %ebp,PT_EBP(%esp)
11208 .section __ex_table,"a"
11209 .align 4
11210@@ -431,12 +525,23 @@ sysenter_do_call:
11211 testl $_TIF_ALLWORK_MASK, %ecx
11212 jne sysexit_audit
11213 sysenter_exit:
11214+
11215+#ifdef CONFIG_PAX_RANDKSTACK
11216+ pushl %eax
11217+ CFI_ADJUST_CFA_OFFSET 4
11218+ call pax_randomize_kstack
11219+ popl %eax
11220+ CFI_ADJUST_CFA_OFFSET -4
11221+#endif
11222+
11223 /* if something modifies registers it must also disable sysexit */
11224 movl PT_EIP(%esp), %edx
11225 movl PT_OLDESP(%esp), %ecx
11226 xorl %ebp,%ebp
11227 TRACE_IRQS_ON
11228 1: mov PT_FS(%esp), %fs
11229+2: mov PT_DS(%esp), %ds
11230+3: mov PT_ES(%esp), %es
11231 PTGS_TO_GS
11232 ENABLE_INTERRUPTS_SYSEXIT
11233
11234@@ -479,11 +584,17 @@ sysexit_audit:
11235
11236 CFI_ENDPROC
11237 .pushsection .fixup,"ax"
11238-2: movl $0,PT_FS(%esp)
11239+4: movl $0,PT_FS(%esp)
11240+ jmp 1b
11241+5: movl $0,PT_DS(%esp)
11242+ jmp 1b
11243+6: movl $0,PT_ES(%esp)
11244 jmp 1b
11245 .section __ex_table,"a"
11246 .align 4
11247- .long 1b,2b
11248+ .long 1b,4b
11249+ .long 2b,5b
11250+ .long 3b,6b
11251 .popsection
11252 PTGS_TO_GS_EX
11253 ENDPROC(ia32_sysenter_target)
11254@@ -516,6 +627,10 @@ syscall_exit:
11255 testl $_TIF_ALLWORK_MASK, %ecx # current->work
11256 jne syscall_exit_work
11257
11258+#ifdef CONFIG_PAX_RANDKSTACK
11259+ call pax_randomize_kstack
11260+#endif
11261+
11262 restore_all:
11263 TRACE_IRQS_IRET
11264 restore_all_notrace:
11265@@ -575,14 +690,21 @@ ldt_ss:
11266 * compensating for the offset by changing to the ESPFIX segment with
11267 * a base address that matches for the difference.
11268 */
11269-#define GDT_ESPFIX_SS PER_CPU_VAR(gdt_page) + (GDT_ENTRY_ESPFIX_SS * 8)
11270+#define GDT_ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)(%ebx)
11271 mov %esp, %edx /* load kernel esp */
11272 mov PT_OLDESP(%esp), %eax /* load userspace esp */
11273 mov %dx, %ax /* eax: new kernel esp */
11274 sub %eax, %edx /* offset (low word is 0) */
11275+#ifdef CONFIG_SMP
11276+ movl PER_CPU_VAR(cpu_number), %ebx
11277+ shll $PAGE_SHIFT_asm, %ebx
11278+ addl $cpu_gdt_table, %ebx
11279+#else
11280+ movl $cpu_gdt_table, %ebx
11281+#endif
11282 shr $16, %edx
11283- mov %dl, GDT_ESPFIX_SS + 4 /* bits 16..23 */
11284- mov %dh, GDT_ESPFIX_SS + 7 /* bits 24..31 */
11285+ mov %dl, 4 + GDT_ESPFIX_SS /* bits 16..23 */
11286+ mov %dh, 7 + GDT_ESPFIX_SS /* bits 24..31 */
11287 pushl_cfi $__ESPFIX_SS
11288 pushl_cfi %eax /* new kernel esp */
11289 /* Disable interrupts, but do not irqtrace this section: we
11290@@ -617,23 +739,17 @@ work_resched:
11291
11292 work_notifysig: # deal with pending signals and
11293 # notify-resume requests
11294+ movl %esp, %eax
11295 #ifdef CONFIG_VM86
11296 testl $X86_EFLAGS_VM, PT_EFLAGS(%esp)
11297- movl %esp, %eax
11298- jne work_notifysig_v86 # returning to kernel-space or
11299+ jz 1f # returning to kernel-space or
11300 # vm86-space
11301- xorl %edx, %edx
11302- call do_notify_resume
11303- jmp resume_userspace_sig
11304
11305- ALIGN
11306-work_notifysig_v86:
11307 pushl_cfi %ecx # save ti_flags for do_notify_resume
11308 call save_v86_state # %eax contains pt_regs pointer
11309 popl_cfi %ecx
11310 movl %eax, %esp
11311-#else
11312- movl %esp, %eax
11313+1:
11314 #endif
11315 xorl %edx, %edx
11316 call do_notify_resume
11317@@ -668,6 +784,10 @@ END(syscall_exit_work)
11318
11319 RING0_INT_FRAME # can't unwind into user space anyway
11320 syscall_fault:
11321+#ifdef CONFIG_PAX_MEMORY_UDEREF
11322+ push %ss
11323+ pop %ds
11324+#endif
11325 GET_THREAD_INFO(%ebp)
11326 movl $-EFAULT,PT_EAX(%esp)
11327 jmp resume_userspace
11328@@ -750,6 +870,36 @@ ptregs_clone:
11329 CFI_ENDPROC
11330 ENDPROC(ptregs_clone)
11331
11332+ ALIGN;
11333+ENTRY(kernel_execve)
11334+ CFI_STARTPROC
11335+ pushl_cfi %ebp
11336+ sub $PT_OLDSS+4,%esp
11337+ pushl_cfi %edi
11338+ pushl_cfi %ecx
11339+ pushl_cfi %eax
11340+ lea 3*4(%esp),%edi
11341+ mov $PT_OLDSS/4+1,%ecx
11342+ xorl %eax,%eax
11343+ rep stosl
11344+ popl_cfi %eax
11345+ popl_cfi %ecx
11346+ popl_cfi %edi
11347+ movl $X86_EFLAGS_IF,PT_EFLAGS(%esp)
11348+ pushl_cfi %esp
11349+ call sys_execve
11350+ add $4,%esp
11351+ CFI_ADJUST_CFA_OFFSET -4
11352+ GET_THREAD_INFO(%ebp)
11353+ test %eax,%eax
11354+ jz syscall_exit
11355+ add $PT_OLDSS+4,%esp
11356+ CFI_ADJUST_CFA_OFFSET -PT_OLDSS-4
11357+ popl_cfi %ebp
11358+ ret
11359+ CFI_ENDPROC
11360+ENDPROC(kernel_execve)
11361+
11362 .macro FIXUP_ESPFIX_STACK
11363 /*
11364 * Switch back for ESPFIX stack to the normal zerobased stack
11365@@ -759,8 +909,15 @@ ENDPROC(ptregs_clone)
11366 * normal stack and adjusts ESP with the matching offset.
11367 */
11368 /* fixup the stack */
11369- mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
11370- mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
11371+#ifdef CONFIG_SMP
11372+ movl PER_CPU_VAR(cpu_number), %ebx
11373+ shll $PAGE_SHIFT_asm, %ebx
11374+ addl $cpu_gdt_table, %ebx
11375+#else
11376+ movl $cpu_gdt_table, %ebx
11377+#endif
11378+ mov 4 + GDT_ESPFIX_SS, %al /* bits 16..23 */
11379+ mov 7 + GDT_ESPFIX_SS, %ah /* bits 24..31 */
11380 shl $16, %eax
11381 addl %esp, %eax /* the adjusted stack pointer */
11382 pushl_cfi $__KERNEL_DS
11383@@ -1211,7 +1368,6 @@ return_to_handler:
11384 jmp *%ecx
11385 #endif
11386
11387-.section .rodata,"a"
11388 #include "syscall_table_32.S"
11389
11390 syscall_table_size=(.-sys_call_table)
11391@@ -1257,9 +1413,12 @@ error_code:
11392 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
11393 REG_TO_PTGS %ecx
11394 SET_KERNEL_GS %ecx
11395- movl $(__USER_DS), %ecx
11396+ movl $(__KERNEL_DS), %ecx
11397 movl %ecx, %ds
11398 movl %ecx, %es
11399+
11400+ PAX_ENTER_KERNEL
11401+
11402 TRACE_IRQS_OFF
11403 movl %esp,%eax # pt_regs pointer
11404 call *%edi
11405@@ -1344,6 +1503,9 @@ nmi_stack_correct:
11406 xorl %edx,%edx # zero error code
11407 movl %esp,%eax # pt_regs pointer
11408 call do_nmi
11409+
11410+ PAX_EXIT_KERNEL
11411+
11412 jmp restore_all_notrace
11413 CFI_ENDPROC
11414
11415@@ -1380,6 +1542,9 @@ nmi_espfix_stack:
11416 FIXUP_ESPFIX_STACK # %eax == %esp
11417 xorl %edx,%edx # zero error code
11418 call do_nmi
11419+
11420+ PAX_EXIT_KERNEL
11421+
11422 RESTORE_REGS
11423 lss 12+4(%esp), %esp # back to espfix stack
11424 CFI_ADJUST_CFA_OFFSET -24
11425diff -urNp linux-2.6.38.2/arch/x86/kernel/entry_64.S linux-2.6.38.2/arch/x86/kernel/entry_64.S
11426--- linux-2.6.38.2/arch/x86/kernel/entry_64.S 2011-03-23 17:20:06.000000000 -0400
11427+++ linux-2.6.38.2/arch/x86/kernel/entry_64.S 2011-03-23 17:21:49.000000000 -0400
11428@@ -53,6 +53,7 @@
11429 #include <asm/paravirt.h>
11430 #include <asm/ftrace.h>
11431 #include <asm/percpu.h>
11432+#include <asm/pgtable.h>
11433
11434 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
11435 #include <linux/elf-em.h>
11436@@ -174,6 +175,201 @@ ENTRY(native_usergs_sysret64)
11437 ENDPROC(native_usergs_sysret64)
11438 #endif /* CONFIG_PARAVIRT */
11439
11440+ .macro ljmpq sel, off
11441+#if defined(CONFIG_MCORE2) || defined (CONFIG_MATOM)
11442+ .byte 0x48; ljmp *1234f(%rip)
11443+ .pushsection .rodata
11444+ .align 16
11445+ 1234: .quad \off; .word \sel
11446+ .popsection
11447+#else
11448+ push $\sel
11449+ push $\off
11450+ lretq
11451+#endif
11452+ .endm
11453+
11454+ .macro pax_enter_kernel
11455+#ifdef CONFIG_PAX_KERNEXEC
11456+ call pax_enter_kernel
11457+#endif
11458+ .endm
11459+
11460+ .macro pax_exit_kernel
11461+#ifdef CONFIG_PAX_KERNEXEC
11462+ call pax_exit_kernel
11463+#endif
11464+ .endm
11465+
11466+#ifdef CONFIG_PAX_KERNEXEC
11467+ENTRY(pax_enter_kernel)
11468+ push %rdi
11469+
11470+#ifdef CONFIG_PARAVIRT
11471+ PV_SAVE_REGS(CLBR_RDI)
11472+#endif
11473+
11474+ GET_CR0_INTO_RDI
11475+ bts $16,%rdi
11476+ jnc 1f
11477+ mov %cs,%edi
11478+ cmp $__KERNEL_CS,%edi
11479+ jz 3f
11480+ ljmpq __KERNEL_CS,3f
11481+1: ljmpq __KERNEXEC_KERNEL_CS,2f
11482+2: SET_RDI_INTO_CR0
11483+3:
11484+
11485+#ifdef CONFIG_PARAVIRT
11486+ PV_RESTORE_REGS(CLBR_RDI)
11487+#endif
11488+
11489+ pop %rdi
11490+ retq
11491+ENDPROC(pax_enter_kernel)
11492+
11493+ENTRY(pax_exit_kernel)
11494+ push %rdi
11495+
11496+#ifdef CONFIG_PARAVIRT
11497+ PV_SAVE_REGS(CLBR_RDI)
11498+#endif
11499+
11500+ mov %cs,%rdi
11501+ cmp $__KERNEXEC_KERNEL_CS,%edi
11502+ jnz 2f
11503+ GET_CR0_INTO_RDI
11504+ btr $16,%rdi
11505+ ljmpq __KERNEL_CS,1f
11506+1: SET_RDI_INTO_CR0
11507+2:
11508+
11509+#ifdef CONFIG_PARAVIRT
11510+ PV_RESTORE_REGS(CLBR_RDI);
11511+#endif
11512+
11513+ pop %rdi
11514+ retq
11515+ENDPROC(pax_exit_kernel)
11516+#endif
11517+
11518+ .macro pax_enter_kernel_user
11519+#ifdef CONFIG_PAX_MEMORY_UDEREF
11520+ call pax_enter_kernel_user
11521+#endif
11522+ .endm
11523+
11524+ .macro pax_exit_kernel_user
11525+#ifdef CONFIG_PAX_MEMORY_UDEREF
11526+ call pax_exit_kernel_user
11527+#endif
11528+ .endm
11529+
11530+#ifdef CONFIG_PAX_MEMORY_UDEREF
11531+ENTRY(pax_enter_kernel_user)
11532+ push %rdi
11533+ push %rbx
11534+
11535+#ifdef CONFIG_PARAVIRT
11536+ PV_SAVE_REGS(CLBR_RDI)
11537+#endif
11538+
11539+ GET_CR3_INTO_RDI
11540+ mov %rdi,%rbx
11541+ add $__START_KERNEL_map,%rbx
11542+ sub phys_base(%rip),%rbx
11543+
11544+#ifdef CONFIG_PARAVIRT
11545+ push %rdi
11546+ cmpl $0, pv_info+PARAVIRT_enabled
11547+ jz 1f
11548+ i = 0
11549+ .rept USER_PGD_PTRS
11550+ mov i*8(%rbx),%rsi
11551+ mov $0,%sil
11552+ lea i*8(%rbx),%rdi
11553+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd)
11554+ i = i + 1
11555+ .endr
11556+ jmp 2f
11557+1:
11558+#endif
11559+
11560+ i = 0
11561+ .rept USER_PGD_PTRS
11562+ movb $0,i*8(%rbx)
11563+ i = i + 1
11564+ .endr
11565+
11566+#ifdef CONFIG_PARAVIRT
11567+2: pop %rdi
11568+#endif
11569+ SET_RDI_INTO_CR3
11570+
11571+#ifdef CONFIG_PAX_KERNEXEC
11572+ GET_CR0_INTO_RDI
11573+ bts $16,%rdi
11574+ SET_RDI_INTO_CR0
11575+#endif
11576+
11577+#ifdef CONFIG_PARAVIRT
11578+ PV_RESTORE_REGS(CLBR_RDI)
11579+#endif
11580+
11581+ pop %rbx
11582+ pop %rdi
11583+ retq
11584+ENDPROC(pax_enter_kernel_user)
11585+
11586+ENTRY(pax_exit_kernel_user)
11587+ push %rdi
11588+
11589+#ifdef CONFIG_PARAVIRT
11590+ push %rbx
11591+ PV_SAVE_REGS(CLBR_RDI)
11592+#endif
11593+
11594+#ifdef CONFIG_PAX_KERNEXEC
11595+ GET_CR0_INTO_RDI
11596+ btr $16,%rdi
11597+ SET_RDI_INTO_CR0
11598+#endif
11599+
11600+ GET_CR3_INTO_RDI
11601+ add $__START_KERNEL_map,%rdi
11602+ sub phys_base(%rip),%rdi
11603+
11604+#ifdef CONFIG_PARAVIRT
11605+ cmpl $0, pv_info+PARAVIRT_enabled
11606+ jz 1f
11607+ mov %rdi,%rbx
11608+ i = 0
11609+ .rept USER_PGD_PTRS
11610+ mov i*8(%rbx),%rsi
11611+ mov $0x67,%sil
11612+ lea i*8(%rbx),%rdi
11613+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd)
11614+ i = i + 1
11615+ .endr
11616+ jmp 2f
11617+1:
11618+#endif
11619+
11620+ i = 0
11621+ .rept USER_PGD_PTRS
11622+ movb $0x67,i*8(%rdi)
11623+ i = i + 1
11624+ .endr
11625+
11626+#ifdef CONFIG_PARAVIRT
11627+2: PV_RESTORE_REGS(CLBR_RDI)
11628+ pop %rbx
11629+#endif
11630+
11631+ pop %rdi
11632+ retq
11633+ENDPROC(pax_exit_kernel_user)
11634+#endif
11635
11636 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
11637 #ifdef CONFIG_TRACE_IRQFLAGS
11638@@ -316,7 +512,7 @@ ENTRY(save_args)
11639 leaq -RBP+8(%rsp),%rdi /* arg1 for handler */
11640 movq_cfi rbp, 8 /* push %rbp */
11641 leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
11642- testl $3, CS(%rdi)
11643+ testb $3, CS(%rdi)
11644 je 1f
11645 SWAPGS
11646 /*
11647@@ -407,7 +603,7 @@ ENTRY(ret_from_fork)
11648
11649 RESTORE_REST
11650
11651- testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
11652+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
11653 je int_ret_from_sys_call
11654
11655 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
11656@@ -466,6 +662,7 @@ ENTRY(system_call_after_swapgs)
11657
11658 movq %rsp,PER_CPU_VAR(old_rsp)
11659 movq PER_CPU_VAR(kernel_stack),%rsp
11660+ pax_enter_kernel_user
11661 /*
11662 * No need to follow this irqs off/on section - it's straight
11663 * and short:
11664@@ -500,6 +697,7 @@ sysret_check:
11665 andl %edi,%edx
11666 jnz sysret_careful
11667 CFI_REMEMBER_STATE
11668+ pax_exit_kernel_user
11669 /*
11670 * sysretq will re-enable interrupts:
11671 */
11672@@ -609,7 +807,7 @@ tracesys:
11673 GLOBAL(int_ret_from_sys_call)
11674 DISABLE_INTERRUPTS(CLBR_NONE)
11675 TRACE_IRQS_OFF
11676- testl $3,CS-ARGOFFSET(%rsp)
11677+ testb $3,CS-ARGOFFSET(%rsp)
11678 je retint_restore_args
11679 movl $_TIF_ALLWORK_MASK,%edi
11680 /* edi: mask to check */
11681@@ -791,6 +989,16 @@ END(interrupt)
11682 CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
11683 call save_args
11684 PARTIAL_FRAME 0
11685+#ifdef CONFIG_PAX_MEMORY_UDEREF
11686+ testb $3, CS(%rdi)
11687+ jnz 1f
11688+ pax_enter_kernel
11689+ jmp 2f
11690+1: pax_enter_kernel_user
11691+2:
11692+#else
11693+ pax_enter_kernel
11694+#endif
11695 call \func
11696 .endm
11697
11698@@ -823,7 +1031,7 @@ ret_from_intr:
11699 CFI_ADJUST_CFA_OFFSET -8
11700 exit_intr:
11701 GET_THREAD_INFO(%rcx)
11702- testl $3,CS-ARGOFFSET(%rsp)
11703+ testb $3,CS-ARGOFFSET(%rsp)
11704 je retint_kernel
11705
11706 /* Interrupt came from user space */
11707@@ -845,12 +1053,14 @@ retint_swapgs: /* return to user-space
11708 * The iretq could re-enable interrupts:
11709 */
11710 DISABLE_INTERRUPTS(CLBR_ANY)
11711+ pax_exit_kernel_user
11712 TRACE_IRQS_IRETQ
11713 SWAPGS
11714 jmp restore_args
11715
11716 retint_restore_args: /* return to kernel space */
11717 DISABLE_INTERRUPTS(CLBR_ANY)
11718+ pax_exit_kernel
11719 /*
11720 * The iretq could re-enable interrupts:
11721 */
11722@@ -1022,6 +1232,16 @@ ENTRY(\sym)
11723 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
11724 call error_entry
11725 DEFAULT_FRAME 0
11726+#ifdef CONFIG_PAX_MEMORY_UDEREF
11727+ testb $3, CS(%rsp)
11728+ jnz 1f
11729+ pax_enter_kernel
11730+ jmp 2f
11731+1: pax_enter_kernel_user
11732+2:
11733+#else
11734+ pax_enter_kernel
11735+#endif
11736 movq %rsp,%rdi /* pt_regs pointer */
11737 xorl %esi,%esi /* no error code */
11738 call \do_sym
11739@@ -1039,6 +1259,16 @@ ENTRY(\sym)
11740 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
11741 call save_paranoid
11742 TRACE_IRQS_OFF
11743+#ifdef CONFIG_PAX_MEMORY_UDEREF
11744+ testb $3, CS(%rsp)
11745+ jnz 1f
11746+ pax_enter_kernel
11747+ jmp 2f
11748+1: pax_enter_kernel_user
11749+2:
11750+#else
11751+ pax_enter_kernel
11752+#endif
11753 movq %rsp,%rdi /* pt_regs pointer */
11754 xorl %esi,%esi /* no error code */
11755 call \do_sym
11756@@ -1047,7 +1277,7 @@ ENTRY(\sym)
11757 END(\sym)
11758 .endm
11759
11760-#define INIT_TSS_IST(x) PER_CPU_VAR(init_tss) + (TSS_ist + ((x) - 1) * 8)
11761+#define INIT_TSS_IST(x) (TSS_ist + ((x) - 1) * 8)(%r12)
11762 .macro paranoidzeroentry_ist sym do_sym ist
11763 ENTRY(\sym)
11764 INTR_FRAME
11765@@ -1057,8 +1287,24 @@ ENTRY(\sym)
11766 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
11767 call save_paranoid
11768 TRACE_IRQS_OFF
11769+#ifdef CONFIG_PAX_MEMORY_UDEREF
11770+ testb $3, CS(%rsp)
11771+ jnz 1f
11772+ pax_enter_kernel
11773+ jmp 2f
11774+1: pax_enter_kernel_user
11775+2:
11776+#else
11777+ pax_enter_kernel
11778+#endif
11779 movq %rsp,%rdi /* pt_regs pointer */
11780 xorl %esi,%esi /* no error code */
11781+#ifdef CONFIG_SMP
11782+ imul $TSS_size, PER_CPU_VAR(cpu_number), %r12d
11783+ lea init_tss(%r12), %r12
11784+#else
11785+ lea init_tss(%rip), %r12
11786+#endif
11787 subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
11788 call \do_sym
11789 addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
11790@@ -1075,6 +1321,16 @@ ENTRY(\sym)
11791 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
11792 call error_entry
11793 DEFAULT_FRAME 0
11794+#ifdef CONFIG_PAX_MEMORY_UDEREF
11795+ testb $3, CS(%rsp)
11796+ jnz 1f
11797+ pax_enter_kernel
11798+ jmp 2f
11799+1: pax_enter_kernel_user
11800+2:
11801+#else
11802+ pax_enter_kernel
11803+#endif
11804 movq %rsp,%rdi /* pt_regs pointer */
11805 movq ORIG_RAX(%rsp),%rsi /* get error code */
11806 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
11807@@ -1094,6 +1350,16 @@ ENTRY(\sym)
11808 call save_paranoid
11809 DEFAULT_FRAME 0
11810 TRACE_IRQS_OFF
11811+#ifdef CONFIG_PAX_MEMORY_UDEREF
11812+ testb $3, CS(%rsp)
11813+ jnz 1f
11814+ pax_enter_kernel
11815+ jmp 2f
11816+1: pax_enter_kernel_user
11817+2:
11818+#else
11819+ pax_enter_kernel
11820+#endif
11821 movq %rsp,%rdi /* pt_regs pointer */
11822 movq ORIG_RAX(%rsp),%rsi /* get error code */
11823 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
11824@@ -1356,14 +1622,27 @@ ENTRY(paranoid_exit)
11825 TRACE_IRQS_OFF
11826 testl %ebx,%ebx /* swapgs needed? */
11827 jnz paranoid_restore
11828- testl $3,CS(%rsp)
11829+ testb $3,CS(%rsp)
11830 jnz paranoid_userspace
11831+#ifdef CONFIG_PAX_MEMORY_UDEREF
11832+ pax_exit_kernel
11833+ TRACE_IRQS_IRETQ 0
11834+ SWAPGS_UNSAFE_STACK
11835+ RESTORE_ALL 8
11836+ jmp irq_return
11837+#endif
11838 paranoid_swapgs:
11839+#ifdef CONFIG_PAX_MEMORY_UDEREF
11840+ pax_exit_kernel_user
11841+#else
11842+ pax_exit_kernel
11843+#endif
11844 TRACE_IRQS_IRETQ 0
11845 SWAPGS_UNSAFE_STACK
11846 RESTORE_ALL 8
11847 jmp irq_return
11848 paranoid_restore:
11849+ pax_exit_kernel
11850 TRACE_IRQS_IRETQ 0
11851 RESTORE_ALL 8
11852 jmp irq_return
11853@@ -1421,7 +1700,7 @@ ENTRY(error_entry)
11854 movq_cfi r14, R14+8
11855 movq_cfi r15, R15+8
11856 xorl %ebx,%ebx
11857- testl $3,CS+8(%rsp)
11858+ testb $3,CS+8(%rsp)
11859 je error_kernelspace
11860 error_swapgs:
11861 SWAPGS
11862@@ -1485,6 +1764,16 @@ ENTRY(nmi)
11863 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
11864 call save_paranoid
11865 DEFAULT_FRAME 0
11866+#ifdef CONFIG_PAX_MEMORY_UDEREF
11867+ testb $3, CS(%rsp)
11868+ jnz 1f
11869+ pax_enter_kernel
11870+ jmp 2f
11871+1: pax_enter_kernel_user
11872+2:
11873+#else
11874+ pax_enter_kernel
11875+#endif
11876 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
11877 movq %rsp,%rdi
11878 movq $-1,%rsi
11879@@ -1495,11 +1784,25 @@ ENTRY(nmi)
11880 DISABLE_INTERRUPTS(CLBR_NONE)
11881 testl %ebx,%ebx /* swapgs needed? */
11882 jnz nmi_restore
11883- testl $3,CS(%rsp)
11884+ testb $3,CS(%rsp)
11885 jnz nmi_userspace
11886+#ifdef CONFIG_PAX_MEMORY_UDEREF
11887+ pax_exit_kernel
11888+ SWAPGS_UNSAFE_STACK
11889+ RESTORE_ALL 8
11890+ jmp irq_return
11891+#endif
11892 nmi_swapgs:
11893+#ifdef CONFIG_PAX_MEMORY_UDEREF
11894+ pax_exit_kernel_user
11895+#else
11896+ pax_exit_kernel
11897+#endif
11898 SWAPGS_UNSAFE_STACK
11899+ RESTORE_ALL 8
11900+ jmp irq_return
11901 nmi_restore:
11902+ pax_exit_kernel
11903 RESTORE_ALL 8
11904 jmp irq_return
11905 nmi_userspace:
11906diff -urNp linux-2.6.38.2/arch/x86/kernel/ftrace.c linux-2.6.38.2/arch/x86/kernel/ftrace.c
11907--- linux-2.6.38.2/arch/x86/kernel/ftrace.c 2011-03-14 21:20:32.000000000 -0400
11908+++ linux-2.6.38.2/arch/x86/kernel/ftrace.c 2011-03-21 18:31:35.000000000 -0400
11909@@ -177,7 +177,9 @@ void ftrace_nmi_enter(void)
11910
11911 if (atomic_inc_return(&nmi_running) & MOD_CODE_WRITE_FLAG) {
11912 smp_rmb();
11913+ pax_open_kernel();
11914 ftrace_mod_code();
11915+ pax_close_kernel();
11916 atomic_inc(&nmi_update_count);
11917 }
11918 /* Must have previous changes seen before executions */
11919@@ -271,6 +273,8 @@ ftrace_modify_code(unsigned long ip, uns
11920 {
11921 unsigned char replaced[MCOUNT_INSN_SIZE];
11922
11923+ ip = ktla_ktva(ip);
11924+
11925 /*
11926 * Note: Due to modules and __init, code can
11927 * disappear and change, we need to protect against faulting
11928@@ -327,7 +331,7 @@ int ftrace_update_ftrace_func(ftrace_fun
11929 unsigned char old[MCOUNT_INSN_SIZE], *new;
11930 int ret;
11931
11932- memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
11933+ memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
11934 new = ftrace_call_replace(ip, (unsigned long)func);
11935 ret = ftrace_modify_code(ip, old, new);
11936
11937@@ -353,6 +357,8 @@ static int ftrace_mod_jmp(unsigned long
11938 {
11939 unsigned char code[MCOUNT_INSN_SIZE];
11940
11941+ ip = ktla_ktva(ip);
11942+
11943 if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
11944 return -EFAULT;
11945
11946diff -urNp linux-2.6.38.2/arch/x86/kernel/head32.c linux-2.6.38.2/arch/x86/kernel/head32.c
11947--- linux-2.6.38.2/arch/x86/kernel/head32.c 2011-03-14 21:20:32.000000000 -0400
11948+++ linux-2.6.38.2/arch/x86/kernel/head32.c 2011-03-21 18:31:35.000000000 -0400
11949@@ -19,6 +19,7 @@
11950 #include <asm/io_apic.h>
11951 #include <asm/bios_ebda.h>
11952 #include <asm/tlbflush.h>
11953+#include <asm/boot.h>
11954
11955 static void __init i386_default_early_setup(void)
11956 {
11957@@ -43,7 +44,7 @@ void __init i386_start_kernel(void)
11958 memblock_x86_reserve_range(PAGE_SIZE, PAGE_SIZE + PAGE_SIZE, "EX TRAMPOLINE");
11959 #endif
11960
11961- memblock_x86_reserve_range(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
11962+ memblock_x86_reserve_range(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS");
11963
11964 #ifdef CONFIG_BLK_DEV_INITRD
11965 /* Reserve INITRD */
11966diff -urNp linux-2.6.38.2/arch/x86/kernel/head_32.S linux-2.6.38.2/arch/x86/kernel/head_32.S
11967--- linux-2.6.38.2/arch/x86/kernel/head_32.S 2011-03-14 21:20:32.000000000 -0400
11968+++ linux-2.6.38.2/arch/x86/kernel/head_32.S 2011-03-21 18:31:35.000000000 -0400
11969@@ -25,6 +25,12 @@
11970 /* Physical address */
11971 #define pa(X) ((X) - __PAGE_OFFSET)
11972
11973+#ifdef CONFIG_PAX_KERNEXEC
11974+#define ta(X) (X)
11975+#else
11976+#define ta(X) ((X) - __PAGE_OFFSET)
11977+#endif
11978+
11979 /*
11980 * References to members of the new_cpu_data structure.
11981 */
11982@@ -54,11 +60,7 @@
11983 * and small than max_low_pfn, otherwise will waste some page table entries
11984 */
11985
11986-#if PTRS_PER_PMD > 1
11987-#define PAGE_TABLE_SIZE(pages) (((pages) / PTRS_PER_PMD) + PTRS_PER_PGD)
11988-#else
11989-#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PGD)
11990-#endif
11991+#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PTE)
11992
11993 /* Number of possible pages in the lowmem region */
11994 LOWMEM_PAGES = (((1<<32) - __PAGE_OFFSET) >> PAGE_SHIFT)
11995@@ -77,6 +79,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_P
11996 RESERVE_BRK(pagetables, INIT_MAP_SIZE)
11997
11998 /*
11999+ * Real beginning of normal "text" segment
12000+ */
12001+ENTRY(stext)
12002+ENTRY(_stext)
12003+
12004+/*
12005 * 32-bit kernel entrypoint; only used by the boot CPU. On entry,
12006 * %esi points to the real-mode code as a 32-bit pointer.
12007 * CS and DS must be 4 GB flat segments, but we don't depend on
12008@@ -84,6 +92,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
12009 * can.
12010 */
12011 __HEAD
12012+
12013+#ifdef CONFIG_PAX_KERNEXEC
12014+ jmp startup_32
12015+/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
12016+.fill PAGE_SIZE-5,1,0xcc
12017+#endif
12018+
12019 ENTRY(startup_32)
12020 movl pa(stack_start),%ecx
12021
12022@@ -105,6 +120,57 @@ ENTRY(startup_32)
12023 2:
12024 leal -__PAGE_OFFSET(%ecx),%esp
12025
12026+#ifdef CONFIG_SMP
12027+ movl $pa(cpu_gdt_table),%edi
12028+ movl $__per_cpu_load,%eax
12029+ movw %ax,__KERNEL_PERCPU + 2(%edi)
12030+ rorl $16,%eax
12031+ movb %al,__KERNEL_PERCPU + 4(%edi)
12032+ movb %ah,__KERNEL_PERCPU + 7(%edi)
12033+ movl $__per_cpu_end - 1,%eax
12034+ subl $__per_cpu_start,%eax
12035+ movw %ax,__KERNEL_PERCPU + 0(%edi)
12036+#endif
12037+
12038+#ifdef CONFIG_PAX_MEMORY_UDEREF
12039+ movl $NR_CPUS,%ecx
12040+ movl $pa(cpu_gdt_table),%edi
12041+1:
12042+ movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
12043+ movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c0fb00),GDT_ENTRY_DEFAULT_USER_CS * 8 + 4(%edi)
12044+ movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c0f300),GDT_ENTRY_DEFAULT_USER_DS * 8 + 4(%edi)
12045+ addl $PAGE_SIZE_asm,%edi
12046+ loop 1b
12047+#endif
12048+
12049+#ifdef CONFIG_PAX_KERNEXEC
12050+ movl $pa(boot_gdt),%edi
12051+ movl $__LOAD_PHYSICAL_ADDR,%eax
12052+ movw %ax,__BOOT_CS + 2(%edi)
12053+ rorl $16,%eax
12054+ movb %al,__BOOT_CS + 4(%edi)
12055+ movb %ah,__BOOT_CS + 7(%edi)
12056+ rorl $16,%eax
12057+
12058+ ljmp $(__BOOT_CS),$1f
12059+1:
12060+
12061+ movl $NR_CPUS,%ecx
12062+ movl $pa(cpu_gdt_table),%edi
12063+ addl $__PAGE_OFFSET,%eax
12064+1:
12065+ movw %ax,__KERNEL_CS + 2(%edi)
12066+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
12067+ rorl $16,%eax
12068+ movb %al,__KERNEL_CS + 4(%edi)
12069+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
12070+ movb %ah,__KERNEL_CS + 7(%edi)
12071+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
12072+ rorl $16,%eax
12073+ addl $PAGE_SIZE_asm,%edi
12074+ loop 1b
12075+#endif
12076+
12077 /*
12078 * Clear BSS first so that there are no surprises...
12079 */
12080@@ -195,8 +261,11 @@ ENTRY(startup_32)
12081 movl %eax, pa(max_pfn_mapped)
12082
12083 /* Do early initialization of the fixmap area */
12084- movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,%eax
12085- movl %eax,pa(initial_pg_pmd+0x1000*KPMDS-8)
12086+#ifdef CONFIG_COMPAT_VDSO
12087+ movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(initial_pg_pmd+0x1000*KPMDS-8)
12088+#else
12089+ movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,pa(initial_pg_pmd+0x1000*KPMDS-8)
12090+#endif
12091 #else /* Not PAE */
12092
12093 page_pde_offset = (__PAGE_OFFSET >> 20);
12094@@ -226,8 +295,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
12095 movl %eax, pa(max_pfn_mapped)
12096
12097 /* Do early initialization of the fixmap area */
12098- movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,%eax
12099- movl %eax,pa(initial_page_table+0xffc)
12100+#ifdef CONFIG_COMPAT_VDSO
12101+ movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(initial_page_table+0xffc)
12102+#else
12103+ movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,pa(initial_page_table+0xffc)
12104+#endif
12105 #endif
12106
12107 #ifdef CONFIG_PARAVIRT
12108@@ -241,9 +313,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
12109 cmpl $num_subarch_entries, %eax
12110 jae bad_subarch
12111
12112- movl pa(subarch_entries)(,%eax,4), %eax
12113- subl $__PAGE_OFFSET, %eax
12114- jmp *%eax
12115+ jmp *pa(subarch_entries)(,%eax,4)
12116
12117 bad_subarch:
12118 WEAK(lguest_entry)
12119@@ -255,10 +325,10 @@ WEAK(xen_entry)
12120 __INITDATA
12121
12122 subarch_entries:
12123- .long default_entry /* normal x86/PC */
12124- .long lguest_entry /* lguest hypervisor */
12125- .long xen_entry /* Xen hypervisor */
12126- .long default_entry /* Moorestown MID */
12127+ .long pa(default_entry) /* normal x86/PC */
12128+ .long pa(lguest_entry) /* lguest hypervisor */
12129+ .long pa(xen_entry) /* Xen hypervisor */
12130+ .long pa(default_entry) /* Moorestown MID */
12131 num_subarch_entries = (. - subarch_entries) / 4
12132 .previous
12133 #else
12134@@ -312,6 +382,7 @@ default_entry:
12135 orl %edx,%eax
12136 movl %eax,%cr4
12137
12138+#ifdef CONFIG_X86_PAE
12139 testb $X86_CR4_PAE, %al # check if PAE is enabled
12140 jz 6f
12141
12142@@ -340,6 +411,9 @@ default_entry:
12143 /* Make changes effective */
12144 wrmsr
12145
12146+ btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
12147+#endif
12148+
12149 6:
12150
12151 /*
12152@@ -443,7 +517,7 @@ is386: movl $2,%ecx # set MP
12153 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
12154 movl %eax,%ss # after changing gdt.
12155
12156- movl $(__USER_DS),%eax # DS/ES contains default USER segment
12157+# movl $(__KERNEL_DS),%eax # DS/ES contains default KERNEL segment
12158 movl %eax,%ds
12159 movl %eax,%es
12160
12161@@ -457,15 +531,22 @@ is386: movl $2,%ecx # set MP
12162 */
12163 cmpb $0,ready
12164 jne 1f
12165- movl $gdt_page,%eax
12166+ movl $cpu_gdt_table,%eax
12167 movl $stack_canary,%ecx
12168+#ifdef CONFIG_SMP
12169+ addl $__per_cpu_load,%ecx
12170+#endif
12171 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
12172 shrl $16, %ecx
12173 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
12174 movb %ch, 8 * GDT_ENTRY_STACK_CANARY + 7(%eax)
12175 1:
12176-#endif
12177 movl $(__KERNEL_STACK_CANARY),%eax
12178+#elif defined(CONFIG_PAX_MEMORY_UDEREF)
12179+ movl $(__USER_DS),%eax
12180+#else
12181+ xorl %eax,%eax
12182+#endif
12183 movl %eax,%gs
12184
12185 xorl %eax,%eax # Clear LDT
12186@@ -558,22 +639,22 @@ early_page_fault:
12187 jmp early_fault
12188
12189 early_fault:
12190- cld
12191 #ifdef CONFIG_PRINTK
12192+ cmpl $1,%ss:early_recursion_flag
12193+ je hlt_loop
12194+ incl %ss:early_recursion_flag
12195+ cld
12196 pusha
12197 movl $(__KERNEL_DS),%eax
12198 movl %eax,%ds
12199 movl %eax,%es
12200- cmpl $2,early_recursion_flag
12201- je hlt_loop
12202- incl early_recursion_flag
12203 movl %cr2,%eax
12204 pushl %eax
12205 pushl %edx /* trapno */
12206 pushl $fault_msg
12207 call printk
12208+; call dump_stack
12209 #endif
12210- call dump_stack
12211 hlt_loop:
12212 hlt
12213 jmp hlt_loop
12214@@ -581,8 +662,11 @@ hlt_loop:
12215 /* This is the default interrupt "handler" :-) */
12216 ALIGN
12217 ignore_int:
12218- cld
12219 #ifdef CONFIG_PRINTK
12220+ cmpl $2,%ss:early_recursion_flag
12221+ je hlt_loop
12222+ incl %ss:early_recursion_flag
12223+ cld
12224 pushl %eax
12225 pushl %ecx
12226 pushl %edx
12227@@ -591,9 +675,6 @@ ignore_int:
12228 movl $(__KERNEL_DS),%eax
12229 movl %eax,%ds
12230 movl %eax,%es
12231- cmpl $2,early_recursion_flag
12232- je hlt_loop
12233- incl early_recursion_flag
12234 pushl 16(%esp)
12235 pushl 24(%esp)
12236 pushl 32(%esp)
12237@@ -622,29 +703,43 @@ ENTRY(initial_code)
12238 /*
12239 * BSS section
12240 */
12241-__PAGE_ALIGNED_BSS
12242- .align PAGE_SIZE_asm
12243 #ifdef CONFIG_X86_PAE
12244+.section .initial_pg_pmd,"a",@progbits
12245 initial_pg_pmd:
12246 .fill 1024*KPMDS,4,0
12247 #else
12248+.section .initial_page_table,"a",@progbits
12249 ENTRY(initial_page_table)
12250 .fill 1024,4,0
12251 #endif
12252+.section .initial_pg_fixmap,"a",@progbits
12253 initial_pg_fixmap:
12254 .fill 1024,4,0
12255+.section .empty_zero_page,"a",@progbits
12256 ENTRY(empty_zero_page)
12257 .fill 4096,1,0
12258+.section .swapper_pg_dir,"a",@progbits
12259 ENTRY(swapper_pg_dir)
12260+#ifdef CONFIG_X86_PAE
12261+ .fill 4,8,0
12262+#else
12263 .fill 1024,4,0
12264+#endif
12265+
12266+/*
12267+ * The IDT has to be page-aligned to simplify the Pentium
12268+ * F0 0F bug workaround.. We have a special link segment
12269+ * for this.
12270+ */
12271+.section .idt,"a",@progbits
12272+ENTRY(idt_table)
12273+ .fill 256,8,0
12274
12275 /*
12276 * This starts the data section.
12277 */
12278 #ifdef CONFIG_X86_PAE
12279-__PAGE_ALIGNED_DATA
12280- /* Page-aligned for the benefit of paravirt? */
12281- .align PAGE_SIZE_asm
12282+.section .initial_page_table,"a",@progbits
12283 ENTRY(initial_page_table)
12284 .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
12285 # if KPMDS == 3
12286@@ -663,13 +758,22 @@ ENTRY(initial_page_table)
12287 # error "Kernel PMDs should be 1, 2 or 3"
12288 # endif
12289 .align PAGE_SIZE_asm /* needs to be page-sized too */
12290+
12291+#ifdef CONFIG_PAX_PER_CPU_PGD
12292+ENTRY(cpu_pgd)
12293+ .rept NR_CPUS
12294+ .fill 4,8,0
12295+ .endr
12296+#endif
12297+
12298 #endif
12299
12300 .data
12301 .balign 4
12302 ENTRY(stack_start)
12303- .long init_thread_union+THREAD_SIZE
12304+ .long init_thread_union+THREAD_SIZE-8
12305
12306+.section .rodata,"a",@progbits
12307 early_recursion_flag:
12308 .long 0
12309
12310@@ -707,7 +811,7 @@ fault_msg:
12311 .word 0 # 32 bit align gdt_desc.address
12312 boot_gdt_descr:
12313 .word __BOOT_DS+7
12314- .long boot_gdt - __PAGE_OFFSET
12315+ .long pa(boot_gdt)
12316
12317 .word 0 # 32-bit align idt_desc.address
12318 idt_descr:
12319@@ -718,7 +822,7 @@ idt_descr:
12320 .word 0 # 32 bit align gdt_desc.address
12321 ENTRY(early_gdt_descr)
12322 .word GDT_ENTRIES*8-1
12323- .long gdt_page /* Overwritten for secondary CPUs */
12324+ .long cpu_gdt_table /* Overwritten for secondary CPUs */
12325
12326 /*
12327 * The boot_gdt must mirror the equivalent in setup.S and is
12328@@ -727,5 +831,65 @@ ENTRY(early_gdt_descr)
12329 .align L1_CACHE_BYTES
12330 ENTRY(boot_gdt)
12331 .fill GDT_ENTRY_BOOT_CS,8,0
12332- .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */
12333- .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */
12334+ .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */
12335+ .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */
12336+
12337+ .align PAGE_SIZE_asm
12338+ENTRY(cpu_gdt_table)
12339+ .rept NR_CPUS
12340+ .quad 0x0000000000000000 /* NULL descriptor */
12341+ .quad 0x0000000000000000 /* 0x0b reserved */
12342+ .quad 0x0000000000000000 /* 0x13 reserved */
12343+ .quad 0x0000000000000000 /* 0x1b reserved */
12344+
12345+#ifdef CONFIG_PAX_KERNEXEC
12346+ .quad 0x00cf9b000000ffff /* 0x20 alternate kernel 4GB code at 0x00000000 */
12347+#else
12348+ .quad 0x0000000000000000 /* 0x20 unused */
12349+#endif
12350+
12351+ .quad 0x0000000000000000 /* 0x28 unused */
12352+ .quad 0x0000000000000000 /* 0x33 TLS entry 1 */
12353+ .quad 0x0000000000000000 /* 0x3b TLS entry 2 */
12354+ .quad 0x0000000000000000 /* 0x43 TLS entry 3 */
12355+ .quad 0x0000000000000000 /* 0x4b reserved */
12356+ .quad 0x0000000000000000 /* 0x53 reserved */
12357+ .quad 0x0000000000000000 /* 0x5b reserved */
12358+
12359+ .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
12360+ .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
12361+ .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */
12362+ .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */
12363+
12364+ .quad 0x0000000000000000 /* 0x80 TSS descriptor */
12365+ .quad 0x0000000000000000 /* 0x88 LDT descriptor */
12366+
12367+ /*
12368+ * Segments used for calling PnP BIOS have byte granularity.
12369+ * The code segments and data segments have fixed 64k limits,
12370+ * the transfer segment sizes are set at run time.
12371+ */
12372+ .quad 0x00409b000000ffff /* 0x90 32-bit code */
12373+ .quad 0x00009b000000ffff /* 0x98 16-bit code */
12374+ .quad 0x000093000000ffff /* 0xa0 16-bit data */
12375+ .quad 0x0000930000000000 /* 0xa8 16-bit data */
12376+ .quad 0x0000930000000000 /* 0xb0 16-bit data */
12377+
12378+ /*
12379+ * The APM segments have byte granularity and their bases
12380+ * are set at run time. All have 64k limits.
12381+ */
12382+ .quad 0x00409b000000ffff /* 0xb8 APM CS code */
12383+ .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */
12384+ .quad 0x004093000000ffff /* 0xc8 APM DS data */
12385+
12386+ .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */
12387+ .quad 0x0040930000000000 /* 0xd8 - PERCPU */
12388+ .quad 0x0040910000000018 /* 0xe0 - STACK_CANARY */
12389+ .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */
12390+ .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */
12391+ .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */
12392+
12393+ /* Be sure this is zeroed to avoid false validations in Xen */
12394+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
12395+ .endr
12396diff -urNp linux-2.6.38.2/arch/x86/kernel/head_64.S linux-2.6.38.2/arch/x86/kernel/head_64.S
12397--- linux-2.6.38.2/arch/x86/kernel/head_64.S 2011-03-14 21:20:32.000000000 -0400
12398+++ linux-2.6.38.2/arch/x86/kernel/head_64.S 2011-03-21 18:31:35.000000000 -0400
12399@@ -19,6 +19,7 @@
12400 #include <asm/cache.h>
12401 #include <asm/processor-flags.h>
12402 #include <asm/percpu.h>
12403+#include <asm/cpufeature.h>
12404
12405 #ifdef CONFIG_PARAVIRT
12406 #include <asm/asm-offsets.h>
12407@@ -38,6 +39,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
12408 L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
12409 L4_START_KERNEL = pgd_index(__START_KERNEL_map)
12410 L3_START_KERNEL = pud_index(__START_KERNEL_map)
12411+L4_VMALLOC_START = pgd_index(VMALLOC_START)
12412+L3_VMALLOC_START = pud_index(VMALLOC_START)
12413+L4_VMEMMAP_START = pgd_index(VMEMMAP_START)
12414+L3_VMEMMAP_START = pud_index(VMEMMAP_START)
12415
12416 .text
12417 __HEAD
12418@@ -85,35 +90,22 @@ startup_64:
12419 */
12420 addq %rbp, init_level4_pgt + 0(%rip)
12421 addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
12422+ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
12423+ addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
12424 addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
12425
12426 addq %rbp, level3_ident_pgt + 0(%rip)
12427+#ifndef CONFIG_XEN
12428+ addq %rbp, level3_ident_pgt + 8(%rip)
12429+#endif
12430
12431- addq %rbp, level3_kernel_pgt + (510*8)(%rip)
12432- addq %rbp, level3_kernel_pgt + (511*8)(%rip)
12433+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
12434
12435- addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
12436+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
12437+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
12438
12439- /* Add an Identity mapping if I am above 1G */
12440- leaq _text(%rip), %rdi
12441- andq $PMD_PAGE_MASK, %rdi
12442-
12443- movq %rdi, %rax
12444- shrq $PUD_SHIFT, %rax
12445- andq $(PTRS_PER_PUD - 1), %rax
12446- jz ident_complete
12447-
12448- leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
12449- leaq level3_ident_pgt(%rip), %rbx
12450- movq %rdx, 0(%rbx, %rax, 8)
12451-
12452- movq %rdi, %rax
12453- shrq $PMD_SHIFT, %rax
12454- andq $(PTRS_PER_PMD - 1), %rax
12455- leaq __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
12456- leaq level2_spare_pgt(%rip), %rbx
12457- movq %rdx, 0(%rbx, %rax, 8)
12458-ident_complete:
12459+ addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
12460+ addq %rbp, level2_fixmap_pgt + (507*8)(%rip)
12461
12462 /*
12463 * Fixup the kernel text+data virtual addresses. Note that
12464@@ -161,8 +153,8 @@ ENTRY(secondary_startup_64)
12465 * after the boot processor executes this code.
12466 */
12467
12468- /* Enable PAE mode and PGE */
12469- movl $(X86_CR4_PAE | X86_CR4_PGE), %eax
12470+ /* Enable PAE mode and PSE/PGE */
12471+ movl $(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %eax
12472 movq %rax, %cr4
12473
12474 /* Setup early boot stage 4 level pagetables. */
12475@@ -184,9 +176,14 @@ ENTRY(secondary_startup_64)
12476 movl $MSR_EFER, %ecx
12477 rdmsr
12478 btsl $_EFER_SCE, %eax /* Enable System Call */
12479- btl $20,%edi /* No Execute supported? */
12480+ btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */
12481 jnc 1f
12482 btsl $_EFER_NX, %eax
12483+ leaq init_level4_pgt(%rip), %rdi
12484+ btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi)
12485+ btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi)
12486+ btsq $_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi)
12487+ btsq $_PAGE_BIT_NX, __supported_pte_mask(%rip)
12488 1: wrmsr /* Make changes effective */
12489
12490 /* Setup cr0 */
12491@@ -270,7 +267,7 @@ ENTRY(secondary_startup_64)
12492 bad_address:
12493 jmp bad_address
12494
12495- .section ".init.text","ax"
12496+ __INIT
12497 #ifdef CONFIG_EARLY_PRINTK
12498 .globl early_idt_handlers
12499 early_idt_handlers:
12500@@ -315,18 +312,23 @@ ENTRY(early_idt_handler)
12501 #endif /* EARLY_PRINTK */
12502 1: hlt
12503 jmp 1b
12504+ .previous
12505
12506 #ifdef CONFIG_EARLY_PRINTK
12507+ __INITDATA
12508 early_recursion_flag:
12509 .long 0
12510+ .previous
12511
12512+ .section .rodata,"a",@progbits
12513 early_idt_msg:
12514 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
12515 early_idt_ripmsg:
12516 .asciz "RIP %s\n"
12517-#endif /* CONFIG_EARLY_PRINTK */
12518 .previous
12519+#endif /* CONFIG_EARLY_PRINTK */
12520
12521+ .section .rodata,"a",@progbits
12522 #define NEXT_PAGE(name) \
12523 .balign PAGE_SIZE; \
12524 ENTRY(name)
12525@@ -339,7 +341,6 @@ ENTRY(name)
12526 i = i + 1 ; \
12527 .endr
12528
12529- .data
12530 /*
12531 * This default setting generates an ident mapping at address 0x100000
12532 * and a mapping for the kernel that precisely maps virtual address
12533@@ -350,13 +351,36 @@ NEXT_PAGE(init_level4_pgt)
12534 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
12535 .org init_level4_pgt + L4_PAGE_OFFSET*8, 0
12536 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
12537+ .org init_level4_pgt + L4_VMALLOC_START*8, 0
12538+ .quad level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE
12539+ .org init_level4_pgt + L4_VMEMMAP_START*8, 0
12540+ .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
12541 .org init_level4_pgt + L4_START_KERNEL*8, 0
12542 /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
12543 .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
12544
12545+#ifdef CONFIG_PAX_PER_CPU_PGD
12546+NEXT_PAGE(cpu_pgd)
12547+ .rept NR_CPUS
12548+ .fill 512,8,0
12549+ .endr
12550+#endif
12551+
12552 NEXT_PAGE(level3_ident_pgt)
12553 .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
12554+#ifdef CONFIG_XEN
12555 .fill 511,8,0
12556+#else
12557+ .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
12558+ .fill 510,8,0
12559+#endif
12560+
12561+NEXT_PAGE(level3_vmalloc_pgt)
12562+ .fill 512,8,0
12563+
12564+NEXT_PAGE(level3_vmemmap_pgt)
12565+ .fill L3_VMEMMAP_START,8,0
12566+ .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
12567
12568 NEXT_PAGE(level3_kernel_pgt)
12569 .fill L3_START_KERNEL,8,0
12570@@ -364,20 +388,23 @@ NEXT_PAGE(level3_kernel_pgt)
12571 .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
12572 .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
12573
12574+NEXT_PAGE(level2_vmemmap_pgt)
12575+ .fill 512,8,0
12576+
12577 NEXT_PAGE(level2_fixmap_pgt)
12578- .fill 506,8,0
12579- .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
12580- /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
12581- .fill 5,8,0
12582+ .fill 507,8,0
12583+ .quad level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
12584+ /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
12585+ .fill 4,8,0
12586
12587-NEXT_PAGE(level1_fixmap_pgt)
12588+NEXT_PAGE(level1_vsyscall_pgt)
12589 .fill 512,8,0
12590
12591-NEXT_PAGE(level2_ident_pgt)
12592- /* Since I easily can, map the first 1G.
12593+ /* Since I easily can, map the first 2G.
12594 * Don't set NX because code runs from these pages.
12595 */
12596- PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
12597+NEXT_PAGE(level2_ident_pgt)
12598+ PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD)
12599
12600 NEXT_PAGE(level2_kernel_pgt)
12601 /*
12602@@ -390,33 +417,55 @@ NEXT_PAGE(level2_kernel_pgt)
12603 * If you want to increase this then increase MODULES_VADDR
12604 * too.)
12605 */
12606- PMDS(0, __PAGE_KERNEL_LARGE_EXEC,
12607- KERNEL_IMAGE_SIZE/PMD_SIZE)
12608-
12609-NEXT_PAGE(level2_spare_pgt)
12610- .fill 512, 8, 0
12611+ PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE)
12612
12613 #undef PMDS
12614 #undef NEXT_PAGE
12615
12616- .data
12617+ .align PAGE_SIZE
12618+ENTRY(cpu_gdt_table)
12619+ .rept NR_CPUS
12620+ .quad 0x0000000000000000 /* NULL descriptor */
12621+ .quad 0x00cf9b000000ffff /* __KERNEL32_CS */
12622+ .quad 0x00af9b000000ffff /* __KERNEL_CS */
12623+ .quad 0x00cf93000000ffff /* __KERNEL_DS */
12624+ .quad 0x00cffb000000ffff /* __USER32_CS */
12625+ .quad 0x00cff3000000ffff /* __USER_DS, __USER32_DS */
12626+ .quad 0x00affb000000ffff /* __USER_CS */
12627+
12628+#ifdef CONFIG_PAX_KERNEXEC
12629+ .quad 0x00af9b000000ffff /* __KERNEXEC_KERNEL_CS */
12630+#else
12631+ .quad 0x0 /* unused */
12632+#endif
12633+
12634+ .quad 0,0 /* TSS */
12635+ .quad 0,0 /* LDT */
12636+ .quad 0,0,0 /* three TLS descriptors */
12637+ .quad 0x0000f40000000000 /* node/CPU stored in limit */
12638+ /* asm/segment.h:GDT_ENTRIES must match this */
12639+
12640+ /* zero the remaining page */
12641+ .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
12642+ .endr
12643+
12644 .align 16
12645 .globl early_gdt_descr
12646 early_gdt_descr:
12647 .word GDT_ENTRIES*8-1
12648 early_gdt_descr_base:
12649- .quad INIT_PER_CPU_VAR(gdt_page)
12650+ .quad cpu_gdt_table
12651
12652 ENTRY(phys_base)
12653 /* This must match the first entry in level2_kernel_pgt */
12654 .quad 0x0000000000000000
12655
12656 #include "../../x86/xen/xen-head.S"
12657-
12658- .section .bss, "aw", @nobits
12659+
12660+ .section .rodata,"a",@progbits
12661 .align L1_CACHE_BYTES
12662 ENTRY(idt_table)
12663- .skip IDT_ENTRIES * 16
12664+ .fill 512,8,0
12665
12666 __PAGE_ALIGNED_BSS
12667 .align PAGE_SIZE
12668diff -urNp linux-2.6.38.2/arch/x86/kernel/i386_ksyms_32.c linux-2.6.38.2/arch/x86/kernel/i386_ksyms_32.c
12669--- linux-2.6.38.2/arch/x86/kernel/i386_ksyms_32.c 2011-03-14 21:20:32.000000000 -0400
12670+++ linux-2.6.38.2/arch/x86/kernel/i386_ksyms_32.c 2011-03-21 18:31:35.000000000 -0400
12671@@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void);
12672 EXPORT_SYMBOL(cmpxchg8b_emu);
12673 #endif
12674
12675+EXPORT_SYMBOL_GPL(cpu_gdt_table);
12676+
12677 /* Networking helper routines. */
12678 EXPORT_SYMBOL(csum_partial_copy_generic);
12679+EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
12680+EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
12681
12682 EXPORT_SYMBOL(__get_user_1);
12683 EXPORT_SYMBOL(__get_user_2);
12684@@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr);
12685
12686 EXPORT_SYMBOL(csum_partial);
12687 EXPORT_SYMBOL(empty_zero_page);
12688+
12689+#ifdef CONFIG_PAX_KERNEXEC
12690+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
12691+#endif
12692diff -urNp linux-2.6.38.2/arch/x86/kernel/init_task.c linux-2.6.38.2/arch/x86/kernel/init_task.c
12693--- linux-2.6.38.2/arch/x86/kernel/init_task.c 2011-03-14 21:20:32.000000000 -0400
12694+++ linux-2.6.38.2/arch/x86/kernel/init_task.c 2011-03-21 18:31:35.000000000 -0400
12695@@ -38,5 +38,5 @@ EXPORT_SYMBOL(init_task);
12696 * section. Since TSS's are completely CPU-local, we want them
12697 * on exact cacheline boundaries, to eliminate cacheline ping-pong.
12698 */
12699-DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS;
12700-
12701+struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS };
12702+EXPORT_SYMBOL(init_tss);
12703diff -urNp linux-2.6.38.2/arch/x86/kernel/ioport.c linux-2.6.38.2/arch/x86/kernel/ioport.c
12704--- linux-2.6.38.2/arch/x86/kernel/ioport.c 2011-03-14 21:20:32.000000000 -0400
12705+++ linux-2.6.38.2/arch/x86/kernel/ioport.c 2011-03-21 18:31:35.000000000 -0400
12706@@ -6,6 +6,7 @@
12707 #include <linux/sched.h>
12708 #include <linux/kernel.h>
12709 #include <linux/capability.h>
12710+#include <linux/security.h>
12711 #include <linux/errno.h>
12712 #include <linux/types.h>
12713 #include <linux/ioport.h>
12714@@ -41,6 +42,12 @@ asmlinkage long sys_ioperm(unsigned long
12715
12716 if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
12717 return -EINVAL;
12718+#ifdef CONFIG_GRKERNSEC_IO
12719+ if (turn_on && grsec_disable_privio) {
12720+ gr_handle_ioperm();
12721+ return -EPERM;
12722+ }
12723+#endif
12724 if (turn_on && !capable(CAP_SYS_RAWIO))
12725 return -EPERM;
12726
12727@@ -67,7 +74,7 @@ asmlinkage long sys_ioperm(unsigned long
12728 * because the ->io_bitmap_max value must match the bitmap
12729 * contents:
12730 */
12731- tss = &per_cpu(init_tss, get_cpu());
12732+ tss = init_tss + get_cpu();
12733
12734 set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
12735
12736@@ -112,6 +119,12 @@ long sys_iopl(unsigned int level, struct
12737 return -EINVAL;
12738 /* Trying to gain more privileges? */
12739 if (level > old) {
12740+#ifdef CONFIG_GRKERNSEC_IO
12741+ if (grsec_disable_privio) {
12742+ gr_handle_iopl();
12743+ return -EPERM;
12744+ }
12745+#endif
12746 if (!capable(CAP_SYS_RAWIO))
12747 return -EPERM;
12748 }
12749diff -urNp linux-2.6.38.2/arch/x86/kernel/irq_32.c linux-2.6.38.2/arch/x86/kernel/irq_32.c
12750--- linux-2.6.38.2/arch/x86/kernel/irq_32.c 2011-03-14 21:20:32.000000000 -0400
12751+++ linux-2.6.38.2/arch/x86/kernel/irq_32.c 2011-03-21 18:31:35.000000000 -0400
12752@@ -91,7 +91,7 @@ execute_on_irq_stack(int overflow, struc
12753 return 0;
12754
12755 /* build the stack frame on the IRQ stack */
12756- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
12757+ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
12758 irqctx->tinfo.task = curctx->tinfo.task;
12759 irqctx->tinfo.previous_esp = current_stack_pointer;
12760
12761@@ -103,6 +103,10 @@ execute_on_irq_stack(int overflow, struc
12762 (irqctx->tinfo.preempt_count & ~SOFTIRQ_MASK) |
12763 (curctx->tinfo.preempt_count & SOFTIRQ_MASK);
12764
12765+#ifdef CONFIG_PAX_MEMORY_UDEREF
12766+ __set_fs(irqctx->tinfo.addr_limit);
12767+#endif
12768+
12769 if (unlikely(overflow))
12770 call_on_stack(print_stack_overflow, isp);
12771
12772@@ -113,6 +117,11 @@ execute_on_irq_stack(int overflow, struc
12773 : "0" (irq), "1" (desc), "2" (isp),
12774 "D" (desc->handle_irq)
12775 : "memory", "cc", "ecx");
12776+
12777+#ifdef CONFIG_PAX_MEMORY_UDEREF
12778+ __set_fs(curctx->tinfo.addr_limit);
12779+#endif
12780+
12781 return 1;
12782 }
12783
12784@@ -168,9 +177,18 @@ asmlinkage void do_softirq(void)
12785 irqctx->tinfo.previous_esp = current_stack_pointer;
12786
12787 /* build the stack frame on the softirq stack */
12788- isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
12789+ isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
12790+
12791+#ifdef CONFIG_PAX_MEMORY_UDEREF
12792+ __set_fs(irqctx->tinfo.addr_limit);
12793+#endif
12794
12795 call_on_stack(__do_softirq, isp);
12796+
12797+#ifdef CONFIG_PAX_MEMORY_UDEREF
12798+ __set_fs(curctx->addr_limit);
12799+#endif
12800+
12801 /*
12802 * Shouldnt happen, we returned above if in_interrupt():
12803 */
12804diff -urNp linux-2.6.38.2/arch/x86/kernel/kgdb.c linux-2.6.38.2/arch/x86/kernel/kgdb.c
12805--- linux-2.6.38.2/arch/x86/kernel/kgdb.c 2011-03-14 21:20:32.000000000 -0400
12806+++ linux-2.6.38.2/arch/x86/kernel/kgdb.c 2011-03-21 18:31:35.000000000 -0400
12807@@ -124,11 +124,11 @@ char *dbg_get_reg(int regno, void *mem,
12808 switch (regno) {
12809 #ifdef CONFIG_X86_32
12810 case GDB_SS:
12811- if (!user_mode_vm(regs))
12812+ if (!user_mode(regs))
12813 *(unsigned long *)mem = __KERNEL_DS;
12814 break;
12815 case GDB_SP:
12816- if (!user_mode_vm(regs))
12817+ if (!user_mode(regs))
12818 *(unsigned long *)mem = kernel_stack_pointer(regs);
12819 break;
12820 case GDB_GS:
12821@@ -719,7 +719,7 @@ void kgdb_arch_set_pc(struct pt_regs *re
12822 regs->ip = ip;
12823 }
12824
12825-struct kgdb_arch arch_kgdb_ops = {
12826+const struct kgdb_arch arch_kgdb_ops = {
12827 /* Breakpoint instruction: */
12828 .gdb_bpt_instr = { 0xcc },
12829 .flags = KGDB_HW_BREAKPOINT,
12830diff -urNp linux-2.6.38.2/arch/x86/kernel/kprobes.c linux-2.6.38.2/arch/x86/kernel/kprobes.c
12831--- linux-2.6.38.2/arch/x86/kernel/kprobes.c 2011-03-14 21:20:32.000000000 -0400
12832+++ linux-2.6.38.2/arch/x86/kernel/kprobes.c 2011-03-21 18:31:35.000000000 -0400
12833@@ -115,8 +115,11 @@ static void __kprobes __synthesize_relat
12834 } __attribute__((packed)) *insn;
12835
12836 insn = (struct __arch_relative_insn *)from;
12837+
12838+ pax_open_kernel();
12839 insn->raddr = (s32)((long)(to) - ((long)(from) + 5));
12840 insn->op = op;
12841+ pax_close_kernel();
12842 }
12843
12844 /* Insert a jump instruction at address 'from', which jumps to address 'to'.*/
12845@@ -153,7 +156,7 @@ static int __kprobes can_boost(kprobe_op
12846 kprobe_opcode_t opcode;
12847 kprobe_opcode_t *orig_opcodes = opcodes;
12848
12849- if (search_exception_tables((unsigned long)opcodes))
12850+ if (search_exception_tables(ktva_ktla((unsigned long)opcodes)))
12851 return 0; /* Page fault may occur on this address. */
12852
12853 retry:
12854@@ -314,7 +317,9 @@ static int __kprobes __copy_instruction(
12855 }
12856 }
12857 insn_get_length(&insn);
12858+ pax_open_kernel();
12859 memcpy(dest, insn.kaddr, insn.length);
12860+ pax_close_kernel();
12861
12862 #ifdef CONFIG_X86_64
12863 if (insn_rip_relative(&insn)) {
12864@@ -338,7 +343,9 @@ static int __kprobes __copy_instruction(
12865 (u8 *) dest;
12866 BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check. */
12867 disp = (u8 *) dest + insn_offset_displacement(&insn);
12868+ pax_open_kernel();
12869 *(s32 *) disp = (s32) newdisp;
12870+ pax_close_kernel();
12871 }
12872 #endif
12873 return insn.length;
12874@@ -352,12 +359,12 @@ static void __kprobes arch_copy_kprobe(s
12875 */
12876 __copy_instruction(p->ainsn.insn, p->addr, 0);
12877
12878- if (can_boost(p->addr))
12879+ if (can_boost(ktla_ktva(p->addr)))
12880 p->ainsn.boostable = 0;
12881 else
12882 p->ainsn.boostable = -1;
12883
12884- p->opcode = *p->addr;
12885+ p->opcode = *(ktla_ktva(p->addr));
12886 }
12887
12888 int __kprobes arch_prepare_kprobe(struct kprobe *p)
12889@@ -474,7 +481,7 @@ static void __kprobes setup_singlestep(s
12890 * nor set current_kprobe, because it doesn't use single
12891 * stepping.
12892 */
12893- regs->ip = (unsigned long)p->ainsn.insn;
12894+ regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
12895 preempt_enable_no_resched();
12896 return;
12897 }
12898@@ -493,7 +500,7 @@ static void __kprobes setup_singlestep(s
12899 if (p->opcode == BREAKPOINT_INSTRUCTION)
12900 regs->ip = (unsigned long)p->addr;
12901 else
12902- regs->ip = (unsigned long)p->ainsn.insn;
12903+ regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
12904 }
12905
12906 /*
12907@@ -572,7 +579,7 @@ static int __kprobes kprobe_handler(stru
12908 setup_singlestep(p, regs, kcb, 0);
12909 return 1;
12910 }
12911- } else if (*addr != BREAKPOINT_INSTRUCTION) {
12912+ } else if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) {
12913 /*
12914 * The breakpoint instruction was removed right
12915 * after we hit it. Another cpu has removed
12916@@ -817,7 +824,7 @@ static void __kprobes resume_execution(s
12917 struct pt_regs *regs, struct kprobe_ctlblk *kcb)
12918 {
12919 unsigned long *tos = stack_addr(regs);
12920- unsigned long copy_ip = (unsigned long)p->ainsn.insn;
12921+ unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn);
12922 unsigned long orig_ip = (unsigned long)p->addr;
12923 kprobe_opcode_t *insn = p->ainsn.insn;
12924
12925@@ -999,7 +1006,7 @@ int __kprobes kprobe_exceptions_notify(s
12926 struct die_args *args = data;
12927 int ret = NOTIFY_DONE;
12928
12929- if (args->regs && user_mode_vm(args->regs))
12930+ if (args->regs && user_mode(args->regs))
12931 return ret;
12932
12933 switch (val) {
12934@@ -1372,7 +1379,7 @@ int __kprobes arch_prepare_optimized_kpr
12935 * Verify if the address gap is in 2GB range, because this uses
12936 * a relative jump.
12937 */
12938- rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE;
12939+ rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE;
12940 if (abs(rel) > 0x7fffffff)
12941 return -ERANGE;
12942
12943@@ -1393,11 +1400,11 @@ int __kprobes arch_prepare_optimized_kpr
12944 synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op);
12945
12946 /* Set probe function call */
12947- synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback);
12948+ synthesize_relcall(buf + TMPL_CALL_IDX, ktla_ktva(optimized_callback));
12949
12950 /* Set returning jmp instruction at the tail of out-of-line buffer */
12951 synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size,
12952- (u8 *)op->kp.addr + op->optinsn.size);
12953+ (u8 *)ktla_ktva(op->kp.addr) + op->optinsn.size);
12954
12955 flush_icache_range((unsigned long) buf,
12956 (unsigned long) buf + TMPL_END_IDX +
12957@@ -1419,7 +1426,7 @@ static void __kprobes setup_optimize_kpr
12958 ((long)op->kp.addr + RELATIVEJUMP_SIZE));
12959
12960 /* Backup instructions which will be replaced by jump address */
12961- memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE,
12962+ memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE,
12963 RELATIVE_ADDR_SIZE);
12964
12965 insn_buf[0] = RELATIVEJUMP_OPCODE;
12966diff -urNp linux-2.6.38.2/arch/x86/kernel/ldt.c linux-2.6.38.2/arch/x86/kernel/ldt.c
12967--- linux-2.6.38.2/arch/x86/kernel/ldt.c 2011-03-14 21:20:32.000000000 -0400
12968+++ linux-2.6.38.2/arch/x86/kernel/ldt.c 2011-03-21 18:31:35.000000000 -0400
12969@@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, i
12970 if (reload) {
12971 #ifdef CONFIG_SMP
12972 preempt_disable();
12973- load_LDT(pc);
12974+ load_LDT_nolock(pc);
12975 if (!cpumask_equal(mm_cpumask(current->mm),
12976 cpumask_of(smp_processor_id())))
12977 smp_call_function(flush_ldt, current->mm, 1);
12978 preempt_enable();
12979 #else
12980- load_LDT(pc);
12981+ load_LDT_nolock(pc);
12982 #endif
12983 }
12984 if (oldsize) {
12985@@ -95,7 +95,7 @@ static inline int copy_ldt(mm_context_t
12986 return err;
12987
12988 for (i = 0; i < old->size; i++)
12989- write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
12990+ write_ldt_entry(new->ldt, i, old->ldt + i);
12991 return 0;
12992 }
12993
12994@@ -116,6 +116,24 @@ int init_new_context(struct task_struct
12995 retval = copy_ldt(&mm->context, &old_mm->context);
12996 mutex_unlock(&old_mm->context.lock);
12997 }
12998+
12999+ if (tsk == current) {
13000+ mm->context.vdso = 0;
13001+
13002+#ifdef CONFIG_X86_32
13003+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
13004+ mm->context.user_cs_base = 0UL;
13005+ mm->context.user_cs_limit = ~0UL;
13006+
13007+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
13008+ cpus_clear(mm->context.cpu_user_cs_mask);
13009+#endif
13010+
13011+#endif
13012+#endif
13013+
13014+ }
13015+
13016 return retval;
13017 }
13018
13019@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, u
13020 }
13021 }
13022
13023+#ifdef CONFIG_PAX_SEGMEXEC
13024+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) {
13025+ error = -EINVAL;
13026+ goto out_unlock;
13027+ }
13028+#endif
13029+
13030 fill_ldt(&ldt, &ldt_info);
13031 if (oldmode)
13032 ldt.avl = 0;
13033diff -urNp linux-2.6.38.2/arch/x86/kernel/machine_kexec_32.c linux-2.6.38.2/arch/x86/kernel/machine_kexec_32.c
13034--- linux-2.6.38.2/arch/x86/kernel/machine_kexec_32.c 2011-03-14 21:20:32.000000000 -0400
13035+++ linux-2.6.38.2/arch/x86/kernel/machine_kexec_32.c 2011-03-21 18:31:35.000000000 -0400
13036@@ -27,7 +27,7 @@
13037 #include <asm/cacheflush.h>
13038 #include <asm/debugreg.h>
13039
13040-static void set_idt(void *newidt, __u16 limit)
13041+static void set_idt(struct desc_struct *newidt, __u16 limit)
13042 {
13043 struct desc_ptr curidt;
13044
13045@@ -39,7 +39,7 @@ static void set_idt(void *newidt, __u16
13046 }
13047
13048
13049-static void set_gdt(void *newgdt, __u16 limit)
13050+static void set_gdt(struct desc_struct *newgdt, __u16 limit)
13051 {
13052 struct desc_ptr curgdt;
13053
13054@@ -217,7 +217,7 @@ void machine_kexec(struct kimage *image)
13055 }
13056
13057 control_page = page_address(image->control_code_page);
13058- memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
13059+ memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE);
13060
13061 relocate_kernel_ptr = control_page;
13062 page_list[PA_CONTROL_PAGE] = __pa(control_page);
13063diff -urNp linux-2.6.38.2/arch/x86/kernel/microcode_amd.c linux-2.6.38.2/arch/x86/kernel/microcode_amd.c
13064--- linux-2.6.38.2/arch/x86/kernel/microcode_amd.c 2011-03-14 21:20:32.000000000 -0400
13065+++ linux-2.6.38.2/arch/x86/kernel/microcode_amd.c 2011-03-21 18:31:35.000000000 -0400
13066@@ -317,7 +317,7 @@ static void microcode_fini_cpu_amd(int c
13067 uci->mc = NULL;
13068 }
13069
13070-static struct microcode_ops microcode_amd_ops = {
13071+static const struct microcode_ops microcode_amd_ops = {
13072 .request_microcode_user = request_microcode_user,
13073 .request_microcode_fw = request_microcode_fw,
13074 .collect_cpu_info = collect_cpu_info_amd,
13075@@ -325,7 +325,7 @@ static struct microcode_ops microcode_am
13076 .microcode_fini_cpu = microcode_fini_cpu_amd,
13077 };
13078
13079-struct microcode_ops * __init init_amd_microcode(void)
13080+const struct microcode_ops * __init init_amd_microcode(void)
13081 {
13082 return &microcode_amd_ops;
13083 }
13084diff -urNp linux-2.6.38.2/arch/x86/kernel/microcode_core.c linux-2.6.38.2/arch/x86/kernel/microcode_core.c
13085--- linux-2.6.38.2/arch/x86/kernel/microcode_core.c 2011-03-14 21:20:32.000000000 -0400
13086+++ linux-2.6.38.2/arch/x86/kernel/microcode_core.c 2011-03-21 18:31:35.000000000 -0400
13087@@ -92,7 +92,7 @@ MODULE_LICENSE("GPL");
13088
13089 #define MICROCODE_VERSION "2.00"
13090
13091-static struct microcode_ops *microcode_ops;
13092+static const struct microcode_ops *microcode_ops;
13093
13094 /*
13095 * Synchronization.
13096diff -urNp linux-2.6.38.2/arch/x86/kernel/microcode_intel.c linux-2.6.38.2/arch/x86/kernel/microcode_intel.c
13097--- linux-2.6.38.2/arch/x86/kernel/microcode_intel.c 2011-03-14 21:20:32.000000000 -0400
13098+++ linux-2.6.38.2/arch/x86/kernel/microcode_intel.c 2011-03-21 18:31:35.000000000 -0400
13099@@ -440,13 +440,13 @@ static enum ucode_state request_microcod
13100
13101 static int get_ucode_user(void *to, const void *from, size_t n)
13102 {
13103- return copy_from_user(to, from, n);
13104+ return copy_from_user(to, (__force const void __user *)from, n);
13105 }
13106
13107 static enum ucode_state
13108 request_microcode_user(int cpu, const void __user *buf, size_t size)
13109 {
13110- return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
13111+ return generic_load_microcode(cpu, (__force void *)buf, size, &get_ucode_user);
13112 }
13113
13114 static void microcode_fini_cpu(int cpu)
13115@@ -457,7 +457,7 @@ static void microcode_fini_cpu(int cpu)
13116 uci->mc = NULL;
13117 }
13118
13119-static struct microcode_ops microcode_intel_ops = {
13120+static const struct microcode_ops microcode_intel_ops = {
13121 .request_microcode_user = request_microcode_user,
13122 .request_microcode_fw = request_microcode_fw,
13123 .collect_cpu_info = collect_cpu_info,
13124@@ -465,7 +465,7 @@ static struct microcode_ops microcode_in
13125 .microcode_fini_cpu = microcode_fini_cpu,
13126 };
13127
13128-struct microcode_ops * __init init_intel_microcode(void)
13129+const struct microcode_ops * __init init_intel_microcode(void)
13130 {
13131 return &microcode_intel_ops;
13132 }
13133diff -urNp linux-2.6.38.2/arch/x86/kernel/module.c linux-2.6.38.2/arch/x86/kernel/module.c
13134--- linux-2.6.38.2/arch/x86/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
13135+++ linux-2.6.38.2/arch/x86/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
13136@@ -35,21 +35,66 @@
13137 #define DEBUGP(fmt...)
13138 #endif
13139
13140-void *module_alloc(unsigned long size)
13141+static inline void *__module_alloc(unsigned long size, pgprot_t prot)
13142 {
13143 if (PAGE_ALIGN(size) > MODULES_LEN)
13144 return NULL;
13145 return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END,
13146- GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
13147+ GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, prot,
13148 -1, __builtin_return_address(0));
13149 }
13150
13151+void *module_alloc(unsigned long size)
13152+{
13153+
13154+#ifdef CONFIG_PAX_KERNEXEC
13155+ return __module_alloc(size, PAGE_KERNEL);
13156+#else
13157+ return __module_alloc(size, PAGE_KERNEL_EXEC);
13158+#endif
13159+
13160+}
13161+
13162 /* Free memory returned from module_alloc */
13163 void module_free(struct module *mod, void *module_region)
13164 {
13165 vfree(module_region);
13166 }
13167
13168+#ifdef CONFIG_PAX_KERNEXEC
13169+#ifdef CONFIG_X86_32
13170+void *module_alloc_exec(unsigned long size)
13171+{
13172+ struct vm_struct *area;
13173+
13174+ if (size == 0)
13175+ return NULL;
13176+
13177+ area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_EXEC_VADDR, (unsigned long)&MODULES_EXEC_END);
13178+ return area ? area->addr : NULL;
13179+}
13180+EXPORT_SYMBOL(module_alloc_exec);
13181+
13182+void module_free_exec(struct module *mod, void *module_region)
13183+{
13184+ vunmap(module_region);
13185+}
13186+EXPORT_SYMBOL(module_free_exec);
13187+#else
13188+void module_free_exec(struct module *mod, void *module_region)
13189+{
13190+ module_free(mod, module_region);
13191+}
13192+EXPORT_SYMBOL(module_free_exec);
13193+
13194+void *module_alloc_exec(unsigned long size)
13195+{
13196+ return __module_alloc(size, PAGE_KERNEL_RX);
13197+}
13198+EXPORT_SYMBOL(module_alloc_exec);
13199+#endif
13200+#endif
13201+
13202 /* We don't need anything special. */
13203 int module_frob_arch_sections(Elf_Ehdr *hdr,
13204 Elf_Shdr *sechdrs,
13205@@ -69,14 +114,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
13206 unsigned int i;
13207 Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
13208 Elf32_Sym *sym;
13209- uint32_t *location;
13210+ uint32_t *plocation, location;
13211
13212 DEBUGP("Applying relocate section %u to %u\n", relsec,
13213 sechdrs[relsec].sh_info);
13214 for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
13215 /* This is where to make the change */
13216- location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
13217- + rel[i].r_offset;
13218+ plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset;
13219+ location = (uint32_t)plocation;
13220+ if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR)
13221+ plocation = ktla_ktva((void *)plocation);
13222 /* This is the symbol it is referring to. Note that all
13223 undefined symbols have been resolved. */
13224 sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
13225@@ -85,11 +132,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
13226 switch (ELF32_R_TYPE(rel[i].r_info)) {
13227 case R_386_32:
13228 /* We add the value into the location given */
13229- *location += sym->st_value;
13230+ pax_open_kernel();
13231+ *plocation += sym->st_value;
13232+ pax_close_kernel();
13233 break;
13234 case R_386_PC32:
13235 /* Add the value, subtract its postition */
13236- *location += sym->st_value - (uint32_t)location;
13237+ pax_open_kernel();
13238+ *plocation += sym->st_value - location;
13239+ pax_close_kernel();
13240 break;
13241 default:
13242 printk(KERN_ERR "module %s: Unknown relocation: %u\n",
13243@@ -145,21 +196,30 @@ int apply_relocate_add(Elf64_Shdr *sechd
13244 case R_X86_64_NONE:
13245 break;
13246 case R_X86_64_64:
13247+ pax_open_kernel();
13248 *(u64 *)loc = val;
13249+ pax_close_kernel();
13250 break;
13251 case R_X86_64_32:
13252+ pax_open_kernel();
13253 *(u32 *)loc = val;
13254+ pax_close_kernel();
13255 if (val != *(u32 *)loc)
13256 goto overflow;
13257 break;
13258 case R_X86_64_32S:
13259+ pax_open_kernel();
13260 *(s32 *)loc = val;
13261+ pax_close_kernel();
13262 if ((s64)val != *(s32 *)loc)
13263 goto overflow;
13264 break;
13265 case R_X86_64_PC32:
13266 val -= (u64)loc;
13267+ pax_open_kernel();
13268 *(u32 *)loc = val;
13269+ pax_close_kernel();
13270+
13271 #if 0
13272 if ((s64)val != *(s32 *)loc)
13273 goto overflow;
13274diff -urNp linux-2.6.38.2/arch/x86/kernel/paravirt.c linux-2.6.38.2/arch/x86/kernel/paravirt.c
13275--- linux-2.6.38.2/arch/x86/kernel/paravirt.c 2011-03-14 21:20:32.000000000 -0400
13276+++ linux-2.6.38.2/arch/x86/kernel/paravirt.c 2011-03-21 18:31:35.000000000 -0400
13277@@ -122,7 +122,7 @@ unsigned paravirt_patch_jmp(void *insnbu
13278 * corresponding structure. */
13279 static void *get_call_destination(u8 type)
13280 {
13281- struct paravirt_patch_template tmpl = {
13282+ const struct paravirt_patch_template tmpl = {
13283 .pv_init_ops = pv_init_ops,
13284 .pv_time_ops = pv_time_ops,
13285 .pv_cpu_ops = pv_cpu_ops,
13286@@ -145,14 +145,14 @@ unsigned paravirt_patch_default(u8 type,
13287 if (opfunc == NULL)
13288 /* If there's no function, patch it with a ud2a (BUG) */
13289 ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a));
13290- else if (opfunc == _paravirt_nop)
13291+ else if (opfunc == (void *)_paravirt_nop)
13292 /* If the operation is a nop, then nop the callsite */
13293 ret = paravirt_patch_nop();
13294
13295 /* identity functions just return their single argument */
13296- else if (opfunc == _paravirt_ident_32)
13297+ else if (opfunc == (void *)_paravirt_ident_32)
13298 ret = paravirt_patch_ident_32(insnbuf, len);
13299- else if (opfunc == _paravirt_ident_64)
13300+ else if (opfunc == (void *)_paravirt_ident_64)
13301 ret = paravirt_patch_ident_64(insnbuf, len);
13302
13303 else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) ||
13304@@ -178,7 +178,7 @@ unsigned paravirt_patch_insns(void *insn
13305 if (insn_len > len || start == NULL)
13306 insn_len = len;
13307 else
13308- memcpy(insnbuf, start, insn_len);
13309+ memcpy(insnbuf, ktla_ktva(start), insn_len);
13310
13311 return insn_len;
13312 }
13313@@ -294,22 +294,22 @@ void arch_flush_lazy_mmu_mode(void)
13314 preempt_enable();
13315 }
13316
13317-struct pv_info pv_info = {
13318+struct pv_info pv_info __read_only = {
13319 .name = "bare hardware",
13320 .paravirt_enabled = 0,
13321 .kernel_rpl = 0,
13322 .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */
13323 };
13324
13325-struct pv_init_ops pv_init_ops = {
13326+struct pv_init_ops pv_init_ops __read_only = {
13327 .patch = native_patch,
13328 };
13329
13330-struct pv_time_ops pv_time_ops = {
13331+struct pv_time_ops pv_time_ops __read_only = {
13332 .sched_clock = native_sched_clock,
13333 };
13334
13335-struct pv_irq_ops pv_irq_ops = {
13336+struct pv_irq_ops pv_irq_ops __read_only = {
13337 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
13338 .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
13339 .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
13340@@ -321,7 +321,7 @@ struct pv_irq_ops pv_irq_ops = {
13341 #endif
13342 };
13343
13344-struct pv_cpu_ops pv_cpu_ops = {
13345+struct pv_cpu_ops pv_cpu_ops __read_only = {
13346 .cpuid = native_cpuid,
13347 .get_debugreg = native_get_debugreg,
13348 .set_debugreg = native_set_debugreg,
13349@@ -382,7 +382,7 @@ struct pv_cpu_ops pv_cpu_ops = {
13350 .end_context_switch = paravirt_nop,
13351 };
13352
13353-struct pv_apic_ops pv_apic_ops = {
13354+struct pv_apic_ops pv_apic_ops __read_only = {
13355 #ifdef CONFIG_X86_LOCAL_APIC
13356 .startup_ipi_hook = paravirt_nop,
13357 #endif
13358@@ -396,7 +396,7 @@ struct pv_apic_ops pv_apic_ops = {
13359 #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64)
13360 #endif
13361
13362-struct pv_mmu_ops pv_mmu_ops = {
13363+struct pv_mmu_ops pv_mmu_ops __read_only = {
13364
13365 .read_cr2 = native_read_cr2,
13366 .write_cr2 = native_write_cr2,
13367@@ -465,6 +465,12 @@ struct pv_mmu_ops pv_mmu_ops = {
13368 },
13369
13370 .set_fixmap = native_set_fixmap,
13371+
13372+#ifdef CONFIG_PAX_KERNEXEC
13373+ .pax_open_kernel = native_pax_open_kernel,
13374+ .pax_close_kernel = native_pax_close_kernel,
13375+#endif
13376+
13377 };
13378
13379 EXPORT_SYMBOL_GPL(pv_time_ops);
13380diff -urNp linux-2.6.38.2/arch/x86/kernel/paravirt-spinlocks.c linux-2.6.38.2/arch/x86/kernel/paravirt-spinlocks.c
13381--- linux-2.6.38.2/arch/x86/kernel/paravirt-spinlocks.c 2011-03-14 21:20:32.000000000 -0400
13382+++ linux-2.6.38.2/arch/x86/kernel/paravirt-spinlocks.c 2011-03-21 18:31:35.000000000 -0400
13383@@ -13,7 +13,7 @@ default_spin_lock_flags(arch_spinlock_t
13384 arch_spin_lock(lock);
13385 }
13386
13387-struct pv_lock_ops pv_lock_ops = {
13388+struct pv_lock_ops pv_lock_ops __read_only = {
13389 #ifdef CONFIG_SMP
13390 .spin_is_locked = __ticket_spin_is_locked,
13391 .spin_is_contended = __ticket_spin_is_contended,
13392diff -urNp linux-2.6.38.2/arch/x86/kernel/pci-calgary_64.c linux-2.6.38.2/arch/x86/kernel/pci-calgary_64.c
13393--- linux-2.6.38.2/arch/x86/kernel/pci-calgary_64.c 2011-03-14 21:20:32.000000000 -0400
13394+++ linux-2.6.38.2/arch/x86/kernel/pci-calgary_64.c 2011-03-21 18:31:35.000000000 -0400
13395@@ -476,7 +476,7 @@ static void calgary_free_coherent(struct
13396 free_pages((unsigned long)vaddr, get_order(size));
13397 }
13398
13399-static struct dma_map_ops calgary_dma_ops = {
13400+static const struct dma_map_ops calgary_dma_ops = {
13401 .alloc_coherent = calgary_alloc_coherent,
13402 .free_coherent = calgary_free_coherent,
13403 .map_sg = calgary_map_sg,
13404diff -urNp linux-2.6.38.2/arch/x86/kernel/pci-dma.c linux-2.6.38.2/arch/x86/kernel/pci-dma.c
13405--- linux-2.6.38.2/arch/x86/kernel/pci-dma.c 2011-03-14 21:20:32.000000000 -0400
13406+++ linux-2.6.38.2/arch/x86/kernel/pci-dma.c 2011-03-21 18:31:35.000000000 -0400
13407@@ -16,7 +16,7 @@
13408
13409 static int forbid_dac __read_mostly;
13410
13411-struct dma_map_ops *dma_ops = &nommu_dma_ops;
13412+const struct dma_map_ops *dma_ops = &nommu_dma_ops;
13413 EXPORT_SYMBOL(dma_ops);
13414
13415 static int iommu_sac_force __read_mostly;
13416@@ -250,7 +250,7 @@ early_param("iommu", iommu_setup);
13417
13418 int dma_supported(struct device *dev, u64 mask)
13419 {
13420- struct dma_map_ops *ops = get_dma_ops(dev);
13421+ const struct dma_map_ops *ops = get_dma_ops(dev);
13422
13423 #ifdef CONFIG_PCI
13424 if (mask > 0xffffffff && forbid_dac > 0) {
13425diff -urNp linux-2.6.38.2/arch/x86/kernel/pci-gart_64.c linux-2.6.38.2/arch/x86/kernel/pci-gart_64.c
13426--- linux-2.6.38.2/arch/x86/kernel/pci-gart_64.c 2011-03-14 21:20:32.000000000 -0400
13427+++ linux-2.6.38.2/arch/x86/kernel/pci-gart_64.c 2011-03-21 18:31:35.000000000 -0400
13428@@ -706,7 +706,7 @@ static __init int init_amd_gatt(struct a
13429 return -1;
13430 }
13431
13432-static struct dma_map_ops gart_dma_ops = {
13433+static const struct dma_map_ops gart_dma_ops = {
13434 .map_sg = gart_map_sg,
13435 .unmap_sg = gart_unmap_sg,
13436 .map_page = gart_map_page,
13437diff -urNp linux-2.6.38.2/arch/x86/kernel/pci-nommu.c linux-2.6.38.2/arch/x86/kernel/pci-nommu.c
13438--- linux-2.6.38.2/arch/x86/kernel/pci-nommu.c 2011-03-14 21:20:32.000000000 -0400
13439+++ linux-2.6.38.2/arch/x86/kernel/pci-nommu.c 2011-03-21 18:31:35.000000000 -0400
13440@@ -95,7 +95,7 @@ static void nommu_sync_sg_for_device(str
13441 flush_write_buffers();
13442 }
13443
13444-struct dma_map_ops nommu_dma_ops = {
13445+const struct dma_map_ops nommu_dma_ops = {
13446 .alloc_coherent = dma_generic_alloc_coherent,
13447 .free_coherent = nommu_free_coherent,
13448 .map_sg = nommu_map_sg,
13449diff -urNp linux-2.6.38.2/arch/x86/kernel/pci-swiotlb.c linux-2.6.38.2/arch/x86/kernel/pci-swiotlb.c
13450--- linux-2.6.38.2/arch/x86/kernel/pci-swiotlb.c 2011-03-14 21:20:32.000000000 -0400
13451+++ linux-2.6.38.2/arch/x86/kernel/pci-swiotlb.c 2011-03-21 18:31:35.000000000 -0400
13452@@ -26,7 +26,7 @@ static void *x86_swiotlb_alloc_coherent(
13453 return swiotlb_alloc_coherent(hwdev, size, dma_handle, flags);
13454 }
13455
13456-static struct dma_map_ops swiotlb_dma_ops = {
13457+static const struct dma_map_ops swiotlb_dma_ops = {
13458 .mapping_error = swiotlb_dma_mapping_error,
13459 .alloc_coherent = x86_swiotlb_alloc_coherent,
13460 .free_coherent = swiotlb_free_coherent,
13461diff -urNp linux-2.6.38.2/arch/x86/kernel/process_32.c linux-2.6.38.2/arch/x86/kernel/process_32.c
13462--- linux-2.6.38.2/arch/x86/kernel/process_32.c 2011-03-14 21:20:32.000000000 -0400
13463+++ linux-2.6.38.2/arch/x86/kernel/process_32.c 2011-03-21 18:31:35.000000000 -0400
13464@@ -65,6 +65,7 @@ asmlinkage void ret_from_fork(void) __as
13465 unsigned long thread_saved_pc(struct task_struct *tsk)
13466 {
13467 return ((unsigned long *)tsk->thread.sp)[3];
13468+//XXX return tsk->thread.eip;
13469 }
13470
13471 #ifndef CONFIG_SMP
13472@@ -126,15 +127,14 @@ void __show_regs(struct pt_regs *regs, i
13473 unsigned long sp;
13474 unsigned short ss, gs;
13475
13476- if (user_mode_vm(regs)) {
13477+ if (user_mode(regs)) {
13478 sp = regs->sp;
13479 ss = regs->ss & 0xffff;
13480- gs = get_user_gs(regs);
13481 } else {
13482 sp = kernel_stack_pointer(regs);
13483 savesegment(ss, ss);
13484- savesegment(gs, gs);
13485 }
13486+ gs = get_user_gs(regs);
13487
13488 show_regs_common();
13489
13490@@ -196,7 +196,7 @@ int copy_thread(unsigned long clone_flag
13491 struct task_struct *tsk;
13492 int err;
13493
13494- childregs = task_pt_regs(p);
13495+ childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
13496 *childregs = *regs;
13497 childregs->ax = 0;
13498 childregs->sp = sp;
13499@@ -293,7 +293,7 @@ __switch_to(struct task_struct *prev_p,
13500 struct thread_struct *prev = &prev_p->thread,
13501 *next = &next_p->thread;
13502 int cpu = smp_processor_id();
13503- struct tss_struct *tss = &per_cpu(init_tss, cpu);
13504+ struct tss_struct *tss = init_tss + cpu;
13505 bool preload_fpu;
13506
13507 /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
13508@@ -328,6 +328,10 @@ __switch_to(struct task_struct *prev_p,
13509 */
13510 lazy_save_gs(prev->gs);
13511
13512+#ifdef CONFIG_PAX_MEMORY_UDEREF
13513+ __set_fs(task_thread_info(next_p)->addr_limit);
13514+#endif
13515+
13516 /*
13517 * Load the per-thread Thread-Local Storage descriptor.
13518 */
13519@@ -404,3 +408,27 @@ unsigned long get_wchan(struct task_stru
13520 return 0;
13521 }
13522
13523+#ifdef CONFIG_PAX_RANDKSTACK
13524+asmlinkage void pax_randomize_kstack(void)
13525+{
13526+ struct thread_struct *thread = &current->thread;
13527+ unsigned long time;
13528+
13529+ if (!randomize_va_space)
13530+ return;
13531+
13532+ rdtscl(time);
13533+
13534+ /* P4 seems to return a 0 LSB, ignore it */
13535+#ifdef CONFIG_MPENTIUM4
13536+ time &= 0x1EUL;
13537+ time <<= 2;
13538+#else
13539+ time &= 0xFUL;
13540+ time <<= 3;
13541+#endif
13542+
13543+ thread->sp0 ^= time;
13544+ load_sp0(init_tss + smp_processor_id(), thread);
13545+}
13546+#endif
13547diff -urNp linux-2.6.38.2/arch/x86/kernel/process_64.c linux-2.6.38.2/arch/x86/kernel/process_64.c
13548--- linux-2.6.38.2/arch/x86/kernel/process_64.c 2011-03-14 21:20:32.000000000 -0400
13549+++ linux-2.6.38.2/arch/x86/kernel/process_64.c 2011-03-21 18:31:35.000000000 -0400
13550@@ -87,7 +87,7 @@ static void __exit_idle(void)
13551 void exit_idle(void)
13552 {
13553 /* idle loop has pid 0 */
13554- if (current->pid)
13555+ if (task_pid_nr(current))
13556 return;
13557 __exit_idle();
13558 }
13559@@ -376,7 +376,7 @@ __switch_to(struct task_struct *prev_p,
13560 struct thread_struct *prev = &prev_p->thread;
13561 struct thread_struct *next = &next_p->thread;
13562 int cpu = smp_processor_id();
13563- struct tss_struct *tss = &per_cpu(init_tss, cpu);
13564+ struct tss_struct *tss = init_tss + cpu;
13565 unsigned fsindex, gsindex;
13566 bool preload_fpu;
13567
13568@@ -529,12 +529,11 @@ unsigned long get_wchan(struct task_stru
13569 if (!p || p == current || p->state == TASK_RUNNING)
13570 return 0;
13571 stack = (unsigned long)task_stack_page(p);
13572- if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
13573+ if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE-8-sizeof(u64))
13574 return 0;
13575 fp = *(u64 *)(p->thread.sp);
13576 do {
13577- if (fp < (unsigned long)stack ||
13578- fp >= (unsigned long)stack+THREAD_SIZE)
13579+ if (fp < stack || fp > stack+THREAD_SIZE-8-sizeof(u64))
13580 return 0;
13581 ip = *(u64 *)(fp+8);
13582 if (!in_sched_functions(ip))
13583diff -urNp linux-2.6.38.2/arch/x86/kernel/process.c linux-2.6.38.2/arch/x86/kernel/process.c
13584--- linux-2.6.38.2/arch/x86/kernel/process.c 2011-03-14 21:20:32.000000000 -0400
13585+++ linux-2.6.38.2/arch/x86/kernel/process.c 2011-03-28 16:56:19.000000000 -0400
13586@@ -70,7 +70,7 @@ void exit_thread(void)
13587 unsigned long *bp = t->io_bitmap_ptr;
13588
13589 if (bp) {
13590- struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
13591+ struct tss_struct *tss = init_tss + get_cpu();
13592
13593 t->io_bitmap_ptr = NULL;
13594 clear_thread_flag(TIF_IO_BITMAP);
13595@@ -106,7 +106,7 @@ void show_regs_common(void)
13596
13597 printk(KERN_CONT "\n");
13598 printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s",
13599- current->pid, current->comm, print_tainted(),
13600+ task_pid_nr(current), current->comm, print_tainted(),
13601 init_utsname()->release,
13602 (int)strcspn(init_utsname()->version, " "),
13603 init_utsname()->version);
13604@@ -123,6 +123,9 @@ void flush_thread(void)
13605 {
13606 struct task_struct *tsk = current;
13607
13608+#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_PAX_MEMORY_UDEREF)
13609+ loadsegment(gs, 0);
13610+#endif
13611 flush_ptrace_hw_breakpoint(tsk);
13612 memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
13613 /*
13614@@ -285,10 +288,10 @@ int kernel_thread(int (*fn)(void *), voi
13615 regs.di = (unsigned long) arg;
13616
13617 #ifdef CONFIG_X86_32
13618- regs.ds = __USER_DS;
13619- regs.es = __USER_DS;
13620+ regs.ds = __KERNEL_DS;
13621+ regs.es = __KERNEL_DS;
13622 regs.fs = __KERNEL_PERCPU;
13623- regs.gs = __KERNEL_STACK_CANARY;
13624+ savesegment(gs, regs.gs);
13625 #else
13626 regs.ss = __KERNEL_DS;
13627 #endif
13628@@ -667,17 +670,3 @@ static int __init idle_setup(char *str)
13629 return 0;
13630 }
13631 early_param("idle", idle_setup);
13632-
13633-unsigned long arch_align_stack(unsigned long sp)
13634-{
13635- if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
13636- sp -= get_random_int() % 8192;
13637- return sp & ~0xf;
13638-}
13639-
13640-unsigned long arch_randomize_brk(struct mm_struct *mm)
13641-{
13642- unsigned long range_end = mm->brk + 0x02000000;
13643- return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
13644-}
13645-
13646diff -urNp linux-2.6.38.2/arch/x86/kernel/ptrace.c linux-2.6.38.2/arch/x86/kernel/ptrace.c
13647--- linux-2.6.38.2/arch/x86/kernel/ptrace.c 2011-03-14 21:20:32.000000000 -0400
13648+++ linux-2.6.38.2/arch/x86/kernel/ptrace.c 2011-03-21 18:31:35.000000000 -0400
13649@@ -805,7 +805,7 @@ long arch_ptrace(struct task_struct *chi
13650 unsigned long addr, unsigned long data)
13651 {
13652 int ret;
13653- unsigned long __user *datap = (unsigned long __user *)data;
13654+ unsigned long __user *datap = (__force unsigned long __user *)data;
13655
13656 switch (request) {
13657 /* read the word at location addr in the USER area. */
13658@@ -890,14 +890,14 @@ long arch_ptrace(struct task_struct *chi
13659 if ((int) addr < 0)
13660 return -EIO;
13661 ret = do_get_thread_area(child, addr,
13662- (struct user_desc __user *)data);
13663+ (__force struct user_desc __user *) data);
13664 break;
13665
13666 case PTRACE_SET_THREAD_AREA:
13667 if ((int) addr < 0)
13668 return -EIO;
13669 ret = do_set_thread_area(child, addr,
13670- (struct user_desc __user *)data, 0);
13671+ (__force struct user_desc __user *) data, 0);
13672 break;
13673 #endif
13674
13675@@ -1314,7 +1314,7 @@ static void fill_sigtrap_info(struct tas
13676 memset(info, 0, sizeof(*info));
13677 info->si_signo = SIGTRAP;
13678 info->si_code = si_code;
13679- info->si_addr = user_mode_vm(regs) ? (void __user *)regs->ip : NULL;
13680+ info->si_addr = user_mode(regs) ? (__force void __user *)regs->ip : NULL;
13681 }
13682
13683 void user_single_step_siginfo(struct task_struct *tsk,
13684@@ -1347,7 +1347,7 @@ void send_sigtrap(struct task_struct *ts
13685 * We must return the syscall number to actually look up in the table.
13686 * This can be -1L to skip running any syscall at all.
13687 */
13688-asmregparm long syscall_trace_enter(struct pt_regs *regs)
13689+long syscall_trace_enter(struct pt_regs *regs)
13690 {
13691 long ret = 0;
13692
13693@@ -1392,7 +1392,7 @@ asmregparm long syscall_trace_enter(stru
13694 return ret ?: regs->orig_ax;
13695 }
13696
13697-asmregparm void syscall_trace_leave(struct pt_regs *regs)
13698+void syscall_trace_leave(struct pt_regs *regs)
13699 {
13700 bool step;
13701
13702diff -urNp linux-2.6.38.2/arch/x86/kernel/reboot.c linux-2.6.38.2/arch/x86/kernel/reboot.c
13703--- linux-2.6.38.2/arch/x86/kernel/reboot.c 2011-03-14 21:20:32.000000000 -0400
13704+++ linux-2.6.38.2/arch/x86/kernel/reboot.c 2011-03-21 18:31:35.000000000 -0400
13705@@ -34,7 +34,7 @@ void (*pm_power_off)(void);
13706 EXPORT_SYMBOL(pm_power_off);
13707
13708 static const struct desc_ptr no_idt = {};
13709-static int reboot_mode;
13710+static unsigned short reboot_mode;
13711 enum reboot_type reboot_type = BOOT_KBD;
13712 int reboot_force;
13713
13714@@ -293,7 +293,7 @@ static struct dmi_system_id __initdata r
13715 DMI_MATCH(DMI_BOARD_NAME, "VersaLogic Menlow board"),
13716 },
13717 },
13718- { }
13719+ { NULL, NULL, {{0, {0}}}, NULL}
13720 };
13721
13722 static int __init reboot_init(void)
13723@@ -309,12 +309,12 @@ core_initcall(reboot_init);
13724 controller to pulse the CPU reset line, which is more thorough, but
13725 doesn't work with at least one type of 486 motherboard. It is easy
13726 to stop this code working; hence the copious comments. */
13727-static const unsigned long long
13728-real_mode_gdt_entries [3] =
13729+static struct desc_struct
13730+real_mode_gdt_entries [3] __read_only =
13731 {
13732- 0x0000000000000000ULL, /* Null descriptor */
13733- 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */
13734- 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */
13735+ GDT_ENTRY_INIT(0, 0, 0), /* Null descriptor */
13736+ GDT_ENTRY_INIT(0x9b, 0, 0xffff), /* 16-bit real-mode 64k code at 0x00000000 */
13737+ GDT_ENTRY_INIT(0x93, 0x100, 0xffff) /* 16-bit real-mode 64k data at 0x00000100 */
13738 };
13739
13740 static const struct desc_ptr
13741@@ -363,7 +363,7 @@ static const unsigned char jump_to_bios
13742 * specified by the code and length parameters.
13743 * We assume that length will aways be less that 100!
13744 */
13745-void machine_real_restart(const unsigned char *code, int length)
13746+void machine_real_restart(const unsigned char *code, unsigned int length)
13747 {
13748 local_irq_disable();
13749
13750@@ -390,16 +390,15 @@ void machine_real_restart(const unsigned
13751 boot)". This seems like a fairly standard thing that gets set by
13752 REBOOT.COM programs, and the previous reset routine did this
13753 too. */
13754- *((unsigned short *)0x472) = reboot_mode;
13755+ *(unsigned short *)(__va(0x472)) = reboot_mode;
13756
13757 /* For the switch to real mode, copy some code to low memory. It has
13758 to be in the first 64k because it is running in 16-bit mode, and it
13759 has to have the same physical and virtual address, because it turns
13760 off paging. Copy it near the end of the first page, out of the way
13761 of BIOS variables. */
13762- memcpy((void *)(0x1000 - sizeof(real_mode_switch) - 100),
13763- real_mode_switch, sizeof (real_mode_switch));
13764- memcpy((void *)(0x1000 - 100), code, length);
13765+ memcpy(__va(0x1000 - sizeof (real_mode_switch) - 100), real_mode_switch, sizeof (real_mode_switch));
13766+ memcpy(__va(0x1000 - 100), code, length);
13767
13768 /* Set up the IDT for real mode. */
13769 load_idt(&real_mode_idt);
13770diff -urNp linux-2.6.38.2/arch/x86/kernel/setup.c linux-2.6.38.2/arch/x86/kernel/setup.c
13771--- linux-2.6.38.2/arch/x86/kernel/setup.c 2011-03-28 17:42:40.000000000 -0400
13772+++ linux-2.6.38.2/arch/x86/kernel/setup.c 2011-03-28 17:42:53.000000000 -0400
13773@@ -657,7 +657,7 @@ static void __init trim_bios_range(void)
13774 * area (640->1Mb) as ram even though it is not.
13775 * take them out.
13776 */
13777- e820_remove_range(BIOS_BEGIN, BIOS_END - BIOS_BEGIN, E820_RAM, 1);
13778+ e820_remove_range(ISA_START_ADDRESS, ISA_END_ADDRESS - ISA_START_ADDRESS, E820_RAM, 1);
13779 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
13780 }
13781
13782@@ -793,14 +793,14 @@ void __init setup_arch(char **cmdline_p)
13783
13784 if (!boot_params.hdr.root_flags)
13785 root_mountflags &= ~MS_RDONLY;
13786- init_mm.start_code = (unsigned long) _text;
13787- init_mm.end_code = (unsigned long) _etext;
13788+ init_mm.start_code = ktla_ktva((unsigned long) _text);
13789+ init_mm.end_code = ktla_ktva((unsigned long) _etext);
13790 init_mm.end_data = (unsigned long) _edata;
13791 init_mm.brk = _brk_end;
13792
13793- code_resource.start = virt_to_phys(_text);
13794- code_resource.end = virt_to_phys(_etext)-1;
13795- data_resource.start = virt_to_phys(_etext);
13796+ code_resource.start = virt_to_phys(ktla_ktva(_text));
13797+ code_resource.end = virt_to_phys(ktla_ktva(_etext))-1;
13798+ data_resource.start = virt_to_phys(_sdata);
13799 data_resource.end = virt_to_phys(_edata)-1;
13800 bss_resource.start = virt_to_phys(&__bss_start);
13801 bss_resource.end = virt_to_phys(&__bss_stop)-1;
13802diff -urNp linux-2.6.38.2/arch/x86/kernel/setup_percpu.c linux-2.6.38.2/arch/x86/kernel/setup_percpu.c
13803--- linux-2.6.38.2/arch/x86/kernel/setup_percpu.c 2011-03-14 21:20:32.000000000 -0400
13804+++ linux-2.6.38.2/arch/x86/kernel/setup_percpu.c 2011-03-21 18:31:35.000000000 -0400
13805@@ -21,19 +21,17 @@
13806 #include <asm/cpu.h>
13807 #include <asm/stackprotector.h>
13808
13809-DEFINE_PER_CPU(int, cpu_number);
13810+#ifdef CONFIG_SMP
13811+DEFINE_PER_CPU(unsigned int, cpu_number);
13812 EXPORT_PER_CPU_SYMBOL(cpu_number);
13813+#endif
13814
13815-#ifdef CONFIG_X86_64
13816 #define BOOT_PERCPU_OFFSET ((unsigned long)__per_cpu_load)
13817-#else
13818-#define BOOT_PERCPU_OFFSET 0
13819-#endif
13820
13821 DEFINE_PER_CPU(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET;
13822 EXPORT_PER_CPU_SYMBOL(this_cpu_off);
13823
13824-unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = {
13825+unsigned long __per_cpu_offset[NR_CPUS] __read_only = {
13826 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
13827 };
13828 EXPORT_SYMBOL(__per_cpu_offset);
13829@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(
13830 {
13831 #ifdef CONFIG_X86_32
13832 struct desc_struct gdt;
13833+ unsigned long base = per_cpu_offset(cpu);
13834
13835- pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF,
13836- 0x2 | DESCTYPE_S, 0x8);
13837- gdt.s = 1;
13838+ pack_descriptor(&gdt, base, (VMALLOC_END - base - 1) >> PAGE_SHIFT,
13839+ 0x83 | DESCTYPE_S, 0xC);
13840 write_gdt_entry(get_cpu_gdt_table(cpu),
13841 GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
13842 #endif
13843@@ -207,6 +205,11 @@ void __init setup_per_cpu_areas(void)
13844 /* alrighty, percpu areas up and running */
13845 delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
13846 for_each_possible_cpu(cpu) {
13847+#ifdef CONFIG_CC_STACKPROTECTOR
13848+#ifdef CONFIG_x86_32
13849+ unsigned long canary = per_cpu(stack_canary, cpu);
13850+#endif
13851+#endif
13852 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
13853 per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
13854 per_cpu(cpu_number, cpu) = cpu;
13855@@ -243,6 +246,12 @@ void __init setup_per_cpu_areas(void)
13856 set_cpu_numa_node(cpu, early_cpu_to_node(cpu));
13857 #endif
13858 #endif
13859+#ifdef CONFIG_CC_STACKPROTECTOR
13860+#ifdef CONFIG_x86_32
13861+ if (cpu == boot_cpu_id)
13862+ per_cpu(stack_canary, cpu) = canary;
13863+#endif
13864+#endif
13865 /*
13866 * Up to this point, the boot CPU has been using .init.data
13867 * area. Reload any changed state for the boot CPU.
13868diff -urNp linux-2.6.38.2/arch/x86/kernel/signal.c linux-2.6.38.2/arch/x86/kernel/signal.c
13869--- linux-2.6.38.2/arch/x86/kernel/signal.c 2011-03-14 21:20:32.000000000 -0400
13870+++ linux-2.6.38.2/arch/x86/kernel/signal.c 2011-03-21 18:31:35.000000000 -0400
13871@@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsi
13872 * Align the stack pointer according to the i386 ABI,
13873 * i.e. so that on function entry ((sp + 4) & 15) == 0.
13874 */
13875- sp = ((sp + 4) & -16ul) - 4;
13876+ sp = ((sp - 12) & -16ul) - 4;
13877 #else /* !CONFIG_X86_32 */
13878 sp = round_down(sp, 16) - 8;
13879 #endif
13880@@ -249,11 +249,11 @@ get_sigframe(struct k_sigaction *ka, str
13881 * Return an always-bogus address instead so we will die with SIGSEGV.
13882 */
13883 if (onsigstack && !likely(on_sig_stack(sp)))
13884- return (void __user *)-1L;
13885+ return (__force void __user *)-1L;
13886
13887 /* save i387 state */
13888 if (used_math() && save_i387_xstate(*fpstate) < 0)
13889- return (void __user *)-1L;
13890+ return (__force void __user *)-1L;
13891
13892 return (void __user *)sp;
13893 }
13894@@ -308,9 +308,9 @@ __setup_frame(int sig, struct k_sigactio
13895 }
13896
13897 if (current->mm->context.vdso)
13898- restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
13899+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
13900 else
13901- restorer = &frame->retcode;
13902+ restorer = (void __user *)&frame->retcode;
13903 if (ka->sa.sa_flags & SA_RESTORER)
13904 restorer = ka->sa.sa_restorer;
13905
13906@@ -324,7 +324,7 @@ __setup_frame(int sig, struct k_sigactio
13907 * reasons and because gdb uses it as a signature to notice
13908 * signal handler stack frames.
13909 */
13910- err |= __put_user(*((u64 *)&retcode), (u64 *)frame->retcode);
13911+ err |= __put_user(*((u64 *)&retcode), (u64 __user *)frame->retcode);
13912
13913 if (err)
13914 return -EFAULT;
13915@@ -378,7 +378,10 @@ static int __setup_rt_frame(int sig, str
13916 err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
13917
13918 /* Set up to return from userspace. */
13919- restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
13920+ if (current->mm->context.vdso)
13921+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
13922+ else
13923+ restorer = (void __user *)&frame->retcode;
13924 if (ka->sa.sa_flags & SA_RESTORER)
13925 restorer = ka->sa.sa_restorer;
13926 put_user_ex(restorer, &frame->pretcode);
13927@@ -390,7 +393,7 @@ static int __setup_rt_frame(int sig, str
13928 * reasons and because gdb uses it as a signature to notice
13929 * signal handler stack frames.
13930 */
13931- put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode);
13932+ put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode);
13933 } put_user_catch(err);
13934
13935 if (err)
13936@@ -780,7 +783,7 @@ static void do_signal(struct pt_regs *re
13937 * X86_32: vm86 regs switched out by assembly code before reaching
13938 * here, so testing against kernel CS suffices.
13939 */
13940- if (!user_mode(regs))
13941+ if (!user_mode_novm(regs))
13942 return;
13943
13944 if (current_thread_info()->status & TS_RESTORE_SIGMASK)
13945diff -urNp linux-2.6.38.2/arch/x86/kernel/smpboot.c linux-2.6.38.2/arch/x86/kernel/smpboot.c
13946--- linux-2.6.38.2/arch/x86/kernel/smpboot.c 2011-03-14 21:20:32.000000000 -0400
13947+++ linux-2.6.38.2/arch/x86/kernel/smpboot.c 2011-03-21 18:31:35.000000000 -0400
13948@@ -783,7 +783,11 @@ do_rest:
13949 (unsigned long)task_stack_page(c_idle.idle) -
13950 KERNEL_STACK_OFFSET + THREAD_SIZE;
13951 #endif
13952+
13953+ pax_open_kernel();
13954 early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
13955+ pax_close_kernel();
13956+
13957 initial_code = (unsigned long)start_secondary;
13958 stack_start = c_idle.idle->thread.sp;
13959
13960@@ -923,6 +927,12 @@ int __cpuinit native_cpu_up(unsigned int
13961
13962 per_cpu(cpu_state, cpu) = CPU_UP_PREPARE;
13963
13964+#ifdef CONFIG_PAX_PER_CPU_PGD
13965+ clone_pgd_range(get_cpu_pgd(cpu) + KERNEL_PGD_BOUNDARY,
13966+ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
13967+ KERNEL_PGD_PTRS);
13968+#endif
13969+
13970 err = do_boot_cpu(apicid, cpu);
13971 if (err) {
13972 pr_debug("do_boot_cpu failed %d\n", err);
13973diff -urNp linux-2.6.38.2/arch/x86/kernel/step.c linux-2.6.38.2/arch/x86/kernel/step.c
13974--- linux-2.6.38.2/arch/x86/kernel/step.c 2011-03-14 21:20:32.000000000 -0400
13975+++ linux-2.6.38.2/arch/x86/kernel/step.c 2011-03-21 18:31:35.000000000 -0400
13976@@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struc
13977 struct desc_struct *desc;
13978 unsigned long base;
13979
13980- seg &= ~7UL;
13981+ seg >>= 3;
13982
13983 mutex_lock(&child->mm->context.lock);
13984- if (unlikely((seg >> 3) >= child->mm->context.size))
13985+ if (unlikely(seg >= child->mm->context.size))
13986 addr = -1L; /* bogus selector, access would fault */
13987 else {
13988 desc = child->mm->context.ldt + seg;
13989@@ -42,7 +42,8 @@ unsigned long convert_ip_to_linear(struc
13990 addr += base;
13991 }
13992 mutex_unlock(&child->mm->context.lock);
13993- }
13994+ } else if (seg == __KERNEL_CS || seg == __KERNEXEC_KERNEL_CS)
13995+ addr = ktla_ktva(addr);
13996
13997 return addr;
13998 }
13999@@ -53,6 +54,9 @@ static int is_setting_trap_flag(struct t
14000 unsigned char opcode[15];
14001 unsigned long addr = convert_ip_to_linear(child, regs);
14002
14003+ if (addr == -EINVAL)
14004+ return 0;
14005+
14006 copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
14007 for (i = 0; i < copied; i++) {
14008 switch (opcode[i]) {
14009@@ -74,7 +78,7 @@ static int is_setting_trap_flag(struct t
14010
14011 #ifdef CONFIG_X86_64
14012 case 0x40 ... 0x4f:
14013- if (regs->cs != __USER_CS)
14014+ if ((regs->cs & 0xffff) != __USER_CS)
14015 /* 32-bit mode: register increment */
14016 return 0;
14017 /* 64-bit mode: REX prefix */
14018diff -urNp linux-2.6.38.2/arch/x86/kernel/syscall_table_32.S linux-2.6.38.2/arch/x86/kernel/syscall_table_32.S
14019--- linux-2.6.38.2/arch/x86/kernel/syscall_table_32.S 2011-03-14 21:20:32.000000000 -0400
14020+++ linux-2.6.38.2/arch/x86/kernel/syscall_table_32.S 2011-03-21 18:31:35.000000000 -0400
14021@@ -1,3 +1,4 @@
14022+.section .rodata,"a",@progbits
14023 ENTRY(sys_call_table)
14024 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
14025 .long sys_exit
14026diff -urNp linux-2.6.38.2/arch/x86/kernel/sys_i386_32.c linux-2.6.38.2/arch/x86/kernel/sys_i386_32.c
14027--- linux-2.6.38.2/arch/x86/kernel/sys_i386_32.c 2011-03-14 21:20:32.000000000 -0400
14028+++ linux-2.6.38.2/arch/x86/kernel/sys_i386_32.c 2011-03-21 23:47:41.000000000 -0400
14029@@ -24,17 +24,224 @@
14030
14031 #include <asm/syscalls.h>
14032
14033-/*
14034- * Do a system call from kernel instead of calling sys_execve so we
14035- * end up with proper pt_regs.
14036- */
14037-int kernel_execve(const char *filename,
14038- const char *const argv[],
14039- const char *const envp[])
14040+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
14041 {
14042- long __res;
14043- asm volatile ("int $0x80"
14044- : "=a" (__res)
14045- : "0" (__NR_execve), "b" (filename), "c" (argv), "d" (envp) : "memory");
14046- return __res;
14047+ unsigned long pax_task_size = TASK_SIZE;
14048+
14049+#ifdef CONFIG_PAX_SEGMEXEC
14050+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
14051+ pax_task_size = SEGMEXEC_TASK_SIZE;
14052+#endif
14053+
14054+ if (len > pax_task_size || addr > pax_task_size - len)
14055+ return -EINVAL;
14056+
14057+ return 0;
14058+}
14059+
14060+unsigned long
14061+arch_get_unmapped_area(struct file *filp, unsigned long addr,
14062+ unsigned long len, unsigned long pgoff, unsigned long flags)
14063+{
14064+ struct mm_struct *mm = current->mm;
14065+ struct vm_area_struct *vma;
14066+ unsigned long start_addr, pax_task_size = TASK_SIZE;
14067+
14068+#ifdef CONFIG_PAX_SEGMEXEC
14069+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
14070+ pax_task_size = SEGMEXEC_TASK_SIZE;
14071+#endif
14072+
14073+ pax_task_size -= PAGE_SIZE;
14074+
14075+ if (len > pax_task_size)
14076+ return -ENOMEM;
14077+
14078+ if (flags & MAP_FIXED)
14079+ return addr;
14080+
14081+#ifdef CONFIG_PAX_RANDMMAP
14082+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
14083+#endif
14084+
14085+ if (addr) {
14086+ addr = PAGE_ALIGN(addr);
14087+ if (pax_task_size - len >= addr) {
14088+ vma = find_vma(mm, addr);
14089+ if (check_heap_stack_gap(vma, addr, len))
14090+ return addr;
14091+ }
14092+ }
14093+ if (len > mm->cached_hole_size) {
14094+ start_addr = addr = mm->free_area_cache;
14095+ } else {
14096+ start_addr = addr = mm->mmap_base;
14097+ mm->cached_hole_size = 0;
14098+ }
14099+
14100+#ifdef CONFIG_PAX_PAGEEXEC
14101+ if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) {
14102+ start_addr = 0x00110000UL;
14103+
14104+#ifdef CONFIG_PAX_RANDMMAP
14105+ if (mm->pax_flags & MF_PAX_RANDMMAP)
14106+ start_addr += mm->delta_mmap & 0x03FFF000UL;
14107+#endif
14108+
14109+ if (mm->start_brk <= start_addr && start_addr < mm->mmap_base)
14110+ start_addr = addr = mm->mmap_base;
14111+ else
14112+ addr = start_addr;
14113+ }
14114+#endif
14115+
14116+full_search:
14117+ for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
14118+ /* At this point: (!vma || addr < vma->vm_end). */
14119+ if (pax_task_size - len < addr) {
14120+ /*
14121+ * Start a new search - just in case we missed
14122+ * some holes.
14123+ */
14124+ if (start_addr != mm->mmap_base) {
14125+ start_addr = addr = mm->mmap_base;
14126+ mm->cached_hole_size = 0;
14127+ goto full_search;
14128+ }
14129+ return -ENOMEM;
14130+ }
14131+ if (check_heap_stack_gap(vma, addr, len))
14132+ break;
14133+ if (addr + mm->cached_hole_size < vma->vm_start)
14134+ mm->cached_hole_size = vma->vm_start - addr;
14135+ addr = vma->vm_end;
14136+ if (mm->start_brk <= addr && addr < mm->mmap_base) {
14137+ start_addr = addr = mm->mmap_base;
14138+ mm->cached_hole_size = 0;
14139+ goto full_search;
14140+ }
14141+ }
14142+
14143+ /*
14144+ * Remember the place where we stopped the search:
14145+ */
14146+ mm->free_area_cache = addr + len;
14147+ return addr;
14148+}
14149+
14150+unsigned long
14151+arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
14152+ const unsigned long len, const unsigned long pgoff,
14153+ const unsigned long flags)
14154+{
14155+ struct vm_area_struct *vma;
14156+ struct mm_struct *mm = current->mm;
14157+ unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE;
14158+
14159+#ifdef CONFIG_PAX_SEGMEXEC
14160+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
14161+ pax_task_size = SEGMEXEC_TASK_SIZE;
14162+#endif
14163+
14164+ pax_task_size -= PAGE_SIZE;
14165+
14166+ /* requested length too big for entire address space */
14167+ if (len > pax_task_size)
14168+ return -ENOMEM;
14169+
14170+ if (flags & MAP_FIXED)
14171+ return addr;
14172+
14173+#ifdef CONFIG_PAX_PAGEEXEC
14174+ if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE))
14175+ goto bottomup;
14176+#endif
14177+
14178+#ifdef CONFIG_PAX_RANDMMAP
14179+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
14180+#endif
14181+
14182+ /* requesting a specific address */
14183+ if (addr) {
14184+ addr = PAGE_ALIGN(addr);
14185+ if (pax_task_size - len >= addr) {
14186+ vma = find_vma(mm, addr);
14187+ if (check_heap_stack_gap(vma, addr, len))
14188+ return addr;
14189+ }
14190+ }
14191+
14192+ /* check if free_area_cache is useful for us */
14193+ if (len <= mm->cached_hole_size) {
14194+ mm->cached_hole_size = 0;
14195+ mm->free_area_cache = mm->mmap_base;
14196+ }
14197+
14198+ /* either no address requested or can't fit in requested address hole */
14199+ addr = mm->free_area_cache;
14200+
14201+ /* make sure it can fit in the remaining address space */
14202+ if (addr > len) {
14203+ vma = find_vma(mm, addr-len);
14204+ if (check_heap_stack_gap(vma, addr - len, len))
14205+ /* remember the address as a hint for next time */
14206+ return (mm->free_area_cache = addr-len);
14207+ }
14208+
14209+ if (mm->mmap_base < len)
14210+ goto bottomup;
14211+
14212+ addr = mm->mmap_base-len;
14213+
14214+ do {
14215+ /*
14216+ * Lookup failure means no vma is above this address,
14217+ * else if new region fits below vma->vm_start,
14218+ * return with success:
14219+ */
14220+ vma = find_vma(mm, addr);
14221+ if (check_heap_stack_gap(vma, addr, len))
14222+ /* remember the address as a hint for next time */
14223+ return (mm->free_area_cache = addr);
14224+
14225+ /* remember the largest hole we saw so far */
14226+ if (addr + mm->cached_hole_size < vma->vm_start)
14227+ mm->cached_hole_size = vma->vm_start - addr;
14228+
14229+ /* try just below the current vma->vm_start */
14230+ addr = skip_heap_stack_gap(vma, len);
14231+ } while (!IS_ERR_VALUE(addr));
14232+
14233+bottomup:
14234+ /*
14235+ * A failed mmap() very likely causes application failure,
14236+ * so fall back to the bottom-up function here. This scenario
14237+ * can happen with large stack limits and large mmap()
14238+ * allocations.
14239+ */
14240+
14241+#ifdef CONFIG_PAX_SEGMEXEC
14242+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
14243+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
14244+ else
14245+#endif
14246+
14247+ mm->mmap_base = TASK_UNMAPPED_BASE;
14248+
14249+#ifdef CONFIG_PAX_RANDMMAP
14250+ if (mm->pax_flags & MF_PAX_RANDMMAP)
14251+ mm->mmap_base += mm->delta_mmap;
14252+#endif
14253+
14254+ mm->free_area_cache = mm->mmap_base;
14255+ mm->cached_hole_size = ~0UL;
14256+ addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
14257+ /*
14258+ * Restore the topdown base:
14259+ */
14260+ mm->mmap_base = base;
14261+ mm->free_area_cache = base;
14262+ mm->cached_hole_size = ~0UL;
14263+
14264+ return addr;
14265 }
14266diff -urNp linux-2.6.38.2/arch/x86/kernel/sys_x86_64.c linux-2.6.38.2/arch/x86/kernel/sys_x86_64.c
14267--- linux-2.6.38.2/arch/x86/kernel/sys_x86_64.c 2011-03-14 21:20:32.000000000 -0400
14268+++ linux-2.6.38.2/arch/x86/kernel/sys_x86_64.c 2011-03-21 23:47:41.000000000 -0400
14269@@ -32,8 +32,8 @@ out:
14270 return error;
14271 }
14272
14273-static void find_start_end(unsigned long flags, unsigned long *begin,
14274- unsigned long *end)
14275+static void find_start_end(struct mm_struct *mm, unsigned long flags,
14276+ unsigned long *begin, unsigned long *end)
14277 {
14278 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) {
14279 unsigned long new_begin;
14280@@ -52,7 +52,7 @@ static void find_start_end(unsigned long
14281 *begin = new_begin;
14282 }
14283 } else {
14284- *begin = TASK_UNMAPPED_BASE;
14285+ *begin = mm->mmap_base;
14286 *end = TASK_SIZE;
14287 }
14288 }
14289@@ -69,16 +69,19 @@ arch_get_unmapped_area(struct file *filp
14290 if (flags & MAP_FIXED)
14291 return addr;
14292
14293- find_start_end(flags, &begin, &end);
14294+ find_start_end(mm, flags, &begin, &end);
14295
14296 if (len > end)
14297 return -ENOMEM;
14298
14299+#ifdef CONFIG_PAX_RANDMMAP
14300+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
14301+#endif
14302+
14303 if (addr) {
14304 addr = PAGE_ALIGN(addr);
14305 vma = find_vma(mm, addr);
14306- if (end - len >= addr &&
14307- (!vma || addr + len <= vma->vm_start))
14308+ if (end - len >= addr && check_heap_stack_gap(vma, addr, len))
14309 return addr;
14310 }
14311 if (((flags & MAP_32BIT) || test_thread_flag(TIF_IA32))
14312@@ -106,7 +109,7 @@ full_search:
14313 }
14314 return -ENOMEM;
14315 }
14316- if (!vma || addr + len <= vma->vm_start) {
14317+ if (check_heap_stack_gap(vma, addr, len)) {
14318 /*
14319 * Remember the place where we stopped the search:
14320 */
14321@@ -128,7 +131,7 @@ arch_get_unmapped_area_topdown(struct fi
14322 {
14323 struct vm_area_struct *vma;
14324 struct mm_struct *mm = current->mm;
14325- unsigned long addr = addr0;
14326+ unsigned long base = mm->mmap_base, addr = addr0;
14327
14328 /* requested length too big for entire address space */
14329 if (len > TASK_SIZE)
14330@@ -141,13 +144,18 @@ arch_get_unmapped_area_topdown(struct fi
14331 if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
14332 goto bottomup;
14333
14334+#ifdef CONFIG_PAX_RANDMMAP
14335+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
14336+#endif
14337+
14338 /* requesting a specific address */
14339 if (addr) {
14340 addr = PAGE_ALIGN(addr);
14341- vma = find_vma(mm, addr);
14342- if (TASK_SIZE - len >= addr &&
14343- (!vma || addr + len <= vma->vm_start))
14344- return addr;
14345+ if (TASK_SIZE - len >= addr) {
14346+ vma = find_vma(mm, addr);
14347+ if (check_heap_stack_gap(vma, addr, len))
14348+ return addr;
14349+ }
14350 }
14351
14352 /* check if free_area_cache is useful for us */
14353@@ -162,7 +170,7 @@ arch_get_unmapped_area_topdown(struct fi
14354 /* make sure it can fit in the remaining address space */
14355 if (addr > len) {
14356 vma = find_vma(mm, addr-len);
14357- if (!vma || addr <= vma->vm_start)
14358+ if (check_heap_stack_gap(vma, addr - len, len))
14359 /* remember the address as a hint for next time */
14360 return mm->free_area_cache = addr-len;
14361 }
14362@@ -179,7 +187,7 @@ arch_get_unmapped_area_topdown(struct fi
14363 * return with success:
14364 */
14365 vma = find_vma(mm, addr);
14366- if (!vma || addr+len <= vma->vm_start)
14367+ if (check_heap_stack_gap(vma, addr, len))
14368 /* remember the address as a hint for next time */
14369 return mm->free_area_cache = addr;
14370
14371@@ -188,8 +196,8 @@ arch_get_unmapped_area_topdown(struct fi
14372 mm->cached_hole_size = vma->vm_start - addr;
14373
14374 /* try just below the current vma->vm_start */
14375- addr = vma->vm_start-len;
14376- } while (len < vma->vm_start);
14377+ addr = skip_heap_stack_gap(vma, len);
14378+ } while (!IS_ERR_VALUE(addr));
14379
14380 bottomup:
14381 /*
14382@@ -198,13 +206,21 @@ bottomup:
14383 * can happen with large stack limits and large mmap()
14384 * allocations.
14385 */
14386+ mm->mmap_base = TASK_UNMAPPED_BASE;
14387+
14388+#ifdef CONFIG_PAX_RANDMMAP
14389+ if (mm->pax_flags & MF_PAX_RANDMMAP)
14390+ mm->mmap_base += mm->delta_mmap;
14391+#endif
14392+
14393+ mm->free_area_cache = mm->mmap_base;
14394 mm->cached_hole_size = ~0UL;
14395- mm->free_area_cache = TASK_UNMAPPED_BASE;
14396 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
14397 /*
14398 * Restore the topdown base:
14399 */
14400- mm->free_area_cache = mm->mmap_base;
14401+ mm->mmap_base = base;
14402+ mm->free_area_cache = base;
14403 mm->cached_hole_size = ~0UL;
14404
14405 return addr;
14406diff -urNp linux-2.6.38.2/arch/x86/kernel/time.c linux-2.6.38.2/arch/x86/kernel/time.c
14407--- linux-2.6.38.2/arch/x86/kernel/time.c 2011-03-14 21:20:32.000000000 -0400
14408+++ linux-2.6.38.2/arch/x86/kernel/time.c 2011-03-21 18:31:35.000000000 -0400
14409@@ -22,17 +22,13 @@
14410 #include <asm/hpet.h>
14411 #include <asm/time.h>
14412
14413-#ifdef CONFIG_X86_64
14414-volatile unsigned long __jiffies __section_jiffies = INITIAL_JIFFIES;
14415-#endif
14416-
14417 unsigned long profile_pc(struct pt_regs *regs)
14418 {
14419 unsigned long pc = instruction_pointer(regs);
14420
14421- if (!user_mode_vm(regs) && in_lock_functions(pc)) {
14422+ if (!user_mode(regs) && in_lock_functions(pc)) {
14423 #ifdef CONFIG_FRAME_POINTER
14424- return *(unsigned long *)(regs->bp + sizeof(long));
14425+ return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long)));
14426 #else
14427 unsigned long *sp =
14428 (unsigned long *)kernel_stack_pointer(regs);
14429@@ -41,11 +37,17 @@ unsigned long profile_pc(struct pt_regs
14430 * or above a saved flags. Eflags has bits 22-31 zero,
14431 * kernel addresses don't.
14432 */
14433+
14434+#ifdef CONFIG_PAX_KERNEXEC
14435+ return ktla_ktva(sp[0]);
14436+#else
14437 if (sp[0] >> 22)
14438 return sp[0];
14439 if (sp[1] >> 22)
14440 return sp[1];
14441 #endif
14442+
14443+#endif
14444 }
14445 return pc;
14446 }
14447diff -urNp linux-2.6.38.2/arch/x86/kernel/tls.c linux-2.6.38.2/arch/x86/kernel/tls.c
14448--- linux-2.6.38.2/arch/x86/kernel/tls.c 2011-03-14 21:20:32.000000000 -0400
14449+++ linux-2.6.38.2/arch/x86/kernel/tls.c 2011-03-21 18:31:35.000000000 -0400
14450@@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struc
14451 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
14452 return -EINVAL;
14453
14454+#ifdef CONFIG_PAX_SEGMEXEC
14455+ if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE))
14456+ return -EINVAL;
14457+#endif
14458+
14459 set_tls_desc(p, idx, &info, 1);
14460
14461 return 0;
14462diff -urNp linux-2.6.38.2/arch/x86/kernel/trampoline_32.S linux-2.6.38.2/arch/x86/kernel/trampoline_32.S
14463--- linux-2.6.38.2/arch/x86/kernel/trampoline_32.S 2011-03-14 21:20:32.000000000 -0400
14464+++ linux-2.6.38.2/arch/x86/kernel/trampoline_32.S 2011-03-21 18:31:35.000000000 -0400
14465@@ -32,6 +32,12 @@
14466 #include <asm/segment.h>
14467 #include <asm/page_types.h>
14468
14469+#ifdef CONFIG_PAX_KERNEXEC
14470+#define ta(X) (X)
14471+#else
14472+#define ta(X) ((X) - __PAGE_OFFSET)
14473+#endif
14474+
14475 /* We can free up trampoline after bootup if cpu hotplug is not supported. */
14476 __CPUINITRODATA
14477 .code16
14478@@ -60,7 +66,7 @@ r_base = .
14479 inc %ax # protected mode (PE) bit
14480 lmsw %ax # into protected mode
14481 # flush prefetch and jump to startup_32_smp in arch/i386/kernel/head.S
14482- ljmpl $__BOOT_CS, $(startup_32_smp-__PAGE_OFFSET)
14483+ ljmpl $__BOOT_CS, $ta(startup_32_smp)
14484
14485 # These need to be in the same 64K segment as the above;
14486 # hence we don't use the boot_gdt_descr defined in head.S
14487diff -urNp linux-2.6.38.2/arch/x86/kernel/trampoline_64.S linux-2.6.38.2/arch/x86/kernel/trampoline_64.S
14488--- linux-2.6.38.2/arch/x86/kernel/trampoline_64.S 2011-03-14 21:20:32.000000000 -0400
14489+++ linux-2.6.38.2/arch/x86/kernel/trampoline_64.S 2011-03-21 18:31:35.000000000 -0400
14490@@ -91,7 +91,7 @@ startup_32:
14491 movl $__KERNEL_DS, %eax # Initialize the %ds segment register
14492 movl %eax, %ds
14493
14494- movl $X86_CR4_PAE, %eax
14495+ movl $(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %eax
14496 movl %eax, %cr4 # Enable PAE mode
14497
14498 # Setup trampoline 4 level pagetables
14499@@ -138,7 +138,7 @@ tidt:
14500 # so the kernel can live anywhere
14501 .balign 4
14502 tgdt:
14503- .short tgdt_end - tgdt # gdt limit
14504+ .short tgdt_end - tgdt - 1 # gdt limit
14505 .long tgdt - r_base
14506 .short 0
14507 .quad 0x00cf9b000000ffff # __KERNEL32_CS
14508diff -urNp linux-2.6.38.2/arch/x86/kernel/traps.c linux-2.6.38.2/arch/x86/kernel/traps.c
14509--- linux-2.6.38.2/arch/x86/kernel/traps.c 2011-03-14 21:20:32.000000000 -0400
14510+++ linux-2.6.38.2/arch/x86/kernel/traps.c 2011-03-21 18:31:35.000000000 -0400
14511@@ -70,12 +70,6 @@ asmlinkage int system_call(void);
14512
14513 /* Do we ignore FPU interrupts ? */
14514 char ignore_fpu_irq;
14515-
14516-/*
14517- * The IDT has to be page-aligned to simplify the Pentium
14518- * F0 0F bug workaround.
14519- */
14520-gate_desc idt_table[NR_VECTORS] __page_aligned_data = { { { { 0, 0 } } }, };
14521 #endif
14522
14523 DECLARE_BITMAP(used_vectors, NR_VECTORS);
14524@@ -117,13 +111,13 @@ static inline void preempt_conditional_c
14525 }
14526
14527 static void __kprobes
14528-do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
14529+do_trap(int trapnr, int signr, const char *str, struct pt_regs *regs,
14530 long error_code, siginfo_t *info)
14531 {
14532 struct task_struct *tsk = current;
14533
14534 #ifdef CONFIG_X86_32
14535- if (regs->flags & X86_VM_MASK) {
14536+ if (v8086_mode(regs)) {
14537 /*
14538 * traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
14539 * On nmi (interrupt 2), do_trap should not be called.
14540@@ -134,7 +128,7 @@ do_trap(int trapnr, int signr, char *str
14541 }
14542 #endif
14543
14544- if (!user_mode(regs))
14545+ if (!user_mode_novm(regs))
14546 goto kernel_trap;
14547
14548 #ifdef CONFIG_X86_32
14549@@ -157,7 +151,7 @@ trap_signal:
14550 printk_ratelimit()) {
14551 printk(KERN_INFO
14552 "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
14553- tsk->comm, tsk->pid, str,
14554+ tsk->comm, task_pid_nr(tsk), str,
14555 regs->ip, regs->sp, error_code);
14556 print_vma_addr(" in ", regs->ip);
14557 printk("\n");
14558@@ -174,8 +168,20 @@ kernel_trap:
14559 if (!fixup_exception(regs)) {
14560 tsk->thread.error_code = error_code;
14561 tsk->thread.trap_no = trapnr;
14562+
14563+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
14564+ if (trapnr == 12 && ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS))
14565+ str = "PAX: suspicious stack segment fault";
14566+#endif
14567+
14568 die(str, regs, error_code);
14569 }
14570+
14571+#ifdef CONFIG_PAX_REFCOUNT
14572+ if (trapnr == 4)
14573+ pax_report_refcount_overflow(regs);
14574+#endif
14575+
14576 return;
14577
14578 #ifdef CONFIG_X86_32
14579@@ -264,14 +270,30 @@ do_general_protection(struct pt_regs *re
14580 conditional_sti(regs);
14581
14582 #ifdef CONFIG_X86_32
14583- if (regs->flags & X86_VM_MASK)
14584+ if (v8086_mode(regs))
14585 goto gp_in_vm86;
14586 #endif
14587
14588 tsk = current;
14589- if (!user_mode(regs))
14590+ if (!user_mode_novm(regs))
14591 goto gp_in_kernel;
14592
14593+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
14594+ if (!(__supported_pte_mask & _PAGE_NX) && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
14595+ struct mm_struct *mm = tsk->mm;
14596+ unsigned long limit;
14597+
14598+ down_write(&mm->mmap_sem);
14599+ limit = mm->context.user_cs_limit;
14600+ if (limit < TASK_SIZE) {
14601+ track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC);
14602+ up_write(&mm->mmap_sem);
14603+ return;
14604+ }
14605+ up_write(&mm->mmap_sem);
14606+ }
14607+#endif
14608+
14609 tsk->thread.error_code = error_code;
14610 tsk->thread.trap_no = 13;
14611
14612@@ -304,6 +326,13 @@ gp_in_kernel:
14613 if (notify_die(DIE_GPF, "general protection fault", regs,
14614 error_code, 13, SIGSEGV) == NOTIFY_STOP)
14615 return;
14616+
14617+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
14618+ if ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS)
14619+ die("PAX: suspicious general protection fault", regs, error_code);
14620+ else
14621+#endif
14622+
14623 die("general protection fault", regs, error_code);
14624 }
14625
14626@@ -569,7 +598,7 @@ dotraplinkage void __kprobes do_debug(st
14627 /* It's safe to allow irq's after DR6 has been saved */
14628 preempt_conditional_sti(regs);
14629
14630- if (regs->flags & X86_VM_MASK) {
14631+ if (v8086_mode(regs)) {
14632 handle_vm86_trap((struct kernel_vm86_regs *) regs,
14633 error_code, 1);
14634 preempt_conditional_cli(regs);
14635@@ -583,7 +612,7 @@ dotraplinkage void __kprobes do_debug(st
14636 * We already checked v86 mode above, so we can check for kernel mode
14637 * by just checking the CPL of CS.
14638 */
14639- if ((dr6 & DR_STEP) && !user_mode(regs)) {
14640+ if ((dr6 & DR_STEP) && !user_mode_novm(regs)) {
14641 tsk->thread.debugreg6 &= ~DR_STEP;
14642 set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
14643 regs->flags &= ~X86_EFLAGS_TF;
14644@@ -612,7 +641,7 @@ void math_error(struct pt_regs *regs, in
14645 return;
14646 conditional_sti(regs);
14647
14648- if (!user_mode_vm(regs))
14649+ if (!user_mode(regs))
14650 {
14651 if (!fixup_exception(regs)) {
14652 task->thread.error_code = error_code;
14653diff -urNp linux-2.6.38.2/arch/x86/kernel/tsc.c linux-2.6.38.2/arch/x86/kernel/tsc.c
14654--- linux-2.6.38.2/arch/x86/kernel/tsc.c 2011-03-14 21:20:32.000000000 -0400
14655+++ linux-2.6.38.2/arch/x86/kernel/tsc.c 2011-03-21 18:31:35.000000000 -0400
14656@@ -837,7 +837,7 @@ static struct dmi_system_id __initdata b
14657 DMI_MATCH(DMI_BOARD_NAME, "2635FA0"),
14658 },
14659 },
14660- {}
14661+ { NULL, NULL, {{0, {0}}}, NULL}
14662 };
14663
14664 static void __init check_system_tsc_reliable(void)
14665diff -urNp linux-2.6.38.2/arch/x86/kernel/vm86_32.c linux-2.6.38.2/arch/x86/kernel/vm86_32.c
14666--- linux-2.6.38.2/arch/x86/kernel/vm86_32.c 2011-03-14 21:20:32.000000000 -0400
14667+++ linux-2.6.38.2/arch/x86/kernel/vm86_32.c 2011-03-21 18:31:35.000000000 -0400
14668@@ -41,6 +41,7 @@
14669 #include <linux/ptrace.h>
14670 #include <linux/audit.h>
14671 #include <linux/stddef.h>
14672+#include <linux/grsecurity.h>
14673
14674 #include <asm/uaccess.h>
14675 #include <asm/io.h>
14676@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct ke
14677 do_exit(SIGSEGV);
14678 }
14679
14680- tss = &per_cpu(init_tss, get_cpu());
14681+ tss = init_tss + get_cpu();
14682 current->thread.sp0 = current->thread.saved_sp0;
14683 current->thread.sysenter_cs = __KERNEL_CS;
14684 load_sp0(tss, &current->thread);
14685@@ -208,6 +209,13 @@ int sys_vm86old(struct vm86_struct __use
14686 struct task_struct *tsk;
14687 int tmp, ret = -EPERM;
14688
14689+#ifdef CONFIG_GRKERNSEC_VM86
14690+ if (!capable(CAP_SYS_RAWIO)) {
14691+ gr_handle_vm86();
14692+ goto out;
14693+ }
14694+#endif
14695+
14696 tsk = current;
14697 if (tsk->thread.saved_sp0)
14698 goto out;
14699@@ -238,6 +246,14 @@ int sys_vm86(unsigned long cmd, unsigned
14700 int tmp, ret;
14701 struct vm86plus_struct __user *v86;
14702
14703+#ifdef CONFIG_GRKERNSEC_VM86
14704+ if (!capable(CAP_SYS_RAWIO)) {
14705+ gr_handle_vm86();
14706+ ret = -EPERM;
14707+ goto out;
14708+ }
14709+#endif
14710+
14711 tsk = current;
14712 switch (cmd) {
14713 case VM86_REQUEST_IRQ:
14714@@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm
14715 tsk->thread.saved_fs = info->regs32->fs;
14716 tsk->thread.saved_gs = get_user_gs(info->regs32);
14717
14718- tss = &per_cpu(init_tss, get_cpu());
14719+ tss = init_tss + get_cpu();
14720 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
14721 if (cpu_has_sep)
14722 tsk->thread.sysenter_cs = 0;
14723@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_re
14724 goto cannot_handle;
14725 if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
14726 goto cannot_handle;
14727- intr_ptr = (unsigned long __user *) (i << 2);
14728+ intr_ptr = (__force unsigned long __user *) (i << 2);
14729 if (get_user(segoffs, intr_ptr))
14730 goto cannot_handle;
14731 if ((segoffs >> 16) == BIOSSEG)
14732diff -urNp linux-2.6.38.2/arch/x86/kernel/vmlinux.lds.S linux-2.6.38.2/arch/x86/kernel/vmlinux.lds.S
14733--- linux-2.6.38.2/arch/x86/kernel/vmlinux.lds.S 2011-03-14 21:20:32.000000000 -0400
14734+++ linux-2.6.38.2/arch/x86/kernel/vmlinux.lds.S 2011-03-21 18:31:35.000000000 -0400
14735@@ -26,6 +26,13 @@
14736 #include <asm/page_types.h>
14737 #include <asm/cache.h>
14738 #include <asm/boot.h>
14739+#include <asm/segment.h>
14740+
14741+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
14742+#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR)
14743+#else
14744+#define __KERNEL_TEXT_OFFSET 0
14745+#endif
14746
14747 #undef i386 /* in case the preprocessor is a 32bit one */
14748
14749@@ -34,11 +41,9 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF
14750 #ifdef CONFIG_X86_32
14751 OUTPUT_ARCH(i386)
14752 ENTRY(phys_startup_32)
14753-jiffies = jiffies_64;
14754 #else
14755 OUTPUT_ARCH(i386:x86-64)
14756 ENTRY(phys_startup_64)
14757-jiffies_64 = jiffies;
14758 #endif
14759
14760 #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
14761@@ -69,31 +74,46 @@ jiffies_64 = jiffies;
14762
14763 PHDRS {
14764 text PT_LOAD FLAGS(5); /* R_E */
14765+#ifdef CONFIG_X86_32
14766+ module PT_LOAD FLAGS(5); /* R_E */
14767+#endif
14768+#ifdef CONFIG_XEN
14769+ rodata PT_LOAD FLAGS(5); /* R_E */
14770+#else
14771+ rodata PT_LOAD FLAGS(4); /* R__ */
14772+#endif
14773 data PT_LOAD FLAGS(6); /* RW_ */
14774 #ifdef CONFIG_X86_64
14775 user PT_LOAD FLAGS(5); /* R_E */
14776+#endif
14777+ init.begin PT_LOAD FLAGS(6); /* RW_ */
14778 #ifdef CONFIG_SMP
14779 percpu PT_LOAD FLAGS(6); /* RW_ */
14780 #endif
14781+ text.init PT_LOAD FLAGS(5); /* R_E */
14782+ text.exit PT_LOAD FLAGS(5); /* R_E */
14783 init PT_LOAD FLAGS(7); /* RWE */
14784-#endif
14785 note PT_NOTE FLAGS(0); /* ___ */
14786 }
14787
14788 SECTIONS
14789 {
14790 #ifdef CONFIG_X86_32
14791- . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
14792- phys_startup_32 = startup_32 - LOAD_OFFSET;
14793+ . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
14794 #else
14795- . = __START_KERNEL;
14796- phys_startup_64 = startup_64 - LOAD_OFFSET;
14797+ . = __START_KERNEL;
14798 #endif
14799
14800 /* Text and read-only data */
14801- .text : AT(ADDR(.text) - LOAD_OFFSET) {
14802- _text = .;
14803+ .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
14804 /* bootstrapping code */
14805+#ifdef CONFIG_X86_32
14806+ phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
14807+#else
14808+ phys_startup_64 = startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
14809+#endif
14810+ __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
14811+ _text = .;
14812 HEAD_TEXT
14813 #ifdef CONFIG_X86_32
14814 . = ALIGN(PAGE_SIZE);
14815@@ -108,13 +128,47 @@ SECTIONS
14816 IRQENTRY_TEXT
14817 *(.fixup)
14818 *(.gnu.warning)
14819- /* End of text section */
14820- _etext = .;
14821 } :text = 0x9090
14822
14823- NOTES :text :note
14824+ . += __KERNEL_TEXT_OFFSET;
14825+
14826+#ifdef CONFIG_X86_32
14827+ . = ALIGN(PAGE_SIZE);
14828+ .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
14829+
14830+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
14831+ MODULES_EXEC_VADDR = .;
14832+ BYTE(0)
14833+ . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
14834+ . = ALIGN(HPAGE_SIZE);
14835+ MODULES_EXEC_END = . - 1;
14836+#endif
14837+
14838+ } :module
14839+#endif
14840+
14841+ .text.end : AT(ADDR(.text.end) - LOAD_OFFSET) {
14842+ /* End of text section */
14843+ _etext = . - __KERNEL_TEXT_OFFSET;
14844+ }
14845
14846- EXCEPTION_TABLE(16) :text = 0x9090
14847+#ifdef CONFIG_X86_32
14848+ . = ALIGN(PAGE_SIZE);
14849+ .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
14850+ *(.idt)
14851+ . = ALIGN(PAGE_SIZE);
14852+ *(.empty_zero_page)
14853+ *(.initial_pg_fixmap)
14854+ *(.initial_pg_pmd)
14855+ *(.initial_page_table)
14856+ *(.swapper_pg_dir)
14857+ } :rodata
14858+#endif
14859+
14860+ . = ALIGN(PAGE_SIZE);
14861+ NOTES :rodata :note
14862+
14863+ EXCEPTION_TABLE(16) :rodata
14864
14865 #if defined(CONFIG_DEBUG_RODATA)
14866 /* .text should occupy whole number of pages */
14867@@ -126,16 +180,20 @@ SECTIONS
14868
14869 /* Data */
14870 .data : AT(ADDR(.data) - LOAD_OFFSET) {
14871+
14872+#ifdef CONFIG_PAX_KERNEXEC
14873+ . = ALIGN(HPAGE_SIZE);
14874+#else
14875+ . = ALIGN(PAGE_SIZE);
14876+#endif
14877+
14878 /* Start of data section */
14879 _sdata = .;
14880
14881 /* init_task */
14882 INIT_TASK_DATA(THREAD_SIZE)
14883
14884-#ifdef CONFIG_X86_32
14885- /* 32 bit has nosave before _edata */
14886 NOSAVE_DATA
14887-#endif
14888
14889 PAGE_ALIGNED_DATA(PAGE_SIZE)
14890
14891@@ -144,6 +202,8 @@ SECTIONS
14892 DATA_DATA
14893 CONSTRUCTORS
14894
14895+ jiffies = jiffies_64;
14896+
14897 /* rarely changed data like cpu maps */
14898 READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES)
14899
14900@@ -198,12 +258,6 @@ SECTIONS
14901 }
14902 vgetcpu_mode = VVIRT(.vgetcpu_mode);
14903
14904- . = ALIGN(L1_CACHE_BYTES);
14905- .jiffies : AT(VLOAD(.jiffies)) {
14906- *(.jiffies)
14907- }
14908- jiffies = VVIRT(.jiffies);
14909-
14910 .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
14911 *(.vsyscall_3)
14912 }
14913@@ -219,12 +273,19 @@ SECTIONS
14914 #endif /* CONFIG_X86_64 */
14915
14916 /* Init code and data - will be freed after init */
14917- . = ALIGN(PAGE_SIZE);
14918 .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) {
14919+ BYTE(0)
14920+
14921+#ifdef CONFIG_PAX_KERNEXEC
14922+ . = ALIGN(HPAGE_SIZE);
14923+#else
14924+ . = ALIGN(PAGE_SIZE);
14925+#endif
14926+
14927 __init_begin = .; /* paired with __init_end */
14928- }
14929+ } :init.begin
14930
14931-#if defined(CONFIG_X86_64) && defined(CONFIG_SMP)
14932+#ifdef CONFIG_SMP
14933 /*
14934 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
14935 * output PHDR, so the next output section - .init.text - should
14936@@ -233,12 +294,27 @@ SECTIONS
14937 PERCPU_VADDR(0, :percpu)
14938 #endif
14939
14940- INIT_TEXT_SECTION(PAGE_SIZE)
14941-#ifdef CONFIG_X86_64
14942- :init
14943-#endif
14944+ . = ALIGN(PAGE_SIZE);
14945+ init_begin = .;
14946+ .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
14947+ VMLINUX_SYMBOL(_sinittext) = .;
14948+ INIT_TEXT
14949+ VMLINUX_SYMBOL(_einittext) = .;
14950+ . = ALIGN(PAGE_SIZE);
14951+ } :text.init
14952
14953- INIT_DATA_SECTION(16)
14954+ /*
14955+ * .exit.text is discard at runtime, not link time, to deal with
14956+ * references from .altinstructions and .eh_frame
14957+ */
14958+ .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
14959+ EXIT_TEXT
14960+ . = ALIGN(16);
14961+ } :text.exit
14962+ . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
14963+
14964+ . = ALIGN(PAGE_SIZE);
14965+ INIT_DATA_SECTION(16) :init
14966
14967 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
14968 __x86_cpu_dev_start = .;
14969@@ -292,19 +368,12 @@ SECTIONS
14970 __iommu_table_end = .;
14971 }
14972 . = ALIGN(8);
14973- /*
14974- * .exit.text is discard at runtime, not link time, to deal with
14975- * references from .altinstructions and .eh_frame
14976- */
14977- .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
14978- EXIT_TEXT
14979- }
14980
14981 .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) {
14982 EXIT_DATA
14983 }
14984
14985-#if !defined(CONFIG_X86_64) || !defined(CONFIG_SMP)
14986+#ifndef CONFIG_SMP
14987 PERCPU(THREAD_SIZE)
14988 #endif
14989
14990@@ -323,16 +392,10 @@ SECTIONS
14991 .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
14992 __smp_locks = .;
14993 *(.smp_locks)
14994- . = ALIGN(PAGE_SIZE);
14995 __smp_locks_end = .;
14996+ . = ALIGN(PAGE_SIZE);
14997 }
14998
14999-#ifdef CONFIG_X86_64
15000- .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
15001- NOSAVE_DATA
15002- }
15003-#endif
15004-
15005 /* BSS */
15006 . = ALIGN(PAGE_SIZE);
15007 .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
15008@@ -348,6 +411,7 @@ SECTIONS
15009 __brk_base = .;
15010 . += 64 * 1024; /* 64k alignment slop space */
15011 *(.brk_reservation) /* areas brk users have reserved */
15012+ . = ALIGN(HPAGE_SIZE);
15013 __brk_limit = .;
15014 }
15015
15016@@ -374,13 +438,12 @@ SECTIONS
15017 * for the boot processor.
15018 */
15019 #define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
15020-INIT_PER_CPU(gdt_page);
15021 INIT_PER_CPU(irq_stack_union);
15022
15023 /*
15024 * Build-time check on the image size:
15025 */
15026-. = ASSERT((_end - _text <= KERNEL_IMAGE_SIZE),
15027+. = ASSERT((_end - _text - __KERNEL_TEXT_OFFSET <= KERNEL_IMAGE_SIZE),
15028 "kernel image bigger than KERNEL_IMAGE_SIZE");
15029
15030 #ifdef CONFIG_SMP
15031diff -urNp linux-2.6.38.2/arch/x86/kernel/vsyscall_64.c linux-2.6.38.2/arch/x86/kernel/vsyscall_64.c
15032--- linux-2.6.38.2/arch/x86/kernel/vsyscall_64.c 2011-03-14 21:20:32.000000000 -0400
15033+++ linux-2.6.38.2/arch/x86/kernel/vsyscall_64.c 2011-03-21 18:31:35.000000000 -0400
15034@@ -80,6 +80,7 @@ void update_vsyscall(struct timespec *wa
15035
15036 write_seqlock_irqsave(&vsyscall_gtod_data.lock, flags);
15037 /* copy vsyscall data */
15038+ strlcpy(vsyscall_gtod_data.clock.name, clock->name, sizeof vsyscall_gtod_data.clock.name);
15039 vsyscall_gtod_data.clock.vread = clock->vread;
15040 vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
15041 vsyscall_gtod_data.clock.mask = clock->mask;
15042@@ -208,7 +209,7 @@ vgetcpu(unsigned *cpu, unsigned *node, s
15043 We do this here because otherwise user space would do it on
15044 its own in a likely inferior way (no access to jiffies).
15045 If you don't like it pass NULL. */
15046- if (tcache && tcache->blob[0] == (j = __jiffies)) {
15047+ if (tcache && tcache->blob[0] == (j = jiffies)) {
15048 p = tcache->blob[1];
15049 } else if (__vgetcpu_mode == VGETCPU_RDTSCP) {
15050 /* Load per CPU data from RDTSCP */
15051diff -urNp linux-2.6.38.2/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.38.2/arch/x86/kernel/x8664_ksyms_64.c
15052--- linux-2.6.38.2/arch/x86/kernel/x8664_ksyms_64.c 2011-03-14 21:20:32.000000000 -0400
15053+++ linux-2.6.38.2/arch/x86/kernel/x8664_ksyms_64.c 2011-03-21 18:31:35.000000000 -0400
15054@@ -29,8 +29,6 @@ EXPORT_SYMBOL(__put_user_8);
15055 EXPORT_SYMBOL(copy_user_generic_string);
15056 EXPORT_SYMBOL(copy_user_generic_unrolled);
15057 EXPORT_SYMBOL(__copy_user_nocache);
15058-EXPORT_SYMBOL(_copy_from_user);
15059-EXPORT_SYMBOL(_copy_to_user);
15060
15061 EXPORT_SYMBOL(copy_page);
15062 EXPORT_SYMBOL(clear_page);
15063diff -urNp linux-2.6.38.2/arch/x86/kernel/xsave.c linux-2.6.38.2/arch/x86/kernel/xsave.c
15064--- linux-2.6.38.2/arch/x86/kernel/xsave.c 2011-03-14 21:20:32.000000000 -0400
15065+++ linux-2.6.38.2/arch/x86/kernel/xsave.c 2011-03-21 18:31:35.000000000 -0400
15066@@ -130,7 +130,7 @@ int check_for_xstate(struct i387_fxsave_
15067 fx_sw_user->xstate_size > fx_sw_user->extended_size)
15068 return -EINVAL;
15069
15070- err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
15071+ err = __get_user(magic2, (__u32 __user *) (((void __user *)fpstate) +
15072 fx_sw_user->extended_size -
15073 FP_XSTATE_MAGIC2_SIZE));
15074 if (err)
15075@@ -267,7 +267,7 @@ fx_only:
15076 * the other extended state.
15077 */
15078 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
15079- return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
15080+ return fxrstor_checking((struct i387_fxsave_struct __user *)buf);
15081 }
15082
15083 /*
15084@@ -299,7 +299,7 @@ int restore_i387_xstate(void __user *buf
15085 if (use_xsave())
15086 err = restore_user_xstate(buf);
15087 else
15088- err = fxrstor_checking((__force struct i387_fxsave_struct *)
15089+ err = fxrstor_checking((struct i387_fxsave_struct __user *)
15090 buf);
15091 if (unlikely(err)) {
15092 /*
15093diff -urNp linux-2.6.38.2/arch/x86/kvm/emulate.c linux-2.6.38.2/arch/x86/kvm/emulate.c
15094--- linux-2.6.38.2/arch/x86/kvm/emulate.c 2011-03-14 21:20:32.000000000 -0400
15095+++ linux-2.6.38.2/arch/x86/kvm/emulate.c 2011-03-21 18:31:35.000000000 -0400
15096@@ -88,7 +88,7 @@
15097 #define Src2ImmByte (2<<29)
15098 #define Src2One (3<<29)
15099 #define Src2Imm (4<<29)
15100-#define Src2Mask (7<<29)
15101+#define Src2Mask (7U<<29)
15102
15103 #define X2(x...) x, x
15104 #define X3(x...) X2(x), x
15105@@ -189,6 +189,7 @@ struct group_dual {
15106
15107 #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix, _dsttype) \
15108 do { \
15109+ unsigned long _tmp; \
15110 __asm__ __volatile__ ( \
15111 _PRE_EFLAGS("0", "4", "2") \
15112 _op _suffix " %"_x"3,%1; " \
15113@@ -202,8 +203,6 @@ struct group_dual {
15114 /* Raw emulation: instruction has two explicit operands. */
15115 #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
15116 do { \
15117- unsigned long _tmp; \
15118- \
15119 switch ((_dst).bytes) { \
15120 case 2: \
15121 ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w",u16);\
15122@@ -219,7 +218,6 @@ struct group_dual {
15123
15124 #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
15125 do { \
15126- unsigned long _tmp; \
15127 switch ((_dst).bytes) { \
15128 case 1: \
15129 ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b",u8); \
15130diff -urNp linux-2.6.38.2/arch/x86/kvm/lapic.c linux-2.6.38.2/arch/x86/kvm/lapic.c
15131--- linux-2.6.38.2/arch/x86/kvm/lapic.c 2011-03-14 21:20:32.000000000 -0400
15132+++ linux-2.6.38.2/arch/x86/kvm/lapic.c 2011-03-21 18:31:35.000000000 -0400
15133@@ -53,7 +53,7 @@
15134 #define APIC_BUS_CYCLE_NS 1
15135
15136 /* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */
15137-#define apic_debug(fmt, arg...)
15138+#define apic_debug(fmt, arg...) do {} while (0)
15139
15140 #define APIC_LVT_NUM 6
15141 /* 14 is the version for Xeon and Pentium 8.4.8*/
15142diff -urNp linux-2.6.38.2/arch/x86/kvm/svm.c linux-2.6.38.2/arch/x86/kvm/svm.c
15143--- linux-2.6.38.2/arch/x86/kvm/svm.c 2011-03-14 21:20:32.000000000 -0400
15144+++ linux-2.6.38.2/arch/x86/kvm/svm.c 2011-03-21 18:31:35.000000000 -0400
15145@@ -3273,7 +3273,11 @@ static void reload_tss(struct kvm_vcpu *
15146 int cpu = raw_smp_processor_id();
15147
15148 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
15149+
15150+ pax_open_kernel();
15151 sd->tss_desc->type = 9; /* available 32/64-bit TSS */
15152+ pax_close_kernel();
15153+
15154 load_TR_desc();
15155 }
15156
15157@@ -3850,7 +3854,7 @@ static void svm_fpu_deactivate(struct kv
15158 update_cr0_intercept(svm);
15159 }
15160
15161-static struct kvm_x86_ops svm_x86_ops = {
15162+static const struct kvm_x86_ops svm_x86_ops = {
15163 .cpu_has_kvm_support = has_svm,
15164 .disabled_by_bios = is_disabled,
15165 .hardware_setup = svm_hardware_setup,
15166diff -urNp linux-2.6.38.2/arch/x86/kvm/vmx.c linux-2.6.38.2/arch/x86/kvm/vmx.c
15167--- linux-2.6.38.2/arch/x86/kvm/vmx.c 2011-03-14 21:20:32.000000000 -0400
15168+++ linux-2.6.38.2/arch/x86/kvm/vmx.c 2011-03-21 18:31:35.000000000 -0400
15169@@ -725,7 +725,11 @@ static void reload_tss(void)
15170 struct desc_struct *descs;
15171
15172 descs = (void *)gdt->address;
15173+
15174+ pax_open_kernel();
15175 descs[GDT_ENTRY_TSS].type = 9; /* available TSS */
15176+ pax_close_kernel();
15177+
15178 load_TR_desc();
15179 }
15180
15181@@ -1642,8 +1646,11 @@ static __init int hardware_setup(void)
15182 if (!cpu_has_vmx_flexpriority())
15183 flexpriority_enabled = 0;
15184
15185- if (!cpu_has_vmx_tpr_shadow())
15186- kvm_x86_ops->update_cr8_intercept = NULL;
15187+ if (!cpu_has_vmx_tpr_shadow()) {
15188+ pax_open_kernel();
15189+ *(void **)&kvm_x86_ops->update_cr8_intercept = NULL;
15190+ pax_close_kernel();
15191+ }
15192
15193 if (enable_ept && !cpu_has_vmx_ept_2m_page())
15194 kvm_disable_largepages();
15195@@ -2640,7 +2647,7 @@ static int vmx_vcpu_setup(struct vcpu_vm
15196 vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
15197
15198 asm("mov $.Lkvm_vmx_return, %0" : "=r"(kvm_vmx_return));
15199- vmcs_writel(HOST_RIP, kvm_vmx_return); /* 22.2.5 */
15200+ vmcs_writel(HOST_RIP, ktla_ktva(kvm_vmx_return)); /* 22.2.5 */
15201 vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
15202 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
15203 vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host));
15204@@ -4031,6 +4038,12 @@ static void vmx_vcpu_run(struct kvm_vcpu
15205 "jmp .Lkvm_vmx_return \n\t"
15206 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
15207 ".Lkvm_vmx_return: "
15208+
15209+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
15210+ "ljmp %[cs],$.Lkvm_vmx_return2\n\t"
15211+ ".Lkvm_vmx_return2: "
15212+#endif
15213+
15214 /* Save guest registers, load host registers, keep flags */
15215 "xchg %0, (%%"R"sp) \n\t"
15216 "mov %%"R"ax, %c[rax](%0) \n\t"
15217@@ -4077,6 +4090,11 @@ static void vmx_vcpu_run(struct kvm_vcpu
15218 [r15]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])),
15219 #endif
15220 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2))
15221+
15222+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
15223+ ,[cs]"i"(__KERNEL_CS)
15224+#endif
15225+
15226 : "cc", "memory"
15227 , R"ax", R"bx", R"di", R"si"
15228 #ifdef CONFIG_X86_64
15229@@ -4091,7 +4109,7 @@ static void vmx_vcpu_run(struct kvm_vcpu
15230
15231 vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD);
15232
15233- asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS));
15234+ asm("mov %0, %%ds; mov %0, %%es; mov %0, %%ss" : : "r"(__KERNEL_DS));
15235 vmx->launched = 1;
15236
15237 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
15238@@ -4326,7 +4344,7 @@ static void vmx_set_supported_cpuid(u32
15239 {
15240 }
15241
15242-static struct kvm_x86_ops vmx_x86_ops = {
15243+static const struct kvm_x86_ops vmx_x86_ops = {
15244 .cpu_has_kvm_support = cpu_has_kvm_support,
15245 .disabled_by_bios = vmx_disabled_by_bios,
15246 .hardware_setup = hardware_setup,
15247diff -urNp linux-2.6.38.2/arch/x86/kvm/x86.c linux-2.6.38.2/arch/x86/kvm/x86.c
15248--- linux-2.6.38.2/arch/x86/kvm/x86.c 2011-03-14 21:20:32.000000000 -0400
15249+++ linux-2.6.38.2/arch/x86/kvm/x86.c 2011-03-21 18:31:35.000000000 -0400
15250@@ -93,7 +93,7 @@ static void update_cr8_intercept(struct
15251 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
15252 struct kvm_cpuid_entry2 __user *entries);
15253
15254-struct kvm_x86_ops *kvm_x86_ops;
15255+const struct kvm_x86_ops *kvm_x86_ops;
15256 EXPORT_SYMBOL_GPL(kvm_x86_ops);
15257
15258 int ignore_msrs = 0;
15259@@ -119,38 +119,38 @@ static struct kvm_shared_msrs_global __r
15260 static DEFINE_PER_CPU(struct kvm_shared_msrs, shared_msrs);
15261
15262 struct kvm_stats_debugfs_item debugfs_entries[] = {
15263- { "pf_fixed", VCPU_STAT(pf_fixed) },
15264- { "pf_guest", VCPU_STAT(pf_guest) },
15265- { "tlb_flush", VCPU_STAT(tlb_flush) },
15266- { "invlpg", VCPU_STAT(invlpg) },
15267- { "exits", VCPU_STAT(exits) },
15268- { "io_exits", VCPU_STAT(io_exits) },
15269- { "mmio_exits", VCPU_STAT(mmio_exits) },
15270- { "signal_exits", VCPU_STAT(signal_exits) },
15271- { "irq_window", VCPU_STAT(irq_window_exits) },
15272- { "nmi_window", VCPU_STAT(nmi_window_exits) },
15273- { "halt_exits", VCPU_STAT(halt_exits) },
15274- { "halt_wakeup", VCPU_STAT(halt_wakeup) },
15275- { "hypercalls", VCPU_STAT(hypercalls) },
15276- { "request_irq", VCPU_STAT(request_irq_exits) },
15277- { "irq_exits", VCPU_STAT(irq_exits) },
15278- { "host_state_reload", VCPU_STAT(host_state_reload) },
15279- { "efer_reload", VCPU_STAT(efer_reload) },
15280- { "fpu_reload", VCPU_STAT(fpu_reload) },
15281- { "insn_emulation", VCPU_STAT(insn_emulation) },
15282- { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
15283- { "irq_injections", VCPU_STAT(irq_injections) },
15284- { "nmi_injections", VCPU_STAT(nmi_injections) },
15285- { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
15286- { "mmu_pte_write", VM_STAT(mmu_pte_write) },
15287- { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
15288- { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
15289- { "mmu_flooded", VM_STAT(mmu_flooded) },
15290- { "mmu_recycled", VM_STAT(mmu_recycled) },
15291- { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
15292- { "mmu_unsync", VM_STAT(mmu_unsync) },
15293- { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
15294- { "largepages", VM_STAT(lpages) },
15295+ { "pf_fixed", VCPU_STAT(pf_fixed), NULL },
15296+ { "pf_guest", VCPU_STAT(pf_guest), NULL },
15297+ { "tlb_flush", VCPU_STAT(tlb_flush), NULL },
15298+ { "invlpg", VCPU_STAT(invlpg), NULL },
15299+ { "exits", VCPU_STAT(exits), NULL },
15300+ { "io_exits", VCPU_STAT(io_exits), NULL },
15301+ { "mmio_exits", VCPU_STAT(mmio_exits), NULL },
15302+ { "signal_exits", VCPU_STAT(signal_exits), NULL },
15303+ { "irq_window", VCPU_STAT(irq_window_exits), NULL },
15304+ { "nmi_window", VCPU_STAT(nmi_window_exits), NULL },
15305+ { "halt_exits", VCPU_STAT(halt_exits), NULL },
15306+ { "halt_wakeup", VCPU_STAT(halt_wakeup), NULL },
15307+ { "hypercalls", VCPU_STAT(hypercalls), NULL },
15308+ { "request_irq", VCPU_STAT(request_irq_exits), NULL },
15309+ { "irq_exits", VCPU_STAT(irq_exits), NULL },
15310+ { "host_state_reload", VCPU_STAT(host_state_reload), NULL },
15311+ { "efer_reload", VCPU_STAT(efer_reload), NULL },
15312+ { "fpu_reload", VCPU_STAT(fpu_reload), NULL },
15313+ { "insn_emulation", VCPU_STAT(insn_emulation), NULL },
15314+ { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail), NULL },
15315+ { "irq_injections", VCPU_STAT(irq_injections), NULL },
15316+ { "nmi_injections", VCPU_STAT(nmi_injections), NULL },
15317+ { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped), NULL },
15318+ { "mmu_pte_write", VM_STAT(mmu_pte_write), NULL },
15319+ { "mmu_pte_updated", VM_STAT(mmu_pte_updated), NULL },
15320+ { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped), NULL },
15321+ { "mmu_flooded", VM_STAT(mmu_flooded), NULL },
15322+ { "mmu_recycled", VM_STAT(mmu_recycled), NULL },
15323+ { "mmu_cache_miss", VM_STAT(mmu_cache_miss), NULL },
15324+ { "mmu_unsync", VM_STAT(mmu_unsync), NULL },
15325+ { "remote_tlb_flush", VM_STAT(remote_tlb_flush), NULL },
15326+ { "largepages", VM_STAT(lpages), NULL },
15327 { NULL }
15328 };
15329
15330@@ -2023,6 +2023,8 @@ long kvm_arch_dev_ioctl(struct file *fil
15331 if (n < msr_list.nmsrs)
15332 goto out;
15333 r = -EFAULT;
15334+ if (num_msrs_to_save > ARRAY_SIZE(msrs_to_save))
15335+ goto out;
15336 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
15337 num_msrs_to_save * sizeof(u32)))
15338 goto out;
15339@@ -2499,7 +2501,7 @@ static int kvm_vcpu_ioctl_set_lapic(stru
15340 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
15341 struct kvm_interrupt *irq)
15342 {
15343- if (irq->irq < 0 || irq->irq >= 256)
15344+ if (irq->irq >= 256)
15345 return -EINVAL;
15346 if (irqchip_in_kernel(vcpu->kvm))
15347 return -ENXIO;
15348@@ -4687,10 +4689,10 @@ void kvm_after_handle_nmi(struct kvm_vcp
15349 }
15350 EXPORT_SYMBOL_GPL(kvm_after_handle_nmi);
15351
15352-int kvm_arch_init(void *opaque)
15353+int kvm_arch_init(const void *opaque)
15354 {
15355 int r;
15356- struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
15357+ const struct kvm_x86_ops *ops = (const struct kvm_x86_ops *)opaque;
15358
15359 if (kvm_x86_ops) {
15360 printk(KERN_ERR "kvm: already loaded the other module\n");
15361diff -urNp linux-2.6.38.2/arch/x86/lib/atomic64_cx8_32.S linux-2.6.38.2/arch/x86/lib/atomic64_cx8_32.S
15362--- linux-2.6.38.2/arch/x86/lib/atomic64_cx8_32.S 2011-03-14 21:20:32.000000000 -0400
15363+++ linux-2.6.38.2/arch/x86/lib/atomic64_cx8_32.S 2011-03-21 18:31:35.000000000 -0400
15364@@ -86,13 +86,23 @@ ENTRY(atomic64_\func\()_return_cx8)
15365 movl %edx, %ecx
15366 \ins\()l %esi, %ebx
15367 \insc\()l %edi, %ecx
15368+
15369+#ifdef CONFIG_PAX_REFCOUNT
15370+ into
15371+2:
15372+ _ASM_EXTABLE(2b, 3f)
15373+#endif
15374+
15375 LOCK_PREFIX
15376 cmpxchg8b (%ebp)
15377 jne 1b
15378-
15379-10:
15380 movl %ebx, %eax
15381 movl %ecx, %edx
15382+
15383+#ifdef CONFIG_PAX_REFCOUNT
15384+3:
15385+#endif
15386+
15387 RESTORE edi
15388 RESTORE esi
15389 RESTORE ebx
15390@@ -116,13 +126,24 @@ ENTRY(atomic64_\func\()_return_cx8)
15391 movl %edx, %ecx
15392 \ins\()l $1, %ebx
15393 \insc\()l $0, %ecx
15394+
15395+#ifdef CONFIG_PAX_REFCOUNT
15396+ into
15397+2:
15398+ _ASM_EXTABLE(2b, 3f)
15399+#endif
15400+
15401 LOCK_PREFIX
15402 cmpxchg8b (%esi)
15403 jne 1b
15404
15405-10:
15406 movl %ebx, %eax
15407 movl %ecx, %edx
15408+
15409+#ifdef CONFIG_PAX_REFCOUNT
15410+3:
15411+#endif
15412+
15413 RESTORE ebx
15414 ret
15415 CFI_ENDPROC
15416@@ -176,6 +197,13 @@ ENTRY(atomic64_add_unless_cx8)
15417 movl %edx, %ecx
15418 addl %esi, %ebx
15419 adcl %edi, %ecx
15420+
15421+#ifdef CONFIG_PAX_REFCOUNT
15422+ into
15423+1234:
15424+ _ASM_EXTABLE(1234b, 1234b)
15425+#endif
15426+
15427 LOCK_PREFIX
15428 cmpxchg8b (%ebp)
15429 jne 1b
15430@@ -208,6 +236,13 @@ ENTRY(atomic64_inc_not_zero_cx8)
15431 movl %edx, %ecx
15432 addl $1, %ebx
15433 adcl $0, %ecx
15434+
15435+#ifdef CONFIG_PAX_REFCOUNT
15436+ into
15437+1234:
15438+ _ASM_EXTABLE(1234b, 1234b)
15439+#endif
15440+
15441 LOCK_PREFIX
15442 cmpxchg8b (%esi)
15443 jne 1b
15444diff -urNp linux-2.6.38.2/arch/x86/lib/checksum_32.S linux-2.6.38.2/arch/x86/lib/checksum_32.S
15445--- linux-2.6.38.2/arch/x86/lib/checksum_32.S 2011-03-14 21:20:32.000000000 -0400
15446+++ linux-2.6.38.2/arch/x86/lib/checksum_32.S 2011-03-21 18:31:35.000000000 -0400
15447@@ -28,7 +28,8 @@
15448 #include <linux/linkage.h>
15449 #include <asm/dwarf2.h>
15450 #include <asm/errno.h>
15451-
15452+#include <asm/segment.h>
15453+
15454 /*
15455 * computes a partial checksum, e.g. for TCP/UDP fragments
15456 */
15457@@ -304,9 +305,28 @@ unsigned int csum_partial_copy_generic (
15458
15459 #define ARGBASE 16
15460 #define FP 12
15461-
15462-ENTRY(csum_partial_copy_generic)
15463+
15464+ENTRY(csum_partial_copy_generic_to_user)
15465 CFI_STARTPROC
15466+
15467+#ifdef CONFIG_PAX_MEMORY_UDEREF
15468+ pushl %gs
15469+ CFI_ADJUST_CFA_OFFSET 4
15470+ popl %es
15471+ CFI_ADJUST_CFA_OFFSET -4
15472+ jmp csum_partial_copy_generic
15473+#endif
15474+
15475+ENTRY(csum_partial_copy_generic_from_user)
15476+
15477+#ifdef CONFIG_PAX_MEMORY_UDEREF
15478+ pushl %gs
15479+ CFI_ADJUST_CFA_OFFSET 4
15480+ popl %ds
15481+ CFI_ADJUST_CFA_OFFSET -4
15482+#endif
15483+
15484+ENTRY(csum_partial_copy_generic)
15485 subl $4,%esp
15486 CFI_ADJUST_CFA_OFFSET 4
15487 pushl %edi
15488@@ -331,7 +351,7 @@ ENTRY(csum_partial_copy_generic)
15489 jmp 4f
15490 SRC(1: movw (%esi), %bx )
15491 addl $2, %esi
15492-DST( movw %bx, (%edi) )
15493+DST( movw %bx, %es:(%edi) )
15494 addl $2, %edi
15495 addw %bx, %ax
15496 adcl $0, %eax
15497@@ -343,30 +363,30 @@ DST( movw %bx, (%edi) )
15498 SRC(1: movl (%esi), %ebx )
15499 SRC( movl 4(%esi), %edx )
15500 adcl %ebx, %eax
15501-DST( movl %ebx, (%edi) )
15502+DST( movl %ebx, %es:(%edi) )
15503 adcl %edx, %eax
15504-DST( movl %edx, 4(%edi) )
15505+DST( movl %edx, %es:4(%edi) )
15506
15507 SRC( movl 8(%esi), %ebx )
15508 SRC( movl 12(%esi), %edx )
15509 adcl %ebx, %eax
15510-DST( movl %ebx, 8(%edi) )
15511+DST( movl %ebx, %es:8(%edi) )
15512 adcl %edx, %eax
15513-DST( movl %edx, 12(%edi) )
15514+DST( movl %edx, %es:12(%edi) )
15515
15516 SRC( movl 16(%esi), %ebx )
15517 SRC( movl 20(%esi), %edx )
15518 adcl %ebx, %eax
15519-DST( movl %ebx, 16(%edi) )
15520+DST( movl %ebx, %es:16(%edi) )
15521 adcl %edx, %eax
15522-DST( movl %edx, 20(%edi) )
15523+DST( movl %edx, %es:20(%edi) )
15524
15525 SRC( movl 24(%esi), %ebx )
15526 SRC( movl 28(%esi), %edx )
15527 adcl %ebx, %eax
15528-DST( movl %ebx, 24(%edi) )
15529+DST( movl %ebx, %es:24(%edi) )
15530 adcl %edx, %eax
15531-DST( movl %edx, 28(%edi) )
15532+DST( movl %edx, %es:28(%edi) )
15533
15534 lea 32(%esi), %esi
15535 lea 32(%edi), %edi
15536@@ -380,7 +400,7 @@ DST( movl %edx, 28(%edi) )
15537 shrl $2, %edx # This clears CF
15538 SRC(3: movl (%esi), %ebx )
15539 adcl %ebx, %eax
15540-DST( movl %ebx, (%edi) )
15541+DST( movl %ebx, %es:(%edi) )
15542 lea 4(%esi), %esi
15543 lea 4(%edi), %edi
15544 dec %edx
15545@@ -392,12 +412,12 @@ DST( movl %ebx, (%edi) )
15546 jb 5f
15547 SRC( movw (%esi), %cx )
15548 leal 2(%esi), %esi
15549-DST( movw %cx, (%edi) )
15550+DST( movw %cx, %es:(%edi) )
15551 leal 2(%edi), %edi
15552 je 6f
15553 shll $16,%ecx
15554 SRC(5: movb (%esi), %cl )
15555-DST( movb %cl, (%edi) )
15556+DST( movb %cl, %es:(%edi) )
15557 6: addl %ecx, %eax
15558 adcl $0, %eax
15559 7:
15560@@ -408,7 +428,7 @@ DST( movb %cl, (%edi) )
15561
15562 6001:
15563 movl ARGBASE+20(%esp), %ebx # src_err_ptr
15564- movl $-EFAULT, (%ebx)
15565+ movl $-EFAULT, %ss:(%ebx)
15566
15567 # zero the complete destination - computing the rest
15568 # is too much work
15569@@ -421,11 +441,19 @@ DST( movb %cl, (%edi) )
15570
15571 6002:
15572 movl ARGBASE+24(%esp), %ebx # dst_err_ptr
15573- movl $-EFAULT,(%ebx)
15574+ movl $-EFAULT,%ss:(%ebx)
15575 jmp 5000b
15576
15577 .previous
15578
15579+ pushl %ss
15580+ CFI_ADJUST_CFA_OFFSET 4
15581+ popl %ds
15582+ CFI_ADJUST_CFA_OFFSET -4
15583+ pushl %ss
15584+ CFI_ADJUST_CFA_OFFSET 4
15585+ popl %es
15586+ CFI_ADJUST_CFA_OFFSET -4
15587 popl %ebx
15588 CFI_ADJUST_CFA_OFFSET -4
15589 CFI_RESTORE ebx
15590@@ -439,26 +467,47 @@ DST( movb %cl, (%edi) )
15591 CFI_ADJUST_CFA_OFFSET -4
15592 ret
15593 CFI_ENDPROC
15594-ENDPROC(csum_partial_copy_generic)
15595+ENDPROC(csum_partial_copy_generic_to_user)
15596
15597 #else
15598
15599 /* Version for PentiumII/PPro */
15600
15601 #define ROUND1(x) \
15602+ nop; nop; nop; \
15603 SRC(movl x(%esi), %ebx ) ; \
15604 addl %ebx, %eax ; \
15605- DST(movl %ebx, x(%edi) ) ;
15606+ DST(movl %ebx, %es:x(%edi)) ;
15607
15608 #define ROUND(x) \
15609+ nop; nop; nop; \
15610 SRC(movl x(%esi), %ebx ) ; \
15611 adcl %ebx, %eax ; \
15612- DST(movl %ebx, x(%edi) ) ;
15613+ DST(movl %ebx, %es:x(%edi)) ;
15614
15615 #define ARGBASE 12
15616-
15617-ENTRY(csum_partial_copy_generic)
15618+
15619+ENTRY(csum_partial_copy_generic_to_user)
15620 CFI_STARTPROC
15621+
15622+#ifdef CONFIG_PAX_MEMORY_UDEREF
15623+ pushl %gs
15624+ CFI_ADJUST_CFA_OFFSET 4
15625+ popl %es
15626+ CFI_ADJUST_CFA_OFFSET -4
15627+ jmp csum_partial_copy_generic
15628+#endif
15629+
15630+ENTRY(csum_partial_copy_generic_from_user)
15631+
15632+#ifdef CONFIG_PAX_MEMORY_UDEREF
15633+ pushl %gs
15634+ CFI_ADJUST_CFA_OFFSET 4
15635+ popl %ds
15636+ CFI_ADJUST_CFA_OFFSET -4
15637+#endif
15638+
15639+ENTRY(csum_partial_copy_generic)
15640 pushl %ebx
15641 CFI_ADJUST_CFA_OFFSET 4
15642 CFI_REL_OFFSET ebx, 0
15643@@ -482,7 +531,7 @@ ENTRY(csum_partial_copy_generic)
15644 subl %ebx, %edi
15645 lea -1(%esi),%edx
15646 andl $-32,%edx
15647- lea 3f(%ebx,%ebx), %ebx
15648+ lea 3f(%ebx,%ebx,2), %ebx
15649 testl %esi, %esi
15650 jmp *%ebx
15651 1: addl $64,%esi
15652@@ -503,19 +552,19 @@ ENTRY(csum_partial_copy_generic)
15653 jb 5f
15654 SRC( movw (%esi), %dx )
15655 leal 2(%esi), %esi
15656-DST( movw %dx, (%edi) )
15657+DST( movw %dx, %es:(%edi) )
15658 leal 2(%edi), %edi
15659 je 6f
15660 shll $16,%edx
15661 5:
15662 SRC( movb (%esi), %dl )
15663-DST( movb %dl, (%edi) )
15664+DST( movb %dl, %es:(%edi) )
15665 6: addl %edx, %eax
15666 adcl $0, %eax
15667 7:
15668 .section .fixup, "ax"
15669 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr
15670- movl $-EFAULT, (%ebx)
15671+ movl $-EFAULT, %ss:(%ebx)
15672 # zero the complete destination (computing the rest is too much work)
15673 movl ARGBASE+8(%esp),%edi # dst
15674 movl ARGBASE+12(%esp),%ecx # len
15675@@ -523,10 +572,21 @@ DST( movb %dl, (%edi) )
15676 rep; stosb
15677 jmp 7b
15678 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr
15679- movl $-EFAULT, (%ebx)
15680+ movl $-EFAULT, %ss:(%ebx)
15681 jmp 7b
15682 .previous
15683
15684+#ifdef CONFIG_PAX_MEMORY_UDEREF
15685+ pushl %ss
15686+ CFI_ADJUST_CFA_OFFSET 4
15687+ popl %ds
15688+ CFI_ADJUST_CFA_OFFSET -4
15689+ pushl %ss
15690+ CFI_ADJUST_CFA_OFFSET 4
15691+ popl %es
15692+ CFI_ADJUST_CFA_OFFSET -4
15693+#endif
15694+
15695 popl %esi
15696 CFI_ADJUST_CFA_OFFSET -4
15697 CFI_RESTORE esi
15698@@ -538,7 +598,7 @@ DST( movb %dl, (%edi) )
15699 CFI_RESTORE ebx
15700 ret
15701 CFI_ENDPROC
15702-ENDPROC(csum_partial_copy_generic)
15703+ENDPROC(csum_partial_copy_generic_to_user)
15704
15705 #undef ROUND
15706 #undef ROUND1
15707diff -urNp linux-2.6.38.2/arch/x86/lib/clear_page_64.S linux-2.6.38.2/arch/x86/lib/clear_page_64.S
15708--- linux-2.6.38.2/arch/x86/lib/clear_page_64.S 2011-03-14 21:20:32.000000000 -0400
15709+++ linux-2.6.38.2/arch/x86/lib/clear_page_64.S 2011-03-21 18:31:35.000000000 -0400
15710@@ -43,7 +43,7 @@ ENDPROC(clear_page)
15711
15712 #include <asm/cpufeature.h>
15713
15714- .section .altinstr_replacement,"ax"
15715+ .section .altinstr_replacement,"a"
15716 1: .byte 0xeb /* jmp <disp8> */
15717 .byte (clear_page_c - clear_page) - (2f - 1b) /* offset */
15718 2:
15719diff -urNp linux-2.6.38.2/arch/x86/lib/copy_page_64.S linux-2.6.38.2/arch/x86/lib/copy_page_64.S
15720--- linux-2.6.38.2/arch/x86/lib/copy_page_64.S 2011-03-14 21:20:32.000000000 -0400
15721+++ linux-2.6.38.2/arch/x86/lib/copy_page_64.S 2011-03-21 18:31:35.000000000 -0400
15722@@ -104,7 +104,7 @@ ENDPROC(copy_page)
15723
15724 #include <asm/cpufeature.h>
15725
15726- .section .altinstr_replacement,"ax"
15727+ .section .altinstr_replacement,"a"
15728 1: .byte 0xeb /* jmp <disp8> */
15729 .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */
15730 2:
15731diff -urNp linux-2.6.38.2/arch/x86/lib/copy_user_64.S linux-2.6.38.2/arch/x86/lib/copy_user_64.S
15732--- linux-2.6.38.2/arch/x86/lib/copy_user_64.S 2011-03-14 21:20:32.000000000 -0400
15733+++ linux-2.6.38.2/arch/x86/lib/copy_user_64.S 2011-03-21 18:31:35.000000000 -0400
15734@@ -15,13 +15,14 @@
15735 #include <asm/asm-offsets.h>
15736 #include <asm/thread_info.h>
15737 #include <asm/cpufeature.h>
15738+#include <asm/pgtable.h>
15739
15740 .macro ALTERNATIVE_JUMP feature,orig,alt
15741 0:
15742 .byte 0xe9 /* 32bit jump */
15743 .long \orig-1f /* by default jump to orig */
15744 1:
15745- .section .altinstr_replacement,"ax"
15746+ .section .altinstr_replacement,"a"
15747 2: .byte 0xe9 /* near jump with 32bit immediate */
15748 .long \alt-1b /* offset */ /* or alternatively to alt */
15749 .previous
15750@@ -64,37 +65,13 @@
15751 #endif
15752 .endm
15753
15754-/* Standard copy_to_user with segment limit checking */
15755-ENTRY(_copy_to_user)
15756- CFI_STARTPROC
15757- GET_THREAD_INFO(%rax)
15758- movq %rdi,%rcx
15759- addq %rdx,%rcx
15760- jc bad_to_user
15761- cmpq TI_addr_limit(%rax),%rcx
15762- jae bad_to_user
15763- ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
15764- CFI_ENDPROC
15765-ENDPROC(_copy_to_user)
15766-
15767-/* Standard copy_from_user with segment limit checking */
15768-ENTRY(_copy_from_user)
15769- CFI_STARTPROC
15770- GET_THREAD_INFO(%rax)
15771- movq %rsi,%rcx
15772- addq %rdx,%rcx
15773- jc bad_from_user
15774- cmpq TI_addr_limit(%rax),%rcx
15775- jae bad_from_user
15776- ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
15777- CFI_ENDPROC
15778-ENDPROC(_copy_from_user)
15779-
15780 .section .fixup,"ax"
15781 /* must zero dest */
15782 ENTRY(bad_from_user)
15783 bad_from_user:
15784 CFI_STARTPROC
15785+ testl %edx,%edx
15786+ js bad_to_user
15787 movl %edx,%ecx
15788 xorl %eax,%eax
15789 rep
15790diff -urNp linux-2.6.38.2/arch/x86/lib/copy_user_nocache_64.S linux-2.6.38.2/arch/x86/lib/copy_user_nocache_64.S
15791--- linux-2.6.38.2/arch/x86/lib/copy_user_nocache_64.S 2011-03-14 21:20:32.000000000 -0400
15792+++ linux-2.6.38.2/arch/x86/lib/copy_user_nocache_64.S 2011-03-21 18:31:35.000000000 -0400
15793@@ -14,6 +14,7 @@
15794 #include <asm/current.h>
15795 #include <asm/asm-offsets.h>
15796 #include <asm/thread_info.h>
15797+#include <asm/pgtable.h>
15798
15799 .macro ALIGN_DESTINATION
15800 #ifdef FIX_ALIGNMENT
15801@@ -50,6 +51,15 @@
15802 */
15803 ENTRY(__copy_user_nocache)
15804 CFI_STARTPROC
15805+
15806+#ifdef CONFIG_PAX_MEMORY_UDEREF
15807+ mov $PAX_USER_SHADOW_BASE,%rcx
15808+ cmp %rcx,%rsi
15809+ jae 1f
15810+ add %rcx,%rsi
15811+1:
15812+#endif
15813+
15814 cmpl $8,%edx
15815 jb 20f /* less then 8 bytes, go to byte copy loop */
15816 ALIGN_DESTINATION
15817diff -urNp linux-2.6.38.2/arch/x86/lib/csum-wrappers_64.c linux-2.6.38.2/arch/x86/lib/csum-wrappers_64.c
15818--- linux-2.6.38.2/arch/x86/lib/csum-wrappers_64.c 2011-03-14 21:20:32.000000000 -0400
15819+++ linux-2.6.38.2/arch/x86/lib/csum-wrappers_64.c 2011-03-21 18:31:35.000000000 -0400
15820@@ -52,6 +52,8 @@ csum_partial_copy_from_user(const void _
15821 len -= 2;
15822 }
15823 }
15824+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
15825+ src += PAX_USER_SHADOW_BASE;
15826 isum = csum_partial_copy_generic((__force const void *)src,
15827 dst, len, isum, errp, NULL);
15828 if (unlikely(*errp))
15829@@ -105,6 +107,8 @@ csum_partial_copy_to_user(const void *sr
15830 }
15831
15832 *errp = 0;
15833+ if ((unsigned long)dst < PAX_USER_SHADOW_BASE)
15834+ dst += PAX_USER_SHADOW_BASE;
15835 return csum_partial_copy_generic(src, (void __force *)dst,
15836 len, isum, NULL, errp);
15837 }
15838diff -urNp linux-2.6.38.2/arch/x86/lib/getuser.S linux-2.6.38.2/arch/x86/lib/getuser.S
15839--- linux-2.6.38.2/arch/x86/lib/getuser.S 2011-03-14 21:20:32.000000000 -0400
15840+++ linux-2.6.38.2/arch/x86/lib/getuser.S 2011-03-21 18:31:35.000000000 -0400
15841@@ -33,14 +33,35 @@
15842 #include <asm/asm-offsets.h>
15843 #include <asm/thread_info.h>
15844 #include <asm/asm.h>
15845+#include <asm/segment.h>
15846+#include <asm/pgtable.h>
15847+
15848+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
15849+#define __copyuser_seg gs;
15850+#else
15851+#define __copyuser_seg
15852+#endif
15853
15854 .text
15855 ENTRY(__get_user_1)
15856 CFI_STARTPROC
15857+
15858+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
15859 GET_THREAD_INFO(%_ASM_DX)
15860 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
15861 jae bad_get_user
15862-1: movzb (%_ASM_AX),%edx
15863+
15864+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
15865+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX
15866+ cmp %_ASM_DX,%_ASM_AX
15867+ jae 1234f
15868+ add %_ASM_DX,%_ASM_AX
15869+1234:
15870+#endif
15871+
15872+#endif
15873+
15874+1: __copyuser_seg movzb (%_ASM_AX),%edx
15875 xor %eax,%eax
15876 ret
15877 CFI_ENDPROC
15878@@ -49,11 +70,24 @@ ENDPROC(__get_user_1)
15879 ENTRY(__get_user_2)
15880 CFI_STARTPROC
15881 add $1,%_ASM_AX
15882+
15883+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
15884 jc bad_get_user
15885 GET_THREAD_INFO(%_ASM_DX)
15886 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
15887 jae bad_get_user
15888-2: movzwl -1(%_ASM_AX),%edx
15889+
15890+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
15891+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX
15892+ cmp %_ASM_DX,%_ASM_AX
15893+ jae 1234f
15894+ add %_ASM_DX,%_ASM_AX
15895+1234:
15896+#endif
15897+
15898+#endif
15899+
15900+2: __copyuser_seg movzwl -1(%_ASM_AX),%edx
15901 xor %eax,%eax
15902 ret
15903 CFI_ENDPROC
15904@@ -62,11 +96,24 @@ ENDPROC(__get_user_2)
15905 ENTRY(__get_user_4)
15906 CFI_STARTPROC
15907 add $3,%_ASM_AX
15908+
15909+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
15910 jc bad_get_user
15911 GET_THREAD_INFO(%_ASM_DX)
15912 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
15913 jae bad_get_user
15914-3: mov -3(%_ASM_AX),%edx
15915+
15916+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
15917+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX
15918+ cmp %_ASM_DX,%_ASM_AX
15919+ jae 1234f
15920+ add %_ASM_DX,%_ASM_AX
15921+1234:
15922+#endif
15923+
15924+#endif
15925+
15926+3: __copyuser_seg mov -3(%_ASM_AX),%edx
15927 xor %eax,%eax
15928 ret
15929 CFI_ENDPROC
15930@@ -80,6 +127,15 @@ ENTRY(__get_user_8)
15931 GET_THREAD_INFO(%_ASM_DX)
15932 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
15933 jae bad_get_user
15934+
15935+#ifdef CONFIG_PAX_MEMORY_UDEREF
15936+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX
15937+ cmp %_ASM_DX,%_ASM_AX
15938+ jae 1234f
15939+ add %_ASM_DX,%_ASM_AX
15940+1234:
15941+#endif
15942+
15943 4: movq -7(%_ASM_AX),%_ASM_DX
15944 xor %eax,%eax
15945 ret
15946diff -urNp linux-2.6.38.2/arch/x86/lib/insn.c linux-2.6.38.2/arch/x86/lib/insn.c
15947--- linux-2.6.38.2/arch/x86/lib/insn.c 2011-03-14 21:20:32.000000000 -0400
15948+++ linux-2.6.38.2/arch/x86/lib/insn.c 2011-03-21 18:31:35.000000000 -0400
15949@@ -21,6 +21,11 @@
15950 #include <linux/string.h>
15951 #include <asm/inat.h>
15952 #include <asm/insn.h>
15953+#ifdef __KERNEL__
15954+#include <asm/pgtable_types.h>
15955+#else
15956+#define ktla_ktva(addr) addr
15957+#endif
15958
15959 #define get_next(t, insn) \
15960 ({t r; r = *(t*)insn->next_byte; insn->next_byte += sizeof(t); r; })
15961@@ -40,8 +45,8 @@
15962 void insn_init(struct insn *insn, const void *kaddr, int x86_64)
15963 {
15964 memset(insn, 0, sizeof(*insn));
15965- insn->kaddr = kaddr;
15966- insn->next_byte = kaddr;
15967+ insn->kaddr = ktla_ktva(kaddr);
15968+ insn->next_byte = ktla_ktva(kaddr);
15969 insn->x86_64 = x86_64 ? 1 : 0;
15970 insn->opnd_bytes = 4;
15971 if (x86_64)
15972diff -urNp linux-2.6.38.2/arch/x86/lib/mmx_32.c linux-2.6.38.2/arch/x86/lib/mmx_32.c
15973--- linux-2.6.38.2/arch/x86/lib/mmx_32.c 2011-03-14 21:20:32.000000000 -0400
15974+++ linux-2.6.38.2/arch/x86/lib/mmx_32.c 2011-03-21 18:31:35.000000000 -0400
15975@@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void *
15976 {
15977 void *p;
15978 int i;
15979+ unsigned long cr0;
15980
15981 if (unlikely(in_interrupt()))
15982 return __memcpy(to, from, len);
15983@@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void *
15984 kernel_fpu_begin();
15985
15986 __asm__ __volatile__ (
15987- "1: prefetch (%0)\n" /* This set is 28 bytes */
15988- " prefetch 64(%0)\n"
15989- " prefetch 128(%0)\n"
15990- " prefetch 192(%0)\n"
15991- " prefetch 256(%0)\n"
15992+ "1: prefetch (%1)\n" /* This set is 28 bytes */
15993+ " prefetch 64(%1)\n"
15994+ " prefetch 128(%1)\n"
15995+ " prefetch 192(%1)\n"
15996+ " prefetch 256(%1)\n"
15997 "2: \n"
15998 ".section .fixup, \"ax\"\n"
15999- "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
16000+ "3: \n"
16001+
16002+#ifdef CONFIG_PAX_KERNEXEC
16003+ " movl %%cr0, %0\n"
16004+ " movl %0, %%eax\n"
16005+ " andl $0xFFFEFFFF, %%eax\n"
16006+ " movl %%eax, %%cr0\n"
16007+#endif
16008+
16009+ " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
16010+
16011+#ifdef CONFIG_PAX_KERNEXEC
16012+ " movl %0, %%cr0\n"
16013+#endif
16014+
16015 " jmp 2b\n"
16016 ".previous\n"
16017 _ASM_EXTABLE(1b, 3b)
16018- : : "r" (from));
16019+ : "=&r" (cr0) : "r" (from) : "ax");
16020
16021 for ( ; i > 5; i--) {
16022 __asm__ __volatile__ (
16023- "1: prefetch 320(%0)\n"
16024- "2: movq (%0), %%mm0\n"
16025- " movq 8(%0), %%mm1\n"
16026- " movq 16(%0), %%mm2\n"
16027- " movq 24(%0), %%mm3\n"
16028- " movq %%mm0, (%1)\n"
16029- " movq %%mm1, 8(%1)\n"
16030- " movq %%mm2, 16(%1)\n"
16031- " movq %%mm3, 24(%1)\n"
16032- " movq 32(%0), %%mm0\n"
16033- " movq 40(%0), %%mm1\n"
16034- " movq 48(%0), %%mm2\n"
16035- " movq 56(%0), %%mm3\n"
16036- " movq %%mm0, 32(%1)\n"
16037- " movq %%mm1, 40(%1)\n"
16038- " movq %%mm2, 48(%1)\n"
16039- " movq %%mm3, 56(%1)\n"
16040+ "1: prefetch 320(%1)\n"
16041+ "2: movq (%1), %%mm0\n"
16042+ " movq 8(%1), %%mm1\n"
16043+ " movq 16(%1), %%mm2\n"
16044+ " movq 24(%1), %%mm3\n"
16045+ " movq %%mm0, (%2)\n"
16046+ " movq %%mm1, 8(%2)\n"
16047+ " movq %%mm2, 16(%2)\n"
16048+ " movq %%mm3, 24(%2)\n"
16049+ " movq 32(%1), %%mm0\n"
16050+ " movq 40(%1), %%mm1\n"
16051+ " movq 48(%1), %%mm2\n"
16052+ " movq 56(%1), %%mm3\n"
16053+ " movq %%mm0, 32(%2)\n"
16054+ " movq %%mm1, 40(%2)\n"
16055+ " movq %%mm2, 48(%2)\n"
16056+ " movq %%mm3, 56(%2)\n"
16057 ".section .fixup, \"ax\"\n"
16058- "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
16059+ "3:\n"
16060+
16061+#ifdef CONFIG_PAX_KERNEXEC
16062+ " movl %%cr0, %0\n"
16063+ " movl %0, %%eax\n"
16064+ " andl $0xFFFEFFFF, %%eax\n"
16065+ " movl %%eax, %%cr0\n"
16066+#endif
16067+
16068+ " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
16069+
16070+#ifdef CONFIG_PAX_KERNEXEC
16071+ " movl %0, %%cr0\n"
16072+#endif
16073+
16074 " jmp 2b\n"
16075 ".previous\n"
16076 _ASM_EXTABLE(1b, 3b)
16077- : : "r" (from), "r" (to) : "memory");
16078+ : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
16079
16080 from += 64;
16081 to += 64;
16082@@ -158,6 +187,7 @@ static void fast_clear_page(void *page)
16083 static void fast_copy_page(void *to, void *from)
16084 {
16085 int i;
16086+ unsigned long cr0;
16087
16088 kernel_fpu_begin();
16089
16090@@ -166,42 +196,70 @@ static void fast_copy_page(void *to, voi
16091 * but that is for later. -AV
16092 */
16093 __asm__ __volatile__(
16094- "1: prefetch (%0)\n"
16095- " prefetch 64(%0)\n"
16096- " prefetch 128(%0)\n"
16097- " prefetch 192(%0)\n"
16098- " prefetch 256(%0)\n"
16099+ "1: prefetch (%1)\n"
16100+ " prefetch 64(%1)\n"
16101+ " prefetch 128(%1)\n"
16102+ " prefetch 192(%1)\n"
16103+ " prefetch 256(%1)\n"
16104 "2: \n"
16105 ".section .fixup, \"ax\"\n"
16106- "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
16107+ "3: \n"
16108+
16109+#ifdef CONFIG_PAX_KERNEXEC
16110+ " movl %%cr0, %0\n"
16111+ " movl %0, %%eax\n"
16112+ " andl $0xFFFEFFFF, %%eax\n"
16113+ " movl %%eax, %%cr0\n"
16114+#endif
16115+
16116+ " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
16117+
16118+#ifdef CONFIG_PAX_KERNEXEC
16119+ " movl %0, %%cr0\n"
16120+#endif
16121+
16122 " jmp 2b\n"
16123 ".previous\n"
16124- _ASM_EXTABLE(1b, 3b) : : "r" (from));
16125+ _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
16126
16127 for (i = 0; i < (4096-320)/64; i++) {
16128 __asm__ __volatile__ (
16129- "1: prefetch 320(%0)\n"
16130- "2: movq (%0), %%mm0\n"
16131- " movntq %%mm0, (%1)\n"
16132- " movq 8(%0), %%mm1\n"
16133- " movntq %%mm1, 8(%1)\n"
16134- " movq 16(%0), %%mm2\n"
16135- " movntq %%mm2, 16(%1)\n"
16136- " movq 24(%0), %%mm3\n"
16137- " movntq %%mm3, 24(%1)\n"
16138- " movq 32(%0), %%mm4\n"
16139- " movntq %%mm4, 32(%1)\n"
16140- " movq 40(%0), %%mm5\n"
16141- " movntq %%mm5, 40(%1)\n"
16142- " movq 48(%0), %%mm6\n"
16143- " movntq %%mm6, 48(%1)\n"
16144- " movq 56(%0), %%mm7\n"
16145- " movntq %%mm7, 56(%1)\n"
16146+ "1: prefetch 320(%1)\n"
16147+ "2: movq (%1), %%mm0\n"
16148+ " movntq %%mm0, (%2)\n"
16149+ " movq 8(%1), %%mm1\n"
16150+ " movntq %%mm1, 8(%2)\n"
16151+ " movq 16(%1), %%mm2\n"
16152+ " movntq %%mm2, 16(%2)\n"
16153+ " movq 24(%1), %%mm3\n"
16154+ " movntq %%mm3, 24(%2)\n"
16155+ " movq 32(%1), %%mm4\n"
16156+ " movntq %%mm4, 32(%2)\n"
16157+ " movq 40(%1), %%mm5\n"
16158+ " movntq %%mm5, 40(%2)\n"
16159+ " movq 48(%1), %%mm6\n"
16160+ " movntq %%mm6, 48(%2)\n"
16161+ " movq 56(%1), %%mm7\n"
16162+ " movntq %%mm7, 56(%2)\n"
16163 ".section .fixup, \"ax\"\n"
16164- "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
16165+ "3:\n"
16166+
16167+#ifdef CONFIG_PAX_KERNEXEC
16168+ " movl %%cr0, %0\n"
16169+ " movl %0, %%eax\n"
16170+ " andl $0xFFFEFFFF, %%eax\n"
16171+ " movl %%eax, %%cr0\n"
16172+#endif
16173+
16174+ " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
16175+
16176+#ifdef CONFIG_PAX_KERNEXEC
16177+ " movl %0, %%cr0\n"
16178+#endif
16179+
16180 " jmp 2b\n"
16181 ".previous\n"
16182- _ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory");
16183+ _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
16184
16185 from += 64;
16186 to += 64;
16187@@ -280,47 +338,76 @@ static void fast_clear_page(void *page)
16188 static void fast_copy_page(void *to, void *from)
16189 {
16190 int i;
16191+ unsigned long cr0;
16192
16193 kernel_fpu_begin();
16194
16195 __asm__ __volatile__ (
16196- "1: prefetch (%0)\n"
16197- " prefetch 64(%0)\n"
16198- " prefetch 128(%0)\n"
16199- " prefetch 192(%0)\n"
16200- " prefetch 256(%0)\n"
16201+ "1: prefetch (%1)\n"
16202+ " prefetch 64(%1)\n"
16203+ " prefetch 128(%1)\n"
16204+ " prefetch 192(%1)\n"
16205+ " prefetch 256(%1)\n"
16206 "2: \n"
16207 ".section .fixup, \"ax\"\n"
16208- "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
16209+ "3: \n"
16210+
16211+#ifdef CONFIG_PAX_KERNEXEC
16212+ " movl %%cr0, %0\n"
16213+ " movl %0, %%eax\n"
16214+ " andl $0xFFFEFFFF, %%eax\n"
16215+ " movl %%eax, %%cr0\n"
16216+#endif
16217+
16218+ " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
16219+
16220+#ifdef CONFIG_PAX_KERNEXEC
16221+ " movl %0, %%cr0\n"
16222+#endif
16223+
16224 " jmp 2b\n"
16225 ".previous\n"
16226- _ASM_EXTABLE(1b, 3b) : : "r" (from));
16227+ _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
16228
16229 for (i = 0; i < 4096/64; i++) {
16230 __asm__ __volatile__ (
16231- "1: prefetch 320(%0)\n"
16232- "2: movq (%0), %%mm0\n"
16233- " movq 8(%0), %%mm1\n"
16234- " movq 16(%0), %%mm2\n"
16235- " movq 24(%0), %%mm3\n"
16236- " movq %%mm0, (%1)\n"
16237- " movq %%mm1, 8(%1)\n"
16238- " movq %%mm2, 16(%1)\n"
16239- " movq %%mm3, 24(%1)\n"
16240- " movq 32(%0), %%mm0\n"
16241- " movq 40(%0), %%mm1\n"
16242- " movq 48(%0), %%mm2\n"
16243- " movq 56(%0), %%mm3\n"
16244- " movq %%mm0, 32(%1)\n"
16245- " movq %%mm1, 40(%1)\n"
16246- " movq %%mm2, 48(%1)\n"
16247- " movq %%mm3, 56(%1)\n"
16248+ "1: prefetch 320(%1)\n"
16249+ "2: movq (%1), %%mm0\n"
16250+ " movq 8(%1), %%mm1\n"
16251+ " movq 16(%1), %%mm2\n"
16252+ " movq 24(%1), %%mm3\n"
16253+ " movq %%mm0, (%2)\n"
16254+ " movq %%mm1, 8(%2)\n"
16255+ " movq %%mm2, 16(%2)\n"
16256+ " movq %%mm3, 24(%2)\n"
16257+ " movq 32(%1), %%mm0\n"
16258+ " movq 40(%1), %%mm1\n"
16259+ " movq 48(%1), %%mm2\n"
16260+ " movq 56(%1), %%mm3\n"
16261+ " movq %%mm0, 32(%2)\n"
16262+ " movq %%mm1, 40(%2)\n"
16263+ " movq %%mm2, 48(%2)\n"
16264+ " movq %%mm3, 56(%2)\n"
16265 ".section .fixup, \"ax\"\n"
16266- "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
16267+ "3:\n"
16268+
16269+#ifdef CONFIG_PAX_KERNEXEC
16270+ " movl %%cr0, %0\n"
16271+ " movl %0, %%eax\n"
16272+ " andl $0xFFFEFFFF, %%eax\n"
16273+ " movl %%eax, %%cr0\n"
16274+#endif
16275+
16276+ " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
16277+
16278+#ifdef CONFIG_PAX_KERNEXEC
16279+ " movl %0, %%cr0\n"
16280+#endif
16281+
16282 " jmp 2b\n"
16283 ".previous\n"
16284 _ASM_EXTABLE(1b, 3b)
16285- : : "r" (from), "r" (to) : "memory");
16286+ : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
16287
16288 from += 64;
16289 to += 64;
16290diff -urNp linux-2.6.38.2/arch/x86/lib/putuser.S linux-2.6.38.2/arch/x86/lib/putuser.S
16291--- linux-2.6.38.2/arch/x86/lib/putuser.S 2011-03-14 21:20:32.000000000 -0400
16292+++ linux-2.6.38.2/arch/x86/lib/putuser.S 2011-03-21 18:31:35.000000000 -0400
16293@@ -15,7 +15,8 @@
16294 #include <asm/thread_info.h>
16295 #include <asm/errno.h>
16296 #include <asm/asm.h>
16297-
16298+#include <asm/segment.h>
16299+#include <asm/pgtable.h>
16300
16301 /*
16302 * __put_user_X
16303@@ -29,52 +30,119 @@
16304 * as they get called from within inline assembly.
16305 */
16306
16307-#define ENTER CFI_STARTPROC ; \
16308- GET_THREAD_INFO(%_ASM_BX)
16309+#define ENTER CFI_STARTPROC
16310 #define EXIT ret ; \
16311 CFI_ENDPROC
16312
16313+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
16314+#define _DEST %_ASM_CX,%_ASM_BX
16315+#else
16316+#define _DEST %_ASM_CX
16317+#endif
16318+
16319+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
16320+#define __copyuser_seg gs;
16321+#else
16322+#define __copyuser_seg
16323+#endif
16324+
16325 .text
16326 ENTRY(__put_user_1)
16327 ENTER
16328+
16329+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
16330+ GET_THREAD_INFO(%_ASM_BX)
16331 cmp TI_addr_limit(%_ASM_BX),%_ASM_CX
16332 jae bad_put_user
16333-1: movb %al,(%_ASM_CX)
16334+
16335+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
16336+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX
16337+ cmp %_ASM_BX,%_ASM_CX
16338+ jb 1234f
16339+ xor %ebx,%ebx
16340+1234:
16341+#endif
16342+
16343+#endif
16344+
16345+1: __copyuser_seg movb %al,(_DEST)
16346 xor %eax,%eax
16347 EXIT
16348 ENDPROC(__put_user_1)
16349
16350 ENTRY(__put_user_2)
16351 ENTER
16352+
16353+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
16354+ GET_THREAD_INFO(%_ASM_BX)
16355 mov TI_addr_limit(%_ASM_BX),%_ASM_BX
16356 sub $1,%_ASM_BX
16357 cmp %_ASM_BX,%_ASM_CX
16358 jae bad_put_user
16359-2: movw %ax,(%_ASM_CX)
16360+
16361+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
16362+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX
16363+ cmp %_ASM_BX,%_ASM_CX
16364+ jb 1234f
16365+ xor %ebx,%ebx
16366+1234:
16367+#endif
16368+
16369+#endif
16370+
16371+2: __copyuser_seg movw %ax,(_DEST)
16372 xor %eax,%eax
16373 EXIT
16374 ENDPROC(__put_user_2)
16375
16376 ENTRY(__put_user_4)
16377 ENTER
16378+
16379+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
16380+ GET_THREAD_INFO(%_ASM_BX)
16381 mov TI_addr_limit(%_ASM_BX),%_ASM_BX
16382 sub $3,%_ASM_BX
16383 cmp %_ASM_BX,%_ASM_CX
16384 jae bad_put_user
16385-3: movl %eax,(%_ASM_CX)
16386+
16387+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
16388+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX
16389+ cmp %_ASM_BX,%_ASM_CX
16390+ jb 1234f
16391+ xor %ebx,%ebx
16392+1234:
16393+#endif
16394+
16395+#endif
16396+
16397+3: __copyuser_seg movl %eax,(_DEST)
16398 xor %eax,%eax
16399 EXIT
16400 ENDPROC(__put_user_4)
16401
16402 ENTRY(__put_user_8)
16403 ENTER
16404+
16405+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
16406+ GET_THREAD_INFO(%_ASM_BX)
16407 mov TI_addr_limit(%_ASM_BX),%_ASM_BX
16408 sub $7,%_ASM_BX
16409 cmp %_ASM_BX,%_ASM_CX
16410 jae bad_put_user
16411-4: mov %_ASM_AX,(%_ASM_CX)
16412+
16413+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
16414+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX
16415+ cmp %_ASM_BX,%_ASM_CX
16416+ jb 1234f
16417+ xor %ebx,%ebx
16418+1234:
16419+#endif
16420+
16421+#endif
16422+
16423+4: __copyuser_seg mov %_ASM_AX,(_DEST)
16424 #ifdef CONFIG_X86_32
16425-5: movl %edx,4(%_ASM_CX)
16426+5: __copyuser_seg movl %edx,4(_DEST)
16427 #endif
16428 xor %eax,%eax
16429 EXIT
16430diff -urNp linux-2.6.38.2/arch/x86/lib/usercopy_32.c linux-2.6.38.2/arch/x86/lib/usercopy_32.c
16431--- linux-2.6.38.2/arch/x86/lib/usercopy_32.c 2011-03-14 21:20:32.000000000 -0400
16432+++ linux-2.6.38.2/arch/x86/lib/usercopy_32.c 2011-03-21 18:31:35.000000000 -0400
16433@@ -43,7 +43,7 @@ do { \
16434 __asm__ __volatile__( \
16435 " testl %1,%1\n" \
16436 " jz 2f\n" \
16437- "0: lodsb\n" \
16438+ "0: "__copyuser_seg"lodsb\n" \
16439 " stosb\n" \
16440 " testb %%al,%%al\n" \
16441 " jz 1f\n" \
16442@@ -128,10 +128,12 @@ do { \
16443 int __d0; \
16444 might_fault(); \
16445 __asm__ __volatile__( \
16446+ __COPYUSER_SET_ES \
16447 "0: rep; stosl\n" \
16448 " movl %2,%0\n" \
16449 "1: rep; stosb\n" \
16450 "2:\n" \
16451+ __COPYUSER_RESTORE_ES \
16452 ".section .fixup,\"ax\"\n" \
16453 "3: lea 0(%2,%0,4),%0\n" \
16454 " jmp 2b\n" \
16455@@ -200,6 +202,7 @@ long strnlen_user(const char __user *s,
16456 might_fault();
16457
16458 __asm__ __volatile__(
16459+ __COPYUSER_SET_ES
16460 " testl %0, %0\n"
16461 " jz 3f\n"
16462 " andl %0,%%ecx\n"
16463@@ -208,6 +211,7 @@ long strnlen_user(const char __user *s,
16464 " subl %%ecx,%0\n"
16465 " addl %0,%%eax\n"
16466 "1:\n"
16467+ __COPYUSER_RESTORE_ES
16468 ".section .fixup,\"ax\"\n"
16469 "2: xorl %%eax,%%eax\n"
16470 " jmp 1b\n"
16471@@ -227,7 +231,7 @@ EXPORT_SYMBOL(strnlen_user);
16472
16473 #ifdef CONFIG_X86_INTEL_USERCOPY
16474 static unsigned long
16475-__copy_user_intel(void __user *to, const void *from, unsigned long size)
16476+__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size)
16477 {
16478 int d0, d1;
16479 __asm__ __volatile__(
16480@@ -239,36 +243,36 @@ __copy_user_intel(void __user *to, const
16481 " .align 2,0x90\n"
16482 "3: movl 0(%4), %%eax\n"
16483 "4: movl 4(%4), %%edx\n"
16484- "5: movl %%eax, 0(%3)\n"
16485- "6: movl %%edx, 4(%3)\n"
16486+ "5: "__copyuser_seg" movl %%eax, 0(%3)\n"
16487+ "6: "__copyuser_seg" movl %%edx, 4(%3)\n"
16488 "7: movl 8(%4), %%eax\n"
16489 "8: movl 12(%4),%%edx\n"
16490- "9: movl %%eax, 8(%3)\n"
16491- "10: movl %%edx, 12(%3)\n"
16492+ "9: "__copyuser_seg" movl %%eax, 8(%3)\n"
16493+ "10: "__copyuser_seg" movl %%edx, 12(%3)\n"
16494 "11: movl 16(%4), %%eax\n"
16495 "12: movl 20(%4), %%edx\n"
16496- "13: movl %%eax, 16(%3)\n"
16497- "14: movl %%edx, 20(%3)\n"
16498+ "13: "__copyuser_seg" movl %%eax, 16(%3)\n"
16499+ "14: "__copyuser_seg" movl %%edx, 20(%3)\n"
16500 "15: movl 24(%4), %%eax\n"
16501 "16: movl 28(%4), %%edx\n"
16502- "17: movl %%eax, 24(%3)\n"
16503- "18: movl %%edx, 28(%3)\n"
16504+ "17: "__copyuser_seg" movl %%eax, 24(%3)\n"
16505+ "18: "__copyuser_seg" movl %%edx, 28(%3)\n"
16506 "19: movl 32(%4), %%eax\n"
16507 "20: movl 36(%4), %%edx\n"
16508- "21: movl %%eax, 32(%3)\n"
16509- "22: movl %%edx, 36(%3)\n"
16510+ "21: "__copyuser_seg" movl %%eax, 32(%3)\n"
16511+ "22: "__copyuser_seg" movl %%edx, 36(%3)\n"
16512 "23: movl 40(%4), %%eax\n"
16513 "24: movl 44(%4), %%edx\n"
16514- "25: movl %%eax, 40(%3)\n"
16515- "26: movl %%edx, 44(%3)\n"
16516+ "25: "__copyuser_seg" movl %%eax, 40(%3)\n"
16517+ "26: "__copyuser_seg" movl %%edx, 44(%3)\n"
16518 "27: movl 48(%4), %%eax\n"
16519 "28: movl 52(%4), %%edx\n"
16520- "29: movl %%eax, 48(%3)\n"
16521- "30: movl %%edx, 52(%3)\n"
16522+ "29: "__copyuser_seg" movl %%eax, 48(%3)\n"
16523+ "30: "__copyuser_seg" movl %%edx, 52(%3)\n"
16524 "31: movl 56(%4), %%eax\n"
16525 "32: movl 60(%4), %%edx\n"
16526- "33: movl %%eax, 56(%3)\n"
16527- "34: movl %%edx, 60(%3)\n"
16528+ "33: "__copyuser_seg" movl %%eax, 56(%3)\n"
16529+ "34: "__copyuser_seg" movl %%edx, 60(%3)\n"
16530 " addl $-64, %0\n"
16531 " addl $64, %4\n"
16532 " addl $64, %3\n"
16533@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const
16534 " shrl $2, %0\n"
16535 " andl $3, %%eax\n"
16536 " cld\n"
16537+ __COPYUSER_SET_ES
16538 "99: rep; movsl\n"
16539 "36: movl %%eax, %0\n"
16540 "37: rep; movsb\n"
16541 "100:\n"
16542+ __COPYUSER_RESTORE_ES
16543+ ".section .fixup,\"ax\"\n"
16544+ "101: lea 0(%%eax,%0,4),%0\n"
16545+ " jmp 100b\n"
16546+ ".previous\n"
16547+ ".section __ex_table,\"a\"\n"
16548+ " .align 4\n"
16549+ " .long 1b,100b\n"
16550+ " .long 2b,100b\n"
16551+ " .long 3b,100b\n"
16552+ " .long 4b,100b\n"
16553+ " .long 5b,100b\n"
16554+ " .long 6b,100b\n"
16555+ " .long 7b,100b\n"
16556+ " .long 8b,100b\n"
16557+ " .long 9b,100b\n"
16558+ " .long 10b,100b\n"
16559+ " .long 11b,100b\n"
16560+ " .long 12b,100b\n"
16561+ " .long 13b,100b\n"
16562+ " .long 14b,100b\n"
16563+ " .long 15b,100b\n"
16564+ " .long 16b,100b\n"
16565+ " .long 17b,100b\n"
16566+ " .long 18b,100b\n"
16567+ " .long 19b,100b\n"
16568+ " .long 20b,100b\n"
16569+ " .long 21b,100b\n"
16570+ " .long 22b,100b\n"
16571+ " .long 23b,100b\n"
16572+ " .long 24b,100b\n"
16573+ " .long 25b,100b\n"
16574+ " .long 26b,100b\n"
16575+ " .long 27b,100b\n"
16576+ " .long 28b,100b\n"
16577+ " .long 29b,100b\n"
16578+ " .long 30b,100b\n"
16579+ " .long 31b,100b\n"
16580+ " .long 32b,100b\n"
16581+ " .long 33b,100b\n"
16582+ " .long 34b,100b\n"
16583+ " .long 35b,100b\n"
16584+ " .long 36b,100b\n"
16585+ " .long 37b,100b\n"
16586+ " .long 99b,101b\n"
16587+ ".previous"
16588+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
16589+ : "1"(to), "2"(from), "0"(size)
16590+ : "eax", "edx", "memory");
16591+ return size;
16592+}
16593+
16594+static unsigned long
16595+__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
16596+{
16597+ int d0, d1;
16598+ __asm__ __volatile__(
16599+ " .align 2,0x90\n"
16600+ "1: "__copyuser_seg" movl 32(%4), %%eax\n"
16601+ " cmpl $67, %0\n"
16602+ " jbe 3f\n"
16603+ "2: "__copyuser_seg" movl 64(%4), %%eax\n"
16604+ " .align 2,0x90\n"
16605+ "3: "__copyuser_seg" movl 0(%4), %%eax\n"
16606+ "4: "__copyuser_seg" movl 4(%4), %%edx\n"
16607+ "5: movl %%eax, 0(%3)\n"
16608+ "6: movl %%edx, 4(%3)\n"
16609+ "7: "__copyuser_seg" movl 8(%4), %%eax\n"
16610+ "8: "__copyuser_seg" movl 12(%4),%%edx\n"
16611+ "9: movl %%eax, 8(%3)\n"
16612+ "10: movl %%edx, 12(%3)\n"
16613+ "11: "__copyuser_seg" movl 16(%4), %%eax\n"
16614+ "12: "__copyuser_seg" movl 20(%4), %%edx\n"
16615+ "13: movl %%eax, 16(%3)\n"
16616+ "14: movl %%edx, 20(%3)\n"
16617+ "15: "__copyuser_seg" movl 24(%4), %%eax\n"
16618+ "16: "__copyuser_seg" movl 28(%4), %%edx\n"
16619+ "17: movl %%eax, 24(%3)\n"
16620+ "18: movl %%edx, 28(%3)\n"
16621+ "19: "__copyuser_seg" movl 32(%4), %%eax\n"
16622+ "20: "__copyuser_seg" movl 36(%4), %%edx\n"
16623+ "21: movl %%eax, 32(%3)\n"
16624+ "22: movl %%edx, 36(%3)\n"
16625+ "23: "__copyuser_seg" movl 40(%4), %%eax\n"
16626+ "24: "__copyuser_seg" movl 44(%4), %%edx\n"
16627+ "25: movl %%eax, 40(%3)\n"
16628+ "26: movl %%edx, 44(%3)\n"
16629+ "27: "__copyuser_seg" movl 48(%4), %%eax\n"
16630+ "28: "__copyuser_seg" movl 52(%4), %%edx\n"
16631+ "29: movl %%eax, 48(%3)\n"
16632+ "30: movl %%edx, 52(%3)\n"
16633+ "31: "__copyuser_seg" movl 56(%4), %%eax\n"
16634+ "32: "__copyuser_seg" movl 60(%4), %%edx\n"
16635+ "33: movl %%eax, 56(%3)\n"
16636+ "34: movl %%edx, 60(%3)\n"
16637+ " addl $-64, %0\n"
16638+ " addl $64, %4\n"
16639+ " addl $64, %3\n"
16640+ " cmpl $63, %0\n"
16641+ " ja 1b\n"
16642+ "35: movl %0, %%eax\n"
16643+ " shrl $2, %0\n"
16644+ " andl $3, %%eax\n"
16645+ " cld\n"
16646+ "99: rep; "__copyuser_seg" movsl\n"
16647+ "36: movl %%eax, %0\n"
16648+ "37: rep; "__copyuser_seg" movsb\n"
16649+ "100:\n"
16650 ".section .fixup,\"ax\"\n"
16651 "101: lea 0(%%eax,%0,4),%0\n"
16652 " jmp 100b\n"
16653@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, cons
16654 int d0, d1;
16655 __asm__ __volatile__(
16656 " .align 2,0x90\n"
16657- "0: movl 32(%4), %%eax\n"
16658+ "0: "__copyuser_seg" movl 32(%4), %%eax\n"
16659 " cmpl $67, %0\n"
16660 " jbe 2f\n"
16661- "1: movl 64(%4), %%eax\n"
16662+ "1: "__copyuser_seg" movl 64(%4), %%eax\n"
16663 " .align 2,0x90\n"
16664- "2: movl 0(%4), %%eax\n"
16665- "21: movl 4(%4), %%edx\n"
16666+ "2: "__copyuser_seg" movl 0(%4), %%eax\n"
16667+ "21: "__copyuser_seg" movl 4(%4), %%edx\n"
16668 " movl %%eax, 0(%3)\n"
16669 " movl %%edx, 4(%3)\n"
16670- "3: movl 8(%4), %%eax\n"
16671- "31: movl 12(%4),%%edx\n"
16672+ "3: "__copyuser_seg" movl 8(%4), %%eax\n"
16673+ "31: "__copyuser_seg" movl 12(%4),%%edx\n"
16674 " movl %%eax, 8(%3)\n"
16675 " movl %%edx, 12(%3)\n"
16676- "4: movl 16(%4), %%eax\n"
16677- "41: movl 20(%4), %%edx\n"
16678+ "4: "__copyuser_seg" movl 16(%4), %%eax\n"
16679+ "41: "__copyuser_seg" movl 20(%4), %%edx\n"
16680 " movl %%eax, 16(%3)\n"
16681 " movl %%edx, 20(%3)\n"
16682- "10: movl 24(%4), %%eax\n"
16683- "51: movl 28(%4), %%edx\n"
16684+ "10: "__copyuser_seg" movl 24(%4), %%eax\n"
16685+ "51: "__copyuser_seg" movl 28(%4), %%edx\n"
16686 " movl %%eax, 24(%3)\n"
16687 " movl %%edx, 28(%3)\n"
16688- "11: movl 32(%4), %%eax\n"
16689- "61: movl 36(%4), %%edx\n"
16690+ "11: "__copyuser_seg" movl 32(%4), %%eax\n"
16691+ "61: "__copyuser_seg" movl 36(%4), %%edx\n"
16692 " movl %%eax, 32(%3)\n"
16693 " movl %%edx, 36(%3)\n"
16694- "12: movl 40(%4), %%eax\n"
16695- "71: movl 44(%4), %%edx\n"
16696+ "12: "__copyuser_seg" movl 40(%4), %%eax\n"
16697+ "71: "__copyuser_seg" movl 44(%4), %%edx\n"
16698 " movl %%eax, 40(%3)\n"
16699 " movl %%edx, 44(%3)\n"
16700- "13: movl 48(%4), %%eax\n"
16701- "81: movl 52(%4), %%edx\n"
16702+ "13: "__copyuser_seg" movl 48(%4), %%eax\n"
16703+ "81: "__copyuser_seg" movl 52(%4), %%edx\n"
16704 " movl %%eax, 48(%3)\n"
16705 " movl %%edx, 52(%3)\n"
16706- "14: movl 56(%4), %%eax\n"
16707- "91: movl 60(%4), %%edx\n"
16708+ "14: "__copyuser_seg" movl 56(%4), %%eax\n"
16709+ "91: "__copyuser_seg" movl 60(%4), %%edx\n"
16710 " movl %%eax, 56(%3)\n"
16711 " movl %%edx, 60(%3)\n"
16712 " addl $-64, %0\n"
16713@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, cons
16714 " shrl $2, %0\n"
16715 " andl $3, %%eax\n"
16716 " cld\n"
16717- "6: rep; movsl\n"
16718+ "6: rep; "__copyuser_seg" movsl\n"
16719 " movl %%eax,%0\n"
16720- "7: rep; movsb\n"
16721+ "7: rep; "__copyuser_seg" movsb\n"
16722 "8:\n"
16723 ".section .fixup,\"ax\"\n"
16724 "9: lea 0(%%eax,%0,4),%0\n"
16725@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing
16726
16727 __asm__ __volatile__(
16728 " .align 2,0x90\n"
16729- "0: movl 32(%4), %%eax\n"
16730+ "0: "__copyuser_seg" movl 32(%4), %%eax\n"
16731 " cmpl $67, %0\n"
16732 " jbe 2f\n"
16733- "1: movl 64(%4), %%eax\n"
16734+ "1: "__copyuser_seg" movl 64(%4), %%eax\n"
16735 " .align 2,0x90\n"
16736- "2: movl 0(%4), %%eax\n"
16737- "21: movl 4(%4), %%edx\n"
16738+ "2: "__copyuser_seg" movl 0(%4), %%eax\n"
16739+ "21: "__copyuser_seg" movl 4(%4), %%edx\n"
16740 " movnti %%eax, 0(%3)\n"
16741 " movnti %%edx, 4(%3)\n"
16742- "3: movl 8(%4), %%eax\n"
16743- "31: movl 12(%4),%%edx\n"
16744+ "3: "__copyuser_seg" movl 8(%4), %%eax\n"
16745+ "31: "__copyuser_seg" movl 12(%4),%%edx\n"
16746 " movnti %%eax, 8(%3)\n"
16747 " movnti %%edx, 12(%3)\n"
16748- "4: movl 16(%4), %%eax\n"
16749- "41: movl 20(%4), %%edx\n"
16750+ "4: "__copyuser_seg" movl 16(%4), %%eax\n"
16751+ "41: "__copyuser_seg" movl 20(%4), %%edx\n"
16752 " movnti %%eax, 16(%3)\n"
16753 " movnti %%edx, 20(%3)\n"
16754- "10: movl 24(%4), %%eax\n"
16755- "51: movl 28(%4), %%edx\n"
16756+ "10: "__copyuser_seg" movl 24(%4), %%eax\n"
16757+ "51: "__copyuser_seg" movl 28(%4), %%edx\n"
16758 " movnti %%eax, 24(%3)\n"
16759 " movnti %%edx, 28(%3)\n"
16760- "11: movl 32(%4), %%eax\n"
16761- "61: movl 36(%4), %%edx\n"
16762+ "11: "__copyuser_seg" movl 32(%4), %%eax\n"
16763+ "61: "__copyuser_seg" movl 36(%4), %%edx\n"
16764 " movnti %%eax, 32(%3)\n"
16765 " movnti %%edx, 36(%3)\n"
16766- "12: movl 40(%4), %%eax\n"
16767- "71: movl 44(%4), %%edx\n"
16768+ "12: "__copyuser_seg" movl 40(%4), %%eax\n"
16769+ "71: "__copyuser_seg" movl 44(%4), %%edx\n"
16770 " movnti %%eax, 40(%3)\n"
16771 " movnti %%edx, 44(%3)\n"
16772- "13: movl 48(%4), %%eax\n"
16773- "81: movl 52(%4), %%edx\n"
16774+ "13: "__copyuser_seg" movl 48(%4), %%eax\n"
16775+ "81: "__copyuser_seg" movl 52(%4), %%edx\n"
16776 " movnti %%eax, 48(%3)\n"
16777 " movnti %%edx, 52(%3)\n"
16778- "14: movl 56(%4), %%eax\n"
16779- "91: movl 60(%4), %%edx\n"
16780+ "14: "__copyuser_seg" movl 56(%4), %%eax\n"
16781+ "91: "__copyuser_seg" movl 60(%4), %%edx\n"
16782 " movnti %%eax, 56(%3)\n"
16783 " movnti %%edx, 60(%3)\n"
16784 " addl $-64, %0\n"
16785@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing
16786 " shrl $2, %0\n"
16787 " andl $3, %%eax\n"
16788 " cld\n"
16789- "6: rep; movsl\n"
16790+ "6: rep; "__copyuser_seg" movsl\n"
16791 " movl %%eax,%0\n"
16792- "7: rep; movsb\n"
16793+ "7: rep; "__copyuser_seg" movsb\n"
16794 "8:\n"
16795 ".section .fixup,\"ax\"\n"
16796 "9: lea 0(%%eax,%0,4),%0\n"
16797@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_n
16798
16799 __asm__ __volatile__(
16800 " .align 2,0x90\n"
16801- "0: movl 32(%4), %%eax\n"
16802+ "0: "__copyuser_seg" movl 32(%4), %%eax\n"
16803 " cmpl $67, %0\n"
16804 " jbe 2f\n"
16805- "1: movl 64(%4), %%eax\n"
16806+ "1: "__copyuser_seg" movl 64(%4), %%eax\n"
16807 " .align 2,0x90\n"
16808- "2: movl 0(%4), %%eax\n"
16809- "21: movl 4(%4), %%edx\n"
16810+ "2: "__copyuser_seg" movl 0(%4), %%eax\n"
16811+ "21: "__copyuser_seg" movl 4(%4), %%edx\n"
16812 " movnti %%eax, 0(%3)\n"
16813 " movnti %%edx, 4(%3)\n"
16814- "3: movl 8(%4), %%eax\n"
16815- "31: movl 12(%4),%%edx\n"
16816+ "3: "__copyuser_seg" movl 8(%4), %%eax\n"
16817+ "31: "__copyuser_seg" movl 12(%4),%%edx\n"
16818 " movnti %%eax, 8(%3)\n"
16819 " movnti %%edx, 12(%3)\n"
16820- "4: movl 16(%4), %%eax\n"
16821- "41: movl 20(%4), %%edx\n"
16822+ "4: "__copyuser_seg" movl 16(%4), %%eax\n"
16823+ "41: "__copyuser_seg" movl 20(%4), %%edx\n"
16824 " movnti %%eax, 16(%3)\n"
16825 " movnti %%edx, 20(%3)\n"
16826- "10: movl 24(%4), %%eax\n"
16827- "51: movl 28(%4), %%edx\n"
16828+ "10: "__copyuser_seg" movl 24(%4), %%eax\n"
16829+ "51: "__copyuser_seg" movl 28(%4), %%edx\n"
16830 " movnti %%eax, 24(%3)\n"
16831 " movnti %%edx, 28(%3)\n"
16832- "11: movl 32(%4), %%eax\n"
16833- "61: movl 36(%4), %%edx\n"
16834+ "11: "__copyuser_seg" movl 32(%4), %%eax\n"
16835+ "61: "__copyuser_seg" movl 36(%4), %%edx\n"
16836 " movnti %%eax, 32(%3)\n"
16837 " movnti %%edx, 36(%3)\n"
16838- "12: movl 40(%4), %%eax\n"
16839- "71: movl 44(%4), %%edx\n"
16840+ "12: "__copyuser_seg" movl 40(%4), %%eax\n"
16841+ "71: "__copyuser_seg" movl 44(%4), %%edx\n"
16842 " movnti %%eax, 40(%3)\n"
16843 " movnti %%edx, 44(%3)\n"
16844- "13: movl 48(%4), %%eax\n"
16845- "81: movl 52(%4), %%edx\n"
16846+ "13: "__copyuser_seg" movl 48(%4), %%eax\n"
16847+ "81: "__copyuser_seg" movl 52(%4), %%edx\n"
16848 " movnti %%eax, 48(%3)\n"
16849 " movnti %%edx, 52(%3)\n"
16850- "14: movl 56(%4), %%eax\n"
16851- "91: movl 60(%4), %%edx\n"
16852+ "14: "__copyuser_seg" movl 56(%4), %%eax\n"
16853+ "91: "__copyuser_seg" movl 60(%4), %%edx\n"
16854 " movnti %%eax, 56(%3)\n"
16855 " movnti %%edx, 60(%3)\n"
16856 " addl $-64, %0\n"
16857@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_n
16858 " shrl $2, %0\n"
16859 " andl $3, %%eax\n"
16860 " cld\n"
16861- "6: rep; movsl\n"
16862+ "6: rep; "__copyuser_seg" movsl\n"
16863 " movl %%eax,%0\n"
16864- "7: rep; movsb\n"
16865+ "7: rep; "__copyuser_seg" movsb\n"
16866 "8:\n"
16867 ".section .fixup,\"ax\"\n"
16868 "9: lea 0(%%eax,%0,4),%0\n"
16869@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_n
16870 */
16871 unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
16872 unsigned long size);
16873-unsigned long __copy_user_intel(void __user *to, const void *from,
16874+unsigned long __generic_copy_to_user_intel(void __user *to, const void *from,
16875+ unsigned long size);
16876+unsigned long __generic_copy_from_user_intel(void *to, const void __user *from,
16877 unsigned long size);
16878 unsigned long __copy_user_zeroing_intel_nocache(void *to,
16879 const void __user *from, unsigned long size);
16880 #endif /* CONFIG_X86_INTEL_USERCOPY */
16881
16882 /* Generic arbitrary sized copy. */
16883-#define __copy_user(to, from, size) \
16884+#define __copy_user(to, from, size, prefix, set, restore) \
16885 do { \
16886 int __d0, __d1, __d2; \
16887 __asm__ __volatile__( \
16888+ set \
16889 " cmp $7,%0\n" \
16890 " jbe 1f\n" \
16891 " movl %1,%0\n" \
16892 " negl %0\n" \
16893 " andl $7,%0\n" \
16894 " subl %0,%3\n" \
16895- "4: rep; movsb\n" \
16896+ "4: rep; "prefix"movsb\n" \
16897 " movl %3,%0\n" \
16898 " shrl $2,%0\n" \
16899 " andl $3,%3\n" \
16900 " .align 2,0x90\n" \
16901- "0: rep; movsl\n" \
16902+ "0: rep; "prefix"movsl\n" \
16903 " movl %3,%0\n" \
16904- "1: rep; movsb\n" \
16905+ "1: rep; "prefix"movsb\n" \
16906 "2:\n" \
16907+ restore \
16908 ".section .fixup,\"ax\"\n" \
16909 "5: addl %3,%0\n" \
16910 " jmp 2b\n" \
16911@@ -682,14 +799,14 @@ do { \
16912 " negl %0\n" \
16913 " andl $7,%0\n" \
16914 " subl %0,%3\n" \
16915- "4: rep; movsb\n" \
16916+ "4: rep; "__copyuser_seg"movsb\n" \
16917 " movl %3,%0\n" \
16918 " shrl $2,%0\n" \
16919 " andl $3,%3\n" \
16920 " .align 2,0x90\n" \
16921- "0: rep; movsl\n" \
16922+ "0: rep; "__copyuser_seg"movsl\n" \
16923 " movl %3,%0\n" \
16924- "1: rep; movsb\n" \
16925+ "1: rep; "__copyuser_seg"movsb\n" \
16926 "2:\n" \
16927 ".section .fixup,\"ax\"\n" \
16928 "5: addl %3,%0\n" \
16929@@ -775,9 +892,9 @@ survive:
16930 }
16931 #endif
16932 if (movsl_is_ok(to, from, n))
16933- __copy_user(to, from, n);
16934+ __copy_user(to, from, n, "", __COPYUSER_SET_ES, __COPYUSER_RESTORE_ES);
16935 else
16936- n = __copy_user_intel(to, from, n);
16937+ n = __generic_copy_to_user_intel(to, from, n);
16938 return n;
16939 }
16940 EXPORT_SYMBOL(__copy_to_user_ll);
16941@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero
16942 unsigned long n)
16943 {
16944 if (movsl_is_ok(to, from, n))
16945- __copy_user(to, from, n);
16946+ __copy_user(to, from, n, __copyuser_seg, "", "");
16947 else
16948- n = __copy_user_intel((void __user *)to,
16949- (const void *)from, n);
16950+ n = __generic_copy_from_user_intel(to, from, n);
16951 return n;
16952 }
16953 EXPORT_SYMBOL(__copy_from_user_ll_nozero);
16954@@ -827,65 +943,49 @@ unsigned long __copy_from_user_ll_nocach
16955 if (n > 64 && cpu_has_xmm2)
16956 n = __copy_user_intel_nocache(to, from, n);
16957 else
16958- __copy_user(to, from, n);
16959+ __copy_user(to, from, n, __copyuser_seg, "", "");
16960 #else
16961- __copy_user(to, from, n);
16962+ __copy_user(to, from, n, __copyuser_seg, "", "");
16963 #endif
16964 return n;
16965 }
16966 EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
16967
16968-/**
16969- * copy_to_user: - Copy a block of data into user space.
16970- * @to: Destination address, in user space.
16971- * @from: Source address, in kernel space.
16972- * @n: Number of bytes to copy.
16973- *
16974- * Context: User context only. This function may sleep.
16975- *
16976- * Copy data from kernel space to user space.
16977- *
16978- * Returns number of bytes that could not be copied.
16979- * On success, this will be zero.
16980- */
16981-unsigned long
16982-copy_to_user(void __user *to, const void *from, unsigned long n)
16983+void copy_from_user_overflow(void)
16984 {
16985- if (access_ok(VERIFY_WRITE, to, n))
16986- n = __copy_to_user(to, from, n);
16987- return n;
16988+ WARN(1, "Buffer overflow detected!\n");
16989 }
16990-EXPORT_SYMBOL(copy_to_user);
16991+EXPORT_SYMBOL(copy_from_user_overflow);
16992
16993-/**
16994- * copy_from_user: - Copy a block of data from user space.
16995- * @to: Destination address, in kernel space.
16996- * @from: Source address, in user space.
16997- * @n: Number of bytes to copy.
16998- *
16999- * Context: User context only. This function may sleep.
17000- *
17001- * Copy data from user space to kernel space.
17002- *
17003- * Returns number of bytes that could not be copied.
17004- * On success, this will be zero.
17005- *
17006- * If some data could not be copied, this function will pad the copied
17007- * data to the requested size using zero bytes.
17008- */
17009-unsigned long
17010-_copy_from_user(void *to, const void __user *from, unsigned long n)
17011+void copy_to_user_overflow(void)
17012 {
17013- if (access_ok(VERIFY_READ, from, n))
17014- n = __copy_from_user(to, from, n);
17015- else
17016- memset(to, 0, n);
17017- return n;
17018+ WARN(1, "Buffer overflow detected!\n");
17019 }
17020-EXPORT_SYMBOL(_copy_from_user);
17021+EXPORT_SYMBOL(copy_to_user_overflow);
17022
17023-void copy_from_user_overflow(void)
17024+#ifdef CONFIG_PAX_MEMORY_UDEREF
17025+void __set_fs(mm_segment_t x)
17026 {
17027- WARN(1, "Buffer overflow detected!\n");
17028+ switch (x.seg) {
17029+ case 0:
17030+ loadsegment(gs, 0);
17031+ break;
17032+ case TASK_SIZE_MAX:
17033+ loadsegment(gs, __USER_DS);
17034+ break;
17035+ case -1UL:
17036+ loadsegment(gs, __KERNEL_DS);
17037+ break;
17038+ default:
17039+ BUG();
17040+ }
17041+ return;
17042 }
17043-EXPORT_SYMBOL(copy_from_user_overflow);
17044+
17045+void set_fs(mm_segment_t x)
17046+{
17047+ current_thread_info()->addr_limit = x;
17048+ __set_fs(x);
17049+}
17050+EXPORT_SYMBOL(set_fs);
17051+#endif
17052diff -urNp linux-2.6.38.2/arch/x86/lib/usercopy_64.c linux-2.6.38.2/arch/x86/lib/usercopy_64.c
17053--- linux-2.6.38.2/arch/x86/lib/usercopy_64.c 2011-03-14 21:20:32.000000000 -0400
17054+++ linux-2.6.38.2/arch/x86/lib/usercopy_64.c 2011-03-21 18:31:35.000000000 -0400
17055@@ -42,6 +42,8 @@ long
17056 __strncpy_from_user(char *dst, const char __user *src, long count)
17057 {
17058 long res;
17059+ if ((unsigned long)src < PAX_USER_SHADOW_BASE)
17060+ src += PAX_USER_SHADOW_BASE;
17061 __do_strncpy_from_user(dst, src, count, res);
17062 return res;
17063 }
17064@@ -65,6 +67,8 @@ unsigned long __clear_user(void __user *
17065 {
17066 long __d0;
17067 might_fault();
17068+ if ((unsigned long)addr < PAX_USER_SHADOW_BASE)
17069+ addr += PAX_USER_SHADOW_BASE;
17070 /* no memory constraint because it doesn't change any memory gcc knows
17071 about */
17072 asm volatile(
17073@@ -151,10 +155,14 @@ EXPORT_SYMBOL(strlen_user);
17074
17075 unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len)
17076 {
17077- if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
17078+ if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
17079+ if ((unsigned long)to < PAX_USER_SHADOW_BASE)
17080+ to += PAX_USER_SHADOW_BASE;
17081+ if ((unsigned long)from < PAX_USER_SHADOW_BASE)
17082+ from += PAX_USER_SHADOW_BASE;
17083 return copy_user_generic((__force void *)to, (__force void *)from, len);
17084- }
17085- return len;
17086+ }
17087+ return len;
17088 }
17089 EXPORT_SYMBOL(copy_in_user);
17090
17091diff -urNp linux-2.6.38.2/arch/x86/Makefile linux-2.6.38.2/arch/x86/Makefile
17092--- linux-2.6.38.2/arch/x86/Makefile 2011-03-14 21:20:32.000000000 -0400
17093+++ linux-2.6.38.2/arch/x86/Makefile 2011-03-21 18:31:35.000000000 -0400
17094@@ -195,3 +195,12 @@ define archhelp
17095 echo ' FDARGS="..." arguments for the booted kernel'
17096 echo ' FDINITRD=file initrd for the booted kernel'
17097 endef
17098+
17099+define OLD_LD
17100+
17101+*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
17102+*** Please upgrade your binutils to 2.18 or newer
17103+endef
17104+
17105+archprepare:
17106+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
17107diff -urNp linux-2.6.38.2/arch/x86/mm/extable.c linux-2.6.38.2/arch/x86/mm/extable.c
17108--- linux-2.6.38.2/arch/x86/mm/extable.c 2011-03-14 21:20:32.000000000 -0400
17109+++ linux-2.6.38.2/arch/x86/mm/extable.c 2011-03-21 18:31:35.000000000 -0400
17110@@ -1,14 +1,71 @@
17111 #include <linux/module.h>
17112 #include <linux/spinlock.h>
17113+#include <linux/sort.h>
17114 #include <asm/uaccess.h>
17115+#include <asm/pgtable.h>
17116
17117+/*
17118+ * The exception table needs to be sorted so that the binary
17119+ * search that we use to find entries in it works properly.
17120+ * This is used both for the kernel exception table and for
17121+ * the exception tables of modules that get loaded.
17122+ */
17123+static int cmp_ex(const void *a, const void *b)
17124+{
17125+ const struct exception_table_entry *x = a, *y = b;
17126+
17127+ /* avoid overflow */
17128+ if (x->insn > y->insn)
17129+ return 1;
17130+ if (x->insn < y->insn)
17131+ return -1;
17132+ return 0;
17133+}
17134+
17135+static void swap_ex(void *a, void *b, int size)
17136+{
17137+ struct exception_table_entry t, *x = a, *y = b;
17138+
17139+ t = *x;
17140+
17141+ pax_open_kernel();
17142+ *x = *y;
17143+ *y = t;
17144+ pax_close_kernel();
17145+}
17146+
17147+void sort_extable(struct exception_table_entry *start,
17148+ struct exception_table_entry *finish)
17149+{
17150+ sort(start, finish - start, sizeof(struct exception_table_entry),
17151+ cmp_ex, swap_ex);
17152+}
17153+
17154+#ifdef CONFIG_MODULES
17155+/*
17156+ * If the exception table is sorted, any referring to the module init
17157+ * will be at the beginning or the end.
17158+ */
17159+void trim_init_extable(struct module *m)
17160+{
17161+ /*trim the beginning*/
17162+ while (m->num_exentries && within_module_init(m->extable[0].insn, m)) {
17163+ m->extable++;
17164+ m->num_exentries--;
17165+ }
17166+ /*trim the end*/
17167+ while (m->num_exentries &&
17168+ within_module_init(m->extable[m->num_exentries-1].insn, m))
17169+ m->num_exentries--;
17170+}
17171+#endif /* CONFIG_MODULES */
17172
17173 int fixup_exception(struct pt_regs *regs)
17174 {
17175 const struct exception_table_entry *fixup;
17176
17177 #ifdef CONFIG_PNPBIOS
17178- if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
17179+ if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) {
17180 extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
17181 extern u32 pnp_bios_is_utter_crap;
17182 pnp_bios_is_utter_crap = 1;
17183diff -urNp linux-2.6.38.2/arch/x86/mm/fault.c linux-2.6.38.2/arch/x86/mm/fault.c
17184--- linux-2.6.38.2/arch/x86/mm/fault.c 2011-03-14 21:20:32.000000000 -0400
17185+++ linux-2.6.38.2/arch/x86/mm/fault.c 2011-03-21 23:48:53.000000000 -0400
17186@@ -12,10 +12,18 @@
17187 #include <linux/mmiotrace.h> /* kmmio_handler, ... */
17188 #include <linux/perf_event.h> /* perf_sw_event */
17189 #include <linux/hugetlb.h> /* hstate_index_to_shift */
17190+#include <linux/unistd.h>
17191+#include <linux/compiler.h>
17192
17193 #include <asm/traps.h> /* dotraplinkage, ... */
17194 #include <asm/pgalloc.h> /* pgd_*(), ... */
17195 #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */
17196+#include <asm/vsyscall.h>
17197+#include <asm/tlbflush.h>
17198+
17199+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
17200+#include <asm/stacktrace.h>
17201+#endif
17202
17203 /*
17204 * Page fault error code bits:
17205@@ -53,7 +61,7 @@ static inline int __kprobes notify_page_
17206 int ret = 0;
17207
17208 /* kprobe_running() needs smp_processor_id() */
17209- if (kprobes_built_in() && !user_mode_vm(regs)) {
17210+ if (kprobes_built_in() && !user_mode(regs)) {
17211 preempt_disable();
17212 if (kprobe_running() && kprobe_fault_handler(regs, 14))
17213 ret = 1;
17214@@ -114,7 +122,10 @@ check_prefetch_opcode(struct pt_regs *re
17215 return !instr_lo || (instr_lo>>1) == 1;
17216 case 0x00:
17217 /* Prefetch instruction is 0x0F0D or 0x0F18 */
17218- if (probe_kernel_address(instr, opcode))
17219+ if (user_mode(regs)) {
17220+ if (__copy_from_user_inatomic(&opcode, (__force unsigned char __user *)(instr), 1))
17221+ return 0;
17222+ } else if (probe_kernel_address(instr, opcode))
17223 return 0;
17224
17225 *prefetch = (instr_lo == 0xF) &&
17226@@ -148,7 +159,10 @@ is_prefetch(struct pt_regs *regs, unsign
17227 while (instr < max_instr) {
17228 unsigned char opcode;
17229
17230- if (probe_kernel_address(instr, opcode))
17231+ if (user_mode(regs)) {
17232+ if (__copy_from_user_inatomic(&opcode, (__force unsigned char __user *)(instr), 1))
17233+ break;
17234+ } else if (probe_kernel_address(instr, opcode))
17235 break;
17236
17237 instr++;
17238@@ -179,6 +193,30 @@ force_sig_info_fault(int si_signo, int s
17239 force_sig_info(si_signo, &info, tsk);
17240 }
17241
17242+#ifdef CONFIG_PAX_EMUTRAMP
17243+static int pax_handle_fetch_fault(struct pt_regs *regs);
17244+#endif
17245+
17246+#ifdef CONFIG_PAX_PAGEEXEC
17247+static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address)
17248+{
17249+ pgd_t *pgd;
17250+ pud_t *pud;
17251+ pmd_t *pmd;
17252+
17253+ pgd = pgd_offset(mm, address);
17254+ if (!pgd_present(*pgd))
17255+ return NULL;
17256+ pud = pud_offset(pgd, address);
17257+ if (!pud_present(*pud))
17258+ return NULL;
17259+ pmd = pmd_offset(pud, address);
17260+ if (!pmd_present(*pmd))
17261+ return NULL;
17262+ return pmd;
17263+}
17264+#endif
17265+
17266 DEFINE_SPINLOCK(pgd_lock);
17267 LIST_HEAD(pgd_list);
17268
17269@@ -229,10 +267,22 @@ void vmalloc_sync_all(void)
17270 for (address = VMALLOC_START & PMD_MASK;
17271 address >= TASK_SIZE && address < FIXADDR_TOP;
17272 address += PMD_SIZE) {
17273+
17274+#ifdef CONFIG_PAX_PER_CPU_PGD
17275+ unsigned long cpu;
17276+#else
17277 struct page *page;
17278+#endif
17279
17280 spin_lock(&pgd_lock);
17281+
17282+#ifdef CONFIG_PAX_PER_CPU_PGD
17283+ for (cpu = 0; cpu < NR_CPUS; ++cpu) {
17284+ pgd_t *pgd = get_cpu_pgd(cpu);
17285+ pmd_t *ret;
17286+#else
17287 list_for_each_entry(page, &pgd_list, lru) {
17288+ pgd_t *pgd = page_address(page);
17289 spinlock_t *pgt_lock;
17290 pmd_t *ret;
17291
17292@@ -240,8 +290,13 @@ void vmalloc_sync_all(void)
17293 pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
17294
17295 spin_lock(pgt_lock);
17296- ret = vmalloc_sync_one(page_address(page), address);
17297+#endif
17298+
17299+ ret = vmalloc_sync_one(pgd, address);
17300+
17301+#ifndef CONFIG_PAX_PER_CPU_PGD
17302 spin_unlock(pgt_lock);
17303+#endif
17304
17305 if (!ret)
17306 break;
17307@@ -275,6 +330,11 @@ static noinline __kprobes int vmalloc_fa
17308 * an interrupt in the middle of a task switch..
17309 */
17310 pgd_paddr = read_cr3();
17311+
17312+#ifdef CONFIG_PAX_PER_CPU_PGD
17313+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK));
17314+#endif
17315+
17316 pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
17317 if (!pmd_k)
17318 return -1;
17319@@ -370,7 +430,14 @@ static noinline __kprobes int vmalloc_fa
17320 * happen within a race in page table update. In the later
17321 * case just flush:
17322 */
17323+
17324+#ifdef CONFIG_PAX_PER_CPU_PGD
17325+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK));
17326+ pgd = pgd_offset_cpu(smp_processor_id(), address);
17327+#else
17328 pgd = pgd_offset(current->active_mm, address);
17329+#endif
17330+
17331 pgd_ref = pgd_offset_k(address);
17332 if (pgd_none(*pgd_ref))
17333 return -1;
17334@@ -532,7 +599,7 @@ static int is_errata93(struct pt_regs *r
17335 static int is_errata100(struct pt_regs *regs, unsigned long address)
17336 {
17337 #ifdef CONFIG_X86_64
17338- if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32))
17339+ if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) && (address >> 32))
17340 return 1;
17341 #endif
17342 return 0;
17343@@ -559,7 +626,7 @@ static int is_f00f_bug(struct pt_regs *r
17344 }
17345
17346 static const char nx_warning[] = KERN_CRIT
17347-"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n";
17348+"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n";
17349
17350 static void
17351 show_fault_oops(struct pt_regs *regs, unsigned long error_code,
17352@@ -568,15 +635,26 @@ show_fault_oops(struct pt_regs *regs, un
17353 if (!oops_may_print())
17354 return;
17355
17356- if (error_code & PF_INSTR) {
17357+ if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR)) {
17358 unsigned int level;
17359
17360 pte_t *pte = lookup_address(address, &level);
17361
17362 if (pte && pte_present(*pte) && !pte_exec(*pte))
17363- printk(nx_warning, current_uid());
17364+ printk(nx_warning, current_uid(), current->comm, task_pid_nr(current));
17365 }
17366
17367+#ifdef CONFIG_PAX_KERNEXEC
17368+ if (init_mm.start_code <= address && address < init_mm.end_code) {
17369+ if (current->signal->curr_ip)
17370+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
17371+ &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
17372+ else
17373+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
17374+ current->comm, task_pid_nr(current), current_uid(), current_euid());
17375+ }
17376+#endif
17377+
17378 printk(KERN_ALERT "BUG: unable to handle kernel ");
17379 if (address < PAGE_SIZE)
17380 printk(KERN_CONT "NULL pointer dereference");
17381@@ -701,6 +779,68 @@ __bad_area_nosemaphore(struct pt_regs *r
17382 unsigned long address, int si_code)
17383 {
17384 struct task_struct *tsk = current;
17385+ struct mm_struct *mm = tsk->mm;
17386+
17387+#ifdef CONFIG_X86_64
17388+ if (mm && (error_code & PF_INSTR) && mm->context.vdso) {
17389+ if (regs->ip == (unsigned long)vgettimeofday) {
17390+ regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_gettimeofday);
17391+ return;
17392+ } else if (regs->ip == (unsigned long)vtime) {
17393+ regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_time);
17394+ return;
17395+ } else if (regs->ip == (unsigned long)vgetcpu) {
17396+ regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, getcpu);
17397+ return;
17398+ }
17399+ }
17400+#endif
17401+
17402+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
17403+ if (mm && (error_code & PF_USER)) {
17404+ unsigned long ip = regs->ip;
17405+
17406+ if (v8086_mode(regs))
17407+ ip = ((regs->cs & 0xffff) << 4) + (ip & 0xffff);
17408+
17409+ /*
17410+ * It's possible to have interrupts off here:
17411+ */
17412+ local_irq_enable();
17413+
17414+#ifdef CONFIG_PAX_PAGEEXEC
17415+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) &&
17416+ (((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR)) || (!(error_code & (PF_PROT | PF_WRITE)) && ip == address))) {
17417+
17418+#ifdef CONFIG_PAX_EMUTRAMP
17419+ switch (pax_handle_fetch_fault(regs)) {
17420+ case 2:
17421+ return;
17422+ }
17423+#endif
17424+
17425+ pax_report_fault(regs, (void *)ip, (void *)regs->sp);
17426+ do_group_exit(SIGKILL);
17427+ }
17428+#endif
17429+
17430+#ifdef CONFIG_PAX_SEGMEXEC
17431+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & (PF_PROT | PF_WRITE)) && (ip + SEGMEXEC_TASK_SIZE == address)) {
17432+
17433+#ifdef CONFIG_PAX_EMUTRAMP
17434+ switch (pax_handle_fetch_fault(regs)) {
17435+ case 2:
17436+ return;
17437+ }
17438+#endif
17439+
17440+ pax_report_fault(regs, (void *)ip, (void *)regs->sp);
17441+ do_group_exit(SIGKILL);
17442+ }
17443+#endif
17444+
17445+ }
17446+#endif
17447
17448 /* User mode accesses just cause a SIGSEGV */
17449 if (error_code & PF_USER) {
17450@@ -855,6 +995,99 @@ static int spurious_fault_check(unsigned
17451 return 1;
17452 }
17453
17454+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
17455+static int pax_handle_pageexec_fault(struct pt_regs *regs, struct mm_struct *mm, unsigned long address, unsigned long error_code)
17456+{
17457+ pte_t *pte;
17458+ pmd_t *pmd;
17459+ spinlock_t *ptl;
17460+ unsigned char pte_mask;
17461+
17462+ if ((__supported_pte_mask & _PAGE_NX) || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) ||
17463+ !(mm->pax_flags & MF_PAX_PAGEEXEC))
17464+ return 0;
17465+
17466+ /* PaX: it's our fault, let's handle it if we can */
17467+
17468+ /* PaX: take a look at read faults before acquiring any locks */
17469+ if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) {
17470+ /* instruction fetch attempt from a protected page in user mode */
17471+ up_read(&mm->mmap_sem);
17472+
17473+#ifdef CONFIG_PAX_EMUTRAMP
17474+ switch (pax_handle_fetch_fault(regs)) {
17475+ case 2:
17476+ return 1;
17477+ }
17478+#endif
17479+
17480+ pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
17481+ do_group_exit(SIGKILL);
17482+ }
17483+
17484+ pmd = pax_get_pmd(mm, address);
17485+ if (unlikely(!pmd))
17486+ return 0;
17487+
17488+ pte = pte_offset_map_lock(mm, pmd, address, &ptl);
17489+ if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) {
17490+ pte_unmap_unlock(pte, ptl);
17491+ return 0;
17492+ }
17493+
17494+ if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) {
17495+ /* write attempt to a protected page in user mode */
17496+ pte_unmap_unlock(pte, ptl);
17497+ return 0;
17498+ }
17499+
17500+#ifdef CONFIG_SMP
17501+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
17502+#else
17503+ if (likely(address > get_limit(regs->cs)))
17504+#endif
17505+ {
17506+ set_pte(pte, pte_mkread(*pte));
17507+ __flush_tlb_one(address);
17508+ pte_unmap_unlock(pte, ptl);
17509+ up_read(&mm->mmap_sem);
17510+ return 1;
17511+ }
17512+
17513+ pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1));
17514+
17515+ /*
17516+ * PaX: fill DTLB with user rights and retry
17517+ */
17518+ __asm__ __volatile__ (
17519+ "orb %2,(%1)\n"
17520+#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
17521+/*
17522+ * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
17523+ * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
17524+ * page fault when examined during a TLB load attempt. this is true not only
17525+ * for PTEs holding a non-present entry but also present entries that will
17526+ * raise a page fault (such as those set up by PaX, or the copy-on-write
17527+ * mechanism). in effect it means that we do *not* need to flush the TLBs
17528+ * for our target pages since their PTEs are simply not in the TLBs at all.
17529+
17530+ * the best thing in omitting it is that we gain around 15-20% speed in the
17531+ * fast path of the page fault handler and can get rid of tracing since we
17532+ * can no longer flush unintended entries.
17533+ */
17534+ "invlpg (%0)\n"
17535+#endif
17536+ __copyuser_seg"testb $0,(%0)\n"
17537+ "xorb %3,(%1)\n"
17538+ :
17539+ : "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER)
17540+ : "memory", "cc");
17541+ pte_unmap_unlock(pte, ptl);
17542+ up_read(&mm->mmap_sem);
17543+ return 1;
17544+}
17545+#endif
17546+
17547 /*
17548 * Handle a spurious fault caused by a stale TLB entry.
17549 *
17550@@ -927,6 +1160,9 @@ int show_unhandled_signals = 1;
17551 static inline int
17552 access_error(unsigned long error_code, struct vm_area_struct *vma)
17553 {
17554+ if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
17555+ return 1;
17556+
17557 if (error_code & PF_WRITE) {
17558 /* write, present and write, not present: */
17559 if (unlikely(!(vma->vm_flags & VM_WRITE)))
17560@@ -960,19 +1196,33 @@ do_page_fault(struct pt_regs *regs, unsi
17561 {
17562 struct vm_area_struct *vma;
17563 struct task_struct *tsk;
17564- unsigned long address;
17565 struct mm_struct *mm;
17566 int fault;
17567 int write = error_code & PF_WRITE;
17568 unsigned int flags = FAULT_FLAG_ALLOW_RETRY |
17569 (write ? FAULT_FLAG_WRITE : 0);
17570
17571+ /* Get the faulting address: */
17572+ unsigned long address = read_cr2();
17573+
17574+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
17575+ if (!user_mode(regs) && address < 2 * PAX_USER_SHADOW_BASE) {
17576+ if (!search_exception_tables(regs->ip)) {
17577+ bad_area_nosemaphore(regs, error_code, address);
17578+ return;
17579+ }
17580+ if (address < PAX_USER_SHADOW_BASE) {
17581+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
17582+ printk(KERN_ERR "PAX: faulting IP: %pA\n", (void *)regs->ip);
17583+ show_trace_log_lvl(NULL, NULL, (void *)regs->sp, KERN_ERR);
17584+ } else
17585+ address -= PAX_USER_SHADOW_BASE;
17586+ }
17587+#endif
17588+
17589 tsk = current;
17590 mm = tsk->mm;
17591
17592- /* Get the faulting address: */
17593- address = read_cr2();
17594-
17595 /*
17596 * Detect and handle instructions that would cause a page fault for
17597 * both a tracked kernel page and a userspace page.
17598@@ -1032,7 +1282,7 @@ do_page_fault(struct pt_regs *regs, unsi
17599 * User-mode registers count as a user access even for any
17600 * potential system fault or CPU buglet:
17601 */
17602- if (user_mode_vm(regs)) {
17603+ if (user_mode(regs)) {
17604 local_irq_enable();
17605 error_code |= PF_USER;
17606 } else {
17607@@ -1087,6 +1337,11 @@ retry:
17608 might_sleep();
17609 }
17610
17611+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
17612+ if (pax_handle_pageexec_fault(regs, mm, address, error_code))
17613+ return;
17614+#endif
17615+
17616 vma = find_vma(mm, address);
17617 if (unlikely(!vma)) {
17618 bad_area(regs, error_code, address);
17619@@ -1098,18 +1353,24 @@ retry:
17620 bad_area(regs, error_code, address);
17621 return;
17622 }
17623- if (error_code & PF_USER) {
17624- /*
17625- * Accessing the stack below %sp is always a bug.
17626- * The large cushion allows instructions like enter
17627- * and pusha to work. ("enter $65535, $31" pushes
17628- * 32 pointers and then decrements %sp by 65535.)
17629- */
17630- if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
17631- bad_area(regs, error_code, address);
17632- return;
17633- }
17634+ /*
17635+ * Accessing the stack below %sp is always a bug.
17636+ * The large cushion allows instructions like enter
17637+ * and pusha to work. ("enter $65535, $31" pushes
17638+ * 32 pointers and then decrements %sp by 65535.)
17639+ */
17640+ if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
17641+ bad_area(regs, error_code, address);
17642+ return;
17643 }
17644+
17645+#ifdef CONFIG_PAX_SEGMEXEC
17646+ if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
17647+ bad_area(regs, error_code, address);
17648+ return;
17649+ }
17650+#endif
17651+
17652 if (unlikely(expand_stack(vma, address))) {
17653 bad_area(regs, error_code, address);
17654 return;
17655@@ -1164,3 +1425,199 @@ good_area:
17656
17657 up_read(&mm->mmap_sem);
17658 }
17659+
17660+#ifdef CONFIG_PAX_EMUTRAMP
17661+static int pax_handle_fetch_fault_32(struct pt_regs *regs)
17662+{
17663+ int err;
17664+
17665+ do { /* PaX: gcc trampoline emulation #1 */
17666+ unsigned char mov1, mov2;
17667+ unsigned short jmp;
17668+ unsigned int addr1, addr2;
17669+
17670+#ifdef CONFIG_X86_64
17671+ if ((regs->ip + 11) >> 32)
17672+ break;
17673+#endif
17674+
17675+ err = get_user(mov1, (unsigned char __user *)regs->ip);
17676+ err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
17677+ err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5));
17678+ err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
17679+ err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10));
17680+
17681+ if (err)
17682+ break;
17683+
17684+ if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) {
17685+ regs->cx = addr1;
17686+ regs->ax = addr2;
17687+ regs->ip = addr2;
17688+ return 2;
17689+ }
17690+ } while (0);
17691+
17692+ do { /* PaX: gcc trampoline emulation #2 */
17693+ unsigned char mov, jmp;
17694+ unsigned int addr1, addr2;
17695+
17696+#ifdef CONFIG_X86_64
17697+ if ((regs->ip + 9) >> 32)
17698+ break;
17699+#endif
17700+
17701+ err = get_user(mov, (unsigned char __user *)regs->ip);
17702+ err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
17703+ err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
17704+ err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
17705+
17706+ if (err)
17707+ break;
17708+
17709+ if (mov == 0xB9 && jmp == 0xE9) {
17710+ regs->cx = addr1;
17711+ regs->ip = (unsigned int)(regs->ip + addr2 + 10);
17712+ return 2;
17713+ }
17714+ } while (0);
17715+
17716+ return 1; /* PaX in action */
17717+}
17718+
17719+#ifdef CONFIG_X86_64
17720+static int pax_handle_fetch_fault_64(struct pt_regs *regs)
17721+{
17722+ int err;
17723+
17724+ do { /* PaX: gcc trampoline emulation #1 */
17725+ unsigned short mov1, mov2, jmp1;
17726+ unsigned char jmp2;
17727+ unsigned int addr1;
17728+ unsigned long addr2;
17729+
17730+ err = get_user(mov1, (unsigned short __user *)regs->ip);
17731+ err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2));
17732+ err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6));
17733+ err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8));
17734+ err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16));
17735+ err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18));
17736+
17737+ if (err)
17738+ break;
17739+
17740+ if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
17741+ regs->r11 = addr1;
17742+ regs->r10 = addr2;
17743+ regs->ip = addr1;
17744+ return 2;
17745+ }
17746+ } while (0);
17747+
17748+ do { /* PaX: gcc trampoline emulation #2 */
17749+ unsigned short mov1, mov2, jmp1;
17750+ unsigned char jmp2;
17751+ unsigned long addr1, addr2;
17752+
17753+ err = get_user(mov1, (unsigned short __user *)regs->ip);
17754+ err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
17755+ err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
17756+ err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
17757+ err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20));
17758+ err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22));
17759+
17760+ if (err)
17761+ break;
17762+
17763+ if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
17764+ regs->r11 = addr1;
17765+ regs->r10 = addr2;
17766+ regs->ip = addr1;
17767+ return 2;
17768+ }
17769+ } while (0);
17770+
17771+ return 1; /* PaX in action */
17772+}
17773+#endif
17774+
17775+/*
17776+ * PaX: decide what to do with offenders (regs->ip = fault address)
17777+ *
17778+ * returns 1 when task should be killed
17779+ * 2 when gcc trampoline was detected
17780+ */
17781+static int pax_handle_fetch_fault(struct pt_regs *regs)
17782+{
17783+ if (v8086_mode(regs))
17784+ return 1;
17785+
17786+ if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
17787+ return 1;
17788+
17789+#ifdef CONFIG_X86_32
17790+ return pax_handle_fetch_fault_32(regs);
17791+#else
17792+ if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))
17793+ return pax_handle_fetch_fault_32(regs);
17794+ else
17795+ return pax_handle_fetch_fault_64(regs);
17796+#endif
17797+}
17798+#endif
17799+
17800+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
17801+void pax_report_insns(void *pc, void *sp)
17802+{
17803+ long i;
17804+
17805+ printk(KERN_ERR "PAX: bytes at PC: ");
17806+ for (i = 0; i < 20; i++) {
17807+ unsigned char c;
17808+ if (get_user(c, (__force unsigned char __user *)pc+i))
17809+ printk(KERN_CONT "?? ");
17810+ else
17811+ printk(KERN_CONT "%02x ", c);
17812+ }
17813+ printk("\n");
17814+
17815+ printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
17816+ for (i = -1; i < 80 / (long)sizeof(long); i++) {
17817+ unsigned long c;
17818+ if (get_user(c, (__force unsigned long __user *)sp+i))
17819+#ifdef CONFIG_X86_32
17820+ printk(KERN_CONT "???????? ");
17821+#else
17822+ printk(KERN_CONT "???????????????? ");
17823+#endif
17824+ else
17825+ printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c);
17826+ }
17827+ printk("\n");
17828+}
17829+#endif
17830+
17831+/**
17832+ * probe_kernel_write(): safely attempt to write to a location
17833+ * @dst: address to write to
17834+ * @src: pointer to the data that shall be written
17835+ * @size: size of the data chunk
17836+ *
17837+ * Safely write to address @dst from the buffer at @src. If a kernel fault
17838+ * happens, handle that and return -EFAULT.
17839+ */
17840+long notrace probe_kernel_write(void *dst, const void *src, size_t size)
17841+{
17842+ long ret;
17843+ mm_segment_t old_fs = get_fs();
17844+
17845+ set_fs(KERNEL_DS);
17846+ pagefault_disable();
17847+ pax_open_kernel();
17848+ ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
17849+ pax_close_kernel();
17850+ pagefault_enable();
17851+ set_fs(old_fs);
17852+
17853+ return ret ? -EFAULT : 0;
17854+}
17855diff -urNp linux-2.6.38.2/arch/x86/mm/gup.c linux-2.6.38.2/arch/x86/mm/gup.c
17856--- linux-2.6.38.2/arch/x86/mm/gup.c 2011-03-14 21:20:32.000000000 -0400
17857+++ linux-2.6.38.2/arch/x86/mm/gup.c 2011-03-21 18:31:35.000000000 -0400
17858@@ -263,7 +263,7 @@ int __get_user_pages_fast(unsigned long
17859 addr = start;
17860 len = (unsigned long) nr_pages << PAGE_SHIFT;
17861 end = start + len;
17862- if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
17863+ if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
17864 (void __user *)start, len)))
17865 return 0;
17866
17867diff -urNp linux-2.6.38.2/arch/x86/mm/highmem_32.c linux-2.6.38.2/arch/x86/mm/highmem_32.c
17868--- linux-2.6.38.2/arch/x86/mm/highmem_32.c 2011-03-14 21:20:32.000000000 -0400
17869+++ linux-2.6.38.2/arch/x86/mm/highmem_32.c 2011-03-21 18:31:35.000000000 -0400
17870@@ -44,7 +44,10 @@ void *kmap_atomic_prot(struct page *page
17871 idx = type + KM_TYPE_NR*smp_processor_id();
17872 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
17873 BUG_ON(!pte_none(*(kmap_pte-idx)));
17874+
17875+ pax_open_kernel();
17876 set_pte(kmap_pte-idx, mk_pte(page, prot));
17877+ pax_close_kernel();
17878
17879 return (void *)vaddr;
17880 }
17881diff -urNp linux-2.6.38.2/arch/x86/mm/hugetlbpage.c linux-2.6.38.2/arch/x86/mm/hugetlbpage.c
17882--- linux-2.6.38.2/arch/x86/mm/hugetlbpage.c 2011-03-14 21:20:32.000000000 -0400
17883+++ linux-2.6.38.2/arch/x86/mm/hugetlbpage.c 2011-03-21 23:47:41.000000000 -0400
17884@@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmappe
17885 struct hstate *h = hstate_file(file);
17886 struct mm_struct *mm = current->mm;
17887 struct vm_area_struct *vma;
17888- unsigned long start_addr;
17889+ unsigned long start_addr, pax_task_size = TASK_SIZE;
17890+
17891+#ifdef CONFIG_PAX_SEGMEXEC
17892+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
17893+ pax_task_size = SEGMEXEC_TASK_SIZE;
17894+#endif
17895+
17896+ pax_task_size -= PAGE_SIZE;
17897
17898 if (len > mm->cached_hole_size) {
17899- start_addr = mm->free_area_cache;
17900+ start_addr = mm->free_area_cache;
17901 } else {
17902- start_addr = TASK_UNMAPPED_BASE;
17903- mm->cached_hole_size = 0;
17904+ start_addr = mm->mmap_base;
17905+ mm->cached_hole_size = 0;
17906 }
17907
17908 full_search:
17909@@ -280,26 +287,27 @@ full_search:
17910
17911 for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
17912 /* At this point: (!vma || addr < vma->vm_end). */
17913- if (TASK_SIZE - len < addr) {
17914+ if (pax_task_size - len < addr) {
17915 /*
17916 * Start a new search - just in case we missed
17917 * some holes.
17918 */
17919- if (start_addr != TASK_UNMAPPED_BASE) {
17920- start_addr = TASK_UNMAPPED_BASE;
17921+ if (start_addr != mm->mmap_base) {
17922+ start_addr = mm->mmap_base;
17923 mm->cached_hole_size = 0;
17924 goto full_search;
17925 }
17926 return -ENOMEM;
17927 }
17928- if (!vma || addr + len <= vma->vm_start) {
17929- mm->free_area_cache = addr + len;
17930- return addr;
17931- }
17932+ if (check_heap_stack_gap(vma, addr, len))
17933+ break;
17934 if (addr + mm->cached_hole_size < vma->vm_start)
17935 mm->cached_hole_size = vma->vm_start - addr;
17936 addr = ALIGN(vma->vm_end, huge_page_size(h));
17937 }
17938+
17939+ mm->free_area_cache = addr + len;
17940+ return addr;
17941 }
17942
17943 static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
17944@@ -308,10 +316,9 @@ static unsigned long hugetlb_get_unmappe
17945 {
17946 struct hstate *h = hstate_file(file);
17947 struct mm_struct *mm = current->mm;
17948- struct vm_area_struct *vma, *prev_vma;
17949- unsigned long base = mm->mmap_base, addr = addr0;
17950+ struct vm_area_struct *vma;
17951+ unsigned long base = mm->mmap_base, addr;
17952 unsigned long largest_hole = mm->cached_hole_size;
17953- int first_time = 1;
17954
17955 /* don't allow allocations above current base */
17956 if (mm->free_area_cache > base)
17957@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmappe
17958 largest_hole = 0;
17959 mm->free_area_cache = base;
17960 }
17961-try_again:
17962+
17963 /* make sure it can fit in the remaining address space */
17964 if (mm->free_area_cache < len)
17965 goto fail;
17966
17967 /* either no address requested or cant fit in requested address hole */
17968- addr = (mm->free_area_cache - len) & huge_page_mask(h);
17969+ addr = (mm->free_area_cache - len);
17970 do {
17971+ addr &= huge_page_mask(h);
17972+ vma = find_vma(mm, addr);
17973 /*
17974 * Lookup failure means no vma is above this address,
17975 * i.e. return with success:
17976- */
17977- if (!(vma = find_vma_prev(mm, addr, &prev_vma)))
17978- return addr;
17979-
17980- /*
17981 * new region fits between prev_vma->vm_end and
17982 * vma->vm_start, use it:
17983 */
17984- if (addr + len <= vma->vm_start &&
17985- (!prev_vma || (addr >= prev_vma->vm_end))) {
17986+ if (check_heap_stack_gap(vma, addr, len)) {
17987 /* remember the address as a hint for next time */
17988- mm->cached_hole_size = largest_hole;
17989- return (mm->free_area_cache = addr);
17990- } else {
17991- /* pull free_area_cache down to the first hole */
17992- if (mm->free_area_cache == vma->vm_end) {
17993- mm->free_area_cache = vma->vm_start;
17994- mm->cached_hole_size = largest_hole;
17995- }
17996+ mm->cached_hole_size = largest_hole;
17997+ return (mm->free_area_cache = addr);
17998+ }
17999+ /* pull free_area_cache down to the first hole */
18000+ if (mm->free_area_cache == vma->vm_end) {
18001+ mm->free_area_cache = vma->vm_start;
18002+ mm->cached_hole_size = largest_hole;
18003 }
18004
18005 /* remember the largest hole we saw so far */
18006 if (addr + largest_hole < vma->vm_start)
18007- largest_hole = vma->vm_start - addr;
18008+ largest_hole = vma->vm_start - addr;
18009
18010 /* try just below the current vma->vm_start */
18011- addr = (vma->vm_start - len) & huge_page_mask(h);
18012- } while (len <= vma->vm_start);
18013+ addr = skip_heap_stack_gap(vma, len);
18014+ } while (!IS_ERR_VALUE(addr));
18015
18016 fail:
18017 /*
18018- * if hint left us with no space for the requested
18019- * mapping then try again:
18020- */
18021- if (first_time) {
18022- mm->free_area_cache = base;
18023- largest_hole = 0;
18024- first_time = 0;
18025- goto try_again;
18026- }
18027- /*
18028 * A failed mmap() very likely causes application failure,
18029 * so fall back to the bottom-up function here. This scenario
18030 * can happen with large stack limits and large mmap()
18031 * allocations.
18032 */
18033- mm->free_area_cache = TASK_UNMAPPED_BASE;
18034+
18035+#ifdef CONFIG_PAX_SEGMEXEC
18036+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
18037+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
18038+ else
18039+#endif
18040+
18041+ mm->mmap_base = TASK_UNMAPPED_BASE;
18042+
18043+#ifdef CONFIG_PAX_RANDMMAP
18044+ if (mm->pax_flags & MF_PAX_RANDMMAP)
18045+ mm->mmap_base += mm->delta_mmap;
18046+#endif
18047+
18048+ mm->free_area_cache = mm->mmap_base;
18049 mm->cached_hole_size = ~0UL;
18050 addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
18051 len, pgoff, flags);
18052@@ -386,6 +392,7 @@ fail:
18053 /*
18054 * Restore the topdown base:
18055 */
18056+ mm->mmap_base = base;
18057 mm->free_area_cache = base;
18058 mm->cached_hole_size = ~0UL;
18059
18060@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *f
18061 struct hstate *h = hstate_file(file);
18062 struct mm_struct *mm = current->mm;
18063 struct vm_area_struct *vma;
18064+ unsigned long pax_task_size = TASK_SIZE;
18065
18066 if (len & ~huge_page_mask(h))
18067 return -EINVAL;
18068- if (len > TASK_SIZE)
18069+
18070+#ifdef CONFIG_PAX_SEGMEXEC
18071+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
18072+ pax_task_size = SEGMEXEC_TASK_SIZE;
18073+#endif
18074+
18075+ pax_task_size -= PAGE_SIZE;
18076+
18077+ if (len > pax_task_size)
18078 return -ENOMEM;
18079
18080 if (flags & MAP_FIXED) {
18081@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *f
18082 if (addr) {
18083 addr = ALIGN(addr, huge_page_size(h));
18084 vma = find_vma(mm, addr);
18085- if (TASK_SIZE - len >= addr &&
18086- (!vma || addr + len <= vma->vm_start))
18087+ if (pax_task_size - len >= addr && check_heap_stack_gap(vma, addr, len))
18088 return addr;
18089 }
18090 if (mm->get_unmapped_area == arch_get_unmapped_area)
18091diff -urNp linux-2.6.38.2/arch/x86/mm/init_32.c linux-2.6.38.2/arch/x86/mm/init_32.c
18092--- linux-2.6.38.2/arch/x86/mm/init_32.c 2011-03-14 21:20:32.000000000 -0400
18093+++ linux-2.6.38.2/arch/x86/mm/init_32.c 2011-03-21 18:31:35.000000000 -0400
18094@@ -74,36 +74,6 @@ static __init void *alloc_low_page(void)
18095 }
18096
18097 /*
18098- * Creates a middle page table and puts a pointer to it in the
18099- * given global directory entry. This only returns the gd entry
18100- * in non-PAE compilation mode, since the middle layer is folded.
18101- */
18102-static pmd_t * __init one_md_table_init(pgd_t *pgd)
18103-{
18104- pud_t *pud;
18105- pmd_t *pmd_table;
18106-
18107-#ifdef CONFIG_X86_PAE
18108- if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
18109- if (after_bootmem)
18110- pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE);
18111- else
18112- pmd_table = (pmd_t *)alloc_low_page();
18113- paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
18114- set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
18115- pud = pud_offset(pgd, 0);
18116- BUG_ON(pmd_table != pmd_offset(pud, 0));
18117-
18118- return pmd_table;
18119- }
18120-#endif
18121- pud = pud_offset(pgd, 0);
18122- pmd_table = pmd_offset(pud, 0);
18123-
18124- return pmd_table;
18125-}
18126-
18127-/*
18128 * Create a page table and place a pointer to it in a middle page
18129 * directory entry:
18130 */
18131@@ -123,13 +93,28 @@ static pte_t * __init one_page_table_ini
18132 page_table = (pte_t *)alloc_low_page();
18133
18134 paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
18135+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
18136+ set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE));
18137+#else
18138 set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE));
18139+#endif
18140 BUG_ON(page_table != pte_offset_kernel(pmd, 0));
18141 }
18142
18143 return pte_offset_kernel(pmd, 0);
18144 }
18145
18146+static pmd_t * __init one_md_table_init(pgd_t *pgd)
18147+{
18148+ pud_t *pud;
18149+ pmd_t *pmd_table;
18150+
18151+ pud = pud_offset(pgd, 0);
18152+ pmd_table = pmd_offset(pud, 0);
18153+
18154+ return pmd_table;
18155+}
18156+
18157 pmd_t * __init populate_extra_pmd(unsigned long vaddr)
18158 {
18159 int pgd_idx = pgd_index(vaddr);
18160@@ -203,6 +188,7 @@ page_table_range_init(unsigned long star
18161 int pgd_idx, pmd_idx;
18162 unsigned long vaddr;
18163 pgd_t *pgd;
18164+ pud_t *pud;
18165 pmd_t *pmd;
18166 pte_t *pte = NULL;
18167
18168@@ -212,8 +198,13 @@ page_table_range_init(unsigned long star
18169 pgd = pgd_base + pgd_idx;
18170
18171 for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
18172- pmd = one_md_table_init(pgd);
18173- pmd = pmd + pmd_index(vaddr);
18174+ pud = pud_offset(pgd, vaddr);
18175+ pmd = pmd_offset(pud, vaddr);
18176+
18177+#ifdef CONFIG_X86_PAE
18178+ paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
18179+#endif
18180+
18181 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
18182 pmd++, pmd_idx++) {
18183 pte = page_table_kmap_check(one_page_table_init(pmd),
18184@@ -225,11 +216,20 @@ page_table_range_init(unsigned long star
18185 }
18186 }
18187
18188-static inline int is_kernel_text(unsigned long addr)
18189+static inline int is_kernel_text(unsigned long start, unsigned long end)
18190 {
18191- if (addr >= (unsigned long)_text && addr <= (unsigned long)__init_end)
18192- return 1;
18193- return 0;
18194+ if ((start > ktla_ktva((unsigned long)_etext) ||
18195+ end <= ktla_ktva((unsigned long)_stext)) &&
18196+ (start > ktla_ktva((unsigned long)_einittext) ||
18197+ end <= ktla_ktva((unsigned long)_sinittext)) &&
18198+
18199+#ifdef CONFIG_ACPI_SLEEP
18200+ (start > (unsigned long)__va(acpi_wakeup_address) + 0x4000 || end <= (unsigned long)__va(acpi_wakeup_address)) &&
18201+#endif
18202+
18203+ (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000)))
18204+ return 0;
18205+ return 1;
18206 }
18207
18208 /*
18209@@ -246,9 +246,10 @@ kernel_physical_mapping_init(unsigned lo
18210 unsigned long last_map_addr = end;
18211 unsigned long start_pfn, end_pfn;
18212 pgd_t *pgd_base = swapper_pg_dir;
18213- int pgd_idx, pmd_idx, pte_ofs;
18214+ unsigned int pgd_idx, pmd_idx, pte_ofs;
18215 unsigned long pfn;
18216 pgd_t *pgd;
18217+ pud_t *pud;
18218 pmd_t *pmd;
18219 pte_t *pte;
18220 unsigned pages_2m, pages_4k;
18221@@ -281,8 +282,13 @@ repeat:
18222 pfn = start_pfn;
18223 pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
18224 pgd = pgd_base + pgd_idx;
18225- for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) {
18226- pmd = one_md_table_init(pgd);
18227+ for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) {
18228+ pud = pud_offset(pgd, 0);
18229+ pmd = pmd_offset(pud, 0);
18230+
18231+#ifdef CONFIG_X86_PAE
18232+ paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
18233+#endif
18234
18235 if (pfn >= end_pfn)
18236 continue;
18237@@ -294,14 +300,13 @@ repeat:
18238 #endif
18239 for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
18240 pmd++, pmd_idx++) {
18241- unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET;
18242+ unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET;
18243
18244 /*
18245 * Map with big pages if possible, otherwise
18246 * create normal page tables:
18247 */
18248 if (use_pse) {
18249- unsigned int addr2;
18250 pgprot_t prot = PAGE_KERNEL_LARGE;
18251 /*
18252 * first pass will use the same initial
18253@@ -311,11 +316,7 @@ repeat:
18254 __pgprot(PTE_IDENT_ATTR |
18255 _PAGE_PSE);
18256
18257- addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
18258- PAGE_OFFSET + PAGE_SIZE-1;
18259-
18260- if (is_kernel_text(addr) ||
18261- is_kernel_text(addr2))
18262+ if (is_kernel_text(address, address + PMD_SIZE))
18263 prot = PAGE_KERNEL_LARGE_EXEC;
18264
18265 pages_2m++;
18266@@ -332,7 +333,7 @@ repeat:
18267 pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
18268 pte += pte_ofs;
18269 for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
18270- pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
18271+ pte++, pfn++, pte_ofs++, address += PAGE_SIZE) {
18272 pgprot_t prot = PAGE_KERNEL;
18273 /*
18274 * first pass will use the same initial
18275@@ -340,7 +341,7 @@ repeat:
18276 */
18277 pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
18278
18279- if (is_kernel_text(addr))
18280+ if (is_kernel_text(address, address + PAGE_SIZE))
18281 prot = PAGE_KERNEL_EXEC;
18282
18283 pages_4k++;
18284@@ -472,7 +473,7 @@ void __init native_pagetable_setup_start
18285
18286 pud = pud_offset(pgd, va);
18287 pmd = pmd_offset(pud, va);
18288- if (!pmd_present(*pmd))
18289+ if (!pmd_present(*pmd) || pmd_huge(*pmd))
18290 break;
18291
18292 pte = pte_offset_kernel(pmd, va);
18293@@ -524,12 +525,10 @@ void __init early_ioremap_page_table_ran
18294
18295 static void __init pagetable_init(void)
18296 {
18297- pgd_t *pgd_base = swapper_pg_dir;
18298-
18299- permanent_kmaps_init(pgd_base);
18300+ permanent_kmaps_init(swapper_pg_dir);
18301 }
18302
18303-pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
18304+pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
18305 EXPORT_SYMBOL_GPL(__supported_pte_mask);
18306
18307 /* user-defined highmem size */
18308@@ -755,6 +754,12 @@ void __init mem_init(void)
18309
18310 pci_iommu_alloc();
18311
18312+#ifdef CONFIG_PAX_PER_CPU_PGD
18313+ clone_pgd_range(get_cpu_pgd(0) + KERNEL_PGD_BOUNDARY,
18314+ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
18315+ KERNEL_PGD_PTRS);
18316+#endif
18317+
18318 #ifdef CONFIG_FLATMEM
18319 BUG_ON(!mem_map);
18320 #endif
18321@@ -772,7 +777,7 @@ void __init mem_init(void)
18322 set_highmem_pages_init();
18323
18324 codesize = (unsigned long) &_etext - (unsigned long) &_text;
18325- datasize = (unsigned long) &_edata - (unsigned long) &_etext;
18326+ datasize = (unsigned long) &_edata - (unsigned long) &_sdata;
18327 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
18328
18329 printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
18330@@ -813,10 +818,10 @@ void __init mem_init(void)
18331 ((unsigned long)&__init_end -
18332 (unsigned long)&__init_begin) >> 10,
18333
18334- (unsigned long)&_etext, (unsigned long)&_edata,
18335- ((unsigned long)&_edata - (unsigned long)&_etext) >> 10,
18336+ (unsigned long)&_sdata, (unsigned long)&_edata,
18337+ ((unsigned long)&_edata - (unsigned long)&_sdata) >> 10,
18338
18339- (unsigned long)&_text, (unsigned long)&_etext,
18340+ ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext),
18341 ((unsigned long)&_etext - (unsigned long)&_text) >> 10);
18342
18343 /*
18344@@ -894,6 +899,7 @@ void set_kernel_text_rw(void)
18345 if (!kernel_set_to_readonly)
18346 return;
18347
18348+ start = ktla_ktva(start);
18349 pr_debug("Set kernel text: %lx - %lx for read write\n",
18350 start, start+size);
18351
18352@@ -908,6 +914,7 @@ void set_kernel_text_ro(void)
18353 if (!kernel_set_to_readonly)
18354 return;
18355
18356+ start = ktla_ktva(start);
18357 pr_debug("Set kernel text: %lx - %lx for read only\n",
18358 start, start+size);
18359
18360@@ -936,6 +943,7 @@ void mark_rodata_ro(void)
18361 unsigned long start = PFN_ALIGN(_text);
18362 unsigned long size = PFN_ALIGN(_etext) - start;
18363
18364+ start = ktla_ktva(start);
18365 set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
18366 printk(KERN_INFO "Write protecting the kernel text: %luk\n",
18367 size >> 10);
18368diff -urNp linux-2.6.38.2/arch/x86/mm/init_64.c linux-2.6.38.2/arch/x86/mm/init_64.c
18369--- linux-2.6.38.2/arch/x86/mm/init_64.c 2011-03-28 17:42:40.000000000 -0400
18370+++ linux-2.6.38.2/arch/x86/mm/init_64.c 2011-03-28 17:42:53.000000000 -0400
18371@@ -73,7 +73,7 @@ early_param("gbpages", parse_direct_gbpa
18372 * around without checking the pgd every time.
18373 */
18374
18375-pteval_t __supported_pte_mask __read_mostly = ~_PAGE_IOMAP;
18376+pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_IOMAP);
18377 EXPORT_SYMBOL_GPL(__supported_pte_mask);
18378
18379 int force_personality32;
18380@@ -106,12 +106,22 @@ void sync_global_pgds(unsigned long star
18381
18382 for (address = start; address <= end; address += PGDIR_SIZE) {
18383 const pgd_t *pgd_ref = pgd_offset_k(address);
18384+
18385+#ifdef CONFIG_PAX_PER_CPU_PGD
18386+ unsigned long cpu;
18387+#else
18388 struct page *page;
18389+#endif
18390
18391 if (pgd_none(*pgd_ref))
18392 continue;
18393
18394 spin_lock(&pgd_lock);
18395+
18396+#ifdef CONFIG_PAX_PER_CPU_PGD
18397+ for (cpu = 0; cpu < NR_CPUS; ++cpu) {
18398+ pgd_t *pgd = pgd_offset_cpu(cpu, address);
18399+#else
18400 list_for_each_entry(page, &pgd_list, lru) {
18401 pgd_t *pgd;
18402 spinlock_t *pgt_lock;
18403@@ -120,6 +130,7 @@ void sync_global_pgds(unsigned long star
18404 /* the pgt_lock only for Xen */
18405 pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
18406 spin_lock(pgt_lock);
18407+#endif
18408
18409 if (pgd_none(*pgd))
18410 set_pgd(pgd, *pgd_ref);
18411@@ -127,7 +138,10 @@ void sync_global_pgds(unsigned long star
18412 BUG_ON(pgd_page_vaddr(*pgd)
18413 != pgd_page_vaddr(*pgd_ref));
18414
18415+#ifndef CONFIG_PAX_PER_CPU_PGD
18416 spin_unlock(pgt_lock);
18417+#endif
18418+
18419 }
18420 spin_unlock(&pgd_lock);
18421 }
18422@@ -201,7 +215,9 @@ void set_pte_vaddr_pud(pud_t *pud_page,
18423 pmd = fill_pmd(pud, vaddr);
18424 pte = fill_pte(pmd, vaddr);
18425
18426+ pax_open_kernel();
18427 set_pte(pte, new_pte);
18428+ pax_close_kernel();
18429
18430 /*
18431 * It's enough to flush this one mapping.
18432@@ -260,14 +276,12 @@ static void __init __init_extra_mapping(
18433 pgd = pgd_offset_k((unsigned long)__va(phys));
18434 if (pgd_none(*pgd)) {
18435 pud = (pud_t *) spp_getpage();
18436- set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE |
18437- _PAGE_USER));
18438+ set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE));
18439 }
18440 pud = pud_offset(pgd, (unsigned long)__va(phys));
18441 if (pud_none(*pud)) {
18442 pmd = (pmd_t *) spp_getpage();
18443- set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE |
18444- _PAGE_USER));
18445+ set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE));
18446 }
18447 pmd = pmd_offset(pud, phys);
18448 BUG_ON(!pmd_none(*pmd));
18449@@ -707,6 +721,12 @@ void __init mem_init(void)
18450
18451 pci_iommu_alloc();
18452
18453+#ifdef CONFIG_PAX_PER_CPU_PGD
18454+ clone_pgd_range(get_cpu_pgd(0) + KERNEL_PGD_BOUNDARY,
18455+ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
18456+ KERNEL_PGD_PTRS);
18457+#endif
18458+
18459 /* clear_bss() already clear the empty_zero_page */
18460
18461 reservedpages = 0;
18462@@ -867,8 +887,8 @@ int kern_addr_valid(unsigned long addr)
18463 static struct vm_area_struct gate_vma = {
18464 .vm_start = VSYSCALL_START,
18465 .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
18466- .vm_page_prot = PAGE_READONLY_EXEC,
18467- .vm_flags = VM_READ | VM_EXEC
18468+ .vm_page_prot = PAGE_READONLY,
18469+ .vm_flags = VM_READ
18470 };
18471
18472 struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
18473@@ -902,7 +922,7 @@ int in_gate_area_no_task(unsigned long a
18474
18475 const char *arch_vma_name(struct vm_area_struct *vma)
18476 {
18477- if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
18478+ if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
18479 return "[vdso]";
18480 if (vma == &gate_vma)
18481 return "[vsyscall]";
18482diff -urNp linux-2.6.38.2/arch/x86/mm/init.c linux-2.6.38.2/arch/x86/mm/init.c
18483--- linux-2.6.38.2/arch/x86/mm/init.c 2011-03-28 17:42:40.000000000 -0400
18484+++ linux-2.6.38.2/arch/x86/mm/init.c 2011-03-28 17:42:53.000000000 -0400
18485@@ -72,11 +72,7 @@ static void __init find_early_table_spac
18486 * cause a hotspot and fill up ZONE_DMA. The page tables
18487 * need roughly 0.5KB per GB.
18488 */
18489-#ifdef CONFIG_X86_32
18490- start = 0x7000;
18491-#else
18492- start = 0x8000;
18493-#endif
18494+ start = 0x100000;
18495 base = memblock_find_in_range(start, max_pfn_mapped<<PAGE_SHIFT,
18496 tables, PAGE_SIZE);
18497 if (base == MEMBLOCK_ERROR)
18498@@ -304,7 +300,13 @@ unsigned long __init_refok init_memory_m
18499 */
18500 int devmem_is_allowed(unsigned long pagenr)
18501 {
18502- if (pagenr <= 256)
18503+ if (!pagenr)
18504+ return 1;
18505+#ifdef CONFIG_VM86
18506+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
18507+ return 1;
18508+#endif
18509+ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
18510 return 1;
18511 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
18512 return 0;
18513@@ -364,6 +366,86 @@ void free_init_pages(char *what, unsigne
18514
18515 void free_initmem(void)
18516 {
18517+
18518+#ifdef CONFIG_PAX_KERNEXEC
18519+#ifdef CONFIG_X86_32
18520+ /* PaX: limit KERNEL_CS to actual size */
18521+ unsigned long addr, limit;
18522+ struct desc_struct d;
18523+ int cpu;
18524+
18525+ limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
18526+ limit = (limit - 1UL) >> PAGE_SHIFT;
18527+
18528+ memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
18529+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
18530+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
18531+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
18532+ }
18533+
18534+ /* PaX: make KERNEL_CS read-only */
18535+ addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
18536+ if (!paravirt_enabled())
18537+ set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
18538+/*
18539+ for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
18540+ pgd = pgd_offset_k(addr);
18541+ pud = pud_offset(pgd, addr);
18542+ pmd = pmd_offset(pud, addr);
18543+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
18544+ }
18545+*/
18546+#ifdef CONFIG_X86_PAE
18547+ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
18548+/*
18549+ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
18550+ pgd = pgd_offset_k(addr);
18551+ pud = pud_offset(pgd, addr);
18552+ pmd = pmd_offset(pud, addr);
18553+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
18554+ }
18555+*/
18556+#endif
18557+
18558+#ifdef CONFIG_MODULES
18559+ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
18560+#endif
18561+
18562+#else
18563+ pgd_t *pgd;
18564+ pud_t *pud;
18565+ pmd_t *pmd;
18566+ unsigned long addr, end;
18567+
18568+ /* PaX: make kernel code/rodata read-only, rest non-executable */
18569+ for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
18570+ pgd = pgd_offset_k(addr);
18571+ pud = pud_offset(pgd, addr);
18572+ pmd = pmd_offset(pud, addr);
18573+ if (!pmd_present(*pmd))
18574+ continue;
18575+ if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
18576+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
18577+ else
18578+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
18579+ }
18580+
18581+ addr = (unsigned long)__va(__pa(__START_KERNEL_map));
18582+ end = addr + KERNEL_IMAGE_SIZE;
18583+ for (; addr < end; addr += PMD_SIZE) {
18584+ pgd = pgd_offset_k(addr);
18585+ pud = pud_offset(pgd, addr);
18586+ pmd = pmd_offset(pud, addr);
18587+ if (!pmd_present(*pmd))
18588+ continue;
18589+ if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
18590+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
18591+ }
18592+#endif
18593+
18594+ flush_tlb_all();
18595+#endif
18596+
18597 free_init_pages("unused kernel memory",
18598 (unsigned long)(&__init_begin),
18599 (unsigned long)(&__init_end));
18600diff -urNp linux-2.6.38.2/arch/x86/mm/iomap_32.c linux-2.6.38.2/arch/x86/mm/iomap_32.c
18601--- linux-2.6.38.2/arch/x86/mm/iomap_32.c 2011-03-14 21:20:32.000000000 -0400
18602+++ linux-2.6.38.2/arch/x86/mm/iomap_32.c 2011-03-21 18:31:35.000000000 -0400
18603@@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long
18604 type = kmap_atomic_idx_push();
18605 idx = type + KM_TYPE_NR * smp_processor_id();
18606 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
18607+
18608+ pax_open_kernel();
18609 set_pte(kmap_pte - idx, pfn_pte(pfn, prot));
18610+ pax_close_kernel();
18611+
18612 arch_flush_lazy_mmu_mode();
18613
18614 return (void *)vaddr;
18615diff -urNp linux-2.6.38.2/arch/x86/mm/ioremap.c linux-2.6.38.2/arch/x86/mm/ioremap.c
18616--- linux-2.6.38.2/arch/x86/mm/ioremap.c 2011-03-14 21:20:32.000000000 -0400
18617+++ linux-2.6.38.2/arch/x86/mm/ioremap.c 2011-03-21 18:31:35.000000000 -0400
18618@@ -104,7 +104,7 @@ static void __iomem *__ioremap_caller(re
18619 for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
18620 int is_ram = page_is_ram(pfn);
18621
18622- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
18623+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn))))
18624 return NULL;
18625 WARN_ON_ONCE(is_ram);
18626 }
18627@@ -344,7 +344,7 @@ static int __init early_ioremap_debug_se
18628 early_param("early_ioremap_debug", early_ioremap_debug_setup);
18629
18630 static __initdata int after_paging_init;
18631-static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
18632+static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE);
18633
18634 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
18635 {
18636@@ -381,8 +381,7 @@ void __init early_ioremap_init(void)
18637 slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
18638
18639 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
18640- memset(bm_pte, 0, sizeof(bm_pte));
18641- pmd_populate_kernel(&init_mm, pmd, bm_pte);
18642+ pmd_populate_user(&init_mm, pmd, bm_pte);
18643
18644 /*
18645 * The boot-ioremap range spans multiple pmds, for which
18646diff -urNp linux-2.6.38.2/arch/x86/mm/kmemcheck/kmemcheck.c linux-2.6.38.2/arch/x86/mm/kmemcheck/kmemcheck.c
18647--- linux-2.6.38.2/arch/x86/mm/kmemcheck/kmemcheck.c 2011-03-14 21:20:32.000000000 -0400
18648+++ linux-2.6.38.2/arch/x86/mm/kmemcheck/kmemcheck.c 2011-03-21 18:31:35.000000000 -0400
18649@@ -622,9 +622,9 @@ bool kmemcheck_fault(struct pt_regs *reg
18650 * memory (e.g. tracked pages)? For now, we need this to avoid
18651 * invoking kmemcheck for PnP BIOS calls.
18652 */
18653- if (regs->flags & X86_VM_MASK)
18654+ if (v8086_mode(regs))
18655 return false;
18656- if (regs->cs != __KERNEL_CS)
18657+ if (regs->cs != __KERNEL_CS && regs->cs != __KERNEXEC_KERNEL_CS)
18658 return false;
18659
18660 pte = kmemcheck_pte_lookup(address);
18661diff -urNp linux-2.6.38.2/arch/x86/mm/mmap.c linux-2.6.38.2/arch/x86/mm/mmap.c
18662--- linux-2.6.38.2/arch/x86/mm/mmap.c 2011-03-14 21:20:32.000000000 -0400
18663+++ linux-2.6.38.2/arch/x86/mm/mmap.c 2011-03-21 18:31:35.000000000 -0400
18664@@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size
18665 * Leave an at least ~128 MB hole with possible stack randomization.
18666 */
18667 #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
18668-#define MAX_GAP (TASK_SIZE/6*5)
18669+#define MAX_GAP (pax_task_size/6*5)
18670
18671 /*
18672 * True on X86_32 or when emulating IA32 on X86_64
18673@@ -94,27 +94,40 @@ static unsigned long mmap_rnd(void)
18674 return rnd << PAGE_SHIFT;
18675 }
18676
18677-static unsigned long mmap_base(void)
18678+static unsigned long mmap_base(struct mm_struct *mm)
18679 {
18680 unsigned long gap = rlimit(RLIMIT_STACK);
18681+ unsigned long pax_task_size = TASK_SIZE;
18682+
18683+#ifdef CONFIG_PAX_SEGMEXEC
18684+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
18685+ pax_task_size = SEGMEXEC_TASK_SIZE;
18686+#endif
18687
18688 if (gap < MIN_GAP)
18689 gap = MIN_GAP;
18690 else if (gap > MAX_GAP)
18691 gap = MAX_GAP;
18692
18693- return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
18694+ return PAGE_ALIGN(pax_task_size - gap - mmap_rnd());
18695 }
18696
18697 /*
18698 * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
18699 * does, but not when emulating X86_32
18700 */
18701-static unsigned long mmap_legacy_base(void)
18702+static unsigned long mmap_legacy_base(struct mm_struct *mm)
18703 {
18704- if (mmap_is_ia32())
18705+ if (mmap_is_ia32()) {
18706+
18707+#ifdef CONFIG_PAX_SEGMEXEC
18708+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
18709+ return SEGMEXEC_TASK_UNMAPPED_BASE;
18710+ else
18711+#endif
18712+
18713 return TASK_UNMAPPED_BASE;
18714- else
18715+ } else
18716 return TASK_UNMAPPED_BASE + mmap_rnd();
18717 }
18718
18719@@ -125,11 +138,23 @@ static unsigned long mmap_legacy_base(vo
18720 void arch_pick_mmap_layout(struct mm_struct *mm)
18721 {
18722 if (mmap_is_legacy()) {
18723- mm->mmap_base = mmap_legacy_base();
18724+ mm->mmap_base = mmap_legacy_base(mm);
18725+
18726+#ifdef CONFIG_PAX_RANDMMAP
18727+ if (mm->pax_flags & MF_PAX_RANDMMAP)
18728+ mm->mmap_base += mm->delta_mmap;
18729+#endif
18730+
18731 mm->get_unmapped_area = arch_get_unmapped_area;
18732 mm->unmap_area = arch_unmap_area;
18733 } else {
18734- mm->mmap_base = mmap_base();
18735+ mm->mmap_base = mmap_base(mm);
18736+
18737+#ifdef CONFIG_PAX_RANDMMAP
18738+ if (mm->pax_flags & MF_PAX_RANDMMAP)
18739+ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
18740+#endif
18741+
18742 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
18743 mm->unmap_area = arch_unmap_area_topdown;
18744 }
18745diff -urNp linux-2.6.38.2/arch/x86/mm/numa_32.c linux-2.6.38.2/arch/x86/mm/numa_32.c
18746--- linux-2.6.38.2/arch/x86/mm/numa_32.c 2011-03-14 21:20:32.000000000 -0400
18747+++ linux-2.6.38.2/arch/x86/mm/numa_32.c 2011-03-21 18:31:35.000000000 -0400
18748@@ -99,7 +99,6 @@ unsigned long node_memmap_size_bytes(int
18749 }
18750 #endif
18751
18752-extern unsigned long find_max_low_pfn(void);
18753 extern unsigned long highend_pfn, highstart_pfn;
18754
18755 #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
18756diff -urNp linux-2.6.38.2/arch/x86/mm/pageattr.c linux-2.6.38.2/arch/x86/mm/pageattr.c
18757--- linux-2.6.38.2/arch/x86/mm/pageattr.c 2011-03-14 21:20:32.000000000 -0400
18758+++ linux-2.6.38.2/arch/x86/mm/pageattr.c 2011-03-21 18:31:35.000000000 -0400
18759@@ -261,7 +261,7 @@ static inline pgprot_t static_protection
18760 */
18761 #ifdef CONFIG_PCI_BIOS
18762 if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
18763- pgprot_val(forbidden) |= _PAGE_NX;
18764+ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
18765 #endif
18766
18767 /*
18768@@ -269,9 +269,10 @@ static inline pgprot_t static_protection
18769 * Does not cover __inittext since that is gone later on. On
18770 * 64bit we do not enforce !NX on the low mapping
18771 */
18772- if (within(address, (unsigned long)_text, (unsigned long)_etext))
18773- pgprot_val(forbidden) |= _PAGE_NX;
18774+ if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
18775+ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
18776
18777+#ifdef CONFIG_DEBUG_RODATA
18778 /*
18779 * The .rodata section needs to be read-only. Using the pfn
18780 * catches all aliases.
18781@@ -279,6 +280,7 @@ static inline pgprot_t static_protection
18782 if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
18783 __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
18784 pgprot_val(forbidden) |= _PAGE_RW;
18785+#endif
18786
18787 #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
18788 /*
18789@@ -317,6 +319,13 @@ static inline pgprot_t static_protection
18790 }
18791 #endif
18792
18793+#ifdef CONFIG_PAX_KERNEXEC
18794+ if (within(pfn, __pa((unsigned long)&_text), __pa((unsigned long)&_sdata))) {
18795+ pgprot_val(forbidden) |= _PAGE_RW;
18796+ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
18797+ }
18798+#endif
18799+
18800 prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
18801
18802 return prot;
18803@@ -369,23 +378,37 @@ EXPORT_SYMBOL_GPL(lookup_address);
18804 static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
18805 {
18806 /* change init_mm */
18807+ pax_open_kernel();
18808 set_pte_atomic(kpte, pte);
18809+
18810 #ifdef CONFIG_X86_32
18811 if (!SHARED_KERNEL_PMD) {
18812+
18813+#ifdef CONFIG_PAX_PER_CPU_PGD
18814+ unsigned long cpu;
18815+#else
18816 struct page *page;
18817+#endif
18818
18819+#ifdef CONFIG_PAX_PER_CPU_PGD
18820+ for (cpu = 0; cpu < NR_CPUS; ++cpu) {
18821+ pgd_t *pgd = get_cpu_pgd(cpu);
18822+#else
18823 list_for_each_entry(page, &pgd_list, lru) {
18824- pgd_t *pgd;
18825+ pgd_t *pgd = (pgd_t *)page_address(page);
18826+#endif
18827+
18828 pud_t *pud;
18829 pmd_t *pmd;
18830
18831- pgd = (pgd_t *)page_address(page) + pgd_index(address);
18832+ pgd += pgd_index(address);
18833 pud = pud_offset(pgd, address);
18834 pmd = pmd_offset(pud, address);
18835 set_pte_atomic((pte_t *)pmd, pte);
18836 }
18837 }
18838 #endif
18839+ pax_close_kernel();
18840 }
18841
18842 static int
18843diff -urNp linux-2.6.38.2/arch/x86/mm/pageattr-test.c linux-2.6.38.2/arch/x86/mm/pageattr-test.c
18844--- linux-2.6.38.2/arch/x86/mm/pageattr-test.c 2011-03-14 21:20:32.000000000 -0400
18845+++ linux-2.6.38.2/arch/x86/mm/pageattr-test.c 2011-03-21 18:31:35.000000000 -0400
18846@@ -36,7 +36,7 @@ enum {
18847
18848 static int pte_testbit(pte_t pte)
18849 {
18850- return pte_flags(pte) & _PAGE_UNUSED1;
18851+ return pte_flags(pte) & _PAGE_CPA_TEST;
18852 }
18853
18854 struct split_state {
18855diff -urNp linux-2.6.38.2/arch/x86/mm/pat.c linux-2.6.38.2/arch/x86/mm/pat.c
18856--- linux-2.6.38.2/arch/x86/mm/pat.c 2011-03-14 21:20:32.000000000 -0400
18857+++ linux-2.6.38.2/arch/x86/mm/pat.c 2011-03-21 18:31:35.000000000 -0400
18858@@ -361,7 +361,7 @@ int free_memtype(u64 start, u64 end)
18859
18860 if (!entry) {
18861 printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n",
18862- current->comm, current->pid, start, end);
18863+ current->comm, task_pid_nr(current), start, end);
18864 return -EINVAL;
18865 }
18866
18867@@ -492,8 +492,8 @@ static inline int range_is_allowed(unsig
18868 while (cursor < to) {
18869 if (!devmem_is_allowed(pfn)) {
18870 printk(KERN_INFO
18871- "Program %s tried to access /dev/mem between %Lx->%Lx.\n",
18872- current->comm, from, to);
18873+ "Program %s tried to access /dev/mem between %Lx->%Lx (%Lx).\n",
18874+ current->comm, from, to, cursor);
18875 return 0;
18876 }
18877 cursor += PAGE_SIZE;
18878@@ -557,7 +557,7 @@ int kernel_map_sync_memtype(u64 base, un
18879 printk(KERN_INFO
18880 "%s:%d ioremap_change_attr failed %s "
18881 "for %Lx-%Lx\n",
18882- current->comm, current->pid,
18883+ current->comm, task_pid_nr(current),
18884 cattr_name(flags),
18885 base, (unsigned long long)(base + size));
18886 return -EINVAL;
18887@@ -593,7 +593,7 @@ static int reserve_pfn_range(u64 paddr,
18888 if (want_flags != flags) {
18889 printk(KERN_WARNING
18890 "%s:%d map pfn RAM range req %s for %Lx-%Lx, got %s\n",
18891- current->comm, current->pid,
18892+ current->comm, task_pid_nr(current),
18893 cattr_name(want_flags),
18894 (unsigned long long)paddr,
18895 (unsigned long long)(paddr + size),
18896@@ -615,7 +615,7 @@ static int reserve_pfn_range(u64 paddr,
18897 free_memtype(paddr, paddr + size);
18898 printk(KERN_ERR "%s:%d map pfn expected mapping type %s"
18899 " for %Lx-%Lx, got %s\n",
18900- current->comm, current->pid,
18901+ current->comm, task_pid_nr(current),
18902 cattr_name(want_flags),
18903 (unsigned long long)paddr,
18904 (unsigned long long)(paddr + size),
18905diff -urNp linux-2.6.38.2/arch/x86/mm/pgtable_32.c linux-2.6.38.2/arch/x86/mm/pgtable_32.c
18906--- linux-2.6.38.2/arch/x86/mm/pgtable_32.c 2011-03-14 21:20:32.000000000 -0400
18907+++ linux-2.6.38.2/arch/x86/mm/pgtable_32.c 2011-03-21 18:31:35.000000000 -0400
18908@@ -48,10 +48,13 @@ void set_pte_vaddr(unsigned long vaddr,
18909 return;
18910 }
18911 pte = pte_offset_kernel(pmd, vaddr);
18912+
18913+ pax_open_kernel();
18914 if (pte_val(pteval))
18915 set_pte_at(&init_mm, vaddr, pte, pteval);
18916 else
18917 pte_clear(&init_mm, vaddr, pte);
18918+ pax_close_kernel();
18919
18920 /*
18921 * It's enough to flush this one mapping.
18922diff -urNp linux-2.6.38.2/arch/x86/mm/pgtable.c linux-2.6.38.2/arch/x86/mm/pgtable.c
18923--- linux-2.6.38.2/arch/x86/mm/pgtable.c 2011-03-23 17:20:06.000000000 -0400
18924+++ linux-2.6.38.2/arch/x86/mm/pgtable.c 2011-03-24 23:22:14.000000000 -0400
18925@@ -84,9 +84,58 @@ static inline void pgd_list_del(pgd_t *p
18926 list_del(&page->lru);
18927 }
18928
18929-#define UNSHARED_PTRS_PER_PGD \
18930- (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
18931+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
18932+pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT;
18933
18934+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count)
18935+{
18936+ while (count--)
18937+ *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER);
18938+}
18939+#endif
18940+
18941+#ifdef CONFIG_PAX_PER_CPU_PGD
18942+void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count)
18943+{
18944+ while (count--)
18945+
18946+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
18947+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask);
18948+#else
18949+ *dst++ = *src++;
18950+#endif
18951+
18952+}
18953+#endif
18954+
18955+#ifdef CONFIG_PAX_PER_CPU_PGD
18956+static inline void pgd_ctor(struct mm_struct *mm, pgd_t *pgd) {}
18957+static inline void pgd_dtor(pgd_t *pgd) {}
18958+#ifdef CONFIG_X86_64
18959+#define pxd_t pud_t
18960+#define pyd_t pgd_t
18961+#define paravirt_release_pxd(pfn) paravirt_release_pud(pfn)
18962+#define pxd_free(mm, pud) pud_free((mm), (pud))
18963+#define pyd_populate(mm, pgd, pud) pgd_populate((mm), (pgd), (pud))
18964+#define pyd_offset(mm ,address) pgd_offset((mm), (address))
18965+#define PYD_SIZE PGDIR_SIZE
18966+#else
18967+#define pxd_t pmd_t
18968+#define pyd_t pud_t
18969+#define paravirt_release_pxd(pfn) paravirt_release_pmd(pfn)
18970+#define pxd_free(mm, pud) pmd_free((mm), (pud))
18971+#define pyd_populate(mm, pgd, pud) pud_populate((mm), (pgd), (pud))
18972+#define pyd_offset(mm ,address) pud_offset((mm), (address))
18973+#define PYD_SIZE PUD_SIZE
18974+#endif
18975+#else
18976+#define pxd_t pmd_t
18977+#define pyd_t pud_t
18978+#define paravirt_release_pxd(pfn) paravirt_release_pmd(pfn)
18979+#define pxd_free(mm, pmd) pmd_free((mm), (pmd))
18980+#define pyd_populate(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
18981+#define pyd_offset(mm ,address) pud_offset((mm), (address))
18982+#define PYD_SIZE PUD_SIZE
18983
18984 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm)
18985 {
18986@@ -128,6 +177,7 @@ static void pgd_dtor(pgd_t *pgd)
18987 pgd_list_del(pgd);
18988 spin_unlock(&pgd_lock);
18989 }
18990+#endif
18991
18992 /*
18993 * List of all pgd's needed for non-PAE so it can invalidate entries
18994@@ -140,7 +190,7 @@ static void pgd_dtor(pgd_t *pgd)
18995 * -- wli
18996 */
18997
18998-#ifdef CONFIG_X86_PAE
18999+#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
19000 /*
19001 * In PAE mode, we need to do a cr3 reload (=tlb flush) when
19002 * updating the top-level pagetable entries to guarantee the
19003@@ -152,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd)
19004 * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
19005 * and initialize the kernel pmds here.
19006 */
19007-#define PREALLOCATED_PMDS UNSHARED_PTRS_PER_PGD
19008+#define PREALLOCATED_PXDS (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
19009
19010 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
19011 {
19012@@ -170,36 +220,38 @@ void pud_populate(struct mm_struct *mm,
19013 */
19014 flush_tlb_mm(mm);
19015 }
19016+#elif defined(CONFIG_X86_64) && defined(CONFIG_PAX_PER_CPU_PGD)
19017+#define PREALLOCATED_PXDS USER_PGD_PTRS
19018 #else /* !CONFIG_X86_PAE */
19019
19020 /* No need to prepopulate any pagetable entries in non-PAE modes. */
19021-#define PREALLOCATED_PMDS 0
19022+#define PREALLOCATED_PXDS 0
19023
19024 #endif /* CONFIG_X86_PAE */
19025
19026-static void free_pmds(pmd_t *pmds[])
19027+static void free_pxds(pxd_t *pxds[])
19028 {
19029 int i;
19030
19031- for(i = 0; i < PREALLOCATED_PMDS; i++)
19032- if (pmds[i])
19033- free_page((unsigned long)pmds[i]);
19034+ for(i = 0; i < PREALLOCATED_PXDS; i++)
19035+ if (pxds[i])
19036+ free_page((unsigned long)pxds[i]);
19037 }
19038
19039-static int preallocate_pmds(pmd_t *pmds[])
19040+static int preallocate_pxds(pxd_t *pxds[])
19041 {
19042 int i;
19043 bool failed = false;
19044
19045- for(i = 0; i < PREALLOCATED_PMDS; i++) {
19046- pmd_t *pmd = (pmd_t *)__get_free_page(PGALLOC_GFP);
19047- if (pmd == NULL)
19048+ for(i = 0; i < PREALLOCATED_PXDS; i++) {
19049+ pxd_t *pxd = (pxd_t *)__get_free_page(PGALLOC_GFP);
19050+ if (pxd == NULL)
19051 failed = true;
19052- pmds[i] = pmd;
19053+ pxds[i] = pxd;
19054 }
19055
19056 if (failed) {
19057- free_pmds(pmds);
19058+ free_pxds(pxds);
19059 return -ENOMEM;
19060 }
19061
19062@@ -212,51 +264,55 @@ static int preallocate_pmds(pmd_t *pmds[
19063 * preallocate which never got a corresponding vma will need to be
19064 * freed manually.
19065 */
19066-static void pgd_mop_up_pmds(struct mm_struct *mm, pgd_t *pgdp)
19067+static void pgd_mop_up_pxds(struct mm_struct *mm, pgd_t *pgdp)
19068 {
19069 int i;
19070
19071- for(i = 0; i < PREALLOCATED_PMDS; i++) {
19072+ for(i = 0; i < PREALLOCATED_PXDS; i++) {
19073 pgd_t pgd = pgdp[i];
19074
19075 if (pgd_val(pgd) != 0) {
19076- pmd_t *pmd = (pmd_t *)pgd_page_vaddr(pgd);
19077+ pxd_t *pxd = (pxd_t *)pgd_page_vaddr(pgd);
19078
19079- pgdp[i] = native_make_pgd(0);
19080+ set_pgd(pgdp + i, native_make_pgd(0));
19081
19082- paravirt_release_pmd(pgd_val(pgd) >> PAGE_SHIFT);
19083- pmd_free(mm, pmd);
19084+ paravirt_release_pxd(pgd_val(pgd) >> PAGE_SHIFT);
19085+ pxd_free(mm, pxd);
19086 }
19087 }
19088 }
19089
19090-static void pgd_prepopulate_pmd(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmds[])
19091+static void pgd_prepopulate_pxd(struct mm_struct *mm, pgd_t *pgd, pxd_t *pxds[])
19092 {
19093- pud_t *pud;
19094+ pyd_t *pyd;
19095 unsigned long addr;
19096 int i;
19097
19098- if (PREALLOCATED_PMDS == 0) /* Work around gcc-3.4.x bug */
19099+ if (PREALLOCATED_PXDS == 0) /* Work around gcc-3.4.x bug */
19100 return;
19101
19102- pud = pud_offset(pgd, 0);
19103+#ifdef CONFIG_X86_64
19104+ pyd = pyd_offset(mm, 0L);
19105+#else
19106+ pyd = pyd_offset(pgd, 0L);
19107+#endif
19108
19109- for (addr = i = 0; i < PREALLOCATED_PMDS;
19110- i++, pud++, addr += PUD_SIZE) {
19111- pmd_t *pmd = pmds[i];
19112+ for (addr = i = 0; i < PREALLOCATED_PXDS;
19113+ i++, pyd++, addr += PYD_SIZE) {
19114+ pxd_t *pxd = pxds[i];
19115
19116 if (i >= KERNEL_PGD_BOUNDARY)
19117- memcpy(pmd, (pmd_t *)pgd_page_vaddr(swapper_pg_dir[i]),
19118- sizeof(pmd_t) * PTRS_PER_PMD);
19119+ memcpy(pxd, (pxd_t *)pgd_page_vaddr(swapper_pg_dir[i]),
19120+ sizeof(pxd_t) * PTRS_PER_PMD);
19121
19122- pud_populate(mm, pud, pmd);
19123+ pyd_populate(mm, pyd, pxd);
19124 }
19125 }
19126
19127 pgd_t *pgd_alloc(struct mm_struct *mm)
19128 {
19129 pgd_t *pgd;
19130- pmd_t *pmds[PREALLOCATED_PMDS];
19131+ pxd_t *pxds[PREALLOCATED_PXDS];
19132
19133 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
19134
19135@@ -265,11 +321,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
19136
19137 mm->pgd = pgd;
19138
19139- if (preallocate_pmds(pmds) != 0)
19140+ if (preallocate_pxds(pxds) != 0)
19141 goto out_free_pgd;
19142
19143 if (paravirt_pgd_alloc(mm) != 0)
19144- goto out_free_pmds;
19145+ goto out_free_pxds;
19146
19147 /*
19148 * Make sure that pre-populating the pmds is atomic with
19149@@ -279,14 +335,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
19150 spin_lock(&pgd_lock);
19151
19152 pgd_ctor(mm, pgd);
19153- pgd_prepopulate_pmd(mm, pgd, pmds);
19154+ pgd_prepopulate_pxd(mm, pgd, pxds);
19155
19156 spin_unlock(&pgd_lock);
19157
19158 return pgd;
19159
19160-out_free_pmds:
19161- free_pmds(pmds);
19162+out_free_pxds:
19163+ free_pxds(pxds);
19164 out_free_pgd:
19165 free_page((unsigned long)pgd);
19166 out:
19167@@ -295,7 +351,7 @@ out:
19168
19169 void pgd_free(struct mm_struct *mm, pgd_t *pgd)
19170 {
19171- pgd_mop_up_pmds(mm, pgd);
19172+ pgd_mop_up_pxds(mm, pgd);
19173 pgd_dtor(pgd);
19174 paravirt_pgd_free(mm, pgd);
19175 free_page((unsigned long)pgd);
19176diff -urNp linux-2.6.38.2/arch/x86/mm/setup_nx.c linux-2.6.38.2/arch/x86/mm/setup_nx.c
19177--- linux-2.6.38.2/arch/x86/mm/setup_nx.c 2011-03-14 21:20:32.000000000 -0400
19178+++ linux-2.6.38.2/arch/x86/mm/setup_nx.c 2011-03-21 18:31:35.000000000 -0400
19179@@ -5,8 +5,10 @@
19180 #include <asm/pgtable.h>
19181 #include <asm/proto.h>
19182
19183+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
19184 static int disable_nx __cpuinitdata;
19185
19186+#ifndef CONFIG_PAX_PAGEEXEC
19187 /*
19188 * noexec = on|off
19189 *
19190@@ -28,12 +30,17 @@ static int __init noexec_setup(char *str
19191 return 0;
19192 }
19193 early_param("noexec", noexec_setup);
19194+#endif
19195+
19196+#endif
19197
19198 void __cpuinit x86_configure_nx(void)
19199 {
19200+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
19201 if (cpu_has_nx && !disable_nx)
19202 __supported_pte_mask |= _PAGE_NX;
19203 else
19204+#endif
19205 __supported_pte_mask &= ~_PAGE_NX;
19206 }
19207
19208diff -urNp linux-2.6.38.2/arch/x86/mm/tlb.c linux-2.6.38.2/arch/x86/mm/tlb.c
19209--- linux-2.6.38.2/arch/x86/mm/tlb.c 2011-03-14 21:20:32.000000000 -0400
19210+++ linux-2.6.38.2/arch/x86/mm/tlb.c 2011-03-21 18:31:35.000000000 -0400
19211@@ -14,7 +14,7 @@
19212 #include <asm/uv/uv.h>
19213
19214 DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate)
19215- = { &init_mm, 0, };
19216+ = { &init_mm, 0 };
19217
19218 /*
19219 * Smarter SMP flushing macros.
19220@@ -65,7 +65,11 @@ void leave_mm(int cpu)
19221 BUG();
19222 cpumask_clear_cpu(cpu,
19223 mm_cpumask(percpu_read(cpu_tlbstate.active_mm)));
19224+
19225+#ifndef CONFIG_PAX_PER_CPU_PGD
19226 load_cr3(swapper_pg_dir);
19227+#endif
19228+
19229 }
19230 EXPORT_SYMBOL_GPL(leave_mm);
19231
19232diff -urNp linux-2.6.38.2/arch/x86/oprofile/backtrace.c linux-2.6.38.2/arch/x86/oprofile/backtrace.c
19233--- linux-2.6.38.2/arch/x86/oprofile/backtrace.c 2011-03-14 21:20:32.000000000 -0400
19234+++ linux-2.6.38.2/arch/x86/oprofile/backtrace.c 2011-03-21 18:31:35.000000000 -0400
19235@@ -57,7 +57,7 @@ dump_user_backtrace_32(struct stack_fram
19236 struct stack_frame_ia32 *fp;
19237
19238 /* Also check accessibility of one struct frame_head beyond */
19239- if (!access_ok(VERIFY_READ, head, sizeof(bufhead)))
19240+ if (!__access_ok(VERIFY_READ, head, sizeof(bufhead)))
19241 return NULL;
19242 if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead)))
19243 return NULL;
19244@@ -123,7 +123,7 @@ x86_backtrace(struct pt_regs * const reg
19245 {
19246 struct stack_frame *head = (struct stack_frame *)frame_pointer(regs);
19247
19248- if (!user_mode_vm(regs)) {
19249+ if (!user_mode(regs)) {
19250 unsigned long stack = kernel_stack_pointer(regs);
19251 if (depth)
19252 dump_trace(NULL, regs, (unsigned long *)stack,
19253diff -urNp linux-2.6.38.2/arch/x86/oprofile/op_model_p4.c linux-2.6.38.2/arch/x86/oprofile/op_model_p4.c
19254--- linux-2.6.38.2/arch/x86/oprofile/op_model_p4.c 2011-03-14 21:20:32.000000000 -0400
19255+++ linux-2.6.38.2/arch/x86/oprofile/op_model_p4.c 2011-03-21 18:31:35.000000000 -0400
19256@@ -50,7 +50,7 @@ static inline void setup_num_counters(vo
19257 #endif
19258 }
19259
19260-static int inline addr_increment(void)
19261+static inline int addr_increment(void)
19262 {
19263 #ifdef CONFIG_SMP
19264 return smp_num_siblings == 2 ? 2 : 1;
19265diff -urNp linux-2.6.38.2/arch/x86/pci/ce4100.c linux-2.6.38.2/arch/x86/pci/ce4100.c
19266--- linux-2.6.38.2/arch/x86/pci/ce4100.c 2011-03-14 21:20:32.000000000 -0400
19267+++ linux-2.6.38.2/arch/x86/pci/ce4100.c 2011-03-21 18:31:35.000000000 -0400
19268@@ -302,7 +302,7 @@ static int ce4100_conf_write(unsigned in
19269 return pci_direct_conf1.write(seg, bus, devfn, reg, len, value);
19270 }
19271
19272-struct pci_raw_ops ce4100_pci_conf = {
19273+const struct pci_raw_ops ce4100_pci_conf = {
19274 .read = ce4100_conf_read,
19275 .write = ce4100_conf_write,
19276 };
19277diff -urNp linux-2.6.38.2/arch/x86/pci/common.c linux-2.6.38.2/arch/x86/pci/common.c
19278--- linux-2.6.38.2/arch/x86/pci/common.c 2011-03-14 21:20:32.000000000 -0400
19279+++ linux-2.6.38.2/arch/x86/pci/common.c 2011-03-21 18:31:35.000000000 -0400
19280@@ -33,8 +33,8 @@ int noioapicreroute = 1;
19281 int pcibios_last_bus = -1;
19282 unsigned long pirq_table_addr;
19283 struct pci_bus *pci_root_bus;
19284-struct pci_raw_ops *raw_pci_ops;
19285-struct pci_raw_ops *raw_pci_ext_ops;
19286+const struct pci_raw_ops *raw_pci_ops;
19287+const struct pci_raw_ops *raw_pci_ext_ops;
19288
19289 int raw_pci_read(unsigned int domain, unsigned int bus, unsigned int devfn,
19290 int reg, int len, u32 *val)
19291@@ -423,7 +423,7 @@ static const struct dmi_system_id __devi
19292 DMI_MATCH(DMI_PRODUCT_NAME, "ProLiant DL585 G2"),
19293 },
19294 },
19295- {}
19296+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
19297 };
19298
19299 void __init dmi_check_pciprobe(void)
19300diff -urNp linux-2.6.38.2/arch/x86/pci/direct.c linux-2.6.38.2/arch/x86/pci/direct.c
19301--- linux-2.6.38.2/arch/x86/pci/direct.c 2011-03-14 21:20:32.000000000 -0400
19302+++ linux-2.6.38.2/arch/x86/pci/direct.c 2011-03-21 18:31:35.000000000 -0400
19303@@ -79,7 +79,7 @@ static int pci_conf1_write(unsigned int
19304
19305 #undef PCI_CONF1_ADDRESS
19306
19307-struct pci_raw_ops pci_direct_conf1 = {
19308+const struct pci_raw_ops pci_direct_conf1 = {
19309 .read = pci_conf1_read,
19310 .write = pci_conf1_write,
19311 };
19312@@ -173,7 +173,7 @@ static int pci_conf2_write(unsigned int
19313
19314 #undef PCI_CONF2_ADDRESS
19315
19316-struct pci_raw_ops pci_direct_conf2 = {
19317+const struct pci_raw_ops pci_direct_conf2 = {
19318 .read = pci_conf2_read,
19319 .write = pci_conf2_write,
19320 };
19321@@ -189,7 +189,7 @@ struct pci_raw_ops pci_direct_conf2 = {
19322 * This should be close to trivial, but it isn't, because there are buggy
19323 * chipsets (yes, you guessed it, by Intel and Compaq) that have no class ID.
19324 */
19325-static int __init pci_sanity_check(struct pci_raw_ops *o)
19326+static int __init pci_sanity_check(const struct pci_raw_ops *o)
19327 {
19328 u32 x = 0;
19329 int year, devfn;
19330diff -urNp linux-2.6.38.2/arch/x86/pci/fixup.c linux-2.6.38.2/arch/x86/pci/fixup.c
19331--- linux-2.6.38.2/arch/x86/pci/fixup.c 2011-03-14 21:20:32.000000000 -0400
19332+++ linux-2.6.38.2/arch/x86/pci/fixup.c 2011-03-21 18:31:35.000000000 -0400
19333@@ -364,7 +364,7 @@ static const struct dmi_system_id __devi
19334 DMI_MATCH(DMI_PRODUCT_NAME, "MS-6702E"),
19335 },
19336 },
19337- {}
19338+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
19339 };
19340
19341 /*
19342@@ -435,7 +435,7 @@ static const struct dmi_system_id __devi
19343 DMI_MATCH(DMI_PRODUCT_VERSION, "PSA40U"),
19344 },
19345 },
19346- { }
19347+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
19348 };
19349
19350 static void __devinit pci_pre_fixup_toshiba_ohci1394(struct pci_dev *dev)
19351diff -urNp linux-2.6.38.2/arch/x86/pci/irq.c linux-2.6.38.2/arch/x86/pci/irq.c
19352--- linux-2.6.38.2/arch/x86/pci/irq.c 2011-03-14 21:20:32.000000000 -0400
19353+++ linux-2.6.38.2/arch/x86/pci/irq.c 2011-03-21 18:31:35.000000000 -0400
19354@@ -542,7 +542,7 @@ static __init int intel_router_probe(str
19355 static struct pci_device_id __initdata pirq_440gx[] = {
19356 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0) },
19357 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_2) },
19358- { },
19359+ { PCI_DEVICE(0, 0) }
19360 };
19361
19362 /* 440GX has a proprietary PIRQ router -- don't use it */
19363@@ -1115,7 +1115,7 @@ static struct dmi_system_id __initdata p
19364 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
19365 },
19366 },
19367- { }
19368+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
19369 };
19370
19371 void __init pcibios_irq_init(void)
19372diff -urNp linux-2.6.38.2/arch/x86/pci/mmconfig_32.c linux-2.6.38.2/arch/x86/pci/mmconfig_32.c
19373--- linux-2.6.38.2/arch/x86/pci/mmconfig_32.c 2011-03-14 21:20:32.000000000 -0400
19374+++ linux-2.6.38.2/arch/x86/pci/mmconfig_32.c 2011-03-21 18:31:35.000000000 -0400
19375@@ -117,7 +117,7 @@ static int pci_mmcfg_write(unsigned int
19376 return 0;
19377 }
19378
19379-static struct pci_raw_ops pci_mmcfg = {
19380+static const struct pci_raw_ops pci_mmcfg = {
19381 .read = pci_mmcfg_read,
19382 .write = pci_mmcfg_write,
19383 };
19384diff -urNp linux-2.6.38.2/arch/x86/pci/mmconfig_64.c linux-2.6.38.2/arch/x86/pci/mmconfig_64.c
19385--- linux-2.6.38.2/arch/x86/pci/mmconfig_64.c 2011-03-14 21:20:32.000000000 -0400
19386+++ linux-2.6.38.2/arch/x86/pci/mmconfig_64.c 2011-03-21 18:31:35.000000000 -0400
19387@@ -81,7 +81,7 @@ static int pci_mmcfg_write(unsigned int
19388 return 0;
19389 }
19390
19391-static struct pci_raw_ops pci_mmcfg = {
19392+static const struct pci_raw_ops pci_mmcfg = {
19393 .read = pci_mmcfg_read,
19394 .write = pci_mmcfg_write,
19395 };
19396diff -urNp linux-2.6.38.2/arch/x86/pci/numaq_32.c linux-2.6.38.2/arch/x86/pci/numaq_32.c
19397--- linux-2.6.38.2/arch/x86/pci/numaq_32.c 2011-03-14 21:20:32.000000000 -0400
19398+++ linux-2.6.38.2/arch/x86/pci/numaq_32.c 2011-03-21 18:31:35.000000000 -0400
19399@@ -108,7 +108,7 @@ static int pci_conf1_mq_write(unsigned i
19400
19401 #undef PCI_CONF1_MQ_ADDRESS
19402
19403-static struct pci_raw_ops pci_direct_conf1_mq = {
19404+static const struct pci_raw_ops pci_direct_conf1_mq = {
19405 .read = pci_conf1_mq_read,
19406 .write = pci_conf1_mq_write
19407 };
19408diff -urNp linux-2.6.38.2/arch/x86/pci/olpc.c linux-2.6.38.2/arch/x86/pci/olpc.c
19409--- linux-2.6.38.2/arch/x86/pci/olpc.c 2011-03-14 21:20:32.000000000 -0400
19410+++ linux-2.6.38.2/arch/x86/pci/olpc.c 2011-03-21 18:31:35.000000000 -0400
19411@@ -297,7 +297,7 @@ static int pci_olpc_write(unsigned int s
19412 return 0;
19413 }
19414
19415-static struct pci_raw_ops pci_olpc_conf = {
19416+static const struct pci_raw_ops pci_olpc_conf = {
19417 .read = pci_olpc_read,
19418 .write = pci_olpc_write,
19419 };
19420diff -urNp linux-2.6.38.2/arch/x86/pci/pcbios.c linux-2.6.38.2/arch/x86/pci/pcbios.c
19421--- linux-2.6.38.2/arch/x86/pci/pcbios.c 2011-03-14 21:20:32.000000000 -0400
19422+++ linux-2.6.38.2/arch/x86/pci/pcbios.c 2011-03-21 18:31:35.000000000 -0400
19423@@ -79,50 +79,93 @@ union bios32 {
19424 static struct {
19425 unsigned long address;
19426 unsigned short segment;
19427-} bios32_indirect = { 0, __KERNEL_CS };
19428+} bios32_indirect __read_only = { 0, __PCIBIOS_CS };
19429
19430 /*
19431 * Returns the entry point for the given service, NULL on error
19432 */
19433
19434-static unsigned long bios32_service(unsigned long service)
19435+static unsigned long __devinit bios32_service(unsigned long service)
19436 {
19437 unsigned char return_code; /* %al */
19438 unsigned long address; /* %ebx */
19439 unsigned long length; /* %ecx */
19440 unsigned long entry; /* %edx */
19441 unsigned long flags;
19442+ struct desc_struct d, *gdt;
19443
19444 local_irq_save(flags);
19445- __asm__("lcall *(%%edi); cld"
19446+
19447+ gdt = get_cpu_gdt_table(smp_processor_id());
19448+
19449+ pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC);
19450+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
19451+ pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC);
19452+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
19453+
19454+ __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
19455 : "=a" (return_code),
19456 "=b" (address),
19457 "=c" (length),
19458 "=d" (entry)
19459 : "0" (service),
19460 "1" (0),
19461- "D" (&bios32_indirect));
19462+ "D" (&bios32_indirect),
19463+ "r"(__PCIBIOS_DS)
19464+ : "memory");
19465+
19466+ pax_open_kernel();
19467+ gdt[GDT_ENTRY_PCIBIOS_CS].a = 0;
19468+ gdt[GDT_ENTRY_PCIBIOS_CS].b = 0;
19469+ gdt[GDT_ENTRY_PCIBIOS_DS].a = 0;
19470+ gdt[GDT_ENTRY_PCIBIOS_DS].b = 0;
19471+ pax_close_kernel();
19472+
19473 local_irq_restore(flags);
19474
19475 switch (return_code) {
19476- case 0:
19477- return address + entry;
19478- case 0x80: /* Not present */
19479- printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
19480- return 0;
19481- default: /* Shouldn't happen */
19482- printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
19483- service, return_code);
19484+ case 0: {
19485+ int cpu;
19486+ unsigned char flags;
19487+
19488+ printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
19489+ if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) {
19490+ printk(KERN_WARNING "bios32_service: not valid\n");
19491 return 0;
19492+ }
19493+ address = address + PAGE_OFFSET;
19494+ length += 16UL; /* some BIOSs underreport this... */
19495+ flags = 4;
19496+ if (length >= 64*1024*1024) {
19497+ length >>= PAGE_SHIFT;
19498+ flags |= 8;
19499+ }
19500+
19501+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
19502+ gdt = get_cpu_gdt_table(cpu);
19503+ pack_descriptor(&d, address, length, 0x9b, flags);
19504+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
19505+ pack_descriptor(&d, address, length, 0x93, flags);
19506+ write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
19507+ }
19508+ return entry;
19509+ }
19510+ case 0x80: /* Not present */
19511+ printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
19512+ return 0;
19513+ default: /* Shouldn't happen */
19514+ printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
19515+ service, return_code);
19516+ return 0;
19517 }
19518 }
19519
19520 static struct {
19521 unsigned long address;
19522 unsigned short segment;
19523-} pci_indirect = { 0, __KERNEL_CS };
19524+} pci_indirect __read_only = { 0, __PCIBIOS_CS };
19525
19526-static int pci_bios_present;
19527+static int pci_bios_present __read_only;
19528
19529 static int __devinit check_pcibios(void)
19530 {
19531@@ -131,11 +174,13 @@ static int __devinit check_pcibios(void)
19532 unsigned long flags, pcibios_entry;
19533
19534 if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
19535- pci_indirect.address = pcibios_entry + PAGE_OFFSET;
19536+ pci_indirect.address = pcibios_entry;
19537
19538 local_irq_save(flags);
19539- __asm__(
19540- "lcall *(%%edi); cld\n\t"
19541+ __asm__("movw %w6, %%ds\n\t"
19542+ "lcall *%%ss:(%%edi); cld\n\t"
19543+ "push %%ss\n\t"
19544+ "pop %%ds\n\t"
19545 "jc 1f\n\t"
19546 "xor %%ah, %%ah\n"
19547 "1:"
19548@@ -144,7 +189,8 @@ static int __devinit check_pcibios(void)
19549 "=b" (ebx),
19550 "=c" (ecx)
19551 : "1" (PCIBIOS_PCI_BIOS_PRESENT),
19552- "D" (&pci_indirect)
19553+ "D" (&pci_indirect),
19554+ "r" (__PCIBIOS_DS)
19555 : "memory");
19556 local_irq_restore(flags);
19557
19558@@ -188,7 +234,10 @@ static int pci_bios_read(unsigned int se
19559
19560 switch (len) {
19561 case 1:
19562- __asm__("lcall *(%%esi); cld\n\t"
19563+ __asm__("movw %w6, %%ds\n\t"
19564+ "lcall *%%ss:(%%esi); cld\n\t"
19565+ "push %%ss\n\t"
19566+ "pop %%ds\n\t"
19567 "jc 1f\n\t"
19568 "xor %%ah, %%ah\n"
19569 "1:"
19570@@ -197,7 +246,8 @@ static int pci_bios_read(unsigned int se
19571 : "1" (PCIBIOS_READ_CONFIG_BYTE),
19572 "b" (bx),
19573 "D" ((long)reg),
19574- "S" (&pci_indirect));
19575+ "S" (&pci_indirect),
19576+ "r" (__PCIBIOS_DS));
19577 /*
19578 * Zero-extend the result beyond 8 bits, do not trust the
19579 * BIOS having done it:
19580@@ -205,7 +255,10 @@ static int pci_bios_read(unsigned int se
19581 *value &= 0xff;
19582 break;
19583 case 2:
19584- __asm__("lcall *(%%esi); cld\n\t"
19585+ __asm__("movw %w6, %%ds\n\t"
19586+ "lcall *%%ss:(%%esi); cld\n\t"
19587+ "push %%ss\n\t"
19588+ "pop %%ds\n\t"
19589 "jc 1f\n\t"
19590 "xor %%ah, %%ah\n"
19591 "1:"
19592@@ -214,7 +267,8 @@ static int pci_bios_read(unsigned int se
19593 : "1" (PCIBIOS_READ_CONFIG_WORD),
19594 "b" (bx),
19595 "D" ((long)reg),
19596- "S" (&pci_indirect));
19597+ "S" (&pci_indirect),
19598+ "r" (__PCIBIOS_DS));
19599 /*
19600 * Zero-extend the result beyond 16 bits, do not trust the
19601 * BIOS having done it:
19602@@ -222,7 +276,10 @@ static int pci_bios_read(unsigned int se
19603 *value &= 0xffff;
19604 break;
19605 case 4:
19606- __asm__("lcall *(%%esi); cld\n\t"
19607+ __asm__("movw %w6, %%ds\n\t"
19608+ "lcall *%%ss:(%%esi); cld\n\t"
19609+ "push %%ss\n\t"
19610+ "pop %%ds\n\t"
19611 "jc 1f\n\t"
19612 "xor %%ah, %%ah\n"
19613 "1:"
19614@@ -231,7 +288,8 @@ static int pci_bios_read(unsigned int se
19615 : "1" (PCIBIOS_READ_CONFIG_DWORD),
19616 "b" (bx),
19617 "D" ((long)reg),
19618- "S" (&pci_indirect));
19619+ "S" (&pci_indirect),
19620+ "r" (__PCIBIOS_DS));
19621 break;
19622 }
19623
19624@@ -254,7 +312,10 @@ static int pci_bios_write(unsigned int s
19625
19626 switch (len) {
19627 case 1:
19628- __asm__("lcall *(%%esi); cld\n\t"
19629+ __asm__("movw %w6, %%ds\n\t"
19630+ "lcall *%%ss:(%%esi); cld\n\t"
19631+ "push %%ss\n\t"
19632+ "pop %%ds\n\t"
19633 "jc 1f\n\t"
19634 "xor %%ah, %%ah\n"
19635 "1:"
19636@@ -263,10 +324,14 @@ static int pci_bios_write(unsigned int s
19637 "c" (value),
19638 "b" (bx),
19639 "D" ((long)reg),
19640- "S" (&pci_indirect));
19641+ "S" (&pci_indirect),
19642+ "r" (__PCIBIOS_DS));
19643 break;
19644 case 2:
19645- __asm__("lcall *(%%esi); cld\n\t"
19646+ __asm__("movw %w6, %%ds\n\t"
19647+ "lcall *%%ss:(%%esi); cld\n\t"
19648+ "push %%ss\n\t"
19649+ "pop %%ds\n\t"
19650 "jc 1f\n\t"
19651 "xor %%ah, %%ah\n"
19652 "1:"
19653@@ -275,10 +340,14 @@ static int pci_bios_write(unsigned int s
19654 "c" (value),
19655 "b" (bx),
19656 "D" ((long)reg),
19657- "S" (&pci_indirect));
19658+ "S" (&pci_indirect),
19659+ "r" (__PCIBIOS_DS));
19660 break;
19661 case 4:
19662- __asm__("lcall *(%%esi); cld\n\t"
19663+ __asm__("movw %w6, %%ds\n\t"
19664+ "lcall *%%ss:(%%esi); cld\n\t"
19665+ "push %%ss\n\t"
19666+ "pop %%ds\n\t"
19667 "jc 1f\n\t"
19668 "xor %%ah, %%ah\n"
19669 "1:"
19670@@ -287,7 +356,8 @@ static int pci_bios_write(unsigned int s
19671 "c" (value),
19672 "b" (bx),
19673 "D" ((long)reg),
19674- "S" (&pci_indirect));
19675+ "S" (&pci_indirect),
19676+ "r" (__PCIBIOS_DS));
19677 break;
19678 }
19679
19680@@ -301,7 +371,7 @@ static int pci_bios_write(unsigned int s
19681 * Function table for BIOS32 access
19682 */
19683
19684-static struct pci_raw_ops pci_bios_access = {
19685+static const struct pci_raw_ops pci_bios_access = {
19686 .read = pci_bios_read,
19687 .write = pci_bios_write
19688 };
19689@@ -310,7 +380,7 @@ static struct pci_raw_ops pci_bios_acces
19690 * Try to find PCI BIOS.
19691 */
19692
19693-static struct pci_raw_ops * __devinit pci_find_bios(void)
19694+static const struct pci_raw_ops * __devinit pci_find_bios(void)
19695 {
19696 union bios32 *check;
19697 unsigned char sum;
19698@@ -392,10 +462,13 @@ struct irq_routing_table * pcibios_get_i
19699
19700 DBG("PCI: Fetching IRQ routing table... ");
19701 __asm__("push %%es\n\t"
19702+ "movw %w8, %%ds\n\t"
19703 "push %%ds\n\t"
19704 "pop %%es\n\t"
19705- "lcall *(%%esi); cld\n\t"
19706+ "lcall *%%ss:(%%esi); cld\n\t"
19707 "pop %%es\n\t"
19708+ "push %%ss\n\t"
19709+ "pop %%ds\n"
19710 "jc 1f\n\t"
19711 "xor %%ah, %%ah\n"
19712 "1:"
19713@@ -406,7 +479,8 @@ struct irq_routing_table * pcibios_get_i
19714 "1" (0),
19715 "D" ((long) &opt),
19716 "S" (&pci_indirect),
19717- "m" (opt)
19718+ "m" (opt),
19719+ "r" (__PCIBIOS_DS)
19720 : "memory");
19721 DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map);
19722 if (ret & 0xff00)
19723@@ -430,7 +504,10 @@ int pcibios_set_irq_routing(struct pci_d
19724 {
19725 int ret;
19726
19727- __asm__("lcall *(%%esi); cld\n\t"
19728+ __asm__("movw %w5, %%ds\n\t"
19729+ "lcall *%%ss:(%%esi); cld\n\t"
19730+ "push %%ss\n\t"
19731+ "pop %%ds\n"
19732 "jc 1f\n\t"
19733 "xor %%ah, %%ah\n"
19734 "1:"
19735@@ -438,7 +515,8 @@ int pcibios_set_irq_routing(struct pci_d
19736 : "0" (PCIBIOS_SET_PCI_HW_INT),
19737 "b" ((dev->bus->number << 8) | dev->devfn),
19738 "c" ((irq << 8) | (pin + 10)),
19739- "S" (&pci_indirect));
19740+ "S" (&pci_indirect),
19741+ "r" (__PCIBIOS_DS));
19742 return !(ret & 0xff00);
19743 }
19744 EXPORT_SYMBOL(pcibios_set_irq_routing);
19745diff -urNp linux-2.6.38.2/arch/x86/platform/efi/efi_32.c linux-2.6.38.2/arch/x86/platform/efi/efi_32.c
19746--- linux-2.6.38.2/arch/x86/platform/efi/efi_32.c 2011-03-14 21:20:32.000000000 -0400
19747+++ linux-2.6.38.2/arch/x86/platform/efi/efi_32.c 2011-03-21 18:31:35.000000000 -0400
19748@@ -38,70 +38,37 @@
19749 */
19750
19751 static unsigned long efi_rt_eflags;
19752-static pgd_t efi_bak_pg_dir_pointer[2];
19753+static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS];
19754
19755-void efi_call_phys_prelog(void)
19756+void __init efi_call_phys_prelog(void)
19757 {
19758- unsigned long cr4;
19759- unsigned long temp;
19760 struct desc_ptr gdt_descr;
19761
19762 local_irq_save(efi_rt_eflags);
19763
19764- /*
19765- * If I don't have PAE, I should just duplicate two entries in page
19766- * directory. If I have PAE, I just need to duplicate one entry in
19767- * page directory.
19768- */
19769- cr4 = read_cr4_safe();
19770-
19771- if (cr4 & X86_CR4_PAE) {
19772- efi_bak_pg_dir_pointer[0].pgd =
19773- swapper_pg_dir[pgd_index(0)].pgd;
19774- swapper_pg_dir[0].pgd =
19775- swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
19776- } else {
19777- efi_bak_pg_dir_pointer[0].pgd =
19778- swapper_pg_dir[pgd_index(0)].pgd;
19779- efi_bak_pg_dir_pointer[1].pgd =
19780- swapper_pg_dir[pgd_index(0x400000)].pgd;
19781- swapper_pg_dir[pgd_index(0)].pgd =
19782- swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
19783- temp = PAGE_OFFSET + 0x400000;
19784- swapper_pg_dir[pgd_index(0x400000)].pgd =
19785- swapper_pg_dir[pgd_index(temp)].pgd;
19786- }
19787+ clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS);
19788+ clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
19789+ min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
19790
19791 /*
19792 * After the lock is released, the original page table is restored.
19793 */
19794 __flush_tlb_all();
19795
19796- gdt_descr.address = __pa(get_cpu_gdt_table(0));
19797+ gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
19798 gdt_descr.size = GDT_SIZE - 1;
19799 load_gdt(&gdt_descr);
19800 }
19801
19802-void efi_call_phys_epilog(void)
19803+void __init efi_call_phys_epilog(void)
19804 {
19805- unsigned long cr4;
19806 struct desc_ptr gdt_descr;
19807
19808- gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
19809+ gdt_descr.address = get_cpu_gdt_table(0);
19810 gdt_descr.size = GDT_SIZE - 1;
19811 load_gdt(&gdt_descr);
19812
19813- cr4 = read_cr4_safe();
19814-
19815- if (cr4 & X86_CR4_PAE) {
19816- swapper_pg_dir[pgd_index(0)].pgd =
19817- efi_bak_pg_dir_pointer[0].pgd;
19818- } else {
19819- swapper_pg_dir[pgd_index(0)].pgd =
19820- efi_bak_pg_dir_pointer[0].pgd;
19821- swapper_pg_dir[pgd_index(0x400000)].pgd =
19822- efi_bak_pg_dir_pointer[1].pgd;
19823- }
19824+ clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS);
19825
19826 /*
19827 * After the lock is released, the original page table is restored.
19828diff -urNp linux-2.6.38.2/arch/x86/platform/efi/efi_stub_32.S linux-2.6.38.2/arch/x86/platform/efi/efi_stub_32.S
19829--- linux-2.6.38.2/arch/x86/platform/efi/efi_stub_32.S 2011-03-14 21:20:32.000000000 -0400
19830+++ linux-2.6.38.2/arch/x86/platform/efi/efi_stub_32.S 2011-03-21 18:31:35.000000000 -0400
19831@@ -6,6 +6,7 @@
19832 */
19833
19834 #include <linux/linkage.h>
19835+#include <linux/init.h>
19836 #include <asm/page_types.h>
19837
19838 /*
19839@@ -20,7 +21,7 @@
19840 * service functions will comply with gcc calling convention, too.
19841 */
19842
19843-.text
19844+__INIT
19845 ENTRY(efi_call_phys)
19846 /*
19847 * 0. The function can only be called in Linux kernel. So CS has been
19848@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
19849 * The mapping of lower virtual memory has been created in prelog and
19850 * epilog.
19851 */
19852- movl $1f, %edx
19853- subl $__PAGE_OFFSET, %edx
19854- jmp *%edx
19855+ jmp 1f-__PAGE_OFFSET
19856 1:
19857
19858 /*
19859@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
19860 * parameter 2, ..., param n. To make things easy, we save the return
19861 * address of efi_call_phys in a global variable.
19862 */
19863- popl %edx
19864- movl %edx, saved_return_addr
19865- /* get the function pointer into ECX*/
19866- popl %ecx
19867- movl %ecx, efi_rt_function_ptr
19868- movl $2f, %edx
19869- subl $__PAGE_OFFSET, %edx
19870- pushl %edx
19871+ popl (saved_return_addr)
19872+ popl (efi_rt_function_ptr)
19873
19874 /*
19875 * 3. Clear PG bit in %CR0.
19876@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
19877 /*
19878 * 5. Call the physical function.
19879 */
19880- jmp *%ecx
19881+ call *(efi_rt_function_ptr-__PAGE_OFFSET)
19882
19883-2:
19884 /*
19885 * 6. After EFI runtime service returns, control will return to
19886 * following instruction. We'd better readjust stack pointer first.
19887@@ -88,35 +80,28 @@ ENTRY(efi_call_phys)
19888 movl %cr0, %edx
19889 orl $0x80000000, %edx
19890 movl %edx, %cr0
19891- jmp 1f
19892-1:
19893+
19894 /*
19895 * 8. Now restore the virtual mode from flat mode by
19896 * adding EIP with PAGE_OFFSET.
19897 */
19898- movl $1f, %edx
19899- jmp *%edx
19900+ jmp 1f+__PAGE_OFFSET
19901 1:
19902
19903 /*
19904 * 9. Balance the stack. And because EAX contain the return value,
19905 * we'd better not clobber it.
19906 */
19907- leal efi_rt_function_ptr, %edx
19908- movl (%edx), %ecx
19909- pushl %ecx
19910+ pushl (efi_rt_function_ptr)
19911
19912 /*
19913- * 10. Push the saved return address onto the stack and return.
19914+ * 10. Return to the saved return address.
19915 */
19916- leal saved_return_addr, %edx
19917- movl (%edx), %ecx
19918- pushl %ecx
19919- ret
19920+ jmpl *(saved_return_addr)
19921 ENDPROC(efi_call_phys)
19922 .previous
19923
19924-.data
19925+__INITDATA
19926 saved_return_addr:
19927 .long 0
19928 efi_rt_function_ptr:
19929diff -urNp linux-2.6.38.2/arch/x86/power/cpu.c linux-2.6.38.2/arch/x86/power/cpu.c
19930--- linux-2.6.38.2/arch/x86/power/cpu.c 2011-03-14 21:20:32.000000000 -0400
19931+++ linux-2.6.38.2/arch/x86/power/cpu.c 2011-03-21 18:31:35.000000000 -0400
19932@@ -130,7 +130,7 @@ static void do_fpu_end(void)
19933 static void fix_processor_context(void)
19934 {
19935 int cpu = smp_processor_id();
19936- struct tss_struct *t = &per_cpu(init_tss, cpu);
19937+ struct tss_struct *t = init_tss + cpu;
19938
19939 set_tss_desc(cpu, t); /*
19940 * This just modifies memory; should not be
19941@@ -140,7 +140,9 @@ static void fix_processor_context(void)
19942 */
19943
19944 #ifdef CONFIG_X86_64
19945+ pax_open_kernel();
19946 get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
19947+ pax_close_kernel();
19948
19949 syscall_init(); /* This sets MSR_*STAR and related */
19950 #endif
19951diff -urNp linux-2.6.38.2/arch/x86/vdso/Makefile linux-2.6.38.2/arch/x86/vdso/Makefile
19952--- linux-2.6.38.2/arch/x86/vdso/Makefile 2011-03-14 21:20:32.000000000 -0400
19953+++ linux-2.6.38.2/arch/x86/vdso/Makefile 2011-03-21 18:31:35.000000000 -0400
19954@@ -123,7 +123,7 @@ quiet_cmd_vdso = VDSO $@
19955 -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
19956 sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
19957
19958-VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
19959+VDSO_LDFLAGS = -fPIC -shared --no-undefined $(call cc-ldoption, -Wl$(comma)--hash-style=sysv)
19960 GCOV_PROFILE := n
19961
19962 #
19963diff -urNp linux-2.6.38.2/arch/x86/vdso/vclock_gettime.c linux-2.6.38.2/arch/x86/vdso/vclock_gettime.c
19964--- linux-2.6.38.2/arch/x86/vdso/vclock_gettime.c 2011-03-14 21:20:32.000000000 -0400
19965+++ linux-2.6.38.2/arch/x86/vdso/vclock_gettime.c 2011-03-21 18:31:35.000000000 -0400
19966@@ -22,24 +22,48 @@
19967 #include <asm/hpet.h>
19968 #include <asm/unistd.h>
19969 #include <asm/io.h>
19970+#include <asm/fixmap.h>
19971 #include "vextern.h"
19972
19973 #define gtod vdso_vsyscall_gtod_data
19974
19975+notrace noinline long __vdso_fallback_time(long *t)
19976+{
19977+ long secs;
19978+ asm volatile("syscall"
19979+ : "=a" (secs)
19980+ : "0" (__NR_time),"D" (t) : "r11", "cx", "memory");
19981+ return secs;
19982+}
19983+
19984 notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
19985 {
19986 long ret;
19987 asm("syscall" : "=a" (ret) :
19988- "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory");
19989+ "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "r11", "cx", "memory");
19990 return ret;
19991 }
19992
19993+notrace static inline cycle_t __vdso_vread_hpet(void)
19994+{
19995+ return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + 0xf0);
19996+}
19997+
19998+notrace static inline cycle_t __vdso_vread_tsc(void)
19999+{
20000+ cycle_t ret = (cycle_t)vget_cycles();
20001+
20002+ return ret >= gtod->clock.cycle_last ? ret : gtod->clock.cycle_last;
20003+}
20004+
20005 notrace static inline long vgetns(void)
20006 {
20007 long v;
20008- cycles_t (*vread)(void);
20009- vread = gtod->clock.vread;
20010- v = (vread() - gtod->clock.cycle_last) & gtod->clock.mask;
20011+ if (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])
20012+ v = __vdso_vread_tsc();
20013+ else
20014+ v = __vdso_vread_hpet();
20015+ v = (v - gtod->clock.cycle_last) & gtod->clock.mask;
20016 return (v * gtod->clock.mult) >> gtod->clock.shift;
20017 }
20018
20019@@ -113,7 +137,9 @@ notrace static noinline int do_monotonic
20020
20021 notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
20022 {
20023- if (likely(gtod->sysctl_enabled))
20024+ if (likely(gtod->sysctl_enabled &&
20025+ ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
20026+ (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
20027 switch (clock) {
20028 case CLOCK_REALTIME:
20029 if (likely(gtod->clock.vread))
20030@@ -133,10 +159,20 @@ notrace int __vdso_clock_gettime(clockid
20031 int clock_gettime(clockid_t, struct timespec *)
20032 __attribute__((weak, alias("__vdso_clock_gettime")));
20033
20034-notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
20035+notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz)
20036 {
20037 long ret;
20038- if (likely(gtod->sysctl_enabled && gtod->clock.vread)) {
20039+ asm("syscall" : "=a" (ret) :
20040+ "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory");
20041+ return ret;
20042+}
20043+
20044+notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
20045+{
20046+ if (likely(gtod->sysctl_enabled &&
20047+ ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
20048+ (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
20049+ {
20050 if (likely(tv != NULL)) {
20051 BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
20052 offsetof(struct timespec, tv_nsec) ||
20053@@ -151,9 +187,7 @@ notrace int __vdso_gettimeofday(struct t
20054 }
20055 return 0;
20056 }
20057- asm("syscall" : "=a" (ret) :
20058- "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
20059- return ret;
20060+ return __vdso_fallback_gettimeofday(tv, tz);
20061 }
20062 int gettimeofday(struct timeval *, struct timezone *)
20063 __attribute__((weak, alias("__vdso_gettimeofday")));
20064diff -urNp linux-2.6.38.2/arch/x86/vdso/vdso32-setup.c linux-2.6.38.2/arch/x86/vdso/vdso32-setup.c
20065--- linux-2.6.38.2/arch/x86/vdso/vdso32-setup.c 2011-03-14 21:20:32.000000000 -0400
20066+++ linux-2.6.38.2/arch/x86/vdso/vdso32-setup.c 2011-03-21 18:31:35.000000000 -0400
20067@@ -25,6 +25,7 @@
20068 #include <asm/tlbflush.h>
20069 #include <asm/vdso.h>
20070 #include <asm/proto.h>
20071+#include <asm/mman.h>
20072
20073 enum {
20074 VDSO_DISABLED = 0,
20075@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int m
20076 void enable_sep_cpu(void)
20077 {
20078 int cpu = get_cpu();
20079- struct tss_struct *tss = &per_cpu(init_tss, cpu);
20080+ struct tss_struct *tss = init_tss + cpu;
20081
20082 if (!boot_cpu_has(X86_FEATURE_SEP)) {
20083 put_cpu();
20084@@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
20085 gate_vma.vm_start = FIXADDR_USER_START;
20086 gate_vma.vm_end = FIXADDR_USER_END;
20087 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
20088- gate_vma.vm_page_prot = __P101;
20089+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
20090 /*
20091 * Make sure the vDSO gets into every core dump.
20092 * Dumping its contents makes post-mortem fully interpretable later
20093@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct l
20094 if (compat)
20095 addr = VDSO_HIGH_BASE;
20096 else {
20097- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
20098+ addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE);
20099 if (IS_ERR_VALUE(addr)) {
20100 ret = addr;
20101 goto up_fail;
20102 }
20103 }
20104
20105- current->mm->context.vdso = (void *)addr;
20106+ current->mm->context.vdso = addr;
20107
20108 if (compat_uses_vma || !compat) {
20109 /*
20110@@ -361,11 +362,11 @@ int arch_setup_additional_pages(struct l
20111 }
20112
20113 current_thread_info()->sysenter_return =
20114- VDSO32_SYMBOL(addr, SYSENTER_RETURN);
20115+ (__force void __user *)VDSO32_SYMBOL(addr, SYSENTER_RETURN);
20116
20117 up_fail:
20118 if (ret)
20119- current->mm->context.vdso = NULL;
20120+ current->mm->context.vdso = 0;
20121
20122 up_write(&mm->mmap_sem);
20123
20124@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init);
20125
20126 const char *arch_vma_name(struct vm_area_struct *vma)
20127 {
20128- if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
20129+ if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
20130 return "[vdso]";
20131+
20132+#ifdef CONFIG_PAX_SEGMEXEC
20133+ if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
20134+ return "[vdso]";
20135+#endif
20136+
20137 return NULL;
20138 }
20139
20140@@ -422,7 +429,7 @@ struct vm_area_struct *get_gate_vma(stru
20141 struct mm_struct *mm = tsk->mm;
20142
20143 /* Check to see if this task was created in compat vdso mode */
20144- if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE)
20145+ if (mm && mm->context.vdso == VDSO_HIGH_BASE)
20146 return &gate_vma;
20147 return NULL;
20148 }
20149diff -urNp linux-2.6.38.2/arch/x86/vdso/vdso.lds.S linux-2.6.38.2/arch/x86/vdso/vdso.lds.S
20150--- linux-2.6.38.2/arch/x86/vdso/vdso.lds.S 2011-03-14 21:20:32.000000000 -0400
20151+++ linux-2.6.38.2/arch/x86/vdso/vdso.lds.S 2011-03-21 18:31:35.000000000 -0400
20152@@ -35,3 +35,9 @@ VDSO64_PRELINK = VDSO_PRELINK;
20153 #define VEXTERN(x) VDSO64_ ## x = vdso_ ## x;
20154 #include "vextern.h"
20155 #undef VEXTERN
20156+
20157+#define VEXTERN(x) VDSO64_ ## x = __vdso_ ## x;
20158+VEXTERN(fallback_gettimeofday)
20159+VEXTERN(fallback_time)
20160+VEXTERN(getcpu)
20161+#undef VEXTERN
20162diff -urNp linux-2.6.38.2/arch/x86/vdso/vextern.h linux-2.6.38.2/arch/x86/vdso/vextern.h
20163--- linux-2.6.38.2/arch/x86/vdso/vextern.h 2011-03-14 21:20:32.000000000 -0400
20164+++ linux-2.6.38.2/arch/x86/vdso/vextern.h 2011-03-21 18:31:35.000000000 -0400
20165@@ -11,6 +11,5 @@
20166 put into vextern.h and be referenced as a pointer with vdso prefix.
20167 The main kernel later fills in the values. */
20168
20169-VEXTERN(jiffies)
20170 VEXTERN(vgetcpu_mode)
20171 VEXTERN(vsyscall_gtod_data)
20172diff -urNp linux-2.6.38.2/arch/x86/vdso/vma.c linux-2.6.38.2/arch/x86/vdso/vma.c
20173--- linux-2.6.38.2/arch/x86/vdso/vma.c 2011-03-14 21:20:32.000000000 -0400
20174+++ linux-2.6.38.2/arch/x86/vdso/vma.c 2011-03-21 18:31:35.000000000 -0400
20175@@ -58,7 +58,7 @@ static int __init init_vdso_vars(void)
20176 if (!vbase)
20177 goto oom;
20178
20179- if (memcmp(vbase, "\177ELF", 4)) {
20180+ if (memcmp(vbase, ELFMAG, SELFMAG)) {
20181 printk("VDSO: I'm broken; not ELF\n");
20182 vdso_enabled = 0;
20183 }
20184@@ -118,7 +118,7 @@ int arch_setup_additional_pages(struct l
20185 goto up_fail;
20186 }
20187
20188- current->mm->context.vdso = (void *)addr;
20189+ current->mm->context.vdso = addr;
20190
20191 ret = install_special_mapping(mm, addr, vdso_size,
20192 VM_READ|VM_EXEC|
20193@@ -126,7 +126,7 @@ int arch_setup_additional_pages(struct l
20194 VM_ALWAYSDUMP,
20195 vdso_pages);
20196 if (ret) {
20197- current->mm->context.vdso = NULL;
20198+ current->mm->context.vdso = 0;
20199 goto up_fail;
20200 }
20201
20202@@ -134,10 +134,3 @@ up_fail:
20203 up_write(&mm->mmap_sem);
20204 return ret;
20205 }
20206-
20207-static __init int vdso_setup(char *s)
20208-{
20209- vdso_enabled = simple_strtoul(s, NULL, 0);
20210- return 0;
20211-}
20212-__setup("vdso=", vdso_setup);
20213diff -urNp linux-2.6.38.2/arch/x86/xen/enlighten.c linux-2.6.38.2/arch/x86/xen/enlighten.c
20214--- linux-2.6.38.2/arch/x86/xen/enlighten.c 2011-03-14 21:20:32.000000000 -0400
20215+++ linux-2.6.38.2/arch/x86/xen/enlighten.c 2011-03-21 18:31:35.000000000 -0400
20216@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
20217
20218 struct shared_info xen_dummy_shared_info;
20219
20220-void *xen_initial_gdt;
20221-
20222 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
20223 __read_mostly int xen_have_vector_callback;
20224 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
20225@@ -1134,7 +1132,17 @@ asmlinkage void __init xen_start_kernel(
20226 __userpte_alloc_gfp &= ~__GFP_HIGHMEM;
20227
20228 /* Work out if we support NX */
20229- x86_configure_nx();
20230+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
20231+ if ((cpuid_eax(0x80000000) & 0xffff0000) == 0x80000000 &&
20232+ (cpuid_edx(0x80000001) & (1U << (X86_FEATURE_NX & 31)))) {
20233+ unsigned l, h;
20234+
20235+ __supported_pte_mask |= _PAGE_NX;
20236+ rdmsr(MSR_EFER, l, h);
20237+ l |= EFER_NX;
20238+ wrmsr(MSR_EFER, l, h);
20239+ }
20240+#endif
20241
20242 xen_setup_features();
20243
20244@@ -1165,13 +1173,6 @@ asmlinkage void __init xen_start_kernel(
20245
20246 machine_ops = xen_machine_ops;
20247
20248- /*
20249- * The only reliable way to retain the initial address of the
20250- * percpu gdt_page is to remember it here, so we can go and
20251- * mark it RW later, when the initial percpu area is freed.
20252- */
20253- xen_initial_gdt = &per_cpu(gdt_page, 0);
20254-
20255 xen_smp_init();
20256
20257 #ifdef CONFIG_ACPI_NUMA
20258diff -urNp linux-2.6.38.2/arch/x86/xen/mmu.c linux-2.6.38.2/arch/x86/xen/mmu.c
20259--- linux-2.6.38.2/arch/x86/xen/mmu.c 2011-03-28 17:42:40.000000000 -0400
20260+++ linux-2.6.38.2/arch/x86/xen/mmu.c 2011-03-28 17:42:53.000000000 -0400
20261@@ -1721,6 +1721,8 @@ __init pgd_t *xen_setup_kernel_pagetable
20262 convert_pfn_mfn(init_level4_pgt);
20263 convert_pfn_mfn(level3_ident_pgt);
20264 convert_pfn_mfn(level3_kernel_pgt);
20265+ convert_pfn_mfn(level3_vmalloc_pgt);
20266+ convert_pfn_mfn(level3_vmemmap_pgt);
20267
20268 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
20269 l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
20270@@ -1739,7 +1741,10 @@ __init pgd_t *xen_setup_kernel_pagetable
20271 set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
20272 set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
20273 set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
20274+ set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO);
20275+ set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
20276 set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
20277+ set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
20278 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
20279 set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
20280
20281diff -urNp linux-2.6.38.2/arch/x86/xen/pci-swiotlb-xen.c linux-2.6.38.2/arch/x86/xen/pci-swiotlb-xen.c
20282--- linux-2.6.38.2/arch/x86/xen/pci-swiotlb-xen.c 2011-03-14 21:20:32.000000000 -0400
20283+++ linux-2.6.38.2/arch/x86/xen/pci-swiotlb-xen.c 2011-03-21 18:31:35.000000000 -0400
20284@@ -10,7 +10,7 @@
20285
20286 int xen_swiotlb __read_mostly;
20287
20288-static struct dma_map_ops xen_swiotlb_dma_ops = {
20289+static const struct dma_map_ops xen_swiotlb_dma_ops = {
20290 .mapping_error = xen_swiotlb_dma_mapping_error,
20291 .alloc_coherent = xen_swiotlb_alloc_coherent,
20292 .free_coherent = xen_swiotlb_free_coherent,
20293diff -urNp linux-2.6.38.2/arch/x86/xen/smp.c linux-2.6.38.2/arch/x86/xen/smp.c
20294--- linux-2.6.38.2/arch/x86/xen/smp.c 2011-03-14 21:20:32.000000000 -0400
20295+++ linux-2.6.38.2/arch/x86/xen/smp.c 2011-03-21 18:31:35.000000000 -0400
20296@@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_
20297 {
20298 BUG_ON(smp_processor_id() != 0);
20299 native_smp_prepare_boot_cpu();
20300-
20301- /* We've switched to the "real" per-cpu gdt, so make sure the
20302- old memory can be recycled */
20303- make_lowmem_page_readwrite(xen_initial_gdt);
20304-
20305 xen_filter_cpu_maps();
20306 xen_setup_vcpu_info_placement();
20307 }
20308@@ -259,12 +254,12 @@ cpu_initialize_context(unsigned int cpu,
20309 gdt = get_cpu_gdt_table(cpu);
20310
20311 ctxt->flags = VGCF_IN_KERNEL;
20312- ctxt->user_regs.ds = __USER_DS;
20313- ctxt->user_regs.es = __USER_DS;
20314+ ctxt->user_regs.ds = __KERNEL_DS;
20315+ ctxt->user_regs.es = __KERNEL_DS;
20316 ctxt->user_regs.ss = __KERNEL_DS;
20317 #ifdef CONFIG_X86_32
20318 ctxt->user_regs.fs = __KERNEL_PERCPU;
20319- ctxt->user_regs.gs = __KERNEL_STACK_CANARY;
20320+ savesegment(gs, ctxt->user_regs.gs);
20321 #else
20322 ctxt->gs_base_kernel = per_cpu_offset(cpu);
20323 #endif
20324diff -urNp linux-2.6.38.2/arch/x86/xen/xen-head.S linux-2.6.38.2/arch/x86/xen/xen-head.S
20325--- linux-2.6.38.2/arch/x86/xen/xen-head.S 2011-03-14 21:20:32.000000000 -0400
20326+++ linux-2.6.38.2/arch/x86/xen/xen-head.S 2011-03-21 18:31:35.000000000 -0400
20327@@ -19,6 +19,17 @@ ENTRY(startup_xen)
20328 #ifdef CONFIG_X86_32
20329 mov %esi,xen_start_info
20330 mov $init_thread_union+THREAD_SIZE,%esp
20331+#ifdef CONFIG_SMP
20332+ movl $cpu_gdt_table,%edi
20333+ movl $__per_cpu_load,%eax
20334+ movw %ax,__KERNEL_PERCPU + 2(%edi)
20335+ rorl $16,%eax
20336+ movb %al,__KERNEL_PERCPU + 4(%edi)
20337+ movb %ah,__KERNEL_PERCPU + 7(%edi)
20338+ movl $__per_cpu_end - 1,%eax
20339+ subl $__per_cpu_start,%eax
20340+ movw %ax,__KERNEL_PERCPU + 0(%edi)
20341+#endif
20342 #else
20343 mov %rsi,xen_start_info
20344 mov $init_thread_union+THREAD_SIZE,%rsp
20345diff -urNp linux-2.6.38.2/arch/x86/xen/xen-ops.h linux-2.6.38.2/arch/x86/xen/xen-ops.h
20346--- linux-2.6.38.2/arch/x86/xen/xen-ops.h 2011-03-14 21:20:32.000000000 -0400
20347+++ linux-2.6.38.2/arch/x86/xen/xen-ops.h 2011-03-21 18:31:35.000000000 -0400
20348@@ -10,8 +10,6 @@
20349 extern const char xen_hypervisor_callback[];
20350 extern const char xen_failsafe_callback[];
20351
20352-extern void *xen_initial_gdt;
20353-
20354 struct trap_info;
20355 void xen_copy_trap_info(struct trap_info *traps);
20356
20357diff -urNp linux-2.6.38.2/block/blk-iopoll.c linux-2.6.38.2/block/blk-iopoll.c
20358--- linux-2.6.38.2/block/blk-iopoll.c 2011-03-14 21:20:32.000000000 -0400
20359+++ linux-2.6.38.2/block/blk-iopoll.c 2011-03-21 18:31:35.000000000 -0400
20360@@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopo
20361 }
20362 EXPORT_SYMBOL(blk_iopoll_complete);
20363
20364-static void blk_iopoll_softirq(struct softirq_action *h)
20365+static void blk_iopoll_softirq(void)
20366 {
20367 struct list_head *list = &__get_cpu_var(blk_cpu_iopoll);
20368 int rearm = 0, budget = blk_iopoll_budget;
20369diff -urNp linux-2.6.38.2/block/blk-map.c linux-2.6.38.2/block/blk-map.c
20370--- linux-2.6.38.2/block/blk-map.c 2011-03-14 21:20:32.000000000 -0400
20371+++ linux-2.6.38.2/block/blk-map.c 2011-03-21 18:31:35.000000000 -0400
20372@@ -301,7 +301,7 @@ int blk_rq_map_kern(struct request_queue
20373 if (!len || !kbuf)
20374 return -EINVAL;
20375
20376- do_copy = !blk_rq_aligned(q, addr, len) || object_is_on_stack(kbuf);
20377+ do_copy = !blk_rq_aligned(q, addr, len) || object_starts_on_stack(kbuf);
20378 if (do_copy)
20379 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
20380 else
20381diff -urNp linux-2.6.38.2/block/blk-softirq.c linux-2.6.38.2/block/blk-softirq.c
20382--- linux-2.6.38.2/block/blk-softirq.c 2011-03-14 21:20:32.000000000 -0400
20383+++ linux-2.6.38.2/block/blk-softirq.c 2011-03-21 18:31:35.000000000 -0400
20384@@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head,
20385 * Softirq action handler - move entries to local list and loop over them
20386 * while passing them to the queue registered handler.
20387 */
20388-static void blk_done_softirq(struct softirq_action *h)
20389+static void blk_done_softirq(void)
20390 {
20391 struct list_head *cpu_list, local_list;
20392
20393diff -urNp linux-2.6.38.2/crypto/lrw.c linux-2.6.38.2/crypto/lrw.c
20394--- linux-2.6.38.2/crypto/lrw.c 2011-03-14 21:20:32.000000000 -0400
20395+++ linux-2.6.38.2/crypto/lrw.c 2011-03-21 18:31:35.000000000 -0400
20396@@ -60,7 +60,7 @@ static int setkey(struct crypto_tfm *par
20397 struct priv *ctx = crypto_tfm_ctx(parent);
20398 struct crypto_cipher *child = ctx->child;
20399 int err, i;
20400- be128 tmp = { 0 };
20401+ be128 tmp = { 0, 0 };
20402 int bsize = crypto_cipher_blocksize(child);
20403
20404 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
20405diff -urNp linux-2.6.38.2/Documentation/dontdiff linux-2.6.38.2/Documentation/dontdiff
20406--- linux-2.6.38.2/Documentation/dontdiff 2011-03-14 21:20:32.000000000 -0400
20407+++ linux-2.6.38.2/Documentation/dontdiff 2011-03-21 18:31:35.000000000 -0400
20408@@ -3,6 +3,7 @@
20409 *.bin
20410 *.cpio
20411 *.csp
20412+*.dbg
20413 *.dsp
20414 *.dvi
20415 *.elf
20416@@ -38,8 +39,10 @@
20417 *.tab.h
20418 *.tex
20419 *.ver
20420+*.vim
20421 *.xml
20422 *_MODULES
20423+*_reg_safe.h
20424 *_vga16.c
20425 *~
20426 *.9
20427@@ -49,11 +52,16 @@
20428 53c700_d.h
20429 CVS
20430 ChangeSet
20431+GPATH
20432+GRTAGS
20433+GSYMS
20434+GTAGS
20435 Image
20436 Kerntypes
20437 Module.markers
20438 Module.symvers
20439 PENDING
20440+PERF*
20441 SCCS
20442 System.map*
20443 TAGS
20444@@ -82,6 +90,8 @@ bvmlinux
20445 bzImage*
20446 capflags.c
20447 classlist.h*
20448+clut_vga16.c
20449+common-cmds.h
20450 comp*.log
20451 compile.h*
20452 conf
20453@@ -106,16 +116,19 @@ fore200e_mkfirm
20454 fore200e_pca_fw.c*
20455 gconf
20456 gen-devlist
20457+gen-kdb_cmds.c
20458 gen_crc32table
20459 gen_init_cpio
20460 generated
20461 genheaders
20462 genksyms
20463 *_gray256.c
20464+hash
20465 ihex2fw
20466 ikconfig.h*
20467 inat-tables.c
20468 initramfs_data.cpio
20469+initramfs_data.cpio.bz2
20470 initramfs_data.cpio.gz
20471 initramfs_list
20472 int16.c
20473@@ -125,7 +138,6 @@ int32.c
20474 int4.c
20475 int8.c
20476 kallsyms
20477-kconfig
20478 keywords.c
20479 ksym.c*
20480 ksym.h*
20481@@ -149,7 +161,9 @@ mkboot
20482 mkbugboot
20483 mkcpustr
20484 mkdep
20485+mkpiggy
20486 mkprep
20487+mkregtable
20488 mktables
20489 mktree
20490 modpost
20491@@ -165,6 +179,7 @@ parse.h
20492 patches*
20493 pca200e.bin
20494 pca200e_ecd.bin2
20495+perf-archive
20496 piggy.gz
20497 piggyback
20498 piggy.S
20499@@ -180,6 +195,7 @@ r600_reg_safe.h
20500 raid6altivec*.c
20501 raid6int*.c
20502 raid6tables.c
20503+regdb.c
20504 relocs
20505 rn50_reg_safe.h
20506 rs600_reg_safe.h
20507@@ -189,6 +205,7 @@ setup
20508 setup.bin
20509 setup.elf
20510 sImage
20511+slabinfo
20512 sm_tbl*
20513 split-include
20514 syscalltab.h
20515@@ -213,13 +230,17 @@ version.h*
20516 vmlinux
20517 vmlinux-*
20518 vmlinux.aout
20519+vmlinux.bin.all
20520+vmlinux.bin.bz2
20521 vmlinux.lds
20522+vmlinux.relocs
20523 voffset.h
20524 vsyscall.lds
20525 vsyscall_32.lds
20526 wanxlfw.inc
20527 uImage
20528 unifdef
20529+utsrelease.h
20530 wakeup.bin
20531 wakeup.elf
20532 wakeup.lds
20533diff -urNp linux-2.6.38.2/Documentation/filesystems/sysfs.txt linux-2.6.38.2/Documentation/filesystems/sysfs.txt
20534--- linux-2.6.38.2/Documentation/filesystems/sysfs.txt 2011-03-14 21:20:32.000000000 -0400
20535+++ linux-2.6.38.2/Documentation/filesystems/sysfs.txt 2011-03-21 18:31:35.000000000 -0400
20536@@ -123,8 +123,8 @@ set of sysfs operations for forwarding r
20537 show and store methods of the attribute owners.
20538
20539 struct sysfs_ops {
20540- ssize_t (*show)(struct kobject *, struct attribute *, char *);
20541- ssize_t (*store)(struct kobject *, struct attribute *, const char *, size_t);
20542+ ssize_t (* const show)(struct kobject *, struct attribute *, char *);
20543+ ssize_t (* const store)(struct kobject *, struct attribute *, const char *, size_t);
20544 };
20545
20546 [ Subsystems should have already defined a struct kobj_type as a
20547diff -urNp linux-2.6.38.2/Documentation/kernel-parameters.txt linux-2.6.38.2/Documentation/kernel-parameters.txt
20548--- linux-2.6.38.2/Documentation/kernel-parameters.txt 2011-03-14 21:20:32.000000000 -0400
20549+++ linux-2.6.38.2/Documentation/kernel-parameters.txt 2011-03-21 18:31:35.000000000 -0400
20550@@ -1853,6 +1853,13 @@ bytes respectively. Such letter suffixes
20551 the specified number of seconds. This is to be used if
20552 your oopses keep scrolling off the screen.
20553
20554+ pax_nouderef [X86] disables UDEREF. Most likely needed under certain
20555+ virtualization environments that don't cope well with the
20556+ expand down segment used by UDEREF on X86-32 or the frequent
20557+ page table updates on X86-64.
20558+
20559+ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
20560+
20561 pcbit= [HW,ISDN]
20562
20563 pcd. [PARIDE]
20564diff -urNp linux-2.6.38.2/drivers/acpi/battery.c linux-2.6.38.2/drivers/acpi/battery.c
20565--- linux-2.6.38.2/drivers/acpi/battery.c 2011-03-14 21:20:32.000000000 -0400
20566+++ linux-2.6.38.2/drivers/acpi/battery.c 2011-03-21 18:31:35.000000000 -0400
20567@@ -862,7 +862,7 @@ DECLARE_FILE_FUNCTIONS(alarm);
20568 }
20569
20570 static struct battery_file {
20571- struct file_operations ops;
20572+ const struct file_operations ops;
20573 mode_t mode;
20574 const char *name;
20575 } acpi_battery_file[] = {
20576diff -urNp linux-2.6.38.2/drivers/acpi/blacklist.c linux-2.6.38.2/drivers/acpi/blacklist.c
20577--- linux-2.6.38.2/drivers/acpi/blacklist.c 2011-03-14 21:20:32.000000000 -0400
20578+++ linux-2.6.38.2/drivers/acpi/blacklist.c 2011-03-21 18:31:35.000000000 -0400
20579@@ -73,7 +73,7 @@ static struct acpi_blacklist_item acpi_b
20580 {"IBM ", "TP600E ", 0x00000105, ACPI_SIG_DSDT, less_than_or_equal,
20581 "Incorrect _ADR", 1},
20582
20583- {""}
20584+ {"", "", 0, NULL, all_versions, NULL, 0}
20585 };
20586
20587 #if CONFIG_ACPI_BLACKLIST_YEAR
20588diff -urNp linux-2.6.38.2/drivers/acpi/dock.c linux-2.6.38.2/drivers/acpi/dock.c
20589--- linux-2.6.38.2/drivers/acpi/dock.c 2011-03-14 21:20:32.000000000 -0400
20590+++ linux-2.6.38.2/drivers/acpi/dock.c 2011-03-21 18:31:35.000000000 -0400
20591@@ -77,7 +77,7 @@ struct dock_dependent_device {
20592 struct list_head list;
20593 struct list_head hotplug_list;
20594 acpi_handle handle;
20595- struct acpi_dock_ops *ops;
20596+ const struct acpi_dock_ops *ops;
20597 void *context;
20598 };
20599
20600@@ -589,7 +589,7 @@ EXPORT_SYMBOL_GPL(unregister_dock_notifi
20601 * the dock driver after _DCK is executed.
20602 */
20603 int
20604-register_hotplug_dock_device(acpi_handle handle, struct acpi_dock_ops *ops,
20605+register_hotplug_dock_device(acpi_handle handle, const struct acpi_dock_ops *ops,
20606 void *context)
20607 {
20608 struct dock_dependent_device *dd;
20609diff -urNp linux-2.6.38.2/drivers/acpi/ec_sys.c linux-2.6.38.2/drivers/acpi/ec_sys.c
20610--- linux-2.6.38.2/drivers/acpi/ec_sys.c 2011-03-14 21:20:32.000000000 -0400
20611+++ linux-2.6.38.2/drivers/acpi/ec_sys.c 2011-03-21 18:31:35.000000000 -0400
20612@@ -96,7 +96,7 @@ static ssize_t acpi_ec_write_io(struct f
20613 return count;
20614 }
20615
20616-static struct file_operations acpi_ec_io_ops = {
20617+static const struct file_operations acpi_ec_io_ops = {
20618 .owner = THIS_MODULE,
20619 .open = acpi_ec_open_io,
20620 .read = acpi_ec_read_io,
20621diff -urNp linux-2.6.38.2/drivers/acpi/power_meter.c linux-2.6.38.2/drivers/acpi/power_meter.c
20622--- linux-2.6.38.2/drivers/acpi/power_meter.c 2011-03-14 21:20:32.000000000 -0400
20623+++ linux-2.6.38.2/drivers/acpi/power_meter.c 2011-03-21 18:31:35.000000000 -0400
20624@@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *d
20625 return res;
20626
20627 temp /= 1000;
20628- if (temp < 0)
20629- return -EINVAL;
20630
20631 mutex_lock(&resource->lock);
20632 resource->trip[attr->index - 7] = temp;
20633diff -urNp linux-2.6.38.2/drivers/acpi/proc.c linux-2.6.38.2/drivers/acpi/proc.c
20634--- linux-2.6.38.2/drivers/acpi/proc.c 2011-03-14 21:20:32.000000000 -0400
20635+++ linux-2.6.38.2/drivers/acpi/proc.c 2011-03-21 18:31:35.000000000 -0400
20636@@ -342,19 +342,13 @@ acpi_system_write_wakeup_device(struct f
20637 size_t count, loff_t * ppos)
20638 {
20639 struct list_head *node, *next;
20640- char strbuf[5];
20641- char str[5] = "";
20642- unsigned int len = count;
20643-
20644- if (len > 4)
20645- len = 4;
20646- if (len < 0)
20647- return -EFAULT;
20648+ char strbuf[5] = {0};
20649
20650- if (copy_from_user(strbuf, buffer, len))
20651+ if (count > 4)
20652+ count = 4;
20653+ if (copy_from_user(strbuf, buffer, count))
20654 return -EFAULT;
20655- strbuf[len] = '\0';
20656- sscanf(strbuf, "%s", str);
20657+ strbuf[count] = '\0';
20658
20659 mutex_lock(&acpi_device_lock);
20660 list_for_each_safe(node, next, &acpi_wakeup_device_list) {
20661@@ -363,7 +357,7 @@ acpi_system_write_wakeup_device(struct f
20662 if (!dev->wakeup.flags.valid)
20663 continue;
20664
20665- if (!strncmp(dev->pnp.bus_id, str, 4)) {
20666+ if (!strncmp(dev->pnp.bus_id, strbuf, 4)) {
20667 if (device_can_wakeup(&dev->dev)) {
20668 bool enable = !device_may_wakeup(&dev->dev);
20669 device_set_wakeup_enable(&dev->dev, enable);
20670diff -urNp linux-2.6.38.2/drivers/acpi/processor_driver.c linux-2.6.38.2/drivers/acpi/processor_driver.c
20671--- linux-2.6.38.2/drivers/acpi/processor_driver.c 2011-03-14 21:20:32.000000000 -0400
20672+++ linux-2.6.38.2/drivers/acpi/processor_driver.c 2011-03-21 18:31:35.000000000 -0400
20673@@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(
20674 return 0;
20675 #endif
20676
20677- BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0));
20678+ BUG_ON(pr->id >= nr_cpu_ids);
20679
20680 /*
20681 * Buggy BIOS check
20682diff -urNp linux-2.6.38.2/drivers/acpi/processor_idle.c linux-2.6.38.2/drivers/acpi/processor_idle.c
20683--- linux-2.6.38.2/drivers/acpi/processor_idle.c 2011-03-14 21:20:32.000000000 -0400
20684+++ linux-2.6.38.2/drivers/acpi/processor_idle.c 2011-03-21 18:31:35.000000000 -0400
20685@@ -121,7 +121,7 @@ static struct dmi_system_id __cpuinitdat
20686 DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."),
20687 DMI_MATCH(DMI_PRODUCT_NAME,"L8400B series Notebook PC")},
20688 (void *)1},
20689- {},
20690+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL},
20691 };
20692
20693
20694diff -urNp linux-2.6.38.2/drivers/ata/acard-ahci.c linux-2.6.38.2/drivers/ata/acard-ahci.c
20695--- linux-2.6.38.2/drivers/ata/acard-ahci.c 2011-03-14 21:20:32.000000000 -0400
20696+++ linux-2.6.38.2/drivers/ata/acard-ahci.c 2011-03-21 18:31:35.000000000 -0400
20697@@ -87,7 +87,7 @@ static struct scsi_host_template acard_a
20698 AHCI_SHT("acard-ahci"),
20699 };
20700
20701-static struct ata_port_operations acard_ops = {
20702+static const struct ata_port_operations acard_ops = {
20703 .inherits = &ahci_ops,
20704 .qc_prep = acard_ahci_qc_prep,
20705 .qc_fill_rtf = acard_ahci_qc_fill_rtf,
20706diff -urNp linux-2.6.38.2/drivers/ata/ahci.c linux-2.6.38.2/drivers/ata/ahci.c
20707--- linux-2.6.38.2/drivers/ata/ahci.c 2011-03-23 17:20:06.000000000 -0400
20708+++ linux-2.6.38.2/drivers/ata/ahci.c 2011-03-23 17:21:49.000000000 -0400
20709@@ -94,17 +94,17 @@ static struct scsi_host_template ahci_sh
20710 AHCI_SHT("ahci"),
20711 };
20712
20713-static struct ata_port_operations ahci_vt8251_ops = {
20714+static const struct ata_port_operations ahci_vt8251_ops = {
20715 .inherits = &ahci_ops,
20716 .hardreset = ahci_vt8251_hardreset,
20717 };
20718
20719-static struct ata_port_operations ahci_p5wdh_ops = {
20720+static const struct ata_port_operations ahci_p5wdh_ops = {
20721 .inherits = &ahci_ops,
20722 .hardreset = ahci_p5wdh_hardreset,
20723 };
20724
20725-static struct ata_port_operations ahci_sb600_ops = {
20726+static const struct ata_port_operations ahci_sb600_ops = {
20727 .inherits = &ahci_ops,
20728 .softreset = ahci_sb600_softreset,
20729 .pmp_softreset = ahci_sb600_softreset,
20730@@ -394,7 +394,7 @@ static const struct pci_device_id ahci_p
20731 { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
20732 PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci },
20733
20734- { } /* terminate list */
20735+ { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
20736 };
20737
20738
20739diff -urNp linux-2.6.38.2/drivers/ata/ahci.h linux-2.6.38.2/drivers/ata/ahci.h
20740--- linux-2.6.38.2/drivers/ata/ahci.h 2011-03-14 21:20:32.000000000 -0400
20741+++ linux-2.6.38.2/drivers/ata/ahci.h 2011-03-21 18:31:35.000000000 -0400
20742@@ -309,7 +309,7 @@ extern struct device_attribute *ahci_sde
20743 .shost_attrs = ahci_shost_attrs, \
20744 .sdev_attrs = ahci_sdev_attrs
20745
20746-extern struct ata_port_operations ahci_ops;
20747+extern const struct ata_port_operations ahci_ops;
20748
20749 void ahci_fill_cmd_slot(struct ahci_port_priv *pp, unsigned int tag,
20750 u32 opts);
20751diff -urNp linux-2.6.38.2/drivers/ata/ata_generic.c linux-2.6.38.2/drivers/ata/ata_generic.c
20752--- linux-2.6.38.2/drivers/ata/ata_generic.c 2011-03-14 21:20:32.000000000 -0400
20753+++ linux-2.6.38.2/drivers/ata/ata_generic.c 2011-03-21 18:31:35.000000000 -0400
20754@@ -101,7 +101,7 @@ static struct scsi_host_template generic
20755 ATA_BMDMA_SHT(DRV_NAME),
20756 };
20757
20758-static struct ata_port_operations generic_port_ops = {
20759+static const struct ata_port_operations generic_port_ops = {
20760 .inherits = &ata_bmdma_port_ops,
20761 .cable_detect = ata_cable_unknown,
20762 .set_mode = generic_set_mode,
20763diff -urNp linux-2.6.38.2/drivers/ata/ata_piix.c linux-2.6.38.2/drivers/ata/ata_piix.c
20764--- linux-2.6.38.2/drivers/ata/ata_piix.c 2011-03-14 21:20:32.000000000 -0400
20765+++ linux-2.6.38.2/drivers/ata/ata_piix.c 2011-03-21 18:31:35.000000000 -0400
20766@@ -309,7 +309,7 @@ static const struct pci_device_id piix_p
20767 { 0x8086, 0x1d00, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata },
20768 /* SATA Controller IDE (PBG) */
20769 { 0x8086, 0x1d08, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
20770- { } /* terminate list */
20771+ { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
20772 };
20773
20774 static struct pci_driver piix_pci_driver = {
20775@@ -327,12 +327,12 @@ static struct scsi_host_template piix_sh
20776 ATA_BMDMA_SHT(DRV_NAME),
20777 };
20778
20779-static struct ata_port_operations piix_sata_ops = {
20780+static const struct ata_port_operations piix_sata_ops = {
20781 .inherits = &ata_bmdma32_port_ops,
20782 .sff_irq_check = piix_irq_check,
20783 };
20784
20785-static struct ata_port_operations piix_pata_ops = {
20786+static const struct ata_port_operations piix_pata_ops = {
20787 .inherits = &piix_sata_ops,
20788 .cable_detect = ata_cable_40wire,
20789 .set_piomode = piix_set_piomode,
20790@@ -340,12 +340,12 @@ static struct ata_port_operations piix_p
20791 .prereset = piix_pata_prereset,
20792 };
20793
20794-static struct ata_port_operations piix_vmw_ops = {
20795+static const struct ata_port_operations piix_vmw_ops = {
20796 .inherits = &piix_pata_ops,
20797 .bmdma_status = piix_vmw_bmdma_status,
20798 };
20799
20800-static struct ata_port_operations ich_pata_ops = {
20801+static const struct ata_port_operations ich_pata_ops = {
20802 .inherits = &piix_pata_ops,
20803 .cable_detect = ich_pata_cable_detect,
20804 .set_dmamode = ich_set_dmamode,
20805@@ -361,7 +361,7 @@ static struct scsi_host_template piix_si
20806 .shost_attrs = piix_sidpr_shost_attrs,
20807 };
20808
20809-static struct ata_port_operations piix_sidpr_sata_ops = {
20810+static const struct ata_port_operations piix_sidpr_sata_ops = {
20811 .inherits = &piix_sata_ops,
20812 .hardreset = sata_std_hardreset,
20813 .scr_read = piix_sidpr_scr_read,
20814@@ -638,7 +638,7 @@ static const struct ich_laptop ich_lapto
20815 { 0x2653, 0x1043, 0x82D8 }, /* ICH6M on Asus Eee 701 */
20816 { 0x27df, 0x104d, 0x900e }, /* ICH7 on Sony TZ-90 */
20817 /* end marker */
20818- { 0, }
20819+ { 0, 0, 0 }
20820 };
20821
20822 /**
20823@@ -1130,7 +1130,7 @@ static int piix_broken_suspend(void)
20824 },
20825 },
20826
20827- { } /* terminate list */
20828+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL } /* terminate list */
20829 };
20830 static const char *oemstrs[] = {
20831 "Tecra M3,",
20832diff -urNp linux-2.6.38.2/drivers/ata/libahci.c linux-2.6.38.2/drivers/ata/libahci.c
20833--- linux-2.6.38.2/drivers/ata/libahci.c 2011-03-14 21:20:32.000000000 -0400
20834+++ linux-2.6.38.2/drivers/ata/libahci.c 2011-03-21 18:31:35.000000000 -0400
20835@@ -137,7 +137,7 @@ struct device_attribute *ahci_sdev_attrs
20836 };
20837 EXPORT_SYMBOL_GPL(ahci_sdev_attrs);
20838
20839-struct ata_port_operations ahci_ops = {
20840+const struct ata_port_operations ahci_ops = {
20841 .inherits = &sata_pmp_port_ops,
20842
20843 .qc_defer = ahci_pmp_qc_defer,
20844diff -urNp linux-2.6.38.2/drivers/ata/libata-acpi.c linux-2.6.38.2/drivers/ata/libata-acpi.c
20845--- linux-2.6.38.2/drivers/ata/libata-acpi.c 2011-03-14 21:20:32.000000000 -0400
20846+++ linux-2.6.38.2/drivers/ata/libata-acpi.c 2011-03-21 18:31:35.000000000 -0400
20847@@ -218,12 +218,12 @@ static void ata_acpi_dev_uevent(acpi_han
20848 ata_acpi_uevent(dev->link->ap, dev, event);
20849 }
20850
20851-static struct acpi_dock_ops ata_acpi_dev_dock_ops = {
20852+static const struct acpi_dock_ops ata_acpi_dev_dock_ops = {
20853 .handler = ata_acpi_dev_notify_dock,
20854 .uevent = ata_acpi_dev_uevent,
20855 };
20856
20857-static struct acpi_dock_ops ata_acpi_ap_dock_ops = {
20858+static const struct acpi_dock_ops ata_acpi_ap_dock_ops = {
20859 .handler = ata_acpi_ap_notify_dock,
20860 .uevent = ata_acpi_ap_uevent,
20861 };
20862diff -urNp linux-2.6.38.2/drivers/ata/libata-core.c linux-2.6.38.2/drivers/ata/libata-core.c
20863--- linux-2.6.38.2/drivers/ata/libata-core.c 2011-03-14 21:20:32.000000000 -0400
20864+++ linux-2.6.38.2/drivers/ata/libata-core.c 2011-03-21 18:31:35.000000000 -0400
20865@@ -897,7 +897,7 @@ static const struct ata_xfer_ent {
20866 { ATA_SHIFT_PIO, ATA_NR_PIO_MODES, XFER_PIO_0 },
20867 { ATA_SHIFT_MWDMA, ATA_NR_MWDMA_MODES, XFER_MW_DMA_0 },
20868 { ATA_SHIFT_UDMA, ATA_NR_UDMA_MODES, XFER_UDMA_0 },
20869- { -1, },
20870+ { -1, 0, 0 }
20871 };
20872
20873 /**
20874@@ -2885,7 +2885,7 @@ static const struct ata_timing ata_timin
20875 { XFER_UDMA_5, 0, 0, 0, 0, 0, 0, 0, 0, 20 },
20876 { XFER_UDMA_6, 0, 0, 0, 0, 0, 0, 0, 0, 15 },
20877
20878- { 0xFF }
20879+ { 0xFF, 0, 0, 0, 0, 0, 0, 0, 0 }
20880 };
20881
20882 #define ENOUGH(v, unit) (((v)-1)/(unit)+1)
20883@@ -4141,7 +4141,7 @@ static const struct ata_blacklist_entry
20884 { "PIONEER DVD-RW DVR-212D", "1.28", ATA_HORKAGE_NOSETXFER },
20885
20886 /* End Marker */
20887- { }
20888+ { NULL, NULL, 0 }
20889 };
20890
20891 /**
20892@@ -4746,7 +4746,7 @@ void ata_qc_free(struct ata_queued_cmd *
20893 struct ata_port *ap;
20894 unsigned int tag;
20895
20896- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
20897+ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
20898 ap = qc->ap;
20899
20900 qc->flags = 0;
20901@@ -4762,7 +4762,7 @@ void __ata_qc_complete(struct ata_queued
20902 struct ata_port *ap;
20903 struct ata_link *link;
20904
20905- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
20906+ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
20907 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
20908 ap = qc->ap;
20909 link = qc->dev->link;
20910@@ -5755,7 +5755,7 @@ static void ata_host_stop(struct device
20911 * LOCKING:
20912 * None.
20913 */
20914-static void ata_finalize_port_ops(struct ata_port_operations *ops)
20915+static void ata_finalize_port_ops(const struct ata_port_operations *ops)
20916 {
20917 static DEFINE_SPINLOCK(lock);
20918 const struct ata_port_operations *cur;
20919@@ -5767,6 +5767,7 @@ static void ata_finalize_port_ops(struct
20920 return;
20921
20922 spin_lock(&lock);
20923+ pax_open_kernel();
20924
20925 for (cur = ops->inherits; cur; cur = cur->inherits) {
20926 void **inherit = (void **)cur;
20927@@ -5780,8 +5781,9 @@ static void ata_finalize_port_ops(struct
20928 if (IS_ERR(*pp))
20929 *pp = NULL;
20930
20931- ops->inherits = NULL;
20932+ ((struct ata_port_operations *)ops)->inherits = NULL;
20933
20934+ pax_close_kernel();
20935 spin_unlock(&lock);
20936 }
20937
20938@@ -5878,7 +5880,7 @@ int ata_host_start(struct ata_host *host
20939 */
20940 /* KILLME - the only user left is ipr */
20941 void ata_host_init(struct ata_host *host, struct device *dev,
20942- unsigned long flags, struct ata_port_operations *ops)
20943+ unsigned long flags, const struct ata_port_operations *ops)
20944 {
20945 spin_lock_init(&host->lock);
20946 mutex_init(&host->eh_mutex);
20947@@ -6584,7 +6586,7 @@ static void ata_dummy_error_handler(stru
20948 /* truly dummy */
20949 }
20950
20951-struct ata_port_operations ata_dummy_port_ops = {
20952+const struct ata_port_operations ata_dummy_port_ops = {
20953 .qc_prep = ata_noop_qc_prep,
20954 .qc_issue = ata_dummy_qc_issue,
20955 .error_handler = ata_dummy_error_handler,
20956diff -urNp linux-2.6.38.2/drivers/ata/libata-eh.c linux-2.6.38.2/drivers/ata/libata-eh.c
20957--- linux-2.6.38.2/drivers/ata/libata-eh.c 2011-03-23 17:20:06.000000000 -0400
20958+++ linux-2.6.38.2/drivers/ata/libata-eh.c 2011-03-23 17:21:49.000000000 -0400
20959@@ -3880,7 +3880,7 @@ void ata_do_eh(struct ata_port *ap, ata_
20960 */
20961 void ata_std_error_handler(struct ata_port *ap)
20962 {
20963- struct ata_port_operations *ops = ap->ops;
20964+ const struct ata_port_operations *ops = ap->ops;
20965 ata_reset_fn_t hardreset = ops->hardreset;
20966
20967 /* ignore built-in hardreset if SCR access is not available */
20968diff -urNp linux-2.6.38.2/drivers/ata/libata-pmp.c linux-2.6.38.2/drivers/ata/libata-pmp.c
20969--- linux-2.6.38.2/drivers/ata/libata-pmp.c 2011-03-14 21:20:32.000000000 -0400
20970+++ linux-2.6.38.2/drivers/ata/libata-pmp.c 2011-03-21 18:31:35.000000000 -0400
20971@@ -912,7 +912,7 @@ static int sata_pmp_handle_link_fail(str
20972 */
20973 static int sata_pmp_eh_recover(struct ata_port *ap)
20974 {
20975- struct ata_port_operations *ops = ap->ops;
20976+ const struct ata_port_operations *ops = ap->ops;
20977 int pmp_tries, link_tries[SATA_PMP_MAX_PORTS];
20978 struct ata_link *pmp_link = &ap->link;
20979 struct ata_device *pmp_dev = pmp_link->device;
20980diff -urNp linux-2.6.38.2/drivers/ata/pata_acpi.c linux-2.6.38.2/drivers/ata/pata_acpi.c
20981--- linux-2.6.38.2/drivers/ata/pata_acpi.c 2011-03-14 21:20:32.000000000 -0400
20982+++ linux-2.6.38.2/drivers/ata/pata_acpi.c 2011-03-21 18:31:35.000000000 -0400
20983@@ -216,7 +216,7 @@ static struct scsi_host_template pacpi_s
20984 ATA_BMDMA_SHT(DRV_NAME),
20985 };
20986
20987-static struct ata_port_operations pacpi_ops = {
20988+static const struct ata_port_operations pacpi_ops = {
20989 .inherits = &ata_bmdma_port_ops,
20990 .qc_issue = pacpi_qc_issue,
20991 .cable_detect = pacpi_cable_detect,
20992diff -urNp linux-2.6.38.2/drivers/ata/pata_ali.c linux-2.6.38.2/drivers/ata/pata_ali.c
20993--- linux-2.6.38.2/drivers/ata/pata_ali.c 2011-03-14 21:20:32.000000000 -0400
20994+++ linux-2.6.38.2/drivers/ata/pata_ali.c 2011-03-21 18:31:35.000000000 -0400
20995@@ -363,7 +363,7 @@ static struct scsi_host_template ali_sht
20996 * Port operations for PIO only ALi
20997 */
20998
20999-static struct ata_port_operations ali_early_port_ops = {
21000+static const struct ata_port_operations ali_early_port_ops = {
21001 .inherits = &ata_sff_port_ops,
21002 .cable_detect = ata_cable_40wire,
21003 .set_piomode = ali_set_piomode,
21004@@ -380,7 +380,7 @@ static const struct ata_port_operations
21005 * Port operations for DMA capable ALi without cable
21006 * detect
21007 */
21008-static struct ata_port_operations ali_20_port_ops = {
21009+static const struct ata_port_operations ali_20_port_ops = {
21010 .inherits = &ali_dma_base_ops,
21011 .cable_detect = ata_cable_40wire,
21012 .mode_filter = ali_20_filter,
21013@@ -391,7 +391,7 @@ static struct ata_port_operations ali_20
21014 /*
21015 * Port operations for DMA capable ALi with cable detect
21016 */
21017-static struct ata_port_operations ali_c2_port_ops = {
21018+static const struct ata_port_operations ali_c2_port_ops = {
21019 .inherits = &ali_dma_base_ops,
21020 .check_atapi_dma = ali_check_atapi_dma,
21021 .cable_detect = ali_c2_cable_detect,
21022@@ -402,7 +402,7 @@ static struct ata_port_operations ali_c2
21023 /*
21024 * Port operations for DMA capable ALi with cable detect
21025 */
21026-static struct ata_port_operations ali_c4_port_ops = {
21027+static const struct ata_port_operations ali_c4_port_ops = {
21028 .inherits = &ali_dma_base_ops,
21029 .check_atapi_dma = ali_check_atapi_dma,
21030 .cable_detect = ali_c2_cable_detect,
21031@@ -412,7 +412,7 @@ static struct ata_port_operations ali_c4
21032 /*
21033 * Port operations for DMA capable ALi with cable detect and LBA48
21034 */
21035-static struct ata_port_operations ali_c5_port_ops = {
21036+static const struct ata_port_operations ali_c5_port_ops = {
21037 .inherits = &ali_dma_base_ops,
21038 .check_atapi_dma = ali_check_atapi_dma,
21039 .dev_config = ali_warn_atapi_dma,
21040diff -urNp linux-2.6.38.2/drivers/ata/pata_amd.c linux-2.6.38.2/drivers/ata/pata_amd.c
21041--- linux-2.6.38.2/drivers/ata/pata_amd.c 2011-03-14 21:20:32.000000000 -0400
21042+++ linux-2.6.38.2/drivers/ata/pata_amd.c 2011-03-21 18:31:35.000000000 -0400
21043@@ -397,28 +397,28 @@ static const struct ata_port_operations
21044 .prereset = amd_pre_reset,
21045 };
21046
21047-static struct ata_port_operations amd33_port_ops = {
21048+static const struct ata_port_operations amd33_port_ops = {
21049 .inherits = &amd_base_port_ops,
21050 .cable_detect = ata_cable_40wire,
21051 .set_piomode = amd33_set_piomode,
21052 .set_dmamode = amd33_set_dmamode,
21053 };
21054
21055-static struct ata_port_operations amd66_port_ops = {
21056+static const struct ata_port_operations amd66_port_ops = {
21057 .inherits = &amd_base_port_ops,
21058 .cable_detect = ata_cable_unknown,
21059 .set_piomode = amd66_set_piomode,
21060 .set_dmamode = amd66_set_dmamode,
21061 };
21062
21063-static struct ata_port_operations amd100_port_ops = {
21064+static const struct ata_port_operations amd100_port_ops = {
21065 .inherits = &amd_base_port_ops,
21066 .cable_detect = ata_cable_unknown,
21067 .set_piomode = amd100_set_piomode,
21068 .set_dmamode = amd100_set_dmamode,
21069 };
21070
21071-static struct ata_port_operations amd133_port_ops = {
21072+static const struct ata_port_operations amd133_port_ops = {
21073 .inherits = &amd_base_port_ops,
21074 .cable_detect = amd_cable_detect,
21075 .set_piomode = amd133_set_piomode,
21076@@ -433,13 +433,13 @@ static const struct ata_port_operations
21077 .host_stop = nv_host_stop,
21078 };
21079
21080-static struct ata_port_operations nv100_port_ops = {
21081+static const struct ata_port_operations nv100_port_ops = {
21082 .inherits = &nv_base_port_ops,
21083 .set_piomode = nv100_set_piomode,
21084 .set_dmamode = nv100_set_dmamode,
21085 };
21086
21087-static struct ata_port_operations nv133_port_ops = {
21088+static const struct ata_port_operations nv133_port_ops = {
21089 .inherits = &nv_base_port_ops,
21090 .set_piomode = nv133_set_piomode,
21091 .set_dmamode = nv133_set_dmamode,
21092diff -urNp linux-2.6.38.2/drivers/ata/pata_artop.c linux-2.6.38.2/drivers/ata/pata_artop.c
21093--- linux-2.6.38.2/drivers/ata/pata_artop.c 2011-03-14 21:20:32.000000000 -0400
21094+++ linux-2.6.38.2/drivers/ata/pata_artop.c 2011-03-21 18:31:35.000000000 -0400
21095@@ -312,7 +312,7 @@ static struct scsi_host_template artop_s
21096 ATA_BMDMA_SHT(DRV_NAME),
21097 };
21098
21099-static struct ata_port_operations artop6210_ops = {
21100+static const struct ata_port_operations artop6210_ops = {
21101 .inherits = &ata_bmdma_port_ops,
21102 .cable_detect = ata_cable_40wire,
21103 .set_piomode = artop6210_set_piomode,
21104@@ -321,7 +321,7 @@ static struct ata_port_operations artop6
21105 .qc_defer = artop6210_qc_defer,
21106 };
21107
21108-static struct ata_port_operations artop6260_ops = {
21109+static const struct ata_port_operations artop6260_ops = {
21110 .inherits = &ata_bmdma_port_ops,
21111 .cable_detect = artop6260_cable_detect,
21112 .set_piomode = artop6260_set_piomode,
21113diff -urNp linux-2.6.38.2/drivers/ata/pata_at32.c linux-2.6.38.2/drivers/ata/pata_at32.c
21114--- linux-2.6.38.2/drivers/ata/pata_at32.c 2011-03-14 21:20:32.000000000 -0400
21115+++ linux-2.6.38.2/drivers/ata/pata_at32.c 2011-03-21 18:31:35.000000000 -0400
21116@@ -173,7 +173,7 @@ static struct scsi_host_template at32_sh
21117 ATA_PIO_SHT(DRV_NAME),
21118 };
21119
21120-static struct ata_port_operations at32_port_ops = {
21121+static const struct ata_port_operations at32_port_ops = {
21122 .inherits = &ata_sff_port_ops,
21123 .cable_detect = ata_cable_40wire,
21124 .set_piomode = pata_at32_set_piomode,
21125diff -urNp linux-2.6.38.2/drivers/ata/pata_at91.c linux-2.6.38.2/drivers/ata/pata_at91.c
21126--- linux-2.6.38.2/drivers/ata/pata_at91.c 2011-03-14 21:20:32.000000000 -0400
21127+++ linux-2.6.38.2/drivers/ata/pata_at91.c 2011-03-21 18:31:35.000000000 -0400
21128@@ -196,7 +196,7 @@ static struct scsi_host_template pata_at
21129 ATA_PIO_SHT(DRV_NAME),
21130 };
21131
21132-static struct ata_port_operations pata_at91_port_ops = {
21133+static const struct ata_port_operations pata_at91_port_ops = {
21134 .inherits = &ata_sff_port_ops,
21135
21136 .sff_data_xfer = pata_at91_data_xfer_noirq,
21137diff -urNp linux-2.6.38.2/drivers/ata/pata_atiixp.c linux-2.6.38.2/drivers/ata/pata_atiixp.c
21138--- linux-2.6.38.2/drivers/ata/pata_atiixp.c 2011-03-14 21:20:32.000000000 -0400
21139+++ linux-2.6.38.2/drivers/ata/pata_atiixp.c 2011-03-21 18:31:35.000000000 -0400
21140@@ -214,7 +214,7 @@ static struct scsi_host_template atiixp_
21141 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
21142 };
21143
21144-static struct ata_port_operations atiixp_port_ops = {
21145+static const struct ata_port_operations atiixp_port_ops = {
21146 .inherits = &ata_bmdma_port_ops,
21147
21148 .qc_prep = ata_bmdma_dumb_qc_prep,
21149diff -urNp linux-2.6.38.2/drivers/ata/pata_atp867x.c linux-2.6.38.2/drivers/ata/pata_atp867x.c
21150--- linux-2.6.38.2/drivers/ata/pata_atp867x.c 2011-03-14 21:20:32.000000000 -0400
21151+++ linux-2.6.38.2/drivers/ata/pata_atp867x.c 2011-03-21 18:31:35.000000000 -0400
21152@@ -275,7 +275,7 @@ static struct scsi_host_template atp867x
21153 ATA_BMDMA_SHT(DRV_NAME),
21154 };
21155
21156-static struct ata_port_operations atp867x_ops = {
21157+static const struct ata_port_operations atp867x_ops = {
21158 .inherits = &ata_bmdma_port_ops,
21159 .cable_detect = atp867x_cable_detect,
21160 .set_piomode = atp867x_set_piomode,
21161diff -urNp linux-2.6.38.2/drivers/ata/pata_bf54x.c linux-2.6.38.2/drivers/ata/pata_bf54x.c
21162--- linux-2.6.38.2/drivers/ata/pata_bf54x.c 2011-03-14 21:20:32.000000000 -0400
21163+++ linux-2.6.38.2/drivers/ata/pata_bf54x.c 2011-03-21 18:31:35.000000000 -0400
21164@@ -1420,7 +1420,7 @@ static struct scsi_host_template bfin_sh
21165 .dma_boundary = ATA_DMA_BOUNDARY,
21166 };
21167
21168-static struct ata_port_operations bfin_pata_ops = {
21169+static const struct ata_port_operations bfin_pata_ops = {
21170 .inherits = &ata_bmdma_port_ops,
21171
21172 .set_piomode = bfin_set_piomode,
21173diff -urNp linux-2.6.38.2/drivers/ata/pata_cmd640.c linux-2.6.38.2/drivers/ata/pata_cmd640.c
21174--- linux-2.6.38.2/drivers/ata/pata_cmd640.c 2011-03-14 21:20:32.000000000 -0400
21175+++ linux-2.6.38.2/drivers/ata/pata_cmd640.c 2011-03-21 18:31:35.000000000 -0400
21176@@ -176,7 +176,7 @@ static struct scsi_host_template cmd640_
21177 ATA_PIO_SHT(DRV_NAME),
21178 };
21179
21180-static struct ata_port_operations cmd640_port_ops = {
21181+static const struct ata_port_operations cmd640_port_ops = {
21182 .inherits = &ata_sff_port_ops,
21183 /* In theory xfer_noirq is not needed once we kill the prefetcher */
21184 .sff_data_xfer = ata_sff_data_xfer_noirq,
21185diff -urNp linux-2.6.38.2/drivers/ata/pata_cmd64x.c linux-2.6.38.2/drivers/ata/pata_cmd64x.c
21186--- linux-2.6.38.2/drivers/ata/pata_cmd64x.c 2011-03-14 21:20:32.000000000 -0400
21187+++ linux-2.6.38.2/drivers/ata/pata_cmd64x.c 2011-03-21 18:31:35.000000000 -0400
21188@@ -268,18 +268,18 @@ static const struct ata_port_operations
21189 .set_dmamode = cmd64x_set_dmamode,
21190 };
21191
21192-static struct ata_port_operations cmd64x_port_ops = {
21193+static const struct ata_port_operations cmd64x_port_ops = {
21194 .inherits = &cmd64x_base_ops,
21195 .cable_detect = ata_cable_40wire,
21196 };
21197
21198-static struct ata_port_operations cmd646r1_port_ops = {
21199+static const struct ata_port_operations cmd646r1_port_ops = {
21200 .inherits = &cmd64x_base_ops,
21201 .bmdma_stop = cmd646r1_bmdma_stop,
21202 .cable_detect = ata_cable_40wire,
21203 };
21204
21205-static struct ata_port_operations cmd648_port_ops = {
21206+static const struct ata_port_operations cmd648_port_ops = {
21207 .inherits = &cmd64x_base_ops,
21208 .bmdma_stop = cmd648_bmdma_stop,
21209 .cable_detect = cmd648_cable_detect,
21210diff -urNp linux-2.6.38.2/drivers/ata/pata_cs5520.c linux-2.6.38.2/drivers/ata/pata_cs5520.c
21211--- linux-2.6.38.2/drivers/ata/pata_cs5520.c 2011-03-14 21:20:32.000000000 -0400
21212+++ linux-2.6.38.2/drivers/ata/pata_cs5520.c 2011-03-21 18:31:35.000000000 -0400
21213@@ -108,7 +108,7 @@ static struct scsi_host_template cs5520_
21214 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
21215 };
21216
21217-static struct ata_port_operations cs5520_port_ops = {
21218+static const struct ata_port_operations cs5520_port_ops = {
21219 .inherits = &ata_bmdma_port_ops,
21220 .qc_prep = ata_bmdma_dumb_qc_prep,
21221 .cable_detect = ata_cable_40wire,
21222diff -urNp linux-2.6.38.2/drivers/ata/pata_cs5530.c linux-2.6.38.2/drivers/ata/pata_cs5530.c
21223--- linux-2.6.38.2/drivers/ata/pata_cs5530.c 2011-03-14 21:20:32.000000000 -0400
21224+++ linux-2.6.38.2/drivers/ata/pata_cs5530.c 2011-03-21 18:31:35.000000000 -0400
21225@@ -164,7 +164,7 @@ static struct scsi_host_template cs5530_
21226 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
21227 };
21228
21229-static struct ata_port_operations cs5530_port_ops = {
21230+static const struct ata_port_operations cs5530_port_ops = {
21231 .inherits = &ata_bmdma_port_ops,
21232
21233 .qc_prep = ata_bmdma_dumb_qc_prep,
21234diff -urNp linux-2.6.38.2/drivers/ata/pata_cs5535.c linux-2.6.38.2/drivers/ata/pata_cs5535.c
21235--- linux-2.6.38.2/drivers/ata/pata_cs5535.c 2011-03-14 21:20:32.000000000 -0400
21236+++ linux-2.6.38.2/drivers/ata/pata_cs5535.c 2011-03-21 18:31:35.000000000 -0400
21237@@ -160,7 +160,7 @@ static struct scsi_host_template cs5535_
21238 ATA_BMDMA_SHT(DRV_NAME),
21239 };
21240
21241-static struct ata_port_operations cs5535_port_ops = {
21242+static const struct ata_port_operations cs5535_port_ops = {
21243 .inherits = &ata_bmdma_port_ops,
21244 .cable_detect = cs5535_cable_detect,
21245 .set_piomode = cs5535_set_piomode,
21246diff -urNp linux-2.6.38.2/drivers/ata/pata_cs5536.c linux-2.6.38.2/drivers/ata/pata_cs5536.c
21247--- linux-2.6.38.2/drivers/ata/pata_cs5536.c 2011-03-14 21:20:32.000000000 -0400
21248+++ linux-2.6.38.2/drivers/ata/pata_cs5536.c 2011-03-21 18:31:35.000000000 -0400
21249@@ -233,7 +233,7 @@ static struct scsi_host_template cs5536_
21250 ATA_BMDMA_SHT(DRV_NAME),
21251 };
21252
21253-static struct ata_port_operations cs5536_port_ops = {
21254+static const struct ata_port_operations cs5536_port_ops = {
21255 .inherits = &ata_bmdma32_port_ops,
21256 .cable_detect = cs5536_cable_detect,
21257 .set_piomode = cs5536_set_piomode,
21258diff -urNp linux-2.6.38.2/drivers/ata/pata_cypress.c linux-2.6.38.2/drivers/ata/pata_cypress.c
21259--- linux-2.6.38.2/drivers/ata/pata_cypress.c 2011-03-14 21:20:32.000000000 -0400
21260+++ linux-2.6.38.2/drivers/ata/pata_cypress.c 2011-03-21 18:31:35.000000000 -0400
21261@@ -115,7 +115,7 @@ static struct scsi_host_template cy82c69
21262 ATA_BMDMA_SHT(DRV_NAME),
21263 };
21264
21265-static struct ata_port_operations cy82c693_port_ops = {
21266+static const struct ata_port_operations cy82c693_port_ops = {
21267 .inherits = &ata_bmdma_port_ops,
21268 .cable_detect = ata_cable_40wire,
21269 .set_piomode = cy82c693_set_piomode,
21270diff -urNp linux-2.6.38.2/drivers/ata/pata_efar.c linux-2.6.38.2/drivers/ata/pata_efar.c
21271--- linux-2.6.38.2/drivers/ata/pata_efar.c 2011-03-14 21:20:32.000000000 -0400
21272+++ linux-2.6.38.2/drivers/ata/pata_efar.c 2011-03-21 18:31:35.000000000 -0400
21273@@ -238,7 +238,7 @@ static struct scsi_host_template efar_sh
21274 ATA_BMDMA_SHT(DRV_NAME),
21275 };
21276
21277-static struct ata_port_operations efar_ops = {
21278+static const struct ata_port_operations efar_ops = {
21279 .inherits = &ata_bmdma_port_ops,
21280 .cable_detect = efar_cable_detect,
21281 .set_piomode = efar_set_piomode,
21282diff -urNp linux-2.6.38.2/drivers/ata/pata_hpt366.c linux-2.6.38.2/drivers/ata/pata_hpt366.c
21283--- linux-2.6.38.2/drivers/ata/pata_hpt366.c 2011-03-14 21:20:32.000000000 -0400
21284+++ linux-2.6.38.2/drivers/ata/pata_hpt366.c 2011-03-21 18:31:35.000000000 -0400
21285@@ -275,7 +275,7 @@ static struct scsi_host_template hpt36x_
21286 * Configuration for HPT366/68
21287 */
21288
21289-static struct ata_port_operations hpt366_port_ops = {
21290+static const struct ata_port_operations hpt366_port_ops = {
21291 .inherits = &ata_bmdma_port_ops,
21292 .cable_detect = hpt36x_cable_detect,
21293 .mode_filter = hpt366_filter,
21294diff -urNp linux-2.6.38.2/drivers/ata/pata_hpt37x.c linux-2.6.38.2/drivers/ata/pata_hpt37x.c
21295--- linux-2.6.38.2/drivers/ata/pata_hpt37x.c 2011-03-14 21:20:32.000000000 -0400
21296+++ linux-2.6.38.2/drivers/ata/pata_hpt37x.c 2011-03-21 18:31:35.000000000 -0400
21297@@ -587,7 +587,7 @@ static struct scsi_host_template hpt37x_
21298 * Configuration for HPT370
21299 */
21300
21301-static struct ata_port_operations hpt370_port_ops = {
21302+static const struct ata_port_operations hpt370_port_ops = {
21303 .inherits = &ata_bmdma_port_ops,
21304
21305 .bmdma_stop = hpt370_bmdma_stop,
21306@@ -603,7 +603,7 @@ static struct ata_port_operations hpt370
21307 * Configuration for HPT370A. Close to 370 but less filters
21308 */
21309
21310-static struct ata_port_operations hpt370a_port_ops = {
21311+static const struct ata_port_operations hpt370a_port_ops = {
21312 .inherits = &hpt370_port_ops,
21313 .mode_filter = hpt370a_filter,
21314 };
21315@@ -613,7 +613,7 @@ static struct ata_port_operations hpt370
21316 * mode setting functionality.
21317 */
21318
21319-static struct ata_port_operations hpt302_port_ops = {
21320+static const struct ata_port_operations hpt302_port_ops = {
21321 .inherits = &ata_bmdma_port_ops,
21322
21323 .bmdma_stop = hpt37x_bmdma_stop,
21324@@ -629,7 +629,7 @@ static struct ata_port_operations hpt302
21325 * but we have a mode filter.
21326 */
21327
21328-static struct ata_port_operations hpt372_port_ops = {
21329+static const struct ata_port_operations hpt372_port_ops = {
21330 .inherits = &hpt302_port_ops,
21331 .mode_filter = hpt372_filter,
21332 };
21333@@ -639,7 +639,7 @@ static struct ata_port_operations hpt372
21334 * but we have a different cable detection procedure for function 1.
21335 */
21336
21337-static struct ata_port_operations hpt374_fn1_port_ops = {
21338+static const struct ata_port_operations hpt374_fn1_port_ops = {
21339 .inherits = &hpt372_port_ops,
21340 .cable_detect = hpt374_fn1_cable_detect,
21341 };
21342diff -urNp linux-2.6.38.2/drivers/ata/pata_hpt3x2n.c linux-2.6.38.2/drivers/ata/pata_hpt3x2n.c
21343--- linux-2.6.38.2/drivers/ata/pata_hpt3x2n.c 2011-03-14 21:20:32.000000000 -0400
21344+++ linux-2.6.38.2/drivers/ata/pata_hpt3x2n.c 2011-03-21 18:31:35.000000000 -0400
21345@@ -348,7 +348,7 @@ static struct scsi_host_template hpt3x2n
21346 * Configuration for HPT302N/371N.
21347 */
21348
21349-static struct ata_port_operations hpt3xxn_port_ops = {
21350+static const struct ata_port_operations hpt3xxn_port_ops = {
21351 .inherits = &ata_bmdma_port_ops,
21352
21353 .bmdma_stop = hpt3x2n_bmdma_stop,
21354@@ -366,7 +366,7 @@ static struct ata_port_operations hpt3xx
21355 * Configuration for HPT372N. Same as 302N/371N but we have a mode filter.
21356 */
21357
21358-static struct ata_port_operations hpt372n_port_ops = {
21359+static const struct ata_port_operations hpt372n_port_ops = {
21360 .inherits = &hpt3xxn_port_ops,
21361 .mode_filter = &hpt372n_filter,
21362 };
21363diff -urNp linux-2.6.38.2/drivers/ata/pata_hpt3x3.c linux-2.6.38.2/drivers/ata/pata_hpt3x3.c
21364--- linux-2.6.38.2/drivers/ata/pata_hpt3x3.c 2011-03-14 21:20:32.000000000 -0400
21365+++ linux-2.6.38.2/drivers/ata/pata_hpt3x3.c 2011-03-21 18:31:35.000000000 -0400
21366@@ -141,7 +141,7 @@ static struct scsi_host_template hpt3x3_
21367 ATA_BMDMA_SHT(DRV_NAME),
21368 };
21369
21370-static struct ata_port_operations hpt3x3_port_ops = {
21371+static const struct ata_port_operations hpt3x3_port_ops = {
21372 .inherits = &ata_bmdma_port_ops,
21373 .cable_detect = ata_cable_40wire,
21374 .set_piomode = hpt3x3_set_piomode,
21375diff -urNp linux-2.6.38.2/drivers/ata/pata_icside.c linux-2.6.38.2/drivers/ata/pata_icside.c
21376--- linux-2.6.38.2/drivers/ata/pata_icside.c 2011-03-14 21:20:32.000000000 -0400
21377+++ linux-2.6.38.2/drivers/ata/pata_icside.c 2011-03-21 18:31:35.000000000 -0400
21378@@ -320,7 +320,7 @@ static void pata_icside_postreset(struct
21379 }
21380 }
21381
21382-static struct ata_port_operations pata_icside_port_ops = {
21383+static const struct ata_port_operations pata_icside_port_ops = {
21384 .inherits = &ata_bmdma_port_ops,
21385 /* no need to build any PRD tables for DMA */
21386 .qc_prep = ata_noop_qc_prep,
21387diff -urNp linux-2.6.38.2/drivers/ata/pata_isapnp.c linux-2.6.38.2/drivers/ata/pata_isapnp.c
21388--- linux-2.6.38.2/drivers/ata/pata_isapnp.c 2011-03-14 21:20:32.000000000 -0400
21389+++ linux-2.6.38.2/drivers/ata/pata_isapnp.c 2011-03-21 18:31:35.000000000 -0400
21390@@ -23,12 +23,12 @@ static struct scsi_host_template isapnp_
21391 ATA_PIO_SHT(DRV_NAME),
21392 };
21393
21394-static struct ata_port_operations isapnp_port_ops = {
21395+static const struct ata_port_operations isapnp_port_ops = {
21396 .inherits = &ata_sff_port_ops,
21397 .cable_detect = ata_cable_40wire,
21398 };
21399
21400-static struct ata_port_operations isapnp_noalt_port_ops = {
21401+static const struct ata_port_operations isapnp_noalt_port_ops = {
21402 .inherits = &ata_sff_port_ops,
21403 .cable_detect = ata_cable_40wire,
21404 /* No altstatus so we don't want to use the lost interrupt poll */
21405diff -urNp linux-2.6.38.2/drivers/ata/pata_it8213.c linux-2.6.38.2/drivers/ata/pata_it8213.c
21406--- linux-2.6.38.2/drivers/ata/pata_it8213.c 2011-03-14 21:20:32.000000000 -0400
21407+++ linux-2.6.38.2/drivers/ata/pata_it8213.c 2011-03-21 18:31:35.000000000 -0400
21408@@ -233,7 +233,7 @@ static struct scsi_host_template it8213_
21409 };
21410
21411
21412-static struct ata_port_operations it8213_ops = {
21413+static const struct ata_port_operations it8213_ops = {
21414 .inherits = &ata_bmdma_port_ops,
21415 .cable_detect = it8213_cable_detect,
21416 .set_piomode = it8213_set_piomode,
21417diff -urNp linux-2.6.38.2/drivers/ata/pata_it821x.c linux-2.6.38.2/drivers/ata/pata_it821x.c
21418--- linux-2.6.38.2/drivers/ata/pata_it821x.c 2011-03-14 21:20:32.000000000 -0400
21419+++ linux-2.6.38.2/drivers/ata/pata_it821x.c 2011-03-21 18:31:35.000000000 -0400
21420@@ -801,7 +801,7 @@ static struct scsi_host_template it821x_
21421 ATA_BMDMA_SHT(DRV_NAME),
21422 };
21423
21424-static struct ata_port_operations it821x_smart_port_ops = {
21425+static const struct ata_port_operations it821x_smart_port_ops = {
21426 .inherits = &ata_bmdma_port_ops,
21427
21428 .check_atapi_dma= it821x_check_atapi_dma,
21429@@ -815,7 +815,7 @@ static struct ata_port_operations it821x
21430 .port_start = it821x_port_start,
21431 };
21432
21433-static struct ata_port_operations it821x_passthru_port_ops = {
21434+static const struct ata_port_operations it821x_passthru_port_ops = {
21435 .inherits = &ata_bmdma_port_ops,
21436
21437 .check_atapi_dma= it821x_check_atapi_dma,
21438@@ -831,7 +831,7 @@ static struct ata_port_operations it821x
21439 .port_start = it821x_port_start,
21440 };
21441
21442-static struct ata_port_operations it821x_rdc_port_ops = {
21443+static const struct ata_port_operations it821x_rdc_port_ops = {
21444 .inherits = &ata_bmdma_port_ops,
21445
21446 .check_atapi_dma= it821x_check_atapi_dma,
21447diff -urNp linux-2.6.38.2/drivers/ata/pata_ixp4xx_cf.c linux-2.6.38.2/drivers/ata/pata_ixp4xx_cf.c
21448--- linux-2.6.38.2/drivers/ata/pata_ixp4xx_cf.c 2011-03-14 21:20:32.000000000 -0400
21449+++ linux-2.6.38.2/drivers/ata/pata_ixp4xx_cf.c 2011-03-21 18:31:35.000000000 -0400
21450@@ -89,7 +89,7 @@ static struct scsi_host_template ixp4xx_
21451 ATA_PIO_SHT(DRV_NAME),
21452 };
21453
21454-static struct ata_port_operations ixp4xx_port_ops = {
21455+static const struct ata_port_operations ixp4xx_port_ops = {
21456 .inherits = &ata_sff_port_ops,
21457 .sff_data_xfer = ixp4xx_mmio_data_xfer,
21458 .cable_detect = ata_cable_40wire,
21459diff -urNp linux-2.6.38.2/drivers/ata/pata_jmicron.c linux-2.6.38.2/drivers/ata/pata_jmicron.c
21460--- linux-2.6.38.2/drivers/ata/pata_jmicron.c 2011-03-14 21:20:32.000000000 -0400
21461+++ linux-2.6.38.2/drivers/ata/pata_jmicron.c 2011-03-21 18:31:35.000000000 -0400
21462@@ -111,7 +111,7 @@ static struct scsi_host_template jmicron
21463 ATA_BMDMA_SHT(DRV_NAME),
21464 };
21465
21466-static struct ata_port_operations jmicron_ops = {
21467+static const struct ata_port_operations jmicron_ops = {
21468 .inherits = &ata_bmdma_port_ops,
21469 .prereset = jmicron_pre_reset,
21470 };
21471diff -urNp linux-2.6.38.2/drivers/ata/pata_legacy.c linux-2.6.38.2/drivers/ata/pata_legacy.c
21472--- linux-2.6.38.2/drivers/ata/pata_legacy.c 2011-03-14 21:20:32.000000000 -0400
21473+++ linux-2.6.38.2/drivers/ata/pata_legacy.c 2011-03-21 18:31:35.000000000 -0400
21474@@ -116,7 +116,7 @@ struct legacy_probe {
21475
21476 struct legacy_controller {
21477 const char *name;
21478- struct ata_port_operations *ops;
21479+ const struct ata_port_operations *ops;
21480 unsigned int pio_mask;
21481 unsigned int flags;
21482 unsigned int pflags;
21483@@ -239,12 +239,12 @@ static const struct ata_port_operations
21484 * pio_mask as well.
21485 */
21486
21487-static struct ata_port_operations simple_port_ops = {
21488+static const struct ata_port_operations simple_port_ops = {
21489 .inherits = &legacy_base_port_ops,
21490 .sff_data_xfer = ata_sff_data_xfer_noirq,
21491 };
21492
21493-static struct ata_port_operations legacy_port_ops = {
21494+static const struct ata_port_operations legacy_port_ops = {
21495 .inherits = &legacy_base_port_ops,
21496 .sff_data_xfer = ata_sff_data_xfer_noirq,
21497 .set_mode = legacy_set_mode,
21498@@ -340,7 +340,7 @@ static unsigned int pdc_data_xfer_vlb(st
21499 return buflen;
21500 }
21501
21502-static struct ata_port_operations pdc20230_port_ops = {
21503+static const struct ata_port_operations pdc20230_port_ops = {
21504 .inherits = &legacy_base_port_ops,
21505 .set_piomode = pdc20230_set_piomode,
21506 .sff_data_xfer = pdc_data_xfer_vlb,
21507@@ -373,7 +373,7 @@ static void ht6560a_set_piomode(struct a
21508 ioread8(ap->ioaddr.status_addr);
21509 }
21510
21511-static struct ata_port_operations ht6560a_port_ops = {
21512+static const struct ata_port_operations ht6560a_port_ops = {
21513 .inherits = &legacy_base_port_ops,
21514 .set_piomode = ht6560a_set_piomode,
21515 };
21516@@ -416,7 +416,7 @@ static void ht6560b_set_piomode(struct a
21517 ioread8(ap->ioaddr.status_addr);
21518 }
21519
21520-static struct ata_port_operations ht6560b_port_ops = {
21521+static const struct ata_port_operations ht6560b_port_ops = {
21522 .inherits = &legacy_base_port_ops,
21523 .set_piomode = ht6560b_set_piomode,
21524 };
21525@@ -515,7 +515,7 @@ static void opti82c611a_set_piomode(stru
21526 }
21527
21528
21529-static struct ata_port_operations opti82c611a_port_ops = {
21530+static const struct ata_port_operations opti82c611a_port_ops = {
21531 .inherits = &legacy_base_port_ops,
21532 .set_piomode = opti82c611a_set_piomode,
21533 };
21534@@ -625,7 +625,7 @@ static unsigned int opti82c46x_qc_issue(
21535 return ata_sff_qc_issue(qc);
21536 }
21537
21538-static struct ata_port_operations opti82c46x_port_ops = {
21539+static const struct ata_port_operations opti82c46x_port_ops = {
21540 .inherits = &legacy_base_port_ops,
21541 .set_piomode = opti82c46x_set_piomode,
21542 .qc_issue = opti82c46x_qc_issue,
21543@@ -787,20 +787,20 @@ static int qdi_port(struct platform_devi
21544 return 0;
21545 }
21546
21547-static struct ata_port_operations qdi6500_port_ops = {
21548+static const struct ata_port_operations qdi6500_port_ops = {
21549 .inherits = &legacy_base_port_ops,
21550 .set_piomode = qdi6500_set_piomode,
21551 .qc_issue = qdi_qc_issue,
21552 .sff_data_xfer = vlb32_data_xfer,
21553 };
21554
21555-static struct ata_port_operations qdi6580_port_ops = {
21556+static const struct ata_port_operations qdi6580_port_ops = {
21557 .inherits = &legacy_base_port_ops,
21558 .set_piomode = qdi6580_set_piomode,
21559 .sff_data_xfer = vlb32_data_xfer,
21560 };
21561
21562-static struct ata_port_operations qdi6580dp_port_ops = {
21563+static const struct ata_port_operations qdi6580dp_port_ops = {
21564 .inherits = &legacy_base_port_ops,
21565 .set_piomode = qdi6580dp_set_piomode,
21566 .qc_issue = qdi_qc_issue,
21567@@ -872,7 +872,7 @@ static int winbond_port(struct platform_
21568 return 0;
21569 }
21570
21571-static struct ata_port_operations winbond_port_ops = {
21572+static const struct ata_port_operations winbond_port_ops = {
21573 .inherits = &legacy_base_port_ops,
21574 .set_piomode = winbond_set_piomode,
21575 .sff_data_xfer = vlb32_data_xfer,
21576@@ -995,7 +995,7 @@ static __init int legacy_init_one(struct
21577 int pio_modes = controller->pio_mask;
21578 unsigned long io = probe->port;
21579 u32 mask = (1 << probe->slot);
21580- struct ata_port_operations *ops = controller->ops;
21581+ const struct ata_port_operations *ops = controller->ops;
21582 struct legacy_data *ld = &legacy_data[probe->slot];
21583 struct ata_host *host = NULL;
21584 struct ata_port *ap;
21585diff -urNp linux-2.6.38.2/drivers/ata/pata_macio.c linux-2.6.38.2/drivers/ata/pata_macio.c
21586--- linux-2.6.38.2/drivers/ata/pata_macio.c 2011-03-14 21:20:32.000000000 -0400
21587+++ linux-2.6.38.2/drivers/ata/pata_macio.c 2011-03-21 18:31:35.000000000 -0400
21588@@ -918,9 +918,8 @@ static struct scsi_host_template pata_ma
21589 .slave_configure = pata_macio_slave_config,
21590 };
21591
21592-static struct ata_port_operations pata_macio_ops = {
21593+static const struct ata_port_operations pata_macio_ops = {
21594 .inherits = &ata_bmdma_port_ops,
21595-
21596 .freeze = pata_macio_freeze,
21597 .set_piomode = pata_macio_set_timings,
21598 .set_dmamode = pata_macio_set_timings,
21599diff -urNp linux-2.6.38.2/drivers/ata/pata_marvell.c linux-2.6.38.2/drivers/ata/pata_marvell.c
21600--- linux-2.6.38.2/drivers/ata/pata_marvell.c 2011-03-14 21:20:32.000000000 -0400
21601+++ linux-2.6.38.2/drivers/ata/pata_marvell.c 2011-03-21 18:31:35.000000000 -0400
21602@@ -100,7 +100,7 @@ static struct scsi_host_template marvell
21603 ATA_BMDMA_SHT(DRV_NAME),
21604 };
21605
21606-static struct ata_port_operations marvell_ops = {
21607+static const struct ata_port_operations marvell_ops = {
21608 .inherits = &ata_bmdma_port_ops,
21609 .cable_detect = marvell_cable_detect,
21610 .prereset = marvell_pre_reset,
21611diff -urNp linux-2.6.38.2/drivers/ata/pata_mpc52xx.c linux-2.6.38.2/drivers/ata/pata_mpc52xx.c
21612--- linux-2.6.38.2/drivers/ata/pata_mpc52xx.c 2011-03-14 21:20:32.000000000 -0400
21613+++ linux-2.6.38.2/drivers/ata/pata_mpc52xx.c 2011-03-21 18:31:35.000000000 -0400
21614@@ -609,7 +609,7 @@ static struct scsi_host_template mpc52xx
21615 ATA_PIO_SHT(DRV_NAME),
21616 };
21617
21618-static struct ata_port_operations mpc52xx_ata_port_ops = {
21619+static const struct ata_port_operations mpc52xx_ata_port_ops = {
21620 .inherits = &ata_bmdma_port_ops,
21621 .sff_dev_select = mpc52xx_ata_dev_select,
21622 .set_piomode = mpc52xx_ata_set_piomode,
21623diff -urNp linux-2.6.38.2/drivers/ata/pata_mpiix.c linux-2.6.38.2/drivers/ata/pata_mpiix.c
21624--- linux-2.6.38.2/drivers/ata/pata_mpiix.c 2011-03-14 21:20:32.000000000 -0400
21625+++ linux-2.6.38.2/drivers/ata/pata_mpiix.c 2011-03-21 18:31:35.000000000 -0400
21626@@ -140,7 +140,7 @@ static struct scsi_host_template mpiix_s
21627 ATA_PIO_SHT(DRV_NAME),
21628 };
21629
21630-static struct ata_port_operations mpiix_port_ops = {
21631+static const struct ata_port_operations mpiix_port_ops = {
21632 .inherits = &ata_sff_port_ops,
21633 .qc_issue = mpiix_qc_issue,
21634 .cable_detect = ata_cable_40wire,
21635diff -urNp linux-2.6.38.2/drivers/ata/pata_netcell.c linux-2.6.38.2/drivers/ata/pata_netcell.c
21636--- linux-2.6.38.2/drivers/ata/pata_netcell.c 2011-03-14 21:20:32.000000000 -0400
21637+++ linux-2.6.38.2/drivers/ata/pata_netcell.c 2011-03-21 18:31:35.000000000 -0400
21638@@ -34,7 +34,7 @@ static struct scsi_host_template netcell
21639 ATA_BMDMA_SHT(DRV_NAME),
21640 };
21641
21642-static struct ata_port_operations netcell_ops = {
21643+static const struct ata_port_operations netcell_ops = {
21644 .inherits = &ata_bmdma_port_ops,
21645 .cable_detect = ata_cable_80wire,
21646 .read_id = netcell_read_id,
21647diff -urNp linux-2.6.38.2/drivers/ata/pata_ninja32.c linux-2.6.38.2/drivers/ata/pata_ninja32.c
21648--- linux-2.6.38.2/drivers/ata/pata_ninja32.c 2011-03-14 21:20:32.000000000 -0400
21649+++ linux-2.6.38.2/drivers/ata/pata_ninja32.c 2011-03-21 18:31:35.000000000 -0400
21650@@ -81,7 +81,7 @@ static struct scsi_host_template ninja32
21651 ATA_BMDMA_SHT(DRV_NAME),
21652 };
21653
21654-static struct ata_port_operations ninja32_port_ops = {
21655+static const struct ata_port_operations ninja32_port_ops = {
21656 .inherits = &ata_bmdma_port_ops,
21657 .sff_dev_select = ninja32_dev_select,
21658 .cable_detect = ata_cable_40wire,
21659diff -urNp linux-2.6.38.2/drivers/ata/pata_ns87410.c linux-2.6.38.2/drivers/ata/pata_ns87410.c
21660--- linux-2.6.38.2/drivers/ata/pata_ns87410.c 2011-03-14 21:20:32.000000000 -0400
21661+++ linux-2.6.38.2/drivers/ata/pata_ns87410.c 2011-03-21 18:31:35.000000000 -0400
21662@@ -132,7 +132,7 @@ static struct scsi_host_template ns87410
21663 ATA_PIO_SHT(DRV_NAME),
21664 };
21665
21666-static struct ata_port_operations ns87410_port_ops = {
21667+static const struct ata_port_operations ns87410_port_ops = {
21668 .inherits = &ata_sff_port_ops,
21669 .qc_issue = ns87410_qc_issue,
21670 .cable_detect = ata_cable_40wire,
21671diff -urNp linux-2.6.38.2/drivers/ata/pata_ns87415.c linux-2.6.38.2/drivers/ata/pata_ns87415.c
21672--- linux-2.6.38.2/drivers/ata/pata_ns87415.c 2011-03-14 21:20:32.000000000 -0400
21673+++ linux-2.6.38.2/drivers/ata/pata_ns87415.c 2011-03-21 18:31:35.000000000 -0400
21674@@ -299,7 +299,7 @@ static u8 ns87560_bmdma_status(struct at
21675 }
21676 #endif /* 87560 SuperIO Support */
21677
21678-static struct ata_port_operations ns87415_pata_ops = {
21679+static const struct ata_port_operations ns87415_pata_ops = {
21680 .inherits = &ata_bmdma_port_ops,
21681
21682 .check_atapi_dma = ns87415_check_atapi_dma,
21683@@ -313,7 +313,7 @@ static struct ata_port_operations ns8741
21684 };
21685
21686 #if defined(CONFIG_SUPERIO)
21687-static struct ata_port_operations ns87560_pata_ops = {
21688+static const struct ata_port_operations ns87560_pata_ops = {
21689 .inherits = &ns87415_pata_ops,
21690 .sff_tf_read = ns87560_tf_read,
21691 .sff_check_status = ns87560_check_status,
21692diff -urNp linux-2.6.38.2/drivers/ata/pata_octeon_cf.c linux-2.6.38.2/drivers/ata/pata_octeon_cf.c
21693--- linux-2.6.38.2/drivers/ata/pata_octeon_cf.c 2011-03-14 21:20:32.000000000 -0400
21694+++ linux-2.6.38.2/drivers/ata/pata_octeon_cf.c 2011-03-21 18:31:35.000000000 -0400
21695@@ -780,7 +780,7 @@ static unsigned int octeon_cf_qc_issue(s
21696 return 0;
21697 }
21698
21699-static struct ata_port_operations octeon_cf_ops = {
21700+static struct ata_port_operations octeon_cf_ops = { /* cannot be const */
21701 .inherits = &ata_sff_port_ops,
21702 .check_atapi_dma = octeon_cf_check_atapi_dma,
21703 .qc_prep = ata_noop_qc_prep,
21704diff -urNp linux-2.6.38.2/drivers/ata/pata_oldpiix.c linux-2.6.38.2/drivers/ata/pata_oldpiix.c
21705--- linux-2.6.38.2/drivers/ata/pata_oldpiix.c 2011-03-14 21:20:32.000000000 -0400
21706+++ linux-2.6.38.2/drivers/ata/pata_oldpiix.c 2011-03-21 18:31:35.000000000 -0400
21707@@ -208,7 +208,7 @@ static struct scsi_host_template oldpiix
21708 ATA_BMDMA_SHT(DRV_NAME),
21709 };
21710
21711-static struct ata_port_operations oldpiix_pata_ops = {
21712+static const struct ata_port_operations oldpiix_pata_ops = {
21713 .inherits = &ata_bmdma_port_ops,
21714 .qc_issue = oldpiix_qc_issue,
21715 .cable_detect = ata_cable_40wire,
21716diff -urNp linux-2.6.38.2/drivers/ata/pata_opti.c linux-2.6.38.2/drivers/ata/pata_opti.c
21717--- linux-2.6.38.2/drivers/ata/pata_opti.c 2011-03-14 21:20:32.000000000 -0400
21718+++ linux-2.6.38.2/drivers/ata/pata_opti.c 2011-03-21 18:31:35.000000000 -0400
21719@@ -152,7 +152,7 @@ static struct scsi_host_template opti_sh
21720 ATA_PIO_SHT(DRV_NAME),
21721 };
21722
21723-static struct ata_port_operations opti_port_ops = {
21724+static const struct ata_port_operations opti_port_ops = {
21725 .inherits = &ata_sff_port_ops,
21726 .cable_detect = ata_cable_40wire,
21727 .set_piomode = opti_set_piomode,
21728diff -urNp linux-2.6.38.2/drivers/ata/pata_optidma.c linux-2.6.38.2/drivers/ata/pata_optidma.c
21729--- linux-2.6.38.2/drivers/ata/pata_optidma.c 2011-03-14 21:20:32.000000000 -0400
21730+++ linux-2.6.38.2/drivers/ata/pata_optidma.c 2011-03-21 18:31:35.000000000 -0400
21731@@ -337,7 +337,7 @@ static struct scsi_host_template optidma
21732 ATA_BMDMA_SHT(DRV_NAME),
21733 };
21734
21735-static struct ata_port_operations optidma_port_ops = {
21736+static const struct ata_port_operations optidma_port_ops = {
21737 .inherits = &ata_bmdma_port_ops,
21738 .cable_detect = ata_cable_40wire,
21739 .set_piomode = optidma_set_pio_mode,
21740@@ -346,7 +346,7 @@ static struct ata_port_operations optidm
21741 .prereset = optidma_pre_reset,
21742 };
21743
21744-static struct ata_port_operations optiplus_port_ops = {
21745+static const struct ata_port_operations optiplus_port_ops = {
21746 .inherits = &optidma_port_ops,
21747 .set_piomode = optiplus_set_pio_mode,
21748 .set_dmamode = optiplus_set_dma_mode,
21749diff -urNp linux-2.6.38.2/drivers/ata/pata_palmld.c linux-2.6.38.2/drivers/ata/pata_palmld.c
21750--- linux-2.6.38.2/drivers/ata/pata_palmld.c 2011-03-14 21:20:32.000000000 -0400
21751+++ linux-2.6.38.2/drivers/ata/pata_palmld.c 2011-03-21 18:31:35.000000000 -0400
21752@@ -37,7 +37,7 @@ static struct scsi_host_template palmld_
21753 ATA_PIO_SHT(DRV_NAME),
21754 };
21755
21756-static struct ata_port_operations palmld_port_ops = {
21757+static const struct ata_port_operations palmld_port_ops = {
21758 .inherits = &ata_sff_port_ops,
21759 .sff_data_xfer = ata_sff_data_xfer_noirq,
21760 .cable_detect = ata_cable_40wire,
21761diff -urNp linux-2.6.38.2/drivers/ata/pata_pcmcia.c linux-2.6.38.2/drivers/ata/pata_pcmcia.c
21762--- linux-2.6.38.2/drivers/ata/pata_pcmcia.c 2011-03-14 21:20:32.000000000 -0400
21763+++ linux-2.6.38.2/drivers/ata/pata_pcmcia.c 2011-03-21 18:31:35.000000000 -0400
21764@@ -151,14 +151,14 @@ static struct scsi_host_template pcmcia_
21765 ATA_PIO_SHT(DRV_NAME),
21766 };
21767
21768-static struct ata_port_operations pcmcia_port_ops = {
21769+static const struct ata_port_operations pcmcia_port_ops = {
21770 .inherits = &ata_sff_port_ops,
21771 .sff_data_xfer = ata_sff_data_xfer_noirq,
21772 .cable_detect = ata_cable_40wire,
21773 .set_mode = pcmcia_set_mode,
21774 };
21775
21776-static struct ata_port_operations pcmcia_8bit_port_ops = {
21777+static const struct ata_port_operations pcmcia_8bit_port_ops = {
21778 .inherits = &ata_sff_port_ops,
21779 .sff_data_xfer = ata_data_xfer_8bit,
21780 .cable_detect = ata_cable_40wire,
21781@@ -205,7 +205,7 @@ static int pcmcia_init_one(struct pcmcia
21782 unsigned long io_base, ctl_base;
21783 void __iomem *io_addr, *ctl_addr;
21784 int n_ports = 1;
21785- struct ata_port_operations *ops = &pcmcia_port_ops;
21786+ const struct ata_port_operations *ops = &pcmcia_port_ops;
21787
21788 /* Set up attributes in order to probe card and get resources */
21789 pdev->config_flags |= CONF_ENABLE_IRQ | CONF_AUTO_SET_IO |
21790diff -urNp linux-2.6.38.2/drivers/ata/pata_pdc2027x.c linux-2.6.38.2/drivers/ata/pata_pdc2027x.c
21791--- linux-2.6.38.2/drivers/ata/pata_pdc2027x.c 2011-03-14 21:20:32.000000000 -0400
21792+++ linux-2.6.38.2/drivers/ata/pata_pdc2027x.c 2011-03-21 18:31:35.000000000 -0400
21793@@ -132,14 +132,14 @@ static struct scsi_host_template pdc2027
21794 ATA_BMDMA_SHT(DRV_NAME),
21795 };
21796
21797-static struct ata_port_operations pdc2027x_pata100_ops = {
21798+static const struct ata_port_operations pdc2027x_pata100_ops = {
21799 .inherits = &ata_bmdma_port_ops,
21800 .check_atapi_dma = pdc2027x_check_atapi_dma,
21801 .cable_detect = pdc2027x_cable_detect,
21802 .prereset = pdc2027x_prereset,
21803 };
21804
21805-static struct ata_port_operations pdc2027x_pata133_ops = {
21806+static const struct ata_port_operations pdc2027x_pata133_ops = {
21807 .inherits = &pdc2027x_pata100_ops,
21808 .mode_filter = pdc2027x_mode_filter,
21809 .set_piomode = pdc2027x_set_piomode,
21810diff -urNp linux-2.6.38.2/drivers/ata/pata_pdc202xx_old.c linux-2.6.38.2/drivers/ata/pata_pdc202xx_old.c
21811--- linux-2.6.38.2/drivers/ata/pata_pdc202xx_old.c 2011-03-14 21:20:32.000000000 -0400
21812+++ linux-2.6.38.2/drivers/ata/pata_pdc202xx_old.c 2011-03-21 18:31:35.000000000 -0400
21813@@ -295,7 +295,7 @@ static struct scsi_host_template pdc202x
21814 ATA_BMDMA_SHT(DRV_NAME),
21815 };
21816
21817-static struct ata_port_operations pdc2024x_port_ops = {
21818+static const struct ata_port_operations pdc2024x_port_ops = {
21819 .inherits = &ata_bmdma_port_ops,
21820
21821 .cable_detect = ata_cable_40wire,
21822@@ -306,7 +306,7 @@ static struct ata_port_operations pdc202
21823 .sff_irq_check = pdc202xx_irq_check,
21824 };
21825
21826-static struct ata_port_operations pdc2026x_port_ops = {
21827+static const struct ata_port_operations pdc2026x_port_ops = {
21828 .inherits = &pdc2024x_port_ops,
21829
21830 .check_atapi_dma = pdc2026x_check_atapi_dma,
21831diff -urNp linux-2.6.38.2/drivers/ata/pata_piccolo.c linux-2.6.38.2/drivers/ata/pata_piccolo.c
21832--- linux-2.6.38.2/drivers/ata/pata_piccolo.c 2011-03-14 21:20:32.000000000 -0400
21833+++ linux-2.6.38.2/drivers/ata/pata_piccolo.c 2011-03-21 18:31:35.000000000 -0400
21834@@ -67,7 +67,7 @@ static struct scsi_host_template tosh_sh
21835 ATA_BMDMA_SHT(DRV_NAME),
21836 };
21837
21838-static struct ata_port_operations tosh_port_ops = {
21839+static const struct ata_port_operations tosh_port_ops = {
21840 .inherits = &ata_bmdma_port_ops,
21841 .cable_detect = ata_cable_unknown,
21842 .set_piomode = tosh_set_piomode,
21843diff -urNp linux-2.6.38.2/drivers/ata/pata_platform.c linux-2.6.38.2/drivers/ata/pata_platform.c
21844--- linux-2.6.38.2/drivers/ata/pata_platform.c 2011-03-14 21:20:32.000000000 -0400
21845+++ linux-2.6.38.2/drivers/ata/pata_platform.c 2011-03-21 18:31:35.000000000 -0400
21846@@ -48,7 +48,7 @@ static struct scsi_host_template pata_pl
21847 ATA_PIO_SHT(DRV_NAME),
21848 };
21849
21850-static struct ata_port_operations pata_platform_port_ops = {
21851+static const struct ata_port_operations pata_platform_port_ops = {
21852 .inherits = &ata_sff_port_ops,
21853 .sff_data_xfer = ata_sff_data_xfer_noirq,
21854 .cable_detect = ata_cable_unknown,
21855diff -urNp linux-2.6.38.2/drivers/ata/pata_pxa.c linux-2.6.38.2/drivers/ata/pata_pxa.c
21856--- linux-2.6.38.2/drivers/ata/pata_pxa.c 2011-03-14 21:20:32.000000000 -0400
21857+++ linux-2.6.38.2/drivers/ata/pata_pxa.c 2011-03-21 18:31:35.000000000 -0400
21858@@ -198,7 +198,7 @@ static struct scsi_host_template pxa_ata
21859 ATA_BMDMA_SHT(DRV_NAME),
21860 };
21861
21862-static struct ata_port_operations pxa_ata_port_ops = {
21863+static const struct ata_port_operations pxa_ata_port_ops = {
21864 .inherits = &ata_bmdma_port_ops,
21865 .cable_detect = ata_cable_40wire,
21866
21867diff -urNp linux-2.6.38.2/drivers/ata/pata_qdi.c linux-2.6.38.2/drivers/ata/pata_qdi.c
21868--- linux-2.6.38.2/drivers/ata/pata_qdi.c 2011-03-14 21:20:32.000000000 -0400
21869+++ linux-2.6.38.2/drivers/ata/pata_qdi.c 2011-03-21 18:31:35.000000000 -0400
21870@@ -157,7 +157,7 @@ static struct scsi_host_template qdi_sht
21871 ATA_PIO_SHT(DRV_NAME),
21872 };
21873
21874-static struct ata_port_operations qdi6500_port_ops = {
21875+static const struct ata_port_operations qdi6500_port_ops = {
21876 .inherits = &ata_sff_port_ops,
21877 .qc_issue = qdi_qc_issue,
21878 .sff_data_xfer = qdi_data_xfer,
21879@@ -165,7 +165,7 @@ static struct ata_port_operations qdi650
21880 .set_piomode = qdi6500_set_piomode,
21881 };
21882
21883-static struct ata_port_operations qdi6580_port_ops = {
21884+static const struct ata_port_operations qdi6580_port_ops = {
21885 .inherits = &qdi6500_port_ops,
21886 .set_piomode = qdi6580_set_piomode,
21887 };
21888diff -urNp linux-2.6.38.2/drivers/ata/pata_radisys.c linux-2.6.38.2/drivers/ata/pata_radisys.c
21889--- linux-2.6.38.2/drivers/ata/pata_radisys.c 2011-03-14 21:20:32.000000000 -0400
21890+++ linux-2.6.38.2/drivers/ata/pata_radisys.c 2011-03-21 18:31:35.000000000 -0400
21891@@ -187,7 +187,7 @@ static struct scsi_host_template radisys
21892 ATA_BMDMA_SHT(DRV_NAME),
21893 };
21894
21895-static struct ata_port_operations radisys_pata_ops = {
21896+static const struct ata_port_operations radisys_pata_ops = {
21897 .inherits = &ata_bmdma_port_ops,
21898 .qc_issue = radisys_qc_issue,
21899 .cable_detect = ata_cable_unknown,
21900diff -urNp linux-2.6.38.2/drivers/ata/pata_rb532_cf.c linux-2.6.38.2/drivers/ata/pata_rb532_cf.c
21901--- linux-2.6.38.2/drivers/ata/pata_rb532_cf.c 2011-03-14 21:20:32.000000000 -0400
21902+++ linux-2.6.38.2/drivers/ata/pata_rb532_cf.c 2011-03-21 18:31:35.000000000 -0400
21903@@ -69,7 +69,7 @@ static irqreturn_t rb532_pata_irq_handle
21904 return IRQ_HANDLED;
21905 }
21906
21907-static struct ata_port_operations rb532_pata_port_ops = {
21908+static const struct ata_port_operations rb532_pata_port_ops = {
21909 .inherits = &ata_sff_port_ops,
21910 .sff_data_xfer = ata_sff_data_xfer32,
21911 };
21912diff -urNp linux-2.6.38.2/drivers/ata/pata_rdc.c linux-2.6.38.2/drivers/ata/pata_rdc.c
21913--- linux-2.6.38.2/drivers/ata/pata_rdc.c 2011-03-14 21:20:32.000000000 -0400
21914+++ linux-2.6.38.2/drivers/ata/pata_rdc.c 2011-03-21 18:31:35.000000000 -0400
21915@@ -273,7 +273,7 @@ static void rdc_set_dmamode(struct ata_p
21916 pci_write_config_byte(dev, 0x48, udma_enable);
21917 }
21918
21919-static struct ata_port_operations rdc_pata_ops = {
21920+static const struct ata_port_operations rdc_pata_ops = {
21921 .inherits = &ata_bmdma32_port_ops,
21922 .cable_detect = rdc_pata_cable_detect,
21923 .set_piomode = rdc_set_piomode,
21924diff -urNp linux-2.6.38.2/drivers/ata/pata_rz1000.c linux-2.6.38.2/drivers/ata/pata_rz1000.c
21925--- linux-2.6.38.2/drivers/ata/pata_rz1000.c 2011-03-14 21:20:32.000000000 -0400
21926+++ linux-2.6.38.2/drivers/ata/pata_rz1000.c 2011-03-21 18:31:35.000000000 -0400
21927@@ -54,7 +54,7 @@ static struct scsi_host_template rz1000_
21928 ATA_PIO_SHT(DRV_NAME),
21929 };
21930
21931-static struct ata_port_operations rz1000_port_ops = {
21932+static const struct ata_port_operations rz1000_port_ops = {
21933 .inherits = &ata_sff_port_ops,
21934 .cable_detect = ata_cable_40wire,
21935 .set_mode = rz1000_set_mode,
21936diff -urNp linux-2.6.38.2/drivers/ata/pata_samsung_cf.c linux-2.6.38.2/drivers/ata/pata_samsung_cf.c
21937--- linux-2.6.38.2/drivers/ata/pata_samsung_cf.c 2011-03-14 21:20:32.000000000 -0400
21938+++ linux-2.6.38.2/drivers/ata/pata_samsung_cf.c 2011-03-21 18:31:35.000000000 -0400
21939@@ -399,7 +399,7 @@ static struct scsi_host_template pata_s3
21940 ATA_PIO_SHT(DRV_NAME),
21941 };
21942
21943-static struct ata_port_operations pata_s3c_port_ops = {
21944+static const struct ata_port_operations pata_s3c_port_ops = {
21945 .inherits = &ata_sff_port_ops,
21946 .sff_check_status = pata_s3c_check_status,
21947 .sff_check_altstatus = pata_s3c_check_altstatus,
21948@@ -413,7 +413,7 @@ static struct ata_port_operations pata_s
21949 .set_piomode = pata_s3c_set_piomode,
21950 };
21951
21952-static struct ata_port_operations pata_s5p_port_ops = {
21953+static const struct ata_port_operations pata_s5p_port_ops = {
21954 .inherits = &ata_sff_port_ops,
21955 .set_piomode = pata_s3c_set_piomode,
21956 };
21957diff -urNp linux-2.6.38.2/drivers/ata/pata_sc1200.c linux-2.6.38.2/drivers/ata/pata_sc1200.c
21958--- linux-2.6.38.2/drivers/ata/pata_sc1200.c 2011-03-14 21:20:32.000000000 -0400
21959+++ linux-2.6.38.2/drivers/ata/pata_sc1200.c 2011-03-21 18:31:35.000000000 -0400
21960@@ -207,7 +207,7 @@ static struct scsi_host_template sc1200_
21961 .sg_tablesize = LIBATA_DUMB_MAX_PRD,
21962 };
21963
21964-static struct ata_port_operations sc1200_port_ops = {
21965+static const struct ata_port_operations sc1200_port_ops = {
21966 .inherits = &ata_bmdma_port_ops,
21967 .qc_prep = ata_bmdma_dumb_qc_prep,
21968 .qc_issue = sc1200_qc_issue,
21969diff -urNp linux-2.6.38.2/drivers/ata/pata_scc.c linux-2.6.38.2/drivers/ata/pata_scc.c
21970--- linux-2.6.38.2/drivers/ata/pata_scc.c 2011-03-14 21:20:32.000000000 -0400
21971+++ linux-2.6.38.2/drivers/ata/pata_scc.c 2011-03-21 18:31:35.000000000 -0400
21972@@ -926,7 +926,7 @@ static struct scsi_host_template scc_sht
21973 ATA_BMDMA_SHT(DRV_NAME),
21974 };
21975
21976-static struct ata_port_operations scc_pata_ops = {
21977+static const struct ata_port_operations scc_pata_ops = {
21978 .inherits = &ata_bmdma_port_ops,
21979
21980 .set_piomode = scc_set_piomode,
21981diff -urNp linux-2.6.38.2/drivers/ata/pata_sch.c linux-2.6.38.2/drivers/ata/pata_sch.c
21982--- linux-2.6.38.2/drivers/ata/pata_sch.c 2011-03-14 21:20:32.000000000 -0400
21983+++ linux-2.6.38.2/drivers/ata/pata_sch.c 2011-03-21 18:31:35.000000000 -0400
21984@@ -75,7 +75,7 @@ static struct scsi_host_template sch_sht
21985 ATA_BMDMA_SHT(DRV_NAME),
21986 };
21987
21988-static struct ata_port_operations sch_pata_ops = {
21989+static const struct ata_port_operations sch_pata_ops = {
21990 .inherits = &ata_bmdma_port_ops,
21991 .cable_detect = ata_cable_unknown,
21992 .set_piomode = sch_set_piomode,
21993diff -urNp linux-2.6.38.2/drivers/ata/pata_serverworks.c linux-2.6.38.2/drivers/ata/pata_serverworks.c
21994--- linux-2.6.38.2/drivers/ata/pata_serverworks.c 2011-03-14 21:20:32.000000000 -0400
21995+++ linux-2.6.38.2/drivers/ata/pata_serverworks.c 2011-03-21 18:31:35.000000000 -0400
21996@@ -300,7 +300,7 @@ static struct scsi_host_template serverw
21997 ATA_BMDMA_SHT(DRV_NAME),
21998 };
21999
22000-static struct ata_port_operations serverworks_osb4_port_ops = {
22001+static const struct ata_port_operations serverworks_osb4_port_ops = {
22002 .inherits = &ata_bmdma_port_ops,
22003 .cable_detect = serverworks_cable_detect,
22004 .mode_filter = serverworks_osb4_filter,
22005@@ -308,7 +308,7 @@ static struct ata_port_operations server
22006 .set_dmamode = serverworks_set_dmamode,
22007 };
22008
22009-static struct ata_port_operations serverworks_csb_port_ops = {
22010+static const struct ata_port_operations serverworks_csb_port_ops = {
22011 .inherits = &serverworks_osb4_port_ops,
22012 .mode_filter = serverworks_csb_filter,
22013 };
22014diff -urNp linux-2.6.38.2/drivers/ata/pata_sil680.c linux-2.6.38.2/drivers/ata/pata_sil680.c
22015--- linux-2.6.38.2/drivers/ata/pata_sil680.c 2011-03-14 21:20:32.000000000 -0400
22016+++ linux-2.6.38.2/drivers/ata/pata_sil680.c 2011-03-21 18:31:35.000000000 -0400
22017@@ -225,8 +225,7 @@ static struct scsi_host_template sil680_
22018 ATA_BMDMA_SHT(DRV_NAME),
22019 };
22020
22021-
22022-static struct ata_port_operations sil680_port_ops = {
22023+static const struct ata_port_operations sil680_port_ops = {
22024 .inherits = &ata_bmdma32_port_ops,
22025 .sff_exec_command = sil680_sff_exec_command,
22026 .sff_irq_check = sil680_sff_irq_check,
22027diff -urNp linux-2.6.38.2/drivers/ata/pata_sis.c linux-2.6.38.2/drivers/ata/pata_sis.c
22028--- linux-2.6.38.2/drivers/ata/pata_sis.c 2011-03-14 21:20:32.000000000 -0400
22029+++ linux-2.6.38.2/drivers/ata/pata_sis.c 2011-03-21 18:31:35.000000000 -0400
22030@@ -503,47 +503,47 @@ static struct scsi_host_template sis_sht
22031 ATA_BMDMA_SHT(DRV_NAME),
22032 };
22033
22034-static struct ata_port_operations sis_133_for_sata_ops = {
22035+static const struct ata_port_operations sis_133_for_sata_ops = {
22036 .inherits = &ata_bmdma_port_ops,
22037 .set_piomode = sis_133_set_piomode,
22038 .set_dmamode = sis_133_set_dmamode,
22039 .cable_detect = sis_133_cable_detect,
22040 };
22041
22042-static struct ata_port_operations sis_base_ops = {
22043+static const struct ata_port_operations sis_base_ops = {
22044 .inherits = &ata_bmdma_port_ops,
22045 .prereset = sis_pre_reset,
22046 };
22047
22048-static struct ata_port_operations sis_133_ops = {
22049+static const struct ata_port_operations sis_133_ops = {
22050 .inherits = &sis_base_ops,
22051 .set_piomode = sis_133_set_piomode,
22052 .set_dmamode = sis_133_set_dmamode,
22053 .cable_detect = sis_133_cable_detect,
22054 };
22055
22056-static struct ata_port_operations sis_133_early_ops = {
22057+static const struct ata_port_operations sis_133_early_ops = {
22058 .inherits = &sis_base_ops,
22059 .set_piomode = sis_100_set_piomode,
22060 .set_dmamode = sis_133_early_set_dmamode,
22061 .cable_detect = sis_66_cable_detect,
22062 };
22063
22064-static struct ata_port_operations sis_100_ops = {
22065+static const struct ata_port_operations sis_100_ops = {
22066 .inherits = &sis_base_ops,
22067 .set_piomode = sis_100_set_piomode,
22068 .set_dmamode = sis_100_set_dmamode,
22069 .cable_detect = sis_66_cable_detect,
22070 };
22071
22072-static struct ata_port_operations sis_66_ops = {
22073+static const struct ata_port_operations sis_66_ops = {
22074 .inherits = &sis_base_ops,
22075 .set_piomode = sis_old_set_piomode,
22076 .set_dmamode = sis_66_set_dmamode,
22077 .cable_detect = sis_66_cable_detect,
22078 };
22079
22080-static struct ata_port_operations sis_old_ops = {
22081+static const struct ata_port_operations sis_old_ops = {
22082 .inherits = &sis_base_ops,
22083 .set_piomode = sis_old_set_piomode,
22084 .set_dmamode = sis_old_set_dmamode,
22085diff -urNp linux-2.6.38.2/drivers/ata/pata_sl82c105.c linux-2.6.38.2/drivers/ata/pata_sl82c105.c
22086--- linux-2.6.38.2/drivers/ata/pata_sl82c105.c 2011-03-14 21:20:32.000000000 -0400
22087+++ linux-2.6.38.2/drivers/ata/pata_sl82c105.c 2011-03-21 18:31:35.000000000 -0400
22088@@ -241,7 +241,7 @@ static struct scsi_host_template sl82c10
22089 ATA_BMDMA_SHT(DRV_NAME),
22090 };
22091
22092-static struct ata_port_operations sl82c105_port_ops = {
22093+static const struct ata_port_operations sl82c105_port_ops = {
22094 .inherits = &ata_bmdma_port_ops,
22095 .qc_defer = sl82c105_qc_defer,
22096 .bmdma_start = sl82c105_bmdma_start,
22097diff -urNp linux-2.6.38.2/drivers/ata/pata_triflex.c linux-2.6.38.2/drivers/ata/pata_triflex.c
22098--- linux-2.6.38.2/drivers/ata/pata_triflex.c 2011-03-14 21:20:32.000000000 -0400
22099+++ linux-2.6.38.2/drivers/ata/pata_triflex.c 2011-03-21 18:31:35.000000000 -0400
22100@@ -178,7 +178,7 @@ static struct scsi_host_template triflex
22101 ATA_BMDMA_SHT(DRV_NAME),
22102 };
22103
22104-static struct ata_port_operations triflex_port_ops = {
22105+static const struct ata_port_operations triflex_port_ops = {
22106 .inherits = &ata_bmdma_port_ops,
22107 .bmdma_start = triflex_bmdma_start,
22108 .bmdma_stop = triflex_bmdma_stop,
22109diff -urNp linux-2.6.38.2/drivers/ata/pata_via.c linux-2.6.38.2/drivers/ata/pata_via.c
22110--- linux-2.6.38.2/drivers/ata/pata_via.c 2011-03-14 21:20:32.000000000 -0400
22111+++ linux-2.6.38.2/drivers/ata/pata_via.c 2011-03-21 18:31:35.000000000 -0400
22112@@ -441,7 +441,7 @@ static struct scsi_host_template via_sht
22113 ATA_BMDMA_SHT(DRV_NAME),
22114 };
22115
22116-static struct ata_port_operations via_port_ops = {
22117+static const struct ata_port_operations via_port_ops = {
22118 .inherits = &ata_bmdma_port_ops,
22119 .cable_detect = via_cable_detect,
22120 .set_piomode = via_set_piomode,
22121@@ -452,7 +452,7 @@ static struct ata_port_operations via_po
22122 .mode_filter = via_mode_filter,
22123 };
22124
22125-static struct ata_port_operations via_port_ops_noirq = {
22126+static const struct ata_port_operations via_port_ops_noirq = {
22127 .inherits = &via_port_ops,
22128 .sff_data_xfer = ata_sff_data_xfer_noirq,
22129 };
22130diff -urNp linux-2.6.38.2/drivers/ata/pdc_adma.c linux-2.6.38.2/drivers/ata/pdc_adma.c
22131--- linux-2.6.38.2/drivers/ata/pdc_adma.c 2011-03-14 21:20:32.000000000 -0400
22132+++ linux-2.6.38.2/drivers/ata/pdc_adma.c 2011-03-21 18:31:35.000000000 -0400
22133@@ -146,7 +146,7 @@ static struct scsi_host_template adma_at
22134 .dma_boundary = ADMA_DMA_BOUNDARY,
22135 };
22136
22137-static struct ata_port_operations adma_ata_ops = {
22138+static const struct ata_port_operations adma_ata_ops = {
22139 .inherits = &ata_sff_port_ops,
22140
22141 .lost_interrupt = ATA_OP_NULL,
22142diff -urNp linux-2.6.38.2/drivers/ata/sata_dwc_460ex.c linux-2.6.38.2/drivers/ata/sata_dwc_460ex.c
22143--- linux-2.6.38.2/drivers/ata/sata_dwc_460ex.c 2011-03-14 21:20:32.000000000 -0400
22144+++ linux-2.6.38.2/drivers/ata/sata_dwc_460ex.c 2011-03-21 18:31:35.000000000 -0400
22145@@ -1560,7 +1560,7 @@ static struct scsi_host_template sata_dw
22146 .dma_boundary = ATA_DMA_BOUNDARY,
22147 };
22148
22149-static struct ata_port_operations sata_dwc_ops = {
22150+static const struct ata_port_operations sata_dwc_ops = {
22151 .inherits = &ata_sff_port_ops,
22152
22153 .error_handler = sata_dwc_error_handler,
22154diff -urNp linux-2.6.38.2/drivers/ata/sata_fsl.c linux-2.6.38.2/drivers/ata/sata_fsl.c
22155--- linux-2.6.38.2/drivers/ata/sata_fsl.c 2011-03-14 21:20:32.000000000 -0400
22156+++ linux-2.6.38.2/drivers/ata/sata_fsl.c 2011-03-21 18:31:35.000000000 -0400
22157@@ -1258,7 +1258,7 @@ static struct scsi_host_template sata_fs
22158 .dma_boundary = ATA_DMA_BOUNDARY,
22159 };
22160
22161-static struct ata_port_operations sata_fsl_ops = {
22162+static const struct ata_port_operations sata_fsl_ops = {
22163 .inherits = &sata_pmp_port_ops,
22164
22165 .qc_defer = ata_std_qc_defer,
22166diff -urNp linux-2.6.38.2/drivers/ata/sata_inic162x.c linux-2.6.38.2/drivers/ata/sata_inic162x.c
22167--- linux-2.6.38.2/drivers/ata/sata_inic162x.c 2011-03-14 21:20:32.000000000 -0400
22168+++ linux-2.6.38.2/drivers/ata/sata_inic162x.c 2011-03-21 18:31:35.000000000 -0400
22169@@ -705,7 +705,7 @@ static int inic_port_start(struct ata_po
22170 return 0;
22171 }
22172
22173-static struct ata_port_operations inic_port_ops = {
22174+static const struct ata_port_operations inic_port_ops = {
22175 .inherits = &sata_port_ops,
22176
22177 .check_atapi_dma = inic_check_atapi_dma,
22178diff -urNp linux-2.6.38.2/drivers/ata/sata_mv.c linux-2.6.38.2/drivers/ata/sata_mv.c
22179--- linux-2.6.38.2/drivers/ata/sata_mv.c 2011-03-14 21:20:32.000000000 -0400
22180+++ linux-2.6.38.2/drivers/ata/sata_mv.c 2011-03-21 18:31:35.000000000 -0400
22181@@ -663,7 +663,7 @@ static struct scsi_host_template mv6_sht
22182 .dma_boundary = MV_DMA_BOUNDARY,
22183 };
22184
22185-static struct ata_port_operations mv5_ops = {
22186+static const struct ata_port_operations mv5_ops = {
22187 .inherits = &ata_sff_port_ops,
22188
22189 .lost_interrupt = ATA_OP_NULL,
22190@@ -683,7 +683,7 @@ static struct ata_port_operations mv5_op
22191 .port_stop = mv_port_stop,
22192 };
22193
22194-static struct ata_port_operations mv6_ops = {
22195+static const struct ata_port_operations mv6_ops = {
22196 .inherits = &ata_bmdma_port_ops,
22197
22198 .lost_interrupt = ATA_OP_NULL,
22199@@ -717,7 +717,7 @@ static struct ata_port_operations mv6_op
22200 .port_stop = mv_port_stop,
22201 };
22202
22203-static struct ata_port_operations mv_iie_ops = {
22204+static const struct ata_port_operations mv_iie_ops = {
22205 .inherits = &mv6_ops,
22206 .dev_config = ATA_OP_NULL,
22207 .qc_prep = mv_qc_prep_iie,
22208diff -urNp linux-2.6.38.2/drivers/ata/sata_nv.c linux-2.6.38.2/drivers/ata/sata_nv.c
22209--- linux-2.6.38.2/drivers/ata/sata_nv.c 2011-03-14 21:20:32.000000000 -0400
22210+++ linux-2.6.38.2/drivers/ata/sata_nv.c 2011-03-21 18:31:35.000000000 -0400
22211@@ -465,7 +465,7 @@ static struct scsi_host_template nv_swnc
22212 * cases. Define nv_hardreset() which only kicks in for post-boot
22213 * probing and use it for all variants.
22214 */
22215-static struct ata_port_operations nv_generic_ops = {
22216+static const struct ata_port_operations nv_generic_ops = {
22217 .inherits = &ata_bmdma_port_ops,
22218 .lost_interrupt = ATA_OP_NULL,
22219 .scr_read = nv_scr_read,
22220@@ -473,20 +473,20 @@ static struct ata_port_operations nv_gen
22221 .hardreset = nv_hardreset,
22222 };
22223
22224-static struct ata_port_operations nv_nf2_ops = {
22225+static const struct ata_port_operations nv_nf2_ops = {
22226 .inherits = &nv_generic_ops,
22227 .freeze = nv_nf2_freeze,
22228 .thaw = nv_nf2_thaw,
22229 };
22230
22231-static struct ata_port_operations nv_ck804_ops = {
22232+static const struct ata_port_operations nv_ck804_ops = {
22233 .inherits = &nv_generic_ops,
22234 .freeze = nv_ck804_freeze,
22235 .thaw = nv_ck804_thaw,
22236 .host_stop = nv_ck804_host_stop,
22237 };
22238
22239-static struct ata_port_operations nv_adma_ops = {
22240+static const struct ata_port_operations nv_adma_ops = {
22241 .inherits = &nv_ck804_ops,
22242
22243 .check_atapi_dma = nv_adma_check_atapi_dma,
22244@@ -510,7 +510,7 @@ static struct ata_port_operations nv_adm
22245 .host_stop = nv_adma_host_stop,
22246 };
22247
22248-static struct ata_port_operations nv_swncq_ops = {
22249+static const struct ata_port_operations nv_swncq_ops = {
22250 .inherits = &nv_generic_ops,
22251
22252 .qc_defer = ata_std_qc_defer,
22253diff -urNp linux-2.6.38.2/drivers/ata/sata_promise.c linux-2.6.38.2/drivers/ata/sata_promise.c
22254--- linux-2.6.38.2/drivers/ata/sata_promise.c 2011-03-14 21:20:32.000000000 -0400
22255+++ linux-2.6.38.2/drivers/ata/sata_promise.c 2011-03-21 18:31:35.000000000 -0400
22256@@ -196,7 +196,7 @@ static const struct ata_port_operations
22257 .error_handler = pdc_error_handler,
22258 };
22259
22260-static struct ata_port_operations pdc_sata_ops = {
22261+static const struct ata_port_operations pdc_sata_ops = {
22262 .inherits = &pdc_common_ops,
22263 .cable_detect = pdc_sata_cable_detect,
22264 .freeze = pdc_sata_freeze,
22265@@ -209,14 +209,14 @@ static struct ata_port_operations pdc_sa
22266
22267 /* First-generation chips need a more restrictive ->check_atapi_dma op,
22268 and ->freeze/thaw that ignore the hotplug controls. */
22269-static struct ata_port_operations pdc_old_sata_ops = {
22270+static const struct ata_port_operations pdc_old_sata_ops = {
22271 .inherits = &pdc_sata_ops,
22272 .freeze = pdc_freeze,
22273 .thaw = pdc_thaw,
22274 .check_atapi_dma = pdc_old_sata_check_atapi_dma,
22275 };
22276
22277-static struct ata_port_operations pdc_pata_ops = {
22278+static const struct ata_port_operations pdc_pata_ops = {
22279 .inherits = &pdc_common_ops,
22280 .cable_detect = pdc_pata_cable_detect,
22281 .freeze = pdc_freeze,
22282diff -urNp linux-2.6.38.2/drivers/ata/sata_qstor.c linux-2.6.38.2/drivers/ata/sata_qstor.c
22283--- linux-2.6.38.2/drivers/ata/sata_qstor.c 2011-03-14 21:20:32.000000000 -0400
22284+++ linux-2.6.38.2/drivers/ata/sata_qstor.c 2011-03-21 18:31:35.000000000 -0400
22285@@ -131,7 +131,7 @@ static struct scsi_host_template qs_ata_
22286 .dma_boundary = QS_DMA_BOUNDARY,
22287 };
22288
22289-static struct ata_port_operations qs_ata_ops = {
22290+static const struct ata_port_operations qs_ata_ops = {
22291 .inherits = &ata_sff_port_ops,
22292
22293 .check_atapi_dma = qs_check_atapi_dma,
22294diff -urNp linux-2.6.38.2/drivers/ata/sata_sil24.c linux-2.6.38.2/drivers/ata/sata_sil24.c
22295--- linux-2.6.38.2/drivers/ata/sata_sil24.c 2011-03-14 21:20:32.000000000 -0400
22296+++ linux-2.6.38.2/drivers/ata/sata_sil24.c 2011-03-21 18:31:35.000000000 -0400
22297@@ -389,7 +389,7 @@ static struct scsi_host_template sil24_s
22298 .dma_boundary = ATA_DMA_BOUNDARY,
22299 };
22300
22301-static struct ata_port_operations sil24_ops = {
22302+static const struct ata_port_operations sil24_ops = {
22303 .inherits = &sata_pmp_port_ops,
22304
22305 .qc_defer = sil24_qc_defer,
22306diff -urNp linux-2.6.38.2/drivers/ata/sata_sil.c linux-2.6.38.2/drivers/ata/sata_sil.c
22307--- linux-2.6.38.2/drivers/ata/sata_sil.c 2011-03-14 21:20:32.000000000 -0400
22308+++ linux-2.6.38.2/drivers/ata/sata_sil.c 2011-03-21 18:31:35.000000000 -0400
22309@@ -182,7 +182,7 @@ static struct scsi_host_template sil_sht
22310 .sg_tablesize = ATA_MAX_PRD
22311 };
22312
22313-static struct ata_port_operations sil_ops = {
22314+static const struct ata_port_operations sil_ops = {
22315 .inherits = &ata_bmdma32_port_ops,
22316 .dev_config = sil_dev_config,
22317 .set_mode = sil_set_mode,
22318diff -urNp linux-2.6.38.2/drivers/ata/sata_sis.c linux-2.6.38.2/drivers/ata/sata_sis.c
22319--- linux-2.6.38.2/drivers/ata/sata_sis.c 2011-03-14 21:20:32.000000000 -0400
22320+++ linux-2.6.38.2/drivers/ata/sata_sis.c 2011-03-21 18:31:35.000000000 -0400
22321@@ -89,7 +89,7 @@ static struct scsi_host_template sis_sht
22322 ATA_BMDMA_SHT(DRV_NAME),
22323 };
22324
22325-static struct ata_port_operations sis_ops = {
22326+static const struct ata_port_operations sis_ops = {
22327 .inherits = &ata_bmdma_port_ops,
22328 .scr_read = sis_scr_read,
22329 .scr_write = sis_scr_write,
22330diff -urNp linux-2.6.38.2/drivers/ata/sata_svw.c linux-2.6.38.2/drivers/ata/sata_svw.c
22331--- linux-2.6.38.2/drivers/ata/sata_svw.c 2011-03-14 21:20:32.000000000 -0400
22332+++ linux-2.6.38.2/drivers/ata/sata_svw.c 2011-03-21 18:31:35.000000000 -0400
22333@@ -344,7 +344,7 @@ static struct scsi_host_template k2_sata
22334 };
22335
22336
22337-static struct ata_port_operations k2_sata_ops = {
22338+static const struct ata_port_operations k2_sata_ops = {
22339 .inherits = &ata_bmdma_port_ops,
22340 .sff_tf_load = k2_sata_tf_load,
22341 .sff_tf_read = k2_sata_tf_read,
22342diff -urNp linux-2.6.38.2/drivers/ata/sata_sx4.c linux-2.6.38.2/drivers/ata/sata_sx4.c
22343--- linux-2.6.38.2/drivers/ata/sata_sx4.c 2011-03-14 21:20:32.000000000 -0400
22344+++ linux-2.6.38.2/drivers/ata/sata_sx4.c 2011-03-21 18:31:35.000000000 -0400
22345@@ -249,7 +249,7 @@ static struct scsi_host_template pdc_sat
22346 };
22347
22348 /* TODO: inherit from base port_ops after converting to new EH */
22349-static struct ata_port_operations pdc_20621_ops = {
22350+static const struct ata_port_operations pdc_20621_ops = {
22351 .inherits = &ata_sff_port_ops,
22352
22353 .check_atapi_dma = pdc_check_atapi_dma,
22354diff -urNp linux-2.6.38.2/drivers/ata/sata_uli.c linux-2.6.38.2/drivers/ata/sata_uli.c
22355--- linux-2.6.38.2/drivers/ata/sata_uli.c 2011-03-14 21:20:32.000000000 -0400
22356+++ linux-2.6.38.2/drivers/ata/sata_uli.c 2011-03-21 18:31:35.000000000 -0400
22357@@ -80,7 +80,7 @@ static struct scsi_host_template uli_sht
22358 ATA_BMDMA_SHT(DRV_NAME),
22359 };
22360
22361-static struct ata_port_operations uli_ops = {
22362+static const struct ata_port_operations uli_ops = {
22363 .inherits = &ata_bmdma_port_ops,
22364 .scr_read = uli_scr_read,
22365 .scr_write = uli_scr_write,
22366diff -urNp linux-2.6.38.2/drivers/ata/sata_via.c linux-2.6.38.2/drivers/ata/sata_via.c
22367--- linux-2.6.38.2/drivers/ata/sata_via.c 2011-03-14 21:20:32.000000000 -0400
22368+++ linux-2.6.38.2/drivers/ata/sata_via.c 2011-03-21 18:31:35.000000000 -0400
22369@@ -115,32 +115,32 @@ static struct scsi_host_template svia_sh
22370 ATA_BMDMA_SHT(DRV_NAME),
22371 };
22372
22373-static struct ata_port_operations svia_base_ops = {
22374+static const struct ata_port_operations svia_base_ops = {
22375 .inherits = &ata_bmdma_port_ops,
22376 .sff_tf_load = svia_tf_load,
22377 };
22378
22379-static struct ata_port_operations vt6420_sata_ops = {
22380+static const struct ata_port_operations vt6420_sata_ops = {
22381 .inherits = &svia_base_ops,
22382 .freeze = svia_noop_freeze,
22383 .prereset = vt6420_prereset,
22384 .bmdma_start = vt6420_bmdma_start,
22385 };
22386
22387-static struct ata_port_operations vt6421_pata_ops = {
22388+static const struct ata_port_operations vt6421_pata_ops = {
22389 .inherits = &svia_base_ops,
22390 .cable_detect = vt6421_pata_cable_detect,
22391 .set_piomode = vt6421_set_pio_mode,
22392 .set_dmamode = vt6421_set_dma_mode,
22393 };
22394
22395-static struct ata_port_operations vt6421_sata_ops = {
22396+static const struct ata_port_operations vt6421_sata_ops = {
22397 .inherits = &svia_base_ops,
22398 .scr_read = svia_scr_read,
22399 .scr_write = svia_scr_write,
22400 };
22401
22402-static struct ata_port_operations vt8251_ops = {
22403+static const struct ata_port_operations vt8251_ops = {
22404 .inherits = &svia_base_ops,
22405 .hardreset = sata_std_hardreset,
22406 .scr_read = vt8251_scr_read,
22407diff -urNp linux-2.6.38.2/drivers/ata/sata_vsc.c linux-2.6.38.2/drivers/ata/sata_vsc.c
22408--- linux-2.6.38.2/drivers/ata/sata_vsc.c 2011-03-14 21:20:32.000000000 -0400
22409+++ linux-2.6.38.2/drivers/ata/sata_vsc.c 2011-03-21 18:31:35.000000000 -0400
22410@@ -300,7 +300,7 @@ static struct scsi_host_template vsc_sat
22411 };
22412
22413
22414-static struct ata_port_operations vsc_sata_ops = {
22415+static const struct ata_port_operations vsc_sata_ops = {
22416 .inherits = &ata_bmdma_port_ops,
22417 /* The IRQ handling is not quite standard SFF behaviour so we
22418 cannot use the default lost interrupt handler */
22419diff -urNp linux-2.6.38.2/drivers/atm/adummy.c linux-2.6.38.2/drivers/atm/adummy.c
22420--- linux-2.6.38.2/drivers/atm/adummy.c 2011-03-14 21:20:32.000000000 -0400
22421+++ linux-2.6.38.2/drivers/atm/adummy.c 2011-03-21 18:31:35.000000000 -0400
22422@@ -114,7 +114,7 @@ adummy_send(struct atm_vcc *vcc, struct
22423 vcc->pop(vcc, skb);
22424 else
22425 dev_kfree_skb_any(skb);
22426- atomic_inc(&vcc->stats->tx);
22427+ atomic_inc_unchecked(&vcc->stats->tx);
22428
22429 return 0;
22430 }
22431diff -urNp linux-2.6.38.2/drivers/atm/ambassador.c linux-2.6.38.2/drivers/atm/ambassador.c
22432--- linux-2.6.38.2/drivers/atm/ambassador.c 2011-03-14 21:20:32.000000000 -0400
22433+++ linux-2.6.38.2/drivers/atm/ambassador.c 2011-03-21 18:31:35.000000000 -0400
22434@@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev,
22435 PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx);
22436
22437 // VC layer stats
22438- atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
22439+ atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
22440
22441 // free the descriptor
22442 kfree (tx_descr);
22443@@ -495,7 +495,7 @@ static void rx_complete (amb_dev * dev,
22444 dump_skb ("<<<", vc, skb);
22445
22446 // VC layer stats
22447- atomic_inc(&atm_vcc->stats->rx);
22448+ atomic_inc_unchecked(&atm_vcc->stats->rx);
22449 __net_timestamp(skb);
22450 // end of our responsability
22451 atm_vcc->push (atm_vcc, skb);
22452@@ -510,7 +510,7 @@ static void rx_complete (amb_dev * dev,
22453 } else {
22454 PRINTK (KERN_INFO, "dropped over-size frame");
22455 // should we count this?
22456- atomic_inc(&atm_vcc->stats->rx_drop);
22457+ atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
22458 }
22459
22460 } else {
22461@@ -1342,7 +1342,7 @@ static int amb_send (struct atm_vcc * at
22462 }
22463
22464 if (check_area (skb->data, skb->len)) {
22465- atomic_inc(&atm_vcc->stats->tx_err);
22466+ atomic_inc_unchecked(&atm_vcc->stats->tx_err);
22467 return -ENOMEM; // ?
22468 }
22469
22470diff -urNp linux-2.6.38.2/drivers/atm/atmtcp.c linux-2.6.38.2/drivers/atm/atmtcp.c
22471--- linux-2.6.38.2/drivers/atm/atmtcp.c 2011-03-14 21:20:32.000000000 -0400
22472+++ linux-2.6.38.2/drivers/atm/atmtcp.c 2011-03-21 18:31:35.000000000 -0400
22473@@ -207,7 +207,7 @@ static int atmtcp_v_send(struct atm_vcc
22474 if (vcc->pop) vcc->pop(vcc,skb);
22475 else dev_kfree_skb(skb);
22476 if (dev_data) return 0;
22477- atomic_inc(&vcc->stats->tx_err);
22478+ atomic_inc_unchecked(&vcc->stats->tx_err);
22479 return -ENOLINK;
22480 }
22481 size = skb->len+sizeof(struct atmtcp_hdr);
22482@@ -215,7 +215,7 @@ static int atmtcp_v_send(struct atm_vcc
22483 if (!new_skb) {
22484 if (vcc->pop) vcc->pop(vcc,skb);
22485 else dev_kfree_skb(skb);
22486- atomic_inc(&vcc->stats->tx_err);
22487+ atomic_inc_unchecked(&vcc->stats->tx_err);
22488 return -ENOBUFS;
22489 }
22490 hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
22491@@ -226,8 +226,8 @@ static int atmtcp_v_send(struct atm_vcc
22492 if (vcc->pop) vcc->pop(vcc,skb);
22493 else dev_kfree_skb(skb);
22494 out_vcc->push(out_vcc,new_skb);
22495- atomic_inc(&vcc->stats->tx);
22496- atomic_inc(&out_vcc->stats->rx);
22497+ atomic_inc_unchecked(&vcc->stats->tx);
22498+ atomic_inc_unchecked(&out_vcc->stats->rx);
22499 return 0;
22500 }
22501
22502@@ -301,7 +301,7 @@ static int atmtcp_c_send(struct atm_vcc
22503 out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci));
22504 read_unlock(&vcc_sklist_lock);
22505 if (!out_vcc) {
22506- atomic_inc(&vcc->stats->tx_err);
22507+ atomic_inc_unchecked(&vcc->stats->tx_err);
22508 goto done;
22509 }
22510 skb_pull(skb,sizeof(struct atmtcp_hdr));
22511@@ -313,8 +313,8 @@ static int atmtcp_c_send(struct atm_vcc
22512 __net_timestamp(new_skb);
22513 skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
22514 out_vcc->push(out_vcc,new_skb);
22515- atomic_inc(&vcc->stats->tx);
22516- atomic_inc(&out_vcc->stats->rx);
22517+ atomic_inc_unchecked(&vcc->stats->tx);
22518+ atomic_inc_unchecked(&out_vcc->stats->rx);
22519 done:
22520 if (vcc->pop) vcc->pop(vcc,skb);
22521 else dev_kfree_skb(skb);
22522diff -urNp linux-2.6.38.2/drivers/atm/eni.c linux-2.6.38.2/drivers/atm/eni.c
22523--- linux-2.6.38.2/drivers/atm/eni.c 2011-03-14 21:20:32.000000000 -0400
22524+++ linux-2.6.38.2/drivers/atm/eni.c 2011-03-21 18:31:35.000000000 -0400
22525@@ -526,7 +526,7 @@ static int rx_aal0(struct atm_vcc *vcc)
22526 DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n",
22527 vcc->dev->number);
22528 length = 0;
22529- atomic_inc(&vcc->stats->rx_err);
22530+ atomic_inc_unchecked(&vcc->stats->rx_err);
22531 }
22532 else {
22533 length = ATM_CELL_SIZE-1; /* no HEC */
22534@@ -581,7 +581,7 @@ static int rx_aal5(struct atm_vcc *vcc)
22535 size);
22536 }
22537 eff = length = 0;
22538- atomic_inc(&vcc->stats->rx_err);
22539+ atomic_inc_unchecked(&vcc->stats->rx_err);
22540 }
22541 else {
22542 size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2);
22543@@ -598,7 +598,7 @@ static int rx_aal5(struct atm_vcc *vcc)
22544 "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n",
22545 vcc->dev->number,vcc->vci,length,size << 2,descr);
22546 length = eff = 0;
22547- atomic_inc(&vcc->stats->rx_err);
22548+ atomic_inc_unchecked(&vcc->stats->rx_err);
22549 }
22550 }
22551 skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL;
22552@@ -771,7 +771,7 @@ rx_dequeued++;
22553 vcc->push(vcc,skb);
22554 pushed++;
22555 }
22556- atomic_inc(&vcc->stats->rx);
22557+ atomic_inc_unchecked(&vcc->stats->rx);
22558 }
22559 wake_up(&eni_dev->rx_wait);
22560 }
22561@@ -1228,7 +1228,7 @@ static void dequeue_tx(struct atm_dev *d
22562 PCI_DMA_TODEVICE);
22563 if (vcc->pop) vcc->pop(vcc,skb);
22564 else dev_kfree_skb_irq(skb);
22565- atomic_inc(&vcc->stats->tx);
22566+ atomic_inc_unchecked(&vcc->stats->tx);
22567 wake_up(&eni_dev->tx_wait);
22568 dma_complete++;
22569 }
22570diff -urNp linux-2.6.38.2/drivers/atm/firestream.c linux-2.6.38.2/drivers/atm/firestream.c
22571--- linux-2.6.38.2/drivers/atm/firestream.c 2011-03-14 21:20:32.000000000 -0400
22572+++ linux-2.6.38.2/drivers/atm/firestream.c 2011-03-21 18:31:35.000000000 -0400
22573@@ -749,7 +749,7 @@ static void process_txdone_queue (struct
22574 }
22575 }
22576
22577- atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
22578+ atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
22579
22580 fs_dprintk (FS_DEBUG_TXMEM, "i");
22581 fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
22582@@ -816,7 +816,7 @@ static void process_incoming (struct fs_
22583 #endif
22584 skb_put (skb, qe->p1 & 0xffff);
22585 ATM_SKB(skb)->vcc = atm_vcc;
22586- atomic_inc(&atm_vcc->stats->rx);
22587+ atomic_inc_unchecked(&atm_vcc->stats->rx);
22588 __net_timestamp(skb);
22589 fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
22590 atm_vcc->push (atm_vcc, skb);
22591@@ -837,12 +837,12 @@ static void process_incoming (struct fs_
22592 kfree (pe);
22593 }
22594 if (atm_vcc)
22595- atomic_inc(&atm_vcc->stats->rx_drop);
22596+ atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
22597 break;
22598 case 0x1f: /* Reassembly abort: no buffers. */
22599 /* Silently increment error counter. */
22600 if (atm_vcc)
22601- atomic_inc(&atm_vcc->stats->rx_drop);
22602+ atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
22603 break;
22604 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
22605 printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n",
22606diff -urNp linux-2.6.38.2/drivers/atm/fore200e.c linux-2.6.38.2/drivers/atm/fore200e.c
22607--- linux-2.6.38.2/drivers/atm/fore200e.c 2011-03-14 21:20:32.000000000 -0400
22608+++ linux-2.6.38.2/drivers/atm/fore200e.c 2011-03-21 18:31:35.000000000 -0400
22609@@ -933,9 +933,9 @@ fore200e_tx_irq(struct fore200e* fore200
22610 #endif
22611 /* check error condition */
22612 if (*entry->status & STATUS_ERROR)
22613- atomic_inc(&vcc->stats->tx_err);
22614+ atomic_inc_unchecked(&vcc->stats->tx_err);
22615 else
22616- atomic_inc(&vcc->stats->tx);
22617+ atomic_inc_unchecked(&vcc->stats->tx);
22618 }
22619 }
22620
22621@@ -1084,7 +1084,7 @@ fore200e_push_rpd(struct fore200e* fore2
22622 if (skb == NULL) {
22623 DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
22624
22625- atomic_inc(&vcc->stats->rx_drop);
22626+ atomic_inc_unchecked(&vcc->stats->rx_drop);
22627 return -ENOMEM;
22628 }
22629
22630@@ -1127,14 +1127,14 @@ fore200e_push_rpd(struct fore200e* fore2
22631
22632 dev_kfree_skb_any(skb);
22633
22634- atomic_inc(&vcc->stats->rx_drop);
22635+ atomic_inc_unchecked(&vcc->stats->rx_drop);
22636 return -ENOMEM;
22637 }
22638
22639 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
22640
22641 vcc->push(vcc, skb);
22642- atomic_inc(&vcc->stats->rx);
22643+ atomic_inc_unchecked(&vcc->stats->rx);
22644
22645 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
22646
22647@@ -1212,7 +1212,7 @@ fore200e_rx_irq(struct fore200e* fore200
22648 DPRINTK(2, "damaged PDU on %d.%d.%d\n",
22649 fore200e->atm_dev->number,
22650 entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
22651- atomic_inc(&vcc->stats->rx_err);
22652+ atomic_inc_unchecked(&vcc->stats->rx_err);
22653 }
22654 }
22655
22656@@ -1657,7 +1657,7 @@ fore200e_send(struct atm_vcc *vcc, struc
22657 goto retry_here;
22658 }
22659
22660- atomic_inc(&vcc->stats->tx_err);
22661+ atomic_inc_unchecked(&vcc->stats->tx_err);
22662
22663 fore200e->tx_sat++;
22664 DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
22665diff -urNp linux-2.6.38.2/drivers/atm/he.c linux-2.6.38.2/drivers/atm/he.c
22666--- linux-2.6.38.2/drivers/atm/he.c 2011-03-14 21:20:32.000000000 -0400
22667+++ linux-2.6.38.2/drivers/atm/he.c 2011-03-21 18:31:35.000000000 -0400
22668@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, i
22669
22670 if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
22671 hprintk("HBUF_ERR! (cid 0x%x)\n", cid);
22672- atomic_inc(&vcc->stats->rx_drop);
22673+ atomic_inc_unchecked(&vcc->stats->rx_drop);
22674 goto return_host_buffers;
22675 }
22676
22677@@ -1736,7 +1736,7 @@ he_service_rbrq(struct he_dev *he_dev, i
22678 RBRQ_LEN_ERR(he_dev->rbrq_head)
22679 ? "LEN_ERR" : "",
22680 vcc->vpi, vcc->vci);
22681- atomic_inc(&vcc->stats->rx_err);
22682+ atomic_inc_unchecked(&vcc->stats->rx_err);
22683 goto return_host_buffers;
22684 }
22685
22686@@ -1788,7 +1788,7 @@ he_service_rbrq(struct he_dev *he_dev, i
22687 vcc->push(vcc, skb);
22688 spin_lock(&he_dev->global_lock);
22689
22690- atomic_inc(&vcc->stats->rx);
22691+ atomic_inc_unchecked(&vcc->stats->rx);
22692
22693 return_host_buffers:
22694 ++pdus_assembled;
22695@@ -2114,7 +2114,7 @@ __enqueue_tpd(struct he_dev *he_dev, str
22696 tpd->vcc->pop(tpd->vcc, tpd->skb);
22697 else
22698 dev_kfree_skb_any(tpd->skb);
22699- atomic_inc(&tpd->vcc->stats->tx_err);
22700+ atomic_inc_unchecked(&tpd->vcc->stats->tx_err);
22701 }
22702 pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
22703 return;
22704@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
22705 vcc->pop(vcc, skb);
22706 else
22707 dev_kfree_skb_any(skb);
22708- atomic_inc(&vcc->stats->tx_err);
22709+ atomic_inc_unchecked(&vcc->stats->tx_err);
22710 return -EINVAL;
22711 }
22712
22713@@ -2537,7 +2537,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
22714 vcc->pop(vcc, skb);
22715 else
22716 dev_kfree_skb_any(skb);
22717- atomic_inc(&vcc->stats->tx_err);
22718+ atomic_inc_unchecked(&vcc->stats->tx_err);
22719 return -EINVAL;
22720 }
22721 #endif
22722@@ -2549,7 +2549,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
22723 vcc->pop(vcc, skb);
22724 else
22725 dev_kfree_skb_any(skb);
22726- atomic_inc(&vcc->stats->tx_err);
22727+ atomic_inc_unchecked(&vcc->stats->tx_err);
22728 spin_unlock_irqrestore(&he_dev->global_lock, flags);
22729 return -ENOMEM;
22730 }
22731@@ -2591,7 +2591,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
22732 vcc->pop(vcc, skb);
22733 else
22734 dev_kfree_skb_any(skb);
22735- atomic_inc(&vcc->stats->tx_err);
22736+ atomic_inc_unchecked(&vcc->stats->tx_err);
22737 spin_unlock_irqrestore(&he_dev->global_lock, flags);
22738 return -ENOMEM;
22739 }
22740@@ -2622,7 +2622,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
22741 __enqueue_tpd(he_dev, tpd, cid);
22742 spin_unlock_irqrestore(&he_dev->global_lock, flags);
22743
22744- atomic_inc(&vcc->stats->tx);
22745+ atomic_inc_unchecked(&vcc->stats->tx);
22746
22747 return 0;
22748 }
22749diff -urNp linux-2.6.38.2/drivers/atm/horizon.c linux-2.6.38.2/drivers/atm/horizon.c
22750--- linux-2.6.38.2/drivers/atm/horizon.c 2011-03-14 21:20:32.000000000 -0400
22751+++ linux-2.6.38.2/drivers/atm/horizon.c 2011-03-21 18:31:35.000000000 -0400
22752@@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev,
22753 {
22754 struct atm_vcc * vcc = ATM_SKB(skb)->vcc;
22755 // VC layer stats
22756- atomic_inc(&vcc->stats->rx);
22757+ atomic_inc_unchecked(&vcc->stats->rx);
22758 __net_timestamp(skb);
22759 // end of our responsability
22760 vcc->push (vcc, skb);
22761@@ -1186,7 +1186,7 @@ static void tx_schedule (hrz_dev * const
22762 dev->tx_iovec = NULL;
22763
22764 // VC layer stats
22765- atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
22766+ atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
22767
22768 // free the skb
22769 hrz_kfree_skb (skb);
22770diff -urNp linux-2.6.38.2/drivers/atm/idt77252.c linux-2.6.38.2/drivers/atm/idt77252.c
22771--- linux-2.6.38.2/drivers/atm/idt77252.c 2011-03-14 21:20:32.000000000 -0400
22772+++ linux-2.6.38.2/drivers/atm/idt77252.c 2011-03-21 18:31:35.000000000 -0400
22773@@ -811,7 +811,7 @@ drain_scq(struct idt77252_dev *card, str
22774 else
22775 dev_kfree_skb(skb);
22776
22777- atomic_inc(&vcc->stats->tx);
22778+ atomic_inc_unchecked(&vcc->stats->tx);
22779 }
22780
22781 atomic_dec(&scq->used);
22782@@ -1074,13 +1074,13 @@ dequeue_rx(struct idt77252_dev *card, st
22783 if ((sb = dev_alloc_skb(64)) == NULL) {
22784 printk("%s: Can't allocate buffers for aal0.\n",
22785 card->name);
22786- atomic_add(i, &vcc->stats->rx_drop);
22787+ atomic_add_unchecked(i, &vcc->stats->rx_drop);
22788 break;
22789 }
22790 if (!atm_charge(vcc, sb->truesize)) {
22791 RXPRINTK("%s: atm_charge() dropped aal0 packets.\n",
22792 card->name);
22793- atomic_add(i - 1, &vcc->stats->rx_drop);
22794+ atomic_add_unchecked(i - 1, &vcc->stats->rx_drop);
22795 dev_kfree_skb(sb);
22796 break;
22797 }
22798@@ -1097,7 +1097,7 @@ dequeue_rx(struct idt77252_dev *card, st
22799 ATM_SKB(sb)->vcc = vcc;
22800 __net_timestamp(sb);
22801 vcc->push(vcc, sb);
22802- atomic_inc(&vcc->stats->rx);
22803+ atomic_inc_unchecked(&vcc->stats->rx);
22804
22805 cell += ATM_CELL_PAYLOAD;
22806 }
22807@@ -1134,13 +1134,13 @@ dequeue_rx(struct idt77252_dev *card, st
22808 "(CDC: %08x)\n",
22809 card->name, len, rpp->len, readl(SAR_REG_CDC));
22810 recycle_rx_pool_skb(card, rpp);
22811- atomic_inc(&vcc->stats->rx_err);
22812+ atomic_inc_unchecked(&vcc->stats->rx_err);
22813 return;
22814 }
22815 if (stat & SAR_RSQE_CRC) {
22816 RXPRINTK("%s: AAL5 CRC error.\n", card->name);
22817 recycle_rx_pool_skb(card, rpp);
22818- atomic_inc(&vcc->stats->rx_err);
22819+ atomic_inc_unchecked(&vcc->stats->rx_err);
22820 return;
22821 }
22822 if (skb_queue_len(&rpp->queue) > 1) {
22823@@ -1151,7 +1151,7 @@ dequeue_rx(struct idt77252_dev *card, st
22824 RXPRINTK("%s: Can't alloc RX skb.\n",
22825 card->name);
22826 recycle_rx_pool_skb(card, rpp);
22827- atomic_inc(&vcc->stats->rx_err);
22828+ atomic_inc_unchecked(&vcc->stats->rx_err);
22829 return;
22830 }
22831 if (!atm_charge(vcc, skb->truesize)) {
22832@@ -1170,7 +1170,7 @@ dequeue_rx(struct idt77252_dev *card, st
22833 __net_timestamp(skb);
22834
22835 vcc->push(vcc, skb);
22836- atomic_inc(&vcc->stats->rx);
22837+ atomic_inc_unchecked(&vcc->stats->rx);
22838
22839 return;
22840 }
22841@@ -1192,7 +1192,7 @@ dequeue_rx(struct idt77252_dev *card, st
22842 __net_timestamp(skb);
22843
22844 vcc->push(vcc, skb);
22845- atomic_inc(&vcc->stats->rx);
22846+ atomic_inc_unchecked(&vcc->stats->rx);
22847
22848 if (skb->truesize > SAR_FB_SIZE_3)
22849 add_rx_skb(card, 3, SAR_FB_SIZE_3, 1);
22850@@ -1304,14 +1304,14 @@ idt77252_rx_raw(struct idt77252_dev *car
22851 if (vcc->qos.aal != ATM_AAL0) {
22852 RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n",
22853 card->name, vpi, vci);
22854- atomic_inc(&vcc->stats->rx_drop);
22855+ atomic_inc_unchecked(&vcc->stats->rx_drop);
22856 goto drop;
22857 }
22858
22859 if ((sb = dev_alloc_skb(64)) == NULL) {
22860 printk("%s: Can't allocate buffers for AAL0.\n",
22861 card->name);
22862- atomic_inc(&vcc->stats->rx_err);
22863+ atomic_inc_unchecked(&vcc->stats->rx_err);
22864 goto drop;
22865 }
22866
22867@@ -1330,7 +1330,7 @@ idt77252_rx_raw(struct idt77252_dev *car
22868 ATM_SKB(sb)->vcc = vcc;
22869 __net_timestamp(sb);
22870 vcc->push(vcc, sb);
22871- atomic_inc(&vcc->stats->rx);
22872+ atomic_inc_unchecked(&vcc->stats->rx);
22873
22874 drop:
22875 skb_pull(queue, 64);
22876@@ -1955,13 +1955,13 @@ idt77252_send_skb(struct atm_vcc *vcc, s
22877
22878 if (vc == NULL) {
22879 printk("%s: NULL connection in send().\n", card->name);
22880- atomic_inc(&vcc->stats->tx_err);
22881+ atomic_inc_unchecked(&vcc->stats->tx_err);
22882 dev_kfree_skb(skb);
22883 return -EINVAL;
22884 }
22885 if (!test_bit(VCF_TX, &vc->flags)) {
22886 printk("%s: Trying to transmit on a non-tx VC.\n", card->name);
22887- atomic_inc(&vcc->stats->tx_err);
22888+ atomic_inc_unchecked(&vcc->stats->tx_err);
22889 dev_kfree_skb(skb);
22890 return -EINVAL;
22891 }
22892@@ -1973,14 +1973,14 @@ idt77252_send_skb(struct atm_vcc *vcc, s
22893 break;
22894 default:
22895 printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal);
22896- atomic_inc(&vcc->stats->tx_err);
22897+ atomic_inc_unchecked(&vcc->stats->tx_err);
22898 dev_kfree_skb(skb);
22899 return -EINVAL;
22900 }
22901
22902 if (skb_shinfo(skb)->nr_frags != 0) {
22903 printk("%s: No scatter-gather yet.\n", card->name);
22904- atomic_inc(&vcc->stats->tx_err);
22905+ atomic_inc_unchecked(&vcc->stats->tx_err);
22906 dev_kfree_skb(skb);
22907 return -EINVAL;
22908 }
22909@@ -1988,7 +1988,7 @@ idt77252_send_skb(struct atm_vcc *vcc, s
22910
22911 err = queue_skb(card, vc, skb, oam);
22912 if (err) {
22913- atomic_inc(&vcc->stats->tx_err);
22914+ atomic_inc_unchecked(&vcc->stats->tx_err);
22915 dev_kfree_skb(skb);
22916 return err;
22917 }
22918@@ -2011,7 +2011,7 @@ idt77252_send_oam(struct atm_vcc *vcc, v
22919 skb = dev_alloc_skb(64);
22920 if (!skb) {
22921 printk("%s: Out of memory in send_oam().\n", card->name);
22922- atomic_inc(&vcc->stats->tx_err);
22923+ atomic_inc_unchecked(&vcc->stats->tx_err);
22924 return -ENOMEM;
22925 }
22926 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
22927diff -urNp linux-2.6.38.2/drivers/atm/iphase.c linux-2.6.38.2/drivers/atm/iphase.c
22928--- linux-2.6.38.2/drivers/atm/iphase.c 2011-03-14 21:20:32.000000000 -0400
22929+++ linux-2.6.38.2/drivers/atm/iphase.c 2011-03-21 18:31:35.000000000 -0400
22930@@ -1124,7 +1124,7 @@ static int rx_pkt(struct atm_dev *dev)
22931 status = (u_short) (buf_desc_ptr->desc_mode);
22932 if (status & (RX_CER | RX_PTE | RX_OFL))
22933 {
22934- atomic_inc(&vcc->stats->rx_err);
22935+ atomic_inc_unchecked(&vcc->stats->rx_err);
22936 IF_ERR(printk("IA: bad packet, dropping it");)
22937 if (status & RX_CER) {
22938 IF_ERR(printk(" cause: packet CRC error\n");)
22939@@ -1147,7 +1147,7 @@ static int rx_pkt(struct atm_dev *dev)
22940 len = dma_addr - buf_addr;
22941 if (len > iadev->rx_buf_sz) {
22942 printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz);
22943- atomic_inc(&vcc->stats->rx_err);
22944+ atomic_inc_unchecked(&vcc->stats->rx_err);
22945 goto out_free_desc;
22946 }
22947
22948@@ -1297,7 +1297,7 @@ static void rx_dle_intr(struct atm_dev *
22949 ia_vcc = INPH_IA_VCC(vcc);
22950 if (ia_vcc == NULL)
22951 {
22952- atomic_inc(&vcc->stats->rx_err);
22953+ atomic_inc_unchecked(&vcc->stats->rx_err);
22954 dev_kfree_skb_any(skb);
22955 atm_return(vcc, atm_guess_pdu2truesize(len));
22956 goto INCR_DLE;
22957@@ -1309,7 +1309,7 @@ static void rx_dle_intr(struct atm_dev *
22958 if ((length > iadev->rx_buf_sz) || (length >
22959 (skb->len - sizeof(struct cpcs_trailer))))
22960 {
22961- atomic_inc(&vcc->stats->rx_err);
22962+ atomic_inc_unchecked(&vcc->stats->rx_err);
22963 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
22964 length, skb->len);)
22965 dev_kfree_skb_any(skb);
22966@@ -1325,7 +1325,7 @@ static void rx_dle_intr(struct atm_dev *
22967
22968 IF_RX(printk("rx_dle_intr: skb push");)
22969 vcc->push(vcc,skb);
22970- atomic_inc(&vcc->stats->rx);
22971+ atomic_inc_unchecked(&vcc->stats->rx);
22972 iadev->rx_pkt_cnt++;
22973 }
22974 INCR_DLE:
22975@@ -2807,15 +2807,15 @@ static int ia_ioctl(struct atm_dev *dev,
22976 {
22977 struct k_sonet_stats *stats;
22978 stats = &PRIV(_ia_dev[board])->sonet_stats;
22979- printk("section_bip: %d\n", atomic_read(&stats->section_bip));
22980- printk("line_bip : %d\n", atomic_read(&stats->line_bip));
22981- printk("path_bip : %d\n", atomic_read(&stats->path_bip));
22982- printk("line_febe : %d\n", atomic_read(&stats->line_febe));
22983- printk("path_febe : %d\n", atomic_read(&stats->path_febe));
22984- printk("corr_hcs : %d\n", atomic_read(&stats->corr_hcs));
22985- printk("uncorr_hcs : %d\n", atomic_read(&stats->uncorr_hcs));
22986- printk("tx_cells : %d\n", atomic_read(&stats->tx_cells));
22987- printk("rx_cells : %d\n", atomic_read(&stats->rx_cells));
22988+ printk("section_bip: %d\n", atomic_read_unchecked(&stats->section_bip));
22989+ printk("line_bip : %d\n", atomic_read_unchecked(&stats->line_bip));
22990+ printk("path_bip : %d\n", atomic_read_unchecked(&stats->path_bip));
22991+ printk("line_febe : %d\n", atomic_read_unchecked(&stats->line_febe));
22992+ printk("path_febe : %d\n", atomic_read_unchecked(&stats->path_febe));
22993+ printk("corr_hcs : %d\n", atomic_read_unchecked(&stats->corr_hcs));
22994+ printk("uncorr_hcs : %d\n", atomic_read_unchecked(&stats->uncorr_hcs));
22995+ printk("tx_cells : %d\n", atomic_read_unchecked(&stats->tx_cells));
22996+ printk("rx_cells : %d\n", atomic_read_unchecked(&stats->rx_cells));
22997 }
22998 ia_cmds.status = 0;
22999 break;
23000@@ -2920,7 +2920,7 @@ static int ia_pkt_tx (struct atm_vcc *vc
23001 if ((desc == 0) || (desc > iadev->num_tx_desc))
23002 {
23003 IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);)
23004- atomic_inc(&vcc->stats->tx);
23005+ atomic_inc_unchecked(&vcc->stats->tx);
23006 if (vcc->pop)
23007 vcc->pop(vcc, skb);
23008 else
23009@@ -3025,14 +3025,14 @@ static int ia_pkt_tx (struct atm_vcc *vc
23010 ATM_DESC(skb) = vcc->vci;
23011 skb_queue_tail(&iadev->tx_dma_q, skb);
23012
23013- atomic_inc(&vcc->stats->tx);
23014+ atomic_inc_unchecked(&vcc->stats->tx);
23015 iadev->tx_pkt_cnt++;
23016 /* Increment transaction counter */
23017 writel(2, iadev->dma+IPHASE5575_TX_COUNTER);
23018
23019 #if 0
23020 /* add flow control logic */
23021- if (atomic_read(&vcc->stats->tx) % 20 == 0) {
23022+ if (atomic_read_unchecked(&vcc->stats->tx) % 20 == 0) {
23023 if (iavcc->vc_desc_cnt > 10) {
23024 vcc->tx_quota = vcc->tx_quota * 3 / 4;
23025 printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota );
23026diff -urNp linux-2.6.38.2/drivers/atm/lanai.c linux-2.6.38.2/drivers/atm/lanai.c
23027--- linux-2.6.38.2/drivers/atm/lanai.c 2011-03-14 21:20:32.000000000 -0400
23028+++ linux-2.6.38.2/drivers/atm/lanai.c 2011-03-21 18:31:35.000000000 -0400
23029@@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct l
23030 vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0);
23031 lanai_endtx(lanai, lvcc);
23032 lanai_free_skb(lvcc->tx.atmvcc, skb);
23033- atomic_inc(&lvcc->tx.atmvcc->stats->tx);
23034+ atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx);
23035 }
23036
23037 /* Try to fill the buffer - don't call unless there is backlog */
23038@@ -1426,7 +1426,7 @@ static void vcc_rx_aal5(struct lanai_vcc
23039 ATM_SKB(skb)->vcc = lvcc->rx.atmvcc;
23040 __net_timestamp(skb);
23041 lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb);
23042- atomic_inc(&lvcc->rx.atmvcc->stats->rx);
23043+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx);
23044 out:
23045 lvcc->rx.buf.ptr = end;
23046 cardvcc_write(lvcc, endptr, vcc_rxreadptr);
23047@@ -1668,7 +1668,7 @@ static int handle_service(struct lanai_d
23048 DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 "
23049 "vcc %d\n", lanai->number, (unsigned int) s, vci);
23050 lanai->stats.service_rxnotaal5++;
23051- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
23052+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
23053 return 0;
23054 }
23055 if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) {
23056@@ -1680,7 +1680,7 @@ static int handle_service(struct lanai_d
23057 int bytes;
23058 read_unlock(&vcc_sklist_lock);
23059 DPRINTK("got trashed rx pdu on vci %d\n", vci);
23060- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
23061+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
23062 lvcc->stats.x.aal5.service_trash++;
23063 bytes = (SERVICE_GET_END(s) * 16) -
23064 (((unsigned long) lvcc->rx.buf.ptr) -
23065@@ -1692,7 +1692,7 @@ static int handle_service(struct lanai_d
23066 }
23067 if (s & SERVICE_STREAM) {
23068 read_unlock(&vcc_sklist_lock);
23069- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
23070+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
23071 lvcc->stats.x.aal5.service_stream++;
23072 printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream "
23073 "PDU on VCI %d!\n", lanai->number, vci);
23074@@ -1700,7 +1700,7 @@ static int handle_service(struct lanai_d
23075 return 0;
23076 }
23077 DPRINTK("got rx crc error on vci %d\n", vci);
23078- atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
23079+ atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
23080 lvcc->stats.x.aal5.service_rxcrc++;
23081 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
23082 cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
23083diff -urNp linux-2.6.38.2/drivers/atm/nicstar.c linux-2.6.38.2/drivers/atm/nicstar.c
23084--- linux-2.6.38.2/drivers/atm/nicstar.c 2011-03-14 21:20:32.000000000 -0400
23085+++ linux-2.6.38.2/drivers/atm/nicstar.c 2011-03-21 18:31:35.000000000 -0400
23086@@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc,
23087 if ((vc = (vc_map *) vcc->dev_data) == NULL) {
23088 printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n",
23089 card->index);
23090- atomic_inc(&vcc->stats->tx_err);
23091+ atomic_inc_unchecked(&vcc->stats->tx_err);
23092 dev_kfree_skb_any(skb);
23093 return -EINVAL;
23094 }
23095@@ -1662,7 +1662,7 @@ static int ns_send(struct atm_vcc *vcc,
23096 if (!vc->tx) {
23097 printk("nicstar%d: Trying to transmit on a non-tx VC.\n",
23098 card->index);
23099- atomic_inc(&vcc->stats->tx_err);
23100+ atomic_inc_unchecked(&vcc->stats->tx_err);
23101 dev_kfree_skb_any(skb);
23102 return -EINVAL;
23103 }
23104@@ -1670,14 +1670,14 @@ static int ns_send(struct atm_vcc *vcc,
23105 if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0) {
23106 printk("nicstar%d: Only AAL0 and AAL5 are supported.\n",
23107 card->index);
23108- atomic_inc(&vcc->stats->tx_err);
23109+ atomic_inc_unchecked(&vcc->stats->tx_err);
23110 dev_kfree_skb_any(skb);
23111 return -EINVAL;
23112 }
23113
23114 if (skb_shinfo(skb)->nr_frags != 0) {
23115 printk("nicstar%d: No scatter-gather yet.\n", card->index);
23116- atomic_inc(&vcc->stats->tx_err);
23117+ atomic_inc_unchecked(&vcc->stats->tx_err);
23118 dev_kfree_skb_any(skb);
23119 return -EINVAL;
23120 }
23121@@ -1725,11 +1725,11 @@ static int ns_send(struct atm_vcc *vcc,
23122 }
23123
23124 if (push_scqe(card, vc, scq, &scqe, skb) != 0) {
23125- atomic_inc(&vcc->stats->tx_err);
23126+ atomic_inc_unchecked(&vcc->stats->tx_err);
23127 dev_kfree_skb_any(skb);
23128 return -EIO;
23129 }
23130- atomic_inc(&vcc->stats->tx);
23131+ atomic_inc_unchecked(&vcc->stats->tx);
23132
23133 return 0;
23134 }
23135@@ -2046,14 +2046,14 @@ static void dequeue_rx(ns_dev * card, ns
23136 printk
23137 ("nicstar%d: Can't allocate buffers for aal0.\n",
23138 card->index);
23139- atomic_add(i, &vcc->stats->rx_drop);
23140+ atomic_add_unchecked(i, &vcc->stats->rx_drop);
23141 break;
23142 }
23143 if (!atm_charge(vcc, sb->truesize)) {
23144 RXPRINTK
23145 ("nicstar%d: atm_charge() dropped aal0 packets.\n",
23146 card->index);
23147- atomic_add(i - 1, &vcc->stats->rx_drop); /* already increased by 1 */
23148+ atomic_add_unchecked(i - 1, &vcc->stats->rx_drop); /* already increased by 1 */
23149 dev_kfree_skb_any(sb);
23150 break;
23151 }
23152@@ -2068,7 +2068,7 @@ static void dequeue_rx(ns_dev * card, ns
23153 ATM_SKB(sb)->vcc = vcc;
23154 __net_timestamp(sb);
23155 vcc->push(vcc, sb);
23156- atomic_inc(&vcc->stats->rx);
23157+ atomic_inc_unchecked(&vcc->stats->rx);
23158 cell += ATM_CELL_PAYLOAD;
23159 }
23160
23161@@ -2085,7 +2085,7 @@ static void dequeue_rx(ns_dev * card, ns
23162 if (iovb == NULL) {
23163 printk("nicstar%d: Out of iovec buffers.\n",
23164 card->index);
23165- atomic_inc(&vcc->stats->rx_drop);
23166+ atomic_inc_unchecked(&vcc->stats->rx_drop);
23167 recycle_rx_buf(card, skb);
23168 return;
23169 }
23170@@ -2109,7 +2109,7 @@ static void dequeue_rx(ns_dev * card, ns
23171 small or large buffer itself. */
23172 } else if (NS_PRV_IOVCNT(iovb) >= NS_MAX_IOVECS) {
23173 printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
23174- atomic_inc(&vcc->stats->rx_err);
23175+ atomic_inc_unchecked(&vcc->stats->rx_err);
23176 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
23177 NS_MAX_IOVECS);
23178 NS_PRV_IOVCNT(iovb) = 0;
23179@@ -2129,7 +2129,7 @@ static void dequeue_rx(ns_dev * card, ns
23180 ("nicstar%d: Expected a small buffer, and this is not one.\n",
23181 card->index);
23182 which_list(card, skb);
23183- atomic_inc(&vcc->stats->rx_err);
23184+ atomic_inc_unchecked(&vcc->stats->rx_err);
23185 recycle_rx_buf(card, skb);
23186 vc->rx_iov = NULL;
23187 recycle_iov_buf(card, iovb);
23188@@ -2142,7 +2142,7 @@ static void dequeue_rx(ns_dev * card, ns
23189 ("nicstar%d: Expected a large buffer, and this is not one.\n",
23190 card->index);
23191 which_list(card, skb);
23192- atomic_inc(&vcc->stats->rx_err);
23193+ atomic_inc_unchecked(&vcc->stats->rx_err);
23194 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
23195 NS_PRV_IOVCNT(iovb));
23196 vc->rx_iov = NULL;
23197@@ -2165,7 +2165,7 @@ static void dequeue_rx(ns_dev * card, ns
23198 printk(" - PDU size mismatch.\n");
23199 else
23200 printk(".\n");
23201- atomic_inc(&vcc->stats->rx_err);
23202+ atomic_inc_unchecked(&vcc->stats->rx_err);
23203 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
23204 NS_PRV_IOVCNT(iovb));
23205 vc->rx_iov = NULL;
23206@@ -2179,7 +2179,7 @@ static void dequeue_rx(ns_dev * card, ns
23207 /* skb points to a small buffer */
23208 if (!atm_charge(vcc, skb->truesize)) {
23209 push_rxbufs(card, skb);
23210- atomic_inc(&vcc->stats->rx_drop);
23211+ atomic_inc_unchecked(&vcc->stats->rx_drop);
23212 } else {
23213 skb_put(skb, len);
23214 dequeue_sm_buf(card, skb);
23215@@ -2189,7 +2189,7 @@ static void dequeue_rx(ns_dev * card, ns
23216 ATM_SKB(skb)->vcc = vcc;
23217 __net_timestamp(skb);
23218 vcc->push(vcc, skb);
23219- atomic_inc(&vcc->stats->rx);
23220+ atomic_inc_unchecked(&vcc->stats->rx);
23221 }
23222 } else if (NS_PRV_IOVCNT(iovb) == 2) { /* One small plus one large buffer */
23223 struct sk_buff *sb;
23224@@ -2200,7 +2200,7 @@ static void dequeue_rx(ns_dev * card, ns
23225 if (len <= NS_SMBUFSIZE) {
23226 if (!atm_charge(vcc, sb->truesize)) {
23227 push_rxbufs(card, sb);
23228- atomic_inc(&vcc->stats->rx_drop);
23229+ atomic_inc_unchecked(&vcc->stats->rx_drop);
23230 } else {
23231 skb_put(sb, len);
23232 dequeue_sm_buf(card, sb);
23233@@ -2210,7 +2210,7 @@ static void dequeue_rx(ns_dev * card, ns
23234 ATM_SKB(sb)->vcc = vcc;
23235 __net_timestamp(sb);
23236 vcc->push(vcc, sb);
23237- atomic_inc(&vcc->stats->rx);
23238+ atomic_inc_unchecked(&vcc->stats->rx);
23239 }
23240
23241 push_rxbufs(card, skb);
23242@@ -2219,7 +2219,7 @@ static void dequeue_rx(ns_dev * card, ns
23243
23244 if (!atm_charge(vcc, skb->truesize)) {
23245 push_rxbufs(card, skb);
23246- atomic_inc(&vcc->stats->rx_drop);
23247+ atomic_inc_unchecked(&vcc->stats->rx_drop);
23248 } else {
23249 dequeue_lg_buf(card, skb);
23250 #ifdef NS_USE_DESTRUCTORS
23251@@ -2232,7 +2232,7 @@ static void dequeue_rx(ns_dev * card, ns
23252 ATM_SKB(skb)->vcc = vcc;
23253 __net_timestamp(skb);
23254 vcc->push(vcc, skb);
23255- atomic_inc(&vcc->stats->rx);
23256+ atomic_inc_unchecked(&vcc->stats->rx);
23257 }
23258
23259 push_rxbufs(card, sb);
23260@@ -2253,7 +2253,7 @@ static void dequeue_rx(ns_dev * card, ns
23261 printk
23262 ("nicstar%d: Out of huge buffers.\n",
23263 card->index);
23264- atomic_inc(&vcc->stats->rx_drop);
23265+ atomic_inc_unchecked(&vcc->stats->rx_drop);
23266 recycle_iovec_rx_bufs(card,
23267 (struct iovec *)
23268 iovb->data,
23269@@ -2304,7 +2304,7 @@ static void dequeue_rx(ns_dev * card, ns
23270 card->hbpool.count++;
23271 } else
23272 dev_kfree_skb_any(hb);
23273- atomic_inc(&vcc->stats->rx_drop);
23274+ atomic_inc_unchecked(&vcc->stats->rx_drop);
23275 } else {
23276 /* Copy the small buffer to the huge buffer */
23277 sb = (struct sk_buff *)iov->iov_base;
23278@@ -2341,7 +2341,7 @@ static void dequeue_rx(ns_dev * card, ns
23279 #endif /* NS_USE_DESTRUCTORS */
23280 __net_timestamp(hb);
23281 vcc->push(vcc, hb);
23282- atomic_inc(&vcc->stats->rx);
23283+ atomic_inc_unchecked(&vcc->stats->rx);
23284 }
23285 }
23286
23287diff -urNp linux-2.6.38.2/drivers/atm/solos-pci.c linux-2.6.38.2/drivers/atm/solos-pci.c
23288--- linux-2.6.38.2/drivers/atm/solos-pci.c 2011-03-14 21:20:32.000000000 -0400
23289+++ linux-2.6.38.2/drivers/atm/solos-pci.c 2011-03-21 18:31:35.000000000 -0400
23290@@ -717,7 +717,7 @@ void solos_bh(unsigned long card_arg)
23291 }
23292 atm_charge(vcc, skb->truesize);
23293 vcc->push(vcc, skb);
23294- atomic_inc(&vcc->stats->rx);
23295+ atomic_inc_unchecked(&vcc->stats->rx);
23296 break;
23297
23298 case PKT_STATUS:
23299@@ -1026,7 +1026,7 @@ static uint32_t fpga_tx(struct solos_car
23300 vcc = SKB_CB(oldskb)->vcc;
23301
23302 if (vcc) {
23303- atomic_inc(&vcc->stats->tx);
23304+ atomic_inc_unchecked(&vcc->stats->tx);
23305 solos_pop(vcc, oldskb);
23306 } else
23307 dev_kfree_skb_irq(oldskb);
23308diff -urNp linux-2.6.38.2/drivers/atm/suni.c linux-2.6.38.2/drivers/atm/suni.c
23309--- linux-2.6.38.2/drivers/atm/suni.c 2011-03-14 21:20:32.000000000 -0400
23310+++ linux-2.6.38.2/drivers/atm/suni.c 2011-03-21 18:31:35.000000000 -0400
23311@@ -50,8 +50,8 @@ static DEFINE_SPINLOCK(sunis_lock);
23312
23313
23314 #define ADD_LIMITED(s,v) \
23315- atomic_add((v),&stats->s); \
23316- if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX);
23317+ atomic_add_unchecked((v),&stats->s); \
23318+ if (atomic_read_unchecked(&stats->s) < 0) atomic_set_unchecked(&stats->s,INT_MAX);
23319
23320
23321 static void suni_hz(unsigned long from_timer)
23322diff -urNp linux-2.6.38.2/drivers/atm/uPD98402.c linux-2.6.38.2/drivers/atm/uPD98402.c
23323--- linux-2.6.38.2/drivers/atm/uPD98402.c 2011-03-14 21:20:32.000000000 -0400
23324+++ linux-2.6.38.2/drivers/atm/uPD98402.c 2011-03-21 18:31:35.000000000 -0400
23325@@ -42,7 +42,7 @@ static int fetch_stats(struct atm_dev *d
23326 struct sonet_stats tmp;
23327 int error = 0;
23328
23329- atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
23330+ atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
23331 sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp);
23332 if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp));
23333 if (zero && !error) {
23334@@ -161,9 +161,9 @@ static int uPD98402_ioctl(struct atm_dev
23335
23336
23337 #define ADD_LIMITED(s,v) \
23338- { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \
23339- if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \
23340- atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); }
23341+ { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \
23342+ if (atomic_read_unchecked(&PRIV(dev)->sonet_stats.s) < 0) \
23343+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.s,INT_MAX); }
23344
23345
23346 static void stat_event(struct atm_dev *dev)
23347@@ -194,7 +194,7 @@ static void uPD98402_int(struct atm_dev
23348 if (reason & uPD98402_INT_PFM) stat_event(dev);
23349 if (reason & uPD98402_INT_PCO) {
23350 (void) GET(PCOCR); /* clear interrupt cause */
23351- atomic_add(GET(HECCT),
23352+ atomic_add_unchecked(GET(HECCT),
23353 &PRIV(dev)->sonet_stats.uncorr_hcs);
23354 }
23355 if ((reason & uPD98402_INT_RFO) &&
23356@@ -222,9 +222,9 @@ static int uPD98402_start(struct atm_dev
23357 PUT(~(uPD98402_INT_PFM | uPD98402_INT_ALM | uPD98402_INT_RFO |
23358 uPD98402_INT_LOS),PIMR); /* enable them */
23359 (void) fetch_stats(dev,NULL,1); /* clear kernel counters */
23360- atomic_set(&PRIV(dev)->sonet_stats.corr_hcs,-1);
23361- atomic_set(&PRIV(dev)->sonet_stats.tx_cells,-1);
23362- atomic_set(&PRIV(dev)->sonet_stats.rx_cells,-1);
23363+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.corr_hcs,-1);
23364+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.tx_cells,-1);
23365+ atomic_set_unchecked(&PRIV(dev)->sonet_stats.rx_cells,-1);
23366 return 0;
23367 }
23368
23369diff -urNp linux-2.6.38.2/drivers/atm/zatm.c linux-2.6.38.2/drivers/atm/zatm.c
23370--- linux-2.6.38.2/drivers/atm/zatm.c 2011-03-14 21:20:32.000000000 -0400
23371+++ linux-2.6.38.2/drivers/atm/zatm.c 2011-03-21 18:31:35.000000000 -0400
23372@@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
23373 }
23374 if (!size) {
23375 dev_kfree_skb_irq(skb);
23376- if (vcc) atomic_inc(&vcc->stats->rx_err);
23377+ if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err);
23378 continue;
23379 }
23380 if (!atm_charge(vcc,skb->truesize)) {
23381@@ -469,7 +469,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
23382 skb->len = size;
23383 ATM_SKB(skb)->vcc = vcc;
23384 vcc->push(vcc,skb);
23385- atomic_inc(&vcc->stats->rx);
23386+ atomic_inc_unchecked(&vcc->stats->rx);
23387 }
23388 zout(pos & 0xffff,MTA(mbx));
23389 #if 0 /* probably a stupid idea */
23390@@ -733,7 +733,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD
23391 skb_queue_head(&zatm_vcc->backlog,skb);
23392 break;
23393 }
23394- atomic_inc(&vcc->stats->tx);
23395+ atomic_inc_unchecked(&vcc->stats->tx);
23396 wake_up(&zatm_vcc->tx_wait);
23397 }
23398
23399diff -urNp linux-2.6.38.2/drivers/block/cciss.c linux-2.6.38.2/drivers/block/cciss.c
23400--- linux-2.6.38.2/drivers/block/cciss.c 2011-03-14 21:20:32.000000000 -0400
23401+++ linux-2.6.38.2/drivers/block/cciss.c 2011-03-21 18:31:35.000000000 -0400
23402@@ -1112,6 +1112,8 @@ static int cciss_ioctl32_passthru(struct
23403 int err;
23404 u32 cp;
23405
23406+ memset(&arg64, 0, sizeof(arg64));
23407+
23408 err = 0;
23409 err |=
23410 copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
23411diff -urNp linux-2.6.38.2/drivers/char/agp/frontend.c linux-2.6.38.2/drivers/char/agp/frontend.c
23412--- linux-2.6.38.2/drivers/char/agp/frontend.c 2011-03-14 21:20:32.000000000 -0400
23413+++ linux-2.6.38.2/drivers/char/agp/frontend.c 2011-03-21 18:31:35.000000000 -0400
23414@@ -817,7 +817,7 @@ static int agpioc_reserve_wrap(struct ag
23415 if (copy_from_user(&reserve, arg, sizeof(struct agp_region)))
23416 return -EFAULT;
23417
23418- if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment))
23419+ if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv))
23420 return -EFAULT;
23421
23422 client = agp_find_client_by_pid(reserve.pid);
23423diff -urNp linux-2.6.38.2/drivers/char/agp/intel-agp.c linux-2.6.38.2/drivers/char/agp/intel-agp.c
23424--- linux-2.6.38.2/drivers/char/agp/intel-agp.c 2011-03-14 21:20:32.000000000 -0400
23425+++ linux-2.6.38.2/drivers/char/agp/intel-agp.c 2011-03-21 18:31:35.000000000 -0400
23426@@ -903,7 +903,7 @@ static struct pci_device_id agp_intel_pc
23427 ID(PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB),
23428 ID(PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB),
23429 ID(PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_HB),
23430- { }
23431+ { 0, 0, 0, 0, 0, 0, 0 }
23432 };
23433
23434 MODULE_DEVICE_TABLE(pci, agp_intel_pci_table);
23435diff -urNp linux-2.6.38.2/drivers/char/hpet.c linux-2.6.38.2/drivers/char/hpet.c
23436--- linux-2.6.38.2/drivers/char/hpet.c 2011-03-14 21:20:32.000000000 -0400
23437+++ linux-2.6.38.2/drivers/char/hpet.c 2011-03-21 18:31:35.000000000 -0400
23438@@ -553,7 +553,7 @@ static inline unsigned long hpet_time_di
23439 }
23440
23441 static int
23442-hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg,
23443+hpet_ioctl_common(struct hpet_dev *devp, unsigned int cmd, unsigned long arg,
23444 struct hpet_info *info)
23445 {
23446 struct hpet_timer __iomem *timer;
23447@@ -1043,7 +1043,7 @@ static struct acpi_driver hpet_acpi_driv
23448 },
23449 };
23450
23451-static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops };
23452+static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops, {NULL, NULL}, NULL, NULL };
23453
23454 static int __init hpet_init(void)
23455 {
23456diff -urNp linux-2.6.38.2/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.38.2/drivers/char/ipmi/ipmi_msghandler.c
23457--- linux-2.6.38.2/drivers/char/ipmi/ipmi_msghandler.c 2011-03-14 21:20:32.000000000 -0400
23458+++ linux-2.6.38.2/drivers/char/ipmi/ipmi_msghandler.c 2011-03-21 18:31:35.000000000 -0400
23459@@ -414,7 +414,7 @@ struct ipmi_smi {
23460 struct proc_dir_entry *proc_dir;
23461 char proc_dir_name[10];
23462
23463- atomic_t stats[IPMI_NUM_STATS];
23464+ atomic_unchecked_t stats[IPMI_NUM_STATS];
23465
23466 /*
23467 * run_to_completion duplicate of smb_info, smi_info
23468@@ -447,9 +447,9 @@ static DEFINE_MUTEX(smi_watchers_mutex);
23469
23470
23471 #define ipmi_inc_stat(intf, stat) \
23472- atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
23473+ atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])
23474 #define ipmi_get_stat(intf, stat) \
23475- ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
23476+ ((unsigned int) atomic_read_unchecked(&(intf)->stats[IPMI_STAT_ ## stat]))
23477
23478 static int is_lan_addr(struct ipmi_addr *addr)
23479 {
23480@@ -2844,7 +2844,7 @@ int ipmi_register_smi(struct ipmi_smi_ha
23481 INIT_LIST_HEAD(&intf->cmd_rcvrs);
23482 init_waitqueue_head(&intf->waitq);
23483 for (i = 0; i < IPMI_NUM_STATS; i++)
23484- atomic_set(&intf->stats[i], 0);
23485+ atomic_set_unchecked(&intf->stats[i], 0);
23486
23487 intf->proc_dir = NULL;
23488
23489diff -urNp linux-2.6.38.2/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.38.2/drivers/char/ipmi/ipmi_si_intf.c
23490--- linux-2.6.38.2/drivers/char/ipmi/ipmi_si_intf.c 2011-03-14 21:20:32.000000000 -0400
23491+++ linux-2.6.38.2/drivers/char/ipmi/ipmi_si_intf.c 2011-03-21 18:31:35.000000000 -0400
23492@@ -285,7 +285,7 @@ struct smi_info {
23493 unsigned char slave_addr;
23494
23495 /* Counters and things for the proc filesystem. */
23496- atomic_t stats[SI_NUM_STATS];
23497+ atomic_unchecked_t stats[SI_NUM_STATS];
23498
23499 struct task_struct *thread;
23500
23501@@ -294,9 +294,9 @@ struct smi_info {
23502 };
23503
23504 #define smi_inc_stat(smi, stat) \
23505- atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
23506+ atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat])
23507 #define smi_get_stat(smi, stat) \
23508- ((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
23509+ ((unsigned int) atomic_read_unchecked(&(smi)->stats[SI_STAT_ ## stat]))
23510
23511 #define SI_MAX_PARMS 4
23512
23513@@ -3202,7 +3202,7 @@ static int try_smi_init(struct smi_info
23514 atomic_set(&new_smi->req_events, 0);
23515 new_smi->run_to_completion = 0;
23516 for (i = 0; i < SI_NUM_STATS; i++)
23517- atomic_set(&new_smi->stats[i], 0);
23518+ atomic_set_unchecked(&new_smi->stats[i], 0);
23519
23520 new_smi->interrupt_disabled = 1;
23521 atomic_set(&new_smi->stop_operation, 0);
23522diff -urNp linux-2.6.38.2/drivers/char/mem.c linux-2.6.38.2/drivers/char/mem.c
23523--- linux-2.6.38.2/drivers/char/mem.c 2011-03-14 21:20:32.000000000 -0400
23524+++ linux-2.6.38.2/drivers/char/mem.c 2011-03-21 18:31:35.000000000 -0400
23525@@ -18,6 +18,7 @@
23526 #include <linux/raw.h>
23527 #include <linux/tty.h>
23528 #include <linux/capability.h>
23529+#include <linux/security.h>
23530 #include <linux/ptrace.h>
23531 #include <linux/device.h>
23532 #include <linux/highmem.h>
23533@@ -34,6 +35,10 @@
23534 # include <linux/efi.h>
23535 #endif
23536
23537+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
23538+extern struct file_operations grsec_fops;
23539+#endif
23540+
23541 static inline unsigned long size_inside_page(unsigned long start,
23542 unsigned long size)
23543 {
23544@@ -120,6 +125,7 @@ static ssize_t read_mem(struct file *fil
23545
23546 while (count > 0) {
23547 unsigned long remaining;
23548+ char *temp;
23549
23550 sz = size_inside_page(p, count);
23551
23552@@ -135,7 +141,23 @@ static ssize_t read_mem(struct file *fil
23553 if (!ptr)
23554 return -EFAULT;
23555
23556- remaining = copy_to_user(buf, ptr, sz);
23557+#ifdef CONFIG_PAX_USERCOPY
23558+ temp = kmalloc(sz, GFP_KERNEL);
23559+ if (!temp) {
23560+ unxlate_dev_mem_ptr(p, ptr);
23561+ return -ENOMEM;
23562+ }
23563+ memcpy(temp, ptr, sz);
23564+#else
23565+ temp = ptr;
23566+#endif
23567+
23568+ remaining = copy_to_user(buf, temp, sz);
23569+
23570+#ifdef CONFIG_PAX_USERCOPY
23571+ kfree(temp);
23572+#endif
23573+
23574 unxlate_dev_mem_ptr(p, ptr);
23575 if (remaining)
23576 return -EFAULT;
23577@@ -161,6 +183,11 @@ static ssize_t write_mem(struct file *fi
23578 if (!valid_phys_addr_range(p, count))
23579 return -EFAULT;
23580
23581+#ifdef CONFIG_GRKERNSEC_KMEM
23582+ gr_handle_mem_write();
23583+ return -EPERM;
23584+#endif
23585+
23586 written = 0;
23587
23588 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
23589@@ -316,6 +343,11 @@ static int mmap_mem(struct file *file, s
23590 &vma->vm_page_prot))
23591 return -EINVAL;
23592
23593+#ifdef CONFIG_GRKERNSEC_KMEM
23594+ if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma))
23595+ return -EPERM;
23596+#endif
23597+
23598 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
23599 size,
23600 vma->vm_page_prot);
23601@@ -398,9 +430,8 @@ static ssize_t read_kmem(struct file *fi
23602 size_t count, loff_t *ppos)
23603 {
23604 unsigned long p = *ppos;
23605- ssize_t low_count, read, sz;
23606+ ssize_t low_count, read, sz, err = 0;
23607 char * kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
23608- int err = 0;
23609
23610 read = 0;
23611 if (p < (unsigned long) high_memory) {
23612@@ -422,6 +453,8 @@ static ssize_t read_kmem(struct file *fi
23613 }
23614 #endif
23615 while (low_count > 0) {
23616+ char *temp;
23617+
23618 sz = size_inside_page(p, low_count);
23619
23620 /*
23621@@ -431,7 +464,22 @@ static ssize_t read_kmem(struct file *fi
23622 */
23623 kbuf = xlate_dev_kmem_ptr((char *)p);
23624
23625- if (copy_to_user(buf, kbuf, sz))
23626+#ifdef CONFIG_PAX_USERCOPY
23627+ temp = kmalloc(sz, GFP_KERNEL);
23628+ if (!temp)
23629+ return -ENOMEM;
23630+ memcpy(temp, kbuf, sz);
23631+#else
23632+ temp = kbuf;
23633+#endif
23634+
23635+ err = copy_to_user(buf, temp, sz);
23636+
23637+#ifdef CONFIG_PAX_USERCOPY
23638+ kfree(temp);
23639+#endif
23640+
23641+ if (err)
23642 return -EFAULT;
23643 buf += sz;
23644 p += sz;
23645@@ -530,6 +578,11 @@ static ssize_t write_kmem(struct file *f
23646 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
23647 int err = 0;
23648
23649+#ifdef CONFIG_GRKERNSEC_KMEM
23650+ gr_handle_kmem_write();
23651+ return -EPERM;
23652+#endif
23653+
23654 if (p < (unsigned long) high_memory) {
23655 unsigned long to_write = min_t(unsigned long, count,
23656 (unsigned long)high_memory - p);
23657@@ -731,6 +784,16 @@ static loff_t memory_lseek(struct file *
23658
23659 static int open_port(struct inode * inode, struct file * filp)
23660 {
23661+#ifdef CONFIG_GRKERNSEC_KMEM
23662+ gr_handle_open_port();
23663+ return -EPERM;
23664+#endif
23665+
23666+ return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
23667+}
23668+
23669+static int open_mem(struct inode * inode, struct file * filp)
23670+{
23671 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
23672 }
23673
23674@@ -738,7 +801,6 @@ static int open_port(struct inode * inod
23675 #define full_lseek null_lseek
23676 #define write_zero write_null
23677 #define read_full read_zero
23678-#define open_mem open_port
23679 #define open_kmem open_mem
23680 #define open_oldmem open_mem
23681
23682@@ -857,6 +919,9 @@ static const struct memdev {
23683 #ifdef CONFIG_CRASH_DUMP
23684 [12] = { "oldmem", 0, &oldmem_fops, NULL },
23685 #endif
23686+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
23687+ [13] = { "grsec",S_IRUSR | S_IWUGO, &grsec_fops, NULL },
23688+#endif
23689 };
23690
23691 static int memory_open(struct inode *inode, struct file *filp)
23692diff -urNp linux-2.6.38.2/drivers/char/nvram.c linux-2.6.38.2/drivers/char/nvram.c
23693--- linux-2.6.38.2/drivers/char/nvram.c 2011-03-14 21:20:32.000000000 -0400
23694+++ linux-2.6.38.2/drivers/char/nvram.c 2011-03-21 18:31:35.000000000 -0400
23695@@ -246,7 +246,7 @@ static ssize_t nvram_read(struct file *f
23696
23697 spin_unlock_irq(&rtc_lock);
23698
23699- if (copy_to_user(buf, contents, tmp - contents))
23700+ if (tmp - contents > sizeof(contents) || copy_to_user(buf, contents, tmp - contents))
23701 return -EFAULT;
23702
23703 *ppos = i;
23704@@ -435,7 +435,10 @@ static const struct file_operations nvra
23705 static struct miscdevice nvram_dev = {
23706 NVRAM_MINOR,
23707 "nvram",
23708- &nvram_fops
23709+ &nvram_fops,
23710+ {NULL, NULL},
23711+ NULL,
23712+ NULL
23713 };
23714
23715 static int __init nvram_init(void)
23716diff -urNp linux-2.6.38.2/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.38.2/drivers/char/pcmcia/ipwireless/tty.c
23717--- linux-2.6.38.2/drivers/char/pcmcia/ipwireless/tty.c 2011-03-14 21:20:32.000000000 -0400
23718+++ linux-2.6.38.2/drivers/char/pcmcia/ipwireless/tty.c 2011-03-21 18:31:35.000000000 -0400
23719@@ -29,6 +29,7 @@
23720 #include <linux/tty_driver.h>
23721 #include <linux/tty_flip.h>
23722 #include <linux/uaccess.h>
23723+#include <asm/local.h>
23724
23725 #include "tty.h"
23726 #include "network.h"
23727@@ -51,7 +52,7 @@ struct ipw_tty {
23728 int tty_type;
23729 struct ipw_network *network;
23730 struct tty_struct *linux_tty;
23731- int open_count;
23732+ local_t open_count;
23733 unsigned int control_lines;
23734 struct mutex ipw_tty_mutex;
23735 int tx_bytes_queued;
23736@@ -127,10 +128,10 @@ static int ipw_open(struct tty_struct *l
23737 mutex_unlock(&tty->ipw_tty_mutex);
23738 return -ENODEV;
23739 }
23740- if (tty->open_count == 0)
23741+ if (local_read(&tty->open_count) == 0)
23742 tty->tx_bytes_queued = 0;
23743
23744- tty->open_count++;
23745+ local_inc(&tty->open_count);
23746
23747 tty->linux_tty = linux_tty;
23748 linux_tty->driver_data = tty;
23749@@ -146,9 +147,7 @@ static int ipw_open(struct tty_struct *l
23750
23751 static void do_ipw_close(struct ipw_tty *tty)
23752 {
23753- tty->open_count--;
23754-
23755- if (tty->open_count == 0) {
23756+ if (local_dec_return(&tty->open_count) == 0) {
23757 struct tty_struct *linux_tty = tty->linux_tty;
23758
23759 if (linux_tty != NULL) {
23760@@ -169,7 +168,7 @@ static void ipw_hangup(struct tty_struct
23761 return;
23762
23763 mutex_lock(&tty->ipw_tty_mutex);
23764- if (tty->open_count == 0) {
23765+ if (local_read(&tty->open_count) == 0) {
23766 mutex_unlock(&tty->ipw_tty_mutex);
23767 return;
23768 }
23769@@ -198,7 +197,7 @@ void ipwireless_tty_received(struct ipw_
23770 return;
23771 }
23772
23773- if (!tty->open_count) {
23774+ if (!local_read(&tty->open_count)) {
23775 mutex_unlock(&tty->ipw_tty_mutex);
23776 return;
23777 }
23778@@ -240,7 +239,7 @@ static int ipw_write(struct tty_struct *
23779 return -ENODEV;
23780
23781 mutex_lock(&tty->ipw_tty_mutex);
23782- if (!tty->open_count) {
23783+ if (!local_read(&tty->open_count)) {
23784 mutex_unlock(&tty->ipw_tty_mutex);
23785 return -EINVAL;
23786 }
23787@@ -280,7 +279,7 @@ static int ipw_write_room(struct tty_str
23788 if (!tty)
23789 return -ENODEV;
23790
23791- if (!tty->open_count)
23792+ if (!local_read(&tty->open_count))
23793 return -EINVAL;
23794
23795 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
23796@@ -322,7 +321,7 @@ static int ipw_chars_in_buffer(struct tt
23797 if (!tty)
23798 return 0;
23799
23800- if (!tty->open_count)
23801+ if (!local_read(&tty->open_count))
23802 return 0;
23803
23804 return tty->tx_bytes_queued;
23805@@ -403,7 +402,7 @@ static int ipw_tiocmget(struct tty_struc
23806 if (!tty)
23807 return -ENODEV;
23808
23809- if (!tty->open_count)
23810+ if (!local_read(&tty->open_count))
23811 return -EINVAL;
23812
23813 return get_control_lines(tty);
23814@@ -419,7 +418,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
23815 if (!tty)
23816 return -ENODEV;
23817
23818- if (!tty->open_count)
23819+ if (!local_read(&tty->open_count))
23820 return -EINVAL;
23821
23822 return set_control_lines(tty, set, clear);
23823@@ -433,7 +432,7 @@ static int ipw_ioctl(struct tty_struct *
23824 if (!tty)
23825 return -ENODEV;
23826
23827- if (!tty->open_count)
23828+ if (!local_read(&tty->open_count))
23829 return -EINVAL;
23830
23831 /* FIXME: Exactly how is the tty object locked here .. */
23832@@ -582,7 +581,7 @@ void ipwireless_tty_free(struct ipw_tty
23833 against a parallel ioctl etc */
23834 mutex_lock(&ttyj->ipw_tty_mutex);
23835 }
23836- while (ttyj->open_count)
23837+ while (local_read(&ttyj->open_count))
23838 do_ipw_close(ttyj);
23839 ipwireless_disassociate_network_ttys(network,
23840 ttyj->channel_idx);
23841diff -urNp linux-2.6.38.2/drivers/char/random.c linux-2.6.38.2/drivers/char/random.c
23842--- linux-2.6.38.2/drivers/char/random.c 2011-03-14 21:20:32.000000000 -0400
23843+++ linux-2.6.38.2/drivers/char/random.c 2011-03-21 18:31:35.000000000 -0400
23844@@ -254,8 +254,13 @@
23845 /*
23846 * Configuration information
23847 */
23848+#ifdef CONFIG_GRKERNSEC_RANDNET
23849+#define INPUT_POOL_WORDS 512
23850+#define OUTPUT_POOL_WORDS 128
23851+#else
23852 #define INPUT_POOL_WORDS 128
23853 #define OUTPUT_POOL_WORDS 32
23854+#endif
23855 #define SEC_XFER_SIZE 512
23856 #define EXTRACT_SIZE 10
23857
23858@@ -293,10 +298,17 @@ static struct poolinfo {
23859 int poolwords;
23860 int tap1, tap2, tap3, tap4, tap5;
23861 } poolinfo_table[] = {
23862+#ifdef CONFIG_GRKERNSEC_RANDNET
23863+ /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
23864+ { 512, 411, 308, 208, 104, 1 },
23865+ /* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
23866+ { 128, 103, 76, 51, 25, 1 },
23867+#else
23868 /* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
23869 { 128, 103, 76, 51, 25, 1 },
23870 /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
23871 { 32, 26, 20, 14, 7, 1 },
23872+#endif
23873 #if 0
23874 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
23875 { 2048, 1638, 1231, 819, 411, 1 },
23876@@ -902,7 +914,7 @@ static ssize_t extract_entropy_user(stru
23877
23878 extract_buf(r, tmp);
23879 i = min_t(int, nbytes, EXTRACT_SIZE);
23880- if (copy_to_user(buf, tmp, i)) {
23881+ if (i > sizeof(tmp) || copy_to_user(buf, tmp, i)) {
23882 ret = -EFAULT;
23883 break;
23884 }
23885@@ -1207,7 +1219,7 @@ EXPORT_SYMBOL(generate_random_uuid);
23886 #include <linux/sysctl.h>
23887
23888 static int min_read_thresh = 8, min_write_thresh;
23889-static int max_read_thresh = INPUT_POOL_WORDS * 32;
23890+static int max_read_thresh = OUTPUT_POOL_WORDS * 32;
23891 static int max_write_thresh = INPUT_POOL_WORDS * 32;
23892 static char sysctl_bootid[16];
23893
23894diff -urNp linux-2.6.38.2/drivers/char/sonypi.c linux-2.6.38.2/drivers/char/sonypi.c
23895--- linux-2.6.38.2/drivers/char/sonypi.c 2011-03-14 21:20:32.000000000 -0400
23896+++ linux-2.6.38.2/drivers/char/sonypi.c 2011-03-21 18:31:35.000000000 -0400
23897@@ -55,6 +55,7 @@
23898 #include <asm/uaccess.h>
23899 #include <asm/io.h>
23900 #include <asm/system.h>
23901+#include <asm/local.h>
23902
23903 #include <linux/sonypi.h>
23904
23905@@ -491,7 +492,7 @@ static struct sonypi_device {
23906 spinlock_t fifo_lock;
23907 wait_queue_head_t fifo_proc_list;
23908 struct fasync_struct *fifo_async;
23909- int open_count;
23910+ local_t open_count;
23911 int model;
23912 struct input_dev *input_jog_dev;
23913 struct input_dev *input_key_dev;
23914@@ -898,7 +899,7 @@ static int sonypi_misc_fasync(int fd, st
23915 static int sonypi_misc_release(struct inode *inode, struct file *file)
23916 {
23917 mutex_lock(&sonypi_device.lock);
23918- sonypi_device.open_count--;
23919+ local_dec(&sonypi_device.open_count);
23920 mutex_unlock(&sonypi_device.lock);
23921 return 0;
23922 }
23923@@ -907,9 +908,9 @@ static int sonypi_misc_open(struct inode
23924 {
23925 mutex_lock(&sonypi_device.lock);
23926 /* Flush input queue on first open */
23927- if (!sonypi_device.open_count)
23928+ if (!local_read(&sonypi_device.open_count))
23929 kfifo_reset(&sonypi_device.fifo);
23930- sonypi_device.open_count++;
23931+ local_inc(&sonypi_device.open_count);
23932 mutex_unlock(&sonypi_device.lock);
23933
23934 return 0;
23935diff -urNp linux-2.6.38.2/drivers/char/tpm/tpm_bios.c linux-2.6.38.2/drivers/char/tpm/tpm_bios.c
23936--- linux-2.6.38.2/drivers/char/tpm/tpm_bios.c 2011-03-14 21:20:32.000000000 -0400
23937+++ linux-2.6.38.2/drivers/char/tpm/tpm_bios.c 2011-03-21 18:31:35.000000000 -0400
23938@@ -173,7 +173,7 @@ static void *tpm_bios_measurements_start
23939 event = addr;
23940
23941 if ((event->event_type == 0 && event->event_size == 0) ||
23942- ((addr + sizeof(struct tcpa_event) + event->event_size) >= limit))
23943+ (event->event_size >= limit - addr - sizeof(struct tcpa_event)))
23944 return NULL;
23945
23946 return addr;
23947@@ -198,7 +198,7 @@ static void *tpm_bios_measurements_next(
23948 return NULL;
23949
23950 if ((event->event_type == 0 && event->event_size == 0) ||
23951- ((v + sizeof(struct tcpa_event) + event->event_size) >= limit))
23952+ (event->event_size >= limit - v - sizeof(struct tcpa_event)))
23953 return NULL;
23954
23955 (*pos)++;
23956@@ -291,7 +291,8 @@ static int tpm_binary_bios_measurements_
23957 int i;
23958
23959 for (i = 0; i < sizeof(struct tcpa_event) + event->event_size; i++)
23960- seq_putc(m, data[i]);
23961+ if (!seq_putc(m, data[i]))
23962+ return -EFAULT;
23963
23964 return 0;
23965 }
23966@@ -410,6 +411,11 @@ static int read_log(struct tpm_bios_log
23967 log->bios_event_log_end = log->bios_event_log + len;
23968
23969 virt = acpi_os_map_memory(start, len);
23970+ if (!virt) {
23971+ kfree(log->bios_event_log);
23972+ log->bios_event_log = NULL;
23973+ return -EFAULT;
23974+ }
23975
23976 memcpy(log->bios_event_log, virt, len);
23977
23978diff -urNp linux-2.6.38.2/drivers/char/tpm/tpm.c linux-2.6.38.2/drivers/char/tpm/tpm.c
23979--- linux-2.6.38.2/drivers/char/tpm/tpm.c 2011-03-14 21:20:32.000000000 -0400
23980+++ linux-2.6.38.2/drivers/char/tpm/tpm.c 2011-03-21 18:31:35.000000000 -0400
23981@@ -411,7 +411,7 @@ static ssize_t tpm_transmit(struct tpm_c
23982 chip->vendor.req_complete_val)
23983 goto out_recv;
23984
23985- if ((status == chip->vendor.req_canceled)) {
23986+ if (status == chip->vendor.req_canceled) {
23987 dev_err(chip->dev, "Operation Canceled\n");
23988 rc = -ECANCELED;
23989 goto out;
23990diff -urNp linux-2.6.38.2/drivers/cpuidle/sysfs.c linux-2.6.38.2/drivers/cpuidle/sysfs.c
23991--- linux-2.6.38.2/drivers/cpuidle/sysfs.c 2011-03-14 21:20:32.000000000 -0400
23992+++ linux-2.6.38.2/drivers/cpuidle/sysfs.c 2011-03-21 18:31:35.000000000 -0400
23993@@ -300,7 +300,7 @@ static struct kobj_type ktype_state_cpui
23994 .release = cpuidle_state_sysfs_release,
23995 };
23996
23997-static void inline cpuidle_free_state_kobj(struct cpuidle_device *device, int i)
23998+static inline void cpuidle_free_state_kobj(struct cpuidle_device *device, int i)
23999 {
24000 kobject_put(&device->kobjs[i]->kobj);
24001 wait_for_completion(&device->kobjs[i]->kobj_unregister);
24002diff -urNp linux-2.6.38.2/drivers/edac/edac_core.h linux-2.6.38.2/drivers/edac/edac_core.h
24003--- linux-2.6.38.2/drivers/edac/edac_core.h 2011-03-14 21:20:32.000000000 -0400
24004+++ linux-2.6.38.2/drivers/edac/edac_core.h 2011-03-21 18:31:35.000000000 -0400
24005@@ -88,11 +88,11 @@ extern int edac_debug_level;
24006
24007 #else /* !CONFIG_EDAC_DEBUG */
24008
24009-#define debugf0( ... )
24010-#define debugf1( ... )
24011-#define debugf2( ... )
24012-#define debugf3( ... )
24013-#define debugf4( ... )
24014+#define debugf0( ... ) do {} while (0)
24015+#define debugf1( ... ) do {} while (0)
24016+#define debugf2( ... ) do {} while (0)
24017+#define debugf3( ... ) do {} while (0)
24018+#define debugf4( ... ) do {} while (0)
24019
24020 #endif /* !CONFIG_EDAC_DEBUG */
24021
24022diff -urNp linux-2.6.38.2/drivers/edac/edac_mc_sysfs.c linux-2.6.38.2/drivers/edac/edac_mc_sysfs.c
24023--- linux-2.6.38.2/drivers/edac/edac_mc_sysfs.c 2011-03-14 21:20:32.000000000 -0400
24024+++ linux-2.6.38.2/drivers/edac/edac_mc_sysfs.c 2011-03-21 18:31:35.000000000 -0400
24025@@ -761,7 +761,7 @@ static void edac_inst_grp_release(struct
24026 }
24027
24028 /* Intermediate show/store table */
24029-static struct sysfs_ops inst_grp_ops = {
24030+static const struct sysfs_ops inst_grp_ops = {
24031 .show = inst_grp_show,
24032 .store = inst_grp_store
24033 };
24034diff -urNp linux-2.6.38.2/drivers/firewire/core-cdev.c linux-2.6.38.2/drivers/firewire/core-cdev.c
24035--- linux-2.6.38.2/drivers/firewire/core-cdev.c 2011-03-14 21:20:32.000000000 -0400
24036+++ linux-2.6.38.2/drivers/firewire/core-cdev.c 2011-03-21 18:31:35.000000000 -0400
24037@@ -1329,8 +1329,7 @@ static int init_iso_resource(struct clie
24038 int ret;
24039
24040 if ((request->channels == 0 && request->bandwidth == 0) ||
24041- request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL ||
24042- request->bandwidth < 0)
24043+ request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL)
24044 return -EINVAL;
24045
24046 r = kmalloc(sizeof(*r), GFP_KERNEL);
24047diff -urNp linux-2.6.38.2/drivers/firmware/dmi_scan.c linux-2.6.38.2/drivers/firmware/dmi_scan.c
24048--- linux-2.6.38.2/drivers/firmware/dmi_scan.c 2011-03-14 21:20:32.000000000 -0400
24049+++ linux-2.6.38.2/drivers/firmware/dmi_scan.c 2011-03-21 18:31:35.000000000 -0400
24050@@ -449,11 +449,6 @@ void __init dmi_scan_machine(void)
24051 }
24052 }
24053 else {
24054- /*
24055- * no iounmap() for that ioremap(); it would be a no-op, but
24056- * it's so early in setup that sucker gets confused into doing
24057- * what it shouldn't if we actually call it.
24058- */
24059 p = dmi_ioremap(0xF0000, 0x10000);
24060 if (p == NULL)
24061 goto error;
24062diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_crtc_helper.c linux-2.6.38.2/drivers/gpu/drm/drm_crtc_helper.c
24063--- linux-2.6.38.2/drivers/gpu/drm/drm_crtc_helper.c 2011-03-14 21:20:32.000000000 -0400
24064+++ linux-2.6.38.2/drivers/gpu/drm/drm_crtc_helper.c 2011-03-21 18:31:35.000000000 -0400
24065@@ -276,7 +276,7 @@ static bool drm_encoder_crtc_ok(struct d
24066 struct drm_crtc *tmp;
24067 int crtc_mask = 1;
24068
24069- WARN(!crtc, "checking null crtc?\n");
24070+ BUG_ON(!crtc);
24071
24072 dev = crtc->dev;
24073
24074diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_drv.c linux-2.6.38.2/drivers/gpu/drm/drm_drv.c
24075--- linux-2.6.38.2/drivers/gpu/drm/drm_drv.c 2011-03-14 21:20:32.000000000 -0400
24076+++ linux-2.6.38.2/drivers/gpu/drm/drm_drv.c 2011-03-21 18:31:35.000000000 -0400
24077@@ -425,7 +425,7 @@ long drm_ioctl(struct file *filp,
24078
24079 dev = file_priv->minor->dev;
24080 atomic_inc(&dev->ioctl_count);
24081- atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]);
24082+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]);
24083 ++file_priv->ioctl_count;
24084
24085 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
24086diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_fops.c linux-2.6.38.2/drivers/gpu/drm/drm_fops.c
24087--- linux-2.6.38.2/drivers/gpu/drm/drm_fops.c 2011-03-14 21:20:32.000000000 -0400
24088+++ linux-2.6.38.2/drivers/gpu/drm/drm_fops.c 2011-03-21 18:31:35.000000000 -0400
24089@@ -70,7 +70,7 @@ static int drm_setup(struct drm_device *
24090 }
24091
24092 for (i = 0; i < ARRAY_SIZE(dev->counts); i++)
24093- atomic_set(&dev->counts[i], 0);
24094+ atomic_set_unchecked(&dev->counts[i], 0);
24095
24096 dev->sigdata.lock = NULL;
24097
24098@@ -134,8 +134,8 @@ int drm_open(struct inode *inode, struct
24099
24100 retcode = drm_open_helper(inode, filp, dev);
24101 if (!retcode) {
24102- atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
24103- if (!dev->open_count++)
24104+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
24105+ if (local_inc_return(&dev->open_count) == 1)
24106 retcode = drm_setup(dev);
24107 }
24108 if (!retcode) {
24109@@ -472,7 +472,7 @@ int drm_release(struct inode *inode, str
24110
24111 mutex_lock(&drm_global_mutex);
24112
24113- DRM_DEBUG("open_count = %d\n", dev->open_count);
24114+ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count));
24115
24116 if (dev->driver->preclose)
24117 dev->driver->preclose(dev, file_priv);
24118@@ -484,7 +484,7 @@ int drm_release(struct inode *inode, str
24119 DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
24120 task_pid_nr(current),
24121 (long)old_encode_dev(file_priv->minor->device),
24122- dev->open_count);
24123+ local_read(&dev->open_count));
24124
24125 /* if the master has gone away we can't do anything with the lock */
24126 if (file_priv->minor->master)
24127@@ -565,8 +565,8 @@ int drm_release(struct inode *inode, str
24128 * End inline drm_release
24129 */
24130
24131- atomic_inc(&dev->counts[_DRM_STAT_CLOSES]);
24132- if (!--dev->open_count) {
24133+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
24134+ if (local_dec_and_test(&dev->open_count)) {
24135 if (atomic_read(&dev->ioctl_count)) {
24136 DRM_ERROR("Device busy: %d\n",
24137 atomic_read(&dev->ioctl_count));
24138diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_global.c linux-2.6.38.2/drivers/gpu/drm/drm_global.c
24139--- linux-2.6.38.2/drivers/gpu/drm/drm_global.c 2011-03-14 21:20:32.000000000 -0400
24140+++ linux-2.6.38.2/drivers/gpu/drm/drm_global.c 2011-03-21 18:31:35.000000000 -0400
24141@@ -36,7 +36,7 @@
24142 struct drm_global_item {
24143 struct mutex mutex;
24144 void *object;
24145- int refcount;
24146+ atomic_t refcount;
24147 };
24148
24149 static struct drm_global_item glob[DRM_GLOBAL_NUM];
24150@@ -49,7 +49,7 @@ void drm_global_init(void)
24151 struct drm_global_item *item = &glob[i];
24152 mutex_init(&item->mutex);
24153 item->object = NULL;
24154- item->refcount = 0;
24155+ atomic_set(&item->refcount, 0);
24156 }
24157 }
24158
24159@@ -59,7 +59,7 @@ void drm_global_release(void)
24160 for (i = 0; i < DRM_GLOBAL_NUM; ++i) {
24161 struct drm_global_item *item = &glob[i];
24162 BUG_ON(item->object != NULL);
24163- BUG_ON(item->refcount != 0);
24164+ BUG_ON(atomic_read(&item->refcount) != 0);
24165 }
24166 }
24167
24168@@ -70,7 +70,7 @@ int drm_global_item_ref(struct drm_globa
24169 void *object;
24170
24171 mutex_lock(&item->mutex);
24172- if (item->refcount == 0) {
24173+ if (atomic_read(&item->refcount) == 0) {
24174 item->object = kzalloc(ref->size, GFP_KERNEL);
24175 if (unlikely(item->object == NULL)) {
24176 ret = -ENOMEM;
24177@@ -83,7 +83,7 @@ int drm_global_item_ref(struct drm_globa
24178 goto out_err;
24179
24180 }
24181- ++item->refcount;
24182+ atomic_inc(&item->refcount);
24183 ref->object = item->object;
24184 object = item->object;
24185 mutex_unlock(&item->mutex);
24186@@ -100,9 +100,9 @@ void drm_global_item_unref(struct drm_gl
24187 struct drm_global_item *item = &glob[ref->global_type];
24188
24189 mutex_lock(&item->mutex);
24190- BUG_ON(item->refcount == 0);
24191+ BUG_ON(atomic_read(&item->refcount) == 0);
24192 BUG_ON(ref->object != item->object);
24193- if (--item->refcount == 0) {
24194+ if (atomic_dec_and_test(&item->refcount)) {
24195 ref->release(ref);
24196 item->object = NULL;
24197 }
24198diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_info.c linux-2.6.38.2/drivers/gpu/drm/drm_info.c
24199--- linux-2.6.38.2/drivers/gpu/drm/drm_info.c 2011-03-14 21:20:32.000000000 -0400
24200+++ linux-2.6.38.2/drivers/gpu/drm/drm_info.c 2011-03-21 18:31:35.000000000 -0400
24201@@ -86,10 +86,14 @@ int drm_vm_info(struct seq_file *m, void
24202 struct drm_local_map *map;
24203 struct drm_map_list *r_list;
24204
24205- /* Hardcoded from _DRM_FRAME_BUFFER,
24206- _DRM_REGISTERS, _DRM_SHM, _DRM_AGP, and
24207- _DRM_SCATTER_GATHER and _DRM_CONSISTENT */
24208- const char *types[] = { "FB", "REG", "SHM", "AGP", "SG", "PCI" };
24209+ static const char * const types[] = {
24210+ [_DRM_FRAME_BUFFER] = "FB",
24211+ [_DRM_REGISTERS] = "REG",
24212+ [_DRM_SHM] = "SHM",
24213+ [_DRM_AGP] = "AGP",
24214+ [_DRM_SCATTER_GATHER] = "SG",
24215+ [_DRM_CONSISTENT] = "PCI",
24216+ [_DRM_GEM] = "GEM" };
24217 const char *type;
24218 int i;
24219
24220@@ -100,7 +104,7 @@ int drm_vm_info(struct seq_file *m, void
24221 map = r_list->map;
24222 if (!map)
24223 continue;
24224- if (map->type < 0 || map->type > 5)
24225+ if (map->type >= ARRAY_SIZE(types))
24226 type = "??";
24227 else
24228 type = types[map->type];
24229@@ -301,7 +305,11 @@ int drm_vma_info(struct seq_file *m, voi
24230 vma->vm_flags & VM_MAYSHARE ? 's' : 'p',
24231 vma->vm_flags & VM_LOCKED ? 'l' : '-',
24232 vma->vm_flags & VM_IO ? 'i' : '-',
24233+#ifdef CONFIG_GRKERNSEC_HIDESYM
24234+ 0);
24235+#else
24236 vma->vm_pgoff);
24237+#endif
24238
24239 #if defined(__i386__)
24240 pgprot = pgprot_val(vma->vm_page_prot);
24241diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_ioctl.c linux-2.6.38.2/drivers/gpu/drm/drm_ioctl.c
24242--- linux-2.6.38.2/drivers/gpu/drm/drm_ioctl.c 2011-03-14 21:20:32.000000000 -0400
24243+++ linux-2.6.38.2/drivers/gpu/drm/drm_ioctl.c 2011-03-21 18:31:35.000000000 -0400
24244@@ -353,7 +353,7 @@ int drm_getstats(struct drm_device *dev,
24245 stats->data[i].value =
24246 (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0);
24247 else
24248- stats->data[i].value = atomic_read(&dev->counts[i]);
24249+ stats->data[i].value = atomic_read_unchecked(&dev->counts[i]);
24250 stats->data[i].type = dev->types[i];
24251 }
24252
24253diff -urNp linux-2.6.38.2/drivers/gpu/drm/drm_lock.c linux-2.6.38.2/drivers/gpu/drm/drm_lock.c
24254--- linux-2.6.38.2/drivers/gpu/drm/drm_lock.c 2011-03-14 21:20:32.000000000 -0400
24255+++ linux-2.6.38.2/drivers/gpu/drm/drm_lock.c 2011-03-21 18:31:35.000000000 -0400
24256@@ -89,7 +89,7 @@ int drm_lock(struct drm_device *dev, voi
24257 if (drm_lock_take(&master->lock, lock->context)) {
24258 master->lock.file_priv = file_priv;
24259 master->lock.lock_time = jiffies;
24260- atomic_inc(&dev->counts[_DRM_STAT_LOCKS]);
24261+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_LOCKS]);
24262 break; /* Got lock */
24263 }
24264
24265@@ -160,7 +160,7 @@ int drm_unlock(struct drm_device *dev, v
24266 return -EINVAL;
24267 }
24268
24269- atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
24270+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_UNLOCKS]);
24271
24272 if (drm_lock_free(&master->lock, lock->context)) {
24273 /* FIXME: Should really bail out here. */
24274diff -urNp linux-2.6.38.2/drivers/gpu/drm/i810/i810_dma.c linux-2.6.38.2/drivers/gpu/drm/i810/i810_dma.c
24275--- linux-2.6.38.2/drivers/gpu/drm/i810/i810_dma.c 2011-03-14 21:20:32.000000000 -0400
24276+++ linux-2.6.38.2/drivers/gpu/drm/i810/i810_dma.c 2011-03-21 18:31:35.000000000 -0400
24277@@ -953,8 +953,8 @@ static int i810_dma_vertex(struct drm_de
24278 dma->buflist[vertex->idx],
24279 vertex->discard, vertex->used);
24280
24281- atomic_add(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
24282- atomic_inc(&dev->counts[_DRM_STAT_DMA]);
24283+ atomic_add_unchecked(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
24284+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
24285 sarea_priv->last_enqueue = dev_priv->counter - 1;
24286 sarea_priv->last_dispatch = (int)hw_status[5];
24287
24288@@ -1114,8 +1114,8 @@ static int i810_dma_mc(struct drm_device
24289 i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
24290 mc->last_render);
24291
24292- atomic_add(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
24293- atomic_inc(&dev->counts[_DRM_STAT_DMA]);
24294+ atomic_add_unchecked(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
24295+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
24296 sarea_priv->last_enqueue = dev_priv->counter - 1;
24297 sarea_priv->last_dispatch = (int)hw_status[5];
24298
24299diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7017.c linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7017.c
24300--- linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7017.c 2011-03-14 21:20:32.000000000 -0400
24301+++ linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7017.c 2011-03-21 18:31:35.000000000 -0400
24302@@ -390,7 +390,7 @@ static void ch7017_destroy(struct intel_
24303 }
24304 }
24305
24306-struct intel_dvo_dev_ops ch7017_ops = {
24307+const struct intel_dvo_dev_ops ch7017_ops = {
24308 .init = ch7017_init,
24309 .detect = ch7017_detect,
24310 .mode_valid = ch7017_mode_valid,
24311diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7xxx.c linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7xxx.c
24312--- linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7xxx.c 2011-03-14 21:20:32.000000000 -0400
24313+++ linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ch7xxx.c 2011-03-21 18:31:35.000000000 -0400
24314@@ -320,7 +320,7 @@ static void ch7xxx_destroy(struct intel_
24315 }
24316 }
24317
24318-struct intel_dvo_dev_ops ch7xxx_ops = {
24319+const struct intel_dvo_dev_ops ch7xxx_ops = {
24320 .init = ch7xxx_init,
24321 .detect = ch7xxx_detect,
24322 .mode_valid = ch7xxx_mode_valid,
24323diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/dvo.h linux-2.6.38.2/drivers/gpu/drm/i915/dvo.h
24324--- linux-2.6.38.2/drivers/gpu/drm/i915/dvo.h 2011-03-14 21:20:32.000000000 -0400
24325+++ linux-2.6.38.2/drivers/gpu/drm/i915/dvo.h 2011-03-21 18:31:35.000000000 -0400
24326@@ -122,23 +122,23 @@ struct intel_dvo_dev_ops {
24327 *
24328 * \return singly-linked list of modes or NULL if no modes found.
24329 */
24330- struct drm_display_mode *(*get_modes)(struct intel_dvo_device *dvo);
24331+ struct drm_display_mode *(* const get_modes)(struct intel_dvo_device *dvo);
24332
24333 /**
24334 * Clean up driver-specific bits of the output
24335 */
24336- void (*destroy) (struct intel_dvo_device *dvo);
24337+ void (* const destroy) (struct intel_dvo_device *dvo);
24338
24339 /**
24340 * Debugging hook to dump device registers to log file
24341 */
24342- void (*dump_regs)(struct intel_dvo_device *dvo);
24343+ void (* const dump_regs)(struct intel_dvo_device *dvo);
24344 };
24345
24346-extern struct intel_dvo_dev_ops sil164_ops;
24347-extern struct intel_dvo_dev_ops ch7xxx_ops;
24348-extern struct intel_dvo_dev_ops ivch_ops;
24349-extern struct intel_dvo_dev_ops tfp410_ops;
24350-extern struct intel_dvo_dev_ops ch7017_ops;
24351+extern const struct intel_dvo_dev_ops sil164_ops;
24352+extern const struct intel_dvo_dev_ops ch7xxx_ops;
24353+extern const struct intel_dvo_dev_ops ivch_ops;
24354+extern const struct intel_dvo_dev_ops tfp410_ops;
24355+extern const struct intel_dvo_dev_ops ch7017_ops;
24356
24357 #endif /* _INTEL_DVO_H */
24358diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ivch.c linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ivch.c
24359--- linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ivch.c 2011-03-14 21:20:32.000000000 -0400
24360+++ linux-2.6.38.2/drivers/gpu/drm/i915/dvo_ivch.c 2011-03-21 18:31:35.000000000 -0400
24361@@ -410,7 +410,7 @@ static void ivch_destroy(struct intel_dv
24362 }
24363 }
24364
24365-struct intel_dvo_dev_ops ivch_ops= {
24366+const struct intel_dvo_dev_ops ivch_ops= {
24367 .init = ivch_init,
24368 .dpms = ivch_dpms,
24369 .mode_valid = ivch_mode_valid,
24370diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/dvo_sil164.c linux-2.6.38.2/drivers/gpu/drm/i915/dvo_sil164.c
24371--- linux-2.6.38.2/drivers/gpu/drm/i915/dvo_sil164.c 2011-03-14 21:20:32.000000000 -0400
24372+++ linux-2.6.38.2/drivers/gpu/drm/i915/dvo_sil164.c 2011-03-21 18:31:35.000000000 -0400
24373@@ -252,7 +252,7 @@ static void sil164_destroy(struct intel_
24374 }
24375 }
24376
24377-struct intel_dvo_dev_ops sil164_ops = {
24378+const struct intel_dvo_dev_ops sil164_ops = {
24379 .init = sil164_init,
24380 .detect = sil164_detect,
24381 .mode_valid = sil164_mode_valid,
24382diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/dvo_tfp410.c linux-2.6.38.2/drivers/gpu/drm/i915/dvo_tfp410.c
24383--- linux-2.6.38.2/drivers/gpu/drm/i915/dvo_tfp410.c 2011-03-14 21:20:32.000000000 -0400
24384+++ linux-2.6.38.2/drivers/gpu/drm/i915/dvo_tfp410.c 2011-03-21 18:31:35.000000000 -0400
24385@@ -293,7 +293,7 @@ static void tfp410_destroy(struct intel_
24386 }
24387 }
24388
24389-struct intel_dvo_dev_ops tfp410_ops = {
24390+const struct intel_dvo_dev_ops tfp410_ops = {
24391 .init = tfp410_init,
24392 .detect = tfp410_detect,
24393 .mode_valid = tfp410_mode_valid,
24394diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/i915_dma.c linux-2.6.38.2/drivers/gpu/drm/i915/i915_dma.c
24395--- linux-2.6.38.2/drivers/gpu/drm/i915/i915_dma.c 2011-03-14 21:20:32.000000000 -0400
24396+++ linux-2.6.38.2/drivers/gpu/drm/i915/i915_dma.c 2011-03-21 18:31:35.000000000 -0400
24397@@ -1159,7 +1159,7 @@ static bool i915_switcheroo_can_switch(s
24398 bool can_switch;
24399
24400 spin_lock(&dev->count_lock);
24401- can_switch = (dev->open_count == 0);
24402+ can_switch = (local_read(&dev->open_count) == 0);
24403 spin_unlock(&dev->count_lock);
24404 return can_switch;
24405 }
24406diff -urNp linux-2.6.38.2/drivers/gpu/drm/i915/i915_drv.c linux-2.6.38.2/drivers/gpu/drm/i915/i915_drv.c
24407--- linux-2.6.38.2/drivers/gpu/drm/i915/i915_drv.c 2011-03-14 21:20:32.000000000 -0400
24408+++ linux-2.6.38.2/drivers/gpu/drm/i915/i915_drv.c 2011-03-21 18:31:35.000000000 -0400
24409@@ -673,7 +673,7 @@ static const struct dev_pm_ops i915_pm_o
24410 .restore = i915_pm_resume,
24411 };
24412
24413-static struct vm_operations_struct i915_gem_vm_ops = {
24414+static const struct vm_operations_struct i915_gem_vm_ops = {
24415 .fault = i915_gem_fault,
24416 .open = drm_gem_vm_open,
24417 .close = drm_gem_vm_close,
24418diff -urNp linux-2.6.38.2/drivers/gpu/drm/nouveau/nouveau_state.c linux-2.6.38.2/drivers/gpu/drm/nouveau/nouveau_state.c
24419--- linux-2.6.38.2/drivers/gpu/drm/nouveau/nouveau_state.c 2011-03-14 21:20:32.000000000 -0400
24420+++ linux-2.6.38.2/drivers/gpu/drm/nouveau/nouveau_state.c 2011-03-21 18:31:35.000000000 -0400
24421@@ -621,7 +621,7 @@ static bool nouveau_switcheroo_can_switc
24422 bool can_switch;
24423
24424 spin_lock(&dev->count_lock);
24425- can_switch = (dev->open_count == 0);
24426+ can_switch = (local_read(&dev->open_count) == 0);
24427 spin_unlock(&dev->count_lock);
24428 return can_switch;
24429 }
24430diff -urNp linux-2.6.38.2/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.38.2/drivers/gpu/drm/radeon/mkregtable.c
24431--- linux-2.6.38.2/drivers/gpu/drm/radeon/mkregtable.c 2011-03-14 21:20:32.000000000 -0400
24432+++ linux-2.6.38.2/drivers/gpu/drm/radeon/mkregtable.c 2011-03-21 18:31:35.000000000 -0400
24433@@ -637,14 +637,14 @@ static int parser_auth(struct table *t,
24434 regex_t mask_rex;
24435 regmatch_t match[4];
24436 char buf[1024];
24437- size_t end;
24438+ long end;
24439 int len;
24440 int done = 0;
24441 int r;
24442 unsigned o;
24443 struct offset *offset;
24444 char last_reg_s[10];
24445- int last_reg;
24446+ unsigned long last_reg;
24447
24448 if (regcomp
24449 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
24450diff -urNp linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_device.c linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_device.c
24451--- linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_device.c 2011-03-14 21:20:32.000000000 -0400
24452+++ linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_device.c 2011-03-21 18:31:35.000000000 -0400
24453@@ -673,7 +673,7 @@ static bool radeon_switcheroo_can_switch
24454 bool can_switch;
24455
24456 spin_lock(&dev->count_lock);
24457- can_switch = (dev->open_count == 0);
24458+ can_switch = (local_read(&dev->open_count) == 0);
24459 spin_unlock(&dev->count_lock);
24460 return can_switch;
24461 }
24462diff -urNp linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_state.c linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_state.c
24463--- linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_state.c 2011-03-14 21:20:32.000000000 -0400
24464+++ linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_state.c 2011-03-21 18:31:35.000000000 -0400
24465@@ -2168,7 +2168,7 @@ static int radeon_cp_clear(struct drm_de
24466 if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS)
24467 sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS;
24468
24469- if (DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes,
24470+ if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS || DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes,
24471 sarea_priv->nbox * sizeof(depth_boxes[0])))
24472 return -EFAULT;
24473
24474@@ -3031,7 +3031,7 @@ static int radeon_cp_getparam(struct drm
24475 {
24476 drm_radeon_private_t *dev_priv = dev->dev_private;
24477 drm_radeon_getparam_t *param = data;
24478- int value;
24479+ int value = 0;
24480
24481 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
24482
24483diff -urNp linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_ttm.c linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_ttm.c
24484--- linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_ttm.c 2011-03-14 21:20:32.000000000 -0400
24485+++ linux-2.6.38.2/drivers/gpu/drm/radeon/radeon_ttm.c 2011-03-21 18:31:35.000000000 -0400
24486@@ -603,8 +603,9 @@ void radeon_ttm_set_active_vram_size(str
24487 man->size = size >> PAGE_SHIFT;
24488 }
24489
24490-static struct vm_operations_struct radeon_ttm_vm_ops;
24491-static const struct vm_operations_struct *ttm_vm_ops = NULL;
24492+extern int ttm_bo_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf);
24493+extern void ttm_bo_vm_open(struct vm_area_struct *vma);
24494+extern void ttm_bo_vm_close(struct vm_area_struct *vma);
24495
24496 static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
24497 {
24498@@ -612,17 +613,22 @@ static int radeon_ttm_fault(struct vm_ar
24499 struct radeon_device *rdev;
24500 int r;
24501
24502- bo = (struct ttm_buffer_object *)vma->vm_private_data;
24503- if (bo == NULL) {
24504+ bo = (struct ttm_buffer_object *)vma->vm_private_data;
24505+ if (!bo)
24506 return VM_FAULT_NOPAGE;
24507- }
24508 rdev = radeon_get_rdev(bo->bdev);
24509 mutex_lock(&rdev->vram_mutex);
24510- r = ttm_vm_ops->fault(vma, vmf);
24511+ r = ttm_bo_vm_fault(vma, vmf);
24512 mutex_unlock(&rdev->vram_mutex);
24513 return r;
24514 }
24515
24516+static const struct vm_operations_struct radeon_ttm_vm_ops = {
24517+ .fault = radeon_ttm_fault,
24518+ .open = ttm_bo_vm_open,
24519+ .close = ttm_bo_vm_close
24520+};
24521+
24522 int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
24523 {
24524 struct drm_file *file_priv;
24525@@ -635,18 +641,11 @@ int radeon_mmap(struct file *filp, struc
24526
24527 file_priv = filp->private_data;
24528 rdev = file_priv->minor->dev->dev_private;
24529- if (rdev == NULL) {
24530+ if (!rdev)
24531 return -EINVAL;
24532- }
24533 r = ttm_bo_mmap(filp, vma, &rdev->mman.bdev);
24534- if (unlikely(r != 0)) {
24535+ if (r)
24536 return r;
24537- }
24538- if (unlikely(ttm_vm_ops == NULL)) {
24539- ttm_vm_ops = vma->vm_ops;
24540- radeon_ttm_vm_ops = *ttm_vm_ops;
24541- radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
24542- }
24543 vma->vm_ops = &radeon_ttm_vm_ops;
24544 return 0;
24545 }
24546diff -urNp linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo.c linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo.c
24547--- linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo.c 2011-03-14 21:20:32.000000000 -0400
24548+++ linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo.c 2011-03-21 18:31:35.000000000 -0400
24549@@ -40,7 +40,7 @@
24550 #include <asm/atomic.h>
24551
24552 #define TTM_ASSERT_LOCKED(param)
24553-#define TTM_DEBUG(fmt, arg...)
24554+#define TTM_DEBUG(fmt, arg...) do {} while (0)
24555 #define TTM_BO_HASH_ORDER 13
24556
24557 static int ttm_bo_setup_vm(struct ttm_buffer_object *bo);
24558diff -urNp linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo_vm.c linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo_vm.c
24559--- linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo_vm.c 2011-03-14 21:20:32.000000000 -0400
24560+++ linux-2.6.38.2/drivers/gpu/drm/ttm/ttm_bo_vm.c 2011-03-21 18:31:35.000000000 -0400
24561@@ -69,11 +69,11 @@ static struct ttm_buffer_object *ttm_bo_
24562 return best_bo;
24563 }
24564
24565-static int ttm_bo_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
24566+int ttm_bo_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
24567 {
24568 struct ttm_buffer_object *bo = (struct ttm_buffer_object *)
24569 vma->vm_private_data;
24570- struct ttm_bo_device *bdev = bo->bdev;
24571+ struct ttm_bo_device *bdev;
24572 unsigned long page_offset;
24573 unsigned long page_last;
24574 unsigned long pfn;
24575@@ -83,8 +83,12 @@ static int ttm_bo_vm_fault(struct vm_are
24576 int i;
24577 unsigned long address = (unsigned long)vmf->virtual_address;
24578 int retval = VM_FAULT_NOPAGE;
24579- struct ttm_mem_type_manager *man =
24580- &bdev->man[bo->mem.mem_type];
24581+ struct ttm_mem_type_manager *man;
24582+
24583+ if (!bo)
24584+ return VM_FAULT_NOPAGE;
24585+ bdev = bo->bdev;
24586+ man = &bdev->man[bo->mem.mem_type];
24587
24588 /*
24589 * Work around locking order reversal in fault / nopfn
24590@@ -219,22 +223,25 @@ out_unlock:
24591 ttm_bo_unreserve(bo);
24592 return retval;
24593 }
24594+EXPORT_SYMBOL(ttm_bo_vm_fault);
24595
24596-static void ttm_bo_vm_open(struct vm_area_struct *vma)
24597+void ttm_bo_vm_open(struct vm_area_struct *vma)
24598 {
24599 struct ttm_buffer_object *bo =
24600 (struct ttm_buffer_object *)vma->vm_private_data;
24601
24602 (void)ttm_bo_reference(bo);
24603 }
24604+EXPORT_SYMBOL(ttm_bo_vm_open);
24605
24606-static void ttm_bo_vm_close(struct vm_area_struct *vma)
24607+void ttm_bo_vm_close(struct vm_area_struct *vma)
24608 {
24609 struct ttm_buffer_object *bo = (struct ttm_buffer_object *)vma->vm_private_data;
24610
24611 ttm_bo_unref(&bo);
24612 vma->vm_private_data = NULL;
24613 }
24614+EXPORT_SYMBOL(ttm_bo_vm_close);
24615
24616 static const struct vm_operations_struct ttm_bo_vm_ops = {
24617 .fault = ttm_bo_vm_fault,
24618diff -urNp linux-2.6.38.2/drivers/hid/usbhid/hiddev.c linux-2.6.38.2/drivers/hid/usbhid/hiddev.c
24619--- linux-2.6.38.2/drivers/hid/usbhid/hiddev.c 2011-03-14 21:20:32.000000000 -0400
24620+++ linux-2.6.38.2/drivers/hid/usbhid/hiddev.c 2011-03-21 18:31:35.000000000 -0400
24621@@ -613,7 +613,7 @@ static long hiddev_ioctl(struct file *fi
24622 break;
24623
24624 case HIDIOCAPPLICATION:
24625- if (arg < 0 || arg >= hid->maxapplication)
24626+ if (arg >= hid->maxapplication)
24627 break;
24628
24629 for (i = 0; i < hid->maxcollection; i++)
24630diff -urNp linux-2.6.38.2/drivers/hwmon/k8temp.c linux-2.6.38.2/drivers/hwmon/k8temp.c
24631--- linux-2.6.38.2/drivers/hwmon/k8temp.c 2011-03-14 21:20:32.000000000 -0400
24632+++ linux-2.6.38.2/drivers/hwmon/k8temp.c 2011-03-21 18:31:35.000000000 -0400
24633@@ -138,7 +138,7 @@ static DEVICE_ATTR(name, S_IRUGO, show_n
24634
24635 static const struct pci_device_id k8temp_ids[] = {
24636 { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) },
24637- { 0 },
24638+ { 0, 0, 0, 0, 0, 0, 0 },
24639 };
24640
24641 MODULE_DEVICE_TABLE(pci, k8temp_ids);
24642diff -urNp linux-2.6.38.2/drivers/hwmon/sis5595.c linux-2.6.38.2/drivers/hwmon/sis5595.c
24643--- linux-2.6.38.2/drivers/hwmon/sis5595.c 2011-03-14 21:20:32.000000000 -0400
24644+++ linux-2.6.38.2/drivers/hwmon/sis5595.c 2011-03-21 18:31:35.000000000 -0400
24645@@ -701,7 +701,7 @@ static struct sis5595_data *sis5595_upda
24646
24647 static const struct pci_device_id sis5595_pci_ids[] = {
24648 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
24649- { 0, }
24650+ { 0, 0, 0, 0, 0, 0, 0 }
24651 };
24652
24653 MODULE_DEVICE_TABLE(pci, sis5595_pci_ids);
24654diff -urNp linux-2.6.38.2/drivers/hwmon/via686a.c linux-2.6.38.2/drivers/hwmon/via686a.c
24655--- linux-2.6.38.2/drivers/hwmon/via686a.c 2011-03-14 21:20:32.000000000 -0400
24656+++ linux-2.6.38.2/drivers/hwmon/via686a.c 2011-03-21 18:31:35.000000000 -0400
24657@@ -779,7 +779,7 @@ static struct via686a_data *via686a_upda
24658
24659 static const struct pci_device_id via686a_pci_ids[] = {
24660 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_82C686_4) },
24661- { 0, }
24662+ { 0, 0, 0, 0, 0, 0, 0 }
24663 };
24664
24665 MODULE_DEVICE_TABLE(pci, via686a_pci_ids);
24666diff -urNp linux-2.6.38.2/drivers/hwmon/vt8231.c linux-2.6.38.2/drivers/hwmon/vt8231.c
24667--- linux-2.6.38.2/drivers/hwmon/vt8231.c 2011-03-14 21:20:32.000000000 -0400
24668+++ linux-2.6.38.2/drivers/hwmon/vt8231.c 2011-03-21 18:31:35.000000000 -0400
24669@@ -701,7 +701,7 @@ static struct platform_driver vt8231_dri
24670
24671 static const struct pci_device_id vt8231_pci_ids[] = {
24672 { PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_8231_4) },
24673- { 0, }
24674+ { 0, 0, 0, 0, 0, 0, 0 }
24675 };
24676
24677 MODULE_DEVICE_TABLE(pci, vt8231_pci_ids);
24678diff -urNp linux-2.6.38.2/drivers/hwmon/w83791d.c linux-2.6.38.2/drivers/hwmon/w83791d.c
24679--- linux-2.6.38.2/drivers/hwmon/w83791d.c 2011-03-14 21:20:32.000000000 -0400
24680+++ linux-2.6.38.2/drivers/hwmon/w83791d.c 2011-03-21 18:31:35.000000000 -0400
24681@@ -329,8 +329,8 @@ static int w83791d_detect(struct i2c_cli
24682 struct i2c_board_info *info);
24683 static int w83791d_remove(struct i2c_client *client);
24684
24685-static int w83791d_read(struct i2c_client *client, u8 register);
24686-static int w83791d_write(struct i2c_client *client, u8 register, u8 value);
24687+static int w83791d_read(struct i2c_client *client, u8 reg);
24688+static int w83791d_write(struct i2c_client *client, u8 reg, u8 value);
24689 static struct w83791d_data *w83791d_update_device(struct device *dev);
24690
24691 #ifdef DEBUG
24692diff -urNp linux-2.6.38.2/drivers/i2c/busses/i2c-i801.c linux-2.6.38.2/drivers/i2c/busses/i2c-i801.c
24693--- linux-2.6.38.2/drivers/i2c/busses/i2c-i801.c 2011-03-14 21:20:32.000000000 -0400
24694+++ linux-2.6.38.2/drivers/i2c/busses/i2c-i801.c 2011-03-21 18:31:35.000000000 -0400
24695@@ -621,7 +621,7 @@ static const struct pci_device_id i801_i
24696 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PATSBURG_SMBUS_IDF0) },
24697 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PATSBURG_SMBUS_IDF1) },
24698 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PATSBURG_SMBUS_IDF2) },
24699- { 0, }
24700+ { 0, 0, 0, 0, 0, 0, 0 }
24701 };
24702
24703 MODULE_DEVICE_TABLE(pci, i801_ids);
24704diff -urNp linux-2.6.38.2/drivers/i2c/busses/i2c-piix4.c linux-2.6.38.2/drivers/i2c/busses/i2c-piix4.c
24705--- linux-2.6.38.2/drivers/i2c/busses/i2c-piix4.c 2011-03-14 21:20:32.000000000 -0400
24706+++ linux-2.6.38.2/drivers/i2c/busses/i2c-piix4.c 2011-03-21 18:31:35.000000000 -0400
24707@@ -124,7 +124,7 @@ static struct dmi_system_id __devinitdat
24708 .ident = "IBM",
24709 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
24710 },
24711- { },
24712+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
24713 };
24714
24715 static int __devinit piix4_setup(struct pci_dev *PIIX4_dev,
24716@@ -491,7 +491,7 @@ static const struct pci_device_id piix4_
24717 PCI_DEVICE_ID_SERVERWORKS_HT1000SB) },
24718 { PCI_DEVICE(PCI_VENDOR_ID_SERVERWORKS,
24719 PCI_DEVICE_ID_SERVERWORKS_HT1100LD) },
24720- { 0, }
24721+ { 0, 0, 0, 0, 0, 0, 0 }
24722 };
24723
24724 MODULE_DEVICE_TABLE (pci, piix4_ids);
24725diff -urNp linux-2.6.38.2/drivers/i2c/busses/i2c-sis630.c linux-2.6.38.2/drivers/i2c/busses/i2c-sis630.c
24726--- linux-2.6.38.2/drivers/i2c/busses/i2c-sis630.c 2011-03-14 21:20:32.000000000 -0400
24727+++ linux-2.6.38.2/drivers/i2c/busses/i2c-sis630.c 2011-03-21 18:31:35.000000000 -0400
24728@@ -471,7 +471,7 @@ static struct i2c_adapter sis630_adapter
24729 static const struct pci_device_id sis630_ids[] __devinitconst = {
24730 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
24731 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_LPC) },
24732- { 0, }
24733+ { 0, 0, 0, 0, 0, 0, 0 }
24734 };
24735
24736 MODULE_DEVICE_TABLE (pci, sis630_ids);
24737diff -urNp linux-2.6.38.2/drivers/i2c/busses/i2c-sis96x.c linux-2.6.38.2/drivers/i2c/busses/i2c-sis96x.c
24738--- linux-2.6.38.2/drivers/i2c/busses/i2c-sis96x.c 2011-03-14 21:20:32.000000000 -0400
24739+++ linux-2.6.38.2/drivers/i2c/busses/i2c-sis96x.c 2011-03-21 18:31:35.000000000 -0400
24740@@ -247,7 +247,7 @@ static struct i2c_adapter sis96x_adapter
24741
24742 static const struct pci_device_id sis96x_ids[] = {
24743 { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_SMBUS) },
24744- { 0, }
24745+ { 0, 0, 0, 0, 0, 0, 0 }
24746 };
24747
24748 MODULE_DEVICE_TABLE (pci, sis96x_ids);
24749diff -urNp linux-2.6.38.2/drivers/ide/ide-cd.c linux-2.6.38.2/drivers/ide/ide-cd.c
24750--- linux-2.6.38.2/drivers/ide/ide-cd.c 2011-03-14 21:20:32.000000000 -0400
24751+++ linux-2.6.38.2/drivers/ide/ide-cd.c 2011-03-21 18:31:35.000000000 -0400
24752@@ -776,7 +776,7 @@ static void cdrom_do_block_pc(ide_drive_
24753 alignment = queue_dma_alignment(q) | q->dma_pad_mask;
24754 if ((unsigned long)buf & alignment
24755 || blk_rq_bytes(rq) & q->dma_pad_mask
24756- || object_is_on_stack(buf))
24757+ || object_starts_on_stack(buf))
24758 drive->dma = 0;
24759 }
24760 }
24761diff -urNp linux-2.6.38.2/drivers/infiniband/core/cm.c linux-2.6.38.2/drivers/infiniband/core/cm.c
24762--- linux-2.6.38.2/drivers/infiniband/core/cm.c 2011-03-23 17:20:07.000000000 -0400
24763+++ linux-2.6.38.2/drivers/infiniband/core/cm.c 2011-03-23 17:21:50.000000000 -0400
24764@@ -113,7 +113,7 @@ static char const counter_group_names[CM
24765
24766 struct cm_counter_group {
24767 struct kobject obj;
24768- atomic_long_t counter[CM_ATTR_COUNT];
24769+ atomic_long_unchecked_t counter[CM_ATTR_COUNT];
24770 };
24771
24772 struct cm_counter_attribute {
24773@@ -1387,7 +1387,7 @@ static void cm_dup_req_handler(struct cm
24774 struct ib_mad_send_buf *msg = NULL;
24775 int ret;
24776
24777- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24778+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24779 counter[CM_REQ_COUNTER]);
24780
24781 /* Quick state check to discard duplicate REQs. */
24782@@ -1765,7 +1765,7 @@ static void cm_dup_rep_handler(struct cm
24783 if (!cm_id_priv)
24784 return;
24785
24786- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24787+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24788 counter[CM_REP_COUNTER]);
24789 ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg);
24790 if (ret)
24791@@ -1932,7 +1932,7 @@ static int cm_rtu_handler(struct cm_work
24792 if (cm_id_priv->id.state != IB_CM_REP_SENT &&
24793 cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) {
24794 spin_unlock_irq(&cm_id_priv->lock);
24795- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24796+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24797 counter[CM_RTU_COUNTER]);
24798 goto out;
24799 }
24800@@ -2111,7 +2111,7 @@ static int cm_dreq_handler(struct cm_wor
24801 cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id,
24802 dreq_msg->local_comm_id);
24803 if (!cm_id_priv) {
24804- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24805+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24806 counter[CM_DREQ_COUNTER]);
24807 cm_issue_drep(work->port, work->mad_recv_wc);
24808 return -EINVAL;
24809@@ -2132,7 +2132,7 @@ static int cm_dreq_handler(struct cm_wor
24810 case IB_CM_MRA_REP_RCVD:
24811 break;
24812 case IB_CM_TIMEWAIT:
24813- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24814+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24815 counter[CM_DREQ_COUNTER]);
24816 if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
24817 goto unlock;
24818@@ -2146,7 +2146,7 @@ static int cm_dreq_handler(struct cm_wor
24819 cm_free_msg(msg);
24820 goto deref;
24821 case IB_CM_DREQ_RCVD:
24822- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24823+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24824 counter[CM_DREQ_COUNTER]);
24825 goto unlock;
24826 default:
24827@@ -2504,7 +2504,7 @@ static int cm_mra_handler(struct cm_work
24828 ib_modify_mad(cm_id_priv->av.port->mad_agent,
24829 cm_id_priv->msg, timeout)) {
24830 if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD)
24831- atomic_long_inc(&work->port->
24832+ atomic_long_inc_unchecked(&work->port->
24833 counter_group[CM_RECV_DUPLICATES].
24834 counter[CM_MRA_COUNTER]);
24835 goto out;
24836@@ -2513,7 +2513,7 @@ static int cm_mra_handler(struct cm_work
24837 break;
24838 case IB_CM_MRA_REQ_RCVD:
24839 case IB_CM_MRA_REP_RCVD:
24840- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24841+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24842 counter[CM_MRA_COUNTER]);
24843 /* fall through */
24844 default:
24845@@ -2675,7 +2675,7 @@ static int cm_lap_handler(struct cm_work
24846 case IB_CM_LAP_IDLE:
24847 break;
24848 case IB_CM_MRA_LAP_SENT:
24849- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24850+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24851 counter[CM_LAP_COUNTER]);
24852 if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
24853 goto unlock;
24854@@ -2691,7 +2691,7 @@ static int cm_lap_handler(struct cm_work
24855 cm_free_msg(msg);
24856 goto deref;
24857 case IB_CM_LAP_RCVD:
24858- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24859+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24860 counter[CM_LAP_COUNTER]);
24861 goto unlock;
24862 default:
24863@@ -2975,7 +2975,7 @@ static int cm_sidr_req_handler(struct cm
24864 cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv);
24865 if (cur_cm_id_priv) {
24866 spin_unlock_irq(&cm.lock);
24867- atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
24868+ atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
24869 counter[CM_SIDR_REQ_COUNTER]);
24870 goto out; /* Duplicate message. */
24871 }
24872@@ -3187,10 +3187,10 @@ static void cm_send_handler(struct ib_ma
24873 if (!msg->context[0] && (attr_index != CM_REJ_COUNTER))
24874 msg->retries = 1;
24875
24876- atomic_long_add(1 + msg->retries,
24877+ atomic_long_add_unchecked(1 + msg->retries,
24878 &port->counter_group[CM_XMIT].counter[attr_index]);
24879 if (msg->retries)
24880- atomic_long_add(msg->retries,
24881+ atomic_long_add_unchecked(msg->retries,
24882 &port->counter_group[CM_XMIT_RETRIES].
24883 counter[attr_index]);
24884
24885@@ -3400,7 +3400,7 @@ static void cm_recv_handler(struct ib_ma
24886 }
24887
24888 attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id);
24889- atomic_long_inc(&port->counter_group[CM_RECV].
24890+ atomic_long_inc_unchecked(&port->counter_group[CM_RECV].
24891 counter[attr_id - CM_ATTR_ID_OFFSET]);
24892
24893 work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths,
24894@@ -3598,7 +3598,7 @@ static ssize_t cm_show_counter(struct ko
24895 cm_attr = container_of(attr, struct cm_counter_attribute, attr);
24896
24897 return sprintf(buf, "%ld\n",
24898- atomic_long_read(&group->counter[cm_attr->index]));
24899+ atomic_long_read_unchecked(&group->counter[cm_attr->index]));
24900 }
24901
24902 static const struct sysfs_ops cm_counter_ops = {
24903diff -urNp linux-2.6.38.2/drivers/infiniband/hw/qib/qib.h linux-2.6.38.2/drivers/infiniband/hw/qib/qib.h
24904--- linux-2.6.38.2/drivers/infiniband/hw/qib/qib.h 2011-03-14 21:20:32.000000000 -0400
24905+++ linux-2.6.38.2/drivers/infiniband/hw/qib/qib.h 2011-03-21 18:31:35.000000000 -0400
24906@@ -51,6 +51,7 @@
24907 #include <linux/completion.h>
24908 #include <linux/kref.h>
24909 #include <linux/sched.h>
24910+#include <linux/slab.h>
24911
24912 #include "qib_common.h"
24913 #include "qib_verbs.h"
24914diff -urNp linux-2.6.38.2/drivers/input/keyboard/atkbd.c linux-2.6.38.2/drivers/input/keyboard/atkbd.c
24915--- linux-2.6.38.2/drivers/input/keyboard/atkbd.c 2011-03-14 21:20:32.000000000 -0400
24916+++ linux-2.6.38.2/drivers/input/keyboard/atkbd.c 2011-03-21 18:31:35.000000000 -0400
24917@@ -1250,7 +1250,7 @@ static struct serio_device_id atkbd_seri
24918 .id = SERIO_ANY,
24919 .extra = SERIO_ANY,
24920 },
24921- { 0 }
24922+ { 0, 0, 0, 0 }
24923 };
24924
24925 MODULE_DEVICE_TABLE(serio, atkbd_serio_ids);
24926diff -urNp linux-2.6.38.2/drivers/input/mouse/lifebook.c linux-2.6.38.2/drivers/input/mouse/lifebook.c
24927--- linux-2.6.38.2/drivers/input/mouse/lifebook.c 2011-03-14 21:20:32.000000000 -0400
24928+++ linux-2.6.38.2/drivers/input/mouse/lifebook.c 2011-03-21 18:31:35.000000000 -0400
24929@@ -123,7 +123,7 @@ static const struct dmi_system_id __init
24930 DMI_MATCH(DMI_PRODUCT_NAME, "LifeBook B142"),
24931 },
24932 },
24933- { }
24934+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
24935 };
24936
24937 void __init lifebook_module_init(void)
24938diff -urNp linux-2.6.38.2/drivers/input/mouse/psmouse-base.c linux-2.6.38.2/drivers/input/mouse/psmouse-base.c
24939--- linux-2.6.38.2/drivers/input/mouse/psmouse-base.c 2011-03-14 21:20:32.000000000 -0400
24940+++ linux-2.6.38.2/drivers/input/mouse/psmouse-base.c 2011-03-21 18:31:35.000000000 -0400
24941@@ -1462,7 +1462,7 @@ static struct serio_device_id psmouse_se
24942 .id = SERIO_ANY,
24943 .extra = SERIO_ANY,
24944 },
24945- { 0 }
24946+ { 0, 0, 0, 0 }
24947 };
24948
24949 MODULE_DEVICE_TABLE(serio, psmouse_serio_ids);
24950diff -urNp linux-2.6.38.2/drivers/input/mouse/synaptics.c linux-2.6.38.2/drivers/input/mouse/synaptics.c
24951--- linux-2.6.38.2/drivers/input/mouse/synaptics.c 2011-03-14 21:20:32.000000000 -0400
24952+++ linux-2.6.38.2/drivers/input/mouse/synaptics.c 2011-03-21 18:31:35.000000000 -0400
24953@@ -559,7 +559,7 @@ static void synaptics_process_packet(str
24954 break;
24955 case 2:
24956 if (SYN_MODEL_PEN(priv->model_id))
24957- ; /* Nothing, treat a pen as a single finger */
24958+ break; /* Nothing, treat a pen as a single finger */
24959 break;
24960 case 4 ... 15:
24961 if (SYN_CAP_PALMDETECT(priv->capabilities))
24962@@ -825,7 +825,6 @@ static const struct dmi_system_id __init
24963 DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
24964 DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE M300"),
24965 },
24966-
24967 },
24968 {
24969 /* Toshiba Portege M300 */
24970@@ -834,9 +833,8 @@ static const struct dmi_system_id __init
24971 DMI_MATCH(DMI_PRODUCT_NAME, "Portable PC"),
24972 DMI_MATCH(DMI_PRODUCT_VERSION, "Version 1.0"),
24973 },
24974-
24975 },
24976- { }
24977+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
24978 #endif
24979 };
24980
24981diff -urNp linux-2.6.38.2/drivers/input/mousedev.c linux-2.6.38.2/drivers/input/mousedev.c
24982--- linux-2.6.38.2/drivers/input/mousedev.c 2011-03-14 21:20:32.000000000 -0400
24983+++ linux-2.6.38.2/drivers/input/mousedev.c 2011-03-21 18:31:35.000000000 -0400
24984@@ -764,7 +764,7 @@ static ssize_t mousedev_read(struct file
24985
24986 spin_unlock_irq(&client->packet_lock);
24987
24988- if (copy_to_user(buffer, data, count))
24989+ if (count > sizeof(data) || copy_to_user(buffer, data, count))
24990 return -EFAULT;
24991
24992 return count;
24993@@ -1067,7 +1067,7 @@ static struct input_handler mousedev_han
24994
24995 #ifdef CONFIG_INPUT_MOUSEDEV_PSAUX
24996 static struct miscdevice psaux_mouse = {
24997- PSMOUSE_MINOR, "psaux", &mousedev_fops
24998+ PSMOUSE_MINOR, "psaux", &mousedev_fops, {NULL, NULL}, NULL, NULL
24999 };
25000 static int psaux_registered;
25001 #endif
25002diff -urNp linux-2.6.38.2/drivers/input/serio/i8042-x86ia64io.h linux-2.6.38.2/drivers/input/serio/i8042-x86ia64io.h
25003--- linux-2.6.38.2/drivers/input/serio/i8042-x86ia64io.h 2011-03-14 21:20:32.000000000 -0400
25004+++ linux-2.6.38.2/drivers/input/serio/i8042-x86ia64io.h 2011-03-21 18:31:35.000000000 -0400
25005@@ -183,7 +183,7 @@ static const struct dmi_system_id __init
25006 DMI_MATCH(DMI_PRODUCT_VERSION, "Rev 1"),
25007 },
25008 },
25009- { }
25010+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
25011 };
25012
25013 /*
25014@@ -431,7 +431,7 @@ static const struct dmi_system_id __init
25015 DMI_MATCH(DMI_PRODUCT_NAME, "Vostro V13"),
25016 },
25017 },
25018- { }
25019+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
25020 };
25021
25022 static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
25023@@ -505,7 +505,7 @@ static const struct dmi_system_id __init
25024 DMI_MATCH(DMI_PRODUCT_NAME, "Vostro 1720"),
25025 },
25026 },
25027- { }
25028+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
25029 };
25030
25031 #ifdef CONFIG_PNP
25032@@ -524,7 +524,7 @@ static const struct dmi_system_id __init
25033 DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"),
25034 },
25035 },
25036- { }
25037+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
25038 };
25039
25040 static const struct dmi_system_id __initconst i8042_dmi_laptop_table[] = {
25041@@ -548,7 +548,7 @@ static const struct dmi_system_id __init
25042 DMI_MATCH(DMI_CHASSIS_TYPE, "14"), /* Sub-Notebook */
25043 },
25044 },
25045- { }
25046+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
25047 };
25048 #endif
25049
25050@@ -640,7 +640,7 @@ static const struct dmi_system_id __init
25051 DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 4280"),
25052 },
25053 },
25054- { }
25055+ { NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
25056 };
25057
25058 #endif /* CONFIG_X86 */
25059diff -urNp linux-2.6.38.2/drivers/input/serio/serio_raw.c linux-2.6.38.2/drivers/input/serio/serio_raw.c
25060--- linux-2.6.38.2/drivers/input/serio/serio_raw.c 2011-03-14 21:20:32.000000000 -0400
25061+++ linux-2.6.38.2/drivers/input/serio/serio_raw.c 2011-03-21 18:31:35.000000000 -0400
25062@@ -376,7 +376,7 @@ static struct serio_device_id serio_raw_
25063 .id = SERIO_ANY,
25064 .extra = SERIO_ANY,
25065 },
25066- { 0 }
25067+ { 0, 0, 0, 0 }
25068 };
25069
25070 MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
25071diff -urNp linux-2.6.38.2/drivers/isdn/gigaset/common.c linux-2.6.38.2/drivers/isdn/gigaset/common.c
25072--- linux-2.6.38.2/drivers/isdn/gigaset/common.c 2011-03-14 21:20:32.000000000 -0400
25073+++ linux-2.6.38.2/drivers/isdn/gigaset/common.c 2011-03-21 18:31:35.000000000 -0400
25074@@ -723,7 +723,7 @@ struct cardstate *gigaset_initcs(struct
25075 cs->commands_pending = 0;
25076 cs->cur_at_seq = 0;
25077 cs->gotfwver = -1;
25078- cs->open_count = 0;
25079+ local_set(&cs->open_count, 0);
25080 cs->dev = NULL;
25081 cs->tty = NULL;
25082 cs->tty_dev = NULL;
25083diff -urNp linux-2.6.38.2/drivers/isdn/gigaset/gigaset.h linux-2.6.38.2/drivers/isdn/gigaset/gigaset.h
25084--- linux-2.6.38.2/drivers/isdn/gigaset/gigaset.h 2011-03-14 21:20:32.000000000 -0400
25085+++ linux-2.6.38.2/drivers/isdn/gigaset/gigaset.h 2011-03-21 18:31:35.000000000 -0400
25086@@ -35,6 +35,7 @@
25087 #include <linux/tty_driver.h>
25088 #include <linux/list.h>
25089 #include <asm/atomic.h>
25090+#include <asm/local.h>
25091
25092 #define GIG_VERSION {0, 5, 0, 0}
25093 #define GIG_COMPAT {0, 4, 0, 0}
25094@@ -433,7 +434,7 @@ struct cardstate {
25095 spinlock_t cmdlock;
25096 unsigned curlen, cmdbytes;
25097
25098- unsigned open_count;
25099+ local_t open_count;
25100 struct tty_struct *tty;
25101 struct tasklet_struct if_wake_tasklet;
25102 unsigned control_state;
25103diff -urNp linux-2.6.38.2/drivers/isdn/gigaset/interface.c linux-2.6.38.2/drivers/isdn/gigaset/interface.c
25104--- linux-2.6.38.2/drivers/isdn/gigaset/interface.c 2011-03-14 21:20:32.000000000 -0400
25105+++ linux-2.6.38.2/drivers/isdn/gigaset/interface.c 2011-03-21 18:31:35.000000000 -0400
25106@@ -160,9 +160,7 @@ static int if_open(struct tty_struct *tt
25107 return -ERESTARTSYS;
25108 tty->driver_data = cs;
25109
25110- ++cs->open_count;
25111-
25112- if (cs->open_count == 1) {
25113+ if (local_inc_return(&cs->open_count) == 1) {
25114 spin_lock_irqsave(&cs->lock, flags);
25115 cs->tty = tty;
25116 spin_unlock_irqrestore(&cs->lock, flags);
25117@@ -190,10 +188,10 @@ static void if_close(struct tty_struct *
25118
25119 if (!cs->connected)
25120 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
25121- else if (!cs->open_count)
25122+ else if (!local_read(&cs->open_count))
25123 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25124 else {
25125- if (!--cs->open_count) {
25126+ if (!local_dec_return(&cs->open_count)) {
25127 spin_lock_irqsave(&cs->lock, flags);
25128 cs->tty = NULL;
25129 spin_unlock_irqrestore(&cs->lock, flags);
25130@@ -228,7 +226,7 @@ static int if_ioctl(struct tty_struct *t
25131 if (!cs->connected) {
25132 gig_dbg(DEBUG_IF, "not connected");
25133 retval = -ENODEV;
25134- } else if (!cs->open_count)
25135+ } else if (!local_read(&cs->open_count))
25136 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25137 else {
25138 retval = 0;
25139@@ -358,7 +356,7 @@ static int if_write(struct tty_struct *t
25140 retval = -ENODEV;
25141 goto done;
25142 }
25143- if (!cs->open_count) {
25144+ if (!local_read(&cs->open_count)) {
25145 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25146 retval = -ENODEV;
25147 goto done;
25148@@ -411,7 +409,7 @@ static int if_write_room(struct tty_stru
25149 if (!cs->connected) {
25150 gig_dbg(DEBUG_IF, "not connected");
25151 retval = -ENODEV;
25152- } else if (!cs->open_count)
25153+ } else if (!local_read(&cs->open_count))
25154 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25155 else if (cs->mstate != MS_LOCKED) {
25156 dev_warn(cs->dev, "can't write to unlocked device\n");
25157@@ -441,7 +439,7 @@ static int if_chars_in_buffer(struct tty
25158
25159 if (!cs->connected)
25160 gig_dbg(DEBUG_IF, "not connected");
25161- else if (!cs->open_count)
25162+ else if (!local_read(&cs->open_count))
25163 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25164 else if (cs->mstate != MS_LOCKED)
25165 dev_warn(cs->dev, "can't write to unlocked device\n");
25166@@ -469,7 +467,7 @@ static void if_throttle(struct tty_struc
25167
25168 if (!cs->connected)
25169 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
25170- else if (!cs->open_count)
25171+ else if (!local_read(&cs->open_count))
25172 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25173 else
25174 gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__);
25175@@ -493,7 +491,7 @@ static void if_unthrottle(struct tty_str
25176
25177 if (!cs->connected)
25178 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
25179- else if (!cs->open_count)
25180+ else if (!local_read(&cs->open_count))
25181 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25182 else
25183 gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__);
25184@@ -524,7 +522,7 @@ static void if_set_termios(struct tty_st
25185 goto out;
25186 }
25187
25188- if (!cs->open_count) {
25189+ if (!local_read(&cs->open_count)) {
25190 dev_warn(cs->dev, "%s: device not opened\n", __func__);
25191 goto out;
25192 }
25193diff -urNp linux-2.6.38.2/drivers/isdn/hardware/avm/b1.c linux-2.6.38.2/drivers/isdn/hardware/avm/b1.c
25194--- linux-2.6.38.2/drivers/isdn/hardware/avm/b1.c 2011-03-14 21:20:32.000000000 -0400
25195+++ linux-2.6.38.2/drivers/isdn/hardware/avm/b1.c 2011-03-21 18:31:35.000000000 -0400
25196@@ -176,7 +176,7 @@ int b1_load_t4file(avmcard *card, capilo
25197 }
25198 if (left) {
25199 if (t4file->user) {
25200- if (copy_from_user(buf, dp, left))
25201+ if (left > sizeof buf || copy_from_user(buf, dp, left))
25202 return -EFAULT;
25203 } else {
25204 memcpy(buf, dp, left);
25205@@ -224,7 +224,7 @@ int b1_load_config(avmcard *card, capilo
25206 }
25207 if (left) {
25208 if (config->user) {
25209- if (copy_from_user(buf, dp, left))
25210+ if (left > sizeof buf || copy_from_user(buf, dp, left))
25211 return -EFAULT;
25212 } else {
25213 memcpy(buf, dp, left);
25214diff -urNp linux-2.6.38.2/drivers/isdn/icn/icn.c linux-2.6.38.2/drivers/isdn/icn/icn.c
25215--- linux-2.6.38.2/drivers/isdn/icn/icn.c 2011-03-14 21:20:32.000000000 -0400
25216+++ linux-2.6.38.2/drivers/isdn/icn/icn.c 2011-03-21 18:31:35.000000000 -0400
25217@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char * buf, int len
25218 if (count > len)
25219 count = len;
25220 if (user) {
25221- if (copy_from_user(msg, buf, count))
25222+ if (count > sizeof msg || copy_from_user(msg, buf, count))
25223 return -EFAULT;
25224 } else
25225 memcpy(msg, buf, count);
25226diff -urNp linux-2.6.38.2/drivers/leds/leds-lp5521.c linux-2.6.38.2/drivers/leds/leds-lp5521.c
25227--- linux-2.6.38.2/drivers/leds/leds-lp5521.c 2011-03-14 21:20:32.000000000 -0400
25228+++ linux-2.6.38.2/drivers/leds/leds-lp5521.c 2011-03-21 18:31:35.000000000 -0400
25229@@ -534,7 +534,7 @@ static ssize_t lp5521_selftest(struct de
25230 }
25231
25232 /* led class device attributes */
25233-static DEVICE_ATTR(led_current, S_IRUGO | S_IWUGO, show_current, store_current);
25234+static DEVICE_ATTR(led_current, S_IRUGO | S_IWUSR, show_current, store_current);
25235 static DEVICE_ATTR(max_current, S_IRUGO , show_max_current, NULL);
25236
25237 static struct attribute *lp5521_led_attributes[] = {
25238@@ -548,15 +548,15 @@ static struct attribute_group lp5521_led
25239 };
25240
25241 /* device attributes */
25242-static DEVICE_ATTR(engine1_mode, S_IRUGO | S_IWUGO,
25243+static DEVICE_ATTR(engine1_mode, S_IRUGO | S_IWUSR,
25244 show_engine1_mode, store_engine1_mode);
25245-static DEVICE_ATTR(engine2_mode, S_IRUGO | S_IWUGO,
25246+static DEVICE_ATTR(engine2_mode, S_IRUGO | S_IWUSR,
25247 show_engine2_mode, store_engine2_mode);
25248-static DEVICE_ATTR(engine3_mode, S_IRUGO | S_IWUGO,
25249+static DEVICE_ATTR(engine3_mode, S_IRUGO | S_IWUSR,
25250 show_engine3_mode, store_engine3_mode);
25251-static DEVICE_ATTR(engine1_load, S_IWUGO, NULL, store_engine1_load);
25252-static DEVICE_ATTR(engine2_load, S_IWUGO, NULL, store_engine2_load);
25253-static DEVICE_ATTR(engine3_load, S_IWUGO, NULL, store_engine3_load);
25254+static DEVICE_ATTR(engine1_load, S_IWUSR, NULL, store_engine1_load);
25255+static DEVICE_ATTR(engine2_load, S_IWUSR, NULL, store_engine2_load);
25256+static DEVICE_ATTR(engine3_load, S_IWUSR, NULL, store_engine3_load);
25257 static DEVICE_ATTR(selftest, S_IRUGO, lp5521_selftest, NULL);
25258
25259 static struct attribute *lp5521_attributes[] = {
25260diff -urNp linux-2.6.38.2/drivers/leds/leds-lp5523.c linux-2.6.38.2/drivers/leds/leds-lp5523.c
25261--- linux-2.6.38.2/drivers/leds/leds-lp5523.c 2011-03-14 21:20:32.000000000 -0400
25262+++ linux-2.6.38.2/drivers/leds/leds-lp5523.c 2011-03-21 18:31:35.000000000 -0400
25263@@ -713,7 +713,7 @@ static ssize_t store_current(struct devi
25264 }
25265
25266 /* led class device attributes */
25267-static DEVICE_ATTR(led_current, S_IRUGO | S_IWUGO, show_current, store_current);
25268+static DEVICE_ATTR(led_current, S_IRUGO | S_IWUSR, show_current, store_current);
25269 static DEVICE_ATTR(max_current, S_IRUGO , show_max_current, NULL);
25270
25271 static struct attribute *lp5523_led_attributes[] = {
25272@@ -727,21 +727,21 @@ static struct attribute_group lp5523_led
25273 };
25274
25275 /* device attributes */
25276-static DEVICE_ATTR(engine1_mode, S_IRUGO | S_IWUGO,
25277+static DEVICE_ATTR(engine1_mode, S_IRUGO | S_IWUSR,
25278 show_engine1_mode, store_engine1_mode);
25279-static DEVICE_ATTR(engine2_mode, S_IRUGO | S_IWUGO,
25280+static DEVICE_ATTR(engine2_mode, S_IRUGO | S_IWUSR,
25281 show_engine2_mode, store_engine2_mode);
25282-static DEVICE_ATTR(engine3_mode, S_IRUGO | S_IWUGO,
25283+static DEVICE_ATTR(engine3_mode, S_IRUGO | S_IWUSR,
25284 show_engine3_mode, store_engine3_mode);
25285-static DEVICE_ATTR(engine1_leds, S_IRUGO | S_IWUGO,
25286+static DEVICE_ATTR(engine1_leds, S_IRUGO | S_IWUSR,
25287 show_engine1_leds, store_engine1_leds);
25288-static DEVICE_ATTR(engine2_leds, S_IRUGO | S_IWUGO,
25289+static DEVICE_ATTR(engine2_leds, S_IRUGO | S_IWUSR,
25290 show_engine2_leds, store_engine2_leds);
25291-static DEVICE_ATTR(engine3_leds, S_IRUGO | S_IWUGO,
25292+static DEVICE_ATTR(engine3_leds, S_IRUGO | S_IWUSR,
25293 show_engine3_leds, store_engine3_leds);
25294-static DEVICE_ATTR(engine1_load, S_IWUGO, NULL, store_engine1_load);
25295-static DEVICE_ATTR(engine2_load, S_IWUGO, NULL, store_engine2_load);
25296-static DEVICE_ATTR(engine3_load, S_IWUGO, NULL, store_engine3_load);
25297+static DEVICE_ATTR(engine1_load, S_IWUSR, NULL, store_engine1_load);
25298+static DEVICE_ATTR(engine2_load, S_IWUSR, NULL, store_engine2_load);
25299+static DEVICE_ATTR(engine3_load, S_IWUSR, NULL, store_engine3_load);
25300 static DEVICE_ATTR(selftest, S_IRUGO, lp5523_selftest, NULL);
25301
25302 static struct attribute *lp5523_attributes[] = {
25303diff -urNp linux-2.6.38.2/drivers/lguest/core.c linux-2.6.38.2/drivers/lguest/core.c
25304--- linux-2.6.38.2/drivers/lguest/core.c 2011-03-14 21:20:32.000000000 -0400
25305+++ linux-2.6.38.2/drivers/lguest/core.c 2011-03-21 18:31:35.000000000 -0400
25306@@ -92,9 +92,17 @@ static __init int map_switcher(void)
25307 * it's worked so far. The end address needs +1 because __get_vm_area
25308 * allocates an extra guard page, so we need space for that.
25309 */
25310+
25311+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
25312+ switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
25313+ VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
25314+ + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
25315+#else
25316 switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
25317 VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR
25318 + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
25319+#endif
25320+
25321 if (!switcher_vma) {
25322 err = -ENOMEM;
25323 printk("lguest: could not map switcher pages high\n");
25324@@ -119,7 +127,7 @@ static __init int map_switcher(void)
25325 * Now the Switcher is mapped at the right address, we can't fail!
25326 * Copy in the compiled-in Switcher code (from <arch>_switcher.S).
25327 */
25328- memcpy(switcher_vma->addr, start_switcher_text,
25329+ memcpy(switcher_vma->addr, ktla_ktva(start_switcher_text),
25330 end_switcher_text - start_switcher_text);
25331
25332 printk(KERN_INFO "lguest: mapped switcher at %p\n",
25333diff -urNp linux-2.6.38.2/drivers/lguest/x86/core.c linux-2.6.38.2/drivers/lguest/x86/core.c
25334--- linux-2.6.38.2/drivers/lguest/x86/core.c 2011-03-14 21:20:32.000000000 -0400
25335+++ linux-2.6.38.2/drivers/lguest/x86/core.c 2011-03-21 18:31:35.000000000 -0400
25336@@ -59,7 +59,7 @@ static struct {
25337 /* Offset from where switcher.S was compiled to where we've copied it */
25338 static unsigned long switcher_offset(void)
25339 {
25340- return SWITCHER_ADDR - (unsigned long)start_switcher_text;
25341+ return SWITCHER_ADDR - (unsigned long)ktla_ktva(start_switcher_text);
25342 }
25343
25344 /* This cpu's struct lguest_pages. */
25345@@ -100,7 +100,13 @@ static void copy_in_guest_info(struct lg
25346 * These copies are pretty cheap, so we do them unconditionally: */
25347 /* Save the current Host top-level page directory.
25348 */
25349+
25350+#ifdef CONFIG_PAX_PER_CPU_PGD
25351+ pages->state.host_cr3 = read_cr3();
25352+#else
25353 pages->state.host_cr3 = __pa(current->mm->pgd);
25354+#endif
25355+
25356 /*
25357 * Set up the Guest's page tables to see this CPU's pages (and no
25358 * other CPU's pages).
25359@@ -547,7 +553,7 @@ void __init lguest_arch_host_init(void)
25360 * compiled-in switcher code and the high-mapped copy we just made.
25361 */
25362 for (i = 0; i < IDT_ENTRIES; i++)
25363- default_idt_entries[i] += switcher_offset();
25364+ default_idt_entries[i] = ktla_ktva(default_idt_entries[i]) + switcher_offset();
25365
25366 /*
25367 * Set up the Switcher's per-cpu areas.
25368@@ -630,7 +636,7 @@ void __init lguest_arch_host_init(void)
25369 * it will be undisturbed when we switch. To change %cs and jump we
25370 * need this structure to feed to Intel's "lcall" instruction.
25371 */
25372- lguest_entry.offset = (long)switch_to_guest + switcher_offset();
25373+ lguest_entry.offset = (long)ktla_ktva(switch_to_guest) + switcher_offset();
25374 lguest_entry.segment = LGUEST_CS;
25375
25376 /*
25377diff -urNp linux-2.6.38.2/drivers/lguest/x86/switcher_32.S linux-2.6.38.2/drivers/lguest/x86/switcher_32.S
25378--- linux-2.6.38.2/drivers/lguest/x86/switcher_32.S 2011-03-14 21:20:32.000000000 -0400
25379+++ linux-2.6.38.2/drivers/lguest/x86/switcher_32.S 2011-03-21 18:31:35.000000000 -0400
25380@@ -87,6 +87,7 @@
25381 #include <asm/page.h>
25382 #include <asm/segment.h>
25383 #include <asm/lguest.h>
25384+#include <asm/processor-flags.h>
25385
25386 // We mark the start of the code to copy
25387 // It's placed in .text tho it's never run here
25388@@ -149,6 +150,13 @@ ENTRY(switch_to_guest)
25389 // Changes type when we load it: damn Intel!
25390 // For after we switch over our page tables
25391 // That entry will be read-only: we'd crash.
25392+
25393+#ifdef CONFIG_PAX_KERNEXEC
25394+ mov %cr0, %edx
25395+ xor $X86_CR0_WP, %edx
25396+ mov %edx, %cr0
25397+#endif
25398+
25399 movl $(GDT_ENTRY_TSS*8), %edx
25400 ltr %dx
25401
25402@@ -157,9 +165,15 @@ ENTRY(switch_to_guest)
25403 // Let's clear it again for our return.
25404 // The GDT descriptor of the Host
25405 // Points to the table after two "size" bytes
25406- movl (LGUEST_PAGES_host_gdt_desc+2)(%eax), %edx
25407+ movl (LGUEST_PAGES_host_gdt_desc+2)(%eax), %eax
25408 // Clear "used" from type field (byte 5, bit 2)
25409- andb $0xFD, (GDT_ENTRY_TSS*8 + 5)(%edx)
25410+ andb $0xFD, (GDT_ENTRY_TSS*8 + 5)(%eax)
25411+
25412+#ifdef CONFIG_PAX_KERNEXEC
25413+ mov %cr0, %eax
25414+ xor $X86_CR0_WP, %eax
25415+ mov %eax, %cr0
25416+#endif
25417
25418 // Once our page table's switched, the Guest is live!
25419 // The Host fades as we run this final step.
25420@@ -295,13 +309,12 @@ deliver_to_host:
25421 // I consulted gcc, and it gave
25422 // These instructions, which I gladly credit:
25423 leal (%edx,%ebx,8), %eax
25424- movzwl (%eax),%edx
25425- movl 4(%eax), %eax
25426- xorw %ax, %ax
25427- orl %eax, %edx
25428+ movl 4(%eax), %edx
25429+ movw (%eax), %dx
25430 // Now the address of the handler's in %edx
25431 // We call it now: its "iret" drops us home.
25432- jmp *%edx
25433+ ljmp $__KERNEL_CS, $1f
25434+1: jmp *%edx
25435
25436 // Every interrupt can come to us here
25437 // But we must truly tell each apart.
25438diff -urNp linux-2.6.38.2/drivers/md/bitmap.c linux-2.6.38.2/drivers/md/bitmap.c
25439--- linux-2.6.38.2/drivers/md/bitmap.c 2011-03-14 21:20:32.000000000 -0400
25440+++ linux-2.6.38.2/drivers/md/bitmap.c 2011-03-21 18:31:35.000000000 -0400
25441@@ -55,7 +55,7 @@
25442 # if DEBUG > 0
25443 # define PRINTK(x...) printk(KERN_DEBUG x)
25444 # else
25445-# define PRINTK(x...)
25446+# define PRINTK(x...) do {} while (0)
25447 # endif
25448 #endif
25449
25450diff -urNp linux-2.6.38.2/drivers/md/dm-ioctl.c linux-2.6.38.2/drivers/md/dm-ioctl.c
25451--- linux-2.6.38.2/drivers/md/dm-ioctl.c 2011-03-14 21:20:32.000000000 -0400
25452+++ linux-2.6.38.2/drivers/md/dm-ioctl.c 2011-03-21 18:31:35.000000000 -0400
25453@@ -1541,7 +1541,7 @@ static int validate_params(uint cmd, str
25454 cmd == DM_LIST_VERSIONS_CMD)
25455 return 0;
25456
25457- if ((cmd == DM_DEV_CREATE_CMD)) {
25458+ if (cmd == DM_DEV_CREATE_CMD) {
25459 if (!*param->name) {
25460 DMWARN("name not supplied when creating device");
25461 return -EINVAL;
25462diff -urNp linux-2.6.38.2/drivers/md/dm-table.c linux-2.6.38.2/drivers/md/dm-table.c
25463--- linux-2.6.38.2/drivers/md/dm-table.c 2011-03-14 21:20:32.000000000 -0400
25464+++ linux-2.6.38.2/drivers/md/dm-table.c 2011-03-21 18:31:35.000000000 -0400
25465@@ -372,7 +372,7 @@ static int device_area_is_invalid(struct
25466 if (!dev_size)
25467 return 0;
25468
25469- if ((start >= dev_size) || (start + len > dev_size)) {
25470+ if ((start >= dev_size) || (len > dev_size - start)) {
25471 DMWARN("%s: %s too small for target: "
25472 "start=%llu, len=%llu, dev_size=%llu",
25473 dm_device_name(ti->table->md), bdevname(bdev, b),
25474diff -urNp linux-2.6.38.2/drivers/md/md.c linux-2.6.38.2/drivers/md/md.c
25475--- linux-2.6.38.2/drivers/md/md.c 2011-03-14 21:20:32.000000000 -0400
25476+++ linux-2.6.38.2/drivers/md/md.c 2011-03-21 18:31:35.000000000 -0400
25477@@ -1889,7 +1889,7 @@ static int bind_rdev_to_array(mdk_rdev_t
25478
25479 ko = &part_to_dev(rdev->bdev->bd_part)->kobj;
25480 if (sysfs_create_link(&rdev->kobj, ko, "block"))
25481- /* failure here is OK */;
25482+ /* failure here is OK */{}
25483 rdev->sysfs_state = sysfs_get_dirent_safe(rdev->kobj.sd, "state");
25484
25485 list_add_rcu(&rdev->same_set, &mddev->disks);
25486@@ -2499,7 +2499,7 @@ slot_store(mdk_rdev_t *rdev, const char
25487 sysfs_notify_dirent_safe(rdev->sysfs_state);
25488 sprintf(nm, "rd%d", rdev->raid_disk);
25489 if (sysfs_create_link(&rdev->mddev->kobj, &rdev->kobj, nm))
25490- /* failure here is OK */;
25491+ /* failure here is OK */{}
25492 /* don't wakeup anyone, leave that to userspace. */
25493 } else {
25494 if (slot >= rdev->mddev->raid_disks &&
25495@@ -4594,7 +4594,7 @@ int md_run(mddev_t *mddev)
25496 char nm[20];
25497 sprintf(nm, "rd%d", rdev->raid_disk);
25498 if (sysfs_create_link(&mddev->kobj, &rdev->kobj, nm))
25499- /* failure here is OK */;
25500+ /* failure here is OK */{}
25501 }
25502
25503 set_bit(MD_RECOVERY_NEEDED, &mddev->recovery);
25504@@ -6462,7 +6462,7 @@ static int md_seq_show(struct seq_file *
25505 chunk_kb ? "KB" : "B");
25506 if (bitmap->file) {
25507 seq_printf(seq, ", file: ");
25508- seq_path(seq, &bitmap->file->f_path, " \t\n");
25509+ seq_path(seq, &bitmap->file->f_path, " \t\n\\");
25510 }
25511
25512 seq_printf(seq, "\n");
25513@@ -6556,7 +6556,7 @@ static int is_mddev_idle(mddev_t *mddev,
25514 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
25515 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
25516 (int)part_stat_read(&disk->part0, sectors[1]) -
25517- atomic_read(&disk->sync_io);
25518+ atomic_read_unchecked(&disk->sync_io);
25519 /* sync IO will cause sync_io to increase before the disk_stats
25520 * as sync_io is counted when a request starts, and
25521 * disk_stats is counted when it completes.
25522@@ -7070,7 +7070,7 @@ static int remove_and_add_spares(mddev_t
25523 sprintf(nm, "rd%d", rdev->raid_disk);
25524 if (sysfs_create_link(&mddev->kobj,
25525 &rdev->kobj, nm))
25526- /* failure here is OK */;
25527+ /* failure here is OK */{}
25528 spares++;
25529 md_new_event(mddev);
25530 set_bit(MD_CHANGE_DEVS, &mddev->flags);
25531diff -urNp linux-2.6.38.2/drivers/md/md.h linux-2.6.38.2/drivers/md/md.h
25532--- linux-2.6.38.2/drivers/md/md.h 2011-03-14 21:20:32.000000000 -0400
25533+++ linux-2.6.38.2/drivers/md/md.h 2011-03-21 18:31:35.000000000 -0400
25534@@ -360,7 +360,7 @@ static inline void rdev_dec_pending(mdk_
25535
25536 static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
25537 {
25538- atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
25539+ atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
25540 }
25541
25542 struct mdk_personality
25543diff -urNp linux-2.6.38.2/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.38.2/drivers/media/dvb/dvb-core/dvbdev.c
25544--- linux-2.6.38.2/drivers/media/dvb/dvb-core/dvbdev.c 2011-03-14 21:20:32.000000000 -0400
25545+++ linux-2.6.38.2/drivers/media/dvb/dvb-core/dvbdev.c 2011-03-21 18:31:35.000000000 -0400
25546@@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapt
25547 const struct dvb_device *template, void *priv, int type)
25548 {
25549 struct dvb_device *dvbdev;
25550- struct file_operations *dvbdevfops;
25551+ struct file_operations *dvbdevfops; /* cannot be const, see this function */
25552 struct device *clsdev;
25553 int minor;
25554 int id;
25555diff -urNp linux-2.6.38.2/drivers/media/radio/radio-cadet.c linux-2.6.38.2/drivers/media/radio/radio-cadet.c
25556--- linux-2.6.38.2/drivers/media/radio/radio-cadet.c 2011-03-14 21:20:32.000000000 -0400
25557+++ linux-2.6.38.2/drivers/media/radio/radio-cadet.c 2011-03-21 18:31:35.000000000 -0400
25558@@ -349,7 +349,7 @@ static ssize_t cadet_read(struct file *f
25559 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
25560 mutex_unlock(&dev->lock);
25561
25562- if (copy_to_user(data, readbuf, i))
25563+ if (i > sizeof readbuf || copy_to_user(data, readbuf, i))
25564 return -EFAULT;
25565 return i;
25566 }
25567diff -urNp linux-2.6.38.2/drivers/media/rc/ir-lirc-codec.c linux-2.6.38.2/drivers/media/rc/ir-lirc-codec.c
25568--- linux-2.6.38.2/drivers/media/rc/ir-lirc-codec.c 2011-03-14 21:20:32.000000000 -0400
25569+++ linux-2.6.38.2/drivers/media/rc/ir-lirc-codec.c 2011-03-21 18:31:35.000000000 -0400
25570@@ -277,7 +277,7 @@ static void ir_lirc_close(void *data)
25571 return;
25572 }
25573
25574-static struct file_operations lirc_fops = {
25575+static const struct file_operations lirc_fops = {
25576 .owner = THIS_MODULE,
25577 .write = ir_lirc_transmit_ir,
25578 .unlocked_ioctl = ir_lirc_ioctl,
25579diff -urNp linux-2.6.38.2/drivers/media/rc/lirc_dev.c linux-2.6.38.2/drivers/media/rc/lirc_dev.c
25580--- linux-2.6.38.2/drivers/media/rc/lirc_dev.c 2011-03-14 21:20:32.000000000 -0400
25581+++ linux-2.6.38.2/drivers/media/rc/lirc_dev.c 2011-03-21 18:31:35.000000000 -0400
25582@@ -151,7 +151,7 @@ static int lirc_thread(void *irctl)
25583 }
25584
25585
25586-static struct file_operations lirc_dev_fops = {
25587+static const struct file_operations lirc_dev_fops = {
25588 .owner = THIS_MODULE,
25589 .read = lirc_dev_fop_read,
25590 .write = lirc_dev_fop_write,
25591diff -urNp linux-2.6.38.2/drivers/media/video/sn9c102/sn9c102_core.c linux-2.6.38.2/drivers/media/video/sn9c102/sn9c102_core.c
25592--- linux-2.6.38.2/drivers/media/video/sn9c102/sn9c102_core.c 2011-03-14 21:20:32.000000000 -0400
25593+++ linux-2.6.38.2/drivers/media/video/sn9c102/sn9c102_core.c 2011-03-21 18:31:35.000000000 -0400
25594@@ -1430,9 +1430,9 @@ static DEVICE_ATTR(i2c_reg, S_IRUGO | S_
25595 sn9c102_show_i2c_reg, sn9c102_store_i2c_reg);
25596 static DEVICE_ATTR(i2c_val, S_IRUGO | S_IWUSR,
25597 sn9c102_show_i2c_val, sn9c102_store_i2c_val);
25598-static DEVICE_ATTR(green, S_IWUGO, NULL, sn9c102_store_green);
25599-static DEVICE_ATTR(blue, S_IWUGO, NULL, sn9c102_store_blue);
25600-static DEVICE_ATTR(red, S_IWUGO, NULL, sn9c102_store_red);
25601+static DEVICE_ATTR(green, S_IWUSR, NULL, sn9c102_store_green);
25602+static DEVICE_ATTR(blue, S_IWUSR, NULL, sn9c102_store_blue);
25603+static DEVICE_ATTR(red, S_IWUSR, NULL, sn9c102_store_red);
25604 static DEVICE_ATTR(frame_header, S_IRUGO, sn9c102_show_frame_header, NULL);
25605
25606
25607diff -urNp linux-2.6.38.2/drivers/message/fusion/mptbase.c linux-2.6.38.2/drivers/message/fusion/mptbase.c
25608--- linux-2.6.38.2/drivers/message/fusion/mptbase.c 2011-03-14 21:20:32.000000000 -0400
25609+++ linux-2.6.38.2/drivers/message/fusion/mptbase.c 2011-03-21 18:31:35.000000000 -0400
25610@@ -6683,8 +6683,13 @@ static int mpt_iocinfo_proc_show(struct
25611 seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth);
25612 seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize);
25613
25614+#ifdef CONFIG_GRKERNSEC_HIDESYM
25615+ seq_printf(m, " RequestFrames @ 0x%p (Dma @ 0x%p)\n", NULL, NULL);
25616+#else
25617 seq_printf(m, " RequestFrames @ 0x%p (Dma @ 0x%p)\n",
25618 (void *)ioc->req_frames, (void *)(ulong)ioc->req_frames_dma);
25619+#endif
25620+
25621 /*
25622 * Rounding UP to nearest 4-kB boundary here...
25623 */
25624diff -urNp linux-2.6.38.2/drivers/message/fusion/mptdebug.h linux-2.6.38.2/drivers/message/fusion/mptdebug.h
25625--- linux-2.6.38.2/drivers/message/fusion/mptdebug.h 2011-03-14 21:20:32.000000000 -0400
25626+++ linux-2.6.38.2/drivers/message/fusion/mptdebug.h 2011-03-21 18:31:35.000000000 -0400
25627@@ -71,7 +71,7 @@
25628 CMD; \
25629 }
25630 #else
25631-#define MPT_CHECK_LOGGING(IOC, CMD, BITS)
25632+#define MPT_CHECK_LOGGING(IOC, CMD, BITS) do {} while (0)
25633 #endif
25634
25635
25636diff -urNp linux-2.6.38.2/drivers/message/fusion/mptsas.c linux-2.6.38.2/drivers/message/fusion/mptsas.c
25637--- linux-2.6.38.2/drivers/message/fusion/mptsas.c 2011-03-14 21:20:32.000000000 -0400
25638+++ linux-2.6.38.2/drivers/message/fusion/mptsas.c 2011-03-21 18:31:35.000000000 -0400
25639@@ -439,6 +439,23 @@ mptsas_is_end_device(struct mptsas_devin
25640 return 0;
25641 }
25642
25643+static inline void
25644+mptsas_set_rphy(MPT_ADAPTER *ioc, struct mptsas_phyinfo *phy_info, struct sas_rphy *rphy)
25645+{
25646+ if (phy_info->port_details) {
25647+ phy_info->port_details->rphy = rphy;
25648+ dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sas_rphy_add: rphy=%p\n",
25649+ ioc->name, rphy));
25650+ }
25651+
25652+ if (rphy) {
25653+ dsaswideprintk(ioc, dev_printk(KERN_DEBUG,
25654+ &rphy->dev, MYIOC_s_FMT "add:", ioc->name));
25655+ dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "rphy=%p release=%p\n",
25656+ ioc->name, rphy, rphy->dev.release));
25657+ }
25658+}
25659+
25660 /* no mutex */
25661 static void
25662 mptsas_port_delete(MPT_ADAPTER *ioc, struct mptsas_portinfo_details * port_details)
25663@@ -477,23 +494,6 @@ mptsas_get_rphy(struct mptsas_phyinfo *p
25664 return NULL;
25665 }
25666
25667-static inline void
25668-mptsas_set_rphy(MPT_ADAPTER *ioc, struct mptsas_phyinfo *phy_info, struct sas_rphy *rphy)
25669-{
25670- if (phy_info->port_details) {
25671- phy_info->port_details->rphy = rphy;
25672- dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sas_rphy_add: rphy=%p\n",
25673- ioc->name, rphy));
25674- }
25675-
25676- if (rphy) {
25677- dsaswideprintk(ioc, dev_printk(KERN_DEBUG,
25678- &rphy->dev, MYIOC_s_FMT "add:", ioc->name));
25679- dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "rphy=%p release=%p\n",
25680- ioc->name, rphy, rphy->dev.release));
25681- }
25682-}
25683-
25684 static inline struct sas_port *
25685 mptsas_get_port(struct mptsas_phyinfo *phy_info)
25686 {
25687diff -urNp linux-2.6.38.2/drivers/message/fusion/mptscsih.c linux-2.6.38.2/drivers/message/fusion/mptscsih.c
25688--- linux-2.6.38.2/drivers/message/fusion/mptscsih.c 2011-03-14 21:20:32.000000000 -0400
25689+++ linux-2.6.38.2/drivers/message/fusion/mptscsih.c 2011-03-21 18:31:35.000000000 -0400
25690@@ -1268,15 +1268,16 @@ mptscsih_info(struct Scsi_Host *SChost)
25691
25692 h = shost_priv(SChost);
25693
25694- if (h) {
25695- if (h->info_kbuf == NULL)
25696- if ((h->info_kbuf = kmalloc(0x1000 /* 4Kb */, GFP_KERNEL)) == NULL)
25697- return h->info_kbuf;
25698- h->info_kbuf[0] = '\0';
25699+ if (!h)
25700+ return NULL;
25701
25702- mpt_print_ioc_summary(h->ioc, h->info_kbuf, &size, 0, 0);
25703- h->info_kbuf[size-1] = '\0';
25704- }
25705+ if (h->info_kbuf == NULL)
25706+ if ((h->info_kbuf = kmalloc(0x1000 /* 4Kb */, GFP_KERNEL)) == NULL)
25707+ return h->info_kbuf;
25708+ h->info_kbuf[0] = '\0';
25709+
25710+ mpt_print_ioc_summary(h->ioc, h->info_kbuf, &size, 0, 0);
25711+ h->info_kbuf[size-1] = '\0';
25712
25713 return h->info_kbuf;
25714 }
25715diff -urNp linux-2.6.38.2/drivers/message/i2o/i2o_proc.c linux-2.6.38.2/drivers/message/i2o/i2o_proc.c
25716--- linux-2.6.38.2/drivers/message/i2o/i2o_proc.c 2011-03-14 21:20:32.000000000 -0400
25717+++ linux-2.6.38.2/drivers/message/i2o/i2o_proc.c 2011-03-21 18:31:35.000000000 -0400
25718@@ -255,13 +255,6 @@ static char *scsi_devices[] = {
25719 "Array Controller Device"
25720 };
25721
25722-static char *chtostr(u8 * chars, int n)
25723-{
25724- char tmp[256];
25725- tmp[0] = 0;
25726- return strncat(tmp, (char *)chars, n);
25727-}
25728-
25729 static int i2o_report_query_status(struct seq_file *seq, int block_status,
25730 char *group)
25731 {
25732@@ -838,8 +831,7 @@ static int i2o_seq_show_ddm_table(struct
25733
25734 seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id);
25735 seq_printf(seq, "%-#8x", ddm_table.module_id);
25736- seq_printf(seq, "%-29s",
25737- chtostr(ddm_table.module_name_version, 28));
25738+ seq_printf(seq, "%-.28s", ddm_table.module_name_version);
25739 seq_printf(seq, "%9d ", ddm_table.data_size);
25740 seq_printf(seq, "%8d", ddm_table.code_size);
25741
25742@@ -940,8 +932,8 @@ static int i2o_seq_show_drivers_stored(s
25743
25744 seq_printf(seq, "%-#7x", dst->i2o_vendor_id);
25745 seq_printf(seq, "%-#8x", dst->module_id);
25746- seq_printf(seq, "%-29s", chtostr(dst->module_name_version, 28));
25747- seq_printf(seq, "%-9s", chtostr(dst->date, 8));
25748+ seq_printf(seq, "%-.28s", dst->module_name_version);
25749+ seq_printf(seq, "%-.8s", dst->date);
25750 seq_printf(seq, "%8d ", dst->module_size);
25751 seq_printf(seq, "%8d ", dst->mpb_size);
25752 seq_printf(seq, "0x%04x", dst->module_flags);
25753@@ -1272,14 +1264,10 @@ static int i2o_seq_show_dev_identity(str
25754 seq_printf(seq, "Device Class : %s\n", i2o_get_class_name(work16[0]));
25755 seq_printf(seq, "Owner TID : %0#5x\n", work16[2]);
25756 seq_printf(seq, "Parent TID : %0#5x\n", work16[3]);
25757- seq_printf(seq, "Vendor info : %s\n",
25758- chtostr((u8 *) (work32 + 2), 16));
25759- seq_printf(seq, "Product info : %s\n",
25760- chtostr((u8 *) (work32 + 6), 16));
25761- seq_printf(seq, "Description : %s\n",
25762- chtostr((u8 *) (work32 + 10), 16));
25763- seq_printf(seq, "Product rev. : %s\n",
25764- chtostr((u8 *) (work32 + 14), 8));
25765+ seq_printf(seq, "Vendor info : %.16s\n", (u8 *) (work32 + 2));
25766+ seq_printf(seq, "Product info : %.16s\n", (u8 *) (work32 + 6));
25767+ seq_printf(seq, "Description : %.16s\n", (u8 *) (work32 + 10));
25768+ seq_printf(seq, "Product rev. : %.8s\n", (u8 *) (work32 + 14));
25769
25770 seq_printf(seq, "Serial number : ");
25771 print_serial_number(seq, (u8 *) (work32 + 16),
25772@@ -1324,10 +1312,8 @@ static int i2o_seq_show_ddm_identity(str
25773 }
25774
25775 seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid);
25776- seq_printf(seq, "Module name : %s\n",
25777- chtostr(result.module_name, 24));
25778- seq_printf(seq, "Module revision : %s\n",
25779- chtostr(result.module_rev, 8));
25780+ seq_printf(seq, "Module name : %.24s\n", result.module_name);
25781+ seq_printf(seq, "Module revision : %.8s\n", result.module_rev);
25782
25783 seq_printf(seq, "Serial number : ");
25784 print_serial_number(seq, result.serial_number, sizeof(result) - 36);
25785@@ -1358,14 +1344,10 @@ static int i2o_seq_show_uinfo(struct seq
25786 return 0;
25787 }
25788
25789- seq_printf(seq, "Device name : %s\n",
25790- chtostr(result.device_name, 64));
25791- seq_printf(seq, "Service name : %s\n",
25792- chtostr(result.service_name, 64));
25793- seq_printf(seq, "Physical name : %s\n",
25794- chtostr(result.physical_location, 64));
25795- seq_printf(seq, "Instance number : %s\n",
25796- chtostr(result.instance_number, 4));
25797+ seq_printf(seq, "Device name : %.64s\n", result.device_name);
25798+ seq_printf(seq, "Service name : %.64s\n", result.service_name);
25799+ seq_printf(seq, "Physical name : %.64s\n", result.physical_location);
25800+ seq_printf(seq, "Instance number : %.4s\n", result.instance_number);
25801
25802 return 0;
25803 }
25804diff -urNp linux-2.6.38.2/drivers/mfd/ab3100-core.c linux-2.6.38.2/drivers/mfd/ab3100-core.c
25805--- linux-2.6.38.2/drivers/mfd/ab3100-core.c 2011-03-14 21:20:32.000000000 -0400
25806+++ linux-2.6.38.2/drivers/mfd/ab3100-core.c 2011-03-21 18:31:35.000000000 -0400
25807@@ -613,7 +613,7 @@ static void ab3100_setup_debugfs(struct
25808 ab3100_get_priv.ab3100 = ab3100;
25809 ab3100_get_priv.mode = false;
25810 ab3100_get_reg_file = debugfs_create_file("get_reg",
25811- S_IWUGO, ab3100_dir, &ab3100_get_priv,
25812+ S_IWUSR, ab3100_dir, &ab3100_get_priv,
25813 &ab3100_get_set_reg_fops);
25814 if (!ab3100_get_reg_file) {
25815 err = -ENOMEM;
25816@@ -623,7 +623,7 @@ static void ab3100_setup_debugfs(struct
25817 ab3100_set_priv.ab3100 = ab3100;
25818 ab3100_set_priv.mode = true;
25819 ab3100_set_reg_file = debugfs_create_file("set_reg",
25820- S_IWUGO, ab3100_dir, &ab3100_set_priv,
25821+ S_IWUSR, ab3100_dir, &ab3100_set_priv,
25822 &ab3100_get_set_reg_fops);
25823 if (!ab3100_set_reg_file) {
25824 err = -ENOMEM;
25825diff -urNp linux-2.6.38.2/drivers/mfd/ab3550-core.c linux-2.6.38.2/drivers/mfd/ab3550-core.c
25826--- linux-2.6.38.2/drivers/mfd/ab3550-core.c 2011-03-14 21:20:32.000000000 -0400
25827+++ linux-2.6.38.2/drivers/mfd/ab3550-core.c 2011-03-21 18:31:35.000000000 -0400
25828@@ -1053,17 +1053,17 @@ static inline void ab3550_setup_debugfs(
25829 goto exit_destroy_dir;
25830
25831 ab3550_bank_file = debugfs_create_file("register-bank",
25832- (S_IRUGO | S_IWUGO), ab3550_dir, ab, &ab3550_bank_fops);
25833+ (S_IRUGO | S_IWUSR), ab3550_dir, ab, &ab3550_bank_fops);
25834 if (!ab3550_bank_file)
25835 goto exit_destroy_reg;
25836
25837 ab3550_address_file = debugfs_create_file("register-address",
25838- (S_IRUGO | S_IWUGO), ab3550_dir, ab, &ab3550_address_fops);
25839+ (S_IRUGO | S_IWUSR), ab3550_dir, ab, &ab3550_address_fops);
25840 if (!ab3550_address_file)
25841 goto exit_destroy_bank;
25842
25843 ab3550_val_file = debugfs_create_file("register-value",
25844- (S_IRUGO | S_IWUGO), ab3550_dir, ab, &ab3550_val_fops);
25845+ (S_IRUGO | S_IWUSR), ab3550_dir, ab, &ab3550_val_fops);
25846 if (!ab3550_val_file)
25847 goto exit_destroy_address;
25848
25849diff -urNp linux-2.6.38.2/drivers/mfd/ab8500-debugfs.c linux-2.6.38.2/drivers/mfd/ab8500-debugfs.c
25850--- linux-2.6.38.2/drivers/mfd/ab8500-debugfs.c 2011-03-14 21:20:32.000000000 -0400
25851+++ linux-2.6.38.2/drivers/mfd/ab8500-debugfs.c 2011-03-21 18:31:35.000000000 -0400
25852@@ -585,18 +585,18 @@ static int __devinit ab8500_debug_probe(
25853 goto exit_destroy_dir;
25854
25855 ab8500_bank_file = debugfs_create_file("register-bank",
25856- (S_IRUGO | S_IWUGO), ab8500_dir, &plf->dev, &ab8500_bank_fops);
25857+ (S_IRUGO | S_IWUSR), ab8500_dir, &plf->dev, &ab8500_bank_fops);
25858 if (!ab8500_bank_file)
25859 goto exit_destroy_reg;
25860
25861 ab8500_address_file = debugfs_create_file("register-address",
25862- (S_IRUGO | S_IWUGO), ab8500_dir, &plf->dev,
25863+ (S_IRUGO | S_IWUSR), ab8500_dir, &plf->dev,
25864 &ab8500_address_fops);
25865 if (!ab8500_address_file)
25866 goto exit_destroy_bank;
25867
25868 ab8500_val_file = debugfs_create_file("register-value",
25869- (S_IRUGO | S_IWUGO), ab8500_dir, &plf->dev, &ab8500_val_fops);
25870+ (S_IRUGO | S_IWUSR), ab8500_dir, &plf->dev, &ab8500_val_fops);
25871 if (!ab8500_val_file)
25872 goto exit_destroy_address;
25873
25874diff -urNp linux-2.6.38.2/drivers/mfd/janz-cmodio.c linux-2.6.38.2/drivers/mfd/janz-cmodio.c
25875--- linux-2.6.38.2/drivers/mfd/janz-cmodio.c 2011-03-14 21:20:32.000000000 -0400
25876+++ linux-2.6.38.2/drivers/mfd/janz-cmodio.c 2011-03-21 18:31:35.000000000 -0400
25877@@ -13,6 +13,7 @@
25878
25879 #include <linux/kernel.h>
25880 #include <linux/module.h>
25881+#include <linux/slab.h>
25882 #include <linux/init.h>
25883 #include <linux/pci.h>
25884 #include <linux/interrupt.h>
25885diff -urNp linux-2.6.38.2/drivers/misc/ep93xx_pwm.c linux-2.6.38.2/drivers/misc/ep93xx_pwm.c
25886--- linux-2.6.38.2/drivers/misc/ep93xx_pwm.c 2011-03-14 21:20:32.000000000 -0400
25887+++ linux-2.6.38.2/drivers/misc/ep93xx_pwm.c 2011-03-21 18:31:35.000000000 -0400
25888@@ -249,11 +249,11 @@ static ssize_t ep93xx_pwm_set_invert(str
25889
25890 static DEVICE_ATTR(min_freq, S_IRUGO, ep93xx_pwm_get_min_freq, NULL);
25891 static DEVICE_ATTR(max_freq, S_IRUGO, ep93xx_pwm_get_max_freq, NULL);
25892-static DEVICE_ATTR(freq, S_IWUGO | S_IRUGO,
25893+static DEVICE_ATTR(freq, S_IWUSR | S_IRUGO,
25894 ep93xx_pwm_get_freq, ep93xx_pwm_set_freq);
25895-static DEVICE_ATTR(duty_percent, S_IWUGO | S_IRUGO,
25896+static DEVICE_ATTR(duty_percent, S_IWUSR | S_IRUGO,
25897 ep93xx_pwm_get_duty_percent, ep93xx_pwm_set_duty_percent);
25898-static DEVICE_ATTR(invert, S_IWUGO | S_IRUGO,
25899+static DEVICE_ATTR(invert, S_IWUSR | S_IRUGO,
25900 ep93xx_pwm_get_invert, ep93xx_pwm_set_invert);
25901
25902 static struct attribute *ep93xx_pwm_attrs[] = {
25903diff -urNp linux-2.6.38.2/drivers/misc/kgdbts.c linux-2.6.38.2/drivers/misc/kgdbts.c
25904--- linux-2.6.38.2/drivers/misc/kgdbts.c 2011-03-14 21:20:32.000000000 -0400
25905+++ linux-2.6.38.2/drivers/misc/kgdbts.c 2011-03-21 18:31:35.000000000 -0400
25906@@ -118,7 +118,7 @@
25907 } while (0)
25908 #define MAX_CONFIG_LEN 40
25909
25910-static struct kgdb_io kgdbts_io_ops;
25911+static const struct kgdb_io kgdbts_io_ops;
25912 static char get_buf[BUFMAX];
25913 static int get_buf_cnt;
25914 static char put_buf[BUFMAX];
25915@@ -1103,7 +1103,7 @@ static void kgdbts_post_exp_handler(void
25916 module_put(THIS_MODULE);
25917 }
25918
25919-static struct kgdb_io kgdbts_io_ops = {
25920+static const struct kgdb_io kgdbts_io_ops = {
25921 .name = "kgdbts",
25922 .read_char = kgdbts_get_char,
25923 .write_char = kgdbts_put_char,
25924diff -urNp linux-2.6.38.2/drivers/misc/sgi-gru/gruhandles.c linux-2.6.38.2/drivers/misc/sgi-gru/gruhandles.c
25925--- linux-2.6.38.2/drivers/misc/sgi-gru/gruhandles.c 2011-03-14 21:20:32.000000000 -0400
25926+++ linux-2.6.38.2/drivers/misc/sgi-gru/gruhandles.c 2011-03-21 18:31:35.000000000 -0400
25927@@ -44,8 +44,8 @@ static void update_mcs_stats(enum mcs_op
25928 unsigned long nsec;
25929
25930 nsec = CLKS2NSEC(clks);
25931- atomic_long_inc(&mcs_op_statistics[op].count);
25932- atomic_long_add(nsec, &mcs_op_statistics[op].total);
25933+ atomic_long_inc_unchecked(&mcs_op_statistics[op].count);
25934+ atomic_long_add_unchecked(nsec, &mcs_op_statistics[op].total);
25935 if (mcs_op_statistics[op].max < nsec)
25936 mcs_op_statistics[op].max = nsec;
25937 }
25938diff -urNp linux-2.6.38.2/drivers/misc/sgi-gru/gruprocfs.c linux-2.6.38.2/drivers/misc/sgi-gru/gruprocfs.c
25939--- linux-2.6.38.2/drivers/misc/sgi-gru/gruprocfs.c 2011-03-14 21:20:32.000000000 -0400
25940+++ linux-2.6.38.2/drivers/misc/sgi-gru/gruprocfs.c 2011-03-21 18:31:35.000000000 -0400
25941@@ -32,9 +32,9 @@
25942
25943 #define printstat(s, f) printstat_val(s, &gru_stats.f, #f)
25944
25945-static void printstat_val(struct seq_file *s, atomic_long_t *v, char *id)
25946+static void printstat_val(struct seq_file *s, atomic_long_unchecked_t *v, char *id)
25947 {
25948- unsigned long val = atomic_long_read(v);
25949+ unsigned long val = atomic_long_read_unchecked(v);
25950
25951 seq_printf(s, "%16lu %s\n", val, id);
25952 }
25953@@ -134,8 +134,8 @@ static int mcs_statistics_show(struct se
25954
25955 seq_printf(s, "%-20s%12s%12s%12s\n", "#id", "count", "aver-clks", "max-clks");
25956 for (op = 0; op < mcsop_last; op++) {
25957- count = atomic_long_read(&mcs_op_statistics[op].count);
25958- total = atomic_long_read(&mcs_op_statistics[op].total);
25959+ count = atomic_long_read_unchecked(&mcs_op_statistics[op].count);
25960+ total = atomic_long_read_unchecked(&mcs_op_statistics[op].total);
25961 max = mcs_op_statistics[op].max;
25962 seq_printf(s, "%-20s%12ld%12ld%12ld\n", id[op], count,
25963 count ? total / count : 0, max);
25964diff -urNp linux-2.6.38.2/drivers/misc/sgi-gru/grutables.h linux-2.6.38.2/drivers/misc/sgi-gru/grutables.h
25965--- linux-2.6.38.2/drivers/misc/sgi-gru/grutables.h 2011-03-14 21:20:32.000000000 -0400
25966+++ linux-2.6.38.2/drivers/misc/sgi-gru/grutables.h 2011-03-21 18:31:35.000000000 -0400
25967@@ -167,82 +167,82 @@ extern unsigned int gru_max_gids;
25968 * GRU statistics.
25969 */
25970 struct gru_stats_s {
25971- atomic_long_t vdata_alloc;
25972- atomic_long_t vdata_free;
25973- atomic_long_t gts_alloc;
25974- atomic_long_t gts_free;
25975- atomic_long_t gms_alloc;
25976- atomic_long_t gms_free;
25977- atomic_long_t gts_double_allocate;
25978- atomic_long_t assign_context;
25979- atomic_long_t assign_context_failed;
25980- atomic_long_t free_context;
25981- atomic_long_t load_user_context;
25982- atomic_long_t load_kernel_context;
25983- atomic_long_t lock_kernel_context;
25984- atomic_long_t unlock_kernel_context;
25985- atomic_long_t steal_user_context;
25986- atomic_long_t steal_kernel_context;
25987- atomic_long_t steal_context_failed;
25988- atomic_long_t nopfn;
25989- atomic_long_t asid_new;
25990- atomic_long_t asid_next;
25991- atomic_long_t asid_wrap;
25992- atomic_long_t asid_reuse;
25993- atomic_long_t intr;
25994- atomic_long_t intr_cbr;
25995- atomic_long_t intr_tfh;
25996- atomic_long_t intr_spurious;
25997- atomic_long_t intr_mm_lock_failed;
25998- atomic_long_t call_os;
25999- atomic_long_t call_os_wait_queue;
26000- atomic_long_t user_flush_tlb;
26001- atomic_long_t user_unload_context;
26002- atomic_long_t user_exception;
26003- atomic_long_t set_context_option;
26004- atomic_long_t check_context_retarget_intr;
26005- atomic_long_t check_context_unload;
26006- atomic_long_t tlb_dropin;
26007- atomic_long_t tlb_preload_page;
26008- atomic_long_t tlb_dropin_fail_no_asid;
26009- atomic_long_t tlb_dropin_fail_upm;
26010- atomic_long_t tlb_dropin_fail_invalid;
26011- atomic_long_t tlb_dropin_fail_range_active;
26012- atomic_long_t tlb_dropin_fail_idle;
26013- atomic_long_t tlb_dropin_fail_fmm;
26014- atomic_long_t tlb_dropin_fail_no_exception;
26015- atomic_long_t tfh_stale_on_fault;
26016- atomic_long_t mmu_invalidate_range;
26017- atomic_long_t mmu_invalidate_page;
26018- atomic_long_t flush_tlb;
26019- atomic_long_t flush_tlb_gru;
26020- atomic_long_t flush_tlb_gru_tgh;
26021- atomic_long_t flush_tlb_gru_zero_asid;
26022-
26023- atomic_long_t copy_gpa;
26024- atomic_long_t read_gpa;
26025-
26026- atomic_long_t mesq_receive;
26027- atomic_long_t mesq_receive_none;
26028- atomic_long_t mesq_send;
26029- atomic_long_t mesq_send_failed;
26030- atomic_long_t mesq_noop;
26031- atomic_long_t mesq_send_unexpected_error;
26032- atomic_long_t mesq_send_lb_overflow;
26033- atomic_long_t mesq_send_qlimit_reached;
26034- atomic_long_t mesq_send_amo_nacked;
26035- atomic_long_t mesq_send_put_nacked;
26036- atomic_long_t mesq_page_overflow;
26037- atomic_long_t mesq_qf_locked;
26038- atomic_long_t mesq_qf_noop_not_full;
26039- atomic_long_t mesq_qf_switch_head_failed;
26040- atomic_long_t mesq_qf_unexpected_error;
26041- atomic_long_t mesq_noop_unexpected_error;
26042- atomic_long_t mesq_noop_lb_overflow;
26043- atomic_long_t mesq_noop_qlimit_reached;
26044- atomic_long_t mesq_noop_amo_nacked;
26045- atomic_long_t mesq_noop_put_nacked;
26046- atomic_long_t mesq_noop_page_overflow;
26047+ atomic_long_unchecked_t vdata_alloc;
26048+ atomic_long_unchecked_t vdata_free;
26049+ atomic_long_unchecked_t gts_alloc;
26050+ atomic_long_unchecked_t gts_free;
26051+ atomic_long_unchecked_t gms_alloc;
26052+ atomic_long_unchecked_t gms_free;
26053+ atomic_long_unchecked_t gts_double_allocate;
26054+ atomic_long_unchecked_t assign_context;
26055+ atomic_long_unchecked_t assign_context_failed;
26056+ atomic_long_unchecked_t free_context;
26057+ atomic_long_unchecked_t load_user_context;
26058+ atomic_long_unchecked_t load_kernel_context;
26059+ atomic_long_unchecked_t lock_kernel_context;
26060+ atomic_long_unchecked_t unlock_kernel_context;
26061+ atomic_long_unchecked_t steal_user_context;
26062+ atomic_long_unchecked_t steal_kernel_context;
26063+ atomic_long_unchecked_t steal_context_failed;
26064+ atomic_long_unchecked_t nopfn;
26065+ atomic_long_unchecked_t asid_new;
26066+ atomic_long_unchecked_t asid_next;
26067+ atomic_long_unchecked_t asid_wrap;
26068+ atomic_long_unchecked_t asid_reuse;
26069+ atomic_long_unchecked_t intr;
26070+ atomic_long_unchecked_t intr_cbr;
26071+ atomic_long_unchecked_t intr_tfh;
26072+ atomic_long_unchecked_t intr_spurious;
26073+ atomic_long_unchecked_t intr_mm_lock_failed;
26074+ atomic_long_unchecked_t call_os;
26075+ atomic_long_unchecked_t call_os_wait_queue;
26076+ atomic_long_unchecked_t user_flush_tlb;
26077+ atomic_long_unchecked_t user_unload_context;
26078+ atomic_long_unchecked_t user_exception;
26079+ atomic_long_unchecked_t set_context_option;
26080+ atomic_long_unchecked_t check_context_retarget_intr;
26081+ atomic_long_unchecked_t check_context_unload;
26082+ atomic_long_unchecked_t tlb_dropin;
26083+ atomic_long_unchecked_t tlb_preload_page;
26084+ atomic_long_unchecked_t tlb_dropin_fail_no_asid;
26085+ atomic_long_unchecked_t tlb_dropin_fail_upm;
26086+ atomic_long_unchecked_t tlb_dropin_fail_invalid;
26087+ atomic_long_unchecked_t tlb_dropin_fail_range_active;
26088+ atomic_long_unchecked_t tlb_dropin_fail_idle;
26089+ atomic_long_unchecked_t tlb_dropin_fail_fmm;
26090+ atomic_long_unchecked_t tlb_dropin_fail_no_exception;
26091+ atomic_long_unchecked_t tfh_stale_on_fault;
26092+ atomic_long_unchecked_t mmu_invalidate_range;
26093+ atomic_long_unchecked_t mmu_invalidate_page;
26094+ atomic_long_unchecked_t flush_tlb;
26095+ atomic_long_unchecked_t flush_tlb_gru;
26096+ atomic_long_unchecked_t flush_tlb_gru_tgh;
26097+ atomic_long_unchecked_t flush_tlb_gru_zero_asid;
26098+
26099+ atomic_long_unchecked_t copy_gpa;
26100+ atomic_long_unchecked_t read_gpa;
26101+
26102+ atomic_long_unchecked_t mesq_receive;
26103+ atomic_long_unchecked_t mesq_receive_none;
26104+ atomic_long_unchecked_t mesq_send;
26105+ atomic_long_unchecked_t mesq_send_failed;
26106+ atomic_long_unchecked_t mesq_noop;
26107+ atomic_long_unchecked_t mesq_send_unexpected_error;
26108+ atomic_long_unchecked_t mesq_send_lb_overflow;
26109+ atomic_long_unchecked_t mesq_send_qlimit_reached;
26110+ atomic_long_unchecked_t mesq_send_amo_nacked;
26111+ atomic_long_unchecked_t mesq_send_put_nacked;
26112+ atomic_long_unchecked_t mesq_page_overflow;
26113+ atomic_long_unchecked_t mesq_qf_locked;
26114+ atomic_long_unchecked_t mesq_qf_noop_not_full;
26115+ atomic_long_unchecked_t mesq_qf_switch_head_failed;
26116+ atomic_long_unchecked_t mesq_qf_unexpected_error;
26117+ atomic_long_unchecked_t mesq_noop_unexpected_error;
26118+ atomic_long_unchecked_t mesq_noop_lb_overflow;
26119+ atomic_long_unchecked_t mesq_noop_qlimit_reached;
26120+ atomic_long_unchecked_t mesq_noop_amo_nacked;
26121+ atomic_long_unchecked_t mesq_noop_put_nacked;
26122+ atomic_long_unchecked_t mesq_noop_page_overflow;
26123
26124 };
26125
26126@@ -251,8 +251,8 @@ enum mcs_op {cchop_allocate, cchop_start
26127 tghop_invalidate, mcsop_last};
26128
26129 struct mcs_op_statistic {
26130- atomic_long_t count;
26131- atomic_long_t total;
26132+ atomic_long_unchecked_t count;
26133+ atomic_long_unchecked_t total;
26134 unsigned long max;
26135 };
26136
26137@@ -275,7 +275,7 @@ extern struct mcs_op_statistic mcs_op_st
26138
26139 #define STAT(id) do { \
26140 if (gru_options & OPT_STATS) \
26141- atomic_long_inc(&gru_stats.id); \
26142+ atomic_long_inc_unchecked(&gru_stats.id); \
26143 } while (0)
26144
26145 #ifdef CONFIG_SGI_GRU_DEBUG
26146diff -urNp linux-2.6.38.2/drivers/mtd/devices/doc2000.c linux-2.6.38.2/drivers/mtd/devices/doc2000.c
26147--- linux-2.6.38.2/drivers/mtd/devices/doc2000.c 2011-03-14 21:20:32.000000000 -0400
26148+++ linux-2.6.38.2/drivers/mtd/devices/doc2000.c 2011-03-21 18:31:35.000000000 -0400
26149@@ -776,7 +776,7 @@ static int doc_write(struct mtd_info *mt
26150
26151 /* The ECC will not be calculated correctly if less than 512 is written */
26152 /* DBB-
26153- if (len != 0x200 && eccbuf)
26154+ if (len != 0x200)
26155 printk(KERN_WARNING
26156 "ECC needs a full sector write (adr: %lx size %lx)\n",
26157 (long) to, (long) len);
26158diff -urNp linux-2.6.38.2/drivers/mtd/devices/doc2001.c linux-2.6.38.2/drivers/mtd/devices/doc2001.c
26159--- linux-2.6.38.2/drivers/mtd/devices/doc2001.c 2011-03-14 21:20:32.000000000 -0400
26160+++ linux-2.6.38.2/drivers/mtd/devices/doc2001.c 2011-03-21 18:31:35.000000000 -0400
26161@@ -393,7 +393,7 @@ static int doc_read (struct mtd_info *mt
26162 struct Nand *mychip = &this->chips[from >> (this->chipshift)];
26163
26164 /* Don't allow read past end of device */
26165- if (from >= this->totlen)
26166+ if (from >= this->totlen || !len)
26167 return -EINVAL;
26168
26169 /* Don't allow a single read to cross a 512-byte block boundary */
26170diff -urNp linux-2.6.38.2/drivers/mtd/nand/denali.c linux-2.6.38.2/drivers/mtd/nand/denali.c
26171--- linux-2.6.38.2/drivers/mtd/nand/denali.c 2011-03-14 21:20:32.000000000 -0400
26172+++ linux-2.6.38.2/drivers/mtd/nand/denali.c 2011-03-21 18:31:35.000000000 -0400
26173@@ -25,6 +25,7 @@
26174 #include <linux/pci.h>
26175 #include <linux/mtd/mtd.h>
26176 #include <linux/module.h>
26177+#include <linux/slab.h>
26178
26179 #include "denali.h"
26180
26181diff -urNp linux-2.6.38.2/drivers/mtd/ubi/build.c linux-2.6.38.2/drivers/mtd/ubi/build.c
26182--- linux-2.6.38.2/drivers/mtd/ubi/build.c 2011-03-14 21:20:32.000000000 -0400
26183+++ linux-2.6.38.2/drivers/mtd/ubi/build.c 2011-03-21 18:31:35.000000000 -0400
26184@@ -1285,7 +1285,7 @@ module_exit(ubi_exit);
26185 static int __init bytes_str_to_int(const char *str)
26186 {
26187 char *endp;
26188- unsigned long result;
26189+ unsigned long result, scale = 1;
26190
26191 result = simple_strtoul(str, &endp, 0);
26192 if (str == endp || result >= INT_MAX) {
26193@@ -1296,11 +1296,11 @@ static int __init bytes_str_to_int(const
26194
26195 switch (*endp) {
26196 case 'G':
26197- result *= 1024;
26198+ scale *= 1024;
26199 case 'M':
26200- result *= 1024;
26201+ scale *= 1024;
26202 case 'K':
26203- result *= 1024;
26204+ scale *= 1024;
26205 if (endp[1] == 'i' && endp[2] == 'B')
26206 endp += 2;
26207 case '\0':
26208@@ -1311,7 +1311,13 @@ static int __init bytes_str_to_int(const
26209 return -EINVAL;
26210 }
26211
26212- return result;
26213+ if ((intoverflow_t)result*scale >= INT_MAX) {
26214+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
26215+ str);
26216+ return -EINVAL;
26217+ }
26218+
26219+ return result*scale;
26220 }
26221
26222 /**
26223diff -urNp linux-2.6.38.2/drivers/net/e1000e/82571.c linux-2.6.38.2/drivers/net/e1000e/82571.c
26224--- linux-2.6.38.2/drivers/net/e1000e/82571.c 2011-03-14 21:20:32.000000000 -0400
26225+++ linux-2.6.38.2/drivers/net/e1000e/82571.c 2011-03-21 18:31:35.000000000 -0400
26226@@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(s
26227 {
26228 struct e1000_hw *hw = &adapter->hw;
26229 struct e1000_mac_info *mac = &hw->mac;
26230- struct e1000_mac_operations *func = &mac->ops;
26231+ struct e1000_mac_operations *func = &mac->ops; /* cannot be const */
26232 u32 swsm = 0;
26233 u32 swsm2 = 0;
26234 bool force_clear_smbi = false;
26235@@ -1930,7 +1930,7 @@ static void e1000_clear_hw_cntrs_82571(s
26236 er32(ICRXDMTC);
26237 }
26238
26239-static struct e1000_mac_operations e82571_mac_ops = {
26240+static const struct e1000_mac_operations e82571_mac_ops = {
26241 /* .check_mng_mode: mac type dependent */
26242 /* .check_for_link: media type dependent */
26243 .id_led_init = e1000e_id_led_init,
26244@@ -1952,7 +1952,7 @@ static struct e1000_mac_operations e8257
26245 .read_mac_addr = e1000_read_mac_addr_82571,
26246 };
26247
26248-static struct e1000_phy_operations e82_phy_ops_igp = {
26249+static const struct e1000_phy_operations e82_phy_ops_igp = {
26250 .acquire = e1000_get_hw_semaphore_82571,
26251 .check_polarity = e1000_check_polarity_igp,
26252 .check_reset_block = e1000e_check_reset_block_generic,
26253@@ -1970,7 +1970,7 @@ static struct e1000_phy_operations e82_p
26254 .cfg_on_link_up = NULL,
26255 };
26256
26257-static struct e1000_phy_operations e82_phy_ops_m88 = {
26258+static const struct e1000_phy_operations e82_phy_ops_m88 = {
26259 .acquire = e1000_get_hw_semaphore_82571,
26260 .check_polarity = e1000_check_polarity_m88,
26261 .check_reset_block = e1000e_check_reset_block_generic,
26262@@ -1988,7 +1988,7 @@ static struct e1000_phy_operations e82_p
26263 .cfg_on_link_up = NULL,
26264 };
26265
26266-static struct e1000_phy_operations e82_phy_ops_bm = {
26267+static const struct e1000_phy_operations e82_phy_ops_bm = {
26268 .acquire = e1000_get_hw_semaphore_82571,
26269 .check_polarity = e1000_check_polarity_m88,
26270 .check_reset_block = e1000e_check_reset_block_generic,
26271@@ -2006,7 +2006,7 @@ static struct e1000_phy_operations e82_p
26272 .cfg_on_link_up = NULL,
26273 };
26274
26275-static struct e1000_nvm_operations e82571_nvm_ops = {
26276+static const struct e1000_nvm_operations e82571_nvm_ops = {
26277 .acquire = e1000_acquire_nvm_82571,
26278 .read = e1000e_read_nvm_eerd,
26279 .release = e1000_release_nvm_82571,
26280diff -urNp linux-2.6.38.2/drivers/net/e1000e/e1000.h linux-2.6.38.2/drivers/net/e1000e/e1000.h
26281--- linux-2.6.38.2/drivers/net/e1000e/e1000.h 2011-03-14 21:20:32.000000000 -0400
26282+++ linux-2.6.38.2/drivers/net/e1000e/e1000.h 2011-03-21 18:31:35.000000000 -0400
26283@@ -408,9 +408,9 @@ struct e1000_info {
26284 u32 pba;
26285 u32 max_hw_frame_size;
26286 s32 (*get_variants)(struct e1000_adapter *);
26287- struct e1000_mac_operations *mac_ops;
26288- struct e1000_phy_operations *phy_ops;
26289- struct e1000_nvm_operations *nvm_ops;
26290+ const struct e1000_mac_operations *mac_ops;
26291+ const struct e1000_phy_operations *phy_ops;
26292+ const struct e1000_nvm_operations *nvm_ops;
26293 };
26294
26295 /* hardware capability, feature, and workaround flags */
26296diff -urNp linux-2.6.38.2/drivers/net/e1000e/es2lan.c linux-2.6.38.2/drivers/net/e1000e/es2lan.c
26297--- linux-2.6.38.2/drivers/net/e1000e/es2lan.c 2011-03-14 21:20:32.000000000 -0400
26298+++ linux-2.6.38.2/drivers/net/e1000e/es2lan.c 2011-03-21 18:31:35.000000000 -0400
26299@@ -205,7 +205,7 @@ static s32 e1000_init_mac_params_80003es
26300 {
26301 struct e1000_hw *hw = &adapter->hw;
26302 struct e1000_mac_info *mac = &hw->mac;
26303- struct e1000_mac_operations *func = &mac->ops;
26304+ struct e1000_mac_operations *func = &mac->ops; /* cannot be const */
26305
26306 /* Set media type */
26307 switch (adapter->pdev->device) {
26308@@ -1431,7 +1431,7 @@ static void e1000_clear_hw_cntrs_80003es
26309 er32(ICRXDMTC);
26310 }
26311
26312-static struct e1000_mac_operations es2_mac_ops = {
26313+static const struct e1000_mac_operations es2_mac_ops = {
26314 .read_mac_addr = e1000_read_mac_addr_80003es2lan,
26315 .id_led_init = e1000e_id_led_init,
26316 .check_mng_mode = e1000e_check_mng_mode_generic,
26317@@ -1453,7 +1453,7 @@ static struct e1000_mac_operations es2_m
26318 .setup_led = e1000e_setup_led_generic,
26319 };
26320
26321-static struct e1000_phy_operations es2_phy_ops = {
26322+static const struct e1000_phy_operations es2_phy_ops = {
26323 .acquire = e1000_acquire_phy_80003es2lan,
26324 .check_polarity = e1000_check_polarity_m88,
26325 .check_reset_block = e1000e_check_reset_block_generic,
26326@@ -1471,7 +1471,7 @@ static struct e1000_phy_operations es2_p
26327 .cfg_on_link_up = e1000_cfg_on_link_up_80003es2lan,
26328 };
26329
26330-static struct e1000_nvm_operations es2_nvm_ops = {
26331+static const struct e1000_nvm_operations es2_nvm_ops = {
26332 .acquire = e1000_acquire_nvm_80003es2lan,
26333 .read = e1000e_read_nvm_eerd,
26334 .release = e1000_release_nvm_80003es2lan,
26335diff -urNp linux-2.6.38.2/drivers/net/e1000e/hw.h linux-2.6.38.2/drivers/net/e1000e/hw.h
26336--- linux-2.6.38.2/drivers/net/e1000e/hw.h 2011-03-14 21:20:32.000000000 -0400
26337+++ linux-2.6.38.2/drivers/net/e1000e/hw.h 2011-03-21 18:31:35.000000000 -0400
26338@@ -801,16 +801,17 @@ struct e1000_phy_operations {
26339
26340 /* Function pointers for the NVM. */
26341 struct e1000_nvm_operations {
26342- s32 (*acquire)(struct e1000_hw *);
26343- s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
26344- void (*release)(struct e1000_hw *);
26345- s32 (*update)(struct e1000_hw *);
26346- s32 (*valid_led_default)(struct e1000_hw *, u16 *);
26347- s32 (*validate)(struct e1000_hw *);
26348- s32 (*write)(struct e1000_hw *, u16, u16, u16 *);
26349+ s32 (* acquire)(struct e1000_hw *); /* cannot be const, see drivers/net/e1000e/82571.c e1000_init_nvm_params_82571() */
26350+ s32 (* const read)(struct e1000_hw *, u16, u16, u16 *);
26351+ void (* release)(struct e1000_hw *); /* cannot be const, see drivers/net/e1000e/82571.c e1000_init_nvm_params_82571() */
26352+ s32 (* const update)(struct e1000_hw *);
26353+ s32 (* const valid_led_default)(struct e1000_hw *, u16 *);
26354+ s32 (* const validate)(struct e1000_hw *);
26355+ s32 (* const write)(struct e1000_hw *, u16, u16, u16 *);
26356 };
26357
26358 struct e1000_mac_info {
26359+ /* cannot be const see e1000_init_mac_params_ich8lan */
26360 struct e1000_mac_operations ops;
26361
26362 u8 addr[6];
26363@@ -853,6 +854,7 @@ struct e1000_mac_info {
26364 };
26365
26366 struct e1000_phy_info {
26367+ /* Cannot be const see e1000_init_phy_params_82571() */
26368 struct e1000_phy_operations ops;
26369
26370 enum e1000_phy_type type;
26371@@ -887,6 +889,7 @@ struct e1000_phy_info {
26372 };
26373
26374 struct e1000_nvm_info {
26375+ /* cannot be const */
26376 struct e1000_nvm_operations ops;
26377
26378 enum e1000_nvm_type type;
26379diff -urNp linux-2.6.38.2/drivers/net/e1000e/ich8lan.c linux-2.6.38.2/drivers/net/e1000e/ich8lan.c
26380--- linux-2.6.38.2/drivers/net/e1000e/ich8lan.c 2011-03-14 21:20:32.000000000 -0400
26381+++ linux-2.6.38.2/drivers/net/e1000e/ich8lan.c 2011-03-21 18:31:35.000000000 -0400
26382@@ -3840,7 +3840,7 @@ static void e1000_clear_hw_cntrs_ich8lan
26383 }
26384 }
26385
26386-static struct e1000_mac_operations ich8_mac_ops = {
26387+static const struct e1000_mac_operations ich8_mac_ops = {
26388 .id_led_init = e1000e_id_led_init,
26389 /* check_mng_mode dependent on mac type */
26390 .check_for_link = e1000_check_for_copper_link_ich8lan,
26391@@ -3859,7 +3859,7 @@ static struct e1000_mac_operations ich8_
26392 /* id_led_init dependent on mac type */
26393 };
26394
26395-static struct e1000_phy_operations ich8_phy_ops = {
26396+static const struct e1000_phy_operations ich8_phy_ops = {
26397 .acquire = e1000_acquire_swflag_ich8lan,
26398 .check_reset_block = e1000_check_reset_block_ich8lan,
26399 .commit = NULL,
26400@@ -3873,7 +3873,7 @@ static struct e1000_phy_operations ich8_
26401 .write_reg = e1000e_write_phy_reg_igp,
26402 };
26403
26404-static struct e1000_nvm_operations ich8_nvm_ops = {
26405+static const struct e1000_nvm_operations ich8_nvm_ops = {
26406 .acquire = e1000_acquire_nvm_ich8lan,
26407 .read = e1000_read_nvm_ich8lan,
26408 .release = e1000_release_nvm_ich8lan,
26409diff -urNp linux-2.6.38.2/drivers/net/igb/e1000_82575.c linux-2.6.38.2/drivers/net/igb/e1000_82575.c
26410--- linux-2.6.38.2/drivers/net/igb/e1000_82575.c 2011-03-14 21:20:32.000000000 -0400
26411+++ linux-2.6.38.2/drivers/net/igb/e1000_82575.c 2011-03-21 18:31:35.000000000 -0400
26412@@ -1747,7 +1747,7 @@ u16 igb_rxpbs_adjust_82580(u32 data)
26413 return ret_val;
26414 }
26415
26416-static struct e1000_mac_operations e1000_mac_ops_82575 = {
26417+static const struct e1000_mac_operations e1000_mac_ops_82575 = {
26418 .init_hw = igb_init_hw_82575,
26419 .check_for_link = igb_check_for_link_82575,
26420 .rar_set = igb_rar_set,
26421@@ -1755,13 +1755,13 @@ static struct e1000_mac_operations e1000
26422 .get_speed_and_duplex = igb_get_speed_and_duplex_copper,
26423 };
26424
26425-static struct e1000_phy_operations e1000_phy_ops_82575 = {
26426+static const struct e1000_phy_operations e1000_phy_ops_82575 = {
26427 .acquire = igb_acquire_phy_82575,
26428 .get_cfg_done = igb_get_cfg_done_82575,
26429 .release = igb_release_phy_82575,
26430 };
26431
26432-static struct e1000_nvm_operations e1000_nvm_ops_82575 = {
26433+static const struct e1000_nvm_operations e1000_nvm_ops_82575 = {
26434 .acquire = igb_acquire_nvm_82575,
26435 .read = igb_read_nvm_eerd,
26436 .release = igb_release_nvm_82575,
26437diff -urNp linux-2.6.38.2/drivers/net/igb/e1000_hw.h linux-2.6.38.2/drivers/net/igb/e1000_hw.h
26438--- linux-2.6.38.2/drivers/net/igb/e1000_hw.h 2011-03-14 21:20:32.000000000 -0400
26439+++ linux-2.6.38.2/drivers/net/igb/e1000_hw.h 2011-03-21 18:31:35.000000000 -0400
26440@@ -327,22 +327,23 @@ struct e1000_phy_operations {
26441 };
26442
26443 struct e1000_nvm_operations {
26444- s32 (*acquire)(struct e1000_hw *);
26445- s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
26446- void (*release)(struct e1000_hw *);
26447- s32 (*write)(struct e1000_hw *, u16, u16, u16 *);
26448+ s32 (* const acquire)(struct e1000_hw *);
26449+ s32 (* const read)(struct e1000_hw *, u16, u16, u16 *);
26450+ void (* const release)(struct e1000_hw *);
26451+ s32 (* const write)(struct e1000_hw *, u16, u16, u16 *);
26452 };
26453
26454 struct e1000_info {
26455 s32 (*get_invariants)(struct e1000_hw *);
26456- struct e1000_mac_operations *mac_ops;
26457- struct e1000_phy_operations *phy_ops;
26458- struct e1000_nvm_operations *nvm_ops;
26459+ const struct e1000_mac_operations *mac_ops;
26460+ const struct e1000_phy_operations *phy_ops;
26461+ const struct e1000_nvm_operations *nvm_ops;
26462 };
26463
26464 extern const struct e1000_info e1000_82575_info;
26465
26466 struct e1000_mac_info {
26467+ /* cannot be const see igb_get_invariants_82575() */
26468 struct e1000_mac_operations ops;
26469
26470 u8 addr[6];
26471@@ -381,6 +382,7 @@ struct e1000_mac_info {
26472 };
26473
26474 struct e1000_phy_info {
26475+ /* cannot be const see igb_get_invariants_82575() */
26476 struct e1000_phy_operations ops;
26477
26478 enum e1000_phy_type type;
26479@@ -416,6 +418,7 @@ struct e1000_phy_info {
26480 };
26481
26482 struct e1000_nvm_info {
26483+ /* cannot be const */
26484 struct e1000_nvm_operations ops;
26485
26486 enum e1000_nvm_type type;
26487diff -urNp linux-2.6.38.2/drivers/net/igbvf/vf.h linux-2.6.38.2/drivers/net/igbvf/vf.h
26488--- linux-2.6.38.2/drivers/net/igbvf/vf.h 2011-03-14 21:20:32.000000000 -0400
26489+++ linux-2.6.38.2/drivers/net/igbvf/vf.h 2011-03-21 18:31:35.000000000 -0400
26490@@ -191,6 +191,7 @@ struct e1000_mac_operations {
26491 };
26492
26493 struct e1000_mac_info {
26494+ /* cannot be const see e1000_init_mac_params_vf() */
26495 struct e1000_mac_operations ops;
26496 u8 addr[6];
26497 u8 perm_addr[6];
26498diff -urNp linux-2.6.38.2/drivers/net/irda/vlsi_ir.c linux-2.6.38.2/drivers/net/irda/vlsi_ir.c
26499--- linux-2.6.38.2/drivers/net/irda/vlsi_ir.c 2011-03-14 21:20:32.000000000 -0400
26500+++ linux-2.6.38.2/drivers/net/irda/vlsi_ir.c 2011-03-21 18:31:35.000000000 -0400
26501@@ -907,13 +907,12 @@ static netdev_tx_t vlsi_hard_start_xmit(
26502 /* no race - tx-ring already empty */
26503 vlsi_set_baud(idev, iobase);
26504 netif_wake_queue(ndev);
26505- }
26506- else
26507- ;
26508+ } else {
26509 /* keep the speed change pending like it would
26510 * for any len>0 packet. tx completion interrupt
26511 * will apply it when the tx ring becomes empty.
26512 */
26513+ }
26514 spin_unlock_irqrestore(&idev->lock, flags);
26515 dev_kfree_skb_any(skb);
26516 return NETDEV_TX_OK;
26517diff -urNp linux-2.6.38.2/drivers/net/pcnet32.c linux-2.6.38.2/drivers/net/pcnet32.c
26518--- linux-2.6.38.2/drivers/net/pcnet32.c 2011-03-14 21:20:32.000000000 -0400
26519+++ linux-2.6.38.2/drivers/net/pcnet32.c 2011-03-21 18:31:35.000000000 -0400
26520@@ -82,7 +82,7 @@ static int cards_found;
26521 /*
26522 * VLB I/O addresses
26523 */
26524-static unsigned int pcnet32_portlist[] __initdata =
26525+static unsigned int pcnet32_portlist[] __devinitdata =
26526 { 0x300, 0x320, 0x340, 0x360, 0 };
26527
26528 static int pcnet32_debug;
26529diff -urNp linux-2.6.38.2/drivers/net/ppp_generic.c linux-2.6.38.2/drivers/net/ppp_generic.c
26530--- linux-2.6.38.2/drivers/net/ppp_generic.c 2011-03-14 21:20:32.000000000 -0400
26531+++ linux-2.6.38.2/drivers/net/ppp_generic.c 2011-03-21 18:31:35.000000000 -0400
26532@@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, st
26533 void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
26534 struct ppp_stats stats;
26535 struct ppp_comp_stats cstats;
26536- char *vers;
26537
26538 switch (cmd) {
26539 case SIOCGPPPSTATS:
26540@@ -1008,8 +1007,7 @@ ppp_net_ioctl(struct net_device *dev, st
26541 break;
26542
26543 case SIOCGPPPVER:
26544- vers = PPP_VERSION;
26545- if (copy_to_user(addr, vers, strlen(vers) + 1))
26546+ if (copy_to_user(addr, PPP_VERSION, sizeof(PPP_VERSION)))
26547 break;
26548 err = 0;
26549 break;
26550diff -urNp linux-2.6.38.2/drivers/net/tg3.h linux-2.6.38.2/drivers/net/tg3.h
26551--- linux-2.6.38.2/drivers/net/tg3.h 2011-03-14 21:20:32.000000000 -0400
26552+++ linux-2.6.38.2/drivers/net/tg3.h 2011-03-21 18:31:35.000000000 -0400
26553@@ -131,6 +131,7 @@
26554 #define CHIPREV_ID_5750_A0 0x4000
26555 #define CHIPREV_ID_5750_A1 0x4001
26556 #define CHIPREV_ID_5750_A3 0x4003
26557+#define CHIPREV_ID_5750_C1 0x4201
26558 #define CHIPREV_ID_5750_C2 0x4202
26559 #define CHIPREV_ID_5752_A0_HW 0x5000
26560 #define CHIPREV_ID_5752_A0 0x6000
26561diff -urNp linux-2.6.38.2/drivers/net/tulip/de4x5.c linux-2.6.38.2/drivers/net/tulip/de4x5.c
26562--- linux-2.6.38.2/drivers/net/tulip/de4x5.c 2011-03-14 21:20:32.000000000 -0400
26563+++ linux-2.6.38.2/drivers/net/tulip/de4x5.c 2011-03-21 18:31:35.000000000 -0400
26564@@ -5401,7 +5401,7 @@ de4x5_ioctl(struct net_device *dev, stru
26565 for (i=0; i<ETH_ALEN; i++) {
26566 tmp.addr[i] = dev->dev_addr[i];
26567 }
26568- if (copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT;
26569+ if (ioc->len > sizeof tmp.addr || copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT;
26570 break;
26571
26572 case DE4X5_SET_HWADDR: /* Set the hardware address */
26573@@ -5441,7 +5441,7 @@ de4x5_ioctl(struct net_device *dev, stru
26574 spin_lock_irqsave(&lp->lock, flags);
26575 memcpy(&statbuf, &lp->pktStats, ioc->len);
26576 spin_unlock_irqrestore(&lp->lock, flags);
26577- if (copy_to_user(ioc->data, &statbuf, ioc->len))
26578+ if (ioc->len > sizeof statbuf || copy_to_user(ioc->data, &statbuf, ioc->len))
26579 return -EFAULT;
26580 break;
26581 }
26582diff -urNp linux-2.6.38.2/drivers/net/usb/hso.c linux-2.6.38.2/drivers/net/usb/hso.c
26583--- linux-2.6.38.2/drivers/net/usb/hso.c 2011-03-14 21:20:32.000000000 -0400
26584+++ linux-2.6.38.2/drivers/net/usb/hso.c 2011-03-21 18:31:35.000000000 -0400
26585@@ -71,7 +71,7 @@
26586 #include <asm/byteorder.h>
26587 #include <linux/serial_core.h>
26588 #include <linux/serial.h>
26589-
26590+#include <asm/local.h>
26591
26592 #define MOD_AUTHOR "Option Wireless"
26593 #define MOD_DESCRIPTION "USB High Speed Option driver"
26594@@ -257,7 +257,7 @@ struct hso_serial {
26595
26596 /* from usb_serial_port */
26597 struct tty_struct *tty;
26598- int open_count;
26599+ local_t open_count;
26600 spinlock_t serial_lock;
26601
26602 int (*write_data) (struct hso_serial *serial);
26603@@ -1190,7 +1190,7 @@ static void put_rxbuf_data_and_resubmit_
26604 struct urb *urb;
26605
26606 urb = serial->rx_urb[0];
26607- if (serial->open_count > 0) {
26608+ if (local_read(&serial->open_count) > 0) {
26609 count = put_rxbuf_data(urb, serial);
26610 if (count == -1)
26611 return;
26612@@ -1226,7 +1226,7 @@ static void hso_std_serial_read_bulk_cal
26613 DUMP1(urb->transfer_buffer, urb->actual_length);
26614
26615 /* Anyone listening? */
26616- if (serial->open_count == 0)
26617+ if (local_read(&serial->open_count) == 0)
26618 return;
26619
26620 if (status == 0) {
26621@@ -1311,8 +1311,7 @@ static int hso_serial_open(struct tty_st
26622 spin_unlock_irq(&serial->serial_lock);
26623
26624 /* check for port already opened, if not set the termios */
26625- serial->open_count++;
26626- if (serial->open_count == 1) {
26627+ if (local_inc_return(&serial->open_count) == 1) {
26628 serial->rx_state = RX_IDLE;
26629 /* Force default termio settings */
26630 _hso_serial_set_termios(tty, NULL);
26631@@ -1324,7 +1323,7 @@ static int hso_serial_open(struct tty_st
26632 result = hso_start_serial_device(serial->parent, GFP_KERNEL);
26633 if (result) {
26634 hso_stop_serial_device(serial->parent);
26635- serial->open_count--;
26636+ local_dec(&serial->open_count);
26637 kref_put(&serial->parent->ref, hso_serial_ref_free);
26638 }
26639 } else {
26640@@ -1361,10 +1360,10 @@ static void hso_serial_close(struct tty_
26641
26642 /* reset the rts and dtr */
26643 /* do the actual close */
26644- serial->open_count--;
26645+ local_dec(&serial->open_count);
26646
26647- if (serial->open_count <= 0) {
26648- serial->open_count = 0;
26649+ if (local_read(&serial->open_count) <= 0) {
26650+ local_set(&serial->open_count, 0);
26651 spin_lock_irq(&serial->serial_lock);
26652 if (serial->tty == tty) {
26653 serial->tty->driver_data = NULL;
26654@@ -1446,7 +1445,7 @@ static void hso_serial_set_termios(struc
26655
26656 /* the actual setup */
26657 spin_lock_irqsave(&serial->serial_lock, flags);
26658- if (serial->open_count)
26659+ if (local_read(&serial->open_count))
26660 _hso_serial_set_termios(tty, old);
26661 else
26662 tty->termios = old;
26663@@ -1905,7 +1904,7 @@ static void intr_callback(struct urb *ur
26664 D1("Pending read interrupt on port %d\n", i);
26665 spin_lock(&serial->serial_lock);
26666 if (serial->rx_state == RX_IDLE &&
26667- serial->open_count > 0) {
26668+ local_read(&serial->open_count) > 0) {
26669 /* Setup and send a ctrl req read on
26670 * port i */
26671 if (!serial->rx_urb_filled[0]) {
26672@@ -3097,7 +3096,7 @@ static int hso_resume(struct usb_interfa
26673 /* Start all serial ports */
26674 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
26675 if (serial_table[i] && (serial_table[i]->interface == iface)) {
26676- if (dev2ser(serial_table[i])->open_count) {
26677+ if (local_read(&dev2ser(serial_table[i])->open_count)) {
26678 result =
26679 hso_start_serial_device(serial_table[i], GFP_NOIO);
26680 hso_kick_transmit(dev2ser(serial_table[i]));
26681diff -urNp linux-2.6.38.2/drivers/net/wireless/b43/debugfs.c linux-2.6.38.2/drivers/net/wireless/b43/debugfs.c
26682--- linux-2.6.38.2/drivers/net/wireless/b43/debugfs.c 2011-03-14 21:20:32.000000000 -0400
26683+++ linux-2.6.38.2/drivers/net/wireless/b43/debugfs.c 2011-03-21 18:31:35.000000000 -0400
26684@@ -43,7 +43,7 @@ static struct dentry *rootdir;
26685 struct b43_debugfs_fops {
26686 ssize_t (*read)(struct b43_wldev *dev, char *buf, size_t bufsize);
26687 int (*write)(struct b43_wldev *dev, const char *buf, size_t count);
26688- struct file_operations fops;
26689+ const struct file_operations fops;
26690 /* Offset of struct b43_dfs_file in struct b43_dfsentry */
26691 size_t file_struct_offset;
26692 };
26693diff -urNp linux-2.6.38.2/drivers/net/wireless/b43legacy/debugfs.c linux-2.6.38.2/drivers/net/wireless/b43legacy/debugfs.c
26694--- linux-2.6.38.2/drivers/net/wireless/b43legacy/debugfs.c 2011-03-14 21:20:32.000000000 -0400
26695+++ linux-2.6.38.2/drivers/net/wireless/b43legacy/debugfs.c 2011-03-21 18:31:35.000000000 -0400
26696@@ -44,7 +44,7 @@ static struct dentry *rootdir;
26697 struct b43legacy_debugfs_fops {
26698 ssize_t (*read)(struct b43legacy_wldev *dev, char *buf, size_t bufsize);
26699 int (*write)(struct b43legacy_wldev *dev, const char *buf, size_t count);
26700- struct file_operations fops;
26701+ const struct file_operations fops;
26702 /* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */
26703 size_t file_struct_offset;
26704 /* Take wl->irq_lock before calling read/write? */
26705diff -urNp linux-2.6.38.2/drivers/net/wireless/iwlwifi/iwl-debug.h linux-2.6.38.2/drivers/net/wireless/iwlwifi/iwl-debug.h
26706--- linux-2.6.38.2/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-03-14 21:20:32.000000000 -0400
26707+++ linux-2.6.38.2/drivers/net/wireless/iwlwifi/iwl-debug.h 2011-03-21 18:31:35.000000000 -0400
26708@@ -68,8 +68,8 @@ do {
26709 } while (0)
26710
26711 #else
26712-#define IWL_DEBUG(__priv, level, fmt, args...)
26713-#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...)
26714+#define IWL_DEBUG(__priv, level, fmt, args...) do {} while (0)
26715+#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...) do {} while (0)
26716 static inline void iwl_print_hex_dump(struct iwl_priv *priv, int level,
26717 const void *p, u32 len)
26718 {}
26719diff -urNp linux-2.6.38.2/drivers/net/wireless/libertas/debugfs.c linux-2.6.38.2/drivers/net/wireless/libertas/debugfs.c
26720--- linux-2.6.38.2/drivers/net/wireless/libertas/debugfs.c 2011-03-14 21:20:32.000000000 -0400
26721+++ linux-2.6.38.2/drivers/net/wireless/libertas/debugfs.c 2011-03-21 18:31:35.000000000 -0400
26722@@ -702,7 +702,7 @@ out_unlock:
26723 struct lbs_debugfs_files {
26724 const char *name;
26725 int perm;
26726- struct file_operations fops;
26727+ const struct file_operations fops;
26728 };
26729
26730 static const struct lbs_debugfs_files debugfs_files[] = {
26731diff -urNp linux-2.6.38.2/drivers/net/wireless/rndis_wlan.c linux-2.6.38.2/drivers/net/wireless/rndis_wlan.c
26732--- linux-2.6.38.2/drivers/net/wireless/rndis_wlan.c 2011-03-14 21:20:32.000000000 -0400
26733+++ linux-2.6.38.2/drivers/net/wireless/rndis_wlan.c 2011-03-21 18:31:35.000000000 -0400
26734@@ -1277,7 +1277,7 @@ static int set_rts_threshold(struct usbn
26735
26736 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
26737
26738- if (rts_threshold < 0 || rts_threshold > 2347)
26739+ if (rts_threshold > 2347)
26740 rts_threshold = 2347;
26741
26742 tmp = cpu_to_le32(rts_threshold);
26743diff -urNp linux-2.6.38.2/drivers/oprofile/buffer_sync.c linux-2.6.38.2/drivers/oprofile/buffer_sync.c
26744--- linux-2.6.38.2/drivers/oprofile/buffer_sync.c 2011-03-14 21:20:32.000000000 -0400
26745+++ linux-2.6.38.2/drivers/oprofile/buffer_sync.c 2011-03-21 18:31:35.000000000 -0400
26746@@ -342,7 +342,7 @@ static void add_data(struct op_entry *en
26747 if (cookie == NO_COOKIE)
26748 offset = pc;
26749 if (cookie == INVALID_COOKIE) {
26750- atomic_inc(&oprofile_stats.sample_lost_no_mapping);
26751+ atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
26752 offset = pc;
26753 }
26754 if (cookie != last_cookie) {
26755@@ -386,14 +386,14 @@ add_sample(struct mm_struct *mm, struct
26756 /* add userspace sample */
26757
26758 if (!mm) {
26759- atomic_inc(&oprofile_stats.sample_lost_no_mm);
26760+ atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm);
26761 return 0;
26762 }
26763
26764 cookie = lookup_dcookie(mm, s->eip, &offset);
26765
26766 if (cookie == INVALID_COOKIE) {
26767- atomic_inc(&oprofile_stats.sample_lost_no_mapping);
26768+ atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
26769 return 0;
26770 }
26771
26772@@ -562,7 +562,7 @@ void sync_buffer(int cpu)
26773 /* ignore backtraces if failed to add a sample */
26774 if (state == sb_bt_start) {
26775 state = sb_bt_ignore;
26776- atomic_inc(&oprofile_stats.bt_lost_no_mapping);
26777+ atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping);
26778 }
26779 }
26780 release_mm(mm);
26781diff -urNp linux-2.6.38.2/drivers/oprofile/event_buffer.c linux-2.6.38.2/drivers/oprofile/event_buffer.c
26782--- linux-2.6.38.2/drivers/oprofile/event_buffer.c 2011-03-14 21:20:32.000000000 -0400
26783+++ linux-2.6.38.2/drivers/oprofile/event_buffer.c 2011-03-21 18:31:35.000000000 -0400
26784@@ -53,7 +53,7 @@ void add_event_entry(unsigned long value
26785 }
26786
26787 if (buffer_pos == buffer_size) {
26788- atomic_inc(&oprofile_stats.event_lost_overflow);
26789+ atomic_inc_unchecked(&oprofile_stats.event_lost_overflow);
26790 return;
26791 }
26792
26793diff -urNp linux-2.6.38.2/drivers/oprofile/oprof.c linux-2.6.38.2/drivers/oprofile/oprof.c
26794--- linux-2.6.38.2/drivers/oprofile/oprof.c 2011-03-14 21:20:32.000000000 -0400
26795+++ linux-2.6.38.2/drivers/oprofile/oprof.c 2011-03-21 18:31:35.000000000 -0400
26796@@ -110,7 +110,7 @@ static void switch_worker(struct work_st
26797 if (oprofile_ops.switch_events())
26798 return;
26799
26800- atomic_inc(&oprofile_stats.multiplex_counter);
26801+ atomic_inc_unchecked(&oprofile_stats.multiplex_counter);
26802 start_switch_worker();
26803 }
26804
26805diff -urNp linux-2.6.38.2/drivers/oprofile/oprofilefs.c linux-2.6.38.2/drivers/oprofile/oprofilefs.c
26806--- linux-2.6.38.2/drivers/oprofile/oprofilefs.c 2011-03-14 21:20:32.000000000 -0400
26807+++ linux-2.6.38.2/drivers/oprofile/oprofilefs.c 2011-03-21 18:31:35.000000000 -0400
26808@@ -186,7 +186,7 @@ static const struct file_operations atom
26809
26810
26811 int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
26812- char const *name, atomic_t *val)
26813+ char const *name, atomic_unchecked_t *val)
26814 {
26815 return __oprofilefs_create_file(sb, root, name,
26816 &atomic_ro_fops, 0444, val);
26817diff -urNp linux-2.6.38.2/drivers/oprofile/oprofile_stats.c linux-2.6.38.2/drivers/oprofile/oprofile_stats.c
26818--- linux-2.6.38.2/drivers/oprofile/oprofile_stats.c 2011-03-14 21:20:32.000000000 -0400
26819+++ linux-2.6.38.2/drivers/oprofile/oprofile_stats.c 2011-03-21 18:31:35.000000000 -0400
26820@@ -30,11 +30,11 @@ void oprofile_reset_stats(void)
26821 cpu_buf->sample_invalid_eip = 0;
26822 }
26823
26824- atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
26825- atomic_set(&oprofile_stats.sample_lost_no_mapping, 0);
26826- atomic_set(&oprofile_stats.event_lost_overflow, 0);
26827- atomic_set(&oprofile_stats.bt_lost_no_mapping, 0);
26828- atomic_set(&oprofile_stats.multiplex_counter, 0);
26829+ atomic_set_unchecked(&oprofile_stats.sample_lost_no_mm, 0);
26830+ atomic_set_unchecked(&oprofile_stats.sample_lost_no_mapping, 0);
26831+ atomic_set_unchecked(&oprofile_stats.event_lost_overflow, 0);
26832+ atomic_set_unchecked(&oprofile_stats.bt_lost_no_mapping, 0);
26833+ atomic_set_unchecked(&oprofile_stats.multiplex_counter, 0);
26834 }
26835
26836
26837diff -urNp linux-2.6.38.2/drivers/oprofile/oprofile_stats.h linux-2.6.38.2/drivers/oprofile/oprofile_stats.h
26838--- linux-2.6.38.2/drivers/oprofile/oprofile_stats.h 2011-03-14 21:20:32.000000000 -0400
26839+++ linux-2.6.38.2/drivers/oprofile/oprofile_stats.h 2011-03-21 18:31:35.000000000 -0400
26840@@ -13,11 +13,11 @@
26841 #include <asm/atomic.h>
26842
26843 struct oprofile_stat_struct {
26844- atomic_t sample_lost_no_mm;
26845- atomic_t sample_lost_no_mapping;
26846- atomic_t bt_lost_no_mapping;
26847- atomic_t event_lost_overflow;
26848- atomic_t multiplex_counter;
26849+ atomic_unchecked_t sample_lost_no_mm;
26850+ atomic_unchecked_t sample_lost_no_mapping;
26851+ atomic_unchecked_t bt_lost_no_mapping;
26852+ atomic_unchecked_t event_lost_overflow;
26853+ atomic_unchecked_t multiplex_counter;
26854 };
26855
26856 extern struct oprofile_stat_struct oprofile_stats;
26857diff -urNp linux-2.6.38.2/drivers/parport/procfs.c linux-2.6.38.2/drivers/parport/procfs.c
26858--- linux-2.6.38.2/drivers/parport/procfs.c 2011-03-14 21:20:32.000000000 -0400
26859+++ linux-2.6.38.2/drivers/parport/procfs.c 2011-03-21 18:31:35.000000000 -0400
26860@@ -64,7 +64,7 @@ static int do_active_device(ctl_table *t
26861
26862 *ppos += len;
26863
26864- return copy_to_user(result, buffer, len) ? -EFAULT : 0;
26865+ return (len > sizeof buffer || copy_to_user(result, buffer, len)) ? -EFAULT : 0;
26866 }
26867
26868 #ifdef CONFIG_PARPORT_1284
26869@@ -106,7 +106,7 @@ static int do_autoprobe(ctl_table *table
26870
26871 *ppos += len;
26872
26873- return copy_to_user (result, buffer, len) ? -EFAULT : 0;
26874+ return (len > sizeof buffer || copy_to_user (result, buffer, len)) ? -EFAULT : 0;
26875 }
26876 #endif /* IEEE1284.3 support. */
26877
26878diff -urNp linux-2.6.38.2/drivers/pci/hotplug/acpiphp_glue.c linux-2.6.38.2/drivers/pci/hotplug/acpiphp_glue.c
26879--- linux-2.6.38.2/drivers/pci/hotplug/acpiphp_glue.c 2011-03-28 17:42:40.000000000 -0400
26880+++ linux-2.6.38.2/drivers/pci/hotplug/acpiphp_glue.c 2011-03-28 17:42:53.000000000 -0400
26881@@ -110,7 +110,7 @@ static int post_dock_fixups(struct notif
26882 }
26883
26884
26885-static struct acpi_dock_ops acpiphp_dock_ops = {
26886+static const struct acpi_dock_ops acpiphp_dock_ops = {
26887 .handler = handle_hotplug_event_func,
26888 };
26889
26890diff -urNp linux-2.6.38.2/drivers/pci/hotplug/cpqphp_nvram.c linux-2.6.38.2/drivers/pci/hotplug/cpqphp_nvram.c
26891--- linux-2.6.38.2/drivers/pci/hotplug/cpqphp_nvram.c 2011-03-14 21:20:32.000000000 -0400
26892+++ linux-2.6.38.2/drivers/pci/hotplug/cpqphp_nvram.c 2011-03-21 18:31:35.000000000 -0400
26893@@ -428,9 +428,13 @@ static u32 store_HRT (void __iomem *rom_
26894
26895 void compaq_nvram_init (void __iomem *rom_start)
26896 {
26897+
26898+#ifndef CONFIG_PAX_KERNEXEC
26899 if (rom_start) {
26900 compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
26901 }
26902+#endif
26903+
26904 dbg("int15 entry = %p\n", compaq_int15_entry_point);
26905
26906 /* initialize our int15 lock */
26907diff -urNp linux-2.6.38.2/drivers/pci/intel-iommu.c linux-2.6.38.2/drivers/pci/intel-iommu.c
26908--- linux-2.6.38.2/drivers/pci/intel-iommu.c 2011-03-14 21:20:32.000000000 -0400
26909+++ linux-2.6.38.2/drivers/pci/intel-iommu.c 2011-03-21 18:31:35.000000000 -0400
26910@@ -2934,7 +2934,7 @@ static int intel_mapping_error(struct de
26911 return !dma_addr;
26912 }
26913
26914-struct dma_map_ops intel_dma_ops = {
26915+const struct dma_map_ops intel_dma_ops = {
26916 .alloc_coherent = intel_alloc_coherent,
26917 .free_coherent = intel_free_coherent,
26918 .map_sg = intel_map_sg,
26919diff -urNp linux-2.6.38.2/drivers/pci/pcie/aspm.c linux-2.6.38.2/drivers/pci/pcie/aspm.c
26920--- linux-2.6.38.2/drivers/pci/pcie/aspm.c 2011-03-14 21:20:32.000000000 -0400
26921+++ linux-2.6.38.2/drivers/pci/pcie/aspm.c 2011-03-21 18:31:35.000000000 -0400
26922@@ -27,9 +27,9 @@
26923 #define MODULE_PARAM_PREFIX "pcie_aspm."
26924
26925 /* Note: those are not register definitions */
26926-#define ASPM_STATE_L0S_UP (1) /* Upstream direction L0s state */
26927-#define ASPM_STATE_L0S_DW (2) /* Downstream direction L0s state */
26928-#define ASPM_STATE_L1 (4) /* L1 state */
26929+#define ASPM_STATE_L0S_UP (1U) /* Upstream direction L0s state */
26930+#define ASPM_STATE_L0S_DW (2U) /* Downstream direction L0s state */
26931+#define ASPM_STATE_L1 (4U) /* L1 state */
26932 #define ASPM_STATE_L0S (ASPM_STATE_L0S_UP | ASPM_STATE_L0S_DW)
26933 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
26934
26935diff -urNp linux-2.6.38.2/drivers/pci/pcie/portdrv_pci.c linux-2.6.38.2/drivers/pci/pcie/portdrv_pci.c
26936--- linux-2.6.38.2/drivers/pci/pcie/portdrv_pci.c 2011-03-14 21:20:32.000000000 -0400
26937+++ linux-2.6.38.2/drivers/pci/pcie/portdrv_pci.c 2011-03-21 18:31:35.000000000 -0400
26938@@ -307,7 +307,7 @@ static void pcie_portdrv_err_resume(stru
26939 static const struct pci_device_id port_pci_ids[] = { {
26940 /* handle any PCI-Express port */
26941 PCI_DEVICE_CLASS(((PCI_CLASS_BRIDGE_PCI << 8) | 0x00), ~0),
26942- }, { /* end: all zeroes */ }
26943+ }, { 0, 0, 0, 0, 0, 0, 0 }
26944 };
26945 MODULE_DEVICE_TABLE(pci, port_pci_ids);
26946
26947diff -urNp linux-2.6.38.2/drivers/pci/probe.c linux-2.6.38.2/drivers/pci/probe.c
26948--- linux-2.6.38.2/drivers/pci/probe.c 2011-03-14 21:20:32.000000000 -0400
26949+++ linux-2.6.38.2/drivers/pci/probe.c 2011-03-21 18:31:35.000000000 -0400
26950@@ -62,14 +62,14 @@ static ssize_t pci_bus_show_cpuaffinity(
26951 return ret;
26952 }
26953
26954-static ssize_t inline pci_bus_show_cpumaskaffinity(struct device *dev,
26955+static inline ssize_t pci_bus_show_cpumaskaffinity(struct device *dev,
26956 struct device_attribute *attr,
26957 char *buf)
26958 {
26959 return pci_bus_show_cpuaffinity(dev, 0, attr, buf);
26960 }
26961
26962-static ssize_t inline pci_bus_show_cpulistaffinity(struct device *dev,
26963+static inline ssize_t pci_bus_show_cpulistaffinity(struct device *dev,
26964 struct device_attribute *attr,
26965 char *buf)
26966 {
26967@@ -165,7 +165,7 @@ int __pci_read_base(struct pci_dev *dev,
26968 u32 l, sz, mask;
26969 u16 orig_cmd;
26970
26971- mask = type ? PCI_ROM_ADDRESS_MASK : ~0;
26972+ mask = type ? (u32)PCI_ROM_ADDRESS_MASK : ~0;
26973
26974 if (!dev->mmio_always_on) {
26975 pci_read_config_word(dev, PCI_COMMAND, &orig_cmd);
26976diff -urNp linux-2.6.38.2/drivers/pci/proc.c linux-2.6.38.2/drivers/pci/proc.c
26977--- linux-2.6.38.2/drivers/pci/proc.c 2011-03-14 21:20:32.000000000 -0400
26978+++ linux-2.6.38.2/drivers/pci/proc.c 2011-03-21 18:31:35.000000000 -0400
26979@@ -476,7 +476,16 @@ static const struct file_operations proc
26980 static int __init pci_proc_init(void)
26981 {
26982 struct pci_dev *dev = NULL;
26983+
26984+#ifdef CONFIG_GRKERNSEC_PROC_ADD
26985+#ifdef CONFIG_GRKERNSEC_PROC_USER
26986+ proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
26987+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
26988+ proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
26989+#endif
26990+#else
26991 proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
26992+#endif
26993 proc_create("devices", 0, proc_bus_pci_dir,
26994 &proc_bus_pci_dev_operations);
26995 proc_initialized = 1;
26996diff -urNp linux-2.6.38.2/drivers/pcmcia/ti113x.h linux-2.6.38.2/drivers/pcmcia/ti113x.h
26997--- linux-2.6.38.2/drivers/pcmcia/ti113x.h 2011-03-14 21:20:32.000000000 -0400
26998+++ linux-2.6.38.2/drivers/pcmcia/ti113x.h 2011-03-21 18:31:35.000000000 -0400
26999@@ -936,7 +936,7 @@ static struct pci_device_id ene_tune_tbl
27000 DEVID(PCI_VENDOR_ID_MOTOROLA, 0x3410, 0xECC0, PCI_ANY_ID,
27001 ENE_TEST_C9_TLTENABLE | ENE_TEST_C9_PFENABLE, ENE_TEST_C9_TLTENABLE),
27002
27003- {}
27004+ { 0, 0, 0, 0, 0, 0, 0 }
27005 };
27006
27007 static void ene_tune_bridge(struct pcmcia_socket *sock, struct pci_bus *bus)
27008diff -urNp linux-2.6.38.2/drivers/pcmcia/yenta_socket.c linux-2.6.38.2/drivers/pcmcia/yenta_socket.c
27009--- linux-2.6.38.2/drivers/pcmcia/yenta_socket.c 2011-03-14 21:20:32.000000000 -0400
27010+++ linux-2.6.38.2/drivers/pcmcia/yenta_socket.c 2011-03-21 18:31:35.000000000 -0400
27011@@ -1426,7 +1426,7 @@ static struct pci_device_id yenta_table[
27012
27013 /* match any cardbus bridge */
27014 CB_ID(PCI_ANY_ID, PCI_ANY_ID, DEFAULT),
27015- { /* all zeroes */ }
27016+ { 0, 0, 0, 0, 0, 0, 0 }
27017 };
27018 MODULE_DEVICE_TABLE(pci, yenta_table);
27019
27020diff -urNp linux-2.6.38.2/drivers/platform/x86/asus-laptop.c linux-2.6.38.2/drivers/platform/x86/asus-laptop.c
27021--- linux-2.6.38.2/drivers/platform/x86/asus-laptop.c 2011-03-14 21:20:32.000000000 -0400
27022+++ linux-2.6.38.2/drivers/platform/x86/asus-laptop.c 2011-03-21 18:31:35.000000000 -0400
27023@@ -243,7 +243,6 @@ struct asus_laptop {
27024 struct asus_led gled;
27025 struct asus_led kled;
27026 struct workqueue_struct *led_workqueue;
27027-
27028 int wireless_status;
27029 bool have_rsts;
27030 int lcd_state;
27031diff -urNp linux-2.6.38.2/drivers/pnp/pnpbios/bioscalls.c linux-2.6.38.2/drivers/pnp/pnpbios/bioscalls.c
27032--- linux-2.6.38.2/drivers/pnp/pnpbios/bioscalls.c 2011-03-14 21:20:32.000000000 -0400
27033+++ linux-2.6.38.2/drivers/pnp/pnpbios/bioscalls.c 2011-03-21 18:31:35.000000000 -0400
27034@@ -59,7 +59,7 @@ do { \
27035 set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \
27036 } while(0)
27037
27038-static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
27039+static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
27040 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
27041
27042 /*
27043@@ -96,7 +96,10 @@ static inline u16 call_pnp_bios(u16 func
27044
27045 cpu = get_cpu();
27046 save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8];
27047+
27048+ pax_open_kernel();
27049 get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc;
27050+ pax_close_kernel();
27051
27052 /* On some boxes IRQ's during PnP BIOS calls are deadly. */
27053 spin_lock_irqsave(&pnp_bios_lock, flags);
27054@@ -134,7 +137,10 @@ static inline u16 call_pnp_bios(u16 func
27055 :"memory");
27056 spin_unlock_irqrestore(&pnp_bios_lock, flags);
27057
27058+ pax_open_kernel();
27059 get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40;
27060+ pax_close_kernel();
27061+
27062 put_cpu();
27063
27064 /* If we get here and this is set then the PnP BIOS faulted on us. */
27065@@ -468,7 +474,7 @@ int pnp_bios_read_escd(char *data, u32 n
27066 return status;
27067 }
27068
27069-void pnpbios_calls_init(union pnp_bios_install_struct *header)
27070+void __init pnpbios_calls_init(union pnp_bios_install_struct *header)
27071 {
27072 int i;
27073
27074@@ -476,6 +482,8 @@ void pnpbios_calls_init(union pnp_bios_i
27075 pnp_bios_callpoint.offset = header->fields.pm16offset;
27076 pnp_bios_callpoint.segment = PNP_CS16;
27077
27078+ pax_open_kernel();
27079+
27080 for_each_possible_cpu(i) {
27081 struct desc_struct *gdt = get_cpu_gdt_table(i);
27082 if (!gdt)
27083@@ -487,4 +495,6 @@ void pnpbios_calls_init(union pnp_bios_i
27084 set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS],
27085 (unsigned long)__va(header->fields.pm16dseg));
27086 }
27087+
27088+ pax_close_kernel();
27089 }
27090diff -urNp linux-2.6.38.2/drivers/pnp/quirks.c linux-2.6.38.2/drivers/pnp/quirks.c
27091--- linux-2.6.38.2/drivers/pnp/quirks.c 2011-03-14 21:20:32.000000000 -0400
27092+++ linux-2.6.38.2/drivers/pnp/quirks.c 2011-03-21 18:31:35.000000000 -0400
27093@@ -322,7 +322,7 @@ static struct pnp_fixup pnp_fixups[] = {
27094 /* PnP resources that might overlap PCI BARs */
27095 {"PNP0c01", quirk_system_pci_resources},
27096 {"PNP0c02", quirk_system_pci_resources},
27097- {""}
27098+ {"", NULL}
27099 };
27100
27101 void pnp_fixup_device(struct pnp_dev *dev)
27102diff -urNp linux-2.6.38.2/drivers/pnp/resource.c linux-2.6.38.2/drivers/pnp/resource.c
27103--- linux-2.6.38.2/drivers/pnp/resource.c 2011-03-14 21:20:32.000000000 -0400
27104+++ linux-2.6.38.2/drivers/pnp/resource.c 2011-03-21 18:31:35.000000000 -0400
27105@@ -360,7 +360,7 @@ int pnp_check_irq(struct pnp_dev *dev, s
27106 return 1;
27107
27108 /* check if the resource is valid */
27109- if (*irq < 0 || *irq > 15)
27110+ if (*irq > 15)
27111 return 0;
27112
27113 /* check if the resource is reserved */
27114@@ -424,7 +424,7 @@ int pnp_check_dma(struct pnp_dev *dev, s
27115 return 1;
27116
27117 /* check if the resource is valid */
27118- if (*dma < 0 || *dma == 4 || *dma > 7)
27119+ if (*dma == 4 || *dma > 7)
27120 return 0;
27121
27122 /* check if the resource is reserved */
27123diff -urNp linux-2.6.38.2/drivers/rtc/rtc-dev.c linux-2.6.38.2/drivers/rtc/rtc-dev.c
27124--- linux-2.6.38.2/drivers/rtc/rtc-dev.c 2011-03-14 21:20:32.000000000 -0400
27125+++ linux-2.6.38.2/drivers/rtc/rtc-dev.c 2011-03-21 18:31:35.000000000 -0400
27126@@ -14,6 +14,7 @@
27127 #include <linux/module.h>
27128 #include <linux/rtc.h>
27129 #include <linux/sched.h>
27130+#include <linux/grsecurity.h>
27131 #include "rtc-core.h"
27132
27133 static dev_t rtc_devt;
27134@@ -345,6 +346,8 @@ static long rtc_dev_ioctl(struct file *f
27135 if (copy_from_user(&tm, uarg, sizeof(tm)))
27136 return -EFAULT;
27137
27138+ gr_log_timechange();
27139+
27140 return rtc_set_time(rtc, &tm);
27141
27142 case RTC_PIE_ON:
27143diff -urNp linux-2.6.38.2/drivers/rtc/rtc-ds1511.c linux-2.6.38.2/drivers/rtc/rtc-ds1511.c
27144--- linux-2.6.38.2/drivers/rtc/rtc-ds1511.c 2011-03-14 21:20:32.000000000 -0400
27145+++ linux-2.6.38.2/drivers/rtc/rtc-ds1511.c 2011-03-21 18:31:35.000000000 -0400
27146@@ -485,7 +485,7 @@ ds1511_nvram_write(struct file *filp, st
27147 static struct bin_attribute ds1511_nvram_attr = {
27148 .attr = {
27149 .name = "nvram",
27150- .mode = S_IRUGO | S_IWUGO,
27151+ .mode = S_IRUGO | S_IWUSR,
27152 },
27153 .size = DS1511_RAM_MAX,
27154 .read = ds1511_nvram_read,
27155diff -urNp linux-2.6.38.2/drivers/s390/cio/qdio_debug.c linux-2.6.38.2/drivers/s390/cio/qdio_debug.c
27156--- linux-2.6.38.2/drivers/s390/cio/qdio_debug.c 2011-03-14 21:20:32.000000000 -0400
27157+++ linux-2.6.38.2/drivers/s390/cio/qdio_debug.c 2011-03-21 18:31:35.000000000 -0400
27158@@ -225,7 +225,7 @@ static int qperf_seq_open(struct inode *
27159 filp->f_path.dentry->d_inode->i_private);
27160 }
27161
27162-static struct file_operations debugfs_perf_fops = {
27163+static const struct file_operations debugfs_perf_fops = {
27164 .owner = THIS_MODULE,
27165 .open = qperf_seq_open,
27166 .read = seq_read,
27167diff -urNp linux-2.6.38.2/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6.38.2/drivers/scsi/aic94xx/aic94xx_init.c
27168--- linux-2.6.38.2/drivers/scsi/aic94xx/aic94xx_init.c 2011-03-14 21:20:32.000000000 -0400
27169+++ linux-2.6.38.2/drivers/scsi/aic94xx/aic94xx_init.c 2011-03-21 18:31:35.000000000 -0400
27170@@ -486,7 +486,7 @@ static ssize_t asd_show_update_bios(stru
27171 flash_error_table[i].reason);
27172 }
27173
27174-static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUGO,
27175+static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUSR,
27176 asd_show_update_bios, asd_store_update_bios);
27177
27178 static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha)
27179diff -urNp linux-2.6.38.2/drivers/scsi/hpsa.c linux-2.6.38.2/drivers/scsi/hpsa.c
27180--- linux-2.6.38.2/drivers/scsi/hpsa.c 2011-03-14 21:20:32.000000000 -0400
27181+++ linux-2.6.38.2/drivers/scsi/hpsa.c 2011-03-21 18:31:35.000000000 -0400
27182@@ -2281,6 +2281,8 @@ static int hpsa_ioctl32_passthru(struct
27183 int err;
27184 u32 cp;
27185
27186+ memset(&arg64, 0, sizeof(arg64));
27187+
27188 err = 0;
27189 err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
27190 sizeof(arg64.LUN_info));
27191diff -urNp linux-2.6.38.2/drivers/scsi/ipr.c linux-2.6.38.2/drivers/scsi/ipr.c
27192--- linux-2.6.38.2/drivers/scsi/ipr.c 2011-03-14 21:20:32.000000000 -0400
27193+++ linux-2.6.38.2/drivers/scsi/ipr.c 2011-03-21 18:31:35.000000000 -0400
27194@@ -6207,7 +6207,7 @@ static bool ipr_qc_fill_rtf(struct ata_q
27195 return true;
27196 }
27197
27198-static struct ata_port_operations ipr_sata_ops = {
27199+static const struct ata_port_operations ipr_sata_ops = {
27200 .phy_reset = ipr_ata_phy_reset,
27201 .hardreset = ipr_sata_reset,
27202 .post_internal_cmd = ipr_ata_post_internal,
27203diff -urNp linux-2.6.38.2/drivers/scsi/libfc/fc_exch.c linux-2.6.38.2/drivers/scsi/libfc/fc_exch.c
27204--- linux-2.6.38.2/drivers/scsi/libfc/fc_exch.c 2011-03-14 21:20:32.000000000 -0400
27205+++ linux-2.6.38.2/drivers/scsi/libfc/fc_exch.c 2011-03-21 18:31:35.000000000 -0400
27206@@ -105,12 +105,12 @@ struct fc_exch_mgr {
27207 * all together if not used XXX
27208 */
27209 struct {
27210- atomic_t no_free_exch;
27211- atomic_t no_free_exch_xid;
27212- atomic_t xid_not_found;
27213- atomic_t xid_busy;
27214- atomic_t seq_not_found;
27215- atomic_t non_bls_resp;
27216+ atomic_unchecked_t no_free_exch;
27217+ atomic_unchecked_t no_free_exch_xid;
27218+ atomic_unchecked_t xid_not_found;
27219+ atomic_unchecked_t xid_busy;
27220+ atomic_unchecked_t seq_not_found;
27221+ atomic_unchecked_t non_bls_resp;
27222 } stats;
27223 };
27224
27225@@ -687,7 +687,7 @@ static struct fc_exch *fc_exch_em_alloc(
27226 /* allocate memory for exchange */
27227 ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
27228 if (!ep) {
27229- atomic_inc(&mp->stats.no_free_exch);
27230+ atomic_inc_unchecked(&mp->stats.no_free_exch);
27231 goto out;
27232 }
27233 memset(ep, 0, sizeof(*ep));
27234@@ -748,7 +748,7 @@ out:
27235 return ep;
27236 err:
27237 spin_unlock_bh(&pool->lock);
27238- atomic_inc(&mp->stats.no_free_exch_xid);
27239+ atomic_inc_unchecked(&mp->stats.no_free_exch_xid);
27240 mempool_free(ep, mp->ep_pool);
27241 return NULL;
27242 }
27243@@ -893,7 +893,7 @@ static enum fc_pf_rjt_reason fc_seq_look
27244 xid = ntohs(fh->fh_ox_id); /* we originated exch */
27245 ep = fc_exch_find(mp, xid);
27246 if (!ep) {
27247- atomic_inc(&mp->stats.xid_not_found);
27248+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27249 reject = FC_RJT_OX_ID;
27250 goto out;
27251 }
27252@@ -923,7 +923,7 @@ static enum fc_pf_rjt_reason fc_seq_look
27253 ep = fc_exch_find(mp, xid);
27254 if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
27255 if (ep) {
27256- atomic_inc(&mp->stats.xid_busy);
27257+ atomic_inc_unchecked(&mp->stats.xid_busy);
27258 reject = FC_RJT_RX_ID;
27259 goto rel;
27260 }
27261@@ -934,7 +934,7 @@ static enum fc_pf_rjt_reason fc_seq_look
27262 }
27263 xid = ep->xid; /* get our XID */
27264 } else if (!ep) {
27265- atomic_inc(&mp->stats.xid_not_found);
27266+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27267 reject = FC_RJT_RX_ID; /* XID not found */
27268 goto out;
27269 }
27270@@ -951,7 +951,7 @@ static enum fc_pf_rjt_reason fc_seq_look
27271 } else {
27272 sp = &ep->seq;
27273 if (sp->id != fh->fh_seq_id) {
27274- atomic_inc(&mp->stats.seq_not_found);
27275+ atomic_inc_unchecked(&mp->stats.seq_not_found);
27276 reject = FC_RJT_SEQ_ID; /* sequence/exch should exist */
27277 goto rel;
27278 }
27279@@ -1368,22 +1368,22 @@ static void fc_exch_recv_seq_resp(struct
27280
27281 ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
27282 if (!ep) {
27283- atomic_inc(&mp->stats.xid_not_found);
27284+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27285 goto out;
27286 }
27287 if (ep->esb_stat & ESB_ST_COMPLETE) {
27288- atomic_inc(&mp->stats.xid_not_found);
27289+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27290 goto rel;
27291 }
27292 if (ep->rxid == FC_XID_UNKNOWN)
27293 ep->rxid = ntohs(fh->fh_rx_id);
27294 if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) {
27295- atomic_inc(&mp->stats.xid_not_found);
27296+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27297 goto rel;
27298 }
27299 if (ep->did != ntoh24(fh->fh_s_id) &&
27300 ep->did != FC_FID_FLOGI) {
27301- atomic_inc(&mp->stats.xid_not_found);
27302+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27303 goto rel;
27304 }
27305 sof = fr_sof(fp);
27306@@ -1392,7 +1392,7 @@ static void fc_exch_recv_seq_resp(struct
27307 sp->ssb_stat |= SSB_ST_RESP;
27308 sp->id = fh->fh_seq_id;
27309 } else if (sp->id != fh->fh_seq_id) {
27310- atomic_inc(&mp->stats.seq_not_found);
27311+ atomic_inc_unchecked(&mp->stats.seq_not_found);
27312 goto rel;
27313 }
27314
27315@@ -1455,9 +1455,9 @@ static void fc_exch_recv_resp(struct fc_
27316 sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
27317
27318 if (!sp)
27319- atomic_inc(&mp->stats.xid_not_found);
27320+ atomic_inc_unchecked(&mp->stats.xid_not_found);
27321 else
27322- atomic_inc(&mp->stats.non_bls_resp);
27323+ atomic_inc_unchecked(&mp->stats.non_bls_resp);
27324
27325 fc_frame_free(fp);
27326 }
27327diff -urNp linux-2.6.38.2/drivers/scsi/libsas/sas_ata.c linux-2.6.38.2/drivers/scsi/libsas/sas_ata.c
27328--- linux-2.6.38.2/drivers/scsi/libsas/sas_ata.c 2011-03-14 21:20:32.000000000 -0400
27329+++ linux-2.6.38.2/drivers/scsi/libsas/sas_ata.c 2011-03-21 18:31:35.000000000 -0400
27330@@ -348,10 +348,10 @@ static int sas_ata_scr_read(struct ata_l
27331 }
27332 }
27333
27334-static struct ata_port_operations sas_sata_ops = {
27335+static const struct ata_port_operations sas_sata_ops = {
27336 .phy_reset = sas_ata_phy_reset,
27337 .post_internal_cmd = sas_ata_post_internal,
27338- .qc_defer = ata_std_qc_defer,
27339+ .qc_defer = ata_std_qc_defer,
27340 .qc_prep = ata_noop_qc_prep,
27341 .qc_issue = sas_ata_qc_issue,
27342 .qc_fill_rtf = sas_ata_qc_fill_rtf,
27343diff -urNp linux-2.6.38.2/drivers/scsi/mpt2sas/mpt2sas_debug.h linux-2.6.38.2/drivers/scsi/mpt2sas/mpt2sas_debug.h
27344--- linux-2.6.38.2/drivers/scsi/mpt2sas/mpt2sas_debug.h 2011-03-14 21:20:32.000000000 -0400
27345+++ linux-2.6.38.2/drivers/scsi/mpt2sas/mpt2sas_debug.h 2011-03-21 18:31:35.000000000 -0400
27346@@ -79,7 +79,7 @@
27347 CMD; \
27348 }
27349 #else
27350-#define MPT_CHECK_LOGGING(IOC, CMD, BITS)
27351+#define MPT_CHECK_LOGGING(IOC, CMD, BITS) do {} while (0)
27352 #endif /* CONFIG_SCSI_MPT2SAS_LOGGING */
27353
27354
27355diff -urNp linux-2.6.38.2/drivers/scsi/qla2xxx/qla_os.c linux-2.6.38.2/drivers/scsi/qla2xxx/qla_os.c
27356--- linux-2.6.38.2/drivers/scsi/qla2xxx/qla_os.c 2011-03-14 21:20:32.000000000 -0400
27357+++ linux-2.6.38.2/drivers/scsi/qla2xxx/qla_os.c 2011-03-21 18:31:35.000000000 -0400
27358@@ -4096,7 +4096,7 @@ static struct pci_driver qla2xxx_pci_dri
27359 .err_handler = &qla2xxx_err_handler,
27360 };
27361
27362-static struct file_operations apidev_fops = {
27363+static const struct file_operations apidev_fops = {
27364 .owner = THIS_MODULE,
27365 .llseek = noop_llseek,
27366 };
27367diff -urNp linux-2.6.38.2/drivers/scsi/scsi_logging.h linux-2.6.38.2/drivers/scsi/scsi_logging.h
27368--- linux-2.6.38.2/drivers/scsi/scsi_logging.h 2011-03-14 21:20:32.000000000 -0400
27369+++ linux-2.6.38.2/drivers/scsi/scsi_logging.h 2011-03-21 18:31:35.000000000 -0400
27370@@ -51,7 +51,7 @@ do { \
27371 } while (0); \
27372 } while (0)
27373 #else
27374-#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD)
27375+#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0)
27376 #endif /* CONFIG_SCSI_LOGGING */
27377
27378 /*
27379diff -urNp linux-2.6.38.2/drivers/scsi/scsi_transport_iscsi.c linux-2.6.38.2/drivers/scsi/scsi_transport_iscsi.c
27380--- linux-2.6.38.2/drivers/scsi/scsi_transport_iscsi.c 2011-03-14 21:20:32.000000000 -0400
27381+++ linux-2.6.38.2/drivers/scsi/scsi_transport_iscsi.c 2011-03-21 18:31:35.000000000 -0400
27382@@ -1847,7 +1847,7 @@ store_priv_session_##field(struct device
27383 #define iscsi_priv_session_rw_attr(field, format) \
27384 iscsi_priv_session_attr_show(field, format) \
27385 iscsi_priv_session_attr_store(field) \
27386-static ISCSI_CLASS_ATTR(priv_sess, field, S_IRUGO | S_IWUGO, \
27387+static ISCSI_CLASS_ATTR(priv_sess, field, S_IRUGO | S_IWUSR, \
27388 show_priv_session_##field, \
27389 store_priv_session_##field)
27390 iscsi_priv_session_rw_attr(recovery_tmo, "%d");
27391diff -urNp linux-2.6.38.2/drivers/scsi/sg.c linux-2.6.38.2/drivers/scsi/sg.c
27392--- linux-2.6.38.2/drivers/scsi/sg.c 2011-03-14 21:20:32.000000000 -0400
27393+++ linux-2.6.38.2/drivers/scsi/sg.c 2011-03-21 18:31:35.000000000 -0400
27394@@ -2310,7 +2310,7 @@ struct sg_proc_leaf {
27395 const struct file_operations * fops;
27396 };
27397
27398-static struct sg_proc_leaf sg_proc_leaf_arr[] = {
27399+static const struct sg_proc_leaf sg_proc_leaf_arr[] = {
27400 {"allow_dio", &adio_fops},
27401 {"debug", &debug_fops},
27402 {"def_reserved_size", &dressz_fops},
27403@@ -2325,7 +2325,7 @@ sg_proc_init(void)
27404 {
27405 int k, mask;
27406 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
27407- struct sg_proc_leaf * leaf;
27408+ const struct sg_proc_leaf * leaf;
27409
27410 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
27411 if (!sg_proc_sgp)
27412diff -urNp linux-2.6.38.2/drivers/staging/autofs/root.c linux-2.6.38.2/drivers/staging/autofs/root.c
27413--- linux-2.6.38.2/drivers/staging/autofs/root.c 2011-03-14 21:20:32.000000000 -0400
27414+++ linux-2.6.38.2/drivers/staging/autofs/root.c 2011-03-28 16:57:18.000000000 -0400
27415@@ -311,7 +311,8 @@ static int autofs_root_symlink(struct in
27416 set_bit(n,sbi->symlink_bitmap);
27417 sl = &sbi->symlink[n];
27418 sl->len = strlen(symname);
27419- sl->data = kmalloc(slsize = sl->len+1, GFP_KERNEL);
27420+ slsize = sl->len+1;
27421+ sl->data = kmalloc(slsize, GFP_KERNEL);
27422 if (!sl->data) {
27423 clear_bit(n,sbi->symlink_bitmap);
27424 unlock_kernel();
27425diff -urNp linux-2.6.38.2/drivers/staging/bcm/Bcmchar.c linux-2.6.38.2/drivers/staging/bcm/Bcmchar.c
27426--- linux-2.6.38.2/drivers/staging/bcm/Bcmchar.c 2011-03-14 21:20:32.000000000 -0400
27427+++ linux-2.6.38.2/drivers/staging/bcm/Bcmchar.c 2011-03-21 18:31:35.000000000 -0400
27428@@ -2093,7 +2093,7 @@ static long bcm_char_ioctl(struct file *
27429 }
27430
27431
27432-static struct file_operations bcm_fops = {
27433+static const struct file_operations bcm_fops = {
27434 .owner = THIS_MODULE,
27435 .open = bcm_char_open,
27436 .release = bcm_char_release,
27437diff -urNp linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/dhd_linux.c linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/dhd_linux.c
27438--- linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/dhd_linux.c 2011-03-14 21:20:32.000000000 -0400
27439+++ linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/dhd_linux.c 2011-03-21 18:31:35.000000000 -0400
27440@@ -863,14 +863,14 @@ static void dhd_op_if(dhd_if_t *ifp)
27441 free_netdev(ifp->net);
27442 }
27443 /* Allocate etherdev, including space for private structure */
27444- ifp->net = alloc_etherdev(sizeof(dhd));
27445+ ifp->net = alloc_etherdev(sizeof(*dhd));
27446 if (!ifp->net) {
27447 DHD_ERROR(("%s: OOM - alloc_etherdev\n", __func__));
27448 ret = -ENOMEM;
27449 }
27450 if (ret == 0) {
27451 strcpy(ifp->net->name, ifp->name);
27452- memcpy(netdev_priv(ifp->net), &dhd, sizeof(dhd));
27453+ memcpy(netdev_priv(ifp->net), dhd, sizeof(*dhd));
27454 err = dhd_net_attach(&dhd->pub, ifp->idx);
27455 if (err != 0) {
27456 DHD_ERROR(("%s: dhd_net_attach failed, "
27457@@ -1969,25 +1969,23 @@ dhd_pub_t *dhd_attach(struct osl_info *o
27458 strcpy(nv_path, nvram_path);
27459
27460 /* Allocate etherdev, including space for private structure */
27461- net = alloc_etherdev(sizeof(dhd));
27462+ net = alloc_etherdev(sizeof(*dhd));
27463 if (!net) {
27464 DHD_ERROR(("%s: OOM - alloc_etherdev\n", __func__));
27465 goto fail;
27466 }
27467
27468 /* Allocate primary dhd_info */
27469- dhd = kmalloc(sizeof(dhd_info_t), GFP_ATOMIC);
27470+ dhd = kzalloc(sizeof(dhd_info_t), GFP_ATOMIC);
27471 if (!dhd) {
27472 DHD_ERROR(("%s: OOM - alloc dhd_info\n", __func__));
27473 goto fail;
27474 }
27475
27476- memset(dhd, 0, sizeof(dhd_info_t));
27477-
27478 /*
27479 * Save the dhd_info into the priv
27480 */
27481- memcpy(netdev_priv(net), &dhd, sizeof(dhd));
27482+ memcpy(netdev_priv(net), dhd, sizeof(*dhd));
27483 dhd->pub.osh = osh;
27484
27485 /* Set network interface name if it was provided as module parameter */
27486@@ -2105,7 +2103,7 @@ dhd_pub_t *dhd_attach(struct osl_info *o
27487 /*
27488 * Save the dhd_info into the priv
27489 */
27490- memcpy(netdev_priv(net), &dhd, sizeof(dhd));
27491+ memcpy(netdev_priv(net), dhd, sizeof(*dhd));
27492
27493 #if defined(CUSTOMER_HW2) && defined(CONFIG_WIFI_CONTROL_FUNC)
27494 g_bus = bus;
27495diff -urNp linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/wl_iw.c linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/wl_iw.c
27496--- linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/wl_iw.c 2011-03-14 21:20:32.000000000 -0400
27497+++ linux-2.6.38.2/drivers/staging/brcm80211/brcmfmac/wl_iw.c 2011-03-21 18:31:35.000000000 -0400
27498@@ -513,7 +513,7 @@ wl_iw_get_range(struct net_device *dev,
27499 list = (wl_u32_list_t *) channels;
27500
27501 dwrq->length = sizeof(struct iw_range);
27502- memset(range, 0, sizeof(range));
27503+ memset(range, 0, sizeof(*range));
27504
27505 range->min_nwid = range->max_nwid = 0;
27506
27507diff -urNp linux-2.6.38.2/drivers/staging/comedi/comedi_fops.c linux-2.6.38.2/drivers/staging/comedi/comedi_fops.c
27508--- linux-2.6.38.2/drivers/staging/comedi/comedi_fops.c 2011-03-14 21:20:32.000000000 -0400
27509+++ linux-2.6.38.2/drivers/staging/comedi/comedi_fops.c 2011-03-21 18:31:35.000000000 -0400
27510@@ -1426,7 +1426,7 @@ static void comedi_unmap(struct vm_area_
27511 mutex_unlock(&dev->mutex);
27512 }
27513
27514-static struct vm_operations_struct comedi_vm_ops = {
27515+static const struct vm_operations_struct comedi_vm_ops = {
27516 .close = comedi_unmap,
27517 };
27518
27519diff -urNp linux-2.6.38.2/drivers/staging/ft1000/ft1000-usb/ft1000_debug.c linux-2.6.38.2/drivers/staging/ft1000/ft1000-usb/ft1000_debug.c
27520--- linux-2.6.38.2/drivers/staging/ft1000/ft1000-usb/ft1000_debug.c 2011-03-14 21:20:32.000000000 -0400
27521+++ linux-2.6.38.2/drivers/staging/ft1000/ft1000-usb/ft1000_debug.c 2011-03-21 18:31:35.000000000 -0400
27522@@ -55,7 +55,7 @@ int numofmsgbuf = 0;
27523 //
27524 // Table of entry-point routines for char device
27525 //
27526-static struct file_operations ft1000fops =
27527+static const struct file_operations ft1000fops =
27528 {
27529 .unlocked_ioctl = ft1000_ioctl,
27530 .poll = ft1000_poll_dev,
27531diff -urNp linux-2.6.38.2/drivers/staging/go7007/go7007-v4l2.c linux-2.6.38.2/drivers/staging/go7007/go7007-v4l2.c
27532--- linux-2.6.38.2/drivers/staging/go7007/go7007-v4l2.c 2011-03-14 21:20:32.000000000 -0400
27533+++ linux-2.6.38.2/drivers/staging/go7007/go7007-v4l2.c 2011-03-21 18:31:35.000000000 -0400
27534@@ -1672,7 +1672,7 @@ static int go7007_vm_fault(struct vm_are
27535 return 0;
27536 }
27537
27538-static struct vm_operations_struct go7007_vm_ops = {
27539+static const struct vm_operations_struct go7007_vm_ops = {
27540 .open = go7007_vm_open,
27541 .close = go7007_vm_close,
27542 .fault = go7007_vm_fault,
27543diff -urNp linux-2.6.38.2/drivers/staging/hv/hv.c linux-2.6.38.2/drivers/staging/hv/hv.c
27544--- linux-2.6.38.2/drivers/staging/hv/hv.c 2011-03-14 21:20:32.000000000 -0400
27545+++ linux-2.6.38.2/drivers/staging/hv/hv.c 2011-03-21 18:31:35.000000000 -0400
27546@@ -163,7 +163,7 @@ static u64 do_hypercall(u64 control, voi
27547 u64 output_address = (output) ? virt_to_phys(output) : 0;
27548 u32 output_address_hi = output_address >> 32;
27549 u32 output_address_lo = output_address & 0xFFFFFFFF;
27550- volatile void *hypercall_page = hv_context.hypercall_page;
27551+ volatile void *hypercall_page = ktva_ktla(hv_context.hypercall_page);
27552
27553 DPRINT_DBG(VMBUS, "Hypercall <control %llx input %p output %p>",
27554 control, input, output);
27555diff -urNp linux-2.6.38.2/drivers/staging/phison/phison.c linux-2.6.38.2/drivers/staging/phison/phison.c
27556--- linux-2.6.38.2/drivers/staging/phison/phison.c 2011-03-14 21:20:32.000000000 -0400
27557+++ linux-2.6.38.2/drivers/staging/phison/phison.c 2011-03-21 18:31:35.000000000 -0400
27558@@ -43,7 +43,7 @@ static struct scsi_host_template phison_
27559 ATA_BMDMA_SHT(DRV_NAME),
27560 };
27561
27562-static struct ata_port_operations phison_ops = {
27563+static const struct ata_port_operations phison_ops = {
27564 .inherits = &ata_bmdma_port_ops,
27565 .prereset = phison_pre_reset,
27566 };
27567diff -urNp linux-2.6.38.2/drivers/staging/pohmelfs/inode.c linux-2.6.38.2/drivers/staging/pohmelfs/inode.c
27568--- linux-2.6.38.2/drivers/staging/pohmelfs/inode.c 2011-03-14 21:20:32.000000000 -0400
27569+++ linux-2.6.38.2/drivers/staging/pohmelfs/inode.c 2011-03-21 18:31:35.000000000 -0400
27570@@ -1855,7 +1855,7 @@ static int pohmelfs_fill_super(struct su
27571 mutex_init(&psb->mcache_lock);
27572 psb->mcache_root = RB_ROOT;
27573 psb->mcache_timeout = msecs_to_jiffies(5000);
27574- atomic_long_set(&psb->mcache_gen, 0);
27575+ atomic_long_set_unchecked(&psb->mcache_gen, 0);
27576
27577 psb->trans_max_pages = 100;
27578
27579diff -urNp linux-2.6.38.2/drivers/staging/pohmelfs/mcache.c linux-2.6.38.2/drivers/staging/pohmelfs/mcache.c
27580--- linux-2.6.38.2/drivers/staging/pohmelfs/mcache.c 2011-03-14 21:20:32.000000000 -0400
27581+++ linux-2.6.38.2/drivers/staging/pohmelfs/mcache.c 2011-03-21 18:31:35.000000000 -0400
27582@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_
27583 m->data = data;
27584 m->start = start;
27585 m->size = size;
27586- m->gen = atomic_long_inc_return(&psb->mcache_gen);
27587+ m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen);
27588
27589 mutex_lock(&psb->mcache_lock);
27590 err = pohmelfs_mcache_insert(psb, m);
27591diff -urNp linux-2.6.38.2/drivers/staging/pohmelfs/netfs.h linux-2.6.38.2/drivers/staging/pohmelfs/netfs.h
27592--- linux-2.6.38.2/drivers/staging/pohmelfs/netfs.h 2011-03-14 21:20:32.000000000 -0400
27593+++ linux-2.6.38.2/drivers/staging/pohmelfs/netfs.h 2011-03-21 18:31:35.000000000 -0400
27594@@ -571,7 +571,7 @@ struct pohmelfs_config;
27595 struct pohmelfs_sb {
27596 struct rb_root mcache_root;
27597 struct mutex mcache_lock;
27598- atomic_long_t mcache_gen;
27599+ atomic_long_unchecked_t mcache_gen;
27600 unsigned long mcache_timeout;
27601
27602 unsigned int idx;
27603diff -urNp linux-2.6.38.2/drivers/staging/rtl8192u/ieee80211/proc.c linux-2.6.38.2/drivers/staging/rtl8192u/ieee80211/proc.c
27604--- linux-2.6.38.2/drivers/staging/rtl8192u/ieee80211/proc.c 2011-03-14 21:20:32.000000000 -0400
27605+++ linux-2.6.38.2/drivers/staging/rtl8192u/ieee80211/proc.c 2011-03-21 18:31:35.000000000 -0400
27606@@ -99,7 +99,7 @@ static int crypto_info_open(struct inode
27607 return seq_open(file, &crypto_seq_ops);
27608 }
27609
27610-static struct file_operations proc_crypto_ops = {
27611+static const struct file_operations proc_crypto_ops = {
27612 .open = crypto_info_open,
27613 .read = seq_read,
27614 .llseek = seq_lseek,
27615diff -urNp linux-2.6.38.2/drivers/staging/spectra/ffsport.c linux-2.6.38.2/drivers/staging/spectra/ffsport.c
27616--- linux-2.6.38.2/drivers/staging/spectra/ffsport.c 2011-03-14 21:20:32.000000000 -0400
27617+++ linux-2.6.38.2/drivers/staging/spectra/ffsport.c 2011-03-21 18:31:35.000000000 -0400
27618@@ -604,7 +604,7 @@ int GLOB_SBD_unlocked_ioctl(struct block
27619 return ret;
27620 }
27621
27622-static struct block_device_operations GLOB_SBD_ops = {
27623+static const struct block_device_operations GLOB_SBD_ops = {
27624 .owner = THIS_MODULE,
27625 .open = GLOB_SBD_open,
27626 .release = GLOB_SBD_release,
27627diff -urNp linux-2.6.38.2/drivers/staging/vme/devices/vme_user.c linux-2.6.38.2/drivers/staging/vme/devices/vme_user.c
27628--- linux-2.6.38.2/drivers/staging/vme/devices/vme_user.c 2011-03-14 21:20:32.000000000 -0400
27629+++ linux-2.6.38.2/drivers/staging/vme/devices/vme_user.c 2011-03-21 18:31:35.000000000 -0400
27630@@ -138,7 +138,7 @@ static long vme_user_unlocked_ioctl(stru
27631 static int __devinit vme_user_probe(struct device *, int, int);
27632 static int __devexit vme_user_remove(struct device *, int, int);
27633
27634-static struct file_operations vme_user_fops = {
27635+static const struct file_operations vme_user_fops = {
27636 .open = vme_user_open,
27637 .release = vme_user_release,
27638 .read = vme_user_read,
27639diff -urNp linux-2.6.38.2/drivers/staging/westbridge/astoria/block/cyasblkdev_block.c linux-2.6.38.2/drivers/staging/westbridge/astoria/block/cyasblkdev_block.c
27640--- linux-2.6.38.2/drivers/staging/westbridge/astoria/block/cyasblkdev_block.c 2011-03-14 21:20:32.000000000 -0400
27641+++ linux-2.6.38.2/drivers/staging/westbridge/astoria/block/cyasblkdev_block.c 2011-03-21 18:31:35.000000000 -0400
27642@@ -426,7 +426,7 @@ int cyasblkdev_revalidate_disk(struct ge
27643
27644
27645 /*standard block device driver interface */
27646-static struct block_device_operations cyasblkdev_bdops = {
27647+static const struct block_device_operations cyasblkdev_bdops = {
27648 .open = cyasblkdev_blk_open,
27649 .release = cyasblkdev_blk_release,
27650 .ioctl = cyasblkdev_blk_ioctl,
27651diff -urNp linux-2.6.38.2/drivers/tty/hvc/hvc_console.h linux-2.6.38.2/drivers/tty/hvc/hvc_console.h
27652--- linux-2.6.38.2/drivers/tty/hvc/hvc_console.h 2011-03-14 21:20:32.000000000 -0400
27653+++ linux-2.6.38.2/drivers/tty/hvc/hvc_console.h 2011-03-21 18:31:35.000000000 -0400
27654@@ -82,6 +82,7 @@ extern int hvc_instantiate(uint32_t vter
27655 /* register a vterm for hvc tty operation (module_init or hotplug add) */
27656 extern struct hvc_struct * hvc_alloc(uint32_t vtermno, int data,
27657 const struct hv_ops *ops, int outbuf_size);
27658+
27659 /* remove a vterm from hvc tty operation (module_exit or hotplug remove) */
27660 extern int hvc_remove(struct hvc_struct *hp);
27661
27662diff -urNp linux-2.6.38.2/drivers/tty/hvc/hvcs.c linux-2.6.38.2/drivers/tty/hvc/hvcs.c
27663--- linux-2.6.38.2/drivers/tty/hvc/hvcs.c 2011-03-14 21:20:32.000000000 -0400
27664+++ linux-2.6.38.2/drivers/tty/hvc/hvcs.c 2011-03-21 18:31:35.000000000 -0400
27665@@ -83,6 +83,7 @@
27666 #include <asm/hvcserver.h>
27667 #include <asm/uaccess.h>
27668 #include <asm/vio.h>
27669+#include <asm/local.h>
27670
27671 /*
27672 * 1.3.0 -> 1.3.1 In hvcs_open memset(..,0x00,..) instead of memset(..,0x3F,00).
27673@@ -270,7 +271,7 @@ struct hvcs_struct {
27674 unsigned int index;
27675
27676 struct tty_struct *tty;
27677- int open_count;
27678+ local_t open_count;
27679
27680 /*
27681 * Used to tell the driver kernel_thread what operations need to take
27682@@ -420,7 +421,7 @@ static ssize_t hvcs_vterm_state_store(st
27683
27684 spin_lock_irqsave(&hvcsd->lock, flags);
27685
27686- if (hvcsd->open_count > 0) {
27687+ if (local_read(&hvcsd->open_count) > 0) {
27688 spin_unlock_irqrestore(&hvcsd->lock, flags);
27689 printk(KERN_INFO "HVCS: vterm state unchanged. "
27690 "The hvcs device node is still in use.\n");
27691@@ -1136,7 +1137,7 @@ static int hvcs_open(struct tty_struct *
27692 if ((retval = hvcs_partner_connect(hvcsd)))
27693 goto error_release;
27694
27695- hvcsd->open_count = 1;
27696+ local_set(&hvcsd->open_count, 1);
27697 hvcsd->tty = tty;
27698 tty->driver_data = hvcsd;
27699
27700@@ -1170,7 +1171,7 @@ fast_open:
27701
27702 spin_lock_irqsave(&hvcsd->lock, flags);
27703 kref_get(&hvcsd->kref);
27704- hvcsd->open_count++;
27705+ local_inc(&hvcsd->open_count);
27706 hvcsd->todo_mask |= HVCS_SCHED_READ;
27707 spin_unlock_irqrestore(&hvcsd->lock, flags);
27708
27709@@ -1214,7 +1215,7 @@ static void hvcs_close(struct tty_struct
27710 hvcsd = tty->driver_data;
27711
27712 spin_lock_irqsave(&hvcsd->lock, flags);
27713- if (--hvcsd->open_count == 0) {
27714+ if (local_dec_and_test(&hvcsd->open_count)) {
27715
27716 vio_disable_interrupts(hvcsd->vdev);
27717
27718@@ -1240,10 +1241,10 @@ static void hvcs_close(struct tty_struct
27719 free_irq(irq, hvcsd);
27720 kref_put(&hvcsd->kref, destroy_hvcs_struct);
27721 return;
27722- } else if (hvcsd->open_count < 0) {
27723+ } else if (local_read(&hvcsd->open_count) < 0) {
27724 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
27725 " is missmanaged.\n",
27726- hvcsd->vdev->unit_address, hvcsd->open_count);
27727+ hvcsd->vdev->unit_address, local_read(&hvcsd->open_count));
27728 }
27729
27730 spin_unlock_irqrestore(&hvcsd->lock, flags);
27731@@ -1259,7 +1260,7 @@ static void hvcs_hangup(struct tty_struc
27732
27733 spin_lock_irqsave(&hvcsd->lock, flags);
27734 /* Preserve this so that we know how many kref refs to put */
27735- temp_open_count = hvcsd->open_count;
27736+ temp_open_count = local_read(&hvcsd->open_count);
27737
27738 /*
27739 * Don't kref put inside the spinlock because the destruction
27740@@ -1274,7 +1275,7 @@ static void hvcs_hangup(struct tty_struc
27741 hvcsd->tty->driver_data = NULL;
27742 hvcsd->tty = NULL;
27743
27744- hvcsd->open_count = 0;
27745+ local_set(&hvcsd->open_count, 0);
27746
27747 /* This will drop any buffered data on the floor which is OK in a hangup
27748 * scenario. */
27749@@ -1345,7 +1346,7 @@ static int hvcs_write(struct tty_struct
27750 * the middle of a write operation? This is a crummy place to do this
27751 * but we want to keep it all in the spinlock.
27752 */
27753- if (hvcsd->open_count <= 0) {
27754+ if (local_read(&hvcsd->open_count) <= 0) {
27755 spin_unlock_irqrestore(&hvcsd->lock, flags);
27756 return -ENODEV;
27757 }
27758@@ -1419,7 +1420,7 @@ static int hvcs_write_room(struct tty_st
27759 {
27760 struct hvcs_struct *hvcsd = tty->driver_data;
27761
27762- if (!hvcsd || hvcsd->open_count <= 0)
27763+ if (!hvcsd || local_read(&hvcsd->open_count) <= 0)
27764 return 0;
27765
27766 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
27767diff -urNp linux-2.6.38.2/drivers/tty/hvc/hvc_xen.c linux-2.6.38.2/drivers/tty/hvc/hvc_xen.c
27768--- linux-2.6.38.2/drivers/tty/hvc/hvc_xen.c 2011-03-14 21:20:32.000000000 -0400
27769+++ linux-2.6.38.2/drivers/tty/hvc/hvc_xen.c 2011-03-21 18:31:35.000000000 -0400
27770@@ -123,7 +123,7 @@ static int domU_read_console(uint32_t vt
27771 return recv;
27772 }
27773
27774-static struct hv_ops domU_hvc_ops = {
27775+static const struct hv_ops domU_hvc_ops = {
27776 .get_chars = domU_read_console,
27777 .put_chars = domU_write_console,
27778 .notifier_add = notifier_add_irq,
27779@@ -149,7 +149,7 @@ static int dom0_write_console(uint32_t v
27780 return len;
27781 }
27782
27783-static struct hv_ops dom0_hvc_ops = {
27784+static const struct hv_ops dom0_hvc_ops = {
27785 .get_chars = dom0_read_console,
27786 .put_chars = dom0_write_console,
27787 .notifier_add = notifier_add_irq,
27788@@ -160,7 +160,7 @@ static struct hv_ops dom0_hvc_ops = {
27789 static int __init xen_hvc_init(void)
27790 {
27791 struct hvc_struct *hp;
27792- struct hv_ops *ops;
27793+ const struct hv_ops *ops;
27794
27795 if (!xen_pv_domain())
27796 return -ENODEV;
27797@@ -203,7 +203,7 @@ static void __exit xen_hvc_fini(void)
27798
27799 static int xen_cons_init(void)
27800 {
27801- struct hv_ops *ops;
27802+ const struct hv_ops *ops;
27803
27804 if (!xen_pv_domain())
27805 return 0;
27806diff -urNp linux-2.6.38.2/drivers/tty/n_gsm.c linux-2.6.38.2/drivers/tty/n_gsm.c
27807--- linux-2.6.38.2/drivers/tty/n_gsm.c 2011-03-14 21:20:32.000000000 -0400
27808+++ linux-2.6.38.2/drivers/tty/n_gsm.c 2011-03-21 18:31:35.000000000 -0400
27809@@ -1589,7 +1589,7 @@ static struct gsm_dlci *gsm_dlci_alloc(s
27810 return NULL;
27811 spin_lock_init(&dlci->lock);
27812 dlci->fifo = &dlci->_fifo;
27813- if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
27814+ if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL)) {
27815 kfree(dlci);
27816 return NULL;
27817 }
27818diff -urNp linux-2.6.38.2/drivers/tty/n_tty.c linux-2.6.38.2/drivers/tty/n_tty.c
27819--- linux-2.6.38.2/drivers/tty/n_tty.c 2011-03-14 21:20:32.000000000 -0400
27820+++ linux-2.6.38.2/drivers/tty/n_tty.c 2011-03-21 18:31:35.000000000 -0400
27821@@ -2116,6 +2116,7 @@ void n_tty_inherit_ops(struct tty_ldisc_
27822 {
27823 *ops = tty_ldisc_N_TTY;
27824 ops->owner = NULL;
27825- ops->refcount = ops->flags = 0;
27826+ atomic_set(&ops->refcount, 0);
27827+ ops->flags = 0;
27828 }
27829 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
27830diff -urNp linux-2.6.38.2/drivers/tty/pty.c linux-2.6.38.2/drivers/tty/pty.c
27831--- linux-2.6.38.2/drivers/tty/pty.c 2011-03-14 21:20:32.000000000 -0400
27832+++ linux-2.6.38.2/drivers/tty/pty.c 2011-03-21 18:31:35.000000000 -0400
27833@@ -700,7 +700,18 @@ out:
27834 return retval;
27835 }
27836
27837-static struct file_operations ptmx_fops;
27838+static const struct file_operations ptmx_fops = {
27839+ .llseek = no_llseek,
27840+ .read = tty_read,
27841+ .write = tty_write,
27842+ .poll = tty_poll,
27843+ .unlocked_ioctl = tty_ioctl,
27844+ .compat_ioctl = tty_compat_ioctl,
27845+ .open = ptmx_open,
27846+ .release = tty_release,
27847+ .fasync = tty_fasync,
27848+};
27849+
27850
27851 static void __init unix98_pty_init(void)
27852 {
27853@@ -753,10 +764,6 @@ static void __init unix98_pty_init(void)
27854
27855 register_sysctl_table(pty_root_table);
27856
27857- /* Now create the /dev/ptmx special device */
27858- tty_default_fops(&ptmx_fops);
27859- ptmx_fops.open = ptmx_open;
27860-
27861 cdev_init(&ptmx_cdev, &ptmx_fops);
27862 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
27863 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
27864diff -urNp linux-2.6.38.2/drivers/tty/serial/8250_pci.c linux-2.6.38.2/drivers/tty/serial/8250_pci.c
27865--- linux-2.6.38.2/drivers/tty/serial/8250_pci.c 2011-03-14 21:20:32.000000000 -0400
27866+++ linux-2.6.38.2/drivers/tty/serial/8250_pci.c 2011-03-21 18:31:35.000000000 -0400
27867@@ -3818,7 +3818,7 @@ static struct pci_device_id serial_pci_t
27868 PCI_ANY_ID, PCI_ANY_ID,
27869 PCI_CLASS_COMMUNICATION_MULTISERIAL << 8,
27870 0xffff00, pbn_default },
27871- { 0, }
27872+ { 0, 0, 0, 0, 0, 0, 0 }
27873 };
27874
27875 static struct pci_driver serial_pci_driver = {
27876diff -urNp linux-2.6.38.2/drivers/tty/serial/kgdboc.c linux-2.6.38.2/drivers/tty/serial/kgdboc.c
27877--- linux-2.6.38.2/drivers/tty/serial/kgdboc.c 2011-03-14 21:20:32.000000000 -0400
27878+++ linux-2.6.38.2/drivers/tty/serial/kgdboc.c 2011-03-21 18:31:35.000000000 -0400
27879@@ -22,7 +22,7 @@
27880
27881 #define MAX_CONFIG_LEN 40
27882
27883-static struct kgdb_io kgdboc_io_ops;
27884+static struct kgdb_io kgdboc_io_ops; /* cannot be const, see configure_kgdboc() */
27885
27886 /* -1 = init not run yet, 0 = unconfigured, 1 = configured. */
27887 static int configured = -1;
27888@@ -293,7 +293,7 @@ static void kgdboc_post_exp_handler(void
27889 kgdboc_restore_input();
27890 }
27891
27892-static struct kgdb_io kgdboc_io_ops = {
27893+static struct kgdb_io kgdboc_io_ops = { /* cannot be const, see configure_kgdboc() */
27894 .name = "kgdboc",
27895 .read_char = kgdboc_get_char,
27896 .write_char = kgdboc_put_char,
27897diff -urNp linux-2.6.38.2/drivers/tty/tty_io.c linux-2.6.38.2/drivers/tty/tty_io.c
27898--- linux-2.6.38.2/drivers/tty/tty_io.c 2011-03-14 21:20:32.000000000 -0400
27899+++ linux-2.6.38.2/drivers/tty/tty_io.c 2011-03-21 18:31:35.000000000 -0400
27900@@ -140,21 +140,11 @@ EXPORT_SYMBOL(tty_mutex);
27901 /* Spinlock to protect the tty->tty_files list */
27902 DEFINE_SPINLOCK(tty_files_lock);
27903
27904-static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
27905-static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
27906 ssize_t redirected_tty_write(struct file *, const char __user *,
27907 size_t, loff_t *);
27908-static unsigned int tty_poll(struct file *, poll_table *);
27909 static int tty_open(struct inode *, struct file *);
27910 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
27911-#ifdef CONFIG_COMPAT
27912-static long tty_compat_ioctl(struct file *file, unsigned int cmd,
27913- unsigned long arg);
27914-#else
27915-#define tty_compat_ioctl NULL
27916-#endif
27917 static int __tty_fasync(int fd, struct file *filp, int on);
27918-static int tty_fasync(int fd, struct file *filp, int on);
27919 static void release_tty(struct tty_struct *tty, int idx);
27920 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
27921 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
27922@@ -938,7 +928,7 @@ EXPORT_SYMBOL(start_tty);
27923 * read calls may be outstanding in parallel.
27924 */
27925
27926-static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
27927+ssize_t tty_read(struct file *file, char __user *buf, size_t count,
27928 loff_t *ppos)
27929 {
27930 int i;
27931@@ -964,6 +954,8 @@ static ssize_t tty_read(struct file *fil
27932 return i;
27933 }
27934
27935+EXPORT_SYMBOL(tty_read);
27936+
27937 void tty_write_unlock(struct tty_struct *tty)
27938 {
27939 mutex_unlock(&tty->atomic_write_lock);
27940@@ -1113,7 +1105,7 @@ void tty_write_message(struct tty_struct
27941 * write method will not be invoked in parallel for each device.
27942 */
27943
27944-static ssize_t tty_write(struct file *file, const char __user *buf,
27945+ssize_t tty_write(struct file *file, const char __user *buf,
27946 size_t count, loff_t *ppos)
27947 {
27948 struct inode *inode = file->f_path.dentry->d_inode;
27949@@ -1139,6 +1131,8 @@ static ssize_t tty_write(struct file *fi
27950 return ret;
27951 }
27952
27953+EXPORT_SYMBOL(tty_write);
27954+
27955 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
27956 size_t count, loff_t *ppos)
27957 {
27958@@ -1778,6 +1772,8 @@ int tty_release(struct inode *inode, str
27959 return 0;
27960 }
27961
27962+EXPORT_SYMBOL(tty_release);
27963+
27964 /**
27965 * tty_open - open a tty device
27966 * @inode: inode of device file
27967@@ -1969,7 +1965,7 @@ got_driver:
27968 * may be re-entered freely by other callers.
27969 */
27970
27971-static unsigned int tty_poll(struct file *filp, poll_table *wait)
27972+unsigned int tty_poll(struct file *filp, poll_table *wait)
27973 {
27974 struct tty_struct *tty = file_tty(filp);
27975 struct tty_ldisc *ld;
27976@@ -1985,6 +1981,8 @@ static unsigned int tty_poll(struct file
27977 return ret;
27978 }
27979
27980+EXPORT_SYMBOL(tty_poll);
27981+
27982 static int __tty_fasync(int fd, struct file *filp, int on)
27983 {
27984 struct tty_struct *tty = file_tty(filp);
27985@@ -2026,7 +2024,7 @@ out:
27986 return retval;
27987 }
27988
27989-static int tty_fasync(int fd, struct file *filp, int on)
27990+int tty_fasync(int fd, struct file *filp, int on)
27991 {
27992 int retval;
27993 tty_lock();
27994@@ -2035,6 +2033,8 @@ static int tty_fasync(int fd, struct fil
27995 return retval;
27996 }
27997
27998+EXPORT_SYMBOL(tty_fasync);
27999+
28000 /**
28001 * tiocsti - fake input character
28002 * @tty: tty to fake input into
28003@@ -2692,8 +2692,10 @@ long tty_ioctl(struct file *file, unsign
28004 return retval;
28005 }
28006
28007+EXPORT_SYMBOL(tty_ioctl);
28008+
28009 #ifdef CONFIG_COMPAT
28010-static long tty_compat_ioctl(struct file *file, unsigned int cmd,
28011+long tty_compat_ioctl(struct file *file, unsigned int cmd,
28012 unsigned long arg)
28013 {
28014 struct inode *inode = file->f_dentry->d_inode;
28015@@ -2717,6 +2719,9 @@ static long tty_compat_ioctl(struct file
28016
28017 return retval;
28018 }
28019+
28020+EXPORT_SYMBOL(tty_compat_ioctl);
28021+
28022 #endif
28023
28024 /*
28025@@ -3195,11 +3200,6 @@ struct tty_struct *get_current_tty(void)
28026 }
28027 EXPORT_SYMBOL_GPL(get_current_tty);
28028
28029-void tty_default_fops(struct file_operations *fops)
28030-{
28031- *fops = tty_fops;
28032-}
28033-
28034 /*
28035 * Initialize the console device. This is called *early*, so
28036 * we can't necessarily depend on lots of kernel help here.
28037diff -urNp linux-2.6.38.2/drivers/tty/tty_ldisc.c linux-2.6.38.2/drivers/tty/tty_ldisc.c
28038--- linux-2.6.38.2/drivers/tty/tty_ldisc.c 2011-03-14 21:20:32.000000000 -0400
28039+++ linux-2.6.38.2/drivers/tty/tty_ldisc.c 2011-03-21 18:31:35.000000000 -0400
28040@@ -76,7 +76,7 @@ static void put_ldisc(struct tty_ldisc *
28041 if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
28042 struct tty_ldisc_ops *ldo = ld->ops;
28043
28044- ldo->refcount--;
28045+ atomic_dec(&ldo->refcount);
28046 module_put(ldo->owner);
28047 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
28048
28049@@ -111,7 +111,7 @@ int tty_register_ldisc(int disc, struct
28050 spin_lock_irqsave(&tty_ldisc_lock, flags);
28051 tty_ldiscs[disc] = new_ldisc;
28052 new_ldisc->num = disc;
28053- new_ldisc->refcount = 0;
28054+ atomic_set(&new_ldisc->refcount, 0);
28055 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
28056
28057 return ret;
28058@@ -139,7 +139,7 @@ int tty_unregister_ldisc(int disc)
28059 return -EINVAL;
28060
28061 spin_lock_irqsave(&tty_ldisc_lock, flags);
28062- if (tty_ldiscs[disc]->refcount)
28063+ if (atomic_read(&tty_ldiscs[disc]->refcount))
28064 ret = -EBUSY;
28065 else
28066 tty_ldiscs[disc] = NULL;
28067@@ -160,7 +160,7 @@ static struct tty_ldisc_ops *get_ldops(i
28068 if (ldops) {
28069 ret = ERR_PTR(-EAGAIN);
28070 if (try_module_get(ldops->owner)) {
28071- ldops->refcount++;
28072+ atomic_inc(&ldops->refcount);
28073 ret = ldops;
28074 }
28075 }
28076@@ -173,7 +173,7 @@ static void put_ldops(struct tty_ldisc_o
28077 unsigned long flags;
28078
28079 spin_lock_irqsave(&tty_ldisc_lock, flags);
28080- ldops->refcount--;
28081+ atomic_dec(&ldops->refcount);
28082 module_put(ldops->owner);
28083 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
28084 }
28085diff -urNp linux-2.6.38.2/drivers/tty/vt/keyboard.c linux-2.6.38.2/drivers/tty/vt/keyboard.c
28086--- linux-2.6.38.2/drivers/tty/vt/keyboard.c 2011-03-14 21:20:32.000000000 -0400
28087+++ linux-2.6.38.2/drivers/tty/vt/keyboard.c 2011-03-21 18:31:35.000000000 -0400
28088@@ -657,6 +657,16 @@ static void k_spec(struct vc_data *vc, u
28089 kbd->kbdmode == VC_MEDIUMRAW) &&
28090 value != KVAL(K_SAK))
28091 return; /* SAK is allowed even in raw mode */
28092+
28093+#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
28094+ {
28095+ void *func = fn_handler[value];
28096+ if (func == fn_show_state || func == fn_show_ptregs ||
28097+ func == fn_show_mem)
28098+ return;
28099+ }
28100+#endif
28101+
28102 fn_handler[value](vc);
28103 }
28104
28105@@ -1413,7 +1423,7 @@ static const struct input_device_id kbd_
28106 .evbit = { BIT_MASK(EV_SND) },
28107 },
28108
28109- { }, /* Terminating entry */
28110+ { 0 }, /* Terminating entry */
28111 };
28112
28113 MODULE_DEVICE_TABLE(input, kbd_ids);
28114diff -urNp linux-2.6.38.2/drivers/tty/vt/vt.c linux-2.6.38.2/drivers/tty/vt/vt.c
28115--- linux-2.6.38.2/drivers/tty/vt/vt.c 2011-03-14 21:20:32.000000000 -0400
28116+++ linux-2.6.38.2/drivers/tty/vt/vt.c 2011-03-21 18:31:35.000000000 -0400
28117@@ -262,7 +262,7 @@ EXPORT_SYMBOL_GPL(unregister_vt_notifier
28118
28119 static void notify_write(struct vc_data *vc, unsigned int unicode)
28120 {
28121- struct vt_notifier_param param = { .vc = vc, unicode = unicode };
28122+ struct vt_notifier_param param = { .vc = vc, .c = unicode };
28123 atomic_notifier_call_chain(&vt_notifier_list, VT_WRITE, &param);
28124 }
28125
28126diff -urNp linux-2.6.38.2/drivers/tty/vt/vt_ioctl.c linux-2.6.38.2/drivers/tty/vt/vt_ioctl.c
28127--- linux-2.6.38.2/drivers/tty/vt/vt_ioctl.c 2011-03-14 21:20:32.000000000 -0400
28128+++ linux-2.6.38.2/drivers/tty/vt/vt_ioctl.c 2011-03-21 18:31:35.000000000 -0400
28129@@ -210,9 +210,6 @@ do_kdsk_ioctl(int cmd, struct kbentry __
28130 if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
28131 return -EFAULT;
28132
28133- if (!capable(CAP_SYS_TTY_CONFIG))
28134- perm = 0;
28135-
28136 switch (cmd) {
28137 case KDGKBENT:
28138 key_map = key_maps[s];
28139@@ -224,6 +221,9 @@ do_kdsk_ioctl(int cmd, struct kbentry __
28140 val = (i ? K_HOLE : K_NOSUCHMAP);
28141 return put_user(val, &user_kbe->kb_value);
28142 case KDSKBENT:
28143+ if (!capable(CAP_SYS_TTY_CONFIG))
28144+ perm = 0;
28145+
28146 if (!perm)
28147 return -EPERM;
28148 if (!i && v == K_NOSUCHMAP) {
28149@@ -325,9 +325,6 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
28150 int i, j, k;
28151 int ret;
28152
28153- if (!capable(CAP_SYS_TTY_CONFIG))
28154- perm = 0;
28155-
28156 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
28157 if (!kbs) {
28158 ret = -ENOMEM;
28159@@ -361,6 +358,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
28160 kfree(kbs);
28161 return ((p && *p) ? -EOVERFLOW : 0);
28162 case KDSKBSENT:
28163+ if (!capable(CAP_SYS_TTY_CONFIG))
28164+ perm = 0;
28165+
28166 if (!perm) {
28167 ret = -EPERM;
28168 goto reterr;
28169diff -urNp linux-2.6.38.2/drivers/uio/uio.c linux-2.6.38.2/drivers/uio/uio.c
28170--- linux-2.6.38.2/drivers/uio/uio.c 2011-03-14 21:20:32.000000000 -0400
28171+++ linux-2.6.38.2/drivers/uio/uio.c 2011-03-21 18:31:35.000000000 -0400
28172@@ -25,6 +25,7 @@
28173 #include <linux/kobject.h>
28174 #include <linux/cdev.h>
28175 #include <linux/uio_driver.h>
28176+#include <asm/local.h>
28177
28178 #define UIO_MAX_DEVICES (1U << MINORBITS)
28179
28180@@ -35,7 +36,7 @@ struct uio_device {
28181 atomic_t event;
28182 struct fasync_struct *async_queue;
28183 wait_queue_head_t wait;
28184- int vma_count;
28185+ local_t vma_count;
28186 struct uio_info *info;
28187 struct kobject *map_dir;
28188 struct kobject *portio_dir;
28189@@ -602,13 +603,13 @@ static int uio_find_mem_index(struct vm_
28190 static void uio_vma_open(struct vm_area_struct *vma)
28191 {
28192 struct uio_device *idev = vma->vm_private_data;
28193- idev->vma_count++;
28194+ local_inc(&idev->vma_count);
28195 }
28196
28197 static void uio_vma_close(struct vm_area_struct *vma)
28198 {
28199 struct uio_device *idev = vma->vm_private_data;
28200- idev->vma_count--;
28201+ local_dec(&idev->vma_count);
28202 }
28203
28204 static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
28205diff -urNp linux-2.6.38.2/drivers/usb/atm/cxacru.c linux-2.6.38.2/drivers/usb/atm/cxacru.c
28206--- linux-2.6.38.2/drivers/usb/atm/cxacru.c 2011-03-14 21:20:32.000000000 -0400
28207+++ linux-2.6.38.2/drivers/usb/atm/cxacru.c 2011-03-21 18:31:35.000000000 -0400
28208@@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_c
28209 ret = sscanf(buf + pos, "%x=%x%n", &index, &value, &tmp);
28210 if (ret < 2)
28211 return -EINVAL;
28212- if (index < 0 || index > 0x7f)
28213+ if (index > 0x7f)
28214 return -EINVAL;
28215 pos += tmp;
28216
28217diff -urNp linux-2.6.38.2/drivers/usb/atm/usbatm.c linux-2.6.38.2/drivers/usb/atm/usbatm.c
28218--- linux-2.6.38.2/drivers/usb/atm/usbatm.c 2011-03-14 21:20:32.000000000 -0400
28219+++ linux-2.6.38.2/drivers/usb/atm/usbatm.c 2011-03-21 18:31:35.000000000 -0400
28220@@ -332,7 +332,7 @@ static void usbatm_extract_one_cell(stru
28221 if (printk_ratelimit())
28222 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
28223 __func__, vpi, vci);
28224- atomic_inc(&vcc->stats->rx_err);
28225+ atomic_inc_unchecked(&vcc->stats->rx_err);
28226 return;
28227 }
28228
28229@@ -360,7 +360,7 @@ static void usbatm_extract_one_cell(stru
28230 if (length > ATM_MAX_AAL5_PDU) {
28231 atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
28232 __func__, length, vcc);
28233- atomic_inc(&vcc->stats->rx_err);
28234+ atomic_inc_unchecked(&vcc->stats->rx_err);
28235 goto out;
28236 }
28237
28238@@ -369,14 +369,14 @@ static void usbatm_extract_one_cell(stru
28239 if (sarb->len < pdu_length) {
28240 atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
28241 __func__, pdu_length, sarb->len, vcc);
28242- atomic_inc(&vcc->stats->rx_err);
28243+ atomic_inc_unchecked(&vcc->stats->rx_err);
28244 goto out;
28245 }
28246
28247 if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) {
28248 atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
28249 __func__, vcc);
28250- atomic_inc(&vcc->stats->rx_err);
28251+ atomic_inc_unchecked(&vcc->stats->rx_err);
28252 goto out;
28253 }
28254
28255@@ -386,7 +386,7 @@ static void usbatm_extract_one_cell(stru
28256 if (printk_ratelimit())
28257 atm_err(instance, "%s: no memory for skb (length: %u)!\n",
28258 __func__, length);
28259- atomic_inc(&vcc->stats->rx_drop);
28260+ atomic_inc_unchecked(&vcc->stats->rx_drop);
28261 goto out;
28262 }
28263
28264@@ -411,7 +411,7 @@ static void usbatm_extract_one_cell(stru
28265
28266 vcc->push(vcc, skb);
28267
28268- atomic_inc(&vcc->stats->rx);
28269+ atomic_inc_unchecked(&vcc->stats->rx);
28270 out:
28271 skb_trim(sarb, 0);
28272 }
28273@@ -614,7 +614,7 @@ static void usbatm_tx_process(unsigned l
28274 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
28275
28276 usbatm_pop(vcc, skb);
28277- atomic_inc(&vcc->stats->tx);
28278+ atomic_inc_unchecked(&vcc->stats->tx);
28279
28280 skb = skb_dequeue(&instance->sndqueue);
28281 }
28282@@ -773,11 +773,11 @@ static int usbatm_atm_proc_read(struct a
28283 if (!left--)
28284 return sprintf(page,
28285 "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
28286- atomic_read(&atm_dev->stats.aal5.tx),
28287- atomic_read(&atm_dev->stats.aal5.tx_err),
28288- atomic_read(&atm_dev->stats.aal5.rx),
28289- atomic_read(&atm_dev->stats.aal5.rx_err),
28290- atomic_read(&atm_dev->stats.aal5.rx_drop));
28291+ atomic_read_unchecked(&atm_dev->stats.aal5.tx),
28292+ atomic_read_unchecked(&atm_dev->stats.aal5.tx_err),
28293+ atomic_read_unchecked(&atm_dev->stats.aal5.rx),
28294+ atomic_read_unchecked(&atm_dev->stats.aal5.rx_err),
28295+ atomic_read_unchecked(&atm_dev->stats.aal5.rx_drop));
28296
28297 if (!left--) {
28298 if (instance->disconnected)
28299diff -urNp linux-2.6.38.2/drivers/usb/class/cdc-acm.c linux-2.6.38.2/drivers/usb/class/cdc-acm.c
28300--- linux-2.6.38.2/drivers/usb/class/cdc-acm.c 2011-03-28 17:42:40.000000000 -0400
28301+++ linux-2.6.38.2/drivers/usb/class/cdc-acm.c 2011-03-28 17:42:53.000000000 -0400
28302@@ -1640,7 +1640,7 @@ static const struct usb_device_id acm_id
28303 { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,
28304 USB_CDC_ACM_PROTO_AT_CDMA) },
28305
28306- { }
28307+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
28308 };
28309
28310 MODULE_DEVICE_TABLE(usb, acm_ids);
28311diff -urNp linux-2.6.38.2/drivers/usb/class/usblp.c linux-2.6.38.2/drivers/usb/class/usblp.c
28312--- linux-2.6.38.2/drivers/usb/class/usblp.c 2011-03-14 21:20:32.000000000 -0400
28313+++ linux-2.6.38.2/drivers/usb/class/usblp.c 2011-03-21 18:31:35.000000000 -0400
28314@@ -227,7 +227,7 @@ static const struct quirk_printer_struct
28315 { 0x0482, 0x0010, USBLP_QUIRK_BIDIR }, /* Kyocera Mita FS 820, by zut <kernel@zut.de> */
28316 { 0x04f9, 0x000d, USBLP_QUIRK_BIDIR }, /* Brother Industries, Ltd HL-1440 Laser Printer */
28317 { 0x04b8, 0x0202, USBLP_QUIRK_BAD_CLASS }, /* Seiko Epson Receipt Printer M129C */
28318- { 0, 0 }
28319+ { 0, 0, 0 }
28320 };
28321
28322 static int usblp_wwait(struct usblp *usblp, int nonblock);
28323@@ -1398,7 +1398,7 @@ static const struct usb_device_id usblp_
28324 { USB_INTERFACE_INFO(7, 1, 2) },
28325 { USB_INTERFACE_INFO(7, 1, 3) },
28326 { USB_DEVICE(0x04b8, 0x0202) }, /* Seiko Epson Receipt Printer M129C */
28327- { } /* Terminating entry */
28328+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
28329 };
28330
28331 MODULE_DEVICE_TABLE(usb, usblp_ids);
28332diff -urNp linux-2.6.38.2/drivers/usb/core/hcd.c linux-2.6.38.2/drivers/usb/core/hcd.c
28333--- linux-2.6.38.2/drivers/usb/core/hcd.c 2011-03-23 17:20:07.000000000 -0400
28334+++ linux-2.6.38.2/drivers/usb/core/hcd.c 2011-03-26 20:49:43.000000000 -0400
28335@@ -2457,7 +2457,7 @@ EXPORT_SYMBOL_GPL(usb_hcd_platform_shutd
28336
28337 #if defined(CONFIG_USB_MON) || defined(CONFIG_USB_MON_MODULE)
28338
28339-struct usb_mon_operations *mon_ops;
28340+const struct usb_mon_operations *mon_ops;
28341
28342 /*
28343 * The registration is unlocked.
28344@@ -2467,7 +2467,7 @@ struct usb_mon_operations *mon_ops;
28345 * symbols from usbcore, usbcore gets referenced and cannot be unloaded first.
28346 */
28347
28348-int usb_mon_register (struct usb_mon_operations *ops)
28349+int usb_mon_register (const struct usb_mon_operations *ops)
28350 {
28351
28352 if (mon_ops)
28353diff -urNp linux-2.6.38.2/drivers/usb/core/hub.c linux-2.6.38.2/drivers/usb/core/hub.c
28354--- linux-2.6.38.2/drivers/usb/core/hub.c 2011-03-14 21:20:32.000000000 -0400
28355+++ linux-2.6.38.2/drivers/usb/core/hub.c 2011-03-21 18:31:35.000000000 -0400
28356@@ -3492,7 +3492,7 @@ static const struct usb_device_id hub_id
28357 .bDeviceClass = USB_CLASS_HUB},
28358 { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
28359 .bInterfaceClass = USB_CLASS_HUB},
28360- { } /* Terminating entry */
28361+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
28362 };
28363
28364 MODULE_DEVICE_TABLE (usb, hub_id_table);
28365diff -urNp linux-2.6.38.2/drivers/usb/core/message.c linux-2.6.38.2/drivers/usb/core/message.c
28366--- linux-2.6.38.2/drivers/usb/core/message.c 2011-03-14 21:20:32.000000000 -0400
28367+++ linux-2.6.38.2/drivers/usb/core/message.c 2011-03-21 18:31:35.000000000 -0400
28368@@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device
28369 buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO);
28370 if (buf) {
28371 len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE);
28372- if (len > 0) {
28373- smallbuf = kmalloc(++len, GFP_NOIO);
28374+ if (len++ > 0) {
28375+ smallbuf = kmalloc(len, GFP_NOIO);
28376 if (!smallbuf)
28377 return buf;
28378 memcpy(smallbuf, buf, len);
28379diff -urNp linux-2.6.38.2/drivers/usb/early/ehci-dbgp.c linux-2.6.38.2/drivers/usb/early/ehci-dbgp.c
28380--- linux-2.6.38.2/drivers/usb/early/ehci-dbgp.c 2011-03-14 21:20:32.000000000 -0400
28381+++ linux-2.6.38.2/drivers/usb/early/ehci-dbgp.c 2011-03-21 18:31:35.000000000 -0400
28382@@ -96,7 +96,7 @@ static inline u32 dbgp_len_update(u32 x,
28383 }
28384
28385 #ifdef CONFIG_KGDB
28386-static struct kgdb_io kgdbdbgp_io_ops;
28387+static struct kgdb_io kgdbdbgp_io_ops; /* cannot be const, see kgdbdbgp_parse_config */
28388 #define dbgp_kgdb_mode (dbg_io_ops == &kgdbdbgp_io_ops)
28389 #else
28390 #define dbgp_kgdb_mode (0)
28391@@ -1026,7 +1026,7 @@ static void kgdbdbgp_write_char(u8 chr)
28392 early_dbgp_write(NULL, &chr, 1);
28393 }
28394
28395-static struct kgdb_io kgdbdbgp_io_ops = {
28396+static struct kgdb_io kgdbdbgp_io_ops = { /* cannot be const, see kgdbdbgp_parse_config() */
28397 .name = "kgdbdbgp",
28398 .read_char = kgdbdbgp_read_char,
28399 .write_char = kgdbdbgp_write_char,
28400diff -urNp linux-2.6.38.2/drivers/usb/host/ehci-pci.c linux-2.6.38.2/drivers/usb/host/ehci-pci.c
28401--- linux-2.6.38.2/drivers/usb/host/ehci-pci.c 2011-03-14 21:20:32.000000000 -0400
28402+++ linux-2.6.38.2/drivers/usb/host/ehci-pci.c 2011-03-21 18:31:35.000000000 -0400
28403@@ -516,7 +516,7 @@ static const struct pci_device_id pci_id
28404 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_EHCI, ~0),
28405 .driver_data = (unsigned long) &ehci_pci_hc_driver,
28406 },
28407- { /* end: all zeroes */ }
28408+ { 0, 0, 0, 0, 0, 0, 0 }
28409 };
28410 MODULE_DEVICE_TABLE(pci, pci_ids);
28411
28412diff -urNp linux-2.6.38.2/drivers/usb/host/uhci-hcd.c linux-2.6.38.2/drivers/usb/host/uhci-hcd.c
28413--- linux-2.6.38.2/drivers/usb/host/uhci-hcd.c 2011-03-14 21:20:32.000000000 -0400
28414+++ linux-2.6.38.2/drivers/usb/host/uhci-hcd.c 2011-03-21 18:31:35.000000000 -0400
28415@@ -948,7 +948,7 @@ static const struct pci_device_id uhci_p
28416 /* handle any USB UHCI controller */
28417 PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_UHCI, ~0),
28418 .driver_data = (unsigned long) &uhci_driver,
28419- }, { /* end: all zeroes */ }
28420+ }, { 0, 0, 0, 0, 0, 0, 0 }
28421 };
28422
28423 MODULE_DEVICE_TABLE(pci, uhci_pci_ids);
28424diff -urNp linux-2.6.38.2/drivers/usb/mon/mon_main.c linux-2.6.38.2/drivers/usb/mon/mon_main.c
28425--- linux-2.6.38.2/drivers/usb/mon/mon_main.c 2011-03-14 21:20:32.000000000 -0400
28426+++ linux-2.6.38.2/drivers/usb/mon/mon_main.c 2011-03-21 18:31:35.000000000 -0400
28427@@ -238,7 +238,7 @@ static struct notifier_block mon_nb = {
28428 /*
28429 * Ops
28430 */
28431-static struct usb_mon_operations mon_ops_0 = {
28432+static const struct usb_mon_operations mon_ops_0 = {
28433 .urb_submit = mon_submit,
28434 .urb_submit_error = mon_submit_error,
28435 .urb_complete = mon_complete,
28436diff -urNp linux-2.6.38.2/drivers/usb/storage/debug.h linux-2.6.38.2/drivers/usb/storage/debug.h
28437--- linux-2.6.38.2/drivers/usb/storage/debug.h 2011-03-14 21:20:32.000000000 -0400
28438+++ linux-2.6.38.2/drivers/usb/storage/debug.h 2011-03-21 18:31:35.000000000 -0400
28439@@ -54,9 +54,9 @@ void usb_stor_show_sense( unsigned char
28440 #define US_DEBUGPX(x...) printk( x )
28441 #define US_DEBUG(x) x
28442 #else
28443-#define US_DEBUGP(x...)
28444-#define US_DEBUGPX(x...)
28445-#define US_DEBUG(x)
28446+#define US_DEBUGP(x...) do {} while (0)
28447+#define US_DEBUGPX(x...) do {} while (0)
28448+#define US_DEBUG(x) do {} while (0)
28449 #endif
28450
28451 #endif
28452diff -urNp linux-2.6.38.2/drivers/usb/storage/usb.c linux-2.6.38.2/drivers/usb/storage/usb.c
28453--- linux-2.6.38.2/drivers/usb/storage/usb.c 2011-03-14 21:20:32.000000000 -0400
28454+++ linux-2.6.38.2/drivers/usb/storage/usb.c 2011-03-21 18:31:35.000000000 -0400
28455@@ -122,7 +122,7 @@ MODULE_PARM_DESC(quirks, "supplemental l
28456
28457 static struct us_unusual_dev us_unusual_dev_list[] = {
28458 # include "unusual_devs.h"
28459- { } /* Terminating entry */
28460+ { NULL, NULL, 0, 0, NULL } /* Terminating entry */
28461 };
28462
28463 #undef UNUSUAL_DEV
28464diff -urNp linux-2.6.38.2/drivers/usb/storage/usual-tables.c linux-2.6.38.2/drivers/usb/storage/usual-tables.c
28465--- linux-2.6.38.2/drivers/usb/storage/usual-tables.c 2011-03-14 21:20:32.000000000 -0400
28466+++ linux-2.6.38.2/drivers/usb/storage/usual-tables.c 2011-03-21 18:31:35.000000000 -0400
28467@@ -48,7 +48,7 @@
28468
28469 struct usb_device_id usb_storage_usb_ids[] = {
28470 # include "unusual_devs.h"
28471- { } /* Terminating entry */
28472+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } /* Terminating entry */
28473 };
28474 EXPORT_SYMBOL_GPL(usb_storage_usb_ids);
28475
28476diff -urNp linux-2.6.38.2/drivers/vhost/vhost.c linux-2.6.38.2/drivers/vhost/vhost.c
28477--- linux-2.6.38.2/drivers/vhost/vhost.c 2011-03-14 21:20:32.000000000 -0400
28478+++ linux-2.6.38.2/drivers/vhost/vhost.c 2011-03-21 18:31:35.000000000 -0400
28479@@ -565,7 +565,7 @@ static int init_used(struct vhost_virtqu
28480 return get_user(vq->last_used_idx, &used->idx);
28481 }
28482
28483-static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
28484+static long vhost_set_vring(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
28485 {
28486 struct file *eventfp, *filep = NULL,
28487 *pollstart = NULL, *pollstop = NULL;
28488diff -urNp linux-2.6.38.2/drivers/video/fbcmap.c linux-2.6.38.2/drivers/video/fbcmap.c
28489--- linux-2.6.38.2/drivers/video/fbcmap.c 2011-03-14 21:20:32.000000000 -0400
28490+++ linux-2.6.38.2/drivers/video/fbcmap.c 2011-03-21 18:31:35.000000000 -0400
28491@@ -285,8 +285,7 @@ int fb_set_user_cmap(struct fb_cmap_user
28492 rc = -ENODEV;
28493 goto out;
28494 }
28495- if (cmap->start < 0 || (!info->fbops->fb_setcolreg &&
28496- !info->fbops->fb_setcmap)) {
28497+ if (!info->fbops->fb_setcolreg && !info->fbops->fb_setcmap) {
28498 rc = -EINVAL;
28499 goto out1;
28500 }
28501diff -urNp linux-2.6.38.2/drivers/video/fbmem.c linux-2.6.38.2/drivers/video/fbmem.c
28502--- linux-2.6.38.2/drivers/video/fbmem.c 2011-03-14 21:20:32.000000000 -0400
28503+++ linux-2.6.38.2/drivers/video/fbmem.c 2011-03-21 18:31:35.000000000 -0400
28504@@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_in
28505 image->dx += image->width + 8;
28506 }
28507 } else if (rotate == FB_ROTATE_UD) {
28508- for (x = 0; x < num && image->dx >= 0; x++) {
28509+ for (x = 0; x < num && (__s32)image->dx >= 0; x++) {
28510 info->fbops->fb_imageblit(info, image);
28511 image->dx -= image->width + 8;
28512 }
28513@@ -415,7 +415,7 @@ static void fb_do_show_logo(struct fb_in
28514 image->dy += image->height + 8;
28515 }
28516 } else if (rotate == FB_ROTATE_CCW) {
28517- for (x = 0; x < num && image->dy >= 0; x++) {
28518+ for (x = 0; x < num && (__s32)image->dy >= 0; x++) {
28519 info->fbops->fb_imageblit(info, image);
28520 image->dy -= image->height + 8;
28521 }
28522@@ -1101,7 +1101,7 @@ static long do_fb_ioctl(struct fb_info *
28523 return -EFAULT;
28524 if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
28525 return -EINVAL;
28526- if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX)
28527+ if (con2fb.framebuffer >= FB_MAX)
28528 return -EINVAL;
28529 if (!registered_fb[con2fb.framebuffer])
28530 request_module("fb%d", con2fb.framebuffer);
28531diff -urNp linux-2.6.38.2/drivers/video/fbmon.c linux-2.6.38.2/drivers/video/fbmon.c
28532--- linux-2.6.38.2/drivers/video/fbmon.c 2011-03-14 21:20:32.000000000 -0400
28533+++ linux-2.6.38.2/drivers/video/fbmon.c 2011-03-21 18:31:35.000000000 -0400
28534@@ -46,7 +46,7 @@
28535 #ifdef DEBUG
28536 #define DPRINTK(fmt, args...) printk(fmt,## args)
28537 #else
28538-#define DPRINTK(fmt, args...)
28539+#define DPRINTK(fmt, args...) do {} while (0)
28540 #endif
28541
28542 #define FBMON_FIX_HEADER 1
28543diff -urNp linux-2.6.38.2/drivers/video/i810/i810_accel.c linux-2.6.38.2/drivers/video/i810/i810_accel.c
28544--- linux-2.6.38.2/drivers/video/i810/i810_accel.c 2011-03-14 21:20:32.000000000 -0400
28545+++ linux-2.6.38.2/drivers/video/i810/i810_accel.c 2011-03-21 18:31:35.000000000 -0400
28546@@ -73,6 +73,7 @@ static inline int wait_for_space(struct
28547 }
28548 }
28549 printk("ringbuffer lockup!!!\n");
28550+ printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space);
28551 i810_report_error(mmio);
28552 par->dev_flags |= LOCKUP;
28553 info->pixmap.scan_align = 1;
28554diff -urNp linux-2.6.38.2/drivers/video/i810/i810_main.c linux-2.6.38.2/drivers/video/i810/i810_main.c
28555--- linux-2.6.38.2/drivers/video/i810/i810_main.c 2011-03-14 21:20:32.000000000 -0400
28556+++ linux-2.6.38.2/drivers/video/i810/i810_main.c 2011-03-21 18:31:35.000000000 -0400
28557@@ -120,7 +120,7 @@ static struct pci_device_id i810fb_pci_t
28558 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 4 },
28559 { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82815_CGC,
28560 PCI_ANY_ID, PCI_ANY_ID, 0, 0, 5 },
28561- { 0 },
28562+ { 0, 0, 0, 0, 0, 0, 0 },
28563 };
28564
28565 static struct pci_driver i810fb_driver = {
28566diff -urNp linux-2.6.38.2/drivers/video/modedb.c linux-2.6.38.2/drivers/video/modedb.c
28567--- linux-2.6.38.2/drivers/video/modedb.c 2011-03-14 21:20:32.000000000 -0400
28568+++ linux-2.6.38.2/drivers/video/modedb.c 2011-03-21 18:31:35.000000000 -0400
28569@@ -40,255 +40,255 @@ static const struct fb_videomode modedb[
28570
28571 /* 640x400 @ 70 Hz, 31.5 kHz hsync */
28572 { NULL, 70, 640, 400, 39721, 40, 24, 39, 9, 96, 2, 0,
28573- FB_VMODE_NONINTERLACED },
28574+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28575
28576 /* 640x480 @ 60 Hz, 31.5 kHz hsync */
28577 { NULL, 60, 640, 480, 39721, 40, 24, 32, 11, 96, 2, 0,
28578- FB_VMODE_NONINTERLACED },
28579+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28580
28581 /* 800x600 @ 56 Hz, 35.15 kHz hsync */
28582 { NULL, 56, 800, 600, 27777, 128, 24, 22, 1, 72, 2, 0,
28583- FB_VMODE_NONINTERLACED },
28584+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28585
28586 /* 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync */
28587 { NULL, 87, 1024, 768, 22271, 56, 24, 33, 8, 160, 8, 0,
28588- FB_VMODE_INTERLACED },
28589+ FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN },
28590
28591 /* 640x400 @ 85 Hz, 37.86 kHz hsync */
28592 { NULL, 85, 640, 400, 31746, 96, 32, 41, 1, 64, 3,
28593- FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED },
28594+ FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28595
28596 /* 640x480 @ 72 Hz, 36.5 kHz hsync */
28597 { NULL, 72, 640, 480, 31746, 144, 40, 30, 8, 40, 3, 0,
28598- FB_VMODE_NONINTERLACED },
28599+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28600
28601 /* 640x480 @ 75 Hz, 37.50 kHz hsync */
28602 { NULL, 75, 640, 480, 31746, 120, 16, 16, 1, 64, 3, 0,
28603- FB_VMODE_NONINTERLACED },
28604+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28605
28606 /* 800x600 @ 60 Hz, 37.8 kHz hsync */
28607 { NULL, 60, 800, 600, 25000, 88, 40, 23, 1, 128, 4,
28608 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28609- FB_VMODE_NONINTERLACED },
28610+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28611
28612 /* 640x480 @ 85 Hz, 43.27 kHz hsync */
28613 { NULL, 85, 640, 480, 27777, 80, 56, 25, 1, 56, 3, 0,
28614- FB_VMODE_NONINTERLACED },
28615+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28616
28617 /* 1152x864 @ 89 Hz interlaced, 44 kHz hsync */
28618 { NULL, 89, 1152, 864, 15384, 96, 16, 110, 1, 216, 10, 0,
28619- FB_VMODE_INTERLACED },
28620+ FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN },
28621 /* 800x600 @ 72 Hz, 48.0 kHz hsync */
28622 { NULL, 72, 800, 600, 20000, 64, 56, 23, 37, 120, 6,
28623 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28624- FB_VMODE_NONINTERLACED },
28625+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28626
28627 /* 1024x768 @ 60 Hz, 48.4 kHz hsync */
28628 { NULL, 60, 1024, 768, 15384, 168, 8, 29, 3, 144, 6, 0,
28629- FB_VMODE_NONINTERLACED },
28630+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28631
28632 /* 640x480 @ 100 Hz, 53.01 kHz hsync */
28633 { NULL, 100, 640, 480, 21834, 96, 32, 36, 8, 96, 6, 0,
28634- FB_VMODE_NONINTERLACED },
28635+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28636
28637 /* 1152x864 @ 60 Hz, 53.5 kHz hsync */
28638 { NULL, 60, 1152, 864, 11123, 208, 64, 16, 4, 256, 8, 0,
28639- FB_VMODE_NONINTERLACED },
28640+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28641
28642 /* 800x600 @ 85 Hz, 55.84 kHz hsync */
28643 { NULL, 85, 800, 600, 16460, 160, 64, 36, 16, 64, 5, 0,
28644- FB_VMODE_NONINTERLACED },
28645+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28646
28647 /* 1024x768 @ 70 Hz, 56.5 kHz hsync */
28648 { NULL, 70, 1024, 768, 13333, 144, 24, 29, 3, 136, 6, 0,
28649- FB_VMODE_NONINTERLACED },
28650+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28651
28652 /* 1280x1024 @ 87 Hz interlaced, 51 kHz hsync */
28653 { NULL, 87, 1280, 1024, 12500, 56, 16, 128, 1, 216, 12, 0,
28654- FB_VMODE_INTERLACED },
28655+ FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN },
28656
28657 /* 800x600 @ 100 Hz, 64.02 kHz hsync */
28658 { NULL, 100, 800, 600, 14357, 160, 64, 30, 4, 64, 6, 0,
28659- FB_VMODE_NONINTERLACED },
28660+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28661
28662 /* 1024x768 @ 76 Hz, 62.5 kHz hsync */
28663 { NULL, 76, 1024, 768, 11764, 208, 8, 36, 16, 120, 3, 0,
28664- FB_VMODE_NONINTERLACED },
28665+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28666
28667 /* 1152x864 @ 70 Hz, 62.4 kHz hsync */
28668 { NULL, 70, 1152, 864, 10869, 106, 56, 20, 1, 160, 10, 0,
28669- FB_VMODE_NONINTERLACED },
28670+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28671
28672 /* 1280x1024 @ 61 Hz, 64.2 kHz hsync */
28673 { NULL, 61, 1280, 1024, 9090, 200, 48, 26, 1, 184, 3, 0,
28674- FB_VMODE_NONINTERLACED },
28675+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28676
28677 /* 1400x1050 @ 60Hz, 63.9 kHz hsync */
28678 { NULL, 60, 1400, 1050, 9259, 136, 40, 13, 1, 112, 3, 0,
28679- FB_VMODE_NONINTERLACED },
28680+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28681
28682 /* 1400x1050 @ 75,107 Hz, 82,392 kHz +hsync +vsync*/
28683 { NULL, 75, 1400, 1050, 7190, 120, 56, 23, 10, 112, 13,
28684 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28685- FB_VMODE_NONINTERLACED },
28686+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28687
28688 /* 1400x1050 @ 60 Hz, ? kHz +hsync +vsync*/
28689 { NULL, 60, 1400, 1050, 9259, 128, 40, 12, 0, 112, 3,
28690 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28691- FB_VMODE_NONINTERLACED },
28692+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28693
28694 /* 1024x768 @ 85 Hz, 70.24 kHz hsync */
28695 { NULL, 85, 1024, 768, 10111, 192, 32, 34, 14, 160, 6, 0,
28696- FB_VMODE_NONINTERLACED },
28697+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28698
28699 /* 1152x864 @ 78 Hz, 70.8 kHz hsync */
28700 { NULL, 78, 1152, 864, 9090, 228, 88, 32, 0, 84, 12, 0,
28701- FB_VMODE_NONINTERLACED },
28702+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28703
28704 /* 1280x1024 @ 70 Hz, 74.59 kHz hsync */
28705 { NULL, 70, 1280, 1024, 7905, 224, 32, 28, 8, 160, 8, 0,
28706- FB_VMODE_NONINTERLACED },
28707+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28708
28709 /* 1600x1200 @ 60Hz, 75.00 kHz hsync */
28710 { NULL, 60, 1600, 1200, 6172, 304, 64, 46, 1, 192, 3,
28711 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28712- FB_VMODE_NONINTERLACED },
28713+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28714
28715 /* 1152x864 @ 84 Hz, 76.0 kHz hsync */
28716 { NULL, 84, 1152, 864, 7407, 184, 312, 32, 0, 128, 12, 0,
28717- FB_VMODE_NONINTERLACED },
28718+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28719
28720 /* 1280x1024 @ 74 Hz, 78.85 kHz hsync */
28721 { NULL, 74, 1280, 1024, 7407, 256, 32, 34, 3, 144, 3, 0,
28722- FB_VMODE_NONINTERLACED },
28723+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28724
28725 /* 1024x768 @ 100Hz, 80.21 kHz hsync */
28726 { NULL, 100, 1024, 768, 8658, 192, 32, 21, 3, 192, 10, 0,
28727- FB_VMODE_NONINTERLACED },
28728+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28729
28730 /* 1280x1024 @ 76 Hz, 81.13 kHz hsync */
28731 { NULL, 76, 1280, 1024, 7407, 248, 32, 34, 3, 104, 3, 0,
28732- FB_VMODE_NONINTERLACED },
28733+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28734
28735 /* 1600x1200 @ 70 Hz, 87.50 kHz hsync */
28736 { NULL, 70, 1600, 1200, 5291, 304, 64, 46, 1, 192, 3, 0,
28737- FB_VMODE_NONINTERLACED },
28738+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28739
28740 /* 1152x864 @ 100 Hz, 89.62 kHz hsync */
28741 { NULL, 100, 1152, 864, 7264, 224, 32, 17, 2, 128, 19, 0,
28742- FB_VMODE_NONINTERLACED },
28743+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28744
28745 /* 1280x1024 @ 85 Hz, 91.15 kHz hsync */
28746 { NULL, 85, 1280, 1024, 6349, 224, 64, 44, 1, 160, 3,
28747 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28748- FB_VMODE_NONINTERLACED },
28749+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28750
28751 /* 1600x1200 @ 75 Hz, 93.75 kHz hsync */
28752 { NULL, 75, 1600, 1200, 4938, 304, 64, 46, 1, 192, 3,
28753 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28754- FB_VMODE_NONINTERLACED },
28755+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28756
28757 /* 1680x1050 @ 60 Hz, 65.191 kHz hsync */
28758 { NULL, 60, 1680, 1050, 6848, 280, 104, 30, 3, 176, 6,
28759 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28760- FB_VMODE_NONINTERLACED },
28761+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28762
28763 /* 1600x1200 @ 85 Hz, 105.77 kHz hsync */
28764 { NULL, 85, 1600, 1200, 4545, 272, 16, 37, 4, 192, 3,
28765 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28766- FB_VMODE_NONINTERLACED },
28767+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28768
28769 /* 1280x1024 @ 100 Hz, 107.16 kHz hsync */
28770 { NULL, 100, 1280, 1024, 5502, 256, 32, 26, 7, 128, 15, 0,
28771- FB_VMODE_NONINTERLACED },
28772+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28773
28774 /* 1800x1440 @ 64Hz, 96.15 kHz hsync */
28775 { NULL, 64, 1800, 1440, 4347, 304, 96, 46, 1, 192, 3,
28776 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28777- FB_VMODE_NONINTERLACED },
28778+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28779
28780 /* 1800x1440 @ 70Hz, 104.52 kHz hsync */
28781 { NULL, 70, 1800, 1440, 4000, 304, 96, 46, 1, 192, 3,
28782 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28783- FB_VMODE_NONINTERLACED },
28784+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28785
28786 /* 512x384 @ 78 Hz, 31.50 kHz hsync */
28787 { NULL, 78, 512, 384, 49603, 48, 16, 16, 1, 64, 3, 0,
28788- FB_VMODE_NONINTERLACED },
28789+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28790
28791 /* 512x384 @ 85 Hz, 34.38 kHz hsync */
28792 { NULL, 85, 512, 384, 45454, 48, 16, 16, 1, 64, 3, 0,
28793- FB_VMODE_NONINTERLACED },
28794+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28795
28796 /* 320x200 @ 70 Hz, 31.5 kHz hsync, 8:5 aspect ratio */
28797 { NULL, 70, 320, 200, 79440, 16, 16, 20, 4, 48, 1, 0,
28798- FB_VMODE_DOUBLE },
28799+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28800
28801 /* 320x240 @ 60 Hz, 31.5 kHz hsync, 4:3 aspect ratio */
28802 { NULL, 60, 320, 240, 79440, 16, 16, 16, 5, 48, 1, 0,
28803- FB_VMODE_DOUBLE },
28804+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28805
28806 /* 320x240 @ 72 Hz, 36.5 kHz hsync */
28807 { NULL, 72, 320, 240, 63492, 16, 16, 16, 4, 48, 2, 0,
28808- FB_VMODE_DOUBLE },
28809+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28810
28811 /* 400x300 @ 56 Hz, 35.2 kHz hsync, 4:3 aspect ratio */
28812 { NULL, 56, 400, 300, 55555, 64, 16, 10, 1, 32, 1, 0,
28813- FB_VMODE_DOUBLE },
28814+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28815
28816 /* 400x300 @ 60 Hz, 37.8 kHz hsync */
28817 { NULL, 60, 400, 300, 50000, 48, 16, 11, 1, 64, 2, 0,
28818- FB_VMODE_DOUBLE },
28819+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28820
28821 /* 400x300 @ 72 Hz, 48.0 kHz hsync */
28822 { NULL, 72, 400, 300, 40000, 32, 24, 11, 19, 64, 3, 0,
28823- FB_VMODE_DOUBLE },
28824+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28825
28826 /* 480x300 @ 56 Hz, 35.2 kHz hsync, 8:5 aspect ratio */
28827 { NULL, 56, 480, 300, 46176, 80, 16, 10, 1, 40, 1, 0,
28828- FB_VMODE_DOUBLE },
28829+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28830
28831 /* 480x300 @ 60 Hz, 37.8 kHz hsync */
28832 { NULL, 60, 480, 300, 41858, 56, 16, 11, 1, 80, 2, 0,
28833- FB_VMODE_DOUBLE },
28834+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28835
28836 /* 480x300 @ 63 Hz, 39.6 kHz hsync */
28837 { NULL, 63, 480, 300, 40000, 56, 16, 11, 1, 80, 2, 0,
28838- FB_VMODE_DOUBLE },
28839+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28840
28841 /* 480x300 @ 72 Hz, 48.0 kHz hsync */
28842 { NULL, 72, 480, 300, 33386, 40, 24, 11, 19, 80, 3, 0,
28843- FB_VMODE_DOUBLE },
28844+ FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN },
28845
28846 /* 1920x1200 @ 60 Hz, 74.5 Khz hsync */
28847 { NULL, 60, 1920, 1200, 5177, 128, 336, 1, 38, 208, 3,
28848 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28849- FB_VMODE_NONINTERLACED },
28850+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28851
28852 /* 1152x768, 60 Hz, PowerBook G4 Titanium I and II */
28853 { NULL, 60, 1152, 768, 14047, 158, 26, 29, 3, 136, 6,
28854 FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
28855- FB_VMODE_NONINTERLACED },
28856+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28857
28858 /* 1366x768, 60 Hz, 47.403 kHz hsync, WXGA 16:9 aspect ratio */
28859 { NULL, 60, 1366, 768, 13806, 120, 10, 14, 3, 32, 5, 0,
28860- FB_VMODE_NONINTERLACED },
28861+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28862
28863 /* 1280x800, 60 Hz, 47.403 kHz hsync, WXGA 16:10 aspect ratio */
28864 { NULL, 60, 1280, 800, 12048, 200, 64, 24, 1, 136, 3, 0,
28865- FB_VMODE_NONINTERLACED },
28866+ FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28867
28868 /* 720x576i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
28869 { NULL, 50, 720, 576, 74074, 64, 16, 39, 5, 64, 5, 0,
28870- FB_VMODE_INTERLACED },
28871+ FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN },
28872
28873 /* 800x520i @ 50 Hz, 15.625 kHz hsync (PAL RGB) */
28874 { NULL, 50, 800, 520, 58823, 144, 64, 72, 28, 80, 5, 0,
28875- FB_VMODE_INTERLACED },
28876+ FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN },
28877
28878 /* 864x480 @ 60 Hz, 35.15 kHz hsync */
28879 { NULL, 60, 864, 480, 27777, 1, 1, 1, 1, 0, 0,
28880- 0, FB_VMODE_NONINTERLACED },
28881+ 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN },
28882 };
28883
28884 #ifdef CONFIG_FB_MODE_HELPERS
28885diff -urNp linux-2.6.38.2/drivers/video/pxa3xx-gcu.c linux-2.6.38.2/drivers/video/pxa3xx-gcu.c
28886--- linux-2.6.38.2/drivers/video/pxa3xx-gcu.c 2011-03-14 21:20:32.000000000 -0400
28887+++ linux-2.6.38.2/drivers/video/pxa3xx-gcu.c 2011-03-21 18:31:35.000000000 -0400
28888@@ -103,7 +103,7 @@ struct pxa3xx_gcu_priv {
28889 dma_addr_t shared_phys;
28890 struct resource *resource_mem;
28891 struct miscdevice misc_dev;
28892- struct file_operations misc_fops;
28893+ const struct file_operations misc_fops;
28894 wait_queue_head_t wait_idle;
28895 wait_queue_head_t wait_free;
28896 spinlock_t spinlock;
28897diff -urNp linux-2.6.38.2/drivers/video/uvesafb.c linux-2.6.38.2/drivers/video/uvesafb.c
28898--- linux-2.6.38.2/drivers/video/uvesafb.c 2011-03-14 21:20:32.000000000 -0400
28899+++ linux-2.6.38.2/drivers/video/uvesafb.c 2011-03-21 18:31:35.000000000 -0400
28900@@ -19,6 +19,7 @@
28901 #include <linux/io.h>
28902 #include <linux/mutex.h>
28903 #include <linux/slab.h>
28904+#include <linux/moduleloader.h>
28905 #include <video/edid.h>
28906 #include <video/uvesafb.h>
28907 #ifdef CONFIG_X86
28908@@ -121,7 +122,7 @@ static int uvesafb_helper_start(void)
28909 NULL,
28910 };
28911
28912- return call_usermodehelper(v86d_path, argv, envp, 1);
28913+ return call_usermodehelper(v86d_path, argv, envp, UMH_WAIT_PROC);
28914 }
28915
28916 /*
28917@@ -569,10 +570,32 @@ static int __devinit uvesafb_vbe_getpmi(
28918 if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
28919 par->pmi_setpal = par->ypan = 0;
28920 } else {
28921+
28922+#ifdef CONFIG_PAX_KERNEXEC
28923+#ifdef CONFIG_MODULES
28924+ par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx);
28925+#endif
28926+ if (!par->pmi_code) {
28927+ par->pmi_setpal = par->ypan = 0;
28928+ return 0;
28929+ }
28930+#endif
28931+
28932 par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4)
28933 + task->t.regs.edi);
28934+
28935+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
28936+ pax_open_kernel();
28937+ memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx);
28938+ pax_close_kernel();
28939+
28940+ par->pmi_start = ktva_ktla(par->pmi_code + par->pmi_base[1]);
28941+ par->pmi_pal = ktva_ktla(par->pmi_code + par->pmi_base[2]);
28942+#else
28943 par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1];
28944 par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2];
28945+#endif
28946+
28947 printk(KERN_INFO "uvesafb: protected mode interface info at "
28948 "%04x:%04x\n",
28949 (u16)task->t.regs.es, (u16)task->t.regs.edi);
28950@@ -1800,6 +1823,11 @@ out:
28951 if (par->vbe_modes)
28952 kfree(par->vbe_modes);
28953
28954+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
28955+ if (par->pmi_code)
28956+ module_free_exec(NULL, par->pmi_code);
28957+#endif
28958+
28959 framebuffer_release(info);
28960 return err;
28961 }
28962@@ -1826,6 +1854,12 @@ static int uvesafb_remove(struct platfor
28963 kfree(par->vbe_state_orig);
28964 if (par->vbe_state_saved)
28965 kfree(par->vbe_state_saved);
28966+
28967+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
28968+ if (par->pmi_code)
28969+ module_free_exec(NULL, par->pmi_code);
28970+#endif
28971+
28972 }
28973
28974 framebuffer_release(info);
28975diff -urNp linux-2.6.38.2/drivers/video/vesafb.c linux-2.6.38.2/drivers/video/vesafb.c
28976--- linux-2.6.38.2/drivers/video/vesafb.c 2011-03-14 21:20:32.000000000 -0400
28977+++ linux-2.6.38.2/drivers/video/vesafb.c 2011-03-21 18:31:35.000000000 -0400
28978@@ -9,6 +9,7 @@
28979 */
28980
28981 #include <linux/module.h>
28982+#include <linux/moduleloader.h>
28983 #include <linux/kernel.h>
28984 #include <linux/errno.h>
28985 #include <linux/string.h>
28986@@ -52,8 +53,8 @@ static int vram_remap __initdata; /*
28987 static int vram_total __initdata; /* Set total amount of memory */
28988 static int pmi_setpal __read_mostly = 1; /* pmi for palette changes ??? */
28989 static int ypan __read_mostly; /* 0..nothing, 1..ypan, 2..ywrap */
28990-static void (*pmi_start)(void) __read_mostly;
28991-static void (*pmi_pal) (void) __read_mostly;
28992+static void (*pmi_start)(void) __read_only;
28993+static void (*pmi_pal) (void) __read_only;
28994 static int depth __read_mostly;
28995 static int vga_compat __read_mostly;
28996 /* --------------------------------------------------------------------- */
28997@@ -232,6 +233,7 @@ static int __init vesafb_probe(struct pl
28998 unsigned int size_vmode;
28999 unsigned int size_remap;
29000 unsigned int size_total;
29001+ void *pmi_code = NULL;
29002
29003 if (screen_info.orig_video_isVGA != VIDEO_TYPE_VLFB)
29004 return -ENODEV;
29005@@ -274,10 +276,6 @@ static int __init vesafb_probe(struct pl
29006 size_remap = size_total;
29007 vesafb_fix.smem_len = size_remap;
29008
29009-#ifndef __i386__
29010- screen_info.vesapm_seg = 0;
29011-#endif
29012-
29013 if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) {
29014 printk(KERN_WARNING
29015 "vesafb: cannot reserve video memory at 0x%lx\n",
29016@@ -319,9 +317,21 @@ static int __init vesafb_probe(struct pl
29017 printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n",
29018 vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages);
29019
29020+#ifdef __i386__
29021+
29022+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
29023+ pmi_code = module_alloc_exec(screen_info.vesapm_size);
29024+ if (!pmi_code)
29025+#elif !defined(CONFIG_PAX_KERNEXEC)
29026+ if (0)
29027+#endif
29028+
29029+#endif
29030+ screen_info.vesapm_seg = 0;
29031+
29032 if (screen_info.vesapm_seg) {
29033- printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n",
29034- screen_info.vesapm_seg,screen_info.vesapm_off);
29035+ printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n",
29036+ screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size);
29037 }
29038
29039 if (screen_info.vesapm_seg < 0xc000)
29040@@ -329,9 +339,25 @@ static int __init vesafb_probe(struct pl
29041
29042 if (ypan || pmi_setpal) {
29043 unsigned short *pmi_base;
29044- pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
29045- pmi_start = (void*)((char*)pmi_base + pmi_base[1]);
29046- pmi_pal = (void*)((char*)pmi_base + pmi_base[2]);
29047+
29048+ pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
29049+
29050+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
29051+ pax_open_kernel();
29052+ memcpy(pmi_code, pmi_base, screen_info.vesapm_size);
29053+#else
29054+ pmi_code = pmi_base;
29055+#endif
29056+
29057+ pmi_start = (void*)((char*)pmi_code + pmi_base[1]);
29058+ pmi_pal = (void*)((char*)pmi_code + pmi_base[2]);
29059+
29060+#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
29061+ pmi_start = ktva_ktla(pmi_start);
29062+ pmi_pal = ktva_ktla(pmi_pal);
29063+ pax_close_kernel();
29064+#endif
29065+
29066 printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
29067 if (pmi_base[3]) {
29068 printk(KERN_INFO "vesafb: pmi: ports = ");
29069@@ -473,6 +499,11 @@ static int __init vesafb_probe(struct pl
29070 info->node, info->fix.id);
29071 return 0;
29072 err:
29073+
29074+#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
29075+ module_free_exec(NULL, pmi_code);
29076+#endif
29077+
29078 if (info->screen_base)
29079 iounmap(info->screen_base);
29080 framebuffer_release(info);
29081diff -urNp linux-2.6.38.2/fs/9p/vfs_inode.c linux-2.6.38.2/fs/9p/vfs_inode.c
29082--- linux-2.6.38.2/fs/9p/vfs_inode.c 2011-03-14 21:20:32.000000000 -0400
29083+++ linux-2.6.38.2/fs/9p/vfs_inode.c 2011-03-21 18:31:35.000000000 -0400
29084@@ -1094,7 +1094,7 @@ static void *v9fs_vfs_follow_link(struct
29085 void
29086 v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
29087 {
29088- char *s = nd_get_link(nd);
29089+ const char *s = nd_get_link(nd);
29090
29091 P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
29092 IS_ERR(s) ? "<error>" : s);
29093diff -urNp linux-2.6.38.2/fs/aio.c linux-2.6.38.2/fs/aio.c
29094--- linux-2.6.38.2/fs/aio.c 2011-03-28 17:42:40.000000000 -0400
29095+++ linux-2.6.38.2/fs/aio.c 2011-03-28 17:42:53.000000000 -0400
29096@@ -130,7 +130,7 @@ static int aio_setup_ring(struct kioctx
29097 size += sizeof(struct io_event) * nr_events;
29098 nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
29099
29100- if (nr_pages < 0)
29101+ if (nr_pages <= 0)
29102 return -EINVAL;
29103
29104 nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
29105diff -urNp linux-2.6.38.2/fs/attr.c linux-2.6.38.2/fs/attr.c
29106--- linux-2.6.38.2/fs/attr.c 2011-03-14 21:20:32.000000000 -0400
29107+++ linux-2.6.38.2/fs/attr.c 2011-03-21 18:31:35.000000000 -0400
29108@@ -98,6 +98,7 @@ int inode_newsize_ok(const struct inode
29109 unsigned long limit;
29110
29111 limit = rlimit(RLIMIT_FSIZE);
29112+ gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1);
29113 if (limit != RLIM_INFINITY && offset > limit)
29114 goto out_sig;
29115 if (offset > inode->i_sb->s_maxbytes)
29116diff -urNp linux-2.6.38.2/fs/befs/linuxvfs.c linux-2.6.38.2/fs/befs/linuxvfs.c
29117--- linux-2.6.38.2/fs/befs/linuxvfs.c 2011-03-14 21:20:32.000000000 -0400
29118+++ linux-2.6.38.2/fs/befs/linuxvfs.c 2011-03-21 18:31:35.000000000 -0400
29119@@ -499,7 +499,7 @@ static void befs_put_link(struct dentry
29120 {
29121 befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
29122 if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
29123- char *link = nd_get_link(nd);
29124+ const char *link = nd_get_link(nd);
29125 if (!IS_ERR(link))
29126 kfree(link);
29127 }
29128diff -urNp linux-2.6.38.2/fs/binfmt_aout.c linux-2.6.38.2/fs/binfmt_aout.c
29129--- linux-2.6.38.2/fs/binfmt_aout.c 2011-03-14 21:20:32.000000000 -0400
29130+++ linux-2.6.38.2/fs/binfmt_aout.c 2011-03-21 18:31:35.000000000 -0400
29131@@ -16,6 +16,7 @@
29132 #include <linux/string.h>
29133 #include <linux/fs.h>
29134 #include <linux/file.h>
29135+#include <linux/security.h>
29136 #include <linux/stat.h>
29137 #include <linux/fcntl.h>
29138 #include <linux/ptrace.h>
29139@@ -86,6 +87,8 @@ static int aout_core_dump(struct coredum
29140 #endif
29141 # define START_STACK(u) ((void __user *)u.start_stack)
29142
29143+ memset(&dump, 0, sizeof(dump));
29144+
29145 fs = get_fs();
29146 set_fs(KERNEL_DS);
29147 has_dumped = 1;
29148@@ -97,10 +100,12 @@ static int aout_core_dump(struct coredum
29149
29150 /* If the size of the dump file exceeds the rlimit, then see what would happen
29151 if we wrote the stack, but not the data area. */
29152+ gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1);
29153 if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > cprm->limit)
29154 dump.u_dsize = 0;
29155
29156 /* Make sure we have enough room to write the stack and data areas. */
29157+ gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1);
29158 if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit)
29159 dump.u_ssize = 0;
29160
29161@@ -234,6 +239,8 @@ static int load_aout_binary(struct linux
29162 rlim = rlimit(RLIMIT_DATA);
29163 if (rlim >= RLIM_INFINITY)
29164 rlim = ~0;
29165+
29166+ gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
29167 if (ex.a_data + ex.a_bss > rlim)
29168 return -ENOMEM;
29169
29170@@ -262,6 +269,27 @@ static int load_aout_binary(struct linux
29171 install_exec_creds(bprm);
29172 current->flags &= ~PF_FORKNOEXEC;
29173
29174+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
29175+ current->mm->pax_flags = 0UL;
29176+#endif
29177+
29178+#ifdef CONFIG_PAX_PAGEEXEC
29179+ if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
29180+ current->mm->pax_flags |= MF_PAX_PAGEEXEC;
29181+
29182+#ifdef CONFIG_PAX_EMUTRAMP
29183+ if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
29184+ current->mm->pax_flags |= MF_PAX_EMUTRAMP;
29185+#endif
29186+
29187+#ifdef CONFIG_PAX_MPROTECT
29188+ if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
29189+ current->mm->pax_flags |= MF_PAX_MPROTECT;
29190+#endif
29191+
29192+ }
29193+#endif
29194+
29195 if (N_MAGIC(ex) == OMAGIC) {
29196 unsigned long text_addr, map_size;
29197 loff_t pos;
29198@@ -334,7 +362,7 @@ static int load_aout_binary(struct linux
29199
29200 down_write(&current->mm->mmap_sem);
29201 error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
29202- PROT_READ | PROT_WRITE | PROT_EXEC,
29203+ PROT_READ | PROT_WRITE,
29204 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
29205 fd_offset + ex.a_text);
29206 up_write(&current->mm->mmap_sem);
29207diff -urNp linux-2.6.38.2/fs/binfmt_elf.c linux-2.6.38.2/fs/binfmt_elf.c
29208--- linux-2.6.38.2/fs/binfmt_elf.c 2011-03-14 21:20:32.000000000 -0400
29209+++ linux-2.6.38.2/fs/binfmt_elf.c 2011-03-21 18:31:35.000000000 -0400
29210@@ -51,6 +51,10 @@ static int elf_core_dump(struct coredump
29211 #define elf_core_dump NULL
29212 #endif
29213
29214+#ifdef CONFIG_PAX_MPROTECT
29215+static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
29216+#endif
29217+
29218 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
29219 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
29220 #else
29221@@ -70,6 +74,11 @@ static struct linux_binfmt elf_format =
29222 .load_binary = load_elf_binary,
29223 .load_shlib = load_elf_library,
29224 .core_dump = elf_core_dump,
29225+
29226+#ifdef CONFIG_PAX_MPROTECT
29227+ .handle_mprotect= elf_handle_mprotect,
29228+#endif
29229+
29230 .min_coredump = ELF_EXEC_PAGESIZE,
29231 };
29232
29233@@ -77,6 +86,8 @@ static struct linux_binfmt elf_format =
29234
29235 static int set_brk(unsigned long start, unsigned long end)
29236 {
29237+ unsigned long e = end;
29238+
29239 start = ELF_PAGEALIGN(start);
29240 end = ELF_PAGEALIGN(end);
29241 if (end > start) {
29242@@ -87,7 +98,7 @@ static int set_brk(unsigned long start,
29243 if (BAD_ADDR(addr))
29244 return addr;
29245 }
29246- current->mm->start_brk = current->mm->brk = end;
29247+ current->mm->start_brk = current->mm->brk = e;
29248 return 0;
29249 }
29250
29251@@ -148,7 +159,7 @@ create_elf_tables(struct linux_binprm *b
29252 elf_addr_t __user *u_rand_bytes;
29253 const char *k_platform = ELF_PLATFORM;
29254 const char *k_base_platform = ELF_BASE_PLATFORM;
29255- unsigned char k_rand_bytes[16];
29256+ u32 k_rand_bytes[4];
29257 int items;
29258 elf_addr_t *elf_info;
29259 int ei_index = 0;
29260@@ -195,8 +206,12 @@ create_elf_tables(struct linux_binprm *b
29261 * Generate 16 random bytes for userspace PRNG seeding.
29262 */
29263 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
29264- u_rand_bytes = (elf_addr_t __user *)
29265- STACK_ALLOC(p, sizeof(k_rand_bytes));
29266+ srandom32(k_rand_bytes[0] ^ random32());
29267+ srandom32(k_rand_bytes[1] ^ random32());
29268+ srandom32(k_rand_bytes[2] ^ random32());
29269+ srandom32(k_rand_bytes[3] ^ random32());
29270+ p = STACK_ROUND(p, sizeof(k_rand_bytes));
29271+ u_rand_bytes = (elf_addr_t __user *) p;
29272 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
29273 return -EFAULT;
29274
29275@@ -381,10 +396,10 @@ static unsigned long load_elf_interp(str
29276 {
29277 struct elf_phdr *elf_phdata;
29278 struct elf_phdr *eppnt;
29279- unsigned long load_addr = 0;
29280+ unsigned long load_addr = 0, pax_task_size = TASK_SIZE;
29281 int load_addr_set = 0;
29282 unsigned long last_bss = 0, elf_bss = 0;
29283- unsigned long error = ~0UL;
29284+ unsigned long error = -EINVAL;
29285 unsigned long total_size;
29286 int retval, i, size;
29287
29288@@ -430,6 +445,11 @@ static unsigned long load_elf_interp(str
29289 goto out_close;
29290 }
29291
29292+#ifdef CONFIG_PAX_SEGMEXEC
29293+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
29294+ pax_task_size = SEGMEXEC_TASK_SIZE;
29295+#endif
29296+
29297 eppnt = elf_phdata;
29298 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
29299 if (eppnt->p_type == PT_LOAD) {
29300@@ -473,8 +493,8 @@ static unsigned long load_elf_interp(str
29301 k = load_addr + eppnt->p_vaddr;
29302 if (BAD_ADDR(k) ||
29303 eppnt->p_filesz > eppnt->p_memsz ||
29304- eppnt->p_memsz > TASK_SIZE ||
29305- TASK_SIZE - eppnt->p_memsz < k) {
29306+ eppnt->p_memsz > pax_task_size ||
29307+ pax_task_size - eppnt->p_memsz < k) {
29308 error = -ENOMEM;
29309 goto out_close;
29310 }
29311@@ -528,6 +548,177 @@ out:
29312 return error;
29313 }
29314
29315+#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
29316+static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
29317+{
29318+ unsigned long pax_flags = 0UL;
29319+
29320+#ifdef CONFIG_PAX_PAGEEXEC
29321+ if (elf_phdata->p_flags & PF_PAGEEXEC)
29322+ pax_flags |= MF_PAX_PAGEEXEC;
29323+#endif
29324+
29325+#ifdef CONFIG_PAX_SEGMEXEC
29326+ if (elf_phdata->p_flags & PF_SEGMEXEC)
29327+ pax_flags |= MF_PAX_SEGMEXEC;
29328+#endif
29329+
29330+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
29331+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
29332+ if ((__supported_pte_mask & _PAGE_NX))
29333+ pax_flags &= ~MF_PAX_SEGMEXEC;
29334+ else
29335+ pax_flags &= ~MF_PAX_PAGEEXEC;
29336+ }
29337+#endif
29338+
29339+#ifdef CONFIG_PAX_EMUTRAMP
29340+ if (elf_phdata->p_flags & PF_EMUTRAMP)
29341+ pax_flags |= MF_PAX_EMUTRAMP;
29342+#endif
29343+
29344+#ifdef CONFIG_PAX_MPROTECT
29345+ if (elf_phdata->p_flags & PF_MPROTECT)
29346+ pax_flags |= MF_PAX_MPROTECT;
29347+#endif
29348+
29349+#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
29350+ if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP))
29351+ pax_flags |= MF_PAX_RANDMMAP;
29352+#endif
29353+
29354+ return pax_flags;
29355+}
29356+#endif
29357+
29358+#ifdef CONFIG_PAX_PT_PAX_FLAGS
29359+static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
29360+{
29361+ unsigned long pax_flags = 0UL;
29362+
29363+#ifdef CONFIG_PAX_PAGEEXEC
29364+ if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
29365+ pax_flags |= MF_PAX_PAGEEXEC;
29366+#endif
29367+
29368+#ifdef CONFIG_PAX_SEGMEXEC
29369+ if (!(elf_phdata->p_flags & PF_NOSEGMEXEC))
29370+ pax_flags |= MF_PAX_SEGMEXEC;
29371+#endif
29372+
29373+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
29374+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
29375+ if ((__supported_pte_mask & _PAGE_NX))
29376+ pax_flags &= ~MF_PAX_SEGMEXEC;
29377+ else
29378+ pax_flags &= ~MF_PAX_PAGEEXEC;
29379+ }
29380+#endif
29381+
29382+#ifdef CONFIG_PAX_EMUTRAMP
29383+ if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
29384+ pax_flags |= MF_PAX_EMUTRAMP;
29385+#endif
29386+
29387+#ifdef CONFIG_PAX_MPROTECT
29388+ if (!(elf_phdata->p_flags & PF_NOMPROTECT))
29389+ pax_flags |= MF_PAX_MPROTECT;
29390+#endif
29391+
29392+#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
29393+ if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP))
29394+ pax_flags |= MF_PAX_RANDMMAP;
29395+#endif
29396+
29397+ return pax_flags;
29398+}
29399+#endif
29400+
29401+#ifdef CONFIG_PAX_EI_PAX
29402+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
29403+{
29404+ unsigned long pax_flags = 0UL;
29405+
29406+#ifdef CONFIG_PAX_PAGEEXEC
29407+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
29408+ pax_flags |= MF_PAX_PAGEEXEC;
29409+#endif
29410+
29411+#ifdef CONFIG_PAX_SEGMEXEC
29412+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
29413+ pax_flags |= MF_PAX_SEGMEXEC;
29414+#endif
29415+
29416+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
29417+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
29418+ if ((__supported_pte_mask & _PAGE_NX))
29419+ pax_flags &= ~MF_PAX_SEGMEXEC;
29420+ else
29421+ pax_flags &= ~MF_PAX_PAGEEXEC;
29422+ }
29423+#endif
29424+
29425+#ifdef CONFIG_PAX_EMUTRAMP
29426+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
29427+ pax_flags |= MF_PAX_EMUTRAMP;
29428+#endif
29429+
29430+#ifdef CONFIG_PAX_MPROTECT
29431+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
29432+ pax_flags |= MF_PAX_MPROTECT;
29433+#endif
29434+
29435+#ifdef CONFIG_PAX_ASLR
29436+ if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
29437+ pax_flags |= MF_PAX_RANDMMAP;
29438+#endif
29439+
29440+ return pax_flags;
29441+}
29442+#endif
29443+
29444+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
29445+static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
29446+{
29447+ unsigned long pax_flags = 0UL;
29448+
29449+#ifdef CONFIG_PAX_PT_PAX_FLAGS
29450+ unsigned long i;
29451+#endif
29452+
29453+#ifdef CONFIG_PAX_EI_PAX
29454+ pax_flags = pax_parse_ei_pax(elf_ex);
29455+#endif
29456+
29457+#ifdef CONFIG_PAX_PT_PAX_FLAGS
29458+ for (i = 0UL; i < elf_ex->e_phnum; i++)
29459+ if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
29460+ if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
29461+ ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
29462+ ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
29463+ ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
29464+ ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
29465+ return -EINVAL;
29466+
29467+#ifdef CONFIG_PAX_SOFTMODE
29468+ if (pax_softmode)
29469+ pax_flags = pax_parse_softmode(&elf_phdata[i]);
29470+ else
29471+#endif
29472+
29473+ pax_flags = pax_parse_hardmode(&elf_phdata[i]);
29474+ break;
29475+ }
29476+#endif
29477+
29478+ if (0 > pax_check_flags(&pax_flags))
29479+ return -EINVAL;
29480+
29481+ current->mm->pax_flags = pax_flags;
29482+ return 0;
29483+}
29484+#endif
29485+
29486 /*
29487 * These are the functions used to load ELF style executables and shared
29488 * libraries. There is no binary dependent code anywhere else.
29489@@ -544,6 +735,11 @@ static unsigned long randomize_stack_top
29490 {
29491 unsigned int random_variable = 0;
29492
29493+#ifdef CONFIG_PAX_RANDUSTACK
29494+ if (randomize_va_space)
29495+ return stack_top - current->mm->delta_stack;
29496+#endif
29497+
29498 if ((current->flags & PF_RANDOMIZE) &&
29499 !(current->personality & ADDR_NO_RANDOMIZE)) {
29500 random_variable = get_random_int() & STACK_RND_MASK;
29501@@ -562,7 +758,7 @@ static int load_elf_binary(struct linux_
29502 unsigned long load_addr = 0, load_bias = 0;
29503 int load_addr_set = 0;
29504 char * elf_interpreter = NULL;
29505- unsigned long error;
29506+ unsigned long error = 0;
29507 struct elf_phdr *elf_ppnt, *elf_phdata;
29508 unsigned long elf_bss, elf_brk;
29509 int retval, i;
29510@@ -572,11 +768,11 @@ static int load_elf_binary(struct linux_
29511 unsigned long start_code, end_code, start_data, end_data;
29512 unsigned long reloc_func_desc = 0;
29513 int executable_stack = EXSTACK_DEFAULT;
29514- unsigned long def_flags = 0;
29515 struct {
29516 struct elfhdr elf_ex;
29517 struct elfhdr interp_elf_ex;
29518 } *loc;
29519+ unsigned long pax_task_size = TASK_SIZE;
29520
29521 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
29522 if (!loc) {
29523@@ -714,11 +910,80 @@ static int load_elf_binary(struct linux_
29524
29525 /* OK, This is the point of no return */
29526 current->flags &= ~PF_FORKNOEXEC;
29527- current->mm->def_flags = def_flags;
29528+
29529+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
29530+ current->mm->pax_flags = 0UL;
29531+#endif
29532+
29533+#ifdef CONFIG_PAX_DLRESOLVE
29534+ current->mm->call_dl_resolve = 0UL;
29535+#endif
29536+
29537+#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
29538+ current->mm->call_syscall = 0UL;
29539+#endif
29540+
29541+#ifdef CONFIG_PAX_ASLR
29542+ current->mm->delta_mmap = 0UL;
29543+ current->mm->delta_stack = 0UL;
29544+#endif
29545+
29546+ current->mm->def_flags = 0;
29547+
29548+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
29549+ if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
29550+ send_sig(SIGKILL, current, 0);
29551+ goto out_free_dentry;
29552+ }
29553+#endif
29554+
29555+#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
29556+ pax_set_initial_flags(bprm);
29557+#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
29558+ if (pax_set_initial_flags_func)
29559+ (pax_set_initial_flags_func)(bprm);
29560+#endif
29561+
29562+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
29563+ if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !(__supported_pte_mask & _PAGE_NX)) {
29564+ current->mm->context.user_cs_limit = PAGE_SIZE;
29565+ current->mm->def_flags |= VM_PAGEEXEC;
29566+ }
29567+#endif
29568+
29569+#ifdef CONFIG_PAX_SEGMEXEC
29570+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
29571+ current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE;
29572+ current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
29573+ pax_task_size = SEGMEXEC_TASK_SIZE;
29574+ }
29575+#endif
29576+
29577+#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
29578+ if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
29579+ set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
29580+ put_cpu();
29581+ }
29582+#endif
29583
29584 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
29585 may depend on the personality. */
29586 SET_PERSONALITY(loc->elf_ex);
29587+
29588+#ifdef CONFIG_PAX_ASLR
29589+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
29590+ current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
29591+ current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
29592+ }
29593+#endif
29594+
29595+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
29596+ if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
29597+ executable_stack = EXSTACK_DISABLE_X;
29598+ current->personality &= ~READ_IMPLIES_EXEC;
29599+ } else
29600+#endif
29601+
29602 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
29603 current->personality |= READ_IMPLIES_EXEC;
29604
29605@@ -800,6 +1065,20 @@ static int load_elf_binary(struct linux_
29606 #else
29607 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
29608 #endif
29609+
29610+#ifdef CONFIG_PAX_RANDMMAP
29611+ /* PaX: randomize base address at the default exe base if requested */
29612+ if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
29613+#ifdef CONFIG_SPARC64
29614+ load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
29615+#else
29616+ load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
29617+#endif
29618+ load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
29619+ elf_flags |= MAP_FIXED;
29620+ }
29621+#endif
29622+
29623 }
29624
29625 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
29626@@ -832,9 +1111,9 @@ static int load_elf_binary(struct linux_
29627 * allowed task size. Note that p_filesz must always be
29628 * <= p_memsz so it is only necessary to check p_memsz.
29629 */
29630- if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
29631- elf_ppnt->p_memsz > TASK_SIZE ||
29632- TASK_SIZE - elf_ppnt->p_memsz < k) {
29633+ if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
29634+ elf_ppnt->p_memsz > pax_task_size ||
29635+ pax_task_size - elf_ppnt->p_memsz < k) {
29636 /* set_brk can never work. Avoid overflows. */
29637 send_sig(SIGKILL, current, 0);
29638 retval = -EINVAL;
29639@@ -862,6 +1141,11 @@ static int load_elf_binary(struct linux_
29640 start_data += load_bias;
29641 end_data += load_bias;
29642
29643+#ifdef CONFIG_PAX_RANDMMAP
29644+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
29645+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
29646+#endif
29647+
29648 /* Calling set_brk effectively mmaps the pages that we need
29649 * for the bss and break sections. We must do this before
29650 * mapping in the interpreter, to make sure it doesn't wind
29651@@ -873,9 +1157,11 @@ static int load_elf_binary(struct linux_
29652 goto out_free_dentry;
29653 }
29654 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
29655- send_sig(SIGSEGV, current, 0);
29656- retval = -EFAULT; /* Nobody gets to see this, but.. */
29657- goto out_free_dentry;
29658+ /*
29659+ * This bss-zeroing can fail if the ELF
29660+ * file specifies odd protections. So
29661+ * we don't check the return value
29662+ */
29663 }
29664
29665 if (elf_interpreter) {
29666@@ -1086,7 +1372,7 @@ out:
29667 * Decide what to dump of a segment, part, all or none.
29668 */
29669 static unsigned long vma_dump_size(struct vm_area_struct *vma,
29670- unsigned long mm_flags)
29671+ unsigned long mm_flags, long signr)
29672 {
29673 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
29674
29675@@ -1120,7 +1406,7 @@ static unsigned long vma_dump_size(struc
29676 if (vma->vm_file == NULL)
29677 return 0;
29678
29679- if (FILTER(MAPPED_PRIVATE))
29680+ if (signr == SIGKILL || FILTER(MAPPED_PRIVATE))
29681 goto whole;
29682
29683 /*
29684@@ -1342,9 +1628,9 @@ static void fill_auxv_note(struct memelf
29685 {
29686 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
29687 int i = 0;
29688- do
29689+ do {
29690 i += 2;
29691- while (auxv[i - 2] != AT_NULL);
29692+ } while (auxv[i - 2] != AT_NULL);
29693 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
29694 }
29695
29696@@ -1850,14 +2136,14 @@ static void fill_extnum_info(struct elfh
29697 }
29698
29699 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
29700- unsigned long mm_flags)
29701+ struct coredump_params *cprm)
29702 {
29703 struct vm_area_struct *vma;
29704 size_t size = 0;
29705
29706 for (vma = first_vma(current, gate_vma); vma != NULL;
29707 vma = next_vma(vma, gate_vma))
29708- size += vma_dump_size(vma, mm_flags);
29709+ size += vma_dump_size(vma, cprm->mm_flags, cprm->signr);
29710 return size;
29711 }
29712
29713@@ -1951,7 +2237,7 @@ static int elf_core_dump(struct coredump
29714
29715 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
29716
29717- offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);
29718+ offset += elf_core_vma_data_size(gate_vma, cprm);
29719 offset += elf_core_extra_data_size();
29720 e_shoff = offset;
29721
29722@@ -1965,10 +2251,12 @@ static int elf_core_dump(struct coredump
29723 offset = dataoff;
29724
29725 size += sizeof(*elf);
29726+ gr_learn_resource(current, RLIMIT_CORE, size, 1);
29727 if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
29728 goto end_coredump;
29729
29730 size += sizeof(*phdr4note);
29731+ gr_learn_resource(current, RLIMIT_CORE, size, 1);
29732 if (size > cprm->limit
29733 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
29734 goto end_coredump;
29735@@ -1982,7 +2270,7 @@ static int elf_core_dump(struct coredump
29736 phdr.p_offset = offset;
29737 phdr.p_vaddr = vma->vm_start;
29738 phdr.p_paddr = 0;
29739- phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);
29740+ phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags, cprm->signr);
29741 phdr.p_memsz = vma->vm_end - vma->vm_start;
29742 offset += phdr.p_filesz;
29743 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
29744@@ -1993,6 +2281,7 @@ static int elf_core_dump(struct coredump
29745 phdr.p_align = ELF_EXEC_PAGESIZE;
29746
29747 size += sizeof(phdr);
29748+ gr_learn_resource(current, RLIMIT_CORE, size, 1);
29749 if (size > cprm->limit
29750 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
29751 goto end_coredump;
29752@@ -2017,7 +2306,7 @@ static int elf_core_dump(struct coredump
29753 unsigned long addr;
29754 unsigned long end;
29755
29756- end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);
29757+ end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags, cprm->signr);
29758
29759 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
29760 struct page *page;
29761@@ -2026,6 +2315,7 @@ static int elf_core_dump(struct coredump
29762 page = get_dump_page(addr);
29763 if (page) {
29764 void *kaddr = kmap(page);
29765+ gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1);
29766 stop = ((size += PAGE_SIZE) > cprm->limit) ||
29767 !dump_write(cprm->file, kaddr,
29768 PAGE_SIZE);
29769@@ -2043,6 +2333,7 @@ static int elf_core_dump(struct coredump
29770
29771 if (e_phnum == PN_XNUM) {
29772 size += sizeof(*shdr4extnum);
29773+ gr_learn_resource(current, RLIMIT_CORE, size, 1);
29774 if (size > cprm->limit
29775 || !dump_write(cprm->file, shdr4extnum,
29776 sizeof(*shdr4extnum)))
29777@@ -2063,6 +2354,97 @@ out:
29778
29779 #endif /* CONFIG_ELF_CORE */
29780
29781+#ifdef CONFIG_PAX_MPROTECT
29782+/* PaX: non-PIC ELF libraries need relocations on their executable segments
29783+ * therefore we'll grant them VM_MAYWRITE once during their life. Similarly
29784+ * we'll remove VM_MAYWRITE for good on RELRO segments.
29785+ *
29786+ * The checks favour ld-linux.so behaviour which operates on a per ELF segment
29787+ * basis because we want to allow the common case and not the special ones.
29788+ */
29789+static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags)
29790+{
29791+ struct elfhdr elf_h;
29792+ struct elf_phdr elf_p;
29793+ unsigned long i;
29794+ unsigned long oldflags;
29795+ bool is_textrel_rw, is_textrel_rx, is_relro;
29796+
29797+ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT))
29798+ return;
29799+
29800+ oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
29801+ newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ;
29802+
29803+#ifdef CONFIG_PAX_ELFRELOCS
29804+ /* possible TEXTREL */
29805+ is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
29806+ is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
29807+#else
29808+ is_textrel_rw = false;
29809+ is_textrel_rx = false;
29810+#endif
29811+
29812+ /* possible RELRO */
29813+ is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
29814+
29815+ if (!is_textrel_rw && !is_textrel_rx && !is_relro)
29816+ return;
29817+
29818+ if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
29819+ memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
29820+
29821+#ifdef CONFIG_PAX_ETEXECRELOCS
29822+ ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
29823+#else
29824+ ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) ||
29825+#endif
29826+
29827+ (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
29828+ !elf_check_arch(&elf_h) ||
29829+ elf_h.e_phentsize != sizeof(struct elf_phdr) ||
29830+ elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
29831+ return;
29832+
29833+ for (i = 0UL; i < elf_h.e_phnum; i++) {
29834+ if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
29835+ return;
29836+ switch (elf_p.p_type) {
29837+ case PT_DYNAMIC:
29838+ if (!is_textrel_rw && !is_textrel_rx)
29839+ continue;
29840+ i = 0UL;
29841+ while ((i+1) * sizeof(elf_dyn) <= elf_p.p_filesz) {
29842+ elf_dyn dyn;
29843+
29844+ if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
29845+ return;
29846+ if (dyn.d_tag == DT_NULL)
29847+ return;
29848+ if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
29849+ gr_log_textrel(vma);
29850+ if (is_textrel_rw)
29851+ vma->vm_flags |= VM_MAYWRITE;
29852+ else
29853+ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
29854+ vma->vm_flags &= ~VM_MAYWRITE;
29855+ return;
29856+ }
29857+ i++;
29858+ }
29859+ return;
29860+
29861+ case PT_GNU_RELRO:
29862+ if (!is_relro)
29863+ continue;
29864+ if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start)
29865+ vma->vm_flags &= ~VM_MAYWRITE;
29866+ return;
29867+ }
29868+ }
29869+}
29870+#endif
29871+
29872 static int __init init_elf_binfmt(void)
29873 {
29874 return register_binfmt(&elf_format);
29875diff -urNp linux-2.6.38.2/fs/binfmt_flat.c linux-2.6.38.2/fs/binfmt_flat.c
29876--- linux-2.6.38.2/fs/binfmt_flat.c 2011-03-14 21:20:32.000000000 -0400
29877+++ linux-2.6.38.2/fs/binfmt_flat.c 2011-03-21 18:31:35.000000000 -0400
29878@@ -567,7 +567,9 @@ static int load_flat_file(struct linux_b
29879 realdatastart = (unsigned long) -ENOMEM;
29880 printk("Unable to allocate RAM for process data, errno %d\n",
29881 (int)-realdatastart);
29882+ down_write(&current->mm->mmap_sem);
29883 do_munmap(current->mm, textpos, text_len);
29884+ up_write(&current->mm->mmap_sem);
29885 ret = realdatastart;
29886 goto err;
29887 }
29888@@ -591,8 +593,10 @@ static int load_flat_file(struct linux_b
29889 }
29890 if (IS_ERR_VALUE(result)) {
29891 printk("Unable to read data+bss, errno %d\n", (int)-result);
29892+ down_write(&current->mm->mmap_sem);
29893 do_munmap(current->mm, textpos, text_len);
29894 do_munmap(current->mm, realdatastart, len);
29895+ up_write(&current->mm->mmap_sem);
29896 ret = result;
29897 goto err;
29898 }
29899@@ -661,8 +665,10 @@ static int load_flat_file(struct linux_b
29900 }
29901 if (IS_ERR_VALUE(result)) {
29902 printk("Unable to read code+data+bss, errno %d\n",(int)-result);
29903+ down_write(&current->mm->mmap_sem);
29904 do_munmap(current->mm, textpos, text_len + data_len + extra +
29905 MAX_SHARED_LIBS * sizeof(unsigned long));
29906+ up_write(&current->mm->mmap_sem);
29907 ret = result;
29908 goto err;
29909 }
29910diff -urNp linux-2.6.38.2/fs/binfmt_misc.c linux-2.6.38.2/fs/binfmt_misc.c
29911--- linux-2.6.38.2/fs/binfmt_misc.c 2011-03-14 21:20:32.000000000 -0400
29912+++ linux-2.6.38.2/fs/binfmt_misc.c 2011-03-21 18:31:35.000000000 -0400
29913@@ -698,7 +698,7 @@ static int bm_fill_super(struct super_bl
29914 static struct tree_descr bm_files[] = {
29915 [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO},
29916 [3] = {"register", &bm_register_operations, S_IWUSR},
29917- /* last one */ {""}
29918+ /* last one */ {"", NULL, 0}
29919 };
29920 int err = simple_fill_super(sb, 0x42494e4d, bm_files);
29921 if (!err)
29922diff -urNp linux-2.6.38.2/fs/bio.c linux-2.6.38.2/fs/bio.c
29923--- linux-2.6.38.2/fs/bio.c 2011-03-14 21:20:32.000000000 -0400
29924+++ linux-2.6.38.2/fs/bio.c 2011-03-21 18:31:35.000000000 -0400
29925@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct b
29926 const int read = bio_data_dir(bio) == READ;
29927 struct bio_map_data *bmd = bio->bi_private;
29928 int i;
29929- char *p = bmd->sgvecs[0].iov_base;
29930+ char *p = (__force char *)bmd->sgvecs[0].iov_base;
29931
29932 __bio_for_each_segment(bvec, bio, i, 0) {
29933 char *addr = page_address(bvec->bv_page);
29934diff -urNp linux-2.6.38.2/fs/block_dev.c linux-2.6.38.2/fs/block_dev.c
29935--- linux-2.6.38.2/fs/block_dev.c 2011-03-14 21:20:32.000000000 -0400
29936+++ linux-2.6.38.2/fs/block_dev.c 2011-03-21 18:31:35.000000000 -0400
29937@@ -669,7 +669,7 @@ static bool bd_may_claim(struct block_de
29938 else if (bdev->bd_contains == bdev)
29939 return true; /* is a whole device which isn't held */
29940
29941- else if (whole->bd_holder == bd_may_claim)
29942+ else if (whole->bd_holder == (void *)bd_may_claim)
29943 return true; /* is a partition of a device that is being partitioned */
29944 else if (whole->bd_holder != NULL)
29945 return false; /* is a partition of a held device */
29946diff -urNp linux-2.6.38.2/fs/btrfs/ctree.c linux-2.6.38.2/fs/btrfs/ctree.c
29947--- linux-2.6.38.2/fs/btrfs/ctree.c 2011-03-14 21:20:32.000000000 -0400
29948+++ linux-2.6.38.2/fs/btrfs/ctree.c 2011-03-21 18:31:35.000000000 -0400
29949@@ -468,9 +468,12 @@ static noinline int __btrfs_cow_block(st
29950 free_extent_buffer(buf);
29951 add_root_to_dirty_list(root);
29952 } else {
29953- if (root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID)
29954- parent_start = parent->start;
29955- else
29956+ if (root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID) {
29957+ if (parent)
29958+ parent_start = parent->start;
29959+ else
29960+ parent_start = 0;
29961+ } else
29962 parent_start = 0;
29963
29964 WARN_ON(trans->transid != btrfs_header_generation(parent));
29965@@ -3776,7 +3779,6 @@ setup_items_for_insert(struct btrfs_tran
29966
29967 ret = 0;
29968 if (slot == 0) {
29969- struct btrfs_disk_key disk_key;
29970 btrfs_cpu_key_to_disk(&disk_key, cpu_key);
29971 ret = fixup_low_keys(trans, root, path, &disk_key, 1);
29972 }
29973diff -urNp linux-2.6.38.2/fs/btrfs/disk-io.c linux-2.6.38.2/fs/btrfs/disk-io.c
29974--- linux-2.6.38.2/fs/btrfs/disk-io.c 2011-03-14 21:20:32.000000000 -0400
29975+++ linux-2.6.38.2/fs/btrfs/disk-io.c 2011-03-21 18:31:35.000000000 -0400
29976@@ -41,7 +41,7 @@
29977 #include "tree-log.h"
29978 #include "free-space-cache.h"
29979
29980-static struct extent_io_ops btree_extent_io_ops;
29981+static const struct extent_io_ops btree_extent_io_ops;
29982 static void end_workqueue_fn(struct btrfs_work *work);
29983 static void free_fs_root(struct btrfs_root *root);
29984 static void btrfs_check_super_valid(struct btrfs_fs_info *fs_info,
29985@@ -3028,7 +3028,7 @@ static int btrfs_cleanup_transaction(str
29986 return 0;
29987 }
29988
29989-static struct extent_io_ops btree_extent_io_ops = {
29990+static const struct extent_io_ops btree_extent_io_ops = {
29991 .write_cache_pages_lock_hook = btree_lock_page_hook,
29992 .readpage_end_io_hook = btree_readpage_end_io_hook,
29993 .submit_bio_hook = btree_submit_bio_hook,
29994diff -urNp linux-2.6.38.2/fs/btrfs/extent_io.h linux-2.6.38.2/fs/btrfs/extent_io.h
29995--- linux-2.6.38.2/fs/btrfs/extent_io.h 2011-03-14 21:20:32.000000000 -0400
29996+++ linux-2.6.38.2/fs/btrfs/extent_io.h 2011-03-21 18:31:35.000000000 -0400
29997@@ -55,36 +55,36 @@ typedef int (extent_submit_bio_hook_t)(s
29998 struct bio *bio, int mirror_num,
29999 unsigned long bio_flags, u64 bio_offset);
30000 struct extent_io_ops {
30001- int (*fill_delalloc)(struct inode *inode, struct page *locked_page,
30002+ int (* const fill_delalloc)(struct inode *inode, struct page *locked_page,
30003 u64 start, u64 end, int *page_started,
30004 unsigned long *nr_written);
30005- int (*writepage_start_hook)(struct page *page, u64 start, u64 end);
30006- int (*writepage_io_hook)(struct page *page, u64 start, u64 end);
30007+ int (* const writepage_start_hook)(struct page *page, u64 start, u64 end);
30008+ int (* const writepage_io_hook)(struct page *page, u64 start, u64 end);
30009 extent_submit_bio_hook_t *submit_bio_hook;
30010- int (*merge_bio_hook)(struct page *page, unsigned long offset,
30011+ int (* const merge_bio_hook)(struct page *page, unsigned long offset,
30012 size_t size, struct bio *bio,
30013 unsigned long bio_flags);
30014- int (*readpage_io_hook)(struct page *page, u64 start, u64 end);
30015- int (*readpage_io_failed_hook)(struct bio *bio, struct page *page,
30016+ int (* const readpage_io_hook)(struct page *page, u64 start, u64 end);
30017+ int (* const readpage_io_failed_hook)(struct bio *bio, struct page *page,
30018 u64 start, u64 end,
30019 struct extent_state *state);
30020- int (*writepage_io_failed_hook)(struct bio *bio, struct page *page,
30021+ int (* const writepage_io_failed_hook)(struct bio *bio, struct page *page,
30022 u64 start, u64 end,
30023 struct extent_state *state);
30024- int (*readpage_end_io_hook)(struct page *page, u64 start, u64 end,
30025+ int (* const readpage_end_io_hook)(struct page *page, u64 start, u64 end,
30026 struct extent_state *state);
30027- int (*writepage_end_io_hook)(struct page *page, u64 start, u64 end,
30028+ int (* const writepage_end_io_hook)(struct page *page, u64 start, u64 end,
30029 struct extent_state *state, int uptodate);
30030- int (*set_bit_hook)(struct inode *inode, struct extent_state *state,
30031+ int (* const set_bit_hook)(struct inode *inode, struct extent_state *state,
30032 int *bits);
30033- int (*clear_bit_hook)(struct inode *inode, struct extent_state *state,
30034+ int (* const clear_bit_hook)(struct inode *inode, struct extent_state *state,
30035 int *bits);
30036- int (*merge_extent_hook)(struct inode *inode,
30037+ int (* const merge_extent_hook)(struct inode *inode,
30038 struct extent_state *new,
30039 struct extent_state *other);
30040- int (*split_extent_hook)(struct inode *inode,
30041+ int (* const split_extent_hook)(struct inode *inode,
30042 struct extent_state *orig, u64 split);
30043- int (*write_cache_pages_lock_hook)(struct page *page);
30044+ int (* const write_cache_pages_lock_hook)(struct page *page);
30045 };
30046
30047 struct extent_io_tree {
30048@@ -94,7 +94,7 @@ struct extent_io_tree {
30049 u64 dirty_bytes;
30050 spinlock_t lock;
30051 spinlock_t buffer_lock;
30052- struct extent_io_ops *ops;
30053+ const struct extent_io_ops *ops;
30054 };
30055
30056 struct extent_state {
30057diff -urNp linux-2.6.38.2/fs/btrfs/free-space-cache.c linux-2.6.38.2/fs/btrfs/free-space-cache.c
30058--- linux-2.6.38.2/fs/btrfs/free-space-cache.c 2011-03-14 21:20:32.000000000 -0400
30059+++ linux-2.6.38.2/fs/btrfs/free-space-cache.c 2011-03-21 18:31:35.000000000 -0400
30060@@ -1855,8 +1855,6 @@ u64 btrfs_alloc_from_cluster(struct btrf
30061
30062 while(1) {
30063 if (entry->bytes < bytes || entry->offset < min_start) {
30064- struct rb_node *node;
30065-
30066 node = rb_next(&entry->offset_index);
30067 if (!node)
30068 break;
30069@@ -2018,7 +2016,7 @@ again:
30070 */
30071 while (entry->bitmap || found_bitmap ||
30072 (!entry->bitmap && entry->bytes < min_bytes)) {
30073- struct rb_node *node = rb_next(&entry->offset_index);
30074+ node = rb_next(&entry->offset_index);
30075
30076 if (entry->bitmap && entry->bytes > bytes + empty_size) {
30077 ret = btrfs_bitmap_cluster(block_group, entry, cluster,
30078diff -urNp linux-2.6.38.2/fs/btrfs/inode.c linux-2.6.38.2/fs/btrfs/inode.c
30079--- linux-2.6.38.2/fs/btrfs/inode.c 2011-03-14 21:20:32.000000000 -0400
30080+++ linux-2.6.38.2/fs/btrfs/inode.c 2011-03-24 23:08:20.000000000 -0400
30081@@ -64,7 +64,7 @@ static const struct inode_operations btr
30082 static const struct address_space_operations btrfs_aops;
30083 static const struct address_space_operations btrfs_symlink_aops;
30084 static const struct file_operations btrfs_dir_file_operations;
30085-static struct extent_io_ops btrfs_extent_io_ops;
30086+static const struct extent_io_ops btrfs_extent_io_ops;
30087
30088 static struct kmem_cache *btrfs_inode_cachep;
30089 struct kmem_cache *btrfs_trans_handle_cachep;
30090@@ -6796,7 +6796,7 @@ fail:
30091 return -ENOMEM;
30092 }
30093
30094-static int btrfs_getattr(struct vfsmount *mnt,
30095+int btrfs_getattr(struct vfsmount *mnt,
30096 struct dentry *dentry, struct kstat *stat)
30097 {
30098 struct inode *inode = dentry->d_inode;
30099@@ -6808,6 +6808,14 @@ static int btrfs_getattr(struct vfsmount
30100 return 0;
30101 }
30102
30103+EXPORT_SYMBOL(btrfs_getattr);
30104+
30105+dev_t get_btrfs_dev_from_inode(struct inode *inode)
30106+{
30107+ return BTRFS_I(inode)->root->anon_super.s_dev;
30108+}
30109+EXPORT_SYMBOL(get_btrfs_dev_from_inode);
30110+
30111 static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry,
30112 struct inode *new_dir, struct dentry *new_dentry)
30113 {
30114@@ -7311,7 +7319,7 @@ static const struct file_operations btrf
30115 .fsync = btrfs_sync_file,
30116 };
30117
30118-static struct extent_io_ops btrfs_extent_io_ops = {
30119+static const struct extent_io_ops btrfs_extent_io_ops = {
30120 .fill_delalloc = run_delalloc_range,
30121 .submit_bio_hook = btrfs_submit_bio_hook,
30122 .merge_bio_hook = btrfs_merge_bio_hook,
30123diff -urNp linux-2.6.38.2/fs/btrfs/ioctl.c linux-2.6.38.2/fs/btrfs/ioctl.c
30124--- linux-2.6.38.2/fs/btrfs/ioctl.c 2011-03-14 21:20:32.000000000 -0400
30125+++ linux-2.6.38.2/fs/btrfs/ioctl.c 2011-03-21 18:31:35.000000000 -0400
30126@@ -2270,9 +2270,12 @@ long btrfs_ioctl_space_info(struct btrfs
30127 for (i = 0; i < num_types; i++) {
30128 struct btrfs_space_info *tmp;
30129
30130+ /* Don't copy in more than we allocated */
30131 if (!slot_count)
30132 break;
30133
30134+ slot_count--;
30135+
30136 info = NULL;
30137 rcu_read_lock();
30138 list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
30139@@ -2294,10 +2297,7 @@ long btrfs_ioctl_space_info(struct btrfs
30140 memcpy(dest, &space, sizeof(space));
30141 dest++;
30142 space_args.total_spaces++;
30143- slot_count--;
30144 }
30145- if (!slot_count)
30146- break;
30147 }
30148 up_read(&info->groups_sem);
30149 }
30150diff -urNp linux-2.6.38.2/fs/btrfs/relocation.c linux-2.6.38.2/fs/btrfs/relocation.c
30151--- linux-2.6.38.2/fs/btrfs/relocation.c 2011-03-14 21:20:32.000000000 -0400
30152+++ linux-2.6.38.2/fs/btrfs/relocation.c 2011-03-21 18:31:35.000000000 -0400
30153@@ -1239,7 +1239,7 @@ static int __update_reloc_root(struct bt
30154 }
30155 spin_unlock(&rc->reloc_root_tree.lock);
30156
30157- BUG_ON((struct btrfs_root *)node->data != root);
30158+ BUG_ON(!node || (struct btrfs_root *)node->data != root);
30159
30160 if (!del) {
30161 spin_lock(&rc->reloc_root_tree.lock);
30162diff -urNp linux-2.6.38.2/fs/cachefiles/bind.c linux-2.6.38.2/fs/cachefiles/bind.c
30163--- linux-2.6.38.2/fs/cachefiles/bind.c 2011-03-14 21:20:32.000000000 -0400
30164+++ linux-2.6.38.2/fs/cachefiles/bind.c 2011-03-21 18:31:35.000000000 -0400
30165@@ -39,13 +39,11 @@ int cachefiles_daemon_bind(struct cachef
30166 args);
30167
30168 /* start by checking things over */
30169- ASSERT(cache->fstop_percent >= 0 &&
30170- cache->fstop_percent < cache->fcull_percent &&
30171+ ASSERT(cache->fstop_percent < cache->fcull_percent &&
30172 cache->fcull_percent < cache->frun_percent &&
30173 cache->frun_percent < 100);
30174
30175- ASSERT(cache->bstop_percent >= 0 &&
30176- cache->bstop_percent < cache->bcull_percent &&
30177+ ASSERT(cache->bstop_percent < cache->bcull_percent &&
30178 cache->bcull_percent < cache->brun_percent &&
30179 cache->brun_percent < 100);
30180
30181diff -urNp linux-2.6.38.2/fs/cachefiles/daemon.c linux-2.6.38.2/fs/cachefiles/daemon.c
30182--- linux-2.6.38.2/fs/cachefiles/daemon.c 2011-03-14 21:20:32.000000000 -0400
30183+++ linux-2.6.38.2/fs/cachefiles/daemon.c 2011-03-21 18:31:35.000000000 -0400
30184@@ -196,7 +196,7 @@ static ssize_t cachefiles_daemon_read(st
30185 if (n > buflen)
30186 return -EMSGSIZE;
30187
30188- if (copy_to_user(_buffer, buffer, n) != 0)
30189+ if (n > sizeof(buffer) || copy_to_user(_buffer, buffer, n) != 0)
30190 return -EFAULT;
30191
30192 return n;
30193@@ -222,7 +222,7 @@ static ssize_t cachefiles_daemon_write(s
30194 if (test_bit(CACHEFILES_DEAD, &cache->flags))
30195 return -EIO;
30196
30197- if (datalen < 0 || datalen > PAGE_SIZE - 1)
30198+ if (datalen > PAGE_SIZE - 1)
30199 return -EOPNOTSUPP;
30200
30201 /* drag the command string into the kernel so we can parse it */
30202@@ -386,7 +386,7 @@ static int cachefiles_daemon_fstop(struc
30203 if (args[0] != '%' || args[1] != '\0')
30204 return -EINVAL;
30205
30206- if (fstop < 0 || fstop >= cache->fcull_percent)
30207+ if (fstop >= cache->fcull_percent)
30208 return cachefiles_daemon_range_error(cache, args);
30209
30210 cache->fstop_percent = fstop;
30211@@ -458,7 +458,7 @@ static int cachefiles_daemon_bstop(struc
30212 if (args[0] != '%' || args[1] != '\0')
30213 return -EINVAL;
30214
30215- if (bstop < 0 || bstop >= cache->bcull_percent)
30216+ if (bstop >= cache->bcull_percent)
30217 return cachefiles_daemon_range_error(cache, args);
30218
30219 cache->bstop_percent = bstop;
30220diff -urNp linux-2.6.38.2/fs/cachefiles/rdwr.c linux-2.6.38.2/fs/cachefiles/rdwr.c
30221--- linux-2.6.38.2/fs/cachefiles/rdwr.c 2011-03-14 21:20:32.000000000 -0400
30222+++ linux-2.6.38.2/fs/cachefiles/rdwr.c 2011-03-21 18:31:35.000000000 -0400
30223@@ -945,7 +945,7 @@ int cachefiles_write_page(struct fscache
30224 old_fs = get_fs();
30225 set_fs(KERNEL_DS);
30226 ret = file->f_op->write(
30227- file, (const void __user *) data, len, &pos);
30228+ file, (__force const void __user *) data, len, &pos);
30229 set_fs(old_fs);
30230 kunmap(page);
30231 if (ret != len)
30232diff -urNp linux-2.6.38.2/fs/ceph/dir.c linux-2.6.38.2/fs/ceph/dir.c
30233--- linux-2.6.38.2/fs/ceph/dir.c 2011-03-14 21:20:32.000000000 -0400
30234+++ linux-2.6.38.2/fs/ceph/dir.c 2011-03-21 18:31:35.000000000 -0400
30235@@ -226,7 +226,7 @@ static int ceph_readdir(struct file *fil
30236 struct ceph_fs_client *fsc = ceph_inode_to_client(inode);
30237 struct ceph_mds_client *mdsc = fsc->mdsc;
30238 unsigned frag = fpos_frag(filp->f_pos);
30239- int off = fpos_off(filp->f_pos);
30240+ unsigned int off = fpos_off(filp->f_pos);
30241 int err;
30242 u32 ftype;
30243 struct ceph_mds_reply_info_parsed *rinfo;
30244@@ -358,7 +358,7 @@ more:
30245 rinfo = &fi->last_readdir->r_reply_info;
30246 dout("readdir frag %x num %d off %d chunkoff %d\n", frag,
30247 rinfo->dir_nr, off, fi->offset);
30248- while (off - fi->offset >= 0 && off - fi->offset < rinfo->dir_nr) {
30249+ while (off >= fi->offset && off - fi->offset < rinfo->dir_nr) {
30250 u64 pos = ceph_make_fpos(frag, off);
30251 struct ceph_mds_reply_inode *in =
30252 rinfo->dir_in[off - fi->offset].in;
30253diff -urNp linux-2.6.38.2/fs/cifs/cifs_uniupr.h linux-2.6.38.2/fs/cifs/cifs_uniupr.h
30254--- linux-2.6.38.2/fs/cifs/cifs_uniupr.h 2011-03-14 21:20:32.000000000 -0400
30255+++ linux-2.6.38.2/fs/cifs/cifs_uniupr.h 2011-03-21 18:31:35.000000000 -0400
30256@@ -132,7 +132,7 @@ const struct UniCaseRange CifsUniUpperRa
30257 {0x0490, 0x04cc, UniCaseRangeU0490},
30258 {0x1e00, 0x1ffc, UniCaseRangeU1e00},
30259 {0xff40, 0xff5a, UniCaseRangeUff40},
30260- {0}
30261+ {0, 0, NULL}
30262 };
30263 #endif
30264
30265diff -urNp linux-2.6.38.2/fs/cifs/link.c linux-2.6.38.2/fs/cifs/link.c
30266--- linux-2.6.38.2/fs/cifs/link.c 2011-03-14 21:20:32.000000000 -0400
30267+++ linux-2.6.38.2/fs/cifs/link.c 2011-03-21 18:31:35.000000000 -0400
30268@@ -577,7 +577,7 @@ symlink_exit:
30269
30270 void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
30271 {
30272- char *p = nd_get_link(nd);
30273+ const char *p = nd_get_link(nd);
30274 if (!IS_ERR(p))
30275 kfree(p);
30276 }
30277diff -urNp linux-2.6.38.2/fs/compat_binfmt_elf.c linux-2.6.38.2/fs/compat_binfmt_elf.c
30278--- linux-2.6.38.2/fs/compat_binfmt_elf.c 2011-03-14 21:20:32.000000000 -0400
30279+++ linux-2.6.38.2/fs/compat_binfmt_elf.c 2011-03-21 18:31:35.000000000 -0400
30280@@ -30,11 +30,13 @@
30281 #undef elf_phdr
30282 #undef elf_shdr
30283 #undef elf_note
30284+#undef elf_dyn
30285 #undef elf_addr_t
30286 #define elfhdr elf32_hdr
30287 #define elf_phdr elf32_phdr
30288 #define elf_shdr elf32_shdr
30289 #define elf_note elf32_note
30290+#define elf_dyn Elf32_Dyn
30291 #define elf_addr_t Elf32_Addr
30292
30293 /*
30294diff -urNp linux-2.6.38.2/fs/compat.c linux-2.6.38.2/fs/compat.c
30295--- linux-2.6.38.2/fs/compat.c 2011-03-14 21:20:32.000000000 -0400
30296+++ linux-2.6.38.2/fs/compat.c 2011-03-21 18:31:35.000000000 -0400
30297@@ -594,7 +594,7 @@ ssize_t compat_rw_copy_check_uvector(int
30298 goto out;
30299
30300 ret = -EINVAL;
30301- if (nr_segs > UIO_MAXIOV || nr_segs < 0)
30302+ if (nr_segs > UIO_MAXIOV)
30303 goto out;
30304 if (nr_segs > fast_segs) {
30305 ret = -ENOMEM;
30306@@ -876,6 +876,7 @@ struct compat_old_linux_dirent {
30307
30308 struct compat_readdir_callback {
30309 struct compat_old_linux_dirent __user *dirent;
30310+ struct file * file;
30311 int result;
30312 };
30313
30314@@ -893,6 +894,10 @@ static int compat_fillonedir(void *__buf
30315 buf->result = -EOVERFLOW;
30316 return -EOVERFLOW;
30317 }
30318+
30319+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
30320+ return 0;
30321+
30322 buf->result++;
30323 dirent = buf->dirent;
30324 if (!access_ok(VERIFY_WRITE, dirent,
30325@@ -925,6 +930,7 @@ asmlinkage long compat_sys_old_readdir(u
30326
30327 buf.result = 0;
30328 buf.dirent = dirent;
30329+ buf.file = file;
30330
30331 error = vfs_readdir(file, compat_fillonedir, &buf);
30332 if (buf.result)
30333@@ -945,6 +951,7 @@ struct compat_linux_dirent {
30334 struct compat_getdents_callback {
30335 struct compat_linux_dirent __user *current_dir;
30336 struct compat_linux_dirent __user *previous;
30337+ struct file * file;
30338 int count;
30339 int error;
30340 };
30341@@ -966,6 +973,10 @@ static int compat_filldir(void *__buf, c
30342 buf->error = -EOVERFLOW;
30343 return -EOVERFLOW;
30344 }
30345+
30346+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
30347+ return 0;
30348+
30349 dirent = buf->previous;
30350 if (dirent) {
30351 if (__put_user(offset, &dirent->d_off))
30352@@ -1013,6 +1024,7 @@ asmlinkage long compat_sys_getdents(unsi
30353 buf.previous = NULL;
30354 buf.count = count;
30355 buf.error = 0;
30356+ buf.file = file;
30357
30358 error = vfs_readdir(file, compat_filldir, &buf);
30359 if (error >= 0)
30360@@ -1034,6 +1046,7 @@ out:
30361 struct compat_getdents_callback64 {
30362 struct linux_dirent64 __user *current_dir;
30363 struct linux_dirent64 __user *previous;
30364+ struct file * file;
30365 int count;
30366 int error;
30367 };
30368@@ -1050,6 +1063,10 @@ static int compat_filldir64(void * __buf
30369 buf->error = -EINVAL; /* only used if we fail.. */
30370 if (reclen > buf->count)
30371 return -EINVAL;
30372+
30373+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
30374+ return 0;
30375+
30376 dirent = buf->previous;
30377
30378 if (dirent) {
30379@@ -1101,6 +1118,7 @@ asmlinkage long compat_sys_getdents64(un
30380 buf.previous = NULL;
30381 buf.count = count;
30382 buf.error = 0;
30383+ buf.file = file;
30384
30385 error = vfs_readdir(file, compat_filldir64, &buf);
30386 if (error >= 0)
30387@@ -1423,6 +1441,7 @@ static int compat_copy_strings(int argc,
30388
30389 page = get_arg_page(bprm, pos, 1);
30390 if (!page) {
30391+ /* We've exceed the stack rlimit. */
30392 ret = -E2BIG;
30393 goto out;
30394 }
30395@@ -1464,6 +1483,11 @@ int compat_do_execve(char * filename,
30396 compat_uptr_t __user *envp,
30397 struct pt_regs * regs)
30398 {
30399+#ifdef CONFIG_GRKERNSEC
30400+ struct file *old_exec_file;
30401+ struct acl_subject_label *old_acl;
30402+ struct rlimit old_rlim[RLIM_NLIMITS];
30403+#endif
30404 struct linux_binprm *bprm;
30405 struct file *file;
30406 struct files_struct *displaced;
30407@@ -1500,6 +1524,14 @@ int compat_do_execve(char * filename,
30408 bprm->filename = filename;
30409 bprm->interp = filename;
30410
30411+ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
30412+ retval = -EAGAIN;
30413+ if (gr_handle_nproc())
30414+ goto out_file;
30415+ retval = -EACCES;
30416+ if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt))
30417+ goto out_file;
30418+
30419 retval = bprm_mm_init(bprm);
30420 if (retval)
30421 goto out_file;
30422@@ -1529,9 +1561,40 @@ int compat_do_execve(char * filename,
30423 if (retval < 0)
30424 goto out;
30425
30426+ if (!gr_tpe_allow(file)) {
30427+ retval = -EACCES;
30428+ goto out;
30429+ }
30430+
30431+ if (gr_check_crash_exec(file)) {
30432+ retval = -EACCES;
30433+ goto out;
30434+ }
30435+
30436+ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
30437+
30438+ gr_handle_exec_args_compat(bprm, argv);
30439+
30440+#ifdef CONFIG_GRKERNSEC
30441+ old_acl = current->acl;
30442+ memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
30443+ old_exec_file = current->exec_file;
30444+ get_file(file);
30445+ current->exec_file = file;
30446+#endif
30447+
30448+ retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
30449+ bprm->unsafe & LSM_UNSAFE_SHARE);
30450+ if (retval < 0)
30451+ goto out_fail;
30452+
30453 retval = search_binary_handler(bprm, regs);
30454 if (retval < 0)
30455- goto out;
30456+ goto out_fail;
30457+#ifdef CONFIG_GRKERNSEC
30458+ if (old_exec_file)
30459+ fput(old_exec_file);
30460+#endif
30461
30462 /* execve succeeded */
30463 current->fs->in_exec = 0;
30464@@ -1542,6 +1605,14 @@ int compat_do_execve(char * filename,
30465 put_files_struct(displaced);
30466 return retval;
30467
30468+out_fail:
30469+#ifdef CONFIG_GRKERNSEC
30470+ current->acl = old_acl;
30471+ memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
30472+ fput(current->exec_file);
30473+ current->exec_file = old_exec_file;
30474+#endif
30475+
30476 out:
30477 if (bprm->mm) {
30478 acct_arg_size(bprm, 0);
30479diff -urNp linux-2.6.38.2/fs/compat_ioctl.c linux-2.6.38.2/fs/compat_ioctl.c
30480--- linux-2.6.38.2/fs/compat_ioctl.c 2011-03-14 21:20:32.000000000 -0400
30481+++ linux-2.6.38.2/fs/compat_ioctl.c 2011-03-21 18:31:35.000000000 -0400
30482@@ -208,6 +208,8 @@ static int do_video_set_spu_palette(unsi
30483
30484 err = get_user(palp, &up->palette);
30485 err |= get_user(length, &up->length);
30486+ if (err)
30487+ return -EFAULT;
30488
30489 up_native = compat_alloc_user_space(sizeof(struct video_spu_palette));
30490 err = put_user(compat_ptr(palp), &up_native->palette);
30491@@ -1638,8 +1640,8 @@ asmlinkage long compat_sys_ioctl(unsigne
30492 static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
30493 {
30494 unsigned int a, b;
30495- a = *(unsigned int *)p;
30496- b = *(unsigned int *)q;
30497+ a = *(const unsigned int *)p;
30498+ b = *(const unsigned int *)q;
30499 if (a > b)
30500 return 1;
30501 if (a < b)
30502diff -urNp linux-2.6.38.2/fs/debugfs/inode.c linux-2.6.38.2/fs/debugfs/inode.c
30503--- linux-2.6.38.2/fs/debugfs/inode.c 2011-03-14 21:20:32.000000000 -0400
30504+++ linux-2.6.38.2/fs/debugfs/inode.c 2011-03-21 18:31:35.000000000 -0400
30505@@ -130,7 +130,7 @@ static inline int debugfs_positive(struc
30506
30507 static int debug_fill_super(struct super_block *sb, void *data, int silent)
30508 {
30509- static struct tree_descr debug_files[] = {{""}};
30510+ static struct tree_descr debug_files[] = {{"", NULL, 0}};
30511
30512 return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files);
30513 }
30514diff -urNp linux-2.6.38.2/fs/dlm/lockspace.c linux-2.6.38.2/fs/dlm/lockspace.c
30515--- linux-2.6.38.2/fs/dlm/lockspace.c 2011-03-14 21:20:32.000000000 -0400
30516+++ linux-2.6.38.2/fs/dlm/lockspace.c 2011-03-21 18:31:35.000000000 -0400
30517@@ -200,7 +200,7 @@ static int dlm_uevent(struct kset *kset,
30518 return 0;
30519 }
30520
30521-static struct kset_uevent_ops dlm_uevent_ops = {
30522+static const struct kset_uevent_ops dlm_uevent_ops = {
30523 .uevent = dlm_uevent,
30524 };
30525
30526diff -urNp linux-2.6.38.2/fs/ecryptfs/inode.c linux-2.6.38.2/fs/ecryptfs/inode.c
30527--- linux-2.6.38.2/fs/ecryptfs/inode.c 2011-03-14 21:20:32.000000000 -0400
30528+++ linux-2.6.38.2/fs/ecryptfs/inode.c 2011-03-21 18:31:35.000000000 -0400
30529@@ -658,7 +658,7 @@ static int ecryptfs_readlink_lower(struc
30530 old_fs = get_fs();
30531 set_fs(get_ds());
30532 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
30533- (char __user *)lower_buf,
30534+ (__force char __user *)lower_buf,
30535 lower_bufsiz);
30536 set_fs(old_fs);
30537 if (rc < 0)
30538@@ -704,7 +704,7 @@ static void *ecryptfs_follow_link(struct
30539 }
30540 old_fs = get_fs();
30541 set_fs(get_ds());
30542- rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
30543+ rc = dentry->d_inode->i_op->readlink(dentry, (__force char __user *)buf, len);
30544 set_fs(old_fs);
30545 if (rc < 0) {
30546 kfree(buf);
30547@@ -719,7 +719,7 @@ out:
30548 static void
30549 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
30550 {
30551- char *buf = nd_get_link(nd);
30552+ const char *buf = nd_get_link(nd);
30553 if (!IS_ERR(buf)) {
30554 /* Free the char* */
30555 kfree(buf);
30556diff -urNp linux-2.6.38.2/fs/ecryptfs/miscdev.c linux-2.6.38.2/fs/ecryptfs/miscdev.c
30557--- linux-2.6.38.2/fs/ecryptfs/miscdev.c 2011-03-14 21:20:32.000000000 -0400
30558+++ linux-2.6.38.2/fs/ecryptfs/miscdev.c 2011-03-21 18:31:35.000000000 -0400
30559@@ -328,7 +328,7 @@ check_list:
30560 goto out_unlock_msg_ctx;
30561 i = 5;
30562 if (msg_ctx->msg) {
30563- if (copy_to_user(&buf[i], packet_length, packet_length_size))
30564+ if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i], packet_length, packet_length_size))
30565 goto out_unlock_msg_ctx;
30566 i += packet_length_size;
30567 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
30568diff -urNp linux-2.6.38.2/fs/exec.c linux-2.6.38.2/fs/exec.c
30569--- linux-2.6.38.2/fs/exec.c 2011-03-14 21:20:32.000000000 -0400
30570+++ linux-2.6.38.2/fs/exec.c 2011-03-21 18:31:35.000000000 -0400
30571@@ -55,12 +55,24 @@
30572 #include <linux/fs_struct.h>
30573 #include <linux/pipe_fs_i.h>
30574 #include <linux/oom.h>
30575+#include <linux/random.h>
30576+#include <linux/seq_file.h>
30577+
30578+#ifdef CONFIG_PAX_REFCOUNT
30579+#include <linux/kallsyms.h>
30580+#include <linux/kdebug.h>
30581+#endif
30582
30583 #include <asm/uaccess.h>
30584 #include <asm/mmu_context.h>
30585 #include <asm/tlb.h>
30586 #include "internal.h"
30587
30588+#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
30589+void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
30590+EXPORT_SYMBOL(pax_set_initial_flags_func);
30591+#endif
30592+
30593 int core_uses_pid;
30594 char core_pattern[CORENAME_MAX_SIZE] = "core";
30595 unsigned int core_pipe_limit;
30596@@ -120,7 +132,7 @@ SYSCALL_DEFINE1(uselib, const char __use
30597 goto out;
30598
30599 file = do_filp_open(AT_FDCWD, tmp,
30600- O_LARGEFILE | O_RDONLY | __FMODE_EXEC, 0,
30601+ O_LARGEFILE | O_RDONLY | __FMODE_EXEC | FMODE_GREXEC, 0,
30602 MAY_READ | MAY_EXEC | MAY_OPEN);
30603 putname(tmp);
30604 error = PTR_ERR(file);
30605@@ -187,18 +199,10 @@ struct page *get_arg_page(struct linux_b
30606 int write)
30607 {
30608 struct page *page;
30609- int ret;
30610
30611-#ifdef CONFIG_STACK_GROWSUP
30612- if (write) {
30613- ret = expand_stack_downwards(bprm->vma, pos);
30614- if (ret < 0)
30615- return NULL;
30616- }
30617-#endif
30618- ret = get_user_pages(current, bprm->mm, pos,
30619- 1, write, 1, &page, NULL);
30620- if (ret <= 0)
30621+ if (0 > expand_stack_downwards(bprm->vma, pos))
30622+ return NULL;
30623+ if (0 >= get_user_pages(current, bprm->mm, pos, 1, write, 1, &page, NULL))
30624 return NULL;
30625
30626 if (write) {
30627@@ -273,6 +277,11 @@ static int __bprm_mm_init(struct linux_b
30628 vma->vm_end = STACK_TOP_MAX;
30629 vma->vm_start = vma->vm_end - PAGE_SIZE;
30630 vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
30631+
30632+#ifdef CONFIG_PAX_SEGMEXEC
30633+ vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
30634+#endif
30635+
30636 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
30637 INIT_LIST_HEAD(&vma->anon_vma_chain);
30638
30639@@ -287,6 +296,12 @@ static int __bprm_mm_init(struct linux_b
30640 mm->stack_vm = mm->total_vm = 1;
30641 up_write(&mm->mmap_sem);
30642 bprm->p = vma->vm_end - sizeof(void *);
30643+
30644+#ifdef CONFIG_PAX_RANDUSTACK
30645+ if (randomize_va_space)
30646+ bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK;
30647+#endif
30648+
30649 return 0;
30650 err:
30651 up_write(&mm->mmap_sem);
30652@@ -522,7 +537,7 @@ int copy_strings_kernel(int argc, const
30653 int r;
30654 mm_segment_t oldfs = get_fs();
30655 set_fs(KERNEL_DS);
30656- r = copy_strings(argc, (const char __user *const __user *)argv, bprm);
30657+ r = copy_strings(argc, (__force const char __user *const __user *)argv, bprm);
30658 set_fs(oldfs);
30659 return r;
30660 }
30661@@ -552,7 +567,8 @@ static int shift_arg_pages(struct vm_are
30662 unsigned long new_end = old_end - shift;
30663 struct mmu_gather *tlb;
30664
30665- BUG_ON(new_start > new_end);
30666+ if (new_start >= new_end || new_start < mmap_min_addr)
30667+ return -ENOMEM;
30668
30669 /*
30670 * ensure there are no vmas between where we want to go
30671@@ -561,6 +577,10 @@ static int shift_arg_pages(struct vm_are
30672 if (vma != find_vma(mm, new_start))
30673 return -EFAULT;
30674
30675+#ifdef CONFIG_PAX_SEGMEXEC
30676+ BUG_ON(pax_find_mirror_vma(vma));
30677+#endif
30678+
30679 /*
30680 * cover the whole range: [new_start, old_end)
30681 */
30682@@ -641,10 +661,6 @@ int setup_arg_pages(struct linux_binprm
30683 stack_top = arch_align_stack(stack_top);
30684 stack_top = PAGE_ALIGN(stack_top);
30685
30686- if (unlikely(stack_top < mmap_min_addr) ||
30687- unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr))
30688- return -ENOMEM;
30689-
30690 stack_shift = vma->vm_end - stack_top;
30691
30692 bprm->p -= stack_shift;
30693@@ -656,8 +672,28 @@ int setup_arg_pages(struct linux_binprm
30694 bprm->exec -= stack_shift;
30695
30696 down_write(&mm->mmap_sem);
30697+
30698+ /* Move stack pages down in memory. */
30699+ if (stack_shift) {
30700+ ret = shift_arg_pages(vma, stack_shift);
30701+ if (ret)
30702+ goto out_unlock;
30703+ }
30704+
30705 vm_flags = VM_STACK_FLAGS;
30706
30707+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
30708+ if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
30709+ vm_flags &= ~VM_EXEC;
30710+
30711+#ifdef CONFIG_PAX_MPROTECT
30712+ if (mm->pax_flags & MF_PAX_MPROTECT)
30713+ vm_flags &= ~VM_MAYEXEC;
30714+#endif
30715+
30716+ }
30717+#endif
30718+
30719 /*
30720 * Adjust stack execute permissions; explicitly enable for
30721 * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
30722@@ -676,13 +712,6 @@ int setup_arg_pages(struct linux_binprm
30723 goto out_unlock;
30724 BUG_ON(prev != vma);
30725
30726- /* Move stack pages down in memory. */
30727- if (stack_shift) {
30728- ret = shift_arg_pages(vma, stack_shift);
30729- if (ret)
30730- goto out_unlock;
30731- }
30732-
30733 /* mprotect_fixup is overkill to remove the temporary stack flags */
30734 vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
30735
30736@@ -723,7 +752,7 @@ struct file *open_exec(const char *name)
30737 int err;
30738
30739 file = do_filp_open(AT_FDCWD, name,
30740- O_LARGEFILE | O_RDONLY | __FMODE_EXEC, 0,
30741+ O_LARGEFILE | O_RDONLY | __FMODE_EXEC | FMODE_GREXEC, 0,
30742 MAY_EXEC | MAY_OPEN);
30743 if (IS_ERR(file))
30744 goto out;
30745@@ -760,7 +789,7 @@ int kernel_read(struct file *file, loff_
30746 old_fs = get_fs();
30747 set_fs(get_ds());
30748 /* The cast to a user pointer is valid due to the set_fs() */
30749- result = vfs_read(file, (void __user *)addr, count, &pos);
30750+ result = vfs_read(file, (__force void __user *)addr, count, &pos);
30751 set_fs(old_fs);
30752 return result;
30753 }
30754@@ -1182,7 +1211,7 @@ int check_unsafe_exec(struct linux_binpr
30755 }
30756 rcu_read_unlock();
30757
30758- if (p->fs->users > n_fs) {
30759+ if (atomic_read(&p->fs->users) > n_fs) {
30760 bprm->unsafe |= LSM_UNSAFE_SHARE;
30761 } else {
30762 res = -EAGAIN;
30763@@ -1378,6 +1407,11 @@ int do_execve(const char * filename,
30764 const char __user *const __user *envp,
30765 struct pt_regs * regs)
30766 {
30767+#ifdef CONFIG_GRKERNSEC
30768+ struct file *old_exec_file;
30769+ struct acl_subject_label *old_acl;
30770+ struct rlimit old_rlim[RLIM_NLIMITS];
30771+#endif
30772 struct linux_binprm *bprm;
30773 struct file *file;
30774 struct files_struct *displaced;
30775@@ -1414,6 +1448,18 @@ int do_execve(const char * filename,
30776 bprm->filename = filename;
30777 bprm->interp = filename;
30778
30779+ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
30780+
30781+ if (gr_handle_nproc()) {
30782+ retval = -EAGAIN;
30783+ goto out_file;
30784+ }
30785+
30786+ if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
30787+ retval = -EACCES;
30788+ goto out_file;
30789+ }
30790+
30791 retval = bprm_mm_init(bprm);
30792 if (retval)
30793 goto out_file;
30794@@ -1443,9 +1489,40 @@ int do_execve(const char * filename,
30795 if (retval < 0)
30796 goto out;
30797
30798+ if (!gr_tpe_allow(file)) {
30799+ retval = -EACCES;
30800+ goto out;
30801+ }
30802+
30803+ if (gr_check_crash_exec(file)) {
30804+ retval = -EACCES;
30805+ goto out;
30806+ }
30807+
30808+ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
30809+
30810+ gr_handle_exec_args(bprm, argv);
30811+
30812+#ifdef CONFIG_GRKERNSEC
30813+ old_acl = current->acl;
30814+ memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
30815+ old_exec_file = current->exec_file;
30816+ get_file(file);
30817+ current->exec_file = file;
30818+#endif
30819+
30820+ retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
30821+ bprm->unsafe & LSM_UNSAFE_SHARE);
30822+ if (retval < 0)
30823+ goto out_fail;
30824+
30825 retval = search_binary_handler(bprm,regs);
30826 if (retval < 0)
30827- goto out;
30828+ goto out_fail;
30829+#ifdef CONFIG_GRKERNSEC
30830+ if (old_exec_file)
30831+ fput(old_exec_file);
30832+#endif
30833
30834 /* execve succeeded */
30835 current->fs->in_exec = 0;
30836@@ -1456,6 +1533,14 @@ int do_execve(const char * filename,
30837 put_files_struct(displaced);
30838 return retval;
30839
30840+out_fail:
30841+#ifdef CONFIG_GRKERNSEC
30842+ current->acl = old_acl;
30843+ memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
30844+ fput(current->exec_file);
30845+ current->exec_file = old_exec_file;
30846+#endif
30847+
30848 out:
30849 if (bprm->mm) {
30850 acct_arg_size(bprm, 0);
30851@@ -1642,6 +1727,217 @@ out:
30852 return ispipe;
30853 }
30854
30855+int pax_check_flags(unsigned long *flags)
30856+{
30857+ int retval = 0;
30858+
30859+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC)
30860+ if (*flags & MF_PAX_SEGMEXEC)
30861+ {
30862+ *flags &= ~MF_PAX_SEGMEXEC;
30863+ retval = -EINVAL;
30864+ }
30865+#endif
30866+
30867+ if ((*flags & MF_PAX_PAGEEXEC)
30868+
30869+#ifdef CONFIG_PAX_PAGEEXEC
30870+ && (*flags & MF_PAX_SEGMEXEC)
30871+#endif
30872+
30873+ )
30874+ {
30875+ *flags &= ~MF_PAX_PAGEEXEC;
30876+ retval = -EINVAL;
30877+ }
30878+
30879+ if ((*flags & MF_PAX_MPROTECT)
30880+
30881+#ifdef CONFIG_PAX_MPROTECT
30882+ && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
30883+#endif
30884+
30885+ )
30886+ {
30887+ *flags &= ~MF_PAX_MPROTECT;
30888+ retval = -EINVAL;
30889+ }
30890+
30891+ if ((*flags & MF_PAX_EMUTRAMP)
30892+
30893+#ifdef CONFIG_PAX_EMUTRAMP
30894+ && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
30895+#endif
30896+
30897+ )
30898+ {
30899+ *flags &= ~MF_PAX_EMUTRAMP;
30900+ retval = -EINVAL;
30901+ }
30902+
30903+ return retval;
30904+}
30905+
30906+EXPORT_SYMBOL(pax_check_flags);
30907+
30908+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
30909+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
30910+{
30911+ struct task_struct *tsk = current;
30912+ struct mm_struct *mm = current->mm;
30913+ char *buffer_exec = (char *)__get_free_page(GFP_KERNEL);
30914+ char *buffer_fault = (char *)__get_free_page(GFP_KERNEL);
30915+ char *path_exec = NULL;
30916+ char *path_fault = NULL;
30917+ unsigned long start = 0UL, end = 0UL, offset = 0UL;
30918+
30919+ if (buffer_exec && buffer_fault) {
30920+ struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL;
30921+
30922+ down_read(&mm->mmap_sem);
30923+ vma = mm->mmap;
30924+ while (vma && (!vma_exec || !vma_fault)) {
30925+ if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file)
30926+ vma_exec = vma;
30927+ if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
30928+ vma_fault = vma;
30929+ vma = vma->vm_next;
30930+ }
30931+ if (vma_exec) {
30932+ path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
30933+ if (IS_ERR(path_exec))
30934+ path_exec = "<path too long>";
30935+ else {
30936+ path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\");
30937+ if (path_exec) {
30938+ *path_exec = 0;
30939+ path_exec = buffer_exec;
30940+ } else
30941+ path_exec = "<path too long>";
30942+ }
30943+ }
30944+ if (vma_fault) {
30945+ start = vma_fault->vm_start;
30946+ end = vma_fault->vm_end;
30947+ offset = vma_fault->vm_pgoff << PAGE_SHIFT;
30948+ if (vma_fault->vm_file) {
30949+ path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
30950+ if (IS_ERR(path_fault))
30951+ path_fault = "<path too long>";
30952+ else {
30953+ path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\");
30954+ if (path_fault) {
30955+ *path_fault = 0;
30956+ path_fault = buffer_fault;
30957+ } else
30958+ path_fault = "<path too long>";
30959+ }
30960+ } else
30961+ path_fault = "<anonymous mapping>";
30962+ }
30963+ up_read(&mm->mmap_sem);
30964+ }
30965+ if (tsk->signal->curr_ip)
30966+ printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset);
30967+ else
30968+ printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
30969+ printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
30970+ "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
30971+ task_uid(tsk), task_euid(tsk), pc, sp);
30972+ free_page((unsigned long)buffer_exec);
30973+ free_page((unsigned long)buffer_fault);
30974+ pax_report_insns(pc, sp);
30975+ do_coredump(SIGKILL, SIGKILL, regs);
30976+}
30977+#endif
30978+
30979+#ifdef CONFIG_PAX_REFCOUNT
30980+void pax_report_refcount_overflow(struct pt_regs *regs)
30981+{
30982+ if (current->signal->curr_ip)
30983+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
30984+ &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
30985+ else
30986+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
30987+ current->comm, task_pid_nr(current), current_uid(), current_euid());
30988+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
30989+ show_regs(regs);
30990+ force_sig_info(SIGKILL, SEND_SIG_FORCED, current);
30991+}
30992+#endif
30993+
30994+#ifdef CONFIG_PAX_USERCOPY
30995+/* 0: not at all, 1: fully, 2: fully inside frame, -1: partially (implies an error) */
30996+int object_is_on_stack(const void *obj, unsigned long len)
30997+{
30998+ const void * const stack = task_stack_page(current);
30999+ const void * const stackend = stack + THREAD_SIZE;
31000+
31001+#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86)
31002+ const void *frame = NULL;
31003+ const void *oldframe;
31004+#endif
31005+
31006+ if (obj + len < obj)
31007+ return -1;
31008+
31009+ if (obj + len <= stack || stackend <= obj)
31010+ return 0;
31011+
31012+ if (obj < stack || stackend < obj + len)
31013+ return -1;
31014+
31015+#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86)
31016+ oldframe = __builtin_frame_address(1);
31017+ if (oldframe)
31018+ frame = __builtin_frame_address(2);
31019+ /*
31020+ low ----------------------------------------------> high
31021+ [saved bp][saved ip][args][local vars][saved bp][saved ip]
31022+ ^----------------^
31023+ allow copies only within here
31024+ */
31025+ while (stack <= frame && frame < stackend) {
31026+ /* if obj + len extends past the last frame, this
31027+ check won't pass and the next frame will be 0,
31028+ causing us to bail out and correctly report
31029+ the copy as invalid
31030+ */
31031+ if (obj + len <= frame)
31032+ return obj >= oldframe + 2 * sizeof(void *) ? 2 : -1;
31033+ oldframe = frame;
31034+ frame = *(const void * const *)frame;
31035+ }
31036+ return -1;
31037+#else
31038+ return 1;
31039+#endif
31040+}
31041+
31042+
31043+void pax_report_leak_to_user(const void *ptr, unsigned long len)
31044+{
31045+ if (current->signal->curr_ip)
31046+ printk(KERN_ERR "PAX: From %pI4: kernel memory leak attempt detected from %p (%lu bytes)\n",
31047+ &current->signal->curr_ip, ptr, len);
31048+ else
31049+ printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len);
31050+ dump_stack();
31051+ do_group_exit(SIGKILL);
31052+}
31053+
31054+void pax_report_overflow_from_user(const void *ptr, unsigned long len)
31055+{
31056+ if (current->signal->curr_ip)
31057+ printk(KERN_ERR "PAX: From %pI4: kernel memory overflow attempt detected to %p (%lu bytes)\n",
31058+ &current->signal->curr_ip, ptr, len);
31059+ else
31060+ printk(KERN_ERR "PAX: kernel memory overflow attempt detected to %p (%lu bytes)\n", ptr, len);
31061+ dump_stack();
31062+ do_group_exit(SIGKILL);
31063+}
31064+#endif
31065+
31066 static int zap_process(struct task_struct *start, int exit_code)
31067 {
31068 struct task_struct *t;
31069@@ -1852,17 +2148,17 @@ static void wait_for_dump_helpers(struct
31070 pipe = file->f_path.dentry->d_inode->i_pipe;
31071
31072 pipe_lock(pipe);
31073- pipe->readers++;
31074- pipe->writers--;
31075+ atomic_inc(&pipe->readers);
31076+ atomic_dec(&pipe->writers);
31077
31078- while ((pipe->readers > 1) && (!signal_pending(current))) {
31079+ while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) {
31080 wake_up_interruptible_sync(&pipe->wait);
31081 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
31082 pipe_wait(pipe);
31083 }
31084
31085- pipe->readers--;
31086- pipe->writers++;
31087+ atomic_dec(&pipe->readers);
31088+ atomic_inc(&pipe->writers);
31089 pipe_unlock(pipe);
31090
31091 }
31092@@ -1978,6 +2274,10 @@ void do_coredump(long signr, int exit_co
31093 goto fail_corename;
31094 }
31095
31096+ if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL)
31097+ gr_handle_brute_attach(current);
31098+ gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
31099+
31100 if (ispipe) {
31101 int dump_count;
31102 char **helper_argv;
31103diff -urNp linux-2.6.38.2/fs/ext2/balloc.c linux-2.6.38.2/fs/ext2/balloc.c
31104--- linux-2.6.38.2/fs/ext2/balloc.c 2011-03-14 21:20:32.000000000 -0400
31105+++ linux-2.6.38.2/fs/ext2/balloc.c 2011-03-21 18:31:35.000000000 -0400
31106@@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct e
31107
31108 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
31109 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
31110- if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
31111+ if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
31112 sbi->s_resuid != current_fsuid() &&
31113 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
31114 return 0;
31115diff -urNp linux-2.6.38.2/fs/ext2/xattr.c linux-2.6.38.2/fs/ext2/xattr.c
31116--- linux-2.6.38.2/fs/ext2/xattr.c 2011-03-14 21:20:32.000000000 -0400
31117+++ linux-2.6.38.2/fs/ext2/xattr.c 2011-03-21 18:31:35.000000000 -0400
31118@@ -86,8 +86,8 @@
31119 printk("\n"); \
31120 } while (0)
31121 #else
31122-# define ea_idebug(f...)
31123-# define ea_bdebug(f...)
31124+# define ea_idebug(inode, f...) do {} while (0)
31125+# define ea_bdebug(bh, f...) do {} while (0)
31126 #endif
31127
31128 static int ext2_xattr_set2(struct inode *, struct buffer_head *,
31129diff -urNp linux-2.6.38.2/fs/ext3/balloc.c linux-2.6.38.2/fs/ext3/balloc.c
31130--- linux-2.6.38.2/fs/ext3/balloc.c 2011-03-14 21:20:32.000000000 -0400
31131+++ linux-2.6.38.2/fs/ext3/balloc.c 2011-03-21 18:31:35.000000000 -0400
31132@@ -1441,7 +1441,7 @@ static int ext3_has_free_blocks(struct e
31133
31134 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
31135 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
31136- if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
31137+ if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
31138 sbi->s_resuid != current_fsuid() &&
31139 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
31140 return 0;
31141diff -urNp linux-2.6.38.2/fs/ext3/namei.c linux-2.6.38.2/fs/ext3/namei.c
31142--- linux-2.6.38.2/fs/ext3/namei.c 2011-03-23 17:20:08.000000000 -0400
31143+++ linux-2.6.38.2/fs/ext3/namei.c 2011-03-23 17:21:51.000000000 -0400
31144@@ -1159,7 +1159,7 @@ static struct ext3_dir_entry_2 *do_split
31145 char *data1 = (*bh)->b_data, *data2;
31146 unsigned split, move, size;
31147 struct ext3_dir_entry_2 *de = NULL, *de2;
31148- int err = 0, i;
31149+ int i, err = 0;
31150
31151 bh2 = ext3_append (handle, dir, &newblock, &err);
31152 if (!(bh2)) {
31153diff -urNp linux-2.6.38.2/fs/ext3/xattr.c linux-2.6.38.2/fs/ext3/xattr.c
31154--- linux-2.6.38.2/fs/ext3/xattr.c 2011-03-14 21:20:32.000000000 -0400
31155+++ linux-2.6.38.2/fs/ext3/xattr.c 2011-03-21 18:31:35.000000000 -0400
31156@@ -89,8 +89,8 @@
31157 printk("\n"); \
31158 } while (0)
31159 #else
31160-# define ea_idebug(f...)
31161-# define ea_bdebug(f...)
31162+# define ea_idebug(f...) do {} while (0)
31163+# define ea_bdebug(f...) do {} while (0)
31164 #endif
31165
31166 static void ext3_xattr_cache_insert(struct buffer_head *);
31167diff -urNp linux-2.6.38.2/fs/ext4/balloc.c linux-2.6.38.2/fs/ext4/balloc.c
31168--- linux-2.6.38.2/fs/ext4/balloc.c 2011-03-14 21:20:32.000000000 -0400
31169+++ linux-2.6.38.2/fs/ext4/balloc.c 2011-03-21 18:31:35.000000000 -0400
31170@@ -519,7 +519,7 @@ static int ext4_has_free_blocks(struct e
31171 /* Hm, nope. Are (enough) root reserved blocks available? */
31172 if (sbi->s_resuid == current_fsuid() ||
31173 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
31174- capable(CAP_SYS_RESOURCE)) {
31175+ capable_nolog(CAP_SYS_RESOURCE)) {
31176 if (free_blocks >= (nblocks + dirty_blocks))
31177 return 1;
31178 }
31179diff -urNp linux-2.6.38.2/fs/ext4/ext4.h linux-2.6.38.2/fs/ext4/ext4.h
31180--- linux-2.6.38.2/fs/ext4/ext4.h 2011-03-14 21:20:32.000000000 -0400
31181+++ linux-2.6.38.2/fs/ext4/ext4.h 2011-03-21 18:31:35.000000000 -0400
31182@@ -1166,19 +1166,19 @@ struct ext4_sb_info {
31183 unsigned long s_mb_last_start;
31184
31185 /* stats for buddy allocator */
31186- atomic_t s_bal_reqs; /* number of reqs with len > 1 */
31187- atomic_t s_bal_success; /* we found long enough chunks */
31188- atomic_t s_bal_allocated; /* in blocks */
31189- atomic_t s_bal_ex_scanned; /* total extents scanned */
31190- atomic_t s_bal_goals; /* goal hits */
31191- atomic_t s_bal_breaks; /* too long searches */
31192- atomic_t s_bal_2orders; /* 2^order hits */
31193+ atomic_unchecked_t s_bal_reqs; /* number of reqs with len > 1 */
31194+ atomic_unchecked_t s_bal_success; /* we found long enough chunks */
31195+ atomic_unchecked_t s_bal_allocated; /* in blocks */
31196+ atomic_unchecked_t s_bal_ex_scanned; /* total extents scanned */
31197+ atomic_unchecked_t s_bal_goals; /* goal hits */
31198+ atomic_unchecked_t s_bal_breaks; /* too long searches */
31199+ atomic_unchecked_t s_bal_2orders; /* 2^order hits */
31200 spinlock_t s_bal_lock;
31201 unsigned long s_mb_buddies_generated;
31202 unsigned long long s_mb_generation_time;
31203- atomic_t s_mb_lost_chunks;
31204- atomic_t s_mb_preallocated;
31205- atomic_t s_mb_discarded;
31206+ atomic_unchecked_t s_mb_lost_chunks;
31207+ atomic_unchecked_t s_mb_preallocated;
31208+ atomic_unchecked_t s_mb_discarded;
31209 atomic_t s_lock_busy;
31210
31211 /* locality groups */
31212diff -urNp linux-2.6.38.2/fs/ext4/mballoc.c linux-2.6.38.2/fs/ext4/mballoc.c
31213--- linux-2.6.38.2/fs/ext4/mballoc.c 2011-03-14 21:20:32.000000000 -0400
31214+++ linux-2.6.38.2/fs/ext4/mballoc.c 2011-03-21 18:31:35.000000000 -0400
31215@@ -1846,7 +1846,7 @@ void ext4_mb_simple_scan_group(struct ex
31216 BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
31217
31218 if (EXT4_SB(sb)->s_mb_stats)
31219- atomic_inc(&EXT4_SB(sb)->s_bal_2orders);
31220+ atomic_inc_unchecked(&EXT4_SB(sb)->s_bal_2orders);
31221
31222 break;
31223 }
31224@@ -2140,7 +2140,7 @@ repeat:
31225 ac->ac_status = AC_STATUS_CONTINUE;
31226 ac->ac_flags |= EXT4_MB_HINT_FIRST;
31227 cr = 3;
31228- atomic_inc(&sbi->s_mb_lost_chunks);
31229+ atomic_inc_unchecked(&sbi->s_mb_lost_chunks);
31230 goto repeat;
31231 }
31232 }
31233@@ -2606,25 +2606,25 @@ int ext4_mb_release(struct super_block *
31234 if (sbi->s_mb_stats) {
31235 printk(KERN_INFO
31236 "EXT4-fs: mballoc: %u blocks %u reqs (%u success)\n",
31237- atomic_read(&sbi->s_bal_allocated),
31238- atomic_read(&sbi->s_bal_reqs),
31239- atomic_read(&sbi->s_bal_success));
31240+ atomic_read_unchecked(&sbi->s_bal_allocated),
31241+ atomic_read_unchecked(&sbi->s_bal_reqs),
31242+ atomic_read_unchecked(&sbi->s_bal_success));
31243 printk(KERN_INFO
31244 "EXT4-fs: mballoc: %u extents scanned, %u goal hits, "
31245 "%u 2^N hits, %u breaks, %u lost\n",
31246- atomic_read(&sbi->s_bal_ex_scanned),
31247- atomic_read(&sbi->s_bal_goals),
31248- atomic_read(&sbi->s_bal_2orders),
31249- atomic_read(&sbi->s_bal_breaks),
31250- atomic_read(&sbi->s_mb_lost_chunks));
31251+ atomic_read_unchecked(&sbi->s_bal_ex_scanned),
31252+ atomic_read_unchecked(&sbi->s_bal_goals),
31253+ atomic_read_unchecked(&sbi->s_bal_2orders),
31254+ atomic_read_unchecked(&sbi->s_bal_breaks),
31255+ atomic_read_unchecked(&sbi->s_mb_lost_chunks));
31256 printk(KERN_INFO
31257 "EXT4-fs: mballoc: %lu generated and it took %Lu\n",
31258 sbi->s_mb_buddies_generated++,
31259 sbi->s_mb_generation_time);
31260 printk(KERN_INFO
31261 "EXT4-fs: mballoc: %u preallocated, %u discarded\n",
31262- atomic_read(&sbi->s_mb_preallocated),
31263- atomic_read(&sbi->s_mb_discarded));
31264+ atomic_read_unchecked(&sbi->s_mb_preallocated),
31265+ atomic_read_unchecked(&sbi->s_mb_discarded));
31266 }
31267
31268 free_percpu(sbi->s_locality_groups);
31269@@ -3100,16 +3100,16 @@ static void ext4_mb_collect_stats(struct
31270 struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
31271
31272 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
31273- atomic_inc(&sbi->s_bal_reqs);
31274- atomic_add(ac->ac_b_ex.fe_len, &sbi->s_bal_allocated);
31275+ atomic_inc_unchecked(&sbi->s_bal_reqs);
31276+ atomic_add_unchecked(ac->ac_b_ex.fe_len, &sbi->s_bal_allocated);
31277 if (ac->ac_b_ex.fe_len >= ac->ac_o_ex.fe_len)
31278- atomic_inc(&sbi->s_bal_success);
31279- atomic_add(ac->ac_found, &sbi->s_bal_ex_scanned);
31280+ atomic_inc_unchecked(&sbi->s_bal_success);
31281+ atomic_add_unchecked(ac->ac_found, &sbi->s_bal_ex_scanned);
31282 if (ac->ac_g_ex.fe_start == ac->ac_b_ex.fe_start &&
31283 ac->ac_g_ex.fe_group == ac->ac_b_ex.fe_group)
31284- atomic_inc(&sbi->s_bal_goals);
31285+ atomic_inc_unchecked(&sbi->s_bal_goals);
31286 if (ac->ac_found > sbi->s_mb_max_to_scan)
31287- atomic_inc(&sbi->s_bal_breaks);
31288+ atomic_inc_unchecked(&sbi->s_bal_breaks);
31289 }
31290
31291 if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
31292@@ -3507,7 +3507,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat
31293 trace_ext4_mb_new_inode_pa(ac, pa);
31294
31295 ext4_mb_use_inode_pa(ac, pa);
31296- atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
31297+ atomic_add_unchecked(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
31298
31299 ei = EXT4_I(ac->ac_inode);
31300 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
31301@@ -3567,7 +3567,7 @@ ext4_mb_new_group_pa(struct ext4_allocat
31302 trace_ext4_mb_new_group_pa(ac, pa);
31303
31304 ext4_mb_use_group_pa(ac, pa);
31305- atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
31306+ atomic_add_unchecked(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
31307
31308 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
31309 lg = ac->ac_lg;
31310@@ -3654,7 +3654,7 @@ ext4_mb_release_inode_pa(struct ext4_bud
31311 * from the bitmap and continue.
31312 */
31313 }
31314- atomic_add(free, &sbi->s_mb_discarded);
31315+ atomic_add_unchecked(free, &sbi->s_mb_discarded);
31316
31317 return err;
31318 }
31319@@ -3672,7 +3672,7 @@ ext4_mb_release_group_pa(struct ext4_bud
31320 ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
31321 BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
31322 mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
31323- atomic_add(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded);
31324+ atomic_add_unchecked(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded);
31325 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len);
31326
31327 return 0;
31328diff -urNp linux-2.6.38.2/fs/ext4/namei.c linux-2.6.38.2/fs/ext4/namei.c
31329--- linux-2.6.38.2/fs/ext4/namei.c 2011-03-14 21:20:32.000000000 -0400
31330+++ linux-2.6.38.2/fs/ext4/namei.c 2011-03-21 18:31:35.000000000 -0400
31331@@ -1161,7 +1161,7 @@ static struct ext4_dir_entry_2 *do_split
31332 char *data1 = (*bh)->b_data, *data2;
31333 unsigned split, move, size;
31334 struct ext4_dir_entry_2 *de = NULL, *de2;
31335- int err = 0, i;
31336+ int i, err = 0;
31337
31338 bh2 = ext4_append (handle, dir, &newblock, &err);
31339 if (!(bh2)) {
31340diff -urNp linux-2.6.38.2/fs/ext4/xattr.c linux-2.6.38.2/fs/ext4/xattr.c
31341--- linux-2.6.38.2/fs/ext4/xattr.c 2011-03-14 21:20:32.000000000 -0400
31342+++ linux-2.6.38.2/fs/ext4/xattr.c 2011-03-21 18:31:35.000000000 -0400
31343@@ -82,8 +82,8 @@
31344 printk("\n"); \
31345 } while (0)
31346 #else
31347-# define ea_idebug(f...)
31348-# define ea_bdebug(f...)
31349+# define ea_idebug(inode, f...) do {} while (0)
31350+# define ea_bdebug(bh, f...) do {} while (0)
31351 #endif
31352
31353 static void ext4_xattr_cache_insert(struct buffer_head *);
31354diff -urNp linux-2.6.38.2/fs/fcntl.c linux-2.6.38.2/fs/fcntl.c
31355--- linux-2.6.38.2/fs/fcntl.c 2011-03-14 21:20:32.000000000 -0400
31356+++ linux-2.6.38.2/fs/fcntl.c 2011-03-21 18:31:35.000000000 -0400
31357@@ -224,6 +224,11 @@ int __f_setown(struct file *filp, struct
31358 if (err)
31359 return err;
31360
31361+ if (gr_handle_chroot_fowner(pid, type))
31362+ return -ENOENT;
31363+ if (gr_check_protected_task_fowner(pid, type))
31364+ return -EACCES;
31365+
31366 f_modown(filp, pid, type, force);
31367 return 0;
31368 }
31369@@ -348,6 +353,7 @@ static long do_fcntl(int fd, unsigned in
31370 switch (cmd) {
31371 case F_DUPFD:
31372 case F_DUPFD_CLOEXEC:
31373+ gr_learn_resource(current, RLIMIT_NOFILE, arg, 0);
31374 if (arg >= rlimit(RLIMIT_NOFILE))
31375 break;
31376 err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0);
31377@@ -808,14 +814,14 @@ static int __init fcntl_init(void)
31378 * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY
31379 * is defined as O_NONBLOCK on some platforms and not on others.
31380 */
31381- BUILD_BUG_ON(18 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32(
31382+ BUILD_BUG_ON(19 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32(
31383 O_RDONLY | O_WRONLY | O_RDWR |
31384 O_CREAT | O_EXCL | O_NOCTTY |
31385 O_TRUNC | O_APPEND | /* O_NONBLOCK | */
31386 __O_SYNC | O_DSYNC | FASYNC |
31387 O_DIRECT | O_LARGEFILE | O_DIRECTORY |
31388 O_NOFOLLOW | O_NOATIME | O_CLOEXEC |
31389- __FMODE_EXEC
31390+ __FMODE_EXEC | FMODE_GREXEC
31391 ));
31392
31393 fasync_cache = kmem_cache_create("fasync_cache",
31394diff -urNp linux-2.6.38.2/fs/fifo.c linux-2.6.38.2/fs/fifo.c
31395--- linux-2.6.38.2/fs/fifo.c 2011-03-14 21:20:32.000000000 -0400
31396+++ linux-2.6.38.2/fs/fifo.c 2011-03-21 18:31:35.000000000 -0400
31397@@ -58,10 +58,10 @@ static int fifo_open(struct inode *inode
31398 */
31399 filp->f_op = &read_pipefifo_fops;
31400 pipe->r_counter++;
31401- if (pipe->readers++ == 0)
31402+ if (atomic_inc_return(&pipe->readers) == 1)
31403 wake_up_partner(inode);
31404
31405- if (!pipe->writers) {
31406+ if (!atomic_read(&pipe->writers)) {
31407 if ((filp->f_flags & O_NONBLOCK)) {
31408 /* suppress POLLHUP until we have
31409 * seen a writer */
31410@@ -82,15 +82,15 @@ static int fifo_open(struct inode *inode
31411 * errno=ENXIO when there is no process reading the FIFO.
31412 */
31413 ret = -ENXIO;
31414- if ((filp->f_flags & O_NONBLOCK) && !pipe->readers)
31415+ if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
31416 goto err;
31417
31418 filp->f_op = &write_pipefifo_fops;
31419 pipe->w_counter++;
31420- if (!pipe->writers++)
31421+ if (atomic_inc_return(&pipe->writers) == 1)
31422 wake_up_partner(inode);
31423
31424- if (!pipe->readers) {
31425+ if (!atomic_read(&pipe->readers)) {
31426 wait_for_partner(inode, &pipe->r_counter);
31427 if (signal_pending(current))
31428 goto err_wr;
31429@@ -106,11 +106,11 @@ static int fifo_open(struct inode *inode
31430 */
31431 filp->f_op = &rdwr_pipefifo_fops;
31432
31433- pipe->readers++;
31434- pipe->writers++;
31435+ atomic_inc(&pipe->readers);
31436+ atomic_inc(&pipe->writers);
31437 pipe->r_counter++;
31438 pipe->w_counter++;
31439- if (pipe->readers == 1 || pipe->writers == 1)
31440+ if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
31441 wake_up_partner(inode);
31442 break;
31443
31444@@ -124,19 +124,19 @@ static int fifo_open(struct inode *inode
31445 return 0;
31446
31447 err_rd:
31448- if (!--pipe->readers)
31449+ if (atomic_dec_and_test(&pipe->readers))
31450 wake_up_interruptible(&pipe->wait);
31451 ret = -ERESTARTSYS;
31452 goto err;
31453
31454 err_wr:
31455- if (!--pipe->writers)
31456+ if (atomic_dec_and_test(&pipe->writers))
31457 wake_up_interruptible(&pipe->wait);
31458 ret = -ERESTARTSYS;
31459 goto err;
31460
31461 err:
31462- if (!pipe->readers && !pipe->writers)
31463+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers))
31464 free_pipe_info(inode);
31465
31466 err_nocleanup:
31467diff -urNp linux-2.6.38.2/fs/file.c linux-2.6.38.2/fs/file.c
31468--- linux-2.6.38.2/fs/file.c 2011-03-14 21:20:32.000000000 -0400
31469+++ linux-2.6.38.2/fs/file.c 2011-03-21 18:31:35.000000000 -0400
31470@@ -14,6 +14,7 @@
31471 #include <linux/slab.h>
31472 #include <linux/vmalloc.h>
31473 #include <linux/file.h>
31474+#include <linux/security.h>
31475 #include <linux/fdtable.h>
31476 #include <linux/bitops.h>
31477 #include <linux/interrupt.h>
31478@@ -250,6 +251,7 @@ int expand_files(struct files_struct *fi
31479 * N.B. For clone tasks sharing a files structure, this test
31480 * will limit the total number of files that can be opened.
31481 */
31482+ gr_learn_resource(current, RLIMIT_NOFILE, nr, 0);
31483 if (nr >= rlimit(RLIMIT_NOFILE))
31484 return -EMFILE;
31485
31486diff -urNp linux-2.6.38.2/fs/fs_struct.c linux-2.6.38.2/fs/fs_struct.c
31487--- linux-2.6.38.2/fs/fs_struct.c 2011-03-14 21:20:32.000000000 -0400
31488+++ linux-2.6.38.2/fs/fs_struct.c 2011-03-21 18:31:35.000000000 -0400
31489@@ -4,6 +4,7 @@
31490 #include <linux/path.h>
31491 #include <linux/slab.h>
31492 #include <linux/fs_struct.h>
31493+#include <linux/grsecurity.h>
31494 #include "internal.h"
31495
31496 static inline void path_get_longterm(struct path *path)
31497@@ -31,6 +32,7 @@ void set_fs_root(struct fs_struct *fs, s
31498 old_root = fs->root;
31499 fs->root = *path;
31500 path_get_longterm(path);
31501+ gr_set_chroot_entries(current, path);
31502 write_seqcount_end(&fs->seq);
31503 spin_unlock(&fs->lock);
31504 if (old_root.dentry)
31505@@ -74,6 +76,7 @@ void chroot_fs_refs(struct path *old_roo
31506 && fs->root.mnt == old_root->mnt) {
31507 path_get_longterm(new_root);
31508 fs->root = *new_root;
31509+ gr_set_chroot_entries(p, new_root);
31510 count++;
31511 }
31512 if (fs->pwd.dentry == old_root->dentry
31513@@ -109,7 +112,8 @@ void exit_fs(struct task_struct *tsk)
31514 spin_lock(&fs->lock);
31515 write_seqcount_begin(&fs->seq);
31516 tsk->fs = NULL;
31517- kill = !--fs->users;
31518+ gr_clear_chroot_entries(tsk);
31519+ kill = !atomic_dec_return(&fs->users);
31520 write_seqcount_end(&fs->seq);
31521 spin_unlock(&fs->lock);
31522 task_unlock(tsk);
31523@@ -123,7 +127,7 @@ struct fs_struct *copy_fs_struct(struct
31524 struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
31525 /* We don't need to lock fs - think why ;-) */
31526 if (fs) {
31527- fs->users = 1;
31528+ atomic_set(&fs->users, 1);
31529 fs->in_exec = 0;
31530 spin_lock_init(&fs->lock);
31531 seqcount_init(&fs->seq);
31532@@ -132,6 +136,9 @@ struct fs_struct *copy_fs_struct(struct
31533 spin_lock(&old->lock);
31534 fs->root = old->root;
31535 path_get_longterm(&fs->root);
31536+ /* instead of calling gr_set_chroot_entries here,
31537+ we call it from every caller of this function
31538+ */
31539 fs->pwd = old->pwd;
31540 path_get_longterm(&fs->pwd);
31541 spin_unlock(&old->lock);
31542@@ -150,8 +157,9 @@ int unshare_fs_struct(void)
31543
31544 task_lock(current);
31545 spin_lock(&fs->lock);
31546- kill = !--fs->users;
31547+ kill = !atomic_dec_return(&fs->users);
31548 current->fs = new_fs;
31549+ gr_set_chroot_entries(current, &new_fs->root);
31550 spin_unlock(&fs->lock);
31551 task_unlock(current);
31552
31553@@ -170,7 +178,7 @@ EXPORT_SYMBOL(current_umask);
31554
31555 /* to be mentioned only in INIT_TASK */
31556 struct fs_struct init_fs = {
31557- .users = 1,
31558+ .users = ATOMIC_INIT(1),
31559 .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock),
31560 .seq = SEQCNT_ZERO,
31561 .umask = 0022,
31562@@ -186,12 +194,13 @@ void daemonize_fs_struct(void)
31563 task_lock(current);
31564
31565 spin_lock(&init_fs.lock);
31566- init_fs.users++;
31567+ atomic_inc(&init_fs.users);
31568 spin_unlock(&init_fs.lock);
31569
31570 spin_lock(&fs->lock);
31571 current->fs = &init_fs;
31572- kill = !--fs->users;
31573+ gr_set_chroot_entries(current, &current->fs->root);
31574+ kill = !atomic_dec_return(&fs->users);
31575 spin_unlock(&fs->lock);
31576
31577 task_unlock(current);
31578diff -urNp linux-2.6.38.2/fs/fuse/control.c linux-2.6.38.2/fs/fuse/control.c
31579--- linux-2.6.38.2/fs/fuse/control.c 2011-03-14 21:20:32.000000000 -0400
31580+++ linux-2.6.38.2/fs/fuse/control.c 2011-03-21 18:31:35.000000000 -0400
31581@@ -298,7 +298,7 @@ void fuse_ctl_remove_conn(struct fuse_co
31582
31583 static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)
31584 {
31585- struct tree_descr empty_descr = {""};
31586+ struct tree_descr empty_descr = {"", NULL, 0};
31587 struct fuse_conn *fc;
31588 int err;
31589
31590diff -urNp linux-2.6.38.2/fs/fuse/cuse.c linux-2.6.38.2/fs/fuse/cuse.c
31591--- linux-2.6.38.2/fs/fuse/cuse.c 2011-03-14 21:20:32.000000000 -0400
31592+++ linux-2.6.38.2/fs/fuse/cuse.c 2011-03-21 18:31:35.000000000 -0400
31593@@ -530,8 +530,18 @@ static int cuse_channel_release(struct i
31594 return rc;
31595 }
31596
31597-static struct file_operations cuse_channel_fops; /* initialized during init */
31598-
31599+static const struct file_operations cuse_channel_fops = { /* initialized during init */
31600+ .owner = THIS_MODULE,
31601+ .llseek = no_llseek,
31602+ .read = do_sync_read,
31603+ .aio_read = fuse_dev_read,
31604+ .write = do_sync_write,
31605+ .aio_write = fuse_dev_write,
31606+ .poll = fuse_dev_poll,
31607+ .open = cuse_channel_open,
31608+ .release = cuse_channel_release,
31609+ .fasync = fuse_dev_fasync,
31610+};
31611
31612 /**************************************************************************
31613 * Misc stuff and module initializatiion
31614@@ -577,12 +587,6 @@ static int __init cuse_init(void)
31615 for (i = 0; i < CUSE_CONNTBL_LEN; i++)
31616 INIT_LIST_HEAD(&cuse_conntbl[i]);
31617
31618- /* inherit and extend fuse_dev_operations */
31619- cuse_channel_fops = fuse_dev_operations;
31620- cuse_channel_fops.owner = THIS_MODULE;
31621- cuse_channel_fops.open = cuse_channel_open;
31622- cuse_channel_fops.release = cuse_channel_release;
31623-
31624 cuse_class = class_create(THIS_MODULE, "cuse");
31625 if (IS_ERR(cuse_class))
31626 return PTR_ERR(cuse_class);
31627diff -urNp linux-2.6.38.2/fs/fuse/dev.c linux-2.6.38.2/fs/fuse/dev.c
31628--- linux-2.6.38.2/fs/fuse/dev.c 2011-03-14 21:20:32.000000000 -0400
31629+++ linux-2.6.38.2/fs/fuse/dev.c 2011-03-21 18:31:35.000000000 -0400
31630@@ -1183,7 +1183,7 @@ static ssize_t fuse_dev_do_read(struct f
31631 return err;
31632 }
31633
31634-static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
31635+ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
31636 unsigned long nr_segs, loff_t pos)
31637 {
31638 struct fuse_copy_state cs;
31639@@ -1197,6 +1197,8 @@ static ssize_t fuse_dev_read(struct kioc
31640 return fuse_dev_do_read(fc, file, &cs, iov_length(iov, nr_segs));
31641 }
31642
31643+EXPORT_SYMBOL_GPL(fuse_dev_read);
31644+
31645 static int fuse_dev_pipe_buf_steal(struct pipe_inode_info *pipe,
31646 struct pipe_buffer *buf)
31647 {
31648@@ -1240,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(stru
31649 ret = 0;
31650 pipe_lock(pipe);
31651
31652- if (!pipe->readers) {
31653+ if (!atomic_read(&pipe->readers)) {
31654 send_sig(SIGPIPE, current, 0);
31655 if (!ret)
31656 ret = -EPIPE;
31657@@ -1733,7 +1735,7 @@ static ssize_t fuse_dev_do_write(struct
31658 return err;
31659 }
31660
31661-static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
31662+ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
31663 unsigned long nr_segs, loff_t pos)
31664 {
31665 struct fuse_copy_state cs;
31666@@ -1746,6 +1748,8 @@ static ssize_t fuse_dev_write(struct kio
31667 return fuse_dev_do_write(fc, &cs, iov_length(iov, nr_segs));
31668 }
31669
31670+EXPORT_SYMBOL_GPL(fuse_dev_write);
31671+
31672 static ssize_t fuse_dev_splice_write(struct pipe_inode_info *pipe,
31673 struct file *out, loff_t *ppos,
31674 size_t len, unsigned int flags)
31675@@ -1824,7 +1828,7 @@ out:
31676 return ret;
31677 }
31678
31679-static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
31680+unsigned fuse_dev_poll(struct file *file, poll_table *wait)
31681 {
31682 unsigned mask = POLLOUT | POLLWRNORM;
31683 struct fuse_conn *fc = fuse_get_conn(file);
31684@@ -1843,6 +1847,8 @@ static unsigned fuse_dev_poll(struct fil
31685 return mask;
31686 }
31687
31688+EXPORT_SYMBOL_GPL(fuse_dev_poll);
31689+
31690 /*
31691 * Abort all requests on the given list (pending or processing)
31692 *
31693@@ -1962,7 +1968,7 @@ int fuse_dev_release(struct inode *inode
31694 }
31695 EXPORT_SYMBOL_GPL(fuse_dev_release);
31696
31697-static int fuse_dev_fasync(int fd, struct file *file, int on)
31698+int fuse_dev_fasync(int fd, struct file *file, int on)
31699 {
31700 struct fuse_conn *fc = fuse_get_conn(file);
31701 if (!fc)
31702@@ -1972,6 +1978,8 @@ static int fuse_dev_fasync(int fd, struc
31703 return fasync_helper(fd, file, on, &fc->fasync);
31704 }
31705
31706+EXPORT_SYMBOL_GPL(fuse_dev_fasync);
31707+
31708 const struct file_operations fuse_dev_operations = {
31709 .owner = THIS_MODULE,
31710 .llseek = no_llseek,
31711diff -urNp linux-2.6.38.2/fs/fuse/dir.c linux-2.6.38.2/fs/fuse/dir.c
31712--- linux-2.6.38.2/fs/fuse/dir.c 2011-03-14 21:20:32.000000000 -0400
31713+++ linux-2.6.38.2/fs/fuse/dir.c 2011-03-21 18:31:35.000000000 -0400
31714@@ -1133,7 +1133,7 @@ static char *read_link(struct dentry *de
31715 return link;
31716 }
31717
31718-static void free_link(char *link)
31719+static void free_link(const char *link)
31720 {
31721 if (!IS_ERR(link))
31722 free_page((unsigned long) link);
31723diff -urNp linux-2.6.38.2/fs/fuse/fuse_i.h linux-2.6.38.2/fs/fuse/fuse_i.h
31724--- linux-2.6.38.2/fs/fuse/fuse_i.h 2011-03-14 21:20:32.000000000 -0400
31725+++ linux-2.6.38.2/fs/fuse/fuse_i.h 2011-03-21 18:31:35.000000000 -0400
31726@@ -541,6 +541,16 @@ extern const struct file_operations fuse
31727
31728 extern const struct dentry_operations fuse_dentry_operations;
31729
31730+extern ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
31731+ unsigned long nr_segs, loff_t pos);
31732+
31733+extern ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
31734+ unsigned long nr_segs, loff_t pos);
31735+
31736+extern unsigned fuse_dev_poll(struct file *file, poll_table *wait);
31737+
31738+extern int fuse_dev_fasync(int fd, struct file *file, int on);
31739+
31740 /**
31741 * Inode to nodeid comparison.
31742 */
31743diff -urNp linux-2.6.38.2/fs/hfs/inode.c linux-2.6.38.2/fs/hfs/inode.c
31744--- linux-2.6.38.2/fs/hfs/inode.c 2011-03-14 21:20:32.000000000 -0400
31745+++ linux-2.6.38.2/fs/hfs/inode.c 2011-03-21 18:31:35.000000000 -0400
31746@@ -447,7 +447,7 @@ int hfs_write_inode(struct inode *inode,
31747
31748 if (S_ISDIR(main_inode->i_mode)) {
31749 if (fd.entrylength < sizeof(struct hfs_cat_dir))
31750- /* panic? */;
31751+ {/* panic? */}
31752 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
31753 sizeof(struct hfs_cat_dir));
31754 if (rec.type != HFS_CDR_DIR ||
31755@@ -468,7 +468,7 @@ int hfs_write_inode(struct inode *inode,
31756 sizeof(struct hfs_cat_file));
31757 } else {
31758 if (fd.entrylength < sizeof(struct hfs_cat_file))
31759- /* panic? */;
31760+ {/* panic? */}
31761 hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
31762 sizeof(struct hfs_cat_file));
31763 if (rec.type != HFS_CDR_FIL ||
31764diff -urNp linux-2.6.38.2/fs/hfsplus/inode.c linux-2.6.38.2/fs/hfsplus/inode.c
31765--- linux-2.6.38.2/fs/hfsplus/inode.c 2011-03-14 21:20:32.000000000 -0400
31766+++ linux-2.6.38.2/fs/hfsplus/inode.c 2011-03-21 18:31:35.000000000 -0400
31767@@ -498,7 +498,7 @@ int hfsplus_cat_read_inode(struct inode
31768 struct hfsplus_cat_folder *folder = &entry.folder;
31769
31770 if (fd->entrylength < sizeof(struct hfsplus_cat_folder))
31771- /* panic? */;
31772+ {/* panic? */}
31773 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
31774 sizeof(struct hfsplus_cat_folder));
31775 hfsplus_get_perms(inode, &folder->permissions, 1);
31776@@ -515,7 +515,7 @@ int hfsplus_cat_read_inode(struct inode
31777 struct hfsplus_cat_file *file = &entry.file;
31778
31779 if (fd->entrylength < sizeof(struct hfsplus_cat_file))
31780- /* panic? */;
31781+ {/* panic? */}
31782 hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
31783 sizeof(struct hfsplus_cat_file));
31784
31785@@ -572,7 +572,7 @@ int hfsplus_cat_write_inode(struct inode
31786 struct hfsplus_cat_folder *folder = &entry.folder;
31787
31788 if (fd.entrylength < sizeof(struct hfsplus_cat_folder))
31789- /* panic? */;
31790+ {/* panic? */}
31791 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
31792 sizeof(struct hfsplus_cat_folder));
31793 /* simple node checks? */
31794@@ -594,7 +594,7 @@ int hfsplus_cat_write_inode(struct inode
31795 struct hfsplus_cat_file *file = &entry.file;
31796
31797 if (fd.entrylength < sizeof(struct hfsplus_cat_file))
31798- /* panic? */;
31799+ {/* panic? */}
31800 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
31801 sizeof(struct hfsplus_cat_file));
31802 hfsplus_inode_write_fork(inode, &file->data_fork);
31803diff -urNp linux-2.6.38.2/fs/hugetlbfs/inode.c linux-2.6.38.2/fs/hugetlbfs/inode.c
31804--- linux-2.6.38.2/fs/hugetlbfs/inode.c 2011-03-14 21:20:32.000000000 -0400
31805+++ linux-2.6.38.2/fs/hugetlbfs/inode.c 2011-03-21 18:31:35.000000000 -0400
31806@@ -915,7 +915,7 @@ static struct file_system_type hugetlbfs
31807 .kill_sb = kill_litter_super,
31808 };
31809
31810-static struct vfsmount *hugetlbfs_vfsmount;
31811+struct vfsmount *hugetlbfs_vfsmount;
31812
31813 static int can_do_hugetlb_shm(void)
31814 {
31815diff -urNp linux-2.6.38.2/fs/jffs2/debug.h linux-2.6.38.2/fs/jffs2/debug.h
31816--- linux-2.6.38.2/fs/jffs2/debug.h 2011-03-14 21:20:32.000000000 -0400
31817+++ linux-2.6.38.2/fs/jffs2/debug.h 2011-03-21 18:31:35.000000000 -0400
31818@@ -53,13 +53,13 @@
31819 #if CONFIG_JFFS2_FS_DEBUG > 0
31820 #define D1(x) x
31821 #else
31822-#define D1(x)
31823+#define D1(x) do {} while (0);
31824 #endif
31825
31826 #if CONFIG_JFFS2_FS_DEBUG > 1
31827 #define D2(x) x
31828 #else
31829-#define D2(x)
31830+#define D2(x) do {} while (0);
31831 #endif
31832
31833 /* The prefixes of JFFS2 messages */
31834@@ -115,73 +115,73 @@
31835 #ifdef JFFS2_DBG_READINODE_MESSAGES
31836 #define dbg_readinode(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31837 #else
31838-#define dbg_readinode(fmt, ...)
31839+#define dbg_readinode(fmt, ...) do {} while (0)
31840 #endif
31841 #ifdef JFFS2_DBG_READINODE2_MESSAGES
31842 #define dbg_readinode2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31843 #else
31844-#define dbg_readinode2(fmt, ...)
31845+#define dbg_readinode2(fmt, ...) do {} while (0)
31846 #endif
31847
31848 /* Fragtree build debugging messages */
31849 #ifdef JFFS2_DBG_FRAGTREE_MESSAGES
31850 #define dbg_fragtree(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31851 #else
31852-#define dbg_fragtree(fmt, ...)
31853+#define dbg_fragtree(fmt, ...) do {} while (0)
31854 #endif
31855 #ifdef JFFS2_DBG_FRAGTREE2_MESSAGES
31856 #define dbg_fragtree2(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31857 #else
31858-#define dbg_fragtree2(fmt, ...)
31859+#define dbg_fragtree2(fmt, ...) do {} while (0)
31860 #endif
31861
31862 /* Directory entry list manilulation debugging messages */
31863 #ifdef JFFS2_DBG_DENTLIST_MESSAGES
31864 #define dbg_dentlist(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31865 #else
31866-#define dbg_dentlist(fmt, ...)
31867+#define dbg_dentlist(fmt, ...) do {} while (0)
31868 #endif
31869
31870 /* Print the messages about manipulating node_refs */
31871 #ifdef JFFS2_DBG_NODEREF_MESSAGES
31872 #define dbg_noderef(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31873 #else
31874-#define dbg_noderef(fmt, ...)
31875+#define dbg_noderef(fmt, ...) do {} while (0)
31876 #endif
31877
31878 /* Manipulations with the list of inodes (JFFS2 inocache) */
31879 #ifdef JFFS2_DBG_INOCACHE_MESSAGES
31880 #define dbg_inocache(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31881 #else
31882-#define dbg_inocache(fmt, ...)
31883+#define dbg_inocache(fmt, ...) do {} while (0)
31884 #endif
31885
31886 /* Summary debugging messages */
31887 #ifdef JFFS2_DBG_SUMMARY_MESSAGES
31888 #define dbg_summary(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31889 #else
31890-#define dbg_summary(fmt, ...)
31891+#define dbg_summary(fmt, ...) do {} while (0)
31892 #endif
31893
31894 /* File system build messages */
31895 #ifdef JFFS2_DBG_FSBUILD_MESSAGES
31896 #define dbg_fsbuild(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31897 #else
31898-#define dbg_fsbuild(fmt, ...)
31899+#define dbg_fsbuild(fmt, ...) do {} while (0)
31900 #endif
31901
31902 /* Watch the object allocations */
31903 #ifdef JFFS2_DBG_MEMALLOC_MESSAGES
31904 #define dbg_memalloc(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31905 #else
31906-#define dbg_memalloc(fmt, ...)
31907+#define dbg_memalloc(fmt, ...) do {} while (0)
31908 #endif
31909
31910 /* Watch the XATTR subsystem */
31911 #ifdef JFFS2_DBG_XATTR_MESSAGES
31912 #define dbg_xattr(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
31913 #else
31914-#define dbg_xattr(fmt, ...)
31915+#define dbg_xattr(fmt, ...) do {} while (0)
31916 #endif
31917
31918 /* "Sanity" checks */
31919diff -urNp linux-2.6.38.2/fs/jffs2/erase.c linux-2.6.38.2/fs/jffs2/erase.c
31920--- linux-2.6.38.2/fs/jffs2/erase.c 2011-03-14 21:20:32.000000000 -0400
31921+++ linux-2.6.38.2/fs/jffs2/erase.c 2011-03-21 18:31:35.000000000 -0400
31922@@ -439,7 +439,8 @@ static void jffs2_mark_erased_block(stru
31923 struct jffs2_unknown_node marker = {
31924 .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
31925 .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
31926- .totlen = cpu_to_je32(c->cleanmarker_size)
31927+ .totlen = cpu_to_je32(c->cleanmarker_size),
31928+ .hdr_crc = cpu_to_je32(0)
31929 };
31930
31931 jffs2_prealloc_raw_node_refs(c, jeb, 1);
31932diff -urNp linux-2.6.38.2/fs/jffs2/summary.h linux-2.6.38.2/fs/jffs2/summary.h
31933--- linux-2.6.38.2/fs/jffs2/summary.h 2011-03-14 21:20:32.000000000 -0400
31934+++ linux-2.6.38.2/fs/jffs2/summary.h 2011-03-21 18:31:35.000000000 -0400
31935@@ -194,18 +194,18 @@ int jffs2_sum_scan_sumnode(struct jffs2_
31936
31937 #define jffs2_sum_active() (0)
31938 #define jffs2_sum_init(a) (0)
31939-#define jffs2_sum_exit(a)
31940-#define jffs2_sum_disable_collecting(a)
31941+#define jffs2_sum_exit(a) do {} while (0)
31942+#define jffs2_sum_disable_collecting(a) do {} while (0)
31943 #define jffs2_sum_is_disabled(a) (0)
31944-#define jffs2_sum_reset_collected(a)
31945+#define jffs2_sum_reset_collected(a) do {} while (0)
31946 #define jffs2_sum_add_kvec(a,b,c,d) (0)
31947-#define jffs2_sum_move_collected(a,b)
31948+#define jffs2_sum_move_collected(a,b) do {} while (0)
31949 #define jffs2_sum_write_sumnode(a) (0)
31950-#define jffs2_sum_add_padding_mem(a,b)
31951-#define jffs2_sum_add_inode_mem(a,b,c)
31952-#define jffs2_sum_add_dirent_mem(a,b,c)
31953-#define jffs2_sum_add_xattr_mem(a,b,c)
31954-#define jffs2_sum_add_xref_mem(a,b,c)
31955+#define jffs2_sum_add_padding_mem(a,b) do {} while (0)
31956+#define jffs2_sum_add_inode_mem(a,b,c) do {} while (0)
31957+#define jffs2_sum_add_dirent_mem(a,b,c) do {} while (0)
31958+#define jffs2_sum_add_xattr_mem(a,b,c) do {} while (0)
31959+#define jffs2_sum_add_xref_mem(a,b,c) do {} while (0)
31960 #define jffs2_sum_scan_sumnode(a,b,c,d,e) (0)
31961
31962 #endif /* CONFIG_JFFS2_SUMMARY */
31963diff -urNp linux-2.6.38.2/fs/jffs2/wbuf.c linux-2.6.38.2/fs/jffs2/wbuf.c
31964--- linux-2.6.38.2/fs/jffs2/wbuf.c 2011-03-14 21:20:32.000000000 -0400
31965+++ linux-2.6.38.2/fs/jffs2/wbuf.c 2011-03-21 18:31:35.000000000 -0400
31966@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node o
31967 {
31968 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
31969 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
31970- .totlen = constant_cpu_to_je32(8)
31971+ .totlen = constant_cpu_to_je32(8),
31972+ .hdr_crc = constant_cpu_to_je32(0)
31973 };
31974
31975 /*
31976diff -urNp linux-2.6.38.2/fs/Kconfig.binfmt linux-2.6.38.2/fs/Kconfig.binfmt
31977--- linux-2.6.38.2/fs/Kconfig.binfmt 2011-03-14 21:20:32.000000000 -0400
31978+++ linux-2.6.38.2/fs/Kconfig.binfmt 2011-03-21 18:31:35.000000000 -0400
31979@@ -86,7 +86,7 @@ config HAVE_AOUT
31980
31981 config BINFMT_AOUT
31982 tristate "Kernel support for a.out and ECOFF binaries"
31983- depends on HAVE_AOUT
31984+ depends on HAVE_AOUT && BROKEN
31985 ---help---
31986 A.out (Assembler.OUTput) is a set of formats for libraries and
31987 executables used in the earliest versions of UNIX. Linux used
31988diff -urNp linux-2.6.38.2/fs/lockd/svc.c linux-2.6.38.2/fs/lockd/svc.c
31989--- linux-2.6.38.2/fs/lockd/svc.c 2011-03-14 21:20:32.000000000 -0400
31990+++ linux-2.6.38.2/fs/lockd/svc.c 2011-03-21 18:31:35.000000000 -0400
31991@@ -41,7 +41,7 @@
31992
31993 static struct svc_program nlmsvc_program;
31994
31995-struct nlmsvc_binding * nlmsvc_ops;
31996+const struct nlmsvc_binding * nlmsvc_ops;
31997 EXPORT_SYMBOL_GPL(nlmsvc_ops);
31998
31999 static DEFINE_MUTEX(nlmsvc_mutex);
32000diff -urNp linux-2.6.38.2/fs/locks.c linux-2.6.38.2/fs/locks.c
32001--- linux-2.6.38.2/fs/locks.c 2011-03-14 21:20:32.000000000 -0400
32002+++ linux-2.6.38.2/fs/locks.c 2011-03-21 18:31:35.000000000 -0400
32003@@ -2044,16 +2044,16 @@ void locks_remove_flock(struct file *fil
32004 return;
32005
32006 if (filp->f_op && filp->f_op->flock) {
32007- struct file_lock fl = {
32008+ struct file_lock flock = {
32009 .fl_pid = current->tgid,
32010 .fl_file = filp,
32011 .fl_flags = FL_FLOCK,
32012 .fl_type = F_UNLCK,
32013 .fl_end = OFFSET_MAX,
32014 };
32015- filp->f_op->flock(filp, F_SETLKW, &fl);
32016- if (fl.fl_ops && fl.fl_ops->fl_release_private)
32017- fl.fl_ops->fl_release_private(&fl);
32018+ filp->f_op->flock(filp, F_SETLKW, &flock);
32019+ if (flock.fl_ops && flock.fl_ops->fl_release_private)
32020+ flock.fl_ops->fl_release_private(&flock);
32021 }
32022
32023 lock_flocks();
32024diff -urNp linux-2.6.38.2/fs/namei.c linux-2.6.38.2/fs/namei.c
32025--- linux-2.6.38.2/fs/namei.c 2011-03-14 21:20:32.000000000 -0400
32026+++ linux-2.6.38.2/fs/namei.c 2011-03-28 16:59:25.000000000 -0400
32027@@ -226,14 +226,6 @@ int generic_permission(struct inode *ino
32028 return ret;
32029
32030 /*
32031- * Read/write DACs are always overridable.
32032- * Executable DACs are overridable if at least one exec bit is set.
32033- */
32034- if (!(mask & MAY_EXEC) || execute_ok(inode))
32035- if (capable(CAP_DAC_OVERRIDE))
32036- return 0;
32037-
32038- /*
32039 * Searching includes executable on directories, else just read.
32040 */
32041 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
32042@@ -241,6 +233,14 @@ int generic_permission(struct inode *ino
32043 if (capable(CAP_DAC_READ_SEARCH))
32044 return 0;
32045
32046+ /*
32047+ * Read/write DACs are always overridable.
32048+ * Executable DACs are overridable if at least one exec bit is set.
32049+ */
32050+ if (!(mask & MAY_EXEC) || execute_ok(inode))
32051+ if (capable(CAP_DAC_OVERRIDE))
32052+ return 0;
32053+
32054 return -EACCES;
32055 }
32056
32057@@ -687,7 +687,8 @@ static inline int exec_permission(struct
32058 if (ret == -ECHILD)
32059 return ret;
32060
32061- if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
32062+ if (capable_nolog(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH) ||
32063+ capable(CAP_DAC_OVERRIDE))
32064 goto ok;
32065
32066 return ret;
32067@@ -775,7 +776,7 @@ __do_follow_link(const struct path *link
32068 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
32069 error = PTR_ERR(*p);
32070 if (!IS_ERR(*p)) {
32071- char *s = nd_get_link(nd);
32072+ const char *s = nd_get_link(nd);
32073 error = 0;
32074 if (s)
32075 error = __vfs_follow_link(nd, s);
32076@@ -814,6 +815,13 @@ static inline int do_follow_link(struct
32077 err = security_inode_follow_link(path->dentry, nd);
32078 if (err)
32079 goto loop;
32080+
32081+ if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
32082+ path->dentry->d_inode, path->dentry, nd->path.mnt)) {
32083+ err = -EACCES;
32084+ goto loop;
32085+ }
32086+
32087 current->link_count++;
32088 current->total_link_count++;
32089 nd->depth++;
32090@@ -1505,13 +1513,36 @@ return_reval:
32091 return_base:
32092 if (nameidata_drop_rcu_last_maybe(nd))
32093 return -ECHILD;
32094+
32095+ if (!(nd->flags & LOOKUP_PARENT) && !gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
32096+ err = -ENOENT;
32097+ goto err_and_ret;
32098+ }
32099+
32100 return 0;
32101 out_dput:
32102 if (!(nd->flags & LOOKUP_RCU))
32103 path_put_conditional(&next, nd);
32104 break;
32105 }
32106+#ifdef CONFIG_GRKERNSEC
32107+ /* we do this because we can't operate here on an rcu'd dentry,
32108+ acquire a properly-referenced copy
32109+ */
32110+ if (nameidata_drop_rcu_last_maybe(nd))
32111+ return -ECHILD;
32112+#endif
32113+
32114+ if (!(nd->flags & LOOKUP_PARENT) && !gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
32115+ err = -ENOENT;
32116+
32117+err_and_ret:
32118+#ifndef CONFIG_GRKERNSEC
32119+ /* since we convert to ref-walk above, always put the path if we reach
32120+ here
32121+ */
32122 if (!(nd->flags & LOOKUP_RCU))
32123+#endif
32124 path_put(&nd->path);
32125 return_err:
32126 return err;
32127@@ -1738,6 +1769,9 @@ static int do_path_lookup(int dfd, const
32128 }
32129
32130 if (likely(!retval)) {
32131+ if (*name != '/' && nd->path.dentry && nd->inode && !gr_chroot_fchdir(nd->path.dentry, nd->path.mnt))
32132+ return -ENOENT;
32133+
32134 if (unlikely(!audit_dummy_context())) {
32135 if (nd->path.dentry && nd->inode)
32136 audit_inode(name, nd->path.dentry);
32137@@ -2078,6 +2112,30 @@ int vfs_create(struct inode *dir, struct
32138 return error;
32139 }
32140
32141+/*
32142+ * Note that while the flag value (low two bits) for sys_open means:
32143+ * 00 - read-only
32144+ * 01 - write-only
32145+ * 10 - read-write
32146+ * 11 - special
32147+ * it is changed into
32148+ * 00 - no permissions needed
32149+ * 01 - read-permission
32150+ * 10 - write-permission
32151+ * 11 - read-write
32152+ * for the internal routines (ie open_namei()/follow_link() etc)
32153+ * This is more logical, and also allows the 00 "no perm needed"
32154+ * to be used for symlinks (where the permissions are checked
32155+ * later).
32156+ *
32157+*/
32158+static inline int open_to_namei_flags(int flag)
32159+{
32160+ if ((flag+1) & O_ACCMODE)
32161+ flag++;
32162+ return flag;
32163+}
32164+
32165 int may_open(struct path *path, int acc_mode, int flag)
32166 {
32167 struct dentry *dentry = path->dentry;
32168@@ -2126,7 +2184,27 @@ int may_open(struct path *path, int acc_
32169 /*
32170 * Ensure there are no outstanding leases on the file.
32171 */
32172- return break_lease(inode, flag);
32173+ error = break_lease(inode, flag);
32174+
32175+ if (error)
32176+ return error;
32177+
32178+ if (gr_handle_rofs_blockwrite(dentry, path->mnt, acc_mode)) {
32179+ error = -EPERM;
32180+ goto exit;
32181+ }
32182+
32183+ if (gr_handle_rawio(inode)) {
32184+ error = -EPERM;
32185+ goto exit;
32186+ }
32187+
32188+ if (!gr_acl_handle_open(dentry, path->mnt, open_to_namei_flags(flag))) {
32189+ error = -EACCES;
32190+ goto exit;
32191+ }
32192+exit:
32193+ return error;
32194 }
32195
32196 static int handle_truncate(struct file *filp)
32197@@ -2161,6 +2239,12 @@ static int __open_namei_create(struct na
32198 {
32199 int error;
32200 struct dentry *dir = nd->path.dentry;
32201+ int flag = open_to_namei_flags(open_flag);
32202+
32203+ if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, nd->path.mnt, flag, mode)) {
32204+ error = -EACCES;
32205+ goto out_unlock;
32206+ }
32207
32208 if (!IS_POSIXACL(dir->d_inode))
32209 mode &= ~current_umask();
32210@@ -2168,6 +2252,8 @@ static int __open_namei_create(struct na
32211 if (error)
32212 goto out_unlock;
32213 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
32214+ if (!error)
32215+ gr_handle_create(path->dentry, nd->path.mnt);
32216 out_unlock:
32217 mutex_unlock(&dir->d_inode->i_mutex);
32218 dput(nd->path.dentry);
32219@@ -2179,30 +2265,6 @@ out_unlock:
32220 return may_open(&nd->path, 0, open_flag & ~O_TRUNC);
32221 }
32222
32223-/*
32224- * Note that while the flag value (low two bits) for sys_open means:
32225- * 00 - read-only
32226- * 01 - write-only
32227- * 10 - read-write
32228- * 11 - special
32229- * it is changed into
32230- * 00 - no permissions needed
32231- * 01 - read-permission
32232- * 10 - write-permission
32233- * 11 - read-write
32234- * for the internal routines (ie open_namei()/follow_link() etc)
32235- * This is more logical, and also allows the 00 "no perm needed"
32236- * to be used for symlinks (where the permissions are checked
32237- * later).
32238- *
32239-*/
32240-static inline int open_to_namei_flags(int flag)
32241-{
32242- if ((flag+1) & O_ACCMODE)
32243- flag++;
32244- return flag;
32245-}
32246-
32247 static int open_will_truncate(int flag, struct inode *inode)
32248 {
32249 /*
32250@@ -2273,6 +2335,7 @@ static struct file *do_last(struct namei
32251 int mode, const char *pathname)
32252 {
32253 struct dentry *dir = nd->path.dentry;
32254+ int flag = open_to_namei_flags(open_flag);
32255 struct file *filp;
32256 int error = -EISDIR;
32257
32258@@ -2351,6 +2414,14 @@ static struct file *do_last(struct namei
32259 /*
32260 * It already exists.
32261 */
32262+
32263+ /* only check if O_CREAT is specified, all other checks need to go
32264+ into may_open */
32265+ if (gr_handle_fifo(path->dentry, path->mnt, dir, flag, acc_mode)) {
32266+ error = -EACCES;
32267+ goto exit_mutex_unlock;
32268+ }
32269+
32270 mutex_unlock(&dir->d_inode->i_mutex);
32271 audit_inode(pathname, path->dentry);
32272
32273@@ -2534,6 +2605,11 @@ reval:
32274 error = security_inode_follow_link(link.dentry, &nd);
32275 if (error)
32276 goto exit_dput;
32277+ if (gr_handle_follow_link(link.dentry->d_parent->d_inode,
32278+ link.dentry->d_inode, link.dentry, nd.path.mnt)) {
32279+ error = -EACCES;
32280+ goto exit_dput;
32281+ }
32282 error = __do_follow_link(&link, &nd, &cookie);
32283 if (unlikely(error)) {
32284 if (!IS_ERR(cookie) && linki->i_op->put_link)
32285@@ -2704,6 +2780,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
32286 error = may_mknod(mode);
32287 if (error)
32288 goto out_dput;
32289+
32290+ if (gr_handle_chroot_mknod(dentry, nd.path.mnt, mode)) {
32291+ error = -EPERM;
32292+ goto out_dput;
32293+ }
32294+
32295+ if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
32296+ error = -EACCES;
32297+ goto out_dput;
32298+ }
32299+
32300 error = mnt_want_write(nd.path.mnt);
32301 if (error)
32302 goto out_dput;
32303@@ -2724,6 +2811,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
32304 }
32305 out_drop_write:
32306 mnt_drop_write(nd.path.mnt);
32307+
32308+ if (!error)
32309+ gr_handle_create(dentry, nd.path.mnt);
32310 out_dput:
32311 dput(dentry);
32312 out_unlock:
32313@@ -2776,6 +2866,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
32314 if (IS_ERR(dentry))
32315 goto out_unlock;
32316
32317+ if (!gr_acl_handle_mkdir(dentry, nd.path.dentry, nd.path.mnt)) {
32318+ error = -EACCES;
32319+ goto out_dput;
32320+ }
32321+
32322 if (!IS_POSIXACL(nd.path.dentry->d_inode))
32323 mode &= ~current_umask();
32324 error = mnt_want_write(nd.path.mnt);
32325@@ -2787,6 +2882,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
32326 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
32327 out_drop_write:
32328 mnt_drop_write(nd.path.mnt);
32329+
32330+ if (!error)
32331+ gr_handle_create(dentry, nd.path.mnt);
32332+
32333 out_dput:
32334 dput(dentry);
32335 out_unlock:
32336@@ -2866,6 +2965,8 @@ static long do_rmdir(int dfd, const char
32337 char * name;
32338 struct dentry *dentry;
32339 struct nameidata nd;
32340+ ino_t saved_ino = 0;
32341+ dev_t saved_dev = 0;
32342
32343 error = user_path_parent(dfd, pathname, &nd, &name);
32344 if (error)
32345@@ -2890,6 +2991,19 @@ static long do_rmdir(int dfd, const char
32346 error = PTR_ERR(dentry);
32347 if (IS_ERR(dentry))
32348 goto exit2;
32349+
32350+ if (dentry->d_inode != NULL) {
32351+ if (dentry->d_inode->i_nlink <= 1) {
32352+ saved_ino = dentry->d_inode->i_ino;
32353+ saved_dev = gr_get_dev_from_dentry(dentry);
32354+ }
32355+
32356+ if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
32357+ error = -EACCES;
32358+ goto exit3;
32359+ }
32360+ }
32361+
32362 error = mnt_want_write(nd.path.mnt);
32363 if (error)
32364 goto exit3;
32365@@ -2897,6 +3011,8 @@ static long do_rmdir(int dfd, const char
32366 if (error)
32367 goto exit4;
32368 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
32369+ if (!error && (saved_dev || saved_ino))
32370+ gr_handle_delete(saved_ino, saved_dev);
32371 exit4:
32372 mnt_drop_write(nd.path.mnt);
32373 exit3:
32374@@ -2959,6 +3075,8 @@ static long do_unlinkat(int dfd, const c
32375 struct dentry *dentry;
32376 struct nameidata nd;
32377 struct inode *inode = NULL;
32378+ ino_t saved_ino = 0;
32379+ dev_t saved_dev = 0;
32380
32381 error = user_path_parent(dfd, pathname, &nd, &name);
32382 if (error)
32383@@ -2978,8 +3096,17 @@ static long do_unlinkat(int dfd, const c
32384 if (nd.last.name[nd.last.len])
32385 goto slashes;
32386 inode = dentry->d_inode;
32387- if (inode)
32388+ if (inode) {
32389 ihold(inode);
32390+ if (inode->i_nlink <= 1) {
32391+ saved_ino = inode->i_ino;
32392+ saved_dev = gr_get_dev_from_dentry(dentry);
32393+ }
32394+ if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
32395+ error = -EACCES;
32396+ goto exit2;
32397+ }
32398+ }
32399 error = mnt_want_write(nd.path.mnt);
32400 if (error)
32401 goto exit2;
32402@@ -2987,6 +3114,8 @@ static long do_unlinkat(int dfd, const c
32403 if (error)
32404 goto exit3;
32405 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
32406+ if (!error && (saved_ino || saved_dev))
32407+ gr_handle_delete(saved_ino, saved_dev);
32408 exit3:
32409 mnt_drop_write(nd.path.mnt);
32410 exit2:
32411@@ -3064,6 +3193,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
32412 if (IS_ERR(dentry))
32413 goto out_unlock;
32414
32415+ if (!gr_acl_handle_symlink(dentry, nd.path.dentry, nd.path.mnt, from)) {
32416+ error = -EACCES;
32417+ goto out_dput;
32418+ }
32419+
32420 error = mnt_want_write(nd.path.mnt);
32421 if (error)
32422 goto out_dput;
32423@@ -3071,6 +3205,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
32424 if (error)
32425 goto out_drop_write;
32426 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
32427+ if (!error)
32428+ gr_handle_create(dentry, nd.path.mnt);
32429 out_drop_write:
32430 mnt_drop_write(nd.path.mnt);
32431 out_dput:
32432@@ -3163,6 +3299,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
32433 error = PTR_ERR(new_dentry);
32434 if (IS_ERR(new_dentry))
32435 goto out_unlock;
32436+
32437+ if (gr_handle_hardlink(old_path.dentry, old_path.mnt,
32438+ old_path.dentry->d_inode,
32439+ old_path.dentry->d_inode->i_mode, to)) {
32440+ error = -EACCES;
32441+ goto out_dput;
32442+ }
32443+
32444+ if (!gr_acl_handle_link(new_dentry, nd.path.dentry, nd.path.mnt,
32445+ old_path.dentry, old_path.mnt, to)) {
32446+ error = -EACCES;
32447+ goto out_dput;
32448+ }
32449+
32450 error = mnt_want_write(nd.path.mnt);
32451 if (error)
32452 goto out_dput;
32453@@ -3170,6 +3320,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
32454 if (error)
32455 goto out_drop_write;
32456 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
32457+ if (!error)
32458+ gr_handle_create(new_dentry, nd.path.mnt);
32459 out_drop_write:
32460 mnt_drop_write(nd.path.mnt);
32461 out_dput:
32462@@ -3403,6 +3555,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
32463 if (new_dentry == trap)
32464 goto exit5;
32465
32466+ error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt,
32467+ old_dentry, old_dir->d_inode, oldnd.path.mnt,
32468+ to);
32469+ if (error)
32470+ goto exit5;
32471+
32472 error = mnt_want_write(oldnd.path.mnt);
32473 if (error)
32474 goto exit5;
32475@@ -3412,6 +3570,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
32476 goto exit6;
32477 error = vfs_rename(old_dir->d_inode, old_dentry,
32478 new_dir->d_inode, new_dentry);
32479+ if (!error)
32480+ gr_handle_rename(old_dir->d_inode, new_dir->d_inode, old_dentry,
32481+ new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0);
32482 exit6:
32483 mnt_drop_write(oldnd.path.mnt);
32484 exit5:
32485diff -urNp linux-2.6.38.2/fs/namespace.c linux-2.6.38.2/fs/namespace.c
32486--- linux-2.6.38.2/fs/namespace.c 2011-03-28 17:42:40.000000000 -0400
32487+++ linux-2.6.38.2/fs/namespace.c 2011-03-28 17:42:53.000000000 -0400
32488@@ -1285,6 +1285,9 @@ static int do_umount(struct vfsmount *mn
32489 if (!(sb->s_flags & MS_RDONLY))
32490 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
32491 up_write(&sb->s_umount);
32492+
32493+ gr_log_remount(mnt->mnt_devname, retval);
32494+
32495 return retval;
32496 }
32497
32498@@ -1304,6 +1307,9 @@ static int do_umount(struct vfsmount *mn
32499 br_write_unlock(vfsmount_lock);
32500 up_write(&namespace_sem);
32501 release_mounts(&umount_list);
32502+
32503+ gr_log_unmount(mnt->mnt_devname, retval);
32504+
32505 return retval;
32506 }
32507
32508@@ -2241,6 +2247,16 @@ long do_mount(char *dev_name, char *dir_
32509 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
32510 MS_STRICTATIME);
32511
32512+ if (gr_handle_rofs_mount(path.dentry, path.mnt, mnt_flags)) {
32513+ retval = -EPERM;
32514+ goto dput_out;
32515+ }
32516+
32517+ if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) {
32518+ retval = -EPERM;
32519+ goto dput_out;
32520+ }
32521+
32522 if (flags & MS_REMOUNT)
32523 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
32524 data_page);
32525@@ -2255,6 +2271,9 @@ long do_mount(char *dev_name, char *dir_
32526 dev_name, data_page);
32527 dput_out:
32528 path_put(&path);
32529+
32530+ gr_log_mount(dev_name, dir_name, retval);
32531+
32532 return retval;
32533 }
32534
32535@@ -2480,6 +2499,12 @@ SYSCALL_DEFINE2(pivot_root, const char _
32536 goto out1;
32537 }
32538
32539+ if (gr_handle_chroot_pivot()) {
32540+ error = -EPERM;
32541+ path_put(&old);
32542+ goto out1;
32543+ }
32544+
32545 get_fs_root(current->fs, &root);
32546 down_write(&namespace_sem);
32547 mutex_lock(&old.dentry->d_inode->i_mutex);
32548diff -urNp linux-2.6.38.2/fs/nfs/inode.c linux-2.6.38.2/fs/nfs/inode.c
32549--- linux-2.6.38.2/fs/nfs/inode.c 2011-03-14 21:20:32.000000000 -0400
32550+++ linux-2.6.38.2/fs/nfs/inode.c 2011-03-21 18:31:35.000000000 -0400
32551@@ -998,16 +998,16 @@ static int nfs_size_need_update(const st
32552 return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
32553 }
32554
32555-static atomic_long_t nfs_attr_generation_counter;
32556+static atomic_long_unchecked_t nfs_attr_generation_counter;
32557
32558 static unsigned long nfs_read_attr_generation_counter(void)
32559 {
32560- return atomic_long_read(&nfs_attr_generation_counter);
32561+ return atomic_long_read_unchecked(&nfs_attr_generation_counter);
32562 }
32563
32564 unsigned long nfs_inc_attr_generation_counter(void)
32565 {
32566- return atomic_long_inc_return(&nfs_attr_generation_counter);
32567+ return atomic_long_inc_return_unchecked(&nfs_attr_generation_counter);
32568 }
32569
32570 void nfs_fattr_init(struct nfs_fattr *fattr)
32571diff -urNp linux-2.6.38.2/fs/nfs/nfs4proc.c linux-2.6.38.2/fs/nfs/nfs4proc.c
32572--- linux-2.6.38.2/fs/nfs/nfs4proc.c 2011-03-14 21:20:32.000000000 -0400
32573+++ linux-2.6.38.2/fs/nfs/nfs4proc.c 2011-03-21 18:31:35.000000000 -0400
32574@@ -1198,7 +1198,7 @@ static int _nfs4_do_open_reclaim(struct
32575 static int nfs4_do_open_reclaim(struct nfs_open_context *ctx, struct nfs4_state *state)
32576 {
32577 struct nfs_server *server = NFS_SERVER(state->inode);
32578- struct nfs4_exception exception = { };
32579+ struct nfs4_exception exception = {0, 0};
32580 int err;
32581 do {
32582 err = _nfs4_do_open_reclaim(ctx, state);
32583@@ -1240,7 +1240,7 @@ static int _nfs4_open_delegation_recall(
32584
32585 int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
32586 {
32587- struct nfs4_exception exception = { };
32588+ struct nfs4_exception exception = {0, 0};
32589 struct nfs_server *server = NFS_SERVER(state->inode);
32590 int err;
32591 do {
32592@@ -1615,7 +1615,7 @@ static int _nfs4_open_expired(struct nfs
32593 static int nfs4_do_open_expired(struct nfs_open_context *ctx, struct nfs4_state *state)
32594 {
32595 struct nfs_server *server = NFS_SERVER(state->inode);
32596- struct nfs4_exception exception = { };
32597+ struct nfs4_exception exception = {0, 0};
32598 int err;
32599
32600 do {
32601@@ -1730,7 +1730,7 @@ out_err:
32602
32603 static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, fmode_t fmode, int flags, struct iattr *sattr, struct rpc_cred *cred)
32604 {
32605- struct nfs4_exception exception = { };
32606+ struct nfs4_exception exception = {0, 0};
32607 struct nfs4_state *res;
32608 int status;
32609
32610@@ -1821,7 +1821,7 @@ static int nfs4_do_setattr(struct inode
32611 struct nfs4_state *state)
32612 {
32613 struct nfs_server *server = NFS_SERVER(inode);
32614- struct nfs4_exception exception = { };
32615+ struct nfs4_exception exception = {0, 0};
32616 int err;
32617 do {
32618 err = nfs4_handle_exception(server,
32619@@ -2111,7 +2111,7 @@ static int _nfs4_server_capabilities(str
32620
32621 int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle)
32622 {
32623- struct nfs4_exception exception = { };
32624+ struct nfs4_exception exception = {0, 0};
32625 int err;
32626 do {
32627 err = nfs4_handle_exception(server,
32628@@ -2145,7 +2145,7 @@ static int _nfs4_lookup_root(struct nfs_
32629 static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
32630 struct nfs_fsinfo *info)
32631 {
32632- struct nfs4_exception exception = { };
32633+ struct nfs4_exception exception = {0, 0};
32634 int err;
32635 do {
32636 err = nfs4_handle_exception(server,
32637@@ -2233,7 +2233,7 @@ static int _nfs4_proc_getattr(struct nfs
32638
32639 static int nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
32640 {
32641- struct nfs4_exception exception = { };
32642+ struct nfs4_exception exception = {0, 0};
32643 int err;
32644 do {
32645 err = nfs4_handle_exception(server,
32646@@ -2321,7 +2321,7 @@ static int nfs4_proc_lookupfh(struct nfs
32647 struct qstr *name, struct nfs_fh *fhandle,
32648 struct nfs_fattr *fattr)
32649 {
32650- struct nfs4_exception exception = { };
32651+ struct nfs4_exception exception = {0, 0};
32652 int err;
32653 do {
32654 err = _nfs4_proc_lookupfh(server, dirfh, name, fhandle, fattr);
32655@@ -2350,7 +2350,7 @@ static int _nfs4_proc_lookup(struct inod
32656
32657 static int nfs4_proc_lookup(struct inode *dir, struct qstr *name, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
32658 {
32659- struct nfs4_exception exception = { };
32660+ struct nfs4_exception exception = {0, 0};
32661 int err;
32662 do {
32663 err = nfs4_handle_exception(NFS_SERVER(dir),
32664@@ -2417,7 +2417,7 @@ static int _nfs4_proc_access(struct inod
32665
32666 static int nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry)
32667 {
32668- struct nfs4_exception exception = { };
32669+ struct nfs4_exception exception = {0, 0};
32670 int err;
32671 do {
32672 err = nfs4_handle_exception(NFS_SERVER(inode),
32673@@ -2473,7 +2473,7 @@ static int _nfs4_proc_readlink(struct in
32674 static int nfs4_proc_readlink(struct inode *inode, struct page *page,
32675 unsigned int pgbase, unsigned int pglen)
32676 {
32677- struct nfs4_exception exception = { };
32678+ struct nfs4_exception exception = {0, 0};
32679 int err;
32680 do {
32681 err = nfs4_handle_exception(NFS_SERVER(inode),
32682@@ -2568,7 +2568,7 @@ out:
32683
32684 static int nfs4_proc_remove(struct inode *dir, struct qstr *name)
32685 {
32686- struct nfs4_exception exception = { };
32687+ struct nfs4_exception exception = {0, 0};
32688 int err;
32689 do {
32690 err = nfs4_handle_exception(NFS_SERVER(dir),
32691@@ -2673,7 +2673,7 @@ out:
32692 static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name,
32693 struct inode *new_dir, struct qstr *new_name)
32694 {
32695- struct nfs4_exception exception = { };
32696+ struct nfs4_exception exception = {0, 0};
32697 int err;
32698 do {
32699 err = nfs4_handle_exception(NFS_SERVER(old_dir),
32700@@ -2722,7 +2722,7 @@ out:
32701
32702 static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
32703 {
32704- struct nfs4_exception exception = { };
32705+ struct nfs4_exception exception = {0, 0};
32706 int err;
32707 do {
32708 err = nfs4_handle_exception(NFS_SERVER(inode),
32709@@ -2814,7 +2814,7 @@ out:
32710 static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
32711 struct page *page, unsigned int len, struct iattr *sattr)
32712 {
32713- struct nfs4_exception exception = { };
32714+ struct nfs4_exception exception = {0, 0};
32715 int err;
32716 do {
32717 err = nfs4_handle_exception(NFS_SERVER(dir),
32718@@ -2845,7 +2845,7 @@ out:
32719 static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
32720 struct iattr *sattr)
32721 {
32722- struct nfs4_exception exception = { };
32723+ struct nfs4_exception exception = {0, 0};
32724 int err;
32725
32726 sattr->ia_mode &= ~current_umask();
32727@@ -2899,7 +2899,7 @@ static int _nfs4_proc_readdir(struct den
32728 static int nfs4_proc_readdir(struct dentry *dentry, struct rpc_cred *cred,
32729 u64 cookie, struct page **pages, unsigned int count, int plus)
32730 {
32731- struct nfs4_exception exception = { };
32732+ struct nfs4_exception exception = {0, 0};
32733 int err;
32734 do {
32735 err = nfs4_handle_exception(NFS_SERVER(dentry->d_inode),
32736@@ -2947,7 +2947,7 @@ out:
32737 static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
32738 struct iattr *sattr, dev_t rdev)
32739 {
32740- struct nfs4_exception exception = { };
32741+ struct nfs4_exception exception = {0, 0};
32742 int err;
32743
32744 sattr->ia_mode &= ~current_umask();
32745@@ -2981,7 +2981,7 @@ static int _nfs4_proc_statfs(struct nfs_
32746
32747 static int nfs4_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsstat *fsstat)
32748 {
32749- struct nfs4_exception exception = { };
32750+ struct nfs4_exception exception = {0, 0};
32751 int err;
32752 do {
32753 err = nfs4_handle_exception(server,
32754@@ -3012,7 +3012,7 @@ static int _nfs4_do_fsinfo(struct nfs_se
32755
32756 static int nfs4_do_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsinfo *fsinfo)
32757 {
32758- struct nfs4_exception exception = { };
32759+ struct nfs4_exception exception = {0, 0};
32760 int err;
32761
32762 do {
32763@@ -3058,7 +3058,7 @@ static int _nfs4_proc_pathconf(struct nf
32764 static int nfs4_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
32765 struct nfs_pathconf *pathconf)
32766 {
32767- struct nfs4_exception exception = { };
32768+ struct nfs4_exception exception = {0, 0};
32769 int err;
32770
32771 do {
32772@@ -3404,7 +3404,7 @@ out_free:
32773
32774 static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
32775 {
32776- struct nfs4_exception exception = { };
32777+ struct nfs4_exception exception = {0, 0};
32778 ssize_t ret;
32779 do {
32780 ret = __nfs4_get_acl_uncached(inode, buf, buflen);
32781@@ -3479,7 +3479,7 @@ static int __nfs4_proc_set_acl(struct in
32782
32783 static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
32784 {
32785- struct nfs4_exception exception = { };
32786+ struct nfs4_exception exception = {0, 0};
32787 int err;
32788 do {
32789 err = nfs4_handle_exception(NFS_SERVER(inode),
32790@@ -3760,7 +3760,7 @@ out:
32791 int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync)
32792 {
32793 struct nfs_server *server = NFS_SERVER(inode);
32794- struct nfs4_exception exception = { };
32795+ struct nfs4_exception exception = {0, 0};
32796 int err;
32797 do {
32798 err = _nfs4_proc_delegreturn(inode, cred, stateid, issync);
32799@@ -3834,7 +3834,7 @@ out:
32800
32801 static int nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock *request)
32802 {
32803- struct nfs4_exception exception = { };
32804+ struct nfs4_exception exception = {0, 0};
32805 int err;
32806
32807 do {
32808@@ -4239,7 +4239,7 @@ static int _nfs4_do_setlk(struct nfs4_st
32809 static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request)
32810 {
32811 struct nfs_server *server = NFS_SERVER(state->inode);
32812- struct nfs4_exception exception = { };
32813+ struct nfs4_exception exception = {0, 0};
32814 int err;
32815
32816 do {
32817@@ -4257,7 +4257,7 @@ static int nfs4_lock_reclaim(struct nfs4
32818 static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request)
32819 {
32820 struct nfs_server *server = NFS_SERVER(state->inode);
32821- struct nfs4_exception exception = { };
32822+ struct nfs4_exception exception = {0, 0};
32823 int err;
32824
32825 err = nfs4_set_lock_state(state, request);
32826@@ -4321,7 +4321,7 @@ out:
32827
32828 static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock *request)
32829 {
32830- struct nfs4_exception exception = { };
32831+ struct nfs4_exception exception = {0, 0};
32832 int err;
32833
32834 do {
32835@@ -4381,7 +4381,7 @@ nfs4_proc_lock(struct file *filp, int cm
32836 int nfs4_lock_delegation_recall(struct nfs4_state *state, struct file_lock *fl)
32837 {
32838 struct nfs_server *server = NFS_SERVER(state->inode);
32839- struct nfs4_exception exception = { };
32840+ struct nfs4_exception exception = {0, 0};
32841 int err;
32842
32843 err = nfs4_set_lock_state(state, fl);
32844diff -urNp linux-2.6.38.2/fs/nfsd/lockd.c linux-2.6.38.2/fs/nfsd/lockd.c
32845--- linux-2.6.38.2/fs/nfsd/lockd.c 2011-03-14 21:20:32.000000000 -0400
32846+++ linux-2.6.38.2/fs/nfsd/lockd.c 2011-03-21 18:31:35.000000000 -0400
32847@@ -61,7 +61,7 @@ nlm_fclose(struct file *filp)
32848 fput(filp);
32849 }
32850
32851-static struct nlmsvc_binding nfsd_nlm_ops = {
32852+static const struct nlmsvc_binding nfsd_nlm_ops = {
32853 .fopen = nlm_fopen, /* open file for locking */
32854 .fclose = nlm_fclose, /* close file */
32855 };
32856diff -urNp linux-2.6.38.2/fs/nfsd/nfsctl.c linux-2.6.38.2/fs/nfsd/nfsctl.c
32857--- linux-2.6.38.2/fs/nfsd/nfsctl.c 2011-03-14 21:20:32.000000000 -0400
32858+++ linux-2.6.38.2/fs/nfsd/nfsctl.c 2011-03-21 18:31:35.000000000 -0400
32859@@ -180,7 +180,7 @@ static int export_features_open(struct i
32860 return single_open(file, export_features_show, NULL);
32861 }
32862
32863-static struct file_operations export_features_operations = {
32864+static const struct file_operations export_features_operations = {
32865 .open = export_features_open,
32866 .read = seq_read,
32867 .llseek = seq_lseek,
32868diff -urNp linux-2.6.38.2/fs/nfsd/vfs.c linux-2.6.38.2/fs/nfsd/vfs.c
32869--- linux-2.6.38.2/fs/nfsd/vfs.c 2011-03-14 21:20:32.000000000 -0400
32870+++ linux-2.6.38.2/fs/nfsd/vfs.c 2011-03-21 18:31:35.000000000 -0400
32871@@ -898,7 +898,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, st
32872 } else {
32873 oldfs = get_fs();
32874 set_fs(KERNEL_DS);
32875- host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset);
32876+ host_err = vfs_readv(file, (__force struct iovec __user *)vec, vlen, &offset);
32877 set_fs(oldfs);
32878 }
32879
32880@@ -1002,7 +1002,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s
32881
32882 /* Write the data. */
32883 oldfs = get_fs(); set_fs(KERNEL_DS);
32884- host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &offset);
32885+ host_err = vfs_writev(file, (__force struct iovec __user *)vec, vlen, &offset);
32886 set_fs(oldfs);
32887 if (host_err < 0)
32888 goto out_nfserr;
32889@@ -1518,7 +1518,7 @@ nfsd_readlink(struct svc_rqst *rqstp, st
32890 */
32891
32892 oldfs = get_fs(); set_fs(KERNEL_DS);
32893- host_err = inode->i_op->readlink(dentry, buf, *lenp);
32894+ host_err = inode->i_op->readlink(dentry, (__force char __user *)buf, *lenp);
32895 set_fs(oldfs);
32896
32897 if (host_err < 0)
32898diff -urNp linux-2.6.38.2/fs/nls/nls_base.c linux-2.6.38.2/fs/nls/nls_base.c
32899--- linux-2.6.38.2/fs/nls/nls_base.c 2011-03-14 21:20:32.000000000 -0400
32900+++ linux-2.6.38.2/fs/nls/nls_base.c 2011-03-21 18:31:35.000000000 -0400
32901@@ -41,7 +41,7 @@ static const struct utf8_table utf8_tabl
32902 {0xF8, 0xF0, 3*6, 0x1FFFFF, 0x10000, /* 4 byte sequence */},
32903 {0xFC, 0xF8, 4*6, 0x3FFFFFF, 0x200000, /* 5 byte sequence */},
32904 {0xFE, 0xFC, 5*6, 0x7FFFFFFF, 0x4000000, /* 6 byte sequence */},
32905- {0, /* end of table */}
32906+ {0, 0, 0, 0, 0, /* end of table */}
32907 };
32908
32909 #define UNICODE_MAX 0x0010ffff
32910diff -urNp linux-2.6.38.2/fs/ntfs/dir.c linux-2.6.38.2/fs/ntfs/dir.c
32911--- linux-2.6.38.2/fs/ntfs/dir.c 2011-03-14 21:20:32.000000000 -0400
32912+++ linux-2.6.38.2/fs/ntfs/dir.c 2011-03-21 18:31:35.000000000 -0400
32913@@ -1329,7 +1329,7 @@ find_next_index_buffer:
32914 ia = (INDEX_ALLOCATION*)(kaddr + (ia_pos & ~PAGE_CACHE_MASK &
32915 ~(s64)(ndir->itype.index.block_size - 1)));
32916 /* Bounds checks. */
32917- if (unlikely((u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_CACHE_SIZE)) {
32918+ if (unlikely(!kaddr || (u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_CACHE_SIZE)) {
32919 ntfs_error(sb, "Out of bounds check failed. Corrupt directory "
32920 "inode 0x%lx or driver bug.", vdir->i_ino);
32921 goto err_out;
32922diff -urNp linux-2.6.38.2/fs/ntfs/file.c linux-2.6.38.2/fs/ntfs/file.c
32923--- linux-2.6.38.2/fs/ntfs/file.c 2011-03-14 21:20:32.000000000 -0400
32924+++ linux-2.6.38.2/fs/ntfs/file.c 2011-03-21 18:31:35.000000000 -0400
32925@@ -2222,6 +2222,6 @@ const struct inode_operations ntfs_file_
32926 #endif /* NTFS_RW */
32927 };
32928
32929-const struct file_operations ntfs_empty_file_ops = {};
32930+const struct file_operations ntfs_empty_file_ops __read_only;
32931
32932-const struct inode_operations ntfs_empty_inode_ops = {};
32933+const struct inode_operations ntfs_empty_inode_ops __read_only;
32934diff -urNp linux-2.6.38.2/fs/ocfs2/localalloc.c linux-2.6.38.2/fs/ocfs2/localalloc.c
32935--- linux-2.6.38.2/fs/ocfs2/localalloc.c 2011-03-14 21:20:32.000000000 -0400
32936+++ linux-2.6.38.2/fs/ocfs2/localalloc.c 2011-03-21 18:31:35.000000000 -0400
32937@@ -1307,7 +1307,7 @@ static int ocfs2_local_alloc_slide_windo
32938 goto bail;
32939 }
32940
32941- atomic_inc(&osb->alloc_stats.moves);
32942+ atomic_inc_unchecked(&osb->alloc_stats.moves);
32943
32944 bail:
32945 if (handle)
32946diff -urNp linux-2.6.38.2/fs/ocfs2/ocfs2.h linux-2.6.38.2/fs/ocfs2/ocfs2.h
32947--- linux-2.6.38.2/fs/ocfs2/ocfs2.h 2011-03-14 21:20:32.000000000 -0400
32948+++ linux-2.6.38.2/fs/ocfs2/ocfs2.h 2011-03-21 18:31:35.000000000 -0400
32949@@ -230,11 +230,11 @@ enum ocfs2_vol_state
32950
32951 struct ocfs2_alloc_stats
32952 {
32953- atomic_t moves;
32954- atomic_t local_data;
32955- atomic_t bitmap_data;
32956- atomic_t bg_allocs;
32957- atomic_t bg_extends;
32958+ atomic_unchecked_t moves;
32959+ atomic_unchecked_t local_data;
32960+ atomic_unchecked_t bitmap_data;
32961+ atomic_unchecked_t bg_allocs;
32962+ atomic_unchecked_t bg_extends;
32963 };
32964
32965 enum ocfs2_local_alloc_state
32966diff -urNp linux-2.6.38.2/fs/ocfs2/suballoc.c linux-2.6.38.2/fs/ocfs2/suballoc.c
32967--- linux-2.6.38.2/fs/ocfs2/suballoc.c 2011-03-14 21:20:32.000000000 -0400
32968+++ linux-2.6.38.2/fs/ocfs2/suballoc.c 2011-03-21 18:31:35.000000000 -0400
32969@@ -877,7 +877,7 @@ static int ocfs2_reserve_suballoc_bits(s
32970 mlog_errno(status);
32971 goto bail;
32972 }
32973- atomic_inc(&osb->alloc_stats.bg_extends);
32974+ atomic_inc_unchecked(&osb->alloc_stats.bg_extends);
32975
32976 /* You should never ask for this much metadata */
32977 BUG_ON(bits_wanted >
32978@@ -2012,7 +2012,7 @@ int ocfs2_claim_metadata(handle_t *handl
32979 mlog_errno(status);
32980 goto bail;
32981 }
32982- atomic_inc(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
32983+ atomic_inc_unchecked(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
32984
32985 *suballoc_loc = res.sr_bg_blkno;
32986 *suballoc_bit_start = res.sr_bit_offset;
32987@@ -2219,7 +2219,7 @@ int ocfs2_claim_new_inode(handle_t *hand
32988 mlog_errno(status);
32989 goto bail;
32990 }
32991- atomic_inc(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
32992+ atomic_inc_unchecked(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
32993
32994 BUG_ON(res.sr_bits != 1);
32995
32996@@ -2324,7 +2324,7 @@ int __ocfs2_claim_clusters(handle_t *han
32997 cluster_start,
32998 num_clusters);
32999 if (!status)
33000- atomic_inc(&osb->alloc_stats.local_data);
33001+ atomic_inc_unchecked(&osb->alloc_stats.local_data);
33002 } else {
33003 if (min_clusters > (osb->bitmap_cpg - 1)) {
33004 /* The only paths asking for contiguousness
33005@@ -2350,7 +2350,7 @@ int __ocfs2_claim_clusters(handle_t *han
33006 ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
33007 res.sr_bg_blkno,
33008 res.sr_bit_offset);
33009- atomic_inc(&osb->alloc_stats.bitmap_data);
33010+ atomic_inc_unchecked(&osb->alloc_stats.bitmap_data);
33011 *num_clusters = res.sr_bits;
33012 }
33013 }
33014diff -urNp linux-2.6.38.2/fs/ocfs2/super.c linux-2.6.38.2/fs/ocfs2/super.c
33015--- linux-2.6.38.2/fs/ocfs2/super.c 2011-03-14 21:20:32.000000000 -0400
33016+++ linux-2.6.38.2/fs/ocfs2/super.c 2011-03-21 18:31:35.000000000 -0400
33017@@ -297,11 +297,11 @@ static int ocfs2_osb_dump(struct ocfs2_s
33018 "%10s => GlobalAllocs: %d LocalAllocs: %d "
33019 "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n",
33020 "Stats",
33021- atomic_read(&osb->alloc_stats.bitmap_data),
33022- atomic_read(&osb->alloc_stats.local_data),
33023- atomic_read(&osb->alloc_stats.bg_allocs),
33024- atomic_read(&osb->alloc_stats.moves),
33025- atomic_read(&osb->alloc_stats.bg_extends));
33026+ atomic_read_unchecked(&osb->alloc_stats.bitmap_data),
33027+ atomic_read_unchecked(&osb->alloc_stats.local_data),
33028+ atomic_read_unchecked(&osb->alloc_stats.bg_allocs),
33029+ atomic_read_unchecked(&osb->alloc_stats.moves),
33030+ atomic_read_unchecked(&osb->alloc_stats.bg_extends));
33031
33032 out += snprintf(buf + out, len - out,
33033 "%10s => State: %u Descriptor: %llu Size: %u bits "
33034@@ -2141,11 +2141,11 @@ static int ocfs2_initialize_super(struct
33035 spin_lock_init(&osb->osb_xattr_lock);
33036 ocfs2_init_steal_slots(osb);
33037
33038- atomic_set(&osb->alloc_stats.moves, 0);
33039- atomic_set(&osb->alloc_stats.local_data, 0);
33040- atomic_set(&osb->alloc_stats.bitmap_data, 0);
33041- atomic_set(&osb->alloc_stats.bg_allocs, 0);
33042- atomic_set(&osb->alloc_stats.bg_extends, 0);
33043+ atomic_set_unchecked(&osb->alloc_stats.moves, 0);
33044+ atomic_set_unchecked(&osb->alloc_stats.local_data, 0);
33045+ atomic_set_unchecked(&osb->alloc_stats.bitmap_data, 0);
33046+ atomic_set_unchecked(&osb->alloc_stats.bg_allocs, 0);
33047+ atomic_set_unchecked(&osb->alloc_stats.bg_extends, 0);
33048
33049 /* Copy the blockcheck stats from the superblock probe */
33050 osb->osb_ecc_stats = *stats;
33051diff -urNp linux-2.6.38.2/fs/ocfs2/symlink.c linux-2.6.38.2/fs/ocfs2/symlink.c
33052--- linux-2.6.38.2/fs/ocfs2/symlink.c 2011-03-14 21:20:32.000000000 -0400
33053+++ linux-2.6.38.2/fs/ocfs2/symlink.c 2011-03-21 18:31:35.000000000 -0400
33054@@ -148,7 +148,7 @@ bail:
33055
33056 static void ocfs2_fast_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
33057 {
33058- char *link = nd_get_link(nd);
33059+ const char *link = nd_get_link(nd);
33060 if (!IS_ERR(link))
33061 kfree(link);
33062 }
33063diff -urNp linux-2.6.38.2/fs/open.c linux-2.6.38.2/fs/open.c
33064--- linux-2.6.38.2/fs/open.c 2011-03-14 21:20:32.000000000 -0400
33065+++ linux-2.6.38.2/fs/open.c 2011-03-21 18:31:35.000000000 -0400
33066@@ -112,6 +112,10 @@ static long do_sys_truncate(const char _
33067 error = locks_verify_truncate(inode, NULL, length);
33068 if (!error)
33069 error = security_path_truncate(&path);
33070+
33071+ if (!error && !gr_acl_handle_truncate(path.dentry, path.mnt))
33072+ error = -EACCES;
33073+
33074 if (!error)
33075 error = do_truncate(path.dentry, length, 0, NULL);
33076
33077@@ -358,6 +362,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, con
33078 if (__mnt_is_readonly(path.mnt))
33079 res = -EROFS;
33080
33081+ if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode))
33082+ res = -EACCES;
33083+
33084 out_path_release:
33085 path_put(&path);
33086 out:
33087@@ -384,6 +391,8 @@ SYSCALL_DEFINE1(chdir, const char __user
33088 if (error)
33089 goto dput_and_out;
33090
33091+ gr_log_chdir(path.dentry, path.mnt);
33092+
33093 set_fs_pwd(current->fs, &path);
33094
33095 dput_and_out:
33096@@ -410,6 +419,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd
33097 goto out_putf;
33098
33099 error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
33100+
33101+ if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt))
33102+ error = -EPERM;
33103+
33104+ if (!error)
33105+ gr_log_chdir(file->f_path.dentry, file->f_path.mnt);
33106+
33107 if (!error)
33108 set_fs_pwd(current->fs, &file->f_path);
33109 out_putf:
33110@@ -438,7 +454,18 @@ SYSCALL_DEFINE1(chroot, const char __use
33111 if (error)
33112 goto dput_and_out;
33113
33114+ if (gr_handle_chroot_chroot(path.dentry, path.mnt))
33115+ goto dput_and_out;
33116+
33117+ if (gr_handle_chroot_caps(&path)) {
33118+ error = -ENOMEM;
33119+ goto dput_and_out;
33120+ }
33121+
33122 set_fs_root(current->fs, &path);
33123+
33124+ gr_handle_chroot_chdir(&path);
33125+
33126 error = 0;
33127 dput_and_out:
33128 path_put(&path);
33129@@ -466,12 +493,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
33130 err = mnt_want_write_file(file);
33131 if (err)
33132 goto out_putf;
33133+
33134 mutex_lock(&inode->i_mutex);
33135+
33136+ if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) {
33137+ err = -EACCES;
33138+ goto out_unlock;
33139+ }
33140+
33141 err = security_path_chmod(dentry, file->f_vfsmnt, mode);
33142 if (err)
33143 goto out_unlock;
33144 if (mode == (mode_t) -1)
33145 mode = inode->i_mode;
33146+
33147+ if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) {
33148+ err = -EACCES;
33149+ goto out_unlock;
33150+ }
33151+
33152 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
33153 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
33154 err = notify_change(dentry, &newattrs);
33155@@ -499,12 +539,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
33156 error = mnt_want_write(path.mnt);
33157 if (error)
33158 goto dput_and_out;
33159+
33160 mutex_lock(&inode->i_mutex);
33161+
33162+ if (!gr_acl_handle_chmod(path.dentry, path.mnt, mode)) {
33163+ error = -EACCES;
33164+ goto out_unlock;
33165+ }
33166+
33167 error = security_path_chmod(path.dentry, path.mnt, mode);
33168 if (error)
33169 goto out_unlock;
33170 if (mode == (mode_t) -1)
33171 mode = inode->i_mode;
33172+
33173+ if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
33174+ error = -EACCES;
33175+ goto out_unlock;
33176+ }
33177+
33178 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
33179 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
33180 error = notify_change(path.dentry, &newattrs);
33181@@ -528,6 +581,9 @@ static int chown_common(struct path *pat
33182 int error;
33183 struct iattr newattrs;
33184
33185+ if (!gr_acl_handle_chown(path->dentry, path->mnt))
33186+ return -EACCES;
33187+
33188 newattrs.ia_valid = ATTR_CTIME;
33189 if (user != (uid_t) -1) {
33190 newattrs.ia_valid |= ATTR_UID;
33191@@ -898,7 +954,10 @@ long do_sys_open(int dfd, const char __u
33192 if (!IS_ERR(tmp)) {
33193 fd = get_unused_fd_flags(flags);
33194 if (fd >= 0) {
33195- struct file *f = do_filp_open(dfd, tmp, flags, mode, 0);
33196+ struct file *f;
33197+ /* don't allow to be set by userland */
33198+ flags &= ~FMODE_GREXEC;
33199+ f = do_filp_open(dfd, tmp, flags, mode, 0);
33200 if (IS_ERR(f)) {
33201 put_unused_fd(fd);
33202 fd = PTR_ERR(f);
33203diff -urNp linux-2.6.38.2/fs/partitions/ldm.c linux-2.6.38.2/fs/partitions/ldm.c
33204--- linux-2.6.38.2/fs/partitions/ldm.c 2011-03-14 21:20:32.000000000 -0400
33205+++ linux-2.6.38.2/fs/partitions/ldm.c 2011-03-21 18:31:35.000000000 -0400
33206@@ -1313,7 +1313,7 @@ static bool ldm_frag_add (const u8 *data
33207 goto found;
33208 }
33209
33210- f = kmalloc (sizeof (*f) + size*num, GFP_KERNEL);
33211+ f = kmalloc (size*num + sizeof (*f), GFP_KERNEL);
33212 if (!f) {
33213 ldm_crit ("Out of memory.");
33214 return false;
33215diff -urNp linux-2.6.38.2/fs/pipe.c linux-2.6.38.2/fs/pipe.c
33216--- linux-2.6.38.2/fs/pipe.c 2011-03-14 21:20:32.000000000 -0400
33217+++ linux-2.6.38.2/fs/pipe.c 2011-03-21 18:31:35.000000000 -0400
33218@@ -420,9 +420,9 @@ redo:
33219 }
33220 if (bufs) /* More to do? */
33221 continue;
33222- if (!pipe->writers)
33223+ if (!atomic_read(&pipe->writers))
33224 break;
33225- if (!pipe->waiting_writers) {
33226+ if (!atomic_read(&pipe->waiting_writers)) {
33227 /* syscall merging: Usually we must not sleep
33228 * if O_NONBLOCK is set, or if we got some data.
33229 * But if a writer sleeps in kernel space, then
33230@@ -481,7 +481,7 @@ pipe_write(struct kiocb *iocb, const str
33231 mutex_lock(&inode->i_mutex);
33232 pipe = inode->i_pipe;
33233
33234- if (!pipe->readers) {
33235+ if (!atomic_read(&pipe->readers)) {
33236 send_sig(SIGPIPE, current, 0);
33237 ret = -EPIPE;
33238 goto out;
33239@@ -530,7 +530,7 @@ redo1:
33240 for (;;) {
33241 int bufs;
33242
33243- if (!pipe->readers) {
33244+ if (!atomic_read(&pipe->readers)) {
33245 send_sig(SIGPIPE, current, 0);
33246 if (!ret)
33247 ret = -EPIPE;
33248@@ -616,9 +616,9 @@ redo2:
33249 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
33250 do_wakeup = 0;
33251 }
33252- pipe->waiting_writers++;
33253+ atomic_inc(&pipe->waiting_writers);
33254 pipe_wait(pipe);
33255- pipe->waiting_writers--;
33256+ atomic_dec(&pipe->waiting_writers);
33257 }
33258 out:
33259 mutex_unlock(&inode->i_mutex);
33260@@ -685,7 +685,7 @@ pipe_poll(struct file *filp, poll_table
33261 mask = 0;
33262 if (filp->f_mode & FMODE_READ) {
33263 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
33264- if (!pipe->writers && filp->f_version != pipe->w_counter)
33265+ if (!atomic_read(&pipe->writers) && filp->f_version != pipe->w_counter)
33266 mask |= POLLHUP;
33267 }
33268
33269@@ -695,7 +695,7 @@ pipe_poll(struct file *filp, poll_table
33270 * Most Unices do not set POLLERR for FIFOs but on Linux they
33271 * behave exactly like pipes for poll().
33272 */
33273- if (!pipe->readers)
33274+ if (!atomic_read(&pipe->readers))
33275 mask |= POLLERR;
33276 }
33277
33278@@ -709,10 +709,10 @@ pipe_release(struct inode *inode, int de
33279
33280 mutex_lock(&inode->i_mutex);
33281 pipe = inode->i_pipe;
33282- pipe->readers -= decr;
33283- pipe->writers -= decw;
33284+ atomic_sub(decr, &pipe->readers);
33285+ atomic_sub(decw, &pipe->writers);
33286
33287- if (!pipe->readers && !pipe->writers) {
33288+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
33289 free_pipe_info(inode);
33290 } else {
33291 wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
33292@@ -802,7 +802,7 @@ pipe_read_open(struct inode *inode, stru
33293
33294 if (inode->i_pipe) {
33295 ret = 0;
33296- inode->i_pipe->readers++;
33297+ atomic_inc(&inode->i_pipe->readers);
33298 }
33299
33300 mutex_unlock(&inode->i_mutex);
33301@@ -819,7 +819,7 @@ pipe_write_open(struct inode *inode, str
33302
33303 if (inode->i_pipe) {
33304 ret = 0;
33305- inode->i_pipe->writers++;
33306+ atomic_inc(&inode->i_pipe->writers);
33307 }
33308
33309 mutex_unlock(&inode->i_mutex);
33310@@ -837,9 +837,9 @@ pipe_rdwr_open(struct inode *inode, stru
33311 if (inode->i_pipe) {
33312 ret = 0;
33313 if (filp->f_mode & FMODE_READ)
33314- inode->i_pipe->readers++;
33315+ atomic_inc(&inode->i_pipe->readers);
33316 if (filp->f_mode & FMODE_WRITE)
33317- inode->i_pipe->writers++;
33318+ atomic_inc(&inode->i_pipe->writers);
33319 }
33320
33321 mutex_unlock(&inode->i_mutex);
33322@@ -931,7 +931,7 @@ void free_pipe_info(struct inode *inode)
33323 inode->i_pipe = NULL;
33324 }
33325
33326-static struct vfsmount *pipe_mnt __read_mostly;
33327+struct vfsmount *pipe_mnt __read_mostly;
33328
33329 /*
33330 * pipefs_dname() is called from d_path().
33331@@ -961,7 +961,8 @@ static struct inode * get_pipe_inode(voi
33332 goto fail_iput;
33333 inode->i_pipe = pipe;
33334
33335- pipe->readers = pipe->writers = 1;
33336+ atomic_set(&pipe->readers, 1);
33337+ atomic_set(&pipe->writers, 1);
33338 inode->i_fop = &rdwr_pipefifo_fops;
33339
33340 /*
33341diff -urNp linux-2.6.38.2/fs/proc/array.c linux-2.6.38.2/fs/proc/array.c
33342--- linux-2.6.38.2/fs/proc/array.c 2011-03-28 17:42:40.000000000 -0400
33343+++ linux-2.6.38.2/fs/proc/array.c 2011-03-28 17:48:30.000000000 -0400
33344@@ -60,6 +60,7 @@
33345 #include <linux/tty.h>
33346 #include <linux/string.h>
33347 #include <linux/mman.h>
33348+#include <linux/grsecurity.h>
33349 #include <linux/proc_fs.h>
33350 #include <linux/ioport.h>
33351 #include <linux/uaccess.h>
33352@@ -337,6 +338,21 @@ static void task_cpus_allowed(struct seq
33353 seq_putc(m, '\n');
33354 }
33355
33356+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
33357+static inline void task_pax(struct seq_file *m, struct task_struct *p)
33358+{
33359+ if (p->mm)
33360+ seq_printf(m, "PaX:\t%c%c%c%c%c\n",
33361+ p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
33362+ p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
33363+ p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
33364+ p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
33365+ p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
33366+ else
33367+ seq_printf(m, "PaX:\t-----\n");
33368+}
33369+#endif
33370+
33371 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
33372 struct pid *pid, struct task_struct *task)
33373 {
33374@@ -354,9 +370,24 @@ int proc_pid_status(struct seq_file *m,
33375 task_cpus_allowed(m, task);
33376 cpuset_task_status_allowed(m, task);
33377 task_context_switch_counts(m, task);
33378+
33379+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
33380+ task_pax(m, task);
33381+#endif
33382+
33383+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
33384+ task_grsec_rbac(m, task);
33385+#endif
33386+
33387 return 0;
33388 }
33389
33390+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
33391+#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
33392+ (_mm->pax_flags & MF_PAX_RANDMMAP || \
33393+ _mm->pax_flags & MF_PAX_SEGMEXEC))
33394+#endif
33395+
33396 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
33397 struct pid *pid, struct task_struct *task, int whole)
33398 {
33399@@ -449,6 +480,19 @@ static int do_task_stat(struct seq_file
33400 gtime = task->gtime;
33401 }
33402
33403+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
33404+ if (PAX_RAND_FLAGS(mm)) {
33405+ eip = 0;
33406+ esp = 0;
33407+ wchan = 0;
33408+ }
33409+#endif
33410+#ifdef CONFIG_GRKERNSEC_HIDESYM
33411+ wchan = 0;
33412+ eip =0;
33413+ esp =0;
33414+#endif
33415+
33416 /* scale priority and nice values from timeslices to -20..20 */
33417 /* to make it look like a "normal" Unix priority/nice value */
33418 priority = task_prio(task);
33419@@ -489,9 +533,15 @@ static int do_task_stat(struct seq_file
33420 vsize,
33421 mm ? get_mm_rss(mm) : 0,
33422 rsslim,
33423+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
33424+ PAX_RAND_FLAGS(mm) ? 1 : (mm ? (permitted ? mm->start_code : 1) : 0),
33425+ PAX_RAND_FLAGS(mm) ? 1 : (mm ? (permitted ? mm->end_code : 1) : 0),
33426+ PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? mm->start_stack : 0),
33427+#else
33428 mm ? (permitted ? mm->start_code : 1) : 0,
33429 mm ? (permitted ? mm->end_code : 1) : 0,
33430 (permitted && mm) ? mm->start_stack : 0,
33431+#endif
33432 esp,
33433 eip,
33434 /* The signal information here is obsolete.
33435@@ -544,3 +594,10 @@ int proc_pid_statm(struct seq_file *m, s
33436
33437 return 0;
33438 }
33439+
33440+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
33441+int proc_pid_ipaddr(struct task_struct *task, char *buffer)
33442+{
33443+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip);
33444+}
33445+#endif
33446diff -urNp linux-2.6.38.2/fs/proc/base.c linux-2.6.38.2/fs/proc/base.c
33447--- linux-2.6.38.2/fs/proc/base.c 2011-03-14 21:20:32.000000000 -0400
33448+++ linux-2.6.38.2/fs/proc/base.c 2011-03-26 11:59:10.000000000 -0400
33449@@ -104,6 +104,22 @@ struct pid_entry {
33450 union proc_op op;
33451 };
33452
33453+struct getdents_callback {
33454+ struct linux_dirent __user * current_dir;
33455+ struct linux_dirent __user * previous;
33456+ struct file * file;
33457+ int count;
33458+ int error;
33459+};
33460+
33461+static int gr_fake_filldir(void * __buf, const char *name, int namlen,
33462+ loff_t offset, u64 ino, unsigned int d_type)
33463+{
33464+ struct getdents_callback * buf = (struct getdents_callback *) __buf;
33465+ buf->error = -EINVAL;
33466+ return 0;
33467+}
33468+
33469 #define NOD(NAME, MODE, IOP, FOP, OP) { \
33470 .name = (NAME), \
33471 .len = sizeof(NAME) - 1, \
33472@@ -203,6 +219,9 @@ static int check_mem_permission(struct t
33473 if (task == current)
33474 return 0;
33475
33476+ if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))
33477+ return -EPERM;
33478+
33479 /*
33480 * If current is actively ptrace'ing, and would also be
33481 * permitted to freshly attach with ptrace now, permit it.
33482@@ -250,6 +269,9 @@ static int proc_pid_cmdline(struct task_
33483 if (!mm->arg_end)
33484 goto out_mm; /* Shh! No looking before we're done */
33485
33486+ if (gr_acl_handle_procpidmem(task))
33487+ goto out_mm;
33488+
33489 len = mm->arg_end - mm->arg_start;
33490
33491 if (len > PAGE_SIZE)
33492@@ -277,12 +299,28 @@ out:
33493 return res;
33494 }
33495
33496+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
33497+#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
33498+ (_mm->pax_flags & MF_PAX_RANDMMAP || \
33499+ _mm->pax_flags & MF_PAX_SEGMEXEC))
33500+#endif
33501+
33502 static int proc_pid_auxv(struct task_struct *task, char *buffer)
33503 {
33504 int res = 0;
33505 struct mm_struct *mm = get_task_mm(task);
33506 if (mm) {
33507 unsigned int nwords = 0;
33508+
33509+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
33510+ /* allow if we're currently ptracing this task */
33511+ if (PAX_RAND_FLAGS(mm) &&
33512+ (!(task->ptrace & PT_PTRACED) || (task->parent != current))) {
33513+ mmput(mm);
33514+ return res;
33515+ }
33516+#endif
33517+
33518 do {
33519 nwords += 2;
33520 } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
33521@@ -296,7 +334,7 @@ static int proc_pid_auxv(struct task_str
33522 }
33523
33524
33525-#ifdef CONFIG_KALLSYMS
33526+#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
33527 /*
33528 * Provides a wchan file via kallsyms in a proper one-value-per-file format.
33529 * Returns the resolved symbol. If that fails, simply return the address.
33530@@ -318,7 +356,7 @@ static int proc_pid_wchan(struct task_st
33531 }
33532 #endif /* CONFIG_KALLSYMS */
33533
33534-#ifdef CONFIG_STACKTRACE
33535+#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
33536
33537 #define MAX_STACK_TRACE_DEPTH 64
33538
33539@@ -503,7 +541,7 @@ static int proc_pid_limits(struct task_s
33540 return count;
33541 }
33542
33543-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
33544+#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
33545 static int proc_pid_syscall(struct task_struct *task, char *buffer)
33546 {
33547 long nr;
33548@@ -528,7 +566,7 @@ static int proc_pid_syscall(struct task_
33549 /************************************************************************/
33550
33551 /* permission checks */
33552-static int proc_fd_access_allowed(struct inode *inode)
33553+static int proc_fd_access_allowed(struct inode *inode, unsigned int log)
33554 {
33555 struct task_struct *task;
33556 int allowed = 0;
33557@@ -538,7 +576,10 @@ static int proc_fd_access_allowed(struct
33558 */
33559 task = get_proc_task(inode);
33560 if (task) {
33561- allowed = ptrace_may_access(task, PTRACE_MODE_READ);
33562+ if (log)
33563+ allowed = ptrace_may_access_log(task, PTRACE_MODE_READ);
33564+ else
33565+ allowed = ptrace_may_access(task, PTRACE_MODE_READ);
33566 put_task_struct(task);
33567 }
33568 return allowed;
33569@@ -917,6 +958,9 @@ static ssize_t environ_read(struct file
33570 if (!task)
33571 goto out_no_task;
33572
33573+ if (gr_acl_handle_procpidmem(task))
33574+ goto out;
33575+
33576 if (!ptrace_may_access(task, PTRACE_MODE_READ))
33577 goto out;
33578
33579@@ -1606,7 +1650,7 @@ static void *proc_pid_follow_link(struct
33580 path_put(&nd->path);
33581
33582 /* Are we allowed to snoop on the tasks file descriptors? */
33583- if (!proc_fd_access_allowed(inode))
33584+ if (!proc_fd_access_allowed(inode,0))
33585 goto out;
33586
33587 error = PROC_I(inode)->op.proc_get_link(inode, &nd->path);
33588@@ -1645,8 +1689,18 @@ static int proc_pid_readlink(struct dent
33589 struct path path;
33590
33591 /* Are we allowed to snoop on the tasks file descriptors? */
33592- if (!proc_fd_access_allowed(inode))
33593- goto out;
33594+ /* logging this is needed for learning on chromium to work properly,
33595+ but we don't want to flood the logs from 'ps' which does a readlink
33596+ on /proc/fd/2 of tasks in the listing, nor do we want 'ps' to learn
33597+ CAP_SYS_PTRACE as it's not necessary for its basic functionality
33598+ */
33599+ if (dentry->d_name.name[0] == '2' && dentry->d_name.name[1] == '\0') {
33600+ if (!proc_fd_access_allowed(inode,0))
33601+ goto out;
33602+ } else {
33603+ if (!proc_fd_access_allowed(inode,1))
33604+ goto out;
33605+ }
33606
33607 error = PROC_I(inode)->op.proc_get_link(inode, &path);
33608 if (error)
33609@@ -1712,7 +1766,11 @@ static struct inode *proc_pid_make_inode
33610 rcu_read_lock();
33611 cred = __task_cred(task);
33612 inode->i_uid = cred->euid;
33613+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
33614+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
33615+#else
33616 inode->i_gid = cred->egid;
33617+#endif
33618 rcu_read_unlock();
33619 }
33620 security_task_to_inode(task, inode);
33621@@ -1730,6 +1788,9 @@ static int pid_getattr(struct vfsmount *
33622 struct inode *inode = dentry->d_inode;
33623 struct task_struct *task;
33624 const struct cred *cred;
33625+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33626+ const struct cred *tmpcred = current_cred();
33627+#endif
33628
33629 generic_fillattr(inode, stat);
33630
33631@@ -1737,12 +1798,34 @@ static int pid_getattr(struct vfsmount *
33632 stat->uid = 0;
33633 stat->gid = 0;
33634 task = pid_task(proc_pid(inode), PIDTYPE_PID);
33635+
33636+ if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
33637+ rcu_read_unlock();
33638+ return -ENOENT;
33639+ }
33640+
33641 if (task) {
33642+ cred = __task_cred(task);
33643+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33644+ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
33645+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
33646+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
33647+#endif
33648+ )
33649+#endif
33650 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
33651+#ifdef CONFIG_GRKERNSEC_PROC_USER
33652+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
33653+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33654+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
33655+#endif
33656 task_dumpable(task)) {
33657- cred = __task_cred(task);
33658 stat->uid = cred->euid;
33659+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
33660+ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
33661+#else
33662 stat->gid = cred->egid;
33663+#endif
33664 }
33665 }
33666 rcu_read_unlock();
33667@@ -1780,11 +1863,20 @@ static int pid_revalidate(struct dentry
33668
33669 if (task) {
33670 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
33671+#ifdef CONFIG_GRKERNSEC_PROC_USER
33672+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
33673+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33674+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
33675+#endif
33676 task_dumpable(task)) {
33677 rcu_read_lock();
33678 cred = __task_cred(task);
33679 inode->i_uid = cred->euid;
33680+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
33681+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
33682+#else
33683 inode->i_gid = cred->egid;
33684+#endif
33685 rcu_read_unlock();
33686 } else {
33687 inode->i_uid = 0;
33688@@ -1905,7 +1997,8 @@ static int proc_fd_info(struct inode *in
33689 int fd = proc_fd(inode);
33690
33691 if (task) {
33692- files = get_files_struct(task);
33693+ if (!gr_acl_handle_procpidmem(task))
33694+ files = get_files_struct(task);
33695 put_task_struct(task);
33696 }
33697 if (files) {
33698@@ -2165,15 +2258,25 @@ static const struct file_operations proc
33699 */
33700 static int proc_fd_permission(struct inode *inode, int mask, unsigned int flags)
33701 {
33702+ struct task_struct *task;
33703 int rv;
33704
33705 if (flags & IPERM_FLAG_RCU)
33706 return -ECHILD;
33707 rv = generic_permission(inode, mask, flags, NULL);
33708- if (rv == 0)
33709- return 0;
33710+
33711 if (task_pid(current) == proc_pid(inode))
33712 rv = 0;
33713+
33714+ task = get_proc_task(inode);
33715+ if (task == NULL)
33716+ return rv;
33717+
33718+ if (gr_acl_handle_procpidmem(task))
33719+ rv = -EACCES;
33720+
33721+ put_task_struct(task);
33722+
33723 return rv;
33724 }
33725
33726@@ -2283,6 +2386,9 @@ static struct dentry *proc_pident_lookup
33727 if (!task)
33728 goto out_no_task;
33729
33730+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
33731+ goto out;
33732+
33733 /*
33734 * Yes, it does not scale. And it should not. Don't add
33735 * new entries into /proc/<tgid>/ without very good reasons.
33736@@ -2327,6 +2433,9 @@ static int proc_pident_readdir(struct fi
33737 if (!task)
33738 goto out_no_task;
33739
33740+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
33741+ goto out;
33742+
33743 ret = 0;
33744 i = filp->f_pos;
33745 switch (i) {
33746@@ -2597,7 +2706,7 @@ static void *proc_self_follow_link(struc
33747 static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
33748 void *cookie)
33749 {
33750- char *s = nd_get_link(nd);
33751+ const char *s = nd_get_link(nd);
33752 if (!IS_ERR(s))
33753 __putname(s);
33754 }
33755@@ -2777,7 +2886,7 @@ static const struct pid_entry tgid_base_
33756 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
33757 #endif
33758 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
33759-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
33760+#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
33761 INF("syscall", S_IRUSR, proc_pid_syscall),
33762 #endif
33763 INF("cmdline", S_IRUGO, proc_pid_cmdline),
33764@@ -2802,10 +2911,10 @@ static const struct pid_entry tgid_base_
33765 #ifdef CONFIG_SECURITY
33766 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
33767 #endif
33768-#ifdef CONFIG_KALLSYMS
33769+#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
33770 INF("wchan", S_IRUGO, proc_pid_wchan),
33771 #endif
33772-#ifdef CONFIG_STACKTRACE
33773+#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
33774 ONE("stack", S_IRUSR, proc_pid_stack),
33775 #endif
33776 #ifdef CONFIG_SCHEDSTATS
33777@@ -2836,6 +2945,9 @@ static const struct pid_entry tgid_base_
33778 #ifdef CONFIG_TASK_IO_ACCOUNTING
33779 INF("io", S_IRUGO, proc_tgid_io_accounting),
33780 #endif
33781+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
33782+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
33783+#endif
33784 };
33785
33786 static int proc_tgid_base_readdir(struct file * filp,
33787@@ -2961,7 +3073,14 @@ static struct dentry *proc_pid_instantia
33788 if (!inode)
33789 goto out;
33790
33791+#ifdef CONFIG_GRKERNSEC_PROC_USER
33792+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
33793+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33794+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
33795+ inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
33796+#else
33797 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
33798+#endif
33799 inode->i_op = &proc_tgid_base_inode_operations;
33800 inode->i_fop = &proc_tgid_base_operations;
33801 inode->i_flags|=S_IMMUTABLE;
33802@@ -3003,7 +3122,11 @@ struct dentry *proc_pid_lookup(struct in
33803 if (!task)
33804 goto out;
33805
33806+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
33807+ goto out_put_task;
33808+
33809 result = proc_pid_instantiate(dir, dentry, task, NULL);
33810+out_put_task:
33811 put_task_struct(task);
33812 out:
33813 return result;
33814@@ -3068,6 +3191,11 @@ int proc_pid_readdir(struct file * filp,
33815 {
33816 unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
33817 struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode);
33818+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33819+ const struct cred *tmpcred = current_cred();
33820+ const struct cred *itercred;
33821+#endif
33822+ filldir_t __filldir = filldir;
33823 struct tgid_iter iter;
33824 struct pid_namespace *ns;
33825
33826@@ -3086,8 +3214,27 @@ int proc_pid_readdir(struct file * filp,
33827 for (iter = next_tgid(ns, iter);
33828 iter.task;
33829 iter.tgid += 1, iter = next_tgid(ns, iter)) {
33830+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33831+ rcu_read_lock();
33832+ itercred = __task_cred(iter.task);
33833+#endif
33834+ if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
33835+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33836+ || (tmpcred->uid && (itercred->uid != tmpcred->uid)
33837+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
33838+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
33839+#endif
33840+ )
33841+#endif
33842+ )
33843+ __filldir = &gr_fake_filldir;
33844+ else
33845+ __filldir = filldir;
33846+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
33847+ rcu_read_unlock();
33848+#endif
33849 filp->f_pos = iter.tgid + TGID_OFFSET;
33850- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
33851+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
33852 put_task_struct(iter.task);
33853 goto out;
33854 }
33855@@ -3114,7 +3261,7 @@ static const struct pid_entry tid_base_s
33856 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
33857 #endif
33858 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
33859-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
33860+#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
33861 INF("syscall", S_IRUSR, proc_pid_syscall),
33862 #endif
33863 INF("cmdline", S_IRUGO, proc_pid_cmdline),
33864@@ -3138,10 +3285,10 @@ static const struct pid_entry tid_base_s
33865 #ifdef CONFIG_SECURITY
33866 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
33867 #endif
33868-#ifdef CONFIG_KALLSYMS
33869+#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
33870 INF("wchan", S_IRUGO, proc_pid_wchan),
33871 #endif
33872-#ifdef CONFIG_STACKTRACE
33873+#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
33874 ONE("stack", S_IRUSR, proc_pid_stack),
33875 #endif
33876 #ifdef CONFIG_SCHEDSTATS
33877diff -urNp linux-2.6.38.2/fs/proc/cmdline.c linux-2.6.38.2/fs/proc/cmdline.c
33878--- linux-2.6.38.2/fs/proc/cmdline.c 2011-03-14 21:20:32.000000000 -0400
33879+++ linux-2.6.38.2/fs/proc/cmdline.c 2011-03-21 18:31:35.000000000 -0400
33880@@ -23,7 +23,11 @@ static const struct file_operations cmdl
33881
33882 static int __init proc_cmdline_init(void)
33883 {
33884+#ifdef CONFIG_GRKERNSEC_PROC_ADD
33885+ proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops);
33886+#else
33887 proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
33888+#endif
33889 return 0;
33890 }
33891 module_init(proc_cmdline_init);
33892diff -urNp linux-2.6.38.2/fs/proc/devices.c linux-2.6.38.2/fs/proc/devices.c
33893--- linux-2.6.38.2/fs/proc/devices.c 2011-03-14 21:20:32.000000000 -0400
33894+++ linux-2.6.38.2/fs/proc/devices.c 2011-03-21 18:31:35.000000000 -0400
33895@@ -64,7 +64,11 @@ static const struct file_operations proc
33896
33897 static int __init proc_devices_init(void)
33898 {
33899+#ifdef CONFIG_GRKERNSEC_PROC_ADD
33900+ proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations);
33901+#else
33902 proc_create("devices", 0, NULL, &proc_devinfo_operations);
33903+#endif
33904 return 0;
33905 }
33906 module_init(proc_devices_init);
33907diff -urNp linux-2.6.38.2/fs/proc/inode.c linux-2.6.38.2/fs/proc/inode.c
33908--- linux-2.6.38.2/fs/proc/inode.c 2011-03-14 21:20:32.000000000 -0400
33909+++ linux-2.6.38.2/fs/proc/inode.c 2011-03-21 18:31:35.000000000 -0400
33910@@ -435,7 +435,11 @@ struct inode *proc_get_inode(struct supe
33911 if (de->mode) {
33912 inode->i_mode = de->mode;
33913 inode->i_uid = de->uid;
33914+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
33915+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
33916+#else
33917 inode->i_gid = de->gid;
33918+#endif
33919 }
33920 if (de->size)
33921 inode->i_size = de->size;
33922diff -urNp linux-2.6.38.2/fs/proc/internal.h linux-2.6.38.2/fs/proc/internal.h
33923--- linux-2.6.38.2/fs/proc/internal.h 2011-03-14 21:20:32.000000000 -0400
33924+++ linux-2.6.38.2/fs/proc/internal.h 2011-03-21 18:31:35.000000000 -0400
33925@@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_fi
33926 struct pid *pid, struct task_struct *task);
33927 extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
33928 struct pid *pid, struct task_struct *task);
33929+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
33930+extern int proc_pid_ipaddr(struct task_struct *task, char *buffer);
33931+#endif
33932 extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
33933
33934 extern const struct file_operations proc_maps_operations;
33935diff -urNp linux-2.6.38.2/fs/proc/Kconfig linux-2.6.38.2/fs/proc/Kconfig
33936--- linux-2.6.38.2/fs/proc/Kconfig 2011-03-14 21:20:32.000000000 -0400
33937+++ linux-2.6.38.2/fs/proc/Kconfig 2011-03-21 18:31:35.000000000 -0400
33938@@ -30,12 +30,12 @@ config PROC_FS
33939
33940 config PROC_KCORE
33941 bool "/proc/kcore support" if !ARM
33942- depends on PROC_FS && MMU
33943+ depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
33944
33945 config PROC_VMCORE
33946 bool "/proc/vmcore support"
33947- depends on PROC_FS && CRASH_DUMP
33948- default y
33949+ depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
33950+ default n
33951 help
33952 Exports the dump image of crashed kernel in ELF format.
33953
33954@@ -59,8 +59,8 @@ config PROC_SYSCTL
33955 limited in memory.
33956
33957 config PROC_PAGE_MONITOR
33958- default y
33959- depends on PROC_FS && MMU
33960+ default n
33961+ depends on PROC_FS && MMU && !GRKERNSEC
33962 bool "Enable /proc page monitoring" if EXPERT
33963 help
33964 Various /proc files exist to monitor process memory utilization:
33965diff -urNp linux-2.6.38.2/fs/proc/kcore.c linux-2.6.38.2/fs/proc/kcore.c
33966--- linux-2.6.38.2/fs/proc/kcore.c 2011-03-14 21:20:32.000000000 -0400
33967+++ linux-2.6.38.2/fs/proc/kcore.c 2011-03-21 18:31:35.000000000 -0400
33968@@ -478,9 +478,10 @@ read_kcore(struct file *file, char __use
33969 * the addresses in the elf_phdr on our list.
33970 */
33971 start = kc_offset_to_vaddr(*fpos - elf_buflen);
33972- if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
33973+ tsz = PAGE_SIZE - (start & ~PAGE_MASK);
33974+ if (tsz > buflen)
33975 tsz = buflen;
33976-
33977+
33978 while (buflen) {
33979 struct kcore_list *m;
33980
33981@@ -509,20 +510,23 @@ read_kcore(struct file *file, char __use
33982 kfree(elf_buf);
33983 } else {
33984 if (kern_addr_valid(start)) {
33985- unsigned long n;
33986+ char *elf_buf;
33987+ mm_segment_t oldfs;
33988
33989- n = copy_to_user(buffer, (char *)start, tsz);
33990- /*
33991- * We cannot distingush between fault on source
33992- * and fault on destination. When this happens
33993- * we clear too and hope it will trigger the
33994- * EFAULT again.
33995- */
33996- if (n) {
33997- if (clear_user(buffer + tsz - n,
33998- n))
33999+ elf_buf = kmalloc(tsz, GFP_KERNEL);
34000+ if (!elf_buf)
34001+ return -ENOMEM;
34002+ oldfs = get_fs();
34003+ set_fs(KERNEL_DS);
34004+ if (!__copy_from_user(elf_buf, (const void __user *)start, tsz)) {
34005+ set_fs(oldfs);
34006+ if (copy_to_user(buffer, elf_buf, tsz)) {
34007+ kfree(elf_buf);
34008 return -EFAULT;
34009+ }
34010 }
34011+ set_fs(oldfs);
34012+ kfree(elf_buf);
34013 } else {
34014 if (clear_user(buffer, tsz))
34015 return -EFAULT;
34016@@ -542,6 +546,9 @@ read_kcore(struct file *file, char __use
34017
34018 static int open_kcore(struct inode *inode, struct file *filp)
34019 {
34020+#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
34021+ return -EPERM;
34022+#endif
34023 if (!capable(CAP_SYS_RAWIO))
34024 return -EPERM;
34025 if (kcore_need_update)
34026diff -urNp linux-2.6.38.2/fs/proc/meminfo.c linux-2.6.38.2/fs/proc/meminfo.c
34027--- linux-2.6.38.2/fs/proc/meminfo.c 2011-03-14 21:20:32.000000000 -0400
34028+++ linux-2.6.38.2/fs/proc/meminfo.c 2011-03-21 18:31:35.000000000 -0400
34029@@ -157,7 +157,7 @@ static int meminfo_proc_show(struct seq_
34030 vmi.used >> 10,
34031 vmi.largest_chunk >> 10
34032 #ifdef CONFIG_MEMORY_FAILURE
34033- ,atomic_long_read(&mce_bad_pages) << (PAGE_SHIFT - 10)
34034+ ,atomic_long_read_unchecked(&mce_bad_pages) << (PAGE_SHIFT - 10)
34035 #endif
34036 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
34037 ,K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) *
34038diff -urNp linux-2.6.38.2/fs/proc/nommu.c linux-2.6.38.2/fs/proc/nommu.c
34039--- linux-2.6.38.2/fs/proc/nommu.c 2011-03-14 21:20:32.000000000 -0400
34040+++ linux-2.6.38.2/fs/proc/nommu.c 2011-03-21 18:31:35.000000000 -0400
34041@@ -66,7 +66,7 @@ static int nommu_region_show(struct seq_
34042 if (len < 1)
34043 len = 1;
34044 seq_printf(m, "%*c", len, ' ');
34045- seq_path(m, &file->f_path, "");
34046+ seq_path(m, &file->f_path, "\n\\");
34047 }
34048
34049 seq_putc(m, '\n');
34050diff -urNp linux-2.6.38.2/fs/proc/proc_net.c linux-2.6.38.2/fs/proc/proc_net.c
34051--- linux-2.6.38.2/fs/proc/proc_net.c 2011-03-14 21:20:32.000000000 -0400
34052+++ linux-2.6.38.2/fs/proc/proc_net.c 2011-03-21 18:31:35.000000000 -0400
34053@@ -105,6 +105,17 @@ static struct net *get_proc_task_net(str
34054 struct task_struct *task;
34055 struct nsproxy *ns;
34056 struct net *net = NULL;
34057+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
34058+ const struct cred *cred = current_cred();
34059+#endif
34060+
34061+#ifdef CONFIG_GRKERNSEC_PROC_USER
34062+ if (cred->fsuid)
34063+ return net;
34064+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
34065+ if (cred->fsuid && !in_group_p(CONFIG_GRKERNSEC_PROC_GID))
34066+ return net;
34067+#endif
34068
34069 rcu_read_lock();
34070 task = pid_task(proc_pid(dir), PIDTYPE_PID);
34071diff -urNp linux-2.6.38.2/fs/proc/proc_sysctl.c linux-2.6.38.2/fs/proc/proc_sysctl.c
34072--- linux-2.6.38.2/fs/proc/proc_sysctl.c 2011-03-14 21:20:32.000000000 -0400
34073+++ linux-2.6.38.2/fs/proc/proc_sysctl.c 2011-03-21 18:31:35.000000000 -0400
34074@@ -8,6 +8,8 @@
34075 #include <linux/namei.h>
34076 #include "internal.h"
34077
34078+extern __u32 gr_handle_sysctl(const struct ctl_table *table, const int op);
34079+
34080 static const struct dentry_operations proc_sys_dentry_operations;
34081 static const struct file_operations proc_sys_file_operations;
34082 static const struct inode_operations proc_sys_inode_operations;
34083@@ -112,6 +114,9 @@ static struct dentry *proc_sys_lookup(st
34084 if (!p)
34085 goto out;
34086
34087+ if (gr_handle_sysctl(p, MAY_EXEC))
34088+ goto out;
34089+
34090 err = ERR_PTR(-ENOMEM);
34091 inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
34092 if (h)
34093@@ -231,6 +236,9 @@ static int scan(struct ctl_table_header
34094 if (*pos < file->f_pos)
34095 continue;
34096
34097+ if (gr_handle_sysctl(table, 0))
34098+ continue;
34099+
34100 res = proc_sys_fill_cache(file, dirent, filldir, head, table);
34101 if (res)
34102 return res;
34103@@ -359,6 +367,9 @@ static int proc_sys_getattr(struct vfsmo
34104 if (IS_ERR(head))
34105 return PTR_ERR(head);
34106
34107+ if (table && gr_handle_sysctl(table, MAY_EXEC))
34108+ return -ENOENT;
34109+
34110 generic_fillattr(inode, stat);
34111 if (table)
34112 stat->mode = (stat->mode & S_IFMT) | table->mode;
34113diff -urNp linux-2.6.38.2/fs/proc/root.c linux-2.6.38.2/fs/proc/root.c
34114--- linux-2.6.38.2/fs/proc/root.c 2011-03-14 21:20:32.000000000 -0400
34115+++ linux-2.6.38.2/fs/proc/root.c 2011-03-21 18:31:35.000000000 -0400
34116@@ -132,7 +132,15 @@ void __init proc_root_init(void)
34117 #ifdef CONFIG_PROC_DEVICETREE
34118 proc_device_tree_init();
34119 #endif
34120+#ifdef CONFIG_GRKERNSEC_PROC_ADD
34121+#ifdef CONFIG_GRKERNSEC_PROC_USER
34122+ proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
34123+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
34124+ proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
34125+#endif
34126+#else
34127 proc_mkdir("bus", NULL);
34128+#endif
34129 proc_sys_init();
34130 }
34131
34132diff -urNp linux-2.6.38.2/fs/proc/task_mmu.c linux-2.6.38.2/fs/proc/task_mmu.c
34133--- linux-2.6.38.2/fs/proc/task_mmu.c 2011-03-28 17:42:40.000000000 -0400
34134+++ linux-2.6.38.2/fs/proc/task_mmu.c 2011-03-28 17:42:53.000000000 -0400
34135@@ -49,8 +49,13 @@ void task_mem(struct seq_file *m, struct
34136 "VmExe:\t%8lu kB\n"
34137 "VmLib:\t%8lu kB\n"
34138 "VmPTE:\t%8lu kB\n"
34139- "VmSwap:\t%8lu kB\n",
34140- hiwater_vm << (PAGE_SHIFT-10),
34141+ "VmSwap:\t%8lu kB\n"
34142+
34143+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
34144+ "CsBase:\t%8lx\nCsLim:\t%8lx\n"
34145+#endif
34146+
34147+ ,hiwater_vm << (PAGE_SHIFT-10),
34148 (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10),
34149 mm->locked_vm << (PAGE_SHIFT-10),
34150 hiwater_rss << (PAGE_SHIFT-10),
34151@@ -58,7 +63,13 @@ void task_mem(struct seq_file *m, struct
34152 data << (PAGE_SHIFT-10),
34153 mm->stack_vm << (PAGE_SHIFT-10), text, lib,
34154 (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10,
34155- swap << (PAGE_SHIFT-10));
34156+ swap << (PAGE_SHIFT-10)
34157+
34158+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
34159+ , mm->context.user_cs_base, mm->context.user_cs_limit
34160+#endif
34161+
34162+ );
34163 }
34164
34165 unsigned long task_vsize(struct mm_struct *mm)
34166@@ -204,6 +215,12 @@ static int do_maps_open(struct inode *in
34167 return ret;
34168 }
34169
34170+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34171+#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
34172+ (_mm->pax_flags & MF_PAX_RANDMMAP || \
34173+ _mm->pax_flags & MF_PAX_SEGMEXEC))
34174+#endif
34175+
34176 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma)
34177 {
34178 struct mm_struct *mm = vma->vm_mm;
34179@@ -211,7 +228,6 @@ static void show_map_vma(struct seq_file
34180 int flags = vma->vm_flags;
34181 unsigned long ino = 0;
34182 unsigned long long pgoff = 0;
34183- unsigned long start;
34184 dev_t dev = 0;
34185 int len;
34186
34187@@ -222,20 +238,23 @@ static void show_map_vma(struct seq_file
34188 pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
34189 }
34190
34191- /* We don't show the stack guard page in /proc/maps */
34192- start = vma->vm_start;
34193- if (vma->vm_flags & VM_GROWSDOWN)
34194- if (!vma_stack_continue(vma->vm_prev, vma->vm_start))
34195- start += PAGE_SIZE;
34196-
34197 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
34198- start,
34199+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34200+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start,
34201+ PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end,
34202+#else
34203+ vma->vm_start,
34204 vma->vm_end,
34205+#endif
34206 flags & VM_READ ? 'r' : '-',
34207 flags & VM_WRITE ? 'w' : '-',
34208 flags & VM_EXEC ? 'x' : '-',
34209 flags & VM_MAYSHARE ? 's' : 'p',
34210+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34211+ PAX_RAND_FLAGS(mm) ? 0UL : pgoff,
34212+#else
34213 pgoff,
34214+#endif
34215 MAJOR(dev), MINOR(dev), ino, &len);
34216
34217 /*
34218@@ -244,16 +263,16 @@ static void show_map_vma(struct seq_file
34219 */
34220 if (file) {
34221 pad_len_spaces(m, len);
34222- seq_path(m, &file->f_path, "\n");
34223+ seq_path(m, &file->f_path, "\n\\");
34224 } else {
34225 const char *name = arch_vma_name(vma);
34226 if (!name) {
34227 if (mm) {
34228- if (vma->vm_start <= mm->brk &&
34229- vma->vm_end >= mm->start_brk) {
34230+ if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
34231 name = "[heap]";
34232- } else if (vma->vm_start <= mm->start_stack &&
34233- vma->vm_end >= mm->start_stack) {
34234+ } else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ||
34235+ (vma->vm_start <= mm->start_stack &&
34236+ vma->vm_end >= mm->start_stack)) {
34237 name = "[stack]";
34238 }
34239 } else {
34240@@ -399,11 +418,16 @@ static int show_smap(struct seq_file *m,
34241 };
34242
34243 memset(&mss, 0, sizeof mss);
34244- mss.vma = vma;
34245- /* mmap_sem is held in m_start */
34246- if (vma->vm_mm && !is_vm_hugetlb_page(vma))
34247- walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
34248-
34249+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34250+ if (!PAX_RAND_FLAGS(vma->vm_mm)) {
34251+#endif
34252+ mss.vma = vma;
34253+ /* mmap_sem is held in m_start */
34254+ if (vma->vm_mm && !is_vm_hugetlb_page(vma))
34255+ walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
34256+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34257+ }
34258+#endif
34259 show_map_vma(m, vma);
34260
34261 seq_printf(m,
34262@@ -420,7 +444,11 @@ static int show_smap(struct seq_file *m,
34263 "KernelPageSize: %8lu kB\n"
34264 "MMUPageSize: %8lu kB\n"
34265 "Locked: %8lu kB\n",
34266+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
34267+ PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
34268+#else
34269 (vma->vm_end - vma->vm_start) >> 10,
34270+#endif
34271 mss.resident >> 10,
34272 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
34273 mss.shared_clean >> 10,
34274diff -urNp linux-2.6.38.2/fs/proc/task_nommu.c linux-2.6.38.2/fs/proc/task_nommu.c
34275--- linux-2.6.38.2/fs/proc/task_nommu.c 2011-03-14 21:20:32.000000000 -0400
34276+++ linux-2.6.38.2/fs/proc/task_nommu.c 2011-03-21 18:31:35.000000000 -0400
34277@@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct
34278 else
34279 bytes += kobjsize(mm);
34280
34281- if (current->fs && current->fs->users > 1)
34282+ if (current->fs && atomic_read(&current->fs->users) > 1)
34283 sbytes += kobjsize(current->fs);
34284 else
34285 bytes += kobjsize(current->fs);
34286@@ -166,7 +166,7 @@ static int nommu_vma_show(struct seq_fil
34287
34288 if (file) {
34289 pad_len_spaces(m, len);
34290- seq_path(m, &file->f_path, "");
34291+ seq_path(m, &file->f_path, "\n\\");
34292 } else if (mm) {
34293 if (vma->vm_start <= mm->start_stack &&
34294 vma->vm_end >= mm->start_stack) {
34295diff -urNp linux-2.6.38.2/fs/readdir.c linux-2.6.38.2/fs/readdir.c
34296--- linux-2.6.38.2/fs/readdir.c 2011-03-14 21:20:32.000000000 -0400
34297+++ linux-2.6.38.2/fs/readdir.c 2011-03-21 18:31:35.000000000 -0400
34298@@ -17,6 +17,7 @@
34299 #include <linux/security.h>
34300 #include <linux/syscalls.h>
34301 #include <linux/unistd.h>
34302+#include <linux/namei.h>
34303
34304 #include <asm/uaccess.h>
34305
34306@@ -67,6 +68,7 @@ struct old_linux_dirent {
34307
34308 struct readdir_callback {
34309 struct old_linux_dirent __user * dirent;
34310+ struct file * file;
34311 int result;
34312 };
34313
34314@@ -84,6 +86,10 @@ static int fillonedir(void * __buf, cons
34315 buf->result = -EOVERFLOW;
34316 return -EOVERFLOW;
34317 }
34318+
34319+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
34320+ return 0;
34321+
34322 buf->result++;
34323 dirent = buf->dirent;
34324 if (!access_ok(VERIFY_WRITE, dirent,
34325@@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned in
34326
34327 buf.result = 0;
34328 buf.dirent = dirent;
34329+ buf.file = file;
34330
34331 error = vfs_readdir(file, fillonedir, &buf);
34332 if (buf.result)
34333@@ -142,6 +149,7 @@ struct linux_dirent {
34334 struct getdents_callback {
34335 struct linux_dirent __user * current_dir;
34336 struct linux_dirent __user * previous;
34337+ struct file * file;
34338 int count;
34339 int error;
34340 };
34341@@ -163,6 +171,10 @@ static int filldir(void * __buf, const c
34342 buf->error = -EOVERFLOW;
34343 return -EOVERFLOW;
34344 }
34345+
34346+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
34347+ return 0;
34348+
34349 dirent = buf->previous;
34350 if (dirent) {
34351 if (__put_user(offset, &dirent->d_off))
34352@@ -210,6 +222,7 @@ SYSCALL_DEFINE3(getdents, unsigned int,
34353 buf.previous = NULL;
34354 buf.count = count;
34355 buf.error = 0;
34356+ buf.file = file;
34357
34358 error = vfs_readdir(file, filldir, &buf);
34359 if (error >= 0)
34360@@ -229,6 +242,7 @@ out:
34361 struct getdents_callback64 {
34362 struct linux_dirent64 __user * current_dir;
34363 struct linux_dirent64 __user * previous;
34364+ struct file *file;
34365 int count;
34366 int error;
34367 };
34368@@ -244,6 +258,10 @@ static int filldir64(void * __buf, const
34369 buf->error = -EINVAL; /* only used if we fail.. */
34370 if (reclen > buf->count)
34371 return -EINVAL;
34372+
34373+ if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
34374+ return 0;
34375+
34376 dirent = buf->previous;
34377 if (dirent) {
34378 if (__put_user(offset, &dirent->d_off))
34379@@ -291,6 +309,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
34380
34381 buf.current_dir = dirent;
34382 buf.previous = NULL;
34383+ buf.file = file;
34384 buf.count = count;
34385 buf.error = 0;
34386
34387diff -urNp linux-2.6.38.2/fs/reiserfs/do_balan.c linux-2.6.38.2/fs/reiserfs/do_balan.c
34388--- linux-2.6.38.2/fs/reiserfs/do_balan.c 2011-03-14 21:20:32.000000000 -0400
34389+++ linux-2.6.38.2/fs/reiserfs/do_balan.c 2011-03-21 18:31:35.000000000 -0400
34390@@ -2051,7 +2051,7 @@ void do_balance(struct tree_balance *tb,
34391 return;
34392 }
34393
34394- atomic_inc(&(fs_generation(tb->tb_sb)));
34395+ atomic_inc_unchecked(&(fs_generation(tb->tb_sb)));
34396 do_balance_starts(tb);
34397
34398 /* balance leaf returns 0 except if combining L R and S into
34399diff -urNp linux-2.6.38.2/fs/reiserfs/item_ops.c linux-2.6.38.2/fs/reiserfs/item_ops.c
34400--- linux-2.6.38.2/fs/reiserfs/item_ops.c 2011-03-14 21:20:32.000000000 -0400
34401+++ linux-2.6.38.2/fs/reiserfs/item_ops.c 2011-03-21 18:31:35.000000000 -0400
34402@@ -102,7 +102,7 @@ static void sd_print_vi(struct virtual_i
34403 vi->vi_index, vi->vi_type, vi->vi_ih);
34404 }
34405
34406-static struct item_operations stat_data_ops = {
34407+static const struct item_operations stat_data_ops = {
34408 .bytes_number = sd_bytes_number,
34409 .decrement_key = sd_decrement_key,
34410 .is_left_mergeable = sd_is_left_mergeable,
34411@@ -196,7 +196,7 @@ static void direct_print_vi(struct virtu
34412 vi->vi_index, vi->vi_type, vi->vi_ih);
34413 }
34414
34415-static struct item_operations direct_ops = {
34416+static const struct item_operations direct_ops = {
34417 .bytes_number = direct_bytes_number,
34418 .decrement_key = direct_decrement_key,
34419 .is_left_mergeable = direct_is_left_mergeable,
34420@@ -341,7 +341,7 @@ static void indirect_print_vi(struct vir
34421 vi->vi_index, vi->vi_type, vi->vi_ih);
34422 }
34423
34424-static struct item_operations indirect_ops = {
34425+static const struct item_operations indirect_ops = {
34426 .bytes_number = indirect_bytes_number,
34427 .decrement_key = indirect_decrement_key,
34428 .is_left_mergeable = indirect_is_left_mergeable,
34429@@ -628,7 +628,7 @@ static void direntry_print_vi(struct vir
34430 printk("\n");
34431 }
34432
34433-static struct item_operations direntry_ops = {
34434+static const struct item_operations direntry_ops = {
34435 .bytes_number = direntry_bytes_number,
34436 .decrement_key = direntry_decrement_key,
34437 .is_left_mergeable = direntry_is_left_mergeable,
34438@@ -724,7 +724,7 @@ static void errcatch_print_vi(struct vir
34439 "Invalid item type observed, run fsck ASAP");
34440 }
34441
34442-static struct item_operations errcatch_ops = {
34443+static const struct item_operations errcatch_ops = {
34444 errcatch_bytes_number,
34445 errcatch_decrement_key,
34446 errcatch_is_left_mergeable,
34447@@ -746,7 +746,7 @@ static struct item_operations errcatch_o
34448 #error Item types must use disk-format assigned values.
34449 #endif
34450
34451-struct item_operations *item_ops[TYPE_ANY + 1] = {
34452+const struct item_operations * const item_ops[TYPE_ANY + 1] = {
34453 &stat_data_ops,
34454 &indirect_ops,
34455 &direct_ops,
34456diff -urNp linux-2.6.38.2/fs/reiserfs/procfs.c linux-2.6.38.2/fs/reiserfs/procfs.c
34457--- linux-2.6.38.2/fs/reiserfs/procfs.c 2011-03-14 21:20:32.000000000 -0400
34458+++ linux-2.6.38.2/fs/reiserfs/procfs.c 2011-03-21 18:31:35.000000000 -0400
34459@@ -113,7 +113,7 @@ static int show_super(struct seq_file *m
34460 "SMALL_TAILS " : "NO_TAILS ",
34461 replay_only(sb) ? "REPLAY_ONLY " : "",
34462 convert_reiserfs(sb) ? "CONV " : "",
34463- atomic_read(&r->s_generation_counter),
34464+ atomic_read_unchecked(&r->s_generation_counter),
34465 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes),
34466 SF(s_do_balance), SF(s_unneeded_left_neighbor),
34467 SF(s_good_search_by_key_reada), SF(s_bmaps),
34468diff -urNp linux-2.6.38.2/fs/select.c linux-2.6.38.2/fs/select.c
34469--- linux-2.6.38.2/fs/select.c 2011-03-14 21:20:32.000000000 -0400
34470+++ linux-2.6.38.2/fs/select.c 2011-03-21 18:31:35.000000000 -0400
34471@@ -20,6 +20,7 @@
34472 #include <linux/module.h>
34473 #include <linux/slab.h>
34474 #include <linux/poll.h>
34475+#include <linux/security.h>
34476 #include <linux/personality.h> /* for STICKY_TIMEOUTS */
34477 #include <linux/file.h>
34478 #include <linux/fdtable.h>
34479@@ -840,6 +841,7 @@ int do_sys_poll(struct pollfd __user *uf
34480 struct poll_list *walk = head;
34481 unsigned long todo = nfds;
34482
34483+ gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1);
34484 if (nfds > rlimit(RLIMIT_NOFILE))
34485 return -EINVAL;
34486
34487diff -urNp linux-2.6.38.2/fs/seq_file.c linux-2.6.38.2/fs/seq_file.c
34488--- linux-2.6.38.2/fs/seq_file.c 2011-03-14 21:20:32.000000000 -0400
34489+++ linux-2.6.38.2/fs/seq_file.c 2011-03-21 18:31:35.000000000 -0400
34490@@ -76,7 +76,8 @@ static int traverse(struct seq_file *m,
34491 return 0;
34492 }
34493 if (!m->buf) {
34494- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
34495+ m->size = PAGE_SIZE;
34496+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
34497 if (!m->buf)
34498 return -ENOMEM;
34499 }
34500@@ -116,7 +117,8 @@ static int traverse(struct seq_file *m,
34501 Eoverflow:
34502 m->op->stop(m, p);
34503 kfree(m->buf);
34504- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
34505+ m->size <<= 1;
34506+ m->buf = kmalloc(m->size, GFP_KERNEL);
34507 return !m->buf ? -ENOMEM : -EAGAIN;
34508 }
34509
34510@@ -169,7 +171,8 @@ ssize_t seq_read(struct file *file, char
34511 m->version = file->f_version;
34512 /* grab buffer if we didn't have one */
34513 if (!m->buf) {
34514- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
34515+ m->size = PAGE_SIZE;
34516+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
34517 if (!m->buf)
34518 goto Enomem;
34519 }
34520@@ -210,7 +213,8 @@ ssize_t seq_read(struct file *file, char
34521 goto Fill;
34522 m->op->stop(m, p);
34523 kfree(m->buf);
34524- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
34525+ m->size <<= 1;
34526+ m->buf = kmalloc(m->size, GFP_KERNEL);
34527 if (!m->buf)
34528 goto Enomem;
34529 m->count = 0;
34530diff -urNp linux-2.6.38.2/fs/splice.c linux-2.6.38.2/fs/splice.c
34531--- linux-2.6.38.2/fs/splice.c 2011-03-14 21:20:32.000000000 -0400
34532+++ linux-2.6.38.2/fs/splice.c 2011-03-21 18:31:35.000000000 -0400
34533@@ -186,7 +186,7 @@ ssize_t splice_to_pipe(struct pipe_inode
34534 pipe_lock(pipe);
34535
34536 for (;;) {
34537- if (!pipe->readers) {
34538+ if (!atomic_read(&pipe->readers)) {
34539 send_sig(SIGPIPE, current, 0);
34540 if (!ret)
34541 ret = -EPIPE;
34542@@ -240,9 +240,9 @@ ssize_t splice_to_pipe(struct pipe_inode
34543 do_wakeup = 0;
34544 }
34545
34546- pipe->waiting_writers++;
34547+ atomic_inc(&pipe->waiting_writers);
34548 pipe_wait(pipe);
34549- pipe->waiting_writers--;
34550+ atomic_dec(&pipe->waiting_writers);
34551 }
34552
34553 pipe_unlock(pipe);
34554@@ -556,7 +556,7 @@ static ssize_t kernel_readv(struct file
34555 old_fs = get_fs();
34556 set_fs(get_ds());
34557 /* The cast to a user pointer is valid due to the set_fs() */
34558- res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos);
34559+ res = vfs_readv(file, (__force const struct iovec __user *)vec, vlen, &pos);
34560 set_fs(old_fs);
34561
34562 return res;
34563@@ -571,7 +571,7 @@ static ssize_t kernel_write(struct file
34564 old_fs = get_fs();
34565 set_fs(get_ds());
34566 /* The cast to a user pointer is valid due to the set_fs() */
34567- res = vfs_write(file, (const char __user *)buf, count, &pos);
34568+ res = vfs_write(file, (__force const char __user *)buf, count, &pos);
34569 set_fs(old_fs);
34570
34571 return res;
34572@@ -622,7 +622,7 @@ ssize_t default_file_splice_read(struct
34573 goto err;
34574
34575 this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
34576- vec[i].iov_base = (void __user *) page_address(page);
34577+ vec[i].iov_base = (__force void __user *) page_address(page);
34578 vec[i].iov_len = this_len;
34579 spd.pages[i] = page;
34580 spd.nr_pages++;
34581@@ -842,10 +842,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
34582 int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
34583 {
34584 while (!pipe->nrbufs) {
34585- if (!pipe->writers)
34586+ if (!atomic_read(&pipe->writers))
34587 return 0;
34588
34589- if (!pipe->waiting_writers && sd->num_spliced)
34590+ if (!atomic_read(&pipe->waiting_writers) && sd->num_spliced)
34591 return 0;
34592
34593 if (sd->flags & SPLICE_F_NONBLOCK)
34594@@ -1178,7 +1178,7 @@ ssize_t splice_direct_to_actor(struct fi
34595 * out of the pipe right after the splice_to_pipe(). So set
34596 * PIPE_READERS appropriately.
34597 */
34598- pipe->readers = 1;
34599+ atomic_set(&pipe->readers, 1);
34600
34601 current->splice_pipe = pipe;
34602 }
34603@@ -1730,9 +1730,9 @@ static int ipipe_prep(struct pipe_inode_
34604 ret = -ERESTARTSYS;
34605 break;
34606 }
34607- if (!pipe->writers)
34608+ if (!atomic_read(&pipe->writers))
34609 break;
34610- if (!pipe->waiting_writers) {
34611+ if (!atomic_read(&pipe->waiting_writers)) {
34612 if (flags & SPLICE_F_NONBLOCK) {
34613 ret = -EAGAIN;
34614 break;
34615@@ -1764,7 +1764,7 @@ static int opipe_prep(struct pipe_inode_
34616 pipe_lock(pipe);
34617
34618 while (pipe->nrbufs >= pipe->buffers) {
34619- if (!pipe->readers) {
34620+ if (!atomic_read(&pipe->readers)) {
34621 send_sig(SIGPIPE, current, 0);
34622 ret = -EPIPE;
34623 break;
34624@@ -1777,9 +1777,9 @@ static int opipe_prep(struct pipe_inode_
34625 ret = -ERESTARTSYS;
34626 break;
34627 }
34628- pipe->waiting_writers++;
34629+ atomic_inc(&pipe->waiting_writers);
34630 pipe_wait(pipe);
34631- pipe->waiting_writers--;
34632+ atomic_dec(&pipe->waiting_writers);
34633 }
34634
34635 pipe_unlock(pipe);
34636@@ -1815,14 +1815,14 @@ retry:
34637 pipe_double_lock(ipipe, opipe);
34638
34639 do {
34640- if (!opipe->readers) {
34641+ if (!atomic_read(&opipe->readers)) {
34642 send_sig(SIGPIPE, current, 0);
34643 if (!ret)
34644 ret = -EPIPE;
34645 break;
34646 }
34647
34648- if (!ipipe->nrbufs && !ipipe->writers)
34649+ if (!ipipe->nrbufs && !atomic_read(&ipipe->writers))
34650 break;
34651
34652 /*
34653@@ -1922,7 +1922,7 @@ static int link_pipe(struct pipe_inode_i
34654 pipe_double_lock(ipipe, opipe);
34655
34656 do {
34657- if (!opipe->readers) {
34658+ if (!atomic_read(&opipe->readers)) {
34659 send_sig(SIGPIPE, current, 0);
34660 if (!ret)
34661 ret = -EPIPE;
34662@@ -1967,7 +1967,7 @@ static int link_pipe(struct pipe_inode_i
34663 * return EAGAIN if we have the potential of some data in the
34664 * future, otherwise just return 0
34665 */
34666- if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
34667+ if (!ret && atomic_read(&ipipe->waiting_writers) && (flags & SPLICE_F_NONBLOCK))
34668 ret = -EAGAIN;
34669
34670 pipe_unlock(ipipe);
34671diff -urNp linux-2.6.38.2/fs/sysfs/mount.c linux-2.6.38.2/fs/sysfs/mount.c
34672--- linux-2.6.38.2/fs/sysfs/mount.c 2011-03-14 21:20:32.000000000 -0400
34673+++ linux-2.6.38.2/fs/sysfs/mount.c 2011-03-21 18:31:35.000000000 -0400
34674@@ -36,7 +36,11 @@ struct sysfs_dirent sysfs_root = {
34675 .s_name = "",
34676 .s_count = ATOMIC_INIT(1),
34677 .s_flags = SYSFS_DIR | (KOBJ_NS_TYPE_NONE << SYSFS_NS_TYPE_SHIFT),
34678+#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
34679+ .s_mode = S_IFDIR | S_IRWXU,
34680+#else
34681 .s_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
34682+#endif
34683 .s_ino = 1,
34684 };
34685
34686diff -urNp linux-2.6.38.2/fs/sysfs/symlink.c linux-2.6.38.2/fs/sysfs/symlink.c
34687--- linux-2.6.38.2/fs/sysfs/symlink.c 2011-03-14 21:20:32.000000000 -0400
34688+++ linux-2.6.38.2/fs/sysfs/symlink.c 2011-03-21 18:31:35.000000000 -0400
34689@@ -286,7 +286,7 @@ static void *sysfs_follow_link(struct de
34690
34691 static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
34692 {
34693- char *page = nd_get_link(nd);
34694+ const char *page = nd_get_link(nd);
34695 if (!IS_ERR(page))
34696 free_page((unsigned long)page);
34697 }
34698diff -urNp linux-2.6.38.2/fs/ubifs/debug.c linux-2.6.38.2/fs/ubifs/debug.c
34699--- linux-2.6.38.2/fs/ubifs/debug.c 2011-03-14 21:20:32.000000000 -0400
34700+++ linux-2.6.38.2/fs/ubifs/debug.c 2011-03-21 18:31:35.000000000 -0400
34701@@ -2813,19 +2813,19 @@ int dbg_debugfs_init_fs(struct ubifs_inf
34702 }
34703
34704 fname = "dump_lprops";
34705- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
34706+ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
34707 if (IS_ERR(dent))
34708 goto out_remove;
34709 d->dfs_dump_lprops = dent;
34710
34711 fname = "dump_budg";
34712- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
34713+ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
34714 if (IS_ERR(dent))
34715 goto out_remove;
34716 d->dfs_dump_budg = dent;
34717
34718 fname = "dump_tnc";
34719- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
34720+ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
34721 if (IS_ERR(dent))
34722 goto out_remove;
34723 d->dfs_dump_tnc = dent;
34724diff -urNp linux-2.6.38.2/fs/udf/misc.c linux-2.6.38.2/fs/udf/misc.c
34725--- linux-2.6.38.2/fs/udf/misc.c 2011-03-14 21:20:32.000000000 -0400
34726+++ linux-2.6.38.2/fs/udf/misc.c 2011-03-21 18:31:35.000000000 -0400
34727@@ -142,8 +142,8 @@ struct genericFormat *udf_add_extendedat
34728 iinfo->i_lenEAttr += size;
34729 return (struct genericFormat *)&ea[offset];
34730 }
34731- if (loc & 0x02)
34732- ;
34733+ if (loc & 0x02) {
34734+ }
34735
34736 return NULL;
34737 }
34738@@ -286,7 +286,7 @@ void udf_new_tag(char *data, uint16_t id
34739
34740 u8 udf_tag_checksum(const struct tag *t)
34741 {
34742- u8 *data = (u8 *)t;
34743+ const u8 *data = (const u8 *)t;
34744 u8 checksum = 0;
34745 int i;
34746 for (i = 0; i < sizeof(struct tag); ++i)
34747diff -urNp linux-2.6.38.2/fs/udf/udfdecl.h linux-2.6.38.2/fs/udf/udfdecl.h
34748--- linux-2.6.38.2/fs/udf/udfdecl.h 2011-03-14 21:20:32.000000000 -0400
34749+++ linux-2.6.38.2/fs/udf/udfdecl.h 2011-03-21 18:31:35.000000000 -0400
34750@@ -26,7 +26,7 @@ do { \
34751 printk(f, ##a); \
34752 } while (0)
34753 #else
34754-#define udf_debug(f, a...) /**/
34755+#define udf_debug(f, a...) do {} while (0)
34756 #endif
34757
34758 #define udf_info(f, a...) \
34759diff -urNp linux-2.6.38.2/fs/utimes.c linux-2.6.38.2/fs/utimes.c
34760--- linux-2.6.38.2/fs/utimes.c 2011-03-14 21:20:32.000000000 -0400
34761+++ linux-2.6.38.2/fs/utimes.c 2011-03-21 18:31:35.000000000 -0400
34762@@ -1,6 +1,7 @@
34763 #include <linux/compiler.h>
34764 #include <linux/file.h>
34765 #include <linux/fs.h>
34766+#include <linux/security.h>
34767 #include <linux/linkage.h>
34768 #include <linux/mount.h>
34769 #include <linux/namei.h>
34770@@ -101,6 +102,12 @@ static int utimes_common(struct path *pa
34771 goto mnt_drop_write_and_out;
34772 }
34773 }
34774+
34775+ if (!gr_acl_handle_utime(path->dentry, path->mnt)) {
34776+ error = -EACCES;
34777+ goto mnt_drop_write_and_out;
34778+ }
34779+
34780 mutex_lock(&inode->i_mutex);
34781 error = notify_change(path->dentry, &newattrs);
34782 mutex_unlock(&inode->i_mutex);
34783diff -urNp linux-2.6.38.2/fs/xattr_acl.c linux-2.6.38.2/fs/xattr_acl.c
34784--- linux-2.6.38.2/fs/xattr_acl.c 2011-03-14 21:20:32.000000000 -0400
34785+++ linux-2.6.38.2/fs/xattr_acl.c 2011-03-21 18:31:35.000000000 -0400
34786@@ -17,8 +17,8 @@
34787 struct posix_acl *
34788 posix_acl_from_xattr(const void *value, size_t size)
34789 {
34790- posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
34791- posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
34792+ const posix_acl_xattr_header *header = (const posix_acl_xattr_header *)value;
34793+ const posix_acl_xattr_entry *entry = (const posix_acl_xattr_entry *)(header+1), *end;
34794 int count;
34795 struct posix_acl *acl;
34796 struct posix_acl_entry *acl_e;
34797diff -urNp linux-2.6.38.2/fs/xattr.c linux-2.6.38.2/fs/xattr.c
34798--- linux-2.6.38.2/fs/xattr.c 2011-03-14 21:20:32.000000000 -0400
34799+++ linux-2.6.38.2/fs/xattr.c 2011-03-21 18:31:35.000000000 -0400
34800@@ -247,7 +247,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
34801 * Extended attribute SET operations
34802 */
34803 static long
34804-setxattr(struct dentry *d, const char __user *name, const void __user *value,
34805+setxattr(struct path *path, const char __user *name, const void __user *value,
34806 size_t size, int flags)
34807 {
34808 int error;
34809@@ -271,7 +271,13 @@ setxattr(struct dentry *d, const char __
34810 return PTR_ERR(kvalue);
34811 }
34812
34813- error = vfs_setxattr(d, kname, kvalue, size, flags);
34814+ if (!gr_acl_handle_setxattr(path->dentry, path->mnt)) {
34815+ error = -EACCES;
34816+ goto out;
34817+ }
34818+
34819+ error = vfs_setxattr(path->dentry, kname, kvalue, size, flags);
34820+out:
34821 kfree(kvalue);
34822 return error;
34823 }
34824@@ -288,7 +294,7 @@ SYSCALL_DEFINE5(setxattr, const char __u
34825 return error;
34826 error = mnt_want_write(path.mnt);
34827 if (!error) {
34828- error = setxattr(path.dentry, name, value, size, flags);
34829+ error = setxattr(&path, name, value, size, flags);
34830 mnt_drop_write(path.mnt);
34831 }
34832 path_put(&path);
34833@@ -307,7 +313,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __
34834 return error;
34835 error = mnt_want_write(path.mnt);
34836 if (!error) {
34837- error = setxattr(path.dentry, name, value, size, flags);
34838+ error = setxattr(&path, name, value, size, flags);
34839 mnt_drop_write(path.mnt);
34840 }
34841 path_put(&path);
34842@@ -318,17 +324,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, cons
34843 const void __user *,value, size_t, size, int, flags)
34844 {
34845 struct file *f;
34846- struct dentry *dentry;
34847 int error = -EBADF;
34848
34849 f = fget(fd);
34850 if (!f)
34851 return error;
34852- dentry = f->f_path.dentry;
34853- audit_inode(NULL, dentry);
34854+ audit_inode(NULL, f->f_path.dentry);
34855 error = mnt_want_write_file(f);
34856 if (!error) {
34857- error = setxattr(dentry, name, value, size, flags);
34858+ error = setxattr(&f->f_path, name, value, size, flags);
34859 mnt_drop_write(f->f_path.mnt);
34860 }
34861 fput(f);
34862diff -urNp linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl32.c linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl32.c
34863--- linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl32.c 2011-03-14 21:20:32.000000000 -0400
34864+++ linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl32.c 2011-03-21 18:31:35.000000000 -0400
34865@@ -73,6 +73,7 @@ xfs_compat_ioc_fsgeometry_v1(
34866 xfs_fsop_geom_t fsgeo;
34867 int error;
34868
34869+ memset(&fsgeo, 0, sizeof(fsgeo));
34870 error = xfs_fs_geometry(mp, &fsgeo, 3);
34871 if (error)
34872 return -error;
34873diff -urNp linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl.c linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl.c
34874--- linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl.c 2011-03-14 21:20:32.000000000 -0400
34875+++ linux-2.6.38.2/fs/xfs/linux-2.6/xfs_ioctl.c 2011-03-21 18:31:35.000000000 -0400
34876@@ -128,7 +128,7 @@ xfs_find_handle(
34877 }
34878
34879 error = -EFAULT;
34880- if (copy_to_user(hreq->ohandle, &handle, hsize) ||
34881+ if (hsize > sizeof handle || copy_to_user(hreq->ohandle, &handle, hsize) ||
34882 copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
34883 goto out_put;
34884
34885@@ -720,6 +720,7 @@ xfs_ioc_fsgeometry(
34886 xfs_fsop_geom_t fsgeo;
34887 int error;
34888
34889+ memset(&fsgeo, 0, sizeof(fsgeo));
34890 error = xfs_fs_geometry(mp, &fsgeo, 4);
34891 if (error)
34892 return -error;
34893diff -urNp linux-2.6.38.2/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.38.2/fs/xfs/linux-2.6/xfs_iops.c
34894--- linux-2.6.38.2/fs/xfs/linux-2.6/xfs_iops.c 2011-03-14 21:20:32.000000000 -0400
34895+++ linux-2.6.38.2/fs/xfs/linux-2.6/xfs_iops.c 2011-03-21 18:31:35.000000000 -0400
34896@@ -436,7 +436,7 @@ xfs_vn_put_link(
34897 struct nameidata *nd,
34898 void *p)
34899 {
34900- char *s = nd_get_link(nd);
34901+ const char *s = nd_get_link(nd);
34902
34903 if (!IS_ERR(s))
34904 kfree(s);
34905diff -urNp linux-2.6.38.2/fs/xfs/xfs_bmap.c linux-2.6.38.2/fs/xfs/xfs_bmap.c
34906--- linux-2.6.38.2/fs/xfs/xfs_bmap.c 2011-03-14 21:20:32.000000000 -0400
34907+++ linux-2.6.38.2/fs/xfs/xfs_bmap.c 2011-03-21 18:31:35.000000000 -0400
34908@@ -287,7 +287,7 @@ xfs_bmap_validate_ret(
34909 int nmap,
34910 int ret_nmap);
34911 #else
34912-#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
34913+#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0)
34914 #endif /* DEBUG */
34915
34916 STATIC int
34917diff -urNp linux-2.6.38.2/grsecurity/gracl_alloc.c linux-2.6.38.2/grsecurity/gracl_alloc.c
34918--- linux-2.6.38.2/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500
34919+++ linux-2.6.38.2/grsecurity/gracl_alloc.c 2011-03-21 18:31:35.000000000 -0400
34920@@ -0,0 +1,105 @@
34921+#include <linux/kernel.h>
34922+#include <linux/mm.h>
34923+#include <linux/slab.h>
34924+#include <linux/vmalloc.h>
34925+#include <linux/gracl.h>
34926+#include <linux/grsecurity.h>
34927+
34928+static unsigned long alloc_stack_next = 1;
34929+static unsigned long alloc_stack_size = 1;
34930+static void **alloc_stack;
34931+
34932+static __inline__ int
34933+alloc_pop(void)
34934+{
34935+ if (alloc_stack_next == 1)
34936+ return 0;
34937+
34938+ kfree(alloc_stack[alloc_stack_next - 2]);
34939+
34940+ alloc_stack_next--;
34941+
34942+ return 1;
34943+}
34944+
34945+static __inline__ int
34946+alloc_push(void *buf)
34947+{
34948+ if (alloc_stack_next >= alloc_stack_size)
34949+ return 1;
34950+
34951+ alloc_stack[alloc_stack_next - 1] = buf;
34952+
34953+ alloc_stack_next++;
34954+
34955+ return 0;
34956+}
34957+
34958+void *
34959+acl_alloc(unsigned long len)
34960+{
34961+ void *ret = NULL;
34962+
34963+ if (!len || len > PAGE_SIZE)
34964+ goto out;
34965+
34966+ ret = kmalloc(len, GFP_KERNEL);
34967+
34968+ if (ret) {
34969+ if (alloc_push(ret)) {
34970+ kfree(ret);
34971+ ret = NULL;
34972+ }
34973+ }
34974+
34975+out:
34976+ return ret;
34977+}
34978+
34979+void *
34980+acl_alloc_num(unsigned long num, unsigned long len)
34981+{
34982+ if (!len || (num > (PAGE_SIZE / len)))
34983+ return NULL;
34984+
34985+ return acl_alloc(num * len);
34986+}
34987+
34988+void
34989+acl_free_all(void)
34990+{
34991+ if (gr_acl_is_enabled() || !alloc_stack)
34992+ return;
34993+
34994+ while (alloc_pop()) ;
34995+
34996+ if (alloc_stack) {
34997+ if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
34998+ kfree(alloc_stack);
34999+ else
35000+ vfree(alloc_stack);
35001+ }
35002+
35003+ alloc_stack = NULL;
35004+ alloc_stack_size = 1;
35005+ alloc_stack_next = 1;
35006+
35007+ return;
35008+}
35009+
35010+int
35011+acl_alloc_stack_init(unsigned long size)
35012+{
35013+ if ((size * sizeof (void *)) <= PAGE_SIZE)
35014+ alloc_stack =
35015+ (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
35016+ else
35017+ alloc_stack = (void **) vmalloc(size * sizeof (void *));
35018+
35019+ alloc_stack_size = size;
35020+
35021+ if (!alloc_stack)
35022+ return 0;
35023+ else
35024+ return 1;
35025+}
35026diff -urNp linux-2.6.38.2/grsecurity/gracl.c linux-2.6.38.2/grsecurity/gracl.c
35027--- linux-2.6.38.2/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
35028+++ linux-2.6.38.2/grsecurity/gracl.c 2011-03-28 17:16:45.000000000 -0400
35029@@ -0,0 +1,4074 @@
35030+#include <linux/kernel.h>
35031+#include <linux/module.h>
35032+#include <linux/sched.h>
35033+#include <linux/mm.h>
35034+#include <linux/file.h>
35035+#include <linux/fs.h>
35036+#include <linux/namei.h>
35037+#include <linux/mount.h>
35038+#include <linux/tty.h>
35039+#include <linux/proc_fs.h>
35040+#include <linux/smp_lock.h>
35041+#include <linux/lglock.h>
35042+#include <linux/slab.h>
35043+#include <linux/vmalloc.h>
35044+#include <linux/types.h>
35045+#include <linux/sysctl.h>
35046+#include <linux/netdevice.h>
35047+#include <linux/ptrace.h>
35048+#include <linux/gracl.h>
35049+#include <linux/gralloc.h>
35050+#include <linux/grsecurity.h>
35051+#include <linux/grinternal.h>
35052+#include <linux/pid_namespace.h>
35053+#include <linux/fdtable.h>
35054+#include <linux/percpu.h>
35055+
35056+#include <asm/uaccess.h>
35057+#include <asm/errno.h>
35058+#include <asm/mman.h>
35059+
35060+static struct acl_role_db acl_role_set;
35061+static struct name_db name_set;
35062+static struct inodev_db inodev_set;
35063+
35064+/* for keeping track of userspace pointers used for subjects, so we
35065+ can share references in the kernel as well
35066+*/
35067+
35068+static struct path real_root;
35069+
35070+static struct acl_subj_map_db subj_map_set;
35071+
35072+static struct acl_role_label *default_role;
35073+
35074+static struct acl_role_label *role_list;
35075+
35076+static u16 acl_sp_role_value;
35077+
35078+extern char *gr_shared_page[4];
35079+static DEFINE_MUTEX(gr_dev_mutex);
35080+DEFINE_RWLOCK(gr_inode_lock);
35081+
35082+struct gr_arg *gr_usermode;
35083+
35084+static unsigned int gr_status __read_only = GR_STATUS_INIT;
35085+
35086+extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
35087+extern void gr_clear_learn_entries(void);
35088+
35089+#ifdef CONFIG_GRKERNSEC_RESLOG
35090+extern void gr_log_resource(const struct task_struct *task,
35091+ const int res, const unsigned long wanted, const int gt);
35092+#endif
35093+
35094+unsigned char *gr_system_salt;
35095+unsigned char *gr_system_sum;
35096+
35097+static struct sprole_pw **acl_special_roles = NULL;
35098+static __u16 num_sprole_pws = 0;
35099+
35100+static struct acl_role_label *kernel_role = NULL;
35101+
35102+static unsigned int gr_auth_attempts = 0;
35103+static unsigned long gr_auth_expires = 0UL;
35104+
35105+extern struct vfsmount *sock_mnt;
35106+extern struct vfsmount *pipe_mnt;
35107+extern struct vfsmount *shm_mnt;
35108+#ifdef CONFIG_HUGETLBFS
35109+extern struct vfsmount *hugetlbfs_vfsmount;
35110+#endif
35111+
35112+static struct acl_object_label *fakefs_obj;
35113+
35114+extern int gr_init_uidset(void);
35115+extern void gr_free_uidset(void);
35116+extern void gr_remove_uid(uid_t uid);
35117+extern int gr_find_uid(uid_t uid);
35118+
35119+DECLARE_BRLOCK(vfsmount_lock);
35120+
35121+__inline__ int
35122+gr_acl_is_enabled(void)
35123+{
35124+ return (gr_status & GR_READY);
35125+}
35126+
35127+#ifdef CONFIG_BTRFS_FS
35128+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
35129+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
35130+#endif
35131+
35132+static inline dev_t __get_dev(const struct dentry *dentry)
35133+{
35134+#ifdef CONFIG_BTRFS_FS
35135+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
35136+ return get_btrfs_dev_from_inode(dentry->d_inode);
35137+ else
35138+#endif
35139+ return dentry->d_inode->i_sb->s_dev;
35140+}
35141+
35142+dev_t gr_get_dev_from_dentry(struct dentry *dentry)
35143+{
35144+ return __get_dev(dentry);
35145+}
35146+
35147+static char gr_task_roletype_to_char(struct task_struct *task)
35148+{
35149+ switch (task->role->roletype &
35150+ (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
35151+ GR_ROLE_SPECIAL)) {
35152+ case GR_ROLE_DEFAULT:
35153+ return 'D';
35154+ case GR_ROLE_USER:
35155+ return 'U';
35156+ case GR_ROLE_GROUP:
35157+ return 'G';
35158+ case GR_ROLE_SPECIAL:
35159+ return 'S';
35160+ }
35161+
35162+ return 'X';
35163+}
35164+
35165+char gr_roletype_to_char(void)
35166+{
35167+ return gr_task_roletype_to_char(current);
35168+}
35169+
35170+__inline__ int
35171+gr_acl_tpe_check(void)
35172+{
35173+ if (unlikely(!(gr_status & GR_READY)))
35174+ return 0;
35175+ if (current->role->roletype & GR_ROLE_TPE)
35176+ return 1;
35177+ else
35178+ return 0;
35179+}
35180+
35181+int
35182+gr_handle_rawio(const struct inode *inode)
35183+{
35184+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
35185+ if (inode && S_ISBLK(inode->i_mode) &&
35186+ grsec_enable_chroot_caps && proc_is_chrooted(current) &&
35187+ !capable(CAP_SYS_RAWIO))
35188+ return 1;
35189+#endif
35190+ return 0;
35191+}
35192+
35193+static int
35194+gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
35195+{
35196+ if (likely(lena != lenb))
35197+ return 0;
35198+
35199+ return !memcmp(a, b, lena);
35200+}
35201+
35202+static int prepend(char **buffer, int *buflen, const char *str, int namelen)
35203+{
35204+ *buflen -= namelen;
35205+ if (*buflen < 0)
35206+ return -ENAMETOOLONG;
35207+ *buffer -= namelen;
35208+ memcpy(*buffer, str, namelen);
35209+ return 0;
35210+}
35211+
35212+static int prepend_name(char **buffer, int *buflen, struct qstr *name)
35213+{
35214+ return prepend(buffer, buflen, name->name, name->len);
35215+}
35216+
35217+static int prepend_path(const struct path *path, struct path *root,
35218+ char **buffer, int *buflen)
35219+{
35220+ struct dentry *dentry = path->dentry;
35221+ struct vfsmount *vfsmnt = path->mnt;
35222+ bool slash = false;
35223+ int error = 0;
35224+
35225+ while (dentry != root->dentry || vfsmnt != root->mnt) {
35226+ struct dentry * parent;
35227+
35228+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
35229+ /* Global root? */
35230+ if (vfsmnt->mnt_parent == vfsmnt) {
35231+ goto out;
35232+ }
35233+ dentry = vfsmnt->mnt_mountpoint;
35234+ vfsmnt = vfsmnt->mnt_parent;
35235+ continue;
35236+ }
35237+ parent = dentry->d_parent;
35238+ prefetch(parent);
35239+ spin_lock(&dentry->d_lock);
35240+ error = prepend_name(buffer, buflen, &dentry->d_name);
35241+ spin_unlock(&dentry->d_lock);
35242+ if (!error)
35243+ error = prepend(buffer, buflen, "/", 1);
35244+ if (error)
35245+ break;
35246+
35247+ slash = true;
35248+ dentry = parent;
35249+ }
35250+
35251+out:
35252+ if (!error && !slash)
35253+ error = prepend(buffer, buflen, "/", 1);
35254+
35255+ return error;
35256+}
35257+
35258+/* this must be called with vfsmount_lock and rename_lock held */
35259+
35260+static char *__our_d_path(const struct path *path, struct path *root,
35261+ char *buf, int buflen)
35262+{
35263+ char *res = buf + buflen;
35264+ int error;
35265+
35266+ prepend(&res, &buflen, "\0", 1);
35267+ error = prepend_path(path, root, &res, &buflen);
35268+ if (error)
35269+ return ERR_PTR(error);
35270+
35271+ return res;
35272+}
35273+
35274+static char *
35275+gen_full_path(struct path *path, struct path *root, char *buf, int buflen)
35276+{
35277+ char *retval;
35278+
35279+ retval = __our_d_path(path, root, buf, buflen);
35280+ if (unlikely(IS_ERR(retval)))
35281+ retval = strcpy(buf, "<path too long>");
35282+ else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
35283+ retval[1] = '\0';
35284+
35285+ return retval;
35286+}
35287+
35288+static char *
35289+__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
35290+ char *buf, int buflen)
35291+{
35292+ struct path path;
35293+ char *res;
35294+
35295+ path.dentry = (struct dentry *)dentry;
35296+ path.mnt = (struct vfsmount *)vfsmnt;
35297+
35298+ /* we can use real_root.dentry, real_root.mnt, because this is only called
35299+ by the RBAC system */
35300+ res = gen_full_path(&path, &real_root, buf, buflen);
35301+
35302+ return res;
35303+}
35304+
35305+static char *
35306+d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
35307+ char *buf, int buflen)
35308+{
35309+ char *res;
35310+ struct path path;
35311+ struct path root;
35312+ struct task_struct *reaper = &init_task;
35313+
35314+ path.dentry = (struct dentry *)dentry;
35315+ path.mnt = (struct vfsmount *)vfsmnt;
35316+
35317+ /* we can't use real_root.dentry, real_root.mnt, because they belong only to the RBAC system */
35318+ get_fs_root(reaper->fs, &root);
35319+
35320+ write_seqlock(&rename_lock);
35321+ br_read_lock(vfsmount_lock);
35322+ res = gen_full_path(&path, &root, buf, buflen);
35323+ br_read_unlock(vfsmount_lock);
35324+ write_sequnlock(&rename_lock);
35325+
35326+ path_put(&root);
35327+ return res;
35328+}
35329+
35330+static char *
35331+gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
35332+{
35333+ char *ret;
35334+ write_seqlock(&rename_lock);
35335+ br_read_lock(vfsmount_lock);
35336+ ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
35337+ PAGE_SIZE);
35338+ br_read_unlock(vfsmount_lock);
35339+ write_sequnlock(&rename_lock);
35340+ return ret;
35341+}
35342+
35343+char *
35344+gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
35345+{
35346+ return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
35347+ PAGE_SIZE);
35348+}
35349+
35350+char *
35351+gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
35352+{
35353+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
35354+ PAGE_SIZE);
35355+}
35356+
35357+char *
35358+gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
35359+{
35360+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
35361+ PAGE_SIZE);
35362+}
35363+
35364+char *
35365+gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
35366+{
35367+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
35368+ PAGE_SIZE);
35369+}
35370+
35371+char *
35372+gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
35373+{
35374+ return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
35375+ PAGE_SIZE);
35376+}
35377+
35378+__inline__ __u32
35379+to_gr_audit(const __u32 reqmode)
35380+{
35381+ /* masks off auditable permission flags, then shifts them to create
35382+ auditing flags, and adds the special case of append auditing if
35383+ we're requesting write */
35384+ return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
35385+}
35386+
35387+struct acl_subject_label *
35388+lookup_subject_map(const struct acl_subject_label *userp)
35389+{
35390+ unsigned int index = shash(userp, subj_map_set.s_size);
35391+ struct subject_map *match;
35392+
35393+ match = subj_map_set.s_hash[index];
35394+
35395+ while (match && match->user != userp)
35396+ match = match->next;
35397+
35398+ if (match != NULL)
35399+ return match->kernel;
35400+ else
35401+ return NULL;
35402+}
35403+
35404+static void
35405+insert_subj_map_entry(struct subject_map *subjmap)
35406+{
35407+ unsigned int index = shash(subjmap->user, subj_map_set.s_size);
35408+ struct subject_map **curr;
35409+
35410+ subjmap->prev = NULL;
35411+
35412+ curr = &subj_map_set.s_hash[index];
35413+ if (*curr != NULL)
35414+ (*curr)->prev = subjmap;
35415+
35416+ subjmap->next = *curr;
35417+ *curr = subjmap;
35418+
35419+ return;
35420+}
35421+
35422+static struct acl_role_label *
35423+lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
35424+ const gid_t gid)
35425+{
35426+ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
35427+ struct acl_role_label *match;
35428+ struct role_allowed_ip *ipp;
35429+ unsigned int x;
35430+ u32 curr_ip = task->signal->curr_ip;
35431+
35432+ task->signal->saved_ip = curr_ip;
35433+
35434+ match = acl_role_set.r_hash[index];
35435+
35436+ while (match) {
35437+ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
35438+ for (x = 0; x < match->domain_child_num; x++) {
35439+ if (match->domain_children[x] == uid)
35440+ goto found;
35441+ }
35442+ } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
35443+ break;
35444+ match = match->next;
35445+ }
35446+found:
35447+ if (match == NULL) {
35448+ try_group:
35449+ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
35450+ match = acl_role_set.r_hash[index];
35451+
35452+ while (match) {
35453+ if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
35454+ for (x = 0; x < match->domain_child_num; x++) {
35455+ if (match->domain_children[x] == gid)
35456+ goto found2;
35457+ }
35458+ } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
35459+ break;
35460+ match = match->next;
35461+ }
35462+found2:
35463+ if (match == NULL)
35464+ match = default_role;
35465+ if (match->allowed_ips == NULL)
35466+ return match;
35467+ else {
35468+ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
35469+ if (likely
35470+ ((ntohl(curr_ip) & ipp->netmask) ==
35471+ (ntohl(ipp->addr) & ipp->netmask)))
35472+ return match;
35473+ }
35474+ match = default_role;
35475+ }
35476+ } else if (match->allowed_ips == NULL) {
35477+ return match;
35478+ } else {
35479+ for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
35480+ if (likely
35481+ ((ntohl(curr_ip) & ipp->netmask) ==
35482+ (ntohl(ipp->addr) & ipp->netmask)))
35483+ return match;
35484+ }
35485+ goto try_group;
35486+ }
35487+
35488+ return match;
35489+}
35490+
35491+struct acl_subject_label *
35492+lookup_acl_subj_label(const ino_t ino, const dev_t dev,
35493+ const struct acl_role_label *role)
35494+{
35495+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
35496+ struct acl_subject_label *match;
35497+
35498+ match = role->subj_hash[index];
35499+
35500+ while (match && (match->inode != ino || match->device != dev ||
35501+ (match->mode & GR_DELETED))) {
35502+ match = match->next;
35503+ }
35504+
35505+ if (match && !(match->mode & GR_DELETED))
35506+ return match;
35507+ else
35508+ return NULL;
35509+}
35510+
35511+struct acl_subject_label *
35512+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
35513+ const struct acl_role_label *role)
35514+{
35515+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
35516+ struct acl_subject_label *match;
35517+
35518+ match = role->subj_hash[index];
35519+
35520+ while (match && (match->inode != ino || match->device != dev ||
35521+ !(match->mode & GR_DELETED))) {
35522+ match = match->next;
35523+ }
35524+
35525+ if (match && (match->mode & GR_DELETED))
35526+ return match;
35527+ else
35528+ return NULL;
35529+}
35530+
35531+static struct acl_object_label *
35532+lookup_acl_obj_label(const ino_t ino, const dev_t dev,
35533+ const struct acl_subject_label *subj)
35534+{
35535+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
35536+ struct acl_object_label *match;
35537+
35538+ match = subj->obj_hash[index];
35539+
35540+ while (match && (match->inode != ino || match->device != dev ||
35541+ (match->mode & GR_DELETED))) {
35542+ match = match->next;
35543+ }
35544+
35545+ if (match && !(match->mode & GR_DELETED))
35546+ return match;
35547+ else
35548+ return NULL;
35549+}
35550+
35551+static struct acl_object_label *
35552+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
35553+ const struct acl_subject_label *subj)
35554+{
35555+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
35556+ struct acl_object_label *match;
35557+
35558+ match = subj->obj_hash[index];
35559+
35560+ while (match && (match->inode != ino || match->device != dev ||
35561+ !(match->mode & GR_DELETED))) {
35562+ match = match->next;
35563+ }
35564+
35565+ if (match && (match->mode & GR_DELETED))
35566+ return match;
35567+
35568+ match = subj->obj_hash[index];
35569+
35570+ while (match && (match->inode != ino || match->device != dev ||
35571+ (match->mode & GR_DELETED))) {
35572+ match = match->next;
35573+ }
35574+
35575+ if (match && !(match->mode & GR_DELETED))
35576+ return match;
35577+ else
35578+ return NULL;
35579+}
35580+
35581+static struct name_entry *
35582+lookup_name_entry(const char *name)
35583+{
35584+ unsigned int len = strlen(name);
35585+ unsigned int key = full_name_hash(name, len);
35586+ unsigned int index = key % name_set.n_size;
35587+ struct name_entry *match;
35588+
35589+ match = name_set.n_hash[index];
35590+
35591+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
35592+ match = match->next;
35593+
35594+ return match;
35595+}
35596+
35597+static struct name_entry *
35598+lookup_name_entry_create(const char *name)
35599+{
35600+ unsigned int len = strlen(name);
35601+ unsigned int key = full_name_hash(name, len);
35602+ unsigned int index = key % name_set.n_size;
35603+ struct name_entry *match;
35604+
35605+ match = name_set.n_hash[index];
35606+
35607+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
35608+ !match->deleted))
35609+ match = match->next;
35610+
35611+ if (match && match->deleted)
35612+ return match;
35613+
35614+ match = name_set.n_hash[index];
35615+
35616+ while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
35617+ match->deleted))
35618+ match = match->next;
35619+
35620+ if (match && !match->deleted)
35621+ return match;
35622+ else
35623+ return NULL;
35624+}
35625+
35626+static struct inodev_entry *
35627+lookup_inodev_entry(const ino_t ino, const dev_t dev)
35628+{
35629+ unsigned int index = fhash(ino, dev, inodev_set.i_size);
35630+ struct inodev_entry *match;
35631+
35632+ match = inodev_set.i_hash[index];
35633+
35634+ while (match && (match->nentry->inode != ino || match->nentry->device != dev))
35635+ match = match->next;
35636+
35637+ return match;
35638+}
35639+
35640+static void
35641+insert_inodev_entry(struct inodev_entry *entry)
35642+{
35643+ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
35644+ inodev_set.i_size);
35645+ struct inodev_entry **curr;
35646+
35647+ entry->prev = NULL;
35648+
35649+ curr = &inodev_set.i_hash[index];
35650+ if (*curr != NULL)
35651+ (*curr)->prev = entry;
35652+
35653+ entry->next = *curr;
35654+ *curr = entry;
35655+
35656+ return;
35657+}
35658+
35659+static void
35660+__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
35661+{
35662+ unsigned int index =
35663+ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
35664+ struct acl_role_label **curr;
35665+ struct acl_role_label *tmp;
35666+
35667+ curr = &acl_role_set.r_hash[index];
35668+
35669+ /* if role was already inserted due to domains and already has
35670+ a role in the same bucket as it attached, then we need to
35671+ combine these two buckets
35672+ */
35673+ if (role->next) {
35674+ tmp = role->next;
35675+ while (tmp->next)
35676+ tmp = tmp->next;
35677+ tmp->next = *curr;
35678+ } else
35679+ role->next = *curr;
35680+ *curr = role;
35681+
35682+ return;
35683+}
35684+
35685+static void
35686+insert_acl_role_label(struct acl_role_label *role)
35687+{
35688+ int i;
35689+
35690+ if (role_list == NULL) {
35691+ role_list = role;
35692+ role->prev = NULL;
35693+ } else {
35694+ role->prev = role_list;
35695+ role_list = role;
35696+ }
35697+
35698+ /* used for hash chains */
35699+ role->next = NULL;
35700+
35701+ if (role->roletype & GR_ROLE_DOMAIN) {
35702+ for (i = 0; i < role->domain_child_num; i++)
35703+ __insert_acl_role_label(role, role->domain_children[i]);
35704+ } else
35705+ __insert_acl_role_label(role, role->uidgid);
35706+}
35707+
35708+static int
35709+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
35710+{
35711+ struct name_entry **curr, *nentry;
35712+ struct inodev_entry *ientry;
35713+ unsigned int len = strlen(name);
35714+ unsigned int key = full_name_hash(name, len);
35715+ unsigned int index = key % name_set.n_size;
35716+
35717+ curr = &name_set.n_hash[index];
35718+
35719+ while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
35720+ curr = &((*curr)->next);
35721+
35722+ if (*curr != NULL)
35723+ return 1;
35724+
35725+ nentry = acl_alloc(sizeof (struct name_entry));
35726+ if (nentry == NULL)
35727+ return 0;
35728+ ientry = acl_alloc(sizeof (struct inodev_entry));
35729+ if (ientry == NULL)
35730+ return 0;
35731+ ientry->nentry = nentry;
35732+
35733+ nentry->key = key;
35734+ nentry->name = name;
35735+ nentry->inode = inode;
35736+ nentry->device = device;
35737+ nentry->len = len;
35738+ nentry->deleted = deleted;
35739+
35740+ nentry->prev = NULL;
35741+ curr = &name_set.n_hash[index];
35742+ if (*curr != NULL)
35743+ (*curr)->prev = nentry;
35744+ nentry->next = *curr;
35745+ *curr = nentry;
35746+
35747+ /* insert us into the table searchable by inode/dev */
35748+ insert_inodev_entry(ientry);
35749+
35750+ return 1;
35751+}
35752+
35753+static void
35754+insert_acl_obj_label(struct acl_object_label *obj,
35755+ struct acl_subject_label *subj)
35756+{
35757+ unsigned int index =
35758+ fhash(obj->inode, obj->device, subj->obj_hash_size);
35759+ struct acl_object_label **curr;
35760+
35761+
35762+ obj->prev = NULL;
35763+
35764+ curr = &subj->obj_hash[index];
35765+ if (*curr != NULL)
35766+ (*curr)->prev = obj;
35767+
35768+ obj->next = *curr;
35769+ *curr = obj;
35770+
35771+ return;
35772+}
35773+
35774+static void
35775+insert_acl_subj_label(struct acl_subject_label *obj,
35776+ struct acl_role_label *role)
35777+{
35778+ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
35779+ struct acl_subject_label **curr;
35780+
35781+ obj->prev = NULL;
35782+
35783+ curr = &role->subj_hash[index];
35784+ if (*curr != NULL)
35785+ (*curr)->prev = obj;
35786+
35787+ obj->next = *curr;
35788+ *curr = obj;
35789+
35790+ return;
35791+}
35792+
35793+/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
35794+
35795+static void *
35796+create_table(__u32 * len, int elementsize)
35797+{
35798+ unsigned int table_sizes[] = {
35799+ 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
35800+ 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
35801+ 4194301, 8388593, 16777213, 33554393, 67108859
35802+ };
35803+ void *newtable = NULL;
35804+ unsigned int pwr = 0;
35805+
35806+ while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
35807+ table_sizes[pwr] <= *len)
35808+ pwr++;
35809+
35810+ if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
35811+ return newtable;
35812+
35813+ if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
35814+ newtable =
35815+ kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
35816+ else
35817+ newtable = vmalloc(table_sizes[pwr] * elementsize);
35818+
35819+ *len = table_sizes[pwr];
35820+
35821+ return newtable;
35822+}
35823+
35824+static int
35825+init_variables(const struct gr_arg *arg)
35826+{
35827+ struct task_struct *reaper = &init_task;
35828+ unsigned int stacksize;
35829+
35830+ subj_map_set.s_size = arg->role_db.num_subjects;
35831+ acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
35832+ name_set.n_size = arg->role_db.num_objects;
35833+ inodev_set.i_size = arg->role_db.num_objects;
35834+
35835+ if (!subj_map_set.s_size || !acl_role_set.r_size ||
35836+ !name_set.n_size || !inodev_set.i_size)
35837+ return 1;
35838+
35839+ if (!gr_init_uidset())
35840+ return 1;
35841+
35842+ /* set up the stack that holds allocation info */
35843+
35844+ stacksize = arg->role_db.num_pointers + 5;
35845+
35846+ if (!acl_alloc_stack_init(stacksize))
35847+ return 1;
35848+
35849+ /* grab reference for the real root dentry and vfsmount */
35850+ get_fs_root(reaper->fs, &real_root);
35851+
35852+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
35853+ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(real_root.dentry), real_root.dentry->d_inode->i_ino);
35854+#endif
35855+
35856+ fakefs_obj = acl_alloc(sizeof(struct acl_object_label));
35857+ if (fakefs_obj == NULL)
35858+ return 1;
35859+ fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
35860+
35861+ subj_map_set.s_hash =
35862+ (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
35863+ acl_role_set.r_hash =
35864+ (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
35865+ name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
35866+ inodev_set.i_hash =
35867+ (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
35868+
35869+ if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
35870+ !name_set.n_hash || !inodev_set.i_hash)
35871+ return 1;
35872+
35873+ memset(subj_map_set.s_hash, 0,
35874+ sizeof(struct subject_map *) * subj_map_set.s_size);
35875+ memset(acl_role_set.r_hash, 0,
35876+ sizeof (struct acl_role_label *) * acl_role_set.r_size);
35877+ memset(name_set.n_hash, 0,
35878+ sizeof (struct name_entry *) * name_set.n_size);
35879+ memset(inodev_set.i_hash, 0,
35880+ sizeof (struct inodev_entry *) * inodev_set.i_size);
35881+
35882+ return 0;
35883+}
35884+
35885+/* free information not needed after startup
35886+ currently contains user->kernel pointer mappings for subjects
35887+*/
35888+
35889+static void
35890+free_init_variables(void)
35891+{
35892+ __u32 i;
35893+
35894+ if (subj_map_set.s_hash) {
35895+ for (i = 0; i < subj_map_set.s_size; i++) {
35896+ if (subj_map_set.s_hash[i]) {
35897+ kfree(subj_map_set.s_hash[i]);
35898+ subj_map_set.s_hash[i] = NULL;
35899+ }
35900+ }
35901+
35902+ if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
35903+ PAGE_SIZE)
35904+ kfree(subj_map_set.s_hash);
35905+ else
35906+ vfree(subj_map_set.s_hash);
35907+ }
35908+
35909+ return;
35910+}
35911+
35912+static void
35913+free_variables(void)
35914+{
35915+ struct acl_subject_label *s;
35916+ struct acl_role_label *r;
35917+ struct task_struct *task, *task2;
35918+ unsigned int x;
35919+
35920+ gr_clear_learn_entries();
35921+
35922+ read_lock(&tasklist_lock);
35923+ do_each_thread(task2, task) {
35924+ task->acl_sp_role = 0;
35925+ task->acl_role_id = 0;
35926+ task->acl = NULL;
35927+ task->role = NULL;
35928+ } while_each_thread(task2, task);
35929+ read_unlock(&tasklist_lock);
35930+
35931+ /* release the reference to the real root dentry and vfsmount */
35932+ path_put(&real_root);
35933+
35934+ /* free all object hash tables */
35935+
35936+ FOR_EACH_ROLE_START(r)
35937+ if (r->subj_hash == NULL)
35938+ goto next_role;
35939+ FOR_EACH_SUBJECT_START(r, s, x)
35940+ if (s->obj_hash == NULL)
35941+ break;
35942+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
35943+ kfree(s->obj_hash);
35944+ else
35945+ vfree(s->obj_hash);
35946+ FOR_EACH_SUBJECT_END(s, x)
35947+ FOR_EACH_NESTED_SUBJECT_START(r, s)
35948+ if (s->obj_hash == NULL)
35949+ break;
35950+ if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
35951+ kfree(s->obj_hash);
35952+ else
35953+ vfree(s->obj_hash);
35954+ FOR_EACH_NESTED_SUBJECT_END(s)
35955+ if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
35956+ kfree(r->subj_hash);
35957+ else
35958+ vfree(r->subj_hash);
35959+ r->subj_hash = NULL;
35960+next_role:
35961+ FOR_EACH_ROLE_END(r)
35962+
35963+ acl_free_all();
35964+
35965+ if (acl_role_set.r_hash) {
35966+ if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
35967+ PAGE_SIZE)
35968+ kfree(acl_role_set.r_hash);
35969+ else
35970+ vfree(acl_role_set.r_hash);
35971+ }
35972+ if (name_set.n_hash) {
35973+ if ((name_set.n_size * sizeof (struct name_entry *)) <=
35974+ PAGE_SIZE)
35975+ kfree(name_set.n_hash);
35976+ else
35977+ vfree(name_set.n_hash);
35978+ }
35979+
35980+ if (inodev_set.i_hash) {
35981+ if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
35982+ PAGE_SIZE)
35983+ kfree(inodev_set.i_hash);
35984+ else
35985+ vfree(inodev_set.i_hash);
35986+ }
35987+
35988+ gr_free_uidset();
35989+
35990+ memset(&name_set, 0, sizeof (struct name_db));
35991+ memset(&inodev_set, 0, sizeof (struct inodev_db));
35992+ memset(&acl_role_set, 0, sizeof (struct acl_role_db));
35993+ memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
35994+
35995+ default_role = NULL;
35996+ role_list = NULL;
35997+
35998+ return;
35999+}
36000+
36001+static __u32
36002+count_user_objs(struct acl_object_label *userp)
36003+{
36004+ struct acl_object_label o_tmp;
36005+ __u32 num = 0;
36006+
36007+ while (userp) {
36008+ if (copy_from_user(&o_tmp, userp,
36009+ sizeof (struct acl_object_label)))
36010+ break;
36011+
36012+ userp = o_tmp.prev;
36013+ num++;
36014+ }
36015+
36016+ return num;
36017+}
36018+
36019+static struct acl_subject_label *
36020+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
36021+
36022+static int
36023+copy_user_glob(struct acl_object_label *obj)
36024+{
36025+ struct acl_object_label *g_tmp, **guser;
36026+ unsigned int len;
36027+ char *tmp;
36028+
36029+ if (obj->globbed == NULL)
36030+ return 0;
36031+
36032+ guser = &obj->globbed;
36033+ while (*guser) {
36034+ g_tmp = (struct acl_object_label *)
36035+ acl_alloc(sizeof (struct acl_object_label));
36036+ if (g_tmp == NULL)
36037+ return -ENOMEM;
36038+
36039+ if (copy_from_user(g_tmp, *guser,
36040+ sizeof (struct acl_object_label)))
36041+ return -EFAULT;
36042+
36043+ len = strnlen_user(g_tmp->filename, PATH_MAX);
36044+
36045+ if (!len || len >= PATH_MAX)
36046+ return -EINVAL;
36047+
36048+ if ((tmp = (char *) acl_alloc(len)) == NULL)
36049+ return -ENOMEM;
36050+
36051+ if (copy_from_user(tmp, g_tmp->filename, len))
36052+ return -EFAULT;
36053+ tmp[len-1] = '\0';
36054+ g_tmp->filename = tmp;
36055+
36056+ *guser = g_tmp;
36057+ guser = &(g_tmp->next);
36058+ }
36059+
36060+ return 0;
36061+}
36062+
36063+static int
36064+copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
36065+ struct acl_role_label *role)
36066+{
36067+ struct acl_object_label *o_tmp;
36068+ unsigned int len;
36069+ int ret;
36070+ char *tmp;
36071+
36072+ while (userp) {
36073+ if ((o_tmp = (struct acl_object_label *)
36074+ acl_alloc(sizeof (struct acl_object_label))) == NULL)
36075+ return -ENOMEM;
36076+
36077+ if (copy_from_user(o_tmp, userp,
36078+ sizeof (struct acl_object_label)))
36079+ return -EFAULT;
36080+
36081+ userp = o_tmp->prev;
36082+
36083+ len = strnlen_user(o_tmp->filename, PATH_MAX);
36084+
36085+ if (!len || len >= PATH_MAX)
36086+ return -EINVAL;
36087+
36088+ if ((tmp = (char *) acl_alloc(len)) == NULL)
36089+ return -ENOMEM;
36090+
36091+ if (copy_from_user(tmp, o_tmp->filename, len))
36092+ return -EFAULT;
36093+ tmp[len-1] = '\0';
36094+ o_tmp->filename = tmp;
36095+
36096+ insert_acl_obj_label(o_tmp, subj);
36097+ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
36098+ o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
36099+ return -ENOMEM;
36100+
36101+ ret = copy_user_glob(o_tmp);
36102+ if (ret)
36103+ return ret;
36104+
36105+ if (o_tmp->nested) {
36106+ o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
36107+ if (IS_ERR(o_tmp->nested))
36108+ return PTR_ERR(o_tmp->nested);
36109+
36110+ /* insert into nested subject list */
36111+ o_tmp->nested->next = role->hash->first;
36112+ role->hash->first = o_tmp->nested;
36113+ }
36114+ }
36115+
36116+ return 0;
36117+}
36118+
36119+static __u32
36120+count_user_subjs(struct acl_subject_label *userp)
36121+{
36122+ struct acl_subject_label s_tmp;
36123+ __u32 num = 0;
36124+
36125+ while (userp) {
36126+ if (copy_from_user(&s_tmp, userp,
36127+ sizeof (struct acl_subject_label)))
36128+ break;
36129+
36130+ userp = s_tmp.prev;
36131+ /* do not count nested subjects against this count, since
36132+ they are not included in the hash table, but are
36133+ attached to objects. We have already counted
36134+ the subjects in userspace for the allocation
36135+ stack
36136+ */
36137+ if (!(s_tmp.mode & GR_NESTED))
36138+ num++;
36139+ }
36140+
36141+ return num;
36142+}
36143+
36144+static int
36145+copy_user_allowedips(struct acl_role_label *rolep)
36146+{
36147+ struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
36148+
36149+ ruserip = rolep->allowed_ips;
36150+
36151+ while (ruserip) {
36152+ rlast = rtmp;
36153+
36154+ if ((rtmp = (struct role_allowed_ip *)
36155+ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
36156+ return -ENOMEM;
36157+
36158+ if (copy_from_user(rtmp, ruserip,
36159+ sizeof (struct role_allowed_ip)))
36160+ return -EFAULT;
36161+
36162+ ruserip = rtmp->prev;
36163+
36164+ if (!rlast) {
36165+ rtmp->prev = NULL;
36166+ rolep->allowed_ips = rtmp;
36167+ } else {
36168+ rlast->next = rtmp;
36169+ rtmp->prev = rlast;
36170+ }
36171+
36172+ if (!ruserip)
36173+ rtmp->next = NULL;
36174+ }
36175+
36176+ return 0;
36177+}
36178+
36179+static int
36180+copy_user_transitions(struct acl_role_label *rolep)
36181+{
36182+ struct role_transition *rusertp, *rtmp = NULL, *rlast;
36183+
36184+ unsigned int len;
36185+ char *tmp;
36186+
36187+ rusertp = rolep->transitions;
36188+
36189+ while (rusertp) {
36190+ rlast = rtmp;
36191+
36192+ if ((rtmp = (struct role_transition *)
36193+ acl_alloc(sizeof (struct role_transition))) == NULL)
36194+ return -ENOMEM;
36195+
36196+ if (copy_from_user(rtmp, rusertp,
36197+ sizeof (struct role_transition)))
36198+ return -EFAULT;
36199+
36200+ rusertp = rtmp->prev;
36201+
36202+ len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
36203+
36204+ if (!len || len >= GR_SPROLE_LEN)
36205+ return -EINVAL;
36206+
36207+ if ((tmp = (char *) acl_alloc(len)) == NULL)
36208+ return -ENOMEM;
36209+
36210+ if (copy_from_user(tmp, rtmp->rolename, len))
36211+ return -EFAULT;
36212+ tmp[len-1] = '\0';
36213+ rtmp->rolename = tmp;
36214+
36215+ if (!rlast) {
36216+ rtmp->prev = NULL;
36217+ rolep->transitions = rtmp;
36218+ } else {
36219+ rlast->next = rtmp;
36220+ rtmp->prev = rlast;
36221+ }
36222+
36223+ if (!rusertp)
36224+ rtmp->next = NULL;
36225+ }
36226+
36227+ return 0;
36228+}
36229+
36230+static struct acl_subject_label *
36231+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
36232+{
36233+ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
36234+ unsigned int len;
36235+ char *tmp;
36236+ __u32 num_objs;
36237+ struct acl_ip_label **i_tmp, *i_utmp2;
36238+ struct gr_hash_struct ghash;
36239+ struct subject_map *subjmap;
36240+ unsigned int i_num;
36241+ int err;
36242+
36243+ s_tmp = lookup_subject_map(userp);
36244+
36245+ /* we've already copied this subject into the kernel, just return
36246+ the reference to it, and don't copy it over again
36247+ */
36248+ if (s_tmp)
36249+ return(s_tmp);
36250+
36251+ if ((s_tmp = (struct acl_subject_label *)
36252+ acl_alloc(sizeof (struct acl_subject_label))) == NULL)
36253+ return ERR_PTR(-ENOMEM);
36254+
36255+ subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
36256+ if (subjmap == NULL)
36257+ return ERR_PTR(-ENOMEM);
36258+
36259+ subjmap->user = userp;
36260+ subjmap->kernel = s_tmp;
36261+ insert_subj_map_entry(subjmap);
36262+
36263+ if (copy_from_user(s_tmp, userp,
36264+ sizeof (struct acl_subject_label)))
36265+ return ERR_PTR(-EFAULT);
36266+
36267+ len = strnlen_user(s_tmp->filename, PATH_MAX);
36268+
36269+ if (!len || len >= PATH_MAX)
36270+ return ERR_PTR(-EINVAL);
36271+
36272+ if ((tmp = (char *) acl_alloc(len)) == NULL)
36273+ return ERR_PTR(-ENOMEM);
36274+
36275+ if (copy_from_user(tmp, s_tmp->filename, len))
36276+ return ERR_PTR(-EFAULT);
36277+ tmp[len-1] = '\0';
36278+ s_tmp->filename = tmp;
36279+
36280+ if (!strcmp(s_tmp->filename, "/"))
36281+ role->root_label = s_tmp;
36282+
36283+ if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
36284+ return ERR_PTR(-EFAULT);
36285+
36286+ /* copy user and group transition tables */
36287+
36288+ if (s_tmp->user_trans_num) {
36289+ uid_t *uidlist;
36290+
36291+ uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
36292+ if (uidlist == NULL)
36293+ return ERR_PTR(-ENOMEM);
36294+ if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
36295+ return ERR_PTR(-EFAULT);
36296+
36297+ s_tmp->user_transitions = uidlist;
36298+ }
36299+
36300+ if (s_tmp->group_trans_num) {
36301+ gid_t *gidlist;
36302+
36303+ gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
36304+ if (gidlist == NULL)
36305+ return ERR_PTR(-ENOMEM);
36306+ if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
36307+ return ERR_PTR(-EFAULT);
36308+
36309+ s_tmp->group_transitions = gidlist;
36310+ }
36311+
36312+ /* set up object hash table */
36313+ num_objs = count_user_objs(ghash.first);
36314+
36315+ s_tmp->obj_hash_size = num_objs;
36316+ s_tmp->obj_hash =
36317+ (struct acl_object_label **)
36318+ create_table(&(s_tmp->obj_hash_size), sizeof(void *));
36319+
36320+ if (!s_tmp->obj_hash)
36321+ return ERR_PTR(-ENOMEM);
36322+
36323+ memset(s_tmp->obj_hash, 0,
36324+ s_tmp->obj_hash_size *
36325+ sizeof (struct acl_object_label *));
36326+
36327+ /* add in objects */
36328+ err = copy_user_objs(ghash.first, s_tmp, role);
36329+
36330+ if (err)
36331+ return ERR_PTR(err);
36332+
36333+ /* set pointer for parent subject */
36334+ if (s_tmp->parent_subject) {
36335+ s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
36336+
36337+ if (IS_ERR(s_tmp2))
36338+ return s_tmp2;
36339+
36340+ s_tmp->parent_subject = s_tmp2;
36341+ }
36342+
36343+ /* add in ip acls */
36344+
36345+ if (!s_tmp->ip_num) {
36346+ s_tmp->ips = NULL;
36347+ goto insert;
36348+ }
36349+
36350+ i_tmp =
36351+ (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
36352+ sizeof (struct acl_ip_label *));
36353+
36354+ if (!i_tmp)
36355+ return ERR_PTR(-ENOMEM);
36356+
36357+ for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
36358+ *(i_tmp + i_num) =
36359+ (struct acl_ip_label *)
36360+ acl_alloc(sizeof (struct acl_ip_label));
36361+ if (!*(i_tmp + i_num))
36362+ return ERR_PTR(-ENOMEM);
36363+
36364+ if (copy_from_user
36365+ (&i_utmp2, s_tmp->ips + i_num,
36366+ sizeof (struct acl_ip_label *)))
36367+ return ERR_PTR(-EFAULT);
36368+
36369+ if (copy_from_user
36370+ (*(i_tmp + i_num), i_utmp2,
36371+ sizeof (struct acl_ip_label)))
36372+ return ERR_PTR(-EFAULT);
36373+
36374+ if ((*(i_tmp + i_num))->iface == NULL)
36375+ continue;
36376+
36377+ len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
36378+ if (!len || len >= IFNAMSIZ)
36379+ return ERR_PTR(-EINVAL);
36380+ tmp = acl_alloc(len);
36381+ if (tmp == NULL)
36382+ return ERR_PTR(-ENOMEM);
36383+ if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
36384+ return ERR_PTR(-EFAULT);
36385+ (*(i_tmp + i_num))->iface = tmp;
36386+ }
36387+
36388+ s_tmp->ips = i_tmp;
36389+
36390+insert:
36391+ if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
36392+ s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
36393+ return ERR_PTR(-ENOMEM);
36394+
36395+ return s_tmp;
36396+}
36397+
36398+static int
36399+copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
36400+{
36401+ struct acl_subject_label s_pre;
36402+ struct acl_subject_label * ret;
36403+ int err;
36404+
36405+ while (userp) {
36406+ if (copy_from_user(&s_pre, userp,
36407+ sizeof (struct acl_subject_label)))
36408+ return -EFAULT;
36409+
36410+ /* do not add nested subjects here, add
36411+ while parsing objects
36412+ */
36413+
36414+ if (s_pre.mode & GR_NESTED) {
36415+ userp = s_pre.prev;
36416+ continue;
36417+ }
36418+
36419+ ret = do_copy_user_subj(userp, role);
36420+
36421+ err = PTR_ERR(ret);
36422+ if (IS_ERR(ret))
36423+ return err;
36424+
36425+ insert_acl_subj_label(ret, role);
36426+
36427+ userp = s_pre.prev;
36428+ }
36429+
36430+ return 0;
36431+}
36432+
36433+static int
36434+copy_user_acl(struct gr_arg *arg)
36435+{
36436+ struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
36437+ struct sprole_pw *sptmp;
36438+ struct gr_hash_struct *ghash;
36439+ uid_t *domainlist;
36440+ unsigned int r_num;
36441+ unsigned int len;
36442+ char *tmp;
36443+ int err = 0;
36444+ __u16 i;
36445+ __u32 num_subjs;
36446+
36447+ /* we need a default and kernel role */
36448+ if (arg->role_db.num_roles < 2)
36449+ return -EINVAL;
36450+
36451+ /* copy special role authentication info from userspace */
36452+
36453+ num_sprole_pws = arg->num_sprole_pws;
36454+ acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
36455+
36456+ if (!acl_special_roles) {
36457+ err = -ENOMEM;
36458+ goto cleanup;
36459+ }
36460+
36461+ for (i = 0; i < num_sprole_pws; i++) {
36462+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
36463+ if (!sptmp) {
36464+ err = -ENOMEM;
36465+ goto cleanup;
36466+ }
36467+ if (copy_from_user(sptmp, arg->sprole_pws + i,
36468+ sizeof (struct sprole_pw))) {
36469+ err = -EFAULT;
36470+ goto cleanup;
36471+ }
36472+
36473+ len =
36474+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
36475+
36476+ if (!len || len >= GR_SPROLE_LEN) {
36477+ err = -EINVAL;
36478+ goto cleanup;
36479+ }
36480+
36481+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
36482+ err = -ENOMEM;
36483+ goto cleanup;
36484+ }
36485+
36486+ if (copy_from_user(tmp, sptmp->rolename, len)) {
36487+ err = -EFAULT;
36488+ goto cleanup;
36489+ }
36490+ tmp[len-1] = '\0';
36491+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
36492+ printk(KERN_ALERT "Copying special role %s\n", tmp);
36493+#endif
36494+ sptmp->rolename = tmp;
36495+ acl_special_roles[i] = sptmp;
36496+ }
36497+
36498+ r_utmp = (struct acl_role_label **) arg->role_db.r_table;
36499+
36500+ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
36501+ r_tmp = acl_alloc(sizeof (struct acl_role_label));
36502+
36503+ if (!r_tmp) {
36504+ err = -ENOMEM;
36505+ goto cleanup;
36506+ }
36507+
36508+ if (copy_from_user(&r_utmp2, r_utmp + r_num,
36509+ sizeof (struct acl_role_label *))) {
36510+ err = -EFAULT;
36511+ goto cleanup;
36512+ }
36513+
36514+ if (copy_from_user(r_tmp, r_utmp2,
36515+ sizeof (struct acl_role_label))) {
36516+ err = -EFAULT;
36517+ goto cleanup;
36518+ }
36519+
36520+ len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
36521+
36522+ if (!len || len >= PATH_MAX) {
36523+ err = -EINVAL;
36524+ goto cleanup;
36525+ }
36526+
36527+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
36528+ err = -ENOMEM;
36529+ goto cleanup;
36530+ }
36531+ if (copy_from_user(tmp, r_tmp->rolename, len)) {
36532+ err = -EFAULT;
36533+ goto cleanup;
36534+ }
36535+ tmp[len-1] = '\0';
36536+ r_tmp->rolename = tmp;
36537+
36538+ if (!strcmp(r_tmp->rolename, "default")
36539+ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
36540+ default_role = r_tmp;
36541+ } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
36542+ kernel_role = r_tmp;
36543+ }
36544+
36545+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
36546+ err = -ENOMEM;
36547+ goto cleanup;
36548+ }
36549+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
36550+ err = -EFAULT;
36551+ goto cleanup;
36552+ }
36553+
36554+ r_tmp->hash = ghash;
36555+
36556+ num_subjs = count_user_subjs(r_tmp->hash->first);
36557+
36558+ r_tmp->subj_hash_size = num_subjs;
36559+ r_tmp->subj_hash =
36560+ (struct acl_subject_label **)
36561+ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
36562+
36563+ if (!r_tmp->subj_hash) {
36564+ err = -ENOMEM;
36565+ goto cleanup;
36566+ }
36567+
36568+ err = copy_user_allowedips(r_tmp);
36569+ if (err)
36570+ goto cleanup;
36571+
36572+ /* copy domain info */
36573+ if (r_tmp->domain_children != NULL) {
36574+ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
36575+ if (domainlist == NULL) {
36576+ err = -ENOMEM;
36577+ goto cleanup;
36578+ }
36579+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
36580+ err = -EFAULT;
36581+ goto cleanup;
36582+ }
36583+ r_tmp->domain_children = domainlist;
36584+ }
36585+
36586+ err = copy_user_transitions(r_tmp);
36587+ if (err)
36588+ goto cleanup;
36589+
36590+ memset(r_tmp->subj_hash, 0,
36591+ r_tmp->subj_hash_size *
36592+ sizeof (struct acl_subject_label *));
36593+
36594+ err = copy_user_subjs(r_tmp->hash->first, r_tmp);
36595+
36596+ if (err)
36597+ goto cleanup;
36598+
36599+ /* set nested subject list to null */
36600+ r_tmp->hash->first = NULL;
36601+
36602+ insert_acl_role_label(r_tmp);
36603+ }
36604+
36605+ goto return_err;
36606+ cleanup:
36607+ free_variables();
36608+ return_err:
36609+ return err;
36610+
36611+}
36612+
36613+static int
36614+gracl_init(struct gr_arg *args)
36615+{
36616+ int error = 0;
36617+
36618+ memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
36619+ memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
36620+
36621+ if (init_variables(args)) {
36622+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
36623+ error = -ENOMEM;
36624+ free_variables();
36625+ goto out;
36626+ }
36627+
36628+ error = copy_user_acl(args);
36629+ free_init_variables();
36630+ if (error) {
36631+ free_variables();
36632+ goto out;
36633+ }
36634+
36635+ if ((error = gr_set_acls(0))) {
36636+ free_variables();
36637+ goto out;
36638+ }
36639+
36640+ pax_open_kernel();
36641+ gr_status |= GR_READY;
36642+ pax_close_kernel();
36643+
36644+ out:
36645+ return error;
36646+}
36647+
36648+/* derived from glibc fnmatch() 0: match, 1: no match*/
36649+
36650+static int
36651+glob_match(const char *p, const char *n)
36652+{
36653+ char c;
36654+
36655+ while ((c = *p++) != '\0') {
36656+ switch (c) {
36657+ case '?':
36658+ if (*n == '\0')
36659+ return 1;
36660+ else if (*n == '/')
36661+ return 1;
36662+ break;
36663+ case '\\':
36664+ if (*n != c)
36665+ return 1;
36666+ break;
36667+ case '*':
36668+ for (c = *p++; c == '?' || c == '*'; c = *p++) {
36669+ if (*n == '/')
36670+ return 1;
36671+ else if (c == '?') {
36672+ if (*n == '\0')
36673+ return 1;
36674+ else
36675+ ++n;
36676+ }
36677+ }
36678+ if (c == '\0') {
36679+ return 0;
36680+ } else {
36681+ const char *endp;
36682+
36683+ if ((endp = strchr(n, '/')) == NULL)
36684+ endp = n + strlen(n);
36685+
36686+ if (c == '[') {
36687+ for (--p; n < endp; ++n)
36688+ if (!glob_match(p, n))
36689+ return 0;
36690+ } else if (c == '/') {
36691+ while (*n != '\0' && *n != '/')
36692+ ++n;
36693+ if (*n == '/' && !glob_match(p, n + 1))
36694+ return 0;
36695+ } else {
36696+ for (--p; n < endp; ++n)
36697+ if (*n == c && !glob_match(p, n))
36698+ return 0;
36699+ }
36700+
36701+ return 1;
36702+ }
36703+ case '[':
36704+ {
36705+ int not;
36706+ char cold;
36707+
36708+ if (*n == '\0' || *n == '/')
36709+ return 1;
36710+
36711+ not = (*p == '!' || *p == '^');
36712+ if (not)
36713+ ++p;
36714+
36715+ c = *p++;
36716+ for (;;) {
36717+ unsigned char fn = (unsigned char)*n;
36718+
36719+ if (c == '\0')
36720+ return 1;
36721+ else {
36722+ if (c == fn)
36723+ goto matched;
36724+ cold = c;
36725+ c = *p++;
36726+
36727+ if (c == '-' && *p != ']') {
36728+ unsigned char cend = *p++;
36729+
36730+ if (cend == '\0')
36731+ return 1;
36732+
36733+ if (cold <= fn && fn <= cend)
36734+ goto matched;
36735+
36736+ c = *p++;
36737+ }
36738+ }
36739+
36740+ if (c == ']')
36741+ break;
36742+ }
36743+ if (!not)
36744+ return 1;
36745+ break;
36746+ matched:
36747+ while (c != ']') {
36748+ if (c == '\0')
36749+ return 1;
36750+
36751+ c = *p++;
36752+ }
36753+ if (not)
36754+ return 1;
36755+ }
36756+ break;
36757+ default:
36758+ if (c != *n)
36759+ return 1;
36760+ }
36761+
36762+ ++n;
36763+ }
36764+
36765+ if (*n == '\0')
36766+ return 0;
36767+
36768+ if (*n == '/')
36769+ return 0;
36770+
36771+ return 1;
36772+}
36773+
36774+static struct acl_object_label *
36775+chk_glob_label(struct acl_object_label *globbed,
36776+ struct dentry *dentry, struct vfsmount *mnt, char **path)
36777+{
36778+ struct acl_object_label *tmp;
36779+
36780+ if (*path == NULL)
36781+ *path = gr_to_filename_nolock(dentry, mnt);
36782+
36783+ tmp = globbed;
36784+
36785+ while (tmp) {
36786+ if (!glob_match(tmp->filename, *path))
36787+ return tmp;
36788+ tmp = tmp->next;
36789+ }
36790+
36791+ return NULL;
36792+}
36793+
36794+static struct acl_object_label *
36795+__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
36796+ const ino_t curr_ino, const dev_t curr_dev,
36797+ const struct acl_subject_label *subj, char **path, const int checkglob)
36798+{
36799+ struct acl_subject_label *tmpsubj;
36800+ struct acl_object_label *retval;
36801+ struct acl_object_label *retval2;
36802+
36803+ tmpsubj = (struct acl_subject_label *) subj;
36804+ read_lock(&gr_inode_lock);
36805+ do {
36806+ retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
36807+ if (retval) {
36808+ if (checkglob && retval->globbed) {
36809+ retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry,
36810+ (struct vfsmount *)orig_mnt, path);
36811+ if (retval2)
36812+ retval = retval2;
36813+ }
36814+ break;
36815+ }
36816+ } while ((tmpsubj = tmpsubj->parent_subject));
36817+ read_unlock(&gr_inode_lock);
36818+
36819+ return retval;
36820+}
36821+
36822+static __inline__ struct acl_object_label *
36823+full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
36824+ struct dentry *curr_dentry,
36825+ const struct acl_subject_label *subj, char **path, const int checkglob)
36826+{
36827+ int newglob = checkglob;
36828+ ino_t inode;
36829+ dev_t device;
36830+
36831+ /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
36832+ as we don't want a / * rule to match instead of the / object
36833+ don't do this for create lookups that call this function though, since they're looking up
36834+ on the parent and thus need globbing checks on all paths
36835+ */
36836+ if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
36837+ newglob = GR_NO_GLOB;
36838+
36839+ spin_lock(&curr_dentry->d_lock);
36840+ inode = curr_dentry->d_inode->i_ino;
36841+ device = __get_dev(curr_dentry);
36842+ spin_unlock(&curr_dentry->d_lock);
36843+
36844+ return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
36845+}
36846+
36847+static struct acl_object_label *
36848+__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
36849+ const struct acl_subject_label *subj, char *path, const int checkglob)
36850+{
36851+ struct dentry *dentry = (struct dentry *) l_dentry;
36852+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
36853+ struct acl_object_label *retval;
36854+ struct dentry *parent;
36855+
36856+ write_seqlock(&rename_lock);
36857+ br_read_lock(vfsmount_lock);
36858+
36859+ if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
36860+#ifdef CONFIG_HUGETLBFS
36861+ mnt == hugetlbfs_vfsmount ||
36862+#endif
36863+ /* ignore Eric Biederman */
36864+ IS_PRIVATE(l_dentry->d_inode))) {
36865+ retval = fakefs_obj;
36866+ goto out;
36867+ }
36868+
36869+ for (;;) {
36870+ if (dentry == real_root.dentry && mnt == real_root.mnt)
36871+ break;
36872+
36873+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
36874+ if (mnt->mnt_parent == mnt)
36875+ break;
36876+
36877+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
36878+ if (retval != NULL)
36879+ goto out;
36880+
36881+ dentry = mnt->mnt_mountpoint;
36882+ mnt = mnt->mnt_parent;
36883+ continue;
36884+ }
36885+
36886+ parent = dentry->d_parent;
36887+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
36888+ if (retval != NULL)
36889+ goto out;
36890+
36891+ dentry = parent;
36892+ }
36893+
36894+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
36895+
36896+ /* real_root is pinned so we don't have to hold a reference */
36897+ if (retval == NULL)
36898+ retval = full_lookup(l_dentry, l_mnt, real_root.dentry, subj, &path, checkglob);
36899+out:
36900+ br_read_unlock(vfsmount_lock);
36901+ write_sequnlock(&rename_lock);
36902+
36903+ BUG_ON(retval == NULL);
36904+
36905+ return retval;
36906+}
36907+
36908+static __inline__ struct acl_object_label *
36909+chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
36910+ const struct acl_subject_label *subj)
36911+{
36912+ char *path = NULL;
36913+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
36914+}
36915+
36916+static __inline__ struct acl_object_label *
36917+chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
36918+ const struct acl_subject_label *subj)
36919+{
36920+ char *path = NULL;
36921+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
36922+}
36923+
36924+static __inline__ struct acl_object_label *
36925+chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
36926+ const struct acl_subject_label *subj, char *path)
36927+{
36928+ return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
36929+}
36930+
36931+static struct acl_subject_label *
36932+chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
36933+ const struct acl_role_label *role)
36934+{
36935+ struct dentry *dentry = (struct dentry *) l_dentry;
36936+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
36937+ struct acl_subject_label *retval;
36938+ struct dentry *parent;
36939+
36940+ write_seqlock(&rename_lock);
36941+ br_read_lock(vfsmount_lock);
36942+
36943+ for (;;) {
36944+ if (dentry == real_root.dentry && mnt == real_root.mnt)
36945+ break;
36946+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
36947+ if (mnt->mnt_parent == mnt)
36948+ break;
36949+
36950+ spin_lock(&dentry->d_lock);
36951+ read_lock(&gr_inode_lock);
36952+ retval =
36953+ lookup_acl_subj_label(dentry->d_inode->i_ino,
36954+ __get_dev(dentry), role);
36955+ read_unlock(&gr_inode_lock);
36956+ spin_unlock(&dentry->d_lock);
36957+ if (retval != NULL)
36958+ goto out;
36959+
36960+ dentry = mnt->mnt_mountpoint;
36961+ mnt = mnt->mnt_parent;
36962+ continue;
36963+ }
36964+
36965+ spin_lock(&dentry->d_lock);
36966+ read_lock(&gr_inode_lock);
36967+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
36968+ __get_dev(dentry), role);
36969+ read_unlock(&gr_inode_lock);
36970+ parent = dentry->d_parent;
36971+ spin_unlock(&dentry->d_lock);
36972+
36973+ if (retval != NULL)
36974+ goto out;
36975+
36976+ dentry = parent;
36977+ }
36978+
36979+ spin_lock(&dentry->d_lock);
36980+ read_lock(&gr_inode_lock);
36981+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
36982+ __get_dev(dentry), role);
36983+ read_unlock(&gr_inode_lock);
36984+ spin_unlock(&dentry->d_lock);
36985+
36986+ if (unlikely(retval == NULL)) {
36987+ /* real_root is pinned, we don't need to hold a reference */
36988+ read_lock(&gr_inode_lock);
36989+ retval = lookup_acl_subj_label(real_root.dentry->d_inode->i_ino,
36990+ __get_dev(real_root.dentry), role);
36991+ read_unlock(&gr_inode_lock);
36992+ }
36993+out:
36994+ br_read_unlock(vfsmount_lock);
36995+ write_sequnlock(&rename_lock);
36996+
36997+ BUG_ON(retval == NULL);
36998+
36999+ return retval;
37000+}
37001+
37002+static void
37003+gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
37004+{
37005+ struct task_struct *task = current;
37006+ const struct cred *cred = current_cred();
37007+
37008+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
37009+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
37010+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
37011+ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
37012+
37013+ return;
37014+}
37015+
37016+static void
37017+gr_log_learn_sysctl(const char *path, const __u32 mode)
37018+{
37019+ struct task_struct *task = current;
37020+ const struct cred *cred = current_cred();
37021+
37022+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
37023+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
37024+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
37025+ 1UL, 1UL, path, (unsigned long) mode, &task->signal->saved_ip);
37026+
37027+ return;
37028+}
37029+
37030+static void
37031+gr_log_learn_id_change(const char type, const unsigned int real,
37032+ const unsigned int effective, const unsigned int fs)
37033+{
37034+ struct task_struct *task = current;
37035+ const struct cred *cred = current_cred();
37036+
37037+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
37038+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
37039+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
37040+ type, real, effective, fs, &task->signal->saved_ip);
37041+
37042+ return;
37043+}
37044+
37045+__u32
37046+gr_check_link(const struct dentry * new_dentry,
37047+ const struct dentry * parent_dentry,
37048+ const struct vfsmount * parent_mnt,
37049+ const struct dentry * old_dentry, const struct vfsmount * old_mnt)
37050+{
37051+ struct acl_object_label *obj;
37052+ __u32 oldmode, newmode;
37053+ __u32 needmode;
37054+
37055+ if (unlikely(!(gr_status & GR_READY)))
37056+ return (GR_CREATE | GR_LINK);
37057+
37058+ obj = chk_obj_label(old_dentry, old_mnt, current->acl);
37059+ oldmode = obj->mode;
37060+
37061+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
37062+ oldmode |= (GR_CREATE | GR_LINK);
37063+
37064+ needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS;
37065+ if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
37066+ needmode |= GR_SETID | GR_AUDIT_SETID;
37067+
37068+ newmode =
37069+ gr_check_create(new_dentry, parent_dentry, parent_mnt,
37070+ oldmode | needmode);
37071+
37072+ needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC |
37073+ GR_SETID | GR_READ | GR_FIND | GR_DELETE |
37074+ GR_INHERIT | GR_AUDIT_INHERIT);
37075+
37076+ if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID))
37077+ goto bad;
37078+
37079+ if ((oldmode & needmode) != needmode)
37080+ goto bad;
37081+
37082+ needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
37083+ if ((newmode & needmode) != needmode)
37084+ goto bad;
37085+
37086+ if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
37087+ return newmode;
37088+bad:
37089+ needmode = oldmode;
37090+ if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
37091+ needmode |= GR_SETID;
37092+
37093+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
37094+ gr_log_learn(old_dentry, old_mnt, needmode);
37095+ return (GR_CREATE | GR_LINK);
37096+ } else if (newmode & GR_SUPPRESS)
37097+ return GR_SUPPRESS;
37098+ else
37099+ return 0;
37100+}
37101+
37102+__u32
37103+gr_search_file(const struct dentry * dentry, const __u32 mode,
37104+ const struct vfsmount * mnt)
37105+{
37106+ __u32 retval = mode;
37107+ struct acl_subject_label *curracl;
37108+ struct acl_object_label *currobj;
37109+
37110+ if (unlikely(!(gr_status & GR_READY)))
37111+ return (mode & ~GR_AUDITS);
37112+
37113+ curracl = current->acl;
37114+
37115+ currobj = chk_obj_label(dentry, mnt, curracl);
37116+ retval = currobj->mode & mode;
37117+
37118+ /* if we're opening a specified transfer file for writing
37119+ (e.g. /dev/initctl), then transfer our role to init
37120+ */
37121+ if (unlikely(currobj->mode & GR_INIT_TRANSFER && retval & GR_WRITE &&
37122+ current->role->roletype & GR_ROLE_PERSIST)) {
37123+ struct task_struct *task = init_pid_ns.child_reaper;
37124+
37125+ if (task->role != current->role) {
37126+ task->acl_sp_role = 0;
37127+ task->acl_role_id = current->acl_role_id;
37128+ task->role = current->role;
37129+ rcu_read_lock();
37130+ read_lock(&grsec_exec_file_lock);
37131+ gr_apply_subject_to_task(task);
37132+ read_unlock(&grsec_exec_file_lock);
37133+ rcu_read_unlock();
37134+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_INIT_TRANSFER_MSG);
37135+ }
37136+ }
37137+
37138+ if (unlikely
37139+ ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
37140+ && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
37141+ __u32 new_mode = mode;
37142+
37143+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
37144+
37145+ retval = new_mode;
37146+
37147+ if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
37148+ new_mode |= GR_INHERIT;
37149+
37150+ if (!(mode & GR_NOLEARN))
37151+ gr_log_learn(dentry, mnt, new_mode);
37152+ }
37153+
37154+ return retval;
37155+}
37156+
37157+__u32
37158+gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
37159+ const struct vfsmount * mnt, const __u32 mode)
37160+{
37161+ struct name_entry *match;
37162+ struct acl_object_label *matchpo;
37163+ struct acl_subject_label *curracl;
37164+ char *path;
37165+ __u32 retval;
37166+
37167+ if (unlikely(!(gr_status & GR_READY)))
37168+ return (mode & ~GR_AUDITS);
37169+
37170+ preempt_disable();
37171+ path = gr_to_filename_rbac(new_dentry, mnt);
37172+ match = lookup_name_entry_create(path);
37173+
37174+ if (!match)
37175+ goto check_parent;
37176+
37177+ curracl = current->acl;
37178+
37179+ read_lock(&gr_inode_lock);
37180+ matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
37181+ read_unlock(&gr_inode_lock);
37182+
37183+ if (matchpo) {
37184+ if ((matchpo->mode & mode) !=
37185+ (mode & ~(GR_AUDITS | GR_SUPPRESS))
37186+ && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
37187+ __u32 new_mode = mode;
37188+
37189+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
37190+
37191+ gr_log_learn(new_dentry, mnt, new_mode);
37192+
37193+ preempt_enable();
37194+ return new_mode;
37195+ }
37196+ preempt_enable();
37197+ return (matchpo->mode & mode);
37198+ }
37199+
37200+ check_parent:
37201+ curracl = current->acl;
37202+
37203+ matchpo = chk_obj_create_label(parent, mnt, curracl, path);
37204+ retval = matchpo->mode & mode;
37205+
37206+ if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
37207+ && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) {
37208+ __u32 new_mode = mode;
37209+
37210+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
37211+
37212+ gr_log_learn(new_dentry, mnt, new_mode);
37213+ preempt_enable();
37214+ return new_mode;
37215+ }
37216+
37217+ preempt_enable();
37218+ return retval;
37219+}
37220+
37221+int
37222+gr_check_hidden_task(const struct task_struct *task)
37223+{
37224+ if (unlikely(!(gr_status & GR_READY)))
37225+ return 0;
37226+
37227+ if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
37228+ return 1;
37229+
37230+ return 0;
37231+}
37232+
37233+int
37234+gr_check_protected_task(const struct task_struct *task)
37235+{
37236+ if (unlikely(!(gr_status & GR_READY) || !task))
37237+ return 0;
37238+
37239+ if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
37240+ task->acl != current->acl)
37241+ return 1;
37242+
37243+ return 0;
37244+}
37245+
37246+int
37247+gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
37248+{
37249+ struct task_struct *p;
37250+ int ret = 0;
37251+
37252+ if (unlikely(!(gr_status & GR_READY) || !pid))
37253+ return ret;
37254+
37255+ read_lock(&tasklist_lock);
37256+ do_each_pid_task(pid, type, p) {
37257+ if ((p->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
37258+ p->acl != current->acl) {
37259+ ret = 1;
37260+ goto out;
37261+ }
37262+ } while_each_pid_task(pid, type, p);
37263+out:
37264+ read_unlock(&tasklist_lock);
37265+
37266+ return ret;
37267+}
37268+
37269+void
37270+gr_copy_label(struct task_struct *tsk)
37271+{
37272+ tsk->signal->used_accept = 0;
37273+ tsk->acl_sp_role = 0;
37274+ tsk->acl_role_id = current->acl_role_id;
37275+ tsk->acl = current->acl;
37276+ tsk->role = current->role;
37277+ tsk->signal->curr_ip = current->signal->curr_ip;
37278+ tsk->signal->saved_ip = current->signal->saved_ip;
37279+ if (current->exec_file)
37280+ get_file(current->exec_file);
37281+ tsk->exec_file = current->exec_file;
37282+ tsk->is_writable = current->is_writable;
37283+ if (unlikely(current->signal->used_accept)) {
37284+ current->signal->curr_ip = 0;
37285+ current->signal->saved_ip = 0;
37286+ }
37287+
37288+ return;
37289+}
37290+
37291+static void
37292+gr_set_proc_res(struct task_struct *task)
37293+{
37294+ struct acl_subject_label *proc;
37295+ unsigned short i;
37296+
37297+ proc = task->acl;
37298+
37299+ if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
37300+ return;
37301+
37302+ for (i = 0; i < RLIM_NLIMITS; i++) {
37303+ if (!(proc->resmask & (1 << i)))
37304+ continue;
37305+
37306+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
37307+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
37308+ }
37309+
37310+ return;
37311+}
37312+
37313+int
37314+gr_check_user_change(int real, int effective, int fs)
37315+{
37316+ unsigned int i;
37317+ __u16 num;
37318+ uid_t *uidlist;
37319+ int curuid;
37320+ int realok = 0;
37321+ int effectiveok = 0;
37322+ int fsok = 0;
37323+
37324+ if (unlikely(!(gr_status & GR_READY)))
37325+ return 0;
37326+
37327+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
37328+ gr_log_learn_id_change('u', real, effective, fs);
37329+
37330+ num = current->acl->user_trans_num;
37331+ uidlist = current->acl->user_transitions;
37332+
37333+ if (uidlist == NULL)
37334+ return 0;
37335+
37336+ if (real == -1)
37337+ realok = 1;
37338+ if (effective == -1)
37339+ effectiveok = 1;
37340+ if (fs == -1)
37341+ fsok = 1;
37342+
37343+ if (current->acl->user_trans_type & GR_ID_ALLOW) {
37344+ for (i = 0; i < num; i++) {
37345+ curuid = (int)uidlist[i];
37346+ if (real == curuid)
37347+ realok = 1;
37348+ if (effective == curuid)
37349+ effectiveok = 1;
37350+ if (fs == curuid)
37351+ fsok = 1;
37352+ }
37353+ } else if (current->acl->user_trans_type & GR_ID_DENY) {
37354+ for (i = 0; i < num; i++) {
37355+ curuid = (int)uidlist[i];
37356+ if (real == curuid)
37357+ break;
37358+ if (effective == curuid)
37359+ break;
37360+ if (fs == curuid)
37361+ break;
37362+ }
37363+ /* not in deny list */
37364+ if (i == num) {
37365+ realok = 1;
37366+ effectiveok = 1;
37367+ fsok = 1;
37368+ }
37369+ }
37370+
37371+ if (realok && effectiveok && fsok)
37372+ return 0;
37373+ else {
37374+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
37375+ return 1;
37376+ }
37377+}
37378+
37379+int
37380+gr_check_group_change(int real, int effective, int fs)
37381+{
37382+ unsigned int i;
37383+ __u16 num;
37384+ gid_t *gidlist;
37385+ int curgid;
37386+ int realok = 0;
37387+ int effectiveok = 0;
37388+ int fsok = 0;
37389+
37390+ if (unlikely(!(gr_status & GR_READY)))
37391+ return 0;
37392+
37393+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
37394+ gr_log_learn_id_change('g', real, effective, fs);
37395+
37396+ num = current->acl->group_trans_num;
37397+ gidlist = current->acl->group_transitions;
37398+
37399+ if (gidlist == NULL)
37400+ return 0;
37401+
37402+ if (real == -1)
37403+ realok = 1;
37404+ if (effective == -1)
37405+ effectiveok = 1;
37406+ if (fs == -1)
37407+ fsok = 1;
37408+
37409+ if (current->acl->group_trans_type & GR_ID_ALLOW) {
37410+ for (i = 0; i < num; i++) {
37411+ curgid = (int)gidlist[i];
37412+ if (real == curgid)
37413+ realok = 1;
37414+ if (effective == curgid)
37415+ effectiveok = 1;
37416+ if (fs == curgid)
37417+ fsok = 1;
37418+ }
37419+ } else if (current->acl->group_trans_type & GR_ID_DENY) {
37420+ for (i = 0; i < num; i++) {
37421+ curgid = (int)gidlist[i];
37422+ if (real == curgid)
37423+ break;
37424+ if (effective == curgid)
37425+ break;
37426+ if (fs == curgid)
37427+ break;
37428+ }
37429+ /* not in deny list */
37430+ if (i == num) {
37431+ realok = 1;
37432+ effectiveok = 1;
37433+ fsok = 1;
37434+ }
37435+ }
37436+
37437+ if (realok && effectiveok && fsok)
37438+ return 0;
37439+ else {
37440+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
37441+ return 1;
37442+ }
37443+}
37444+
37445+void
37446+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
37447+{
37448+ struct acl_role_label *role = task->role;
37449+ struct acl_subject_label *subj = NULL;
37450+ struct acl_object_label *obj;
37451+ struct file *filp;
37452+
37453+ if (unlikely(!(gr_status & GR_READY)))
37454+ return;
37455+
37456+ filp = task->exec_file;
37457+
37458+ /* kernel process, we'll give them the kernel role */
37459+ if (unlikely(!filp)) {
37460+ task->role = kernel_role;
37461+ task->acl = kernel_role->root_label;
37462+ return;
37463+ } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
37464+ role = lookup_acl_role_label(task, uid, gid);
37465+
37466+ /* perform subject lookup in possibly new role
37467+ we can use this result below in the case where role == task->role
37468+ */
37469+ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
37470+
37471+ /* if we changed uid/gid, but result in the same role
37472+ and are using inheritance, don't lose the inherited subject
37473+ if current subject is other than what normal lookup
37474+ would result in, we arrived via inheritance, don't
37475+ lose subject
37476+ */
37477+ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
37478+ (subj == task->acl)))
37479+ task->acl = subj;
37480+
37481+ task->role = role;
37482+
37483+ task->is_writable = 0;
37484+
37485+ /* ignore additional mmap checks for processes that are writable
37486+ by the default ACL */
37487+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
37488+ if (unlikely(obj->mode & GR_WRITE))
37489+ task->is_writable = 1;
37490+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
37491+ if (unlikely(obj->mode & GR_WRITE))
37492+ task->is_writable = 1;
37493+
37494+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
37495+ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
37496+#endif
37497+
37498+ gr_set_proc_res(task);
37499+
37500+ return;
37501+}
37502+
37503+int
37504+gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
37505+ const int unsafe_share)
37506+{
37507+ struct task_struct *task = current;
37508+ struct acl_subject_label *newacl;
37509+ struct acl_object_label *obj;
37510+ __u32 retmode;
37511+
37512+ if (unlikely(!(gr_status & GR_READY)))
37513+ return 0;
37514+
37515+ newacl = chk_subj_label(dentry, mnt, task->role);
37516+
37517+ task_lock(task);
37518+ if ((((task->ptrace & PT_PTRACED) || unsafe_share) &&
37519+ !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
37520+ !(task->role->roletype & GR_ROLE_GOD) &&
37521+ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
37522+ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) {
37523+ task_unlock(task);
37524+ if (unsafe_share)
37525+ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
37526+ else
37527+ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
37528+ return -EACCES;
37529+ }
37530+ task_unlock(task);
37531+
37532+ obj = chk_obj_label(dentry, mnt, task->acl);
37533+ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
37534+
37535+ if (!(task->acl->mode & GR_INHERITLEARN) &&
37536+ ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
37537+ if (obj->nested)
37538+ task->acl = obj->nested;
37539+ else
37540+ task->acl = newacl;
37541+ } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
37542+ gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
37543+
37544+ task->is_writable = 0;
37545+
37546+ /* ignore additional mmap checks for processes that are writable
37547+ by the default ACL */
37548+ obj = chk_obj_label(dentry, mnt, default_role->root_label);
37549+ if (unlikely(obj->mode & GR_WRITE))
37550+ task->is_writable = 1;
37551+ obj = chk_obj_label(dentry, mnt, task->role->root_label);
37552+ if (unlikely(obj->mode & GR_WRITE))
37553+ task->is_writable = 1;
37554+
37555+ gr_set_proc_res(task);
37556+
37557+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
37558+ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
37559+#endif
37560+ return 0;
37561+}
37562+
37563+/* always called with valid inodev ptr */
37564+static void
37565+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
37566+{
37567+ struct acl_object_label *matchpo;
37568+ struct acl_subject_label *matchps;
37569+ struct acl_subject_label *subj;
37570+ struct acl_role_label *role;
37571+ unsigned int x;
37572+
37573+ FOR_EACH_ROLE_START(role)
37574+ FOR_EACH_SUBJECT_START(role, subj, x)
37575+ if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
37576+ matchpo->mode |= GR_DELETED;
37577+ FOR_EACH_SUBJECT_END(subj,x)
37578+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
37579+ if (subj->inode == ino && subj->device == dev)
37580+ subj->mode |= GR_DELETED;
37581+ FOR_EACH_NESTED_SUBJECT_END(subj)
37582+ if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
37583+ matchps->mode |= GR_DELETED;
37584+ FOR_EACH_ROLE_END(role)
37585+
37586+ inodev->nentry->deleted = 1;
37587+
37588+ return;
37589+}
37590+
37591+void
37592+gr_handle_delete(const ino_t ino, const dev_t dev)
37593+{
37594+ struct inodev_entry *inodev;
37595+
37596+ if (unlikely(!(gr_status & GR_READY)))
37597+ return;
37598+
37599+ write_lock(&gr_inode_lock);
37600+ inodev = lookup_inodev_entry(ino, dev);
37601+ if (inodev != NULL)
37602+ do_handle_delete(inodev, ino, dev);
37603+ write_unlock(&gr_inode_lock);
37604+
37605+ return;
37606+}
37607+
37608+static void
37609+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
37610+ const ino_t newinode, const dev_t newdevice,
37611+ struct acl_subject_label *subj)
37612+{
37613+ unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
37614+ struct acl_object_label *match;
37615+
37616+ match = subj->obj_hash[index];
37617+
37618+ while (match && (match->inode != oldinode ||
37619+ match->device != olddevice ||
37620+ !(match->mode & GR_DELETED)))
37621+ match = match->next;
37622+
37623+ if (match && (match->inode == oldinode)
37624+ && (match->device == olddevice)
37625+ && (match->mode & GR_DELETED)) {
37626+ if (match->prev == NULL) {
37627+ subj->obj_hash[index] = match->next;
37628+ if (match->next != NULL)
37629+ match->next->prev = NULL;
37630+ } else {
37631+ match->prev->next = match->next;
37632+ if (match->next != NULL)
37633+ match->next->prev = match->prev;
37634+ }
37635+ match->prev = NULL;
37636+ match->next = NULL;
37637+ match->inode = newinode;
37638+ match->device = newdevice;
37639+ match->mode &= ~GR_DELETED;
37640+
37641+ insert_acl_obj_label(match, subj);
37642+ }
37643+
37644+ return;
37645+}
37646+
37647+static void
37648+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
37649+ const ino_t newinode, const dev_t newdevice,
37650+ struct acl_role_label *role)
37651+{
37652+ unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
37653+ struct acl_subject_label *match;
37654+
37655+ match = role->subj_hash[index];
37656+
37657+ while (match && (match->inode != oldinode ||
37658+ match->device != olddevice ||
37659+ !(match->mode & GR_DELETED)))
37660+ match = match->next;
37661+
37662+ if (match && (match->inode == oldinode)
37663+ && (match->device == olddevice)
37664+ && (match->mode & GR_DELETED)) {
37665+ if (match->prev == NULL) {
37666+ role->subj_hash[index] = match->next;
37667+ if (match->next != NULL)
37668+ match->next->prev = NULL;
37669+ } else {
37670+ match->prev->next = match->next;
37671+ if (match->next != NULL)
37672+ match->next->prev = match->prev;
37673+ }
37674+ match->prev = NULL;
37675+ match->next = NULL;
37676+ match->inode = newinode;
37677+ match->device = newdevice;
37678+ match->mode &= ~GR_DELETED;
37679+
37680+ insert_acl_subj_label(match, role);
37681+ }
37682+
37683+ return;
37684+}
37685+
37686+static void
37687+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
37688+ const ino_t newinode, const dev_t newdevice)
37689+{
37690+ unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
37691+ struct inodev_entry *match;
37692+
37693+ match = inodev_set.i_hash[index];
37694+
37695+ while (match && (match->nentry->inode != oldinode ||
37696+ match->nentry->device != olddevice || !match->nentry->deleted))
37697+ match = match->next;
37698+
37699+ if (match && (match->nentry->inode == oldinode)
37700+ && (match->nentry->device == olddevice) &&
37701+ match->nentry->deleted) {
37702+ if (match->prev == NULL) {
37703+ inodev_set.i_hash[index] = match->next;
37704+ if (match->next != NULL)
37705+ match->next->prev = NULL;
37706+ } else {
37707+ match->prev->next = match->next;
37708+ if (match->next != NULL)
37709+ match->next->prev = match->prev;
37710+ }
37711+ match->prev = NULL;
37712+ match->next = NULL;
37713+ match->nentry->inode = newinode;
37714+ match->nentry->device = newdevice;
37715+ match->nentry->deleted = 0;
37716+
37717+ insert_inodev_entry(match);
37718+ }
37719+
37720+ return;
37721+}
37722+
37723+static void
37724+do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
37725+ const struct vfsmount *mnt)
37726+{
37727+ struct acl_subject_label *subj;
37728+ struct acl_role_label *role;
37729+ unsigned int x;
37730+ ino_t ino = dentry->d_inode->i_ino;
37731+ dev_t dev = __get_dev(dentry);
37732+
37733+ FOR_EACH_ROLE_START(role)
37734+ update_acl_subj_label(matchn->inode, matchn->device, ino, dev, role);
37735+
37736+ FOR_EACH_NESTED_SUBJECT_START(role, subj)
37737+ if ((subj->inode == ino) && (subj->device == dev)) {
37738+ subj->inode = ino;
37739+ subj->device = dev;
37740+ }
37741+ FOR_EACH_NESTED_SUBJECT_END(subj)
37742+ FOR_EACH_SUBJECT_START(role, subj, x)
37743+ update_acl_obj_label(matchn->inode, matchn->device,
37744+ ino, dev, subj);
37745+ FOR_EACH_SUBJECT_END(subj,x)
37746+ FOR_EACH_ROLE_END(role)
37747+
37748+ update_inodev_entry(matchn->inode, matchn->device, ino, dev);
37749+
37750+ return;
37751+}
37752+
37753+void
37754+gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
37755+{
37756+ struct name_entry *matchn;
37757+
37758+ if (unlikely(!(gr_status & GR_READY)))
37759+ return;
37760+
37761+ preempt_disable();
37762+ matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
37763+
37764+ if (unlikely((unsigned long)matchn)) {
37765+ write_lock(&gr_inode_lock);
37766+ do_handle_create(matchn, dentry, mnt);
37767+ write_unlock(&gr_inode_lock);
37768+ }
37769+ preempt_enable();
37770+
37771+ return;
37772+}
37773+
37774+void
37775+gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
37776+ struct dentry *old_dentry,
37777+ struct dentry *new_dentry,
37778+ struct vfsmount *mnt, const __u8 replace)
37779+{
37780+ struct name_entry *matchn;
37781+ struct inodev_entry *inodev;
37782+ ino_t old_ino = old_dentry->d_inode->i_ino;
37783+ dev_t old_dev = __get_dev(old_dentry);
37784+
37785+ /* vfs_rename swaps the name and parent link for old_dentry and
37786+ new_dentry
37787+ at this point, old_dentry has the new name, parent link, and inode
37788+ for the renamed file
37789+ if a file is being replaced by a rename, new_dentry has the inode
37790+ and name for the replaced file
37791+ */
37792+
37793+ if (unlikely(!(gr_status & GR_READY)))
37794+ return;
37795+
37796+ preempt_disable();
37797+ matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
37798+
37799+ /* we wouldn't have to check d_inode if it weren't for
37800+ NFS silly-renaming
37801+ */
37802+
37803+ write_lock(&gr_inode_lock);
37804+ if (unlikely(replace && new_dentry->d_inode)) {
37805+ ino_t new_ino = new_dentry->d_inode->i_ino;
37806+ dev_t new_dev = __get_dev(new_dentry);
37807+
37808+ inodev = lookup_inodev_entry(new_ino, new_dev);
37809+ if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1))
37810+ do_handle_delete(inodev, new_ino, new_dev);
37811+ }
37812+
37813+ inodev = lookup_inodev_entry(old_ino, old_dev);
37814+ if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
37815+ do_handle_delete(inodev, old_ino, old_dev);
37816+
37817+ if (unlikely((unsigned long)matchn))
37818+ do_handle_create(matchn, old_dentry, mnt);
37819+
37820+ write_unlock(&gr_inode_lock);
37821+ preempt_enable();
37822+
37823+ return;
37824+}
37825+
37826+static int
37827+lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
37828+ unsigned char **sum)
37829+{
37830+ struct acl_role_label *r;
37831+ struct role_allowed_ip *ipp;
37832+ struct role_transition *trans;
37833+ unsigned int i;
37834+ int found = 0;
37835+ u32 curr_ip = current->signal->curr_ip;
37836+
37837+ current->signal->saved_ip = curr_ip;
37838+
37839+ /* check transition table */
37840+
37841+ for (trans = current->role->transitions; trans; trans = trans->next) {
37842+ if (!strcmp(rolename, trans->rolename)) {
37843+ found = 1;
37844+ break;
37845+ }
37846+ }
37847+
37848+ if (!found)
37849+ return 0;
37850+
37851+ /* handle special roles that do not require authentication
37852+ and check ip */
37853+
37854+ FOR_EACH_ROLE_START(r)
37855+ if (!strcmp(rolename, r->rolename) &&
37856+ (r->roletype & GR_ROLE_SPECIAL)) {
37857+ found = 0;
37858+ if (r->allowed_ips != NULL) {
37859+ for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
37860+ if ((ntohl(curr_ip) & ipp->netmask) ==
37861+ (ntohl(ipp->addr) & ipp->netmask))
37862+ found = 1;
37863+ }
37864+ } else
37865+ found = 2;
37866+ if (!found)
37867+ return 0;
37868+
37869+ if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
37870+ ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
37871+ *salt = NULL;
37872+ *sum = NULL;
37873+ return 1;
37874+ }
37875+ }
37876+ FOR_EACH_ROLE_END(r)
37877+
37878+ for (i = 0; i < num_sprole_pws; i++) {
37879+ if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
37880+ *salt = acl_special_roles[i]->salt;
37881+ *sum = acl_special_roles[i]->sum;
37882+ return 1;
37883+ }
37884+ }
37885+
37886+ return 0;
37887+}
37888+
37889+static void
37890+assign_special_role(char *rolename)
37891+{
37892+ struct acl_object_label *obj;
37893+ struct acl_role_label *r;
37894+ struct acl_role_label *assigned = NULL;
37895+ struct task_struct *tsk;
37896+ struct file *filp;
37897+
37898+ FOR_EACH_ROLE_START(r)
37899+ if (!strcmp(rolename, r->rolename) &&
37900+ (r->roletype & GR_ROLE_SPECIAL)) {
37901+ assigned = r;
37902+ break;
37903+ }
37904+ FOR_EACH_ROLE_END(r)
37905+
37906+ if (!assigned)
37907+ return;
37908+
37909+ read_lock(&tasklist_lock);
37910+ read_lock(&grsec_exec_file_lock);
37911+
37912+ tsk = current->real_parent;
37913+ if (tsk == NULL)
37914+ goto out_unlock;
37915+
37916+ filp = tsk->exec_file;
37917+ if (filp == NULL)
37918+ goto out_unlock;
37919+
37920+ tsk->is_writable = 0;
37921+
37922+ tsk->acl_sp_role = 1;
37923+ tsk->acl_role_id = ++acl_sp_role_value;
37924+ tsk->role = assigned;
37925+ tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
37926+
37927+ /* ignore additional mmap checks for processes that are writable
37928+ by the default ACL */
37929+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
37930+ if (unlikely(obj->mode & GR_WRITE))
37931+ tsk->is_writable = 1;
37932+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
37933+ if (unlikely(obj->mode & GR_WRITE))
37934+ tsk->is_writable = 1;
37935+
37936+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
37937+ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
37938+#endif
37939+
37940+out_unlock:
37941+ read_unlock(&grsec_exec_file_lock);
37942+ read_unlock(&tasklist_lock);
37943+ return;
37944+}
37945+
37946+int gr_check_secure_terminal(struct task_struct *task)
37947+{
37948+ struct task_struct *p, *p2, *p3;
37949+ struct files_struct *files;
37950+ struct fdtable *fdt;
37951+ struct file *our_file = NULL, *file;
37952+ int i;
37953+
37954+ if (task->signal->tty == NULL)
37955+ return 1;
37956+
37957+ files = get_files_struct(task);
37958+ if (files != NULL) {
37959+ rcu_read_lock();
37960+ fdt = files_fdtable(files);
37961+ for (i=0; i < fdt->max_fds; i++) {
37962+ file = fcheck_files(files, i);
37963+ if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
37964+ get_file(file);
37965+ our_file = file;
37966+ }
37967+ }
37968+ rcu_read_unlock();
37969+ put_files_struct(files);
37970+ }
37971+
37972+ if (our_file == NULL)
37973+ return 1;
37974+
37975+ read_lock(&tasklist_lock);
37976+ do_each_thread(p2, p) {
37977+ files = get_files_struct(p);
37978+ if (files == NULL ||
37979+ (p->signal && p->signal->tty == task->signal->tty)) {
37980+ if (files != NULL)
37981+ put_files_struct(files);
37982+ continue;
37983+ }
37984+ rcu_read_lock();
37985+ fdt = files_fdtable(files);
37986+ for (i=0; i < fdt->max_fds; i++) {
37987+ file = fcheck_files(files, i);
37988+ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
37989+ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
37990+ p3 = task;
37991+ while (p3->pid > 0) {
37992+ if (p3 == p)
37993+ break;
37994+ p3 = p3->real_parent;
37995+ }
37996+ if (p3 == p)
37997+ break;
37998+ gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
37999+ gr_handle_alertkill(p);
38000+ rcu_read_unlock();
38001+ put_files_struct(files);
38002+ read_unlock(&tasklist_lock);
38003+ fput(our_file);
38004+ return 0;
38005+ }
38006+ }
38007+ rcu_read_unlock();
38008+ put_files_struct(files);
38009+ } while_each_thread(p2, p);
38010+ read_unlock(&tasklist_lock);
38011+
38012+ fput(our_file);
38013+ return 1;
38014+}
38015+
38016+ssize_t
38017+write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
38018+{
38019+ struct gr_arg_wrapper uwrap;
38020+ unsigned char *sprole_salt = NULL;
38021+ unsigned char *sprole_sum = NULL;
38022+ int error = sizeof (struct gr_arg_wrapper);
38023+ int error2 = 0;
38024+
38025+ mutex_lock(&gr_dev_mutex);
38026+
38027+ if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
38028+ error = -EPERM;
38029+ goto out;
38030+ }
38031+
38032+ if (count != sizeof (struct gr_arg_wrapper)) {
38033+ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
38034+ error = -EINVAL;
38035+ goto out;
38036+ }
38037+
38038+
38039+ if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
38040+ gr_auth_expires = 0;
38041+ gr_auth_attempts = 0;
38042+ }
38043+
38044+ if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
38045+ error = -EFAULT;
38046+ goto out;
38047+ }
38048+
38049+ if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
38050+ error = -EINVAL;
38051+ goto out;
38052+ }
38053+
38054+ if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
38055+ error = -EFAULT;
38056+ goto out;
38057+ }
38058+
38059+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
38060+ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
38061+ time_after(gr_auth_expires, get_seconds())) {
38062+ error = -EBUSY;
38063+ goto out;
38064+ }
38065+
38066+ /* if non-root trying to do anything other than use a special role,
38067+ do not attempt authentication, do not count towards authentication
38068+ locking
38069+ */
38070+
38071+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
38072+ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
38073+ current_uid()) {
38074+ error = -EPERM;
38075+ goto out;
38076+ }
38077+
38078+ /* ensure pw and special role name are null terminated */
38079+
38080+ gr_usermode->pw[GR_PW_LEN - 1] = '\0';
38081+ gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
38082+
38083+ /* Okay.
38084+ * We have our enough of the argument structure..(we have yet
38085+ * to copy_from_user the tables themselves) . Copy the tables
38086+ * only if we need them, i.e. for loading operations. */
38087+
38088+ switch (gr_usermode->mode) {
38089+ case GR_STATUS:
38090+ if (gr_status & GR_READY) {
38091+ error = 1;
38092+ if (!gr_check_secure_terminal(current))
38093+ error = 3;
38094+ } else
38095+ error = 2;
38096+ goto out;
38097+ case GR_SHUTDOWN:
38098+ if ((gr_status & GR_READY)
38099+ && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
38100+ pax_open_kernel();
38101+ gr_status &= ~GR_READY;
38102+ pax_close_kernel();
38103+
38104+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
38105+ free_variables();
38106+ memset(gr_usermode, 0, sizeof (struct gr_arg));
38107+ memset(gr_system_salt, 0, GR_SALT_LEN);
38108+ memset(gr_system_sum, 0, GR_SHA_LEN);
38109+ } else if (gr_status & GR_READY) {
38110+ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
38111+ error = -EPERM;
38112+ } else {
38113+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
38114+ error = -EAGAIN;
38115+ }
38116+ break;
38117+ case GR_ENABLE:
38118+ if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
38119+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
38120+ else {
38121+ if (gr_status & GR_READY)
38122+ error = -EAGAIN;
38123+ else
38124+ error = error2;
38125+ gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
38126+ }
38127+ break;
38128+ case GR_RELOAD:
38129+ if (!(gr_status & GR_READY)) {
38130+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
38131+ error = -EAGAIN;
38132+ } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
38133+ preempt_disable();
38134+
38135+ pax_open_kernel();
38136+ gr_status &= ~GR_READY;
38137+ pax_close_kernel();
38138+
38139+ free_variables();
38140+ if (!(error2 = gracl_init(gr_usermode))) {
38141+ preempt_enable();
38142+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
38143+ } else {
38144+ preempt_enable();
38145+ error = error2;
38146+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
38147+ }
38148+ } else {
38149+ gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
38150+ error = -EPERM;
38151+ }
38152+ break;
38153+ case GR_SEGVMOD:
38154+ if (unlikely(!(gr_status & GR_READY))) {
38155+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
38156+ error = -EAGAIN;
38157+ break;
38158+ }
38159+
38160+ if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
38161+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
38162+ if (gr_usermode->segv_device && gr_usermode->segv_inode) {
38163+ struct acl_subject_label *segvacl;
38164+ segvacl =
38165+ lookup_acl_subj_label(gr_usermode->segv_inode,
38166+ gr_usermode->segv_device,
38167+ current->role);
38168+ if (segvacl) {
38169+ segvacl->crashes = 0;
38170+ segvacl->expires = 0;
38171+ }
38172+ } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
38173+ gr_remove_uid(gr_usermode->segv_uid);
38174+ }
38175+ } else {
38176+ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
38177+ error = -EPERM;
38178+ }
38179+ break;
38180+ case GR_SPROLE:
38181+ case GR_SPROLEPAM:
38182+ if (unlikely(!(gr_status & GR_READY))) {
38183+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
38184+ error = -EAGAIN;
38185+ break;
38186+ }
38187+
38188+ if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
38189+ current->role->expires = 0;
38190+ current->role->auth_attempts = 0;
38191+ }
38192+
38193+ if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
38194+ time_after(current->role->expires, get_seconds())) {
38195+ error = -EBUSY;
38196+ goto out;
38197+ }
38198+
38199+ if (lookup_special_role_auth
38200+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
38201+ && ((!sprole_salt && !sprole_sum)
38202+ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
38203+ char *p = "";
38204+ assign_special_role(gr_usermode->sp_role);
38205+ read_lock(&tasklist_lock);
38206+ if (current->real_parent)
38207+ p = current->real_parent->role->rolename;
38208+ read_unlock(&tasklist_lock);
38209+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
38210+ p, acl_sp_role_value);
38211+ } else {
38212+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
38213+ error = -EPERM;
38214+ if(!(current->role->auth_attempts++))
38215+ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
38216+
38217+ goto out;
38218+ }
38219+ break;
38220+ case GR_UNSPROLE:
38221+ if (unlikely(!(gr_status & GR_READY))) {
38222+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
38223+ error = -EAGAIN;
38224+ break;
38225+ }
38226+
38227+ if (current->role->roletype & GR_ROLE_SPECIAL) {
38228+ char *p = "";
38229+ int i = 0;
38230+
38231+ read_lock(&tasklist_lock);
38232+ if (current->real_parent) {
38233+ p = current->real_parent->role->rolename;
38234+ i = current->real_parent->acl_role_id;
38235+ }
38236+ read_unlock(&tasklist_lock);
38237+
38238+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
38239+ gr_set_acls(1);
38240+ } else {
38241+ error = -EPERM;
38242+ goto out;
38243+ }
38244+ break;
38245+ default:
38246+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
38247+ error = -EINVAL;
38248+ break;
38249+ }
38250+
38251+ if (error != -EPERM)
38252+ goto out;
38253+
38254+ if(!(gr_auth_attempts++))
38255+ gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
38256+
38257+ out:
38258+ mutex_unlock(&gr_dev_mutex);
38259+ return error;
38260+}
38261+
38262+/* must be called with
38263+ rcu_read_lock();
38264+ read_lock(&tasklist_lock);
38265+ read_lock(&grsec_exec_file_lock);
38266+*/
38267+int gr_apply_subject_to_task(struct task_struct *task)
38268+{
38269+ struct acl_object_label *obj;
38270+ char *tmpname;
38271+ struct acl_subject_label *tmpsubj;
38272+ struct file *filp;
38273+ struct name_entry *nmatch;
38274+
38275+ filp = task->exec_file;
38276+ if (filp == NULL)
38277+ return 0;
38278+
38279+ /* the following is to apply the correct subject
38280+ on binaries running when the RBAC system
38281+ is enabled, when the binaries have been
38282+ replaced or deleted since their execution
38283+ -----
38284+ when the RBAC system starts, the inode/dev
38285+ from exec_file will be one the RBAC system
38286+ is unaware of. It only knows the inode/dev
38287+ of the present file on disk, or the absence
38288+ of it.
38289+ */
38290+ preempt_disable();
38291+ tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
38292+
38293+ nmatch = lookup_name_entry(tmpname);
38294+ preempt_enable();
38295+ tmpsubj = NULL;
38296+ if (nmatch) {
38297+ if (nmatch->deleted)
38298+ tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
38299+ else
38300+ tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
38301+ if (tmpsubj != NULL)
38302+ task->acl = tmpsubj;
38303+ }
38304+ if (tmpsubj == NULL)
38305+ task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
38306+ task->role);
38307+ if (task->acl) {
38308+ struct acl_subject_label *curr;
38309+ curr = task->acl;
38310+
38311+ task->is_writable = 0;
38312+ /* ignore additional mmap checks for processes that are writable
38313+ by the default ACL */
38314+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
38315+ if (unlikely(obj->mode & GR_WRITE))
38316+ task->is_writable = 1;
38317+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
38318+ if (unlikely(obj->mode & GR_WRITE))
38319+ task->is_writable = 1;
38320+
38321+ gr_set_proc_res(task);
38322+
38323+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
38324+ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
38325+#endif
38326+ } else {
38327+ return 1;
38328+ }
38329+
38330+ return 0;
38331+}
38332+
38333+int
38334+gr_set_acls(const int type)
38335+{
38336+ struct task_struct *task, *task2;
38337+ struct acl_role_label *role = current->role;
38338+ __u16 acl_role_id = current->acl_role_id;
38339+ const struct cred *cred;
38340+ int ret;
38341+
38342+ rcu_read_lock();
38343+ read_lock(&tasklist_lock);
38344+ read_lock(&grsec_exec_file_lock);
38345+ do_each_thread(task2, task) {
38346+ /* check to see if we're called from the exit handler,
38347+ if so, only replace ACLs that have inherited the admin
38348+ ACL */
38349+
38350+ if (type && (task->role != role ||
38351+ task->acl_role_id != acl_role_id))
38352+ continue;
38353+
38354+ task->acl_role_id = 0;
38355+ task->acl_sp_role = 0;
38356+
38357+ if (task->exec_file) {
38358+ cred = __task_cred(task);
38359+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
38360+ ret = gr_apply_subject_to_task(task);
38361+ if (ret) {
38362+ read_unlock(&grsec_exec_file_lock);
38363+ read_unlock(&tasklist_lock);
38364+ rcu_read_unlock();
38365+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
38366+ return ret;
38367+ }
38368+ } else {
38369+ // it's a kernel process
38370+ task->role = kernel_role;
38371+ task->acl = kernel_role->root_label;
38372+#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
38373+ task->acl->mode &= ~GR_PROCFIND;
38374+#endif
38375+ }
38376+ } while_each_thread(task2, task);
38377+ read_unlock(&grsec_exec_file_lock);
38378+ read_unlock(&tasklist_lock);
38379+ rcu_read_unlock();
38380+
38381+ return 0;
38382+}
38383+
38384+void
38385+gr_learn_resource(const struct task_struct *task,
38386+ const int res, const unsigned long wanted, const int gt)
38387+{
38388+ struct acl_subject_label *acl;
38389+ const struct cred *cred;
38390+
38391+ if (unlikely((gr_status & GR_READY) &&
38392+ task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
38393+ goto skip_reslog;
38394+
38395+#ifdef CONFIG_GRKERNSEC_RESLOG
38396+ gr_log_resource(task, res, wanted, gt);
38397+#endif
38398+ skip_reslog:
38399+
38400+ if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
38401+ return;
38402+
38403+ acl = task->acl;
38404+
38405+ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
38406+ !(acl->resmask & (1 << (unsigned short) res))))
38407+ return;
38408+
38409+ if (wanted >= acl->res[res].rlim_cur) {
38410+ unsigned long res_add;
38411+
38412+ res_add = wanted;
38413+ switch (res) {
38414+ case RLIMIT_CPU:
38415+ res_add += GR_RLIM_CPU_BUMP;
38416+ break;
38417+ case RLIMIT_FSIZE:
38418+ res_add += GR_RLIM_FSIZE_BUMP;
38419+ break;
38420+ case RLIMIT_DATA:
38421+ res_add += GR_RLIM_DATA_BUMP;
38422+ break;
38423+ case RLIMIT_STACK:
38424+ res_add += GR_RLIM_STACK_BUMP;
38425+ break;
38426+ case RLIMIT_CORE:
38427+ res_add += GR_RLIM_CORE_BUMP;
38428+ break;
38429+ case RLIMIT_RSS:
38430+ res_add += GR_RLIM_RSS_BUMP;
38431+ break;
38432+ case RLIMIT_NPROC:
38433+ res_add += GR_RLIM_NPROC_BUMP;
38434+ break;
38435+ case RLIMIT_NOFILE:
38436+ res_add += GR_RLIM_NOFILE_BUMP;
38437+ break;
38438+ case RLIMIT_MEMLOCK:
38439+ res_add += GR_RLIM_MEMLOCK_BUMP;
38440+ break;
38441+ case RLIMIT_AS:
38442+ res_add += GR_RLIM_AS_BUMP;
38443+ break;
38444+ case RLIMIT_LOCKS:
38445+ res_add += GR_RLIM_LOCKS_BUMP;
38446+ break;
38447+ case RLIMIT_SIGPENDING:
38448+ res_add += GR_RLIM_SIGPENDING_BUMP;
38449+ break;
38450+ case RLIMIT_MSGQUEUE:
38451+ res_add += GR_RLIM_MSGQUEUE_BUMP;
38452+ break;
38453+ case RLIMIT_NICE:
38454+ res_add += GR_RLIM_NICE_BUMP;
38455+ break;
38456+ case RLIMIT_RTPRIO:
38457+ res_add += GR_RLIM_RTPRIO_BUMP;
38458+ break;
38459+ case RLIMIT_RTTIME:
38460+ res_add += GR_RLIM_RTTIME_BUMP;
38461+ break;
38462+ }
38463+
38464+ acl->res[res].rlim_cur = res_add;
38465+
38466+ if (wanted > acl->res[res].rlim_max)
38467+ acl->res[res].rlim_max = res_add;
38468+
38469+ /* only log the subject filename, since resource logging is supported for
38470+ single-subject learning only */
38471+ rcu_read_lock();
38472+ cred = __task_cred(task);
38473+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
38474+ task->role->roletype, cred->uid, cred->gid, acl->filename,
38475+ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
38476+ "", (unsigned long) res, &task->signal->saved_ip);
38477+ rcu_read_unlock();
38478+ }
38479+
38480+ return;
38481+}
38482+
38483+#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
38484+void
38485+pax_set_initial_flags(struct linux_binprm *bprm)
38486+{
38487+ struct task_struct *task = current;
38488+ struct acl_subject_label *proc;
38489+ unsigned long flags;
38490+
38491+ if (unlikely(!(gr_status & GR_READY)))
38492+ return;
38493+
38494+ flags = pax_get_flags(task);
38495+
38496+ proc = task->acl;
38497+
38498+ if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
38499+ flags &= ~MF_PAX_PAGEEXEC;
38500+ if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
38501+ flags &= ~MF_PAX_SEGMEXEC;
38502+ if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
38503+ flags &= ~MF_PAX_RANDMMAP;
38504+ if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
38505+ flags &= ~MF_PAX_EMUTRAMP;
38506+ if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
38507+ flags &= ~MF_PAX_MPROTECT;
38508+
38509+ if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
38510+ flags |= MF_PAX_PAGEEXEC;
38511+ if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
38512+ flags |= MF_PAX_SEGMEXEC;
38513+ if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
38514+ flags |= MF_PAX_RANDMMAP;
38515+ if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
38516+ flags |= MF_PAX_EMUTRAMP;
38517+ if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
38518+ flags |= MF_PAX_MPROTECT;
38519+
38520+ pax_set_flags(task, flags);
38521+
38522+ return;
38523+}
38524+#endif
38525+
38526+#ifdef CONFIG_SYSCTL
38527+/* Eric Biederman likes breaking userland ABI and every inode-based security
38528+ system to save 35kb of memory */
38529+
38530+/* we modify the passed in filename, but adjust it back before returning */
38531+static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
38532+{
38533+ struct name_entry *nmatch;
38534+ char *p, *lastp = NULL;
38535+ struct acl_object_label *obj = NULL, *tmp;
38536+ struct acl_subject_label *tmpsubj;
38537+ char c = '\0';
38538+
38539+ read_lock(&gr_inode_lock);
38540+
38541+ p = name + len - 1;
38542+ do {
38543+ nmatch = lookup_name_entry(name);
38544+ if (lastp != NULL)
38545+ *lastp = c;
38546+
38547+ if (nmatch == NULL)
38548+ goto next_component;
38549+ tmpsubj = current->acl;
38550+ do {
38551+ obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
38552+ if (obj != NULL) {
38553+ tmp = obj->globbed;
38554+ while (tmp) {
38555+ if (!glob_match(tmp->filename, name)) {
38556+ obj = tmp;
38557+ goto found_obj;
38558+ }
38559+ tmp = tmp->next;
38560+ }
38561+ goto found_obj;
38562+ }
38563+ } while ((tmpsubj = tmpsubj->parent_subject));
38564+next_component:
38565+ /* end case */
38566+ if (p == name)
38567+ break;
38568+
38569+ while (*p != '/')
38570+ p--;
38571+ if (p == name)
38572+ lastp = p + 1;
38573+ else {
38574+ lastp = p;
38575+ p--;
38576+ }
38577+ c = *lastp;
38578+ *lastp = '\0';
38579+ } while (1);
38580+found_obj:
38581+ read_unlock(&gr_inode_lock);
38582+ /* obj returned will always be non-null */
38583+ return obj;
38584+}
38585+
38586+/* returns 0 when allowing, non-zero on error
38587+ op of 0 is used for readdir, so we don't log the names of hidden files
38588+*/
38589+__u32
38590+gr_handle_sysctl(const struct ctl_table *table, const int op)
38591+{
38592+ struct ctl_table *tmp;
38593+ const char *proc_sys = "/proc/sys";
38594+ char *path;
38595+ struct acl_object_label *obj;
38596+ unsigned short len = 0, pos = 0, depth = 0, i;
38597+ __u32 err = 0;
38598+ __u32 mode = 0;
38599+
38600+ if (unlikely(!(gr_status & GR_READY)))
38601+ return 0;
38602+
38603+ /* for now, ignore operations on non-sysctl entries if it's not a
38604+ readdir*/
38605+ if (table->child != NULL && op != 0)
38606+ return 0;
38607+
38608+ mode |= GR_FIND;
38609+ /* it's only a read if it's an entry, read on dirs is for readdir */
38610+ if (op & MAY_READ)
38611+ mode |= GR_READ;
38612+ if (op & MAY_WRITE)
38613+ mode |= GR_WRITE;
38614+
38615+ preempt_disable();
38616+
38617+ path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
38618+
38619+ /* it's only a read/write if it's an actual entry, not a dir
38620+ (which are opened for readdir)
38621+ */
38622+
38623+ /* convert the requested sysctl entry into a pathname */
38624+
38625+ for (tmp = (struct ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
38626+ len += strlen(tmp->procname);
38627+ len++;
38628+ depth++;
38629+ }
38630+
38631+ if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
38632+ /* deny */
38633+ goto out;
38634+ }
38635+
38636+ memset(path, 0, PAGE_SIZE);
38637+
38638+ memcpy(path, proc_sys, strlen(proc_sys));
38639+
38640+ pos += strlen(proc_sys);
38641+
38642+ for (; depth > 0; depth--) {
38643+ path[pos] = '/';
38644+ pos++;
38645+ for (i = 1, tmp = (struct ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
38646+ if (depth == i) {
38647+ memcpy(path + pos, tmp->procname,
38648+ strlen(tmp->procname));
38649+ pos += strlen(tmp->procname);
38650+ }
38651+ i++;
38652+ }
38653+ }
38654+
38655+ obj = gr_lookup_by_name(path, pos);
38656+ err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
38657+
38658+ if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
38659+ ((err & mode) != mode))) {
38660+ __u32 new_mode = mode;
38661+
38662+ new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
38663+
38664+ err = 0;
38665+ gr_log_learn_sysctl(path, new_mode);
38666+ } else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
38667+ gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
38668+ err = -ENOENT;
38669+ } else if (!(err & GR_FIND)) {
38670+ err = -ENOENT;
38671+ } else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
38672+ gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
38673+ path, (mode & GR_READ) ? " reading" : "",
38674+ (mode & GR_WRITE) ? " writing" : "");
38675+ err = -EACCES;
38676+ } else if ((err & mode) != mode) {
38677+ err = -EACCES;
38678+ } else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
38679+ gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
38680+ path, (mode & GR_READ) ? " reading" : "",
38681+ (mode & GR_WRITE) ? " writing" : "");
38682+ err = 0;
38683+ } else
38684+ err = 0;
38685+
38686+ out:
38687+ preempt_enable();
38688+
38689+ return err;
38690+}
38691+#endif
38692+
38693+int
38694+gr_handle_proc_ptrace(struct task_struct *task)
38695+{
38696+ struct file *filp;
38697+ struct task_struct *tmp = task;
38698+ struct task_struct *curtemp = current;
38699+ __u32 retmode;
38700+
38701+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
38702+ if (unlikely(!(gr_status & GR_READY)))
38703+ return 0;
38704+#endif
38705+
38706+ read_lock(&tasklist_lock);
38707+ read_lock(&grsec_exec_file_lock);
38708+ filp = task->exec_file;
38709+
38710+ while (tmp->pid > 0) {
38711+ if (tmp == curtemp)
38712+ break;
38713+ tmp = tmp->real_parent;
38714+ }
38715+
38716+ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
38717+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
38718+ read_unlock(&grsec_exec_file_lock);
38719+ read_unlock(&tasklist_lock);
38720+ return 1;
38721+ }
38722+
38723+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
38724+ if (!(gr_status & GR_READY)) {
38725+ read_unlock(&grsec_exec_file_lock);
38726+ read_unlock(&tasklist_lock);
38727+ return 0;
38728+ }
38729+#endif
38730+
38731+ retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
38732+ read_unlock(&grsec_exec_file_lock);
38733+ read_unlock(&tasklist_lock);
38734+
38735+ if (retmode & GR_NOPTRACE)
38736+ return 1;
38737+
38738+ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
38739+ && (current->acl != task->acl || (current->acl != current->role->root_label
38740+ && current->pid != task->pid)))
38741+ return 1;
38742+
38743+ return 0;
38744+}
38745+
38746+void task_grsec_rbac(struct seq_file *m, struct task_struct *p)
38747+{
38748+ if (unlikely(!(gr_status & GR_READY)))
38749+ return;
38750+
38751+ if (!(current->role->roletype & GR_ROLE_GOD))
38752+ return;
38753+
38754+ seq_printf(m, "RBAC:\t%.64s:%c:%.950s\n",
38755+ p->role->rolename, gr_task_roletype_to_char(p),
38756+ p->acl->filename);
38757+}
38758+
38759+int
38760+gr_handle_ptrace(struct task_struct *task, const long request)
38761+{
38762+ struct task_struct *tmp = task;
38763+ struct task_struct *curtemp = current;
38764+ __u32 retmode;
38765+
38766+#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
38767+ if (unlikely(!(gr_status & GR_READY)))
38768+ return 0;
38769+#endif
38770+
38771+ read_lock(&tasklist_lock);
38772+ while (tmp->pid > 0) {
38773+ if (tmp == curtemp)
38774+ break;
38775+ tmp = tmp->real_parent;
38776+ }
38777+
38778+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
38779+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
38780+ read_unlock(&tasklist_lock);
38781+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
38782+ return 1;
38783+ }
38784+ read_unlock(&tasklist_lock);
38785+
38786+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
38787+ if (!(gr_status & GR_READY))
38788+ return 0;
38789+#endif
38790+
38791+ read_lock(&grsec_exec_file_lock);
38792+ if (unlikely(!task->exec_file)) {
38793+ read_unlock(&grsec_exec_file_lock);
38794+ return 0;
38795+ }
38796+
38797+ retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
38798+ read_unlock(&grsec_exec_file_lock);
38799+
38800+ if (retmode & GR_NOPTRACE) {
38801+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
38802+ return 1;
38803+ }
38804+
38805+ if (retmode & GR_PTRACERD) {
38806+ switch (request) {
38807+ case PTRACE_POKETEXT:
38808+ case PTRACE_POKEDATA:
38809+ case PTRACE_POKEUSR:
38810+#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
38811+ case PTRACE_SETREGS:
38812+ case PTRACE_SETFPREGS:
38813+#endif
38814+#ifdef CONFIG_X86
38815+ case PTRACE_SETFPXREGS:
38816+#endif
38817+#ifdef CONFIG_ALTIVEC
38818+ case PTRACE_SETVRREGS:
38819+#endif
38820+ return 1;
38821+ default:
38822+ return 0;
38823+ }
38824+ } else if (!(current->acl->mode & GR_POVERRIDE) &&
38825+ !(current->role->roletype & GR_ROLE_GOD) &&
38826+ (current->acl != task->acl)) {
38827+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
38828+ return 1;
38829+ }
38830+
38831+ return 0;
38832+}
38833+
38834+static int is_writable_mmap(const struct file *filp)
38835+{
38836+ struct task_struct *task = current;
38837+ struct acl_object_label *obj, *obj2;
38838+
38839+ if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
38840+ !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode) && filp->f_path.mnt != shm_mnt) {
38841+ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
38842+ obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
38843+ task->role->root_label);
38844+ if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
38845+ gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
38846+ return 1;
38847+ }
38848+ }
38849+ return 0;
38850+}
38851+
38852+int
38853+gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
38854+{
38855+ __u32 mode;
38856+
38857+ if (unlikely(!file || !(prot & PROT_EXEC)))
38858+ return 1;
38859+
38860+ if (is_writable_mmap(file))
38861+ return 0;
38862+
38863+ mode =
38864+ gr_search_file(file->f_path.dentry,
38865+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
38866+ file->f_path.mnt);
38867+
38868+ if (!gr_tpe_allow(file))
38869+ return 0;
38870+
38871+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
38872+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
38873+ return 0;
38874+ } else if (unlikely(!(mode & GR_EXEC))) {
38875+ return 0;
38876+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
38877+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
38878+ return 1;
38879+ }
38880+
38881+ return 1;
38882+}
38883+
38884+int
38885+gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
38886+{
38887+ __u32 mode;
38888+
38889+ if (unlikely(!file || !(prot & PROT_EXEC)))
38890+ return 1;
38891+
38892+ if (is_writable_mmap(file))
38893+ return 0;
38894+
38895+ mode =
38896+ gr_search_file(file->f_path.dentry,
38897+ GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
38898+ file->f_path.mnt);
38899+
38900+ if (!gr_tpe_allow(file))
38901+ return 0;
38902+
38903+ if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
38904+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
38905+ return 0;
38906+ } else if (unlikely(!(mode & GR_EXEC))) {
38907+ return 0;
38908+ } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
38909+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
38910+ return 1;
38911+ }
38912+
38913+ return 1;
38914+}
38915+
38916+void
38917+gr_acl_handle_psacct(struct task_struct *task, const long code)
38918+{
38919+ unsigned long runtime;
38920+ unsigned long cputime;
38921+ unsigned int wday, cday;
38922+ __u8 whr, chr;
38923+ __u8 wmin, cmin;
38924+ __u8 wsec, csec;
38925+ struct timespec timeval;
38926+
38927+ if (unlikely(!(gr_status & GR_READY) || !task->acl ||
38928+ !(task->acl->mode & GR_PROCACCT)))
38929+ return;
38930+
38931+ do_posix_clock_monotonic_gettime(&timeval);
38932+ runtime = timeval.tv_sec - task->start_time.tv_sec;
38933+ wday = runtime / (3600 * 24);
38934+ runtime -= wday * (3600 * 24);
38935+ whr = runtime / 3600;
38936+ runtime -= whr * 3600;
38937+ wmin = runtime / 60;
38938+ runtime -= wmin * 60;
38939+ wsec = runtime;
38940+
38941+ cputime = (task->utime + task->stime) / HZ;
38942+ cday = cputime / (3600 * 24);
38943+ cputime -= cday * (3600 * 24);
38944+ chr = cputime / 3600;
38945+ cputime -= chr * 3600;
38946+ cmin = cputime / 60;
38947+ cputime -= cmin * 60;
38948+ csec = cputime;
38949+
38950+ gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
38951+
38952+ return;
38953+}
38954+
38955+void gr_set_kernel_label(struct task_struct *task)
38956+{
38957+ if (gr_status & GR_READY) {
38958+ task->role = kernel_role;
38959+ task->acl = kernel_role->root_label;
38960+ }
38961+ return;
38962+}
38963+
38964+#ifdef CONFIG_TASKSTATS
38965+int gr_is_taskstats_denied(int pid)
38966+{
38967+ struct task_struct *task;
38968+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
38969+ const struct cred *cred;
38970+#endif
38971+ int ret = 0;
38972+
38973+ /* restrict taskstats viewing to un-chrooted root users
38974+ who have the 'view' subject flag if the RBAC system is enabled
38975+ */
38976+
38977+ rcu_read_lock();
38978+ read_lock(&tasklist_lock);
38979+ task = find_task_by_vpid(pid);
38980+ if (task) {
38981+#ifdef CONFIG_GRKERNSEC_CHROOT
38982+ if (proc_is_chrooted(task))
38983+ ret = -EACCES;
38984+#endif
38985+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
38986+ cred = __task_cred(task);
38987+#ifdef CONFIG_GRKERNSEC_PROC_USER
38988+ if (cred->uid != 0)
38989+ ret = -EACCES;
38990+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
38991+ if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID))
38992+ ret = -EACCES;
38993+#endif
38994+#endif
38995+ if (gr_status & GR_READY) {
38996+ if (!(task->acl->mode & GR_VIEW))
38997+ ret = -EACCES;
38998+ }
38999+ } else
39000+ ret = -ENOENT;
39001+
39002+ read_unlock(&tasklist_lock);
39003+ rcu_read_unlock();
39004+
39005+ return ret;
39006+}
39007+#endif
39008+
39009+/* AUXV entries are filled via a descendant of search_binary_handler
39010+ after we've already applied the subject for the target
39011+*/
39012+int gr_acl_enable_at_secure(void)
39013+{
39014+ if (unlikely(!(gr_status & GR_READY)))
39015+ return 0;
39016+
39017+ if (current->acl->mode & GR_ATSECURE)
39018+ return 1;
39019+
39020+ return 0;
39021+}
39022+
39023+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
39024+{
39025+ struct task_struct *task = current;
39026+ struct dentry *dentry = file->f_path.dentry;
39027+ struct vfsmount *mnt = file->f_path.mnt;
39028+ struct acl_object_label *obj, *tmp;
39029+ struct acl_subject_label *subj;
39030+ unsigned int bufsize;
39031+ int is_not_root;
39032+ char *path;
39033+ dev_t dev = __get_dev(dentry);
39034+
39035+ if (unlikely(!(gr_status & GR_READY)))
39036+ return 1;
39037+
39038+ if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
39039+ return 1;
39040+
39041+ /* ignore Eric Biederman */
39042+ if (IS_PRIVATE(dentry->d_inode))
39043+ return 1;
39044+
39045+ subj = task->acl;
39046+ do {
39047+ obj = lookup_acl_obj_label(ino, dev, subj);
39048+ if (obj != NULL)
39049+ return (obj->mode & GR_FIND) ? 1 : 0;
39050+ } while ((subj = subj->parent_subject));
39051+
39052+ /* this is purely an optimization since we're looking for an object
39053+ for the directory we're doing a readdir on
39054+ if it's possible for any globbed object to match the entry we're
39055+ filling into the directory, then the object we find here will be
39056+ an anchor point with attached globbed objects
39057+ */
39058+ obj = chk_obj_label_noglob(dentry, mnt, task->acl);
39059+ if (obj->globbed == NULL)
39060+ return (obj->mode & GR_FIND) ? 1 : 0;
39061+
39062+ is_not_root = ((obj->filename[0] == '/') &&
39063+ (obj->filename[1] == '\0')) ? 0 : 1;
39064+ bufsize = PAGE_SIZE - namelen - is_not_root;
39065+
39066+ /* check bufsize > PAGE_SIZE || bufsize == 0 */
39067+ if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
39068+ return 1;
39069+
39070+ preempt_disable();
39071+ path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
39072+ bufsize);
39073+
39074+ bufsize = strlen(path);
39075+
39076+ /* if base is "/", don't append an additional slash */
39077+ if (is_not_root)
39078+ *(path + bufsize) = '/';
39079+ memcpy(path + bufsize + is_not_root, name, namelen);
39080+ *(path + bufsize + namelen + is_not_root) = '\0';
39081+
39082+ tmp = obj->globbed;
39083+ while (tmp) {
39084+ if (!glob_match(tmp->filename, path)) {
39085+ preempt_enable();
39086+ return (tmp->mode & GR_FIND) ? 1 : 0;
39087+ }
39088+ tmp = tmp->next;
39089+ }
39090+ preempt_enable();
39091+ return (obj->mode & GR_FIND) ? 1 : 0;
39092+}
39093+
39094+#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE
39095+EXPORT_SYMBOL(gr_acl_is_enabled);
39096+#endif
39097+EXPORT_SYMBOL(gr_learn_resource);
39098+EXPORT_SYMBOL(gr_set_kernel_label);
39099+#ifdef CONFIG_SECURITY
39100+EXPORT_SYMBOL(gr_check_user_change);
39101+EXPORT_SYMBOL(gr_check_group_change);
39102+#endif
39103+
39104diff -urNp linux-2.6.38.2/grsecurity/gracl_cap.c linux-2.6.38.2/grsecurity/gracl_cap.c
39105--- linux-2.6.38.2/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
39106+++ linux-2.6.38.2/grsecurity/gracl_cap.c 2011-03-21 20:22:36.000000000 -0400
39107@@ -0,0 +1,139 @@
39108+#include <linux/kernel.h>
39109+#include <linux/module.h>
39110+#include <linux/sched.h>
39111+#include <linux/gracl.h>
39112+#include <linux/grsecurity.h>
39113+#include <linux/grinternal.h>
39114+
39115+static const char *captab_log[] = {
39116+ "CAP_CHOWN",
39117+ "CAP_DAC_OVERRIDE",
39118+ "CAP_DAC_READ_SEARCH",
39119+ "CAP_FOWNER",
39120+ "CAP_FSETID",
39121+ "CAP_KILL",
39122+ "CAP_SETGID",
39123+ "CAP_SETUID",
39124+ "CAP_SETPCAP",
39125+ "CAP_LINUX_IMMUTABLE",
39126+ "CAP_NET_BIND_SERVICE",
39127+ "CAP_NET_BROADCAST",
39128+ "CAP_NET_ADMIN",
39129+ "CAP_NET_RAW",
39130+ "CAP_IPC_LOCK",
39131+ "CAP_IPC_OWNER",
39132+ "CAP_SYS_MODULE",
39133+ "CAP_SYS_RAWIO",
39134+ "CAP_SYS_CHROOT",
39135+ "CAP_SYS_PTRACE",
39136+ "CAP_SYS_PACCT",
39137+ "CAP_SYS_ADMIN",
39138+ "CAP_SYS_BOOT",
39139+ "CAP_SYS_NICE",
39140+ "CAP_SYS_RESOURCE",
39141+ "CAP_SYS_TIME",
39142+ "CAP_SYS_TTY_CONFIG",
39143+ "CAP_MKNOD",
39144+ "CAP_LEASE",
39145+ "CAP_AUDIT_WRITE",
39146+ "CAP_AUDIT_CONTROL",
39147+ "CAP_SETFCAP",
39148+ "CAP_MAC_OVERRIDE",
39149+ "CAP_MAC_ADMIN",
39150+ "CAP_SYSLOG"
39151+};
39152+
39153+EXPORT_SYMBOL(gr_is_capable);
39154+EXPORT_SYMBOL(gr_is_capable_nolog);
39155+
39156+int
39157+gr_is_capable(const int cap)
39158+{
39159+ struct task_struct *task = current;
39160+ const struct cred *cred = current_cred();
39161+ struct acl_subject_label *curracl;
39162+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
39163+ kernel_cap_t cap_audit = __cap_empty_set;
39164+
39165+ if (!gr_acl_is_enabled())
39166+ return 1;
39167+
39168+ curracl = task->acl;
39169+
39170+ cap_drop = curracl->cap_lower;
39171+ cap_mask = curracl->cap_mask;
39172+ cap_audit = curracl->cap_invert_audit;
39173+
39174+ while ((curracl = curracl->parent_subject)) {
39175+ /* if the cap isn't specified in the current computed mask but is specified in the
39176+ current level subject, and is lowered in the current level subject, then add
39177+ it to the set of dropped capabilities
39178+ otherwise, add the current level subject's mask to the current computed mask
39179+ */
39180+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
39181+ cap_raise(cap_mask, cap);
39182+ if (cap_raised(curracl->cap_lower, cap))
39183+ cap_raise(cap_drop, cap);
39184+ if (cap_raised(curracl->cap_invert_audit, cap))
39185+ cap_raise(cap_audit, cap);
39186+ }
39187+ }
39188+
39189+ if (!cap_raised(cap_drop, cap)) {
39190+ if (cap_raised(cap_audit, cap))
39191+ gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
39192+ return 1;
39193+ }
39194+
39195+ curracl = task->acl;
39196+
39197+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
39198+ && cap_raised(cred->cap_effective, cap)) {
39199+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
39200+ task->role->roletype, cred->uid,
39201+ cred->gid, task->exec_file ?
39202+ gr_to_filename(task->exec_file->f_path.dentry,
39203+ task->exec_file->f_path.mnt) : curracl->filename,
39204+ curracl->filename, 0UL,
39205+ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
39206+ return 1;
39207+ }
39208+
39209+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
39210+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
39211+ return 0;
39212+}
39213+
39214+int
39215+gr_is_capable_nolog(const int cap)
39216+{
39217+ struct acl_subject_label *curracl;
39218+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
39219+
39220+ if (!gr_acl_is_enabled())
39221+ return 1;
39222+
39223+ curracl = current->acl;
39224+
39225+ cap_drop = curracl->cap_lower;
39226+ cap_mask = curracl->cap_mask;
39227+
39228+ while ((curracl = curracl->parent_subject)) {
39229+ /* if the cap isn't specified in the current computed mask but is specified in the
39230+ current level subject, and is lowered in the current level subject, then add
39231+ it to the set of dropped capabilities
39232+ otherwise, add the current level subject's mask to the current computed mask
39233+ */
39234+ if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
39235+ cap_raise(cap_mask, cap);
39236+ if (cap_raised(curracl->cap_lower, cap))
39237+ cap_raise(cap_drop, cap);
39238+ }
39239+ }
39240+
39241+ if (!cap_raised(cap_drop, cap))
39242+ return 1;
39243+
39244+ return 0;
39245+}
39246+
39247diff -urNp linux-2.6.38.2/grsecurity/gracl_fs.c linux-2.6.38.2/grsecurity/gracl_fs.c
39248--- linux-2.6.38.2/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500
39249+++ linux-2.6.38.2/grsecurity/gracl_fs.c 2011-03-26 14:32:42.000000000 -0400
39250@@ -0,0 +1,431 @@
39251+#include <linux/kernel.h>
39252+#include <linux/sched.h>
39253+#include <linux/types.h>
39254+#include <linux/fs.h>
39255+#include <linux/file.h>
39256+#include <linux/stat.h>
39257+#include <linux/grsecurity.h>
39258+#include <linux/grinternal.h>
39259+#include <linux/gracl.h>
39260+
39261+__u32
39262+gr_acl_handle_hidden_file(const struct dentry * dentry,
39263+ const struct vfsmount * mnt)
39264+{
39265+ __u32 mode;
39266+
39267+ if (unlikely(!dentry->d_inode))
39268+ return GR_FIND;
39269+
39270+ mode =
39271+ gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
39272+
39273+ if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
39274+ gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
39275+ return mode;
39276+ } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
39277+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
39278+ return 0;
39279+ } else if (unlikely(!(mode & GR_FIND)))
39280+ return 0;
39281+
39282+ return GR_FIND;
39283+}
39284+
39285+__u32
39286+gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
39287+ const int fmode)
39288+{
39289+ __u32 reqmode = GR_FIND;
39290+ __u32 mode;
39291+
39292+ if (unlikely(!dentry->d_inode))
39293+ return reqmode;
39294+
39295+ if (unlikely(fmode & O_APPEND))
39296+ reqmode |= GR_APPEND;
39297+ else if (unlikely(fmode & FMODE_WRITE))
39298+ reqmode |= GR_WRITE;
39299+ if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
39300+ reqmode |= GR_READ;
39301+ if ((fmode & FMODE_GREXEC) && (fmode & __FMODE_EXEC))
39302+ reqmode &= ~GR_READ;
39303+ mode =
39304+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
39305+ mnt);
39306+
39307+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
39308+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
39309+ reqmode & GR_READ ? " reading" : "",
39310+ reqmode & GR_WRITE ? " writing" : reqmode &
39311+ GR_APPEND ? " appending" : "");
39312+ return reqmode;
39313+ } else
39314+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
39315+ {
39316+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
39317+ reqmode & GR_READ ? " reading" : "",
39318+ reqmode & GR_WRITE ? " writing" : reqmode &
39319+ GR_APPEND ? " appending" : "");
39320+ return 0;
39321+ } else if (unlikely((mode & reqmode) != reqmode))
39322+ return 0;
39323+
39324+ return reqmode;
39325+}
39326+
39327+__u32
39328+gr_acl_handle_creat(const struct dentry * dentry,
39329+ const struct dentry * p_dentry,
39330+ const struct vfsmount * p_mnt, const int fmode,
39331+ const int imode)
39332+{
39333+ __u32 reqmode = GR_WRITE | GR_CREATE;
39334+ __u32 mode;
39335+
39336+ if (unlikely(fmode & O_APPEND))
39337+ reqmode |= GR_APPEND;
39338+ if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
39339+ reqmode |= GR_READ;
39340+ if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
39341+ reqmode |= GR_SETID;
39342+
39343+ mode =
39344+ gr_check_create(dentry, p_dentry, p_mnt,
39345+ reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
39346+
39347+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
39348+ gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
39349+ reqmode & GR_READ ? " reading" : "",
39350+ reqmode & GR_WRITE ? " writing" : reqmode &
39351+ GR_APPEND ? " appending" : "");
39352+ return reqmode;
39353+ } else
39354+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
39355+ {
39356+ gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
39357+ reqmode & GR_READ ? " reading" : "",
39358+ reqmode & GR_WRITE ? " writing" : reqmode &
39359+ GR_APPEND ? " appending" : "");
39360+ return 0;
39361+ } else if (unlikely((mode & reqmode) != reqmode))
39362+ return 0;
39363+
39364+ return reqmode;
39365+}
39366+
39367+__u32
39368+gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
39369+ const int fmode)
39370+{
39371+ __u32 mode, reqmode = GR_FIND;
39372+
39373+ if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
39374+ reqmode |= GR_EXEC;
39375+ if (fmode & S_IWOTH)
39376+ reqmode |= GR_WRITE;
39377+ if (fmode & S_IROTH)
39378+ reqmode |= GR_READ;
39379+
39380+ mode =
39381+ gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
39382+ mnt);
39383+
39384+ if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
39385+ gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
39386+ reqmode & GR_READ ? " reading" : "",
39387+ reqmode & GR_WRITE ? " writing" : "",
39388+ reqmode & GR_EXEC ? " executing" : "");
39389+ return reqmode;
39390+ } else
39391+ if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
39392+ {
39393+ gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
39394+ reqmode & GR_READ ? " reading" : "",
39395+ reqmode & GR_WRITE ? " writing" : "",
39396+ reqmode & GR_EXEC ? " executing" : "");
39397+ return 0;
39398+ } else if (unlikely((mode & reqmode) != reqmode))
39399+ return 0;
39400+
39401+ return reqmode;
39402+}
39403+
39404+static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
39405+{
39406+ __u32 mode;
39407+
39408+ mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
39409+
39410+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
39411+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
39412+ return mode;
39413+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
39414+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
39415+ return 0;
39416+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
39417+ return 0;
39418+
39419+ return (reqmode);
39420+}
39421+
39422+__u32
39423+gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
39424+{
39425+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
39426+}
39427+
39428+__u32
39429+gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
39430+{
39431+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
39432+}
39433+
39434+__u32
39435+gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
39436+{
39437+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
39438+}
39439+
39440+__u32
39441+gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
39442+{
39443+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
39444+}
39445+
39446+__u32
39447+gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
39448+ mode_t mode)
39449+{
39450+ if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
39451+ return 1;
39452+
39453+ if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
39454+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
39455+ GR_FCHMOD_ACL_MSG);
39456+ } else {
39457+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
39458+ }
39459+}
39460+
39461+__u32
39462+gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
39463+ mode_t mode)
39464+{
39465+ if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
39466+ return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
39467+ GR_CHMOD_ACL_MSG);
39468+ } else {
39469+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
39470+ }
39471+}
39472+
39473+__u32
39474+gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
39475+{
39476+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
39477+}
39478+
39479+__u32
39480+gr_acl_handle_setxattr(const struct dentry *dentry, const struct vfsmount *mnt)
39481+{
39482+ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_SETXATTR_ACL_MSG);
39483+}
39484+
39485+__u32
39486+gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
39487+{
39488+ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
39489+}
39490+
39491+__u32
39492+gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
39493+{
39494+ return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
39495+ GR_UNIXCONNECT_ACL_MSG);
39496+}
39497+
39498+/* hardlinks require at minimum create permission,
39499+ any additional privilege required is based on the
39500+ privilege of the file being linked to
39501+*/
39502+__u32
39503+gr_acl_handle_link(const struct dentry * new_dentry,
39504+ const struct dentry * parent_dentry,
39505+ const struct vfsmount * parent_mnt,
39506+ const struct dentry * old_dentry,
39507+ const struct vfsmount * old_mnt, const char *to)
39508+{
39509+ __u32 mode;
39510+ __u32 needmode = GR_CREATE | GR_LINK;
39511+ __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
39512+
39513+ mode =
39514+ gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
39515+ old_mnt);
39516+
39517+ if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
39518+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
39519+ return mode;
39520+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
39521+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
39522+ return 0;
39523+ } else if (unlikely((mode & needmode) != needmode))
39524+ return 0;
39525+
39526+ return 1;
39527+}
39528+
39529+__u32
39530+gr_acl_handle_symlink(const struct dentry * new_dentry,
39531+ const struct dentry * parent_dentry,
39532+ const struct vfsmount * parent_mnt, const char *from)
39533+{
39534+ __u32 needmode = GR_WRITE | GR_CREATE;
39535+ __u32 mode;
39536+
39537+ mode =
39538+ gr_check_create(new_dentry, parent_dentry, parent_mnt,
39539+ GR_CREATE | GR_AUDIT_CREATE |
39540+ GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
39541+
39542+ if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
39543+ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
39544+ return mode;
39545+ } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
39546+ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
39547+ return 0;
39548+ } else if (unlikely((mode & needmode) != needmode))
39549+ return 0;
39550+
39551+ return (GR_WRITE | GR_CREATE);
39552+}
39553+
39554+static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
39555+{
39556+ __u32 mode;
39557+
39558+ mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
39559+
39560+ if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
39561+ gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
39562+ return mode;
39563+ } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
39564+ gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
39565+ return 0;
39566+ } else if (unlikely((mode & (reqmode)) != (reqmode)))
39567+ return 0;
39568+
39569+ return (reqmode);
39570+}
39571+
39572+__u32
39573+gr_acl_handle_mknod(const struct dentry * new_dentry,
39574+ const struct dentry * parent_dentry,
39575+ const struct vfsmount * parent_mnt,
39576+ const int mode)
39577+{
39578+ __u32 reqmode = GR_WRITE | GR_CREATE;
39579+ if (unlikely(mode & (S_ISUID | S_ISGID)))
39580+ reqmode |= GR_SETID;
39581+
39582+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
39583+ reqmode, GR_MKNOD_ACL_MSG);
39584+}
39585+
39586+__u32
39587+gr_acl_handle_mkdir(const struct dentry *new_dentry,
39588+ const struct dentry *parent_dentry,
39589+ const struct vfsmount *parent_mnt)
39590+{
39591+ return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
39592+ GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
39593+}
39594+
39595+#define RENAME_CHECK_SUCCESS(old, new) \
39596+ (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
39597+ ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
39598+
39599+int
39600+gr_acl_handle_rename(struct dentry *new_dentry,
39601+ struct dentry *parent_dentry,
39602+ const struct vfsmount *parent_mnt,
39603+ struct dentry *old_dentry,
39604+ struct inode *old_parent_inode,
39605+ struct vfsmount *old_mnt, const char *newname)
39606+{
39607+ __u32 comp1, comp2;
39608+ int error = 0;
39609+
39610+ if (unlikely(!gr_acl_is_enabled()))
39611+ return 0;
39612+
39613+ if (!new_dentry->d_inode) {
39614+ comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
39615+ GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
39616+ GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
39617+ comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
39618+ GR_DELETE | GR_AUDIT_DELETE |
39619+ GR_AUDIT_READ | GR_AUDIT_WRITE |
39620+ GR_SUPPRESS, old_mnt);
39621+ } else {
39622+ comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
39623+ GR_CREATE | GR_DELETE |
39624+ GR_AUDIT_CREATE | GR_AUDIT_DELETE |
39625+ GR_AUDIT_READ | GR_AUDIT_WRITE |
39626+ GR_SUPPRESS, parent_mnt);
39627+ comp2 =
39628+ gr_search_file(old_dentry,
39629+ GR_READ | GR_WRITE | GR_AUDIT_READ |
39630+ GR_DELETE | GR_AUDIT_DELETE |
39631+ GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
39632+ }
39633+
39634+ if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
39635+ ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
39636+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
39637+ else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
39638+ && !(comp2 & GR_SUPPRESS)) {
39639+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
39640+ error = -EACCES;
39641+ } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
39642+ error = -EACCES;
39643+
39644+ return error;
39645+}
39646+
39647+void
39648+gr_acl_handle_exit(void)
39649+{
39650+ u16 id;
39651+ char *rolename;
39652+ struct file *exec_file;
39653+
39654+ if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
39655+ !(current->role->roletype & GR_ROLE_PERSIST))) {
39656+ id = current->acl_role_id;
39657+ rolename = current->role->rolename;
39658+ gr_set_acls(1);
39659+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
39660+ }
39661+
39662+ write_lock(&grsec_exec_file_lock);
39663+ exec_file = current->exec_file;
39664+ current->exec_file = NULL;
39665+ write_unlock(&grsec_exec_file_lock);
39666+
39667+ if (exec_file)
39668+ fput(exec_file);
39669+}
39670+
39671+int
39672+gr_acl_handle_procpidmem(const struct task_struct *task)
39673+{
39674+ if (unlikely(!gr_acl_is_enabled()))
39675+ return 0;
39676+
39677+ if (task != current && task->acl->mode & GR_PROTPROCFD)
39678+ return -EACCES;
39679+
39680+ return 0;
39681+}
39682diff -urNp linux-2.6.38.2/grsecurity/gracl_ip.c linux-2.6.38.2/grsecurity/gracl_ip.c
39683--- linux-2.6.38.2/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500
39684+++ linux-2.6.38.2/grsecurity/gracl_ip.c 2011-03-21 18:31:35.000000000 -0400
39685@@ -0,0 +1,382 @@
39686+#include <linux/kernel.h>
39687+#include <asm/uaccess.h>
39688+#include <asm/errno.h>
39689+#include <net/sock.h>
39690+#include <linux/file.h>
39691+#include <linux/fs.h>
39692+#include <linux/net.h>
39693+#include <linux/in.h>
39694+#include <linux/skbuff.h>
39695+#include <linux/ip.h>
39696+#include <linux/udp.h>
39697+#include <linux/smp_lock.h>
39698+#include <linux/types.h>
39699+#include <linux/sched.h>
39700+#include <linux/netdevice.h>
39701+#include <linux/inetdevice.h>
39702+#include <linux/gracl.h>
39703+#include <linux/grsecurity.h>
39704+#include <linux/grinternal.h>
39705+
39706+#define GR_BIND 0x01
39707+#define GR_CONNECT 0x02
39708+#define GR_INVERT 0x04
39709+#define GR_BINDOVERRIDE 0x08
39710+#define GR_CONNECTOVERRIDE 0x10
39711+#define GR_SOCK_FAMILY 0x20
39712+
39713+static const char * gr_protocols[IPPROTO_MAX] = {
39714+ "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
39715+ "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
39716+ "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
39717+ "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
39718+ "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
39719+ "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
39720+ "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
39721+ "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
39722+ "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
39723+ "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
39724+ "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
39725+ "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
39726+ "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
39727+ "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
39728+ "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
39729+ "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
39730+ "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
39731+ "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
39732+ "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
39733+ "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
39734+ "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
39735+ "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
39736+ "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
39737+ "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
39738+ "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
39739+ "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
39740+ "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
39741+ "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
39742+ "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
39743+ "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
39744+ "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
39745+ "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
39746+ };
39747+
39748+static const char * gr_socktypes[SOCK_MAX] = {
39749+ "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
39750+ "unknown:7", "unknown:8", "unknown:9", "packet"
39751+ };
39752+
39753+static const char * gr_sockfamilies[AF_MAX+1] = {
39754+ "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
39755+ "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
39756+ "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
39757+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
39758+ };
39759+
39760+const char *
39761+gr_proto_to_name(unsigned char proto)
39762+{
39763+ return gr_protocols[proto];
39764+}
39765+
39766+const char *
39767+gr_socktype_to_name(unsigned char type)
39768+{
39769+ return gr_socktypes[type];
39770+}
39771+
39772+const char *
39773+gr_sockfamily_to_name(unsigned char family)
39774+{
39775+ return gr_sockfamilies[family];
39776+}
39777+
39778+int
39779+gr_search_socket(const int domain, const int type, const int protocol)
39780+{
39781+ struct acl_subject_label *curr;
39782+ const struct cred *cred = current_cred();
39783+
39784+ if (unlikely(!gr_acl_is_enabled()))
39785+ goto exit;
39786+
39787+ if ((domain < 0) || (type < 0) || (protocol < 0) ||
39788+ (domain >= AF_MAX) || (type >= SOCK_MAX) || (protocol >= IPPROTO_MAX))
39789+ goto exit; // let the kernel handle it
39790+
39791+ curr = current->acl;
39792+
39793+ if (curr->sock_families[domain / 32] & (1 << (domain % 32))) {
39794+ /* the family is allowed, if this is PF_INET allow it only if
39795+ the extra sock type/protocol checks pass */
39796+ if (domain == PF_INET)
39797+ goto inet_check;
39798+ goto exit;
39799+ } else {
39800+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
39801+ __u32 fakeip = 0;
39802+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
39803+ current->role->roletype, cred->uid,
39804+ cred->gid, current->exec_file ?
39805+ gr_to_filename(current->exec_file->f_path.dentry,
39806+ current->exec_file->f_path.mnt) :
39807+ curr->filename, curr->filename,
39808+ &fakeip, domain, 0, 0, GR_SOCK_FAMILY,
39809+ &current->signal->saved_ip);
39810+ goto exit;
39811+ }
39812+ goto exit_fail;
39813+ }
39814+
39815+inet_check:
39816+ /* the rest of this checking is for IPv4 only */
39817+ if (!curr->ips)
39818+ goto exit;
39819+
39820+ if ((curr->ip_type & (1 << type)) &&
39821+ (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
39822+ goto exit;
39823+
39824+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
39825+ /* we don't place acls on raw sockets , and sometimes
39826+ dgram/ip sockets are opened for ioctl and not
39827+ bind/connect, so we'll fake a bind learn log */
39828+ if (type == SOCK_RAW || type == SOCK_PACKET) {
39829+ __u32 fakeip = 0;
39830+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
39831+ current->role->roletype, cred->uid,
39832+ cred->gid, current->exec_file ?
39833+ gr_to_filename(current->exec_file->f_path.dentry,
39834+ current->exec_file->f_path.mnt) :
39835+ curr->filename, curr->filename,
39836+ &fakeip, 0, type,
39837+ protocol, GR_CONNECT, &current->signal->saved_ip);
39838+ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
39839+ __u32 fakeip = 0;
39840+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
39841+ current->role->roletype, cred->uid,
39842+ cred->gid, current->exec_file ?
39843+ gr_to_filename(current->exec_file->f_path.dentry,
39844+ current->exec_file->f_path.mnt) :
39845+ curr->filename, curr->filename,
39846+ &fakeip, 0, type,
39847+ protocol, GR_BIND, &current->signal->saved_ip);
39848+ }
39849+ /* we'll log when they use connect or bind */
39850+ goto exit;
39851+ }
39852+
39853+exit_fail:
39854+ if (domain == PF_INET)
39855+ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
39856+ gr_socktype_to_name(type), gr_proto_to_name(protocol));
39857+ else
39858+ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
39859+ gr_socktype_to_name(type), protocol);
39860+
39861+ return 0;
39862+exit:
39863+ return 1;
39864+}
39865+
39866+int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
39867+{
39868+ if ((ip->mode & mode) &&
39869+ (ip_port >= ip->low) &&
39870+ (ip_port <= ip->high) &&
39871+ ((ntohl(ip_addr) & our_netmask) ==
39872+ (ntohl(our_addr) & our_netmask))
39873+ && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
39874+ && (ip->type & (1 << type))) {
39875+ if (ip->mode & GR_INVERT)
39876+ return 2; // specifically denied
39877+ else
39878+ return 1; // allowed
39879+ }
39880+
39881+ return 0; // not specifically allowed, may continue parsing
39882+}
39883+
39884+static int
39885+gr_search_connectbind(const int full_mode, struct sock *sk,
39886+ struct sockaddr_in *addr, const int type)
39887+{
39888+ char iface[IFNAMSIZ] = {0};
39889+ struct acl_subject_label *curr;
39890+ struct acl_ip_label *ip;
39891+ struct inet_sock *isk;
39892+ struct net_device *dev;
39893+ struct in_device *idev;
39894+ unsigned long i;
39895+ int ret;
39896+ int mode = full_mode & (GR_BIND | GR_CONNECT);
39897+ __u32 ip_addr = 0;
39898+ __u32 our_addr;
39899+ __u32 our_netmask;
39900+ char *p;
39901+ __u16 ip_port = 0;
39902+ const struct cred *cred = current_cred();
39903+
39904+ if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
39905+ return 0;
39906+
39907+ curr = current->acl;
39908+ isk = inet_sk(sk);
39909+
39910+ /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
39911+ if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
39912+ addr->sin_addr.s_addr = curr->inaddr_any_override;
39913+ if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
39914+ struct sockaddr_in saddr;
39915+ int err;
39916+
39917+ saddr.sin_family = AF_INET;
39918+ saddr.sin_addr.s_addr = curr->inaddr_any_override;
39919+ saddr.sin_port = isk->inet_sport;
39920+
39921+ err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
39922+ if (err)
39923+ return err;
39924+
39925+ err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
39926+ if (err)
39927+ return err;
39928+ }
39929+
39930+ if (!curr->ips)
39931+ return 0;
39932+
39933+ ip_addr = addr->sin_addr.s_addr;
39934+ ip_port = ntohs(addr->sin_port);
39935+
39936+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
39937+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
39938+ current->role->roletype, cred->uid,
39939+ cred->gid, current->exec_file ?
39940+ gr_to_filename(current->exec_file->f_path.dentry,
39941+ current->exec_file->f_path.mnt) :
39942+ curr->filename, curr->filename,
39943+ &ip_addr, ip_port, type,
39944+ sk->sk_protocol, mode, &current->signal->saved_ip);
39945+ return 0;
39946+ }
39947+
39948+ for (i = 0; i < curr->ip_num; i++) {
39949+ ip = *(curr->ips + i);
39950+ if (ip->iface != NULL) {
39951+ strncpy(iface, ip->iface, IFNAMSIZ - 1);
39952+ p = strchr(iface, ':');
39953+ if (p != NULL)
39954+ *p = '\0';
39955+ dev = dev_get_by_name(sock_net(sk), iface);
39956+ if (dev == NULL)
39957+ continue;
39958+ idev = in_dev_get(dev);
39959+ if (idev == NULL) {
39960+ dev_put(dev);
39961+ continue;
39962+ }
39963+ rcu_read_lock();
39964+ for_ifa(idev) {
39965+ if (!strcmp(ip->iface, ifa->ifa_label)) {
39966+ our_addr = ifa->ifa_address;
39967+ our_netmask = 0xffffffff;
39968+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
39969+ if (ret == 1) {
39970+ rcu_read_unlock();
39971+ in_dev_put(idev);
39972+ dev_put(dev);
39973+ return 0;
39974+ } else if (ret == 2) {
39975+ rcu_read_unlock();
39976+ in_dev_put(idev);
39977+ dev_put(dev);
39978+ goto denied;
39979+ }
39980+ }
39981+ } endfor_ifa(idev);
39982+ rcu_read_unlock();
39983+ in_dev_put(idev);
39984+ dev_put(dev);
39985+ } else {
39986+ our_addr = ip->addr;
39987+ our_netmask = ip->netmask;
39988+ ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
39989+ if (ret == 1)
39990+ return 0;
39991+ else if (ret == 2)
39992+ goto denied;
39993+ }
39994+ }
39995+
39996+denied:
39997+ if (mode == GR_BIND)
39998+ gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
39999+ else if (mode == GR_CONNECT)
40000+ gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
40001+
40002+ return -EACCES;
40003+}
40004+
40005+int
40006+gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
40007+{
40008+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
40009+}
40010+
40011+int
40012+gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
40013+{
40014+ return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
40015+}
40016+
40017+int gr_search_listen(struct socket *sock)
40018+{
40019+ struct sock *sk = sock->sk;
40020+ struct sockaddr_in addr;
40021+
40022+ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
40023+ addr.sin_port = inet_sk(sk)->inet_sport;
40024+
40025+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
40026+}
40027+
40028+int gr_search_accept(struct socket *sock)
40029+{
40030+ struct sock *sk = sock->sk;
40031+ struct sockaddr_in addr;
40032+
40033+ addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
40034+ addr.sin_port = inet_sk(sk)->inet_sport;
40035+
40036+ return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
40037+}
40038+
40039+int
40040+gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
40041+{
40042+ if (addr)
40043+ return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
40044+ else {
40045+ struct sockaddr_in sin;
40046+ const struct inet_sock *inet = inet_sk(sk);
40047+
40048+ sin.sin_addr.s_addr = inet->inet_daddr;
40049+ sin.sin_port = inet->inet_dport;
40050+
40051+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
40052+ }
40053+}
40054+
40055+int
40056+gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
40057+{
40058+ struct sockaddr_in sin;
40059+
40060+ if (unlikely(skb->len < sizeof (struct udphdr)))
40061+ return 0; // skip this packet
40062+
40063+ sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
40064+ sin.sin_port = udp_hdr(skb)->source;
40065+
40066+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
40067+}
40068diff -urNp linux-2.6.38.2/grsecurity/gracl_learn.c linux-2.6.38.2/grsecurity/gracl_learn.c
40069--- linux-2.6.38.2/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500
40070+++ linux-2.6.38.2/grsecurity/gracl_learn.c 2011-03-21 18:31:35.000000000 -0400
40071@@ -0,0 +1,211 @@
40072+#include <linux/kernel.h>
40073+#include <linux/mm.h>
40074+#include <linux/sched.h>
40075+#include <linux/poll.h>
40076+#include <linux/smp_lock.h>
40077+#include <linux/string.h>
40078+#include <linux/file.h>
40079+#include <linux/types.h>
40080+#include <linux/vmalloc.h>
40081+#include <linux/grinternal.h>
40082+
40083+extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
40084+ size_t count, loff_t *ppos);
40085+extern int gr_acl_is_enabled(void);
40086+
40087+static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
40088+static int gr_learn_attached;
40089+
40090+/* use a 512k buffer */
40091+#define LEARN_BUFFER_SIZE (512 * 1024)
40092+
40093+static DEFINE_SPINLOCK(gr_learn_lock);
40094+static DEFINE_MUTEX(gr_learn_user_mutex);
40095+
40096+/* we need to maintain two buffers, so that the kernel context of grlearn
40097+ uses a semaphore around the userspace copying, and the other kernel contexts
40098+ use a spinlock when copying into the buffer, since they cannot sleep
40099+*/
40100+static char *learn_buffer;
40101+static char *learn_buffer_user;
40102+static int learn_buffer_len;
40103+static int learn_buffer_user_len;
40104+
40105+static ssize_t
40106+read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
40107+{
40108+ DECLARE_WAITQUEUE(wait, current);
40109+ ssize_t retval = 0;
40110+
40111+ add_wait_queue(&learn_wait, &wait);
40112+ set_current_state(TASK_INTERRUPTIBLE);
40113+ do {
40114+ mutex_lock(&gr_learn_user_mutex);
40115+ spin_lock(&gr_learn_lock);
40116+ if (learn_buffer_len)
40117+ break;
40118+ spin_unlock(&gr_learn_lock);
40119+ mutex_unlock(&gr_learn_user_mutex);
40120+ if (file->f_flags & O_NONBLOCK) {
40121+ retval = -EAGAIN;
40122+ goto out;
40123+ }
40124+ if (signal_pending(current)) {
40125+ retval = -ERESTARTSYS;
40126+ goto out;
40127+ }
40128+
40129+ schedule();
40130+ } while (1);
40131+
40132+ memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
40133+ learn_buffer_user_len = learn_buffer_len;
40134+ retval = learn_buffer_len;
40135+ learn_buffer_len = 0;
40136+
40137+ spin_unlock(&gr_learn_lock);
40138+
40139+ if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
40140+ retval = -EFAULT;
40141+
40142+ mutex_unlock(&gr_learn_user_mutex);
40143+out:
40144+ set_current_state(TASK_RUNNING);
40145+ remove_wait_queue(&learn_wait, &wait);
40146+ return retval;
40147+}
40148+
40149+static unsigned int
40150+poll_learn(struct file * file, poll_table * wait)
40151+{
40152+ poll_wait(file, &learn_wait, wait);
40153+
40154+ if (learn_buffer_len)
40155+ return (POLLIN | POLLRDNORM);
40156+
40157+ return 0;
40158+}
40159+
40160+void
40161+gr_clear_learn_entries(void)
40162+{
40163+ char *tmp;
40164+
40165+ mutex_lock(&gr_learn_user_mutex);
40166+ if (learn_buffer != NULL) {
40167+ spin_lock(&gr_learn_lock);
40168+ tmp = learn_buffer;
40169+ learn_buffer = NULL;
40170+ spin_unlock(&gr_learn_lock);
40171+ vfree(learn_buffer);
40172+ }
40173+ if (learn_buffer_user != NULL) {
40174+ vfree(learn_buffer_user);
40175+ learn_buffer_user = NULL;
40176+ }
40177+ learn_buffer_len = 0;
40178+ mutex_unlock(&gr_learn_user_mutex);
40179+
40180+ return;
40181+}
40182+
40183+void
40184+gr_add_learn_entry(const char *fmt, ...)
40185+{
40186+ va_list args;
40187+ unsigned int len;
40188+
40189+ if (!gr_learn_attached)
40190+ return;
40191+
40192+ spin_lock(&gr_learn_lock);
40193+
40194+ /* leave a gap at the end so we know when it's "full" but don't have to
40195+ compute the exact length of the string we're trying to append
40196+ */
40197+ if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
40198+ spin_unlock(&gr_learn_lock);
40199+ wake_up_interruptible(&learn_wait);
40200+ return;
40201+ }
40202+ if (learn_buffer == NULL) {
40203+ spin_unlock(&gr_learn_lock);
40204+ return;
40205+ }
40206+
40207+ va_start(args, fmt);
40208+ len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
40209+ va_end(args);
40210+
40211+ learn_buffer_len += len + 1;
40212+
40213+ spin_unlock(&gr_learn_lock);
40214+ wake_up_interruptible(&learn_wait);
40215+
40216+ return;
40217+}
40218+
40219+static int
40220+open_learn(struct inode *inode, struct file *file)
40221+{
40222+ if (file->f_mode & FMODE_READ && gr_learn_attached)
40223+ return -EBUSY;
40224+ if (file->f_mode & FMODE_READ) {
40225+ int retval = 0;
40226+ mutex_lock(&gr_learn_user_mutex);
40227+ if (learn_buffer == NULL)
40228+ learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
40229+ if (learn_buffer_user == NULL)
40230+ learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
40231+ if (learn_buffer == NULL) {
40232+ retval = -ENOMEM;
40233+ goto out_error;
40234+ }
40235+ if (learn_buffer_user == NULL) {
40236+ retval = -ENOMEM;
40237+ goto out_error;
40238+ }
40239+ learn_buffer_len = 0;
40240+ learn_buffer_user_len = 0;
40241+ gr_learn_attached = 1;
40242+out_error:
40243+ mutex_unlock(&gr_learn_user_mutex);
40244+ return retval;
40245+ }
40246+ return 0;
40247+}
40248+
40249+static int
40250+close_learn(struct inode *inode, struct file *file)
40251+{
40252+ char *tmp;
40253+
40254+ if (file->f_mode & FMODE_READ) {
40255+ mutex_lock(&gr_learn_user_mutex);
40256+ if (learn_buffer != NULL) {
40257+ spin_lock(&gr_learn_lock);
40258+ tmp = learn_buffer;
40259+ learn_buffer = NULL;
40260+ spin_unlock(&gr_learn_lock);
40261+ vfree(tmp);
40262+ }
40263+ if (learn_buffer_user != NULL) {
40264+ vfree(learn_buffer_user);
40265+ learn_buffer_user = NULL;
40266+ }
40267+ learn_buffer_len = 0;
40268+ learn_buffer_user_len = 0;
40269+ gr_learn_attached = 0;
40270+ mutex_unlock(&gr_learn_user_mutex);
40271+ }
40272+
40273+ return 0;
40274+}
40275+
40276+const struct file_operations grsec_fops = {
40277+ .read = read_learn,
40278+ .write = write_grsec_handler,
40279+ .open = open_learn,
40280+ .release = close_learn,
40281+ .poll = poll_learn,
40282+};
40283diff -urNp linux-2.6.38.2/grsecurity/gracl_res.c linux-2.6.38.2/grsecurity/gracl_res.c
40284--- linux-2.6.38.2/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500
40285+++ linux-2.6.38.2/grsecurity/gracl_res.c 2011-03-21 18:31:35.000000000 -0400
40286@@ -0,0 +1,68 @@
40287+#include <linux/kernel.h>
40288+#include <linux/sched.h>
40289+#include <linux/gracl.h>
40290+#include <linux/grinternal.h>
40291+
40292+static const char *restab_log[] = {
40293+ [RLIMIT_CPU] = "RLIMIT_CPU",
40294+ [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
40295+ [RLIMIT_DATA] = "RLIMIT_DATA",
40296+ [RLIMIT_STACK] = "RLIMIT_STACK",
40297+ [RLIMIT_CORE] = "RLIMIT_CORE",
40298+ [RLIMIT_RSS] = "RLIMIT_RSS",
40299+ [RLIMIT_NPROC] = "RLIMIT_NPROC",
40300+ [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
40301+ [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
40302+ [RLIMIT_AS] = "RLIMIT_AS",
40303+ [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
40304+ [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
40305+ [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
40306+ [RLIMIT_NICE] = "RLIMIT_NICE",
40307+ [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
40308+ [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
40309+ [GR_CRASH_RES] = "RLIMIT_CRASH"
40310+};
40311+
40312+void
40313+gr_log_resource(const struct task_struct *task,
40314+ const int res, const unsigned long wanted, const int gt)
40315+{
40316+ const struct cred *cred;
40317+ unsigned long rlim;
40318+
40319+ if (!gr_acl_is_enabled() && !grsec_resource_logging)
40320+ return;
40321+
40322+ // not yet supported resource
40323+ if (unlikely(!restab_log[res]))
40324+ return;
40325+
40326+ if (res == RLIMIT_CPU || res == RLIMIT_RTTIME)
40327+ rlim = task_rlimit_max(task, res);
40328+ else
40329+ rlim = task_rlimit(task, res);
40330+
40331+ if (likely((rlim == RLIM_INFINITY) || (gt && wanted <= rlim) || (!gt && wanted < rlim)))
40332+ return;
40333+
40334+ rcu_read_lock();
40335+ cred = __task_cred(task);
40336+
40337+ if (res == RLIMIT_NPROC &&
40338+ (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
40339+ cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
40340+ goto out_rcu_unlock;
40341+ else if (res == RLIMIT_MEMLOCK &&
40342+ cap_raised(cred->cap_effective, CAP_IPC_LOCK))
40343+ goto out_rcu_unlock;
40344+ else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
40345+ goto out_rcu_unlock;
40346+ rcu_read_unlock();
40347+
40348+ gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], rlim);
40349+
40350+ return;
40351+out_rcu_unlock:
40352+ rcu_read_unlock();
40353+ return;
40354+}
40355diff -urNp linux-2.6.38.2/grsecurity/gracl_segv.c linux-2.6.38.2/grsecurity/gracl_segv.c
40356--- linux-2.6.38.2/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500
40357+++ linux-2.6.38.2/grsecurity/gracl_segv.c 2011-03-24 23:09:37.000000000 -0400
40358@@ -0,0 +1,326 @@
40359+#include <linux/kernel.h>
40360+#include <linux/mm.h>
40361+#include <asm/uaccess.h>
40362+#include <asm/errno.h>
40363+#include <asm/mman.h>
40364+#include <net/sock.h>
40365+#include <linux/file.h>
40366+#include <linux/fs.h>
40367+#include <linux/net.h>
40368+#include <linux/in.h>
40369+#include <linux/smp_lock.h>
40370+#include <linux/slab.h>
40371+#include <linux/types.h>
40372+#include <linux/sched.h>
40373+#include <linux/timer.h>
40374+#include <linux/gracl.h>
40375+#include <linux/grsecurity.h>
40376+#include <linux/grinternal.h>
40377+
40378+static struct crash_uid *uid_set;
40379+static unsigned short uid_used;
40380+static DEFINE_SPINLOCK(gr_uid_lock);
40381+extern rwlock_t gr_inode_lock;
40382+extern struct acl_subject_label *
40383+ lookup_acl_subj_label(const ino_t inode, const dev_t dev,
40384+ struct acl_role_label *role);
40385+extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t);
40386+
40387+
40388+#ifdef CONFIG_BTRFS_FS
40389+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
40390+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
40391+#endif
40392+
40393+static inline dev_t __get_dev(const struct dentry *dentry)
40394+{
40395+#ifdef CONFIG_BTRFS_FS
40396+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
40397+ return get_btrfs_dev_from_inode(dentry->d_inode);
40398+ else
40399+#endif
40400+ return dentry->d_inode->i_sb->s_dev;
40401+}
40402+
40403+int
40404+gr_init_uidset(void)
40405+{
40406+ uid_set =
40407+ kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
40408+ uid_used = 0;
40409+
40410+ return uid_set ? 1 : 0;
40411+}
40412+
40413+void
40414+gr_free_uidset(void)
40415+{
40416+ if (uid_set)
40417+ kfree(uid_set);
40418+
40419+ return;
40420+}
40421+
40422+int
40423+gr_find_uid(const uid_t uid)
40424+{
40425+ struct crash_uid *tmp = uid_set;
40426+ uid_t buid;
40427+ int low = 0, high = uid_used - 1, mid;
40428+
40429+ while (high >= low) {
40430+ mid = (low + high) >> 1;
40431+ buid = tmp[mid].uid;
40432+ if (buid == uid)
40433+ return mid;
40434+ if (buid > uid)
40435+ high = mid - 1;
40436+ if (buid < uid)
40437+ low = mid + 1;
40438+ }
40439+
40440+ return -1;
40441+}
40442+
40443+static __inline__ void
40444+gr_insertsort(void)
40445+{
40446+ unsigned short i, j;
40447+ struct crash_uid index;
40448+
40449+ for (i = 1; i < uid_used; i++) {
40450+ index = uid_set[i];
40451+ j = i;
40452+ while ((j > 0) && uid_set[j - 1].uid > index.uid) {
40453+ uid_set[j] = uid_set[j - 1];
40454+ j--;
40455+ }
40456+ uid_set[j] = index;
40457+ }
40458+
40459+ return;
40460+}
40461+
40462+static __inline__ void
40463+gr_insert_uid(const uid_t uid, const unsigned long expires)
40464+{
40465+ int loc;
40466+
40467+ if (uid_used == GR_UIDTABLE_MAX)
40468+ return;
40469+
40470+ loc = gr_find_uid(uid);
40471+
40472+ if (loc >= 0) {
40473+ uid_set[loc].expires = expires;
40474+ return;
40475+ }
40476+
40477+ uid_set[uid_used].uid = uid;
40478+ uid_set[uid_used].expires = expires;
40479+ uid_used++;
40480+
40481+ gr_insertsort();
40482+
40483+ return;
40484+}
40485+
40486+void
40487+gr_remove_uid(const unsigned short loc)
40488+{
40489+ unsigned short i;
40490+
40491+ for (i = loc + 1; i < uid_used; i++)
40492+ uid_set[i - 1] = uid_set[i];
40493+
40494+ uid_used--;
40495+
40496+ return;
40497+}
40498+
40499+int
40500+gr_check_crash_uid(const uid_t uid)
40501+{
40502+ int loc;
40503+ int ret = 0;
40504+
40505+ if (unlikely(!gr_acl_is_enabled()))
40506+ return 0;
40507+
40508+ spin_lock(&gr_uid_lock);
40509+ loc = gr_find_uid(uid);
40510+
40511+ if (loc < 0)
40512+ goto out_unlock;
40513+
40514+ if (time_before_eq(uid_set[loc].expires, get_seconds()))
40515+ gr_remove_uid(loc);
40516+ else
40517+ ret = 1;
40518+
40519+out_unlock:
40520+ spin_unlock(&gr_uid_lock);
40521+ return ret;
40522+}
40523+
40524+static __inline__ int
40525+proc_is_setxid(const struct cred *cred)
40526+{
40527+ if (cred->uid != cred->euid || cred->uid != cred->suid ||
40528+ cred->uid != cred->fsuid)
40529+ return 1;
40530+ if (cred->gid != cred->egid || cred->gid != cred->sgid ||
40531+ cred->gid != cred->fsgid)
40532+ return 1;
40533+
40534+ return 0;
40535+}
40536+static __inline__ int
40537+gr_fake_force_sig(int sig, struct task_struct *t)
40538+{
40539+ unsigned long int flags;
40540+ int ret, blocked, ignored;
40541+ struct k_sigaction *action;
40542+
40543+ spin_lock_irqsave(&t->sighand->siglock, flags);
40544+ action = &t->sighand->action[sig-1];
40545+ ignored = action->sa.sa_handler == SIG_IGN;
40546+ blocked = sigismember(&t->blocked, sig);
40547+ if (blocked || ignored) {
40548+ action->sa.sa_handler = SIG_DFL;
40549+ if (blocked) {
40550+ sigdelset(&t->blocked, sig);
40551+ recalc_sigpending_and_wake(t);
40552+ }
40553+ }
40554+ if (action->sa.sa_handler == SIG_DFL)
40555+ t->signal->flags &= ~SIGNAL_UNKILLABLE;
40556+ ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t);
40557+
40558+ spin_unlock_irqrestore(&t->sighand->siglock, flags);
40559+
40560+ return ret;
40561+}
40562+
40563+void
40564+gr_handle_crash(struct task_struct *task, const int sig)
40565+{
40566+ struct acl_subject_label *curr;
40567+ struct acl_subject_label *curr2;
40568+ struct task_struct *tsk, *tsk2;
40569+ const struct cred *cred;
40570+ const struct cred *cred2;
40571+
40572+ if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
40573+ return;
40574+
40575+ if (unlikely(!gr_acl_is_enabled()))
40576+ return;
40577+
40578+ curr = task->acl;
40579+
40580+ if (!(curr->resmask & (1 << GR_CRASH_RES)))
40581+ return;
40582+
40583+ if (time_before_eq(curr->expires, get_seconds())) {
40584+ curr->expires = 0;
40585+ curr->crashes = 0;
40586+ }
40587+
40588+ curr->crashes++;
40589+
40590+ if (!curr->expires)
40591+ curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
40592+
40593+ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
40594+ time_after(curr->expires, get_seconds())) {
40595+ rcu_read_lock();
40596+ cred = __task_cred(task);
40597+ if (cred->uid && proc_is_setxid(cred)) {
40598+ gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
40599+ spin_lock(&gr_uid_lock);
40600+ gr_insert_uid(cred->uid, curr->expires);
40601+ spin_unlock(&gr_uid_lock);
40602+ curr->expires = 0;
40603+ curr->crashes = 0;
40604+ read_lock(&tasklist_lock);
40605+ do_each_thread(tsk2, tsk) {
40606+ cred2 = __task_cred(tsk);
40607+ if (tsk != task && cred2->uid == cred->uid)
40608+ gr_fake_force_sig(SIGKILL, tsk);
40609+ } while_each_thread(tsk2, tsk);
40610+ read_unlock(&tasklist_lock);
40611+ } else {
40612+ gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
40613+ read_lock(&tasklist_lock);
40614+ do_each_thread(tsk2, tsk) {
40615+ if (likely(tsk != task)) {
40616+ curr2 = tsk->acl;
40617+
40618+ if (curr2->device == curr->device &&
40619+ curr2->inode == curr->inode)
40620+ gr_fake_force_sig(SIGKILL, tsk);
40621+ }
40622+ } while_each_thread(tsk2, tsk);
40623+ read_unlock(&tasklist_lock);
40624+ }
40625+ rcu_read_unlock();
40626+ }
40627+
40628+ return;
40629+}
40630+
40631+int
40632+gr_check_crash_exec(const struct file *filp)
40633+{
40634+ struct acl_subject_label *curr;
40635+
40636+ if (unlikely(!gr_acl_is_enabled()))
40637+ return 0;
40638+
40639+ read_lock(&gr_inode_lock);
40640+ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
40641+ __get_dev(filp->f_path.dentry),
40642+ current->role);
40643+ read_unlock(&gr_inode_lock);
40644+
40645+ if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
40646+ (!curr->crashes && !curr->expires))
40647+ return 0;
40648+
40649+ if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
40650+ time_after(curr->expires, get_seconds()))
40651+ return 1;
40652+ else if (time_before_eq(curr->expires, get_seconds())) {
40653+ curr->crashes = 0;
40654+ curr->expires = 0;
40655+ }
40656+
40657+ return 0;
40658+}
40659+
40660+void
40661+gr_handle_alertkill(struct task_struct *task)
40662+{
40663+ struct acl_subject_label *curracl;
40664+ __u32 curr_ip;
40665+ struct task_struct *p, *p2;
40666+
40667+ if (unlikely(!gr_acl_is_enabled()))
40668+ return;
40669+
40670+ curracl = task->acl;
40671+ curr_ip = task->signal->curr_ip;
40672+
40673+ if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
40674+ read_lock(&tasklist_lock);
40675+ do_each_thread(p2, p) {
40676+ if (p->signal->curr_ip == curr_ip)
40677+ gr_fake_force_sig(SIGKILL, p);
40678+ } while_each_thread(p2, p);
40679+ read_unlock(&tasklist_lock);
40680+ } else if (curracl->mode & GR_KILLPROC)
40681+ gr_fake_force_sig(SIGKILL, task);
40682+
40683+ return;
40684+}
40685diff -urNp linux-2.6.38.2/grsecurity/gracl_shm.c linux-2.6.38.2/grsecurity/gracl_shm.c
40686--- linux-2.6.38.2/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500
40687+++ linux-2.6.38.2/grsecurity/gracl_shm.c 2011-03-21 18:31:35.000000000 -0400
40688@@ -0,0 +1,40 @@
40689+#include <linux/kernel.h>
40690+#include <linux/mm.h>
40691+#include <linux/sched.h>
40692+#include <linux/file.h>
40693+#include <linux/ipc.h>
40694+#include <linux/gracl.h>
40695+#include <linux/grsecurity.h>
40696+#include <linux/grinternal.h>
40697+
40698+int
40699+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
40700+ const time_t shm_createtime, const uid_t cuid, const int shmid)
40701+{
40702+ struct task_struct *task;
40703+
40704+ if (!gr_acl_is_enabled())
40705+ return 1;
40706+
40707+ rcu_read_lock();
40708+ read_lock(&tasklist_lock);
40709+
40710+ task = find_task_by_vpid(shm_cprid);
40711+
40712+ if (unlikely(!task))
40713+ task = find_task_by_vpid(shm_lapid);
40714+
40715+ if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
40716+ (task->pid == shm_lapid)) &&
40717+ (task->acl->mode & GR_PROTSHM) &&
40718+ (task->acl != current->acl))) {
40719+ read_unlock(&tasklist_lock);
40720+ rcu_read_unlock();
40721+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
40722+ return 0;
40723+ }
40724+ read_unlock(&tasklist_lock);
40725+ rcu_read_unlock();
40726+
40727+ return 1;
40728+}
40729diff -urNp linux-2.6.38.2/grsecurity/grsec_chdir.c linux-2.6.38.2/grsecurity/grsec_chdir.c
40730--- linux-2.6.38.2/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500
40731+++ linux-2.6.38.2/grsecurity/grsec_chdir.c 2011-03-21 18:31:35.000000000 -0400
40732@@ -0,0 +1,19 @@
40733+#include <linux/kernel.h>
40734+#include <linux/sched.h>
40735+#include <linux/fs.h>
40736+#include <linux/file.h>
40737+#include <linux/grsecurity.h>
40738+#include <linux/grinternal.h>
40739+
40740+void
40741+gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
40742+{
40743+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
40744+ if ((grsec_enable_chdir && grsec_enable_group &&
40745+ in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
40746+ !grsec_enable_group)) {
40747+ gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
40748+ }
40749+#endif
40750+ return;
40751+}
40752diff -urNp linux-2.6.38.2/grsecurity/grsec_chroot.c linux-2.6.38.2/grsecurity/grsec_chroot.c
40753--- linux-2.6.38.2/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
40754+++ linux-2.6.38.2/grsecurity/grsec_chroot.c 2011-03-21 21:24:10.000000000 -0400
40755@@ -0,0 +1,351 @@
40756+#include <linux/kernel.h>
40757+#include <linux/module.h>
40758+#include <linux/sched.h>
40759+#include <linux/file.h>
40760+#include <linux/fs.h>
40761+#include <linux/mount.h>
40762+#include <linux/types.h>
40763+#include <linux/pid_namespace.h>
40764+#include <linux/grsecurity.h>
40765+#include <linux/grinternal.h>
40766+
40767+void gr_set_chroot_entries(struct task_struct *task, struct path *path)
40768+{
40769+#ifdef CONFIG_GRKERNSEC
40770+ if (task->pid > 1 && path->dentry != init_task.fs->root.dentry &&
40771+ path->dentry != task->nsproxy->mnt_ns->root->mnt_root)
40772+ task->gr_is_chrooted = 1;
40773+ else
40774+ task->gr_is_chrooted = 0;
40775+
40776+ task->gr_chroot_dentry = path->dentry;
40777+#endif
40778+ return;
40779+}
40780+
40781+void gr_clear_chroot_entries(struct task_struct *task)
40782+{
40783+#ifdef CONFIG_GRKERNSEC
40784+ task->gr_is_chrooted = 0;
40785+ task->gr_chroot_dentry = NULL;
40786+#endif
40787+ return;
40788+}
40789+
40790+int
40791+gr_handle_chroot_unix(struct pid *pid)
40792+{
40793+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
40794+ struct task_struct *p;
40795+
40796+ if (unlikely(!grsec_enable_chroot_unix))
40797+ return 1;
40798+
40799+ if (likely(!proc_is_chrooted(current)))
40800+ return 1;
40801+
40802+ rcu_read_lock();
40803+ read_lock(&tasklist_lock);
40804+ p = pid_task(pid, PIDTYPE_PID);
40805+ if (unlikely(!have_same_root(current, p))) {
40806+ read_unlock(&tasklist_lock);
40807+ rcu_read_unlock();
40808+ gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
40809+ return 0;
40810+ }
40811+ read_unlock(&tasklist_lock);
40812+ rcu_read_unlock();
40813+#endif
40814+ return 1;
40815+}
40816+
40817+int
40818+gr_handle_chroot_nice(void)
40819+{
40820+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
40821+ if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
40822+ gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
40823+ return -EPERM;
40824+ }
40825+#endif
40826+ return 0;
40827+}
40828+
40829+int
40830+gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
40831+{
40832+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
40833+ if (grsec_enable_chroot_nice && (niceval < task_nice(p))
40834+ && proc_is_chrooted(current)) {
40835+ gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
40836+ return -EACCES;
40837+ }
40838+#endif
40839+ return 0;
40840+}
40841+
40842+int
40843+gr_handle_chroot_rawio(const struct inode *inode)
40844+{
40845+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
40846+ if (grsec_enable_chroot_caps && proc_is_chrooted(current) &&
40847+ inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
40848+ return 1;
40849+#endif
40850+ return 0;
40851+}
40852+
40853+int
40854+gr_handle_chroot_fowner(struct pid *pid, enum pid_type type)
40855+{
40856+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
40857+ struct task_struct *p;
40858+ int ret = 0;
40859+ if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || !pid)
40860+ return ret;
40861+
40862+ read_lock(&tasklist_lock);
40863+ do_each_pid_task(pid, type, p) {
40864+ if (!have_same_root(current, p)) {
40865+ ret = 1;
40866+ goto out;
40867+ }
40868+ } while_each_pid_task(pid, type, p);
40869+out:
40870+ read_unlock(&tasklist_lock);
40871+ return ret;
40872+#endif
40873+ return 0;
40874+}
40875+
40876+int
40877+gr_pid_is_chrooted(struct task_struct *p)
40878+{
40879+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
40880+ if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL)
40881+ return 0;
40882+
40883+ if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) ||
40884+ !have_same_root(current, p)) {
40885+ return 1;
40886+ }
40887+#endif
40888+ return 0;
40889+}
40890+
40891+EXPORT_SYMBOL(gr_pid_is_chrooted);
40892+
40893+#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
40894+int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
40895+{
40896+ struct path path, currentroot;
40897+ int ret = 0;
40898+
40899+ path.dentry = (struct dentry *)u_dentry;
40900+ path.mnt = (struct vfsmount *)u_mnt;
40901+ get_fs_root(current->fs, &currentroot);
40902+ if (path_is_under(&path, &currentroot))
40903+ ret = 1;
40904+ path_put(&currentroot);
40905+
40906+ return ret;
40907+}
40908+#endif
40909+
40910+int
40911+gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
40912+{
40913+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
40914+ if (!grsec_enable_chroot_fchdir)
40915+ return 1;
40916+
40917+ if (!proc_is_chrooted(current))
40918+ return 1;
40919+ else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
40920+ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
40921+ return 0;
40922+ }
40923+#endif
40924+ return 1;
40925+}
40926+
40927+int
40928+gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
40929+ const time_t shm_createtime)
40930+{
40931+#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
40932+ struct pid *pid = NULL;
40933+ time_t starttime;
40934+
40935+ if (unlikely(!grsec_enable_chroot_shmat))
40936+ return 1;
40937+
40938+ if (likely(!proc_is_chrooted(current)))
40939+ return 1;
40940+
40941+ rcu_read_lock();
40942+ read_lock(&tasklist_lock);
40943+
40944+ pid = find_vpid(shm_cprid);
40945+ if (pid) {
40946+ struct task_struct *p;
40947+ p = pid_task(pid, PIDTYPE_PID);
40948+ starttime = p->start_time.tv_sec;
40949+ if (unlikely(!have_same_root(current, p) &&
40950+ time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
40951+ read_unlock(&tasklist_lock);
40952+ rcu_read_unlock();
40953+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
40954+ return 0;
40955+ }
40956+ } else {
40957+ pid = find_vpid(shm_lapid);
40958+ if (pid) {
40959+ struct task_struct *p;
40960+ p = pid_task(pid, PIDTYPE_PID);
40961+ if (unlikely(!have_same_root(current, p))) {
40962+ read_unlock(&tasklist_lock);
40963+ rcu_read_unlock();
40964+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
40965+ return 0;
40966+ }
40967+ }
40968+ }
40969+
40970+ read_unlock(&tasklist_lock);
40971+ rcu_read_unlock();
40972+#endif
40973+ return 1;
40974+}
40975+
40976+void
40977+gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
40978+{
40979+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
40980+ if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
40981+ gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
40982+#endif
40983+ return;
40984+}
40985+
40986+int
40987+gr_handle_chroot_mknod(const struct dentry *dentry,
40988+ const struct vfsmount *mnt, const int mode)
40989+{
40990+#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
40991+ if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) &&
40992+ proc_is_chrooted(current)) {
40993+ gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
40994+ return -EPERM;
40995+ }
40996+#endif
40997+ return 0;
40998+}
40999+
41000+int
41001+gr_handle_chroot_mount(const struct dentry *dentry,
41002+ const struct vfsmount *mnt, const char *dev_name)
41003+{
41004+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
41005+ if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
41006+ gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
41007+ return -EPERM;
41008+ }
41009+#endif
41010+ return 0;
41011+}
41012+
41013+int
41014+gr_handle_chroot_pivot(void)
41015+{
41016+#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
41017+ if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
41018+ gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
41019+ return -EPERM;
41020+ }
41021+#endif
41022+ return 0;
41023+}
41024+
41025+int
41026+gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
41027+{
41028+#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
41029+ if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
41030+ !gr_is_outside_chroot(dentry, mnt)) {
41031+ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
41032+ return -EPERM;
41033+ }
41034+#endif
41035+ return 0;
41036+}
41037+
41038+int
41039+gr_handle_chroot_caps(struct path *path)
41040+{
41041+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
41042+ if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
41043+ (init_task.fs->root.dentry != path->dentry) &&
41044+ (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
41045+
41046+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
41047+ const struct cred *old = current_cred();
41048+ struct cred *new = prepare_creds();
41049+ if (new == NULL)
41050+ return 1;
41051+
41052+ new->cap_permitted = cap_drop(old->cap_permitted,
41053+ chroot_caps);
41054+ new->cap_inheritable = cap_drop(old->cap_inheritable,
41055+ chroot_caps);
41056+ new->cap_effective = cap_drop(old->cap_effective,
41057+ chroot_caps);
41058+
41059+ commit_creds(new);
41060+
41061+ return 0;
41062+ }
41063+#endif
41064+ return 0;
41065+}
41066+
41067+int
41068+gr_handle_chroot_sysctl(const int op)
41069+{
41070+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
41071+ if (grsec_enable_chroot_sysctl && (op & MAY_WRITE) &&
41072+ proc_is_chrooted(current))
41073+ return -EACCES;
41074+#endif
41075+ return 0;
41076+}
41077+
41078+void
41079+gr_handle_chroot_chdir(struct path *path)
41080+{
41081+#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
41082+ if (grsec_enable_chroot_chdir)
41083+ set_fs_pwd(current->fs, path);
41084+#endif
41085+ return;
41086+}
41087+
41088+int
41089+gr_handle_chroot_chmod(const struct dentry *dentry,
41090+ const struct vfsmount *mnt, const int mode)
41091+{
41092+#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
41093+ /* allow chmod +s on directories, but not files */
41094+ if (grsec_enable_chroot_chmod && !S_ISDIR(dentry->d_inode->i_mode) &&
41095+ ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
41096+ proc_is_chrooted(current)) {
41097+ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
41098+ return -EPERM;
41099+ }
41100+#endif
41101+ return 0;
41102+}
41103+
41104+#ifdef CONFIG_SECURITY
41105+EXPORT_SYMBOL(gr_handle_chroot_caps);
41106+#endif
41107diff -urNp linux-2.6.38.2/grsecurity/grsec_disabled.c linux-2.6.38.2/grsecurity/grsec_disabled.c
41108--- linux-2.6.38.2/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
41109+++ linux-2.6.38.2/grsecurity/grsec_disabled.c 2011-03-25 18:57:41.000000000 -0400
41110@@ -0,0 +1,447 @@
41111+#include <linux/kernel.h>
41112+#include <linux/module.h>
41113+#include <linux/sched.h>
41114+#include <linux/file.h>
41115+#include <linux/fs.h>
41116+#include <linux/kdev_t.h>
41117+#include <linux/net.h>
41118+#include <linux/in.h>
41119+#include <linux/ip.h>
41120+#include <linux/skbuff.h>
41121+#include <linux/sysctl.h>
41122+
41123+#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
41124+void
41125+pax_set_initial_flags(struct linux_binprm *bprm)
41126+{
41127+ return;
41128+}
41129+#endif
41130+
41131+#ifdef CONFIG_SYSCTL
41132+__u32
41133+gr_handle_sysctl(const struct ctl_table * table, const int op)
41134+{
41135+ return 0;
41136+}
41137+#endif
41138+
41139+#ifdef CONFIG_TASKSTATS
41140+int gr_is_taskstats_denied(int pid)
41141+{
41142+ return 0;
41143+}
41144+#endif
41145+
41146+int
41147+gr_acl_is_enabled(void)
41148+{
41149+ return 0;
41150+}
41151+
41152+int
41153+gr_handle_rawio(const struct inode *inode)
41154+{
41155+ return 0;
41156+}
41157+
41158+void
41159+gr_acl_handle_psacct(struct task_struct *task, const long code)
41160+{
41161+ return;
41162+}
41163+
41164+int
41165+gr_handle_ptrace(struct task_struct *task, const long request)
41166+{
41167+ return 0;
41168+}
41169+
41170+int
41171+gr_handle_proc_ptrace(struct task_struct *task)
41172+{
41173+ return 0;
41174+}
41175+
41176+void
41177+gr_learn_resource(const struct task_struct *task,
41178+ const int res, const unsigned long wanted, const int gt)
41179+{
41180+ return;
41181+}
41182+
41183+int
41184+gr_set_acls(const int type)
41185+{
41186+ return 0;
41187+}
41188+
41189+int
41190+gr_check_hidden_task(const struct task_struct *tsk)
41191+{
41192+ return 0;
41193+}
41194+
41195+int
41196+gr_check_protected_task(const struct task_struct *task)
41197+{
41198+ return 0;
41199+}
41200+
41201+int
41202+gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
41203+{
41204+ return 0;
41205+}
41206+
41207+void
41208+gr_copy_label(struct task_struct *tsk)
41209+{
41210+ return;
41211+}
41212+
41213+void
41214+gr_set_pax_flags(struct task_struct *task)
41215+{
41216+ return;
41217+}
41218+
41219+int
41220+gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
41221+ const int unsafe_share)
41222+{
41223+ return 0;
41224+}
41225+
41226+void
41227+gr_handle_delete(const ino_t ino, const dev_t dev)
41228+{
41229+ return;
41230+}
41231+
41232+void
41233+gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
41234+{
41235+ return;
41236+}
41237+
41238+void
41239+gr_handle_crash(struct task_struct *task, const int sig)
41240+{
41241+ return;
41242+}
41243+
41244+int
41245+gr_check_crash_exec(const struct file *filp)
41246+{
41247+ return 0;
41248+}
41249+
41250+int
41251+gr_check_crash_uid(const uid_t uid)
41252+{
41253+ return 0;
41254+}
41255+
41256+void
41257+gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
41258+ struct dentry *old_dentry,
41259+ struct dentry *new_dentry,
41260+ struct vfsmount *mnt, const __u8 replace)
41261+{
41262+ return;
41263+}
41264+
41265+int
41266+gr_search_socket(const int family, const int type, const int protocol)
41267+{
41268+ return 1;
41269+}
41270+
41271+int
41272+gr_search_connectbind(const int mode, const struct socket *sock,
41273+ const struct sockaddr_in *addr)
41274+{
41275+ return 0;
41276+}
41277+
41278+int
41279+gr_is_capable(const int cap)
41280+{
41281+ return 1;
41282+}
41283+
41284+int
41285+gr_is_capable_nolog(const int cap)
41286+{
41287+ return 1;
41288+}
41289+
41290+void
41291+gr_handle_alertkill(struct task_struct *task)
41292+{
41293+ return;
41294+}
41295+
41296+__u32
41297+gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
41298+{
41299+ return 1;
41300+}
41301+
41302+__u32
41303+gr_acl_handle_hidden_file(const struct dentry * dentry,
41304+ const struct vfsmount * mnt)
41305+{
41306+ return 1;
41307+}
41308+
41309+__u32
41310+gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
41311+ const int fmode)
41312+{
41313+ return 1;
41314+}
41315+
41316+__u32
41317+gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
41318+{
41319+ return 1;
41320+}
41321+
41322+__u32
41323+gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
41324+{
41325+ return 1;
41326+}
41327+
41328+int
41329+gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
41330+ unsigned int *vm_flags)
41331+{
41332+ return 1;
41333+}
41334+
41335+__u32
41336+gr_acl_handle_truncate(const struct dentry * dentry,
41337+ const struct vfsmount * mnt)
41338+{
41339+ return 1;
41340+}
41341+
41342+__u32
41343+gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
41344+{
41345+ return 1;
41346+}
41347+
41348+__u32
41349+gr_acl_handle_access(const struct dentry * dentry,
41350+ const struct vfsmount * mnt, const int fmode)
41351+{
41352+ return 1;
41353+}
41354+
41355+__u32
41356+gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
41357+ mode_t mode)
41358+{
41359+ return 1;
41360+}
41361+
41362+__u32
41363+gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
41364+ mode_t mode)
41365+{
41366+ return 1;
41367+}
41368+
41369+__u32
41370+gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
41371+{
41372+ return 1;
41373+}
41374+
41375+__u32
41376+gr_acl_handle_setxattr(const struct dentry * dentry, const struct vfsmount * mnt)
41377+{
41378+ return 1;
41379+}
41380+
41381+void
41382+grsecurity_init(void)
41383+{
41384+ return;
41385+}
41386+
41387+__u32
41388+gr_acl_handle_mknod(const struct dentry * new_dentry,
41389+ const struct dentry * parent_dentry,
41390+ const struct vfsmount * parent_mnt,
41391+ const int mode)
41392+{
41393+ return 1;
41394+}
41395+
41396+__u32
41397+gr_acl_handle_mkdir(const struct dentry * new_dentry,
41398+ const struct dentry * parent_dentry,
41399+ const struct vfsmount * parent_mnt)
41400+{
41401+ return 1;
41402+}
41403+
41404+__u32
41405+gr_acl_handle_symlink(const struct dentry * new_dentry,
41406+ const struct dentry * parent_dentry,
41407+ const struct vfsmount * parent_mnt, const char *from)
41408+{
41409+ return 1;
41410+}
41411+
41412+__u32
41413+gr_acl_handle_link(const struct dentry * new_dentry,
41414+ const struct dentry * parent_dentry,
41415+ const struct vfsmount * parent_mnt,
41416+ const struct dentry * old_dentry,
41417+ const struct vfsmount * old_mnt, const char *to)
41418+{
41419+ return 1;
41420+}
41421+
41422+int
41423+gr_acl_handle_rename(const struct dentry *new_dentry,
41424+ const struct dentry *parent_dentry,
41425+ const struct vfsmount *parent_mnt,
41426+ const struct dentry *old_dentry,
41427+ const struct inode *old_parent_inode,
41428+ const struct vfsmount *old_mnt, const char *newname)
41429+{
41430+ return 0;
41431+}
41432+
41433+int
41434+gr_acl_handle_filldir(const struct file *file, const char *name,
41435+ const int namelen, const ino_t ino)
41436+{
41437+ return 1;
41438+}
41439+
41440+int
41441+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
41442+ const time_t shm_createtime, const uid_t cuid, const int shmid)
41443+{
41444+ return 1;
41445+}
41446+
41447+int
41448+gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
41449+{
41450+ return 0;
41451+}
41452+
41453+int
41454+gr_search_accept(const struct socket *sock)
41455+{
41456+ return 0;
41457+}
41458+
41459+int
41460+gr_search_listen(const struct socket *sock)
41461+{
41462+ return 0;
41463+}
41464+
41465+int
41466+gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
41467+{
41468+ return 0;
41469+}
41470+
41471+__u32
41472+gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
41473+{
41474+ return 1;
41475+}
41476+
41477+__u32
41478+gr_acl_handle_creat(const struct dentry * dentry,
41479+ const struct dentry * p_dentry,
41480+ const struct vfsmount * p_mnt, const int fmode,
41481+ const int imode)
41482+{
41483+ return 1;
41484+}
41485+
41486+void
41487+gr_acl_handle_exit(void)
41488+{
41489+ return;
41490+}
41491+
41492+int
41493+gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
41494+{
41495+ return 1;
41496+}
41497+
41498+void
41499+gr_set_role_label(const uid_t uid, const gid_t gid)
41500+{
41501+ return;
41502+}
41503+
41504+int
41505+gr_acl_handle_procpidmem(const struct task_struct *task)
41506+{
41507+ return 0;
41508+}
41509+
41510+int
41511+gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
41512+{
41513+ return 0;
41514+}
41515+
41516+int
41517+gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
41518+{
41519+ return 0;
41520+}
41521+
41522+void
41523+gr_set_kernel_label(struct task_struct *task)
41524+{
41525+ return;
41526+}
41527+
41528+int
41529+gr_check_user_change(int real, int effective, int fs)
41530+{
41531+ return 0;
41532+}
41533+
41534+int
41535+gr_check_group_change(int real, int effective, int fs)
41536+{
41537+ return 0;
41538+}
41539+
41540+int gr_acl_enable_at_secure(void)
41541+{
41542+ return 0;
41543+}
41544+
41545+dev_t gr_get_dev_from_dentry(struct dentry *dentry)
41546+{
41547+ return dentry->d_inode->i_sb->s_dev;
41548+}
41549+
41550+EXPORT_SYMBOL(gr_is_capable);
41551+EXPORT_SYMBOL(gr_is_capable_nolog);
41552+EXPORT_SYMBOL(gr_learn_resource);
41553+EXPORT_SYMBOL(gr_set_kernel_label);
41554+#ifdef CONFIG_SECURITY
41555+EXPORT_SYMBOL(gr_check_user_change);
41556+EXPORT_SYMBOL(gr_check_group_change);
41557+#endif
41558diff -urNp linux-2.6.38.2/grsecurity/grsec_exec.c linux-2.6.38.2/grsecurity/grsec_exec.c
41559--- linux-2.6.38.2/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
41560+++ linux-2.6.38.2/grsecurity/grsec_exec.c 2011-03-21 18:31:35.000000000 -0400
41561@@ -0,0 +1,147 @@
41562+#include <linux/kernel.h>
41563+#include <linux/sched.h>
41564+#include <linux/file.h>
41565+#include <linux/binfmts.h>
41566+#include <linux/smp_lock.h>
41567+#include <linux/fs.h>
41568+#include <linux/types.h>
41569+#include <linux/grdefs.h>
41570+#include <linux/grinternal.h>
41571+#include <linux/capability.h>
41572+#include <linux/compat.h>
41573+
41574+#include <asm/uaccess.h>
41575+
41576+#ifdef CONFIG_GRKERNSEC_EXECLOG
41577+static char gr_exec_arg_buf[132];
41578+static DEFINE_MUTEX(gr_exec_arg_mutex);
41579+#endif
41580+
41581+int
41582+gr_handle_nproc(void)
41583+{
41584+#ifdef CONFIG_GRKERNSEC_EXECVE
41585+ const struct cred *cred = current_cred();
41586+ if (grsec_enable_execve && cred->user &&
41587+ (atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) &&
41588+ !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
41589+ gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
41590+ return -EAGAIN;
41591+ }
41592+#endif
41593+ return 0;
41594+}
41595+
41596+void
41597+gr_handle_exec_args(struct linux_binprm *bprm, const char __user *const __user *argv)
41598+{
41599+#ifdef CONFIG_GRKERNSEC_EXECLOG
41600+ char *grarg = gr_exec_arg_buf;
41601+ unsigned int i, x, execlen = 0;
41602+ char c;
41603+
41604+ if (!((grsec_enable_execlog && grsec_enable_group &&
41605+ in_group_p(grsec_audit_gid))
41606+ || (grsec_enable_execlog && !grsec_enable_group)))
41607+ return;
41608+
41609+ mutex_lock(&gr_exec_arg_mutex);
41610+ memset(grarg, 0, sizeof(gr_exec_arg_buf));
41611+
41612+ if (unlikely(argv == NULL))
41613+ goto log;
41614+
41615+ for (i = 0; i < bprm->argc && execlen < 128; i++) {
41616+ const char __user *p;
41617+ unsigned int len;
41618+
41619+ if (copy_from_user(&p, argv + i, sizeof(p)))
41620+ goto log;
41621+ if (!p)
41622+ goto log;
41623+ len = strnlen_user(p, 128 - execlen);
41624+ if (len > 128 - execlen)
41625+ len = 128 - execlen;
41626+ else if (len > 0)
41627+ len--;
41628+ if (copy_from_user(grarg + execlen, p, len))
41629+ goto log;
41630+
41631+ /* rewrite unprintable characters */
41632+ for (x = 0; x < len; x++) {
41633+ c = *(grarg + execlen + x);
41634+ if (c < 32 || c > 126)
41635+ *(grarg + execlen + x) = ' ';
41636+ }
41637+
41638+ execlen += len;
41639+ *(grarg + execlen) = ' ';
41640+ *(grarg + execlen + 1) = '\0';
41641+ execlen++;
41642+ }
41643+
41644+ log:
41645+ gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
41646+ bprm->file->f_path.mnt, grarg);
41647+ mutex_unlock(&gr_exec_arg_mutex);
41648+#endif
41649+ return;
41650+}
41651+
41652+#ifdef CONFIG_COMPAT
41653+void
41654+gr_handle_exec_args_compat(struct linux_binprm *bprm, compat_uptr_t __user *argv)
41655+{
41656+#ifdef CONFIG_GRKERNSEC_EXECLOG
41657+ char *grarg = gr_exec_arg_buf;
41658+ unsigned int i, x, execlen = 0;
41659+ char c;
41660+
41661+ if (!((grsec_enable_execlog && grsec_enable_group &&
41662+ in_group_p(grsec_audit_gid))
41663+ || (grsec_enable_execlog && !grsec_enable_group)))
41664+ return;
41665+
41666+ mutex_lock(&gr_exec_arg_mutex);
41667+ memset(grarg, 0, sizeof(gr_exec_arg_buf));
41668+
41669+ if (unlikely(argv == NULL))
41670+ goto log;
41671+
41672+ for (i = 0; i < bprm->argc && execlen < 128; i++) {
41673+ compat_uptr_t p;
41674+ unsigned int len;
41675+
41676+ if (get_user(p, argv + i))
41677+ goto log;
41678+ len = strnlen_user(compat_ptr(p), 128 - execlen);
41679+ if (len > 128 - execlen)
41680+ len = 128 - execlen;
41681+ else if (len > 0)
41682+ len--;
41683+ else
41684+ goto log;
41685+ if (copy_from_user(grarg + execlen, compat_ptr(p), len))
41686+ goto log;
41687+
41688+ /* rewrite unprintable characters */
41689+ for (x = 0; x < len; x++) {
41690+ c = *(grarg + execlen + x);
41691+ if (c < 32 || c > 126)
41692+ *(grarg + execlen + x) = ' ';
41693+ }
41694+
41695+ execlen += len;
41696+ *(grarg + execlen) = ' ';
41697+ *(grarg + execlen + 1) = '\0';
41698+ execlen++;
41699+ }
41700+
41701+ log:
41702+ gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
41703+ bprm->file->f_path.mnt, grarg);
41704+ mutex_unlock(&gr_exec_arg_mutex);
41705+#endif
41706+ return;
41707+}
41708+#endif
41709diff -urNp linux-2.6.38.2/grsecurity/grsec_fifo.c linux-2.6.38.2/grsecurity/grsec_fifo.c
41710--- linux-2.6.38.2/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
41711+++ linux-2.6.38.2/grsecurity/grsec_fifo.c 2011-03-21 20:33:29.000000000 -0400
41712@@ -0,0 +1,24 @@
41713+#include <linux/kernel.h>
41714+#include <linux/sched.h>
41715+#include <linux/fs.h>
41716+#include <linux/file.h>
41717+#include <linux/grinternal.h>
41718+
41719+int
41720+gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
41721+ const struct dentry *dir, const int flag, const int acc_mode)
41722+{
41723+#ifdef CONFIG_GRKERNSEC_FIFO
41724+ const struct cred *cred = current_cred();
41725+
41726+ if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
41727+ !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
41728+ (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
41729+ (cred->fsuid != dentry->d_inode->i_uid)) {
41730+ if (!inode_permission(dentry->d_inode, acc_mode))
41731+ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
41732+ return -EACCES;
41733+ }
41734+#endif
41735+ return 0;
41736+}
41737diff -urNp linux-2.6.38.2/grsecurity/grsec_fork.c linux-2.6.38.2/grsecurity/grsec_fork.c
41738--- linux-2.6.38.2/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500
41739+++ linux-2.6.38.2/grsecurity/grsec_fork.c 2011-03-21 18:31:35.000000000 -0400
41740@@ -0,0 +1,23 @@
41741+#include <linux/kernel.h>
41742+#include <linux/sched.h>
41743+#include <linux/grsecurity.h>
41744+#include <linux/grinternal.h>
41745+#include <linux/errno.h>
41746+
41747+void
41748+gr_log_forkfail(const int retval)
41749+{
41750+#ifdef CONFIG_GRKERNSEC_FORKFAIL
41751+ if (grsec_enable_forkfail && (retval == -EAGAIN || retval == -ENOMEM)) {
41752+ switch (retval) {
41753+ case -EAGAIN:
41754+ gr_log_str(GR_DONT_AUDIT, GR_FAILFORK_MSG, "EAGAIN");
41755+ break;
41756+ case -ENOMEM:
41757+ gr_log_str(GR_DONT_AUDIT, GR_FAILFORK_MSG, "ENOMEM");
41758+ break;
41759+ }
41760+ }
41761+#endif
41762+ return;
41763+}
41764diff -urNp linux-2.6.38.2/grsecurity/grsec_init.c linux-2.6.38.2/grsecurity/grsec_init.c
41765--- linux-2.6.38.2/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
41766+++ linux-2.6.38.2/grsecurity/grsec_init.c 2011-03-21 18:31:35.000000000 -0400
41767@@ -0,0 +1,270 @@
41768+#include <linux/kernel.h>
41769+#include <linux/sched.h>
41770+#include <linux/mm.h>
41771+#include <linux/smp_lock.h>
41772+#include <linux/gracl.h>
41773+#include <linux/slab.h>
41774+#include <linux/vmalloc.h>
41775+#include <linux/percpu.h>
41776+#include <linux/module.h>
41777+
41778+int grsec_enable_link;
41779+int grsec_enable_dmesg;
41780+int grsec_enable_harden_ptrace;
41781+int grsec_enable_fifo;
41782+int grsec_enable_execve;
41783+int grsec_enable_execlog;
41784+int grsec_enable_signal;
41785+int grsec_enable_forkfail;
41786+int grsec_enable_audit_ptrace;
41787+int grsec_enable_time;
41788+int grsec_enable_audit_textrel;
41789+int grsec_enable_group;
41790+int grsec_audit_gid;
41791+int grsec_enable_chdir;
41792+int grsec_enable_mount;
41793+int grsec_enable_rofs;
41794+int grsec_enable_chroot_findtask;
41795+int grsec_enable_chroot_mount;
41796+int grsec_enable_chroot_shmat;
41797+int grsec_enable_chroot_fchdir;
41798+int grsec_enable_chroot_double;
41799+int grsec_enable_chroot_pivot;
41800+int grsec_enable_chroot_chdir;
41801+int grsec_enable_chroot_chmod;
41802+int grsec_enable_chroot_mknod;
41803+int grsec_enable_chroot_nice;
41804+int grsec_enable_chroot_execlog;
41805+int grsec_enable_chroot_caps;
41806+int grsec_enable_chroot_sysctl;
41807+int grsec_enable_chroot_unix;
41808+int grsec_enable_tpe;
41809+int grsec_tpe_gid;
41810+int grsec_enable_blackhole;
41811+#ifdef CONFIG_IPV6_MODULE
41812+EXPORT_SYMBOL(grsec_enable_blackhole);
41813+#endif
41814+int grsec_lastack_retries;
41815+int grsec_enable_tpe_all;
41816+int grsec_enable_tpe_invert;
41817+int grsec_enable_socket_all;
41818+int grsec_socket_all_gid;
41819+int grsec_enable_socket_client;
41820+int grsec_socket_client_gid;
41821+int grsec_enable_socket_server;
41822+int grsec_socket_server_gid;
41823+int grsec_resource_logging;
41824+int grsec_disable_privio;
41825+int grsec_enable_log_rwxmaps;
41826+int grsec_lock;
41827+
41828+DEFINE_SPINLOCK(grsec_alert_lock);
41829+unsigned long grsec_alert_wtime = 0;
41830+unsigned long grsec_alert_fyet = 0;
41831+
41832+DEFINE_SPINLOCK(grsec_audit_lock);
41833+
41834+DEFINE_RWLOCK(grsec_exec_file_lock);
41835+
41836+char *gr_shared_page[4];
41837+
41838+char *gr_alert_log_fmt;
41839+char *gr_audit_log_fmt;
41840+char *gr_alert_log_buf;
41841+char *gr_audit_log_buf;
41842+
41843+extern struct gr_arg *gr_usermode;
41844+extern unsigned char *gr_system_salt;
41845+extern unsigned char *gr_system_sum;
41846+
41847+void __init
41848+grsecurity_init(void)
41849+{
41850+ int j;
41851+ /* create the per-cpu shared pages */
41852+
41853+#ifdef CONFIG_X86
41854+ memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
41855+#endif
41856+
41857+ for (j = 0; j < 4; j++) {
41858+ gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(unsigned long long));
41859+ if (gr_shared_page[j] == NULL) {
41860+ panic("Unable to allocate grsecurity shared page");
41861+ return;
41862+ }
41863+ }
41864+
41865+ /* allocate log buffers */
41866+ gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
41867+ if (!gr_alert_log_fmt) {
41868+ panic("Unable to allocate grsecurity alert log format buffer");
41869+ return;
41870+ }
41871+ gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
41872+ if (!gr_audit_log_fmt) {
41873+ panic("Unable to allocate grsecurity audit log format buffer");
41874+ return;
41875+ }
41876+ gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
41877+ if (!gr_alert_log_buf) {
41878+ panic("Unable to allocate grsecurity alert log buffer");
41879+ return;
41880+ }
41881+ gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
41882+ if (!gr_audit_log_buf) {
41883+ panic("Unable to allocate grsecurity audit log buffer");
41884+ return;
41885+ }
41886+
41887+ /* allocate memory for authentication structure */
41888+ gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
41889+ gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
41890+ gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
41891+
41892+ if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
41893+ panic("Unable to allocate grsecurity authentication structure");
41894+ return;
41895+ }
41896+
41897+
41898+#ifdef CONFIG_GRKERNSEC_IO
41899+#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
41900+ grsec_disable_privio = 1;
41901+#elif defined(CONFIG_GRKERNSEC_SYSCTL_ON)
41902+ grsec_disable_privio = 1;
41903+#else
41904+ grsec_disable_privio = 0;
41905+#endif
41906+#endif
41907+
41908+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
41909+ /* for backward compatibility, tpe_invert always defaults to on if
41910+ enabled in the kernel
41911+ */
41912+ grsec_enable_tpe_invert = 1;
41913+#endif
41914+
41915+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
41916+#ifndef CONFIG_GRKERNSEC_SYSCTL
41917+ grsec_lock = 1;
41918+#endif
41919+
41920+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
41921+ grsec_enable_audit_textrel = 1;
41922+#endif
41923+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
41924+ grsec_enable_log_rwxmaps = 1;
41925+#endif
41926+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
41927+ grsec_enable_group = 1;
41928+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
41929+#endif
41930+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
41931+ grsec_enable_chdir = 1;
41932+#endif
41933+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
41934+ grsec_enable_harden_ptrace = 1;
41935+#endif
41936+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
41937+ grsec_enable_mount = 1;
41938+#endif
41939+#ifdef CONFIG_GRKERNSEC_LINK
41940+ grsec_enable_link = 1;
41941+#endif
41942+#ifdef CONFIG_GRKERNSEC_DMESG
41943+ grsec_enable_dmesg = 1;
41944+#endif
41945+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
41946+ grsec_enable_blackhole = 1;
41947+ grsec_lastack_retries = 4;
41948+#endif
41949+#ifdef CONFIG_GRKERNSEC_FIFO
41950+ grsec_enable_fifo = 1;
41951+#endif
41952+#ifdef CONFIG_GRKERNSEC_EXECVE
41953+ grsec_enable_execve = 1;
41954+#endif
41955+#ifdef CONFIG_GRKERNSEC_EXECLOG
41956+ grsec_enable_execlog = 1;
41957+#endif
41958+#ifdef CONFIG_GRKERNSEC_SIGNAL
41959+ grsec_enable_signal = 1;
41960+#endif
41961+#ifdef CONFIG_GRKERNSEC_FORKFAIL
41962+ grsec_enable_forkfail = 1;
41963+#endif
41964+#ifdef CONFIG_GRKERNSEC_TIME
41965+ grsec_enable_time = 1;
41966+#endif
41967+#ifdef CONFIG_GRKERNSEC_RESLOG
41968+ grsec_resource_logging = 1;
41969+#endif
41970+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
41971+ grsec_enable_chroot_findtask = 1;
41972+#endif
41973+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
41974+ grsec_enable_chroot_unix = 1;
41975+#endif
41976+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
41977+ grsec_enable_chroot_mount = 1;
41978+#endif
41979+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
41980+ grsec_enable_chroot_fchdir = 1;
41981+#endif
41982+#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
41983+ grsec_enable_chroot_shmat = 1;
41984+#endif
41985+#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
41986+ grsec_enable_audit_ptrace = 1;
41987+#endif
41988+#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
41989+ grsec_enable_chroot_double = 1;
41990+#endif
41991+#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
41992+ grsec_enable_chroot_pivot = 1;
41993+#endif
41994+#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
41995+ grsec_enable_chroot_chdir = 1;
41996+#endif
41997+#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
41998+ grsec_enable_chroot_chmod = 1;
41999+#endif
42000+#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
42001+ grsec_enable_chroot_mknod = 1;
42002+#endif
42003+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
42004+ grsec_enable_chroot_nice = 1;
42005+#endif
42006+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
42007+ grsec_enable_chroot_execlog = 1;
42008+#endif
42009+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
42010+ grsec_enable_chroot_caps = 1;
42011+#endif
42012+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
42013+ grsec_enable_chroot_sysctl = 1;
42014+#endif
42015+#ifdef CONFIG_GRKERNSEC_TPE
42016+ grsec_enable_tpe = 1;
42017+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
42018+#ifdef CONFIG_GRKERNSEC_TPE_ALL
42019+ grsec_enable_tpe_all = 1;
42020+#endif
42021+#endif
42022+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
42023+ grsec_enable_socket_all = 1;
42024+ grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
42025+#endif
42026+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
42027+ grsec_enable_socket_client = 1;
42028+ grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
42029+#endif
42030+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
42031+ grsec_enable_socket_server = 1;
42032+ grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
42033+#endif
42034+#endif
42035+
42036+ return;
42037+}
42038diff -urNp linux-2.6.38.2/grsecurity/grsec_link.c linux-2.6.38.2/grsecurity/grsec_link.c
42039--- linux-2.6.38.2/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
42040+++ linux-2.6.38.2/grsecurity/grsec_link.c 2011-03-21 20:34:41.000000000 -0400
42041@@ -0,0 +1,43 @@
42042+#include <linux/kernel.h>
42043+#include <linux/sched.h>
42044+#include <linux/fs.h>
42045+#include <linux/file.h>
42046+#include <linux/grinternal.h>
42047+
42048+int
42049+gr_handle_follow_link(const struct inode *parent,
42050+ const struct inode *inode,
42051+ const struct dentry *dentry, const struct vfsmount *mnt)
42052+{
42053+#ifdef CONFIG_GRKERNSEC_LINK
42054+ const struct cred *cred = current_cred();
42055+
42056+ if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
42057+ (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
42058+ (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) {
42059+ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid);
42060+ return -EACCES;
42061+ }
42062+#endif
42063+ return 0;
42064+}
42065+
42066+int
42067+gr_handle_hardlink(const struct dentry *dentry,
42068+ const struct vfsmount *mnt,
42069+ struct inode *inode, const int mode, const char *to)
42070+{
42071+#ifdef CONFIG_GRKERNSEC_LINK
42072+ const struct cred *cred = current_cred();
42073+
42074+ if (grsec_enable_link && cred->fsuid != inode->i_uid &&
42075+ (!S_ISREG(mode) || (mode & S_ISUID) ||
42076+ ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
42077+ (inode_permission(inode, MAY_READ | MAY_WRITE))) &&
42078+ !capable(CAP_FOWNER) && cred->uid) {
42079+ gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
42080+ return -EPERM;
42081+ }
42082+#endif
42083+ return 0;
42084+}
42085diff -urNp linux-2.6.38.2/grsecurity/grsec_log.c linux-2.6.38.2/grsecurity/grsec_log.c
42086--- linux-2.6.38.2/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
42087+++ linux-2.6.38.2/grsecurity/grsec_log.c 2011-03-21 18:31:35.000000000 -0400
42088@@ -0,0 +1,310 @@
42089+#include <linux/kernel.h>
42090+#include <linux/sched.h>
42091+#include <linux/file.h>
42092+#include <linux/tty.h>
42093+#include <linux/fs.h>
42094+#include <linux/grinternal.h>
42095+
42096+#ifdef CONFIG_TREE_PREEMPT_RCU
42097+#define DISABLE_PREEMPT() preempt_disable()
42098+#define ENABLE_PREEMPT() preempt_enable()
42099+#else
42100+#define DISABLE_PREEMPT()
42101+#define ENABLE_PREEMPT()
42102+#endif
42103+
42104+#define BEGIN_LOCKS(x) \
42105+ DISABLE_PREEMPT(); \
42106+ rcu_read_lock(); \
42107+ read_lock(&tasklist_lock); \
42108+ read_lock(&grsec_exec_file_lock); \
42109+ if (x != GR_DO_AUDIT) \
42110+ spin_lock(&grsec_alert_lock); \
42111+ else \
42112+ spin_lock(&grsec_audit_lock)
42113+
42114+#define END_LOCKS(x) \
42115+ if (x != GR_DO_AUDIT) \
42116+ spin_unlock(&grsec_alert_lock); \
42117+ else \
42118+ spin_unlock(&grsec_audit_lock); \
42119+ read_unlock(&grsec_exec_file_lock); \
42120+ read_unlock(&tasklist_lock); \
42121+ rcu_read_unlock(); \
42122+ ENABLE_PREEMPT(); \
42123+ if (x == GR_DONT_AUDIT) \
42124+ gr_handle_alertkill(current)
42125+
42126+enum {
42127+ FLOODING,
42128+ NO_FLOODING
42129+};
42130+
42131+extern char *gr_alert_log_fmt;
42132+extern char *gr_audit_log_fmt;
42133+extern char *gr_alert_log_buf;
42134+extern char *gr_audit_log_buf;
42135+
42136+static int gr_log_start(int audit)
42137+{
42138+ char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
42139+ char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
42140+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
42141+
42142+ if (audit == GR_DO_AUDIT)
42143+ goto set_fmt;
42144+
42145+ if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
42146+ grsec_alert_wtime = jiffies;
42147+ grsec_alert_fyet = 0;
42148+ } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
42149+ grsec_alert_fyet++;
42150+ } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
42151+ grsec_alert_wtime = jiffies;
42152+ grsec_alert_fyet++;
42153+ printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
42154+ return FLOODING;
42155+ } else return FLOODING;
42156+
42157+set_fmt:
42158+ memset(buf, 0, PAGE_SIZE);
42159+ if (current->signal->curr_ip && gr_acl_is_enabled()) {
42160+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
42161+ snprintf(buf, PAGE_SIZE - 1, fmt, &current->signal->curr_ip, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
42162+ } else if (current->signal->curr_ip) {
42163+ sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: ");
42164+ snprintf(buf, PAGE_SIZE - 1, fmt, &current->signal->curr_ip);
42165+ } else if (gr_acl_is_enabled()) {
42166+ sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
42167+ snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
42168+ } else {
42169+ sprintf(fmt, "%s%s", loglevel, "grsec: ");
42170+ strcpy(buf, fmt);
42171+ }
42172+
42173+ return NO_FLOODING;
42174+}
42175+
42176+static void gr_log_middle(int audit, const char *msg, va_list ap)
42177+ __attribute__ ((format (printf, 2, 0)));
42178+
42179+static void gr_log_middle(int audit, const char *msg, va_list ap)
42180+{
42181+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
42182+ unsigned int len = strlen(buf);
42183+
42184+ vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
42185+
42186+ return;
42187+}
42188+
42189+static void gr_log_middle_varargs(int audit, const char *msg, ...)
42190+ __attribute__ ((format (printf, 2, 3)));
42191+
42192+static void gr_log_middle_varargs(int audit, const char *msg, ...)
42193+{
42194+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
42195+ unsigned int len = strlen(buf);
42196+ va_list ap;
42197+
42198+ va_start(ap, msg);
42199+ vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
42200+ va_end(ap);
42201+
42202+ return;
42203+}
42204+
42205+static void gr_log_end(int audit)
42206+{
42207+ char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
42208+ unsigned int len = strlen(buf);
42209+
42210+ snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->real_parent)));
42211+ printk("%s\n", buf);
42212+
42213+ return;
42214+}
42215+
42216+void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
42217+{
42218+ int logtype;
42219+ char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
42220+ char *str1, *str2, *str3;
42221+ void *voidptr;
42222+ int num1, num2;
42223+ unsigned long ulong1, ulong2;
42224+ struct dentry *dentry;
42225+ struct vfsmount *mnt;
42226+ struct file *file;
42227+ struct task_struct *task;
42228+ const struct cred *cred, *pcred;
42229+ va_list ap;
42230+
42231+ BEGIN_LOCKS(audit);
42232+ logtype = gr_log_start(audit);
42233+ if (logtype == FLOODING) {
42234+ END_LOCKS(audit);
42235+ return;
42236+ }
42237+ va_start(ap, argtypes);
42238+ switch (argtypes) {
42239+ case GR_TTYSNIFF:
42240+ task = va_arg(ap, struct task_struct *);
42241+ gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->real_parent->comm, task->real_parent->pid);
42242+ break;
42243+ case GR_SYSCTL_HIDDEN:
42244+ str1 = va_arg(ap, char *);
42245+ gr_log_middle_varargs(audit, msg, result, str1);
42246+ break;
42247+ case GR_RBAC:
42248+ dentry = va_arg(ap, struct dentry *);
42249+ mnt = va_arg(ap, struct vfsmount *);
42250+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
42251+ break;
42252+ case GR_RBAC_STR:
42253+ dentry = va_arg(ap, struct dentry *);
42254+ mnt = va_arg(ap, struct vfsmount *);
42255+ str1 = va_arg(ap, char *);
42256+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
42257+ break;
42258+ case GR_STR_RBAC:
42259+ str1 = va_arg(ap, char *);
42260+ dentry = va_arg(ap, struct dentry *);
42261+ mnt = va_arg(ap, struct vfsmount *);
42262+ gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
42263+ break;
42264+ case GR_RBAC_MODE2:
42265+ dentry = va_arg(ap, struct dentry *);
42266+ mnt = va_arg(ap, struct vfsmount *);
42267+ str1 = va_arg(ap, char *);
42268+ str2 = va_arg(ap, char *);
42269+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
42270+ break;
42271+ case GR_RBAC_MODE3:
42272+ dentry = va_arg(ap, struct dentry *);
42273+ mnt = va_arg(ap, struct vfsmount *);
42274+ str1 = va_arg(ap, char *);
42275+ str2 = va_arg(ap, char *);
42276+ str3 = va_arg(ap, char *);
42277+ gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
42278+ break;
42279+ case GR_FILENAME:
42280+ dentry = va_arg(ap, struct dentry *);
42281+ mnt = va_arg(ap, struct vfsmount *);
42282+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
42283+ break;
42284+ case GR_STR_FILENAME:
42285+ str1 = va_arg(ap, char *);
42286+ dentry = va_arg(ap, struct dentry *);
42287+ mnt = va_arg(ap, struct vfsmount *);
42288+ gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
42289+ break;
42290+ case GR_FILENAME_STR:
42291+ dentry = va_arg(ap, struct dentry *);
42292+ mnt = va_arg(ap, struct vfsmount *);
42293+ str1 = va_arg(ap, char *);
42294+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
42295+ break;
42296+ case GR_FILENAME_TWO_INT:
42297+ dentry = va_arg(ap, struct dentry *);
42298+ mnt = va_arg(ap, struct vfsmount *);
42299+ num1 = va_arg(ap, int);
42300+ num2 = va_arg(ap, int);
42301+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
42302+ break;
42303+ case GR_FILENAME_TWO_INT_STR:
42304+ dentry = va_arg(ap, struct dentry *);
42305+ mnt = va_arg(ap, struct vfsmount *);
42306+ num1 = va_arg(ap, int);
42307+ num2 = va_arg(ap, int);
42308+ str1 = va_arg(ap, char *);
42309+ gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
42310+ break;
42311+ case GR_TEXTREL:
42312+ file = va_arg(ap, struct file *);
42313+ ulong1 = va_arg(ap, unsigned long);
42314+ ulong2 = va_arg(ap, unsigned long);
42315+ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
42316+ break;
42317+ case GR_PTRACE:
42318+ task = va_arg(ap, struct task_struct *);
42319+ gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid);
42320+ break;
42321+ case GR_RESOURCE:
42322+ task = va_arg(ap, struct task_struct *);
42323+ cred = __task_cred(task);
42324+ pcred = __task_cred(task->real_parent);
42325+ ulong1 = va_arg(ap, unsigned long);
42326+ str1 = va_arg(ap, char *);
42327+ ulong2 = va_arg(ap, unsigned long);
42328+ gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
42329+ break;
42330+ case GR_CAP:
42331+ task = va_arg(ap, struct task_struct *);
42332+ cred = __task_cred(task);
42333+ pcred = __task_cred(task->real_parent);
42334+ str1 = va_arg(ap, char *);
42335+ gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
42336+ break;
42337+ case GR_SIG:
42338+ str1 = va_arg(ap, char *);
42339+ voidptr = va_arg(ap, void *);
42340+ gr_log_middle_varargs(audit, msg, str1, voidptr);
42341+ break;
42342+ case GR_SIG2:
42343+ task = va_arg(ap, struct task_struct *);
42344+ cred = __task_cred(task);
42345+ pcred = __task_cred(task->real_parent);
42346+ num1 = va_arg(ap, int);
42347+ gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
42348+ break;
42349+ case GR_CRASH1:
42350+ task = va_arg(ap, struct task_struct *);
42351+ cred = __task_cred(task);
42352+ pcred = __task_cred(task->real_parent);
42353+ ulong1 = va_arg(ap, unsigned long);
42354+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1);
42355+ break;
42356+ case GR_CRASH2:
42357+ task = va_arg(ap, struct task_struct *);
42358+ cred = __task_cred(task);
42359+ pcred = __task_cred(task->real_parent);
42360+ ulong1 = va_arg(ap, unsigned long);
42361+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1);
42362+ break;
42363+ case GR_RWXMAP:
42364+ file = va_arg(ap, struct file *);
42365+ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>");
42366+ break;
42367+ case GR_PSACCT:
42368+ {
42369+ unsigned int wday, cday;
42370+ __u8 whr, chr;
42371+ __u8 wmin, cmin;
42372+ __u8 wsec, csec;
42373+ char cur_tty[64] = { 0 };
42374+ char parent_tty[64] = { 0 };
42375+
42376+ task = va_arg(ap, struct task_struct *);
42377+ wday = va_arg(ap, unsigned int);
42378+ cday = va_arg(ap, unsigned int);
42379+ whr = va_arg(ap, int);
42380+ chr = va_arg(ap, int);
42381+ wmin = va_arg(ap, int);
42382+ cmin = va_arg(ap, int);
42383+ wsec = va_arg(ap, int);
42384+ csec = va_arg(ap, int);
42385+ ulong1 = va_arg(ap, unsigned long);
42386+ cred = __task_cred(task);
42387+ pcred = __task_cred(task->real_parent);
42388+
42389+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, &task->real_parent->signal->curr_ip, tty_name(task->real_parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid);
42390+ }
42391+ break;
42392+ default:
42393+ gr_log_middle(audit, msg, ap);
42394+ }
42395+ va_end(ap);
42396+ gr_log_end(audit);
42397+ END_LOCKS(audit);
42398+}
42399diff -urNp linux-2.6.38.2/grsecurity/grsec_mem.c linux-2.6.38.2/grsecurity/grsec_mem.c
42400--- linux-2.6.38.2/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500
42401+++ linux-2.6.38.2/grsecurity/grsec_mem.c 2011-03-26 14:40:33.000000000 -0400
42402@@ -0,0 +1,100 @@
42403+#include <linux/kernel.h>
42404+#include <linux/sched.h>
42405+#include <linux/mm.h>
42406+#include <linux/mman.h>
42407+#include <linux/grinternal.h>
42408+
42409+void
42410+gr_handle_ioperm(void)
42411+{
42412+ gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
42413+ return;
42414+}
42415+
42416+void
42417+gr_handle_iopl(void)
42418+{
42419+ gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
42420+ return;
42421+}
42422+
42423+void
42424+gr_handle_mem_write(void)
42425+{
42426+ gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG);
42427+ return;
42428+}
42429+
42430+void
42431+gr_handle_kmem_write(void)
42432+{
42433+ gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG);
42434+ return;
42435+}
42436+
42437+void
42438+gr_handle_open_port(void)
42439+{
42440+ gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG);
42441+ return;
42442+}
42443+
42444+int
42445+gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
42446+{
42447+ unsigned long start, end;
42448+
42449+ start = offset;
42450+ end = start + vma->vm_end - vma->vm_start;
42451+
42452+ if (start > end) {
42453+ gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
42454+ return -EPERM;
42455+ }
42456+
42457+/* if raw i/o is disabled, prevent writes to /dev/mem entirely */
42458+#ifndef CONFIG_GRKERNSEC_IO
42459+ /* allowed ranges : ISA I/O BIOS */
42460+ if ((start >= __pa(high_memory))
42461+#if defined(CONFIG_X86) || defined(CONFIG_PPC)
42462+ || (start >= 0x000a0000 && end <= 0x00100000)
42463+ || (start >= 0x00000000 && end <= 0x00001000)
42464+#endif
42465+ )
42466+ return 0;
42467+#endif
42468+
42469+ if (vma->vm_flags & VM_WRITE) {
42470+ gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
42471+ return -EPERM;
42472+ } else
42473+ vma->vm_flags &= ~VM_MAYWRITE;
42474+
42475+ return 0;
42476+}
42477+
42478+void
42479+gr_log_nonroot_mod_load(const char *modname)
42480+{
42481+ if (1
42482+#if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
42483+ /* There are known knowns. These are things we know
42484+ that we know. There are known unknowns. That is to say,
42485+ there are things that we know we don't know. But there are
42486+ also unknown unknowns. There are things we don't know
42487+ we don't know.
42488+ This here is a known unknown.
42489+ */
42490+ && strcmp(modname, "net-pf-10")
42491+#endif
42492+ )
42493+ gr_log_str(GR_DONT_AUDIT, GR_NONROOT_MODLOAD_MSG, modname);
42494+ return;
42495+}
42496+
42497+void
42498+gr_handle_vm86(void)
42499+{
42500+ gr_log_noargs(GR_DONT_AUDIT, GR_VM86_MSG);
42501+ return;
42502+}
42503diff -urNp linux-2.6.38.2/grsecurity/grsec_mount.c linux-2.6.38.2/grsecurity/grsec_mount.c
42504--- linux-2.6.38.2/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500
42505+++ linux-2.6.38.2/grsecurity/grsec_mount.c 2011-03-21 18:31:35.000000000 -0400
42506@@ -0,0 +1,62 @@
42507+#include <linux/kernel.h>
42508+#include <linux/sched.h>
42509+#include <linux/mount.h>
42510+#include <linux/grsecurity.h>
42511+#include <linux/grinternal.h>
42512+
42513+void
42514+gr_log_remount(const char *devname, const int retval)
42515+{
42516+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
42517+ if (grsec_enable_mount && (retval >= 0))
42518+ gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
42519+#endif
42520+ return;
42521+}
42522+
42523+void
42524+gr_log_unmount(const char *devname, const int retval)
42525+{
42526+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
42527+ if (grsec_enable_mount && (retval >= 0))
42528+ gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
42529+#endif
42530+ return;
42531+}
42532+
42533+void
42534+gr_log_mount(const char *from, const char *to, const int retval)
42535+{
42536+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
42537+ if (grsec_enable_mount && (retval >= 0))
42538+ gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
42539+#endif
42540+ return;
42541+}
42542+
42543+int
42544+gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags)
42545+{
42546+#ifdef CONFIG_GRKERNSEC_ROFS
42547+ if (grsec_enable_rofs && !(mnt_flags & MNT_READONLY)) {
42548+ gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_MOUNT_MSG, dentry, mnt);
42549+ return -EPERM;
42550+ } else
42551+ return 0;
42552+#endif
42553+ return 0;
42554+}
42555+
42556+int
42557+gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode)
42558+{
42559+#ifdef CONFIG_GRKERNSEC_ROFS
42560+ if (grsec_enable_rofs && (acc_mode & MAY_WRITE) &&
42561+ dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) {
42562+ gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt);
42563+ return -EPERM;
42564+ } else
42565+ return 0;
42566+#endif
42567+ return 0;
42568+}
42569diff -urNp linux-2.6.38.2/grsecurity/grsec_pax.c linux-2.6.38.2/grsecurity/grsec_pax.c
42570--- linux-2.6.38.2/grsecurity/grsec_pax.c 1969-12-31 19:00:00.000000000 -0500
42571+++ linux-2.6.38.2/grsecurity/grsec_pax.c 2011-03-21 18:31:35.000000000 -0400
42572@@ -0,0 +1,36 @@
42573+#include <linux/kernel.h>
42574+#include <linux/sched.h>
42575+#include <linux/mm.h>
42576+#include <linux/file.h>
42577+#include <linux/grinternal.h>
42578+#include <linux/grsecurity.h>
42579+
42580+void
42581+gr_log_textrel(struct vm_area_struct * vma)
42582+{
42583+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
42584+ if (grsec_enable_audit_textrel)
42585+ gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
42586+#endif
42587+ return;
42588+}
42589+
42590+void
42591+gr_log_rwxmmap(struct file *file)
42592+{
42593+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
42594+ if (grsec_enable_log_rwxmaps)
42595+ gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMMAP_MSG, file);
42596+#endif
42597+ return;
42598+}
42599+
42600+void
42601+gr_log_rwxmprotect(struct file *file)
42602+{
42603+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
42604+ if (grsec_enable_log_rwxmaps)
42605+ gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, file);
42606+#endif
42607+ return;
42608+}
42609diff -urNp linux-2.6.38.2/grsecurity/grsec_ptrace.c linux-2.6.38.2/grsecurity/grsec_ptrace.c
42610--- linux-2.6.38.2/grsecurity/grsec_ptrace.c 1969-12-31 19:00:00.000000000 -0500
42611+++ linux-2.6.38.2/grsecurity/grsec_ptrace.c 2011-03-21 18:31:35.000000000 -0400
42612@@ -0,0 +1,14 @@
42613+#include <linux/kernel.h>
42614+#include <linux/sched.h>
42615+#include <linux/grinternal.h>
42616+#include <linux/grsecurity.h>
42617+
42618+void
42619+gr_audit_ptrace(struct task_struct *task)
42620+{
42621+#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
42622+ if (grsec_enable_audit_ptrace)
42623+ gr_log_ptrace(GR_DO_AUDIT, GR_PTRACE_AUDIT_MSG, task);
42624+#endif
42625+ return;
42626+}
42627diff -urNp linux-2.6.38.2/grsecurity/grsec_sig.c linux-2.6.38.2/grsecurity/grsec_sig.c
42628--- linux-2.6.38.2/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500
42629+++ linux-2.6.38.2/grsecurity/grsec_sig.c 2011-03-26 19:58:27.000000000 -0400
42630@@ -0,0 +1,65 @@
42631+#include <linux/kernel.h>
42632+#include <linux/sched.h>
42633+#include <linux/delay.h>
42634+#include <linux/grsecurity.h>
42635+#include <linux/grinternal.h>
42636+
42637+char *signames[] = {
42638+ [SIGSEGV] = "Segmentation fault",
42639+ [SIGILL] = "Illegal instruction",
42640+ [SIGABRT] = "Abort",
42641+ [SIGBUS] = "Invalid alignment/Bus error"
42642+};
42643+
42644+void
42645+gr_log_signal(const int sig, const void *addr, const struct task_struct *t)
42646+{
42647+#ifdef CONFIG_GRKERNSEC_SIGNAL
42648+ if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
42649+ (sig == SIGABRT) || (sig == SIGBUS))) {
42650+ if (t->pid == current->pid) {
42651+ gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr);
42652+ } else {
42653+ gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
42654+ }
42655+ }
42656+#endif
42657+ return;
42658+}
42659+
42660+int
42661+gr_handle_signal(const struct task_struct *p, const int sig)
42662+{
42663+#ifdef CONFIG_GRKERNSEC
42664+ if (current->pid > 1 && gr_check_protected_task(p)) {
42665+ gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
42666+ return -EPERM;
42667+ } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
42668+ return -EPERM;
42669+ }
42670+#endif
42671+ return 0;
42672+}
42673+
42674+void gr_handle_brute_attach(struct task_struct *p)
42675+{
42676+#ifdef CONFIG_GRKERNSEC_BRUTE
42677+ read_lock(&tasklist_lock);
42678+ read_lock(&grsec_exec_file_lock);
42679+ if (p->real_parent && p->real_parent->exec_file == p->exec_file)
42680+ p->real_parent->brute = 1;
42681+ read_unlock(&grsec_exec_file_lock);
42682+ read_unlock(&tasklist_lock);
42683+#endif
42684+ return;
42685+}
42686+
42687+void gr_handle_brute_check(void)
42688+{
42689+#ifdef CONFIG_GRKERNSEC_BRUTE
42690+ if (current->brute)
42691+ msleep(30 * 1000);
42692+#endif
42693+ return;
42694+}
42695+
42696diff -urNp linux-2.6.38.2/grsecurity/grsec_sock.c linux-2.6.38.2/grsecurity/grsec_sock.c
42697--- linux-2.6.38.2/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
42698+++ linux-2.6.38.2/grsecurity/grsec_sock.c 2011-03-21 18:31:35.000000000 -0400
42699@@ -0,0 +1,275 @@
42700+#include <linux/kernel.h>
42701+#include <linux/module.h>
42702+#include <linux/sched.h>
42703+#include <linux/file.h>
42704+#include <linux/net.h>
42705+#include <linux/in.h>
42706+#include <linux/ip.h>
42707+#include <net/sock.h>
42708+#include <net/inet_sock.h>
42709+#include <linux/grsecurity.h>
42710+#include <linux/grinternal.h>
42711+#include <linux/gracl.h>
42712+
42713+kernel_cap_t gr_cap_rtnetlink(struct sock *sock);
42714+EXPORT_SYMBOL(gr_cap_rtnetlink);
42715+
42716+extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
42717+extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
42718+
42719+EXPORT_SYMBOL(gr_search_udp_recvmsg);
42720+EXPORT_SYMBOL(gr_search_udp_sendmsg);
42721+
42722+#ifdef CONFIG_UNIX_MODULE
42723+EXPORT_SYMBOL(gr_acl_handle_unix);
42724+EXPORT_SYMBOL(gr_acl_handle_mknod);
42725+EXPORT_SYMBOL(gr_handle_chroot_unix);
42726+EXPORT_SYMBOL(gr_handle_create);
42727+#endif
42728+
42729+#ifdef CONFIG_GRKERNSEC
42730+#define gr_conn_table_size 32749
42731+struct conn_table_entry {
42732+ struct conn_table_entry *next;
42733+ struct signal_struct *sig;
42734+};
42735+
42736+struct conn_table_entry *gr_conn_table[gr_conn_table_size];
42737+DEFINE_SPINLOCK(gr_conn_table_lock);
42738+
42739+extern const char * gr_socktype_to_name(unsigned char type);
42740+extern const char * gr_proto_to_name(unsigned char proto);
42741+extern const char * gr_sockfamily_to_name(unsigned char family);
42742+
42743+static __inline__ int
42744+conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
42745+{
42746+ return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
42747+}
42748+
42749+static __inline__ int
42750+conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr,
42751+ __u16 sport, __u16 dport)
42752+{
42753+ if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr &&
42754+ sig->gr_sport == sport && sig->gr_dport == dport))
42755+ return 1;
42756+ else
42757+ return 0;
42758+}
42759+
42760+static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent)
42761+{
42762+ struct conn_table_entry **match;
42763+ unsigned int index;
42764+
42765+ index = conn_hash(sig->gr_saddr, sig->gr_daddr,
42766+ sig->gr_sport, sig->gr_dport,
42767+ gr_conn_table_size);
42768+
42769+ newent->sig = sig;
42770+
42771+ match = &gr_conn_table[index];
42772+ newent->next = *match;
42773+ *match = newent;
42774+
42775+ return;
42776+}
42777+
42778+static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig)
42779+{
42780+ struct conn_table_entry *match, *last = NULL;
42781+ unsigned int index;
42782+
42783+ index = conn_hash(sig->gr_saddr, sig->gr_daddr,
42784+ sig->gr_sport, sig->gr_dport,
42785+ gr_conn_table_size);
42786+
42787+ match = gr_conn_table[index];
42788+ while (match && !conn_match(match->sig,
42789+ sig->gr_saddr, sig->gr_daddr, sig->gr_sport,
42790+ sig->gr_dport)) {
42791+ last = match;
42792+ match = match->next;
42793+ }
42794+
42795+ if (match) {
42796+ if (last)
42797+ last->next = match->next;
42798+ else
42799+ gr_conn_table[index] = NULL;
42800+ kfree(match);
42801+ }
42802+
42803+ return;
42804+}
42805+
42806+static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
42807+ __u16 sport, __u16 dport)
42808+{
42809+ struct conn_table_entry *match;
42810+ unsigned int index;
42811+
42812+ index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
42813+
42814+ match = gr_conn_table[index];
42815+ while (match && !conn_match(match->sig, saddr, daddr, sport, dport))
42816+ match = match->next;
42817+
42818+ if (match)
42819+ return match->sig;
42820+ else
42821+ return NULL;
42822+}
42823+
42824+#endif
42825+
42826+void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
42827+{
42828+#ifdef CONFIG_GRKERNSEC
42829+ struct signal_struct *sig = task->signal;
42830+ struct conn_table_entry *newent;
42831+
42832+ newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
42833+ if (newent == NULL)
42834+ return;
42835+ /* no bh lock needed since we are called with bh disabled */
42836+ spin_lock(&gr_conn_table_lock);
42837+ gr_del_task_from_ip_table_nolock(sig);
42838+ sig->gr_saddr = inet->inet_rcv_saddr;
42839+ sig->gr_daddr = inet->inet_daddr;
42840+ sig->gr_sport = inet->inet_sport;
42841+ sig->gr_dport = inet->inet_dport;
42842+ gr_add_to_task_ip_table_nolock(sig, newent);
42843+ spin_unlock(&gr_conn_table_lock);
42844+#endif
42845+ return;
42846+}
42847+
42848+void gr_del_task_from_ip_table(struct task_struct *task)
42849+{
42850+#ifdef CONFIG_GRKERNSEC
42851+ spin_lock_bh(&gr_conn_table_lock);
42852+ gr_del_task_from_ip_table_nolock(task->signal);
42853+ spin_unlock_bh(&gr_conn_table_lock);
42854+#endif
42855+ return;
42856+}
42857+
42858+void
42859+gr_attach_curr_ip(const struct sock *sk)
42860+{
42861+#ifdef CONFIG_GRKERNSEC
42862+ struct signal_struct *p, *set;
42863+ const struct inet_sock *inet = inet_sk(sk);
42864+
42865+ if (unlikely(sk->sk_protocol != IPPROTO_TCP))
42866+ return;
42867+
42868+ set = current->signal;
42869+
42870+ spin_lock_bh(&gr_conn_table_lock);
42871+ p = gr_lookup_task_ip_table(inet->inet_daddr, inet->inet_rcv_saddr,
42872+ inet->inet_dport, inet->inet_sport);
42873+ if (unlikely(p != NULL)) {
42874+ set->curr_ip = p->curr_ip;
42875+ set->used_accept = 1;
42876+ gr_del_task_from_ip_table_nolock(p);
42877+ spin_unlock_bh(&gr_conn_table_lock);
42878+ return;
42879+ }
42880+ spin_unlock_bh(&gr_conn_table_lock);
42881+
42882+ set->curr_ip = inet->inet_daddr;
42883+ set->used_accept = 1;
42884+#endif
42885+ return;
42886+}
42887+
42888+int
42889+gr_handle_sock_all(const int family, const int type, const int protocol)
42890+{
42891+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
42892+ if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
42893+ (family != AF_UNIX)) {
42894+ if (family == AF_INET)
42895+ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(family), gr_socktype_to_name(type), gr_proto_to_name(protocol));
42896+ else
42897+ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(family), gr_socktype_to_name(type), protocol);
42898+ return -EACCES;
42899+ }
42900+#endif
42901+ return 0;
42902+}
42903+
42904+int
42905+gr_handle_sock_server(const struct sockaddr *sck)
42906+{
42907+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
42908+ if (grsec_enable_socket_server &&
42909+ in_group_p(grsec_socket_server_gid) &&
42910+ sck && (sck->sa_family != AF_UNIX) &&
42911+ (sck->sa_family != AF_LOCAL)) {
42912+ gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
42913+ return -EACCES;
42914+ }
42915+#endif
42916+ return 0;
42917+}
42918+
42919+int
42920+gr_handle_sock_server_other(const struct sock *sck)
42921+{
42922+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
42923+ if (grsec_enable_socket_server &&
42924+ in_group_p(grsec_socket_server_gid) &&
42925+ sck && (sck->sk_family != AF_UNIX) &&
42926+ (sck->sk_family != AF_LOCAL)) {
42927+ gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
42928+ return -EACCES;
42929+ }
42930+#endif
42931+ return 0;
42932+}
42933+
42934+int
42935+gr_handle_sock_client(const struct sockaddr *sck)
42936+{
42937+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
42938+ if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
42939+ sck && (sck->sa_family != AF_UNIX) &&
42940+ (sck->sa_family != AF_LOCAL)) {
42941+ gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
42942+ return -EACCES;
42943+ }
42944+#endif
42945+ return 0;
42946+}
42947+
42948+kernel_cap_t
42949+gr_cap_rtnetlink(struct sock *sock)
42950+{
42951+#ifdef CONFIG_GRKERNSEC
42952+ if (!gr_acl_is_enabled())
42953+ return current_cap();
42954+ else if (sock->sk_protocol == NETLINK_ISCSI &&
42955+ cap_raised(current_cap(), CAP_SYS_ADMIN) &&
42956+ gr_is_capable(CAP_SYS_ADMIN))
42957+ return current_cap();
42958+ else if (sock->sk_protocol == NETLINK_AUDIT &&
42959+ cap_raised(current_cap(), CAP_AUDIT_WRITE) &&
42960+ gr_is_capable(CAP_AUDIT_WRITE) &&
42961+ cap_raised(current_cap(), CAP_AUDIT_CONTROL) &&
42962+ gr_is_capable(CAP_AUDIT_CONTROL))
42963+ return current_cap();
42964+ else if (cap_raised(current_cap(), CAP_NET_ADMIN) &&
42965+ ((sock->sk_protocol == NETLINK_ROUTE) ?
42966+ gr_is_capable_nolog(CAP_NET_ADMIN) :
42967+ gr_is_capable(CAP_NET_ADMIN)))
42968+ return current_cap();
42969+ else
42970+ return __cap_empty_set;
42971+#else
42972+ return current_cap();
42973+#endif
42974+}
42975diff -urNp linux-2.6.38.2/grsecurity/grsec_sysctl.c linux-2.6.38.2/grsecurity/grsec_sysctl.c
42976--- linux-2.6.38.2/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
42977+++ linux-2.6.38.2/grsecurity/grsec_sysctl.c 2011-03-21 18:31:35.000000000 -0400
42978@@ -0,0 +1,433 @@
42979+#include <linux/kernel.h>
42980+#include <linux/sched.h>
42981+#include <linux/sysctl.h>
42982+#include <linux/grsecurity.h>
42983+#include <linux/grinternal.h>
42984+
42985+int
42986+gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
42987+{
42988+#ifdef CONFIG_GRKERNSEC_SYSCTL
42989+ if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) {
42990+ gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
42991+ return -EACCES;
42992+ }
42993+#endif
42994+ return 0;
42995+}
42996+
42997+#ifdef CONFIG_GRKERNSEC_ROFS
42998+static int __maybe_unused one = 1;
42999+#endif
43000+
43001+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
43002+struct ctl_table grsecurity_table[] = {
43003+#ifdef CONFIG_GRKERNSEC_SYSCTL
43004+#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO
43005+#ifdef CONFIG_GRKERNSEC_IO
43006+ {
43007+ .procname = "disable_priv_io",
43008+ .data = &grsec_disable_privio,
43009+ .maxlen = sizeof(int),
43010+ .mode = 0600,
43011+ .proc_handler = &proc_dointvec,
43012+ },
43013+#endif
43014+#endif
43015+#ifdef CONFIG_GRKERNSEC_LINK
43016+ {
43017+ .procname = "linking_restrictions",
43018+ .data = &grsec_enable_link,
43019+ .maxlen = sizeof(int),
43020+ .mode = 0600,
43021+ .proc_handler = &proc_dointvec,
43022+ },
43023+#endif
43024+#ifdef CONFIG_GRKERNSEC_FIFO
43025+ {
43026+ .procname = "fifo_restrictions",
43027+ .data = &grsec_enable_fifo,
43028+ .maxlen = sizeof(int),
43029+ .mode = 0600,
43030+ .proc_handler = &proc_dointvec,
43031+ },
43032+#endif
43033+#ifdef CONFIG_GRKERNSEC_EXECVE
43034+ {
43035+ .procname = "execve_limiting",
43036+ .data = &grsec_enable_execve,
43037+ .maxlen = sizeof(int),
43038+ .mode = 0600,
43039+ .proc_handler = &proc_dointvec,
43040+ },
43041+#endif
43042+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
43043+ {
43044+ .procname = "ip_blackhole",
43045+ .data = &grsec_enable_blackhole,
43046+ .maxlen = sizeof(int),
43047+ .mode = 0600,
43048+ .proc_handler = &proc_dointvec,
43049+ },
43050+ {
43051+ .procname = "lastack_retries",
43052+ .data = &grsec_lastack_retries,
43053+ .maxlen = sizeof(int),
43054+ .mode = 0600,
43055+ .proc_handler = &proc_dointvec,
43056+ },
43057+#endif
43058+#ifdef CONFIG_GRKERNSEC_EXECLOG
43059+ {
43060+ .procname = "exec_logging",
43061+ .data = &grsec_enable_execlog,
43062+ .maxlen = sizeof(int),
43063+ .mode = 0600,
43064+ .proc_handler = &proc_dointvec,
43065+ },
43066+#endif
43067+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
43068+ {
43069+ .procname = "rwxmap_logging",
43070+ .data = &grsec_enable_log_rwxmaps,
43071+ .maxlen = sizeof(int),
43072+ .mode = 0600,
43073+ .proc_handler = &proc_dointvec,
43074+ },
43075+#endif
43076+#ifdef CONFIG_GRKERNSEC_SIGNAL
43077+ {
43078+ .procname = "signal_logging",
43079+ .data = &grsec_enable_signal,
43080+ .maxlen = sizeof(int),
43081+ .mode = 0600,
43082+ .proc_handler = &proc_dointvec,
43083+ },
43084+#endif
43085+#ifdef CONFIG_GRKERNSEC_FORKFAIL
43086+ {
43087+ .procname = "forkfail_logging",
43088+ .data = &grsec_enable_forkfail,
43089+ .maxlen = sizeof(int),
43090+ .mode = 0600,
43091+ .proc_handler = &proc_dointvec,
43092+ },
43093+#endif
43094+#ifdef CONFIG_GRKERNSEC_TIME
43095+ {
43096+ .procname = "timechange_logging",
43097+ .data = &grsec_enable_time,
43098+ .maxlen = sizeof(int),
43099+ .mode = 0600,
43100+ .proc_handler = &proc_dointvec,
43101+ },
43102+#endif
43103+#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
43104+ {
43105+ .procname = "chroot_deny_shmat",
43106+ .data = &grsec_enable_chroot_shmat,
43107+ .maxlen = sizeof(int),
43108+ .mode = 0600,
43109+ .proc_handler = &proc_dointvec,
43110+ },
43111+#endif
43112+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
43113+ {
43114+ .procname = "chroot_deny_unix",
43115+ .data = &grsec_enable_chroot_unix,
43116+ .maxlen = sizeof(int),
43117+ .mode = 0600,
43118+ .proc_handler = &proc_dointvec,
43119+ },
43120+#endif
43121+#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
43122+ {
43123+ .procname = "chroot_deny_mount",
43124+ .data = &grsec_enable_chroot_mount,
43125+ .maxlen = sizeof(int),
43126+ .mode = 0600,
43127+ .proc_handler = &proc_dointvec,
43128+ },
43129+#endif
43130+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
43131+ {
43132+ .procname = "chroot_deny_fchdir",
43133+ .data = &grsec_enable_chroot_fchdir,
43134+ .maxlen = sizeof(int),
43135+ .mode = 0600,
43136+ .proc_handler = &proc_dointvec,
43137+ },
43138+#endif
43139+#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
43140+ {
43141+ .procname = "chroot_deny_chroot",
43142+ .data = &grsec_enable_chroot_double,
43143+ .maxlen = sizeof(int),
43144+ .mode = 0600,
43145+ .proc_handler = &proc_dointvec,
43146+ },
43147+#endif
43148+#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
43149+ {
43150+ .procname = "chroot_deny_pivot",
43151+ .data = &grsec_enable_chroot_pivot,
43152+ .maxlen = sizeof(int),
43153+ .mode = 0600,
43154+ .proc_handler = &proc_dointvec,
43155+ },
43156+#endif
43157+#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
43158+ {
43159+ .procname = "chroot_enforce_chdir",
43160+ .data = &grsec_enable_chroot_chdir,
43161+ .maxlen = sizeof(int),
43162+ .mode = 0600,
43163+ .proc_handler = &proc_dointvec,
43164+ },
43165+#endif
43166+#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
43167+ {
43168+ .procname = "chroot_deny_chmod",
43169+ .data = &grsec_enable_chroot_chmod,
43170+ .maxlen = sizeof(int),
43171+ .mode = 0600,
43172+ .proc_handler = &proc_dointvec,
43173+ },
43174+#endif
43175+#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
43176+ {
43177+ .procname = "chroot_deny_mknod",
43178+ .data = &grsec_enable_chroot_mknod,
43179+ .maxlen = sizeof(int),
43180+ .mode = 0600,
43181+ .proc_handler = &proc_dointvec,
43182+ },
43183+#endif
43184+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
43185+ {
43186+ .procname = "chroot_restrict_nice",
43187+ .data = &grsec_enable_chroot_nice,
43188+ .maxlen = sizeof(int),
43189+ .mode = 0600,
43190+ .proc_handler = &proc_dointvec,
43191+ },
43192+#endif
43193+#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
43194+ {
43195+ .procname = "chroot_execlog",
43196+ .data = &grsec_enable_chroot_execlog,
43197+ .maxlen = sizeof(int),
43198+ .mode = 0600,
43199+ .proc_handler = &proc_dointvec,
43200+ },
43201+#endif
43202+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
43203+ {
43204+ .procname = "chroot_caps",
43205+ .data = &grsec_enable_chroot_caps,
43206+ .maxlen = sizeof(int),
43207+ .mode = 0600,
43208+ .proc_handler = &proc_dointvec,
43209+ },
43210+#endif
43211+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
43212+ {
43213+ .procname = "chroot_deny_sysctl",
43214+ .data = &grsec_enable_chroot_sysctl,
43215+ .maxlen = sizeof(int),
43216+ .mode = 0600,
43217+ .proc_handler = &proc_dointvec,
43218+ },
43219+#endif
43220+#ifdef CONFIG_GRKERNSEC_TPE
43221+ {
43222+ .procname = "tpe",
43223+ .data = &grsec_enable_tpe,
43224+ .maxlen = sizeof(int),
43225+ .mode = 0600,
43226+ .proc_handler = &proc_dointvec,
43227+ },
43228+ {
43229+ .procname = "tpe_gid",
43230+ .data = &grsec_tpe_gid,
43231+ .maxlen = sizeof(int),
43232+ .mode = 0600,
43233+ .proc_handler = &proc_dointvec,
43234+ },
43235+#endif
43236+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
43237+ {
43238+ .procname = "tpe_invert",
43239+ .data = &grsec_enable_tpe_invert,
43240+ .maxlen = sizeof(int),
43241+ .mode = 0600,
43242+ .proc_handler = &proc_dointvec,
43243+ },
43244+#endif
43245+#ifdef CONFIG_GRKERNSEC_TPE_ALL
43246+ {
43247+ .procname = "tpe_restrict_all",
43248+ .data = &grsec_enable_tpe_all,
43249+ .maxlen = sizeof(int),
43250+ .mode = 0600,
43251+ .proc_handler = &proc_dointvec,
43252+ },
43253+#endif
43254+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
43255+ {
43256+ .procname = "socket_all",
43257+ .data = &grsec_enable_socket_all,
43258+ .maxlen = sizeof(int),
43259+ .mode = 0600,
43260+ .proc_handler = &proc_dointvec,
43261+ },
43262+ {
43263+ .procname = "socket_all_gid",
43264+ .data = &grsec_socket_all_gid,
43265+ .maxlen = sizeof(int),
43266+ .mode = 0600,
43267+ .proc_handler = &proc_dointvec,
43268+ },
43269+#endif
43270+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
43271+ {
43272+ .procname = "socket_client",
43273+ .data = &grsec_enable_socket_client,
43274+ .maxlen = sizeof(int),
43275+ .mode = 0600,
43276+ .proc_handler = &proc_dointvec,
43277+ },
43278+ {
43279+ .procname = "socket_client_gid",
43280+ .data = &grsec_socket_client_gid,
43281+ .maxlen = sizeof(int),
43282+ .mode = 0600,
43283+ .proc_handler = &proc_dointvec,
43284+ },
43285+#endif
43286+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
43287+ {
43288+ .procname = "socket_server",
43289+ .data = &grsec_enable_socket_server,
43290+ .maxlen = sizeof(int),
43291+ .mode = 0600,
43292+ .proc_handler = &proc_dointvec,
43293+ },
43294+ {
43295+ .procname = "socket_server_gid",
43296+ .data = &grsec_socket_server_gid,
43297+ .maxlen = sizeof(int),
43298+ .mode = 0600,
43299+ .proc_handler = &proc_dointvec,
43300+ },
43301+#endif
43302+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
43303+ {
43304+ .procname = "audit_group",
43305+ .data = &grsec_enable_group,
43306+ .maxlen = sizeof(int),
43307+ .mode = 0600,
43308+ .proc_handler = &proc_dointvec,
43309+ },
43310+ {
43311+ .procname = "audit_gid",
43312+ .data = &grsec_audit_gid,
43313+ .maxlen = sizeof(int),
43314+ .mode = 0600,
43315+ .proc_handler = &proc_dointvec,
43316+ },
43317+#endif
43318+#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
43319+ {
43320+ .procname = "audit_chdir",
43321+ .data = &grsec_enable_chdir,
43322+ .maxlen = sizeof(int),
43323+ .mode = 0600,
43324+ .proc_handler = &proc_dointvec,
43325+ },
43326+#endif
43327+#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
43328+ {
43329+ .procname = "audit_mount",
43330+ .data = &grsec_enable_mount,
43331+ .maxlen = sizeof(int),
43332+ .mode = 0600,
43333+ .proc_handler = &proc_dointvec,
43334+ },
43335+#endif
43336+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
43337+ {
43338+ .procname = "audit_textrel",
43339+ .data = &grsec_enable_audit_textrel,
43340+ .maxlen = sizeof(int),
43341+ .mode = 0600,
43342+ .proc_handler = &proc_dointvec,
43343+ },
43344+#endif
43345+#ifdef CONFIG_GRKERNSEC_DMESG
43346+ {
43347+ .procname = "dmesg",
43348+ .data = &grsec_enable_dmesg,
43349+ .maxlen = sizeof(int),
43350+ .mode = 0600,
43351+ .proc_handler = &proc_dointvec,
43352+ },
43353+#endif
43354+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
43355+ {
43356+ .procname = "chroot_findtask",
43357+ .data = &grsec_enable_chroot_findtask,
43358+ .maxlen = sizeof(int),
43359+ .mode = 0600,
43360+ .proc_handler = &proc_dointvec,
43361+ },
43362+#endif
43363+#ifdef CONFIG_GRKERNSEC_RESLOG
43364+ {
43365+ .procname = "resource_logging",
43366+ .data = &grsec_resource_logging,
43367+ .maxlen = sizeof(int),
43368+ .mode = 0600,
43369+ .proc_handler = &proc_dointvec,
43370+ },
43371+#endif
43372+#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
43373+ {
43374+ .procname = "audit_ptrace",
43375+ .data = &grsec_enable_audit_ptrace,
43376+ .maxlen = sizeof(int),
43377+ .mode = 0600,
43378+ .proc_handler = &proc_dointvec,
43379+ },
43380+#endif
43381+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
43382+ {
43383+ .procname = "harden_ptrace",
43384+ .data = &grsec_enable_harden_ptrace,
43385+ .maxlen = sizeof(int),
43386+ .mode = 0600,
43387+ .proc_handler = &proc_dointvec,
43388+ },
43389+#endif
43390+ {
43391+ .procname = "grsec_lock",
43392+ .data = &grsec_lock,
43393+ .maxlen = sizeof(int),
43394+ .mode = 0600,
43395+ .proc_handler = &proc_dointvec,
43396+ },
43397+#endif
43398+#ifdef CONFIG_GRKERNSEC_ROFS
43399+ {
43400+ .procname = "romount_protect",
43401+ .data = &grsec_enable_rofs,
43402+ .maxlen = sizeof(int),
43403+ .mode = 0600,
43404+ .proc_handler = &proc_dointvec_minmax,
43405+ .extra1 = &one,
43406+ .extra2 = &one,
43407+ },
43408+#endif
43409+ { }
43410+};
43411+#endif
43412diff -urNp linux-2.6.38.2/grsecurity/grsec_time.c linux-2.6.38.2/grsecurity/grsec_time.c
43413--- linux-2.6.38.2/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
43414+++ linux-2.6.38.2/grsecurity/grsec_time.c 2011-03-21 18:31:35.000000000 -0400
43415@@ -0,0 +1,16 @@
43416+#include <linux/kernel.h>
43417+#include <linux/sched.h>
43418+#include <linux/grinternal.h>
43419+#include <linux/module.h>
43420+
43421+void
43422+gr_log_timechange(void)
43423+{
43424+#ifdef CONFIG_GRKERNSEC_TIME
43425+ if (grsec_enable_time)
43426+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
43427+#endif
43428+ return;
43429+}
43430+
43431+EXPORT_SYMBOL(gr_log_timechange);
43432diff -urNp linux-2.6.38.2/grsecurity/grsec_tpe.c linux-2.6.38.2/grsecurity/grsec_tpe.c
43433--- linux-2.6.38.2/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500
43434+++ linux-2.6.38.2/grsecurity/grsec_tpe.c 2011-03-21 18:31:35.000000000 -0400
43435@@ -0,0 +1,39 @@
43436+#include <linux/kernel.h>
43437+#include <linux/sched.h>
43438+#include <linux/file.h>
43439+#include <linux/fs.h>
43440+#include <linux/grinternal.h>
43441+
43442+extern int gr_acl_tpe_check(void);
43443+
43444+int
43445+gr_tpe_allow(const struct file *file)
43446+{
43447+#ifdef CONFIG_GRKERNSEC
43448+ struct inode *inode = file->f_path.dentry->d_parent->d_inode;
43449+ const struct cred *cred = current_cred();
43450+
43451+ if (cred->uid && ((grsec_enable_tpe &&
43452+#ifdef CONFIG_GRKERNSEC_TPE_INVERT
43453+ ((grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid)) ||
43454+ (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid)))
43455+#else
43456+ in_group_p(grsec_tpe_gid)
43457+#endif
43458+ ) || gr_acl_tpe_check()) &&
43459+ (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
43460+ (inode->i_mode & S_IWOTH))))) {
43461+ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
43462+ return 0;
43463+ }
43464+#ifdef CONFIG_GRKERNSEC_TPE_ALL
43465+ if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
43466+ ((inode->i_uid && (inode->i_uid != cred->uid)) ||
43467+ (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
43468+ gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
43469+ return 0;
43470+ }
43471+#endif
43472+#endif
43473+ return 1;
43474+}
43475diff -urNp linux-2.6.38.2/grsecurity/grsum.c linux-2.6.38.2/grsecurity/grsum.c
43476--- linux-2.6.38.2/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500
43477+++ linux-2.6.38.2/grsecurity/grsum.c 2011-03-21 18:31:35.000000000 -0400
43478@@ -0,0 +1,61 @@
43479+#include <linux/err.h>
43480+#include <linux/kernel.h>
43481+#include <linux/sched.h>
43482+#include <linux/mm.h>
43483+#include <linux/scatterlist.h>
43484+#include <linux/crypto.h>
43485+#include <linux/gracl.h>
43486+
43487+
43488+#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
43489+#error "crypto and sha256 must be built into the kernel"
43490+#endif
43491+
43492+int
43493+chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
43494+{
43495+ char *p;
43496+ struct crypto_hash *tfm;
43497+ struct hash_desc desc;
43498+ struct scatterlist sg;
43499+ unsigned char temp_sum[GR_SHA_LEN];
43500+ volatile int retval = 0;
43501+ volatile int dummy = 0;
43502+ unsigned int i;
43503+
43504+ sg_init_table(&sg, 1);
43505+
43506+ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
43507+ if (IS_ERR(tfm)) {
43508+ /* should never happen, since sha256 should be built in */
43509+ return 1;
43510+ }
43511+
43512+ desc.tfm = tfm;
43513+ desc.flags = 0;
43514+
43515+ crypto_hash_init(&desc);
43516+
43517+ p = salt;
43518+ sg_set_buf(&sg, p, GR_SALT_LEN);
43519+ crypto_hash_update(&desc, &sg, sg.length);
43520+
43521+ p = entry->pw;
43522+ sg_set_buf(&sg, p, strlen(p));
43523+
43524+ crypto_hash_update(&desc, &sg, sg.length);
43525+
43526+ crypto_hash_final(&desc, temp_sum);
43527+
43528+ memset(entry->pw, 0, GR_PW_LEN);
43529+
43530+ for (i = 0; i < GR_SHA_LEN; i++)
43531+ if (sum[i] != temp_sum[i])
43532+ retval = 1;
43533+ else
43534+ dummy = 1; // waste a cycle
43535+
43536+ crypto_free_hash(tfm);
43537+
43538+ return retval;
43539+}
43540diff -urNp linux-2.6.38.2/grsecurity/Kconfig linux-2.6.38.2/grsecurity/Kconfig
43541--- linux-2.6.38.2/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
43542+++ linux-2.6.38.2/grsecurity/Kconfig 2011-03-26 19:54:37.000000000 -0400
43543@@ -0,0 +1,1020 @@
43544+#
43545+# grecurity configuration
43546+#
43547+
43548+menu "Grsecurity"
43549+
43550+config GRKERNSEC
43551+ bool "Grsecurity"
43552+ select CRYPTO
43553+ select CRYPTO_SHA256
43554+ help
43555+ If you say Y here, you will be able to configure many features
43556+ that will enhance the security of your system. It is highly
43557+ recommended that you say Y here and read through the help
43558+ for each option so that you fully understand the features and
43559+ can evaluate their usefulness for your machine.
43560+
43561+choice
43562+ prompt "Security Level"
43563+ depends on GRKERNSEC
43564+ default GRKERNSEC_CUSTOM
43565+
43566+config GRKERNSEC_LOW
43567+ bool "Low"
43568+ select GRKERNSEC_LINK
43569+ select GRKERNSEC_FIFO
43570+ select GRKERNSEC_EXECVE
43571+ select GRKERNSEC_RANDNET
43572+ select GRKERNSEC_DMESG
43573+ select GRKERNSEC_CHROOT
43574+ select GRKERNSEC_CHROOT_CHDIR
43575+
43576+ help
43577+ If you choose this option, several of the grsecurity options will
43578+ be enabled that will give you greater protection against a number
43579+ of attacks, while assuring that none of your software will have any
43580+ conflicts with the additional security measures. If you run a lot
43581+ of unusual software, or you are having problems with the higher
43582+ security levels, you should say Y here. With this option, the
43583+ following features are enabled:
43584+
43585+ - Linking restrictions
43586+ - FIFO restrictions
43587+ - Enforcing RLIMIT_NPROC on execve
43588+ - Restricted dmesg
43589+ - Enforced chdir("/") on chroot
43590+ - Runtime module disabling
43591+
43592+config GRKERNSEC_MEDIUM
43593+ bool "Medium"
43594+ select PAX
43595+ select PAX_EI_PAX
43596+ select PAX_PT_PAX_FLAGS
43597+ select PAX_HAVE_ACL_FLAGS
43598+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
43599+ select GRKERNSEC_CHROOT
43600+ select GRKERNSEC_CHROOT_SYSCTL
43601+ select GRKERNSEC_LINK
43602+ select GRKERNSEC_FIFO
43603+ select GRKERNSEC_EXECVE
43604+ select GRKERNSEC_DMESG
43605+ select GRKERNSEC_RANDNET
43606+ select GRKERNSEC_FORKFAIL
43607+ select GRKERNSEC_TIME
43608+ select GRKERNSEC_SIGNAL
43609+ select GRKERNSEC_CHROOT
43610+ select GRKERNSEC_CHROOT_UNIX
43611+ select GRKERNSEC_CHROOT_MOUNT
43612+ select GRKERNSEC_CHROOT_PIVOT
43613+ select GRKERNSEC_CHROOT_DOUBLE
43614+ select GRKERNSEC_CHROOT_CHDIR
43615+ select GRKERNSEC_CHROOT_MKNOD
43616+ select GRKERNSEC_PROC
43617+ select GRKERNSEC_PROC_USERGROUP
43618+ select PAX_RANDUSTACK
43619+ select PAX_ASLR
43620+ select PAX_RANDMMAP
43621+ select PAX_REFCOUNT if (X86 || SPARC64)
43622+ select PAX_USERCOPY if ((X86 || SPARC32 || SPARC64 || PPC) && (SLAB || SLUB || SLOB))
43623+
43624+ help
43625+ If you say Y here, several features in addition to those included
43626+ in the low additional security level will be enabled. These
43627+ features provide even more security to your system, though in rare
43628+ cases they may be incompatible with very old or poorly written
43629+ software. If you enable this option, make sure that your auth
43630+ service (identd) is running as gid 1001. With this option,
43631+ the following features (in addition to those provided in the
43632+ low additional security level) will be enabled:
43633+
43634+ - Failed fork logging
43635+ - Time change logging
43636+ - Signal logging
43637+ - Deny mounts in chroot
43638+ - Deny double chrooting
43639+ - Deny sysctl writes in chroot
43640+ - Deny mknod in chroot
43641+ - Deny access to abstract AF_UNIX sockets out of chroot
43642+ - Deny pivot_root in chroot
43643+ - Denied writes of /dev/kmem, /dev/mem, and /dev/port
43644+ - /proc restrictions with special GID set to 10 (usually wheel)
43645+ - Address Space Layout Randomization (ASLR)
43646+ - Prevent exploitation of most refcount overflows
43647+ - Bounds checking of copying between the kernel and userland
43648+
43649+config GRKERNSEC_HIGH
43650+ bool "High"
43651+ select GRKERNSEC_LINK
43652+ select GRKERNSEC_FIFO
43653+ select GRKERNSEC_EXECVE
43654+ select GRKERNSEC_DMESG
43655+ select GRKERNSEC_FORKFAIL
43656+ select GRKERNSEC_TIME
43657+ select GRKERNSEC_SIGNAL
43658+ select GRKERNSEC_CHROOT
43659+ select GRKERNSEC_CHROOT_SHMAT
43660+ select GRKERNSEC_CHROOT_UNIX
43661+ select GRKERNSEC_CHROOT_MOUNT
43662+ select GRKERNSEC_CHROOT_FCHDIR
43663+ select GRKERNSEC_CHROOT_PIVOT
43664+ select GRKERNSEC_CHROOT_DOUBLE
43665+ select GRKERNSEC_CHROOT_CHDIR
43666+ select GRKERNSEC_CHROOT_MKNOD
43667+ select GRKERNSEC_CHROOT_CAPS
43668+ select GRKERNSEC_CHROOT_SYSCTL
43669+ select GRKERNSEC_CHROOT_FINDTASK
43670+ select GRKERNSEC_SYSFS_RESTRICT
43671+ select GRKERNSEC_PROC
43672+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
43673+ select GRKERNSEC_HIDESYM
43674+ select GRKERNSEC_BRUTE
43675+ select GRKERNSEC_PROC_USERGROUP
43676+ select GRKERNSEC_KMEM
43677+ select GRKERNSEC_RESLOG
43678+ select GRKERNSEC_RANDNET
43679+ select GRKERNSEC_PROC_ADD
43680+ select GRKERNSEC_CHROOT_CHMOD
43681+ select GRKERNSEC_CHROOT_NICE
43682+ select GRKERNSEC_AUDIT_MOUNT
43683+ select GRKERNSEC_MODHARDEN if (MODULES)
43684+ select GRKERNSEC_HARDEN_PTRACE
43685+ select GRKERNSEC_VM86 if (X86_32)
43686+ select PAX
43687+ select PAX_RANDUSTACK
43688+ select PAX_ASLR
43689+ select PAX_RANDMMAP
43690+ select PAX_NOEXEC
43691+ select PAX_MPROTECT
43692+ select PAX_EI_PAX
43693+ select PAX_PT_PAX_FLAGS
43694+ select PAX_HAVE_ACL_FLAGS
43695+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
43696+ select PAX_MEMORY_UDEREF if (X86 && !XEN)
43697+ select PAX_RANDKSTACK if (X86_TSC && !X86_64)
43698+ select PAX_SEGMEXEC if (X86_32)
43699+ select PAX_PAGEEXEC
43700+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC32 || SPARC64)
43701+ select PAX_EMUTRAMP if (PARISC)
43702+ select PAX_EMUSIGRT if (PARISC)
43703+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
43704+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
43705+ select PAX_REFCOUNT if (X86 || SPARC64)
43706+ select PAX_USERCOPY if ((X86 || PPC || SPARC32 || SPARC64) && (SLAB || SLUB || SLOB))
43707+ help
43708+ If you say Y here, many of the features of grsecurity will be
43709+ enabled, which will protect you against many kinds of attacks
43710+ against your system. The heightened security comes at a cost
43711+ of an increased chance of incompatibilities with rare software
43712+ on your machine. Since this security level enables PaX, you should
43713+ view <http://pax.grsecurity.net> and read about the PaX
43714+ project. While you are there, download chpax and run it on
43715+ binaries that cause problems with PaX. Also remember that
43716+ since the /proc restrictions are enabled, you must run your
43717+ identd as gid 1001. This security level enables the following
43718+ features in addition to those listed in the low and medium
43719+ security levels:
43720+
43721+ - Additional /proc restrictions
43722+ - Chmod restrictions in chroot
43723+ - No signals, ptrace, or viewing of processes outside of chroot
43724+ - Capability restrictions in chroot
43725+ - Deny fchdir out of chroot
43726+ - Priority restrictions in chroot
43727+ - Segmentation-based implementation of PaX
43728+ - Mprotect restrictions
43729+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
43730+ - Kernel stack randomization
43731+ - Mount/unmount/remount logging
43732+ - Kernel symbol hiding
43733+ - Prevention of memory exhaustion-based exploits
43734+ - Hardening of module auto-loading
43735+ - Ptrace restrictions
43736+ - Restricted vm86 mode
43737+ - Restricted sysfs/debugfs
43738+
43739+config GRKERNSEC_CUSTOM
43740+ bool "Custom"
43741+ help
43742+ If you say Y here, you will be able to configure every grsecurity
43743+ option, which allows you to enable many more features that aren't
43744+ covered in the basic security levels. These additional features
43745+ include TPE, socket restrictions, and the sysctl system for
43746+ grsecurity. It is advised that you read through the help for
43747+ each option to determine its usefulness in your situation.
43748+
43749+endchoice
43750+
43751+menu "Address Space Protection"
43752+depends on GRKERNSEC
43753+
43754+config GRKERNSEC_KMEM
43755+ bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
43756+ help
43757+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to
43758+ be written to via mmap or otherwise to modify the running kernel.
43759+ /dev/port will also not be allowed to be opened. If you have module
43760+ support disabled, enabling this will close up four ways that are
43761+ currently used to insert malicious code into the running kernel.
43762+ Even with all these features enabled, we still highly recommend that
43763+ you use the RBAC system, as it is still possible for an attacker to
43764+ modify the running kernel through privileged I/O granted by ioperm/iopl.
43765+ If you are not using XFree86, you may be able to stop this additional
43766+ case by enabling the 'Disable privileged I/O' option. Though nothing
43767+ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
43768+ but only to video memory, which is the only writing we allow in this
43769+ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
43770+ not be allowed to mprotect it with PROT_WRITE later.
43771+ It is highly recommended that you say Y here if you meet all the
43772+ conditions above.
43773+
43774+config GRKERNSEC_VM86
43775+ bool "Restrict VM86 mode"
43776+ depends on X86_32
43777+
43778+ help
43779+ If you say Y here, only processes with CAP_SYS_RAWIO will be able to
43780+ make use of a special execution mode on 32bit x86 processors called
43781+ Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
43782+ video cards and will still work with this option enabled. The purpose
43783+ of the option is to prevent exploitation of emulation errors in
43784+ virtualization of vm86 mode like the one discovered in VMWare in 2009.
43785+ Nearly all users should be able to enable this option.
43786+
43787+config GRKERNSEC_IO
43788+ bool "Disable privileged I/O"
43789+ depends on X86
43790+ select RTC_CLASS
43791+ select RTC_INTF_DEV
43792+ select RTC_DRV_CMOS
43793+
43794+ help
43795+ If you say Y here, all ioperm and iopl calls will return an error.
43796+ Ioperm and iopl can be used to modify the running kernel.
43797+ Unfortunately, some programs need this access to operate properly,
43798+ the most notable of which are XFree86 and hwclock. hwclock can be
43799+ remedied by having RTC support in the kernel, so real-time
43800+ clock support is enabled if this option is enabled, to ensure
43801+ that hwclock operates correctly. XFree86 still will not
43802+ operate correctly with this option enabled, so DO NOT CHOOSE Y
43803+ IF YOU USE XFree86. If you use XFree86 and you still want to
43804+ protect your kernel against modification, use the RBAC system.
43805+
43806+config GRKERNSEC_PROC_MEMMAP
43807+ bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
43808+ default y if (PAX_NOEXEC || PAX_ASLR)
43809+ depends on PAX_NOEXEC || PAX_ASLR
43810+ help
43811+ If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
43812+ give no information about the addresses of its mappings if
43813+ PaX features that rely on random addresses are enabled on the task.
43814+ If you use PaX it is greatly recommended that you say Y here as it
43815+ closes up a hole that makes the full ASLR useless for suid
43816+ binaries.
43817+
43818+config GRKERNSEC_BRUTE
43819+ bool "Deter exploit bruteforcing"
43820+ help
43821+ If you say Y here, attempts to bruteforce exploits against forking
43822+ daemons such as apache or sshd will be deterred. When a child of a
43823+ forking daemon is killed by PaX or crashes due to an illegal
43824+ instruction, the parent process will be delayed 30 seconds upon every
43825+ subsequent fork until the administrator is able to assess the
43826+ situation and restart the daemon. It is recommended that you also
43827+ enable signal logging in the auditing section so that logs are
43828+ generated when a process performs an illegal instruction.
43829+
43830+config GRKERNSEC_MODHARDEN
43831+ bool "Harden module auto-loading"
43832+ depends on MODULES
43833+ help
43834+ If you say Y here, module auto-loading in response to use of some
43835+ feature implemented by an unloaded module will be restricted to
43836+ root users. Enabling this option helps defend against attacks
43837+ by unprivileged users who abuse the auto-loading behavior to
43838+ cause a vulnerable module to load that is then exploited.
43839+
43840+ If this option prevents a legitimate use of auto-loading for a
43841+ non-root user, the administrator can execute modprobe manually
43842+ with the exact name of the module mentioned in the alert log.
43843+ Alternatively, the administrator can add the module to the list
43844+ of modules loaded at boot by modifying init scripts.
43845+
43846+ Modification of init scripts will most likely be needed on
43847+ Ubuntu servers with encrypted home directory support enabled,
43848+ as the first non-root user logging in will cause the ecb(aes),
43849+ ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
43850+
43851+config GRKERNSEC_HIDESYM
43852+ bool "Hide kernel symbols"
43853+ help
43854+ If you say Y here, getting information on loaded modules, and
43855+ displaying all kernel symbols through a syscall will be restricted
43856+ to users with CAP_SYS_MODULE. For software compatibility reasons,
43857+ /proc/kallsyms will be restricted to the root user. The RBAC
43858+ system can hide that entry even from root.
43859+
43860+ This option also prevents leaking of kernel addresses through
43861+ several /proc entries.
43862+
43863+ Note that this option is only effective provided the following
43864+ conditions are met:
43865+ 1) The kernel using grsecurity is not precompiled by some distribution
43866+ 2) You have also enabled GRKERNSEC_DMESG
43867+ 3) You are using the RBAC system and hiding other files such as your
43868+ kernel image and System.map. Alternatively, enabling this option
43869+ causes the permissions on /boot, /lib/modules, and the kernel
43870+ source directory to change at compile time to prevent
43871+ reading by non-root users.
43872+ If the above conditions are met, this option will aid in providing a
43873+ useful protection against local kernel exploitation of overflows
43874+ and arbitrary read/write vulnerabilities.
43875+
43876+endmenu
43877+menu "Role Based Access Control Options"
43878+depends on GRKERNSEC
43879+
43880+config GRKERNSEC_RBAC_DEBUG
43881+ bool
43882+
43883+config GRKERNSEC_NO_RBAC
43884+ bool "Disable RBAC system"
43885+ help
43886+ If you say Y here, the /dev/grsec device will be removed from the kernel,
43887+ preventing the RBAC system from being enabled. You should only say Y
43888+ here if you have no intention of using the RBAC system, so as to prevent
43889+ an attacker with root access from misusing the RBAC system to hide files
43890+ and processes when loadable module support and /dev/[k]mem have been
43891+ locked down.
43892+
43893+config GRKERNSEC_ACL_HIDEKERN
43894+ bool "Hide kernel processes"
43895+ help
43896+ If you say Y here, all kernel threads will be hidden to all
43897+ processes but those whose subject has the "view hidden processes"
43898+ flag.
43899+
43900+config GRKERNSEC_ACL_MAXTRIES
43901+ int "Maximum tries before password lockout"
43902+ default 3
43903+ help
43904+ This option enforces the maximum number of times a user can attempt
43905+ to authorize themselves with the grsecurity RBAC system before being
43906+ denied the ability to attempt authorization again for a specified time.
43907+ The lower the number, the harder it will be to brute-force a password.
43908+
43909+config GRKERNSEC_ACL_TIMEOUT
43910+ int "Time to wait after max password tries, in seconds"
43911+ default 30
43912+ help
43913+ This option specifies the time the user must wait after attempting to
43914+ authorize to the RBAC system with the maximum number of invalid
43915+ passwords. The higher the number, the harder it will be to brute-force
43916+ a password.
43917+
43918+endmenu
43919+menu "Filesystem Protections"
43920+depends on GRKERNSEC
43921+
43922+config GRKERNSEC_PROC
43923+ bool "Proc restrictions"
43924+ help
43925+ If you say Y here, the permissions of the /proc filesystem
43926+ will be altered to enhance system security and privacy. You MUST
43927+ choose either a user only restriction or a user and group restriction.
43928+ Depending upon the option you choose, you can either restrict users to
43929+ see only the processes they themselves run, or choose a group that can
43930+ view all processes and files normally restricted to root if you choose
43931+ the "restrict to user only" option. NOTE: If you're running identd as
43932+ a non-root user, you will have to run it as the group you specify here.
43933+
43934+config GRKERNSEC_PROC_USER
43935+ bool "Restrict /proc to user only"
43936+ depends on GRKERNSEC_PROC
43937+ help
43938+ If you say Y here, non-root users will only be able to view their own
43939+ processes, and restricts them from viewing network-related information,
43940+ and viewing kernel symbol and module information.
43941+
43942+config GRKERNSEC_PROC_USERGROUP
43943+ bool "Allow special group"
43944+ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
43945+ help
43946+ If you say Y here, you will be able to select a group that will be
43947+ able to view all processes and network-related information. If you've
43948+ enabled GRKERNSEC_HIDESYM, kernel and symbol information may still
43949+ remain hidden. This option is useful if you want to run identd as
43950+ a non-root user.
43951+
43952+config GRKERNSEC_PROC_GID
43953+ int "GID for special group"
43954+ depends on GRKERNSEC_PROC_USERGROUP
43955+ default 1001
43956+
43957+config GRKERNSEC_PROC_ADD
43958+ bool "Additional restrictions"
43959+ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
43960+ help
43961+ If you say Y here, additional restrictions will be placed on
43962+ /proc that keep normal users from viewing device information and
43963+ slabinfo information that could be useful for exploits.
43964+
43965+config GRKERNSEC_LINK
43966+ bool "Linking restrictions"
43967+ help
43968+ If you say Y here, /tmp race exploits will be prevented, since users
43969+ will no longer be able to follow symlinks owned by other users in
43970+ world-writable +t directories (e.g. /tmp), unless the owner of the
43971+ symlink is the owner of the directory. users will also not be
43972+ able to hardlink to files they do not own. If the sysctl option is
43973+ enabled, a sysctl option with name "linking_restrictions" is created.
43974+
43975+config GRKERNSEC_FIFO
43976+ bool "FIFO restrictions"
43977+ help
43978+ If you say Y here, users will not be able to write to FIFOs they don't
43979+ own in world-writable +t directories (e.g. /tmp), unless the owner of
43980+ the FIFO is the same owner of the directory it's held in. If the sysctl
43981+ option is enabled, a sysctl option with name "fifo_restrictions" is
43982+ created.
43983+
43984+config GRKERNSEC_SYSFS_RESTRICT
43985+ bool "Sysfs/debugfs restriction"
43986+ depends on SYSFS
43987+ help
43988+ If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
43989+ any filesystem normally mounted under it (e.g. debugfs) will only
43990+ be accessible by root. These filesystems generally provide access
43991+ to hardware and debug information that isn't appropriate for unprivileged
43992+ users of the system. Sysfs and debugfs have also become a large source
43993+ of new vulnerabilities, ranging from infoleaks to local compromise.
43994+ There has been very little oversight with an eye toward security involved
43995+ in adding new exporters of information to these filesystems, so their
43996+ use is discouraged.
43997+ This option is equivalent to a chmod 0700 of the mount paths.
43998+
43999+config GRKERNSEC_ROFS
44000+ bool "Runtime read-only mount protection"
44001+ help
44002+ If you say Y here, a sysctl option with name "romount_protect" will
44003+ be created. By setting this option to 1 at runtime, filesystems
44004+ will be protected in the following ways:
44005+ * No new writable mounts will be allowed
44006+ * Existing read-only mounts won't be able to be remounted read/write
44007+ * Write operations will be denied on all block devices
44008+ This option acts independently of grsec_lock: once it is set to 1,
44009+ it cannot be turned off. Therefore, please be mindful of the resulting
44010+ behavior if this option is enabled in an init script on a read-only
44011+ filesystem. This feature is mainly intended for secure embedded systems.
44012+
44013+config GRKERNSEC_CHROOT
44014+ bool "Chroot jail restrictions"
44015+ help
44016+ If you say Y here, you will be able to choose several options that will
44017+ make breaking out of a chrooted jail much more difficult. If you
44018+ encounter no software incompatibilities with the following options, it
44019+ is recommended that you enable each one.
44020+
44021+config GRKERNSEC_CHROOT_MOUNT
44022+ bool "Deny mounts"
44023+ depends on GRKERNSEC_CHROOT
44024+ help
44025+ If you say Y here, processes inside a chroot will not be able to
44026+ mount or remount filesystems. If the sysctl option is enabled, a
44027+ sysctl option with name "chroot_deny_mount" is created.
44028+
44029+config GRKERNSEC_CHROOT_DOUBLE
44030+ bool "Deny double-chroots"
44031+ depends on GRKERNSEC_CHROOT
44032+ help
44033+ If you say Y here, processes inside a chroot will not be able to chroot
44034+ again outside the chroot. This is a widely used method of breaking
44035+ out of a chroot jail and should not be allowed. If the sysctl
44036+ option is enabled, a sysctl option with name
44037+ "chroot_deny_chroot" is created.
44038+
44039+config GRKERNSEC_CHROOT_PIVOT
44040+ bool "Deny pivot_root in chroot"
44041+ depends on GRKERNSEC_CHROOT
44042+ help
44043+ If you say Y here, processes inside a chroot will not be able to use
44044+ a function called pivot_root() that was introduced in Linux 2.3.41. It
44045+ works similar to chroot in that it changes the root filesystem. This
44046+ function could be misused in a chrooted process to attempt to break out
44047+ of the chroot, and therefore should not be allowed. If the sysctl
44048+ option is enabled, a sysctl option with name "chroot_deny_pivot" is
44049+ created.
44050+
44051+config GRKERNSEC_CHROOT_CHDIR
44052+ bool "Enforce chdir(\"/\") on all chroots"
44053+ depends on GRKERNSEC_CHROOT
44054+ help
44055+ If you say Y here, the current working directory of all newly-chrooted
44056+ applications will be set to the the root directory of the chroot.
44057+ The man page on chroot(2) states:
44058+ Note that this call does not change the current working
44059+ directory, so that `.' can be outside the tree rooted at
44060+ `/'. In particular, the super-user can escape from a
44061+ `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
44062+
44063+ It is recommended that you say Y here, since it's not known to break
44064+ any software. If the sysctl option is enabled, a sysctl option with
44065+ name "chroot_enforce_chdir" is created.
44066+
44067+config GRKERNSEC_CHROOT_CHMOD
44068+ bool "Deny (f)chmod +s"
44069+ depends on GRKERNSEC_CHROOT
44070+ help
44071+ If you say Y here, processes inside a chroot will not be able to chmod
44072+ or fchmod files to make them have suid or sgid bits. This protects
44073+ against another published method of breaking a chroot. If the sysctl
44074+ option is enabled, a sysctl option with name "chroot_deny_chmod" is
44075+ created.
44076+
44077+config GRKERNSEC_CHROOT_FCHDIR
44078+ bool "Deny fchdir out of chroot"
44079+ depends on GRKERNSEC_CHROOT
44080+ help
44081+ If you say Y here, a well-known method of breaking chroots by fchdir'ing
44082+ to a file descriptor of the chrooting process that points to a directory
44083+ outside the filesystem will be stopped. If the sysctl option
44084+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
44085+
44086+config GRKERNSEC_CHROOT_MKNOD
44087+ bool "Deny mknod"
44088+ depends on GRKERNSEC_CHROOT
44089+ help
44090+ If you say Y here, processes inside a chroot will not be allowed to
44091+ mknod. The problem with using mknod inside a chroot is that it
44092+ would allow an attacker to create a device entry that is the same
44093+ as one on the physical root of your system, which could range from
44094+ anything from the console device to a device for your harddrive (which
44095+ they could then use to wipe the drive or steal data). It is recommended
44096+ that you say Y here, unless you run into software incompatibilities.
44097+ If the sysctl option is enabled, a sysctl option with name
44098+ "chroot_deny_mknod" is created.
44099+
44100+config GRKERNSEC_CHROOT_SHMAT
44101+ bool "Deny shmat() out of chroot"
44102+ depends on GRKERNSEC_CHROOT
44103+ help
44104+ If you say Y here, processes inside a chroot will not be able to attach
44105+ to shared memory segments that were created outside of the chroot jail.
44106+ It is recommended that you say Y here. If the sysctl option is enabled,
44107+ a sysctl option with name "chroot_deny_shmat" is created.
44108+
44109+config GRKERNSEC_CHROOT_UNIX
44110+ bool "Deny access to abstract AF_UNIX sockets out of chroot"
44111+ depends on GRKERNSEC_CHROOT
44112+ help
44113+ If you say Y here, processes inside a chroot will not be able to
44114+ connect to abstract (meaning not belonging to a filesystem) Unix
44115+ domain sockets that were bound outside of a chroot. It is recommended
44116+ that you say Y here. If the sysctl option is enabled, a sysctl option
44117+ with name "chroot_deny_unix" is created.
44118+
44119+config GRKERNSEC_CHROOT_FINDTASK
44120+ bool "Protect outside processes"
44121+ depends on GRKERNSEC_CHROOT
44122+ help
44123+ If you say Y here, processes inside a chroot will not be able to
44124+ kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
44125+ getsid, or view any process outside of the chroot. If the sysctl
44126+ option is enabled, a sysctl option with name "chroot_findtask" is
44127+ created.
44128+
44129+config GRKERNSEC_CHROOT_NICE
44130+ bool "Restrict priority changes"
44131+ depends on GRKERNSEC_CHROOT
44132+ help
44133+ If you say Y here, processes inside a chroot will not be able to raise
44134+ the priority of processes in the chroot, or alter the priority of
44135+ processes outside the chroot. This provides more security than simply
44136+ removing CAP_SYS_NICE from the process' capability set. If the
44137+ sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
44138+ is created.
44139+
44140+config GRKERNSEC_CHROOT_SYSCTL
44141+ bool "Deny sysctl writes"
44142+ depends on GRKERNSEC_CHROOT
44143+ help
44144+ If you say Y here, an attacker in a chroot will not be able to
44145+ write to sysctl entries, either by sysctl(2) or through a /proc
44146+ interface. It is strongly recommended that you say Y here. If the
44147+ sysctl option is enabled, a sysctl option with name
44148+ "chroot_deny_sysctl" is created.
44149+
44150+config GRKERNSEC_CHROOT_CAPS
44151+ bool "Capability restrictions"
44152+ depends on GRKERNSEC_CHROOT
44153+ help
44154+ If you say Y here, the capabilities on all root processes within a
44155+ chroot jail will be lowered to stop module insertion, raw i/o,
44156+ system and net admin tasks, rebooting the system, modifying immutable
44157+ files, modifying IPC owned by another, and changing the system time.
44158+ This is left an option because it can break some apps. Disable this
44159+ if your chrooted apps are having problems performing those kinds of
44160+ tasks. If the sysctl option is enabled, a sysctl option with
44161+ name "chroot_caps" is created.
44162+
44163+endmenu
44164+menu "Kernel Auditing"
44165+depends on GRKERNSEC
44166+
44167+config GRKERNSEC_AUDIT_GROUP
44168+ bool "Single group for auditing"
44169+ help
44170+ If you say Y here, the exec, chdir, and (un)mount logging features
44171+ will only operate on a group you specify. This option is recommended
44172+ if you only want to watch certain users instead of having a large
44173+ amount of logs from the entire system. If the sysctl option is enabled,
44174+ a sysctl option with name "audit_group" is created.
44175+
44176+config GRKERNSEC_AUDIT_GID
44177+ int "GID for auditing"
44178+ depends on GRKERNSEC_AUDIT_GROUP
44179+ default 1007
44180+
44181+config GRKERNSEC_EXECLOG
44182+ bool "Exec logging"
44183+ help
44184+ If you say Y here, all execve() calls will be logged (since the
44185+ other exec*() calls are frontends to execve(), all execution
44186+ will be logged). Useful for shell-servers that like to keep track
44187+ of their users. If the sysctl option is enabled, a sysctl option with
44188+ name "exec_logging" is created.
44189+ WARNING: This option when enabled will produce a LOT of logs, especially
44190+ on an active system.
44191+
44192+config GRKERNSEC_RESLOG
44193+ bool "Resource logging"
44194+ help
44195+ If you say Y here, all attempts to overstep resource limits will
44196+ be logged with the resource name, the requested size, and the current
44197+ limit. It is highly recommended that you say Y here. If the sysctl
44198+ option is enabled, a sysctl option with name "resource_logging" is
44199+ created. If the RBAC system is enabled, the sysctl value is ignored.
44200+
44201+config GRKERNSEC_CHROOT_EXECLOG
44202+ bool "Log execs within chroot"
44203+ help
44204+ If you say Y here, all executions inside a chroot jail will be logged
44205+ to syslog. This can cause a large amount of logs if certain
44206+ applications (eg. djb's daemontools) are installed on the system, and
44207+ is therefore left as an option. If the sysctl option is enabled, a
44208+ sysctl option with name "chroot_execlog" is created.
44209+
44210+config GRKERNSEC_AUDIT_PTRACE
44211+ bool "Ptrace logging"
44212+ help
44213+ If you say Y here, all attempts to attach to a process via ptrace
44214+ will be logged. If the sysctl option is enabled, a sysctl option
44215+ with name "audit_ptrace" is created.
44216+
44217+config GRKERNSEC_AUDIT_CHDIR
44218+ bool "Chdir logging"
44219+ help
44220+ If you say Y here, all chdir() calls will be logged. If the sysctl
44221+ option is enabled, a sysctl option with name "audit_chdir" is created.
44222+
44223+config GRKERNSEC_AUDIT_MOUNT
44224+ bool "(Un)Mount logging"
44225+ help
44226+ If you say Y here, all mounts and unmounts will be logged. If the
44227+ sysctl option is enabled, a sysctl option with name "audit_mount" is
44228+ created.
44229+
44230+config GRKERNSEC_SIGNAL
44231+ bool "Signal logging"
44232+ help
44233+ If you say Y here, certain important signals will be logged, such as
44234+ SIGSEGV, which will as a result inform you of when a error in a program
44235+ occurred, which in some cases could mean a possible exploit attempt.
44236+ If the sysctl option is enabled, a sysctl option with name
44237+ "signal_logging" is created.
44238+
44239+config GRKERNSEC_FORKFAIL
44240+ bool "Fork failure logging"
44241+ help
44242+ If you say Y here, all failed fork() attempts will be logged.
44243+ This could suggest a fork bomb, or someone attempting to overstep
44244+ their process limit. If the sysctl option is enabled, a sysctl option
44245+ with name "forkfail_logging" is created.
44246+
44247+config GRKERNSEC_TIME
44248+ bool "Time change logging"
44249+ help
44250+ If you say Y here, any changes of the system clock will be logged.
44251+ If the sysctl option is enabled, a sysctl option with name
44252+ "timechange_logging" is created.
44253+
44254+config GRKERNSEC_PROC_IPADDR
44255+ bool "/proc/<pid>/ipaddr support"
44256+ help
44257+ If you say Y here, a new entry will be added to each /proc/<pid>
44258+ directory that contains the IP address of the person using the task.
44259+ The IP is carried across local TCP and AF_UNIX stream sockets.
44260+ This information can be useful for IDS/IPSes to perform remote response
44261+ to a local attack. The entry is readable by only the owner of the
44262+ process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
44263+ the RBAC system), and thus does not create privacy concerns.
44264+
44265+config GRKERNSEC_RWXMAP_LOG
44266+ bool 'Denied RWX mmap/mprotect logging'
44267+ depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
44268+ help
44269+ If you say Y here, calls to mmap() and mprotect() with explicit
44270+ usage of PROT_WRITE and PROT_EXEC together will be logged when
44271+ denied by the PAX_MPROTECT feature. If the sysctl option is
44272+ enabled, a sysctl option with name "rwxmap_logging" is created.
44273+
44274+config GRKERNSEC_AUDIT_TEXTREL
44275+ bool 'ELF text relocations logging (READ HELP)'
44276+ depends on PAX_MPROTECT
44277+ help
44278+ If you say Y here, text relocations will be logged with the filename
44279+ of the offending library or binary. The purpose of the feature is
44280+ to help Linux distribution developers get rid of libraries and
44281+ binaries that need text relocations which hinder the future progress
44282+ of PaX. Only Linux distribution developers should say Y here, and
44283+ never on a production machine, as this option creates an information
44284+ leak that could aid an attacker in defeating the randomization of
44285+ a single memory region. If the sysctl option is enabled, a sysctl
44286+ option with name "audit_textrel" is created.
44287+
44288+endmenu
44289+
44290+menu "Executable Protections"
44291+depends on GRKERNSEC
44292+
44293+config GRKERNSEC_EXECVE
44294+ bool "Enforce RLIMIT_NPROC on execs"
44295+ help
44296+ If you say Y here, users with a resource limit on processes will
44297+ have the value checked during execve() calls. The current system
44298+ only checks the system limit during fork() calls. If the sysctl option
44299+ is enabled, a sysctl option with name "execve_limiting" is created.
44300+
44301+config GRKERNSEC_DMESG
44302+ bool "Dmesg(8) restriction"
44303+ help
44304+ If you say Y here, non-root users will not be able to use dmesg(8)
44305+ to view up to the last 4kb of messages in the kernel's log buffer.
44306+ The kernel's log buffer often contains kernel addresses and other
44307+ identifying information useful to an attacker in fingerprinting a
44308+ system for a targeted exploit.
44309+ If the sysctl option is enabled, a sysctl option with name "dmesg" is
44310+ created.
44311+
44312+config GRKERNSEC_HARDEN_PTRACE
44313+ bool "Deter ptrace-based process snooping"
44314+ help
44315+ If you say Y here, TTY sniffers and other malicious monitoring
44316+ programs implemented through ptrace will be defeated. If you
44317+ have been using the RBAC system, this option has already been
44318+ enabled for several years for all users, with the ability to make
44319+ fine-grained exceptions.
44320+
44321+ This option only affects the ability of non-root users to ptrace
44322+ processes that are not a descendent of the ptracing process.
44323+ This means that strace ./binary and gdb ./binary will still work,
44324+ but attaching to arbitrary processes will not. If the sysctl
44325+ option is enabled, a sysctl option with name "harden_ptrace" is
44326+ created.
44327+
44328+config GRKERNSEC_TPE
44329+ bool "Trusted Path Execution (TPE)"
44330+ help
44331+ If you say Y here, you will be able to choose a gid to add to the
44332+ supplementary groups of users you want to mark as "untrusted."
44333+ These users will not be able to execute any files that are not in
44334+ root-owned directories writable only by root. If the sysctl option
44335+ is enabled, a sysctl option with name "tpe" is created.
44336+
44337+config GRKERNSEC_TPE_ALL
44338+ bool "Partially restrict all non-root users"
44339+ depends on GRKERNSEC_TPE
44340+ help
44341+ If you say Y here, all non-root users will be covered under
44342+ a weaker TPE restriction. This is separate from, and in addition to,
44343+ the main TPE options that you have selected elsewhere. Thus, if a
44344+ "trusted" GID is chosen, this restriction applies to even that GID.
44345+ Under this restriction, all non-root users will only be allowed to
44346+ execute files in directories they own that are not group or
44347+ world-writable, or in directories owned by root and writable only by
44348+ root. If the sysctl option is enabled, a sysctl option with name
44349+ "tpe_restrict_all" is created.
44350+
44351+config GRKERNSEC_TPE_INVERT
44352+ bool "Invert GID option"
44353+ depends on GRKERNSEC_TPE
44354+ help
44355+ If you say Y here, the group you specify in the TPE configuration will
44356+ decide what group TPE restrictions will be *disabled* for. This
44357+ option is useful if you want TPE restrictions to be applied to most
44358+ users on the system. If the sysctl option is enabled, a sysctl option
44359+ with name "tpe_invert" is created. Unlike other sysctl options, this
44360+ entry will default to on for backward-compatibility.
44361+
44362+config GRKERNSEC_TPE_GID
44363+ int "GID for untrusted users"
44364+ depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
44365+ default 1005
44366+ help
44367+ Setting this GID determines what group TPE restrictions will be
44368+ *enabled* for. If the sysctl option is enabled, a sysctl option
44369+ with name "tpe_gid" is created.
44370+
44371+config GRKERNSEC_TPE_GID
44372+ int "GID for trusted users"
44373+ depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
44374+ default 1005
44375+ help
44376+ Setting this GID determines what group TPE restrictions will be
44377+ *disabled* for. If the sysctl option is enabled, a sysctl option
44378+ with name "tpe_gid" is created.
44379+
44380+endmenu
44381+menu "Network Protections"
44382+depends on GRKERNSEC
44383+
44384+config GRKERNSEC_RANDNET
44385+ bool "Larger entropy pools"
44386+ help
44387+ If you say Y here, the entropy pools used for many features of Linux
44388+ and grsecurity will be doubled in size. Since several grsecurity
44389+ features use additional randomness, it is recommended that you say Y
44390+ here. Saying Y here has a similar effect as modifying
44391+ /proc/sys/kernel/random/poolsize.
44392+
44393+config GRKERNSEC_BLACKHOLE
44394+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
44395+ help
44396+ If you say Y here, neither TCP resets nor ICMP
44397+ destination-unreachable packets will be sent in response to packets
44398+ sent to ports for which no associated listening process exists.
44399+ This feature supports both IPV4 and IPV6 and exempts the
44400+ loopback interface from blackholing. Enabling this feature
44401+ makes a host more resilient to DoS attacks and reduces network
44402+ visibility against scanners.
44403+
44404+ The blackhole feature as-implemented is equivalent to the FreeBSD
44405+ blackhole feature, as it prevents RST responses to all packets, not
44406+ just SYNs. Under most application behavior this causes no
44407+ problems, but applications (like haproxy) may not close certain
44408+ connections in a way that cleanly terminates them on the remote
44409+ end, leaving the remote host in LAST_ACK state. Because of this
44410+ side-effect and to prevent intentional LAST_ACK DoSes, this
44411+ feature also adds automatic mitigation against such attacks.
44412+ The mitigation drastically reduces the amount of time a socket
44413+ can spend in LAST_ACK state. If you're using haproxy and not
44414+ all servers it connects to have this option enabled, consider
44415+ disabling this feature on the haproxy host.
44416+
44417+ If the sysctl option is enabled, two sysctl options with names
44418+ "ip_blackhole" and "lastack_retries" will be created.
44419+ While "ip_blackhole" takes the standard zero/non-zero on/off
44420+ toggle, "lastack_retries" uses the same kinds of values as
44421+ "tcp_retries1" and "tcp_retries2". The default value of 4
44422+ prevents a socket from lasting more than 45 seconds in LAST_ACK
44423+ state.
44424+
44425+config GRKERNSEC_SOCKET
44426+ bool "Socket restrictions"
44427+ help
44428+ If you say Y here, you will be able to choose from several options.
44429+ If you assign a GID on your system and add it to the supplementary
44430+ groups of users you want to restrict socket access to, this patch
44431+ will perform up to three things, based on the option(s) you choose.
44432+
44433+config GRKERNSEC_SOCKET_ALL
44434+ bool "Deny any sockets to group"
44435+ depends on GRKERNSEC_SOCKET
44436+ help
44437+ If you say Y here, you will be able to choose a GID of whose users will
44438+ be unable to connect to other hosts from your machine or run server
44439+ applications from your machine. If the sysctl option is enabled, a
44440+ sysctl option with name "socket_all" is created.
44441+
44442+config GRKERNSEC_SOCKET_ALL_GID
44443+ int "GID to deny all sockets for"
44444+ depends on GRKERNSEC_SOCKET_ALL
44445+ default 1004
44446+ help
44447+ Here you can choose the GID to disable socket access for. Remember to
44448+ add the users you want socket access disabled for to the GID
44449+ specified here. If the sysctl option is enabled, a sysctl option
44450+ with name "socket_all_gid" is created.
44451+
44452+config GRKERNSEC_SOCKET_CLIENT
44453+ bool "Deny client sockets to group"
44454+ depends on GRKERNSEC_SOCKET
44455+ help
44456+ If you say Y here, you will be able to choose a GID of whose users will
44457+ be unable to connect to other hosts from your machine, but will be
44458+ able to run servers. If this option is enabled, all users in the group
44459+ you specify will have to use passive mode when initiating ftp transfers
44460+ from the shell on your machine. If the sysctl option is enabled, a
44461+ sysctl option with name "socket_client" is created.
44462+
44463+config GRKERNSEC_SOCKET_CLIENT_GID
44464+ int "GID to deny client sockets for"
44465+ depends on GRKERNSEC_SOCKET_CLIENT
44466+ default 1003
44467+ help
44468+ Here you can choose the GID to disable client socket access for.
44469+ Remember to add the users you want client socket access disabled for to
44470+ the GID specified here. If the sysctl option is enabled, a sysctl
44471+ option with name "socket_client_gid" is created.
44472+
44473+config GRKERNSEC_SOCKET_SERVER
44474+ bool "Deny server sockets to group"
44475+ depends on GRKERNSEC_SOCKET
44476+ help
44477+ If you say Y here, you will be able to choose a GID of whose users will
44478+ be unable to run server applications from your machine. If the sysctl
44479+ option is enabled, a sysctl option with name "socket_server" is created.
44480+
44481+config GRKERNSEC_SOCKET_SERVER_GID
44482+ int "GID to deny server sockets for"
44483+ depends on GRKERNSEC_SOCKET_SERVER
44484+ default 1002
44485+ help
44486+ Here you can choose the GID to disable server socket access for.
44487+ Remember to add the users you want server socket access disabled for to
44488+ the GID specified here. If the sysctl option is enabled, a sysctl
44489+ option with name "socket_server_gid" is created.
44490+
44491+endmenu
44492+menu "Sysctl support"
44493+depends on GRKERNSEC && SYSCTL
44494+
44495+config GRKERNSEC_SYSCTL
44496+ bool "Sysctl support"
44497+ help
44498+ If you say Y here, you will be able to change the options that
44499+ grsecurity runs with at bootup, without having to recompile your
44500+ kernel. You can echo values to files in /proc/sys/kernel/grsecurity
44501+ to enable (1) or disable (0) various features. All the sysctl entries
44502+ are mutable until the "grsec_lock" entry is set to a non-zero value.
44503+ All features enabled in the kernel configuration are disabled at boot
44504+ if you do not say Y to the "Turn on features by default" option.
44505+ All options should be set at startup, and the grsec_lock entry should
44506+ be set to a non-zero value after all the options are set.
44507+ *THIS IS EXTREMELY IMPORTANT*
44508+
44509+config GRKERNSEC_SYSCTL_DISTRO
44510+ bool "Extra sysctl support for distro makers (READ HELP)"
44511+ depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO
44512+ help
44513+ If you say Y here, additional sysctl options will be created
44514+ for features that affect processes running as root. Therefore,
44515+ it is critical when using this option that the grsec_lock entry be
44516+ enabled after boot. Only distros with prebuilt kernel packages
44517+ with this option enabled that can ensure grsec_lock is enabled
44518+ after boot should use this option.
44519+ *Failure to set grsec_lock after boot makes all grsec features
44520+ this option covers useless*
44521+
44522+ Currently this option creates the following sysctl entries:
44523+ "Disable Privileged I/O": "disable_priv_io"
44524+
44525+config GRKERNSEC_SYSCTL_ON
44526+ bool "Turn on features by default"
44527+ depends on GRKERNSEC_SYSCTL
44528+ help
44529+ If you say Y here, instead of having all features enabled in the
44530+ kernel configuration disabled at boot time, the features will be
44531+ enabled at boot time. It is recommended you say Y here unless
44532+ there is some reason you would want all sysctl-tunable features to
44533+ be disabled by default. As mentioned elsewhere, it is important
44534+ to enable the grsec_lock entry once you have finished modifying
44535+ the sysctl entries.
44536+
44537+endmenu
44538+menu "Logging Options"
44539+depends on GRKERNSEC
44540+
44541+config GRKERNSEC_FLOODTIME
44542+ int "Seconds in between log messages (minimum)"
44543+ default 10
44544+ help
44545+ This option allows you to enforce the number of seconds between
44546+ grsecurity log messages. The default should be suitable for most
44547+ people, however, if you choose to change it, choose a value small enough
44548+ to allow informative logs to be produced, but large enough to
44549+ prevent flooding.
44550+
44551+config GRKERNSEC_FLOODBURST
44552+ int "Number of messages in a burst (maximum)"
44553+ default 4
44554+ help
44555+ This option allows you to choose the maximum number of messages allowed
44556+ within the flood time interval you chose in a separate option. The
44557+ default should be suitable for most people, however if you find that
44558+ many of your logs are being interpreted as flooding, you may want to
44559+ raise this value.
44560+
44561+endmenu
44562+
44563+endmenu
44564diff -urNp linux-2.6.38.2/grsecurity/Makefile linux-2.6.38.2/grsecurity/Makefile
44565--- linux-2.6.38.2/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
44566+++ linux-2.6.38.2/grsecurity/Makefile 2011-03-21 18:31:35.000000000 -0400
44567@@ -0,0 +1,29 @@
44568+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
44569+# during 2001-2009 it has been completely redesigned by Brad Spengler
44570+# into an RBAC system
44571+#
44572+# All code in this directory and various hooks inserted throughout the kernel
44573+# are copyright Brad Spengler - Open Source Security, Inc., and released
44574+# under the GPL v2 or higher
44575+
44576+obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
44577+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
44578+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
44579+
44580+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
44581+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
44582+ gracl_learn.o grsec_log.o
44583+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
44584+
44585+ifndef CONFIG_GRKERNSEC
44586+obj-y += grsec_disabled.o
44587+endif
44588+
44589+ifdef CONFIG_GRKERNSEC_HIDESYM
44590+extra-y := grsec_hidesym.o
44591+$(obj)/grsec_hidesym.o:
44592+ @-chmod -f 500 /boot
44593+ @-chmod -f 500 /lib/modules
44594+ @-chmod -f 700 .
44595+ @echo ' grsec: protected kernel image paths'
44596+endif
44597diff -urNp linux-2.6.38.2/include/acpi/acoutput.h linux-2.6.38.2/include/acpi/acoutput.h
44598--- linux-2.6.38.2/include/acpi/acoutput.h 2011-03-14 21:20:32.000000000 -0400
44599+++ linux-2.6.38.2/include/acpi/acoutput.h 2011-03-21 18:31:35.000000000 -0400
44600@@ -269,8 +269,8 @@
44601 * leaving no executable debug code!
44602 */
44603 #define ACPI_FUNCTION_NAME(a)
44604-#define ACPI_DEBUG_PRINT(pl)
44605-#define ACPI_DEBUG_PRINT_RAW(pl)
44606+#define ACPI_DEBUG_PRINT(pl) do {} while (0)
44607+#define ACPI_DEBUG_PRINT_RAW(pl) do {} while (0)
44608
44609 #endif /* ACPI_DEBUG_OUTPUT */
44610
44611diff -urNp linux-2.6.38.2/include/acpi/acpi_drivers.h linux-2.6.38.2/include/acpi/acpi_drivers.h
44612--- linux-2.6.38.2/include/acpi/acpi_drivers.h 2011-03-14 21:20:32.000000000 -0400
44613+++ linux-2.6.38.2/include/acpi/acpi_drivers.h 2011-03-21 18:31:35.000000000 -0400
44614@@ -119,8 +119,8 @@ void pci_acpi_crs_quirks(void);
44615 Dock Station
44616 -------------------------------------------------------------------------- */
44617 struct acpi_dock_ops {
44618- acpi_notify_handler handler;
44619- acpi_notify_handler uevent;
44620+ const acpi_notify_handler handler;
44621+ const acpi_notify_handler uevent;
44622 };
44623
44624 #if defined(CONFIG_ACPI_DOCK) || defined(CONFIG_ACPI_DOCK_MODULE)
44625@@ -128,7 +128,7 @@ extern int is_dock_device(acpi_handle ha
44626 extern int register_dock_notifier(struct notifier_block *nb);
44627 extern void unregister_dock_notifier(struct notifier_block *nb);
44628 extern int register_hotplug_dock_device(acpi_handle handle,
44629- struct acpi_dock_ops *ops,
44630+ const struct acpi_dock_ops *ops,
44631 void *context);
44632 extern void unregister_hotplug_dock_device(acpi_handle handle);
44633 #else
44634@@ -144,7 +144,7 @@ static inline void unregister_dock_notif
44635 {
44636 }
44637 static inline int register_hotplug_dock_device(acpi_handle handle,
44638- struct acpi_dock_ops *ops,
44639+ const struct acpi_dock_ops *ops,
44640 void *context)
44641 {
44642 return -ENODEV;
44643diff -urNp linux-2.6.38.2/include/asm-generic/atomic-long.h linux-2.6.38.2/include/asm-generic/atomic-long.h
44644--- linux-2.6.38.2/include/asm-generic/atomic-long.h 2011-03-14 21:20:32.000000000 -0400
44645+++ linux-2.6.38.2/include/asm-generic/atomic-long.h 2011-03-21 18:31:35.000000000 -0400
44646@@ -22,6 +22,12 @@
44647
44648 typedef atomic64_t atomic_long_t;
44649
44650+#ifdef CONFIG_PAX_REFCOUNT
44651+typedef atomic64_unchecked_t atomic_long_unchecked_t;
44652+#else
44653+typedef atomic64_t atomic_long_unchecked_t;
44654+#endif
44655+
44656 #define ATOMIC_LONG_INIT(i) ATOMIC64_INIT(i)
44657
44658 static inline long atomic_long_read(atomic_long_t *l)
44659@@ -31,6 +37,15 @@ static inline long atomic_long_read(atom
44660 return (long)atomic64_read(v);
44661 }
44662
44663+#ifdef CONFIG_PAX_REFCOUNT
44664+static inline long atomic_long_read_unchecked(atomic_long_unchecked_t *l)
44665+{
44666+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44667+
44668+ return (long)atomic64_read_unchecked(v);
44669+}
44670+#endif
44671+
44672 static inline void atomic_long_set(atomic_long_t *l, long i)
44673 {
44674 atomic64_t *v = (atomic64_t *)l;
44675@@ -38,6 +53,15 @@ static inline void atomic_long_set(atomi
44676 atomic64_set(v, i);
44677 }
44678
44679+#ifdef CONFIG_PAX_REFCOUNT
44680+static inline void atomic_long_set_unchecked(atomic_long_unchecked_t *l, long i)
44681+{
44682+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44683+
44684+ atomic64_set_unchecked(v, i);
44685+}
44686+#endif
44687+
44688 static inline void atomic_long_inc(atomic_long_t *l)
44689 {
44690 atomic64_t *v = (atomic64_t *)l;
44691@@ -45,6 +69,15 @@ static inline void atomic_long_inc(atomi
44692 atomic64_inc(v);
44693 }
44694
44695+#ifdef CONFIG_PAX_REFCOUNT
44696+static inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l)
44697+{
44698+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44699+
44700+ atomic64_inc_unchecked(v);
44701+}
44702+#endif
44703+
44704 static inline void atomic_long_dec(atomic_long_t *l)
44705 {
44706 atomic64_t *v = (atomic64_t *)l;
44707@@ -52,6 +85,15 @@ static inline void atomic_long_dec(atomi
44708 atomic64_dec(v);
44709 }
44710
44711+#ifdef CONFIG_PAX_REFCOUNT
44712+static inline void atomic_long_dec_unchecked(atomic_long_unchecked_t *l)
44713+{
44714+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44715+
44716+ atomic64_dec_unchecked(v);
44717+}
44718+#endif
44719+
44720 static inline void atomic_long_add(long i, atomic_long_t *l)
44721 {
44722 atomic64_t *v = (atomic64_t *)l;
44723@@ -59,6 +101,15 @@ static inline void atomic_long_add(long
44724 atomic64_add(i, v);
44725 }
44726
44727+#ifdef CONFIG_PAX_REFCOUNT
44728+static inline void atomic_long_add_unchecked(long i, atomic_long_unchecked_t *l)
44729+{
44730+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44731+
44732+ atomic64_add_unchecked(i, v);
44733+}
44734+#endif
44735+
44736 static inline void atomic_long_sub(long i, atomic_long_t *l)
44737 {
44738 atomic64_t *v = (atomic64_t *)l;
44739@@ -66,6 +117,15 @@ static inline void atomic_long_sub(long
44740 atomic64_sub(i, v);
44741 }
44742
44743+#ifdef CONFIG_PAX_REFCOUNT
44744+static inline void atomic_long_sub_unchecked(long i, atomic_long_unchecked_t *l)
44745+{
44746+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44747+
44748+ atomic64_sub_unchecked(i, v);
44749+}
44750+#endif
44751+
44752 static inline int atomic_long_sub_and_test(long i, atomic_long_t *l)
44753 {
44754 atomic64_t *v = (atomic64_t *)l;
44755@@ -115,6 +175,15 @@ static inline long atomic_long_inc_retur
44756 return (long)atomic64_inc_return(v);
44757 }
44758
44759+#ifdef CONFIG_PAX_REFCOUNT
44760+static inline long atomic_long_inc_return_unchecked(atomic_long_unchecked_t *l)
44761+{
44762+ atomic64_unchecked_t *v = (atomic64_unchecked_t *)l;
44763+
44764+ return (long)atomic64_inc_return_unchecked(v);
44765+}
44766+#endif
44767+
44768 static inline long atomic_long_dec_return(atomic_long_t *l)
44769 {
44770 atomic64_t *v = (atomic64_t *)l;
44771@@ -140,6 +209,12 @@ static inline long atomic_long_add_unles
44772
44773 typedef atomic_t atomic_long_t;
44774
44775+#ifdef CONFIG_PAX_REFCOUNT
44776+typedef atomic_unchecked_t atomic_long_unchecked_t;
44777+#else
44778+typedef atomic_t atomic_long_unchecked_t;
44779+#endif
44780+
44781 #define ATOMIC_LONG_INIT(i) ATOMIC_INIT(i)
44782 static inline long atomic_long_read(atomic_long_t *l)
44783 {
44784@@ -148,6 +223,15 @@ static inline long atomic_long_read(atom
44785 return (long)atomic_read(v);
44786 }
44787
44788+#ifdef CONFIG_PAX_REFCOUNT
44789+static inline long atomic_long_read_unchecked(atomic_long_unchecked_t *l)
44790+{
44791+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44792+
44793+ return (long)atomic_read_unchecked(v);
44794+}
44795+#endif
44796+
44797 static inline void atomic_long_set(atomic_long_t *l, long i)
44798 {
44799 atomic_t *v = (atomic_t *)l;
44800@@ -155,6 +239,15 @@ static inline void atomic_long_set(atomi
44801 atomic_set(v, i);
44802 }
44803
44804+#ifdef CONFIG_PAX_REFCOUNT
44805+static inline void atomic_long_set_unchecked(atomic_long_unchecked_t *l, long i)
44806+{
44807+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44808+
44809+ atomic_set_unchecked(v, i);
44810+}
44811+#endif
44812+
44813 static inline void atomic_long_inc(atomic_long_t *l)
44814 {
44815 atomic_t *v = (atomic_t *)l;
44816@@ -162,6 +255,15 @@ static inline void atomic_long_inc(atomi
44817 atomic_inc(v);
44818 }
44819
44820+#ifdef CONFIG_PAX_REFCOUNT
44821+static inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l)
44822+{
44823+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44824+
44825+ atomic_inc_unchecked(v);
44826+}
44827+#endif
44828+
44829 static inline void atomic_long_dec(atomic_long_t *l)
44830 {
44831 atomic_t *v = (atomic_t *)l;
44832@@ -169,6 +271,15 @@ static inline void atomic_long_dec(atomi
44833 atomic_dec(v);
44834 }
44835
44836+#ifdef CONFIG_PAX_REFCOUNT
44837+static inline void atomic_long_dec_unchecked(atomic_long_unchecked_t *l)
44838+{
44839+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44840+
44841+ atomic_dec_unchecked(v);
44842+}
44843+#endif
44844+
44845 static inline void atomic_long_add(long i, atomic_long_t *l)
44846 {
44847 atomic_t *v = (atomic_t *)l;
44848@@ -176,6 +287,15 @@ static inline void atomic_long_add(long
44849 atomic_add(i, v);
44850 }
44851
44852+#ifdef CONFIG_PAX_REFCOUNT
44853+static inline void atomic_long_add_unchecked(long i, atomic_long_unchecked_t *l)
44854+{
44855+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44856+
44857+ atomic_add_unchecked(i, v);
44858+}
44859+#endif
44860+
44861 static inline void atomic_long_sub(long i, atomic_long_t *l)
44862 {
44863 atomic_t *v = (atomic_t *)l;
44864@@ -183,6 +303,15 @@ static inline void atomic_long_sub(long
44865 atomic_sub(i, v);
44866 }
44867
44868+#ifdef CONFIG_PAX_REFCOUNT
44869+static inline void atomic_long_sub_unchecked(long i, atomic_long_unchecked_t *l)
44870+{
44871+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44872+
44873+ atomic_sub_unchecked(i, v);
44874+}
44875+#endif
44876+
44877 static inline int atomic_long_sub_and_test(long i, atomic_long_t *l)
44878 {
44879 atomic_t *v = (atomic_t *)l;
44880@@ -232,6 +361,15 @@ static inline long atomic_long_inc_retur
44881 return (long)atomic_inc_return(v);
44882 }
44883
44884+#ifdef CONFIG_PAX_REFCOUNT
44885+static inline long atomic_long_inc_return_unchecked(atomic_long_unchecked_t *l)
44886+{
44887+ atomic_unchecked_t *v = (atomic_unchecked_t *)l;
44888+
44889+ return (long)atomic_inc_return_unchecked(v);
44890+}
44891+#endif
44892+
44893 static inline long atomic_long_dec_return(atomic_long_t *l)
44894 {
44895 atomic_t *v = (atomic_t *)l;
44896@@ -255,4 +393,41 @@ static inline long atomic_long_add_unles
44897
44898 #endif /* BITS_PER_LONG == 64 */
44899
44900+#ifdef CONFIG_PAX_REFCOUNT
44901+static inline void pax_refcount_needs_these_functions(void)
44902+{
44903+ atomic_read_unchecked((atomic_unchecked_t *)NULL);
44904+ atomic_set_unchecked((atomic_unchecked_t *)NULL, 0);
44905+ atomic_add_unchecked(0, (atomic_unchecked_t *)NULL);
44906+ atomic_sub_unchecked(0, (atomic_unchecked_t *)NULL);
44907+ atomic_inc_unchecked((atomic_unchecked_t *)NULL);
44908+ atomic_inc_return_unchecked((atomic_unchecked_t *)NULL);
44909+ atomic_add_return_unchecked(0, (atomic_unchecked_t *)NULL);
44910+
44911+ atomic_long_read_unchecked((atomic_long_unchecked_t *)NULL);
44912+ atomic_long_set_unchecked((atomic_long_unchecked_t *)NULL, 0);
44913+ atomic_long_add_unchecked(0, (atomic_long_unchecked_t *)NULL);
44914+ atomic_long_sub_unchecked(0, (atomic_long_unchecked_t *)NULL);
44915+ atomic_long_inc_unchecked((atomic_long_unchecked_t *)NULL);
44916+ atomic_long_inc_return_unchecked((atomic_long_unchecked_t *)NULL);
44917+ atomic_long_dec_unchecked((atomic_long_unchecked_t *)NULL);
44918+}
44919+#else
44920+#define atomic_read_unchecked(v) atomic_read(v)
44921+#define atomic_set_unchecked(v, i) atomic_set((v), (i))
44922+#define atomic_add_unchecked(i, v) atomic_add((i), (v))
44923+#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
44924+#define atomic_inc_unchecked(v) atomic_inc(v)
44925+#define atomic_inc_return_unchecked(v) atomic_inc_return(v)
44926+#define atomic_add_return_unchecked(i, v) atomic_add_return((i), (v))
44927+
44928+#define atomic_long_read_unchecked(v) atomic_long_read(v)
44929+#define atomic_long_set_unchecked(v, i) atomic_long_set((v), (i))
44930+#define atomic_long_add_unchecked(i, v) atomic_long_add((i), (v))
44931+#define atomic_long_sub_unchecked(i, v) atomic_long_sub((i), (v))
44932+#define atomic_long_inc_unchecked(v) atomic_long_inc(v)
44933+#define atomic_long_inc_return_unchecked(v) atomic_long_inc_return(v)
44934+#define atomic_long_dec_unchecked(v) atomic_long_dec(v)
44935+#endif
44936+
44937 #endif /* _ASM_GENERIC_ATOMIC_LONG_H */
44938diff -urNp linux-2.6.38.2/include/asm-generic/dma-mapping-common.h linux-2.6.38.2/include/asm-generic/dma-mapping-common.h
44939--- linux-2.6.38.2/include/asm-generic/dma-mapping-common.h 2011-03-14 21:20:32.000000000 -0400
44940+++ linux-2.6.38.2/include/asm-generic/dma-mapping-common.h 2011-03-21 18:31:35.000000000 -0400
44941@@ -11,7 +11,7 @@ static inline dma_addr_t dma_map_single_
44942 enum dma_data_direction dir,
44943 struct dma_attrs *attrs)
44944 {
44945- struct dma_map_ops *ops = get_dma_ops(dev);
44946+ const struct dma_map_ops *ops = get_dma_ops(dev);
44947 dma_addr_t addr;
44948
44949 kmemcheck_mark_initialized(ptr, size);
44950@@ -30,7 +30,7 @@ static inline void dma_unmap_single_attr
44951 enum dma_data_direction dir,
44952 struct dma_attrs *attrs)
44953 {
44954- struct dma_map_ops *ops = get_dma_ops(dev);
44955+ const struct dma_map_ops *ops = get_dma_ops(dev);
44956
44957 BUG_ON(!valid_dma_direction(dir));
44958 if (ops->unmap_page)
44959@@ -42,7 +42,7 @@ static inline int dma_map_sg_attrs(struc
44960 int nents, enum dma_data_direction dir,
44961 struct dma_attrs *attrs)
44962 {
44963- struct dma_map_ops *ops = get_dma_ops(dev);
44964+ const struct dma_map_ops *ops = get_dma_ops(dev);
44965 int i, ents;
44966 struct scatterlist *s;
44967
44968@@ -59,7 +59,7 @@ static inline void dma_unmap_sg_attrs(st
44969 int nents, enum dma_data_direction dir,
44970 struct dma_attrs *attrs)
44971 {
44972- struct dma_map_ops *ops = get_dma_ops(dev);
44973+ const struct dma_map_ops *ops = get_dma_ops(dev);
44974
44975 BUG_ON(!valid_dma_direction(dir));
44976 debug_dma_unmap_sg(dev, sg, nents, dir);
44977@@ -71,7 +71,7 @@ static inline dma_addr_t dma_map_page(st
44978 size_t offset, size_t size,
44979 enum dma_data_direction dir)
44980 {
44981- struct dma_map_ops *ops = get_dma_ops(dev);
44982+ const struct dma_map_ops *ops = get_dma_ops(dev);
44983 dma_addr_t addr;
44984
44985 kmemcheck_mark_initialized(page_address(page) + offset, size);
44986@@ -85,7 +85,7 @@ static inline dma_addr_t dma_map_page(st
44987 static inline void dma_unmap_page(struct device *dev, dma_addr_t addr,
44988 size_t size, enum dma_data_direction dir)
44989 {
44990- struct dma_map_ops *ops = get_dma_ops(dev);
44991+ const struct dma_map_ops *ops = get_dma_ops(dev);
44992
44993 BUG_ON(!valid_dma_direction(dir));
44994 if (ops->unmap_page)
44995@@ -97,7 +97,7 @@ static inline void dma_sync_single_for_c
44996 size_t size,
44997 enum dma_data_direction dir)
44998 {
44999- struct dma_map_ops *ops = get_dma_ops(dev);
45000+ const struct dma_map_ops *ops = get_dma_ops(dev);
45001
45002 BUG_ON(!valid_dma_direction(dir));
45003 if (ops->sync_single_for_cpu)
45004@@ -109,7 +109,7 @@ static inline void dma_sync_single_for_d
45005 dma_addr_t addr, size_t size,
45006 enum dma_data_direction dir)
45007 {
45008- struct dma_map_ops *ops = get_dma_ops(dev);
45009+ const struct dma_map_ops *ops = get_dma_ops(dev);
45010
45011 BUG_ON(!valid_dma_direction(dir));
45012 if (ops->sync_single_for_device)
45013@@ -139,7 +139,7 @@ static inline void
45014 dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sg,
45015 int nelems, enum dma_data_direction dir)
45016 {
45017- struct dma_map_ops *ops = get_dma_ops(dev);
45018+ const struct dma_map_ops *ops = get_dma_ops(dev);
45019
45020 BUG_ON(!valid_dma_direction(dir));
45021 if (ops->sync_sg_for_cpu)
45022@@ -151,7 +151,7 @@ static inline void
45023 dma_sync_sg_for_device(struct device *dev, struct scatterlist *sg,
45024 int nelems, enum dma_data_direction dir)
45025 {
45026- struct dma_map_ops *ops = get_dma_ops(dev);
45027+ const struct dma_map_ops *ops = get_dma_ops(dev);
45028
45029 BUG_ON(!valid_dma_direction(dir));
45030 if (ops->sync_sg_for_device)
45031diff -urNp linux-2.6.38.2/include/asm-generic/futex.h linux-2.6.38.2/include/asm-generic/futex.h
45032--- linux-2.6.38.2/include/asm-generic/futex.h 2011-03-14 21:20:32.000000000 -0400
45033+++ linux-2.6.38.2/include/asm-generic/futex.h 2011-03-21 18:31:35.000000000 -0400
45034@@ -6,7 +6,7 @@
45035 #include <asm/errno.h>
45036
45037 static inline int
45038-futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
45039+futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
45040 {
45041 int op = (encoded_op >> 28) & 7;
45042 int cmp = (encoded_op >> 24) & 15;
45043@@ -48,7 +48,7 @@ futex_atomic_op_inuser (int encoded_op,
45044 }
45045
45046 static inline int
45047-futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
45048+futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, int newval)
45049 {
45050 return -ENOSYS;
45051 }
45052diff -urNp linux-2.6.38.2/include/asm-generic/int-l64.h linux-2.6.38.2/include/asm-generic/int-l64.h
45053--- linux-2.6.38.2/include/asm-generic/int-l64.h 2011-03-14 21:20:32.000000000 -0400
45054+++ linux-2.6.38.2/include/asm-generic/int-l64.h 2011-03-21 18:31:35.000000000 -0400
45055@@ -46,6 +46,8 @@ typedef unsigned int u32;
45056 typedef signed long s64;
45057 typedef unsigned long u64;
45058
45059+typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
45060+
45061 #define S8_C(x) x
45062 #define U8_C(x) x ## U
45063 #define S16_C(x) x
45064diff -urNp linux-2.6.38.2/include/asm-generic/int-ll64.h linux-2.6.38.2/include/asm-generic/int-ll64.h
45065--- linux-2.6.38.2/include/asm-generic/int-ll64.h 2011-03-14 21:20:32.000000000 -0400
45066+++ linux-2.6.38.2/include/asm-generic/int-ll64.h 2011-03-21 18:31:35.000000000 -0400
45067@@ -51,6 +51,8 @@ typedef unsigned int u32;
45068 typedef signed long long s64;
45069 typedef unsigned long long u64;
45070
45071+typedef unsigned long long intoverflow_t;
45072+
45073 #define S8_C(x) x
45074 #define U8_C(x) x ## U
45075 #define S16_C(x) x
45076diff -urNp linux-2.6.38.2/include/asm-generic/kmap_types.h linux-2.6.38.2/include/asm-generic/kmap_types.h
45077--- linux-2.6.38.2/include/asm-generic/kmap_types.h 2011-03-14 21:20:32.000000000 -0400
45078+++ linux-2.6.38.2/include/asm-generic/kmap_types.h 2011-03-21 18:31:35.000000000 -0400
45079@@ -29,10 +29,11 @@ KMAP_D(16) KM_IRQ_PTE,
45080 KMAP_D(17) KM_NMI,
45081 KMAP_D(18) KM_NMI_PTE,
45082 KMAP_D(19) KM_KDB,
45083+KMAP_D(20) KM_CLEARPAGE,
45084 /*
45085 * Remember to update debug_kmap_atomic() when adding new kmap types!
45086 */
45087-KMAP_D(20) KM_TYPE_NR
45088+KMAP_D(21) KM_TYPE_NR
45089 };
45090
45091 #undef KMAP_D
45092diff -urNp linux-2.6.38.2/include/asm-generic/pgtable.h linux-2.6.38.2/include/asm-generic/pgtable.h
45093--- linux-2.6.38.2/include/asm-generic/pgtable.h 2011-03-14 21:20:32.000000000 -0400
45094+++ linux-2.6.38.2/include/asm-generic/pgtable.h 2011-03-21 18:31:35.000000000 -0400
45095@@ -447,6 +447,14 @@ static inline int pmd_write(pmd_t pmd)
45096 #endif /* __HAVE_ARCH_PMD_WRITE */
45097 #endif
45098
45099+#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
45100+static inline unsigned long pax_open_kernel(void) { return 0; }
45101+#endif
45102+
45103+#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
45104+static inline unsigned long pax_close_kernel(void) { return 0; }
45105+#endif
45106+
45107 #endif /* !__ASSEMBLY__ */
45108
45109 #endif /* _ASM_GENERIC_PGTABLE_H */
45110diff -urNp linux-2.6.38.2/include/asm-generic/pgtable-nopmd.h linux-2.6.38.2/include/asm-generic/pgtable-nopmd.h
45111--- linux-2.6.38.2/include/asm-generic/pgtable-nopmd.h 2011-03-14 21:20:32.000000000 -0400
45112+++ linux-2.6.38.2/include/asm-generic/pgtable-nopmd.h 2011-03-21 18:31:35.000000000 -0400
45113@@ -1,14 +1,19 @@
45114 #ifndef _PGTABLE_NOPMD_H
45115 #define _PGTABLE_NOPMD_H
45116
45117-#ifndef __ASSEMBLY__
45118-
45119 #include <asm-generic/pgtable-nopud.h>
45120
45121-struct mm_struct;
45122-
45123 #define __PAGETABLE_PMD_FOLDED
45124
45125+#define PMD_SHIFT PUD_SHIFT
45126+#define PTRS_PER_PMD 1
45127+#define PMD_SIZE (_AC(1,UL) << PMD_SHIFT)
45128+#define PMD_MASK (~(PMD_SIZE-1))
45129+
45130+#ifndef __ASSEMBLY__
45131+
45132+struct mm_struct;
45133+
45134 /*
45135 * Having the pmd type consist of a pud gets the size right, and allows
45136 * us to conceptually access the pud entry that this pmd is folded into
45137@@ -16,11 +21,6 @@ struct mm_struct;
45138 */
45139 typedef struct { pud_t pud; } pmd_t;
45140
45141-#define PMD_SHIFT PUD_SHIFT
45142-#define PTRS_PER_PMD 1
45143-#define PMD_SIZE (1UL << PMD_SHIFT)
45144-#define PMD_MASK (~(PMD_SIZE-1))
45145-
45146 /*
45147 * The "pud_xxx()" functions here are trivial for a folded two-level
45148 * setup: the pmd is never bad, and a pmd always exists (as it's folded
45149diff -urNp linux-2.6.38.2/include/asm-generic/pgtable-nopud.h linux-2.6.38.2/include/asm-generic/pgtable-nopud.h
45150--- linux-2.6.38.2/include/asm-generic/pgtable-nopud.h 2011-03-14 21:20:32.000000000 -0400
45151+++ linux-2.6.38.2/include/asm-generic/pgtable-nopud.h 2011-03-21 18:31:35.000000000 -0400
45152@@ -1,10 +1,15 @@
45153 #ifndef _PGTABLE_NOPUD_H
45154 #define _PGTABLE_NOPUD_H
45155
45156-#ifndef __ASSEMBLY__
45157-
45158 #define __PAGETABLE_PUD_FOLDED
45159
45160+#define PUD_SHIFT PGDIR_SHIFT
45161+#define PTRS_PER_PUD 1
45162+#define PUD_SIZE (_AC(1,UL) << PUD_SHIFT)
45163+#define PUD_MASK (~(PUD_SIZE-1))
45164+
45165+#ifndef __ASSEMBLY__
45166+
45167 /*
45168 * Having the pud type consist of a pgd gets the size right, and allows
45169 * us to conceptually access the pgd entry that this pud is folded into
45170@@ -12,11 +17,6 @@
45171 */
45172 typedef struct { pgd_t pgd; } pud_t;
45173
45174-#define PUD_SHIFT PGDIR_SHIFT
45175-#define PTRS_PER_PUD 1
45176-#define PUD_SIZE (1UL << PUD_SHIFT)
45177-#define PUD_MASK (~(PUD_SIZE-1))
45178-
45179 /*
45180 * The "pgd_xxx()" functions here are trivial for a folded two-level
45181 * setup: the pud is never bad, and a pud always exists (as it's folded
45182diff -urNp linux-2.6.38.2/include/asm-generic/vmlinux.lds.h linux-2.6.38.2/include/asm-generic/vmlinux.lds.h
45183--- linux-2.6.38.2/include/asm-generic/vmlinux.lds.h 2011-03-14 21:20:32.000000000 -0400
45184+++ linux-2.6.38.2/include/asm-generic/vmlinux.lds.h 2011-03-21 18:31:35.000000000 -0400
45185@@ -213,6 +213,7 @@
45186 .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
45187 VMLINUX_SYMBOL(__start_rodata) = .; \
45188 *(.rodata) *(.rodata.*) \
45189+ *(.data..read_only) \
45190 *(__vermagic) /* Kernel version magic */ \
45191 . = ALIGN(8); \
45192 VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \
45193@@ -696,14 +697,15 @@
45194 * section in the linker script will go there too. @phdr should have
45195 * a leading colon.
45196 *
45197- * Note that this macros defines __per_cpu_load as an absolute symbol.
45198+ * Note that this macros defines per_cpu_load as an absolute symbol.
45199 * If there is no need to put the percpu section at a predetermined
45200 * address, use PERCPU().
45201 */
45202 #define PERCPU_VADDR(vaddr, phdr) \
45203- VMLINUX_SYMBOL(__per_cpu_load) = .; \
45204- .data..percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \
45205+ per_cpu_load = .; \
45206+ .data..percpu vaddr : AT(VMLINUX_SYMBOL(per_cpu_load) \
45207 - LOAD_OFFSET) { \
45208+ VMLINUX_SYMBOL(__per_cpu_load) = . + per_cpu_load; \
45209 VMLINUX_SYMBOL(__per_cpu_start) = .; \
45210 *(.data..percpu..first) \
45211 . = ALIGN(PAGE_SIZE); \
45212@@ -713,7 +715,7 @@
45213 *(.data..percpu..shared_aligned) \
45214 VMLINUX_SYMBOL(__per_cpu_end) = .; \
45215 } phdr \
45216- . = VMLINUX_SYMBOL(__per_cpu_load) + SIZEOF(.data..percpu);
45217+ . = VMLINUX_SYMBOL(per_cpu_load) + SIZEOF(.data..percpu);
45218
45219 /**
45220 * PERCPU - define output section for percpu area, simple version
45221diff -urNp linux-2.6.38.2/include/drm/drm_pciids.h linux-2.6.38.2/include/drm/drm_pciids.h
45222--- linux-2.6.38.2/include/drm/drm_pciids.h 2011-03-14 21:20:32.000000000 -0400
45223+++ linux-2.6.38.2/include/drm/drm_pciids.h 2011-03-21 18:31:35.000000000 -0400
45224@@ -458,7 +458,7 @@
45225 {0x1002, 0x9803, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
45226 {0x1002, 0x9804, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
45227 {0x1002, 0x9805, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \
45228- {0, 0, 0}
45229+ {0, 0, 0, 0, 0, 0}
45230
45231 #define r128_PCI_IDS \
45232 {0x1002, 0x4c45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45233@@ -498,14 +498,14 @@
45234 {0x1002, 0x5446, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45235 {0x1002, 0x544C, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45236 {0x1002, 0x5452, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45237- {0, 0, 0}
45238+ {0, 0, 0, 0, 0, 0}
45239
45240 #define mga_PCI_IDS \
45241 {0x102b, 0x0520, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
45242 {0x102b, 0x0521, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
45243 {0x102b, 0x0525, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G400}, \
45244 {0x102b, 0x2527, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G550}, \
45245- {0, 0, 0}
45246+ {0, 0, 0, 0, 0, 0}
45247
45248 #define mach64_PCI_IDS \
45249 {0x1002, 0x4749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45250@@ -528,7 +528,7 @@
45251 {0x1002, 0x4c53, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45252 {0x1002, 0x4c4d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45253 {0x1002, 0x4c4e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45254- {0, 0, 0}
45255+ {0, 0, 0, 0, 0, 0}
45256
45257 #define sisdrv_PCI_IDS \
45258 {0x1039, 0x0300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45259@@ -539,7 +539,7 @@
45260 {0x1039, 0x7300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45261 {0x18CA, 0x0040, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
45262 {0x18CA, 0x0042, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
45263- {0, 0, 0}
45264+ {0, 0, 0, 0, 0, 0}
45265
45266 #define tdfx_PCI_IDS \
45267 {0x121a, 0x0003, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45268@@ -548,7 +548,7 @@
45269 {0x121a, 0x0007, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45270 {0x121a, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45271 {0x121a, 0x000b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45272- {0, 0, 0}
45273+ {0, 0, 0, 0, 0, 0}
45274
45275 #define viadrv_PCI_IDS \
45276 {0x1106, 0x3022, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45277@@ -560,14 +560,14 @@
45278 {0x1106, 0x3343, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45279 {0x1106, 0x3230, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_DX9_0}, \
45280 {0x1106, 0x3157, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_PRO_GROUP_A}, \
45281- {0, 0, 0}
45282+ {0, 0, 0, 0, 0, 0}
45283
45284 #define i810_PCI_IDS \
45285 {0x8086, 0x7121, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45286 {0x8086, 0x7123, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45287 {0x8086, 0x7125, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45288 {0x8086, 0x1132, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45289- {0, 0, 0}
45290+ {0, 0, 0, 0, 0, 0}
45291
45292 #define i830_PCI_IDS \
45293 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45294@@ -575,11 +575,11 @@
45295 {0x8086, 0x3582, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45296 {0x8086, 0x2572, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45297 {0x8086, 0x358e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45298- {0, 0, 0}
45299+ {0, 0, 0, 0, 0, 0}
45300
45301 #define gamma_PCI_IDS \
45302 {0x3d3d, 0x0008, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
45303- {0, 0, 0}
45304+ {0, 0, 0, 0, 0, 0}
45305
45306 #define savage_PCI_IDS \
45307 {0x5333, 0x8a20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_SAVAGE3D}, \
45308@@ -605,10 +605,10 @@
45309 {0x5333, 0x8d02, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_TWISTER}, \
45310 {0x5333, 0x8d03, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
45311 {0x5333, 0x8d04, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
45312- {0, 0, 0}
45313+ {0, 0, 0, 0, 0, 0}
45314
45315 #define ffb_PCI_IDS \
45316- {0, 0, 0}
45317+ {0, 0, 0, 0, 0, 0}
45318
45319 #define i915_PCI_IDS \
45320 {0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
45321@@ -642,4 +642,4 @@
45322 {0x8086, 0x0042, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
45323 {0x8086, 0x0046, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
45324 {0x8086, 0x0102, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
45325- {0, 0, 0}
45326+ {0, 0, 0, 0, 0, 0}
45327diff -urNp linux-2.6.38.2/include/drm/drmP.h linux-2.6.38.2/include/drm/drmP.h
45328--- linux-2.6.38.2/include/drm/drmP.h 2011-03-14 21:20:32.000000000 -0400
45329+++ linux-2.6.38.2/include/drm/drmP.h 2011-03-21 18:31:35.000000000 -0400
45330@@ -73,6 +73,7 @@
45331 #include <linux/workqueue.h>
45332 #include <linux/poll.h>
45333 #include <asm/pgalloc.h>
45334+#include <asm/local.h>
45335 #include "drm.h"
45336
45337 #include <linux/idr.h>
45338@@ -881,7 +882,7 @@ struct drm_driver {
45339 void (*vgaarb_irq)(struct drm_device *dev, bool state);
45340
45341 /* Driver private ops for this object */
45342- struct vm_operations_struct *gem_vm_ops;
45343+ const struct vm_operations_struct *gem_vm_ops;
45344
45345 int major;
45346 int minor;
45347@@ -894,7 +895,7 @@ struct drm_driver {
45348 int dev_priv_size;
45349 struct drm_ioctl_desc *ioctls;
45350 int num_ioctls;
45351- struct file_operations fops;
45352+ const struct file_operations fops;
45353 struct pci_driver pci_driver;
45354 struct platform_device *platform_device;
45355 /* List of devices hanging off this driver */
45356@@ -991,7 +992,7 @@ struct drm_device {
45357
45358 /** \name Usage Counters */
45359 /*@{ */
45360- int open_count; /**< Outstanding files open */
45361+ local_t open_count; /**< Outstanding files open */
45362 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
45363 atomic_t vma_count; /**< Outstanding vma areas open */
45364 int buf_use; /**< Buffers in use -- cannot alloc */
45365@@ -1002,7 +1003,7 @@ struct drm_device {
45366 /*@{ */
45367 unsigned long counters;
45368 enum drm_stat_type types[15];
45369- atomic_t counts[15];
45370+ atomic_unchecked_t counts[15];
45371 /*@} */
45372
45373 struct list_head filelist;
45374@@ -1101,7 +1102,7 @@ struct drm_device {
45375 struct platform_device *platformdev; /**< Platform device struture */
45376
45377 struct drm_sg_mem *sg; /**< Scatter gather memory */
45378- unsigned int num_crtcs; /**< Number of CRTCs on this device */
45379+ unsigned int num_crtcs; /**< Number of CRTCs on this device */
45380 void *dev_private; /**< device private data */
45381 void *mm_private;
45382 struct address_space *dev_mapping;
45383diff -urNp linux-2.6.38.2/include/linux/a.out.h linux-2.6.38.2/include/linux/a.out.h
45384--- linux-2.6.38.2/include/linux/a.out.h 2011-03-14 21:20:32.000000000 -0400
45385+++ linux-2.6.38.2/include/linux/a.out.h 2011-03-21 18:31:35.000000000 -0400
45386@@ -39,6 +39,14 @@ enum machine_type {
45387 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
45388 };
45389
45390+/* Constants for the N_FLAGS field */
45391+#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
45392+#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
45393+#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
45394+#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
45395+/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
45396+#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
45397+
45398 #if !defined (N_MAGIC)
45399 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
45400 #endif
45401diff -urNp linux-2.6.38.2/include/linux/atmdev.h linux-2.6.38.2/include/linux/atmdev.h
45402--- linux-2.6.38.2/include/linux/atmdev.h 2011-03-14 21:20:32.000000000 -0400
45403+++ linux-2.6.38.2/include/linux/atmdev.h 2011-03-21 18:31:35.000000000 -0400
45404@@ -237,7 +237,7 @@ struct compat_atm_iobuf {
45405 #endif
45406
45407 struct k_atm_aal_stats {
45408-#define __HANDLE_ITEM(i) atomic_t i
45409+#define __HANDLE_ITEM(i) atomic_unchecked_t i
45410 __AAL_STAT_ITEMS
45411 #undef __HANDLE_ITEM
45412 };
45413diff -urNp linux-2.6.38.2/include/linux/binfmts.h linux-2.6.38.2/include/linux/binfmts.h
45414--- linux-2.6.38.2/include/linux/binfmts.h 2011-03-14 21:20:32.000000000 -0400
45415+++ linux-2.6.38.2/include/linux/binfmts.h 2011-03-21 18:31:35.000000000 -0400
45416@@ -92,6 +92,7 @@ struct linux_binfmt {
45417 int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
45418 int (*load_shlib)(struct file *);
45419 int (*core_dump)(struct coredump_params *cprm);
45420+ void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
45421 unsigned long min_coredump; /* minimal dump size */
45422 };
45423
45424diff -urNp linux-2.6.38.2/include/linux/blkdev.h linux-2.6.38.2/include/linux/blkdev.h
45425--- linux-2.6.38.2/include/linux/blkdev.h 2011-03-14 21:20:32.000000000 -0400
45426+++ linux-2.6.38.2/include/linux/blkdev.h 2011-03-21 18:31:35.000000000 -0400
45427@@ -1247,22 +1247,22 @@ queue_max_integrity_segments(struct requ
45428 #endif /* CONFIG_BLK_DEV_INTEGRITY */
45429
45430 struct block_device_operations {
45431- int (*open) (struct block_device *, fmode_t);
45432- int (*release) (struct gendisk *, fmode_t);
45433- int (*ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
45434- int (*compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
45435- int (*direct_access) (struct block_device *, sector_t,
45436+ int (* const open) (struct block_device *, fmode_t);
45437+ int (* const release) (struct gendisk *, fmode_t);
45438+ int (* const ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
45439+ int (* const compat_ioctl) (struct block_device *, fmode_t, unsigned, unsigned long);
45440+ int (* const direct_access) (struct block_device *, sector_t,
45441 void **, unsigned long *);
45442- unsigned int (*check_events) (struct gendisk *disk,
45443+ unsigned int (* const check_events) (struct gendisk *disk,
45444 unsigned int clearing);
45445 /* ->media_changed() is DEPRECATED, use ->check_events() instead */
45446- int (*media_changed) (struct gendisk *);
45447- void (*unlock_native_capacity) (struct gendisk *);
45448- int (*revalidate_disk) (struct gendisk *);
45449- int (*getgeo)(struct block_device *, struct hd_geometry *);
45450+ int (* const media_changed) (struct gendisk *);
45451+ void (* const unlock_native_capacity) (struct gendisk *);
45452+ int (* const revalidate_disk) (struct gendisk *);
45453+ int (* const getgeo)(struct block_device *, struct hd_geometry *);
45454 /* this callback is with swap_lock and sometimes page table lock held */
45455- void (*swap_slot_free_notify) (struct block_device *, unsigned long);
45456- struct module *owner;
45457+ void (* const swap_slot_free_notify) (struct block_device *, unsigned long);
45458+ struct module * const owner;
45459 };
45460
45461 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int,
45462diff -urNp linux-2.6.38.2/include/linux/byteorder/little_endian.h linux-2.6.38.2/include/linux/byteorder/little_endian.h
45463--- linux-2.6.38.2/include/linux/byteorder/little_endian.h 2011-03-14 21:20:32.000000000 -0400
45464+++ linux-2.6.38.2/include/linux/byteorder/little_endian.h 2011-03-21 18:31:35.000000000 -0400
45465@@ -42,51 +42,51 @@
45466
45467 static inline __le64 __cpu_to_le64p(const __u64 *p)
45468 {
45469- return (__force __le64)*p;
45470+ return (__force const __le64)*p;
45471 }
45472 static inline __u64 __le64_to_cpup(const __le64 *p)
45473 {
45474- return (__force __u64)*p;
45475+ return (__force const __u64)*p;
45476 }
45477 static inline __le32 __cpu_to_le32p(const __u32 *p)
45478 {
45479- return (__force __le32)*p;
45480+ return (__force const __le32)*p;
45481 }
45482 static inline __u32 __le32_to_cpup(const __le32 *p)
45483 {
45484- return (__force __u32)*p;
45485+ return (__force const __u32)*p;
45486 }
45487 static inline __le16 __cpu_to_le16p(const __u16 *p)
45488 {
45489- return (__force __le16)*p;
45490+ return (__force const __le16)*p;
45491 }
45492 static inline __u16 __le16_to_cpup(const __le16 *p)
45493 {
45494- return (__force __u16)*p;
45495+ return (__force const __u16)*p;
45496 }
45497 static inline __be64 __cpu_to_be64p(const __u64 *p)
45498 {
45499- return (__force __be64)__swab64p(p);
45500+ return (__force const __be64)__swab64p(p);
45501 }
45502 static inline __u64 __be64_to_cpup(const __be64 *p)
45503 {
45504- return __swab64p((__u64 *)p);
45505+ return __swab64p((const __u64 *)p);
45506 }
45507 static inline __be32 __cpu_to_be32p(const __u32 *p)
45508 {
45509- return (__force __be32)__swab32p(p);
45510+ return (__force const __be32)__swab32p(p);
45511 }
45512 static inline __u32 __be32_to_cpup(const __be32 *p)
45513 {
45514- return __swab32p((__u32 *)p);
45515+ return __swab32p((const __u32 *)p);
45516 }
45517 static inline __be16 __cpu_to_be16p(const __u16 *p)
45518 {
45519- return (__force __be16)__swab16p(p);
45520+ return (__force const __be16)__swab16p(p);
45521 }
45522 static inline __u16 __be16_to_cpup(const __be16 *p)
45523 {
45524- return __swab16p((__u16 *)p);
45525+ return __swab16p((const __u16 *)p);
45526 }
45527 #define __cpu_to_le64s(x) do { (void)(x); } while (0)
45528 #define __le64_to_cpus(x) do { (void)(x); } while (0)
45529diff -urNp linux-2.6.38.2/include/linux/cache.h linux-2.6.38.2/include/linux/cache.h
45530--- linux-2.6.38.2/include/linux/cache.h 2011-03-14 21:20:32.000000000 -0400
45531+++ linux-2.6.38.2/include/linux/cache.h 2011-03-21 18:31:35.000000000 -0400
45532@@ -16,6 +16,10 @@
45533 #define __read_mostly
45534 #endif
45535
45536+#ifndef __read_only
45537+#define __read_only __read_mostly
45538+#endif
45539+
45540 #ifndef ____cacheline_aligned
45541 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
45542 #endif
45543diff -urNp linux-2.6.38.2/include/linux/capability.h linux-2.6.38.2/include/linux/capability.h
45544--- linux-2.6.38.2/include/linux/capability.h 2011-03-14 21:20:32.000000000 -0400
45545+++ linux-2.6.38.2/include/linux/capability.h 2011-03-21 18:31:35.000000000 -0400
45546@@ -561,6 +561,7 @@ extern const kernel_cap_t __cap_init_eff
45547 (security_real_capable_noaudit((t), (cap)) == 0)
45548
45549 extern int capable(int cap);
45550+int capable_nolog(int cap);
45551
45552 /* audit system wants to get cap info from files as well */
45553 struct dentry;
45554diff -urNp linux-2.6.38.2/include/linux/compiler-gcc4.h linux-2.6.38.2/include/linux/compiler-gcc4.h
45555--- linux-2.6.38.2/include/linux/compiler-gcc4.h 2011-03-14 21:20:32.000000000 -0400
45556+++ linux-2.6.38.2/include/linux/compiler-gcc4.h 2011-03-21 18:31:35.000000000 -0400
45557@@ -54,6 +54,10 @@
45558
45559 #endif
45560
45561+#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__)))
45562+#define __bos(ptr, arg) __builtin_object_size((ptr), (arg))
45563+#define __bos0(ptr) __bos((ptr), 0)
45564+#define __bos1(ptr) __bos((ptr), 1)
45565 #endif
45566
45567 #if __GNUC_MINOR__ > 0
45568diff -urNp linux-2.6.38.2/include/linux/compiler.h linux-2.6.38.2/include/linux/compiler.h
45569--- linux-2.6.38.2/include/linux/compiler.h 2011-03-14 21:20:32.000000000 -0400
45570+++ linux-2.6.38.2/include/linux/compiler.h 2011-03-21 18:31:35.000000000 -0400
45571@@ -273,6 +273,22 @@ void ftrace_likely_update(struct ftrace_
45572 #define __cold
45573 #endif
45574
45575+#ifndef __alloc_size
45576+#define __alloc_size
45577+#endif
45578+
45579+#ifndef __bos
45580+#define __bos
45581+#endif
45582+
45583+#ifndef __bos0
45584+#define __bos0
45585+#endif
45586+
45587+#ifndef __bos1
45588+#define __bos1
45589+#endif
45590+
45591 /* Simple shorthand for a section definition */
45592 #ifndef __section
45593 # define __section(S) __attribute__ ((__section__(#S)))
45594@@ -306,6 +322,7 @@ void ftrace_likely_update(struct ftrace_
45595 * use is to mediate communication between process-level code and irq/NMI
45596 * handlers, all running on the same CPU.
45597 */
45598-#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
45599+#define ACCESS_ONCE(x) (*(volatile const typeof(x) *)&(x))
45600+#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x))
45601
45602 #endif /* __LINUX_COMPILER_H */
45603diff -urNp linux-2.6.38.2/include/linux/cpuset.h linux-2.6.38.2/include/linux/cpuset.h
45604--- linux-2.6.38.2/include/linux/cpuset.h 2011-03-14 21:20:32.000000000 -0400
45605+++ linux-2.6.38.2/include/linux/cpuset.h 2011-03-21 18:31:35.000000000 -0400
45606@@ -118,7 +118,7 @@ static inline void put_mems_allowed(void
45607 * nodemask.
45608 */
45609 smp_mb();
45610- --ACCESS_ONCE(current->mems_allowed_change_disable);
45611+ --ACCESS_ONCE_RW(current->mems_allowed_change_disable);
45612 }
45613
45614 static inline void set_mems_allowed(nodemask_t nodemask)
45615diff -urNp linux-2.6.38.2/include/linux/decompress/mm.h linux-2.6.38.2/include/linux/decompress/mm.h
45616--- linux-2.6.38.2/include/linux/decompress/mm.h 2011-03-14 21:20:32.000000000 -0400
45617+++ linux-2.6.38.2/include/linux/decompress/mm.h 2011-03-21 18:31:35.000000000 -0400
45618@@ -77,7 +77,7 @@ static void free(void *where)
45619 * warnings when not needed (indeed large_malloc / large_free are not
45620 * needed by inflate */
45621
45622-#define malloc(a) kmalloc(a, GFP_KERNEL)
45623+#define malloc(a) kmalloc((a), GFP_KERNEL)
45624 #define free(a) kfree(a)
45625
45626 #define large_malloc(a) vmalloc(a)
45627diff -urNp linux-2.6.38.2/include/linux/dma-mapping.h linux-2.6.38.2/include/linux/dma-mapping.h
45628--- linux-2.6.38.2/include/linux/dma-mapping.h 2011-03-14 21:20:32.000000000 -0400
45629+++ linux-2.6.38.2/include/linux/dma-mapping.h 2011-03-21 18:31:35.000000000 -0400
45630@@ -16,40 +16,40 @@ enum dma_data_direction {
45631 };
45632
45633 struct dma_map_ops {
45634- void* (*alloc_coherent)(struct device *dev, size_t size,
45635+ void* (* const alloc_coherent)(struct device *dev, size_t size,
45636 dma_addr_t *dma_handle, gfp_t gfp);
45637- void (*free_coherent)(struct device *dev, size_t size,
45638+ void (* const free_coherent)(struct device *dev, size_t size,
45639 void *vaddr, dma_addr_t dma_handle);
45640- dma_addr_t (*map_page)(struct device *dev, struct page *page,
45641+ dma_addr_t (* const map_page)(struct device *dev, struct page *page,
45642 unsigned long offset, size_t size,
45643 enum dma_data_direction dir,
45644 struct dma_attrs *attrs);
45645- void (*unmap_page)(struct device *dev, dma_addr_t dma_handle,
45646+ void (* const unmap_page)(struct device *dev, dma_addr_t dma_handle,
45647 size_t size, enum dma_data_direction dir,
45648 struct dma_attrs *attrs);
45649- int (*map_sg)(struct device *dev, struct scatterlist *sg,
45650+ int (* const map_sg)(struct device *dev, struct scatterlist *sg,
45651 int nents, enum dma_data_direction dir,
45652 struct dma_attrs *attrs);
45653- void (*unmap_sg)(struct device *dev,
45654+ void (* const unmap_sg)(struct device *dev,
45655 struct scatterlist *sg, int nents,
45656 enum dma_data_direction dir,
45657 struct dma_attrs *attrs);
45658- void (*sync_single_for_cpu)(struct device *dev,
45659+ void (* const sync_single_for_cpu)(struct device *dev,
45660 dma_addr_t dma_handle, size_t size,
45661 enum dma_data_direction dir);
45662- void (*sync_single_for_device)(struct device *dev,
45663+ void (* const sync_single_for_device)(struct device *dev,
45664 dma_addr_t dma_handle, size_t size,
45665 enum dma_data_direction dir);
45666- void (*sync_sg_for_cpu)(struct device *dev,
45667+ void (* const sync_sg_for_cpu)(struct device *dev,
45668 struct scatterlist *sg, int nents,
45669 enum dma_data_direction dir);
45670- void (*sync_sg_for_device)(struct device *dev,
45671+ void (* const sync_sg_for_device)(struct device *dev,
45672 struct scatterlist *sg, int nents,
45673 enum dma_data_direction dir);
45674- int (*mapping_error)(struct device *dev, dma_addr_t dma_addr);
45675- int (*dma_supported)(struct device *dev, u64 mask);
45676- int (*set_dma_mask)(struct device *dev, u64 mask);
45677- int is_phys;
45678+ int (* const mapping_error)(struct device *dev, dma_addr_t dma_addr);
45679+ int (* const dma_supported)(struct device *dev, u64 mask);
45680+ int (* set_dma_mask)(struct device *dev, u64 mask);
45681+ const int is_phys;
45682 };
45683
45684 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
45685diff -urNp linux-2.6.38.2/include/linux/elf.h linux-2.6.38.2/include/linux/elf.h
45686--- linux-2.6.38.2/include/linux/elf.h 2011-03-14 21:20:32.000000000 -0400
45687+++ linux-2.6.38.2/include/linux/elf.h 2011-03-21 18:31:35.000000000 -0400
45688@@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword;
45689 #define PT_GNU_EH_FRAME 0x6474e550
45690
45691 #define PT_GNU_STACK (PT_LOOS + 0x474e551)
45692+#define PT_GNU_RELRO (PT_LOOS + 0x474e552)
45693+
45694+#define PT_PAX_FLAGS (PT_LOOS + 0x5041580)
45695+
45696+/* Constants for the e_flags field */
45697+#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
45698+#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */
45699+#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */
45700+#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */
45701+/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
45702+#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
45703
45704 /*
45705 * Extended Numbering
45706@@ -106,6 +117,8 @@ typedef __s64 Elf64_Sxword;
45707 #define DT_DEBUG 21
45708 #define DT_TEXTREL 22
45709 #define DT_JMPREL 23
45710+#define DT_FLAGS 30
45711+ #define DF_TEXTREL 0x00000004
45712 #define DT_ENCODING 32
45713 #define OLD_DT_LOOS 0x60000000
45714 #define DT_LOOS 0x6000000d
45715@@ -252,6 +265,19 @@ typedef struct elf64_hdr {
45716 #define PF_W 0x2
45717 #define PF_X 0x1
45718
45719+#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */
45720+#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */
45721+#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */
45722+#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */
45723+#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */
45724+#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */
45725+/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */
45726+/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */
45727+#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */
45728+#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */
45729+#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */
45730+#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */
45731+
45732 typedef struct elf32_phdr{
45733 Elf32_Word p_type;
45734 Elf32_Off p_offset;
45735@@ -344,6 +370,8 @@ typedef struct elf64_shdr {
45736 #define EI_OSABI 7
45737 #define EI_PAD 8
45738
45739+#define EI_PAX 14
45740+
45741 #define ELFMAG0 0x7f /* EI_MAG */
45742 #define ELFMAG1 'E'
45743 #define ELFMAG2 'L'
45744@@ -421,6 +449,7 @@ extern Elf32_Dyn _DYNAMIC [];
45745 #define elf_note elf32_note
45746 #define elf_addr_t Elf32_Off
45747 #define Elf_Half Elf32_Half
45748+#define elf_dyn Elf32_Dyn
45749
45750 #else
45751
45752@@ -431,6 +460,7 @@ extern Elf64_Dyn _DYNAMIC [];
45753 #define elf_note elf64_note
45754 #define elf_addr_t Elf64_Off
45755 #define Elf_Half Elf64_Half
45756+#define elf_dyn Elf64_Dyn
45757
45758 #endif
45759
45760diff -urNp linux-2.6.38.2/include/linux/fs.h linux-2.6.38.2/include/linux/fs.h
45761--- linux-2.6.38.2/include/linux/fs.h 2011-03-14 21:20:32.000000000 -0400
45762+++ linux-2.6.38.2/include/linux/fs.h 2011-03-21 18:31:35.000000000 -0400
45763@@ -105,6 +105,11 @@ struct inodes_stat_t {
45764 /* File was opened by fanotify and shouldn't generate fanotify events */
45765 #define FMODE_NONOTIFY ((__force fmode_t)0x1000000)
45766
45767+/* Hack for grsec so as not to require read permission simply to execute
45768+ * a binary
45769+ */
45770+#define FMODE_GREXEC ((__force fmode_t)0x2000000)
45771+
45772 /*
45773 * The below are the various read and write types that we support. Some of
45774 * them include behavioral modifiers that send information down to the
45775@@ -581,42 +586,42 @@ typedef int (*read_actor_t)(read_descrip
45776 unsigned long, unsigned long);
45777
45778 struct address_space_operations {
45779- int (*writepage)(struct page *page, struct writeback_control *wbc);
45780- int (*readpage)(struct file *, struct page *);
45781- void (*sync_page)(struct page *);
45782+ int (* const writepage)(struct page *page, struct writeback_control *wbc);
45783+ int (* const readpage)(struct file *, struct page *);
45784+ void (* const sync_page)(struct page *);
45785
45786 /* Write back some dirty pages from this mapping. */
45787- int (*writepages)(struct address_space *, struct writeback_control *);
45788+ int (* const writepages)(struct address_space *, struct writeback_control *);
45789
45790 /* Set a page dirty. Return true if this dirtied it */
45791- int (*set_page_dirty)(struct page *page);
45792+ int (* const set_page_dirty)(struct page *page);
45793
45794- int (*readpages)(struct file *filp, struct address_space *mapping,
45795+ int (* const readpages)(struct file *filp, struct address_space *mapping,
45796 struct list_head *pages, unsigned nr_pages);
45797
45798- int (*write_begin)(struct file *, struct address_space *mapping,
45799+ int (* const write_begin)(struct file *, struct address_space *mapping,
45800 loff_t pos, unsigned len, unsigned flags,
45801 struct page **pagep, void **fsdata);
45802- int (*write_end)(struct file *, struct address_space *mapping,
45803+ int (* const write_end)(struct file *, struct address_space *mapping,
45804 loff_t pos, unsigned len, unsigned copied,
45805 struct page *page, void *fsdata);
45806
45807 /* Unfortunately this kludge is needed for FIBMAP. Don't use it */
45808- sector_t (*bmap)(struct address_space *, sector_t);
45809- void (*invalidatepage) (struct page *, unsigned long);
45810- int (*releasepage) (struct page *, gfp_t);
45811- void (*freepage)(struct page *);
45812- ssize_t (*direct_IO)(int, struct kiocb *, const struct iovec *iov,
45813+ sector_t (* const bmap)(struct address_space *, sector_t);
45814+ void (* const invalidatepage) (struct page *, unsigned long);
45815+ int (* const releasepage) (struct page *, gfp_t);
45816+ void (* const freepage)(struct page *);
45817+ ssize_t (* const direct_IO)(int, struct kiocb *, const struct iovec *iov,
45818 loff_t offset, unsigned long nr_segs);
45819- int (*get_xip_mem)(struct address_space *, pgoff_t, int,
45820+ int (* const get_xip_mem)(struct address_space *, pgoff_t, int,
45821 void **, unsigned long *);
45822 /* migrate the contents of a page to the specified target */
45823- int (*migratepage) (struct address_space *,
45824+ int (* const migratepage) (struct address_space *,
45825 struct page *, struct page *);
45826- int (*launder_page) (struct page *);
45827- int (*is_partially_uptodate) (struct page *, read_descriptor_t *,
45828+ int (* const launder_page) (struct page *);
45829+ int (* const is_partially_uptodate) (struct page *, read_descriptor_t *,
45830 unsigned long);
45831- int (*error_remove_page)(struct address_space *, struct page *);
45832+ int (* const error_remove_page)(struct address_space *, struct page *);
45833 };
45834
45835 /*
45836@@ -1059,17 +1064,17 @@ static inline int file_check_writeable(s
45837 typedef struct files_struct *fl_owner_t;
45838
45839 struct file_lock_operations {
45840- void (*fl_copy_lock)(struct file_lock *, struct file_lock *);
45841- void (*fl_release_private)(struct file_lock *);
45842+ void (* const fl_copy_lock)(struct file_lock *, struct file_lock *);
45843+ void (* const fl_release_private)(struct file_lock *);
45844 };
45845
45846 struct lock_manager_operations {
45847- int (*fl_compare_owner)(struct file_lock *, struct file_lock *);
45848- void (*fl_notify)(struct file_lock *); /* unblock callback */
45849- int (*fl_grant)(struct file_lock *, struct file_lock *, int);
45850- void (*fl_release_private)(struct file_lock *);
45851- void (*fl_break)(struct file_lock *);
45852- int (*fl_change)(struct file_lock **, int);
45853+ int (* const fl_compare_owner)(struct file_lock *, struct file_lock *);
45854+ void (* const fl_notify)(struct file_lock *); /* unblock callback */
45855+ int (* const fl_grant)(struct file_lock *, struct file_lock *, int);
45856+ void (* const fl_release_private)(struct file_lock *);
45857+ void (* const fl_break)(struct file_lock *);
45858+ int (* const fl_change)(struct file_lock **, int);
45859 };
45860
45861 struct lock_manager {
45862@@ -1604,29 +1609,29 @@ extern ssize_t vfs_writev(struct file *,
45863 unsigned long, loff_t *);
45864
45865 struct super_operations {
45866- struct inode *(*alloc_inode)(struct super_block *sb);
45867- void (*destroy_inode)(struct inode *);
45868+ struct inode *(* const alloc_inode)(struct super_block *sb);
45869+ void (* const destroy_inode)(struct inode *);
45870
45871- void (*dirty_inode) (struct inode *);
45872- int (*write_inode) (struct inode *, struct writeback_control *wbc);
45873- int (*drop_inode) (struct inode *);
45874- void (*evict_inode) (struct inode *);
45875- void (*put_super) (struct super_block *);
45876- void (*write_super) (struct super_block *);
45877- int (*sync_fs)(struct super_block *sb, int wait);
45878- int (*freeze_fs) (struct super_block *);
45879- int (*unfreeze_fs) (struct super_block *);
45880- int (*statfs) (struct dentry *, struct kstatfs *);
45881- int (*remount_fs) (struct super_block *, int *, char *);
45882- void (*umount_begin) (struct super_block *);
45883+ void (* const dirty_inode) (struct inode *);
45884+ int (* const write_inode) (struct inode *, struct writeback_control *wbc);
45885+ int (* const drop_inode) (struct inode *);
45886+ void (* const evict_inode) (struct inode *);
45887+ void (* const put_super) (struct super_block *);
45888+ void (* const write_super) (struct super_block *);
45889+ int (* const sync_fs)(struct super_block *sb, int wait);
45890+ int (* const freeze_fs) (struct super_block *);
45891+ int (* const unfreeze_fs) (struct super_block *);
45892+ int (* const statfs) (struct dentry *, struct kstatfs *);
45893+ int (* const remount_fs) (struct super_block *, int *, char *);
45894+ void (* const umount_begin) (struct super_block *);
45895
45896- int (*show_options)(struct seq_file *, struct vfsmount *);
45897- int (*show_stats)(struct seq_file *, struct vfsmount *);
45898+ int (* const show_options)(struct seq_file *, struct vfsmount *);
45899+ int (* const show_stats)(struct seq_file *, struct vfsmount *);
45900 #ifdef CONFIG_QUOTA
45901- ssize_t (*quota_read)(struct super_block *, int, char *, size_t, loff_t);
45902- ssize_t (*quota_write)(struct super_block *, int, const char *, size_t, loff_t);
45903+ ssize_t (* const quota_read)(struct super_block *, int, char *, size_t, loff_t);
45904+ ssize_t (* const quota_write)(struct super_block *, int, const char *, size_t, loff_t);
45905 #endif
45906- int (*bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
45907+ int (* const bdev_try_to_free_page)(struct super_block*, struct page*, gfp_t);
45908 };
45909
45910 /*
45911diff -urNp linux-2.6.38.2/include/linux/fs_struct.h linux-2.6.38.2/include/linux/fs_struct.h
45912--- linux-2.6.38.2/include/linux/fs_struct.h 2011-03-14 21:20:32.000000000 -0400
45913+++ linux-2.6.38.2/include/linux/fs_struct.h 2011-03-21 18:31:35.000000000 -0400
45914@@ -6,7 +6,7 @@
45915 #include <linux/seqlock.h>
45916
45917 struct fs_struct {
45918- int users;
45919+ atomic_t users;
45920 spinlock_t lock;
45921 seqcount_t seq;
45922 int umask;
45923diff -urNp linux-2.6.38.2/include/linux/genhd.h linux-2.6.38.2/include/linux/genhd.h
45924--- linux-2.6.38.2/include/linux/genhd.h 2011-03-14 21:20:32.000000000 -0400
45925+++ linux-2.6.38.2/include/linux/genhd.h 2011-03-21 18:31:35.000000000 -0400
45926@@ -183,7 +183,7 @@ struct gendisk {
45927 struct kobject *slave_dir;
45928
45929 struct timer_rand_state *random;
45930- atomic_t sync_io; /* RAID */
45931+ atomic_unchecked_t sync_io; /* RAID */
45932 struct disk_events *ev;
45933 #ifdef CONFIG_BLK_DEV_INTEGRITY
45934 struct blk_integrity *integrity;
45935diff -urNp linux-2.6.38.2/include/linux/gracl.h linux-2.6.38.2/include/linux/gracl.h
45936--- linux-2.6.38.2/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500
45937+++ linux-2.6.38.2/include/linux/gracl.h 2011-03-26 14:27:27.000000000 -0400
45938@@ -0,0 +1,317 @@
45939+#ifndef GR_ACL_H
45940+#define GR_ACL_H
45941+
45942+#include <linux/grdefs.h>
45943+#include <linux/resource.h>
45944+#include <linux/capability.h>
45945+#include <linux/dcache.h>
45946+#include <asm/resource.h>
45947+
45948+/* Major status information */
45949+
45950+#define GR_VERSION "grsecurity 2.2.2"
45951+#define GRSECURITY_VERSION 0x2202
45952+
45953+enum {
45954+ GR_SHUTDOWN = 0,
45955+ GR_ENABLE = 1,
45956+ GR_SPROLE = 2,
45957+ GR_RELOAD = 3,
45958+ GR_SEGVMOD = 4,
45959+ GR_STATUS = 5,
45960+ GR_UNSPROLE = 6,
45961+ GR_PASSSET = 7,
45962+ GR_SPROLEPAM = 8,
45963+};
45964+
45965+/* Password setup definitions
45966+ * kernel/grhash.c */
45967+enum {
45968+ GR_PW_LEN = 128,
45969+ GR_SALT_LEN = 16,
45970+ GR_SHA_LEN = 32,
45971+};
45972+
45973+enum {
45974+ GR_SPROLE_LEN = 64,
45975+};
45976+
45977+enum {
45978+ GR_NO_GLOB = 0,
45979+ GR_REG_GLOB,
45980+ GR_CREATE_GLOB
45981+};
45982+
45983+#define GR_NLIMITS 32
45984+
45985+/* Begin Data Structures */
45986+
45987+struct sprole_pw {
45988+ unsigned char *rolename;
45989+ unsigned char salt[GR_SALT_LEN];
45990+ unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
45991+};
45992+
45993+struct name_entry {
45994+ __u32 key;
45995+ ino_t inode;
45996+ dev_t device;
45997+ char *name;
45998+ __u16 len;
45999+ __u8 deleted;
46000+ struct name_entry *prev;
46001+ struct name_entry *next;
46002+};
46003+
46004+struct inodev_entry {
46005+ struct name_entry *nentry;
46006+ struct inodev_entry *prev;
46007+ struct inodev_entry *next;
46008+};
46009+
46010+struct acl_role_db {
46011+ struct acl_role_label **r_hash;
46012+ __u32 r_size;
46013+};
46014+
46015+struct inodev_db {
46016+ struct inodev_entry **i_hash;
46017+ __u32 i_size;
46018+};
46019+
46020+struct name_db {
46021+ struct name_entry **n_hash;
46022+ __u32 n_size;
46023+};
46024+
46025+struct crash_uid {
46026+ uid_t uid;
46027+ unsigned long expires;
46028+};
46029+
46030+struct gr_hash_struct {
46031+ void **table;
46032+ void **nametable;
46033+ void *first;
46034+ __u32 table_size;
46035+ __u32 used_size;
46036+ int type;
46037+};
46038+
46039+/* Userspace Grsecurity ACL data structures */
46040+
46041+struct acl_subject_label {
46042+ char *filename;
46043+ ino_t inode;
46044+ dev_t device;
46045+ __u32 mode;
46046+ kernel_cap_t cap_mask;
46047+ kernel_cap_t cap_lower;
46048+ kernel_cap_t cap_invert_audit;
46049+
46050+ struct rlimit res[GR_NLIMITS];
46051+ __u32 resmask;
46052+
46053+ __u8 user_trans_type;
46054+ __u8 group_trans_type;
46055+ uid_t *user_transitions;
46056+ gid_t *group_transitions;
46057+ __u16 user_trans_num;
46058+ __u16 group_trans_num;
46059+
46060+ __u32 sock_families[2];
46061+ __u32 ip_proto[8];
46062+ __u32 ip_type;
46063+ struct acl_ip_label **ips;
46064+ __u32 ip_num;
46065+ __u32 inaddr_any_override;
46066+
46067+ __u32 crashes;
46068+ unsigned long expires;
46069+
46070+ struct acl_subject_label *parent_subject;
46071+ struct gr_hash_struct *hash;
46072+ struct acl_subject_label *prev;
46073+ struct acl_subject_label *next;
46074+
46075+ struct acl_object_label **obj_hash;
46076+ __u32 obj_hash_size;
46077+ __u16 pax_flags;
46078+};
46079+
46080+struct role_allowed_ip {
46081+ __u32 addr;
46082+ __u32 netmask;
46083+
46084+ struct role_allowed_ip *prev;
46085+ struct role_allowed_ip *next;
46086+};
46087+
46088+struct role_transition {
46089+ char *rolename;
46090+
46091+ struct role_transition *prev;
46092+ struct role_transition *next;
46093+};
46094+
46095+struct acl_role_label {
46096+ char *rolename;
46097+ uid_t uidgid;
46098+ __u16 roletype;
46099+
46100+ __u16 auth_attempts;
46101+ unsigned long expires;
46102+
46103+ struct acl_subject_label *root_label;
46104+ struct gr_hash_struct *hash;
46105+
46106+ struct acl_role_label *prev;
46107+ struct acl_role_label *next;
46108+
46109+ struct role_transition *transitions;
46110+ struct role_allowed_ip *allowed_ips;
46111+ uid_t *domain_children;
46112+ __u16 domain_child_num;
46113+
46114+ struct acl_subject_label **subj_hash;
46115+ __u32 subj_hash_size;
46116+};
46117+
46118+struct user_acl_role_db {
46119+ struct acl_role_label **r_table;
46120+ __u32 num_pointers; /* Number of allocations to track */
46121+ __u32 num_roles; /* Number of roles */
46122+ __u32 num_domain_children; /* Number of domain children */
46123+ __u32 num_subjects; /* Number of subjects */
46124+ __u32 num_objects; /* Number of objects */
46125+};
46126+
46127+struct acl_object_label {
46128+ char *filename;
46129+ ino_t inode;
46130+ dev_t device;
46131+ __u32 mode;
46132+
46133+ struct acl_subject_label *nested;
46134+ struct acl_object_label *globbed;
46135+
46136+ /* next two structures not used */
46137+
46138+ struct acl_object_label *prev;
46139+ struct acl_object_label *next;
46140+};
46141+
46142+struct acl_ip_label {
46143+ char *iface;
46144+ __u32 addr;
46145+ __u32 netmask;
46146+ __u16 low, high;
46147+ __u8 mode;
46148+ __u32 type;
46149+ __u32 proto[8];
46150+
46151+ /* next two structures not used */
46152+
46153+ struct acl_ip_label *prev;
46154+ struct acl_ip_label *next;
46155+};
46156+
46157+struct gr_arg {
46158+ struct user_acl_role_db role_db;
46159+ unsigned char pw[GR_PW_LEN];
46160+ unsigned char salt[GR_SALT_LEN];
46161+ unsigned char sum[GR_SHA_LEN];
46162+ unsigned char sp_role[GR_SPROLE_LEN];
46163+ struct sprole_pw *sprole_pws;
46164+ dev_t segv_device;
46165+ ino_t segv_inode;
46166+ uid_t segv_uid;
46167+ __u16 num_sprole_pws;
46168+ __u16 mode;
46169+};
46170+
46171+struct gr_arg_wrapper {
46172+ struct gr_arg *arg;
46173+ __u32 version;
46174+ __u32 size;
46175+};
46176+
46177+struct subject_map {
46178+ struct acl_subject_label *user;
46179+ struct acl_subject_label *kernel;
46180+ struct subject_map *prev;
46181+ struct subject_map *next;
46182+};
46183+
46184+struct acl_subj_map_db {
46185+ struct subject_map **s_hash;
46186+ __u32 s_size;
46187+};
46188+
46189+/* End Data Structures Section */
46190+
46191+/* Hash functions generated by empirical testing by Brad Spengler
46192+ Makes good use of the low bits of the inode. Generally 0-1 times
46193+ in loop for successful match. 0-3 for unsuccessful match.
46194+ Shift/add algorithm with modulus of table size and an XOR*/
46195+
46196+static __inline__ unsigned int
46197+rhash(const uid_t uid, const __u16 type, const unsigned int sz)
46198+{
46199+ return ((((uid + type) << (16 + type)) ^ uid) % sz);
46200+}
46201+
46202+ static __inline__ unsigned int
46203+shash(const struct acl_subject_label *userp, const unsigned int sz)
46204+{
46205+ return ((const unsigned long)userp % sz);
46206+}
46207+
46208+static __inline__ unsigned int
46209+fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
46210+{
46211+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
46212+}
46213+
46214+static __inline__ unsigned int
46215+nhash(const char *name, const __u16 len, const unsigned int sz)
46216+{
46217+ return full_name_hash((const unsigned char *)name, len) % sz;
46218+}
46219+
46220+#define FOR_EACH_ROLE_START(role) \
46221+ role = role_list; \
46222+ while (role) {
46223+
46224+#define FOR_EACH_ROLE_END(role) \
46225+ role = role->prev; \
46226+ }
46227+
46228+#define FOR_EACH_SUBJECT_START(role,subj,iter) \
46229+ subj = NULL; \
46230+ iter = 0; \
46231+ while (iter < role->subj_hash_size) { \
46232+ if (subj == NULL) \
46233+ subj = role->subj_hash[iter]; \
46234+ if (subj == NULL) { \
46235+ iter++; \
46236+ continue; \
46237+ }
46238+
46239+#define FOR_EACH_SUBJECT_END(subj,iter) \
46240+ subj = subj->next; \
46241+ if (subj == NULL) \
46242+ iter++; \
46243+ }
46244+
46245+
46246+#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
46247+ subj = role->hash->first; \
46248+ while (subj != NULL) {
46249+
46250+#define FOR_EACH_NESTED_SUBJECT_END(subj) \
46251+ subj = subj->next; \
46252+ }
46253+
46254+#endif
46255+
46256diff -urNp linux-2.6.38.2/include/linux/gralloc.h linux-2.6.38.2/include/linux/gralloc.h
46257--- linux-2.6.38.2/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500
46258+++ linux-2.6.38.2/include/linux/gralloc.h 2011-03-21 18:31:35.000000000 -0400
46259@@ -0,0 +1,9 @@
46260+#ifndef __GRALLOC_H
46261+#define __GRALLOC_H
46262+
46263+void acl_free_all(void);
46264+int acl_alloc_stack_init(unsigned long size);
46265+void *acl_alloc(unsigned long len);
46266+void *acl_alloc_num(unsigned long num, unsigned long len);
46267+
46268+#endif
46269diff -urNp linux-2.6.38.2/include/linux/grdefs.h linux-2.6.38.2/include/linux/grdefs.h
46270--- linux-2.6.38.2/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500
46271+++ linux-2.6.38.2/include/linux/grdefs.h 2011-03-26 16:39:14.000000000 -0400
46272@@ -0,0 +1,139 @@
46273+#ifndef GRDEFS_H
46274+#define GRDEFS_H
46275+
46276+/* Begin grsecurity status declarations */
46277+
46278+enum {
46279+ GR_READY = 0x01,
46280+ GR_STATUS_INIT = 0x00 // disabled state
46281+};
46282+
46283+/* Begin ACL declarations */
46284+
46285+/* Role flags */
46286+
46287+enum {
46288+ GR_ROLE_USER = 0x0001,
46289+ GR_ROLE_GROUP = 0x0002,
46290+ GR_ROLE_DEFAULT = 0x0004,
46291+ GR_ROLE_SPECIAL = 0x0008,
46292+ GR_ROLE_AUTH = 0x0010,
46293+ GR_ROLE_NOPW = 0x0020,
46294+ GR_ROLE_GOD = 0x0040,
46295+ GR_ROLE_LEARN = 0x0080,
46296+ GR_ROLE_TPE = 0x0100,
46297+ GR_ROLE_DOMAIN = 0x0200,
46298+ GR_ROLE_PAM = 0x0400,
46299+ GR_ROLE_PERSIST = 0x0800
46300+};
46301+
46302+/* ACL Subject and Object mode flags */
46303+enum {
46304+ GR_DELETED = 0x80000000
46305+};
46306+
46307+/* ACL Object-only mode flags */
46308+enum {
46309+ GR_READ = 0x00000001,
46310+ GR_APPEND = 0x00000002,
46311+ GR_WRITE = 0x00000004,
46312+ GR_EXEC = 0x00000008,
46313+ GR_FIND = 0x00000010,
46314+ GR_INHERIT = 0x00000020,
46315+ GR_SETID = 0x00000040,
46316+ GR_CREATE = 0x00000080,
46317+ GR_DELETE = 0x00000100,
46318+ GR_LINK = 0x00000200,
46319+ GR_AUDIT_READ = 0x00000400,
46320+ GR_AUDIT_APPEND = 0x00000800,
46321+ GR_AUDIT_WRITE = 0x00001000,
46322+ GR_AUDIT_EXEC = 0x00002000,
46323+ GR_AUDIT_FIND = 0x00004000,
46324+ GR_AUDIT_INHERIT= 0x00008000,
46325+ GR_AUDIT_SETID = 0x00010000,
46326+ GR_AUDIT_CREATE = 0x00020000,
46327+ GR_AUDIT_DELETE = 0x00040000,
46328+ GR_AUDIT_LINK = 0x00080000,
46329+ GR_PTRACERD = 0x00100000,
46330+ GR_NOPTRACE = 0x00200000,
46331+ GR_SUPPRESS = 0x00400000,
46332+ GR_NOLEARN = 0x00800000,
46333+ GR_INIT_TRANSFER= 0x01000000
46334+};
46335+
46336+#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
46337+ GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
46338+ GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
46339+
46340+/* ACL subject-only mode flags */
46341+enum {
46342+ GR_KILL = 0x00000001,
46343+ GR_VIEW = 0x00000002,
46344+ GR_PROTECTED = 0x00000004,
46345+ GR_LEARN = 0x00000008,
46346+ GR_OVERRIDE = 0x00000010,
46347+ /* just a placeholder, this mode is only used in userspace */
46348+ GR_DUMMY = 0x00000020,
46349+ GR_PROTSHM = 0x00000040,
46350+ GR_KILLPROC = 0x00000080,
46351+ GR_KILLIPPROC = 0x00000100,
46352+ /* just a placeholder, this mode is only used in userspace */
46353+ GR_NOTROJAN = 0x00000200,
46354+ GR_PROTPROCFD = 0x00000400,
46355+ GR_PROCACCT = 0x00000800,
46356+ GR_RELAXPTRACE = 0x00001000,
46357+ GR_NESTED = 0x00002000,
46358+ GR_INHERITLEARN = 0x00004000,
46359+ GR_PROCFIND = 0x00008000,
46360+ GR_POVERRIDE = 0x00010000,
46361+ GR_KERNELAUTH = 0x00020000,
46362+ GR_ATSECURE = 0x00040000
46363+};
46364+
46365+enum {
46366+ GR_PAX_ENABLE_SEGMEXEC = 0x0001,
46367+ GR_PAX_ENABLE_PAGEEXEC = 0x0002,
46368+ GR_PAX_ENABLE_MPROTECT = 0x0004,
46369+ GR_PAX_ENABLE_RANDMMAP = 0x0008,
46370+ GR_PAX_ENABLE_EMUTRAMP = 0x0010,
46371+ GR_PAX_DISABLE_SEGMEXEC = 0x0100,
46372+ GR_PAX_DISABLE_PAGEEXEC = 0x0200,
46373+ GR_PAX_DISABLE_MPROTECT = 0x0400,
46374+ GR_PAX_DISABLE_RANDMMAP = 0x0800,
46375+ GR_PAX_DISABLE_EMUTRAMP = 0x1000,
46376+};
46377+
46378+enum {
46379+ GR_ID_USER = 0x01,
46380+ GR_ID_GROUP = 0x02,
46381+};
46382+
46383+enum {
46384+ GR_ID_ALLOW = 0x01,
46385+ GR_ID_DENY = 0x02,
46386+};
46387+
46388+#define GR_CRASH_RES 31
46389+#define GR_UIDTABLE_MAX 500
46390+
46391+/* begin resource learning section */
46392+enum {
46393+ GR_RLIM_CPU_BUMP = 60,
46394+ GR_RLIM_FSIZE_BUMP = 50000,
46395+ GR_RLIM_DATA_BUMP = 10000,
46396+ GR_RLIM_STACK_BUMP = 1000,
46397+ GR_RLIM_CORE_BUMP = 10000,
46398+ GR_RLIM_RSS_BUMP = 500000,
46399+ GR_RLIM_NPROC_BUMP = 1,
46400+ GR_RLIM_NOFILE_BUMP = 5,
46401+ GR_RLIM_MEMLOCK_BUMP = 50000,
46402+ GR_RLIM_AS_BUMP = 500000,
46403+ GR_RLIM_LOCKS_BUMP = 2,
46404+ GR_RLIM_SIGPENDING_BUMP = 5,
46405+ GR_RLIM_MSGQUEUE_BUMP = 10000,
46406+ GR_RLIM_NICE_BUMP = 1,
46407+ GR_RLIM_RTPRIO_BUMP = 1,
46408+ GR_RLIM_RTTIME_BUMP = 1000000
46409+};
46410+
46411+#endif
46412diff -urNp linux-2.6.38.2/include/linux/grinternal.h linux-2.6.38.2/include/linux/grinternal.h
46413--- linux-2.6.38.2/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
46414+++ linux-2.6.38.2/include/linux/grinternal.h 2011-03-26 16:51:07.000000000 -0400
46415@@ -0,0 +1,217 @@
46416+#ifndef __GRINTERNAL_H
46417+#define __GRINTERNAL_H
46418+
46419+#ifdef CONFIG_GRKERNSEC
46420+
46421+#include <linux/fs.h>
46422+#include <linux/mnt_namespace.h>
46423+#include <linux/nsproxy.h>
46424+#include <linux/gracl.h>
46425+#include <linux/grdefs.h>
46426+#include <linux/grmsg.h>
46427+
46428+void gr_add_learn_entry(const char *fmt, ...)
46429+ __attribute__ ((format (printf, 1, 2)));
46430+__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
46431+ const struct vfsmount *mnt);
46432+__u32 gr_check_create(const struct dentry *new_dentry,
46433+ const struct dentry *parent,
46434+ const struct vfsmount *mnt, const __u32 mode);
46435+int gr_check_protected_task(const struct task_struct *task);
46436+__u32 to_gr_audit(const __u32 reqmode);
46437+int gr_set_acls(const int type);
46438+int gr_apply_subject_to_task(struct task_struct *task);
46439+int gr_acl_is_enabled(void);
46440+char gr_roletype_to_char(void);
46441+
46442+void gr_handle_alertkill(struct task_struct *task);
46443+char *gr_to_filename(const struct dentry *dentry,
46444+ const struct vfsmount *mnt);
46445+char *gr_to_filename1(const struct dentry *dentry,
46446+ const struct vfsmount *mnt);
46447+char *gr_to_filename2(const struct dentry *dentry,
46448+ const struct vfsmount *mnt);
46449+char *gr_to_filename3(const struct dentry *dentry,
46450+ const struct vfsmount *mnt);
46451+
46452+extern int grsec_enable_harden_ptrace;
46453+extern int grsec_enable_link;
46454+extern int grsec_enable_fifo;
46455+extern int grsec_enable_execve;
46456+extern int grsec_enable_shm;
46457+extern int grsec_enable_execlog;
46458+extern int grsec_enable_signal;
46459+extern int grsec_enable_audit_ptrace;
46460+extern int grsec_enable_forkfail;
46461+extern int grsec_enable_time;
46462+extern int grsec_enable_rofs;
46463+extern int grsec_enable_chroot_shmat;
46464+extern int grsec_enable_chroot_findtask;
46465+extern int grsec_enable_chroot_mount;
46466+extern int grsec_enable_chroot_double;
46467+extern int grsec_enable_chroot_pivot;
46468+extern int grsec_enable_chroot_chdir;
46469+extern int grsec_enable_chroot_chmod;
46470+extern int grsec_enable_chroot_mknod;
46471+extern int grsec_enable_chroot_fchdir;
46472+extern int grsec_enable_chroot_nice;
46473+extern int grsec_enable_chroot_execlog;
46474+extern int grsec_enable_chroot_caps;
46475+extern int grsec_enable_chroot_sysctl;
46476+extern int grsec_enable_chroot_unix;
46477+extern int grsec_enable_tpe;
46478+extern int grsec_tpe_gid;
46479+extern int grsec_enable_tpe_all;
46480+extern int grsec_enable_tpe_invert;
46481+extern int grsec_enable_socket_all;
46482+extern int grsec_socket_all_gid;
46483+extern int grsec_enable_socket_client;
46484+extern int grsec_socket_client_gid;
46485+extern int grsec_enable_socket_server;
46486+extern int grsec_socket_server_gid;
46487+extern int grsec_audit_gid;
46488+extern int grsec_enable_group;
46489+extern int grsec_enable_audit_textrel;
46490+extern int grsec_enable_log_rwxmaps;
46491+extern int grsec_enable_mount;
46492+extern int grsec_enable_chdir;
46493+extern int grsec_resource_logging;
46494+extern int grsec_enable_blackhole;
46495+extern int grsec_lastack_retries;
46496+extern int grsec_lock;
46497+
46498+extern spinlock_t grsec_alert_lock;
46499+extern unsigned long grsec_alert_wtime;
46500+extern unsigned long grsec_alert_fyet;
46501+
46502+extern spinlock_t grsec_audit_lock;
46503+
46504+extern rwlock_t grsec_exec_file_lock;
46505+
46506+#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
46507+ gr_to_filename2((tsk)->exec_file->f_path.dentry, \
46508+ (tsk)->exec_file->f_vfsmnt) : "/")
46509+
46510+#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
46511+ gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
46512+ (tsk)->real_parent->exec_file->f_vfsmnt) : "/")
46513+
46514+#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
46515+ gr_to_filename((tsk)->exec_file->f_path.dentry, \
46516+ (tsk)->exec_file->f_vfsmnt) : "/")
46517+
46518+#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
46519+ gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
46520+ (tsk)->real_parent->exec_file->f_vfsmnt) : "/")
46521+
46522+#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
46523+
46524+#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
46525+
46526+#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), (task)->comm, \
46527+ (task)->pid, (cred)->uid, \
46528+ (cred)->euid, (cred)->gid, (cred)->egid, \
46529+ gr_parent_task_fullpath(task), \
46530+ (task)->real_parent->comm, (task)->real_parent->pid, \
46531+ (pcred)->uid, (pcred)->euid, \
46532+ (pcred)->gid, (pcred)->egid
46533+
46534+#define GR_CHROOT_CAPS {{ \
46535+ CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
46536+ CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
46537+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
46538+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
46539+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
46540+ CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
46541+
46542+#define security_learn(normal_msg,args...) \
46543+({ \
46544+ read_lock(&grsec_exec_file_lock); \
46545+ gr_add_learn_entry(normal_msg "\n", ## args); \
46546+ read_unlock(&grsec_exec_file_lock); \
46547+})
46548+
46549+enum {
46550+ GR_DO_AUDIT,
46551+ GR_DONT_AUDIT,
46552+ /* used for non-audit messages that we shouldn't kill the task on */
46553+ GR_DONT_AUDIT_GOOD
46554+};
46555+
46556+enum {
46557+ GR_TTYSNIFF,
46558+ GR_RBAC,
46559+ GR_RBAC_STR,
46560+ GR_STR_RBAC,
46561+ GR_RBAC_MODE2,
46562+ GR_RBAC_MODE3,
46563+ GR_FILENAME,
46564+ GR_SYSCTL_HIDDEN,
46565+ GR_NOARGS,
46566+ GR_ONE_INT,
46567+ GR_ONE_INT_TWO_STR,
46568+ GR_ONE_STR,
46569+ GR_STR_INT,
46570+ GR_TWO_STR_INT,
46571+ GR_TWO_INT,
46572+ GR_THREE_INT,
46573+ GR_FIVE_INT_TWO_STR,
46574+ GR_TWO_STR,
46575+ GR_THREE_STR,
46576+ GR_FOUR_STR,
46577+ GR_STR_FILENAME,
46578+ GR_FILENAME_STR,
46579+ GR_FILENAME_TWO_INT,
46580+ GR_FILENAME_TWO_INT_STR,
46581+ GR_TEXTREL,
46582+ GR_PTRACE,
46583+ GR_RESOURCE,
46584+ GR_CAP,
46585+ GR_SIG,
46586+ GR_SIG2,
46587+ GR_CRASH1,
46588+ GR_CRASH2,
46589+ GR_PSACCT,
46590+ GR_RWXMAP
46591+};
46592+
46593+#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
46594+#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
46595+#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
46596+#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
46597+#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
46598+#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
46599+#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
46600+#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
46601+#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
46602+#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
46603+#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
46604+#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
46605+#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
46606+#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
46607+#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
46608+#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
46609+#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
46610+#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
46611+#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
46612+#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
46613+#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
46614+#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
46615+#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
46616+#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
46617+#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
46618+#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
46619+#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
46620+#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
46621+#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
46622+#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
46623+#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
46624+#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
46625+#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
46626+#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
46627+
46628+void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
46629+
46630+#endif
46631+
46632+#endif
46633diff -urNp linux-2.6.38.2/include/linux/grmsg.h linux-2.6.38.2/include/linux/grmsg.h
46634--- linux-2.6.38.2/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
46635+++ linux-2.6.38.2/include/linux/grmsg.h 2011-03-26 16:52:08.000000000 -0400
46636@@ -0,0 +1,112 @@
46637+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
46638+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
46639+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
46640+#define GR_STOPMOD_MSG "denied modification of module state by "
46641+#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
46642+#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
46643+#define GR_IOPERM_MSG "denied use of ioperm() by "
46644+#define GR_IOPL_MSG "denied use of iopl() by "
46645+#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
46646+#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
46647+#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
46648+#define GR_KMEM_MSG "denied write of /dev/kmem by "
46649+#define GR_PORT_OPEN_MSG "denied open of /dev/port by "
46650+#define GR_MEM_WRITE_MSG "denied write of /dev/mem by "
46651+#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by "
46652+#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
46653+#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
46654+#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
46655+#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
46656+#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
46657+#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
46658+#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
46659+#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
46660+#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
46661+#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
46662+#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
46663+#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
46664+#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
46665+#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
46666+#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
46667+#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
46668+#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
46669+#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
46670+#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
46671+#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
46672+#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
46673+#define GR_NPROC_MSG "denied overstep of process limit by "
46674+#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
46675+#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
46676+#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
46677+#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
46678+#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
46679+#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
46680+#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
46681+#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
46682+#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
46683+#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
46684+#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by "
46685+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
46686+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
46687+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
46688+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
46689+#define GR_SETXATTR_ACL_MSG "%s setting extended attributes of %.950s by "
46690+#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
46691+#define GR_INITF_ACL_MSG "init_variables() failed %s by "
46692+#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
46693+#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by "
46694+#define GR_SHUTS_ACL_MSG "shutdown auth success for "
46695+#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
46696+#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
46697+#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
46698+#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
46699+#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
46700+#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
46701+#define GR_ENABLEF_ACL_MSG "unable to load %s for "
46702+#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
46703+#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
46704+#define GR_RELOADF_ACL_MSG "failed reload of %s for "
46705+#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
46706+#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
46707+#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
46708+#define GR_SPROLEF_ACL_MSG "special role %s failure for "
46709+#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
46710+#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
46711+#define GR_INVMODE_ACL_MSG "invalid mode %d by "
46712+#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
46713+#define GR_FAILFORK_MSG "failed fork with errno %s by "
46714+#define GR_NICE_CHROOT_MSG "denied priority change by "
46715+#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
46716+#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
46717+#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
46718+#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
46719+#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
46720+#define GR_TIME_MSG "time set by "
46721+#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
46722+#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
46723+#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
46724+#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
46725+#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
46726+#define GR_BIND_MSG "denied bind() by "
46727+#define GR_CONNECT_MSG "denied connect() by "
46728+#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
46729+#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
46730+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
46731+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
46732+#define GR_CAP_ACL_MSG "use of %s denied for "
46733+#define GR_CAP_ACL_MSG2 "use of %s permitted for "
46734+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
46735+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
46736+#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
46737+#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
46738+#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
46739+#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
46740+#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
46741+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
46742+#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
46743+#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
46744+#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
46745+#define GR_NONROOT_MODLOAD_MSG "denied kernel module auto-load of %.64s by "
46746+#define GR_VM86_MSG "denied use of vm86 by "
46747+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
46748+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
46749diff -urNp linux-2.6.38.2/include/linux/grsecurity.h linux-2.6.38.2/include/linux/grsecurity.h
46750--- linux-2.6.38.2/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
46751+++ linux-2.6.38.2/include/linux/grsecurity.h 2011-03-26 19:58:41.000000000 -0400
46752@@ -0,0 +1,215 @@
46753+#ifndef GR_SECURITY_H
46754+#define GR_SECURITY_H
46755+#include <linux/fs.h>
46756+#include <linux/fs_struct.h>
46757+#include <linux/binfmts.h>
46758+#include <linux/gracl.h>
46759+#include <linux/compat.h>
46760+
46761+/* notify of brain-dead configs */
46762+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
46763+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
46764+#endif
46765+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
46766+#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
46767+#endif
46768+#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
46769+#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
46770+#endif
46771+#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
46772+#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
46773+#endif
46774+#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
46775+#error "CONFIG_PAX enabled, but no PaX options are enabled."
46776+#endif
46777+
46778+void gr_handle_brute_attach(struct task_struct *p);
46779+void gr_handle_brute_check(void);
46780+
46781+char gr_roletype_to_char(void);
46782+
46783+int gr_acl_enable_at_secure(void);
46784+
46785+int gr_check_user_change(int real, int effective, int fs);
46786+int gr_check_group_change(int real, int effective, int fs);
46787+
46788+void gr_del_task_from_ip_table(struct task_struct *p);
46789+
46790+int gr_pid_is_chrooted(struct task_struct *p);
46791+int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
46792+int gr_handle_chroot_nice(void);
46793+int gr_handle_chroot_sysctl(const int op);
46794+int gr_handle_chroot_setpriority(struct task_struct *p,
46795+ const int niceval);
46796+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
46797+int gr_handle_chroot_chroot(const struct dentry *dentry,
46798+ const struct vfsmount *mnt);
46799+int gr_handle_chroot_caps(struct path *path);
46800+void gr_handle_chroot_chdir(struct path *path);
46801+int gr_handle_chroot_chmod(const struct dentry *dentry,
46802+ const struct vfsmount *mnt, const int mode);
46803+int gr_handle_chroot_mknod(const struct dentry *dentry,
46804+ const struct vfsmount *mnt, const int mode);
46805+int gr_handle_chroot_mount(const struct dentry *dentry,
46806+ const struct vfsmount *mnt,
46807+ const char *dev_name);
46808+int gr_handle_chroot_pivot(void);
46809+int gr_handle_chroot_unix(struct pid *pid);
46810+
46811+int gr_handle_rawio(const struct inode *inode);
46812+int gr_handle_nproc(void);
46813+
46814+void gr_handle_ioperm(void);
46815+void gr_handle_iopl(void);
46816+
46817+int gr_tpe_allow(const struct file *file);
46818+
46819+void gr_set_chroot_entries(struct task_struct *task, struct path *path);
46820+void gr_clear_chroot_entries(struct task_struct *task);
46821+
46822+void gr_log_forkfail(const int retval);
46823+void gr_log_timechange(void);
46824+void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
46825+void gr_log_chdir(const struct dentry *dentry,
46826+ const struct vfsmount *mnt);
46827+void gr_log_chroot_exec(const struct dentry *dentry,
46828+ const struct vfsmount *mnt);
46829+void gr_handle_exec_args(struct linux_binprm *bprm, const char __user *const __user *argv);
46830+#ifdef CONFIG_COMPAT
46831+void gr_handle_exec_args_compat(struct linux_binprm *bprm, compat_uptr_t __user *argv);
46832+#endif
46833+void gr_log_remount(const char *devname, const int retval);
46834+void gr_log_unmount(const char *devname, const int retval);
46835+void gr_log_mount(const char *from, const char *to, const int retval);
46836+void gr_log_textrel(struct vm_area_struct *vma);
46837+void gr_log_rwxmmap(struct file *file);
46838+void gr_log_rwxmprotect(struct file *file);
46839+
46840+int gr_handle_follow_link(const struct inode *parent,
46841+ const struct inode *inode,
46842+ const struct dentry *dentry,
46843+ const struct vfsmount *mnt);
46844+int gr_handle_fifo(const struct dentry *dentry,
46845+ const struct vfsmount *mnt,
46846+ const struct dentry *dir, const int flag,
46847+ const int acc_mode);
46848+int gr_handle_hardlink(const struct dentry *dentry,
46849+ const struct vfsmount *mnt,
46850+ struct inode *inode,
46851+ const int mode, const char *to);
46852+
46853+int gr_is_capable(const int cap);
46854+int gr_is_capable_nolog(const int cap);
46855+void gr_learn_resource(const struct task_struct *task, const int limit,
46856+ const unsigned long wanted, const int gt);
46857+void gr_copy_label(struct task_struct *tsk);
46858+void gr_handle_crash(struct task_struct *task, const int sig);
46859+int gr_handle_signal(const struct task_struct *p, const int sig);
46860+int gr_check_crash_uid(const uid_t uid);
46861+int gr_check_protected_task(const struct task_struct *task);
46862+int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
46863+int gr_acl_handle_mmap(const struct file *file,
46864+ const unsigned long prot);
46865+int gr_acl_handle_mprotect(const struct file *file,
46866+ const unsigned long prot);
46867+int gr_check_hidden_task(const struct task_struct *tsk);
46868+__u32 gr_acl_handle_truncate(const struct dentry *dentry,
46869+ const struct vfsmount *mnt);
46870+__u32 gr_acl_handle_utime(const struct dentry *dentry,
46871+ const struct vfsmount *mnt);
46872+__u32 gr_acl_handle_access(const struct dentry *dentry,
46873+ const struct vfsmount *mnt, const int fmode);
46874+__u32 gr_acl_handle_fchmod(const struct dentry *dentry,
46875+ const struct vfsmount *mnt, mode_t mode);
46876+__u32 gr_acl_handle_chmod(const struct dentry *dentry,
46877+ const struct vfsmount *mnt, mode_t mode);
46878+__u32 gr_acl_handle_chown(const struct dentry *dentry,
46879+ const struct vfsmount *mnt);
46880+__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
46881+ const struct vfsmount *mnt);
46882+int gr_handle_ptrace(struct task_struct *task, const long request);
46883+int gr_handle_proc_ptrace(struct task_struct *task);
46884+__u32 gr_acl_handle_execve(const struct dentry *dentry,
46885+ const struct vfsmount *mnt);
46886+int gr_check_crash_exec(const struct file *filp);
46887+int gr_acl_is_enabled(void);
46888+void gr_set_kernel_label(struct task_struct *task);
46889+void gr_set_role_label(struct task_struct *task, const uid_t uid,
46890+ const gid_t gid);
46891+int gr_set_proc_label(const struct dentry *dentry,
46892+ const struct vfsmount *mnt,
46893+ const int unsafe_share);
46894+__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
46895+ const struct vfsmount *mnt);
46896+__u32 gr_acl_handle_open(const struct dentry *dentry,
46897+ const struct vfsmount *mnt, const int fmode);
46898+__u32 gr_acl_handle_creat(const struct dentry *dentry,
46899+ const struct dentry *p_dentry,
46900+ const struct vfsmount *p_mnt, const int fmode,
46901+ const int imode);
46902+void gr_handle_create(const struct dentry *dentry,
46903+ const struct vfsmount *mnt);
46904+__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
46905+ const struct dentry *parent_dentry,
46906+ const struct vfsmount *parent_mnt,
46907+ const int mode);
46908+__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
46909+ const struct dentry *parent_dentry,
46910+ const struct vfsmount *parent_mnt);
46911+__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
46912+ const struct vfsmount *mnt);
46913+void gr_handle_delete(const ino_t ino, const dev_t dev);
46914+__u32 gr_acl_handle_unlink(const struct dentry *dentry,
46915+ const struct vfsmount *mnt);
46916+__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
46917+ const struct dentry *parent_dentry,
46918+ const struct vfsmount *parent_mnt,
46919+ const char *from);
46920+__u32 gr_acl_handle_link(const struct dentry *new_dentry,
46921+ const struct dentry *parent_dentry,
46922+ const struct vfsmount *parent_mnt,
46923+ const struct dentry *old_dentry,
46924+ const struct vfsmount *old_mnt, const char *to);
46925+int gr_acl_handle_rename(struct dentry *new_dentry,
46926+ struct dentry *parent_dentry,
46927+ const struct vfsmount *parent_mnt,
46928+ struct dentry *old_dentry,
46929+ struct inode *old_parent_inode,
46930+ struct vfsmount *old_mnt, const char *newname);
46931+void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
46932+ struct dentry *old_dentry,
46933+ struct dentry *new_dentry,
46934+ struct vfsmount *mnt, const __u8 replace);
46935+__u32 gr_check_link(const struct dentry *new_dentry,
46936+ const struct dentry *parent_dentry,
46937+ const struct vfsmount *parent_mnt,
46938+ const struct dentry *old_dentry,
46939+ const struct vfsmount *old_mnt);
46940+int gr_acl_handle_filldir(const struct file *file, const char *name,
46941+ const unsigned int namelen, const ino_t ino);
46942+
46943+__u32 gr_acl_handle_unix(const struct dentry *dentry,
46944+ const struct vfsmount *mnt);
46945+void gr_acl_handle_exit(void);
46946+void gr_acl_handle_psacct(struct task_struct *task, const long code);
46947+int gr_acl_handle_procpidmem(const struct task_struct *task);
46948+int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
46949+int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
46950+void gr_audit_ptrace(struct task_struct *task);
46951+dev_t gr_get_dev_from_dentry(struct dentry *dentry);
46952+
46953+#ifdef CONFIG_GRKERNSEC
46954+void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
46955+void gr_log_nonroot_mod_load(const char *modname);
46956+void gr_handle_vm86(void);
46957+void gr_handle_mem_write(void);
46958+void gr_handle_kmem_write(void);
46959+void gr_handle_open_port(void);
46960+int gr_handle_mem_mmap(const unsigned long offset,
46961+ struct vm_area_struct *vma);
46962+
46963+extern int grsec_enable_dmesg;
46964+extern int grsec_disable_privio;
46965+#endif
46966+
46967+#endif
46968diff -urNp linux-2.6.38.2/include/linux/grsock.h linux-2.6.38.2/include/linux/grsock.h
46969--- linux-2.6.38.2/include/linux/grsock.h 1969-12-31 19:00:00.000000000 -0500
46970+++ linux-2.6.38.2/include/linux/grsock.h 2011-03-21 18:31:35.000000000 -0400
46971@@ -0,0 +1,19 @@
46972+#ifndef __GRSOCK_H
46973+#define __GRSOCK_H
46974+
46975+extern void gr_attach_curr_ip(const struct sock *sk);
46976+extern int gr_handle_sock_all(const int family, const int type,
46977+ const int protocol);
46978+extern int gr_handle_sock_server(const struct sockaddr *sck);
46979+extern int gr_handle_sock_server_other(const struct sock *sck);
46980+extern int gr_handle_sock_client(const struct sockaddr *sck);
46981+extern int gr_search_connect(struct socket * sock,
46982+ struct sockaddr_in * addr);
46983+extern int gr_search_bind(struct socket * sock,
46984+ struct sockaddr_in * addr);
46985+extern int gr_search_listen(struct socket * sock);
46986+extern int gr_search_accept(struct socket * sock);
46987+extern int gr_search_socket(const int domain, const int type,
46988+ const int protocol);
46989+
46990+#endif
46991diff -urNp linux-2.6.38.2/include/linux/highmem.h linux-2.6.38.2/include/linux/highmem.h
46992--- linux-2.6.38.2/include/linux/highmem.h 2011-03-14 21:20:32.000000000 -0400
46993+++ linux-2.6.38.2/include/linux/highmem.h 2011-03-21 18:31:35.000000000 -0400
46994@@ -185,6 +185,18 @@ static inline void clear_highpage(struct
46995 kunmap_atomic(kaddr, KM_USER0);
46996 }
46997
46998+static inline void sanitize_highpage(struct page *page)
46999+{
47000+ void *kaddr;
47001+ unsigned long flags;
47002+
47003+ local_irq_save(flags);
47004+ kaddr = kmap_atomic(page, KM_CLEARPAGE);
47005+ clear_page(kaddr);
47006+ kunmap_atomic(kaddr, KM_CLEARPAGE);
47007+ local_irq_restore(flags);
47008+}
47009+
47010 static inline void zero_user_segments(struct page *page,
47011 unsigned start1, unsigned end1,
47012 unsigned start2, unsigned end2)
47013diff -urNp linux-2.6.38.2/include/linux/init.h linux-2.6.38.2/include/linux/init.h
47014--- linux-2.6.38.2/include/linux/init.h 2011-03-14 21:20:32.000000000 -0400
47015+++ linux-2.6.38.2/include/linux/init.h 2011-03-21 18:31:35.000000000 -0400
47016@@ -293,13 +293,13 @@ void __init parse_early_options(char *cm
47017
47018 /* Each module must use one module_init(). */
47019 #define module_init(initfn) \
47020- static inline initcall_t __inittest(void) \
47021+ static inline __used initcall_t __inittest(void) \
47022 { return initfn; } \
47023 int init_module(void) __attribute__((alias(#initfn)));
47024
47025 /* This is only required if you want to be unloadable. */
47026 #define module_exit(exitfn) \
47027- static inline exitcall_t __exittest(void) \
47028+ static inline __used exitcall_t __exittest(void) \
47029 { return exitfn; } \
47030 void cleanup_module(void) __attribute__((alias(#exitfn)));
47031
47032diff -urNp linux-2.6.38.2/include/linux/interrupt.h linux-2.6.38.2/include/linux/interrupt.h
47033--- linux-2.6.38.2/include/linux/interrupt.h 2011-03-14 21:20:32.000000000 -0400
47034+++ linux-2.6.38.2/include/linux/interrupt.h 2011-03-21 18:31:35.000000000 -0400
47035@@ -393,7 +393,7 @@ enum
47036 /* map softirq index to softirq name. update 'softirq_to_name' in
47037 * kernel/softirq.c when adding a new softirq.
47038 */
47039-extern char *softirq_to_name[NR_SOFTIRQS];
47040+extern const char * const softirq_to_name[NR_SOFTIRQS];
47041
47042 /* softirq mask and active fields moved to irq_cpustat_t in
47043 * asm/hardirq.h to get better cache usage. KAO
47044@@ -401,12 +401,12 @@ extern char *softirq_to_name[NR_SOFTIRQS
47045
47046 struct softirq_action
47047 {
47048- void (*action)(struct softirq_action *);
47049+ void (*action)(void);
47050 };
47051
47052 asmlinkage void do_softirq(void);
47053 asmlinkage void __do_softirq(void);
47054-extern void open_softirq(int nr, void (*action)(struct softirq_action *));
47055+extern void open_softirq(int nr, void (*action)(void));
47056 extern void softirq_init(void);
47057 static inline void __raise_softirq_irqoff(unsigned int nr)
47058 {
47059diff -urNp linux-2.6.38.2/include/linux/jbd2.h linux-2.6.38.2/include/linux/jbd2.h
47060--- linux-2.6.38.2/include/linux/jbd2.h 2011-03-14 21:20:32.000000000 -0400
47061+++ linux-2.6.38.2/include/linux/jbd2.h 2011-03-21 18:31:35.000000000 -0400
47062@@ -67,7 +67,7 @@ extern u8 jbd2_journal_enable_debug;
47063 } \
47064 } while (0)
47065 #else
47066-#define jbd_debug(f, a...) /**/
47067+#define jbd_debug(f, a...) do {} while (0)
47068 #endif
47069
47070 extern void *jbd2_alloc(size_t size, gfp_t flags);
47071diff -urNp linux-2.6.38.2/include/linux/jbd.h linux-2.6.38.2/include/linux/jbd.h
47072--- linux-2.6.38.2/include/linux/jbd.h 2011-03-14 21:20:32.000000000 -0400
47073+++ linux-2.6.38.2/include/linux/jbd.h 2011-03-21 18:31:35.000000000 -0400
47074@@ -67,7 +67,7 @@ extern u8 journal_enable_debug;
47075 } \
47076 } while (0)
47077 #else
47078-#define jbd_debug(f, a...) /**/
47079+#define jbd_debug(f, a...) do {} while (0)
47080 #endif
47081
47082 static inline void *jbd_alloc(size_t size, gfp_t flags)
47083diff -urNp linux-2.6.38.2/include/linux/kallsyms.h linux-2.6.38.2/include/linux/kallsyms.h
47084--- linux-2.6.38.2/include/linux/kallsyms.h 2011-03-14 21:20:32.000000000 -0400
47085+++ linux-2.6.38.2/include/linux/kallsyms.h 2011-03-21 18:31:35.000000000 -0400
47086@@ -15,7 +15,8 @@
47087
47088 struct module;
47089
47090-#ifdef CONFIG_KALLSYMS
47091+#if !defined(__INCLUDED_BY_HIDESYM) || !defined(CONFIG_KALLSYMS)
47092+#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
47093 /* Lookup the address for a symbol. Returns 0 if not found. */
47094 unsigned long kallsyms_lookup_name(const char *name);
47095
47096@@ -92,6 +93,15 @@ static inline int lookup_symbol_attrs(un
47097 /* Stupid that this does nothing, but I didn't create this mess. */
47098 #define __print_symbol(fmt, addr)
47099 #endif /*CONFIG_KALLSYMS*/
47100+#else /* when included by kallsyms.c, vsnprintf.c, or
47101+ arch/x86/kernel/dumpstack.c, with HIDESYM enabled */
47102+extern void __print_symbol(const char *fmt, unsigned long address);
47103+extern int sprint_symbol(char *buffer, unsigned long address);
47104+const char *kallsyms_lookup(unsigned long addr,
47105+ unsigned long *symbolsize,
47106+ unsigned long *offset,
47107+ char **modname, char *namebuf);
47108+#endif
47109
47110 /* This macro allows us to keep printk typechecking */
47111 static void __check_printsym_format(const char *fmt, ...)
47112diff -urNp linux-2.6.38.2/include/linux/kgdb.h linux-2.6.38.2/include/linux/kgdb.h
47113--- linux-2.6.38.2/include/linux/kgdb.h 2011-03-14 21:20:32.000000000 -0400
47114+++ linux-2.6.38.2/include/linux/kgdb.h 2011-03-21 18:31:35.000000000 -0400
47115@@ -269,22 +269,22 @@ struct kgdb_arch {
47116 */
47117 struct kgdb_io {
47118 const char *name;
47119- int (*read_char) (void);
47120- void (*write_char) (u8);
47121- void (*flush) (void);
47122- int (*init) (void);
47123- void (*pre_exception) (void);
47124- void (*post_exception) (void);
47125+ int (* const read_char) (void);
47126+ void (* const write_char) (u8);
47127+ void (* const flush) (void);
47128+ int (* const init) (void);
47129+ void (* const pre_exception) (void);
47130+ void (* const post_exception) (void);
47131 int is_console;
47132 };
47133
47134-extern struct kgdb_arch arch_kgdb_ops;
47135+extern const struct kgdb_arch arch_kgdb_ops;
47136
47137 extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
47138
47139-extern int kgdb_register_io_module(struct kgdb_io *local_kgdb_io_ops);
47140-extern void kgdb_unregister_io_module(struct kgdb_io *local_kgdb_io_ops);
47141-extern struct kgdb_io *dbg_io_ops;
47142+extern int kgdb_register_io_module(const struct kgdb_io *local_kgdb_io_ops);
47143+extern void kgdb_unregister_io_module(const struct kgdb_io *local_kgdb_io_ops);
47144+extern const struct kgdb_io *dbg_io_ops;
47145
47146 extern int kgdb_hex2long(char **ptr, unsigned long *long_val);
47147 extern char *kgdb_mem2hex(char *mem, char *buf, int count);
47148diff -urNp linux-2.6.38.2/include/linux/kvm_host.h linux-2.6.38.2/include/linux/kvm_host.h
47149--- linux-2.6.38.2/include/linux/kvm_host.h 2011-03-14 21:20:32.000000000 -0400
47150+++ linux-2.6.38.2/include/linux/kvm_host.h 2011-03-21 18:31:35.000000000 -0400
47151@@ -288,7 +288,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vc
47152 void vcpu_load(struct kvm_vcpu *vcpu);
47153 void vcpu_put(struct kvm_vcpu *vcpu);
47154
47155-int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
47156+int kvm_init(const void *opaque, unsigned vcpu_size, unsigned vcpu_align,
47157 struct module *module);
47158 void kvm_exit(void);
47159
47160@@ -428,7 +428,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(
47161 struct kvm_guest_debug *dbg);
47162 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
47163
47164-int kvm_arch_init(void *opaque);
47165+int kvm_arch_init(const void *opaque);
47166 void kvm_arch_exit(void);
47167
47168 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
47169diff -urNp linux-2.6.38.2/include/linux/libata.h linux-2.6.38.2/include/linux/libata.h
47170--- linux-2.6.38.2/include/linux/libata.h 2011-03-14 21:20:32.000000000 -0400
47171+++ linux-2.6.38.2/include/linux/libata.h 2011-03-21 18:31:35.000000000 -0400
47172@@ -65,11 +65,11 @@
47173 #ifdef ATA_VERBOSE_DEBUG
47174 #define VPRINTK(fmt, args...) printk(KERN_ERR "%s: " fmt, __func__, ## args)
47175 #else
47176-#define VPRINTK(fmt, args...)
47177+#define VPRINTK(fmt, args...) do {} while (0)
47178 #endif /* ATA_VERBOSE_DEBUG */
47179 #else
47180-#define DPRINTK(fmt, args...)
47181-#define VPRINTK(fmt, args...)
47182+#define DPRINTK(fmt, args...) do {} while (0)
47183+#define VPRINTK(fmt, args...) do {} while (0)
47184 #endif /* ATA_DEBUG */
47185
47186 #define BPRINTK(fmt, args...) if (ap->flags & ATA_FLAG_DEBUGMSG) printk(KERN_ERR "%s: " fmt, __func__, ## args)
47187@@ -530,11 +530,11 @@ struct ata_ioports {
47188
47189 struct ata_host {
47190 spinlock_t lock;
47191- struct device *dev;
47192+ struct device *dev;
47193 void __iomem * const *iomap;
47194 unsigned int n_ports;
47195 void *private_data;
47196- struct ata_port_operations *ops;
47197+ const struct ata_port_operations *ops;
47198 unsigned long flags;
47199
47200 struct mutex eh_mutex;
47201@@ -725,7 +725,7 @@ struct ata_link {
47202
47203 struct ata_port {
47204 struct Scsi_Host *scsi_host; /* our co-allocated scsi host */
47205- struct ata_port_operations *ops;
47206+ const struct ata_port_operations *ops;
47207 spinlock_t *lock;
47208 /* Flags owned by the EH context. Only EH should touch these once the
47209 port is active */
47210@@ -913,7 +913,7 @@ struct ata_port_info {
47211 unsigned long pio_mask;
47212 unsigned long mwdma_mask;
47213 unsigned long udma_mask;
47214- struct ata_port_operations *port_ops;
47215+ const struct ata_port_operations *port_ops;
47216 void *private_data;
47217 };
47218
47219@@ -937,7 +937,7 @@ extern const unsigned long sata_deb_timi
47220 extern const unsigned long sata_deb_timing_hotplug[];
47221 extern const unsigned long sata_deb_timing_long[];
47222
47223-extern struct ata_port_operations ata_dummy_port_ops;
47224+extern const struct ata_port_operations ata_dummy_port_ops;
47225 extern const struct ata_port_info ata_dummy_port_info;
47226
47227 static inline const unsigned long *
47228@@ -983,7 +983,7 @@ extern int ata_host_activate(struct ata_
47229 struct scsi_host_template *sht);
47230 extern void ata_host_detach(struct ata_host *host);
47231 extern void ata_host_init(struct ata_host *, struct device *,
47232- unsigned long, struct ata_port_operations *);
47233+ unsigned long, const struct ata_port_operations *);
47234 extern int ata_scsi_detect(struct scsi_host_template *sht);
47235 extern int ata_scsi_ioctl(struct scsi_device *dev, int cmd, void __user *arg);
47236 extern int ata_scsi_queuecmd(struct Scsi_Host *h, struct scsi_cmnd *cmd);
47237diff -urNp linux-2.6.38.2/include/linux/lockd/bind.h linux-2.6.38.2/include/linux/lockd/bind.h
47238--- linux-2.6.38.2/include/linux/lockd/bind.h 2011-03-14 21:20:32.000000000 -0400
47239+++ linux-2.6.38.2/include/linux/lockd/bind.h 2011-03-21 18:31:35.000000000 -0400
47240@@ -23,13 +23,13 @@ struct svc_rqst;
47241 * This is the set of functions for lockd->nfsd communication
47242 */
47243 struct nlmsvc_binding {
47244- __be32 (*fopen)(struct svc_rqst *,
47245+ __be32 (* const fopen)(struct svc_rqst *,
47246 struct nfs_fh *,
47247 struct file **);
47248- void (*fclose)(struct file *);
47249+ void (* const fclose)(struct file *);
47250 };
47251
47252-extern struct nlmsvc_binding * nlmsvc_ops;
47253+extern const struct nlmsvc_binding * nlmsvc_ops;
47254
47255 /*
47256 * Similar to nfs_client_initdata, but without the NFS-specific
47257diff -urNp linux-2.6.38.2/include/linux/mm.h linux-2.6.38.2/include/linux/mm.h
47258--- linux-2.6.38.2/include/linux/mm.h 2011-03-28 17:42:40.000000000 -0400
47259+++ linux-2.6.38.2/include/linux/mm.h 2011-03-28 17:42:53.000000000 -0400
47260@@ -113,7 +113,14 @@ extern unsigned int kobjsize(const void
47261
47262 #define VM_CAN_NONLINEAR 0x08000000 /* Has ->fault & does nonlinear pages */
47263 #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */
47264+
47265+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
47266+#define VM_SAO 0x00000000 /* Strong Access Ordering (powerpc) */
47267+#define VM_PAGEEXEC 0x20000000 /* vma->vm_page_prot needs special handling */
47268+#else
47269 #define VM_SAO 0x20000000 /* Strong Access Ordering (powerpc) */
47270+#endif
47271+
47272 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */
47273 #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */
47274
47275@@ -992,12 +999,6 @@ int set_page_dirty(struct page *page);
47276 int set_page_dirty_lock(struct page *page);
47277 int clear_page_dirty_for_io(struct page *page);
47278
47279-/* Is the vma a continuation of the stack vma above it? */
47280-static inline int vma_stack_continue(struct vm_area_struct *vma, unsigned long addr)
47281-{
47282- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN);
47283-}
47284-
47285 extern unsigned long move_page_tables(struct vm_area_struct *vma,
47286 unsigned long old_addr, struct vm_area_struct *new_vma,
47287 unsigned long new_addr, unsigned long len);
47288@@ -1149,6 +1150,15 @@ struct shrinker {
47289 extern void register_shrinker(struct shrinker *);
47290 extern void unregister_shrinker(struct shrinker *);
47291
47292+#ifdef CONFIG_MMU
47293+pgprot_t vm_get_page_prot(unsigned long vm_flags);
47294+#else
47295+static inline pgprot_t vm_get_page_prot(unsigned long vm_flags)
47296+{
47297+ return __pgprot(0);
47298+}
47299+#endif
47300+
47301 int vma_wants_writenotify(struct vm_area_struct *vma);
47302
47303 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
47304@@ -1438,6 +1448,7 @@ out:
47305 }
47306
47307 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
47308+extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
47309
47310 extern unsigned long do_brk(unsigned long, unsigned long);
47311
47312@@ -1494,6 +1505,10 @@ extern struct vm_area_struct * find_vma(
47313 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
47314 struct vm_area_struct **pprev);
47315
47316+extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma);
47317+extern __must_check long pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma);
47318+extern void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl);
47319+
47320 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
47321 NULL if none. Assume start_addr < end_addr. */
47322 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
47323@@ -1510,15 +1525,6 @@ static inline unsigned long vma_pages(st
47324 return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
47325 }
47326
47327-#ifdef CONFIG_MMU
47328-pgprot_t vm_get_page_prot(unsigned long vm_flags);
47329-#else
47330-static inline pgprot_t vm_get_page_prot(unsigned long vm_flags)
47331-{
47332- return __pgprot(0);
47333-}
47334-#endif
47335-
47336 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
47337 int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
47338 unsigned long pfn, unsigned long size, pgprot_t);
47339@@ -1627,7 +1633,7 @@ extern int unpoison_memory(unsigned long
47340 extern int sysctl_memory_failure_early_kill;
47341 extern int sysctl_memory_failure_recovery;
47342 extern void shake_page(struct page *p, int access);
47343-extern atomic_long_t mce_bad_pages;
47344+extern atomic_long_unchecked_t mce_bad_pages;
47345 extern int soft_offline_page(struct page *page, int flags);
47346 #ifdef CONFIG_MEMORY_FAILURE
47347 int is_hwpoison_address(unsigned long addr);
47348@@ -1649,5 +1655,11 @@ extern void copy_user_huge_page(struct p
47349 unsigned int pages_per_huge_page);
47350 #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */
47351
47352+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
47353+extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
47354+#else
47355+static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {}
47356+#endif
47357+
47358 #endif /* __KERNEL__ */
47359 #endif /* _LINUX_MM_H */
47360diff -urNp linux-2.6.38.2/include/linux/mm_types.h linux-2.6.38.2/include/linux/mm_types.h
47361--- linux-2.6.38.2/include/linux/mm_types.h 2011-03-14 21:20:32.000000000 -0400
47362+++ linux-2.6.38.2/include/linux/mm_types.h 2011-03-21 18:31:35.000000000 -0400
47363@@ -183,6 +183,8 @@ struct vm_area_struct {
47364 #ifdef CONFIG_NUMA
47365 struct mempolicy *vm_policy; /* NUMA policy for the VMA */
47366 #endif
47367+
47368+ struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */
47369 };
47370
47371 struct core_thread {
47372@@ -315,6 +317,24 @@ struct mm_struct {
47373 #endif
47374 /* How many tasks sharing this mm are OOM_DISABLE */
47375 atomic_t oom_disable_count;
47376+
47377+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
47378+ unsigned long pax_flags;
47379+#endif
47380+
47381+#ifdef CONFIG_PAX_DLRESOLVE
47382+ unsigned long call_dl_resolve;
47383+#endif
47384+
47385+#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
47386+ unsigned long call_syscall;
47387+#endif
47388+
47389+#ifdef CONFIG_PAX_ASLR
47390+ unsigned long delta_mmap; /* randomized offset */
47391+ unsigned long delta_stack; /* randomized offset */
47392+#endif
47393+
47394 };
47395
47396 /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */
47397diff -urNp linux-2.6.38.2/include/linux/mmu_notifier.h linux-2.6.38.2/include/linux/mmu_notifier.h
47398--- linux-2.6.38.2/include/linux/mmu_notifier.h 2011-03-14 21:20:32.000000000 -0400
47399+++ linux-2.6.38.2/include/linux/mmu_notifier.h 2011-03-21 18:31:35.000000000 -0400
47400@@ -255,12 +255,12 @@ static inline void mmu_notifier_mm_destr
47401 */
47402 #define ptep_clear_flush_notify(__vma, __address, __ptep) \
47403 ({ \
47404- pte_t __pte; \
47405+ pte_t ___pte; \
47406 struct vm_area_struct *___vma = __vma; \
47407 unsigned long ___address = __address; \
47408- __pte = ptep_clear_flush(___vma, ___address, __ptep); \
47409+ ___pte = ptep_clear_flush(___vma, ___address, __ptep); \
47410 mmu_notifier_invalidate_page(___vma->vm_mm, ___address); \
47411- __pte; \
47412+ ___pte; \
47413 })
47414
47415 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \
47416diff -urNp linux-2.6.38.2/include/linux/mmzone.h linux-2.6.38.2/include/linux/mmzone.h
47417--- linux-2.6.38.2/include/linux/mmzone.h 2011-03-14 21:20:32.000000000 -0400
47418+++ linux-2.6.38.2/include/linux/mmzone.h 2011-03-21 18:31:35.000000000 -0400
47419@@ -355,7 +355,7 @@ struct zone {
47420 unsigned long flags; /* zone flags, see below */
47421
47422 /* Zone statistics */
47423- atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
47424+ atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
47425
47426 /*
47427 * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
47428diff -urNp linux-2.6.38.2/include/linux/mod_devicetable.h linux-2.6.38.2/include/linux/mod_devicetable.h
47429--- linux-2.6.38.2/include/linux/mod_devicetable.h 2011-03-14 21:20:32.000000000 -0400
47430+++ linux-2.6.38.2/include/linux/mod_devicetable.h 2011-03-21 18:31:35.000000000 -0400
47431@@ -12,7 +12,7 @@
47432 typedef unsigned long kernel_ulong_t;
47433 #endif
47434
47435-#define PCI_ANY_ID (~0)
47436+#define PCI_ANY_ID ((__u16)~0)
47437
47438 struct pci_device_id {
47439 __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/
47440@@ -131,7 +131,7 @@ struct usb_device_id {
47441 #define USB_DEVICE_ID_MATCH_INT_SUBCLASS 0x0100
47442 #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
47443
47444-#define HID_ANY_ID (~0)
47445+#define HID_ANY_ID (~0U)
47446
47447 struct hid_device_id {
47448 __u16 bus;
47449diff -urNp linux-2.6.38.2/include/linux/module.h linux-2.6.38.2/include/linux/module.h
47450--- linux-2.6.38.2/include/linux/module.h 2011-03-14 21:20:32.000000000 -0400
47451+++ linux-2.6.38.2/include/linux/module.h 2011-03-21 18:31:35.000000000 -0400
47452@@ -324,19 +324,16 @@ struct module
47453 int (*init)(void);
47454
47455 /* If this is non-NULL, vfree after init() returns */
47456- void *module_init;
47457+ void *module_init_rx, *module_init_rw;
47458
47459 /* Here is the actual code + data, vfree'd on unload. */
47460- void *module_core;
47461+ void *module_core_rx, *module_core_rw;
47462
47463 /* Here are the sizes of the init and core sections */
47464- unsigned int init_size, core_size;
47465+ unsigned int init_size_rw, core_size_rw;
47466
47467 /* The size of the executable code in each section. */
47468- unsigned int init_text_size, core_text_size;
47469-
47470- /* Size of RO sections of the module (text+rodata) */
47471- unsigned int init_ro_size, core_ro_size;
47472+ unsigned int init_size_rx, core_size_rx;
47473
47474 /* Arch-specific module values */
47475 struct mod_arch_specific arch;
47476@@ -441,16 +438,46 @@ bool is_module_address(unsigned long add
47477 bool is_module_percpu_address(unsigned long addr);
47478 bool is_module_text_address(unsigned long addr);
47479
47480+static inline int within_module_range(unsigned long addr, void *start, unsigned long size)
47481+{
47482+
47483+#ifdef CONFIG_PAX_KERNEXEC
47484+ if (ktla_ktva(addr) >= (unsigned long)start &&
47485+ ktla_ktva(addr) < (unsigned long)start + size)
47486+ return 1;
47487+#endif
47488+
47489+ return ((void *)addr >= start && (void *)addr < start + size);
47490+}
47491+
47492+static inline int within_module_core_rx(unsigned long addr, struct module *mod)
47493+{
47494+ return within_module_range(addr, mod->module_core_rx, mod->core_size_rx);
47495+}
47496+
47497+static inline int within_module_core_rw(unsigned long addr, struct module *mod)
47498+{
47499+ return within_module_range(addr, mod->module_core_rw, mod->core_size_rw);
47500+}
47501+
47502+static inline int within_module_init_rx(unsigned long addr, struct module *mod)
47503+{
47504+ return within_module_range(addr, mod->module_init_rx, mod->init_size_rx);
47505+}
47506+
47507+static inline int within_module_init_rw(unsigned long addr, struct module *mod)
47508+{
47509+ return within_module_range(addr, mod->module_init_rw, mod->init_size_rw);
47510+}
47511+
47512 static inline int within_module_core(unsigned long addr, struct module *mod)
47513 {
47514- return (unsigned long)mod->module_core <= addr &&
47515- addr < (unsigned long)mod->module_core + mod->core_size;
47516+ return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod);
47517 }
47518
47519 static inline int within_module_init(unsigned long addr, struct module *mod)
47520 {
47521- return (unsigned long)mod->module_init <= addr &&
47522- addr < (unsigned long)mod->module_init + mod->init_size;
47523+ return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod);
47524 }
47525
47526 /* Search for module by name: must hold module_mutex. */
47527diff -urNp linux-2.6.38.2/include/linux/moduleloader.h linux-2.6.38.2/include/linux/moduleloader.h
47528--- linux-2.6.38.2/include/linux/moduleloader.h 2011-03-14 21:20:32.000000000 -0400
47529+++ linux-2.6.38.2/include/linux/moduleloader.h 2011-03-21 18:31:35.000000000 -0400
47530@@ -20,9 +20,21 @@ unsigned int arch_mod_section_prepend(st
47531 sections. Returns NULL on failure. */
47532 void *module_alloc(unsigned long size);
47533
47534+#ifdef CONFIG_PAX_KERNEXEC
47535+void *module_alloc_exec(unsigned long size);
47536+#else
47537+#define module_alloc_exec(x) module_alloc(x)
47538+#endif
47539+
47540 /* Free memory returned from module_alloc. */
47541 void module_free(struct module *mod, void *module_region);
47542
47543+#ifdef CONFIG_PAX_KERNEXEC
47544+void module_free_exec(struct module *mod, void *module_region);
47545+#else
47546+#define module_free_exec(x, y) module_free((x), (y))
47547+#endif
47548+
47549 /* Apply the given relocation to the (simplified) ELF. Return -error
47550 or 0. */
47551 int apply_relocate(Elf_Shdr *sechdrs,
47552diff -urNp linux-2.6.38.2/include/linux/moduleparam.h linux-2.6.38.2/include/linux/moduleparam.h
47553--- linux-2.6.38.2/include/linux/moduleparam.h 2011-03-14 21:20:32.000000000 -0400
47554+++ linux-2.6.38.2/include/linux/moduleparam.h 2011-03-21 18:31:35.000000000 -0400
47555@@ -255,7 +255,7 @@ static inline void __kernel_param_unlock
47556 * @len is usually just sizeof(string).
47557 */
47558 #define module_param_string(name, string, len, perm) \
47559- static const struct kparam_string __param_string_##name \
47560+ static const struct kparam_string __param_string_##name __used \
47561 = { len, string }; \
47562 __module_param_call(MODULE_PARAM_PREFIX, name, \
47563 &param_ops_string, \
47564@@ -370,7 +370,7 @@ extern int param_get_invbool(char *buffe
47565 * module_param_named() for why this might be necessary.
47566 */
47567 #define module_param_array_named(name, array, type, nump, perm) \
47568- static const struct kparam_array __param_arr_##name \
47569+ static const struct kparam_array __param_arr_##name __used \
47570 = { ARRAY_SIZE(array), nump, &param_ops_##type, \
47571 sizeof(array[0]), array }; \
47572 __module_param_call(MODULE_PARAM_PREFIX, name, \
47573diff -urNp linux-2.6.38.2/include/linux/namei.h linux-2.6.38.2/include/linux/namei.h
47574--- linux-2.6.38.2/include/linux/namei.h 2011-03-14 21:20:32.000000000 -0400
47575+++ linux-2.6.38.2/include/linux/namei.h 2011-03-21 18:31:35.000000000 -0400
47576@@ -25,7 +25,7 @@ struct nameidata {
47577 unsigned seq;
47578 int last_type;
47579 unsigned depth;
47580- char *saved_names[MAX_NESTED_LINKS + 1];
47581+ const char *saved_names[MAX_NESTED_LINKS + 1];
47582
47583 /* Intent data */
47584 union {
47585@@ -88,12 +88,12 @@ extern int follow_up(struct path *);
47586 extern struct dentry *lock_rename(struct dentry *, struct dentry *);
47587 extern void unlock_rename(struct dentry *, struct dentry *);
47588
47589-static inline void nd_set_link(struct nameidata *nd, char *path)
47590+static inline void nd_set_link(struct nameidata *nd, const char *path)
47591 {
47592 nd->saved_names[nd->depth] = path;
47593 }
47594
47595-static inline char *nd_get_link(struct nameidata *nd)
47596+static inline const char *nd_get_link(const struct nameidata *nd)
47597 {
47598 return nd->saved_names[nd->depth];
47599 }
47600diff -urNp linux-2.6.38.2/include/linux/netfilter/xt_gradm.h linux-2.6.38.2/include/linux/netfilter/xt_gradm.h
47601--- linux-2.6.38.2/include/linux/netfilter/xt_gradm.h 1969-12-31 19:00:00.000000000 -0500
47602+++ linux-2.6.38.2/include/linux/netfilter/xt_gradm.h 2011-03-21 18:31:35.000000000 -0400
47603@@ -0,0 +1,9 @@
47604+#ifndef _LINUX_NETFILTER_XT_GRADM_H
47605+#define _LINUX_NETFILTER_XT_GRADM_H 1
47606+
47607+struct xt_gradm_mtinfo {
47608+ __u16 flags;
47609+ __u16 invflags;
47610+};
47611+
47612+#endif
47613diff -urNp linux-2.6.38.2/include/linux/oprofile.h linux-2.6.38.2/include/linux/oprofile.h
47614--- linux-2.6.38.2/include/linux/oprofile.h 2011-03-14 21:20:32.000000000 -0400
47615+++ linux-2.6.38.2/include/linux/oprofile.h 2011-03-21 18:31:35.000000000 -0400
47616@@ -132,9 +132,9 @@ int oprofilefs_create_ulong(struct super
47617 int oprofilefs_create_ro_ulong(struct super_block * sb, struct dentry * root,
47618 char const * name, ulong * val);
47619
47620-/** Create a file for read-only access to an atomic_t. */
47621+/** Create a file for read-only access to an atomic_unchecked_t. */
47622 int oprofilefs_create_ro_atomic(struct super_block * sb, struct dentry * root,
47623- char const * name, atomic_t * val);
47624+ char const * name, atomic_unchecked_t * val);
47625
47626 /** create a directory */
47627 struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
47628diff -urNp linux-2.6.38.2/include/linux/pipe_fs_i.h linux-2.6.38.2/include/linux/pipe_fs_i.h
47629--- linux-2.6.38.2/include/linux/pipe_fs_i.h 2011-03-14 21:20:32.000000000 -0400
47630+++ linux-2.6.38.2/include/linux/pipe_fs_i.h 2011-03-21 18:31:35.000000000 -0400
47631@@ -46,9 +46,9 @@ struct pipe_buffer {
47632 struct pipe_inode_info {
47633 wait_queue_head_t wait;
47634 unsigned int nrbufs, curbuf, buffers;
47635- unsigned int readers;
47636- unsigned int writers;
47637- unsigned int waiting_writers;
47638+ atomic_t readers;
47639+ atomic_t writers;
47640+ atomic_t waiting_writers;
47641 unsigned int r_counter;
47642 unsigned int w_counter;
47643 struct page *tmp_page;
47644diff -urNp linux-2.6.38.2/include/linux/pm_runtime.h linux-2.6.38.2/include/linux/pm_runtime.h
47645--- linux-2.6.38.2/include/linux/pm_runtime.h 2011-03-14 21:20:32.000000000 -0400
47646+++ linux-2.6.38.2/include/linux/pm_runtime.h 2011-03-21 18:31:35.000000000 -0400
47647@@ -89,7 +89,7 @@ static inline bool pm_runtime_enabled(st
47648
47649 static inline void pm_runtime_mark_last_busy(struct device *dev)
47650 {
47651- ACCESS_ONCE(dev->power.last_busy) = jiffies;
47652+ ACCESS_ONCE_RW(dev->power.last_busy) = jiffies;
47653 }
47654
47655 #else /* !CONFIG_PM_RUNTIME */
47656diff -urNp linux-2.6.38.2/include/linux/poison.h linux-2.6.38.2/include/linux/poison.h
47657--- linux-2.6.38.2/include/linux/poison.h 2011-03-14 21:20:32.000000000 -0400
47658+++ linux-2.6.38.2/include/linux/poison.h 2011-03-21 18:31:35.000000000 -0400
47659@@ -19,8 +19,8 @@
47660 * under normal circumstances, used to verify that nobody uses
47661 * non-initialized list entries.
47662 */
47663-#define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA)
47664-#define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA)
47665+#define LIST_POISON1 ((void *) (long)0xFFFFFF01)
47666+#define LIST_POISON2 ((void *) (long)0xFFFFFF02)
47667
47668 /********** include/linux/timer.h **********/
47669 /*
47670diff -urNp linux-2.6.38.2/include/linux/proc_fs.h linux-2.6.38.2/include/linux/proc_fs.h
47671--- linux-2.6.38.2/include/linux/proc_fs.h 2011-03-14 21:20:32.000000000 -0400
47672+++ linux-2.6.38.2/include/linux/proc_fs.h 2011-03-21 18:31:35.000000000 -0400
47673@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *pro
47674 return proc_create_data(name, mode, parent, proc_fops, NULL);
47675 }
47676
47677+static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
47678+ struct proc_dir_entry *parent, const struct file_operations *proc_fops)
47679+{
47680+#ifdef CONFIG_GRKERNSEC_PROC_USER
47681+ return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL);
47682+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
47683+ return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL);
47684+#else
47685+ return proc_create_data(name, mode, parent, proc_fops, NULL);
47686+#endif
47687+}
47688+
47689+
47690 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
47691 mode_t mode, struct proc_dir_entry *base,
47692 read_proc_t *read_proc, void * data)
47693diff -urNp linux-2.6.38.2/include/linux/ptrace.h linux-2.6.38.2/include/linux/ptrace.h
47694--- linux-2.6.38.2/include/linux/ptrace.h 2011-03-14 21:20:32.000000000 -0400
47695+++ linux-2.6.38.2/include/linux/ptrace.h 2011-03-26 11:36:13.000000000 -0400
47696@@ -115,10 +115,10 @@ extern void __ptrace_unlink(struct task_
47697 extern void exit_ptrace(struct task_struct *tracer);
47698 #define PTRACE_MODE_READ 1
47699 #define PTRACE_MODE_ATTACH 2
47700-/* Returns 0 on success, -errno on denial. */
47701-extern int __ptrace_may_access(struct task_struct *task, unsigned int mode);
47702 /* Returns true on success, false on denial. */
47703 extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
47704+/* Returns true on success, false on denial. */
47705+extern bool ptrace_may_access_log(struct task_struct *task, unsigned int mode);
47706
47707 static inline int ptrace_reparented(struct task_struct *child)
47708 {
47709diff -urNp linux-2.6.38.2/include/linux/random.h linux-2.6.38.2/include/linux/random.h
47710--- linux-2.6.38.2/include/linux/random.h 2011-03-14 21:20:32.000000000 -0400
47711+++ linux-2.6.38.2/include/linux/random.h 2011-03-21 18:31:35.000000000 -0400
47712@@ -80,12 +80,17 @@ void srandom32(u32 seed);
47713
47714 u32 prandom32(struct rnd_state *);
47715
47716+static inline unsigned long pax_get_random_long(void)
47717+{
47718+ return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
47719+}
47720+
47721 /*
47722 * Handle minimum values for seeds
47723 */
47724 static inline u32 __seed(u32 x, u32 m)
47725 {
47726- return (x < m) ? x + m : x;
47727+ return (x <= m) ? x + m + 1 : x;
47728 }
47729
47730 /**
47731diff -urNp linux-2.6.38.2/include/linux/reiserfs_fs.h linux-2.6.38.2/include/linux/reiserfs_fs.h
47732--- linux-2.6.38.2/include/linux/reiserfs_fs.h 2011-03-14 21:20:32.000000000 -0400
47733+++ linux-2.6.38.2/include/linux/reiserfs_fs.h 2011-03-21 18:31:35.000000000 -0400
47734@@ -1403,7 +1403,7 @@ static inline loff_t max_reiserfs_offset
47735 #define REISERFS_USER_MEM 1 /* reiserfs user memory mode */
47736
47737 #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter)
47738-#define get_generation(s) atomic_read (&fs_generation(s))
47739+#define get_generation(s) atomic_read_unchecked (&fs_generation(s))
47740 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen)
47741 #define __fs_changed(gen,s) (gen != get_generation (s))
47742 #define fs_changed(gen,s) \
47743@@ -1615,24 +1615,24 @@ static inline struct super_block *sb_fro
47744 */
47745
47746 struct item_operations {
47747- int (*bytes_number) (struct item_head * ih, int block_size);
47748- void (*decrement_key) (struct cpu_key *);
47749- int (*is_left_mergeable) (struct reiserfs_key * ih,
47750+ int (* const bytes_number) (struct item_head * ih, int block_size);
47751+ void (* const decrement_key) (struct cpu_key *);
47752+ int (* const is_left_mergeable) (struct reiserfs_key * ih,
47753 unsigned long bsize);
47754- void (*print_item) (struct item_head *, char *item);
47755- void (*check_item) (struct item_head *, char *item);
47756+ void (* const print_item) (struct item_head *, char *item);
47757+ void (* const check_item) (struct item_head *, char *item);
47758
47759- int (*create_vi) (struct virtual_node * vn, struct virtual_item * vi,
47760+ int (* const create_vi) (struct virtual_node * vn, struct virtual_item * vi,
47761 int is_affected, int insert_size);
47762- int (*check_left) (struct virtual_item * vi, int free,
47763+ int (* const check_left) (struct virtual_item * vi, int free,
47764 int start_skip, int end_skip);
47765- int (*check_right) (struct virtual_item * vi, int free);
47766- int (*part_size) (struct virtual_item * vi, int from, int to);
47767- int (*unit_num) (struct virtual_item * vi);
47768- void (*print_vi) (struct virtual_item * vi);
47769+ int (* const check_right) (struct virtual_item * vi, int free);
47770+ int (* const part_size) (struct virtual_item * vi, int from, int to);
47771+ int (* const unit_num) (struct virtual_item * vi);
47772+ void (* const print_vi) (struct virtual_item * vi);
47773 };
47774
47775-extern struct item_operations *item_ops[TYPE_ANY + 1];
47776+extern const struct item_operations * const item_ops[TYPE_ANY + 1];
47777
47778 #define op_bytes_number(ih,bsize) item_ops[le_ih_k_type (ih)]->bytes_number (ih, bsize)
47779 #define op_is_left_mergeable(key,bsize) item_ops[le_key_k_type (le_key_version (key), key)]->is_left_mergeable (key, bsize)
47780diff -urNp linux-2.6.38.2/include/linux/reiserfs_fs_sb.h linux-2.6.38.2/include/linux/reiserfs_fs_sb.h
47781--- linux-2.6.38.2/include/linux/reiserfs_fs_sb.h 2011-03-14 21:20:32.000000000 -0400
47782+++ linux-2.6.38.2/include/linux/reiserfs_fs_sb.h 2011-03-21 18:31:35.000000000 -0400
47783@@ -386,7 +386,7 @@ struct reiserfs_sb_info {
47784 /* Comment? -Hans */
47785 wait_queue_head_t s_wait;
47786 /* To be obsoleted soon by per buffer seals.. -Hans */
47787- atomic_t s_generation_counter; // increased by one every time the
47788+ atomic_unchecked_t s_generation_counter; // increased by one every time the
47789 // tree gets re-balanced
47790 unsigned long s_properties; /* File system properties. Currently holds
47791 on-disk FS format */
47792diff -urNp linux-2.6.38.2/include/linux/rmap.h linux-2.6.38.2/include/linux/rmap.h
47793--- linux-2.6.38.2/include/linux/rmap.h 2011-03-14 21:20:32.000000000 -0400
47794+++ linux-2.6.38.2/include/linux/rmap.h 2011-03-21 18:31:35.000000000 -0400
47795@@ -145,8 +145,8 @@ static inline void anon_vma_unlock(struc
47796 void anon_vma_init(void); /* create anon_vma_cachep */
47797 int anon_vma_prepare(struct vm_area_struct *);
47798 void unlink_anon_vmas(struct vm_area_struct *);
47799-int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *);
47800-int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
47801+int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *);
47802+int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct *);
47803 void __anon_vma_link(struct vm_area_struct *);
47804 void anon_vma_free(struct anon_vma *);
47805
47806diff -urNp linux-2.6.38.2/include/linux/sched.h linux-2.6.38.2/include/linux/sched.h
47807--- linux-2.6.38.2/include/linux/sched.h 2011-03-14 21:20:32.000000000 -0400
47808+++ linux-2.6.38.2/include/linux/sched.h 2011-03-26 17:18:15.000000000 -0400
47809@@ -99,6 +99,7 @@ struct robust_list_head;
47810 struct bio_list;
47811 struct fs_struct;
47812 struct perf_event_context;
47813+struct linux_binprm;
47814
47815 /*
47816 * List of flags we want to share for kernel threads,
47817@@ -380,10 +381,13 @@ struct user_namespace;
47818 #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
47819
47820 extern int sysctl_max_map_count;
47821+extern unsigned long sysctl_heap_stack_gap;
47822
47823 #include <linux/aio.h>
47824
47825 #ifdef CONFIG_MMU
47826+extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len);
47827+extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len);
47828 extern void arch_pick_mmap_layout(struct mm_struct *mm);
47829 extern unsigned long
47830 arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
47831@@ -628,6 +632,17 @@ struct signal_struct {
47832 #ifdef CONFIG_TASKSTATS
47833 struct taskstats *stats;
47834 #endif
47835+
47836+#ifdef CONFIG_GRKERNSEC
47837+ u32 curr_ip;
47838+ u32 saved_ip;
47839+ u32 gr_saddr;
47840+ u32 gr_daddr;
47841+ u16 gr_sport;
47842+ u16 gr_dport;
47843+ u8 used_accept:1;
47844+#endif
47845+
47846 #ifdef CONFIG_AUDIT
47847 unsigned audit_tty;
47848 struct tty_audit_buf *tty_audit_buf;
47849@@ -1192,7 +1207,7 @@ enum perf_event_task_context {
47850
47851 struct task_struct {
47852 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
47853- void *stack;
47854+ struct thread_info *stack;
47855 atomic_t usage;
47856 unsigned int flags; /* per process flags, defined below */
47857 unsigned int ptrace;
47858@@ -1307,8 +1322,8 @@ struct task_struct {
47859 struct list_head thread_group;
47860
47861 struct completion *vfork_done; /* for vfork() */
47862- int __user *set_child_tid; /* CLONE_CHILD_SETTID */
47863- int __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
47864+ pid_t __user *set_child_tid; /* CLONE_CHILD_SETTID */
47865+ pid_t __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
47866
47867 cputime_t utime, stime, utimescaled, stimescaled;
47868 cputime_t gtime;
47869@@ -1324,13 +1339,6 @@ struct task_struct {
47870 struct task_cputime cputime_expires;
47871 struct list_head cpu_timers[3];
47872
47873-/* process credentials */
47874- const struct cred __rcu *real_cred; /* objective and real subjective task
47875- * credentials (COW) */
47876- const struct cred __rcu *cred; /* effective (overridable) subjective task
47877- * credentials (COW) */
47878- struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
47879-
47880 char comm[TASK_COMM_LEN]; /* executable name excluding path
47881 - access with [gs]et_task_comm (which lock
47882 it with task_lock())
47883@@ -1349,6 +1357,10 @@ struct task_struct {
47884 struct thread_struct thread;
47885 /* filesystem information */
47886 struct fs_struct *fs;
47887+
47888+ const struct cred __rcu *cred; /* effective (overridable) subjective task
47889+ * credentials (COW) */
47890+
47891 /* open file information */
47892 struct files_struct *files;
47893 /* namespaces */
47894@@ -1395,6 +1407,11 @@ struct task_struct {
47895 struct rt_mutex_waiter *pi_blocked_on;
47896 #endif
47897
47898+/* process credentials */
47899+ const struct cred __rcu *real_cred; /* objective and real subjective task
47900+ * credentials (COW) */
47901+ struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
47902+
47903 #ifdef CONFIG_DEBUG_MUTEXES
47904 /* mutex deadlock detection */
47905 struct mutex_waiter *blocked_on;
47906@@ -1499,6 +1516,21 @@ struct task_struct {
47907 unsigned long default_timer_slack_ns;
47908
47909 struct list_head *scm_work_list;
47910+
47911+#ifdef CONFIG_GRKERNSEC
47912+ /* grsecurity */
47913+ struct dentry *gr_chroot_dentry;
47914+ struct acl_subject_label *acl;
47915+ struct acl_role_label *role;
47916+ struct file *exec_file;
47917+ u16 acl_role_id;
47918+ /* is this the task that authenticated to the special role */
47919+ u8 acl_sp_role;
47920+ u8 is_writable;
47921+ u8 brute;
47922+ u8 gr_is_chrooted;
47923+#endif
47924+
47925 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
47926 /* Index of current stored address in ret_stack */
47927 int curr_ret_stack;
47928@@ -1530,6 +1562,52 @@ struct task_struct {
47929 #endif
47930 };
47931
47932+#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */
47933+#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */
47934+#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */
47935+#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */
47936+/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */
47937+#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */
47938+
47939+#ifdef CONFIG_PAX_SOFTMODE
47940+extern unsigned int pax_softmode;
47941+#endif
47942+
47943+extern int pax_check_flags(unsigned long *);
47944+
47945+/* if tsk != current then task_lock must be held on it */
47946+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
47947+static inline unsigned long pax_get_flags(struct task_struct *tsk)
47948+{
47949+ if (likely(tsk->mm))
47950+ return tsk->mm->pax_flags;
47951+ else
47952+ return 0UL;
47953+}
47954+
47955+/* if tsk != current then task_lock must be held on it */
47956+static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
47957+{
47958+ if (likely(tsk->mm)) {
47959+ tsk->mm->pax_flags = flags;
47960+ return 0;
47961+ }
47962+ return -EINVAL;
47963+}
47964+#endif
47965+
47966+#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
47967+extern void pax_set_initial_flags(struct linux_binprm *bprm);
47968+#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
47969+extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
47970+#endif
47971+
47972+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
47973+void pax_report_insns(void *pc, void *sp);
47974+void pax_report_refcount_overflow(struct pt_regs *regs);
47975+void pax_report_leak_to_user(const void *ptr, unsigned long len);
47976+void pax_report_overflow_from_user(const void *ptr, unsigned long len);
47977+
47978 /* Future-safe accessor for struct task_struct's cpus_allowed. */
47979 #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
47980
47981@@ -2169,7 +2247,7 @@ extern void __cleanup_sighand(struct sig
47982 extern void exit_itimers(struct signal_struct *);
47983 extern void flush_itimer_signals(void);
47984
47985-extern NORET_TYPE void do_group_exit(int);
47986+extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET;
47987
47988 extern void daemonize(const char *, ...);
47989 extern int allow_signal(int);
47990@@ -2294,8 +2372,8 @@ static inline void unlock_task_sighand(s
47991
47992 #ifndef __HAVE_THREAD_FUNCTIONS
47993
47994-#define task_thread_info(task) ((struct thread_info *)(task)->stack)
47995-#define task_stack_page(task) ((task)->stack)
47996+#define task_thread_info(task) ((task)->stack)
47997+#define task_stack_page(task) ((void *)(task)->stack)
47998
47999 static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
48000 {
48001@@ -2310,13 +2388,17 @@ static inline unsigned long *end_of_stac
48002
48003 #endif
48004
48005-static inline int object_is_on_stack(void *obj)
48006+static inline int object_starts_on_stack(void *obj)
48007 {
48008- void *stack = task_stack_page(current);
48009+ const void *stack = task_stack_page(current);
48010
48011 return (obj >= stack) && (obj < (stack + THREAD_SIZE));
48012 }
48013
48014+#ifdef CONFIG_PAX_USERCOPY
48015+extern int object_is_on_stack(const void *obj, unsigned long len);
48016+#endif
48017+
48018 extern void thread_info_cache_init(void);
48019
48020 #ifdef CONFIG_DEBUG_STACK_USAGE
48021diff -urNp linux-2.6.38.2/include/linux/screen_info.h linux-2.6.38.2/include/linux/screen_info.h
48022--- linux-2.6.38.2/include/linux/screen_info.h 2011-03-14 21:20:32.000000000 -0400
48023+++ linux-2.6.38.2/include/linux/screen_info.h 2011-03-21 18:31:35.000000000 -0400
48024@@ -43,7 +43,8 @@ struct screen_info {
48025 __u16 pages; /* 0x32 */
48026 __u16 vesa_attributes; /* 0x34 */
48027 __u32 capabilities; /* 0x36 */
48028- __u8 _reserved[6]; /* 0x3a */
48029+ __u16 vesapm_size; /* 0x3a */
48030+ __u8 _reserved[4]; /* 0x3c */
48031 } __attribute__((packed));
48032
48033 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
48034diff -urNp linux-2.6.38.2/include/linux/security.h linux-2.6.38.2/include/linux/security.h
48035--- linux-2.6.38.2/include/linux/security.h 2011-03-14 21:20:32.000000000 -0400
48036+++ linux-2.6.38.2/include/linux/security.h 2011-03-21 18:31:35.000000000 -0400
48037@@ -35,6 +35,7 @@
48038 #include <linux/key.h>
48039 #include <linux/xfrm.h>
48040 #include <linux/slab.h>
48041+#include <linux/grsecurity.h>
48042 #include <net/flow.h>
48043
48044 /* Maximum number of letters for an LSM name string */
48045diff -urNp linux-2.6.38.2/include/linux/shm.h linux-2.6.38.2/include/linux/shm.h
48046--- linux-2.6.38.2/include/linux/shm.h 2011-03-14 21:20:32.000000000 -0400
48047+++ linux-2.6.38.2/include/linux/shm.h 2011-03-21 18:31:35.000000000 -0400
48048@@ -95,6 +95,10 @@ struct shmid_kernel /* private to the ke
48049 pid_t shm_cprid;
48050 pid_t shm_lprid;
48051 struct user_struct *mlock_user;
48052+#ifdef CONFIG_GRKERNSEC
48053+ time_t shm_createtime;
48054+ pid_t shm_lapid;
48055+#endif
48056 };
48057
48058 /* shm_mode upper byte flags */
48059diff -urNp linux-2.6.38.2/include/linux/skbuff.h linux-2.6.38.2/include/linux/skbuff.h
48060--- linux-2.6.38.2/include/linux/skbuff.h 2011-03-14 21:20:32.000000000 -0400
48061+++ linux-2.6.38.2/include/linux/skbuff.h 2011-03-21 18:31:35.000000000 -0400
48062@@ -589,7 +589,7 @@ static inline struct skb_shared_hwtstamp
48063 */
48064 static inline int skb_queue_empty(const struct sk_buff_head *list)
48065 {
48066- return list->next == (struct sk_buff *)list;
48067+ return list->next == (const struct sk_buff *)list;
48068 }
48069
48070 /**
48071@@ -602,7 +602,7 @@ static inline int skb_queue_empty(const
48072 static inline bool skb_queue_is_last(const struct sk_buff_head *list,
48073 const struct sk_buff *skb)
48074 {
48075- return skb->next == (struct sk_buff *)list;
48076+ return skb->next == (const struct sk_buff *)list;
48077 }
48078
48079 /**
48080@@ -615,7 +615,7 @@ static inline bool skb_queue_is_last(con
48081 static inline bool skb_queue_is_first(const struct sk_buff_head *list,
48082 const struct sk_buff *skb)
48083 {
48084- return skb->prev == (struct sk_buff *)list;
48085+ return skb->prev == (const struct sk_buff *)list;
48086 }
48087
48088 /**
48089diff -urNp linux-2.6.38.2/include/linux/slab.h linux-2.6.38.2/include/linux/slab.h
48090--- linux-2.6.38.2/include/linux/slab.h 2011-03-14 21:20:32.000000000 -0400
48091+++ linux-2.6.38.2/include/linux/slab.h 2011-03-21 18:31:35.000000000 -0400
48092@@ -11,6 +11,7 @@
48093
48094 #include <linux/gfp.h>
48095 #include <linux/types.h>
48096+#include <linux/err.h>
48097
48098 /*
48099 * Flags to pass to kmem_cache_create().
48100@@ -87,10 +88,13 @@
48101 * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
48102 * Both make kfree a no-op.
48103 */
48104-#define ZERO_SIZE_PTR ((void *)16)
48105+#define ZERO_SIZE_PTR \
48106+({ \
48107+ BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
48108+ (void *)(-MAX_ERRNO-1L); \
48109+})
48110
48111-#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
48112- (unsigned long)ZERO_SIZE_PTR)
48113+#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= (unsigned long)ZERO_SIZE_PTR - 1)
48114
48115 /*
48116 * struct kmem_cache related prototypes
48117@@ -142,6 +146,7 @@ void * __must_check krealloc(const void
48118 void kfree(const void *);
48119 void kzfree(const void *);
48120 size_t ksize(const void *);
48121+void check_object_size(const void *ptr, unsigned long n, bool to);
48122
48123 /*
48124 * Allocator specific definitions. These are mainly used to establish optimized
48125@@ -334,4 +339,37 @@ static inline void *kzalloc_node(size_t
48126
48127 void __init kmem_cache_init_late(void);
48128
48129+#define kmalloc(x, y) \
48130+({ \
48131+ void *___retval; \
48132+ intoverflow_t ___x = (intoverflow_t)x; \
48133+ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n"))\
48134+ ___retval = NULL; \
48135+ else \
48136+ ___retval = kmalloc((size_t)___x, (y)); \
48137+ ___retval; \
48138+})
48139+
48140+#define kmalloc_node(x, y, z) \
48141+({ \
48142+ void *___retval; \
48143+ intoverflow_t ___x = (intoverflow_t)x; \
48144+ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\
48145+ ___retval = NULL; \
48146+ else \
48147+ ___retval = kmalloc_node((size_t)___x, (y), (z));\
48148+ ___retval; \
48149+})
48150+
48151+#define kzalloc(x, y) \
48152+({ \
48153+ void *___retval; \
48154+ intoverflow_t ___x = (intoverflow_t)x; \
48155+ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n"))\
48156+ ___retval = NULL; \
48157+ else \
48158+ ___retval = kzalloc((size_t)___x, (y)); \
48159+ ___retval; \
48160+})
48161+
48162 #endif /* _LINUX_SLAB_H */
48163diff -urNp linux-2.6.38.2/include/linux/slub_def.h linux-2.6.38.2/include/linux/slub_def.h
48164--- linux-2.6.38.2/include/linux/slub_def.h 2011-03-14 21:20:32.000000000 -0400
48165+++ linux-2.6.38.2/include/linux/slub_def.h 2011-03-21 18:31:35.000000000 -0400
48166@@ -79,7 +79,7 @@ struct kmem_cache {
48167 struct kmem_cache_order_objects max;
48168 struct kmem_cache_order_objects min;
48169 gfp_t allocflags; /* gfp flags to use on each alloc */
48170- int refcount; /* Refcount for slab cache destroy */
48171+ atomic_t refcount; /* Refcount for slab cache destroy */
48172 void (*ctor)(void *);
48173 int inuse; /* Offset to metadata */
48174 int align; /* Alignment */
48175diff -urNp linux-2.6.38.2/include/linux/sonet.h linux-2.6.38.2/include/linux/sonet.h
48176--- linux-2.6.38.2/include/linux/sonet.h 2011-03-14 21:20:32.000000000 -0400
48177+++ linux-2.6.38.2/include/linux/sonet.h 2011-03-21 18:31:35.000000000 -0400
48178@@ -61,7 +61,7 @@ struct sonet_stats {
48179 #include <asm/atomic.h>
48180
48181 struct k_sonet_stats {
48182-#define __HANDLE_ITEM(i) atomic_t i
48183+#define __HANDLE_ITEM(i) atomic_unchecked_t i
48184 __SONET_ITEMS
48185 #undef __HANDLE_ITEM
48186 };
48187diff -urNp linux-2.6.38.2/include/linux/sunrpc/clnt.h linux-2.6.38.2/include/linux/sunrpc/clnt.h
48188--- linux-2.6.38.2/include/linux/sunrpc/clnt.h 2011-03-14 21:20:32.000000000 -0400
48189+++ linux-2.6.38.2/include/linux/sunrpc/clnt.h 2011-03-21 18:31:35.000000000 -0400
48190@@ -168,9 +168,9 @@ static inline unsigned short rpc_get_por
48191 {
48192 switch (sap->sa_family) {
48193 case AF_INET:
48194- return ntohs(((struct sockaddr_in *)sap)->sin_port);
48195+ return ntohs(((const struct sockaddr_in *)sap)->sin_port);
48196 case AF_INET6:
48197- return ntohs(((struct sockaddr_in6 *)sap)->sin6_port);
48198+ return ntohs(((const struct sockaddr_in6 *)sap)->sin6_port);
48199 }
48200 return 0;
48201 }
48202@@ -203,7 +203,7 @@ static inline bool __rpc_cmp_addr4(const
48203 static inline bool __rpc_copy_addr4(struct sockaddr *dst,
48204 const struct sockaddr *src)
48205 {
48206- const struct sockaddr_in *ssin = (struct sockaddr_in *) src;
48207+ const struct sockaddr_in *ssin = (const struct sockaddr_in *) src;
48208 struct sockaddr_in *dsin = (struct sockaddr_in *) dst;
48209
48210 dsin->sin_family = ssin->sin_family;
48211@@ -300,7 +300,7 @@ static inline u32 rpc_get_scope_id(const
48212 if (sa->sa_family != AF_INET6)
48213 return 0;
48214
48215- return ((struct sockaddr_in6 *) sa)->sin6_scope_id;
48216+ return ((const struct sockaddr_in6 *) sa)->sin6_scope_id;
48217 }
48218
48219 #endif /* __KERNEL__ */
48220diff -urNp linux-2.6.38.2/include/linux/suspend.h linux-2.6.38.2/include/linux/suspend.h
48221--- linux-2.6.38.2/include/linux/suspend.h 2011-03-14 21:20:32.000000000 -0400
48222+++ linux-2.6.38.2/include/linux/suspend.h 2011-03-21 18:31:35.000000000 -0400
48223@@ -106,15 +106,15 @@ typedef int __bitwise suspend_state_t;
48224 * which require special recovery actions in that situation.
48225 */
48226 struct platform_suspend_ops {
48227- int (*valid)(suspend_state_t state);
48228- int (*begin)(suspend_state_t state);
48229- int (*prepare)(void);
48230- int (*prepare_late)(void);
48231- int (*enter)(suspend_state_t state);
48232- void (*wake)(void);
48233- void (*finish)(void);
48234- void (*end)(void);
48235- void (*recover)(void);
48236+ int (* const valid)(suspend_state_t state);
48237+ int (* const begin)(suspend_state_t state);
48238+ int (* const prepare)(void);
48239+ int (* const prepare_late)(void);
48240+ int (* const enter)(suspend_state_t state);
48241+ void (* const wake)(void);
48242+ void (* const finish)(void);
48243+ void (* const end)(void);
48244+ void (* const recover)(void);
48245 };
48246
48247 #ifdef CONFIG_SUSPEND
48248@@ -217,16 +217,16 @@ extern void mark_free_pages(struct zone
48249 * platforms which require special recovery actions in that situation.
48250 */
48251 struct platform_hibernation_ops {
48252- int (*begin)(void);
48253- void (*end)(void);
48254- int (*pre_snapshot)(void);
48255- void (*finish)(void);
48256- int (*prepare)(void);
48257- int (*enter)(void);
48258- void (*leave)(void);
48259- int (*pre_restore)(void);
48260- void (*restore_cleanup)(void);
48261- void (*recover)(void);
48262+ int (* const begin)(void);
48263+ void (* const end)(void);
48264+ int (* const pre_snapshot)(void);
48265+ void (* const finish)(void);
48266+ int (* const prepare)(void);
48267+ int (* const enter)(void);
48268+ void (* const leave)(void);
48269+ int (* const pre_restore)(void);
48270+ void (* const restore_cleanup)(void);
48271+ void (* const recover)(void);
48272 };
48273
48274 #ifdef CONFIG_HIBERNATION
48275diff -urNp linux-2.6.38.2/include/linux/sysctl.h linux-2.6.38.2/include/linux/sysctl.h
48276--- linux-2.6.38.2/include/linux/sysctl.h 2011-03-14 21:20:32.000000000 -0400
48277+++ linux-2.6.38.2/include/linux/sysctl.h 2011-03-21 18:31:35.000000000 -0400
48278@@ -155,7 +155,11 @@ enum
48279 KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
48280 };
48281
48282-
48283+#ifdef CONFIG_PAX_SOFTMODE
48284+enum {
48285+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
48286+};
48287+#endif
48288
48289 /* CTL_VM names: */
48290 enum
48291@@ -967,6 +971,8 @@ typedef int proc_handler (struct ctl_tab
48292
48293 extern int proc_dostring(struct ctl_table *, int,
48294 void __user *, size_t *, loff_t *);
48295+extern int proc_dostring_modpriv(struct ctl_table *, int,
48296+ void __user *, size_t *, loff_t *);
48297 extern int proc_dointvec(struct ctl_table *, int,
48298 void __user *, size_t *, loff_t *);
48299 extern int proc_dointvec_minmax(struct ctl_table *, int,
48300diff -urNp linux-2.6.38.2/include/linux/sysfs.h linux-2.6.38.2/include/linux/sysfs.h
48301--- linux-2.6.38.2/include/linux/sysfs.h 2011-03-14 21:20:32.000000000 -0400
48302+++ linux-2.6.38.2/include/linux/sysfs.h 2011-03-21 18:31:35.000000000 -0400
48303@@ -110,8 +110,8 @@ struct bin_attribute {
48304 #define sysfs_bin_attr_init(bin_attr) sysfs_attr_init(&(bin_attr)->attr)
48305
48306 struct sysfs_ops {
48307- ssize_t (*show)(struct kobject *, struct attribute *,char *);
48308- ssize_t (*store)(struct kobject *,struct attribute *,const char *, size_t);
48309+ ssize_t (* const show)(struct kobject *, struct attribute *,char *);
48310+ ssize_t (* const store)(struct kobject *,struct attribute *,const char *, size_t);
48311 };
48312
48313 struct sysfs_dirent;
48314diff -urNp linux-2.6.38.2/include/linux/tty.h linux-2.6.38.2/include/linux/tty.h
48315--- linux-2.6.38.2/include/linux/tty.h 2011-03-14 21:20:32.000000000 -0400
48316+++ linux-2.6.38.2/include/linux/tty.h 2011-03-21 18:31:35.000000000 -0400
48317@@ -13,6 +13,8 @@
48318 #include <linux/tty_driver.h>
48319 #include <linux/tty_ldisc.h>
48320 #include <linux/mutex.h>
48321+#include <linux/poll.h>
48322+#include <linux/smp_lock.h>
48323
48324 #include <asm/system.h>
48325
48326@@ -465,7 +467,6 @@ extern int tty_perform_flush(struct tty_
48327 extern dev_t tty_devnum(struct tty_struct *tty);
48328 extern void proc_clear_tty(struct task_struct *p);
48329 extern struct tty_struct *get_current_tty(void);
48330-extern void tty_default_fops(struct file_operations *fops);
48331 extern struct tty_struct *alloc_tty_struct(void);
48332 extern int tty_add_file(struct tty_struct *tty, struct file *file);
48333 extern void free_tty_struct(struct tty_struct *tty);
48334@@ -528,6 +529,18 @@ extern void tty_ldisc_begin(void);
48335 /* This last one is just for the tty layer internals and shouldn't be used elsewhere */
48336 extern void tty_ldisc_enable(struct tty_struct *tty);
48337
48338+/* tty_io.c */
48339+extern ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
48340+extern ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
48341+extern unsigned int tty_poll(struct file *, poll_table *);
48342+#ifdef CONFIG_COMPAT
48343+extern long tty_compat_ioctl(struct file *file, unsigned int cmd,
48344+ unsigned long arg);
48345+#else
48346+#define tty_compat_ioctl NULL
48347+#endif
48348+extern int tty_release(struct inode *, struct file *);
48349+extern int tty_fasync(int fd, struct file *filp, int on);
48350
48351 /* n_tty.c */
48352 extern struct tty_ldisc_ops tty_ldisc_N_TTY;
48353diff -urNp linux-2.6.38.2/include/linux/tty_ldisc.h linux-2.6.38.2/include/linux/tty_ldisc.h
48354--- linux-2.6.38.2/include/linux/tty_ldisc.h 2011-03-14 21:20:32.000000000 -0400
48355+++ linux-2.6.38.2/include/linux/tty_ldisc.h 2011-03-21 18:31:35.000000000 -0400
48356@@ -148,7 +148,7 @@ struct tty_ldisc_ops {
48357
48358 struct module *owner;
48359
48360- int refcount;
48361+ atomic_t refcount;
48362 };
48363
48364 struct tty_ldisc {
48365diff -urNp linux-2.6.38.2/include/linux/types.h linux-2.6.38.2/include/linux/types.h
48366--- linux-2.6.38.2/include/linux/types.h 2011-03-14 21:20:32.000000000 -0400
48367+++ linux-2.6.38.2/include/linux/types.h 2011-03-21 18:31:35.000000000 -0400
48368@@ -207,10 +207,26 @@ typedef struct {
48369 int counter;
48370 } atomic_t;
48371
48372+#ifdef CONFIG_PAX_REFCOUNT
48373+typedef struct {
48374+ int counter;
48375+} atomic_unchecked_t;
48376+#else
48377+typedef atomic_t atomic_unchecked_t;
48378+#endif
48379+
48380 #ifdef CONFIG_64BIT
48381 typedef struct {
48382 long counter;
48383 } atomic64_t;
48384+
48385+#ifdef CONFIG_PAX_REFCOUNT
48386+typedef struct {
48387+ long counter;
48388+} atomic64_unchecked_t;
48389+#else
48390+typedef atomic64_t atomic64_unchecked_t;
48391+#endif
48392 #endif
48393
48394 struct list_head {
48395diff -urNp linux-2.6.38.2/include/linux/uaccess.h linux-2.6.38.2/include/linux/uaccess.h
48396--- linux-2.6.38.2/include/linux/uaccess.h 2011-03-14 21:20:32.000000000 -0400
48397+++ linux-2.6.38.2/include/linux/uaccess.h 2011-03-21 18:31:35.000000000 -0400
48398@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
48399 long ret; \
48400 mm_segment_t old_fs = get_fs(); \
48401 \
48402- set_fs(KERNEL_DS); \
48403 pagefault_disable(); \
48404+ set_fs(KERNEL_DS); \
48405 ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
48406- pagefault_enable(); \
48407 set_fs(old_fs); \
48408+ pagefault_enable(); \
48409 ret; \
48410 })
48411
48412@@ -93,8 +93,8 @@ static inline unsigned long __copy_from_
48413 * Safely read from address @src to the buffer at @dst. If a kernel fault
48414 * happens, handle that and return -EFAULT.
48415 */
48416-extern long probe_kernel_read(void *dst, void *src, size_t size);
48417-extern long __probe_kernel_read(void *dst, void *src, size_t size);
48418+extern long probe_kernel_read(void *dst, const void *src, size_t size);
48419+extern long __probe_kernel_read(void *dst, const void *src, size_t size);
48420
48421 /*
48422 * probe_kernel_write(): safely attempt to write to a location
48423@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *ds
48424 * Safely write to address @dst from the buffer at @src. If a kernel fault
48425 * happens, handle that and return -EFAULT.
48426 */
48427-extern long notrace probe_kernel_write(void *dst, void *src, size_t size);
48428-extern long notrace __probe_kernel_write(void *dst, void *src, size_t size);
48429+extern long notrace probe_kernel_write(void *dst, const void *src, size_t size);
48430+extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size);
48431
48432 #endif /* __LINUX_UACCESS_H__ */
48433diff -urNp linux-2.6.38.2/include/linux/unaligned/access_ok.h linux-2.6.38.2/include/linux/unaligned/access_ok.h
48434--- linux-2.6.38.2/include/linux/unaligned/access_ok.h 2011-03-14 21:20:32.000000000 -0400
48435+++ linux-2.6.38.2/include/linux/unaligned/access_ok.h 2011-03-21 18:31:35.000000000 -0400
48436@@ -6,32 +6,32 @@
48437
48438 static inline u16 get_unaligned_le16(const void *p)
48439 {
48440- return le16_to_cpup((__le16 *)p);
48441+ return le16_to_cpup((const __le16 *)p);
48442 }
48443
48444 static inline u32 get_unaligned_le32(const void *p)
48445 {
48446- return le32_to_cpup((__le32 *)p);
48447+ return le32_to_cpup((const __le32 *)p);
48448 }
48449
48450 static inline u64 get_unaligned_le64(const void *p)
48451 {
48452- return le64_to_cpup((__le64 *)p);
48453+ return le64_to_cpup((const __le64 *)p);
48454 }
48455
48456 static inline u16 get_unaligned_be16(const void *p)
48457 {
48458- return be16_to_cpup((__be16 *)p);
48459+ return be16_to_cpup((const __be16 *)p);
48460 }
48461
48462 static inline u32 get_unaligned_be32(const void *p)
48463 {
48464- return be32_to_cpup((__be32 *)p);
48465+ return be32_to_cpup((const __be32 *)p);
48466 }
48467
48468 static inline u64 get_unaligned_be64(const void *p)
48469 {
48470- return be64_to_cpup((__be64 *)p);
48471+ return be64_to_cpup((const __be64 *)p);
48472 }
48473
48474 static inline void put_unaligned_le16(u16 val, void *p)
48475diff -urNp linux-2.6.38.2/include/linux/usb/hcd.h linux-2.6.38.2/include/linux/usb/hcd.h
48476--- linux-2.6.38.2/include/linux/usb/hcd.h 2011-03-23 17:20:08.000000000 -0400
48477+++ linux-2.6.38.2/include/linux/usb/hcd.h 2011-03-23 17:21:51.000000000 -0400
48478@@ -589,7 +589,7 @@ struct usb_mon_operations {
48479 /* void (*urb_unlink)(struct usb_bus *bus, struct urb *urb); */
48480 };
48481
48482-extern struct usb_mon_operations *mon_ops;
48483+extern const struct usb_mon_operations *mon_ops;
48484
48485 static inline void usbmon_urb_submit(struct usb_bus *bus, struct urb *urb)
48486 {
48487@@ -611,7 +611,7 @@ static inline void usbmon_urb_complete(s
48488 (*mon_ops->urb_complete)(bus, urb, status);
48489 }
48490
48491-int usb_mon_register(struct usb_mon_operations *ops);
48492+int usb_mon_register(const struct usb_mon_operations *ops);
48493 void usb_mon_deregister(void);
48494
48495 #else
48496diff -urNp linux-2.6.38.2/include/linux/vmalloc.h linux-2.6.38.2/include/linux/vmalloc.h
48497--- linux-2.6.38.2/include/linux/vmalloc.h 2011-03-14 21:20:32.000000000 -0400
48498+++ linux-2.6.38.2/include/linux/vmalloc.h 2011-03-21 18:31:35.000000000 -0400
48499@@ -13,6 +13,11 @@ struct vm_area_struct; /* vma defining
48500 #define VM_MAP 0x00000004 /* vmap()ed pages */
48501 #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
48502 #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
48503+
48504+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
48505+#define VM_KERNEXEC 0x00000020 /* allocate from executable kernel memory range */
48506+#endif
48507+
48508 /* bits [20..32] reserved for arch specific ioremap internals */
48509
48510 /*
48511@@ -123,4 +128,103 @@ struct vm_struct **pcpu_get_vm_areas(con
48512 void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms);
48513 #endif
48514
48515+#define vmalloc(x) \
48516+({ \
48517+ void *___retval; \
48518+ intoverflow_t ___x = (intoverflow_t)x; \
48519+ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \
48520+ ___retval = NULL; \
48521+ else \
48522+ ___retval = vmalloc((unsigned long)___x); \
48523+ ___retval; \
48524+})
48525+
48526+#define vzalloc(x) \
48527+({ \
48528+ void *___retval; \
48529+ intoverflow_t ___x = (intoverflow_t)x; \
48530+ if (WARN(___x > ULONG_MAX, "vzalloc size overflow\n")) \
48531+ ___retval = NULL; \
48532+ else \
48533+ ___retval = vzalloc((unsigned long)___x); \
48534+ ___retval; \
48535+})
48536+
48537+#define __vmalloc(x, y, z) \
48538+({ \
48539+ void *___retval; \
48540+ intoverflow_t ___x = (intoverflow_t)x; \
48541+ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\
48542+ ___retval = NULL; \
48543+ else \
48544+ ___retval = __vmalloc((unsigned long)___x, (y), (z));\
48545+ ___retval; \
48546+})
48547+
48548+#define vmalloc_user(x) \
48549+({ \
48550+ void *___retval; \
48551+ intoverflow_t ___x = (intoverflow_t)x; \
48552+ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\
48553+ ___retval = NULL; \
48554+ else \
48555+ ___retval = vmalloc_user((unsigned long)___x); \
48556+ ___retval; \
48557+})
48558+
48559+#define vmalloc_exec(x) \
48560+({ \
48561+ void *___retval; \
48562+ intoverflow_t ___x = (intoverflow_t)x; \
48563+ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\
48564+ ___retval = NULL; \
48565+ else \
48566+ ___retval = vmalloc_exec((unsigned long)___x); \
48567+ ___retval; \
48568+})
48569+
48570+#define vmalloc_node(x, y) \
48571+({ \
48572+ void *___retval; \
48573+ intoverflow_t ___x = (intoverflow_t)x; \
48574+ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\
48575+ ___retval = NULL; \
48576+ else \
48577+ ___retval = vmalloc_node((unsigned long)___x, (y));\
48578+ ___retval; \
48579+})
48580+
48581+#define vzalloc_node(x, y) \
48582+({ \
48583+ void *___retval; \
48584+ intoverflow_t ___x = (intoverflow_t)x; \
48585+ if (WARN(___x > ULONG_MAX, "vzalloc_node size overflow\n"))\
48586+ ___retval = NULL; \
48587+ else \
48588+ ___retval = vzalloc_node((unsigned long)___x, (y));\
48589+ ___retval; \
48590+})
48591+
48592+#define vmalloc_32(x) \
48593+({ \
48594+ void *___retval; \
48595+ intoverflow_t ___x = (intoverflow_t)x; \
48596+ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\
48597+ ___retval = NULL; \
48598+ else \
48599+ ___retval = vmalloc_32((unsigned long)___x); \
48600+ ___retval; \
48601+})
48602+
48603+#define vmalloc_32_user(x) \
48604+({ \
48605+void *___retval; \
48606+ intoverflow_t ___x = (intoverflow_t)x; \
48607+ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\
48608+ ___retval = NULL; \
48609+ else \
48610+ ___retval = vmalloc_32_user((unsigned long)___x);\
48611+ ___retval; \
48612+})
48613+
48614 #endif /* _LINUX_VMALLOC_H */
48615diff -urNp linux-2.6.38.2/include/linux/vmstat.h linux-2.6.38.2/include/linux/vmstat.h
48616--- linux-2.6.38.2/include/linux/vmstat.h 2011-03-14 21:20:32.000000000 -0400
48617+++ linux-2.6.38.2/include/linux/vmstat.h 2011-03-21 18:31:35.000000000 -0400
48618@@ -140,18 +140,18 @@ static inline void vm_events_fold_cpu(in
48619 /*
48620 * Zone based page accounting with per cpu differentials.
48621 */
48622-extern atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
48623+extern atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
48624
48625 static inline void zone_page_state_add(long x, struct zone *zone,
48626 enum zone_stat_item item)
48627 {
48628- atomic_long_add(x, &zone->vm_stat[item]);
48629- atomic_long_add(x, &vm_stat[item]);
48630+ atomic_long_add_unchecked(x, &zone->vm_stat[item]);
48631+ atomic_long_add_unchecked(x, &vm_stat[item]);
48632 }
48633
48634 static inline unsigned long global_page_state(enum zone_stat_item item)
48635 {
48636- long x = atomic_long_read(&vm_stat[item]);
48637+ long x = atomic_long_read_unchecked(&vm_stat[item]);
48638 #ifdef CONFIG_SMP
48639 if (x < 0)
48640 x = 0;
48641@@ -162,7 +162,7 @@ static inline unsigned long global_page_
48642 static inline unsigned long zone_page_state(struct zone *zone,
48643 enum zone_stat_item item)
48644 {
48645- long x = atomic_long_read(&zone->vm_stat[item]);
48646+ long x = atomic_long_read_unchecked(&zone->vm_stat[item]);
48647 #ifdef CONFIG_SMP
48648 if (x < 0)
48649 x = 0;
48650@@ -179,7 +179,7 @@ static inline unsigned long zone_page_st
48651 static inline unsigned long zone_page_state_snapshot(struct zone *zone,
48652 enum zone_stat_item item)
48653 {
48654- long x = atomic_long_read(&zone->vm_stat[item]);
48655+ long x = atomic_long_read_unchecked(&zone->vm_stat[item]);
48656
48657 #ifdef CONFIG_SMP
48658 int cpu;
48659@@ -273,8 +273,8 @@ static inline void __mod_zone_page_state
48660
48661 static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item)
48662 {
48663- atomic_long_inc(&zone->vm_stat[item]);
48664- atomic_long_inc(&vm_stat[item]);
48665+ atomic_long_inc_unchecked(&zone->vm_stat[item]);
48666+ atomic_long_inc_unchecked(&vm_stat[item]);
48667 }
48668
48669 static inline void __inc_zone_page_state(struct page *page,
48670@@ -285,8 +285,8 @@ static inline void __inc_zone_page_state
48671
48672 static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item)
48673 {
48674- atomic_long_dec(&zone->vm_stat[item]);
48675- atomic_long_dec(&vm_stat[item]);
48676+ atomic_long_dec_unchecked(&zone->vm_stat[item]);
48677+ atomic_long_dec_unchecked(&vm_stat[item]);
48678 }
48679
48680 static inline void __dec_zone_page_state(struct page *page,
48681diff -urNp linux-2.6.38.2/include/net/inetpeer.h linux-2.6.38.2/include/net/inetpeer.h
48682--- linux-2.6.38.2/include/net/inetpeer.h 2011-03-14 21:20:32.000000000 -0400
48683+++ linux-2.6.38.2/include/net/inetpeer.h 2011-03-21 18:31:35.000000000 -0400
48684@@ -38,8 +38,8 @@ struct inet_peer {
48685 */
48686 union {
48687 struct {
48688- atomic_t rid; /* Frag reception counter */
48689- atomic_t ip_id_count; /* IP ID for the next packet */
48690+ atomic_unchecked_t rid; /* Frag reception counter */
48691+ atomic_unchecked_t ip_id_count; /* IP ID for the next packet */
48692 __u32 tcp_ts;
48693 __u32 tcp_ts_stamp;
48694 };
48695@@ -88,7 +88,7 @@ static inline __u16 inet_getid(struct in
48696 {
48697 more++;
48698 inet_peer_refcheck(p);
48699- return atomic_add_return(more, &p->ip_id_count) - more;
48700+ return atomic_add_return_unchecked(more, &p->ip_id_count) - more;
48701 }
48702
48703 #endif /* _NET_INETPEER_H */
48704diff -urNp linux-2.6.38.2/include/net/irda/ircomm_tty.h linux-2.6.38.2/include/net/irda/ircomm_tty.h
48705--- linux-2.6.38.2/include/net/irda/ircomm_tty.h 2011-03-14 21:20:32.000000000 -0400
48706+++ linux-2.6.38.2/include/net/irda/ircomm_tty.h 2011-03-21 18:31:35.000000000 -0400
48707@@ -35,6 +35,7 @@
48708 #include <linux/termios.h>
48709 #include <linux/timer.h>
48710 #include <linux/tty.h> /* struct tty_struct */
48711+#include <asm/local.h>
48712
48713 #include <net/irda/irias_object.h>
48714 #include <net/irda/ircomm_core.h>
48715@@ -105,8 +106,8 @@ struct ircomm_tty_cb {
48716 unsigned short close_delay;
48717 unsigned short closing_wait; /* time to wait before closing */
48718
48719- int open_count;
48720- int blocked_open; /* # of blocked opens */
48721+ local_t open_count;
48722+ local_t blocked_open; /* # of blocked opens */
48723
48724 /* Protect concurent access to :
48725 * o self->open_count
48726diff -urNp linux-2.6.38.2/include/net/neighbour.h linux-2.6.38.2/include/net/neighbour.h
48727--- linux-2.6.38.2/include/net/neighbour.h 2011-03-14 21:20:32.000000000 -0400
48728+++ linux-2.6.38.2/include/net/neighbour.h 2011-03-21 18:31:35.000000000 -0400
48729@@ -118,12 +118,12 @@ struct neighbour {
48730
48731 struct neigh_ops {
48732 int family;
48733- void (*solicit)(struct neighbour *, struct sk_buff*);
48734- void (*error_report)(struct neighbour *, struct sk_buff*);
48735- int (*output)(struct sk_buff*);
48736- int (*connected_output)(struct sk_buff*);
48737- int (*hh_output)(struct sk_buff*);
48738- int (*queue_xmit)(struct sk_buff*);
48739+ void (* const solicit)(struct neighbour *, struct sk_buff*);
48740+ void (* const error_report)(struct neighbour *, struct sk_buff*);
48741+ int (* const output)(struct sk_buff*);
48742+ int (* const connected_output)(struct sk_buff*);
48743+ int (* const hh_output)(struct sk_buff*);
48744+ int (* const queue_xmit)(struct sk_buff*);
48745 };
48746
48747 struct pneigh_entry {
48748diff -urNp linux-2.6.38.2/include/net/netlink.h linux-2.6.38.2/include/net/netlink.h
48749--- linux-2.6.38.2/include/net/netlink.h 2011-03-14 21:20:32.000000000 -0400
48750+++ linux-2.6.38.2/include/net/netlink.h 2011-03-21 18:31:35.000000000 -0400
48751@@ -562,7 +562,7 @@ static inline void *nlmsg_get_pos(struct
48752 static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)
48753 {
48754 if (mark)
48755- skb_trim(skb, (unsigned char *) mark - skb->data);
48756+ skb_trim(skb, (const unsigned char *) mark - skb->data);
48757 }
48758
48759 /**
48760diff -urNp linux-2.6.38.2/include/net/sctp/sctp.h linux-2.6.38.2/include/net/sctp/sctp.h
48761--- linux-2.6.38.2/include/net/sctp/sctp.h 2011-03-14 21:20:32.000000000 -0400
48762+++ linux-2.6.38.2/include/net/sctp/sctp.h 2011-03-21 18:31:35.000000000 -0400
48763@@ -316,9 +316,9 @@ do { \
48764
48765 #else /* SCTP_DEBUG */
48766
48767-#define SCTP_DEBUG_PRINTK(whatever...)
48768-#define SCTP_DEBUG_PRINTK_CONT(fmt, args...)
48769-#define SCTP_DEBUG_PRINTK_IPADDR(whatever...)
48770+#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0)
48771+#define SCTP_DEBUG_PRINTK_CONT(fmt, args...) do {} while (0)
48772+#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0)
48773 #define SCTP_ENABLE_DEBUG
48774 #define SCTP_DISABLE_DEBUG
48775 #define SCTP_ASSERT(expr, str, func)
48776diff -urNp linux-2.6.38.2/include/net/tcp.h linux-2.6.38.2/include/net/tcp.h
48777--- linux-2.6.38.2/include/net/tcp.h 2011-03-14 21:20:32.000000000 -0400
48778+++ linux-2.6.38.2/include/net/tcp.h 2011-03-21 18:31:35.000000000 -0400
48779@@ -1382,7 +1382,7 @@ enum tcp_seq_states {
48780 struct tcp_seq_afinfo {
48781 char *name;
48782 sa_family_t family;
48783- struct file_operations seq_fops;
48784+ struct file_operations seq_fops; /* cannot be const */
48785 struct seq_operations seq_ops;
48786 };
48787
48788diff -urNp linux-2.6.38.2/include/net/udp.h linux-2.6.38.2/include/net/udp.h
48789--- linux-2.6.38.2/include/net/udp.h 2011-03-14 21:20:32.000000000 -0400
48790+++ linux-2.6.38.2/include/net/udp.h 2011-03-21 18:31:35.000000000 -0400
48791@@ -223,7 +223,7 @@ struct udp_seq_afinfo {
48792 char *name;
48793 sa_family_t family;
48794 struct udp_table *udp_table;
48795- struct file_operations seq_fops;
48796+ struct file_operations seq_fops; /* cannot be const */
48797 struct seq_operations seq_ops;
48798 };
48799
48800diff -urNp linux-2.6.38.2/include/sound/ac97_codec.h linux-2.6.38.2/include/sound/ac97_codec.h
48801--- linux-2.6.38.2/include/sound/ac97_codec.h 2011-03-14 21:20:32.000000000 -0400
48802+++ linux-2.6.38.2/include/sound/ac97_codec.h 2011-03-21 18:31:35.000000000 -0400
48803@@ -419,15 +419,15 @@
48804 struct snd_ac97;
48805
48806 struct snd_ac97_build_ops {
48807- int (*build_3d) (struct snd_ac97 *ac97);
48808- int (*build_specific) (struct snd_ac97 *ac97);
48809- int (*build_spdif) (struct snd_ac97 *ac97);
48810- int (*build_post_spdif) (struct snd_ac97 *ac97);
48811+ int (* const build_3d) (struct snd_ac97 *ac97);
48812+ int (* const build_specific) (struct snd_ac97 *ac97);
48813+ int (* const build_spdif) (struct snd_ac97 *ac97);
48814+ int (* const build_post_spdif) (struct snd_ac97 *ac97);
48815 #ifdef CONFIG_PM
48816- void (*suspend) (struct snd_ac97 *ac97);
48817- void (*resume) (struct snd_ac97 *ac97);
48818+ void (* const suspend) (struct snd_ac97 *ac97);
48819+ void (* const resume) (struct snd_ac97 *ac97);
48820 #endif
48821- void (*update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
48822+ void (* const update_jacks) (struct snd_ac97 *ac97); /* for jack-sharing */
48823 };
48824
48825 struct snd_ac97_bus_ops {
48826diff -urNp linux-2.6.38.2/include/trace/events/irq.h linux-2.6.38.2/include/trace/events/irq.h
48827--- linux-2.6.38.2/include/trace/events/irq.h 2011-03-14 21:20:32.000000000 -0400
48828+++ linux-2.6.38.2/include/trace/events/irq.h 2011-03-21 18:31:35.000000000 -0400
48829@@ -36,7 +36,7 @@ struct softirq_action;
48830 */
48831 TRACE_EVENT(irq_handler_entry,
48832
48833- TP_PROTO(int irq, struct irqaction *action),
48834+ TP_PROTO(int irq, const struct irqaction *action),
48835
48836 TP_ARGS(irq, action),
48837
48838@@ -66,7 +66,7 @@ TRACE_EVENT(irq_handler_entry,
48839 */
48840 TRACE_EVENT(irq_handler_exit,
48841
48842- TP_PROTO(int irq, struct irqaction *action, int ret),
48843+ TP_PROTO(int irq, const struct irqaction *action, int ret),
48844
48845 TP_ARGS(irq, action, ret),
48846
48847diff -urNp linux-2.6.38.2/include/video/uvesafb.h linux-2.6.38.2/include/video/uvesafb.h
48848--- linux-2.6.38.2/include/video/uvesafb.h 2011-03-14 21:20:32.000000000 -0400
48849+++ linux-2.6.38.2/include/video/uvesafb.h 2011-03-21 18:31:35.000000000 -0400
48850@@ -177,6 +177,7 @@ struct uvesafb_par {
48851 u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */
48852 u8 pmi_setpal; /* PMI for palette changes */
48853 u16 *pmi_base; /* protected mode interface location */
48854+ u8 *pmi_code; /* protected mode code location */
48855 void *pmi_start;
48856 void *pmi_pal;
48857 u8 *vbe_state_orig; /*
48858diff -urNp linux-2.6.38.2/init/do_mounts.c linux-2.6.38.2/init/do_mounts.c
48859--- linux-2.6.38.2/init/do_mounts.c 2011-03-14 21:20:32.000000000 -0400
48860+++ linux-2.6.38.2/init/do_mounts.c 2011-03-21 18:31:35.000000000 -0400
48861@@ -287,7 +287,7 @@ static void __init get_fs_names(char *pa
48862
48863 static int __init do_mount_root(char *name, char *fs, int flags, void *data)
48864 {
48865- int err = sys_mount(name, "/root", fs, flags, data);
48866+ int err = sys_mount((__force char __user *)name, (__force char __user *)"/root", (__force char __user *)fs, flags, (__force void __user *)data);
48867 if (err)
48868 return err;
48869
48870@@ -382,18 +382,18 @@ void __init change_floppy(char *fmt, ...
48871 va_start(args, fmt);
48872 vsprintf(buf, fmt, args);
48873 va_end(args);
48874- fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0);
48875+ fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0);
48876 if (fd >= 0) {
48877 sys_ioctl(fd, FDEJECT, 0);
48878 sys_close(fd);
48879 }
48880 printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf);
48881- fd = sys_open("/dev/console", O_RDWR, 0);
48882+ fd = sys_open((__force const char __user *)"/dev/console", O_RDWR, 0);
48883 if (fd >= 0) {
48884 sys_ioctl(fd, TCGETS, (long)&termios);
48885 termios.c_lflag &= ~ICANON;
48886 sys_ioctl(fd, TCSETSF, (long)&termios);
48887- sys_read(fd, &c, 1);
48888+ sys_read(fd, (char __user *)&c, 1);
48889 termios.c_lflag |= ICANON;
48890 sys_ioctl(fd, TCSETSF, (long)&termios);
48891 sys_close(fd);
48892@@ -487,6 +487,6 @@ void __init prepare_namespace(void)
48893 mount_root();
48894 out:
48895 devtmpfs_mount("dev");
48896- sys_mount(".", "/", NULL, MS_MOVE, NULL);
48897+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
48898 sys_chroot((const char __user __force *)".");
48899 }
48900diff -urNp linux-2.6.38.2/init/do_mounts.h linux-2.6.38.2/init/do_mounts.h
48901--- linux-2.6.38.2/init/do_mounts.h 2011-03-14 21:20:32.000000000 -0400
48902+++ linux-2.6.38.2/init/do_mounts.h 2011-03-21 18:31:35.000000000 -0400
48903@@ -15,15 +15,15 @@ extern int root_mountflags;
48904
48905 static inline int create_dev(char *name, dev_t dev)
48906 {
48907- sys_unlink(name);
48908- return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
48909+ sys_unlink((__force char __user *)name);
48910+ return sys_mknod((__force char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
48911 }
48912
48913 #if BITS_PER_LONG == 32
48914 static inline u32 bstat(char *name)
48915 {
48916 struct stat64 stat;
48917- if (sys_stat64(name, &stat) != 0)
48918+ if (sys_stat64((__force char __user *)name, (__force struct stat64 __user *)&stat) != 0)
48919 return 0;
48920 if (!S_ISBLK(stat.st_mode))
48921 return 0;
48922diff -urNp linux-2.6.38.2/init/do_mounts_initrd.c linux-2.6.38.2/init/do_mounts_initrd.c
48923--- linux-2.6.38.2/init/do_mounts_initrd.c 2011-03-14 21:20:32.000000000 -0400
48924+++ linux-2.6.38.2/init/do_mounts_initrd.c 2011-03-21 18:31:35.000000000 -0400
48925@@ -44,13 +44,13 @@ static void __init handle_initrd(void)
48926 create_dev("/dev/root.old", Root_RAM0);
48927 /* mount initrd on rootfs' /root */
48928 mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
48929- sys_mkdir("/old", 0700);
48930- root_fd = sys_open("/", 0, 0);
48931- old_fd = sys_open("/old", 0, 0);
48932+ sys_mkdir((__force const char __user *)"/old", 0700);
48933+ root_fd = sys_open((__force const char __user *)"/", 0, 0);
48934+ old_fd = sys_open((__force const char __user *)"/old", 0, 0);
48935 /* move initrd over / and chdir/chroot in initrd root */
48936- sys_chdir("/root");
48937- sys_mount(".", "/", NULL, MS_MOVE, NULL);
48938- sys_chroot(".");
48939+ sys_chdir((__force const char __user *)"/root");
48940+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
48941+ sys_chroot((__force const char __user *)".");
48942
48943 /*
48944 * In case that a resume from disk is carried out by linuxrc or one of
48945@@ -67,15 +67,15 @@ static void __init handle_initrd(void)
48946
48947 /* move initrd to rootfs' /old */
48948 sys_fchdir(old_fd);
48949- sys_mount("/", ".", NULL, MS_MOVE, NULL);
48950+ sys_mount((__force char __user *)"/", (__force char __user *)".", NULL, MS_MOVE, NULL);
48951 /* switch root and cwd back to / of rootfs */
48952 sys_fchdir(root_fd);
48953- sys_chroot(".");
48954+ sys_chroot((__force const char __user *)".");
48955 sys_close(old_fd);
48956 sys_close(root_fd);
48957
48958 if (new_decode_dev(real_root_dev) == Root_RAM0) {
48959- sys_chdir("/old");
48960+ sys_chdir((__force const char __user *)"/old");
48961 return;
48962 }
48963
48964@@ -83,17 +83,17 @@ static void __init handle_initrd(void)
48965 mount_root();
48966
48967 printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
48968- error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
48969+ error = sys_mount((__force char __user *)"/old", (__force char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
48970 if (!error)
48971 printk("okay\n");
48972 else {
48973- int fd = sys_open("/dev/root.old", O_RDWR, 0);
48974+ int fd = sys_open((__force const char __user *)"/dev/root.old", O_RDWR, 0);
48975 if (error == -ENOENT)
48976 printk("/initrd does not exist. Ignored.\n");
48977 else
48978 printk("failed\n");
48979 printk(KERN_NOTICE "Unmounting old root\n");
48980- sys_umount("/old", MNT_DETACH);
48981+ sys_umount((__force char __user *)"/old", MNT_DETACH);
48982 printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
48983 if (fd < 0) {
48984 error = fd;
48985@@ -116,11 +116,11 @@ int __init initrd_load(void)
48986 * mounted in the normal path.
48987 */
48988 if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
48989- sys_unlink("/initrd.image");
48990+ sys_unlink((__force const char __user *)"/initrd.image");
48991 handle_initrd();
48992 return 1;
48993 }
48994 }
48995- sys_unlink("/initrd.image");
48996+ sys_unlink((__force const char __user *)"/initrd.image");
48997 return 0;
48998 }
48999diff -urNp linux-2.6.38.2/init/do_mounts_md.c linux-2.6.38.2/init/do_mounts_md.c
49000--- linux-2.6.38.2/init/do_mounts_md.c 2011-03-14 21:20:32.000000000 -0400
49001+++ linux-2.6.38.2/init/do_mounts_md.c 2011-03-21 18:31:35.000000000 -0400
49002@@ -170,7 +170,7 @@ static void __init md_setup_drive(void)
49003 partitioned ? "_d" : "", minor,
49004 md_setup_args[ent].device_names);
49005
49006- fd = sys_open(name, 0, 0);
49007+ fd = sys_open((__force char __user *)name, 0, 0);
49008 if (fd < 0) {
49009 printk(KERN_ERR "md: open failed - cannot start "
49010 "array %s\n", name);
49011@@ -233,7 +233,7 @@ static void __init md_setup_drive(void)
49012 * array without it
49013 */
49014 sys_close(fd);
49015- fd = sys_open(name, 0, 0);
49016+ fd = sys_open((__force char __user *)name, 0, 0);
49017 sys_ioctl(fd, BLKRRPART, 0);
49018 }
49019 sys_close(fd);
49020diff -urNp linux-2.6.38.2/init/initramfs.c linux-2.6.38.2/init/initramfs.c
49021--- linux-2.6.38.2/init/initramfs.c 2011-03-14 21:20:32.000000000 -0400
49022+++ linux-2.6.38.2/init/initramfs.c 2011-03-21 18:31:35.000000000 -0400
49023@@ -74,7 +74,7 @@ static void __init free_hash(void)
49024 }
49025 }
49026
49027-static long __init do_utime(char __user *filename, time_t mtime)
49028+static long __init do_utime(__force char __user *filename, time_t mtime)
49029 {
49030 struct timespec t[2];
49031
49032@@ -109,7 +109,7 @@ static void __init dir_utime(void)
49033 struct dir_entry *de, *tmp;
49034 list_for_each_entry_safe(de, tmp, &dir_list, list) {
49035 list_del(&de->list);
49036- do_utime(de->name, de->mtime);
49037+ do_utime((__force char __user *)de->name, de->mtime);
49038 kfree(de->name);
49039 kfree(de);
49040 }
49041@@ -271,7 +271,7 @@ static int __init maybe_link(void)
49042 if (nlink >= 2) {
49043 char *old = find_link(major, minor, ino, mode, collected);
49044 if (old)
49045- return (sys_link(old, collected) < 0) ? -1 : 1;
49046+ return (sys_link((__force char __user *)old, (__force char __user *)collected) < 0) ? -1 : 1;
49047 }
49048 return 0;
49049 }
49050@@ -280,11 +280,11 @@ static void __init clean_path(char *path
49051 {
49052 struct stat st;
49053
49054- if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
49055+ if (!sys_newlstat((__force char __user *)path, (__force struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
49056 if (S_ISDIR(st.st_mode))
49057- sys_rmdir(path);
49058+ sys_rmdir((__force char __user *)path);
49059 else
49060- sys_unlink(path);
49061+ sys_unlink((__force char __user *)path);
49062 }
49063 }
49064
49065@@ -305,7 +305,7 @@ static int __init do_name(void)
49066 int openflags = O_WRONLY|O_CREAT;
49067 if (ml != 1)
49068 openflags |= O_TRUNC;
49069- wfd = sys_open(collected, openflags, mode);
49070+ wfd = sys_open((__force char __user *)collected, openflags, mode);
49071
49072 if (wfd >= 0) {
49073 sys_fchown(wfd, uid, gid);
49074@@ -317,17 +317,17 @@ static int __init do_name(void)
49075 }
49076 }
49077 } else if (S_ISDIR(mode)) {
49078- sys_mkdir(collected, mode);
49079- sys_chown(collected, uid, gid);
49080- sys_chmod(collected, mode);
49081+ sys_mkdir((__force char __user *)collected, mode);
49082+ sys_chown((__force char __user *)collected, uid, gid);
49083+ sys_chmod((__force char __user *)collected, mode);
49084 dir_add(collected, mtime);
49085 } else if (S_ISBLK(mode) || S_ISCHR(mode) ||
49086 S_ISFIFO(mode) || S_ISSOCK(mode)) {
49087 if (maybe_link() == 0) {
49088- sys_mknod(collected, mode, rdev);
49089- sys_chown(collected, uid, gid);
49090- sys_chmod(collected, mode);
49091- do_utime(collected, mtime);
49092+ sys_mknod((__force char __user *)collected, mode, rdev);
49093+ sys_chown((__force char __user *)collected, uid, gid);
49094+ sys_chmod((__force char __user *)collected, mode);
49095+ do_utime((__force char __user *)collected, mtime);
49096 }
49097 }
49098 return 0;
49099@@ -336,15 +336,15 @@ static int __init do_name(void)
49100 static int __init do_copy(void)
49101 {
49102 if (count >= body_len) {
49103- sys_write(wfd, victim, body_len);
49104+ sys_write(wfd, (__force char __user *)victim, body_len);
49105 sys_close(wfd);
49106- do_utime(vcollected, mtime);
49107+ do_utime((__force char __user *)vcollected, mtime);
49108 kfree(vcollected);
49109 eat(body_len);
49110 state = SkipIt;
49111 return 0;
49112 } else {
49113- sys_write(wfd, victim, count);
49114+ sys_write(wfd, (__force char __user *)victim, count);
49115 body_len -= count;
49116 eat(count);
49117 return 1;
49118@@ -355,9 +355,9 @@ static int __init do_symlink(void)
49119 {
49120 collected[N_ALIGN(name_len) + body_len] = '\0';
49121 clean_path(collected, 0);
49122- sys_symlink(collected + N_ALIGN(name_len), collected);
49123- sys_lchown(collected, uid, gid);
49124- do_utime(collected, mtime);
49125+ sys_symlink((__force char __user *)collected + N_ALIGN(name_len), (__force char __user *)collected);
49126+ sys_lchown((__force char __user *)collected, uid, gid);
49127+ do_utime((__force char __user *)collected, mtime);
49128 state = SkipIt;
49129 next_state = Reset;
49130 return 0;
49131diff -urNp linux-2.6.38.2/init/Kconfig linux-2.6.38.2/init/Kconfig
49132--- linux-2.6.38.2/init/Kconfig 2011-03-14 21:20:32.000000000 -0400
49133+++ linux-2.6.38.2/init/Kconfig 2011-03-21 18:31:35.000000000 -0400
49134@@ -1185,7 +1185,7 @@ config SLUB_DEBUG
49135
49136 config COMPAT_BRK
49137 bool "Disable heap randomization"
49138- default y
49139+ default n
49140 help
49141 Randomizing heap placement makes heap exploits harder, but it
49142 also breaks ancient binaries (including anything libc5 based).
49143diff -urNp linux-2.6.38.2/init/main.c linux-2.6.38.2/init/main.c
49144--- linux-2.6.38.2/init/main.c 2011-03-14 21:20:32.000000000 -0400
49145+++ linux-2.6.38.2/init/main.c 2011-03-21 18:31:35.000000000 -0400
49146@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void)
49147 extern void tc_init(void);
49148 #endif
49149
49150+extern void grsecurity_init(void);
49151+
49152 /*
49153 * Debug helper: via this flag we know that we are in 'early bootup code'
49154 * where only the boot processor is running with IRQ disabled. This means
49155@@ -206,6 +208,47 @@ static int __init set_reset_devices(char
49156
49157 __setup("reset_devices", set_reset_devices);
49158
49159+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
49160+extern char pax_enter_kernel_user[];
49161+extern char pax_exit_kernel_user[];
49162+extern pgdval_t clone_pgd_mask;
49163+#endif
49164+
49165+#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF)
49166+static int __init setup_pax_nouderef(char *str)
49167+{
49168+#ifdef CONFIG_X86_32
49169+ unsigned int cpu;
49170+
49171+ for (cpu = 0; cpu < NR_CPUS; cpu++) {
49172+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].type = 3;
49173+ get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].limit = 0xf;
49174+ get_cpu_gdt_table(cpu)[GDT_ENTRY_DEFAULT_USER_CS].limit = 0xf;
49175+ get_cpu_gdt_table(cpu)[GDT_ENTRY_DEFAULT_USER_DS].limit = 0xf;
49176+ }
49177+ asm("mov %0, %%ds; mov %0, %%es; mov %0, %%ss" : : "r" (__KERNEL_DS) : "memory");
49178+#else
49179+ memcpy(pax_enter_kernel_user, (unsigned char []){0xc3}, 1);
49180+ memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1);
49181+ clone_pgd_mask = ~(pgdval_t)0UL;
49182+#endif
49183+
49184+ return 0;
49185+}
49186+early_param("pax_nouderef", setup_pax_nouderef);
49187+#endif
49188+
49189+#ifdef CONFIG_PAX_SOFTMODE
49190+unsigned int pax_softmode;
49191+
49192+static int __init setup_pax_softmode(char *str)
49193+{
49194+ get_option(&str, &pax_softmode);
49195+ return 1;
49196+}
49197+__setup("pax_softmode=", setup_pax_softmode);
49198+#endif
49199+
49200 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
49201 const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
49202 static const char *panic_later, *panic_param;
49203@@ -751,6 +794,7 @@ int __init_or_module do_one_initcall(ini
49204 {
49205 int count = preempt_count();
49206 int ret;
49207+ const char *msg1 = "", *msg2 = "";
49208
49209 if (initcall_debug)
49210 ret = do_one_initcall_debug(fn);
49211@@ -763,15 +807,15 @@ int __init_or_module do_one_initcall(ini
49212 sprintf(msgbuf, "error code %d ", ret);
49213
49214 if (preempt_count() != count) {
49215- strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf));
49216+ msg1 = " preemption imbalance";
49217 preempt_count() = count;
49218 }
49219 if (irqs_disabled()) {
49220- strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
49221+ msg2 = " disabled interrupts";
49222 local_irq_enable();
49223 }
49224- if (msgbuf[0]) {
49225- printk("initcall %pF returned with %s\n", fn, msgbuf);
49226+ if (msgbuf[0] || *msg1 || *msg2) {
49227+ printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2);
49228 }
49229
49230 return ret;
49231@@ -898,7 +942,7 @@ static int __init kernel_init(void * unu
49232 do_basic_setup();
49233
49234 /* Open the /dev/console on the rootfs, this should never fail */
49235- if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
49236+ if (sys_open((__force const char __user *) "/dev/console", O_RDWR, 0) < 0)
49237 printk(KERN_WARNING "Warning: unable to open an initial console.\n");
49238
49239 (void) sys_dup(0);
49240@@ -911,11 +955,13 @@ static int __init kernel_init(void * unu
49241 if (!ramdisk_execute_command)
49242 ramdisk_execute_command = "/init";
49243
49244- if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
49245+ if (sys_access((__force const char __user *) ramdisk_execute_command, 0) != 0) {
49246 ramdisk_execute_command = NULL;
49247 prepare_namespace();
49248 }
49249
49250+ grsecurity_init();
49251+
49252 /*
49253 * Ok, we have completed the initial bootup, and
49254 * we're essentially up and running. Get rid of the
49255diff -urNp linux-2.6.38.2/ipc/mqueue.c linux-2.6.38.2/ipc/mqueue.c
49256--- linux-2.6.38.2/ipc/mqueue.c 2011-03-14 21:20:32.000000000 -0400
49257+++ linux-2.6.38.2/ipc/mqueue.c 2011-03-21 18:31:35.000000000 -0400
49258@@ -154,6 +154,7 @@ static struct inode *mqueue_get_inode(st
49259 mq_bytes = (mq_msg_tblsz +
49260 (info->attr.mq_maxmsg * info->attr.mq_msgsize));
49261
49262+ gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
49263 spin_lock(&mq_lock);
49264 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
49265 u->mq_bytes + mq_bytes >
49266diff -urNp linux-2.6.38.2/ipc/shm.c linux-2.6.38.2/ipc/shm.c
49267--- linux-2.6.38.2/ipc/shm.c 2011-03-14 21:20:32.000000000 -0400
49268+++ linux-2.6.38.2/ipc/shm.c 2011-03-21 18:31:35.000000000 -0400
49269@@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_name
49270 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
49271 #endif
49272
49273+#ifdef CONFIG_GRKERNSEC
49274+extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
49275+ const time_t shm_createtime, const uid_t cuid,
49276+ const int shmid);
49277+extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
49278+ const time_t shm_createtime);
49279+#endif
49280+
49281 void shm_init_ns(struct ipc_namespace *ns)
49282 {
49283 ns->shm_ctlmax = SHMMAX;
49284@@ -401,6 +409,14 @@ static int newseg(struct ipc_namespace *
49285 shp->shm_lprid = 0;
49286 shp->shm_atim = shp->shm_dtim = 0;
49287 shp->shm_ctim = get_seconds();
49288+#ifdef CONFIG_GRKERNSEC
49289+ {
49290+ struct timespec timeval;
49291+ do_posix_clock_monotonic_gettime(&timeval);
49292+
49293+ shp->shm_createtime = timeval.tv_sec;
49294+ }
49295+#endif
49296 shp->shm_segsz = size;
49297 shp->shm_nattch = 0;
49298 shp->shm_file = file;
49299@@ -761,8 +777,6 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int,
49300 case SHM_LOCK:
49301 case SHM_UNLOCK:
49302 {
49303- struct file *uninitialized_var(shm_file);
49304-
49305 lru_add_drain_all(); /* drain pagevecs to lru lists */
49306
49307 shp = shm_lock_check(ns, shmid);
49308@@ -895,9 +909,21 @@ long do_shmat(int shmid, char __user *sh
49309 if (err)
49310 goto out_unlock;
49311
49312+#ifdef CONFIG_GRKERNSEC
49313+ if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
49314+ shp->shm_perm.cuid, shmid) ||
49315+ !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
49316+ err = -EACCES;
49317+ goto out_unlock;
49318+ }
49319+#endif
49320+
49321 path = shp->shm_file->f_path;
49322 path_get(&path);
49323 shp->shm_nattch++;
49324+#ifdef CONFIG_GRKERNSEC
49325+ shp->shm_lapid = current->pid;
49326+#endif
49327 size = i_size_read(path.dentry->d_inode);
49328 shm_unlock(shp);
49329
49330diff -urNp linux-2.6.38.2/kernel/acct.c linux-2.6.38.2/kernel/acct.c
49331--- linux-2.6.38.2/kernel/acct.c 2011-03-14 21:20:32.000000000 -0400
49332+++ linux-2.6.38.2/kernel/acct.c 2011-03-21 18:31:35.000000000 -0400
49333@@ -570,7 +570,7 @@ static void do_acct_process(struct bsd_a
49334 */
49335 flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
49336 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
49337- file->f_op->write(file, (char *)&ac,
49338+ file->f_op->write(file, (__force char __user *)&ac,
49339 sizeof(acct_t), &file->f_pos);
49340 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
49341 set_fs(fs);
49342diff -urNp linux-2.6.38.2/kernel/capability.c linux-2.6.38.2/kernel/capability.c
49343--- linux-2.6.38.2/kernel/capability.c 2011-03-14 21:20:32.000000000 -0400
49344+++ linux-2.6.38.2/kernel/capability.c 2011-03-21 18:31:35.000000000 -0400
49345@@ -205,6 +205,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_
49346 * before modification is attempted and the application
49347 * fails.
49348 */
49349+ if (tocopy > ARRAY_SIZE(kdata))
49350+ return -EFAULT;
49351+
49352 if (copy_to_user(dataptr, kdata, tocopy
49353 * sizeof(struct __user_cap_data_struct))) {
49354 return -EFAULT;
49355@@ -306,10 +309,26 @@ int capable(int cap)
49356 BUG();
49357 }
49358
49359- if (security_capable(current_cred(), cap) == 0) {
49360+ if (security_capable(current_cred(), cap) == 0 && gr_is_capable(cap)) {
49361 current->flags |= PF_SUPERPRIV;
49362 return 1;
49363 }
49364 return 0;
49365 }
49366+
49367+int capable_nolog(int cap)
49368+{
49369+ if (unlikely(!cap_valid(cap))) {
49370+ printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
49371+ BUG();
49372+ }
49373+
49374+ if (security_capable(current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) {
49375+ current->flags |= PF_SUPERPRIV;
49376+ return 1;
49377+ }
49378+ return 0;
49379+}
49380+
49381 EXPORT_SYMBOL(capable);
49382+EXPORT_SYMBOL(capable_nolog);
49383diff -urNp linux-2.6.38.2/kernel/compat.c linux-2.6.38.2/kernel/compat.c
49384--- linux-2.6.38.2/kernel/compat.c 2011-03-14 21:20:32.000000000 -0400
49385+++ linux-2.6.38.2/kernel/compat.c 2011-03-21 18:31:35.000000000 -0400
49386@@ -13,6 +13,7 @@
49387
49388 #include <linux/linkage.h>
49389 #include <linux/compat.h>
49390+#include <linux/module.h>
49391 #include <linux/errno.h>
49392 #include <linux/time.h>
49393 #include <linux/signal.h>
49394diff -urNp linux-2.6.38.2/kernel/configs.c linux-2.6.38.2/kernel/configs.c
49395--- linux-2.6.38.2/kernel/configs.c 2011-03-14 21:20:32.000000000 -0400
49396+++ linux-2.6.38.2/kernel/configs.c 2011-03-21 18:31:35.000000000 -0400
49397@@ -74,8 +74,19 @@ static int __init ikconfig_init(void)
49398 struct proc_dir_entry *entry;
49399
49400 /* create the current config file */
49401+#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
49402+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_HIDESYM)
49403+ entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL,
49404+ &ikconfig_file_ops);
49405+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
49406+ entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL,
49407+ &ikconfig_file_ops);
49408+#endif
49409+#else
49410 entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL,
49411 &ikconfig_file_ops);
49412+#endif
49413+
49414 if (!entry)
49415 return -ENOMEM;
49416
49417diff -urNp linux-2.6.38.2/kernel/cred.c linux-2.6.38.2/kernel/cred.c
49418--- linux-2.6.38.2/kernel/cred.c 2011-03-14 21:20:32.000000000 -0400
49419+++ linux-2.6.38.2/kernel/cred.c 2011-03-21 18:31:35.000000000 -0400
49420@@ -483,6 +483,8 @@ int commit_creds(struct cred *new)
49421
49422 get_cred(new); /* we will require a ref for the subj creds too */
49423
49424+ gr_set_role_label(task, new->uid, new->gid);
49425+
49426 /* dumpability changes */
49427 if (old->euid != new->euid ||
49428 old->egid != new->egid ||
49429diff -urNp linux-2.6.38.2/kernel/debug/debug_core.c linux-2.6.38.2/kernel/debug/debug_core.c
49430--- linux-2.6.38.2/kernel/debug/debug_core.c 2011-03-14 21:20:32.000000000 -0400
49431+++ linux-2.6.38.2/kernel/debug/debug_core.c 2011-03-21 18:31:35.000000000 -0400
49432@@ -72,7 +72,7 @@ int kgdb_io_module_registered;
49433 /* Guard for recursive entry */
49434 static int exception_level;
49435
49436-struct kgdb_io *dbg_io_ops;
49437+const struct kgdb_io *dbg_io_ops;
49438 static DEFINE_SPINLOCK(kgdb_registration_lock);
49439
49440 /* kgdb console driver is loaded */
49441@@ -864,7 +864,7 @@ static void kgdb_initial_breakpoint(void
49442 *
49443 * Register it with the KGDB core.
49444 */
49445-int kgdb_register_io_module(struct kgdb_io *new_dbg_io_ops)
49446+int kgdb_register_io_module(const struct kgdb_io *new_dbg_io_ops)
49447 {
49448 int err;
49449
49450@@ -909,7 +909,7 @@ EXPORT_SYMBOL_GPL(kgdb_register_io_modul
49451 *
49452 * Unregister it with the KGDB core.
49453 */
49454-void kgdb_unregister_io_module(struct kgdb_io *old_dbg_io_ops)
49455+void kgdb_unregister_io_module(const struct kgdb_io *old_dbg_io_ops)
49456 {
49457 BUG_ON(kgdb_connected);
49458
49459diff -urNp linux-2.6.38.2/kernel/debug/kdb/kdb_main.c linux-2.6.38.2/kernel/debug/kdb/kdb_main.c
49460--- linux-2.6.38.2/kernel/debug/kdb/kdb_main.c 2011-03-14 21:20:32.000000000 -0400
49461+++ linux-2.6.38.2/kernel/debug/kdb/kdb_main.c 2011-03-21 18:31:35.000000000 -0400
49462@@ -1980,7 +1980,7 @@ static int kdb_lsmod(int argc, const cha
49463 list_for_each_entry(mod, kdb_modules, list) {
49464
49465 kdb_printf("%-20s%8u 0x%p ", mod->name,
49466- mod->core_size, (void *)mod);
49467+ mod->core_size_rx + mod->core_size_rw, (void *)mod);
49468 #ifdef CONFIG_MODULE_UNLOAD
49469 kdb_printf("%4d ", module_refcount(mod));
49470 #endif
49471@@ -1990,7 +1990,7 @@ static int kdb_lsmod(int argc, const cha
49472 kdb_printf(" (Loading)");
49473 else
49474 kdb_printf(" (Live)");
49475- kdb_printf(" 0x%p", mod->module_core);
49476+ kdb_printf(" 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw);
49477
49478 #ifdef CONFIG_MODULE_UNLOAD
49479 {
49480diff -urNp linux-2.6.38.2/kernel/exit.c linux-2.6.38.2/kernel/exit.c
49481--- linux-2.6.38.2/kernel/exit.c 2011-03-14 21:20:32.000000000 -0400
49482+++ linux-2.6.38.2/kernel/exit.c 2011-03-21 18:31:35.000000000 -0400
49483@@ -57,6 +57,10 @@
49484 #include <asm/pgtable.h>
49485 #include <asm/mmu_context.h>
49486
49487+#ifdef CONFIG_GRKERNSEC
49488+extern rwlock_t grsec_exec_file_lock;
49489+#endif
49490+
49491 static void exit_mm(struct task_struct * tsk);
49492
49493 static void __unhash_process(struct task_struct *p, bool group_dead)
49494@@ -169,6 +173,8 @@ void release_task(struct task_struct * p
49495 struct task_struct *leader;
49496 int zap_leader;
49497 repeat:
49498+ gr_del_task_from_ip_table(p);
49499+
49500 tracehook_prepare_release_task(p);
49501 /* don't need to get the RCU readlock here - the process is dead and
49502 * can't be modifying its own credentials. But shut RCU-lockdep up */
49503@@ -338,11 +344,22 @@ static void reparent_to_kthreadd(void)
49504 {
49505 write_lock_irq(&tasklist_lock);
49506
49507+#ifdef CONFIG_GRKERNSEC
49508+ write_lock(&grsec_exec_file_lock);
49509+ if (current->exec_file) {
49510+ fput(current->exec_file);
49511+ current->exec_file = NULL;
49512+ }
49513+ write_unlock(&grsec_exec_file_lock);
49514+#endif
49515+
49516 ptrace_unlink(current);
49517 /* Reparent to init */
49518 current->real_parent = current->parent = kthreadd_task;
49519 list_move_tail(&current->sibling, &current->real_parent->children);
49520
49521+ gr_set_kernel_label(current);
49522+
49523 /* Set the exit signal to SIGCHLD so we signal init on exit */
49524 current->exit_signal = SIGCHLD;
49525
49526@@ -394,7 +411,7 @@ int allow_signal(int sig)
49527 * know it'll be handled, so that they don't get converted to
49528 * SIGKILL or just silently dropped.
49529 */
49530- current->sighand->action[(sig)-1].sa.sa_handler = (void __user *)2;
49531+ current->sighand->action[(sig)-1].sa.sa_handler = (__force void __user *)2;
49532 recalc_sigpending();
49533 spin_unlock_irq(&current->sighand->siglock);
49534 return 0;
49535@@ -430,6 +447,17 @@ void daemonize(const char *name, ...)
49536 vsnprintf(current->comm, sizeof(current->comm), name, args);
49537 va_end(args);
49538
49539+#ifdef CONFIG_GRKERNSEC
49540+ write_lock(&grsec_exec_file_lock);
49541+ if (current->exec_file) {
49542+ fput(current->exec_file);
49543+ current->exec_file = NULL;
49544+ }
49545+ write_unlock(&grsec_exec_file_lock);
49546+#endif
49547+
49548+ gr_set_kernel_label(current);
49549+
49550 /*
49551 * If we were started as result of loading a module, close all of the
49552 * user space pages. We don't need them, and if we didn't close them
49553@@ -905,17 +933,17 @@ NORET_TYPE void do_exit(long code)
49554 struct task_struct *tsk = current;
49555 int group_dead;
49556
49557- profile_task_exit(tsk);
49558-
49559- WARN_ON(atomic_read(&tsk->fs_excl));
49560-
49561+ /*
49562+ * Check this first since set_fs() below depends on
49563+ * current_thread_info(), which we better not access when we're in
49564+ * interrupt context. Other than that, we want to do the set_fs()
49565+ * as early as possible.
49566+ */
49567 if (unlikely(in_interrupt()))
49568 panic("Aiee, killing interrupt handler!");
49569- if (unlikely(!tsk->pid))
49570- panic("Attempted to kill the idle task!");
49571
49572 /*
49573- * If do_exit is called because this processes oopsed, it's possible
49574+ * If do_exit is called because this processes Oops'ed, it's possible
49575 * that get_fs() was left as KERNEL_DS, so reset it to USER_DS before
49576 * continuing. Amongst other possible reasons, this is to prevent
49577 * mm_release()->clear_child_tid() from writing to a user-controlled
49578@@ -923,6 +951,13 @@ NORET_TYPE void do_exit(long code)
49579 */
49580 set_fs(USER_DS);
49581
49582+ profile_task_exit(tsk);
49583+
49584+ WARN_ON(atomic_read(&tsk->fs_excl));
49585+
49586+ if (unlikely(!tsk->pid))
49587+ panic("Attempted to kill the idle task!");
49588+
49589 tracehook_report_exit(&code);
49590
49591 validate_creds_for_do_exit(tsk);
49592@@ -983,6 +1018,9 @@ NORET_TYPE void do_exit(long code)
49593 tsk->exit_code = code;
49594 taskstats_exit(tsk, group_dead);
49595
49596+ gr_acl_handle_psacct(tsk, code);
49597+ gr_acl_handle_exit();
49598+
49599 exit_mm(tsk);
49600
49601 if (group_dead)
49602diff -urNp linux-2.6.38.2/kernel/fork.c linux-2.6.38.2/kernel/fork.c
49603--- linux-2.6.38.2/kernel/fork.c 2011-03-14 21:20:32.000000000 -0400
49604+++ linux-2.6.38.2/kernel/fork.c 2011-03-21 18:31:35.000000000 -0400
49605@@ -280,7 +280,7 @@ static struct task_struct *dup_task_stru
49606 *stackend = STACK_END_MAGIC; /* for overflow detection */
49607
49608 #ifdef CONFIG_CC_STACKPROTECTOR
49609- tsk->stack_canary = get_random_int();
49610+ tsk->stack_canary = pax_get_random_long();
49611 #endif
49612
49613 /* One for us, one for whoever does the "release_task()" (usually parent) */
49614@@ -302,13 +302,78 @@ out:
49615 }
49616
49617 #ifdef CONFIG_MMU
49618+static struct vm_area_struct *dup_vma(struct mm_struct *mm, struct vm_area_struct *mpnt)
49619+{
49620+ struct vm_area_struct *tmp;
49621+ unsigned long charge;
49622+ struct mempolicy *pol;
49623+ struct file *file;
49624+
49625+ charge = 0;
49626+ if (mpnt->vm_flags & VM_ACCOUNT) {
49627+ unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
49628+ if (security_vm_enough_memory(len))
49629+ goto fail_nomem;
49630+ charge = len;
49631+ }
49632+ tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
49633+ if (!tmp)
49634+ goto fail_nomem;
49635+ *tmp = *mpnt;
49636+ tmp->vm_mm = mm;
49637+ INIT_LIST_HEAD(&tmp->anon_vma_chain);
49638+ pol = mpol_dup(vma_policy(mpnt));
49639+ if (IS_ERR(pol))
49640+ goto fail_nomem_policy;
49641+ vma_set_policy(tmp, pol);
49642+ if (anon_vma_fork(tmp, mpnt))
49643+ goto fail_nomem_anon_vma_fork;
49644+ tmp->vm_flags &= ~VM_LOCKED;
49645+ tmp->vm_next = tmp->vm_prev = NULL;
49646+ tmp->vm_mirror = NULL;
49647+ file = tmp->vm_file;
49648+ if (file) {
49649+ struct inode *inode = file->f_path.dentry->d_inode;
49650+ struct address_space *mapping = file->f_mapping;
49651+
49652+ get_file(file);
49653+ if (tmp->vm_flags & VM_DENYWRITE)
49654+ atomic_dec(&inode->i_writecount);
49655+ spin_lock(&mapping->i_mmap_lock);
49656+ if (tmp->vm_flags & VM_SHARED)
49657+ mapping->i_mmap_writable++;
49658+ tmp->vm_truncate_count = mpnt->vm_truncate_count;
49659+ flush_dcache_mmap_lock(mapping);
49660+ /* insert tmp into the share list, just after mpnt */
49661+ vma_prio_tree_add(tmp, mpnt);
49662+ flush_dcache_mmap_unlock(mapping);
49663+ spin_unlock(&mapping->i_mmap_lock);
49664+ }
49665+
49666+ /*
49667+ * Clear hugetlb-related page reserves for children. This only
49668+ * affects MAP_PRIVATE mappings. Faults generated by the child
49669+ * are not guaranteed to succeed, even if read-only
49670+ */
49671+ if (is_vm_hugetlb_page(tmp))
49672+ reset_vma_resv_huge_pages(tmp);
49673+
49674+ return tmp;
49675+
49676+fail_nomem_anon_vma_fork:
49677+ mpol_put(pol);
49678+fail_nomem_policy:
49679+ kmem_cache_free(vm_area_cachep, tmp);
49680+fail_nomem:
49681+ vm_unacct_memory(charge);
49682+ return NULL;
49683+}
49684+
49685 static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
49686 {
49687 struct vm_area_struct *mpnt, *tmp, *prev, **pprev;
49688 struct rb_node **rb_link, *rb_parent;
49689 int retval;
49690- unsigned long charge;
49691- struct mempolicy *pol;
49692
49693 down_write(&oldmm->mmap_sem);
49694 flush_cache_dup_mm(oldmm);
49695@@ -320,8 +385,8 @@ static int dup_mmap(struct mm_struct *mm
49696 mm->locked_vm = 0;
49697 mm->mmap = NULL;
49698 mm->mmap_cache = NULL;
49699- mm->free_area_cache = oldmm->mmap_base;
49700- mm->cached_hole_size = ~0UL;
49701+ mm->free_area_cache = oldmm->free_area_cache;
49702+ mm->cached_hole_size = oldmm->cached_hole_size;
49703 mm->map_count = 0;
49704 cpumask_clear(mm_cpumask(mm));
49705 mm->mm_rb = RB_ROOT;
49706@@ -337,8 +402,6 @@ static int dup_mmap(struct mm_struct *mm
49707
49708 prev = NULL;
49709 for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
49710- struct file *file;
49711-
49712 if (mpnt->vm_flags & VM_DONTCOPY) {
49713 long pages = vma_pages(mpnt);
49714 mm->total_vm -= pages;
49715@@ -346,56 +409,13 @@ static int dup_mmap(struct mm_struct *mm
49716 -pages);
49717 continue;
49718 }
49719- charge = 0;
49720- if (mpnt->vm_flags & VM_ACCOUNT) {
49721- unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
49722- if (security_vm_enough_memory(len))
49723- goto fail_nomem;
49724- charge = len;
49725- }
49726- tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
49727- if (!tmp)
49728- goto fail_nomem;
49729- *tmp = *mpnt;
49730- INIT_LIST_HEAD(&tmp->anon_vma_chain);
49731- pol = mpol_dup(vma_policy(mpnt));
49732- retval = PTR_ERR(pol);
49733- if (IS_ERR(pol))
49734- goto fail_nomem_policy;
49735- vma_set_policy(tmp, pol);
49736- tmp->vm_mm = mm;
49737- if (anon_vma_fork(tmp, mpnt))
49738- goto fail_nomem_anon_vma_fork;
49739- tmp->vm_flags &= ~VM_LOCKED;
49740- tmp->vm_next = tmp->vm_prev = NULL;
49741- file = tmp->vm_file;
49742- if (file) {
49743- struct inode *inode = file->f_path.dentry->d_inode;
49744- struct address_space *mapping = file->f_mapping;
49745-
49746- get_file(file);
49747- if (tmp->vm_flags & VM_DENYWRITE)
49748- atomic_dec(&inode->i_writecount);
49749- spin_lock(&mapping->i_mmap_lock);
49750- if (tmp->vm_flags & VM_SHARED)
49751- mapping->i_mmap_writable++;
49752- tmp->vm_truncate_count = mpnt->vm_truncate_count;
49753- flush_dcache_mmap_lock(mapping);
49754- /* insert tmp into the share list, just after mpnt */
49755- vma_prio_tree_add(tmp, mpnt);
49756- flush_dcache_mmap_unlock(mapping);
49757- spin_unlock(&mapping->i_mmap_lock);
49758+ tmp = dup_vma(mm, mpnt);
49759+ if (!tmp) {
49760+ retval = -ENOMEM;
49761+ goto out;
49762 }
49763
49764 /*
49765- * Clear hugetlb-related page reserves for children. This only
49766- * affects MAP_PRIVATE mappings. Faults generated by the child
49767- * are not guaranteed to succeed, even if read-only
49768- */
49769- if (is_vm_hugetlb_page(tmp))
49770- reset_vma_resv_huge_pages(tmp);
49771-
49772- /*
49773 * Link in the new vma and copy the page table entries.
49774 */
49775 *pprev = tmp;
49776@@ -416,6 +436,31 @@ static int dup_mmap(struct mm_struct *mm
49777 if (retval)
49778 goto out;
49779 }
49780+
49781+#ifdef CONFIG_PAX_SEGMEXEC
49782+ if (oldmm->pax_flags & MF_PAX_SEGMEXEC) {
49783+ struct vm_area_struct *mpnt_m;
49784+
49785+ for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next, mpnt_m = mpnt_m->vm_next) {
49786+ BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm);
49787+
49788+ if (!mpnt->vm_mirror)
49789+ continue;
49790+
49791+ if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) {
49792+ BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt);
49793+ mpnt->vm_mirror = mpnt_m;
49794+ } else {
49795+ BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm);
49796+ mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror;
49797+ mpnt_m->vm_mirror->vm_mirror = mpnt_m;
49798+ mpnt->vm_mirror->vm_mirror = mpnt;
49799+ }
49800+ }
49801+ BUG_ON(mpnt_m);
49802+ }
49803+#endif
49804+
49805 /* a new mm has just been created */
49806 arch_dup_mmap(oldmm, mm);
49807 retval = 0;
49808@@ -424,14 +469,6 @@ out:
49809 flush_tlb_mm(oldmm);
49810 up_write(&oldmm->mmap_sem);
49811 return retval;
49812-fail_nomem_anon_vma_fork:
49813- mpol_put(pol);
49814-fail_nomem_policy:
49815- kmem_cache_free(vm_area_cachep, tmp);
49816-fail_nomem:
49817- retval = -ENOMEM;
49818- vm_unacct_memory(charge);
49819- goto out;
49820 }
49821
49822 static inline int mm_alloc_pgd(struct mm_struct * mm)
49823@@ -778,13 +815,14 @@ static int copy_fs(unsigned long clone_f
49824 spin_unlock(&fs->lock);
49825 return -EAGAIN;
49826 }
49827- fs->users++;
49828+ atomic_inc(&fs->users);
49829 spin_unlock(&fs->lock);
49830 return 0;
49831 }
49832 tsk->fs = copy_fs_struct(fs);
49833 if (!tsk->fs)
49834 return -ENOMEM;
49835+ gr_set_chroot_entries(tsk, &tsk->fs->root);
49836 return 0;
49837 }
49838
49839@@ -1042,10 +1080,13 @@ static struct task_struct *copy_process(
49840 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
49841 #endif
49842 retval = -EAGAIN;
49843+
49844+ gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0);
49845+
49846 if (atomic_read(&p->real_cred->user->processes) >=
49847 task_rlimit(p, RLIMIT_NPROC)) {
49848- if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
49849- p->real_cred->user != INIT_USER)
49850+ if (p->real_cred->user != INIT_USER &&
49851+ !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
49852 goto bad_fork_free;
49853 }
49854
49855@@ -1199,6 +1240,8 @@ static struct task_struct *copy_process(
49856 goto bad_fork_free_pid;
49857 }
49858
49859+ gr_copy_label(p);
49860+
49861 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
49862 /*
49863 * Clear TID on mm_release()?
49864@@ -1356,6 +1399,8 @@ bad_fork_cleanup_count:
49865 bad_fork_free:
49866 free_task(p);
49867 fork_out:
49868+ gr_log_forkfail(retval);
49869+
49870 return ERR_PTR(retval);
49871 }
49872
49873@@ -1444,6 +1489,8 @@ long do_fork(unsigned long clone_flags,
49874 if (clone_flags & CLONE_PARENT_SETTID)
49875 put_user(nr, parent_tidptr);
49876
49877+ gr_handle_brute_check();
49878+
49879 if (clone_flags & CLONE_VFORK) {
49880 p->vfork_done = &vfork;
49881 init_completion(&vfork);
49882@@ -1559,7 +1606,7 @@ static int unshare_fs(unsigned long unsh
49883 return 0;
49884
49885 /* don't need lock here; in the worst case we'll do useless copy */
49886- if (fs->users == 1)
49887+ if (atomic_read(&fs->users) == 1)
49888 return 0;
49889
49890 *new_fsp = copy_fs_struct(fs);
49891@@ -1682,7 +1729,8 @@ SYSCALL_DEFINE1(unshare, unsigned long,
49892 fs = current->fs;
49893 spin_lock(&fs->lock);
49894 current->fs = new_fs;
49895- if (--fs->users)
49896+ gr_set_chroot_entries(current, &current->fs->root);
49897+ if (atomic_dec_return(&fs->users))
49898 new_fs = NULL;
49899 else
49900 new_fs = fs;
49901diff -urNp linux-2.6.38.2/kernel/futex.c linux-2.6.38.2/kernel/futex.c
49902--- linux-2.6.38.2/kernel/futex.c 2011-03-14 21:20:32.000000000 -0400
49903+++ linux-2.6.38.2/kernel/futex.c 2011-03-21 18:31:35.000000000 -0400
49904@@ -54,6 +54,7 @@
49905 #include <linux/mount.h>
49906 #include <linux/pagemap.h>
49907 #include <linux/syscalls.h>
49908+#include <linux/ptrace.h>
49909 #include <linux/signal.h>
49910 #include <linux/module.h>
49911 #include <linux/magic.h>
49912@@ -236,6 +237,11 @@ get_futex_key(u32 __user *uaddr, int fsh
49913 struct page *page, *page_head;
49914 int err;
49915
49916+#ifdef CONFIG_PAX_SEGMEXEC
49917+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE)
49918+ return -EFAULT;
49919+#endif
49920+
49921 /*
49922 * The futex address must be "naturally" aligned.
49923 */
49924@@ -2404,7 +2410,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
49925 {
49926 struct robust_list_head __user *head;
49927 unsigned long ret;
49928+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
49929 const struct cred *cred = current_cred(), *pcred;
49930+#endif
49931
49932 if (!futex_cmpxchg_enabled)
49933 return -ENOSYS;
49934@@ -2420,11 +2428,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
49935 if (!p)
49936 goto err_unlock;
49937 ret = -EPERM;
49938+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
49939+ if (!ptrace_may_access(p, PTRACE_MODE_READ))
49940+ goto err_unlock;
49941+#else
49942 pcred = __task_cred(p);
49943 if (cred->euid != pcred->euid &&
49944 cred->euid != pcred->uid &&
49945 !capable(CAP_SYS_PTRACE))
49946 goto err_unlock;
49947+#endif
49948 head = p->robust_list;
49949 rcu_read_unlock();
49950 }
49951@@ -2667,6 +2680,7 @@ static int __init futex_init(void)
49952 {
49953 u32 curval;
49954 int i;
49955+ mm_segment_t oldfs;
49956
49957 /*
49958 * This will fail and we want it. Some arch implementations do
49959@@ -2678,7 +2692,10 @@ static int __init futex_init(void)
49960 * implementation, the non-functional ones will return
49961 * -ENOSYS.
49962 */
49963+ oldfs = get_fs();
49964+ set_fs(USER_DS);
49965 curval = cmpxchg_futex_value_locked(NULL, 0, 0);
49966+ set_fs(oldfs);
49967 if (curval == -EFAULT)
49968 futex_cmpxchg_enabled = 1;
49969
49970diff -urNp linux-2.6.38.2/kernel/futex_compat.c linux-2.6.38.2/kernel/futex_compat.c
49971--- linux-2.6.38.2/kernel/futex_compat.c 2011-03-14 21:20:32.000000000 -0400
49972+++ linux-2.6.38.2/kernel/futex_compat.c 2011-03-21 18:31:35.000000000 -0400
49973@@ -10,6 +10,7 @@
49974 #include <linux/compat.h>
49975 #include <linux/nsproxy.h>
49976 #include <linux/futex.h>
49977+#include <linux/ptrace.h>
49978
49979 #include <asm/uaccess.h>
49980
49981@@ -136,7 +137,10 @@ compat_sys_get_robust_list(int pid, comp
49982 {
49983 struct compat_robust_list_head __user *head;
49984 unsigned long ret;
49985- const struct cred *cred = current_cred(), *pcred;
49986+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
49987+ const struct cred *cred = current_cred();
49988+ const struct cred *pcred;
49989+#endif
49990
49991 if (!futex_cmpxchg_enabled)
49992 return -ENOSYS;
49993@@ -152,11 +156,16 @@ compat_sys_get_robust_list(int pid, comp
49994 if (!p)
49995 goto err_unlock;
49996 ret = -EPERM;
49997+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
49998+ if (!ptrace_may_access(p, PTRACE_MODE_READ))
49999+ goto err_unlock;
50000+#else
50001 pcred = __task_cred(p);
50002 if (cred->euid != pcred->euid &&
50003 cred->euid != pcred->uid &&
50004 !capable(CAP_SYS_PTRACE))
50005 goto err_unlock;
50006+#endif
50007 head = p->compat_robust_list;
50008 rcu_read_unlock();
50009 }
50010diff -urNp linux-2.6.38.2/kernel/gcov/base.c linux-2.6.38.2/kernel/gcov/base.c
50011--- linux-2.6.38.2/kernel/gcov/base.c 2011-03-14 21:20:32.000000000 -0400
50012+++ linux-2.6.38.2/kernel/gcov/base.c 2011-03-21 18:31:35.000000000 -0400
50013@@ -102,11 +102,6 @@ void gcov_enable_events(void)
50014 }
50015
50016 #ifdef CONFIG_MODULES
50017-static inline int within(void *addr, void *start, unsigned long size)
50018-{
50019- return ((addr >= start) && (addr < start + size));
50020-}
50021-
50022 /* Update list and generate events when modules are unloaded. */
50023 static int gcov_module_notifier(struct notifier_block *nb, unsigned long event,
50024 void *data)
50025@@ -121,7 +116,7 @@ static int gcov_module_notifier(struct n
50026 prev = NULL;
50027 /* Remove entries located in module from linked list. */
50028 for (info = gcov_info_head; info; info = info->next) {
50029- if (within(info, mod->module_core, mod->core_size)) {
50030+ if (within_module_core_rw((unsigned long)info, mod)) {
50031 if (prev)
50032 prev->next = info->next;
50033 else
50034diff -urNp linux-2.6.38.2/kernel/hrtimer.c linux-2.6.38.2/kernel/hrtimer.c
50035--- linux-2.6.38.2/kernel/hrtimer.c 2011-03-14 21:20:32.000000000 -0400
50036+++ linux-2.6.38.2/kernel/hrtimer.c 2011-03-21 18:31:35.000000000 -0400
50037@@ -1371,7 +1371,7 @@ void hrtimer_peek_ahead_timers(void)
50038 local_irq_restore(flags);
50039 }
50040
50041-static void run_hrtimer_softirq(struct softirq_action *h)
50042+static void run_hrtimer_softirq(void)
50043 {
50044 hrtimer_peek_ahead_timers();
50045 }
50046diff -urNp linux-2.6.38.2/kernel/jump_label.c linux-2.6.38.2/kernel/jump_label.c
50047--- linux-2.6.38.2/kernel/jump_label.c 2011-03-14 21:20:32.000000000 -0400
50048+++ linux-2.6.38.2/kernel/jump_label.c 2011-03-21 18:31:35.000000000 -0400
50049@@ -49,6 +49,17 @@ void jump_label_unlock(void)
50050 mutex_unlock(&jump_label_mutex);
50051 }
50052
50053+static void jump_label_swap(void *a, void *b, int size)
50054+{
50055+ struct jump_entry t;
50056+
50057+ t = *(struct jump_entry *)a;
50058+ pax_open_kernel();
50059+ *(struct jump_entry *)a = *(struct jump_entry *)b;
50060+ *(struct jump_entry *)b = t;
50061+ pax_close_kernel();
50062+}
50063+
50064 static int jump_label_cmp(const void *a, const void *b)
50065 {
50066 const struct jump_entry *jea = a;
50067@@ -70,7 +81,7 @@ sort_jump_label_entries(struct jump_entr
50068
50069 size = (((unsigned long)stop - (unsigned long)start)
50070 / sizeof(struct jump_entry));
50071- sort(start, size, sizeof(struct jump_entry), jump_label_cmp, NULL);
50072+ sort(start, size, sizeof(struct jump_entry), jump_label_cmp, jump_label_swap);
50073 }
50074
50075 static struct jump_label_entry *get_jump_label_entry(jump_label_t key)
50076@@ -407,8 +418,11 @@ static void remove_jump_label_module_ini
50077 count = e_module->nr_entries;
50078 iter = e_module->table;
50079 while (count--) {
50080- if (within_module_init(iter->code, mod))
50081+ if (within_module_init(iter->code, mod)) {
50082+ pax_open_kernel();
50083 iter->key = 0;
50084+ pax_close_kernel();
50085+ }
50086 iter++;
50087 }
50088 }
50089diff -urNp linux-2.6.38.2/kernel/kallsyms.c linux-2.6.38.2/kernel/kallsyms.c
50090--- linux-2.6.38.2/kernel/kallsyms.c 2011-03-14 21:20:32.000000000 -0400
50091+++ linux-2.6.38.2/kernel/kallsyms.c 2011-03-21 18:31:35.000000000 -0400
50092@@ -11,6 +11,9 @@
50093 * Changed the compression method from stem compression to "table lookup"
50094 * compression (see scripts/kallsyms.c for a more complete description)
50095 */
50096+#ifdef CONFIG_GRKERNSEC_HIDESYM
50097+#define __INCLUDED_BY_HIDESYM 1
50098+#endif
50099 #include <linux/kallsyms.h>
50100 #include <linux/module.h>
50101 #include <linux/init.h>
50102@@ -53,12 +56,33 @@ extern const unsigned long kallsyms_mark
50103
50104 static inline int is_kernel_inittext(unsigned long addr)
50105 {
50106+ if (system_state != SYSTEM_BOOTING)
50107+ return 0;
50108+
50109 if (addr >= (unsigned long)_sinittext
50110 && addr <= (unsigned long)_einittext)
50111 return 1;
50112 return 0;
50113 }
50114
50115+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50116+#ifdef CONFIG_MODULES
50117+static inline int is_module_text(unsigned long addr)
50118+{
50119+ if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr <= (unsigned long)MODULES_EXEC_END)
50120+ return 1;
50121+
50122+ addr = ktla_ktva(addr);
50123+ return (unsigned long)MODULES_EXEC_VADDR <= addr && addr <= (unsigned long)MODULES_EXEC_END;
50124+}
50125+#else
50126+static inline int is_module_text(unsigned long addr)
50127+{
50128+ return 0;
50129+}
50130+#endif
50131+#endif
50132+
50133 static inline int is_kernel_text(unsigned long addr)
50134 {
50135 if ((addr >= (unsigned long)_stext && addr <= (unsigned long)_etext) ||
50136@@ -69,13 +93,28 @@ static inline int is_kernel_text(unsigne
50137
50138 static inline int is_kernel(unsigned long addr)
50139 {
50140+
50141+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50142+ if (is_kernel_text(addr) || is_kernel_inittext(addr))
50143+ return 1;
50144+
50145+ if (ktla_ktva((unsigned long)_text) <= addr && addr < (unsigned long)_end)
50146+#else
50147 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
50148+#endif
50149+
50150 return 1;
50151 return in_gate_area_no_task(addr);
50152 }
50153
50154 static int is_ksym_addr(unsigned long addr)
50155 {
50156+
50157+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
50158+ if (is_module_text(addr))
50159+ return 0;
50160+#endif
50161+
50162 if (all_var)
50163 return is_kernel(addr);
50164
50165@@ -416,7 +455,6 @@ static unsigned long get_ksymbol_core(st
50166
50167 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
50168 {
50169- iter->name[0] = '\0';
50170 iter->nameoff = get_symbol_offset(new_pos);
50171 iter->pos = new_pos;
50172 }
50173@@ -464,6 +502,11 @@ static int s_show(struct seq_file *m, vo
50174 {
50175 struct kallsym_iter *iter = m->private;
50176
50177+#ifdef CONFIG_GRKERNSEC_HIDESYM
50178+ if (current_uid())
50179+ return 0;
50180+#endif
50181+
50182 /* Some debugging symbols have no name. Ignore them. */
50183 if (!iter->name[0])
50184 return 0;
50185@@ -504,7 +547,7 @@ static int kallsyms_open(struct inode *i
50186 struct kallsym_iter *iter;
50187 int ret;
50188
50189- iter = kmalloc(sizeof(*iter), GFP_KERNEL);
50190+ iter = kzalloc(sizeof(*iter), GFP_KERNEL);
50191 if (!iter)
50192 return -ENOMEM;
50193 reset_iter(iter, 0);
50194diff -urNp linux-2.6.38.2/kernel/kmod.c linux-2.6.38.2/kernel/kmod.c
50195--- linux-2.6.38.2/kernel/kmod.c 2011-03-14 21:20:32.000000000 -0400
50196+++ linux-2.6.38.2/kernel/kmod.c 2011-03-26 13:28:34.000000000 -0400
50197@@ -90,6 +90,18 @@ int __request_module(bool wait, const ch
50198 if (ret)
50199 return ret;
50200
50201+#ifdef CONFIG_GRKERNSEC_MODHARDEN
50202+ /* we could do a tighter check here, but some distros
50203+ are taking it upon themselves to remove CAP_SYS_MODULE
50204+ from even root-running apps which cause modules to be
50205+ auto-loaded
50206+ */
50207+ if (current_uid()) {
50208+ gr_log_nonroot_mod_load(module_name);
50209+ return -EPERM;
50210+ }
50211+#endif
50212+
50213 /* If modprobe needs a service that is in a module, we get a recursive
50214 * loop. Limit the number of running kmod threads to max_threads/2 or
50215 * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
50216diff -urNp linux-2.6.38.2/kernel/kprobes.c linux-2.6.38.2/kernel/kprobes.c
50217--- linux-2.6.38.2/kernel/kprobes.c 2011-03-14 21:20:32.000000000 -0400
50218+++ linux-2.6.38.2/kernel/kprobes.c 2011-03-21 18:31:35.000000000 -0400
50219@@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_
50220 * kernel image and loaded module images reside. This is required
50221 * so x86_64 can correctly handle the %rip-relative fixups.
50222 */
50223- kip->insns = module_alloc(PAGE_SIZE);
50224+ kip->insns = module_alloc_exec(PAGE_SIZE);
50225 if (!kip->insns) {
50226 kfree(kip);
50227 return NULL;
50228@@ -225,7 +225,7 @@ static int __kprobes collect_one_slot(st
50229 */
50230 if (!list_is_singular(&kip->list)) {
50231 list_del(&kip->list);
50232- module_free(NULL, kip->insns);
50233+ module_free_exec(NULL, kip->insns);
50234 kfree(kip);
50235 }
50236 return 1;
50237@@ -1936,7 +1936,7 @@ static int __init init_kprobes(void)
50238 {
50239 int i, err = 0;
50240 unsigned long offset = 0, size = 0;
50241- char *modname, namebuf[128];
50242+ char *modname, namebuf[KSYM_NAME_LEN];
50243 const char *symbol_name;
50244 void *addr;
50245 struct kprobe_blackpoint *kb;
50246@@ -2062,7 +2062,7 @@ static int __kprobes show_kprobe_addr(st
50247 const char *sym = NULL;
50248 unsigned int i = *(loff_t *) v;
50249 unsigned long offset = 0;
50250- char *modname, namebuf[128];
50251+ char *modname, namebuf[KSYM_NAME_LEN];
50252
50253 head = &kprobe_table[i];
50254 preempt_disable();
50255diff -urNp linux-2.6.38.2/kernel/lockdep.c linux-2.6.38.2/kernel/lockdep.c
50256--- linux-2.6.38.2/kernel/lockdep.c 2011-03-14 21:20:32.000000000 -0400
50257+++ linux-2.6.38.2/kernel/lockdep.c 2011-03-21 18:31:35.000000000 -0400
50258@@ -571,6 +571,10 @@ static int static_obj(void *obj)
50259 end = (unsigned long) &_end,
50260 addr = (unsigned long) obj;
50261
50262+#ifdef CONFIG_PAX_KERNEXEC
50263+ start = ktla_ktva(start);
50264+#endif
50265+
50266 /*
50267 * static variable?
50268 */
50269@@ -706,6 +710,7 @@ register_lock_class(struct lockdep_map *
50270 if (!static_obj(lock->key)) {
50271 debug_locks_off();
50272 printk("INFO: trying to register non-static key.\n");
50273+ printk("lock:%pS key:%pS.\n", lock, lock->key);
50274 printk("the code is fine but needs lockdep annotation.\n");
50275 printk("turning off the locking correctness validator.\n");
50276 dump_stack();
50277@@ -2752,7 +2757,7 @@ static int __lock_acquire(struct lockdep
50278 if (!class)
50279 return 0;
50280 }
50281- atomic_inc((atomic_t *)&class->ops);
50282+ atomic_inc_unchecked((atomic_unchecked_t *)&class->ops);
50283 if (very_verbose(class)) {
50284 printk("\nacquire class [%p] %s", class->key, class->name);
50285 if (class->name_version > 1)
50286diff -urNp linux-2.6.38.2/kernel/lockdep_proc.c linux-2.6.38.2/kernel/lockdep_proc.c
50287--- linux-2.6.38.2/kernel/lockdep_proc.c 2011-03-14 21:20:32.000000000 -0400
50288+++ linux-2.6.38.2/kernel/lockdep_proc.c 2011-03-21 18:31:35.000000000 -0400
50289@@ -39,7 +39,7 @@ static void l_stop(struct seq_file *m, v
50290
50291 static void print_name(struct seq_file *m, struct lock_class *class)
50292 {
50293- char str[128];
50294+ char str[KSYM_NAME_LEN];
50295 const char *name = class->name;
50296
50297 if (!name) {
50298diff -urNp linux-2.6.38.2/kernel/module.c linux-2.6.38.2/kernel/module.c
50299--- linux-2.6.38.2/kernel/module.c 2011-03-14 21:20:32.000000000 -0400
50300+++ linux-2.6.38.2/kernel/module.c 2011-03-21 18:31:35.000000000 -0400
50301@@ -118,7 +118,8 @@ static BLOCKING_NOTIFIER_HEAD(module_not
50302
50303 /* Bounds of module allocation, for speeding __module_address.
50304 * Protected by module_mutex. */
50305-static unsigned long module_addr_min = -1UL, module_addr_max = 0;
50306+static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0;
50307+static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0;
50308
50309 int register_module_notifier(struct notifier_block * nb)
50310 {
50311@@ -282,7 +283,7 @@ bool each_symbol(bool (*fn)(const struct
50312 return true;
50313
50314 list_for_each_entry_rcu(mod, &modules, list) {
50315- struct symsearch arr[] = {
50316+ struct symsearch modarr[] = {
50317 { mod->syms, mod->syms + mod->num_syms, mod->crcs,
50318 NOT_GPL_ONLY, false },
50319 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
50320@@ -304,7 +305,7 @@ bool each_symbol(bool (*fn)(const struct
50321 #endif
50322 };
50323
50324- if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
50325+ if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
50326 return true;
50327 }
50328 return false;
50329@@ -415,7 +416,7 @@ static inline void __percpu *mod_percpu(
50330 static int percpu_modalloc(struct module *mod,
50331 unsigned long size, unsigned long align)
50332 {
50333- if (align > PAGE_SIZE) {
50334+ if (align-1 >= PAGE_SIZE) {
50335 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
50336 mod->name, align, PAGE_SIZE);
50337 align = PAGE_SIZE;
50338@@ -1143,7 +1144,7 @@ resolve_symbol_wait(struct module *mod,
50339 */
50340 #ifdef CONFIG_SYSFS
50341
50342-#ifdef CONFIG_KALLSYMS
50343+#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
50344 static inline bool sect_empty(const Elf_Shdr *sect)
50345 {
50346 return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
50347@@ -1612,17 +1613,17 @@ void unset_section_ro_nx(struct module *
50348 {
50349 unsigned long total_pages;
50350
50351- if (mod->module_core == module_region) {
50352+ if (mod->module_core_rx == module_region) {
50353 /* Set core as NX+RW */
50354- total_pages = MOD_NUMBER_OF_PAGES(mod->module_core, mod->core_size);
50355- set_memory_nx((unsigned long)mod->module_core, total_pages);
50356- set_memory_rw((unsigned long)mod->module_core, total_pages);
50357+ total_pages = MOD_NUMBER_OF_PAGES(mod->module_core_rx, mod->core_size_rx);
50358+ set_memory_nx((unsigned long)mod->module_core_rx, total_pages);
50359+ set_memory_rw((unsigned long)mod->module_core_rx, total_pages);
50360
50361- } else if (mod->module_init == module_region) {
50362+ } else if (mod->module_init_rx == module_region) {
50363 /* Set init as NX+RW */
50364- total_pages = MOD_NUMBER_OF_PAGES(mod->module_init, mod->init_size);
50365- set_memory_nx((unsigned long)mod->module_init, total_pages);
50366- set_memory_rw((unsigned long)mod->module_init, total_pages);
50367+ total_pages = MOD_NUMBER_OF_PAGES(mod->module_init_rx, mod->init_size_rx);
50368+ set_memory_nx((unsigned long)mod->module_init_rx, total_pages);
50369+ set_memory_rw((unsigned long)mod->module_init_rx, total_pages);
50370 }
50371 }
50372
50373@@ -1633,14 +1634,14 @@ void set_all_modules_text_rw()
50374
50375 mutex_lock(&module_mutex);
50376 list_for_each_entry_rcu(mod, &modules, list) {
50377- if ((mod->module_core) && (mod->core_text_size)) {
50378- set_page_attributes(mod->module_core,
50379- mod->module_core + mod->core_text_size,
50380+ if ((mod->module_core_rx) && (mod->core_size_rx)) {
50381+ set_page_attributes(mod->module_core_rx,
50382+ mod->module_core_rx + mod->core_size_rx,
50383 set_memory_rw);
50384 }
50385- if ((mod->module_init) && (mod->init_text_size)) {
50386- set_page_attributes(mod->module_init,
50387- mod->module_init + mod->init_text_size,
50388+ if ((mod->module_init_rx) && (mod->init_size_rx)) {
50389+ set_page_attributes(mod->module_init_rx,
50390+ mod->module_init_rx + mod->init_size_rx,
50391 set_memory_rw);
50392 }
50393 }
50394@@ -1654,14 +1655,14 @@ void set_all_modules_text_ro()
50395
50396 mutex_lock(&module_mutex);
50397 list_for_each_entry_rcu(mod, &modules, list) {
50398- if ((mod->module_core) && (mod->core_text_size)) {
50399- set_page_attributes(mod->module_core,
50400- mod->module_core + mod->core_text_size,
50401+ if ((mod->module_core_rx) && (mod->core_size_rx)) {
50402+ set_page_attributes(mod->module_core_rx,
50403+ mod->module_core_rx + mod->core_size_rx,
50404 set_memory_ro);
50405 }
50406- if ((mod->module_init) && (mod->init_text_size)) {
50407- set_page_attributes(mod->module_init,
50408- mod->module_init + mod->init_text_size,
50409+ if ((mod->module_init_rx) && (mod->init_size_rx)) {
50410+ set_page_attributes(mod->module_init_rx,
50411+ mod->module_init_rx + mod->init_size_rx,
50412 set_memory_ro);
50413 }
50414 }
50415@@ -1696,17 +1697,20 @@ static void free_module(struct module *m
50416 destroy_params(mod->kp, mod->num_kp);
50417
50418 /* This may be NULL, but that's OK */
50419- unset_section_ro_nx(mod, mod->module_init);
50420- module_free(mod, mod->module_init);
50421+ unset_section_ro_nx(mod, mod->module_init_rx);
50422+ module_free(mod, mod->module_init_rw);
50423+ module_free_exec(mod, mod->module_init_rx);
50424 kfree(mod->args);
50425 percpu_modfree(mod);
50426
50427 /* Free lock-classes: */
50428- lockdep_free_key_range(mod->module_core, mod->core_size);
50429+ lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx);
50430+ lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw);
50431
50432 /* Finally, free the core (containing the module structure) */
50433- unset_section_ro_nx(mod, mod->module_core);
50434- module_free(mod, mod->module_core);
50435+ unset_section_ro_nx(mod, mod->module_core_rx);
50436+ module_free_exec(mod, mod->module_core_rx);
50437+ module_free(mod, mod->module_core_rw);
50438
50439 #ifdef CONFIG_MPU
50440 update_protections(current->mm);
50441@@ -1799,7 +1803,9 @@ static int simplify_symbols(struct modul
50442 ksym = resolve_symbol_wait(mod, info, name);
50443 /* Ok if resolved. */
50444 if (ksym && !IS_ERR(ksym)) {
50445+ pax_open_kernel();
50446 sym[i].st_value = ksym->value;
50447+ pax_close_kernel();
50448 break;
50449 }
50450
50451@@ -1818,7 +1824,9 @@ static int simplify_symbols(struct modul
50452 secbase = (unsigned long)mod_percpu(mod);
50453 else
50454 secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
50455+ pax_open_kernel();
50456 sym[i].st_value += secbase;
50457+ pax_close_kernel();
50458 break;
50459 }
50460 }
50461@@ -1906,22 +1914,12 @@ static void layout_sections(struct modul
50462 || s->sh_entsize != ~0UL
50463 || strstarts(sname, ".init"))
50464 continue;
50465- s->sh_entsize = get_offset(mod, &mod->core_size, s, i);
50466+ if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
50467+ s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
50468+ else
50469+ s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
50470 DEBUGP("\t%s\n", name);
50471 }
50472- switch (m) {
50473- case 0: /* executable */
50474- mod->core_size = debug_align(mod->core_size);
50475- mod->core_text_size = mod->core_size;
50476- break;
50477- case 1: /* RO: text and ro-data */
50478- mod->core_size = debug_align(mod->core_size);
50479- mod->core_ro_size = mod->core_size;
50480- break;
50481- case 3: /* whole core */
50482- mod->core_size = debug_align(mod->core_size);
50483- break;
50484- }
50485 }
50486
50487 DEBUGP("Init section allocation order:\n");
50488@@ -1935,23 +1933,13 @@ static void layout_sections(struct modul
50489 || s->sh_entsize != ~0UL
50490 || !strstarts(sname, ".init"))
50491 continue;
50492- s->sh_entsize = (get_offset(mod, &mod->init_size, s, i)
50493- | INIT_OFFSET_MASK);
50494+ if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
50495+ s->sh_entsize = get_offset(mod, &mod->init_size_rw, s, i);
50496+ else
50497+ s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
50498+ s->sh_entsize |= INIT_OFFSET_MASK;
50499 DEBUGP("\t%s\n", sname);
50500 }
50501- switch (m) {
50502- case 0: /* executable */
50503- mod->init_size = debug_align(mod->init_size);
50504- mod->init_text_size = mod->init_size;
50505- break;
50506- case 1: /* RO: text and ro-data */
50507- mod->init_size = debug_align(mod->init_size);
50508- mod->init_ro_size = mod->init_size;
50509- break;
50510- case 3: /* whole init */
50511- mod->init_size = debug_align(mod->init_size);
50512- break;
50513- }
50514 }
50515 }
50516
50517@@ -2119,7 +2107,7 @@ static void layout_symtab(struct module
50518
50519 /* Put symbol section at end of init part of module. */
50520 symsect->sh_flags |= SHF_ALLOC;
50521- symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,
50522+ symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect,
50523 info->index.sym) | INIT_OFFSET_MASK;
50524 DEBUGP("\t%s\n", info->secstrings + symsect->sh_name);
50525
50526@@ -2136,19 +2124,19 @@ static void layout_symtab(struct module
50527 }
50528
50529 /* Append room for core symbols at end of core part. */
50530- info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
50531- mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
50532+ info->symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1);
50533+ mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym);
50534
50535 /* Put string table section at end of init part of module. */
50536 strsect->sh_flags |= SHF_ALLOC;
50537- strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
50538+ strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect,
50539 info->index.str) | INIT_OFFSET_MASK;
50540 DEBUGP("\t%s\n", info->secstrings + strsect->sh_name);
50541
50542 /* Append room for core symbols' strings at end of core part. */
50543- info->stroffs = mod->core_size;
50544+ info->stroffs = mod->core_size_rx;
50545 __set_bit(0, info->strmap);
50546- mod->core_size += bitmap_weight(info->strmap, strsect->sh_size);
50547+ mod->core_size_rx += bitmap_weight(info->strmap, strsect->sh_size);
50548 }
50549
50550 static void add_kallsyms(struct module *mod, const struct load_info *info)
50551@@ -2164,11 +2152,13 @@ static void add_kallsyms(struct module *
50552 /* Make sure we get permanent strtab: don't use info->strtab. */
50553 mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
50554
50555+ pax_open_kernel();
50556+
50557 /* Set types up while we still have access to sections. */
50558 for (i = 0; i < mod->num_symtab; i++)
50559 mod->symtab[i].st_info = elf_type(&mod->symtab[i], info);
50560
50561- mod->core_symtab = dst = mod->module_core + info->symoffs;
50562+ mod->core_symtab = dst = mod->module_core_rx + info->symoffs;
50563 src = mod->symtab;
50564 *dst = *src;
50565 for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
50566@@ -2181,10 +2171,12 @@ static void add_kallsyms(struct module *
50567 }
50568 mod->core_num_syms = ndst;
50569
50570- mod->core_strtab = s = mod->module_core + info->stroffs;
50571+ mod->core_strtab = s = mod->module_core_rx + info->stroffs;
50572 for (*s = 0, i = 1; i < info->sechdrs[info->index.str].sh_size; ++i)
50573 if (test_bit(i, info->strmap))
50574 *++s = mod->strtab[i];
50575+
50576+ pax_close_kernel();
50577 }
50578 #else
50579 static inline void layout_symtab(struct module *mod, struct load_info *info)
50580@@ -2213,17 +2205,33 @@ static void dynamic_debug_remove(struct
50581 ddebug_remove_module(debug->modname);
50582 }
50583
50584-static void *module_alloc_update_bounds(unsigned long size)
50585+static void *module_alloc_update_bounds_rw(unsigned long size)
50586 {
50587 void *ret = module_alloc(size);
50588
50589 if (ret) {
50590 mutex_lock(&module_mutex);
50591 /* Update module bounds. */
50592- if ((unsigned long)ret < module_addr_min)
50593- module_addr_min = (unsigned long)ret;
50594- if ((unsigned long)ret + size > module_addr_max)
50595- module_addr_max = (unsigned long)ret + size;
50596+ if ((unsigned long)ret < module_addr_min_rw)
50597+ module_addr_min_rw = (unsigned long)ret;
50598+ if ((unsigned long)ret + size > module_addr_max_rw)
50599+ module_addr_max_rw = (unsigned long)ret + size;
50600+ mutex_unlock(&module_mutex);
50601+ }
50602+ return ret;
50603+}
50604+
50605+static void *module_alloc_update_bounds_rx(unsigned long size)
50606+{
50607+ void *ret = module_alloc_exec(size);
50608+
50609+ if (ret) {
50610+ mutex_lock(&module_mutex);
50611+ /* Update module bounds. */
50612+ if ((unsigned long)ret < module_addr_min_rx)
50613+ module_addr_min_rx = (unsigned long)ret;
50614+ if ((unsigned long)ret + size > module_addr_max_rx)
50615+ module_addr_max_rx = (unsigned long)ret + size;
50616 mutex_unlock(&module_mutex);
50617 }
50618 return ret;
50619@@ -2516,7 +2524,7 @@ static int move_module(struct module *mo
50620 void *ptr;
50621
50622 /* Do the allocs. */
50623- ptr = module_alloc_update_bounds(mod->core_size);
50624+ ptr = module_alloc_update_bounds_rw(mod->core_size_rw);
50625 /*
50626 * The pointer to this block is stored in the module structure
50627 * which is inside the block. Just mark it as not being a
50628@@ -2526,23 +2534,50 @@ static int move_module(struct module *mo
50629 if (!ptr)
50630 return -ENOMEM;
50631
50632- memset(ptr, 0, mod->core_size);
50633- mod->module_core = ptr;
50634+ memset(ptr, 0, mod->core_size_rw);
50635+ mod->module_core_rw = ptr;
50636
50637- ptr = module_alloc_update_bounds(mod->init_size);
50638+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
50639 /*
50640 * The pointer to this block is stored in the module structure
50641 * which is inside the block. This block doesn't need to be
50642 * scanned as it contains data and code that will be freed
50643 * after the module is initialized.
50644 */
50645- kmemleak_ignore(ptr);
50646- if (!ptr && mod->init_size) {
50647- module_free(mod, mod->module_core);
50648+ kmemleak_not_leak(ptr);
50649+ if (!ptr && mod->init_size_rw) {
50650+ module_free(mod, mod->module_core_rw);
50651 return -ENOMEM;
50652 }
50653- memset(ptr, 0, mod->init_size);
50654- mod->module_init = ptr;
50655+ memset(ptr, 0, mod->init_size_rw);
50656+ mod->module_init_rw = ptr;
50657+
50658+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
50659+ kmemleak_not_leak(ptr);
50660+ if (!ptr) {
50661+ module_free(mod, mod->module_init_rw);
50662+ module_free(mod, mod->module_core_rw);
50663+ return -ENOMEM;
50664+ }
50665+
50666+ pax_open_kernel();
50667+ memset(ptr, 0, mod->core_size_rx);
50668+ pax_close_kernel();
50669+ mod->module_core_rx = ptr;
50670+
50671+ ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
50672+ kmemleak_not_leak(ptr);
50673+ if (!ptr && mod->init_size_rx) {
50674+ module_free_exec(mod, mod->module_core_rx);
50675+ module_free(mod, mod->module_init_rw);
50676+ module_free(mod, mod->module_core_rw);
50677+ return -ENOMEM;
50678+ }
50679+
50680+ pax_open_kernel();
50681+ memset(ptr, 0, mod->init_size_rx);
50682+ pax_close_kernel();
50683+ mod->module_init_rx = ptr;
50684
50685 /* Transfer each section which specifies SHF_ALLOC */
50686 DEBUGP("final section addresses:\n");
50687@@ -2553,16 +2588,45 @@ static int move_module(struct module *mo
50688 if (!(shdr->sh_flags & SHF_ALLOC))
50689 continue;
50690
50691- if (shdr->sh_entsize & INIT_OFFSET_MASK)
50692- dest = mod->module_init
50693- + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
50694- else
50695- dest = mod->module_core + shdr->sh_entsize;
50696+ if (shdr->sh_entsize & INIT_OFFSET_MASK) {
50697+ if ((shdr->sh_flags & SHF_WRITE) || !(shdr->sh_flags & SHF_ALLOC))
50698+ dest = mod->module_init_rw
50699+ + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
50700+ else
50701+ dest = mod->module_init_rx
50702+ + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
50703+ } else {
50704+ if ((shdr->sh_flags & SHF_WRITE) || !(shdr->sh_flags & SHF_ALLOC))
50705+ dest = mod->module_core_rw + shdr->sh_entsize;
50706+ else
50707+ dest = mod->module_core_rx + shdr->sh_entsize;
50708+ }
50709+
50710+ if (shdr->sh_type != SHT_NOBITS) {
50711+
50712+#ifdef CONFIG_PAX_KERNEXEC
50713+#ifdef CONFIG_X86_64
50714+ if ((shdr->sh_flags & SHF_WRITE) && (shdr->sh_flags & SHF_EXECINSTR))
50715+ set_memory_x((unsigned long)dest, (shdr->sh_size + PAGE_SIZE) >> PAGE_SHIFT);
50716+#endif
50717+ if (!(shdr->sh_flags & SHF_WRITE) && (shdr->sh_flags & SHF_ALLOC)) {
50718+ pax_open_kernel();
50719+ memcpy(dest, (void *)shdr->sh_addr, shdr->sh_size);
50720+ pax_close_kernel();
50721+ } else
50722+#endif
50723
50724- if (shdr->sh_type != SHT_NOBITS)
50725 memcpy(dest, (void *)shdr->sh_addr, shdr->sh_size);
50726+ }
50727 /* Update sh_addr to point to copy in image. */
50728- shdr->sh_addr = (unsigned long)dest;
50729+
50730+#ifdef CONFIG_PAX_KERNEXEC
50731+ if (shdr->sh_flags & SHF_EXECINSTR)
50732+ shdr->sh_addr = ktva_ktla((unsigned long)dest);
50733+ else
50734+#endif
50735+
50736+ shdr->sh_addr = (unsigned long)dest;
50737 DEBUGP("\t0x%lx %s\n",
50738 shdr->sh_addr, info->secstrings + shdr->sh_name);
50739 }
50740@@ -2613,12 +2677,12 @@ static void flush_module_icache(const st
50741 * Do it before processing of module parameters, so the module
50742 * can provide parameter accessor functions of its own.
50743 */
50744- if (mod->module_init)
50745- flush_icache_range((unsigned long)mod->module_init,
50746- (unsigned long)mod->module_init
50747- + mod->init_size);
50748- flush_icache_range((unsigned long)mod->module_core,
50749- (unsigned long)mod->module_core + mod->core_size);
50750+ if (mod->module_init_rx)
50751+ flush_icache_range((unsigned long)mod->module_init_rx,
50752+ (unsigned long)mod->module_init_rx
50753+ + mod->init_size_rx);
50754+ flush_icache_range((unsigned long)mod->module_core_rx,
50755+ (unsigned long)mod->module_core_rx + mod->core_size_rx);
50756
50757 set_fs(old_fs);
50758 }
50759@@ -2690,8 +2754,10 @@ static void module_deallocate(struct mod
50760 {
50761 kfree(info->strmap);
50762 percpu_modfree(mod);
50763- module_free(mod, mod->module_init);
50764- module_free(mod, mod->module_core);
50765+ module_free_exec(mod, mod->module_init_rx);
50766+ module_free_exec(mod, mod->module_core_rx);
50767+ module_free(mod, mod->module_init_rw);
50768+ module_free(mod, mod->module_core_rw);
50769 }
50770
50771 static int post_relocation(struct module *mod, const struct load_info *info)
50772@@ -2877,16 +2943,16 @@ SYSCALL_DEFINE3(init_module, void __user
50773 MODULE_STATE_COMING, mod);
50774
50775 /* Set RO and NX regions for core */
50776- set_section_ro_nx(mod->module_core,
50777- mod->core_text_size,
50778- mod->core_ro_size,
50779- mod->core_size);
50780+ set_section_ro_nx(mod->module_core_rx,
50781+ mod->core_size_rx,
50782+ mod->core_size_rx,
50783+ mod->core_size_rx);
50784
50785 /* Set RO and NX regions for init */
50786- set_section_ro_nx(mod->module_init,
50787- mod->init_text_size,
50788- mod->init_ro_size,
50789- mod->init_size);
50790+ set_section_ro_nx(mod->module_init_rx,
50791+ mod->init_size_rx,
50792+ mod->init_size_rx,
50793+ mod->init_size_rx);
50794
50795 do_mod_ctors(mod);
50796 /* Start the module */
50797@@ -2931,11 +2997,13 @@ SYSCALL_DEFINE3(init_module, void __user
50798 mod->symtab = mod->core_symtab;
50799 mod->strtab = mod->core_strtab;
50800 #endif
50801- unset_section_ro_nx(mod, mod->module_init);
50802- module_free(mod, mod->module_init);
50803- mod->module_init = NULL;
50804- mod->init_size = 0;
50805- mod->init_text_size = 0;
50806+ unset_section_ro_nx(mod, mod->module_init_rx);
50807+ module_free(mod, mod->module_init_rw);
50808+ module_free_exec(mod, mod->module_init_rx);
50809+ mod->module_init_rw = NULL;
50810+ mod->module_init_rx = NULL;
50811+ mod->init_size_rw = 0;
50812+ mod->init_size_rx = 0;
50813 mutex_unlock(&module_mutex);
50814
50815 return 0;
50816@@ -2966,10 +3034,16 @@ static const char *get_ksymbol(struct mo
50817 unsigned long nextval;
50818
50819 /* At worse, next value is at end of module */
50820- if (within_module_init(addr, mod))
50821- nextval = (unsigned long)mod->module_init+mod->init_text_size;
50822+ if (within_module_init_rx(addr, mod))
50823+ nextval = (unsigned long)mod->module_init_rx+mod->init_size_rx;
50824+ else if (within_module_init_rw(addr, mod))
50825+ nextval = (unsigned long)mod->module_init_rw+mod->init_size_rw;
50826+ else if (within_module_core_rx(addr, mod))
50827+ nextval = (unsigned long)mod->module_core_rx+mod->core_size_rx;
50828+ else if (within_module_core_rw(addr, mod))
50829+ nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw;
50830 else
50831- nextval = (unsigned long)mod->module_core+mod->core_text_size;
50832+ return NULL;
50833
50834 /* Scan for closest preceeding symbol, and next symbol. (ELF
50835 starts real symbols at 1). */
50836@@ -3215,7 +3289,7 @@ static int m_show(struct seq_file *m, vo
50837 char buf[8];
50838
50839 seq_printf(m, "%s %u",
50840- mod->name, mod->init_size + mod->core_size);
50841+ mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw);
50842 print_unload_info(m, mod);
50843
50844 /* Informative for users. */
50845@@ -3224,7 +3298,7 @@ static int m_show(struct seq_file *m, vo
50846 mod->state == MODULE_STATE_COMING ? "Loading":
50847 "Live");
50848 /* Used by oprofile and other similar tools. */
50849- seq_printf(m, " 0x%p", mod->module_core);
50850+ seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw);
50851
50852 /* Taints info */
50853 if (mod->taints)
50854@@ -3260,7 +3334,17 @@ static const struct file_operations proc
50855
50856 static int __init proc_modules_init(void)
50857 {
50858+#ifndef CONFIG_GRKERNSEC_HIDESYM
50859+#ifdef CONFIG_GRKERNSEC_PROC_USER
50860+ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
50861+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
50862+ proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
50863+#else
50864 proc_create("modules", 0, NULL, &proc_modules_operations);
50865+#endif
50866+#else
50867+ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
50868+#endif
50869 return 0;
50870 }
50871 module_init(proc_modules_init);
50872@@ -3319,12 +3403,12 @@ struct module *__module_address(unsigned
50873 {
50874 struct module *mod;
50875
50876- if (addr < module_addr_min || addr > module_addr_max)
50877+ if ((addr < module_addr_min_rx || addr > module_addr_max_rx) &&
50878+ (addr < module_addr_min_rw || addr > module_addr_max_rw))
50879 return NULL;
50880
50881 list_for_each_entry_rcu(mod, &modules, list)
50882- if (within_module_core(addr, mod)
50883- || within_module_init(addr, mod))
50884+ if (within_module_init(addr, mod) || within_module_core(addr, mod))
50885 return mod;
50886 return NULL;
50887 }
50888@@ -3358,11 +3442,20 @@ bool is_module_text_address(unsigned lon
50889 */
50890 struct module *__module_text_address(unsigned long addr)
50891 {
50892- struct module *mod = __module_address(addr);
50893+ struct module *mod;
50894+
50895+#ifdef CONFIG_X86_32
50896+ addr = ktla_ktva(addr);
50897+#endif
50898+
50899+ if (addr < module_addr_min_rx || addr > module_addr_max_rx)
50900+ return NULL;
50901+
50902+ mod = __module_address(addr);
50903+
50904 if (mod) {
50905 /* Make sure it's within the text section. */
50906- if (!within(addr, mod->module_init, mod->init_text_size)
50907- && !within(addr, mod->module_core, mod->core_text_size))
50908+ if (!within_module_init_rx(addr, mod) && !within_module_core_rx(addr, mod))
50909 mod = NULL;
50910 }
50911 return mod;
50912diff -urNp linux-2.6.38.2/kernel/panic.c linux-2.6.38.2/kernel/panic.c
50913--- linux-2.6.38.2/kernel/panic.c 2011-03-14 21:20:32.000000000 -0400
50914+++ linux-2.6.38.2/kernel/panic.c 2011-03-21 18:31:35.000000000 -0400
50915@@ -369,7 +369,7 @@ static void warn_slowpath_common(const c
50916 const char *board;
50917
50918 printk(KERN_WARNING "------------[ cut here ]------------\n");
50919- printk(KERN_WARNING "WARNING: at %s:%d %pS()\n", file, line, caller);
50920+ printk(KERN_WARNING "WARNING: at %s:%d %pA()\n", file, line, caller);
50921 board = dmi_get_system_info(DMI_PRODUCT_NAME);
50922 if (board)
50923 printk(KERN_WARNING "Hardware name: %s\n", board);
50924@@ -424,7 +424,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
50925 */
50926 void __stack_chk_fail(void)
50927 {
50928- panic("stack-protector: Kernel stack is corrupted in: %p\n",
50929+ dump_stack();
50930+ panic("stack-protector: Kernel stack is corrupted in: %pA\n",
50931 __builtin_return_address(0));
50932 }
50933 EXPORT_SYMBOL(__stack_chk_fail);
50934diff -urNp linux-2.6.38.2/kernel/pid.c linux-2.6.38.2/kernel/pid.c
50935--- linux-2.6.38.2/kernel/pid.c 2011-03-14 21:20:32.000000000 -0400
50936+++ linux-2.6.38.2/kernel/pid.c 2011-03-21 18:31:35.000000000 -0400
50937@@ -33,6 +33,7 @@
50938 #include <linux/rculist.h>
50939 #include <linux/bootmem.h>
50940 #include <linux/hash.h>
50941+#include <linux/security.h>
50942 #include <linux/pid_namespace.h>
50943 #include <linux/init_task.h>
50944 #include <linux/syscalls.h>
50945@@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT
50946
50947 int pid_max = PID_MAX_DEFAULT;
50948
50949-#define RESERVED_PIDS 300
50950+#define RESERVED_PIDS 500
50951
50952 int pid_max_min = RESERVED_PIDS + 1;
50953 int pid_max_max = PID_MAX_LIMIT;
50954@@ -416,8 +417,15 @@ EXPORT_SYMBOL(pid_task);
50955 */
50956 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
50957 {
50958+ struct task_struct *task;
50959+
50960 rcu_lockdep_assert(rcu_read_lock_held());
50961- return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
50962+ task = pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
50963+
50964+ if (gr_pid_is_chrooted(task))
50965+ return NULL;
50966+
50967+ return task;
50968 }
50969
50970 struct task_struct *find_task_by_vpid(pid_t vnr)
50971diff -urNp linux-2.6.38.2/kernel/posix-cpu-timers.c linux-2.6.38.2/kernel/posix-cpu-timers.c
50972--- linux-2.6.38.2/kernel/posix-cpu-timers.c 2011-03-14 21:20:32.000000000 -0400
50973+++ linux-2.6.38.2/kernel/posix-cpu-timers.c 2011-03-21 18:31:35.000000000 -0400
50974@@ -6,6 +6,7 @@
50975 #include <linux/posix-timers.h>
50976 #include <linux/errno.h>
50977 #include <linux/math64.h>
50978+#include <linux/security.h>
50979 #include <asm/uaccess.h>
50980 #include <linux/kernel_stat.h>
50981 #include <trace/events/timer.h>
50982diff -urNp linux-2.6.38.2/kernel/posix-timers.c linux-2.6.38.2/kernel/posix-timers.c
50983--- linux-2.6.38.2/kernel/posix-timers.c 2011-03-14 21:20:32.000000000 -0400
50984+++ linux-2.6.38.2/kernel/posix-timers.c 2011-03-21 18:31:35.000000000 -0400
50985@@ -42,6 +42,7 @@
50986 #include <linux/compiler.h>
50987 #include <linux/idr.h>
50988 #include <linux/posix-timers.h>
50989+#include <linux/grsecurity.h>
50990 #include <linux/syscalls.h>
50991 #include <linux/wait.h>
50992 #include <linux/workqueue.h>
50993@@ -955,6 +956,13 @@ SYSCALL_DEFINE2(clock_settime, const clo
50994 if (copy_from_user(&new_tp, tp, sizeof (*tp)))
50995 return -EFAULT;
50996
50997+ /* only the CLOCK_REALTIME clock can be set, all other clocks
50998+ have their clock_set fptr set to a nosettime dummy function
50999+ CLOCK_REALTIME has a NULL clock_set fptr which causes it to
51000+ call common_clock_set, which calls do_sys_settimeofday, which
51001+ we hook
51002+ */
51003+
51004 return CLOCK_DISPATCH(which_clock, clock_set, (which_clock, &new_tp));
51005 }
51006
51007diff -urNp linux-2.6.38.2/kernel/power/poweroff.c linux-2.6.38.2/kernel/power/poweroff.c
51008--- linux-2.6.38.2/kernel/power/poweroff.c 2011-03-14 21:20:32.000000000 -0400
51009+++ linux-2.6.38.2/kernel/power/poweroff.c 2011-03-21 18:31:35.000000000 -0400
51010@@ -37,7 +37,7 @@ static struct sysrq_key_op sysrq_powerof
51011 .enable_mask = SYSRQ_ENABLE_BOOT,
51012 };
51013
51014-static int pm_sysrq_init(void)
51015+static int __init pm_sysrq_init(void)
51016 {
51017 register_sysrq_key('o', &sysrq_poweroff_op);
51018 return 0;
51019diff -urNp linux-2.6.38.2/kernel/power/process.c linux-2.6.38.2/kernel/power/process.c
51020--- linux-2.6.38.2/kernel/power/process.c 2011-03-14 21:20:32.000000000 -0400
51021+++ linux-2.6.38.2/kernel/power/process.c 2011-03-21 18:31:35.000000000 -0400
51022@@ -41,6 +41,7 @@ static int try_to_freeze_tasks(bool sig_
51023 u64 elapsed_csecs64;
51024 unsigned int elapsed_csecs;
51025 bool wakeup = false;
51026+ bool timedout = false;
51027
51028 do_gettimeofday(&start);
51029
51030@@ -51,6 +52,8 @@ static int try_to_freeze_tasks(bool sig_
51031
51032 while (true) {
51033 todo = 0;
51034+ if (time_after(jiffies, end_time))
51035+ timedout = true;
51036 read_lock(&tasklist_lock);
51037 do_each_thread(g, p) {
51038 if (frozen(p) || !freezable(p))
51039@@ -71,9 +74,13 @@ static int try_to_freeze_tasks(bool sig_
51040 * try_to_stop() after schedule() in ptrace/signal
51041 * stop sees TIF_FREEZE.
51042 */
51043- if (!task_is_stopped_or_traced(p) &&
51044- !freezer_should_skip(p))
51045+ if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) {
51046 todo++;
51047+ if (timedout) {
51048+ printk(KERN_ERR "Task refusing to freeze:\n");
51049+ sched_show_task(p);
51050+ }
51051+ }
51052 } while_each_thread(g, p);
51053 read_unlock(&tasklist_lock);
51054
51055@@ -82,7 +89,7 @@ static int try_to_freeze_tasks(bool sig_
51056 todo += wq_busy;
51057 }
51058
51059- if (!todo || time_after(jiffies, end_time))
51060+ if (!todo || timedout)
51061 break;
51062
51063 if (pm_wakeup_pending()) {
51064diff -urNp linux-2.6.38.2/kernel/printk.c linux-2.6.38.2/kernel/printk.c
51065--- linux-2.6.38.2/kernel/printk.c 2011-03-14 21:20:32.000000000 -0400
51066+++ linux-2.6.38.2/kernel/printk.c 2011-03-23 22:30:08.000000000 -0400
51067@@ -279,12 +279,17 @@ static int check_syslog_permissions(int
51068 if (from_file && type != SYSLOG_ACTION_OPEN)
51069 return 0;
51070
51071+#ifdef CONFIG_GRKERNSEC_DMESG
51072+ if (grsec_enable_dmesg && !capable(CAP_SYSLOG) && !capable_nolog(CAP_SYS_ADMIN))
51073+ return -EPERM;
51074+#endif
51075+
51076 if (syslog_action_restricted(type)) {
51077 if (capable(CAP_SYSLOG))
51078 return 0;
51079 /* For historical reasons, accept CAP_SYS_ADMIN too, with a warning */
51080 if (capable(CAP_SYS_ADMIN)) {
51081- WARN_ONCE(1, "Attempt to access syslog with CAP_SYS_ADMIN "
51082+ printk_once(KERN_WARNING "Attempt to access syslog with CAP_SYS_ADMIN "
51083 "but no CAP_SYSLOG (deprecated).\n");
51084 return 0;
51085 }
51086diff -urNp linux-2.6.38.2/kernel/ptrace.c linux-2.6.38.2/kernel/ptrace.c
51087--- linux-2.6.38.2/kernel/ptrace.c 2011-03-14 21:20:32.000000000 -0400
51088+++ linux-2.6.38.2/kernel/ptrace.c 2011-03-26 11:42:34.000000000 -0400
51089@@ -116,7 +116,8 @@ int ptrace_check_attach(struct task_stru
51090 return ret;
51091 }
51092
51093-int __ptrace_may_access(struct task_struct *task, unsigned int mode)
51094+static int __ptrace_may_access(struct task_struct *task, unsigned int mode,
51095+ unsigned int log)
51096 {
51097 const struct cred *cred = current_cred(), *tcred;
51098
51099@@ -140,7 +141,9 @@ int __ptrace_may_access(struct task_stru
51100 cred->gid != tcred->egid ||
51101 cred->gid != tcred->sgid ||
51102 cred->gid != tcred->gid) &&
51103- !capable(CAP_SYS_PTRACE)) {
51104+ ((!log && !capable_nolog(CAP_SYS_PTRACE)) ||
51105+ (log && !capable(CAP_SYS_PTRACE)))
51106+ ) {
51107 rcu_read_unlock();
51108 return -EPERM;
51109 }
51110@@ -148,7 +151,9 @@ int __ptrace_may_access(struct task_stru
51111 smp_rmb();
51112 if (task->mm)
51113 dumpable = get_dumpable(task->mm);
51114- if (!dumpable && !capable(CAP_SYS_PTRACE))
51115+ if (!dumpable &&
51116+ ((!log && !capable_nolog(CAP_SYS_PTRACE)) ||
51117+ (log && !capable(CAP_SYS_PTRACE))))
51118 return -EPERM;
51119
51120 return security_ptrace_access_check(task, mode);
51121@@ -158,7 +163,16 @@ bool ptrace_may_access(struct task_struc
51122 {
51123 int err;
51124 task_lock(task);
51125- err = __ptrace_may_access(task, mode);
51126+ err = __ptrace_may_access(task, mode, 0);
51127+ task_unlock(task);
51128+ return !err;
51129+}
51130+
51131+bool ptrace_may_access_log(struct task_struct *task, unsigned int mode)
51132+{
51133+ int err;
51134+ task_lock(task);
51135+ err = __ptrace_may_access(task, mode, 1);
51136 task_unlock(task);
51137 return !err;
51138 }
51139@@ -185,7 +199,7 @@ static int ptrace_attach(struct task_str
51140 goto out;
51141
51142 task_lock(task);
51143- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
51144+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH, 1);
51145 task_unlock(task);
51146 if (retval)
51147 goto unlock_creds;
51148@@ -198,7 +212,7 @@ static int ptrace_attach(struct task_str
51149 goto unlock_tasklist;
51150
51151 task->ptrace = PT_PTRACED;
51152- if (capable(CAP_SYS_PTRACE))
51153+ if (capable_nolog(CAP_SYS_PTRACE))
51154 task->ptrace |= PT_PTRACE_CAP;
51155
51156 __ptrace_link(task, current);
51157@@ -369,7 +383,7 @@ int ptrace_readdata(struct task_struct *
51158 break;
51159 return -EIO;
51160 }
51161- if (copy_to_user(dst, buf, retval))
51162+ if (retval > sizeof(buf) || copy_to_user(dst, buf, retval))
51163 return -EFAULT;
51164 copied += retval;
51165 src += retval;
51166@@ -565,7 +579,7 @@ int ptrace_request(struct task_struct *c
51167 {
51168 int ret = -EIO;
51169 siginfo_t siginfo;
51170- void __user *datavp = (void __user *) data;
51171+ void __user *datavp = (__force void __user *) data;
51172 unsigned long __user *datalp = datavp;
51173
51174 switch (request) {
51175@@ -713,14 +727,21 @@ SYSCALL_DEFINE4(ptrace, long, request, l
51176 goto out;
51177 }
51178
51179+ if (gr_handle_ptrace(child, request)) {
51180+ ret = -EPERM;
51181+ goto out_put_task_struct;
51182+ }
51183+
51184 if (request == PTRACE_ATTACH) {
51185 ret = ptrace_attach(child);
51186 /*
51187 * Some architectures need to do book-keeping after
51188 * a ptrace attach.
51189 */
51190- if (!ret)
51191+ if (!ret) {
51192 arch_ptrace_attach(child);
51193+ gr_audit_ptrace(child);
51194+ }
51195 goto out_put_task_struct;
51196 }
51197
51198@@ -745,7 +766,7 @@ int generic_ptrace_peekdata(struct task_
51199 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
51200 if (copied != sizeof(tmp))
51201 return -EIO;
51202- return put_user(tmp, (unsigned long __user *)data);
51203+ return put_user(tmp, (__force unsigned long __user *)data);
51204 }
51205
51206 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
51207@@ -855,14 +876,21 @@ asmlinkage long compat_sys_ptrace(compat
51208 goto out;
51209 }
51210
51211+ if (gr_handle_ptrace(child, request)) {
51212+ ret = -EPERM;
51213+ goto out_put_task_struct;
51214+ }
51215+
51216 if (request == PTRACE_ATTACH) {
51217 ret = ptrace_attach(child);
51218 /*
51219 * Some architectures need to do book-keeping after
51220 * a ptrace attach.
51221 */
51222- if (!ret)
51223+ if (!ret) {
51224 arch_ptrace_attach(child);
51225+ gr_audit_ptrace(child);
51226+ }
51227 goto out_put_task_struct;
51228 }
51229
51230diff -urNp linux-2.6.38.2/kernel/rcutree.c linux-2.6.38.2/kernel/rcutree.c
51231--- linux-2.6.38.2/kernel/rcutree.c 2011-03-14 21:20:32.000000000 -0400
51232+++ linux-2.6.38.2/kernel/rcutree.c 2011-03-21 18:31:35.000000000 -0400
51233@@ -1389,7 +1389,7 @@ __rcu_process_callbacks(struct rcu_state
51234 /*
51235 * Do softirq processing for the current CPU.
51236 */
51237-static void rcu_process_callbacks(struct softirq_action *unused)
51238+static void rcu_process_callbacks(void)
51239 {
51240 /*
51241 * Memory references from any prior RCU read-side critical sections
51242diff -urNp linux-2.6.38.2/kernel/rcutree_plugin.h linux-2.6.38.2/kernel/rcutree_plugin.h
51243--- linux-2.6.38.2/kernel/rcutree_plugin.h 2011-03-14 21:20:32.000000000 -0400
51244+++ linux-2.6.38.2/kernel/rcutree_plugin.h 2011-03-21 18:31:35.000000000 -0400
51245@@ -730,7 +730,7 @@ void synchronize_rcu_expedited(void)
51246
51247 /* Clean up and exit. */
51248 smp_mb(); /* ensure expedited GP seen before counter increment. */
51249- ACCESS_ONCE(sync_rcu_preempt_exp_count)++;
51250+ ACCESS_ONCE_RW(sync_rcu_preempt_exp_count)++;
51251 unlock_mb_ret:
51252 mutex_unlock(&sync_rcu_preempt_exp_mutex);
51253 mb_ret:
51254diff -urNp linux-2.6.38.2/kernel/resource.c linux-2.6.38.2/kernel/resource.c
51255--- linux-2.6.38.2/kernel/resource.c 2011-03-14 21:20:32.000000000 -0400
51256+++ linux-2.6.38.2/kernel/resource.c 2011-03-21 18:31:35.000000000 -0400
51257@@ -133,8 +133,18 @@ static const struct file_operations proc
51258
51259 static int __init ioresources_init(void)
51260 {
51261+#ifdef CONFIG_GRKERNSEC_PROC_ADD
51262+#ifdef CONFIG_GRKERNSEC_PROC_USER
51263+ proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations);
51264+ proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations);
51265+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
51266+ proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations);
51267+ proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations);
51268+#endif
51269+#else
51270 proc_create("ioports", 0, NULL, &proc_ioports_operations);
51271 proc_create("iomem", 0, NULL, &proc_iomem_operations);
51272+#endif
51273 return 0;
51274 }
51275 __initcall(ioresources_init);
51276diff -urNp linux-2.6.38.2/kernel/rtmutex.c linux-2.6.38.2/kernel/rtmutex.c
51277--- linux-2.6.38.2/kernel/rtmutex.c 2011-03-14 21:20:32.000000000 -0400
51278+++ linux-2.6.38.2/kernel/rtmutex.c 2011-03-21 18:31:35.000000000 -0400
51279@@ -511,7 +511,7 @@ static void wakeup_next_waiter(struct rt
51280 */
51281 raw_spin_lock_irqsave(&pendowner->pi_lock, flags);
51282
51283- WARN_ON(!pendowner->pi_blocked_on);
51284+ BUG_ON(!pendowner->pi_blocked_on);
51285 WARN_ON(pendowner->pi_blocked_on != waiter);
51286 WARN_ON(pendowner->pi_blocked_on->lock != lock);
51287
51288diff -urNp linux-2.6.38.2/kernel/sched.c linux-2.6.38.2/kernel/sched.c
51289--- linux-2.6.38.2/kernel/sched.c 2011-03-23 17:20:08.000000000 -0400
51290+++ linux-2.6.38.2/kernel/sched.c 2011-03-23 17:21:51.000000000 -0400
51291@@ -4638,6 +4638,8 @@ int can_nice(const struct task_struct *p
51292 /* convert nice value [19,-20] to rlimit style value [1,40] */
51293 int nice_rlim = 20 - nice;
51294
51295+ gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1);
51296+
51297 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
51298 capable(CAP_SYS_NICE));
51299 }
51300@@ -4671,7 +4673,8 @@ SYSCALL_DEFINE1(nice, int, increment)
51301 if (nice > 19)
51302 nice = 19;
51303
51304- if (increment < 0 && !can_nice(current, nice))
51305+ if (increment < 0 && (!can_nice(current, nice) ||
51306+ gr_handle_chroot_nice()))
51307 return -EPERM;
51308
51309 retval = security_task_setnice(current, nice);
51310@@ -4814,6 +4817,7 @@ recheck:
51311 unsigned long rlim_rtprio =
51312 task_rlimit(p, RLIMIT_RTPRIO);
51313
51314+ gr_learn_resource(p, RLIMIT_RTPRIO, param->sched_priority, 1);
51315 /* can't set/change the rt policy */
51316 if (policy != p->policy && !rlim_rtprio)
51317 return -EPERM;
51318@@ -6942,7 +6946,7 @@ static void init_sched_groups_power(int
51319 long power;
51320 int weight;
51321
51322- WARN_ON(!sd || !sd->groups);
51323+ BUG_ON(!sd || !sd->groups);
51324
51325 if (cpu != group_first_cpu(sd->groups))
51326 return;
51327diff -urNp linux-2.6.38.2/kernel/sched_fair.c linux-2.6.38.2/kernel/sched_fair.c
51328--- linux-2.6.38.2/kernel/sched_fair.c 2011-03-14 21:20:32.000000000 -0400
51329+++ linux-2.6.38.2/kernel/sched_fair.c 2011-03-21 18:31:35.000000000 -0400
51330@@ -3960,7 +3960,7 @@ static void nohz_idle_balance(int this_c
51331 * run_rebalance_domains is triggered when needed from the scheduler tick.
51332 * Also triggered for nohz idle balancing (with nohz_balancing_kick set).
51333 */
51334-static void run_rebalance_domains(struct softirq_action *h)
51335+static void run_rebalance_domains(void)
51336 {
51337 int this_cpu = smp_processor_id();
51338 struct rq *this_rq = cpu_rq(this_cpu);
51339diff -urNp linux-2.6.38.2/kernel/signal.c linux-2.6.38.2/kernel/signal.c
51340--- linux-2.6.38.2/kernel/signal.c 2011-03-28 17:42:40.000000000 -0400
51341+++ linux-2.6.38.2/kernel/signal.c 2011-03-28 17:42:53.000000000 -0400
51342@@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cache
51343
51344 int print_fatal_signals __read_mostly;
51345
51346-static void __user *sig_handler(struct task_struct *t, int sig)
51347+static __sighandler_t sig_handler(struct task_struct *t, int sig)
51348 {
51349 return t->sighand->action[sig - 1].sa.sa_handler;
51350 }
51351
51352-static int sig_handler_ignored(void __user *handler, int sig)
51353+static int sig_handler_ignored(__sighandler_t handler, int sig)
51354 {
51355 /* Is it explicitly or implicitly ignored? */
51356 return handler == SIG_IGN ||
51357@@ -60,7 +60,7 @@ static int sig_handler_ignored(void __us
51358 static int sig_task_ignored(struct task_struct *t, int sig,
51359 int from_ancestor_ns)
51360 {
51361- void __user *handler;
51362+ __sighandler_t handler;
51363
51364 handler = sig_handler(t, sig);
51365
51366@@ -243,6 +243,9 @@ __sigqueue_alloc(int sig, struct task_st
51367 atomic_inc(&user->sigpending);
51368 rcu_read_unlock();
51369
51370+ if (!override_rlimit)
51371+ gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1);
51372+
51373 if (override_rlimit ||
51374 atomic_read(&user->sigpending) <=
51375 task_rlimit(t, RLIMIT_SIGPENDING)) {
51376@@ -367,7 +370,7 @@ flush_signal_handlers(struct task_struct
51377
51378 int unhandled_signal(struct task_struct *tsk, int sig)
51379 {
51380- void __user *handler = tsk->sighand->action[sig-1].sa.sa_handler;
51381+ __sighandler_t handler = tsk->sighand->action[sig-1].sa.sa_handler;
51382 if (is_global_init(tsk))
51383 return 1;
51384 if (handler != SIG_IGN && handler != SIG_DFL)
51385@@ -678,6 +681,9 @@ static int check_kill_permission(int sig
51386 }
51387 }
51388
51389+ if (gr_handle_signal(t, sig))
51390+ return -EPERM;
51391+
51392 return security_task_kill(t, info, sig, 0);
51393 }
51394
51395@@ -1025,7 +1031,7 @@ __group_send_sig_info(int sig, struct si
51396 return send_signal(sig, info, p, 1);
51397 }
51398
51399-static int
51400+int
51401 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
51402 {
51403 return send_signal(sig, info, t, 0);
51404@@ -1062,6 +1068,7 @@ force_sig_info(int sig, struct siginfo *
51405 unsigned long int flags;
51406 int ret, blocked, ignored;
51407 struct k_sigaction *action;
51408+ int is_unhandled = 0;
51409
51410 spin_lock_irqsave(&t->sighand->siglock, flags);
51411 action = &t->sighand->action[sig-1];
51412@@ -1076,9 +1083,18 @@ force_sig_info(int sig, struct siginfo *
51413 }
51414 if (action->sa.sa_handler == SIG_DFL)
51415 t->signal->flags &= ~SIGNAL_UNKILLABLE;
51416+ if (action->sa.sa_handler == SIG_IGN || action->sa.sa_handler == SIG_DFL)
51417+ is_unhandled = 1;
51418 ret = specific_send_sig_info(sig, info, t);
51419 spin_unlock_irqrestore(&t->sighand->siglock, flags);
51420
51421+ /* only deal with unhandled signals, java etc trigger SIGSEGV during
51422+ normal operation */
51423+ if (is_unhandled) {
51424+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
51425+ gr_handle_crash(t, sig);
51426+ }
51427+
51428 return ret;
51429 }
51430
51431@@ -1137,8 +1153,11 @@ int group_send_sig_info(int sig, struct
51432 ret = check_kill_permission(sig, info, p);
51433 rcu_read_unlock();
51434
51435- if (!ret && sig)
51436+ if (!ret && sig) {
51437 ret = do_send_sig_info(sig, info, p, true);
51438+ if (!ret)
51439+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, p);
51440+ }
51441
51442 return ret;
51443 }
51444diff -urNp linux-2.6.38.2/kernel/smp.c linux-2.6.38.2/kernel/smp.c
51445--- linux-2.6.38.2/kernel/smp.c 2011-03-23 17:20:08.000000000 -0400
51446+++ linux-2.6.38.2/kernel/smp.c 2011-03-26 20:50:44.000000000 -0400
51447@@ -583,22 +583,22 @@ int smp_call_function(smp_call_func_t fu
51448 }
51449 EXPORT_SYMBOL(smp_call_function);
51450
51451-void ipi_call_lock(void)
51452+void ipi_call_lock(void) __acquires(call_function.lock)
51453 {
51454 raw_spin_lock(&call_function.lock);
51455 }
51456
51457-void ipi_call_unlock(void)
51458+void ipi_call_unlock(void) __releases(call_function.lock)
51459 {
51460 raw_spin_unlock(&call_function.lock);
51461 }
51462
51463-void ipi_call_lock_irq(void)
51464+void ipi_call_lock_irq(void) __acquires(call_function.lock)
51465 {
51466 raw_spin_lock_irq(&call_function.lock);
51467 }
51468
51469-void ipi_call_unlock_irq(void)
51470+void ipi_call_unlock_irq(void) __releases(call_function.lock)
51471 {
51472 raw_spin_unlock_irq(&call_function.lock);
51473 }
51474diff -urNp linux-2.6.38.2/kernel/softirq.c linux-2.6.38.2/kernel/softirq.c
51475--- linux-2.6.38.2/kernel/softirq.c 2011-03-14 21:20:32.000000000 -0400
51476+++ linux-2.6.38.2/kernel/softirq.c 2011-03-21 18:31:35.000000000 -0400
51477@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec
51478
51479 static DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
51480
51481-char *softirq_to_name[NR_SOFTIRQS] = {
51482+const char * const softirq_to_name[NR_SOFTIRQS] = {
51483 "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL",
51484 "TASKLET", "SCHED", "HRTIMER", "RCU"
51485 };
51486@@ -206,7 +206,7 @@ EXPORT_SYMBOL(local_bh_enable_ip);
51487
51488 asmlinkage void __do_softirq(void)
51489 {
51490- struct softirq_action *h;
51491+ const struct softirq_action *h;
51492 __u32 pending;
51493 int max_restart = MAX_SOFTIRQ_RESTART;
51494 int cpu;
51495@@ -235,7 +235,7 @@ restart:
51496 kstat_incr_softirqs_this_cpu(vec_nr);
51497
51498 trace_softirq_entry(vec_nr);
51499- h->action(h);
51500+ h->action();
51501 trace_softirq_exit(vec_nr);
51502 if (unlikely(prev_count != preempt_count())) {
51503 printk(KERN_ERR "huh, entered softirq %u %s %p"
51504@@ -365,7 +365,7 @@ void raise_softirq(unsigned int nr)
51505 local_irq_restore(flags);
51506 }
51507
51508-void open_softirq(int nr, void (*action)(struct softirq_action *))
51509+void open_softirq(int nr, void (*action)(void))
51510 {
51511 softirq_vec[nr].action = action;
51512 }
51513@@ -421,7 +421,7 @@ void __tasklet_hi_schedule_first(struct
51514
51515 EXPORT_SYMBOL(__tasklet_hi_schedule_first);
51516
51517-static void tasklet_action(struct softirq_action *a)
51518+static void tasklet_action(void)
51519 {
51520 struct tasklet_struct *list;
51521
51522@@ -456,7 +456,7 @@ static void tasklet_action(struct softir
51523 }
51524 }
51525
51526-static void tasklet_hi_action(struct softirq_action *a)
51527+static void tasklet_hi_action(void)
51528 {
51529 struct tasklet_struct *list;
51530
51531diff -urNp linux-2.6.38.2/kernel/sys.c linux-2.6.38.2/kernel/sys.c
51532--- linux-2.6.38.2/kernel/sys.c 2011-03-14 21:20:32.000000000 -0400
51533+++ linux-2.6.38.2/kernel/sys.c 2011-03-21 18:31:35.000000000 -0400
51534@@ -136,6 +136,12 @@ static int set_one_prio(struct task_stru
51535 error = -EACCES;
51536 goto out;
51537 }
51538+
51539+ if (gr_handle_chroot_setpriority(p, niceval)) {
51540+ error = -EACCES;
51541+ goto out;
51542+ }
51543+
51544 no_nice = security_task_setnice(p, niceval);
51545 if (no_nice) {
51546 error = no_nice;
51547@@ -517,6 +523,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g
51548 goto error;
51549 }
51550
51551+ if (gr_check_group_change(new->gid, new->egid, -1))
51552+ goto error;
51553+
51554 if (rgid != (gid_t) -1 ||
51555 (egid != (gid_t) -1 && egid != old->gid))
51556 new->sgid = new->egid;
51557@@ -546,6 +555,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
51558 old = current_cred();
51559
51560 retval = -EPERM;
51561+
51562+ if (gr_check_group_change(gid, gid, gid))
51563+ goto error;
51564+
51565 if (capable(CAP_SETGID))
51566 new->gid = new->egid = new->sgid = new->fsgid = gid;
51567 else if (gid == old->gid || gid == old->sgid)
51568@@ -626,6 +639,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
51569 goto error;
51570 }
51571
51572+ if (gr_check_user_change(new->uid, new->euid, -1))
51573+ goto error;
51574+
51575 if (new->uid != old->uid) {
51576 retval = set_user(new);
51577 if (retval < 0)
51578@@ -670,6 +686,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
51579 old = current_cred();
51580
51581 retval = -EPERM;
51582+
51583+ if (gr_check_crash_uid(uid))
51584+ goto error;
51585+ if (gr_check_user_change(uid, uid, uid))
51586+ goto error;
51587+
51588 if (capable(CAP_SETUID)) {
51589 new->suid = new->uid = uid;
51590 if (uid != old->uid) {
51591@@ -724,6 +746,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid,
51592 goto error;
51593 }
51594
51595+ if (gr_check_user_change(ruid, euid, -1))
51596+ goto error;
51597+
51598 if (ruid != (uid_t) -1) {
51599 new->uid = ruid;
51600 if (ruid != old->uid) {
51601@@ -788,6 +813,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid,
51602 goto error;
51603 }
51604
51605+ if (gr_check_group_change(rgid, egid, -1))
51606+ goto error;
51607+
51608 if (rgid != (gid_t) -1)
51609 new->gid = rgid;
51610 if (egid != (gid_t) -1)
51611@@ -834,6 +862,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
51612 old = current_cred();
51613 old_fsuid = old->fsuid;
51614
51615+ if (gr_check_user_change(-1, -1, uid))
51616+ goto error;
51617+
51618 if (uid == old->uid || uid == old->euid ||
51619 uid == old->suid || uid == old->fsuid ||
51620 capable(CAP_SETUID)) {
51621@@ -844,6 +875,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
51622 }
51623 }
51624
51625+error:
51626 abort_creds(new);
51627 return old_fsuid;
51628
51629@@ -870,12 +902,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
51630 if (gid == old->gid || gid == old->egid ||
51631 gid == old->sgid || gid == old->fsgid ||
51632 capable(CAP_SETGID)) {
51633+ if (gr_check_group_change(-1, -1, gid))
51634+ goto error;
51635+
51636 if (gid != old_fsgid) {
51637 new->fsgid = gid;
51638 goto change_okay;
51639 }
51640 }
51641
51642+error:
51643 abort_creds(new);
51644 return old_fsgid;
51645
51646@@ -1616,7 +1652,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
51647 error = get_dumpable(me->mm);
51648 break;
51649 case PR_SET_DUMPABLE:
51650- if (arg2 < 0 || arg2 > 1) {
51651+ if (arg2 > 1) {
51652 error = -EINVAL;
51653 break;
51654 }
51655diff -urNp linux-2.6.38.2/kernel/sysctl.c linux-2.6.38.2/kernel/sysctl.c
51656--- linux-2.6.38.2/kernel/sysctl.c 2011-03-28 17:42:40.000000000 -0400
51657+++ linux-2.6.38.2/kernel/sysctl.c 2011-03-28 17:49:17.000000000 -0400
51658@@ -84,6 +84,13 @@
51659
51660
51661 #if defined(CONFIG_SYSCTL)
51662+#include <linux/grsecurity.h>
51663+#include <linux/grinternal.h>
51664+
51665+extern __u32 gr_handle_sysctl(const ctl_table *table, const int op);
51666+extern int gr_handle_sysctl_mod(const char *dirname, const char *name,
51667+ const int op);
51668+extern int gr_handle_chroot_sysctl(const int op);
51669
51670 /* External variables not in a header file. */
51671 extern int sysctl_overcommit_memory;
51672@@ -195,6 +202,7 @@ static int sysrq_sysctl_handler(ctl_tabl
51673 }
51674
51675 #endif
51676+extern struct ctl_table grsecurity_table[];
51677
51678 static struct ctl_table root_table[];
51679 static struct ctl_table_root sysctl_table_root;
51680@@ -224,6 +232,20 @@ extern struct ctl_table epoll_table[];
51681 int sysctl_legacy_va_layout;
51682 #endif
51683
51684+#ifdef CONFIG_PAX_SOFTMODE
51685+static ctl_table pax_table[] = {
51686+ {
51687+ .procname = "softmode",
51688+ .data = &pax_softmode,
51689+ .maxlen = sizeof(unsigned int),
51690+ .mode = 0600,
51691+ .proc_handler = &proc_dointvec,
51692+ },
51693+
51694+ { }
51695+};
51696+#endif
51697+
51698 /* The default sysctl tables: */
51699
51700 static struct ctl_table root_table[] = {
51701@@ -270,6 +292,22 @@ static int max_extfrag_threshold = 1000;
51702 #endif
51703
51704 static struct ctl_table kern_table[] = {
51705+#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
51706+ {
51707+ .procname = "grsecurity",
51708+ .mode = 0500,
51709+ .child = grsecurity_table,
51710+ },
51711+#endif
51712+
51713+#ifdef CONFIG_PAX_SOFTMODE
51714+ {
51715+ .procname = "pax",
51716+ .mode = 0500,
51717+ .child = pax_table,
51718+ },
51719+#endif
51720+
51721 {
51722 .procname = "sched_child_runs_first",
51723 .data = &sysctl_sched_child_runs_first,
51724@@ -551,7 +589,7 @@ static struct ctl_table kern_table[] = {
51725 .data = &modprobe_path,
51726 .maxlen = KMOD_PATH_LEN,
51727 .mode = 0644,
51728- .proc_handler = proc_dostring,
51729+ .proc_handler = proc_dostring_modpriv,
51730 },
51731 {
51732 .procname = "modules_disabled",
51733@@ -713,16 +751,20 @@ static struct ctl_table kern_table[] = {
51734 .extra1 = &zero,
51735 .extra2 = &one,
51736 },
51737+#endif
51738 {
51739 .procname = "kptr_restrict",
51740 .data = &kptr_restrict,
51741 .maxlen = sizeof(int),
51742 .mode = 0644,
51743 .proc_handler = proc_dmesg_restrict,
51744+#ifdef CONFIG_GRKERNSEC_HIDESYM
51745+ .extra1 = &two,
51746+#else
51747 .extra1 = &zero,
51748+#endif
51749 .extra2 = &two,
51750 },
51751-#endif
51752 {
51753 .procname = "ngroups_max",
51754 .data = &ngroups_max,
51755@@ -1187,6 +1229,13 @@ static struct ctl_table vm_table[] = {
51756 .proc_handler = proc_dointvec_minmax,
51757 .extra1 = &zero,
51758 },
51759+ {
51760+ .procname = "heap_stack_gap",
51761+ .data = &sysctl_heap_stack_gap,
51762+ .maxlen = sizeof(sysctl_heap_stack_gap),
51763+ .mode = 0644,
51764+ .proc_handler = proc_doulongvec_minmax,
51765+ },
51766 #else
51767 {
51768 .procname = "nr_trim_pages",
51769@@ -1698,6 +1747,16 @@ int sysctl_perm(struct ctl_table_root *r
51770 int error;
51771 int mode;
51772
51773+ if (table->parent != NULL && table->parent->procname != NULL &&
51774+ table->procname != NULL &&
51775+ gr_handle_sysctl_mod(table->parent->procname, table->procname, op))
51776+ return -EACCES;
51777+ if (gr_handle_chroot_sysctl(op))
51778+ return -EACCES;
51779+ error = gr_handle_sysctl(table, op);
51780+ if (error)
51781+ return error;
51782+
51783 error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
51784 if (error)
51785 return error;
51786@@ -2105,6 +2164,16 @@ int proc_dostring(struct ctl_table *tabl
51787 buffer, lenp, ppos);
51788 }
51789
51790+int proc_dostring_modpriv(struct ctl_table *table, int write,
51791+ void __user *buffer, size_t *lenp, loff_t *ppos)
51792+{
51793+ if (write && !capable(CAP_SYS_MODULE))
51794+ return -EPERM;
51795+
51796+ return _proc_do_string(table->data, table->maxlen, write,
51797+ buffer, lenp, ppos);
51798+}
51799+
51800 static size_t proc_skip_spaces(char **buf)
51801 {
51802 size_t ret;
51803@@ -2210,6 +2279,8 @@ static int proc_put_long(void __user **b
51804 len = strlen(tmp);
51805 if (len > *size)
51806 len = *size;
51807+ if (len > sizeof(tmp))
51808+ len = sizeof(tmp);
51809 if (copy_to_user(*buf, tmp, len))
51810 return -EFAULT;
51811 *size -= len;
51812@@ -2526,8 +2597,11 @@ static int __do_proc_doulongvec_minmax(v
51813 *i = val;
51814 } else {
51815 val = convdiv * (*i) / convmul;
51816- if (!first)
51817+ if (!first) {
51818 err = proc_put_char(&buffer, &left, '\t');
51819+ if (err)
51820+ break;
51821+ }
51822 err = proc_put_long(&buffer, &left, val, false);
51823 if (err)
51824 break;
51825@@ -2922,6 +2996,12 @@ int proc_dostring(struct ctl_table *tabl
51826 return -ENOSYS;
51827 }
51828
51829+int proc_dostring_modpriv(struct ctl_table *table, int write,
51830+ void __user *buffer, size_t *lenp, loff_t *ppos)
51831+{
51832+ return -ENOSYS;
51833+}
51834+
51835 int proc_dointvec(struct ctl_table *table, int write,
51836 void __user *buffer, size_t *lenp, loff_t *ppos)
51837 {
51838@@ -2978,6 +3058,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
51839 EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
51840 EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
51841 EXPORT_SYMBOL(proc_dostring);
51842+EXPORT_SYMBOL(proc_dostring_modpriv);
51843 EXPORT_SYMBOL(proc_doulongvec_minmax);
51844 EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
51845 EXPORT_SYMBOL(register_sysctl_table);
51846diff -urNp linux-2.6.38.2/kernel/sysctl_check.c linux-2.6.38.2/kernel/sysctl_check.c
51847--- linux-2.6.38.2/kernel/sysctl_check.c 2011-03-14 21:20:32.000000000 -0400
51848+++ linux-2.6.38.2/kernel/sysctl_check.c 2011-03-21 18:31:35.000000000 -0400
51849@@ -131,6 +131,7 @@ int sysctl_check_table(struct nsproxy *n
51850 set_fail(&fail, table, "Directory with extra2");
51851 } else {
51852 if ((table->proc_handler == proc_dostring) ||
51853+ (table->proc_handler == proc_dostring_modpriv) ||
51854 (table->proc_handler == proc_dointvec) ||
51855 (table->proc_handler == proc_dointvec_minmax) ||
51856 (table->proc_handler == proc_dointvec_jiffies) ||
51857diff -urNp linux-2.6.38.2/kernel/taskstats.c linux-2.6.38.2/kernel/taskstats.c
51858--- linux-2.6.38.2/kernel/taskstats.c 2011-03-14 21:20:32.000000000 -0400
51859+++ linux-2.6.38.2/kernel/taskstats.c 2011-03-21 18:31:35.000000000 -0400
51860@@ -27,9 +27,12 @@
51861 #include <linux/cgroup.h>
51862 #include <linux/fs.h>
51863 #include <linux/file.h>
51864+#include <linux/grsecurity.h>
51865 #include <net/genetlink.h>
51866 #include <asm/atomic.h>
51867
51868+extern int gr_is_taskstats_denied(int pid);
51869+
51870 /*
51871 * Maximum length of a cpumask that can be specified in
51872 * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute
51873@@ -549,6 +552,9 @@ err:
51874
51875 static int taskstats_user_cmd(struct sk_buff *skb, struct genl_info *info)
51876 {
51877+ if (gr_is_taskstats_denied(current->pid))
51878+ return -EACCES;
51879+
51880 if (info->attrs[TASKSTATS_CMD_ATTR_REGISTER_CPUMASK])
51881 return cmd_attr_register_cpumask(info);
51882 else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK])
51883diff -urNp linux-2.6.38.2/kernel/time/tick-broadcast.c linux-2.6.38.2/kernel/time/tick-broadcast.c
51884--- linux-2.6.38.2/kernel/time/tick-broadcast.c 2011-03-14 21:20:32.000000000 -0400
51885+++ linux-2.6.38.2/kernel/time/tick-broadcast.c 2011-03-21 18:31:35.000000000 -0400
51886@@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct cl
51887 * then clear the broadcast bit.
51888 */
51889 if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
51890- int cpu = smp_processor_id();
51891+ cpu = smp_processor_id();
51892
51893 cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
51894 tick_broadcast_clear_oneshot(cpu);
51895diff -urNp linux-2.6.38.2/kernel/time/timekeeping.c linux-2.6.38.2/kernel/time/timekeeping.c
51896--- linux-2.6.38.2/kernel/time/timekeeping.c 2011-03-14 21:20:32.000000000 -0400
51897+++ linux-2.6.38.2/kernel/time/timekeeping.c 2011-03-21 18:31:35.000000000 -0400
51898@@ -14,6 +14,7 @@
51899 #include <linux/init.h>
51900 #include <linux/mm.h>
51901 #include <linux/sched.h>
51902+#include <linux/grsecurity.h>
51903 #include <linux/sysdev.h>
51904 #include <linux/clocksource.h>
51905 #include <linux/jiffies.h>
51906@@ -361,6 +362,8 @@ int do_settimeofday(struct timespec *tv)
51907 if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC)
51908 return -EINVAL;
51909
51910+ gr_log_timechange();
51911+
51912 write_seqlock_irqsave(&xtime_lock, flags);
51913
51914 timekeeping_forward_now();
51915diff -urNp linux-2.6.38.2/kernel/time/timer_list.c linux-2.6.38.2/kernel/time/timer_list.c
51916--- linux-2.6.38.2/kernel/time/timer_list.c 2011-03-14 21:20:32.000000000 -0400
51917+++ linux-2.6.38.2/kernel/time/timer_list.c 2011-03-21 18:31:35.000000000 -0400
51918@@ -38,12 +38,16 @@ DECLARE_PER_CPU(struct hrtimer_cpu_base,
51919
51920 static void print_name_offset(struct seq_file *m, void *sym)
51921 {
51922+#ifdef CONFIG_GRKERNSEC_HIDESYM
51923+ SEQ_printf(m, "<%p>", NULL);
51924+#else
51925 char symname[KSYM_NAME_LEN];
51926
51927 if (lookup_symbol_name((unsigned long)sym, symname) < 0)
51928 SEQ_printf(m, "<%pK>", sym);
51929 else
51930 SEQ_printf(m, "%s", symname);
51931+#endif
51932 }
51933
51934 static void
51935@@ -112,7 +116,11 @@ next_one:
51936 static void
51937 print_base(struct seq_file *m, struct hrtimer_clock_base *base, u64 now)
51938 {
51939+#ifdef CONFIG_GRKERNSEC_HIDESYM
51940+ SEQ_printf(m, " .base: %p\n", NULL);
51941+#else
51942 SEQ_printf(m, " .base: %pK\n", base);
51943+#endif
51944 SEQ_printf(m, " .index: %d\n",
51945 base->index);
51946 SEQ_printf(m, " .resolution: %Lu nsecs\n",
51947@@ -293,7 +301,11 @@ static int __init init_timer_list_procfs
51948 {
51949 struct proc_dir_entry *pe;
51950
51951+#ifdef CONFIG_GRKERNSEC_PROC_ADD
51952+ pe = proc_create("timer_list", 0400, NULL, &timer_list_fops);
51953+#else
51954 pe = proc_create("timer_list", 0444, NULL, &timer_list_fops);
51955+#endif
51956 if (!pe)
51957 return -ENOMEM;
51958 return 0;
51959diff -urNp linux-2.6.38.2/kernel/time/timer_stats.c linux-2.6.38.2/kernel/time/timer_stats.c
51960--- linux-2.6.38.2/kernel/time/timer_stats.c 2011-03-14 21:20:32.000000000 -0400
51961+++ linux-2.6.38.2/kernel/time/timer_stats.c 2011-03-21 18:31:35.000000000 -0400
51962@@ -269,12 +269,16 @@ void timer_stats_update_stats(void *time
51963
51964 static void print_name_offset(struct seq_file *m, unsigned long addr)
51965 {
51966+#ifdef CONFIG_GRKERNSEC_HIDESYM
51967+ seq_printf(m, "<%p>", NULL);
51968+#else
51969 char symname[KSYM_NAME_LEN];
51970
51971 if (lookup_symbol_name(addr, symname) < 0)
51972 seq_printf(m, "<%p>", (void *)addr);
51973 else
51974 seq_printf(m, "%s", symname);
51975+#endif
51976 }
51977
51978 static int tstats_show(struct seq_file *m, void *v)
51979@@ -417,7 +421,11 @@ static int __init init_tstats_procfs(voi
51980 {
51981 struct proc_dir_entry *pe;
51982
51983+#ifdef CONFIG_GRKERNSEC_PROC_ADD
51984+ pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
51985+#else
51986 pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
51987+#endif
51988 if (!pe)
51989 return -ENOMEM;
51990 return 0;
51991diff -urNp linux-2.6.38.2/kernel/time.c linux-2.6.38.2/kernel/time.c
51992--- linux-2.6.38.2/kernel/time.c 2011-03-14 21:20:32.000000000 -0400
51993+++ linux-2.6.38.2/kernel/time.c 2011-03-21 18:31:35.000000000 -0400
51994@@ -163,6 +163,11 @@ int do_sys_settimeofday(struct timespec
51995 return error;
51996
51997 if (tz) {
51998+ /* we log in do_settimeofday called below, so don't log twice
51999+ */
52000+ if (!tv)
52001+ gr_log_timechange();
52002+
52003 /* SMP safe, global irq locking makes it work. */
52004 sys_tz = *tz;
52005 update_vsyscall_tz();
52006diff -urNp linux-2.6.38.2/kernel/timer.c linux-2.6.38.2/kernel/timer.c
52007--- linux-2.6.38.2/kernel/timer.c 2011-03-14 21:20:32.000000000 -0400
52008+++ linux-2.6.38.2/kernel/timer.c 2011-03-21 18:31:35.000000000 -0400
52009@@ -1276,7 +1276,7 @@ void update_process_times(int user_tick)
52010 /*
52011 * This function runs timers and the timer-tq in bottom half context.
52012 */
52013-static void run_timer_softirq(struct softirq_action *h)
52014+static void run_timer_softirq(void)
52015 {
52016 struct tvec_base *base = __this_cpu_read(tvec_bases);
52017
52018diff -urNp linux-2.6.38.2/kernel/trace/ftrace.c linux-2.6.38.2/kernel/trace/ftrace.c
52019--- linux-2.6.38.2/kernel/trace/ftrace.c 2011-03-23 17:20:08.000000000 -0400
52020+++ linux-2.6.38.2/kernel/trace/ftrace.c 2011-03-23 17:21:51.000000000 -0400
52021@@ -1107,13 +1107,18 @@ ftrace_code_disable(struct module *mod,
52022
52023 ip = rec->ip;
52024
52025+ ret = ftrace_arch_code_modify_prepare();
52026+ FTRACE_WARN_ON(ret);
52027+ if (ret)
52028+ return 0;
52029+
52030 ret = ftrace_make_nop(mod, rec, MCOUNT_ADDR);
52031+ FTRACE_WARN_ON(ftrace_arch_code_modify_post_process());
52032 if (ret) {
52033 ftrace_bug(ret, ip);
52034 rec->flags |= FTRACE_FL_FAILED;
52035- return 0;
52036 }
52037- return 1;
52038+ return ret ? 0 : 1;
52039 }
52040
52041 /*
52042diff -urNp linux-2.6.38.2/kernel/trace/ring_buffer.c linux-2.6.38.2/kernel/trace/ring_buffer.c
52043--- linux-2.6.38.2/kernel/trace/ring_buffer.c 2011-03-14 21:20:32.000000000 -0400
52044+++ linux-2.6.38.2/kernel/trace/ring_buffer.c 2011-03-21 18:31:35.000000000 -0400
52045@@ -669,7 +669,7 @@ static struct list_head *rb_list_head(st
52046 * the reader page). But if the next page is a header page,
52047 * its flags will be non zero.
52048 */
52049-static int inline
52050+static inline int
52051 rb_is_head_page(struct ring_buffer_per_cpu *cpu_buffer,
52052 struct buffer_page *page, struct list_head *list)
52053 {
52054diff -urNp linux-2.6.38.2/kernel/trace/trace.c linux-2.6.38.2/kernel/trace/trace.c
52055--- linux-2.6.38.2/kernel/trace/trace.c 2011-03-14 21:20:32.000000000 -0400
52056+++ linux-2.6.38.2/kernel/trace/trace.c 2011-03-21 18:31:35.000000000 -0400
52057@@ -3967,10 +3967,9 @@ static const struct file_operations trac
52058 };
52059 #endif
52060
52061-static struct dentry *d_tracer;
52062-
52063 struct dentry *tracing_init_dentry(void)
52064 {
52065+ static struct dentry *d_tracer;
52066 static int once;
52067
52068 if (d_tracer)
52069@@ -3990,10 +3989,9 @@ struct dentry *tracing_init_dentry(void)
52070 return d_tracer;
52071 }
52072
52073-static struct dentry *d_percpu;
52074-
52075 struct dentry *tracing_dentry_percpu(void)
52076 {
52077+ static struct dentry *d_percpu;
52078 static int once;
52079 struct dentry *d_tracer;
52080
52081diff -urNp linux-2.6.38.2/kernel/trace/trace_events.c linux-2.6.38.2/kernel/trace/trace_events.c
52082--- linux-2.6.38.2/kernel/trace/trace_events.c 2011-03-14 21:20:32.000000000 -0400
52083+++ linux-2.6.38.2/kernel/trace/trace_events.c 2011-03-21 18:31:35.000000000 -0400
52084@@ -1240,10 +1240,10 @@ static LIST_HEAD(ftrace_module_file_list
52085 struct ftrace_module_file_ops {
52086 struct list_head list;
52087 struct module *mod;
52088- struct file_operations id;
52089- struct file_operations enable;
52090- struct file_operations format;
52091- struct file_operations filter;
52092+ struct file_operations id; /* cannot be const, see trace_create_file_ops() */
52093+ struct file_operations enable; /* cannot be const, see trace_create_file_ops() */
52094+ struct file_operations format; /* cannot be const, see trace_create_file_ops() */
52095+ struct file_operations filter; /* cannot be const, see trace_create_file_ops() */
52096 };
52097
52098 static struct ftrace_module_file_ops *
52099diff -urNp linux-2.6.38.2/kernel/trace/trace_output.c linux-2.6.38.2/kernel/trace/trace_output.c
52100--- linux-2.6.38.2/kernel/trace/trace_output.c 2011-03-14 21:20:32.000000000 -0400
52101+++ linux-2.6.38.2/kernel/trace/trace_output.c 2011-03-21 18:31:35.000000000 -0400
52102@@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s,
52103
52104 p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len);
52105 if (!IS_ERR(p)) {
52106- p = mangle_path(s->buffer + s->len, p, "\n");
52107+ p = mangle_path(s->buffer + s->len, p, "\n\\");
52108 if (p) {
52109 s->len = p - s->buffer;
52110 return 1;
52111diff -urNp linux-2.6.38.2/kernel/trace/trace_stack.c linux-2.6.38.2/kernel/trace/trace_stack.c
52112--- linux-2.6.38.2/kernel/trace/trace_stack.c 2011-03-14 21:20:32.000000000 -0400
52113+++ linux-2.6.38.2/kernel/trace/trace_stack.c 2011-03-21 18:31:35.000000000 -0400
52114@@ -50,7 +50,7 @@ static inline void check_stack(void)
52115 return;
52116
52117 /* we do not handle interrupt stacks yet */
52118- if (!object_is_on_stack(&this_size))
52119+ if (!object_starts_on_stack(&this_size))
52120 return;
52121
52122 local_irq_save(flags);
52123diff -urNp linux-2.6.38.2/lib/bug.c linux-2.6.38.2/lib/bug.c
52124--- linux-2.6.38.2/lib/bug.c 2011-03-14 21:20:32.000000000 -0400
52125+++ linux-2.6.38.2/lib/bug.c 2011-03-21 18:31:35.000000000 -0400
52126@@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned l
52127 return BUG_TRAP_TYPE_NONE;
52128
52129 bug = find_bug(bugaddr);
52130+ if (!bug)
52131+ return BUG_TRAP_TYPE_NONE;
52132
52133 file = NULL;
52134 line = 0;
52135diff -urNp linux-2.6.38.2/lib/debugobjects.c linux-2.6.38.2/lib/debugobjects.c
52136--- linux-2.6.38.2/lib/debugobjects.c 2011-03-14 21:20:32.000000000 -0400
52137+++ linux-2.6.38.2/lib/debugobjects.c 2011-03-21 18:31:35.000000000 -0400
52138@@ -281,7 +281,7 @@ static void debug_object_is_on_stack(voi
52139 if (limit > 4)
52140 return;
52141
52142- is_on_stack = object_is_on_stack(addr);
52143+ is_on_stack = object_starts_on_stack(addr);
52144 if (is_on_stack == onstack)
52145 return;
52146
52147diff -urNp linux-2.6.38.2/lib/dma-debug.c linux-2.6.38.2/lib/dma-debug.c
52148--- linux-2.6.38.2/lib/dma-debug.c 2011-03-14 21:20:32.000000000 -0400
52149+++ linux-2.6.38.2/lib/dma-debug.c 2011-03-21 18:31:35.000000000 -0400
52150@@ -862,7 +862,7 @@ out:
52151
52152 static void check_for_stack(struct device *dev, void *addr)
52153 {
52154- if (object_is_on_stack(addr))
52155+ if (object_starts_on_stack(addr))
52156 err_printk(dev, NULL, "DMA-API: device driver maps memory from"
52157 "stack [addr=%p]\n", addr);
52158 }
52159diff -urNp linux-2.6.38.2/lib/inflate.c linux-2.6.38.2/lib/inflate.c
52160--- linux-2.6.38.2/lib/inflate.c 2011-03-14 21:20:32.000000000 -0400
52161+++ linux-2.6.38.2/lib/inflate.c 2011-03-21 18:31:35.000000000 -0400
52162@@ -269,7 +269,7 @@ static void free(void *where)
52163 malloc_ptr = free_mem_ptr;
52164 }
52165 #else
52166-#define malloc(a) kmalloc(a, GFP_KERNEL)
52167+#define malloc(a) kmalloc((a), GFP_KERNEL)
52168 #define free(a) kfree(a)
52169 #endif
52170
52171diff -urNp linux-2.6.38.2/lib/Kconfig.debug linux-2.6.38.2/lib/Kconfig.debug
52172--- linux-2.6.38.2/lib/Kconfig.debug 2011-03-14 21:20:32.000000000 -0400
52173+++ linux-2.6.38.2/lib/Kconfig.debug 2011-03-21 18:31:35.000000000 -0400
52174@@ -1066,6 +1066,7 @@ config LATENCYTOP
52175 depends on DEBUG_KERNEL
52176 depends on STACKTRACE_SUPPORT
52177 depends on PROC_FS
52178+ depends on !GRKERNSEC_HIDESYM
52179 select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE
52180 select KALLSYMS
52181 select KALLSYMS_ALL
52182diff -urNp linux-2.6.38.2/lib/kref.c linux-2.6.38.2/lib/kref.c
52183--- linux-2.6.38.2/lib/kref.c 2011-03-14 21:20:32.000000000 -0400
52184+++ linux-2.6.38.2/lib/kref.c 2011-03-21 18:31:35.000000000 -0400
52185@@ -52,7 +52,7 @@ void kref_get(struct kref *kref)
52186 */
52187 int kref_put(struct kref *kref, void (*release)(struct kref *kref))
52188 {
52189- WARN_ON(release == NULL);
52190+ BUG_ON(release == NULL);
52191 WARN_ON(release == (void (*)(struct kref *))kfree);
52192
52193 if (atomic_dec_and_test(&kref->refcount)) {
52194diff -urNp linux-2.6.38.2/lib/radix-tree.c linux-2.6.38.2/lib/radix-tree.c
52195--- linux-2.6.38.2/lib/radix-tree.c 2011-03-14 21:20:32.000000000 -0400
52196+++ linux-2.6.38.2/lib/radix-tree.c 2011-03-21 18:31:35.000000000 -0400
52197@@ -80,7 +80,7 @@ struct radix_tree_preload {
52198 int nr;
52199 struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
52200 };
52201-static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
52202+static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads);
52203
52204 static inline void *ptr_to_indirect(void *ptr)
52205 {
52206diff -urNp linux-2.6.38.2/lib/vsprintf.c linux-2.6.38.2/lib/vsprintf.c
52207--- linux-2.6.38.2/lib/vsprintf.c 2011-03-14 21:20:32.000000000 -0400
52208+++ linux-2.6.38.2/lib/vsprintf.c 2011-03-21 18:31:35.000000000 -0400
52209@@ -16,6 +16,9 @@
52210 * - scnprintf and vscnprintf
52211 */
52212
52213+#ifdef CONFIG_GRKERNSEC_HIDESYM
52214+#define __INCLUDED_BY_HIDESYM 1
52215+#endif
52216 #include <stdarg.h>
52217 #include <linux/module.h>
52218 #include <linux/types.h>
52219@@ -574,7 +577,7 @@ char *symbol_string(char *buf, char *end
52220 unsigned long value = (unsigned long) ptr;
52221 #ifdef CONFIG_KALLSYMS
52222 char sym[KSYM_SYMBOL_LEN];
52223- if (ext != 'f' && ext != 's')
52224+ if (ext != 'f' && ext != 's' && ext != 'a')
52225 sprint_symbol(sym, value);
52226 else
52227 kallsyms_lookup(value, NULL, NULL, NULL, sym);
52228@@ -936,7 +939,11 @@ char *uuid_string(char *buf, char *end,
52229 return string(buf, end, uuid, spec);
52230 }
52231
52232+#ifdef CONFIG_GRKERNSEC_HIDESYM
52233+int kptr_restrict = 2;
52234+#else
52235 int kptr_restrict = 1;
52236+#endif
52237
52238 /*
52239 * Show a '%p' thing. A kernel extension is that the '%p' is followed
52240@@ -949,6 +956,8 @@ int kptr_restrict = 1;
52241 * - 'f' For simple symbolic function names without offset
52242 * - 'S' For symbolic direct pointers with offset
52243 * - 's' For symbolic direct pointers without offset
52244+ * - 'A' For symbolic direct pointers with offset approved for use with GRKERNSEC_HIDESYM
52245+ * - 'a' For symbolic direct pointers without offset approved for use with GRKERNSEC_HIDESYM
52246 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
52247 * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201]
52248 * - 'M' For a 6-byte MAC address, it prints the address in the
52249@@ -993,12 +1002,12 @@ char *pointer(const char *fmt, char *buf
52250 {
52251 if (!ptr) {
52252 /*
52253- * Print (null) with the same width as a pointer so it makes
52254+ * Print (nil) with the same width as a pointer so it makes
52255 * tabular output look nice.
52256 */
52257 if (spec.field_width == -1)
52258 spec.field_width = 2 * sizeof(void *);
52259- return string(buf, end, "(null)", spec);
52260+ return string(buf, end, "(nil)", spec);
52261 }
52262
52263 switch (*fmt) {
52264@@ -1008,6 +1017,13 @@ char *pointer(const char *fmt, char *buf
52265 /* Fallthrough */
52266 case 'S':
52267 case 's':
52268+#ifdef CONFIG_GRKERNSEC_HIDESYM
52269+ break;
52270+#else
52271+ return symbol_string(buf, end, ptr, spec, *fmt);
52272+#endif
52273+ case 'A':
52274+ case 'a':
52275 return symbol_string(buf, end, ptr, spec, *fmt);
52276 case 'R':
52277 case 'r':
52278@@ -1772,11 +1788,11 @@ int bstr_printf(char *buf, size_t size,
52279 typeof(type) value; \
52280 if (sizeof(type) == 8) { \
52281 args = PTR_ALIGN(args, sizeof(u32)); \
52282- *(u32 *)&value = *(u32 *)args; \
52283- *((u32 *)&value + 1) = *(u32 *)(args + 4); \
52284+ *(u32 *)&value = *(const u32 *)args; \
52285+ *((u32 *)&value + 1) = *(const u32 *)(args + 4); \
52286 } else { \
52287 args = PTR_ALIGN(args, sizeof(type)); \
52288- value = *(typeof(type) *)args; \
52289+ value = *(const typeof(type) *)args; \
52290 } \
52291 args += sizeof(type); \
52292 value; \
52293@@ -1839,7 +1855,7 @@ int bstr_printf(char *buf, size_t size,
52294 case FORMAT_TYPE_STR: {
52295 const char *str_arg = args;
52296 args += strlen(str_arg) + 1;
52297- str = string(str, end, (char *)str_arg, spec);
52298+ str = string(str, end, str_arg, spec);
52299 break;
52300 }
52301
52302diff -urNp linux-2.6.38.2/localversion-grsec linux-2.6.38.2/localversion-grsec
52303--- linux-2.6.38.2/localversion-grsec 1969-12-31 19:00:00.000000000 -0500
52304+++ linux-2.6.38.2/localversion-grsec 2011-03-21 18:31:35.000000000 -0400
52305@@ -0,0 +1 @@
52306+-grsec
52307diff -urNp linux-2.6.38.2/Makefile linux-2.6.38.2/Makefile
52308--- linux-2.6.38.2/Makefile 2011-03-28 17:42:40.000000000 -0400
52309+++ linux-2.6.38.2/Makefile 2011-03-28 17:42:53.000000000 -0400
52310@@ -233,8 +233,8 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
52311
52312 HOSTCC = gcc
52313 HOSTCXX = g++
52314-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
52315-HOSTCXXFLAGS = -O2
52316+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
52317+HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
52318
52319 # Decide whether to build built-in, modular, or both.
52320 # Normally, just do built-in.
52321@@ -681,7 +681,7 @@ export mod_strip_cmd
52322
52323
52324 ifeq ($(KBUILD_EXTMOD),)
52325-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
52326+core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
52327
52328 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
52329 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
52330diff -urNp linux-2.6.38.2/mm/bootmem.c linux-2.6.38.2/mm/bootmem.c
52331--- linux-2.6.38.2/mm/bootmem.c 2011-03-14 21:20:32.000000000 -0400
52332+++ linux-2.6.38.2/mm/bootmem.c 2011-03-21 18:31:35.000000000 -0400
52333@@ -201,19 +201,30 @@ static void __init __free_pages_memory(u
52334 unsigned long __init free_all_memory_core_early(int nodeid)
52335 {
52336 int i;
52337- u64 start, end;
52338+ u64 start, end, startrange, endrange;
52339 unsigned long count = 0;
52340- struct range *range = NULL;
52341+ struct range *range = NULL, rangerange = { 0, 0 };
52342 int nr_range;
52343
52344 nr_range = get_free_all_memory_range(&range, nodeid);
52345+ startrange = __pa(range) >> PAGE_SHIFT;
52346+ endrange = (__pa(range + nr_range) - 1) >> PAGE_SHIFT;
52347
52348 for (i = 0; i < nr_range; i++) {
52349 start = range[i].start;
52350 end = range[i].end;
52351+ if (start <= endrange && startrange < end) {
52352+ BUG_ON(rangerange.start | rangerange.end);
52353+ rangerange = range[i];
52354+ continue;
52355+ }
52356 count += end - start;
52357 __free_pages_memory(start, end);
52358 }
52359+ start = rangerange.start;
52360+ end = rangerange.end;
52361+ count += end - start;
52362+ __free_pages_memory(start, end);
52363
52364 return count;
52365 }
52366diff -urNp linux-2.6.38.2/mm/filemap.c linux-2.6.38.2/mm/filemap.c
52367--- linux-2.6.38.2/mm/filemap.c 2011-03-14 21:20:32.000000000 -0400
52368+++ linux-2.6.38.2/mm/filemap.c 2011-03-21 18:31:35.000000000 -0400
52369@@ -1664,7 +1664,7 @@ int generic_file_mmap(struct file * file
52370 struct address_space *mapping = file->f_mapping;
52371
52372 if (!mapping->a_ops->readpage)
52373- return -ENOEXEC;
52374+ return -ENODEV;
52375 file_accessed(file);
52376 vma->vm_ops = &generic_file_vm_ops;
52377 vma->vm_flags |= VM_CAN_NONLINEAR;
52378@@ -2060,6 +2060,7 @@ inline int generic_write_checks(struct f
52379 *pos = i_size_read(inode);
52380
52381 if (limit != RLIM_INFINITY) {
52382+ gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0);
52383 if (*pos >= limit) {
52384 send_sig(SIGXFSZ, current, 0);
52385 return -EFBIG;
52386diff -urNp linux-2.6.38.2/mm/fremap.c linux-2.6.38.2/mm/fremap.c
52387--- linux-2.6.38.2/mm/fremap.c 2011-03-14 21:20:32.000000000 -0400
52388+++ linux-2.6.38.2/mm/fremap.c 2011-03-21 18:31:35.000000000 -0400
52389@@ -156,6 +156,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
52390 retry:
52391 vma = find_vma(mm, start);
52392
52393+#ifdef CONFIG_PAX_SEGMEXEC
52394+ if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC))
52395+ goto out;
52396+#endif
52397+
52398 /*
52399 * Make sure the vma is shared, that it supports prefaulting,
52400 * and that the remapped range is valid and fully within
52401@@ -224,7 +229,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
52402 /*
52403 * drop PG_Mlocked flag for over-mapped range
52404 */
52405- unsigned int saved_flags = vma->vm_flags;
52406+ unsigned long saved_flags = vma->vm_flags;
52407 munlock_vma_pages_range(vma, start, start + size);
52408 vma->vm_flags = saved_flags;
52409 }
52410diff -urNp linux-2.6.38.2/mm/highmem.c linux-2.6.38.2/mm/highmem.c
52411--- linux-2.6.38.2/mm/highmem.c 2011-03-14 21:20:32.000000000 -0400
52412+++ linux-2.6.38.2/mm/highmem.c 2011-03-21 18:31:35.000000000 -0400
52413@@ -125,9 +125,10 @@ static void flush_all_zero_pkmaps(void)
52414 * So no dangers, even with speculative execution.
52415 */
52416 page = pte_page(pkmap_page_table[i]);
52417+ pax_open_kernel();
52418 pte_clear(&init_mm, (unsigned long)page_address(page),
52419 &pkmap_page_table[i]);
52420-
52421+ pax_close_kernel();
52422 set_page_address(page, NULL);
52423 need_flush = 1;
52424 }
52425@@ -186,9 +187,11 @@ start:
52426 }
52427 }
52428 vaddr = PKMAP_ADDR(last_pkmap_nr);
52429+
52430+ pax_open_kernel();
52431 set_pte_at(&init_mm, vaddr,
52432 &(pkmap_page_table[last_pkmap_nr]), mk_pte(page, kmap_prot));
52433-
52434+ pax_close_kernel();
52435 pkmap_count[last_pkmap_nr] = 1;
52436 set_page_address(page, (void *)vaddr);
52437
52438diff -urNp linux-2.6.38.2/mm/hugetlb.c linux-2.6.38.2/mm/hugetlb.c
52439--- linux-2.6.38.2/mm/hugetlb.c 2011-03-14 21:20:32.000000000 -0400
52440+++ linux-2.6.38.2/mm/hugetlb.c 2011-03-21 18:31:35.000000000 -0400
52441@@ -2333,6 +2333,27 @@ static int unmap_ref_private(struct mm_s
52442 return 1;
52443 }
52444
52445+#ifdef CONFIG_PAX_SEGMEXEC
52446+static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m)
52447+{
52448+ struct mm_struct *mm = vma->vm_mm;
52449+ struct vm_area_struct *vma_m;
52450+ unsigned long address_m;
52451+ pte_t *ptep_m;
52452+
52453+ vma_m = pax_find_mirror_vma(vma);
52454+ if (!vma_m)
52455+ return;
52456+
52457+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
52458+ address_m = address + SEGMEXEC_TASK_SIZE;
52459+ ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK);
52460+ get_page(page_m);
52461+ hugepage_add_anon_rmap(page_m, vma_m, address_m);
52462+ set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0));
52463+}
52464+#endif
52465+
52466 /*
52467 * Hugetlb_cow() should be called with page lock of the original hugepage held.
52468 */
52469@@ -2434,6 +2455,11 @@ retry_avoidcopy:
52470 make_huge_pte(vma, new_page, 1));
52471 page_remove_rmap(old_page);
52472 hugepage_add_new_anon_rmap(new_page, vma, address);
52473+
52474+#ifdef CONFIG_PAX_SEGMEXEC
52475+ pax_mirror_huge_pte(vma, address, new_page);
52476+#endif
52477+
52478 /* Make the old page be freed below */
52479 new_page = old_page;
52480 mmu_notifier_invalidate_range_end(mm,
52481@@ -2585,6 +2611,10 @@ retry:
52482 && (vma->vm_flags & VM_SHARED)));
52483 set_huge_pte_at(mm, address, ptep, new_pte);
52484
52485+#ifdef CONFIG_PAX_SEGMEXEC
52486+ pax_mirror_huge_pte(vma, address, page);
52487+#endif
52488+
52489 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
52490 /* Optimization, do the COW without a second fault */
52491 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
52492@@ -2614,6 +2644,10 @@ int hugetlb_fault(struct mm_struct *mm,
52493 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
52494 struct hstate *h = hstate_vma(vma);
52495
52496+#ifdef CONFIG_PAX_SEGMEXEC
52497+ struct vm_area_struct *vma_m;
52498+#endif
52499+
52500 ptep = huge_pte_offset(mm, address);
52501 if (ptep) {
52502 entry = huge_ptep_get(ptep);
52503@@ -2625,6 +2659,26 @@ int hugetlb_fault(struct mm_struct *mm,
52504 VM_FAULT_SET_HINDEX(h - hstates);
52505 }
52506
52507+#ifdef CONFIG_PAX_SEGMEXEC
52508+ vma_m = pax_find_mirror_vma(vma);
52509+ if (vma_m) {
52510+ unsigned long address_m;
52511+
52512+ if (vma->vm_start > vma_m->vm_start) {
52513+ address_m = address;
52514+ address -= SEGMEXEC_TASK_SIZE;
52515+ vma = vma_m;
52516+ h = hstate_vma(vma);
52517+ } else
52518+ address_m = address + SEGMEXEC_TASK_SIZE;
52519+
52520+ if (!huge_pte_alloc(mm, address_m, huge_page_size(h)))
52521+ return VM_FAULT_OOM;
52522+ address_m &= HPAGE_MASK;
52523+ unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL);
52524+ }
52525+#endif
52526+
52527 ptep = huge_pte_alloc(mm, address, huge_page_size(h));
52528 if (!ptep)
52529 return VM_FAULT_OOM;
52530diff -urNp linux-2.6.38.2/mm/Kconfig linux-2.6.38.2/mm/Kconfig
52531--- linux-2.6.38.2/mm/Kconfig 2011-03-14 21:20:32.000000000 -0400
52532+++ linux-2.6.38.2/mm/Kconfig 2011-03-21 18:31:35.000000000 -0400
52533@@ -240,7 +240,7 @@ config KSM
52534 config DEFAULT_MMAP_MIN_ADDR
52535 int "Low address space to protect from user allocation"
52536 depends on MMU
52537- default 4096
52538+ default 65536
52539 help
52540 This is the portion of low virtual memory which should be protected
52541 from userspace allocation. Keeping a user from writing to low pages
52542diff -urNp linux-2.6.38.2/mm/kmemleak.c linux-2.6.38.2/mm/kmemleak.c
52543--- linux-2.6.38.2/mm/kmemleak.c 2011-03-14 21:20:32.000000000 -0400
52544+++ linux-2.6.38.2/mm/kmemleak.c 2011-03-21 18:31:35.000000000 -0400
52545@@ -357,7 +357,7 @@ static void print_unreferenced(struct se
52546
52547 for (i = 0; i < object->trace_len; i++) {
52548 void *ptr = (void *)object->trace[i];
52549- seq_printf(seq, " [<%p>] %pS\n", ptr, ptr);
52550+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr);
52551 }
52552 }
52553
52554diff -urNp linux-2.6.38.2/mm/maccess.c linux-2.6.38.2/mm/maccess.c
52555--- linux-2.6.38.2/mm/maccess.c 2011-03-14 21:20:32.000000000 -0400
52556+++ linux-2.6.38.2/mm/maccess.c 2011-03-21 18:31:35.000000000 -0400
52557@@ -15,10 +15,10 @@
52558 * happens, handle that and return -EFAULT.
52559 */
52560
52561-long __weak probe_kernel_read(void *dst, void *src, size_t size)
52562+long __weak probe_kernel_read(void *dst, const void *src, size_t size)
52563 __attribute__((alias("__probe_kernel_read")));
52564
52565-long __probe_kernel_read(void *dst, void *src, size_t size)
52566+long __probe_kernel_read(void *dst, const void *src, size_t size)
52567 {
52568 long ret;
52569 mm_segment_t old_fs = get_fs();
52570@@ -43,10 +43,10 @@ EXPORT_SYMBOL_GPL(probe_kernel_read);
52571 * Safely write to address @dst from the buffer at @src. If a kernel fault
52572 * happens, handle that and return -EFAULT.
52573 */
52574-long __weak probe_kernel_write(void *dst, void *src, size_t size)
52575+long __weak probe_kernel_write(void *dst, const void *src, size_t size)
52576 __attribute__((alias("__probe_kernel_write")));
52577
52578-long __probe_kernel_write(void *dst, void *src, size_t size)
52579+long __probe_kernel_write(void *dst, const void *src, size_t size)
52580 {
52581 long ret;
52582 mm_segment_t old_fs = get_fs();
52583diff -urNp linux-2.6.38.2/mm/madvise.c linux-2.6.38.2/mm/madvise.c
52584--- linux-2.6.38.2/mm/madvise.c 2011-03-14 21:20:32.000000000 -0400
52585+++ linux-2.6.38.2/mm/madvise.c 2011-03-21 18:31:35.000000000 -0400
52586@@ -45,6 +45,10 @@ static long madvise_behavior(struct vm_a
52587 pgoff_t pgoff;
52588 unsigned long new_flags = vma->vm_flags;
52589
52590+#ifdef CONFIG_PAX_SEGMEXEC
52591+ struct vm_area_struct *vma_m;
52592+#endif
52593+
52594 switch (behavior) {
52595 case MADV_NORMAL:
52596 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
52597@@ -110,6 +114,13 @@ success:
52598 /*
52599 * vm_flags is protected by the mmap_sem held in write mode.
52600 */
52601+
52602+#ifdef CONFIG_PAX_SEGMEXEC
52603+ vma_m = pax_find_mirror_vma(vma);
52604+ if (vma_m)
52605+ vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT);
52606+#endif
52607+
52608 vma->vm_flags = new_flags;
52609
52610 out:
52611@@ -168,6 +179,11 @@ static long madvise_dontneed(struct vm_a
52612 struct vm_area_struct ** prev,
52613 unsigned long start, unsigned long end)
52614 {
52615+
52616+#ifdef CONFIG_PAX_SEGMEXEC
52617+ struct vm_area_struct *vma_m;
52618+#endif
52619+
52620 *prev = vma;
52621 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
52622 return -EINVAL;
52623@@ -180,6 +196,21 @@ static long madvise_dontneed(struct vm_a
52624 zap_page_range(vma, start, end - start, &details);
52625 } else
52626 zap_page_range(vma, start, end - start, NULL);
52627+
52628+#ifdef CONFIG_PAX_SEGMEXEC
52629+ vma_m = pax_find_mirror_vma(vma);
52630+ if (vma_m) {
52631+ if (unlikely(vma->vm_flags & VM_NONLINEAR)) {
52632+ struct zap_details details = {
52633+ .nonlinear_vma = vma_m,
52634+ .last_index = ULONG_MAX,
52635+ };
52636+ zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, &details);
52637+ } else
52638+ zap_page_range(vma, start + SEGMEXEC_TASK_SIZE, end - start, NULL);
52639+ }
52640+#endif
52641+
52642 return 0;
52643 }
52644
52645@@ -376,6 +407,16 @@ SYSCALL_DEFINE3(madvise, unsigned long,
52646 if (end < start)
52647 goto out;
52648
52649+#ifdef CONFIG_PAX_SEGMEXEC
52650+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
52651+ if (end > SEGMEXEC_TASK_SIZE)
52652+ goto out;
52653+ } else
52654+#endif
52655+
52656+ if (end > TASK_SIZE)
52657+ goto out;
52658+
52659 error = 0;
52660 if (end == start)
52661 goto out;
52662diff -urNp linux-2.6.38.2/mm/memory.c linux-2.6.38.2/mm/memory.c
52663--- linux-2.6.38.2/mm/memory.c 2011-03-14 21:20:32.000000000 -0400
52664+++ linux-2.6.38.2/mm/memory.c 2011-03-21 18:31:35.000000000 -0400
52665@@ -259,8 +259,12 @@ static inline void free_pmd_range(struct
52666 return;
52667
52668 pmd = pmd_offset(pud, start);
52669+
52670+#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_PER_CPU_PGD)
52671 pud_clear(pud);
52672 pmd_free_tlb(tlb, pmd, start);
52673+#endif
52674+
52675 }
52676
52677 static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
52678@@ -291,9 +295,12 @@ static inline void free_pud_range(struct
52679 if (end - 1 > ceiling - 1)
52680 return;
52681
52682+#if !defined(CONFIG_X86_64) || !defined(CONFIG_PAX_PER_CPU_PGD)
52683 pud = pud_offset(pgd, start);
52684 pgd_clear(pgd);
52685 pud_free_tlb(tlb, pud, start);
52686+#endif
52687+
52688 }
52689
52690 /*
52691@@ -1433,10 +1440,10 @@ int __get_user_pages(struct task_struct
52692 (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
52693 i = 0;
52694
52695- do {
52696+ while (nr_pages) {
52697 struct vm_area_struct *vma;
52698
52699- vma = find_extend_vma(mm, start);
52700+ vma = find_vma(mm, start);
52701 if (!vma && in_gate_area(tsk, start)) {
52702 unsigned long pg = start & PAGE_MASK;
52703 struct vm_area_struct *gate_vma = get_gate_vma(tsk);
52704@@ -1489,7 +1496,7 @@ int __get_user_pages(struct task_struct
52705 continue;
52706 }
52707
52708- if (!vma ||
52709+ if (!vma || start < vma->vm_start ||
52710 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
52711 !(vm_flags & vma->vm_flags))
52712 return i ? : -EFAULT;
52713@@ -1575,7 +1582,7 @@ int __get_user_pages(struct task_struct
52714 start += PAGE_SIZE;
52715 nr_pages--;
52716 } while (nr_pages && start < vma->vm_end);
52717- } while (nr_pages);
52718+ }
52719 return i;
52720 }
52721
52722@@ -1724,6 +1731,10 @@ static int insert_page(struct vm_area_st
52723 page_add_file_rmap(page);
52724 set_pte_at(mm, addr, pte, mk_pte(page, prot));
52725
52726+#ifdef CONFIG_PAX_SEGMEXEC
52727+ pax_mirror_file_pte(vma, addr, page, ptl);
52728+#endif
52729+
52730 retval = 0;
52731 pte_unmap_unlock(pte, ptl);
52732 return retval;
52733@@ -1758,10 +1769,22 @@ out:
52734 int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
52735 struct page *page)
52736 {
52737+
52738+#ifdef CONFIG_PAX_SEGMEXEC
52739+ struct vm_area_struct *vma_m;
52740+#endif
52741+
52742 if (addr < vma->vm_start || addr >= vma->vm_end)
52743 return -EFAULT;
52744 if (!page_count(page))
52745 return -EINVAL;
52746+
52747+#ifdef CONFIG_PAX_SEGMEXEC
52748+ vma_m = pax_find_mirror_vma(vma);
52749+ if (vma_m)
52750+ vma_m->vm_flags |= VM_INSERTPAGE;
52751+#endif
52752+
52753 vma->vm_flags |= VM_INSERTPAGE;
52754 return insert_page(vma, addr, page, vma->vm_page_prot);
52755 }
52756@@ -1847,6 +1870,7 @@ int vm_insert_mixed(struct vm_area_struc
52757 unsigned long pfn)
52758 {
52759 BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
52760+ BUG_ON(vma->vm_mirror);
52761
52762 if (addr < vma->vm_start || addr >= vma->vm_end)
52763 return -EFAULT;
52764@@ -2162,6 +2186,186 @@ static inline void cow_user_page(struct
52765 copy_user_highpage(dst, src, va, vma);
52766 }
52767
52768+#ifdef CONFIG_PAX_SEGMEXEC
52769+static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd)
52770+{
52771+ struct mm_struct *mm = vma->vm_mm;
52772+ spinlock_t *ptl;
52773+ pte_t *pte, entry;
52774+
52775+ pte = pte_offset_map_lock(mm, pmd, address, &ptl);
52776+ entry = *pte;
52777+ if (!pte_present(entry)) {
52778+ if (!pte_none(entry)) {
52779+ BUG_ON(pte_file(entry));
52780+ free_swap_and_cache(pte_to_swp_entry(entry));
52781+ pte_clear_not_present_full(mm, address, pte, 0);
52782+ }
52783+ } else {
52784+ struct page *page;
52785+
52786+ flush_cache_page(vma, address, pte_pfn(entry));
52787+ entry = ptep_clear_flush(vma, address, pte);
52788+ BUG_ON(pte_dirty(entry));
52789+ page = vm_normal_page(vma, address, entry);
52790+ if (page) {
52791+ update_hiwater_rss(mm);
52792+ if (PageAnon(page))
52793+ dec_mm_counter_fast(mm, MM_ANONPAGES);
52794+ else
52795+ dec_mm_counter_fast(mm, MM_FILEPAGES);
52796+ page_remove_rmap(page);
52797+ page_cache_release(page);
52798+ }
52799+ }
52800+ pte_unmap_unlock(pte, ptl);
52801+}
52802+
52803+/* PaX: if vma is mirrored, synchronize the mirror's PTE
52804+ *
52805+ * the ptl of the lower mapped page is held on entry and is not released on exit
52806+ * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
52807+ */
52808+static void pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
52809+{
52810+ struct mm_struct *mm = vma->vm_mm;
52811+ unsigned long address_m;
52812+ spinlock_t *ptl_m;
52813+ struct vm_area_struct *vma_m;
52814+ pmd_t *pmd_m;
52815+ pte_t *pte_m, entry_m;
52816+
52817+ BUG_ON(!page_m || !PageAnon(page_m));
52818+
52819+ vma_m = pax_find_mirror_vma(vma);
52820+ if (!vma_m)
52821+ return;
52822+
52823+ BUG_ON(!PageLocked(page_m));
52824+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
52825+ address_m = address + SEGMEXEC_TASK_SIZE;
52826+ pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
52827+ pte_m = pte_offset_map(pmd_m, address_m);
52828+ ptl_m = pte_lockptr(mm, pmd_m);
52829+ if (ptl != ptl_m) {
52830+ spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
52831+ if (!pte_none(*pte_m))
52832+ goto out;
52833+ }
52834+
52835+ entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
52836+ page_cache_get(page_m);
52837+ page_add_anon_rmap(page_m, vma_m, address_m);
52838+ inc_mm_counter_fast(mm, MM_ANONPAGES);
52839+ set_pte_at(mm, address_m, pte_m, entry_m);
52840+ update_mmu_cache(vma_m, address_m, entry_m);
52841+out:
52842+ if (ptl != ptl_m)
52843+ spin_unlock(ptl_m);
52844+ pte_unmap(pte_m);
52845+ unlock_page(page_m);
52846+}
52847+
52848+void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
52849+{
52850+ struct mm_struct *mm = vma->vm_mm;
52851+ unsigned long address_m;
52852+ spinlock_t *ptl_m;
52853+ struct vm_area_struct *vma_m;
52854+ pmd_t *pmd_m;
52855+ pte_t *pte_m, entry_m;
52856+
52857+ BUG_ON(!page_m || PageAnon(page_m));
52858+
52859+ vma_m = pax_find_mirror_vma(vma);
52860+ if (!vma_m)
52861+ return;
52862+
52863+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
52864+ address_m = address + SEGMEXEC_TASK_SIZE;
52865+ pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
52866+ pte_m = pte_offset_map(pmd_m, address_m);
52867+ ptl_m = pte_lockptr(mm, pmd_m);
52868+ if (ptl != ptl_m) {
52869+ spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
52870+ if (!pte_none(*pte_m))
52871+ goto out;
52872+ }
52873+
52874+ entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
52875+ page_cache_get(page_m);
52876+ page_add_file_rmap(page_m);
52877+ inc_mm_counter_fast(mm, MM_FILEPAGES);
52878+ set_pte_at(mm, address_m, pte_m, entry_m);
52879+ update_mmu_cache(vma_m, address_m, entry_m);
52880+out:
52881+ if (ptl != ptl_m)
52882+ spin_unlock(ptl_m);
52883+ pte_unmap(pte_m);
52884+}
52885+
52886+static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl)
52887+{
52888+ struct mm_struct *mm = vma->vm_mm;
52889+ unsigned long address_m;
52890+ spinlock_t *ptl_m;
52891+ struct vm_area_struct *vma_m;
52892+ pmd_t *pmd_m;
52893+ pte_t *pte_m, entry_m;
52894+
52895+ vma_m = pax_find_mirror_vma(vma);
52896+ if (!vma_m)
52897+ return;
52898+
52899+ BUG_ON(address >= SEGMEXEC_TASK_SIZE);
52900+ address_m = address + SEGMEXEC_TASK_SIZE;
52901+ pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
52902+ pte_m = pte_offset_map(pmd_m, address_m);
52903+ ptl_m = pte_lockptr(mm, pmd_m);
52904+ if (ptl != ptl_m) {
52905+ spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
52906+ if (!pte_none(*pte_m))
52907+ goto out;
52908+ }
52909+
52910+ entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot);
52911+ set_pte_at(mm, address_m, pte_m, entry_m);
52912+out:
52913+ if (ptl != ptl_m)
52914+ spin_unlock(ptl_m);
52915+ pte_unmap(pte_m);
52916+}
52917+
52918+static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl)
52919+{
52920+ struct page *page_m;
52921+ pte_t entry;
52922+
52923+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC))
52924+ goto out;
52925+
52926+ entry = *pte;
52927+ page_m = vm_normal_page(vma, address, entry);
52928+ if (!page_m)
52929+ pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl);
52930+ else if (PageAnon(page_m)) {
52931+ if (pax_find_mirror_vma(vma)) {
52932+ pte_unmap_unlock(pte, ptl);
52933+ lock_page(page_m);
52934+ pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
52935+ if (pte_same(entry, *pte))
52936+ pax_mirror_anon_pte(vma, address, page_m, ptl);
52937+ else
52938+ unlock_page(page_m);
52939+ }
52940+ } else
52941+ pax_mirror_file_pte(vma, address, page_m, ptl);
52942+
52943+out:
52944+ pte_unmap_unlock(pte, ptl);
52945+}
52946+#endif
52947+
52948 /*
52949 * This routine handles present pages, when users try to write
52950 * to a shared page. It is done by copying the page to a new address
52951@@ -2373,6 +2577,12 @@ gotten:
52952 */
52953 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
52954 if (likely(pte_same(*page_table, orig_pte))) {
52955+
52956+#ifdef CONFIG_PAX_SEGMEXEC
52957+ if (pax_find_mirror_vma(vma))
52958+ BUG_ON(!trylock_page(new_page));
52959+#endif
52960+
52961 if (old_page) {
52962 if (!PageAnon(old_page)) {
52963 dec_mm_counter_fast(mm, MM_FILEPAGES);
52964@@ -2424,6 +2634,10 @@ gotten:
52965 page_remove_rmap(old_page);
52966 }
52967
52968+#ifdef CONFIG_PAX_SEGMEXEC
52969+ pax_mirror_anon_pte(vma, address, new_page, ptl);
52970+#endif
52971+
52972 /* Free the old page.. */
52973 new_page = old_page;
52974 ret |= VM_FAULT_WRITE;
52975@@ -2834,6 +3048,11 @@ static int do_swap_page(struct mm_struct
52976 swap_free(entry);
52977 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
52978 try_to_free_swap(page);
52979+
52980+#ifdef CONFIG_PAX_SEGMEXEC
52981+ if ((flags & FAULT_FLAG_WRITE) || !pax_find_mirror_vma(vma))
52982+#endif
52983+
52984 unlock_page(page);
52985 if (swapcache) {
52986 /*
52987@@ -2857,6 +3076,11 @@ static int do_swap_page(struct mm_struct
52988
52989 /* No need to invalidate - it was non-present before */
52990 update_mmu_cache(vma, address, page_table);
52991+
52992+#ifdef CONFIG_PAX_SEGMEXEC
52993+ pax_mirror_anon_pte(vma, address, page, ptl);
52994+#endif
52995+
52996 unlock:
52997 pte_unmap_unlock(page_table, ptl);
52998 out:
52999@@ -2876,40 +3100,6 @@ out_release:
53000 }
53001
53002 /*
53003- * This is like a special single-page "expand_{down|up}wards()",
53004- * except we must first make sure that 'address{-|+}PAGE_SIZE'
53005- * doesn't hit another vma.
53006- */
53007-static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address)
53008-{
53009- address &= PAGE_MASK;
53010- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) {
53011- struct vm_area_struct *prev = vma->vm_prev;
53012-
53013- /*
53014- * Is there a mapping abutting this one below?
53015- *
53016- * That's only ok if it's the same stack mapping
53017- * that has gotten split..
53018- */
53019- if (prev && prev->vm_end == address)
53020- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM;
53021-
53022- expand_stack(vma, address - PAGE_SIZE);
53023- }
53024- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) {
53025- struct vm_area_struct *next = vma->vm_next;
53026-
53027- /* As VM_GROWSDOWN but s/below/above/ */
53028- if (next && next->vm_start == address + PAGE_SIZE)
53029- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM;
53030-
53031- expand_upwards(vma, address + PAGE_SIZE);
53032- }
53033- return 0;
53034-}
53035-
53036-/*
53037 * We enter with non-exclusive mmap_sem (to exclude vma changes,
53038 * but allow concurrent faults), and pte mapped but not yet locked.
53039 * We return with mmap_sem still held, but pte unmapped and unlocked.
53040@@ -2918,27 +3108,23 @@ static int do_anonymous_page(struct mm_s
53041 unsigned long address, pte_t *page_table, pmd_t *pmd,
53042 unsigned int flags)
53043 {
53044- struct page *page;
53045+ struct page *page = NULL;
53046 spinlock_t *ptl;
53047 pte_t entry;
53048
53049- pte_unmap(page_table);
53050-
53051- /* Check if we need to add a guard page to the stack */
53052- if (check_stack_guard_page(vma, address) < 0)
53053- return VM_FAULT_SIGBUS;
53054-
53055- /* Use the zero-page for reads */
53056 if (!(flags & FAULT_FLAG_WRITE)) {
53057 entry = pte_mkspecial(pfn_pte(my_zero_pfn(address),
53058 vma->vm_page_prot));
53059- page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
53060+ ptl = pte_lockptr(mm, pmd);
53061+ spin_lock(ptl);
53062 if (!pte_none(*page_table))
53063 goto unlock;
53064 goto setpte;
53065 }
53066
53067 /* Allocate our own private page. */
53068+ pte_unmap(page_table);
53069+
53070 if (unlikely(anon_vma_prepare(vma)))
53071 goto oom;
53072 page = alloc_zeroed_user_highpage_movable(vma, address);
53073@@ -2957,6 +3143,11 @@ static int do_anonymous_page(struct mm_s
53074 if (!pte_none(*page_table))
53075 goto release;
53076
53077+#ifdef CONFIG_PAX_SEGMEXEC
53078+ if (pax_find_mirror_vma(vma))
53079+ BUG_ON(!trylock_page(page));
53080+#endif
53081+
53082 inc_mm_counter_fast(mm, MM_ANONPAGES);
53083 page_add_new_anon_rmap(page, vma, address);
53084 setpte:
53085@@ -2964,6 +3155,12 @@ setpte:
53086
53087 /* No need to invalidate - it was non-present before */
53088 update_mmu_cache(vma, address, page_table);
53089+
53090+#ifdef CONFIG_PAX_SEGMEXEC
53091+ if (page)
53092+ pax_mirror_anon_pte(vma, address, page, ptl);
53093+#endif
53094+
53095 unlock:
53096 pte_unmap_unlock(page_table, ptl);
53097 return 0;
53098@@ -3101,6 +3298,12 @@ static int __do_fault(struct mm_struct *
53099 */
53100 /* Only go through if we didn't race with anybody else... */
53101 if (likely(pte_same(*page_table, orig_pte))) {
53102+
53103+#ifdef CONFIG_PAX_SEGMEXEC
53104+ if (anon && pax_find_mirror_vma(vma))
53105+ BUG_ON(!trylock_page(page));
53106+#endif
53107+
53108 flush_icache_page(vma, page);
53109 entry = mk_pte(page, vma->vm_page_prot);
53110 if (flags & FAULT_FLAG_WRITE)
53111@@ -3120,6 +3323,14 @@ static int __do_fault(struct mm_struct *
53112
53113 /* no need to invalidate: a not-present page won't be cached */
53114 update_mmu_cache(vma, address, page_table);
53115+
53116+#ifdef CONFIG_PAX_SEGMEXEC
53117+ if (anon)
53118+ pax_mirror_anon_pte(vma, address, page, ptl);
53119+ else
53120+ pax_mirror_file_pte(vma, address, page, ptl);
53121+#endif
53122+
53123 } else {
53124 if (charged)
53125 mem_cgroup_uncharge_page(page);
53126@@ -3267,6 +3478,12 @@ int handle_pte_fault(struct mm_struct *m
53127 if (flags & FAULT_FLAG_WRITE)
53128 flush_tlb_fix_spurious_fault(vma, address);
53129 }
53130+
53131+#ifdef CONFIG_PAX_SEGMEXEC
53132+ pax_mirror_pte(vma, address, pte, pmd, ptl);
53133+ return 0;
53134+#endif
53135+
53136 unlock:
53137 pte_unmap_unlock(pte, ptl);
53138 return 0;
53139@@ -3283,6 +3500,10 @@ int handle_mm_fault(struct mm_struct *mm
53140 pmd_t *pmd;
53141 pte_t *pte;
53142
53143+#ifdef CONFIG_PAX_SEGMEXEC
53144+ struct vm_area_struct *vma_m;
53145+#endif
53146+
53147 __set_current_state(TASK_RUNNING);
53148
53149 count_vm_event(PGFAULT);
53150@@ -3293,6 +3514,34 @@ int handle_mm_fault(struct mm_struct *mm
53151 if (unlikely(is_vm_hugetlb_page(vma)))
53152 return hugetlb_fault(mm, vma, address, flags);
53153
53154+#ifdef CONFIG_PAX_SEGMEXEC
53155+ vma_m = pax_find_mirror_vma(vma);
53156+ if (vma_m) {
53157+ unsigned long address_m;
53158+ pgd_t *pgd_m;
53159+ pud_t *pud_m;
53160+ pmd_t *pmd_m;
53161+
53162+ if (vma->vm_start > vma_m->vm_start) {
53163+ address_m = address;
53164+ address -= SEGMEXEC_TASK_SIZE;
53165+ vma = vma_m;
53166+ } else
53167+ address_m = address + SEGMEXEC_TASK_SIZE;
53168+
53169+ pgd_m = pgd_offset(mm, address_m);
53170+ pud_m = pud_alloc(mm, pgd_m, address_m);
53171+ if (!pud_m)
53172+ return VM_FAULT_OOM;
53173+ pmd_m = pmd_alloc(mm, pud_m, address_m);
53174+ if (!pmd_m)
53175+ return VM_FAULT_OOM;
53176+ if (!pmd_present(*pmd_m) && __pte_alloc(mm, vma_m, pmd_m, address_m))
53177+ return VM_FAULT_OOM;
53178+ pax_unmap_mirror_pte(vma_m, address_m, pmd_m);
53179+ }
53180+#endif
53181+
53182 pgd = pgd_offset(mm, address);
53183 pud = pud_alloc(mm, pgd, address);
53184 if (!pud)
53185@@ -3426,7 +3675,7 @@ static int __init gate_vma_init(void)
53186 gate_vma.vm_start = FIXADDR_USER_START;
53187 gate_vma.vm_end = FIXADDR_USER_END;
53188 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
53189- gate_vma.vm_page_prot = __P101;
53190+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
53191 /*
53192 * Make sure the vDSO gets into every core dump.
53193 * Dumping its contents makes post-mortem fully interpretable later
53194diff -urNp linux-2.6.38.2/mm/memory-failure.c linux-2.6.38.2/mm/memory-failure.c
53195--- linux-2.6.38.2/mm/memory-failure.c 2011-03-14 21:20:32.000000000 -0400
53196+++ linux-2.6.38.2/mm/memory-failure.c 2011-03-21 18:31:35.000000000 -0400
53197@@ -58,7 +58,7 @@ int sysctl_memory_failure_early_kill __r
53198
53199 int sysctl_memory_failure_recovery __read_mostly = 1;
53200
53201-atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
53202+atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
53203
53204 #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE)
53205
53206@@ -1012,7 +1012,7 @@ int __memory_failure(unsigned long pfn,
53207 }
53208
53209 nr_pages = 1 << compound_trans_order(hpage);
53210- atomic_long_add(nr_pages, &mce_bad_pages);
53211+ atomic_long_add_unchecked(nr_pages, &mce_bad_pages);
53212
53213 /*
53214 * We need/can do nothing about count=0 pages.
53215@@ -1042,7 +1042,7 @@ int __memory_failure(unsigned long pfn,
53216 if (!PageHWPoison(hpage)
53217 || (hwpoison_filter(p) && TestClearPageHWPoison(p))
53218 || (p != hpage && TestSetPageHWPoison(hpage))) {
53219- atomic_long_sub(nr_pages, &mce_bad_pages);
53220+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
53221 return 0;
53222 }
53223 set_page_hwpoison_huge_page(hpage);
53224@@ -1100,7 +1100,7 @@ int __memory_failure(unsigned long pfn,
53225 }
53226 if (hwpoison_filter(p)) {
53227 if (TestClearPageHWPoison(p))
53228- atomic_long_sub(nr_pages, &mce_bad_pages);
53229+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
53230 unlock_page(hpage);
53231 put_page(hpage);
53232 return 0;
53233@@ -1226,7 +1226,7 @@ int unpoison_memory(unsigned long pfn)
53234 return 0;
53235 }
53236 if (TestClearPageHWPoison(p))
53237- atomic_long_sub(nr_pages, &mce_bad_pages);
53238+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
53239 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
53240 return 0;
53241 }
53242@@ -1240,7 +1240,7 @@ int unpoison_memory(unsigned long pfn)
53243 */
53244 if (TestClearPageHWPoison(page)) {
53245 pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
53246- atomic_long_sub(nr_pages, &mce_bad_pages);
53247+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
53248 freeit = 1;
53249 if (PageHuge(page))
53250 clear_page_hwpoison_huge_page(page);
53251@@ -1353,7 +1353,7 @@ static int soft_offline_huge_page(struct
53252 }
53253 done:
53254 if (!PageHWPoison(hpage))
53255- atomic_long_add(1 << compound_trans_order(hpage), &mce_bad_pages);
53256+ atomic_long_add_unchecked(1 << compound_trans_order(hpage), &mce_bad_pages);
53257 set_page_hwpoison_huge_page(hpage);
53258 dequeue_hwpoisoned_huge_page(hpage);
53259 /* keep elevated page count for bad page */
53260@@ -1482,7 +1482,7 @@ int soft_offline_page(struct page *page,
53261 return ret;
53262
53263 done:
53264- atomic_long_add(1, &mce_bad_pages);
53265+ atomic_long_add_unchecked(1, &mce_bad_pages);
53266 SetPageHWPoison(page);
53267 /* keep elevated page count for bad page */
53268 return ret;
53269diff -urNp linux-2.6.38.2/mm/mempolicy.c linux-2.6.38.2/mm/mempolicy.c
53270--- linux-2.6.38.2/mm/mempolicy.c 2011-03-14 21:20:32.000000000 -0400
53271+++ linux-2.6.38.2/mm/mempolicy.c 2011-03-21 18:31:35.000000000 -0400
53272@@ -643,6 +643,10 @@ static int mbind_range(struct mm_struct
53273 unsigned long vmstart;
53274 unsigned long vmend;
53275
53276+#ifdef CONFIG_PAX_SEGMEXEC
53277+ struct vm_area_struct *vma_m;
53278+#endif
53279+
53280 vma = find_vma_prev(mm, start, &prev);
53281 if (!vma || vma->vm_start > start)
53282 return -EFAULT;
53283@@ -673,6 +677,16 @@ static int mbind_range(struct mm_struct
53284 err = policy_vma(vma, new_pol);
53285 if (err)
53286 goto out;
53287+
53288+#ifdef CONFIG_PAX_SEGMEXEC
53289+ vma_m = pax_find_mirror_vma(vma);
53290+ if (vma_m) {
53291+ err = policy_vma(vma_m, new_pol);
53292+ if (err)
53293+ goto out;
53294+ }
53295+#endif
53296+
53297 }
53298
53299 out:
53300@@ -1106,6 +1120,17 @@ static long do_mbind(unsigned long start
53301
53302 if (end < start)
53303 return -EINVAL;
53304+
53305+#ifdef CONFIG_PAX_SEGMEXEC
53306+ if (mm->pax_flags & MF_PAX_SEGMEXEC) {
53307+ if (end > SEGMEXEC_TASK_SIZE)
53308+ return -EINVAL;
53309+ } else
53310+#endif
53311+
53312+ if (end > TASK_SIZE)
53313+ return -EINVAL;
53314+
53315 if (end == start)
53316 return 0;
53317
53318@@ -1324,6 +1349,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
53319 if (!mm)
53320 goto out;
53321
53322+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
53323+ if (mm != current->mm &&
53324+ (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
53325+ err = -EPERM;
53326+ goto out;
53327+ }
53328+#endif
53329+
53330 /*
53331 * Check if this process has the right to modify the specified
53332 * process. The right exists if the process has administrative
53333@@ -1333,8 +1366,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
53334 rcu_read_lock();
53335 tcred = __task_cred(task);
53336 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
53337- cred->uid != tcred->suid && cred->uid != tcred->uid &&
53338- !capable(CAP_SYS_NICE)) {
53339+ cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
53340 rcu_read_unlock();
53341 err = -EPERM;
53342 goto out;
53343@@ -2635,7 +2667,7 @@ int show_numa_map(struct seq_file *m, vo
53344
53345 if (file) {
53346 seq_printf(m, " file=");
53347- seq_path(m, &file->f_path, "\n\t= ");
53348+ seq_path(m, &file->f_path, "\n\t\\= ");
53349 } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
53350 seq_printf(m, " heap");
53351 } else if (vma->vm_start <= mm->start_stack &&
53352diff -urNp linux-2.6.38.2/mm/migrate.c linux-2.6.38.2/mm/migrate.c
53353--- linux-2.6.38.2/mm/migrate.c 2011-03-14 21:20:32.000000000 -0400
53354+++ linux-2.6.38.2/mm/migrate.c 2011-03-21 18:31:35.000000000 -0400
53355@@ -1299,6 +1299,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
53356 if (!mm)
53357 return -EINVAL;
53358
53359+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
53360+ if (mm != current->mm &&
53361+ (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
53362+ err = -EPERM;
53363+ goto out;
53364+ }
53365+#endif
53366+
53367 /*
53368 * Check if this process has the right to modify the specified
53369 * process. The right exists if the process has administrative
53370@@ -1308,8 +1316,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
53371 rcu_read_lock();
53372 tcred = __task_cred(task);
53373 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
53374- cred->uid != tcred->suid && cred->uid != tcred->uid &&
53375- !capable(CAP_SYS_NICE)) {
53376+ cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) {
53377 rcu_read_unlock();
53378 err = -EPERM;
53379 goto out;
53380diff -urNp linux-2.6.38.2/mm/mlock.c linux-2.6.38.2/mm/mlock.c
53381--- linux-2.6.38.2/mm/mlock.c 2011-03-14 21:20:32.000000000 -0400
53382+++ linux-2.6.38.2/mm/mlock.c 2011-03-21 18:31:35.000000000 -0400
53383@@ -13,6 +13,7 @@
53384 #include <linux/pagemap.h>
53385 #include <linux/mempolicy.h>
53386 #include <linux/syscalls.h>
53387+#include <linux/security.h>
53388 #include <linux/sched.h>
53389 #include <linux/module.h>
53390 #include <linux/rmap.h>
53391@@ -135,13 +136,6 @@ void munlock_vma_page(struct page *page)
53392 }
53393 }
53394
53395-static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr)
53396-{
53397- return (vma->vm_flags & VM_GROWSDOWN) &&
53398- (vma->vm_start == addr) &&
53399- !vma_stack_continue(vma->vm_prev, addr);
53400-}
53401-
53402 /**
53403 * __mlock_vma_pages_range() - mlock a range of pages in the vma.
53404 * @vma: target vma
53405@@ -188,12 +182,6 @@ static long __mlock_vma_pages_range(stru
53406 if (vma->vm_flags & VM_LOCKED)
53407 gup_flags |= FOLL_MLOCK;
53408
53409- /* We don't try to access the guard page of a stack vma */
53410- if (stack_guard_page(vma, start)) {
53411- addr += PAGE_SIZE;
53412- nr_pages--;
53413- }
53414-
53415 return __get_user_pages(current, mm, addr, nr_pages, gup_flags,
53416 NULL, NULL, nonblocking);
53417 }
53418@@ -393,6 +381,9 @@ static int do_mlock(unsigned long start,
53419 return -EINVAL;
53420 if (end == start)
53421 return 0;
53422+ if (end > TASK_SIZE)
53423+ return -EINVAL;
53424+
53425 vma = find_vma_prev(current->mm, start, &prev);
53426 if (!vma || vma->vm_start > start)
53427 return -ENOMEM;
53428@@ -403,6 +394,11 @@ static int do_mlock(unsigned long start,
53429 for (nstart = start ; ; ) {
53430 unsigned int newflags;
53431
53432+#ifdef CONFIG_PAX_SEGMEXEC
53433+ if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
53434+ break;
53435+#endif
53436+
53437 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */
53438
53439 newflags = vma->vm_flags | VM_LOCKED;
53440@@ -508,6 +504,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
53441 lock_limit >>= PAGE_SHIFT;
53442
53443 /* check against resource limits */
53444+ gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
53445 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
53446 error = do_mlock(start, len, 1);
53447 up_write(&current->mm->mmap_sem);
53448@@ -531,17 +528,23 @@ SYSCALL_DEFINE2(munlock, unsigned long,
53449 static int do_mlockall(int flags)
53450 {
53451 struct vm_area_struct * vma, * prev = NULL;
53452- unsigned int def_flags = 0;
53453
53454 if (flags & MCL_FUTURE)
53455- def_flags = VM_LOCKED;
53456- current->mm->def_flags = def_flags;
53457+ current->mm->def_flags |= VM_LOCKED;
53458+ else
53459+ current->mm->def_flags &= ~VM_LOCKED;
53460 if (flags == MCL_FUTURE)
53461 goto out;
53462
53463 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
53464- unsigned int newflags;
53465+ unsigned long newflags;
53466+
53467+#ifdef CONFIG_PAX_SEGMEXEC
53468+ if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
53469+ break;
53470+#endif
53471
53472+ BUG_ON(vma->vm_end > TASK_SIZE);
53473 newflags = vma->vm_flags | VM_LOCKED;
53474 if (!(flags & MCL_CURRENT))
53475 newflags &= ~VM_LOCKED;
53476@@ -573,6 +576,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
53477 lock_limit >>= PAGE_SHIFT;
53478
53479 ret = -ENOMEM;
53480+ gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm << PAGE_SHIFT, 1);
53481 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
53482 capable(CAP_IPC_LOCK))
53483 ret = do_mlockall(flags);
53484diff -urNp linux-2.6.38.2/mm/mmap.c linux-2.6.38.2/mm/mmap.c
53485--- linux-2.6.38.2/mm/mmap.c 2011-03-14 21:20:32.000000000 -0400
53486+++ linux-2.6.38.2/mm/mmap.c 2011-03-21 23:47:41.000000000 -0400
53487@@ -46,6 +46,16 @@
53488 #define arch_rebalance_pgtables(addr, len) (addr)
53489 #endif
53490
53491+static inline void verify_mm_writelocked(struct mm_struct *mm)
53492+{
53493+#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX)
53494+ if (unlikely(down_read_trylock(&mm->mmap_sem))) {
53495+ up_read(&mm->mmap_sem);
53496+ BUG();
53497+ }
53498+#endif
53499+}
53500+
53501 static void unmap_region(struct mm_struct *mm,
53502 struct vm_area_struct *vma, struct vm_area_struct *prev,
53503 unsigned long start, unsigned long end);
53504@@ -71,22 +81,32 @@ static void unmap_region(struct mm_struc
53505 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes
53506 *
53507 */
53508-pgprot_t protection_map[16] = {
53509+pgprot_t protection_map[16] __read_only = {
53510 __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
53511 __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
53512 };
53513
53514 pgprot_t vm_get_page_prot(unsigned long vm_flags)
53515 {
53516- return __pgprot(pgprot_val(protection_map[vm_flags &
53517+ pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags &
53518 (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
53519 pgprot_val(arch_vm_get_page_prot(vm_flags)));
53520+
53521+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
53522+ if (!(__supported_pte_mask & _PAGE_NX) &&
53523+ (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC &&
53524+ (vm_flags & (VM_READ | VM_WRITE)))
53525+ prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot)))));
53526+#endif
53527+
53528+ return prot;
53529 }
53530 EXPORT_SYMBOL(vm_get_page_prot);
53531
53532 int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
53533 int sysctl_overcommit_ratio = 50; /* default is 50% */
53534 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
53535+unsigned long sysctl_heap_stack_gap __read_mostly = 64*1024;
53536 struct percpu_counter vm_committed_as;
53537
53538 /*
53539@@ -232,6 +252,7 @@ static struct vm_area_struct *remove_vma
53540 struct vm_area_struct *next = vma->vm_next;
53541
53542 might_sleep();
53543+ BUG_ON(vma->vm_mirror);
53544 if (vma->vm_ops && vma->vm_ops->close)
53545 vma->vm_ops->close(vma);
53546 if (vma->vm_file) {
53547@@ -276,6 +297,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
53548 * not page aligned -Ram Gupta
53549 */
53550 rlim = rlimit(RLIMIT_DATA);
53551+ gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
53552 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
53553 (mm->end_data - mm->start_data) > rlim)
53554 goto out;
53555@@ -719,6 +741,12 @@ static int
53556 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
53557 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
53558 {
53559+
53560+#ifdef CONFIG_PAX_SEGMEXEC
53561+ if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE)
53562+ return 0;
53563+#endif
53564+
53565 if (is_mergeable_vma(vma, file, vm_flags) &&
53566 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
53567 if (vma->vm_pgoff == vm_pgoff)
53568@@ -738,6 +766,12 @@ static int
53569 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
53570 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
53571 {
53572+
53573+#ifdef CONFIG_PAX_SEGMEXEC
53574+ if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE)
53575+ return 0;
53576+#endif
53577+
53578 if (is_mergeable_vma(vma, file, vm_flags) &&
53579 is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
53580 pgoff_t vm_pglen;
53581@@ -780,13 +814,20 @@ can_vma_merge_after(struct vm_area_struc
53582 struct vm_area_struct *vma_merge(struct mm_struct *mm,
53583 struct vm_area_struct *prev, unsigned long addr,
53584 unsigned long end, unsigned long vm_flags,
53585- struct anon_vma *anon_vma, struct file *file,
53586+ struct anon_vma *anon_vma, struct file *file,
53587 pgoff_t pgoff, struct mempolicy *policy)
53588 {
53589 pgoff_t pglen = (end - addr) >> PAGE_SHIFT;
53590 struct vm_area_struct *area, *next;
53591 int err;
53592
53593+#ifdef CONFIG_PAX_SEGMEXEC
53594+ unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE;
53595+ struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL;
53596+
53597+ BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end);
53598+#endif
53599+
53600 /*
53601 * We later require that vma->vm_flags == vm_flags,
53602 * so this tests vma->vm_flags & VM_SPECIAL, too.
53603@@ -802,6 +843,15 @@ struct vm_area_struct *vma_merge(struct
53604 if (next && next->vm_end == end) /* cases 6, 7, 8 */
53605 next = next->vm_next;
53606
53607+#ifdef CONFIG_PAX_SEGMEXEC
53608+ if (prev)
53609+ prev_m = pax_find_mirror_vma(prev);
53610+ if (area)
53611+ area_m = pax_find_mirror_vma(area);
53612+ if (next)
53613+ next_m = pax_find_mirror_vma(next);
53614+#endif
53615+
53616 /*
53617 * Can it merge with the predecessor?
53618 */
53619@@ -821,9 +871,24 @@ struct vm_area_struct *vma_merge(struct
53620 /* cases 1, 6 */
53621 err = vma_adjust(prev, prev->vm_start,
53622 next->vm_end, prev->vm_pgoff, NULL);
53623- } else /* cases 2, 5, 7 */
53624+
53625+#ifdef CONFIG_PAX_SEGMEXEC
53626+ if (!err && prev_m)
53627+ err = vma_adjust(prev_m, prev_m->vm_start,
53628+ next_m->vm_end, prev_m->vm_pgoff, NULL);
53629+#endif
53630+
53631+ } else { /* cases 2, 5, 7 */
53632 err = vma_adjust(prev, prev->vm_start,
53633 end, prev->vm_pgoff, NULL);
53634+
53635+#ifdef CONFIG_PAX_SEGMEXEC
53636+ if (!err && prev_m)
53637+ err = vma_adjust(prev_m, prev_m->vm_start,
53638+ end_m, prev_m->vm_pgoff, NULL);
53639+#endif
53640+
53641+ }
53642 if (err)
53643 return NULL;
53644 khugepaged_enter_vma_merge(prev);
53645@@ -837,12 +902,27 @@ struct vm_area_struct *vma_merge(struct
53646 mpol_equal(policy, vma_policy(next)) &&
53647 can_vma_merge_before(next, vm_flags,
53648 anon_vma, file, pgoff+pglen)) {
53649- if (prev && addr < prev->vm_end) /* case 4 */
53650+ if (prev && addr < prev->vm_end) { /* case 4 */
53651 err = vma_adjust(prev, prev->vm_start,
53652 addr, prev->vm_pgoff, NULL);
53653- else /* cases 3, 8 */
53654+
53655+#ifdef CONFIG_PAX_SEGMEXEC
53656+ if (!err && prev_m)
53657+ err = vma_adjust(prev_m, prev_m->vm_start,
53658+ addr_m, prev_m->vm_pgoff, NULL);
53659+#endif
53660+
53661+ } else { /* cases 3, 8 */
53662 err = vma_adjust(area, addr, next->vm_end,
53663 next->vm_pgoff - pglen, NULL);
53664+
53665+#ifdef CONFIG_PAX_SEGMEXEC
53666+ if (!err && area_m)
53667+ err = vma_adjust(area_m, addr_m, next_m->vm_end,
53668+ next_m->vm_pgoff - pglen, NULL);
53669+#endif
53670+
53671+ }
53672 if (err)
53673 return NULL;
53674 khugepaged_enter_vma_merge(area);
53675@@ -958,14 +1038,11 @@ none:
53676 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
53677 struct file *file, long pages)
53678 {
53679- const unsigned long stack_flags
53680- = VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN);
53681-
53682 if (file) {
53683 mm->shared_vm += pages;
53684 if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
53685 mm->exec_vm += pages;
53686- } else if (flags & stack_flags)
53687+ } else if (flags & (VM_GROWSUP|VM_GROWSDOWN))
53688 mm->stack_vm += pages;
53689 if (flags & (VM_RESERVED|VM_IO))
53690 mm->reserved_vm += pages;
53691@@ -992,7 +1069,7 @@ unsigned long do_mmap_pgoff(struct file
53692 * (the exception is when the underlying filesystem is noexec
53693 * mounted, in which case we dont add PROT_EXEC.)
53694 */
53695- if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
53696+ if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
53697 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
53698 prot |= PROT_EXEC;
53699
53700@@ -1018,7 +1095,7 @@ unsigned long do_mmap_pgoff(struct file
53701 /* Obtain the address to map to. we verify (or select) it and ensure
53702 * that it represents a valid section of the address space.
53703 */
53704- addr = get_unmapped_area(file, addr, len, pgoff, flags);
53705+ addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0));
53706 if (addr & ~PAGE_MASK)
53707 return addr;
53708
53709@@ -1029,6 +1106,36 @@ unsigned long do_mmap_pgoff(struct file
53710 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
53711 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
53712
53713+#ifdef CONFIG_PAX_MPROTECT
53714+ if (mm->pax_flags & MF_PAX_MPROTECT) {
53715+#ifndef CONFIG_PAX_MPROTECT_COMPAT
53716+ if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) {
53717+ gr_log_rwxmmap(file);
53718+
53719+#ifdef CONFIG_PAX_EMUPLT
53720+ vm_flags &= ~VM_EXEC;
53721+#else
53722+ return -EPERM;
53723+#endif
53724+
53725+ }
53726+
53727+ if (!(vm_flags & VM_EXEC))
53728+ vm_flags &= ~VM_MAYEXEC;
53729+#else
53730+ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
53731+ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
53732+#endif
53733+ else
53734+ vm_flags &= ~VM_MAYWRITE;
53735+ }
53736+#endif
53737+
53738+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
53739+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file)
53740+ vm_flags &= ~VM_PAGEEXEC;
53741+#endif
53742+
53743 if (flags & MAP_LOCKED)
53744 if (!can_do_mlock())
53745 return -EPERM;
53746@@ -1040,6 +1147,7 @@ unsigned long do_mmap_pgoff(struct file
53747 locked += mm->locked_vm;
53748 lock_limit = rlimit(RLIMIT_MEMLOCK);
53749 lock_limit >>= PAGE_SHIFT;
53750+ gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
53751 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
53752 return -EAGAIN;
53753 }
53754@@ -1110,6 +1218,9 @@ unsigned long do_mmap_pgoff(struct file
53755 if (error)
53756 return error;
53757
53758+ if (!gr_acl_handle_mmap(file, prot))
53759+ return -EACCES;
53760+
53761 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
53762 }
53763 EXPORT_SYMBOL(do_mmap_pgoff);
53764@@ -1187,10 +1298,10 @@ SYSCALL_DEFINE1(old_mmap, struct mmap_ar
53765 */
53766 int vma_wants_writenotify(struct vm_area_struct *vma)
53767 {
53768- unsigned int vm_flags = vma->vm_flags;
53769+ unsigned long vm_flags = vma->vm_flags;
53770
53771 /* If it was private or non-writable, the write bit is already clear */
53772- if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED)))
53773+ if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED))
53774 return 0;
53775
53776 /* The backer wishes to know when pages are first written to? */
53777@@ -1239,14 +1350,24 @@ unsigned long mmap_region(struct file *f
53778 unsigned long charged = 0;
53779 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
53780
53781+#ifdef CONFIG_PAX_SEGMEXEC
53782+ struct vm_area_struct *vma_m = NULL;
53783+#endif
53784+
53785+ /*
53786+ * mm->mmap_sem is required to protect against another thread
53787+ * changing the mappings in case we sleep.
53788+ */
53789+ verify_mm_writelocked(mm);
53790+
53791 /* Clear old maps */
53792 error = -ENOMEM;
53793-munmap_back:
53794 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
53795 if (vma && vma->vm_start < addr + len) {
53796 if (do_munmap(mm, addr, len))
53797 return -ENOMEM;
53798- goto munmap_back;
53799+ vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
53800+ BUG_ON(vma && vma->vm_start < addr + len);
53801 }
53802
53803 /* Check against address space limit. */
53804@@ -1295,6 +1416,16 @@ munmap_back:
53805 goto unacct_error;
53806 }
53807
53808+#ifdef CONFIG_PAX_SEGMEXEC
53809+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) {
53810+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
53811+ if (!vma_m) {
53812+ error = -ENOMEM;
53813+ goto free_vma;
53814+ }
53815+ }
53816+#endif
53817+
53818 vma->vm_mm = mm;
53819 vma->vm_start = addr;
53820 vma->vm_end = addr + len;
53821@@ -1318,6 +1449,19 @@ munmap_back:
53822 error = file->f_op->mmap(file, vma);
53823 if (error)
53824 goto unmap_and_free_vma;
53825+
53826+#ifdef CONFIG_PAX_SEGMEXEC
53827+ if (vma_m && (vm_flags & VM_EXECUTABLE))
53828+ added_exe_file_vma(mm);
53829+#endif
53830+
53831+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
53832+ if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) {
53833+ vma->vm_flags |= VM_PAGEEXEC;
53834+ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
53835+ }
53836+#endif
53837+
53838 if (vm_flags & VM_EXECUTABLE)
53839 added_exe_file_vma(mm);
53840
53841@@ -1353,6 +1497,11 @@ munmap_back:
53842 vma_link(mm, vma, prev, rb_link, rb_parent);
53843 file = vma->vm_file;
53844
53845+#ifdef CONFIG_PAX_SEGMEXEC
53846+ if (vma_m)
53847+ BUG_ON(pax_mirror_vma(vma_m, vma));
53848+#endif
53849+
53850 /* Once vma denies write, undo our temporary denial count */
53851 if (correct_wcount)
53852 atomic_inc(&inode->i_writecount);
53853@@ -1361,6 +1510,7 @@ out:
53854
53855 mm->total_vm += len >> PAGE_SHIFT;
53856 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
53857+ track_exec_limit(mm, addr, addr + len, vm_flags);
53858 if (vm_flags & VM_LOCKED) {
53859 if (!mlock_vma_pages_range(vma, addr, addr + len))
53860 mm->locked_vm += (len >> PAGE_SHIFT);
53861@@ -1378,6 +1528,12 @@ unmap_and_free_vma:
53862 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
53863 charged = 0;
53864 free_vma:
53865+
53866+#ifdef CONFIG_PAX_SEGMEXEC
53867+ if (vma_m)
53868+ kmem_cache_free(vm_area_cachep, vma_m);
53869+#endif
53870+
53871 kmem_cache_free(vm_area_cachep, vma);
53872 unacct_error:
53873 if (charged)
53874@@ -1385,6 +1541,44 @@ unacct_error:
53875 return error;
53876 }
53877
53878+bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len)
53879+{
53880+ if (!vma) {
53881+#ifdef CONFIG_STACK_GROWSUP
53882+ if (addr > sysctl_heap_stack_gap)
53883+ vma = find_vma(current->mm, addr - sysctl_heap_stack_gap);
53884+ else
53885+ vma = find_vma(current->mm, 0);
53886+ if (vma && (vma->vm_flags & VM_GROWSUP))
53887+ return false;
53888+#endif
53889+ return true;
53890+ }
53891+
53892+ if (addr + len > vma->vm_start)
53893+ return false;
53894+
53895+ if (vma->vm_flags & VM_GROWSDOWN)
53896+ return sysctl_heap_stack_gap <= vma->vm_start - addr - len;
53897+#ifdef CONFIG_STACK_GROWSUP
53898+ else if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP))
53899+ return addr - vma->vm_prev->vm_end <= sysctl_heap_stack_gap;
53900+#endif
53901+
53902+ return true;
53903+}
53904+
53905+unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len)
53906+{
53907+ if (vma->vm_start < len)
53908+ return -ENOMEM;
53909+ if (!(vma->vm_flags & VM_GROWSDOWN))
53910+ return vma->vm_start - len;
53911+ if (sysctl_heap_stack_gap <= vma->vm_start - len)
53912+ return vma->vm_start - len - sysctl_heap_stack_gap;
53913+ return -ENOMEM;
53914+}
53915+
53916 /* Get an address range which is currently unmapped.
53917 * For shmat() with addr=0.
53918 *
53919@@ -1411,18 +1605,23 @@ arch_get_unmapped_area(struct file *filp
53920 if (flags & MAP_FIXED)
53921 return addr;
53922
53923+#ifdef CONFIG_PAX_RANDMMAP
53924+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
53925+#endif
53926+
53927 if (addr) {
53928 addr = PAGE_ALIGN(addr);
53929- vma = find_vma(mm, addr);
53930- if (TASK_SIZE - len >= addr &&
53931- (!vma || addr + len <= vma->vm_start))
53932- return addr;
53933+ if (TASK_SIZE - len >= addr) {
53934+ vma = find_vma(mm, addr);
53935+ if (check_heap_stack_gap(vma, addr, len))
53936+ return addr;
53937+ }
53938 }
53939 if (len > mm->cached_hole_size) {
53940- start_addr = addr = mm->free_area_cache;
53941+ start_addr = addr = mm->free_area_cache;
53942 } else {
53943- start_addr = addr = TASK_UNMAPPED_BASE;
53944- mm->cached_hole_size = 0;
53945+ start_addr = addr = mm->mmap_base;
53946+ mm->cached_hole_size = 0;
53947 }
53948
53949 full_search:
53950@@ -1433,34 +1632,40 @@ full_search:
53951 * Start a new search - just in case we missed
53952 * some holes.
53953 */
53954- if (start_addr != TASK_UNMAPPED_BASE) {
53955- addr = TASK_UNMAPPED_BASE;
53956- start_addr = addr;
53957+ if (start_addr != mm->mmap_base) {
53958+ start_addr = addr = mm->mmap_base;
53959 mm->cached_hole_size = 0;
53960 goto full_search;
53961 }
53962 return -ENOMEM;
53963 }
53964- if (!vma || addr + len <= vma->vm_start) {
53965- /*
53966- * Remember the place where we stopped the search:
53967- */
53968- mm->free_area_cache = addr + len;
53969- return addr;
53970- }
53971+ if (check_heap_stack_gap(vma, addr, len))
53972+ break;
53973 if (addr + mm->cached_hole_size < vma->vm_start)
53974 mm->cached_hole_size = vma->vm_start - addr;
53975 addr = vma->vm_end;
53976 }
53977+
53978+ /*
53979+ * Remember the place where we stopped the search:
53980+ */
53981+ mm->free_area_cache = addr + len;
53982+ return addr;
53983 }
53984 #endif
53985
53986 void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
53987 {
53988+
53989+#ifdef CONFIG_PAX_SEGMEXEC
53990+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
53991+ return;
53992+#endif
53993+
53994 /*
53995 * Is this a new hole at the lowest possible address?
53996 */
53997- if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) {
53998+ if (addr >= mm->mmap_base && addr < mm->free_area_cache) {
53999 mm->free_area_cache = addr;
54000 mm->cached_hole_size = ~0UL;
54001 }
54002@@ -1478,7 +1683,7 @@ arch_get_unmapped_area_topdown(struct fi
54003 {
54004 struct vm_area_struct *vma;
54005 struct mm_struct *mm = current->mm;
54006- unsigned long addr = addr0;
54007+ unsigned long base = mm->mmap_base, addr = addr0;
54008
54009 /* requested length too big for entire address space */
54010 if (len > TASK_SIZE)
54011@@ -1487,13 +1692,18 @@ arch_get_unmapped_area_topdown(struct fi
54012 if (flags & MAP_FIXED)
54013 return addr;
54014
54015+#ifdef CONFIG_PAX_RANDMMAP
54016+ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
54017+#endif
54018+
54019 /* requesting a specific address */
54020 if (addr) {
54021 addr = PAGE_ALIGN(addr);
54022- vma = find_vma(mm, addr);
54023- if (TASK_SIZE - len >= addr &&
54024- (!vma || addr + len <= vma->vm_start))
54025- return addr;
54026+ if (TASK_SIZE - len >= addr) {
54027+ vma = find_vma(mm, addr);
54028+ if (check_heap_stack_gap(vma, addr, len))
54029+ return addr;
54030+ }
54031 }
54032
54033 /* check if free_area_cache is useful for us */
54034@@ -1508,7 +1718,7 @@ arch_get_unmapped_area_topdown(struct fi
54035 /* make sure it can fit in the remaining address space */
54036 if (addr > len) {
54037 vma = find_vma(mm, addr-len);
54038- if (!vma || addr <= vma->vm_start)
54039+ if (check_heap_stack_gap(vma, addr - len, len))
54040 /* remember the address as a hint for next time */
54041 return (mm->free_area_cache = addr-len);
54042 }
54043@@ -1525,7 +1735,7 @@ arch_get_unmapped_area_topdown(struct fi
54044 * return with success:
54045 */
54046 vma = find_vma(mm, addr);
54047- if (!vma || addr+len <= vma->vm_start)
54048+ if (check_heap_stack_gap(vma, addr, len))
54049 /* remember the address as a hint for next time */
54050 return (mm->free_area_cache = addr);
54051
54052@@ -1534,8 +1744,8 @@ arch_get_unmapped_area_topdown(struct fi
54053 mm->cached_hole_size = vma->vm_start - addr;
54054
54055 /* try just below the current vma->vm_start */
54056- addr = vma->vm_start-len;
54057- } while (len < vma->vm_start);
54058+ addr = skip_heap_stack_gap(vma, len);
54059+ } while (!IS_ERR_VALUE(addr));
54060
54061 bottomup:
54062 /*
54063@@ -1544,13 +1754,21 @@ bottomup:
54064 * can happen with large stack limits and large mmap()
54065 * allocations.
54066 */
54067+ mm->mmap_base = TASK_UNMAPPED_BASE;
54068+
54069+#ifdef CONFIG_PAX_RANDMMAP
54070+ if (mm->pax_flags & MF_PAX_RANDMMAP)
54071+ mm->mmap_base += mm->delta_mmap;
54072+#endif
54073+
54074+ mm->free_area_cache = mm->mmap_base;
54075 mm->cached_hole_size = ~0UL;
54076- mm->free_area_cache = TASK_UNMAPPED_BASE;
54077 addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
54078 /*
54079 * Restore the topdown base:
54080 */
54081- mm->free_area_cache = mm->mmap_base;
54082+ mm->mmap_base = base;
54083+ mm->free_area_cache = base;
54084 mm->cached_hole_size = ~0UL;
54085
54086 return addr;
54087@@ -1559,6 +1777,12 @@ bottomup:
54088
54089 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
54090 {
54091+
54092+#ifdef CONFIG_PAX_SEGMEXEC
54093+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
54094+ return;
54095+#endif
54096+
54097 /*
54098 * Is this a new hole at the highest possible address?
54099 */
54100@@ -1566,8 +1790,10 @@ void arch_unmap_area_topdown(struct mm_s
54101 mm->free_area_cache = addr;
54102
54103 /* dont allow allocations above current base */
54104- if (mm->free_area_cache > mm->mmap_base)
54105+ if (mm->free_area_cache > mm->mmap_base) {
54106 mm->free_area_cache = mm->mmap_base;
54107+ mm->cached_hole_size = ~0UL;
54108+ }
54109 }
54110
54111 unsigned long
54112@@ -1675,6 +1901,28 @@ out:
54113 return prev ? prev->vm_next : vma;
54114 }
54115
54116+#ifdef CONFIG_PAX_SEGMEXEC
54117+struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
54118+{
54119+ struct vm_area_struct *vma_m;
54120+
54121+ BUG_ON(!vma || vma->vm_start >= vma->vm_end);
54122+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
54123+ BUG_ON(vma->vm_mirror);
54124+ return NULL;
54125+ }
54126+ BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end);
54127+ vma_m = vma->vm_mirror;
54128+ BUG_ON(!vma_m || vma_m->vm_mirror != vma);
54129+ BUG_ON(vma->vm_file != vma_m->vm_file);
54130+ BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
54131+ BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff);
54132+ BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root);
54133+ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED));
54134+ return vma_m;
54135+}
54136+#endif
54137+
54138 /*
54139 * Verify that the stack growth is acceptable and
54140 * update accounting. This is shared with both the
54141@@ -1691,6 +1939,7 @@ static int acct_stack_growth(struct vm_a
54142 return -ENOMEM;
54143
54144 /* Stack limit test */
54145+ gr_learn_resource(current, RLIMIT_STACK, size, 1);
54146 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
54147 return -ENOMEM;
54148
54149@@ -1701,6 +1950,7 @@ static int acct_stack_growth(struct vm_a
54150 locked = mm->locked_vm + grow;
54151 limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
54152 limit >>= PAGE_SHIFT;
54153+ gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
54154 if (locked > limit && !capable(CAP_IPC_LOCK))
54155 return -ENOMEM;
54156 }
54157@@ -1731,37 +1981,48 @@ static int acct_stack_growth(struct vm_a
54158 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
54159 * vma is the last one with address > vma->vm_end. Have to extend vma.
54160 */
54161+#ifndef CONFIG_IA64
54162+static
54163+#endif
54164 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
54165 {
54166 int error;
54167+ bool locknext;
54168
54169 if (!(vma->vm_flags & VM_GROWSUP))
54170 return -EFAULT;
54171
54172+ /* Also guard against wrapping around to address 0. */
54173+ if (address < PAGE_ALIGN(address+1))
54174+ address = PAGE_ALIGN(address+1);
54175+ else
54176+ return -ENOMEM;
54177+
54178 /*
54179 * We must make sure the anon_vma is allocated
54180 * so that the anon_vma locking is not a noop.
54181 */
54182 if (unlikely(anon_vma_prepare(vma)))
54183 return -ENOMEM;
54184+ locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
54185+ if (locknext && anon_vma_prepare(vma->vm_next))
54186+ return -ENOMEM;
54187 vma_lock_anon_vma(vma);
54188+ if (locknext)
54189+ vma_lock_anon_vma(vma->vm_next);
54190
54191 /*
54192 * vma->vm_start/vm_end cannot change under us because the caller
54193 * is required to hold the mmap_sem in read mode. We need the
54194- * anon_vma lock to serialize against concurrent expand_stacks.
54195- * Also guard against wrapping around to address 0.
54196+ * anon_vma locks to serialize against concurrent expand_stacks
54197+ * and expand_upwards.
54198 */
54199- if (address < PAGE_ALIGN(address+4))
54200- address = PAGE_ALIGN(address+4);
54201- else {
54202- vma_unlock_anon_vma(vma);
54203- return -ENOMEM;
54204- }
54205 error = 0;
54206
54207 /* Somebody else might have raced and expanded it already */
54208- if (address > vma->vm_end) {
54209+ if (vma->vm_next && (vma->vm_next->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && vma->vm_next->vm_start - address < sysctl_heap_stack_gap)
54210+ error = -ENOMEM;
54211+ else if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
54212 unsigned long size, grow;
54213
54214 size = address - vma->vm_start;
54215@@ -1773,6 +2034,8 @@ int expand_upwards(struct vm_area_struct
54216 perf_event_mmap(vma);
54217 }
54218 }
54219+ if (locknext)
54220+ vma_unlock_anon_vma(vma->vm_next);
54221 vma_unlock_anon_vma(vma);
54222 khugepaged_enter_vma_merge(vma);
54223 return error;
54224@@ -1786,6 +2049,8 @@ static int expand_downwards(struct vm_ar
54225 unsigned long address)
54226 {
54227 int error;
54228+ bool lockprev = false;
54229+ struct vm_area_struct *prev;
54230
54231 /*
54232 * We must make sure the anon_vma is allocated
54233@@ -1799,6 +2064,15 @@ static int expand_downwards(struct vm_ar
54234 if (error)
54235 return error;
54236
54237+ prev = vma->vm_prev;
54238+#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
54239+ lockprev = prev && (prev->vm_flags & VM_GROWSUP);
54240+#endif
54241+ if (lockprev && anon_vma_prepare(prev))
54242+ return -ENOMEM;
54243+ if (lockprev)
54244+ vma_lock_anon_vma(prev);
54245+
54246 vma_lock_anon_vma(vma);
54247
54248 /*
54249@@ -1808,9 +2082,17 @@ static int expand_downwards(struct vm_ar
54250 */
54251
54252 /* Somebody else might have raced and expanded it already */
54253- if (address < vma->vm_start) {
54254+ if (prev && (prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && address - prev->vm_end < sysctl_heap_stack_gap)
54255+ error = -ENOMEM;
54256+ else if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
54257 unsigned long size, grow;
54258
54259+#ifdef CONFIG_PAX_SEGMEXEC
54260+ struct vm_area_struct *vma_m;
54261+
54262+ vma_m = pax_find_mirror_vma(vma);
54263+#endif
54264+
54265 size = vma->vm_end - address;
54266 grow = (vma->vm_start - address) >> PAGE_SHIFT;
54267
54268@@ -1818,10 +2100,21 @@ static int expand_downwards(struct vm_ar
54269 if (!error) {
54270 vma->vm_start = address;
54271 vma->vm_pgoff -= grow;
54272+ track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
54273+
54274+#ifdef CONFIG_PAX_SEGMEXEC
54275+ if (vma_m) {
54276+ vma_m->vm_start -= grow << PAGE_SHIFT;
54277+ vma_m->vm_pgoff -= grow;
54278+ }
54279+#endif
54280+
54281 perf_event_mmap(vma);
54282 }
54283 }
54284 vma_unlock_anon_vma(vma);
54285+ if (lockprev)
54286+ vma_unlock_anon_vma(prev);
54287 khugepaged_enter_vma_merge(vma);
54288 return error;
54289 }
54290@@ -1896,6 +2189,13 @@ static void remove_vma_list(struct mm_st
54291 do {
54292 long nrpages = vma_pages(vma);
54293
54294+#ifdef CONFIG_PAX_SEGMEXEC
54295+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) {
54296+ vma = remove_vma(vma);
54297+ continue;
54298+ }
54299+#endif
54300+
54301 mm->total_vm -= nrpages;
54302 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
54303 vma = remove_vma(vma);
54304@@ -1941,6 +2241,16 @@ detach_vmas_to_be_unmapped(struct mm_str
54305 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
54306 vma->vm_prev = NULL;
54307 do {
54308+
54309+#ifdef CONFIG_PAX_SEGMEXEC
54310+ if (vma->vm_mirror) {
54311+ BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma);
54312+ vma->vm_mirror->vm_mirror = NULL;
54313+ vma->vm_mirror->vm_flags &= ~VM_EXEC;
54314+ vma->vm_mirror = NULL;
54315+ }
54316+#endif
54317+
54318 rb_erase(&vma->vm_rb, &mm->mm_rb);
54319 mm->map_count--;
54320 tail_vma = vma;
54321@@ -1969,14 +2279,33 @@ static int __split_vma(struct mm_struct
54322 struct vm_area_struct *new;
54323 int err = -ENOMEM;
54324
54325+#ifdef CONFIG_PAX_SEGMEXEC
54326+ struct vm_area_struct *vma_m, *new_m = NULL;
54327+ unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE;
54328+#endif
54329+
54330 if (is_vm_hugetlb_page(vma) && (addr &
54331 ~(huge_page_mask(hstate_vma(vma)))))
54332 return -EINVAL;
54333
54334+#ifdef CONFIG_PAX_SEGMEXEC
54335+ vma_m = pax_find_mirror_vma(vma);
54336+#endif
54337+
54338 new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
54339 if (!new)
54340 goto out_err;
54341
54342+#ifdef CONFIG_PAX_SEGMEXEC
54343+ if (vma_m) {
54344+ new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
54345+ if (!new_m) {
54346+ kmem_cache_free(vm_area_cachep, new);
54347+ goto out_err;
54348+ }
54349+ }
54350+#endif
54351+
54352 /* most fields are the same, copy all, and then fixup */
54353 *new = *vma;
54354
54355@@ -1989,6 +2318,22 @@ static int __split_vma(struct mm_struct
54356 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
54357 }
54358
54359+#ifdef CONFIG_PAX_SEGMEXEC
54360+ if (vma_m) {
54361+ *new_m = *vma_m;
54362+ INIT_LIST_HEAD(&new_m->anon_vma_chain);
54363+ new_m->vm_mirror = new;
54364+ new->vm_mirror = new_m;
54365+
54366+ if (new_below)
54367+ new_m->vm_end = addr_m;
54368+ else {
54369+ new_m->vm_start = addr_m;
54370+ new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT);
54371+ }
54372+ }
54373+#endif
54374+
54375 pol = mpol_dup(vma_policy(vma));
54376 if (IS_ERR(pol)) {
54377 err = PTR_ERR(pol);
54378@@ -2014,6 +2359,42 @@ static int __split_vma(struct mm_struct
54379 else
54380 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
54381
54382+#ifdef CONFIG_PAX_SEGMEXEC
54383+ if (!err && vma_m) {
54384+ if (anon_vma_clone(new_m, vma_m))
54385+ goto out_free_mpol;
54386+
54387+ mpol_get(pol);
54388+ vma_set_policy(new_m, pol);
54389+
54390+ if (new_m->vm_file) {
54391+ get_file(new_m->vm_file);
54392+ if (vma_m->vm_flags & VM_EXECUTABLE)
54393+ added_exe_file_vma(mm);
54394+ }
54395+
54396+ if (new_m->vm_ops && new_m->vm_ops->open)
54397+ new_m->vm_ops->open(new_m);
54398+
54399+ if (new_below)
54400+ err = vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff +
54401+ ((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m);
54402+ else
54403+ err = vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m);
54404+
54405+ if (err) {
54406+ if (new_m->vm_ops && new_m->vm_ops->close)
54407+ new_m->vm_ops->close(new_m);
54408+ if (new_m->vm_file) {
54409+ if (vma_m->vm_flags & VM_EXECUTABLE)
54410+ removed_exe_file_vma(mm);
54411+ fput(new_m->vm_file);
54412+ }
54413+ mpol_put(pol);
54414+ }
54415+ }
54416+#endif
54417+
54418 /* Success. */
54419 if (!err)
54420 return 0;
54421@@ -2026,10 +2407,18 @@ static int __split_vma(struct mm_struct
54422 removed_exe_file_vma(mm);
54423 fput(new->vm_file);
54424 }
54425- unlink_anon_vmas(new);
54426 out_free_mpol:
54427 mpol_put(pol);
54428 out_free_vma:
54429+
54430+#ifdef CONFIG_PAX_SEGMEXEC
54431+ if (new_m) {
54432+ unlink_anon_vmas(new_m);
54433+ kmem_cache_free(vm_area_cachep, new_m);
54434+ }
54435+#endif
54436+
54437+ unlink_anon_vmas(new);
54438 kmem_cache_free(vm_area_cachep, new);
54439 out_err:
54440 return err;
54441@@ -2042,6 +2431,15 @@ static int __split_vma(struct mm_struct
54442 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
54443 unsigned long addr, int new_below)
54444 {
54445+
54446+#ifdef CONFIG_PAX_SEGMEXEC
54447+ if (mm->pax_flags & MF_PAX_SEGMEXEC) {
54448+ BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE);
54449+ if (mm->map_count >= sysctl_max_map_count-1)
54450+ return -ENOMEM;
54451+ } else
54452+#endif
54453+
54454 if (mm->map_count >= sysctl_max_map_count)
54455 return -ENOMEM;
54456
54457@@ -2053,11 +2451,30 @@ int split_vma(struct mm_struct *mm, stru
54458 * work. This now handles partial unmappings.
54459 * Jeremy Fitzhardinge <jeremy@goop.org>
54460 */
54461+#ifdef CONFIG_PAX_SEGMEXEC
54462 int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
54463 {
54464+ int ret = __do_munmap(mm, start, len);
54465+ if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
54466+ return ret;
54467+
54468+ return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len);
54469+}
54470+
54471+int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
54472+#else
54473+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
54474+#endif
54475+{
54476 unsigned long end;
54477 struct vm_area_struct *vma, *prev, *last;
54478
54479+ /*
54480+ * mm->mmap_sem is required to protect against another thread
54481+ * changing the mappings in case we sleep.
54482+ */
54483+ verify_mm_writelocked(mm);
54484+
54485 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
54486 return -EINVAL;
54487
54488@@ -2131,6 +2548,8 @@ int do_munmap(struct mm_struct *mm, unsi
54489 /* Fix up all other VM information */
54490 remove_vma_list(mm, vma);
54491
54492+ track_exec_limit(mm, start, end, 0UL);
54493+
54494 return 0;
54495 }
54496
54497@@ -2143,22 +2562,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
54498
54499 profile_munmap(addr);
54500
54501+#ifdef CONFIG_PAX_SEGMEXEC
54502+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
54503+ (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len))
54504+ return -EINVAL;
54505+#endif
54506+
54507 down_write(&mm->mmap_sem);
54508 ret = do_munmap(mm, addr, len);
54509 up_write(&mm->mmap_sem);
54510 return ret;
54511 }
54512
54513-static inline void verify_mm_writelocked(struct mm_struct *mm)
54514-{
54515-#ifdef CONFIG_DEBUG_VM
54516- if (unlikely(down_read_trylock(&mm->mmap_sem))) {
54517- WARN_ON(1);
54518- up_read(&mm->mmap_sem);
54519- }
54520-#endif
54521-}
54522-
54523 /*
54524 * this is really a simplified "do_mmap". it only handles
54525 * anonymous maps. eventually we may be able to do some
54526@@ -2172,6 +2587,7 @@ unsigned long do_brk(unsigned long addr,
54527 struct rb_node ** rb_link, * rb_parent;
54528 pgoff_t pgoff = addr >> PAGE_SHIFT;
54529 int error;
54530+ unsigned long charged;
54531
54532 len = PAGE_ALIGN(len);
54533 if (!len)
54534@@ -2183,16 +2599,30 @@ unsigned long do_brk(unsigned long addr,
54535
54536 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
54537
54538+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
54539+ if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
54540+ flags &= ~VM_EXEC;
54541+
54542+#ifdef CONFIG_PAX_MPROTECT
54543+ if (mm->pax_flags & MF_PAX_MPROTECT)
54544+ flags &= ~VM_MAYEXEC;
54545+#endif
54546+
54547+ }
54548+#endif
54549+
54550 error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED);
54551 if (error & ~PAGE_MASK)
54552 return error;
54553
54554+ charged = len >> PAGE_SHIFT;
54555+
54556 /*
54557 * mlock MCL_FUTURE?
54558 */
54559 if (mm->def_flags & VM_LOCKED) {
54560 unsigned long locked, lock_limit;
54561- locked = len >> PAGE_SHIFT;
54562+ locked = charged;
54563 locked += mm->locked_vm;
54564 lock_limit = rlimit(RLIMIT_MEMLOCK);
54565 lock_limit >>= PAGE_SHIFT;
54566@@ -2209,22 +2639,22 @@ unsigned long do_brk(unsigned long addr,
54567 /*
54568 * Clear old maps. this also does some error checking for us
54569 */
54570- munmap_back:
54571 vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
54572 if (vma && vma->vm_start < addr + len) {
54573 if (do_munmap(mm, addr, len))
54574 return -ENOMEM;
54575- goto munmap_back;
54576+ vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
54577+ BUG_ON(vma && vma->vm_start < addr + len);
54578 }
54579
54580 /* Check against address space limits *after* clearing old maps... */
54581- if (!may_expand_vm(mm, len >> PAGE_SHIFT))
54582+ if (!may_expand_vm(mm, charged))
54583 return -ENOMEM;
54584
54585 if (mm->map_count > sysctl_max_map_count)
54586 return -ENOMEM;
54587
54588- if (security_vm_enough_memory(len >> PAGE_SHIFT))
54589+ if (security_vm_enough_memory(charged))
54590 return -ENOMEM;
54591
54592 /* Can we just expand an old private anonymous mapping? */
54593@@ -2238,7 +2668,7 @@ unsigned long do_brk(unsigned long addr,
54594 */
54595 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
54596 if (!vma) {
54597- vm_unacct_memory(len >> PAGE_SHIFT);
54598+ vm_unacct_memory(charged);
54599 return -ENOMEM;
54600 }
54601
54602@@ -2252,11 +2682,12 @@ unsigned long do_brk(unsigned long addr,
54603 vma_link(mm, vma, prev, rb_link, rb_parent);
54604 out:
54605 perf_event_mmap(vma);
54606- mm->total_vm += len >> PAGE_SHIFT;
54607+ mm->total_vm += charged;
54608 if (flags & VM_LOCKED) {
54609 if (!mlock_vma_pages_range(vma, addr, addr + len))
54610- mm->locked_vm += (len >> PAGE_SHIFT);
54611+ mm->locked_vm += charged;
54612 }
54613+ track_exec_limit(mm, addr, addr + len, flags);
54614 return addr;
54615 }
54616
54617@@ -2303,8 +2734,10 @@ void exit_mmap(struct mm_struct *mm)
54618 * Walk the list again, actually closing and freeing it,
54619 * with preemption enabled, without holding any MM locks.
54620 */
54621- while (vma)
54622+ while (vma) {
54623+ vma->vm_mirror = NULL;
54624 vma = remove_vma(vma);
54625+ }
54626
54627 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
54628 }
54629@@ -2318,6 +2751,13 @@ int insert_vm_struct(struct mm_struct *
54630 struct vm_area_struct * __vma, * prev;
54631 struct rb_node ** rb_link, * rb_parent;
54632
54633+#ifdef CONFIG_PAX_SEGMEXEC
54634+ struct vm_area_struct *vma_m = NULL;
54635+#endif
54636+
54637+ if (security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1))
54638+ return -EPERM;
54639+
54640 /*
54641 * The vm_pgoff of a purely anonymous vma should be irrelevant
54642 * until its first write fault, when page's anon_vma and index
54643@@ -2340,7 +2780,22 @@ int insert_vm_struct(struct mm_struct *
54644 if ((vma->vm_flags & VM_ACCOUNT) &&
54645 security_vm_enough_memory_mm(mm, vma_pages(vma)))
54646 return -ENOMEM;
54647+
54648+#ifdef CONFIG_PAX_SEGMEXEC
54649+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) {
54650+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
54651+ if (!vma_m)
54652+ return -ENOMEM;
54653+ }
54654+#endif
54655+
54656 vma_link(mm, vma, prev, rb_link, rb_parent);
54657+
54658+#ifdef CONFIG_PAX_SEGMEXEC
54659+ if (vma_m)
54660+ BUG_ON(pax_mirror_vma(vma_m, vma));
54661+#endif
54662+
54663 return 0;
54664 }
54665
54666@@ -2358,6 +2813,8 @@ struct vm_area_struct *copy_vma(struct v
54667 struct rb_node **rb_link, *rb_parent;
54668 struct mempolicy *pol;
54669
54670+ BUG_ON(vma->vm_mirror);
54671+
54672 /*
54673 * If anonymous vma has not yet been faulted, update new pgoff
54674 * to match new location, to increase its chance of merging.
54675@@ -2407,6 +2864,39 @@ struct vm_area_struct *copy_vma(struct v
54676 kmem_cache_free(vm_area_cachep, new_vma);
54677 return NULL;
54678 }
54679+
54680+#ifdef CONFIG_PAX_SEGMEXEC
54681+long pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma)
54682+{
54683+ struct vm_area_struct *prev_m;
54684+ struct rb_node **rb_link_m, *rb_parent_m;
54685+ struct mempolicy *pol_m;
54686+
54687+ BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC));
54688+ BUG_ON(vma->vm_mirror || vma_m->vm_mirror);
54689+ BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m)));
54690+ *vma_m = *vma;
54691+ INIT_LIST_HEAD(&vma_m->anon_vma_chain);
54692+ if (anon_vma_clone(vma_m, vma))
54693+ return -ENOMEM;
54694+ pol_m = vma_policy(vma_m);
54695+ mpol_get(pol_m);
54696+ vma_set_policy(vma_m, pol_m);
54697+ vma_m->vm_start += SEGMEXEC_TASK_SIZE;
54698+ vma_m->vm_end += SEGMEXEC_TASK_SIZE;
54699+ vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED);
54700+ vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags);
54701+ if (vma_m->vm_file)
54702+ get_file(vma_m->vm_file);
54703+ if (vma_m->vm_ops && vma_m->vm_ops->open)
54704+ vma_m->vm_ops->open(vma_m);
54705+ find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m);
54706+ vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m);
54707+ vma_m->vm_mirror = vma;
54708+ vma->vm_mirror = vma_m;
54709+ return 0;
54710+}
54711+#endif
54712
54713 /*
54714 * Return true if the calling process may expand its vm space by the passed
54715@@ -2418,7 +2908,7 @@ int may_expand_vm(struct mm_struct *mm,
54716 unsigned long lim;
54717
54718 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
54719-
54720+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
54721 if (cur + npages > lim)
54722 return 0;
54723 return 1;
54724@@ -2489,6 +2979,22 @@ int install_special_mapping(struct mm_st
54725 vma->vm_start = addr;
54726 vma->vm_end = addr + len;
54727
54728+#ifdef CONFIG_PAX_MPROTECT
54729+ if (mm->pax_flags & MF_PAX_MPROTECT) {
54730+#ifndef CONFIG_PAX_MPROTECT_COMPAT
54731+ if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC))
54732+ return -EPERM;
54733+ if (!(vm_flags & VM_EXEC))
54734+ vm_flags &= ~VM_MAYEXEC;
54735+#else
54736+ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
54737+ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
54738+#endif
54739+ else
54740+ vm_flags &= ~VM_MAYWRITE;
54741+ }
54742+#endif
54743+
54744 vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
54745 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
54746
54747diff -urNp linux-2.6.38.2/mm/mprotect.c linux-2.6.38.2/mm/mprotect.c
54748--- linux-2.6.38.2/mm/mprotect.c 2011-03-14 21:20:32.000000000 -0400
54749+++ linux-2.6.38.2/mm/mprotect.c 2011-03-21 18:31:35.000000000 -0400
54750@@ -23,10 +23,16 @@
54751 #include <linux/mmu_notifier.h>
54752 #include <linux/migrate.h>
54753 #include <linux/perf_event.h>
54754+
54755+#ifdef CONFIG_PAX_MPROTECT
54756+#include <linux/elf.h>
54757+#endif
54758+
54759 #include <asm/uaccess.h>
54760 #include <asm/pgtable.h>
54761 #include <asm/cacheflush.h>
54762 #include <asm/tlbflush.h>
54763+#include <asm/mmu_context.h>
54764
54765 #ifndef pgprot_modify
54766 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
54767@@ -141,6 +147,48 @@ static void change_protection(struct vm_
54768 flush_tlb_range(vma, start, end);
54769 }
54770
54771+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
54772+/* called while holding the mmap semaphor for writing except stack expansion */
54773+void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot)
54774+{
54775+ unsigned long oldlimit, newlimit = 0UL;
54776+
54777+ if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || (__supported_pte_mask & _PAGE_NX))
54778+ return;
54779+
54780+ spin_lock(&mm->page_table_lock);
54781+ oldlimit = mm->context.user_cs_limit;
54782+ if ((prot & VM_EXEC) && oldlimit < end)
54783+ /* USER_CS limit moved up */
54784+ newlimit = end;
54785+ else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end)
54786+ /* USER_CS limit moved down */
54787+ newlimit = start;
54788+
54789+ if (newlimit) {
54790+ mm->context.user_cs_limit = newlimit;
54791+
54792+#ifdef CONFIG_SMP
54793+ wmb();
54794+ cpus_clear(mm->context.cpu_user_cs_mask);
54795+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
54796+#endif
54797+
54798+ set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
54799+ }
54800+ spin_unlock(&mm->page_table_lock);
54801+ if (newlimit == end) {
54802+ struct vm_area_struct *vma = find_vma(mm, oldlimit);
54803+
54804+ for (; vma && vma->vm_start < end; vma = vma->vm_next)
54805+ if (is_vm_hugetlb_page(vma))
54806+ hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
54807+ else
54808+ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma));
54809+ }
54810+}
54811+#endif
54812+
54813 int
54814 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
54815 unsigned long start, unsigned long end, unsigned long newflags)
54816@@ -153,11 +201,29 @@ mprotect_fixup(struct vm_area_struct *vm
54817 int error;
54818 int dirty_accountable = 0;
54819
54820+#ifdef CONFIG_PAX_SEGMEXEC
54821+ struct vm_area_struct *vma_m = NULL;
54822+ unsigned long start_m, end_m;
54823+
54824+ start_m = start + SEGMEXEC_TASK_SIZE;
54825+ end_m = end + SEGMEXEC_TASK_SIZE;
54826+#endif
54827+
54828 if (newflags == oldflags) {
54829 *pprev = vma;
54830 return 0;
54831 }
54832
54833+ if (newflags & (VM_READ | VM_WRITE | VM_EXEC)) {
54834+ struct vm_area_struct *prev = vma->vm_prev, *next = vma->vm_next;
54835+
54836+ if (next && (next->vm_flags & VM_GROWSDOWN) && sysctl_heap_stack_gap > next->vm_start - end)
54837+ return -ENOMEM;
54838+
54839+ if (prev && (prev->vm_flags & VM_GROWSUP) && sysctl_heap_stack_gap > start - prev->vm_end)
54840+ return -ENOMEM;
54841+ }
54842+
54843 /*
54844 * If we make a private mapping writable we increase our commit;
54845 * but (without finer accounting) cannot reduce our commit if we
54846@@ -174,6 +240,42 @@ mprotect_fixup(struct vm_area_struct *vm
54847 }
54848 }
54849
54850+#ifdef CONFIG_PAX_SEGMEXEC
54851+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) {
54852+ if (start != vma->vm_start) {
54853+ error = split_vma(mm, vma, start, 1);
54854+ if (error)
54855+ goto fail;
54856+ BUG_ON(!*pprev || (*pprev)->vm_next == vma);
54857+ *pprev = (*pprev)->vm_next;
54858+ }
54859+
54860+ if (end != vma->vm_end) {
54861+ error = split_vma(mm, vma, end, 0);
54862+ if (error)
54863+ goto fail;
54864+ }
54865+
54866+ if (pax_find_mirror_vma(vma)) {
54867+ error = __do_munmap(mm, start_m, end_m - start_m);
54868+ if (error)
54869+ goto fail;
54870+ } else {
54871+ vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
54872+ if (!vma_m) {
54873+ error = -ENOMEM;
54874+ goto fail;
54875+ }
54876+ vma->vm_flags = newflags;
54877+ error = pax_mirror_vma(vma_m, vma);
54878+ if (error) {
54879+ vma->vm_flags = oldflags;
54880+ goto fail;
54881+ }
54882+ }
54883+ }
54884+#endif
54885+
54886 /*
54887 * First try to merge with previous and/or next vma.
54888 */
54889@@ -204,9 +306,21 @@ success:
54890 * vm_flags and vm_page_prot are protected by the mmap_sem
54891 * held in write mode.
54892 */
54893+
54894+#ifdef CONFIG_PAX_SEGMEXEC
54895+ if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (newflags & VM_EXEC) && ((vma->vm_flags ^ newflags) & VM_READ))
54896+ pax_find_mirror_vma(vma)->vm_flags ^= VM_READ;
54897+#endif
54898+
54899 vma->vm_flags = newflags;
54900+
54901+#ifdef CONFIG_PAX_MPROTECT
54902+ if (mm->binfmt && mm->binfmt->handle_mprotect)
54903+ mm->binfmt->handle_mprotect(vma, newflags);
54904+#endif
54905+
54906 vma->vm_page_prot = pgprot_modify(vma->vm_page_prot,
54907- vm_get_page_prot(newflags));
54908+ vm_get_page_prot(vma->vm_flags));
54909
54910 if (vma_wants_writenotify(vma)) {
54911 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
54912@@ -248,6 +362,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
54913 end = start + len;
54914 if (end <= start)
54915 return -ENOMEM;
54916+
54917+#ifdef CONFIG_PAX_SEGMEXEC
54918+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
54919+ if (end > SEGMEXEC_TASK_SIZE)
54920+ return -EINVAL;
54921+ } else
54922+#endif
54923+
54924+ if (end > TASK_SIZE)
54925+ return -EINVAL;
54926+
54927 if (!arch_validate_prot(prot))
54928 return -EINVAL;
54929
54930@@ -255,7 +380,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
54931 /*
54932 * Does the application expect PROT_READ to imply PROT_EXEC:
54933 */
54934- if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
54935+ if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
54936 prot |= PROT_EXEC;
54937
54938 vm_flags = calc_vm_prot_bits(prot);
54939@@ -287,6 +412,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
54940 if (start > vma->vm_start)
54941 prev = vma;
54942
54943+#ifdef CONFIG_PAX_MPROTECT
54944+ if (current->mm->binfmt && current->mm->binfmt->handle_mprotect)
54945+ current->mm->binfmt->handle_mprotect(vma, vm_flags);
54946+#endif
54947+
54948 for (nstart = start ; ; ) {
54949 unsigned long newflags;
54950
54951@@ -296,6 +426,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
54952
54953 /* newflags >> 4 shift VM_MAY% in place of VM_% */
54954 if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
54955+ if (prot & (PROT_WRITE | PROT_EXEC))
54956+ gr_log_rwxmprotect(vma->vm_file);
54957+
54958+ error = -EACCES;
54959+ goto out;
54960+ }
54961+
54962+ if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
54963 error = -EACCES;
54964 goto out;
54965 }
54966@@ -310,6 +448,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
54967 error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
54968 if (error)
54969 goto out;
54970+
54971+ track_exec_limit(current->mm, nstart, tmp, vm_flags);
54972+
54973 nstart = tmp;
54974
54975 if (nstart < prev->vm_end)
54976diff -urNp linux-2.6.38.2/mm/mremap.c linux-2.6.38.2/mm/mremap.c
54977--- linux-2.6.38.2/mm/mremap.c 2011-03-14 21:20:32.000000000 -0400
54978+++ linux-2.6.38.2/mm/mremap.c 2011-03-21 18:31:35.000000000 -0400
54979@@ -114,6 +114,12 @@ static void move_ptes(struct vm_area_str
54980 continue;
54981 pte = ptep_clear_flush(vma, old_addr, old_pte);
54982 pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
54983+
54984+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
54985+ if (!(__supported_pte_mask & _PAGE_NX) && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC)
54986+ pte = pte_exprotect(pte);
54987+#endif
54988+
54989 set_pte_at(mm, new_addr, new_pte, pte);
54990 }
54991
54992@@ -273,6 +279,11 @@ static struct vm_area_struct *vma_to_res
54993 if (is_vm_hugetlb_page(vma))
54994 goto Einval;
54995
54996+#ifdef CONFIG_PAX_SEGMEXEC
54997+ if (pax_find_mirror_vma(vma))
54998+ goto Einval;
54999+#endif
55000+
55001 /* We can't remap across vm area boundaries */
55002 if (old_len > vma->vm_end - addr)
55003 goto Efault;
55004@@ -322,20 +333,25 @@ static unsigned long mremap_to(unsigned
55005 unsigned long ret = -EINVAL;
55006 unsigned long charged = 0;
55007 unsigned long map_flags;
55008+ unsigned long pax_task_size = TASK_SIZE;
55009
55010 if (new_addr & ~PAGE_MASK)
55011 goto out;
55012
55013- if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
55014+#ifdef CONFIG_PAX_SEGMEXEC
55015+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
55016+ pax_task_size = SEGMEXEC_TASK_SIZE;
55017+#endif
55018+
55019+ pax_task_size -= PAGE_SIZE;
55020+
55021+ if (new_len > TASK_SIZE || new_addr > pax_task_size - new_len)
55022 goto out;
55023
55024 /* Check if the location we're moving into overlaps the
55025 * old location at all, and fail if it does.
55026 */
55027- if ((new_addr <= addr) && (new_addr+new_len) > addr)
55028- goto out;
55029-
55030- if ((addr <= new_addr) && (addr+old_len) > new_addr)
55031+ if (addr + old_len > new_addr && new_addr + new_len > addr)
55032 goto out;
55033
55034 ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
55035@@ -407,6 +423,7 @@ unsigned long do_mremap(unsigned long ad
55036 struct vm_area_struct *vma;
55037 unsigned long ret = -EINVAL;
55038 unsigned long charged = 0;
55039+ unsigned long pax_task_size = TASK_SIZE;
55040
55041 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
55042 goto out;
55043@@ -425,6 +442,17 @@ unsigned long do_mremap(unsigned long ad
55044 if (!new_len)
55045 goto out;
55046
55047+#ifdef CONFIG_PAX_SEGMEXEC
55048+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
55049+ pax_task_size = SEGMEXEC_TASK_SIZE;
55050+#endif
55051+
55052+ pax_task_size -= PAGE_SIZE;
55053+
55054+ if (new_len > pax_task_size || addr > pax_task_size-new_len ||
55055+ old_len > pax_task_size || addr > pax_task_size-old_len)
55056+ goto out;
55057+
55058 if (flags & MREMAP_FIXED) {
55059 if (flags & MREMAP_MAYMOVE)
55060 ret = mremap_to(addr, old_len, new_addr, new_len);
55061@@ -474,6 +502,7 @@ unsigned long do_mremap(unsigned long ad
55062 addr + new_len);
55063 }
55064 ret = addr;
55065+ track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
55066 goto out;
55067 }
55068 }
55069@@ -500,7 +529,13 @@ unsigned long do_mremap(unsigned long ad
55070 ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
55071 if (ret)
55072 goto out;
55073+
55074+ map_flags = vma->vm_flags;
55075 ret = move_vma(vma, addr, old_len, new_len, new_addr);
55076+ if (!(ret & ~PAGE_MASK)) {
55077+ track_exec_limit(current->mm, addr, addr + old_len, 0UL);
55078+ track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
55079+ }
55080 }
55081 out:
55082 if (ret & ~PAGE_MASK)
55083diff -urNp linux-2.6.38.2/mm/nommu.c linux-2.6.38.2/mm/nommu.c
55084--- linux-2.6.38.2/mm/nommu.c 2011-03-14 21:20:32.000000000 -0400
55085+++ linux-2.6.38.2/mm/nommu.c 2011-03-21 18:31:35.000000000 -0400
55086@@ -63,7 +63,6 @@ int sysctl_overcommit_memory = OVERCOMMI
55087 int sysctl_overcommit_ratio = 50; /* default is 50% */
55088 int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
55089 int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
55090-int heap_stack_gap = 0;
55091
55092 atomic_long_t mmap_pages_allocated;
55093
55094@@ -833,15 +832,6 @@ struct vm_area_struct *find_vma(struct m
55095 EXPORT_SYMBOL(find_vma);
55096
55097 /*
55098- * find a VMA
55099- * - we don't extend stack VMAs under NOMMU conditions
55100- */
55101-struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
55102-{
55103- return find_vma(mm, addr);
55104-}
55105-
55106-/*
55107 * expand a stack to a given address
55108 * - not supported under NOMMU conditions
55109 */
55110@@ -1563,6 +1553,7 @@ int split_vma(struct mm_struct *mm, stru
55111
55112 /* most fields are the same, copy all, and then fixup */
55113 *new = *vma;
55114+ INIT_LIST_HEAD(&new->anon_vma_chain);
55115 *region = *vma->vm_region;
55116 new->vm_region = region;
55117
55118diff -urNp linux-2.6.38.2/mm/page_alloc.c linux-2.6.38.2/mm/page_alloc.c
55119--- linux-2.6.38.2/mm/page_alloc.c 2011-03-28 17:42:40.000000000 -0400
55120+++ linux-2.6.38.2/mm/page_alloc.c 2011-03-28 17:42:53.000000000 -0400
55121@@ -644,6 +644,10 @@ static bool free_pages_prepare(struct pa
55122 int i;
55123 int bad = 0;
55124
55125+#ifdef CONFIG_PAX_MEMORY_SANITIZE
55126+ unsigned long index = 1UL << order;
55127+#endif
55128+
55129 trace_mm_page_free_direct(page, order);
55130 kmemcheck_free_shadow(page, order);
55131
55132@@ -659,6 +663,12 @@ static bool free_pages_prepare(struct pa
55133 debug_check_no_obj_freed(page_address(page),
55134 PAGE_SIZE << order);
55135 }
55136+
55137+#ifdef CONFIG_PAX_MEMORY_SANITIZE
55138+ for (; index; --index)
55139+ sanitize_highpage(page + index - 1);
55140+#endif
55141+
55142 arch_free_page(page, order);
55143 kernel_map_pages(page, 1 << order, 0);
55144
55145@@ -773,8 +783,10 @@ static int prep_new_page(struct page *pa
55146 arch_alloc_page(page, order);
55147 kernel_map_pages(page, 1 << order, 1);
55148
55149+#ifndef CONFIG_PAX_MEMORY_SANITIZE
55150 if (gfp_flags & __GFP_ZERO)
55151 prep_zero_page(page, order, gfp_flags);
55152+#endif
55153
55154 if (order && (gfp_flags & __GFP_COMP))
55155 prep_compound_page(page, order);
55156diff -urNp linux-2.6.38.2/mm/percpu.c linux-2.6.38.2/mm/percpu.c
55157--- linux-2.6.38.2/mm/percpu.c 2011-03-14 21:20:32.000000000 -0400
55158+++ linux-2.6.38.2/mm/percpu.c 2011-03-21 18:31:35.000000000 -0400
55159@@ -121,7 +121,7 @@ static unsigned int pcpu_first_unit_cpu
55160 static unsigned int pcpu_last_unit_cpu __read_mostly;
55161
55162 /* the address of the first chunk which starts with the kernel static area */
55163-void *pcpu_base_addr __read_mostly;
55164+void *pcpu_base_addr __read_only;
55165 EXPORT_SYMBOL_GPL(pcpu_base_addr);
55166
55167 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
55168diff -urNp linux-2.6.38.2/mm/rmap.c linux-2.6.38.2/mm/rmap.c
55169--- linux-2.6.38.2/mm/rmap.c 2011-03-14 21:20:32.000000000 -0400
55170+++ linux-2.6.38.2/mm/rmap.c 2011-03-21 18:31:35.000000000 -0400
55171@@ -117,6 +117,10 @@ int anon_vma_prepare(struct vm_area_stru
55172 struct anon_vma *anon_vma = vma->anon_vma;
55173 struct anon_vma_chain *avc;
55174
55175+#ifdef CONFIG_PAX_SEGMEXEC
55176+ struct anon_vma_chain *avc_m = NULL;
55177+#endif
55178+
55179 might_sleep();
55180 if (unlikely(!anon_vma)) {
55181 struct mm_struct *mm = vma->vm_mm;
55182@@ -126,6 +130,12 @@ int anon_vma_prepare(struct vm_area_stru
55183 if (!avc)
55184 goto out_enomem;
55185
55186+#ifdef CONFIG_PAX_SEGMEXEC
55187+ avc_m = anon_vma_chain_alloc();
55188+ if (!avc_m)
55189+ goto out_enomem_free_avc;
55190+#endif
55191+
55192 anon_vma = find_mergeable_anon_vma(vma);
55193 allocated = NULL;
55194 if (!anon_vma) {
55195@@ -144,6 +154,21 @@ int anon_vma_prepare(struct vm_area_stru
55196 /* page_table_lock to protect against threads */
55197 spin_lock(&mm->page_table_lock);
55198 if (likely(!vma->anon_vma)) {
55199+
55200+#ifdef CONFIG_PAX_SEGMEXEC
55201+ struct vm_area_struct *vma_m = pax_find_mirror_vma(vma);
55202+
55203+ if (vma_m) {
55204+ BUG_ON(vma_m->anon_vma);
55205+ vma_m->anon_vma = anon_vma;
55206+ avc_m->anon_vma = anon_vma;
55207+ avc_m->vma = vma;
55208+ list_add(&avc_m->same_vma, &vma_m->anon_vma_chain);
55209+ list_add(&avc_m->same_anon_vma, &anon_vma->head);
55210+ avc_m = NULL;
55211+ }
55212+#endif
55213+
55214 vma->anon_vma = anon_vma;
55215 avc->anon_vma = anon_vma;
55216 avc->vma = vma;
55217@@ -157,12 +182,24 @@ int anon_vma_prepare(struct vm_area_stru
55218
55219 if (unlikely(allocated))
55220 anon_vma_free(allocated);
55221+
55222+#ifdef CONFIG_PAX_SEGMEXEC
55223+ if (unlikely(avc_m))
55224+ anon_vma_chain_free(avc_m);
55225+#endif
55226+
55227 if (unlikely(avc))
55228 anon_vma_chain_free(avc);
55229 }
55230 return 0;
55231
55232 out_enomem_free_avc:
55233+
55234+#ifdef CONFIG_PAX_SEGMEXEC
55235+ if (avc_m)
55236+ anon_vma_chain_free(avc_m);
55237+#endif
55238+
55239 anon_vma_chain_free(avc);
55240 out_enomem:
55241 return -ENOMEM;
55242@@ -189,7 +226,7 @@ static void anon_vma_chain_link(struct v
55243 * Attach the anon_vmas from src to dst.
55244 * Returns 0 on success, -ENOMEM on failure.
55245 */
55246-int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
55247+int anon_vma_clone(struct vm_area_struct *dst, const struct vm_area_struct *src)
55248 {
55249 struct anon_vma_chain *avc, *pavc;
55250
55251@@ -211,7 +248,7 @@ int anon_vma_clone(struct vm_area_struct
55252 * the corresponding VMA in the parent process is attached to.
55253 * Returns 0 on success, non-zero on failure.
55254 */
55255-int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma)
55256+int anon_vma_fork(struct vm_area_struct *vma, const struct vm_area_struct *pvma)
55257 {
55258 struct anon_vma_chain *avc;
55259 struct anon_vma *anon_vma;
55260diff -urNp linux-2.6.38.2/mm/shmem.c linux-2.6.38.2/mm/shmem.c
55261--- linux-2.6.38.2/mm/shmem.c 2011-03-28 17:42:40.000000000 -0400
55262+++ linux-2.6.38.2/mm/shmem.c 2011-03-28 17:42:53.000000000 -0400
55263@@ -31,7 +31,7 @@
55264 #include <linux/percpu_counter.h>
55265 #include <linux/swap.h>
55266
55267-static struct vfsmount *shm_mnt;
55268+struct vfsmount *shm_mnt;
55269
55270 #ifdef CONFIG_SHMEM
55271 /*
55272@@ -1070,6 +1070,8 @@ static int shmem_writepage(struct page *
55273 goto unlock;
55274 }
55275 entry = shmem_swp_entry(info, index, NULL);
55276+ if (!entry)
55277+ goto unlock;
55278 if (entry->val) {
55279 /*
55280 * The more uptodate page coming down from a stacked
55281diff -urNp linux-2.6.38.2/mm/slab.c linux-2.6.38.2/mm/slab.c
55282--- linux-2.6.38.2/mm/slab.c 2011-03-28 17:42:40.000000000 -0400
55283+++ linux-2.6.38.2/mm/slab.c 2011-03-28 17:42:53.000000000 -0400
55284@@ -284,7 +284,7 @@ struct kmem_list3 {
55285 * Need this for bootstrapping a per node allocator.
55286 */
55287 #define NUM_INIT_LISTS (3 * MAX_NUMNODES)
55288-static struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
55289+static struct kmem_list3 initkmem_list3[NUM_INIT_LISTS];
55290 #define CACHE_CACHE 0
55291 #define SIZE_AC MAX_NUMNODES
55292 #define SIZE_L3 (2 * MAX_NUMNODES)
55293@@ -534,7 +534,7 @@ static inline void *index_to_obj(struct
55294 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
55295 */
55296 static inline unsigned int obj_to_index(const struct kmem_cache *cache,
55297- const struct slab *slab, void *obj)
55298+ const struct slab *slab, const void *obj)
55299 {
55300 u32 offset = (obj - slab->s_mem);
55301 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
55302@@ -560,14 +560,14 @@ struct cache_names {
55303 static struct cache_names __initdata cache_names[] = {
55304 #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
55305 #include <linux/kmalloc_sizes.h>
55306- {NULL,}
55307+ {NULL, NULL}
55308 #undef CACHE
55309 };
55310
55311 static struct arraycache_init initarray_cache __initdata =
55312- { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
55313+ { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
55314 static struct arraycache_init initarray_generic =
55315- { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
55316+ { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
55317
55318 /* internal cache of cache description objs */
55319 static struct kmem_cache cache_cache = {
55320@@ -4535,15 +4535,66 @@ static const struct file_operations proc
55321
55322 static int __init slab_proc_init(void)
55323 {
55324- proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations);
55325+ mode_t gr_mode = S_IRUGO;
55326+
55327+#ifdef CONFIG_GRKERNSEC_PROC_ADD
55328+ gr_mode = S_IRUSR;
55329+#endif
55330+
55331+ proc_create("slabinfo",S_IWUSR|gr_mode,NULL,&proc_slabinfo_operations);
55332 #ifdef CONFIG_DEBUG_SLAB_LEAK
55333- proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
55334+ proc_create("slab_allocators", gr_mode, NULL, &proc_slabstats_operations);
55335 #endif
55336 return 0;
55337 }
55338 module_init(slab_proc_init);
55339 #endif
55340
55341+void check_object_size(const void *ptr, unsigned long n, bool to)
55342+{
55343+
55344+#ifdef CONFIG_PAX_USERCOPY
55345+ struct kmem_cache *cachep;
55346+ struct slab *slabp;
55347+ struct page *page;
55348+ unsigned int objnr;
55349+ unsigned long offset;
55350+
55351+ if (!n)
55352+ return;
55353+
55354+ if (ZERO_OR_NULL_PTR(ptr))
55355+ goto report;
55356+
55357+ if (!virt_addr_valid(ptr))
55358+ return;
55359+
55360+ page = virt_to_head_page(ptr);
55361+
55362+ if (!PageSlab(page)) {
55363+ if (object_is_on_stack(ptr, n) == -1)
55364+ goto report;
55365+ return;
55366+ }
55367+
55368+ cachep = page_get_cache(page);
55369+ slabp = page_get_slab(page);
55370+ objnr = obj_to_index(cachep, slabp, ptr);
55371+ BUG_ON(objnr >= cachep->num);
55372+ offset = ptr - index_to_obj(cachep, slabp, objnr) - obj_offset(cachep);
55373+ if (offset <= obj_size(cachep) && n <= obj_size(cachep) - offset)
55374+ return;
55375+
55376+report:
55377+ if (to)
55378+ pax_report_leak_to_user(ptr, n);
55379+ else
55380+ pax_report_overflow_from_user(ptr, n);
55381+#endif
55382+
55383+}
55384+EXPORT_SYMBOL(check_object_size);
55385+
55386 /**
55387 * ksize - get the actual amount of memory allocated for a given object
55388 * @objp: Pointer to the object
55389diff -urNp linux-2.6.38.2/mm/slob.c linux-2.6.38.2/mm/slob.c
55390--- linux-2.6.38.2/mm/slob.c 2011-03-14 21:20:32.000000000 -0400
55391+++ linux-2.6.38.2/mm/slob.c 2011-03-21 18:31:35.000000000 -0400
55392@@ -29,7 +29,7 @@
55393 * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
55394 * alloc_pages() directly, allocating compound pages so the page order
55395 * does not have to be separately tracked, and also stores the exact
55396- * allocation size in page->private so that it can be used to accurately
55397+ * allocation size in slob_page->size so that it can be used to accurately
55398 * provide ksize(). These objects are detected in kfree() because slob_page()
55399 * is false for them.
55400 *
55401@@ -58,6 +58,7 @@
55402 */
55403
55404 #include <linux/kernel.h>
55405+#include <linux/sched.h>
55406 #include <linux/slab.h>
55407 #include <linux/mm.h>
55408 #include <linux/swap.h> /* struct reclaim_state */
55409@@ -102,7 +103,8 @@ struct slob_page {
55410 unsigned long flags; /* mandatory */
55411 atomic_t _count; /* mandatory */
55412 slobidx_t units; /* free units left in page */
55413- unsigned long pad[2];
55414+ unsigned long pad[1];
55415+ unsigned long size; /* size when >=PAGE_SIZE */
55416 slob_t *free; /* first free slob_t in page */
55417 struct list_head list; /* linked list of free pages */
55418 };
55419@@ -135,7 +137,7 @@ static LIST_HEAD(free_slob_large);
55420 */
55421 static inline int is_slob_page(struct slob_page *sp)
55422 {
55423- return PageSlab((struct page *)sp);
55424+ return PageSlab((struct page *)sp) && !sp->size;
55425 }
55426
55427 static inline void set_slob_page(struct slob_page *sp)
55428@@ -150,7 +152,7 @@ static inline void clear_slob_page(struc
55429
55430 static inline struct slob_page *slob_page(const void *addr)
55431 {
55432- return (struct slob_page *)virt_to_page(addr);
55433+ return (struct slob_page *)virt_to_head_page(addr);
55434 }
55435
55436 /*
55437@@ -210,7 +212,7 @@ static void set_slob(slob_t *s, slobidx_
55438 /*
55439 * Return the size of a slob block.
55440 */
55441-static slobidx_t slob_units(slob_t *s)
55442+static slobidx_t slob_units(const slob_t *s)
55443 {
55444 if (s->units > 0)
55445 return s->units;
55446@@ -220,7 +222,7 @@ static slobidx_t slob_units(slob_t *s)
55447 /*
55448 * Return the next free slob block pointer after this one.
55449 */
55450-static slob_t *slob_next(slob_t *s)
55451+static slob_t *slob_next(const slob_t *s)
55452 {
55453 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
55454 slobidx_t next;
55455@@ -235,7 +237,7 @@ static slob_t *slob_next(slob_t *s)
55456 /*
55457 * Returns true if s is the last free block in its page.
55458 */
55459-static int slob_last(slob_t *s)
55460+static int slob_last(const slob_t *s)
55461 {
55462 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
55463 }
55464@@ -254,6 +256,7 @@ static void *slob_new_pages(gfp_t gfp, i
55465 if (!page)
55466 return NULL;
55467
55468+ set_slob_page(page);
55469 return page_address(page);
55470 }
55471
55472@@ -370,11 +373,11 @@ static void *slob_alloc(size_t size, gfp
55473 if (!b)
55474 return NULL;
55475 sp = slob_page(b);
55476- set_slob_page(sp);
55477
55478 spin_lock_irqsave(&slob_lock, flags);
55479 sp->units = SLOB_UNITS(PAGE_SIZE);
55480 sp->free = b;
55481+ sp->size = 0;
55482 INIT_LIST_HEAD(&sp->list);
55483 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
55484 set_slob_page_free(sp, slob_list);
55485@@ -476,10 +479,9 @@ out:
55486 * End of slob allocator proper. Begin kmem_cache_alloc and kmalloc frontend.
55487 */
55488
55489-void *__kmalloc_node(size_t size, gfp_t gfp, int node)
55490+static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align)
55491 {
55492- unsigned int *m;
55493- int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
55494+ slob_t *m;
55495 void *ret;
55496
55497 lockdep_trace_alloc(gfp);
55498@@ -492,7 +494,10 @@ void *__kmalloc_node(size_t size, gfp_t
55499
55500 if (!m)
55501 return NULL;
55502- *m = size;
55503+ BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT);
55504+ BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT);
55505+ m[0].units = size;
55506+ m[1].units = align;
55507 ret = (void *)m + align;
55508
55509 trace_kmalloc_node(_RET_IP_, ret,
55510@@ -504,9 +509,9 @@ void *__kmalloc_node(size_t size, gfp_t
55511 gfp |= __GFP_COMP;
55512 ret = slob_new_pages(gfp, order, node);
55513 if (ret) {
55514- struct page *page;
55515- page = virt_to_page(ret);
55516- page->private = size;
55517+ struct slob_page *sp;
55518+ sp = slob_page(ret);
55519+ sp->size = size;
55520 }
55521
55522 trace_kmalloc_node(_RET_IP_, ret,
55523@@ -516,6 +521,13 @@ void *__kmalloc_node(size_t size, gfp_t
55524 kmemleak_alloc(ret, size, 1, gfp);
55525 return ret;
55526 }
55527+
55528+void *__kmalloc_node(size_t size, gfp_t gfp, int node)
55529+{
55530+ int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
55531+
55532+ return __kmalloc_node_align(size, gfp, node, align);
55533+}
55534 EXPORT_SYMBOL(__kmalloc_node);
55535
55536 void kfree(const void *block)
55537@@ -531,13 +543,84 @@ void kfree(const void *block)
55538 sp = slob_page(block);
55539 if (is_slob_page(sp)) {
55540 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
55541- unsigned int *m = (unsigned int *)(block - align);
55542- slob_free(m, *m + align);
55543- } else
55544+ slob_t *m = (slob_t *)(block - align);
55545+ slob_free(m, m[0].units + align);
55546+ } else {
55547+ clear_slob_page(sp);
55548+ free_slob_page(sp);
55549+ sp->size = 0;
55550 put_page(&sp->page);
55551+ }
55552 }
55553 EXPORT_SYMBOL(kfree);
55554
55555+void check_object_size(const void *ptr, unsigned long n, bool to)
55556+{
55557+
55558+#ifdef CONFIG_PAX_USERCOPY
55559+ struct slob_page *sp;
55560+ const slob_t *free;
55561+ const void *base;
55562+
55563+ if (!n)
55564+ return;
55565+
55566+ if (ZERO_OR_NULL_PTR(ptr))
55567+ goto report;
55568+
55569+ if (!virt_addr_valid(ptr))
55570+ return;
55571+
55572+ sp = slob_page(ptr);
55573+ if (!PageSlab((struct page*)sp)) {
55574+ if (object_is_on_stack(ptr, n) == -1)
55575+ goto report;
55576+ return;
55577+ }
55578+
55579+ if (sp->size) {
55580+ base = page_address(&sp->page);
55581+ if (base <= ptr && n <= sp->size - (ptr - base))
55582+ return;
55583+ goto report;
55584+ }
55585+
55586+ /* some tricky double walking to find the chunk */
55587+ base = (void *)((unsigned long)ptr & PAGE_MASK);
55588+ free = sp->free;
55589+
55590+ while (!slob_last(free) && (void *)free <= ptr) {
55591+ base = free + slob_units(free);
55592+ free = slob_next(free);
55593+ }
55594+
55595+ while (base < (void *)free) {
55596+ slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units;
55597+ int size = SLOB_UNIT * SLOB_UNITS(m + align);
55598+ int offset;
55599+
55600+ if (ptr < base + align)
55601+ goto report;
55602+
55603+ offset = ptr - base - align;
55604+ if (offset < m) {
55605+ if (n <= m - offset)
55606+ return;
55607+ goto report;
55608+ }
55609+ base += size;
55610+ }
55611+
55612+report:
55613+ if (to)
55614+ pax_report_leak_to_user(ptr, n);
55615+ else
55616+ pax_report_overflow_from_user(ptr, n);
55617+#endif
55618+
55619+}
55620+EXPORT_SYMBOL(check_object_size);
55621+
55622 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
55623 size_t ksize(const void *block)
55624 {
55625@@ -550,10 +633,10 @@ size_t ksize(const void *block)
55626 sp = slob_page(block);
55627 if (is_slob_page(sp)) {
55628 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
55629- unsigned int *m = (unsigned int *)(block - align);
55630- return SLOB_UNITS(*m) * SLOB_UNIT;
55631+ slob_t *m = (slob_t *)(block - align);
55632+ return SLOB_UNITS(m[0].units) * SLOB_UNIT;
55633 } else
55634- return sp->page.private;
55635+ return sp->size;
55636 }
55637 EXPORT_SYMBOL(ksize);
55638
55639@@ -608,17 +691,25 @@ void *kmem_cache_alloc_node(struct kmem_
55640 {
55641 void *b;
55642
55643+#ifdef CONFIG_PAX_USERCOPY
55644+ b = __kmalloc_node_align(c->size, flags, node, c->align);
55645+#else
55646 if (c->size < PAGE_SIZE) {
55647 b = slob_alloc(c->size, flags, c->align, node);
55648 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
55649 SLOB_UNITS(c->size) * SLOB_UNIT,
55650 flags, node);
55651 } else {
55652+ struct slob_page *sp;
55653+
55654 b = slob_new_pages(flags, get_order(c->size), node);
55655+ sp = slob_page(b);
55656+ sp->size = c->size;
55657 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
55658 PAGE_SIZE << get_order(c->size),
55659 flags, node);
55660 }
55661+#endif
55662
55663 if (c->ctor)
55664 c->ctor(b);
55665@@ -630,10 +721,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
55666
55667 static void __kmem_cache_free(void *b, int size)
55668 {
55669- if (size < PAGE_SIZE)
55670+ struct slob_page *sp = slob_page(b);
55671+
55672+ if (is_slob_page(sp))
55673 slob_free(b, size);
55674- else
55675+ else {
55676+ clear_slob_page(sp);
55677+ free_slob_page(sp);
55678+ sp->size = 0;
55679 slob_free_pages(b, get_order(size));
55680+ }
55681 }
55682
55683 static void kmem_rcu_free(struct rcu_head *head)
55684@@ -646,14 +743,23 @@ static void kmem_rcu_free(struct rcu_hea
55685
55686 void kmem_cache_free(struct kmem_cache *c, void *b)
55687 {
55688+ int size = c->size;
55689+
55690+#ifdef CONFIG_PAX_USERCOPY
55691+ if (size + c->align < PAGE_SIZE) {
55692+ size += c->align;
55693+ b -= c->align;
55694+ }
55695+#endif
55696+
55697 kmemleak_free_recursive(b, c->flags);
55698 if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
55699 struct slob_rcu *slob_rcu;
55700- slob_rcu = b + (c->size - sizeof(struct slob_rcu));
55701- slob_rcu->size = c->size;
55702+ slob_rcu = b + (size - sizeof(struct slob_rcu));
55703+ slob_rcu->size = size;
55704 call_rcu(&slob_rcu->head, kmem_rcu_free);
55705 } else {
55706- __kmem_cache_free(b, c->size);
55707+ __kmem_cache_free(b, size);
55708 }
55709
55710 trace_kmem_cache_free(_RET_IP_, b);
55711diff -urNp linux-2.6.38.2/mm/slub.c linux-2.6.38.2/mm/slub.c
55712--- linux-2.6.38.2/mm/slub.c 2011-03-14 21:20:32.000000000 -0400
55713+++ linux-2.6.38.2/mm/slub.c 2011-03-21 18:31:35.000000000 -0400
55714@@ -390,7 +390,7 @@ static void print_track(const char *s, s
55715 if (!t->addr)
55716 return;
55717
55718- printk(KERN_ERR "INFO: %s in %pS age=%lu cpu=%u pid=%d\n",
55719+ printk(KERN_ERR "INFO: %s in %pA age=%lu cpu=%u pid=%d\n",
55720 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
55721 }
55722
55723@@ -1927,6 +1927,8 @@ void kmem_cache_free(struct kmem_cache *
55724
55725 page = virt_to_head_page(x);
55726
55727+ BUG_ON(!PageSlab(page));
55728+
55729 slab_free(s, page, x, _RET_IP_);
55730
55731 trace_kmem_cache_free(_RET_IP_, x);
55732@@ -1960,7 +1962,7 @@ static int slub_min_objects;
55733 * Merge control. If this is set then no merging of slab caches will occur.
55734 * (Could be removed. This was introduced to pacify the merge skeptics.)
55735 */
55736-static int slub_nomerge;
55737+static int slub_nomerge = 1;
55738
55739 /*
55740 * Calculate the order of allocation given an slab object size.
55741@@ -2370,7 +2372,7 @@ static int kmem_cache_open(struct kmem_c
55742 * list to avoid pounding the page allocator excessively.
55743 */
55744 set_min_partial(s, ilog2(s->size));
55745- s->refcount = 1;
55746+ atomic_set(&s->refcount, 1);
55747 #ifdef CONFIG_NUMA
55748 s->remote_node_defrag_ratio = 1000;
55749 #endif
55750@@ -2482,8 +2484,7 @@ static inline int kmem_cache_close(struc
55751 void kmem_cache_destroy(struct kmem_cache *s)
55752 {
55753 down_write(&slub_lock);
55754- s->refcount--;
55755- if (!s->refcount) {
55756+ if (atomic_dec_and_test(&s->refcount)) {
55757 list_del(&s->list);
55758 if (kmem_cache_close(s)) {
55759 printk(KERN_ERR "SLUB %s: %s called for cache that "
55760@@ -2693,6 +2694,46 @@ void *__kmalloc_node(size_t size, gfp_t
55761 EXPORT_SYMBOL(__kmalloc_node);
55762 #endif
55763
55764+void check_object_size(const void *ptr, unsigned long n, bool to)
55765+{
55766+
55767+#ifdef CONFIG_PAX_USERCOPY
55768+ struct page *page;
55769+ struct kmem_cache *s;
55770+ unsigned long offset;
55771+
55772+ if (!n)
55773+ return;
55774+
55775+ if (ZERO_OR_NULL_PTR(ptr))
55776+ goto report;
55777+
55778+ if (!virt_addr_valid(ptr))
55779+ return;
55780+
55781+ page = virt_to_head_page(ptr);
55782+
55783+ if (!PageSlab(page)) {
55784+ if (object_is_on_stack(ptr, n) == -1)
55785+ goto report;
55786+ return;
55787+ }
55788+
55789+ s = page->slab;
55790+ offset = (ptr - page_address(page)) % s->size;
55791+ if (offset <= s->objsize && n <= s->objsize - offset)
55792+ return;
55793+
55794+report:
55795+ if (to)
55796+ pax_report_leak_to_user(ptr, n);
55797+ else
55798+ pax_report_overflow_from_user(ptr, n);
55799+#endif
55800+
55801+}
55802+EXPORT_SYMBOL(check_object_size);
55803+
55804 size_t ksize(const void *object)
55805 {
55806 struct page *page;
55807@@ -2958,7 +2999,7 @@ static void __init kmem_cache_bootstrap_
55808 int node;
55809
55810 list_add(&s->list, &slab_caches);
55811- s->refcount = -1;
55812+ atomic_set(&s->refcount, -1);
55813
55814 for_each_node_state(node, N_NORMAL_MEMORY) {
55815 struct kmem_cache_node *n = get_node(s, node);
55816@@ -3153,7 +3194,7 @@ static int slab_unmergeable(struct kmem_
55817 /*
55818 * We may have set a slab to be unmergeable during bootstrap.
55819 */
55820- if (s->refcount < 0)
55821+ if (atomic_read(&s->refcount) < 0)
55822 return 1;
55823
55824 return 0;
55825@@ -3212,7 +3253,7 @@ struct kmem_cache *kmem_cache_create(con
55826 down_write(&slub_lock);
55827 s = find_mergeable(size, align, flags, name, ctor);
55828 if (s) {
55829- s->refcount++;
55830+ atomic_inc(&s->refcount);
55831 /*
55832 * Adjust the object sizes so that we clear
55833 * the complete object on kzalloc.
55834@@ -3221,7 +3262,7 @@ struct kmem_cache *kmem_cache_create(con
55835 s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
55836
55837 if (sysfs_slab_alias(s, name)) {
55838- s->refcount--;
55839+ atomic_dec(&s->refcount);
55840 goto err;
55841 }
55842 up_write(&slub_lock);
55843@@ -3954,7 +3995,7 @@ SLAB_ATTR_RO(ctor);
55844
55845 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
55846 {
55847- return sprintf(buf, "%d\n", s->refcount - 1);
55848+ return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1);
55849 }
55850 SLAB_ATTR_RO(aliases);
55851
55852@@ -4691,7 +4732,13 @@ static const struct file_operations proc
55853
55854 static int __init slab_proc_init(void)
55855 {
55856- proc_create("slabinfo", S_IRUGO, NULL, &proc_slabinfo_operations);
55857+ mode_t gr_mode = S_IRUGO;
55858+
55859+#ifdef CONFIG_GRKERNSEC_PROC_ADD
55860+ gr_mode = S_IRUSR;
55861+#endif
55862+
55863+ proc_create("slabinfo", gr_mode, NULL, &proc_slabinfo_operations);
55864 return 0;
55865 }
55866 module_init(slab_proc_init);
55867diff -urNp linux-2.6.38.2/mm/util.c linux-2.6.38.2/mm/util.c
55868--- linux-2.6.38.2/mm/util.c 2011-03-14 21:20:32.000000000 -0400
55869+++ linux-2.6.38.2/mm/util.c 2011-03-21 18:31:35.000000000 -0400
55870@@ -219,6 +219,12 @@ EXPORT_SYMBOL(strndup_user);
55871 void arch_pick_mmap_layout(struct mm_struct *mm)
55872 {
55873 mm->mmap_base = TASK_UNMAPPED_BASE;
55874+
55875+#ifdef CONFIG_PAX_RANDMMAP
55876+ if (mm->pax_flags & MF_PAX_RANDMMAP)
55877+ mm->mmap_base += mm->delta_mmap;
55878+#endif
55879+
55880 mm->get_unmapped_area = arch_get_unmapped_area;
55881 mm->unmap_area = arch_unmap_area;
55882 }
55883diff -urNp linux-2.6.38.2/mm/vmalloc.c linux-2.6.38.2/mm/vmalloc.c
55884--- linux-2.6.38.2/mm/vmalloc.c 2011-03-14 21:20:32.000000000 -0400
55885+++ linux-2.6.38.2/mm/vmalloc.c 2011-03-21 18:31:35.000000000 -0400
55886@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd,
55887
55888 pte = pte_offset_kernel(pmd, addr);
55889 do {
55890- pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
55891- WARN_ON(!pte_none(ptent) && !pte_present(ptent));
55892+
55893+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
55894+ if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
55895+ BUG_ON(!pte_exec(*pte));
55896+ set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
55897+ continue;
55898+ }
55899+#endif
55900+
55901+ {
55902+ pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
55903+ WARN_ON(!pte_none(ptent) && !pte_present(ptent));
55904+ }
55905 } while (pte++, addr += PAGE_SIZE, addr != end);
55906 }
55907
55908@@ -91,6 +102,7 @@ static int vmap_pte_range(pmd_t *pmd, un
55909 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
55910 {
55911 pte_t *pte;
55912+ int ret = -ENOMEM;
55913
55914 /*
55915 * nr is a running index into the array which helps higher level
55916@@ -100,17 +112,30 @@ static int vmap_pte_range(pmd_t *pmd, un
55917 pte = pte_alloc_kernel(pmd, addr);
55918 if (!pte)
55919 return -ENOMEM;
55920+
55921+ pax_open_kernel();
55922 do {
55923 struct page *page = pages[*nr];
55924
55925- if (WARN_ON(!pte_none(*pte)))
55926- return -EBUSY;
55927- if (WARN_ON(!page))
55928- return -ENOMEM;
55929+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
55930+ if (pgprot_val(prot) & _PAGE_NX)
55931+#endif
55932+
55933+ if (WARN_ON(!pte_none(*pte))) {
55934+ ret = -EBUSY;
55935+ goto out;
55936+ }
55937+ if (WARN_ON(!page)) {
55938+ ret = -ENOMEM;
55939+ goto out;
55940+ }
55941 set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
55942 (*nr)++;
55943 } while (pte++, addr += PAGE_SIZE, addr != end);
55944- return 0;
55945+ ret = 0;
55946+out:
55947+ pax_close_kernel();
55948+ return ret;
55949 }
55950
55951 static int vmap_pmd_range(pud_t *pud, unsigned long addr,
55952@@ -191,11 +216,20 @@ int is_vmalloc_or_module_addr(const void
55953 * and fall back on vmalloc() if that fails. Others
55954 * just put it in the vmalloc space.
55955 */
55956-#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
55957+#ifdef CONFIG_MODULES
55958+#ifdef MODULES_VADDR
55959 unsigned long addr = (unsigned long)x;
55960 if (addr >= MODULES_VADDR && addr < MODULES_END)
55961 return 1;
55962 #endif
55963+
55964+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
55965+ if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END)
55966+ return 1;
55967+#endif
55968+
55969+#endif
55970+
55971 return is_vmalloc_addr(x);
55972 }
55973
55974@@ -216,8 +250,14 @@ struct page *vmalloc_to_page(const void
55975
55976 if (!pgd_none(*pgd)) {
55977 pud_t *pud = pud_offset(pgd, addr);
55978+#ifdef CONFIG_X86
55979+ if (!pud_large(*pud))
55980+#endif
55981 if (!pud_none(*pud)) {
55982 pmd_t *pmd = pmd_offset(pud, addr);
55983+#ifdef CONFIG_X86
55984+ if (!pmd_large(*pmd))
55985+#endif
55986 if (!pmd_none(*pmd)) {
55987 pte_t *ptep, pte;
55988
55989@@ -1244,6 +1284,16 @@ static struct vm_struct *__get_vm_area_n
55990 struct vm_struct *area;
55991
55992 BUG_ON(in_interrupt());
55993+
55994+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
55995+ if (flags & VM_KERNEXEC) {
55996+ if (start != VMALLOC_START || end != VMALLOC_END)
55997+ return NULL;
55998+ start = (unsigned long)MODULES_EXEC_VADDR;
55999+ end = (unsigned long)MODULES_EXEC_END;
56000+ }
56001+#endif
56002+
56003 if (flags & VM_IOREMAP) {
56004 int bit = fls(size);
56005
56006@@ -1462,6 +1512,11 @@ void *vmap(struct page **pages, unsigned
56007 if (count > totalram_pages)
56008 return NULL;
56009
56010+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
56011+ if (!(pgprot_val(prot) & _PAGE_NX))
56012+ flags |= VM_KERNEXEC;
56013+#endif
56014+
56015 area = get_vm_area_caller((count << PAGE_SHIFT), flags,
56016 __builtin_return_address(0));
56017 if (!area)
56018@@ -1558,6 +1613,13 @@ void *__vmalloc_node_range(unsigned long
56019 if (!size || (size >> PAGE_SHIFT) > totalram_pages)
56020 return NULL;
56021
56022+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
56023+ if (!(pgprot_val(prot) & _PAGE_NX))
56024+ area = __get_vm_area_node(size, align, VM_ALLOC | VM_KERNEXEC, VMALLOC_START, VMALLOC_END,
56025+ node, gfp_mask, caller);
56026+ else
56027+#endif
56028+
56029 area = __get_vm_area_node(size, align, VM_ALLOC, start, end, node,
56030 gfp_mask, caller);
56031
56032@@ -1597,6 +1659,7 @@ static void *__vmalloc_node(unsigned lon
56033 gfp_mask, prot, node, caller);
56034 }
56035
56036+#undef __vmalloc
56037 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
56038 {
56039 return __vmalloc_node(size, 1, gfp_mask, prot, -1,
56040@@ -1620,6 +1683,7 @@ static inline void *__vmalloc_node_flags
56041 * For tight control over page level allocator and protection flags
56042 * use __vmalloc() instead.
56043 */
56044+#undef vmalloc
56045 void *vmalloc(unsigned long size)
56046 {
56047 return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM);
56048@@ -1636,6 +1700,7 @@ EXPORT_SYMBOL(vmalloc);
56049 * For tight control over page level allocator and protection flags
56050 * use __vmalloc() instead.
56051 */
56052+#undef vzalloc
56053 void *vzalloc(unsigned long size)
56054 {
56055 return __vmalloc_node_flags(size, -1,
56056@@ -1650,6 +1715,7 @@ EXPORT_SYMBOL(vzalloc);
56057 * The resulting memory area is zeroed so it can be mapped to userspace
56058 * without leaking data.
56059 */
56060+#undef vmalloc_user
56061 void *vmalloc_user(unsigned long size)
56062 {
56063 struct vm_struct *area;
56064@@ -1677,6 +1743,7 @@ EXPORT_SYMBOL(vmalloc_user);
56065 * For tight control over page level allocator and protection flags
56066 * use __vmalloc() instead.
56067 */
56068+#undef vmalloc_node
56069 void *vmalloc_node(unsigned long size, int node)
56070 {
56071 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
56072@@ -1696,6 +1763,7 @@ EXPORT_SYMBOL(vmalloc_node);
56073 * For tight control over page level allocator and protection flags
56074 * use __vmalloc_node() instead.
56075 */
56076+#undef vzalloc_node
56077 void *vzalloc_node(unsigned long size, int node)
56078 {
56079 return __vmalloc_node_flags(size, node,
56080@@ -1718,10 +1786,10 @@ EXPORT_SYMBOL(vzalloc_node);
56081 * For tight control over page level allocator and protection flags
56082 * use __vmalloc() instead.
56083 */
56084-
56085+#undef vmalloc_exec
56086 void *vmalloc_exec(unsigned long size)
56087 {
56088- return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
56089+ return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
56090 -1, __builtin_return_address(0));
56091 }
56092
56093@@ -1740,6 +1808,7 @@ void *vmalloc_exec(unsigned long size)
56094 * Allocate enough 32bit PA addressable pages to cover @size from the
56095 * page level allocator and map them into contiguous kernel virtual space.
56096 */
56097+#undef vmalloc_32
56098 void *vmalloc_32(unsigned long size)
56099 {
56100 return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
56101@@ -1754,6 +1823,7 @@ EXPORT_SYMBOL(vmalloc_32);
56102 * The resulting memory area is 32bit addressable and zeroed so it can be
56103 * mapped to userspace without leaking data.
56104 */
56105+#undef vmalloc_32_user
56106 void *vmalloc_32_user(unsigned long size)
56107 {
56108 struct vm_struct *area;
56109@@ -2018,6 +2088,8 @@ int remap_vmalloc_range(struct vm_area_s
56110 unsigned long uaddr = vma->vm_start;
56111 unsigned long usize = vma->vm_end - vma->vm_start;
56112
56113+ BUG_ON(vma->vm_mirror);
56114+
56115 if ((PAGE_SIZE-1) & (unsigned long)addr)
56116 return -EINVAL;
56117
56118diff -urNp linux-2.6.38.2/mm/vmstat.c linux-2.6.38.2/mm/vmstat.c
56119--- linux-2.6.38.2/mm/vmstat.c 2011-03-14 21:20:32.000000000 -0400
56120+++ linux-2.6.38.2/mm/vmstat.c 2011-03-21 18:31:35.000000000 -0400
56121@@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu)
56122 *
56123 * vm_stat contains the global counters
56124 */
56125-atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
56126+atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
56127 EXPORT_SYMBOL(vm_stat);
56128
56129 #ifdef CONFIG_SMP
56130@@ -451,7 +451,7 @@ void refresh_cpu_vm_stats(int cpu)
56131 v = p->vm_stat_diff[i];
56132 p->vm_stat_diff[i] = 0;
56133 local_irq_restore(flags);
56134- atomic_long_add(v, &zone->vm_stat[i]);
56135+ atomic_long_add_unchecked(v, &zone->vm_stat[i]);
56136 global_diff[i] += v;
56137 #ifdef CONFIG_NUMA
56138 /* 3 seconds idle till flush */
56139@@ -489,7 +489,7 @@ void refresh_cpu_vm_stats(int cpu)
56140
56141 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
56142 if (global_diff[i])
56143- atomic_long_add(global_diff[i], &vm_stat[i]);
56144+ atomic_long_add_unchecked(global_diff[i], &vm_stat[i]);
56145 }
56146
56147 #endif
56148@@ -1188,10 +1188,20 @@ static int __init setup_vmstat(void)
56149 start_cpu_timer(cpu);
56150 #endif
56151 #ifdef CONFIG_PROC_FS
56152- proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
56153- proc_create("pagetypeinfo", S_IRUGO, NULL, &pagetypeinfo_file_ops);
56154- proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations);
56155- proc_create("zoneinfo", S_IRUGO, NULL, &proc_zoneinfo_file_operations);
56156+ {
56157+ mode_t gr_mode = S_IRUGO;
56158+#ifdef CONFIG_GRKERNSEC_PROC_ADD
56159+ gr_mode = S_IRUSR;
56160+#endif
56161+ proc_create("buddyinfo", gr_mode, NULL, &fragmentation_file_operations);
56162+ proc_create("pagetypeinfo", gr_mode, NULL, &pagetypeinfo_file_ops);
56163+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
56164+ proc_create("vmstat", gr_mode | S_IRGRP, NULL, &proc_vmstat_file_operations);
56165+#else
56166+ proc_create("vmstat", gr_mode, NULL, &proc_vmstat_file_operations);
56167+#endif
56168+ proc_create("zoneinfo", gr_mode, NULL, &proc_zoneinfo_file_operations);
56169+ }
56170 #endif
56171 return 0;
56172 }
56173diff -urNp linux-2.6.38.2/net/8021q/vlan.c linux-2.6.38.2/net/8021q/vlan.c
56174--- linux-2.6.38.2/net/8021q/vlan.c 2011-03-14 21:20:32.000000000 -0400
56175+++ linux-2.6.38.2/net/8021q/vlan.c 2011-03-21 18:31:35.000000000 -0400
56176@@ -589,8 +589,7 @@ static int vlan_ioctl_handler(struct net
56177 err = -EPERM;
56178 if (!capable(CAP_NET_ADMIN))
56179 break;
56180- if ((args.u.name_type >= 0) &&
56181- (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
56182+ if (args.u.name_type < VLAN_NAME_TYPE_HIGHEST) {
56183 struct vlan_net *vn;
56184
56185 vn = net_generic(net, vlan_net_id);
56186diff -urNp linux-2.6.38.2/net/atm/atm_misc.c linux-2.6.38.2/net/atm/atm_misc.c
56187--- linux-2.6.38.2/net/atm/atm_misc.c 2011-03-14 21:20:32.000000000 -0400
56188+++ linux-2.6.38.2/net/atm/atm_misc.c 2011-03-21 18:31:35.000000000 -0400
56189@@ -17,7 +17,7 @@ int atm_charge(struct atm_vcc *vcc, int
56190 if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf)
56191 return 1;
56192 atm_return(vcc, truesize);
56193- atomic_inc(&vcc->stats->rx_drop);
56194+ atomic_inc_unchecked(&vcc->stats->rx_drop);
56195 return 0;
56196 }
56197 EXPORT_SYMBOL(atm_charge);
56198@@ -39,7 +39,7 @@ struct sk_buff *atm_alloc_charge(struct
56199 }
56200 }
56201 atm_return(vcc, guess);
56202- atomic_inc(&vcc->stats->rx_drop);
56203+ atomic_inc_unchecked(&vcc->stats->rx_drop);
56204 return NULL;
56205 }
56206 EXPORT_SYMBOL(atm_alloc_charge);
56207@@ -86,7 +86,7 @@ EXPORT_SYMBOL(atm_pcr_goal);
56208
56209 void sonet_copy_stats(struct k_sonet_stats *from, struct sonet_stats *to)
56210 {
56211-#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
56212+#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
56213 __SONET_ITEMS
56214 #undef __HANDLE_ITEM
56215 }
56216@@ -94,7 +94,7 @@ EXPORT_SYMBOL(sonet_copy_stats);
56217
56218 void sonet_subtract_stats(struct k_sonet_stats *from, struct sonet_stats *to)
56219 {
56220-#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
56221+#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i)
56222 __SONET_ITEMS
56223 #undef __HANDLE_ITEM
56224 }
56225diff -urNp linux-2.6.38.2/net/atm/proc.c linux-2.6.38.2/net/atm/proc.c
56226--- linux-2.6.38.2/net/atm/proc.c 2011-03-14 21:20:32.000000000 -0400
56227+++ linux-2.6.38.2/net/atm/proc.c 2011-03-21 18:31:35.000000000 -0400
56228@@ -45,9 +45,9 @@ static void add_stats(struct seq_file *s
56229 const struct k_atm_aal_stats *stats)
56230 {
56231 seq_printf(seq, "%s ( %d %d %d %d %d )", aal,
56232- atomic_read(&stats->tx), atomic_read(&stats->tx_err),
56233- atomic_read(&stats->rx), atomic_read(&stats->rx_err),
56234- atomic_read(&stats->rx_drop));
56235+ atomic_read_unchecked(&stats->tx),atomic_read_unchecked(&stats->tx_err),
56236+ atomic_read_unchecked(&stats->rx),atomic_read_unchecked(&stats->rx_err),
56237+ atomic_read_unchecked(&stats->rx_drop));
56238 }
56239
56240 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
56241@@ -191,7 +191,12 @@ static void vcc_info(struct seq_file *se
56242 {
56243 struct sock *sk = sk_atm(vcc);
56244
56245+#ifdef CONFIG_GRKERNSEC_HIDESYM
56246+ seq_printf(seq, "%p ", NULL);
56247+#else
56248 seq_printf(seq, "%p ", vcc);
56249+#endif
56250+
56251 if (!vcc->dev)
56252 seq_printf(seq, "Unassigned ");
56253 else
56254@@ -218,7 +223,11 @@ static void svc_info(struct seq_file *se
56255 {
56256 if (!vcc->dev)
56257 seq_printf(seq, sizeof(void *) == 4 ?
56258+#ifdef CONFIG_GRKERNSEC_HIDESYM
56259+ "N/A@%p%10s" : "N/A@%p%2s", NULL, "");
56260+#else
56261 "N/A@%p%10s" : "N/A@%p%2s", vcc, "");
56262+#endif
56263 else
56264 seq_printf(seq, "%3d %3d %5d ",
56265 vcc->dev->number, vcc->vpi, vcc->vci);
56266diff -urNp linux-2.6.38.2/net/atm/resources.c linux-2.6.38.2/net/atm/resources.c
56267--- linux-2.6.38.2/net/atm/resources.c 2011-03-14 21:20:32.000000000 -0400
56268+++ linux-2.6.38.2/net/atm/resources.c 2011-03-21 18:31:35.000000000 -0400
56269@@ -160,7 +160,7 @@ EXPORT_SYMBOL(atm_dev_deregister);
56270 static void copy_aal_stats(struct k_atm_aal_stats *from,
56271 struct atm_aal_stats *to)
56272 {
56273-#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
56274+#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
56275 __AAL_STAT_ITEMS
56276 #undef __HANDLE_ITEM
56277 }
56278@@ -168,7 +168,7 @@ static void copy_aal_stats(struct k_atm_
56279 static void subtract_aal_stats(struct k_atm_aal_stats *from,
56280 struct atm_aal_stats *to)
56281 {
56282-#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
56283+#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i)
56284 __AAL_STAT_ITEMS
56285 #undef __HANDLE_ITEM
56286 }
56287diff -urNp linux-2.6.38.2/net/bluetooth/bnep/sock.c linux-2.6.38.2/net/bluetooth/bnep/sock.c
56288--- linux-2.6.38.2/net/bluetooth/bnep/sock.c 2011-03-14 21:20:32.000000000 -0400
56289+++ linux-2.6.38.2/net/bluetooth/bnep/sock.c 2011-03-21 18:31:35.000000000 -0400
56290@@ -88,6 +88,7 @@ static int bnep_sock_ioctl(struct socket
56291 sockfd_put(nsock);
56292 return -EBADFD;
56293 }
56294+ ca.device[sizeof(ca.device)-1] = 0;
56295
56296 err = bnep_add_connection(&ca, nsock);
56297 if (!err) {
56298diff -urNp linux-2.6.38.2/net/bluetooth/sco.c linux-2.6.38.2/net/bluetooth/sco.c
56299--- linux-2.6.38.2/net/bluetooth/sco.c 2011-03-14 21:20:32.000000000 -0400
56300+++ linux-2.6.38.2/net/bluetooth/sco.c 2011-03-21 18:31:35.000000000 -0400
56301@@ -703,6 +703,7 @@ static int sco_sock_getsockopt_old(struc
56302 break;
56303 }
56304
56305+ memset(&cinfo, 0, sizeof(cinfo));
56306 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
56307 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
56308
56309diff -urNp linux-2.6.38.2/net/bridge/br_multicast.c linux-2.6.38.2/net/bridge/br_multicast.c
56310--- linux-2.6.38.2/net/bridge/br_multicast.c 2011-03-14 21:20:32.000000000 -0400
56311+++ linux-2.6.38.2/net/bridge/br_multicast.c 2011-03-21 18:31:35.000000000 -0400
56312@@ -1482,7 +1482,7 @@ static int br_multicast_ipv6_rcv(struct
56313 nexthdr = ip6h->nexthdr;
56314 offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr);
56315
56316- if (offset < 0 || nexthdr != IPPROTO_ICMPV6)
56317+ if (nexthdr != IPPROTO_ICMPV6)
56318 return 0;
56319
56320 /* Okay, we found ICMPv6 header */
56321diff -urNp linux-2.6.38.2/net/bridge/netfilter/ebtables.c linux-2.6.38.2/net/bridge/netfilter/ebtables.c
56322--- linux-2.6.38.2/net/bridge/netfilter/ebtables.c 2011-03-14 21:20:32.000000000 -0400
56323+++ linux-2.6.38.2/net/bridge/netfilter/ebtables.c 2011-03-21 18:31:35.000000000 -0400
56324@@ -1107,6 +1107,8 @@ static int do_replace(struct net *net, c
56325 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
56326 return -ENOMEM;
56327
56328+ tmp.name[sizeof(tmp.name)-1] = 0;
56329+
56330 countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids;
56331 newinfo = vmalloc(sizeof(*newinfo) + countersize);
56332 if (!newinfo)
56333@@ -1510,7 +1512,7 @@ static int do_ebt_get_ctl(struct sock *s
56334 tmp.valid_hooks = t->table->valid_hooks;
56335 }
56336 mutex_unlock(&ebt_mutex);
56337- if (copy_to_user(user, &tmp, *len) != 0){
56338+ if (*len > sizeof(tmp) || copy_to_user(user, &tmp, *len) != 0){
56339 BUGPRINT("c2u Didn't work\n");
56340 ret = -EFAULT;
56341 break;
56342diff -urNp linux-2.6.38.2/net/can/bcm.c linux-2.6.38.2/net/can/bcm.c
56343--- linux-2.6.38.2/net/can/bcm.c 2011-03-14 21:20:32.000000000 -0400
56344+++ linux-2.6.38.2/net/can/bcm.c 2011-03-21 18:31:35.000000000 -0400
56345@@ -165,9 +165,15 @@ static int bcm_proc_show(struct seq_file
56346 struct bcm_sock *bo = bcm_sk(sk);
56347 struct bcm_op *op;
56348
56349+#ifdef CONFIG_GRKERNSEC_HIDESYM
56350+ seq_printf(m, ">>> socket %p", NULL);
56351+ seq_printf(m, " / sk %p", NULL);
56352+ seq_printf(m, " / bo %p", NULL);
56353+#else
56354 seq_printf(m, ">>> socket %p", sk->sk_socket);
56355 seq_printf(m, " / sk %p", sk);
56356 seq_printf(m, " / bo %p", bo);
56357+#endif
56358 seq_printf(m, " / dropped %lu", bo->dropped_usr_msgs);
56359 seq_printf(m, " / bound %s", bcm_proc_getifname(ifname, bo->ifindex));
56360 seq_printf(m, " <<<\n");
56361diff -urNp linux-2.6.38.2/net/core/dev.c linux-2.6.38.2/net/core/dev.c
56362--- linux-2.6.38.2/net/core/dev.c 2011-03-14 21:20:32.000000000 -0400
56363+++ linux-2.6.38.2/net/core/dev.c 2011-03-21 18:31:35.000000000 -0400
56364@@ -1124,7 +1124,7 @@ void dev_load(struct net *net, const cha
56365 if (no_module && capable(CAP_NET_ADMIN))
56366 no_module = request_module("netdev-%s", name);
56367 if (no_module && capable(CAP_SYS_MODULE)) {
56368- if (!request_module("%s", name))
56369+ if (!request_module("%s", name))
56370 pr_err("Loading kernel module for a network device "
56371 "with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s "
56372 "instead\n", name);
56373@@ -2787,7 +2787,7 @@ int netif_rx_ni(struct sk_buff *skb)
56374 }
56375 EXPORT_SYMBOL(netif_rx_ni);
56376
56377-static void net_tx_action(struct softirq_action *h)
56378+static void net_tx_action(void)
56379 {
56380 struct softnet_data *sd = &__get_cpu_var(softnet_data);
56381
56382@@ -3697,7 +3697,7 @@ void netif_napi_del(struct napi_struct *
56383 }
56384 EXPORT_SYMBOL(netif_napi_del);
56385
56386-static void net_rx_action(struct softirq_action *h)
56387+static void net_rx_action(void)
56388 {
56389 struct softnet_data *sd = &__get_cpu_var(softnet_data);
56390 unsigned long time_limit = jiffies + 2;
56391diff -urNp linux-2.6.38.2/net/core/sock.c linux-2.6.38.2/net/core/sock.c
56392--- linux-2.6.38.2/net/core/sock.c 2011-03-14 21:20:32.000000000 -0400
56393+++ linux-2.6.38.2/net/core/sock.c 2011-03-21 18:31:35.000000000 -0400
56394@@ -934,7 +934,7 @@ int sock_getsockopt(struct socket *sock,
56395 return -ENOTCONN;
56396 if (lv < len)
56397 return -EINVAL;
56398- if (copy_to_user(optval, address, len))
56399+ if (len > sizeof(address) || copy_to_user(optval, address, len))
56400 return -EFAULT;
56401 goto lenout;
56402 }
56403@@ -967,7 +967,7 @@ int sock_getsockopt(struct socket *sock,
56404
56405 if (len > lv)
56406 len = lv;
56407- if (copy_to_user(optval, &v, len))
56408+ if (len > sizeof(v) || copy_to_user(optval, &v, len))
56409 return -EFAULT;
56410 lenout:
56411 if (put_user(len, optlen))
56412diff -urNp linux-2.6.38.2/net/dccp/ccids/ccid3.c linux-2.6.38.2/net/dccp/ccids/ccid3.c
56413--- linux-2.6.38.2/net/dccp/ccids/ccid3.c 2011-03-14 21:20:32.000000000 -0400
56414+++ linux-2.6.38.2/net/dccp/ccids/ccid3.c 2011-03-21 18:31:35.000000000 -0400
56415@@ -41,7 +41,7 @@
56416 static int ccid3_debug;
56417 #define ccid3_pr_debug(format, a...) DCCP_PR_DEBUG(ccid3_debug, format, ##a)
56418 #else
56419-#define ccid3_pr_debug(format, a...)
56420+#define ccid3_pr_debug(format, a...) do {} while (0)
56421 #endif
56422
56423 /*
56424diff -urNp linux-2.6.38.2/net/dccp/dccp.h linux-2.6.38.2/net/dccp/dccp.h
56425--- linux-2.6.38.2/net/dccp/dccp.h 2011-03-14 21:20:32.000000000 -0400
56426+++ linux-2.6.38.2/net/dccp/dccp.h 2011-03-21 18:31:35.000000000 -0400
56427@@ -44,9 +44,9 @@ extern int dccp_debug;
56428 #define dccp_pr_debug_cat(format, a...) DCCP_PRINTK(dccp_debug, format, ##a)
56429 #define dccp_debug(fmt, a...) dccp_pr_debug_cat(KERN_DEBUG fmt, ##a)
56430 #else
56431-#define dccp_pr_debug(format, a...)
56432-#define dccp_pr_debug_cat(format, a...)
56433-#define dccp_debug(format, a...)
56434+#define dccp_pr_debug(format, a...) do {} while (0)
56435+#define dccp_pr_debug_cat(format, a...) do {} while (0)
56436+#define dccp_debug(format, a...) do {} while (0)
56437 #endif
56438
56439 extern struct inet_hashinfo dccp_hashinfo;
56440diff -urNp linux-2.6.38.2/net/decnet/sysctl_net_decnet.c linux-2.6.38.2/net/decnet/sysctl_net_decnet.c
56441--- linux-2.6.38.2/net/decnet/sysctl_net_decnet.c 2011-03-14 21:20:32.000000000 -0400
56442+++ linux-2.6.38.2/net/decnet/sysctl_net_decnet.c 2011-03-21 18:31:35.000000000 -0400
56443@@ -173,7 +173,7 @@ static int dn_node_address_handler(ctl_t
56444
56445 if (len > *lenp) len = *lenp;
56446
56447- if (copy_to_user(buffer, addr, len))
56448+ if (len > sizeof addr || copy_to_user(buffer, addr, len))
56449 return -EFAULT;
56450
56451 *lenp = len;
56452@@ -236,7 +236,7 @@ static int dn_def_dev_handler(ctl_table
56453
56454 if (len > *lenp) len = *lenp;
56455
56456- if (copy_to_user(buffer, devname, len))
56457+ if (len > sizeof devname || copy_to_user(buffer, devname, len))
56458 return -EFAULT;
56459
56460 *lenp = len;
56461diff -urNp linux-2.6.38.2/net/econet/Kconfig linux-2.6.38.2/net/econet/Kconfig
56462--- linux-2.6.38.2/net/econet/Kconfig 2011-03-14 21:20:32.000000000 -0400
56463+++ linux-2.6.38.2/net/econet/Kconfig 2011-03-21 18:31:35.000000000 -0400
56464@@ -4,7 +4,7 @@
56465
56466 config ECONET
56467 tristate "Acorn Econet/AUN protocols (EXPERIMENTAL)"
56468- depends on EXPERIMENTAL && INET
56469+ depends on EXPERIMENTAL && INET && BROKEN
56470 ---help---
56471 Econet is a fairly old and slow networking protocol mainly used by
56472 Acorn computers to access file and print servers. It uses native
56473diff -urNp linux-2.6.38.2/net/ipv4/inet_diag.c linux-2.6.38.2/net/ipv4/inet_diag.c
56474--- linux-2.6.38.2/net/ipv4/inet_diag.c 2011-03-14 21:20:32.000000000 -0400
56475+++ linux-2.6.38.2/net/ipv4/inet_diag.c 2011-03-21 18:31:35.000000000 -0400
56476@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct soc
56477 r->idiag_retrans = 0;
56478
56479 r->id.idiag_if = sk->sk_bound_dev_if;
56480+
56481+#ifdef CONFIG_GRKERNSEC_HIDESYM
56482+ r->id.idiag_cookie[0] = 0;
56483+ r->id.idiag_cookie[1] = 0;
56484+#else
56485 r->id.idiag_cookie[0] = (u32)(unsigned long)sk;
56486 r->id.idiag_cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1);
56487+#endif
56488
56489 r->id.idiag_sport = inet->inet_sport;
56490 r->id.idiag_dport = inet->inet_dport;
56491@@ -201,8 +207,15 @@ static int inet_twsk_diag_fill(struct in
56492 r->idiag_family = tw->tw_family;
56493 r->idiag_retrans = 0;
56494 r->id.idiag_if = tw->tw_bound_dev_if;
56495+
56496+#ifdef CONFIG_GRKERNSEC_HIDESYM
56497+ r->id.idiag_cookie[0] = 0;
56498+ r->id.idiag_cookie[1] = 0;
56499+#else
56500 r->id.idiag_cookie[0] = (u32)(unsigned long)tw;
56501 r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1);
56502+#endif
56503+
56504 r->id.idiag_sport = tw->tw_sport;
56505 r->id.idiag_dport = tw->tw_dport;
56506 r->id.idiag_src[0] = tw->tw_rcv_saddr;
56507@@ -285,12 +298,14 @@ static int inet_diag_get_exact(struct sk
56508 if (sk == NULL)
56509 goto unlock;
56510
56511+#ifndef CONFIG_GRKERNSEC_HIDESYM
56512 err = -ESTALE;
56513 if ((req->id.idiag_cookie[0] != INET_DIAG_NOCOOKIE ||
56514 req->id.idiag_cookie[1] != INET_DIAG_NOCOOKIE) &&
56515 ((u32)(unsigned long)sk != req->id.idiag_cookie[0] ||
56516 (u32)((((unsigned long)sk) >> 31) >> 1) != req->id.idiag_cookie[1]))
56517 goto out;
56518+#endif
56519
56520 err = -ENOMEM;
56521 rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
56522@@ -582,8 +597,14 @@ static int inet_diag_fill_req(struct sk_
56523 r->idiag_retrans = req->retrans;
56524
56525 r->id.idiag_if = sk->sk_bound_dev_if;
56526+
56527+#ifdef CONFIG_GRKERNSEC_HIDESYM
56528+ r->id.idiag_cookie[0] = 0;
56529+ r->id.idiag_cookie[1] = 0;
56530+#else
56531 r->id.idiag_cookie[0] = (u32)(unsigned long)req;
56532 r->id.idiag_cookie[1] = (u32)(((unsigned long)req >> 31) >> 1);
56533+#endif
56534
56535 tmo = req->expires - jiffies;
56536 if (tmo < 0)
56537diff -urNp linux-2.6.38.2/net/ipv4/inet_hashtables.c linux-2.6.38.2/net/ipv4/inet_hashtables.c
56538--- linux-2.6.38.2/net/ipv4/inet_hashtables.c 2011-03-14 21:20:32.000000000 -0400
56539+++ linux-2.6.38.2/net/ipv4/inet_hashtables.c 2011-03-21 18:31:35.000000000 -0400
56540@@ -18,11 +18,14 @@
56541 #include <linux/sched.h>
56542 #include <linux/slab.h>
56543 #include <linux/wait.h>
56544+#include <linux/security.h>
56545
56546 #include <net/inet_connection_sock.h>
56547 #include <net/inet_hashtables.h>
56548 #include <net/ip.h>
56549
56550+extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
56551+
56552 /*
56553 * Allocate and initialize a new local port bind bucket.
56554 * The bindhash mutex for snum's hash chain must be held here.
56555@@ -529,6 +532,8 @@ ok:
56556 twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
56557 spin_unlock(&head->lock);
56558
56559+ gr_update_task_in_ip_table(current, inet_sk(sk));
56560+
56561 if (tw) {
56562 inet_twsk_deschedule(tw, death_row);
56563 while (twrefcnt) {
56564diff -urNp linux-2.6.38.2/net/ipv4/inetpeer.c linux-2.6.38.2/net/ipv4/inetpeer.c
56565--- linux-2.6.38.2/net/ipv4/inetpeer.c 2011-03-14 21:20:32.000000000 -0400
56566+++ linux-2.6.38.2/net/ipv4/inetpeer.c 2011-03-21 18:31:35.000000000 -0400
56567@@ -509,8 +509,8 @@ struct inet_peer *inet_getpeer(struct in
56568 if (p) {
56569 p->daddr = *daddr;
56570 atomic_set(&p->refcnt, 1);
56571- atomic_set(&p->rid, 0);
56572- atomic_set(&p->ip_id_count, secure_ip_id(daddr->a4));
56573+ atomic_set_unchecked(&p->rid, 0);
56574+ atomic_set_unchecked(&p->ip_id_count, secure_ip_id(daddr->a4));
56575 p->tcp_ts_stamp = 0;
56576 INIT_LIST_HEAD(&p->unused);
56577
56578diff -urNp linux-2.6.38.2/net/ipv4/ip_fragment.c linux-2.6.38.2/net/ipv4/ip_fragment.c
56579--- linux-2.6.38.2/net/ipv4/ip_fragment.c 2011-03-14 21:20:32.000000000 -0400
56580+++ linux-2.6.38.2/net/ipv4/ip_fragment.c 2011-03-21 18:31:35.000000000 -0400
56581@@ -298,7 +298,7 @@ static inline int ip_frag_too_far(struct
56582 return 0;
56583
56584 start = qp->rid;
56585- end = atomic_inc_return(&peer->rid);
56586+ end = atomic_inc_return_unchecked(&peer->rid);
56587 qp->rid = end;
56588
56589 rc = qp->q.fragments && (end - start) > max;
56590diff -urNp linux-2.6.38.2/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.38.2/net/ipv4/netfilter/nf_nat_snmp_basic.c
56591--- linux-2.6.38.2/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-03-14 21:20:32.000000000 -0400
56592+++ linux-2.6.38.2/net/ipv4/netfilter/nf_nat_snmp_basic.c 2011-03-21 18:31:35.000000000 -0400
56593@@ -398,7 +398,7 @@ static unsigned char asn1_octets_decode(
56594
56595 *len = 0;
56596
56597- *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
56598+ *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
56599 if (*octets == NULL) {
56600 if (net_ratelimit())
56601 pr_notice("OOM in bsalg (%d)\n", __LINE__);
56602diff -urNp linux-2.6.38.2/net/ipv4/route.c linux-2.6.38.2/net/ipv4/route.c
56603--- linux-2.6.38.2/net/ipv4/route.c 2011-03-14 21:20:32.000000000 -0400
56604+++ linux-2.6.38.2/net/ipv4/route.c 2011-03-21 18:31:35.000000000 -0400
56605@@ -2857,7 +2857,7 @@ static int rt_fill_info(struct net *net,
56606 expires = rt->dst.expires ? rt->dst.expires - jiffies : 0;
56607 if (rt->peer) {
56608 inet_peer_refcheck(rt->peer);
56609- id = atomic_read(&rt->peer->ip_id_count) & 0xffff;
56610+ id = atomic_read_unchecked(&rt->peer->ip_id_count) & 0xffff;
56611 if (rt->peer->tcp_ts_stamp) {
56612 ts = rt->peer->tcp_ts;
56613 tsage = get_seconds() - rt->peer->tcp_ts_stamp;
56614diff -urNp linux-2.6.38.2/net/ipv4/tcp_ipv4.c linux-2.6.38.2/net/ipv4/tcp_ipv4.c
56615--- linux-2.6.38.2/net/ipv4/tcp_ipv4.c 2011-03-14 21:20:32.000000000 -0400
56616+++ linux-2.6.38.2/net/ipv4/tcp_ipv4.c 2011-03-21 18:31:35.000000000 -0400
56617@@ -86,6 +86,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
56618 int sysctl_tcp_low_latency __read_mostly;
56619 EXPORT_SYMBOL(sysctl_tcp_low_latency);
56620
56621+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56622+extern int grsec_enable_blackhole;
56623+#endif
56624
56625 #ifdef CONFIG_TCP_MD5SIG
56626 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
56627@@ -1593,6 +1596,9 @@ int tcp_v4_do_rcv(struct sock *sk, struc
56628 return 0;
56629
56630 reset:
56631+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56632+ if (!grsec_enable_blackhole)
56633+#endif
56634 tcp_v4_send_reset(rsk, skb);
56635 discard:
56636 kfree_skb(skb);
56637@@ -1655,12 +1661,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
56638 TCP_SKB_CB(skb)->sacked = 0;
56639
56640 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
56641- if (!sk)
56642+ if (!sk) {
56643+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56644+ ret = 1;
56645+#endif
56646 goto no_tcp_socket;
56647-
56648+ }
56649 process:
56650- if (sk->sk_state == TCP_TIME_WAIT)
56651+ if (sk->sk_state == TCP_TIME_WAIT) {
56652+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56653+ ret = 2;
56654+#endif
56655 goto do_time_wait;
56656+ }
56657
56658 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
56659 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
56660@@ -1710,6 +1723,10 @@ no_tcp_socket:
56661 bad_packet:
56662 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
56663 } else {
56664+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56665+ if (!grsec_enable_blackhole || (ret == 1 &&
56666+ (skb->dev->flags & IFF_LOOPBACK)))
56667+#endif
56668 tcp_v4_send_reset(NULL, skb);
56669 }
56670
56671@@ -2373,7 +2390,11 @@ static void get_openreq4(struct sock *sk
56672 0, /* non standard timer */
56673 0, /* open_requests have no inode */
56674 atomic_read(&sk->sk_refcnt),
56675+#ifdef CONFIG_GRKERNSEC_HIDESYM
56676+ NULL,
56677+#else
56678 req,
56679+#endif
56680 len);
56681 }
56682
56683@@ -2423,7 +2444,12 @@ static void get_tcp4_sock(struct sock *s
56684 sock_i_uid(sk),
56685 icsk->icsk_probes_out,
56686 sock_i_ino(sk),
56687- atomic_read(&sk->sk_refcnt), sk,
56688+ atomic_read(&sk->sk_refcnt),
56689+#ifdef CONFIG_GRKERNSEC_HIDESYM
56690+ NULL,
56691+#else
56692+ sk,
56693+#endif
56694 jiffies_to_clock_t(icsk->icsk_rto),
56695 jiffies_to_clock_t(icsk->icsk_ack.ato),
56696 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
56697@@ -2451,7 +2477,13 @@ static void get_timewait4_sock(struct in
56698 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p%n",
56699 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
56700 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
56701- atomic_read(&tw->tw_refcnt), tw, len);
56702+ atomic_read(&tw->tw_refcnt),
56703+#ifdef CONFIG_GRKERNSEC_HIDESYM
56704+ NULL,
56705+#else
56706+ tw,
56707+#endif
56708+ len);
56709 }
56710
56711 #define TMPSZ 150
56712diff -urNp linux-2.6.38.2/net/ipv4/tcp_minisocks.c linux-2.6.38.2/net/ipv4/tcp_minisocks.c
56713--- linux-2.6.38.2/net/ipv4/tcp_minisocks.c 2011-03-14 21:20:32.000000000 -0400
56714+++ linux-2.6.38.2/net/ipv4/tcp_minisocks.c 2011-03-21 18:31:35.000000000 -0400
56715@@ -27,6 +27,10 @@
56716 #include <net/inet_common.h>
56717 #include <net/xfrm.h>
56718
56719+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56720+extern int grsec_enable_blackhole;
56721+#endif
56722+
56723 int sysctl_tcp_syncookies __read_mostly = 1;
56724 EXPORT_SYMBOL(sysctl_tcp_syncookies);
56725
56726@@ -745,6 +749,10 @@ listen_overflow:
56727
56728 embryonic_reset:
56729 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
56730+
56731+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56732+ if (!grsec_enable_blackhole)
56733+#endif
56734 if (!(flg & TCP_FLAG_RST))
56735 req->rsk_ops->send_reset(sk, skb);
56736
56737diff -urNp linux-2.6.38.2/net/ipv4/tcp_probe.c linux-2.6.38.2/net/ipv4/tcp_probe.c
56738--- linux-2.6.38.2/net/ipv4/tcp_probe.c 2011-03-14 21:20:32.000000000 -0400
56739+++ linux-2.6.38.2/net/ipv4/tcp_probe.c 2011-03-21 18:31:35.000000000 -0400
56740@@ -202,7 +202,7 @@ static ssize_t tcpprobe_read(struct file
56741 if (cnt + width >= len)
56742 break;
56743
56744- if (copy_to_user(buf + cnt, tbuf, width))
56745+ if (width > sizeof tbuf || copy_to_user(buf + cnt, tbuf, width))
56746 return -EFAULT;
56747 cnt += width;
56748 }
56749diff -urNp linux-2.6.38.2/net/ipv4/tcp_timer.c linux-2.6.38.2/net/ipv4/tcp_timer.c
56750--- linux-2.6.38.2/net/ipv4/tcp_timer.c 2011-03-14 21:20:32.000000000 -0400
56751+++ linux-2.6.38.2/net/ipv4/tcp_timer.c 2011-03-21 18:31:35.000000000 -0400
56752@@ -22,6 +22,10 @@
56753 #include <linux/gfp.h>
56754 #include <net/tcp.h>
56755
56756+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56757+extern int grsec_lastack_retries;
56758+#endif
56759+
56760 int sysctl_tcp_syn_retries __read_mostly = TCP_SYN_RETRIES;
56761 int sysctl_tcp_synack_retries __read_mostly = TCP_SYNACK_RETRIES;
56762 int sysctl_tcp_keepalive_time __read_mostly = TCP_KEEPALIVE_TIME;
56763@@ -199,6 +203,13 @@ static int tcp_write_timeout(struct sock
56764 }
56765 }
56766
56767+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56768+ if ((sk->sk_state == TCP_LAST_ACK) &&
56769+ (grsec_lastack_retries > 0) &&
56770+ (grsec_lastack_retries < retry_until))
56771+ retry_until = grsec_lastack_retries;
56772+#endif
56773+
56774 if (retransmits_timed_out(sk, retry_until,
56775 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
56776 /* Has it gone just too far? */
56777diff -urNp linux-2.6.38.2/net/ipv4/udp.c linux-2.6.38.2/net/ipv4/udp.c
56778--- linux-2.6.38.2/net/ipv4/udp.c 2011-03-14 21:20:32.000000000 -0400
56779+++ linux-2.6.38.2/net/ipv4/udp.c 2011-03-21 18:31:35.000000000 -0400
56780@@ -86,6 +86,7 @@
56781 #include <linux/types.h>
56782 #include <linux/fcntl.h>
56783 #include <linux/module.h>
56784+#include <linux/security.h>
56785 #include <linux/socket.h>
56786 #include <linux/sockios.h>
56787 #include <linux/igmp.h>
56788@@ -107,6 +108,10 @@
56789 #include <net/xfrm.h>
56790 #include "udp_impl.h"
56791
56792+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56793+extern int grsec_enable_blackhole;
56794+#endif
56795+
56796 struct udp_table udp_table __read_mostly;
56797 EXPORT_SYMBOL(udp_table);
56798
56799@@ -564,6 +569,9 @@ found:
56800 return s;
56801 }
56802
56803+extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
56804+extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
56805+
56806 /*
56807 * This routine is called by the ICMP module when it gets some
56808 * sort of error condition. If err < 0 then the socket should
56809@@ -832,9 +840,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
56810 dport = usin->sin_port;
56811 if (dport == 0)
56812 return -EINVAL;
56813+
56814+ err = gr_search_udp_sendmsg(sk, usin);
56815+ if (err)
56816+ return err;
56817 } else {
56818 if (sk->sk_state != TCP_ESTABLISHED)
56819 return -EDESTADDRREQ;
56820+
56821+ err = gr_search_udp_sendmsg(sk, NULL);
56822+ if (err)
56823+ return err;
56824+
56825 daddr = inet->inet_daddr;
56826 dport = inet->inet_dport;
56827 /* Open fast path for connected socket.
56828@@ -1139,6 +1156,10 @@ try_again:
56829 if (!skb)
56830 goto out;
56831
56832+ err = gr_search_udp_recvmsg(sk, skb);
56833+ if (err)
56834+ goto out_free;
56835+
56836 ulen = skb->len - sizeof(struct udphdr);
56837 if (len > ulen)
56838 len = ulen;
56839@@ -1623,6 +1644,9 @@ int __udp4_lib_rcv(struct sk_buff *skb,
56840 goto csum_error;
56841
56842 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
56843+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56844+ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK))
56845+#endif
56846 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
56847
56848 /*
56849@@ -2050,7 +2074,12 @@ static void udp4_format_sock(struct sock
56850 sk_wmem_alloc_get(sp),
56851 sk_rmem_alloc_get(sp),
56852 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
56853- atomic_read(&sp->sk_refcnt), sp,
56854+ atomic_read(&sp->sk_refcnt),
56855+#ifdef CONFIG_GRKERNSEC_HIDESYM
56856+ NULL,
56857+#else
56858+ sp,
56859+#endif
56860 atomic_read(&sp->sk_drops), len);
56861 }
56862
56863diff -urNp linux-2.6.38.2/net/ipv6/exthdrs.c linux-2.6.38.2/net/ipv6/exthdrs.c
56864--- linux-2.6.38.2/net/ipv6/exthdrs.c 2011-03-14 21:20:32.000000000 -0400
56865+++ linux-2.6.38.2/net/ipv6/exthdrs.c 2011-03-21 18:31:35.000000000 -0400
56866@@ -634,7 +634,7 @@ static struct tlvtype_proc tlvprochopopt
56867 .type = IPV6_TLV_JUMBO,
56868 .func = ipv6_hop_jumbo,
56869 },
56870- { -1, }
56871+ { -1, NULL }
56872 };
56873
56874 int ipv6_parse_hopopts(struct sk_buff *skb)
56875diff -urNp linux-2.6.38.2/net/ipv6/raw.c linux-2.6.38.2/net/ipv6/raw.c
56876--- linux-2.6.38.2/net/ipv6/raw.c 2011-03-14 21:20:32.000000000 -0400
56877+++ linux-2.6.38.2/net/ipv6/raw.c 2011-03-21 18:31:35.000000000 -0400
56878@@ -602,7 +602,7 @@ out:
56879 return err;
56880 }
56881
56882-static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
56883+static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length,
56884 struct flowi *fl, struct dst_entry **dstp,
56885 unsigned int flags)
56886 {
56887@@ -1262,7 +1262,13 @@ static void raw6_sock_seq_show(struct se
56888 0, 0L, 0,
56889 sock_i_uid(sp), 0,
56890 sock_i_ino(sp),
56891- atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops));
56892+ atomic_read(&sp->sk_refcnt),
56893+#ifdef CONFIG_GRKERNSEC_HIDESYM
56894+ NULL,
56895+#else
56896+ sp,
56897+#endif
56898+ atomic_read(&sp->sk_drops));
56899 }
56900
56901 static int raw6_seq_show(struct seq_file *seq, void *v)
56902diff -urNp linux-2.6.38.2/net/ipv6/tcp_ipv6.c linux-2.6.38.2/net/ipv6/tcp_ipv6.c
56903--- linux-2.6.38.2/net/ipv6/tcp_ipv6.c 2011-03-14 21:20:32.000000000 -0400
56904+++ linux-2.6.38.2/net/ipv6/tcp_ipv6.c 2011-03-21 18:31:35.000000000 -0400
56905@@ -92,6 +92,10 @@ static struct tcp_md5sig_key *tcp_v6_md5
56906 }
56907 #endif
56908
56909+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56910+extern int grsec_enable_blackhole;
56911+#endif
56912+
56913 static void tcp_v6_hash(struct sock *sk)
56914 {
56915 if (sk->sk_state != TCP_CLOSE) {
56916@@ -1676,6 +1680,9 @@ static int tcp_v6_do_rcv(struct sock *sk
56917 return 0;
56918
56919 reset:
56920+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56921+ if (!grsec_enable_blackhole)
56922+#endif
56923 tcp_v6_send_reset(sk, skb);
56924 discard:
56925 if (opt_skb)
56926@@ -1755,12 +1762,20 @@ static int tcp_v6_rcv(struct sk_buff *sk
56927 TCP_SKB_CB(skb)->sacked = 0;
56928
56929 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
56930- if (!sk)
56931+ if (!sk) {
56932+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56933+ ret = 1;
56934+#endif
56935 goto no_tcp_socket;
56936+ }
56937
56938 process:
56939- if (sk->sk_state == TCP_TIME_WAIT)
56940+ if (sk->sk_state == TCP_TIME_WAIT) {
56941+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56942+ ret = 2;
56943+#endif
56944 goto do_time_wait;
56945+ }
56946
56947 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
56948 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
56949@@ -1808,6 +1823,10 @@ no_tcp_socket:
56950 bad_packet:
56951 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
56952 } else {
56953+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
56954+ if (!grsec_enable_blackhole || (ret == 1 &&
56955+ (skb->dev->flags & IFF_LOOPBACK)))
56956+#endif
56957 tcp_v6_send_reset(NULL, skb);
56958 }
56959
56960@@ -2068,7 +2087,13 @@ static void get_openreq6(struct seq_file
56961 uid,
56962 0, /* non standard timer */
56963 0, /* open_requests have no inode */
56964- 0, req);
56965+ 0,
56966+#ifdef CONFIG_GRKERNSEC_HIDESYM
56967+ NULL
56968+#else
56969+ req
56970+#endif
56971+ );
56972 }
56973
56974 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
56975@@ -2118,7 +2143,12 @@ static void get_tcp6_sock(struct seq_fil
56976 sock_i_uid(sp),
56977 icsk->icsk_probes_out,
56978 sock_i_ino(sp),
56979- atomic_read(&sp->sk_refcnt), sp,
56980+ atomic_read(&sp->sk_refcnt),
56981+#ifdef CONFIG_GRKERNSEC_HIDESYM
56982+ NULL,
56983+#else
56984+ sp,
56985+#endif
56986 jiffies_to_clock_t(icsk->icsk_rto),
56987 jiffies_to_clock_t(icsk->icsk_ack.ato),
56988 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
56989@@ -2153,7 +2183,13 @@ static void get_timewait6_sock(struct se
56990 dest->s6_addr32[2], dest->s6_addr32[3], destp,
56991 tw->tw_substate, 0, 0,
56992 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
56993- atomic_read(&tw->tw_refcnt), tw);
56994+ atomic_read(&tw->tw_refcnt),
56995+#ifdef CONFIG_GRKERNSEC_HIDESYM
56996+ NULL
56997+#else
56998+ tw
56999+#endif
57000+ );
57001 }
57002
57003 static int tcp6_seq_show(struct seq_file *seq, void *v)
57004diff -urNp linux-2.6.38.2/net/ipv6/udp.c linux-2.6.38.2/net/ipv6/udp.c
57005--- linux-2.6.38.2/net/ipv6/udp.c 2011-03-14 21:20:32.000000000 -0400
57006+++ linux-2.6.38.2/net/ipv6/udp.c 2011-03-21 18:31:35.000000000 -0400
57007@@ -50,6 +50,10 @@
57008 #include <linux/seq_file.h>
57009 #include "udp_impl.h"
57010
57011+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
57012+extern int grsec_enable_blackhole;
57013+#endif
57014+
57015 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
57016 {
57017 const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
57018@@ -773,6 +777,9 @@ int __udp6_lib_rcv(struct sk_buff *skb,
57019 UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
57020 proto == IPPROTO_UDPLITE);
57021
57022+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
57023+ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK))
57024+#endif
57025 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
57026
57027 kfree_skb(skb);
57028@@ -1407,7 +1414,12 @@ static void udp6_sock_seq_show(struct se
57029 0, 0L, 0,
57030 sock_i_uid(sp), 0,
57031 sock_i_ino(sp),
57032- atomic_read(&sp->sk_refcnt), sp,
57033+ atomic_read(&sp->sk_refcnt),
57034+#ifdef CONFIG_GRKERNSEC_HIDESYM
57035+ NULL,
57036+#else
57037+ sp,
57038+#endif
57039 atomic_read(&sp->sk_drops));
57040 }
57041
57042diff -urNp linux-2.6.38.2/net/irda/ircomm/ircomm_tty.c linux-2.6.38.2/net/irda/ircomm/ircomm_tty.c
57043--- linux-2.6.38.2/net/irda/ircomm/ircomm_tty.c 2011-03-14 21:20:32.000000000 -0400
57044+++ linux-2.6.38.2/net/irda/ircomm/ircomm_tty.c 2011-03-21 18:31:35.000000000 -0400
57045@@ -281,16 +281,16 @@ static int ircomm_tty_block_til_ready(st
57046 add_wait_queue(&self->open_wait, &wait);
57047
57048 IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
57049- __FILE__,__LINE__, tty->driver->name, self->open_count );
57050+ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) );
57051
57052 /* As far as I can see, we protect open_count - Jean II */
57053 spin_lock_irqsave(&self->spinlock, flags);
57054 if (!tty_hung_up_p(filp)) {
57055 extra_count = 1;
57056- self->open_count--;
57057+ local_dec(&self->open_count);
57058 }
57059 spin_unlock_irqrestore(&self->spinlock, flags);
57060- self->blocked_open++;
57061+ local_inc(&self->blocked_open);
57062
57063 while (1) {
57064 if (tty->termios->c_cflag & CBAUD) {
57065@@ -330,7 +330,7 @@ static int ircomm_tty_block_til_ready(st
57066 }
57067
57068 IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
57069- __FILE__,__LINE__, tty->driver->name, self->open_count );
57070+ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) );
57071
57072 schedule();
57073 }
57074@@ -341,13 +341,13 @@ static int ircomm_tty_block_til_ready(st
57075 if (extra_count) {
57076 /* ++ is not atomic, so this should be protected - Jean II */
57077 spin_lock_irqsave(&self->spinlock, flags);
57078- self->open_count++;
57079+ local_inc(&self->open_count);
57080 spin_unlock_irqrestore(&self->spinlock, flags);
57081 }
57082- self->blocked_open--;
57083+ local_dec(&self->blocked_open);
57084
57085 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
57086- __FILE__,__LINE__, tty->driver->name, self->open_count);
57087+ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count));
57088
57089 if (!retval)
57090 self->flags |= ASYNC_NORMAL_ACTIVE;
57091@@ -416,14 +416,14 @@ static int ircomm_tty_open(struct tty_st
57092 }
57093 /* ++ is not atomic, so this should be protected - Jean II */
57094 spin_lock_irqsave(&self->spinlock, flags);
57095- self->open_count++;
57096+ local_inc(&self->open_count);
57097
57098 tty->driver_data = self;
57099 self->tty = tty;
57100 spin_unlock_irqrestore(&self->spinlock, flags);
57101
57102 IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name,
57103- self->line, self->open_count);
57104+ self->line, local_read(&self->open_count));
57105
57106 /* Not really used by us, but lets do it anyway */
57107 self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
57108@@ -509,7 +509,7 @@ static void ircomm_tty_close(struct tty_
57109 return;
57110 }
57111
57112- if ((tty->count == 1) && (self->open_count != 1)) {
57113+ if ((tty->count == 1) && (local_read(&self->open_count) != 1)) {
57114 /*
57115 * Uh, oh. tty->count is 1, which means that the tty
57116 * structure will be freed. state->count should always
57117@@ -519,16 +519,16 @@ static void ircomm_tty_close(struct tty_
57118 */
57119 IRDA_DEBUG(0, "%s(), bad serial port count; "
57120 "tty->count is 1, state->count is %d\n", __func__ ,
57121- self->open_count);
57122- self->open_count = 1;
57123+ local_read(&self->open_count));
57124+ local_set(&self->open_count, 1);
57125 }
57126
57127- if (--self->open_count < 0) {
57128+ if (local_dec_return(&self->open_count) < 0) {
57129 IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n",
57130- __func__, self->line, self->open_count);
57131- self->open_count = 0;
57132+ __func__, self->line, local_read(&self->open_count));
57133+ local_set(&self->open_count, 0);
57134 }
57135- if (self->open_count) {
57136+ if (local_read(&self->open_count)) {
57137 spin_unlock_irqrestore(&self->spinlock, flags);
57138
57139 IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ );
57140@@ -560,7 +560,7 @@ static void ircomm_tty_close(struct tty_
57141 tty->closing = 0;
57142 self->tty = NULL;
57143
57144- if (self->blocked_open) {
57145+ if (local_read(&self->blocked_open)) {
57146 if (self->close_delay)
57147 schedule_timeout_interruptible(self->close_delay);
57148 wake_up_interruptible(&self->open_wait);
57149@@ -1012,7 +1012,7 @@ static void ircomm_tty_hangup(struct tty
57150 spin_lock_irqsave(&self->spinlock, flags);
57151 self->flags &= ~ASYNC_NORMAL_ACTIVE;
57152 self->tty = NULL;
57153- self->open_count = 0;
57154+ local_set(&self->open_count, 0);
57155 spin_unlock_irqrestore(&self->spinlock, flags);
57156
57157 wake_up_interruptible(&self->open_wait);
57158@@ -1364,7 +1364,7 @@ static void ircomm_tty_line_info(struct
57159 seq_putc(m, '\n');
57160
57161 seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
57162- seq_printf(m, "Open count: %d\n", self->open_count);
57163+ seq_printf(m, "Open count: %d\n", local_read(&self->open_count));
57164 seq_printf(m, "Max data size: %d\n", self->max_data_size);
57165 seq_printf(m, "Max header size: %d\n", self->max_header_size);
57166
57167diff -urNp linux-2.6.38.2/net/key/af_key.c linux-2.6.38.2/net/key/af_key.c
57168--- linux-2.6.38.2/net/key/af_key.c 2011-03-14 21:20:32.000000000 -0400
57169+++ linux-2.6.38.2/net/key/af_key.c 2011-03-21 18:31:35.000000000 -0400
57170@@ -3644,7 +3644,11 @@ static int pfkey_seq_show(struct seq_fil
57171 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
57172 else
57173 seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n",
57174+#ifdef CONFIG_GRKERNSEC_HIDESYM
57175+ NULL,
57176+#else
57177 s,
57178+#endif
57179 atomic_read(&s->sk_refcnt),
57180 sk_rmem_alloc_get(s),
57181 sk_wmem_alloc_get(s),
57182diff -urNp linux-2.6.38.2/net/mac80211/ieee80211_i.h linux-2.6.38.2/net/mac80211/ieee80211_i.h
57183--- linux-2.6.38.2/net/mac80211/ieee80211_i.h 2011-03-14 21:20:32.000000000 -0400
57184+++ linux-2.6.38.2/net/mac80211/ieee80211_i.h 2011-03-21 18:31:35.000000000 -0400
57185@@ -27,6 +27,7 @@
57186 #include <net/ieee80211_radiotap.h>
57187 #include <net/cfg80211.h>
57188 #include <net/mac80211.h>
57189+#include <asm/local.h>
57190 #include "key.h"
57191 #include "sta_info.h"
57192
57193@@ -716,7 +717,7 @@ struct ieee80211_local {
57194 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
57195 spinlock_t queue_stop_reason_lock;
57196
57197- int open_count;
57198+ local_t open_count;
57199 int monitors, cooked_mntrs;
57200 /* number of interfaces with corresponding FIF_ flags */
57201 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
57202diff -urNp linux-2.6.38.2/net/mac80211/iface.c linux-2.6.38.2/net/mac80211/iface.c
57203--- linux-2.6.38.2/net/mac80211/iface.c 2011-03-14 21:20:32.000000000 -0400
57204+++ linux-2.6.38.2/net/mac80211/iface.c 2011-03-21 18:31:35.000000000 -0400
57205@@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_
57206 break;
57207 }
57208
57209- if (local->open_count == 0) {
57210+ if (local_read(&local->open_count) == 0) {
57211 res = drv_start(local);
57212 if (res)
57213 goto err_del_bss;
57214@@ -235,7 +235,7 @@ static int ieee80211_do_open(struct net_
57215 memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
57216
57217 if (!is_valid_ether_addr(dev->dev_addr)) {
57218- if (!local->open_count)
57219+ if (!local_read(&local->open_count))
57220 drv_stop(local);
57221 return -EADDRNOTAVAIL;
57222 }
57223@@ -327,7 +327,7 @@ static int ieee80211_do_open(struct net_
57224 mutex_unlock(&local->mtx);
57225
57226 if (coming_up)
57227- local->open_count++;
57228+ local_inc(&local->open_count);
57229
57230 if (hw_reconf_flags) {
57231 ieee80211_hw_config(local, hw_reconf_flags);
57232@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_
57233 err_del_interface:
57234 drv_remove_interface(local, &sdata->vif);
57235 err_stop:
57236- if (!local->open_count)
57237+ if (!local_read(&local->open_count))
57238 drv_stop(local);
57239 err_del_bss:
57240 sdata->bss = NULL;
57241@@ -473,7 +473,7 @@ static void ieee80211_do_stop(struct iee
57242 }
57243
57244 if (going_down)
57245- local->open_count--;
57246+ local_dec(&local->open_count);
57247
57248 switch (sdata->vif.type) {
57249 case NL80211_IFTYPE_AP_VLAN:
57250@@ -532,7 +532,7 @@ static void ieee80211_do_stop(struct iee
57251
57252 ieee80211_recalc_ps(local, -1);
57253
57254- if (local->open_count == 0) {
57255+ if (local_read(&local->open_count) == 0) {
57256 if (local->ops->napi_poll)
57257 napi_disable(&local->napi);
57258 ieee80211_clear_tx_pending(local);
57259diff -urNp linux-2.6.38.2/net/mac80211/main.c linux-2.6.38.2/net/mac80211/main.c
57260--- linux-2.6.38.2/net/mac80211/main.c 2011-03-14 21:20:32.000000000 -0400
57261+++ linux-2.6.38.2/net/mac80211/main.c 2011-03-21 18:31:35.000000000 -0400
57262@@ -161,7 +161,7 @@ int ieee80211_hw_config(struct ieee80211
57263 local->hw.conf.power_level = power;
57264 }
57265
57266- if (changed && local->open_count) {
57267+ if (changed && local_read(&local->open_count)) {
57268 ret = drv_config(local, changed);
57269 /*
57270 * Goal:
57271diff -urNp linux-2.6.38.2/net/mac80211/pm.c linux-2.6.38.2/net/mac80211/pm.c
57272--- linux-2.6.38.2/net/mac80211/pm.c 2011-03-14 21:20:32.000000000 -0400
57273+++ linux-2.6.38.2/net/mac80211/pm.c 2011-03-21 18:31:35.000000000 -0400
57274@@ -95,7 +95,7 @@ int __ieee80211_suspend(struct ieee80211
57275 }
57276
57277 /* stop hardware - this must stop RX */
57278- if (local->open_count)
57279+ if (local_read(&local->open_count))
57280 ieee80211_stop_device(local);
57281
57282 local->suspended = true;
57283diff -urNp linux-2.6.38.2/net/mac80211/rate.c linux-2.6.38.2/net/mac80211/rate.c
57284--- linux-2.6.38.2/net/mac80211/rate.c 2011-03-14 21:20:32.000000000 -0400
57285+++ linux-2.6.38.2/net/mac80211/rate.c 2011-03-21 18:31:35.000000000 -0400
57286@@ -371,7 +371,7 @@ int ieee80211_init_rate_ctrl_alg(struct
57287
57288 ASSERT_RTNL();
57289
57290- if (local->open_count)
57291+ if (local_read(&local->open_count))
57292 return -EBUSY;
57293
57294 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
57295diff -urNp linux-2.6.38.2/net/mac80211/rc80211_pid_debugfs.c linux-2.6.38.2/net/mac80211/rc80211_pid_debugfs.c
57296--- linux-2.6.38.2/net/mac80211/rc80211_pid_debugfs.c 2011-03-14 21:20:32.000000000 -0400
57297+++ linux-2.6.38.2/net/mac80211/rc80211_pid_debugfs.c 2011-03-21 18:31:35.000000000 -0400
57298@@ -192,7 +192,7 @@ static ssize_t rate_control_pid_events_r
57299
57300 spin_unlock_irqrestore(&events->lock, status);
57301
57302- if (copy_to_user(buf, pb, p))
57303+ if (p > sizeof(pb) || copy_to_user(buf, pb, p))
57304 return -EFAULT;
57305
57306 return p;
57307diff -urNp linux-2.6.38.2/net/mac80211/tx.c linux-2.6.38.2/net/mac80211/tx.c
57308--- linux-2.6.38.2/net/mac80211/tx.c 2011-03-14 21:20:32.000000000 -0400
57309+++ linux-2.6.38.2/net/mac80211/tx.c 2011-03-21 18:31:35.000000000 -0400
57310@@ -173,7 +173,7 @@ static __le16 ieee80211_duration(struct
57311 return cpu_to_le16(dur);
57312 }
57313
57314-static int inline is_ieee80211_device(struct ieee80211_local *local,
57315+static inline int is_ieee80211_device(struct ieee80211_local *local,
57316 struct net_device *dev)
57317 {
57318 return local == wdev_priv(dev->ieee80211_ptr);
57319diff -urNp linux-2.6.38.2/net/mac80211/util.c linux-2.6.38.2/net/mac80211/util.c
57320--- linux-2.6.38.2/net/mac80211/util.c 2011-03-14 21:20:32.000000000 -0400
57321+++ linux-2.6.38.2/net/mac80211/util.c 2011-03-21 18:31:35.000000000 -0400
57322@@ -1135,7 +1135,7 @@ int ieee80211_reconfig(struct ieee80211_
57323 local->resuming = true;
57324
57325 /* restart hardware */
57326- if (local->open_count) {
57327+ if (local_read(&local->open_count)) {
57328 /*
57329 * Upon resume hardware can sometimes be goofy due to
57330 * various platform / driver / bus issues, so restarting
57331diff -urNp linux-2.6.38.2/net/netfilter/Kconfig linux-2.6.38.2/net/netfilter/Kconfig
57332--- linux-2.6.38.2/net/netfilter/Kconfig 2011-03-14 21:20:32.000000000 -0400
57333+++ linux-2.6.38.2/net/netfilter/Kconfig 2011-03-21 18:31:35.000000000 -0400
57334@@ -709,6 +709,16 @@ config NETFILTER_XT_MATCH_ESP
57335
57336 To compile it as a module, choose M here. If unsure, say N.
57337
57338+config NETFILTER_XT_MATCH_GRADM
57339+ tristate '"gradm" match support'
57340+ depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
57341+ depends on GRKERNSEC && !GRKERNSEC_NO_RBAC
57342+ ---help---
57343+ The gradm match allows to match on grsecurity RBAC being enabled.
57344+ It is useful when iptables rules are applied early on bootup to
57345+ prevent connections to the machine (except from a trusted host)
57346+ while the RBAC system is disabled.
57347+
57348 config NETFILTER_XT_MATCH_HASHLIMIT
57349 tristate '"hashlimit" match support'
57350 depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
57351diff -urNp linux-2.6.38.2/net/netfilter/Makefile linux-2.6.38.2/net/netfilter/Makefile
57352--- linux-2.6.38.2/net/netfilter/Makefile 2011-03-14 21:20:32.000000000 -0400
57353+++ linux-2.6.38.2/net/netfilter/Makefile 2011-03-21 18:31:35.000000000 -0400
57354@@ -74,6 +74,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_CPU) +=
57355 obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o
57356 obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
57357 obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
57358+obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) += xt_gradm.o
57359 obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
57360 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
57361 obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
57362diff -urNp linux-2.6.38.2/net/netfilter/nf_conntrack_netlink.c linux-2.6.38.2/net/netfilter/nf_conntrack_netlink.c
57363--- linux-2.6.38.2/net/netfilter/nf_conntrack_netlink.c 2011-03-14 21:20:32.000000000 -0400
57364+++ linux-2.6.38.2/net/netfilter/nf_conntrack_netlink.c 2011-03-21 18:31:35.000000000 -0400
57365@@ -761,7 +761,7 @@ static const struct nla_policy tuple_nla
57366 static int
57367 ctnetlink_parse_tuple(const struct nlattr * const cda[],
57368 struct nf_conntrack_tuple *tuple,
57369- enum ctattr_tuple type, u_int8_t l3num)
57370+ enum ctattr_type type, u_int8_t l3num)
57371 {
57372 struct nlattr *tb[CTA_TUPLE_MAX+1];
57373 int err;
57374diff -urNp linux-2.6.38.2/net/netfilter/xt_gradm.c linux-2.6.38.2/net/netfilter/xt_gradm.c
57375--- linux-2.6.38.2/net/netfilter/xt_gradm.c 1969-12-31 19:00:00.000000000 -0500
57376+++ linux-2.6.38.2/net/netfilter/xt_gradm.c 2011-03-21 18:31:35.000000000 -0400
57377@@ -0,0 +1,51 @@
57378+/*
57379+ * gradm match for netfilter
57380+ * Copyright © Zbigniew Krzystolik, 2010
57381+ *
57382+ * This program is free software; you can redistribute it and/or modify
57383+ * it under the terms of the GNU General Public License; either version
57384+ * 2 or 3 as published by the Free Software Foundation.
57385+ */
57386+#include <linux/module.h>
57387+#include <linux/moduleparam.h>
57388+#include <linux/skbuff.h>
57389+#include <linux/netfilter/x_tables.h>
57390+#include <linux/grsecurity.h>
57391+#include <linux/netfilter/xt_gradm.h>
57392+
57393+static bool
57394+gradm_mt(const struct sk_buff *skb, struct xt_action_param *par)
57395+{
57396+ const struct xt_gradm_mtinfo *info = par->matchinfo;
57397+ bool retval = false;
57398+ if (gr_acl_is_enabled())
57399+ retval = true;
57400+ return retval ^ info->invflags;
57401+}
57402+
57403+static struct xt_match gradm_mt_reg __read_mostly = {
57404+ .name = "gradm",
57405+ .revision = 0,
57406+ .family = NFPROTO_UNSPEC,
57407+ .match = gradm_mt,
57408+ .matchsize = XT_ALIGN(sizeof(struct xt_gradm_mtinfo)),
57409+ .me = THIS_MODULE,
57410+};
57411+
57412+static int __init gradm_mt_init(void)
57413+{
57414+ return xt_register_match(&gradm_mt_reg);
57415+}
57416+
57417+static void __exit gradm_mt_exit(void)
57418+{
57419+ xt_unregister_match(&gradm_mt_reg);
57420+}
57421+
57422+module_init(gradm_mt_init);
57423+module_exit(gradm_mt_exit);
57424+MODULE_AUTHOR("Zbigniew Krzystolik <zbyniu@destrukcja.pl>");
57425+MODULE_DESCRIPTION("Xtables: Grsecurity RBAC match");
57426+MODULE_LICENSE("GPL");
57427+MODULE_ALIAS("ipt_gradm");
57428+MODULE_ALIAS("ip6t_gradm");
57429diff -urNp linux-2.6.38.2/net/netlink/af_netlink.c linux-2.6.38.2/net/netlink/af_netlink.c
57430--- linux-2.6.38.2/net/netlink/af_netlink.c 2011-03-14 21:20:32.000000000 -0400
57431+++ linux-2.6.38.2/net/netlink/af_netlink.c 2011-03-21 18:31:35.000000000 -0400
57432@@ -2001,13 +2001,21 @@ static int netlink_seq_show(struct seq_f
57433 struct netlink_sock *nlk = nlk_sk(s);
57434
57435 seq_printf(seq, "%p %-3d %-6d %08x %-8d %-8d %p %-8d %-8d %-8lu\n",
57436+#ifdef CONFIG_GRKERNSEC_HIDESYM
57437+ NULL,
57438+#else
57439 s,
57440+#endif
57441 s->sk_protocol,
57442 nlk->pid,
57443 nlk->groups ? (u32)nlk->groups[0] : 0,
57444 sk_rmem_alloc_get(s),
57445 sk_wmem_alloc_get(s),
57446+#ifdef CONFIG_GRKERNSEC_HIDESYM
57447+ NULL,
57448+#else
57449 nlk->cb,
57450+#endif
57451 atomic_read(&s->sk_refcnt),
57452 atomic_read(&s->sk_drops),
57453 sock_i_ino(s)
57454diff -urNp linux-2.6.38.2/net/netrom/af_netrom.c linux-2.6.38.2/net/netrom/af_netrom.c
57455--- linux-2.6.38.2/net/netrom/af_netrom.c 2011-03-14 21:20:32.000000000 -0400
57456+++ linux-2.6.38.2/net/netrom/af_netrom.c 2011-03-21 18:31:35.000000000 -0400
57457@@ -840,6 +840,7 @@ static int nr_getname(struct socket *soc
57458 struct sock *sk = sock->sk;
57459 struct nr_sock *nr = nr_sk(sk);
57460
57461+ memset(sax, 0, sizeof(*sax));
57462 lock_sock(sk);
57463 if (peer != 0) {
57464 if (sk->sk_state != TCP_ESTABLISHED) {
57465@@ -854,7 +855,6 @@ static int nr_getname(struct socket *soc
57466 *uaddr_len = sizeof(struct full_sockaddr_ax25);
57467 } else {
57468 sax->fsa_ax25.sax25_family = AF_NETROM;
57469- sax->fsa_ax25.sax25_ndigis = 0;
57470 sax->fsa_ax25.sax25_call = nr->source_addr;
57471 *uaddr_len = sizeof(struct sockaddr_ax25);
57472 }
57473diff -urNp linux-2.6.38.2/net/packet/af_packet.c linux-2.6.38.2/net/packet/af_packet.c
57474--- linux-2.6.38.2/net/packet/af_packet.c 2011-03-14 21:20:32.000000000 -0400
57475+++ linux-2.6.38.2/net/packet/af_packet.c 2011-03-21 18:31:35.000000000 -0400
57476@@ -2134,7 +2134,7 @@ static int packet_getsockopt(struct sock
57477 case PACKET_HDRLEN:
57478 if (len > sizeof(int))
57479 len = sizeof(int);
57480- if (copy_from_user(&val, optval, len))
57481+ if (len > sizeof(val) || copy_from_user(&val, optval, len))
57482 return -EFAULT;
57483 switch (val) {
57484 case TPACKET_V1:
57485@@ -2172,7 +2172,7 @@ static int packet_getsockopt(struct sock
57486
57487 if (put_user(len, optlen))
57488 return -EFAULT;
57489- if (copy_to_user(optval, data, len))
57490+ if (len > sizeof(st) || copy_to_user(optval, data, len))
57491 return -EFAULT;
57492 return 0;
57493 }
57494@@ -2684,7 +2684,11 @@ static int packet_seq_show(struct seq_fi
57495
57496 seq_printf(seq,
57497 "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
57498+#ifdef CONFIG_GRKERNSEC_HIDESYM
57499+ NULL,
57500+#else
57501 s,
57502+#endif
57503 atomic_read(&s->sk_refcnt),
57504 s->sk_type,
57505 ntohs(po->num),
57506diff -urNp linux-2.6.38.2/net/phonet/af_phonet.c linux-2.6.38.2/net/phonet/af_phonet.c
57507--- linux-2.6.38.2/net/phonet/af_phonet.c 2011-03-14 21:20:32.000000000 -0400
57508+++ linux-2.6.38.2/net/phonet/af_phonet.c 2011-03-21 18:31:35.000000000 -0400
57509@@ -41,7 +41,7 @@ static struct phonet_protocol *phonet_pr
57510 {
57511 struct phonet_protocol *pp;
57512
57513- if (protocol >= PHONET_NPROTO)
57514+ if (protocol < 0 || protocol >= PHONET_NPROTO)
57515 return NULL;
57516
57517 rcu_read_lock();
57518@@ -463,7 +463,7 @@ int __init_or_module phonet_proto_regist
57519 {
57520 int err = 0;
57521
57522- if (protocol >= PHONET_NPROTO)
57523+ if (protocol < 0 || protocol >= PHONET_NPROTO)
57524 return -EINVAL;
57525
57526 err = proto_register(pp->prot, 1);
57527diff -urNp linux-2.6.38.2/net/phonet/socket.c linux-2.6.38.2/net/phonet/socket.c
57528--- linux-2.6.38.2/net/phonet/socket.c 2011-03-14 21:20:32.000000000 -0400
57529+++ linux-2.6.38.2/net/phonet/socket.c 2011-03-21 18:31:35.000000000 -0400
57530@@ -637,7 +637,12 @@ static int pn_sock_seq_show(struct seq_f
57531 sk->sk_state,
57532 sk_wmem_alloc_get(sk), sk_rmem_alloc_get(sk),
57533 sock_i_uid(sk), sock_i_ino(sk),
57534- atomic_read(&sk->sk_refcnt), sk,
57535+ atomic_read(&sk->sk_refcnt),
57536+#ifdef CONFIG_GRKERNSEC_HIDESYM
57537+ NULL,
57538+#else
57539+ sk,
57540+#endif
57541 atomic_read(&sk->sk_drops), &len);
57542 }
57543 seq_printf(seq, "%*s\n", 127 - len, "");
57544diff -urNp linux-2.6.38.2/net/sctp/proc.c linux-2.6.38.2/net/sctp/proc.c
57545--- linux-2.6.38.2/net/sctp/proc.c 2011-03-14 21:20:32.000000000 -0400
57546+++ linux-2.6.38.2/net/sctp/proc.c 2011-03-21 18:31:35.000000000 -0400
57547@@ -212,7 +212,12 @@ static int sctp_eps_seq_show(struct seq_
57548 sctp_for_each_hentry(epb, node, &head->chain) {
57549 ep = sctp_ep(epb);
57550 sk = epb->sk;
57551- seq_printf(seq, "%8p %8p %-3d %-3d %-4d %-5d %5d %5lu ", ep, sk,
57552+ seq_printf(seq, "%8p %8p %-3d %-3d %-4d %-5d %5d %5lu ",
57553+#ifdef CONFIG_GRKERNSEC_HIDESYM
57554+ NULL, NULL,
57555+#else
57556+ ep, sk,
57557+#endif
57558 sctp_sk(sk)->type, sk->sk_state, hash,
57559 epb->bind_addr.port,
57560 sock_i_uid(sk), sock_i_ino(sk));
57561@@ -318,7 +323,12 @@ static int sctp_assocs_seq_show(struct s
57562 seq_printf(seq,
57563 "%8p %8p %-3d %-3d %-2d %-4d "
57564 "%4d %8d %8d %7d %5lu %-5d %5d ",
57565- assoc, sk, sctp_sk(sk)->type, sk->sk_state,
57566+#ifdef CONFIG_GRKERNSEC_HIDESYM
57567+ NULL, NULL,
57568+#else
57569+ assoc, sk,
57570+#endif
57571+ sctp_sk(sk)->type, sk->sk_state,
57572 assoc->state, hash,
57573 assoc->assoc_id,
57574 assoc->sndbuf_used,
57575diff -urNp linux-2.6.38.2/net/sctp/socket.c linux-2.6.38.2/net/sctp/socket.c
57576--- linux-2.6.38.2/net/sctp/socket.c 2011-03-14 21:20:32.000000000 -0400
57577+++ linux-2.6.38.2/net/sctp/socket.c 2011-03-21 18:31:35.000000000 -0400
57578@@ -1496,7 +1496,7 @@ SCTP_STATIC int sctp_sendmsg(struct kioc
57579 struct sctp_sndrcvinfo *sinfo;
57580 struct sctp_initmsg *sinit;
57581 sctp_assoc_t associd = 0;
57582- sctp_cmsgs_t cmsgs = { NULL };
57583+ sctp_cmsgs_t cmsgs = { NULL, NULL };
57584 int err;
57585 sctp_scope_t scope;
57586 long timeo;
57587@@ -4435,7 +4435,7 @@ static int sctp_getsockopt_peer_addrs(st
57588 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
57589 if (space_left < addrlen)
57590 return -ENOMEM;
57591- if (copy_to_user(to, &temp, addrlen))
57592+ if (addrlen > sizeof(temp) || copy_to_user(to, &temp, addrlen))
57593 return -EFAULT;
57594 to += addrlen;
57595 cnt++;
57596diff -urNp linux-2.6.38.2/net/socket.c linux-2.6.38.2/net/socket.c
57597--- linux-2.6.38.2/net/socket.c 2011-03-28 17:42:40.000000000 -0400
57598+++ linux-2.6.38.2/net/socket.c 2011-03-28 17:42:53.000000000 -0400
57599@@ -88,6 +88,7 @@
57600 #include <linux/nsproxy.h>
57601 #include <linux/magic.h>
57602 #include <linux/slab.h>
57603+#include <linux/in.h>
57604
57605 #include <asm/uaccess.h>
57606 #include <asm/unistd.h>
57607@@ -105,6 +106,8 @@
57608 #include <linux/sockios.h>
57609 #include <linux/atalk.h>
57610
57611+#include <linux/grsock.h>
57612+
57613 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
57614 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
57615 unsigned long nr_segs, loff_t pos);
57616@@ -326,7 +329,7 @@ static struct dentry *sockfs_mount(struc
57617 &sockfs_dentry_operations, SOCKFS_MAGIC);
57618 }
57619
57620-static struct vfsmount *sock_mnt __read_mostly;
57621+struct vfsmount *sock_mnt __read_mostly;
57622
57623 static struct file_system_type sock_fs_type = {
57624 .name = "sockfs",
57625@@ -1174,6 +1177,8 @@ int __sock_create(struct net *net, int f
57626 return -EAFNOSUPPORT;
57627 if (type < 0 || type >= SOCK_MAX)
57628 return -EINVAL;
57629+ if (protocol < 0)
57630+ return -EINVAL;
57631
57632 /* Compatibility.
57633
57634@@ -1306,6 +1311,16 @@ SYSCALL_DEFINE3(socket, int, family, int
57635 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
57636 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
57637
57638+ if(!gr_search_socket(family, type, protocol)) {
57639+ retval = -EACCES;
57640+ goto out;
57641+ }
57642+
57643+ if (gr_handle_sock_all(family, type, protocol)) {
57644+ retval = -EACCES;
57645+ goto out;
57646+ }
57647+
57648 retval = sock_create(family, type, protocol, &sock);
57649 if (retval < 0)
57650 goto out;
57651@@ -1418,6 +1433,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
57652 if (sock) {
57653 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
57654 if (err >= 0) {
57655+ if (gr_handle_sock_server((struct sockaddr *)&address)) {
57656+ err = -EACCES;
57657+ goto error;
57658+ }
57659+ err = gr_search_bind(sock, (struct sockaddr_in *)&address);
57660+ if (err)
57661+ goto error;
57662+
57663 err = security_socket_bind(sock,
57664 (struct sockaddr *)&address,
57665 addrlen);
57666@@ -1426,6 +1449,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
57667 (struct sockaddr *)
57668 &address, addrlen);
57669 }
57670+error:
57671 fput_light(sock->file, fput_needed);
57672 }
57673 return err;
57674@@ -1449,10 +1473,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
57675 if ((unsigned)backlog > somaxconn)
57676 backlog = somaxconn;
57677
57678+ if (gr_handle_sock_server_other(sock->sk)) {
57679+ err = -EPERM;
57680+ goto error;
57681+ }
57682+
57683+ err = gr_search_listen(sock);
57684+ if (err)
57685+ goto error;
57686+
57687 err = security_socket_listen(sock, backlog);
57688 if (!err)
57689 err = sock->ops->listen(sock, backlog);
57690
57691+error:
57692 fput_light(sock->file, fput_needed);
57693 }
57694 return err;
57695@@ -1496,6 +1530,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
57696 newsock->type = sock->type;
57697 newsock->ops = sock->ops;
57698
57699+ if (gr_handle_sock_server_other(sock->sk)) {
57700+ err = -EPERM;
57701+ sock_release(newsock);
57702+ goto out_put;
57703+ }
57704+
57705+ err = gr_search_accept(sock);
57706+ if (err) {
57707+ sock_release(newsock);
57708+ goto out_put;
57709+ }
57710+
57711 /*
57712 * We don't need try_module_get here, as the listening socket (sock)
57713 * has the protocol module (sock->ops->owner) held.
57714@@ -1534,6 +1580,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
57715 fd_install(newfd, newfile);
57716 err = newfd;
57717
57718+ gr_attach_curr_ip(newsock->sk);
57719+
57720 out_put:
57721 fput_light(sock->file, fput_needed);
57722 out:
57723@@ -1566,6 +1614,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct
57724 int, addrlen)
57725 {
57726 struct socket *sock;
57727+ struct sockaddr *sck;
57728 struct sockaddr_storage address;
57729 int err, fput_needed;
57730
57731@@ -1576,6 +1625,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct
57732 if (err < 0)
57733 goto out_put;
57734
57735+ sck = (struct sockaddr *)&address;
57736+
57737+ if (gr_handle_sock_client(sck)) {
57738+ err = -EACCES;
57739+ goto out_put;
57740+ }
57741+
57742+ err = gr_search_connect(sock, (struct sockaddr_in *)sck);
57743+ if (err)
57744+ goto out_put;
57745+
57746 err =
57747 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
57748 if (err)
57749diff -urNp linux-2.6.38.2/net/sunrpc/sched.c linux-2.6.38.2/net/sunrpc/sched.c
57750--- linux-2.6.38.2/net/sunrpc/sched.c 2011-03-23 17:20:08.000000000 -0400
57751+++ linux-2.6.38.2/net/sunrpc/sched.c 2011-03-23 17:21:51.000000000 -0400
57752@@ -234,9 +234,9 @@ static int rpc_wait_bit_killable(void *w
57753 #ifdef RPC_DEBUG
57754 static void rpc_task_set_debuginfo(struct rpc_task *task)
57755 {
57756- static atomic_t rpc_pid;
57757+ static atomic_unchecked_t rpc_pid;
57758
57759- task->tk_pid = atomic_inc_return(&rpc_pid);
57760+ task->tk_pid = atomic_inc_return_unchecked(&rpc_pid);
57761 }
57762 #else
57763 static inline void rpc_task_set_debuginfo(struct rpc_task *task)
57764diff -urNp linux-2.6.38.2/net/sunrpc/xprtrdma/svc_rdma.c linux-2.6.38.2/net/sunrpc/xprtrdma/svc_rdma.c
57765--- linux-2.6.38.2/net/sunrpc/xprtrdma/svc_rdma.c 2011-03-14 21:20:32.000000000 -0400
57766+++ linux-2.6.38.2/net/sunrpc/xprtrdma/svc_rdma.c 2011-03-21 18:31:35.000000000 -0400
57767@@ -109,7 +109,7 @@ static int read_reset_stat(ctl_table *ta
57768 len -= *ppos;
57769 if (len > *lenp)
57770 len = *lenp;
57771- if (len && copy_to_user(buffer, str_buf, len))
57772+ if (len > sizeof str_buf || (len && copy_to_user(buffer, str_buf, len)))
57773 return -EFAULT;
57774 *lenp = len;
57775 *ppos += len;
57776diff -urNp linux-2.6.38.2/net/sysctl_net.c linux-2.6.38.2/net/sysctl_net.c
57777--- linux-2.6.38.2/net/sysctl_net.c 2011-03-14 21:20:32.000000000 -0400
57778+++ linux-2.6.38.2/net/sysctl_net.c 2011-03-21 18:31:35.000000000 -0400
57779@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ct
57780 struct ctl_table *table)
57781 {
57782 /* Allow network administrator to have same access as root. */
57783- if (capable(CAP_NET_ADMIN)) {
57784+ if (capable_nolog(CAP_NET_ADMIN)) {
57785 int mode = (table->mode >> 6) & 7;
57786 return (mode << 6) | (mode << 3) | mode;
57787 }
57788diff -urNp linux-2.6.38.2/net/tipc/socket.c linux-2.6.38.2/net/tipc/socket.c
57789--- linux-2.6.38.2/net/tipc/socket.c 2011-03-14 21:20:32.000000000 -0400
57790+++ linux-2.6.38.2/net/tipc/socket.c 2011-03-21 18:31:35.000000000 -0400
57791@@ -1447,8 +1447,9 @@ static int connect(struct socket *sock,
57792 } else {
57793 if (res == 0)
57794 res = -ETIMEDOUT;
57795- else
57796- ; /* leave "res" unchanged */
57797+ else {
57798+ /* leave "res" unchanged */
57799+ }
57800 sock->state = SS_DISCONNECTING;
57801 }
57802
57803diff -urNp linux-2.6.38.2/net/unix/af_unix.c linux-2.6.38.2/net/unix/af_unix.c
57804--- linux-2.6.38.2/net/unix/af_unix.c 2011-03-14 21:20:32.000000000 -0400
57805+++ linux-2.6.38.2/net/unix/af_unix.c 2011-03-21 18:31:35.000000000 -0400
57806@@ -765,6 +765,12 @@ static struct sock *unix_find_other(stru
57807 err = -ECONNREFUSED;
57808 if (!S_ISSOCK(inode->i_mode))
57809 goto put_fail;
57810+
57811+ if (!gr_acl_handle_unix(path.dentry, path.mnt)) {
57812+ err = -EACCES;
57813+ goto put_fail;
57814+ }
57815+
57816 u = unix_find_socket_byinode(inode);
57817 if (!u)
57818 goto put_fail;
57819@@ -785,6 +791,13 @@ static struct sock *unix_find_other(stru
57820 if (u) {
57821 struct dentry *dentry;
57822 dentry = unix_sk(u)->dentry;
57823+
57824+ if (!gr_handle_chroot_unix(u->sk_peer_pid)) {
57825+ err = -EPERM;
57826+ sock_put(u);
57827+ goto fail;
57828+ }
57829+
57830 if (dentry)
57831 touch_atime(unix_sk(u)->mnt, dentry);
57832 } else
57833@@ -870,11 +883,18 @@ static int unix_bind(struct socket *sock
57834 err = security_path_mknod(&nd.path, dentry, mode, 0);
57835 if (err)
57836 goto out_mknod_drop_write;
57837+ if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
57838+ err = -EACCES;
57839+ goto out_mknod_drop_write;
57840+ }
57841 err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
57842 out_mknod_drop_write:
57843 mnt_drop_write(nd.path.mnt);
57844 if (err)
57845 goto out_mknod_dput;
57846+
57847+ gr_handle_create(dentry, nd.path.mnt);
57848+
57849 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
57850 dput(nd.path.dentry);
57851 nd.path.dentry = dentry;
57852@@ -892,6 +912,11 @@ out_mknod_drop_write:
57853 goto out_unlock;
57854 }
57855
57856+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
57857+ put_pid(sk->sk_peer_pid);
57858+ sk->sk_peer_pid = get_pid(task_tgid(current));
57859+#endif
57860+
57861 list = &unix_socket_table[addr->hash];
57862 } else {
57863 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
57864@@ -2235,7 +2260,11 @@ static int unix_seq_show(struct seq_file
57865 unix_state_lock(s);
57866
57867 seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",
57868+#ifdef CONFIG_GRKERNSEC_HIDESYM
57869+ NULL,
57870+#else
57871 s,
57872+#endif
57873 atomic_read(&s->sk_refcnt),
57874 0,
57875 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
57876diff -urNp linux-2.6.38.2/net/wireless/reg.c linux-2.6.38.2/net/wireless/reg.c
57877--- linux-2.6.38.2/net/wireless/reg.c 2011-03-14 21:20:32.000000000 -0400
57878+++ linux-2.6.38.2/net/wireless/reg.c 2011-03-21 18:31:35.000000000 -0400
57879@@ -54,7 +54,7 @@
57880 printk(KERN_DEBUG pr_fmt(format), ##args); \
57881 } while (0)
57882 #else
57883-#define REG_DBG_PRINT(args...)
57884+#define REG_DBG_PRINT(args...) do {} while (0)
57885 #endif
57886
57887 /* Receipt of information from last regulatory request */
57888diff -urNp linux-2.6.38.2/net/wireless/wext-core.c linux-2.6.38.2/net/wireless/wext-core.c
57889--- linux-2.6.38.2/net/wireless/wext-core.c 2011-03-14 21:20:32.000000000 -0400
57890+++ linux-2.6.38.2/net/wireless/wext-core.c 2011-03-21 18:31:35.000000000 -0400
57891@@ -746,8 +746,7 @@ static int ioctl_standard_iw_point(struc
57892 */
57893
57894 /* Support for very large requests */
57895- if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
57896- (user_length > descr->max_tokens)) {
57897+ if (user_length > descr->max_tokens) {
57898 /* Allow userspace to GET more than max so
57899 * we can support any size GET requests.
57900 * There is still a limit : -ENOMEM.
57901@@ -784,22 +783,6 @@ static int ioctl_standard_iw_point(struc
57902 }
57903 }
57904
57905- if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
57906- /*
57907- * If this is a GET, but not NOMAX, it means that the extra
57908- * data is not bounded by userspace, but by max_tokens. Thus
57909- * set the length to max_tokens. This matches the extra data
57910- * allocation.
57911- * The driver should fill it with the number of tokens it
57912- * provided, and it may check iwp->length rather than having
57913- * knowledge of max_tokens. If the driver doesn't change the
57914- * iwp->length, this ioctl just copies back max_token tokens
57915- * filled with zeroes. Hopefully the driver isn't claiming
57916- * them to be valid data.
57917- */
57918- iwp->length = descr->max_tokens;
57919- }
57920-
57921 err = handler(dev, info, (union iwreq_data *) iwp, extra);
57922
57923 iwp->length += essid_compat;
57924diff -urNp linux-2.6.38.2/net/x25/x25_facilities.c linux-2.6.38.2/net/x25/x25_facilities.c
57925--- linux-2.6.38.2/net/x25/x25_facilities.c 2011-03-14 21:20:32.000000000 -0400
57926+++ linux-2.6.38.2/net/x25/x25_facilities.c 2011-03-21 18:31:35.000000000 -0400
57927@@ -167,7 +167,8 @@ int x25_parse_facilities(struct sk_buff
57928 break;
57929 default:
57930 printk(KERN_DEBUG "X.25: unknown facility %02X,"
57931- "length %d\n", p[0], p[1]);
57932+ "length %d, values %02X, %02X\n",
57933+ p[0], p[1], p[2], p[3]);
57934 break;
57935 }
57936 len -= p[1] + 2;
57937diff -urNp linux-2.6.38.2/net/xfrm/xfrm_policy.c linux-2.6.38.2/net/xfrm/xfrm_policy.c
57938--- linux-2.6.38.2/net/xfrm/xfrm_policy.c 2011-03-14 21:20:32.000000000 -0400
57939+++ linux-2.6.38.2/net/xfrm/xfrm_policy.c 2011-03-21 18:31:35.000000000 -0400
57940@@ -1507,7 +1507,7 @@ free_dst:
57941 goto out;
57942 }
57943
57944-static int inline
57945+static inline int
57946 xfrm_dst_alloc_copy(void **target, void *src, int size)
57947 {
57948 if (!*target) {
57949@@ -1519,7 +1519,7 @@ xfrm_dst_alloc_copy(void **target, void
57950 return 0;
57951 }
57952
57953-static int inline
57954+static inline int
57955 xfrm_dst_update_parent(struct dst_entry *dst, struct xfrm_selector *sel)
57956 {
57957 #ifdef CONFIG_XFRM_SUB_POLICY
57958@@ -1531,7 +1531,7 @@ xfrm_dst_update_parent(struct dst_entry
57959 #endif
57960 }
57961
57962-static int inline
57963+static inline int
57964 xfrm_dst_update_origin(struct dst_entry *dst, struct flowi *fl)
57965 {
57966 #ifdef CONFIG_XFRM_SUB_POLICY
57967diff -urNp linux-2.6.38.2/scripts/basic/fixdep.c linux-2.6.38.2/scripts/basic/fixdep.c
57968--- linux-2.6.38.2/scripts/basic/fixdep.c 2011-03-14 21:20:32.000000000 -0400
57969+++ linux-2.6.38.2/scripts/basic/fixdep.c 2011-03-21 18:31:35.000000000 -0400
57970@@ -235,9 +235,9 @@ static void use_config(const char *m, in
57971
57972 static void parse_config_file(const char *map, size_t len)
57973 {
57974- const int *end = (const int *) (map + len);
57975+ const unsigned int *end = (const unsigned int *) (map + len);
57976 /* start at +1, so that p can never be < map */
57977- const int *m = (const int *) map + 1;
57978+ const unsigned int *m = (const unsigned int *) map + 1;
57979 const char *p, *q;
57980
57981 for (; m < end; m++) {
57982@@ -405,7 +405,7 @@ static void print_deps(void)
57983 static void traps(void)
57984 {
57985 static char test[] __attribute__((aligned(sizeof(int)))) = "CONF";
57986- int *p = (int *)test;
57987+ unsigned int *p = (unsigned int *)test;
57988
57989 if (*p != INT_CONF) {
57990 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
57991diff -urNp linux-2.6.38.2/scripts/kallsyms.c linux-2.6.38.2/scripts/kallsyms.c
57992--- linux-2.6.38.2/scripts/kallsyms.c 2011-03-14 21:20:32.000000000 -0400
57993+++ linux-2.6.38.2/scripts/kallsyms.c 2011-03-21 18:31:35.000000000 -0400
57994@@ -43,10 +43,10 @@ struct text_range {
57995
57996 static unsigned long long _text;
57997 static struct text_range text_ranges[] = {
57998- { "_stext", "_etext" },
57999- { "_sinittext", "_einittext" },
58000- { "_stext_l1", "_etext_l1" }, /* Blackfin on-chip L1 inst SRAM */
58001- { "_stext_l2", "_etext_l2" }, /* Blackfin on-chip L2 SRAM */
58002+ { "_stext", "_etext", 0, 0 },
58003+ { "_sinittext", "_einittext", 0, 0 },
58004+ { "_stext_l1", "_etext_l1", 0, 0 }, /* Blackfin on-chip L1 inst SRAM */
58005+ { "_stext_l2", "_etext_l2", 0, 0 }, /* Blackfin on-chip L2 SRAM */
58006 };
58007 #define text_range_text (&text_ranges[0])
58008 #define text_range_inittext (&text_ranges[1])
58009diff -urNp linux-2.6.38.2/scripts/mod/file2alias.c linux-2.6.38.2/scripts/mod/file2alias.c
58010--- linux-2.6.38.2/scripts/mod/file2alias.c 2011-03-14 21:20:32.000000000 -0400
58011+++ linux-2.6.38.2/scripts/mod/file2alias.c 2011-03-21 18:31:35.000000000 -0400
58012@@ -72,7 +72,7 @@ static void device_id_check(const char *
58013 unsigned long size, unsigned long id_size,
58014 void *symval)
58015 {
58016- int i;
58017+ unsigned int i;
58018
58019 if (size % id_size || size < id_size) {
58020 if (cross_build != 0)
58021@@ -102,7 +102,7 @@ static void device_id_check(const char *
58022 /* USB is special because the bcdDevice can be matched against a numeric range */
58023 /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */
58024 static void do_usb_entry(struct usb_device_id *id,
58025- unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
58026+ unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
58027 unsigned char range_lo, unsigned char range_hi,
58028 unsigned char max, struct module *mod)
58029 {
58030@@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *sy
58031 for (i = 0; i < count; i++) {
58032 const char *id = (char *)devs[i].id;
58033 char acpi_id[sizeof(devs[0].id)];
58034- int j;
58035+ unsigned int j;
58036
58037 buf_printf(&mod->dev_table_buf,
58038 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
58039@@ -467,7 +467,7 @@ static void do_pnp_card_entries(void *sy
58040
58041 for (j = 0; j < PNP_MAX_DEVICES; j++) {
58042 const char *id = (char *)card->devs[j].id;
58043- int i2, j2;
58044+ unsigned int i2, j2;
58045 int dup = 0;
58046
58047 if (!id[0])
58048@@ -493,7 +493,7 @@ static void do_pnp_card_entries(void *sy
58049 /* add an individual alias for every device entry */
58050 if (!dup) {
58051 char acpi_id[sizeof(card->devs[0].id)];
58052- int k;
58053+ unsigned int k;
58054
58055 buf_printf(&mod->dev_table_buf,
58056 "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
58057@@ -768,7 +768,7 @@ static void dmi_ascii_filter(char *d, co
58058 static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
58059 char *alias)
58060 {
58061- int i, j;
58062+ unsigned int i, j;
58063
58064 sprintf(alias, "dmi*");
58065
58066diff -urNp linux-2.6.38.2/scripts/mod/modpost.c linux-2.6.38.2/scripts/mod/modpost.c
58067--- linux-2.6.38.2/scripts/mod/modpost.c 2011-03-14 21:20:32.000000000 -0400
58068+++ linux-2.6.38.2/scripts/mod/modpost.c 2011-03-21 18:31:35.000000000 -0400
58069@@ -896,6 +896,7 @@ enum mismatch {
58070 ANY_INIT_TO_ANY_EXIT,
58071 ANY_EXIT_TO_ANY_INIT,
58072 EXPORT_TO_INIT_EXIT,
58073+ DATA_TO_TEXT
58074 };
58075
58076 struct sectioncheck {
58077@@ -1004,6 +1005,12 @@ const struct sectioncheck sectioncheck[]
58078 .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
58079 .mismatch = EXPORT_TO_INIT_EXIT,
58080 .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL },
58081+},
58082+/* Do not reference code from writable data */
58083+{
58084+ .fromsec = { DATA_SECTIONS, NULL },
58085+ .tosec = { TEXT_SECTIONS, NULL },
58086+ .mismatch = DATA_TO_TEXT
58087 }
58088 };
58089
58090@@ -1126,10 +1133,10 @@ static Elf_Sym *find_elf_symbol(struct e
58091 continue;
58092 if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
58093 continue;
58094- if (sym->st_value == addr)
58095- return sym;
58096 /* Find a symbol nearby - addr are maybe negative */
58097 d = sym->st_value - addr;
58098+ if (d == 0)
58099+ return sym;
58100 if (d < 0)
58101 d = addr - sym->st_value;
58102 if (d < distance) {
58103@@ -1401,6 +1408,14 @@ static void report_sec_mismatch(const ch
58104 tosym, prl_to, prl_to, tosym);
58105 free(prl_to);
58106 break;
58107+ case DATA_TO_TEXT:
58108+/*
58109+ fprintf(stderr,
58110+ "The variable %s references\n"
58111+ "the %s %s%s%s\n",
58112+ fromsym, to, sec2annotation(tosec), tosym, to_p);
58113+*/
58114+ break;
58115 }
58116 fprintf(stderr, "\n");
58117 }
58118@@ -1724,7 +1739,7 @@ void __attribute__((format(printf, 2, 3)
58119 va_end(ap);
58120 }
58121
58122-void buf_write(struct buffer *buf, const char *s, int len)
58123+void buf_write(struct buffer *buf, const char *s, unsigned int len)
58124 {
58125 if (buf->size - buf->pos < len) {
58126 buf->size += len + SZ;
58127@@ -1936,7 +1951,7 @@ static void write_if_changed(struct buff
58128 if (fstat(fileno(file), &st) < 0)
58129 goto close_write;
58130
58131- if (st.st_size != b->pos)
58132+ if (st.st_size != (off_t)b->pos)
58133 goto close_write;
58134
58135 tmp = NOFAIL(malloc(b->pos));
58136diff -urNp linux-2.6.38.2/scripts/mod/modpost.h linux-2.6.38.2/scripts/mod/modpost.h
58137--- linux-2.6.38.2/scripts/mod/modpost.h 2011-03-14 21:20:32.000000000 -0400
58138+++ linux-2.6.38.2/scripts/mod/modpost.h 2011-03-21 18:31:35.000000000 -0400
58139@@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *e
58140
58141 struct buffer {
58142 char *p;
58143- int pos;
58144- int size;
58145+ unsigned int pos;
58146+ unsigned int size;
58147 };
58148
58149 void __attribute__((format(printf, 2, 3)))
58150 buf_printf(struct buffer *buf, const char *fmt, ...);
58151
58152 void
58153-buf_write(struct buffer *buf, const char *s, int len);
58154+buf_write(struct buffer *buf, const char *s, unsigned int len);
58155
58156 struct module {
58157 struct module *next;
58158diff -urNp linux-2.6.38.2/scripts/mod/sumversion.c linux-2.6.38.2/scripts/mod/sumversion.c
58159--- linux-2.6.38.2/scripts/mod/sumversion.c 2011-03-14 21:20:32.000000000 -0400
58160+++ linux-2.6.38.2/scripts/mod/sumversion.c 2011-03-21 18:31:35.000000000 -0400
58161@@ -470,7 +470,7 @@ static void write_version(const char *fi
58162 goto out;
58163 }
58164
58165- if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) {
58166+ if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) {
58167 warn("writing sum in %s failed: %s\n",
58168 filename, strerror(errno));
58169 goto out;
58170diff -urNp linux-2.6.38.2/scripts/pnmtologo.c linux-2.6.38.2/scripts/pnmtologo.c
58171--- linux-2.6.38.2/scripts/pnmtologo.c 2011-03-14 21:20:32.000000000 -0400
58172+++ linux-2.6.38.2/scripts/pnmtologo.c 2011-03-21 18:31:35.000000000 -0400
58173@@ -237,14 +237,14 @@ static void write_header(void)
58174 fprintf(out, " * Linux logo %s\n", logoname);
58175 fputs(" */\n\n", out);
58176 fputs("#include <linux/linux_logo.h>\n\n", out);
58177- fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
58178+ fprintf(out, "static unsigned char %s_data[] = {\n",
58179 logoname);
58180 }
58181
58182 static void write_footer(void)
58183 {
58184 fputs("\n};\n\n", out);
58185- fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname);
58186+ fprintf(out, "const struct linux_logo %s = {\n", logoname);
58187 fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
58188 fprintf(out, "\t.width\t\t= %d,\n", logo_width);
58189 fprintf(out, "\t.height\t\t= %d,\n", logo_height);
58190@@ -374,7 +374,7 @@ static void write_logo_clut224(void)
58191 fputs("\n};\n\n", out);
58192
58193 /* write logo clut */
58194- fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
58195+ fprintf(out, "static unsigned char %s_clut[] = {\n",
58196 logoname);
58197 write_hex_cnt = 0;
58198 for (i = 0; i < logo_clutsize; i++) {
58199diff -urNp linux-2.6.38.2/security/apparmor/lsm.c linux-2.6.38.2/security/apparmor/lsm.c
58200--- linux-2.6.38.2/security/apparmor/lsm.c 2011-03-14 21:20:32.000000000 -0400
58201+++ linux-2.6.38.2/security/apparmor/lsm.c 2011-03-21 18:31:35.000000000 -0400
58202@@ -619,7 +619,7 @@ static int apparmor_task_setrlimit(struc
58203 return error;
58204 }
58205
58206-static struct security_operations apparmor_ops = {
58207+static struct security_operations apparmor_ops __read_only = {
58208 .name = "apparmor",
58209
58210 .ptrace_access_check = apparmor_ptrace_access_check,
58211diff -urNp linux-2.6.38.2/security/commoncap.c linux-2.6.38.2/security/commoncap.c
58212--- linux-2.6.38.2/security/commoncap.c 2011-03-14 21:20:32.000000000 -0400
58213+++ linux-2.6.38.2/security/commoncap.c 2011-03-21 18:31:35.000000000 -0400
58214@@ -27,6 +27,7 @@
58215 #include <linux/sched.h>
58216 #include <linux/prctl.h>
58217 #include <linux/securebits.h>
58218+#include <net/sock.h>
58219
58220 /*
58221 * If a non-root user executes a setuid-root binary in
58222@@ -50,9 +51,11 @@ static void warn_setuid_and_fcaps_mixed(
58223 }
58224 }
58225
58226+extern kernel_cap_t gr_cap_rtnetlink(struct sock *sk);
58227+
58228 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
58229 {
58230- NETLINK_CB(skb).eff_cap = current_cap();
58231+ NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk);
58232 return 0;
58233 }
58234
58235@@ -534,6 +537,9 @@ int cap_bprm_secureexec(struct linux_bin
58236 {
58237 const struct cred *cred = current_cred();
58238
58239+ if (gr_acl_enable_at_secure())
58240+ return 1;
58241+
58242 if (cred->uid != 0) {
58243 if (bprm->cap_effective)
58244 return 1;
58245diff -urNp linux-2.6.38.2/security/integrity/ima/ima_api.c linux-2.6.38.2/security/integrity/ima/ima_api.c
58246--- linux-2.6.38.2/security/integrity/ima/ima_api.c 2011-03-14 21:20:32.000000000 -0400
58247+++ linux-2.6.38.2/security/integrity/ima/ima_api.c 2011-03-21 18:31:35.000000000 -0400
58248@@ -75,7 +75,7 @@ void ima_add_violation(struct inode *ino
58249 int result;
58250
58251 /* can overflow, only indicator */
58252- atomic_long_inc(&ima_htable.violations);
58253+ atomic_long_inc_unchecked(&ima_htable.violations);
58254
58255 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
58256 if (!entry) {
58257diff -urNp linux-2.6.38.2/security/integrity/ima/ima_fs.c linux-2.6.38.2/security/integrity/ima/ima_fs.c
58258--- linux-2.6.38.2/security/integrity/ima/ima_fs.c 2011-03-14 21:20:32.000000000 -0400
58259+++ linux-2.6.38.2/security/integrity/ima/ima_fs.c 2011-03-21 18:31:35.000000000 -0400
58260@@ -28,12 +28,12 @@
58261 static int valid_policy = 1;
58262 #define TMPBUFLEN 12
58263 static ssize_t ima_show_htable_value(char __user *buf, size_t count,
58264- loff_t *ppos, atomic_long_t *val)
58265+ loff_t *ppos, atomic_long_unchecked_t *val)
58266 {
58267 char tmpbuf[TMPBUFLEN];
58268 ssize_t len;
58269
58270- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
58271+ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val));
58272 return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
58273 }
58274
58275diff -urNp linux-2.6.38.2/security/integrity/ima/ima.h linux-2.6.38.2/security/integrity/ima/ima.h
58276--- linux-2.6.38.2/security/integrity/ima/ima.h 2011-03-14 21:20:32.000000000 -0400
58277+++ linux-2.6.38.2/security/integrity/ima/ima.h 2011-03-21 18:31:35.000000000 -0400
58278@@ -85,8 +85,8 @@ void ima_add_violation(struct inode *ino
58279 extern spinlock_t ima_queue_lock;
58280
58281 struct ima_h_table {
58282- atomic_long_t len; /* number of stored measurements in the list */
58283- atomic_long_t violations;
58284+ atomic_long_unchecked_t len; /* number of stored measurements in the list */
58285+ atomic_long_unchecked_t violations;
58286 struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
58287 };
58288 extern struct ima_h_table ima_htable;
58289diff -urNp linux-2.6.38.2/security/integrity/ima/ima_queue.c linux-2.6.38.2/security/integrity/ima/ima_queue.c
58290--- linux-2.6.38.2/security/integrity/ima/ima_queue.c 2011-03-14 21:20:32.000000000 -0400
58291+++ linux-2.6.38.2/security/integrity/ima/ima_queue.c 2011-03-21 18:31:35.000000000 -0400
58292@@ -79,7 +79,7 @@ static int ima_add_digest_entry(struct i
58293 INIT_LIST_HEAD(&qe->later);
58294 list_add_tail_rcu(&qe->later, &ima_measurements);
58295
58296- atomic_long_inc(&ima_htable.len);
58297+ atomic_long_inc_unchecked(&ima_htable.len);
58298 key = ima_hash_key(entry->digest);
58299 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
58300 return 0;
58301diff -urNp linux-2.6.38.2/security/Kconfig linux-2.6.38.2/security/Kconfig
58302--- linux-2.6.38.2/security/Kconfig 2011-03-14 21:20:32.000000000 -0400
58303+++ linux-2.6.38.2/security/Kconfig 2011-03-21 18:31:35.000000000 -0400
58304@@ -4,6 +4,527 @@
58305
58306 menu "Security options"
58307
58308+source grsecurity/Kconfig
58309+
58310+menu "PaX"
58311+
58312+ config ARCH_TRACK_EXEC_LIMIT
58313+ bool
58314+
58315+ config PAX_PER_CPU_PGD
58316+ bool
58317+
58318+ config TASK_SIZE_MAX_SHIFT
58319+ int
58320+ depends on X86_64
58321+ default 47 if !PAX_PER_CPU_PGD
58322+ default 42 if PAX_PER_CPU_PGD
58323+
58324+ config PAX_ENABLE_PAE
58325+ bool
58326+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
58327+
58328+config PAX
58329+ bool "Enable various PaX features"
58330+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
58331+ help
58332+ This allows you to enable various PaX features. PaX adds
58333+ intrusion prevention mechanisms to the kernel that reduce
58334+ the risks posed by exploitable memory corruption bugs.
58335+
58336+menu "PaX Control"
58337+ depends on PAX
58338+
58339+config PAX_SOFTMODE
58340+ bool 'Support soft mode'
58341+ select PAX_PT_PAX_FLAGS
58342+ help
58343+ Enabling this option will allow you to run PaX in soft mode, that
58344+ is, PaX features will not be enforced by default, only on executables
58345+ marked explicitly. You must also enable PT_PAX_FLAGS support as it
58346+ is the only way to mark executables for soft mode use.
58347+
58348+ Soft mode can be activated by using the "pax_softmode=1" kernel command
58349+ line option on boot. Furthermore you can control various PaX features
58350+ at runtime via the entries in /proc/sys/kernel/pax.
58351+
58352+config PAX_EI_PAX
58353+ bool 'Use legacy ELF header marking'
58354+ help
58355+ Enabling this option will allow you to control PaX features on
58356+ a per executable basis via the 'chpax' utility available at
58357+ http://pax.grsecurity.net/. The control flags will be read from
58358+ an otherwise reserved part of the ELF header. This marking has
58359+ numerous drawbacks (no support for soft-mode, toolchain does not
58360+ know about the non-standard use of the ELF header) therefore it
58361+ has been deprecated in favour of PT_PAX_FLAGS support.
58362+
58363+ If you have applications not marked by the PT_PAX_FLAGS ELF
58364+ program header then you MUST enable this option otherwise they
58365+ will not get any protection.
58366+
58367+ Note that if you enable PT_PAX_FLAGS marking support as well,
58368+ the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
58369+
58370+config PAX_PT_PAX_FLAGS
58371+ bool 'Use ELF program header marking'
58372+ help
58373+ Enabling this option will allow you to control PaX features on
58374+ a per executable basis via the 'paxctl' utility available at
58375+ http://pax.grsecurity.net/. The control flags will be read from
58376+ a PaX specific ELF program header (PT_PAX_FLAGS). This marking
58377+ has the benefits of supporting both soft mode and being fully
58378+ integrated into the toolchain (the binutils patch is available
58379+ from http://pax.grsecurity.net).
58380+
58381+ If you have applications not marked by the PT_PAX_FLAGS ELF
58382+ program header then you MUST enable the EI_PAX marking support
58383+ otherwise they will not get any protection.
58384+
58385+ Note that if you enable the legacy EI_PAX marking support as well,
58386+ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
58387+
58388+choice
58389+ prompt 'MAC system integration'
58390+ default PAX_HAVE_ACL_FLAGS
58391+ help
58392+ Mandatory Access Control systems have the option of controlling
58393+ PaX flags on a per executable basis, choose the method supported
58394+ by your particular system.
58395+
58396+ - "none": if your MAC system does not interact with PaX,
58397+ - "direct": if your MAC system defines pax_set_initial_flags() itself,
58398+ - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
58399+
58400+ NOTE: this option is for developers/integrators only.
58401+
58402+ config PAX_NO_ACL_FLAGS
58403+ bool 'none'
58404+
58405+ config PAX_HAVE_ACL_FLAGS
58406+ bool 'direct'
58407+
58408+ config PAX_HOOK_ACL_FLAGS
58409+ bool 'hook'
58410+endchoice
58411+
58412+endmenu
58413+
58414+menu "Non-executable pages"
58415+ depends on PAX
58416+
58417+config PAX_NOEXEC
58418+ bool "Enforce non-executable pages"
58419+ depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86)
58420+ help
58421+ By design some architectures do not allow for protecting memory
58422+ pages against execution or even if they do, Linux does not make
58423+ use of this feature. In practice this means that if a page is
58424+ readable (such as the stack or heap) it is also executable.
58425+
58426+ There is a well known exploit technique that makes use of this
58427+ fact and a common programming mistake where an attacker can
58428+ introduce code of his choice somewhere in the attacked program's
58429+ memory (typically the stack or the heap) and then execute it.
58430+
58431+ If the attacked program was running with different (typically
58432+ higher) privileges than that of the attacker, then he can elevate
58433+ his own privilege level (e.g. get a root shell, write to files for
58434+ which he does not have write access to, etc).
58435+
58436+ Enabling this option will let you choose from various features
58437+ that prevent the injection and execution of 'foreign' code in
58438+ a program.
58439+
58440+ This will also break programs that rely on the old behaviour and
58441+ expect that dynamically allocated memory via the malloc() family
58442+ of functions is executable (which it is not). Notable examples
58443+ are the XFree86 4.x server, the java runtime and wine.
58444+
58445+config PAX_PAGEEXEC
58446+ bool "Paging based non-executable pages"
58447+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
58448+ select S390_SWITCH_AMODE if S390
58449+ select S390_EXEC_PROTECT if S390
58450+ select ARCH_TRACK_EXEC_LIMIT if X86_32
58451+ help
58452+ This implementation is based on the paging feature of the CPU.
58453+ On i386 without hardware non-executable bit support there is a
58454+ variable but usually low performance impact, however on Intel's
58455+ P4 core based CPUs it is very high so you should not enable this
58456+ for kernels meant to be used on such CPUs.
58457+
58458+ On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
58459+ with hardware non-executable bit support there is no performance
58460+ impact, on ppc the impact is negligible.
58461+
58462+ Note that several architectures require various emulations due to
58463+ badly designed userland ABIs, this will cause a performance impact
58464+ but will disappear as soon as userland is fixed. For example, ppc
58465+ userland MUST have been built with secure-plt by a recent toolchain.
58466+
58467+config PAX_SEGMEXEC
58468+ bool "Segmentation based non-executable pages"
58469+ depends on PAX_NOEXEC && X86_32
58470+ help
58471+ This implementation is based on the segmentation feature of the
58472+ CPU and has a very small performance impact, however applications
58473+ will be limited to a 1.5 GB address space instead of the normal
58474+ 3 GB.
58475+
58476+config PAX_EMUTRAMP
58477+ bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
58478+ default y if PARISC
58479+ help
58480+ There are some programs and libraries that for one reason or
58481+ another attempt to execute special small code snippets from
58482+ non-executable memory pages. Most notable examples are the
58483+ signal handler return code generated by the kernel itself and
58484+ the GCC trampolines.
58485+
58486+ If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
58487+ such programs will no longer work under your kernel.
58488+
58489+ As a remedy you can say Y here and use the 'chpax' or 'paxctl'
58490+ utilities to enable trampoline emulation for the affected programs
58491+ yet still have the protection provided by the non-executable pages.
58492+
58493+ On parisc you MUST enable this option and EMUSIGRT as well, otherwise
58494+ your system will not even boot.
58495+
58496+ Alternatively you can say N here and use the 'chpax' or 'paxctl'
58497+ utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
58498+ for the affected files.
58499+
58500+ NOTE: enabling this feature *may* open up a loophole in the
58501+ protection provided by non-executable pages that an attacker
58502+ could abuse. Therefore the best solution is to not have any
58503+ files on your system that would require this option. This can
58504+ be achieved by not using libc5 (which relies on the kernel
58505+ signal handler return code) and not using or rewriting programs
58506+ that make use of the nested function implementation of GCC.
58507+ Skilled users can just fix GCC itself so that it implements
58508+ nested function calls in a way that does not interfere with PaX.
58509+
58510+config PAX_EMUSIGRT
58511+ bool "Automatically emulate sigreturn trampolines"
58512+ depends on PAX_EMUTRAMP && PARISC
58513+ default y
58514+ help
58515+ Enabling this option will have the kernel automatically detect
58516+ and emulate signal return trampolines executing on the stack
58517+ that would otherwise lead to task termination.
58518+
58519+ This solution is intended as a temporary one for users with
58520+ legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
58521+ Modula-3 runtime, etc) or executables linked to such, basically
58522+ everything that does not specify its own SA_RESTORER function in
58523+ normal executable memory like glibc 2.1+ does.
58524+
58525+ On parisc you MUST enable this option, otherwise your system will
58526+ not even boot.
58527+
58528+ NOTE: this feature cannot be disabled on a per executable basis
58529+ and since it *does* open up a loophole in the protection provided
58530+ by non-executable pages, the best solution is to not have any
58531+ files on your system that would require this option.
58532+
58533+config PAX_MPROTECT
58534+ bool "Restrict mprotect()"
58535+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
58536+ help
58537+ Enabling this option will prevent programs from
58538+ - changing the executable status of memory pages that were
58539+ not originally created as executable,
58540+ - making read-only executable pages writable again,
58541+ - creating executable pages from anonymous memory,
58542+ - making read-only-after-relocations (RELRO) data pages writable again.
58543+
58544+ You should say Y here to complete the protection provided by
58545+ the enforcement of non-executable pages.
58546+
58547+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
58548+ this feature on a per file basis.
58549+
58550+config PAX_MPROTECT_COMPAT
58551+ bool "Use legacy/compat protection demoting (read help)"
58552+ depends on PAX_MPROTECT
58553+ default n
58554+ help
58555+ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
58556+ by sending the proper error code to the application. For some broken
58557+ userland, this can cause problems with Python or other applications. The
58558+ current implementation however allows for applications like clamav to
58559+ detect if JIT compilation/execution is allowed and to fall back gracefully
58560+ to an interpreter-based mode if it does not. While we encourage everyone
58561+ to use the current implementation as-is and push upstream to fix broken
58562+ userland (note that the RWX logging option can assist with this), in some
58563+ environments this may not be possible. Having to disable MPROTECT
58564+ completely on certain binaries reduces the security benefit of PaX,
58565+ so this option is provided for those environments to revert to the old
58566+ behavior.
58567+
58568+config PAX_ELFRELOCS
58569+ bool "Allow ELF text relocations (read help)"
58570+ depends on PAX_MPROTECT
58571+ default n
58572+ help
58573+ Non-executable pages and mprotect() restrictions are effective
58574+ in preventing the introduction of new executable code into an
58575+ attacked task's address space. There remain only two venues
58576+ for this kind of attack: if the attacker can execute already
58577+ existing code in the attacked task then he can either have it
58578+ create and mmap() a file containing his code or have it mmap()
58579+ an already existing ELF library that does not have position
58580+ independent code in it and use mprotect() on it to make it
58581+ writable and copy his code there. While protecting against
58582+ the former approach is beyond PaX, the latter can be prevented
58583+ by having only PIC ELF libraries on one's system (which do not
58584+ need to relocate their code). If you are sure this is your case,
58585+ as is the case with all modern Linux distributions, then leave
58586+ this option disabled. You should say 'n' here.
58587+
58588+config PAX_ETEXECRELOCS
58589+ bool "Allow ELF ET_EXEC text relocations"
58590+ depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
58591+ select PAX_ELFRELOCS
58592+ default y
58593+ help
58594+ On some architectures there are incorrectly created applications
58595+ that require text relocations and would not work without enabling
58596+ this option. If you are an alpha, ia64 or parisc user, you should
58597+ enable this option and disable it once you have made sure that
58598+ none of your applications need it.
58599+
58600+config PAX_EMUPLT
58601+ bool "Automatically emulate ELF PLT"
58602+ depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC)
58603+ default y
58604+ help
58605+ Enabling this option will have the kernel automatically detect
58606+ and emulate the Procedure Linkage Table entries in ELF files.
58607+ On some architectures such entries are in writable memory, and
58608+ become non-executable leading to task termination. Therefore
58609+ it is mandatory that you enable this option on alpha, parisc,
58610+ sparc and sparc64, otherwise your system would not even boot.
58611+
58612+ NOTE: this feature *does* open up a loophole in the protection
58613+ provided by the non-executable pages, therefore the proper
58614+ solution is to modify the toolchain to produce a PLT that does
58615+ not need to be writable.
58616+
58617+config PAX_DLRESOLVE
58618+ bool 'Emulate old glibc resolver stub'
58619+ depends on PAX_EMUPLT && SPARC
58620+ default n
58621+ help
58622+ This option is needed if userland has an old glibc (before 2.4)
58623+ that puts a 'save' instruction into the runtime generated resolver
58624+ stub that needs special emulation.
58625+
58626+config PAX_KERNEXEC
58627+ bool "Enforce non-executable kernel pages"
58628+ depends on PAX_NOEXEC && (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
58629+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
58630+ help
58631+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
58632+ that is, enabling this option will make it harder to inject
58633+ and execute 'foreign' code in kernel memory itself.
58634+
58635+config PAX_KERNEXEC_MODULE_TEXT
58636+ int "Minimum amount of memory reserved for module code"
58637+ default "4"
58638+ depends on PAX_KERNEXEC && X86_32 && MODULES
58639+ help
58640+ Due to implementation details the kernel must reserve a fixed
58641+ amount of memory for module code at compile time that cannot be
58642+ changed at runtime. Here you can specify the minimum amount
58643+ in MB that will be reserved. Due to the same implementation
58644+ details this size will always be rounded up to the next 2/4 MB
58645+ boundary (depends on PAE) so the actually available memory for
58646+ module code will usually be more than this minimum.
58647+
58648+ The default 4 MB should be enough for most users but if you have
58649+ an excessive number of modules (e.g., most distribution configs
58650+ compile many drivers as modules) or use huge modules such as
58651+ nvidia's kernel driver, you will need to adjust this amount.
58652+ A good rule of thumb is to look at your currently loaded kernel
58653+ modules and add up their sizes.
58654+
58655+endmenu
58656+
58657+menu "Address Space Layout Randomization"
58658+ depends on PAX
58659+
58660+config PAX_ASLR
58661+ bool "Address Space Layout Randomization"
58662+ depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
58663+ help
58664+ Many if not most exploit techniques rely on the knowledge of
58665+ certain addresses in the attacked program. The following options
58666+ will allow the kernel to apply a certain amount of randomization
58667+ to specific parts of the program thereby forcing an attacker to
58668+ guess them in most cases. Any failed guess will most likely crash
58669+ the attacked program which allows the kernel to detect such attempts
58670+ and react on them. PaX itself provides no reaction mechanisms,
58671+ instead it is strongly encouraged that you make use of Nergal's
58672+ segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's
58673+ (http://www.grsecurity.net/) built-in crash detection features or
58674+ develop one yourself.
58675+
58676+ By saying Y here you can choose to randomize the following areas:
58677+ - top of the task's kernel stack
58678+ - top of the task's userland stack
58679+ - base address for mmap() requests that do not specify one
58680+ (this includes all libraries)
58681+ - base address of the main executable
58682+
58683+ It is strongly recommended to say Y here as address space layout
58684+ randomization has negligible impact on performance yet it provides
58685+ a very effective protection.
58686+
58687+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
58688+ this feature on a per file basis.
58689+
58690+config PAX_RANDKSTACK
58691+ bool "Randomize kernel stack base"
58692+ depends on PAX_ASLR && X86_TSC && X86_32
58693+ help
58694+ By saying Y here the kernel will randomize every task's kernel
58695+ stack on every system call. This will not only force an attacker
58696+ to guess it but also prevent him from making use of possible
58697+ leaked information about it.
58698+
58699+ Since the kernel stack is a rather scarce resource, randomization
58700+ may cause unexpected stack overflows, therefore you should very
58701+ carefully test your system. Note that once enabled in the kernel
58702+ configuration, this feature cannot be disabled on a per file basis.
58703+
58704+config PAX_RANDUSTACK
58705+ bool "Randomize user stack base"
58706+ depends on PAX_ASLR
58707+ help
58708+ By saying Y here the kernel will randomize every task's userland
58709+ stack. The randomization is done in two steps where the second
58710+ one may apply a big amount of shift to the top of the stack and
58711+ cause problems for programs that want to use lots of memory (more
58712+ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
58713+ For this reason the second step can be controlled by 'chpax' or
58714+ 'paxctl' on a per file basis.
58715+
58716+config PAX_RANDMMAP
58717+ bool "Randomize mmap() base"
58718+ depends on PAX_ASLR
58719+ help
58720+ By saying Y here the kernel will use a randomized base address for
58721+ mmap() requests that do not specify one themselves. As a result
58722+ all dynamically loaded libraries will appear at random addresses
58723+ and therefore be harder to exploit by a technique where an attacker
58724+ attempts to execute library code for his purposes (e.g. spawn a
58725+ shell from an exploited program that is running at an elevated
58726+ privilege level).
58727+
58728+ Furthermore, if a program is relinked as a dynamic ELF file, its
58729+ base address will be randomized as well, completing the full
58730+ randomization of the address space layout. Attacking such programs
58731+ becomes a guess game. You can find an example of doing this at
58732+ http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
58733+ http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
58734+
58735+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
58736+ feature on a per file basis.
58737+
58738+endmenu
58739+
58740+menu "Miscellaneous hardening features"
58741+
58742+config PAX_MEMORY_SANITIZE
58743+ bool "Sanitize all freed memory"
58744+ help
58745+ By saying Y here the kernel will erase memory pages as soon as they
58746+ are freed. This in turn reduces the lifetime of data stored in the
58747+ pages, making it less likely that sensitive information such as
58748+ passwords, cryptographic secrets, etc stay in memory for too long.
58749+
58750+ This is especially useful for programs whose runtime is short, long
58751+ lived processes and the kernel itself benefit from this as long as
58752+ they operate on whole memory pages and ensure timely freeing of pages
58753+ that may hold sensitive information.
58754+
58755+ The tradeoff is performance impact, on a single CPU system kernel
58756+ compilation sees a 3% slowdown, other systems and workloads may vary
58757+ and you are advised to test this feature on your expected workload
58758+ before deploying it.
58759+
58760+ Note that this feature does not protect data stored in live pages,
58761+ e.g., process memory swapped to disk may stay there for a long time.
58762+
58763+config PAX_MEMORY_UDEREF
58764+ bool "Prevent invalid userland pointer dereference"
58765+ depends on X86 && !UML_X86 && !XEN
58766+ select PAX_PER_CPU_PGD if X86_64
58767+ help
58768+ By saying Y here the kernel will be prevented from dereferencing
58769+ userland pointers in contexts where the kernel expects only kernel
58770+ pointers. This is both a useful runtime debugging feature and a
58771+ security measure that prevents exploiting a class of kernel bugs.
58772+
58773+ The tradeoff is that some virtualization solutions may experience
58774+ a huge slowdown and therefore you should not enable this feature
58775+ for kernels meant to run in such environments. Whether a given VM
58776+ solution is affected or not is best determined by simply trying it
58777+ out, the performance impact will be obvious right on boot as this
58778+ mechanism engages from very early on. A good rule of thumb is that
58779+ VMs running on CPUs without hardware virtualization support (i.e.,
58780+ the majority of IA-32 CPUs) will likely experience the slowdown.
58781+
58782+config PAX_REFCOUNT
58783+ bool "Prevent various kernel object reference counter overflows"
58784+ depends on GRKERNSEC && (X86 || SPARC64)
58785+ help
58786+ By saying Y here the kernel will detect and prevent overflowing
58787+ various (but not all) kinds of object reference counters. Such
58788+ overflows can normally occur due to bugs only and are often, if
58789+ not always, exploitable.
58790+
58791+ The tradeoff is that data structures protected by an overflowed
58792+ refcount will never be freed and therefore will leak memory. Note
58793+ that this leak also happens even without this protection but in
58794+ that case the overflow can eventually trigger the freeing of the
58795+ data structure while it is still being used elsewhere, resulting
58796+ in the exploitable situation that this feature prevents.
58797+
58798+ Since this has a negligible performance impact, you should enable
58799+ this feature.
58800+
58801+config PAX_USERCOPY
58802+ bool "Bounds check heap object copies between kernel and userland"
58803+ depends on X86 || PPC || SPARC
58804+ depends on GRKERNSEC && (SLAB || SLUB || SLOB)
58805+ help
58806+ By saying Y here the kernel will enforce the size of heap objects
58807+ when they are copied in either direction between the kernel and
58808+ userland, even if only a part of the heap object is copied.
58809+
58810+ Specifically, this checking prevents information leaking from the
58811+ kernel heap during kernel to userland copies (if the kernel heap
58812+ object is otherwise fully initialized) and prevents kernel heap
58813+ overflows during userland to kernel copies.
58814+
58815+ Note that the current implementation provides the strictest checks
58816+ for the SLUB allocator.
58817+
58818+ If frame pointers are enabled on x86, this option will also restrict
58819+ copies into and out of the kernel stack to local variables within a
58820+ single frame.
58821+
58822+ Since this has a negligible performance impact, you should enable
58823+ this feature.
58824+
58825+endmenu
58826+
58827+endmenu
58828+
58829 config KEYS
58830 bool "Enable access key retention support"
58831 help
58832@@ -167,7 +688,7 @@ config INTEL_TXT
58833 config LSM_MMAP_MIN_ADDR
58834 int "Low address space for LSM to protect from user allocation"
58835 depends on SECURITY && SECURITY_SELINUX
58836- default 65536
58837+ default 32768
58838 help
58839 This is the portion of low virtual memory which should be protected
58840 from userspace allocation. Keeping a user from writing to low pages
58841diff -urNp linux-2.6.38.2/security/min_addr.c linux-2.6.38.2/security/min_addr.c
58842--- linux-2.6.38.2/security/min_addr.c 2011-03-14 21:20:32.000000000 -0400
58843+++ linux-2.6.38.2/security/min_addr.c 2011-03-21 18:31:35.000000000 -0400
58844@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG
58845 */
58846 static void update_mmap_min_addr(void)
58847 {
58848+#ifndef SPARC
58849 #ifdef CONFIG_LSM_MMAP_MIN_ADDR
58850 if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
58851 mmap_min_addr = dac_mmap_min_addr;
58852@@ -22,6 +23,7 @@ static void update_mmap_min_addr(void)
58853 #else
58854 mmap_min_addr = dac_mmap_min_addr;
58855 #endif
58856+#endif
58857 }
58858
58859 /*
58860diff -urNp linux-2.6.38.2/security/security.c linux-2.6.38.2/security/security.c
58861--- linux-2.6.38.2/security/security.c 2011-03-14 21:20:32.000000000 -0400
58862+++ linux-2.6.38.2/security/security.c 2011-03-21 18:31:35.000000000 -0400
58863@@ -25,8 +25,8 @@ static __initdata char chosen_lsm[SECURI
58864 /* things that live in capability.c */
58865 extern void __init security_fixup_ops(struct security_operations *ops);
58866
58867-static struct security_operations *security_ops;
58868-static struct security_operations default_security_ops = {
58869+static struct security_operations *security_ops __read_only;
58870+static struct security_operations default_security_ops __read_only = {
58871 .name = "default",
58872 };
58873
58874@@ -67,7 +67,9 @@ int __init security_init(void)
58875
58876 void reset_security_ops(void)
58877 {
58878+ pax_open_kernel();
58879 security_ops = &default_security_ops;
58880+ pax_close_kernel();
58881 }
58882
58883 /* Save user chosen LSM */
58884diff -urNp linux-2.6.38.2/security/selinux/hooks.c linux-2.6.38.2/security/selinux/hooks.c
58885--- linux-2.6.38.2/security/selinux/hooks.c 2011-03-14 21:20:32.000000000 -0400
58886+++ linux-2.6.38.2/security/selinux/hooks.c 2011-03-21 18:31:35.000000000 -0400
58887@@ -90,7 +90,6 @@
58888 #define NUM_SEL_MNT_OPTS 5
58889
58890 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
58891-extern struct security_operations *security_ops;
58892
58893 /* SECMARK reference count */
58894 atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
58895@@ -5395,7 +5394,7 @@ static int selinux_key_getsecurity(struc
58896
58897 #endif
58898
58899-static struct security_operations selinux_ops = {
58900+static struct security_operations selinux_ops __read_only = {
58901 .name = "selinux",
58902
58903 .ptrace_access_check = selinux_ptrace_access_check,
58904diff -urNp linux-2.6.38.2/security/smack/smack_lsm.c linux-2.6.38.2/security/smack/smack_lsm.c
58905--- linux-2.6.38.2/security/smack/smack_lsm.c 2011-03-14 21:20:32.000000000 -0400
58906+++ linux-2.6.38.2/security/smack/smack_lsm.c 2011-03-21 18:31:35.000000000 -0400
58907@@ -3179,7 +3179,7 @@ static int smack_inode_getsecctx(struct
58908 return 0;
58909 }
58910
58911-struct security_operations smack_ops = {
58912+struct security_operations smack_ops __read_only = {
58913 .name = "smack",
58914
58915 .ptrace_access_check = smack_ptrace_access_check,
58916diff -urNp linux-2.6.38.2/security/tomoyo/tomoyo.c linux-2.6.38.2/security/tomoyo/tomoyo.c
58917--- linux-2.6.38.2/security/tomoyo/tomoyo.c 2011-03-14 21:20:32.000000000 -0400
58918+++ linux-2.6.38.2/security/tomoyo/tomoyo.c 2011-03-21 18:31:35.000000000 -0400
58919@@ -240,7 +240,7 @@ static int tomoyo_sb_pivotroot(struct pa
58920 * tomoyo_security_ops is a "struct security_operations" which is used for
58921 * registering TOMOYO.
58922 */
58923-static struct security_operations tomoyo_security_ops = {
58924+static struct security_operations tomoyo_security_ops __read_only = {
58925 .name = "tomoyo",
58926 .cred_alloc_blank = tomoyo_cred_alloc_blank,
58927 .cred_prepare = tomoyo_cred_prepare,
58928diff -urNp linux-2.6.38.2/sound/aoa/codecs/onyx.c linux-2.6.38.2/sound/aoa/codecs/onyx.c
58929--- linux-2.6.38.2/sound/aoa/codecs/onyx.c 2011-03-14 21:20:32.000000000 -0400
58930+++ linux-2.6.38.2/sound/aoa/codecs/onyx.c 2011-03-21 18:31:35.000000000 -0400
58931@@ -54,7 +54,7 @@ struct onyx {
58932 spdif_locked:1,
58933 analog_locked:1,
58934 original_mute:2;
58935- int open_count;
58936+ local_t open_count;
58937 struct codec_info *codec_info;
58938
58939 /* mutex serializes concurrent access to the device
58940@@ -753,7 +753,7 @@ static int onyx_open(struct codec_info_i
58941 struct onyx *onyx = cii->codec_data;
58942
58943 mutex_lock(&onyx->mutex);
58944- onyx->open_count++;
58945+ local_inc(&onyx->open_count);
58946 mutex_unlock(&onyx->mutex);
58947
58948 return 0;
58949@@ -765,8 +765,7 @@ static int onyx_close(struct codec_info_
58950 struct onyx *onyx = cii->codec_data;
58951
58952 mutex_lock(&onyx->mutex);
58953- onyx->open_count--;
58954- if (!onyx->open_count)
58955+ if (local_dec_and_test(&onyx->open_count))
58956 onyx->spdif_locked = onyx->analog_locked = 0;
58957 mutex_unlock(&onyx->mutex);
58958
58959diff -urNp linux-2.6.38.2/sound/aoa/codecs/onyx.h linux-2.6.38.2/sound/aoa/codecs/onyx.h
58960--- linux-2.6.38.2/sound/aoa/codecs/onyx.h 2011-03-14 21:20:32.000000000 -0400
58961+++ linux-2.6.38.2/sound/aoa/codecs/onyx.h 2011-03-21 18:31:35.000000000 -0400
58962@@ -11,6 +11,7 @@
58963 #include <linux/i2c.h>
58964 #include <asm/pmac_low_i2c.h>
58965 #include <asm/prom.h>
58966+#include <asm/local.h>
58967
58968 /* PCM3052 register definitions */
58969
58970diff -urNp linux-2.6.38.2/sound/core/oss/pcm_oss.c linux-2.6.38.2/sound/core/oss/pcm_oss.c
58971--- linux-2.6.38.2/sound/core/oss/pcm_oss.c 2011-03-14 21:20:32.000000000 -0400
58972+++ linux-2.6.38.2/sound/core/oss/pcm_oss.c 2011-03-21 18:31:35.000000000 -0400
58973@@ -2971,8 +2971,8 @@ static void snd_pcm_oss_proc_done(struct
58974 }
58975 }
58976 #else /* !CONFIG_SND_VERBOSE_PROCFS */
58977-#define snd_pcm_oss_proc_init(pcm)
58978-#define snd_pcm_oss_proc_done(pcm)
58979+#define snd_pcm_oss_proc_init(pcm) do {} while (0)
58980+#define snd_pcm_oss_proc_done(pcm) do {} while (0)
58981 #endif /* CONFIG_SND_VERBOSE_PROCFS */
58982
58983 /*
58984diff -urNp linux-2.6.38.2/sound/core/seq/seq_lock.h linux-2.6.38.2/sound/core/seq/seq_lock.h
58985--- linux-2.6.38.2/sound/core/seq/seq_lock.h 2011-03-14 21:20:32.000000000 -0400
58986+++ linux-2.6.38.2/sound/core/seq/seq_lock.h 2011-03-21 18:31:35.000000000 -0400
58987@@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo
58988 #else /* SMP || CONFIG_SND_DEBUG */
58989
58990 typedef spinlock_t snd_use_lock_t; /* dummy */
58991-#define snd_use_lock_init(lockp) /**/
58992-#define snd_use_lock_use(lockp) /**/
58993-#define snd_use_lock_free(lockp) /**/
58994-#define snd_use_lock_sync(lockp) /**/
58995+#define snd_use_lock_init(lockp) do {} while (0)
58996+#define snd_use_lock_use(lockp) do {} while (0)
58997+#define snd_use_lock_free(lockp) do {} while (0)
58998+#define snd_use_lock_sync(lockp) do {} while (0)
58999
59000 #endif /* SMP || CONFIG_SND_DEBUG */
59001
59002diff -urNp linux-2.6.38.2/sound/drivers/mts64.c linux-2.6.38.2/sound/drivers/mts64.c
59003--- linux-2.6.38.2/sound/drivers/mts64.c 2011-03-14 21:20:32.000000000 -0400
59004+++ linux-2.6.38.2/sound/drivers/mts64.c 2011-03-21 18:31:35.000000000 -0400
59005@@ -28,6 +28,7 @@
59006 #include <sound/initval.h>
59007 #include <sound/rawmidi.h>
59008 #include <sound/control.h>
59009+#include <asm/local.h>
59010
59011 #define CARD_NAME "Miditerminal 4140"
59012 #define DRIVER_NAME "MTS64"
59013@@ -66,7 +67,7 @@ struct mts64 {
59014 struct pardevice *pardev;
59015 int pardev_claimed;
59016
59017- int open_count;
59018+ local_t open_count;
59019 int current_midi_output_port;
59020 int current_midi_input_port;
59021 u8 mode[MTS64_NUM_INPUT_PORTS];
59022@@ -696,7 +697,7 @@ static int snd_mts64_rawmidi_open(struct
59023 {
59024 struct mts64 *mts = substream->rmidi->private_data;
59025
59026- if (mts->open_count == 0) {
59027+ if (local_read(&mts->open_count) == 0) {
59028 /* We don't need a spinlock here, because this is just called
59029 if the device has not been opened before.
59030 So there aren't any IRQs from the device */
59031@@ -704,7 +705,7 @@ static int snd_mts64_rawmidi_open(struct
59032
59033 msleep(50);
59034 }
59035- ++(mts->open_count);
59036+ local_inc(&mts->open_count);
59037
59038 return 0;
59039 }
59040@@ -714,8 +715,7 @@ static int snd_mts64_rawmidi_close(struc
59041 struct mts64 *mts = substream->rmidi->private_data;
59042 unsigned long flags;
59043
59044- --(mts->open_count);
59045- if (mts->open_count == 0) {
59046+ if (local_dec_return(&mts->open_count) == 0) {
59047 /* We need the spinlock_irqsave here because we can still
59048 have IRQs at this point */
59049 spin_lock_irqsave(&mts->lock, flags);
59050@@ -724,8 +724,8 @@ static int snd_mts64_rawmidi_close(struc
59051
59052 msleep(500);
59053
59054- } else if (mts->open_count < 0)
59055- mts->open_count = 0;
59056+ } else if (local_read(&mts->open_count) < 0)
59057+ local_set(&mts->open_count, 0);
59058
59059 return 0;
59060 }
59061diff -urNp linux-2.6.38.2/sound/drivers/portman2x4.c linux-2.6.38.2/sound/drivers/portman2x4.c
59062--- linux-2.6.38.2/sound/drivers/portman2x4.c 2011-03-14 21:20:32.000000000 -0400
59063+++ linux-2.6.38.2/sound/drivers/portman2x4.c 2011-03-21 18:31:35.000000000 -0400
59064@@ -47,6 +47,7 @@
59065 #include <sound/initval.h>
59066 #include <sound/rawmidi.h>
59067 #include <sound/control.h>
59068+#include <asm/local.h>
59069
59070 #define CARD_NAME "Portman 2x4"
59071 #define DRIVER_NAME "portman"
59072@@ -84,7 +85,7 @@ struct portman {
59073 struct pardevice *pardev;
59074 int pardev_claimed;
59075
59076- int open_count;
59077+ local_t open_count;
59078 int mode[PORTMAN_NUM_INPUT_PORTS];
59079 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
59080 };
59081diff -urNp linux-2.6.38.2/sound/oss/sb_audio.c linux-2.6.38.2/sound/oss/sb_audio.c
59082--- linux-2.6.38.2/sound/oss/sb_audio.c 2011-03-14 21:20:32.000000000 -0400
59083+++ linux-2.6.38.2/sound/oss/sb_audio.c 2011-03-21 18:31:35.000000000 -0400
59084@@ -901,7 +901,7 @@ sb16_copy_from_user(int dev,
59085 buf16 = (signed short *)(localbuf + localoffs);
59086 while (c)
59087 {
59088- locallen = (c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c);
59089+ locallen = ((unsigned)c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c);
59090 if (copy_from_user(lbuf8,
59091 userbuf+useroffs + p,
59092 locallen))
59093diff -urNp linux-2.6.38.2/sound/oss/swarm_cs4297a.c linux-2.6.38.2/sound/oss/swarm_cs4297a.c
59094--- linux-2.6.38.2/sound/oss/swarm_cs4297a.c 2011-03-14 21:20:32.000000000 -0400
59095+++ linux-2.6.38.2/sound/oss/swarm_cs4297a.c 2011-03-21 18:31:35.000000000 -0400
59096@@ -2606,7 +2606,6 @@ static int __init cs4297a_init(void)
59097 {
59098 struct cs4297a_state *s;
59099 u32 pwr, id;
59100- mm_segment_t fs;
59101 int rval;
59102 #ifndef CONFIG_BCM_CS4297A_CSWARM
59103 u64 cfg;
59104@@ -2696,22 +2695,23 @@ static int __init cs4297a_init(void)
59105 if (!rval) {
59106 char *sb1250_duart_present;
59107
59108+#if 0
59109+ mm_segment_t fs;
59110 fs = get_fs();
59111 set_fs(KERNEL_DS);
59112-#if 0
59113 val = SOUND_MASK_LINE;
59114 mixer_ioctl(s, SOUND_MIXER_WRITE_RECSRC, (unsigned long) &val);
59115 for (i = 0; i < ARRAY_SIZE(initvol); i++) {
59116 val = initvol[i].vol;
59117 mixer_ioctl(s, initvol[i].mixch, (unsigned long) &val);
59118 }
59119+ set_fs(fs);
59120 // cs4297a_write_ac97(s, 0x18, 0x0808);
59121 #else
59122 // cs4297a_write_ac97(s, 0x5e, 0x180);
59123 cs4297a_write_ac97(s, 0x02, 0x0808);
59124 cs4297a_write_ac97(s, 0x18, 0x0808);
59125 #endif
59126- set_fs(fs);
59127
59128 list_add(&s->list, &cs4297a_devs);
59129
59130diff -urNp linux-2.6.38.2/sound/pci/ac97/ac97_patch.c linux-2.6.38.2/sound/pci/ac97/ac97_patch.c
59131--- linux-2.6.38.2/sound/pci/ac97/ac97_patch.c 2011-03-14 21:20:32.000000000 -0400
59132+++ linux-2.6.38.2/sound/pci/ac97/ac97_patch.c 2011-03-21 18:31:35.000000000 -0400
59133@@ -1486,7 +1486,7 @@ static const struct snd_ac97_res_table a
59134 { AC97_VIDEO, 0x9f1f },
59135 { AC97_AUX, 0x9f1f },
59136 { AC97_PCM, 0x9f1f },
59137- { } /* terminator */
59138+ { 0, 0 } /* terminator */
59139 };
59140
59141 static int patch_ad1819(struct snd_ac97 * ac97)
59142@@ -3864,7 +3864,7 @@ static struct snd_ac97_res_table lm4550_
59143 { AC97_AUX, 0x1f1f },
59144 { AC97_PCM, 0x1f1f },
59145 { AC97_REC_GAIN, 0x0f0f },
59146- { } /* terminator */
59147+ { 0, 0 } /* terminator */
59148 };
59149
59150 static int patch_lm4550(struct snd_ac97 *ac97)
59151diff -urNp linux-2.6.38.2/sound/pci/ens1370.c linux-2.6.38.2/sound/pci/ens1370.c
59152--- linux-2.6.38.2/sound/pci/ens1370.c 2011-03-14 21:20:32.000000000 -0400
59153+++ linux-2.6.38.2/sound/pci/ens1370.c 2011-03-21 18:31:35.000000000 -0400
59154@@ -452,7 +452,7 @@ static DEFINE_PCI_DEVICE_TABLE(snd_audio
59155 { PCI_VDEVICE(ENSONIQ, 0x5880), 0, }, /* ES1373 - CT5880 */
59156 { PCI_VDEVICE(ECTIVA, 0x8938), 0, }, /* Ectiva EV1938 */
59157 #endif
59158- { 0, }
59159+ { 0, 0, 0, 0, 0, 0, 0 }
59160 };
59161
59162 MODULE_DEVICE_TABLE(pci, snd_audiopci_ids);
59163diff -urNp linux-2.6.38.2/sound/pci/hda/patch_hdmi.c linux-2.6.38.2/sound/pci/hda/patch_hdmi.c
59164--- linux-2.6.38.2/sound/pci/hda/patch_hdmi.c 2011-03-14 21:20:32.000000000 -0400
59165+++ linux-2.6.38.2/sound/pci/hda/patch_hdmi.c 2011-03-21 18:31:35.000000000 -0400
59166@@ -733,10 +733,10 @@ static void hdmi_non_intrinsic_event(str
59167 cp_ready);
59168
59169 /* TODO */
59170- if (cp_state)
59171- ;
59172- if (cp_ready)
59173- ;
59174+ if (cp_state) {
59175+ }
59176+ if (cp_ready) {
59177+ }
59178 }
59179
59180
59181diff -urNp linux-2.6.38.2/sound/pci/intel8x0.c linux-2.6.38.2/sound/pci/intel8x0.c
59182--- linux-2.6.38.2/sound/pci/intel8x0.c 2011-03-14 21:20:32.000000000 -0400
59183+++ linux-2.6.38.2/sound/pci/intel8x0.c 2011-03-21 18:31:35.000000000 -0400
59184@@ -444,7 +444,7 @@ static DEFINE_PCI_DEVICE_TABLE(snd_intel
59185 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
59186 { PCI_VDEVICE(AMD, 0x7445), DEVICE_INTEL }, /* AMD768 */
59187 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
59188- { 0, }
59189+ { 0, 0, 0, 0, 0, 0, 0 }
59190 };
59191
59192 MODULE_DEVICE_TABLE(pci, snd_intel8x0_ids);
59193@@ -2141,7 +2141,7 @@ static struct ac97_quirk ac97_quirks[] _
59194 .type = AC97_TUNE_HP_ONLY
59195 },
59196 #endif
59197- { } /* terminator */
59198+ { 0, 0, 0, 0, NULL, 0 } /* terminator */
59199 };
59200
59201 static int __devinit snd_intel8x0_mixer(struct intel8x0 *chip, int ac97_clock,
59202diff -urNp linux-2.6.38.2/sound/pci/intel8x0m.c linux-2.6.38.2/sound/pci/intel8x0m.c
59203--- linux-2.6.38.2/sound/pci/intel8x0m.c 2011-03-14 21:20:32.000000000 -0400
59204+++ linux-2.6.38.2/sound/pci/intel8x0m.c 2011-03-21 18:31:35.000000000 -0400
59205@@ -239,7 +239,7 @@ static DEFINE_PCI_DEVICE_TABLE(snd_intel
59206 { PCI_VDEVICE(AMD, 0x746d), DEVICE_INTEL }, /* AMD8111 */
59207 { PCI_VDEVICE(AL, 0x5455), DEVICE_ALI }, /* Ali5455 */
59208 #endif
59209- { 0, }
59210+ { 0, 0, 0, 0, 0, 0, 0 }
59211 };
59212
59213 MODULE_DEVICE_TABLE(pci, snd_intel8x0m_ids);
59214@@ -1264,7 +1264,7 @@ static struct shortname_table {
59215 { 0x5455, "ALi M5455" },
59216 { 0x746d, "AMD AMD8111" },
59217 #endif
59218- { 0 },
59219+ { 0, NULL },
59220 };
59221
59222 static int __devinit snd_intel8x0m_probe(struct pci_dev *pci,
59223diff -urNp linux-2.6.38.2/usr/gen_init_cpio.c linux-2.6.38.2/usr/gen_init_cpio.c
59224--- linux-2.6.38.2/usr/gen_init_cpio.c 2011-03-14 21:20:32.000000000 -0400
59225+++ linux-2.6.38.2/usr/gen_init_cpio.c 2011-03-21 18:31:35.000000000 -0400
59226@@ -305,7 +305,7 @@ static int cpio_mkfile(const char *name,
59227 int retval;
59228 int rc = -1;
59229 int namesize;
59230- int i;
59231+ unsigned int i;
59232
59233 mode |= S_IFREG;
59234
59235@@ -394,9 +394,10 @@ static char *cpio_replace_env(char *new_
59236 *env_var = *expanded = '\0';
59237 strncat(env_var, start + 2, end - start - 2);
59238 strncat(expanded, new_location, start - new_location);
59239- strncat(expanded, getenv(env_var), PATH_MAX);
59240- strncat(expanded, end + 1, PATH_MAX);
59241+ strncat(expanded, getenv(env_var), PATH_MAX - strlen(expanded));
59242+ strncat(expanded, end + 1, PATH_MAX - strlen(expanded));
59243 strncpy(new_location, expanded, PATH_MAX);
59244+ new_location[PATH_MAX] = 0;
59245 } else
59246 break;
59247 }
59248diff -urNp linux-2.6.38.2/virt/kvm/kvm_main.c linux-2.6.38.2/virt/kvm/kvm_main.c
59249--- linux-2.6.38.2/virt/kvm/kvm_main.c 2011-03-14 21:20:32.000000000 -0400
59250+++ linux-2.6.38.2/virt/kvm/kvm_main.c 2011-03-21 18:31:35.000000000 -0400
59251@@ -1521,7 +1521,7 @@ static int kvm_vcpu_release(struct inode
59252 return 0;
59253 }
59254
59255-static struct file_operations kvm_vcpu_fops = {
59256+static struct file_operations kvm_vcpu_fops = { /* cannot be const */
59257 .release = kvm_vcpu_release,
59258 .unlocked_ioctl = kvm_vcpu_ioctl,
59259 .compat_ioctl = kvm_vcpu_ioctl,
59260@@ -1990,7 +1990,7 @@ static int kvm_vm_mmap(struct file *file
59261 return 0;
59262 }
59263
59264-static struct file_operations kvm_vm_fops = {
59265+static struct file_operations kvm_vm_fops = { /* cannot be const */
59266 .release = kvm_vm_release,
59267 .unlocked_ioctl = kvm_vm_ioctl,
59268 #ifdef CONFIG_COMPAT
59269@@ -2088,7 +2088,7 @@ out:
59270 return r;
59271 }
59272
59273-static struct file_operations kvm_chardev_ops = {
59274+static struct file_operations kvm_chardev_ops = { /* cannot be const */
59275 .unlocked_ioctl = kvm_dev_ioctl,
59276 .compat_ioctl = kvm_dev_ioctl,
59277 .llseek = noop_llseek,
59278@@ -2098,6 +2098,9 @@ static struct miscdevice kvm_dev = {
59279 KVM_MINOR,
59280 "kvm",
59281 &kvm_chardev_ops,
59282+ {NULL, NULL},
59283+ NULL,
59284+ NULL
59285 };
59286
59287 static void hardware_enable_nolock(void *junk)
59288@@ -2443,7 +2446,7 @@ static void kvm_sched_out(struct preempt
59289 kvm_arch_vcpu_put(vcpu);
59290 }
59291
59292-int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
59293+int kvm_init(const void *opaque, unsigned vcpu_size, unsigned vcpu_align,
59294 struct module *module)
59295 {
59296 int r;
diff --git a/testing/linux-grsec/grsecurity-2.2.2-2.6.38.7-201105222331.patch b/main/linux-grsec/grsecurity-2.2.2-2.6.38.7-201105222331.patch
index 8ac4f8cdfc..8ac4f8cdfc 100644
--- a/testing/linux-grsec/grsecurity-2.2.2-2.6.38.7-201105222331.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-2.6.38.7-201105222331.patch
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 14fbc4d832..f21ca50e0e 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,7 +1,7 @@
1# 1#
2# Automatically generated make config: don't edit 2# Automatically generated make config: don't edit
3# Linux/i386 2.6.38.1 Kernel Configuration 3# Linux/i386 2.6.38.6 Kernel Configuration
4# Thu Mar 31 17:56:09 2011 4# Thu May 19 13:36:21 2011
5# 5#
6# CONFIG_64BIT is not set 6# CONFIG_64BIT is not set
7CONFIG_X86_32=y 7CONFIG_X86_32=y
@@ -296,10 +296,10 @@ CONFIG_NO_BOOTMEM=y
296# CONFIG_MEMTEST is not set 296# CONFIG_MEMTEST is not set
297# CONFIG_M386 is not set 297# CONFIG_M386 is not set
298# CONFIG_M486 is not set 298# CONFIG_M486 is not set
299# CONFIG_M586 is not set 299CONFIG_M586=y
300# CONFIG_M586TSC is not set 300# CONFIG_M586TSC is not set
301# CONFIG_M586MMX is not set 301# CONFIG_M586MMX is not set
302CONFIG_M686=y 302# CONFIG_M686 is not set
303# CONFIG_MPENTIUMII is not set 303# CONFIG_MPENTIUMII is not set
304# CONFIG_MPENTIUMIII is not set 304# CONFIG_MPENTIUMIII is not set
305# CONFIG_MPENTIUMM is not set 305# CONFIG_MPENTIUMM is not set
@@ -318,25 +318,22 @@ CONFIG_M686=y
318# CONFIG_MVIAC7 is not set 318# CONFIG_MVIAC7 is not set
319# CONFIG_MCORE2 is not set 319# CONFIG_MCORE2 is not set
320# CONFIG_MATOM is not set 320# CONFIG_MATOM is not set
321# CONFIG_X86_GENERIC is not set 321CONFIG_X86_GENERIC=y
322CONFIG_X86_CPU=y 322CONFIG_X86_CPU=y
323CONFIG_X86_INTERNODE_CACHE_SHIFT=5 323CONFIG_X86_INTERNODE_CACHE_SHIFT=6
324CONFIG_X86_CMPXCHG=y 324CONFIG_X86_CMPXCHG=y
325CONFIG_CMPXCHG_LOCAL=y 325CONFIG_CMPXCHG_LOCAL=y
326CONFIG_X86_L1_CACHE_SHIFT=5 326CONFIG_X86_L1_CACHE_SHIFT=6
327CONFIG_X86_XADD=y 327CONFIG_X86_XADD=y
328# CONFIG_X86_PPRO_FENCE is not set 328# CONFIG_X86_PPRO_FENCE is not set
329CONFIG_X86_F00F_BUG=y
329CONFIG_X86_WP_WORKS_OK=y 330CONFIG_X86_WP_WORKS_OK=y
330CONFIG_X86_INVLPG=y 331CONFIG_X86_INVLPG=y
331CONFIG_X86_BSWAP=y 332CONFIG_X86_BSWAP=y
332CONFIG_X86_POPAD_OK=y 333CONFIG_X86_POPAD_OK=y
333CONFIG_X86_ALIGNMENT_16=y 334CONFIG_X86_ALIGNMENT_16=y
334CONFIG_X86_USE_PPRO_CHECKSUM=y 335CONFIG_X86_INTEL_USERCOPY=y
335CONFIG_X86_TSC=y 336CONFIG_X86_MINIMUM_CPU_FAMILY=4
336CONFIG_X86_CMPXCHG64=y
337CONFIG_X86_CMOV=y
338CONFIG_X86_MINIMUM_CPU_FAMILY=5
339CONFIG_X86_DEBUGCTLMSR=y
340# CONFIG_PROCESSOR_SELECT is not set 337# CONFIG_PROCESSOR_SELECT is not set
341CONFIG_CPU_SUP_INTEL=y 338CONFIG_CPU_SUP_INTEL=y
342CONFIG_CPU_SUP_CYRIX_32=y 339CONFIG_CPU_SUP_CYRIX_32=y
@@ -361,9 +358,9 @@ CONFIG_X86_IO_APIC=y
361# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set 358# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
362# CONFIG_X86_MCE is not set 359# CONFIG_X86_MCE is not set
363CONFIG_VM86=y 360CONFIG_VM86=y
364# CONFIG_TOSHIBA is not set 361CONFIG_TOSHIBA=m
365CONFIG_I8K=m 362CONFIG_I8K=m
366# CONFIG_X86_REBOOTFIXUPS is not set 363CONFIG_X86_REBOOTFIXUPS=y
367CONFIG_MICROCODE=m 364CONFIG_MICROCODE=m
368CONFIG_MICROCODE_INTEL=y 365CONFIG_MICROCODE_INTEL=y
369CONFIG_MICROCODE_AMD=y 366CONFIG_MICROCODE_AMD=y
@@ -382,19 +379,18 @@ CONFIG_PAGE_OFFSET=0xC0000000
382CONFIG_HIGHMEM=y 379CONFIG_HIGHMEM=y
383# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set 380# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set
384# CONFIG_ARCH_DMA_ADDR_T_64BIT is not set 381# CONFIG_ARCH_DMA_ADDR_T_64BIT is not set
385CONFIG_NEED_NODE_MEMMAP_SIZE=y
386CONFIG_ARCH_FLATMEM_ENABLE=y 382CONFIG_ARCH_FLATMEM_ENABLE=y
387CONFIG_ARCH_SPARSEMEM_ENABLE=y 383CONFIG_ARCH_SPARSEMEM_ENABLE=y
388CONFIG_ARCH_SELECT_MEMORY_MODEL=y 384CONFIG_ARCH_SELECT_MEMORY_MODEL=y
389CONFIG_ILLEGAL_POINTER_VALUE=0 385CONFIG_ILLEGAL_POINTER_VALUE=0
390CONFIG_SELECT_MEMORY_MODEL=y 386CONFIG_SELECT_MEMORY_MODEL=y
391# CONFIG_FLATMEM_MANUAL is not set 387CONFIG_FLATMEM_MANUAL=y
392CONFIG_SPARSEMEM_MANUAL=y 388# CONFIG_SPARSEMEM_MANUAL is not set
393CONFIG_SPARSEMEM=y 389CONFIG_FLATMEM=y
394CONFIG_HAVE_MEMORY_PRESENT=y 390CONFIG_FLAT_NODE_MEM_MAP=y
395CONFIG_SPARSEMEM_STATIC=y 391CONFIG_SPARSEMEM_STATIC=y
396CONFIG_HAVE_MEMBLOCK=y 392CONFIG_HAVE_MEMBLOCK=y
397# CONFIG_MEMORY_HOTPLUG is not set 393CONFIG_PAGEFLAGS_EXTENDED=y
398CONFIG_SPLIT_PTLOCK_CPUS=4 394CONFIG_SPLIT_PTLOCK_CPUS=4
399CONFIG_COMPACTION=y 395CONFIG_COMPACTION=y
400CONFIG_MIGRATION=y 396CONFIG_MIGRATION=y
@@ -556,7 +552,8 @@ CONFIG_PCI_IOAPIC=y
556CONFIG_ISA_DMA_API=y 552CONFIG_ISA_DMA_API=y
557# CONFIG_ISA is not set 553# CONFIG_ISA is not set
558# CONFIG_MCA is not set 554# CONFIG_MCA is not set
559# CONFIG_SCx200 is not set 555CONFIG_SCx200=m
556CONFIG_SCx200HR_TIMER=m
560# CONFIG_OLPC is not set 557# CONFIG_OLPC is not set
561# CONFIG_OLPC_OPENFIRMWARE is not set 558# CONFIG_OLPC_OPENFIRMWARE is not set
562CONFIG_AMD_NB=y 559CONFIG_AMD_NB=y
@@ -1296,6 +1293,7 @@ CONFIG_MTD_SC520CDP=m
1296CONFIG_MTD_NETSC520=m 1293CONFIG_MTD_NETSC520=m
1297CONFIG_MTD_TS5500=m 1294CONFIG_MTD_TS5500=m
1298CONFIG_MTD_SBC_GXX=m 1295CONFIG_MTD_SBC_GXX=m
1296# CONFIG_MTD_SCx200_DOCFLASH is not set
1299CONFIG_MTD_AMD76XROM=m 1297CONFIG_MTD_AMD76XROM=m
1300CONFIG_MTD_ICHXROM=m 1298CONFIG_MTD_ICHXROM=m
1301CONFIG_MTD_ESB2ROM=m 1299CONFIG_MTD_ESB2ROM=m
@@ -2461,7 +2459,6 @@ CONFIG_CONSOLE_TRANSLATIONS=y
2461CONFIG_VT_CONSOLE=y 2459CONFIG_VT_CONSOLE=y
2462CONFIG_HW_CONSOLE=y 2460CONFIG_HW_CONSOLE=y
2463# CONFIG_VT_HW_CONSOLE_BINDING is not set 2461# CONFIG_VT_HW_CONSOLE_BINDING is not set
2464# CONFIG_DEVKMEM is not set
2465CONFIG_SERIAL_NONSTANDARD=y 2462CONFIG_SERIAL_NONSTANDARD=y
2466CONFIG_COMPUTONE=m 2463CONFIG_COMPUTONE=m
2467CONFIG_ROCKETPORT=m 2464CONFIG_ROCKETPORT=m
@@ -2553,6 +2550,7 @@ CONFIG_CARDMAN_4000=m
2553CONFIG_CARDMAN_4040=m 2550CONFIG_CARDMAN_4040=m
2554CONFIG_IPWIRELESS=m 2551CONFIG_IPWIRELESS=m
2555CONFIG_MWAVE=m 2552CONFIG_MWAVE=m
2553# CONFIG_SCx200_GPIO is not set
2556# CONFIG_PC8736x_GPIO is not set 2554# CONFIG_PC8736x_GPIO is not set
2557# CONFIG_NSC_GPIO is not set 2555# CONFIG_NSC_GPIO is not set
2558CONFIG_RAW_DRIVER=m 2556CONFIG_RAW_DRIVER=m
@@ -2566,7 +2564,6 @@ CONFIG_TCG_NSC=m
2566CONFIG_TCG_ATMEL=m 2564CONFIG_TCG_ATMEL=m
2567CONFIG_TCG_INFINEON=m 2565CONFIG_TCG_INFINEON=m
2568CONFIG_TELCLOCK=m 2566CONFIG_TELCLOCK=m
2569CONFIG_DEVPORT=y
2570CONFIG_RAMOOPS=m 2567CONFIG_RAMOOPS=m
2571CONFIG_I2C=m 2568CONFIG_I2C=m
2572CONFIG_I2C_BOARDINFO=y 2569CONFIG_I2C_BOARDINFO=y
@@ -2891,6 +2888,7 @@ CONFIG_IT8712F_WDT=m
2891CONFIG_IT87_WDT=m 2888CONFIG_IT87_WDT=m
2892# CONFIG_HP_WATCHDOG is not set 2889# CONFIG_HP_WATCHDOG is not set
2893CONFIG_SC1200_WDT=m 2890CONFIG_SC1200_WDT=m
2891# CONFIG_SCx200_WDT is not set
2894CONFIG_PC87413_WDT=m 2892CONFIG_PC87413_WDT=m
2895CONFIG_NV_TCO=m 2893CONFIG_NV_TCO=m
2896CONFIG_60XX_WDT=m 2894CONFIG_60XX_WDT=m
@@ -4021,7 +4019,7 @@ CONFIG_USB_STORAGE_ALAUDA=m
4021CONFIG_USB_STORAGE_ONETOUCH=m 4019CONFIG_USB_STORAGE_ONETOUCH=m
4022CONFIG_USB_STORAGE_KARMA=m 4020CONFIG_USB_STORAGE_KARMA=m
4023CONFIG_USB_STORAGE_CYPRESS_ATACB=m 4021CONFIG_USB_STORAGE_CYPRESS_ATACB=m
4024# CONFIG_USB_UAS is not set 4022CONFIG_USB_UAS=m
4025CONFIG_USB_LIBUSUAL=y 4023CONFIG_USB_LIBUSUAL=y
4026 4024
4027# 4025#
@@ -4332,7 +4330,7 @@ CONFIG_UIO_PDRV=m
4332CONFIG_UIO_PDRV_GENIRQ=m 4330CONFIG_UIO_PDRV_GENIRQ=m
4333CONFIG_UIO_AEC=m 4331CONFIG_UIO_AEC=m
4334CONFIG_UIO_SERCOS3=m 4332CONFIG_UIO_SERCOS3=m
4335# CONFIG_UIO_PCI_GENERIC is not set 4333CONFIG_UIO_PCI_GENERIC=m
4336CONFIG_UIO_NETX=m 4334CONFIG_UIO_NETX=m
4337CONFIG_STAGING=y 4335CONFIG_STAGING=y
4338# CONFIG_STAGING_EXCLUDE_BUILD is not set 4336# CONFIG_STAGING_EXCLUDE_BUILD is not set
@@ -4434,7 +4432,7 @@ CONFIG_PANASONIC_LAPTOP=m
4434CONFIG_COMPAL_LAPTOP=m 4432CONFIG_COMPAL_LAPTOP=m
4435CONFIG_SONY_LAPTOP=m 4433CONFIG_SONY_LAPTOP=m
4436# CONFIG_SONYPI_COMPAT is not set 4434# CONFIG_SONYPI_COMPAT is not set
4437# CONFIG_IDEAPAD_LAPTOP is not set 4435CONFIG_IDEAPAD_LAPTOP=m
4438CONFIG_THINKPAD_ACPI=m 4436CONFIG_THINKPAD_ACPI=m
4439CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y 4437CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y
4440# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set 4438# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set
@@ -4453,7 +4451,7 @@ CONFIG_ACPI_ASUS=m
4453CONFIG_ACPI_TOSHIBA=m 4451CONFIG_ACPI_TOSHIBA=m
4454CONFIG_TOSHIBA_BT_RFKILL=m 4452CONFIG_TOSHIBA_BT_RFKILL=m
4455CONFIG_ACPI_CMPC=m 4453CONFIG_ACPI_CMPC=m
4456# CONFIG_INTEL_IPS is not set 4454CONFIG_INTEL_IPS=m
4457# CONFIG_IBM_RTL is not set 4455# CONFIG_IBM_RTL is not set
4458 4456
4459# 4457#
@@ -4748,7 +4746,7 @@ CONFIG_PRINTK_TIME=y
4748CONFIG_ENABLE_WARN_DEPRECATED=y 4746CONFIG_ENABLE_WARN_DEPRECATED=y
4749# CONFIG_ENABLE_MUST_CHECK is not set 4747# CONFIG_ENABLE_MUST_CHECK is not set
4750CONFIG_FRAME_WARN=1024 4748CONFIG_FRAME_WARN=1024
4751# CONFIG_MAGIC_SYSRQ is not set 4749CONFIG_MAGIC_SYSRQ=y
4752# CONFIG_STRIP_ASM_SYMS is not set 4750# CONFIG_STRIP_ASM_SYMS is not set
4753# CONFIG_UNUSED_SYMBOLS is not set 4751# CONFIG_UNUSED_SYMBOLS is not set
4754CONFIG_DEBUG_FS=y 4752CONFIG_DEBUG_FS=y
@@ -4787,6 +4785,7 @@ CONFIG_TRACING_SUPPORT=y
4787# CONFIG_SAMPLES is not set 4785# CONFIG_SAMPLES is not set
4788CONFIG_HAVE_ARCH_KGDB=y 4786CONFIG_HAVE_ARCH_KGDB=y
4789CONFIG_HAVE_ARCH_KMEMCHECK=y 4787CONFIG_HAVE_ARCH_KMEMCHECK=y
4788CONFIG_TEST_KSTRTOX=m
4790CONFIG_STRICT_DEVMEM=y 4789CONFIG_STRICT_DEVMEM=y
4791# CONFIG_X86_VERBOSE_BOOTUP is not set 4790# CONFIG_X86_VERBOSE_BOOTUP is not set
4792# CONFIG_EARLY_PRINTK is not set 4791# CONFIG_EARLY_PRINTK is not set
@@ -4827,6 +4826,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y
4827# CONFIG_GRKERNSEC_BRUTE is not set 4826# CONFIG_GRKERNSEC_BRUTE is not set
4828# CONFIG_GRKERNSEC_MODHARDEN is not set 4827# CONFIG_GRKERNSEC_MODHARDEN is not set
4829# CONFIG_GRKERNSEC_HIDESYM is not set 4828# CONFIG_GRKERNSEC_HIDESYM is not set
4829# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
4830 4830
4831# 4831#
4832# Role Based Access Control Options 4832# Role Based Access Control Options
@@ -4928,7 +4928,7 @@ CONFIG_PAX_HAVE_ACL_FLAGS=y
4928# 4928#
4929CONFIG_PAX_NOEXEC=y 4929CONFIG_PAX_NOEXEC=y
4930CONFIG_PAX_PAGEEXEC=y 4930CONFIG_PAX_PAGEEXEC=y
4931# CONFIG_PAX_SEGMEXEC is not set 4931CONFIG_PAX_SEGMEXEC=y
4932CONFIG_PAX_EMUTRAMP=y 4932CONFIG_PAX_EMUTRAMP=y
4933CONFIG_PAX_MPROTECT=y 4933CONFIG_PAX_MPROTECT=y
4934# CONFIG_PAX_MPROTECT_COMPAT is not set 4934# CONFIG_PAX_MPROTECT_COMPAT is not set
@@ -4939,7 +4939,6 @@ CONFIG_PAX_MPROTECT=y
4939# Address Space Layout Randomization 4939# Address Space Layout Randomization
4940# 4940#
4941CONFIG_PAX_ASLR=y 4941CONFIG_PAX_ASLR=y
4942# CONFIG_PAX_RANDKSTACK is not set
4943CONFIG_PAX_RANDUSTACK=y 4942CONFIG_PAX_RANDUSTACK=y
4944CONFIG_PAX_RANDMMAP=y 4943CONFIG_PAX_RANDMMAP=y
4945 4944
@@ -4947,6 +4946,7 @@ CONFIG_PAX_RANDMMAP=y
4947# Miscellaneous hardening features 4946# Miscellaneous hardening features
4948# 4947#
4949# CONFIG_PAX_MEMORY_SANITIZE is not set 4948# CONFIG_PAX_MEMORY_SANITIZE is not set
4949# CONFIG_PAX_MEMORY_STACKLEAK is not set
4950# CONFIG_PAX_MEMORY_UDEREF is not set 4950# CONFIG_PAX_MEMORY_UDEREF is not set
4951CONFIG_PAX_REFCOUNT=y 4951CONFIG_PAX_REFCOUNT=y
4952# CONFIG_PAX_USERCOPY is not set 4952# CONFIG_PAX_USERCOPY is not set
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index c830b9cc32..c035fc93bf 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,7 +1,7 @@
1# 1#
2# Automatically generated make config: don't edit 2# Automatically generated make config: don't edit
3# Linux/x86_64 2.6.38.1 Kernel Configuration 3# Linux/x86_64 2.6.38.3 Kernel Configuration
4# Thu Mar 31 17:56:09 2011 4# Mon Apr 18 10:45:51 2011
5# 5#
6CONFIG_64BIT=y 6CONFIG_64BIT=y
7# CONFIG_X86_32 is not set 7# CONFIG_X86_32 is not set
@@ -2415,7 +2415,6 @@ CONFIG_CONSOLE_TRANSLATIONS=y
2415CONFIG_VT_CONSOLE=y 2415CONFIG_VT_CONSOLE=y
2416CONFIG_HW_CONSOLE=y 2416CONFIG_HW_CONSOLE=y
2417# CONFIG_VT_HW_CONSOLE_BINDING is not set 2417# CONFIG_VT_HW_CONSOLE_BINDING is not set
2418# CONFIG_DEVKMEM is not set
2419CONFIG_SERIAL_NONSTANDARD=y 2418CONFIG_SERIAL_NONSTANDARD=y
2420CONFIG_COMPUTONE=m 2419CONFIG_COMPUTONE=m
2421CONFIG_ROCKETPORT=m 2420CONFIG_ROCKETPORT=m
@@ -2518,7 +2517,6 @@ CONFIG_TCG_NSC=m
2518CONFIG_TCG_ATMEL=m 2517CONFIG_TCG_ATMEL=m
2519CONFIG_TCG_INFINEON=m 2518CONFIG_TCG_INFINEON=m
2520CONFIG_TELCLOCK=m 2519CONFIG_TELCLOCK=m
2521CONFIG_DEVPORT=y
2522CONFIG_RAMOOPS=m 2520CONFIG_RAMOOPS=m
2523CONFIG_I2C=m 2521CONFIG_I2C=m
2524CONFIG_I2C_BOARDINFO=y 2522CONFIG_I2C_BOARDINFO=y
@@ -4707,7 +4705,7 @@ CONFIG_PRINTK_TIME=y
4707CONFIG_ENABLE_WARN_DEPRECATED=y 4705CONFIG_ENABLE_WARN_DEPRECATED=y
4708# CONFIG_ENABLE_MUST_CHECK is not set 4706# CONFIG_ENABLE_MUST_CHECK is not set
4709CONFIG_FRAME_WARN=1024 4707CONFIG_FRAME_WARN=1024
4710# CONFIG_MAGIC_SYSRQ is not set 4708CONFIG_MAGIC_SYSRQ=y
4711# CONFIG_STRIP_ASM_SYMS is not set 4709# CONFIG_STRIP_ASM_SYMS is not set
4712# CONFIG_UNUSED_SYMBOLS is not set 4710# CONFIG_UNUSED_SYMBOLS is not set
4713CONFIG_DEBUG_FS=y 4711CONFIG_DEBUG_FS=y
@@ -4746,6 +4744,7 @@ CONFIG_TRACING_SUPPORT=y
4746# CONFIG_SAMPLES is not set 4744# CONFIG_SAMPLES is not set
4747CONFIG_HAVE_ARCH_KGDB=y 4745CONFIG_HAVE_ARCH_KGDB=y
4748CONFIG_HAVE_ARCH_KMEMCHECK=y 4746CONFIG_HAVE_ARCH_KMEMCHECK=y
4747CONFIG_TEST_KSTRTOX=m
4749CONFIG_STRICT_DEVMEM=y 4748CONFIG_STRICT_DEVMEM=y
4750# CONFIG_X86_VERBOSE_BOOTUP is not set 4749# CONFIG_X86_VERBOSE_BOOTUP is not set
4751# CONFIG_EARLY_PRINTK is not set 4750# CONFIG_EARLY_PRINTK is not set
@@ -4784,6 +4783,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y
4784# CONFIG_GRKERNSEC_BRUTE is not set 4783# CONFIG_GRKERNSEC_BRUTE is not set
4785# CONFIG_GRKERNSEC_MODHARDEN is not set 4784# CONFIG_GRKERNSEC_MODHARDEN is not set
4786# CONFIG_GRKERNSEC_HIDESYM is not set 4785# CONFIG_GRKERNSEC_HIDESYM is not set
4786# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
4787 4787
4788# 4788#
4789# Role Based Access Control Options 4789# Role Based Access Control Options
@@ -4894,6 +4894,7 @@ CONFIG_PAX_MPROTECT=y
4894# Address Space Layout Randomization 4894# Address Space Layout Randomization
4895# 4895#
4896CONFIG_PAX_ASLR=y 4896CONFIG_PAX_ASLR=y
4897# CONFIG_PAX_RANDKSTACK is not set
4897CONFIG_PAX_RANDUSTACK=y 4898CONFIG_PAX_RANDUSTACK=y
4898CONFIG_PAX_RANDMMAP=y 4899CONFIG_PAX_RANDMMAP=y
4899 4900
@@ -4901,6 +4902,7 @@ CONFIG_PAX_RANDMMAP=y
4901# Miscellaneous hardening features 4902# Miscellaneous hardening features
4902# 4903#
4903# CONFIG_PAX_MEMORY_SANITIZE is not set 4904# CONFIG_PAX_MEMORY_SANITIZE is not set
4905# CONFIG_PAX_MEMORY_STACKLEAK is not set
4904CONFIG_PAX_REFCOUNT=y 4906CONFIG_PAX_REFCOUNT=y
4905# CONFIG_PAX_USERCOPY is not set 4907# CONFIG_PAX_USERCOPY is not set
4906CONFIG_KEYS=y 4908CONFIG_KEYS=y
diff --git a/testing/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch b/testing/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch
deleted file mode 100644
index 85161ea3a3..0000000000
--- a/testing/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From 8a0e3ea4924059a7268446177d6869e3399adbb2 Mon Sep 17 00:00:00 2001
2From: Timo Teras <timo.teras@iki.fi>
3Date: Mon, 12 Apr 2010 13:46:45 +0000
4Subject: [PATCH 04/18] arp: flush arp cache on device change
5
6If IFF_NOARP is changed, we must flush the arp cache.
7
8Signed-off-by: Timo Teras <timo.teras@iki.fi>
9---
10 net/ipv4/arp.c | 3 +++
11 1 files changed, 3 insertions(+), 0 deletions(-)
12
13diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
14index 4e80f33..580bfc3 100644
15--- a/net/ipv4/arp.c
16+++ b/net/ipv4/arp.c
17@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
18 neigh_changeaddr(&arp_tbl, dev);
19 rt_cache_flush(dev_net(dev), 0);
20 break;
21+ case NETDEV_CHANGE:
22+ neigh_changeaddr(&arp_tbl, dev);
23+ break;
24 default:
25 break;
26 }
27--
281.7.0.2
29
diff --git a/testing/linux-grsec/APKBUILD b/testing/linux-grsec/APKBUILD
deleted file mode 100644
index 758226d210..0000000000
--- a/testing/linux-grsec/APKBUILD
+++ /dev/null
@@ -1,145 +0,0 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2
3_flavor=grsec
4pkgname=linux-${_flavor}
5pkgver=2.6.38.7
6_kernver=2.6.38
7pkgrel=0
8pkgdesc="Linux kernel with grsecurity"
9url=http://grsecurity.net
10depends="mkinitfs linux-firmware"
11makedepends="perl installkernel bash"
12options="!strip"
13_config=${config:-kernelconfig.${CARCH}}
14install=
15source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
16 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
17 grsecurity-2.2.2-2.6.38.7-201105222331.patch
18
19 0004-arp-flush-arp-cache-on-device-change.patch
20 net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
21
22 kernelconfig.x86
23 kernelconfig.x86_64
24 "
25subpackages="$pkgname-dev"
26arch="x86 x86_64 arm"
27license="GPL-2"
28
29_abi_release=${pkgver}-${_flavor}
30
31prepare() {
32 local _patch_failed=
33 cd "$srcdir"/linux-$_kernver
34 if [ "$_kernver" != "$pkgver" ]; then
35 bunzip2 -c < "$srcdir"/patch-$pkgver.bz2 | patch -p1 -N || return 1
36 fi
37
38 # first apply patches in specified order
39 for i in $source; do
40 case $i in
41 *.patch)
42 msg "Applying $i..."
43 if ! patch -s -p1 -N -i "$srcdir"/$i; then
44 echo $i >>failed
45 _patch_failed=1
46 fi
47 ;;
48 esac
49 done
50
51 if ! [ -z "$_patch_failed" ]; then
52 error "The following patches failed:"
53 cat failed
54 return 1
55 fi
56
57 mkdir -p "$srcdir"/build
58 cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
59 make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
60 silentoldconfig
61}
62
63# this is so we can do: 'abuild menuconfig' to reconfigure kernel
64menuconfig() {
65 cd "$srcdir"/build || return 1
66 make menuconfig
67 cp .config "$startdir"/$_config
68}
69
70build() {
71 cd "$srcdir"/build
72 make CC="${CC:-gcc}" \
73 KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
74 || return 1
75}
76
77package() {
78 cd "$srcdir"/build
79 mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
80 make -j1 modules_install firmware_install install \
81 INSTALL_MOD_PATH="$pkgdir" \
82 INSTALL_PATH="$pkgdir"/boot \
83 || return 1
84
85 rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
86 "$pkgdir"/lib/modules/${_abi_release}/source
87 rm -rf "$pkgdir"/lib/firmware
88
89 install -D include/config/kernel.release \
90 "$pkgdir"/usr/share/kernel/$_flavor/kernel.release
91}
92
93dev() {
94 # copy the only the parts that we really need for build 3rd party
95 # kernel modules and install those as /usr/src/linux-headers,
96 # simlar to what ubuntu does
97 #
98 # this way you dont need to install the 300-400 kernel sources to
99 # build a tiny kernel module
100 #
101 pkgdesc="Headers and script for third party modules for grsec kernel"
102 local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
103
104 # first we import config, run prepare to set up for building
105 # external modules, and create the scripts
106 mkdir -p "$dir"
107 cp "$srcdir"/$_config "$dir"/.config
108 make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
109 silentoldconfig prepare scripts
110
111 # remove the stuff that poits to real sources. we want 3rd party
112 # modules to believe this is the soruces
113 rm "$dir"/Makefile "$dir"/source
114
115 # copy the needed stuff from real sources
116 #
117 # this is taken from ubuntu kernel build script
118 # http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
119 cd "$srcdir"/linux-$_kernver
120 find . -path './include/*' -prune -o -path './scripts/*' -prune \
121 -o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
122 -o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
123 -o -name '*.lds' \) | cpio -pdm "$dir"
124 cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
125 cp -a drivers/media/video/*.h "$dir"/drivers/media/video
126 cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
127 cp -a scripts include "$dir"
128 find $(find arch -name include -type d -print) -type f \
129 | cpio -pdm "$dir"
130
131 install -Dm644 "$srcdir"/build/Module.symvers \
132 "$dir"/Module.symvers
133
134 mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
135 ln -sf /usr/src/linux-headers-${_abi_release} \
136 "$subpkgdir"/lib/modules/${_abi_release}/build
137}
138
139md5sums="7d471477bfa67546f902da62227fa976 linux-2.6.38.tar.bz2
1402639b4b98a2dcfc8b7f091543f289205 patch-2.6.38.7.bz2
141405571538f81e3ebbe8cbfc029c52fdd grsecurity-2.2.2-2.6.38.7-201105222331.patch
142776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
143aa1b82da0cabfb41c5e6da5bddf60bab net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
144f4cf5b0ddfeef7aa87fb27792aff88a4 kernelconfig.x86
1450a73d8d896101de90f47dae32119e7ca kernelconfig.x86_64"
diff --git a/testing/linux-grsec/kernelconfig.x86 b/testing/linux-grsec/kernelconfig.x86
deleted file mode 100644
index f21ca50e0e..0000000000
--- a/testing/linux-grsec/kernelconfig.x86
+++ /dev/null
@@ -1,5157 +0,0 @@
1#
2# Automatically generated make config: don't edit
3# Linux/i386 2.6.38.6 Kernel Configuration
4# Thu May 19 13:36:21 2011
5#
6# CONFIG_64BIT is not set
7CONFIG_X86_32=y
8# CONFIG_X86_64 is not set
9CONFIG_X86=y
10CONFIG_INSTRUCTION_DECODER=y
11CONFIG_OUTPUT_FORMAT="elf32-i386"
12CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig"
13CONFIG_GENERIC_CMOS_UPDATE=y
14CONFIG_CLOCKSOURCE_WATCHDOG=y
15CONFIG_GENERIC_CLOCKEVENTS=y
16CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
17CONFIG_LOCKDEP_SUPPORT=y
18CONFIG_STACKTRACE_SUPPORT=y
19CONFIG_HAVE_LATENCYTOP_SUPPORT=y
20CONFIG_MMU=y
21CONFIG_ZONE_DMA=y
22# CONFIG_NEED_DMA_MAP_STATE is not set
23CONFIG_NEED_SG_DMA_LENGTH=y
24CONFIG_GENERIC_ISA_DMA=y
25CONFIG_GENERIC_IOMAP=y
26CONFIG_GENERIC_BUG=y
27CONFIG_GENERIC_HWEIGHT=y
28CONFIG_GENERIC_GPIO=y
29CONFIG_ARCH_MAY_HAVE_PC_FDC=y
30# CONFIG_RWSEM_GENERIC_SPINLOCK is not set
31CONFIG_RWSEM_XCHGADD_ALGORITHM=y
32CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
33CONFIG_GENERIC_CALIBRATE_DELAY=y
34# CONFIG_GENERIC_TIME_VSYSCALL is not set
35CONFIG_ARCH_HAS_CPU_RELAX=y
36CONFIG_ARCH_HAS_DEFAULT_IDLE=y
37CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
38CONFIG_HAVE_SETUP_PER_CPU_AREA=y
39CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
40CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
41# CONFIG_HAVE_CPUMASK_OF_CPU_MAP is not set
42CONFIG_ARCH_HIBERNATION_POSSIBLE=y
43CONFIG_ARCH_SUSPEND_POSSIBLE=y
44# CONFIG_ZONE_DMA32 is not set
45CONFIG_ARCH_POPULATES_NODE_MAP=y
46# CONFIG_AUDIT_ARCH is not set
47CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
48CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
49CONFIG_X86_32_SMP=y
50CONFIG_X86_HT=y
51CONFIG_X86_TRAMPOLINE=y
52CONFIG_X86_32_LAZY_GS=y
53CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx"
54CONFIG_KTIME_SCALAR=y
55CONFIG_ARCH_CPU_PROBE_RELEASE=y
56CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
57CONFIG_CONSTRUCTORS=y
58CONFIG_HAVE_IRQ_WORK=y
59CONFIG_IRQ_WORK=y
60
61#
62# General setup
63#
64CONFIG_EXPERIMENTAL=y
65CONFIG_LOCK_KERNEL=y
66CONFIG_INIT_ENV_ARG_LIMIT=32
67CONFIG_CROSS_COMPILE=""
68CONFIG_LOCALVERSION=""
69# CONFIG_LOCALVERSION_AUTO is not set
70CONFIG_HAVE_KERNEL_GZIP=y
71CONFIG_HAVE_KERNEL_BZIP2=y
72CONFIG_HAVE_KERNEL_LZMA=y
73CONFIG_HAVE_KERNEL_XZ=y
74CONFIG_HAVE_KERNEL_LZO=y
75CONFIG_KERNEL_GZIP=y
76# CONFIG_KERNEL_BZIP2 is not set
77# CONFIG_KERNEL_LZMA is not set
78# CONFIG_KERNEL_XZ is not set
79# CONFIG_KERNEL_LZO is not set
80CONFIG_SWAP=y
81CONFIG_SYSVIPC=y
82CONFIG_SYSVIPC_SYSCTL=y
83# CONFIG_POSIX_MQUEUE is not set
84CONFIG_BSD_PROCESS_ACCT=y
85CONFIG_BSD_PROCESS_ACCT_V3=y
86# CONFIG_TASKSTATS is not set
87# CONFIG_AUDIT is not set
88CONFIG_HAVE_GENERIC_HARDIRQS=y
89
90#
91# IRQ subsystem
92#
93CONFIG_GENERIC_HARDIRQS=y
94# CONFIG_GENERIC_HARDIRQS_NO_DEPRECATED is not set
95CONFIG_HAVE_SPARSE_IRQ=y
96CONFIG_GENERIC_IRQ_PROBE=y
97CONFIG_GENERIC_PENDING_IRQ=y
98# CONFIG_AUTO_IRQ_AFFINITY is not set
99# CONFIG_IRQ_PER_CPU is not set
100# CONFIG_HARDIRQS_SW_RESEND is not set
101# CONFIG_SPARSE_IRQ is not set
102
103#
104# RCU Subsystem
105#
106CONFIG_TREE_RCU=y
107# CONFIG_PREEMPT_RCU is not set
108# CONFIG_RCU_TRACE is not set
109CONFIG_RCU_FANOUT=32
110# CONFIG_RCU_FANOUT_EXACT is not set
111CONFIG_RCU_FAST_NO_HZ=y
112# CONFIG_TREE_RCU_TRACE is not set
113CONFIG_IKCONFIG=m
114CONFIG_IKCONFIG_PROC=y
115CONFIG_LOG_BUF_SHIFT=14
116CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
117CONFIG_CGROUPS=y
118# CONFIG_CGROUP_DEBUG is not set
119CONFIG_CGROUP_NS=y
120CONFIG_CGROUP_FREEZER=y
121CONFIG_CGROUP_DEVICE=y
122# CONFIG_CPUSETS is not set
123CONFIG_CGROUP_CPUACCT=y
124# CONFIG_RESOURCE_COUNTERS is not set
125CONFIG_CGROUP_SCHED=y
126CONFIG_FAIR_GROUP_SCHED=y
127CONFIG_RT_GROUP_SCHED=y
128CONFIG_BLK_CGROUP=y
129# CONFIG_DEBUG_BLK_CGROUP is not set
130CONFIG_NAMESPACES=y
131CONFIG_UTS_NS=y
132CONFIG_IPC_NS=y
133CONFIG_USER_NS=y
134CONFIG_PID_NS=y
135CONFIG_NET_NS=y
136CONFIG_SCHED_AUTOGROUP=y
137# CONFIG_SYSFS_DEPRECATED is not set
138# CONFIG_RELAY is not set
139CONFIG_BLK_DEV_INITRD=y
140CONFIG_INITRAMFS_SOURCE=""
141CONFIG_RD_GZIP=y
142CONFIG_RD_BZIP2=y
143CONFIG_RD_LZMA=y
144CONFIG_RD_XZ=y
145CONFIG_RD_LZO=y
146CONFIG_CC_OPTIMIZE_FOR_SIZE=y
147CONFIG_SYSCTL=y
148CONFIG_ANON_INODES=y
149CONFIG_EXPERT=y
150CONFIG_EMBEDDED=y
151CONFIG_UID16=y
152CONFIG_SYSCTL_SYSCALL=y
153CONFIG_KALLSYMS=y
154# CONFIG_KALLSYMS_EXTRA_PASS is not set
155CONFIG_HOTPLUG=y
156CONFIG_PRINTK=y
157CONFIG_BUG=y
158CONFIG_ELF_CORE=y
159CONFIG_PCSPKR_PLATFORM=y
160CONFIG_BASE_FULL=y
161CONFIG_FUTEX=y
162CONFIG_EPOLL=y
163CONFIG_SIGNALFD=y
164CONFIG_TIMERFD=y
165CONFIG_EVENTFD=y
166CONFIG_SHMEM=y
167CONFIG_AIO=y
168CONFIG_HAVE_PERF_EVENTS=y
169
170#
171# Kernel Performance Events And Counters
172#
173CONFIG_PERF_EVENTS=y
174CONFIG_PERF_COUNTERS=y
175CONFIG_VM_EVENT_COUNTERS=y
176CONFIG_PCI_QUIRKS=y
177# CONFIG_SLUB_DEBUG is not set
178# CONFIG_COMPAT_BRK is not set
179# CONFIG_SLAB is not set
180CONFIG_SLUB=y
181# CONFIG_SLOB is not set
182CONFIG_PROFILING=y
183CONFIG_OPROFILE=m
184# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
185CONFIG_HAVE_OPROFILE=y
186CONFIG_KPROBES=y
187# CONFIG_JUMP_LABEL is not set
188CONFIG_OPTPROBES=y
189CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
190CONFIG_KRETPROBES=y
191CONFIG_USER_RETURN_NOTIFIER=y
192CONFIG_HAVE_IOREMAP_PROT=y
193CONFIG_HAVE_KPROBES=y
194CONFIG_HAVE_KRETPROBES=y
195CONFIG_HAVE_OPTPROBES=y
196CONFIG_HAVE_ARCH_TRACEHOOK=y
197CONFIG_HAVE_DMA_ATTRS=y
198CONFIG_USE_GENERIC_SMP_HELPERS=y
199CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
200CONFIG_HAVE_DMA_API_DEBUG=y
201CONFIG_HAVE_HW_BREAKPOINT=y
202CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
203CONFIG_HAVE_USER_RETURN_NOTIFIER=y
204CONFIG_HAVE_PERF_EVENTS_NMI=y
205CONFIG_HAVE_ARCH_JUMP_LABEL=y
206
207#
208# GCOV-based kernel profiling
209#
210# CONFIG_GCOV_KERNEL is not set
211CONFIG_HAVE_GENERIC_DMA_COHERENT=y
212CONFIG_RT_MUTEXES=y
213CONFIG_BASE_SMALL=0
214CONFIG_MODULES=y
215# CONFIG_MODULE_FORCE_LOAD is not set
216CONFIG_MODULE_UNLOAD=y
217# CONFIG_MODULE_FORCE_UNLOAD is not set
218CONFIG_MODVERSIONS=y
219# CONFIG_MODULE_SRCVERSION_ALL is not set
220CONFIG_STOP_MACHINE=y
221CONFIG_BLOCK=y
222CONFIG_LBDAF=y
223CONFIG_BLK_DEV_BSG=y
224# CONFIG_BLK_DEV_INTEGRITY is not set
225# CONFIG_BLK_DEV_THROTTLING is not set
226
227#
228# IO Schedulers
229#
230CONFIG_IOSCHED_NOOP=y
231CONFIG_IOSCHED_DEADLINE=m
232CONFIG_IOSCHED_CFQ=y
233CONFIG_CFQ_GROUP_IOSCHED=y
234CONFIG_DEFAULT_CFQ=y
235# CONFIG_DEFAULT_NOOP is not set
236CONFIG_DEFAULT_IOSCHED="cfq"
237CONFIG_PREEMPT_NOTIFIERS=y
238CONFIG_PADATA=y
239# CONFIG_INLINE_SPIN_TRYLOCK is not set
240# CONFIG_INLINE_SPIN_TRYLOCK_BH is not set
241# CONFIG_INLINE_SPIN_LOCK is not set
242# CONFIG_INLINE_SPIN_LOCK_BH is not set
243# CONFIG_INLINE_SPIN_LOCK_IRQ is not set
244# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set
245CONFIG_INLINE_SPIN_UNLOCK=y
246# CONFIG_INLINE_SPIN_UNLOCK_BH is not set
247CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
248# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set
249# CONFIG_INLINE_READ_TRYLOCK is not set
250# CONFIG_INLINE_READ_LOCK is not set
251# CONFIG_INLINE_READ_LOCK_BH is not set
252# CONFIG_INLINE_READ_LOCK_IRQ is not set
253# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set
254CONFIG_INLINE_READ_UNLOCK=y
255# CONFIG_INLINE_READ_UNLOCK_BH is not set
256CONFIG_INLINE_READ_UNLOCK_IRQ=y
257# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set
258# CONFIG_INLINE_WRITE_TRYLOCK is not set
259# CONFIG_INLINE_WRITE_LOCK is not set
260# CONFIG_INLINE_WRITE_LOCK_BH is not set
261# CONFIG_INLINE_WRITE_LOCK_IRQ is not set
262# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set
263CONFIG_INLINE_WRITE_UNLOCK=y
264# CONFIG_INLINE_WRITE_UNLOCK_BH is not set
265CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
266# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set
267CONFIG_MUTEX_SPIN_ON_OWNER=y
268CONFIG_FREEZER=y
269
270#
271# Processor type and features
272#
273CONFIG_TICK_ONESHOT=y
274CONFIG_NO_HZ=y
275CONFIG_HIGH_RES_TIMERS=y
276CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
277CONFIG_SMP=y
278CONFIG_X86_MPPARSE=y
279# CONFIG_X86_BIGSMP is not set
280CONFIG_X86_EXTENDED_PLATFORM=y
281# CONFIG_X86_ELAN is not set
282# CONFIG_X86_MRST is not set
283# CONFIG_X86_RDC321X is not set
284# CONFIG_X86_32_NON_STANDARD is not set
285# CONFIG_X86_32_IRIS is not set
286CONFIG_SCHED_OMIT_FRAME_POINTER=y
287CONFIG_PARAVIRT_GUEST=y
288# CONFIG_XEN_PRIVILEGED_GUEST is not set
289CONFIG_KVM_CLOCK=y
290CONFIG_KVM_GUEST=y
291# CONFIG_LGUEST_GUEST is not set
292CONFIG_PARAVIRT=y
293# CONFIG_PARAVIRT_SPINLOCKS is not set
294CONFIG_PARAVIRT_CLOCK=y
295CONFIG_NO_BOOTMEM=y
296# CONFIG_MEMTEST is not set
297# CONFIG_M386 is not set
298# CONFIG_M486 is not set
299CONFIG_M586=y
300# CONFIG_M586TSC is not set
301# CONFIG_M586MMX is not set
302# CONFIG_M686 is not set
303# CONFIG_MPENTIUMII is not set
304# CONFIG_MPENTIUMIII is not set
305# CONFIG_MPENTIUMM is not set
306# CONFIG_MPENTIUM4 is not set
307# CONFIG_MK6 is not set
308# CONFIG_MK7 is not set
309# CONFIG_MK8 is not set
310# CONFIG_MCRUSOE is not set
311# CONFIG_MEFFICEON is not set
312# CONFIG_MWINCHIPC6 is not set
313# CONFIG_MWINCHIP3D is not set
314# CONFIG_MGEODEGX1 is not set
315# CONFIG_MGEODE_LX is not set
316# CONFIG_MCYRIXIII is not set
317# CONFIG_MVIAC3_2 is not set
318# CONFIG_MVIAC7 is not set
319# CONFIG_MCORE2 is not set
320# CONFIG_MATOM is not set
321CONFIG_X86_GENERIC=y
322CONFIG_X86_CPU=y
323CONFIG_X86_INTERNODE_CACHE_SHIFT=6
324CONFIG_X86_CMPXCHG=y
325CONFIG_CMPXCHG_LOCAL=y
326CONFIG_X86_L1_CACHE_SHIFT=6
327CONFIG_X86_XADD=y
328# CONFIG_X86_PPRO_FENCE is not set
329CONFIG_X86_F00F_BUG=y
330CONFIG_X86_WP_WORKS_OK=y
331CONFIG_X86_INVLPG=y
332CONFIG_X86_BSWAP=y
333CONFIG_X86_POPAD_OK=y
334CONFIG_X86_ALIGNMENT_16=y
335CONFIG_X86_INTEL_USERCOPY=y
336CONFIG_X86_MINIMUM_CPU_FAMILY=4
337# CONFIG_PROCESSOR_SELECT is not set
338CONFIG_CPU_SUP_INTEL=y
339CONFIG_CPU_SUP_CYRIX_32=y
340CONFIG_CPU_SUP_AMD=y
341CONFIG_CPU_SUP_CENTAUR=y
342CONFIG_CPU_SUP_TRANSMETA_32=y
343CONFIG_CPU_SUP_UMC_32=y
344CONFIG_HPET_TIMER=y
345CONFIG_HPET_EMULATE_RTC=y
346CONFIG_DMI=y
347# CONFIG_IOMMU_HELPER is not set
348# CONFIG_IOMMU_API is not set
349CONFIG_NR_CPUS=8
350CONFIG_SCHED_SMT=y
351CONFIG_SCHED_MC=y
352CONFIG_IRQ_TIME_ACCOUNTING=y
353# CONFIG_PREEMPT_NONE is not set
354CONFIG_PREEMPT_VOLUNTARY=y
355# CONFIG_PREEMPT is not set
356CONFIG_X86_LOCAL_APIC=y
357CONFIG_X86_IO_APIC=y
358# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
359# CONFIG_X86_MCE is not set
360CONFIG_VM86=y
361CONFIG_TOSHIBA=m
362CONFIG_I8K=m
363CONFIG_X86_REBOOTFIXUPS=y
364CONFIG_MICROCODE=m
365CONFIG_MICROCODE_INTEL=y
366CONFIG_MICROCODE_AMD=y
367CONFIG_MICROCODE_OLD_INTERFACE=y
368CONFIG_X86_MSR=m
369CONFIG_X86_CPUID=m
370# CONFIG_NOHIGHMEM is not set
371CONFIG_HIGHMEM4G=y
372# CONFIG_HIGHMEM64G is not set
373CONFIG_VMSPLIT_3G=y
374# CONFIG_VMSPLIT_3G_OPT is not set
375# CONFIG_VMSPLIT_2G is not set
376# CONFIG_VMSPLIT_2G_OPT is not set
377# CONFIG_VMSPLIT_1G is not set
378CONFIG_PAGE_OFFSET=0xC0000000
379CONFIG_HIGHMEM=y
380# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set
381# CONFIG_ARCH_DMA_ADDR_T_64BIT is not set
382CONFIG_ARCH_FLATMEM_ENABLE=y
383CONFIG_ARCH_SPARSEMEM_ENABLE=y
384CONFIG_ARCH_SELECT_MEMORY_MODEL=y
385CONFIG_ILLEGAL_POINTER_VALUE=0
386CONFIG_SELECT_MEMORY_MODEL=y
387CONFIG_FLATMEM_MANUAL=y
388# CONFIG_SPARSEMEM_MANUAL is not set
389CONFIG_FLATMEM=y
390CONFIG_FLAT_NODE_MEM_MAP=y
391CONFIG_SPARSEMEM_STATIC=y
392CONFIG_HAVE_MEMBLOCK=y
393CONFIG_PAGEFLAGS_EXTENDED=y
394CONFIG_SPLIT_PTLOCK_CPUS=4
395CONFIG_COMPACTION=y
396CONFIG_MIGRATION=y
397# CONFIG_PHYS_ADDR_T_64BIT is not set
398CONFIG_ZONE_DMA_FLAG=1
399CONFIG_BOUNCE=y
400CONFIG_VIRT_TO_BUS=y
401CONFIG_MMU_NOTIFIER=y
402CONFIG_KSM=y
403CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
404CONFIG_TRANSPARENT_HUGEPAGE=y
405CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
406# CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
407# CONFIG_HIGHPTE is not set
408# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
409CONFIG_X86_RESERVE_LOW=64
410# CONFIG_MATH_EMULATION is not set
411CONFIG_MTRR=y
412CONFIG_MTRR_SANITIZER=y
413CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
414CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
415CONFIG_X86_PAT=y
416CONFIG_ARCH_USES_PG_UNCACHED=y
417# CONFIG_EFI is not set
418# CONFIG_SECCOMP is not set
419# CONFIG_CC_STACKPROTECTOR is not set
420# CONFIG_HZ_100 is not set
421# CONFIG_HZ_250 is not set
422CONFIG_HZ_300=y
423# CONFIG_HZ_1000 is not set
424CONFIG_HZ=300
425CONFIG_SCHED_HRTICK=y
426# CONFIG_KEXEC is not set
427# CONFIG_CRASH_DUMP is not set
428CONFIG_PHYSICAL_START=0x1000000
429# CONFIG_RELOCATABLE is not set
430CONFIG_PHYSICAL_ALIGN=0x1000000
431CONFIG_HOTPLUG_CPU=y
432# CONFIG_CMDLINE_BOOL is not set
433CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
434
435#
436# Power management and ACPI options
437#
438CONFIG_PM=y
439# CONFIG_PM_DEBUG is not set
440CONFIG_PM_SLEEP_SMP=y
441CONFIG_PM_SLEEP=y
442CONFIG_SUSPEND=y
443CONFIG_SUSPEND_FREEZER=y
444# CONFIG_HIBERNATION is not set
445# CONFIG_PM_RUNTIME is not set
446CONFIG_PM_OPS=y
447CONFIG_ACPI=y
448CONFIG_ACPI_SLEEP=y
449CONFIG_ACPI_PROCFS=y
450CONFIG_ACPI_PROCFS_POWER=y
451# CONFIG_ACPI_POWER_METER is not set
452CONFIG_ACPI_EC_DEBUGFS=y
453CONFIG_ACPI_PROC_EVENT=y
454CONFIG_ACPI_AC=m
455CONFIG_ACPI_BATTERY=m
456CONFIG_ACPI_BUTTON=m
457CONFIG_ACPI_VIDEO=m
458CONFIG_ACPI_FAN=m
459CONFIG_ACPI_DOCK=y
460CONFIG_ACPI_PROCESSOR=m
461CONFIG_ACPI_IPMI=m
462CONFIG_ACPI_HOTPLUG_CPU=y
463# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
464CONFIG_ACPI_THERMAL=m
465# CONFIG_ACPI_CUSTOM_DSDT is not set
466CONFIG_ACPI_BLACKLIST_YEAR=0
467# CONFIG_ACPI_DEBUG is not set
468CONFIG_ACPI_PCI_SLOT=m
469CONFIG_X86_PM_TIMER=y
470CONFIG_ACPI_CONTAINER=m
471CONFIG_ACPI_SBS=m
472CONFIG_ACPI_HED=m
473CONFIG_ACPI_APEI=y
474CONFIG_ACPI_APEI_GHES=m
475CONFIG_ACPI_APEI_EINJ=m
476CONFIG_ACPI_APEI_ERST_DEBUG=y
477# CONFIG_SFI is not set
478# CONFIG_APM is not set
479
480#
481# CPU Frequency scaling
482#
483CONFIG_CPU_FREQ=y
484CONFIG_CPU_FREQ_TABLE=m
485# CONFIG_CPU_FREQ_DEBUG is not set
486CONFIG_CPU_FREQ_STAT=m
487# CONFIG_CPU_FREQ_STAT_DETAILS is not set
488CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
489# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
490# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
491# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
492# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
493CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
494CONFIG_CPU_FREQ_GOV_POWERSAVE=m
495CONFIG_CPU_FREQ_GOV_USERSPACE=m
496CONFIG_CPU_FREQ_GOV_ONDEMAND=m
497CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
498
499#
500# CPUFreq processor drivers
501#
502CONFIG_X86_PCC_CPUFREQ=m
503CONFIG_X86_ACPI_CPUFREQ=m
504# CONFIG_X86_POWERNOW_K6 is not set
505# CONFIG_X86_POWERNOW_K7 is not set
506CONFIG_X86_POWERNOW_K8=m
507# CONFIG_X86_GX_SUSPMOD is not set
508CONFIG_X86_SPEEDSTEP_CENTRINO=m
509CONFIG_X86_SPEEDSTEP_CENTRINO_TABLE=y
510# CONFIG_X86_SPEEDSTEP_ICH is not set
511# CONFIG_X86_SPEEDSTEP_SMI is not set
512CONFIG_X86_P4_CLOCKMOD=m
513# CONFIG_X86_CPUFREQ_NFORCE2 is not set
514# CONFIG_X86_LONGRUN is not set
515# CONFIG_X86_LONGHAUL is not set
516# CONFIG_X86_E_POWERSAVER is not set
517
518#
519# shared options
520#
521CONFIG_X86_SPEEDSTEP_LIB=m
522CONFIG_CPU_IDLE=y
523CONFIG_CPU_IDLE_GOV_LADDER=y
524CONFIG_CPU_IDLE_GOV_MENU=y
525CONFIG_INTEL_IDLE=y
526
527#
528# Bus options (PCI etc.)
529#
530CONFIG_PCI=y
531# CONFIG_PCI_GOBIOS is not set
532# CONFIG_PCI_GOMMCONFIG is not set
533# CONFIG_PCI_GODIRECT is not set
534CONFIG_PCI_GOANY=y
535CONFIG_PCI_BIOS=y
536CONFIG_PCI_DIRECT=y
537CONFIG_PCI_MMCONFIG=y
538CONFIG_PCI_DOMAINS=y
539CONFIG_PCI_CNB20LE_QUIRK=y
540# CONFIG_DMAR is not set
541CONFIG_PCIEPORTBUS=y
542CONFIG_HOTPLUG_PCI_PCIE=m
543# CONFIG_PCIEAER is not set
544CONFIG_PCIEASPM=y
545# CONFIG_PCIEASPM_DEBUG is not set
546CONFIG_ARCH_SUPPORTS_MSI=y
547CONFIG_PCI_MSI=y
548CONFIG_PCI_STUB=m
549CONFIG_HT_IRQ=y
550# CONFIG_PCI_IOV is not set
551CONFIG_PCI_IOAPIC=y
552CONFIG_ISA_DMA_API=y
553# CONFIG_ISA is not set
554# CONFIG_MCA is not set
555CONFIG_SCx200=m
556CONFIG_SCx200HR_TIMER=m
557# CONFIG_OLPC is not set
558# CONFIG_OLPC_OPENFIRMWARE is not set
559CONFIG_AMD_NB=y
560CONFIG_PCCARD=m
561CONFIG_PCMCIA=m
562CONFIG_PCMCIA_LOAD_CIS=y
563CONFIG_CARDBUS=y
564
565#
566# PC-card bridges
567#
568CONFIG_YENTA=m
569CONFIG_YENTA_O2=y
570CONFIG_YENTA_RICOH=y
571CONFIG_YENTA_TI=y
572CONFIG_YENTA_ENE_TUNE=y
573CONFIG_YENTA_TOSHIBA=y
574CONFIG_PD6729=m
575CONFIG_I82092=m
576CONFIG_PCCARD_NONSTATIC=y
577CONFIG_HOTPLUG_PCI=m
578CONFIG_HOTPLUG_PCI_FAKE=m
579# CONFIG_HOTPLUG_PCI_COMPAQ is not set
580# CONFIG_HOTPLUG_PCI_IBM is not set
581CONFIG_HOTPLUG_PCI_ACPI=m
582CONFIG_HOTPLUG_PCI_ACPI_IBM=m
583CONFIG_HOTPLUG_PCI_CPCI=y
584CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m
585CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m
586CONFIG_HOTPLUG_PCI_SHPC=m
587
588#
589# Executable file formats / Emulations
590#
591CONFIG_BINFMT_ELF=y
592# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
593CONFIG_HAVE_AOUT=y
594CONFIG_BINFMT_MISC=m
595CONFIG_HAVE_ATOMIC_IOMAP=y
596CONFIG_HAVE_TEXT_POKE_SMP=y
597CONFIG_NET=y
598
599#
600# Networking options
601#
602CONFIG_PACKET=m
603CONFIG_UNIX=y
604CONFIG_XFRM=y
605CONFIG_XFRM_USER=m
606CONFIG_XFRM_SUB_POLICY=y
607CONFIG_XFRM_MIGRATE=y
608# CONFIG_XFRM_STATISTICS is not set
609CONFIG_XFRM_IPCOMP=m
610CONFIG_NET_KEY=m
611CONFIG_NET_KEY_MIGRATE=y
612CONFIG_INET=y
613CONFIG_IP_MULTICAST=y
614CONFIG_IP_ADVANCED_ROUTER=y
615CONFIG_ASK_IP_FIB_HASH=y
616# CONFIG_IP_FIB_TRIE is not set
617CONFIG_IP_FIB_HASH=y
618CONFIG_IP_MULTIPLE_TABLES=y
619CONFIG_IP_ROUTE_MULTIPATH=y
620CONFIG_IP_ROUTE_VERBOSE=y
621CONFIG_IP_PNP=y
622CONFIG_IP_PNP_DHCP=y
623CONFIG_IP_PNP_BOOTP=y
624CONFIG_IP_PNP_RARP=y
625CONFIG_NET_IPIP=m
626CONFIG_NET_IPGRE_DEMUX=y
627CONFIG_NET_IPGRE=m
628CONFIG_NET_IPGRE_BROADCAST=y
629CONFIG_IP_MROUTE=y
630CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
631# CONFIG_IP_PIMSM_V1 is not set
632CONFIG_IP_PIMSM_V2=y
633CONFIG_ARPD=y
634CONFIG_SYN_COOKIES=y
635CONFIG_INET_AH=m
636CONFIG_INET_ESP=m
637CONFIG_INET_IPCOMP=m
638CONFIG_INET_XFRM_TUNNEL=m
639CONFIG_INET_TUNNEL=m
640CONFIG_INET_XFRM_MODE_TRANSPORT=m
641CONFIG_INET_XFRM_MODE_TUNNEL=m
642CONFIG_INET_XFRM_MODE_BEET=m
643CONFIG_INET_LRO=y
644CONFIG_INET_DIAG=m
645CONFIG_INET_TCP_DIAG=m
646CONFIG_TCP_CONG_ADVANCED=y
647CONFIG_TCP_CONG_BIC=m
648CONFIG_TCP_CONG_CUBIC=y
649CONFIG_TCP_CONG_WESTWOOD=m
650CONFIG_TCP_CONG_HTCP=m
651CONFIG_TCP_CONG_HSTCP=m
652CONFIG_TCP_CONG_HYBLA=m
653CONFIG_TCP_CONG_VEGAS=m
654CONFIG_TCP_CONG_SCALABLE=m
655CONFIG_TCP_CONG_LP=m
656CONFIG_TCP_CONG_VENO=m
657CONFIG_TCP_CONG_YEAH=m
658CONFIG_TCP_CONG_ILLINOIS=m
659CONFIG_DEFAULT_CUBIC=y
660# CONFIG_DEFAULT_RENO is not set
661CONFIG_DEFAULT_TCP_CONG="cubic"
662CONFIG_TCP_MD5SIG=y
663CONFIG_IPV6=m
664CONFIG_IPV6_PRIVACY=y
665CONFIG_IPV6_ROUTER_PREF=y
666CONFIG_IPV6_ROUTE_INFO=y
667# CONFIG_IPV6_OPTIMISTIC_DAD is not set
668CONFIG_INET6_AH=m
669CONFIG_INET6_ESP=m
670CONFIG_INET6_IPCOMP=m
671CONFIG_IPV6_MIP6=m
672CONFIG_INET6_XFRM_TUNNEL=m
673CONFIG_INET6_TUNNEL=m
674CONFIG_INET6_XFRM_MODE_TRANSPORT=m
675CONFIG_INET6_XFRM_MODE_TUNNEL=m
676CONFIG_INET6_XFRM_MODE_BEET=m
677CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
678CONFIG_IPV6_SIT=m
679CONFIG_IPV6_SIT_6RD=y
680CONFIG_IPV6_NDISC_NODETYPE=y
681CONFIG_IPV6_TUNNEL=m
682CONFIG_IPV6_MULTIPLE_TABLES=y
683CONFIG_IPV6_SUBTREES=y
684CONFIG_IPV6_MROUTE=y
685CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
686CONFIG_IPV6_PIMSM_V2=y
687CONFIG_NETLABEL=y
688CONFIG_NETWORK_SECMARK=y
689CONFIG_NETWORK_PHY_TIMESTAMPING=y
690CONFIG_NETFILTER=y
691# CONFIG_NETFILTER_DEBUG is not set
692CONFIG_NETFILTER_ADVANCED=y
693CONFIG_BRIDGE_NETFILTER=y
694
695#
696# Core Netfilter Configuration
697#
698CONFIG_NETFILTER_NETLINK=m
699CONFIG_NETFILTER_NETLINK_QUEUE=m
700CONFIG_NETFILTER_NETLINK_LOG=m
701CONFIG_NF_CONNTRACK=m
702CONFIG_NF_CONNTRACK_MARK=y
703CONFIG_NF_CONNTRACK_SECMARK=y
704CONFIG_NF_CONNTRACK_ZONES=y
705CONFIG_NF_CONNTRACK_EVENTS=y
706CONFIG_NF_CT_PROTO_DCCP=m
707CONFIG_NF_CT_PROTO_GRE=m
708CONFIG_NF_CT_PROTO_SCTP=m
709CONFIG_NF_CT_PROTO_UDPLITE=m
710CONFIG_NF_CONNTRACK_AMANDA=m
711CONFIG_NF_CONNTRACK_FTP=m
712CONFIG_NF_CONNTRACK_H323=m
713CONFIG_NF_CONNTRACK_IRC=m
714CONFIG_NF_CONNTRACK_NETBIOS_NS=m
715CONFIG_NF_CONNTRACK_PPTP=m
716CONFIG_NF_CONNTRACK_SANE=m
717CONFIG_NF_CONNTRACK_SIP=m
718CONFIG_NF_CONNTRACK_TFTP=m
719CONFIG_NF_CT_NETLINK=m
720CONFIG_NETFILTER_TPROXY=m
721CONFIG_NETFILTER_XTABLES=m
722
723#
724# Xtables combined modules
725#
726CONFIG_NETFILTER_XT_MARK=m
727CONFIG_NETFILTER_XT_CONNMARK=m
728
729#
730# Xtables targets
731#
732CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
733CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
734CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
735CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
736CONFIG_NETFILTER_XT_TARGET_CT=m
737CONFIG_NETFILTER_XT_TARGET_DSCP=m
738CONFIG_NETFILTER_XT_TARGET_HL=m
739CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
740CONFIG_NETFILTER_XT_TARGET_LED=m
741CONFIG_NETFILTER_XT_TARGET_MARK=m
742CONFIG_NETFILTER_XT_TARGET_NFLOG=m
743CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
744CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
745CONFIG_NETFILTER_XT_TARGET_RATEEST=m
746CONFIG_NETFILTER_XT_TARGET_TEE=m
747CONFIG_NETFILTER_XT_TARGET_TPROXY=m
748CONFIG_NETFILTER_XT_TARGET_TRACE=m
749CONFIG_NETFILTER_XT_TARGET_SECMARK=m
750CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
751CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
752
753#
754# Xtables matches
755#
756CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
757CONFIG_NETFILTER_XT_MATCH_COMMENT=m
758CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
759CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
760CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
761CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
762CONFIG_NETFILTER_XT_MATCH_CPU=m
763CONFIG_NETFILTER_XT_MATCH_DCCP=m
764CONFIG_NETFILTER_XT_MATCH_DSCP=m
765CONFIG_NETFILTER_XT_MATCH_ESP=m
766CONFIG_NETFILTER_XT_MATCH_GRADM=m
767CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
768CONFIG_NETFILTER_XT_MATCH_HELPER=m
769CONFIG_NETFILTER_XT_MATCH_HL=m
770CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
771CONFIG_NETFILTER_XT_MATCH_IPVS=m
772CONFIG_NETFILTER_XT_MATCH_LENGTH=m
773CONFIG_NETFILTER_XT_MATCH_LIMIT=m
774CONFIG_NETFILTER_XT_MATCH_MAC=m
775CONFIG_NETFILTER_XT_MATCH_MARK=m
776CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
777CONFIG_NETFILTER_XT_MATCH_OSF=m
778CONFIG_NETFILTER_XT_MATCH_OWNER=m
779CONFIG_NETFILTER_XT_MATCH_POLICY=m
780CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
781CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
782CONFIG_NETFILTER_XT_MATCH_QUOTA=m
783CONFIG_NETFILTER_XT_MATCH_RATEEST=m
784CONFIG_NETFILTER_XT_MATCH_REALM=m
785CONFIG_NETFILTER_XT_MATCH_RECENT=m
786CONFIG_NETFILTER_XT_MATCH_SCTP=m
787CONFIG_NETFILTER_XT_MATCH_SOCKET=m
788CONFIG_NETFILTER_XT_MATCH_STATE=m
789CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
790CONFIG_NETFILTER_XT_MATCH_STRING=m
791CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
792CONFIG_NETFILTER_XT_MATCH_TIME=m
793CONFIG_NETFILTER_XT_MATCH_U32=m
794CONFIG_IP_VS=m
795CONFIG_IP_VS_IPV6=y
796# CONFIG_IP_VS_DEBUG is not set
797CONFIG_IP_VS_TAB_BITS=12
798
799#
800# IPVS transport protocol load balancing support
801#
802CONFIG_IP_VS_PROTO_TCP=y
803CONFIG_IP_VS_PROTO_UDP=y
804CONFIG_IP_VS_PROTO_AH_ESP=y
805CONFIG_IP_VS_PROTO_ESP=y
806CONFIG_IP_VS_PROTO_AH=y
807CONFIG_IP_VS_PROTO_SCTP=y
808
809#
810# IPVS scheduler
811#
812CONFIG_IP_VS_RR=m
813CONFIG_IP_VS_WRR=m
814CONFIG_IP_VS_LC=m
815CONFIG_IP_VS_WLC=m
816CONFIG_IP_VS_LBLC=m
817CONFIG_IP_VS_LBLCR=m
818CONFIG_IP_VS_DH=m
819CONFIG_IP_VS_SH=m
820CONFIG_IP_VS_SED=m
821CONFIG_IP_VS_NQ=m
822
823#
824# IPVS application helper
825#
826CONFIG_IP_VS_FTP=m
827CONFIG_IP_VS_NFCT=y
828CONFIG_IP_VS_PE_SIP=m
829
830#
831# IP: Netfilter Configuration
832#
833CONFIG_NF_DEFRAG_IPV4=m
834CONFIG_NF_CONNTRACK_IPV4=m
835CONFIG_NF_CONNTRACK_PROC_COMPAT=y
836CONFIG_IP_NF_QUEUE=m
837CONFIG_IP_NF_IPTABLES=m
838CONFIG_IP_NF_MATCH_ADDRTYPE=m
839CONFIG_IP_NF_MATCH_AH=m
840CONFIG_IP_NF_MATCH_ECN=m
841CONFIG_IP_NF_MATCH_TTL=m
842CONFIG_IP_NF_FILTER=m
843CONFIG_IP_NF_TARGET_REJECT=m
844CONFIG_IP_NF_TARGET_LOG=m
845CONFIG_IP_NF_TARGET_ULOG=m
846CONFIG_NF_NAT=m
847CONFIG_NF_NAT_NEEDED=y
848CONFIG_IP_NF_TARGET_MASQUERADE=m
849CONFIG_IP_NF_TARGET_NETMAP=m
850CONFIG_IP_NF_TARGET_REDIRECT=m
851CONFIG_NF_NAT_SNMP_BASIC=m
852CONFIG_NF_NAT_PROTO_DCCP=m
853CONFIG_NF_NAT_PROTO_GRE=m
854CONFIG_NF_NAT_PROTO_UDPLITE=m
855CONFIG_NF_NAT_PROTO_SCTP=m
856CONFIG_NF_NAT_FTP=m
857CONFIG_NF_NAT_IRC=m
858CONFIG_NF_NAT_TFTP=m
859CONFIG_NF_NAT_AMANDA=m
860CONFIG_NF_NAT_PPTP=m
861CONFIG_NF_NAT_H323=m
862CONFIG_NF_NAT_SIP=m
863CONFIG_IP_NF_MANGLE=m
864CONFIG_IP_NF_TARGET_CLUSTERIP=m
865CONFIG_IP_NF_TARGET_ECN=m
866CONFIG_IP_NF_TARGET_TTL=m
867CONFIG_IP_NF_RAW=m
868CONFIG_IP_NF_SECURITY=m
869CONFIG_IP_NF_ARPTABLES=m
870CONFIG_IP_NF_ARPFILTER=m
871CONFIG_IP_NF_ARP_MANGLE=m
872
873#
874# IPv6: Netfilter Configuration
875#
876CONFIG_NF_DEFRAG_IPV6=m
877CONFIG_NF_CONNTRACK_IPV6=m
878CONFIG_IP6_NF_QUEUE=m
879CONFIG_IP6_NF_IPTABLES=m
880CONFIG_IP6_NF_MATCH_AH=m
881CONFIG_IP6_NF_MATCH_EUI64=m
882CONFIG_IP6_NF_MATCH_FRAG=m
883CONFIG_IP6_NF_MATCH_OPTS=m
884CONFIG_IP6_NF_MATCH_HL=m
885CONFIG_IP6_NF_MATCH_IPV6HEADER=m
886CONFIG_IP6_NF_MATCH_MH=m
887CONFIG_IP6_NF_MATCH_RT=m
888CONFIG_IP6_NF_TARGET_HL=m
889CONFIG_IP6_NF_TARGET_LOG=m
890CONFIG_IP6_NF_FILTER=m
891CONFIG_IP6_NF_TARGET_REJECT=m
892CONFIG_IP6_NF_MANGLE=m
893CONFIG_IP6_NF_RAW=m
894CONFIG_IP6_NF_SECURITY=m
895
896#
897# DECnet: Netfilter Configuration
898#
899CONFIG_DECNET_NF_GRABULATOR=m
900CONFIG_BRIDGE_NF_EBTABLES=m
901CONFIG_BRIDGE_EBT_BROUTE=m
902CONFIG_BRIDGE_EBT_T_FILTER=m
903CONFIG_BRIDGE_EBT_T_NAT=m
904CONFIG_BRIDGE_EBT_802_3=m
905CONFIG_BRIDGE_EBT_AMONG=m
906CONFIG_BRIDGE_EBT_ARP=m
907CONFIG_BRIDGE_EBT_IP=m
908CONFIG_BRIDGE_EBT_IP6=m
909CONFIG_BRIDGE_EBT_LIMIT=m
910CONFIG_BRIDGE_EBT_MARK=m
911CONFIG_BRIDGE_EBT_PKTTYPE=m
912CONFIG_BRIDGE_EBT_STP=m
913CONFIG_BRIDGE_EBT_VLAN=m
914CONFIG_BRIDGE_EBT_ARPREPLY=m
915CONFIG_BRIDGE_EBT_DNAT=m
916CONFIG_BRIDGE_EBT_MARK_T=m
917CONFIG_BRIDGE_EBT_REDIRECT=m
918CONFIG_BRIDGE_EBT_SNAT=m
919CONFIG_BRIDGE_EBT_LOG=m
920CONFIG_BRIDGE_EBT_ULOG=m
921CONFIG_BRIDGE_EBT_NFLOG=m
922CONFIG_IP_DCCP=m
923CONFIG_INET_DCCP_DIAG=m
924
925#
926# DCCP CCIDs Configuration (EXPERIMENTAL)
927#
928# CONFIG_IP_DCCP_CCID2_DEBUG is not set
929CONFIG_IP_DCCP_CCID3=y
930# CONFIG_IP_DCCP_CCID3_DEBUG is not set
931CONFIG_IP_DCCP_TFRC_LIB=y
932CONFIG_IP_SCTP=m
933CONFIG_NET_SCTPPROBE=m
934# CONFIG_SCTP_DBG_MSG is not set
935# CONFIG_SCTP_DBG_OBJCNT is not set
936# CONFIG_SCTP_HMAC_NONE is not set
937CONFIG_SCTP_HMAC_SHA1=y
938# CONFIG_SCTP_HMAC_MD5 is not set
939CONFIG_RDS=m
940# CONFIG_RDS_RDMA is not set
941# CONFIG_RDS_TCP is not set
942# CONFIG_RDS_DEBUG is not set
943CONFIG_TIPC=m
944# CONFIG_TIPC_ADVANCED is not set
945# CONFIG_TIPC_DEBUG is not set
946CONFIG_ATM=m
947CONFIG_ATM_CLIP=m
948# CONFIG_ATM_CLIP_NO_ICMP is not set
949CONFIG_ATM_LANE=m
950CONFIG_ATM_MPOA=m
951CONFIG_ATM_BR2684=m
952# CONFIG_ATM_BR2684_IPFILTER is not set
953CONFIG_L2TP=m
954CONFIG_L2TP_DEBUGFS=m
955CONFIG_L2TP_V3=y
956CONFIG_L2TP_IP=m
957CONFIG_L2TP_ETH=m
958CONFIG_STP=m
959CONFIG_BRIDGE=m
960CONFIG_BRIDGE_IGMP_SNOOPING=y
961# CONFIG_NET_DSA is not set
962CONFIG_VLAN_8021Q=m
963# CONFIG_VLAN_8021Q_GVRP is not set
964CONFIG_DECNET=m
965CONFIG_DECNET_ROUTER=y
966CONFIG_LLC=m
967CONFIG_LLC2=m
968CONFIG_IPX=m
969# CONFIG_IPX_INTERN is not set
970CONFIG_ATALK=m
971CONFIG_DEV_APPLETALK=m
972CONFIG_IPDDP=m
973CONFIG_IPDDP_ENCAP=y
974CONFIG_IPDDP_DECAP=y
975CONFIG_X25=m
976CONFIG_LAPB=m
977CONFIG_WAN_ROUTER=m
978CONFIG_PHONET=m
979# CONFIG_PHONET_PIPECTRLR is not set
980CONFIG_IEEE802154=m
981CONFIG_NET_SCHED=y
982
983#
984# Queueing/Scheduling
985#
986CONFIG_NET_SCH_CBQ=m
987CONFIG_NET_SCH_HTB=m
988CONFIG_NET_SCH_HFSC=m
989CONFIG_NET_SCH_ATM=m
990CONFIG_NET_SCH_PRIO=m
991CONFIG_NET_SCH_MULTIQ=m
992CONFIG_NET_SCH_RED=m
993CONFIG_NET_SCH_SFQ=m
994CONFIG_NET_SCH_TEQL=m
995CONFIG_NET_SCH_TBF=m
996CONFIG_NET_SCH_GRED=m
997CONFIG_NET_SCH_DSMARK=m
998CONFIG_NET_SCH_NETEM=m
999CONFIG_NET_SCH_DRR=m
1000CONFIG_NET_SCH_INGRESS=m
1001
1002#
1003# Classification
1004#
1005CONFIG_NET_CLS=y
1006CONFIG_NET_CLS_BASIC=m
1007CONFIG_NET_CLS_TCINDEX=m
1008CONFIG_NET_CLS_ROUTE4=m
1009CONFIG_NET_CLS_ROUTE=y
1010CONFIG_NET_CLS_FW=m
1011CONFIG_NET_CLS_U32=m
1012CONFIG_CLS_U32_PERF=y
1013CONFIG_CLS_U32_MARK=y
1014CONFIG_NET_CLS_RSVP=m
1015CONFIG_NET_CLS_RSVP6=m
1016CONFIG_NET_CLS_FLOW=m
1017# CONFIG_NET_CLS_CGROUP is not set
1018CONFIG_NET_EMATCH=y
1019CONFIG_NET_EMATCH_STACK=32
1020CONFIG_NET_EMATCH_CMP=m
1021CONFIG_NET_EMATCH_NBYTE=m
1022CONFIG_NET_EMATCH_U32=m
1023CONFIG_NET_EMATCH_META=m
1024CONFIG_NET_EMATCH_TEXT=m
1025CONFIG_NET_CLS_ACT=y
1026CONFIG_NET_ACT_POLICE=m
1027CONFIG_NET_ACT_GACT=m
1028CONFIG_GACT_PROB=y
1029CONFIG_NET_ACT_MIRRED=m
1030CONFIG_NET_ACT_IPT=m
1031CONFIG_NET_ACT_NAT=m
1032CONFIG_NET_ACT_PEDIT=m
1033CONFIG_NET_ACT_SIMP=m
1034CONFIG_NET_ACT_SKBEDIT=m
1035CONFIG_NET_ACT_CSUM=m
1036# CONFIG_NET_CLS_IND is not set
1037CONFIG_NET_SCH_FIFO=y
1038# CONFIG_DCB is not set
1039CONFIG_DNS_RESOLVER=y
1040# CONFIG_BATMAN_ADV is not set
1041CONFIG_RPS=y
1042CONFIG_XPS=y
1043
1044#
1045# Network testing
1046#
1047CONFIG_NET_PKTGEN=m
1048CONFIG_NET_TCPPROBE=m
1049# CONFIG_HAMRADIO is not set
1050CONFIG_CAN=m
1051CONFIG_CAN_RAW=m
1052CONFIG_CAN_BCM=m
1053
1054#
1055# CAN Device Drivers
1056#
1057CONFIG_CAN_VCAN=m
1058CONFIG_CAN_SLCAN=m
1059CONFIG_CAN_DEV=m
1060# CONFIG_CAN_CALC_BITTIMING is not set
1061CONFIG_CAN_MCP251X=m
1062CONFIG_CAN_JANZ_ICAN3=m
1063# CONFIG_PCH_CAN is not set
1064CONFIG_CAN_SJA1000=m
1065CONFIG_CAN_SJA1000_PLATFORM=m
1066CONFIG_CAN_EMS_PCI=m
1067CONFIG_CAN_KVASER_PCI=m
1068CONFIG_CAN_PLX_PCI=m
1069
1070#
1071# CAN USB interfaces
1072#
1073# CONFIG_CAN_EMS_USB is not set
1074# CONFIG_CAN_ESD_USB2 is not set
1075CONFIG_CAN_SOFTING=m
1076CONFIG_CAN_SOFTING_CS=m
1077# CONFIG_CAN_DEBUG_DEVICES is not set
1078CONFIG_IRDA=m
1079
1080#
1081# IrDA protocols
1082#
1083CONFIG_IRLAN=m
1084CONFIG_IRNET=m
1085CONFIG_IRCOMM=m
1086CONFIG_IRDA_ULTRA=y
1087
1088#
1089# IrDA options
1090#
1091CONFIG_IRDA_CACHE_LAST_LSAP=y
1092CONFIG_IRDA_FAST_RR=y
1093# CONFIG_IRDA_DEBUG is not set
1094
1095#
1096# Infrared-port device drivers
1097#
1098
1099#
1100# SIR device drivers
1101#
1102CONFIG_IRTTY_SIR=m
1103
1104#
1105# Dongle support
1106#
1107CONFIG_DONGLE=y
1108CONFIG_ESI_DONGLE=m
1109CONFIG_ACTISYS_DONGLE=m
1110CONFIG_TEKRAM_DONGLE=m
1111CONFIG_TOIM3232_DONGLE=m
1112CONFIG_LITELINK_DONGLE=m
1113CONFIG_MA600_DONGLE=m
1114CONFIG_GIRBIL_DONGLE=m
1115CONFIG_MCP2120_DONGLE=m
1116CONFIG_OLD_BELKIN_DONGLE=m
1117CONFIG_ACT200L_DONGLE=m
1118CONFIG_KINGSUN_DONGLE=m
1119CONFIG_KSDAZZLE_DONGLE=m
1120CONFIG_KS959_DONGLE=m
1121
1122#
1123# FIR device drivers
1124#
1125CONFIG_USB_IRDA=m
1126CONFIG_SIGMATEL_FIR=m
1127CONFIG_NSC_FIR=m
1128CONFIG_WINBOND_FIR=m
1129# CONFIG_TOSHIBA_FIR is not set
1130CONFIG_SMC_IRCC_FIR=m
1131CONFIG_ALI_FIR=m
1132CONFIG_VLSI_FIR=m
1133CONFIG_VIA_FIR=m
1134CONFIG_MCS_FIR=m
1135CONFIG_BT=m
1136CONFIG_BT_L2CAP=m
1137CONFIG_BT_SCO=m
1138CONFIG_BT_RFCOMM=m
1139CONFIG_BT_RFCOMM_TTY=y
1140CONFIG_BT_BNEP=m
1141CONFIG_BT_BNEP_MC_FILTER=y
1142CONFIG_BT_BNEP_PROTO_FILTER=y
1143CONFIG_BT_CMTP=m
1144CONFIG_BT_HIDP=m
1145
1146#
1147# Bluetooth device drivers
1148#
1149CONFIG_BT_HCIBTUSB=m
1150CONFIG_BT_HCIBTSDIO=m
1151CONFIG_BT_HCIUART=m
1152CONFIG_BT_HCIUART_H4=y
1153CONFIG_BT_HCIUART_BCSP=y
1154CONFIG_BT_HCIUART_ATH3K=y
1155CONFIG_BT_HCIUART_LL=y
1156CONFIG_BT_HCIBCM203X=m
1157CONFIG_BT_HCIBPA10X=m
1158CONFIG_BT_HCIBFUSB=m
1159CONFIG_BT_HCIDTL1=m
1160CONFIG_BT_HCIBT3C=m
1161CONFIG_BT_HCIBLUECARD=m
1162CONFIG_BT_HCIBTUART=m
1163CONFIG_BT_HCIVHCI=m
1164# CONFIG_BT_MRVL is not set
1165CONFIG_BT_ATH3K=m
1166CONFIG_AF_RXRPC=m
1167# CONFIG_AF_RXRPC_DEBUG is not set
1168CONFIG_RXKAD=m
1169CONFIG_FIB_RULES=y
1170CONFIG_WIRELESS=y
1171CONFIG_WIRELESS_EXT=y
1172CONFIG_WEXT_CORE=y
1173CONFIG_WEXT_PROC=y
1174CONFIG_WEXT_SPY=y
1175CONFIG_WEXT_PRIV=y
1176CONFIG_CFG80211=m
1177# CONFIG_NL80211_TESTMODE is not set
1178# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
1179# CONFIG_CFG80211_REG_DEBUG is not set
1180CONFIG_CFG80211_DEFAULT_PS=y
1181# CONFIG_CFG80211_DEBUGFS is not set
1182# CONFIG_CFG80211_INTERNAL_REGDB is not set
1183CONFIG_CFG80211_WEXT=y
1184CONFIG_WIRELESS_EXT_SYSFS=y
1185CONFIG_LIB80211=m
1186CONFIG_LIB80211_CRYPT_WEP=m
1187CONFIG_LIB80211_CRYPT_CCMP=m
1188CONFIG_LIB80211_CRYPT_TKIP=m
1189# CONFIG_LIB80211_DEBUG is not set
1190CONFIG_MAC80211=m
1191CONFIG_MAC80211_HAS_RC=y
1192CONFIG_MAC80211_RC_PID=y
1193CONFIG_MAC80211_RC_MINSTREL=y
1194CONFIG_MAC80211_RC_MINSTREL_HT=y
1195CONFIG_MAC80211_RC_DEFAULT_PID=y
1196# CONFIG_MAC80211_RC_DEFAULT_MINSTREL is not set
1197CONFIG_MAC80211_RC_DEFAULT="pid"
1198# CONFIG_MAC80211_MESH is not set
1199CONFIG_MAC80211_LEDS=y
1200# CONFIG_MAC80211_DEBUGFS is not set
1201# CONFIG_MAC80211_DEBUG_MENU is not set
1202CONFIG_WIMAX=m
1203CONFIG_WIMAX_DEBUG_LEVEL=8
1204CONFIG_RFKILL=m
1205CONFIG_RFKILL_LEDS=y
1206# CONFIG_RFKILL_INPUT is not set
1207CONFIG_NET_9P=m
1208CONFIG_NET_9P_VIRTIO=m
1209CONFIG_NET_9P_RDMA=m
1210# CONFIG_NET_9P_DEBUG is not set
1211CONFIG_CAIF=m
1212# CONFIG_CAIF_DEBUG is not set
1213CONFIG_CAIF_NETDEV=m
1214CONFIG_CEPH_LIB=m
1215# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
1216
1217#
1218# Device Drivers
1219#
1220
1221#
1222# Generic Driver Options
1223#
1224CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
1225# CONFIG_DEVTMPFS is not set
1226CONFIG_STANDALONE=y
1227# CONFIG_PREVENT_FIRMWARE_BUILD is not set
1228CONFIG_FW_LOADER=m
1229# CONFIG_FIRMWARE_IN_KERNEL is not set
1230CONFIG_EXTRA_FIRMWARE=""
1231# CONFIG_SYS_HYPERVISOR is not set
1232CONFIG_CONNECTOR=m
1233CONFIG_MTD=m
1234# CONFIG_MTD_DEBUG is not set
1235CONFIG_MTD_TESTS=m
1236CONFIG_MTD_CONCAT=m
1237CONFIG_MTD_PARTITIONS=y
1238CONFIG_MTD_REDBOOT_PARTS=m
1239CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
1240# CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set
1241# CONFIG_MTD_REDBOOT_PARTS_READONLY is not set
1242CONFIG_MTD_AR7_PARTS=m
1243
1244#
1245# User Modules And Translation Layers
1246#
1247CONFIG_MTD_CHAR=m
1248CONFIG_HAVE_MTD_OTP=y
1249CONFIG_MTD_BLKDEVS=m
1250CONFIG_MTD_BLOCK=m
1251CONFIG_MTD_BLOCK_RO=m
1252CONFIG_FTL=m
1253CONFIG_NFTL=m
1254CONFIG_NFTL_RW=y
1255CONFIG_INFTL=m
1256CONFIG_RFD_FTL=m
1257CONFIG_SSFDC=m
1258CONFIG_SM_FTL=m
1259CONFIG_MTD_OOPS=m
1260
1261#
1262# RAM/ROM/Flash chip drivers
1263#
1264CONFIG_MTD_CFI=m
1265CONFIG_MTD_JEDECPROBE=m
1266CONFIG_MTD_GEN_PROBE=m
1267# CONFIG_MTD_CFI_ADV_OPTIONS is not set
1268CONFIG_MTD_MAP_BANK_WIDTH_1=y
1269CONFIG_MTD_MAP_BANK_WIDTH_2=y
1270CONFIG_MTD_MAP_BANK_WIDTH_4=y
1271# CONFIG_MTD_MAP_BANK_WIDTH_8 is not set
1272# CONFIG_MTD_MAP_BANK_WIDTH_16 is not set
1273# CONFIG_MTD_MAP_BANK_WIDTH_32 is not set
1274CONFIG_MTD_CFI_I1=y
1275CONFIG_MTD_CFI_I2=y
1276# CONFIG_MTD_CFI_I4 is not set
1277# CONFIG_MTD_CFI_I8 is not set
1278CONFIG_MTD_CFI_INTELEXT=m
1279CONFIG_MTD_CFI_AMDSTD=m
1280CONFIG_MTD_CFI_STAA=m
1281CONFIG_MTD_CFI_UTIL=m
1282CONFIG_MTD_RAM=m
1283CONFIG_MTD_ROM=m
1284CONFIG_MTD_ABSENT=m
1285
1286#
1287# Mapping drivers for chip access
1288#
1289CONFIG_MTD_COMPLEX_MAPPINGS=y
1290CONFIG_MTD_PHYSMAP=m
1291# CONFIG_MTD_PHYSMAP_COMPAT is not set
1292CONFIG_MTD_SC520CDP=m
1293CONFIG_MTD_NETSC520=m
1294CONFIG_MTD_TS5500=m
1295CONFIG_MTD_SBC_GXX=m
1296# CONFIG_MTD_SCx200_DOCFLASH is not set
1297CONFIG_MTD_AMD76XROM=m
1298CONFIG_MTD_ICHXROM=m
1299CONFIG_MTD_ESB2ROM=m
1300CONFIG_MTD_CK804XROM=m
1301CONFIG_MTD_SCB2_FLASH=m
1302CONFIG_MTD_NETtel=m
1303CONFIG_MTD_L440GX=m
1304CONFIG_MTD_PCI=m
1305CONFIG_MTD_PCMCIA=m
1306# CONFIG_MTD_PCMCIA_ANONYMOUS is not set
1307# CONFIG_MTD_GPIO_ADDR is not set
1308CONFIG_MTD_INTEL_VR_NOR=m
1309CONFIG_MTD_PLATRAM=m
1310
1311#
1312# Self-contained MTD device drivers
1313#
1314CONFIG_MTD_PMC551=m
1315CONFIG_MTD_PMC551_BUGFIX=y
1316# CONFIG_MTD_PMC551_DEBUG is not set
1317CONFIG_MTD_DATAFLASH=m
1318# CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set
1319# CONFIG_MTD_DATAFLASH_OTP is not set
1320CONFIG_MTD_M25P80=m
1321CONFIG_M25PXX_USE_FAST_READ=y
1322# CONFIG_MTD_SST25L is not set
1323CONFIG_MTD_SLRAM=m
1324CONFIG_MTD_PHRAM=m
1325CONFIG_MTD_MTDRAM=m
1326CONFIG_MTDRAM_TOTAL_SIZE=4096
1327CONFIG_MTDRAM_ERASE_SIZE=128
1328CONFIG_MTD_BLOCK2MTD=m
1329
1330#
1331# Disk-On-Chip Device Drivers
1332#
1333CONFIG_MTD_DOC2000=m
1334CONFIG_MTD_DOC2001=m
1335CONFIG_MTD_DOC2001PLUS=m
1336CONFIG_MTD_DOCPROBE=m
1337CONFIG_MTD_DOCECC=m
1338CONFIG_MTD_DOCPROBE_ADVANCED=y
1339CONFIG_MTD_DOCPROBE_ADDRESS=0x0000
1340# CONFIG_MTD_DOCPROBE_HIGH is not set
1341# CONFIG_MTD_DOCPROBE_55AA is not set
1342CONFIG_MTD_NAND_ECC=m
1343CONFIG_MTD_NAND_ECC_SMC=y
1344CONFIG_MTD_NAND=m
1345# CONFIG_MTD_NAND_VERIFY_WRITE is not set
1346CONFIG_MTD_SM_COMMON=m
1347# CONFIG_MTD_NAND_MUSEUM_IDS is not set
1348CONFIG_MTD_NAND_DENALI=m
1349CONFIG_MTD_NAND_DENALI_SCRATCH_REG_ADDR=0xFF108018
1350CONFIG_MTD_NAND_IDS=m
1351CONFIG_MTD_NAND_RICOH=m
1352CONFIG_MTD_NAND_DISKONCHIP=m
1353# CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set
1354CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0
1355# CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE is not set
1356CONFIG_MTD_NAND_CAFE=m
1357# CONFIG_MTD_NAND_CS553X is not set
1358CONFIG_MTD_NAND_NANDSIM=m
1359CONFIG_MTD_NAND_PLATFORM=m
1360CONFIG_MTD_ALAUDA=m
1361CONFIG_MTD_ONENAND=m
1362# CONFIG_MTD_ONENAND_VERIFY_WRITE is not set
1363# CONFIG_MTD_ONENAND_GENERIC is not set
1364CONFIG_MTD_ONENAND_OTP=y
1365CONFIG_MTD_ONENAND_2X_PROGRAM=y
1366CONFIG_MTD_ONENAND_SIM=m
1367
1368#
1369# LPDDR flash memory drivers
1370#
1371CONFIG_MTD_LPDDR=m
1372CONFIG_MTD_QINFO_PROBE=m
1373CONFIG_MTD_UBI=m
1374CONFIG_MTD_UBI_WL_THRESHOLD=4096
1375CONFIG_MTD_UBI_BEB_RESERVE=1
1376# CONFIG_MTD_UBI_GLUEBI is not set
1377
1378#
1379# UBI debugging options
1380#
1381# CONFIG_MTD_UBI_DEBUG is not set
1382CONFIG_PARPORT=m
1383CONFIG_PARPORT_PC=m
1384CONFIG_PARPORT_SERIAL=m
1385# CONFIG_PARPORT_PC_FIFO is not set
1386# CONFIG_PARPORT_PC_SUPERIO is not set
1387CONFIG_PARPORT_PC_PCMCIA=m
1388# CONFIG_PARPORT_GSC is not set
1389CONFIG_PARPORT_AX88796=m
1390# CONFIG_PARPORT_1284 is not set
1391CONFIG_PARPORT_NOT_PC=y
1392CONFIG_PNP=y
1393# CONFIG_PNP_DEBUG_MESSAGES is not set
1394
1395#
1396# Protocols
1397#
1398CONFIG_PNPACPI=y
1399CONFIG_BLK_DEV=y
1400CONFIG_BLK_DEV_FD=m
1401# CONFIG_PARIDE is not set
1402CONFIG_BLK_CPQ_DA=m
1403CONFIG_BLK_CPQ_CISS_DA=m
1404CONFIG_CISS_SCSI_TAPE=y
1405CONFIG_BLK_DEV_DAC960=m
1406CONFIG_BLK_DEV_UMEM=m
1407# CONFIG_BLK_DEV_COW_COMMON is not set
1408CONFIG_BLK_DEV_LOOP=m
1409CONFIG_BLK_DEV_CRYPTOLOOP=m
1410# CONFIG_BLK_DEV_DRBD is not set
1411CONFIG_BLK_DEV_NBD=m
1412CONFIG_BLK_DEV_OSD=m
1413CONFIG_BLK_DEV_SX8=m
1414CONFIG_BLK_DEV_UB=m
1415CONFIG_BLK_DEV_RAM=y
1416CONFIG_BLK_DEV_RAM_COUNT=16
1417CONFIG_BLK_DEV_RAM_SIZE=4096
1418# CONFIG_BLK_DEV_XIP is not set
1419CONFIG_CDROM_PKTCDVD=m
1420CONFIG_CDROM_PKTCDVD_BUFFERS=8
1421# CONFIG_CDROM_PKTCDVD_WCACHE is not set
1422CONFIG_ATA_OVER_ETH=m
1423CONFIG_VIRTIO_BLK=m
1424# CONFIG_BLK_DEV_HD is not set
1425# CONFIG_BLK_DEV_RBD is not set
1426CONFIG_MISC_DEVICES=y
1427CONFIG_AD525X_DPOT=m
1428CONFIG_AD525X_DPOT_I2C=m
1429CONFIG_AD525X_DPOT_SPI=m
1430CONFIG_IBM_ASM=m
1431CONFIG_PHANTOM=m
1432CONFIG_SGI_IOC4=m
1433CONFIG_TIFM_CORE=m
1434CONFIG_TIFM_7XX1=m
1435CONFIG_ICS932S401=m
1436CONFIG_ENCLOSURE_SERVICES=m
1437CONFIG_CS5535_MFGPT=m
1438CONFIG_CS5535_MFGPT_DEFAULT_IRQ=7
1439CONFIG_CS5535_CLOCK_EVENT_SRC=m
1440CONFIG_HP_ILO=m
1441CONFIG_APDS9802ALS=m
1442CONFIG_ISL29003=m
1443CONFIG_ISL29020=m
1444CONFIG_SENSORS_TSL2550=m
1445CONFIG_SENSORS_BH1780=m
1446CONFIG_SENSORS_BH1770=m
1447CONFIG_SENSORS_APDS990X=m
1448CONFIG_HMC6352=m
1449CONFIG_DS1682=m
1450CONFIG_TI_DAC7512=m
1451CONFIG_VMWARE_BALLOON=m
1452CONFIG_BMP085=m
1453CONFIG_PCH_PHUB=m
1454CONFIG_C2PORT=m
1455CONFIG_C2PORT_DURAMAR_2150=m
1456
1457#
1458# EEPROM support
1459#
1460CONFIG_EEPROM_AT24=m
1461CONFIG_EEPROM_AT25=m
1462CONFIG_EEPROM_LEGACY=m
1463CONFIG_EEPROM_MAX6875=m
1464CONFIG_EEPROM_93CX6=m
1465CONFIG_CB710_CORE=m
1466# CONFIG_CB710_DEBUG is not set
1467CONFIG_CB710_DEBUG_ASSUMPTIONS=y
1468CONFIG_IWMC3200TOP=m
1469# CONFIG_IWMC3200TOP_DEBUG is not set
1470# CONFIG_IWMC3200TOP_DEBUGFS is not set
1471
1472#
1473# Texas Instruments shared transport line discipline
1474#
1475# CONFIG_TI_ST is not set
1476CONFIG_HAVE_IDE=y
1477# CONFIG_IDE is not set
1478
1479#
1480# SCSI device support
1481#
1482CONFIG_SCSI_MOD=m
1483CONFIG_RAID_ATTRS=m
1484CONFIG_SCSI=m
1485CONFIG_SCSI_DMA=y
1486CONFIG_SCSI_TGT=m
1487CONFIG_SCSI_NETLINK=y
1488CONFIG_SCSI_PROC_FS=y
1489
1490#
1491# SCSI support type (disk, tape, CD-ROM)
1492#
1493CONFIG_BLK_DEV_SD=m
1494CONFIG_CHR_DEV_ST=m
1495CONFIG_CHR_DEV_OSST=m
1496CONFIG_BLK_DEV_SR=m
1497CONFIG_BLK_DEV_SR_VENDOR=y
1498CONFIG_CHR_DEV_SG=m
1499CONFIG_CHR_DEV_SCH=m
1500CONFIG_SCSI_ENCLOSURE=m
1501CONFIG_SCSI_MULTI_LUN=y
1502# CONFIG_SCSI_CONSTANTS is not set
1503# CONFIG_SCSI_LOGGING is not set
1504CONFIG_SCSI_SCAN_ASYNC=y
1505CONFIG_SCSI_WAIT_SCAN=m
1506
1507#
1508# SCSI Transports
1509#
1510CONFIG_SCSI_SPI_ATTRS=m
1511CONFIG_SCSI_FC_ATTRS=m
1512CONFIG_SCSI_FC_TGT_ATTRS=y
1513CONFIG_SCSI_ISCSI_ATTRS=m
1514CONFIG_SCSI_SAS_ATTRS=m
1515CONFIG_SCSI_SAS_LIBSAS=m
1516CONFIG_SCSI_SAS_ATA=y
1517CONFIG_SCSI_SAS_HOST_SMP=y
1518# CONFIG_SCSI_SAS_LIBSAS_DEBUG is not set
1519CONFIG_SCSI_SRP_ATTRS=m
1520CONFIG_SCSI_SRP_TGT_ATTRS=y
1521CONFIG_SCSI_LOWLEVEL=y
1522CONFIG_ISCSI_TCP=m
1523CONFIG_ISCSI_BOOT_SYSFS=m
1524CONFIG_SCSI_CXGB3_ISCSI=m
1525CONFIG_SCSI_CXGB4_ISCSI=m
1526CONFIG_SCSI_BNX2_ISCSI=m
1527# CONFIG_BE2ISCSI is not set
1528CONFIG_BLK_DEV_3W_XXXX_RAID=m
1529CONFIG_SCSI_HPSA=m
1530CONFIG_SCSI_3W_9XXX=m
1531CONFIG_SCSI_3W_SAS=m
1532CONFIG_SCSI_ACARD=m
1533CONFIG_SCSI_AACRAID=m
1534CONFIG_SCSI_AIC7XXX=m
1535CONFIG_AIC7XXX_CMDS_PER_DEVICE=32
1536CONFIG_AIC7XXX_RESET_DELAY_MS=15000
1537# CONFIG_AIC7XXX_BUILD_FIRMWARE is not set
1538CONFIG_AIC7XXX_DEBUG_ENABLE=y
1539CONFIG_AIC7XXX_DEBUG_MASK=0
1540CONFIG_AIC7XXX_REG_PRETTY_PRINT=y
1541CONFIG_SCSI_AIC7XXX_OLD=m
1542CONFIG_SCSI_AIC79XX=m
1543CONFIG_AIC79XX_CMDS_PER_DEVICE=32
1544CONFIG_AIC79XX_RESET_DELAY_MS=15000
1545# CONFIG_AIC79XX_BUILD_FIRMWARE is not set
1546CONFIG_AIC79XX_DEBUG_ENABLE=y
1547CONFIG_AIC79XX_DEBUG_MASK=0
1548CONFIG_AIC79XX_REG_PRETTY_PRINT=y
1549CONFIG_SCSI_AIC94XX=m
1550# CONFIG_AIC94XX_DEBUG is not set
1551CONFIG_SCSI_MVSAS=m
1552CONFIG_SCSI_MVSAS_DEBUG=y
1553CONFIG_SCSI_DPT_I2O=m
1554CONFIG_SCSI_ADVANSYS=m
1555CONFIG_SCSI_ARCMSR=m
1556CONFIG_MEGARAID_NEWGEN=y
1557CONFIG_MEGARAID_MM=m
1558CONFIG_MEGARAID_MAILBOX=m
1559CONFIG_MEGARAID_LEGACY=m
1560CONFIG_MEGARAID_SAS=m
1561CONFIG_SCSI_MPT2SAS=m
1562CONFIG_SCSI_MPT2SAS_MAX_SGE=128
1563# CONFIG_SCSI_MPT2SAS_LOGGING is not set
1564CONFIG_SCSI_HPTIOP=m
1565CONFIG_SCSI_BUSLOGIC=m
1566# CONFIG_SCSI_FLASHPOINT is not set
1567CONFIG_VMWARE_PVSCSI=m
1568CONFIG_LIBFC=m
1569CONFIG_LIBFCOE=m
1570CONFIG_FCOE=m
1571CONFIG_FCOE_FNIC=m
1572CONFIG_SCSI_DMX3191D=m
1573CONFIG_SCSI_EATA=m
1574# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set
1575# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set
1576CONFIG_SCSI_EATA_MAX_TAGS=16
1577CONFIG_SCSI_FUTURE_DOMAIN=m
1578CONFIG_SCSI_GDTH=m
1579CONFIG_SCSI_IPS=m
1580CONFIG_SCSI_INITIO=m
1581CONFIG_SCSI_INIA100=m
1582CONFIG_SCSI_PPA=m
1583CONFIG_SCSI_IMM=m
1584# CONFIG_SCSI_IZIP_EPP16 is not set
1585# CONFIG_SCSI_IZIP_SLOW_CTR is not set
1586CONFIG_SCSI_STEX=m
1587CONFIG_SCSI_SYM53C8XX_2=m
1588CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
1589CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
1590CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
1591CONFIG_SCSI_SYM53C8XX_MMIO=y
1592CONFIG_SCSI_IPR=m
1593CONFIG_SCSI_IPR_TRACE=y
1594# CONFIG_SCSI_IPR_DUMP is not set
1595CONFIG_SCSI_QLOGIC_1280=m
1596CONFIG_SCSI_QLA_FC=m
1597CONFIG_SCSI_QLA_ISCSI=m
1598CONFIG_SCSI_LPFC=m
1599# CONFIG_SCSI_LPFC_DEBUG_FS is not set
1600CONFIG_SCSI_DC395x=m
1601CONFIG_SCSI_DC390T=m
1602# CONFIG_SCSI_NSP32 is not set
1603CONFIG_SCSI_DEBUG=m
1604# CONFIG_SCSI_PMCRAID is not set
1605CONFIG_SCSI_PM8001=m
1606CONFIG_SCSI_SRP=m
1607# CONFIG_SCSI_BFA_FC is not set
1608CONFIG_SCSI_LOWLEVEL_PCMCIA=y
1609CONFIG_PCMCIA_AHA152X=m
1610CONFIG_PCMCIA_FDOMAIN=m
1611# CONFIG_PCMCIA_NINJA_SCSI is not set
1612CONFIG_PCMCIA_QLOGIC=m
1613CONFIG_PCMCIA_SYM53C500=m
1614CONFIG_SCSI_DH=m
1615CONFIG_SCSI_DH_RDAC=m
1616CONFIG_SCSI_DH_HP_SW=m
1617CONFIG_SCSI_DH_EMC=m
1618CONFIG_SCSI_DH_ALUA=m
1619CONFIG_SCSI_OSD_INITIATOR=m
1620CONFIG_SCSI_OSD_ULD=m
1621CONFIG_SCSI_OSD_DPRINT_SENSE=1
1622# CONFIG_SCSI_OSD_DEBUG is not set
1623CONFIG_ATA=m
1624# CONFIG_ATA_NONSTANDARD is not set
1625CONFIG_ATA_VERBOSE_ERROR=y
1626CONFIG_ATA_ACPI=y
1627CONFIG_SATA_PMP=y
1628
1629#
1630# Controllers with non-SFF native interface
1631#
1632CONFIG_SATA_AHCI=m
1633CONFIG_SATA_AHCI_PLATFORM=m
1634CONFIG_SATA_INIC162X=m
1635CONFIG_SATA_ACARD_AHCI=m
1636CONFIG_SATA_SIL24=m
1637CONFIG_ATA_SFF=y
1638
1639#
1640# SFF controllers with custom DMA interface
1641#
1642CONFIG_PDC_ADMA=m
1643CONFIG_SATA_QSTOR=m
1644CONFIG_SATA_SX4=m
1645CONFIG_ATA_BMDMA=y
1646
1647#
1648# SATA SFF controllers with BMDMA
1649#
1650CONFIG_ATA_PIIX=m
1651CONFIG_SATA_MV=m
1652CONFIG_SATA_NV=m
1653CONFIG_SATA_PROMISE=m
1654CONFIG_SATA_SIL=m
1655CONFIG_SATA_SIS=m
1656CONFIG_SATA_SVW=m
1657CONFIG_SATA_ULI=m
1658CONFIG_SATA_VIA=m
1659CONFIG_SATA_VITESSE=m
1660
1661#
1662# PATA SFF controllers with BMDMA
1663#
1664CONFIG_PATA_ALI=m
1665CONFIG_PATA_AMD=m
1666CONFIG_PATA_ARTOP=m
1667CONFIG_PATA_ATIIXP=m
1668CONFIG_PATA_ATP867X=m
1669CONFIG_PATA_CMD64X=m
1670CONFIG_PATA_CS5520=m
1671CONFIG_PATA_CS5530=m
1672# CONFIG_PATA_CS5535 is not set
1673CONFIG_PATA_CS5536=m
1674CONFIG_PATA_CYPRESS=m
1675CONFIG_PATA_EFAR=m
1676CONFIG_PATA_HPT366=m
1677CONFIG_PATA_HPT37X=m
1678CONFIG_PATA_HPT3X2N=m
1679CONFIG_PATA_HPT3X3=m
1680CONFIG_PATA_HPT3X3_DMA=y
1681CONFIG_PATA_IT8213=m
1682CONFIG_PATA_IT821X=m
1683CONFIG_PATA_JMICRON=m
1684CONFIG_PATA_MARVELL=m
1685CONFIG_PATA_NETCELL=m
1686CONFIG_PATA_NINJA32=m
1687CONFIG_PATA_NS87415=m
1688CONFIG_PATA_OLDPIIX=m
1689CONFIG_PATA_OPTIDMA=m
1690CONFIG_PATA_PDC2027X=m
1691CONFIG_PATA_PDC_OLD=m
1692CONFIG_PATA_RADISYS=m
1693CONFIG_PATA_RDC=m
1694CONFIG_PATA_SC1200=m
1695CONFIG_PATA_SCH=m
1696CONFIG_PATA_SERVERWORKS=m
1697CONFIG_PATA_SIL680=m
1698CONFIG_PATA_SIS=m
1699CONFIG_PATA_TOSHIBA=m
1700CONFIG_PATA_TRIFLEX=m
1701CONFIG_PATA_VIA=m
1702CONFIG_PATA_WINBOND=m
1703
1704#
1705# PIO-only SFF controllers
1706#
1707CONFIG_PATA_CMD640_PCI=m
1708CONFIG_PATA_MPIIX=m
1709CONFIG_PATA_NS87410=m
1710CONFIG_PATA_OPTI=m
1711CONFIG_PATA_PCMCIA=m
1712CONFIG_PATA_PLATFORM=m
1713CONFIG_PATA_RZ1000=m
1714
1715#
1716# Generic fallback / legacy drivers
1717#
1718CONFIG_PATA_ACPI=m
1719CONFIG_ATA_GENERIC=m
1720CONFIG_PATA_LEGACY=m
1721CONFIG_MD=y
1722CONFIG_BLK_DEV_MD=y
1723# CONFIG_MD_AUTODETECT is not set
1724CONFIG_MD_LINEAR=m
1725CONFIG_MD_RAID0=m
1726CONFIG_MD_RAID1=m
1727CONFIG_MD_RAID10=m
1728CONFIG_MD_RAID456=m
1729# CONFIG_MULTICORE_RAID456 is not set
1730CONFIG_MD_MULTIPATH=m
1731CONFIG_MD_FAULTY=m
1732CONFIG_BLK_DEV_DM=m
1733# CONFIG_DM_DEBUG is not set
1734CONFIG_DM_CRYPT=m
1735CONFIG_DM_SNAPSHOT=m
1736CONFIG_DM_MIRROR=m
1737CONFIG_DM_RAID=m
1738CONFIG_DM_LOG_USERSPACE=m
1739CONFIG_DM_ZERO=m
1740CONFIG_DM_MULTIPATH=m
1741CONFIG_DM_MULTIPATH_QL=m
1742CONFIG_DM_MULTIPATH_ST=m
1743CONFIG_DM_DELAY=m
1744# CONFIG_DM_UEVENT is not set
1745CONFIG_TARGET_CORE=m
1746CONFIG_TCM_IBLOCK=m
1747CONFIG_TCM_FILEIO=m
1748CONFIG_TCM_PSCSI=m
1749CONFIG_FUSION=y
1750CONFIG_FUSION_SPI=m
1751CONFIG_FUSION_FC=m
1752CONFIG_FUSION_SAS=m
1753CONFIG_FUSION_MAX_SGE=128
1754CONFIG_FUSION_CTL=m
1755# CONFIG_FUSION_LOGGING is not set
1756
1757#
1758# IEEE 1394 (FireWire) support
1759#
1760CONFIG_FIREWIRE=m
1761CONFIG_FIREWIRE_OHCI=m
1762CONFIG_FIREWIRE_OHCI_DEBUG=y
1763CONFIG_FIREWIRE_SBP2=m
1764CONFIG_FIREWIRE_NET=m
1765CONFIG_FIREWIRE_NOSY=m
1766CONFIG_I2O=m
1767CONFIG_I2O_LCT_NOTIFY_ON_CHANGES=y
1768CONFIG_I2O_EXT_ADAPTEC=y
1769CONFIG_I2O_CONFIG=m
1770CONFIG_I2O_CONFIG_OLD_IOCTL=y
1771CONFIG_I2O_BUS=m
1772CONFIG_I2O_BLOCK=m
1773CONFIG_I2O_SCSI=m
1774CONFIG_I2O_PROC=m
1775# CONFIG_MACINTOSH_DRIVERS is not set
1776CONFIG_NETDEVICES=y
1777CONFIG_IFB=m
1778CONFIG_DUMMY=m
1779CONFIG_BONDING=m
1780CONFIG_MACVLAN=m
1781CONFIG_MACVTAP=m
1782CONFIG_EQUALIZER=m
1783CONFIG_TUN=m
1784CONFIG_VETH=m
1785CONFIG_NET_SB1000=m
1786CONFIG_ARCNET=m
1787CONFIG_ARCNET_1201=m
1788CONFIG_ARCNET_1051=m
1789CONFIG_ARCNET_RAW=m
1790CONFIG_ARCNET_CAP=m
1791CONFIG_ARCNET_COM90xx=m
1792CONFIG_ARCNET_COM90xxIO=m
1793CONFIG_ARCNET_RIM_I=m
1794CONFIG_ARCNET_COM20020=m
1795CONFIG_ARCNET_COM20020_PCI=m
1796CONFIG_MII=m
1797CONFIG_PHYLIB=m
1798
1799#
1800# MII PHY device drivers
1801#
1802CONFIG_MARVELL_PHY=m
1803CONFIG_DAVICOM_PHY=m
1804CONFIG_QSEMI_PHY=m
1805CONFIG_LXT_PHY=m
1806CONFIG_CICADA_PHY=m
1807CONFIG_VITESSE_PHY=m
1808CONFIG_SMSC_PHY=m
1809CONFIG_BROADCOM_PHY=m
1810CONFIG_BCM63XX_PHY=m
1811CONFIG_ICPLUS_PHY=m
1812CONFIG_REALTEK_PHY=m
1813CONFIG_NATIONAL_PHY=m
1814CONFIG_STE10XP=m
1815CONFIG_LSI_ET1011C_PHY=m
1816CONFIG_MICREL_PHY=m
1817CONFIG_MDIO_BITBANG=m
1818CONFIG_MDIO_GPIO=m
1819CONFIG_NET_ETHERNET=y
1820CONFIG_HAPPYMEAL=m
1821CONFIG_SUNGEM=m
1822CONFIG_CASSINI=m
1823CONFIG_NET_VENDOR_3COM=y
1824CONFIG_VORTEX=m
1825CONFIG_TYPHOON=m
1826CONFIG_ENC28J60=m
1827# CONFIG_ENC28J60_WRITEVERIFY is not set
1828CONFIG_ETHOC=m
1829CONFIG_DNET=m
1830CONFIG_NET_TULIP=y
1831CONFIG_DE2104X=m
1832CONFIG_DE2104X_DSL=0
1833CONFIG_TULIP=m
1834# CONFIG_TULIP_MWI is not set
1835# CONFIG_TULIP_MMIO is not set
1836# CONFIG_TULIP_NAPI is not set
1837CONFIG_DE4X5=m
1838CONFIG_WINBOND_840=m
1839CONFIG_DM9102=m
1840CONFIG_ULI526X=m
1841CONFIG_PCMCIA_XIRCOM=m
1842CONFIG_HP100=m
1843# CONFIG_IBM_NEW_EMAC_ZMII is not set
1844# CONFIG_IBM_NEW_EMAC_RGMII is not set
1845# CONFIG_IBM_NEW_EMAC_TAH is not set
1846# CONFIG_IBM_NEW_EMAC_EMAC4 is not set
1847# CONFIG_IBM_NEW_EMAC_NO_FLOW_CTRL is not set
1848# CONFIG_IBM_NEW_EMAC_MAL_CLR_ICINTSTAT is not set
1849# CONFIG_IBM_NEW_EMAC_MAL_COMMON_ERR is not set
1850CONFIG_NET_PCI=y
1851CONFIG_PCNET32=m
1852CONFIG_AMD8111_ETH=m
1853CONFIG_ADAPTEC_STARFIRE=m
1854CONFIG_KSZ884X_PCI=m
1855CONFIG_B44=m
1856CONFIG_B44_PCI_AUTOSELECT=y
1857CONFIG_B44_PCICORE_AUTOSELECT=y
1858CONFIG_B44_PCI=y
1859CONFIG_FORCEDETH=m
1860CONFIG_E100=m
1861CONFIG_FEALNX=m
1862CONFIG_NATSEMI=m
1863CONFIG_NE2K_PCI=m
1864CONFIG_8139CP=m
1865CONFIG_8139TOO=m
1866CONFIG_8139TOO_PIO=y
1867# CONFIG_8139TOO_TUNE_TWISTER is not set
1868# CONFIG_8139TOO_8129 is not set
1869# CONFIG_8139_OLD_RX_RESET is not set
1870CONFIG_R6040=m
1871CONFIG_SIS900=m
1872CONFIG_EPIC100=m
1873CONFIG_SMSC9420=m
1874CONFIG_SUNDANCE=m
1875# CONFIG_SUNDANCE_MMIO is not set
1876CONFIG_TLAN=m
1877CONFIG_KS8842=m
1878CONFIG_KS8851=m
1879CONFIG_KS8851_MLL=m
1880CONFIG_VIA_RHINE=m
1881# CONFIG_VIA_RHINE_MMIO is not set
1882CONFIG_SC92031=m
1883CONFIG_NET_POCKET=y
1884CONFIG_ATP=m
1885CONFIG_DE600=m
1886CONFIG_DE620=m
1887CONFIG_ATL2=m
1888CONFIG_NETDEV_1000=y
1889CONFIG_ACENIC=m
1890# CONFIG_ACENIC_OMIT_TIGON_I is not set
1891CONFIG_DL2K=m
1892CONFIG_E1000=m
1893CONFIG_E1000E=m
1894CONFIG_IP1000=m
1895CONFIG_IGB=m
1896CONFIG_IGB_DCA=y
1897CONFIG_IGBVF=m
1898CONFIG_NS83820=m
1899CONFIG_HAMACHI=m
1900CONFIG_YELLOWFIN=m
1901CONFIG_R8169=m
1902CONFIG_R8169_VLAN=y
1903CONFIG_SIS190=m
1904CONFIG_SKGE=m
1905# CONFIG_SKGE_DEBUG is not set
1906CONFIG_SKY2=m
1907# CONFIG_SKY2_DEBUG is not set
1908CONFIG_VIA_VELOCITY=m
1909CONFIG_TIGON3=m
1910CONFIG_BNX2=m
1911CONFIG_CNIC=m
1912CONFIG_QLA3XXX=m
1913CONFIG_ATL1=m
1914CONFIG_ATL1E=m
1915CONFIG_ATL1C=m
1916CONFIG_JME=m
1917CONFIG_STMMAC_ETH=m
1918# CONFIG_STMMAC_DA is not set
1919# CONFIG_STMMAC_DUAL_MAC is not set
1920CONFIG_PCH_GBE=m
1921CONFIG_NETDEV_10000=y
1922CONFIG_MDIO=m
1923CONFIG_CHELSIO_T1=m
1924CONFIG_CHELSIO_T1_1G=y
1925CONFIG_CHELSIO_T3_DEPENDS=y
1926CONFIG_CHELSIO_T3=m
1927CONFIG_CHELSIO_T4_DEPENDS=y
1928CONFIG_CHELSIO_T4=m
1929CONFIG_CHELSIO_T4VF_DEPENDS=y
1930CONFIG_CHELSIO_T4VF=m
1931CONFIG_ENIC=m
1932CONFIG_IXGBE=m
1933CONFIG_IXGBE_DCA=y
1934# CONFIG_IXGBEVF is not set
1935CONFIG_IXGB=m
1936CONFIG_S2IO=m
1937CONFIG_VXGE=m
1938# CONFIG_VXGE_DEBUG_TRACE_ALL is not set
1939CONFIG_MYRI10GE=m
1940CONFIG_MYRI10GE_DCA=y
1941CONFIG_NETXEN_NIC=m
1942CONFIG_NIU=m
1943CONFIG_MLX4_EN=m
1944CONFIG_MLX4_CORE=m
1945CONFIG_MLX4_DEBUG=y
1946CONFIG_TEHUTI=m
1947CONFIG_BNX2X=m
1948CONFIG_QLCNIC=m
1949CONFIG_QLGE=m
1950CONFIG_BNA=m
1951CONFIG_SFC=m
1952CONFIG_SFC_MTD=y
1953CONFIG_BE2NET=m
1954# CONFIG_TR is not set
1955CONFIG_WLAN=y
1956CONFIG_PCMCIA_RAYCS=m
1957CONFIG_LIBERTAS_THINFIRM=m
1958# CONFIG_LIBERTAS_THINFIRM_DEBUG is not set
1959CONFIG_LIBERTAS_THINFIRM_USB=m
1960CONFIG_AIRO=m
1961CONFIG_ATMEL=m
1962CONFIG_PCI_ATMEL=m
1963CONFIG_PCMCIA_ATMEL=m
1964CONFIG_AT76C50X_USB=m
1965CONFIG_AIRO_CS=m
1966CONFIG_PCMCIA_WL3501=m
1967CONFIG_PRISM54=m
1968CONFIG_USB_ZD1201=m
1969CONFIG_USB_NET_RNDIS_WLAN=m
1970CONFIG_RTL8180=m
1971CONFIG_RTL8187=m
1972CONFIG_RTL8187_LEDS=y
1973CONFIG_ADM8211=m
1974CONFIG_MAC80211_HWSIM=m
1975CONFIG_MWL8K=m
1976CONFIG_ATH_COMMON=m
1977# CONFIG_ATH_DEBUG is not set
1978CONFIG_ATH5K=m
1979# CONFIG_ATH5K_DEBUG is not set
1980CONFIG_ATH5K_PCI=y
1981CONFIG_ATH9K_HW=m
1982CONFIG_ATH9K_COMMON=m
1983CONFIG_ATH9K=m
1984# CONFIG_ATH9K_DEBUGFS is not set
1985CONFIG_ATH9K_RATE_CONTROL=y
1986CONFIG_ATH9K_HTC=m
1987# CONFIG_ATH9K_HTC_DEBUGFS is not set
1988CONFIG_AR9170_USB=m
1989CONFIG_AR9170_LEDS=y
1990CONFIG_CARL9170=m
1991CONFIG_CARL9170_LEDS=y
1992CONFIG_CARL9170_WPC=y
1993CONFIG_B43=m
1994CONFIG_B43_PCI_AUTOSELECT=y
1995CONFIG_B43_PCICORE_AUTOSELECT=y
1996CONFIG_B43_PCMCIA=y
1997CONFIG_B43_SDIO=y
1998CONFIG_B43_PIO=y
1999CONFIG_B43_PHY_N=y
2000CONFIG_B43_PHY_LP=y
2001CONFIG_B43_LEDS=y
2002CONFIG_B43_HWRNG=y
2003# CONFIG_B43_DEBUG is not set
2004CONFIG_B43LEGACY=m
2005CONFIG_B43LEGACY_PCI_AUTOSELECT=y
2006CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
2007CONFIG_B43LEGACY_LEDS=y
2008CONFIG_B43LEGACY_HWRNG=y
2009CONFIG_B43LEGACY_DEBUG=y
2010CONFIG_B43LEGACY_DMA=y
2011CONFIG_B43LEGACY_PIO=y
2012CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
2013# CONFIG_B43LEGACY_DMA_MODE is not set
2014# CONFIG_B43LEGACY_PIO_MODE is not set
2015CONFIG_HOSTAP=m
2016CONFIG_HOSTAP_FIRMWARE=y
2017CONFIG_HOSTAP_FIRMWARE_NVRAM=y
2018CONFIG_HOSTAP_PLX=m
2019CONFIG_HOSTAP_PCI=m
2020CONFIG_HOSTAP_CS=m
2021CONFIG_IPW2100=m
2022CONFIG_IPW2100_MONITOR=y
2023# CONFIG_IPW2100_DEBUG is not set
2024CONFIG_IPW2200=m
2025CONFIG_IPW2200_MONITOR=y
2026CONFIG_IPW2200_RADIOTAP=y
2027CONFIG_IPW2200_PROMISCUOUS=y
2028CONFIG_IPW2200_QOS=y
2029# CONFIG_IPW2200_DEBUG is not set
2030CONFIG_LIBIPW=m
2031# CONFIG_LIBIPW_DEBUG is not set
2032CONFIG_IWLWIFI=m
2033
2034#
2035# Debugging Options
2036#
2037# CONFIG_IWLWIFI_DEBUG is not set
2038CONFIG_IWLAGN=m
2039CONFIG_IWL4965=y
2040CONFIG_IWL5000=y
2041CONFIG_IWL3945=m
2042CONFIG_IWM=m
2043# CONFIG_IWM_DEBUG is not set
2044CONFIG_LIBERTAS=m
2045CONFIG_LIBERTAS_USB=m
2046CONFIG_LIBERTAS_CS=m
2047CONFIG_LIBERTAS_SDIO=m
2048CONFIG_LIBERTAS_SPI=m
2049# CONFIG_LIBERTAS_DEBUG is not set
2050CONFIG_LIBERTAS_MESH=y
2051CONFIG_HERMES=m
2052# CONFIG_HERMES_PRISM is not set
2053CONFIG_HERMES_CACHE_FW_ON_INIT=y
2054CONFIG_PLX_HERMES=m
2055CONFIG_TMD_HERMES=m
2056CONFIG_NORTEL_HERMES=m
2057CONFIG_PCMCIA_HERMES=m
2058CONFIG_PCMCIA_SPECTRUM=m
2059CONFIG_ORINOCO_USB=m
2060CONFIG_P54_COMMON=m
2061CONFIG_P54_USB=m
2062CONFIG_P54_PCI=m
2063CONFIG_P54_SPI=m
2064# CONFIG_P54_SPI_DEFAULT_EEPROM is not set
2065CONFIG_P54_LEDS=y
2066CONFIG_RT2X00=m
2067CONFIG_RT2400PCI=m
2068CONFIG_RT2500PCI=m
2069CONFIG_RT61PCI=m
2070CONFIG_RT2800PCI=m
2071CONFIG_RT2800PCI_RT33XX=y
2072# CONFIG_RT2800PCI_RT35XX is not set
2073CONFIG_RT2500USB=m
2074CONFIG_RT73USB=m
2075CONFIG_RT2800USB=m
2076CONFIG_RT2800USB_RT33XX=y
2077# CONFIG_RT2800USB_RT35XX is not set
2078CONFIG_RT2800USB_UNKNOWN=y
2079CONFIG_RT2800_LIB=m
2080CONFIG_RT2X00_LIB_PCI=m
2081CONFIG_RT2X00_LIB_USB=m
2082CONFIG_RT2X00_LIB=m
2083CONFIG_RT2X00_LIB_HT=y
2084CONFIG_RT2X00_LIB_FIRMWARE=y
2085CONFIG_RT2X00_LIB_CRYPTO=y
2086CONFIG_RT2X00_LIB_LEDS=y
2087# CONFIG_RT2X00_DEBUG is not set
2088CONFIG_RTL8192CE=m
2089CONFIG_RTLWIFI=m
2090CONFIG_WL1251=m
2091CONFIG_WL1251_SPI=m
2092CONFIG_WL1251_SDIO=m
2093CONFIG_WL12XX_MENU=m
2094CONFIG_WL12XX=m
2095CONFIG_WL12XX_HT=y
2096CONFIG_WL12XX_SPI=m
2097CONFIG_WL12XX_SDIO=m
2098CONFIG_WL12XX_SDIO_TEST=m
2099CONFIG_WL12XX_PLATFORM_DATA=y
2100CONFIG_ZD1211RW=m
2101# CONFIG_ZD1211RW_DEBUG is not set
2102
2103#
2104# WiMAX Wireless Broadband devices
2105#
2106CONFIG_WIMAX_I2400M=m
2107CONFIG_WIMAX_I2400M_USB=m
2108CONFIG_WIMAX_I2400M_SDIO=m
2109CONFIG_WIMAX_IWMC3200_SDIO=y
2110CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8
2111
2112#
2113# USB Network Adapters
2114#
2115CONFIG_USB_CATC=m
2116CONFIG_USB_KAWETH=m
2117CONFIG_USB_PEGASUS=m
2118CONFIG_USB_RTL8150=m
2119CONFIG_USB_USBNET=m
2120CONFIG_USB_NET_AX8817X=m
2121CONFIG_USB_NET_CDCETHER=m
2122CONFIG_USB_NET_CDC_EEM=m
2123CONFIG_USB_NET_CDC_NCM=m
2124CONFIG_USB_NET_DM9601=m
2125CONFIG_USB_NET_SMSC75XX=m
2126CONFIG_USB_NET_SMSC95XX=m
2127CONFIG_USB_NET_GL620A=m
2128CONFIG_USB_NET_NET1080=m
2129CONFIG_USB_NET_PLUSB=m
2130CONFIG_USB_NET_MCS7830=m
2131CONFIG_USB_NET_RNDIS_HOST=m
2132CONFIG_USB_NET_CDC_SUBSET=m
2133CONFIG_USB_ALI_M5632=y
2134CONFIG_USB_AN2720=y
2135CONFIG_USB_BELKIN=y
2136CONFIG_USB_ARMLINUX=y
2137CONFIG_USB_EPSON2888=y
2138CONFIG_USB_KC2190=y
2139CONFIG_USB_NET_ZAURUS=m
2140CONFIG_USB_NET_CX82310_ETH=m
2141CONFIG_USB_HSO=m
2142CONFIG_USB_NET_INT51X1=m
2143CONFIG_USB_CDC_PHONET=m
2144CONFIG_USB_IPHETH=m
2145CONFIG_USB_SIERRA_NET=m
2146CONFIG_NET_PCMCIA=y
2147CONFIG_PCMCIA_3C589=m
2148CONFIG_PCMCIA_3C574=m
2149CONFIG_PCMCIA_FMVJ18X=m
2150CONFIG_PCMCIA_PCNET=m
2151CONFIG_PCMCIA_NMCLAN=m
2152CONFIG_PCMCIA_SMC91C92=m
2153CONFIG_PCMCIA_XIRC2PS=m
2154CONFIG_PCMCIA_AXNET=m
2155CONFIG_ARCNET_COM20020_CS=m
2156CONFIG_WAN=y
2157CONFIG_LANMEDIA=m
2158CONFIG_HDLC=m
2159CONFIG_HDLC_RAW=m
2160CONFIG_HDLC_RAW_ETH=m
2161CONFIG_HDLC_CISCO=m
2162CONFIG_HDLC_FR=m
2163CONFIG_HDLC_PPP=m
2164CONFIG_HDLC_X25=m
2165CONFIG_PCI200SYN=m
2166CONFIG_WANXL=m
2167# CONFIG_WANXL_BUILD_FIRMWARE is not set
2168CONFIG_PC300TOO=m
2169CONFIG_FARSYNC=m
2170CONFIG_DSCC4=m
2171CONFIG_DSCC4_PCISYNC=y
2172CONFIG_DSCC4_PCI_RST=y
2173CONFIG_DLCI=m
2174CONFIG_DLCI_MAX=8
2175CONFIG_WAN_ROUTER_DRIVERS=m
2176CONFIG_CYCLADES_SYNC=m
2177CONFIG_CYCLOMX_X25=y
2178CONFIG_LAPBETHER=m
2179CONFIG_X25_ASY=m
2180CONFIG_SBNI=m
2181CONFIG_SBNI_MULTILINE=y
2182CONFIG_ATM_DRIVERS=y
2183CONFIG_ATM_DUMMY=m
2184CONFIG_ATM_TCP=m
2185CONFIG_ATM_LANAI=m
2186CONFIG_ATM_ENI=m
2187# CONFIG_ATM_ENI_DEBUG is not set
2188# CONFIG_ATM_ENI_TUNE_BURST is not set
2189CONFIG_ATM_FIRESTREAM=m
2190CONFIG_ATM_ZATM=m
2191# CONFIG_ATM_ZATM_DEBUG is not set
2192CONFIG_ATM_NICSTAR=m
2193# CONFIG_ATM_NICSTAR_USE_SUNI is not set
2194# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set
2195CONFIG_ATM_IDT77252=m
2196# CONFIG_ATM_IDT77252_DEBUG is not set
2197# CONFIG_ATM_IDT77252_RCV_ALL is not set
2198CONFIG_ATM_IDT77252_USE_SUNI=y
2199CONFIG_ATM_AMBASSADOR=m
2200# CONFIG_ATM_AMBASSADOR_DEBUG is not set
2201CONFIG_ATM_HORIZON=m
2202# CONFIG_ATM_HORIZON_DEBUG is not set
2203CONFIG_ATM_IA=m
2204# CONFIG_ATM_IA_DEBUG is not set
2205CONFIG_ATM_FORE200E=m
2206CONFIG_ATM_FORE200E_USE_TASKLET=y
2207CONFIG_ATM_FORE200E_TX_RETRY=16
2208CONFIG_ATM_FORE200E_DEBUG=0
2209CONFIG_ATM_HE=m
2210CONFIG_ATM_HE_USE_SUNI=y
2211CONFIG_ATM_SOLOS=m
2212CONFIG_IEEE802154_DRIVERS=m
2213CONFIG_IEEE802154_FAKEHARD=m
2214
2215#
2216# CAIF transport drivers
2217#
2218CONFIG_CAIF_TTY=m
2219CONFIG_CAIF_SPI_SLAVE=m
2220# CONFIG_CAIF_SPI_SYNC is not set
2221CONFIG_FDDI=y
2222CONFIG_DEFXX=m
2223# CONFIG_DEFXX_MMIO is not set
2224CONFIG_SKFP=m
2225CONFIG_HIPPI=y
2226CONFIG_ROADRUNNER=m
2227# CONFIG_ROADRUNNER_LARGE_RINGS is not set
2228CONFIG_PLIP=m
2229CONFIG_PPP=m
2230CONFIG_PPP_MULTILINK=y
2231CONFIG_PPP_FILTER=y
2232CONFIG_PPP_ASYNC=m
2233CONFIG_PPP_SYNC_TTY=m
2234CONFIG_PPP_DEFLATE=m
2235CONFIG_PPP_BSDCOMP=m
2236CONFIG_PPP_MPPE=m
2237CONFIG_PPPOE=m
2238CONFIG_PPTP=m
2239CONFIG_PPPOATM=m
2240CONFIG_PPPOL2TP=m
2241CONFIG_SLIP=m
2242CONFIG_SLIP_COMPRESSED=y
2243CONFIG_SLHC=m
2244CONFIG_SLIP_SMART=y
2245CONFIG_SLIP_MODE_SLIP6=y
2246# CONFIG_NET_FC is not set
2247CONFIG_NETCONSOLE=m
2248CONFIG_NETCONSOLE_DYNAMIC=y
2249CONFIG_NETPOLL=y
2250# CONFIG_NETPOLL_TRAP is not set
2251CONFIG_NET_POLL_CONTROLLER=y
2252CONFIG_VIRTIO_NET=m
2253CONFIG_VMXNET3=m
2254CONFIG_ISDN=y
2255# CONFIG_ISDN_I4L is not set
2256CONFIG_ISDN_CAPI=m
2257# CONFIG_ISDN_DRV_AVMB1_VERBOSE_REASON is not set
2258# CONFIG_CAPI_TRACE is not set
2259CONFIG_ISDN_CAPI_MIDDLEWARE=y
2260CONFIG_ISDN_CAPI_CAPI20=m
2261CONFIG_ISDN_CAPI_CAPIFS_BOOL=y
2262CONFIG_ISDN_CAPI_CAPIFS=m
2263
2264#
2265# CAPI hardware drivers
2266#
2267CONFIG_CAPI_AVM=y
2268CONFIG_ISDN_DRV_AVMB1_B1PCI=m
2269CONFIG_ISDN_DRV_AVMB1_B1PCIV4=y
2270CONFIG_ISDN_DRV_AVMB1_B1PCMCIA=m
2271CONFIG_ISDN_DRV_AVMB1_AVM_CS=m
2272CONFIG_ISDN_DRV_AVMB1_T1PCI=m
2273CONFIG_ISDN_DRV_AVMB1_C4=m
2274CONFIG_CAPI_EICON=y
2275CONFIG_ISDN_DIVAS=m
2276CONFIG_ISDN_DIVAS_BRIPCI=y
2277CONFIG_ISDN_DIVAS_PRIPCI=y
2278CONFIG_ISDN_DIVAS_DIVACAPI=m
2279CONFIG_ISDN_DIVAS_USERIDI=m
2280CONFIG_ISDN_DIVAS_MAINT=m
2281CONFIG_ISDN_DRV_GIGASET=m
2282CONFIG_GIGASET_CAPI=y
2283# CONFIG_GIGASET_DUMMYLL is not set
2284CONFIG_GIGASET_BASE=m
2285CONFIG_GIGASET_M105=m
2286CONFIG_GIGASET_M101=m
2287# CONFIG_GIGASET_DEBUG is not set
2288CONFIG_HYSDN=m
2289CONFIG_HYSDN_CAPI=y
2290CONFIG_MISDN=m
2291CONFIG_MISDN_DSP=m
2292CONFIG_MISDN_L1OIP=m
2293
2294#
2295# mISDN hardware drivers
2296#
2297CONFIG_MISDN_HFCPCI=m
2298CONFIG_MISDN_HFCMULTI=m
2299CONFIG_MISDN_HFCUSB=m
2300CONFIG_MISDN_AVMFRITZ=m
2301# CONFIG_MISDN_SPEEDFAX is not set
2302# CONFIG_MISDN_INFINEON is not set
2303# CONFIG_MISDN_W6692 is not set
2304# CONFIG_MISDN_NETJET is not set
2305CONFIG_MISDN_IPAC=m
2306# CONFIG_PHONE is not set
2307
2308#
2309# Input device support
2310#
2311CONFIG_INPUT=y
2312CONFIG_INPUT_FF_MEMLESS=m
2313CONFIG_INPUT_POLLDEV=m
2314CONFIG_INPUT_SPARSEKMAP=m
2315
2316#
2317# Userland interfaces
2318#
2319CONFIG_INPUT_MOUSEDEV=m
2320CONFIG_INPUT_MOUSEDEV_PSAUX=y
2321CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
2322CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
2323CONFIG_INPUT_JOYDEV=m
2324CONFIG_INPUT_EVDEV=m
2325CONFIG_INPUT_EVBUG=m
2326
2327#
2328# Input Device Drivers
2329#
2330CONFIG_INPUT_KEYBOARD=y
2331# CONFIG_KEYBOARD_ADP5588 is not set
2332CONFIG_KEYBOARD_ATKBD=y
2333# CONFIG_KEYBOARD_QT2160 is not set
2334CONFIG_KEYBOARD_LKKBD=m
2335CONFIG_KEYBOARD_GPIO=m
2336CONFIG_KEYBOARD_GPIO_POLLED=m
2337CONFIG_KEYBOARD_TCA6416=m
2338CONFIG_KEYBOARD_MATRIX=m
2339CONFIG_KEYBOARD_LM8323=m
2340# CONFIG_KEYBOARD_MAX7359 is not set
2341CONFIG_KEYBOARD_MCS=m
2342CONFIG_KEYBOARD_NEWTON=m
2343# CONFIG_KEYBOARD_OPENCORES is not set
2344CONFIG_KEYBOARD_STOWAWAY=m
2345CONFIG_KEYBOARD_SUNKBD=m
2346CONFIG_KEYBOARD_XTKBD=m
2347CONFIG_INPUT_MOUSE=y
2348CONFIG_MOUSE_PS2=m
2349CONFIG_MOUSE_PS2_ALPS=y
2350CONFIG_MOUSE_PS2_LOGIPS2PP=y
2351CONFIG_MOUSE_PS2_SYNAPTICS=y
2352CONFIG_MOUSE_PS2_LIFEBOOK=y
2353CONFIG_MOUSE_PS2_TRACKPOINT=y
2354# CONFIG_MOUSE_PS2_ELANTECH is not set
2355# CONFIG_MOUSE_PS2_SENTELIC is not set
2356# CONFIG_MOUSE_PS2_TOUCHKIT is not set
2357CONFIG_MOUSE_SERIAL=m
2358CONFIG_MOUSE_APPLETOUCH=m
2359CONFIG_MOUSE_BCM5974=m
2360CONFIG_MOUSE_VSXXXAA=m
2361CONFIG_MOUSE_GPIO=m
2362CONFIG_MOUSE_SYNAPTICS_I2C=m
2363# CONFIG_INPUT_JOYSTICK is not set
2364# CONFIG_INPUT_TABLET is not set
2365CONFIG_INPUT_TOUCHSCREEN=y
2366CONFIG_TOUCHSCREEN_ADS7846=m
2367CONFIG_TOUCHSCREEN_AD7877=m
2368CONFIG_TOUCHSCREEN_AD7879=m
2369CONFIG_TOUCHSCREEN_AD7879_I2C=m
2370CONFIG_TOUCHSCREEN_AD7879_SPI=m
2371CONFIG_TOUCHSCREEN_BU21013=m
2372CONFIG_TOUCHSCREEN_CY8CTMG110=m
2373CONFIG_TOUCHSCREEN_DYNAPRO=m
2374CONFIG_TOUCHSCREEN_HAMPSHIRE=m
2375CONFIG_TOUCHSCREEN_EETI=m
2376CONFIG_TOUCHSCREEN_FUJITSU=m
2377CONFIG_TOUCHSCREEN_GUNZE=m
2378CONFIG_TOUCHSCREEN_ELO=m
2379CONFIG_TOUCHSCREEN_WACOM_W8001=m
2380# CONFIG_TOUCHSCREEN_MCS5000 is not set
2381CONFIG_TOUCHSCREEN_MTOUCH=m
2382CONFIG_TOUCHSCREEN_INEXIO=m
2383CONFIG_TOUCHSCREEN_MK712=m
2384CONFIG_TOUCHSCREEN_PENMOUNT=m
2385CONFIG_TOUCHSCREEN_QT602240=m
2386CONFIG_TOUCHSCREEN_TOUCHRIGHT=m
2387CONFIG_TOUCHSCREEN_TOUCHWIN=m
2388CONFIG_TOUCHSCREEN_UCB1400=m
2389CONFIG_TOUCHSCREEN_WM97XX=m
2390CONFIG_TOUCHSCREEN_WM9705=y
2391CONFIG_TOUCHSCREEN_WM9712=y
2392CONFIG_TOUCHSCREEN_WM9713=y
2393CONFIG_TOUCHSCREEN_USB_COMPOSITE=m
2394# CONFIG_TOUCHSCREEN_MC13783 is not set
2395CONFIG_TOUCHSCREEN_USB_EGALAX=y
2396CONFIG_TOUCHSCREEN_USB_PANJIT=y
2397CONFIG_TOUCHSCREEN_USB_3M=y
2398CONFIG_TOUCHSCREEN_USB_ITM=y
2399CONFIG_TOUCHSCREEN_USB_ETURBO=y
2400CONFIG_TOUCHSCREEN_USB_GUNZE=y
2401CONFIG_TOUCHSCREEN_USB_DMC_TSC10=y
2402CONFIG_TOUCHSCREEN_USB_IRTOUCH=y
2403CONFIG_TOUCHSCREEN_USB_IDEALTEK=y
2404CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y
2405CONFIG_TOUCHSCREEN_USB_GOTOP=y
2406CONFIG_TOUCHSCREEN_USB_JASTEC=y
2407CONFIG_TOUCHSCREEN_USB_E2I=y
2408CONFIG_TOUCHSCREEN_USB_ZYTRONIC=y
2409CONFIG_TOUCHSCREEN_USB_ETT_TC45USB=y
2410CONFIG_TOUCHSCREEN_USB_NEXIO=y
2411CONFIG_TOUCHSCREEN_TOUCHIT213=m
2412CONFIG_TOUCHSCREEN_TSC2007=m
2413CONFIG_TOUCHSCREEN_ST1232=m
2414CONFIG_TOUCHSCREEN_TPS6507X=m
2415CONFIG_INPUT_MISC=y
2416CONFIG_INPUT_AD714X=m
2417CONFIG_INPUT_AD714X_I2C=m
2418CONFIG_INPUT_AD714X_SPI=m
2419CONFIG_INPUT_PCSPKR=m
2420CONFIG_INPUT_APANEL=m
2421# CONFIG_INPUT_WISTRON_BTNS is not set
2422CONFIG_INPUT_ATLAS_BTNS=m
2423CONFIG_INPUT_ATI_REMOTE=m
2424CONFIG_INPUT_ATI_REMOTE2=m
2425CONFIG_INPUT_KEYSPAN_REMOTE=m
2426CONFIG_INPUT_POWERMATE=m
2427CONFIG_INPUT_YEALINK=m
2428CONFIG_INPUT_CM109=m
2429CONFIG_INPUT_UINPUT=m
2430CONFIG_INPUT_PCF50633_PMU=m
2431CONFIG_INPUT_PCF8574=m
2432CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
2433CONFIG_INPUT_ADXL34X=m
2434CONFIG_INPUT_ADXL34X_I2C=m
2435CONFIG_INPUT_ADXL34X_SPI=m
2436CONFIG_INPUT_CMA3000=m
2437CONFIG_INPUT_CMA3000_I2C=m
2438
2439#
2440# Hardware I/O ports
2441#
2442CONFIG_SERIO=y
2443CONFIG_SERIO_I8042=y
2444CONFIG_SERIO_SERPORT=m
2445CONFIG_SERIO_CT82C710=m
2446CONFIG_SERIO_PARKBD=m
2447CONFIG_SERIO_PCIPS2=m
2448CONFIG_SERIO_LIBPS2=y
2449CONFIG_SERIO_RAW=m
2450CONFIG_SERIO_ALTERA_PS2=m
2451CONFIG_SERIO_PS2MULT=m
2452# CONFIG_GAMEPORT is not set
2453
2454#
2455# Character devices
2456#
2457CONFIG_VT=y
2458CONFIG_CONSOLE_TRANSLATIONS=y
2459CONFIG_VT_CONSOLE=y
2460CONFIG_HW_CONSOLE=y
2461# CONFIG_VT_HW_CONSOLE_BINDING is not set
2462CONFIG_SERIAL_NONSTANDARD=y
2463CONFIG_COMPUTONE=m
2464CONFIG_ROCKETPORT=m
2465CONFIG_CYCLADES=m
2466# CONFIG_CYZ_INTR is not set
2467CONFIG_DIGIEPCA=m
2468CONFIG_MOXA_INTELLIO=m
2469CONFIG_MOXA_SMARTIO=m
2470CONFIG_ISI=m
2471CONFIG_SYNCLINK=m
2472CONFIG_SYNCLINKMP=m
2473CONFIG_SYNCLINK_GT=m
2474CONFIG_N_HDLC=m
2475# CONFIG_N_GSM is not set
2476CONFIG_RISCOM8=m
2477CONFIG_SPECIALIX=m
2478CONFIG_STALDRV=y
2479CONFIG_STALLION=m
2480CONFIG_ISTALLION=m
2481CONFIG_NOZOMI=m
2482
2483#
2484# Serial drivers
2485#
2486CONFIG_SERIAL_8250=y
2487CONFIG_SERIAL_8250_CONSOLE=y
2488CONFIG_FIX_EARLYCON_MEM=y
2489CONFIG_SERIAL_8250_PCI=y
2490CONFIG_SERIAL_8250_PNP=y
2491CONFIG_SERIAL_8250_CS=m
2492CONFIG_SERIAL_8250_NR_UARTS=16
2493CONFIG_SERIAL_8250_RUNTIME_UARTS=4
2494CONFIG_SERIAL_8250_EXTENDED=y
2495CONFIG_SERIAL_8250_MANY_PORTS=y
2496CONFIG_SERIAL_8250_SHARE_IRQ=y
2497# CONFIG_SERIAL_8250_DETECT_IRQ is not set
2498CONFIG_SERIAL_8250_RSA=y
2499
2500#
2501# Non-8250 serial port support
2502#
2503CONFIG_SERIAL_MAX3100=m
2504CONFIG_SERIAL_MAX3107=m
2505CONFIG_SERIAL_MRST_MAX3110=m
2506CONFIG_SERIAL_MFD_HSU=m
2507CONFIG_SERIAL_UARTLITE=m
2508CONFIG_SERIAL_CORE=y
2509CONFIG_SERIAL_CORE_CONSOLE=y
2510CONFIG_SERIAL_JSM=m
2511CONFIG_SERIAL_TIMBERDALE=m
2512CONFIG_SERIAL_ALTERA_JTAGUART=m
2513CONFIG_SERIAL_ALTERA_UART=m
2514CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4
2515CONFIG_SERIAL_ALTERA_UART_BAUDRATE=115200
2516CONFIG_SERIAL_IFX6X60=m
2517CONFIG_SERIAL_PCH_UART=m
2518CONFIG_UNIX98_PTYS=y
2519CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
2520# CONFIG_LEGACY_PTYS is not set
2521# CONFIG_TTY_PRINTK is not set
2522CONFIG_PRINTER=m
2523# CONFIG_LP_CONSOLE is not set
2524CONFIG_PPDEV=m
2525CONFIG_HVC_DRIVER=y
2526CONFIG_VIRTIO_CONSOLE=m
2527CONFIG_IPMI_HANDLER=m
2528# CONFIG_IPMI_PANIC_EVENT is not set
2529CONFIG_IPMI_DEVICE_INTERFACE=m
2530CONFIG_IPMI_SI=m
2531CONFIG_IPMI_WATCHDOG=m
2532CONFIG_IPMI_POWEROFF=m
2533CONFIG_HW_RANDOM=m
2534CONFIG_HW_RANDOM_TIMERIOMEM=m
2535CONFIG_HW_RANDOM_INTEL=m
2536CONFIG_HW_RANDOM_AMD=m
2537CONFIG_HW_RANDOM_GEODE=m
2538CONFIG_HW_RANDOM_VIA=m
2539CONFIG_HW_RANDOM_VIRTIO=m
2540CONFIG_NVRAM=m
2541CONFIG_R3964=m
2542CONFIG_APPLICOM=m
2543# CONFIG_SONYPI is not set
2544
2545#
2546# PCMCIA character devices
2547#
2548CONFIG_SYNCLINK_CS=m
2549CONFIG_CARDMAN_4000=m
2550CONFIG_CARDMAN_4040=m
2551CONFIG_IPWIRELESS=m
2552CONFIG_MWAVE=m
2553# CONFIG_SCx200_GPIO is not set
2554# CONFIG_PC8736x_GPIO is not set
2555# CONFIG_NSC_GPIO is not set
2556CONFIG_RAW_DRIVER=m
2557CONFIG_MAX_RAW_DEVS=256
2558CONFIG_HPET=y
2559CONFIG_HPET_MMAP=y
2560CONFIG_HANGCHECK_TIMER=m
2561CONFIG_TCG_TPM=m
2562CONFIG_TCG_TIS=m
2563CONFIG_TCG_NSC=m
2564CONFIG_TCG_ATMEL=m
2565CONFIG_TCG_INFINEON=m
2566CONFIG_TELCLOCK=m
2567CONFIG_RAMOOPS=m
2568CONFIG_I2C=m
2569CONFIG_I2C_BOARDINFO=y
2570CONFIG_I2C_COMPAT=y
2571CONFIG_I2C_CHARDEV=m
2572CONFIG_I2C_MUX=m
2573
2574#
2575# Multiplexer I2C Chip support
2576#
2577CONFIG_I2C_MUX_GPIO=m
2578CONFIG_I2C_MUX_PCA9541=m
2579CONFIG_I2C_MUX_PCA954x=m
2580CONFIG_I2C_HELPER_AUTO=y
2581CONFIG_I2C_SMBUS=m
2582CONFIG_I2C_ALGOBIT=m
2583CONFIG_I2C_ALGOPCA=m
2584
2585#
2586# I2C Hardware Bus support
2587#
2588
2589#
2590# PC SMBus host controller drivers
2591#
2592CONFIG_I2C_ALI1535=m
2593CONFIG_I2C_ALI1563=m
2594CONFIG_I2C_ALI15X3=m
2595CONFIG_I2C_AMD756=m
2596CONFIG_I2C_AMD756_S4882=m
2597CONFIG_I2C_AMD8111=m
2598CONFIG_I2C_I801=m
2599CONFIG_I2C_ISCH=m
2600CONFIG_I2C_PIIX4=m
2601CONFIG_I2C_NFORCE2=m
2602CONFIG_I2C_NFORCE2_S4985=m
2603CONFIG_I2C_SIS5595=m
2604CONFIG_I2C_SIS630=m
2605CONFIG_I2C_SIS96X=m
2606CONFIG_I2C_VIA=m
2607CONFIG_I2C_VIAPRO=m
2608
2609#
2610# ACPI drivers
2611#
2612CONFIG_I2C_SCMI=m
2613
2614#
2615# I2C system bus drivers (mostly embedded / system-on-chip)
2616#
2617CONFIG_I2C_GPIO=m
2618CONFIG_I2C_INTEL_MID=m
2619CONFIG_I2C_OCORES=m
2620CONFIG_I2C_PCA_PLATFORM=m
2621CONFIG_I2C_SIMTEC=m
2622CONFIG_I2C_XILINX=m
2623CONFIG_I2C_EG20T=m
2624
2625#
2626# External I2C/SMBus adapter drivers
2627#
2628CONFIG_I2C_PARPORT=m
2629CONFIG_I2C_PARPORT_LIGHT=m
2630CONFIG_I2C_TAOS_EVM=m
2631CONFIG_I2C_TINY_USB=m
2632
2633#
2634# Other I2C/SMBus bus drivers
2635#
2636CONFIG_I2C_STUB=m
2637# CONFIG_SCx200_ACB is not set
2638# CONFIG_I2C_DEBUG_CORE is not set
2639# CONFIG_I2C_DEBUG_ALGO is not set
2640# CONFIG_I2C_DEBUG_BUS is not set
2641CONFIG_SPI=y
2642CONFIG_SPI_MASTER=y
2643
2644#
2645# SPI Master Controller Drivers
2646#
2647CONFIG_SPI_BITBANG=m
2648CONFIG_SPI_BUTTERFLY=m
2649CONFIG_SPI_GPIO=m
2650CONFIG_SPI_LM70_LLP=m
2651CONFIG_SPI_PXA2XX=m
2652CONFIG_SPI_PXA2XX_PCI=y
2653CONFIG_SPI_TOPCLIFF_PCH=m
2654# CONFIG_SPI_XILINX is not set
2655CONFIG_SPI_DESIGNWARE=m
2656CONFIG_SPI_DW_PCI=m
2657
2658#
2659# SPI Protocol Masters
2660#
2661CONFIG_SPI_SPIDEV=m
2662CONFIG_SPI_TLE62X0=m
2663
2664#
2665# PPS support
2666#
2667# CONFIG_PPS is not set
2668
2669#
2670# PPS generators support
2671#
2672CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
2673CONFIG_GPIOLIB=y
2674# CONFIG_GPIO_SYSFS is not set
2675CONFIG_GPIO_MAX730X=m
2676
2677#
2678# Memory mapped GPIO expanders:
2679#
2680CONFIG_GPIO_BASIC_MMIO=m
2681CONFIG_GPIO_IT8761E=m
2682CONFIG_GPIO_SCH=m
2683CONFIG_GPIO_VX855=m
2684
2685#
2686# I2C GPIO expanders:
2687#
2688CONFIG_GPIO_MAX7300=m
2689CONFIG_GPIO_MAX732X=m
2690CONFIG_GPIO_PCA953X=m
2691CONFIG_GPIO_PCF857X=m
2692CONFIG_GPIO_ADP5588=m
2693
2694#
2695# PCI GPIO expanders:
2696#
2697CONFIG_GPIO_CS5535=m
2698# CONFIG_GPIO_LANGWELL is not set
2699CONFIG_GPIO_PCH=m
2700CONFIG_GPIO_ML_IOH=m
2701CONFIG_GPIO_TIMBERDALE=y
2702CONFIG_GPIO_RDC321X=m
2703
2704#
2705# SPI GPIO expanders:
2706#
2707CONFIG_GPIO_MAX7301=m
2708CONFIG_GPIO_MCP23S08=m
2709# CONFIG_GPIO_MC33880 is not set
2710CONFIG_GPIO_74X164=m
2711
2712#
2713# AC97 GPIO expanders:
2714#
2715# CONFIG_GPIO_UCB1400 is not set
2716
2717#
2718# MODULbus GPIO expanders:
2719#
2720CONFIG_GPIO_JANZ_TTL=m
2721CONFIG_W1=m
2722CONFIG_W1_CON=y
2723
2724#
2725# 1-wire Bus Masters
2726#
2727CONFIG_W1_MASTER_MATROX=m
2728CONFIG_W1_MASTER_DS2490=m
2729CONFIG_W1_MASTER_DS2482=m
2730CONFIG_W1_MASTER_GPIO=m
2731
2732#
2733# 1-wire Slaves
2734#
2735CONFIG_W1_SLAVE_THERM=m
2736CONFIG_W1_SLAVE_SMEM=m
2737CONFIG_W1_SLAVE_DS2423=m
2738CONFIG_W1_SLAVE_DS2431=m
2739CONFIG_W1_SLAVE_DS2433=m
2740# CONFIG_W1_SLAVE_DS2433_CRC is not set
2741CONFIG_W1_SLAVE_DS2760=m
2742CONFIG_W1_SLAVE_BQ27000=m
2743CONFIG_POWER_SUPPLY=y
2744# CONFIG_POWER_SUPPLY_DEBUG is not set
2745CONFIG_PDA_POWER=m
2746CONFIG_TEST_POWER=m
2747CONFIG_BATTERY_DS2760=m
2748CONFIG_BATTERY_DS2782=m
2749CONFIG_BATTERY_BQ20Z75=m
2750CONFIG_BATTERY_BQ27x00=m
2751CONFIG_BATTERY_MAX17040=m
2752CONFIG_BATTERY_MAX17042=m
2753CONFIG_CHARGER_PCF50633=m
2754CONFIG_CHARGER_ISP1704=m
2755CONFIG_CHARGER_GPIO=m
2756CONFIG_HWMON=m
2757CONFIG_HWMON_VID=m
2758# CONFIG_HWMON_DEBUG_CHIP is not set
2759
2760#
2761# Native drivers
2762#
2763CONFIG_SENSORS_ABITUGURU=m
2764CONFIG_SENSORS_ABITUGURU3=m
2765CONFIG_SENSORS_AD7414=m
2766CONFIG_SENSORS_AD7418=m
2767CONFIG_SENSORS_ADCXX=m
2768CONFIG_SENSORS_ADM1021=m
2769CONFIG_SENSORS_ADM1025=m
2770CONFIG_SENSORS_ADM1026=m
2771CONFIG_SENSORS_ADM1029=m
2772CONFIG_SENSORS_ADM1031=m
2773CONFIG_SENSORS_ADM9240=m
2774CONFIG_SENSORS_ADT7411=m
2775CONFIG_SENSORS_ADT7462=m
2776CONFIG_SENSORS_ADT7470=m
2777CONFIG_SENSORS_ADT7475=m
2778CONFIG_SENSORS_ASC7621=m
2779CONFIG_SENSORS_K8TEMP=m
2780CONFIG_SENSORS_K10TEMP=m
2781CONFIG_SENSORS_ASB100=m
2782CONFIG_SENSORS_ATXP1=m
2783CONFIG_SENSORS_DS620=m
2784CONFIG_SENSORS_DS1621=m
2785CONFIG_SENSORS_I5K_AMB=m
2786CONFIG_SENSORS_F71805F=m
2787CONFIG_SENSORS_F71882FG=m
2788CONFIG_SENSORS_F75375S=m
2789CONFIG_SENSORS_FSCHMD=m
2790CONFIG_SENSORS_G760A=m
2791CONFIG_SENSORS_GL518SM=m
2792CONFIG_SENSORS_GL520SM=m
2793CONFIG_SENSORS_GPIO_FAN=m
2794CONFIG_SENSORS_CORETEMP=m
2795CONFIG_SENSORS_PKGTEMP=m
2796CONFIG_SENSORS_IBMAEM=m
2797CONFIG_SENSORS_IBMPEX=m
2798CONFIG_SENSORS_IT87=m
2799CONFIG_SENSORS_JC42=m
2800CONFIG_SENSORS_LM63=m
2801CONFIG_SENSORS_LM70=m
2802CONFIG_SENSORS_LM73=m
2803CONFIG_SENSORS_LM75=m
2804CONFIG_SENSORS_LM77=m
2805CONFIG_SENSORS_LM78=m
2806CONFIG_SENSORS_LM80=m
2807CONFIG_SENSORS_LM83=m
2808CONFIG_SENSORS_LM85=m
2809CONFIG_SENSORS_LM87=m
2810CONFIG_SENSORS_LM90=m
2811CONFIG_SENSORS_LM92=m
2812CONFIG_SENSORS_LM93=m
2813CONFIG_SENSORS_LTC4215=m
2814CONFIG_SENSORS_LTC4245=m
2815CONFIG_SENSORS_LTC4261=m
2816CONFIG_SENSORS_LM95241=m
2817CONFIG_SENSORS_MAX1111=m
2818CONFIG_SENSORS_MAX1619=m
2819CONFIG_SENSORS_MAX6650=m
2820CONFIG_SENSORS_PC87360=m
2821CONFIG_SENSORS_PC87427=m
2822CONFIG_SENSORS_PCF8591=m
2823CONFIG_SENSORS_SHT15=m
2824CONFIG_SENSORS_SHT21=m
2825CONFIG_SENSORS_SIS5595=m
2826CONFIG_SENSORS_SMM665=m
2827CONFIG_SENSORS_DME1737=m
2828CONFIG_SENSORS_EMC1403=m
2829CONFIG_SENSORS_EMC2103=m
2830CONFIG_SENSORS_SMSC47M1=m
2831CONFIG_SENSORS_SMSC47M192=m
2832CONFIG_SENSORS_SMSC47B397=m
2833CONFIG_SENSORS_ADS7828=m
2834CONFIG_SENSORS_ADS7871=m
2835CONFIG_SENSORS_AMC6821=m
2836CONFIG_SENSORS_THMC50=m
2837CONFIG_SENSORS_TMP102=m
2838CONFIG_SENSORS_TMP401=m
2839CONFIG_SENSORS_TMP421=m
2840CONFIG_SENSORS_VIA_CPUTEMP=m
2841CONFIG_SENSORS_VIA686A=m
2842CONFIG_SENSORS_VT1211=m
2843CONFIG_SENSORS_VT8231=m
2844CONFIG_SENSORS_W83781D=m
2845CONFIG_SENSORS_W83791D=m
2846CONFIG_SENSORS_W83792D=m
2847CONFIG_SENSORS_W83793=m
2848CONFIG_SENSORS_W83795=m
2849CONFIG_SENSORS_W83795_FANCTRL=y
2850CONFIG_SENSORS_W83L785TS=m
2851CONFIG_SENSORS_W83L786NG=m
2852CONFIG_SENSORS_W83627HF=m
2853CONFIG_SENSORS_W83627EHF=m
2854CONFIG_SENSORS_LIS3_I2C=m
2855CONFIG_SENSORS_APPLESMC=m
2856# CONFIG_SENSORS_MC13783_ADC is not set
2857
2858#
2859# ACPI drivers
2860#
2861CONFIG_SENSORS_ATK0110=m
2862CONFIG_SENSORS_LIS3LV02D=m
2863CONFIG_THERMAL=y
2864CONFIG_WATCHDOG=y
2865# CONFIG_WATCHDOG_NOWAYOUT is not set
2866
2867#
2868# Watchdog Device Drivers
2869#
2870CONFIG_SOFT_WATCHDOG=m
2871CONFIG_ACQUIRE_WDT=m
2872CONFIG_ADVANTECH_WDT=m
2873CONFIG_ALIM1535_WDT=m
2874CONFIG_ALIM7101_WDT=m
2875CONFIG_F71808E_WDT=m
2876CONFIG_SP5100_TCO=m
2877CONFIG_GEODE_WDT=m
2878CONFIG_SC520_WDT=m
2879# CONFIG_SBC_FITPC2_WATCHDOG is not set
2880CONFIG_EUROTECH_WDT=m
2881CONFIG_IB700_WDT=m
2882CONFIG_IBMASR=m
2883CONFIG_WAFER_WDT=m
2884CONFIG_I6300ESB_WDT=m
2885CONFIG_ITCO_WDT=m
2886CONFIG_ITCO_VENDOR_SUPPORT=y
2887CONFIG_IT8712F_WDT=m
2888CONFIG_IT87_WDT=m
2889# CONFIG_HP_WATCHDOG is not set
2890CONFIG_SC1200_WDT=m
2891# CONFIG_SCx200_WDT is not set
2892CONFIG_PC87413_WDT=m
2893CONFIG_NV_TCO=m
2894CONFIG_60XX_WDT=m
2895CONFIG_SBC8360_WDT=m
2896# CONFIG_SBC7240_WDT is not set
2897CONFIG_CPU5_WDT=m
2898CONFIG_SMSC_SCH311X_WDT=m
2899CONFIG_SMSC37B787_WDT=m
2900CONFIG_W83627HF_WDT=m
2901CONFIG_W83697HF_WDT=m
2902CONFIG_W83697UG_WDT=m
2903CONFIG_W83877F_WDT=m
2904CONFIG_W83977F_WDT=m
2905CONFIG_MACHZ_WDT=m
2906CONFIG_SBC_EPX_C3_WATCHDOG=m
2907
2908#
2909# PCI-based Watchdog Cards
2910#
2911CONFIG_PCIPCWATCHDOG=m
2912CONFIG_WDTPCI=m
2913
2914#
2915# USB-based Watchdog Cards
2916#
2917CONFIG_USBPCWATCHDOG=m
2918CONFIG_SSB_POSSIBLE=y
2919
2920#
2921# Sonics Silicon Backplane
2922#
2923CONFIG_SSB=m
2924CONFIG_SSB_SPROM=y
2925CONFIG_SSB_BLOCKIO=y
2926CONFIG_SSB_PCIHOST_POSSIBLE=y
2927CONFIG_SSB_PCIHOST=y
2928CONFIG_SSB_B43_PCI_BRIDGE=y
2929CONFIG_SSB_PCMCIAHOST_POSSIBLE=y
2930CONFIG_SSB_PCMCIAHOST=y
2931CONFIG_SSB_SDIOHOST_POSSIBLE=y
2932CONFIG_SSB_SDIOHOST=y
2933# CONFIG_SSB_SILENT is not set
2934# CONFIG_SSB_DEBUG is not set
2935CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
2936CONFIG_SSB_DRIVER_PCICORE=y
2937CONFIG_MFD_SUPPORT=y
2938CONFIG_MFD_CORE=m
2939CONFIG_MFD_SM501=m
2940# CONFIG_MFD_SM501_GPIO is not set
2941CONFIG_HTC_PASIC3=m
2942CONFIG_UCB1400_CORE=m
2943CONFIG_TPS65010=m
2944CONFIG_TPS6507X=m
2945# CONFIG_MFD_TMIO is not set
2946CONFIG_MFD_WM8400=m
2947# CONFIG_MFD_WM831X_SPI is not set
2948CONFIG_MFD_PCF50633=m
2949CONFIG_MFD_MC13783=m
2950CONFIG_MFD_MC13XXX=m
2951CONFIG_PCF50633_ADC=m
2952CONFIG_PCF50633_GPIO=m
2953CONFIG_ABX500_CORE=y
2954# CONFIG_EZX_PCAP is not set
2955# CONFIG_AB8500_CORE is not set
2956CONFIG_MFD_CS5535=m
2957CONFIG_MFD_TIMBERDALE=m
2958CONFIG_LPC_SCH=m
2959CONFIG_MFD_RDC321X=m
2960CONFIG_MFD_JANZ_CMODIO=m
2961CONFIG_MFD_VX855=m
2962CONFIG_MFD_WL1273_CORE=m
2963CONFIG_REGULATOR=y
2964# CONFIG_REGULATOR_DEBUG is not set
2965# CONFIG_REGULATOR_DUMMY is not set
2966# CONFIG_REGULATOR_FIXED_VOLTAGE is not set
2967CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
2968CONFIG_REGULATOR_USERSPACE_CONSUMER=m
2969CONFIG_REGULATOR_BQ24022=m
2970CONFIG_REGULATOR_MAX1586=m
2971CONFIG_REGULATOR_MAX8649=m
2972CONFIG_REGULATOR_MAX8660=m
2973CONFIG_REGULATOR_MAX8952=m
2974CONFIG_REGULATOR_WM8400=m
2975CONFIG_REGULATOR_PCF50633=m
2976CONFIG_REGULATOR_LP3971=m
2977CONFIG_REGULATOR_LP3972=m
2978CONFIG_REGULATOR_MC13XXX_CORE=m
2979CONFIG_REGULATOR_MC13783=m
2980CONFIG_REGULATOR_MC13892=m
2981# CONFIG_REGULATOR_TPS65023 is not set
2982# CONFIG_REGULATOR_TPS6507X is not set
2983CONFIG_REGULATOR_ISL6271A=m
2984# CONFIG_REGULATOR_AD5398 is not set
2985CONFIG_REGULATOR_TPS6524X=m
2986CONFIG_MEDIA_SUPPORT=m
2987
2988#
2989# Multimedia core support
2990#
2991CONFIG_VIDEO_DEV=m
2992CONFIG_VIDEO_V4L2_COMMON=m
2993CONFIG_DVB_CORE=m
2994CONFIG_VIDEO_MEDIA=m
2995
2996#
2997# Multimedia drivers
2998#
2999CONFIG_VIDEO_SAA7146=m
3000CONFIG_VIDEO_SAA7146_VV=m
3001CONFIG_RC_CORE=m
3002CONFIG_LIRC=m
3003CONFIG_RC_MAP=m
3004CONFIG_IR_NEC_DECODER=m
3005CONFIG_IR_RC5_DECODER=m
3006CONFIG_IR_RC6_DECODER=m
3007CONFIG_IR_JVC_DECODER=m
3008CONFIG_IR_SONY_DECODER=m
3009CONFIG_IR_RC5_SZ_DECODER=m
3010CONFIG_IR_LIRC_CODEC=m
3011# CONFIG_IR_ENE is not set
3012CONFIG_IR_IMON=m
3013# CONFIG_IR_MCEUSB is not set
3014# CONFIG_IR_NUVOTON is not set
3015# CONFIG_IR_STREAMZAP is not set
3016CONFIG_IR_WINBOND_CIR=m
3017CONFIG_RC_LOOPBACK=m
3018# CONFIG_MEDIA_ATTACH is not set
3019CONFIG_MEDIA_TUNER=m
3020# CONFIG_MEDIA_TUNER_CUSTOMISE is not set
3021CONFIG_MEDIA_TUNER_SIMPLE=m
3022CONFIG_MEDIA_TUNER_TDA8290=m
3023CONFIG_MEDIA_TUNER_TDA827X=m
3024CONFIG_MEDIA_TUNER_TDA18271=m
3025CONFIG_MEDIA_TUNER_TDA9887=m
3026CONFIG_MEDIA_TUNER_TEA5761=m
3027CONFIG_MEDIA_TUNER_TEA5767=m
3028CONFIG_MEDIA_TUNER_MT20XX=m
3029CONFIG_MEDIA_TUNER_MT2060=m
3030CONFIG_MEDIA_TUNER_MT2266=m
3031CONFIG_MEDIA_TUNER_MT2131=m
3032CONFIG_MEDIA_TUNER_QT1010=m
3033CONFIG_MEDIA_TUNER_XC2028=m
3034CONFIG_MEDIA_TUNER_XC5000=m
3035CONFIG_MEDIA_TUNER_MXL5005S=m
3036CONFIG_MEDIA_TUNER_MXL5007T=m
3037CONFIG_MEDIA_TUNER_MC44S803=m
3038CONFIG_MEDIA_TUNER_MAX2165=m
3039CONFIG_MEDIA_TUNER_TDA18218=m
3040CONFIG_VIDEO_V4L2=m
3041CONFIG_VIDEOBUF_GEN=m
3042CONFIG_VIDEOBUF_DMA_SG=m
3043CONFIG_VIDEOBUF_VMALLOC=m
3044CONFIG_VIDEOBUF_DMA_CONTIG=m
3045CONFIG_VIDEOBUF_DVB=m
3046CONFIG_VIDEO_BTCX=m
3047CONFIG_VIDEO_TVEEPROM=m
3048CONFIG_VIDEO_TUNER=m
3049CONFIG_V4L2_MEM2MEM_DEV=m
3050CONFIG_VIDEO_CAPTURE_DRIVERS=y
3051# CONFIG_VIDEO_ADV_DEBUG is not set
3052# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set
3053# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set
3054CONFIG_VIDEO_IR_I2C=m
3055
3056#
3057# Encoders/decoders and other helper chips
3058#
3059
3060#
3061# Audio decoders
3062#
3063CONFIG_VIDEO_TVAUDIO=m
3064CONFIG_VIDEO_TDA7432=m
3065CONFIG_VIDEO_TDA9840=m
3066CONFIG_VIDEO_TEA6415C=m
3067CONFIG_VIDEO_TEA6420=m
3068CONFIG_VIDEO_MSP3400=m
3069CONFIG_VIDEO_CS5345=m
3070CONFIG_VIDEO_CS53L32A=m
3071CONFIG_VIDEO_M52790=m
3072CONFIG_VIDEO_TLV320AIC23B=m
3073CONFIG_VIDEO_WM8775=m
3074CONFIG_VIDEO_WM8739=m
3075CONFIG_VIDEO_VP27SMPX=m
3076
3077#
3078# RDS decoders
3079#
3080CONFIG_VIDEO_SAA6588=m
3081
3082#
3083# Video decoders
3084#
3085CONFIG_VIDEO_ADV7180=m
3086CONFIG_VIDEO_BT819=m
3087CONFIG_VIDEO_BT856=m
3088CONFIG_VIDEO_BT866=m
3089CONFIG_VIDEO_KS0127=m
3090CONFIG_VIDEO_OV7670=m
3091CONFIG_VIDEO_MT9V011=m
3092CONFIG_VIDEO_TCM825X=m
3093CONFIG_VIDEO_SAA7110=m
3094CONFIG_VIDEO_SAA711X=m
3095CONFIG_VIDEO_SAA717X=m
3096CONFIG_VIDEO_SAA7191=m
3097CONFIG_VIDEO_TVP514X=m
3098CONFIG_VIDEO_TVP5150=m
3099CONFIG_VIDEO_TVP7002=m
3100CONFIG_VIDEO_VPX3220=m
3101
3102#
3103# Video and audio decoders
3104#
3105CONFIG_VIDEO_CX25840=m
3106
3107#
3108# MPEG video encoders
3109#
3110CONFIG_VIDEO_CX2341X=m
3111
3112#
3113# Video encoders
3114#
3115CONFIG_VIDEO_SAA7127=m
3116CONFIG_VIDEO_SAA7185=m
3117CONFIG_VIDEO_ADV7170=m
3118CONFIG_VIDEO_ADV7175=m
3119CONFIG_VIDEO_THS7303=m
3120CONFIG_VIDEO_ADV7343=m
3121CONFIG_VIDEO_AK881X=m
3122
3123#
3124# Video improvement chips
3125#
3126CONFIG_VIDEO_UPD64031A=m
3127CONFIG_VIDEO_UPD64083=m
3128# CONFIG_VIDEO_VIVI is not set
3129CONFIG_VIDEO_BT848=m
3130CONFIG_VIDEO_BT848_DVB=y
3131CONFIG_VIDEO_BWQCAM=m
3132CONFIG_VIDEO_CQCAM=m
3133# CONFIG_VIDEO_CPIA2 is not set
3134CONFIG_VIDEO_ZORAN=m
3135CONFIG_VIDEO_ZORAN_DC30=m
3136CONFIG_VIDEO_ZORAN_ZR36060=m
3137CONFIG_VIDEO_ZORAN_BUZ=m
3138CONFIG_VIDEO_ZORAN_DC10=m
3139CONFIG_VIDEO_ZORAN_LML33=m
3140CONFIG_VIDEO_ZORAN_LML33R10=m
3141CONFIG_VIDEO_ZORAN_AVS6EYES=m
3142CONFIG_VIDEO_MEYE=m
3143CONFIG_VIDEO_SAA7134=m
3144CONFIG_VIDEO_SAA7134_ALSA=m
3145CONFIG_VIDEO_SAA7134_RC=y
3146CONFIG_VIDEO_SAA7134_DVB=m
3147CONFIG_VIDEO_MXB=m
3148CONFIG_VIDEO_HEXIUM_ORION=m
3149CONFIG_VIDEO_HEXIUM_GEMINI=m
3150CONFIG_VIDEO_TIMBERDALE=m
3151CONFIG_VIDEO_CX88=m
3152CONFIG_VIDEO_CX88_ALSA=m
3153CONFIG_VIDEO_CX88_BLACKBIRD=m
3154CONFIG_VIDEO_CX88_DVB=m
3155CONFIG_VIDEO_CX88_MPEG=m
3156CONFIG_VIDEO_CX88_VP3054=m
3157CONFIG_VIDEO_CX23885=m
3158CONFIG_VIDEO_AU0828=m
3159CONFIG_VIDEO_IVTV=m
3160CONFIG_VIDEO_FB_IVTV=m
3161CONFIG_VIDEO_CX18=m
3162CONFIG_VIDEO_CX18_ALSA=m
3163CONFIG_VIDEO_SAA7164=m
3164CONFIG_VIDEO_CAFE_CCIC=m
3165# CONFIG_VIDEO_SR030PC30 is not set
3166# CONFIG_VIDEO_VIA_CAMERA is not set
3167CONFIG_SOC_CAMERA=m
3168# CONFIG_SOC_CAMERA_IMX074 is not set
3169CONFIG_SOC_CAMERA_MT9M001=m
3170CONFIG_SOC_CAMERA_MT9M111=m
3171CONFIG_SOC_CAMERA_MT9T031=m
3172CONFIG_SOC_CAMERA_MT9T112=m
3173CONFIG_SOC_CAMERA_MT9V022=m
3174CONFIG_SOC_CAMERA_RJ54N1=m
3175CONFIG_SOC_CAMERA_TW9910=m
3176CONFIG_SOC_CAMERA_PLATFORM=m
3177CONFIG_SOC_CAMERA_OV2640=m
3178# CONFIG_SOC_CAMERA_OV6650 is not set
3179CONFIG_SOC_CAMERA_OV772X=m
3180CONFIG_SOC_CAMERA_OV9640=m
3181CONFIG_V4L_USB_DRIVERS=y
3182CONFIG_USB_VIDEO_CLASS=m
3183CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
3184CONFIG_USB_GSPCA=m
3185CONFIG_USB_M5602=m
3186CONFIG_USB_STV06XX=m
3187CONFIG_USB_GL860=m
3188CONFIG_USB_GSPCA_BENQ=m
3189CONFIG_USB_GSPCA_CONEX=m
3190CONFIG_USB_GSPCA_CPIA1=m
3191CONFIG_USB_GSPCA_ETOMS=m
3192CONFIG_USB_GSPCA_FINEPIX=m
3193CONFIG_USB_GSPCA_JEILINJ=m
3194# CONFIG_USB_GSPCA_KONICA is not set
3195CONFIG_USB_GSPCA_MARS=m
3196CONFIG_USB_GSPCA_MR97310A=m
3197CONFIG_USB_GSPCA_OV519=m
3198CONFIG_USB_GSPCA_OV534=m
3199CONFIG_USB_GSPCA_OV534_9=m
3200CONFIG_USB_GSPCA_PAC207=m
3201CONFIG_USB_GSPCA_PAC7302=m
3202CONFIG_USB_GSPCA_PAC7311=m
3203CONFIG_USB_GSPCA_SN9C2028=m
3204CONFIG_USB_GSPCA_SN9C20X=m
3205CONFIG_USB_GSPCA_SONIXB=m
3206CONFIG_USB_GSPCA_SONIXJ=m
3207CONFIG_USB_GSPCA_SPCA500=m
3208CONFIG_USB_GSPCA_SPCA501=m
3209CONFIG_USB_GSPCA_SPCA505=m
3210CONFIG_USB_GSPCA_SPCA506=m
3211CONFIG_USB_GSPCA_SPCA508=m
3212CONFIG_USB_GSPCA_SPCA561=m
3213# CONFIG_USB_GSPCA_SPCA1528 is not set
3214CONFIG_USB_GSPCA_SQ905=m
3215CONFIG_USB_GSPCA_SQ905C=m
3216# CONFIG_USB_GSPCA_SQ930X is not set
3217CONFIG_USB_GSPCA_STK014=m
3218CONFIG_USB_GSPCA_STV0680=m
3219CONFIG_USB_GSPCA_SUNPLUS=m
3220CONFIG_USB_GSPCA_T613=m
3221CONFIG_USB_GSPCA_TV8532=m
3222CONFIG_USB_GSPCA_VC032X=m
3223# CONFIG_USB_GSPCA_XIRLINK_CIT is not set
3224CONFIG_USB_GSPCA_ZC3XX=m
3225CONFIG_VIDEO_PVRUSB2=m
3226CONFIG_VIDEO_PVRUSB2_SYSFS=y
3227CONFIG_VIDEO_PVRUSB2_DVB=y
3228# CONFIG_VIDEO_PVRUSB2_DEBUGIFC is not set
3229CONFIG_VIDEO_HDPVR=m
3230CONFIG_VIDEO_EM28XX=m
3231CONFIG_VIDEO_EM28XX_ALSA=m
3232CONFIG_VIDEO_EM28XX_DVB=m
3233CONFIG_VIDEO_TLG2300=m
3234CONFIG_VIDEO_CX231XX=m
3235CONFIG_VIDEO_CX231XX_RC=y
3236CONFIG_VIDEO_CX231XX_ALSA=m
3237CONFIG_VIDEO_CX231XX_DVB=m
3238CONFIG_VIDEO_USBVISION=m
3239CONFIG_USB_ET61X251=m
3240CONFIG_USB_SN9C102=m
3241# CONFIG_USB_PWC is not set
3242CONFIG_USB_ZR364XX=m
3243CONFIG_USB_STKWEBCAM=m
3244CONFIG_USB_S2255=m
3245CONFIG_V4L_MEM2MEM_DRIVERS=y
3246CONFIG_VIDEO_MEM2MEM_TESTDEV=m
3247CONFIG_RADIO_ADAPTERS=y
3248CONFIG_RADIO_MAXIRADIO=m
3249CONFIG_RADIO_MAESTRO=m
3250# CONFIG_I2C_SI4713 is not set
3251# CONFIG_RADIO_SI4713 is not set
3252CONFIG_USB_DSBR=m
3253# CONFIG_RADIO_SI470X is not set
3254CONFIG_USB_MR800=m
3255CONFIG_RADIO_TEA5764=m
3256CONFIG_RADIO_SAA7706H=m
3257CONFIG_RADIO_TEF6862=m
3258CONFIG_RADIO_TIMBERDALE=m
3259CONFIG_RADIO_WL1273=m
3260CONFIG_DVB_MAX_ADAPTERS=8
3261# CONFIG_DVB_DYNAMIC_MINORS is not set
3262CONFIG_DVB_CAPTURE_DRIVERS=y
3263
3264#
3265# Supported SAA7146 based PCI Adapters
3266#
3267CONFIG_TTPCI_EEPROM=m
3268CONFIG_DVB_AV7110=m
3269CONFIG_DVB_AV7110_OSD=y
3270CONFIG_DVB_BUDGET_CORE=m
3271CONFIG_DVB_BUDGET=m
3272CONFIG_DVB_BUDGET_CI=m
3273CONFIG_DVB_BUDGET_AV=m
3274CONFIG_DVB_BUDGET_PATCH=m
3275
3276#
3277# Supported USB Adapters
3278#
3279CONFIG_DVB_USB=m
3280# CONFIG_DVB_USB_DEBUG is not set
3281CONFIG_DVB_USB_A800=m
3282CONFIG_DVB_USB_DIBUSB_MB=m
3283# CONFIG_DVB_USB_DIBUSB_MB_FAULTY is not set
3284CONFIG_DVB_USB_DIBUSB_MC=m
3285CONFIG_DVB_USB_DIB0700=m
3286CONFIG_DVB_USB_UMT_010=m
3287CONFIG_DVB_USB_CXUSB=m
3288CONFIG_DVB_USB_M920X=m
3289CONFIG_DVB_USB_GL861=m
3290CONFIG_DVB_USB_AU6610=m
3291CONFIG_DVB_USB_DIGITV=m
3292CONFIG_DVB_USB_VP7045=m
3293CONFIG_DVB_USB_VP702X=m
3294CONFIG_DVB_USB_GP8PSK=m
3295CONFIG_DVB_USB_NOVA_T_USB2=m
3296CONFIG_DVB_USB_TTUSB2=m
3297CONFIG_DVB_USB_DTT200U=m
3298CONFIG_DVB_USB_OPERA1=m
3299CONFIG_DVB_USB_AF9005=m
3300CONFIG_DVB_USB_AF9005_REMOTE=m
3301CONFIG_DVB_USB_DW2102=m
3302CONFIG_DVB_USB_CINERGY_T2=m
3303CONFIG_DVB_USB_ANYSEE=m
3304CONFIG_DVB_USB_DTV5100=m
3305CONFIG_DVB_USB_AF9015=m
3306CONFIG_DVB_USB_CE6230=m
3307# CONFIG_DVB_USB_FRIIO is not set
3308CONFIG_DVB_USB_EC168=m
3309CONFIG_DVB_USB_AZ6027=m
3310# CONFIG_DVB_USB_LME2510 is not set
3311CONFIG_DVB_TTUSB_BUDGET=m
3312CONFIG_DVB_TTUSB_DEC=m
3313CONFIG_SMS_SIANO_MDTV=m
3314
3315#
3316# Siano module components
3317#
3318CONFIG_SMS_USB_DRV=m
3319CONFIG_SMS_SDIO_DRV=m
3320
3321#
3322# Supported FlexCopII (B2C2) Adapters
3323#
3324CONFIG_DVB_B2C2_FLEXCOP=m
3325CONFIG_DVB_B2C2_FLEXCOP_PCI=m
3326CONFIG_DVB_B2C2_FLEXCOP_USB=m
3327# CONFIG_DVB_B2C2_FLEXCOP_DEBUG is not set
3328
3329#
3330# Supported BT878 Adapters
3331#
3332CONFIG_DVB_BT8XX=m
3333
3334#
3335# Supported Pluto2 Adapters
3336#
3337CONFIG_DVB_PLUTO2=m
3338
3339#
3340# Supported SDMC DM1105 Adapters
3341#
3342CONFIG_DVB_DM1105=m
3343CONFIG_DVB_FIREDTV=m
3344CONFIG_DVB_FIREDTV_FIREWIRE=y
3345# CONFIG_DVB_FIREDTV_IEEE1394 is not set
3346CONFIG_DVB_FIREDTV_INPUT=y
3347
3348#
3349# Supported Earthsoft PT1 Adapters
3350#
3351# CONFIG_DVB_PT1 is not set
3352
3353#
3354# Supported Mantis Adapters
3355#
3356CONFIG_MANTIS_CORE=m
3357CONFIG_DVB_MANTIS=m
3358CONFIG_DVB_HOPPER=m
3359
3360#
3361# Supported nGene Adapters
3362#
3363CONFIG_DVB_NGENE=m
3364
3365#
3366# Supported DVB Frontends
3367#
3368# CONFIG_DVB_FE_CUSTOMISE is not set
3369
3370#
3371# Multistandard (satellite) frontends
3372#
3373CONFIG_DVB_STB0899=m
3374CONFIG_DVB_STB6100=m
3375CONFIG_DVB_STV090x=m
3376CONFIG_DVB_STV6110x=m
3377
3378#
3379# DVB-S (satellite) frontends
3380#
3381CONFIG_DVB_CX24110=m
3382CONFIG_DVB_CX24123=m
3383CONFIG_DVB_MT312=m
3384CONFIG_DVB_ZL10036=m
3385CONFIG_DVB_ZL10039=m
3386CONFIG_DVB_S5H1420=m
3387CONFIG_DVB_STV0288=m
3388CONFIG_DVB_STB6000=m
3389CONFIG_DVB_STV0299=m
3390CONFIG_DVB_STV6110=m
3391CONFIG_DVB_STV0900=m
3392CONFIG_DVB_TDA8083=m
3393CONFIG_DVB_TDA10086=m
3394CONFIG_DVB_TDA8261=m
3395CONFIG_DVB_VES1X93=m
3396CONFIG_DVB_TUNER_ITD1000=m
3397CONFIG_DVB_TUNER_CX24113=m
3398CONFIG_DVB_TDA826X=m
3399CONFIG_DVB_TUA6100=m
3400CONFIG_DVB_CX24116=m
3401CONFIG_DVB_SI21XX=m
3402CONFIG_DVB_DS3000=m
3403CONFIG_DVB_MB86A16=m
3404
3405#
3406# DVB-T (terrestrial) frontends
3407#
3408CONFIG_DVB_SP8870=m
3409CONFIG_DVB_SP887X=m
3410CONFIG_DVB_CX22700=m
3411CONFIG_DVB_CX22702=m
3412CONFIG_DVB_L64781=m
3413CONFIG_DVB_TDA1004X=m
3414CONFIG_DVB_NXT6000=m
3415CONFIG_DVB_MT352=m
3416CONFIG_DVB_ZL10353=m
3417CONFIG_DVB_DIB3000MB=m
3418CONFIG_DVB_DIB3000MC=m
3419CONFIG_DVB_DIB7000M=m
3420CONFIG_DVB_DIB7000P=m
3421CONFIG_DVB_TDA10048=m
3422CONFIG_DVB_AF9013=m
3423CONFIG_DVB_EC100=m
3424
3425#
3426# DVB-C (cable) frontends
3427#
3428CONFIG_DVB_VES1820=m
3429CONFIG_DVB_TDA10021=m
3430CONFIG_DVB_TDA10023=m
3431CONFIG_DVB_STV0297=m
3432
3433#
3434# ATSC (North American/Korean Terrestrial/Cable DTV) frontends
3435#
3436CONFIG_DVB_NXT200X=m
3437CONFIG_DVB_OR51211=m
3438CONFIG_DVB_OR51132=m
3439CONFIG_DVB_BCM3510=m
3440CONFIG_DVB_LGDT330X=m
3441CONFIG_DVB_LGDT3305=m
3442CONFIG_DVB_S5H1409=m
3443CONFIG_DVB_AU8522=m
3444CONFIG_DVB_S5H1411=m
3445
3446#
3447# ISDB-T (terrestrial) frontends
3448#
3449CONFIG_DVB_S921=m
3450CONFIG_DVB_DIB8000=m
3451CONFIG_DVB_MB86A20S=m
3452
3453#
3454# Digital terrestrial only tuners/PLL
3455#
3456CONFIG_DVB_PLL=m
3457CONFIG_DVB_TUNER_DIB0070=m
3458CONFIG_DVB_TUNER_DIB0090=m
3459
3460#
3461# SEC control devices for DVB-S
3462#
3463CONFIG_DVB_LNBP21=m
3464CONFIG_DVB_ISL6405=m
3465CONFIG_DVB_ISL6421=m
3466CONFIG_DVB_ISL6423=m
3467CONFIG_DVB_LGS8GXX=m
3468CONFIG_DVB_ATBM8830=m
3469CONFIG_DVB_TDA665x=m
3470
3471#
3472# Tools to develop new frontends
3473#
3474# CONFIG_DVB_DUMMY_FE is not set
3475
3476#
3477# Graphics support
3478#
3479CONFIG_AGP=m
3480# CONFIG_AGP_ALI is not set
3481# CONFIG_AGP_ATI is not set
3482# CONFIG_AGP_AMD is not set
3483CONFIG_AGP_AMD64=m
3484CONFIG_AGP_INTEL=m
3485# CONFIG_AGP_NVIDIA is not set
3486CONFIG_AGP_SIS=m
3487# CONFIG_AGP_SWORKS is not set
3488CONFIG_AGP_VIA=m
3489# CONFIG_AGP_EFFICEON is not set
3490# CONFIG_VGA_ARB is not set
3491CONFIG_VGA_SWITCHEROO=y
3492CONFIG_DRM=m
3493CONFIG_DRM_KMS_HELPER=m
3494CONFIG_DRM_TTM=m
3495CONFIG_DRM_TDFX=m
3496CONFIG_DRM_R128=m
3497CONFIG_DRM_RADEON=m
3498# CONFIG_DRM_RADEON_KMS is not set
3499CONFIG_DRM_I810=m
3500CONFIG_DRM_I830=m
3501CONFIG_DRM_I915=m
3502# CONFIG_DRM_I915_KMS is not set
3503CONFIG_DRM_MGA=m
3504CONFIG_DRM_SIS=m
3505CONFIG_DRM_VIA=m
3506CONFIG_DRM_SAVAGE=m
3507# CONFIG_STUB_POULSBO is not set
3508CONFIG_VGASTATE=m
3509CONFIG_VIDEO_OUTPUT_CONTROL=m
3510CONFIG_FB=m
3511# CONFIG_FIRMWARE_EDID is not set
3512CONFIG_FB_DDC=m
3513# CONFIG_FB_BOOT_VESA_SUPPORT is not set
3514CONFIG_FB_CFB_FILLRECT=m
3515CONFIG_FB_CFB_COPYAREA=m
3516CONFIG_FB_CFB_IMAGEBLIT=m
3517# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
3518CONFIG_FB_SYS_FILLRECT=m
3519CONFIG_FB_SYS_COPYAREA=m
3520CONFIG_FB_SYS_IMAGEBLIT=m
3521# CONFIG_FB_FOREIGN_ENDIAN is not set
3522CONFIG_FB_SYS_FOPS=m
3523# CONFIG_FB_WMT_GE_ROPS is not set
3524CONFIG_FB_DEFERRED_IO=y
3525CONFIG_FB_HECUBA=m
3526CONFIG_FB_SVGALIB=m
3527# CONFIG_FB_MACMODES is not set
3528CONFIG_FB_BACKLIGHT=y
3529CONFIG_FB_MODE_HELPERS=y
3530CONFIG_FB_TILEBLITTING=y
3531
3532#
3533# Frame buffer hardware drivers
3534#
3535CONFIG_FB_CIRRUS=m
3536CONFIG_FB_PM2=m
3537CONFIG_FB_PM2_FIFO_DISCONNECT=y
3538CONFIG_FB_CYBER2000=m
3539CONFIG_FB_ARC=m
3540CONFIG_FB_VGA16=m
3541CONFIG_FB_UVESA=m
3542CONFIG_FB_N411=m
3543CONFIG_FB_HGA=m
3544CONFIG_FB_S1D13XXX=m
3545CONFIG_FB_NVIDIA=m
3546CONFIG_FB_NVIDIA_I2C=y
3547# CONFIG_FB_NVIDIA_DEBUG is not set
3548CONFIG_FB_NVIDIA_BACKLIGHT=y
3549CONFIG_FB_RIVA=m
3550CONFIG_FB_RIVA_I2C=y
3551# CONFIG_FB_RIVA_DEBUG is not set
3552CONFIG_FB_RIVA_BACKLIGHT=y
3553# CONFIG_FB_I810 is not set
3554CONFIG_FB_LE80578=m
3555CONFIG_FB_CARILLO_RANCH=m
3556CONFIG_FB_INTEL=m
3557# CONFIG_FB_INTEL_DEBUG is not set
3558CONFIG_FB_INTEL_I2C=y
3559CONFIG_FB_MATROX=m
3560CONFIG_FB_MATROX_MILLENIUM=y
3561CONFIG_FB_MATROX_MYSTIQUE=y
3562CONFIG_FB_MATROX_G=y
3563CONFIG_FB_MATROX_I2C=m
3564CONFIG_FB_MATROX_MAVEN=m
3565CONFIG_FB_RADEON=m
3566CONFIG_FB_RADEON_I2C=y
3567CONFIG_FB_RADEON_BACKLIGHT=y
3568# CONFIG_FB_RADEON_DEBUG is not set
3569CONFIG_FB_ATY128=m
3570CONFIG_FB_ATY128_BACKLIGHT=y
3571CONFIG_FB_ATY=m
3572CONFIG_FB_ATY_CT=y
3573CONFIG_FB_ATY_GENERIC_LCD=y
3574CONFIG_FB_ATY_GX=y
3575CONFIG_FB_ATY_BACKLIGHT=y
3576CONFIG_FB_S3=m
3577CONFIG_FB_SAVAGE=m
3578CONFIG_FB_SAVAGE_I2C=y
3579CONFIG_FB_SAVAGE_ACCEL=y
3580CONFIG_FB_SIS=m
3581CONFIG_FB_SIS_300=y
3582CONFIG_FB_SIS_315=y
3583CONFIG_FB_VIA=m
3584# CONFIG_FB_VIA_DIRECT_PROCFS is not set
3585CONFIG_FB_NEOMAGIC=m
3586CONFIG_FB_KYRO=m
3587CONFIG_FB_3DFX=m
3588CONFIG_FB_3DFX_ACCEL=y
3589CONFIG_FB_3DFX_I2C=y
3590CONFIG_FB_VOODOO1=m
3591CONFIG_FB_VT8623=m
3592CONFIG_FB_TRIDENT=m
3593CONFIG_FB_ARK=m
3594CONFIG_FB_PM3=m
3595CONFIG_FB_CARMINE=m
3596CONFIG_FB_CARMINE_DRAM_EVAL=y
3597# CONFIG_CARMINE_DRAM_CUSTOM is not set
3598CONFIG_FB_GEODE=y
3599CONFIG_FB_GEODE_LX=m
3600CONFIG_FB_GEODE_GX=m
3601CONFIG_FB_GEODE_GX1=m
3602CONFIG_FB_TMIO=m
3603CONFIG_FB_TMIO_ACCELL=y
3604CONFIG_FB_SM501=m
3605# CONFIG_FB_UDL is not set
3606# CONFIG_FB_VIRTUAL is not set
3607CONFIG_FB_METRONOME=m
3608CONFIG_FB_MB862XX=m
3609# CONFIG_FB_MB862XX_PCI_GDC is not set
3610CONFIG_FB_BROADSHEET=m
3611CONFIG_BACKLIGHT_LCD_SUPPORT=y
3612CONFIG_LCD_CLASS_DEVICE=m
3613CONFIG_LCD_L4F00242T03=m
3614CONFIG_LCD_LMS283GF05=m
3615CONFIG_LCD_LTV350QV=m
3616CONFIG_LCD_ILI9320=m
3617CONFIG_LCD_TDO24M=m
3618CONFIG_LCD_VGG2432A4=m
3619CONFIG_LCD_PLATFORM=m
3620CONFIG_LCD_S6E63M0=m
3621CONFIG_BACKLIGHT_CLASS_DEVICE=m
3622CONFIG_BACKLIGHT_GENERIC=m
3623CONFIG_BACKLIGHT_PROGEAR=m
3624CONFIG_BACKLIGHT_CARILLO_RANCH=m
3625CONFIG_BACKLIGHT_MBP_NVIDIA=m
3626CONFIG_BACKLIGHT_SAHARA=m
3627CONFIG_BACKLIGHT_ADP8860=m
3628CONFIG_BACKLIGHT_PCF50633=m
3629
3630#
3631# Display device support
3632#
3633CONFIG_DISPLAY_SUPPORT=m
3634
3635#
3636# Display hardware drivers
3637#
3638
3639#
3640# Console display driver support
3641#
3642CONFIG_VGA_CONSOLE=y
3643# CONFIG_VGACON_SOFT_SCROLLBACK is not set
3644CONFIG_DUMMY_CONSOLE=y
3645CONFIG_FRAMEBUFFER_CONSOLE=m
3646CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
3647CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
3648# CONFIG_FONTS is not set
3649CONFIG_FONT_8x8=y
3650CONFIG_FONT_8x16=y
3651# CONFIG_LOGO is not set
3652CONFIG_SOUND=m
3653CONFIG_SOUND_OSS_CORE=y
3654CONFIG_SOUND_OSS_CORE_PRECLAIM=y
3655CONFIG_SND=m
3656CONFIG_SND_TIMER=m
3657CONFIG_SND_PCM=m
3658CONFIG_SND_HWDEP=m
3659CONFIG_SND_RAWMIDI=m
3660CONFIG_SND_JACK=y
3661CONFIG_SND_SEQUENCER=m
3662CONFIG_SND_SEQ_DUMMY=m
3663CONFIG_SND_OSSEMUL=y
3664CONFIG_SND_MIXER_OSS=m
3665CONFIG_SND_PCM_OSS=m
3666CONFIG_SND_PCM_OSS_PLUGINS=y
3667CONFIG_SND_SEQUENCER_OSS=y
3668CONFIG_SND_HRTIMER=m
3669CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
3670CONFIG_SND_DYNAMIC_MINORS=y
3671# CONFIG_SND_SUPPORT_OLD_API is not set
3672# CONFIG_SND_VERBOSE_PROCFS is not set
3673# CONFIG_SND_VERBOSE_PRINTK is not set
3674# CONFIG_SND_DEBUG is not set
3675CONFIG_SND_VMASTER=y
3676CONFIG_SND_DMA_SGBUF=y
3677CONFIG_SND_RAWMIDI_SEQ=m
3678CONFIG_SND_OPL3_LIB_SEQ=m
3679# CONFIG_SND_OPL4_LIB_SEQ is not set
3680# CONFIG_SND_SBAWE_SEQ is not set
3681CONFIG_SND_EMU10K1_SEQ=m
3682CONFIG_SND_MPU401_UART=m
3683CONFIG_SND_OPL3_LIB=m
3684CONFIG_SND_VX_LIB=m
3685CONFIG_SND_AC97_CODEC=m
3686CONFIG_SND_DRIVERS=y
3687CONFIG_SND_PCSP=m
3688CONFIG_SND_DUMMY=m
3689# CONFIG_SND_ALOOP is not set
3690CONFIG_SND_VIRMIDI=m
3691CONFIG_SND_MTPAV=m
3692CONFIG_SND_MTS64=m
3693CONFIG_SND_SERIAL_U16550=m
3694CONFIG_SND_MPU401=m
3695CONFIG_SND_PORTMAN2X4=m
3696CONFIG_SND_AC97_POWER_SAVE=y
3697CONFIG_SND_AC97_POWER_SAVE_DEFAULT=0
3698CONFIG_SND_SB_COMMON=m
3699CONFIG_SND_SB16_DSP=m
3700CONFIG_SND_PCI=y
3701CONFIG_SND_AD1889=m
3702CONFIG_SND_ALS300=m
3703CONFIG_SND_ALS4000=m
3704CONFIG_SND_ALI5451=m
3705CONFIG_SND_ASIHPI=m
3706CONFIG_SND_ATIIXP=m
3707CONFIG_SND_ATIIXP_MODEM=m
3708CONFIG_SND_AU8810=m
3709CONFIG_SND_AU8820=m
3710CONFIG_SND_AU8830=m
3711CONFIG_SND_AW2=m
3712CONFIG_SND_AZT3328=m
3713CONFIG_SND_BT87X=m
3714# CONFIG_SND_BT87X_OVERCLOCK is not set
3715CONFIG_SND_CA0106=m
3716CONFIG_SND_CMIPCI=m
3717CONFIG_SND_OXYGEN_LIB=m
3718CONFIG_SND_OXYGEN=m
3719CONFIG_SND_CS4281=m
3720CONFIG_SND_CS46XX=m
3721CONFIG_SND_CS46XX_NEW_DSP=y
3722CONFIG_SND_CS5530=m
3723CONFIG_SND_CS5535AUDIO=m
3724CONFIG_SND_CTXFI=m
3725CONFIG_SND_DARLA20=m
3726CONFIG_SND_GINA20=m
3727CONFIG_SND_LAYLA20=m
3728CONFIG_SND_DARLA24=m
3729CONFIG_SND_GINA24=m
3730CONFIG_SND_LAYLA24=m
3731CONFIG_SND_MONA=m
3732CONFIG_SND_MIA=m
3733CONFIG_SND_ECHO3G=m
3734CONFIG_SND_INDIGO=m
3735CONFIG_SND_INDIGOIO=m
3736CONFIG_SND_INDIGODJ=m
3737CONFIG_SND_INDIGOIOX=m
3738CONFIG_SND_INDIGODJX=m
3739CONFIG_SND_EMU10K1=m
3740CONFIG_SND_EMU10K1X=m
3741CONFIG_SND_ENS1370=m
3742CONFIG_SND_ENS1371=m
3743CONFIG_SND_ES1938=m
3744CONFIG_SND_ES1968=m
3745CONFIG_SND_ES1968_INPUT=y
3746CONFIG_SND_FM801=m
3747# CONFIG_SND_FM801_TEA575X_BOOL is not set
3748CONFIG_SND_HDA_INTEL=m
3749CONFIG_SND_HDA_HWDEP=y
3750# CONFIG_SND_HDA_RECONFIG is not set
3751CONFIG_SND_HDA_INPUT_BEEP=y
3752CONFIG_SND_HDA_INPUT_BEEP_MODE=0
3753CONFIG_SND_HDA_INPUT_JACK=y
3754# CONFIG_SND_HDA_PATCH_LOADER is not set
3755CONFIG_SND_HDA_CODEC_REALTEK=y
3756CONFIG_SND_HDA_CODEC_ANALOG=y
3757CONFIG_SND_HDA_CODEC_SIGMATEL=y
3758CONFIG_SND_HDA_CODEC_VIA=y
3759CONFIG_SND_HDA_CODEC_HDMI=y
3760CONFIG_SND_HDA_CODEC_CIRRUS=y
3761CONFIG_SND_HDA_CODEC_CONEXANT=y
3762CONFIG_SND_HDA_CODEC_CA0110=y
3763CONFIG_SND_HDA_CODEC_CMEDIA=y
3764CONFIG_SND_HDA_CODEC_SI3054=y
3765CONFIG_SND_HDA_GENERIC=y
3766# CONFIG_SND_HDA_POWER_SAVE is not set
3767CONFIG_SND_HDSP=m
3768CONFIG_SND_HDSPM=m
3769CONFIG_SND_ICE1712=m
3770CONFIG_SND_ICE1724=m
3771CONFIG_SND_INTEL8X0=m
3772CONFIG_SND_INTEL8X0M=m
3773CONFIG_SND_KORG1212=m
3774CONFIG_SND_LX6464ES=m
3775CONFIG_SND_MAESTRO3=m
3776CONFIG_SND_MAESTRO3_INPUT=y
3777CONFIG_SND_MIXART=m
3778CONFIG_SND_NM256=m
3779CONFIG_SND_PCXHR=m
3780CONFIG_SND_RIPTIDE=m
3781CONFIG_SND_RME32=m
3782CONFIG_SND_RME96=m
3783CONFIG_SND_RME9652=m
3784# CONFIG_SND_SIS7019 is not set
3785CONFIG_SND_SONICVIBES=m
3786CONFIG_SND_TRIDENT=m
3787CONFIG_SND_VIA82XX=m
3788CONFIG_SND_VIA82XX_MODEM=m
3789CONFIG_SND_VIRTUOSO=m
3790CONFIG_SND_VX222=m
3791CONFIG_SND_YMFPCI=m
3792CONFIG_SND_SPI=y
3793CONFIG_SND_USB=y
3794CONFIG_SND_USB_AUDIO=m
3795CONFIG_SND_USB_UA101=m
3796CONFIG_SND_USB_USX2Y=m
3797CONFIG_SND_USB_CAIAQ=m
3798# CONFIG_SND_USB_CAIAQ_INPUT is not set
3799CONFIG_SND_USB_US122L=m
3800CONFIG_SND_PCMCIA=y
3801CONFIG_SND_VXPOCKET=m
3802CONFIG_SND_PDAUDIOCF=m
3803CONFIG_SND_SOC=m
3804# CONFIG_SND_SOC_CACHE_LZO is not set
3805CONFIG_SND_SOC_I2C_AND_SPI=m
3806CONFIG_SND_SOC_ALL_CODECS=m
3807CONFIG_SND_SOC_WM_HUBS=m
3808CONFIG_SND_SOC_AD1836=m
3809CONFIG_SND_SOC_AD193X=m
3810CONFIG_SND_SOC_AD73311=m
3811CONFIG_SND_SOC_ADS117X=m
3812CONFIG_SND_SOC_AK4104=m
3813CONFIG_SND_SOC_AK4535=m
3814CONFIG_SND_SOC_AK4642=m
3815CONFIG_SND_SOC_AK4671=m
3816CONFIG_SND_SOC_ALC5623=m
3817CONFIG_SND_SOC_CS42L51=m
3818CONFIG_SND_SOC_CS4270=m
3819CONFIG_SND_SOC_CX20442=m
3820CONFIG_SND_SOC_L3=m
3821CONFIG_SND_SOC_DA7210=m
3822CONFIG_SND_SOC_MAX98088=m
3823CONFIG_SND_SOC_PCM3008=m
3824CONFIG_SND_SOC_SPDIF=m
3825CONFIG_SND_SOC_SSM2602=m
3826CONFIG_SND_SOC_TLV320AIC23=m
3827CONFIG_SND_SOC_TLV320AIC26=m
3828CONFIG_SND_SOC_TLV320AIC3X=m
3829CONFIG_SND_SOC_TLV320DAC33=m
3830CONFIG_SND_SOC_UDA134X=m
3831CONFIG_SND_SOC_UDA1380=m
3832CONFIG_SND_SOC_WL1273=m
3833CONFIG_SND_SOC_WM8400=m
3834CONFIG_SND_SOC_WM8510=m
3835CONFIG_SND_SOC_WM8523=m
3836CONFIG_SND_SOC_WM8580=m
3837CONFIG_SND_SOC_WM8711=m
3838CONFIG_SND_SOC_WM8727=m
3839CONFIG_SND_SOC_WM8728=m
3840CONFIG_SND_SOC_WM8731=m
3841CONFIG_SND_SOC_WM8737=m
3842CONFIG_SND_SOC_WM8741=m
3843CONFIG_SND_SOC_WM8750=m
3844CONFIG_SND_SOC_WM8753=m
3845CONFIG_SND_SOC_WM8770=m
3846CONFIG_SND_SOC_WM8776=m
3847CONFIG_SND_SOC_WM8804=m
3848CONFIG_SND_SOC_WM8900=m
3849CONFIG_SND_SOC_WM8903=m
3850CONFIG_SND_SOC_WM8904=m
3851CONFIG_SND_SOC_WM8940=m
3852CONFIG_SND_SOC_WM8955=m
3853CONFIG_SND_SOC_WM8960=m
3854CONFIG_SND_SOC_WM8961=m
3855CONFIG_SND_SOC_WM8962=m
3856CONFIG_SND_SOC_WM8971=m
3857CONFIG_SND_SOC_WM8974=m
3858CONFIG_SND_SOC_WM8978=m
3859CONFIG_SND_SOC_WM8985=m
3860CONFIG_SND_SOC_WM8988=m
3861CONFIG_SND_SOC_WM8990=m
3862CONFIG_SND_SOC_WM8993=m
3863CONFIG_SND_SOC_WM8995=m
3864CONFIG_SND_SOC_WM9081=m
3865CONFIG_SND_SOC_MAX9877=m
3866CONFIG_SND_SOC_TPA6130A2=m
3867CONFIG_SND_SOC_WM2000=m
3868CONFIG_SND_SOC_WM9090=m
3869# CONFIG_SOUND_PRIME is not set
3870CONFIG_AC97_BUS=m
3871CONFIG_HID_SUPPORT=y
3872CONFIG_HID=m
3873CONFIG_HIDRAW=y
3874
3875#
3876# USB Input Devices
3877#
3878CONFIG_USB_HID=m
3879# CONFIG_HID_PID is not set
3880# CONFIG_USB_HIDDEV is not set
3881
3882#
3883# USB HID Boot Protocol drivers
3884#
3885CONFIG_USB_KBD=m
3886CONFIG_USB_MOUSE=m
3887
3888#
3889# Special HID drivers
3890#
3891CONFIG_HID_3M_PCT=m
3892# CONFIG_HID_A4TECH is not set
3893# CONFIG_HID_ACRUX is not set
3894# CONFIG_HID_APPLE is not set
3895# CONFIG_HID_BELKIN is not set
3896CONFIG_HID_CANDO=m
3897# CONFIG_HID_CHERRY is not set
3898# CONFIG_HID_CHICONY is not set
3899CONFIG_HID_PRODIKEYS=m
3900# CONFIG_HID_CYPRESS is not set
3901# CONFIG_HID_DRAGONRISE is not set
3902# CONFIG_HID_EMS_FF is not set
3903CONFIG_HID_EGALAX=m
3904# CONFIG_HID_ELECOM is not set
3905# CONFIG_HID_EZKEY is not set
3906# CONFIG_HID_KYE is not set
3907# CONFIG_HID_UCLOGIC is not set
3908# CONFIG_HID_WALTOP is not set
3909# CONFIG_HID_GYRATION is not set
3910# CONFIG_HID_TWINHAN is not set
3911# CONFIG_HID_KENSINGTON is not set
3912# CONFIG_HID_LOGITECH is not set
3913CONFIG_HID_MAGICMOUSE=m
3914# CONFIG_HID_MICROSOFT is not set
3915CONFIG_HID_MOSART=m
3916# CONFIG_HID_MONTEREY is not set
3917CONFIG_HID_MULTITOUCH=m
3918# CONFIG_HID_NTRIG is not set
3919CONFIG_HID_ORTEK=m
3920# CONFIG_HID_PANTHERLORD is not set
3921# CONFIG_HID_PETALYNX is not set
3922CONFIG_HID_PICOLCD=m
3923CONFIG_HID_PICOLCD_FB=y
3924CONFIG_HID_PICOLCD_BACKLIGHT=y
3925CONFIG_HID_PICOLCD_LCD=y
3926CONFIG_HID_PICOLCD_LEDS=y
3927CONFIG_HID_QUANTA=m
3928CONFIG_HID_ROCCAT=m
3929CONFIG_HID_ROCCAT_KONE=m
3930CONFIG_HID_ROCCAT_KONEPLUS=m
3931# CONFIG_HID_ROCCAT_PYRA is not set
3932# CONFIG_HID_SAMSUNG is not set
3933CONFIG_HID_SONY=m
3934CONFIG_HID_STANTUM=m
3935# CONFIG_HID_SUNPLUS is not set
3936# CONFIG_HID_GREENASIA is not set
3937# CONFIG_HID_SMARTJOYPLUS is not set
3938# CONFIG_HID_TOPSEED is not set
3939# CONFIG_HID_THRUSTMASTER is not set
3940# CONFIG_HID_WACOM is not set
3941# CONFIG_HID_ZEROPLUS is not set
3942CONFIG_HID_ZYDACRON=m
3943CONFIG_USB_SUPPORT=y
3944CONFIG_USB_ARCH_HAS_HCD=y
3945CONFIG_USB_ARCH_HAS_OHCI=y
3946CONFIG_USB_ARCH_HAS_EHCI=y
3947CONFIG_USB=m
3948# CONFIG_USB_DEBUG is not set
3949CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
3950
3951#
3952# Miscellaneous USB options
3953#
3954CONFIG_USB_DEVICEFS=y
3955CONFIG_USB_DEVICE_CLASS=y
3956# CONFIG_USB_DYNAMIC_MINORS is not set
3957# CONFIG_USB_OTG_WHITELIST is not set
3958# CONFIG_USB_OTG_BLACKLIST_HUB is not set
3959CONFIG_USB_MON=m
3960CONFIG_USB_WUSB=m
3961CONFIG_USB_WUSB_CBAF=m
3962# CONFIG_USB_WUSB_CBAF_DEBUG is not set
3963
3964#
3965# USB Host Controller Drivers
3966#
3967CONFIG_USB_C67X00_HCD=m
3968CONFIG_USB_XHCI_HCD=m
3969# CONFIG_USB_XHCI_HCD_DEBUGGING is not set
3970CONFIG_USB_EHCI_HCD=m
3971# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
3972# CONFIG_USB_EHCI_TT_NEWSCHED is not set
3973CONFIG_USB_OXU210HP_HCD=m
3974CONFIG_USB_ISP116X_HCD=m
3975CONFIG_USB_ISP1760_HCD=m
3976CONFIG_USB_ISP1362_HCD=m
3977CONFIG_USB_OHCI_HCD=m
3978CONFIG_USB_OHCI_HCD_SSB=y
3979# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
3980# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
3981CONFIG_USB_OHCI_LITTLE_ENDIAN=y
3982CONFIG_USB_UHCI_HCD=m
3983CONFIG_USB_U132_HCD=m
3984CONFIG_USB_SL811_HCD=m
3985CONFIG_USB_SL811_CS=m
3986CONFIG_USB_R8A66597_HCD=m
3987CONFIG_USB_WHCI_HCD=m
3988CONFIG_USB_HWA_HCD=m
3989
3990#
3991# Enable Host or Gadget support to see Inventra options
3992#
3993
3994#
3995# USB Device Class drivers
3996#
3997CONFIG_USB_ACM=m
3998CONFIG_USB_PRINTER=m
3999CONFIG_USB_WDM=m
4000CONFIG_USB_TMC=m
4001
4002#
4003# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
4004#
4005
4006#
4007# also be needed; see USB_STORAGE Help for more info
4008#
4009CONFIG_USB_STORAGE=m
4010# CONFIG_USB_STORAGE_DEBUG is not set
4011CONFIG_USB_STORAGE_DATAFAB=m
4012CONFIG_USB_STORAGE_FREECOM=m
4013CONFIG_USB_STORAGE_ISD200=m
4014CONFIG_USB_STORAGE_USBAT=m
4015CONFIG_USB_STORAGE_SDDR09=m
4016CONFIG_USB_STORAGE_SDDR55=m
4017CONFIG_USB_STORAGE_JUMPSHOT=m
4018CONFIG_USB_STORAGE_ALAUDA=m
4019CONFIG_USB_STORAGE_ONETOUCH=m
4020CONFIG_USB_STORAGE_KARMA=m
4021CONFIG_USB_STORAGE_CYPRESS_ATACB=m
4022CONFIG_USB_UAS=m
4023CONFIG_USB_LIBUSUAL=y
4024
4025#
4026# USB Imaging devices
4027#
4028# CONFIG_USB_MDC800 is not set
4029# CONFIG_USB_MICROTEK is not set
4030
4031#
4032# USB port drivers
4033#
4034CONFIG_USB_USS720=m
4035CONFIG_USB_SERIAL=m
4036CONFIG_USB_EZUSB=y
4037CONFIG_USB_SERIAL_GENERIC=y
4038CONFIG_USB_SERIAL_AIRCABLE=m
4039CONFIG_USB_SERIAL_ARK3116=m
4040CONFIG_USB_SERIAL_BELKIN=m
4041CONFIG_USB_SERIAL_CH341=m
4042CONFIG_USB_SERIAL_WHITEHEAT=m
4043CONFIG_USB_SERIAL_DIGI_ACCELEPORT=m
4044CONFIG_USB_SERIAL_CP210X=m
4045CONFIG_USB_SERIAL_CYPRESS_M8=m
4046CONFIG_USB_SERIAL_EMPEG=m
4047CONFIG_USB_SERIAL_FTDI_SIO=m
4048CONFIG_USB_SERIAL_FUNSOFT=m
4049CONFIG_USB_SERIAL_VISOR=m
4050CONFIG_USB_SERIAL_IPAQ=m
4051CONFIG_USB_SERIAL_IR=m
4052CONFIG_USB_SERIAL_EDGEPORT=m
4053CONFIG_USB_SERIAL_EDGEPORT_TI=m
4054CONFIG_USB_SERIAL_GARMIN=m
4055CONFIG_USB_SERIAL_IPW=m
4056CONFIG_USB_SERIAL_IUU=m
4057CONFIG_USB_SERIAL_KEYSPAN_PDA=m
4058CONFIG_USB_SERIAL_KEYSPAN=m
4059CONFIG_USB_SERIAL_KLSI=m
4060CONFIG_USB_SERIAL_KOBIL_SCT=m
4061CONFIG_USB_SERIAL_MCT_U232=m
4062CONFIG_USB_SERIAL_MOS7720=m
4063CONFIG_USB_SERIAL_MOS7715_PARPORT=y
4064CONFIG_USB_SERIAL_MOS7840=m
4065CONFIG_USB_SERIAL_MOTOROLA=m
4066CONFIG_USB_SERIAL_NAVMAN=m
4067CONFIG_USB_SERIAL_PL2303=m
4068CONFIG_USB_SERIAL_OTI6858=m
4069CONFIG_USB_SERIAL_QCAUX=m
4070CONFIG_USB_SERIAL_QUALCOMM=m
4071CONFIG_USB_SERIAL_SPCP8X5=m
4072CONFIG_USB_SERIAL_HP4X=m
4073CONFIG_USB_SERIAL_SAFE=m
4074CONFIG_USB_SERIAL_SAFE_PADDED=y
4075# CONFIG_USB_SERIAL_SAMBA is not set
4076CONFIG_USB_SERIAL_SIEMENS_MPI=m
4077CONFIG_USB_SERIAL_SIERRAWIRELESS=m
4078CONFIG_USB_SERIAL_SYMBOL=m
4079CONFIG_USB_SERIAL_TI=m
4080CONFIG_USB_SERIAL_CYBERJACK=m
4081CONFIG_USB_SERIAL_XIRCOM=m
4082CONFIG_USB_SERIAL_WWAN=m
4083CONFIG_USB_SERIAL_OPTION=m
4084CONFIG_USB_SERIAL_OMNINET=m
4085CONFIG_USB_SERIAL_OPTICON=m
4086CONFIG_USB_SERIAL_VIVOPAY_SERIAL=m
4087CONFIG_USB_SERIAL_ZIO=m
4088# CONFIG_USB_SERIAL_SSU100 is not set
4089CONFIG_USB_SERIAL_DEBUG=m
4090
4091#
4092# USB Miscellaneous drivers
4093#
4094CONFIG_USB_EMI62=m
4095CONFIG_USB_EMI26=m
4096CONFIG_USB_ADUTUX=m
4097CONFIG_USB_SEVSEG=m
4098CONFIG_USB_RIO500=m
4099# CONFIG_USB_LEGOTOWER is not set
4100CONFIG_USB_LCD=m
4101CONFIG_USB_LED=m
4102CONFIG_USB_CYPRESS_CY7C63=m
4103CONFIG_USB_CYTHERM=m
4104CONFIG_USB_IDMOUSE=m
4105CONFIG_USB_FTDI_ELAN=m
4106# CONFIG_USB_APPLEDISPLAY is not set
4107CONFIG_USB_SISUSBVGA=m
4108CONFIG_USB_SISUSBVGA_CON=y
4109CONFIG_USB_LD=m
4110# CONFIG_USB_TRANCEVIBRATOR is not set
4111CONFIG_USB_IOWARRIOR=m
4112CONFIG_USB_TEST=m
4113CONFIG_USB_ISIGHTFW=m
4114# CONFIG_USB_YUREX is not set
4115CONFIG_USB_ATM=m
4116CONFIG_USB_SPEEDTOUCH=m
4117CONFIG_USB_CXACRU=m
4118CONFIG_USB_UEAGLEATM=m
4119CONFIG_USB_XUSBATM=m
4120# CONFIG_USB_GADGET is not set
4121
4122#
4123# OTG and related infrastructure
4124#
4125CONFIG_USB_OTG_UTILS=y
4126CONFIG_USB_GPIO_VBUS=m
4127CONFIG_NOP_USB_XCEIV=m
4128CONFIG_UWB=m
4129CONFIG_UWB_HWA=m
4130CONFIG_UWB_WHCI=m
4131CONFIG_UWB_I1480U=m
4132CONFIG_MMC=m
4133# CONFIG_MMC_DEBUG is not set
4134# CONFIG_MMC_UNSAFE_RESUME is not set
4135# CONFIG_MMC_CLKGATE is not set
4136
4137#
4138# MMC/SD/SDIO Card Drivers
4139#
4140CONFIG_MMC_BLOCK=m
4141CONFIG_MMC_BLOCK_MINORS=8
4142CONFIG_MMC_BLOCK_BOUNCE=y
4143CONFIG_SDIO_UART=m
4144CONFIG_MMC_TEST=m
4145
4146#
4147# MMC/SD/SDIO Host Controller Drivers
4148#
4149CONFIG_MMC_SDHCI=m
4150CONFIG_MMC_SDHCI_PCI=m
4151CONFIG_MMC_RICOH_MMC=y
4152CONFIG_MMC_SDHCI_PLTFM=m
4153CONFIG_MMC_WBSD=m
4154CONFIG_MMC_TIFM_SD=m
4155CONFIG_MMC_SDRICOH_CS=m
4156CONFIG_MMC_CB710=m
4157CONFIG_MMC_VIA_SDMMC=m
4158# CONFIG_MMC_USHC is not set
4159CONFIG_MEMSTICK=m
4160# CONFIG_MEMSTICK_DEBUG is not set
4161
4162#
4163# MemoryStick drivers
4164#
4165# CONFIG_MEMSTICK_UNSAFE_RESUME is not set
4166CONFIG_MSPRO_BLOCK=m
4167
4168#
4169# MemoryStick Host Controller Drivers
4170#
4171CONFIG_MEMSTICK_TIFM_MS=m
4172CONFIG_MEMSTICK_JMICRON_38X=m
4173CONFIG_NEW_LEDS=y
4174CONFIG_LEDS_CLASS=y
4175
4176#
4177# LED drivers
4178#
4179CONFIG_LEDS_NET5501=m
4180CONFIG_LEDS_ALIX2=m
4181CONFIG_LEDS_PCA9532=m
4182CONFIG_LEDS_GPIO=m
4183CONFIG_LEDS_GPIO_PLATFORM=y
4184CONFIG_LEDS_LP3944=m
4185# CONFIG_LEDS_LP5521 is not set
4186# CONFIG_LEDS_LP5523 is not set
4187CONFIG_LEDS_CLEVO_MAIL=m
4188CONFIG_LEDS_PCA955X=m
4189CONFIG_LEDS_DAC124S085=m
4190CONFIG_LEDS_REGULATOR=m
4191CONFIG_LEDS_BD2802=m
4192CONFIG_LEDS_INTEL_SS4200=m
4193CONFIG_LEDS_LT3593=m
4194CONFIG_LEDS_DELL_NETBOOKS=m
4195# CONFIG_LEDS_MC13783 is not set
4196CONFIG_LEDS_TRIGGERS=y
4197
4198#
4199# LED Triggers
4200#
4201CONFIG_LEDS_TRIGGER_TIMER=m
4202CONFIG_LEDS_TRIGGER_HEARTBEAT=m
4203CONFIG_LEDS_TRIGGER_BACKLIGHT=m
4204CONFIG_LEDS_TRIGGER_GPIO=m
4205CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
4206
4207#
4208# iptables trigger is under Netfilter config (LED target)
4209#
4210# CONFIG_NFC_DEVICES is not set
4211CONFIG_ACCESSIBILITY=y
4212# CONFIG_A11Y_BRAILLE_CONSOLE is not set
4213CONFIG_INFINIBAND=m
4214CONFIG_INFINIBAND_USER_MAD=m
4215CONFIG_INFINIBAND_USER_ACCESS=m
4216CONFIG_INFINIBAND_USER_MEM=y
4217CONFIG_INFINIBAND_ADDR_TRANS=y
4218CONFIG_INFINIBAND_MTHCA=m
4219# CONFIG_INFINIBAND_MTHCA_DEBUG is not set
4220CONFIG_INFINIBAND_AMSO1100=m
4221# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
4222CONFIG_INFINIBAND_CXGB3=m
4223# CONFIG_INFINIBAND_CXGB3_DEBUG is not set
4224CONFIG_INFINIBAND_CXGB4=m
4225CONFIG_MLX4_INFINIBAND=m
4226CONFIG_INFINIBAND_NES=m
4227# CONFIG_INFINIBAND_NES_DEBUG is not set
4228CONFIG_INFINIBAND_IPOIB=m
4229# CONFIG_INFINIBAND_IPOIB_CM is not set
4230# CONFIG_INFINIBAND_IPOIB_DEBUG is not set
4231CONFIG_INFINIBAND_SRP=m
4232CONFIG_INFINIBAND_ISER=m
4233# CONFIG_EDAC is not set
4234CONFIG_RTC_LIB=m
4235CONFIG_RTC_CLASS=m
4236
4237#
4238# RTC interfaces
4239#
4240CONFIG_RTC_INTF_SYSFS=y
4241CONFIG_RTC_INTF_PROC=y
4242CONFIG_RTC_INTF_DEV=y
4243CONFIG_RTC_INTF_DEV_UIE_EMUL=y
4244CONFIG_RTC_DRV_TEST=m
4245
4246#
4247# I2C RTC drivers
4248#
4249CONFIG_RTC_DRV_DS1307=m
4250CONFIG_RTC_DRV_DS1374=m
4251CONFIG_RTC_DRV_DS1672=m
4252# CONFIG_RTC_DRV_DS3232 is not set
4253CONFIG_RTC_DRV_MAX6900=m
4254CONFIG_RTC_DRV_RS5C372=m
4255CONFIG_RTC_DRV_ISL1208=m
4256# CONFIG_RTC_DRV_ISL12022 is not set
4257CONFIG_RTC_DRV_X1205=m
4258CONFIG_RTC_DRV_PCF8563=m
4259CONFIG_RTC_DRV_PCF8583=m
4260CONFIG_RTC_DRV_M41T80=m
4261CONFIG_RTC_DRV_M41T80_WDT=y
4262CONFIG_RTC_DRV_BQ32K=m
4263CONFIG_RTC_DRV_S35390A=m
4264CONFIG_RTC_DRV_FM3130=m
4265CONFIG_RTC_DRV_RX8581=m
4266CONFIG_RTC_DRV_RX8025=m
4267
4268#
4269# SPI RTC drivers
4270#
4271CONFIG_RTC_DRV_M41T94=m
4272CONFIG_RTC_DRV_DS1305=m
4273CONFIG_RTC_DRV_DS1390=m
4274CONFIG_RTC_DRV_MAX6902=m
4275CONFIG_RTC_DRV_R9701=m
4276CONFIG_RTC_DRV_RS5C348=m
4277CONFIG_RTC_DRV_DS3234=m
4278CONFIG_RTC_DRV_PCF2123=m
4279
4280#
4281# Platform RTC drivers
4282#
4283CONFIG_RTC_DRV_CMOS=m
4284CONFIG_RTC_DRV_DS1286=m
4285CONFIG_RTC_DRV_DS1511=m
4286CONFIG_RTC_DRV_DS1553=m
4287CONFIG_RTC_DRV_DS1742=m
4288CONFIG_RTC_DRV_STK17TA8=m
4289CONFIG_RTC_DRV_M48T86=m
4290CONFIG_RTC_DRV_M48T35=m
4291CONFIG_RTC_DRV_M48T59=m
4292CONFIG_RTC_DRV_MSM6242=m
4293CONFIG_RTC_DRV_BQ4802=m
4294CONFIG_RTC_DRV_RP5C01=m
4295CONFIG_RTC_DRV_V3020=m
4296CONFIG_RTC_DRV_PCF50633=m
4297
4298#
4299# on-CPU RTC drivers
4300#
4301# CONFIG_RTC_DRV_MC13XXX is not set
4302CONFIG_DMADEVICES=y
4303# CONFIG_DMADEVICES_DEBUG is not set
4304
4305#
4306# DMA Devices
4307#
4308# CONFIG_INTEL_MID_DMAC is not set
4309CONFIG_INTEL_IOATDMA=m
4310CONFIG_TIMB_DMA=m
4311CONFIG_PCH_DMA=m
4312CONFIG_DMA_ENGINE=y
4313
4314#
4315# DMA Clients
4316#
4317CONFIG_NET_DMA=y
4318# CONFIG_ASYNC_TX_DMA is not set
4319CONFIG_DMATEST=m
4320CONFIG_DCA=m
4321CONFIG_AUXDISPLAY=y
4322CONFIG_KS0108=m
4323CONFIG_KS0108_PORT=0x378
4324CONFIG_KS0108_DELAY=2
4325CONFIG_CFAG12864B=m
4326CONFIG_CFAG12864B_RATE=20
4327CONFIG_UIO=m
4328CONFIG_UIO_CIF=m
4329CONFIG_UIO_PDRV=m
4330CONFIG_UIO_PDRV_GENIRQ=m
4331CONFIG_UIO_AEC=m
4332CONFIG_UIO_SERCOS3=m
4333CONFIG_UIO_PCI_GENERIC=m
4334CONFIG_UIO_NETX=m
4335CONFIG_STAGING=y
4336# CONFIG_STAGING_EXCLUDE_BUILD is not set
4337# CONFIG_ET131X is not set
4338# CONFIG_SLICOSS is not set
4339# CONFIG_VIDEO_GO7007 is not set
4340# CONFIG_VIDEO_CX25821 is not set
4341# CONFIG_VIDEO_TM6000 is not set
4342CONFIG_USB_DABUSB=m
4343# CONFIG_USB_SE401 is not set
4344# CONFIG_USB_VICAM is not set
4345# CONFIG_USB_IP_COMMON is not set
4346# CONFIG_W35UND is not set
4347# CONFIG_PRISM2_USB is not set
4348# CONFIG_ECHO is not set
4349CONFIG_BRCM80211=m
4350CONFIG_BRCM80211_PCI=y
4351# CONFIG_BRCMFMAC is not set
4352# CONFIG_RT2860 is not set
4353# CONFIG_RT2870 is not set
4354# CONFIG_COMEDI is not set
4355# CONFIG_ASUS_OLED is not set
4356# CONFIG_PANEL is not set
4357# CONFIG_R8187SE is not set
4358# CONFIG_RTL8192U is not set
4359# CONFIG_RTL8192E is not set
4360# CONFIG_R8712U is not set
4361# CONFIG_TRANZPORT is not set
4362# CONFIG_POHMELFS is not set
4363CONFIG_AUTOFS_FS=m
4364# CONFIG_IDE_PHISON is not set
4365# CONFIG_LINE6_USB is not set
4366CONFIG_DRM_VMWGFX=m
4367CONFIG_DRM_NOUVEAU=m
4368CONFIG_DRM_NOUVEAU_BACKLIGHT=y
4369CONFIG_DRM_NOUVEAU_DEBUG=y
4370
4371#
4372# I2C encoder or helper chips
4373#
4374# CONFIG_DRM_I2C_CH7006 is not set
4375CONFIG_DRM_I2C_SIL164=m
4376# CONFIG_USB_SERIAL_QUATECH2 is not set
4377# CONFIG_USB_SERIAL_QUATECH_USB2 is not set
4378# CONFIG_VT6655 is not set
4379# CONFIG_VT6656 is not set
4380CONFIG_HYPERV=m
4381CONFIG_HYPERV_STORAGE=m
4382CONFIG_HYPERV_BLOCK=m
4383CONFIG_HYPERV_NET=m
4384CONFIG_HYPERV_UTILS=m
4385# CONFIG_VME_BUS is not set
4386# CONFIG_DX_SEP is not set
4387# CONFIG_IIO is not set
4388# CONFIG_CS5535_GPIO is not set
4389# CONFIG_ZRAM is not set
4390# CONFIG_WLAGS49_H2 is not set
4391# CONFIG_WLAGS49_H25 is not set
4392# CONFIG_SAMSUNG_LAPTOP is not set
4393# CONFIG_FB_SM7XX is not set
4394# CONFIG_VIDEO_DT3155 is not set
4395# CONFIG_CRYSTALHD is not set
4396# CONFIG_CXT1E1 is not set
4397
4398#
4399# Texas Instruments shared transport line discipline
4400#
4401# CONFIG_ST_BT is not set
4402# CONFIG_FB_XGI is not set
4403# CONFIG_LIRC_STAGING is not set
4404# CONFIG_SMB_FS is not set
4405# CONFIG_EASYCAP is not set
4406# CONFIG_SOLO6X10 is not set
4407# CONFIG_ACPI_QUICKSTART is not set
4408CONFIG_MACH_NO_WESTBRIDGE=y
4409# CONFIG_SBE_2T3E3 is not set
4410# CONFIG_ATH6K_LEGACY is not set
4411# CONFIG_USB_ENESTORAGE is not set
4412# CONFIG_BCM_WIMAX is not set
4413# CONFIG_FT1000 is not set
4414
4415#
4416# Speakup console speech
4417#
4418# CONFIG_SPEAKUP is not set
4419# CONFIG_TOUCHSCREEN_CLEARPAD_TM1217 is not set
4420# CONFIG_TOUCHSCREEN_SYNAPTICS_I2C_RMI4 is not set
4421CONFIG_X86_PLATFORM_DEVICES=y
4422CONFIG_ACER_WMI=m
4423CONFIG_ASUS_LAPTOP=m
4424CONFIG_DELL_LAPTOP=m
4425CONFIG_DELL_WMI=m
4426CONFIG_FUJITSU_LAPTOP=m
4427# CONFIG_FUJITSU_LAPTOP_DEBUG is not set
4428# CONFIG_TC1100_WMI is not set
4429CONFIG_HP_WMI=m
4430CONFIG_MSI_LAPTOP=m
4431CONFIG_PANASONIC_LAPTOP=m
4432CONFIG_COMPAL_LAPTOP=m
4433CONFIG_SONY_LAPTOP=m
4434# CONFIG_SONYPI_COMPAT is not set
4435CONFIG_IDEAPAD_LAPTOP=m
4436CONFIG_THINKPAD_ACPI=m
4437CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y
4438# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set
4439# CONFIG_THINKPAD_ACPI_DEBUG is not set
4440# CONFIG_THINKPAD_ACPI_UNSAFE_LEDS is not set
4441CONFIG_THINKPAD_ACPI_VIDEO=y
4442CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y
4443CONFIG_SENSORS_HDAPS=m
4444CONFIG_INTEL_MENLOW=m
4445CONFIG_EEEPC_LAPTOP=m
4446CONFIG_EEEPC_WMI=m
4447CONFIG_ACPI_WMI=m
4448CONFIG_MSI_WMI=m
4449CONFIG_ACPI_ASUS=m
4450# CONFIG_TOPSTAR_LAPTOP is not set
4451CONFIG_ACPI_TOSHIBA=m
4452CONFIG_TOSHIBA_BT_RFKILL=m
4453CONFIG_ACPI_CMPC=m
4454CONFIG_INTEL_IPS=m
4455# CONFIG_IBM_RTL is not set
4456
4457#
4458# Firmware Drivers
4459#
4460CONFIG_EDD=m
4461# CONFIG_EDD_OFF is not set
4462CONFIG_FIRMWARE_MEMMAP=y
4463CONFIG_DELL_RBU=m
4464CONFIG_DCDBAS=m
4465CONFIG_DMIID=y
4466# CONFIG_ISCSI_IBFT_FIND is not set
4467
4468#
4469# File systems
4470#
4471CONFIG_EXT2_FS=m
4472CONFIG_EXT2_FS_XATTR=y
4473CONFIG_EXT2_FS_POSIX_ACL=y
4474CONFIG_EXT2_FS_SECURITY=y
4475CONFIG_EXT2_FS_XIP=y
4476CONFIG_EXT3_FS=m
4477# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
4478CONFIG_EXT3_FS_XATTR=y
4479CONFIG_EXT3_FS_POSIX_ACL=y
4480CONFIG_EXT3_FS_SECURITY=y
4481CONFIG_EXT4_FS=m
4482CONFIG_EXT4_FS_XATTR=y
4483CONFIG_EXT4_FS_POSIX_ACL=y
4484CONFIG_EXT4_FS_SECURITY=y
4485# CONFIG_EXT4_DEBUG is not set
4486CONFIG_FS_XIP=y
4487CONFIG_JBD=m
4488# CONFIG_JBD_DEBUG is not set
4489CONFIG_JBD2=m
4490# CONFIG_JBD2_DEBUG is not set
4491CONFIG_FS_MBCACHE=m
4492CONFIG_REISERFS_FS=m
4493# CONFIG_REISERFS_CHECK is not set
4494CONFIG_REISERFS_PROC_INFO=y
4495CONFIG_REISERFS_FS_XATTR=y
4496CONFIG_REISERFS_FS_POSIX_ACL=y
4497# CONFIG_REISERFS_FS_SECURITY is not set
4498CONFIG_JFS_FS=m
4499CONFIG_JFS_POSIX_ACL=y
4500CONFIG_JFS_SECURITY=y
4501# CONFIG_JFS_DEBUG is not set
4502CONFIG_JFS_STATISTICS=y
4503CONFIG_XFS_FS=m
4504CONFIG_XFS_QUOTA=y
4505CONFIG_XFS_POSIX_ACL=y
4506CONFIG_XFS_RT=y
4507# CONFIG_XFS_DEBUG is not set
4508CONFIG_GFS2_FS=m
4509CONFIG_GFS2_FS_LOCKING_DLM=y
4510CONFIG_OCFS2_FS=m
4511CONFIG_OCFS2_FS_O2CB=m
4512CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m
4513CONFIG_OCFS2_FS_STATS=y
4514CONFIG_OCFS2_DEBUG_MASKLOG=y
4515# CONFIG_OCFS2_DEBUG_FS is not set
4516CONFIG_BTRFS_FS=m
4517CONFIG_BTRFS_FS_POSIX_ACL=y
4518CONFIG_NILFS2_FS=m
4519CONFIG_FS_POSIX_ACL=y
4520CONFIG_EXPORTFS=m
4521CONFIG_FILE_LOCKING=y
4522CONFIG_FSNOTIFY=y
4523# CONFIG_DNOTIFY is not set
4524CONFIG_INOTIFY_USER=y
4525# CONFIG_FANOTIFY is not set
4526CONFIG_QUOTA=y
4527CONFIG_QUOTA_NETLINK_INTERFACE=y
4528# CONFIG_PRINT_QUOTA_WARNING is not set
4529# CONFIG_QUOTA_DEBUG is not set
4530CONFIG_QUOTA_TREE=m
4531CONFIG_QFMT_V1=m
4532CONFIG_QFMT_V2=m
4533CONFIG_QUOTACTL=y
4534CONFIG_AUTOFS4_FS=m
4535CONFIG_FUSE_FS=m
4536# CONFIG_CUSE is not set
4537
4538#
4539# Caches
4540#
4541CONFIG_FSCACHE=m
4542CONFIG_FSCACHE_STATS=y
4543CONFIG_FSCACHE_HISTOGRAM=y
4544# CONFIG_FSCACHE_DEBUG is not set
4545# CONFIG_FSCACHE_OBJECT_LIST is not set
4546CONFIG_CACHEFILES=m
4547# CONFIG_CACHEFILES_DEBUG is not set
4548# CONFIG_CACHEFILES_HISTOGRAM is not set
4549
4550#
4551# CD-ROM/DVD Filesystems
4552#
4553CONFIG_ISO9660_FS=m
4554CONFIG_JOLIET=y
4555CONFIG_ZISOFS=y
4556CONFIG_UDF_FS=m
4557CONFIG_UDF_NLS=y
4558
4559#
4560# DOS/FAT/NT Filesystems
4561#
4562CONFIG_FAT_FS=m
4563CONFIG_MSDOS_FS=m
4564CONFIG_VFAT_FS=m
4565CONFIG_FAT_DEFAULT_CODEPAGE=437
4566CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
4567CONFIG_NTFS_FS=m
4568# CONFIG_NTFS_DEBUG is not set
4569CONFIG_NTFS_RW=y
4570
4571#
4572# Pseudo filesystems
4573#
4574CONFIG_PROC_FS=y
4575CONFIG_PROC_SYSCTL=y
4576CONFIG_SYSFS=y
4577CONFIG_TMPFS=y
4578# CONFIG_TMPFS_POSIX_ACL is not set
4579# CONFIG_HUGETLBFS is not set
4580# CONFIG_HUGETLB_PAGE is not set
4581CONFIG_CONFIGFS_FS=m
4582CONFIG_MISC_FILESYSTEMS=y
4583# CONFIG_ADFS_FS is not set
4584# CONFIG_AFFS_FS is not set
4585CONFIG_ECRYPT_FS=m
4586CONFIG_HFS_FS=m
4587CONFIG_HFSPLUS_FS=m
4588# CONFIG_BEFS_FS is not set
4589# CONFIG_BFS_FS is not set
4590CONFIG_EFS_FS=m
4591CONFIG_JFFS2_FS=m
4592CONFIG_JFFS2_FS_DEBUG=0
4593CONFIG_JFFS2_FS_WRITEBUFFER=y
4594# CONFIG_JFFS2_FS_WBUF_VERIFY is not set
4595CONFIG_JFFS2_SUMMARY=y
4596CONFIG_JFFS2_FS_XATTR=y
4597CONFIG_JFFS2_FS_POSIX_ACL=y
4598CONFIG_JFFS2_FS_SECURITY=y
4599CONFIG_JFFS2_COMPRESSION_OPTIONS=y
4600CONFIG_JFFS2_ZLIB=y
4601CONFIG_JFFS2_LZO=y
4602CONFIG_JFFS2_RTIME=y
4603CONFIG_JFFS2_RUBIN=y
4604# CONFIG_JFFS2_CMODE_NONE is not set
4605CONFIG_JFFS2_CMODE_PRIORITY=y
4606# CONFIG_JFFS2_CMODE_SIZE is not set
4607# CONFIG_JFFS2_CMODE_FAVOURLZO is not set
4608CONFIG_UBIFS_FS=m
4609# CONFIG_UBIFS_FS_XATTR is not set
4610# CONFIG_UBIFS_FS_ADVANCED_COMPR is not set
4611CONFIG_UBIFS_FS_LZO=y
4612CONFIG_UBIFS_FS_ZLIB=y
4613# CONFIG_UBIFS_FS_DEBUG is not set
4614CONFIG_LOGFS=m
4615CONFIG_CRAMFS=m
4616CONFIG_SQUASHFS=m
4617# CONFIG_SQUASHFS_XATTR is not set
4618# CONFIG_SQUASHFS_LZO is not set
4619CONFIG_SQUASHFS_XZ=y
4620# CONFIG_SQUASHFS_EMBEDDED is not set
4621CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
4622# CONFIG_VXFS_FS is not set
4623CONFIG_MINIX_FS=m
4624CONFIG_OMFS_FS=m
4625CONFIG_HPFS_FS=m
4626# CONFIG_QNX4FS_FS is not set
4627CONFIG_ROMFS_FS=m
4628CONFIG_ROMFS_BACKED_BY_BLOCK=y
4629# CONFIG_ROMFS_BACKED_BY_MTD is not set
4630# CONFIG_ROMFS_BACKED_BY_BOTH is not set
4631CONFIG_ROMFS_ON_BLOCK=y
4632CONFIG_SYSV_FS=m
4633CONFIG_UFS_FS=m
4634# CONFIG_UFS_FS_WRITE is not set
4635# CONFIG_UFS_DEBUG is not set
4636CONFIG_EXOFS_FS=m
4637# CONFIG_EXOFS_DEBUG is not set
4638CONFIG_NETWORK_FILESYSTEMS=y
4639CONFIG_NFS_FS=m
4640CONFIG_NFS_V3=y
4641# CONFIG_NFS_V3_ACL is not set
4642CONFIG_NFS_V4=y
4643# CONFIG_NFS_V4_1 is not set
4644# CONFIG_NFS_FSCACHE is not set
4645# CONFIG_NFS_USE_LEGACY_DNS is not set
4646CONFIG_NFS_USE_KERNEL_DNS=y
4647# CONFIG_NFS_USE_NEW_IDMAPPER is not set
4648CONFIG_NFSD=m
4649CONFIG_NFSD_DEPRECATED=y
4650CONFIG_NFSD_V3=y
4651# CONFIG_NFSD_V3_ACL is not set
4652CONFIG_NFSD_V4=y
4653CONFIG_LOCKD=m
4654CONFIG_LOCKD_V4=y
4655CONFIG_NFS_COMMON=y
4656CONFIG_SUNRPC=m
4657CONFIG_SUNRPC_GSS=m
4658CONFIG_SUNRPC_XPRT_RDMA=m
4659CONFIG_RPCSEC_GSS_KRB5=m
4660CONFIG_CEPH_FS=m
4661CONFIG_CIFS=m
4662# CONFIG_CIFS_STATS is not set
4663# CONFIG_CIFS_WEAK_PW_HASH is not set
4664# CONFIG_CIFS_UPCALL is not set
4665CONFIG_CIFS_XATTR=y
4666CONFIG_CIFS_POSIX=y
4667# CONFIG_CIFS_DEBUG2 is not set
4668CONFIG_CIFS_DFS_UPCALL=y
4669# CONFIG_CIFS_FSCACHE is not set
4670# CONFIG_CIFS_ACL is not set
4671CONFIG_CIFS_EXPERIMENTAL=y
4672# CONFIG_NCP_FS is not set
4673# CONFIG_CODA_FS is not set
4674# CONFIG_AFS_FS is not set
4675# CONFIG_9P_FS is not set
4676
4677#
4678# Partition Types
4679#
4680CONFIG_PARTITION_ADVANCED=y
4681# CONFIG_ACORN_PARTITION is not set
4682# CONFIG_OSF_PARTITION is not set
4683# CONFIG_AMIGA_PARTITION is not set
4684# CONFIG_ATARI_PARTITION is not set
4685# CONFIG_MAC_PARTITION is not set
4686CONFIG_MSDOS_PARTITION=y
4687# CONFIG_BSD_DISKLABEL is not set
4688# CONFIG_MINIX_SUBPARTITION is not set
4689# CONFIG_SOLARIS_X86_PARTITION is not set
4690# CONFIG_UNIXWARE_DISKLABEL is not set
4691# CONFIG_LDM_PARTITION is not set
4692# CONFIG_SGI_PARTITION is not set
4693# CONFIG_ULTRIX_PARTITION is not set
4694# CONFIG_SUN_PARTITION is not set
4695# CONFIG_KARMA_PARTITION is not set
4696CONFIG_EFI_PARTITION=y
4697# CONFIG_SYSV68_PARTITION is not set
4698CONFIG_NLS=m
4699CONFIG_NLS_DEFAULT="iso8859-1"
4700CONFIG_NLS_CODEPAGE_437=m
4701CONFIG_NLS_CODEPAGE_737=m
4702CONFIG_NLS_CODEPAGE_775=m
4703CONFIG_NLS_CODEPAGE_850=m
4704CONFIG_NLS_CODEPAGE_852=m
4705CONFIG_NLS_CODEPAGE_855=m
4706CONFIG_NLS_CODEPAGE_857=m
4707CONFIG_NLS_CODEPAGE_860=m
4708CONFIG_NLS_CODEPAGE_861=m
4709CONFIG_NLS_CODEPAGE_862=m
4710CONFIG_NLS_CODEPAGE_863=m
4711CONFIG_NLS_CODEPAGE_864=m
4712CONFIG_NLS_CODEPAGE_865=m
4713CONFIG_NLS_CODEPAGE_866=m
4714CONFIG_NLS_CODEPAGE_869=m
4715CONFIG_NLS_CODEPAGE_936=m
4716CONFIG_NLS_CODEPAGE_950=m
4717CONFIG_NLS_CODEPAGE_932=m
4718CONFIG_NLS_CODEPAGE_949=m
4719CONFIG_NLS_CODEPAGE_874=m
4720CONFIG_NLS_ISO8859_8=m
4721CONFIG_NLS_CODEPAGE_1250=m
4722CONFIG_NLS_CODEPAGE_1251=m
4723CONFIG_NLS_ASCII=m
4724CONFIG_NLS_ISO8859_1=m
4725CONFIG_NLS_ISO8859_2=m
4726CONFIG_NLS_ISO8859_3=m
4727CONFIG_NLS_ISO8859_4=m
4728CONFIG_NLS_ISO8859_5=m
4729CONFIG_NLS_ISO8859_6=m
4730CONFIG_NLS_ISO8859_7=m
4731CONFIG_NLS_ISO8859_9=m
4732CONFIG_NLS_ISO8859_13=m
4733CONFIG_NLS_ISO8859_14=m
4734CONFIG_NLS_ISO8859_15=m
4735CONFIG_NLS_KOI8_R=m
4736CONFIG_NLS_KOI8_U=m
4737CONFIG_NLS_UTF8=m
4738CONFIG_DLM=m
4739# CONFIG_DLM_DEBUG is not set
4740
4741#
4742# Kernel hacking
4743#
4744CONFIG_TRACE_IRQFLAGS_SUPPORT=y
4745CONFIG_PRINTK_TIME=y
4746CONFIG_ENABLE_WARN_DEPRECATED=y
4747# CONFIG_ENABLE_MUST_CHECK is not set
4748CONFIG_FRAME_WARN=1024
4749CONFIG_MAGIC_SYSRQ=y
4750# CONFIG_STRIP_ASM_SYMS is not set
4751# CONFIG_UNUSED_SYMBOLS is not set
4752CONFIG_DEBUG_FS=y
4753# CONFIG_HEADERS_CHECK is not set
4754# CONFIG_DEBUG_KERNEL is not set
4755# CONFIG_HARDLOCKUP_DETECTOR is not set
4756# CONFIG_SLUB_STATS is not set
4757CONFIG_BKL=y
4758# CONFIG_SPARSE_RCU_POINTER is not set
4759CONFIG_DEBUG_BUGVERBOSE=y
4760# CONFIG_DEBUG_MEMORY_INIT is not set
4761CONFIG_ARCH_WANT_FRAME_POINTERS=y
4762CONFIG_FRAME_POINTER=y
4763# CONFIG_RCU_CPU_STALL_DETECTOR is not set
4764# CONFIG_LKDTM is not set
4765CONFIG_SYSCTL_SYSCALL_CHECK=y
4766CONFIG_USER_STACKTRACE_SUPPORT=y
4767CONFIG_HAVE_FUNCTION_TRACER=y
4768CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
4769CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
4770CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
4771CONFIG_HAVE_DYNAMIC_FTRACE=y
4772CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
4773CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
4774CONFIG_HAVE_C_RECORDMCOUNT=y
4775CONFIG_RING_BUFFER=y
4776CONFIG_RING_BUFFER_ALLOW_SWAP=y
4777CONFIG_TRACING_SUPPORT=y
4778# CONFIG_FTRACE is not set
4779# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
4780# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set
4781# CONFIG_DYNAMIC_DEBUG is not set
4782# CONFIG_DMA_API_DEBUG is not set
4783# CONFIG_ATOMIC64_SELFTEST is not set
4784# CONFIG_ASYNC_RAID6_TEST is not set
4785# CONFIG_SAMPLES is not set
4786CONFIG_HAVE_ARCH_KGDB=y
4787CONFIG_HAVE_ARCH_KMEMCHECK=y
4788CONFIG_TEST_KSTRTOX=m
4789CONFIG_STRICT_DEVMEM=y
4790# CONFIG_X86_VERBOSE_BOOTUP is not set
4791# CONFIG_EARLY_PRINTK is not set
4792CONFIG_DOUBLEFAULT=y
4793# CONFIG_IOMMU_STRESS is not set
4794CONFIG_HAVE_MMIOTRACE_SUPPORT=y
4795CONFIG_IO_DELAY_TYPE_0X80=0
4796CONFIG_IO_DELAY_TYPE_0XED=1
4797CONFIG_IO_DELAY_TYPE_UDELAY=2
4798CONFIG_IO_DELAY_TYPE_NONE=3
4799CONFIG_IO_DELAY_0X80=y
4800# CONFIG_IO_DELAY_0XED is not set
4801# CONFIG_IO_DELAY_UDELAY is not set
4802# CONFIG_IO_DELAY_NONE is not set
4803CONFIG_DEFAULT_IO_DELAY_TYPE=0
4804# CONFIG_OPTIMIZE_INLINING is not set
4805
4806#
4807# Security options
4808#
4809
4810#
4811# Grsecurity
4812#
4813CONFIG_GRKERNSEC=y
4814# CONFIG_GRKERNSEC_LOW is not set
4815# CONFIG_GRKERNSEC_MEDIUM is not set
4816# CONFIG_GRKERNSEC_HIGH is not set
4817CONFIG_GRKERNSEC_CUSTOM=y
4818
4819#
4820# Address Space Protection
4821#
4822CONFIG_GRKERNSEC_KMEM=y
4823# CONFIG_GRKERNSEC_VM86 is not set
4824# CONFIG_GRKERNSEC_IO is not set
4825CONFIG_GRKERNSEC_PROC_MEMMAP=y
4826# CONFIG_GRKERNSEC_BRUTE is not set
4827# CONFIG_GRKERNSEC_MODHARDEN is not set
4828# CONFIG_GRKERNSEC_HIDESYM is not set
4829# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
4830
4831#
4832# Role Based Access Control Options
4833#
4834# CONFIG_GRKERNSEC_NO_RBAC is not set
4835CONFIG_GRKERNSEC_ACL_HIDEKERN=y
4836CONFIG_GRKERNSEC_ACL_MAXTRIES=3
4837CONFIG_GRKERNSEC_ACL_TIMEOUT=30
4838
4839#
4840# Filesystem Protections
4841#
4842CONFIG_GRKERNSEC_PROC=y
4843# CONFIG_GRKERNSEC_PROC_USER is not set
4844CONFIG_GRKERNSEC_PROC_USERGROUP=y
4845CONFIG_GRKERNSEC_PROC_GID=30
4846CONFIG_GRKERNSEC_PROC_ADD=y
4847CONFIG_GRKERNSEC_LINK=y
4848CONFIG_GRKERNSEC_FIFO=y
4849CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
4850# CONFIG_GRKERNSEC_ROFS is not set
4851CONFIG_GRKERNSEC_CHROOT=y
4852CONFIG_GRKERNSEC_CHROOT_MOUNT=y
4853CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
4854CONFIG_GRKERNSEC_CHROOT_PIVOT=y
4855CONFIG_GRKERNSEC_CHROOT_CHDIR=y
4856CONFIG_GRKERNSEC_CHROOT_CHMOD=y
4857CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
4858CONFIG_GRKERNSEC_CHROOT_MKNOD=y
4859CONFIG_GRKERNSEC_CHROOT_SHMAT=y
4860CONFIG_GRKERNSEC_CHROOT_UNIX=y
4861CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
4862CONFIG_GRKERNSEC_CHROOT_NICE=y
4863CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
4864CONFIG_GRKERNSEC_CHROOT_CAPS=y
4865
4866#
4867# Kernel Auditing
4868#
4869# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
4870# CONFIG_GRKERNSEC_EXECLOG is not set
4871CONFIG_GRKERNSEC_RESLOG=y
4872# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
4873# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
4874# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
4875# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
4876CONFIG_GRKERNSEC_SIGNAL=y
4877CONFIG_GRKERNSEC_FORKFAIL=y
4878CONFIG_GRKERNSEC_TIME=y
4879CONFIG_GRKERNSEC_PROC_IPADDR=y
4880# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
4881# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
4882
4883#
4884# Executable Protections
4885#
4886CONFIG_GRKERNSEC_EXECVE=y
4887# CONFIG_GRKERNSEC_DMESG is not set
4888CONFIG_GRKERNSEC_HARDEN_PTRACE=y
4889# CONFIG_GRKERNSEC_TPE is not set
4890
4891#
4892# Network Protections
4893#
4894CONFIG_GRKERNSEC_RANDNET=y
4895# CONFIG_GRKERNSEC_BLACKHOLE is not set
4896# CONFIG_GRKERNSEC_SOCKET is not set
4897
4898#
4899# Sysctl support
4900#
4901CONFIG_GRKERNSEC_SYSCTL=y
4902CONFIG_GRKERNSEC_SYSCTL_ON=y
4903
4904#
4905# Logging Options
4906#
4907CONFIG_GRKERNSEC_FLOODTIME=10
4908CONFIG_GRKERNSEC_FLOODBURST=4
4909
4910#
4911# PaX
4912#
4913CONFIG_ARCH_TRACK_EXEC_LIMIT=y
4914CONFIG_PAX=y
4915
4916#
4917# PaX Control
4918#
4919CONFIG_PAX_SOFTMODE=y
4920# CONFIG_PAX_EI_PAX is not set
4921CONFIG_PAX_PT_PAX_FLAGS=y
4922# CONFIG_PAX_NO_ACL_FLAGS is not set
4923CONFIG_PAX_HAVE_ACL_FLAGS=y
4924# CONFIG_PAX_HOOK_ACL_FLAGS is not set
4925
4926#
4927# Non-executable pages
4928#
4929CONFIG_PAX_NOEXEC=y
4930CONFIG_PAX_PAGEEXEC=y
4931CONFIG_PAX_SEGMEXEC=y
4932CONFIG_PAX_EMUTRAMP=y
4933CONFIG_PAX_MPROTECT=y
4934# CONFIG_PAX_MPROTECT_COMPAT is not set
4935# CONFIG_PAX_ELFRELOCS is not set
4936# CONFIG_PAX_KERNEXEC is not set
4937
4938#
4939# Address Space Layout Randomization
4940#
4941CONFIG_PAX_ASLR=y
4942CONFIG_PAX_RANDUSTACK=y
4943CONFIG_PAX_RANDMMAP=y
4944
4945#
4946# Miscellaneous hardening features
4947#
4948# CONFIG_PAX_MEMORY_SANITIZE is not set
4949# CONFIG_PAX_MEMORY_STACKLEAK is not set
4950# CONFIG_PAX_MEMORY_UDEREF is not set
4951CONFIG_PAX_REFCOUNT=y
4952# CONFIG_PAX_USERCOPY is not set
4953CONFIG_KEYS=y
4954CONFIG_TRUSTED_KEYS=m
4955CONFIG_ENCRYPTED_KEYS=m
4956# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
4957# CONFIG_SECURITY_DMESG_RESTRICT is not set
4958CONFIG_SECURITY=y
4959CONFIG_SECURITYFS=y
4960# CONFIG_SECURITY_NETWORK is not set
4961# CONFIG_SECURITY_PATH is not set
4962# CONFIG_SECURITY_TOMOYO is not set
4963# CONFIG_SECURITY_APPARMOR is not set
4964# CONFIG_IMA is not set
4965CONFIG_DEFAULT_SECURITY_DAC=y
4966CONFIG_DEFAULT_SECURITY=""
4967CONFIG_XOR_BLOCKS=m
4968CONFIG_ASYNC_CORE=m
4969CONFIG_ASYNC_MEMCPY=m
4970CONFIG_ASYNC_XOR=m
4971CONFIG_ASYNC_PQ=m
4972CONFIG_ASYNC_RAID6_RECOV=m
4973CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y
4974CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y
4975CONFIG_CRYPTO=y
4976
4977#
4978# Crypto core or helper
4979#
4980CONFIG_CRYPTO_ALGAPI=y
4981CONFIG_CRYPTO_ALGAPI2=y
4982CONFIG_CRYPTO_AEAD=m
4983CONFIG_CRYPTO_AEAD2=y
4984CONFIG_CRYPTO_BLKCIPHER=m
4985CONFIG_CRYPTO_BLKCIPHER2=y
4986CONFIG_CRYPTO_HASH=y
4987CONFIG_CRYPTO_HASH2=y
4988CONFIG_CRYPTO_RNG=m
4989CONFIG_CRYPTO_RNG2=y
4990CONFIG_CRYPTO_PCOMP=m
4991CONFIG_CRYPTO_PCOMP2=y
4992CONFIG_CRYPTO_MANAGER=m
4993CONFIG_CRYPTO_MANAGER2=y
4994CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
4995CONFIG_CRYPTO_GF128MUL=m
4996CONFIG_CRYPTO_NULL=m
4997CONFIG_CRYPTO_PCRYPT=m
4998CONFIG_CRYPTO_WORKQUEUE=y
4999CONFIG_CRYPTO_CRYPTD=m
5000CONFIG_CRYPTO_AUTHENC=m
5001CONFIG_CRYPTO_TEST=m
5002
5003#
5004# Authenticated Encryption with Associated Data
5005#
5006CONFIG_CRYPTO_CCM=m
5007CONFIG_CRYPTO_GCM=m
5008CONFIG_CRYPTO_SEQIV=m
5009
5010#
5011# Block modes
5012#
5013CONFIG_CRYPTO_CBC=m
5014CONFIG_CRYPTO_CTR=m
5015CONFIG_CRYPTO_CTS=m
5016CONFIG_CRYPTO_ECB=m
5017CONFIG_CRYPTO_LRW=m
5018CONFIG_CRYPTO_PCBC=m
5019CONFIG_CRYPTO_XTS=m
5020CONFIG_CRYPTO_FPU=m
5021
5022#
5023# Hash modes
5024#
5025CONFIG_CRYPTO_HMAC=m
5026CONFIG_CRYPTO_XCBC=m
5027CONFIG_CRYPTO_VMAC=m
5028
5029#
5030# Digest
5031#
5032CONFIG_CRYPTO_CRC32C=m
5033CONFIG_CRYPTO_CRC32C_INTEL=m
5034CONFIG_CRYPTO_GHASH=m
5035CONFIG_CRYPTO_MD4=m
5036CONFIG_CRYPTO_MD5=y
5037CONFIG_CRYPTO_MICHAEL_MIC=m
5038CONFIG_CRYPTO_RMD128=m
5039CONFIG_CRYPTO_RMD160=m
5040CONFIG_CRYPTO_RMD256=m
5041CONFIG_CRYPTO_RMD320=m
5042CONFIG_CRYPTO_SHA1=m
5043CONFIG_CRYPTO_SHA256=y
5044CONFIG_CRYPTO_SHA512=m
5045CONFIG_CRYPTO_TGR192=m
5046CONFIG_CRYPTO_WP512=m
5047
5048#
5049# Ciphers
5050#
5051CONFIG_CRYPTO_AES=m
5052CONFIG_CRYPTO_AES_586=m
5053CONFIG_CRYPTO_AES_NI_INTEL=m
5054CONFIG_CRYPTO_ANUBIS=m
5055CONFIG_CRYPTO_ARC4=m
5056CONFIG_CRYPTO_BLOWFISH=m
5057CONFIG_CRYPTO_CAMELLIA=m
5058CONFIG_CRYPTO_CAST5=m
5059CONFIG_CRYPTO_CAST6=m
5060CONFIG_CRYPTO_DES=m
5061CONFIG_CRYPTO_FCRYPT=m
5062CONFIG_CRYPTO_KHAZAD=m
5063CONFIG_CRYPTO_SALSA20=m
5064CONFIG_CRYPTO_SALSA20_586=m
5065CONFIG_CRYPTO_SEED=m
5066CONFIG_CRYPTO_SERPENT=m
5067CONFIG_CRYPTO_TEA=m
5068CONFIG_CRYPTO_TWOFISH=m
5069CONFIG_CRYPTO_TWOFISH_COMMON=m
5070CONFIG_CRYPTO_TWOFISH_586=m
5071
5072#
5073# Compression
5074#
5075CONFIG_CRYPTO_DEFLATE=m
5076CONFIG_CRYPTO_ZLIB=m
5077CONFIG_CRYPTO_LZO=m
5078
5079#
5080# Random Number Generation
5081#
5082CONFIG_CRYPTO_ANSI_CPRNG=m
5083CONFIG_CRYPTO_USER_API=m
5084CONFIG_CRYPTO_USER_API_HASH=m
5085CONFIG_CRYPTO_USER_API_SKCIPHER=m
5086CONFIG_CRYPTO_HW=y
5087CONFIG_CRYPTO_DEV_PADLOCK=m
5088CONFIG_CRYPTO_DEV_PADLOCK_AES=m
5089CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
5090# CONFIG_CRYPTO_DEV_GEODE is not set
5091CONFIG_CRYPTO_DEV_HIFN_795X=m
5092CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
5093CONFIG_HAVE_KVM=y
5094CONFIG_HAVE_KVM_IRQCHIP=y
5095CONFIG_HAVE_KVM_EVENTFD=y
5096CONFIG_KVM_APIC_ARCHITECTURE=y
5097CONFIG_KVM_MMIO=y
5098CONFIG_KVM_ASYNC_PF=y
5099CONFIG_VIRTUALIZATION=y
5100CONFIG_KVM=m
5101CONFIG_KVM_INTEL=m
5102CONFIG_KVM_AMD=m
5103CONFIG_VHOST_NET=m
5104# CONFIG_LGUEST is not set
5105CONFIG_VIRTIO=m
5106CONFIG_VIRTIO_RING=m
5107CONFIG_VIRTIO_PCI=m
5108CONFIG_VIRTIO_BALLOON=m
5109# CONFIG_BINARY_PRINTF is not set
5110
5111#
5112# Library routines
5113#
5114CONFIG_RAID6_PQ=m
5115CONFIG_BITREVERSE=y
5116CONFIG_GENERIC_FIND_FIRST_BIT=y
5117CONFIG_GENERIC_FIND_NEXT_BIT=y
5118CONFIG_GENERIC_FIND_LAST_BIT=y
5119CONFIG_CRC_CCITT=m
5120CONFIG_CRC16=m
5121CONFIG_CRC_T10DIF=m
5122CONFIG_CRC_ITU_T=m
5123CONFIG_CRC32=y
5124CONFIG_CRC7=m
5125CONFIG_LIBCRC32C=m
5126CONFIG_ZLIB_INFLATE=y
5127CONFIG_ZLIB_DEFLATE=m
5128CONFIG_LZO_COMPRESS=m
5129CONFIG_LZO_DECOMPRESS=y
5130CONFIG_XZ_DEC=y
5131CONFIG_XZ_DEC_X86=y
5132CONFIG_XZ_DEC_POWERPC=y
5133CONFIG_XZ_DEC_IA64=y
5134CONFIG_XZ_DEC_ARM=y
5135CONFIG_XZ_DEC_ARMTHUMB=y
5136CONFIG_XZ_DEC_SPARC=y
5137CONFIG_XZ_DEC_BCJ=y
5138# CONFIG_XZ_DEC_TEST is not set
5139CONFIG_DECOMPRESS_GZIP=y
5140CONFIG_DECOMPRESS_BZIP2=y
5141CONFIG_DECOMPRESS_LZMA=y
5142CONFIG_DECOMPRESS_XZ=y
5143CONFIG_DECOMPRESS_LZO=y
5144CONFIG_GENERIC_ALLOCATOR=y
5145CONFIG_REED_SOLOMON=m
5146CONFIG_REED_SOLOMON_DEC16=y
5147CONFIG_TEXTSEARCH=y
5148CONFIG_TEXTSEARCH_KMP=m
5149CONFIG_TEXTSEARCH_BM=m
5150CONFIG_TEXTSEARCH_FSM=m
5151CONFIG_BTREE=y
5152CONFIG_HAS_IOMEM=y
5153CONFIG_HAS_IOPORT=y
5154CONFIG_HAS_DMA=y
5155CONFIG_CHECK_SIGNATURE=y
5156CONFIG_NLATTR=y
5157CONFIG_AVERAGE=y
diff --git a/testing/linux-grsec/kernelconfig.x86_64 b/testing/linux-grsec/kernelconfig.x86_64
deleted file mode 100644
index c035fc93bf..0000000000
--- a/testing/linux-grsec/kernelconfig.x86_64
+++ /dev/null
@@ -1,5111 +0,0 @@
1#
2# Automatically generated make config: don't edit
3# Linux/x86_64 2.6.38.3 Kernel Configuration
4# Mon Apr 18 10:45:51 2011
5#
6CONFIG_64BIT=y
7# CONFIG_X86_32 is not set
8CONFIG_X86_64=y
9CONFIG_X86=y
10CONFIG_INSTRUCTION_DECODER=y
11CONFIG_OUTPUT_FORMAT="elf64-x86-64"
12CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
13CONFIG_GENERIC_CMOS_UPDATE=y
14CONFIG_CLOCKSOURCE_WATCHDOG=y
15CONFIG_GENERIC_CLOCKEVENTS=y
16CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
17CONFIG_LOCKDEP_SUPPORT=y
18CONFIG_STACKTRACE_SUPPORT=y
19CONFIG_HAVE_LATENCYTOP_SUPPORT=y
20CONFIG_MMU=y
21CONFIG_ZONE_DMA=y
22CONFIG_NEED_DMA_MAP_STATE=y
23CONFIG_NEED_SG_DMA_LENGTH=y
24CONFIG_GENERIC_ISA_DMA=y
25CONFIG_GENERIC_IOMAP=y
26CONFIG_GENERIC_BUG=y
27CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
28CONFIG_GENERIC_HWEIGHT=y
29CONFIG_GENERIC_GPIO=y
30CONFIG_ARCH_MAY_HAVE_PC_FDC=y
31# CONFIG_RWSEM_GENERIC_SPINLOCK is not set
32CONFIG_RWSEM_XCHGADD_ALGORITHM=y
33CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
34CONFIG_GENERIC_CALIBRATE_DELAY=y
35CONFIG_GENERIC_TIME_VSYSCALL=y
36CONFIG_ARCH_HAS_CPU_RELAX=y
37CONFIG_ARCH_HAS_DEFAULT_IDLE=y
38CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
39CONFIG_HAVE_SETUP_PER_CPU_AREA=y
40CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
41CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
42CONFIG_HAVE_CPUMASK_OF_CPU_MAP=y
43CONFIG_ARCH_HIBERNATION_POSSIBLE=y
44CONFIG_ARCH_SUSPEND_POSSIBLE=y
45CONFIG_ZONE_DMA32=y
46CONFIG_ARCH_POPULATES_NODE_MAP=y
47CONFIG_AUDIT_ARCH=y
48CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
49CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
50CONFIG_X86_64_SMP=y
51CONFIG_X86_HT=y
52CONFIG_X86_TRAMPOLINE=y
53CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
54# CONFIG_KTIME_SCALAR is not set
55CONFIG_ARCH_CPU_PROBE_RELEASE=y
56CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
57CONFIG_CONSTRUCTORS=y
58CONFIG_HAVE_IRQ_WORK=y
59CONFIG_IRQ_WORK=y
60
61#
62# General setup
63#
64CONFIG_EXPERIMENTAL=y
65CONFIG_LOCK_KERNEL=y
66CONFIG_INIT_ENV_ARG_LIMIT=32
67CONFIG_CROSS_COMPILE=""
68CONFIG_LOCALVERSION=""
69# CONFIG_LOCALVERSION_AUTO is not set
70CONFIG_HAVE_KERNEL_GZIP=y
71CONFIG_HAVE_KERNEL_BZIP2=y
72CONFIG_HAVE_KERNEL_LZMA=y
73CONFIG_HAVE_KERNEL_XZ=y
74CONFIG_HAVE_KERNEL_LZO=y
75CONFIG_KERNEL_GZIP=y
76# CONFIG_KERNEL_BZIP2 is not set
77# CONFIG_KERNEL_LZMA is not set
78# CONFIG_KERNEL_XZ is not set
79# CONFIG_KERNEL_LZO is not set
80CONFIG_SWAP=y
81CONFIG_SYSVIPC=y
82CONFIG_SYSVIPC_SYSCTL=y
83# CONFIG_POSIX_MQUEUE is not set
84CONFIG_BSD_PROCESS_ACCT=y
85CONFIG_BSD_PROCESS_ACCT_V3=y
86# CONFIG_TASKSTATS is not set
87# CONFIG_AUDIT is not set
88CONFIG_HAVE_GENERIC_HARDIRQS=y
89
90#
91# IRQ subsystem
92#
93CONFIG_GENERIC_HARDIRQS=y
94# CONFIG_GENERIC_HARDIRQS_NO_DEPRECATED is not set
95CONFIG_HAVE_SPARSE_IRQ=y
96CONFIG_GENERIC_IRQ_PROBE=y
97CONFIG_GENERIC_PENDING_IRQ=y
98# CONFIG_AUTO_IRQ_AFFINITY is not set
99# CONFIG_IRQ_PER_CPU is not set
100# CONFIG_HARDIRQS_SW_RESEND is not set
101# CONFIG_SPARSE_IRQ is not set
102
103#
104# RCU Subsystem
105#
106CONFIG_TREE_RCU=y
107# CONFIG_PREEMPT_RCU is not set
108# CONFIG_RCU_TRACE is not set
109CONFIG_RCU_FANOUT=32
110# CONFIG_RCU_FANOUT_EXACT is not set
111CONFIG_RCU_FAST_NO_HZ=y
112# CONFIG_TREE_RCU_TRACE is not set
113CONFIG_IKCONFIG=m
114CONFIG_IKCONFIG_PROC=y
115CONFIG_LOG_BUF_SHIFT=14
116CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
117CONFIG_CGROUPS=y
118# CONFIG_CGROUP_DEBUG is not set
119CONFIG_CGROUP_NS=y
120CONFIG_CGROUP_FREEZER=y
121CONFIG_CGROUP_DEVICE=y
122CONFIG_CPUSETS=y
123# CONFIG_PROC_PID_CPUSET is not set
124CONFIG_CGROUP_CPUACCT=y
125CONFIG_RESOURCE_COUNTERS=y
126# CONFIG_CGROUP_MEM_RES_CTLR is not set
127CONFIG_CGROUP_SCHED=y
128CONFIG_FAIR_GROUP_SCHED=y
129CONFIG_RT_GROUP_SCHED=y
130CONFIG_BLK_CGROUP=y
131# CONFIG_DEBUG_BLK_CGROUP is not set
132CONFIG_NAMESPACES=y
133CONFIG_UTS_NS=y
134CONFIG_IPC_NS=y
135CONFIG_USER_NS=y
136CONFIG_PID_NS=y
137CONFIG_NET_NS=y
138CONFIG_SCHED_AUTOGROUP=y
139# CONFIG_SYSFS_DEPRECATED is not set
140# CONFIG_RELAY is not set
141CONFIG_BLK_DEV_INITRD=y
142CONFIG_INITRAMFS_SOURCE=""
143CONFIG_RD_GZIP=y
144CONFIG_RD_BZIP2=y
145CONFIG_RD_LZMA=y
146CONFIG_RD_XZ=y
147CONFIG_RD_LZO=y
148CONFIG_CC_OPTIMIZE_FOR_SIZE=y
149CONFIG_SYSCTL=y
150CONFIG_ANON_INODES=y
151CONFIG_EXPERT=y
152CONFIG_EMBEDDED=y
153CONFIG_UID16=y
154CONFIG_SYSCTL_SYSCALL=y
155CONFIG_KALLSYMS=y
156# CONFIG_KALLSYMS_EXTRA_PASS is not set
157CONFIG_HOTPLUG=y
158CONFIG_PRINTK=y
159CONFIG_BUG=y
160CONFIG_ELF_CORE=y
161CONFIG_PCSPKR_PLATFORM=y
162CONFIG_BASE_FULL=y
163CONFIG_FUTEX=y
164CONFIG_EPOLL=y
165CONFIG_SIGNALFD=y
166CONFIG_TIMERFD=y
167CONFIG_EVENTFD=y
168CONFIG_SHMEM=y
169CONFIG_AIO=y
170CONFIG_HAVE_PERF_EVENTS=y
171
172#
173# Kernel Performance Events And Counters
174#
175CONFIG_PERF_EVENTS=y
176CONFIG_PERF_COUNTERS=y
177CONFIG_VM_EVENT_COUNTERS=y
178CONFIG_PCI_QUIRKS=y
179# CONFIG_SLUB_DEBUG is not set
180# CONFIG_COMPAT_BRK is not set
181# CONFIG_SLAB is not set
182CONFIG_SLUB=y
183# CONFIG_SLOB is not set
184CONFIG_PROFILING=y
185CONFIG_OPROFILE=m
186# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
187CONFIG_HAVE_OPROFILE=y
188CONFIG_KPROBES=y
189# CONFIG_JUMP_LABEL is not set
190CONFIG_OPTPROBES=y
191CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
192CONFIG_KRETPROBES=y
193CONFIG_USER_RETURN_NOTIFIER=y
194CONFIG_HAVE_IOREMAP_PROT=y
195CONFIG_HAVE_KPROBES=y
196CONFIG_HAVE_KRETPROBES=y
197CONFIG_HAVE_OPTPROBES=y
198CONFIG_HAVE_ARCH_TRACEHOOK=y
199CONFIG_HAVE_DMA_ATTRS=y
200CONFIG_USE_GENERIC_SMP_HELPERS=y
201CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
202CONFIG_HAVE_DMA_API_DEBUG=y
203CONFIG_HAVE_HW_BREAKPOINT=y
204CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
205CONFIG_HAVE_USER_RETURN_NOTIFIER=y
206CONFIG_HAVE_PERF_EVENTS_NMI=y
207CONFIG_HAVE_ARCH_JUMP_LABEL=y
208
209#
210# GCOV-based kernel profiling
211#
212# CONFIG_GCOV_KERNEL is not set
213# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
214CONFIG_RT_MUTEXES=y
215CONFIG_BASE_SMALL=0
216CONFIG_MODULES=y
217# CONFIG_MODULE_FORCE_LOAD is not set
218CONFIG_MODULE_UNLOAD=y
219# CONFIG_MODULE_FORCE_UNLOAD is not set
220CONFIG_MODVERSIONS=y
221# CONFIG_MODULE_SRCVERSION_ALL is not set
222CONFIG_STOP_MACHINE=y
223CONFIG_BLOCK=y
224CONFIG_BLK_DEV_BSG=y
225# CONFIG_BLK_DEV_INTEGRITY is not set
226# CONFIG_BLK_DEV_THROTTLING is not set
227CONFIG_BLOCK_COMPAT=y
228
229#
230# IO Schedulers
231#
232CONFIG_IOSCHED_NOOP=y
233CONFIG_IOSCHED_DEADLINE=m
234CONFIG_IOSCHED_CFQ=y
235# CONFIG_CFQ_GROUP_IOSCHED is not set
236CONFIG_DEFAULT_CFQ=y
237# CONFIG_DEFAULT_NOOP is not set
238CONFIG_DEFAULT_IOSCHED="cfq"
239CONFIG_PREEMPT_NOTIFIERS=y
240CONFIG_PADATA=y
241# CONFIG_INLINE_SPIN_TRYLOCK is not set
242# CONFIG_INLINE_SPIN_TRYLOCK_BH is not set
243# CONFIG_INLINE_SPIN_LOCK is not set
244# CONFIG_INLINE_SPIN_LOCK_BH is not set
245# CONFIG_INLINE_SPIN_LOCK_IRQ is not set
246# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set
247CONFIG_INLINE_SPIN_UNLOCK=y
248# CONFIG_INLINE_SPIN_UNLOCK_BH is not set
249CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
250# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set
251# CONFIG_INLINE_READ_TRYLOCK is not set
252# CONFIG_INLINE_READ_LOCK is not set
253# CONFIG_INLINE_READ_LOCK_BH is not set
254# CONFIG_INLINE_READ_LOCK_IRQ is not set
255# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set
256CONFIG_INLINE_READ_UNLOCK=y
257# CONFIG_INLINE_READ_UNLOCK_BH is not set
258CONFIG_INLINE_READ_UNLOCK_IRQ=y
259# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set
260# CONFIG_INLINE_WRITE_TRYLOCK is not set
261# CONFIG_INLINE_WRITE_LOCK is not set
262# CONFIG_INLINE_WRITE_LOCK_BH is not set
263# CONFIG_INLINE_WRITE_LOCK_IRQ is not set
264# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set
265CONFIG_INLINE_WRITE_UNLOCK=y
266# CONFIG_INLINE_WRITE_UNLOCK_BH is not set
267CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
268# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set
269CONFIG_MUTEX_SPIN_ON_OWNER=y
270CONFIG_FREEZER=y
271
272#
273# Processor type and features
274#
275CONFIG_TICK_ONESHOT=y
276CONFIG_NO_HZ=y
277CONFIG_HIGH_RES_TIMERS=y
278CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
279CONFIG_SMP=y
280CONFIG_X86_MPPARSE=y
281CONFIG_X86_EXTENDED_PLATFORM=y
282# CONFIG_X86_VSMP is not set
283CONFIG_SCHED_OMIT_FRAME_POINTER=y
284CONFIG_PARAVIRT_GUEST=y
285CONFIG_XEN=y
286CONFIG_XEN_DOM0=y
287CONFIG_XEN_PRIVILEGED_GUEST=y
288CONFIG_XEN_PVHVM=y
289CONFIG_XEN_MAX_DOMAIN_MEMORY=128
290CONFIG_XEN_SAVE_RESTORE=y
291# CONFIG_XEN_DEBUG_FS is not set
292CONFIG_KVM_CLOCK=y
293CONFIG_KVM_GUEST=y
294CONFIG_PARAVIRT=y
295# CONFIG_PARAVIRT_SPINLOCKS is not set
296CONFIG_PARAVIRT_CLOCK=y
297CONFIG_NO_BOOTMEM=y
298# CONFIG_MEMTEST is not set
299# CONFIG_MK8 is not set
300# CONFIG_MPSC is not set
301# CONFIG_MCORE2 is not set
302# CONFIG_MATOM is not set
303CONFIG_GENERIC_CPU=y
304CONFIG_X86_CPU=y
305CONFIG_X86_INTERNODE_CACHE_SHIFT=6
306CONFIG_X86_CMPXCHG=y
307CONFIG_CMPXCHG_LOCAL=y
308CONFIG_X86_L1_CACHE_SHIFT=6
309CONFIG_X86_XADD=y
310CONFIG_X86_WP_WORKS_OK=y
311CONFIG_X86_TSC=y
312CONFIG_X86_CMPXCHG64=y
313CONFIG_X86_CMOV=y
314CONFIG_X86_MINIMUM_CPU_FAMILY=64
315CONFIG_X86_DEBUGCTLMSR=y
316# CONFIG_PROCESSOR_SELECT is not set
317CONFIG_CPU_SUP_INTEL=y
318CONFIG_CPU_SUP_AMD=y
319CONFIG_CPU_SUP_CENTAUR=y
320CONFIG_HPET_TIMER=y
321CONFIG_HPET_EMULATE_RTC=y
322CONFIG_DMI=y
323CONFIG_GART_IOMMU=y
324# CONFIG_CALGARY_IOMMU is not set
325# CONFIG_AMD_IOMMU is not set
326CONFIG_SWIOTLB=y
327CONFIG_IOMMU_HELPER=y
328# CONFIG_IOMMU_API is not set
329CONFIG_NR_CPUS=8
330CONFIG_SCHED_SMT=y
331CONFIG_SCHED_MC=y
332CONFIG_IRQ_TIME_ACCOUNTING=y
333# CONFIG_PREEMPT_NONE is not set
334CONFIG_PREEMPT_VOLUNTARY=y
335# CONFIG_PREEMPT is not set
336CONFIG_X86_LOCAL_APIC=y
337CONFIG_X86_IO_APIC=y
338# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
339# CONFIG_X86_MCE is not set
340CONFIG_I8K=m
341CONFIG_MICROCODE=m
342CONFIG_MICROCODE_INTEL=y
343CONFIG_MICROCODE_AMD=y
344CONFIG_MICROCODE_OLD_INTERFACE=y
345CONFIG_X86_MSR=m
346CONFIG_X86_CPUID=m
347CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
348CONFIG_ARCH_DMA_ADDR_T_64BIT=y
349CONFIG_DIRECT_GBPAGES=y
350# CONFIG_NUMA is not set
351CONFIG_ARCH_SPARSEMEM_DEFAULT=y
352CONFIG_ARCH_SPARSEMEM_ENABLE=y
353CONFIG_ARCH_SELECT_MEMORY_MODEL=y
354CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
355CONFIG_SELECT_MEMORY_MODEL=y
356CONFIG_SPARSEMEM_MANUAL=y
357CONFIG_SPARSEMEM=y
358CONFIG_HAVE_MEMORY_PRESENT=y
359CONFIG_SPARSEMEM_EXTREME=y
360CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
361CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
362CONFIG_SPARSEMEM_VMEMMAP=y
363CONFIG_HAVE_MEMBLOCK=y
364# CONFIG_MEMORY_HOTPLUG is not set
365CONFIG_PAGEFLAGS_EXTENDED=y
366CONFIG_SPLIT_PTLOCK_CPUS=4
367CONFIG_COMPACTION=y
368CONFIG_MIGRATION=y
369CONFIG_PHYS_ADDR_T_64BIT=y
370CONFIG_ZONE_DMA_FLAG=1
371CONFIG_BOUNCE=y
372CONFIG_VIRT_TO_BUS=y
373CONFIG_MMU_NOTIFIER=y
374CONFIG_KSM=y
375CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
376CONFIG_TRANSPARENT_HUGEPAGE=y
377CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
378# CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
379# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
380CONFIG_X86_RESERVE_LOW=64
381CONFIG_MTRR=y
382CONFIG_MTRR_SANITIZER=y
383CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
384CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
385CONFIG_X86_PAT=y
386CONFIG_ARCH_USES_PG_UNCACHED=y
387# CONFIG_EFI is not set
388# CONFIG_SECCOMP is not set
389# CONFIG_CC_STACKPROTECTOR is not set
390# CONFIG_HZ_100 is not set
391# CONFIG_HZ_250 is not set
392CONFIG_HZ_300=y
393# CONFIG_HZ_1000 is not set
394CONFIG_HZ=300
395CONFIG_SCHED_HRTICK=y
396# CONFIG_KEXEC is not set
397# CONFIG_CRASH_DUMP is not set
398CONFIG_PHYSICAL_START=0x1000000
399# CONFIG_RELOCATABLE is not set
400CONFIG_PHYSICAL_ALIGN=0x1000000
401CONFIG_HOTPLUG_CPU=y
402# CONFIG_CMDLINE_BOOL is not set
403CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
404
405#
406# Power management and ACPI options
407#
408CONFIG_PM=y
409# CONFIG_PM_DEBUG is not set
410CONFIG_PM_SLEEP_SMP=y
411CONFIG_PM_SLEEP=y
412CONFIG_SUSPEND=y
413CONFIG_SUSPEND_FREEZER=y
414# CONFIG_HIBERNATION is not set
415# CONFIG_PM_RUNTIME is not set
416CONFIG_PM_OPS=y
417CONFIG_ACPI=y
418CONFIG_ACPI_SLEEP=y
419CONFIG_ACPI_PROCFS=y
420CONFIG_ACPI_PROCFS_POWER=y
421# CONFIG_ACPI_POWER_METER is not set
422CONFIG_ACPI_EC_DEBUGFS=y
423CONFIG_ACPI_PROC_EVENT=y
424CONFIG_ACPI_AC=m
425CONFIG_ACPI_BATTERY=m
426CONFIG_ACPI_BUTTON=m
427CONFIG_ACPI_VIDEO=m
428CONFIG_ACPI_FAN=m
429CONFIG_ACPI_DOCK=y
430CONFIG_ACPI_PROCESSOR=m
431CONFIG_ACPI_IPMI=m
432CONFIG_ACPI_HOTPLUG_CPU=y
433# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
434CONFIG_ACPI_THERMAL=m
435# CONFIG_ACPI_CUSTOM_DSDT is not set
436CONFIG_ACPI_BLACKLIST_YEAR=0
437# CONFIG_ACPI_DEBUG is not set
438CONFIG_ACPI_PCI_SLOT=m
439CONFIG_X86_PM_TIMER=y
440CONFIG_ACPI_CONTAINER=m
441CONFIG_ACPI_SBS=m
442CONFIG_ACPI_HED=m
443CONFIG_ACPI_APEI=y
444CONFIG_ACPI_APEI_GHES=m
445CONFIG_ACPI_APEI_EINJ=m
446CONFIG_ACPI_APEI_ERST_DEBUG=y
447# CONFIG_SFI is not set
448
449#
450# CPU Frequency scaling
451#
452CONFIG_CPU_FREQ=y
453CONFIG_CPU_FREQ_TABLE=m
454# CONFIG_CPU_FREQ_DEBUG is not set
455CONFIG_CPU_FREQ_STAT=m
456# CONFIG_CPU_FREQ_STAT_DETAILS is not set
457CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
458# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
459# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
460# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
461# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
462CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
463CONFIG_CPU_FREQ_GOV_POWERSAVE=m
464CONFIG_CPU_FREQ_GOV_USERSPACE=m
465CONFIG_CPU_FREQ_GOV_ONDEMAND=m
466CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
467
468#
469# CPUFreq processor drivers
470#
471CONFIG_X86_PCC_CPUFREQ=m
472CONFIG_X86_ACPI_CPUFREQ=m
473CONFIG_X86_POWERNOW_K8=m
474CONFIG_X86_SPEEDSTEP_CENTRINO=m
475CONFIG_X86_P4_CLOCKMOD=m
476
477#
478# shared options
479#
480CONFIG_X86_SPEEDSTEP_LIB=m
481CONFIG_CPU_IDLE=y
482CONFIG_CPU_IDLE_GOV_LADDER=y
483CONFIG_CPU_IDLE_GOV_MENU=y
484CONFIG_INTEL_IDLE=y
485
486#
487# Memory power savings
488#
489# CONFIG_I7300_IDLE is not set
490
491#
492# Bus options (PCI etc.)
493#
494CONFIG_PCI=y
495CONFIG_PCI_DIRECT=y
496CONFIG_PCI_MMCONFIG=y
497CONFIG_PCI_XEN=y
498CONFIG_PCI_DOMAINS=y
499CONFIG_PCI_CNB20LE_QUIRK=y
500# CONFIG_DMAR is not set
501# CONFIG_INTR_REMAP is not set
502CONFIG_PCIEPORTBUS=y
503CONFIG_HOTPLUG_PCI_PCIE=m
504# CONFIG_PCIEAER is not set
505CONFIG_PCIEASPM=y
506# CONFIG_PCIEASPM_DEBUG is not set
507CONFIG_ARCH_SUPPORTS_MSI=y
508CONFIG_PCI_MSI=y
509CONFIG_PCI_STUB=m
510CONFIG_XEN_PCIDEV_FRONTEND=y
511CONFIG_HT_IRQ=y
512# CONFIG_PCI_IOV is not set
513CONFIG_PCI_IOAPIC=y
514CONFIG_ISA_DMA_API=y
515CONFIG_AMD_NB=y
516CONFIG_PCCARD=m
517CONFIG_PCMCIA=m
518CONFIG_PCMCIA_LOAD_CIS=y
519CONFIG_CARDBUS=y
520
521#
522# PC-card bridges
523#
524CONFIG_YENTA=m
525CONFIG_YENTA_O2=y
526CONFIG_YENTA_RICOH=y
527CONFIG_YENTA_TI=y
528CONFIG_YENTA_ENE_TUNE=y
529CONFIG_YENTA_TOSHIBA=y
530CONFIG_PD6729=m
531CONFIG_I82092=m
532CONFIG_PCCARD_NONSTATIC=y
533CONFIG_HOTPLUG_PCI=m
534CONFIG_HOTPLUG_PCI_FAKE=m
535CONFIG_HOTPLUG_PCI_ACPI=m
536CONFIG_HOTPLUG_PCI_ACPI_IBM=m
537CONFIG_HOTPLUG_PCI_CPCI=y
538CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m
539CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m
540CONFIG_HOTPLUG_PCI_SHPC=m
541
542#
543# Executable file formats / Emulations
544#
545CONFIG_BINFMT_ELF=y
546CONFIG_COMPAT_BINFMT_ELF=y
547# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
548# CONFIG_HAVE_AOUT is not set
549CONFIG_BINFMT_MISC=m
550CONFIG_IA32_EMULATION=y
551# CONFIG_IA32_AOUT is not set
552CONFIG_COMPAT=y
553CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
554CONFIG_SYSVIPC_COMPAT=y
555CONFIG_HAVE_TEXT_POKE_SMP=y
556CONFIG_NET=y
557CONFIG_COMPAT_NETLINK_MESSAGES=y
558
559#
560# Networking options
561#
562CONFIG_PACKET=m
563CONFIG_UNIX=y
564CONFIG_XFRM=y
565CONFIG_XFRM_USER=m
566CONFIG_XFRM_SUB_POLICY=y
567CONFIG_XFRM_MIGRATE=y
568# CONFIG_XFRM_STATISTICS is not set
569CONFIG_XFRM_IPCOMP=m
570CONFIG_NET_KEY=m
571CONFIG_NET_KEY_MIGRATE=y
572CONFIG_INET=y
573CONFIG_IP_MULTICAST=y
574CONFIG_IP_ADVANCED_ROUTER=y
575CONFIG_ASK_IP_FIB_HASH=y
576# CONFIG_IP_FIB_TRIE is not set
577CONFIG_IP_FIB_HASH=y
578CONFIG_IP_MULTIPLE_TABLES=y
579CONFIG_IP_ROUTE_MULTIPATH=y
580CONFIG_IP_ROUTE_VERBOSE=y
581CONFIG_IP_PNP=y
582CONFIG_IP_PNP_DHCP=y
583CONFIG_IP_PNP_BOOTP=y
584CONFIG_IP_PNP_RARP=y
585CONFIG_NET_IPIP=m
586CONFIG_NET_IPGRE_DEMUX=y
587CONFIG_NET_IPGRE=m
588CONFIG_NET_IPGRE_BROADCAST=y
589CONFIG_IP_MROUTE=y
590CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
591# CONFIG_IP_PIMSM_V1 is not set
592CONFIG_IP_PIMSM_V2=y
593CONFIG_ARPD=y
594CONFIG_SYN_COOKIES=y
595CONFIG_INET_AH=m
596CONFIG_INET_ESP=m
597CONFIG_INET_IPCOMP=m
598CONFIG_INET_XFRM_TUNNEL=m
599CONFIG_INET_TUNNEL=m
600CONFIG_INET_XFRM_MODE_TRANSPORT=m
601CONFIG_INET_XFRM_MODE_TUNNEL=m
602CONFIG_INET_XFRM_MODE_BEET=m
603CONFIG_INET_LRO=y
604CONFIG_INET_DIAG=m
605CONFIG_INET_TCP_DIAG=m
606CONFIG_TCP_CONG_ADVANCED=y
607CONFIG_TCP_CONG_BIC=m
608CONFIG_TCP_CONG_CUBIC=y
609CONFIG_TCP_CONG_WESTWOOD=m
610CONFIG_TCP_CONG_HTCP=m
611CONFIG_TCP_CONG_HSTCP=m
612CONFIG_TCP_CONG_HYBLA=m
613CONFIG_TCP_CONG_VEGAS=m
614CONFIG_TCP_CONG_SCALABLE=m
615CONFIG_TCP_CONG_LP=m
616CONFIG_TCP_CONG_VENO=m
617CONFIG_TCP_CONG_YEAH=m
618CONFIG_TCP_CONG_ILLINOIS=m
619CONFIG_DEFAULT_CUBIC=y
620# CONFIG_DEFAULT_RENO is not set
621CONFIG_DEFAULT_TCP_CONG="cubic"
622CONFIG_TCP_MD5SIG=y
623CONFIG_IPV6=m
624CONFIG_IPV6_PRIVACY=y
625CONFIG_IPV6_ROUTER_PREF=y
626CONFIG_IPV6_ROUTE_INFO=y
627# CONFIG_IPV6_OPTIMISTIC_DAD is not set
628CONFIG_INET6_AH=m
629CONFIG_INET6_ESP=m
630CONFIG_INET6_IPCOMP=m
631CONFIG_IPV6_MIP6=m
632CONFIG_INET6_XFRM_TUNNEL=m
633CONFIG_INET6_TUNNEL=m
634CONFIG_INET6_XFRM_MODE_TRANSPORT=m
635CONFIG_INET6_XFRM_MODE_TUNNEL=m
636CONFIG_INET6_XFRM_MODE_BEET=m
637CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
638CONFIG_IPV6_SIT=m
639CONFIG_IPV6_SIT_6RD=y
640CONFIG_IPV6_NDISC_NODETYPE=y
641CONFIG_IPV6_TUNNEL=m
642CONFIG_IPV6_MULTIPLE_TABLES=y
643CONFIG_IPV6_SUBTREES=y
644CONFIG_IPV6_MROUTE=y
645CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
646CONFIG_IPV6_PIMSM_V2=y
647CONFIG_NETLABEL=y
648CONFIG_NETWORK_SECMARK=y
649CONFIG_NETWORK_PHY_TIMESTAMPING=y
650CONFIG_NETFILTER=y
651# CONFIG_NETFILTER_DEBUG is not set
652CONFIG_NETFILTER_ADVANCED=y
653CONFIG_BRIDGE_NETFILTER=y
654
655#
656# Core Netfilter Configuration
657#
658CONFIG_NETFILTER_NETLINK=m
659CONFIG_NETFILTER_NETLINK_QUEUE=m
660CONFIG_NETFILTER_NETLINK_LOG=m
661CONFIG_NF_CONNTRACK=m
662CONFIG_NF_CONNTRACK_MARK=y
663CONFIG_NF_CONNTRACK_SECMARK=y
664CONFIG_NF_CONNTRACK_ZONES=y
665CONFIG_NF_CONNTRACK_EVENTS=y
666CONFIG_NF_CT_PROTO_DCCP=m
667CONFIG_NF_CT_PROTO_GRE=m
668CONFIG_NF_CT_PROTO_SCTP=m
669CONFIG_NF_CT_PROTO_UDPLITE=m
670CONFIG_NF_CONNTRACK_AMANDA=m
671CONFIG_NF_CONNTRACK_FTP=m
672CONFIG_NF_CONNTRACK_H323=m
673CONFIG_NF_CONNTRACK_IRC=m
674CONFIG_NF_CONNTRACK_NETBIOS_NS=m
675CONFIG_NF_CONNTRACK_PPTP=m
676CONFIG_NF_CONNTRACK_SANE=m
677CONFIG_NF_CONNTRACK_SIP=m
678CONFIG_NF_CONNTRACK_TFTP=m
679CONFIG_NF_CT_NETLINK=m
680CONFIG_NETFILTER_TPROXY=m
681CONFIG_NETFILTER_XTABLES=m
682
683#
684# Xtables combined modules
685#
686CONFIG_NETFILTER_XT_MARK=m
687CONFIG_NETFILTER_XT_CONNMARK=m
688
689#
690# Xtables targets
691#
692CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
693CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
694CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
695CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
696CONFIG_NETFILTER_XT_TARGET_CT=m
697CONFIG_NETFILTER_XT_TARGET_DSCP=m
698CONFIG_NETFILTER_XT_TARGET_HL=m
699CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
700CONFIG_NETFILTER_XT_TARGET_LED=m
701CONFIG_NETFILTER_XT_TARGET_MARK=m
702CONFIG_NETFILTER_XT_TARGET_NFLOG=m
703CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
704CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
705CONFIG_NETFILTER_XT_TARGET_RATEEST=m
706CONFIG_NETFILTER_XT_TARGET_TEE=m
707CONFIG_NETFILTER_XT_TARGET_TPROXY=m
708CONFIG_NETFILTER_XT_TARGET_TRACE=m
709CONFIG_NETFILTER_XT_TARGET_SECMARK=m
710CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
711CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
712
713#
714# Xtables matches
715#
716CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
717CONFIG_NETFILTER_XT_MATCH_COMMENT=m
718CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
719CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
720CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
721CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
722CONFIG_NETFILTER_XT_MATCH_CPU=m
723CONFIG_NETFILTER_XT_MATCH_DCCP=m
724CONFIG_NETFILTER_XT_MATCH_DSCP=m
725CONFIG_NETFILTER_XT_MATCH_ESP=m
726CONFIG_NETFILTER_XT_MATCH_GRADM=m
727CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
728CONFIG_NETFILTER_XT_MATCH_HELPER=m
729CONFIG_NETFILTER_XT_MATCH_HL=m
730CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
731CONFIG_NETFILTER_XT_MATCH_IPVS=m
732CONFIG_NETFILTER_XT_MATCH_LENGTH=m
733CONFIG_NETFILTER_XT_MATCH_LIMIT=m
734CONFIG_NETFILTER_XT_MATCH_MAC=m
735CONFIG_NETFILTER_XT_MATCH_MARK=m
736CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
737CONFIG_NETFILTER_XT_MATCH_OSF=m
738CONFIG_NETFILTER_XT_MATCH_OWNER=m
739CONFIG_NETFILTER_XT_MATCH_POLICY=m
740CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
741CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
742CONFIG_NETFILTER_XT_MATCH_QUOTA=m
743CONFIG_NETFILTER_XT_MATCH_RATEEST=m
744CONFIG_NETFILTER_XT_MATCH_REALM=m
745CONFIG_NETFILTER_XT_MATCH_RECENT=m
746CONFIG_NETFILTER_XT_MATCH_SCTP=m
747CONFIG_NETFILTER_XT_MATCH_SOCKET=m
748CONFIG_NETFILTER_XT_MATCH_STATE=m
749CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
750CONFIG_NETFILTER_XT_MATCH_STRING=m
751CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
752CONFIG_NETFILTER_XT_MATCH_TIME=m
753CONFIG_NETFILTER_XT_MATCH_U32=m
754CONFIG_IP_VS=m
755CONFIG_IP_VS_IPV6=y
756# CONFIG_IP_VS_DEBUG is not set
757CONFIG_IP_VS_TAB_BITS=12
758
759#
760# IPVS transport protocol load balancing support
761#
762CONFIG_IP_VS_PROTO_TCP=y
763CONFIG_IP_VS_PROTO_UDP=y
764CONFIG_IP_VS_PROTO_AH_ESP=y
765CONFIG_IP_VS_PROTO_ESP=y
766CONFIG_IP_VS_PROTO_AH=y
767CONFIG_IP_VS_PROTO_SCTP=y
768
769#
770# IPVS scheduler
771#
772CONFIG_IP_VS_RR=m
773CONFIG_IP_VS_WRR=m
774CONFIG_IP_VS_LC=m
775CONFIG_IP_VS_WLC=m
776CONFIG_IP_VS_LBLC=m
777CONFIG_IP_VS_LBLCR=m
778CONFIG_IP_VS_DH=m
779CONFIG_IP_VS_SH=m
780CONFIG_IP_VS_SED=m
781CONFIG_IP_VS_NQ=m
782
783#
784# IPVS application helper
785#
786CONFIG_IP_VS_FTP=m
787CONFIG_IP_VS_NFCT=y
788CONFIG_IP_VS_PE_SIP=m
789
790#
791# IP: Netfilter Configuration
792#
793CONFIG_NF_DEFRAG_IPV4=m
794CONFIG_NF_CONNTRACK_IPV4=m
795CONFIG_NF_CONNTRACK_PROC_COMPAT=y
796CONFIG_IP_NF_QUEUE=m
797CONFIG_IP_NF_IPTABLES=m
798CONFIG_IP_NF_MATCH_ADDRTYPE=m
799CONFIG_IP_NF_MATCH_AH=m
800CONFIG_IP_NF_MATCH_ECN=m
801CONFIG_IP_NF_MATCH_TTL=m
802CONFIG_IP_NF_FILTER=m
803CONFIG_IP_NF_TARGET_REJECT=m
804CONFIG_IP_NF_TARGET_LOG=m
805CONFIG_IP_NF_TARGET_ULOG=m
806CONFIG_NF_NAT=m
807CONFIG_NF_NAT_NEEDED=y
808CONFIG_IP_NF_TARGET_MASQUERADE=m
809CONFIG_IP_NF_TARGET_NETMAP=m
810CONFIG_IP_NF_TARGET_REDIRECT=m
811CONFIG_NF_NAT_SNMP_BASIC=m
812CONFIG_NF_NAT_PROTO_DCCP=m
813CONFIG_NF_NAT_PROTO_GRE=m
814CONFIG_NF_NAT_PROTO_UDPLITE=m
815CONFIG_NF_NAT_PROTO_SCTP=m
816CONFIG_NF_NAT_FTP=m
817CONFIG_NF_NAT_IRC=m
818CONFIG_NF_NAT_TFTP=m
819CONFIG_NF_NAT_AMANDA=m
820CONFIG_NF_NAT_PPTP=m
821CONFIG_NF_NAT_H323=m
822CONFIG_NF_NAT_SIP=m
823CONFIG_IP_NF_MANGLE=m
824CONFIG_IP_NF_TARGET_CLUSTERIP=m
825CONFIG_IP_NF_TARGET_ECN=m
826CONFIG_IP_NF_TARGET_TTL=m
827CONFIG_IP_NF_RAW=m
828CONFIG_IP_NF_SECURITY=m
829CONFIG_IP_NF_ARPTABLES=m
830CONFIG_IP_NF_ARPFILTER=m
831CONFIG_IP_NF_ARP_MANGLE=m
832
833#
834# IPv6: Netfilter Configuration
835#
836CONFIG_NF_DEFRAG_IPV6=m
837CONFIG_NF_CONNTRACK_IPV6=m
838CONFIG_IP6_NF_QUEUE=m
839CONFIG_IP6_NF_IPTABLES=m
840CONFIG_IP6_NF_MATCH_AH=m
841CONFIG_IP6_NF_MATCH_EUI64=m
842CONFIG_IP6_NF_MATCH_FRAG=m
843CONFIG_IP6_NF_MATCH_OPTS=m
844CONFIG_IP6_NF_MATCH_HL=m
845CONFIG_IP6_NF_MATCH_IPV6HEADER=m
846CONFIG_IP6_NF_MATCH_MH=m
847CONFIG_IP6_NF_MATCH_RT=m
848CONFIG_IP6_NF_TARGET_HL=m
849CONFIG_IP6_NF_TARGET_LOG=m
850CONFIG_IP6_NF_FILTER=m
851CONFIG_IP6_NF_TARGET_REJECT=m
852CONFIG_IP6_NF_MANGLE=m
853CONFIG_IP6_NF_RAW=m
854CONFIG_IP6_NF_SECURITY=m
855
856#
857# DECnet: Netfilter Configuration
858#
859CONFIG_DECNET_NF_GRABULATOR=m
860CONFIG_BRIDGE_NF_EBTABLES=m
861CONFIG_BRIDGE_EBT_BROUTE=m
862CONFIG_BRIDGE_EBT_T_FILTER=m
863CONFIG_BRIDGE_EBT_T_NAT=m
864CONFIG_BRIDGE_EBT_802_3=m
865CONFIG_BRIDGE_EBT_AMONG=m
866CONFIG_BRIDGE_EBT_ARP=m
867CONFIG_BRIDGE_EBT_IP=m
868CONFIG_BRIDGE_EBT_IP6=m
869CONFIG_BRIDGE_EBT_LIMIT=m
870CONFIG_BRIDGE_EBT_MARK=m
871CONFIG_BRIDGE_EBT_PKTTYPE=m
872CONFIG_BRIDGE_EBT_STP=m
873CONFIG_BRIDGE_EBT_VLAN=m
874CONFIG_BRIDGE_EBT_ARPREPLY=m
875CONFIG_BRIDGE_EBT_DNAT=m
876CONFIG_BRIDGE_EBT_MARK_T=m
877CONFIG_BRIDGE_EBT_REDIRECT=m
878CONFIG_BRIDGE_EBT_SNAT=m
879CONFIG_BRIDGE_EBT_LOG=m
880CONFIG_BRIDGE_EBT_ULOG=m
881CONFIG_BRIDGE_EBT_NFLOG=m
882CONFIG_IP_DCCP=m
883CONFIG_INET_DCCP_DIAG=m
884
885#
886# DCCP CCIDs Configuration (EXPERIMENTAL)
887#
888# CONFIG_IP_DCCP_CCID2_DEBUG is not set
889CONFIG_IP_DCCP_CCID3=y
890# CONFIG_IP_DCCP_CCID3_DEBUG is not set
891CONFIG_IP_DCCP_TFRC_LIB=y
892CONFIG_IP_SCTP=m
893CONFIG_NET_SCTPPROBE=m
894# CONFIG_SCTP_DBG_MSG is not set
895# CONFIG_SCTP_DBG_OBJCNT is not set
896# CONFIG_SCTP_HMAC_NONE is not set
897CONFIG_SCTP_HMAC_SHA1=y
898# CONFIG_SCTP_HMAC_MD5 is not set
899CONFIG_RDS=m
900# CONFIG_RDS_RDMA is not set
901# CONFIG_RDS_TCP is not set
902# CONFIG_RDS_DEBUG is not set
903CONFIG_TIPC=m
904# CONFIG_TIPC_ADVANCED is not set
905# CONFIG_TIPC_DEBUG is not set
906CONFIG_ATM=m
907CONFIG_ATM_CLIP=m
908# CONFIG_ATM_CLIP_NO_ICMP is not set
909CONFIG_ATM_LANE=m
910CONFIG_ATM_MPOA=m
911CONFIG_ATM_BR2684=m
912# CONFIG_ATM_BR2684_IPFILTER is not set
913CONFIG_L2TP=m
914CONFIG_L2TP_DEBUGFS=m
915CONFIG_L2TP_V3=y
916CONFIG_L2TP_IP=m
917CONFIG_L2TP_ETH=m
918CONFIG_STP=m
919CONFIG_BRIDGE=m
920CONFIG_BRIDGE_IGMP_SNOOPING=y
921# CONFIG_NET_DSA is not set
922CONFIG_VLAN_8021Q=m
923# CONFIG_VLAN_8021Q_GVRP is not set
924CONFIG_DECNET=m
925CONFIG_DECNET_ROUTER=y
926CONFIG_LLC=m
927CONFIG_LLC2=m
928CONFIG_IPX=m
929# CONFIG_IPX_INTERN is not set
930CONFIG_ATALK=m
931CONFIG_DEV_APPLETALK=m
932CONFIG_IPDDP=m
933CONFIG_IPDDP_ENCAP=y
934CONFIG_IPDDP_DECAP=y
935CONFIG_X25=m
936CONFIG_LAPB=m
937CONFIG_WAN_ROUTER=m
938CONFIG_PHONET=m
939# CONFIG_PHONET_PIPECTRLR is not set
940CONFIG_IEEE802154=m
941CONFIG_NET_SCHED=y
942
943#
944# Queueing/Scheduling
945#
946CONFIG_NET_SCH_CBQ=m
947CONFIG_NET_SCH_HTB=m
948CONFIG_NET_SCH_HFSC=m
949CONFIG_NET_SCH_ATM=m
950CONFIG_NET_SCH_PRIO=m
951CONFIG_NET_SCH_MULTIQ=m
952CONFIG_NET_SCH_RED=m
953CONFIG_NET_SCH_SFQ=m
954CONFIG_NET_SCH_TEQL=m
955CONFIG_NET_SCH_TBF=m
956CONFIG_NET_SCH_GRED=m
957CONFIG_NET_SCH_DSMARK=m
958CONFIG_NET_SCH_NETEM=m
959CONFIG_NET_SCH_DRR=m
960CONFIG_NET_SCH_INGRESS=m
961
962#
963# Classification
964#
965CONFIG_NET_CLS=y
966CONFIG_NET_CLS_BASIC=m
967CONFIG_NET_CLS_TCINDEX=m
968CONFIG_NET_CLS_ROUTE4=m
969CONFIG_NET_CLS_ROUTE=y
970CONFIG_NET_CLS_FW=m
971CONFIG_NET_CLS_U32=m
972CONFIG_CLS_U32_PERF=y
973CONFIG_CLS_U32_MARK=y
974CONFIG_NET_CLS_RSVP=m
975CONFIG_NET_CLS_RSVP6=m
976CONFIG_NET_CLS_FLOW=m
977# CONFIG_NET_CLS_CGROUP is not set
978CONFIG_NET_EMATCH=y
979CONFIG_NET_EMATCH_STACK=32
980CONFIG_NET_EMATCH_CMP=m
981CONFIG_NET_EMATCH_NBYTE=m
982CONFIG_NET_EMATCH_U32=m
983CONFIG_NET_EMATCH_META=m
984CONFIG_NET_EMATCH_TEXT=m
985CONFIG_NET_CLS_ACT=y
986CONFIG_NET_ACT_POLICE=m
987CONFIG_NET_ACT_GACT=m
988CONFIG_GACT_PROB=y
989CONFIG_NET_ACT_MIRRED=m
990CONFIG_NET_ACT_IPT=m
991CONFIG_NET_ACT_NAT=m
992CONFIG_NET_ACT_PEDIT=m
993CONFIG_NET_ACT_SIMP=m
994CONFIG_NET_ACT_SKBEDIT=m
995CONFIG_NET_ACT_CSUM=m
996# CONFIG_NET_CLS_IND is not set
997CONFIG_NET_SCH_FIFO=y
998# CONFIG_DCB is not set
999CONFIG_DNS_RESOLVER=y
1000# CONFIG_BATMAN_ADV is not set
1001CONFIG_RPS=y
1002CONFIG_XPS=y
1003
1004#
1005# Network testing
1006#
1007CONFIG_NET_PKTGEN=m
1008CONFIG_NET_TCPPROBE=m
1009# CONFIG_HAMRADIO is not set
1010CONFIG_CAN=m
1011CONFIG_CAN_RAW=m
1012CONFIG_CAN_BCM=m
1013
1014#
1015# CAN Device Drivers
1016#
1017CONFIG_CAN_VCAN=m
1018CONFIG_CAN_SLCAN=m
1019CONFIG_CAN_DEV=m
1020# CONFIG_CAN_CALC_BITTIMING is not set
1021CONFIG_CAN_MCP251X=m
1022CONFIG_CAN_JANZ_ICAN3=m
1023# CONFIG_PCH_CAN is not set
1024CONFIG_CAN_SJA1000=m
1025CONFIG_CAN_SJA1000_PLATFORM=m
1026CONFIG_CAN_EMS_PCI=m
1027CONFIG_CAN_KVASER_PCI=m
1028CONFIG_CAN_PLX_PCI=m
1029
1030#
1031# CAN USB interfaces
1032#
1033# CONFIG_CAN_EMS_USB is not set
1034# CONFIG_CAN_ESD_USB2 is not set
1035CONFIG_CAN_SOFTING=m
1036CONFIG_CAN_SOFTING_CS=m
1037# CONFIG_CAN_DEBUG_DEVICES is not set
1038CONFIG_IRDA=m
1039
1040#
1041# IrDA protocols
1042#
1043CONFIG_IRLAN=m
1044CONFIG_IRNET=m
1045CONFIG_IRCOMM=m
1046CONFIG_IRDA_ULTRA=y
1047
1048#
1049# IrDA options
1050#
1051CONFIG_IRDA_CACHE_LAST_LSAP=y
1052CONFIG_IRDA_FAST_RR=y
1053# CONFIG_IRDA_DEBUG is not set
1054
1055#
1056# Infrared-port device drivers
1057#
1058
1059#
1060# SIR device drivers
1061#
1062CONFIG_IRTTY_SIR=m
1063
1064#
1065# Dongle support
1066#
1067CONFIG_DONGLE=y
1068CONFIG_ESI_DONGLE=m
1069CONFIG_ACTISYS_DONGLE=m
1070CONFIG_TEKRAM_DONGLE=m
1071CONFIG_TOIM3232_DONGLE=m
1072CONFIG_LITELINK_DONGLE=m
1073CONFIG_MA600_DONGLE=m
1074CONFIG_GIRBIL_DONGLE=m
1075CONFIG_MCP2120_DONGLE=m
1076CONFIG_OLD_BELKIN_DONGLE=m
1077CONFIG_ACT200L_DONGLE=m
1078CONFIG_KINGSUN_DONGLE=m
1079CONFIG_KSDAZZLE_DONGLE=m
1080CONFIG_KS959_DONGLE=m
1081
1082#
1083# FIR device drivers
1084#
1085CONFIG_USB_IRDA=m
1086CONFIG_SIGMATEL_FIR=m
1087CONFIG_NSC_FIR=m
1088CONFIG_WINBOND_FIR=m
1089CONFIG_SMC_IRCC_FIR=m
1090CONFIG_ALI_FIR=m
1091CONFIG_VLSI_FIR=m
1092CONFIG_VIA_FIR=m
1093CONFIG_MCS_FIR=m
1094CONFIG_BT=m
1095CONFIG_BT_L2CAP=m
1096CONFIG_BT_SCO=m
1097CONFIG_BT_RFCOMM=m
1098CONFIG_BT_RFCOMM_TTY=y
1099CONFIG_BT_BNEP=m
1100CONFIG_BT_BNEP_MC_FILTER=y
1101CONFIG_BT_BNEP_PROTO_FILTER=y
1102CONFIG_BT_CMTP=m
1103CONFIG_BT_HIDP=m
1104
1105#
1106# Bluetooth device drivers
1107#
1108CONFIG_BT_HCIBTUSB=m
1109CONFIG_BT_HCIBTSDIO=m
1110CONFIG_BT_HCIUART=m
1111CONFIG_BT_HCIUART_H4=y
1112CONFIG_BT_HCIUART_BCSP=y
1113CONFIG_BT_HCIUART_ATH3K=y
1114CONFIG_BT_HCIUART_LL=y
1115CONFIG_BT_HCIBCM203X=m
1116CONFIG_BT_HCIBPA10X=m
1117CONFIG_BT_HCIBFUSB=m
1118CONFIG_BT_HCIDTL1=m
1119CONFIG_BT_HCIBT3C=m
1120CONFIG_BT_HCIBLUECARD=m
1121CONFIG_BT_HCIBTUART=m
1122CONFIG_BT_HCIVHCI=m
1123# CONFIG_BT_MRVL is not set
1124CONFIG_BT_ATH3K=m
1125CONFIG_AF_RXRPC=m
1126# CONFIG_AF_RXRPC_DEBUG is not set
1127CONFIG_RXKAD=m
1128CONFIG_FIB_RULES=y
1129CONFIG_WIRELESS=y
1130CONFIG_WIRELESS_EXT=y
1131CONFIG_WEXT_CORE=y
1132CONFIG_WEXT_PROC=y
1133CONFIG_WEXT_SPY=y
1134CONFIG_WEXT_PRIV=y
1135CONFIG_CFG80211=m
1136# CONFIG_NL80211_TESTMODE is not set
1137# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
1138# CONFIG_CFG80211_REG_DEBUG is not set
1139CONFIG_CFG80211_DEFAULT_PS=y
1140# CONFIG_CFG80211_DEBUGFS is not set
1141# CONFIG_CFG80211_INTERNAL_REGDB is not set
1142CONFIG_CFG80211_WEXT=y
1143CONFIG_WIRELESS_EXT_SYSFS=y
1144CONFIG_LIB80211=m
1145CONFIG_LIB80211_CRYPT_WEP=m
1146CONFIG_LIB80211_CRYPT_CCMP=m
1147CONFIG_LIB80211_CRYPT_TKIP=m
1148# CONFIG_LIB80211_DEBUG is not set
1149CONFIG_MAC80211=m
1150CONFIG_MAC80211_HAS_RC=y
1151CONFIG_MAC80211_RC_PID=y
1152CONFIG_MAC80211_RC_MINSTREL=y
1153CONFIG_MAC80211_RC_MINSTREL_HT=y
1154CONFIG_MAC80211_RC_DEFAULT_PID=y
1155# CONFIG_MAC80211_RC_DEFAULT_MINSTREL is not set
1156CONFIG_MAC80211_RC_DEFAULT="pid"
1157# CONFIG_MAC80211_MESH is not set
1158CONFIG_MAC80211_LEDS=y
1159# CONFIG_MAC80211_DEBUGFS is not set
1160# CONFIG_MAC80211_DEBUG_MENU is not set
1161CONFIG_WIMAX=m
1162CONFIG_WIMAX_DEBUG_LEVEL=8
1163CONFIG_RFKILL=m
1164CONFIG_RFKILL_LEDS=y
1165# CONFIG_RFKILL_INPUT is not set
1166CONFIG_NET_9P=m
1167CONFIG_NET_9P_VIRTIO=m
1168CONFIG_NET_9P_RDMA=m
1169# CONFIG_NET_9P_DEBUG is not set
1170CONFIG_CAIF=m
1171# CONFIG_CAIF_DEBUG is not set
1172CONFIG_CAIF_NETDEV=m
1173CONFIG_CEPH_LIB=m
1174# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
1175
1176#
1177# Device Drivers
1178#
1179
1180#
1181# Generic Driver Options
1182#
1183CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
1184# CONFIG_DEVTMPFS is not set
1185CONFIG_STANDALONE=y
1186# CONFIG_PREVENT_FIRMWARE_BUILD is not set
1187CONFIG_FW_LOADER=m
1188# CONFIG_FIRMWARE_IN_KERNEL is not set
1189CONFIG_EXTRA_FIRMWARE=""
1190CONFIG_SYS_HYPERVISOR=y
1191CONFIG_CONNECTOR=m
1192CONFIG_MTD=m
1193# CONFIG_MTD_DEBUG is not set
1194CONFIG_MTD_TESTS=m
1195CONFIG_MTD_CONCAT=m
1196CONFIG_MTD_PARTITIONS=y
1197CONFIG_MTD_REDBOOT_PARTS=m
1198CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
1199# CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set
1200# CONFIG_MTD_REDBOOT_PARTS_READONLY is not set
1201CONFIG_MTD_AR7_PARTS=m
1202
1203#
1204# User Modules And Translation Layers
1205#
1206CONFIG_MTD_CHAR=m
1207CONFIG_HAVE_MTD_OTP=y
1208CONFIG_MTD_BLKDEVS=m
1209CONFIG_MTD_BLOCK=m
1210CONFIG_MTD_BLOCK_RO=m
1211CONFIG_FTL=m
1212CONFIG_NFTL=m
1213CONFIG_NFTL_RW=y
1214CONFIG_INFTL=m
1215CONFIG_RFD_FTL=m
1216CONFIG_SSFDC=m
1217CONFIG_SM_FTL=m
1218CONFIG_MTD_OOPS=m
1219
1220#
1221# RAM/ROM/Flash chip drivers
1222#
1223CONFIG_MTD_CFI=m
1224CONFIG_MTD_JEDECPROBE=m
1225CONFIG_MTD_GEN_PROBE=m
1226# CONFIG_MTD_CFI_ADV_OPTIONS is not set
1227CONFIG_MTD_MAP_BANK_WIDTH_1=y
1228CONFIG_MTD_MAP_BANK_WIDTH_2=y
1229CONFIG_MTD_MAP_BANK_WIDTH_4=y
1230# CONFIG_MTD_MAP_BANK_WIDTH_8 is not set
1231# CONFIG_MTD_MAP_BANK_WIDTH_16 is not set
1232# CONFIG_MTD_MAP_BANK_WIDTH_32 is not set
1233CONFIG_MTD_CFI_I1=y
1234CONFIG_MTD_CFI_I2=y
1235# CONFIG_MTD_CFI_I4 is not set
1236# CONFIG_MTD_CFI_I8 is not set
1237CONFIG_MTD_CFI_INTELEXT=m
1238CONFIG_MTD_CFI_AMDSTD=m
1239CONFIG_MTD_CFI_STAA=m
1240CONFIG_MTD_CFI_UTIL=m
1241CONFIG_MTD_RAM=m
1242CONFIG_MTD_ROM=m
1243CONFIG_MTD_ABSENT=m
1244
1245#
1246# Mapping drivers for chip access
1247#
1248CONFIG_MTD_COMPLEX_MAPPINGS=y
1249CONFIG_MTD_PHYSMAP=m
1250# CONFIG_MTD_PHYSMAP_COMPAT is not set
1251CONFIG_MTD_SC520CDP=m
1252CONFIG_MTD_NETSC520=m
1253CONFIG_MTD_TS5500=m
1254CONFIG_MTD_SBC_GXX=m
1255CONFIG_MTD_AMD76XROM=m
1256CONFIG_MTD_ICHXROM=m
1257CONFIG_MTD_ESB2ROM=m
1258CONFIG_MTD_CK804XROM=m
1259CONFIG_MTD_SCB2_FLASH=m
1260CONFIG_MTD_NETtel=m
1261CONFIG_MTD_L440GX=m
1262CONFIG_MTD_PCI=m
1263CONFIG_MTD_PCMCIA=m
1264# CONFIG_MTD_PCMCIA_ANONYMOUS is not set
1265# CONFIG_MTD_GPIO_ADDR is not set
1266CONFIG_MTD_INTEL_VR_NOR=m
1267CONFIG_MTD_PLATRAM=m
1268
1269#
1270# Self-contained MTD device drivers
1271#
1272CONFIG_MTD_PMC551=m
1273CONFIG_MTD_PMC551_BUGFIX=y
1274# CONFIG_MTD_PMC551_DEBUG is not set
1275CONFIG_MTD_DATAFLASH=m
1276# CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set
1277# CONFIG_MTD_DATAFLASH_OTP is not set
1278CONFIG_MTD_M25P80=m
1279CONFIG_M25PXX_USE_FAST_READ=y
1280# CONFIG_MTD_SST25L is not set
1281CONFIG_MTD_SLRAM=m
1282CONFIG_MTD_PHRAM=m
1283CONFIG_MTD_MTDRAM=m
1284CONFIG_MTDRAM_TOTAL_SIZE=4096
1285CONFIG_MTDRAM_ERASE_SIZE=128
1286CONFIG_MTD_BLOCK2MTD=m
1287
1288#
1289# Disk-On-Chip Device Drivers
1290#
1291CONFIG_MTD_DOC2000=m
1292CONFIG_MTD_DOC2001=m
1293CONFIG_MTD_DOC2001PLUS=m
1294CONFIG_MTD_DOCPROBE=m
1295CONFIG_MTD_DOCECC=m
1296CONFIG_MTD_DOCPROBE_ADVANCED=y
1297CONFIG_MTD_DOCPROBE_ADDRESS=0x0000
1298# CONFIG_MTD_DOCPROBE_HIGH is not set
1299# CONFIG_MTD_DOCPROBE_55AA is not set
1300CONFIG_MTD_NAND_ECC=m
1301CONFIG_MTD_NAND_ECC_SMC=y
1302CONFIG_MTD_NAND=m
1303# CONFIG_MTD_NAND_VERIFY_WRITE is not set
1304CONFIG_MTD_SM_COMMON=m
1305# CONFIG_MTD_NAND_MUSEUM_IDS is not set
1306CONFIG_MTD_NAND_DENALI=m
1307CONFIG_MTD_NAND_DENALI_SCRATCH_REG_ADDR=0xFF108018
1308CONFIG_MTD_NAND_IDS=m
1309CONFIG_MTD_NAND_RICOH=m
1310CONFIG_MTD_NAND_DISKONCHIP=m
1311# CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set
1312CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0
1313# CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE is not set
1314CONFIG_MTD_NAND_CAFE=m
1315CONFIG_MTD_NAND_NANDSIM=m
1316CONFIG_MTD_NAND_PLATFORM=m
1317CONFIG_MTD_ALAUDA=m
1318CONFIG_MTD_ONENAND=m
1319# CONFIG_MTD_ONENAND_VERIFY_WRITE is not set
1320# CONFIG_MTD_ONENAND_GENERIC is not set
1321CONFIG_MTD_ONENAND_OTP=y
1322CONFIG_MTD_ONENAND_2X_PROGRAM=y
1323CONFIG_MTD_ONENAND_SIM=m
1324
1325#
1326# LPDDR flash memory drivers
1327#
1328CONFIG_MTD_LPDDR=m
1329CONFIG_MTD_QINFO_PROBE=m
1330CONFIG_MTD_UBI=m
1331CONFIG_MTD_UBI_WL_THRESHOLD=4096
1332CONFIG_MTD_UBI_BEB_RESERVE=1
1333# CONFIG_MTD_UBI_GLUEBI is not set
1334
1335#
1336# UBI debugging options
1337#
1338# CONFIG_MTD_UBI_DEBUG is not set
1339CONFIG_PARPORT=m
1340CONFIG_PARPORT_PC=m
1341CONFIG_PARPORT_SERIAL=m
1342# CONFIG_PARPORT_PC_FIFO is not set
1343# CONFIG_PARPORT_PC_SUPERIO is not set
1344CONFIG_PARPORT_PC_PCMCIA=m
1345# CONFIG_PARPORT_GSC is not set
1346CONFIG_PARPORT_AX88796=m
1347# CONFIG_PARPORT_1284 is not set
1348CONFIG_PARPORT_NOT_PC=y
1349CONFIG_PNP=y
1350# CONFIG_PNP_DEBUG_MESSAGES is not set
1351
1352#
1353# Protocols
1354#
1355CONFIG_PNPACPI=y
1356CONFIG_BLK_DEV=y
1357CONFIG_BLK_DEV_FD=m
1358# CONFIG_PARIDE is not set
1359CONFIG_BLK_CPQ_DA=m
1360CONFIG_BLK_CPQ_CISS_DA=m
1361CONFIG_CISS_SCSI_TAPE=y
1362CONFIG_BLK_DEV_DAC960=m
1363CONFIG_BLK_DEV_UMEM=m
1364# CONFIG_BLK_DEV_COW_COMMON is not set
1365CONFIG_BLK_DEV_LOOP=m
1366CONFIG_BLK_DEV_CRYPTOLOOP=m
1367# CONFIG_BLK_DEV_DRBD is not set
1368CONFIG_BLK_DEV_NBD=m
1369CONFIG_BLK_DEV_OSD=m
1370CONFIG_BLK_DEV_SX8=m
1371CONFIG_BLK_DEV_UB=m
1372CONFIG_BLK_DEV_RAM=y
1373CONFIG_BLK_DEV_RAM_COUNT=16
1374CONFIG_BLK_DEV_RAM_SIZE=4096
1375# CONFIG_BLK_DEV_XIP is not set
1376CONFIG_CDROM_PKTCDVD=m
1377CONFIG_CDROM_PKTCDVD_BUFFERS=8
1378# CONFIG_CDROM_PKTCDVD_WCACHE is not set
1379CONFIG_ATA_OVER_ETH=m
1380CONFIG_XEN_BLKDEV_FRONTEND=y
1381CONFIG_VIRTIO_BLK=m
1382# CONFIG_BLK_DEV_HD is not set
1383# CONFIG_BLK_DEV_RBD is not set
1384CONFIG_MISC_DEVICES=y
1385CONFIG_AD525X_DPOT=m
1386CONFIG_AD525X_DPOT_I2C=m
1387CONFIG_AD525X_DPOT_SPI=m
1388CONFIG_IBM_ASM=m
1389CONFIG_PHANTOM=m
1390CONFIG_SGI_IOC4=m
1391CONFIG_TIFM_CORE=m
1392CONFIG_TIFM_7XX1=m
1393CONFIG_ICS932S401=m
1394CONFIG_ENCLOSURE_SERVICES=m
1395CONFIG_CS5535_MFGPT=m
1396CONFIG_CS5535_MFGPT_DEFAULT_IRQ=7
1397CONFIG_CS5535_CLOCK_EVENT_SRC=m
1398CONFIG_HP_ILO=m
1399CONFIG_APDS9802ALS=m
1400CONFIG_ISL29003=m
1401CONFIG_ISL29020=m
1402CONFIG_SENSORS_TSL2550=m
1403CONFIG_SENSORS_BH1780=m
1404CONFIG_SENSORS_BH1770=m
1405CONFIG_SENSORS_APDS990X=m
1406CONFIG_HMC6352=m
1407CONFIG_DS1682=m
1408CONFIG_TI_DAC7512=m
1409CONFIG_VMWARE_BALLOON=m
1410CONFIG_BMP085=m
1411CONFIG_PCH_PHUB=m
1412CONFIG_C2PORT=m
1413CONFIG_C2PORT_DURAMAR_2150=m
1414
1415#
1416# EEPROM support
1417#
1418CONFIG_EEPROM_AT24=m
1419CONFIG_EEPROM_AT25=m
1420CONFIG_EEPROM_LEGACY=m
1421CONFIG_EEPROM_MAX6875=m
1422CONFIG_EEPROM_93CX6=m
1423CONFIG_CB710_CORE=m
1424# CONFIG_CB710_DEBUG is not set
1425CONFIG_CB710_DEBUG_ASSUMPTIONS=y
1426CONFIG_IWMC3200TOP=m
1427# CONFIG_IWMC3200TOP_DEBUG is not set
1428# CONFIG_IWMC3200TOP_DEBUGFS is not set
1429
1430#
1431# Texas Instruments shared transport line discipline
1432#
1433# CONFIG_TI_ST is not set
1434CONFIG_HAVE_IDE=y
1435# CONFIG_IDE is not set
1436
1437#
1438# SCSI device support
1439#
1440CONFIG_SCSI_MOD=m
1441CONFIG_RAID_ATTRS=m
1442CONFIG_SCSI=m
1443CONFIG_SCSI_DMA=y
1444CONFIG_SCSI_TGT=m
1445CONFIG_SCSI_NETLINK=y
1446CONFIG_SCSI_PROC_FS=y
1447
1448#
1449# SCSI support type (disk, tape, CD-ROM)
1450#
1451CONFIG_BLK_DEV_SD=m
1452CONFIG_CHR_DEV_ST=m
1453CONFIG_CHR_DEV_OSST=m
1454CONFIG_BLK_DEV_SR=m
1455CONFIG_BLK_DEV_SR_VENDOR=y
1456CONFIG_CHR_DEV_SG=m
1457CONFIG_CHR_DEV_SCH=m
1458CONFIG_SCSI_ENCLOSURE=m
1459CONFIG_SCSI_MULTI_LUN=y
1460# CONFIG_SCSI_CONSTANTS is not set
1461# CONFIG_SCSI_LOGGING is not set
1462CONFIG_SCSI_SCAN_ASYNC=y
1463CONFIG_SCSI_WAIT_SCAN=m
1464
1465#
1466# SCSI Transports
1467#
1468CONFIG_SCSI_SPI_ATTRS=m
1469CONFIG_SCSI_FC_ATTRS=m
1470CONFIG_SCSI_FC_TGT_ATTRS=y
1471CONFIG_SCSI_ISCSI_ATTRS=m
1472CONFIG_SCSI_SAS_ATTRS=m
1473CONFIG_SCSI_SAS_LIBSAS=m
1474CONFIG_SCSI_SAS_ATA=y
1475CONFIG_SCSI_SAS_HOST_SMP=y
1476# CONFIG_SCSI_SAS_LIBSAS_DEBUG is not set
1477CONFIG_SCSI_SRP_ATTRS=m
1478CONFIG_SCSI_SRP_TGT_ATTRS=y
1479CONFIG_SCSI_LOWLEVEL=y
1480CONFIG_ISCSI_TCP=m
1481CONFIG_ISCSI_BOOT_SYSFS=m
1482CONFIG_SCSI_CXGB3_ISCSI=m
1483CONFIG_SCSI_CXGB4_ISCSI=m
1484CONFIG_SCSI_BNX2_ISCSI=m
1485# CONFIG_BE2ISCSI is not set
1486CONFIG_BLK_DEV_3W_XXXX_RAID=m
1487CONFIG_SCSI_HPSA=m
1488CONFIG_SCSI_3W_9XXX=m
1489CONFIG_SCSI_3W_SAS=m
1490CONFIG_SCSI_ACARD=m
1491CONFIG_SCSI_AACRAID=m
1492CONFIG_SCSI_AIC7XXX=m
1493CONFIG_AIC7XXX_CMDS_PER_DEVICE=32
1494CONFIG_AIC7XXX_RESET_DELAY_MS=15000
1495# CONFIG_AIC7XXX_BUILD_FIRMWARE is not set
1496CONFIG_AIC7XXX_DEBUG_ENABLE=y
1497CONFIG_AIC7XXX_DEBUG_MASK=0
1498CONFIG_AIC7XXX_REG_PRETTY_PRINT=y
1499CONFIG_SCSI_AIC7XXX_OLD=m
1500CONFIG_SCSI_AIC79XX=m
1501CONFIG_AIC79XX_CMDS_PER_DEVICE=32
1502CONFIG_AIC79XX_RESET_DELAY_MS=15000
1503# CONFIG_AIC79XX_BUILD_FIRMWARE is not set
1504CONFIG_AIC79XX_DEBUG_ENABLE=y
1505CONFIG_AIC79XX_DEBUG_MASK=0
1506CONFIG_AIC79XX_REG_PRETTY_PRINT=y
1507CONFIG_SCSI_AIC94XX=m
1508# CONFIG_AIC94XX_DEBUG is not set
1509CONFIG_SCSI_MVSAS=m
1510CONFIG_SCSI_MVSAS_DEBUG=y
1511CONFIG_SCSI_DPT_I2O=m
1512CONFIG_SCSI_ADVANSYS=m
1513CONFIG_SCSI_ARCMSR=m
1514CONFIG_MEGARAID_NEWGEN=y
1515CONFIG_MEGARAID_MM=m
1516CONFIG_MEGARAID_MAILBOX=m
1517CONFIG_MEGARAID_LEGACY=m
1518CONFIG_MEGARAID_SAS=m
1519CONFIG_SCSI_MPT2SAS=m
1520CONFIG_SCSI_MPT2SAS_MAX_SGE=128
1521# CONFIG_SCSI_MPT2SAS_LOGGING is not set
1522CONFIG_SCSI_HPTIOP=m
1523CONFIG_SCSI_BUSLOGIC=m
1524CONFIG_VMWARE_PVSCSI=m
1525CONFIG_LIBFC=m
1526CONFIG_LIBFCOE=m
1527CONFIG_FCOE=m
1528CONFIG_FCOE_FNIC=m
1529CONFIG_SCSI_DMX3191D=m
1530CONFIG_SCSI_EATA=m
1531# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set
1532# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set
1533CONFIG_SCSI_EATA_MAX_TAGS=16
1534CONFIG_SCSI_FUTURE_DOMAIN=m
1535CONFIG_SCSI_GDTH=m
1536CONFIG_SCSI_IPS=m
1537CONFIG_SCSI_INITIO=m
1538CONFIG_SCSI_INIA100=m
1539CONFIG_SCSI_PPA=m
1540CONFIG_SCSI_IMM=m
1541# CONFIG_SCSI_IZIP_EPP16 is not set
1542# CONFIG_SCSI_IZIP_SLOW_CTR is not set
1543CONFIG_SCSI_STEX=m
1544CONFIG_SCSI_SYM53C8XX_2=m
1545CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
1546CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
1547CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
1548CONFIG_SCSI_SYM53C8XX_MMIO=y
1549CONFIG_SCSI_IPR=m
1550CONFIG_SCSI_IPR_TRACE=y
1551# CONFIG_SCSI_IPR_DUMP is not set
1552CONFIG_SCSI_QLOGIC_1280=m
1553CONFIG_SCSI_QLA_FC=m
1554CONFIG_SCSI_QLA_ISCSI=m
1555CONFIG_SCSI_LPFC=m
1556# CONFIG_SCSI_LPFC_DEBUG_FS is not set
1557CONFIG_SCSI_DC395x=m
1558CONFIG_SCSI_DC390T=m
1559CONFIG_SCSI_DEBUG=m
1560# CONFIG_SCSI_PMCRAID is not set
1561CONFIG_SCSI_PM8001=m
1562CONFIG_SCSI_SRP=m
1563# CONFIG_SCSI_BFA_FC is not set
1564CONFIG_SCSI_LOWLEVEL_PCMCIA=y
1565CONFIG_PCMCIA_AHA152X=m
1566CONFIG_PCMCIA_FDOMAIN=m
1567CONFIG_PCMCIA_QLOGIC=m
1568CONFIG_PCMCIA_SYM53C500=m
1569CONFIG_SCSI_DH=m
1570CONFIG_SCSI_DH_RDAC=m
1571CONFIG_SCSI_DH_HP_SW=m
1572CONFIG_SCSI_DH_EMC=m
1573CONFIG_SCSI_DH_ALUA=m
1574CONFIG_SCSI_OSD_INITIATOR=m
1575CONFIG_SCSI_OSD_ULD=m
1576CONFIG_SCSI_OSD_DPRINT_SENSE=1
1577# CONFIG_SCSI_OSD_DEBUG is not set
1578CONFIG_ATA=m
1579# CONFIG_ATA_NONSTANDARD is not set
1580CONFIG_ATA_VERBOSE_ERROR=y
1581CONFIG_ATA_ACPI=y
1582CONFIG_SATA_PMP=y
1583
1584#
1585# Controllers with non-SFF native interface
1586#
1587CONFIG_SATA_AHCI=m
1588CONFIG_SATA_AHCI_PLATFORM=m
1589CONFIG_SATA_INIC162X=m
1590CONFIG_SATA_ACARD_AHCI=m
1591CONFIG_SATA_SIL24=m
1592CONFIG_ATA_SFF=y
1593
1594#
1595# SFF controllers with custom DMA interface
1596#
1597CONFIG_PDC_ADMA=m
1598CONFIG_SATA_QSTOR=m
1599CONFIG_SATA_SX4=m
1600CONFIG_ATA_BMDMA=y
1601
1602#
1603# SATA SFF controllers with BMDMA
1604#
1605CONFIG_ATA_PIIX=m
1606CONFIG_SATA_MV=m
1607CONFIG_SATA_NV=m
1608CONFIG_SATA_PROMISE=m
1609CONFIG_SATA_SIL=m
1610CONFIG_SATA_SIS=m
1611CONFIG_SATA_SVW=m
1612CONFIG_SATA_ULI=m
1613CONFIG_SATA_VIA=m
1614CONFIG_SATA_VITESSE=m
1615
1616#
1617# PATA SFF controllers with BMDMA
1618#
1619CONFIG_PATA_ALI=m
1620CONFIG_PATA_AMD=m
1621CONFIG_PATA_ARTOP=m
1622CONFIG_PATA_ATIIXP=m
1623CONFIG_PATA_ATP867X=m
1624CONFIG_PATA_CMD64X=m
1625CONFIG_PATA_CS5520=m
1626CONFIG_PATA_CS5530=m
1627CONFIG_PATA_CS5536=m
1628CONFIG_PATA_CYPRESS=m
1629CONFIG_PATA_EFAR=m
1630CONFIG_PATA_HPT366=m
1631CONFIG_PATA_HPT37X=m
1632CONFIG_PATA_HPT3X2N=m
1633CONFIG_PATA_HPT3X3=m
1634CONFIG_PATA_HPT3X3_DMA=y
1635CONFIG_PATA_IT8213=m
1636CONFIG_PATA_IT821X=m
1637CONFIG_PATA_JMICRON=m
1638CONFIG_PATA_MARVELL=m
1639CONFIG_PATA_NETCELL=m
1640CONFIG_PATA_NINJA32=m
1641CONFIG_PATA_NS87415=m
1642CONFIG_PATA_OLDPIIX=m
1643CONFIG_PATA_OPTIDMA=m
1644CONFIG_PATA_PDC2027X=m
1645CONFIG_PATA_PDC_OLD=m
1646CONFIG_PATA_RADISYS=m
1647CONFIG_PATA_RDC=m
1648CONFIG_PATA_SC1200=m
1649CONFIG_PATA_SCH=m
1650CONFIG_PATA_SERVERWORKS=m
1651CONFIG_PATA_SIL680=m
1652CONFIG_PATA_SIS=m
1653CONFIG_PATA_TOSHIBA=m
1654CONFIG_PATA_TRIFLEX=m
1655CONFIG_PATA_VIA=m
1656CONFIG_PATA_WINBOND=m
1657
1658#
1659# PIO-only SFF controllers
1660#
1661CONFIG_PATA_CMD640_PCI=m
1662CONFIG_PATA_MPIIX=m
1663CONFIG_PATA_NS87410=m
1664CONFIG_PATA_OPTI=m
1665CONFIG_PATA_PCMCIA=m
1666CONFIG_PATA_PLATFORM=m
1667CONFIG_PATA_RZ1000=m
1668
1669#
1670# Generic fallback / legacy drivers
1671#
1672CONFIG_PATA_ACPI=m
1673CONFIG_ATA_GENERIC=m
1674CONFIG_PATA_LEGACY=m
1675CONFIG_MD=y
1676CONFIG_BLK_DEV_MD=y
1677# CONFIG_MD_AUTODETECT is not set
1678CONFIG_MD_LINEAR=m
1679CONFIG_MD_RAID0=m
1680CONFIG_MD_RAID1=m
1681CONFIG_MD_RAID10=m
1682CONFIG_MD_RAID456=m
1683# CONFIG_MULTICORE_RAID456 is not set
1684CONFIG_MD_MULTIPATH=m
1685CONFIG_MD_FAULTY=m
1686CONFIG_BLK_DEV_DM=m
1687# CONFIG_DM_DEBUG is not set
1688CONFIG_DM_CRYPT=m
1689CONFIG_DM_SNAPSHOT=m
1690CONFIG_DM_MIRROR=m
1691CONFIG_DM_RAID=m
1692CONFIG_DM_LOG_USERSPACE=m
1693CONFIG_DM_ZERO=m
1694CONFIG_DM_MULTIPATH=m
1695CONFIG_DM_MULTIPATH_QL=m
1696CONFIG_DM_MULTIPATH_ST=m
1697CONFIG_DM_DELAY=m
1698# CONFIG_DM_UEVENT is not set
1699CONFIG_TARGET_CORE=m
1700CONFIG_TCM_IBLOCK=m
1701CONFIG_TCM_FILEIO=m
1702CONFIG_TCM_PSCSI=m
1703CONFIG_FUSION=y
1704CONFIG_FUSION_SPI=m
1705CONFIG_FUSION_FC=m
1706CONFIG_FUSION_SAS=m
1707CONFIG_FUSION_MAX_SGE=128
1708CONFIG_FUSION_CTL=m
1709# CONFIG_FUSION_LOGGING is not set
1710
1711#
1712# IEEE 1394 (FireWire) support
1713#
1714CONFIG_FIREWIRE=m
1715CONFIG_FIREWIRE_OHCI=m
1716CONFIG_FIREWIRE_OHCI_DEBUG=y
1717CONFIG_FIREWIRE_SBP2=m
1718CONFIG_FIREWIRE_NET=m
1719CONFIG_FIREWIRE_NOSY=m
1720CONFIG_I2O=m
1721CONFIG_I2O_LCT_NOTIFY_ON_CHANGES=y
1722CONFIG_I2O_EXT_ADAPTEC=y
1723CONFIG_I2O_EXT_ADAPTEC_DMA64=y
1724CONFIG_I2O_CONFIG=m
1725CONFIG_I2O_CONFIG_OLD_IOCTL=y
1726CONFIG_I2O_BUS=m
1727CONFIG_I2O_BLOCK=m
1728CONFIG_I2O_SCSI=m
1729CONFIG_I2O_PROC=m
1730# CONFIG_MACINTOSH_DRIVERS is not set
1731CONFIG_NETDEVICES=y
1732CONFIG_IFB=m
1733CONFIG_DUMMY=m
1734CONFIG_BONDING=m
1735CONFIG_MACVLAN=m
1736CONFIG_MACVTAP=m
1737CONFIG_EQUALIZER=m
1738CONFIG_TUN=m
1739CONFIG_VETH=m
1740CONFIG_NET_SB1000=m
1741CONFIG_ARCNET=m
1742CONFIG_ARCNET_1201=m
1743CONFIG_ARCNET_1051=m
1744CONFIG_ARCNET_RAW=m
1745CONFIG_ARCNET_CAP=m
1746CONFIG_ARCNET_COM90xx=m
1747CONFIG_ARCNET_COM90xxIO=m
1748CONFIG_ARCNET_RIM_I=m
1749CONFIG_ARCNET_COM20020=m
1750CONFIG_ARCNET_COM20020_PCI=m
1751CONFIG_MII=m
1752CONFIG_PHYLIB=m
1753
1754#
1755# MII PHY device drivers
1756#
1757CONFIG_MARVELL_PHY=m
1758CONFIG_DAVICOM_PHY=m
1759CONFIG_QSEMI_PHY=m
1760CONFIG_LXT_PHY=m
1761CONFIG_CICADA_PHY=m
1762CONFIG_VITESSE_PHY=m
1763CONFIG_SMSC_PHY=m
1764CONFIG_BROADCOM_PHY=m
1765CONFIG_BCM63XX_PHY=m
1766CONFIG_ICPLUS_PHY=m
1767CONFIG_REALTEK_PHY=m
1768CONFIG_NATIONAL_PHY=m
1769CONFIG_STE10XP=m
1770CONFIG_LSI_ET1011C_PHY=m
1771CONFIG_MICREL_PHY=m
1772CONFIG_MDIO_BITBANG=m
1773CONFIG_MDIO_GPIO=m
1774CONFIG_NET_ETHERNET=y
1775CONFIG_HAPPYMEAL=m
1776CONFIG_SUNGEM=m
1777CONFIG_CASSINI=m
1778CONFIG_NET_VENDOR_3COM=y
1779CONFIG_VORTEX=m
1780CONFIG_TYPHOON=m
1781CONFIG_ENC28J60=m
1782# CONFIG_ENC28J60_WRITEVERIFY is not set
1783CONFIG_ETHOC=m
1784CONFIG_DNET=m
1785CONFIG_NET_TULIP=y
1786CONFIG_DE2104X=m
1787CONFIG_DE2104X_DSL=0
1788CONFIG_TULIP=m
1789# CONFIG_TULIP_MWI is not set
1790# CONFIG_TULIP_MMIO is not set
1791# CONFIG_TULIP_NAPI is not set
1792CONFIG_DE4X5=m
1793CONFIG_WINBOND_840=m
1794CONFIG_DM9102=m
1795CONFIG_ULI526X=m
1796CONFIG_PCMCIA_XIRCOM=m
1797CONFIG_HP100=m
1798# CONFIG_IBM_NEW_EMAC_ZMII is not set
1799# CONFIG_IBM_NEW_EMAC_RGMII is not set
1800# CONFIG_IBM_NEW_EMAC_TAH is not set
1801# CONFIG_IBM_NEW_EMAC_EMAC4 is not set
1802# CONFIG_IBM_NEW_EMAC_NO_FLOW_CTRL is not set
1803# CONFIG_IBM_NEW_EMAC_MAL_CLR_ICINTSTAT is not set
1804# CONFIG_IBM_NEW_EMAC_MAL_COMMON_ERR is not set
1805CONFIG_NET_PCI=y
1806CONFIG_PCNET32=m
1807CONFIG_AMD8111_ETH=m
1808CONFIG_ADAPTEC_STARFIRE=m
1809CONFIG_KSZ884X_PCI=m
1810CONFIG_B44=m
1811CONFIG_B44_PCI_AUTOSELECT=y
1812CONFIG_B44_PCICORE_AUTOSELECT=y
1813CONFIG_B44_PCI=y
1814CONFIG_FORCEDETH=m
1815CONFIG_E100=m
1816CONFIG_FEALNX=m
1817CONFIG_NATSEMI=m
1818CONFIG_NE2K_PCI=m
1819CONFIG_8139CP=m
1820CONFIG_8139TOO=m
1821CONFIG_8139TOO_PIO=y
1822# CONFIG_8139TOO_TUNE_TWISTER is not set
1823# CONFIG_8139TOO_8129 is not set
1824# CONFIG_8139_OLD_RX_RESET is not set
1825CONFIG_R6040=m
1826CONFIG_SIS900=m
1827CONFIG_EPIC100=m
1828CONFIG_SMSC9420=m
1829CONFIG_SUNDANCE=m
1830# CONFIG_SUNDANCE_MMIO is not set
1831CONFIG_TLAN=m
1832CONFIG_KS8842=m
1833CONFIG_KS8851=m
1834CONFIG_KS8851_MLL=m
1835CONFIG_VIA_RHINE=m
1836# CONFIG_VIA_RHINE_MMIO is not set
1837CONFIG_SC92031=m
1838CONFIG_NET_POCKET=y
1839CONFIG_ATP=m
1840CONFIG_DE600=m
1841CONFIG_DE620=m
1842CONFIG_ATL2=m
1843CONFIG_NETDEV_1000=y
1844CONFIG_ACENIC=m
1845# CONFIG_ACENIC_OMIT_TIGON_I is not set
1846CONFIG_DL2K=m
1847CONFIG_E1000=m
1848CONFIG_E1000E=m
1849CONFIG_IP1000=m
1850CONFIG_IGB=m
1851CONFIG_IGB_DCA=y
1852CONFIG_IGBVF=m
1853CONFIG_NS83820=m
1854CONFIG_HAMACHI=m
1855CONFIG_YELLOWFIN=m
1856CONFIG_R8169=m
1857CONFIG_R8169_VLAN=y
1858CONFIG_SIS190=m
1859CONFIG_SKGE=m
1860# CONFIG_SKGE_DEBUG is not set
1861CONFIG_SKY2=m
1862# CONFIG_SKY2_DEBUG is not set
1863CONFIG_VIA_VELOCITY=m
1864CONFIG_TIGON3=m
1865CONFIG_BNX2=m
1866CONFIG_CNIC=m
1867CONFIG_QLA3XXX=m
1868CONFIG_ATL1=m
1869CONFIG_ATL1E=m
1870CONFIG_ATL1C=m
1871CONFIG_JME=m
1872CONFIG_STMMAC_ETH=m
1873# CONFIG_STMMAC_DA is not set
1874# CONFIG_STMMAC_DUAL_MAC is not set
1875CONFIG_PCH_GBE=m
1876CONFIG_NETDEV_10000=y
1877CONFIG_MDIO=m
1878CONFIG_CHELSIO_T1=m
1879CONFIG_CHELSIO_T1_1G=y
1880CONFIG_CHELSIO_T3_DEPENDS=y
1881CONFIG_CHELSIO_T3=m
1882CONFIG_CHELSIO_T4_DEPENDS=y
1883CONFIG_CHELSIO_T4=m
1884CONFIG_CHELSIO_T4VF_DEPENDS=y
1885CONFIG_CHELSIO_T4VF=m
1886CONFIG_ENIC=m
1887CONFIG_IXGBE=m
1888CONFIG_IXGBE_DCA=y
1889# CONFIG_IXGBEVF is not set
1890CONFIG_IXGB=m
1891CONFIG_S2IO=m
1892CONFIG_VXGE=m
1893# CONFIG_VXGE_DEBUG_TRACE_ALL is not set
1894CONFIG_MYRI10GE=m
1895CONFIG_MYRI10GE_DCA=y
1896CONFIG_NETXEN_NIC=m
1897CONFIG_NIU=m
1898CONFIG_MLX4_EN=m
1899CONFIG_MLX4_CORE=m
1900CONFIG_MLX4_DEBUG=y
1901CONFIG_TEHUTI=m
1902CONFIG_BNX2X=m
1903CONFIG_QLCNIC=m
1904CONFIG_QLGE=m
1905CONFIG_BNA=m
1906CONFIG_SFC=m
1907CONFIG_SFC_MTD=y
1908CONFIG_BE2NET=m
1909# CONFIG_TR is not set
1910CONFIG_WLAN=y
1911CONFIG_PCMCIA_RAYCS=m
1912CONFIG_LIBERTAS_THINFIRM=m
1913# CONFIG_LIBERTAS_THINFIRM_DEBUG is not set
1914CONFIG_LIBERTAS_THINFIRM_USB=m
1915CONFIG_AIRO=m
1916CONFIG_ATMEL=m
1917CONFIG_PCI_ATMEL=m
1918CONFIG_PCMCIA_ATMEL=m
1919CONFIG_AT76C50X_USB=m
1920CONFIG_AIRO_CS=m
1921CONFIG_PCMCIA_WL3501=m
1922CONFIG_PRISM54=m
1923CONFIG_USB_ZD1201=m
1924CONFIG_USB_NET_RNDIS_WLAN=m
1925CONFIG_RTL8180=m
1926CONFIG_RTL8187=m
1927CONFIG_RTL8187_LEDS=y
1928CONFIG_ADM8211=m
1929CONFIG_MAC80211_HWSIM=m
1930CONFIG_MWL8K=m
1931CONFIG_ATH_COMMON=m
1932# CONFIG_ATH_DEBUG is not set
1933CONFIG_ATH5K=m
1934# CONFIG_ATH5K_DEBUG is not set
1935CONFIG_ATH5K_PCI=y
1936CONFIG_ATH9K_HW=m
1937CONFIG_ATH9K_COMMON=m
1938CONFIG_ATH9K=m
1939# CONFIG_ATH9K_DEBUGFS is not set
1940CONFIG_ATH9K_RATE_CONTROL=y
1941CONFIG_ATH9K_HTC=m
1942# CONFIG_ATH9K_HTC_DEBUGFS is not set
1943CONFIG_AR9170_USB=m
1944CONFIG_AR9170_LEDS=y
1945CONFIG_CARL9170=m
1946CONFIG_CARL9170_LEDS=y
1947CONFIG_CARL9170_WPC=y
1948CONFIG_B43=m
1949CONFIG_B43_PCI_AUTOSELECT=y
1950CONFIG_B43_PCICORE_AUTOSELECT=y
1951CONFIG_B43_PCMCIA=y
1952CONFIG_B43_SDIO=y
1953CONFIG_B43_PIO=y
1954CONFIG_B43_PHY_N=y
1955CONFIG_B43_PHY_LP=y
1956CONFIG_B43_LEDS=y
1957CONFIG_B43_HWRNG=y
1958# CONFIG_B43_DEBUG is not set
1959CONFIG_B43LEGACY=m
1960CONFIG_B43LEGACY_PCI_AUTOSELECT=y
1961CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
1962CONFIG_B43LEGACY_LEDS=y
1963CONFIG_B43LEGACY_HWRNG=y
1964CONFIG_B43LEGACY_DEBUG=y
1965CONFIG_B43LEGACY_DMA=y
1966CONFIG_B43LEGACY_PIO=y
1967CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
1968# CONFIG_B43LEGACY_DMA_MODE is not set
1969# CONFIG_B43LEGACY_PIO_MODE is not set
1970CONFIG_HOSTAP=m
1971CONFIG_HOSTAP_FIRMWARE=y
1972CONFIG_HOSTAP_FIRMWARE_NVRAM=y
1973CONFIG_HOSTAP_PLX=m
1974CONFIG_HOSTAP_PCI=m
1975CONFIG_HOSTAP_CS=m
1976CONFIG_IPW2100=m
1977CONFIG_IPW2100_MONITOR=y
1978# CONFIG_IPW2100_DEBUG is not set
1979CONFIG_IPW2200=m
1980CONFIG_IPW2200_MONITOR=y
1981CONFIG_IPW2200_RADIOTAP=y
1982CONFIG_IPW2200_PROMISCUOUS=y
1983CONFIG_IPW2200_QOS=y
1984# CONFIG_IPW2200_DEBUG is not set
1985CONFIG_LIBIPW=m
1986# CONFIG_LIBIPW_DEBUG is not set
1987CONFIG_IWLWIFI=m
1988
1989#
1990# Debugging Options
1991#
1992# CONFIG_IWLWIFI_DEBUG is not set
1993CONFIG_IWLAGN=m
1994CONFIG_IWL4965=y
1995CONFIG_IWL5000=y
1996CONFIG_IWL3945=m
1997CONFIG_IWM=m
1998# CONFIG_IWM_DEBUG is not set
1999CONFIG_LIBERTAS=m
2000CONFIG_LIBERTAS_USB=m
2001CONFIG_LIBERTAS_CS=m
2002CONFIG_LIBERTAS_SDIO=m
2003CONFIG_LIBERTAS_SPI=m
2004# CONFIG_LIBERTAS_DEBUG is not set
2005CONFIG_LIBERTAS_MESH=y
2006CONFIG_HERMES=m
2007# CONFIG_HERMES_PRISM is not set
2008CONFIG_HERMES_CACHE_FW_ON_INIT=y
2009CONFIG_PLX_HERMES=m
2010CONFIG_TMD_HERMES=m
2011CONFIG_NORTEL_HERMES=m
2012CONFIG_PCMCIA_HERMES=m
2013CONFIG_PCMCIA_SPECTRUM=m
2014CONFIG_ORINOCO_USB=m
2015CONFIG_P54_COMMON=m
2016CONFIG_P54_USB=m
2017CONFIG_P54_PCI=m
2018CONFIG_P54_SPI=m
2019# CONFIG_P54_SPI_DEFAULT_EEPROM is not set
2020CONFIG_P54_LEDS=y
2021CONFIG_RT2X00=m
2022CONFIG_RT2400PCI=m
2023CONFIG_RT2500PCI=m
2024CONFIG_RT61PCI=m
2025CONFIG_RT2800PCI=m
2026CONFIG_RT2800PCI_RT33XX=y
2027# CONFIG_RT2800PCI_RT35XX is not set
2028CONFIG_RT2500USB=m
2029CONFIG_RT73USB=m
2030CONFIG_RT2800USB=m
2031CONFIG_RT2800USB_RT33XX=y
2032# CONFIG_RT2800USB_RT35XX is not set
2033CONFIG_RT2800USB_UNKNOWN=y
2034CONFIG_RT2800_LIB=m
2035CONFIG_RT2X00_LIB_PCI=m
2036CONFIG_RT2X00_LIB_USB=m
2037CONFIG_RT2X00_LIB=m
2038CONFIG_RT2X00_LIB_HT=y
2039CONFIG_RT2X00_LIB_FIRMWARE=y
2040CONFIG_RT2X00_LIB_CRYPTO=y
2041CONFIG_RT2X00_LIB_LEDS=y
2042# CONFIG_RT2X00_DEBUG is not set
2043CONFIG_RTL8192CE=m
2044CONFIG_RTLWIFI=m
2045CONFIG_WL1251=m
2046CONFIG_WL1251_SPI=m
2047CONFIG_WL1251_SDIO=m
2048CONFIG_WL12XX_MENU=m
2049CONFIG_WL12XX=m
2050CONFIG_WL12XX_HT=y
2051CONFIG_WL12XX_SPI=m
2052CONFIG_WL12XX_SDIO=m
2053CONFIG_WL12XX_SDIO_TEST=m
2054CONFIG_WL12XX_PLATFORM_DATA=y
2055CONFIG_ZD1211RW=m
2056# CONFIG_ZD1211RW_DEBUG is not set
2057
2058#
2059# WiMAX Wireless Broadband devices
2060#
2061CONFIG_WIMAX_I2400M=m
2062CONFIG_WIMAX_I2400M_USB=m
2063CONFIG_WIMAX_I2400M_SDIO=m
2064CONFIG_WIMAX_IWMC3200_SDIO=y
2065CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8
2066
2067#
2068# USB Network Adapters
2069#
2070CONFIG_USB_CATC=m
2071CONFIG_USB_KAWETH=m
2072CONFIG_USB_PEGASUS=m
2073CONFIG_USB_RTL8150=m
2074CONFIG_USB_USBNET=m
2075CONFIG_USB_NET_AX8817X=m
2076CONFIG_USB_NET_CDCETHER=m
2077CONFIG_USB_NET_CDC_EEM=m
2078CONFIG_USB_NET_CDC_NCM=m
2079CONFIG_USB_NET_DM9601=m
2080CONFIG_USB_NET_SMSC75XX=m
2081CONFIG_USB_NET_SMSC95XX=m
2082CONFIG_USB_NET_GL620A=m
2083CONFIG_USB_NET_NET1080=m
2084CONFIG_USB_NET_PLUSB=m
2085CONFIG_USB_NET_MCS7830=m
2086CONFIG_USB_NET_RNDIS_HOST=m
2087CONFIG_USB_NET_CDC_SUBSET=m
2088CONFIG_USB_ALI_M5632=y
2089CONFIG_USB_AN2720=y
2090CONFIG_USB_BELKIN=y
2091CONFIG_USB_ARMLINUX=y
2092CONFIG_USB_EPSON2888=y
2093CONFIG_USB_KC2190=y
2094CONFIG_USB_NET_ZAURUS=m
2095CONFIG_USB_NET_CX82310_ETH=m
2096CONFIG_USB_HSO=m
2097CONFIG_USB_NET_INT51X1=m
2098CONFIG_USB_CDC_PHONET=m
2099CONFIG_USB_IPHETH=m
2100CONFIG_USB_SIERRA_NET=m
2101CONFIG_NET_PCMCIA=y
2102CONFIG_PCMCIA_3C589=m
2103CONFIG_PCMCIA_3C574=m
2104CONFIG_PCMCIA_FMVJ18X=m
2105CONFIG_PCMCIA_PCNET=m
2106CONFIG_PCMCIA_NMCLAN=m
2107CONFIG_PCMCIA_SMC91C92=m
2108CONFIG_PCMCIA_XIRC2PS=m
2109CONFIG_PCMCIA_AXNET=m
2110CONFIG_ARCNET_COM20020_CS=m
2111CONFIG_WAN=y
2112CONFIG_LANMEDIA=m
2113CONFIG_HDLC=m
2114CONFIG_HDLC_RAW=m
2115CONFIG_HDLC_RAW_ETH=m
2116CONFIG_HDLC_CISCO=m
2117CONFIG_HDLC_FR=m
2118CONFIG_HDLC_PPP=m
2119CONFIG_HDLC_X25=m
2120CONFIG_PCI200SYN=m
2121CONFIG_WANXL=m
2122# CONFIG_WANXL_BUILD_FIRMWARE is not set
2123CONFIG_PC300TOO=m
2124CONFIG_FARSYNC=m
2125CONFIG_DSCC4=m
2126CONFIG_DSCC4_PCISYNC=y
2127CONFIG_DSCC4_PCI_RST=y
2128CONFIG_DLCI=m
2129CONFIG_DLCI_MAX=8
2130CONFIG_WAN_ROUTER_DRIVERS=m
2131CONFIG_CYCLADES_SYNC=m
2132CONFIG_CYCLOMX_X25=y
2133CONFIG_LAPBETHER=m
2134CONFIG_X25_ASY=m
2135CONFIG_SBNI=m
2136CONFIG_SBNI_MULTILINE=y
2137CONFIG_ATM_DRIVERS=y
2138CONFIG_ATM_DUMMY=m
2139CONFIG_ATM_TCP=m
2140CONFIG_ATM_LANAI=m
2141CONFIG_ATM_ENI=m
2142# CONFIG_ATM_ENI_DEBUG is not set
2143# CONFIG_ATM_ENI_TUNE_BURST is not set
2144CONFIG_ATM_FIRESTREAM=m
2145CONFIG_ATM_ZATM=m
2146# CONFIG_ATM_ZATM_DEBUG is not set
2147CONFIG_ATM_NICSTAR=m
2148# CONFIG_ATM_NICSTAR_USE_SUNI is not set
2149# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set
2150CONFIG_ATM_IDT77252=m
2151# CONFIG_ATM_IDT77252_DEBUG is not set
2152# CONFIG_ATM_IDT77252_RCV_ALL is not set
2153CONFIG_ATM_IDT77252_USE_SUNI=y
2154CONFIG_ATM_AMBASSADOR=m
2155# CONFIG_ATM_AMBASSADOR_DEBUG is not set
2156CONFIG_ATM_HORIZON=m
2157# CONFIG_ATM_HORIZON_DEBUG is not set
2158CONFIG_ATM_IA=m
2159# CONFIG_ATM_IA_DEBUG is not set
2160CONFIG_ATM_FORE200E=m
2161CONFIG_ATM_FORE200E_USE_TASKLET=y
2162CONFIG_ATM_FORE200E_TX_RETRY=16
2163CONFIG_ATM_FORE200E_DEBUG=0
2164CONFIG_ATM_HE=m
2165CONFIG_ATM_HE_USE_SUNI=y
2166CONFIG_ATM_SOLOS=m
2167CONFIG_IEEE802154_DRIVERS=m
2168CONFIG_IEEE802154_FAKEHARD=m
2169
2170#
2171# CAIF transport drivers
2172#
2173CONFIG_CAIF_TTY=m
2174CONFIG_CAIF_SPI_SLAVE=m
2175# CONFIG_CAIF_SPI_SYNC is not set
2176CONFIG_XEN_NETDEV_FRONTEND=y
2177CONFIG_FDDI=y
2178CONFIG_DEFXX=m
2179# CONFIG_DEFXX_MMIO is not set
2180CONFIG_SKFP=m
2181CONFIG_HIPPI=y
2182CONFIG_ROADRUNNER=m
2183# CONFIG_ROADRUNNER_LARGE_RINGS is not set
2184CONFIG_PLIP=m
2185CONFIG_PPP=m
2186CONFIG_PPP_MULTILINK=y
2187CONFIG_PPP_FILTER=y
2188CONFIG_PPP_ASYNC=m
2189CONFIG_PPP_SYNC_TTY=m
2190CONFIG_PPP_DEFLATE=m
2191CONFIG_PPP_BSDCOMP=m
2192CONFIG_PPP_MPPE=m
2193CONFIG_PPPOE=m
2194CONFIG_PPTP=m
2195CONFIG_PPPOATM=m
2196CONFIG_PPPOL2TP=m
2197CONFIG_SLIP=m
2198CONFIG_SLIP_COMPRESSED=y
2199CONFIG_SLHC=m
2200CONFIG_SLIP_SMART=y
2201CONFIG_SLIP_MODE_SLIP6=y
2202# CONFIG_NET_FC is not set
2203CONFIG_NETCONSOLE=m
2204CONFIG_NETCONSOLE_DYNAMIC=y
2205CONFIG_NETPOLL=y
2206# CONFIG_NETPOLL_TRAP is not set
2207CONFIG_NET_POLL_CONTROLLER=y
2208CONFIG_VIRTIO_NET=m
2209CONFIG_VMXNET3=m
2210CONFIG_ISDN=y
2211# CONFIG_ISDN_I4L is not set
2212CONFIG_ISDN_CAPI=m
2213# CONFIG_ISDN_DRV_AVMB1_VERBOSE_REASON is not set
2214# CONFIG_CAPI_TRACE is not set
2215CONFIG_ISDN_CAPI_MIDDLEWARE=y
2216CONFIG_ISDN_CAPI_CAPI20=m
2217CONFIG_ISDN_CAPI_CAPIFS_BOOL=y
2218CONFIG_ISDN_CAPI_CAPIFS=m
2219
2220#
2221# CAPI hardware drivers
2222#
2223CONFIG_CAPI_AVM=y
2224CONFIG_ISDN_DRV_AVMB1_B1PCI=m
2225CONFIG_ISDN_DRV_AVMB1_B1PCIV4=y
2226CONFIG_ISDN_DRV_AVMB1_B1PCMCIA=m
2227CONFIG_ISDN_DRV_AVMB1_AVM_CS=m
2228CONFIG_ISDN_DRV_AVMB1_T1PCI=m
2229CONFIG_ISDN_DRV_AVMB1_C4=m
2230CONFIG_CAPI_EICON=y
2231CONFIG_ISDN_DIVAS=m
2232CONFIG_ISDN_DIVAS_BRIPCI=y
2233CONFIG_ISDN_DIVAS_PRIPCI=y
2234CONFIG_ISDN_DIVAS_DIVACAPI=m
2235CONFIG_ISDN_DIVAS_USERIDI=m
2236CONFIG_ISDN_DIVAS_MAINT=m
2237CONFIG_ISDN_DRV_GIGASET=m
2238CONFIG_GIGASET_CAPI=y
2239# CONFIG_GIGASET_DUMMYLL is not set
2240CONFIG_GIGASET_BASE=m
2241CONFIG_GIGASET_M105=m
2242CONFIG_GIGASET_M101=m
2243# CONFIG_GIGASET_DEBUG is not set
2244CONFIG_HYSDN=m
2245CONFIG_HYSDN_CAPI=y
2246CONFIG_MISDN=m
2247CONFIG_MISDN_DSP=m
2248CONFIG_MISDN_L1OIP=m
2249
2250#
2251# mISDN hardware drivers
2252#
2253CONFIG_MISDN_HFCPCI=m
2254CONFIG_MISDN_HFCMULTI=m
2255CONFIG_MISDN_HFCUSB=m
2256CONFIG_MISDN_AVMFRITZ=m
2257# CONFIG_MISDN_SPEEDFAX is not set
2258# CONFIG_MISDN_INFINEON is not set
2259# CONFIG_MISDN_W6692 is not set
2260# CONFIG_MISDN_NETJET is not set
2261CONFIG_MISDN_IPAC=m
2262# CONFIG_PHONE is not set
2263
2264#
2265# Input device support
2266#
2267CONFIG_INPUT=y
2268CONFIG_INPUT_FF_MEMLESS=m
2269CONFIG_INPUT_POLLDEV=m
2270CONFIG_INPUT_SPARSEKMAP=m
2271
2272#
2273# Userland interfaces
2274#
2275CONFIG_INPUT_MOUSEDEV=m
2276CONFIG_INPUT_MOUSEDEV_PSAUX=y
2277CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
2278CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
2279CONFIG_INPUT_JOYDEV=m
2280CONFIG_INPUT_EVDEV=m
2281CONFIG_INPUT_EVBUG=m
2282CONFIG_XEN_KBDDEV_FRONTEND=m
2283
2284#
2285# Input Device Drivers
2286#
2287CONFIG_INPUT_KEYBOARD=y
2288# CONFIG_KEYBOARD_ADP5588 is not set
2289CONFIG_KEYBOARD_ATKBD=y
2290# CONFIG_KEYBOARD_QT2160 is not set
2291CONFIG_KEYBOARD_LKKBD=m
2292CONFIG_KEYBOARD_GPIO=m
2293CONFIG_KEYBOARD_GPIO_POLLED=m
2294CONFIG_KEYBOARD_TCA6416=m
2295CONFIG_KEYBOARD_MATRIX=m
2296CONFIG_KEYBOARD_LM8323=m
2297# CONFIG_KEYBOARD_MAX7359 is not set
2298CONFIG_KEYBOARD_MCS=m
2299CONFIG_KEYBOARD_NEWTON=m
2300# CONFIG_KEYBOARD_OPENCORES is not set
2301CONFIG_KEYBOARD_STOWAWAY=m
2302CONFIG_KEYBOARD_SUNKBD=m
2303CONFIG_KEYBOARD_XTKBD=m
2304CONFIG_INPUT_MOUSE=y
2305CONFIG_MOUSE_PS2=m
2306CONFIG_MOUSE_PS2_ALPS=y
2307CONFIG_MOUSE_PS2_LOGIPS2PP=y
2308CONFIG_MOUSE_PS2_SYNAPTICS=y
2309CONFIG_MOUSE_PS2_LIFEBOOK=y
2310CONFIG_MOUSE_PS2_TRACKPOINT=y
2311# CONFIG_MOUSE_PS2_ELANTECH is not set
2312# CONFIG_MOUSE_PS2_SENTELIC is not set
2313# CONFIG_MOUSE_PS2_TOUCHKIT is not set
2314CONFIG_MOUSE_SERIAL=m
2315CONFIG_MOUSE_APPLETOUCH=m
2316CONFIG_MOUSE_BCM5974=m
2317CONFIG_MOUSE_VSXXXAA=m
2318CONFIG_MOUSE_GPIO=m
2319CONFIG_MOUSE_SYNAPTICS_I2C=m
2320# CONFIG_INPUT_JOYSTICK is not set
2321# CONFIG_INPUT_TABLET is not set
2322CONFIG_INPUT_TOUCHSCREEN=y
2323CONFIG_TOUCHSCREEN_ADS7846=m
2324CONFIG_TOUCHSCREEN_AD7877=m
2325CONFIG_TOUCHSCREEN_AD7879=m
2326CONFIG_TOUCHSCREEN_AD7879_I2C=m
2327CONFIG_TOUCHSCREEN_AD7879_SPI=m
2328CONFIG_TOUCHSCREEN_BU21013=m
2329CONFIG_TOUCHSCREEN_CY8CTMG110=m
2330CONFIG_TOUCHSCREEN_DYNAPRO=m
2331CONFIG_TOUCHSCREEN_HAMPSHIRE=m
2332CONFIG_TOUCHSCREEN_EETI=m
2333CONFIG_TOUCHSCREEN_FUJITSU=m
2334CONFIG_TOUCHSCREEN_GUNZE=m
2335CONFIG_TOUCHSCREEN_ELO=m
2336CONFIG_TOUCHSCREEN_WACOM_W8001=m
2337# CONFIG_TOUCHSCREEN_MCS5000 is not set
2338CONFIG_TOUCHSCREEN_MTOUCH=m
2339CONFIG_TOUCHSCREEN_INEXIO=m
2340CONFIG_TOUCHSCREEN_MK712=m
2341CONFIG_TOUCHSCREEN_PENMOUNT=m
2342CONFIG_TOUCHSCREEN_QT602240=m
2343CONFIG_TOUCHSCREEN_TOUCHRIGHT=m
2344CONFIG_TOUCHSCREEN_TOUCHWIN=m
2345CONFIG_TOUCHSCREEN_UCB1400=m
2346CONFIG_TOUCHSCREEN_WM97XX=m
2347CONFIG_TOUCHSCREEN_WM9705=y
2348CONFIG_TOUCHSCREEN_WM9712=y
2349CONFIG_TOUCHSCREEN_WM9713=y
2350CONFIG_TOUCHSCREEN_USB_COMPOSITE=m
2351# CONFIG_TOUCHSCREEN_MC13783 is not set
2352CONFIG_TOUCHSCREEN_USB_EGALAX=y
2353CONFIG_TOUCHSCREEN_USB_PANJIT=y
2354CONFIG_TOUCHSCREEN_USB_3M=y
2355CONFIG_TOUCHSCREEN_USB_ITM=y
2356CONFIG_TOUCHSCREEN_USB_ETURBO=y
2357CONFIG_TOUCHSCREEN_USB_GUNZE=y
2358CONFIG_TOUCHSCREEN_USB_DMC_TSC10=y
2359CONFIG_TOUCHSCREEN_USB_IRTOUCH=y
2360CONFIG_TOUCHSCREEN_USB_IDEALTEK=y
2361CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y
2362CONFIG_TOUCHSCREEN_USB_GOTOP=y
2363CONFIG_TOUCHSCREEN_USB_JASTEC=y
2364CONFIG_TOUCHSCREEN_USB_E2I=y
2365CONFIG_TOUCHSCREEN_USB_ZYTRONIC=y
2366CONFIG_TOUCHSCREEN_USB_ETT_TC45USB=y
2367CONFIG_TOUCHSCREEN_USB_NEXIO=y
2368CONFIG_TOUCHSCREEN_TOUCHIT213=m
2369CONFIG_TOUCHSCREEN_TSC2007=m
2370CONFIG_TOUCHSCREEN_ST1232=m
2371CONFIG_TOUCHSCREEN_TPS6507X=m
2372CONFIG_INPUT_MISC=y
2373CONFIG_INPUT_AD714X=m
2374CONFIG_INPUT_AD714X_I2C=m
2375CONFIG_INPUT_AD714X_SPI=m
2376CONFIG_INPUT_PCSPKR=m
2377CONFIG_INPUT_APANEL=m
2378CONFIG_INPUT_ATLAS_BTNS=m
2379CONFIG_INPUT_ATI_REMOTE=m
2380CONFIG_INPUT_ATI_REMOTE2=m
2381CONFIG_INPUT_KEYSPAN_REMOTE=m
2382CONFIG_INPUT_POWERMATE=m
2383CONFIG_INPUT_YEALINK=m
2384CONFIG_INPUT_CM109=m
2385CONFIG_INPUT_UINPUT=m
2386CONFIG_INPUT_PCF50633_PMU=m
2387CONFIG_INPUT_PCF8574=m
2388CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
2389CONFIG_INPUT_ADXL34X=m
2390CONFIG_INPUT_ADXL34X_I2C=m
2391CONFIG_INPUT_ADXL34X_SPI=m
2392CONFIG_INPUT_CMA3000=m
2393CONFIG_INPUT_CMA3000_I2C=m
2394
2395#
2396# Hardware I/O ports
2397#
2398CONFIG_SERIO=y
2399CONFIG_SERIO_I8042=y
2400CONFIG_SERIO_SERPORT=m
2401CONFIG_SERIO_CT82C710=m
2402CONFIG_SERIO_PARKBD=m
2403CONFIG_SERIO_PCIPS2=m
2404CONFIG_SERIO_LIBPS2=y
2405CONFIG_SERIO_RAW=m
2406CONFIG_SERIO_ALTERA_PS2=m
2407CONFIG_SERIO_PS2MULT=m
2408# CONFIG_GAMEPORT is not set
2409
2410#
2411# Character devices
2412#
2413CONFIG_VT=y
2414CONFIG_CONSOLE_TRANSLATIONS=y
2415CONFIG_VT_CONSOLE=y
2416CONFIG_HW_CONSOLE=y
2417# CONFIG_VT_HW_CONSOLE_BINDING is not set
2418CONFIG_SERIAL_NONSTANDARD=y
2419CONFIG_COMPUTONE=m
2420CONFIG_ROCKETPORT=m
2421CONFIG_CYCLADES=m
2422# CONFIG_CYZ_INTR is not set
2423CONFIG_DIGIEPCA=m
2424CONFIG_MOXA_INTELLIO=m
2425CONFIG_MOXA_SMARTIO=m
2426CONFIG_ISI=m
2427CONFIG_SYNCLINK=m
2428CONFIG_SYNCLINKMP=m
2429CONFIG_SYNCLINK_GT=m
2430CONFIG_N_HDLC=m
2431# CONFIG_N_GSM is not set
2432CONFIG_RISCOM8=m
2433CONFIG_SPECIALIX=m
2434CONFIG_STALDRV=y
2435CONFIG_STALLION=m
2436CONFIG_ISTALLION=m
2437CONFIG_NOZOMI=m
2438
2439#
2440# Serial drivers
2441#
2442CONFIG_SERIAL_8250=y
2443CONFIG_SERIAL_8250_CONSOLE=y
2444CONFIG_FIX_EARLYCON_MEM=y
2445CONFIG_SERIAL_8250_PCI=y
2446CONFIG_SERIAL_8250_PNP=y
2447CONFIG_SERIAL_8250_CS=m
2448CONFIG_SERIAL_8250_NR_UARTS=16
2449CONFIG_SERIAL_8250_RUNTIME_UARTS=4
2450CONFIG_SERIAL_8250_EXTENDED=y
2451CONFIG_SERIAL_8250_MANY_PORTS=y
2452CONFIG_SERIAL_8250_SHARE_IRQ=y
2453# CONFIG_SERIAL_8250_DETECT_IRQ is not set
2454CONFIG_SERIAL_8250_RSA=y
2455
2456#
2457# Non-8250 serial port support
2458#
2459CONFIG_SERIAL_MAX3100=m
2460CONFIG_SERIAL_MAX3107=m
2461CONFIG_SERIAL_MRST_MAX3110=m
2462CONFIG_SERIAL_MFD_HSU=m
2463CONFIG_SERIAL_UARTLITE=m
2464CONFIG_SERIAL_CORE=y
2465CONFIG_SERIAL_CORE_CONSOLE=y
2466CONFIG_SERIAL_JSM=m
2467CONFIG_SERIAL_TIMBERDALE=m
2468CONFIG_SERIAL_ALTERA_JTAGUART=m
2469CONFIG_SERIAL_ALTERA_UART=m
2470CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4
2471CONFIG_SERIAL_ALTERA_UART_BAUDRATE=115200
2472CONFIG_SERIAL_IFX6X60=m
2473CONFIG_SERIAL_PCH_UART=m
2474CONFIG_UNIX98_PTYS=y
2475CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
2476# CONFIG_LEGACY_PTYS is not set
2477# CONFIG_TTY_PRINTK is not set
2478CONFIG_PRINTER=m
2479# CONFIG_LP_CONSOLE is not set
2480CONFIG_PPDEV=m
2481CONFIG_HVC_DRIVER=y
2482CONFIG_HVC_IRQ=y
2483CONFIG_HVC_XEN=y
2484CONFIG_VIRTIO_CONSOLE=m
2485CONFIG_IPMI_HANDLER=m
2486# CONFIG_IPMI_PANIC_EVENT is not set
2487CONFIG_IPMI_DEVICE_INTERFACE=m
2488CONFIG_IPMI_SI=m
2489CONFIG_IPMI_WATCHDOG=m
2490CONFIG_IPMI_POWEROFF=m
2491CONFIG_HW_RANDOM=m
2492CONFIG_HW_RANDOM_TIMERIOMEM=m
2493CONFIG_HW_RANDOM_INTEL=m
2494CONFIG_HW_RANDOM_AMD=m
2495CONFIG_HW_RANDOM_VIA=m
2496CONFIG_HW_RANDOM_VIRTIO=m
2497CONFIG_NVRAM=m
2498CONFIG_R3964=m
2499CONFIG_APPLICOM=m
2500
2501#
2502# PCMCIA character devices
2503#
2504CONFIG_SYNCLINK_CS=m
2505CONFIG_CARDMAN_4000=m
2506CONFIG_CARDMAN_4040=m
2507CONFIG_IPWIRELESS=m
2508CONFIG_MWAVE=m
2509CONFIG_RAW_DRIVER=m
2510CONFIG_MAX_RAW_DEVS=256
2511CONFIG_HPET=y
2512CONFIG_HPET_MMAP=y
2513CONFIG_HANGCHECK_TIMER=m
2514CONFIG_TCG_TPM=m
2515CONFIG_TCG_TIS=m
2516CONFIG_TCG_NSC=m
2517CONFIG_TCG_ATMEL=m
2518CONFIG_TCG_INFINEON=m
2519CONFIG_TELCLOCK=m
2520CONFIG_RAMOOPS=m
2521CONFIG_I2C=m
2522CONFIG_I2C_BOARDINFO=y
2523CONFIG_I2C_COMPAT=y
2524CONFIG_I2C_CHARDEV=m
2525CONFIG_I2C_MUX=m
2526
2527#
2528# Multiplexer I2C Chip support
2529#
2530CONFIG_I2C_MUX_GPIO=m
2531CONFIG_I2C_MUX_PCA9541=m
2532CONFIG_I2C_MUX_PCA954x=m
2533CONFIG_I2C_HELPER_AUTO=y
2534CONFIG_I2C_SMBUS=m
2535CONFIG_I2C_ALGOBIT=m
2536CONFIG_I2C_ALGOPCA=m
2537
2538#
2539# I2C Hardware Bus support
2540#
2541
2542#
2543# PC SMBus host controller drivers
2544#
2545CONFIG_I2C_ALI1535=m
2546CONFIG_I2C_ALI1563=m
2547CONFIG_I2C_ALI15X3=m
2548CONFIG_I2C_AMD756=m
2549CONFIG_I2C_AMD756_S4882=m
2550CONFIG_I2C_AMD8111=m
2551CONFIG_I2C_I801=m
2552CONFIG_I2C_ISCH=m
2553CONFIG_I2C_PIIX4=m
2554CONFIG_I2C_NFORCE2=m
2555CONFIG_I2C_NFORCE2_S4985=m
2556CONFIG_I2C_SIS5595=m
2557CONFIG_I2C_SIS630=m
2558CONFIG_I2C_SIS96X=m
2559CONFIG_I2C_VIA=m
2560CONFIG_I2C_VIAPRO=m
2561
2562#
2563# ACPI drivers
2564#
2565CONFIG_I2C_SCMI=m
2566
2567#
2568# I2C system bus drivers (mostly embedded / system-on-chip)
2569#
2570CONFIG_I2C_GPIO=m
2571CONFIG_I2C_INTEL_MID=m
2572CONFIG_I2C_OCORES=m
2573CONFIG_I2C_PCA_PLATFORM=m
2574CONFIG_I2C_SIMTEC=m
2575CONFIG_I2C_XILINX=m
2576CONFIG_I2C_EG20T=m
2577
2578#
2579# External I2C/SMBus adapter drivers
2580#
2581CONFIG_I2C_PARPORT=m
2582CONFIG_I2C_PARPORT_LIGHT=m
2583CONFIG_I2C_TAOS_EVM=m
2584CONFIG_I2C_TINY_USB=m
2585
2586#
2587# Other I2C/SMBus bus drivers
2588#
2589CONFIG_I2C_STUB=m
2590# CONFIG_I2C_DEBUG_CORE is not set
2591# CONFIG_I2C_DEBUG_ALGO is not set
2592# CONFIG_I2C_DEBUG_BUS is not set
2593CONFIG_SPI=y
2594CONFIG_SPI_MASTER=y
2595
2596#
2597# SPI Master Controller Drivers
2598#
2599CONFIG_SPI_BITBANG=m
2600CONFIG_SPI_BUTTERFLY=m
2601CONFIG_SPI_GPIO=m
2602CONFIG_SPI_LM70_LLP=m
2603# CONFIG_SPI_PXA2XX_PCI is not set
2604CONFIG_SPI_TOPCLIFF_PCH=m
2605# CONFIG_SPI_XILINX is not set
2606CONFIG_SPI_DESIGNWARE=m
2607CONFIG_SPI_DW_PCI=m
2608
2609#
2610# SPI Protocol Masters
2611#
2612CONFIG_SPI_SPIDEV=m
2613CONFIG_SPI_TLE62X0=m
2614
2615#
2616# PPS support
2617#
2618# CONFIG_PPS is not set
2619
2620#
2621# PPS generators support
2622#
2623CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
2624CONFIG_GPIOLIB=y
2625# CONFIG_GPIO_SYSFS is not set
2626CONFIG_GPIO_MAX730X=m
2627
2628#
2629# Memory mapped GPIO expanders:
2630#
2631CONFIG_GPIO_BASIC_MMIO=m
2632CONFIG_GPIO_IT8761E=m
2633CONFIG_GPIO_SCH=m
2634CONFIG_GPIO_VX855=m
2635
2636#
2637# I2C GPIO expanders:
2638#
2639CONFIG_GPIO_MAX7300=m
2640CONFIG_GPIO_MAX732X=m
2641CONFIG_GPIO_PCA953X=m
2642CONFIG_GPIO_PCF857X=m
2643CONFIG_GPIO_ADP5588=m
2644
2645#
2646# PCI GPIO expanders:
2647#
2648CONFIG_GPIO_CS5535=m
2649# CONFIG_GPIO_LANGWELL is not set
2650CONFIG_GPIO_PCH=m
2651CONFIG_GPIO_ML_IOH=m
2652CONFIG_GPIO_TIMBERDALE=y
2653CONFIG_GPIO_RDC321X=m
2654
2655#
2656# SPI GPIO expanders:
2657#
2658CONFIG_GPIO_MAX7301=m
2659CONFIG_GPIO_MCP23S08=m
2660# CONFIG_GPIO_MC33880 is not set
2661CONFIG_GPIO_74X164=m
2662
2663#
2664# AC97 GPIO expanders:
2665#
2666# CONFIG_GPIO_UCB1400 is not set
2667
2668#
2669# MODULbus GPIO expanders:
2670#
2671CONFIG_GPIO_JANZ_TTL=m
2672CONFIG_W1=m
2673CONFIG_W1_CON=y
2674
2675#
2676# 1-wire Bus Masters
2677#
2678CONFIG_W1_MASTER_MATROX=m
2679CONFIG_W1_MASTER_DS2490=m
2680CONFIG_W1_MASTER_DS2482=m
2681CONFIG_W1_MASTER_GPIO=m
2682
2683#
2684# 1-wire Slaves
2685#
2686CONFIG_W1_SLAVE_THERM=m
2687CONFIG_W1_SLAVE_SMEM=m
2688CONFIG_W1_SLAVE_DS2423=m
2689CONFIG_W1_SLAVE_DS2431=m
2690CONFIG_W1_SLAVE_DS2433=m
2691# CONFIG_W1_SLAVE_DS2433_CRC is not set
2692CONFIG_W1_SLAVE_DS2760=m
2693CONFIG_W1_SLAVE_BQ27000=m
2694CONFIG_POWER_SUPPLY=y
2695# CONFIG_POWER_SUPPLY_DEBUG is not set
2696CONFIG_PDA_POWER=m
2697CONFIG_TEST_POWER=m
2698CONFIG_BATTERY_DS2760=m
2699CONFIG_BATTERY_DS2782=m
2700CONFIG_BATTERY_BQ20Z75=m
2701CONFIG_BATTERY_BQ27x00=m
2702CONFIG_BATTERY_MAX17040=m
2703CONFIG_BATTERY_MAX17042=m
2704CONFIG_CHARGER_PCF50633=m
2705CONFIG_CHARGER_ISP1704=m
2706CONFIG_CHARGER_GPIO=m
2707CONFIG_HWMON=m
2708CONFIG_HWMON_VID=m
2709# CONFIG_HWMON_DEBUG_CHIP is not set
2710
2711#
2712# Native drivers
2713#
2714CONFIG_SENSORS_ABITUGURU=m
2715CONFIG_SENSORS_ABITUGURU3=m
2716CONFIG_SENSORS_AD7414=m
2717CONFIG_SENSORS_AD7418=m
2718CONFIG_SENSORS_ADCXX=m
2719CONFIG_SENSORS_ADM1021=m
2720CONFIG_SENSORS_ADM1025=m
2721CONFIG_SENSORS_ADM1026=m
2722CONFIG_SENSORS_ADM1029=m
2723CONFIG_SENSORS_ADM1031=m
2724CONFIG_SENSORS_ADM9240=m
2725CONFIG_SENSORS_ADT7411=m
2726CONFIG_SENSORS_ADT7462=m
2727CONFIG_SENSORS_ADT7470=m
2728CONFIG_SENSORS_ADT7475=m
2729CONFIG_SENSORS_ASC7621=m
2730CONFIG_SENSORS_K8TEMP=m
2731CONFIG_SENSORS_K10TEMP=m
2732CONFIG_SENSORS_ASB100=m
2733CONFIG_SENSORS_ATXP1=m
2734CONFIG_SENSORS_DS620=m
2735CONFIG_SENSORS_DS1621=m
2736CONFIG_SENSORS_I5K_AMB=m
2737CONFIG_SENSORS_F71805F=m
2738CONFIG_SENSORS_F71882FG=m
2739CONFIG_SENSORS_F75375S=m
2740CONFIG_SENSORS_FSCHMD=m
2741CONFIG_SENSORS_G760A=m
2742CONFIG_SENSORS_GL518SM=m
2743CONFIG_SENSORS_GL520SM=m
2744CONFIG_SENSORS_GPIO_FAN=m
2745CONFIG_SENSORS_CORETEMP=m
2746CONFIG_SENSORS_PKGTEMP=m
2747CONFIG_SENSORS_IBMAEM=m
2748CONFIG_SENSORS_IBMPEX=m
2749CONFIG_SENSORS_IT87=m
2750CONFIG_SENSORS_JC42=m
2751CONFIG_SENSORS_LM63=m
2752CONFIG_SENSORS_LM70=m
2753CONFIG_SENSORS_LM73=m
2754CONFIG_SENSORS_LM75=m
2755CONFIG_SENSORS_LM77=m
2756CONFIG_SENSORS_LM78=m
2757CONFIG_SENSORS_LM80=m
2758CONFIG_SENSORS_LM83=m
2759CONFIG_SENSORS_LM85=m
2760CONFIG_SENSORS_LM87=m
2761CONFIG_SENSORS_LM90=m
2762CONFIG_SENSORS_LM92=m
2763CONFIG_SENSORS_LM93=m
2764CONFIG_SENSORS_LTC4215=m
2765CONFIG_SENSORS_LTC4245=m
2766CONFIG_SENSORS_LTC4261=m
2767CONFIG_SENSORS_LM95241=m
2768CONFIG_SENSORS_MAX1111=m
2769CONFIG_SENSORS_MAX1619=m
2770CONFIG_SENSORS_MAX6650=m
2771CONFIG_SENSORS_PC87360=m
2772CONFIG_SENSORS_PC87427=m
2773CONFIG_SENSORS_PCF8591=m
2774CONFIG_SENSORS_SHT15=m
2775CONFIG_SENSORS_SHT21=m
2776CONFIG_SENSORS_SIS5595=m
2777CONFIG_SENSORS_SMM665=m
2778CONFIG_SENSORS_DME1737=m
2779CONFIG_SENSORS_EMC1403=m
2780CONFIG_SENSORS_EMC2103=m
2781CONFIG_SENSORS_SMSC47M1=m
2782CONFIG_SENSORS_SMSC47M192=m
2783CONFIG_SENSORS_SMSC47B397=m
2784CONFIG_SENSORS_ADS7828=m
2785CONFIG_SENSORS_ADS7871=m
2786CONFIG_SENSORS_AMC6821=m
2787CONFIG_SENSORS_THMC50=m
2788CONFIG_SENSORS_TMP102=m
2789CONFIG_SENSORS_TMP401=m
2790CONFIG_SENSORS_TMP421=m
2791CONFIG_SENSORS_VIA_CPUTEMP=m
2792CONFIG_SENSORS_VIA686A=m
2793CONFIG_SENSORS_VT1211=m
2794CONFIG_SENSORS_VT8231=m
2795CONFIG_SENSORS_W83781D=m
2796CONFIG_SENSORS_W83791D=m
2797CONFIG_SENSORS_W83792D=m
2798CONFIG_SENSORS_W83793=m
2799CONFIG_SENSORS_W83795=m
2800CONFIG_SENSORS_W83795_FANCTRL=y
2801CONFIG_SENSORS_W83L785TS=m
2802CONFIG_SENSORS_W83L786NG=m
2803CONFIG_SENSORS_W83627HF=m
2804CONFIG_SENSORS_W83627EHF=m
2805CONFIG_SENSORS_LIS3_I2C=m
2806CONFIG_SENSORS_APPLESMC=m
2807# CONFIG_SENSORS_MC13783_ADC is not set
2808
2809#
2810# ACPI drivers
2811#
2812CONFIG_SENSORS_ATK0110=m
2813CONFIG_SENSORS_LIS3LV02D=m
2814CONFIG_THERMAL=y
2815CONFIG_WATCHDOG=y
2816# CONFIG_WATCHDOG_NOWAYOUT is not set
2817
2818#
2819# Watchdog Device Drivers
2820#
2821CONFIG_SOFT_WATCHDOG=m
2822CONFIG_ACQUIRE_WDT=m
2823CONFIG_ADVANTECH_WDT=m
2824CONFIG_ALIM1535_WDT=m
2825CONFIG_ALIM7101_WDT=m
2826CONFIG_F71808E_WDT=m
2827CONFIG_SP5100_TCO=m
2828CONFIG_GEODE_WDT=m
2829CONFIG_SC520_WDT=m
2830# CONFIG_SBC_FITPC2_WATCHDOG is not set
2831CONFIG_EUROTECH_WDT=m
2832CONFIG_IB700_WDT=m
2833CONFIG_IBMASR=m
2834CONFIG_WAFER_WDT=m
2835CONFIG_I6300ESB_WDT=m
2836CONFIG_ITCO_WDT=m
2837CONFIG_ITCO_VENDOR_SUPPORT=y
2838CONFIG_IT8712F_WDT=m
2839CONFIG_IT87_WDT=m
2840# CONFIG_HP_WATCHDOG is not set
2841CONFIG_SC1200_WDT=m
2842CONFIG_PC87413_WDT=m
2843CONFIG_NV_TCO=m
2844CONFIG_60XX_WDT=m
2845CONFIG_SBC8360_WDT=m
2846CONFIG_CPU5_WDT=m
2847CONFIG_SMSC_SCH311X_WDT=m
2848CONFIG_SMSC37B787_WDT=m
2849CONFIG_W83627HF_WDT=m
2850CONFIG_W83697HF_WDT=m
2851CONFIG_W83697UG_WDT=m
2852CONFIG_W83877F_WDT=m
2853CONFIG_W83977F_WDT=m
2854CONFIG_MACHZ_WDT=m
2855CONFIG_SBC_EPX_C3_WATCHDOG=m
2856
2857#
2858# PCI-based Watchdog Cards
2859#
2860CONFIG_PCIPCWATCHDOG=m
2861CONFIG_WDTPCI=m
2862
2863#
2864# USB-based Watchdog Cards
2865#
2866CONFIG_USBPCWATCHDOG=m
2867CONFIG_SSB_POSSIBLE=y
2868
2869#
2870# Sonics Silicon Backplane
2871#
2872CONFIG_SSB=m
2873CONFIG_SSB_SPROM=y
2874CONFIG_SSB_BLOCKIO=y
2875CONFIG_SSB_PCIHOST_POSSIBLE=y
2876CONFIG_SSB_PCIHOST=y
2877CONFIG_SSB_B43_PCI_BRIDGE=y
2878CONFIG_SSB_PCMCIAHOST_POSSIBLE=y
2879CONFIG_SSB_PCMCIAHOST=y
2880CONFIG_SSB_SDIOHOST_POSSIBLE=y
2881CONFIG_SSB_SDIOHOST=y
2882# CONFIG_SSB_SILENT is not set
2883# CONFIG_SSB_DEBUG is not set
2884CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
2885CONFIG_SSB_DRIVER_PCICORE=y
2886CONFIG_MFD_SUPPORT=y
2887CONFIG_MFD_CORE=m
2888CONFIG_MFD_SM501=m
2889# CONFIG_MFD_SM501_GPIO is not set
2890CONFIG_HTC_PASIC3=m
2891CONFIG_UCB1400_CORE=m
2892CONFIG_TPS65010=m
2893CONFIG_TPS6507X=m
2894# CONFIG_MFD_TMIO is not set
2895CONFIG_MFD_WM8400=m
2896# CONFIG_MFD_WM831X_SPI is not set
2897CONFIG_MFD_PCF50633=m
2898CONFIG_MFD_MC13783=m
2899CONFIG_MFD_MC13XXX=m
2900CONFIG_PCF50633_ADC=m
2901CONFIG_PCF50633_GPIO=m
2902CONFIG_ABX500_CORE=y
2903# CONFIG_EZX_PCAP is not set
2904# CONFIG_AB8500_CORE is not set
2905CONFIG_MFD_CS5535=m
2906CONFIG_MFD_TIMBERDALE=m
2907CONFIG_LPC_SCH=m
2908CONFIG_MFD_RDC321X=m
2909CONFIG_MFD_JANZ_CMODIO=m
2910CONFIG_MFD_VX855=m
2911CONFIG_MFD_WL1273_CORE=m
2912CONFIG_REGULATOR=y
2913# CONFIG_REGULATOR_DEBUG is not set
2914# CONFIG_REGULATOR_DUMMY is not set
2915# CONFIG_REGULATOR_FIXED_VOLTAGE is not set
2916CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
2917CONFIG_REGULATOR_USERSPACE_CONSUMER=m
2918CONFIG_REGULATOR_BQ24022=m
2919CONFIG_REGULATOR_MAX1586=m
2920CONFIG_REGULATOR_MAX8649=m
2921CONFIG_REGULATOR_MAX8660=m
2922CONFIG_REGULATOR_MAX8952=m
2923CONFIG_REGULATOR_WM8400=m
2924CONFIG_REGULATOR_PCF50633=m
2925CONFIG_REGULATOR_LP3971=m
2926CONFIG_REGULATOR_LP3972=m
2927CONFIG_REGULATOR_MC13XXX_CORE=m
2928CONFIG_REGULATOR_MC13783=m
2929CONFIG_REGULATOR_MC13892=m
2930# CONFIG_REGULATOR_TPS65023 is not set
2931# CONFIG_REGULATOR_TPS6507X is not set
2932CONFIG_REGULATOR_ISL6271A=m
2933# CONFIG_REGULATOR_AD5398 is not set
2934CONFIG_REGULATOR_TPS6524X=m
2935CONFIG_MEDIA_SUPPORT=m
2936
2937#
2938# Multimedia core support
2939#
2940CONFIG_VIDEO_DEV=m
2941CONFIG_VIDEO_V4L2_COMMON=m
2942CONFIG_DVB_CORE=m
2943CONFIG_VIDEO_MEDIA=m
2944
2945#
2946# Multimedia drivers
2947#
2948CONFIG_VIDEO_SAA7146=m
2949CONFIG_VIDEO_SAA7146_VV=m
2950CONFIG_RC_CORE=m
2951CONFIG_LIRC=m
2952CONFIG_RC_MAP=m
2953CONFIG_IR_NEC_DECODER=m
2954CONFIG_IR_RC5_DECODER=m
2955CONFIG_IR_RC6_DECODER=m
2956CONFIG_IR_JVC_DECODER=m
2957CONFIG_IR_SONY_DECODER=m
2958CONFIG_IR_RC5_SZ_DECODER=m
2959CONFIG_IR_LIRC_CODEC=m
2960# CONFIG_IR_ENE is not set
2961CONFIG_IR_IMON=m
2962# CONFIG_IR_MCEUSB is not set
2963# CONFIG_IR_NUVOTON is not set
2964# CONFIG_IR_STREAMZAP is not set
2965CONFIG_IR_WINBOND_CIR=m
2966CONFIG_RC_LOOPBACK=m
2967# CONFIG_MEDIA_ATTACH is not set
2968CONFIG_MEDIA_TUNER=m
2969# CONFIG_MEDIA_TUNER_CUSTOMISE is not set
2970CONFIG_MEDIA_TUNER_SIMPLE=m
2971CONFIG_MEDIA_TUNER_TDA8290=m
2972CONFIG_MEDIA_TUNER_TDA827X=m
2973CONFIG_MEDIA_TUNER_TDA18271=m
2974CONFIG_MEDIA_TUNER_TDA9887=m
2975CONFIG_MEDIA_TUNER_TEA5761=m
2976CONFIG_MEDIA_TUNER_TEA5767=m
2977CONFIG_MEDIA_TUNER_MT20XX=m
2978CONFIG_MEDIA_TUNER_MT2060=m
2979CONFIG_MEDIA_TUNER_MT2266=m
2980CONFIG_MEDIA_TUNER_MT2131=m
2981CONFIG_MEDIA_TUNER_QT1010=m
2982CONFIG_MEDIA_TUNER_XC2028=m
2983CONFIG_MEDIA_TUNER_XC5000=m
2984CONFIG_MEDIA_TUNER_MXL5005S=m
2985CONFIG_MEDIA_TUNER_MXL5007T=m
2986CONFIG_MEDIA_TUNER_MC44S803=m
2987CONFIG_MEDIA_TUNER_MAX2165=m
2988CONFIG_MEDIA_TUNER_TDA18218=m
2989CONFIG_VIDEO_V4L2=m
2990CONFIG_VIDEOBUF_GEN=m
2991CONFIG_VIDEOBUF_DMA_SG=m
2992CONFIG_VIDEOBUF_VMALLOC=m
2993CONFIG_VIDEOBUF_DMA_CONTIG=m
2994CONFIG_VIDEOBUF_DVB=m
2995CONFIG_VIDEO_BTCX=m
2996CONFIG_VIDEO_TVEEPROM=m
2997CONFIG_VIDEO_TUNER=m
2998CONFIG_V4L2_MEM2MEM_DEV=m
2999CONFIG_VIDEO_CAPTURE_DRIVERS=y
3000# CONFIG_VIDEO_ADV_DEBUG is not set
3001# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set
3002# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set
3003CONFIG_VIDEO_IR_I2C=m
3004
3005#
3006# Encoders/decoders and other helper chips
3007#
3008
3009#
3010# Audio decoders
3011#
3012CONFIG_VIDEO_TVAUDIO=m
3013CONFIG_VIDEO_TDA7432=m
3014CONFIG_VIDEO_TDA9840=m
3015CONFIG_VIDEO_TEA6415C=m
3016CONFIG_VIDEO_TEA6420=m
3017CONFIG_VIDEO_MSP3400=m
3018CONFIG_VIDEO_CS5345=m
3019CONFIG_VIDEO_CS53L32A=m
3020CONFIG_VIDEO_M52790=m
3021CONFIG_VIDEO_TLV320AIC23B=m
3022CONFIG_VIDEO_WM8775=m
3023CONFIG_VIDEO_WM8739=m
3024CONFIG_VIDEO_VP27SMPX=m
3025
3026#
3027# RDS decoders
3028#
3029CONFIG_VIDEO_SAA6588=m
3030
3031#
3032# Video decoders
3033#
3034CONFIG_VIDEO_ADV7180=m
3035CONFIG_VIDEO_BT819=m
3036CONFIG_VIDEO_BT856=m
3037CONFIG_VIDEO_BT866=m
3038CONFIG_VIDEO_KS0127=m
3039CONFIG_VIDEO_OV7670=m
3040CONFIG_VIDEO_MT9V011=m
3041CONFIG_VIDEO_TCM825X=m
3042CONFIG_VIDEO_SAA7110=m
3043CONFIG_VIDEO_SAA711X=m
3044CONFIG_VIDEO_SAA717X=m
3045CONFIG_VIDEO_SAA7191=m
3046CONFIG_VIDEO_TVP514X=m
3047CONFIG_VIDEO_TVP5150=m
3048CONFIG_VIDEO_TVP7002=m
3049CONFIG_VIDEO_VPX3220=m
3050
3051#
3052# Video and audio decoders
3053#
3054CONFIG_VIDEO_CX25840=m
3055
3056#
3057# MPEG video encoders
3058#
3059CONFIG_VIDEO_CX2341X=m
3060
3061#
3062# Video encoders
3063#
3064CONFIG_VIDEO_SAA7127=m
3065CONFIG_VIDEO_SAA7185=m
3066CONFIG_VIDEO_ADV7170=m
3067CONFIG_VIDEO_ADV7175=m
3068CONFIG_VIDEO_THS7303=m
3069CONFIG_VIDEO_ADV7343=m
3070CONFIG_VIDEO_AK881X=m
3071
3072#
3073# Video improvement chips
3074#
3075CONFIG_VIDEO_UPD64031A=m
3076CONFIG_VIDEO_UPD64083=m
3077# CONFIG_VIDEO_VIVI is not set
3078CONFIG_VIDEO_BT848=m
3079CONFIG_VIDEO_BT848_DVB=y
3080CONFIG_VIDEO_BWQCAM=m
3081CONFIG_VIDEO_CQCAM=m
3082# CONFIG_VIDEO_CPIA2 is not set
3083CONFIG_VIDEO_ZORAN=m
3084CONFIG_VIDEO_ZORAN_DC30=m
3085CONFIG_VIDEO_ZORAN_ZR36060=m
3086CONFIG_VIDEO_ZORAN_BUZ=m
3087CONFIG_VIDEO_ZORAN_DC10=m
3088CONFIG_VIDEO_ZORAN_LML33=m
3089CONFIG_VIDEO_ZORAN_LML33R10=m
3090CONFIG_VIDEO_ZORAN_AVS6EYES=m
3091CONFIG_VIDEO_MEYE=m
3092CONFIG_VIDEO_SAA7134=m
3093CONFIG_VIDEO_SAA7134_ALSA=m
3094CONFIG_VIDEO_SAA7134_RC=y
3095CONFIG_VIDEO_SAA7134_DVB=m
3096CONFIG_VIDEO_MXB=m
3097CONFIG_VIDEO_HEXIUM_ORION=m
3098CONFIG_VIDEO_HEXIUM_GEMINI=m
3099CONFIG_VIDEO_TIMBERDALE=m
3100CONFIG_VIDEO_CX88=m
3101CONFIG_VIDEO_CX88_ALSA=m
3102CONFIG_VIDEO_CX88_BLACKBIRD=m
3103CONFIG_VIDEO_CX88_DVB=m
3104CONFIG_VIDEO_CX88_MPEG=m
3105CONFIG_VIDEO_CX88_VP3054=m
3106CONFIG_VIDEO_CX23885=m
3107CONFIG_VIDEO_AU0828=m
3108CONFIG_VIDEO_IVTV=m
3109CONFIG_VIDEO_FB_IVTV=m
3110CONFIG_VIDEO_CX18=m
3111CONFIG_VIDEO_CX18_ALSA=m
3112CONFIG_VIDEO_SAA7164=m
3113CONFIG_VIDEO_CAFE_CCIC=m
3114# CONFIG_VIDEO_SR030PC30 is not set
3115# CONFIG_VIDEO_VIA_CAMERA is not set
3116CONFIG_SOC_CAMERA=m
3117# CONFIG_SOC_CAMERA_IMX074 is not set
3118CONFIG_SOC_CAMERA_MT9M001=m
3119CONFIG_SOC_CAMERA_MT9M111=m
3120CONFIG_SOC_CAMERA_MT9T031=m
3121CONFIG_SOC_CAMERA_MT9T112=m
3122CONFIG_SOC_CAMERA_MT9V022=m
3123CONFIG_SOC_CAMERA_RJ54N1=m
3124CONFIG_SOC_CAMERA_TW9910=m
3125CONFIG_SOC_CAMERA_PLATFORM=m
3126CONFIG_SOC_CAMERA_OV2640=m
3127# CONFIG_SOC_CAMERA_OV6650 is not set
3128CONFIG_SOC_CAMERA_OV772X=m
3129CONFIG_SOC_CAMERA_OV9640=m
3130CONFIG_V4L_USB_DRIVERS=y
3131CONFIG_USB_VIDEO_CLASS=m
3132CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
3133CONFIG_USB_GSPCA=m
3134CONFIG_USB_M5602=m
3135CONFIG_USB_STV06XX=m
3136CONFIG_USB_GL860=m
3137CONFIG_USB_GSPCA_BENQ=m
3138CONFIG_USB_GSPCA_CONEX=m
3139CONFIG_USB_GSPCA_CPIA1=m
3140CONFIG_USB_GSPCA_ETOMS=m
3141CONFIG_USB_GSPCA_FINEPIX=m
3142CONFIG_USB_GSPCA_JEILINJ=m
3143# CONFIG_USB_GSPCA_KONICA is not set
3144CONFIG_USB_GSPCA_MARS=m
3145CONFIG_USB_GSPCA_MR97310A=m
3146CONFIG_USB_GSPCA_OV519=m
3147CONFIG_USB_GSPCA_OV534=m
3148CONFIG_USB_GSPCA_OV534_9=m
3149CONFIG_USB_GSPCA_PAC207=m
3150CONFIG_USB_GSPCA_PAC7302=m
3151CONFIG_USB_GSPCA_PAC7311=m
3152CONFIG_USB_GSPCA_SN9C2028=m
3153CONFIG_USB_GSPCA_SN9C20X=m
3154CONFIG_USB_GSPCA_SONIXB=m
3155CONFIG_USB_GSPCA_SONIXJ=m
3156CONFIG_USB_GSPCA_SPCA500=m
3157CONFIG_USB_GSPCA_SPCA501=m
3158CONFIG_USB_GSPCA_SPCA505=m
3159CONFIG_USB_GSPCA_SPCA506=m
3160CONFIG_USB_GSPCA_SPCA508=m
3161CONFIG_USB_GSPCA_SPCA561=m
3162# CONFIG_USB_GSPCA_SPCA1528 is not set
3163CONFIG_USB_GSPCA_SQ905=m
3164CONFIG_USB_GSPCA_SQ905C=m
3165# CONFIG_USB_GSPCA_SQ930X is not set
3166CONFIG_USB_GSPCA_STK014=m
3167CONFIG_USB_GSPCA_STV0680=m
3168CONFIG_USB_GSPCA_SUNPLUS=m
3169CONFIG_USB_GSPCA_T613=m
3170CONFIG_USB_GSPCA_TV8532=m
3171CONFIG_USB_GSPCA_VC032X=m
3172# CONFIG_USB_GSPCA_XIRLINK_CIT is not set
3173CONFIG_USB_GSPCA_ZC3XX=m
3174CONFIG_VIDEO_PVRUSB2=m
3175CONFIG_VIDEO_PVRUSB2_SYSFS=y
3176CONFIG_VIDEO_PVRUSB2_DVB=y
3177# CONFIG_VIDEO_PVRUSB2_DEBUGIFC is not set
3178CONFIG_VIDEO_HDPVR=m
3179CONFIG_VIDEO_EM28XX=m
3180CONFIG_VIDEO_EM28XX_ALSA=m
3181CONFIG_VIDEO_EM28XX_DVB=m
3182CONFIG_VIDEO_TLG2300=m
3183CONFIG_VIDEO_CX231XX=m
3184CONFIG_VIDEO_CX231XX_RC=y
3185CONFIG_VIDEO_CX231XX_ALSA=m
3186CONFIG_VIDEO_CX231XX_DVB=m
3187CONFIG_VIDEO_USBVISION=m
3188CONFIG_USB_ET61X251=m
3189CONFIG_USB_SN9C102=m
3190# CONFIG_USB_PWC is not set
3191CONFIG_USB_ZR364XX=m
3192CONFIG_USB_STKWEBCAM=m
3193CONFIG_USB_S2255=m
3194CONFIG_V4L_MEM2MEM_DRIVERS=y
3195CONFIG_VIDEO_MEM2MEM_TESTDEV=m
3196CONFIG_RADIO_ADAPTERS=y
3197CONFIG_RADIO_MAXIRADIO=m
3198CONFIG_RADIO_MAESTRO=m
3199# CONFIG_I2C_SI4713 is not set
3200# CONFIG_RADIO_SI4713 is not set
3201CONFIG_USB_DSBR=m
3202# CONFIG_RADIO_SI470X is not set
3203CONFIG_USB_MR800=m
3204CONFIG_RADIO_TEA5764=m
3205CONFIG_RADIO_SAA7706H=m
3206CONFIG_RADIO_TEF6862=m
3207CONFIG_RADIO_TIMBERDALE=m
3208CONFIG_RADIO_WL1273=m
3209CONFIG_DVB_MAX_ADAPTERS=8
3210# CONFIG_DVB_DYNAMIC_MINORS is not set
3211CONFIG_DVB_CAPTURE_DRIVERS=y
3212
3213#
3214# Supported SAA7146 based PCI Adapters
3215#
3216CONFIG_TTPCI_EEPROM=m
3217CONFIG_DVB_AV7110=m
3218CONFIG_DVB_AV7110_OSD=y
3219CONFIG_DVB_BUDGET_CORE=m
3220CONFIG_DVB_BUDGET=m
3221CONFIG_DVB_BUDGET_CI=m
3222CONFIG_DVB_BUDGET_AV=m
3223CONFIG_DVB_BUDGET_PATCH=m
3224
3225#
3226# Supported USB Adapters
3227#
3228CONFIG_DVB_USB=m
3229# CONFIG_DVB_USB_DEBUG is not set
3230CONFIG_DVB_USB_A800=m
3231CONFIG_DVB_USB_DIBUSB_MB=m
3232# CONFIG_DVB_USB_DIBUSB_MB_FAULTY is not set
3233CONFIG_DVB_USB_DIBUSB_MC=m
3234CONFIG_DVB_USB_DIB0700=m
3235CONFIG_DVB_USB_UMT_010=m
3236CONFIG_DVB_USB_CXUSB=m
3237CONFIG_DVB_USB_M920X=m
3238CONFIG_DVB_USB_GL861=m
3239CONFIG_DVB_USB_AU6610=m
3240CONFIG_DVB_USB_DIGITV=m
3241CONFIG_DVB_USB_VP7045=m
3242CONFIG_DVB_USB_VP702X=m
3243CONFIG_DVB_USB_GP8PSK=m
3244CONFIG_DVB_USB_NOVA_T_USB2=m
3245CONFIG_DVB_USB_TTUSB2=m
3246CONFIG_DVB_USB_DTT200U=m
3247CONFIG_DVB_USB_OPERA1=m
3248CONFIG_DVB_USB_AF9005=m
3249CONFIG_DVB_USB_AF9005_REMOTE=m
3250CONFIG_DVB_USB_DW2102=m
3251CONFIG_DVB_USB_CINERGY_T2=m
3252CONFIG_DVB_USB_ANYSEE=m
3253CONFIG_DVB_USB_DTV5100=m
3254CONFIG_DVB_USB_AF9015=m
3255CONFIG_DVB_USB_CE6230=m
3256# CONFIG_DVB_USB_FRIIO is not set
3257CONFIG_DVB_USB_EC168=m
3258CONFIG_DVB_USB_AZ6027=m
3259# CONFIG_DVB_USB_LME2510 is not set
3260CONFIG_DVB_TTUSB_BUDGET=m
3261CONFIG_DVB_TTUSB_DEC=m
3262CONFIG_SMS_SIANO_MDTV=m
3263
3264#
3265# Siano module components
3266#
3267CONFIG_SMS_USB_DRV=m
3268CONFIG_SMS_SDIO_DRV=m
3269
3270#
3271# Supported FlexCopII (B2C2) Adapters
3272#
3273CONFIG_DVB_B2C2_FLEXCOP=m
3274CONFIG_DVB_B2C2_FLEXCOP_PCI=m
3275CONFIG_DVB_B2C2_FLEXCOP_USB=m
3276# CONFIG_DVB_B2C2_FLEXCOP_DEBUG is not set
3277
3278#
3279# Supported BT878 Adapters
3280#
3281CONFIG_DVB_BT8XX=m
3282
3283#
3284# Supported Pluto2 Adapters
3285#
3286CONFIG_DVB_PLUTO2=m
3287
3288#
3289# Supported SDMC DM1105 Adapters
3290#
3291CONFIG_DVB_DM1105=m
3292CONFIG_DVB_FIREDTV=m
3293CONFIG_DVB_FIREDTV_FIREWIRE=y
3294# CONFIG_DVB_FIREDTV_IEEE1394 is not set
3295CONFIG_DVB_FIREDTV_INPUT=y
3296
3297#
3298# Supported Earthsoft PT1 Adapters
3299#
3300# CONFIG_DVB_PT1 is not set
3301
3302#
3303# Supported Mantis Adapters
3304#
3305CONFIG_MANTIS_CORE=m
3306CONFIG_DVB_MANTIS=m
3307CONFIG_DVB_HOPPER=m
3308
3309#
3310# Supported nGene Adapters
3311#
3312CONFIG_DVB_NGENE=m
3313
3314#
3315# Supported DVB Frontends
3316#
3317# CONFIG_DVB_FE_CUSTOMISE is not set
3318
3319#
3320# Multistandard (satellite) frontends
3321#
3322CONFIG_DVB_STB0899=m
3323CONFIG_DVB_STB6100=m
3324CONFIG_DVB_STV090x=m
3325CONFIG_DVB_STV6110x=m
3326
3327#
3328# DVB-S (satellite) frontends
3329#
3330CONFIG_DVB_CX24110=m
3331CONFIG_DVB_CX24123=m
3332CONFIG_DVB_MT312=m
3333CONFIG_DVB_ZL10036=m
3334CONFIG_DVB_ZL10039=m
3335CONFIG_DVB_S5H1420=m
3336CONFIG_DVB_STV0288=m
3337CONFIG_DVB_STB6000=m
3338CONFIG_DVB_STV0299=m
3339CONFIG_DVB_STV6110=m
3340CONFIG_DVB_STV0900=m
3341CONFIG_DVB_TDA8083=m
3342CONFIG_DVB_TDA10086=m
3343CONFIG_DVB_TDA8261=m
3344CONFIG_DVB_VES1X93=m
3345CONFIG_DVB_TUNER_ITD1000=m
3346CONFIG_DVB_TUNER_CX24113=m
3347CONFIG_DVB_TDA826X=m
3348CONFIG_DVB_TUA6100=m
3349CONFIG_DVB_CX24116=m
3350CONFIG_DVB_SI21XX=m
3351CONFIG_DVB_DS3000=m
3352CONFIG_DVB_MB86A16=m
3353
3354#
3355# DVB-T (terrestrial) frontends
3356#
3357CONFIG_DVB_SP8870=m
3358CONFIG_DVB_SP887X=m
3359CONFIG_DVB_CX22700=m
3360CONFIG_DVB_CX22702=m
3361CONFIG_DVB_L64781=m
3362CONFIG_DVB_TDA1004X=m
3363CONFIG_DVB_NXT6000=m
3364CONFIG_DVB_MT352=m
3365CONFIG_DVB_ZL10353=m
3366CONFIG_DVB_DIB3000MB=m
3367CONFIG_DVB_DIB3000MC=m
3368CONFIG_DVB_DIB7000M=m
3369CONFIG_DVB_DIB7000P=m
3370CONFIG_DVB_TDA10048=m
3371CONFIG_DVB_AF9013=m
3372CONFIG_DVB_EC100=m
3373
3374#
3375# DVB-C (cable) frontends
3376#
3377CONFIG_DVB_VES1820=m
3378CONFIG_DVB_TDA10021=m
3379CONFIG_DVB_TDA10023=m
3380CONFIG_DVB_STV0297=m
3381
3382#
3383# ATSC (North American/Korean Terrestrial/Cable DTV) frontends
3384#
3385CONFIG_DVB_NXT200X=m
3386CONFIG_DVB_OR51211=m
3387CONFIG_DVB_OR51132=m
3388CONFIG_DVB_BCM3510=m
3389CONFIG_DVB_LGDT330X=m
3390CONFIG_DVB_LGDT3305=m
3391CONFIG_DVB_S5H1409=m
3392CONFIG_DVB_AU8522=m
3393CONFIG_DVB_S5H1411=m
3394
3395#
3396# ISDB-T (terrestrial) frontends
3397#
3398CONFIG_DVB_S921=m
3399CONFIG_DVB_DIB8000=m
3400CONFIG_DVB_MB86A20S=m
3401
3402#
3403# Digital terrestrial only tuners/PLL
3404#
3405CONFIG_DVB_PLL=m
3406CONFIG_DVB_TUNER_DIB0070=m
3407CONFIG_DVB_TUNER_DIB0090=m
3408
3409#
3410# SEC control devices for DVB-S
3411#
3412CONFIG_DVB_LNBP21=m
3413CONFIG_DVB_ISL6405=m
3414CONFIG_DVB_ISL6421=m
3415CONFIG_DVB_ISL6423=m
3416CONFIG_DVB_LGS8GXX=m
3417CONFIG_DVB_ATBM8830=m
3418CONFIG_DVB_TDA665x=m
3419
3420#
3421# Tools to develop new frontends
3422#
3423# CONFIG_DVB_DUMMY_FE is not set
3424
3425#
3426# Graphics support
3427#
3428CONFIG_AGP=m
3429CONFIG_AGP_AMD64=m
3430CONFIG_AGP_INTEL=m
3431CONFIG_AGP_SIS=m
3432CONFIG_AGP_VIA=m
3433# CONFIG_VGA_ARB is not set
3434CONFIG_VGA_SWITCHEROO=y
3435CONFIG_DRM=m
3436CONFIG_DRM_KMS_HELPER=m
3437CONFIG_DRM_TTM=m
3438CONFIG_DRM_TDFX=m
3439CONFIG_DRM_R128=m
3440CONFIG_DRM_RADEON=m
3441# CONFIG_DRM_RADEON_KMS is not set
3442CONFIG_DRM_I810=m
3443CONFIG_DRM_I830=m
3444CONFIG_DRM_I915=m
3445# CONFIG_DRM_I915_KMS is not set
3446CONFIG_DRM_MGA=m
3447CONFIG_DRM_SIS=m
3448CONFIG_DRM_VIA=m
3449CONFIG_DRM_SAVAGE=m
3450# CONFIG_STUB_POULSBO is not set
3451CONFIG_VGASTATE=m
3452CONFIG_VIDEO_OUTPUT_CONTROL=m
3453CONFIG_FB=m
3454# CONFIG_FIRMWARE_EDID is not set
3455CONFIG_FB_DDC=m
3456# CONFIG_FB_BOOT_VESA_SUPPORT is not set
3457CONFIG_FB_CFB_FILLRECT=m
3458CONFIG_FB_CFB_COPYAREA=m
3459CONFIG_FB_CFB_IMAGEBLIT=m
3460# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
3461CONFIG_FB_SYS_FILLRECT=m
3462CONFIG_FB_SYS_COPYAREA=m
3463CONFIG_FB_SYS_IMAGEBLIT=m
3464# CONFIG_FB_FOREIGN_ENDIAN is not set
3465CONFIG_FB_SYS_FOPS=m
3466# CONFIG_FB_WMT_GE_ROPS is not set
3467CONFIG_FB_DEFERRED_IO=y
3468CONFIG_FB_HECUBA=m
3469CONFIG_FB_SVGALIB=m
3470# CONFIG_FB_MACMODES is not set
3471CONFIG_FB_BACKLIGHT=y
3472CONFIG_FB_MODE_HELPERS=y
3473CONFIG_FB_TILEBLITTING=y
3474
3475#
3476# Frame buffer hardware drivers
3477#
3478CONFIG_FB_CIRRUS=m
3479CONFIG_FB_PM2=m
3480CONFIG_FB_PM2_FIFO_DISCONNECT=y
3481CONFIG_FB_CYBER2000=m
3482CONFIG_FB_ARC=m
3483CONFIG_FB_VGA16=m
3484CONFIG_FB_UVESA=m
3485CONFIG_FB_N411=m
3486CONFIG_FB_HGA=m
3487CONFIG_FB_S1D13XXX=m
3488CONFIG_FB_NVIDIA=m
3489CONFIG_FB_NVIDIA_I2C=y
3490# CONFIG_FB_NVIDIA_DEBUG is not set
3491CONFIG_FB_NVIDIA_BACKLIGHT=y
3492CONFIG_FB_RIVA=m
3493CONFIG_FB_RIVA_I2C=y
3494# CONFIG_FB_RIVA_DEBUG is not set
3495CONFIG_FB_RIVA_BACKLIGHT=y
3496CONFIG_FB_LE80578=m
3497CONFIG_FB_CARILLO_RANCH=m
3498CONFIG_FB_INTEL=m
3499# CONFIG_FB_INTEL_DEBUG is not set
3500CONFIG_FB_INTEL_I2C=y
3501CONFIG_FB_MATROX=m
3502CONFIG_FB_MATROX_MILLENIUM=y
3503CONFIG_FB_MATROX_MYSTIQUE=y
3504CONFIG_FB_MATROX_G=y
3505CONFIG_FB_MATROX_I2C=m
3506CONFIG_FB_MATROX_MAVEN=m
3507CONFIG_FB_RADEON=m
3508CONFIG_FB_RADEON_I2C=y
3509CONFIG_FB_RADEON_BACKLIGHT=y
3510# CONFIG_FB_RADEON_DEBUG is not set
3511CONFIG_FB_ATY128=m
3512CONFIG_FB_ATY128_BACKLIGHT=y
3513CONFIG_FB_ATY=m
3514CONFIG_FB_ATY_CT=y
3515CONFIG_FB_ATY_GENERIC_LCD=y
3516CONFIG_FB_ATY_GX=y
3517CONFIG_FB_ATY_BACKLIGHT=y
3518CONFIG_FB_S3=m
3519CONFIG_FB_SAVAGE=m
3520CONFIG_FB_SAVAGE_I2C=y
3521CONFIG_FB_SAVAGE_ACCEL=y
3522CONFIG_FB_SIS=m
3523CONFIG_FB_SIS_300=y
3524CONFIG_FB_SIS_315=y
3525CONFIG_FB_VIA=m
3526# CONFIG_FB_VIA_DIRECT_PROCFS is not set
3527CONFIG_FB_NEOMAGIC=m
3528CONFIG_FB_KYRO=m
3529CONFIG_FB_3DFX=m
3530CONFIG_FB_3DFX_ACCEL=y
3531CONFIG_FB_3DFX_I2C=y
3532CONFIG_FB_VOODOO1=m
3533CONFIG_FB_VT8623=m
3534CONFIG_FB_TRIDENT=m
3535CONFIG_FB_ARK=m
3536CONFIG_FB_PM3=m
3537CONFIG_FB_CARMINE=m
3538CONFIG_FB_CARMINE_DRAM_EVAL=y
3539# CONFIG_CARMINE_DRAM_CUSTOM is not set
3540CONFIG_FB_GEODE=y
3541CONFIG_FB_GEODE_LX=m
3542CONFIG_FB_GEODE_GX=m
3543CONFIG_FB_GEODE_GX1=m
3544CONFIG_FB_TMIO=m
3545CONFIG_FB_TMIO_ACCELL=y
3546CONFIG_FB_SM501=m
3547# CONFIG_FB_UDL is not set
3548# CONFIG_FB_VIRTUAL is not set
3549CONFIG_XEN_FBDEV_FRONTEND=m
3550CONFIG_FB_METRONOME=m
3551CONFIG_FB_MB862XX=m
3552# CONFIG_FB_MB862XX_PCI_GDC is not set
3553CONFIG_FB_BROADSHEET=m
3554CONFIG_BACKLIGHT_LCD_SUPPORT=y
3555CONFIG_LCD_CLASS_DEVICE=m
3556CONFIG_LCD_L4F00242T03=m
3557CONFIG_LCD_LMS283GF05=m
3558CONFIG_LCD_LTV350QV=m
3559CONFIG_LCD_ILI9320=m
3560CONFIG_LCD_TDO24M=m
3561CONFIG_LCD_VGG2432A4=m
3562CONFIG_LCD_PLATFORM=m
3563CONFIG_LCD_S6E63M0=m
3564CONFIG_BACKLIGHT_CLASS_DEVICE=m
3565CONFIG_BACKLIGHT_GENERIC=m
3566CONFIG_BACKLIGHT_PROGEAR=m
3567CONFIG_BACKLIGHT_CARILLO_RANCH=m
3568CONFIG_BACKLIGHT_MBP_NVIDIA=m
3569CONFIG_BACKLIGHT_SAHARA=m
3570CONFIG_BACKLIGHT_ADP8860=m
3571CONFIG_BACKLIGHT_PCF50633=m
3572
3573#
3574# Display device support
3575#
3576CONFIG_DISPLAY_SUPPORT=m
3577
3578#
3579# Display hardware drivers
3580#
3581
3582#
3583# Console display driver support
3584#
3585CONFIG_VGA_CONSOLE=y
3586# CONFIG_VGACON_SOFT_SCROLLBACK is not set
3587CONFIG_DUMMY_CONSOLE=y
3588CONFIG_FRAMEBUFFER_CONSOLE=m
3589CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
3590CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
3591# CONFIG_FONTS is not set
3592CONFIG_FONT_8x8=y
3593CONFIG_FONT_8x16=y
3594# CONFIG_LOGO is not set
3595CONFIG_SOUND=m
3596CONFIG_SOUND_OSS_CORE=y
3597CONFIG_SOUND_OSS_CORE_PRECLAIM=y
3598CONFIG_SND=m
3599CONFIG_SND_TIMER=m
3600CONFIG_SND_PCM=m
3601CONFIG_SND_HWDEP=m
3602CONFIG_SND_RAWMIDI=m
3603CONFIG_SND_JACK=y
3604CONFIG_SND_SEQUENCER=m
3605CONFIG_SND_SEQ_DUMMY=m
3606CONFIG_SND_OSSEMUL=y
3607CONFIG_SND_MIXER_OSS=m
3608CONFIG_SND_PCM_OSS=m
3609CONFIG_SND_PCM_OSS_PLUGINS=y
3610CONFIG_SND_SEQUENCER_OSS=y
3611CONFIG_SND_HRTIMER=m
3612CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
3613CONFIG_SND_DYNAMIC_MINORS=y
3614# CONFIG_SND_SUPPORT_OLD_API is not set
3615# CONFIG_SND_VERBOSE_PROCFS is not set
3616# CONFIG_SND_VERBOSE_PRINTK is not set
3617# CONFIG_SND_DEBUG is not set
3618CONFIG_SND_VMASTER=y
3619CONFIG_SND_DMA_SGBUF=y
3620CONFIG_SND_RAWMIDI_SEQ=m
3621CONFIG_SND_OPL3_LIB_SEQ=m
3622# CONFIG_SND_OPL4_LIB_SEQ is not set
3623# CONFIG_SND_SBAWE_SEQ is not set
3624CONFIG_SND_EMU10K1_SEQ=m
3625CONFIG_SND_MPU401_UART=m
3626CONFIG_SND_OPL3_LIB=m
3627CONFIG_SND_VX_LIB=m
3628CONFIG_SND_AC97_CODEC=m
3629CONFIG_SND_DRIVERS=y
3630CONFIG_SND_PCSP=m
3631CONFIG_SND_DUMMY=m
3632# CONFIG_SND_ALOOP is not set
3633CONFIG_SND_VIRMIDI=m
3634CONFIG_SND_MTPAV=m
3635CONFIG_SND_MTS64=m
3636CONFIG_SND_SERIAL_U16550=m
3637CONFIG_SND_MPU401=m
3638CONFIG_SND_PORTMAN2X4=m
3639CONFIG_SND_AC97_POWER_SAVE=y
3640CONFIG_SND_AC97_POWER_SAVE_DEFAULT=0
3641CONFIG_SND_SB_COMMON=m
3642CONFIG_SND_SB16_DSP=m
3643CONFIG_SND_PCI=y
3644CONFIG_SND_AD1889=m
3645CONFIG_SND_ALS300=m
3646CONFIG_SND_ALS4000=m
3647CONFIG_SND_ALI5451=m
3648CONFIG_SND_ASIHPI=m
3649CONFIG_SND_ATIIXP=m
3650CONFIG_SND_ATIIXP_MODEM=m
3651CONFIG_SND_AU8810=m
3652CONFIG_SND_AU8820=m
3653CONFIG_SND_AU8830=m
3654CONFIG_SND_AW2=m
3655CONFIG_SND_AZT3328=m
3656CONFIG_SND_BT87X=m
3657# CONFIG_SND_BT87X_OVERCLOCK is not set
3658CONFIG_SND_CA0106=m
3659CONFIG_SND_CMIPCI=m
3660CONFIG_SND_OXYGEN_LIB=m
3661CONFIG_SND_OXYGEN=m
3662CONFIG_SND_CS4281=m
3663CONFIG_SND_CS46XX=m
3664CONFIG_SND_CS46XX_NEW_DSP=y
3665CONFIG_SND_CS5530=m
3666CONFIG_SND_CS5535AUDIO=m
3667CONFIG_SND_CTXFI=m
3668CONFIG_SND_DARLA20=m
3669CONFIG_SND_GINA20=m
3670CONFIG_SND_LAYLA20=m
3671CONFIG_SND_DARLA24=m
3672CONFIG_SND_GINA24=m
3673CONFIG_SND_LAYLA24=m
3674CONFIG_SND_MONA=m
3675CONFIG_SND_MIA=m
3676CONFIG_SND_ECHO3G=m
3677CONFIG_SND_INDIGO=m
3678CONFIG_SND_INDIGOIO=m
3679CONFIG_SND_INDIGODJ=m
3680CONFIG_SND_INDIGOIOX=m
3681CONFIG_SND_INDIGODJX=m
3682CONFIG_SND_EMU10K1=m
3683CONFIG_SND_EMU10K1X=m
3684CONFIG_SND_ENS1370=m
3685CONFIG_SND_ENS1371=m
3686CONFIG_SND_ES1938=m
3687CONFIG_SND_ES1968=m
3688CONFIG_SND_ES1968_INPUT=y
3689CONFIG_SND_FM801=m
3690# CONFIG_SND_FM801_TEA575X_BOOL is not set
3691CONFIG_SND_HDA_INTEL=m
3692CONFIG_SND_HDA_HWDEP=y
3693# CONFIG_SND_HDA_RECONFIG is not set
3694CONFIG_SND_HDA_INPUT_BEEP=y
3695CONFIG_SND_HDA_INPUT_BEEP_MODE=0
3696CONFIG_SND_HDA_INPUT_JACK=y
3697# CONFIG_SND_HDA_PATCH_LOADER is not set
3698CONFIG_SND_HDA_CODEC_REALTEK=y
3699CONFIG_SND_HDA_CODEC_ANALOG=y
3700CONFIG_SND_HDA_CODEC_SIGMATEL=y
3701CONFIG_SND_HDA_CODEC_VIA=y
3702CONFIG_SND_HDA_CODEC_HDMI=y
3703CONFIG_SND_HDA_CODEC_CIRRUS=y
3704CONFIG_SND_HDA_CODEC_CONEXANT=y
3705CONFIG_SND_HDA_CODEC_CA0110=y
3706CONFIG_SND_HDA_CODEC_CMEDIA=y
3707CONFIG_SND_HDA_CODEC_SI3054=y
3708CONFIG_SND_HDA_GENERIC=y
3709# CONFIG_SND_HDA_POWER_SAVE is not set
3710CONFIG_SND_HDSP=m
3711CONFIG_SND_HDSPM=m
3712CONFIG_SND_ICE1712=m
3713CONFIG_SND_ICE1724=m
3714CONFIG_SND_INTEL8X0=m
3715CONFIG_SND_INTEL8X0M=m
3716CONFIG_SND_KORG1212=m
3717CONFIG_SND_LX6464ES=m
3718CONFIG_SND_MAESTRO3=m
3719CONFIG_SND_MAESTRO3_INPUT=y
3720CONFIG_SND_MIXART=m
3721CONFIG_SND_NM256=m
3722CONFIG_SND_PCXHR=m
3723CONFIG_SND_RIPTIDE=m
3724CONFIG_SND_RME32=m
3725CONFIG_SND_RME96=m
3726CONFIG_SND_RME9652=m
3727CONFIG_SND_SONICVIBES=m
3728CONFIG_SND_TRIDENT=m
3729CONFIG_SND_VIA82XX=m
3730CONFIG_SND_VIA82XX_MODEM=m
3731CONFIG_SND_VIRTUOSO=m
3732CONFIG_SND_VX222=m
3733CONFIG_SND_YMFPCI=m
3734CONFIG_SND_SPI=y
3735CONFIG_SND_USB=y
3736CONFIG_SND_USB_AUDIO=m
3737CONFIG_SND_USB_UA101=m
3738CONFIG_SND_USB_USX2Y=m
3739CONFIG_SND_USB_CAIAQ=m
3740# CONFIG_SND_USB_CAIAQ_INPUT is not set
3741CONFIG_SND_USB_US122L=m
3742CONFIG_SND_PCMCIA=y
3743CONFIG_SND_VXPOCKET=m
3744CONFIG_SND_PDAUDIOCF=m
3745CONFIG_SND_SOC=m
3746# CONFIG_SND_SOC_CACHE_LZO is not set
3747CONFIG_SND_SOC_I2C_AND_SPI=m
3748CONFIG_SND_SOC_ALL_CODECS=m
3749CONFIG_SND_SOC_WM_HUBS=m
3750CONFIG_SND_SOC_AD1836=m
3751CONFIG_SND_SOC_AD193X=m
3752CONFIG_SND_SOC_AD73311=m
3753CONFIG_SND_SOC_ADS117X=m
3754CONFIG_SND_SOC_AK4104=m
3755CONFIG_SND_SOC_AK4535=m
3756CONFIG_SND_SOC_AK4642=m
3757CONFIG_SND_SOC_AK4671=m
3758CONFIG_SND_SOC_ALC5623=m
3759CONFIG_SND_SOC_CS42L51=m
3760CONFIG_SND_SOC_CS4270=m
3761CONFIG_SND_SOC_CX20442=m
3762CONFIG_SND_SOC_L3=m
3763CONFIG_SND_SOC_DA7210=m
3764CONFIG_SND_SOC_MAX98088=m
3765CONFIG_SND_SOC_PCM3008=m
3766CONFIG_SND_SOC_SPDIF=m
3767CONFIG_SND_SOC_SSM2602=m
3768CONFIG_SND_SOC_TLV320AIC23=m
3769CONFIG_SND_SOC_TLV320AIC26=m
3770CONFIG_SND_SOC_TLV320AIC3X=m
3771CONFIG_SND_SOC_TLV320DAC33=m
3772CONFIG_SND_SOC_UDA134X=m
3773CONFIG_SND_SOC_UDA1380=m
3774CONFIG_SND_SOC_WL1273=m
3775CONFIG_SND_SOC_WM8400=m
3776CONFIG_SND_SOC_WM8510=m
3777CONFIG_SND_SOC_WM8523=m
3778CONFIG_SND_SOC_WM8580=m
3779CONFIG_SND_SOC_WM8711=m
3780CONFIG_SND_SOC_WM8727=m
3781CONFIG_SND_SOC_WM8728=m
3782CONFIG_SND_SOC_WM8731=m
3783CONFIG_SND_SOC_WM8737=m
3784CONFIG_SND_SOC_WM8741=m
3785CONFIG_SND_SOC_WM8750=m
3786CONFIG_SND_SOC_WM8753=m
3787CONFIG_SND_SOC_WM8770=m
3788CONFIG_SND_SOC_WM8776=m
3789CONFIG_SND_SOC_WM8804=m
3790CONFIG_SND_SOC_WM8900=m
3791CONFIG_SND_SOC_WM8903=m
3792CONFIG_SND_SOC_WM8904=m
3793CONFIG_SND_SOC_WM8940=m
3794CONFIG_SND_SOC_WM8955=m
3795CONFIG_SND_SOC_WM8960=m
3796CONFIG_SND_SOC_WM8961=m
3797CONFIG_SND_SOC_WM8962=m
3798CONFIG_SND_SOC_WM8971=m
3799CONFIG_SND_SOC_WM8974=m
3800CONFIG_SND_SOC_WM8978=m
3801CONFIG_SND_SOC_WM8985=m
3802CONFIG_SND_SOC_WM8988=m
3803CONFIG_SND_SOC_WM8990=m
3804CONFIG_SND_SOC_WM8993=m
3805CONFIG_SND_SOC_WM8995=m
3806CONFIG_SND_SOC_WM9081=m
3807CONFIG_SND_SOC_MAX9877=m
3808CONFIG_SND_SOC_TPA6130A2=m
3809CONFIG_SND_SOC_WM2000=m
3810CONFIG_SND_SOC_WM9090=m
3811# CONFIG_SOUND_PRIME is not set
3812CONFIG_AC97_BUS=m
3813CONFIG_HID_SUPPORT=y
3814CONFIG_HID=m
3815CONFIG_HIDRAW=y
3816
3817#
3818# USB Input Devices
3819#
3820CONFIG_USB_HID=m
3821# CONFIG_HID_PID is not set
3822# CONFIG_USB_HIDDEV is not set
3823
3824#
3825# USB HID Boot Protocol drivers
3826#
3827CONFIG_USB_KBD=m
3828CONFIG_USB_MOUSE=m
3829
3830#
3831# Special HID drivers
3832#
3833CONFIG_HID_3M_PCT=m
3834# CONFIG_HID_A4TECH is not set
3835# CONFIG_HID_ACRUX is not set
3836# CONFIG_HID_APPLE is not set
3837# CONFIG_HID_BELKIN is not set
3838CONFIG_HID_CANDO=m
3839# CONFIG_HID_CHERRY is not set
3840# CONFIG_HID_CHICONY is not set
3841CONFIG_HID_PRODIKEYS=m
3842# CONFIG_HID_CYPRESS is not set
3843# CONFIG_HID_DRAGONRISE is not set
3844# CONFIG_HID_EMS_FF is not set
3845CONFIG_HID_EGALAX=m
3846# CONFIG_HID_ELECOM is not set
3847# CONFIG_HID_EZKEY is not set
3848# CONFIG_HID_KYE is not set
3849# CONFIG_HID_UCLOGIC is not set
3850# CONFIG_HID_WALTOP is not set
3851# CONFIG_HID_GYRATION is not set
3852# CONFIG_HID_TWINHAN is not set
3853# CONFIG_HID_KENSINGTON is not set
3854# CONFIG_HID_LOGITECH is not set
3855CONFIG_HID_MAGICMOUSE=m
3856# CONFIG_HID_MICROSOFT is not set
3857CONFIG_HID_MOSART=m
3858# CONFIG_HID_MONTEREY is not set
3859CONFIG_HID_MULTITOUCH=m
3860# CONFIG_HID_NTRIG is not set
3861CONFIG_HID_ORTEK=m
3862# CONFIG_HID_PANTHERLORD is not set
3863# CONFIG_HID_PETALYNX is not set
3864CONFIG_HID_PICOLCD=m
3865CONFIG_HID_PICOLCD_FB=y
3866CONFIG_HID_PICOLCD_BACKLIGHT=y
3867CONFIG_HID_PICOLCD_LCD=y
3868CONFIG_HID_PICOLCD_LEDS=y
3869CONFIG_HID_QUANTA=m
3870CONFIG_HID_ROCCAT=m
3871CONFIG_HID_ROCCAT_KONE=m
3872CONFIG_HID_ROCCAT_KONEPLUS=m
3873# CONFIG_HID_ROCCAT_PYRA is not set
3874# CONFIG_HID_SAMSUNG is not set
3875CONFIG_HID_SONY=m
3876CONFIG_HID_STANTUM=m
3877# CONFIG_HID_SUNPLUS is not set
3878# CONFIG_HID_GREENASIA is not set
3879# CONFIG_HID_SMARTJOYPLUS is not set
3880# CONFIG_HID_TOPSEED is not set
3881# CONFIG_HID_THRUSTMASTER is not set
3882# CONFIG_HID_WACOM is not set
3883# CONFIG_HID_ZEROPLUS is not set
3884CONFIG_HID_ZYDACRON=m
3885CONFIG_USB_SUPPORT=y
3886CONFIG_USB_ARCH_HAS_HCD=y
3887CONFIG_USB_ARCH_HAS_OHCI=y
3888CONFIG_USB_ARCH_HAS_EHCI=y
3889CONFIG_USB=m
3890# CONFIG_USB_DEBUG is not set
3891CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
3892
3893#
3894# Miscellaneous USB options
3895#
3896CONFIG_USB_DEVICEFS=y
3897CONFIG_USB_DEVICE_CLASS=y
3898# CONFIG_USB_DYNAMIC_MINORS is not set
3899# CONFIG_USB_OTG_WHITELIST is not set
3900# CONFIG_USB_OTG_BLACKLIST_HUB is not set
3901CONFIG_USB_MON=m
3902CONFIG_USB_WUSB=m
3903CONFIG_USB_WUSB_CBAF=m
3904# CONFIG_USB_WUSB_CBAF_DEBUG is not set
3905
3906#
3907# USB Host Controller Drivers
3908#
3909CONFIG_USB_C67X00_HCD=m
3910CONFIG_USB_XHCI_HCD=m
3911# CONFIG_USB_XHCI_HCD_DEBUGGING is not set
3912CONFIG_USB_EHCI_HCD=m
3913# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
3914# CONFIG_USB_EHCI_TT_NEWSCHED is not set
3915CONFIG_USB_OXU210HP_HCD=m
3916CONFIG_USB_ISP116X_HCD=m
3917CONFIG_USB_ISP1760_HCD=m
3918CONFIG_USB_ISP1362_HCD=m
3919CONFIG_USB_OHCI_HCD=m
3920CONFIG_USB_OHCI_HCD_SSB=y
3921# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
3922# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
3923CONFIG_USB_OHCI_LITTLE_ENDIAN=y
3924CONFIG_USB_UHCI_HCD=m
3925CONFIG_USB_U132_HCD=m
3926CONFIG_USB_SL811_HCD=m
3927CONFIG_USB_SL811_CS=m
3928CONFIG_USB_R8A66597_HCD=m
3929CONFIG_USB_WHCI_HCD=m
3930CONFIG_USB_HWA_HCD=m
3931
3932#
3933# Enable Host or Gadget support to see Inventra options
3934#
3935
3936#
3937# USB Device Class drivers
3938#
3939CONFIG_USB_ACM=m
3940CONFIG_USB_PRINTER=m
3941CONFIG_USB_WDM=m
3942CONFIG_USB_TMC=m
3943
3944#
3945# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
3946#
3947
3948#
3949# also be needed; see USB_STORAGE Help for more info
3950#
3951CONFIG_USB_STORAGE=m
3952# CONFIG_USB_STORAGE_DEBUG is not set
3953CONFIG_USB_STORAGE_DATAFAB=m
3954CONFIG_USB_STORAGE_FREECOM=m
3955CONFIG_USB_STORAGE_ISD200=m
3956CONFIG_USB_STORAGE_USBAT=m
3957CONFIG_USB_STORAGE_SDDR09=m
3958CONFIG_USB_STORAGE_SDDR55=m
3959CONFIG_USB_STORAGE_JUMPSHOT=m
3960CONFIG_USB_STORAGE_ALAUDA=m
3961CONFIG_USB_STORAGE_ONETOUCH=m
3962CONFIG_USB_STORAGE_KARMA=m
3963CONFIG_USB_STORAGE_CYPRESS_ATACB=m
3964# CONFIG_USB_UAS is not set
3965CONFIG_USB_LIBUSUAL=y
3966
3967#
3968# USB Imaging devices
3969#
3970# CONFIG_USB_MDC800 is not set
3971# CONFIG_USB_MICROTEK is not set
3972
3973#
3974# USB port drivers
3975#
3976CONFIG_USB_USS720=m
3977CONFIG_USB_SERIAL=m
3978CONFIG_USB_EZUSB=y
3979CONFIG_USB_SERIAL_GENERIC=y
3980CONFIG_USB_SERIAL_AIRCABLE=m
3981CONFIG_USB_SERIAL_ARK3116=m
3982CONFIG_USB_SERIAL_BELKIN=m
3983CONFIG_USB_SERIAL_CH341=m
3984CONFIG_USB_SERIAL_WHITEHEAT=m
3985CONFIG_USB_SERIAL_DIGI_ACCELEPORT=m
3986CONFIG_USB_SERIAL_CP210X=m
3987CONFIG_USB_SERIAL_CYPRESS_M8=m
3988CONFIG_USB_SERIAL_EMPEG=m
3989CONFIG_USB_SERIAL_FTDI_SIO=m
3990CONFIG_USB_SERIAL_FUNSOFT=m
3991CONFIG_USB_SERIAL_VISOR=m
3992CONFIG_USB_SERIAL_IPAQ=m
3993CONFIG_USB_SERIAL_IR=m
3994CONFIG_USB_SERIAL_EDGEPORT=m
3995CONFIG_USB_SERIAL_EDGEPORT_TI=m
3996CONFIG_USB_SERIAL_GARMIN=m
3997CONFIG_USB_SERIAL_IPW=m
3998CONFIG_USB_SERIAL_IUU=m
3999CONFIG_USB_SERIAL_KEYSPAN_PDA=m
4000CONFIG_USB_SERIAL_KEYSPAN=m
4001CONFIG_USB_SERIAL_KLSI=m
4002CONFIG_USB_SERIAL_KOBIL_SCT=m
4003CONFIG_USB_SERIAL_MCT_U232=m
4004CONFIG_USB_SERIAL_MOS7720=m
4005CONFIG_USB_SERIAL_MOS7715_PARPORT=y
4006CONFIG_USB_SERIAL_MOS7840=m
4007CONFIG_USB_SERIAL_MOTOROLA=m
4008CONFIG_USB_SERIAL_NAVMAN=m
4009CONFIG_USB_SERIAL_PL2303=m
4010CONFIG_USB_SERIAL_OTI6858=m
4011CONFIG_USB_SERIAL_QCAUX=m
4012CONFIG_USB_SERIAL_QUALCOMM=m
4013CONFIG_USB_SERIAL_SPCP8X5=m
4014CONFIG_USB_SERIAL_HP4X=m
4015CONFIG_USB_SERIAL_SAFE=m
4016CONFIG_USB_SERIAL_SAFE_PADDED=y
4017# CONFIG_USB_SERIAL_SAMBA is not set
4018CONFIG_USB_SERIAL_SIEMENS_MPI=m
4019CONFIG_USB_SERIAL_SIERRAWIRELESS=m
4020CONFIG_USB_SERIAL_SYMBOL=m
4021CONFIG_USB_SERIAL_TI=m
4022CONFIG_USB_SERIAL_CYBERJACK=m
4023CONFIG_USB_SERIAL_XIRCOM=m
4024CONFIG_USB_SERIAL_WWAN=m
4025CONFIG_USB_SERIAL_OPTION=m
4026CONFIG_USB_SERIAL_OMNINET=m
4027CONFIG_USB_SERIAL_OPTICON=m
4028CONFIG_USB_SERIAL_VIVOPAY_SERIAL=m
4029CONFIG_USB_SERIAL_ZIO=m
4030# CONFIG_USB_SERIAL_SSU100 is not set
4031CONFIG_USB_SERIAL_DEBUG=m
4032
4033#
4034# USB Miscellaneous drivers
4035#
4036CONFIG_USB_EMI62=m
4037CONFIG_USB_EMI26=m
4038CONFIG_USB_ADUTUX=m
4039CONFIG_USB_SEVSEG=m
4040CONFIG_USB_RIO500=m
4041# CONFIG_USB_LEGOTOWER is not set
4042CONFIG_USB_LCD=m
4043CONFIG_USB_LED=m
4044CONFIG_USB_CYPRESS_CY7C63=m
4045CONFIG_USB_CYTHERM=m
4046CONFIG_USB_IDMOUSE=m
4047CONFIG_USB_FTDI_ELAN=m
4048# CONFIG_USB_APPLEDISPLAY is not set
4049CONFIG_USB_SISUSBVGA=m
4050CONFIG_USB_SISUSBVGA_CON=y
4051CONFIG_USB_LD=m
4052# CONFIG_USB_TRANCEVIBRATOR is not set
4053CONFIG_USB_IOWARRIOR=m
4054CONFIG_USB_TEST=m
4055CONFIG_USB_ISIGHTFW=m
4056# CONFIG_USB_YUREX is not set
4057CONFIG_USB_ATM=m
4058CONFIG_USB_SPEEDTOUCH=m
4059CONFIG_USB_CXACRU=m
4060CONFIG_USB_UEAGLEATM=m
4061CONFIG_USB_XUSBATM=m
4062# CONFIG_USB_GADGET is not set
4063
4064#
4065# OTG and related infrastructure
4066#
4067CONFIG_USB_OTG_UTILS=y
4068CONFIG_USB_GPIO_VBUS=m
4069CONFIG_NOP_USB_XCEIV=m
4070CONFIG_UWB=m
4071CONFIG_UWB_HWA=m
4072CONFIG_UWB_WHCI=m
4073CONFIG_UWB_I1480U=m
4074CONFIG_MMC=m
4075# CONFIG_MMC_DEBUG is not set
4076# CONFIG_MMC_UNSAFE_RESUME is not set
4077# CONFIG_MMC_CLKGATE is not set
4078
4079#
4080# MMC/SD/SDIO Card Drivers
4081#
4082CONFIG_MMC_BLOCK=m
4083CONFIG_MMC_BLOCK_MINORS=8
4084CONFIG_MMC_BLOCK_BOUNCE=y
4085CONFIG_SDIO_UART=m
4086CONFIG_MMC_TEST=m
4087
4088#
4089# MMC/SD/SDIO Host Controller Drivers
4090#
4091CONFIG_MMC_SDHCI=m
4092CONFIG_MMC_SDHCI_PCI=m
4093CONFIG_MMC_RICOH_MMC=y
4094CONFIG_MMC_SDHCI_PLTFM=m
4095CONFIG_MMC_WBSD=m
4096CONFIG_MMC_TIFM_SD=m
4097# CONFIG_MMC_SPI is not set
4098CONFIG_MMC_SDRICOH_CS=m
4099CONFIG_MMC_CB710=m
4100CONFIG_MMC_VIA_SDMMC=m
4101# CONFIG_MMC_USHC is not set
4102CONFIG_MEMSTICK=m
4103# CONFIG_MEMSTICK_DEBUG is not set
4104
4105#
4106# MemoryStick drivers
4107#
4108# CONFIG_MEMSTICK_UNSAFE_RESUME is not set
4109CONFIG_MSPRO_BLOCK=m
4110
4111#
4112# MemoryStick Host Controller Drivers
4113#
4114CONFIG_MEMSTICK_TIFM_MS=m
4115CONFIG_MEMSTICK_JMICRON_38X=m
4116CONFIG_NEW_LEDS=y
4117CONFIG_LEDS_CLASS=y
4118
4119#
4120# LED drivers
4121#
4122CONFIG_LEDS_NET5501=m
4123CONFIG_LEDS_ALIX2=m
4124CONFIG_LEDS_PCA9532=m
4125CONFIG_LEDS_GPIO=m
4126CONFIG_LEDS_GPIO_PLATFORM=y
4127CONFIG_LEDS_LP3944=m
4128# CONFIG_LEDS_LP5521 is not set
4129# CONFIG_LEDS_LP5523 is not set
4130CONFIG_LEDS_CLEVO_MAIL=m
4131CONFIG_LEDS_PCA955X=m
4132CONFIG_LEDS_DAC124S085=m
4133CONFIG_LEDS_REGULATOR=m
4134CONFIG_LEDS_BD2802=m
4135CONFIG_LEDS_INTEL_SS4200=m
4136CONFIG_LEDS_LT3593=m
4137CONFIG_LEDS_DELL_NETBOOKS=m
4138# CONFIG_LEDS_MC13783 is not set
4139CONFIG_LEDS_TRIGGERS=y
4140
4141#
4142# LED Triggers
4143#
4144CONFIG_LEDS_TRIGGER_TIMER=m
4145CONFIG_LEDS_TRIGGER_HEARTBEAT=m
4146CONFIG_LEDS_TRIGGER_BACKLIGHT=m
4147CONFIG_LEDS_TRIGGER_GPIO=m
4148CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
4149
4150#
4151# iptables trigger is under Netfilter config (LED target)
4152#
4153# CONFIG_NFC_DEVICES is not set
4154CONFIG_ACCESSIBILITY=y
4155# CONFIG_A11Y_BRAILLE_CONSOLE is not set
4156CONFIG_INFINIBAND=m
4157CONFIG_INFINIBAND_USER_MAD=m
4158CONFIG_INFINIBAND_USER_ACCESS=m
4159CONFIG_INFINIBAND_USER_MEM=y
4160CONFIG_INFINIBAND_ADDR_TRANS=y
4161CONFIG_INFINIBAND_MTHCA=m
4162# CONFIG_INFINIBAND_MTHCA_DEBUG is not set
4163# CONFIG_INFINIBAND_IPATH is not set
4164# CONFIG_INFINIBAND_QIB is not set
4165CONFIG_INFINIBAND_AMSO1100=m
4166# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
4167CONFIG_INFINIBAND_CXGB3=m
4168# CONFIG_INFINIBAND_CXGB3_DEBUG is not set
4169CONFIG_INFINIBAND_CXGB4=m
4170CONFIG_MLX4_INFINIBAND=m
4171CONFIG_INFINIBAND_NES=m
4172# CONFIG_INFINIBAND_NES_DEBUG is not set
4173CONFIG_INFINIBAND_IPOIB=m
4174# CONFIG_INFINIBAND_IPOIB_CM is not set
4175# CONFIG_INFINIBAND_IPOIB_DEBUG is not set
4176CONFIG_INFINIBAND_SRP=m
4177CONFIG_INFINIBAND_ISER=m
4178# CONFIG_EDAC is not set
4179CONFIG_RTC_LIB=m
4180CONFIG_RTC_CLASS=m
4181
4182#
4183# RTC interfaces
4184#
4185CONFIG_RTC_INTF_SYSFS=y
4186CONFIG_RTC_INTF_PROC=y
4187CONFIG_RTC_INTF_DEV=y
4188CONFIG_RTC_INTF_DEV_UIE_EMUL=y
4189CONFIG_RTC_DRV_TEST=m
4190
4191#
4192# I2C RTC drivers
4193#
4194CONFIG_RTC_DRV_DS1307=m
4195CONFIG_RTC_DRV_DS1374=m
4196CONFIG_RTC_DRV_DS1672=m
4197# CONFIG_RTC_DRV_DS3232 is not set
4198CONFIG_RTC_DRV_MAX6900=m
4199CONFIG_RTC_DRV_RS5C372=m
4200CONFIG_RTC_DRV_ISL1208=m
4201# CONFIG_RTC_DRV_ISL12022 is not set
4202CONFIG_RTC_DRV_X1205=m
4203CONFIG_RTC_DRV_PCF8563=m
4204CONFIG_RTC_DRV_PCF8583=m
4205CONFIG_RTC_DRV_M41T80=m
4206CONFIG_RTC_DRV_M41T80_WDT=y
4207CONFIG_RTC_DRV_BQ32K=m
4208CONFIG_RTC_DRV_S35390A=m
4209CONFIG_RTC_DRV_FM3130=m
4210CONFIG_RTC_DRV_RX8581=m
4211CONFIG_RTC_DRV_RX8025=m
4212
4213#
4214# SPI RTC drivers
4215#
4216CONFIG_RTC_DRV_M41T94=m
4217CONFIG_RTC_DRV_DS1305=m
4218CONFIG_RTC_DRV_DS1390=m
4219CONFIG_RTC_DRV_MAX6902=m
4220CONFIG_RTC_DRV_R9701=m
4221CONFIG_RTC_DRV_RS5C348=m
4222CONFIG_RTC_DRV_DS3234=m
4223CONFIG_RTC_DRV_PCF2123=m
4224
4225#
4226# Platform RTC drivers
4227#
4228CONFIG_RTC_DRV_CMOS=m
4229CONFIG_RTC_DRV_DS1286=m
4230CONFIG_RTC_DRV_DS1511=m
4231CONFIG_RTC_DRV_DS1553=m
4232CONFIG_RTC_DRV_DS1742=m
4233CONFIG_RTC_DRV_STK17TA8=m
4234CONFIG_RTC_DRV_M48T86=m
4235CONFIG_RTC_DRV_M48T35=m
4236CONFIG_RTC_DRV_M48T59=m
4237CONFIG_RTC_DRV_MSM6242=m
4238CONFIG_RTC_DRV_BQ4802=m
4239CONFIG_RTC_DRV_RP5C01=m
4240CONFIG_RTC_DRV_V3020=m
4241CONFIG_RTC_DRV_PCF50633=m
4242
4243#
4244# on-CPU RTC drivers
4245#
4246# CONFIG_RTC_DRV_MC13XXX is not set
4247CONFIG_DMADEVICES=y
4248# CONFIG_DMADEVICES_DEBUG is not set
4249
4250#
4251# DMA Devices
4252#
4253# CONFIG_INTEL_MID_DMAC is not set
4254CONFIG_INTEL_IOATDMA=m
4255CONFIG_TIMB_DMA=m
4256CONFIG_PCH_DMA=m
4257CONFIG_DMA_ENGINE=y
4258
4259#
4260# DMA Clients
4261#
4262CONFIG_NET_DMA=y
4263# CONFIG_ASYNC_TX_DMA is not set
4264CONFIG_DMATEST=m
4265CONFIG_DCA=m
4266CONFIG_AUXDISPLAY=y
4267CONFIG_KS0108=m
4268CONFIG_KS0108_PORT=0x378
4269CONFIG_KS0108_DELAY=2
4270CONFIG_CFAG12864B=m
4271CONFIG_CFAG12864B_RATE=20
4272CONFIG_UIO=m
4273CONFIG_UIO_CIF=m
4274CONFIG_UIO_PDRV=m
4275CONFIG_UIO_PDRV_GENIRQ=m
4276CONFIG_UIO_AEC=m
4277CONFIG_UIO_SERCOS3=m
4278# CONFIG_UIO_PCI_GENERIC is not set
4279CONFIG_UIO_NETX=m
4280
4281#
4282# Xen driver support
4283#
4284CONFIG_XEN_BALLOON=y
4285CONFIG_XEN_SCRUB_PAGES=y
4286CONFIG_XEN_DEV_EVTCHN=y
4287CONFIG_XEN_BACKEND=y
4288CONFIG_XENFS=y
4289CONFIG_XEN_COMPAT_XENFS=y
4290CONFIG_XEN_SYS_HYPERVISOR=y
4291CONFIG_XEN_XENBUS_FRONTEND=y
4292CONFIG_XEN_GNTDEV=m
4293CONFIG_XEN_PLATFORM_PCI=m
4294CONFIG_SWIOTLB_XEN=y
4295CONFIG_STAGING=y
4296# CONFIG_STAGING_EXCLUDE_BUILD is not set
4297# CONFIG_ET131X is not set
4298# CONFIG_SLICOSS is not set
4299# CONFIG_VIDEO_GO7007 is not set
4300# CONFIG_VIDEO_CX25821 is not set
4301# CONFIG_VIDEO_TM6000 is not set
4302CONFIG_USB_DABUSB=m
4303CONFIG_USB_SE401=m
4304# CONFIG_USB_VICAM is not set
4305# CONFIG_USB_IP_COMMON is not set
4306# CONFIG_W35UND is not set
4307# CONFIG_PRISM2_USB is not set
4308# CONFIG_ECHO is not set
4309CONFIG_BRCM80211=m
4310CONFIG_BRCM80211_PCI=y
4311# CONFIG_BRCMFMAC is not set
4312# CONFIG_RT2860 is not set
4313# CONFIG_RT2870 is not set
4314# CONFIG_COMEDI is not set
4315# CONFIG_ASUS_OLED is not set
4316# CONFIG_PANEL is not set
4317# CONFIG_R8187SE is not set
4318# CONFIG_RTL8192U is not set
4319# CONFIG_RTL8192E is not set
4320# CONFIG_R8712U is not set
4321# CONFIG_TRANZPORT is not set
4322# CONFIG_POHMELFS is not set
4323CONFIG_AUTOFS_FS=m
4324# CONFIG_IDE_PHISON is not set
4325# CONFIG_LINE6_USB is not set
4326CONFIG_DRM_VMWGFX=m
4327CONFIG_DRM_NOUVEAU=m
4328CONFIG_DRM_NOUVEAU_BACKLIGHT=y
4329CONFIG_DRM_NOUVEAU_DEBUG=y
4330
4331#
4332# I2C encoder or helper chips
4333#
4334# CONFIG_DRM_I2C_CH7006 is not set
4335CONFIG_DRM_I2C_SIL164=m
4336# CONFIG_USB_SERIAL_QUATECH2 is not set
4337# CONFIG_USB_SERIAL_QUATECH_USB2 is not set
4338# CONFIG_VT6655 is not set
4339# CONFIG_VT6656 is not set
4340CONFIG_HYPERV=m
4341CONFIG_HYPERV_STORAGE=m
4342CONFIG_HYPERV_BLOCK=m
4343CONFIG_HYPERV_NET=m
4344CONFIG_HYPERV_UTILS=m
4345# CONFIG_VME_BUS is not set
4346# CONFIG_DX_SEP is not set
4347# CONFIG_IIO is not set
4348# CONFIG_ZRAM is not set
4349# CONFIG_WLAGS49_H2 is not set
4350# CONFIG_WLAGS49_H25 is not set
4351# CONFIG_SAMSUNG_LAPTOP is not set
4352# CONFIG_FB_SM7XX is not set
4353# CONFIG_VIDEO_DT3155 is not set
4354# CONFIG_CRYSTALHD is not set
4355# CONFIG_CXT1E1 is not set
4356
4357#
4358# Texas Instruments shared transport line discipline
4359#
4360# CONFIG_ST_BT is not set
4361# CONFIG_FB_XGI is not set
4362# CONFIG_LIRC_STAGING is not set
4363# CONFIG_SMB_FS is not set
4364# CONFIG_EASYCAP is not set
4365# CONFIG_SOLO6X10 is not set
4366# CONFIG_ACPI_QUICKSTART is not set
4367CONFIG_MACH_NO_WESTBRIDGE=y
4368# CONFIG_SBE_2T3E3 is not set
4369# CONFIG_ATH6K_LEGACY is not set
4370# CONFIG_USB_ENESTORAGE is not set
4371# CONFIG_BCM_WIMAX is not set
4372# CONFIG_FT1000 is not set
4373
4374#
4375# Speakup console speech
4376#
4377# CONFIG_SPEAKUP is not set
4378# CONFIG_TOUCHSCREEN_CLEARPAD_TM1217 is not set
4379# CONFIG_TOUCHSCREEN_SYNAPTICS_I2C_RMI4 is not set
4380CONFIG_X86_PLATFORM_DEVICES=y
4381CONFIG_ACER_WMI=m
4382CONFIG_ASUS_LAPTOP=m
4383CONFIG_DELL_LAPTOP=m
4384CONFIG_DELL_WMI=m
4385CONFIG_FUJITSU_LAPTOP=m
4386# CONFIG_FUJITSU_LAPTOP_DEBUG is not set
4387CONFIG_HP_WMI=m
4388CONFIG_MSI_LAPTOP=m
4389CONFIG_PANASONIC_LAPTOP=m
4390CONFIG_COMPAL_LAPTOP=m
4391CONFIG_SONY_LAPTOP=m
4392# CONFIG_SONYPI_COMPAT is not set
4393# CONFIG_IDEAPAD_LAPTOP is not set
4394CONFIG_THINKPAD_ACPI=m
4395CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y
4396# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set
4397# CONFIG_THINKPAD_ACPI_DEBUG is not set
4398# CONFIG_THINKPAD_ACPI_UNSAFE_LEDS is not set
4399CONFIG_THINKPAD_ACPI_VIDEO=y
4400CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y
4401CONFIG_SENSORS_HDAPS=m
4402CONFIG_INTEL_MENLOW=m
4403CONFIG_EEEPC_LAPTOP=m
4404CONFIG_EEEPC_WMI=m
4405CONFIG_ACPI_WMI=m
4406CONFIG_MSI_WMI=m
4407CONFIG_ACPI_ASUS=m
4408# CONFIG_TOPSTAR_LAPTOP is not set
4409CONFIG_ACPI_TOSHIBA=m
4410CONFIG_TOSHIBA_BT_RFKILL=m
4411CONFIG_ACPI_CMPC=m
4412# CONFIG_INTEL_IPS is not set
4413# CONFIG_IBM_RTL is not set
4414
4415#
4416# Firmware Drivers
4417#
4418CONFIG_EDD=m
4419# CONFIG_EDD_OFF is not set
4420CONFIG_FIRMWARE_MEMMAP=y
4421CONFIG_DELL_RBU=m
4422CONFIG_DCDBAS=m
4423CONFIG_DMIID=y
4424# CONFIG_ISCSI_IBFT_FIND is not set
4425
4426#
4427# File systems
4428#
4429CONFIG_EXT2_FS=m
4430CONFIG_EXT2_FS_XATTR=y
4431CONFIG_EXT2_FS_POSIX_ACL=y
4432CONFIG_EXT2_FS_SECURITY=y
4433CONFIG_EXT2_FS_XIP=y
4434CONFIG_EXT3_FS=m
4435# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
4436CONFIG_EXT3_FS_XATTR=y
4437CONFIG_EXT3_FS_POSIX_ACL=y
4438CONFIG_EXT3_FS_SECURITY=y
4439CONFIG_EXT4_FS=m
4440CONFIG_EXT4_FS_XATTR=y
4441CONFIG_EXT4_FS_POSIX_ACL=y
4442CONFIG_EXT4_FS_SECURITY=y
4443# CONFIG_EXT4_DEBUG is not set
4444CONFIG_FS_XIP=y
4445CONFIG_JBD=m
4446# CONFIG_JBD_DEBUG is not set
4447CONFIG_JBD2=m
4448# CONFIG_JBD2_DEBUG is not set
4449CONFIG_FS_MBCACHE=m
4450CONFIG_REISERFS_FS=m
4451# CONFIG_REISERFS_CHECK is not set
4452CONFIG_REISERFS_PROC_INFO=y
4453CONFIG_REISERFS_FS_XATTR=y
4454CONFIG_REISERFS_FS_POSIX_ACL=y
4455# CONFIG_REISERFS_FS_SECURITY is not set
4456CONFIG_JFS_FS=m
4457CONFIG_JFS_POSIX_ACL=y
4458CONFIG_JFS_SECURITY=y
4459# CONFIG_JFS_DEBUG is not set
4460CONFIG_JFS_STATISTICS=y
4461CONFIG_XFS_FS=m
4462CONFIG_XFS_QUOTA=y
4463CONFIG_XFS_POSIX_ACL=y
4464CONFIG_XFS_RT=y
4465# CONFIG_XFS_DEBUG is not set
4466CONFIG_GFS2_FS=m
4467CONFIG_GFS2_FS_LOCKING_DLM=y
4468CONFIG_OCFS2_FS=m
4469CONFIG_OCFS2_FS_O2CB=m
4470CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m
4471CONFIG_OCFS2_FS_STATS=y
4472CONFIG_OCFS2_DEBUG_MASKLOG=y
4473# CONFIG_OCFS2_DEBUG_FS is not set
4474CONFIG_BTRFS_FS=m
4475CONFIG_BTRFS_FS_POSIX_ACL=y
4476CONFIG_NILFS2_FS=m
4477CONFIG_FS_POSIX_ACL=y
4478CONFIG_EXPORTFS=m
4479CONFIG_FILE_LOCKING=y
4480CONFIG_FSNOTIFY=y
4481# CONFIG_DNOTIFY is not set
4482CONFIG_INOTIFY_USER=y
4483# CONFIG_FANOTIFY is not set
4484CONFIG_QUOTA=y
4485CONFIG_QUOTA_NETLINK_INTERFACE=y
4486# CONFIG_PRINT_QUOTA_WARNING is not set
4487# CONFIG_QUOTA_DEBUG is not set
4488CONFIG_QUOTA_TREE=m
4489CONFIG_QFMT_V1=m
4490CONFIG_QFMT_V2=m
4491CONFIG_QUOTACTL=y
4492CONFIG_QUOTACTL_COMPAT=y
4493CONFIG_AUTOFS4_FS=m
4494CONFIG_FUSE_FS=m
4495# CONFIG_CUSE is not set
4496
4497#
4498# Caches
4499#
4500CONFIG_FSCACHE=m
4501CONFIG_FSCACHE_STATS=y
4502CONFIG_FSCACHE_HISTOGRAM=y
4503# CONFIG_FSCACHE_DEBUG is not set
4504# CONFIG_FSCACHE_OBJECT_LIST is not set
4505CONFIG_CACHEFILES=m
4506# CONFIG_CACHEFILES_DEBUG is not set
4507# CONFIG_CACHEFILES_HISTOGRAM is not set
4508
4509#
4510# CD-ROM/DVD Filesystems
4511#
4512CONFIG_ISO9660_FS=m
4513CONFIG_JOLIET=y
4514CONFIG_ZISOFS=y
4515CONFIG_UDF_FS=m
4516CONFIG_UDF_NLS=y
4517
4518#
4519# DOS/FAT/NT Filesystems
4520#
4521CONFIG_FAT_FS=m
4522CONFIG_MSDOS_FS=m
4523CONFIG_VFAT_FS=m
4524CONFIG_FAT_DEFAULT_CODEPAGE=437
4525CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
4526CONFIG_NTFS_FS=m
4527# CONFIG_NTFS_DEBUG is not set
4528CONFIG_NTFS_RW=y
4529
4530#
4531# Pseudo filesystems
4532#
4533CONFIG_PROC_FS=y
4534CONFIG_PROC_SYSCTL=y
4535CONFIG_SYSFS=y
4536CONFIG_TMPFS=y
4537# CONFIG_TMPFS_POSIX_ACL is not set
4538# CONFIG_HUGETLBFS is not set
4539# CONFIG_HUGETLB_PAGE is not set
4540CONFIG_CONFIGFS_FS=m
4541CONFIG_MISC_FILESYSTEMS=y
4542# CONFIG_ADFS_FS is not set
4543# CONFIG_AFFS_FS is not set
4544CONFIG_ECRYPT_FS=m
4545CONFIG_HFS_FS=m
4546CONFIG_HFSPLUS_FS=m
4547# CONFIG_BEFS_FS is not set
4548# CONFIG_BFS_FS is not set
4549CONFIG_EFS_FS=m
4550CONFIG_JFFS2_FS=m
4551CONFIG_JFFS2_FS_DEBUG=0
4552CONFIG_JFFS2_FS_WRITEBUFFER=y
4553# CONFIG_JFFS2_FS_WBUF_VERIFY is not set
4554CONFIG_JFFS2_SUMMARY=y
4555CONFIG_JFFS2_FS_XATTR=y
4556CONFIG_JFFS2_FS_POSIX_ACL=y
4557CONFIG_JFFS2_FS_SECURITY=y
4558CONFIG_JFFS2_COMPRESSION_OPTIONS=y
4559CONFIG_JFFS2_ZLIB=y
4560CONFIG_JFFS2_LZO=y
4561CONFIG_JFFS2_RTIME=y
4562CONFIG_JFFS2_RUBIN=y
4563# CONFIG_JFFS2_CMODE_NONE is not set
4564CONFIG_JFFS2_CMODE_PRIORITY=y
4565# CONFIG_JFFS2_CMODE_SIZE is not set
4566# CONFIG_JFFS2_CMODE_FAVOURLZO is not set
4567CONFIG_UBIFS_FS=m
4568# CONFIG_UBIFS_FS_XATTR is not set
4569# CONFIG_UBIFS_FS_ADVANCED_COMPR is not set
4570CONFIG_UBIFS_FS_LZO=y
4571CONFIG_UBIFS_FS_ZLIB=y
4572# CONFIG_UBIFS_FS_DEBUG is not set
4573CONFIG_LOGFS=m
4574CONFIG_CRAMFS=m
4575CONFIG_SQUASHFS=m
4576# CONFIG_SQUASHFS_XATTR is not set
4577# CONFIG_SQUASHFS_LZO is not set
4578CONFIG_SQUASHFS_XZ=y
4579# CONFIG_SQUASHFS_EMBEDDED is not set
4580CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
4581# CONFIG_VXFS_FS is not set
4582CONFIG_MINIX_FS=m
4583CONFIG_OMFS_FS=m
4584CONFIG_HPFS_FS=m
4585# CONFIG_QNX4FS_FS is not set
4586CONFIG_ROMFS_FS=m
4587CONFIG_ROMFS_BACKED_BY_BLOCK=y
4588# CONFIG_ROMFS_BACKED_BY_MTD is not set
4589# CONFIG_ROMFS_BACKED_BY_BOTH is not set
4590CONFIG_ROMFS_ON_BLOCK=y
4591CONFIG_SYSV_FS=m
4592CONFIG_UFS_FS=m
4593# CONFIG_UFS_FS_WRITE is not set
4594# CONFIG_UFS_DEBUG is not set
4595CONFIG_EXOFS_FS=m
4596# CONFIG_EXOFS_DEBUG is not set
4597CONFIG_NETWORK_FILESYSTEMS=y
4598CONFIG_NFS_FS=m
4599CONFIG_NFS_V3=y
4600# CONFIG_NFS_V3_ACL is not set
4601CONFIG_NFS_V4=y
4602# CONFIG_NFS_V4_1 is not set
4603# CONFIG_NFS_FSCACHE is not set
4604# CONFIG_NFS_USE_LEGACY_DNS is not set
4605CONFIG_NFS_USE_KERNEL_DNS=y
4606# CONFIG_NFS_USE_NEW_IDMAPPER is not set
4607CONFIG_NFSD=m
4608CONFIG_NFSD_DEPRECATED=y
4609CONFIG_NFSD_V3=y
4610# CONFIG_NFSD_V3_ACL is not set
4611CONFIG_NFSD_V4=y
4612CONFIG_LOCKD=m
4613CONFIG_LOCKD_V4=y
4614CONFIG_NFS_COMMON=y
4615CONFIG_SUNRPC=m
4616CONFIG_SUNRPC_GSS=m
4617CONFIG_SUNRPC_XPRT_RDMA=m
4618CONFIG_RPCSEC_GSS_KRB5=m
4619CONFIG_CEPH_FS=m
4620CONFIG_CIFS=m
4621# CONFIG_CIFS_STATS is not set
4622# CONFIG_CIFS_WEAK_PW_HASH is not set
4623# CONFIG_CIFS_UPCALL is not set
4624CONFIG_CIFS_XATTR=y
4625CONFIG_CIFS_POSIX=y
4626# CONFIG_CIFS_DEBUG2 is not set
4627CONFIG_CIFS_DFS_UPCALL=y
4628# CONFIG_CIFS_FSCACHE is not set
4629# CONFIG_CIFS_ACL is not set
4630CONFIG_CIFS_EXPERIMENTAL=y
4631# CONFIG_NCP_FS is not set
4632# CONFIG_CODA_FS is not set
4633# CONFIG_AFS_FS is not set
4634# CONFIG_9P_FS is not set
4635
4636#
4637# Partition Types
4638#
4639CONFIG_PARTITION_ADVANCED=y
4640# CONFIG_ACORN_PARTITION is not set
4641# CONFIG_OSF_PARTITION is not set
4642# CONFIG_AMIGA_PARTITION is not set
4643# CONFIG_ATARI_PARTITION is not set
4644# CONFIG_MAC_PARTITION is not set
4645CONFIG_MSDOS_PARTITION=y
4646# CONFIG_BSD_DISKLABEL is not set
4647# CONFIG_MINIX_SUBPARTITION is not set
4648# CONFIG_SOLARIS_X86_PARTITION is not set
4649# CONFIG_UNIXWARE_DISKLABEL is not set
4650# CONFIG_LDM_PARTITION is not set
4651# CONFIG_SGI_PARTITION is not set
4652# CONFIG_ULTRIX_PARTITION is not set
4653# CONFIG_SUN_PARTITION is not set
4654# CONFIG_KARMA_PARTITION is not set
4655CONFIG_EFI_PARTITION=y
4656# CONFIG_SYSV68_PARTITION is not set
4657CONFIG_NLS=m
4658CONFIG_NLS_DEFAULT="iso8859-1"
4659CONFIG_NLS_CODEPAGE_437=m
4660CONFIG_NLS_CODEPAGE_737=m
4661CONFIG_NLS_CODEPAGE_775=m
4662CONFIG_NLS_CODEPAGE_850=m
4663CONFIG_NLS_CODEPAGE_852=m
4664CONFIG_NLS_CODEPAGE_855=m
4665CONFIG_NLS_CODEPAGE_857=m
4666CONFIG_NLS_CODEPAGE_860=m
4667CONFIG_NLS_CODEPAGE_861=m
4668CONFIG_NLS_CODEPAGE_862=m
4669CONFIG_NLS_CODEPAGE_863=m
4670CONFIG_NLS_CODEPAGE_864=m
4671CONFIG_NLS_CODEPAGE_865=m
4672CONFIG_NLS_CODEPAGE_866=m
4673CONFIG_NLS_CODEPAGE_869=m
4674CONFIG_NLS_CODEPAGE_936=m
4675CONFIG_NLS_CODEPAGE_950=m
4676CONFIG_NLS_CODEPAGE_932=m
4677CONFIG_NLS_CODEPAGE_949=m
4678CONFIG_NLS_CODEPAGE_874=m
4679CONFIG_NLS_ISO8859_8=m
4680CONFIG_NLS_CODEPAGE_1250=m
4681CONFIG_NLS_CODEPAGE_1251=m
4682CONFIG_NLS_ASCII=m
4683CONFIG_NLS_ISO8859_1=m
4684CONFIG_NLS_ISO8859_2=m
4685CONFIG_NLS_ISO8859_3=m
4686CONFIG_NLS_ISO8859_4=m
4687CONFIG_NLS_ISO8859_5=m
4688CONFIG_NLS_ISO8859_6=m
4689CONFIG_NLS_ISO8859_7=m
4690CONFIG_NLS_ISO8859_9=m
4691CONFIG_NLS_ISO8859_13=m
4692CONFIG_NLS_ISO8859_14=m
4693CONFIG_NLS_ISO8859_15=m
4694CONFIG_NLS_KOI8_R=m
4695CONFIG_NLS_KOI8_U=m
4696CONFIG_NLS_UTF8=m
4697CONFIG_DLM=m
4698# CONFIG_DLM_DEBUG is not set
4699
4700#
4701# Kernel hacking
4702#
4703CONFIG_TRACE_IRQFLAGS_SUPPORT=y
4704CONFIG_PRINTK_TIME=y
4705CONFIG_ENABLE_WARN_DEPRECATED=y
4706# CONFIG_ENABLE_MUST_CHECK is not set
4707CONFIG_FRAME_WARN=1024
4708CONFIG_MAGIC_SYSRQ=y
4709# CONFIG_STRIP_ASM_SYMS is not set
4710# CONFIG_UNUSED_SYMBOLS is not set
4711CONFIG_DEBUG_FS=y
4712# CONFIG_HEADERS_CHECK is not set
4713# CONFIG_DEBUG_KERNEL is not set
4714# CONFIG_HARDLOCKUP_DETECTOR is not set
4715# CONFIG_SLUB_STATS is not set
4716CONFIG_BKL=y
4717# CONFIG_SPARSE_RCU_POINTER is not set
4718CONFIG_DEBUG_BUGVERBOSE=y
4719# CONFIG_DEBUG_MEMORY_INIT is not set
4720CONFIG_ARCH_WANT_FRAME_POINTERS=y
4721CONFIG_FRAME_POINTER=y
4722# CONFIG_RCU_CPU_STALL_DETECTOR is not set
4723# CONFIG_LKDTM is not set
4724CONFIG_SYSCTL_SYSCALL_CHECK=y
4725CONFIG_USER_STACKTRACE_SUPPORT=y
4726CONFIG_HAVE_FUNCTION_TRACER=y
4727CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
4728CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
4729CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
4730CONFIG_HAVE_DYNAMIC_FTRACE=y
4731CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
4732CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
4733CONFIG_HAVE_C_RECORDMCOUNT=y
4734CONFIG_RING_BUFFER=y
4735CONFIG_RING_BUFFER_ALLOW_SWAP=y
4736CONFIG_TRACING_SUPPORT=y
4737# CONFIG_FTRACE is not set
4738# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
4739# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set
4740# CONFIG_DYNAMIC_DEBUG is not set
4741# CONFIG_DMA_API_DEBUG is not set
4742# CONFIG_ATOMIC64_SELFTEST is not set
4743# CONFIG_ASYNC_RAID6_TEST is not set
4744# CONFIG_SAMPLES is not set
4745CONFIG_HAVE_ARCH_KGDB=y
4746CONFIG_HAVE_ARCH_KMEMCHECK=y
4747CONFIG_TEST_KSTRTOX=m
4748CONFIG_STRICT_DEVMEM=y
4749# CONFIG_X86_VERBOSE_BOOTUP is not set
4750# CONFIG_EARLY_PRINTK is not set
4751# CONFIG_IOMMU_STRESS is not set
4752CONFIG_HAVE_MMIOTRACE_SUPPORT=y
4753CONFIG_IO_DELAY_TYPE_0X80=0
4754CONFIG_IO_DELAY_TYPE_0XED=1
4755CONFIG_IO_DELAY_TYPE_UDELAY=2
4756CONFIG_IO_DELAY_TYPE_NONE=3
4757CONFIG_IO_DELAY_0X80=y
4758# CONFIG_IO_DELAY_0XED is not set
4759# CONFIG_IO_DELAY_UDELAY is not set
4760# CONFIG_IO_DELAY_NONE is not set
4761CONFIG_DEFAULT_IO_DELAY_TYPE=0
4762# CONFIG_OPTIMIZE_INLINING is not set
4763
4764#
4765# Security options
4766#
4767
4768#
4769# Grsecurity
4770#
4771CONFIG_GRKERNSEC=y
4772# CONFIG_GRKERNSEC_LOW is not set
4773# CONFIG_GRKERNSEC_MEDIUM is not set
4774# CONFIG_GRKERNSEC_HIGH is not set
4775CONFIG_GRKERNSEC_CUSTOM=y
4776
4777#
4778# Address Space Protection
4779#
4780CONFIG_GRKERNSEC_KMEM=y
4781# CONFIG_GRKERNSEC_IO is not set
4782CONFIG_GRKERNSEC_PROC_MEMMAP=y
4783# CONFIG_GRKERNSEC_BRUTE is not set
4784# CONFIG_GRKERNSEC_MODHARDEN is not set
4785# CONFIG_GRKERNSEC_HIDESYM is not set
4786# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
4787
4788#
4789# Role Based Access Control Options
4790#
4791# CONFIG_GRKERNSEC_NO_RBAC is not set
4792CONFIG_GRKERNSEC_ACL_HIDEKERN=y
4793CONFIG_GRKERNSEC_ACL_MAXTRIES=3
4794CONFIG_GRKERNSEC_ACL_TIMEOUT=30
4795
4796#
4797# Filesystem Protections
4798#
4799CONFIG_GRKERNSEC_PROC=y
4800# CONFIG_GRKERNSEC_PROC_USER is not set
4801CONFIG_GRKERNSEC_PROC_USERGROUP=y
4802CONFIG_GRKERNSEC_PROC_GID=30
4803CONFIG_GRKERNSEC_PROC_ADD=y
4804CONFIG_GRKERNSEC_LINK=y
4805CONFIG_GRKERNSEC_FIFO=y
4806CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
4807# CONFIG_GRKERNSEC_ROFS is not set
4808CONFIG_GRKERNSEC_CHROOT=y
4809CONFIG_GRKERNSEC_CHROOT_MOUNT=y
4810CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
4811CONFIG_GRKERNSEC_CHROOT_PIVOT=y
4812CONFIG_GRKERNSEC_CHROOT_CHDIR=y
4813CONFIG_GRKERNSEC_CHROOT_CHMOD=y
4814CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
4815CONFIG_GRKERNSEC_CHROOT_MKNOD=y
4816CONFIG_GRKERNSEC_CHROOT_SHMAT=y
4817CONFIG_GRKERNSEC_CHROOT_UNIX=y
4818CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
4819CONFIG_GRKERNSEC_CHROOT_NICE=y
4820CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
4821CONFIG_GRKERNSEC_CHROOT_CAPS=y
4822
4823#
4824# Kernel Auditing
4825#
4826# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
4827# CONFIG_GRKERNSEC_EXECLOG is not set
4828CONFIG_GRKERNSEC_RESLOG=y
4829# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
4830# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
4831# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
4832# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
4833CONFIG_GRKERNSEC_SIGNAL=y
4834CONFIG_GRKERNSEC_FORKFAIL=y
4835CONFIG_GRKERNSEC_TIME=y
4836CONFIG_GRKERNSEC_PROC_IPADDR=y
4837# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
4838# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
4839
4840#
4841# Executable Protections
4842#
4843CONFIG_GRKERNSEC_EXECVE=y
4844# CONFIG_GRKERNSEC_DMESG is not set
4845CONFIG_GRKERNSEC_HARDEN_PTRACE=y
4846# CONFIG_GRKERNSEC_TPE is not set
4847
4848#
4849# Network Protections
4850#
4851CONFIG_GRKERNSEC_RANDNET=y
4852# CONFIG_GRKERNSEC_BLACKHOLE is not set
4853# CONFIG_GRKERNSEC_SOCKET is not set
4854
4855#
4856# Sysctl support
4857#
4858CONFIG_GRKERNSEC_SYSCTL=y
4859CONFIG_GRKERNSEC_SYSCTL_ON=y
4860
4861#
4862# Logging Options
4863#
4864CONFIG_GRKERNSEC_FLOODTIME=10
4865CONFIG_GRKERNSEC_FLOODBURST=4
4866
4867#
4868# PaX
4869#
4870CONFIG_TASK_SIZE_MAX_SHIFT=47
4871CONFIG_PAX=y
4872
4873#
4874# PaX Control
4875#
4876CONFIG_PAX_SOFTMODE=y
4877# CONFIG_PAX_EI_PAX is not set
4878CONFIG_PAX_PT_PAX_FLAGS=y
4879# CONFIG_PAX_NO_ACL_FLAGS is not set
4880CONFIG_PAX_HAVE_ACL_FLAGS=y
4881# CONFIG_PAX_HOOK_ACL_FLAGS is not set
4882
4883#
4884# Non-executable pages
4885#
4886CONFIG_PAX_NOEXEC=y
4887CONFIG_PAX_PAGEEXEC=y
4888CONFIG_PAX_EMUTRAMP=y
4889CONFIG_PAX_MPROTECT=y
4890# CONFIG_PAX_MPROTECT_COMPAT is not set
4891# CONFIG_PAX_ELFRELOCS is not set
4892
4893#
4894# Address Space Layout Randomization
4895#
4896CONFIG_PAX_ASLR=y
4897# CONFIG_PAX_RANDKSTACK is not set
4898CONFIG_PAX_RANDUSTACK=y
4899CONFIG_PAX_RANDMMAP=y
4900
4901#
4902# Miscellaneous hardening features
4903#
4904# CONFIG_PAX_MEMORY_SANITIZE is not set
4905# CONFIG_PAX_MEMORY_STACKLEAK is not set
4906CONFIG_PAX_REFCOUNT=y
4907# CONFIG_PAX_USERCOPY is not set
4908CONFIG_KEYS=y
4909CONFIG_TRUSTED_KEYS=m
4910CONFIG_ENCRYPTED_KEYS=m
4911# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
4912# CONFIG_SECURITY_DMESG_RESTRICT is not set
4913CONFIG_SECURITY=y
4914CONFIG_SECURITYFS=y
4915# CONFIG_SECURITY_NETWORK is not set
4916# CONFIG_SECURITY_PATH is not set
4917# CONFIG_SECURITY_TOMOYO is not set
4918# CONFIG_SECURITY_APPARMOR is not set
4919# CONFIG_IMA is not set
4920CONFIG_DEFAULT_SECURITY_DAC=y
4921CONFIG_DEFAULT_SECURITY=""
4922CONFIG_XOR_BLOCKS=m
4923CONFIG_ASYNC_CORE=m
4924CONFIG_ASYNC_MEMCPY=m
4925CONFIG_ASYNC_XOR=m
4926CONFIG_ASYNC_PQ=m
4927CONFIG_ASYNC_RAID6_RECOV=m
4928CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y
4929CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y
4930CONFIG_CRYPTO=y
4931
4932#
4933# Crypto core or helper
4934#
4935CONFIG_CRYPTO_ALGAPI=y
4936CONFIG_CRYPTO_ALGAPI2=y
4937CONFIG_CRYPTO_AEAD=m
4938CONFIG_CRYPTO_AEAD2=y
4939CONFIG_CRYPTO_BLKCIPHER=m
4940CONFIG_CRYPTO_BLKCIPHER2=y
4941CONFIG_CRYPTO_HASH=y
4942CONFIG_CRYPTO_HASH2=y
4943CONFIG_CRYPTO_RNG=m
4944CONFIG_CRYPTO_RNG2=y
4945CONFIG_CRYPTO_PCOMP=m
4946CONFIG_CRYPTO_PCOMP2=y
4947CONFIG_CRYPTO_MANAGER=m
4948CONFIG_CRYPTO_MANAGER2=y
4949CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
4950CONFIG_CRYPTO_GF128MUL=m
4951CONFIG_CRYPTO_NULL=m
4952CONFIG_CRYPTO_PCRYPT=m
4953CONFIG_CRYPTO_WORKQUEUE=y
4954CONFIG_CRYPTO_CRYPTD=m
4955CONFIG_CRYPTO_AUTHENC=m
4956CONFIG_CRYPTO_TEST=m
4957
4958#
4959# Authenticated Encryption with Associated Data
4960#
4961CONFIG_CRYPTO_CCM=m
4962CONFIG_CRYPTO_GCM=m
4963CONFIG_CRYPTO_SEQIV=m
4964
4965#
4966# Block modes
4967#
4968CONFIG_CRYPTO_CBC=m
4969CONFIG_CRYPTO_CTR=m
4970CONFIG_CRYPTO_CTS=m
4971CONFIG_CRYPTO_ECB=m
4972CONFIG_CRYPTO_LRW=m
4973CONFIG_CRYPTO_PCBC=m
4974CONFIG_CRYPTO_XTS=m
4975CONFIG_CRYPTO_FPU=m
4976
4977#
4978# Hash modes
4979#
4980CONFIG_CRYPTO_HMAC=m
4981CONFIG_CRYPTO_XCBC=m
4982CONFIG_CRYPTO_VMAC=m
4983
4984#
4985# Digest
4986#
4987CONFIG_CRYPTO_CRC32C=m
4988CONFIG_CRYPTO_CRC32C_INTEL=m
4989CONFIG_CRYPTO_GHASH=m
4990CONFIG_CRYPTO_MD4=m
4991CONFIG_CRYPTO_MD5=y
4992CONFIG_CRYPTO_MICHAEL_MIC=m
4993CONFIG_CRYPTO_RMD128=m
4994CONFIG_CRYPTO_RMD160=m
4995CONFIG_CRYPTO_RMD256=m
4996CONFIG_CRYPTO_RMD320=m
4997CONFIG_CRYPTO_SHA1=m
4998CONFIG_CRYPTO_SHA256=y
4999CONFIG_CRYPTO_SHA512=m
5000CONFIG_CRYPTO_TGR192=m
5001CONFIG_CRYPTO_WP512=m
5002CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
5003
5004#
5005# Ciphers
5006#
5007CONFIG_CRYPTO_AES=m
5008CONFIG_CRYPTO_AES_X86_64=m
5009CONFIG_CRYPTO_AES_NI_INTEL=m
5010CONFIG_CRYPTO_ANUBIS=m
5011CONFIG_CRYPTO_ARC4=m
5012CONFIG_CRYPTO_BLOWFISH=m
5013CONFIG_CRYPTO_CAMELLIA=m
5014CONFIG_CRYPTO_CAST5=m
5015CONFIG_CRYPTO_CAST6=m
5016CONFIG_CRYPTO_DES=m
5017CONFIG_CRYPTO_FCRYPT=m
5018CONFIG_CRYPTO_KHAZAD=m
5019CONFIG_CRYPTO_SALSA20=m
5020CONFIG_CRYPTO_SALSA20_X86_64=m
5021CONFIG_CRYPTO_SEED=m
5022CONFIG_CRYPTO_SERPENT=m
5023CONFIG_CRYPTO_TEA=m
5024CONFIG_CRYPTO_TWOFISH=m
5025CONFIG_CRYPTO_TWOFISH_COMMON=m
5026CONFIG_CRYPTO_TWOFISH_X86_64=m
5027
5028#
5029# Compression
5030#
5031CONFIG_CRYPTO_DEFLATE=m
5032CONFIG_CRYPTO_ZLIB=m
5033CONFIG_CRYPTO_LZO=m
5034
5035#
5036# Random Number Generation
5037#
5038CONFIG_CRYPTO_ANSI_CPRNG=m
5039CONFIG_CRYPTO_USER_API=m
5040CONFIG_CRYPTO_USER_API_HASH=m
5041CONFIG_CRYPTO_USER_API_SKCIPHER=m
5042CONFIG_CRYPTO_HW=y
5043CONFIG_CRYPTO_DEV_PADLOCK=m
5044CONFIG_CRYPTO_DEV_PADLOCK_AES=m
5045CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
5046CONFIG_CRYPTO_DEV_HIFN_795X=m
5047CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
5048CONFIG_HAVE_KVM=y
5049CONFIG_HAVE_KVM_IRQCHIP=y
5050CONFIG_HAVE_KVM_EVENTFD=y
5051CONFIG_KVM_APIC_ARCHITECTURE=y
5052CONFIG_KVM_MMIO=y
5053CONFIG_KVM_ASYNC_PF=y
5054CONFIG_VIRTUALIZATION=y
5055CONFIG_KVM=m
5056CONFIG_KVM_INTEL=m
5057CONFIG_KVM_AMD=m
5058CONFIG_VHOST_NET=m
5059CONFIG_VIRTIO=m
5060CONFIG_VIRTIO_RING=m
5061CONFIG_VIRTIO_PCI=m
5062CONFIG_VIRTIO_BALLOON=m
5063# CONFIG_BINARY_PRINTF is not set
5064
5065#
5066# Library routines
5067#
5068CONFIG_RAID6_PQ=m
5069CONFIG_BITREVERSE=y
5070CONFIG_GENERIC_FIND_FIRST_BIT=y
5071CONFIG_GENERIC_FIND_NEXT_BIT=y
5072CONFIG_GENERIC_FIND_LAST_BIT=y
5073CONFIG_CRC_CCITT=m
5074CONFIG_CRC16=m
5075CONFIG_CRC_T10DIF=m
5076CONFIG_CRC_ITU_T=m
5077CONFIG_CRC32=y
5078CONFIG_CRC7=m
5079CONFIG_LIBCRC32C=m
5080CONFIG_ZLIB_INFLATE=y
5081CONFIG_ZLIB_DEFLATE=m
5082CONFIG_LZO_COMPRESS=m
5083CONFIG_LZO_DECOMPRESS=y
5084CONFIG_XZ_DEC=y
5085CONFIG_XZ_DEC_X86=y
5086CONFIG_XZ_DEC_POWERPC=y
5087CONFIG_XZ_DEC_IA64=y
5088CONFIG_XZ_DEC_ARM=y
5089CONFIG_XZ_DEC_ARMTHUMB=y
5090CONFIG_XZ_DEC_SPARC=y
5091CONFIG_XZ_DEC_BCJ=y
5092# CONFIG_XZ_DEC_TEST is not set
5093CONFIG_DECOMPRESS_GZIP=y
5094CONFIG_DECOMPRESS_BZIP2=y
5095CONFIG_DECOMPRESS_LZMA=y
5096CONFIG_DECOMPRESS_XZ=y
5097CONFIG_DECOMPRESS_LZO=y
5098CONFIG_GENERIC_ALLOCATOR=y
5099CONFIG_REED_SOLOMON=m
5100CONFIG_REED_SOLOMON_DEC16=y
5101CONFIG_TEXTSEARCH=y
5102CONFIG_TEXTSEARCH_KMP=m
5103CONFIG_TEXTSEARCH_BM=m
5104CONFIG_TEXTSEARCH_FSM=m
5105CONFIG_BTREE=y
5106CONFIG_HAS_IOMEM=y
5107CONFIG_HAS_IOPORT=y
5108CONFIG_HAS_DMA=y
5109CONFIG_CHECK_SIGNATURE=y
5110CONFIG_NLATTR=y
5111CONFIG_AVERAGE=y
diff --git a/testing/linux-grsec/net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch b/testing/linux-grsec/net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
deleted file mode 100644
index a9bff5dcfd..0000000000
--- a/testing/linux-grsec/net-gre-provide-multicast-mappings-for-ipv4-and-ipv6.patch
+++ /dev/null
@@ -1,98 +0,0 @@
1From: Timo Teräs <timo.teras@iki.fi>
2Date: Mon, 28 Mar 2011 22:40:53 +0000 (+0000)
3Subject: net: gre: provide multicast mappings for ipv4 and ipv6
4X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-2.6.git;a=commitdiff_plain;h=93ca3bb5df9bc8b2c60485e1cc6507c3d7c8e1fa
5
6net: gre: provide multicast mappings for ipv4 and ipv6
7
8My commit 6d55cb91a0020ac0 (gre: fix hard header destination
9address checking) broke multicast.
10
11The reason is that ip_gre used to get ipgre_header() calls with
12zero destination if we have NOARP or multicast destination. Instead
13the actual target was decided at ipgre_tunnel_xmit() time based on
14per-protocol dissection.
15
16Instead of allowing the "abuse" of ->header() calls with invalid
17destination, this creates multicast mappings for ip_gre. This also
18fixes "ip neigh show nud noarp" to display the proper multicast
19mappings used by the gre device.
20
21Reported-by: Doug Kehn <rdkehn@yahoo.com>
22Signed-off-by: Timo Teräs <timo.teras@iki.fi>
23Acked-by: Doug Kehn <rdkehn@yahoo.com>
24Signed-off-by: David S. Miller <davem@davemloft.net>
25---
26
27diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
28index 04977ee..fccc218 100644
29--- a/include/net/if_inet6.h
30+++ b/include/net/if_inet6.h
31@@ -286,5 +286,21 @@ static inline void ipv6_ib_mc_map(const struct in6_addr *addr,
32 buf[9] = broadcast[9];
33 memcpy(buf + 10, addr->s6_addr + 6, 10);
34 }
35+
36+static inline int ipv6_ipgre_mc_map(const struct in6_addr *addr,
37+ const unsigned char *broadcast, char *buf)
38+{
39+ if ((broadcast[0] | broadcast[1] | broadcast[2] | broadcast[3]) != 0) {
40+ memcpy(buf, broadcast, 4);
41+ } else {
42+ /* v4mapped? */
43+ if ((addr->s6_addr32[0] | addr->s6_addr32[1] |
44+ (addr->s6_addr32[2] ^ htonl(0x0000ffff))) != 0)
45+ return -EINVAL;
46+ memcpy(buf, &addr->s6_addr32[3], 4);
47+ }
48+ return 0;
49+}
50+
51 #endif
52 #endif
53diff --git a/include/net/ip.h b/include/net/ip.h
54index a4f6311..7c41658 100644
55--- a/include/net/ip.h
56+++ b/include/net/ip.h
57@@ -339,6 +339,14 @@ static inline void ip_ib_mc_map(__be32 naddr, const unsigned char *broadcast, ch
58 buf[16] = addr & 0x0f;
59 }
60
61+static inline void ip_ipgre_mc_map(__be32 naddr, const unsigned char *broadcast, char *buf)
62+{
63+ if ((broadcast[0] | broadcast[1] | broadcast[2] | broadcast[3]) != 0)
64+ memcpy(buf, broadcast, 4);
65+ else
66+ memcpy(buf, &naddr, sizeof(naddr));
67+}
68+
69 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
70 #include <linux/ipv6.h>
71 #endif
72diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
73index 090d273..1b74d3b 100644
74--- a/net/ipv4/arp.c
75+++ b/net/ipv4/arp.c
76@@ -215,6 +215,9 @@ int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
77 case ARPHRD_INFINIBAND:
78 ip_ib_mc_map(addr, dev->broadcast, haddr);
79 return 0;
80+ case ARPHRD_IPGRE:
81+ ip_ipgre_mc_map(addr, dev->broadcast, haddr);
82+ return 0;
83 default:
84 if (dir) {
85 memcpy(haddr, dev->broadcast, dev->addr_len);
86diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
87index 0e49c9d..92f952d 100644
88--- a/net/ipv6/ndisc.c
89+++ b/net/ipv6/ndisc.c
90@@ -341,6 +341,8 @@ int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int d
91 case ARPHRD_INFINIBAND:
92 ipv6_ib_mc_map(addr, dev->broadcast, buf);
93 return 0;
94+ case ARPHRD_IPGRE:
95+ return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
96 default:
97 if (dir) {
98 memcpy(buf, dev->broadcast, dev->addr_len);
© 2015 Mike Crute